wpa: Import wpa 2.10vendor/wpa/2.10

The long awaited wpa 2.10 is finally here.

817 files changed, 279 insertions, 358154 deletions

diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index b064303ced30..000000000000
--- a/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-*.pyc
-*~
-tests/hwsim/logs
-tests/remote/logs
-wpaspy/build
-**/parallel-vm.log
-tags
-build/
diff --git a/Android.mk b/Android.mk
deleted file mode 100644
index bd7a4097444b..000000000000
--- a/Android.mk
+++ /dev/null
@@ -1,10 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-ifneq ($(filter VER_0_8_X VER_2_1_DEVEL,$(WPA_SUPPLICANT_VERSION)),)
-# The order of the 2 Android.mks does matter!
-# TODO: Clean up the Android.mks, reset all the temporary variables at the
-# end of each Android.mk, so that one Android.mk doesn't depend on variables
-# set up in the other Android.mk.
-include $(LOCAL_PATH)/hostapd/Android.mk \
-        $(LOCAL_PATH)/wpa_supplicant/Android.mk
-endif
diff --git a/CONTRIBUTIONS b/CONTRIBUTIONS
index 1b4caf7ac811..b2064dc83443 100644
--- a/CONTRIBUTIONS
+++ b/CONTRIBUTIONS
@@ -143,7 +143,7 @@ The license terms used for hostap.git files
 
 Modified BSD license (no advertisement clause):
 
-Copyright (c) 2002-2021, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without
diff --git a/COPYING b/COPYING
index 5d0115c9ca6f..7ca30301e28b 100644
--- a/COPYING
+++ b/COPYING
@@ -1,7 +1,7 @@
 wpa_supplicant and hostapd
 --------------------------
 
-Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 
diff --git a/README b/README
index a9f806967bf9..1470c4f23582 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 wpa_supplicant and hostapd
 --------------------------
 
-Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 These programs are licensed under the BSD license (the one with
diff --git a/build_release b/build_release
deleted file mode 100755
index 3aa9bf31963a..000000000000
--- a/build_release
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ -z "$1" ]; then
-    echo "build_release <version>"
-    exit 1
-fi
-
-TMP=tmp.build_release
-RELDIR=`pwd`/Release
-VER=$1
-NOW=`date +%Y-%m-%d`
-
-echo "Version: $VER - $NOW"
-
-DATEw=`head -n 3 wpa_supplicant/ChangeLog | tail -n 1 | sed "s/ .*//"`
-DATEh=`head -n 3 hostapd/ChangeLog | tail -n 1 | sed "s/ .*//"`
-
-if [ "$DATEw" != "$NOW" -o "$DATEh" != "$NOW" ]; then
-    echo "NOTE! Date mismatch in ChangeLog: wpa_supplicant $DATEw hostapd $DATEh != $NOW"
-fi
-
-if [ -r $TMP ]; then
-    echo "Temporary directory '$TMP' exists. Remove it before running this."
-    exit 1
-fi
-
-mkdir $TMP
-mkdir -p $RELDIR
-
-git archive --format=tar --prefix=wpa-$VER/ HEAD \
-	README COPYING CONTRIBUTIONS src wpa_supplicant hostapd hs20 |
-	gzip > $RELDIR/wpa-$VER.tar.gz
-git archive --format=tar --prefix=hostapd-$VER/ HEAD \
-	README COPYING CONTRIBUTIONS src hostapd |
-	gzip > $RELDIR/hostapd-$VER.tar.gz
-git archive --format=tar --prefix=wpa_supplicant-$VER/ HEAD \
-	README COPYING CONTRIBUTIONS src wpa_supplicant hs20/client |
-	tar --directory=$TMP -xf -
-
-cd $TMP
-make -C wpa_supplicant-$VER/wpa_supplicant/doc/docbook man
-rm -f wpa_supplicant-$VER/wpa_supplicant/doc/docbook/manpage.{links,refs}
-tar czf $RELDIR/wpa_supplicant-$VER.tar.gz wpa_supplicant-$VER
-cd ..
-rm -r $TMP
diff --git a/doc/.gitignore b/doc/.gitignore
deleted file mode 100644
index 28c3fe4e99c3..000000000000
--- a/doc/.gitignore
+++ /dev/null
@@ -1,14 +0,0 @@
-doxygen.warnings
-hostapd.eps
-hostapd.png
-html
-latex
-p2p_arch.eps
-p2p_arch.png
-p2p_arch2.eps
-p2p_arch2.png
-p2p_sm.eps
-p2p_sm.png
-wpa_supplicant.eps
-wpa_supplicant.png
-wpa_supplicant-devel.pdf
diff --git a/doc/Makefile b/doc/Makefile
deleted file mode 100644
index 62af04a74f1f..000000000000
--- a/doc/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
-all: docs
-
-%.eps: %.fig
-	fig2dev -L eps $*.fig $*.eps
-
-%.png: %.fig
-	fig2dev -L png -m 3 $*.fig | pngtopnm | pnmscale 0.4 | pnmtopng \
-		> $*.png
-
-%.png: %.dot
-	dot $*.dot -Tpng -o $*.png
-
-%.eps: %.dot
-	dot $*.dot -Tps -o $*.eps
-
-_wpa_supplicant.png: wpa_supplicant.png
-	cp $< $@
-
-_wpa_supplicant.eps: wpa_supplicant.eps
-	cp $< $@
-
-docs-pics: wpa_supplicant.png wpa_supplicant.eps hostapd.png hostapd.eps p2p_sm.png p2p_sm.eps p2p_arch.png p2p_arch.eps p2p_arch2.png p2p_arch2.eps _wpa_supplicant.png _wpa_supplicant.eps
-
-docs: docs-pics
-	(cd ..; doxygen doc/doxygen.conf; cd doc)
-	$(MAKE) -C latex
-	cp latex/refman.pdf wpa_supplicant-devel.pdf
-
-html: docs-pics
-	(cd ..; doxygen doc/doxygen.conf; cd doc)
-
-clean:
-	rm -f *~
-	rm -f wpa_supplicant.eps wpa_supplicant.png
-	rm -f _wpa_supplicant.png _wpa_supplicant.eps
-	rm -f hostapd.eps hostapd.png
-	rm -f p2p_sm.eps p2p_sm.png
-	rm -f p2p_arch.eps p2p_arch.png
-	rm -f p2p_arch2.eps p2p_arch2.png
-	rm -f doxygen.warnings
-	rm -rf html latex
-	rm -f wpa_supplicant-devel.pdf
diff --git a/doc/code_structure.doxygen b/doc/code_structure.doxygen
deleted file mode 100644
index 927ea4e85d7a..000000000000
--- a/doc/code_structure.doxygen
+++ /dev/null
@@ -1,315 +0,0 @@
-/**
-\page code_structure Structure of the source code
-
-[ \ref _wpa_supplicant_core "wpa_supplicant core functionality" |
-\ref generic_helper_func "Generic helper functions" |
-\ref crypto_func "Cryptographic functions" |
-\ref tls_func "TLS library" |
-\ref configuration "Configuration" |
-\ref ctrl_iface "Control interface" |
-\ref wpa_code "WPA supplicant" |
-\ref eap_peer "EAP peer" |
-\ref eapol_supp "EAPOL supplicant" |
-\ref win_port "Windows port" |
-\ref test_programs "Test programs" ]
-
-wpa_supplicant implementation is divided into number of independent
-modules. Core code includes functionality for controlling the network
-selection, association, and configuration. Independent modules include
-WPA code (key handshake, PMKSA caching, pre-authentication), EAPOL
-state machine, and EAP state machine and methods. In addition, there
-are number of separate files for generic helper functions.
-
-Both WPA and EAPOL/EAP state machines can be used separately in other
-programs than wpa_supplicant. As an example, the included test
-programs eapol_test and preauth_test are using these modules.
-
-\ref driver_wrapper "Driver interface API" is defined in \ref driver.h and
-all hardware/driver dependent functionality is implemented in
-driver_*.c.
-
-
-\section _wpa_supplicant_core wpa_supplicant core functionality
-
-\ref wpa_supplicant.c
-	Program initialization, main control loop
-
-\ref wpa_supplicant/main.c
-	main() for UNIX-like operating systems and MinGW (Windows); this
-	uses command line arguments to configure wpa_supplicant
-
-\ref events.c
-	Driver event processing; \ref wpa_supplicant_event() and related functions
-
-\ref wpa_supplicant_i.h
-	Internal definitions for wpa_supplicant core; should not be
-	included into independent modules
-
-
-\section generic_helper_func Generic helper functions
-
-wpa_supplicant uses generic helper functions some of which are shared
-with with hostapd. The following C files are currently used:
-
-\ref eloop.c and \ref eloop.h
-	Event loop (select() loop with registerable timeouts, socket read
-	callbacks, and signal callbacks)
-
-\ref common.c and \ref common.h
-	Common helper functions
-
-\ref defs.h
-	Definitions shared by multiple files
-
-\ref l2_packet.h, \ref l2_packet_linux.c, and \ref l2_packet_pcap.c
-	Layer 2 (link) access wrapper (includes Linux packet socket
-	and wrappers for libdnet/libpcap). A new l2_packet implementation
-	may need to be added when porting to new operating systems that are
-	not supported by libdnet/libpcap. Makefile can be used to select which
-	l2_packet implementation is included. \ref l2_packet_linux.c uses Linux
-	packet sockets and \ref l2_packet_pcap.c has a more portable version using
-	libpcap and libdnet.
-
-\ref pcsc_funcs.c and \ref pcsc_funcs.h
-	Wrapper for PC/SC lite SIM and smart card readers
-
-\ref priv_netlink.h
-	Private version of netlink definitions from Linux kernel header files;
-	this could be replaced with C library header file once suitable
-	version becomes commonly available
-
-\ref version.h
-	Version number definitions
-
-
-\section crypto_func Cryptographic functions
-
-\ref md5.c and \ref md5.h
-	MD5 (replaced with a crypto library if TLS support is included)
-	HMAC-MD5 (keyed checksum for message authenticity validation)
-
-\ref rc4.c and \ref rc4.h
-	RC4 (broadcast/default key encryption)
-
-\ref sha1.c and \ref sha1.h
-	SHA-1 (replaced with a crypto library if TLS support is included)
-	HMAC-SHA-1 (keyed checksum for message authenticity validation)
-	PRF-SHA-1 (pseudorandom (key/nonce generation) function)
-	PBKDF2-SHA-1 (ASCII passphrase to shared secret)
-	T-PRF (for EAP-FAST)
-	TLS-PRF (RFC 2246)
-
-\ref sha256.c and \ref sha256.h
-	SHA-256 (replaced with a crypto library if TLS support is included)
-
-\ref aes-wrap.c, \ref aes_wrap.h, \ref aes.c
-	AES (replaced with a crypto library if TLS support is included),
-	AES Key Wrap Algorithm with 128-bit KEK, RFC3394 (broadcast/default
-	key encryption),
-	One-Key CBC MAC (OMAC1) hash with AES-128,
-	AES-128 CTR mode encryption,
-	AES-128 EAX mode encryption/decryption,
-	AES-128 CBC
-
-\ref crypto.h
-	Definition of crypto library wrapper
-
-\ref crypto_openssl.c
-	Wrapper functions for libcrypto (OpenSSL)
-
-\ref crypto_internal.c
-	Wrapper functions for internal crypto implementation
-
-\ref crypto_gnutls.c
-	Wrapper functions for libgcrypt (used by GnuTLS)
-
-\ref ms_funcs.c and \ref ms_funcs.h
-	Helper functions for MSCHAPV2 and LEAP
-
-\ref tls.h
-	Definition of TLS library wrapper
-
-\ref tls_none.c
-	Stub implementation of TLS library wrapper for cases where TLS
-	functionality is not included.
-
-\ref tls_openssl.c
-	TLS library wrapper for openssl
-
-\ref tls_internal.c
-	TLS library for internal TLS implementation
-
-\ref tls_gnutls.c
-	TLS library wrapper for GnuTLS
-
-
-\section tls_func TLS library
-
-\ref asn1.c and \ref asn1.h
-	ASN.1 DER parsing
-
-\ref bignum.c and \ref bignum.h
-	Big number math
-
-\ref rsa.c and \ref rsa.h
-	RSA
-
-\ref x509v3.c and \ref x509v3.h
-	X.509v3 certificate parsing and processing
-
-\ref tlsv1_client.c, \ref tlsv1_client.h
-	TLSv1 client (RFC 2246)
-
-\ref tlsv1_client_i.h
-	Internal structures for TLSv1 client
-
-\ref tlsv1_client_read.c
-	TLSv1 client: read handshake messages
-
-\ref tlsv1_client_write.c
-	TLSv1 client: write handshake messages
-
-\ref tlsv1_common.c and \ref tlsv1_common.h
-	Common TLSv1 routines and definitions
-
-\ref tlsv1_cred.c and \ref tlsv1_cred.h
-	TLSv1 credentials
-
-\ref tlsv1_record.c and \ref tlsv1_record.h
-	TLSv1 record protocol
-
-
-\section configuration Configuration
-
-\ref config_ssid.h
-	Definition of per network configuration items
-
-\ref config.h
-	Definition of the wpa_supplicant configuration
-
-\ref config.c
-	Configuration parser and common functions
-
-\ref wpa_supplicant/config_file.c
-	Configuration backend for text files (e.g., wpa_supplicant.conf)
-
-\ref config_winreg.c
-	Configuration backend for Windows registry
-
-
-\section ctrl_iface Control interface
-
-wpa_supplicant has a \ref ctrl_iface_page "control interface"
-that can be used to get status
-information and manage operations from external programs. An example
-command line interface (wpa_cli) and GUI (wpa_gui) for this interface
-are included in the wpa_supplicant distribution.
-
-\ref wpa_supplicant/ctrl_iface.c and \ref wpa_supplicant/ctrl_iface.h
-	wpa_supplicant-side of the control interface
-
-\ref ctrl_iface_unix.c
-	UNIX domain sockets -based control interface backend
-
-\ref ctrl_iface_udp.c
-	UDP sockets -based control interface backend
-
-\ref ctrl_iface_named_pipe.c
-	Windows named pipes -based control interface backend
-
-\ref wpa_ctrl.c and \ref wpa_ctrl.h
-	Library functions for external programs to provide access to the
-	wpa_supplicant control interface
-
-\ref wpa_cli.c
-	Example program for using wpa_supplicant control interface
-
-
-\section wpa_code WPA supplicant
-
-\ref wpa.c and \ref wpa.h
-	WPA state machine and 4-Way/Group Key Handshake processing
-
-\ref preauth.c and \ref preauth.h
-	PMKSA caching and pre-authentication (RSN/WPA2)
-
-\ref wpa_i.h
-	Internal definitions for WPA code; not to be included to other modules.
-
-\section eap_peer EAP peer
-
-\ref eap_peer_module "EAP peer implementation" is a separate module that
-can be used by other programs than just wpa_supplicant.
-
-\ref eap.c and \ref eap.h
-	EAP state machine and method interface
-
-\ref eap_defs.h
-	Common EAP definitions
-
-\ref eap_i.h
-	Internal definitions for EAP state machine and EAP methods; not to be
-	included in other modules
-
-\ref eap_sim_common.c and \ref eap_sim_common.h
-	Common code for EAP-SIM and EAP-AKA
-
-\ref eap_tls_common.c and \ref eap_tls_common.h
-	Common code for EAP-PEAP, EAP-TTLS, and EAP-FAST
-
-\ref eap_ttls.c and \ref eap_ttls.h
-	EAP-TTLS
-
-\ref eap_pax.c, \ref eap_pax_common.h, \ref eap_pax_common.c
-	EAP-PAX
-
-\ref eap_psk.c, \ref eap_psk_common.h, \ref eap_psk_common.c
-	EAP-PSK (note: this is not needed for WPA-PSK)
-
-\ref eap_sake.c, \ref eap_sake_common.h, \ref eap_sake_common.c
-	EAP-SAKE
-
-\ref eap_gpsk.c, \ref eap_gpsk_common.h, \ref eap_gpsk_common.c
-	EAP-GPSK
-
-\ref eap_aka.c, \ref eap_fast.c, \ref eap_gtc.c, \ref eap_leap.c,
-\ref eap_md5.c, \ref eap_mschapv2.c, \ref eap_otp.c, \ref eap_peap.c,
-\ref eap_sim.c, \ref eap_tls.c
-	Other EAP method implementations
-
-
-\section eapol_supp EAPOL supplicant
-
-\ref eapol_supp_sm.c and \ref eapol_supp_sm.h
-	EAPOL supplicant state machine and IEEE 802.1X processing
-
-
-\section win_port Windows port
-
-\ref ndis_events.c
-	Code for receiving NdisMIndicateStatus() events and delivering them to
-	wpa_supplicant \ref driver_ndis.c in more easier to use form
-
-\ref win_if_list.c
-	External program for listing current network interface
-
-
-\section test_programs Test programs
-
-\ref radius_client.c and \ref radius_client.h
-	RADIUS authentication client implementation for eapol_test
-
-\ref radius.c and \ref radius.h
-	RADIUS message processing for eapol_test
-
-\ref eapol_test.c
-	Standalone EAP testing tool with integrated RADIUS authentication
-	client
-
-\ref preauth_test.c
-	Standalone RSN pre-authentication tool
-
-\ref wpa_passphrase.c
-	WPA ASCII passphrase to PSK conversion
-
-*/
diff --git a/doc/ctrl_iface.doxygen b/doc/ctrl_iface.doxygen
deleted file mode 100644
index 7dccdc797ef3..000000000000
--- a/doc/ctrl_iface.doxygen
+++ /dev/null
@@ -1,1054 +0,0 @@
-/**
-\page ctrl_iface_page wpa_supplicant control interface
-
-wpa_supplicant implements a control interface that can be used by
-external programs to control the operations of the wpa_supplicant
-daemon and to get status information and event notifications. There is
-a small C library, in a form of a single C file, \ref wpa_ctrl.c, that
-provides helper functions to facilitate the use of the control
-interface. External programs can link this file into them and then use
-the library functions documented in \ref wpa_ctrl.h to interact with
-wpa_supplicant. This library can also be used with C++. \ref wpa_cli.c and
-wpa_gui are example programs using this library.
-
-There are multiple mechanisms for inter-process communication. For
-example, Linux version of wpa_supplicant is using UNIX domain sockets
-for the control interface and Windows version UDP sockets. The use of
-the functions defined in \ref wpa_ctrl.h can be used to hide the details of
-the used IPC from external programs.
-
-
-\section using_ctrl_iface Using the control interface
-
-External programs, e.g., a GUI or a configuration utility, that need to
-communicate with wpa_supplicant should link in \ref wpa_ctrl.c. This
-allows them to use helper functions to open connection to the control
-interface with \ref wpa_ctrl_open() and to send commands with
-\ref wpa_ctrl_request().
-
-wpa_supplicant uses the control interface for two types of communication:
-commands and unsolicited event messages. Commands are a pair of
-messages, a request from the external program and a response from
-wpa_supplicant. These can be executed using \ref wpa_ctrl_request().
-Unsolicited event messages are sent by wpa_supplicant to the control
-interface connection without specific request from the external program
-for receiving each message. However, the external program needs to
-attach to the control interface with \ref wpa_ctrl_attach() to receive these
-unsolicited messages.
-
-If the control interface connection is used both for commands and
-unsolicited event messages, there is potential for receiving an
-unsolicited message between the command request and response.
-\ref wpa_ctrl_request() caller will need to supply a callback, msg_cb,
-for processing these messages. Often it is easier to open two
-control interface connections by calling \ref wpa_ctrl_open() twice and
-then use one of the connections for commands and the other one for
-unsolicited messages. This way command request/response pairs will
-not be broken by unsolicited messages. wpa_cli is an example of how
-to use only one connection for both purposes and wpa_gui demonstrates
-how to use two separate connections.
-
-Once the control interface connection is not needed anymore, it should
-be closed by calling \ref wpa_ctrl_close(). If the connection was used for
-unsolicited event messages, it should be first detached by calling
-\ref wpa_ctrl_detach().
-
-
-\section ctrl_iface_cmds Control interface commands
-
-Following commands can be used with \ref wpa_ctrl_request():
-
-\subsection ctrl_iface_PING PING
-
-This command can be used to test whether wpa_supplicant is replying
-to the control interface commands. The expected reply is \c PONG if the
-connection is open and wpa_supplicant is processing commands.
-
-
-\subsection ctrl_iface_MIB MIB
-
-Request a list of MIB variables (dot1x, dot11). The output is a text
-block with each line in \c variable=value format. For example:
-
-\verbatim
-dot11RSNAOptionImplemented=TRUE
-dot11RSNAPreauthenticationImplemented=TRUE
-dot11RSNAEnabled=FALSE
-dot11RSNAPreauthenticationEnabled=FALSE
-dot11RSNAConfigVersion=1
-dot11RSNAConfigPairwiseKeysSupported=5
-dot11RSNAConfigGroupCipherSize=128
-dot11RSNAConfigPMKLifetime=43200
-dot11RSNAConfigPMKReauthThreshold=70
-dot11RSNAConfigNumberOfPTKSAReplayCounters=1
-dot11RSNAConfigSATimeout=60
-dot11RSNAAuthenticationSuiteSelected=00-50-f2-2
-dot11RSNAPairwiseCipherSelected=00-50-f2-4
-dot11RSNAGroupCipherSelected=00-50-f2-4
-dot11RSNAPMKIDUsed=
-dot11RSNAAuthenticationSuiteRequested=00-50-f2-2
-dot11RSNAPairwiseCipherRequested=00-50-f2-4
-dot11RSNAGroupCipherRequested=00-50-f2-4
-dot11RSNAConfigNumberOfGTKSAReplayCounters=0
-dot11RSNA4WayHandshakeFailures=0
-dot1xSuppPaeState=5
-dot1xSuppHeldPeriod=60
-dot1xSuppAuthPeriod=30
-dot1xSuppStartPeriod=30
-dot1xSuppMaxStart=3
-dot1xSuppSuppControlledPortStatus=Authorized
-dot1xSuppBackendPaeState=2
-dot1xSuppEapolFramesRx=0
-dot1xSuppEapolFramesTx=440
-dot1xSuppEapolStartFramesTx=2
-dot1xSuppEapolLogoffFramesTx=0
-dot1xSuppEapolRespFramesTx=0
-dot1xSuppEapolReqIdFramesRx=0
-dot1xSuppEapolReqFramesRx=0
-dot1xSuppInvalidEapolFramesRx=0
-dot1xSuppEapLengthErrorFramesRx=0
-dot1xSuppLastEapolFrameVersion=0
-dot1xSuppLastEapolFrameSource=00:00:00:00:00:00
-\endverbatim
-
-
-\subsection ctrl_iface_STATUS STATUS
-
-Request current WPA/EAPOL/EAP status information. The output is a text
-block with each line in \c variable=value format. For example:
-
-\verbatim
-bssid=02:00:01:02:03:04
-ssid=test network
-pairwise_cipher=CCMP
-group_cipher=CCMP
-key_mgmt=WPA-PSK
-wpa_state=COMPLETED
-ip_address=192.168.1.21
-Supplicant PAE state=AUTHENTICATED
-suppPortStatus=Authorized
-EAP state=SUCCESS
-\endverbatim
-
-
-\subsection ctrl_iface_STATUS-VERBOSE STATUS-VERBOSE
-
-Same as STATUS, but with more verbosity (i.e., more \c variable=value pairs).
-
-\verbatim
-bssid=02:00:01:02:03:04
-ssid=test network
-id=0
-pairwise_cipher=CCMP
-group_cipher=CCMP
-key_mgmt=WPA-PSK
-wpa_state=COMPLETED
-ip_address=192.168.1.21
-Supplicant PAE state=AUTHENTICATED
-suppPortStatus=Authorized
-heldPeriod=60
-authPeriod=30
-startPeriod=30
-maxStart=3
-portControl=Auto
-Supplicant Backend state=IDLE
-EAP state=SUCCESS
-reqMethod=0
-methodState=NONE
-decision=COND_SUCC
-ClientTimeout=60
-\endverbatim
-
-
-\subsection ctrl_iface_PMKSA PMKSA
-
-Show PMKSA cache
-
-\verbatim
-Index / AA / PMKID / expiration (in seconds) / opportunistic
-1 / 02:00:01:02:03:04 / 000102030405060708090a0b0c0d0e0f / 41362 / 0
-2 / 02:00:01:33:55:77 / 928389281928383b34afb34ba4212345 / 362 / 1
-\endverbatim
-
-
-\subsection ctrl_iface_SET SET <variable> <value>
-
-Set variables:
-- EAPOL::heldPeriod
-- EAPOL::authPeriod
-- EAPOL::startPeriod
-- EAPOL::maxStart
-- dot11RSNAConfigPMKLifetime
-- dot11RSNAConfigPMKReauthThreshold
-- dot11RSNAConfigSATimeout
-
-Example command:
-\verbatim
-SET EAPOL::heldPeriod 45
-\endverbatim
-
-
-\subsection ctrl_iface_LOGON LOGON
-
-IEEE 802.1X EAPOL state machine logon.
-
-
-\subsection ctrl_iface_LOGOFF LOGOFF
-
-IEEE 802.1X EAPOL state machine logoff.
-
-
-\subsection ctrl_iface_REASSOCIATE REASSOCIATE
-
-Force reassociation.
-
-
-\subsection ctrl_iface_RECONNECT RECONNECT
-
-Connect if disconnected (i.e., like \c REASSOCIATE, but only connect
-if in disconnected state).
-
-
-\subsection ctrl_iface_PREAUTH PREAUTH <BSSID>
-
-Start pre-authentication with the given BSSID.
-
-
-\subsection ctrl_iface_ATTACH ATTACH
-
-Attach the connection as a monitor for unsolicited events. This can
-be done with \ref wpa_ctrl_attach().
-
-
-\subsection ctrl_iface_DETACH DETACH
-
-Detach the connection as a monitor for unsolicited events. This can
-be done with \ref wpa_ctrl_detach().
-
-
-\subsection ctrl_iface_LEVEL LEVEL <debug level>
-
-Change debug level.
-
-
-\subsection ctrl_iface_RECONFIGURE RECONFIGURE
-
-Force wpa_supplicant to re-read its configuration data.
-
-
-\subsection ctrl_iface_TERMINATE TERMINATE
-
-Terminate wpa_supplicant process.
-
-
-\subsection ctrl_iface_BSSID BSSID <network id> <BSSID>
-
-Set preferred BSSID for a network. Network id can be received from the
-\c LIST_NETWORKS command output.
-
-
-\subsection ctrl_iface_LIST_NETWORKS LIST_NETWORKS
-
-List configured networks.
-
-\verbatim
-network id / ssid / bssid / flags
-0	example network	any	[CURRENT]
-\endverbatim
-
-(note: fields are separated with tabs)
-
-
-\subsection ctrl_iface_DISCONNECT DISCONNECT
-
-Disconnect and wait for \c REASSOCIATE or \c RECONNECT command before
-connecting.
-
-
-\subsection ctrl_iface_SCAN SCAN
-
-Request a new BSS scan.
-
-
-\subsection ctrl_iface_SCAN_RESULTS SCAN_RESULTS
-
-Get the latest scan results.
-
-\verbatim
-bssid / frequency / signal level / flags / ssid
-00:09:5b:95:e0:4e	2412	208	[WPA-PSK-CCMP]	jkm private
-02:55:24:33:77:a3	2462	187	[WPA-PSK-TKIP]	testing
-00:09:5b:95:e0:4f	2412	209		jkm guest
-\endverbatim
-
-(note: fields are separated with tabs)
-
-
-\subsection ctrl_iface_BSS BSS
-
-Get detailed per-BSS scan results. \c BSS command can be used to
-iterate through scan results one BSS at a time and to fetch all
-information from the found BSSes. This provides access to the same
-data that is available through \c SCAN_RESULTS but in a way that
-avoids problems with large number of scan results not fitting in the
-ctrl_iface messages.
-
-There are two options for selecting the BSS with the \c BSS command:
-"BSS <idx>" requests information for the BSS identified by the index
-(0 .. size-1) in the scan results table and "BSS <BSSID>" requests
-information for the given BSS (based on BSSID in 00:01:02:03:04:05
-format).
-
-BSS information is presented in following format. Please note that new
-fields may be added to this field=value data, so the ctrl_iface user
-should be prepared to ignore values it does not understand.
-
-\verbatim
-bssid=00:09:5b:95:e0:4e
-freq=2412
-beacon_int=0
-capabilities=0x0011
-qual=51
-noise=161
-level=212
-tsf=0000000000000000
-ie=000b6a6b6d2070726976617465010180dd180050f20101000050f20401000050f20401000050f2020000
-ssid=jkm private
-\endverbatim
-
-
-
-\subsection ctrl_iface_SELECT_NETWORK SELECT_NETWORK <network id>
-
-Select a network (disable others). Network id can be received from the
-\c LIST_NETWORKS command output.
-
-
-\subsection ctrl_iface_ENABLE_NETWORK ENABLE_NETWORK <network id>
-
-Enable a network. Network id can be received from the
-\c LIST_NETWORKS command output. Special network id \c all can be
-used to enable all network.
-
-
-\subsection ctrl_iface_DISABLE_NETWORK DISABLE_NETWORK <network id>
-
-Disable a network. Network id can be received from the
-\c LIST_NETWORKS command output. Special network id \c all can be
-used to disable all network.
-
-
-\subsection ctrl_iface_ADD_NETWORK ADD_NETWORK
-
-Add a new network. This command creates a new network with empty
-configuration. The new network is disabled and once it has been
-configured it can be enabled with \c ENABLE_NETWORK command. \c ADD_NETWORK
-returns the network id of the new network or FAIL on failure.
-
-
-\subsection ctrl_iface_REMOVE_NETWORK REMOVE_NETWORK <network id>
-
-Remove a network. Network id can be received from the
-\c LIST_NETWORKS command output. Special network id \c all can be
-used to remove all network.
-
-
-\subsection ctrl_iface_SET_NETWORK SET_NETWORK <network id> <variable> <value>
-
-Set network variables. Network id can be received from the
-\c LIST_NETWORKS command output.
-
-This command uses the same variables and data formats as the
-configuration file. See example wpa_supplicant.conf for more details.
-
-- ssid (network name, SSID)
-- psk (WPA passphrase or pre-shared key)
-- key_mgmt (key management protocol)
-- identity (EAP identity)
-- password (EAP password)
-- ...
-
-
-\subsection ctrl_iface_GET_NETWORK GET_NETWORK <network id> <variable>
-
-Get network variables. Network id can be received from the
-\c LIST_NETWORKS command output.
-
-
-\subsection ctrl_iface_SAVE_CONFIG SAVE_CONFIG
-
-Save the current configuration.
-
-
-\subsection ctrl_iface_P2P_FIND P2P_FIND
-
-Start P2P device discovery. Optional parameter can be used to specify
-the duration for the discovery in seconds (e.g., "P2P_FIND 5"). If the
-duration is not specified, discovery will be started for indefinite
-time, i.e., until it is terminated by P2P_STOP_FIND or P2P_CONNECT (to
-start group formation with a discovered peer).
-
-The default search type is to first run a full scan of all channels
-and then continue scanning only social channels (1, 6, 11). This
-behavior can be changed by specifying a different search type: social
-(e.g., "P2P_FIND 5 type=social") will skip the initial full scan and
-only search social channels; progressive (e.g., "P2P_FIND
-type=progressive") starts with a full scan and then searches
-progressively through all channels one channel at the time with the
-social channel scans. Progressive device discovery can be used to find
-new groups (and groups that were not found during the initial scan,
-e.g., due to the GO being asleep) over time without adding
-considerable extra delay for every Search state round.
-
-
-\subsection ctrl_iface_P2P_STOP_FIND P2P_STOP_FIND
-
-Stop ongoing P2P device discovery or other operation (connect, listen
-mode).
-
-
-\subsection ctrl_iface_P2P_CONNECT P2P_CONNECT
-
-Start P2P group formation with a discovered P2P peer. This includes
-group owner negotiation, group interface setup, provisioning, and
-establishing data connection.
-
-P2P_CONNECT <peer device address> <pbc|pin|PIN#>
-[label|display|keypad] [persistent] [join|auth] [go_intent=<0..15>]
-
-Start P2P group formation with a discovered P2P peer. This includes
-optional group owner negotiation, group interface setup, provisioning,
-and establishing data connection.
-
-The <pbc|pin|PIN#> parameter specifies the WPS provisioning
-method. "pbc" string starts pushbutton method, "pin" string start PIN
-method using an automatically generated PIN (which will be returned as
-the command return code), PIN# means that a pre-selected PIN can be
-used (e.g., 12345670). [label|display|keypad] is used with PIN method
-to specify which PIN is used (label=PIN from local label,
-display=dynamically generated random PIN from local display,
-keypad=PIN entered from peer device label or display). "persistent"
-parameter can be used to request a persistent group to be formed.
-
-"join" indicates that this is a command to join an existing group as a
-client. It skips the GO Negotiation part.
-
-"auth" indicates that the WPS parameters are authorized for the peer
-device without actually starting GO Negotiation (i.e., the peer is
-expected to initiate GO Negotiation). This is mainly for testing
-purposes.
-
-The optional "go_intent" parameter can be used to override the default
-GO Intent value.
-
-
-\subsection ctrl_iface_P2P_LISTEN P2P_LISTEN
-
-Start Listen-only state. Optional parameter can be used to specify the
-duration for the Listen operation in seconds. This command may not
-be of that much use during normal operations and is mainly designed
-for testing. It can also be used to keep the device discoverable
-without having to maintain a group.
-
-
-\subsection ctrl_iface_P2P_GROUP_REMOVE P2P_GROUP_REMOVE
-
-Terminate a P2P group. If a new virtual network interface was used for
-the group, it will also be removed. The network interface name of the
-group interface is used as a parameter for this command.
-
-
-\subsection ctrl_iface_P2P_GROUP_ADD P2P_GROUP_ADD
-
-Set up a P2P group owner manually (i.e., without group owner
-negotiation with a specific peer). This is also known as autonomous
-GO. Optional persistent=<network id> can be used to specify restart of
-a persistent group.
-
-
-\subsection ctrl_iface_P2P_PROV_DISC P2P_PROV_DISC
-
-Send P2P provision discovery request to the specified peer. The
-parameters for this command are the P2P device address of the peer and
-the desired configuration method. For example, "P2P_PROV_DISC
-02:01:02:03:04:05 display" would request the peer to display a PIN for
-us and "P2P_PROV_DISC 02:01:02:03:04:05 keypad" would request the peer
-to enter a PIN that we display.
-
-
-\subsection ctrl_iface_P2P_GET_PASSPHRASE P2P_GET_PASSPHRASE
-
-Get the passphrase for a group (only available when acting as a GO).
-
-
-\subsection ctrl_iface_P2P_SERV_DISC_REQ P2P_SERV_DISC_REQ
-
-Schedule a P2P service discovery request. The parameters for this
-command are the device address of the peer device (or 00:00:00:00:00:00
-for wildcard query that is sent to every discovered P2P peer that
-supports service discovery) and P2P Service Query TLV(s) as hexdump.
-For example, "P2P_SERV_DISC_REQ 00:00:00:00:00:00 02000001" schedules
-a request for listing all supported service discovery protocols and
-requests this to be sent to all discovered peers. The pending requests
-are sent during device discovery (see \ref ctrl_iface_P2P_FIND).
-
-This command returns an identifier for the pending query (e.g.,
-"1f77628") that can be used to cancel the request. Directed requests
-will be automatically removed when the specified peer has replied to
-it.
-
-
-\subsection ctrl_iface_P2P_SERV_DISC_CANCEL_REQ P2P_SERV_DISC_CANCEL_REQ
-
-Cancel a pending P2P service discovery request. This command takes a
-single parameter: identifier for the pending query (the value returned
-by \ref ctrl_iface_P2P_SERV_DISC_REQ), e.g.,
-"P2P_SERV_DISC_CANCEL_REQ 1f77628".
-
-
-\subsection ctrl_iface_P2P_SERV_DISC_RESP P2P_SERV_DISC_RESP
-
-Reply to a service discovery query. This command takes following
-parameters: frequency in MHz, destination address, dialog token,
-response TLV(s). The first three parameters are copied from the
-request event. For example,
-"P2P_SERV_DISC_RESP 2437 02:40:61:c2:f3:b7 1 0300000101".
-
-
-\subsection ctrl_iface_P2P_SERVICE_UPDATE P2P_SERVICE_UPDATE
-
-Indicate that local services have changed. This is used to increment
-the P2P service indicator value so that peers know when previously
-cached information may have changed.
-
-
-\subsection ctrl_iface_P2P_SERV_DISC_EXTERNAL P2P_SERV_DISC_EXTERNAL
-
-Configure external processing of P2P service requests: 0 (default) =
-no external processing of requests (i.e., internal code will reject
-each request), 1 = external processing of requests (external program
-is responsible for replying to service discovery requests with
-\ref ctrl_iface_P2P_SERV_DISC_RESP).
-
-
-\subsection ctrl_iface_P2P_REJECT P2P_REJECT
-
-Reject connection attempt from a peer (specified with a device
-address). This is a mechanism to reject a pending GO Negotiation with
-a peer and request to automatically block any further connection or
-discovery of the peer.
-
-
-\subsection ctrl_iface_P2P_INVITE P2P_INVITE
-
-Invite a peer to join a group or to (re)start a persistent group.
-
-
-\subsection ctrl_iface_P2P_PEER P2P_PEER
-
-Fetch information about a discovered peer. This command takes in an
-argument specifying which peer to select: P2P Device Address of the
-peer, "FIRST" to indicate the first peer in the list, or "NEXT-<P2P
-Device Address>" to indicate the entry following the specified peer
-(to allow for iterating through the list).
-
-
-\subsection ctrl_iface_P2P_EXT_LISTEN P2P_EXT_LISTEN
-
-Enable/disable extended listen timing. Without parameters, this
-command disables extended listen timing. When enabling the feature,
-two parameters are used: availability period and availability interval
-(both in milliseconds and with range of 1-65535).
-
-
-\section ctrl_iface_interactive Interactive requests
-
-If wpa_supplicant needs additional information during authentication
-(e.g., password), it will use a specific prefix, \c CTRL-REQ-
-(\a WPA_CTRL_REQ macro) in an unsolicited event message. An external
-program, e.g., a GUI, can provide such information by using
-\c CTRL-RSP- (\a WPA_CTRL_RSP macro) prefix in a command with matching
-field name.
-
-The following fields can be requested in this way from the user:
-- IDENTITY (EAP identity/user name)
-- PASSWORD (EAP password)
-- NEW_PASSWORD (New password if the server is requesting password change)
-- PIN (PIN code for accessing a SIM or smartcard)
-- OTP (one-time password; like password, but the value is used only once)
-- PASSPHRASE (passphrase for a private key file)
-
-\verbatim
-CTRL-REQ-<field name>-<network id>-<human readable text>
-CTRL-RSP-<field name>-<network id>-<value>
-\endverbatim
-
-For example, request from wpa_supplicant:
-\verbatim
-CTRL-REQ-PASSWORD-1-Password needed for SSID test-network
-\endverbatim
-
-And a matching reply from the GUI:
-\verbatim
-CTRL-RSP-PASSWORD-1-secret
-\endverbatim
-
-
-\subsection ctrl_iface_GET_CAPABILITY GET_CAPABILITY <option> [strict]
-
-Get list of supported functionality (eap, pairwise, group,
-proto). Supported functionality is shown as space separate lists of
-values used in the same format as in wpa_supplicant configuration.
-If optional argument, 'strict', is added, only the values that the
-driver claims to explicitly support are included. Without this, all
-available capabilities are included if the driver does not provide
-a mechanism for querying capabilities.
-
-Example request/reply pairs:
-
-\verbatim
-GET_CAPABILITY eap
-AKA FAST GTC LEAP MD5 MSCHAPV2 OTP PAX PEAP PSK SIM TLS TTLS
-\endverbatim
-
-\verbatim
-GET_CAPABILITY pairwise
-CCMP TKIP NONE
-\endverbatim
-
-\verbatim
-GET_CAPABILITY pairwise strict
-\endverbatim
-
-\verbatim
-GET_CAPABILITY group
-CCMP TKIP WEP104 WEP40
-\endverbatim
-
-\verbatim
-GET_CAPABILITY key_mgmt
-WPA-PSK WPA-EAP IEEE8021X NONE
-\endverbatim
-
-\verbatim
-GET_CAPABILITY proto
-RSN WPA
-\endverbatim
-
-\verbatim
-GET_CAPABILITY auth_alg
-OPEN SHARED LEAP
-\endverbatim
-
-
-\subsection ctrl_iface_AP_SCAN AP_SCAN <ap_scan value>
-
-Change ap_scan value:
-0 = no scanning,
-1 = wpa_supplicant requests scans and uses scan results to select the AP,
-2 = wpa_supplicant does not use scanning and just requests driver to
-associate and take care of AP selection
-
-
-\subsection ctrl_iface_INTERFACES INTERFACES
-
-List configured interfaces.
-
-\verbatim
-wlan0
-eth0
-\endverbatim
-
-
-\section ctrl_iface_events Control interface events
-
-wpa_supplicant generates number messages based on events like
-connection or a completion of a task. These are available to external
-programs that attach to receive unsolicited messages over the control
-interface with \ref wpa_ctrl_attach().
-
-The event messages will be delivered over the attach control interface
-as text strings that start with the priority level of the message and
-a fixed prefix text as defined in \ref wpa_ctrl.h. After this, optional
-additional information may be included depending on the event
-message. For example, following event message is delivered when new
-scan results are available:
-
-\verbatim
-<2>CTRL-EVENT-SCAN-RESULTS
-\endverbatim
-
-Following priority levels are used:
-- 0 = MSGDUMP
-- 1 = DEBUG
-- 2 = INFO
-- 3 = WARNING
-- 4 = ERROR
-
-By default, any priority level greater than equal to 2 (INFO) are
-delivered over the attached control interface. LEVEL command can be
-used to set the level of messages which will be delivered. It should
-be noted that there are many debug messages that do not include any
-particulat prefix and are subject to change. They may be used for
-debug information, but can usually be ignored by external programs.
-
-In most cases, the external program can skip over the priority field
-in the beginning of the event message and then compare the following
-text to the event strings from \ref wpa_ctrl.h that the program is
-interested in processing.
-
-Following subsections describe the most common event notifications
-generated by wpa_supplicant.
-
-\subsection ctrl_iface_event_CTRL_REQ CTRL-REQ-
-
-WPA_CTRL_REQ: Request information from a user. See
-\ref ctrl_iface_interactive "Interactive requests" sections for more
-details.
-
-\subsection ctrl_iface_event_CONNECTED CTRL-EVENT-CONNECTED
-
-WPA_EVENT_CONNECTED: Indicate successfully completed authentication
-and that the data connection is now enabled.
-
-\subsection ctrl_iface_event_DISCONNECTED CTRL-EVENT-DISCONNECTED
-
-WPA_EVENT_DISCONNECTED: Disconnected, data connection is not available
-
-\subsection ctrl_iface_event_TERMINATING  CTRL-EVENT-TERMINATING
-
-WPA_EVENT_TERMINATING: wpa_supplicant is exiting
-
-\subsection ctrl_iface_event_PASSWORD_CHANGED CTRL-EVENT-PASSWORD-CHANGED
-
-WPA_EVENT_PASSWORD_CHANGED: Password change was completed successfully
-
-\subsection ctrl_iface_event_EAP_NOTIFICATION CTRL-EVENT-EAP-NOTIFICATION
-
-WPA_EVENT_EAP_NOTIFICATION: EAP-Request/Notification received
-
-\subsection ctrl_iface_event_EAP_STARTED CTRL-EVENT-EAP-STARTED
-
-WPA_EVENT_EAP_STARTED: EAP authentication started (EAP-Request/Identity
-received)
-
-\subsection ctrl_iface_event_EAP_METHOD CTRL-EVENT-EAP-METHOD
-
-WPA_EVENT_EAP_METHOD: EAP method selected
-
-\subsection ctrl_iface_event_EAP_SUCCESS CTRL-EVENT-EAP-SUCCESS
-
-WPA_EVENT_EAP_SUCCESS: EAP authentication completed successfully
-
-\subsection ctrl_iface_event_EAP_FAILURE CTRL-EVENT-EAP-FAILURE
-
-WPA_EVENT_EAP_FAILURE: EAP authentication failed (EAP-Failure received)
-
-\subsection ctrl_iface_event_SCAN_RESULTS CTRL-EVENT-SCAN-RESULTS
-
-WPA_EVENT_SCAN_RESULTS: New scan results available
-
-\subsection ctrl_iface_event_BSS_ADDED CTRL-EVENT-BSS-ADDED
-
-WPA_EVENT_BSS_ADDED: A new BSS entry was added. The event prefix is
-followed by the BSS entry id and BSSID.
-
-\verbatim
-CTRL-EVENT-BSS-ADDED 34 00:11:22:33:44:55
-\endverbatim
-
-\subsection ctrl_iface_event_BSS_REMOVED CTRL-EVENT-BSS-REMOVED
-
-WPA_EVENT_BSS_REMOVED: A BSS entry was removed. The event prefix is
-followed by BSS entry id and BSSID.
-
-\verbatim
-CTRL-EVENT-BSS-REMOVED 34 00:11:22:33:44:55
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_OVERLAP_DETECTED WPS-OVERLAP-DETECTED
-
-WPS_EVENT_OVERLAP: WPS overlap detected in PBC mode
-
-\subsection ctrl_iface_event_WPS_AP_AVAILABLE_PBC WPS-AP-AVAILABLE-PBC
-
-WPS_EVENT_AP_AVAILABLE_PBC: Available WPS AP with active PBC found in
-scan results.
-
-\subsection ctrl_iface_event_WPS_AP_AVAILABLE_PIN WPS-AP-AVAILABLE-PIN
-
-WPS_EVENT_AP_AVAILABLE_PIN: Available WPS AP with recently selected PIN
-registrar found in scan results.
-
-\subsection ctrl_iface_event_WPS_AP_AVAILABLE WPS-AP-AVAILABLE
-
-WPS_EVENT_AP_AVAILABLE: Available WPS AP found in scan results
-
-\subsection ctrl_iface_event_WPS_CRED_RECEIVED WPS-CRED-RECEIVED
-
-WPS_EVENT_CRED_RECEIVED: A new credential received
-
-\subsection ctrl_iface_event_WPS_M2D WPS-M2D
-
-WPS_EVENT_M2D: M2D received
-
-\subsection ctrl_iface_event_WPS_FAIL
-
-WPS_EVENT_FAIL: WPS registration failed after M2/M2D
-
-\subsection ctrl_iface_event_WPS_SUCCESS WPS-SUCCESS
-
-WPS_EVENT_SUCCESS: WPS registration completed successfully
-
-\subsection ctrl_iface_event_WPS_TIMEOUT WPS-TIMEOUT
-
-WPS_EVENT_TIMEOUT: WPS enrollment attempt timed out and was terminated
-
-\subsection ctrl_iface_event_WPS_ENROLLEE_SEEN WPS-ENROLLEE-SEEN
-
-WPS_EVENT_ENROLLEE_SEEN: WPS Enrollee was detected (used in AP mode).
-The event prefix is followed by MAC addr, UUID-E, pri dev type,
-config methods, dev passwd id, request type, [dev name].
-
-\verbatim
-WPS-ENROLLEE-SEEN 02:00:00:00:01:00
-572cf82f-c957-5653-9b16-b5cfb298abf1 1-0050F204-1 0x80 4 1
-[Wireless Client]
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_ER_AP_ADD WPS-ER-AP-ADD
-
-WPS_EVENT_ER_AP_ADD: WPS ER discovered an AP
-
-\verbatim
-WPS-ER-AP-ADD 87654321-9abc-def0-1234-56789abc0002 02:11:22:33:44:55
-pri_dev_type=6-0050F204-1 wps_state=1 |Very friendly name|Company|
-Long description of the model|WAP|http://w1.fi/|http://w1.fi/hostapd/
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_ER_AP_REMOVE WPS-ER-AP-REMOVE
-
-WPS_EVENT_ER_AP_REMOVE: WPS ER removed an AP entry
-
-\verbatim
-WPS-ER-AP-REMOVE 87654321-9abc-def0-1234-56789abc0002
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_ER_ENROLLEE_ADD WPS-ER-ENROLLEE-ADD
-
-WPS_EVENT_ER_ENROLLEE_ADD: WPS ER discovered a new Enrollee
-
-\verbatim
-WPS-ER-ENROLLEE-ADD 2b7093f1-d6fb-5108-adbb-bea66bb87333
-02:66:a0:ee:17:27 M1=1 config_methods=0x14d dev_passwd_id=0
-pri_dev_type=1-0050F204-1
-|Wireless Client|Company|cmodel|123|12345|
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_ER_ENROLLEE_REMOVE WPS-ER-ENROLLEE-REMOVE
-
-WPS_EVENT_ER_ENROLLEE_REMOVE: WPS ER removed an Enrollee entry
-
-\verbatim
-WPS-ER-ENROLLEE-REMOVE 2b7093f1-d6fb-5108-adbb-bea66bb87333
-02:66:a0:ee:17:27
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_PIN_NEEDED WPS-PIN-NEEDED
-
-WPS_EVENT_PIN_NEEDED: PIN is needed to complete provisioning with an
-Enrollee. This is followed by information about the Enrollee (UUID,
-MAC address, device name, manufacturer, model name, model number,
-serial number, primary device type).
-\verbatim
-WPS-PIN-NEEDED 5a02a5fa-9199-5e7c-bc46-e183d3cb32f7 02:2a:c4:18:5b:f3
-[Wireless Client|Company|cmodel|123|12345|1-0050F204-1]
-\endverbatim
-
-\subsection ctrl_iface_event_WPS_NEW_AP_SETTINGS WPS-NEW-AP-SETTINGS
-
-WPS_EVENT_NEW_AP_SETTINGS: New AP settings were received
-
-\subsection ctrl_iface_event_WPS_REG_SUCCESS WPS-REG-SUCCESS
-
-WPS_EVENT_REG_SUCCESS: WPS provisioning was completed successfully
-(AP/Registrar)
-
-\subsection ctrl_iface_event_WPS_AP_SETUP_LOCKED WPS-AP-SETUP-LOCKED
-
-WPS_EVENT_AP_SETUP_LOCKED: AP changed into setup locked state due to
-multiple failed configuration attempts using the AP PIN.
-
-\subsection ctrl_iface_event_AP_STA_CONNECTED AP-STA-CONNECTED
-
-AP_STA_CONNECTED: A station associated with us (AP mode event). The
-event prefix is followed by the MAC address of the station.
-
-\verbatim
-AP-STA-CONNECTED 02:2a:c4:18:5b:f3
-\endverbatim
-
-\subsection ctrl_iface_event_AP_STA_DISCONNECTED AP-STA-DISCONNECTED
-
-AP_STA_DISCONNECTED: A station disassociated (AP mode event)
-
-\verbatim
-AP-STA-DISCONNECTED 02:2a:c4:18:5b:f3
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_DEVICE_FOUND P2P-DEVICE-FOUND
-
-P2P_EVENT_DEVICE_FOUND: Indication of a discovered P2P device with
-information about that device.
-
-\verbatim
-P2P-DEVICE-FOUND 02:b5:64:63:30:63 p2p_dev_addr=02:b5:64:63:30:63
-pri_dev_type=1-0050f204-1 name='Wireless Client' config_methods=0x84
-dev_capab=0x21 group_capab=0x0
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_GO_NEG_REQUEST P2P-GO-NEG-REQUEST
-
-P2P_EVENT_GO_NEG_REQUEST: A P2P device requested GO negotiation, but we
-were not ready to start the negotiation.
-
-\verbatim
-P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7 dev_passwd_id=4
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_GO_NEG_SUCCESS P2P-GO-NEG-SUCCESS
-
-P2P_EVENT_GO_NEG_SUCCESS: Indication of successfully complete group
-owner negotiation.
-
-\subsection ctrl_iface_event_P2P_EVENT_GO_NEG_FAILURE P2P-GO-NEG-FAILURE
-
-P2P_EVENT_GO_NEG_FAILURE: Indication of failed group owner negotiation.
-
-\subsection ctrl_iface_event_P2P_EVENT_GROUP_FORMATION_SUCCESS P2P-GROUP-FORMATION-SUCCESS
-
-P2P_EVENT_GROUP_FORMATION_SUCCESS: Indication that P2P group formation
-has been completed successfully.
-
-\subsection ctrl_iface_event_P2P_EVENT_GROUP_FORMATION_FAILURE P2P-GROUP-FORMATION-FAILURE
-
-P2P_EVENT_GROUP_FORMATION_FAILURE: Indication that P2P group formation
-failed (e.g., due to provisioning failure or timeout).
-
-\subsection ctrl_iface_event_P2P_EVENT_GROUP_STARTED P2P-GROUP-STARTED
-
-P2P_EVENT_GROUP_STARTED: Indication of a new P2P group having been
-started. Additional parameters: network interface name for the group,
-role (GO/client), SSID. The passphrase used in the group is also
-indicated here if known (on GO) or PSK (on client). If the group is a
-persistent one, a flag indicating that is included.
-
-\verbatim
-P2P-GROUP-STARTED wlan0-p2p-0 GO ssid="DIRECT-3F Testing"
-passphrase="12345678" go_dev_addr=02:40:61:c2:f3:b7 [PERSISTENT]
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_GROUP_REMOVED P2P-GROUP-REMOVED
-
-P2P_EVENT_GROUP_REMOVED: Indication of a P2P group having been removed.
-Additional parameters: network interface name for the group, role
-(GO/client).
-
-\verbatim
-P2P-GROUP-REMOVED wlan0-p2p-0 GO
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_SHOW_PIN P2P-PROV-DISC-SHOW-PIN
-
-P2P_EVENT_PROV_DISC_SHOW_PIN: Request from the peer for us to display
-a PIN that will be entered on the peer. The following parameters are
-included after the event prefix: peer_address PIN. The PIN is a
-random PIN generated for this connection. P2P_CONNECT command can be
-used to accept the request with the same PIN configured for the
-connection.
-
-\verbatim
-P2P-PROV-DISC-SHOW-PIN 02:40:61:c2:f3:b7 12345670
-p2p_dev_addr=02:40:61:c2:f3:b7 pri_dev_type=1-0050F204-1 name='Test'
-config_methods=0x188 dev_capab=0x21 group_capab=0x0
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_ENTER_PIN P2P-PROV-DISC-ENTER-PIN
-
-P2P_EVENT_PROV_DISC_ENTER_PIN: Request from the peer for us to enter a
-PIN displayed on the peer. The following parameter is included after
-the event prefix: peer address.
-
-\verbatim
-P2P-PROV-DISC-ENTER-PIN 02:40:61:c2:f3:b7 p2p_dev_addr=02:40:61:c2:f3:b7
-pri_dev_type=1-0050F204-1 name='Test' config_methods=0x188
-dev_capab=0x21 group_capab=0x0
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_PBC_REQ P2P-PROV-DISC-PBC-REQ
-
-P2P_EVENT_PROV_DISC_PBC_REQ: Request from the peer for us to connect
-using PBC. The following parameters are included after the event prefix:
-peer_address. P2P_CONNECT command can be used to accept the request.
-
-\verbatim
-P2P-PROV-DISC-PBC-REQ 02:40:61:c2:f3:b7 p2p_dev_addr=02:40:61:c2:f3:b7
-pri_dev_type=1-0050F204-1 name='Test' config_methods=0x188
-dev_capab=0x21 group_capab=0x0
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_PBC_RESP P2P-PROV-DISC-PBC-RESP
-
-P2P_EVENT_PROV_DISC_PBC_RESP: The peer accepted our provision discovery
-request to connect using PBC. The following parameters are included
-after the event prefix: peer_address. P2P_CONNECT command can be used to
-start GO Negotiation after this.
-
-\verbatim
-P2P-PROV-DISC-PBC-RESP 02:40:61:c2:f3:b7
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_SERV_DISC_REQ P2P-SERV-DISC-REQ
-
-P2P-SERV-DISC-REQ: Indicate reception of a P2P service discovery
-request. The following parameters are included after the event prefix:
-frequency in MHz, source address, dialog token, Service Update
-Indicator, Service Query TLV(s) as hexdump.
-
-\verbatim
-P2P-SERV-DISC-REQ 2412 02:40:61:c2:f3:b7 0 0 02000001
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_SERV_DISC_RESP P2P-SERV-DISC-RESP
-
-P2P-SERV-DISC-RESP: Indicate reception of a P2P service discovery
-response. The following parameters are included after the event prefix:
-source address, Service Update Indicator, Service Response TLV(s) as
-hexdump.
-
-\verbatim
-P2P-SERV-DISC-RESP 02:40:61:c2:f3:b7 0 0300000101
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_INVITATION_RECEIVED P2P-INVITATION-RECEIVED
-
-P2P-INVITATION-RECEIVED: Indicate reception of a P2P Invitation
-Request. For persistent groups, the parameter after the event prefix
-indicates which network block includes the persistent group data.
-
-\verbatim
-P2P-INVITATION-RECEIVED sa=02:40:61:c2:f3:b7 persistent=0
-\endverbatim
-
-\subsection ctrl_iface_event_P2P_EVENT_INVITATION_RESULT P2P-INVITATION-RESULT
-
-P2P-INVITATION-RESULT: Indicate result of a P2P invitation that was
-requested with \ref ctrl_iface_P2P_INVITE. The parameter
-status=<value> shows the status code returned by the peer (or -1 on
-local failure or timeout).
-
-\verbatim
-P2P-INVITATION-RESULT status=1
-\endverbatim
-
-*/
diff --git a/doc/dbus.doxygen b/doc/dbus.doxygen
deleted file mode 100644
index f6ab82000108..000000000000
--- a/doc/dbus.doxygen
+++ /dev/null
@@ -1,2428 +0,0 @@
-/**
-\page dbus wpa_supplicant D-Bus API
-
-This section documents the wpa_supplicant D-Bus API. Every D-Bus
-interface implemented by wpa_supplicant is described here including
-their methods, signals, and properties with arguments, returned
-values, and possible errors.
-
-Interfaces:
-- \ref dbus_main
-- \ref dbus_interface
-- \ref dbus_wps
-- \ref dbus_p2pdevice
-- \ref dbus_bss
-- \ref dbus_network
-- \ref dbus_peer
-- \ref dbus_group
-- \ref dbus_persistent_group
-- \ref dbus_mesh
-
-
-\section dbus_main fi.w1.wpa_supplicant1
-
-Interface implemented by the main wpa_supplicant D-Bus object
-registered in the bus with fi.w1.wpa_supplicant1 name.
-
-\subsection dbus_main_methods Methods
-
-<ul>
-      <li>
-	<h3>CreateInterface ( a{sv} : args ) --> o : interface</h3>
-	<p>Registers a wireless interface in wpa_supplicant.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>
-	    A dictionary with arguments used to add the interface to wpa_supplicant. The dictionary may contain the following entries:
-	    <table>
-	      <tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th>
-	      <tr><td>Ifname</td><td>s</td><td>Name of the network interface to control, e.g., wlan0</td><td>Yes</td>
-	      <tr><td>BridgeIfname</td><td>s</td><td>Name of the bridge interface to control, e.g., br0</td><td>No</td>
-	      <tr><td>Driver</td><td>s</td><td>Driver name which the interface uses, e.g., nl80211</td><td>No</td>
-	      <tr><td>ConfigFile</td><td>s</td><td>Configuration file path</td><td>No</td>
-	    </table>
-	  </dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>o : interface</dt>
-	  <dd>A D-Bus path to object representing created interface</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InterfaceExists</dt>
-	  <dd>wpa_supplicant already controls this interface.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Creating interface failed for an unknown reason.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Invalid entries were found in the passed argument.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>RemoveInterface ( o : interface ) --> nothing</h3>
-	<p>Deregisters a wireless interface from wpa_supplicant.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : interface</dt>
-	  <dd>A D-Bus path to an object representing an interface to remove returned by CreateInterface</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InterfaceUnknown</dt>
-	  <dd>Object pointed by the path doesn't exist or doesn't represent an interface.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Removing interface failed for an unknown reason.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>GetInterface ( s : ifname ) --> o : interface</h3>
-	<p>Returns a D-Bus path to an object related to an interface which wpa_supplicant already controls.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : ifname</dt>
-	  <dd>Name of the network interface, e.g., wlan0</dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>o : interface</dt>
-	  <dd>A D-Bus path to an object representing an interface</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InterfaceUnknown</dt>
-	  <dd>An interface with the passed name in not controlled by wpa_supplicant.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Getting an interface object path failed for an unknown reason.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>ExpectDisconnect ( ) --> nothing</h3>
-	<p>Notify wpa_supplicant of an externally triggered disconnection, e.g., due to system suspend.</p>
-      </li>
-    </ul>
-
-\subsection dbus_main_properties Properties
-
-<ul>
-      <li>
-	<h3>DebugLevel - s - (read/write)</h3>
-	<p>Global wpa_supplicant debugging level. Possible values are
-	"msgdump" (verbose debugging), "debug" (debugging),
-	"info" (informative), "warning" (warnings), and "error" (errors).</p>
-      </li>
-
-      <li>
-	<h3>DebugTimestamp - b - (read/write)</h3>
-	<p>Global wpa_supplicant debugging parameter. Determines if timestamps are shown in debug logs.</p>
-      </li>
-
-      <li>
-	<h3>DebugShowKeys - b - (read/write)</h3>
-	<p>Global wpa_supplicant debugging parameter. Determines if secrets are shown in debug logs.</p>
-      </li>
-
-      <li>
-	<h3>Interfaces - ao - (read)</h3>
-	<p>An array with paths to D-Bus objects representing controlled interfaces each.</p>
-      </li>
-
-      <li>
-	<h3>EapMethods - as - (read)</h3>
-	<p>An array with supported EAP methods names.</p>
-      </li>
-
-      <li>
-	<h3>Capabilities - as - (read)</h3>
-	<p>An array with supported capabilities (e.g., "ap", "ibss-rsn", "p2p", "interworking").</p>
-      </li>
-
-      <li>
-	<h3>WFDIEs - ay - (read/write)</h3>
-	<p>Wi-Fi Display subelements.</p>
-      </li>
-    </ul>
-
-\subsection dbus_main_signals Signals
-
-<ul>
-      <li>
-	<h3>InterfaceAdded ( o : interface, a{sv} : properties )</h3>
-	<p>A new interface was added to wpa_supplicant.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : interface</dt>
-	  <dd>A D-Bus path to an object representing the added interface</dd>
-	</dl>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary containing properties of added interface.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>InterfaceRemoved ( o : interface )</h3>
-	<p>An interface was removed from wpa_supplicant.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : interface</dt>
-	  <dd>A D-Bus path to an object representing the removed interface</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>PropertiesChanged ( a{sv} : properties )</h3>
-	<p>Some properties have changed.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary with pairs of properties names which have changed and theirs new values. Possible dictionary keys are: "DebugParams"</dd>
-	</dl>
-      </li>
-    </ul>
-
-
-\section dbus_interface fi.w1.wpa_supplicant1.Interface
-
-Interface implemented by objects related to network interface added to
-wpa_supplicant, i.e., returned by
-fi.w1.wpa_supplicant1.CreateInterface.
-
-\subsection dbus_interface_methods Methods
-
-<ul>
-      <li>
-	<h3>Scan ( a{sv} : args ) --> nothing</h3>
-	<p>Triggers a scan.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>
-	    A dictionary with arguments describing scan type:
-	    <table>
-	      <tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th>
-	      <tr><td>Type</td><td>s</td><td>Type of the scan. Possible values: "active", "passive"</td><td>Yes</td>
-	      <tr><td>SSIDs</td><td>aay</td><td>Array of SSIDs to scan for (applies only if scan type is active)</td><td>No</td>
-	      <tr><td>IEs</td><td>aay</td><td>Information elements to used in active scan (applies only if scan type is active)</td><td>No</td>
-	      <tr><td>Channels</td><td>a(uu)</td><td>Array of frequencies to scan in form of (center, width) in MHz.</td><td>No</td>
-	      <tr><td>AllowRoam</td><td>b</td><td>TRUE (or absent) to allow a roaming decision based on the results of this scan, FALSE to prevent a roaming decision.</td><td>No</td>
-	    </table>
-	  </dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Invalid entries were found in the passed argument.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Disconnect ( ) --> nothing</h3>
-	<p>Disassociates the interface from current network.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NotConnected</dt>
-	  <dd>Interface is not connected to any network.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>AddNetwork ( a{sv} : args ) --> o : network</h3>
-	<p>Adds a new network to the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>A dictionary with network configuration. Dictionary entries are equivalent to entries in the "network" block in wpa_supplicant configuration file. Entry values should be appropriate type to the entry, e.g., an entry with key "frequency" should have value type int.</dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing a configured network</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Invalid entries were found in the passed argument.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Adding network failed for an unknown reason.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>RemoveNetwork ( o : network ) --> nothing</h3>
-	<p>Removes a configured network from the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing a configured network returned by fi.w1.wpa_supplicant1.Interface.AddNetwork</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NetworkUnknown</dt>
-	  <dd>A passed path doesn't point to any network object.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>A passed path doesn't point to any network object.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Removing network failed for an unknown reason.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>RemoveAllNetworks ( ) --> nothing</h3>
-	<p>Remove all configured networks from the interface.</p>
-      </li>
-
-      <li>
-	<h3>SelectNetwork ( o : network ) --> nothing</h3>
-	<p>Attempt association with a configured network.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing a configured network returned by fi.w1.wpa_supplicant1.Interface.AddNetwork</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NetworkUnknown</dt>
-	  <dd>A passed path doesn't point to any network object.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>A passed path doesn't point to any network object.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Reassociate ( ) --> nothing</h3>
-	<p>Attempt reassociation.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InterfaceDisabled</dt>
-	  <dd>The interface is disabled.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Reattach ( ) --> nothing</h3>
-	<p>Attempt reassociation back to the current BSS.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NotConnected</dt>
-	  <dd>Interface is not connected to any network.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Reconnect ( ) --> nothing</h3>
-	<p>Attempt reconnection and connect if in disconnected state.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InterfaceDisabled</dt>
-	  <dd>The interface is disabled.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Roam ( s : addr ) --> nothing</h3>
-	<p>Initiate a roam to another BSS within the current ESS.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Missing address argument.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Invalid hardware address format.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Target BSS not found.</dd>
-	  <dt>fi.w1.wpa_supplicant1.NotConnected</dt>
-	  <dd>Interface is not connected to any network.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Scan processing was not included in the build.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>AddBlob ( s : name, ay : data ) --> nothing</h3>
-	<p>Adds a blob to the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : name</dt>
-	  <dd>A name of a blob</dd>
-	  <dt>ay : data</dt>
-	  <dd>A blob data</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.BlobExists</dt>
-	  <dd>A blob with the specified name already exists.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>RemoveBlob ( s : name ) --> nothing</h3>
-	<p>Removes the blob from the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : name</dt>
-	  <dd>A name of the blob to remove</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.BlobUnknown</dt>
-	  <dd>A blob with the specified name doesn't exist.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>GetBlob ( s : name ) --> ay : data</h3>
-	<p>Returns the blob data of a previously added blob.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : name</dt>
-	  <dd>A name of the blob</dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>ay : data</dt>
-	  <dd>A blob data</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.BlobUnknown</dt>
-	  <dd>A blob with the specified name doesn't exist.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>AutoScan ( s : arg ) --> nothing</h3>
-	<p>Set autoscan parameters for the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : arg</dt>
-	  <dd>Autoscan parameter line or empty to unset autoscan.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NoMemory</dt>
-	  <dd>Needed memory was not possible to get allocated.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Invalid entries were found in the passed argument.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>TDLSDiscover ( s : peer_address ) --> nothing</h3>
-	<p>Initiate a TDLS discovery for a peer.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : peer_address</dt>
-	  <dd>MAC address for the peer to perform TDLS discovery.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "peer_address" argument is not a properly formatted MAC.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Initiating the TDLS operation failed for an unknown reason.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>TDLSSetup ( s : peer_address ) --> nothing</h3>
-	<p>Setup a TDLS session for a peer.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : peer_address</dt>
-	  <dd>MAC address for the peer to perform TDLS setup.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "peer_address" argument is not a properly formatted MAC.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Initiating the TDLS operation failed for an unknown reason.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>TDLSStatus ( s : peer_address ) --> s</h3>
-	<p>Return TDLS status with respect to a peer.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : peer_address</dt>
-	  <dd>MAC address for the peer for which status is requested.</dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>s : status</dt>
-	  <dd>Current status of the TDLS link with the selected peer.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "peer_address" argument is not a properly formatted MAC.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>TDLSTeardown ( s : peer_address ) --> nothing</h3>
-	<p>Tear down a TDLS session with a peer.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : peer_address</dt>
-	  <dd>MAC address for the peer to tear down TDLS connectivity with.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "peer_address" argument is not a properly formatted MAC.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Initiating the TDLS operation failed for an unknown reason.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>TDLSChannelSwitch ( a{sv} : args ) --> nothing</h3>
-	<p>Configure TDLS channel switching behavior with a peer.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>A dictionary with arguments identifying the peer and channel switching behavior.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>TDLSCancelChannelSwitch ( s : peer_address ) --> nothing</h3>
-	<p>Disable channel switching for a TDLS session with a peer.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : peer_address</dt>
-	  <dd>MAC address for the peer.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>VendorElemAdd ( i: frame_id, ay: ielems ) --> nothing</h3>
-	<p>Add Vendor Elements to corresponding frame ID.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>i : frame_id</dt>
-	  <dd>Frame ID for which Vendor specific IE is to be added.</dd>
-	  <dt>ay : ielems</dt>
-	  <dd>Information Element(s).</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "ielems" argument is not a properly formatted or size mismatch.</dd>
-	  <dt>fi.w1.wpa_supplicant1.NoMemory</dt>
-	  <dd>Needed memory was not possible to get allocated.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>VendorElemGet ( i: frame_id ) --> ay: ielems</h3>
-	<p>Get Vendor Elements of corresponding frame ID.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>i : frame_id</dt>
-	  <dd>Frame ID for which Vendor specific IE is being queried.</dd>
-	  <dt>ay : ielems</dt>
-	  <dd>Information Element(s).</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "frame_id" argument is not valid.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>VendorElemRem ( i: frame_id, ay: ielems ) --> nothing</h3>
-	<p>Remove Vendor Elements of corresponding frame ID.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>i : frame_id</dt>
-	  <dd>Frame ID for which Vendor specific IE is to be removed.</dd>
-	  <dt>ay : ielems</dt>
-	  <dd>Information Element(s) OR * to remove all.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>The "ielems" argument is not a properly formatted or size mismatch.</dd>
-	  <dt>fi.w1.wpa_supplicant1.NoMemory</dt>
-	  <dd>Needed memory was not possible to get allocated.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>SaveConfig ( ) --> nothing</h3>
-	<p>Save configuration to the configuration file.</p>
-      </li>
-      <li>
-	<h3>AbortScan ( ) --> nothing</h3>
-	<p>Abort ongoing scan operation.</p>
-      </li>
-      <li>
-	<h3>AddCred ( a{sv} : args ) -->  o : path</h3>
-	<p>Add an Interworking/Hotspot 2.0 credential.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>A dictionary with credential configuration. Dictionary entries are equivalent to entries in the "cred" block in wpa_supplicant configuration file.</dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>o : path</dt>
-	  <dd>A D-Bus path to an object representing the added credential</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>RemoveCred ( o : path ) --> nothing</h3>
-	<p>Remove the specified Interworking/Hotspot 2.0 credential.</p>
-      </li>
-      <li>
-	<h3>RemoveAllCreds ( ) --> nothing</h3>
-	<p>Remove all configured Interworking/Hotspot 2.0 credentials.</p>
-      </li>
-      <li>
-	<h3>InterworkingSelect ( ) --> nothing</h3>
-	<p>Perform Interworking (Hotspot 2.0) network selection.</p>
-      </li>
-      <li>
-	<h3>EAPLogoff ( ) --> nothing</h3>
-	<p>IEEE 802.1X EAPOL state machine logoff.</p>
-      </li>
-      <li>
-	<h3>EAPLogon ( ) --> nothing</h3>
-	<p>IEEE 802.1X EAPOL state machine logon.</p>
-      </li>
-
-      <li>
-	<h3>NetworkReply ( o : network, s : field, s : value ) --> nothing</h3>
-	<p>Provide parameter requested by NetworkRequest().</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing the network (copied from NetworkRequest()).</dd>
-	  <dt>s : field</dt>
-	  <dd>Requested information (copied from NetworkRequest()).</dd>
-	  <dt>s : value</dt>
-	  <dd>The requested information (e.g., password for EAP authentication).</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NetworkUnknown</dt>
-	  <dd>A passed path doesn't point to any network object.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>A passed path doesn't point to any network object.</dd>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>IEEE 802.1X support was not included in the build.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>SetPKCS11EngineAndModulePath ( s : pkcs11_engine_path, s : pkcs11_module_path ) --> nothing</h3>
-	<p>Set PKCS #11 engine and module path.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : pkcs11_engine_path</dt>
-	  <dd>PKCS #11 engine path.</dd>
-	  <dt>s : pkcs11_module_path</dt>
-	  <dd>PKCS #11 module path.</dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>org.freedesktop.DBus.Error.Failed.InvalidArgs</dt>
-	  <dd>Invalid PKCS #11 engine or module path.</dd>
-	  <dt>org.freedesktop.DBus.Error.Failed</dt>
-	  <dd>Reinit of the EAPOL state machine with the new PKCS #11 engine and module path failed.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>SignalPoll ( ) --> a{sv} : properties</h3>
-	<p>Fetch signal properties for the current connection.</p>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>
-	    <table>
-	      <tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th>
-	      <tr><td>linkspeed</td><td>i</td><td>Link speed (Mbps)</td><td>No</td>
-	      <tr><td>noise</td><td>i</td><td>Noise (dBm)</td><td>No</td>
-	      <tr><td>width</td><td>s</td><td>Channel width</td><td>No</td>
-	      <tr><td>frequency</td><td>u</td><td>Frequency (MHz)</td><td>No</td>
-	      <tr><td>rssi</td><td>i</td><td>RSSI (dBm)</td><td>No</td>
-	      <tr><td>avg-rssi</td><td>i</td><td>Average RSSI (dBm)</td><td>No</td>
-	      <tr><td>center-frq1</td><td>i</td><td>VHT segment 1 frequency (MHz)</td><td>No</td>
-	      <tr><td>center-frq2</td><td>i</td><td>VHT segment 2 frequency (MHz)</td><td>No</td>
-	    </table>
-	  </dd>
-	</dl>
-      </li>
-      <li>
-	<h3>FlushBSS ( u : age ) --> nothing</h3>
-	<p>Flush BSS entries from the cache.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>u : age</dt>
-	  <dd>Maximum age in seconds for BSS entries to keep in cache (0 = remove all entries).</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>SubscribeProbeReq ( ) --> nothing</h3>
-	<p>Subscribe to receive Probe Request events. This is needed in addition to registering a signal handler for the ProbeRequest signal to avoid flooding D-Bus with all Probe Request indications when no application is interested in them.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.SubscriptionInUse</dt>
-	  <dd>Another application is already subscribed.</dd>
-	  <dt>fi.w1.wpa_supplicant1.NoMemory</dt>
-	  <dd>Needed memory was not possible to get allocated.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>UnsubscribeProbeReq ( ) --> nothing</h3>
-	<p>Unsubscribe from receiving Probe Request events.</p>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.NoSubscription</dt>
-	  <dd>No subscription in place.</dd>
-	  <dt>fi.w1.wpa_supplicant1.SubscriptionNotYou</dt>
-	  <dd>Subscription in place, but for another process.</dd>
-	</dl>
-      </li>
-    </ul>
-
-\subsection dbus_interface_properties Properties
-
-<ul>
-      <li>
-	<h3>Capabilities - a{sv} - (read)</h3>
-	<p>Capabilities of the interface. Dictionary contains following entries:</p>
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th>
-	  <tr><td>Pairwise</td><td>as</td><td>Possible array elements: "ccmp-256", "gcmp-256", "ccmp", "gcmp", "tkip", "none"</td>
-	  <tr><td>Group</td><td>as</td><td>Possible array elements: "ccmp-256", "gcmp-256", "ccmp", "gcmp", "tkip", "wep104", "wep40"</td>
-	  <tr><td>GroupMgmt</td><td>as</td><td>Possible array elements: "aes-128-cmac", "bip-gmac-128", "bip-gmac-256", "bip-cmac-256"</td>
-	  <tr><td>KeyMgmt</td><td>as</td><td>Possible array elements: "wpa-psk", "wpa-ft-psk", "wpa-psk-sha256", "wpa-eap", "wpa-ft-eap", "wpa-eap-sha256", "sae", "owe", "ieee8021x", "wpa-none", "wps", "none"</td>
-	  <tr><td>Protocol</td><td>as</td><td>Possible array elements: "rsn", "wpa"</td>
-	  <tr><td>AuthAlg</td><td>as</td><td>Possible array elements: "open", "shared", "leap"</td>
-	  <tr><td>Scan</td><td>as</td><td>Possible array elements: "active", "passive", "ssid"</td>
-	  <tr><td>Modes</td><td>as</td><td>Possible array elements: "infrastructure", "ad-hoc", "ap"</td>
-	</table>
-      </li>
-
-      <li>
-	<h3>State - s - (read)</h3>
-	<p>A state of the interface. Possible values are: return "disconnected", "inactive", "scanning", "authenticating", "associating", "associated", "4way_handshake", "group_handshake", "completed","unknown".</p>
-      </li>
-
-      <li>
-	<h3>Scanning - b - (read)</h3>
-	<p>Determines if the interface is already scanning or not</p>
-      </li>
-
-      <li>
-	<h3>ApScan - u - (read/write)</h3>
-	<p>Identical to ap_scan entry in wpa_supplicant configuration file. Possible values are 0, 1 or 2.</p>
-      </li>
-
-      <li>
-	<h3>BSSExpireAge - u - (read/write)</h3>
-	<p>Identical to bss_expiration_age entry in wpa_supplicant configuration file.</p>
-      </li>
-
-      <li>
-	<h3>BSSExpireCount - u - (read/write)</h3>
-	<p>Identical to bss_expiration_scan_count entry in wpa_supplicant configuration file.</p>
-      </li>
-
-      <li>
-	<h3>Country - s - (read/write)</h3>
-	<p>Identical to country entry in wpa_supplicant configuration file.</p>
-      </li>
-
-      <li>
-	<h3>Ifname - s - (read)</h3>
-	<p>Name of network interface controlled by the interface, e.g., wlan0.</p>
-      </li>
-
-      <li>
-	<h3>BridgeIfname - s - (read)</h3>
-	<p>Name of bridge network interface controlled by the interface, e.g., br0.</p>
-      </li>
-
-      <li>
-	<h3>Driver - s - (read)</h3>
-	<p>Name of driver used by the interface, e.g., nl80211.</p>
-      </li>
-
-      <li>
-	<h3>ConfigFile - s - (read)</h3>
-	<p>Configuration file path. Returns an empty string if no configuration file is in use.</p>
-      </li>
-
-      <li>
-	<h3>CurrentBSS - o - (read)</h3>
-	<p>Path to D-Bus object representing BSS which wpa_supplicant is associated with, or "/" if is not associated at all.</p>
-      </li>
-
-      <li>
-	<h3>CurrentNetwork - o - (read)</h3>
-	<p>Path to D-Bus object representing configured network which wpa_supplicant uses at the moment, or "/" if doesn't use any.</p>
-      </li>
-
-      <li>
-	<h3>CurrentAuthMode - s - (read)</h3>
-	<p>Current authentication type.</p>
-      </li>
-
-      <li>
-	<h3>Blobs - as - (read)</h3>
-	<p>List of blobs names added to the Interface.</p>
-      </li>
-
-      <li>
-	<h3>BSSs - ao - (read)</h3>
-	<p>List of D-Bus objects paths representing BSSs known to the interface, i.e., scan results.</p>
-      </li>
-
-      <li>
-	<h3>Stations - ao - (read)</h3>
-	<p>List of D-Bus objects paths representing connected stations in AP mode.</p>
-      </li>
-
-      <li>
-	<h3>Networks - ao - (read)</h3>
-	<p>List of D-Bus objects paths representing configured networks.</p>
-      </li>
-
-      <li>
-	<h3>FastReauth - b - (read/write)</h3>
-	<p>Identical to fast_reauth entry in wpa_supplicant configuration file.</p>
-      </li>
-
-      <li>
-	<h3>ScanInterval - i - (read/write)</h3>
-	<p>Time (in seconds) between scans for a suitable AP. Must be >= 0.</p>
-      </li>
-
-      <li>
-	<h3>PKCS11EnginePath - s - (read)</h3>
-	<p>PKCS #11 engine path.</p>
-      </li>
-
-      <li>
-	<h3>PKCS11ModulePath - s - (read)</h3>
-	<p>PKCS #11 module path.</p>
-      </li>
-
-      <li>
-	<h3>DisconnectReason - i - (read)</h3>
-	<p>The most recent IEEE 802.11 reason code for disconnect. Negative value indicates locally generated disconnection.</p>
-      </li>
-
-      <li>
-	<h3>AuthStatusCode - i - (read)</h3>
-	<p>The most recent IEEE 802.11 status code for authentication.</p>
-      </li>
-
-      <li>
-	<h3>AssocStatusCode - i - (read)</h3>
-	<p>The most recent IEEE 802.11 status code for association rejection.</p>
-      </li>
-
-      <li>
-	<h3>RoamTime - u - (read)</h3>
-	<p>The most recent roam time in milliseconds.</p>
-      </li>
-
-      <li>
-	<h3>RoamComplete - b - (read)</h3>
-	<p>The most recent roam success or failure.</p>
-      </li>
-
-      <li>
-	<h3>SessionLength - u - (read)</h3>
-	<p>The most recent BSS session length in milliseconds.</p>
-      </li>
-
-      <li>
-	<h3>BSSTMStatus - u - (read)</h3>
-	<p>The most recent BSS Transition Management status code.</p>
-      </li>
-
-      <li>
-	<h3>EapolVersion - s - (read/write)</h3>
-	<p>IEEE 802.1X/EAPOL version number</p>
-      </li>
-
-      <li>
-	<h3>Bgscan - s - (read/write)</h3>
-	<p>Background scan and roaming parameters or an empty string if none</p>
-      </li>
-
-      <li>
-	<h3>DisableScanOffload - s - (read/write)</h3>
-	<p>Disable automatic offloading of scan requests</p>
-      </li>
-
-      <li>
-	<h3>OpenscEnginePath - s - (read/write)</h3>
-	<p>Path to the OpenSSL engine for opensc</p>
-      </li>
-
-      <li>
-	<h3>OpensslCiphers - s - (read/write)</h3>
-	<p>OpenSSL cipher string</p>
-      </li>
-
-      <li>
-	<h3>PcscReader - s - (read/write)</h3>
-	<p>PC/SC reader name prefix</p>
-      </li>
-
-      <li>
-	<h3>PcscPin - s - (read/write)</h3>
-	<p>PIN for USIM, GSM SIM, and smartcards</p>
-      </li>
-
-      <li>
-	<h3>ExternalSim - s - (read/write)</h3>
-	<p>Use external processing for SIM/USIM operations</p>
-      </li>
-
-      <li>
-	<h3>DriverParam - s - (read/write)</h3>
-	<p>Driver interface parameters</p>
-      </li>
-
-      <li>
-	<h3>Dot11RSNAConfigPMKLifetime - s - (read/write)</h3>
-	<p>Maximum lifetime of a PMK</p>
-      </li>
-
-      <li>
-	<h3>Dot11RSNAConfigPMKReauthThreshold - s - (read/write)</h3>
-	<p>PMK re-authentication threshold</p>
-      </li>
-
-      <li>
-	<h3>Dot11RSNAConfigSATimeout - s - (read/write)</h3>
-	<p>Security association timeout</p>
-      </li>
-
-      <li>
-	<h3>BssMaxCount - s - (read/write)</h3>
-	<p>Maximum number of BSS entries to keep in memory</p>
-      </li>
-
-      <li>
-	<h3>FilterSsids - s - (read/write)</h3>
-	<p>SSID-based scan result filtering</p>
-      </li>
-
-      <li>
-	<h3>FilterRssi - s - (read/write)</h3>
-	<p>RSSI-based scan result filtering</p>
-      </li>
-
-      <li>
-	<h3>MaxNumSta - s - (read/write)</h3>
-	<p>Maximum number of STAs in an AP/P2P GO</p>
-      </li>
-
-      <li>
-	<h3>DisassocLowAck - s - (read/write)</h3>
-	<p>Disassocicate stations with massive packet loss</p>
-      </li>
-
-      <li>
-	<h3>Interworking - s - (read/write)</h3>
-	<p>Whether Interworking (IEEE 802.11u) is enabled</p>
-      </li>
-
-      <li>
-	<h3>Hessid - s - (read/write)</h3>
-	<p>Homogeneous ESS identifier</p>
-      </li>
-
-      <li>
-	<h3>AccessNetworkType - s - (read/write)</h3>
-	<p>Access Network Type</p>
-      </li>
-
-      <li>
-	<h3>PbcInM1 - s - (read/write)</h3>
-	<p>AP mode WPS probing workaround for PBC with Windows 7</p>
-      </li>
-
-      <li>
-	<h3>Autoscan - s - (read/write)</h3>
-	<p>Automatic scan parameters or an empty string if none</p>
-      </li>
-
-      <li>
-	<h3>WpsNfcDevPwId - s - (read/write)</h3>
-	<p>NFC Device Password ID for password token</p>
-      </li>
-
-      <li>
-	<h3>WpsNfcDhPubkey - s - (read/write)</h3>
-	<p>NFC DH Public Key for password token</p>
-      </li>
-
-      <li>
-	<h3>WpsNfcDhPrivkey - s - (read/write)</h3>
-	<p>NFC DH Private Key for password token</p>
-      </li>
-
-      <li>
-	<h3>WpsNfcDevPw - s - (read/write)</h3>
-	<p>NFC Device Password for password token</p>
-      </li>
-
-      <li>
-	<h3>ExtPasswordBackend - s - (read/write)</h3>
-	<p>External password backend or an empty string if none</p>
-      </li>
-
-      <li>
-	<h3>P2pGoMaxInactivity - s - (read/write)</h3>
-	<p>Timeout in seconds to detect STA inactivity</p>
-      </li>
-
-      <li>
-	<h3>AutoInterworking - s - (read/write)</h3>
-	<p>Whether to use network selection automatically</p>
-      </li>
-
-      <li>
-	<h3>Okc - s - (read/write)</h3>
-	<p>Whether to enable opportunistic key caching by default</p>
-      </li>
-
-      <li>
-	<h3>Pmf - s - (read/write)</h3>
-	<p>Whether to enable/require PMF by default</p>
-      </li>
-
-      <li>
-	<h3>SaeGroups - s - (read/write)</h3>
-	<p>Preference list of enabled groups for SAE</p>
-      </li>
-
-      <li>
-	<h3>DtimPeriod - s - (read/write)</h3>
-	<p>Default DTIM period in Beacon intervals</p>
-      </li>
-
-      <li>
-	<h3>BeaconInt - s - (read/write)</h3>
-	<p>Default Beacon interval in TU</p>
-      </li>
-
-      <li>
-	<h3>IgnoreOldScanRes - s - (read/write)</h3>
-	<p>Ignore scan results older than request</p>
-      </li>
-
-      <li>
-	<h3>FreqList - s - (read/write)</h3>
-	<p>Array of allowed scan frequencies or an empty string for all</p>
-      </li>
-
-      <li>
-	<h3>ScanCurFreq - s - (read/write)</h3>
-	<p>Whether to scan only the current channel</p>
-      </li>
-
-      <li>
-	<h3>SchedScanInterval - s - (read/write)</h3>
-	<p>schedule scan interval</p>
-      </li>
-
-      <li>
-	<h3>TdlsExternalControl - s - (read/write)</h3>
-	<p>External control for TDLS setup requests</p>
-      </li>
-
-      <li>
-	<h3>OsuDir - s - (read/write)</h3>
-	<p>OSU provider information directory</p>
-      </li>
-
-      <li>
-	<h3>WowlanTriggers - s - (read/write)</h3>
-	<p>Wake-on-WLAN triggers</p>
-      </li>
-
-      <li>
-	<h3>P2pSearchDelay - s - (read/write)</h3>
-	<p>Extra delay between concurrent search iterations</p>
-      </li>
-
-      <li>
-	<h3>MacAddr - s - (read/write)</h3>
-	<p>MAC address policy default</p>
-      </li>
-
-      <li>
-	<h3>RandAddrLifetime - s - (read/write)</h3>
-	<p>Lifetime of random MAC address in seconds</p>
-      </li>
-
-      <li>
-	<h3>PreassocMacAddr - s - (read/write)</h3>
-	<p>Pre-association MAC address policy</p>
-      </li>
-
-      <li>
-	<h3>KeyMgmtOffload - s - (read/write)</h3>
-	<p>Use key management offload</p>
-      </li>
-
-      <li>
-	<h3>PassiveScan - s - (read/write)</h3>
-	<p>Whether to force passive scan for network connection</p>
-      </li>
-
-      <li>
-	<h3>ReassocSameBssOptim - s - (read/write)</h3>
-	<p>Whether to optimize reassoc-to-same-BSS</p>
-      </li>
-
-      <li>
-	<h3>WpsPriority - s - (read/write)</h3>
-	<p>Priority for the networks added through WPS</p>
-      </li>
-
-      <li>
-	<h3>MACAddressRandomizationMask - a{say} - (read/write)</h3>
-	<p>Masks to show which bits not to randomize with MAC address randomization. Possible keys are "scan", "sched_scan", and "pno". Values must be an array of 6 bytes.</p>
-	<p>When this property is set, the new dictionary replaces the old value, rather than merging them together. Leaving a key out of the dictionary will turn off MAC address randomization for that scan type.</p>
-      </li>
-    </ul>
-
-\subsection dbus_interface_signals Signals
-
-<ul>
-      <li>
-	<h3>ScanDone ( b : success )</h3>
-	<p>Scanning finished. </p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : success</dt>
-	  <dd>Determines if scanning was successful. If so, results are available.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>BSSAdded ( o : BSS, a{sv} : properties )</h3>
-	<p>Interface became aware of a new BSS.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : BSS</dt>
-	  <dd>A D-Bus path to an object representing the new BSS.</dd>
-	</dl>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary containing properties of added BSS.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>BSSRemoved ( o : BSS )</h3>
-	<p>BSS disappeared.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : BSS</dt>
-	  <dd>A D-Bus path to an object representing the BSS.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>BlobAdded ( s : blobName )</h3>
-	<p>A new blob has been added to the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : blobName</dt>
-	  <dd>A name of the added blob.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>BlobRemoved ( s : blobName )</h3>
-	<p>A blob has been removed from the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : blobName</dt>
-	  <dd>A name of the removed blob.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>NetworkAdded ( o : network, a{sv} : properties )</h3>
-	<p>A new network has been added to the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing the added network.</dd>
-	</dl>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary containing properties of added network.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>NetworkRemoved ( o : network )</h3>
-	<p>The network has been removed from the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing the removed network.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>NetworkSelected ( o : network )</h3>
-	<p>The network has been selected.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>A D-Bus path to an object representing the selected network.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>StaAuthorized ( s : mac )</h3>
-	<p>A new station has been authorized to the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : mac</dt>
-	  <dd>A mac address which has been authorized.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>StaDeauthorized ( s : mac )</h3>
-	<p>A station has been deauthorized to the interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : mac</dt>
-	  <dd>A mac address which has been deauthorized.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>StationAdded ( o : Station, a{sv} : properties )</h3>
-	<p>A new station has been added to the interface.</p>
-	<p>This signal complements StaAuthorized, passing the Station object and its properties.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : Station</dt>
-	  <dd>A D-Bus path to an object representing the new Station.</dd>
-	</dl>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary containing properties of added Station.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>StationRemoved ( o : Station )</h3>
-	<p>The station has been removed from the interface.</p>
-	<p>This signal complements StaDeauthorized, passing the Station object.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : Station</dt>
-	  <dd>A D-Bus path to an object representing the Station.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>PropertiesChanged ( a{sv} : properties )</h3>
-	<p>Some properties have changed.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary with pairs of properties names which have changed and theirs new values. Possible dictionary keys are: "ApScan", "Scanning", "State", "CurrentBSS", "CurrentNetwork"</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Certification ( a{sv} : parameters )</h3>
-	<p>Information about server TLS certificates.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : parameters</dt>
-	  <dd>A dictionary with pairs of field names and their values. Possible dictionary keys are: "depth", "subject", "altsubject", "cert_hash", "cert".</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>EAP ( s : status, s : parameter )</h3>
-	<p>Information about EAP peer status.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : status</dt>
-	  <dd>Operation, e.g., "started", "accept proposed method", "remote certificate verification", "eap parameter needed", "completion".</dd>
-	  <dt>s : parameter</dt>
-	  <dd>Information about the operation, e.g., EAP method name, "success".</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>NetworkRequest ( o : network, s : field, s : txt )</h3>
-	<p>Request for network parameter. NetworkResponse() is used to provide the requested parameter.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>o : network</dt>
-	  <dd>D-Bus path to an object representing the network.</dd>
-	  <dt>s : field</dt>
-	  <dd>Requested information, e.g., "PASSWORD".</dd>
-	  <dt>txt : field</dt>
-	  <dd>Human readable information about the requested information.</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>ProbeRequest ( a{sv} : args )</h3>
-	<p>Information about a received Probe Request frame. This signal is delivered only to a single application that has subscribed to received the events with SubscribeProbeReq().</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>A dictionary with pairs of field names and their values. Possible dictionary keys are: "addr", "dst", "bssid", "ies", "signal".</dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>InterworkingAPAdded ( o : bss, o : cred, a{sv} : args )</h3>
-      </li>
-
-      <li>
-	<h3>InterworkingSelectDone ( )</h3>
-      </li>
-    </ul>
-
-
-\section dbus_wps fi.w1.wpa_supplicant1.Interface.WPS
-
-Interface for performing WPS (Wi-Fi Simple Config) operations.
-
-\subsection dbus_wps_methods Methods
-
-<ul>
-      <li>
-	<h3>Start ( a{sv} : args ) --> a{sv} : output</h3>
-	<p>Starts WPS configuration. Note: When used with P2P groups, this needs to be issued on the GO group interface.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : args</dt>
-	  <dd>
-	    A dictionary with arguments used to start WPS configuration. The dictionary may contain the following entries:
-	    <table>
-	      <tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th>
-	      <tr><td>Role</td><td>s</td><td>The device's role. Possible values are "enrollee" and "registrar".</td><td>Yes</td>
-	      <tr><td>Type</td><td>s</td><td>WPS authentication type. Applies only for enrollee role. Possible values are "pin" and "pbc".</td><td>Yes, for enrollee role; otherwise no</td>
-	      <tr><td>Pin</td><td>s</td><td>WPS Pin.</td><td>Yes, for registrar role; otherwise optional</td>
-	      <tr><td>Bssid</td><td>ay</td><td>Note: This is used to specify the peer MAC address when authorizing WPS connection in AP or P2P GO role.</td><td>No</td>
-	      <tr><td>P2PDeviceAddress</td><td>ay</td><td>P2P Device Address of a peer to authorize for PBC connection. Used only in P2P GO role.</td><td>No</td>
-	    </table>
-	  </dd>
-	</dl>
-	<h4>Returns</h4>
-	<dl>
-	  <dt>a{sv} : output</dt>
-	  <dd>
-	    <table>
-	      <tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th>
-	      <tr><td>Pin</td><td>s</td><td>Newly generated PIN, if not specified for enrollee role and pin authentication type.</td><td>No</td>
-	    </table>
-	  </dd>
-	</dl>
-	<h4>Possible errors</h4>
-	<dl>
-	  <dt>fi.w1.wpa_supplicant1.UnknownError</dt>
-	  <dd>Starting WPS configuration failed for an unknown reason.</dd>
-	  <dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
-	  <dd>Invalid entries were found in the passed argument.</dd>
-	</dl>
-      </li>
-      <li>
-	<h3>Cancel ( nothing ) --> nothing</h3>
-	<p>Cancel ongoing WPS operation.</p>
-      </li>
-    </ul>
-
-\subsection dbus_wps_properties Properties
-
-<ul>
-      <li>
-	<h3>ProcessCredentials - b - (read/write)</h3>
-	<p>Determines if the interface will process the credentials (credentials_processed configuration file parameter).</p>
-      </li>
-      <li>
-	<h3>ConfigMethods - s - (read/write)</h3>
-	<p>The currently advertised WPS configuration methods. Available methods: usba ethernet label display ext_nfc_token int_nfc_token nfc_interface push_button keypad virtual_display physical_display virtual_push_button physical_push_button.</p>
-      </li>
-      <li>
-	<h3>DeviceName - s - (read/write)</h3>
-	<p>User-friendly description of device; up to 32 octets encoded in UTF-8.</p>
-      </li>
-      <li>
-	<h3>Manufacturer - s - (read/write)</h3>
-	<p>The manufacturer of the device (up to 64 ASCII characters).</p>
-      </li>
-      <li>
-	<h3>ModelName - s - (read/write)</h3>
-	<p>Model of the device (up to 32 ASCII characters).</p>
-      </li>
-      <li>
-	<h3>ModelNumber - s - (read/write)</h3>
-	<p>Additional device description (up to 32 ASCII characters).</p>
-      </li>
-      <li>
-	<h3>SerialNumber - s - (read/write)</h3>
-	<p>Serial number of the device (up to 32 characters).</p>
-      </li>
-      <li>
-	<h3>DeviceType - ay - (read/write)</h3>
-	<p>Device Type (8 octet value with 2 octet category, 4 octet OUI, 2 octet subcategory.</p>
-      </li>
-    </ul>
-
-\subsection dbus_wps_signals Signals
-
-<ul>
-      <li>
-	<h3>Event ( s : name, a{sv} : args )</h3>
-	<p>WPS event occurred.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>s : event</dt>
-	  <dd>Event type. Possible values are: "success, "fail", "m2d", and
-	  "pbc-overlap".</dd>
-	  <dt>a{sv} : args</dt>
-	  <dd>
-	    Event arguments. Empty for success and pbc-overlap events, error information ( "msg" : i, "config_error" : i, "error_indication" : i ) for fail event and following entries for m2d event:
-	    <table>
-	      <tr><th>config_methods</th><th>Value type</th>
-	      <tr><td>manufacturer</td><td>q</td>
-	      <tr><td>model_name</td><td>ay</td>
-	      <tr><td>model_number</td><td>ay</td>
-	      <tr><td>serial_number</td><td>ay</td>
-	      <tr><td>dev_name</td><td>ay</td>
-	      <tr><td>primary_dev_type</td><td>ay</td>
-	      <tr><td>config_error</td><td>q</td>
-	      <tr><td>dev_password_id</td><td>q</td>
-	    </table>
-	  </dd>
-	</dl>
-      </li>
-
-      <li>
-	<h3>Credentials ( a{sv} : credentials )</h3>
-	<p>WPS credentials. Dictionary contains:</p>
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th>
-	  <tr><td>BSSID</td><td>ay</td><td></td>
-	  <tr><td>SSID</td><td>s</td><td></td>
-	  <tr><td>AuthType</td><td>as</td><td>Possible array elements: "open", "shared", "wpa-psk", "wpa-eap", "wpa2-eap", "wpa2-psk"</td>
-	  <tr><td>EncrType</td><td>as</td><td>Possible array elements: "none", "wep", "tkip", "aes"</td>
-	  <tr><td>Key</td><td>ay</td><td>Key data</td>
-	  <tr><td>KeyIndex</td><td>u</td><td>Key index</td>
-	</table>
-      </li>
-
-      <li>
-	<h3>PropertiesChanged ( a{sv} : properties )</h3>
-	<p>Some properties have changed.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary with pairs of properties names which have changed and theirs new values. Possible dictionary keys are: "ProcessCredentials"</dd>
-	</dl>
-      </li>
-    </ul>
-
-
-\section dbus_p2pdevice fi.w1.wpa_supplicant1.Interface.P2PDevice
-
-Interface for performing P2P (Wi-Fi Peer-to-Peer) P2P Device operations.
-
-\subsection dbus_p2pdevice_methods Methods
-
-<ul>
-  <li>
-    <h3>Find ( a{sv} : args ) --> nothing</h3>
-    <p>Start P2P find operation (i.e., alternating P2P Search and Listen states to discover peers and be discoverable).</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the P2P find operation:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>Timeout</td><td>i</td><td>Timeout for operating in seconds</td><td>no</td></tr>
-	<tr><td>RequestedDeviceTypes</td><td>aay</td><td>WPS Device Types to search for</td><td>no</td></tr>
-	<tr><td>DiscoveryType</td><td>s</td><td>"start_with_full" (default, if not specified), "social", "progressive"</td><td>no</td></tr>
-	<tr><td>freq</td><td>i</td><td>Initial scan channel (frequency in MHz) for the start_with_full case to limit the initial scan to the specified channel</td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>StopFind ( nothing ) --> nothing</h3>
-    <p>Stop P2P find operation.</p>
-  </li>
-
-  <li>
-    <h3>Listen ( i : timeout ) --> nothing</h3>
-    <p>Start P2P listen operation (i.e., be discoverable).</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>i : timeout</dt>
-      <dd>Timeout in seconds for stopping the listen operation.</dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>ExtendedListen ( a{sv} : args ) --> nothing</h3>
-    <p>Configure Extended Listen Timing. If the parameters are omitted, this feature is disabled. If the parameters are included, Listen State will be entered every interval msec for at least period msec. Both values have acceptable range of 1-65535 (with interval obviously having to be larger than or equal to duration). If the P2P module is not idle at the time the Extended Listen Timing timeout occurs, the Listen State operation will be skipped.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for extended listen. Leave out all items to disable extended listen.
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>period</td><td>i</td><td>Extended listen period in milliseconds; 1-65535.</td><td>no</td></tr>
-	<tr><td>interval</td><td>i</td><td>Extended listen interval in milliseconds; 1-65535.</td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>PresenceRequest ( a{sv} : args ) --> nothing</h3>
-    <p>Request a specific GO presence in a P2P group where the local device is a P2P Client. Send a P2P Presence Request to the GO (this is only available when acting as a P2P client). If no duration/interval pairs are given, the request indicates that this client has no special needs for GO presence. The first parameter pair gives the preferred duration and interval values in microseconds. If the second pair is included, that indicates which value would be acceptable.
-    \note This needs to be issued on a P2P group interface if separate group interfaces are used.
-    \bug It would be cleaner to not require .P2PDevice methods to be issued on a group interface. In other words, args['group_object'] could be used to specify the group or this method could be moved to be a .Group PresenceRequest() method.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the presence request.
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>duration1</td><td>i</td><td>Duration in microseconds.</td><td>no</td></tr>
-	<tr><td>interval1</td><td>i</td><td>Interval in microseconds.</td><td>no</td></tr>
-	<tr><td>duration2</td><td>i</td><td>Duration in microseconds.</td><td>no</td></tr>
-	<tr><td>interval2</td><td>i</td><td>Interval in microseconds.</td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryRequest ( o : peer, s : config_method ) --> nothing</h3>
-  </li>
-
-  <li>
-    <h3>Connect ( a{sv} : args ) --> s : generated_pin</h3>
-    <p>Request a P2P group to be started through GO Negotiation or by joining an already operating group.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the requested connection:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>peer</td><td>o</td><td></td><td>yes</td></tr>
-	<tr><td>persistent</td><td>b</td><td>Whether to form a persistent group.</td><td>no</td></tr>
-	<tr><td>join</td><td>b</td><td>Whether to join an already operating group instead of forming a new group.</td><td>no</td></tr>
-	<tr><td>authorize_only</td><td>b</td><td>Whether to authorize a peer to initiate GO Negotiation instead of initiating immediately.</td><td>no</td></tr>
-	<tr><td>frequency</td><td>i</td><td>Operating frequency in MHz</td><td>no</td></tr>
-	<tr><td>go_intent</td><td>i</td><td>GO intent 0-15</td><td>no</td></tr>
-	<tr><td>wps_method</td><td>s</td><td>"pbc", "display", "keypad", "pin" (alias for "display")</td><td>yes</td></tr>
-	<tr><td>pin</td><td>s</td><td></td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>GroupAdd ( a{sv} : args ) --> nothing</h3>
-    <p>Request a P2P group to be started without GO Negotiation.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the requested group:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>persistent</td><td>b</td><td>Whether to form a persistent group.</td><td>no</td></tr>
-	<tr><td>persistent_group_object</td><td>o</td><td></td><td>no</td></tr>
-	<tr><td>frequency</td><td>i</td><td>Operating frequency in MHz</td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>Cancel ( nothing ) --> nothing</h3>
-    <p>Stop ongoing P2P group formation operation.</p>
-  </li>
-
-  <li>
-    <h3>Invite ( a{sv} : args ) --> nothing</h3>
-    <p>Invite a peer to join an already operating group or to re-invoke a persistent group.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the invitation:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>peer</td><td>o</td><td></td><td>yes</td></tr>
-	<tr><td>persistent_group_object</td><td>o</td><td></td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>Disconnect ( nothing ) --> nothing</h3>
-    <p>Terminate a P2P group.
-    \note This needs to be issued on a P2P group interface if separate group interfaces are used.
-    \bug It would be cleaner to not require .P2PDevice methods to be issued on a group interface. In other words, this would either need to be Disconnect(group_object) or moved to be a .Group Disconnect() method.</p>
-  </li>
-
-  <li>
-    <h3>RejectPeer ( o : peer ) --> nothing</h3>
-    <p>Reject connection attempt from a peer (specified with a device address). This is a mechanism to reject a pending GO Negotiation with a peer and request to automatically block any further connection or discovery of the peer.</p>
-  </li>
-
-  <li>
-    <h3>RemoveClient ( a{sv} : args ) --> nothing</h3>
-    <p>Remove the client from all groups (operating and persistent) from the local GO.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for removing a client:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>peer</td><td>o</td><td>Object path for peer's P2P Device Address</td><td>yes</td></tr>
-	<tr><td>iface</td><td>s</td><td>Interface address[MAC Address format] of the peer to be disconnected. Required if object path is not provided.</td><td>no</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>Flush ( nothing ) --> nothing</h3>
-    <p>Flush P2P peer table and state.</p>
-  </li>
-
-  <li>
-    <h3>AddService ( a{sv} : args ) --> nothing</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the service:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>service_type</td><td>s</td><td>"upnp", "bonjour"</td><td>yes</td></tr>
-	<tr><td>version</td><td>u</td><td>Required for UPnP services.</td><td>no</td></tr>
-	<tr><td>service</td><td>s</td><td></td><td></td></tr>
-	<tr><td>query</td><td>ay</td><td></td><td></td></tr>
-	<tr><td>response</td><td>ay</td><td></td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>DeleteService ( a{sv} : args ) --> nothing</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with parameters for the service:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>service_type</td><td>s</td><td>"upnp", "bonjour"</td><td>yes</td></tr>
-	<tr><td>version</td><td>u</td><td>Required for UPnP services.</td><td>no</td></tr>
-	<tr><td>service</td><td>s</td><td></td><td></td></tr>
-	<tr><td>query</td><td>ay</td><td></td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>FlushService ( nothing ) --> nothing</h3>
-  </li>
-
-  <li>
-    <h3>ServiceDiscoveryRequest ( a{sv} : args ) --> t : ref</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with following parameters:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>peer_object</td><td>o</td><td></td><td>no</td></tr>
-	<tr><td>service_type</td><td>s</td><td>"upnp"</td><td>no</td></tr>
-	<tr><td>version</td><td>u</td><td>Required for UPnP services.</td><td>no</td></tr>
-	<tr><td>service</td><td>s</td><td></td><td></td></tr>
-	<tr><td>tlv</td><td>ay</td><td></td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>ServiceDiscoveryResponse ( a{sv} : args ) --> nothing : ref</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with following parameters:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>peer_object</td><td>o</td><td></td><td>yes</td></tr>
-	<tr><td>frequency</td><td>i</td><td></td><td>yes</td></tr>
-	<tr><td>dialog_token</td><td>i</td><td></td><td>yes</td></tr>
-	<tr><td>tlvs</td><td>ay</td><td></td><td>yes</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>ServiceDiscoveryCancelRequest ( t : args ) --> nothing : ref</h3>
-  </li>
-
-  <li>
-    <h3>ServiceUpdate ( nothing ) --> nothing</h3>
-  </li>
-
-  <li>
-    <h3>ServiceDiscoveryExternal ( i : arg ) --> nothing</h3>
-  </li>
-
-  <li>
-    <h3>AddPersistentGroup ( a{sv} : args ) --> o : path</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>
-	A dictionary with following parameters:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
-	<tr><td>bssid</td><td>s</td><td>P2P Device Address of the GO in the persistent group.</td><td>yes</td></tr>
-	<tr><td>ssid</td><td>s</td><td>SSID of the group</td><td>yes</td></tr>
-	<tr><td>psk</td><td>s</td><td>Passphrase (on the GO and optionally on P2P Client) or PSK (on P2P Client if passphrase ise not known)</td><td>yes</td></tr>
-	<tr><td>mode</td><td>s</td><td>"3" on GO or "0" on P2P Client</td><td>yes</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>RemovePersistentGroup ( o : path ) --> nothing</h3>
-  </li>
-
-  <li>
-    <h3>RemoveAllPersistentGroups ( nothing ) --> nothing</h3>
-  </li>
-</ul>
-
-\subsection dbus_p2pdevice_properties Properties
-
-<ul>
-  <li>
-    <h3>P2PDeviceConfig - a{sv} - (read/write)</h3>
-    <p>Dictionary with following entries. On write, only the included values are changed.</p>
-    <table>
-    <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-    <tr><td>DeviceName</td><td>s</td><td></td></tr>
-    <tr><td>PrimaryDeviceType</td><td>ay</td><td></td></tr>
-    <tr><td>SecondaryDeviceTypes</td><td>aay</td><td></td></tr>
-    <tr><td>VendorExtension</td><td>aay</td><td></td></tr>
-    <tr><td>GOIntent</td><td>u</td><td></td></tr>
-    <tr><td>PersistentReconnect</td><td>b</td><td></td></tr>
-    <tr><td>ListenRegClass</td><td>u</td><td></td></tr>
-    <tr><td>ListenChannel</td><td>u</td><td></td></tr>
-    <tr><td>OperRegClass</td><td>u</td><td></td></tr>
-    <tr><td>OperChannel</td><td>u</td><td></td></tr>
-    <tr><td>SsidPostfix</td><td>s</td><td></td></tr>
-    <tr><td>IntraBss</td><td>b</td><td></td></tr>
-    <tr><td>GroupIdle</td><td>u</td><td></td></tr>
-    <tr><td>disassoc_low_ack</td><td>u</td><td></td></tr>
-    <tr><td>NoGroupIface</td><td>b</td><td></td></tr>
-    <tr><td>p2p_search_delay</td><td>u</td><td></td></tr>
-    </table>
-  </li>
-
-  <li>
-    <h3>Peers - ao - (read)</h3>
-  </li>
-
-  <li>
-    <h3>Role - s - (read)</h3>
-    <p>\bug What is this trying to indicate? It does not make much sense to have a P2PDevice property role since there can be multiple concurrent groups and the P2P Device role is always active anyway.</p>
-  </li>
-
-  <li>
-    <h3>Group - o - (read)</h3>
-    <p>\bug What is this trying to indicate? It does not make much sense to have a P2PDevice property Group since there can be multiple concurrent groups.</p>
-  </li>
-
-  <li>
-    <h3>PeerGO - o - (read)</h3>
-    <p>\bug What is this trying to indicate? It does not make much sense to have a P2PDevice property PeerGO since there can be multiple concurrent groups.</p>
-  </li>
-
-  <li>
-    <h3>PersistentGroups - ao - (read)</h3>
-  </li>
-</ul>
-
-\subsection dbus_p2pdevice_signals Signals
-
-<ul>
-  <li>
-    <h3>DeviceFound ( o : path )</h3>
-  </li>
-
-  <li>
-    <h3>DeviceFoundProperties ( o : path, a{sv} : properties )</h3>
-    <p>A new peer device has been found.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>o : path</dt>
-      <dd>A D-Bus path to an object representing the found peer device.</dd>
-    </dl>
-    <dl>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary containing properties of the found peer device.</dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>DeviceLost ( o : path )</h3>
-  </li>
-
-  <li>
-    <h3>FindStopped ( )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryRequestDisplayPin ( o : peer_object, s : pin )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryResponseDisplayPin ( o : peer_object, s : pin )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryRequestEnterPin ( o : peer_object )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryResponseEnterPin ( o : peer_object )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryPBCRequest ( o : peer_object )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryPBCResponse ( o : peer_object )</h3>
-  </li>
-
-  <li>
-    <h3>ProvisionDiscoveryFailure ( o : peer_object, i : status )</h3>
-  </li>
-
-  <li>
-    <h3>GroupStarted ( a{sv} : properties )</h3>
-    <p>A new P2P group was started or joined.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary with following information on the added group:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>interface_object</td><td>o</td><td>D-Bus path of the interface on which this group is operating on. See \ref dbus_interface.</td></tr>
-	  <tr><td>role</td><td>s</td><td>The role of the local device in the group: "GO" or "client".</td></tr>
-	  <tr><td>group_object</td><td>o</td><td>D-Bus path of the group. See \ref dbus_group.</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>GONegotiationSuccess ( a{sv} : properties )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>peer_object</td><td>o</td><td>D-Bus path of the peer. See \ref dbus_peer.</td></tr>
-	  <tr><td>status</td><td>i</td><td></td></tr>
-	  <tr><td>passphrase</td><td>s</td><td>Passphrase for the group. Included only if this device becomes the GO of the group.</td></tr>
-	  <tr><td>role_go</td><td>s</td><td>The role of the local device in the group: "GO" or "client".</td></tr>
-	  <tr><td>ssid</td><td>ay</td><td></td></tr>
-	  <tr><td>peer_device_addr</td><td>ay</td><td></td></tr>
-	  <tr><td>peer_interface_addr</td><td>ay</td><td></td></tr>
-	  <tr><td>wps_method</td><td>s</td><td></td></tr>
-	  <tr><td>frequency_list</td><td>ai</td><td></td></tr>
-	  <tr><td>persistent_group</td><td>i</td><td></td></tr>
-	  <tr><td>peer_config_timeout</td><td>u</td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>GONegotiationFailure ( a{sv} : properties )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>peer_object</td><td>o</td><td>D-Bus path of the peer. See \ref dbus_peer.</td></tr>
-	  <tr><td>status</td><td>i</td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>GONegotiationRequest ( o : path, q : dev_passwd_id, y : device_go_intent )</h3>
-  </li>
-
-  <li>
-    <h3>InvitationResult ( a{sv} : invite_result )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : invite_result</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>status</td><td>i</td><td></td></tr>
-	  <tr><td>BSSID</td><td>ay</td><td>Optionally present</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>GroupFinished ( a{sv} : properties )</h3>
-    <p>A P2P group was removed.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary with following information of the removed group:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>interface_object</td><td>o</td><td>D-Bus path of the interface on which this group is operating on. See \ref dbus_interface.</td></tr>
-	  <tr><td>role</td><td>s</td><td>The role of the local device in the group: "GO" or "client".</td></tr>
-	  <tr><td>group_object</td><td>o</td><td>D-Bus path of the group. See \ref dbus_group.</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>ServiceDiscoveryRequest ( a{sv} : sd_request )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : sd_request</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><td>peer_object</td><td>o</td><td></td></tr>
-	  <tr><td>frequency</td><td>i</td><td></td></tr>
-	  <tr><td>dialog_token</td><td>i</td><td></td></tr>
-	  <tr><td>update_indicator</td><td>q</td><td></td></tr>
-	  <tr><td>tlvs</td><td>ay</td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>ServiceDiscoveryResponse ( a{sv} : sd_response )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : sd_response</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><td>peer_object</td><td>o</td><td></td></tr>
-	  <tr><td>update_indicator</td><td>q</td><td></td></tr>
-	  <tr><td>tlvs</td><td>ay</td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>PersistentGroupAdded ( o : path, a{sv} : properties )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>o : path</dt>
-      <dd>D-Bus object path for the persistent group. See \ref dbus_persistent_group.</dd>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary with following information:
-	<table>
-	<tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	<tr><td>bssid</td><td>s</td><td>P2P Device Address of the GO in the persistent group.</td></tr>
-	<tr><td>ssid</td><td>s</td><td>SSID of the group</td></tr>
-	<tr><td>psk</td><td>s</td><td>Passphrase (on the GO and optionally on P2P Client) or PSK (on P2P Client if passphrase ise not known)</td></tr>
-	<tr><td>disabled</td><td>s</td><td>Set to "2" to indicate special network block use as a P2P persistent group information</td></tr>
-	<tr><td>mode</td><td>s</td><td>"3" on GO or "0" on P2P Client</td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>PersistentGroupRemoved ( o : path )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>o : path</dt>
-      <dd>D-Bus object path for the persistent group. See \ref dbus_persistent_group.</dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>WpsFailed ( s : name, a{sv} : args )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>s : name</dt>
-      <dd>"fail"</dd>
-      <dt>a{sv} : args</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>msg</td><td>i</td><td></td></tr>
-	  <tr><td>config_error</td><td>n</td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>InvitationReceived ( a{sv} : properties )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : properties</dt>
-      <dd>A dictionary with following information:
-	<table>
-	  <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-	  <tr><td>sa</td><td>ay</td><td>Optionally present</td></tr>
-	  <tr><td>go_dev_addr</td><td>ay</td><td>Optionally present</td></tr>
-	  <tr><td>bssid</td><td>ay</td><td>Optionally present</td></tr>
-	  <tr><td>persistent_id</td><td>i</td><td>Optionally present</td></tr>
-	  <tr><td>op_freq</td><td>i</td><td></td></tr>
-	</table>
-      </dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>GroupFormationFailure ( s : reason )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>s : reason</dt>
-      <dd>Reason for failure or empty string if not known.</dd>
-    </dl>
-  </li>
-</ul>
-
-\section dbus_bss fi.w1.wpa_supplicant1.BSS
-
-Interface implemented by objects representing a scanned BSSs, i.e.,
-scan results.
-
-\subsection dbus_bss_properties Properties
-
-<ul>
-      <li>
-	<h3>BSSID - ay - (read)</h3>
-	<p>BSSID of the BSS.</p>
-      </li>
-      <li>
-	<h3>SSID - ay - (read)</h3>
-	<p>SSID of the BSS.</p>
-      </li>
-      <li>
-	<h3>WPA - a{sv} - (read)</h3>
-	<p>WPA information of the BSS. Empty dictionary indicates no WPA support. Dictionary entries are:</p>
-	<table>
-	  <tr><td>KeyMgmt</td><td>as</td><td>Key management suite. Possible array elements: "wpa-psk", "wpa-eap", "wpa-none"</td>
-	  <tr><td>Pairwise</td><td>as</td><td>Pairwise cipher suites. Possible array elements: "ccmp", "tkip"</td>
-	  <tr><td>Group</td><td>s</td><td>Group cipher suite. Possible values are: "ccmp", "tkip", "wep104", "wep40"</td>
-	</table>
-      </li>
-      <li>
-	<h3>RSN - a{sv} - (read)</h3>
-	<p>RSN information of the BSS. Empty dictionary indicates no RSN support. Dictionary entries are:</p>
-	<table>
-	  <tr><td>KeyMgmt</td><td>as</td><td>Key management suite. Possible array elements: "wpa-psk", "wpa-ft-psk", "wpa-psk-sha256", "wpa-eap", "wpa-ft-eap", "wpa-eap-sha256", "wpa-eap-suite-b", "wpa-eap-suite-b-192", "wpa-fils-sha256", "wpa-fils-sha384", "wpa-ft-fils-sha256", "wpa-ft-fils-sha384", "sae", "ft-sae", "wpa-none"</td>
-	  <tr><td>Pairwise</td><td>as</td><td>Pairwise cipher suites. Possible array elements: "ccmp", "tkip"</td>
-	  <tr><td>Group</td><td>s</td><td>Group cipher suite. Possible values are: "ccmp", "tkip", "wep104", "wep40"</td>
-	  <tr><td>MgmtGroup</td><td>s</td><td>Management frames cipher suite. Possible values are: "aes128cmac"</td>
-	</table>
-      </li>
-      <li>
-	<h3>WPS - a{sv} - (read)</h3>
-	<p>WPS information of the BSS. Empty dictionary indicates no WPS support. Dictionary entries are:</p>
-	<table>
-	  <tr><td>Type</td><td>s</td><td>"pbc", "pin", ""</td>
-	</table>
-      </li>
-      <li>
-	<h3>IEs - ay - (read)</h3>
-	<p>All IEs of the BSS as a chain of TLVs</p>
-      </li>
-      <li>
-	<h3>Privacy - b - (read)</h3>
-	<p>Indicates if BSS supports privacy.</p>
-      </li>
-      <li>
-	<h3>Mode - s - (read)</h3>
-	<p>Describes mode of the BSS. Possible values are: "ad-hoc" and "infrastructure".</p>
-      </li>
-      <li>
-	<h3>Frequency - q - (read)</h3>
-	<p>Frequency of the BSS in MHz.</p>
-      </li>
-      <li>
-	<h3>Rates - au - (read)</h3>
-	<p>Descending ordered array of rates supported by the BSS in bits per second.</p>
-      </li>
-      <li>
-	<h3>Signal - n - (read)</h3>
-	<p>Signal strength of the BSS.</p>
-      </li>
-      <li>
-	<h3>Age - u - (read)</h3>
-	<p>Number of seconds since the BSS was last seen.</p>
-      </li>
-    </ul>
-
-\subsection dbus_bss_signals Signals
-
-<ul>
-      <li>
-	<h3>PropertiesChanged ( a{sv} : properties )</h3>
-	<p>Some properties have changed.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary with pairs of properties names which have changed and theirs new values.</dd>
-	</dl>
-      </li>
-    </ul>
-
-
-\section dbus_network fi.w1.wpa_supplicant1.Network
-
-Interface implemented by objects representing configured networks,
-i.e., returned by fi.w1.wpa_supplicant1.Interface.AddNetwork.
-
-\subsection dbus_network_properties Properties
-
-<ul>
-      <li>
-	<h3>Enabled - b - (read/write)</h3>
-	<p>Determines if the configured network is enabled or not.</p>
-      </li>
-
-      <li>
-	<h3>Properties - a{sv} - (read/write)</h3>
-	<p>Properties of the configured network. Dictionary contains entries from "network" block of wpa_supplicant configuration file. All values are string type, e.g., frequency is "2437", not 2437. When setting the properties, use the same format as for the AddNetwork() function.</p>
-      </li>
-    </ul>
-
-\subsection dbus_network_signals Signals
-
-<ul>
-      <li>
-	<h3>PropertiesChanged ( a{sv} : properties )</h3>
-	<p>Some properties have changed.</p>
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary with pairs of properties names which have changed and theirs new values. Possible dictionary keys are: "Enabled"</dd>
-	</dl>
-      </li>
-    </ul>
-
-\section dbus_peer fi.w1.wpa_supplicant1.Peer
-
-Interface implemented by objects representing P2P peer devices.
-
-\subsection dbus_peer_properties Properties
-
-<ul>
-  <li>
-    <h3>DeviceName - s - (read)</h3>
-  </li>
-
-  <li>
-    <h3>Manufacturer - s - (read)</h3>
-  </li>
-
-  <li>
-    <h3>ModelName - s - (read)</h3>
-  </li>
-
-  <li>
-    <h3>ModelNumber - s - (read)</h3>
-  </li>
-
-  <li>
-    <h3>SerialNumber - s - (read)</h3>
-  </li>
-
-  <li>
-    <h3>PrimaryDeviceType - ay - (read)</h3>
-  </li>
-
-  <li>
-    <h3>config_method - q - (read)</h3>
-  </li>
-
-  <li>
-    <h3>level - i - (read)</h3>
-  </li>
-
-  <li>
-    <h3>devicecapability - y - (read)</h3>
-  </li>
-
-  <li>
-    <h3>groupcapability - y - (read)</h3>
-    <p>Group Capability field from the last frame from which this peer information was updated.
-    \note This field is only for debugging purposes and must not be used to determine whether the peer happens to be operating a group as a GO at the moment.
-    </p>
-  </li>
-
-  <li>
-    <h3>SecondaryDeviceTypes - aay - (read)</h3>
-  </li>
-
-  <li>
-    <h3>VendorExtension - aay - (read)</h3>
-  </li>
-
-  <li>
-    <h3>IEs - ay - (read)</h3>
-    <p>This is a confusingly named property that includes Wi-Fi Display subelements from the peer.
-    \bug This should really be renamed since "IEs" means something completely different..
-    </p>
-  </li>
-
-  <li>
-    <h3>DeviceAddress - ay - (read)</h3>
-    <p>The P2P Device Address of the peer.</p>
-  </li>
-
-  <li>
-    <h3>Groups - ao - (read)</h3>
-    <p>The current groups in which this peer is connected.</p>
-  </li>
-</ul>
-
-\subsection dbus_peer_signals Signals
-
-<ul>
-  <li>
-    <h3>PropertiesChanged ( a{sv} : properties )</h3>
-    <p>Some properties have changed.
-    \deprecated Use org.freedesktop.DBus.Properties.PropertiesChanged instead.</p>
-    \todo Explain how ProertiesChanged signals are supposed to be of any real use with Peer objects (i.e., one signal for multiple peers).
-	<h4>Arguments</h4>
-	<dl>
-	  <dt>a{sv} : properties</dt>
-	  <dd>A dictionary with pairs of properties names which have changed and their new values.</dd>
-	</dl>
-      </li>
-    </ul>
-
-\section dbus_group fi.w1.wpa_supplicant1.Group
-
-Interface implemented by objects representing active P2P groups.
-
-\subsection dbus_group_properties Properties
-
-<ul>
-  <li>
-    <h3>Members - ao - (read)</h3>
-    <p>Array of D-Bus object paths for the peer devices that are currently connected to the group. This is valid only on the GO device. An empty array is returned in P2P Client role.
-  </li>
-
-  <li>
-    <h3>Group - o - (read)</h3>
-    <p>\todo Why is this here? This D-Bus object path is to this specific group and one needs to know it to fetching this information in the first place..
-    </p>
-  </li>
-
-  <li>
-    <h3>Role - s - (read)</h3>
-    <p>The role of this device in the group: "GO", "client".</p>
-  </li>
-
-  <li>
-    <h3>SSID - ay - (read)</h3>
-    <p>P2P Group SSID.</p>
-  </li>
-
-  <li>
-    <h3>BSSID - ay - (read)</h3>
-    <p>P2P Group BSSID (the P2P Interface Address of the GO).</p>
-  </li>
-
-  <li>
-    <h3>Frequency - q - (read)</h3>
-    <p>The frequency (in MHz) of the group operating channel.</p>
-  </li>
-
-  <li>
-    <h3>Passphrase - s - (read)</h3>
-    <p>Passphrase used in the group. This is always available on the GO. For P2P Client role, this may be available depending on whether the peer GO provided the passphrase during the WPS provisioning step. If not available, an empty string is returned.</p>
-  </li>
-
-  <li>
-    <h3>PSK - ay - (read)</h3>
-    <p>PSK used in the group.</p>
-  </li>
-
-  <li>
-    <h3>WPSVendorExtensions - aay - (read/write)</h3>
-    <p>WPS vendor extension attributes used on the GO. This is valid only the in the GO role. An empty array is returned in P2P Client role. At maximum, 10 separate vendor extension byte arrays can be configured. The GO device will include the configured attributes in WPS exchanges.</p>
-  </li>
-</ul>
-
-\subsection dbus_group_signals Signals
-
-<ul>
-  <li>
-    <h3>PeerJoined ( o : peer )</h3>
-    <p>A peer device has joined the group. This is indicated only on the GO device.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>o : peer</dt>
-      <dd>A D-Bus path to the object representing the peer. See \ref dbus_peer.</dd>
-    </dl>
-  </li>
-
-  <li>
-    <h3>PeerDisconnected ( o : peer )</h3>
-    <p>A peer device has left the group. This is indicated only on the GO device.</p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>o : peer</dt>
-      <dd>A D-Bus path to the object representing the peer. See \ref dbus_peer.</dd>
-    </dl>
-  </li>
-</ul>
-
-\section dbus_persistent_group fi.w1.wpa_supplicant1.PersistentGroup
-
-Interface implemented by objects representing persistent P2P groups.
-
-\subsection dbus_persistent_group_properties Properties
-
-<ul>
-  <li>
-    <h3>Properties - a{sv} - (read/write)</h3>
-    <p>Properties of the persistent group. These are same properties as in the \ref dbus_network. When writing this, only the entries to be modified are included, i.e., any item that is not included will be left at its existing value. The following entries are used for persistent groups:</p>
-    <table>
-      <tr><th>Key</th><th>Value type</th><th>Description</th></tr>
-      <tr><td>bssid</td><td>s</td><td>P2P Device Address of the GO in the persistent group.</td></tr>
-      <tr><td>ssid</td><td>s</td><td>SSID of the group</td></tr>
-      <tr><td>psk</td><td>s</td><td>Passphrase (on the GO and optionally on P2P Client) or PSK (on P2P Client if passphrase ise not known)</td></tr>
-      <tr><td>disabled</td><td>s</td><td>Set to "2" to indicate special network block use as a P2P persistent group information</td></tr>
-      <tr><td>mode</td><td>s</td><td>"3" on GO or "0" on P2P Client</td></tr>
-    </table>
-  </li>
-</ul>
-
-\section dbus_mesh fi.w1.wpa_supplicant1.Interface.Mesh
-
-Interface for performing mesh operations.
-
-\subsection dbus_mesh_properties Properties
-
-<ul>
-  <li>
-    <h3>MeshPeers - aay - (read)</h3>
-  </li>
-
-  <li>
-    <h3>MeshGroup - ay - (read)</h3>
-  </li>
-</ul>
-
-\subsection dbus_mesh_signals Signals
-
-<ul>
-  <li>
-    <h3>MeshGroupStarted ( a{sv} : args )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>A dictionary containing information of the started mesh group.</dd>
-    </dl>
-  </li>
-  <li>
-    <h3>MeshGroupRemoved ( a{sv} : args )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>A dictionary containing information of the removed mesh group.</dd>
-    </dl>
-  </li>
-  <li>
-    <h3>MeshPeerConnected ( a{sv} : args )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>A dictionary containing information of the connected mesh peer.</dd>
-    </dl>
-  </li>
-  <li>
-    <h3>MeshPeerDisconnected ( a{sv} : args )</h3>
-    <p></p>
-    <h4>Arguments</h4>
-    <dl>
-      <dt>a{sv} : args</dt>
-      <dd>A dictionary containing information of the disconnected mesh peer.</dd>
-    </dl>
-  </li>
-</ul>
-
-*/
diff --git a/doc/directories.doxygen b/doc/directories.doxygen
deleted file mode 100644
index 15e5bdae463c..000000000000
--- a/doc/directories.doxygen
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
-
-\dir hostapd hostapd
-
-hostapd-specific code for configuration, control interface, and AP
-management.
-
-
-\dir src/common Common functionality
-
-This module includes IEEE 802.11, IEEE 802.1X, and WPA related
-functionality that is shared between AP and station modes.
-
-
-\dir src/crypto Cryptographical functionality and wrappers
-
-This module defines crypto and tls interfaces to provide portability
-layer for different crypto/TLS libraries. Wrappers for number of
-libraries are also included here. In addition, internal implementation
-of various crypto functions are provided as an alternative for an
-external library and to extend some algorithms.
-
-
-\dir src/drivers Driver wrappers
-
-This directory includes the driver interface definition and all the
-driver wrappers that can be used to interact with different drivers
-without making rest of the software dependent on which particular
-driver is used.
-
-
-\dir src/eap_common Common EAP functionality for server and peer
-
-
-\dir src/eap_peer EAP peer
-
-
-\dir src/eap_server EAP server
-
-
-\dir src/eapol_auth EAPOL authenticator
-
-
-\dir src/eapol_supp EAPOL supplicant
-
-
-\dir src/l2_packet Layer 2 packet interface
-
-This module defines an interface for layer 2 (link layer) packet
-sendinf and receiving. All the wrappers for supported mechanisms are
-also included here. This is used to port packet access for new
-operating systems without having to make rest of the source code
-depend on which OS network stack is used.
-
-
-\dir src/radius RADIUS
-
-RADIUS module includes RADIUS message building and parsing
-functionality and separate RADIUS client and server functions.
-
-
-\dir src/rsn_supp IEEE 802.11 RSN and WPA supplicant
-
-
-\dir src/tls Internal TLS server and client implementation
-
-This module can be used as an alternative to using an external TLS
-library.
-
-
-\dir src/utils Utility functions
-
-Independent set of helper functions that most other components
-use. This includes portability wrappers and helpers for common tasks.
-
-
-\dir src/wps Wi-Fi Protected Setup
-
-This directory includes Wi-Fi Protected Setup functions for Registrar
-(both internal in an AP and an External Registrar and
-Enrollee. Minimal UPnP and HTTP functionality is also provided for the
-functionality needed to implement Wi-Fi Protected Setup.
-
-
-\dir wpa_supplicant wpa_supplicant
-
-wpa_supplicant-specific code for configuration, control interface, and
-client management.
-
-*/
diff --git a/doc/doxygen.conf b/doc/doxygen.conf
deleted file mode 100644
index 3f01173930c4..000000000000
--- a/doc/doxygen.conf
+++ /dev/null
@@ -1,1547 +0,0 @@
-# Doxyfile 1.6.1
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-#       TAG = value [value, ...]
-# For lists items can also be appended using:
-#       TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# This tag specifies the encoding used for all characters in the config file
-# that follow. The default is UTF-8 which is also the encoding used for all
-# text before the first occurrence of this tag. Doxygen uses libiconv (or the
-# iconv built into libc) for the transcoding. See
-# http://www.gnu.org/software/libiconv for the list of possible encodings.
-
-DOXYFILE_ENCODING      = UTF-8
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
-# by quotes) that should identify the project.
-
-PROJECT_NAME           = "wpa_supplicant / hostapd"
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER         = 2.9
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY       = doc
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
-# 4096 sub-directories (in 2 levels) under the output directory of each output
-# format and will distribute the generated files over these directories.
-# Enabling this option can be useful when feeding doxygen a huge amount of
-# source files, where putting all generated files in the same directory would
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS         = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
-# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
-# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
-# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian,
-# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak,
-# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
-
-OUTPUT_LANGUAGE        = English
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC      = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF           = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator
-# that is used to form the text in various listings. Each string
-# in this list, if found as the leading text of the brief description, will be
-# stripped from the text and the result after processing the whole list, is
-# used as the annotated text. Otherwise, the brief description is used as-is.
-# If left blank, the following values are used ("$name" is automatically
-# replaced with the name of the entity): "The $name class" "The $name widget"
-# "The $name file" "is" "provides" "specifies" "contains"
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF       =
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC    = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
-# inherited members of a class in the documentation of that class as if those
-# members were ordinary class members. Constructors, destructors and assignment
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB  = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES        = YES
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user-defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. The tag can be used to show relative paths in the file list.
-# If left blank the directory from which doxygen is run is used as the
-# path to strip.
-
-STRIP_FROM_PATH        =
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
-# the path mentioned in the documentation of a class, which tells
-# the reader which header file to include in order to use a class.
-# If left blank only the name of the header file containing the class
-# definition is used. Otherwise one should specify the include paths that
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH    =
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful is your file systems
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES            = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like regular Qt-style comments
-# (thus requiring an explicit @brief command for a brief description.)
-
-JAVADOC_AUTOBRIEF      = NO
-
-# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
-# interpret the first line (until the first dot) of a Qt-style
-# comment as the brief description. If set to NO, the comments
-# will behave just like regular Qt-style comments (thus requiring
-# an explicit \brief command for a brief description.)
-
-QT_AUTOBRIEF           = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# re-implements.
-
-INHERIT_DOCS           = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
-# a new page for each member. If set to NO, the documentation of a member will
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES  = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE               = 8
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user-defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES                =
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
-# sources only. Doxygen will then generate output that is more tailored for C.
-# For instance, some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C  = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
-# sources only. Doxygen will then generate output that is more tailored for
-# Java. For instance, namespaces will be presented as packages, qualified
-# scopes will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA   = NO
-
-# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
-# sources only. Doxygen will then generate output that is more tailored for
-# Fortran.
-
-OPTIMIZE_FOR_FORTRAN   = NO
-
-# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
-# sources. Doxygen will then generate output that is tailored for
-# VHDL.
-
-OPTIMIZE_OUTPUT_VHDL   = NO
-
-# Doxygen selects the parser to use depending on the extension of the files it parses.
-# With this tag you can assign which parser to use for a given extension.
-# Doxygen has a built-in mapping, but you can override or extend it using this tag.
-# The format is ext=language, where ext is a file extension, and language is one of
-# the parsers supported by doxygen: IDL, Java, Javascript, C#, C, C++, D, PHP,
-# Objective-C, Python, Fortran, VHDL, C, C++. For instance to make doxygen treat
-# .inc files as Fortran files (default is PHP), and .f files as C (default is Fortran),
-# use: inc=Fortran f=C. Note that for custom extensions you also need to set FILE_PATTERNS otherwise the files are not read by doxygen.
-
-EXTENSION_MAPPING      =
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
-# to include (a tag file for) the STL sources as input, then you should
-# set this tag to YES in order to let doxygen match functions declarations and
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
-# func(std::string) {}). This also make the inheritance and collaboration
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT    = NO
-
-# If you use Microsoft's C++/CLI language, you should set this option to YES to
-# enable parsing support.
-
-CPP_CLI_SUPPORT        = NO
-
-# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
-# Doxygen will parse them like normal C++ but will assume all classes use public
-# instead of private inheritance when no explicit protection keyword is present.
-
-SIP_SUPPORT            = NO
-
-# For Microsoft's IDL there are propget and propput attributes to indicate getter
-# and setter methods for a property. Setting this option to YES (the default)
-# will make doxygen to replace the get and set methods by a property in the
-# documentation. This will only work if the methods are indeed getting or
-# setting a simple type. If this is not the case, or you want to show the
-# methods anyway, you should set this option to NO.
-
-IDL_PROPERTY_SUPPORT   = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC   = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
-# the same type (for instance a group of public functions) to be put as a
-# subgroup of that type (e.g. under the Public Functions section). Set it to
-# NO to prevent subgrouping. Alternatively, this can be done per class using
-# the \nosubgrouping command.
-
-SUBGROUPING            = YES
-
-# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
-# is documented as struct, union, or enum with the name of the typedef. So
-# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
-# with name TypeT. When disabled the typedef will appear as a member of a file,
-# namespace, or class. And the struct will be named TypeS. This can typically
-# be useful for C code in case the coding convention dictates that all compound
-# types are typedef'ed and only the typedef is referenced, never the tag name.
-
-TYPEDEF_HIDES_STRUCT   = NO
-
-# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to
-# determine which symbols to keep in memory and which to flush to disk.
-# When the cache is full, less often used symbols will be written to disk.
-# For small to medium size projects (<1000 input files) the default value is
-# probably good enough. For larger projects a too small cache size can cause
-# doxygen to be busy swapping symbols to and from disk most of the time
-# causing a significant performance penalty.
-# If the system has enough physical memory increasing the cache will improve the
-# performance by keeping more symbols in memory. Note that the value works on
-# a logarithmic scale so increasing the size by one will roughly double the
-# memory usage. The cache size is given by this formula:
-# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
-# corresponding to a cache size of 2^16 = 65536 symbols
-
-SYMBOL_CACHE_SIZE      = 0
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL            = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE        = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC         = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES  = YES
-
-# This flag is only useful for Objective-C code. When set to YES local
-# methods, which are defined in the implementation section but not in
-# the interface are included in the documentation.
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS  = NO
-
-# If this flag is set to YES, the members of anonymous namespaces will be
-# extracted and appear in the documentation as a namespace called
-# 'anonymous_namespace{file}', where file will be replaced with the base
-# name of the file that contains the anonymous namespace. By default
-# anonymous namespace are hidden.
-
-EXTRACT_ANON_NSPACES   = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS     = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these classes will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES     = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS  = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS      = NO
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS          = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower-case letters. If set to YES upper-case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES       = YES
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES       = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put a list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES     = YES
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO            = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS       = YES
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
-# brief documentation of file, namespace and class members alphabetically
-# by member name. If set to NO (the default) the members will appear in
-# declaration order.
-
-SORT_BRIEF_DOCS        = NO
-
-# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the (brief and detailed) documentation of class members so that constructors and destructors are listed first. If set to NO (the default) the constructors will appear in the respective orders defined by SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
-
-SORT_MEMBERS_CTORS_1ST = NO
-
-# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
-# hierarchy of group names into alphabetical order. If set to NO (the default)
-# the group names will appear in their defined order.
-
-SORT_GROUP_NAMES       = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
-# sorted by fully-qualified names, including namespaces. If set to
-# NO (the default), the class list will be sorted only by class name,
-# not including the namespace part.
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME     = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST      = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST      = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST       = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS       =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or define consists of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and defines in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES  = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES        = YES
-
-# If the sources in your project are distributed over multiple directories
-# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
-# in the documentation. The default is NO.
-
-SHOW_DIRECTORIES       = YES
-
-# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
-# This will remove the Files entry from the Quick Index and from the
-# Folder Tree View (if specified). The default is YES.
-
-SHOW_FILES             = YES
-
-# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
-# Namespaces page.
-# This will remove the Namespaces entry from the Quick Index
-# and from the Folder Tree View (if specified). The default is YES.
-
-SHOW_NAMESPACES        = YES
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that
-# doxygen should invoke to get the current version for each file (typically from
-# the version control system). Doxygen will invoke the program by executing (via
-# popen()) the command <command> <input-file>, where <command> is the value of
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
-# provided by doxygen. Whatever the program writes to standard output
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER    =
-
-# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed by
-# doxygen. The layout file controls the global structure of the generated output files
-# in an output format independent way. The create the layout file that represents
-# doxygen's defaults, run doxygen with the -l option. You can optionally specify a
-# file name after the option, if omitted DoxygenLayout.xml will be used as the name
-# of the layout file.
-
-LAYOUT_FILE            =
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET                  = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS               = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED   = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR      = YES
-
-# This WARN_NO_PARAMDOC option can be abled to get warnings for
-# functions that are documented, but have no documentation for their parameters
-# or return value. If set to NO (the default) doxygen will only warn about
-# wrong or incomplete parameter documentation, but not about the absence of
-# documentation.
-
-WARN_NO_PARAMDOC       = YES
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text. Optionally the format may contain
-# $version, which will be replaced by the version of the file (if it could
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT            = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE           = doc/doxygen.warnings
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT                  = \
-	doc \
-	hostapd \
-	wpa_supplicant \
-	wpa_supplicant/dbus \
-	eap_example \
-	src/ap \
-	src/common \
-	src/crypto \
-	src/drivers \
-	src/eap_common \
-	src/eapol_auth \
-	src/eapol_supp \
-	src/eap_peer \
-	src/eap_server \
-	src/l2_packet \
-	src/p2p \
-	src/pae \
-	src/radius \
-	src/rsn_supp \
-	src/tls \
-	src/utils \
-	src/wps
-
-# This tag can be used to specify the character encoding of the source files
-# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
-# also the default input encoding. Doxygen uses libiconv (or the iconv built
-# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
-# the list of possible encodings.
-
-INPUT_ENCODING         = UTF-8
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
-# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
-
-FILE_PATTERNS          = *.c *.h *.cpp *.m *.doxygen
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE              = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE                =
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
-# directories that are symbolic links (a Unix filesystem feature) are excluded
-# from the input.
-
-EXCLUDE_SYMLINKS       = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories. Note that the wildcards are matched
-# against the file with absolute path, so to exclude all test directories
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS       =
-
-# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
-# (namespaces, classes, functions, etc.) that should be excluded from the
-# output. The symbol name can be a fully qualified name, a word, or if the
-# wildcard * is used, a substring. Examples: ANamespace, AClass,
-# AClass::ANamespace, ANamespace::*Test
-
-EXCLUDE_SYMBOLS        =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH           =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS       =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE      = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH             = doc
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-# If FILTER_PATTERNS is specified, this tag will be
-# ignored.
-
-# You can download the filter tool from
-# http://w1.fi/tools/kerneldoc2doxygen-hostap.pl
-INPUT_FILTER           = kerneldoc2doxygen-hostap.pl
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
-# basis.
-# Doxygen will compare the file name with each pattern and apply the
-# filter if there is a match.
-# The filters are a list of the form:
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
-# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
-# is applied to all files.
-
-FILTER_PATTERNS        =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES    = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-# Note: To get rid of all source code in the generated output, make sure also
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER         = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES         = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS    = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = NO
-
-# If the REFERENCES_RELATION tag is set to YES
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION    = NO
-
-# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
-# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
-# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
-# link to the source code.
-# Otherwise they will link to the documentation.
-
-REFERENCES_LINK_SOURCE = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code
-# will point to the HTML generated by the htags(1) tool instead of doxygen
-# built-in source browser. The htags tool is part of GNU's global source
-# tagging system (see http://www.gnu.org/software/global/global.html). You
-# will need version 4.8.6 or higher.
-
-USE_HTAGS              = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS       = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX     = YES
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX    = 3
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX          =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML          = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT            = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION    = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header.
-
-HTML_HEADER            =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER            =
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet. Note that doxygen will try to copy
-# the style sheet file to the HTML output directory, so don't put your own
-# stylesheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET        =
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
-# files or namespaces will be aligned in HTML using tables. If set to
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS     = YES
-
-# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
-# documentation will contain sections that can be hidden and shown after the
-# page has loaded. For this to work a browser that supports
-# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
-# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
-
-HTML_DYNAMIC_SECTIONS  = NO
-
-# If the GENERATE_DOCSET tag is set to YES, additional index files
-# will be generated that can be used as input for Apple's Xcode 3
-# integrated development environment, introduced with OSX 10.5 (Leopard).
-# To create a documentation set, doxygen will generate a Makefile in the
-# HTML output directory. Running make will produce the docset in that
-# directory and running "make install" will install the docset in
-# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
-# it at startup.
-# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html for more information.
-
-GENERATE_DOCSET        = NO
-
-# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
-# feed. A documentation feed provides an umbrella under which multiple
-# documentation sets from a single provider (such as a company or product suite)
-# can be grouped.
-
-DOCSET_FEEDNAME        = "Doxygen generated docs"
-
-# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
-# should uniquely identify the documentation set bundle. This should be a
-# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
-# will append .docset to the name.
-
-DOCSET_BUNDLE_ID       = org.doxygen.Project
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP      = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output directory.
-
-CHM_FILE               =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION           =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI           = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
-# is used to encode HtmlHelp index (hhk), content (hhc) and project file
-# content.
-
-CHM_INDEX_ENCODING     =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC             = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND             = NO
-
-# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and QHP_VIRTUAL_FOLDER
-# are set, an additional index file will be generated that can be used as input for
-# Qt's qhelpgenerator to generate a Qt Compressed Help (.qch) of the generated
-# HTML documentation.
-
-GENERATE_QHP           = NO
-
-# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
-# be used to specify the file name of the resulting .qch file.
-# The path specified is relative to the HTML output folder.
-
-QCH_FILE               =
-
-# The QHP_NAMESPACE tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#namespace
-
-QHP_NAMESPACE          =
-
-# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#virtual-folders
-
-QHP_VIRTUAL_FOLDER     = doc
-
-# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to add.
-# For more information please see
-# http://doc.trolltech.com/qthelpproject.html#custom-filters
-
-QHP_CUST_FILTER_NAME   =
-
-# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the custom filter to add.For more information please see
-# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">Qt Help Project / Custom Filters</a>.
-
-QHP_CUST_FILTER_ATTRS  =
-
-# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this project's
-# filter section matches.
-# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">Qt Help Project / Filter Attributes</a>.
-
-QHP_SECT_FILTER_ATTRS  =
-
-# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
-# be used to specify the location of Qt's qhelpgenerator.
-# If non-empty doxygen will try to run qhelpgenerator on the generated
-# .qhp file.
-
-QHG_LOCATION           =
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
-# top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it.
-
-DISABLE_INDEX          = NO
-
-# This tag can be used to set the number of enum values (range [1..20])
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE   = 4
-
-# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
-# structure should be generated to display hierarchical information.
-# If the tag value is set to YES, a side panel will be generated
-# containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
-# Windows users are probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW      = NO
-
-# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
-# and Class Hierarchy pages using a tree view instead of an ordered list.
-
-USE_INLINE_TREES       = NO
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH         = 250
-
-# Use this tag to change the font size of Latex formulas included
-# as images in the HTML documentation. The default is 10. Note that
-# when you change the font size after a successful doxygen run you need
-# to manually remove any form_*.png images from the HTML output directory
-# to force them to be regenerated.
-
-FORMULA_FONTSIZE       = 10
-
-# When the SEARCHENGINE tag is enable doxygen will generate a search box for the HTML output. The underlying search engine uses javascript
-# and DHTML and should work on any modern browser. Note that when using HTML help (GENERATE_HTMLHELP) or Qt help (GENERATE_QHP)
-# there is already a search function so this one should typically
-# be disabled.
-
-SEARCHENGINE           = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX         = YES
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT           = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME         = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME     = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX          = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, a4wide, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE             = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES         =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER           =
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS         = YES
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX           = YES
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE        = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not
-# include the index chapters (such as File Index, Compound Index, etc.)
-# in the output.
-
-LATEX_HIDE_INDICES     = NO
-
-# If LATEX_SOURCE_CODE is set to YES then doxygen will include source code with syntax highlighting in the LaTeX output. Note that which sources are shown also depends on other settings such as SOURCE_BROWSER.
-
-LATEX_SOURCE_CODE      = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimized for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF           = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT             = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF            = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS         = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assignments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE    =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE    =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN           = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT             = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION          = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS              = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation.
-
-GENERATE_XML           = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT             = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA             =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD                =
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
-# dump the program listings (including syntax highlighting
-# and cross-referencing information) to the XML output. Note that
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING     = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF   = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD       = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX          = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader.
-# This is useful
-# if you want to understand what is going on.
-# On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY         = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING   = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION        = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF     = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES        = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH           =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS  =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed. To prevent a macro definition from being
-# undefined via #undef or recursively expanded use the := operator
-# instead of the = operator.
-
-PREDEFINED             = IEEE8021X_EAPOL CONFIG_CTRL_IFACE CONFIG_P2P
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED      =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all function-like macros that are alone
-# on a line, have an all uppercase name, and do not end with a semicolon. Such
-# function macros are typically used for boiler-plate code, and will confuse
-# the parser if not removed.
-
-SKIP_FUNCTION_MACROS   = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles.
-# Optionally an initial location of the external documentation
-# can be added for each tagfile. The format of a tag file without
-# this location is as follows:
-#
-# TAGFILES = file1 file2 ...
-# Adding location for the tag files is done as follows:
-#
-# TAGFILES = file1=loc1 "file2 = loc2" ...
-# where "loc1" and "loc2" can be relative or absolute paths or
-# URLs. If a location is present for each tag, the installdox tool
-# does not have to be run to correct the links.
-# Note that each tag file must have a unique name
-# (where the name does NOT include the path)
-# If a tag file is not located in the directory in which doxygen
-# is run, you must also specify the path to the tagfile here.
-
-TAGFILES               =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE       =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS           = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS        = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH              = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
-# or super classes. Setting the tag to NO turns the diagrams off. Note that
-# this option is superseded by the HAVE_DOT option below. This is only a
-# fallback. It is recommended to install and use dot, since it yields more
-# powerful graphs.
-
-CLASS_DIAGRAMS         = NO
-
-# You can define message sequence charts within doxygen comments using the \msc
-# command. Doxygen will then run the mscgen tool (see
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
-# documentation. The MSCGEN_PATH tag allows you to specify the directory where
-# the mscgen tool resides. If left empty the tool is assumed to be found in the
-# default search path.
-
-MSCGEN_PATH            =
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS   = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT               = YES
-
-# By default doxygen will write a font called FreeSans.ttf to the output
-# directory and reference it in all dot files that doxygen generates. This
-# font does not include all possible unicode characters however, so when you need
-# these (or just want a differently looking font) you can specify the font name
-# using DOT_FONTNAME. You need need to make sure dot is able to find the font,
-# which can be done by putting it in a standard location or by setting the
-# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
-# containing the font.
-
-DOT_FONTNAME           = FreeSans
-
-# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
-# The default size is 10pt.
-
-DOT_FONTSIZE           = 10
-
-# By default doxygen will tell dot to use the output directory to look for the
-# FreeSans.ttf font (which doxygen will put there itself). If you specify a
-# different font using DOT_FONTNAME you can set the path where dot
-# can find it using this tag.
-
-DOT_FONTPATH           =
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH            = NO
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH    = NO
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS           = NO
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
-# collaboration diagrams in a style similar to the OMG's Unified Modeling
-# Language.
-
-UML_LOOK               = NO
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS     = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH          = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH      = NO
-
-# If the CALL_GRAPH and HAVE_DOT options are set to YES then
-# doxygen will generate a call dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable call graphs
-# for selected functions only using the \callgraph command.
-
-CALL_GRAPH             = NO
-
-# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
-# doxygen will generate a caller dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable caller
-# graphs for selected functions only using the \callergraph command.
-
-CALLER_GRAPH           = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY    = NO
-
-# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
-# then doxygen will show the dependencies a directory has on other directories
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH        = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT       = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH               =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS           =
-
-# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
-# nodes that will be shown in the graph. If the number of nodes in a graph
-# becomes larger than this value, doxygen will truncate the graph, which is
-# visualized by representing a node as a red box. Note that doxygen if the
-# number of direct children of the root node in a graph is already larger than
-# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
-# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
-
-DOT_GRAPH_MAX_NODES    = 50
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
-# graphs generated by dot. A depth value of 3 means that only nodes reachable
-# from the root by following a path via at most 3 edges will be shown. Nodes
-# that lay further from the root node will be omitted. Note that setting this
-# option to 1 or 2 may greatly reduce the computation time needed for large
-# code bases. Also note that the size of a graph can be further restricted by
-# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
-
-MAX_DOT_GRAPH_DEPTH    = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
-# background. This is disabled by default, because dot on Windows does not
-# seem to support this out of the box. Warning: Depending on the platform used,
-# enabling this option may lead to badly anti-aliased labels on the edges of
-# a graph (i.e. they become hard to read).
-
-DOT_TRANSPARENT        = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
-# files in one run (i.e. multiple -o and -T options on the command line). This
-# makes dot run faster, but since only newer versions of dot (>1.8.10)
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS      = YES
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND        = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermediate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP            = YES
-
-
-#---------------------------------------------------------------------------
-# Project additions
-#---------------------------------------------------------------------------
-
-# Disable autolink support due to wpa_supplicant getting unfortunately
-# auto-linked to struct wpa_supplicant due to having an underscore in the name.
-AUTOLINK_SUPPORT = FALSE
diff --git a/doc/driver_wrapper.doxygen b/doc/driver_wrapper.doxygen
deleted file mode 100644
index 66211b3abdfb..000000000000
--- a/doc/driver_wrapper.doxygen
+++ /dev/null
@@ -1,180 +0,0 @@
-/**
-\page driver_wrapper Driver wrapper implementation (driver.h, drivers.c)
-
-All hardware and driver dependent functionality is in separate C files
-that implement defined wrapper functions. Other parts
-of the wpa_supplicant are designed to be hardware, driver, and operating
-system independent.
-
-Driver wrappers need to implement whatever calls are used in the
-target operating system/driver for controlling wireless LAN
-devices. As an example, in case of Linux, these are mostly some glue
-code and ioctl() calls and netlink message parsing for Linux Wireless
-Extensions (WE). Since features required for WPA were added only recently to
-Linux Wireless Extensions (in version 18), some driver specific code is used
-in number of driver interface implementations. These driver dependent parts
-can be replaced with generic code in \ref driver_wext.c once the target driver
-includes full support for WE-18. After that, all Linux drivers, at
-least in theory, could use the same driver wrapper code.
-
-A driver wrapper needs to implement some or all of the functions
-defined in \ref driver.h. These functions are registered by filling struct
-\ref wpa_driver_ops with function pointers. Hardware independent parts of
-wpa_supplicant will call these functions to control the driver/wlan
-card. In addition, support for driver events is required. The event
-callback function, \ref wpa_supplicant_event(), and its parameters are
-documented in \ref driver.h. In addition, a pointer to the 'struct
-\ref wpa_driver_ops' needs to be registered in \ref drivers.c file.
-
-When porting to other operating systems, the driver wrapper should be
-modified to use the native interface of the target OS. It is possible
-that some extra requirements for the interface between the driver
-wrapper and generic wpa_supplicant code are discovered during porting
-to a new operating system. These will be addressed on case by case
-basis by modifying the interface and updating the other driver
-wrappers for this. The goal is to avoid changing this interface
-without very good reasons in order to limit the number of changes
-needed to other wrappers and hardware independent parts of
-wpa_supplicant. When changes are required, recommended way is to
-make them in backwards compatible way that allows existing driver
-interface implementations to be compiled without any modification.
-
-Generic Linux Wireless Extensions functions are implemented in
-\ref driver_wext.c. All Linux driver wrappers can use these when the kernel
-driver supports the generic ioctl()s and wireless events. Driver
-specific functions are implemented in separate C files, e.g.,
-\ref driver_hostap.c. These files need to define struct \ref wpa_driver_ops
-entry that will be used in \ref wpa_supplicant.c when calling driver
-functions. struct \ref wpa_driver_ops entries are registered in \ref drivers.c.
-
-In general, it is likely to be useful to first take a look at couple
-of driver interface examples before starting on implementing a new
-one. \ref driver_hostap.c and \ref driver_wext.c include a complete
-implementation for Linux drivers that use wpa_supplicant-based control
-of WPA IE and roaming. \ref driver_ndis.c (with help from \ref driver_ndis_.c)
-is an example of a complete interface for Windows NDIS interface for
-drivers that generate WPA IE themselves and decide when to roam. These
-example implementations include full support for all security modes.
-
-
-\section driver_req Driver requirements for WPA
-
-WPA introduces new requirements for the device driver. At least some
-of these need to be implemented in order to provide enough support for
-wpa_supplicant.
-
-\subsection driver_tkip_ccmp TKIP/CCMP
-
-WPA requires that the pairwise cipher suite (encryption algorithm for
-unicast data packets) is TKIP or CCMP. These are new encryption
-protocols and thus, the driver will need to be modified to support
-them. Depending on the used wlan hardware, some parts of these may be
-implemented by the hardware/firmware.
-
-Specification for both TKIP and CCMP is available from IEEE (IEEE
-802.11i amendment). Fully functional, hardware independent
-implementation of both encryption protocols is also available in Host
-AP driver (driver/modules/hostap_{tkip,ccmp}.c). In addition, Linux 2.6
-kernel tree has generic implementations for WEP, TKIP, and CCMP that can
-be used in Linux drivers.
-
-The driver will also need to provide configuration mechanism to allow
-user space programs to configure TKIP and CCMP. Linux Wireless Extensions
-v18 added support for configuring these algorithms and
-individual/non-default keys. If the target kernel does not include WE-18,
-private ioctls can be used to provide similar functionality.
-
-\subsection driver_roaming Roaming control and scanning support
-
-wpa_supplicant can optionally control AP selection based on the
-information received from Beacon and/or Probe Response frames
-(ap_scan=1 mode in configuration). This means that the driver should
-support external control for scan process. In case of Linux, use of
-new Wireless Extensions scan support (i.e., 'iwlist wlan0 scan') is
-recommended. The current driver wrapper (\ref driver_wext.c) uses this for
-scan results.
-
-Scan results must also include the WPA information element. Support for
-this was added in WE-18. With older versions, a custom event can be used
-to provide the full WPA IE (including element id and length) as a hex
-string that is included in the scan results.
-
-wpa_supplicant needs to also be able to request the driver to
-associate with a specific BSS. Current Host AP driver and matching
-\ref driver_hostap.c wrapper uses following sequence for this
-request. Similar/identical mechanism should be usable also with other
-drivers.
-
-- set WPA IE for AssocReq with private ioctl
-- set SSID with SIOCSIWESSID
-- set channel/frequency with SIOCSIWFREQ
-- set BSSID with SIOCSIWAP
-  (this last ioctl will trigger the driver to request association)
-
-\subsection driver_wpa_ie WPA IE generation
-
-wpa_supplicant selects which cipher suites and key management suites
-are used. Based on this information, it generates a WPA IE. This is
-provided to the driver interface in the associate call. This does not
-match with Windows NDIS drivers which generate the WPA IE
-themselves.
-
-wpa_supplicant allows Windows NDIS-like behavior by providing the
-selected cipher and key management suites in the associate call. If
-the driver generates its own WPA IE and that differs from the one
-generated by wpa_supplicant, the driver has to inform wpa_supplicant
-about the used WPA IE (i.e., the one it used in (Re)Associate
-Request). This notification is done using EVENT_ASSOCINFO event (see
-\ref driver.h). wpa_supplicant is normally configured to use
-ap_scan=2 mode with drivers that control WPA IE generation and roaming.
-
-\subsection driver_events Driver events
-
-wpa_supplicant needs to receive event callbacks when certain events
-occur (association, disassociation, Michael MIC failure, scan results
-available, PMKSA caching candidate). These events and the callback
-details are defined in \ref driver.h (\ref wpa_supplicant_event() function
-and enum \ref wpa_event_type).
-
-On Linux, association and disassociation can use existing Wireless
-Extensions event that is reporting new AP with SIOCGIWAP
-event. Similarly, completion of a scan can be reported with SIOCGIWSCAN
-event.
-
-Michael MIC failure event was added in WE-18. Older versions of Wireless
-Extensions will need to use a custom event. Host AP driver used a custom
-event with following contents: MLME-MICHAELMICFAILURE.indication(keyid=#
-broadcast/unicast addr=addr2). This is the recommended format until
-the driver can be moved to use WE-18 mechanism.
-
-\subsection driver_wext_summary Summary of Linux Wireless Extensions use
-
-AP selection depends on ap_scan configuration:
-
-ap_scan=1:
-
-- wpa_supplicant requests scan with SIOCSIWSCAN
-- driver reports scan complete with wireless event SIOCGIWSCAN
-- wpa_supplicant reads scan results with SIOCGIWSCAN (multiple call if
-  a larger buffer is needed)
-- wpa_supplicant decides which AP to use based on scan results
-- wpa_supplicant configures driver to associate with the selected BSS
-  (SIOCSIWMODE, SIOCSIWGENIE, SIOCSIWAUTH, SIOCSIWFREQ,
-   SIOCSIWESSID, SIOCSIWAP)
-
-ap_scan=2:
-
-- wpa_supplicant configures driver to associate with an SSID
-  (SIOCSIWMODE, SIOCSIWGENIE, SIOCSIWAUTH, SIOCSIWESSID)
-
-
-After this, both modes use similar steps:
-
-- optionally (or required for drivers that generate WPA/RSN IE for
-  (Re)AssocReq), driver reports association parameters (AssocReq IEs)
-  with wireless event IWEVASSOCREQIE (and optionally IWEVASSOCRESPIE)
-- driver reports association with wireless event SIOCGIWAP
-- wpa_supplicant takes care of EAPOL frame handling (validating
-  information from associnfo and if needed, from scan results if WPA/RSN
-  IE from the Beacon frame is not reported through associnfo)
-*/
diff --git a/doc/eap.doxygen b/doc/eap.doxygen
deleted file mode 100644
index 472e882004d3..000000000000
--- a/doc/eap.doxygen
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
-\page eap_peer_module EAP peer implementation
-
-Extensible Authentication Protocol (EAP) is an authentication framework
-defined in RFC 3748. wpa_supplicant uses a separate code module for EAP
-peer implementation. This module was designed to use only a minimal set
-of direct function calls (mainly, to debug/event functions) in order for
-it to be usable in other programs. The design of the EAP
-implementation is based loosely on RFC 4137. The state machine is
-defined in this RFC and so is the interface between the peer state
-machine and methods. As such, this RFC provides useful information for
-understanding the EAP peer implementation in wpa_supplicant.
-
-Some of the terminology used in EAP state machine is referring to
-EAPOL (IEEE 802.1X), but there is no strict requirement on the lower
-layer being IEEE 802.1X if EAP module is built for other programs than
-wpa_supplicant. These terms should be understood to refer to the
-lower layer as defined in RFC 4137.
-
-
-\section adding_eap_methods Adding EAP methods
-
-Each EAP method is implemented as a separate module, usually as one C
-file named eap_<name of the method>.c, e.g., \ref eap_md5.c. All EAP
-methods use the same interface between the peer state machine and
-method specific functions. This allows new EAP methods to be added
-without modifying the core EAP state machine implementation.
-
-New EAP methods need to be registered by adding them into the build
-(Makefile) and the EAP method registration list in the
-\ref eap_peer_register_methods() function of \ref eap_methods.c. Each EAP
-method should use a build-time configuration option, e.g., EAP_TLS, in
-order to make it possible to select which of the methods are included
-in the build.
-
-EAP methods must implement the interface defined in \ref eap_i.h. struct
-\ref eap_method defines the needed function pointers that each EAP method
-must provide. In addition, the EAP type and name are registered using
-this structure. This interface is based on section 4.4 of RFC 4137.
-
-It is recommended that the EAP methods would use generic helper
-functions, \ref eap_msg_alloc() and \ref eap_hdr_validate() when processing
-messages. This allows code sharing and can avoid missing some of the
-needed validation steps for received packets. In addition, these
-functions make it easier to change between expanded and legacy EAP
-header, if needed.
-
-When adding an EAP method that uses a vendor specific EAP type
-(Expanded Type as defined in RFC 3748, Chapter 5.7), the new method
-must be registered by passing vendor id instead of EAP_VENDOR_IETF to
-\ref eap_peer_method_alloc(). These methods must not try to emulate
-expanded types by registering a legacy EAP method for type 254. See
-\ref eap_vendor_test.c for an example of an EAP method implementation that
-is implemented as an expanded type.
-
-
-\section used_eap_library Using EAP implementation as a library
-
-The Git repository has an eap_example directory that contains an
-example showing how EAP peer and server code from wpa_supplicant and
-hostapd can be used as a library. The example program initializes both
-an EAP server and an EAP peer entities and then runs through an
-EAP-PEAP/MSCHAPv2 authentication.
-
-\ref eap_example_peer.c shows the initialization and glue code needed to
-control the EAP peer implementation. \ref eap_example_server.c does the
-same for EAP server. \ref eap_example.c is an example that ties in both the
-EAP server and client parts to allow an EAP authentication to be
-shown.
-
-In this example, the EAP messages are passed between the server and
-the peer are passed by direct function calls within the same process.
-In practice, server and peer functionalities would likely reside in
-separate devices and the EAP messages would be transmitted between the
-devices based on an external protocol. For example, in IEEE 802.11
-uses IEEE 802.1X EAPOL state machines to control the transmission of
-EAP messages and WiMax supports optional PMK EAP authentication
-mechanism that transmits EAP messages as defined in IEEE 802.16e.
-
-The EAP library links in number of helper functions from \ref src/utils and
-\ref src/crypto directories. Most of these are suitable as-is, but it may
-be desirable to replace the debug output code in \ref src/utils/wpa_debug.c
-by dropping this file from the library and re-implementing the
-functions there in a way that better fits in with the main
-application.
-
-*/
diff --git a/doc/eap_server.doxygen b/doc/eap_server.doxygen
deleted file mode 100644
index f60ac79b1e01..000000000000
--- a/doc/eap_server.doxygen
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
-\page eap_server_module EAP server implementation
-
-Extensible Authentication Protocol (EAP) is an authentication framework
-defined in RFC 3748. hostapd uses a separate code module for EAP server
-implementation. This module was designed to use only a minimal set of
-direct function calls (mainly, to debug/event functions) in order for
-it to be usable in other programs. The design of the EAP
-implementation is based loosely on RFC 4137. The state machine is
-defined in this RFC and so is the interface between the server state
-machine and methods. As such, this RFC provides useful information for
-understanding the EAP server implementation in hostapd.
-
-Some of the terminology used in EAP state machine is referring to
-EAPOL (IEEE 802.1X), but there is no strict requirement on the lower
-layer being IEEE 802.1X if EAP module is built for other programs than
-wpa_supplicant. These terms should be understood to refer to the
-lower layer as defined in RFC 4137.
-
-
-\section adding_eap_methods Adding EAP methods
-
-Each EAP method is implemented as a separate module, usually as one C
-file named eap_server_<name of the method>.c, e.g., \ref eap_server_md5.c. All EAP
-methods use the same interface between the server state machine and
-method specific functions. This allows new EAP methods to be added
-without modifying the core EAP state machine implementation.
-
-New EAP methods need to be registered by adding them into the build
-(Makefile) and the EAP method registration list in the
-\ref eap_server_register_methods() function of \ref eap_server_methods.c. Each EAP
-method should use a build-time configuration option, e.g., EAP_TLS, in
-order to make it possible to select which of the methods are included
-in the build.
-
-EAP methods must implement the interface defined in \ref eap_i.h. struct
-\ref eap_method defines the needed function pointers that each EAP method
-must provide. In addition, the EAP type and name are registered using
-this structure. This interface is based on section 4.4 of RFC 4137.
-
-It is recommended that the EAP methods would use generic helper
-functions, \ref eap_msg_alloc() and \ref eap_hdr_validate() when processing
-messages. This allows code sharing and can avoid missing some of the
-needed validation steps for received packets. In addition, these
-functions make it easier to change between expanded and legacy EAP
-header, if needed.
-
-When adding an EAP method that uses a vendor specific EAP type
-(Expanded Type as defined in RFC 3748, Chapter 5.7), the new method
-must be registered by passing vendor id instead of EAP_VENDOR_IETF to
-\ref eap_server_method_alloc(). These methods must not try to emulate
-expanded types by registering a legacy EAP method for type 254. See
-\ref eap_server_vendor_test.c for an example of an EAP method implementation that
-is implemented as an expanded type.
-
-*/
diff --git a/doc/hostapd.fig b/doc/hostapd.fig
deleted file mode 100644
index ea4ab3a2894e..000000000000
--- a/doc/hostapd.fig
+++ /dev/null
@@ -1,264 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-6 1875 4050 2925 4350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1875 4050 2925 4050 2925 4350 1875 4350 1875 4050
-4 0 0 50 -1 0 12 0.0000 4 180 735 2025 4275 l2_packet\001
--6
-6 4725 1200 5925 1500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4725 1200 5925 1200 5925 1500 4725 1500 4725 1200
-4 0 0 50 -1 0 12 0.0000 4 135 1005 4800 1425 GUI frontend\001
--6
-6 6000 2700 7200 3225
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 2700 7200 2700 7200 3225 6000 3225 6000 2700
-4 0 0 50 -1 0 12 0.0000 4 135 975 6075 2925 WPA/WPA2\001
-4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 3150 state machine\001
--6
-6 6000 4950 7200 5475
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 4950 7200 4950 7200 5475 6000 5475 6000 4950
-4 0 0 50 -1 0 12 0.0000 4 135 360 6075 5175 EAP\001
-4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 5400 state machine\001
--6
-6 4350 3900 5025 4425
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4350 3900 5025 3900 5025 4425 4350 4425 4350 3900
-4 0 0 50 -1 0 12 0.0000 4 105 420 4500 4125 event\001
-4 0 0 50 -1 0 12 0.0000 4 180 315 4500 4350 loop\001
--6
-6 4275 2550 5100 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4275 2550 5100 2550 5100 2850 4275 2850 4275 2550
-4 0 0 50 -1 0 12 0.0000 4 135 450 4425 2775 ctrl i/f\001
--6
-6 6000 3900 7200 4425
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 3900 7200 3900 7200 4425 6000 4425 6000 3900
-4 0 0 50 -1 0 12 0.0000 4 135 600 6075 4125 EAPOL\001
-4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 4350 state machine\001
--6
-6 2775 3150 4050 3450
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2775 3150 4050 3150 4050 3450 2775 3450 2775 3150
-4 0 0 50 -1 0 12 0.0000 4 180 990 2925 3375 configuration\001
--6
-6 3450 1200 4575 1500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3450 1200 4575 1200 4575 1500 3450 1500 3450 1200
-4 0 0 50 -1 0 12 0.0000 4 180 870 3600 1425 hostapd_cli\001
--6
-6 3525 7800 5775 8100
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3525 7800 5775 7800 5775 8100 3525 8100 3525 7800
-4 0 0 50 -1 0 12 0.0000 4 135 2145 3600 8025 kernel network device driver\001
--6
-6 4275 6000 5100 6300
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4275 6000 5100 6000 5100 6300 4275 6300 4275 6000
-4 0 0 50 -1 0 12 0.0000 4 135 630 4350 6225 driver i/f\001
--6
-6 8175 4725 9225 5025
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 4725 9225 4725 9225 5025 8175 5025 8175 4725
-4 0 0 50 -1 0 12 0.0000 4 135 735 8250 4950 EAP-TLS\001
--6
-6 9300 4725 10350 5025
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 4725 10350 4725 10350 5025 9300 5025 9300 4725
-4 0 0 50 -1 0 12 0.0000 4 135 810 9375 4950 EAP-MD5\001
--6
-6 8175 5100 9225 5400
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 5100 9225 5100 9225 5400 8175 5400 8175 5100
-4 0 0 50 -1 0 12 0.0000 4 135 885 8250 5325 EAP-PEAP\001
--6
-6 9300 5100 10350 5400
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 5100 10350 5100 10350 5400 9300 5400 9300 5100
-4 0 0 50 -1 0 12 0.0000 4 135 840 9375 5325 EAP-TTLS\001
--6
-6 8175 5475 9225 5775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 5475 9225 5475 9225 5775 8175 5775 8175 5475
-4 0 0 50 -1 0 12 0.0000 4 135 780 8250 5700 EAP-GTC\001
--6
-6 8175 5850 9225 6150
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 5850 9225 5850 9225 6150 8175 6150 8175 5850
-4 0 0 50 -1 0 12 0.0000 4 135 750 8250 6075 EAP-SIM\001
--6
-6 8175 6225 9225 6525
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 6225 9225 6225 9225 6525 8175 6525 8175 6225
-4 0 0 50 -1 0 12 0.0000 4 135 765 8250 6450 EAP-PSK\001
--6
-6 9300 5850 10350 6150
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 5850 10350 5850 10350 6150 9300 6150 9300 5850
-4 0 0 50 -1 0 12 0.0000 4 135 825 9375 6075 EAP-AKA\001
--6
-6 9300 5475 10350 5775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 5475 10350 5475 10350 5775 9300 5775 9300 5475
-4 0 0 50 -1 0 12 0.0000 4 135 795 9375 5700 EAP-PAX\001
--6
-6 8175 6600 9675 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 6600 9675 6600 9675 6900 8175 6900 8175 6600
-4 0 0 50 -1 0 12 0.0000 4 135 1365 8250 6825 EAP-MSCHAPv2\001
--6
-6 8700 3450 9375 3750
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8700 3450 9375 3450 9375 3750 8700 3750 8700 3450
-4 0 0 50 -1 0 12 0.0000 4 150 480 8775 3675 crypto\001
--6
-6 9600 3450 10275 3750
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9600 3450 10275 3450 10275 3750 9600 3750 9600 3450
-4 0 0 50 -1 0 12 0.0000 4 135 315 9750 3675 TLS\001
--6
-6 6000 5775 7200 6300
-6 6000 5775 7200 6300
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 5775 7200 5775 7200 6300 6000 6300 6000 5775
-4 0 0 50 -1 0 12 0.0000 4 135 690 6075 6000 RADIUS\001
--6
-4 0 0 50 -1 0 12 0.0000 4 90 480 6075 6225 server\001
--6
-6 8100 2250 8925 2775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8100 2250 8925 2250 8925 2775 8100 2775 8100 2250
-4 0 0 50 -1 0 12 0.0000 4 135 690 8175 2475 RADIUS\001
-4 0 0 50 -1 0 12 0.0000 4 135 420 8175 2700 client\001
--6
-6 3150 5475 4425 5775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3150 5475 4425 5475 4425 5775 3150 5775 3150 5475
-4 0 0 50 -1 0 12 0.0000 4 135 990 3300 5700 driver events\001
--6
-6 1950 5550 2625 6075
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1950 5550 2625 5550 2625 6075 1950 6075 1950 5550
-4 0 0 50 -1 0 12 0.0000 4 135 540 2025 5775 Station\001
-4 0 0 50 -1 0 12 0.0000 4 135 375 2025 6000 table\001
--6
-6 1875 4725 2925 5250
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1875 4725 2925 4725 2925 5250 1875 5250 1875 4725
-4 0 0 50 -1 0 12 0.0000 4 135 960 1950 4950 IEEE 802.11\001
-4 0 0 50 -1 0 12 0.0000 4 135 555 1950 5175 MLME\001
--6
-2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
-	 1275 4200 1875 4200
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 4500 2550 3900 1500
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 4800 2550 5400 1500
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 2925 4200 4350 4200
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5025 3900 6000 3000
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5025 4200 6000 4200
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4650 6000 4650 4425
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6600 4425 6600 4950
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6600 3225 6600 3900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 5250 8100 5250
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 9075 4425 9075 3750
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 3000 8700 3525
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4650 3900 4650 2850
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 4125 8700 3675
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6000 4350 5025 6000
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6000 3150 4875 6000
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1500 2100 10800 2100 10800 7500 1500 7500 1500 2100
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 9900 4425 9900 3750
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 1
-	 4350 3900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4350 3900 4050 3450
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4350 4425 4050 5475
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 2250 7200 4200 7800
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 7200 7200 5100 7800
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2775 6900 3675 6900 3675 7200 2775 7200 2775 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3750 6900 4650 6900 4650 7200 3750 7200 3750 6900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
-	 2250 6900 2250 6600 7200 6600 7200 6900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 3225 6900 3225 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4200 6900 4200 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5175 6900 5175 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6150 6900 6150 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4650 6600 4650 6300
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1800 6900 2700 6900 2700 7200 1800 7200 1800 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4725 6900 5625 6900 5625 7200 4725 7200 4725 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5700 6900 6600 6900 6600 7200 5700 7200 5700 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6675 6900 7800 6900 7800 7200 6675 7200 6675 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8100 6975 10425 6975 10425 4425 8100 4425 8100 6975
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6600 5475 6600 5775
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5025 4425 6000 5775
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 3
-	 4800 3900 5925 2550 8100 2550
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 3900 8475 2775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9450 2250 10425 2250 10425 2775 9450 2775 9450 2250
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 8925 2475 9450 2475
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 2325 5550 2325 5250
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 2925 4950 4350 4275
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 3
-	 2850 4725 5775 2400 8100 2400
-4 0 0 50 -1 0 12 0.0000 4 135 915 375 3975 EAPOL and\001
-4 0 0 50 -1 0 12 0.0000 4 180 630 375 4200 pre-auth\001
-4 0 0 50 -1 0 12 0.0000 4 180 810 375 4425 ethertypes\001
-4 0 0 50 -1 0 12 0.0000 4 135 1050 375 4650 from/to kernel\001
-4 0 0 50 -1 0 12 0.0000 4 135 1920 3675 1875 frontend control interface\001
-4 0 0 50 -1 2 14 0.0000 4 195 720 1637 2371 hostapd\001
-4 0 0 50 -1 0 12 0.0000 4 180 600 3825 7125 prism54\001
-4 0 0 50 -1 0 12 0.0000 4 180 510 1875 7125 hostap\001
-4 0 0 50 -1 0 12 0.0000 4 135 600 2850 7125 nl80211\001
-4 0 0 50 -1 0 12 0.0000 4 135 270 4800 7125 bsd\001
-4 0 0 50 -1 0 12 0.0000 4 105 300 6750 7125 test\001
-4 0 0 50 -1 0 12 0.0000 4 135 420 5775 7125 wired\001
-4 0 0 50 -1 0 12 0.0000 4 135 1050 8700 4650 EAP methods\001
-4 0 0 50 -1 0 12 0.0000 4 135 690 9525 2475 RADIUS\001
-4 0 0 50 -1 0 12 0.0000 4 180 825 9525 2700 accounting\001
diff --git a/doc/hostapd_ctrl_iface.doxygen b/doc/hostapd_ctrl_iface.doxygen
deleted file mode 100644
index 4d2bac82c43f..000000000000
--- a/doc/hostapd_ctrl_iface.doxygen
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
-\page hostapd_ctrl_iface_page hostapd control interface
-
-hostapd implements a control interface that can be used by
-external programs to control the operations of the hostapd
-daemon and to get status information and event notifications. There is
-a small C library, in a form of a single C file, \ref wpa_ctrl.c, that
-provides helper functions to facilitate the use of the control
-interface. External programs can link this file into them and then use
-the library functions documented in \ref wpa_ctrl.h to interact with
-wpa_supplicant. This library can also be used with C++. \ref hostapd_cli.c
-is an example program using this library.
-
-There are multiple mechanisms for inter-process communication. For
-example, Linux version of hostapd is using UNIX domain sockets for the
-control interface. The use of the functions defined in \ref wpa_ctrl.h can
-be used to hide the details of the used IPC from external programs.
-
-
-\section using_ctrl_iface Using the control interface
-
-External programs, e.g., a GUI or a configuration utility, that need to
-communicate with hostapd should link in \ref wpa_ctrl.c. This
-allows them to use helper functions to open connection to the control
-interface with \ref wpa_ctrl_open() and to send commands with
-\ref wpa_ctrl_request().
-
-hostapd uses the control interface for two types of communication:
-commands and unsolicited event messages. Commands are a pair of
-messages, a request from the external program and a response from
-hostapd. These can be executed using \ref wpa_ctrl_request().
-Unsolicited event messages are sent by hostapd to the control
-interface connection without specific request from the external program
-for receiving each message. However, the external program needs to
-attach to the control interface with \ref wpa_ctrl_attach() to receive these
-unsolicited messages.
-
-If the control interface connection is used both for commands and
-unsolicited event messages, there is potential for receiving an
-unsolicited message between the command request and response.
-\ref wpa_ctrl_request() caller will need to supply a callback, msg_cb,
-for processing these messages. Often it is easier to open two
-control interface connections by calling \ref wpa_ctrl_open() twice and
-then use one of the connections for commands and the other one for
-unsolicited messages. This way command request/response pairs will
-not be broken by unsolicited messages. \ref wpa_cli.c is an example of how
-to use only one connection for both purposes and wpa_gui demonstrates
-how to use two separate connections.
-
-Once the control interface connection is not needed anymore, it should
-be closed by calling \ref wpa_ctrl_close(). If the connection was used for
-unsolicited event messages, it should be first detached by calling
-\ref wpa_ctrl_detach().
-
-
-\section ctrl_iface_cmds Control interface commands
-
-Following commands can be used with \ref wpa_ctrl_request():
-
-\subsection ctrl_iface_PING PING
-
-This command can be used to test whether hostapd is replying
-to the control interface commands. The expected reply is \c PONG if the
-connection is open and hostapd is processing commands.
-
-*/
diff --git a/doc/mainpage.doxygen b/doc/mainpage.doxygen
deleted file mode 100644
index 329afea3fa6a..000000000000
--- a/doc/mainpage.doxygen
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
-\mainpage Developers' documentation for wpa_supplicant and hostapd
-
-The goal of this documentation and comments in the source code is to
-give enough information for other developers to understand how
-wpa_supplicant and hostapd have been implemented, how they can be
-modified, how new drivers can be supported, and how the source code
-can be ported to other operating systems. If any information is
-missing, feel free to contact Jouni Malinen <j@w1.fi> for more
-information. Contributions as patch files are also very welcome at the
-same address. Please note that this software is licensed under the
-BSD license (the one with advertisement clause removed). All
-contributions to wpa_supplicant and hostapd are expected to use
-compatible licensing terms.
-
-The source code and read-only access to the combined wpa_supplicant
-and hostapd Git repository is available from the project home page at
-http://w1.fi/wpa_supplicant/. This developers' documentation is also
-available as a PDF file from
-http://w1.fi/wpa_supplicant/wpa_supplicant-devel.pdf .
-
-
-\section _wpa_supplicant wpa_supplicant
-
-wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with
-support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE
-802.1X/WPA component that is used in the client stations. It
-implements key negotiation with a WPA Authenticator and it can optionally
-control roaming and IEEE 802.11 authentication/association of the wlan
-driver.
-
-The design goal for wpa_supplicant was to use hardware, driver, and
-OS independent, portable C code for all WPA functionality. The source
-code is divided into separate C files as shown on the \ref
-code_structure "code structure page". All hardware/driver specific
-functionality is in separate files that implement a \ref
-driver_wrapper "well-defined driver API". Information about porting
-to different target boards and operating systems is available on
-the \ref porting "porting page".
-
-EAPOL (IEEE 802.1X) state machines are implemented as a separate
-module that interacts with \ref eap_peer_module "EAP peer implementation".
-In addition to programs aimed at normal production use,
-wpa_supplicant source tree includes number of \ref testing_tools
-"testing and development tools" that make it easier to test the
-programs without having to setup a full test setup with wireless
-cards. These tools can also be used to implement automatic test
-suites.
-
-wpa_supplicant implements a
-\ref ctrl_iface_page "control interface" that can be used by
-external programs to control the operations of the wpa_supplicant
-daemon and to get status information and event notifications. There is
-a small C library that provides helper functions to facilitate the use of the
-control interface. This library can also be used with C++.
-
-\image html _wpa_supplicant.png "wpa_supplicant modules"
-\image latex _wpa_supplicant.eps "wpa_supplicant modules" width=15cm
-
-
-\section _hostapd hostapd
-
-hostapd includes IEEE 802.11 access point management (authentication /
-association), IEEE 802.1X/WPA/WPA2 Authenticator, EAP server, and
-RADIUS authentication server functionality. It can be build with
-various configuration option, e.g., a standalone AP management
-solution or a RADIUS authentication server with support for number of
-EAP methods.
-
-The design goal for hostapd was to use hardware, driver, and
-OS independent, portable C code for all WPA functionality. The source
-code is divided into separate C files as shown on the \ref
-code_structure "code structure page". All hardware/driver specific
-functionality is in separate files that implement a \ref
-driver_wrapper "well-defined driver API". Information about porting
-to different target boards and operating systems is available on
-the \ref porting "porting page".
-
-EAPOL (IEEE 802.1X) state machines are implemented as a separate
-module that interacts with \ref eap_server_module "EAP server implementation".
-Similarly, RADIUS authentication server is in its own separate module.
-Both IEEE 802.1X and RADIUS authentication server can use EAP server
-functionality.
-
-hostapd implements a \ref hostapd_ctrl_iface_page "control interface"
-that can be used by external programs to control the operations of the
-hostapdt daemon and to get status information and event notifications.
-There is a small C library that provides helper functions to facilitate
-the use of the control interface. This library can also be used with
-C++.
-
-\image html hostapd.png "hostapd modules"
-\image latex hostapd.eps "hostapd modules" width=15cm
-
-*/
diff --git a/doc/p2p.doxygen b/doc/p2p.doxygen
deleted file mode 100644
index 6ab6e9e05a10..000000000000
--- a/doc/p2p.doxygen
+++ /dev/null
@@ -1,471 +0,0 @@
-/**
-\page p2p Wi-Fi Direct - P2P module
-
-Wi-Fi Direct functionality is implemented any many levels in the WLAN
-stack from low-level driver operations to high-level GUI design. This
-document covers the parts that can be user by wpa_supplicant. However,
-it should be noted that alternative designs are also possible, so some
-of the functionality may reside in other components in the system.
-
-The driver (or WLAN firmware/hardware) is expected to handle low-level
-operations related to P2P Power Management and channel scheduling. In
-addition, support for virtual network interface and data frame
-processing is done inside the driver. Configuration for these
-low-level operations is defined in the driver interface:
-src/drivers/driver.h. This defines both the commands and events used to
-interact with the driver.
-
-P2P module implements higher layer functionality for management P2P
-groups. It takes care of Device Discovery, Service Discovery, Group
-Owner Negotiation, P2P Invitation. In addition, it maintains
-information about neighboring P2P Devices. This module could be used
-in designs that do not use wpa_supplicant and it could also reside
-inside the driver/firmware component. P2P module API is defined in
-\ref src/p2p/p2p.h.
-
-Provisioning step of Group Formation is implemented using WPS
-(\ref src/wps/wps.h).
-
-wpa_supplicant includes code in interact with both the P2P module
-(\ref wpa_supplicant/p2p_supplicant.c) and WPS
-(\ref wpa_supplicant/wps_supplicant.c). The driver operations are passed
-through these files, i.e., core P2P or WPS code does not interact
-directly with the driver interface.
-
-
-\section p2p_arch P2P architecture
-
-P2P functionality affects many areas of the system architecture. This
-section shows couple of examples on the location of main P2P
-components. In the diagrams below, green arrows are used to show
-communication paths from the P2P module to upper layer management
-functionality and all the way to a GUI that user could use to manage
-P2P connections. Blue arrows show the path taken for lower layer
-operations. Glue code is used to bind the P2P module API to the rest
-of the system to provide access both towards upper and lower layer
-functionality.
-
-\subsection p2p_arch_mac80211 P2P architecture with Linux/mac80211/ath9k
-
-An architecture where the P2P module resides inside the
-wpa_supplicant process is used with Linux mac80211-based drivers,
-e.g., ath9k. The following diagram shows the main components related
-to P2P functionality in such an architecture.
-
-\image html p2p_arch.png "P2P module within wpa_supplicant"
-\image latex p2p_arch.eps "P2P module within wpa_supplicant" width=15cm
-
-\subsection p2p_arch_umac P2P architecture with UMAC
-
-The following diagram shows the main components related to P2P
-functionality in an architecture where the P2P module resides inside
-the kernel IEEE 802.11 stack (UMAC in the figure).
-
-\image html p2p_arch2.png "P2P module in kernel
-\image latex p2p_arch2.eps "P2P module in kernel" width=15cm
-
-
-\section p2p_module P2P module
-
-P2P module manages discovery and group formation with a single state
-machine, i.e., only a single operation per device can be in progress
-at any given time. The following diagram describes the P2P state
-machine. For clarity, it does not include state transitions on
-operation timeouts to the IDLE state. The states that are marked with
-dotted ellipse are listed for clarity to describe the protocol
-functionality for Device Discovery phase, but are not used in the
-implementation (the SEARCH state is used to manage the initial Scan
-and the alternating Listen and Search states within Find).
-
-\image html p2p_sm.png "P2P module state machine"
-\image latex p2p_sm.eps "P2P module state machine" width=15cm
-
-\subsection p2p_module_api P2P module API
-
-P2P module API is defined in \ref src/p2p/p2p.h. The API consists of
-functions for requesting operations and for providing event
-notifications. Similar set of callback functions are configured with
-struct p2p_config to provide callback functions that P2P module can
-use to request operations and to provide event notifications. In
-addition, there are number of generic helper functions that can be
-used for P2P related operations.
-
-These are the main functions for an upper layer management entity to
-request P2P operations:
-- \ref p2p_find()
-- \ref p2p_stop_find()
-- \ref p2p_listen()
-- \ref p2p_connect()
-- \ref p2p_reject()
-- \ref p2p_prov_disc_req()
-- \ref p2p_sd_request()
-- \ref p2p_sd_cancel_request()
-- \ref p2p_sd_response()
-- \ref p2p_sd_service_update()
-- \ref p2p_invite()
-
-These are the main callback functions for P2P module to provide event
-notifications to the upper layer management entity:
-
-- \ref p2p_config::dev_found()
-- \ref p2p_config::go_neg_req_rx()
-- \ref p2p_config::go_neg_completed()
-- \ref p2p_config::sd_request()
-- \ref p2p_config::sd_response()
-- \ref p2p_config::prov_disc_req()
-- \ref p2p_config::prov_disc_resp()
-- \ref p2p_config::invitation_process()
-- \ref p2p_config::invitation_received()
-- \ref p2p_config::invitation_result()
-
-The P2P module uses following functions to request lower layer driver
-operations:
-
-- \ref p2p_config::p2p_scan()
-- \ref p2p_config::send_probe_resp()
-- \ref p2p_config::send_action()
-- \ref p2p_config::send_action_done()
-- \ref p2p_config::start_listen()
-- \ref p2p_config::stop_listen()
-
-Events from lower layer driver operations are delivered to the P2P
-module with following functions:
-
-- \ref p2p_probe_req_rx()
-- \ref p2p_rx_action()
-- \ref p2p_scan_res_handler()
-- \ref p2p_scan_res_handled()
-- \ref p2p_send_action_cb()
-- \ref p2p_listen_cb()
-
-In addition to the per-device state, the P2P module maintains
-per-group state for group owners. This is initialized with a call to
-p2p_group_init() when a group is created and deinitialized with
-p2p_group_deinit(). The upper layer GO management entity uses
-following functions to interact with the P2P per-group state:
-
-- \ref p2p_group_notif_assoc()
-- \ref p2p_group_notif_disassoc()
-- \ref p2p_group_notif_formation_done()
-- \ref p2p_group_match_dev_type()
-
-The P2P module will use following callback function to update P2P IE
-for GO Beacon and Probe Response frames:
-
-- \ref p2p_group_config::ie_update()
-
-
-\section p2p_driver P2P driver operations (low-level interface)
-
-The following driver wrapper functions are needed for P2P in addition
-to the standard station/AP mode operations when the P2P module resides
-within wpa_supplicant:
-- \ref wpa_driver_ops::if_add()
-- \ref wpa_driver_ops::if_remove()
-- \ref wpa_driver_ops::remain_on_channel()
-- \ref wpa_driver_ops::cancel_remain_on_channel()
-- \ref wpa_driver_ops::send_action()
-- \ref wpa_driver_ops::probe_req_report()
-
-The following driver wrapper events are needed for P2P in addition to
-the standard station/AP mode events when the P2P module resides within
-wpa_supplicant:
-- \ref wpa_event_type::EVENT_RX_MGMT
-- \ref wpa_event_type::EVENT_REMAIN_ON_CHANNEL
-- \ref wpa_event_type::EVENT_CANCEL_REMAIN_ON_CHANNEL
-- \ref wpa_event_type::EVENT_RX_PROBE_REQ
-
-
-\section p2p_go_neg P2P device discovery and group formation
-
-This section shows an example sequence of operations that can be used
-to implement P2P device discovery and group formation. The function
-calls are described based on the P2P module API. The exact design for
-the glue code outside the P2P module depends on the architecture used
-in the system.
-
-An upper layer management entity starts P2P device discovery by
-calling \ref p2p_find(). The P2P module start the discovery by requesting a
-full scan to be completed by calling \ref p2p_config::p2p_scan(). Results
-from the scan will be reported by calling \ref p2p_scan_res_handler() and
-after last result, the scan result processing is terminated with a
-call to \ref p2p_scan_res_handled(). The P2P peers that are found during
-the full scan are reported with the \ref p2p_config::dev_found() callback.
-
-After the full scan, P2P module start alternating between Listen and
-Search states until the device discovery operation times out or
-terminated, e.g., with a call to \ref p2p_stop_find().
-
-When going into the Listen state, the P2P module requests the driver
-to be configured to be awake on the listen channel with a call to
-\ref p2p_config::start_listen(). The glue code using the P2P module may
-implement this, e.g., by using remain-on-channel low-level driver
-functionality for off-channel operation. Once the driver is available
-on the requested channel, notification of this is delivered by calling
-\ref p2p_listen_cb(). The Probe Request frames that are received during the
-Listen period are delivered to the P2P module by calling
-\ref p2p_config::p2p_probe_req_rx() and P2P module request a response to
-these to be sent by using \ref p2p_config::send_probe_resp() callback
-function. If a group owner negotiation from another P2P device is
-received during the device discovery phase, that is indicated to the
-upper layer code with the \ref p2p_config::go_neg_req_tx() callback.
-
-The Search state is implemented by using the normal scan interface,
-i.e., the P2P module will call \ref p2p_config::p2p_scan() just like in the
-full scan phase described. Similarly, scan results from the search
-operation will be delivered to the P2P module using the
-\ref p2p_scan_res_handler() and \ref p2p_scan_res_handled() functions.
-
-Once the upper layer management entity has found a peer with which it
-wants to connect by forming a new group, it initiates group owner
-negotiation by calling \ref p2p_connect(). Before doing this, the upper
-layer code is responsible for asking the user to provide the PIN to be
-used during the provisioning step with the peer or the push button
-press for PBC mode. The glue code will need to figure out the intended
-interface address for the group before group owner negotiation can be
-started.
-
-Optional Provision Discovery mechanism can be used to request the peer
-to display a PIN for the local device to enter (and vice versa). Upper
-layer management entity can request the specific mechanism by calling
-\ref p2p_prov_disc_req(). The response to this will be reported with the
-\ref p2p_config::prov_disc_resp() callback. If the peer device started
-Provision Discovery, an accepted request will be reported with the
-\ref p2p_config::prov_disc_req() callback. The P2P module will
-automatically accept the Provision Discovery for display and keypad
-methods, but it is up to the upper layer manegement entity to actually
-generate the PIN and to configure it with following \ref p2p_connect() call
-to actually authorize the connection.
-
-The P2P module will use \ref p2p_config::send_action() callback to request
-lower layer code to transmit an Action frame during group owner
-negotiation. \ref p2p_send_action_cb() is used to report the result of
-transmission. If the peer is not reachable, the P2P module will try to
-find it by alternating between Action frame send and Listen
-states. The Listen state for this phase will be used similarly to the
-Listen state during device discovery as described above.
-
-Once the group owner negotiation has been completed, its results will
-be reported with the \ref p2p_config::go_neg_completed() callback. The
-upper layer management code or the glue code using the P2P module API
-is responsible for creating a new group interface and starting
-provisioning step at this point by configuring WPS Registrar or
-Enrollee functionality based on the reported group owner negotiation
-results. The upper layer code is also responsible for timing out WPS
-provisioning if it cannot be completed in 15 seconds.
-
-Successful completion of the WPS provisioning is reported with a call
-to \ref p2p_wps_success_cb(). The P2P module will clear its group formation
-state at this point and allows new group formation attempts to be
-started. The upper layer management code is responsible for configuring
-the GO to accept associations from devices and the client to connect to
-the GO with the provisioned credentials. GO is also responsible for
-calling \ref p2p_group_notif_formation_done() as described below.
-
-If the WPS provisioning step fails or times out, this is reported with
-a call to \ref p2p_group_formation_failed(). The P2P module will clear its
-group formation state at this point and allows new group formation
-attempts to be started. The upper layer management code is responsible
-for removing the group interface for the failed group.
-
-
-\section p2p_sd P2P service discovery
-
-P2P protocol includes service discovery functionality that can be used
-to discover which services are provided by the peers before forming a
-group. This leverages the Generic Advertisement Service (GAS) protocol
-from IEEE 802.11u and P2P vendor-specific contents inside the GAS
-messages.
-
-The P2P module takes care of GAS encapsulation, fragmentation, and
-actual transmission and reception of the Action frames needed for
-service discovery. The user of the P2P module is responsible for
-providing P2P specific Service Request TLV(s) for queries and Service
-Response TLV(s) for responses.
-
-\subsection p2p_sd_query Querying services of peers
-
-Service discovery is implemented by processing pending queries as a
-part of the device discovery phase. \ref p2p_sd_request() function is used
-to schedule service discovery queries to a specific peer or to all
-discovered peers. \ref p2p_sd_cancel_request() can be used to cancel a
-scheduled query. Queries that are specific to a single peer will be
-removed automatically after the response has been received.
-
-After the service discovery queries have been queued, device discovery
-is started with a call to \ref p2p_find(). The pending service discovery
-queries are then sent whenever a peer is discovered during the find
-operation. Responses to the queries will be reported with the
-\ref p2p_config::sd_response() callback.
-
-\subsection p2p_sd_response Replying to service discovery queries from peers
-
-The received service discovery requests will be indicated with the
-\ref p2p_config::sd_request() callback. The response to the query is sent
-by calling \ref p2p_sd_response().
-
-\subsection p2p_sd_indicator Service update indicator
-
-P2P service discovery provides a mechanism to notify peers about
-changes in available services. This works by incrementing Service
-Update Indicator value whenever there is a change in the
-services. This value is included in all SD request and response
-frames. The value received from the peers will be included in the
-\ref p2p_config::sd_request() and \ref p2p_config::sd_response() callbacks. The
-value to be sent to the peers is incremented with a call to
-\ref p2p_sd_service_update() whenever availability of the local services
-changes.
-
-
-\section p2p_go P2P group owner
-
-This section describes how P2P module can be used for managing
-per-group information in a group owner. The function calls are
-described based on the P2P module API. The exact design for the glue
-code outside the P2P module depends on the architecture used in the
-system.
-
-When a P2P group interface is created in group owner role, per-group
-data is initialized with \ref p2p_group_init(). This call provides a
-pointer to the per-device P2P module context and configures the
-per-group operation. The configured \ref p2p_group_config::ie_update()
-callback is used to set the initial P2P IE for Beacon and Probe
-Response frames in the group owner. The AP mode implementation may use
-this information to add IEs into the frames.
-
-Once the group formation has been completed (or if it is skipped in
-case of manual group setup), \ref p2p_group_notif_formation_done() is
-called. This will allow the P2P module to update the P2P IE for
-Beacon and Probe Response frames.
-
-The SME/MLME code that managements IEEE 802.11 association processing
-needs to inform P2P module whenever a P2P client associates or
-disassociates with the group. This is done by calling
-\ref p2p_group_notif_assoc() and \ref p2p_group_notif_disassoc(). The P2P module
-manages a list of group members and updates the P2P Group Information
-subelement in the P2P IE based on the information from the P2P
-clients. The \ref p2p_group_config::ie_update() callback is used whenever
-the P2P IE in Probe Response frames needs to be changed.
-
-The SME/MLME code that takes care of replying to Probe Request frames
-can use \ref p2p_group_match_dev_type() to check whether the Probe Request
-frame request a reply only from groups that include a specific device
-type in one of the clients or GO. A match will be reported if the
-Probe Request does not request a specific device type, so this
-function can be used to filter or received Probe Request frames and
-only the ones that result in non-zero return value need to be replied.
-
-When the P2P group interface for GO role is removed,
-\ref p2p_group_deinit() is used to deinitialize the per-group P2P module
-state.
-
-
-\section p2p_ctrl_iface P2P control interface
-
-wpa_supplicant \ref ctrl_iface_page "control interface" can be used
-to manage P2P functionality from an external program (e.g., a GUI or a
-system configuration manager). This interface can be used directly
-through the control interface backend mechanism (e.g., local domain
-sockets on Linux) or with help of wpa_cli (e.g., from a script).
-
-The following P2P-related commands are available:
-- \ref ctrl_iface_P2P_FIND P2P_FIND
-- \ref ctrl_iface_P2P_STOP_FIND P2P_STOP_FIND
-- \ref ctrl_iface_P2P_CONNECT P2P_CONNECT
-- \ref ctrl_iface_P2P_LISTEN P2P_LISTEN
-- \ref ctrl_iface_P2P_GROUP_REMOVE P2P_GROUP_REMOVE
-- \ref ctrl_iface_P2P_GROUP_ADD P2P_GROUP_ADD
-- \ref ctrl_iface_P2P_PROV_DISC P2P_PROV_DISC
-- \ref ctrl_iface_P2P_SERV_DISC_REQ P2P_SERV_DISC_REQ
-- \ref ctrl_iface_P2P_SERV_DISC_CANCEL_REQ P2P_SERV_DISC_CANCEL_REQ
-- \ref ctrl_iface_P2P_SERV_DISC_RESP P2P_SERV_DISC_RESP
-- \ref ctrl_iface_P2P_SERVICE_UPDATE P2P_SERVICE_UPDATE
-- \ref ctrl_iface_P2P_SERV_DISC_EXTERNAL P2P_SERV_DISC_EXTERNAL
-- \ref ctrl_iface_P2P_REJECT P2P_REJECT
-- \ref ctrl_iface_P2P_INVITE P2P_INVITE
-
-The following P2P-related events are used:
-- \ref ctrl_iface_event_P2P_EVENT_DEVICE_FOUND P2P-DEVICE-FOUND
-- \ref ctrl_iface_event_P2P_EVENT_GO_NEG_REQUEST P2P-GO-NEG-REQUEST
-- \ref ctrl_iface_event_P2P_EVENT_GO_NEG_SUCCESS P2P-GO-NEG-SUCCESS
-- \ref ctrl_iface_event_P2P_EVENT_GO_NEG_FAILURE P2P-GO-NEG-FAILURE
-- \ref ctrl_iface_event_P2P_EVENT_GROUP_FORMATION_SUCCESS P2P-GROUP-FORMATION-SUCCESS
-- \ref ctrl_iface_event_P2P_EVENT_GROUP_FORMATION_FAILURE P2P-GROUP-FORMATION-FAILURE
-- \ref ctrl_iface_event_P2P_EVENT_GROUP_STARTED P2P-GROUP-STARTED
-- \ref ctrl_iface_event_P2P_EVENT_GROUP_REMOVED P2P-GROUP-REMOVED
-- \ref ctrl_iface_event_P2P_EVENT_PROV_DISC_SHOW_PIN P2P-PROV-DISC-SHOW-PIN
-- \ref ctrl_iface_event_P2P_EVENT_PROV_DISC_ENTER_PIN P2P-PROV-DISC-ENTER-PIN
-- \ref ctrl_iface_event_P2P_EVENT_SERV_DISC_REQ P2P-SERV-DISC-REQ
-- \ref ctrl_iface_event_P2P_EVENT_SERV_DISC_RESP P2P-SERV-DISC-RESP
-- \ref ctrl_iface_event_P2P_EVENT_INVITATION_RECEIVED P2P-INVITATION-RECEIVED
-- \ref ctrl_iface_event_P2P_EVENT_INVITATION_RESULT P2P-INVITATION-RESULT
-
-
-\subsection p2p_wpa_gui GUI example (wpa_gui)
-
-wpa_gui has an example implementation of a GUI that could be used to
-manage P2P operations. The P2P related functionality is contained
-mostly in wpa_supplicant/wpa_gui-qt4/peers.cpp and it shows how the
-control interface commands and events can be used.
-
-
-\subsection p2p_wpa_cli wpa_cli example
-
-wpa_cli can be used to control wpa_supplicant in interactive
-mode. The following sessions show examples of commands used for
-device discovery and group formation. The lines starting with "> " are
-commands from the user (followed by command result indication) and
-lines starting with "<2>" are event messages from wpa_supplicant.
-
-P2P device "Wireless Client":
-
-\verbatim
-> p2p_find
-OK
-> <2>P2P-DEVICE-FOUND 02:40:61:c2:f3:b7 p2p_dev_addr=02:40:61:c2:f3:b7
-pri_dev_type=1-0050F204-1 name='Wireless Client 2' config_methods=0x18c
-dev_capab=0x1 group_capab=0x0
-<2>P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7
-<2>P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7
-> p2p_connect 02:40:61:c2:f3:b7 pbc
-OK
-<2>P2P-GO-NEG-SUCCESS 
-<2>P2P-GROUP-FORMATION-SUCCESS 
-<2>P2P-GROUP-STARTED sta0-p2p-0 client DIRECT-vM
-> interface
-Available interfaces:
-sta0-p2p-0
-sta0
-> p2p_group_remove sta0-p2p-0
-<2>P2P-GROUP-REMOVED sta0-p2p-0 client
-OK
-> term
-OK
-\endverbatim
-
-
-P2P device "Wireless Client2" (which ended up operating in GO role):
-
-\verbatim
-> p2p_find
-OK
-<2>P2P-DEVICE-FOUND 02:f0:bc:44:87:62 p2p_dev_addr=02:f0:bc:44:87:62
-pri_dev_type=1-0050F204-1 name='Wireless Client' config_methods=0x18c
-dev_capab=0x1 group_capab=0x0
-> p2p_connect 02:f0:bc:44:87:62 pbc
-OK
-<2>P2P-GO-NEG-SUCCESS 
-<2>P2P-GROUP-FORMATION-SUCCESS 
-<2>P2P-GROUP-STARTED sta1-p2p-0 GO DIRECT-vM
-> interface
-Available interfaces:
-sta1-p2p-0
-sta1
-> p2p_group_remove sta1-p2p-0
-<2>P2P-GROUP-REMOVED sta1-p2p-0 GO
-OK
-> term
-OK
-\endverbatim
-
-*/
diff --git a/doc/p2p_arch.dot b/doc/p2p_arch.dot
deleted file mode 100644
index 27ae0e2509d4..000000000000
--- a/doc/p2p_arch.dot
+++ /dev/null
@@ -1,85 +0,0 @@
-digraph p2p_arch {
-	ranksep=.75;
-	size = "7.5,7.5";
-
-	edge [dir=none];
-
-	subgraph cluster_wpa_gui {
-		label = "wpa_gui";
-
-		status -> Qt;
-		scan -> Qt;
-		network -> Qt;
-		Qt -> peers;
-		Qt -> WPS;
-		Qt -> gui_ctrl;
-
-		gui_ctrl [label="ctrl i/f"];
-	}
-
-	subgraph cluster_wpa_supplicant {
-		label = "wpa_supplicant"
-
-		ctrl_iface [label="ctrl i/f"];
-		authenticator [label="Authenticator"];
-		supplicant [label="Supplicant"];
-		driver_iface [label="driver i/f"];
-		p2p_module [label="P2P\nmodule"];
-		wps_registrar [label="WPS\nRegistrar"];
-		wps_enrollee [label="WPS\nEnrollee"];
-		mgmt_entity [label="Management\nentity"];
-
-		ctrl_iface -> mgmt_entity;
-		p2p_module -> mgmt_entity;
-		wps_registrar -> mgmt_entity;
-		wps_enrollee -> mgmt_entity;
-		mgmt_entity -> authenticator;
-		mgmt_entity -> supplicant;
-		mgmt_entity -> driver_iface;
-
-		{ rank = same; mgmt_entity; p2p_module; }
-	}
-
-	subgraph cluster_wpa_cli {
-		label = "wpa_cli -a"
-
-		wpa_cli_action;
-	}
-
-	subgraph cluster_dnsmasq {
-		label = "dnsmasq"
-
-		dnsmasq;
-	}
-
-	subgraph cluster_dhclient {
-		label = "dhclient"
-
-		dhclient;
-	}
-
-	subgraph cluster_kernel {
-		label = "Linux kernel"
-
-		cfg80211 -> mac80211;
-		netdev -> mac80211;
-		mac80211 -> ath9k;
-	}
-
-	gui_ctrl -> ctrl_iface;
-	wpa_cli_action -> ctrl_iface;
-
-	driver_iface -> cfg80211;
-
-	wpa_cli_action -> dnsmasq;
-	wpa_cli_action -> dhclient;
-
-	dnsmasq -> netdev;
-	dhclient -> netdev;
-
-	edge [color=blue,dir=both];
-	p2p_module -> mgmt_entity -> driver_iface -> cfg80211 -> mac80211 -> ath9k;
-
-	edge [color=green,dir=both];
-	peers -> Qt -> gui_ctrl -> ctrl_iface -> mgmt_entity -> p2p_module;
-}
diff --git a/doc/p2p_arch2.dot b/doc/p2p_arch2.dot
deleted file mode 100644
index 9c7b4b57a17f..000000000000
--- a/doc/p2p_arch2.dot
+++ /dev/null
@@ -1,85 +0,0 @@
-digraph p2p_arch2 {
-	ranksep=.75;
-	size = "7.5,7.5";
-
-	edge [dir=none];
-
-	subgraph cluster_wpa_gui {
-		label = "wpa_gui";
-
-		status -> Qt;
-		scan -> Qt;
-		network -> Qt;
-		Qt -> peers;
-		Qt -> WPS;
-		Qt -> gui_ctrl;
-
-		gui_ctrl [label="ctrl i/f"];
-	}
-
-	subgraph cluster_wpa_supplicant {
-		label = "wpa_supplicant"
-
-		ctrl_iface [label="ctrl i/f"];
-		authenticator [label="Authenticator"];
-		supplicant [label="Supplicant"];
-		driver_iface [label="driver i/f"];
-		wps_registrar [label="WPS\nRegistrar"];
-		wps_enrollee [label="WPS\nEnrollee"];
-		mgmt_entity [label="Management\nentity"];
-
-		ctrl_iface -> mgmt_entity;
-		wps_registrar -> mgmt_entity;
-		wps_enrollee -> mgmt_entity;
-		mgmt_entity -> authenticator;
-		mgmt_entity -> supplicant;
-		mgmt_entity -> driver_iface;
-	}
-
-	subgraph cluster_wpa_cli {
-		label = "wpa_cli -a"
-
-		wpa_cli_action;
-	}
-
-	subgraph cluster_dnsmasq {
-		label = "dnsmasq"
-
-		dnsmasq;
-	}
-
-	subgraph cluster_dhclient {
-		label = "dhclient"
-
-		dhclient;
-	}
-
-	subgraph cluster_kernel {
-		label = "Kernel"
-
-		ioctl -> umac;
-		netdev -> umac;
-		umac -> p2p_module;
-		p2p_module [label="P2P\nmodule"];
-		umac -> driver;
-
-		{ rank = same; umac; p2p_module; }
-	}
-
-	gui_ctrl -> ctrl_iface;
-	wpa_cli_action -> ctrl_iface;
-
-	driver_iface -> ioctl;
-
-	wpa_cli_action -> dnsmasq;
-	wpa_cli_action -> dhclient;
-
-	dnsmasq -> netdev;
-	dhclient -> netdev;
-
-	edge [color=blue,dir=both];
-	p2p_module -> umac -> driver;
-
-	edge [color=green,dir=both];
-	peers -> Qt -> gui_ctrl -> ctrl_iface -> mgmt_entity -> driver_iface -> ioctl -> umac -> p2p_module;
-}
diff --git a/doc/p2p_sm.dot b/doc/p2p_sm.dot
deleted file mode 100644
index 640caefcc6ad..000000000000
--- a/doc/p2p_sm.dot
+++ /dev/null
@@ -1,62 +0,0 @@
-digraph p2p {
-	ranksep=.75;
-	size = "8.5,7.5";
-
-	start -> IDLE;
-	start [label="Init",shape=none];
-
-	/* Discovery: Scan followed by Find(SEARCH,LISTEN) */
-	subgraph cluster_0 {
-		label="Discovery";
-		color=lightgrey;
-		node [color=blue];
-		/* SCAN and LISTEN currently not used in the implementation */
-		SCAN [style=dotted];
-		LISTEN [style=dotted];
-
-		SCAN -> LISTEN;
-		LISTEN -> SEARCH -> LISTEN [style=dotted];
-		SEARCH -> SD_DURING_FIND [label="Peer SD capab\nand no info", weight=100];
-		SD_DURING_FIND -> SEARCH [label="RX SD Resp\nor timeout", weight=100];
-		SEARCH -> PROV_DISC_DURING_FIND [label="Prov Disc cmd\nand no Resp", weight=100];
-		PROV_DISC_DURING_FIND -> SEARCH [label="RX Prov Disc Resp\nor timeout", weight=100];
-	}
-
-	/* Group Formation */
-	subgraph cluster_1 {
-		label="Group Formation";
-		color=lightgrey;
-		node [color=green];
-
-		CONNECT -> CONNECT_LISTEN [style=dotted,weight=100];
-		CONNECT_LISTEN -> CONNECT [style=dotted,weight=100];
-		CONNECT -> WAIT_PEER_IDLE [label="RX GO Neg Resp\n(info unavail)"];
-		WAIT_PEER_IDLE -> WAIT_PEER_CONNECT [style=dotted,weight=100];
-		WAIT_PEER_CONNECT -> WAIT_PEER_IDLE [style=dotted,weight=100];
-
-		CONNECT -> GO_NEG [label="RX GO Neg Resp\n(success)", weight=10];
-		CONNECT_LISTEN -> GO_NEG [label="RX GO Neg Req or\nTX GO Neg Resp"];
-		WAIT_PEER_CONNECT -> GO_NEG [label="RX GO Neg Req"];
-		GO_NEG -> PROVISIONING [label="TX/RX GO Neg Conf"];
-	}
-
-	PROVISIONING -> IDLE [label="WPS\nsuccess"];
-
-	/* External triggers */
-	IDLE -> SCAN [label="Find cmd",weight=20];
-	IDLE -> CONNECT [label="Connect cmd",weight=20];
-	IDLE -> LISTEN_ONLY [label="Listen cmd"];
-
-	/* Timeouts */
-/*
-	edge [color=red];
-	WAIT_PEER_IDLE -> IDLE [label="timeout", weight=0];
-	WAIT_PEER_CONNECT -> IDLE [label="timeout", weight=0];
-	CONNECT -> IDLE [label="timeout", weight=0];
-	CONNECT_LISTEN -> IDLE [label="timeout", weight=0];
-	GO_NEG -> IDLE [label="timeout", weight=0];
-	PROVISIONING -> IDLE [label="timeout", weight=0];
-	LISTEN_ONLY -> IDLE [label="timeout", weight=0];
-	SEARCH -> IDLE [label="timeout", weight=0];
-*/
-}
diff --git a/doc/porting.doxygen b/doc/porting.doxygen
deleted file mode 100644
index b4b78ef0504a..000000000000
--- a/doc/porting.doxygen
+++ /dev/null
@@ -1,209 +0,0 @@
-/**
-\page porting Porting to different target boards and operating systems
-
-wpa_supplicant was designed to be easily portable to different
-hardware (board, CPU) and software (OS, drivers) targets. It is
-already used with number of operating systems and numerous wireless
-card models and drivers. The main wpa_supplicant repository includes
-support for Linux, FreeBSD, and Windows. In addition, the code has been
-ported to number of other operating systems like VxWorks, PalmOS,
-Windows CE, and Windows Mobile. On the hardware
-side, wpa_supplicant is used on various systems: desktops, laptops,
-PDAs, and embedded devices with CPUs including x86, PowerPC,
-arm/xscale, and MIPS. Both big and little endian configurations are
-supported.
-
-
-\section ansi_c_extra Extra functions on top of ANSI C
-
-wpa_supplicant is mostly using ANSI C functions that are available on
-most targets. However, couple of additional functions that are common
-on modern UNIX systems are used. Number of these are listed with
-prototypes in \ref common.h (the \verbatim #ifdef CONFIG_ANSI_C_EXTRA \endverbatim
-block). These functions may need to be implemented or at least defined
-as macros to native functions in the target OS or C library.
-
-Many of the common ANSI C functions are used through a wrapper
-definitions in \ref os.h to allow these to be replaced easily with a
-platform specific version in case standard C libraries are not
-available. In addition, \ref os.h defines couple of common platform
-specific functions that are implemented in \ref os_unix.c for UNIX like
-targets and in \ref os_win32.c for Win32 API. If the target platform does
-not support either of these examples, a new os_*.c file may need to be
-added.
-
-Unless OS_NO_C_LIB_DEFINES is defined, the standard ANSI C and POSIX
-functions are used by defining the os_*() wrappers to use them
-directly in order to avoid extra cost in size and speed. If the target
-platform needs different versions of the functions, \ref os.h can be
-modified to define the suitable macros or alternatively,
-OS_NO_C_LIB_DEFINES may be defined for the build and the wrapper
-functions can then be implemented in a new os_*.c wrapper file.
-
-\ref common.h defines number of helper macros for handling integers of
-different size and byte order. Suitable version of these definitions
-may need to be added for the target platform.
-
-
-\section configuration_backend Configuration backend
-
-wpa_supplicant implements a configuration interface that allows the
-backend to be easily replaced in order to read configuration data from
-a suitable source depending on the target platform. \ref config.c
-implements the generic code that can be shared with all configuration
-backends. Each backend is implemented in its own config_*.c file.
-
-The included \ref config_file.c backend uses a text file for configuration
-and \ref config_winreg.c uses Windows registry. These files can be used as
-an example for a new configuration backend if the target platform uses
-different mechanism for configuration parameters. In addition,
-\ref config_none.c can be used as an empty starting point for building a
-new configuration backend.
-
-
-\section driver_iface_porting Driver interface
-
-Unless the target OS and driver is already supported, most porting
-projects have to implement a driver wrapper. This may be done by
-adding a new driver interface module or modifying an existing module
-(driver_*.c) if the new target is similar to one of them. \ref
-driver_wrapper "Driver wrapper implementation" describes the details
-of the driver interface and discusses the tasks involved in porting
-this part of wpa_supplicant.
-
-
-\section l2_packet_porting l2_packet (link layer access)
-
-wpa_supplicant needs to have access to sending and receiving layer 2
-(link layer) packets with two Ethertypes: EAP-over-LAN (EAPOL) 0x888e
-and RSN pre-authentication 0x88c7. \ref l2_packet.h defines the interfaces
-used for this in the core wpa_supplicant implementation.
-
-If the target operating system supports a generic mechanism for link
-layer access, that is likely the best mechanism for providing the
-needed functionality for wpa_supplicant. Linux packet socket is an
-example of such a generic mechanism. If this is not available, a
-separate interface may need to be implemented to the network stack or
-driver. This is usually an intermediate or protocol driver that is
-operating between the device driver and the OS network stack. If such
-a mechanism is not feasible, the interface can also be implemented
-directly in the device driver.
-
-The main wpa_supplicant repository includes l2_packet implementations
-for Linux using packet sockets (\ref l2_packet_linux.c), more portable
-version using libpcap/libdnet libraries (\ref l2_packet_pcap.c; this
-supports WinPcap, too), and FreeBSD specific version of libpcap
-interface (\ref l2_packet_freebsd.c).
-
-If the target operating system is supported by libpcap (receiving) and
-libdnet (sending), \ref l2_packet_pcap.c can likely be used with minimal or
-no changes. If this is not a case or a proprietary interface for link
-layer is required, a new l2_packet module may need to be
-added. Alternatively, for hostapd,
-struct \ref wpa_driver_ops::hapd_send_eapol() handler can
-be used to override the l2_packet library if the link layer access is
-integrated with the driver interface implementation.
-
-
-\section eloop_porting Event loop
-
-wpa_supplicant uses a single process/thread model and an event loop
-to provide callbacks on events (registered timeout, received packet,
-signal). eloop.h defines the event loop interface. \ref eloop.c is an
-implementation of such an event loop using select() and sockets. This
-is suitable for most UNIX/POSIX systems. When porting to other
-operating systems, it may be necessary to replace that implementation
-with OS specific mechanisms that provide similar functionality.
-
-
-\section ctrl_iface_porting Control interface
-
-wpa_supplicant uses a \ref ctrl_iface_page "control interface"
-to allow external processed
-to get status information and to control the operations. Currently,
-this is implemented with socket based communication; both UNIX domain
-sockets and UDP sockets are supported. If the target OS does not
-support sockets, this interface will likely need to be modified to use
-another mechanism like message queues. The control interface is
-optional component, so it is also possible to run wpa_supplicant
-without porting this part.
-
-The wpa_supplicant side of the control interface is implemented in
-\ref wpa_supplicant/ctrl_iface.c. Matching client side is implemented as a control
-interface library in \ref wpa_ctrl.c.
-
-
-\section entry_point Program entry point
-
-wpa_supplicant defines a set of functions that can be used to
-initialize main supplicant processing. Each operating system has a
-mechanism for starting new processing or threads. This is usually a
-function with a specific set of arguments and calling convention. This
-function is responsible on initializing wpa_supplicant.
-
-\ref wpa_supplicant/main.c includes an entry point for UNIX-like
-operating system, i.e., main() function that uses command line arguments
-for setting parameters for wpa_supplicant. When porting to other
-operating systems, similar OS-specific entry point implementation is
-needed. It can be implemented in a new file that is then linked with
-wpa_supplicant instead of main.o. \ref wpa_supplicant/main.c is also a
-good example on how the initialization process should be done.
-
-The supplicant initialization functions are defined in
-\ref wpa_supplicant_i.h. In most cases, the entry point function should
-start by fetching configuration parameters. After this, a global
-wpa_supplicant context is initialized with a call to
-\ref wpa_supplicant_init(). After this, existing network interfaces can be
-added with \ref wpa_supplicant_add_iface(). \ref wpa_supplicant_run() is then
-used to start the main event loop. Once this returns at program
-termination time, \ref wpa_supplicant_deinit() is used to release global
-context data.
-
-\ref wpa_supplicant_add_iface() and \ref wpa_supplicant_remove_iface() can be
-used dynamically to add and remove interfaces based on when
-wpa_supplicant processing is needed for them. This can be done, e.g.,
-when hotplug network adapters are being inserted and ejected. It is
-also possible to do this when a network interface is being
-enabled/disabled if it is desirable that wpa_supplicant processing
-for the interface is fully enabled/disabled at the same time.
-
-
-\section simple_build Simple build example
-
-One way to start a porting project is to begin with a very simple
-build of wpa_supplicant with WPA-PSK support and once that is
-building correctly, start adding features.
-
-Following command can be used to build very simple version of
-wpa_supplicant:
-
-\verbatim
-cc -o wpa_supplicant config.c eloop.c common.c md5.c rc4.c sha1.c \
-	config_none.c l2_packet_none.c tls_none.c wpa.c preauth.c \
-	aes_wrap.c wpa_supplicant.c events.c main_none.c drivers.c
-\endverbatim
-
-The end result is not really very useful since it uses empty functions
-for configuration parsing and layer 2 packet access and does not
-include a driver interface. However, this is a good starting point
-since the build is complete in the sense that all functions are
-present and this is easy to configure to a build system by just
-including the listed C files.
-
-Once this version can be build successfully, the end result can be
-made functional by adding a proper program entry point (main*.c),
-driver interface (driver_*.c and matching CONFIG_DRIVER_* define for
-registration in \ref drivers.c), configuration parser/writer (config_*.c),
-and layer 2 packet access implementation (l2_packet_*.c). After these
-components have been added, the end result should be a working
-WPA/WPA2-PSK enabled supplicant.
-
-After the basic functionality has been verified to work, more features
-can be added by linking in more files and defining C pre-processor
-defines. Currently, the best source of information for what options
-are available and which files needs to be included is in the Makefile
-used for building the supplicant with make. Similar configuration will
-be needed for build systems that either use different type of make
-tool or a GUI-based project configuration.
-
-*/
diff --git a/doc/testing_tools.doxygen b/doc/testing_tools.doxygen
deleted file mode 100644
index d12652415634..000000000000
--- a/doc/testing_tools.doxygen
+++ /dev/null
@@ -1,201 +0,0 @@
-/**
-\page testing_tools Testing and development tools
-
-[ \ref eapol_test "eapol_test" |
-\ref preauth_test "preauth_test" |
-\ref unit_tests "Unit tests" |
-\ref wpa_trace "Tracing code" ]
-
-wpa_supplicant source tree includes number of testing and development
-tools that make it easier to test the programs without having to setup
-a full test setup with wireless cards. In addition, these tools can be
-used to implement automatic tests suites.
-
-\section eapol_test eapol_test - EAP peer and RADIUS client testing
-
-eapol_test is a program that links together the same EAP peer
-implementation that wpa_supplicant is using and the RADIUS
-authentication client code from hostapd. In addition, it has minimal
-glue code to combine these two components in similar ways to IEEE
-802.1X/EAPOL Authenticator state machines. In other words, it
-integrates IEEE 802.1X Authenticator (normally, an access point) and
-IEEE 802.1X Supplicant (normally, a wireless client) together to
-generate a single program that can be used to test EAP methods without
-having to setup an access point and a wireless client.
-
-The main uses for eapol_test are in interoperability testing of EAP
-methods against RADIUS servers and in development testing for new EAP
-methods. It can be easily used to automate EAP testing for
-interoperability and regression since the program can be run from
-shell scripts without require additional test components apart from a
-RADIUS server. For example, the automated EAP tests described in
-eap_testing.txt are implemented with eapol_test. Similarly, eapol_test
-could be used to implement an automated regression test suite for a
-RADIUS authentication server.
-
-eapol_test uses the same build time configuration file, .config, as
-wpa_supplicant. This file is used to select which EAP methods are
-included in eapol_test. This program is not built with the default
-Makefile target, so a separate make command needs to be used to
-compile the tool:
-
-\verbatim
-make eapol_test
-\endverbatim
-
-The resulting eapol_test binary has following command like options:
-
-\verbatim
-usage:
-eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] [-s<AS secret>] \
-           [-r<count>] [-t<timeout>] [-C<Connect-Info>] \
-           [-M<client MAC address>]
-eapol_test scard
-eapol_test sim <PIN> <num triplets> [debug]
-
-options:
-  -c<conf> = configuration file
-  -a<AS IP> = IP address of the authentication server, default 127.0.0.1
-  -p<AS port> = UDP port of the authentication server, default 1812
-  -s<AS secret> = shared secret with the authentication server, default 'radius'
-  -r<count> = number of re-authentications
-  -W = wait for a control interface monitor before starting
-  -S = save configuration after authentiation
-  -n = no MPPE keys expected
-  -t<timeout> = sets timeout in seconds (default: 30 s)
-  -C<Connect-Info> = RADIUS Connect-Info (default: CONNECT 11Mbps 802.11b)
-  -M<client MAC address> = Set own MAC address (Calling-Station-Id,
-                           default: 02:00:00:00:00:01)
-\endverbatim
-
-
-As an example,
-\verbatim
-eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
-\endverbatim
-tries to complete EAP authentication based on the network
-configuration from test.conf against the RADIUS server running on the
-local host. A re-authentication is triggered to test fast
-re-authentication. The configuration file uses the same format for
-network blocks as wpa_supplicant.
-
-
-\section preauth_test preauth_test - WPA2 pre-authentication and EAP peer testing
-
-preauth_test is similar to eapol_test in the sense that in combines
-EAP peer implementation with something else, in this case, with WPA2
-pre-authentication. This tool can be used to test pre-authentication
-based on the code that wpa_supplicant is using. As such, it tests
-both the wpa_supplicant implementation and the functionality of an
-access point.
-
-preauth_test is built with:
-
-\verbatim
-make preauth_test
-\endverbatim
-
-and it uses following command line arguments:
-
-\verbatim
-usage: preauth_test <conf> <target MAC address> <ifname>
-\endverbatim
-
-For example,
-\verbatim
-preauth_test test.conf 02:11:22:33:44:55 eth0
-\endverbatim
-would use network configuration from test.conf to try to complete
-pre-authentication with AP using BSSID 02:11:22:33:44:55. The
-pre-authentication packets would be sent using the eth0 interface.
-
-
-\section unit_tests Unit tests
-
-Number of the components (.c files) used in wpa_supplicant define
-their own unit tests for automated validation of the basic
-functionality. Most of the tests for cryptographic algorithms are
-using standard test vectors to validate functionality. These tests can
-be useful especially when verifying port to a new CPU target.
-
-The test programs are collected in the tests subdirectory. All
-automated unit tests can be run with
-
-\verbatim
-make run-tests
-\endverbatim
-
-This make target builds and runs each test and terminates with zero
-exit code if all tests were completed successfully.
-
-
-\section wpa_trace Tracing code for developer debuggin
-
-wpa_supplicant and hostapd can be built with tracing code that will
-track and analyze memory allocations and other resource registrations
-and certain API uses. If incorrect use is detected, a backtrace of the
-call location (and/or allocation location) is shown. This can also be
-used to detect certain categories of memory leaks and report them
-automatically when the program is terminated. The report will also
-include information about forgotten eloop events.
-
-The trace code can be enabled with CONFIG_WPA_TRACE=y build
-option. More verbose backtrace information can be generated if libbfd
-is available and the binaries are not stripped of symbol
-information. This is enabled with CONFIG_WPA_TRACE_BFD=y.
-
-For example, a memory leak (forgotten os_free() call) would show up
-like this when the program is terminated:
-
-\verbatim
-MEMLEAK[0x82d200]: len 128
-WPA_TRACE: memleak - START
-[0]: ./wpa_supplicant(os_malloc+0x59) [0x41a5e9]
-     os_malloc() ../src/utils/os_unix.c:359
-[1]: ./wpa_supplicant(os_zalloc+0x16) [0x41a676]
-     os_zalloc() ../src/utils/os_unix.c:418
-[2]: ./wpa_supplicant(wpa_supplicant_init+0x38) [0x48b508]
-     wpa_supplicant_init() wpa_supplicant.c:2315
-[3]: ./wpa_supplicant(main+0x2f3) [0x491073]
-     main() main.c:252
-WPA_TRACE: memleak - END
-MEMLEAK: total 128 bytes
-\endverbatim
-
-Another type of error that can be detected is freeing of memory area
-that was registered for some use and is still be referenced:
-
-\verbatim
-WPA_TRACE: Freeing referenced memory - START
-[2]: ./wpa_supplicant(os_free+0x5c) [0x41a53c]
-     os_free() ../src/utils/os_unix.c:411
-[3]: ./wpa_supplicant(wpa_supplicant_remove_iface+0x30) [0x48b380]
-     wpa_supplicant_remove_iface() wpa_supplicant.c:2259
-[4]: ./wpa_supplicant(wpa_supplicant_deinit+0x20) [0x48b3e0]
-     wpa_supplicant_deinit() wpa_supplicant.c:2430
-[5]: ./wpa_supplicant(main+0x357) [0x4910d7]
-     main() main.c:276
-WPA_TRACE: Freeing referenced memory - END
-WPA_TRACE: Reference registration - START
-[1]: ./wpa_supplicant [0x41c040]
-     eloop_trace_sock_add_ref() ../src/utils/eloop.c:94
-[2]: ./wpa_supplicant(wpa_supplicant_ctrl_iface_deinit+0x17) [0x473247]
-     wpa_supplicant_ctrl_iface_deinit() ctrl_iface_unix.c:436
-[3]: ./wpa_supplicant [0x48b21c]
-     wpa_supplicant_cleanup() wpa_supplicant.c:378
-     wpa_supplicant_deinit_iface() wpa_supplicant.c:2155
-[4]: ./wpa_supplicant(wpa_supplicant_remove_iface+0x30) [0x48b380]
-     wpa_supplicant_remove_iface() wpa_supplicant.c:2259
-[5]: ./wpa_supplicant(wpa_supplicant_deinit+0x20) [0x48b3e0]
-     wpa_supplicant_deinit() wpa_supplicant.c:2430
-[6]: ./wpa_supplicant(main+0x357) [0x4910d7]
-     main() main.c:276
-WPA_TRACE: Reference registration - END
-Aborted
-\endverbatim
-
-This type of error results in showing backtraces for both the location
-where the incorrect freeing happened and the location where the memory
-area was marked referenced.
-
-*/
diff --git a/doc/wpa_supplicant.fig b/doc/wpa_supplicant.fig
deleted file mode 100644
index d2c4306b8e03..000000000000
--- a/doc/wpa_supplicant.fig
+++ /dev/null
@@ -1,247 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-6 1875 4050 2925 4350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1875 4050 2925 4050 2925 4350 1875 4350 1875 4050
-4 0 0 50 -1 0 12 0.0000 4 180 735 2025 4275 l2_packet\001
--6
-6 3450 1200 4275 1500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3450 1200 4275 1200 4275 1500 3450 1500 3450 1200
-4 0 0 50 -1 0 12 0.0000 4 180 585 3600 1425 wpa_cli\001
--6
-6 4725 1200 5925 1500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4725 1200 5925 1200 5925 1500 4725 1500 4725 1200
-4 0 0 50 -1 0 12 0.0000 4 135 1005 4800 1425 GUI frontend\001
--6
-6 6000 2700 7200 3225
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 2700 7200 2700 7200 3225 6000 3225 6000 2700
-4 0 0 50 -1 0 12 0.0000 4 135 975 6075 2925 WPA/WPA2\001
-4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 3150 state machine\001
--6
-6 6000 4950 7200 5475
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 4950 7200 4950 7200 5475 6000 5475 6000 4950
-4 0 0 50 -1 0 12 0.0000 4 135 360 6075 5175 EAP\001
-4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 5400 state machine\001
--6
-6 8700 3000 9375 3300
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8700 3000 9375 3000 9375 3300 8700 3300 8700 3000
-4 0 0 50 -1 0 12 0.0000 4 150 480 8775 3225 crypto\001
--6
-6 4350 3900 5025 4425
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4350 3900 5025 3900 5025 4425 4350 4425 4350 3900
-4 0 0 50 -1 0 12 0.0000 4 105 420 4500 4125 event\001
-4 0 0 50 -1 0 12 0.0000 4 180 315 4500 4350 loop\001
--6
-6 4275 2550 5100 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4275 2550 5100 2550 5100 2850 4275 2850 4275 2550
-4 0 0 50 -1 0 12 0.0000 4 135 450 4425 2775 ctrl i/f\001
--6
-6 6000 3900 7200 4425
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6000 3900 7200 3900 7200 4425 6000 4425 6000 3900
-4 0 0 50 -1 0 12 0.0000 4 135 600 6075 4125 EAPOL\001
-4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 4350 state machine\001
--6
-6 1800 6000 7800 8100
-6 1800 6000 7800 7200
-6 1800 6900 2700 7200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1800 6900 2700 6900 2700 7200 1800 7200 1800 6900
-4 0 0 50 -1 0 12 0.0000 4 105 375 1875 7125 wext\001
--6
-6 4725 6900 5625 7200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4725 6900 5625 6900 5625 7200 4725 7200 4725 6900
-4 0 0 50 -1 0 12 0.0000 4 135 555 4800 7125 hermes\001
--6
-6 6675 6900 7800 7200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6675 6900 7800 6900 7800 7200 6675 7200 6675 6900
-4 0 0 50 -1 0 12 0.0000 4 180 930 6750 7125 ndiswrapper\001
--6
-6 5700 6900 6600 7200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5700 6900 6600 6900 6600 7200 5700 7200 5700 6900
-4 0 0 50 -1 0 12 0.0000 4 135 420 5775 7125 atmel\001
--6
-6 4275 6000 5100 6300
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 4275 6000 5100 6000 5100 6300 4275 6300 4275 6000
-4 0 0 50 -1 0 12 0.0000 4 135 630 4350 6225 driver i/f\001
--6
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2775 6900 3675 6900 3675 7200 2775 7200 2775 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3750 6900 4650 6900 4650 7200 3750 7200 3750 6900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
-	 2250 6900 2250 6600 7200 6600 7200 6900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 3225 6900 3225 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4200 6900 4200 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5175 6900 5175 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6150 6900 6150 6600
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4650 6600 4650 6300
-4 0 0 50 -1 0 12 0.0000 4 180 510 2850 7125 hostap\001
-4 0 0 50 -1 0 12 0.0000 4 135 600 3825 7125 nl80211\001
--6
-6 3525 7800 5775 8100
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3525 7800 5775 7800 5775 8100 3525 8100 3525 7800
-4 0 0 50 -1 0 12 0.0000 4 135 2145 3600 8025 kernel network device driver\001
--6
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 2250 7200 4200 7800
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 7200 7200 5100 7800
--6
-6 9600 3000 10275 3300
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9600 3000 10275 3000 10275 3300 9600 3300 9600 3000
-4 0 0 50 -1 0 12 0.0000 4 135 315 9750 3225 TLS\001
--6
-6 8100 4425 10425 7350
-6 8175 4725 9225 5025
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 4725 9225 4725 9225 5025 8175 5025 8175 4725
-4 0 0 50 -1 0 12 0.0000 4 135 735 8250 4950 EAP-TLS\001
--6
-6 9300 4725 10350 5025
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 4725 10350 4725 10350 5025 9300 5025 9300 4725
-4 0 0 50 -1 0 12 0.0000 4 135 810 9375 4950 EAP-MD5\001
--6
-6 8175 5100 9225 5400
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 5100 9225 5100 9225 5400 8175 5400 8175 5100
-4 0 0 50 -1 0 12 0.0000 4 135 885 8250 5325 EAP-PEAP\001
--6
-6 9300 5100 10350 5400
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 5100 10350 5100 10350 5400 9300 5400 9300 5100
-4 0 0 50 -1 0 12 0.0000 4 135 840 9375 5325 EAP-TTLS\001
--6
-6 8175 5475 9225 5775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 5475 9225 5475 9225 5775 8175 5775 8175 5475
-4 0 0 50 -1 0 12 0.0000 4 135 780 8250 5700 EAP-GTC\001
--6
-6 9300 5475 10350 5775
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 5475 10350 5475 10350 5775 9300 5775 9300 5475
-4 0 0 50 -1 0 12 0.0000 4 135 765 9375 5700 EAP-OTP\001
--6
-6 8175 5850 9225 6150
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 5850 9225 5850 9225 6150 8175 6150 8175 5850
-4 0 0 50 -1 0 12 0.0000 4 135 750 8250 6075 EAP-SIM\001
--6
-6 9300 6225 10350 6525
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 6225 10350 6225 10350 6525 9300 6525 9300 6225
-4 0 0 50 -1 0 12 0.0000 4 135 465 9375 6450 LEAP\001
--6
-6 8175 6225 9225 6525
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 6225 9225 6225 9225 6525 8175 6525 8175 6225
-4 0 0 50 -1 0 12 0.0000 4 135 765 8250 6450 EAP-PSK\001
--6
-6 9300 5850 10350 6150
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 5850 10350 5850 10350 6150 9300 6150 9300 5850
-4 0 0 50 -1 0 12 0.0000 4 135 825 9375 6075 EAP-AKA\001
--6
-6 8175 6975 9675 7275
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 6975 9675 6975 9675 7275 8175 7275 8175 6975
-4 0 0 50 -1 0 12 0.0000 4 135 1365 8250 7200 EAP-MSCHAPv2\001
--6
-6 9300 6600 10350 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 9300 6600 10350 6600 10350 6900 9300 6900 9300 6600
-4 0 0 50 -1 0 12 0.0000 4 135 870 9375 6825 EAP-FAST\001
--6
-6 8175 6600 9225 6900
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8175 6600 9225 6600 9225 6900 8175 6900 8175 6600
-4 0 0 50 -1 0 12 0.0000 4 135 795 8250 6825 EAP-PAX\001
--6
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 8100 7350 10425 7350 10425 4425 8100 4425 8100 7350
-4 0 0 50 -1 0 12 0.0000 4 135 1050 8700 4650 EAP methods\001
--6
-6 2775 5025 4050 5325
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2775 5025 4050 5025 4050 5325 2775 5325 2775 5025
-4 0 0 50 -1 0 12 0.0000 4 135 990 2925 5250 driver events\001
--6
-6 2775 3150 4050 3450
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2775 3150 4050 3150 4050 3450 2775 3450 2775 3150
-4 0 0 50 -1 0 12 0.0000 4 180 990 2925 3375 configuration\001
--6
-2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
-	 1275 4200 1875 4200
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 4500 2550 3900 1500
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
-	 4800 2550 5400 1500
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 2925 4200 4350 4200
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5025 3900 6000 3000
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 5025 4200 6000 4200
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4650 6000 4650 4425
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6600 4425 6600 4950
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6600 3225 6600 3900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 5250 8100 5250
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 9075 4425 9075 3300
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 3000 8700 3150
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4650 3900 4650 2850
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 7200 4125 8700 3300
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6000 4350 5025 6000
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 6000 3150 4875 6000
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1500 2100 10800 2100 10800 7500 1500 7500 1500 2100
-2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 9900 4425 9900 3300
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 1
-	 4350 3900
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4350 3900 4050 3450
-2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
-	 4350 4425 4050 5025
-4 0 0 50 -1 0 12 0.0000 4 135 915 375 3975 EAPOL and\001
-4 0 0 50 -1 0 12 0.0000 4 180 630 375 4200 pre-auth\001
-4 0 0 50 -1 0 12 0.0000 4 180 810 375 4425 ethertypes\001
-4 0 0 50 -1 0 12 0.0000 4 135 1050 375 4650 from/to kernel\001
-4 0 0 50 -1 0 12 0.0000 4 135 1920 3675 1875 frontend control interface\001
-4 0 0 50 -1 2 14 0.0000 4 210 1440 1637 2371 wpa_supplicant\001
diff --git a/eap_example/.gitignore b/eap_example/.gitignore
deleted file mode 100644
index 4d6d2d1301b2..000000000000
--- a/eap_example/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.d
-eap_example
-libeap.so
-libeap.a
diff --git a/eap_example/Makefile b/eap_example/Makefile
deleted file mode 100644
index 691466f03c9a..000000000000
--- a/eap_example/Makefile
+++ /dev/null
@@ -1,119 +0,0 @@
-ALL=eap_example
-
-include ../src/build.rules
-
-CFLAGS += -I.
-CFLAGS += -I../src
-CFLAGS += -I../src/utils
-
-
-EAP_LIBS += ../src/utils/libutils.a
-EAP_LIBS += ../src/crypto/libcrypto.a
-EAP_LIBS += ../src/tls/libtls.a
-
-OBJS_both += ../src/eap_common/eap_peap_common.o
-OBJS_both += ../src/eap_common/eap_psk_common.o
-OBJS_both += ../src/eap_common/eap_pax_common.o
-OBJS_both += ../src/eap_common/eap_sake_common.o
-OBJS_both += ../src/eap_common/eap_gpsk_common.o
-OBJS_both += ../src/eap_common/chap.o
-
-OBJS_peer += ../src/eap_peer/eap_tls.o
-OBJS_peer += ../src/eap_peer/eap_peap.o
-OBJS_peer += ../src/eap_peer/eap_ttls.o
-OBJS_peer += ../src/eap_peer/eap_md5.o
-OBJS_peer += ../src/eap_peer/eap_mschapv2.o
-OBJS_peer += ../src/eap_peer/mschapv2.o
-OBJS_peer += ../src/eap_peer/eap_otp.o
-OBJS_peer += ../src/eap_peer/eap_gtc.o
-OBJS_peer += ../src/eap_peer/eap_leap.o
-OBJS_peer += ../src/eap_peer/eap_psk.o
-OBJS_peer += ../src/eap_peer/eap_pax.o
-OBJS_peer += ../src/eap_peer/eap_sake.o
-OBJS_peer += ../src/eap_peer/eap_gpsk.o
-OBJS_peer += ../src/eap_peer/eap.o
-OBJS_peer += ../src/eap_common/eap_common.o
-OBJS_peer += ../src/eap_peer/eap_methods.o
-OBJS_peer += ../src/eap_peer/eap_tls_common.o
-
-CFLAGS += -DEAP_TLS
-CFLAGS += -DEAP_PEAP
-CFLAGS += -DEAP_TTLS
-CFLAGS += -DEAP_MD5
-CFLAGS += -DEAP_MSCHAPv2
-CFLAGS += -DEAP_GTC
-CFLAGS += -DEAP_OTP
-CFLAGS += -DEAP_LEAP
-CFLAGS += -DEAP_PSK
-CFLAGS += -DEAP_PAX
-CFLAGS += -DEAP_SAKE
-CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256
-
-CFLAGS += -DEAP_SERVER_IDENTITY
-CFLAGS += -DEAP_SERVER_TLS
-CFLAGS += -DEAP_SERVER_PEAP
-CFLAGS += -DEAP_SERVER_TTLS
-CFLAGS += -DEAP_SERVER_MD5
-CFLAGS += -DEAP_SERVER_MSCHAPV2
-CFLAGS += -DEAP_SERVER_GTC
-CFLAGS += -DEAP_SERVER_PSK
-CFLAGS += -DEAP_SERVER_PAX
-CFLAGS += -DEAP_SERVER_SAKE
-CFLAGS += -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256
-
-CFLAGS += -DIEEE8021X_EAPOL
-
-
-# Optional components to add EAP server support
-OBJS_server += ../src/eap_server/eap_server_tls.o
-OBJS_server += ../src/eap_server/eap_server_peap.o
-OBJS_server += ../src/eap_server/eap_server_ttls.o
-OBJS_server += ../src/eap_server/eap_server_md5.o
-OBJS_server += ../src/eap_server/eap_server_mschapv2.o
-OBJS_server += ../src/eap_server/eap_server_gtc.o
-OBJS_server += ../src/eap_server/eap_server_psk.o
-OBJS_server += ../src/eap_server/eap_server_pax.o
-OBJS_server += ../src/eap_server/eap_server_sake.o
-OBJS_server += ../src/eap_server/eap_server_gpsk.o
-OBJS_server += ../src/eap_server/eap_server.o
-OBJS_server += ../src/eap_server/eap_server_identity.o
-OBJS_server += ../src/eap_server/eap_server_methods.o
-OBJS_server += ../src/eap_server/eap_server_tls_common.o
-CFLAGS += -DEAP_SERVER
-
-
-OBJS_lib=$(OBJS_both) $(OBJS_peer) $(OBJS_server)
-_OBJS_VAR := OBJS_lib
-include ../src/objs.mk
-
-OBJS_ex = eap_example.o eap_example_peer.o eap_example_server.o
-_OBJS_VAR := OBJS_ex
-include ../src/objs.mk
-
-_OBJS_VAR := EAP_LIBS
-include ../src/objs.mk
-
-
-ifneq ($(CONFIG_SOLIB), yes)
-LIBEAP = libeap.a
-libeap.a: $(EAP_LIBS) $(OBJS_lib)
-	$(AR) crT libeap.a $^
-	$(RANLIB) libeap.a
-
-else
-CFLAGS  += -fPIC -DPIC
-LDFLAGS += -shared
-
-LIBEAP  = libeap.so
-libeap.so: $(EAP_LIBS) $(OBJS_lib)
-	$(LDO) $(LDFLAGS) $^ -o $(LIBEAP)
-
-endif
-
-eap_example: $(OBJS_ex) $(LIBEAP)
-	$(LDO) $(LDFLAGS) -o eap_example $(OBJS_ex) -L. -leap $(LIBS)
-
-clean: common-clean
-	rm -f core *~ *.o *.d libeap.a libeap.so
-
--include $(OBJS:%.o=%.d)
diff --git a/eap_example/README b/eap_example/README
deleted file mode 100644
index 0c2921e3be93..000000000000
--- a/eap_example/README
+++ /dev/null
@@ -1,42 +0,0 @@
-EAP peer/server library and example program
-Copyright (c) 2007, Jouni Malinen <j@w1.fi>
-
-This software may be distributed under the terms of the BSD license.
-See the parent directory README for more details.
-
-
-The interfaces of the EAP server/peer implementation are based on RFC
-4137 (EAP State Machines). This RFC is coordinated with the state
-machines defined in IEEE 802.1X-2004. hostapd and wpa_supplicant
-include implementation of the IEEE 802.1X EAPOL state machines and the
-interface between them and EAP. However, the EAP implementation can be
-used with other protocols, too, by providing a compatible interface
-which maps the EAPOL<->EAP variables to another protocol.
-
-This directory contains an example showing how EAP peer and server
-code from wpa_supplicant and hostapd can be used as a library. The
-example program initializes both an EAP server and an EAP peer
-entities and then runs through an EAP-PEAP/MSCHAPv2 authentication.
-
-eap_example_peer.c shows the initialization and glue code needed to
-control the EAP peer implementation. eap_example_server.c does the
-same for EAP server. eap_example.c is an example that ties in both the
-EAP server and client parts to allow an EAP authentication to be
-shown.
-
-In this example, the EAP messages are passed between the server and
-the peer are passed by direct function calls within the same process.
-In practice, server and peer functionalities would likely reside in
-separate devices and the EAP messages would be transmitted between the
-devices based on an external protocol. For example, in IEEE 802.11
-uses IEEE 802.1X EAPOL state machines to control the transmission of
-EAP messages and WiMax supports optional PMK EAP authentication
-mechanism that transmits EAP messages as defined in IEEE 802.16e.
-
-
-The EAP library links in number of helper functions from src/utils and
-src/crypto directories. Most of these are suitable as-is, but it may
-be desirable to replace the debug output code in src/utils/wpa_debug.c
-by dropping this file from the library and re-implementing the
-functions there in a way that better fits in with the main
-application.
diff --git a/eap_example/ca.pem b/eap_example/ca.pem
deleted file mode 100644
index b128893a1e7b..000000000000
--- a/eap_example/ca.pem
+++ /dev/null
@@ -1,55 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: Jun 29 16:41:22 2013 GMT
-            Not After : Jun 27 16:41:22 2023 GMT
-        Subject: C=FI, O=w1.fi, CN=Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28:
-                    90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff:
-                    f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7:
-                    db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c:
-                    81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b:
-                    0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16:
-                    c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad:
-                    38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7:
-                    ae:8a:b6:d1:e7:b3:15:02:b9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
-            X509v3 Authority Key Identifier: 
-                keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7:
-         5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4:
-         4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82:
-         be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c:
-         70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9:
-         d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e:
-         c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3:
-         92:e8
------BEGIN CERTIFICATE-----
-MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2
-MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
-DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m
-Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA
-cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w
-HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K
-GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk
-uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0
-+qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug=
------END CERTIFICATE-----
diff --git a/eap_example/dh.conf b/eap_example/dh.conf
deleted file mode 100644
index 7bc83251c592..000000000000
--- a/eap_example/dh.conf
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr
-qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd
-XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC
------END DH PARAMETERS-----
diff --git a/eap_example/eap_example.c b/eap_example/eap_example.c
deleted file mode 100644
index 8a48cd34b030..000000000000
--- a/eap_example/eap_example.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Example application showing how EAP peer and server code from
- * wpa_supplicant/hostapd can be used as a library. This example program
- * initializes both an EAP server and an EAP peer entities and then runs
- * through an EAP-PEAP/MSCHAPv2 authentication.
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-
-
-int eap_example_peer_init(void);
-void eap_example_peer_deinit(void);
-int eap_example_peer_step(void);
-
-int eap_example_server_init(void);
-void eap_example_server_deinit(void);
-int eap_example_server_step(void);
-
-
-int main(int argc, char *argv[])
-{
-	int res_s, res_p;
-
-	wpa_debug_level = 0;
-
-	if (eap_example_peer_init() < 0 ||
-	    eap_example_server_init() < 0)
-		return -1;
-
-	do {
-		printf("---[ server ]--------------------------------\n");
-		res_s = eap_example_server_step();
-		printf("---[ peer ]----------------------------------\n");
-		res_p = eap_example_peer_step();
-	} while (res_s || res_p);
-
-	eap_example_peer_deinit();
-	eap_example_server_deinit();
-
-	return 0;
-}
diff --git a/eap_example/eap_example_peer.c b/eap_example/eap_example_peer.c
deleted file mode 100644
index 5fe0cb7fa7f6..000000000000
--- a/eap_example/eap_example_peer.c
+++ /dev/null
@@ -1,377 +0,0 @@
-/*
- * Example application showing how EAP peer code from wpa_supplicant can be
- * used as a library.
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eap_peer/eap.h"
-#include "eap_peer/eap_config.h"
-#include "wpabuf.h"
-
-void eap_example_server_rx(const u8 *data, size_t data_len);
-
-
-struct eap_peer_ctx {
-	bool eapSuccess;
-	bool eapRestart;
-	bool eapFail;
-	bool eapResp;
-	bool eapNoResp;
-	bool eapReq;
-	bool portEnabled;
-	bool altAccept; /* for EAP */
-	bool altReject; /* for EAP */
-	bool eapTriggerStart;
-
-	struct wpabuf *eapReqData; /* for EAP */
-
-	unsigned int idleWhile; /* for EAP state machine */
-
-	struct eap_peer_config eap_config;
-	struct eap_sm *eap;
-};
-
-
-static struct eap_peer_ctx eap_ctx;
-
-
-static struct eap_peer_config * peer_get_config(void *ctx)
-{
-	struct eap_peer_ctx *peer = ctx;
-	return &peer->eap_config;
-}
-
-
-static bool peer_get_bool(void *ctx, enum eapol_bool_var variable)
-{
-	struct eap_peer_ctx *peer = ctx;
-	if (peer == NULL)
-		return false;
-	switch (variable) {
-	case EAPOL_eapSuccess:
-		return peer->eapSuccess;
-	case EAPOL_eapRestart:
-		return peer->eapRestart;
-	case EAPOL_eapFail:
-		return peer->eapFail;
-	case EAPOL_eapResp:
-		return peer->eapResp;
-	case EAPOL_eapNoResp:
-		return peer->eapNoResp;
-	case EAPOL_eapReq:
-		return peer->eapReq;
-	case EAPOL_portEnabled:
-		return peer->portEnabled;
-	case EAPOL_altAccept:
-		return peer->altAccept;
-	case EAPOL_altReject:
-		return peer->altReject;
-	case EAPOL_eapTriggerStart:
-		return peer->eapTriggerStart;
-	}
-	return false;
-}
-
-
-static void peer_set_bool(void *ctx, enum eapol_bool_var variable, bool value)
-{
-	struct eap_peer_ctx *peer = ctx;
-	if (peer == NULL)
-		return;
-	switch (variable) {
-	case EAPOL_eapSuccess:
-		peer->eapSuccess = value;
-		break;
-	case EAPOL_eapRestart:
-		peer->eapRestart = value;
-		break;
-	case EAPOL_eapFail:
-		peer->eapFail = value;
-		break;
-	case EAPOL_eapResp:
-		peer->eapResp = value;
-		break;
-	case EAPOL_eapNoResp:
-		peer->eapNoResp = value;
-		break;
-	case EAPOL_eapReq:
-		peer->eapReq = value;
-		break;
-	case EAPOL_portEnabled:
-		peer->portEnabled = value;
-		break;
-	case EAPOL_altAccept:
-		peer->altAccept = value;
-		break;
-	case EAPOL_altReject:
-		peer->altReject = value;
-		break;
-	case EAPOL_eapTriggerStart:
-		peer->eapTriggerStart = value;
-		break;
-	}
-}
-
-
-static unsigned int peer_get_int(void *ctx, enum eapol_int_var variable)
-{
-	struct eap_peer_ctx *peer = ctx;
-	if (peer == NULL)
-		return 0;
-	switch (variable) {
-	case EAPOL_idleWhile:
-		return peer->idleWhile;
-	}
-	return 0;
-}
-
-
-static void peer_set_int(void *ctx, enum eapol_int_var variable,
-			 unsigned int value)
-{
-	struct eap_peer_ctx *peer = ctx;
-	if (peer == NULL)
-		return;
-	switch (variable) {
-	case EAPOL_idleWhile:
-		peer->idleWhile = value;
-		break;
-	}
-}
-
-
-static struct wpabuf * peer_get_eapReqData(void *ctx)
-{
-	struct eap_peer_ctx *peer = ctx;
-	if (peer == NULL || peer->eapReqData == NULL)
-		return NULL;
-
-	return peer->eapReqData;
-}
-
-
-static void peer_set_config_blob(void *ctx, struct wpa_config_blob *blob)
-{
-	printf("TODO: %s\n", __func__);
-}
-
-
-static const struct wpa_config_blob *
-peer_get_config_blob(void *ctx, const char *name)
-{
-	printf("TODO: %s\n", __func__);
-	return NULL;
-}
-
-
-static void peer_notify_pending(void *ctx)
-{
-	printf("TODO: %s\n", __func__);
-}
-
-
-static int eap_peer_register_methods(void)
-{
-	int ret = 0;
-
-#ifdef EAP_MD5
-	if (ret == 0)
-		ret = eap_peer_md5_register();
-#endif /* EAP_MD5 */
-
-#ifdef EAP_TLS
-	if (ret == 0)
-		ret = eap_peer_tls_register();
-#endif /* EAP_TLS */
-
-#ifdef EAP_MSCHAPv2
-	if (ret == 0)
-		ret = eap_peer_mschapv2_register();
-#endif /* EAP_MSCHAPv2 */
-
-#ifdef EAP_PEAP
-	if (ret == 0)
-		ret = eap_peer_peap_register();
-#endif /* EAP_PEAP */
-
-#ifdef EAP_TTLS
-	if (ret == 0)
-		ret = eap_peer_ttls_register();
-#endif /* EAP_TTLS */
-
-#ifdef EAP_GTC
-	if (ret == 0)
-		ret = eap_peer_gtc_register();
-#endif /* EAP_GTC */
-
-#ifdef EAP_OTP
-	if (ret == 0)
-		ret = eap_peer_otp_register();
-#endif /* EAP_OTP */
-
-#ifdef EAP_SIM
-	if (ret == 0)
-		ret = eap_peer_sim_register();
-#endif /* EAP_SIM */
-
-#ifdef EAP_LEAP
-	if (ret == 0)
-		ret = eap_peer_leap_register();
-#endif /* EAP_LEAP */
-
-#ifdef EAP_PSK
-	if (ret == 0)
-		ret = eap_peer_psk_register();
-#endif /* EAP_PSK */
-
-#ifdef EAP_AKA
-	if (ret == 0)
-		ret = eap_peer_aka_register();
-#endif /* EAP_AKA */
-
-#ifdef EAP_AKA_PRIME
-	if (ret == 0)
-		ret = eap_peer_aka_prime_register();
-#endif /* EAP_AKA_PRIME */
-
-#ifdef EAP_FAST
-	if (ret == 0)
-		ret = eap_peer_fast_register();
-#endif /* EAP_FAST */
-
-#ifdef EAP_PAX
-	if (ret == 0)
-		ret = eap_peer_pax_register();
-#endif /* EAP_PAX */
-
-#ifdef EAP_SAKE
-	if (ret == 0)
-		ret = eap_peer_sake_register();
-#endif /* EAP_SAKE */
-
-#ifdef EAP_GPSK
-	if (ret == 0)
-		ret = eap_peer_gpsk_register();
-#endif /* EAP_GPSK */
-
-#ifdef EAP_WSC
-	if (ret == 0)
-		ret = eap_peer_wsc_register();
-#endif /* EAP_WSC */
-
-#ifdef EAP_IKEV2
-	if (ret == 0)
-		ret = eap_peer_ikev2_register();
-#endif /* EAP_IKEV2 */
-
-#ifdef EAP_VENDOR_TEST
-	if (ret == 0)
-		ret = eap_peer_vendor_test_register();
-#endif /* EAP_VENDOR_TEST */
-
-#ifdef EAP_TNC
-	if (ret == 0)
-		ret = eap_peer_tnc_register();
-#endif /* EAP_TNC */
-
-	return ret;
-}
-
-
-static struct eapol_callbacks eap_cb;
-static struct eap_config eap_conf;
-
-int eap_example_peer_init(void)
-{
-	if (eap_peer_register_methods() < 0)
-		return -1;
-
-	os_memset(&eap_ctx, 0, sizeof(eap_ctx));
-
-	eap_ctx.eap_config.identity = (u8 *) os_strdup("user");
-	eap_ctx.eap_config.identity_len = 4;
-	eap_ctx.eap_config.password = (u8 *) os_strdup("password");
-	eap_ctx.eap_config.password_len = 8;
-	eap_ctx.eap_config.cert.ca_cert = os_strdup("ca.pem");
-	eap_ctx.eap_config.fragment_size = 1398;
-
-	os_memset(&eap_cb, 0, sizeof(eap_cb));
-	eap_cb.get_config = peer_get_config;
-	eap_cb.get_bool = peer_get_bool;
-	eap_cb.set_bool = peer_set_bool;
-	eap_cb.get_int = peer_get_int;
-	eap_cb.set_int = peer_set_int;
-	eap_cb.get_eapReqData = peer_get_eapReqData;
-	eap_cb.set_config_blob = peer_set_config_blob;
-	eap_cb.get_config_blob = peer_get_config_blob;
-	eap_cb.notify_pending = peer_notify_pending;
-
-	os_memset(&eap_conf, 0, sizeof(eap_conf));
-	eap_ctx.eap = eap_peer_sm_init(&eap_ctx, &eap_cb, &eap_ctx, &eap_conf);
-	if (eap_ctx.eap == NULL)
-		return -1;
-
-	/* Enable "port" to allow authentication */
-	eap_ctx.portEnabled = true;
-
-	return 0;
-}
-
-
-void eap_example_peer_deinit(void)
-{
-	eap_peer_sm_deinit(eap_ctx.eap);
-	eap_peer_unregister_methods();
-	wpabuf_free(eap_ctx.eapReqData);
-	os_free(eap_ctx.eap_config.identity);
-	os_free(eap_ctx.eap_config.password);
-	os_free(eap_ctx.eap_config.cert.ca_cert);
-}
-
-
-int eap_example_peer_step(void)
-{
-	int res;
-	res = eap_peer_sm_step(eap_ctx.eap);
-
-	if (eap_ctx.eapResp) {
-		struct wpabuf *resp;
-		printf("==> Response\n");
-		eap_ctx.eapResp = false;
-		resp = eap_get_eapRespData(eap_ctx.eap);
-		if (resp) {
-			/* Send EAP response to the server */
-			eap_example_server_rx(wpabuf_head(resp),
-					      wpabuf_len(resp));
-			wpabuf_free(resp);
-		}
-	}
-
-	if (eap_ctx.eapSuccess) {
-		res = 0;
-		if (eap_key_available(eap_ctx.eap)) {
-			const u8 *key;
-			size_t key_len;
-			key = eap_get_eapKeyData(eap_ctx.eap, &key_len);
-			wpa_hexdump(MSG_DEBUG, "EAP keying material",
-				    key, key_len);
-		}
-	}
-
-	return res;
-}
-
-
-void eap_example_peer_rx(const u8 *data, size_t data_len)
-{
-	/* Make received EAP message available to the EAP library */
-	eap_ctx.eapReq = true;
-	wpabuf_free(eap_ctx.eapReqData);
-	eap_ctx.eapReqData = wpabuf_alloc_copy(data, data_len);
-}
diff --git a/eap_example/eap_example_server.c b/eap_example/eap_example_server.c
deleted file mode 100644
index 3a132bb3466e..000000000000
--- a/eap_example/eap_example_server.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/*
- * Example application showing how EAP server code from hostapd can be used as
- * a library.
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/tls.h"
-#include "eap_server/eap.h"
-#include "wpabuf.h"
-
-void eap_example_peer_rx(const u8 *data, size_t data_len);
-
-
-struct eap_server_ctx {
-	struct eap_eapol_interface *eap_if;
-	struct eap_sm *eap;
-	void *tls_ctx;
-};
-
-static struct eap_server_ctx eap_ctx;
-
-
-static int server_get_eap_user(void *ctx, const u8 *identity,
-			       size_t identity_len, int phase2,
-			       struct eap_user *user)
-{
-	os_memset(user, 0, sizeof(*user));
-
-	if (!phase2) {
-		/* Only allow EAP-PEAP as the Phase 1 method */
-		user->methods[0].vendor = EAP_VENDOR_IETF;
-		user->methods[0].method = EAP_TYPE_PEAP;
-		return 0;
-	}
-
-	if (identity_len != 4 || identity == NULL ||
-	    os_memcmp(identity, "user", 4) != 0) {
-		printf("Unknown user\n");
-		return -1;
-	}
-
-	/* Only allow EAP-MSCHAPv2 as the Phase 2 method */
-	user->methods[0].vendor = EAP_VENDOR_IETF;
-	user->methods[0].method = EAP_TYPE_MSCHAPV2;
-	user->password = (u8 *) os_strdup("password");
-	user->password_len = 8;
-
-	return 0;
-}
-
-
-static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
-{
-	*len = 0;
-	return NULL;
-}
-
-
-static struct eapol_callbacks eap_cb;
-static struct eap_config eap_conf;
-
-static int eap_example_server_init_tls(void)
-{
-	struct tls_config tconf;
-	struct tls_connection_params tparams;
-
-	os_memset(&tconf, 0, sizeof(tconf));
-	eap_ctx.tls_ctx = tls_init(&tconf);
-	if (eap_ctx.tls_ctx == NULL)
-		return -1;
-
-	os_memset(&tparams, 0, sizeof(tparams));
-	tparams.ca_cert = "ca.pem";
-	tparams.client_cert = "server.pem";
-	/* tparams.private_key = "server.key"; */
-	tparams.private_key = "server-key.pem";
-	/* tparams.private_key_passwd = "whatever"; */
-	tparams.dh_file = "dh.conf";
-
-	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
-		printf("Failed to set TLS parameters\n");
-		return -1;
-	}
-
-	if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) {
-		printf("Failed to set check_crl\n");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int eap_server_register_methods(void)
-{
-	int ret = 0;
-
-#ifdef EAP_SERVER_IDENTITY
-	if (ret == 0)
-		ret = eap_server_identity_register();
-#endif /* EAP_SERVER_IDENTITY */
-
-#ifdef EAP_SERVER_MD5
-	if (ret == 0)
-		ret = eap_server_md5_register();
-#endif /* EAP_SERVER_MD5 */
-
-#ifdef EAP_SERVER_TLS
-	if (ret == 0)
-		ret = eap_server_tls_register();
-#endif /* EAP_SERVER_TLS */
-
-#ifdef EAP_SERVER_MSCHAPV2
-	if (ret == 0)
-		ret = eap_server_mschapv2_register();
-#endif /* EAP_SERVER_MSCHAPV2 */
-
-#ifdef EAP_SERVER_PEAP
-	if (ret == 0)
-		ret = eap_server_peap_register();
-#endif /* EAP_SERVER_PEAP */
-
-#ifdef EAP_SERVER_TLV
-	if (ret == 0)
-		ret = eap_server_tlv_register();
-#endif /* EAP_SERVER_TLV */
-
-#ifdef EAP_SERVER_GTC
-	if (ret == 0)
-		ret = eap_server_gtc_register();
-#endif /* EAP_SERVER_GTC */
-
-#ifdef EAP_SERVER_TTLS
-	if (ret == 0)
-		ret = eap_server_ttls_register();
-#endif /* EAP_SERVER_TTLS */
-
-#ifdef EAP_SERVER_SIM
-	if (ret == 0)
-		ret = eap_server_sim_register();
-#endif /* EAP_SERVER_SIM */
-
-#ifdef EAP_SERVER_AKA
-	if (ret == 0)
-		ret = eap_server_aka_register();
-#endif /* EAP_SERVER_AKA */
-
-#ifdef EAP_SERVER_AKA_PRIME
-	if (ret == 0)
-		ret = eap_server_aka_prime_register();
-#endif /* EAP_SERVER_AKA_PRIME */
-
-#ifdef EAP_SERVER_PAX
-	if (ret == 0)
-		ret = eap_server_pax_register();
-#endif /* EAP_SERVER_PAX */
-
-#ifdef EAP_SERVER_PSK
-	if (ret == 0)
-		ret = eap_server_psk_register();
-#endif /* EAP_SERVER_PSK */
-
-#ifdef EAP_SERVER_SAKE
-	if (ret == 0)
-		ret = eap_server_sake_register();
-#endif /* EAP_SERVER_SAKE */
-
-#ifdef EAP_SERVER_GPSK
-	if (ret == 0)
-		ret = eap_server_gpsk_register();
-#endif /* EAP_SERVER_GPSK */
-
-#ifdef EAP_SERVER_VENDOR_TEST
-	if (ret == 0)
-		ret = eap_server_vendor_test_register();
-#endif /* EAP_SERVER_VENDOR_TEST */
-
-#ifdef EAP_SERVER_FAST
-	if (ret == 0)
-		ret = eap_server_fast_register();
-#endif /* EAP_SERVER_FAST */
-
-#ifdef EAP_SERVER_WSC
-	if (ret == 0)
-		ret = eap_server_wsc_register();
-#endif /* EAP_SERVER_WSC */
-
-#ifdef EAP_SERVER_IKEV2
-	if (ret == 0)
-		ret = eap_server_ikev2_register();
-#endif /* EAP_SERVER_IKEV2 */
-
-#ifdef EAP_SERVER_TNC
-	if (ret == 0)
-		ret = eap_server_tnc_register();
-#endif /* EAP_SERVER_TNC */
-
-	return ret;
-}
-
-
-int eap_example_server_init(void)
-{
-	struct eap_session_data eap_sess;
-
-	if (eap_server_register_methods() < 0)
-		return -1;
-
-	os_memset(&eap_ctx, 0, sizeof(eap_ctx));
-
-	if (eap_example_server_init_tls() < 0)
-		return -1;
-
-	os_memset(&eap_cb, 0, sizeof(eap_cb));
-	eap_cb.get_eap_user = server_get_eap_user;
-	eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
-
-	os_memset(&eap_conf, 0, sizeof(eap_conf));
-	eap_conf.eap_server = 1;
-	eap_conf.ssl_ctx = eap_ctx.tls_ctx;
-
-	os_memset(&eap_sess, 0, sizeof(eap_sess));
-	eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf,
-					 &eap_sess);
-	if (eap_ctx.eap == NULL)
-		return -1;
-
-	eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
-
-	/* Enable "port" and request EAP to start authentication. */
-	eap_ctx.eap_if->portEnabled = true;
-	eap_ctx.eap_if->eapRestart = true;
-
-	return 0;
-}
-
-
-void eap_example_server_deinit(void)
-{
-	eap_server_sm_deinit(eap_ctx.eap);
-	eap_server_unregister_methods();
-	tls_deinit(eap_ctx.tls_ctx);
-}
-
-
-int eap_example_server_step(void)
-{
-	int res, process = 0;
-
-	res = eap_server_sm_step(eap_ctx.eap);
-
-	if (eap_ctx.eap_if->eapReq) {
-		printf("==> Request\n");
-		process = 1;
-		eap_ctx.eap_if->eapReq = 0;
-	}
-
-	if (eap_ctx.eap_if->eapSuccess) {
-		printf("==> Success\n");
-		process = 1;
-		res = 0;
-		eap_ctx.eap_if->eapSuccess = 0;
-
-		if (eap_ctx.eap_if->eapKeyAvailable) {
-			wpa_hexdump(MSG_DEBUG, "EAP keying material",
-				    eap_ctx.eap_if->eapKeyData,
-				    eap_ctx.eap_if->eapKeyDataLen);
-		}
-	}
-
-	if (eap_ctx.eap_if->eapFail) {
-		printf("==> Fail\n");
-		process = 1;
-		eap_ctx.eap_if->eapFail = 0;
-	}
-
-	if (process && eap_ctx.eap_if->eapReqData) {
-		/* Send EAP request to the peer */
-		eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
-				    wpabuf_len(eap_ctx.eap_if->eapReqData));
-	}
-
-	return res;
-}
-
-
-void eap_example_server_rx(const u8 *data, size_t data_len)
-{
-	/* Make received EAP message available to the EAP library */
-	wpabuf_free(eap_ctx.eap_if->eapRespData);
-	eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
-	if (eap_ctx.eap_if->eapRespData)
-		eap_ctx.eap_if->eapResp = true;
-}
diff --git a/eap_example/server-key.pem b/eap_example/server-key.pem
deleted file mode 100644
index 0fe2cec47330..000000000000
--- a/eap_example/server-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns
-ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj
-+6I5F/JkYfZlAjJ5dOGf0YllVanDIJ6/aVaz908/qVTC2o88r/J1VPp+gQIDAQAB
-AoGAR/C5b3DOtkMgAtGPw5AXiDWNBsGOZTfJgxEnovN4Nfel64sDyqjgNeVY/kDl
-baDd0OT7j9ezU1zi1+5uQPlikFSvzgpdLgQhKkvWLzzehafb2uVaJ4VsRqS3WXK8
-RE06cYx4VQRkvQvMAXWsuua9pw36OrlpQnm3HlAbrks8Mm0CQQDgMEu2WPMWP2wj
-Q8735zbj7D0AxEFlcegPZr/QZ3qU//G0HL35FG18lsuTbDzesrf7apo3W1BBQLjS
-ZSNtyNsLAkEA1Ru6aEy/Cj2u1GYHu1u/RcshKC+W7rdVT0wDeiSTUzKafZNiwVhY
-1Epk4k5HnHB327ysTI1LiOzUMMmuNYUkIwJAKUkbmFAXLCCv5GqnYcXluOGXdl2u
-AWWRq8xrRJDZ5TihJV8pqQYXB5upj9Od/hEBir5d+hXJ2Mp3ft97P8t+cwJAGeWQ
-tXP+EySDxlPPxLjVeYnBsbx2vvOQbl5yXblsHcQcef4bFhvCT6nqsIWKtjwElLNM
-zNCuySjecD9R6DcRuQJBAJWrpgny77wP29x1WQ/29J8ZJfxe4N5wAj1SePBVNgZ3
-gfm1O+c6niNwe8RnfQimppLrrR+qK33te2SPGXiwi6g=
------END RSA PRIVATE KEY-----
diff --git a/eap_example/server.key b/eap_example/server.key
deleted file mode 100644
index 1416327bef21..000000000000
--- a/eap_example/server.key
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALqgd1UiFIVVZZtk
-LK3tm91lMcnaYFDOONY03Oi8G54w5xLjU2zJ7UgDeYFpmM6KuHdHNkXPxuDxex5x
-iVT3AcwiraBCsag1nmCqOphR0P8f7r6NCmP7ojkX8mRh9mUCMnl04Z/RiWVVqcMg
-nr9pVrP3Tz+pVMLajzyv8nVU+n6BAgMBAAECgYBH8LlvcM62QyAC0Y/DkBeINY0G
-wY5lN8mDESei83g196XriwPKqOA15Vj+QOVtoN3Q5PuP17NTXOLX7m5A+WKQVK/O
-Cl0uBCEqS9YvPN6Fp9va5VonhWxGpLdZcrxETTpxjHhVBGS9C8wBday65r2nDfo6
-uWlCebceUBuuSzwybQJBAOAwS7ZY8xY/bCNDzvfnNuPsPQDEQWVx6A9mv9BnepT/
-8bQcvfkUbXyWy5NsPN6yt/tqmjdbUEFAuNJlI23I2wsCQQDVG7poTL8KPa7UZge7
-W79FyyEoL5but1VPTAN6JJNTMpp9k2LBWFjUSmTiTkeccHfbvKxMjUuI7NQwya41
-hSQjAkApSRuYUBcsIK/kaqdhxeW44Zd2Xa4BZZGrzGtEkNnlOKElXympBhcHm6mP
-053+EQGKvl36FcnYynd+33s/y35zAkAZ5ZC1c/4TJIPGU8/EuNV5icGxvHa+85Bu
-XnJduWwdxBx5/hsWG8JPqeqwhYq2PASUs0zM0K7JKN5wP1HoNxG5AkEAlaumCfLv
-vA/b3HVZD/b0nxkl/F7g3nACPVJ48FU2BneB+bU75zqeI3B7xGd9CKamkuutH6or
-fe17ZI8ZeLCLqA==
------END PRIVATE KEY-----
diff --git a/eap_example/server.pem b/eap_example/server.pem
deleted file mode 100644
index 93b39b9d5027..000000000000
--- a/eap_example/server.pem
+++ /dev/null
@@ -1,64 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 15624081837803162903 (0xd8d3e3a6cbe3cd17)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: Oct  3 22:13:55 2018 GMT
-            Not After : Oct  3 22:13:55 2019 GMT
-        Subject: C=FI, O=w1.fi, CN=server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:ba:a0:77:55:22:14:85:55:65:9b:64:2c:ad:ed:
-                    9b:dd:65:31:c9:da:60:50:ce:38:d6:34:dc:e8:bc:
-                    1b:9e:30:e7:12:e3:53:6c:c9:ed:48:03:79:81:69:
-                    98:ce:8a:b8:77:47:36:45:cf:c6:e0:f1:7b:1e:71:
-                    89:54:f7:01:cc:22:ad:a0:42:b1:a8:35:9e:60:aa:
-                    3a:98:51:d0:ff:1f:ee:be:8d:0a:63:fb:a2:39:17:
-                    f2:64:61:f6:65:02:32:79:74:e1:9f:d1:89:65:55:
-                    a9:c3:20:9e:bf:69:56:b3:f7:4f:3f:a9:54:c2:da:
-                    8f:3c:af:f2:75:54:fa:7e:81
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                31:4F:10:5C:67:9F:BE:4E:88:D6:DC:C5:AB:9E:12:88:86:69:02:4F
-            X509v3 Authority Key Identifier: 
-                keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Subject Alternative Name: 
-                DNS:server.w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         b6:98:ae:d9:9b:9a:44:49:b2:06:ee:af:36:83:cb:cd:cb:c9:
-         f3:38:6d:65:cb:e9:81:d2:25:dd:76:12:5c:da:3f:a1:0e:11:
-         a5:04:ed:05:29:2d:66:94:82:a2:80:67:d1:d8:78:71:72:5f:
-         10:c3:51:a2:7b:f5:0b:5f:ec:70:12:99:cb:65:6f:50:7f:2b:
-         05:7c:b4:d7:1b:21:77:66:47:33:f3:a7:d6:fb:ce:97:fe:5f:
-         fd:df:1f:1d:6f:ef:22:5a:c6:78:d2:2b:07:1e:55:ec:80:62:
-         06:7a:be:6a:0d:4d:96:c2:d5:df:76:56:b0:85:6a:f8:a0:27:
-         62:31
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIJANjT46bL480XMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
-BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xODEw
-MDMyMjEzNTVaFw0xOTEwMDMyMjEzNTVaMDQxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
-DAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns
-ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj
-+6I5F/JkYfZlAjJ5dOGf0YllVanDIJ6/aVaz908/qVTC2o88r/J1VPp+gQIDAQAB
-o4GzMIGwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDFPEFxnn75OiNbcxaueEoiGaQJP
-MB8GA1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkw
-JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAXBgNVHREE
-EDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
-AQELBQADgYEAtpiu2ZuaREmyBu6vNoPLzcvJ8zhtZcvpgdIl3XYSXNo/oQ4RpQTt
-BSktZpSCooBn0dh4cXJfEMNRonv1C1/scBKZy2VvUH8rBXy01xshd2ZHM/On1vvO
-l/5f/d8fHW/vIlrGeNIrBx5V7IBiBnq+ag1NlsLV33ZWsIVq+KAnYjE=
------END CERTIFICATE-----
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 34a8a081879d..279298e4d4d4 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,5 +1,48 @@
 ChangeLog for hostapd
 
+2022-01-16 - v2.10
+	* SAE changes
+	  - improved protection against side channel attacks
+	    [https://w1.fi/security/2022-1/]
+	  - added option send SAE Confirm immediately (sae_config_immediate=1)
+	    after SAE Commit
+	  - added support for the hash-to-element mechanism (sae_pwe=1 or
+	    sae_pwe=2)
+	  - fixed PMKSA caching with OKC
+	  - added support for SAE-PK
+	* EAP-pwd changes
+	  - improved protection against side channel attacks
+	    [https://w1.fi/security/2022-1/]
+	* fixed WPS UPnP SUBSCRIBE handling of invalid operations
+	  [https://w1.fi/security/2020-1/]
+	* fixed PMF disconnection protection bypass
+	  [https://w1.fi/security/2019-7/]
+	* added support for using OpenSSL 3.0
+	* fixed various issues in experimental support for EAP-TEAP server
+	* added configuration (max_auth_rounds, max_auth_rounds_short) to
+	  increase the maximum number of EAP message exchanges (mainly to
+	  support cases with very large certificates) for the EAP server
+	* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
+	* extended HE (IEEE 802.11ax) support, including 6 GHz support
+	* removed obsolete IAPP functionality
+	* fixed EAP-FAST server with TLS GCM/CCM ciphers
+	* dropped support for libnl 1.1
+	* added support for nl80211 control port for EAPOL frame TX/RX
+	* fixed OWE key derivation with groups 20 and 21; this breaks backwards
+	  compatibility for these groups while the default group 19 remains
+	  backwards compatible; owe_ptk_workaround=1 can be used to enabled a
+	  a workaround for the group 20/21 backwards compatibility
+	* added support for Beacon protection
+	* added support for Extended Key ID for pairwise keys
+	* removed WEP support from the default build (CONFIG_WEP=y can be used
+	  to enable it, if really needed)
+	* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
+	* added support for Transition Disable mechanism to allow the AP to
+	  automatically disable transition mode to improve security
+	* added support for PASN
+	* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
+	* a large number of other fixes, cleanup, and extensions
+
 2019-08-07 - v2.9
 	* SAE changes
 	  - disable use of groups using Brainpool curves
diff --git a/hostapd/README b/hostapd/README
index 1f30d7ea39fa..739c964d44d8 100644
--- a/hostapd/README
+++ b/hostapd/README
@@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
 	  Authenticator and RADIUS authentication server
 ================================================================
 
-Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 This program is licensed under the BSD license (the one with
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 0e7fdd6bccfb..2609121116b5 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1,6 +1,6 @@
 /*
  * hostapd - command line interface for hostapd daemon
- * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -21,7 +21,7 @@
 
 static const char *const hostapd_cli_version =
 "hostapd_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi> and contributors";
 
 static struct wpa_ctrl *ctrl_conn;
 static int hostapd_cli_quit = 0;
diff --git a/hostapd/main.c b/hostapd/main.c
index 4f2d1f21659e..c9ec38d19f88 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -1,6 +1,6 @@
 /*
  * hostapd / main()
- * Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -454,7 +454,7 @@ static void show_version(void)
 		"hostapd v%s\n"
 		"User space daemon for IEEE 802.11 AP management,\n"
 		"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
-		"Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> "
+		"Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> "
 		"and contributors\n",
 		VERSION_STR);
 }
diff --git a/hs20/client/.gitignore b/hs20/client/.gitignore
deleted file mode 100644
index f6c13d3e5dfa..000000000000
--- a/hs20/client/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-hs20-osu-client
-SP
-osu-ca.pem
-spp.xsd
diff --git a/hs20/client/Android.mk b/hs20/client/Android.mk
deleted file mode 100644
index e4db32208d50..000000000000
--- a/hs20/client/Android.mk
+++ /dev/null
@@ -1,81 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-INCLUDES = $(LOCAL_PATH)
-INCLUDES += $(LOCAL_PATH)/../../src/utils
-INCLUDES += $(LOCAL_PATH)/../../src/common
-INCLUDES += $(LOCAL_PATH)/../../src
-INCLUDES += external/libxml2/include
-INCLUDES += external/curl/include
-INCLUDES += external/webkit/Source/WebKit/gtk
-
-# We try to keep this compiling against older platform versions.
-# The new icu location (external/icu) exports its own headers, but
-# the older versions in external/icu4c don't, and we need to add those
-# headers to the include path by hand.
-ifeq ($(wildcard external/icu),)
-INCLUDES += external/icu4c/common
-else
-# The LOCAL_EXPORT_C_INCLUDE_DIRS from ICU did not seem to fully resolve the
-# build (e.g., "mm -B" failed to build, but following that with "mm" allowed
-# the build to complete). For now, add the include directory manually here for
-# Android 5.0.
-ver = $(filter 5.0%,$(PLATFORM_VERSION))
-ifneq (,$(strip $(ver)))
-INCLUDES += external/icu/icu4c/source/common
-endif
-endif
-
-
-L_CFLAGS += -DCONFIG_CTRL_IFACE
-L_CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
-L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
-
-OBJS = spp_client.c
-OBJS += oma_dm_client.c
-OBJS += osu_client.c
-OBJS += est.c
-OBJS += ../../src/common/wpa_ctrl.c
-OBJS += ../../src/common/wpa_helpers.c
-OBJS += ../../src/utils/xml-utils.c
-#OBJS += ../../src/utils/browser-android.c
-OBJS += ../../src/utils/browser-wpadebug.c
-OBJS += ../../src/utils/wpabuf.c
-OBJS += ../../src/utils/eloop.c
-OBJS += ../../src/wps/httpread.c
-OBJS += ../../src/wps/http_server.c
-OBJS += ../../src/utils/xml_libxml2.c
-OBJS += ../../src/utils/http_curl.c
-OBJS += ../../src/utils/base64.c
-OBJS += ../../src/utils/os_unix.c
-L_CFLAGS += -DCONFIG_DEBUG_FILE
-OBJS += ../../src/utils/wpa_debug.c
-OBJS += ../../src/utils/common.c
-OBJS += ../../src/crypto/crypto_internal.c
-OBJS += ../../src/crypto/md5-internal.c
-OBJS += ../../src/crypto/sha1-internal.c
-OBJS += ../../src/crypto/sha256-internal.c
-OBJS += ../../src/crypto/tls_openssl_ocsp.c
-
-L_CFLAGS += -DEAP_TLS_OPENSSL
-
-L_CFLAGS += -Wno-unused-parameter
-
-
-########################
-include $(CLEAR_VARS)
-LOCAL_MODULE := hs20-osu-client
-LOCAL_MODULE_TAGS := optional
-
-LOCAL_SHARED_LIBRARIES := libc libcutils
-LOCAL_SHARED_LIBRARIES += libcrypto libssl
-#LOCAL_SHARED_LIBRARIES += libxml2
-LOCAL_STATIC_LIBRARIES += libxml2
-LOCAL_SHARED_LIBRARIES += libicuuc
-LOCAL_SHARED_LIBRARIES += libcurl
-
-LOCAL_CFLAGS := $(L_CFLAGS)
-LOCAL_SRC_FILES := $(OBJS)
-LOCAL_C_INCLUDES := $(INCLUDES)
-include $(BUILD_EXECUTABLE)
-
-########################
diff --git a/hs20/client/Makefile b/hs20/client/Makefile
deleted file mode 100644
index 4dcfe2d3bf2c..000000000000
--- a/hs20/client/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-ALL=hs20-osu-client
-
-include ../../src/build.rules
-
-CFLAGS += -I../../src/utils
-CFLAGS += -I../../src/common
-CFLAGS += -I../../src
-
-ifndef CONFIG_NO_BROWSER
-ifndef CONFIG_BROWSER_SYSTEM
-TEST_WK := $(shell pkg-config --silence-errors --cflags webkitgtk-3.0)
-ifeq ($(TEST_WK),)
-# Try webkit2
-GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkit2gtk-4.0)
-GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkit2gtk-4.0)
-CFLAGS += -DUSE_WEBKIT2
-else
-GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkitgtk-3.0)
-GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkitgtk-3.0)
-endif
-
-CFLAGS += $(GTKCFLAGS)
-LIBS += $(GTKLIBS)
-endif
-endif
-
-OBJS=spp_client.o
-OBJS += oma_dm_client.o
-OBJS += osu_client.o
-OBJS += est.o
-OBJS += ../../src/utils/xml-utils.o
-CFLAGS += -DCONFIG_CTRL_IFACE
-CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
-OBJS += ../../src/common/wpa_ctrl.o ../../src/common/wpa_helpers.o
-ifdef CONFIG_NO_BROWSER
-CFLAGS += -DCONFIG_NO_BROWSER
-else
-ifdef CONFIG_BROWSER_SYSTEM
-OBJS += ../../src/utils/eloop.o
-OBJS += ../../src/utils/wpabuf.o
-OBJS += ../../src/wps/httpread.o
-OBJS += ../../src/wps/http_server.o
-OBJS += ../../src/utils/browser-system.o
-else
-OBJS += ../../src/utils/browser.o
-endif
-endif
-OBJS += ../../src/utils/xml_libxml2.o
-OBJS += ../../src/utils/http_curl.o
-OBJS += ../../src/utils/base64.o
-OBJS += ../../src/utils/os_unix.o
-CFLAGS += -DCONFIG_DEBUG_FILE
-OBJS += ../../src/utils/wpa_debug.o
-OBJS += ../../src/utils/common.o
-OBJS += ../../src/crypto/crypto_internal.o
-OBJS += ../../src/crypto/md5-internal.o
-OBJS += ../../src/crypto/sha1-internal.o
-OBJS += ../../src/crypto/sha256-internal.o
-
-CFLAGS += $(shell xml2-config --cflags)
-LIBS += $(shell xml2-config --libs)
-
-# Allow static/custom linking of libcurl.
-ifdef CUST_CURL_LINKAGE
-LIBS += ${CUST_CURL_LINKAGE}
-else
-LIBS += -lcurl
-endif
-
-CFLAGS += -DEAP_TLS_OPENSSL
-OBJS += ../../src/crypto/tls_openssl_ocsp.o
-LIBS += -lssl -lcrypto
-
-_OBJS_VAR := OBJS
-include ../../src/objs.mk
-hs20-osu-client: $(OBJS)
-	$(Q)$(LDO) $(LDFLAGS) -o hs20-osu-client $(OBJS) $(LIBS)
-	@$(E) "  LD " $@
-
-clean: common-clean
-	rm -f core *~
diff --git a/hs20/client/devdetail.xml b/hs20/client/devdetail.xml
deleted file mode 100644
index 6d0389e8a133..000000000000
--- a/hs20/client/devdetail.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<DevDetail xmlns="urn:oma:mo:oma-dm-devdetail:1.0">
-	<Ext>
-		<org.wi-fi>
-			<Wi-Fi>
-				<EAPMethodList>
-					<EAPMethod1>
-						<EAPType>13</EAPType>
-					</EAPMethod1>
-					<EAPMethod2>
-						<EAPType>21</EAPType>
-						<InnerMethod>MS-CHAP-V2</InnerMethod>
-					</EAPMethod2>
-					<EAPMethod3>
-						<EAPType>18</EAPType>
-					</EAPMethod3>
-					<EAPMethod4>
-						<EAPType>23</EAPType>
-					</EAPMethod4>
-					<EAPMethod5>
-						<EAPType>50</EAPType>
-					</EAPMethod5>
-				</EAPMethodList>
-				<ManufacturingCertificate>false</ManufacturingCertificate>
-				<Wi-FiMACAddress>020102030405</Wi-FiMACAddress>
-				<IMSI>310026000000000</IMSI>
-				<IMEI_MEID>imei:490123456789012</IMEI_MEID>
-				<ClientTriggerRedirectURI>http://localhost:12345/</ClientTriggerRedirectURI>
-				<Ops>
-					<launchBrowserToURI></launchBrowserToURI>
-					<negotiateClientCertTLS></negotiateClientCertTLS>
-					<getCertificate></getCertificate>
-				</Ops>
-			</Wi-Fi>
-		</org.wi-fi>
-	</Ext>
-	<URI>
-		<MaxDepth>0</MaxDepth>
-		<MaxTotLen>0</MaxTotLen>
-		<MaxSegLen>0</MaxSegLen>
-	</URI>
-	<DevType>MobilePhone</DevType>
-	<OEM>Manufacturer</OEM>
-	<FwV>1.0</FwV>
-	<SwV>1.0</SwV>
-	<HwV>1.0</HwV>
-	<LrgObj>false</LrgObj>
-</DevDetail>
diff --git a/hs20/client/devinfo.xml b/hs20/client/devinfo.xml
deleted file mode 100644
index d48a520a98a1..000000000000
--- a/hs20/client/devinfo.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<DevInfo xmlns="urn:oma:mo:oma-dm-devinfo:1.0">
-	<DevId>urn:Example:HS20-station:123456</DevId>
-	<Man>Manufacturer</Man>
-	<Mod>HS20-station</Mod>
-	<DmV>1.2</DmV>
-	<Lang>en</Lang>
-</DevInfo>
diff --git a/hs20/client/est.c b/hs20/client/est.c
deleted file mode 100644
index 97f9132100c4..000000000000
--- a/hs20/client/est.c
+++ /dev/null
@@ -1,769 +0,0 @@
-/*
- * Hotspot 2.0 OSU client - EST client
- * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs7.h>
-#include <openssl/rsa.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/opensslv.h>
-#ifdef OPENSSL_IS_BORINGSSL
-#include <openssl/buf.h>
-#endif /* OPENSSL_IS_BORINGSSL */
-
-#include "common.h"
-#include "utils/base64.h"
-#include "utils/xml-utils.h"
-#include "utils/http-utils.h"
-#include "osu_client.h"
-
-
-static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
-			 size_t len, char *pem_file, char *der_file)
-{
-#ifdef OPENSSL_IS_BORINGSSL
-	CBS pkcs7_cbs;
-#else /* OPENSSL_IS_BORINGSSL */
-	PKCS7 *p7 = NULL;
-	const unsigned char *p = pkcs7;
-#endif /* OPENSSL_IS_BORINGSSL */
-	STACK_OF(X509) *certs;
-	int i, num, ret = -1;
-	BIO *out = NULL;
-
-#ifdef OPENSSL_IS_BORINGSSL
-	certs = sk_X509_new_null();
-	if (!certs)
-		goto fail;
-	CBS_init(&pkcs7_cbs, pkcs7, len);
-	if (!PKCS7_get_certificates(certs, &pkcs7_cbs)) {
-		wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		write_result(ctx, "Could not parse PKCS#7 object from EST");
-		goto fail;
-	}
-#else /* OPENSSL_IS_BORINGSSL */
-	p7 = d2i_PKCS7(NULL, &p, len);
-	if (p7 == NULL) {
-		wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		write_result(ctx, "Could not parse PKCS#7 object from EST");
-		goto fail;
-	}
-
-	switch (OBJ_obj2nid(p7->type)) {
-	case NID_pkcs7_signed:
-		certs = p7->d.sign->cert;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		certs = p7->d.signed_and_enveloped->cert;
-		break;
-	default:
-		certs = NULL;
-		break;
-	}
-#endif /* OPENSSL_IS_BORINGSSL */
-
-	if (!certs || ((num = sk_X509_num(certs)) == 0)) {
-		wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object");
-		write_result(ctx, "No certificates found in PKCS#7 object");
-		goto fail;
-	}
-
-	if (der_file) {
-		FILE *f = fopen(der_file, "wb");
-		if (f == NULL)
-			goto fail;
-		i2d_X509_fp(f, sk_X509_value(certs, 0));
-		fclose(f);
-	}
-
-	if (pem_file) {
-		out = BIO_new(BIO_s_file());
-		if (out == NULL ||
-		    BIO_write_filename(out, pem_file) <= 0)
-			goto fail;
-
-		for (i = 0; i < num; i++) {
-			X509 *cert = sk_X509_value(certs, i);
-			X509_print(out, cert);
-			PEM_write_bio_X509(out, cert);
-			BIO_puts(out, "\n");
-		}
-	}
-
-	ret = 0;
-
-fail:
-#ifdef OPENSSL_IS_BORINGSSL
-	if (certs)
-		sk_X509_pop_free(certs, X509_free);
-#else /* OPENSSL_IS_BORINGSSL */
-	PKCS7_free(p7);
-#endif /* OPENSSL_IS_BORINGSSL */
-	if (out)
-		BIO_free_all(out);
-
-	return ret;
-}
-
-
-int est_load_cacerts(struct hs20_osu_client *ctx, const char *url)
-{
-	char *buf, *resp;
-	size_t buflen;
-	unsigned char *pkcs7;
-	size_t pkcs7_len, resp_len;
-	int res;
-
-	buflen = os_strlen(url) + 100;
-	buf = os_malloc(buflen);
-	if (buf == NULL)
-		return -1;
-
-	os_snprintf(buf, buflen, "%s/cacerts", url);
-	wpa_printf(MSG_INFO, "Download EST cacerts from %s", buf);
-	write_summary(ctx, "Download EST cacerts from %s", buf);
-	ctx->no_osu_cert_validation = 1;
-	http_ocsp_set(ctx->http, 1);
-	res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt",
-				 ctx->ca_fname);
-	http_ocsp_set(ctx->http,
-		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
-	ctx->no_osu_cert_validation = 0;
-	if (res < 0) {
-		wpa_printf(MSG_INFO, "Failed to download EST cacerts from %s",
-			   buf);
-		write_result(ctx, "Failed to download EST cacerts from %s",
-			     buf);
-		os_free(buf);
-		return -1;
-	}
-	os_free(buf);
-
-	resp = os_readfile("Cert/est-cacerts.txt", &resp_len);
-	if (resp == NULL) {
-		wpa_printf(MSG_INFO, "Could not read Cert/est-cacerts.txt");
-		write_result(ctx, "Could not read EST cacerts");
-		return -1;
-	}
-
-	pkcs7 = base64_decode(resp, resp_len, &pkcs7_len);
-	if (pkcs7 && pkcs7_len < resp_len / 2) {
-		wpa_printf(MSG_INFO, "Too short base64 decode (%u bytes; downloaded %u bytes) - assume this was binary",
-			   (unsigned int) pkcs7_len, (unsigned int) resp_len);
-		os_free(pkcs7);
-		pkcs7 = NULL;
-	}
-	if (pkcs7 == NULL) {
-		wpa_printf(MSG_INFO, "EST workaround - Could not decode base64, assume this is DER encoded PKCS7");
-		pkcs7 = os_malloc(resp_len);
-		if (pkcs7) {
-			os_memcpy(pkcs7, resp, resp_len);
-			pkcs7_len = resp_len;
-		}
-	}
-	os_free(resp);
-
-	if (pkcs7 == NULL) {
-		wpa_printf(MSG_INFO, "Could not fetch PKCS7 cacerts");
-		write_result(ctx, "Could not fetch EST PKCS#7 cacerts");
-		return -1;
-	}
-
-	res = pkcs7_to_cert(ctx, pkcs7, pkcs7_len, "Cert/est-cacerts.pem",
-			    NULL);
-	os_free(pkcs7);
-	if (res < 0) {
-		wpa_printf(MSG_INFO, "Could not parse CA certs from PKCS#7 cacerts response");
-		write_result(ctx, "Could not parse CA certs from EST PKCS#7 cacerts response");
-		return -1;
-	}
-	unlink("Cert/est-cacerts.txt");
-
-	return 0;
-}
-
-
-/*
- * CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
- *
- * AttrOrOID ::= CHOICE {
- *   oid OBJECT IDENTIFIER,
- *   attribute Attribute }
- *
- * Attribute ::= SEQUENCE {
- *   type OBJECT IDENTIFIER,
- *   values SET SIZE(1..MAX) OF OBJECT IDENTIFIER }
- */
-
-typedef struct {
-	ASN1_OBJECT *type;
-	STACK_OF(ASN1_OBJECT) *values;
-} Attribute;
-
-typedef struct {
-	int type;
-	union {
-		ASN1_OBJECT *oid;
-		Attribute *attribute;
-	} d;
-} AttrOrOID;
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-DEFINE_STACK_OF(AttrOrOID)
-#endif
-
-typedef struct {
-	int type;
-	STACK_OF(AttrOrOID) *attrs;
-} CsrAttrs;
-
-ASN1_SEQUENCE(Attribute) = {
-	ASN1_SIMPLE(Attribute, type, ASN1_OBJECT),
-	ASN1_SET_OF(Attribute, values, ASN1_OBJECT)
-} ASN1_SEQUENCE_END(Attribute);
-
-ASN1_CHOICE(AttrOrOID) = {
-	ASN1_SIMPLE(AttrOrOID, d.oid, ASN1_OBJECT),
-	ASN1_SIMPLE(AttrOrOID, d.attribute, Attribute)
-} ASN1_CHOICE_END(AttrOrOID);
-
-ASN1_CHOICE(CsrAttrs) = {
-	ASN1_SEQUENCE_OF(CsrAttrs, attrs, AttrOrOID)
-} ASN1_CHOICE_END(CsrAttrs);
-
-IMPLEMENT_ASN1_FUNCTIONS(CsrAttrs);
-
-
-static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid,
-			     STACK_OF(X509_EXTENSION) *exts)
-{
-	char txt[100];
-	int res;
-
-	if (!oid)
-		return;
-
-	res = OBJ_obj2txt(txt, sizeof(txt), oid, 1);
-	if (res < 0 || res >= (int) sizeof(txt))
-		return;
-
-	if (os_strcmp(txt, "1.2.840.113549.1.9.7") == 0) {
-		wpa_printf(MSG_INFO, "TODO: csrattr challengePassword");
-	} else if (os_strcmp(txt, "1.2.840.113549.1.1.11") == 0) {
-		wpa_printf(MSG_INFO, "csrattr sha256WithRSAEncryption");
-	} else {
-		wpa_printf(MSG_INFO, "Ignore unsupported csrattr oid %s", txt);
-	}
-}
-
-
-static void add_csrattrs_ext_req(struct hs20_osu_client *ctx,
-				 STACK_OF(ASN1_OBJECT) *values,
-				 STACK_OF(X509_EXTENSION) *exts)
-{
-	char txt[100];
-	int i, num, res;
-
-	num = sk_ASN1_OBJECT_num(values);
-	for (i = 0; i < num; i++) {
-		ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(values, i);
-
-		res = OBJ_obj2txt(txt, sizeof(txt), oid, 1);
-		if (res < 0 || res >= (int) sizeof(txt))
-			continue;
-
-		if (os_strcmp(txt, "1.3.6.1.1.1.1.22") == 0) {
-			wpa_printf(MSG_INFO, "TODO: extReq macAddress");
-		} else if (os_strcmp(txt, "1.3.6.1.4.1.40808.1.1.3") == 0) {
-			wpa_printf(MSG_INFO, "TODO: extReq imei");
-		} else if (os_strcmp(txt, "1.3.6.1.4.1.40808.1.1.4") == 0) {
-			wpa_printf(MSG_INFO, "TODO: extReq meid");
-		} else if (os_strcmp(txt, "1.3.6.1.4.1.40808.1.1.5") == 0) {
-			wpa_printf(MSG_INFO, "TODO: extReq DevId");
-		} else {
-			wpa_printf(MSG_INFO, "Ignore unsupported cstattr extensionsRequest %s",
-				   txt);
-		}
-	}
-}
-
-
-static void add_csrattrs_attr(struct hs20_osu_client *ctx, Attribute *attr,
-			      STACK_OF(X509_EXTENSION) *exts)
-{
-	char txt[100], txt2[100];
-	int i, num, res;
-
-	if (!attr || !attr->type || !attr->values)
-		return;
-
-	res = OBJ_obj2txt(txt, sizeof(txt), attr->type, 1);
-	if (res < 0 || res >= (int) sizeof(txt))
-		return;
-
-	if (os_strcmp(txt, "1.2.840.113549.1.9.14") == 0) {
-		add_csrattrs_ext_req(ctx, attr->values, exts);
-		return;
-	}
-
-	num = sk_ASN1_OBJECT_num(attr->values);
-	for (i = 0; i < num; i++) {
-		ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(attr->values, i);
-
-		res = OBJ_obj2txt(txt2, sizeof(txt2), oid, 1);
-		if (res < 0 || res >= (int) sizeof(txt2))
-			continue;
-
-		wpa_printf(MSG_INFO, "Ignore unsupported cstattr::attr %s oid %s",
-			   txt, txt2);
-	}
-}
-
-
-static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
-			 STACK_OF(X509_EXTENSION) *exts)
-{
-	int i, num;
-
-	if (!csrattrs || ! csrattrs->attrs)
-		return;
-
-#ifdef OPENSSL_IS_BORINGSSL
-	num = sk_num(CHECKED_CAST(_STACK *, STACK_OF(AttrOrOID) *,
-				  csrattrs->attrs));
-	for (i = 0; i < num; i++) {
-		AttrOrOID *ao = sk_value(
-			CHECKED_CAST(_STACK *, const STACK_OF(AttrOrOID) *,
-				     csrattrs->attrs), i);
-		switch (ao->type) {
-		case 0:
-			add_csrattrs_oid(ctx, ao->d.oid, exts);
-			break;
-		case 1:
-			add_csrattrs_attr(ctx, ao->d.attribute, exts);
-			break;
-		}
-	}
-#else /* OPENSSL_IS_BORINGSSL */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-	num = sk_AttrOrOID_num(csrattrs->attrs);
-#else
-	num = SKM_sk_num(AttrOrOID, csrattrs->attrs);
-#endif
-	for (i = 0; i < num; i++) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
-		AttrOrOID *ao = sk_AttrOrOID_value(csrattrs->attrs, i);
-#else
-		AttrOrOID *ao = SKM_sk_value(AttrOrOID, csrattrs->attrs, i);
-#endif
-		switch (ao->type) {
-		case 0:
-			add_csrattrs_oid(ctx, ao->d.oid, exts);
-			break;
-		case 1:
-			add_csrattrs_attr(ctx, ao->d.attribute, exts);
-			break;
-		}
-	}
-#endif /* OPENSSL_IS_BORINGSSL */
-}
-
-
-static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
-			char *csr_pem, char *est_req, char *old_cert,
-			CsrAttrs *csrattrs)
-{
-	EVP_PKEY_CTX *pctx = NULL;
-	EVP_PKEY *pkey = NULL;
-	RSA *rsa;
-	X509_REQ *req = NULL;
-	int ret = -1;
-	unsigned int val;
-	X509_NAME *subj = NULL;
-	char name[100];
-	STACK_OF(X509_EXTENSION) *exts = NULL;
-	X509_EXTENSION *ex;
-	BIO *out;
-	CONF *ctmp = NULL;
-
-	wpa_printf(MSG_INFO, "Generate RSA private key");
-	write_summary(ctx, "Generate RSA private key");
-	pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
-	if (!pctx)
-		return -1;
-
-	if (EVP_PKEY_keygen_init(pctx) <= 0)
-		goto fail;
-
-	if (EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048) <= 0)
-		goto fail;
-
-	if (EVP_PKEY_keygen(pctx, &pkey) <= 0)
-		goto fail;
-	EVP_PKEY_CTX_free(pctx);
-	pctx = NULL;
-
-	rsa = EVP_PKEY_get1_RSA(pkey);
-	if (rsa == NULL)
-		goto fail;
-
-	if (key_pem) {
-		FILE *f = fopen(key_pem, "wb");
-		if (f == NULL)
-			goto fail;
-		if (!PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL,
-					     NULL)) {
-			wpa_printf(MSG_INFO, "Could not write private key: %s",
-				   ERR_error_string(ERR_get_error(), NULL));
-			fclose(f);
-			goto fail;
-		}
-		fclose(f);
-	}
-
-	wpa_printf(MSG_INFO, "Generate CSR");
-	write_summary(ctx, "Generate CSR");
-	req = X509_REQ_new();
-	if (req == NULL)
-		goto fail;
-
-	if (old_cert) {
-		FILE *f;
-		X509 *cert;
-		int res;
-
-		f = fopen(old_cert, "r");
-		if (f == NULL)
-			goto fail;
-		cert = PEM_read_X509(f, NULL, NULL, NULL);
-		fclose(f);
-
-		if (cert == NULL)
-			goto fail;
-		res = X509_REQ_set_subject_name(req,
-						X509_get_subject_name(cert));
-		X509_free(cert);
-		if (!res)
-			goto fail;
-	} else {
-		os_get_random((u8 *) &val, sizeof(val));
-		os_snprintf(name, sizeof(name), "cert-user-%u", val);
-		subj = X509_NAME_new();
-		if (subj == NULL ||
-		    !X509_NAME_add_entry_by_txt(subj, "CN", MBSTRING_ASC,
-						(unsigned char *) name,
-						-1, -1, 0) ||
-		    !X509_REQ_set_subject_name(req, subj))
-			goto fail;
-		X509_NAME_free(subj);
-		subj = NULL;
-	}
-
-	if (!X509_REQ_set_pubkey(req, pkey))
-		goto fail;
-
-	exts = sk_X509_EXTENSION_new_null();
-	if (!exts)
-		goto fail;
-
-	ex = X509V3_EXT_nconf_nid(ctmp, NULL, NID_basic_constraints,
-				  "CA:FALSE");
-	if (ex == NULL ||
-	    !sk_X509_EXTENSION_push(exts, ex))
-		goto fail;
-
-	ex = X509V3_EXT_nconf_nid(ctmp, NULL, NID_key_usage,
-				  "nonRepudiation,digitalSignature,keyEncipherment");
-	if (ex == NULL ||
-	    !sk_X509_EXTENSION_push(exts, ex))
-		goto fail;
-
-	ex = X509V3_EXT_nconf_nid(ctmp, NULL, NID_ext_key_usage,
-				  "1.3.6.1.4.1.40808.1.1.2");
-	if (ex == NULL ||
-	    !sk_X509_EXTENSION_push(exts, ex))
-		goto fail;
-
-	add_csrattrs(ctx, csrattrs, exts);
-
-	if (!X509_REQ_add_extensions(req, exts))
-		goto fail;
-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-	exts = NULL;
-
-	if (!X509_REQ_sign(req, pkey, EVP_sha256()))
-		goto fail;
-
-	out = BIO_new(BIO_s_mem());
-	if (out) {
-		char *txt;
-		size_t rlen;
-
-#if !defined(ANDROID) || !defined(OPENSSL_IS_BORINGSSL)
-		X509_REQ_print(out, req);
-#endif
-		rlen = BIO_ctrl_pending(out);
-		txt = os_malloc(rlen + 1);
-		if (txt) {
-			int res = BIO_read(out, txt, rlen);
-			if (res > 0) {
-				txt[res] = '\0';
-				wpa_printf(MSG_MSGDUMP, "OpenSSL: Certificate request:\n%s",
-					   txt);
-			}
-			os_free(txt);
-		}
-		BIO_free(out);
-	}
-
-	if (csr_pem) {
-		FILE *f = fopen(csr_pem, "w");
-		if (f == NULL)
-			goto fail;
-#if !defined(ANDROID) || !defined(OPENSSL_IS_BORINGSSL)
-		X509_REQ_print_fp(f, req);
-#endif
-		if (!PEM_write_X509_REQ(f, req)) {
-			fclose(f);
-			goto fail;
-		}
-		fclose(f);
-	}
-
-	if (est_req) {
-		BIO *mem = BIO_new(BIO_s_mem());
-		BUF_MEM *ptr;
-		char *pos, *end, *buf_end;
-		FILE *f;
-
-		if (mem == NULL)
-			goto fail;
-		if (!PEM_write_bio_X509_REQ(mem, req)) {
-			BIO_free(mem);
-			goto fail;
-		}
-
-		BIO_get_mem_ptr(mem, &ptr);
-		pos = ptr->data;
-		buf_end = pos + ptr->length;
-
-		/* Remove START/END lines */
-		while (pos < buf_end && *pos != '\n')
-			pos++;
-		if (pos == buf_end) {
-			BIO_free(mem);
-			goto fail;
-		}
-		pos++;
-
-		end = pos;
-		while (end < buf_end && *end != '-')
-			end++;
-
-		f = fopen(est_req, "w");
-		if (f == NULL) {
-			BIO_free(mem);
-			goto fail;
-		}
-		fwrite(pos, end - pos, 1, f);
-		fclose(f);
-
-		BIO_free(mem);
-	}
-
-	ret = 0;
-fail:
-	if (exts)
-		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-	if (subj)
-		X509_NAME_free(subj);
-	if (req)
-		X509_REQ_free(req);
-	if (pkey)
-		EVP_PKEY_free(pkey);
-	if (pctx)
-		EVP_PKEY_CTX_free(pctx);
-	return ret;
-}
-
-
-int est_build_csr(struct hs20_osu_client *ctx, const char *url)
-{
-	char *buf;
-	size_t buflen;
-	int res;
-	char old_cert_buf[200];
-	char *old_cert = NULL;
-	CsrAttrs *csrattrs = NULL;
-
-	buflen = os_strlen(url) + 100;
-	buf = os_malloc(buflen);
-	if (buf == NULL)
-		return -1;
-
-	os_snprintf(buf, buflen, "%s/csrattrs", url);
-	wpa_printf(MSG_INFO, "Download csrattrs from %s", buf);
-	write_summary(ctx, "Download EST csrattrs from %s", buf);
-	ctx->no_osu_cert_validation = 1;
-	http_ocsp_set(ctx->http, 1);
-	res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt",
-				 ctx->ca_fname);
-	http_ocsp_set(ctx->http,
-		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
-	ctx->no_osu_cert_validation = 0;
-	os_free(buf);
-	if (res < 0) {
-		wpa_printf(MSG_INFO, "Failed to download EST csrattrs - assume no extra attributes are needed");
-	} else {
-		size_t resp_len;
-		char *resp;
-		unsigned char *attrs;
-		const unsigned char *pos;
-		size_t attrs_len;
-
-		resp = os_readfile("Cert/est-csrattrs.txt", &resp_len);
-		if (resp == NULL) {
-			wpa_printf(MSG_INFO, "Could not read csrattrs");
-			return -1;
-		}
-
-		attrs = base64_decode(resp, resp_len, &attrs_len);
-		os_free(resp);
-
-		if (attrs == NULL) {
-			wpa_printf(MSG_INFO, "Could not base64 decode csrattrs");
-			return -1;
-		}
-		unlink("Cert/est-csrattrs.txt");
-
-		pos = attrs;
-		csrattrs = d2i_CsrAttrs(NULL, &pos, attrs_len);
-		os_free(attrs);
-		if (csrattrs == NULL) {
-			wpa_printf(MSG_INFO, "Failed to parse csrattrs ASN.1");
-			/* Continue assuming no additional requirements */
-		}
-	}
-
-	if (ctx->client_cert_present) {
-		os_snprintf(old_cert_buf, sizeof(old_cert_buf),
-			    "SP/%s/client-cert.pem", ctx->fqdn);
-		old_cert = old_cert_buf;
-	}
-
-	res = generate_csr(ctx, "Cert/privkey-plain.pem", "Cert/est-req.pem",
-			   "Cert/est-req.b64", old_cert, csrattrs);
-	if (csrattrs)
-		CsrAttrs_free(csrattrs);
-
-	return res;
-}
-
-
-int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
-		      const char *user, const char *pw)
-{
-	char *buf, *resp, *req, *req2;
-	size_t buflen, resp_len, len, pkcs7_len;
-	unsigned char *pkcs7;
-	char client_cert_buf[200];
-	char client_key_buf[200];
-	const char *client_cert = NULL, *client_key = NULL;
-	int res;
-
-	req = os_readfile("Cert/est-req.b64", &len);
-	if (req == NULL) {
-		wpa_printf(MSG_INFO, "Could not read Cert/req.b64");
-		return -1;
-	}
-	req2 = os_realloc(req, len + 1);
-	if (req2 == NULL) {
-		os_free(req);
-		return -1;
-	}
-	req2[len] = '\0';
-	req = req2;
-	wpa_printf(MSG_DEBUG, "EST simpleenroll request: %s", req);
-
-	buflen = os_strlen(url) + 100;
-	buf = os_malloc(buflen);
-	if (buf == NULL) {
-		os_free(req);
-		return -1;
-	}
-
-	if (ctx->client_cert_present) {
-		os_snprintf(buf, buflen, "%s/simplereenroll", url);
-		os_snprintf(client_cert_buf, sizeof(client_cert_buf),
-			    "SP/%s/client-cert.pem", ctx->fqdn);
-		client_cert = client_cert_buf;
-		os_snprintf(client_key_buf, sizeof(client_key_buf),
-			    "SP/%s/client-key.pem", ctx->fqdn);
-		client_key = client_key_buf;
-	} else
-		os_snprintf(buf, buflen, "%s/simpleenroll", url);
-	wpa_printf(MSG_INFO, "EST simpleenroll URL: %s", buf);
-	write_summary(ctx, "EST simpleenroll URL: %s", buf);
-	ctx->no_osu_cert_validation = 1;
-	http_ocsp_set(ctx->http, 1);
-	resp = http_post(ctx->http, buf, req, "application/pkcs10",
-			 "Content-Transfer-Encoding: base64",
-			 ctx->ca_fname, user, pw, client_cert, client_key,
-			 &resp_len);
-	http_ocsp_set(ctx->http,
-		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
-	ctx->no_osu_cert_validation = 0;
-	os_free(buf);
-	if (resp == NULL) {
-		wpa_printf(MSG_INFO, "EST certificate enrollment failed");
-		write_result(ctx, "EST certificate enrollment failed");
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "EST simpleenroll response: %s", resp);
-
-	pkcs7 = base64_decode(resp, resp_len, &pkcs7_len);
-	if (pkcs7 == NULL) {
-		wpa_printf(MSG_INFO, "EST workaround - Could not decode base64, assume this is DER encoded PKCS7");
-		pkcs7 = os_malloc(resp_len);
-		if (pkcs7) {
-			os_memcpy(pkcs7, resp, resp_len);
-			pkcs7_len = resp_len;
-		}
-	}
-	os_free(resp);
-
-	if (pkcs7 == NULL) {
-		wpa_printf(MSG_INFO, "Failed to parse simpleenroll base64 response");
-		write_result(ctx, "Failed to parse EST simpleenroll base64 response");
-		return -1;
-	}
-
-	res = pkcs7_to_cert(ctx, pkcs7, pkcs7_len, "Cert/est_cert.pem",
-			    "Cert/est_cert.der");
-	os_free(pkcs7);
-
-	if (res < 0) {
-		wpa_printf(MSG_INFO, "EST: Failed to extract certificate from PKCS7 file");
-		write_result(ctx, "EST: Failed to extract certificate from EST PKCS7 file");
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "EST simple%senroll completed successfully",
-		   ctx->client_cert_present ? "re" : "");
-	write_summary(ctx, "EST simple%senroll completed successfully",
-		      ctx->client_cert_present ? "re" : "");
-
-	return 0;
-}
diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c
deleted file mode 100644
index bcd68b8775d5..000000000000
--- a/hs20/client/oma_dm_client.c
+++ /dev/null
@@ -1,1398 +0,0 @@
-/*
- * Hotspot 2.0 - OMA DM client
- * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_helpers.h"
-#include "xml-utils.h"
-#include "http-utils.h"
-#include "utils/browser.h"
-#include "osu_client.h"
-
-
-#define DM_SERVER_INITIATED_MGMT 1200
-#define DM_CLIENT_INITIATED_MGMT 1201
-#define DM_GENERIC_ALERT 1226
-
-/* OMA-TS-SyncML-RepPro-V1_2_2 - 10. Response Status Codes */
-#define DM_RESP_OK 200
-#define DM_RESP_AUTH_ACCEPTED 212
-#define DM_RESP_CHUNKED_ITEM_ACCEPTED 213
-#define DM_RESP_NOT_EXECUTED 215
-#define DM_RESP_ATOMIC_ROLL_BACK_OK 216
-#define DM_RESP_NOT_MODIFIED 304
-#define DM_RESP_BAD_REQUEST 400
-#define DM_RESP_UNAUTHORIZED 401
-#define DM_RESP_FORBIDDEN 403
-#define DM_RESP_NOT_FOUND 404
-#define DM_RESP_COMMAND_NOT_ALLOWED 405
-#define DM_RESP_OPTIONAL_FEATURE_NOT_SUPPORTED 406
-#define DM_RESP_MISSING_CREDENTIALS 407
-#define DM_RESP_CONFLICT 409
-#define DM_RESP_GONE 410
-#define DM_RESP_INCOMPLETE_COMMAND 412
-#define DM_RESP_REQ_ENTITY_TOO_LARGE 413
-#define DM_RESP_URI_TOO_LONG 414
-#define DM_RESP_UNSUPPORTED_MEDIA_TYPE_OR_FORMAT 415
-#define DM_RESP_REQ_TOO_BIG 416
-#define DM_RESP_ALREADY_EXISTS 418
-#define DM_RESP_DEVICE_FULL 420
-#define DM_RESP_SIZE_MISMATCH 424
-#define DM_RESP_PERMISSION_DENIED 425
-#define DM_RESP_COMMAND_FAILED 500
-#define DM_RESP_COMMAND_NOT_IMPLEMENTED 501
-#define DM_RESP_ATOMIC_ROLL_BACK_FAILED 516
-
-#define DM_HS20_SUBSCRIPTION_CREATION \
-	"org.wi-fi.hotspot2dot0.SubscriptionCreation"
-#define DM_HS20_SUBSCRIPTION_PROVISIONING \
-	"org.wi-fi.hotspot2dot0.SubscriptionProvisioning"
-#define DM_HS20_SUBSCRIPTION_REMEDIATION \
-	"org.wi-fi.hotspot2dot0.SubscriptionRemediation"
-#define DM_HS20_POLICY_UPDATE \
-	"org.wi-fi.hotspot2dot0.PolicyUpdate"
-
-#define DM_URI_PPS "./Wi-Fi/org.wi-fi/PerProviderSubscription"
-#define DM_URI_LAUNCH_BROWSER \
-	"./DevDetail/Ext/org.wi-fi/Wi-Fi/Ops/launchBrowserToURI"
-
-
-static void add_item(struct hs20_osu_client *ctx, xml_node_t *parent,
-		     const char *locuri, const char *data);
-
-
-static const char * int2str(int val)
-{
-	static char buf[20];
-	snprintf(buf, sizeof(buf), "%d", val);
-	return buf;
-}
-
-
-static char * oma_dm_get_target_locuri(struct hs20_osu_client *ctx,
-				       xml_node_t *node)
-{
-	xml_node_t *locuri;
-	char *uri, *ret = NULL;
-
-	locuri = get_node(ctx->xml, node, "Item/Target/LocURI");
-	if (locuri == NULL)
-		return NULL;
-
-	uri = xml_node_get_text(ctx->xml, locuri);
-	if (uri)
-		ret = os_strdup(uri);
-	xml_node_get_text_free(ctx->xml, uri);
-	return ret;
-}
-
-
-static void oma_dm_add_locuri(struct hs20_osu_client *ctx, xml_node_t *parent,
-			      const char *element, const char *uri)
-{
-	xml_node_t *node;
-
-	node = xml_node_create(ctx->xml, parent, NULL, element);
-	if (node == NULL)
-		return;
-	xml_node_create_text(ctx->xml, node, NULL, "LocURI", uri);
-}
-
-
-static xml_node_t * oma_dm_build_hdr(struct hs20_osu_client *ctx,
-				     const char *url, int msgid)
-{
-	xml_node_t *syncml, *synchdr;
-	xml_namespace_t *ns;
-
-	if (!ctx->devid) {
-		wpa_printf(MSG_ERROR,
-			   "DevId from devinfo.xml is not available - cannot use OMA DM");
-		return NULL;
-	}
-
-	syncml = xml_node_create_root(ctx->xml, "SYNCML:SYNCML1.2", NULL, &ns,
-				      "SyncML");
-
-	synchdr = xml_node_create(ctx->xml, syncml, NULL, "SyncHdr");
-	xml_node_create_text(ctx->xml, synchdr, NULL, "VerDTD", "1.2");
-	xml_node_create_text(ctx->xml, synchdr, NULL, "VerProto", "DM/1.2");
-	xml_node_create_text(ctx->xml, synchdr, NULL, "SessionID", "1");
-	xml_node_create_text(ctx->xml, synchdr, NULL, "MsgID", int2str(msgid));
-
-	oma_dm_add_locuri(ctx, synchdr, "Target", url);
-	oma_dm_add_locuri(ctx, synchdr, "Source", ctx->devid);
-
-	return syncml;
-}
-
-
-static void oma_dm_add_cmdid(struct hs20_osu_client *ctx, xml_node_t *parent,
-			     int cmdid)
-{
-	xml_node_create_text(ctx->xml, parent, NULL, "CmdID", int2str(cmdid));
-}
-
-
-static xml_node_t * add_alert(struct hs20_osu_client *ctx, xml_node_t *parent,
-			      int cmdid, int data)
-{
-	xml_node_t *node;
-
-	node = xml_node_create(ctx->xml, parent, NULL, "Alert");
-	if (node == NULL)
-		return NULL;
-	oma_dm_add_cmdid(ctx, node, cmdid);
-	xml_node_create_text(ctx->xml, node, NULL, "Data", int2str(data));
-
-	return node;
-}
-
-
-static xml_node_t * add_status(struct hs20_osu_client *ctx, xml_node_t *parent,
-			       int msgref, int cmdref, int cmdid,
-			       const char *cmd, int data, const char *targetref)
-{
-	xml_node_t *node;
-
-	node = xml_node_create(ctx->xml, parent, NULL, "Status");
-	if (node == NULL)
-		return NULL;
-	oma_dm_add_cmdid(ctx, node, cmdid);
-	xml_node_create_text(ctx->xml, node, NULL, "MsgRef", int2str(msgref));
-	if (cmdref)
-		xml_node_create_text(ctx->xml, node, NULL, "CmdRef",
-				     int2str(cmdref));
-	xml_node_create_text(ctx->xml, node, NULL, "Cmd", cmd);
-	xml_node_create_text(ctx->xml, node, NULL, "Data", int2str(data));
-	if (targetref) {
-		xml_node_create_text(ctx->xml, node, NULL, "TargetRef",
-				     targetref);
-	}
-
-	return node;
-}
-
-
-static xml_node_t * add_results(struct hs20_osu_client *ctx, xml_node_t *parent,
-				int msgref, int cmdref, int cmdid,
-				const char *locuri, const char *data)
-{
-	xml_node_t *node;
-
-	node = xml_node_create(ctx->xml, parent, NULL, "Results");
-	if (node == NULL)
-		return NULL;
-
-	oma_dm_add_cmdid(ctx, node, cmdid);
-	xml_node_create_text(ctx->xml, node, NULL, "MsgRef", int2str(msgref));
-	xml_node_create_text(ctx->xml, node, NULL, "CmdRef", int2str(cmdref));
-	add_item(ctx, node, locuri, data);
-
-	return node;
-}
-
-
-static char * mo_str(struct hs20_osu_client *ctx, const char *urn,
-		     const char *fname)
-{
-	xml_node_t *fnode, *tnds;
-	char *str;
-
-	fnode = node_from_file(ctx->xml, fname);
-	if (!fnode)
-		return NULL;
-	tnds = mo_to_tnds(ctx->xml, fnode, 0, urn, "syncml:dmddf1.2");
-	xml_node_free(ctx->xml, fnode);
-	if (!tnds)
-		return NULL;
-
-	str = xml_node_to_str(ctx->xml, tnds);
-	xml_node_free(ctx->xml, tnds);
-	if (str == NULL)
-		return NULL;
-	wpa_printf(MSG_INFO, "MgmtTree: %s", str);
-
-	return str;
-}
-
-
-static void add_item(struct hs20_osu_client *ctx, xml_node_t *parent,
-		     const char *locuri, const char *data)
-{
-	xml_node_t *item, *node;
-
-	item = xml_node_create(ctx->xml, parent, NULL, "Item");
-	oma_dm_add_locuri(ctx, item, "Source", locuri);
-	node = xml_node_create(ctx->xml, item, NULL, "Meta");
-	xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Format",
-				"Chr");
-	xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Type",
-				"text/plain");
-	xml_node_create_text(ctx->xml, item, NULL, "Data", data);
-}
-
-
-static void add_replace_devinfo(struct hs20_osu_client *ctx, xml_node_t *parent,
-				int cmdid)
-{
-	xml_node_t *info, *child, *replace;
-	const char *name;
-	char locuri[200], *txt;
-
-	info = node_from_file(ctx->xml, "devinfo.xml");
-	if (info == NULL) {
-		wpa_printf(MSG_INFO, "Could not read devinfo.xml");
-		return;
-	}
-
-	replace = xml_node_create(ctx->xml, parent, NULL, "Replace");
-	if (replace == NULL) {
-		xml_node_free(ctx->xml, info);
-		return;
-	}
-	oma_dm_add_cmdid(ctx, replace, cmdid);
-
-	xml_node_for_each_child(ctx->xml, child, info) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		os_snprintf(locuri, sizeof(locuri), "./DevInfo/%s", name);
-		txt = xml_node_get_text(ctx->xml, child);
-		if (txt) {
-			add_item(ctx, replace, locuri, txt);
-			xml_node_get_text_free(ctx->xml, txt);
-		}
-	}
-
-	xml_node_free(ctx->xml, info);
-}
-
-
-static void oma_dm_add_hs20_generic_alert(struct hs20_osu_client *ctx,
-					  xml_node_t *syncbody,
-					  int cmdid, const char *oper,
-					  const char *data)
-{
-	xml_node_t *node, *item;
-	char buf[200];
-
-	node = add_alert(ctx, syncbody, cmdid, DM_GENERIC_ALERT);
-
-	item = xml_node_create(ctx->xml, node, NULL, "Item");
-	oma_dm_add_locuri(ctx, item, "Source", DM_URI_PPS);
-	node = xml_node_create(ctx->xml, item, NULL, "Meta");
-	snprintf(buf, sizeof(buf), "Reversed-Domain-Name: %s", oper);
-	xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Type", buf);
-	xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Format",
-				"xml");
-	xml_node_create_text(ctx->xml, item, NULL, "Data", data);
-}
-
-
-static xml_node_t * build_oma_dm_1(struct hs20_osu_client *ctx,
-				   const char *url, int msgid, const char *oper)
-{
-	xml_node_t *syncml, *syncbody;
-	char *str;
-	int cmdid = 0;
-
-	syncml = oma_dm_build_hdr(ctx, url, msgid);
-	if (syncml == NULL)
-		return NULL;
-
-	syncbody = xml_node_create(ctx->xml, syncml, NULL, "SyncBody");
-	if (syncbody == NULL) {
-		xml_node_free(ctx->xml, syncml);
-		return NULL;
-	}
-
-	cmdid++;
-	add_alert(ctx, syncbody, cmdid, DM_CLIENT_INITIATED_MGMT);
-
-	str = mo_str(ctx, NULL, "devdetail.xml");
-	if (str == NULL) {
-		xml_node_free(ctx->xml, syncml);
-		return NULL;
-	}
-	cmdid++;
-	oma_dm_add_hs20_generic_alert(ctx, syncbody, cmdid, oper, str);
-	os_free(str);
-
-	cmdid++;
-	add_replace_devinfo(ctx, syncbody, cmdid);
-
-	xml_node_create(ctx->xml, syncbody, NULL, "Final");
-
-	return syncml;
-}
-
-
-static xml_node_t * build_oma_dm_1_sub_reg(struct hs20_osu_client *ctx,
-					   const char *url, int msgid)
-{
-	xml_node_t *syncml;
-
-	syncml = build_oma_dm_1(ctx, url, msgid, DM_HS20_SUBSCRIPTION_CREATION);
-	if (syncml)
-		debug_dump_node(ctx, "OMA-DM Package 1 (sub reg)", syncml);
-
-	return syncml;
-}
-
-
-static xml_node_t * build_oma_dm_1_sub_prov(struct hs20_osu_client *ctx,
-					    const char *url, int msgid)
-{
-	xml_node_t *syncml;
-
-	syncml = build_oma_dm_1(ctx, url, msgid,
-				DM_HS20_SUBSCRIPTION_PROVISIONING);
-	if (syncml)
-		debug_dump_node(ctx, "OMA-DM Package 1 (sub prov)", syncml);
-
-	return syncml;
-}
-
-
-static xml_node_t * build_oma_dm_1_pol_upd(struct hs20_osu_client *ctx,
-					   const char *url, int msgid)
-{
-	xml_node_t *syncml;
-
-	syncml = build_oma_dm_1(ctx, url, msgid, DM_HS20_POLICY_UPDATE);
-	if (syncml)
-		debug_dump_node(ctx, "OMA-DM Package 1 (pol upd)", syncml);
-
-	return syncml;
-}
-
-
-static xml_node_t * build_oma_dm_1_sub_rem(struct hs20_osu_client *ctx,
-					   const char *url, int msgid)
-{
-	xml_node_t *syncml;
-
-	syncml = build_oma_dm_1(ctx, url, msgid,
-				DM_HS20_SUBSCRIPTION_REMEDIATION);
-	if (syncml)
-		debug_dump_node(ctx, "OMA-DM Package 1 (sub rem)", syncml);
-
-	return syncml;
-}
-
-
-static int oma_dm_exec_browser(struct hs20_osu_client *ctx, xml_node_t *exec)
-{
-	xml_node_t *node;
-	char *data;
-	int res;
-
-	node = get_node(ctx->xml, exec, "Item/Data");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Data node found");
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	data = xml_node_get_text(ctx->xml, node);
-	if (data == NULL) {
-		wpa_printf(MSG_INFO, "Invalid data");
-		return DM_RESP_BAD_REQUEST;
-	}
-	wpa_printf(MSG_INFO, "Data: %s", data);
-	wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
-	write_summary(ctx, "Launch browser to URI '%s'", data);
-	res = hs20_web_browser(data, 1);
-	xml_node_get_text_free(ctx->xml, data);
-	if (res > 0) {
-		wpa_printf(MSG_INFO, "User response in browser completed successfully");
-		write_summary(ctx, "User response in browser completed successfully");
-		return DM_RESP_OK;
-	} else {
-		wpa_printf(MSG_INFO, "Failed to receive user response");
-		write_summary(ctx, "Failed to receive user response");
-		return DM_RESP_COMMAND_FAILED;
-	}
-}
-
-
-static int oma_dm_exec_get_cert(struct hs20_osu_client *ctx, xml_node_t *exec)
-{
-	xml_node_t *node, *getcert;
-	char *data;
-	const char *name;
-	int res;
-
-	wpa_printf(MSG_INFO, "Client certificate enrollment");
-	write_summary(ctx, "Client certificate enrollment");
-
-	node = get_node(ctx->xml, exec, "Item/Data");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Data node found");
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	data = xml_node_get_text(ctx->xml, node);
-	if (data == NULL) {
-		wpa_printf(MSG_INFO, "Invalid data");
-		return DM_RESP_BAD_REQUEST;
-	}
-	wpa_printf(MSG_INFO, "Data: %s", data);
-	getcert = xml_node_from_buf(ctx->xml, data);
-	xml_node_get_text_free(ctx->xml, data);
-
-	if (getcert == NULL) {
-		wpa_printf(MSG_INFO, "Could not parse Item/Data node contents");
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	debug_dump_node(ctx, "OMA-DM getCertificate", getcert);
-
-	name = xml_node_get_localname(ctx->xml, getcert);
-	if (name == NULL || os_strcasecmp(name, "getCertificate") != 0) {
-		wpa_printf(MSG_INFO, "Unexpected getCertificate node name '%s'",
-			   name);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	res = osu_get_certificate(ctx, getcert);
-
-	xml_node_free(ctx->xml, getcert);
-
-	return res == 0 ? DM_RESP_OK : DM_RESP_COMMAND_FAILED;
-}
-
-
-static int oma_dm_exec(struct hs20_osu_client *ctx, xml_node_t *exec)
-{
-	char *locuri;
-	int ret;
-
-	locuri = oma_dm_get_target_locuri(ctx, exec);
-	if (locuri == NULL) {
-		wpa_printf(MSG_INFO, "No Target LocURI node found");
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	wpa_printf(MSG_INFO, "Target LocURI: %s", locuri);
-
-	if (os_strcasecmp(locuri, "./DevDetail/Ext/org.wi-fi/Wi-Fi/Ops/"
-			  "launchBrowserToURI") == 0) {
-		ret = oma_dm_exec_browser(ctx, exec);
-	} else if (os_strcasecmp(locuri, "./DevDetail/Ext/org.wi-fi/Wi-Fi/Ops/"
-			  "getCertificate") == 0) {
-		ret = oma_dm_exec_get_cert(ctx, exec);
-	} else {
-		wpa_printf(MSG_INFO, "Unsupported exec Target LocURI");
-		ret = DM_RESP_NOT_FOUND;
-	}
-	os_free(locuri);
-
-	return ret;
-}
-
-
-static int oma_dm_run_add(struct hs20_osu_client *ctx, const char *locuri,
-			  xml_node_t *add, xml_node_t *pps,
-			  const char *pps_fname)
-{
-	const char *pos;
-	size_t fqdn_len;
-	xml_node_t *node, *tnds, *unode, *pps_node;
-	char *data, *uri, *upos, *end;
-	int use_tnds = 0;
-	size_t uri_len;
-
-	wpa_printf(MSG_INFO, "Add command target LocURI: %s", locuri);
-
-	if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
-		wpa_printf(MSG_INFO, "Do not allow Add outside ./Wi-Fi");
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos = locuri + 8;
-
-	if (ctx->fqdn == NULL)
-		return DM_RESP_COMMAND_FAILED;
-	fqdn_len = os_strlen(ctx->fqdn);
-	if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
-	    pos[fqdn_len] != '/') {
-		wpa_printf(MSG_INFO, "Do not allow Add outside ./Wi-Fi/%s",
-			   ctx->fqdn);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos += fqdn_len + 1;
-
-	if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
-		wpa_printf(MSG_INFO,
-			   "Do not allow Add outside ./Wi-Fi/%s/PerProviderSubscription",
-			   ctx->fqdn);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos += 24;
-
-	wpa_printf(MSG_INFO, "Add command for PPS node %s", pos);
-
-	pps_node = get_node(ctx->xml, pps, pos);
-	if (pps_node) {
-		wpa_printf(MSG_INFO, "Specified PPS node exists already");
-		return DM_RESP_ALREADY_EXISTS;
-	}
-
-	uri = os_strdup(pos);
-	if (uri == NULL)
-		return DM_RESP_COMMAND_FAILED;
-	while (!pps_node) {
-		upos = os_strrchr(uri, '/');
-		if (!upos)
-			break;
-		upos[0] = '\0';
-		pps_node = get_node(ctx->xml, pps, uri);
-		wpa_printf(MSG_INFO, "Node %s %s", uri,
-			   pps_node ? "exists" : "does not exist");
-	}
-
-	wpa_printf(MSG_INFO, "Parent URI: %s", uri);
-
-	if (!pps_node) {
-		/* Add at root of PPS MO */
-		pps_node = pps;
-	}
-
-	uri_len = os_strlen(uri);
-	os_strlcpy(uri, pos + uri_len, os_strlen(pos));
-	upos = uri;
-	while (*upos == '/')
-		upos++;
-	wpa_printf(MSG_INFO, "Nodes to add: %s", upos);
-
-	for (;;) {
-		end = os_strchr(upos, '/');
-		if (!end)
-			break;
-		*end = '\0';
-		wpa_printf(MSG_INFO, "Adding interim node %s", upos);
-		pps_node = xml_node_create(ctx->xml, pps_node, NULL, upos);
-		if (pps_node == NULL) {
-			os_free(uri);
-			return DM_RESP_COMMAND_FAILED;
-		}
-		upos = end + 1;
-	}
-
-	wpa_printf(MSG_INFO, "Adding node %s", upos);
-
-	node = get_node(ctx->xml, add, "Item/Meta/Type");
-	if (node) {
-		char *type;
-		type = xml_node_get_text(ctx->xml, node);
-		if (type == NULL) {
-			wpa_printf(MSG_ERROR, "Could not find type text");
-			os_free(uri);
-			return DM_RESP_BAD_REQUEST;
-		}
-		use_tnds = node &&
-			os_strstr(type, "application/vnd.syncml.dmtnds+xml");
-	}
-
-	node = get_node(ctx->xml, add, "Item/Data");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Add/Item/Data found");
-		os_free(uri);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	data = xml_node_get_text(ctx->xml, node);
-	if (data == NULL) {
-		wpa_printf(MSG_INFO, "Could not get Add/Item/Data text");
-		os_free(uri);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	wpa_printf(MSG_DEBUG, "Add/Item/Data: %s", data);
-
-	if (use_tnds) {
-		tnds = xml_node_from_buf(ctx->xml, data);
-		xml_node_get_text_free(ctx->xml, data);
-		if (tnds == NULL) {
-			wpa_printf(MSG_INFO,
-				   "Could not parse Add/Item/Data text");
-			os_free(uri);
-			return DM_RESP_BAD_REQUEST;
-		}
-
-		unode = tnds_to_mo(ctx->xml, tnds);
-		xml_node_free(ctx->xml, tnds);
-		if (unode == NULL) {
-			wpa_printf(MSG_INFO, "Could not parse TNDS text");
-			os_free(uri);
-			return DM_RESP_BAD_REQUEST;
-		}
-
-		debug_dump_node(ctx, "Parsed TNDS", unode);
-
-		xml_node_add_child(ctx->xml, pps_node, unode);
-	} else {
-		/* TODO: What to do here? */
-		os_free(uri);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	os_free(uri);
-
-	if (update_pps_file(ctx, pps_fname, pps) < 0)
-		return DM_RESP_COMMAND_FAILED;
-
-	ctx->pps_updated = 1;
-
-	return DM_RESP_OK;
-}
-
-
-static int oma_dm_add(struct hs20_osu_client *ctx, xml_node_t *add,
-		      xml_node_t *pps, const char *pps_fname)
-{
-	xml_node_t *node;
-	char *locuri;
-	char fname[300];
-	int ret;
-
-	node = get_node(ctx->xml, add, "Item/Target/LocURI");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Target LocURI node found");
-		return DM_RESP_BAD_REQUEST;
-	}
-	locuri = xml_node_get_text(ctx->xml, node);
-	if (locuri == NULL) {
-		wpa_printf(MSG_ERROR, "No LocURI node text found");
-		return DM_RESP_BAD_REQUEST;
-	}
-	wpa_printf(MSG_INFO, "Target LocURI: %s", locuri);
-	if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
-		wpa_printf(MSG_INFO, "Unsupported Add Target LocURI");
-		xml_node_get_text_free(ctx->xml, locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-
-	node = get_node(ctx->xml, add, "Item/Data");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Data node found");
-		xml_node_get_text_free(ctx->xml, locuri);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	if (pps_fname && os_file_exists(pps_fname)) {
-		ret = oma_dm_run_add(ctx, locuri, add, pps, pps_fname);
-		if (ret != DM_RESP_OK) {
-			xml_node_get_text_free(ctx->xml, locuri);
-			return ret;
-		}
-		ret = 0;
-		os_strlcpy(fname, pps_fname, sizeof(fname));
-	} else
-		ret = hs20_add_pps_mo(ctx, locuri, node, fname, sizeof(fname));
-	xml_node_get_text_free(ctx->xml, locuri);
-	if (ret < 0)
-		return ret == -2 ? DM_RESP_ALREADY_EXISTS :
-			DM_RESP_COMMAND_FAILED;
-
-	if (ctx->no_reconnect == 2) {
-		os_snprintf(ctx->pps_fname, sizeof(ctx->pps_fname), "%s",
-			    fname);
-		ctx->pps_cred_set = 1;
-		return DM_RESP_OK;
-	}
-
-	wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
-	cmd_set_pps(ctx, fname);
-
-	if (ctx->no_reconnect)
-		return DM_RESP_OK;
-
-	wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
-	if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0)
-		wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
-
-	return DM_RESP_OK;
-}
-
-
-static int oma_dm_replace(struct hs20_osu_client *ctx, xml_node_t *replace,
-			  xml_node_t *pps, const char *pps_fname)
-{
-	char *locuri, *pos;
-	size_t fqdn_len;
-	xml_node_t *node, *tnds, *unode, *pps_node, *parent;
-	char *data;
-	int use_tnds = 0;
-
-	locuri = oma_dm_get_target_locuri(ctx, replace);
-	if (locuri == NULL)
-		return DM_RESP_BAD_REQUEST;
-
-	wpa_printf(MSG_INFO, "Replace command target LocURI: %s", locuri);
-	if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
-		wpa_printf(MSG_INFO, "Do not allow Replace outside ./Wi-Fi");
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos = locuri + 8;
-
-	if (ctx->fqdn == NULL) {
-		os_free(locuri);
-		return DM_RESP_COMMAND_FAILED;
-	}
-	fqdn_len = os_strlen(ctx->fqdn);
-	if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
-	    pos[fqdn_len] != '/') {
-		wpa_printf(MSG_INFO, "Do not allow Replace outside ./Wi-Fi/%s",
-			   ctx->fqdn);
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos += fqdn_len + 1;
-
-	if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
-		wpa_printf(MSG_INFO,
-			   "Do not allow Replace outside ./Wi-Fi/%s/PerProviderSubscription",
-			   ctx->fqdn);
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos += 24;
-
-	wpa_printf(MSG_INFO, "Replace command for PPS node %s", pos);
-
-	pps_node = get_node(ctx->xml, pps, pos);
-	if (pps_node == NULL) {
-		wpa_printf(MSG_INFO, "Specified PPS node not found");
-		os_free(locuri);
-		return DM_RESP_NOT_FOUND;
-	}
-
-	node = get_node(ctx->xml, replace, "Item/Meta/Type");
-	if (node) {
-		char *type;
-		type = xml_node_get_text(ctx->xml, node);
-		if (type == NULL) {
-			wpa_printf(MSG_INFO, "Could not find type text");
-			os_free(locuri);
-			return DM_RESP_BAD_REQUEST;
-		}
-		use_tnds = node &&
-			os_strstr(type, "application/vnd.syncml.dmtnds+xml");
-	}
-
-	node = get_node(ctx->xml, replace, "Item/Data");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Replace/Item/Data found");
-		os_free(locuri);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	data = xml_node_get_text(ctx->xml, node);
-	if (data == NULL) {
-		wpa_printf(MSG_INFO, "Could not get Replace/Item/Data text");
-		os_free(locuri);
-		return DM_RESP_BAD_REQUEST;
-	}
-
-	wpa_printf(MSG_DEBUG, "Replace/Item/Data: %s", data);
-
-	if (use_tnds) {
-		tnds = xml_node_from_buf(ctx->xml, data);
-		xml_node_get_text_free(ctx->xml, data);
-		if (tnds == NULL) {
-			wpa_printf(MSG_INFO,
-				   "Could not parse Replace/Item/Data text");
-			os_free(locuri);
-			return DM_RESP_BAD_REQUEST;
-		}
-
-		unode = tnds_to_mo(ctx->xml, tnds);
-		xml_node_free(ctx->xml, tnds);
-		if (unode == NULL) {
-			wpa_printf(MSG_INFO, "Could not parse TNDS text");
-			os_free(locuri);
-			return DM_RESP_BAD_REQUEST;
-		}
-
-		debug_dump_node(ctx, "Parsed TNDS", unode);
-
-		parent = xml_node_get_parent(ctx->xml, pps_node);
-		xml_node_detach(ctx->xml, pps_node);
-		xml_node_add_child(ctx->xml, parent, unode);
-	} else {
-		xml_node_set_text(ctx->xml, pps_node, data);
-		xml_node_get_text_free(ctx->xml, data);
-	}
-
-	os_free(locuri);
-
-	if (update_pps_file(ctx, pps_fname, pps) < 0)
-		return DM_RESP_COMMAND_FAILED;
-
-	ctx->pps_updated = 1;
-
-	return DM_RESP_OK;
-}
-
-
-static int oma_dm_get(struct hs20_osu_client *ctx, xml_node_t *get,
-		      xml_node_t *pps, const char *pps_fname, char **value)
-{
-	char *locuri, *pos;
-	size_t fqdn_len;
-	xml_node_t *pps_node;
-	const char *name;
-
-	*value = NULL;
-
-	locuri = oma_dm_get_target_locuri(ctx, get);
-	if (locuri == NULL)
-		return DM_RESP_BAD_REQUEST;
-
-	wpa_printf(MSG_INFO, "Get command target LocURI: %s", locuri);
-	if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
-		wpa_printf(MSG_INFO, "Do not allow Get outside ./Wi-Fi");
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos = locuri + 8;
-
-	if (ctx->fqdn == NULL)
-		return DM_RESP_COMMAND_FAILED;
-	fqdn_len = os_strlen(ctx->fqdn);
-	if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
-	    pos[fqdn_len] != '/') {
-		wpa_printf(MSG_INFO, "Do not allow Get outside ./Wi-Fi/%s",
-			   ctx->fqdn);
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos += fqdn_len + 1;
-
-	if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
-		wpa_printf(MSG_INFO,
-			   "Do not allow Get outside ./Wi-Fi/%s/PerProviderSubscription",
-			   ctx->fqdn);
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-	pos += 24;
-
-	wpa_printf(MSG_INFO, "Get command for PPS node %s", pos);
-
-	pps_node = get_node(ctx->xml, pps, pos);
-	if (pps_node == NULL) {
-		wpa_printf(MSG_INFO, "Specified PPS node not found");
-		os_free(locuri);
-		return DM_RESP_NOT_FOUND;
-	}
-
-	name = xml_node_get_localname(ctx->xml, pps_node);
-	wpa_printf(MSG_INFO, "Get command returned node with name '%s'", name);
-	if (os_strcasecmp(name, "Password") == 0) {
-		wpa_printf(MSG_INFO, "Do not allow Get for Password node");
-		os_free(locuri);
-		return DM_RESP_PERMISSION_DENIED;
-	}
-
-	/*
-	 * TODO: No support for DMTNDS, so if interior node, reply with a
-	 * list of children node names in Results element. The child list type is
-	 * defined in [DMTND].
-	 */
-
-	*value = xml_node_get_text(ctx->xml, pps_node);
-	if (*value == NULL)
-		return DM_RESP_COMMAND_FAILED;
-
-	return DM_RESP_OK;
-}
-
-
-static int oma_dm_get_cmdid(struct hs20_osu_client *ctx, xml_node_t *node)
-{
-	xml_node_t *cnode;
-	char *str;
-	int ret;
-
-	cnode = get_node(ctx->xml, node, "CmdID");
-	if (cnode == NULL)
-		return 0;
-
-	str = xml_node_get_text(ctx->xml, cnode);
-	if (str == NULL)
-		return 0;
-	ret = atoi(str);
-	xml_node_get_text_free(ctx->xml, str);
-	return ret;
-}
-
-
-static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
-				     const char *url, xml_node_t *syncml,
-				     const char *ext_hdr,
-				     const char *username, const char *password,
-				     const char *client_cert,
-				     const char *client_key)
-{
-	xml_node_t *resp;
-	char *str, *res;
-	char *resp_uri = NULL;
-
-	str = xml_node_to_str(ctx->xml, syncml);
-	xml_node_free(ctx->xml, syncml);
-	if (str == NULL)
-		return NULL;
-
-	wpa_printf(MSG_INFO, "Send OMA DM Package");
-	write_summary(ctx, "Send OMA DM Package");
-	os_free(ctx->server_url);
-	ctx->server_url = os_strdup(url);
-	res = http_post(ctx->http, url, str, "application/vnd.syncml.dm+xml",
-			ext_hdr, ctx->ca_fname, username, password,
-			client_cert, client_key, NULL);
-	os_free(str);
-	os_free(resp_uri);
-	resp_uri = NULL;
-
-	if (res == NULL) {
-		const char *err = http_get_err(ctx->http);
-		if (err) {
-			wpa_printf(MSG_INFO, "HTTP error: %s", err);
-			write_result(ctx, "HTTP error: %s", err);
-		} else {
-			write_summary(ctx, "Failed to send OMA DM Package");
-		}
-		return NULL;
-	}
-	wpa_printf(MSG_DEBUG, "Server response: %s", res);
-
-	wpa_printf(MSG_INFO, "Process OMA DM Package");
-	write_summary(ctx, "Process received OMA DM Package");
-	resp = xml_node_from_buf(ctx->xml, res);
-	os_free(res);
-	if (resp == NULL) {
-		wpa_printf(MSG_INFO, "Failed to parse OMA DM response");
-		return NULL;
-	}
-
-	debug_dump_node(ctx, "OMA DM Package", resp);
-
-	return resp;
-}
-
-
-static xml_node_t * oma_dm_process(struct hs20_osu_client *ctx, const char *url,
-				   xml_node_t *resp, int msgid,
-				   char **ret_resp_uri,
-				   xml_node_t *pps, const char *pps_fname)
-{
-	xml_node_t *syncml, *syncbody, *hdr, *body, *child;
-	const char *name;
-	char *resp_uri = NULL;
-	int server_msgid = 0;
-	int cmdid = 0;
-	int server_cmdid;
-	int resp_needed = 0;
-	char *tmp;
-	int final = 0;
-	char *locuri;
-
-	*ret_resp_uri = NULL;
-
-	name = xml_node_get_localname(ctx->xml, resp);
-	if (name == NULL || os_strcasecmp(name, "SyncML") != 0) {
-		wpa_printf(MSG_INFO, "SyncML node not found");
-		return NULL;
-	}
-
-	hdr = get_node(ctx->xml, resp, "SyncHdr");
-	body = get_node(ctx->xml, resp, "SyncBody");
-	if (hdr == NULL || body == NULL) {
-		wpa_printf(MSG_INFO, "Could not find SyncHdr or SyncBody");
-		return NULL;
-	}
-
-	xml_node_for_each_child(ctx->xml, child, hdr) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		wpa_printf(MSG_INFO, "SyncHdr %s", name);
-		if (os_strcasecmp(name, "RespURI") == 0) {
-			tmp = xml_node_get_text(ctx->xml, child);
-			if (tmp)
-				resp_uri = os_strdup(tmp);
-			xml_node_get_text_free(ctx->xml, tmp);
-		} else if (os_strcasecmp(name, "MsgID") == 0) {
-			tmp = xml_node_get_text(ctx->xml, child);
-			if (tmp)
-				server_msgid = atoi(tmp);
-			xml_node_get_text_free(ctx->xml, tmp);
-		}
-	}
-
-	wpa_printf(MSG_INFO, "Server MsgID: %d", server_msgid);
-	if (resp_uri)
-		wpa_printf(MSG_INFO, "RespURI: %s", resp_uri);
-
-	syncml = oma_dm_build_hdr(ctx, resp_uri ? resp_uri : url, msgid);
-	if (syncml == NULL) {
-		os_free(resp_uri);
-		return NULL;
-	}
-
-	syncbody = xml_node_create(ctx->xml, syncml, NULL, "SyncBody");
-	cmdid++;
-	add_status(ctx, syncbody, server_msgid, 0, cmdid, "SyncHdr",
-		   DM_RESP_AUTH_ACCEPTED, NULL);
-
-	xml_node_for_each_child(ctx->xml, child, body) {
-		xml_node_for_each_check(ctx->xml, child);
-		server_cmdid = oma_dm_get_cmdid(ctx, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		wpa_printf(MSG_INFO, "SyncBody CmdID=%d - %s",
-			   server_cmdid, name);
-		if (os_strcasecmp(name, "Exec") == 0) {
-			int res = oma_dm_exec(ctx, child);
-			cmdid++;
-			locuri = oma_dm_get_target_locuri(ctx, child);
-			if (locuri == NULL)
-				res = DM_RESP_BAD_REQUEST;
-			add_status(ctx, syncbody, server_msgid, server_cmdid,
-				   cmdid, name, res, locuri);
-			os_free(locuri);
-			resp_needed = 1;
-		} else if (os_strcasecmp(name, "Add") == 0) {
-			int res = oma_dm_add(ctx, child, pps, pps_fname);
-			cmdid++;
-			locuri = oma_dm_get_target_locuri(ctx, child);
-			if (locuri == NULL)
-				res = DM_RESP_BAD_REQUEST;
-			add_status(ctx, syncbody, server_msgid, server_cmdid,
-				   cmdid, name, res, locuri);
-			os_free(locuri);
-			resp_needed = 1;
-		} else if (os_strcasecmp(name, "Replace") == 0) {
-			int res;
-			res = oma_dm_replace(ctx, child, pps, pps_fname);
-			cmdid++;
-			locuri = oma_dm_get_target_locuri(ctx, child);
-			if (locuri == NULL)
-				res = DM_RESP_BAD_REQUEST;
-			add_status(ctx, syncbody, server_msgid, server_cmdid,
-				   cmdid, name, res, locuri);
-			os_free(locuri);
-			resp_needed = 1;
-		} else if (os_strcasecmp(name, "Status") == 0) {
-			/* TODO: Verify success */
-		} else if (os_strcasecmp(name, "Get") == 0) {
-			int res;
-			char *value;
-			res = oma_dm_get(ctx, child, pps, pps_fname, &value);
-			cmdid++;
-			locuri = oma_dm_get_target_locuri(ctx, child);
-			if (locuri == NULL)
-				res = DM_RESP_BAD_REQUEST;
-			add_status(ctx, syncbody, server_msgid, server_cmdid,
-				   cmdid, name, res, locuri);
-			if (res == DM_RESP_OK && value) {
-				cmdid++;
-				add_results(ctx, syncbody, server_msgid,
-					    server_cmdid, cmdid, locuri, value);
-			}
-			os_free(locuri);
-			xml_node_get_text_free(ctx->xml, value);
-			resp_needed = 1;
-#if 0 /* TODO: MUST support */
-		} else if (os_strcasecmp(name, "Delete") == 0) {
-#endif
-#if 0 /* TODO: MUST support */
-		} else if (os_strcasecmp(name, "Sequence") == 0) {
-#endif
-		} else if (os_strcasecmp(name, "Final") == 0) {
-			final = 1;
-			break;
-		} else {
-			locuri = oma_dm_get_target_locuri(ctx, child);
-			add_status(ctx, syncbody, server_msgid, server_cmdid,
-				   cmdid, name, DM_RESP_COMMAND_NOT_IMPLEMENTED,
-				   locuri);
-			os_free(locuri);
-			resp_needed = 1;
-		}
-	}
-
-	if (!final) {
-		wpa_printf(MSG_INFO, "Final node not found");
-		xml_node_free(ctx->xml, syncml);
-		os_free(resp_uri);
-		return NULL;
-	}
-
-	if (!resp_needed) {
-		wpa_printf(MSG_INFO, "Exchange completed - no response needed");
-		xml_node_free(ctx->xml, syncml);
-		os_free(resp_uri);
-		return NULL;
-	}
-
-	xml_node_create(ctx->xml, syncbody, NULL, "Final");
-
-	debug_dump_node(ctx, "OMA-DM Package 3", syncml);
-
-	*ret_resp_uri = resp_uri;
-	return syncml;
-}
-
-
-int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url)
-{
-	xml_node_t *syncml, *resp;
-	char *resp_uri = NULL;
-	int msgid = 0;
-
-	if (url == NULL) {
-		wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "OMA-DM credential provisioning requested");
-	write_summary(ctx, "OMA-DM credential provisioning");
-
-	msgid++;
-	syncml = build_oma_dm_1_sub_reg(ctx, url, msgid);
-	if (syncml == NULL)
-		return -1;
-
-	while (syncml) {
-		resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
-					syncml, NULL, NULL, NULL, NULL, NULL);
-		if (resp == NULL)
-			return -1;
-
-		msgid++;
-		syncml = oma_dm_process(ctx, url, resp, msgid, &resp_uri,
-					NULL, NULL);
-		xml_node_free(ctx->xml, resp);
-	}
-
-	os_free(resp_uri);
-
-	return ctx->pps_cred_set ? 0 : -1;
-}
-
-
-int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url)
-{
-	xml_node_t *syncml, *resp;
-	char *resp_uri = NULL;
-	int msgid = 0;
-
-	if (url == NULL) {
-		wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "OMA-DM SIM provisioning requested");
-	ctx->no_reconnect = 2;
-
-	wpa_printf(MSG_INFO, "Wait for IP address before starting SIM provisioning");
-	write_summary(ctx, "Wait for IP address before starting SIM provisioning");
-
-	if (wait_ip_addr(ctx->ifname, 15) < 0) {
-		wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
-	}
-	write_summary(ctx, "OMA-DM SIM provisioning");
-
-	msgid++;
-	syncml = build_oma_dm_1_sub_prov(ctx, url, msgid);
-	if (syncml == NULL)
-		return -1;
-
-	while (syncml) {
-		resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
-					syncml, NULL, NULL, NULL, NULL, NULL);
-		if (resp == NULL)
-			return -1;
-
-		msgid++;
-		syncml = oma_dm_process(ctx, url, resp, msgid, &resp_uri,
-					NULL, NULL);
-		xml_node_free(ctx->xml, resp);
-	}
-
-	os_free(resp_uri);
-
-	if (ctx->pps_cred_set) {
-		wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
-		cmd_set_pps(ctx, ctx->pps_fname);
-
-		wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
-		write_summary(ctx, "Requesting reconnection with updated configuration");
-		if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
-			wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
-			write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
-			return -1;
-		}
-	}
-
-	return ctx->pps_cred_set ? 0 : -1;
-}
-
-
-void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
-		    const char *pps_fname,
-		    const char *client_cert, const char *client_key,
-		    const char *cred_username, const char *cred_password,
-		    xml_node_t *pps)
-{
-	xml_node_t *syncml, *resp;
-	char *resp_uri = NULL;
-	int msgid = 0;
-
-	wpa_printf(MSG_INFO, "OMA-DM policy update");
-	write_summary(ctx, "OMA-DM policy update");
-
-	msgid++;
-	syncml = build_oma_dm_1_pol_upd(ctx, address, msgid);
-	if (syncml == NULL)
-		return;
-
-	while (syncml) {
-		resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
-					syncml, NULL, cred_username,
-					cred_password, client_cert, client_key);
-		if (resp == NULL)
-			return;
-
-		msgid++;
-		syncml = oma_dm_process(ctx, address, resp, msgid, &resp_uri,
-					pps, pps_fname);
-		xml_node_free(ctx->xml, resp);
-	}
-
-	os_free(resp_uri);
-
-	if (ctx->pps_updated) {
-		wpa_printf(MSG_INFO, "Update wpa_supplicant credential based on updated PPS MO");
-		write_summary(ctx, "Update wpa_supplicant credential based on updated PPS MO and request connection");
-		cmd_set_pps(ctx, pps_fname);
-		if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
-			wpa_printf(MSG_INFO,
-				   "Failed to request wpa_supplicant to reconnect");
-			write_summary(ctx,
-				      "Failed to request wpa_supplicant to reconnect");
-		}
-	}
-}
-
-
-void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
-		    const char *pps_fname,
-		    const char *client_cert, const char *client_key,
-		    const char *cred_username, const char *cred_password,
-		    xml_node_t *pps)
-{
-	xml_node_t *syncml, *resp;
-	char *resp_uri = NULL;
-	int msgid = 0;
-
-	wpa_printf(MSG_INFO, "OMA-DM subscription remediation");
-	write_summary(ctx, "OMA-DM subscription remediation");
-
-	msgid++;
-	syncml = build_oma_dm_1_sub_rem(ctx, address, msgid);
-	if (syncml == NULL)
-		return;
-
-	while (syncml) {
-		resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
-					syncml, NULL, cred_username,
-					cred_password, client_cert, client_key);
-		if (resp == NULL)
-			return;
-
-		msgid++;
-		syncml = oma_dm_process(ctx, address, resp, msgid, &resp_uri,
-					pps, pps_fname);
-		xml_node_free(ctx->xml, resp);
-	}
-
-	os_free(resp_uri);
-
-	wpa_printf(MSG_INFO, "Update wpa_supplicant credential based on updated PPS MO and request reconnection");
-	write_summary(ctx, "Update wpa_supplicant credential based on updated PPS MO and request reconnection");
-	cmd_set_pps(ctx, pps_fname);
-	if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
-		wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
-		write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
-	}
-}
-
-
-void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
-		    const char *add_fname)
-{
-	xml_node_t *pps, *add;
-	int res;
-
-	ctx->fqdn = os_strdup("wi-fi.org");
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "PPS file %s could not be parsed",
-			   pps_fname);
-		return;
-	}
-
-	add = node_from_file(ctx->xml, add_fname);
-	if (add == NULL) {
-		wpa_printf(MSG_INFO, "Add file %s could not be parsed",
-			   add_fname);
-		xml_node_free(ctx->xml, pps);
-		return;
-	}
-
-	res = oma_dm_add(ctx, add, pps, pps_fname);
-	wpa_printf(MSG_INFO, "oma_dm_add --> %d", res);
-
-	xml_node_free(ctx->xml, pps);
-	xml_node_free(ctx->xml, add);
-}
-
-
-void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,
-			const char *replace_fname)
-{
-	xml_node_t *pps, *replace;
-	int res;
-
-	ctx->fqdn = os_strdup("wi-fi.org");
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "PPS file %s could not be parsed",
-			   pps_fname);
-		return;
-	}
-
-	replace = node_from_file(ctx->xml, replace_fname);
-	if (replace == NULL) {
-		wpa_printf(MSG_INFO, "Replace file %s could not be parsed",
-			   replace_fname);
-		xml_node_free(ctx->xml, pps);
-		return;
-	}
-
-	res = oma_dm_replace(ctx, replace, pps, pps_fname);
-	wpa_printf(MSG_INFO, "oma_dm_replace --> %d", res);
-
-	xml_node_free(ctx->xml, pps);
-	xml_node_free(ctx->xml, replace);
-}
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
deleted file mode 100644
index 11bf0db35e93..000000000000
--- a/hs20/client/osu_client.c
+++ /dev/null
@@ -1,3431 +0,0 @@
-/*
- * Hotspot 2.0 OSU client
- * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <time.h>
-#include <sys/stat.h>
-#ifdef ANDROID
-#include "private/android_filesystem_config.h"
-#endif /* ANDROID */
-
-#include "common.h"
-#include "utils/browser.h"
-#include "utils/base64.h"
-#include "utils/xml-utils.h"
-#include "utils/http-utils.h"
-#include "common/wpa_ctrl.h"
-#include "common/wpa_helpers.h"
-#include "eap_common/eap_defs.h"
-#include "crypto/crypto.h"
-#include "crypto/sha256.h"
-#include "osu_client.h"
-
-const char *spp_xsd_fname = "spp.xsd";
-
-
-void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
-{
-	va_list ap;
-	FILE *f;
-	char buf[500];
-
-	va_start(ap, fmt);
-	vsnprintf(buf, sizeof(buf), fmt, ap);
-	va_end(ap);
-	write_summary(ctx, "%s", buf);
-
-	if (!ctx->result_file)
-		return;
-
-	f = fopen(ctx->result_file, "w");
-	if (f == NULL)
-		return;
-
-	va_start(ap, fmt);
-	vfprintf(f, fmt, ap);
-	va_end(ap);
-	fprintf(f, "\n");
-	fclose(f);
-}
-
-
-void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
-{
-	va_list ap;
-	FILE *f;
-
-	if (!ctx->summary_file)
-		return;
-
-	f = fopen(ctx->summary_file, "a");
-	if (f == NULL)
-		return;
-
-	va_start(ap, fmt);
-	vfprintf(f, fmt, ap);
-	va_end(ap);
-	fprintf(f, "\n");
-	fclose(f);
-}
-
-
-void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
-		     xml_node_t *node)
-{
-	char *str = xml_node_to_str(ctx->xml, node);
-	wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
-	free(str);
-}
-
-
-static int valid_fqdn(const char *fqdn)
-{
-	const char *pos;
-
-	/* TODO: could make this more complete.. */
-	if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
-		return 0;
-	for (pos = fqdn; *pos; pos++) {
-		if (*pos >= 'a' && *pos <= 'z')
-			continue;
-		if (*pos >= 'A' && *pos <= 'Z')
-			continue;
-		if (*pos >= '0' && *pos <= '9')
-			continue;
-		if (*pos == '-' || *pos == '.' || *pos == '_')
-			continue;
-		return 0;
-	}
-	return 1;
-}
-
-
-static int android_update_permission(const char *path, mode_t mode)
-{
-#ifdef ANDROID
-	/* we need to change file/folder permission for Android */
-
-	if (!path) {
-		wpa_printf(MSG_ERROR, "file path null");
-		return -1;
-	}
-
-	/* Allow processes running with Group ID as AID_WIFI,
-	 * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
-	if (lchown(path, -1, AID_WIFI)) {
-		wpa_printf(MSG_INFO, "CTRL: Could not lchown directory: %s",
-			   strerror(errno));
-		return -1;
-	}
-
-	if (chmod(path, mode) < 0) {
-		wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
-			   strerror(errno));
-		return -1;
-	}
-#endif  /* ANDROID */
-
-	return 0;
-}
-
-
-int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
-{
-	xml_node_t *node;
-	char *url, *user = NULL, *pw = NULL;
-	char *proto;
-	int ret = -1;
-
-	proto = xml_node_get_attr_value(ctx->xml, getcert,
-					"enrollmentProtocol");
-	if (!proto)
-		return -1;
-	wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
-	write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
-	if (os_strcasecmp(proto, "EST") != 0) {
-		wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
-		xml_node_get_attr_value_free(ctx->xml, proto);
-		return -1;
-	}
-	xml_node_get_attr_value_free(ctx->xml, proto);
-
-	node = get_node(ctx->xml, getcert, "enrollmentServerURI");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
-		xml_node_get_attr_value_free(ctx->xml, proto);
-		return -1;
-	}
-	url = xml_node_get_text(ctx->xml, node);
-	if (url == NULL) {
-		wpa_printf(MSG_INFO, "Could not get URL text");
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
-	write_summary(ctx, "enrollmentServerURI: %s", url);
-
-	node = get_node(ctx->xml, getcert, "estUserID");
-	if (node == NULL && !ctx->client_cert_present) {
-		wpa_printf(MSG_INFO, "Could not find estUserID node");
-		goto fail;
-	}
-	if (node) {
-		user = xml_node_get_text(ctx->xml, node);
-		if (user == NULL) {
-			wpa_printf(MSG_INFO, "Could not get estUserID text");
-			goto fail;
-		}
-		wpa_printf(MSG_INFO, "estUserID: %s", user);
-		write_summary(ctx, "estUserID: %s", user);
-	}
-
-	node = get_node(ctx->xml, getcert, "estPassword");
-	if (node == NULL && !ctx->client_cert_present) {
-		wpa_printf(MSG_INFO, "Could not find estPassword node");
-		goto fail;
-	}
-	if (node) {
-		pw = xml_node_get_base64_text(ctx->xml, node, NULL);
-		if (pw == NULL) {
-			wpa_printf(MSG_INFO, "Could not get estPassword text");
-			goto fail;
-		}
-		wpa_printf(MSG_INFO, "estPassword: %s", pw);
-	}
-
-	mkdir("Cert", S_IRWXU);
-	android_update_permission("Cert", S_IRWXU | S_IRWXG);
-
-	if (est_load_cacerts(ctx, url) < 0 ||
-	    est_build_csr(ctx, url) < 0 ||
-	    est_simple_enroll(ctx, url, user, pw) < 0)
-		goto fail;
-
-	ret = 0;
-fail:
-	xml_node_get_text_free(ctx->xml, url);
-	xml_node_get_text_free(ctx->xml, user);
-	xml_node_get_text_free(ctx->xml, pw);
-
-	return ret;
-}
-
-
-static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
-			    const char *fqdn)
-{
-	u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
-	char *der, *pem;
-	size_t der_len, pem_len;
-	char *fingerprint;
-	char buf[200];
-
-	wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
-
-	fingerprint = xml_node_get_text(ctx->xml, cert);
-	if (fingerprint == NULL)
-		return -1;
-	if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
-		wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
-		write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
-		xml_node_get_text_free(ctx->xml, fingerprint);
-		return -1;
-	}
-	xml_node_get_text_free(ctx->xml, fingerprint);
-
-	der = os_readfile("Cert/est_cert.der", &der_len);
-	if (der == NULL) {
-		wpa_printf(MSG_INFO, "Could not find client certificate from EST");
-		write_result(ctx, "Could not find client certificate from EST");
-		return -1;
-	}
-
-	if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
-		os_free(der);
-		return -1;
-	}
-	os_free(der);
-
-	if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
-		wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
-		write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
-	unlink("Cert/est_cert.der");
-
-	os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
-	if (rename("Cert/est-cacerts.pem", buf) < 0) {
-		wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
-			   strerror(errno));
-		return -1;
-	}
-	pem = os_readfile(buf, &pem_len);
-
-	os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
-	if (rename("Cert/est_cert.pem", buf) < 0) {
-		wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
-			   strerror(errno));
-		os_free(pem);
-		return -1;
-	}
-
-	if (pem) {
-		FILE *f = fopen(buf, "a");
-		if (f) {
-			fwrite(pem, pem_len, 1, f);
-			fclose(f);
-		}
-		os_free(pem);
-	}
-
-	os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
-	if (rename("Cert/privkey-plain.pem", buf) < 0) {
-		wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
-			   strerror(errno));
-		return -1;
-	}
-
-	unlink("Cert/est-req.b64");
-	unlink("Cert/est-req.pem");
-	rmdir("Cert");
-
-	return 0;
-}
-
-
-#define TMP_CERT_DL_FILE "tmp-cert-download"
-
-static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
-			 const char *fname)
-{
-	xml_node_t *url_node, *hash_node;
-	char *url, *hash;
-	char *cert;
-	size_t len;
-	u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
-	int res;
-	char *b64;
-	FILE *f;
-
-	url_node = get_node(ctx->xml, params, "CertURL");
-	hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
-	if (url_node == NULL || hash_node == NULL)
-		return -1;
-	url = xml_node_get_text(ctx->xml, url_node);
-	hash = xml_node_get_text(ctx->xml, hash_node);
-	if (url == NULL || hash == NULL) {
-		xml_node_get_text_free(ctx->xml, url);
-		xml_node_get_text_free(ctx->xml, hash);
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "CertURL: %s", url);
-	wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
-
-	if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
-		wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
-		write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
-		xml_node_get_text_free(ctx->xml, hash);
-		return -1;
-	}
-	xml_node_get_text_free(ctx->xml, hash);
-
-	write_summary(ctx, "Download certificate from %s", url);
-	ctx->no_osu_cert_validation = 1;
-	http_ocsp_set(ctx->http, 1);
-	res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
-	http_ocsp_set(ctx->http,
-		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
-	ctx->no_osu_cert_validation = 0;
-	xml_node_get_text_free(ctx->xml, url);
-	if (res < 0)
-		return -1;
-
-	cert = os_readfile(TMP_CERT_DL_FILE, &len);
-	remove(TMP_CERT_DL_FILE);
-	if (cert == NULL)
-		return -1;
-
-	if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
-		os_free(cert);
-		return -1;
-	}
-
-	if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
-		wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
-		write_result(ctx, "Downloaded certificate fingerprint did not match");
-		os_free(cert);
-		return -1;
-	}
-
-	b64 = base64_encode(cert, len, NULL);
-	os_free(cert);
-	if (b64 == NULL)
-		return -1;
-
-	f = fopen(fname, "wb");
-	if (f == NULL) {
-		os_free(b64);
-		return -1;
-	}
-
-	fprintf(f, "-----BEGIN CERTIFICATE-----\n"
-		"%s"
-		"-----END CERTIFICATE-----\n",
-		b64);
-
-	os_free(b64);
-	fclose(f);
-
-	wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
-		   fname);
-	write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
-		      fname);
-
-	return 0;
-}
-
-
-static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
-			 const char *ca_fname)
-{
-	xml_node_t *pps, *node;
-	int ret;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
-		return -1;
-	}
-
-	node = get_child_node(ctx->xml, pps,
-			      "SubscriptionUpdate/TrustRoot");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
-		xml_node_free(ctx->xml, pps);
-		return -1;
-	}
-
-	ret = download_cert(ctx, node, ca_fname);
-	xml_node_free(ctx->xml, pps);
-
-	return ret;
-}
-
-
-static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
-			    const char *ca_fname)
-{
-	xml_node_t *pps, *node;
-	int ret;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
-		return -1;
-	}
-
-	node = get_child_node(ctx->xml, pps,
-			      "Policy/PolicyUpdate/TrustRoot");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
-		xml_node_free(ctx->xml, pps);
-		return -2;
-	}
-
-	ret = download_cert(ctx, node, ca_fname);
-	xml_node_free(ctx->xml, pps);
-
-	return ret;
-}
-
-
-static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
-			 const char *ca_fname)
-{
-	xml_node_t *pps, *node, *aaa;
-	int ret;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
-		return -1;
-	}
-
-	node = get_child_node(ctx->xml, pps,
-			      "AAAServerTrustRoot");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
-		xml_node_free(ctx->xml, pps);
-		return -2;
-	}
-
-	aaa = xml_node_first_child(ctx->xml, node);
-	if (aaa == NULL) {
-		wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
-		xml_node_free(ctx->xml, pps);
-		return -1;
-	}
-
-	ret = download_cert(ctx, aaa, ca_fname);
-	xml_node_free(ctx->xml, pps);
-
-	return ret;
-}
-
-
-static int download_trust_roots(struct hs20_osu_client *ctx,
-				const char *pps_fname)
-{
-	char *dir, *pos;
-	char fname[300];
-	int ret, ret1;
-
-	dir = os_strdup(pps_fname);
-	if (dir == NULL)
-		return -1;
-	pos = os_strrchr(dir, '/');
-	if (pos == NULL) {
-		os_free(dir);
-		return -1;
-	}
-	*pos = '\0';
-
-	snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
-	ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
-	snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
-	ret1 = cmd_dl_polupd_ca(ctx, pps_fname, fname);
-	if (ret == 0 && ret1 == -1)
-		ret = -1;
-	snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
-	ret1 = cmd_dl_aaa_ca(ctx, pps_fname, fname);
-	if (ret == 0 && ret1 == -1)
-		ret = -1;
-
-	os_free(dir);
-
-	return ret;
-}
-
-
-static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
-				       const char *fqdn)
-{
-	size_t match_len, len, i;
-	const char *val;
-
-	match_len = os_strlen(fqdn);
-
-	for (i = 0; i < ctx->server_dnsname_count; i++) {
-		wpa_printf(MSG_INFO,
-			   "Checking suffix match against server dNSName %s",
-			   ctx->server_dnsname[i]);
-		val = ctx->server_dnsname[i];
-		len = os_strlen(val);
-
-		if (match_len > len)
-			continue;
-
-		if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
-			continue; /* no match */
-
-		if (match_len == len)
-			return 1; /* exact match */
-
-		if (val[len - match_len - 1] == '.')
-			return 1; /* full label match completes suffix match */
-
-		/* Reject due to incomplete label match */
-	}
-
-	/* None of the dNSName(s) matched */
-	return 0;
-}
-
-
-int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
-		    xml_node_t *add_mo, char *fname, size_t fname_len)
-{
-	char *str;
-	char *fqdn, *pos;
-	xml_node_t *tnds, *mo, *cert;
-	const char *name;
-	int ret;
-
-	if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
-		wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
-			   uri);
-		write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
-			     uri);
-		return -1;
-	}
-
-	fqdn = strdup(uri + 8);
-	if (fqdn == NULL)
-		return -1;
-	pos = strchr(fqdn, '/');
-	if (pos) {
-		if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
-			wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
-				   uri);
-			write_result(ctx, "Unsupported location for addMO to "
-				     "add PPS MO (extra directory): '%s'", uri);
-			free(fqdn);
-			return -1;
-		}
-		*pos = '\0'; /* remove trailing slash and PPS node name */
-	}
-	wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
-
-	if (!server_dnsname_suffix_match(ctx, fqdn)) {
-		wpa_printf(MSG_INFO,
-			   "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
-			   fqdn, (int) ctx->server_dnsname_count);
-		write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
-			     fqdn);
-		free(fqdn);
-		return -1;
-	}
-
-	if (!valid_fqdn(fqdn)) {
-		wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
-		write_result(ctx, "Invalid FQDN '%s'", fqdn);
-		free(fqdn);
-		return -1;
-	}
-
-	mkdir("SP", S_IRWXU);
-	snprintf(fname, fname_len, "SP/%s", fqdn);
-	if (mkdir(fname, S_IRWXU) < 0) {
-		if (errno != EEXIST) {
-			int err = errno;
-			wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
-				   fname, strerror(err));
-			free(fqdn);
-			return -1;
-		}
-	}
-
-	android_update_permission("SP", S_IRWXU | S_IRWXG);
-	android_update_permission(fname, S_IRWXU | S_IRWXG);
-
-	snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
-
-	if (os_file_exists(fname)) {
-		wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
-			   fname);
-		write_result(ctx, "PPS file '%s' exists - reject addMO",
-			     fname);
-		free(fqdn);
-		return -2;
-	}
-	wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
-
-	str = xml_node_get_text(ctx->xml, add_mo);
-	if (str == NULL) {
-		wpa_printf(MSG_INFO, "Could not extract MO text");
-		free(fqdn);
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
-
-	tnds = xml_node_from_buf(ctx->xml, str);
-	xml_node_get_text_free(ctx->xml, str);
-	if (tnds == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
-		free(fqdn);
-		return -1;
-	}
-
-	mo = tnds_to_mo(ctx->xml, tnds);
-	if (mo == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
-		free(fqdn);
-		return -1;
-	}
-
-	debug_dump_node(ctx, "Parsed TNDS", mo);
-
-	name = xml_node_get_localname(ctx->xml, mo);
-	if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
-		wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
-			   name);
-		free(fqdn);
-		return -1;
-	}
-
-	cert = get_child_node(ctx->xml, mo,
-			      "Credential/DigitalCertificate/"
-			      "CertSHA256Fingerprint");
-	if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
-		xml_node_free(ctx->xml, mo);
-		free(fqdn);
-		return -1;
-	}
-	free(fqdn);
-
-	if (node_to_file(ctx->xml, fname, mo) < 0) {
-		wpa_printf(MSG_INFO, "Could not write MO to file");
-		xml_node_free(ctx->xml, mo);
-		return -1;
-	}
-	xml_node_free(ctx->xml, mo);
-
-	wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
-	write_summary(ctx, "A new PPS MO added as '%s'", fname);
-
-	ret = download_trust_roots(ctx, fname);
-	if (ret < 0) {
-		wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
-		write_summary(ctx, "Remove invalid PPS MO file");
-		unlink(fname);
-	}
-
-	return ret;
-}
-
-
-int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
-		    xml_node_t *pps)
-{
-	char *str;
-	FILE *f;
-	char backup[300];
-
-	if (ctx->client_cert_present) {
-		xml_node_t *cert;
-		cert = get_child_node(ctx->xml, pps,
-				      "Credential/DigitalCertificate/"
-				      "CertSHA256Fingerprint");
-		if (cert && os_file_exists("Cert/est_cert.der") &&
-		    process_est_cert(ctx, cert, ctx->fqdn) < 0) {
-			wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
-			return -1;
-		}
-	}
-
-	wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
-
-	str = xml_node_to_str(ctx->xml, pps);
-	if (str == NULL) {
-		wpa_printf(MSG_ERROR, "No node found");
-		return -1;
-	}
-	wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
-
-	snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
-	rename(pps_fname, backup);
-	f = fopen(pps_fname, "w");
-	if (f == NULL) {
-		wpa_printf(MSG_INFO, "Could not write PPS");
-		rename(backup, pps_fname);
-		free(str);
-		return -1;
-	}
-	fprintf(f, "%s\n", str);
-	fclose(f);
-
-	free(str);
-
-	return 0;
-}
-
-
-void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
-		 const char *alt_loc, char **user, char **pw)
-{
-	xml_node_t *node;
-
-	node = get_child_node(ctx->xml, pps,
-			      "Credential/UsernamePassword/Username");
-	if (node)
-		*user = xml_node_get_text(ctx->xml, node);
-
-	node = get_child_node(ctx->xml, pps,
-			      "Credential/UsernamePassword/Password");
-	if (node)
-		*pw = xml_node_get_base64_text(ctx->xml, node, NULL);
-
-	node = get_child_node(ctx->xml, pps, alt_loc);
-	if (node) {
-		xml_node_t *a;
-		a = get_node(ctx->xml, node, "Username");
-		if (a) {
-			xml_node_get_text_free(ctx->xml, *user);
-			*user = xml_node_get_text(ctx->xml, a);
-			wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
-		}
-
-		a = get_node(ctx->xml, node, "Password");
-		if (a) {
-			free(*pw);
-			*pw = xml_node_get_base64_text(ctx->xml, a, NULL);
-			wpa_printf(MSG_INFO, "Use OSU password");
-		}
-	}
-}
-
-
-/* Remove old credentials based on HomeSP/FQDN */
-static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
-{
-	char cmd[300];
-	os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
-	if (wpa_command(ctx->ifname, cmd) < 0)
-		wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
-}
-
-
-static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *spe)
-{
-	xml_node_t *ssid;
-	char *txt;
-
-	ssid = get_node(ctx->xml, spe, "SSID");
-	if (ssid == NULL)
-		return;
-	txt = xml_node_get_text(ctx->xml, ssid);
-	if (txt == NULL)
-		return;
-	wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
-	if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
-	xml_node_get_text_free(ctx->xml, txt);
-}
-
-
-static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
-				     xml_node_t *spel)
-{
-	xml_node_t *child;
-
-	xml_node_for_each_child(ctx->xml, child, spel) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_policy_spe(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *prp)
-{
-	xml_node_t *node;
-	char *txt = NULL, *pos;
-	char *prio, *country_buf = NULL;
-	const char *country;
-	char val[200];
-	int priority;
-
-	node = get_node(ctx->xml, prp, "Priority");
-	if (node == NULL)
-		return;
-	prio = xml_node_get_text(ctx->xml, node);
-	if (prio == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
-		   prio);
-	priority = atoi(prio);
-	xml_node_get_text_free(ctx->xml, prio);
-
-	node = get_node(ctx->xml, prp, "Country");
-	if (node) {
-		country_buf = xml_node_get_text(ctx->xml, node);
-		if (country_buf == NULL)
-			return;
-		country = country_buf;
-		wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
-			   country);
-	} else {
-		country = "*";
-	}
-
-	node = get_node(ctx->xml, prp, "FQDN_Match");
-	if (node == NULL)
-		goto out;
-	txt = xml_node_get_text(ctx->xml, node);
-	if (txt == NULL)
-		goto out;
-	wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
-		   txt);
-	pos = strrchr(txt, ',');
-	if (pos == NULL)
-		goto out;
-	*pos++ = '\0';
-
-	snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
-		 strcmp(pos, "includeSubdomains") != 0, priority, country);
-	if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
-out:
-	xml_node_get_text_free(ctx->xml, country_buf);
-	xml_node_get_text_free(ctx->xml, txt);
-}
-
-
-static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
-				     xml_node_t *prpl)
-{
-	xml_node_t *child;
-
-	xml_node_for_each_child(ctx->xml, child, prpl) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_policy_prp(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
-					     xml_node_t *min_backhaul)
-{
-	xml_node_t *node;
-	char *type, *dl = NULL, *ul = NULL;
-	int home;
-
-	node = get_node(ctx->xml, min_backhaul, "NetworkType");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
-		return;
-	}
-
-	type = xml_node_get_text(ctx->xml, node);
-	if (type == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
-		   type);
-	if (os_strcasecmp(type, "home") == 0)
-		home = 1;
-	else if (os_strcasecmp(type, "roaming") == 0)
-		home = 0;
-	else {
-		wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
-		xml_node_get_text_free(ctx->xml, type);
-		return;
-	}
-	xml_node_get_text_free(ctx->xml, type);
-
-	node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
-	if (node)
-		dl = xml_node_get_text(ctx->xml, node);
-
-	node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
-	if (node)
-		ul = xml_node_get_text(ctx->xml, node);
-
-	if (dl == NULL && ul == NULL) {
-		wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
-		return;
-	}
-
-	if (dl)
-		wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
-			   dl);
-	if (ul)
-		wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
-			   ul);
-
-	if (home) {
-		if (dl &&
-		    set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
-			wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
-		if (ul &&
-		    set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
-			wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
-	} else {
-		if (dl &&
-		    set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
-		    0)
-			wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
-		if (ul &&
-		    set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
-		    0)
-			wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
-	}
-
-	xml_node_get_text_free(ctx->xml, dl);
-	xml_node_get_text_free(ctx->xml, ul);
-}
-
-
-static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
-						  int id, xml_node_t *node)
-{
-	xml_node_t *child;
-
-	wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_policy_min_backhaul(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
-				       xml_node_t *node)
-{
-	wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
-	/* Not used in wpa_supplicant */
-}
-
-
-static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
-						    int id, xml_node_t *tuple)
-{
-	xml_node_t *node;
-	char *proto, *port;
-	char *buf;
-	size_t buflen;
-
-	node = get_node(ctx->xml, tuple, "IPProtocol");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
-		return;
-	}
-
-	proto = xml_node_get_text(ctx->xml, node);
-	if (proto == NULL)
-		return;
-
-	wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
-		   proto);
-
-	node = get_node(ctx->xml, tuple, "PortNumber");
-	port = node ? xml_node_get_text(ctx->xml, node) : NULL;
-	if (port) {
-		wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
-			   port);
-		buflen = os_strlen(proto) + os_strlen(port) + 10;
-		buf = os_malloc(buflen);
-		if (buf)
-			os_snprintf(buf, buflen, "%s:%s", proto, port);
-		xml_node_get_text_free(ctx->xml, port);
-	} else {
-		buflen = os_strlen(proto) + 10;
-		buf = os_malloc(buflen);
-		if (buf)
-			os_snprintf(buf, buflen, "%s", proto);
-	}
-
-	xml_node_get_text_free(ctx->xml, proto);
-
-	if (buf == NULL)
-		return;
-
-	if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
-		wpa_printf(MSG_INFO, "Could not set req_conn_capab");
-
-	os_free(buf);
-}
-
-
-static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
-						     int id, xml_node_t *node)
-{
-	xml_node_t *child;
-
-	wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_policy_required_proto_port(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
-					     xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
-	if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
-				xml_node_t *node)
-{
-	xml_node_t *child;
-	const char *name;
-
-	wpa_printf(MSG_INFO, "- Policy");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
-			set_pps_cred_policy_prpl(ctx, id, child);
-		else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
-			set_pps_cred_policy_min_backhaul_list(ctx, id, child);
-		else if (os_strcasecmp(name, "PolicyUpdate") == 0)
-			set_pps_cred_policy_update(ctx, id, child);
-		else if (os_strcasecmp(name, "SPExclusionList") == 0)
-			set_pps_cred_policy_spel(ctx, id, child);
-		else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
-			set_pps_cred_policy_required_proto_ports(ctx, id, child);
-		else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
-			set_pps_cred_policy_max_bss_load(ctx, id, child);
-		else
-			wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
-	}
-}
-
-
-static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
-				  xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
-	if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
-					       int id, xml_node_t *node)
-{
-	wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
-}
-
-
-static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *node)
-{
-	wpa_printf(MSG_INFO, "- SubscriptionUpdate");
-	/* not used within wpa_supplicant */
-}
-
-
-static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
-					    int id, xml_node_t *node)
-{
-	xml_node_t *ssid_node, *hessid_node;
-	char *ssid, *hessid;
-
-	ssid_node = get_node(ctx->xml, node, "SSID");
-	if (ssid_node == NULL) {
-		wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
-		return;
-	}
-
-	hessid_node = get_node(ctx->xml, node, "HESSID");
-
-	ssid = xml_node_get_text(ctx->xml, ssid_node);
-	if (ssid == NULL)
-		return;
-	hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
-
-	wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
-	if (hessid)
-		wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
-			   hessid);
-
-	/* TODO: Configure to wpa_supplicant */
-
-	xml_node_get_text_free(ctx->xml, ssid);
-	xml_node_get_text_free(ctx->xml, hessid);
-}
-
-
-static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
-					     int id, xml_node_t *node)
-{
-	xml_node_t *child;
-
-	wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_home_sp_network_id(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
-					       int id, xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
-	/* not used within wpa_supplicant(?) */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
-					  int id, xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
-	/* not used within wpa_supplicant */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
-				      xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
-	if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred domain");
-	if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *node)
-{
-	xml_node_t *child;
-	const char *name;
-	char *homeoi = NULL;
-	int required = 0;
-	char *str;
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
-			homeoi = xml_node_get_text(ctx->xml, child);
-			wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
-				   homeoi);
-		} else if (strcasecmp(name, "HomeOIRequired") == 0) {
-			str = xml_node_get_text(ctx->xml, child);
-			wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
-				   str);
-			if (str == NULL)
-				continue;
-			required = strcasecmp(str, "true") == 0;
-			xml_node_get_text_free(ctx->xml, str);
-		} else
-			wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
-				   name);
-	}
-
-	if (homeoi == NULL) {
-		wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
-		return;
-	}
-
-	wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
-		   homeoi, required);
-
-	if (required) {
-		if (set_cred(ctx->ifname, id, "required_roaming_consortium",
-			     homeoi) < 0)
-			wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
-	} else {
-		if (set_cred(ctx->ifname, id, "roaming_consortium", homeoi) < 0)
-			wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
-	}
-
-	xml_node_get_text_free(ctx->xml, homeoi);
-}
-
-
-static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
-					 xml_node_t *node)
-{
-	xml_node_t *child;
-
-	wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_home_sp_oi(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
-					       int id, xml_node_t *node)
-{
-	xml_node_t *child;
-	const char *name;
-	char *fqdn = NULL;
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
-			fqdn = xml_node_get_text(ctx->xml, child);
-			wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
-				   fqdn);
-		} else
-			wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
-				   name);
-	}
-
-	if (fqdn == NULL) {
-		wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
-		return;
-	}
-
-	if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
-
-	xml_node_get_text_free(ctx->xml, fqdn);
-}
-
-
-static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
-						int id,
-						xml_node_t *node)
-{
-	xml_node_t *child;
-
-	wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		set_pps_cred_home_sp_other_partner(ctx, id, child);
-	}
-}
-
-
-static void set_pps_cred_home_sp_roaming_consortium_oi(
-	struct hs20_osu_client *ctx, int id, xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
-	if (set_cred_quoted(ctx->ifname, id, "roaming_consortiums",
-			    str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred roaming_consortiums");
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
-				 xml_node_t *node)
-{
-	xml_node_t *child;
-	const char *name;
-
-	wpa_printf(MSG_INFO, "- HomeSP");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "NetworkID") == 0)
-			set_pps_cred_home_sp_network_ids(ctx, id, child);
-		else if (os_strcasecmp(name, "FriendlyName") == 0)
-			set_pps_cred_home_sp_friendly_name(ctx, id, child);
-		else if (os_strcasecmp(name, "IconURL") == 0)
-			set_pps_cred_home_sp_icon_url(ctx, id, child);
-		else if (os_strcasecmp(name, "FQDN") == 0)
-			set_pps_cred_home_sp_fqdn(ctx, id, child);
-		else if (os_strcasecmp(name, "HomeOIList") == 0)
-			set_pps_cred_home_sp_oi_list(ctx, id, child);
-		else if (os_strcasecmp(name, "OtherHomePartners") == 0)
-			set_pps_cred_home_sp_other_partners(ctx, id, child);
-		else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
-			set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
-								   child);
-		else
-			wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
-	}
-}
-
-
-static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *node)
-{
-	wpa_printf(MSG_INFO, "- SubscriptionParameters");
-	/* not used within wpa_supplicant */
-}
-
-
-static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
-				       xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
-	/* not used within wpa_supplicant */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
-					 xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
-	/* not used within wpa_supplicant */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
-				  xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
-		   str);
-	if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred username");
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
-				  xml_node_t *node)
-{
-	int len, i;
-	char *pw, *hex, *pos, *end;
-
-	pw = xml_node_get_base64_text(ctx->xml, node, &len);
-	if (pw == NULL)
-		return;
-
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
-
-	hex = malloc(len * 2 + 1);
-	if (hex == NULL) {
-		free(pw);
-		return;
-	}
-	end = hex + len * 2 + 1;
-	pos = hex;
-	for (i = 0; i < len; i++) {
-		snprintf(pos, end - pos, "%02x", pw[i]);
-		pos += 2;
-	}
-	free(pw);
-
-	if (set_cred(ctx->ifname, id, "password", hex) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred password");
-	free(hex);
-}
-
-
-static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
-					 xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
-		   str);
-	/* not used within wpa_supplicant */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
-					xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
-		   str);
-	/* not used within wpa_supplicant */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
-				       xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	if (str == NULL)
-		return;
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
-		   str);
-	/* not used within wpa_supplicant */
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client *ctx,
-					     int id, xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	int type;
-	const char *eap_method = NULL;
-
-	if (!str)
-		return;
-	wpa_printf(MSG_INFO,
-		   "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str);
-	type = atoi(str);
-	switch (type) {
-	case EAP_TYPE_TLS:
-		eap_method = "TLS";
-		break;
-	case EAP_TYPE_TTLS:
-		eap_method = "TTLS";
-		break;
-	case EAP_TYPE_PEAP:
-		eap_method = "PEAP";
-		break;
-	case EAP_TYPE_PWD:
-		eap_method = "PWD";
-		break;
-	}
-	xml_node_get_text_free(ctx->xml, str);
-	if (!eap_method) {
-		wpa_printf(MSG_INFO, "Unknown EAPType value");
-		return;
-	}
-
-	if (set_cred(ctx->ifname, id, "eap", eap_method) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred eap");
-}
-
-
-static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client *ctx,
-						 int id, xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	const char *phase2 = NULL;
-
-	if (!str)
-		return;
-	wpa_printf(MSG_INFO,
-		   "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
-		   str);
-	if (os_strcmp(str, "PAP") == 0)
-		phase2 = "auth=PAP";
-	else if (os_strcmp(str, "CHAP") == 0)
-		phase2 = "auth=CHAP";
-	else if (os_strcmp(str, "MS-CHAP") == 0)
-		phase2 = "auth=MSCHAP";
-	else if (os_strcmp(str, "MS-CHAP-V2") == 0)
-		phase2 = "auth=MSCHAPV2";
-	xml_node_get_text_free(ctx->xml, str);
-	if (!phase2) {
-		wpa_printf(MSG_INFO, "Unknown InnerMethod value");
-		return;
-	}
-
-	if (set_cred_quoted(ctx->ifname, id, "phase2", phase2) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred phase2");
-}
-
-
-static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *node)
-{
-	xml_node_t *child;
-	const char *name;
-
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "EAPType") == 0)
-			set_pps_cred_eap_method_eap_type(ctx, id, child);
-		else if (os_strcasecmp(name, "InnerMethod") == 0)
-			set_pps_cred_eap_method_inner_method(ctx, id, child);
-		else
-			wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
-				   name);
-	}
-}
-
-
-static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
-					   xml_node_t *node)
-{
-	xml_node_t *child;
-	const char *name;
-
-	wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "Username") == 0)
-			set_pps_cred_username(ctx, id, child);
-		else if (os_strcasecmp(name, "Password") == 0)
-			set_pps_cred_password(ctx, id, child);
-		else if (os_strcasecmp(name, "MachineManaged") == 0)
-			set_pps_cred_machine_managed(ctx, id, child);
-		else if (os_strcasecmp(name, "SoftTokenApp") == 0)
-			set_pps_cred_soft_token_app(ctx, id, child);
-		else if (os_strcasecmp(name, "AbleToShare") == 0)
-			set_pps_cred_able_to_share(ctx, id, child);
-		else if (os_strcasecmp(name, "EAPMethod") == 0)
-			set_pps_cred_eap_method(ctx, id, child);
-		else
-			wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
-				   name);
-	}
-}
-
-
-static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
-				      xml_node_t *node, const char *fqdn)
-{
-	char buf[200], dir[200];
-	int res;
-
-	wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
-
-	if (getcwd(dir, sizeof(dir)) == NULL)
-		return;
-
-	/* TODO: could build username from Subject of Subject AltName */
-	if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
-		wpa_printf(MSG_INFO, "Failed to set username");
-	}
-
-	res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir,
-			  fqdn);
-	if (os_snprintf_error(sizeof(buf), res))
-		return;
-	if (os_file_exists(buf)) {
-		if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
-			wpa_printf(MSG_INFO, "Failed to set client_cert");
-		}
-	}
-
-	res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir,
-			  fqdn);
-	if (os_snprintf_error(sizeof(buf), res))
-		return;
-	if (os_file_exists(buf)) {
-		if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
-			wpa_printf(MSG_INFO, "Failed to set private_key");
-		}
-	}
-}
-
-
-static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
-			       xml_node_t *node, const char *fqdn, int sim)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-	char buf[200], dir[200];
-	int res;
-
-	if (str == NULL)
-		return;
-
-	wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
-	if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred realm");
-	xml_node_get_text_free(ctx->xml, str);
-
-	if (sim)
-		return;
-
-	if (getcwd(dir, sizeof(dir)) == NULL)
-		return;
-	res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
-	if (os_snprintf_error(sizeof(buf), res))
-		return;
-	if (os_file_exists(buf)) {
-		if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
-			wpa_printf(MSG_INFO, "Failed to set CA cert");
-		}
-	}
-}
-
-
-static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
-					       int id, xml_node_t *node)
-{
-	char *str = xml_node_get_text(ctx->xml, node);
-
-	if (str == NULL)
-		return;
-
-	wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
-	if (os_strcasecmp(str, "true") == 0 &&
-	    set_cred(ctx->ifname, id, "ocsp", "2") < 0)
-		wpa_printf(MSG_INFO, "Failed to set cred ocsp");
-	xml_node_get_text_free(ctx->xml, str);
-}
-
-
-static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
-			     xml_node_t *sim, xml_node_t *realm)
-{
-	xml_node_t *node;
-	char *imsi, *eaptype, *str, buf[20];
-	int type;
-	int mnc_len = 3;
-	size_t imsi_len;
-
-	node = get_node(ctx->xml, sim, "EAPType");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
-		return;
-	}
-	eaptype = xml_node_get_text(ctx->xml, node);
-	if (eaptype == NULL) {
-		wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
-		return;
-	}
-	wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
-	type = atoi(eaptype);
-	xml_node_get_text_free(ctx->xml, eaptype);
-
-	switch (type) {
-	case EAP_TYPE_SIM:
-		if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
-			wpa_printf(MSG_INFO, "Could not set eap=SIM");
-		break;
-	case EAP_TYPE_AKA:
-		if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
-			wpa_printf(MSG_INFO, "Could not set eap=SIM");
-		break;
-	case EAP_TYPE_AKA_PRIME:
-		if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
-			wpa_printf(MSG_INFO, "Could not set eap=SIM");
-		break;
-	default:
-		wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
-		return;
-	}
-
-	node = get_node(ctx->xml, sim, "IMSI");
-	if (node == NULL) {
-		wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
-		return;
-	}
-	imsi = xml_node_get_text(ctx->xml, node);
-	if (imsi == NULL) {
-		wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
-		return;
-	}
-	wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
-	imsi_len = os_strlen(imsi);
-	if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
-		wpa_printf(MSG_INFO, "Invalid IMSI length");
-		xml_node_get_text_free(ctx->xml, imsi);
-		return;
-	}
-
-	str = xml_node_get_text(ctx->xml, node);
-	if (str) {
-		char *pos;
-		pos = os_strstr(str, "mnc");
-		if (pos && os_strlen(pos) >= 6) {
-			if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
-				mnc_len = 3;
-			else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
-				mnc_len = 2;
-		}
-		xml_node_get_text_free(ctx->xml, str);
-	}
-
-	os_memcpy(buf, imsi, 3 + mnc_len);
-	buf[3 + mnc_len] = '-';
-	os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
-		   sizeof(buf) - 3 - mnc_len - 1);
-
-	xml_node_get_text_free(ctx->xml, imsi);
-
-	if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
-		wpa_printf(MSG_INFO, "Could not set IMSI");
-
-	if (set_cred_quoted(ctx->ifname, id, "milenage",
-			    "90dca4eda45b53cf0f12d7c9c3bc6a89:"
-			    "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
-	    0)
-		wpa_printf(MSG_INFO, "Could not set Milenage parameters");
-}
-
-
-static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
-				    xml_node_t *node, const char *fqdn)
-{
-	xml_node_t *child, *sim, *realm;
-	const char *name;
-
-	wpa_printf(MSG_INFO, "- Credential");
-
-	sim = get_node(ctx->xml, node, "SIM");
-	realm = get_node(ctx->xml, node, "Realm");
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "CreationDate") == 0)
-			set_pps_cred_creation_date(ctx, id, child);
-		else if (os_strcasecmp(name, "ExpirationDate") == 0)
-			set_pps_cred_expiration_date(ctx, id, child);
-		else if (os_strcasecmp(name, "UsernamePassword") == 0)
-			set_pps_cred_username_password(ctx, id, child);
-		else if (os_strcasecmp(name, "DigitalCertificate") == 0)
-			set_pps_cred_digital_cert(ctx, id, child, fqdn);
-		else if (os_strcasecmp(name, "Realm") == 0)
-			set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
-		else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
-			set_pps_cred_check_aaa_cert_status(ctx, id, child);
-		else if (os_strcasecmp(name, "SIM") == 0)
-			set_pps_cred_sim(ctx, id, child, realm);
-		else
-			wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
-				   name);
-	}
-}
-
-
-static void set_pps_credential(struct hs20_osu_client *ctx, int id,
-			       xml_node_t *cred, const char *fqdn)
-{
-	xml_node_t *child;
-	const char *name;
-
-	xml_node_for_each_child(ctx->xml, child, cred) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "Policy") == 0)
-			set_pps_cred_policy(ctx, id, child);
-		else if (os_strcasecmp(name, "CredentialPriority") == 0)
-			set_pps_cred_priority(ctx, id, child);
-		else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
-			set_pps_cred_aaa_server_trust_root(ctx, id, child);
-		else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
-			set_pps_cred_sub_update(ctx, id, child);
-		else if (os_strcasecmp(name, "HomeSP") == 0)
-			set_pps_cred_home_sp(ctx, id, child);
-		else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
-			set_pps_cred_sub_params(ctx, id, child);
-		else if (os_strcasecmp(name, "Credential") == 0)
-			set_pps_cred_credential(ctx, id, child, fqdn);
-		else
-			wpa_printf(MSG_INFO, "Unknown credential node '%s'",
-				   name);
-	}
-}
-
-
-static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
-		    const char *fqdn)
-{
-	xml_node_t *child;
-	const char *name;
-	int id;
-	char *update_identifier = NULL;
-
-	/*
-	 * TODO: Could consider more complex mechanism that would remove
-	 * credentials only if there are changes in the information sent to
-	 * wpa_supplicant.
-	 */
-	remove_sp_creds(ctx, fqdn);
-
-	xml_node_for_each_child(ctx->xml, child, pps) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
-			update_identifier = xml_node_get_text(ctx->xml, child);
-			if (update_identifier) {
-				wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
-					   update_identifier);
-				break;
-			}
-		}
-	}
-
-	xml_node_for_each_child(ctx->xml, child, pps) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (os_strcasecmp(name, "UpdateIdentifier") == 0)
-			continue;
-		id = add_cred(ctx->ifname);
-		if (id < 0) {
-			wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
-			write_summary(ctx, "Failed to add credential to wpa_supplicant");
-			break;
-		}
-		write_summary(ctx, "Add a credential to wpa_supplicant");
-		if (update_identifier &&
-		    set_cred(ctx->ifname, id, "update_identifier",
-			     update_identifier) < 0)
-			wpa_printf(MSG_INFO, "Failed to set update_identifier");
-		if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
-		    0)
-			wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
-		wpa_printf(MSG_INFO, "credential localname: '%s'", name);
-		set_pps_credential(ctx, id, child, fqdn);
-		ctx->pps_cred_set = 1;
-	}
-
-	xml_node_get_text_free(ctx->xml, update_identifier);
-}
-
-
-void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
-{
-	xml_node_t *pps;
-	const char *fqdn;
-	char *fqdn_buf = NULL, *pos;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
-		return;
-	}
-
-	fqdn = os_strstr(pps_fname, "SP/");
-	if (fqdn) {
-		fqdn_buf = os_strdup(fqdn + 3);
-		if (fqdn_buf == NULL)
-			return;
-		pos = os_strchr(fqdn_buf, '/');
-		if (pos)
-			*pos = '\0';
-		fqdn = fqdn_buf;
-	} else
-		fqdn = "wi-fi.org";
-
-	wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
-		   fqdn);
-	set_pps(ctx, pps, fqdn);
-
-	os_free(fqdn_buf);
-	xml_node_free(ctx->xml, pps);
-}
-
-
-static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
-{
-	xml_node_t *pps, *node;
-	char *fqdn = NULL;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
-		return -1;
-	}
-
-	node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
-	if (node)
-		fqdn = xml_node_get_text(ctx->xml, node);
-
-	xml_node_free(ctx->xml, pps);
-
-	if (fqdn) {
-		FILE *f = fopen("pps-fqdn", "w");
-		if (f) {
-			fprintf(f, "%s", fqdn);
-			fclose(f);
-		}
-		xml_node_get_text_free(ctx->xml, fqdn);
-		return 0;
-	}
-
-	xml_node_get_text_free(ctx->xml, fqdn);
-	return -1;
-}
-
-
-static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
-			const char *out_fname, const char *urn, int use_path)
-{
-	xml_node_t *mo, *node;
-
-	mo = node_from_file(ctx->xml, in_fname);
-	if (mo == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
-		return;
-	}
-
-	node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
-	if (node) {
-		node_to_file(ctx->xml, out_fname, node);
-		xml_node_free(ctx->xml, node);
-	}
-
-	xml_node_free(ctx->xml, mo);
-}
-
-
-static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
-			  const char *out_fname)
-{
-	xml_node_t *tnds, *mo;
-
-	tnds = node_from_file(ctx->xml, in_fname);
-	if (tnds == NULL) {
-		wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
-		return;
-	}
-
-	mo = tnds_to_mo(ctx->xml, tnds);
-	if (mo) {
-		node_to_file(ctx->xml, out_fname, mo);
-		xml_node_free(ctx->xml, mo);
-	}
-
-	xml_node_free(ctx->xml, tnds);
-}
-
-
-struct osu_icon {
-	int id;
-	char lang[4];
-	char mime_type[256];
-	char filename[256];
-};
-
-struct osu_data {
-	char bssid[20];
-	char url[256];
-	unsigned int methods;
-	char osu_ssid[33];
-	char osu_ssid2[33];
-	char osu_nai[256];
-	char osu_nai2[256];
-	struct osu_lang_text friendly_name[MAX_OSU_VALS];
-	size_t friendly_name_count;
-	struct osu_lang_text serv_desc[MAX_OSU_VALS];
-	size_t serv_desc_count;
-	struct osu_icon icon[MAX_OSU_VALS];
-	size_t icon_count;
-};
-
-
-static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
-{
-	FILE *f;
-	char buf[1000];
-	struct osu_data *osu = NULL, *last = NULL;
-	size_t osu_count = 0;
-	char *pos, *end;
-
-	f = fopen(fname, "r");
-	if (f == NULL) {
-		wpa_printf(MSG_ERROR, "Could not open %s", fname);
-		return NULL;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		pos = strchr(buf, '\n');
-		if (pos)
-			*pos = '\0';
-
-		if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
-			last = realloc(osu, (osu_count + 1) * sizeof(*osu));
-			if (last == NULL)
-				break;
-			osu = last;
-			last = &osu[osu_count++];
-			memset(last, 0, sizeof(*last));
-			snprintf(last->bssid, sizeof(last->bssid), "%s",
-				 buf + 13);
-			continue;
-		}
-		if (!last)
-			continue;
-
-		if (strncmp(buf, "uri=", 4) == 0) {
-			snprintf(last->url, sizeof(last->url), "%s", buf + 4);
-			continue;
-		}
-
-		if (strncmp(buf, "methods=", 8) == 0) {
-			last->methods = strtol(buf + 8, NULL, 16);
-			continue;
-		}
-
-		if (strncmp(buf, "osu_ssid=", 9) == 0) {
-			snprintf(last->osu_ssid, sizeof(last->osu_ssid),
-				 "%s", buf + 9);
-			continue;
-		}
-
-		if (strncmp(buf, "osu_ssid2=", 10) == 0) {
-			snprintf(last->osu_ssid2, sizeof(last->osu_ssid2),
-				 "%s", buf + 10);
-			continue;
-		}
-
-		if (os_strncmp(buf, "osu_nai=", 8) == 0) {
-			os_snprintf(last->osu_nai, sizeof(last->osu_nai),
-				    "%s", buf + 8);
-			continue;
-		}
-
-		if (os_strncmp(buf, "osu_nai2=", 9) == 0) {
-			os_snprintf(last->osu_nai2, sizeof(last->osu_nai2),
-				    "%s", buf + 9);
-			continue;
-		}
-
-		if (strncmp(buf, "friendly_name=", 14) == 0) {
-			struct osu_lang_text *txt;
-			if (last->friendly_name_count == MAX_OSU_VALS)
-				continue;
-			pos = strchr(buf + 14, ':');
-			if (pos == NULL)
-				continue;
-			*pos++ = '\0';
-			txt = &last->friendly_name[last->friendly_name_count++];
-			snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
-			snprintf(txt->text, sizeof(txt->text), "%s", pos);
-		}
-
-		if (strncmp(buf, "desc=", 5) == 0) {
-			struct osu_lang_text *txt;
-			if (last->serv_desc_count == MAX_OSU_VALS)
-				continue;
-			pos = strchr(buf + 5, ':');
-			if (pos == NULL)
-				continue;
-			*pos++ = '\0';
-			txt = &last->serv_desc[last->serv_desc_count++];
-			snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
-			snprintf(txt->text, sizeof(txt->text), "%s", pos);
-		}
-
-		if (strncmp(buf, "icon=", 5) == 0) {
-			struct osu_icon *icon;
-			if (last->icon_count == MAX_OSU_VALS)
-				continue;
-			icon = &last->icon[last->icon_count++];
-			icon->id = atoi(buf + 5);
-			pos = strchr(buf, ':');
-			if (pos == NULL)
-				continue;
-			pos = strchr(pos + 1, ':');
-			if (pos == NULL)
-				continue;
-			pos = strchr(pos + 1, ':');
-			if (pos == NULL)
-				continue;
-			pos++;
-			end = strchr(pos, ':');
-			if (!end)
-				continue;
-			*end = '\0';
-			snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
-			pos = end + 1;
-
-			end = strchr(pos, ':');
-			if (end)
-				*end = '\0';
-			snprintf(icon->mime_type, sizeof(icon->mime_type),
-				 "%s", pos);
-			if (!pos)
-				continue;
-			pos = end + 1;
-
-			end = strchr(pos, ':');
-			if (end)
-				*end = '\0';
-			snprintf(icon->filename, sizeof(icon->filename),
-				 "%s", pos);
-			continue;
-		}
-	}
-
-	fclose(f);
-
-	*count = osu_count;
-	return osu;
-}
-
-
-static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
-		       const char *ssid, const char *ssid2, const char *url,
-		       unsigned int methods, int no_prod_assoc,
-		       const char *osu_nai, const char *osu_nai2)
-{
-	int id;
-	const char *ifname = ctx->ifname;
-	char buf[200];
-	struct wpa_ctrl *mon;
-	int res;
-
-	if (ssid2 && ssid2[0] == '\0')
-		ssid2 = NULL;
-
-	if (ctx->osu_ssid) {
-		if (os_strcmp(ssid, ctx->osu_ssid) == 0) {
-			wpa_printf(MSG_DEBUG,
-				   "Enforced OSU SSID matches ANQP info");
-			ssid2 = NULL;
-		} else if (ssid2 && os_strcmp(ssid2, ctx->osu_ssid) == 0) {
-			wpa_printf(MSG_DEBUG,
-				   "Enforced OSU SSID matches RSN[OSEN] info");
-			ssid = ssid2;
-		} else {
-			wpa_printf(MSG_INFO, "Enforced OSU SSID did not match");
-			write_summary(ctx, "Enforced OSU SSID did not match");
-			return -1;
-		}
-	}
-
-	id = add_network(ifname);
-	if (id < 0)
-		return -1;
-	if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
-		return -1;
-	if (ssid2)
-		osu_nai = osu_nai2;
-	if (osu_nai && os_strlen(osu_nai) > 0) {
-		char dir[255], fname[300];
-		if (getcwd(dir, sizeof(dir)) == NULL)
-			return -1;
-		os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
-
-		if (ssid2 && set_network_quoted(ifname, id, "ssid", ssid2) < 0)
-			return -1;
-
-		if (set_network(ifname, id, "proto", "OSEN") < 0 ||
-		    set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
-		    set_network(ifname, id, "pairwise", "CCMP") < 0 ||
-		    set_network(ifname, id, "group", "GTK_NOT_USED CCMP") < 0 ||
-		    set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
-		    set_network(ifname, id, "ocsp", "2") < 0 ||
-		    set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
-		    set_network_quoted(ifname, id, "ca_cert", fname) < 0)
-			return -1;
-	} else if (ssid2) {
-		wpa_printf(MSG_INFO, "No OSU_NAI set for RSN[OSEN]");
-		write_summary(ctx, "No OSU_NAI set for RSN[OSEN]");
-		return -1;
-	} else {
-		if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
-			return -1;
-	}
-
-	mon = open_wpa_mon(ifname);
-	if (mon == NULL)
-		return -1;
-
-	wpa_printf(MSG_INFO, "Associate with OSU SSID");
-	write_summary(ctx, "Associate with OSU SSID");
-	snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
-	if (wpa_command(ifname, buf) < 0)
-		return -1;
-
-	res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
-				buf, sizeof(buf));
-
-	wpa_ctrl_detach(mon);
-	wpa_ctrl_close(mon);
-
-	if (res < 0) {
-		wpa_printf(MSG_INFO, "Could not connect to OSU network");
-		write_summary(ctx, "Could not connect to OSU network");
-		wpa_printf(MSG_INFO, "Remove OSU network connection");
-		snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
-		wpa_command(ifname, buf);
-		return -1;
-	}
-
-	write_summary(ctx, "Waiting for IP address for subscription registration");
-	if (wait_ip_addr(ifname, 15) < 0) {
-		wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
-	}
-
-	if (no_prod_assoc) {
-		if (res < 0)
-			return -1;
-		wpa_printf(MSG_INFO, "No production connection used for testing purposes");
-		write_summary(ctx, "No production connection used for testing purposes");
-		return 0;
-	}
-
-	ctx->no_reconnect = 1;
-	if (methods & 0x02) {
-		wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
-		res = cmd_prov(ctx, url);
-	} else if (methods & 0x01) {
-		wpa_printf(MSG_DEBUG,
-			   "Calling cmd_oma_dm_prov from osu_connect");
-		res = cmd_oma_dm_prov(ctx, url);
-	}
-
-	wpa_printf(MSG_INFO, "Remove OSU network connection");
-	write_summary(ctx, "Remove OSU network connection");
-	snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
-	wpa_command(ifname, buf);
-
-	if (res < 0)
-		return -1;
-
-	wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
-	write_summary(ctx, "Requesting reconnection with updated configuration");
-	if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
-		wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
-		write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
-			  int connect, int no_prod_assoc,
-			  const char *friendly_name)
-{
-	char fname[255];
-	FILE *f;
-	struct osu_data *osu = NULL, *last = NULL;
-	size_t osu_count = 0, i, j;
-	int ret;
-
-	write_summary(ctx, "OSU provider selection");
-
-	if (dir == NULL) {
-		wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
-		return -1;
-	}
-
-	snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
-	osu = parse_osu_providers(fname, &osu_count);
-	if (osu == NULL) {
-		wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
-			   fname);
-		write_result(ctx, "No OSU providers available");
-		return -1;
-	}
-
-	if (friendly_name) {
-		for (i = 0; i < osu_count; i++) {
-			last = &osu[i];
-			for (j = 0; j < last->friendly_name_count; j++) {
-				if (os_strcmp(last->friendly_name[j].text,
-					      friendly_name) == 0)
-					break;
-			}
-			if (j < last->friendly_name_count)
-				break;
-		}
-		if (i == osu_count) {
-			wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
-				   friendly_name);
-			write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
-				      friendly_name);
-			free(osu);
-			return -1;
-		}
-
-		wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
-			   friendly_name);
-		write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
-			      friendly_name);
-		ret = i + 1;
-		goto selected;
-	}
-
-	snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
-	f = fopen(fname, "w");
-	if (f == NULL) {
-		wpa_printf(MSG_INFO, "Could not open %s", fname);
-		free(osu);
-		return -1;
-	}
-
-	fprintf(f, "<html><head>"
-		"<meta http-equiv=\"Content-type\" content=\"text/html; "
-		"charset=utf-8\"<title>Select service operator</title>"
-		"</head><body><h1>Select service operator</h1>\n");
-
-	if (osu_count == 0)
-		fprintf(f, "No online signup available\n");
-
-	for (i = 0; i < osu_count; i++) {
-		last = &osu[i];
-#ifdef ANDROID
-		fprintf(f, "<p>\n"
-			"<a href=\"http://localhost:12345/osu/%d\">"
-			"<table><tr><td>", (int) i + 1);
-#else /* ANDROID */
-		fprintf(f, "<p>\n"
-			"<a href=\"osu://%d\">"
-			"<table><tr><td>", (int) i + 1);
-#endif /* ANDROID */
-		for (j = 0; j < last->icon_count; j++) {
-			fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
-				last->icon[j].id,
-				strcasecmp(last->icon[j].mime_type,
-					   "image/png") == 0 ? "png" : "icon");
-		}
-		fprintf(f, "<td>");
-		for (j = 0; j < last->friendly_name_count; j++) {
-			fprintf(f, "<small>[%s]</small> %s<br>\n",
-				last->friendly_name[j].lang,
-				last->friendly_name[j].text);
-		}
-		fprintf(f, "<tr><td colspan=2>");
-		for (j = 0; j < last->serv_desc_count; j++) {
-			fprintf(f, "<small>[%s]</small> %s<br>\n",
-				last->serv_desc[j].lang,
-				last->serv_desc[j].text);
-		}
-		fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
-			"SSID: %s<br>\n",
-			last->bssid, last->osu_ssid);
-		if (last->osu_ssid2[0])
-			fprintf(f, "SSID2: %s<br>\n", last->osu_ssid2);
-		if (last->osu_nai[0])
-			fprintf(f, "NAI: %s<br>\n", last->osu_nai);
-		if (last->osu_nai2[0])
-			fprintf(f, "NAI2: %s<br>\n", last->osu_nai2);
-		fprintf(f, "URL: %s<br>\n"
-			"methods:%s%s<br>\n"
-			"</small></p>\n",
-			last->url,
-			last->methods & 0x01 ? " OMA-DM" : "",
-			last->methods & 0x02 ? " SOAP-XML-SPP" : "");
-	}
-
-	fprintf(f, "</body></html>\n");
-
-	fclose(f);
-
-	snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
-	write_summary(ctx, "Start web browser with OSU provider selection page");
-	ret = hs20_web_browser(fname, 0);
-
-selected:
-	if (ret > 0 && (size_t) ret <= osu_count) {
-		char *data;
-		size_t data_len;
-
-		wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
-		last = &osu[ret - 1];
-		ret = 0;
-		wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
-		wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
-		if (last->osu_ssid2[0])
-			wpa_printf(MSG_INFO, "SSID2: %s", last->osu_ssid2);
-		wpa_printf(MSG_INFO, "URL: %s", last->url);
-		write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
-			      ret, last->bssid, last->osu_ssid, last->url);
-
-		ctx->friendly_name_count = last->friendly_name_count;
-		for (j = 0; j < last->friendly_name_count; j++) {
-			wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
-				   last->friendly_name[j].lang,
-				   last->friendly_name[j].text);
-			os_strlcpy(ctx->friendly_name[j].lang,
-				   last->friendly_name[j].lang,
-				   sizeof(ctx->friendly_name[j].lang));
-			os_strlcpy(ctx->friendly_name[j].text,
-				   last->friendly_name[j].text,
-				   sizeof(ctx->friendly_name[j].text));
-		}
-
-		ctx->icon_count = last->icon_count;
-		for (j = 0; j < last->icon_count; j++) {
-			char fname[256];
-
-			os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
-				    dir, last->icon[j].id,
-				    strcasecmp(last->icon[j].mime_type,
-					       "image/png") == 0 ?
-				    "png" : "icon");
-			wpa_printf(MSG_INFO, "ICON: %s (%s)",
-				   fname, last->icon[j].filename);
-			os_strlcpy(ctx->icon_filename[j],
-				   last->icon[j].filename,
-				   sizeof(ctx->icon_filename[j]));
-
-			data = os_readfile(fname, &data_len);
-			if (data) {
-				sha256_vector(1, (const u8 **) &data, &data_len,
-					      ctx->icon_hash[j]);
-				os_free(data);
-			}
-		}
-
-		if (connect == 2) {
-			if (last->methods & 0x02) {
-				wpa_printf(MSG_DEBUG,
-					   "Calling cmd_prov from cmd_osu_select");
-				ret = cmd_prov(ctx, last->url);
-			} else if (last->methods & 0x01) {
-				wpa_printf(MSG_DEBUG,
-					   "Calling cmd_oma_dm_prov from cmd_osu_select");
-				ret = cmd_oma_dm_prov(ctx, last->url);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "No supported OSU provisioning method");
-				ret = -1;
-			}
-		} else if (connect) {
-			ret = osu_connect(ctx, last->bssid, last->osu_ssid,
-					  last->osu_ssid2,
-					  last->url, last->methods,
-					  no_prod_assoc, last->osu_nai,
-					  last->osu_nai2);
-		}
-	} else
-		ret = -1;
-
-	free(osu);
-
-	return ret;
-}
-
-
-static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
-		      const char *friendly_name)
-{
-	char dir[255];
-	char fname[300], buf[400];
-	struct wpa_ctrl *mon;
-	const char *ifname;
-	int res;
-
-	ifname = ctx->ifname;
-
-	if (getcwd(dir, sizeof(dir)) == NULL)
-		return -1;
-
-	snprintf(fname, sizeof(fname), "%s/osu-info", dir);
-	if (mkdir(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) < 0 &&
-	    errno != EEXIST) {
-		wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
-			   fname, strerror(errno));
-		return -1;
-	}
-
-	android_update_permission(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
-
-	snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
-	if (wpa_command(ifname, buf) < 0) {
-		wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
-		return -1;
-	}
-
-	mon = open_wpa_mon(ifname);
-	if (mon == NULL)
-		return -1;
-
-	wpa_printf(MSG_INFO, "Starting OSU fetch");
-	write_summary(ctx, "Starting OSU provider information fetch");
-	if (wpa_command(ifname, "FETCH_OSU") < 0) {
-		wpa_printf(MSG_INFO, "Could not start OSU fetch");
-		wpa_ctrl_detach(mon);
-		wpa_ctrl_close(mon);
-		return -1;
-	}
-	res = get_wpa_cli_event(mon, "OSU provider fetch completed",
-				buf, sizeof(buf));
-
-	wpa_ctrl_detach(mon);
-	wpa_ctrl_close(mon);
-
-	if (res < 0) {
-		wpa_printf(MSG_INFO, "OSU fetch did not complete");
-		write_summary(ctx, "OSU fetch did not complete");
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "OSU provider fetch completed");
-
-	return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
-}
-
-
-static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
-		       const char *pps_fname, const char *ca_fname)
-{
-	xml_node_t *pps, *node;
-	char pps_fname_buf[300];
-	char ca_fname_buf[200];
-	char *cred_username = NULL;
-	char *cred_password = NULL;
-	char *sub_rem_uri = NULL;
-	char client_cert_buf[200];
-	char *client_cert = NULL;
-	char client_key_buf[200];
-	char *client_key = NULL;
-	int spp;
-
-	wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
-		   address);
-
-	if (!pps_fname) {
-		char buf[256];
-		wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
-		if (os_strncmp(address, "fqdn=", 5) == 0) {
-			wpa_printf(MSG_INFO, "Use requested FQDN from command line");
-			os_snprintf(buf, sizeof(buf), "%s", address + 5);
-			address = NULL;
-		} else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
-					  sizeof(buf)) < 0) {
-			wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
-			return -1;
-		}
-		os_free(ctx->fqdn);
-		ctx->fqdn = os_strdup(buf);
-		if (ctx->fqdn == NULL)
-			return -1;
-		wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
-			   buf);
-		os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
-			    "SP/%s/pps.xml", ctx->fqdn);
-		pps_fname = pps_fname_buf;
-
-		os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
-			    ctx->fqdn);
-		ca_fname = ca_fname_buf;
-	}
-
-	if (!os_file_exists(pps_fname)) {
-		wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
-			   pps_fname);
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
-
-	if (ca_fname && !os_file_exists(ca_fname)) {
-		wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
-			   ca_fname);
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
-	ctx->ca_fname = ca_fname;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read PPS MO");
-		return -1;
-	}
-
-	if (!ctx->fqdn) {
-		char *tmp;
-		node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
-		if (node == NULL) {
-			wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
-			return -1;
-		}
-		tmp = xml_node_get_text(ctx->xml, node);
-		if (tmp == NULL) {
-			wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
-			return -1;
-		}
-		ctx->fqdn = os_strdup(tmp);
-		xml_node_get_text_free(ctx->xml, tmp);
-		if (!ctx->fqdn) {
-			wpa_printf(MSG_INFO, "No FQDN known");
-			return -1;
-		}
-	}
-
-	node = get_child_node(ctx->xml, pps,
-			      "SubscriptionUpdate/UpdateMethod");
-	if (node) {
-		char *tmp;
-		tmp = xml_node_get_text(ctx->xml, node);
-		if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
-			spp = 0;
-		else
-			spp = 1;
-	} else {
-		wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
-		spp = 1;
-	}
-
-	get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
-		    &cred_username, &cred_password);
-	if (cred_username)
-		wpa_printf(MSG_INFO, "Using username: %s", cred_username);
-	if (cred_password)
-		wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
-
-	if (cred_username == NULL && cred_password == NULL &&
-	    get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
-		wpa_printf(MSG_INFO, "Using client certificate");
-		os_snprintf(client_cert_buf, sizeof(client_cert_buf),
-			    "SP/%s/client-cert.pem", ctx->fqdn);
-		client_cert = client_cert_buf;
-		os_snprintf(client_key_buf, sizeof(client_key_buf),
-			    "SP/%s/client-key.pem", ctx->fqdn);
-		client_key = client_key_buf;
-		ctx->client_cert_present = 1;
-	}
-
-	node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
-	if (node) {
-		sub_rem_uri = xml_node_get_text(ctx->xml, node);
-		if (sub_rem_uri &&
-		    (!address || os_strcmp(address, sub_rem_uri) != 0)) {
-			wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
-				   sub_rem_uri);
-			address = sub_rem_uri;
-		}
-	}
-	if (!address) {
-		wpa_printf(MSG_INFO, "Server URL not known");
-		return -1;
-	}
-
-	write_summary(ctx, "Wait for IP address for subscriptiom remediation");
-	wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
-
-	if (wait_ip_addr(ctx->ifname, 15) < 0) {
-		wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
-	}
-
-	if (spp)
-		spp_sub_rem(ctx, address, pps_fname,
-			    client_cert, client_key,
-			    cred_username, cred_password, pps);
-	else
-		oma_dm_sub_rem(ctx, address, pps_fname,
-			       client_cert, client_key,
-			       cred_username, cred_password, pps);
-
-	xml_node_get_text_free(ctx->xml, sub_rem_uri);
-	xml_node_get_text_free(ctx->xml, cred_username);
-	str_clear_free(cred_password);
-	xml_node_free(ctx->xml, pps);
-	return 0;
-}
-
-
-static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
-		       const char *pps_fname, const char *ca_fname)
-{
-	xml_node_t *pps;
-	xml_node_t *node;
-	char pps_fname_buf[300];
-	char ca_fname_buf[200];
-	char *uri = NULL;
-	char *cred_username = NULL;
-	char *cred_password = NULL;
-	char client_cert_buf[200];
-	char *client_cert = NULL;
-	char client_key_buf[200];
-	char *client_key = NULL;
-	int spp;
-
-	wpa_printf(MSG_INFO, "Policy update requested");
-
-	if (!pps_fname) {
-		char buf[256];
-		int res;
-
-		wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
-		if (address && os_strncmp(address, "fqdn=", 5) == 0) {
-			wpa_printf(MSG_INFO, "Use requested FQDN from command line");
-			os_snprintf(buf, sizeof(buf), "%s", address + 5);
-			address = NULL;
-		} else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
-					  sizeof(buf)) < 0) {
-			wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
-			return -1;
-		}
-		os_free(ctx->fqdn);
-		ctx->fqdn = os_strdup(buf);
-		if (ctx->fqdn == NULL)
-			return -1;
-		wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
-			   buf);
-		os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
-			    "SP/%s/pps.xml", ctx->fqdn);
-		pps_fname = pps_fname_buf;
-
-		res = os_snprintf(ca_fname_buf, sizeof(ca_fname_buf),
-				  "SP/%s/ca.pem", buf);
-		if (os_snprintf_error(sizeof(ca_fname_buf), res)) {
-			os_free(ctx->fqdn);
-			ctx->fqdn = NULL;
-			return -1;
-		}
-		ca_fname = ca_fname_buf;
-	}
-
-	if (!os_file_exists(pps_fname)) {
-		wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
-			   pps_fname);
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
-
-	if (ca_fname && !os_file_exists(ca_fname)) {
-		wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
-			   ca_fname);
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
-	ctx->ca_fname = ca_fname;
-
-	pps = node_from_file(ctx->xml, pps_fname);
-	if (pps == NULL) {
-		wpa_printf(MSG_INFO, "Could not read PPS MO");
-		return -1;
-	}
-
-	if (!ctx->fqdn) {
-		char *tmp;
-		node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
-		if (node == NULL) {
-			wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
-			return -1;
-		}
-		tmp = xml_node_get_text(ctx->xml, node);
-		if (tmp == NULL) {
-			wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
-			return -1;
-		}
-		ctx->fqdn = os_strdup(tmp);
-		xml_node_get_text_free(ctx->xml, tmp);
-		if (!ctx->fqdn) {
-			wpa_printf(MSG_INFO, "No FQDN known");
-			return -1;
-		}
-	}
-
-	node = get_child_node(ctx->xml, pps,
-			      "Policy/PolicyUpdate/UpdateMethod");
-	if (node) {
-		char *tmp;
-		tmp = xml_node_get_text(ctx->xml, node);
-		if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
-			spp = 0;
-		else
-			spp = 1;
-	} else {
-		wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
-		spp = 1;
-	}
-
-	get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
-		    &cred_username, &cred_password);
-	if (cred_username)
-		wpa_printf(MSG_INFO, "Using username: %s", cred_username);
-	if (cred_password)
-		wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
-
-	if (cred_username == NULL && cred_password == NULL &&
-	    get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
-		wpa_printf(MSG_INFO, "Using client certificate");
-		os_snprintf(client_cert_buf, sizeof(client_cert_buf),
-			    "SP/%s/client-cert.pem", ctx->fqdn);
-		client_cert = client_cert_buf;
-		os_snprintf(client_key_buf, sizeof(client_key_buf),
-			    "SP/%s/client-key.pem", ctx->fqdn);
-		client_key = client_key_buf;
-	}
-
-	if (!address) {
-		node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
-		if (node) {
-			uri = xml_node_get_text(ctx->xml, node);
-			wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
-			address = uri;
-		}
-	}
-	if (!address) {
-		wpa_printf(MSG_INFO, "Server URL not known");
-		return -1;
-	}
-
-	if (spp)
-		spp_pol_upd(ctx, address, pps_fname,
-			    client_cert, client_key,
-			    cred_username, cred_password, pps);
-	else
-		oma_dm_pol_upd(ctx, address, pps_fname,
-			       client_cert, client_key,
-			       cred_username, cred_password, pps);
-
-	xml_node_get_text_free(ctx->xml, uri);
-	xml_node_get_text_free(ctx->xml, cred_username);
-	str_clear_free(cred_password);
-	xml_node_free(ctx->xml, pps);
-
-	return 0;
-}
-
-
-static char * get_hostname(const char *url)
-{
-	const char *pos, *end, *end2;
-	char *ret;
-
-	if (url == NULL)
-		return NULL;
-
-	pos = os_strchr(url, '/');
-	if (pos == NULL)
-		return NULL;
-	pos++;
-	if (*pos != '/')
-		return NULL;
-	pos++;
-
-	end = os_strchr(pos, '/');
-	end2 = os_strchr(pos, ':');
-	if ((end && end2 && end2 < end) || (!end && end2))
-		end = end2;
-	if (end)
-		end--;
-	else {
-		end = pos;
-		while (*end)
-			end++;
-		if (end > pos)
-			end--;
-	}
-
-	ret = os_malloc(end - pos + 2);
-	if (ret == NULL)
-		return NULL;
-
-	os_memcpy(ret, pos, end - pos + 1);
-	ret[end - pos + 1] = '\0';
-
-	return ret;
-}
-
-
-static int osu_cert_cb(void *_ctx, struct http_cert *cert)
-{
-	struct hs20_osu_client *ctx = _ctx;
-	size_t i, j;
-	int found;
-	char *host = NULL;
-
-	wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
-		   !ctx->no_osu_cert_validation, ctx->server_url);
-
-	host = get_hostname(ctx->server_url);
-
-	for (i = 0; i < ctx->server_dnsname_count; i++)
-		os_free(ctx->server_dnsname[i]);
-	os_free(ctx->server_dnsname);
-	ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
-	ctx->server_dnsname_count = 0;
-
-	found = 0;
-	for (i = 0; i < cert->num_dnsname; i++) {
-		if (ctx->server_dnsname) {
-			ctx->server_dnsname[ctx->server_dnsname_count] =
-				os_strdup(cert->dnsname[i]);
-			if (ctx->server_dnsname[ctx->server_dnsname_count])
-				ctx->server_dnsname_count++;
-		}
-		if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
-			found = 1;
-		wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
-	}
-
-	if (host && !found) {
-		wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
-			   host);
-		write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
-			     host);
-		os_free(host);
-		return -1;
-	}
-
-	os_free(host);
-
-	for (i = 0; i < cert->num_othername; i++) {
-		if (os_strcmp(cert->othername[i].oid,
-			      "1.3.6.1.4.1.40808.1.1.1") == 0) {
-			wpa_hexdump_ascii(MSG_INFO,
-					  "id-wfa-hotspot-friendlyName",
-					  cert->othername[i].data,
-					  cert->othername[i].len);
-		}
-	}
-
-	for (j = 0; !ctx->no_osu_cert_validation &&
-		     j < ctx->friendly_name_count; j++) {
-		int found = 0;
-		for (i = 0; i < cert->num_othername; i++) {
-			if (os_strcmp(cert->othername[i].oid,
-				      "1.3.6.1.4.1.40808.1.1.1") != 0)
-				continue;
-			if (cert->othername[i].len < 3)
-				continue;
-			if (os_strncasecmp((char *) cert->othername[i].data,
-					   ctx->friendly_name[j].lang, 3) != 0)
-				continue;
-			if (os_strncmp((char *) cert->othername[i].data + 3,
-				       ctx->friendly_name[j].text,
-				       cert->othername[i].len - 3) == 0) {
-				found = 1;
-				break;
-			}
-		}
-
-		if (!found) {
-			wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
-				   ctx->friendly_name[j].lang,
-				   ctx->friendly_name[j].text);
-			write_result(ctx, "No friendly name match found for '[%s]%s'",
-				     ctx->friendly_name[j].lang,
-				     ctx->friendly_name[j].text);
-			return -1;
-		}
-	}
-
-	for (i = 0; i < cert->num_logo; i++) {
-		struct http_logo *logo = &cert->logo[i];
-
-		wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
-			   logo->alg_oid, logo->uri);
-		wpa_hexdump_ascii(MSG_INFO, "hashValue",
-				  logo->hash, logo->hash_len);
-	}
-
-	for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
-		int found = 0;
-		char *name = ctx->icon_filename[j];
-		size_t name_len = os_strlen(name);
-
-		wpa_printf(MSG_INFO,
-			   "[%zu] Looking for icon file name '%s' match",
-			   j, name);
-		for (i = 0; i < cert->num_logo; i++) {
-			struct http_logo *logo = &cert->logo[i];
-			size_t uri_len = os_strlen(logo->uri);
-			char *pos;
-
-			wpa_printf(MSG_INFO,
-				   "[%zu] Comparing to '%s' uri_len=%d name_len=%d",
-				   i, logo->uri, (int) uri_len, (int) name_len);
-			if (uri_len < 1 + name_len) {
-				wpa_printf(MSG_INFO, "URI Length is too short");
-				continue;
-			}
-			pos = &logo->uri[uri_len - name_len - 1];
-			if (*pos != '/')
-				continue;
-			pos++;
-			if (os_strcmp(pos, name) == 0) {
-				found = 1;
-				break;
-			}
-		}
-
-		if (!found) {
-			wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
-				   name);
-			write_result(ctx,
-				     "No icon filename match found for '%s'",
-				     name);
-			return -1;
-		}
-	}
-
-	for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
-		int found = 0;
-
-		for (i = 0; i < cert->num_logo; i++) {
-			struct http_logo *logo = &cert->logo[i];
-
-			if (logo->hash_len != 32) {
-				wpa_printf(MSG_INFO,
-					   "[%zu][%zu] Icon hash length invalid (should be 32): %d",
-					   j, i, (int) logo->hash_len);
-				continue;
-			}
-			if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
-				found = 1;
-				break;
-			}
-
-			wpa_printf(MSG_DEBUG,
-				   "[%zu][%zu] Icon hash did not match", j, i);
-			wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
-					  logo->hash, 32);
-			wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
-					  ctx->icon_hash[j], 32);
-		}
-
-		if (!found) {
-			wpa_printf(MSG_INFO,
-				   "No icon hash match (by hash) found");
-			write_result(ctx,
-				     "No icon hash match (by hash) found");
-			return -1;
-		}
-	}
-
-	return 0;
-}
-
-
-static int init_ctx(struct hs20_osu_client *ctx)
-{
-	xml_node_t *devinfo, *devid;
-
-	os_memset(ctx, 0, sizeof(*ctx));
-	ctx->ifname = "wlan0";
-	ctx->xml = xml_node_init_ctx(ctx, NULL);
-	if (ctx->xml == NULL)
-		return -1;
-
-	devinfo = node_from_file(ctx->xml, "devinfo.xml");
-	if (devinfo) {
-		devid = get_node(ctx->xml, devinfo, "DevId");
-		if (devid) {
-			char *tmp = xml_node_get_text(ctx->xml, devid);
-
-			if (tmp) {
-				ctx->devid = os_strdup(tmp);
-				xml_node_get_text_free(ctx->xml, tmp);
-			}
-		}
-		xml_node_free(ctx->xml, devinfo);
-	}
-
-	ctx->http = http_init_ctx(ctx, ctx->xml);
-	if (ctx->http == NULL) {
-		xml_node_deinit_ctx(ctx->xml);
-		return -1;
-	}
-	http_ocsp_set(ctx->http, 2);
-	http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
-
-	return 0;
-}
-
-
-static void deinit_ctx(struct hs20_osu_client *ctx)
-{
-	size_t i;
-
-	http_deinit_ctx(ctx->http);
-	xml_node_deinit_ctx(ctx->xml);
-	os_free(ctx->fqdn);
-	os_free(ctx->server_url);
-	os_free(ctx->devid);
-
-	for (i = 0; i < ctx->server_dnsname_count; i++)
-		os_free(ctx->server_dnsname[i]);
-	os_free(ctx->server_dnsname);
-}
-
-
-static void check_workarounds(struct hs20_osu_client *ctx)
-{
-	FILE *f;
-	char buf[100];
-	unsigned long int val = 0;
-
-	f = fopen("hs20-osu-client.workarounds", "r");
-	if (f == NULL)
-		return;
-
-	if (fgets(buf, sizeof(buf), f))
-		val = strtoul(buf, NULL, 16);
-
-	fclose(f);
-
-	if (val) {
-		wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
-		ctx->workarounds = val;
-		if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
-			http_ocsp_set(ctx->http, 1);
-	}
-}
-
-
-static void usage(void)
-{
-	printf("usage: hs20-osu-client [-dddqqKtT] [-S<station ifname>] \\\n"
-	       "    [-w<wpa_supplicant ctrl_iface dir>] "
-	       "[-r<result file>] [-f<debug file>] \\\n"
-	       "    [-s<summary file>] \\\n"
-	       "    [-x<spp.xsd file name>] \\\n"
-	       "    <command> [arguments..]\n"
-	       "commands:\n"
-	       "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
-	       "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
-	       "[URN]>\n"
-	       "- from_tnds <XML MO in TNDS format> <XML MO>\n"
-	       "- set_pps <PerProviderSubscription XML file name>\n"
-	       "- get_fqdn <PerProviderSubscription XML file name>\n"
-	       "- pol_upd [Server URL] [PPS] [CA cert]\n"
-	       "- sub_rem <Server URL> [PPS] [CA cert]\n"
-	       "- prov <Server URL> [CA cert]\n"
-	       "- oma_dm_prov <Server URL> [CA cert]\n"
-	       "- sim_prov <Server URL> [CA cert]\n"
-	       "- oma_dm_sim_prov <Server URL> [CA cert]\n"
-	       "- signup [CA cert]\n"
-	       "- dl_osu_ca <PPS> <CA file>\n"
-	       "- dl_polupd_ca <PPS> <CA file>\n"
-	       "- dl_aaa_ca <PPS> <CA file>\n"
-	       "- browser <URL>\n"
-	       "- parse_cert <X.509 certificate (DER)>\n"
-	       "- osu_select <OSU info directory> [CA cert]\n");
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct hs20_osu_client ctx;
-	int c;
-	int ret = 0;
-	int no_prod_assoc = 0;
-	const char *friendly_name = NULL;
-	const char *wpa_debug_file_path = NULL;
-	extern char *wpas_ctrl_path;
-	extern int wpa_debug_level;
-	extern int wpa_debug_show_keys;
-	extern int wpa_debug_timestamp;
-
-	if (init_ctx(&ctx) < 0)
-		return -1;
-
-	for (;;) {
-		c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tTw:x:");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'd':
-			if (wpa_debug_level > 0)
-				wpa_debug_level--;
-			break;
-		case 'f':
-			wpa_debug_file_path = optarg;
-			break;
-		case 'K':
-			wpa_debug_show_keys++;
-			break;
-		case 'N':
-			no_prod_assoc = 1;
-			break;
-		case 'o':
-			ctx.osu_ssid = optarg;
-			break;
-		case 'O':
-			friendly_name = optarg;
-			break;
-		case 'q':
-			wpa_debug_level++;
-			break;
-		case 'r':
-			ctx.result_file = optarg;
-			break;
-		case 's':
-			ctx.summary_file = optarg;
-			break;
-		case 'S':
-			ctx.ifname = optarg;
-			break;
-		case 't':
-			wpa_debug_timestamp++;
-			break;
-		case 'T':
-			ctx.ignore_tls = 1;
-			break;
-		case 'w':
-			wpas_ctrl_path = optarg;
-			break;
-		case 'x':
-			spp_xsd_fname = optarg;
-			break;
-		case 'h':
-		default:
-			usage();
-			exit(0);
-			break;
-		}
-	}
-
-	if (argc - optind < 1) {
-		usage();
-		exit(0);
-	}
-
-	wpa_debug_open_file(wpa_debug_file_path);
-
-#ifdef __linux__
-	setlinebuf(stdout);
-#endif /* __linux__ */
-
-	if (ctx.result_file)
-		unlink(ctx.result_file);
-	wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
-		   "================", argv[optind]);
-	check_workarounds(&ctx);
-
-	if (strcmp(argv[optind], "to_tnds") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
-			    argc > optind + 3 ? argv[optind + 3] : NULL,
-			    0);
-	} else if (strcmp(argv[optind], "to_tnds2") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
-			    argc > optind + 3 ? argv[optind + 3] : NULL,
-			    1);
-	} else if (strcmp(argv[optind], "from_tnds") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
-	} else if (strcmp(argv[optind], "sub_rem") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		ret = cmd_sub_rem(&ctx, argv[optind + 1],
-				  argc > optind + 2 ? argv[optind + 2] : NULL,
-				  argc > optind + 3 ? argv[optind + 3] : NULL);
-	} else if (strcmp(argv[optind], "pol_upd") == 0) {
-		ret = cmd_pol_upd(&ctx,
-				  argc > optind + 1 ? argv[optind + 1] : NULL,
-				  argc > optind + 2 ? argv[optind + 2] : NULL,
-				  argc > optind + 3 ? argv[optind + 3] : NULL);
-	} else if (strcmp(argv[optind], "prov") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		ctx.ca_fname = argv[optind + 2];
-		wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
-		cmd_prov(&ctx, argv[optind + 1]);
-	} else if (strcmp(argv[optind], "sim_prov") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		ctx.ca_fname = argv[optind + 2];
-		cmd_sim_prov(&ctx, argv[optind + 1]);
-	} else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
-	} else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
-	} else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
-	} else if (strcmp(argv[optind], "osu_select") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
-		cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
-	} else if (strcmp(argv[optind], "signup") == 0) {
-		ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
-		ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
-	} else if (strcmp(argv[optind], "set_pps") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_set_pps(&ctx, argv[optind + 1]);
-	} else if (strcmp(argv[optind], "get_fqdn") == 0) {
-		if (argc - optind < 1) {
-			usage();
-			exit(0);
-		}
-		ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
-	} else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		ctx.ca_fname = argv[optind + 2];
-		cmd_oma_dm_prov(&ctx, argv[optind + 1]);
-	} else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		ctx.ca_fname = argv[optind + 2];
-		if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
-			write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
-			return -1;
-		}
-	} else if (strcmp(argv[optind], "oma_dm_add") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
-	} else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
-	} else if (strcmp(argv[optind], "est_csr") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-		mkdir("Cert", S_IRWXU);
-		est_build_csr(&ctx, argv[optind + 1]);
-	} else if (strcmp(argv[optind], "browser") == 0) {
-		int ret;
-
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-
-		wpa_printf(MSG_INFO, "Launch web browser to URL %s",
-			   argv[optind + 1]);
-		ret = hs20_web_browser(argv[optind + 1], ctx.ignore_tls);
-		wpa_printf(MSG_INFO, "Web browser result: %d", ret);
-	} else if (strcmp(argv[optind], "parse_cert") == 0) {
-		if (argc - optind < 2) {
-			usage();
-			exit(0);
-		}
-
-		wpa_debug_level = MSG_MSGDUMP;
-		http_parse_x509_certificate(ctx.http, argv[optind + 1]);
-		wpa_debug_level = MSG_INFO;
-	} else {
-		wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
-	}
-
-	deinit_ctx(&ctx);
-	wpa_printf(MSG_DEBUG,
-		   "===[hs20-osu-client END ]======================");
-
-	wpa_debug_close_file();
-
-	return ret;
-}
diff --git a/hs20/client/osu_client.h b/hs20/client/osu_client.h
deleted file mode 100644
index 9b45b03febe2..000000000000
--- a/hs20/client/osu_client.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Hotspot 2.0 - OSU client
- * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef OSU_CLIENT_H
-#define OSU_CLIENT_H
-
-#define SPP_NS_URI "http://www.wi-fi.org/specifications/hotspot2dot0/v1.0/spp"
-
-#define URN_OMA_DM_DEVINFO "urn:oma:mo:oma-dm-devinfo:1.0"
-#define URN_OMA_DM_DEVDETAIL "urn:oma:mo:oma-dm-devdetail:1.0"
-#define URN_HS20_DEVDETAIL_EXT "urn:wfa:mo-ext:hotspot2dot0-devdetail-ext:1.0"
-#define URN_HS20_PPS "urn:wfa:mo:hotspot2dot0-perprovidersubscription:1.0"
-
-
-#define MAX_OSU_VALS 10
-
-struct osu_lang_text {
-	char lang[4];
-	char text[253];
-};
-
-struct hs20_osu_client {
-	struct xml_node_ctx *xml;
-	struct http_ctx *http;
-	int no_reconnect;
-	char pps_fname[300];
-	char *devid;
-	const char *result_file;
-	const char *summary_file;
-	const char *ifname;
-	const char *ca_fname;
-	int no_osu_cert_validation; /* for EST operations */
-	char *fqdn;
-	char *server_url;
-	struct osu_lang_text friendly_name[MAX_OSU_VALS];
-	size_t friendly_name_count;
-	size_t icon_count;
-	char icon_filename[MAX_OSU_VALS][256];
-	u8 icon_hash[MAX_OSU_VALS][32];
-	int pps_cred_set;
-	int pps_updated;
-	int client_cert_present;
-	char **server_dnsname;
-	size_t server_dnsname_count;
-	const char *osu_ssid; /* Enforced OSU_SSID for testing purposes */
-#define WORKAROUND_OCSP_OPTIONAL 0x00000001
-	unsigned long int workarounds;
-	int ignore_tls; /* whether to ignore TLS validation issues with HTTPS
-			 * server certificate */
-};
-
-
-/* osu_client.c */
-
-void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
-	__attribute__ ((format (printf, 2, 3)));
-void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
-	__attribute__ ((format (printf, 2, 3)));
-
-void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
-		     xml_node_t *node);
-int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert);
-int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
-		    xml_node_t *add_mo, char *fname, size_t fname_len);
-void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
-		 const char *alt_loc, char **user, char **pw);
-int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
-		    xml_node_t *pps);
-void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname);
-
-
-/* spp_client.c */
-
-void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
-		 const char *pps_fname,
-		 const char *client_cert, const char *client_key,
-		 const char *cred_username, const char *cred_password,
-		 xml_node_t *pps);
-void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
-		 const char *pps_fname,
-		 const char *client_cert, const char *client_key,
-		 const char *cred_username, const char *cred_password,
-		 xml_node_t *pps);
-int cmd_prov(struct hs20_osu_client *ctx, const char *url);
-int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url);
-
-
-/* oma_dm_client.c */
-
-int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url);
-int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url);
-void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
-		    const char *pps_fname,
-		    const char *client_cert, const char *client_key,
-		    const char *cred_username, const char *cred_password,
-		    xml_node_t *pps);
-void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
-		    const char *pps_fname,
-		    const char *client_cert, const char *client_key,
-		    const char *cred_username, const char *cred_password,
-		    xml_node_t *pps);
-void cmd_oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
-			const char *pps_fname);
-void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
-		    const char *add_fname);
-void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,
-			const char *replace_fname);
-
-/* est.c */
-
-int est_load_cacerts(struct hs20_osu_client *ctx, const char *url);
-int est_build_csr(struct hs20_osu_client *ctx, const char *url);
-int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
-		      const char *user, const char *pw);
-
-#endif /* OSU_CLIENT_H */
diff --git a/hs20/client/spp_client.c b/hs20/client/spp_client.c
deleted file mode 100644
index 39d10e0362f6..000000000000
--- a/hs20/client/spp_client.c
+++ /dev/null
@@ -1,1004 +0,0 @@
-/*
- * Hotspot 2.0 SPP client
- * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <sys/stat.h>
-
-#include "common.h"
-#include "browser.h"
-#include "wpa_ctrl.h"
-#include "wpa_helpers.h"
-#include "xml-utils.h"
-#include "http-utils.h"
-#include "utils/base64.h"
-#include "crypto/crypto.h"
-#include "crypto/sha256.h"
-#include "osu_client.h"
-
-
-extern const char *spp_xsd_fname;
-
-static int hs20_spp_update_response(struct hs20_osu_client *ctx,
-				    const char *session_id,
-				    const char *spp_status,
-				    const char *error_code);
-static void hs20_policy_update_complete(
-	struct hs20_osu_client *ctx, const char *pps_fname);
-
-
-static char * get_spp_attr_value(struct xml_node_ctx *ctx, xml_node_t *node,
-				 char *attr_name)
-{
-	return xml_node_get_attr_value_ns(ctx, node, SPP_NS_URI, attr_name);
-}
-
-
-static int hs20_spp_validate(struct hs20_osu_client *ctx, xml_node_t *node,
-			     const char *expected_name)
-{
-	struct xml_node_ctx *xctx = ctx->xml;
-	const char *name;
-	char *err;
-	int ret;
-
-	if (!xml_node_is_element(xctx, node))
-		return -1;
-
-	name = xml_node_get_localname(xctx, node);
-	if (name == NULL)
-		return -1;
-
-	if (strcmp(expected_name, name) != 0) {
-		wpa_printf(MSG_INFO, "Unexpected SOAP method name '%s' (expected '%s')",
-			   name, expected_name);
-		write_summary(ctx, "Unexpected SOAP method name '%s' (expected '%s')",
-			      name, expected_name);
-		return -1;
-	}
-
-	ret = xml_validate(xctx, node, spp_xsd_fname, &err);
-	if (ret < 0) {
-		wpa_printf(MSG_INFO, "XML schema validation error(s)\n%s", err);
-		write_summary(ctx, "SPP XML schema validation failed");
-		os_free(err);
-	}
-	return ret;
-}
-
-
-static void add_mo_container(struct xml_node_ctx *ctx, xml_namespace_t *ns,
-			     xml_node_t *parent, const char *urn,
-			     const char *fname)
-{
-	xml_node_t *node;
-	xml_node_t *fnode, *tnds;
-	char *str;
-
-	errno = 0;
-	fnode = node_from_file(ctx, fname);
-	if (!fnode) {
-		wpa_printf(MSG_ERROR,
-			   "Failed to create XML node from file: %s, possible error: %s",
-			   fname, strerror(errno));
-		return;
-	}
-	tnds = mo_to_tnds(ctx, fnode, 0, urn, "syncml:dmddf1.2");
-	xml_node_free(ctx, fnode);
-	if (!tnds)
-		return;
-
-	str = xml_node_to_str(ctx, tnds);
-	xml_node_free(ctx, tnds);
-	if (str == NULL)
-		return;
-
-	node = xml_node_create_text(ctx, parent, ns, "moContainer", str);
-	if (node)
-		xml_node_add_attr(ctx, node, ns, "moURN", urn);
-	os_free(str);
-}
-
-
-static xml_node_t * build_spp_post_dev_data(struct hs20_osu_client *ctx,
-					    xml_namespace_t **ret_ns,
-					    const char *session_id,
-					    const char *reason)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node;
-
-	write_summary(ctx, "Building sppPostDevData requestReason='%s'",
-		      reason);
-	spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns,
-					"sppPostDevData");
-	if (spp_node == NULL)
-		return NULL;
-	if (ret_ns)
-		*ret_ns = ns;
-
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0");
-	xml_node_add_attr(ctx->xml, spp_node, NULL, "requestReason", reason);
-	if (session_id)
-		xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID",
-				  session_id);
-	xml_node_add_attr(ctx->xml, spp_node, NULL, "redirectURI",
-			  "http://localhost:12345/");
-
-	xml_node_create_text(ctx->xml, spp_node, ns, "supportedSPPVersions",
-			     "1.0");
-	xml_node_create_text(ctx->xml, spp_node, ns, "supportedMOList",
-			     URN_HS20_PPS " " URN_OMA_DM_DEVINFO " "
-			     URN_OMA_DM_DEVDETAIL " " URN_HS20_DEVDETAIL_EXT);
-
-	add_mo_container(ctx->xml, ns, spp_node, URN_OMA_DM_DEVINFO,
-			 "devinfo.xml");
-	add_mo_container(ctx->xml, ns, spp_node, URN_OMA_DM_DEVDETAIL,
-			 "devdetail.xml");
-
-	return spp_node;
-}
-
-
-static int process_update_node(struct hs20_osu_client *ctx, xml_node_t *pps,
-			       xml_node_t *update)
-{
-	xml_node_t *node, *parent, *tnds, *unode;
-	char *str;
-	const char *name;
-	char *uri, *pos;
-	char *cdata, *cdata_end;
-	size_t fqdn_len;
-
-	wpa_printf(MSG_INFO, "Processing updateNode");
-	debug_dump_node(ctx, "updateNode", update);
-
-	uri = get_spp_attr_value(ctx->xml, update, "managementTreeURI");
-	if (uri == NULL) {
-		wpa_printf(MSG_INFO, "No managementTreeURI present");
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "managementTreeUri: '%s'", uri);
-
-	name = os_strrchr(uri, '/');
-	if (name == NULL) {
-		wpa_printf(MSG_INFO, "Unexpected URI");
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-	name++;
-	wpa_printf(MSG_INFO, "Update interior node: '%s'", name);
-
-	str = xml_node_get_text(ctx->xml, update);
-	if (str == NULL) {
-		wpa_printf(MSG_INFO, "Could not extract MO text");
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "[hs20] nodeContainer text: '%s'", str);
-	cdata = strstr(str, "<![CDATA[");
-	cdata_end = strstr(str, "]]>");
-	if (cdata && cdata_end && cdata_end > cdata &&
-	    cdata < strstr(str, "MgmtTree") &&
-	    cdata_end > strstr(str, "/MgmtTree")) {
-		char *tmp;
-		wpa_printf(MSG_DEBUG, "[hs20] Removing extra CDATA container");
-		tmp = strdup(cdata + 9);
-		if (tmp) {
-			cdata_end = strstr(tmp, "]]>");
-			if (cdata_end)
-				*cdata_end = '\0';
-			wpa_printf(MSG_DEBUG, "[hs20] nodeContainer text with CDATA container removed: '%s'",
-				   tmp);
-			tnds = xml_node_from_buf(ctx->xml, tmp);
-			free(tmp);
-		} else
-			tnds = NULL;
-	} else
-		tnds = xml_node_from_buf(ctx->xml, str);
-	xml_node_get_text_free(ctx->xml, str);
-	if (tnds == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] Could not parse nodeContainer text");
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-
-	unode = tnds_to_mo(ctx->xml, tnds);
-	xml_node_free(ctx->xml, tnds);
-	if (unode == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] Could not parse nodeContainer TNDS text");
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-
-	debug_dump_node(ctx, "Parsed TNDS", unode);
-
-	if (get_node_uri(ctx->xml, unode, name) == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] %s node not found", name);
-		xml_node_free(ctx->xml, unode);
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-
-	if (os_strncasecmp(uri, "./Wi-Fi/", 8) != 0) {
-		wpa_printf(MSG_INFO, "Do not allow update outside ./Wi-Fi");
-		xml_node_free(ctx->xml, unode);
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-	pos = uri + 8;
-
-	if (ctx->fqdn == NULL) {
-		wpa_printf(MSG_INFO, "FQDN not known");
-		xml_node_free(ctx->xml, unode);
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-	fqdn_len = os_strlen(ctx->fqdn);
-	if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
-	    pos[fqdn_len] != '/') {
-		wpa_printf(MSG_INFO, "Do not allow update outside ./Wi-Fi/%s",
-			   ctx->fqdn);
-		xml_node_free(ctx->xml, unode);
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-	pos += fqdn_len + 1;
-
-	if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
-		wpa_printf(MSG_INFO, "Do not allow update outside ./Wi-Fi/%s/PerProviderSubscription",
-			   ctx->fqdn);
-		xml_node_free(ctx->xml, unode);
-		xml_node_get_attr_value_free(ctx->xml, uri);
-		return -1;
-	}
-	pos += 24;
-
-	wpa_printf(MSG_INFO, "Update command for PPS node %s", pos);
-
-	node = get_node(ctx->xml, pps, pos);
-	if (node) {
-		parent = xml_node_get_parent(ctx->xml, node);
-		xml_node_detach(ctx->xml, node);
-		wpa_printf(MSG_INFO, "Replace '%s' node", name);
-	} else {
-		char *pos2;
-		pos2 = os_strrchr(pos, '/');
-		if (pos2 == NULL) {
-			parent = pps;
-		} else {
-			*pos2 = '\0';
-			parent = get_node(ctx->xml, pps, pos);
-		}
-		if (parent == NULL) {
-			wpa_printf(MSG_INFO, "Could not find parent %s", pos);
-			xml_node_free(ctx->xml, unode);
-			xml_node_get_attr_value_free(ctx->xml, uri);
-			return -1;
-		}
-		wpa_printf(MSG_INFO, "Add '%s' node", name);
-	}
-	xml_node_add_child(ctx->xml, parent, unode);
-
-	xml_node_get_attr_value_free(ctx->xml, uri);
-
-	return 0;
-}
-
-
-static int update_pps(struct hs20_osu_client *ctx, xml_node_t *update,
-		      const char *pps_fname, xml_node_t *pps)
-{
-	wpa_printf(MSG_INFO, "Updating PPS based on updateNode element(s)");
-	xml_node_for_each_sibling(ctx->xml, update) {
-		xml_node_for_each_check(ctx->xml, update);
-		if (process_update_node(ctx, pps, update) < 0)
-			return -1;
-	}
-
-	return update_pps_file(ctx, pps_fname, pps);
-}
-
-
-static void hs20_sub_rem_complete(struct hs20_osu_client *ctx,
-				  const char *pps_fname)
-{
-	/*
-	 * Update wpa_supplicant credentials and reconnect using updated
-	 * information.
-	 */
-	wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
-	cmd_set_pps(ctx, pps_fname);
-
-	if (ctx->no_reconnect)
-		return;
-
-	wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
-	if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0)
-		wpa_printf(MSG_ERROR, "Failed to request wpa_supplicant to reconnect");
-}
-
-
-static xml_node_t * hs20_spp_upload_mo(struct hs20_osu_client *ctx,
-				       xml_node_t *cmd,
-				       const char *session_id,
-				       const char *pps_fname)
-{
-	xml_namespace_t *ns;
-	xml_node_t *node, *ret_node;
-	char *urn;
-
-	urn = get_spp_attr_value(ctx->xml, cmd, "moURN");
-	if (!urn) {
-		wpa_printf(MSG_INFO, "No URN included");
-		return NULL;
-	}
-	wpa_printf(MSG_INFO, "Upload MO request - URN=%s", urn);
-	if (strcasecmp(urn, URN_HS20_PPS) != 0) {
-		wpa_printf(MSG_INFO, "Unsupported moURN");
-		xml_node_get_attr_value_free(ctx->xml, urn);
-		return NULL;
-	}
-	xml_node_get_attr_value_free(ctx->xml, urn);
-
-	if (!pps_fname) {
-		wpa_printf(MSG_INFO, "PPS file name no known");
-		return NULL;
-	}
-
-	node = build_spp_post_dev_data(ctx, &ns, session_id,
-				       "MO upload");
-	if (node == NULL)
-		return NULL;
-	add_mo_container(ctx->xml, ns, node, URN_HS20_PPS, pps_fname);
-
-	ret_node = soap_send_receive(ctx->http, node);
-	if (ret_node == NULL)
-		return NULL;
-
-	debug_dump_node(ctx, "Received response to MO upload", ret_node);
-
-	if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
-		wpa_printf(MSG_INFO, "SPP validation failed");
-		xml_node_free(ctx->xml, ret_node);
-		return NULL;
-	}
-
-	return ret_node;
-}
-
-
-static int hs20_add_mo(struct hs20_osu_client *ctx, xml_node_t *add_mo,
-		       char *fname, size_t fname_len)
-{
-	char *uri, *urn;
-	int ret;
-
-	debug_dump_node(ctx, "Received addMO", add_mo);
-
-	urn = get_spp_attr_value(ctx->xml, add_mo, "moURN");
-	if (urn == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] No moURN in addMO");
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "addMO - moURN: '%s'", urn);
-	if (strcasecmp(urn, URN_HS20_PPS) != 0) {
-		wpa_printf(MSG_INFO, "[hs20] Unsupported MO in addMO");
-		xml_node_get_attr_value_free(ctx->xml, urn);
-		return -1;
-	}
-	xml_node_get_attr_value_free(ctx->xml, urn);
-
-	uri = get_spp_attr_value(ctx->xml, add_mo, "managementTreeURI");
-	if (uri == NULL) {
-		wpa_printf(MSG_INFO, "[hs20] No managementTreeURI in addMO");
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "addMO - managementTreeURI: '%s'", uri);
-
-	ret = hs20_add_pps_mo(ctx, uri, add_mo, fname, fname_len);
-	xml_node_get_attr_value_free(ctx->xml, uri);
-	return ret;
-}
-
-
-static int process_spp_user_input_response(struct hs20_osu_client *ctx,
-					   const char *session_id,
-					   xml_node_t *add_mo)
-{
-	int ret;
-	char fname[300];
-
-	debug_dump_node(ctx, "addMO", add_mo);
-
-	wpa_printf(MSG_INFO, "Subscription registration completed");
-
-	if (hs20_add_mo(ctx, add_mo, fname, sizeof(fname)) < 0) {
-		wpa_printf(MSG_INFO, "Could not add MO");
-		ret = hs20_spp_update_response(
-			ctx, session_id,
-			"Error occurred",
-			"MO addition or update failed");
-		return 0;
-	}
-
-	ret = hs20_spp_update_response(ctx, session_id, "OK", NULL);
-	if (ret == 0)
-		hs20_sub_rem_complete(ctx, fname);
-
-	return 0;
-}
-
-
-static xml_node_t * hs20_spp_user_input_completed(struct hs20_osu_client *ctx,
-						    const char *session_id)
-{
-	xml_node_t *node, *ret_node;
-
-	node = build_spp_post_dev_data(ctx, NULL, session_id,
-				       "User input completed");
-	if (node == NULL)
-		return NULL;
-
-	ret_node = soap_send_receive(ctx->http, node);
-	if (!ret_node) {
-		if (soap_reinit_client(ctx->http) < 0)
-			return NULL;
-		wpa_printf(MSG_INFO, "Try to finish with re-opened connection");
-		node = build_spp_post_dev_data(ctx, NULL, session_id,
-					       "User input completed");
-		if (node == NULL)
-			return NULL;
-		ret_node = soap_send_receive(ctx->http, node);
-		if (ret_node == NULL)
-			return NULL;
-		wpa_printf(MSG_INFO, "Continue with new connection");
-	}
-
-	if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
-		wpa_printf(MSG_INFO, "SPP validation failed");
-		xml_node_free(ctx->xml, ret_node);
-		return NULL;
-	}
-
-	return ret_node;
-}
-
-
-static xml_node_t * hs20_spp_get_certificate(struct hs20_osu_client *ctx,
-					     xml_node_t *cmd,
-					     const char *session_id,
-					     const char *pps_fname)
-{
-	xml_namespace_t *ns;
-	xml_node_t *node, *ret_node;
-	int res;
-
-	wpa_printf(MSG_INFO, "Client certificate enrollment");
-
-	res = osu_get_certificate(ctx, cmd);
-	if (res < 0)
-		wpa_printf(MSG_INFO, "EST simpleEnroll failed");
-
-	node = build_spp_post_dev_data(ctx, &ns, session_id,
-				       res == 0 ?
-				       "Certificate enrollment completed" :
-				       "Certificate enrollment failed");
-	if (node == NULL)
-		return NULL;
-
-	ret_node = soap_send_receive(ctx->http, node);
-	if (ret_node == NULL)
-		return NULL;
-
-	debug_dump_node(ctx, "Received response to certificate enrollment "
-			"completed", ret_node);
-
-	if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
-		wpa_printf(MSG_INFO, "SPP validation failed");
-		xml_node_free(ctx->xml, ret_node);
-		return NULL;
-	}
-
-	return ret_node;
-}
-
-
-static int hs20_spp_exec(struct hs20_osu_client *ctx, xml_node_t *exec,
-			 const char *session_id, const char *pps_fname,
-			 xml_node_t *pps, xml_node_t **ret_node)
-{
-	xml_node_t *cmd;
-	const char *name;
-	char *uri;
-	char *id = strdup(session_id);
-
-	if (id == NULL)
-		return -1;
-
-	*ret_node = NULL;
-
-	debug_dump_node(ctx, "exec", exec);
-
-	xml_node_for_each_child(ctx->xml, cmd, exec) {
-		xml_node_for_each_check(ctx->xml, cmd);
-		break;
-	}
-	if (!cmd) {
-		wpa_printf(MSG_INFO, "exec command element not found (cmd=%p)",
-			   cmd);
-		free(id);
-		return -1;
-	}
-
-	name = xml_node_get_localname(ctx->xml, cmd);
-
-	if (strcasecmp(name, "launchBrowserToURI") == 0) {
-		int res;
-		uri = xml_node_get_text(ctx->xml, cmd);
-		if (!uri) {
-			wpa_printf(MSG_INFO, "No URI found");
-			free(id);
-			return -1;
-		}
-		wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
-		write_summary(ctx, "Launch browser to URI '%s'", uri);
-		res = hs20_web_browser(uri, 1);
-		xml_node_get_text_free(ctx->xml, uri);
-		if (res > 0) {
-			wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",
-				   id);
-			write_summary(ctx, "User response in browser completed successfully");
-			*ret_node = hs20_spp_user_input_completed(ctx, id);
-			free(id);
-			return *ret_node ? 0 : -1;
-		} else {
-			wpa_printf(MSG_INFO, "Failed to receive user response");
-			write_summary(ctx, "Failed to receive user response");
-			hs20_spp_update_response(
-				ctx, id, "Error occurred", "Other");
-			free(id);
-			return -1;
-		}
-		return 0;
-	}
-
-	if (strcasecmp(name, "uploadMO") == 0) {
-		if (pps_fname == NULL)
-			return -1;
-		*ret_node = hs20_spp_upload_mo(ctx, cmd, id,
-					       pps_fname);
-		free(id);
-		return *ret_node ? 0 : -1;
-	}
-
-	if (strcasecmp(name, "getCertificate") == 0) {
-		*ret_node = hs20_spp_get_certificate(ctx, cmd, id,
-						     pps_fname);
-		free(id);
-		return *ret_node ? 0 : -1;
-	}
-
-	wpa_printf(MSG_INFO, "Unsupported exec command: '%s'", name);
-	free(id);
-	return -1;
-}
-
-
-enum spp_post_dev_data_use {
-	SPP_SUBSCRIPTION_REMEDIATION,
-	SPP_POLICY_UPDATE,
-	SPP_SUBSCRIPTION_REGISTRATION,
-};
-
-static void process_spp_post_dev_data_response(
-	struct hs20_osu_client *ctx,
-	enum spp_post_dev_data_use use, xml_node_t *node,
-	const char *pps_fname, xml_node_t *pps)
-{
-	xml_node_t *child;
-	char *status = NULL;
-	xml_node_t *update = NULL, *exec = NULL, *add_mo = NULL, *no_mo = NULL;
-	char *session_id = NULL;
-
-	debug_dump_node(ctx, "sppPostDevDataResponse node", node);
-
-	status = get_spp_attr_value(ctx->xml, node, "sppStatus");
-	if (status == NULL) {
-		wpa_printf(MSG_INFO, "No sppStatus attribute");
-		goto out;
-	}
-	write_summary(ctx, "Received sppPostDevDataResponse sppStatus='%s'",
-		      status);
-
-	session_id = get_spp_attr_value(ctx->xml, node, "sessionID");
-	if (session_id == NULL) {
-		wpa_printf(MSG_INFO, "No sessionID attribute");
-		goto out;
-	}
-
-	wpa_printf(MSG_INFO, "[hs20] sppPostDevDataResponse - sppStatus: '%s'  sessionID: '%s'",
-		   status, session_id);
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		const char *name;
-		xml_node_for_each_check(ctx->xml, child);
-		debug_dump_node(ctx, "child", child);
-		name = xml_node_get_localname(ctx->xml, child);
-		wpa_printf(MSG_INFO, "localname: '%s'", name);
-		if (!update && strcasecmp(name, "updateNode") == 0)
-			update = child;
-		if (!exec && strcasecmp(name, "exec") == 0)
-			exec = child;
-		if (!add_mo && strcasecmp(name, "addMO") == 0)
-			add_mo = child;
-		if (!no_mo && strcasecmp(name, "noMOUpdate") == 0)
-			no_mo = child;
-	}
-
-	if (use == SPP_SUBSCRIPTION_REMEDIATION &&
-	    strcasecmp(status,
-		       "Remediation complete, request sppUpdateResponse") == 0)
-	{
-		int res, ret;
-		if (!update && !no_mo) {
-			wpa_printf(MSG_INFO, "No updateNode or noMOUpdate element");
-			goto out;
-		}
-		wpa_printf(MSG_INFO, "Subscription remediation completed");
-		res = update_pps(ctx, update, pps_fname, pps);
-		if (res < 0)
-			wpa_printf(MSG_INFO, "Failed to update PPS MO");
-		ret = hs20_spp_update_response(
-			ctx, session_id,
-			res < 0 ? "Error occurred" : "OK",
-			res < 0 ? "MO addition or update failed" : NULL);
-		if (res == 0 && ret == 0)
-			hs20_sub_rem_complete(ctx, pps_fname);
-		goto out;
-	}
-
-	if (use == SPP_SUBSCRIPTION_REMEDIATION &&
-	    strcasecmp(status, "Exchange complete, release TLS connection") ==
-	    0) {
-		if (!no_mo) {
-			wpa_printf(MSG_INFO, "No noMOUpdate element");
-			goto out;
-		}
-		wpa_printf(MSG_INFO, "Subscription remediation completed (no MO update)");
-		goto out;
-	}
-
-	if (use == SPP_POLICY_UPDATE &&
-	    strcasecmp(status, "Update complete, request sppUpdateResponse") ==
-	    0) {
-		int res, ret;
-		wpa_printf(MSG_INFO, "Policy update received - update PPS");
-		res = update_pps(ctx, update, pps_fname, pps);
-		ret = hs20_spp_update_response(
-			ctx, session_id,
-			res < 0 ? "Error occurred" : "OK",
-			res < 0 ? "MO addition or update failed" : NULL);
-		if (res == 0 && ret == 0)
-			hs20_policy_update_complete(ctx, pps_fname);
-		goto out;
-	}
-
-	if (use == SPP_SUBSCRIPTION_REGISTRATION &&
-	    strcasecmp(status, "Provisioning complete, request "
-		       "sppUpdateResponse")  == 0) {
-		if (!add_mo) {
-			wpa_printf(MSG_INFO, "No addMO element - not sure what to do next");
-			goto out;
-		}
-		process_spp_user_input_response(ctx, session_id, add_mo);
-		node = NULL;
-		goto out;
-	}
-
-	if (strcasecmp(status, "No update available at this time") == 0) {
-		wpa_printf(MSG_INFO, "No update available at this time");
-		goto out;
-	}
-
-	if (strcasecmp(status, "OK") == 0) {
-		int res;
-		xml_node_t *ret;
-
-		if (!exec) {
-			wpa_printf(MSG_INFO, "No exec element - not sure what to do next");
-			goto out;
-		}
-		res = hs20_spp_exec(ctx, exec, session_id,
-				    pps_fname, pps, &ret);
-		/* xml_node_free(ctx->xml, node); */
-		node = NULL;
-		if (res == 0 && ret)
-			process_spp_post_dev_data_response(ctx, use,
-							   ret, pps_fname, pps);
-		goto out;
-	}
-
-	if (strcasecmp(status, "Error occurred") == 0) {
-		xml_node_t *err;
-		char *code = NULL;
-		err = get_node(ctx->xml, node, "sppError");
-		if (err)
-			code = xml_node_get_attr_value(ctx->xml, err,
-						       "errorCode");
-		wpa_printf(MSG_INFO, "Error occurred - errorCode=%s",
-			   code ? code : "N/A");
-		xml_node_get_attr_value_free(ctx->xml, code);
-		goto out;
-	}
-
-	wpa_printf(MSG_INFO,
-		   "[hs20] Unsupported sppPostDevDataResponse sppStatus '%s'",
-		   status);
-out:
-	xml_node_get_attr_value_free(ctx->xml, status);
-	xml_node_get_attr_value_free(ctx->xml, session_id);
-	xml_node_free(ctx->xml, node);
-}
-
-
-static int spp_post_dev_data(struct hs20_osu_client *ctx,
-			     enum spp_post_dev_data_use use,
-			     const char *reason,
-			     const char *pps_fname, xml_node_t *pps)
-{
-	xml_node_t *payload;
-	xml_node_t *ret_node;
-
-	payload = build_spp_post_dev_data(ctx, NULL, NULL, reason);
-	if (payload == NULL)
-		return -1;
-
-	ret_node = soap_send_receive(ctx->http, payload);
-	if (!ret_node) {
-		const char *err = http_get_err(ctx->http);
-		if (err) {
-			wpa_printf(MSG_INFO, "HTTP error: %s", err);
-			write_result(ctx, "HTTP error: %s", err);
-		} else {
-			write_summary(ctx, "Failed to send SOAP message");
-		}
-		return -1;
-	}
-
-	if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
-		wpa_printf(MSG_INFO, "SPP validation failed");
-		xml_node_free(ctx->xml, ret_node);
-		return -1;
-	}
-
-	process_spp_post_dev_data_response(ctx, use, ret_node,
-					   pps_fname, pps);
-	return 0;
-}
-
-
-void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
-		 const char *pps_fname,
-		 const char *client_cert, const char *client_key,
-		 const char *cred_username, const char *cred_password,
-		 xml_node_t *pps)
-{
-	wpa_printf(MSG_INFO, "SPP subscription remediation");
-	write_summary(ctx, "SPP subscription remediation");
-
-	os_free(ctx->server_url);
-	ctx->server_url = os_strdup(address);
-
-	if (soap_init_client(ctx->http, address, ctx->ca_fname,
-			     cred_username, cred_password, client_cert,
-			     client_key) == 0) {
-		spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REMEDIATION,
-				  "Subscription remediation", pps_fname, pps);
-	}
-}
-
-
-static void hs20_policy_update_complete(struct hs20_osu_client *ctx,
-					const char *pps_fname)
-{
-	wpa_printf(MSG_INFO, "Policy update completed");
-
-	/*
-	 * Update wpa_supplicant credentials and reconnect using updated
-	 * information.
-	 */
-	wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
-	cmd_set_pps(ctx, pps_fname);
-
-	wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
-	if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0)
-		wpa_printf(MSG_ERROR, "Failed to request wpa_supplicant to reconnect");
-}
-
-
-static int process_spp_exchange_complete(struct hs20_osu_client *ctx,
-					 xml_node_t *node)
-{
-	char *status, *session_id;
-
-	debug_dump_node(ctx, "sppExchangeComplete", node);
-
-	status = get_spp_attr_value(ctx->xml, node, "sppStatus");
-	if (status == NULL) {
-		wpa_printf(MSG_INFO, "No sppStatus attribute");
-		return -1;
-	}
-	write_summary(ctx, "Received sppExchangeComplete sppStatus='%s'",
-		      status);
-
-	session_id = get_spp_attr_value(ctx->xml, node, "sessionID");
-	if (session_id == NULL) {
-		wpa_printf(MSG_INFO, "No sessionID attribute");
-		xml_node_get_attr_value_free(ctx->xml, status);
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "[hs20] sppStatus: '%s'  sessionID: '%s'",
-		   status, session_id);
-	xml_node_get_attr_value_free(ctx->xml, session_id);
-
-	if (strcasecmp(status, "Exchange complete, release TLS connection") ==
-	    0) {
-		xml_node_get_attr_value_free(ctx->xml, status);
-		return 0;
-	}
-
-	wpa_printf(MSG_INFO, "Unexpected sppStatus '%s'", status);
-	write_summary(ctx, "Unexpected sppStatus '%s'", status);
-	xml_node_get_attr_value_free(ctx->xml, status);
-	return -1;
-}
-
-
-static xml_node_t * build_spp_update_response(struct hs20_osu_client *ctx,
-					      const char *session_id,
-					      const char *spp_status,
-					      const char *error_code)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *node;
-
-	spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns,
-					"sppUpdateResponse");
-	if (spp_node == NULL)
-		return NULL;
-
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0");
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID", session_id);
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppStatus", spp_status);
-
-	if (error_code) {
-		node = xml_node_create(ctx->xml, spp_node, ns, "sppError");
-		if (node)
-			xml_node_add_attr(ctx->xml, node, NULL, "errorCode",
-					  error_code);
-	}
-
-	return spp_node;
-}
-
-
-static int hs20_spp_update_response(struct hs20_osu_client *ctx,
-				    const char *session_id,
-				    const char *spp_status,
-				    const char *error_code)
-{
-	xml_node_t *node, *ret_node;
-	int ret;
-
-	write_summary(ctx, "Building sppUpdateResponse sppStatus='%s' error_code='%s'",
-		      spp_status, error_code);
-	node = build_spp_update_response(ctx, session_id, spp_status,
-					 error_code);
-	if (node == NULL)
-		return -1;
-	ret_node = soap_send_receive(ctx->http, node);
-	if (!ret_node) {
-		if (soap_reinit_client(ctx->http) < 0)
-			return -1;
-		wpa_printf(MSG_INFO, "Try to finish with re-opened connection");
-		node = build_spp_update_response(ctx, session_id, spp_status,
-						 error_code);
-		if (node == NULL)
-			return -1;
-		ret_node = soap_send_receive(ctx->http, node);
-		if (ret_node == NULL)
-			return -1;
-		wpa_printf(MSG_INFO, "Continue with new connection");
-	}
-
-	if (hs20_spp_validate(ctx, ret_node, "sppExchangeComplete") < 0) {
-		wpa_printf(MSG_INFO, "SPP validation failed");
-		xml_node_free(ctx->xml, ret_node);
-		return -1;
-	}
-
-	ret = process_spp_exchange_complete(ctx, ret_node);
-	xml_node_free(ctx->xml, ret_node);
-	return ret;
-}
-
-
-void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
-		 const char *pps_fname,
-		 const char *client_cert, const char *client_key,
-		 const char *cred_username, const char *cred_password,
-		 xml_node_t *pps)
-{
-	wpa_printf(MSG_INFO, "SPP policy update");
-	write_summary(ctx, "SPP policy update");
-
-	os_free(ctx->server_url);
-	ctx->server_url = os_strdup(address);
-
-	if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username,
-			     cred_password, client_cert, client_key) == 0) {
-		spp_post_dev_data(ctx, SPP_POLICY_UPDATE, "Policy update",
-				  pps_fname, pps);
-	}
-}
-
-
-int cmd_prov(struct hs20_osu_client *ctx, const char *url)
-{
-	unlink("Cert/est_cert.der");
-	unlink("Cert/est_cert.pem");
-
-	if (url == NULL) {
-		wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO,
-		   "Credential provisioning requested - URL: %s ca_fname: %s",
-		   url, ctx->ca_fname ? ctx->ca_fname : "N/A");
-
-	os_free(ctx->server_url);
-	ctx->server_url = os_strdup(url);
-
-	if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
-			     NULL) < 0)
-		return -1;
-	spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
-			  "Subscription registration", NULL, NULL);
-
-	return ctx->pps_cred_set ? 0 : -1;
-}
-
-
-int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url)
-{
-	if (url == NULL) {
-		wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "SIM provisioning requested");
-
-	os_free(ctx->server_url);
-	ctx->server_url = os_strdup(url);
-
-	wpa_printf(MSG_INFO, "Wait for IP address before starting SIM provisioning");
-
-	if (wait_ip_addr(ctx->ifname, 15) < 0) {
-		wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
-	}
-
-	if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
-			     NULL) < 0)
-		return -1;
-	spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
-			  "Subscription provisioning", NULL, NULL);
-
-	return ctx->pps_cred_set ? 0 : -1;
-}
diff --git a/hs20/server/.gitignore b/hs20/server/.gitignore
deleted file mode 100644
index fecb096c128a..000000000000
--- a/hs20/server/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-hs20_spp_server
diff --git a/hs20/server/Makefile b/hs20/server/Makefile
deleted file mode 100644
index 0cab6d6b010a..000000000000
--- a/hs20/server/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
-ALL=hs20_spp_server
-
-include ../../src/build.rules
-
-CFLAGS += -I../../src
-CFLAGS += -I../../src/utils
-CFLAGS += -I../../src/crypto
-
-LIBS += -lsqlite3
-
-# Using glibc < 2.17 requires -lrt for clock_gettime()
-LIBS += -lrt
-
-ifndef CONFIG_NO_GITVER
-# Add VERSION_STR postfix for builds from a git repository
-ifeq ($(wildcard ../../.git),../../.git)
-GITVER := $(shell git describe --dirty=+)
-ifneq ($(GITVER),)
-CFLAGS += -DGIT_VERSION_STR_POSTFIX=\"-$(GITVER)\"
-endif
-endif
-endif
-
-OBJS=spp_server.o
-OBJS += hs20_spp_server.o
-OBJS += ../../src/utils/xml-utils.o
-OBJS += ../../src/utils/base64.o
-OBJS += ../../src/utils/common.o
-OBJS += ../../src/utils/os_unix.o
-OBJS += ../../src/utils/wpa_debug.o
-OBJS += ../../src/crypto/md5-internal.o
-CFLAGS += $(shell xml2-config --cflags)
-LIBS += $(shell xml2-config --libs)
-OBJS += ../../src/utils/xml_libxml2.o
-
-_OBJS_VAR := OBJS
-include ../../src/objs.mk
-hs20_spp_server: $(OBJS)
-	$(LDO) $(LDFLAGS) -o hs20_spp_server $(OBJS) $(LIBS)
-
-clean: common-clean
-	rm -f core *~
diff --git a/hs20/server/ca/clean.sh b/hs20/server/ca/clean.sh
deleted file mode 100755
index c72dcbda45e9..000000000000
--- a/hs20/server/ca/clean.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-for i in server-client server server-revoked user ocsp; do
-    rm -f $i.csr $i.key $i.pem
-done
-
-rm -f openssl.cnf.tmp
-if [ -d demoCA ]; then
-    rm -r demoCA
-fi
-rm -f ca.pem logo.asn1 logo.der server.der ocsp-server-cache.der
-rm -f my-openssl.cnf my-openssl-root.cnf
-#rm -r rootCA
diff --git a/hs20/server/ca/est-csrattrs.cnf b/hs20/server/ca/est-csrattrs.cnf
deleted file mode 100644
index b50ea00d0b77..000000000000
--- a/hs20/server/ca/est-csrattrs.cnf
+++ /dev/null
@@ -1,17 +0,0 @@
-asn1 = SEQUENCE:attrs
-
-[attrs]
-#oid1 = OID:challengePassword
-attr1 = SEQUENCE:extreq
-oid2 = OID:sha256WithRSAEncryption
-
-[extreq]
-oid = OID:extensionRequest
-vals = SET:extreqvals
-
-[extreqvals]
-
-oid1 = OID:macAddress
-#oid2 = OID:imei
-#oid3 = OID:meid
-#oid4 = OID:DevId
diff --git a/hs20/server/ca/est-csrattrs.sh b/hs20/server/ca/est-csrattrs.sh
deleted file mode 100755
index 0b73a0408284..000000000000
--- a/hs20/server/ca/est-csrattrs.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-openssl asn1parse -genconf est-csrattrs.cnf -out est-csrattrs.der -oid hs20.oid
-base64 est-csrattrs.der > est-attrs.b64
diff --git a/hs20/server/ca/hs20.oid b/hs20/server/ca/hs20.oid
deleted file mode 100644
index a829ff29bf44..000000000000
--- a/hs20/server/ca/hs20.oid
+++ /dev/null
@@ -1,7 +0,0 @@
-1.3.6.1.1.1.1.22 macAddress
-1.2.840.113549.1.9.14 extensionRequest
-1.3.6.1.4.1.40808.1.1.1 id-wfa-hotspot-friendlyName
-1.3.6.1.4.1.40808.1.1.2 id-kp-HS2.0Auth
-1.3.6.1.4.1.40808.1.1.3 imei
-1.3.6.1.4.1.40808.1.1.4 meid
-1.3.6.1.4.1.40808.1.1.5 DevId
diff --git a/hs20/server/ca/ocsp-req.sh b/hs20/server/ca/ocsp-req.sh
deleted file mode 100755
index 931a20696d02..000000000000
--- a/hs20/server/ca/ocsp-req.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-for i in *.pem; do
-    echo "===[ $i ]==================="
-    openssl ocsp -text -CAfile ca.pem -verify_other demoCA/cacert.pem -trust_other -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
-
-#    openssl ocsp -text -CAfile rootCA/cacert.pem -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
-
-#    openssl ocsp -text -CAfile rootCA/cacert.pem -verify_other demoCA/cacert.pem -trust_other -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
-#    openssl ocsp -text -CAfile rootCA/cacert.pem -VAfile ca.pem -trust_other -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
-done
diff --git a/hs20/server/ca/ocsp-responder-ica.sh b/hs20/server/ca/ocsp-responder-ica.sh
deleted file mode 100755
index 116c6e1c3d01..000000000000
--- a/hs20/server/ca/ocsp-responder-ica.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner demoCA/cacert.pem -rkey demoCA/private/cakey-plain.pem -CA demoCA/cacert.pem -resp_no_certs -text
diff --git a/hs20/server/ca/ocsp-responder.sh b/hs20/server/ca/ocsp-responder.sh
deleted file mode 100755
index 620947d01af0..000000000000
--- a/hs20/server/ca/ocsp-responder.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err
diff --git a/hs20/server/ca/ocsp-update-cache.sh b/hs20/server/ca/ocsp-update-cache.sh
deleted file mode 100755
index f2b23250cadd..000000000000
--- a/hs20/server/ca/ocsp-update-cache.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-# NOTE: You may need to replace 'localhost' with your OCSP server hostname.
-openssl ocsp \
-	-no_nonce \
-	-CAfile ca.pem \
-	-verify_other demoCA/cacert.pem \
-	-issuer demoCA/cacert.pem \
-	-cert server.pem \
-	-url http://localhost:8888/ \
-	-respout ocsp-server-cache.der
diff --git a/hs20/server/ca/openssl-root.cnf b/hs20/server/ca/openssl-root.cnf
deleted file mode 100644
index 5bc50be1dbc9..000000000000
--- a/hs20/server/ca/openssl-root.cnf
+++ /dev/null
@@ -1,125 +0,0 @@
-# OpenSSL configuration file for Hotspot 2.0 PKI (Root CA)
-
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-oid_section		= new_oids
-
-[ new_oids ]
-
-#logotypeoid=1.3.6.1.5.5.7.1.12
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./rootCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several certificates with same subject
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= usr_cert		# The extentions to add to the cert
-
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= default		# use public key default MD
-preserve	= no			# keep passed DN ordering
-
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= optional
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-
-input_password = @PASSWORD@
-output_password = @PASSWORD@
-
-string_mask = utf8only
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= US
-countryName_min			= 2
-countryName_max			= 2
-
-localityName			= Locality Name (eg, city)
-localityName_default		= Tuusula
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= WFA Hotspot 2.0
-
-##organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-#@OU@
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-#@CN@
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-[ req_attributes ]
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName=DNS:example.com,DNS:another.example.com
-
-[ v3_ca ]
-
-# Hotspot 2.0 PKI requirements
-subjectKeyIdentifier=hash
-basicConstraints = critical,CA:true
-keyUsage = critical, cRLSign, keyCertSign
-
-[ crl_ext ]
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ v3_OCSP ]
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = OCSPSigning
diff --git a/hs20/server/ca/openssl.cnf b/hs20/server/ca/openssl.cnf
deleted file mode 100644
index 61410138340f..000000000000
--- a/hs20/server/ca/openssl.cnf
+++ /dev/null
@@ -1,200 +0,0 @@
-# OpenSSL configuration file for Hotspot 2.0 PKI (Intermediate CA)
-
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-oid_section		= new_oids
-
-[ new_oids ]
-
-#logotypeoid=1.3.6.1.5.5.7.1.12
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several certificates with same subject
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= ext_client		# The extentions to add to the cert
-
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-copy_extensions = copy
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= default		# use public key default MD
-preserve	= no			# keep passed DN ordering
-
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= supplied
-stateOrProvinceName	= optional
-organizationName	= supplied
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-[ policy_osu_server ]
-countryName		= match
-stateOrProvinceName	= optional
-organizationName	= match
-organizationalUnitName	= supplied
-commonName		= supplied
-emailAddress		= optional
-
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-
-input_password = @PASSWORD@
-output_password = @PASSWORD@
-
-string_mask = utf8only
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= FI
-countryName_min			= 2
-countryName_max			= 2
-
-localityName			= Locality Name (eg, city)
-localityName_default		= Tuusula
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= @DOMAIN@
-
-##organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-#@OU@
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-#@CN@
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-[ req_attributes ]
-
-[ v3_ca ]
-
-# Hotspot 2.0 PKI requirements
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, cRLSign, keyCertSign
-authorityInfoAccess = OCSP;URI:@OCSP_URI@
-# For SP intermediate CA
-#subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
-#nameConstraints=permitted;DNS:.@DOMAIN@
-#1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
-
-[ v3_osu_server ]
-
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, keyEncipherment
-#@ALTNAME@
-
-#logotypeoid=ASN1:SEQUENCE:LogotypeExtn
-1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
-[LogotypeExtn]
-communityLogos=EXP:0,SEQUENCE:LogotypeInfo
-[LogotypeInfo]
-# note: implicit tag converted to explicit for CHOICE
-direct=EXP:0,SEQUENCE:LogotypeData
-[LogotypeData]
-image=SEQUENCE:LogotypeImage
-[LogotypeImage]
-imageDetails=SEQUENCE:LogotypeDetails
-imageInfo=SEQUENCE:LogotypeImageInfo
-[LogotypeDetails]
-mediaType=IA5STRING:image/png
-logotypeHash=SEQUENCE:HashAlgAndValues
-logotypeURI=SEQUENCE:URI
-[HashAlgAndValues]
-value1=SEQUENCE:HashAlgAndValueSHA256
-#value2=SEQUENCE:HashAlgAndValueSHA1
-[HashAlgAndValueSHA256]
-hashAlg=SEQUENCE:sha256_alg
-hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH256@
-[HashAlgAndValueSHA1]
-hashAlg=SEQUENCE:sha1_alg
-hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH1@
-[sha256_alg]
-algorithm=OID:sha256
-[sha1_alg]
-algorithm=OID:sha1
-[URI]
-uri=IA5STRING:@LOGO_URI@
-[LogotypeImageInfo]
-# default value color(1), component optional
-#type=IMP:0,INTEGER:1
-fileSize=INTEGER:7549
-xSize=INTEGER:128
-ySize=INTEGER:80
-language=IMP:4,IA5STRING:zxx
-
-[ crl_ext ]
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ v3_OCSP ]
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = OCSPSigning
-
-[ ext_client ]
-
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-authorityInfoAccess = OCSP;URI:@OCSP_URI@
-#@ALTNAME@
-extendedKeyUsage = clientAuth
-
-[ ext_server ]
-
-# Hotspot 2.0 PKI requirements
-basicConstraints=critical, CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-authorityInfoAccess = OCSP;URI:@OCSP_URI@
-#@ALTNAME@
-extendedKeyUsage = critical, serverAuth
-keyUsage = critical, keyEncipherment
diff --git a/hs20/server/ca/setup.sh b/hs20/server/ca/setup.sh
deleted file mode 100755
index 78abcccff455..000000000000
--- a/hs20/server/ca/setup.sh
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/bin/sh
-
-if [ -z "$OPENSSL" ]; then
-    OPENSSL=openssl
-fi
-export OPENSSL_CONF=$PWD/openssl.cnf
-PASS=whatever
-if [ -z "$DOMAIN" ]; then
-    DOMAIN=w1.fi
-fi
-COMPANY=w1.fi
-OPER_ENG="engw1.fi TESTING USE"
-OPER_FI="finw1.fi TESTIKÄYTTÖ"
-CNR="Hotspot 2.0 Trust Root CA - 99"
-CNO="ocsp.$DOMAIN"
-CNV="osu-revoked.$DOMAIN"
-CNOC="osu-client.$DOMAIN"
-OSU_SERVER_HOSTNAME="osu.$DOMAIN"
-DEBUG=0
-OCSP_URI="http://$CNO:8888/"
-LOGO_URI="http://osu.w1.fi/w1fi_logo.png"
-LOGO_HASH256="4532f7ec36424381617c03c6ce87b55a51d6e7177ffafda243cebf280a68954d"
-LOGO_HASH1="5e1d5085676eede6b02da14d31c523ec20ffba0b"
-
-# Command line overrides
-USAGE=$( cat <<EOF
-Usage:\n
-# -c:  Company name, used to generate Subject name CN for Intermediate CA\n
-# -C:  Subject name CN of the Root CA ($CNR)\n
-# -D:  Enable debugging (set -x, etc)\n
-# -g:  Logo sha1 hash ($LOGO_HASH1)\n
-# -G:  Logo sha256 hash ($LOGO_HASH256)\n
-# -h:  Show this help message\n
-# -l:  Logo URI ($LOGO_URI)\n
-# -m:  Domain ($DOMAIN)\n
-# -o:  Subject name CN for OSU-Client Server ($CNOC)\n
-# -O:  Subject name CN for OCSP Server ($CNO)\n
-# -p:  passphrase for private keys ($PASS)\n
-# -r:  Operator-english ($OPER_ENG)\n
-# -R:  Operator-finish ($OPER_FI)\n
-# -S:  OSU Server name ($OSU_SERVER_HOSTNAME)\n
-# -u:  OCSP-URI ($OCSP_URI)\n
-# -V:  Subject name CN for OSU-Revoked Server ($CNV)\n
-EOF
-)
-
-while getopts "c:C:Dg:G:l:m:o:O:p:r:R:S:u:V:h" flag
-  do
-  case $flag in
-      c) COMPANY=$OPTARG;;
-      C) CNR=$OPTARG;;
-      D) DEBUG=1;;
-      g) LOGO_HASH1=$OPTARG;;
-      G) LOGO_HASH256=$OPTARG;;
-      h) echo -e $USAGE; exit 0;;
-      l) LOGO_URI=$OPTARG;;
-      m) DOMAIN=$OPTARG;;
-      o) CNOC=$OPTARG;;
-      O) CNO=$OPTARG;;
-      p) PASS=$OPTARG;;
-      r) OPER_ENG=$OPTARG;;
-      R) OPER_FI=$OPTARG;;
-      S) OSU_SERVER_HOSTNAME=$OPTARG;;
-      u) OCSP_URI=$OPTARG;;
-      V) CNV=$OPTARG;;
-      *) echo "Unknown flag: $flag"; echo -e $USAGE; exit 1;;
-  esac
-done
-
-fail()
-{
-    echo "$*"
-    exit 1
-}
-
-echo
-echo "---[ Root CA ]----------------------------------------------------------"
-echo
-
-if [ $DEBUG = 1 ]
-then
-    set -x
-fi
-
-# Set the passphrase and some other common config accordingly.
-cat openssl-root.cnf | sed "s/@PASSWORD@/$PASS/" \
- > my-openssl-root.cnf
-
-cat openssl.cnf | sed "s/@PASSWORD@/$PASS/" |
-sed "s,@OCSP_URI@,$OCSP_URI," |
-sed "s,@LOGO_URI@,$LOGO_URI," |
-sed "s,@LOGO_HASH1@,$LOGO_HASH1," |
-sed "s,@LOGO_HASH256@,$LOGO_HASH256," |
-sed "s/@DOMAIN@/$DOMAIN/" \
- > my-openssl.cnf
-
-
-cat my-openssl-root.cnf | sed "s/#@CN@/commonName_default = $CNR/" > openssl.cnf.tmp
-mkdir -p rootCA/certs rootCA/crl rootCA/newcerts rootCA/private
-touch rootCA/index.txt
-if [ -e rootCA/private/cakey.pem ]; then
-    echo " * Use existing Root CA"
-else
-    echo " * Generate Root CA private key"
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:4096 -keyout rootCA/private/cakey.pem -out rootCA/careq.pem || fail "Failed to generate Root CA private key"
-    echo " * Sign Root CA certificate"
-    $OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out rootCA/cacert.pem -days 10957 -batch -keyfile rootCA/private/cakey.pem -passin pass:$PASS -selfsign -extensions v3_ca -outdir rootCA/newcerts -infiles rootCA/careq.pem || fail "Failed to sign Root CA certificate"
-    $OPENSSL x509 -in rootCA/cacert.pem -out rootCA/cacert.der -outform DER || fail "Failed to create rootCA DER"
-    sha256sum rootCA/cacert.der > rootCA/cacert.fingerprint || fail "Failed to create rootCA fingerprint"
-fi
-if [ ! -e rootCA/crlnumber ]; then
-    echo 00 > rootCA/crlnumber
-fi
-
-echo
-echo "---[ Intermediate CA ]--------------------------------------------------"
-echo
-
-cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $COMPANY Hotspot 2.0 Intermediate CA/" > openssl.cnf.tmp
-mkdir -p demoCA/certs demoCA/crl demoCA/newcerts demoCA/private
-touch demoCA/index.txt
-if [ -e demoCA/private/cakey.pem ]; then
-    echo " * Use existing Intermediate CA"
-else
-    echo " * Generate Intermediate CA private key"
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out demoCA/careq.pem || fail "Failed to generate Intermediate CA private key"
-    echo " * Sign Intermediate CA certificate"
-    $OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out demoCA/cacert.pem -days 3652 -batch -keyfile rootCA/private/cakey.pem -cert rootCA/cacert.pem -passin pass:$PASS -extensions v3_ca -infiles demoCA/careq.pem || fail "Failed to sign Intermediate CA certificate"
-    # horrible from security view point, but for testing purposes since OCSP responder does not seem to support -passin
-    openssl rsa -in demoCA/private/cakey.pem -out demoCA/private/cakey-plain.pem -passin pass:$PASS
-    $OPENSSL x509 -in demoCA/cacert.pem -out demoCA/cacert.der -outform DER || fail "Failed to create demoCA DER."
-    sha256sum demoCA/cacert.der > demoCA/cacert.fingerprint || fail "Failed to create demoCA fingerprint"
-fi
-if [ ! -e demoCA/crlnumber ]; then
-    echo 00 > demoCA/crlnumber
-fi
-
-echo
-echo "OCSP responder"
-echo
-
-cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNO/" > openssl.cnf.tmp
-$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out ocsp.csr -keyout ocsp.key -extensions v3_OCSP
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -keyfile demoCA/private/cakey.pem -passin pass:$PASS -in ocsp.csr -out ocsp.pem -days 730 -extensions v3_OCSP || fail "Could not generate ocsp.pem"
-
-echo
-echo "---[ Server - to be revoked ] ------------------------------------------"
-echo
-
-cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNV/" > openssl.cnf.tmp
-$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out server-revoked.csr -keyout server-revoked.key
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-revoked.csr -out server-revoked.pem -key $PASS -days 730 -extensions ext_server
-$OPENSSL ca -revoke server-revoked.pem -key $PASS
-
-echo
-echo "---[ Server - with client ext key use ] ---------------------------------"
-echo "---[ Only used for negative-testing for OSU-client implementation ] -----"
-echo
-
-cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNOC/" > openssl.cnf.tmp
-$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out server-client.csr -keyout server-client.key || fail "Could not create server-client.key"
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-client.csr -out server-client.pem -key $PASS -days 730 -extensions ext_client || fail "Could not create server-client.pem"
-
-echo
-echo "---[ User ]-------------------------------------------------------------"
-echo
-
-cat my-openssl.cnf | sed "s/#@CN@/commonName_default = User/" > openssl.cnf.tmp
-$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out user.csr -keyout user.key || fail "Could not create user.key"
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in user.csr -out user.pem -key $PASS -days 730 -extensions ext_client || fail "Could not create user.pem"
-
-echo
-echo "---[ Server ]-----------------------------------------------------------"
-echo
-
-ALT="DNS:$OSU_SERVER_HOSTNAME"
-ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_ENG"
-ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_FI"
-
-cat my-openssl.cnf |
-	sed "s/#@CN@/commonName_default = $OSU_SERVER_HOSTNAME/" |
-	sed "s/^##organizationalUnitName/organizationalUnitName/" |
-	sed "s/#@OU@/organizationalUnitName_default = Hotspot 2.0 Online Sign Up Server/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,$ALT/" \
-	> openssl.cnf.tmp
-echo $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -reqexts v3_osu_server
-$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -reqexts v3_osu_server || fail "Failed to generate server request"
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server.csr -out server.pem -key $PASS -days 730 -extensions ext_server -policy policy_osu_server || fail "Failed to sign server certificate"
-
-#dump logotype details for debugging
-$OPENSSL x509 -in server.pem -out server.der -outform DER
-openssl asn1parse -in server.der -inform DER | grep HEX | tail -1 | sed 's/.*://' | xxd -r -p > logo.der
-openssl asn1parse -in logo.der -inform DER > logo.asn1
-
-
-echo
-echo "---[ CRL ]---------------------------------------------------------------"
-echo
-
-$OPENSSL ca -config $PWD/my-openssl.cnf -gencrl -md sha256 -out demoCA/crl/crl.pem -passin pass:$PASS
-
-echo
-echo "---[ Verify ]------------------------------------------------------------"
-echo
-
-$OPENSSL verify -CAfile rootCA/cacert.pem demoCA/cacert.pem
-$OPENSSL verify -CAfile rootCA/cacert.pem -untrusted demoCA/cacert.pem *.pem
-
-cat rootCA/cacert.pem demoCA/cacert.pem > ca.pem
diff --git a/hs20/server/ca/w1fi_logo.png b/hs20/server/ca/w1fi_logo.png
deleted file mode 100644
index ac7c259fff2e..000000000000
--- a/hs20/server/ca/w1fi_logo.png
+++ /dev/null
diff --git a/hs20/server/hs20-osu-server.txt b/hs20/server/hs20-osu-server.txt
deleted file mode 100644
index 22478ad9d2cb..000000000000
--- a/hs20/server/hs20-osu-server.txt
+++ /dev/null
@@ -1,262 +0,0 @@
-Hotspot 2.0 OSU server
-======================
-
-The information in this document is based on the assumption that Ubuntu
-16.04 server (64-bit) distribution is used and the web server is
-Apache2. Neither of these are requirements for the installation, but if
-other combinations are used, the package names and configuration
-parameters may need to be adjusted.
-
-NOTE: This implementation and the example configuration here is meant
-only for testing purposes in a lab environment. This design is not
-secure to be installed in a publicly available Internet server without
-considerable amount of modification and review for security issues.
-
-
-Build dependencies
-------------------
-
-Ubuntu 16.04 server
-- default installation
-- upgraded to latest package versions
-  sudo apt-get update
-  sudo apt-get upgrade
-
-Packages needed for running the service:
-  sudo apt-get install sqlite3
-  sudo apt-get install apache2
-  sudo apt-get install php-sqlite3 php-xml libapache2-mod-php
-
-Additional packages needed for building the components:
-  sudo apt-get install build-essential
-  sudo apt-get install libsqlite3-dev
-  sudo apt-get install libssl-dev
-  sudo apt-get install libxml2-dev
-
-
-Installation location
----------------------
-
-Select a location for the installation root directory. The example here
-assumes /home/user/hs20-server to be used, but this can be changed by
-editing couple of files as indicated below.
-
-sudo mkdir -p /home/user/hs20-server
-sudo chown $USER /home/user/hs20-server
-mkdir -p /home/user/hs20-server/spp
-mkdir -p /home/user/hs20-server/AS
-
-
-Build
------
-
-# hostapd as RADIUS server
-cd hostapd
-
-#example build configuration
-cat > .config <<EOF
-CONFIG_DRIVER_NONE=y
-CONFIG_PKCS12=y
-CONFIG_RADIUS_SERVER=y
-CONFIG_EAP=y
-CONFIG_EAP_TLS=y
-CONFIG_EAP_MSCHAPV2=y
-CONFIG_EAP_PEAP=y
-CONFIG_EAP_GTC=y
-CONFIG_EAP_TTLS=y
-CONFIG_EAP_SIM=y
-CONFIG_EAP_AKA=y
-CONFIG_EAP_AKA_PRIME=y
-CONFIG_SQLITE=y
-CONFIG_HS20=y
-EOF
-
-make hostapd hlr_auc_gw
-cp hostapd hlr_auc_gw /home/user/hs20-server/AS
-
-# build hs20_spp_server
-cd ../hs20/server
-make clean
-make
-cp hs20_spp_server /home/user/hs20-server/spp
-# prepare database (web server user/group needs to have write access)
-mkdir -p /home/user/hs20-server/AS/DB
-sudo chgrp www-data /home/user/hs20-server/AS/DB
-sudo chmod g+w /home/user/hs20-server/AS/DB
-sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql.txt
-sudo chgrp www-data /home/user/hs20-server/AS/DB/eap_user.db
-sudo chmod g+w /home/user/hs20-server/AS/DB/eap_user.db
-# add example configuration (note: need to update URLs to match the system)
-sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql-example.txt
-
-# copy PHP scripts
-# Modify config.php if different installation directory is used.
-# Modify PHP scripts to get the desired behavior for user interaction (or use
-# the examples as-is for initial testing).
-cp -r www /home/user/hs20-server
-
-# Create /home/user/hs20-server/terms-and-conditions file (HTML segment to be
-# inserted within the BODY section of the page).
-cat > /home/user/hs20-server/terms-and-conditions <<EOF
-<P>Terms and conditions..</P>
-EOF
-
-# Build local keys and certs
-cd ca
-# Display help options.
-./setup.sh -h
-
-# Remove old keys, fill in appropriate values, and generate your keys.
-# For instance:
-./clean.sh
-rm -fr rootCA"
-old_hostname=myserver.local
-./setup.sh -C "Hotspot 2.0 Trust Root CA - CT" \
-   -o $old_hostname-osu-client \
-   -O $old_hostname-oscp -p lanforge -S $old_hostname \
-   -V $old_hostname-osu-revoked \
-   -m local -u http://$old_hostname:8888/
-
-# Configure subscription policies
-mkdir -p /home/user/hs20-server/spp/policy
-cat > /home/user/hs20-server/spp/policy/default.xml <<EOF
-<Policy>
-	<PolicyUpdate>
-		<UpdateInterval>30</UpdateInterval>
-		<UpdateMethod>ClientInitiated</UpdateMethod>
-		<Restriction>Unrestricted</Restriction>
-		<URI>https://policy-server.osu.example.com/hs20/spp.php</URI>
-	</PolicyUpdate>
-</Policy>
-EOF
-
-
-# Install Hotspot 2.0 SPP and OMA DM XML schema/DTD files
-
-# XML schema for SPP
-# Copy the latest XML schema into /home/user/hs20-server/spp/spp.xsd
-
-# OMA DM Device Description Framework DTD
-# Copy into /home/user/hs20-server/spp/dm_ddf-v1_2.dtd
-# http://www.openmobilealliance.org/tech/DTD/dm_ddf-v1_2.dtd
-
-
-# Configure RADIUS authentication service
-# Note: Change the URL to match the setup
-# Note: Install AAA server key/certificate and root CA in Key directory
-
-cat > /home/user/hs20-server/AS/as-sql.conf <<EOF
-driver=none
-radius_server_clients=as.radius_clients
-eap_server=1
-eap_user_file=sqlite:DB/eap_user.db
-ca_cert=Key/ca.pem
-server_cert=Key/server.pem
-private_key=Key/server.key
-private_key_passwd=passphrase
-eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=eap_sim.db
-subscr_remediation_url=https://subscription-server.osu.example.com/hs20/spp.php
-EOF
-
-# Set RADIUS passphrase for the APs
-# Note: Modify to match the setup
-cat > /home/user/hs20-server/AS/as.radius_clients <<EOF
-0.0.0.0/0	radius
-EOF
-
-
-Start RADIUS authentication server
-----------------------------------
-
-cd /home/user/hs20-server/AS
-./hostapd -B as-sql.conf
-
-
-OSEN RADIUS server configuration notes
-
-The OSEN RADIUS server config file should have the 'ocsp_stapling_response'
-configuration in it. For example:
-
-# hostapd-radius config for the radius used by the OSEN AP
-interface=eth0#0
-driver=none
-logger_syslog=-1
-logger_syslog_level=2
-logger_stdout=-1
-logger_stdout_level=2
-ctrl_interface=/var/run/hostapd
-ctrl_interface_group=0
-eap_server=1
-eap_user_file=/home/user/hs20-server/AS/hostapd-osen.eap_user
-server_id=ben-ota-2-osen
-radius_server_auth_port=1811
-radius_server_clients=/home/user/hs20-server/AS/hostap.radius_clients
-
-ca_cert=/home/user/hs20-server/ca/ca.pem
-server_cert=/home/user/hs20-server/ca/server.pem
-private_key=/home/user/hs20-server/ca/server.key
-private_key_passwd=whatever
-
-ocsp_stapling_response=/home/user/hs20-server/ca/ocsp-server-cache.der
-
-The /home/user/hs20-server/AS/hostapd-osen.eap_user file should look
-similar to this, and should coorelate with the osu_nai entry in
-the non-OSEN VAP config file.  For instance:
-
-# cat hostapd-osen.eap_user
-# For OSEN authentication (Hotspot 2.0 Release 2)
-"osen@w1.fi"      WFA-UNAUTH-TLS
-
-
-# Run OCSP server:
-cd /home/user/hs20-server/ca
-./ocsp-responder.sh&
-
-# Update cache (This should be run periodically)
-./ocsp-update-cache.sh
-
-
-Configure web server
---------------------
-
-Edit /etc/apache2/sites-available/default-ssl
-
-Add following block just before "SSL Engine Switch" line":
-
-        Alias /hs20/ "/home/user/hs20-server/www/"
-        <Directory "/home/user/hs20-server/www/">
-                Options Indexes MultiViews FollowSymLinks
-                AllowOverride None
-		Require all granted
-		SSLOptions +StdEnvVars
-        </Directory>
-
-Update SSL configuration to use the OSU server certificate/key.
-They keys and certs are called 'server.key' and 'server.pem' from
-ca/setup.sh.
-
-To support subscription remediation using client certificates, set
-"SSLVerifyClient optional" and configure the trust root CA(s) for the
-client certificates with SSLCACertificateFile.
-
-Enable default-ssl site and restart Apache2:
-  sudo a2ensite default-ssl
-  sudo a2enmod ssl
-  sudo service apache2 restart
-
-
-Management UI
--------------
-
-The sample PHP scripts include a management UI for testing
-purposes. That is available at https://<server>/hs20/users.php
-
-
-AP configuration
-----------------
-
-APs can now be configured to use the OSU server as the RADIUS
-authentication server. In addition, the OSU Provider List ANQP element
-should be configured to use the SPP (SOAP+XML) option and with the
-following Server URL:
-https://<server>/hs20/spp.php/signup?realm=example.com
diff --git a/hs20/server/hs20_spp_server.c b/hs20/server/hs20_spp_server.c
deleted file mode 100644
index 347c40a73d6a..000000000000
--- a/hs20/server/hs20_spp_server.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Hotspot 2.0 SPP server - standalone version
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <time.h>
-#include <sqlite3.h>
-
-#include "common.h"
-#include "common/version.h"
-#include "xml-utils.h"
-#include "spp_server.h"
-
-
-static void write_timestamp(FILE *f)
-{
-	time_t t;
-	struct tm *tm;
-
-	time(&t);
-	tm = localtime(&t);
-
-	fprintf(f, "%04u-%02u-%02u %02u:%02u:%02u ",
-		tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
-		tm->tm_hour, tm->tm_min, tm->tm_sec);
-}
-
-
-void debug_print(struct hs20_svc *ctx, int print, const char *fmt, ...)
-{
-	va_list ap;
-
-	if (ctx->debug_log == NULL)
-		return;
-
-	write_timestamp(ctx->debug_log);
-	va_start(ap, fmt);
-	vfprintf(ctx->debug_log, fmt, ap);
-	va_end(ap);
-
-	fprintf(ctx->debug_log, "\n");
-}
-
-
-void debug_dump_node(struct hs20_svc *ctx, const char *title, xml_node_t *node)
-{
-	char *str;
-
-	if (ctx->debug_log == NULL)
-		return;
-	str = xml_node_to_str(ctx->xml, node);
-	if (str == NULL)
-		return;
-
-	write_timestamp(ctx->debug_log);
-	fprintf(ctx->debug_log, "%s: '%s'\n", title, str);
-	os_free(str);
-}
-
-
-static int process(struct hs20_svc *ctx)
-{
-	int dmacc = 0;
-	xml_node_t *soap, *spp, *resp;
-	char *user, *realm, *post, *str;
-
-	ctx->addr = getenv("HS20ADDR");
-	if (ctx->addr)
-		debug_print(ctx, 1, "Connection from %s", ctx->addr);
-	ctx->test = getenv("HS20TEST");
-	if (ctx->test)
-		debug_print(ctx, 1, "Requested test functionality: %s",
-			    ctx->test);
-
-	user = getenv("HS20USER");
-	if (user && strlen(user) == 0)
-		user = NULL;
-	realm = getenv("HS20REALM");
-	if (realm == NULL) {
-		debug_print(ctx, 1, "HS20REALM not set");
-		return -1;
-	}
-	post = getenv("HS20POST");
-	if (post == NULL) {
-		debug_print(ctx, 1, "HS20POST not set");
-		return -1;
-	}
-
-	ctx->imsi = getenv("HS20IMSI");
-	if (ctx->imsi)
-		debug_print(ctx, 1, "IMSI %s", ctx->imsi);
-
-	ctx->eap_method = getenv("HS20EAPMETHOD");
-	if (ctx->eap_method)
-		debug_print(ctx, 1, "EAP method %s", ctx->eap_method);
-
-	ctx->id_hash = getenv("HS20IDHASH");
-	if (ctx->id_hash)
-		debug_print(ctx, 1, "ID-HASH %s", ctx->id_hash);
-
-	soap = xml_node_from_buf(ctx->xml, post);
-	if (soap == NULL) {
-		debug_print(ctx, 1, "Could not parse SOAP data");
-		return -1;
-	}
-	debug_dump_node(ctx, "Received SOAP message", soap);
-	spp = soap_get_body(ctx->xml, soap);
-	if (spp == NULL) {
-		debug_print(ctx, 1, "Could not get SPP message");
-		xml_node_free(ctx->xml, soap);
-		return -1;
-	}
-	debug_dump_node(ctx, "Received SPP message", spp);
-
-	resp = hs20_spp_server_process(ctx, spp, user, realm, dmacc);
-	xml_node_free(ctx->xml, soap);
-	if (resp == NULL && user == NULL) {
-		debug_print(ctx, 1, "Request HTTP authentication");
-		return 2; /* Request authentication */
-	}
-	if (resp == NULL) {
-		debug_print(ctx, 1, "No response");
-		return -1;
-	}
-
-	soap = soap_build_envelope(ctx->xml, resp);
-	if (soap == NULL) {
-		debug_print(ctx, 1, "SOAP envelope building failed");
-		return -1;
-	}
-	str = xml_node_to_str(ctx->xml, soap);
-	xml_node_free(ctx->xml, soap);
-	if (str == NULL) {
-		debug_print(ctx, 1, "Could not get node string");
-		return -1;
-	}
-	printf("%s", str);
-	free(str);
-
-	return 0;
-}
-
-
-static void usage(void)
-{
-	printf("usage:\n"
-	       "hs20_spp_server -r<root directory> [-f<debug log>]\n");
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct hs20_svc ctx;
-	int ret;
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	for (;;) {
-		int c = getopt(argc, argv, "f:r:v");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'f':
-			if (ctx.debug_log)
-				break;
-			ctx.debug_log = fopen(optarg, "a");
-			if (ctx.debug_log == NULL) {
-				printf("Could not write to %s\n", optarg);
-				return -1;
-			}
-			break;
-		case 'r':
-			ctx.root_dir = optarg;
-			break;
-		case 'v':
-			printf("hs20_spp_server v%s\n", VERSION_STR);
-			return 0;
-		default:
-			usage();
-			return -1;
-		}
-	}
-	if (ctx.root_dir == NULL) {
-		usage();
-		return -1;
-	}
-	ctx.xml = xml_node_init_ctx(&ctx, NULL);
-	if (ctx.xml == NULL)
-		return -1;
-	if (hs20_spp_server_init(&ctx) < 0) {
-		xml_node_deinit_ctx(ctx.xml);
-		return -1;
-	}
-
-	ret = process(&ctx);
-	debug_print(&ctx, 1, "process() --> %d", ret);
-
-	xml_node_deinit_ctx(ctx.xml);
-	hs20_spp_server_deinit(&ctx);
-	if (ctx.debug_log)
-		fclose(ctx.debug_log);
-
-	return ret;
-}
diff --git a/hs20/server/spp_server.c b/hs20/server/spp_server.c
deleted file mode 100644
index a50e9074f7b4..000000000000
--- a/hs20/server/spp_server.c
+++ /dev/null
@@ -1,2933 +0,0 @@
-/*
- * Hotspot 2.0 SPP server
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <sqlite3.h>
-
-#include "common.h"
-#include "base64.h"
-#include "md5_i.h"
-#include "xml-utils.h"
-#include "spp_server.h"
-
-
-#define SPP_NS_URI "http://www.wi-fi.org/specifications/hotspot2dot0/v1.0/spp"
-
-#define URN_OMA_DM_DEVINFO "urn:oma:mo:oma-dm-devinfo:1.0"
-#define URN_OMA_DM_DEVDETAIL "urn:oma:mo:oma-dm-devdetail:1.0"
-#define URN_OMA_DM_DMACC "urn:oma:mo:oma-dm-dmacc:1.0"
-#define URN_HS20_PPS "urn:wfa:mo:hotspot2dot0-perprovidersubscription:1.0"
-
-
-/* TODO: timeout to expire sessions */
-
-enum hs20_session_operation {
-	NO_OPERATION,
-	UPDATE_PASSWORD,
-	CONTINUE_SUBSCRIPTION_REMEDIATION,
-	CONTINUE_POLICY_UPDATE,
-	USER_REMEDIATION,
-	SUBSCRIPTION_REGISTRATION,
-	POLICY_REMEDIATION,
-	POLICY_UPDATE,
-	FREE_REMEDIATION,
-	CLEAR_REMEDIATION,
-	CERT_REENROLL,
-};
-
-
-static char * db_get_session_val(struct hs20_svc *ctx, const char *user,
-				 const char *realm, const char *session_id,
-				 const char *field);
-static char * db_get_osu_config_val(struct hs20_svc *ctx, const char *realm,
-				    const char *field);
-static xml_node_t * build_policy(struct hs20_svc *ctx, const char *user,
-				 const char *realm, int use_dmacc);
-static xml_node_t * spp_exec_get_certificate(struct hs20_svc *ctx,
-					     const char *session_id,
-					     const char *user,
-					     const char *realm,
-					     int add_est_user);
-
-
-static int db_add_session(struct hs20_svc *ctx,
-			  const char *user, const char *realm,
-			  const char *sessionid, const char *pw,
-			  const char *redirect_uri,
-			  enum hs20_session_operation operation,
-			  const u8 *mac_addr)
-{
-	char *sql;
-	int ret = 0;
-	char addr[20];
-
-	if (mac_addr)
-		snprintf(addr, sizeof(addr), MACSTR, MAC2STR(mac_addr));
-	else
-		addr[0] = '\0';
-	sql = sqlite3_mprintf("INSERT INTO sessions(timestamp,id,user,realm,"
-			      "operation,password,redirect_uri,mac_addr,test) "
-			      "VALUES "
-			      "(strftime('%%Y-%%m-%%d %%H:%%M:%%f','now'),"
-			      "%Q,%Q,%Q,%d,%Q,%Q,%Q,%Q)",
-			      sessionid, user ? user : "", realm ? realm : "",
-			      operation, pw ? pw : "",
-			      redirect_uri ? redirect_uri : "",
-			      addr, ctx->test);
-	if (sql == NULL)
-		return -1;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session entry into sqlite "
-			    "database: %s", sqlite3_errmsg(ctx->db));
-		ret = -1;
-	}
-	sqlite3_free(sql);
-	return ret;
-}
-
-
-static void db_update_session_password(struct hs20_svc *ctx, const char *user,
-				       const char *realm, const char *sessionid,
-				       const char *pw)
-{
-	char *sql;
-
-	sql = sqlite3_mprintf("UPDATE sessions SET password=%Q WHERE id=%Q AND "
-			      "user=%Q AND realm=%Q",
-			      pw, sessionid, user, realm);
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to update session password: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_update_session_machine_managed(struct hs20_svc *ctx,
-					      const char *user,
-					      const char *realm,
-					      const char *sessionid,
-					      const int pw_mm)
-{
-	char *sql;
-
-	sql = sqlite3_mprintf("UPDATE sessions SET machine_managed=%Q WHERE id=%Q AND user=%Q AND realm=%Q",
-			      pw_mm ? "1" : "0", sessionid, user, realm);
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1,
-			    "Failed to update session machine_managed: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_add_session_pps(struct hs20_svc *ctx, const char *user,
-			       const char *realm, const char *sessionid,
-			       xml_node_t *node)
-{
-	char *str;
-	char *sql;
-
-	str = xml_node_to_str(ctx->xml, node);
-	if (str == NULL)
-		return;
-	sql = sqlite3_mprintf("UPDATE sessions SET pps=%Q WHERE id=%Q AND "
-			      "user=%Q AND realm=%Q",
-			      str, sessionid, user, realm);
-	free(str);
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session pps: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_add_session_devinfo(struct hs20_svc *ctx, const char *sessionid,
-				   xml_node_t *node)
-{
-	char *str;
-	char *sql;
-
-	str = xml_node_to_str(ctx->xml, node);
-	if (str == NULL)
-		return;
-	sql = sqlite3_mprintf("UPDATE sessions SET devinfo=%Q WHERE id=%Q",
-			      str, sessionid);
-	free(str);
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session devinfo: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_add_session_devdetail(struct hs20_svc *ctx,
-				     const char *sessionid,
-				     xml_node_t *node)
-{
-	char *str;
-	char *sql;
-
-	str = xml_node_to_str(ctx->xml, node);
-	if (str == NULL)
-		return;
-	sql = sqlite3_mprintf("UPDATE sessions SET devdetail=%Q WHERE id=%Q",
-			      str, sessionid);
-	free(str);
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session devdetail: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_add_session_dmacc(struct hs20_svc *ctx, const char *sessionid,
-				 const char *username, const char *password)
-{
-	char *sql;
-
-	sql = sqlite3_mprintf("UPDATE sessions SET osu_user=%Q, osu_password=%Q WHERE id=%Q",
-			      username, password, sessionid);
-	if (!sql)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session DMAcc: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_add_session_eap_method(struct hs20_svc *ctx,
-				      const char *sessionid,
-				      const char *method)
-{
-	char *sql;
-
-	sql = sqlite3_mprintf("UPDATE sessions SET eap_method=%Q WHERE id=%Q",
-			      method, sessionid);
-	if (!sql)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session EAP method: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_add_session_id_hash(struct hs20_svc *ctx, const char *sessionid,
-				   const char *id_hash)
-{
-	char *sql;
-
-	sql = sqlite3_mprintf("UPDATE sessions SET mobile_identifier_hash=%Q WHERE id=%Q",
-			      id_hash, sessionid);
-	if (!sql)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add session ID hash: %s",
-			    sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_remove_session(struct hs20_svc *ctx,
-			      const char *user, const char *realm,
-			      const char *sessionid)
-{
-	char *sql;
-
-	if (user == NULL || realm == NULL) {
-		sql = sqlite3_mprintf("DELETE FROM sessions WHERE "
-				      "id=%Q", sessionid);
-	} else {
-		sql = sqlite3_mprintf("DELETE FROM sessions WHERE "
-				      "user=%Q AND realm=%Q AND id=%Q",
-				      user, realm, sessionid);
-	}
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to delete session entry from "
-			    "sqlite database: %s", sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void hs20_eventlog(struct hs20_svc *ctx,
-			  const char *user, const char *realm,
-			  const char *sessionid, const char *notes,
-			  const char *dump)
-{
-	char *sql;
-	char *user_buf = NULL, *realm_buf = NULL;
-
-	debug_print(ctx, 1, "eventlog: %s", notes);
-
-	if (user == NULL) {
-		user_buf = db_get_session_val(ctx, NULL, NULL, sessionid,
-					      "user");
-		user = user_buf;
-		realm_buf = db_get_session_val(ctx, NULL, NULL, sessionid,
-					       "realm");
-		realm = realm_buf;
-	}
-
-	sql = sqlite3_mprintf("INSERT INTO eventlog"
-			      "(user,realm,sessionid,timestamp,notes,dump,addr)"
-			      " VALUES (%Q,%Q,%Q,"
-			      "strftime('%%Y-%%m-%%d %%H:%%M:%%f','now'),"
-			      "%Q,%Q,%Q)",
-			      user, realm, sessionid, notes,
-			      dump ? dump : "", ctx->addr ? ctx->addr : "");
-	free(user_buf);
-	free(realm_buf);
-	if (sql == NULL)
-		return;
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add eventlog entry into sqlite "
-			    "database: %s", sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void hs20_eventlog_node(struct hs20_svc *ctx,
-			       const char *user, const char *realm,
-			       const char *sessionid, const char *notes,
-			       xml_node_t *node)
-{
-	char *str;
-
-	if (node)
-		str = xml_node_to_str(ctx->xml, node);
-	else
-		str = NULL;
-	hs20_eventlog(ctx, user, realm, sessionid, notes, str);
-	free(str);
-}
-
-
-static void db_update_mo_str(struct hs20_svc *ctx, const char *user,
-			     const char *realm, const char *name,
-			     const char *str)
-{
-	char *sql;
-	if (user == NULL || realm == NULL || name == NULL)
-		return;
-	sql = sqlite3_mprintf("UPDATE users SET %s=%Q WHERE identity=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
-			      name, str, user, realm);
-	if (sql == NULL)
-		return;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to update user MO entry in sqlite "
-			    "database: %s", sqlite3_errmsg(ctx->db));
-	}
-	sqlite3_free(sql);
-}
-
-
-static void db_update_mo(struct hs20_svc *ctx, const char *user,
-			 const char *realm, const char *name, xml_node_t *mo)
-{
-	char *str;
-
-	str = xml_node_to_str(ctx->xml, mo);
-	if (str == NULL)
-		return;
-
-	db_update_mo_str(ctx, user, realm, name, str);
-	free(str);
-}
-
-
-static void add_text_node(struct hs20_svc *ctx, xml_node_t *parent,
-			  const char *name, const char *value)
-{
-	xml_node_create_text(ctx->xml, parent, NULL, name, value ? value : "");
-}
-
-
-static void add_text_node_conf(struct hs20_svc *ctx, const char *realm,
-			       xml_node_t *parent, const char *name,
-			       const char *field)
-{
-	char *val;
-	val = db_get_osu_config_val(ctx, realm, field);
-	xml_node_create_text(ctx->xml, parent, NULL, name, val ? val : "");
-	os_free(val);
-}
-
-
-static void add_text_node_conf_corrupt(struct hs20_svc *ctx, const char *realm,
-				       xml_node_t *parent, const char *name,
-				       const char *field)
-{
-	char *val;
-
-	val = db_get_osu_config_val(ctx, realm, field);
-	if (val) {
-		size_t len;
-
-		len = os_strlen(val);
-		if (len > 0) {
-			if (val[len - 1] == '0')
-				val[len - 1] = '1';
-			else
-				val[len - 1] = '0';
-		}
-	}
-	xml_node_create_text(ctx->xml, parent, NULL, name, val ? val : "");
-	os_free(val);
-}
-
-
-static int new_password(char *buf, int buflen)
-{
-	int i;
-
-	if (buflen < 1)
-		return -1;
-	buf[buflen - 1] = '\0';
-	if (os_get_random((unsigned char *) buf, buflen - 1) < 0)
-		return -1;
-
-	for (i = 0; i < buflen - 1; i++) {
-		unsigned char val = buf[i];
-		val %= 2 * 26 + 10;
-		if (val < 26)
-			buf[i] = 'a' + val;
-		else if (val < 2 * 26)
-			buf[i] = 'A' + val - 26;
-		else
-			buf[i] = '0' + val - 2 * 26;
-	}
-
-	return 0;
-}
-
-
-struct get_db_field_data {
-	const char *field;
-	char *value;
-};
-
-
-static int get_db_field(void *ctx, int argc, char *argv[], char *col[])
-{
-	struct get_db_field_data *data = ctx;
-	int i;
-
-	for (i = 0; i < argc; i++) {
-		if (os_strcmp(col[i], data->field) == 0 && argv[i]) {
-			os_free(data->value);
-			data->value = os_strdup(argv[i]);
-			break;
-		}
-	}
-
-	return 0;
-}
-
-
-static char * db_get_val(struct hs20_svc *ctx, const char *user,
-			 const char *realm, const char *field, int dmacc)
-{
-	char *cmd;
-	struct get_db_field_data data;
-
-	cmd = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
-			      field, dmacc ? "osu_user" : "identity",
-			      user, realm);
-	if (cmd == NULL)
-		return NULL;
-	memset(&data, 0, sizeof(data));
-	data.field = field;
-	if (sqlite3_exec(ctx->db, cmd, get_db_field, &data, NULL) != SQLITE_OK)
-	{
-		debug_print(ctx, 1, "Could not find user '%s'", user);
-		sqlite3_free(cmd);
-		return NULL;
-	}
-	sqlite3_free(cmd);
-
-	debug_print(ctx, 1, "DB: user='%s' realm='%s' field='%s' dmacc=%d --> "
-		    "value='%s'", user, realm, field, dmacc, data.value);
-
-	return data.value;
-}
-
-
-static int db_update_val(struct hs20_svc *ctx, const char *user,
-			 const char *realm, const char *field,
-			 const char *val, int dmacc)
-{
-	char *cmd;
-	int ret;
-
-	cmd = sqlite3_mprintf("UPDATE users SET %s=%Q WHERE %s=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
-			      field, val, dmacc ? "osu_user" : "identity", user,
-			      realm);
-	if (cmd == NULL)
-		return -1;
-	debug_print(ctx, 1, "DB: %s", cmd);
-	if (sqlite3_exec(ctx->db, cmd, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1,
-			    "Failed to update user in sqlite database: %s",
-			    sqlite3_errmsg(ctx->db));
-		ret = -1;
-	} else {
-		debug_print(ctx, 1,
-			    "DB: user='%s' realm='%s' field='%s' set to '%s'",
-			    user, realm, field, val);
-		ret = 0;
-	}
-	sqlite3_free(cmd);
-
-	return ret;
-}
-
-
-static char * db_get_session_val(struct hs20_svc *ctx, const char *user,
-				 const char *realm, const char *session_id,
-				 const char *field)
-{
-	char *cmd;
-	struct get_db_field_data data;
-
-	if (user == NULL || realm == NULL) {
-		cmd = sqlite3_mprintf("SELECT %s FROM sessions WHERE "
-				      "id=%Q", field, session_id);
-	} else {
-		cmd = sqlite3_mprintf("SELECT %s FROM sessions WHERE "
-				      "user=%Q AND realm=%Q AND id=%Q",
-				      field, user, realm, session_id);
-	}
-	if (cmd == NULL)
-		return NULL;
-	debug_print(ctx, 1, "DB: %s", cmd);
-	memset(&data, 0, sizeof(data));
-	data.field = field;
-	if (sqlite3_exec(ctx->db, cmd, get_db_field, &data, NULL) != SQLITE_OK)
-	{
-		debug_print(ctx, 1, "DB: Could not find session %s: %s",
-			    session_id, sqlite3_errmsg(ctx->db));
-		sqlite3_free(cmd);
-		return NULL;
-	}
-	sqlite3_free(cmd);
-
-	debug_print(ctx, 1, "DB: return '%s'", data.value);
-	return data.value;
-}
-
-
-static int update_password(struct hs20_svc *ctx, const char *user,
-			   const char *realm, const char *pw, int dmacc)
-{
-	char *cmd;
-
-	cmd = sqlite3_mprintf("UPDATE users SET password=%Q, "
-			      "remediation='' "
-			      "WHERE %s=%Q AND phase2=1",
-			      pw, dmacc ? "osu_user" : "identity",
-			      user);
-	if (cmd == NULL)
-		return -1;
-	debug_print(ctx, 1, "DB: %s", cmd);
-	if (sqlite3_exec(ctx->db, cmd, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to update database for user '%s'",
-			    user);
-	}
-	sqlite3_free(cmd);
-
-	return 0;
-}
-
-
-static int clear_remediation(struct hs20_svc *ctx, const char *user,
-			     const char *realm, int dmacc)
-{
-	char *cmd;
-
-	cmd = sqlite3_mprintf("UPDATE users SET remediation='' WHERE %s=%Q",
-			      dmacc ? "osu_user" : "identity",
-			      user);
-	if (cmd == NULL)
-		return -1;
-	debug_print(ctx, 1, "DB: %s", cmd);
-	if (sqlite3_exec(ctx->db, cmd, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to update database for user '%s'",
-			    user);
-	}
-	sqlite3_free(cmd);
-
-	return 0;
-}
-
-
-static int add_eap_ttls(struct hs20_svc *ctx, xml_node_t *parent)
-{
-	xml_node_t *node;
-
-	node = xml_node_create(ctx->xml, parent, NULL, "EAPMethod");
-	if (node == NULL)
-		return -1;
-
-	add_text_node(ctx, node, "EAPType", "21");
-	add_text_node(ctx, node, "InnerMethod", "MS-CHAP-V2");
-
-	return 0;
-}
-
-
-static xml_node_t * build_username_password(struct hs20_svc *ctx,
-					    xml_node_t *parent,
-					    const char *user, const char *pw)
-{
-	xml_node_t *node;
-	char *b64;
-	size_t len;
-
-	node = xml_node_create(ctx->xml, parent, NULL, "UsernamePassword");
-	if (node == NULL)
-		return NULL;
-
-	add_text_node(ctx, node, "Username", user);
-
-	b64 = base64_encode(pw, strlen(pw), NULL);
-	if (b64 == NULL)
-		return NULL;
-	len = os_strlen(b64);
-	if (len > 0 && b64[len - 1] == '\n')
-		b64[len - 1] = '\0';
-	add_text_node(ctx, node, "Password", b64);
-	free(b64);
-
-	return node;
-}
-
-
-static int add_username_password(struct hs20_svc *ctx, xml_node_t *cred,
-				 const char *user, const char *pw,
-				 int machine_managed)
-{
-	xml_node_t *node;
-
-	node = build_username_password(ctx, cred, user, pw);
-	if (node == NULL)
-		return -1;
-
-	add_text_node(ctx, node, "MachineManaged",
-		      machine_managed ? "TRUE" : "FALSE");
-	add_text_node(ctx, node, "SoftTokenApp", "");
-	add_eap_ttls(ctx, node);
-
-	return 0;
-}
-
-
-static void add_creation_date(struct hs20_svc *ctx, xml_node_t *cred)
-{
-	char str[30];
-	time_t now;
-	struct tm tm;
-
-	time(&now);
-	gmtime_r(&now, &tm);
-	snprintf(str, sizeof(str), "%04u-%02u-%02uT%02u:%02u:%02uZ",
-		 tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
-		 tm.tm_hour, tm.tm_min, tm.tm_sec);
-	xml_node_create_text(ctx->xml, cred, NULL, "CreationDate", str);
-}
-
-
-static xml_node_t * build_credential_pw(struct hs20_svc *ctx,
-					const char *user, const char *realm,
-					const char *pw, int machine_managed)
-{
-	xml_node_t *cred;
-
-	cred = xml_node_create_root(ctx->xml, NULL, NULL, NULL, "Credential");
-	if (cred == NULL) {
-		debug_print(ctx, 1, "Failed to create Credential node");
-		return NULL;
-	}
-	add_creation_date(ctx, cred);
-	if (add_username_password(ctx, cred, user, pw, machine_managed) < 0) {
-		xml_node_free(ctx->xml, cred);
-		return NULL;
-	}
-	add_text_node(ctx, cred, "Realm", realm);
-
-	return cred;
-}
-
-
-static xml_node_t * build_credential(struct hs20_svc *ctx,
-				     const char *user, const char *realm,
-				     char *new_pw, size_t new_pw_len)
-{
-	if (new_password(new_pw, new_pw_len) < 0)
-		return NULL;
-	debug_print(ctx, 1, "Update password to '%s'", new_pw);
-	return build_credential_pw(ctx, user, realm, new_pw, 1);
-}
-
-
-static xml_node_t * build_credential_cert(struct hs20_svc *ctx,
-					  const char *user, const char *realm,
-					  const char *cert_fingerprint)
-{
-	xml_node_t *cred, *cert;
-
-	cred = xml_node_create_root(ctx->xml, NULL, NULL, NULL, "Credential");
-	if (cred == NULL) {
-		debug_print(ctx, 1, "Failed to create Credential node");
-		return NULL;
-	}
-	add_creation_date(ctx, cred);
-	cert = xml_node_create(ctx->xml, cred, NULL, "DigitalCertificate");
-	add_text_node(ctx, cert, "CertificateType", "x509v3");
-	add_text_node(ctx, cert, "CertSHA256Fingerprint", cert_fingerprint);
-	add_text_node(ctx, cred, "Realm", realm);
-
-	return cred;
-}
-
-
-static xml_node_t * build_post_dev_data_response(struct hs20_svc *ctx,
-						 xml_namespace_t **ret_ns,
-						 const char *session_id,
-						 const char *status,
-						 const char *error_code)
-{
-	xml_node_t *spp_node = NULL;
-	xml_namespace_t *ns;
-
-	spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns,
-					"sppPostDevDataResponse");
-	if (spp_node == NULL)
-		return NULL;
-	if (ret_ns)
-		*ret_ns = ns;
-
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0");
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID", session_id);
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppStatus", status);
-
-	if (error_code) {
-		xml_node_t *node;
-		node = xml_node_create(ctx->xml, spp_node, ns, "sppError");
-		if (node)
-			xml_node_add_attr(ctx->xml, node, NULL, "errorCode",
-					  error_code);
-	}
-
-	return spp_node;
-}
-
-
-static int add_update_node(struct hs20_svc *ctx, xml_node_t *spp_node,
-			   xml_namespace_t *ns, const char *uri,
-			   xml_node_t *upd_node)
-{
-	xml_node_t *node, *tnds;
-	char *str;
-
-	tnds = mo_to_tnds(ctx->xml, upd_node, 0, NULL, NULL);
-	if (!tnds)
-		return -1;
-
-	str = xml_node_to_str(ctx->xml, tnds);
-	xml_node_free(ctx->xml, tnds);
-	if (str == NULL)
-		return -1;
-	node = xml_node_create_text(ctx->xml, spp_node, ns, "updateNode", str);
-	free(str);
-
-	xml_node_add_attr(ctx->xml, node, ns, "managementTreeURI", uri);
-
-	return 0;
-}
-
-
-static xml_node_t * read_subrem_file(struct hs20_svc *ctx,
-				     const char *subrem_id,
-				     char *uri, size_t uri_size)
-{
-	char fname[200];
-	char *buf, *buf2, *pos;
-	size_t len;
-	xml_node_t *node;
-
-	os_snprintf(fname, sizeof(fname), "%s/spp/subrem/%s",
-		    ctx->root_dir, subrem_id);
-	debug_print(ctx, 1, "Use subrem file %s", fname);
-
-	buf = os_readfile(fname, &len);
-	if (!buf)
-		return NULL;
-	buf2 = os_realloc(buf, len + 1);
-	if (!buf2) {
-		os_free(buf);
-		return NULL;
-	}
-	buf = buf2;
-	buf[len] = '\0';
-
-	pos = os_strchr(buf, '\n');
-	if (!pos) {
-		os_free(buf);
-		return NULL;
-	}
-	*pos++ = '\0';
-	os_strlcpy(uri, buf, uri_size);
-
-	node = xml_node_from_buf(ctx->xml, pos);
-	os_free(buf);
-
-	return node;
-}
-
-
-static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
-				       const char *user, const char *realm,
-				       const char *session_id,
-				       int machine_rem, int dmacc)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *cred;
-	char buf[400];
-	char new_pw[33];
-	char *status;
-	char *cert;
-
-	cert = db_get_val(ctx, user, realm, "cert", dmacc);
-	if (cert && cert[0] == '\0') {
-		os_free(cert);
-		cert = NULL;
-	}
-	if (cert) {
-		char *subrem;
-
-		/* No change needed in PPS MO unless specifically asked to */
-		cred = NULL;
-		buf[0] = '\0';
-
-		subrem = db_get_val(ctx, user, realm, "subrem", dmacc);
-		if (subrem && subrem[0]) {
-			cred = read_subrem_file(ctx, subrem, buf, sizeof(buf));
-			if (!cred) {
-				debug_print(ctx, 1,
-					    "Could not create updateNode from subrem file");
-				os_free(subrem);
-				os_free(cert);
-				return NULL;
-			}
-		}
-		os_free(subrem);
-	} else {
-		char *real_user = NULL;
-		char *pw;
-
-		if (dmacc) {
-			real_user = db_get_val(ctx, user, realm, "identity",
-					       dmacc);
-			if (!real_user) {
-				debug_print(ctx, 1,
-					    "Could not find user identity for dmacc user '%s'",
-					    user);
-				return NULL;
-			}
-		}
-
-		pw = db_get_session_val(ctx, user, realm, session_id,
-					"password");
-		if (pw && pw[0]) {
-			debug_print(ctx, 1, "New password from the user: '%s'",
-				    pw);
-			snprintf(new_pw, sizeof(new_pw), "%s", pw);
-			free(pw);
-			cred = build_credential_pw(ctx,
-						   real_user ? real_user : user,
-						   realm, new_pw, 0);
-		} else {
-			cred = build_credential(ctx,
-						real_user ? real_user : user,
-						realm, new_pw, sizeof(new_pw));
-		}
-
-		free(real_user);
-		if (!cred) {
-			debug_print(ctx, 1, "Could not build credential");
-			os_free(cert);
-			return NULL;
-		}
-
-		snprintf(buf, sizeof(buf),
-			 "./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
-			 realm);
-	}
-
-	status = "Remediation complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL) {
-		debug_print(ctx, 1, "Could not build sppPostDevDataResponse");
-		os_free(cert);
-		return NULL;
-	}
-
-	if ((cred && add_update_node(ctx, spp_node, ns, buf, cred) < 0) ||
-	    (!cred && !xml_node_create(ctx->xml, spp_node, ns, "noMOUpdate"))) {
-		debug_print(ctx, 1, "Could not add update node");
-		xml_node_free(ctx->xml, spp_node);
-		os_free(cert);
-		return NULL;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   machine_rem ? "machine remediation" :
-			   "user remediation", cred);
-	xml_node_free(ctx->xml, cred);
-
-	if (cert) {
-		debug_print(ctx, 1, "Request DB remediation clearing on success notification (certificate credential)");
-		db_add_session(ctx, user, realm, session_id, NULL, NULL,
-			       CLEAR_REMEDIATION, NULL);
-	} else {
-		debug_print(ctx, 1, "Request DB password update on success "
-			    "notification");
-		db_add_session(ctx, user, realm, session_id, new_pw, NULL,
-			       UPDATE_PASSWORD, NULL);
-	}
-	os_free(cert);
-
-	return spp_node;
-}
-
-
-static xml_node_t * machine_remediation(struct hs20_svc *ctx,
-					const char *user,
-					const char *realm,
-					const char *session_id, int dmacc)
-{
-	return build_sub_rem_resp(ctx, user, realm, session_id, 1, dmacc);
-}
-
-
-static xml_node_t * cert_reenroll(struct hs20_svc *ctx,
-				  const char *user,
-				  const char *realm,
-				  const char *session_id)
-{
-	db_add_session(ctx, user, realm, session_id, NULL, NULL,
-		       CERT_REENROLL, NULL);
-	return spp_exec_get_certificate(ctx, session_id, user, realm, 0);
-}
-
-
-static xml_node_t * policy_remediation(struct hs20_svc *ctx,
-				       const char *user, const char *realm,
-				       const char *session_id, int dmacc)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *policy;
-	char buf[400];
-	const char *status;
-
-	hs20_eventlog(ctx, user, realm, session_id,
-		      "requires policy remediation", NULL);
-
-	db_add_session(ctx, user, realm, session_id, NULL, NULL,
-		       POLICY_REMEDIATION, NULL);
-
-	policy = build_policy(ctx, user, realm, dmacc);
-	if (!policy) {
-		return build_post_dev_data_response(
-			ctx, NULL, session_id,
-			"No update available at this time", NULL);
-	}
-
-	status = "Remediation complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	snprintf(buf, sizeof(buf),
-		 "./Wi-Fi/%s/PerProviderSubscription/Cred01/Policy",
-		 realm);
-
-	if (add_update_node(ctx, spp_node, ns, buf, policy) < 0) {
-		xml_node_free(ctx->xml, spp_node);
-		xml_node_free(ctx->xml, policy);
-		return NULL;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "policy update (sub rem)", policy);
-	xml_node_free(ctx->xml, policy);
-
-	return spp_node;
-}
-
-
-static xml_node_t * browser_remediation(struct hs20_svc *ctx,
-					const char *session_id,
-					const char *redirect_uri,
-					const char *uri)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *exec_node;
-
-	if (redirect_uri == NULL) {
-		debug_print(ctx, 1, "Missing redirectURI attribute for user "
-			    "remediation");
-		return NULL;
-	}
-	debug_print(ctx, 1, "redirectURI %s", redirect_uri);
-
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK",
-		NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec");
-	xml_node_create_text(ctx->xml, exec_node, ns, "launchBrowserToURI",
-			     uri);
-	return spp_node;
-}
-
-
-static xml_node_t * user_remediation(struct hs20_svc *ctx, const char *user,
-				     const char *realm, const char *session_id,
-				     const char *redirect_uri)
-{
-	char uri[300], *val;
-
-	hs20_eventlog(ctx, user, realm, session_id,
-		      "requires user remediation", NULL);
-	val = db_get_osu_config_val(ctx, realm, "remediation_url");
-	if (val == NULL)
-		return NULL;
-
-	db_add_session(ctx, user, realm, session_id, NULL, redirect_uri,
-		       USER_REMEDIATION, NULL);
-
-	snprintf(uri, sizeof(uri), "%s%s", val, session_id);
-	os_free(val);
-	return browser_remediation(ctx, session_id, redirect_uri, uri);
-}
-
-
-static xml_node_t * free_remediation(struct hs20_svc *ctx,
-				     const char *user, const char *realm,
-				     const char *session_id,
-				     const char *redirect_uri)
-{
-	char uri[300], *val;
-
-	hs20_eventlog(ctx, user, realm, session_id,
-		      "requires free/public account remediation", NULL);
-	val = db_get_osu_config_val(ctx, realm, "free_remediation_url");
-	if (val == NULL)
-		return NULL;
-
-	db_add_session(ctx, user, realm, session_id, NULL, redirect_uri,
-		       FREE_REMEDIATION, NULL);
-
-	snprintf(uri, sizeof(uri), "%s%s", val, session_id);
-	os_free(val);
-	return browser_remediation(ctx, session_id, redirect_uri, uri);
-}
-
-
-static xml_node_t * no_sub_rem(struct hs20_svc *ctx,
-			       const char *user, const char *realm,
-			       const char *session_id)
-{
-	const char *status;
-
-	hs20_eventlog(ctx, user, realm, session_id,
-		      "no subscription mediation available", NULL);
-
-	status = "No update available at this time";
-	return build_post_dev_data_response(ctx, NULL, session_id, status,
-					    NULL);
-}
-
-
-static xml_node_t * hs20_subscription_remediation(struct hs20_svc *ctx,
-						  const char *user,
-						  const char *realm,
-						  const char *session_id,
-						  int dmacc,
-						  const char *redirect_uri)
-{
-	char *type, *identity;
-	xml_node_t *ret;
-	char *free_account;
-
-	identity = db_get_val(ctx, user, realm, "identity", dmacc);
-	if (identity == NULL || strlen(identity) == 0) {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "user not found in database for remediation",
-			      NULL);
-		os_free(identity);
-		return build_post_dev_data_response(ctx, NULL, session_id,
-						    "Error occurred",
-						    "Not found");
-	}
-	os_free(identity);
-
-	free_account = db_get_osu_config_val(ctx, realm, "free_account");
-	if (free_account && strcmp(free_account, user) == 0) {
-		free(free_account);
-		return no_sub_rem(ctx, user, realm, session_id);
-	}
-	free(free_account);
-
-	type = db_get_val(ctx, user, realm, "remediation", dmacc);
-	if (type && strcmp(type, "free") != 0) {
-		char *val;
-		int shared = 0;
-		val = db_get_val(ctx, user, realm, "shared", dmacc);
-		if (val)
-			shared = atoi(val);
-		free(val);
-		if (shared) {
-			free(type);
-			return no_sub_rem(ctx, user, realm, session_id);
-		}
-	}
-	if (type && strcmp(type, "user") == 0)
-		ret = user_remediation(ctx, user, realm, session_id,
-				       redirect_uri);
-	else if (type && strcmp(type, "free") == 0)
-		ret = free_remediation(ctx, user, realm, session_id,
-				       redirect_uri);
-	else if (type && strcmp(type, "policy") == 0)
-		ret = policy_remediation(ctx, user, realm, session_id, dmacc);
-	else if (type && strcmp(type, "machine") == 0)
-		ret = machine_remediation(ctx, user, realm, session_id, dmacc);
-	else if (type && strcmp(type, "reenroll") == 0)
-		ret = cert_reenroll(ctx, user, realm, session_id);
-	else
-		ret = no_sub_rem(ctx, user, realm, session_id);
-	free(type);
-
-	return ret;
-}
-
-
-static xml_node_t * read_policy_file(struct hs20_svc *ctx,
-				     const char *policy_id)
-{
-	char fname[200];
-
-	snprintf(fname, sizeof(fname), "%s/spp/policy/%s.xml",
-		 ctx->root_dir, policy_id);
-	debug_print(ctx, 1, "Use policy file %s", fname);
-
-	return node_from_file(ctx->xml, fname);
-}
-
-
-static void update_policy_update_uri(struct hs20_svc *ctx, const char *realm,
-				     xml_node_t *policy)
-{
-	xml_node_t *node;
-	char *url;
-
-	node = get_node_uri(ctx->xml, policy, "Policy/PolicyUpdate/URI");
-	if (!node)
-		return;
-
-	url = db_get_osu_config_val(ctx, realm, "policy_url");
-	if (!url)
-		return;
-	xml_node_set_text(ctx->xml, node, url);
-	free(url);
-}
-
-
-static xml_node_t * build_policy(struct hs20_svc *ctx, const char *user,
-				 const char *realm, int use_dmacc)
-{
-	char *policy_id;
-	xml_node_t *policy, *node;
-
-	policy_id = db_get_val(ctx, user, realm, "policy", use_dmacc);
-	if (policy_id == NULL || strlen(policy_id) == 0) {
-		free(policy_id);
-		policy_id = strdup("default");
-		if (policy_id == NULL)
-			return NULL;
-	}
-	policy = read_policy_file(ctx, policy_id);
-	free(policy_id);
-	if (policy == NULL)
-		return NULL;
-
-	update_policy_update_uri(ctx, realm, policy);
-
-	node = get_node_uri(ctx->xml, policy, "Policy/PolicyUpdate");
-	if (node && use_dmacc) {
-		char *pw;
-		pw = db_get_val(ctx, user, realm, "osu_password", use_dmacc);
-		if (pw == NULL ||
-		    build_username_password(ctx, node, user, pw) == NULL) {
-			debug_print(ctx, 1, "Failed to add Policy/PolicyUpdate/"
-				    "UsernamePassword");
-			free(pw);
-			xml_node_free(ctx->xml, policy);
-			return NULL;
-		}
-		free(pw);
-	}
-
-	return policy;
-}
-
-
-static xml_node_t * hs20_policy_update(struct hs20_svc *ctx,
-				       const char *user, const char *realm,
-				       const char *session_id, int dmacc)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node;
-	xml_node_t *policy;
-	char buf[400];
-	const char *status;
-	char *identity;
-
-	identity = db_get_val(ctx, user, realm, "identity", dmacc);
-	if (identity == NULL || strlen(identity) == 0) {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "user not found in database for policy update",
-			      NULL);
-		os_free(identity);
-		return build_post_dev_data_response(ctx, NULL, session_id,
-						    "Error occurred",
-						    "Not found");
-	}
-	os_free(identity);
-
-	policy = build_policy(ctx, user, realm, dmacc);
-	if (!policy) {
-		return build_post_dev_data_response(
-			ctx, NULL, session_id,
-			"No update available at this time", NULL);
-	}
-
-	db_add_session(ctx, user, realm, session_id, NULL, NULL, POLICY_UPDATE,
-		       NULL);
-
-	status = "Update complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	snprintf(buf, sizeof(buf),
-		 "./Wi-Fi/%s/PerProviderSubscription/Cred01/Policy",
-		 realm);
-
-	if (add_update_node(ctx, spp_node, ns, buf, policy) < 0) {
-		xml_node_free(ctx->xml, spp_node);
-		xml_node_free(ctx->xml, policy);
-		return NULL;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id, "policy update",
-			   policy);
-	xml_node_free(ctx->xml, policy);
-
-	return spp_node;
-}
-
-
-static xml_node_t * spp_get_mo(struct hs20_svc *ctx, xml_node_t *node,
-			       const char *urn, int *valid, char **ret_err)
-{
-	xml_node_t *child, *tnds, *mo;
-	const char *name;
-	char *mo_urn;
-	char *str;
-	char fname[200];
-
-	*valid = -1;
-	if (ret_err)
-		*ret_err = NULL;
-
-	xml_node_for_each_child(ctx->xml, child, node) {
-		xml_node_for_each_check(ctx->xml, child);
-		name = xml_node_get_localname(ctx->xml, child);
-		if (strcmp(name, "moContainer") != 0)
-			continue;
-		mo_urn = xml_node_get_attr_value_ns(ctx->xml, child, SPP_NS_URI,
-						    "moURN");
-		if (strcasecmp(urn, mo_urn) == 0) {
-			xml_node_get_attr_value_free(ctx->xml, mo_urn);
-			break;
-		}
-		xml_node_get_attr_value_free(ctx->xml, mo_urn);
-	}
-
-	if (child == NULL)
-		return NULL;
-
-	debug_print(ctx, 1, "moContainer text for %s", urn);
-	debug_dump_node(ctx, "moContainer", child);
-
-	str = xml_node_get_text(ctx->xml, child);
-	debug_print(ctx, 1, "moContainer payload: '%s'", str);
-	tnds = xml_node_from_buf(ctx->xml, str);
-	xml_node_get_text_free(ctx->xml, str);
-	if (tnds == NULL) {
-		debug_print(ctx, 1, "could not parse moContainer text");
-		return NULL;
-	}
-
-	snprintf(fname, sizeof(fname), "%s/spp/dm_ddf-v1_2.dtd", ctx->root_dir);
-	if (xml_validate_dtd(ctx->xml, tnds, fname, ret_err) == 0)
-		*valid = 1;
-	else if (ret_err && *ret_err &&
-		 os_strcmp(*ret_err, "No declaration for attribute xmlns of element MgmtTree\n") == 0) {
-		free(*ret_err);
-		debug_print(ctx, 1, "Ignore OMA-DM DDF DTD validation error for MgmtTree namespace declaration with xmlns attribute");
-		*ret_err = NULL;
-		*valid = 1;
-	} else
-		*valid = 0;
-
-	mo = tnds_to_mo(ctx->xml, tnds);
-	xml_node_free(ctx->xml, tnds);
-	if (mo == NULL) {
-		debug_print(ctx, 1, "invalid moContainer for %s", urn);
-	}
-
-	return mo;
-}
-
-
-static xml_node_t * spp_exec_upload_mo(struct hs20_svc *ctx,
-				       const char *session_id, const char *urn)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *node, *exec_node;
-
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK",
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec");
-
-	node = xml_node_create(ctx->xml, exec_node, ns, "uploadMO");
-	xml_node_add_attr(ctx->xml, node, ns, "moURN", urn);
-
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_subscription_registration(struct hs20_svc *ctx,
-						   const char *realm,
-						   const char *session_id,
-						   const char *redirect_uri,
-						   const u8 *mac_addr)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *exec_node;
-	char uri[300], *val;
-
-	if (db_add_session(ctx, NULL, realm, session_id, NULL, redirect_uri,
-			   SUBSCRIPTION_REGISTRATION, mac_addr) < 0)
-		return NULL;
-	val = db_get_osu_config_val(ctx, realm, "signup_url");
-	if (val == NULL)
-		return NULL;
-
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK",
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec");
-
-	snprintf(uri, sizeof(uri), "%s%s", val, session_id);
-	os_free(val);
-	xml_node_create_text(ctx->xml, exec_node, ns, "launchBrowserToURI",
-			     uri);
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_user_input_remediation(struct hs20_svc *ctx,
-						const char *user,
-						const char *realm, int dmacc,
-						const char *session_id)
-{
-	return build_sub_rem_resp(ctx, user, realm, session_id, 0, dmacc);
-}
-
-
-static char * db_get_osu_config_val(struct hs20_svc *ctx, const char *realm,
-				    const char *field)
-{
-	char *cmd;
-	struct get_db_field_data data;
-
-	cmd = sqlite3_mprintf("SELECT value FROM osu_config WHERE realm=%Q AND "
-			      "field=%Q", realm, field);
-	if (cmd == NULL)
-		return NULL;
-	debug_print(ctx, 1, "DB: %s", cmd);
-	memset(&data, 0, sizeof(data));
-	data.field = "value";
-	if (sqlite3_exec(ctx->db, cmd, get_db_field, &data, NULL) != SQLITE_OK)
-	{
-		debug_print(ctx, 1, "DB: Could not find osu_config %s: %s",
-			    realm, sqlite3_errmsg(ctx->db));
-		sqlite3_free(cmd);
-		return NULL;
-	}
-	sqlite3_free(cmd);
-
-	debug_print(ctx, 1, "DB: return '%s'", data.value);
-	return data.value;
-}
-
-
-static xml_node_t * build_pps(struct hs20_svc *ctx,
-			      const char *user, const char *realm,
-			      const char *pw, const char *cert,
-			      int machine_managed, const char *test,
-			      const char *imsi, const char *dmacc_username,
-			      const char *dmacc_password,
-			      xml_node_t *policy_node)
-{
-	xml_node_t *pps, *c, *trust, *aaa, *aaa1, *upd, *homesp, *p;
-	xml_node_t *cred, *eap, *userpw;
-
-	pps = xml_node_create_root(ctx->xml, NULL, NULL, NULL,
-				   "PerProviderSubscription");
-	if (!pps) {
-		xml_node_free(ctx->xml, policy_node);
-		return NULL;
-	}
-
-	add_text_node(ctx, pps, "UpdateIdentifier", "1");
-
-	c = xml_node_create(ctx->xml, pps, NULL, "Cred01");
-
-	add_text_node(ctx, c, "CredentialPriority", "1");
-
-	if (imsi)
-		goto skip_aaa_trust_root;
-	aaa = xml_node_create(ctx->xml, c, NULL, "AAAServerTrustRoot");
-	aaa1 = xml_node_create(ctx->xml, aaa, NULL, "AAA1");
-	add_text_node_conf(ctx, realm, aaa1, "CertURL",
-			   "aaa_trust_root_cert_url");
-	if (test && os_strcmp(test, "corrupt_aaa_hash") == 0) {
-		debug_print(ctx, 1,
-			    "TEST: Corrupt PPS/Cred*/AAAServerTrustRoot/Root*/CertSHA256FingerPrint");
-		add_text_node_conf_corrupt(ctx, realm, aaa1,
-					   "CertSHA256Fingerprint",
-					   "aaa_trust_root_cert_fingerprint");
-	} else {
-		add_text_node_conf(ctx, realm, aaa1, "CertSHA256Fingerprint",
-				   "aaa_trust_root_cert_fingerprint");
-	}
-
-	if (test && os_strcmp(test, "corrupt_polupd_hash") == 0) {
-		debug_print(ctx, 1,
-			    "TEST: Corrupt PPS/Cred*/Policy/PolicyUpdate/Trustroot/CertSHA256FingerPrint");
-		p = xml_node_create(ctx->xml, c, NULL, "Policy");
-		upd = xml_node_create(ctx->xml, p, NULL, "PolicyUpdate");
-		add_text_node(ctx, upd, "UpdateInterval", "30");
-		add_text_node(ctx, upd, "UpdateMethod", "SPP-ClientInitiated");
-		add_text_node(ctx, upd, "Restriction", "Unrestricted");
-		add_text_node_conf(ctx, realm, upd, "URI", "policy_url");
-		trust = xml_node_create(ctx->xml, upd, NULL, "TrustRoot");
-		add_text_node_conf(ctx, realm, trust, "CertURL",
-				   "policy_trust_root_cert_url");
-		add_text_node_conf_corrupt(ctx, realm, trust,
-					   "CertSHA256Fingerprint",
-					   "policy_trust_root_cert_fingerprint");
-	}
-skip_aaa_trust_root:
-
-	upd = xml_node_create(ctx->xml, c, NULL, "SubscriptionUpdate");
-	add_text_node(ctx, upd, "UpdateInterval", "4294967295");
-	add_text_node(ctx, upd, "UpdateMethod", "SPP-ClientInitiated");
-	add_text_node(ctx, upd, "Restriction", "HomeSP");
-	add_text_node_conf(ctx, realm, upd, "URI", "spp_http_auth_url");
-	trust = xml_node_create(ctx->xml, upd, NULL, "TrustRoot");
-	add_text_node_conf(ctx, realm, trust, "CertURL", "trust_root_cert_url");
-	if (test && os_strcmp(test, "corrupt_subrem_hash") == 0) {
-		debug_print(ctx, 1,
-			    "TEST: Corrupt PPS/Cred*/SubscriptionUpdate/Trustroot/CertSHA256FingerPrint");
-		add_text_node_conf_corrupt(ctx, realm, trust,
-					   "CertSHA256Fingerprint",
-					   "trust_root_cert_fingerprint");
-	} else {
-		add_text_node_conf(ctx, realm, trust, "CertSHA256Fingerprint",
-				   "trust_root_cert_fingerprint");
-	}
-
-	if (dmacc_username &&
-	    !build_username_password(ctx, upd, dmacc_username,
-				     dmacc_password)) {
-		xml_node_free(ctx->xml, pps);
-		xml_node_free(ctx->xml, policy_node);
-		return NULL;
-	}
-
-	if (policy_node)
-		xml_node_add_child(ctx->xml, c, policy_node);
-
-	homesp = xml_node_create(ctx->xml, c, NULL, "HomeSP");
-	add_text_node_conf(ctx, realm, homesp, "FriendlyName", "friendly_name");
-	add_text_node_conf(ctx, realm, homesp, "FQDN", "fqdn");
-
-	xml_node_create(ctx->xml, c, NULL, "SubscriptionParameters");
-
-	cred = xml_node_create(ctx->xml, c, NULL, "Credential");
-	add_creation_date(ctx, cred);
-	if (imsi) {
-		xml_node_t *sim;
-		const char *type = "18"; /* default to EAP-SIM */
-
-		sim = xml_node_create(ctx->xml, cred, NULL, "SIM");
-		add_text_node(ctx, sim, "IMSI", imsi);
-		if (ctx->eap_method && os_strcmp(ctx->eap_method, "AKA") == 0)
-			type = "23";
-		else if (ctx->eap_method &&
-			 os_strcmp(ctx->eap_method, "AKA'") == 0)
-			type = "50";
-		add_text_node(ctx, sim, "EAPType", type);
-	} else if (cert) {
-		xml_node_t *dc;
-		dc = xml_node_create(ctx->xml, cred, NULL,
-				     "DigitalCertificate");
-		add_text_node(ctx, dc, "CertificateType", "x509v3");
-		add_text_node(ctx, dc, "CertSHA256Fingerprint", cert);
-	} else {
-		userpw = build_username_password(ctx, cred, user, pw);
-		add_text_node(ctx, userpw, "MachineManaged",
-			      machine_managed ? "TRUE" : "FALSE");
-		eap = xml_node_create(ctx->xml, userpw, NULL, "EAPMethod");
-		add_text_node(ctx, eap, "EAPType", "21");
-		add_text_node(ctx, eap, "InnerMethod", "MS-CHAP-V2");
-	}
-	add_text_node(ctx, cred, "Realm", realm);
-
-	return pps;
-}
-
-
-static xml_node_t * spp_exec_get_certificate(struct hs20_svc *ctx,
-					     const char *session_id,
-					     const char *user,
-					     const char *realm,
-					     int add_est_user)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *enroll, *exec_node;
-	char *val;
-	char password[11];
-	char *b64;
-
-	if (add_est_user && new_password(password, sizeof(password)) < 0)
-		return NULL;
-
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK",
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec");
-
-	enroll = xml_node_create(ctx->xml, exec_node, ns, "getCertificate");
-	xml_node_add_attr(ctx->xml, enroll, NULL, "enrollmentProtocol", "EST");
-
-	val = db_get_osu_config_val(ctx, realm, "est_url");
-	xml_node_create_text(ctx->xml, enroll, ns, "enrollmentServerURI",
-			     val ? val : "");
-	os_free(val);
-
-	if (!add_est_user)
-		return spp_node;
-
-	xml_node_create_text(ctx->xml, enroll, ns, "estUserID", user);
-
-	b64 = base64_encode(password, strlen(password), NULL);
-	if (b64 == NULL) {
-		xml_node_free(ctx->xml, spp_node);
-		return NULL;
-	}
-	xml_node_create_text(ctx->xml, enroll, ns, "estPassword", b64);
-	free(b64);
-
-	db_update_session_password(ctx, user, realm, session_id, password);
-
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_user_input_registration(struct hs20_svc *ctx,
-						 const char *session_id,
-						 int enrollment_done)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *node = NULL;
-	xml_node_t *pps, *tnds;
-	char buf[400];
-	char *str;
-	char *user, *realm, *pw, *type, *mm, *test;
-	const char *status;
-	int cert = 0;
-	int machine_managed = 0;
-	char *fingerprint;
-
-	user = db_get_session_val(ctx, NULL, NULL, session_id, "user");
-	realm = db_get_session_val(ctx, NULL, NULL, session_id, "realm");
-	pw = db_get_session_val(ctx, NULL, NULL, session_id, "password");
-
-	if (!user || !realm || !pw) {
-		debug_print(ctx, 1, "Could not find session info from DB for "
-			    "the new subscription");
-		free(user);
-		free(realm);
-		free(pw);
-		return NULL;
-	}
-
-	mm = db_get_session_val(ctx, NULL, NULL, session_id, "machine_managed");
-	if (mm && atoi(mm))
-		machine_managed = 1;
-	free(mm);
-
-	type = db_get_session_val(ctx, NULL, NULL, session_id, "type");
-	if (type && strcmp(type, "cert") == 0)
-		cert = 1;
-	free(type);
-
-	if (cert && !enrollment_done) {
-		xml_node_t *ret;
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "request client certificate enrollment", NULL);
-		ret = spp_exec_get_certificate(ctx, session_id, user, realm, 1);
-		free(user);
-		free(realm);
-		free(pw);
-		return ret;
-	}
-
-	if (!cert && strlen(pw) == 0) {
-		machine_managed = 1;
-		free(pw);
-		pw = malloc(11);
-		if (pw == NULL || new_password(pw, 11) < 0) {
-			free(user);
-			free(realm);
-			free(pw);
-			return NULL;
-		}
-	}
-
-	status = "Provisioning complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	fingerprint = db_get_session_val(ctx, NULL, NULL, session_id, "cert");
-	test = db_get_session_val(ctx, NULL, NULL, session_id, "test");
-	if (test)
-		debug_print(ctx, 1, "TEST: Requested special behavior: %s",
-			    test);
-	pps = build_pps(ctx, user, realm, pw,
-			fingerprint ? fingerprint : NULL, machine_managed,
-			test, NULL, NULL, NULL, NULL);
-	free(fingerprint);
-	free(test);
-	if (!pps) {
-		xml_node_free(ctx->xml, spp_node);
-		free(user);
-		free(realm);
-		free(pw);
-		return NULL;
-	}
-
-	debug_print(ctx, 1, "Request DB subscription registration on success "
-		    "notification");
-	if (machine_managed) {
-		db_update_session_password(ctx, user, realm, session_id, pw);
-		db_update_session_machine_managed(ctx, user, realm, session_id,
-						  machine_managed);
-	}
-	db_add_session_pps(ctx, user, realm, session_id, pps);
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "new subscription", pps);
-	free(user);
-	free(pw);
-
-	tnds = mo_to_tnds(ctx->xml, pps, 0, URN_HS20_PPS, NULL);
-	xml_node_free(ctx->xml, pps);
-	if (!tnds) {
-		xml_node_free(ctx->xml, spp_node);
-		free(realm);
-		return NULL;
-	}
-
-	str = xml_node_to_str(ctx->xml, tnds);
-	xml_node_free(ctx->xml, tnds);
-	if (str == NULL) {
-		xml_node_free(ctx->xml, spp_node);
-		free(realm);
-		return NULL;
-	}
-
-	node = xml_node_create_text(ctx->xml, spp_node, ns, "addMO", str);
-	free(str);
-	snprintf(buf, sizeof(buf), "./Wi-Fi/%s/PerProviderSubscription", realm);
-	free(realm);
-	xml_node_add_attr(ctx->xml, node, ns, "managementTreeURI", buf);
-	xml_node_add_attr(ctx->xml, node, ns, "moURN", URN_HS20_PPS);
-
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_user_input_free_remediation(struct hs20_svc *ctx,
-						     const char *user,
-						     const char *realm,
-						     const char *session_id)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node;
-	xml_node_t *cred;
-	char buf[400];
-	char *status;
-	char *free_account, *pw;
-
-	free_account = db_get_osu_config_val(ctx, realm, "free_account");
-	if (free_account == NULL)
-		return NULL;
-	pw = db_get_val(ctx, free_account, realm, "password", 0);
-	if (pw == NULL) {
-		free(free_account);
-		return NULL;
-	}
-
-	cred = build_credential_pw(ctx, free_account, realm, pw, 1);
-	free(free_account);
-	free(pw);
-	if (!cred) {
-		xml_node_free(ctx->xml, cred);
-		return NULL;
-	}
-
-	status = "Remediation complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-
-	snprintf(buf, sizeof(buf),
-		 "./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
-		 realm);
-
-	if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) {
-		xml_node_free(ctx->xml, spp_node);
-		return NULL;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "free/public remediation", cred);
-	xml_node_free(ctx->xml, cred);
-
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_user_input_complete(struct hs20_svc *ctx,
-					     const char *user,
-					     const char *realm, int dmacc,
-					     const char *session_id)
-{
-	char *val;
-	enum hs20_session_operation oper;
-
-	val = db_get_session_val(ctx, user, realm, session_id, "operation");
-	if (val == NULL) {
-		debug_print(ctx, 1, "No session %s found to continue",
-			    session_id);
-		return NULL;
-	}
-	oper = atoi(val);
-	free(val);
-
-	if (oper == USER_REMEDIATION) {
-		return hs20_user_input_remediation(ctx, user, realm, dmacc,
-						   session_id);
-	}
-
-	if (oper == FREE_REMEDIATION) {
-		return hs20_user_input_free_remediation(ctx, user, realm,
-							session_id);
-	}
-
-	if (oper == SUBSCRIPTION_REGISTRATION) {
-		return hs20_user_input_registration(ctx, session_id, 0);
-	}
-
-	debug_print(ctx, 1, "User session %s not in state for user input "
-		    "completion", session_id);
-	return NULL;
-}
-
-
-static xml_node_t * hs20_cert_reenroll_complete(struct hs20_svc *ctx,
-						 const char *session_id)
-{
-	char *user, *realm, *cert;
-	char *status;
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *cred;
-	char buf[400];
-
-	user = db_get_session_val(ctx, NULL, NULL, session_id, "user");
-	realm = db_get_session_val(ctx, NULL, NULL, session_id, "realm");
-	cert = db_get_session_val(ctx, NULL, NULL, session_id, "cert");
-	if (!user || !realm || !cert) {
-		debug_print(ctx, 1,
-			    "Could not find session info from DB for certificate reenrollment");
-		free(user);
-		free(realm);
-		free(cert);
-		return NULL;
-	}
-
-	cred = build_credential_cert(ctx, user, realm, cert);
-	if (!cred) {
-		debug_print(ctx, 1, "Could not build credential");
-		free(user);
-		free(realm);
-		free(cert);
-		return NULL;
-	}
-
-	status = "Remediation complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL) {
-		debug_print(ctx, 1, "Could not build sppPostDevDataResponse");
-		free(user);
-		free(realm);
-		free(cert);
-		xml_node_free(ctx->xml, cred);
-		return NULL;
-	}
-
-	snprintf(buf, sizeof(buf),
-		 "./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
-		 realm);
-
-	if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) {
-		debug_print(ctx, 1, "Could not add update node");
-		xml_node_free(ctx->xml, spp_node);
-		free(user);
-		free(realm);
-		free(cert);
-		return NULL;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "certificate reenrollment", cred);
-	xml_node_free(ctx->xml, cred);
-
-	free(user);
-	free(realm);
-	free(cert);
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_cert_enroll_completed(struct hs20_svc *ctx,
-					       const char *user,
-					       const char *realm, int dmacc,
-					       const char *session_id)
-{
-	char *val;
-	enum hs20_session_operation oper;
-
-	val = db_get_session_val(ctx, NULL, NULL, session_id, "operation");
-	if (val == NULL) {
-		debug_print(ctx, 1, "No session %s found to continue",
-			    session_id);
-		return NULL;
-	}
-	oper = atoi(val);
-	free(val);
-
-	if (oper == SUBSCRIPTION_REGISTRATION)
-		return hs20_user_input_registration(ctx, session_id, 1);
-	if (oper == CERT_REENROLL)
-		return hs20_cert_reenroll_complete(ctx, session_id);
-
-	debug_print(ctx, 1, "User session %s not in state for certificate "
-		    "enrollment completion", session_id);
-	return NULL;
-}
-
-
-static xml_node_t * hs20_cert_enroll_failed(struct hs20_svc *ctx,
-					    const char *user,
-					    const char *realm, int dmacc,
-					    const char *session_id)
-{
-	char *val;
-	enum hs20_session_operation oper;
-	xml_node_t *spp_node, *node;
-	char *status;
-	xml_namespace_t *ns;
-
-	val = db_get_session_val(ctx, user, realm, session_id, "operation");
-	if (val == NULL) {
-		debug_print(ctx, 1, "No session %s found to continue",
-			    session_id);
-		return NULL;
-	}
-	oper = atoi(val);
-	free(val);
-
-	if (oper != SUBSCRIPTION_REGISTRATION) {
-		debug_print(ctx, 1, "User session %s not in state for "
-			    "enrollment failure", session_id);
-		return NULL;
-	}
-
-	status = "Error occurred";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (spp_node == NULL)
-		return NULL;
-	node = xml_node_create(ctx->xml, spp_node, ns, "sppError");
-	xml_node_add_attr(ctx->xml, node, NULL, "errorCode",
-			  "Credentials cannot be provisioned at this time");
-	db_remove_session(ctx, user, realm, session_id);
-
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_sim_provisioning(struct hs20_svc *ctx,
-					  const char *user,
-					  const char *realm, int dmacc,
-					  const char *session_id)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *node = NULL;
-	xml_node_t *pps, *tnds;
-	char buf[400];
-	char *str;
-	const char *status;
-	char dmacc_username[32];
-	char dmacc_password[32];
-	char *policy;
-	xml_node_t *policy_node = NULL;
-
-	if (!ctx->imsi) {
-		debug_print(ctx, 1, "IMSI not available for SIM provisioning");
-		return NULL;
-	}
-
-	if (new_password(dmacc_username, sizeof(dmacc_username)) < 0 ||
-	    new_password(dmacc_password, sizeof(dmacc_password)) < 0) {
-		debug_print(ctx, 1,
-			    "Failed to generate DMAcc username/password");
-		return NULL;
-	}
-
-	status = "Provisioning complete, request sppUpdateResponse";
-	spp_node = build_post_dev_data_response(ctx, &ns, session_id, status,
-						NULL);
-	if (!spp_node)
-		return NULL;
-
-	policy = db_get_osu_config_val(ctx, realm, "sim_policy");
-	if (policy) {
-		policy_node = read_policy_file(ctx, policy);
-		os_free(policy);
-		if (!policy_node) {
-			xml_node_free(ctx->xml, spp_node);
-			return NULL;
-		}
-		update_policy_update_uri(ctx, realm, policy_node);
-		node = get_node_uri(ctx->xml, policy_node,
-				    "Policy/PolicyUpdate");
-		if (node)
-			build_username_password(ctx, node, dmacc_username,
-						dmacc_password);
-	}
-
-	pps = build_pps(ctx, NULL, realm, NULL, NULL, 0, NULL, ctx->imsi,
-			dmacc_username, dmacc_password, policy_node);
-	if (!pps) {
-		xml_node_free(ctx->xml, spp_node);
-		return NULL;
-	}
-
-	debug_print(ctx, 1,
-		    "Request DB subscription registration on success notification");
-	if (!user || !user[0])
-		user = ctx->imsi;
-	db_add_session(ctx, user, realm, session_id, NULL, NULL,
-		       SUBSCRIPTION_REGISTRATION, NULL);
-	db_add_session_dmacc(ctx, session_id, dmacc_username, dmacc_password);
-	if (ctx->eap_method)
-		db_add_session_eap_method(ctx, session_id, ctx->eap_method);
-	if (ctx->id_hash)
-		db_add_session_id_hash(ctx, session_id, ctx->id_hash);
-	db_add_session_pps(ctx, user, realm, session_id, pps);
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "new subscription", pps);
-
-	tnds = mo_to_tnds(ctx->xml, pps, 0, URN_HS20_PPS, NULL);
-	xml_node_free(ctx->xml, pps);
-	if (!tnds) {
-		xml_node_free(ctx->xml, spp_node);
-		return NULL;
-	}
-
-	str = xml_node_to_str(ctx->xml, tnds);
-	xml_node_free(ctx->xml, tnds);
-	if (!str) {
-		xml_node_free(ctx->xml, spp_node);
-		return NULL;
-	}
-
-	node = xml_node_create_text(ctx->xml, spp_node, ns, "addMO", str);
-	free(str);
-	snprintf(buf, sizeof(buf), "./Wi-Fi/%s/PerProviderSubscription", realm);
-	xml_node_add_attr(ctx->xml, node, ns, "managementTreeURI", buf);
-	xml_node_add_attr(ctx->xml, node, ns, "moURN", URN_HS20_PPS);
-
-	return spp_node;
-}
-
-
-static xml_node_t * hs20_spp_post_dev_data(struct hs20_svc *ctx,
-					   xml_node_t *node,
-					   const char *user,
-					   const char *realm,
-					   const char *session_id,
-					   int dmacc)
-{
-	const char *req_reason;
-	char *redirect_uri = NULL;
-	char *req_reason_buf = NULL;
-	char str[200];
-	xml_node_t *ret = NULL, *devinfo = NULL, *devdetail = NULL;
-	xml_node_t *mo, *macaddr;
-	char *version;
-	int valid;
-	char *supp, *pos;
-	char *err;
-	u8 wifi_mac_addr[ETH_ALEN];
-
-	version = xml_node_get_attr_value_ns(ctx->xml, node, SPP_NS_URI,
-					     "sppVersion");
-	if (version == NULL || strstr(version, "1.0") == NULL) {
-		ret = build_post_dev_data_response(
-			ctx, NULL, session_id, "Error occurred",
-			"SPP version not supported");
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "Unsupported sppVersion", ret);
-		xml_node_get_attr_value_free(ctx->xml, version);
-		return ret;
-	}
-	xml_node_get_attr_value_free(ctx->xml, version);
-
-	mo = get_node(ctx->xml, node, "supportedMOList");
-	if (mo == NULL) {
-		ret = build_post_dev_data_response(
-			ctx, NULL, session_id, "Error occurred",
-			"Other");
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "No supportedMOList element", ret);
-		return ret;
-	}
-	supp = xml_node_get_text(ctx->xml, mo);
-	for (pos = supp; pos && *pos; pos++)
-		*pos = tolower(*pos);
-	if (supp == NULL ||
-	    strstr(supp, URN_OMA_DM_DEVINFO) == NULL ||
-	    strstr(supp, URN_OMA_DM_DEVDETAIL) == NULL ||
-	    strstr(supp, URN_HS20_PPS) == NULL) {
-		xml_node_get_text_free(ctx->xml, supp);
-		ret = build_post_dev_data_response(
-			ctx, NULL, session_id, "Error occurred",
-			"One or more mandatory MOs not supported");
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "Unsupported MOs", ret);
-		return ret;
-	}
-	xml_node_get_text_free(ctx->xml, supp);
-
-	req_reason_buf = xml_node_get_attr_value(ctx->xml, node,
-						 "requestReason");
-	if (req_reason_buf == NULL) {
-		debug_print(ctx, 1, "No requestReason attribute");
-		return NULL;
-	}
-	req_reason = req_reason_buf;
-
-	redirect_uri = xml_node_get_attr_value(ctx->xml, node, "redirectURI");
-
-	debug_print(ctx, 1, "requestReason: %s  sessionID: %s  redirectURI: %s",
-		    req_reason, session_id, redirect_uri);
-	snprintf(str, sizeof(str), "sppPostDevData: requestReason=%s",
-		 req_reason);
-	hs20_eventlog(ctx, user, realm, session_id, str, NULL);
-
-	devinfo = spp_get_mo(ctx, node, URN_OMA_DM_DEVINFO, &valid, &err);
-	if (devinfo == NULL) {
-		ret = build_post_dev_data_response(ctx, NULL, session_id,
-						   "Error occurred", "Other");
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "No DevInfo moContainer in sppPostDevData",
-				   ret);
-		os_free(err);
-		goto out;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "Received DevInfo MO", devinfo);
-	if (valid == 0) {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "OMA-DM DDF DTD validation errors in DevInfo MO",
-			      err);
-		ret = build_post_dev_data_response(ctx, NULL, session_id,
-						   "Error occurred", "Other");
-		os_free(err);
-		goto out;
-	}
-	os_free(err);
-	if (user)
-		db_update_mo(ctx, user, realm, "devinfo", devinfo);
-
-	devdetail = spp_get_mo(ctx, node, URN_OMA_DM_DEVDETAIL, &valid, &err);
-	if (devdetail == NULL) {
-		ret = build_post_dev_data_response(ctx, NULL, session_id,
-						   "Error occurred", "Other");
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "No DevDetail moContainer in sppPostDevData",
-				   ret);
-		os_free(err);
-		goto out;
-	}
-
-	hs20_eventlog_node(ctx, user, realm, session_id,
-			   "Received DevDetail MO", devdetail);
-	if (valid == 0) {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "OMA-DM DDF DTD validation errors "
-			      "in DevDetail MO", err);
-		ret = build_post_dev_data_response(ctx, NULL, session_id,
-						   "Error occurred", "Other");
-		os_free(err);
-		goto out;
-	}
-	os_free(err);
-
-	os_memset(wifi_mac_addr, 0, ETH_ALEN);
-	macaddr = get_node(ctx->xml, devdetail,
-			   "Ext/org.wi-fi/Wi-Fi/Wi-FiMACAddress");
-	if (macaddr) {
-		char *addr, buf[50];
-
-		addr = xml_node_get_text(ctx->xml, macaddr);
-		if (addr && hwaddr_compact_aton(addr, wifi_mac_addr) == 0) {
-			snprintf(buf, sizeof(buf), "DevDetail MAC address: "
-				 MACSTR, MAC2STR(wifi_mac_addr));
-			hs20_eventlog(ctx, user, realm, session_id, buf, NULL);
-			xml_node_get_text_free(ctx->xml, addr);
-		} else {
-			hs20_eventlog(ctx, user, realm, session_id,
-				      "Could not extract MAC address from DevDetail",
-				      NULL);
-		}
-	} else {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "No MAC address in DevDetail", NULL);
-	}
-
-	if (user)
-		db_update_mo(ctx, user, realm, "devdetail", devdetail);
-
-	if (user)
-		mo = spp_get_mo(ctx, node, URN_HS20_PPS, &valid, &err);
-	else {
-		mo = NULL;
-		err = NULL;
-	}
-	if (user && mo) {
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "Received PPS MO", mo);
-		if (valid == 0) {
-			hs20_eventlog(ctx, user, realm, session_id,
-				      "OMA-DM DDF DTD validation errors "
-				      "in PPS MO", err);
-			xml_node_get_attr_value_free(ctx->xml, redirect_uri);
-			os_free(err);
-			return build_post_dev_data_response(
-				ctx, NULL, session_id,
-				"Error occurred", "Other");
-		}
-		db_update_mo(ctx, user, realm, "pps", mo);
-		db_update_val(ctx, user, realm, "fetch_pps", "0", dmacc);
-		xml_node_free(ctx->xml, mo);
-	}
-	os_free(err);
-
-	if (user && !mo) {
-		char *fetch;
-		int fetch_pps;
-
-		fetch = db_get_val(ctx, user, realm, "fetch_pps", dmacc);
-		fetch_pps = fetch ? atoi(fetch) : 0;
-		free(fetch);
-
-		if (fetch_pps) {
-			enum hs20_session_operation oper;
-			if (strcasecmp(req_reason, "Subscription remediation")
-			    == 0)
-				oper = CONTINUE_SUBSCRIPTION_REMEDIATION;
-			else if (strcasecmp(req_reason, "Policy update") == 0)
-				oper = CONTINUE_POLICY_UPDATE;
-			else
-				oper = NO_OPERATION;
-			if (db_add_session(ctx, user, realm, session_id, NULL,
-					   NULL, oper, NULL) < 0)
-				goto out;
-
-			ret = spp_exec_upload_mo(ctx, session_id,
-						 URN_HS20_PPS);
-			hs20_eventlog_node(ctx, user, realm, session_id,
-					   "request PPS MO upload",
-					   ret);
-			goto out;
-		}
-	}
-
-	if (user && strcasecmp(req_reason, "MO upload") == 0) {
-		char *val = db_get_session_val(ctx, user, realm, session_id,
-					       "operation");
-		enum hs20_session_operation oper;
-		if (!val) {
-			debug_print(ctx, 1, "No session %s found to continue",
-				    session_id);
-			goto out;
-		}
-		oper = atoi(val);
-		free(val);
-		if (oper == CONTINUE_SUBSCRIPTION_REMEDIATION)
-			req_reason = "Subscription remediation";
-		else if (oper == CONTINUE_POLICY_UPDATE)
-			req_reason = "Policy update";
-		else {
-			debug_print(ctx, 1,
-				    "No pending operation in session %s",
-				    session_id);
-			goto out;
-		}
-	}
-
-	if (strcasecmp(req_reason, "Subscription registration") == 0) {
-		ret = hs20_subscription_registration(ctx, realm, session_id,
-						     redirect_uri,
-						     wifi_mac_addr);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "subscription registration response",
-				   ret);
-		goto out;
-	}
-	if (user && strcasecmp(req_reason, "Subscription remediation") == 0) {
-		ret = hs20_subscription_remediation(ctx, user, realm,
-						    session_id, dmacc,
-						    redirect_uri);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "subscription remediation response",
-				   ret);
-		goto out;
-	}
-	if (user && strcasecmp(req_reason, "Policy update") == 0) {
-		ret = hs20_policy_update(ctx, user, realm, session_id, dmacc);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "policy update response",
-				   ret);
-		goto out;
-	}
-
-	if (strcasecmp(req_reason, "User input completed") == 0) {
-		db_add_session_devinfo(ctx, session_id, devinfo);
-		db_add_session_devdetail(ctx, session_id, devdetail);
-		ret = hs20_user_input_complete(ctx, user, realm, dmacc,
-					       session_id);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "user input completed response", ret);
-		goto out;
-	}
-
-	if (strcasecmp(req_reason, "Certificate enrollment completed") == 0) {
-		ret = hs20_cert_enroll_completed(ctx, user, realm, dmacc,
-						 session_id);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "certificate enrollment response", ret);
-		goto out;
-	}
-
-	if (strcasecmp(req_reason, "Certificate enrollment failed") == 0) {
-		ret = hs20_cert_enroll_failed(ctx, user, realm, dmacc,
-					      session_id);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "certificate enrollment failed response",
-				   ret);
-		goto out;
-	}
-
-	if (strcasecmp(req_reason, "Subscription provisioning") == 0) {
-		ret = hs20_sim_provisioning(ctx, user, realm, dmacc,
-					    session_id);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "subscription provisioning response",
-				   ret);
-		goto out;
-	}
-
-	debug_print(ctx, 1, "Unsupported requestReason '%s' user '%s'",
-		    req_reason, user);
-out:
-	xml_node_get_attr_value_free(ctx->xml, req_reason_buf);
-	xml_node_get_attr_value_free(ctx->xml, redirect_uri);
-	if (devinfo)
-		xml_node_free(ctx->xml, devinfo);
-	if (devdetail)
-		xml_node_free(ctx->xml, devdetail);
-	return ret;
-}
-
-
-static xml_node_t * build_spp_exchange_complete(struct hs20_svc *ctx,
-						const char *session_id,
-						const char *status,
-						const char *error_code)
-{
-	xml_namespace_t *ns;
-	xml_node_t *spp_node, *node;
-
-	spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns,
-					"sppExchangeComplete");
-
-
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0");
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID", session_id);
-	xml_node_add_attr(ctx->xml, spp_node, ns, "sppStatus", status);
-
-	if (error_code) {
-		node = xml_node_create(ctx->xml, spp_node, ns, "sppError");
-		xml_node_add_attr(ctx->xml, node, NULL, "errorCode",
-				  error_code);
-	}
-
-	return spp_node;
-}
-
-
-static int add_subscription(struct hs20_svc *ctx, const char *session_id)
-{
-	char *user, *realm, *pw, *pw_mm, *pps, *str;
-	char *osu_user, *osu_password, *eap_method;
-	char *policy = NULL;
-	char *sql;
-	int ret = -1;
-	char *free_account;
-	int free_acc;
-	char *type;
-	int cert = 0;
-	char *cert_pem, *fingerprint;
-	const char *method;
-
-	user = db_get_session_val(ctx, NULL, NULL, session_id, "user");
-	realm = db_get_session_val(ctx, NULL, NULL, session_id, "realm");
-	pw = db_get_session_val(ctx, NULL, NULL, session_id, "password");
-	pw_mm = db_get_session_val(ctx, NULL, NULL, session_id,
-				   "machine_managed");
-	pps = db_get_session_val(ctx, NULL, NULL, session_id, "pps");
-	cert_pem = db_get_session_val(ctx, NULL, NULL, session_id, "cert_pem");
-	fingerprint = db_get_session_val(ctx, NULL, NULL, session_id, "cert");
-	type = db_get_session_val(ctx, NULL, NULL, session_id, "type");
-	if (type && strcmp(type, "cert") == 0)
-		cert = 1;
-	free(type);
-	osu_user = db_get_session_val(ctx, NULL, NULL, session_id, "osu_user");
-	osu_password = db_get_session_val(ctx, NULL, NULL, session_id,
-					  "osu_password");
-	eap_method = db_get_session_val(ctx, NULL, NULL, session_id,
-					"eap_method");
-
-	if (!user || !realm || !pw) {
-		debug_print(ctx, 1, "Could not find session info from DB for "
-			    "the new subscription");
-		goto out;
-	}
-
-	free_account = db_get_osu_config_val(ctx, realm, "free_account");
-	free_acc = free_account && strcmp(free_account, user) == 0;
-	free(free_account);
-
-	policy = db_get_osu_config_val(ctx, realm, "sim_policy");
-
-	debug_print(ctx, 1,
-		    "New subscription: user='%s' realm='%s' free_acc=%d",
-		    user, realm, free_acc);
-	debug_print(ctx, 1, "New subscription: pps='%s'", pps);
-
-	sql = sqlite3_mprintf("UPDATE eventlog SET user=%Q, realm=%Q WHERE "
-			      "sessionid=%Q AND (user='' OR user IS NULL)",
-			      user, realm, session_id);
-	if (sql) {
-		debug_print(ctx, 1, "DB: %s", sql);
-		if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-			debug_print(ctx, 1, "Failed to update eventlog in "
-				    "sqlite database: %s",
-				    sqlite3_errmsg(ctx->db));
-		}
-		sqlite3_free(sql);
-	}
-
-	if (free_acc) {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "completed shared free account registration",
-			      NULL);
-		ret = 0;
-		goto out;
-	}
-
-	str = db_get_session_val(ctx, NULL, NULL, session_id, "mac_addr");
-
-	if (eap_method && eap_method[0])
-		method = eap_method;
-	else
-		method = cert ? "TLS" : "TTLS-MSCHAPV2";
-	sql = sqlite3_mprintf("INSERT INTO users(identity,realm,phase2,methods,cert,cert_pem,machine_managed,mac_addr,osu_user,osu_password,policy) VALUES (%Q,%Q,%d,%Q,%Q,%Q,%d,%Q,%Q,%Q,%Q)",
-			      user, realm, cert ? 0 : 1,
-			      method,
-			      fingerprint ? fingerprint : "",
-			      cert_pem ? cert_pem : "",
-			      pw_mm && atoi(pw_mm) ? 1 : 0,
-			      str ? str : "",
-			      osu_user ? osu_user : "",
-			      osu_password ? osu_password : "",
-			      policy ? policy : "");
-	free(str);
-	if (sql == NULL)
-		goto out;
-	debug_print(ctx, 1, "DB: %s", sql);
-	if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
-		debug_print(ctx, 1, "Failed to add user in sqlite database: %s",
-			    sqlite3_errmsg(ctx->db));
-		sqlite3_free(sql);
-		goto out;
-	}
-	sqlite3_free(sql);
-
-	if (cert)
-		ret = 0;
-	else
-		ret = update_password(ctx, user, realm, pw, 0);
-	if (ret < 0) {
-		sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
-				      user, realm);
-		if (sql) {
-			debug_print(ctx, 1, "DB: %s", sql);
-			sqlite3_exec(ctx->db, sql, NULL, NULL, NULL);
-			sqlite3_free(sql);
-		}
-	}
-
-	if (pps)
-		db_update_mo_str(ctx, user, realm, "pps", pps);
-
-	str = db_get_session_val(ctx, NULL, NULL, session_id, "devinfo");
-	if (str) {
-		db_update_mo_str(ctx, user, realm, "devinfo", str);
-		free(str);
-	}
-
-	str = db_get_session_val(ctx, NULL, NULL, session_id, "devdetail");
-	if (str) {
-		db_update_mo_str(ctx, user, realm, "devdetail", str);
-		free(str);
-	}
-
-	if (cert && user) {
-		const char *serialnum;
-
-		str = db_get_session_val(ctx, NULL, NULL, session_id,
-					 "mac_addr");
-
-		if (os_strncmp(user, "cert-", 5) == 0)
-			serialnum = user + 5;
-		else
-			serialnum = "";
-		sql = sqlite3_mprintf("INSERT OR REPLACE INTO cert_enroll (mac_addr,user,realm,serialnum) VALUES(%Q,%Q,%Q,%Q)",
-				      str ? str : "", user, realm ? realm : "",
-				      serialnum);
-		free(str);
-		if (sql) {
-			debug_print(ctx, 1, "DB: %s", sql);
-			if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) !=
-			    SQLITE_OK) {
-				debug_print(ctx, 1,
-					    "Failed to add cert_enroll entry into sqlite database: %s",
-					    sqlite3_errmsg(ctx->db));
-			}
-			sqlite3_free(sql);
-		}
-	}
-
-	str = db_get_session_val(ctx, NULL, NULL, session_id,
-				 "mobile_identifier_hash");
-	if (str) {
-		sql = sqlite3_mprintf("DELETE FROM sim_provisioning WHERE mobile_identifier_hash=%Q",
-				      str);
-		if (sql) {
-			debug_print(ctx, 1, "DB: %s", sql);
-			if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) !=
-			    SQLITE_OK) {
-				debug_print(ctx, 1,
-					    "Failed to delete pending sim_provisioning entry: %s",
-					    sqlite3_errmsg(ctx->db));
-			}
-			sqlite3_free(sql);
-		}
-		os_free(str);
-	}
-
-	if (ret == 0) {
-		hs20_eventlog(ctx, user, realm, session_id,
-			      "completed subscription registration", NULL);
-	}
-
-out:
-	free(user);
-	free(realm);
-	free(pw);
-	free(pw_mm);
-	free(pps);
-	free(cert_pem);
-	free(fingerprint);
-	free(osu_user);
-	free(osu_password);
-	free(eap_method);
-	os_free(policy);
-	return ret;
-}
-
-
-static xml_node_t * hs20_spp_update_response(struct hs20_svc *ctx,
-					     xml_node_t *node,
-					     const char *user,
-					     const char *realm,
-					     const char *session_id,
-					     int dmacc)
-{
-	char *status;
-	xml_node_t *ret;
-	char *val;
-	enum hs20_session_operation oper;
-
-	status = xml_node_get_attr_value_ns(ctx->xml, node, SPP_NS_URI,
-					    "sppStatus");
-	if (status == NULL) {
-		debug_print(ctx, 1, "No sppStatus attribute");
-		return NULL;
-	}
-
-	debug_print(ctx, 1, "sppUpdateResponse: sppStatus: %s  sessionID: %s",
-		    status, session_id);
-
-	val = db_get_session_val(ctx, NULL, NULL, session_id, "operation");
-	if (!val) {
-		debug_print(ctx, 1,
-			    "No session active for sessionID: %s",
-			    session_id);
-		oper = NO_OPERATION;
-	} else
-		oper = atoi(val);
-
-	if (strcasecmp(status, "OK") == 0) {
-		char *new_pw = NULL;
-
-		xml_node_get_attr_value_free(ctx->xml, status);
-
-		if (oper == USER_REMEDIATION) {
-			new_pw = db_get_session_val(ctx, user, realm,
-						    session_id, "password");
-			if (new_pw == NULL || strlen(new_pw) == 0) {
-				free(new_pw);
-				ret = build_spp_exchange_complete(
-					ctx, session_id, "Error occurred",
-					"Other");
-				hs20_eventlog_node(ctx, user, realm,
-						   session_id, "No password "
-						   "had been assigned for "
-						   "session", ret);
-				db_remove_session(ctx, user, realm, session_id);
-				return ret;
-			}
-			oper = UPDATE_PASSWORD;
-		}
-		if (oper == UPDATE_PASSWORD) {
-			if (!new_pw) {
-				new_pw = db_get_session_val(ctx, user, realm,
-							    session_id,
-							    "password");
-				if (!new_pw) {
-					db_remove_session(ctx, user, realm,
-							  session_id);
-					return NULL;
-				}
-			}
-			debug_print(ctx, 1, "Update user '%s' password in DB",
-				    user);
-			if (update_password(ctx, user, realm, new_pw, dmacc) <
-			    0) {
-				debug_print(ctx, 1, "Failed to update user "
-					    "'%s' password in DB", user);
-				ret = build_spp_exchange_complete(
-					ctx, session_id, "Error occurred",
-					"Other");
-				hs20_eventlog_node(ctx, user, realm,
-						   session_id, "Failed to "
-						   "update database", ret);
-				db_remove_session(ctx, user, realm, session_id);
-				return ret;
-			}
-			hs20_eventlog(ctx, user, realm,
-				      session_id, "Updated user password "
-				      "in database", NULL);
-		}
-		if (oper == CLEAR_REMEDIATION) {
-			debug_print(ctx, 1,
-				    "Clear remediation requirement for user '%s' in DB",
-				    user);
-			if (clear_remediation(ctx, user, realm, dmacc) < 0) {
-				debug_print(ctx, 1,
-					    "Failed to clear remediation requirement for user '%s' in DB",
-					    user);
-				ret = build_spp_exchange_complete(
-					ctx, session_id, "Error occurred",
-					"Other");
-				hs20_eventlog_node(ctx, user, realm,
-						   session_id,
-						   "Failed to update database",
-						   ret);
-				db_remove_session(ctx, user, realm, session_id);
-				return ret;
-			}
-			hs20_eventlog(ctx, user, realm,
-				      session_id,
-				      "Cleared remediation requirement in database",
-				      NULL);
-		}
-		if (oper == SUBSCRIPTION_REGISTRATION) {
-			if (add_subscription(ctx, session_id) < 0) {
-				debug_print(ctx, 1, "Failed to add "
-					    "subscription into DB");
-				ret = build_spp_exchange_complete(
-					ctx, session_id, "Error occurred",
-					"Other");
-				hs20_eventlog_node(ctx, user, realm,
-						   session_id, "Failed to "
-						   "update database", ret);
-				db_remove_session(ctx, user, realm, session_id);
-				return ret;
-			}
-		}
-		if (oper == POLICY_REMEDIATION || oper == POLICY_UPDATE) {
-			char *val;
-			val = db_get_val(ctx, user, realm, "remediation",
-					 dmacc);
-			if (val && strcmp(val, "policy") == 0)
-				db_update_val(ctx, user, realm, "remediation",
-					      "", dmacc);
-			free(val);
-		}
-		if (oper == POLICY_UPDATE)
-			db_update_val(ctx, user, realm, "polupd_done", "1",
-				      dmacc);
-		if (oper == CERT_REENROLL) {
-			char *new_user;
-			char event[200];
-
-			new_user = db_get_session_val(ctx, NULL, NULL,
-						      session_id, "user");
-			if (!new_user) {
-				debug_print(ctx, 1,
-					    "Failed to find new user name (cert-serialnum)");
-				ret = build_spp_exchange_complete(
-					ctx, session_id, "Error occurred",
-					"Other");
-				hs20_eventlog_node(ctx, user, realm,
-						   session_id,
-						   "Failed to find new user name (cert reenroll)",
-						   ret);
-				db_remove_session(ctx, NULL, NULL, session_id);
-				return ret;
-			}
-
-			debug_print(ctx, 1,
-				    "Update certificate user entry to use the new serial number (old=%s new=%s)",
-				    user, new_user);
-			os_snprintf(event, sizeof(event), "renamed user to: %s",
-				    new_user);
-			hs20_eventlog(ctx, user, realm, session_id, event,
-				      NULL);
-
-			if (db_update_val(ctx, user, realm, "identity",
-					  new_user, 0) < 0 ||
-			    db_update_val(ctx, new_user, realm, "remediation",
-					  "", 0) < 0) {
-				debug_print(ctx, 1,
-					    "Failed to update user name (cert-serialnum)");
-				ret = build_spp_exchange_complete(
-					ctx, session_id, "Error occurred",
-					"Other");
-				hs20_eventlog_node(ctx, user, realm,
-						   session_id,
-						   "Failed to update user name (cert reenroll)",
-						   ret);
-				db_remove_session(ctx, NULL, NULL, session_id);
-				os_free(new_user);
-				return ret;
-			}
-
-			os_free(new_user);
-		}
-		ret = build_spp_exchange_complete(
-			ctx, session_id,
-			"Exchange complete, release TLS connection", NULL);
-		hs20_eventlog_node(ctx, user, realm, session_id,
-				   "Exchange completed", ret);
-		db_remove_session(ctx, NULL, NULL, session_id);
-		return ret;
-	}
-
-	ret = build_spp_exchange_complete(ctx, session_id, "Error occurred",
-					  "Other");
-	hs20_eventlog_node(ctx, user, realm, session_id, "Error occurred", ret);
-	db_remove_session(ctx, user, realm, session_id);
-	xml_node_get_attr_value_free(ctx->xml, status);
-	return ret;
-}
-
-
-#define SPP_SESSION_ID_LEN 16
-
-static char * gen_spp_session_id(void)
-{
-	FILE *f;
-	int i;
-	char *session;
-
-	session = os_malloc(SPP_SESSION_ID_LEN * 2 + 1);
-	if (session == NULL)
-		return NULL;
-
-	f = fopen("/dev/urandom", "r");
-	if (f == NULL) {
-		os_free(session);
-		return NULL;
-	}
-	for (i = 0; i < SPP_SESSION_ID_LEN; i++)
-		os_snprintf(session + i * 2, 3, "%02x", fgetc(f));
-
-	fclose(f);
-	return session;
-}
-
-xml_node_t * hs20_spp_server_process(struct hs20_svc *ctx, xml_node_t *node,
-				     const char *auth_user,
-				     const char *auth_realm, int dmacc)
-{
-	xml_node_t *ret = NULL;
-	char *session_id;
-	const char *op_name;
-	char *xml_err;
-	char fname[200];
-
-	debug_dump_node(ctx, "received request", node);
-
-	if (!dmacc && auth_user && auth_realm) {
-		char *real;
-		real = db_get_val(ctx, auth_user, auth_realm, "identity", 0);
-		if (!real) {
-			real = db_get_val(ctx, auth_user, auth_realm,
-					  "identity", 1);
-			if (real)
-				dmacc = 1;
-		}
-		os_free(real);
-	}
-
-	snprintf(fname, sizeof(fname), "%s/spp/spp.xsd", ctx->root_dir);
-	if (xml_validate(ctx->xml, node, fname, &xml_err) < 0) {
-		/*
-		 * We may not be able to extract the sessionID from invalid
-		 * input, but well, we can try.
-		 */
-		session_id = xml_node_get_attr_value_ns(ctx->xml, node,
-							SPP_NS_URI,
-							"sessionID");
-		debug_print(ctx, 1,
-			    "SPP message failed validation, xsd file: %s  xml-error: %s",
-			    fname, xml_err);
-		hs20_eventlog_node(ctx, auth_user, auth_realm, session_id,
-				   "SPP message failed validation", node);
-		hs20_eventlog(ctx, auth_user, auth_realm, session_id,
-			      "Validation errors", xml_err);
-		os_free(xml_err);
-		xml_node_get_attr_value_free(ctx->xml, session_id);
-		/* TODO: what to return here? */
-		ret = xml_node_create_root(ctx->xml, NULL, NULL, NULL,
-					   "SppValidationError");
-		return ret;
-	}
-
-	session_id = xml_node_get_attr_value_ns(ctx->xml, node, SPP_NS_URI,
-						"sessionID");
-	if (session_id) {
-		char *tmp;
-		debug_print(ctx, 1, "Received sessionID %s", session_id);
-		tmp = os_strdup(session_id);
-		xml_node_get_attr_value_free(ctx->xml, session_id);
-		if (tmp == NULL)
-			return NULL;
-		session_id = tmp;
-	} else {
-		session_id = gen_spp_session_id();
-		if (session_id == NULL) {
-			debug_print(ctx, 1, "Failed to generate sessionID");
-			return NULL;
-		}
-		debug_print(ctx, 1, "Generated sessionID %s", session_id);
-	}
-
-	op_name = xml_node_get_localname(ctx->xml, node);
-	if (op_name == NULL) {
-		debug_print(ctx, 1, "Could not get op_name");
-		return NULL;
-	}
-
-	if (strcmp(op_name, "sppPostDevData") == 0) {
-		hs20_eventlog_node(ctx, auth_user, auth_realm, session_id,
-				   "sppPostDevData received and validated",
-				   node);
-		ret = hs20_spp_post_dev_data(ctx, node, auth_user, auth_realm,
-					     session_id, dmacc);
-	} else if (strcmp(op_name, "sppUpdateResponse") == 0) {
-		hs20_eventlog_node(ctx, auth_user, auth_realm, session_id,
-				   "sppUpdateResponse received and validated",
-				   node);
-		ret = hs20_spp_update_response(ctx, node, auth_user,
-					       auth_realm, session_id, dmacc);
-	} else {
-		hs20_eventlog_node(ctx, auth_user, auth_realm, session_id,
-				   "Unsupported SPP message received and "
-				   "validated", node);
-		debug_print(ctx, 1, "Unsupported operation '%s'", op_name);
-		/* TODO: what to return here? */
-		ret = xml_node_create_root(ctx->xml, NULL, NULL, NULL,
-					   "SppUnknownCommandError");
-	}
-	os_free(session_id);
-
-	if (ret == NULL) {
-		/* TODO: what to return here? */
-		ret = xml_node_create_root(ctx->xml, NULL, NULL, NULL,
-					   "SppInternalError");
-	}
-
-	return ret;
-}
-
-
-int hs20_spp_server_init(struct hs20_svc *ctx)
-{
-	char fname[200];
-	ctx->db = NULL;
-	snprintf(fname, sizeof(fname), "%s/AS/DB/eap_user.db", ctx->root_dir);
-	if (sqlite3_open(fname, &ctx->db)) {
-		printf("Failed to open sqlite database: %s\n",
-		       sqlite3_errmsg(ctx->db));
-		sqlite3_close(ctx->db);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-void hs20_spp_server_deinit(struct hs20_svc *ctx)
-{
-	sqlite3_close(ctx->db);
-	ctx->db = NULL;
-}
diff --git a/hs20/server/spp_server.h b/hs20/server/spp_server.h
deleted file mode 100644
index 421974c607b8..000000000000
--- a/hs20/server/spp_server.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Hotspot 2.0 SPP server
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef SPP_SERVER_H
-#define SPP_SERVER_H
-
-struct hs20_svc {
-	const void *ctx;
-	struct xml_node_ctx *xml;
-	char *root_dir;
-	FILE *debug_log;
-	sqlite3 *db;
-	const char *addr;
-	const char *test;
-	const char *imsi;
-	const char *eap_method;
-	const char *id_hash;
-};
-
-
-void debug_print(struct hs20_svc *ctx, int print, const char *fmt, ...)
-	__attribute__ ((format (printf, 3, 4)));
-void debug_dump_node(struct hs20_svc *ctx, const char *title, xml_node_t *node);
-
-xml_node_t * hs20_spp_server_process(struct hs20_svc *ctx, xml_node_t *node,
-				     const char *auth_user,
-				     const char *auth_realm, int dmacc);
-int hs20_spp_server_init(struct hs20_svc *ctx);
-void hs20_spp_server_deinit(struct hs20_svc *ctx);
-
-#endif /* SPP_SERVER_H */
diff --git a/hs20/server/sql-example.txt b/hs20/server/sql-example.txt
deleted file mode 100644
index 20dcf2f5c688..000000000000
--- a/hs20/server/sql-example.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','fqdn','example.com');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','friendly_name','Example Operator');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','spp_http_auth_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/spp-root-ca.der');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/aaa-root-ca.der');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_account','free');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','policy_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','remediation_url','https://subscription-server.osu.example.com/hs20/remediation.php?session_id=');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_remediation_url','https://subscription-server.osu.example.com/hs20/free-remediation.php?session_id=');
-INSERT INTO osu_config(realm,field,value) VALUES('example.com','signup_url','https://subscription-server.osu.example.com/hs20/signup.php?session_id=');
-
-
-INSERT INTO users(identity,realm,methods,password,phase2,shared) VALUES('free','example.com','TTLS-MSCHAPV2','free',1,1);
-
-INSERT INTO wildcards(identity,methods) VALUES('','TTLS,TLS');
diff --git a/hs20/server/sql.txt b/hs20/server/sql.txt
deleted file mode 100644
index 2cc6edea4063..000000000000
--- a/hs20/server/sql.txt
+++ /dev/null
@@ -1,108 +0,0 @@
-CREATE TABLE eventlog(
-	user TEXT,
-	realm TEXT,
-	sessionid TEXT COLLATE NOCASE,
-	timestamp TEXT,
-	notes TEXT,
-	dump TEXT,
-	addr TEXT
-);
-
-CREATE TABLE sessions(
-	timestamp TEXT,
-	id TEXT COLLATE NOCASE,
-	user TEXT,
-	realm TEXT,
-	password TEXT,
-	machine_managed BOOLEAN,
-	operation INTEGER,
-	type TEXT,
-	pps TEXT,
-	redirect_uri TEXT,
-	devinfo TEXT,
-	devdetail TEXT,
-	cert TEXT,
-	cert_pem TEXT,
-	mac_addr TEXT,
-	osu_user TEXT,
-	osu_password TEXT,
-	eap_method TEXT,
-	mobile_identifier_hash TEXT,
-	test TEXT
-);
-
-CREATE index sessions_id_index ON sessions(id);
-
-CREATE TABLE osu_config(
-       realm TEXT,
-       field TEXT,
-       value TEXT
-);
-
-CREATE TABLE users(
-	identity TEXT PRIMARY KEY,
-	methods TEXT,
-	password TEXT,
-	machine_managed BOOLEAN,
-	remediation TEXT,
-	phase2 INTEGER,
-	realm TEXT,
-	policy TEXT,
-	devinfo TEXT,
-	devdetail TEXT,
-	pps TEXT,
-	fetch_pps INTEGER,
-	osu_user TEXT,
-	osu_password TEXT,
-	shared INTEGER,
-	cert TEXT,
-	cert_pem TEXT,
-	t_c_timestamp INTEGER,
-	mac_addr TEXT,
-	last_msk TEXT,
-	polupd_done TEXT,
-	subrem TEXT
-);
-
-CREATE TABLE wildcards(
-	identity TEXT PRIMARY KEY,
-	methods TEXT
-);
-
-CREATE TABLE authlog(
-	timestamp TEXT,
-	session TEXT,
-	nas_ip TEXT,
-	username TEXT,
-	note TEXT
-);
-
-CREATE TABLE pending_tc(
-	mac_addr TEXT PRIMARY KEY,
-	identity TEXT
-);
-
-CREATE TABLE current_sessions(
-	mac_addr TEXT PRIMARY KEY,
-	identity TEXT,
-	start_time TEXT,
-	nas TEXT,
-	hs20_t_c_filtering BOOLEAN,
-	waiting_coa_ack BOOLEAN,
-	coa_ack_received BOOLEAN
-);
-
-CREATE TABLE cert_enroll(
-	mac_addr TEXT PRIMARY KEY,
-	user TEXT,
-	realm TEXT,
-	serialnum TEXT
-);
-
-CREATE TABLE sim_provisioning(
-	mobile_identifier_hash TEXT PRIMARY KEY,
-	imsi TEXT,
-	mac_addr TEXT,
-	eap_method TEXT,
-	timestamp TEXT
-);
diff --git a/hs20/server/www/add-free.php b/hs20/server/www/add-free.php
deleted file mode 100644
index 1efc65563274..000000000000
--- a/hs20/server/www/add-free.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_POST["id"]))
-  $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
-else
-  die("Missing session id");
-if (strlen($id) < 32)
-  die("Invalid session id");
-
-$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found");
-}
-
-$uri = $row['redirect_uri'];
-$rowid = $row['rowid'];
-$realm = $row['realm'];
-
-$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch();
-if (!$row || strlen($row['value']) == 0) {
-  die("Free account disabled");
-}
-
-$user = $row['value'];
-
-$row = $db->query("SELECT password FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
-if (!$row)
-  die("Free account not found");
-
-$pw = $row['password'];
-
-if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', machine_managed='1' WHERE rowid=$rowid")) {
-  die("Failed to update session database");
-}
-
-$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
-	"VALUES ('$user', '$realm', '$id', " .
-	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
-	"'completed user input response for a new PPS MO')");
-
-header("Location: $uri", true, 302);
-
-?>
diff --git a/hs20/server/www/add-mo.php b/hs20/server/www/add-mo.php
deleted file mode 100644
index a3b4513531f8..000000000000
--- a/hs20/server/www/add-mo.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_POST["id"]))
-  $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
-else
-  die("Missing session id");
-
-$user = $_POST["user"];
-$pw = $_POST["password"];
-if (strlen($id) < 32 || !isset($user) || !isset($pw)) {
-  die("Invalid POST data");
-}
-
-if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) {
-  echo "<html><body><p><red>Invalid username</red></p>\n";
-  echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
-  echo "</body></html>\n";
-  exit;
-}
-
-$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found");
-}
-$realm = $row['realm'];
-
-$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
-if ($userrow) {
-  echo "<html><body><p><red>Selected username is not available</red></p>\n";
-  echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
-  echo "</body></html>\n";
-  exit;
-}
-
-$uri = $row['redirect_uri'];
-$rowid = $row['rowid'];
-
-if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
-  die("Failed to update session database");
-}
-
-$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
-	"VALUES ('$user', '$realm', '$id', " .
-	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
-	"'completed user input response for a new PPS MO')");
-
-header("Location: $uri", true, 302);
-
-?>
diff --git a/hs20/server/www/cert-enroll.php b/hs20/server/www/cert-enroll.php
deleted file mode 100644
index f023ca5a5b03..000000000000
--- a/hs20/server/www/cert-enroll.php
+++ /dev/null
@@ -1,39 +0,0 @@
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_GET["id"]))
-  $id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
-else
-  die("Missing session id");
-if (strlen($id) < 32)
-  die("Invalid session id");
-
-$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found");
-}
-
-$uri = $row['redirect_uri'];
-$rowid = $row['rowid'];
-$realm = $row['realm'];
-
-$user = sha1(mt_rand());
-
-if (!$db->exec("UPDATE sessions SET user='$user', type='cert' WHERE rowid=$rowid")) {
-  die("Failed to update session database");
-}
-
-$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
-	"VALUES ('', '$realm', '$id', " .
-	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
-	"'completed user input response for client certificate enrollment')");
-
-header("Location: $uri", true, 302);
-
-?>
diff --git a/hs20/server/www/config.php b/hs20/server/www/config.php
deleted file mode 100644
index 4272b102a88c..000000000000
--- a/hs20/server/www/config.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-$osu_root = "/home/user/hs20-server";
-$osu_db = "sqlite:$osu_root/AS/DB/eap_user.db";
-$t_c_file = "$osu_root/terms-and-conditions";
-$t_c_timestamp = 123456789;
-$hostapd_ctrl = "udg:///home/user/hs20-server/AS/ctrl/as"
-?>
diff --git a/hs20/server/www/est.php b/hs20/server/www/est.php
deleted file mode 100644
index b7fb260d56c4..000000000000
--- a/hs20/server/www/est.php
+++ /dev/null
@@ -1,232 +0,0 @@
-<?php
-
-require('config.php');
-
-$params = explode("/", $_SERVER["PATH_INFO"], 3);
-$realm = $params[1];
-$cmd = $params[2];
-$method = $_SERVER["REQUEST_METHOD"];
-
-unset($user);
-unset($rowid);
-
-$db = new PDO($osu_db);
-if (!$db) {
-  error_log("EST: Could not access database");
-  die("Could not access database");
-}
-
-if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
-  $needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
-		  'uri'=>1, 'response'=>1);
-  $data = array();
-  $keys = implode('|', array_keys($needed));
-  preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
-		 $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
-  foreach ($matches as $m) {
-    $data[$m[1]] = $m[3] ? $m[3] : $m[4];
-    unset($needed[$m[1]]);
-  }
-  if ($needed) {
-    error_log("EST: Missing auth parameter");
-    die('Authentication failed');
-  }
-  $user = $data['username'];
-  if (strlen($user) < 1) {
-    error_log("EST: Empty username");
-    die('Authentication failed');
-  }
-
-  $sql = "SELECT rowid,password,operation FROM sessions " .
-    "WHERE user='$user' AND realm='$realm'";
-  $q = $db->query($sql);
-  if (!$q) {
-    error_log("EST: Session not found for user=$user realm=$realm");
-    die("Session not found");
-  }
-  $row = $q->fetch();
-  if (!$row) {
-    error_log("EST: Session fetch failed for user=$user realm=$realm");
-    die('Session not found');
-  }
-  $rowid = $row['rowid'];
-
-  $oper = $row['operation'];
-  if ($oper != '5') {
-    error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
-    die("Session not found");
-  }
-  $pw = $row['password'];
-  if (strlen($pw) < 1) {
-    error_log("EST: Empty password for user=$user realm=$realm");
-    die('Authentication failed');
-  }
-
-  $A1 = md5($user . ':' . $realm . ':' . $pw);
-  $A2 = md5($method . ':' . $data['uri']);
-  $resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
-	      $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
-  if ($data['response'] != $resp) {
-    error_log("EST: Incorrect authentication response for user=$user realm=$realm");
-    die('Authentication failed');
-  }
-} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
-	   $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
-	   isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
-  $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
-  $sql = "SELECT rowid,password,operation FROM sessions " .
-    "WHERE user='$user' AND realm='$realm'";
-  $q = $db->query($sql);
-  if (!$q) {
-    error_log("EST: Session not found for user=$user realm=$realm");
-    die("Session not found");
-  }
-  $row = $q->fetch();
-  if (!$row) {
-    error_log("EST: Session fetch failed for user=$user realm=$realm");
-    die('Session not found');
-  }
-  $rowid = $row['rowid'];
-
-  $oper = $row['operation'];
-  if ($oper != '10') {
-    error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
-    die("Session not found");
-  }
-}
-
-
-if ($method == "GET" && $cmd == "cacerts") {
-  $fname = "$osu_root/est/$realm-cacerts.pkcs7";
-  if (!file_exists($fname)) {
-    error_log("EST: cacerts - unknown realm $realm");
-    die("Unknown realm");
-  }
-
-  header("Content-Transfer-Encoding: base64");
-  header("Content-Type: application/pkcs7-mime");
-
-  $data = file_get_contents($fname);
-  echo wordwrap(base64_encode($data), 72, "\n", true);
-  echo "\n";
-  error_log("EST: cacerts");
-} else if ($method == "GET" && $cmd == "csrattrs") {
-  header("Content-Transfer-Encoding: base64");
-  header("Content-Type: application/csrattrs");
-  readfile("$osu_root/est/est-attrs.b64");
-  error_log("EST: csrattrs");
-} else if ($method == "POST" &&
-           ($cmd == "simpleenroll" || $cmd == "simplereenroll")) {
-  $reenroll = $cmd == "simplereenroll";
-  if (!$reenroll && (!isset($user) || strlen($user) == 0)) {
-    header('HTTP/1.1 401 Unauthorized');
-    header('WWW-Authenticate: Digest realm="'.$realm.
-	   '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
-    error_log("EST: simpleenroll - require authentication");
-    die('Authentication required');
-  }
-  if ($reenroll &&
-      (!isset($user) ||
-       !isset($_SERVER["SSL_CLIENT_VERIFY"]) ||
-       $_SERVER["SSL_CLIENT_VERIFY"] != "SUCCESS")) {
-    header('HTTP/1.1 403 Forbidden');
-    error_log("EST: simplereenroll - require certificate authentication");
-    die('Authentication required');
-  }
-  if (!isset($_SERVER["CONTENT_TYPE"])) {
-    error_log("EST: simpleenroll without Content-Type");
-    die("Missing Content-Type");
-  }
-  if (!stristr($_SERVER["CONTENT_TYPE"], "application/pkcs10")) {
-    error_log("EST: simpleenroll - unexpected Content-Type: " .
-	      $_SERVER["CONTENT_TYPE"]);
-    die("Unexpected Content-Type");
-  }
-
-  $data = file_get_contents("php://input");
-  error_log("EST: simpleenroll - POST data from php://input: " . $data);
-  $req = base64_decode($data);
-  if ($req == FALSE) {
-    error_log("EST: simpleenroll - Invalid base64-encoded PKCS#10 data");
-    die("Invalid base64-encoded PKCS#10 data");
-  }
-  $cadir = "$osu_root/est";
-  $reqfile = "$cadir/tmp/cert-req.pkcs10";
-  $f = fopen($reqfile, "wb");
-  fwrite($f, $req);
-  fclose($f);
-
-  $req_pem = "$reqfile.pem";
-  if (file_exists($req_pem))
-    unlink($req_pem);
-  exec("openssl req -in $reqfile -inform DER -out $req_pem -outform PEM");
-  if (!file_exists($req_pem)) {
-    error_log("EST: simpleenroll - Failed to parse certificate request");
-    die("Failed to parse certificate request");
-  }
-
-  /* FIX: validate request and add HS 2.0 extensions to cert */
-  $cert_pem = "$cadir/tmp/req-signed.pem";
-  if (file_exists($cert_pem))
-    unlink($cert_pem);
-  exec("openssl x509 -req -in $req_pem -CAkey $cadir/cakey.pem -out $cert_pem -CA $cadir/cacert.pem -CAserial $cadir/serial -days 365 -text");
-  if (!file_exists($cert_pem)) {
-    error_log("EST: simpleenroll - Failed to sign certificate");
-    die("Failed to sign certificate");
-  }
-
-  $cert = file_get_contents($cert_pem);
-  $handle = popen("openssl x509 -in $cert_pem -serial -noout", "r");
-  $serial = fread($handle, 200);
-  pclose($handle);
-  $pattern = "/serial=(?P<snhex>[0-9a-fA-F:]*)/m";
-  preg_match($pattern, $serial, $matches);
-  if (!isset($matches['snhex']) || strlen($matches['snhex']) < 1) {
-    error_log("EST: simpleenroll - Could not get serial number");
-    die("Could not get serial number");
-  }
-  $sn = str_replace(":", "", strtoupper($matches['snhex']));
-
-  $user = "cert-$sn";
-  error_log("EST: user = $user");
-
-  $cert_der = "$cadir/tmp/req-signed.der";
-  if (file_exists($cert_der))
-    unlink($cert_der);
-  exec("openssl x509 -in $cert_pem -inform PEM -out $cert_der -outform DER");
-  if (!file_exists($cert_der)) {
-    error_log("EST: simpleenroll - Failed to convert certificate");
-    die("Failed to convert certificate");
-  }
-  $der = file_get_contents($cert_der);
-  $fingerprint = hash("sha256", $der);
-  error_log("EST: sha256(DER cert): $fingerprint");
-
-  $pkcs7 = "$cadir/tmp/est-client.pkcs7";
-  if (file_exists($pkcs7))
-    unlink($pkcs7);
-  exec("openssl crl2pkcs7 -nocrl -certfile $cert_pem -out $pkcs7 -outform DER");
-  if (!file_exists($pkcs7)) {
-    error_log("EST: simpleenroll - Failed to prepare PKCS#7 file");
-    die("Failed to prepare PKCS#7 file");
-  }
-
-  if (!$db->exec("UPDATE sessions SET user='$user', cert='$fingerprint', cert_pem='$cert' WHERE rowid=$rowid")) {
-    error_log("EST: simpleenroll - Failed to update session database");
-    die("Failed to update session database");
-  }
-
-  header("Content-Transfer-Encoding: base64");
-  header("Content-Type: application/pkcs7-mime");
-
-  $data = file_get_contents($pkcs7);
-  $resp = wordwrap(base64_encode($data), 72, "\n", true);
-  echo $resp . "\n";
-  error_log("EST: simpleenroll - PKCS#7 response: " . $resp);
-} else {
-  header("HTTP/1.0 404 Not Found");
-  error_log("EST: Unexpected method or path");
-  die("Unexpected method or path");
-}
-
-?>
diff --git a/hs20/server/www/free-remediation.php b/hs20/server/www/free-remediation.php
deleted file mode 100644
index 5648b30e8d6b..000000000000
--- a/hs20/server/www/free-remediation.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<html>
-<head>
-<title>Hotspot 2.0 - public and free hotspot - remediation</title>
-</head>
-<body>
-
-<h3>Hotspot 2.0 - public and free hotspot</h3>
-
-<p>Terms and conditions have changed. You need to accept the new terms
-to continue using this network.</p>
-
-<p>Terms and conditions..</p>
-
-<?php
-echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Accept</a><br>\n";
-?>
-
-</body>
-</html>
diff --git a/hs20/server/www/free.php b/hs20/server/www/free.php
deleted file mode 100644
index 8195069ed8ff..000000000000
--- a/hs20/server/www/free.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<html>
-<head>
-<title>Hotspot 2.0 - public and free hotspot</title>
-</head>
-<body>
-
-<?php
-
-$id = $_GET["session_id"];
-
-echo "<h3>Hotspot 2.0 - public and free hotspot</h3>\n";
-
-echo "<form action=\"add-free.php\" method=\"POST\">\n";
-echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
-
-?>
-
-<p>Terms and conditions..</p>
-<input type="submit" value="Accept">
-</form>
-
-</body>
-</html>
diff --git a/hs20/server/www/redirect.php b/hs20/server/www/redirect.php
deleted file mode 100644
index 8fc9cd644273..000000000000
--- a/hs20/server/www/redirect.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_GET["id"]))
-	$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
-else
-	$id = 0;
-
-$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found");
-}
-
-$uri = $row['redirect_uri'];
-
-header("Location: $uri", true, 302);
-
-$user = $row['user'];
-$realm = $row['realm'];
-
-$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
-	  "VALUES ('$user', '$realm', '$id', " .
-	  "strftime('%Y-%m-%d %H:%M:%f','now'), " .
-	  "'redirected after user input')");
-
-?>
diff --git a/hs20/server/www/remediation-pw.php b/hs20/server/www/remediation-pw.php
deleted file mode 100644
index 76fdccbdf9f7..000000000000
--- a/hs20/server/www/remediation-pw.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_POST["id"]))
-  $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
-else
-  die("Missing session id");
-
-$pw = $_POST["password"];
-if (strlen($id) < 32 || !isset($pw)) {
-  die("Invalid POST data");
-}
-
-$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found");
-}
-$user = $row['user'];
-$realm = $row['realm'];
-
-$uri = $row['redirect_uri'];
-$rowid = $row['rowid'];
-
-if (!$db->exec("UPDATE sessions SET password='$pw' WHERE rowid=$rowid")) {
-  die("Failed to update session database");
-}
-
-$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
-	"VALUES ('$user', '$realm', '$id', " .
-	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
-	"'completed user input response for subscription remediation')");
-
-header("Location: $uri", true, 302);
-
-?>
diff --git a/hs20/server/www/remediation.php b/hs20/server/www/remediation.php
deleted file mode 100644
index 3628065ac225..000000000000
--- a/hs20/server/www/remediation.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<html>
-<head>
-<title>Hotspot 2.0 subscription remediation</title>
-</head>
-<body>
-
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_GET["session_id"]))
-	$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["session_id"]);
-else
-	$id = 0;
-echo "SessionID: " . $id . "<br>\n";
-
-$row = $db->query("SELECT * FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found");
-}
-
-$username = $row['user'];
-echo "User: " . $username . "@" . $row['realm'] . "<br>\n";
-
-$user = $db->query("SELECT machine_managed,methods FROM users WHERE identity='$username'")->fetch();
-if ($user == false) {
-   die("User not found");
-}
-
-echo "<hr><br>\n";
-
-$cert = $user['methods'] == "TLS" || strncmp($username, "cert-", 5) == 0;
-
-if ($cert) {
-   echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
-} else if ($user['machine_managed'] == "1") {
-   echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
-   echo "This will provide a new machine-generated password.<br>\n";
-} else {
-   echo "<form action=\"remediation-pw.php\" method=\"POST\">\n";
-   echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
-   echo "New password: <input type=\"password\" name=\"password\"><br>\n";
-   echo "<input type=\"submit\" value=\"Change password\">\n";
-   echo "</form>\n";
-}
-
-?>
-
-</body>
-</html>
diff --git a/hs20/server/www/signup.php b/hs20/server/www/signup.php
deleted file mode 100644
index 80a9d403e8fc..000000000000
--- a/hs20/server/www/signup.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<html>
-<head>
-<title>Hotspot 2.0 signup</title>
-</head>
-<body>
-
-<?php
-
-$id = $_GET["session_id"];
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-$row = $db->query("SELECT realm,test FROM sessions WHERE id='$id'")->fetch();
-if ($row == false) {
-   die("Session not found for id: $id");
-}
-$realm = $row['realm'];
-$test = $row['test'];
-
-if (strlen($test) > 0) {
-  echo "<p style=\"color:#FF0000\">Special test functionality: $test</red></big></p>\n";
-}
-
-echo "<h3>Sign up for a subscription - $realm</h3>\n";
-
-echo "<p>This page can be used to select between three different types of subscriptions for testing purposes.</p>\n";
-
-echo "<h4>Option 1 - shared free access credential</h4>\n";
-
-$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch();
-if ($row && strlen($row['value']) > 0) {
-  echo "<p><a href=\"free.php?session_id=$id\">Sign up for free access</a></p>\n";
-}
-
-echo "<h4>Option 2 - username/password credential</h4>\n";
-
-echo "<form action=\"add-mo.php\" method=\"POST\">\n";
-echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
-?>
-Select a username and password. Leave password empty to get automatically
-generated and machine managed password.<br>
-Username: <input type="text" name="user"><br>
-Password: <input type="password" name="password"><br>
-<input type="submit" value="Complete subscription registration">
-</form>
-
-<?php
-echo "<h4>Option 3 - client certificate credential</h4>\n";
-
-echo "<p><a href=\"cert-enroll.php?id=$id\">Enroll a client certificate</a></p>\n"
-?>
-
-</body>
-</html>
diff --git a/hs20/server/www/spp.php b/hs20/server/www/spp.php
deleted file mode 100644
index c56d3d69e0ed..000000000000
--- a/hs20/server/www/spp.php
+++ /dev/null
@@ -1,168 +0,0 @@
-<?php
-
-require('config.php');
-
-if (!stristr($_SERVER["CONTENT_TYPE"], "application/soap+xml")) {
-  error_log("spp.php - Unexpected Content-Type " . $_SERVER["CONTENT_TYPE"]);
-  die("Unexpected Content-Type");
-}
-
-if ($_SERVER["REQUEST_METHOD"] != "POST") {
-  error_log("spp.php - Unexpected method " . $_SERVER["REQUEST_METHOD"]);
-  die("Unexpected method");
-}
-
-if (isset($_GET["realm"])) {
-  $realm = $_GET["realm"];
-  $realm = PREG_REPLACE("/[^0-9a-zA-Z\.\-]/i", '', $realm);
-} else {
-  error_log("spp.php - Realm not specified");
-  die("Realm not specified");
-}
-
-if (isset($_GET["test"]))
-  $test = PREG_REPLACE("/[^0-9a-zA-Z\_\-]/i", '', $_GET["test"]);
-else
-  $test = "";
-
-unset($user);
-putenv("HS20CERT");
-
-if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
-  $needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
-		  'uri'=>1, 'response'=>1);
-  $data = array();
-  $keys = implode('|', array_keys($needed));
-  preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
-		 $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
-  foreach ($matches as $m) {
-    $data[$m[1]] = $m[3] ? $m[3] : $m[4];
-    unset($needed[$m[1]]);
-  }
-  if ($needed) {
-    error_log("spp.php - Authentication failed - missing: " . print_r($needed));
-    die('Authentication failed');
-  }
-  $user = $data['username'];
-  if (strlen($user) < 1) {
-    error_log("spp.php - Authentication failed - empty username");
-    die('Authentication failed');
-  }
-
-
-  $db = new PDO($osu_db);
-  if (!$db) {
-    error_log("spp.php - Could not access database");
-    die("Could not access database");
-  }
-  $row = $db->query("SELECT password FROM users " .
-		    "WHERE identity='$user' AND realm='$realm'")->fetch();
-  if (!$row) {
-    $row = $db->query("SELECT osu_password FROM users " .
-		      "WHERE osu_user='$user' AND realm='$realm'")->fetch();
-    $pw = $row['osu_password'];
-  } else
-    $pw = $row['password'];
-  if (!$row) {
-    error_log("spp.php - Authentication failed - user '$user' not found");
-    die('Authentication failed');
-  }
-  if (strlen($pw) < 1) {
-    error_log("spp.php - Authentication failed - empty password");
-    die('Authentication failed');
-  }
-
-  $A1 = md5($user . ':' . $realm . ':' . $pw);
-  $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
-  $resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
-	      $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
-  if ($data['response'] != $resp) {
-    error_log("Authentication failure - response mismatch");
-    die('Authentication failed');
-  }
-} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
-	   $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
-	   isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
-  $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
-  putenv("HS20CERT=yes");
-} else if (isset($_GET["hotspot2dot0-mobile-identifier-hash"])) {
-  $id_hash = $_GET["hotspot2dot0-mobile-identifier-hash"];
-  $id_hash = PREG_REPLACE("/[^0-9a-h]/i", '', $id_hash);
-
-  $db = new PDO($osu_db);
-  if (!$db) {
-    error_log("spp.php - Could not access database");
-    die("Could not access database");
-  }
-
-  $row = $db->query("SELECT * FROM sim_provisioning " .
-		    "WHERE mobile_identifier_hash='$id_hash'")->fetch();
-  if (!$row) {
-    error_log("spp.php - SIM provisioning failed - mobile_identifier_hash not found");
-    die('SIM provisioning failed - mobile_identifier_hash not found');
-  }
-
-  $imsi = $row['imsi'];
-  $mac_addr = $row['mac_addr'];
-  $eap_method = $row['eap_method'];
-
-  $row = $db->query("SELECT COUNT(*) FROM osu_config " .
-		    "WHERE realm='$realm'")->fetch();
-  if (!$row || intval($row[0]) < 1) {
-    error_log("spp.php - SIM provisioning failed - realm $realm not found");
-    die('SIM provisioning failed');
-  }
-
-  error_log("spp.php - SIM provisioning for IMSI $imsi");
-  putenv("HS20SIMPROV=yes");
-  putenv("HS20IMSI=$imsi");
-  putenv("HS20MACADDR=$mac_addr");
-  putenv("HS20EAPMETHOD=$eap_method");
-  putenv("HS20IDHASH=$id_hash");
-} else if (!isset($_SERVER["PATH_INFO"]) ||
-	   $_SERVER["PATH_INFO"] != "/signup") {
-  header('HTTP/1.1 401 Unauthorized');
-  header('WWW-Authenticate: Digest realm="'.$realm.
-	 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
-  error_log("spp.php - Authentication required (not signup)");
-  die('Authentication required (not signup)');
-}
-
-
-if (isset($user) && strlen($user) > 0)
-  putenv("HS20USER=$user");
-else
-  putenv("HS20USER");
-
-putenv("HS20REALM=$realm");
-$postdata = file_get_contents("php://input");
-putenv("HS20POST=$postdata");
-$addr = $_SERVER["REMOTE_ADDR"];
-putenv("HS20ADDR=$addr");
-putenv("HS20TEST=$test");
-
-$last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret);
-
-if ($ret == 2) {
-  if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
-    header('HTTP/1.1 401 Unauthorized');
-    header('WWW-Authenticate: Digest realm="'.$realm.
-           '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
-    error_log("spp.php - Authentication required (ret 2)");
-    die('Authentication required');
-  } else {
-    error_log("spp.php - Unexpected authentication error");
-    die("Unexpected authentication error");
-  }
-}
-if ($ret != 0) {
-  error_log("spp.php - Failed to process SPP request");
-  die("Failed to process SPP request");
-}
-//error_log("spp.php: Response: " . implode($output));
-
-header("Content-Type: application/soap+xml");
-
-echo implode($output);
-
-?>
diff --git a/hs20/server/www/terms.php b/hs20/server/www/terms.php
deleted file mode 100644
index acba23ef1ad7..000000000000
--- a/hs20/server/www/terms.php
+++ /dev/null
@@ -1,87 +0,0 @@
-<?php
-
-require('config.php');
-
-function print_header()
-{
-   echo "<html>\n";
-   echo "<head><title>HS 2.0 Terms and Conditions</title></head>\n";
-   echo "<body>\n";
-}
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (!isset($_GET["addr"])) {
-   die("Missing addr parameter");
-}
-$addr = $_GET["addr"];
-
-$accept = isset($_GET["accept"]) && $_GET["accept"] == "yes";
-
-$res = $db->prepare("SELECT identity FROM pending_tc WHERE mac_addr=?");
-$res->execute(array($addr));
-$row = $res->fetch();
-if (!$row) {
-   die("No pending session for the specified MAC address");
-}
-$identity = $row[0];
-
-if (!$accept) {
-   print_header();
-
-   echo "<p>Accept the following terms and conditions by clicking here: <a href=\"terms.php?addr=$addr&accept=yes\">Accept</a></p>\n<hr>\n";
-   readfile($t_c_file);
-} else {
-   $res = $db->prepare("UPDATE users SET t_c_timestamp=? WHERE identity=?");
-   if (!$res->execute(array($t_c_timestamp, $identity))) {
-      die("Failed to update user account.");
-   }
-
-   $res = $db->prepare("DELETE FROM pending_tc WHERE mac_addr=?");
-   $res->execute(array($addr));
-
-   $fp = fsockopen($hostapd_ctrl);
-   if (!$fp) {
-      die("Could not connect to hostapd(AS)");
-   }
-
-   fwrite($fp, "DAC_REQUEST coa $addr t_c_clear");
-   fclose($fp);
-
-   $waiting = true;
-   $ack = false;
-   for ($i = 1; $i <= 10; $i++) {
-      $res = $db->prepare("SELECT waiting_coa_ack,coa_ack_received FROM current_sessions WHERE mac_addr=?");
-      $res->execute(array($addr));
-      $row = $res->fetch();
-      if (!$row) {
-         die("No current session for the specified MAC address");
-      }
-      if (strlen($row[0]) > 0)
-            $waiting = $row[0] == 1;
-      if (strlen($row[1]) > 0)
-            $ack = $row[1] == 1;
-      $res->closeCursor();
-      if (!$waiting)
-         break;
-      sleep(1);
-   }
-   if ($ack) {
-      header('X-WFA-Hotspot20-Filtering: removed');
-      print_header();
-      echo "<p>Terms and conditions were accepted.</p>\n";
-
-      echo "<P>Filtering disabled.</P>\n";
-   } else {
-      print_header();
-      echo "<P>Failed to disable filtering.</P>\n";
-   }
-}
-
-?>
-
-</body>
-</html>
diff --git a/hs20/server/www/users.php b/hs20/server/www/users.php
deleted file mode 100644
index 2bd555275dda..000000000000
--- a/hs20/server/www/users.php
+++ /dev/null
@@ -1,377 +0,0 @@
-<?php
-
-require('config.php');
-
-$db = new PDO($osu_db);
-if (!$db) {
-   die($sqliteerror);
-}
-
-if (isset($_GET["id"])) {
-	$id = $_GET["id"];
-	if (!is_numeric($id))
-		$id = 0;
-} else
-	$id = 0;
-if (isset($_GET["cmd"]))
-	$cmd = $_GET["cmd"];
-else
-	$cmd = '';
-
-if ($cmd == 'eventlog' && $id > 0) {
-	$row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch();
-	$dump = $row['dump'];
-	if ($dump[0] == '<') {
-	  header("Content-type: text/xml");
-	  echo "<?xml version=\"1.0\"?>\n";
-	  echo $dump;
-	} else {
-	  header("Content-type: text/plain");
-	  echo $dump;
-	}
-	exit;
-}
-
-if ($cmd == 'mo' && $id > 0) {
-	$mo = $_GET["mo"];
-	if (!isset($mo))
-		exit;
-	if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps")
-		exit;
-	$row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch();
-	header("Content-type: text/xml");
-	echo "<?xml version=\"1.0\"?>\n";
-	echo $row[$mo];
-	exit;
-}
-
-if ($cmd == 'cert' && $id > 0) {
-	$row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch();
-	header("Content-type: text/plain");
-	echo $row['cert_pem'];
-	exit;
-}
-
-?>
-
-<html>
-<head><title>HS 2.0 users</title></head>
-<body>
-
-<?php
-
-if ($cmd == 'subrem-clear' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='' WHERE rowid=$id");
-}
-if ($cmd == 'subrem-add-user' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='user' WHERE rowid=$id");
-}
-if ($cmd == 'subrem-add-machine' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
-}
-if ($cmd == 'subrem-add-reenroll' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='reenroll' WHERE rowid=$id");
-}
-if ($cmd == 'subrem-add-policy' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
-}
-if ($cmd == 'subrem-add-free' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='free' WHERE rowid=$id");
-}
-if ($cmd == 'fetch-pps-on' && $id > 0) {
-	$db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id");
-}
-if ($cmd == 'fetch-pps-off' && $id > 0) {
-	$db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id");
-}
-if ($cmd == 'reset-pw' && $id > 0) {
-	$db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id");
-}
-if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) {
-	$policy = $_GET["policy"];
-	if ($policy == "no-policy" ||
-	    is_readable("$osu_root/spp/policy/$policy.xml")) {
-		$db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id");
-	}
-}
-if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) {
-	$type = $_GET["type"];
-	if ($type == "shared")
-		$db->exec("UPDATE users SET shared=1 WHERE rowid=$id");
-	if ($type == "default")
-		$db->exec("UPDATE users SET shared=0 WHERE rowid=$id");
-}
-
-if ($cmd == "set-osu-cred" && $id > 0) {
-  $osu_user = $_POST["osu_user"];
-  $osu_password = $_POST["osu_password"];
-  if (strlen($osu_user) == 0)
-    $osu_password = "";
-  $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
-}
-
-if ($cmd == 'clear-t-c' && $id > 0) {
-	$db->exec("UPDATE users SET t_c_timestamp=NULL WHERE rowid=$id");
-}
-
-$dump = 0;
-
-if ($id > 0) {
-
-if (isset($_GET["dump"])) {
-	$dump = $_GET["dump"];
-	if (!is_numeric($dump))
-		$dump = 0;
-} else
-	$dump = 0;
-
-echo "[<a href=\"users.php\">All users</a>] ";
-if ($dump == 0)
-	echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] ";
-else
-	echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] ";
-echo "<br>\n";
-
-$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch();
-
-echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n";
-
-echo "MO: ";
-if (strlen($row['devinfo']) > 0) {
-	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n";
-}
-if (strlen($row['devdetail']) > 0) {
-	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n";
-}
-if (strlen($row['pps']) > 0) {
-	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n";
-}
-if (strlen($row['cert_pem']) > 0) {
-	echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n";
-}
-echo "<BR>\n";
-
-echo "Fetch PPS MO: ";
-if ($row['fetch_pps'] == "1") {
-	echo "On next connection " .
-		"[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" .
-		"do not fetch</a>]<br>\n";
-} else {
-	echo "Do not fetch " .
-		"[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" .
-		"request fetch</a>]<br>\n";
-}
-
-$cert = $row['cert'];
-if (strlen($cert) > 0) {
-  echo "Certificate fingerprint: $cert<br>\n";
-}
-
-echo "Remediation: ";
-$rem = $row['remediation'];
-if ($rem == "") {
-	echo "Not required";
-	echo " [<a href=\"users.php?cmd=subrem-add-user&id=" .
-		   $row['rowid'] . "\">add:user</a>]";
-	echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
-		   $row['rowid'] . "\">add:machine</a>]";
-	if ($row['methods'] == 'TLS') {
-		echo " [<a href=\"users.php?cmd=subrem-add-reenroll&id=" .
-			   $row['rowid'] . "\">add:reenroll</a>]";
-	}
-	echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
-		   $row['rowid'] . "\">add:policy</a>]";
-	echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
-		   $row['rowid'] . "\">add:free</a>]";
-} else if ($rem == "user") {
-	echo "User [<a href=\"users.php?cmd=subrem-clear&id=" .
-		       $row['rowid'] . "\">clear</a>]";
-} else if ($rem == "policy") {
-	echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" .
-		       $row['rowid'] . "\">clear</a>]";
-} else if ($rem == "free") {
-	echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
-		       $row['rowid'] . "\">clear</a>]";
-} else if ($rem == "reenroll") {
-	echo "Reenroll [<a href=\"users.php?cmd=subrem-clear&id=" .
-		       $row['rowid'] . "\">clear</a>]";
-} else  {
-	echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
-			  $row['rowid'] . "\">clear</a>]";
-}
-echo "<br>\n";
-
-if (strncmp($row['identity'], "cert-", 5) != 0)
-   echo "Machine managed: " . ($row['machine_managed'] == "1" ? "TRUE" : "FALSE") . "<br>\n";
-
-echo "<form>Policy: <select name=\"policy\" " .
-	"onChange=\"window.location='users.php?cmd=policy&id=" .
-	$row['rowid'] . "&policy=' + this.value;\">\n";
-echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] .
-      "</option>\n";
-$files = scandir("$osu_root/spp/policy");
-foreach ($files as $file) {
-	if (!preg_match("/.xml$/", $file))
-		continue;
-	if ($file == $row['policy'] . ".xml")
-		continue;
-	$p = substr($file, 0, -4);
-	echo "<option value=\"$p\">$p</option>\n";
-}
-echo "<option value=\"no-policy\">no policy</option>\n";
-echo "</select></form>\n";
-
-echo "<form>Account type: <select name=\"type\" " .
-	"onChange=\"window.location='users.php?cmd=account-type&id=" .
-	$row['rowid'] . "&type=' + this.value;\">\n";
-if ($row['shared'] > 0) {
-  $default_sel = "";
-  $shared_sel = " selected";
-} else {
-  $default_sel = " selected";
-  $shared_sel = "";
-}
-echo "<option value=\"default\"$default_sel>default</option>\n";
-echo "<option value=\"shared\"$shared_sel>shared</option>\n";
-echo "</select></form>\n";
-
-echo "Phase 2 method(s): " . $row['methods'] . "<br>\n";
-
-echo "<br>\n";
-echo "<a href=\"users.php?cmd=reset-pw&id=" .
-	 $row['rowid'] . "\">Reset AAA password</a><br>\n";
-
-echo "<br>\n";
-echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] .
-  "\" method=\"POST\">\n";
-echo "OSU credentials (if username empty, AAA credentials are used):<br>\n";
-echo "username: <input type=\"text\" name=\"osu_user\" value=\"" .
-  $row['osu_user'] . "\">\n";
-echo "password: <input type=\"password\" name=\"osu_password\">\n";
-echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
-echo "</form>\n";
-
-if (strlen($row['t_c_timestamp']) > 0) {
-	echo "<br>\n";
-	echo "<a href=\"users.php?cmd=clear-t-c&id=" .
-		$row['rowid'] .
-		"\">Clear Terms and Conditions acceptance</a><br>\n";
-}
-
-echo "<hr>\n";
-
-$user = $row['identity'];
-$osu_user = $row['osu_user'];
-$realm = $row['realm'];
-}
-
-if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) {
-
-  if ($id == 0) {
-    echo "[<a href=\"users.php\">All users</a>] ";
-    echo "<br>\n";
-  }
-
-echo "<table border=1>\n";
-echo "<tr>";
-if ($id == 0) {
-  echo "<th>user<th>realm";
-}
-echo "<th>time<th>address<th>sessionID<th>notes";
-if ($dump > 0)
-	echo "<th>dump";
-echo "\n";
-if (isset($_GET["limit"])) {
-	$limit = $_GET["limit"];
-	if (!is_numeric($limit))
-		$limit = 20;
-} else
-	$limit = 20;
-if ($id == 0)
-  $res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit");
-else if (strlen($osu_user) > 0)
-  $res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
-else
-  $res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
-foreach ($res as $row) {
-	echo "<tr>";
-	if ($id == 0) {
-	  echo "<td>" . $row['user'] . "\n";
-	  echo "<td>" . $row['realm'] . "\n";
-	}
-	echo "<td>" . $row['timestamp'] . "\n";
-	echo "<td>" . $row['addr'] . "\n";
-	echo "<td>" . $row['sessionid'] . "\n";
-	echo "<td>" . $row['notes'] . "\n";
-	$d = $row['dump'];
-	if (strlen($d) > 0) {
-		echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] .
-		  "\">";
-		if ($d[0] == '<')
-		  echo "XML";
-		else
-		  echo "txt";
-		echo "</a>]\n";
-		if ($dump > 0)
-			echo "<td>" . htmlspecialchars($d) . "\n";
-	}
-}
-echo "</table>\n";
-
-}
-
-
-if ($id == 0 && $cmd != 'eventlog') {
-
-echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
-echo "<br>\n";
-
-echo "<table border=1 cellspacing=0 cellpadding=0>\n";
-echo "<tr><th>User<th>Realm<th><small>Remediation</small><th>Policy<th><small>Account type</small><th><small>Phase 2 method(s)</small><th>DevId<th>MAC Address<th>T&C\n";
-
-$res = $db->query('SELECT rowid,* FROM users WHERE (phase2=1 OR methods=\'TLS\') ORDER BY identity');
-foreach ($res as $row) {
-	echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
-	    $row['identity'] . " </a>";
-	echo "<td>" . $row['realm'];
-	$rem = $row['remediation'];
-	echo "<td>";
-	if ($rem == "") {
-		echo "-";
-	} else if ($rem == "user") {
-		echo "User";
-	} else if ($rem == "policy") {
-		echo "Policy";
-	} else if ($rem == "free") {
-		echo "Free";
-	} else if ($rem == "reenroll") {
-		echo "Reenroll";
-	} else  {
-		echo "Machine";
-	}
-	echo "<td>" . $row['policy'];
-	if ($row['shared'] > 0)
-	  echo "<td>shared";
-	else
-	  echo "<td>default";
-	echo "<td><small>" . $row['methods'] . "</small>";
-	echo "<td>";
-	$xml = xml_parser_create();
-	xml_parse_into_struct($xml, $row['devinfo'], $devinfo);
-	foreach($devinfo as $k) {
-	  if ($k['tag'] == 'DEVID') {
-	    echo "<small>" . $k['value'] . "</small>";
-	    break;
-	  }
-	}
-	echo "<td><small>" . $row['mac_addr'] . "</small>";
-	echo "<td><small>" . $row['t_c_timestamp'] . "</small>";
-	echo "\n";
-}
-echo "</table>\n";
-
-}
-
-?>
-
-</html>
diff --git a/radius_example/.gitignore b/radius_example/.gitignore
deleted file mode 100644
index c43e0faab91c..000000000000
--- a/radius_example/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*.d
-radius_example
diff --git a/radius_example/Makefile b/radius_example/Makefile
deleted file mode 100644
index d58a82c340c6..000000000000
--- a/radius_example/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-ALL=radius_example
-
-include ../src/build.rules
-
-CFLAGS += -I.
-CFLAGS += -I../src
-CFLAGS += -I../src/utils
-
-LIBS = ../src/radius/libradius.a
-LIBS += ../src/crypto/libcrypto.a
-LIBS += ../src/utils/libutils.a
-LLIBS = -lrt
-
-#CLAGS += -DCONFIG_IPV6
-
-OBJS_ex = radius_example.o
-
-_OBJS_VAR := OBJS_ex
-include ../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../src/objs.mk
-
-radius_example: $(OBJS_ex) $(LIBS)
-	$(LDO) $(LDFLAGS) -o radius_example $(OBJS_ex) $(LIBS) $(LLIBS)
-
-clean: common-clean
-	rm -f core *~ *.o *.d
diff --git a/radius_example/README b/radius_example/README
deleted file mode 100644
index ec458e3ad7f5..000000000000
--- a/radius_example/README
+++ /dev/null
@@ -1,35 +0,0 @@
-Example application using RADIUS client as a library
-Copyright (c) 2007, Jouni Malinen <j@w1.fi>
-
-This software may be distributed under the terms of the BSD license.
-See the parent directory README for more details.
-
-
-This directory contains an example showing how the RADIUS client
-functionality from hostapd can be used as a library in another
-program. The example program initializes the RADIUS client and send a
-Access-Request using User-Name and User-Password attributes. A reply
-from the RADIUS authentication server will be processed and it is used
-as a trigger to terminate the example program.
-
-The RADIUS library links in couple of helper functions from src/utils and
-src/crypto directories. Most of these are suitable as-is, but it may
-be desirable to replace the debug output code in src/utils/wpa_debug.c
-by dropping this file from the library and re-implementing the
-functions there in a way that better fits in with the main
-application.
-
-RADIUS client implementation takes care of receiving messages,
-timeouts, and retransmissions of packets. Consequently, it requires
-functionality for registering timeouts and received packet
-notifications. This is implemented using the generic event loop
-implementation (see src/utils/eloop.h).
-
-The main application may either use the included event loop
-implementation or alternatively, implement eloop_* wrapper functions
-to use whatever event loop design is used in the main program. This
-would involve removing src/utils/eloop.o from the library and
-implementing following functions defines in src/utils/eloop.h:
-eloop_register_timeout(), eloop_cancel_timeout(),
-eloop_register_read_sock(), eloop_unregister_read_sock(), and
-eloop_terminated().
diff --git a/radius_example/radius_example.c b/radius_example/radius_example.c
deleted file mode 100644
index 8b0f47586b05..000000000000
--- a/radius_example/radius_example.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Example application using RADIUS client as a library
- * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "radius/radius.h"
-#include "radius/radius_client.h"
-
-struct radius_ctx {
-	struct radius_client_data *radius;
-	struct hostapd_radius_servers conf;
-	u8 radius_identifier;
-	struct in_addr own_ip_addr;
-};
-
-
-static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
-			      int level, const char *txt, size_t len)
-{
-	printf("%s\n", txt);
-}
-
-
-/* Process the RADIUS frames from Authentication Server */
-static RadiusRxResult receive_auth(struct radius_msg *msg,
-				   struct radius_msg *req,
-				   const u8 *shared_secret,
-				   size_t shared_secret_len,
-				   void *data)
-{
-	/* struct radius_ctx *ctx = data; */
-	printf("Received RADIUS Authentication message; code=%d\n",
-	       radius_msg_get_hdr(msg)->code);
-
-	/* We're done for this example, so request eloop to terminate. */
-	eloop_terminate();
-
-	return RADIUS_RX_PROCESSED;
-}
-
-
-static void start_example(void *eloop_ctx, void *timeout_ctx)
-{
-	struct radius_ctx *ctx = eloop_ctx;
-	struct radius_msg *msg;
-
-	printf("Sending a RADIUS authentication message\n");
-
-	ctx->radius_identifier = radius_client_get_id(ctx->radius);
-	msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
-			     ctx->radius_identifier);
-	if (msg == NULL) {
-		printf("Could not create net RADIUS packet\n");
-		return;
-	}
-
-	radius_msg_make_authenticator(msg);
-
-	if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
-				 (u8 *) "user", 4)) {
-		printf("Could not add User-Name\n");
-		radius_msg_free(msg);
-		return;
-	}
-
-	if (!radius_msg_add_attr_user_password(
-		    msg, (u8 *) "password", 8,
-		    ctx->conf.auth_server->shared_secret,
-		    ctx->conf.auth_server->shared_secret_len)) {
-		printf("Could not add User-Password\n");
-		radius_msg_free(msg);
-		return;
-	}
-
-	if (!radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
-				 (u8 *) &ctx->own_ip_addr, 4)) {
-		printf("Could not add NAS-IP-Address\n");
-		radius_msg_free(msg);
-		return;
-	}
-
-	if (radius_client_send(ctx->radius, msg, RADIUS_AUTH, NULL) < 0)
-		radius_msg_free(msg);
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct radius_ctx ctx;
-	struct hostapd_radius_server *srv;
-
-	if (os_program_init())
-		return -1;
-
-	hostapd_logger_register_cb(hostapd_logger_cb);
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	inet_aton("127.0.0.1", &ctx.own_ip_addr);
-
-	if (eloop_init()) {
-		printf("Failed to initialize event loop\n");
-		return -1;
-	}
-
-	srv = os_zalloc(sizeof(*srv));
-	if (srv == NULL)
-		return -1;
-
-	srv->addr.af = AF_INET;
-	srv->port = 1812;
-	if (hostapd_parse_ip_addr("127.0.0.1", &srv->addr) < 0) {
-		printf("Failed to parse IP address\n");
-		return -1;
-	}
-	srv->shared_secret = (u8 *) os_strdup("radius");
-	srv->shared_secret_len = 6;
-
-	ctx.conf.auth_server = ctx.conf.auth_servers = srv;
-	ctx.conf.num_auth_servers = 1;
-	ctx.conf.msg_dumps = 1;
-
-	ctx.radius = radius_client_init(&ctx, &ctx.conf);
-	if (ctx.radius == NULL) {
-		printf("Failed to initialize RADIUS client\n");
-		return -1;
-	}
-
-	if (radius_client_register(ctx.radius, RADIUS_AUTH, receive_auth,
-				   &ctx) < 0) {
-		printf("Failed to register RADIUS authentication handler\n");
-		return -1;
-	}
-
-	eloop_register_timeout(0, 0, start_example, &ctx, NULL);
-
-	eloop_run();
-
-	radius_client_deinit(ctx.radius);
-	os_free(srv->shared_secret);
-	os_free(srv);
-
-	eloop_destroy();
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
index 547be66f1561..1e842716668e 100644
--- a/src/common/dragonfly.c
+++ b/src/common/dragonfly.c
@@ -213,3 +213,37 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order,
 		   "dragonfly: Unable to get randomness for own scalar");
 	return -1;
 }
+
+
+/* res = sqrt(val) */
+int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
+		   struct crypto_bignum *res)
+{
+	const struct crypto_bignum *prime;
+	struct crypto_bignum *tmp, *one;
+	int ret = 0;
+	u8 prime_bin[DRAGONFLY_MAX_ECC_PRIME_LEN];
+	size_t prime_len;
+
+	/* For prime p such that p = 3 mod 4, sqrt(w) = w^((p+1)/4) mod p */
+
+	prime = crypto_ec_get_prime(ec);
+	prime_len = crypto_ec_prime_len(ec);
+	tmp = crypto_bignum_init();
+	one = crypto_bignum_init_uint(1);
+
+	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
+				 prime_len) < 0 ||
+	    (prime_bin[prime_len - 1] & 0x03) != 3 ||
+	    !tmp || !one ||
+	    /* tmp = (p+1)/4 */
+	    crypto_bignum_add(prime, one, tmp) < 0 ||
+	    crypto_bignum_rshift(tmp, 2, tmp) < 0 ||
+	    /* res = sqrt(val) */
+	    crypto_bignum_exptmod(val, tmp, prime, res) < 0)
+		ret = -1;
+
+	crypto_bignum_deinit(tmp, 0);
+	crypto_bignum_deinit(one, 0);
+	return ret;
+}
diff --git a/src/common/dragonfly.h b/src/common/dragonfly.h
index ec3dd593eda4..84d67f575c54 100644
--- a/src/common/dragonfly.h
+++ b/src/common/dragonfly.h
@@ -27,5 +27,7 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order,
 			      struct crypto_bignum *_rand,
 			      struct crypto_bignum *_mask,
 			      struct crypto_bignum *scalar);
+int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
+		   struct crypto_bignum *res);
 
 #endif /* DRAGONFLY_H */
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index d9eab0212e73..b77e29939195 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -1462,6 +1462,11 @@ enum qca_wlan_vendor_attr_p2p_listen_offload {
  * Used with event to notify the puncture pattern selected in ACS operation.
  * Encoding for this attribute will follow the convention used in the Disabled
  * Subchannel Bitmap field of the EHT Operation IE.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED: Flag attribute.
+ * Used with command to configure ACS operation for EHT mode.
+ * Disable (flag attribute not present) - EHT disabled and
+ * Enable (flag attribute present) - EHT enabled.
  */
 enum qca_wlan_vendor_attr_acs_offload {
 	QCA_WLAN_VENDOR_ATTR_ACS_CHANNEL_INVALID = 0,
@@ -1483,6 +1488,7 @@ enum qca_wlan_vendor_attr_acs_offload {
 	QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED = 16,
 	QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL = 17,
 	QCA_WLAN_VENDOR_ATTR_ACS_PUNCTURE_BITMAP = 18,
+	QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED = 19,
 
 	/* keep last */
 	QCA_WLAN_VENDOR_ATTR_ACS_AFTER_LAST,
@@ -1788,36 +1794,53 @@ enum qca_access_policy {
 };
 
 /**
- * enum qca_vendor_attr_get_tsf: Vendor attributes for TSF capture
- * @QCA_WLAN_VENDOR_ATTR_TSF_CMD: enum qca_tsf_operation (u32)
- * @QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE: Unsigned 64 bit TSF timer value
- * @QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE: Unsigned 64 bit Synchronized
- *	SOC timer value at TSF capture
+ * enum qca_vendor_attr_tsf_cmd: Vendor attributes for TSF capture
+ * @QCA_WLAN_VENDOR_ATTR_TSF_CMD: Required (u32)
+ * Specify the TSF command. Possible values are defined in
+ * &enum qca_tsf_cmd.
+ * @QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE: Optional (u64)
+ * This attribute contains TSF timer value. This attribute is only available
+ * in %QCA_TSF_GET or %QCA_TSF_SYNC_GET response.
+ * @QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE: Optional (u64)
+ * This attribute contains SOC timer value at TSF capture. This attribute is
+ * only available in %QCA_TSF_GET or %QCA_TSF_SYNC_GET response.
+ * @QCA_WLAN_VENDOR_ATTR_TSF_SYNC_INTERVAL: Optional (u32)
+ * This attribute is used to provide TSF sync interval and only applicable when
+ * TSF command is %QCA_TSF_SYNC_START. If this attribute is not provided, the
+ * driver will use the default value. Time unit is in milliseconds.
  */
 enum qca_vendor_attr_tsf_cmd {
 	QCA_WLAN_VENDOR_ATTR_TSF_INVALID = 0,
 	QCA_WLAN_VENDOR_ATTR_TSF_CMD,
 	QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE,
 	QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE,
+	QCA_WLAN_VENDOR_ATTR_TSF_SYNC_INTERVAL,
 	QCA_WLAN_VENDOR_ATTR_TSF_AFTER_LAST,
 	QCA_WLAN_VENDOR_ATTR_TSF_MAX =
 	QCA_WLAN_VENDOR_ATTR_TSF_AFTER_LAST - 1
 };
 
 /**
- * enum qca_tsf_operation: TSF driver commands
+ * enum qca_tsf_cmd: TSF driver commands
  * @QCA_TSF_CAPTURE: Initiate TSF Capture
  * @QCA_TSF_GET: Get TSF capture value
  * @QCA_TSF_SYNC_GET: Initiate TSF capture and return with captured value
  * @QCA_TSF_AUTO_REPORT_ENABLE: Used in STA mode only. Once set, the target
  * will automatically send TSF report to the host. To query
- * QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY, this operation needs to be
+ * %QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY, this operation needs to be
  * initiated first.
  * @QCA_TSF_AUTO_REPORT_DISABLE: Used in STA mode only. Once set, the target
  * will not automatically send TSF report to the host. If
- * QCA_TSF_AUTO_REPORT_ENABLE is initiated and
- * QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY is not queried anymore, this
+ * %QCA_TSF_AUTO_REPORT_ENABLE is initiated and
+ * %QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY is not queried anymore, this
  * operation needs to be initiated.
+ * @QCA_TSF_SYNC_START: Start periodic TSF sync feature. The driver periodically
+ * fetches TSF and host time mapping from the firmware with interval configured
+ * through the %QCA_WLAN_VENDOR_ATTR_TSF_SYNC_INTERVAL attribute. If the
+ * interval value is not provided the driver will use the default value. The
+ * userspace can query the TSF and host time mapping via the %QCA_TSF_GET
+ * command.
+ * @QCA_TSF_SYNC_STOP: Stop periodic TSF sync feature.
  */
 enum qca_tsf_cmd {
 	QCA_TSF_CAPTURE,
@@ -1825,6 +1848,8 @@ enum qca_tsf_cmd {
 	QCA_TSF_SYNC_GET,
 	QCA_TSF_AUTO_REPORT_ENABLE,
 	QCA_TSF_AUTO_REPORT_DISABLE,
+	QCA_TSF_SYNC_START,
+	QCA_TSF_SYNC_STOP,
 };
 
 /**
diff --git a/src/common/sae.c b/src/common/sae.c
index b768c22faa9d..c0f154e9134d 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -290,14 +290,16 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
 	int pwd_seed_odd = 0;
 	u8 prime[SAE_MAX_ECC_PRIME_LEN];
 	size_t prime_len;
-	struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
+	struct crypto_bignum *x = NULL, *y = NULL, *qr = NULL, *qnr = NULL;
 	u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
 	u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
 	u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
 	u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
+	u8 x_y[2 * SAE_MAX_ECC_PRIME_LEN];
 	int res = -1;
 	u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
 		       * mask */
+	unsigned int is_eq;
 
 	os_memset(x_bin, 0, sizeof(x_bin));
 
@@ -396,25 +398,42 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
 		goto fail;
 	}
 
-	if (!sae->tmp->pwe_ecc)
-		sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec);
-	if (!sae->tmp->pwe_ecc)
-		res = -1;
-	else
-		res = crypto_ec_point_solve_y_coord(sae->tmp->ec,
-						    sae->tmp->pwe_ecc, x,
-						    pwd_seed_odd);
-	if (res < 0) {
-		/*
-		 * This should not happen since we already checked that there
-		 * is a result.
-		 */
+	/* y = sqrt(x^3 + ax + b) mod p
+	 * if LSB(save) == LSB(y): PWE = (x, y)
+	 * else: PWE = (x, p - y)
+	 *
+	 * Calculate y and the two possible values for PWE and after that,
+	 * use constant time selection to copy the correct alternative.
+	 */
+	y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x);
+	if (!y ||
+	    dragonfly_sqrt(sae->tmp->ec, y, y) < 0 ||
+	    crypto_bignum_to_bin(y, x_y, SAE_MAX_ECC_PRIME_LEN,
+				 prime_len) < 0 ||
+	    crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||
+	    crypto_bignum_to_bin(y, x_y + SAE_MAX_ECC_PRIME_LEN,
+				 SAE_MAX_ECC_PRIME_LEN, prime_len) < 0) {
 		wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
+		goto fail;
+	}
+
+	is_eq = const_time_eq(pwd_seed_odd, x_y[prime_len - 1] & 0x01);
+	const_time_select_bin(is_eq, x_y, x_y + SAE_MAX_ECC_PRIME_LEN,
+			      prime_len, x_y + prime_len);
+	os_memcpy(x_y, x_bin, prime_len);
+	wpa_hexdump_key(MSG_DEBUG, "SAE: PWE", x_y, 2 * prime_len);
+	crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1);
+	sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y);
+	if (!sae->tmp->pwe_ecc) {
+		wpa_printf(MSG_DEBUG, "SAE: Could not generate PWE");
+		res = -1;
 	}
 
 fail:
+	forced_memzero(x_y, sizeof(x_y));
 	crypto_bignum_deinit(qr, 0);
 	crypto_bignum_deinit(qnr, 0);
+	crypto_bignum_deinit(y, 1);
 	os_free(stub_password);
 	bin_clear_free(tmp_password, password_len);
 	crypto_bignum_deinit(x, 1);
@@ -747,19 +766,9 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,
 	const_time_select_bin(is_qr, bin1, bin2, prime_len, x_y);
 	wpa_hexdump_key(MSG_DEBUG, "SSWU: x = CSEL(l, x1, x2)", x_y, prime_len);
 
-	/* y = sqrt(v)
-	 * For prime p such that p = 3 mod 4 --> v^((p+1)/4) */
-	if (crypto_bignum_to_bin(prime, bin1, sizeof(bin1), prime_len) < 0)
-		goto fail;
-	if ((bin1[prime_len - 1] & 0x03) != 3) {
-		wpa_printf(MSG_DEBUG, "SSWU: prime does not have p = 3 mod 4");
-		goto fail;
-	}
+	/* y = sqrt(v) */
 	y = crypto_bignum_init();
-	if (!y ||
-	    crypto_bignum_add(prime, one, t1) < 0 ||
-	    crypto_bignum_rshift(t1, 2, t1) < 0 ||
-	    crypto_bignum_exptmod(v, t1, prime, y) < 0)
+	if (!y || dragonfly_sqrt(ec, v, y) < 0)
 		goto fail;
 	debug_print_bignum("SSWU: y = sqrt(v)", y, prime_len);
 
diff --git a/src/common/version.h b/src/common/version.h
index 0235c9bf6776..7502f58e0b87 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -9,6 +9,6 @@
 #define GIT_VERSION_STR_POSTFIX ""
 #endif /* GIT_VERSION_STR_POSTFIX */
 
-#define VERSION_STR "2.10-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
+#define VERSION_STR "2.10" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
 
 #endif /* VERSION_H */
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index eb600699d3d0..e6150b0cf16e 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -883,18 +883,6 @@ int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p,
 int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p);
 
 /**
- * crypto_ec_point_solve_y_coord - Solve y coordinate for an x coordinate
- * @e: EC context from crypto_ec_init()
- * @p: EC point to use for the returning the result
- * @x: x coordinate
- * @y_bit: y-bit (0 or 1) for selecting the y value to use
- * Returns: 0 on success, -1 on failure
- */
-int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
-				  struct crypto_ec_point *p,
-				  const struct crypto_bignum *x, int y_bit);
-
-/**
  * crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b
  * @e: EC context from crypto_ec_init()
  * @x: x coordinate
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index ef669c408474..82c85762d84f 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -24,6 +24,9 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #endif /* CONFIG_ECC */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif /* OpenSSL version >= 3.0 */
 
 #include "common.h"
 #include "utils/const_time.h"
@@ -117,6 +120,26 @@ static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
 }
 #endif /* OpenSSL version < 1.1.0 */
 
+
+void openssl_load_legacy_provider(void)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	static bool loaded = false;
+	OSSL_PROVIDER *legacy;
+
+	if (loaded)
+		return;
+
+	legacy = OSSL_PROVIDER_load(NULL, "legacy");
+
+	if (legacy) {
+		OSSL_PROVIDER_load(NULL, "default");
+		loaded = true;
+	}
+#endif /* OpenSSL version >= 3.0 */
+}
+
+
 static BIGNUM * get_group5_prime(void)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
@@ -223,6 +246,7 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
 #ifndef CONFIG_FIPS
 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
+	openssl_load_legacy_provider();
 	return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
 }
 #endif /* CONFIG_FIPS */
@@ -234,6 +258,8 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
 	int i, plen, ret = -1;
 	EVP_CIPHER_CTX *ctx;
 
+	openssl_load_legacy_provider();
+
 	/* Add parity bits to the key */
 	next = 0;
 	for (i = 0; i < 7; i++) {
@@ -271,6 +297,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
 	int res = -1;
 	unsigned char skip_buf[16];
 
+	openssl_load_legacy_provider();
+
 	ctx = EVP_CIPHER_CTX_new();
 	if (!ctx ||
 	    !EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
@@ -1923,48 +1951,27 @@ int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
 }
 
 
-int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
-				  struct crypto_ec_point *p,
-				  const struct crypto_bignum *x, int y_bit)
-{
-	if (TEST_FAIL())
-		return -1;
-	if (!EC_POINT_set_compressed_coordinates_GFp(e->group, (EC_POINT *) p,
-						     (const BIGNUM *) x, y_bit,
-						     e->bnctx) ||
-	    !EC_POINT_is_on_curve(e->group, (EC_POINT *) p, e->bnctx))
-		return -1;
-	return 0;
-}
-
-
 struct crypto_bignum *
 crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
 			      const struct crypto_bignum *x)
 {
-	BIGNUM *tmp, *tmp2, *y_sqr = NULL;
+	BIGNUM *tmp;
 
 	if (TEST_FAIL())
 		return NULL;
 
 	tmp = BN_new();
-	tmp2 = BN_new();
 
-	/* y^2 = x^3 + ax + b */
-	if (tmp && tmp2 &&
+	/* y^2 = x^3 + ax + b = (x^2 + a)x + b */
+	if (tmp &&
 	    BN_mod_sqr(tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
+	    BN_mod_add_quick(tmp, e->a, tmp, e->prime) &&
 	    BN_mod_mul(tmp, tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
-	    BN_mod_mul(tmp2, e->a, (const BIGNUM *) x, e->prime, e->bnctx) &&
-	    BN_mod_add_quick(tmp2, tmp2, tmp, e->prime) &&
-	    BN_mod_add_quick(tmp2, tmp2, e->b, e->prime)) {
-		y_sqr = tmp2;
-		tmp2 = NULL;
-	}
+	    BN_mod_add_quick(tmp, tmp, e->b, e->prime))
+		return (struct crypto_bignum *) tmp;
 
 	BN_clear_free(tmp);
-	BN_clear_free(tmp2);
-
-	return (struct crypto_bignum *) y_sqr;
+	return NULL;
 }
 
 
@@ -2480,12 +2487,13 @@ struct crypto_ec_key * crypto_ec_key_gen(int group)
 		goto fail;
 	}
 
-	eckey = EVP_PKEY_get0_EC_KEY(key);
+	eckey = EVP_PKEY_get1_EC_KEY(key);
 	if (!eckey) {
 		key = NULL;
 		goto fail;
 	}
 	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
+	EC_KEY_free(eckey);
 
 fail:
 	EC_KEY_free(ec_params);
@@ -2595,12 +2603,34 @@ fail:
 	unsigned char *der = NULL;
 	int der_len;
 	struct wpabuf *buf;
+	EC_KEY *eckey;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_PKEY *tmp;
+#endif /* OpenSSL version >= 3.0 */
+
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
+	if (!eckey)
+		return NULL;
 
 	/* For now, all users expect COMPRESSED form */
-	EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key),
-			     POINT_CONVERSION_COMPRESSED);
+	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	tmp = EVP_PKEY_new();
+	if (!tmp)
+		return NULL;
+	if (EVP_PKEY_set1_EC_KEY(tmp, eckey) != 1) {
+		EVP_PKEY_free(tmp);
+		return NULL;
+	}
+	key = (struct crypto_ec_key *) tmp;
+#endif /* OpenSSL version >= 3.0 */
 
 	der_len = i2d_PUBKEY((EVP_PKEY *) key, &der);
+	EC_KEY_free(eckey);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_PKEY_free(tmp);
+#endif /* OpenSSL version >= 3.0 */
 	if (der_len <= 0) {
 		wpa_printf(MSG_INFO, "OpenSSL: i2d_PUBKEY() failed: %s",
 			   ERR_error_string(ERR_get_error(), NULL));
@@ -2623,7 +2653,7 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
 	struct wpabuf *buf;
 	unsigned int key_flags;
 
-	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
 	if (!eckey)
 		return NULL;
 
@@ -2637,6 +2667,7 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
 	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
 
 	der_len = i2d_ECPrivateKey(eckey, &der);
+	EC_KEY_free(eckey);
 	if (der_len <= 0)
 		return NULL;
 	buf = wpabuf_alloc_copy(der, der_len);
@@ -2697,7 +2728,7 @@ struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key,
 const struct crypto_ec_point *
 crypto_ec_key_get_public_key(struct crypto_ec_key *key)
 {
-	EC_KEY *eckey;
+	const EC_KEY *eckey;
 
 	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
 	if (!eckey)
@@ -2709,7 +2740,7 @@ crypto_ec_key_get_public_key(struct crypto_ec_key *key)
 const struct crypto_bignum *
 crypto_ec_key_get_private_key(struct crypto_ec_key *key)
 {
-	EC_KEY *eckey;
+	const EC_KEY *eckey;
 
 	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
 	if (!eckey)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 6f116eb62f53..00ecf61352a1 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1630,30 +1630,6 @@ int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
 }
 
 
-int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
-				  struct crypto_ec_point *p,
-				  const struct crypto_bignum *x, int y_bit)
-{
-	byte buf[1 + 2 * MAX_ECC_BYTES];
-	int ret;
-	int prime_len = crypto_ec_prime_len(e);
-
-	if (TEST_FAIL())
-		return -1;
-
-	buf[0] = y_bit ? ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN;
-	ret = crypto_bignum_to_bin(x, buf + 1, prime_len, prime_len);
-	if (ret <= 0)
-		return -1;
-	ret = wc_ecc_import_point_der(buf, 1 + 2 * ret, e->key.idx,
-				      (ecc_point *) p);
-	if (ret != 0)
-		return -1;
-
-	return 0;
-}
-
-
 struct crypto_bignum *
 crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
 			      const struct crypto_bignum *x)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 203b0f781ff5..c9e00b3af855 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -957,6 +957,10 @@ void * tls_init(const struct tls_config *conf)
 	const char *ciphers;
 
 	if (tls_openssl_ref_count == 0) {
+		void openssl_load_legacy_provider(void);
+
+		openssl_load_legacy_provider();
+
 		tls_global = context = tls_context_new(conf);
 		if (context == NULL)
 			return NULL;
@@ -3019,13 +3023,23 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
 	!defined(LIBRESSL_VERSION_NUMBER) && \
 	!defined(OPENSSL_IS_BORINGSSL)
-	if ((flags & (TLS_CONN_ENABLE_TLSv1_0 | TLS_CONN_ENABLE_TLSv1_1)) &&
-	    SSL_get_security_level(ssl) >= 2) {
-		/*
-		 * Need to drop to security level 1 to allow TLS versions older
-		 * than 1.2 to be used when explicitly enabled in configuration.
-		 */
-		SSL_set_security_level(conn->ssl, 1);
+	{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		int need_level = 0;
+#else
+		int need_level = 1;
+#endif
+
+		if ((flags &
+		     (TLS_CONN_ENABLE_TLSv1_0 | TLS_CONN_ENABLE_TLSv1_1)) &&
+		    SSL_get_security_level(ssl) > need_level) {
+			/*
+			 * Need to drop to security level 1 (or 0  with OpenSSL
+			 * 3.0) to allow TLS versions older than 1.2 to be used
+			 * when explicitly enabled in configuration.
+			 */
+			SSL_set_security_level(conn->ssl, need_level);
+		}
 	}
 #endif
 
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 2b2b8efdbd01..ff22b29b087a 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -127,7 +127,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
 	u8 x_bin[MAX_ECC_PRIME_LEN];
 	u8 prime_bin[MAX_ECC_PRIME_LEN];
-	struct crypto_bignum *tmp2 = NULL;
+	u8 x_y[2 * MAX_ECC_PRIME_LEN];
+	struct crypto_bignum *tmp2 = NULL, *y = NULL;
 	struct crypto_hash *hash;
 	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
 	int ret = 0, res;
@@ -139,6 +140,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	u8 found_ctr = 0, is_odd = 0;
 	int cmp_prime;
 	unsigned int in_range;
+	unsigned int is_eq;
 
 	if (grp->pwe)
 		return -1;
@@ -151,11 +153,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
 				 primebytelen) < 0)
 		return -1;
-	grp->pwe = crypto_ec_point_init(grp->group);
-	if (!grp->pwe) {
-		wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");
-		goto fail;
-	}
 
 	if ((prfbuf = os_malloc(primebytelen)) == NULL) {
 		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
@@ -261,10 +258,37 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	 */
 	crypto_bignum_deinit(x_candidate, 1);
 	x_candidate = crypto_bignum_init_set(x_bin, primebytelen);
-	if (!x_candidate ||
-	    crypto_ec_point_solve_y_coord(grp->group, grp->pwe, x_candidate,
-					  is_odd) != 0) {
-		wpa_printf(MSG_INFO, "EAP-pwd: Could not solve for y");
+	if (!x_candidate)
+		goto fail;
+
+	/* y = sqrt(x^3 + ax + b) mod p
+	 * if LSB(y) == LSB(pwd-seed): PWE = (x, y)
+	 * else: PWE = (x, p - y)
+	 *
+	 * Calculate y and the two possible values for PWE and after that,
+	 * use constant time selection to copy the correct alternative.
+	 */
+	y = crypto_ec_point_compute_y_sqr(grp->group, x_candidate);
+	if (!y ||
+	    dragonfly_sqrt(grp->group, y, y) < 0 ||
+	    crypto_bignum_to_bin(y, x_y, MAX_ECC_PRIME_LEN, primebytelen) < 0 ||
+	    crypto_bignum_sub(prime, y, y) < 0 ||
+	    crypto_bignum_to_bin(y, x_y + MAX_ECC_PRIME_LEN,
+				 MAX_ECC_PRIME_LEN, primebytelen) < 0) {
+		wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
+		goto fail;
+	}
+
+	/* Constant time selection of the y coordinate from the two
+	 * options */
+	is_eq = const_time_eq(is_odd, x_y[primebytelen - 1] & 0x01);
+	const_time_select_bin(is_eq, x_y, x_y + MAX_ECC_PRIME_LEN,
+			      primebytelen, x_y + primebytelen);
+	os_memcpy(x_y, x_bin, primebytelen);
+	wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: PWE", x_y, 2 * primebytelen);
+	grp->pwe = crypto_ec_point_from_bin(grp->group, x_y);
+	if (!grp->pwe) {
+		wpa_printf(MSG_DEBUG, "EAP-pwd: Could not generate PWE");
 		goto fail;
 	}
 
@@ -289,6 +313,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	/* cleanliness and order.... */
 	crypto_bignum_deinit(x_candidate, 1);
 	crypto_bignum_deinit(tmp2, 1);
+	crypto_bignum_deinit(y, 1);
 	crypto_bignum_deinit(qr, 1);
 	crypto_bignum_deinit(qnr, 1);
 	bin_clear_free(prfbuf, primebytelen);
@@ -296,6 +321,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	os_memset(qnr_bin, 0, sizeof(qnr_bin));
 	os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin));
 	os_memset(pwe_digest, 0, sizeof(pwe_digest));
+	forced_memzero(x_y, sizeof(x_y));
 
 	return ret;
 }
diff --git a/tests/.gitignore b/tests/.gitignore
deleted file mode 100644
index f3c8ac941d25..000000000000
--- a/tests/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-test-*
-!test-*.[ch]
-!test-*.sh
diff --git a/tests/Makefile b/tests/Makefile
deleted file mode 100644
index 2d2343b640a5..000000000000
--- a/tests/Makefile
+++ /dev/null
@@ -1,99 +0,0 @@
-ALL=test-base64 test-md4 test-milenage \
-	test-rsa-sig-ver \
-	test-sha1 \
-	test-https test-https_server \
-	test-sha256 test-aes test-x509v3 test-list test-rc4
-
-include ../src/build.rules
-
-ifdef LIBFUZZER
-CC=clang
-CFLAGS = -MMD -O2 -Wall -g
-CFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
-CFLAGS += -DTEST_LIBFUZZER
-LDFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
-TEST_FUZZ=y
-endif
-
-ifdef TEST_FUZZ
-CFLAGS += -DCONFIG_NO_RANDOM_POOL
-CFLAGS += -DTEST_FUZZ
-endif
-
-CFLAGS += -DCONFIG_IEEE80211R_AP
-CFLAGS += -DCONFIG_IEEE80211R
-CFLAGS += -DCONFIG_TDLS
-
-CFLAGS += -I../src
-CFLAGS += -I../src/utils
-
-SLIBS = ../src/utils/libutils.a
-
-DLIBS = ../src/crypto/libcrypto.a \
-	../src/tls/libtls.a
-
-_OBJS_VAR := LLIBS
-include ../src/objs.mk
-_OBJS_VAR := SLIBS
-include ../src/objs.mk
-_OBJS_VAR := DLIBS
-include ../src/objs.mk
-
-LIBS = $(SLIBS) $(DLIBS)
-LLIBS = -Wl,--start-group $(DLIBS) -Wl,--end-group $(SLIBS)
-
-# glibc < 2.17 needs -lrt for clock_gettime()
-LLIBS += -lrt
-
-test-aes: $(call BUILDOBJ,test-aes.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-base64: $(call BUILDOBJ,test-base64.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-https: $(call BUILDOBJ,test-https.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $< $(LLIBS)
-
-test-https_server: $(call BUILDOBJ,test-https_server.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $< $(LLIBS)
-
-test-list: $(call BUILDOBJ,test-list.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-md4: $(call BUILDOBJ,test-md4.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-milenage: $(call BUILDOBJ,test-milenage.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-rc4: $(call BUILDOBJ,test-rc4.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-rsa-sig-ver: $(call BUILDOBJ,test-rsa-sig-ver.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $< $(LLIBS)
-
-test-sha1: $(call BUILDOBJ,test-sha1.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-sha256: $(call BUILDOBJ,test-sha256.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
-
-test-x509v3: $(call BUILDOBJ,test-x509v3.o) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $< $(LLIBS)
-
-
-run-tests: $(ALL)
-	./test-aes
-	./test-list
-	./test-md4
-	./test-milenage
-	./test-rsa-sig-ver
-	./test-sha1
-	./test-sha256
-	@echo
-	@echo All tests completed successfully.
-
-clean: common-clean
-	rm -f *~
-	rm -f test_x509v3_nist.out.*
-	rm -f test_x509v3_nist2.out.*
diff --git a/tests/README b/tests/README
deleted file mode 100644
index 0e2dcffcfbd8..000000000000
--- a/tests/README
+++ /dev/null
@@ -1,123 +0,0 @@
-hostap.git test tools
----------------------
-
-The tests directory with its subdirectories contain number of tools used
-for testing wpa_supplicant and hostapd implementations.
-
-hwsim directory contains the test setup for full system testing of
-wpa_supplicant and hostapd with a simulated radio (mac80211_hwsim). See
-hwsim/READM and hwsim/vm/README for more details.
-
-
-Build testing
--------------
-
-wpa_supplicant and hostapd support number of build option
-combinations. The test scripts in the build subdirectory can be used to
-verify that various combinations do not break the builds. More
-configuration examples can be added there
-(build-{hostapd,wpa_supplicant}-*.config) to get them included in test
-builds.
-
-# Example
-cd build
-./run-build-tests.h
-
-
-Fuzz testing
-------------
-
-Newer fuzz testing tools are under the fuzzing directory. See
-fuzzing/README for more details on them. The following text describes
-the older fuzz testing tools that are subject to removal once the same
-newer tools have the same coverage available.
-
-Number of the test tools here can be used for fuzz testing with tools
-like American fuzzy lop (afl-fuzz) that are designed to modify an
-external file for program input. ap-mgmt-fuzzer, eapol-fuzzer,
-test-eapol, test-json, test-tls, and test-x509 are examples of such
-tools that expose hostap.git module functionality with input from a file
-specified on the command line.
-
-Here are some examples of how fuzzing can be performed:
-
-##### JSON parser
-make clean
-CC=afl-gcc make test-json
-mkdir json-examples
-cat > json-examples/1.json <<EOF
-{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
-EOF
-afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@
-
-Alternatively, using libFuzzer from LLVM:
-make clean
-make test-json LIBFUZZER=y
-mkdir json-examples
-cat > json-examples/1.json <<EOF
-{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
-EOF
-./test-json json-examples
-
-##### EAPOL-Key Supplicant
-make clean
-CC=afl-gcc make test-eapol TEST_FUZZ=y
-mkdir eapol-auth-examples
-./test-eapol auth write eapol-auth-examples/auth.msg
-afl-fuzz -i eapol-auth-examples -o eapol-auth-findings -- $PWD/test-eapol auth read @@
-
-##### EAPOL-Key Authenticator
-make clean
-CC=afl-gcc make test-eapol TEST_FUZZ=y
-mkdir eapol-supp-examples
-./test-eapol supp write eapol-supp-examples/supp.msg
-afl-fuzz -i eapol-supp-examples -o eapol-supp-findings -- $PWD/test-eapol supp read @@
-
-##### TLS client
-make clean
-CC=afl-gcc make test-tls TEST_FUZZ=y
-mkdir tls-server-examples
-./test-tls server write tls-server-examples/server.msg
-afl-fuzz -i tls-server-examples -o tls-server-findings -- $PWD/test-tls server read @@
-
-##### TLS server
-make clean
-CC=afl-gcc make test-tls TEST_FUZZ=y
-mkdir tls-client-examples
-./test-tls client write tls-client-examples/client.msg
-afl-fuzz -i tls-client-examples -o tls-client-findings -- $PWD/test-tls client read @@
-
-##### AP management frame processing
-cd ap-mgmt-fuzzer
-make clean
-CC=afl-gcc make
-mkdir multi-examples
-cp multi.dat multi-examples
-afl-fuzz -i multi-examples -o multi-findings -- $PWD/ap-mgmt-fuzzer -m @@
-
-##### EAPOL-Key Supplicant (separate)
-cd eapol-fuzzer
-make clean
-CC=afl-gcc make
-mkdir eapol-examples
-cp *.dat eapol-examples
-afl-fuzz -i eapol-examples -o eapol-findings -- $PWD/eapol-fuzzer @@
-
-##### P2P
-cd p2p-fuzzer
-make clean
-CC=afl-gcc make
-mkdir p2p-proberesp-examples
-cp proberesp*.dat p2p-proberesp-examples
-afl-fuzz -i p2p-proberesp-examples -o p2p-proberesp-findings -- $PWD/p2p-fuzzer proberesp @@
-mkdir p2p-action-examples
-cp go*.dat inv*.dat p2ps*.dat p2p-action-examples
-afl-fuzz -i p2p-action-examples -o p2p-action-findings -- $PWD/p2p-fuzzer action @@
-
-##### WNM
-cd wnm-fuzzer
-make clean
-CC=afl-gcc make
-mkdir wnm-examples
-cp *.dat wnm-examples
-afl-fuzz -i wnm-examples -o wnm-findings -- $PWD/wnm-fuzzer @@
diff --git a/tests/cipher-and-key-mgmt-testing.txt b/tests/cipher-and-key-mgmt-testing.txt
deleted file mode 100644
index 1b93b777e556..000000000000
--- a/tests/cipher-and-key-mgmt-testing.txt
+++ /dev/null
@@ -1,377 +0,0 @@
-Cipher suite (CCMP, TKIP, GCMP, ..) and key management testing
-==============================================================
-
-wpa_supplicant and hostapd include number of extensions that allow
-special test builds to be used for testing functionality related to
-correct implementation of IEEE 802.11. These extensions allow behavior
-to be modified and invalid operations to be performed to verify behavior
-of other devices in unexpected situations. While most of the testing
-extensions are focused on the fully automated testing framework with
-mac80211_hwsim (see tests/hwsim subdirectory), many of these can be used
-for over-the-air testing of the protocol as well.
-
-Since some of the testing extensions can result in exposing key
-information or allowing non-compliant behavior, these changes are
-disabled in default wpa_supplicant and hostapd builds for production
-purposes. Testing functionality can be enabled by adding
-CONFIG_TESTING_OPTIONS=y into build configuration (hostapd/.config and
-wpa_supplicant/.config).
-
-
-Testing setup
--------------
-
-These tests can be run as black-box testing without having to modify the
-tested device at all or without knowing details of its
-functionality. The test commands in wpa_supplicant/hostapd control
-interfaces are used to perform unexpected operations and normal data
-traffic is used to verify reaction of the tested device to such
-operations.
-
-In theory, the test functionality is available with most drivers
-supported by wpa_supplicant/hostapd, but the most reliable results are
-likely available through ath9k-based devices. If you are using something
-else, it is strongly recommended that you'll run the first tests with
-sniffer captures and verify that the test tools are behaving correctly.
-
-wpa_supplicant is used to control a test device in station mode to test
-an AP and hostapd is similarly used to control a test device in AP mode
-to test a station.
-
-Various data traffic generators could be used to test the behavior, but
-this document focuses on using ping to test unicast traffic and arping
-to test broadcast traffic. To keep things simple and to reduce
-interference from unrelated traffic, the steps here assume static IPv4
-addresses are used and IPv6 is disabled.
-
-The tests here use WPA2-Personal for simplicity. WPA2-Enterprise and
-other cipher suites can also be tested for more complete coverage.
-
-Example hostapd.conf for the test tool in AP mode:
-
-driver=nl80211
-hw_mode=g
-channel=1
-ieee80211n=1
-interface=wlan0
-ctrl_interface=/var/run/hostapd
-ctrl_interface_group=adm
-ssid=test-psk
-wpa=2
-wpa_key_mgmt=WPA-PSK
-wpa_pairwise=CCMP
-wpa_passphrase=12345678
-
-Example wpa_supplicant.conf for the test tool in station mode:
-
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=adm
-
-network={
-    ssid="test-psk"
-    key_mgmt=WPA-PSK
-    psk="12345678"
-}
-
-The examples in this document assume following IPv4 address
-configuration:
-
-Test tool (either AP or station mode): 192.168.1.1/24
-Device under test: 192.168.1.2/24
-
-
-Data traffic tests
-------------------
-
-ping is used to test whether unicast frames go through on the data
-link. It should be noted that ping may need to use broadcast ARP at the
-beginning if the other device is not yet in the ARP table, so working
-broadcast and unicast connectivity may be needed to get this started.
-
-Example:
-
-$ ping -n -c 5 192.168.1.2
-PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
-64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=43.7 ms
-64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=67.9 ms
-64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=900 ms
-64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=5.81 ms
-64 bytes from 192.168.1.2: icmp_seq=5 ttl=64 time=135 ms
-
---- 192.168.1.2 ping statistics ---
-5 packets transmitted, 5 received, 0% packet loss, time 4004ms
-rtt min/avg/max/mdev = 5.811/230.605/900.223/337.451 ms
-
-This shows working unicast data connectivity.
-
-$ ping -n -c 5 192.168.1.2
-PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
-
---- 192.168.1.2 ping statistics ---
-5 packets transmitted, 0 received, 100% packet loss, time 4033ms
-
-This shows not working unicast data connectivity.
-
-
-arping is used to test broadcast connectivity.
-
-Example:
-
-$ arping -b -I wlan0 192.168.1.2 -c 5
-ARPING 192.168.1.2 from 192.168.1.1 wlan0
-Unicast reply from 192.168.1.2 [<DUT MAC address>]  119.695ms
-Unicast reply from 192.168.1.2 [<DUT MAC address>]  144.496ms
-Unicast reply from 192.168.1.2 [<DUT MAC address>]  166.788ms
-Unicast reply from 192.168.1.2 [<DUT MAC address>]  2.283ms
-Unicast reply from 192.168.1.2 [<DUT MAC address>]  2.234ms
-Sent 5 probes (5 broadcast(s))
-Received 5 response(s)
-
-This shows working broadcast data connectivity.
-
-$ arping -b -I wlan0 192.168.1.2 -c 5
-ARPING 192.168.1.2 from 192.168.1.1 wlan0
-Sent 5 probes (5 broadcast(s))
-Received 0 response(s)
-
-This shows not working broadcast data connectivity.
-
-If testing results do not look consistent, the testing state can be
-cleared by disconnection and reconnecting the station (the test tool or
-the DUT) to the network.
-
-
-Sniffer and wlantest
---------------------
-
-It is useful to get a wireless sniffer capture from the operating
-channel of the AP to be able to confirm DUT behavior if any of the data
-tests indicate reason to believe something is not working as expected.
-
-wlantest (from the wlantest directory of hostap.git) can be used to
-decrypt and analyze a sniffer capture. For example:
-
-wlantest -r wlan0.pcap -n decrypted.pcap -p 12345678
-
-The debug prints and comments in the generated file indicate where
-unexpected behavior has been detected, e.g., when the test tool ends up
-clearing its packet number to test replay protection. That can help in
-checking whether the DUT actually replies to a frame that it was
-supposed to drop due replay.
-
-
-Testing replay protection on a station device
----------------------------------------------
-
-Start hostapd and use hostapd_cli on the test device to control testing
-operations. Connect the DUT to the network.
-
-<3>AP-STA-CONNECTED <DUT MAC address>
-
-This indicates that the connection was completed successfully.
-
-Verify that broadcast and unicast traffic works correctly (if not,
-something is wrong in the test setup and that needs to be resolved
-before being able to run any tests).
-
-Verify that unicast traffic works and issue the following command in
-hostapd_cli:
-
-> raw RESET_PN <DUT MAC address>
-OK
-
-Verify that unicast traffic does not work anymore. If it does, the DUT
-does not implement replay protection correctly for unicast frames. Note
-that unicast traffic can recover once the packet number from the test
-device increases beyond the value used prior to that RESET_PN command.
-
-
-Verify that broadcast traffic works and issue the following command in
-hostapd_cli:
-
-> raw RESET_PN ff:ff:ff:ff:ff:ff
-OK
-
-Verify that broadcast traffic does not work anymore. If it does, the DUT
-does not implement replay protection correctly for broadcast
-frames. Note that broadcast traffic can recover once the packet number
-from the test device increases beyond the value used prior to that
-RESET_PN command.
-
-
-Testing replay protection on an AP device
------------------------------------------
-
-Start the AP (DUT) and start wpa_supplicant on the test device to
-connect to the network. Use wpa_cli to control the test device.
-
-<3>SME: Trying to authenticate with <DUT MAC address> (SSID='test-psk' freq=5240 MHz)
-<3>CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
-<3>Trying to associate with <DUT MAC address> (SSID='test-psk' freq=5240 MHz)
-<3>Associated with <DUT MAC address>
-<3>WPA: Key negotiation completed with <DUT MAC address> [PTK=CCMP GTK=CCMP]
-<3>CTRL-EVENT-CONNECTED - Connection to <DUT MAC address> completed [id=0 id_str=]
-
-Verify that unicast traffic works and issue the following command in
-wpa_cli:
-
-> raw RESET_PN
-OK
-
-Verify that unicast traffic does not work anymore. If it does, the DUT
-does not implement replay protection correctly. Note that unicast
-traffic can recover once the packet number from the test device
-increases beyond the value used prior to that RESET_PN command.
-
-IEEE 802.11 protocol uses unicast frames in station-to-AP direction, so
-there is no need to test AP replay protection behavior separately with
-the broadcast IPv4 traffic (which would be converted to unicast frames
-on the link layer).
-
-
-Testing GTK reinstallation protection on a station device (group handshake)
----------------------------------------------------------------------------
-
-Use the procedure describe above for testing replay protection, but with
-the following hostapd_cli commands:
-
-Test broadcast connectivity; should work
-
-> raw RESEND_GROUP_M1 <DUT MAC address>
-OK
-> raw RESET_PN ff:ff:ff:ff:ff:ff
-OK
-
-Test broadcast connectivity; should not work; if it does, the device
-does not implement protection for delayed retransmission of Group Key
-Message 1/2.
-
-
-Testing GTK reinstallation protection on a station device (4-way handshake)
----------------------------------------------------------------------------
-
-Use the procedure described above for testing replay protection for
-broadcast traffic, but with the following hostapd_cli commands:
-
-Test broadcast connectivity; should work
-
-> raw RESEND_M3 <DUT MAC address>
-OK
-> raw RESET_PN ff:ff:ff:ff:ff:ff
-OK
-
-Test broadcast connectivity; should not work; if it does, the device
-does not implement protection for delayed retransmission of 4-way
-handshake EAPOL-Key Message 3/4.
-
-Variant 1: Include extra Message 1/4
-
-Otherwise same as above, but replace RESEND_M3 command with:
-
-> raw RESEND_M1 <DUT MAC address>
-OK
-> raw RESEND_M3 <DUT MAC address>
-OK
-
-Variant 2: Include two extra Message 1/4
-
-Otherwise same as above, but replace RESEND_M3 command with:
-
-> raw RESEND_M1 <DUT MAC address> change-anonce
-OK
-> raw RESEND_M1 <DUT MAC address>
-OK
-> raw RESEND_M3 <DUT MAC address>
-OK
-
-
-Testing TK reinstallation protection on a station device (4-way handshake)
---------------------------------------------------------------------------
-
-Use the procedure described above for testing replay protection for
-unicast traffic, but with the following hostapd_cli commands:
-
-Test unicast connectivity; should work
-
-> raw RESEND_M3 <DUT MAC address>
-OK
-> raw RESET_PN <DUT MAC address>
-OK
-
-Test unicast connectivity; should not work; if it does, the device
-does not implement protection for delayed retransmission of 4-way
-handshake EAPOL-Key Message 3/4.
-
-Variant 1: Include extra Message 1/4
-
-Otherwise same as above, but replace RESEND_M3 command with:
-
-> raw RESEND_M1 <DUT MAC address>
-OK
-> raw RESEND_M3 <DUT MAC address>
-OK
-
-Variant 2: Include two extra Message 1/4
-
-Otherwise same as above, but replace RESEND_M3 command with:
-
-> raw RESEND_M1 <DUT MAC address> change-anonce
-OK
-> raw RESEND_M1 <DUT MAC address>
-OK
-> raw RESEND_M3 <DUT MAC address>
-OK
-
-
-Testing ANonce generation on an AP device
------------------------------------------
-
-Start the AP (DUT) and start wpa_supplicant on the test device to
-connect to the network. Use wpa_cli to control the test device.
-
-<3>SME: Trying to authenticate with <DUT MAC address> (SSID='test-psk' freq=5240 MHz)
-<3>CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
-<3>Trying to associate with <DUT MAC address> (SSID='test-psk' freq=5240 MHz)
-<3>Associated with <DUT MAC address>
-<3>WPA: Key negotiation completed with <DUT MAC address> [PTK=CCMP GTK=CCMP]
-<3>CTRL-EVENT-CONNECTED - Connection to <DUT MAC address> completed [id=0 id_str=]
-
-Show the ANonce from the first 4-way handshake, request PTK rekeying,
-and show the ANonce from the second 4-way handshake:
-
-> GET anonce
-df8c61d1f1f7aca9f1739dd888199547f4af2b8b07f8bf15b45ea271da0072b2
-> raw KEY_REQUEST 0 1
-OK
-> GET anonce
-d8ddcb716f28abfdf1352a05d51e7a70f58802122e99d13c730c3c0f09594aac
-
-If the ANonce values are same, the AP did not update the ANonce for
-rekeying (it should have as shown in the example above).
-
-
-Testing FT Reassociation Request frame retransmission on an AP device
----------------------------------------------------------------------
-
-This test case requires a sniffer to be used and manually analyzed.
-
-Enable FT on the DUT AP (likely two AP devices needed), connect test
-tool to the AP using FT protocol (e.g., connect to another AP first and
-then use the "ROAM <BSSID>" command), and do the following steps:
-
-- verify unicast traffic from the AP to test station (either ping from
-  the AP or from a device behind the AP); this needs to work
-- wpa_cli "raw RESEND_ASSOC"
-- verify unicast traffic from the AP to test station (either ping from
-  the AP or from a device behind the AP); this is likely to fail, but
-  the real analysis is done based on the sniffer capture
-
-In the sniffer capture, find the last Reassociation Request frame from
-the test station (this is more or less identical to the previous one and
-the only one that should not have Authentication frame exchange before
-it). Look at the last used PN in a unicast Data frame from the AP to the
-test station before the last Reassociation Request frame and the PN in
-the following unicast Data frame after the last Reassociation Request
-frame. If the PN goes down (e.g., is reset to 1), this would be a sign
-of a likely security vulnerability. The AP's TK configuration should be
-verified (i.e., whether it is configuring the same TK again and then
-allowing it to be used with reused PN values).
diff --git a/tests/fuzzing/README b/tests/fuzzing/README
deleted file mode 100644
index 9ba0f176f2cd..000000000000
--- a/tests/fuzzing/README
+++ /dev/null
@@ -1,23 +0,0 @@
-hostap.git fuzz testing
------------------------
-
-These tools can be used for fuzz testing of various components used
-within wpa_supplicant and hostapd. Each directory contains a fuzzing
-tool that focuses on one input handler. Each tool can be compiled either
-to work with the libFuzzer or as a separate tool that reads the input
-from a file specified on the command line, e.g., for American fuzzy lop
-(afl-fuzz). Example test corpus is included in */corpus directory.
-
-Example fuzzing with libFuzzer
-
-cd @TOOL@
-make clean
-make LIBFUZZER=y
-./@TOOL@ corpus
-
-Example fuzzing with afl-fuzz
-
-cd @TOOL@
-make clean
-CC=afl-gcc make
-afl-fuzz -i corpus -o findings -- $PWD/@TOOL@ @@
diff --git a/tests/fuzzing/ap-mgmt/.gitignore b/tests/fuzzing/ap-mgmt/.gitignore
deleted file mode 100644
index 8d79d3c8062d..000000000000
--- a/tests/fuzzing/ap-mgmt/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-ap-mgmt
diff --git a/tests/fuzzing/ap-mgmt/Makefile b/tests/fuzzing/ap-mgmt/Makefile
deleted file mode 100644
index 74b6a02da3fd..000000000000
--- a/tests/fuzzing/ap-mgmt/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-ALL=ap-mgmt
-include ../rules.include
-
-CFLAGS += -DCONFIG_WNM
-CFLAGS += -DCONFIG_INTERWORKING
-CFLAGS += -DCONFIG_GAS
-CFLAGS += -DCONFIG_HS20
-CFLAGS += -DIEEE8021X_EAPOL
-CFLAGS += -DNEED_AP_MLME
-CFLAGS += -DCONFIG_AIRTIME_POLICY
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/wps/libwps.a
-LIBS += $(SRC)/eap_server/libeap_server.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/ap/libap.a
-LIBS += $(SRC)/eapol_auth/libeapol_auth.a
-LIBS += $(SRC)/radius/libradius.a
-LIBS += $(SRC)/utils/libutils.a
-
-ELIBS += $(SRC)/crypto/libcrypto.a
-ELIBS += $(SRC)/tls/libtls.a
-
-OBJS += $(SRC)/drivers/driver_common.o
-
-OBJS += ap-mgmt.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-_OBJS_VAR := ELIBS
-include ../../../src/objs.mk
-
-ap-mgmt: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	rm -f ap-mgmt *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/ap-mgmt/ap-mgmt.c b/tests/fuzzing/ap-mgmt/ap-mgmt.c
deleted file mode 100644
index d49ac5f08aea..000000000000
--- a/tests/fuzzing/ap-mgmt/ap-mgmt.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * hostapd - Management frame fuzzer
- * Copyright (c) 2015-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "ap/hostapd.h"
-#include "ap/hw_features.h"
-#include "ap/ieee802_11.h"
-#include "ap/sta_info.h"
-#include "ap/ap_list.h"
-#include "../fuzzer-common.h"
-
-
-const struct wpa_driver_ops *const wpa_drivers[] =
-{
-	NULL
-};
-
-
-struct arg_ctx {
-	const u8 *data;
-	size_t data_len;
-	struct hostapd_iface iface;
-	struct hostapd_data hapd;
-	struct wpa_driver_ops driver;
-	struct hostapd_config iconf;
-	struct hostapd_bss_config conf;
-};
-
-
-static void test_send_mgmt(void *eloop_data, void *user_ctx)
-{
-	struct arg_ctx *ctx = eloop_data;
-	struct hostapd_frame_info fi;
-	const u8 *pos, *end;
-
-	os_memset(&fi, 0, sizeof(fi));
-
-	pos = ctx->data;
-	end = pos + ctx->data_len;
-
-	while (end - pos > 2) {
-		u16 flen;
-
-		flen = WPA_GET_BE16(pos);
-		pos += 2;
-		if (end - pos < flen)
-			break;
-		wpa_hexdump(MSG_MSGDUMP, "fuzzer - frame", pos, flen);
-		ieee802_11_mgmt(&ctx->hapd, pos, flen, &fi);
-		pos += flen;
-	}
-
-	eloop_terminate();
-}
-
-
-static struct hostapd_hw_modes * gen_modes(void)
-{
-	struct hostapd_hw_modes *mode;
-	struct hostapd_channel_data *chan;
-
-	mode = os_zalloc(sizeof(struct hostapd_hw_modes));
-	if (!mode)
-		return NULL;
-
-	mode->mode = HOSTAPD_MODE_IEEE80211G;
-	chan = os_zalloc(sizeof(struct hostapd_channel_data));
-	if (!chan) {
-		os_free(mode);
-		return NULL;
-	}
-	chan->chan = 1;
-	chan->freq = 2412;
-	mode->channels = chan;
-	mode->num_channels = 1;
-
-	mode->rates = os_zalloc(sizeof(int));
-	if (!mode->rates) {
-		os_free(chan);
-		os_free(mode);
-		return NULL;
-	}
-	mode->rates[0] = 10;
-	mode->num_rates = 1;
-
-	return mode;
-}
-
-
-static int init_hapd(struct arg_ctx *ctx)
-{
-	struct hostapd_data *hapd = &ctx->hapd;
-	struct sta_info *sta;
-	struct hostapd_bss_config *bss;
-
-	hapd->driver = &ctx->driver;
-	os_memcpy(hapd->own_addr, "\x02\x00\x00\x00\x03\x00", ETH_ALEN);
-	hapd->iface = &ctx->iface;
-	hapd->iface->conf = hostapd_config_defaults();
-	if (!hapd->iface->conf)
-		return -1;
-	hapd->iface->hw_features = gen_modes();
-	hapd->iface->num_hw_features = 1;
-	hapd->iface->current_mode = hapd->iface->hw_features;
-	hapd->iconf = hapd->iface->conf;
-	hapd->iconf->hw_mode = HOSTAPD_MODE_IEEE80211G;
-	hapd->iconf->channel = 1;
-	bss = hapd->conf = hapd->iconf->bss[0];
-	hostapd_config_defaults_bss(hapd->conf);
-	os_memcpy(bss->ssid.ssid, "test", 4);
-	bss->ssid.ssid_len = 4;
-	bss->ssid.ssid_set = 1;
-
-	sta = ap_sta_add(hapd, (u8 *) "\x02\x00\x00\x00\x00\x00");
-	if (sta)
-		sta->flags |= WLAN_STA_ASSOC | WLAN_STA_WMM;
-
-	return 0;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct arg_ctx ctx;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return 0;
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		return 0;
-	}
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	ctx.data = data;
-	ctx.data_len = size;
-
-	if (init_hapd(&ctx))
-		goto fail;
-
-	eloop_register_timeout(0, 0, test_send_mgmt, &ctx, NULL);
-
-	wpa_printf(MSG_DEBUG, "Starting eloop");
-	eloop_run();
-	wpa_printf(MSG_DEBUG, "eloop done");
-	hostapd_free_stas(&ctx.hapd);
-	hostapd_free_hw_features(ctx.hapd.iface->hw_features,
-				 ctx.hapd.iface->num_hw_features);
-
-fail:
-	hostapd_config_free(ctx.hapd.iconf);
-	ap_list_deinit(&ctx.iface);
-	eloop_destroy();
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/ap-mgmt/corpus/multi-sae-ffc.dat b/tests/fuzzing/ap-mgmt/corpus/multi-sae-ffc.dat
deleted file mode 100644
index 8c0059d5f322..000000000000
--- a/tests/fuzzing/ap-mgmt/corpus/multi-sae-ffc.dat
+++ /dev/null
diff --git a/tests/fuzzing/ap-mgmt/corpus/multi-sae.dat b/tests/fuzzing/ap-mgmt/corpus/multi-sae.dat
deleted file mode 100644
index 31a0d091dba9..000000000000
--- a/tests/fuzzing/ap-mgmt/corpus/multi-sae.dat
+++ /dev/null
diff --git a/tests/fuzzing/ap-mgmt/corpus/multi.dat b/tests/fuzzing/ap-mgmt/corpus/multi.dat
deleted file mode 100644
index 29d074e0c414..000000000000
--- a/tests/fuzzing/ap-mgmt/corpus/multi.dat
+++ /dev/null
diff --git a/tests/fuzzing/asn1/.gitignore b/tests/fuzzing/asn1/.gitignore
deleted file mode 100644
index 69d0e5c726be..000000000000
--- a/tests/fuzzing/asn1/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-asn1
diff --git a/tests/fuzzing/asn1/Makefile b/tests/fuzzing/asn1/Makefile
deleted file mode 100644
index 274641a406bb..000000000000
--- a/tests/fuzzing/asn1/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-ALL=asn1
-include ../rules.include
-
-OBJS += $(SRC)/utils/common.o
-OBJS += $(SRC)/utils/os_unix.o
-OBJS += $(SRC)/utils/wpa_debug.o
-OBJS += $(SRC)/utils/wpabuf.o
-OBJS += $(SRC)/tls/asn1.o
-
-OBJS += asn1.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-asn1: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	$(MAKE) -C $(SRC) clean
-	rm -f asn1 *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/asn1/asn1.c b/tests/fuzzing/asn1/asn1.c
deleted file mode 100644
index 2cd18fe994ef..000000000000
--- a/tests/fuzzing/asn1/asn1.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Fuzzing tool for ASN.1 routines
- * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "tls/asn1.h"
-#include "../fuzzer-common.h"
-
-
-static const char * asn1_class_str(int class)
-{
-	switch (class) {
-	case ASN1_CLASS_UNIVERSAL:
-		return "Universal";
-	case ASN1_CLASS_APPLICATION:
-		return "Application";
-	case ASN1_CLASS_CONTEXT_SPECIFIC:
-		return "Context-specific";
-	case ASN1_CLASS_PRIVATE:
-		return "Private";
-	default:
-		return "?";
-	}
-}
-
-
-static int asn1_parse(const u8 *buf, size_t len, int level)
-{
-	const u8 *pos, *prev, *end;
-	char prefix[10], str[100];
-	int _level;
-	struct asn1_hdr hdr;
-	struct asn1_oid oid;
-	u8 tmp;
-
-	_level = level;
-	if ((size_t) _level > sizeof(prefix) - 1)
-		_level = sizeof(prefix) - 1;
-	memset(prefix, ' ', _level);
-	prefix[_level] = '\0';
-
-	pos = buf;
-	end = buf + len;
-
-	while (pos < end) {
-		if (asn1_get_next(pos, end - pos, &hdr) < 0)
-			return -1;
-
-		prev = pos;
-		pos = hdr.payload;
-
-		wpa_printf(MSG_MSGDUMP, "ASN.1:%s Class %d(%s) P/C %d(%s) "
-			   "Tag %u Length %u",
-			   prefix, hdr.class, asn1_class_str(hdr.class),
-			   hdr.constructed,
-			   hdr.constructed ? "Constructed" : "Primitive",
-			   hdr.tag, hdr.length);
-
-		if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC &&
-		    hdr.constructed) {
-			if (asn1_parse(pos, hdr.length, level + 1) < 0)
-				return -1;
-			pos += hdr.length;
-		}
-
-		if (hdr.class != ASN1_CLASS_UNIVERSAL)
-			continue;
-
-		switch (hdr.tag) {
-		case ASN1_TAG_EOC:
-			if (hdr.length) {
-				wpa_printf(MSG_DEBUG, "ASN.1: Non-zero "
-					   "end-of-contents length (%u)",
-					   hdr.length);
-				return -1;
-			}
-			wpa_printf(MSG_MSGDUMP, "ASN.1:%s EOC", prefix);
-			break;
-		case ASN1_TAG_BOOLEAN:
-			if (hdr.length != 1) {
-				wpa_printf(MSG_DEBUG, "ASN.1: Unexpected "
-					   "Boolean length (%u)", hdr.length);
-				return -1;
-			}
-			tmp = *pos++;
-			wpa_printf(MSG_MSGDUMP, "ASN.1:%s Boolean %s",
-				   prefix, tmp ? "TRUE" : "FALSE");
-			break;
-		case ASN1_TAG_INTEGER:
-			wpa_hexdump(MSG_MSGDUMP, "ASN.1: INTEGER",
-				    pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_BITSTRING:
-			wpa_hexdump(MSG_MSGDUMP, "ASN.1: BitString",
-				    pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_OCTETSTRING:
-			wpa_hexdump(MSG_MSGDUMP, "ASN.1: OctetString",
-				    pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_NULL:
-			if (hdr.length) {
-				wpa_printf(MSG_DEBUG, "ASN.1: Non-zero Null "
-					   "length (%u)", hdr.length);
-				return -1;
-			}
-			wpa_printf(MSG_MSGDUMP, "ASN.1:%s Null", prefix);
-			break;
-		case ASN1_TAG_OID:
-			if (asn1_get_oid(prev, end - prev, &oid, &prev) < 0) {
-				wpa_printf(MSG_DEBUG, "ASN.1: Invalid OID");
-				return -1;
-			}
-			asn1_oid_to_str(&oid, str, sizeof(str));
-			wpa_printf(MSG_DEBUG, "ASN.1:%s OID %s", prefix, str);
-			pos += hdr.length;
-			break;
-		case ANS1_TAG_RELATIVE_OID:
-			wpa_hexdump(MSG_MSGDUMP, "ASN.1: Relative OID",
-				    pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_SEQUENCE:
-			wpa_printf(MSG_MSGDUMP, "ASN.1:%s SEQUENCE", prefix);
-			if (asn1_parse(pos, hdr.length, level + 1) < 0)
-				return -1;
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_SET:
-			wpa_printf(MSG_MSGDUMP, "ASN.1:%s SET", prefix);
-			if (asn1_parse(pos, hdr.length, level + 1) < 0)
-				return -1;
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_PRINTABLESTRING:
-			wpa_hexdump_ascii(MSG_MSGDUMP,
-					  "ASN.1: PrintableString",
-					  pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_IA5STRING:
-			wpa_hexdump_ascii(MSG_MSGDUMP, "ASN.1: IA5String",
-					  pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_UTCTIME:
-			wpa_hexdump_ascii(MSG_MSGDUMP, "ASN.1: UTCTIME",
-					  pos, hdr.length);
-			pos += hdr.length;
-			break;
-		case ASN1_TAG_VISIBLESTRING:
-			wpa_hexdump_ascii(MSG_MSGDUMP, "ASN.1: VisibleString",
-					  pos, hdr.length);
-			pos += hdr.length;
-			break;
-		default:
-			wpa_printf(MSG_DEBUG, "ASN.1: Unknown tag %d",
-				   hdr.tag);
-			return -1;
-		}
-	}
-
-	return 0;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	wpa_fuzzer_set_debug_level();
-
-	if (asn1_parse(data, size, 0) < 0)
-		wpa_printf(MSG_DEBUG, "Failed to parse DER ASN.1");
-
-	return 0;
-}
diff --git a/tests/fuzzing/asn1/corpus/ca.der b/tests/fuzzing/asn1/corpus/ca.der
deleted file mode 100644
index 09d5fa051bf3..000000000000
--- a/tests/fuzzing/asn1/corpus/ca.der
+++ /dev/null
diff --git a/tests/fuzzing/asn1/corpus/ocsp-multi-server-cache.der b/tests/fuzzing/asn1/corpus/ocsp-multi-server-cache.der
deleted file mode 100644
index 36be8118aa1d..000000000000
--- a/tests/fuzzing/asn1/corpus/ocsp-multi-server-cache.der
+++ /dev/null
diff --git a/tests/fuzzing/asn1/corpus/ocsp-req.der b/tests/fuzzing/asn1/corpus/ocsp-req.der
deleted file mode 100644
index 3a70e3872d4c..000000000000
--- a/tests/fuzzing/asn1/corpus/ocsp-req.der
+++ /dev/null
diff --git a/tests/fuzzing/build-test.sh b/tests/fuzzing/build-test.sh
deleted file mode 100755
index 26c94cca833d..000000000000
--- a/tests/fuzzing/build-test.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-
-error()
-{
-    echo "Build test failed"
-    exit 1
-}
-
-for i in *; do
-    if [ -d $i ]; then
-	cd $i
-	make clean
-	make -j8 || error
-	make clean
-	cd ..
-    fi
-done
-
-echo "Build test succeeded"
diff --git a/tests/fuzzing/dpp-uri/.gitignore b/tests/fuzzing/dpp-uri/.gitignore
deleted file mode 100644
index 6dd276499bef..000000000000
--- a/tests/fuzzing/dpp-uri/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-dpp-uri
diff --git a/tests/fuzzing/dpp-uri/Makefile b/tests/fuzzing/dpp-uri/Makefile
deleted file mode 100644
index 1c1bab631a04..000000000000
--- a/tests/fuzzing/dpp-uri/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-all: dpp-uri
-include ../rules.include
-
-CFLAGS += -DCONFIG_DPP
-CFLAGS += -DCONFIG_DPP2
-CFLAGS += -DCONFIG_SHA256
-CFLAGS += -DCONFIG_SHA384
-CFLAGS += -DCONFIG_SHA512
-CFLAGS += -DCONFIG_ECC
-CFLAGS += -DCONFIG_OPENSSL_CMAC
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += $(SRC)/crypto/crypto_openssl.o
-
-OBJS += $(SRC)/crypto/aes-ctr.o
-OBJS += $(SRC)/crypto/aes-siv.o
-OBJS += $(SRC)/crypto/sha256-kdf.o
-OBJS += $(SRC)/crypto/sha384-kdf.o
-OBJS += $(SRC)/crypto/sha512-kdf.o
-OBJS += $(SRC)/tls/asn1.o
-OBJS += $(SRC)/common/dpp.o
-OBJS += $(SRC)/common/dpp_auth.o
-OBJS += $(SRC)/common/dpp_backup.o
-OBJS += $(SRC)/common/dpp_crypto.o
-OBJS += $(SRC)/common/dpp_pkex.o
-OBJS += $(SRC)/common/dpp_reconfig.o
-OBJS += $(SRC)/common/dpp_tcp.o
-
-OBJS += dpp-uri.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-dpp-uri: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ -lcrypto
-
-clean: common-clean
-	rm -f dpp-uri *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/dpp-uri/corpus/1.dat b/tests/fuzzing/dpp-uri/corpus/1.dat
deleted file mode 100644
index b2387e09ad07..000000000000
--- a/tests/fuzzing/dpp-uri/corpus/1.dat
+++ /dev/null
@@ -1 +0,0 @@
-DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;
\ No newline at end of file
diff --git a/tests/fuzzing/dpp-uri/corpus/2.dat b/tests/fuzzing/dpp-uri/corpus/2.dat
deleted file mode 100644
index ee2ff90dd360..000000000000
--- a/tests/fuzzing/dpp-uri/corpus/2.dat
+++ /dev/null
@@ -1 +0,0 @@
-DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;
\ No newline at end of file
diff --git a/tests/fuzzing/dpp-uri/corpus/3.dat b/tests/fuzzing/dpp-uri/corpus/3.dat
deleted file mode 100644
index ce7ad16f3329..000000000000
--- a/tests/fuzzing/dpp-uri/corpus/3.dat
+++ /dev/null
@@ -1 +0,0 @@
-DPP:I:SN=4774LH2b4044;M:010203040506;C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;
\ No newline at end of file
diff --git a/tests/fuzzing/dpp-uri/dpp-uri.c b/tests/fuzzing/dpp-uri/dpp-uri.c
deleted file mode 100644
index 77db5b8bbf40..000000000000
--- a/tests/fuzzing/dpp-uri/dpp-uri.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * DPP URI fuzzer
- * Copyright (c) 2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/dpp.h"
-#include "../fuzzer-common.h"
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct dpp_global *dpp;
-	struct dpp_global_config config;
-	struct dpp_bootstrap_info *bi;
-	char *uri;
-	char buf[1000];
-	int ret = -1;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return 0;
-
-	uri = os_malloc(size + 1);
-	if (!uri)
-		goto out;
-	os_memcpy(uri, data, size);
-	uri[size] = '\0';
-	os_memset(&config, 0, sizeof(config));
-	dpp = dpp_global_init(&config);
-	if (!dpp)
-		goto out;
-
-	bi = dpp_add_qr_code(dpp, uri);
-	if (bi && dpp_bootstrap_info(dpp, bi->id, buf, sizeof(buf)) > 0)
-		wpa_printf(MSG_DEBUG, "DPP: %s", buf);
-	dpp_global_deinit(dpp);
-
-	ret = 0;
-out:
-	os_free(uri);
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/tests/fuzzing/eap-aka-peer/.gitignore b/tests/fuzzing/eap-aka-peer/.gitignore
deleted file mode 100644
index d11f75fe3bd9..000000000000
--- a/tests/fuzzing/eap-aka-peer/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-eap-aka-peer
diff --git a/tests/fuzzing/eap-aka-peer/Makefile b/tests/fuzzing/eap-aka-peer/Makefile
deleted file mode 100644
index c964f186d146..000000000000
--- a/tests/fuzzing/eap-aka-peer/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-ALL=eap-aka-peer
-include ../rules.include
-
-CFLAGS += -DIEEE8021X_EAPOL
-CFLAGS += -DCONFIG_USIM_SIMULATOR
-
-OBJS += $(SRC)/eap_peer/eap_aka.o
-OBJS += $(SRC)/eap_common/eap_sim_common.o
-OBJS += $(SRC)/eap_common/eap_common.o
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += eap-aka-peer.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-eap-aka-peer: $(OBJS) $(LIBS)
-	$(Q)$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-	@$(E) "  LD " $@
-
-clean: common-clean
-	rm -f eap-aka-peer *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/eap-aka-peer/corpus/server.msg b/tests/fuzzing/eap-aka-peer/corpus/server.msg
deleted file mode 100644
index 64843912d838..000000000000
--- a/tests/fuzzing/eap-aka-peer/corpus/server.msg
+++ /dev/null
diff --git a/tests/fuzzing/eap-aka-peer/eap-aka-peer.c b/tests/fuzzing/eap-aka-peer/eap-aka-peer.c
deleted file mode 100644
index ce7b0438c6b8..000000000000
--- a/tests/fuzzing/eap-aka-peer/eap-aka-peer.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * EAP-AKA peer fuzzer
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "eap_peer/eap_methods.h"
-#include "eap_peer/eap_config.h"
-#include "eap_peer/eap_i.h"
-#include "../fuzzer-common.h"
-
-int eap_peer_sim_register(void);
-
-struct eap_method * registered_eap_method = NULL;
-
-
-struct eap_method * eap_peer_method_alloc(int version, int vendor,
-					  enum eap_type method,
-					  const char *name)
-{
-	struct eap_method *eap;
-	eap = os_zalloc(sizeof(*eap));
-	if (!eap)
-		return NULL;
-	eap->version = version;
-	eap->vendor = vendor;
-	eap->method = method;
-	eap->name = name;
-	return eap;
-}
-
-
-int eap_peer_method_register(struct eap_method *method)
-{
-	registered_eap_method = method;
-	return 0;
-}
-
-
-static struct eap_peer_config eap_aka_config = {
-	.identity = (u8 *) "0232010000000000",
-	.identity_len = 16,
-	.password = (u8 *) "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-	.password_len = 78,
-};
-
-struct eap_peer_config * eap_get_config(struct eap_sm *sm)
-{
-	return &eap_aka_config;
-}
-
-
-const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
-{
-	static const char *id = "0232010000000000";
-
-	*len = os_strlen(id);
-	return (const u8 *) id;
-}
-
-
-const char * eap_get_config_phase1(struct eap_sm *sm)
-{
-	return NULL;
-}
-
-
-void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
-{
-}
-
-
-void eap_sm_request_identity(struct eap_sm *sm)
-{
-}
-
-
-void eap_sm_request_sim(struct eap_sm *sm, const char *req)
-{
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	const u8 *pos, *end;
-	struct eap_sm *sm;
-	void *priv;
-	struct eap_method_ret ret;
-	unsigned int count = 0;
-
-	wpa_fuzzer_set_debug_level();
-
-	eap_peer_aka_register();
-	sm = os_zalloc(sizeof(*sm));
-	if (!sm)
-		return 0;
-	priv = registered_eap_method->init(sm);
-	os_memset(&ret, 0, sizeof(ret));
-
-	pos = data;
-	end = pos + size;
-
-	while (end - pos > 2 && count < 100) {
-		u16 flen;
-		struct wpabuf *buf, *req;
-
-		flen = WPA_GET_BE16(pos);
-		pos += 2;
-		if (end - pos < flen)
-			break;
-		req = wpabuf_alloc_copy(pos, flen);
-		if (!req)
-			break;
-		wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
-		buf = registered_eap_method->process(sm, priv, &ret, req);
-		wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
-		wpabuf_free(req);
-		wpabuf_free(buf);
-		pos += flen;
-		count++;
-	}
-
-	registered_eap_method->deinit(sm, priv);
-	os_free(registered_eap_method);
-	os_free(sm);
-
-	return 0;
-}
diff --git a/tests/fuzzing/eap-mschapv2-peer/.gitignore b/tests/fuzzing/eap-mschapv2-peer/.gitignore
deleted file mode 100644
index 3368b213cf0c..000000000000
--- a/tests/fuzzing/eap-mschapv2-peer/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-eap-mschapv2-peer
diff --git a/tests/fuzzing/eap-mschapv2-peer/Makefile b/tests/fuzzing/eap-mschapv2-peer/Makefile
deleted file mode 100644
index 7290e90c62b7..000000000000
--- a/tests/fuzzing/eap-mschapv2-peer/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
-ALL=eap-mschapv2-peer
-include ../rules.include
-
-CFLAGS += -DIEEE8021X_EAPOL
-
-OBJS += $(SRC)/eap_peer/eap_mschapv2.o
-OBJS += $(SRC)/eap_peer/mschapv2.o
-OBJS += $(SRC)/eap_common/eap_common.o
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += eap-mschapv2-peer.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-eap-mschapv2-peer: $(OBJS) $(LIBS)
-	$(Q)$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-	@$(E) "  LD " $@
-
-clean: common-clean
-	rm -f eap-mschapv2-peer *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/eap-mschapv2-peer/corpus/server.msg b/tests/fuzzing/eap-mschapv2-peer/corpus/server.msg
deleted file mode 100644
index 50ff9d19e3a5..000000000000
--- a/tests/fuzzing/eap-mschapv2-peer/corpus/server.msg
+++ /dev/null
diff --git a/tests/fuzzing/eap-mschapv2-peer/eap-mschapv2-peer.c b/tests/fuzzing/eap-mschapv2-peer/eap-mschapv2-peer.c
deleted file mode 100644
index 8dc794cf867d..000000000000
--- a/tests/fuzzing/eap-mschapv2-peer/eap-mschapv2-peer.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * EAP-SIM peer fuzzer
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "eap_peer/eap_methods.h"
-#include "eap_peer/eap_config.h"
-#include "eap_peer/eap_i.h"
-#include "../fuzzer-common.h"
-
-int eap_peer_sim_register(void);
-
-struct eap_method * registered_eap_method = NULL;
-
-
-struct eap_method * eap_peer_method_alloc(int version, int vendor,
-					  enum eap_type method,
-					  const char *name)
-{
-	struct eap_method *eap;
-	eap = os_zalloc(sizeof(*eap));
-	if (!eap)
-		return NULL;
-	eap->version = version;
-	eap->vendor = vendor;
-	eap->method = method;
-	eap->name = name;
-	return eap;
-}
-
-
-int eap_peer_method_register(struct eap_method *method)
-{
-	registered_eap_method = method;
-	return 0;
-}
-
-
-static struct eap_peer_config eap_mschapv2_config = {
-	.identity = (u8 *) "user",
-	.identity_len = 4,
-	.password = (u8 *) "password",
-	.password_len = 8,
-};
-
-struct eap_peer_config * eap_get_config(struct eap_sm *sm)
-{
-	return &eap_mschapv2_config;
-}
-
-
-const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
-{
-	static const char *id = "user";
-
-	*len = os_strlen(id);
-	return (const u8 *) id;
-}
-
-
-const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len)
-{
-	struct eap_peer_config *config = eap_get_config(sm);
-
-	*len = config->password_len;
-	return config->password;
-}
-
-
-const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash)
-{
-	struct eap_peer_config *config = eap_get_config(sm);
-
-	*len = config->password_len;
-	if (hash)
-		*hash = !!(config->flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH);
-	return config->password;
-}
-
-
-const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len)
-{
-	*len = 3;
-	return (const u8 *) "new";
-}
-
-
-void eap_sm_request_identity(struct eap_sm *sm)
-{
-}
-
-
-void eap_sm_request_password(struct eap_sm *sm)
-{
-}
-
-
-void eap_sm_request_new_password(struct eap_sm *sm)
-{
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	const u8 *pos, *end;
-	struct eap_sm *sm;
-	void *priv;
-	struct eap_method_ret ret;
-
-	wpa_fuzzer_set_debug_level();
-
-	eap_peer_mschapv2_register();
-	sm = os_zalloc(sizeof(*sm));
-	if (!sm)
-		return 0;
-	priv = registered_eap_method->init(sm);
-	os_memset(&ret, 0, sizeof(ret));
-
-	pos = data;
-	end = pos + size;
-
-	while (end - pos > 2) {
-		u16 flen;
-		struct wpabuf *buf, *req;
-
-		flen = WPA_GET_BE16(pos);
-		pos += 2;
-		if (end - pos < flen)
-			break;
-		req = wpabuf_alloc_copy(pos, flen);
-		if (!req)
-			break;
-		wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
-		buf = registered_eap_method->process(sm, priv, &ret, req);
-		wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
-		wpabuf_free(req);
-		wpabuf_free(buf);
-		pos += flen;
-	}
-
-	registered_eap_method->deinit(sm, priv);
-	os_free(registered_eap_method);
-	os_free(sm);
-
-	return 0;
-}
diff --git a/tests/fuzzing/eap-sim-peer/.gitignore b/tests/fuzzing/eap-sim-peer/.gitignore
deleted file mode 100644
index ea94e26e2eb8..000000000000
--- a/tests/fuzzing/eap-sim-peer/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-eap-sim-peer
diff --git a/tests/fuzzing/eap-sim-peer/Makefile b/tests/fuzzing/eap-sim-peer/Makefile
deleted file mode 100644
index 9e728e4f476b..000000000000
--- a/tests/fuzzing/eap-sim-peer/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-ALL=eap-sim-peer
-include ../rules.include
-
-CFLAGS += -DIEEE8021X_EAPOL
-CFLAGS += -DCONFIG_SIM_SIMULATOR
-
-OBJS += $(SRC)/eap_peer/eap_sim.o
-OBJS += $(SRC)/eap_common/eap_sim_common.o
-OBJS += $(SRC)/eap_common/eap_common.o
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += eap-sim-peer.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-eap-sim-peer: $(OBJS) $(LIBS)
-	$(Q)$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-	@$(E) "  LD " $@
-
-clean: common-clean
-	rm -f eap-sim-peer *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/eap-sim-peer/corpus/server.msg b/tests/fuzzing/eap-sim-peer/corpus/server.msg
deleted file mode 100644
index adb9f6c6fea9..000000000000
--- a/tests/fuzzing/eap-sim-peer/corpus/server.msg
+++ /dev/null
diff --git a/tests/fuzzing/eap-sim-peer/eap-sim-peer.c b/tests/fuzzing/eap-sim-peer/eap-sim-peer.c
deleted file mode 100644
index 743a94bbfd67..000000000000
--- a/tests/fuzzing/eap-sim-peer/eap-sim-peer.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * EAP-SIM peer fuzzer
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "eap_peer/eap_methods.h"
-#include "eap_peer/eap_config.h"
-#include "eap_peer/eap_i.h"
-#include "../fuzzer-common.h"
-
-int eap_peer_sim_register(void);
-
-struct eap_method * registered_eap_method = NULL;
-
-
-struct eap_method * eap_peer_method_alloc(int version, int vendor,
-					  enum eap_type method,
-					  const char *name)
-{
-	struct eap_method *eap;
-	eap = os_zalloc(sizeof(*eap));
-	if (!eap)
-		return NULL;
-	eap->version = version;
-	eap->vendor = vendor;
-	eap->method = method;
-	eap->name = name;
-	return eap;
-}
-
-
-int eap_peer_method_register(struct eap_method *method)
-{
-	registered_eap_method = method;
-	return 0;
-}
-
-
-static struct eap_peer_config eap_sim_config = {
-	.identity = (u8 *) "1232010000000000",
-	.identity_len = 16,
-	.password = (u8 *) "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-	.password_len = 65,
-};
-
-struct eap_peer_config * eap_get_config(struct eap_sm *sm)
-{
-	return &eap_sim_config;
-}
-
-
-const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
-{
-	static const char *id = "1232010000000000";
-
-	*len = os_strlen(id);
-	return (const u8 *) id;
-}
-
-
-void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
-{
-}
-
-
-void eap_sm_request_identity(struct eap_sm *sm)
-{
-}
-
-
-void eap_sm_request_sim(struct eap_sm *sm, const char *req)
-{
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	const u8 *pos, *end;
-	struct eap_sm *sm;
-	void *priv;
-	struct eap_method_ret ret;
-	unsigned int count = 0;
-
-	wpa_fuzzer_set_debug_level();
-
-	eap_peer_sim_register();
-	sm = os_zalloc(sizeof(*sm));
-	if (!sm)
-		return 0;
-	priv = registered_eap_method->init(sm);
-	os_memset(&ret, 0, sizeof(ret));
-
-	pos = data;
-	end = pos + size;
-
-	while (end - pos > 2 && count < 100) {
-		u16 flen;
-		struct wpabuf *buf, *req;
-
-		flen = WPA_GET_BE16(pos);
-		pos += 2;
-		if (end - pos < flen)
-			break;
-		req = wpabuf_alloc_copy(pos, flen);
-		if (!req)
-			break;
-		wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
-		buf = registered_eap_method->process(sm, priv, &ret, req);
-		wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
-		wpabuf_free(req);
-		wpabuf_free(buf);
-		pos += flen;
-		count++;
-	}
-
-	registered_eap_method->deinit(sm, priv);
-	os_free(registered_eap_method);
-	os_free(sm);
-
-	return 0;
-}
diff --git a/tests/fuzzing/eapol-key-auth/.gitignore b/tests/fuzzing/eapol-key-auth/.gitignore
deleted file mode 100644
index f693f2cd05c0..000000000000
--- a/tests/fuzzing/eapol-key-auth/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-eapol-key-auth
diff --git a/tests/fuzzing/eapol-key-auth/Makefile b/tests/fuzzing/eapol-key-auth/Makefile
deleted file mode 100644
index bd15b91f2394..000000000000
--- a/tests/fuzzing/eapol-key-auth/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
-ALL=eapol-key-auth
-include ../rules.include
-
-CFLAGS += -DCONFIG_IEEE80211R_AP
-CFLAGS += -DCONFIG_IEEE80211R
-CFLAGS += -DCONFIG_TDLS
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/utils/libutils.a
-LIBS += $(SRC)/wps/libwps.a
-LIBS += $(SRC)/eapol_auth/libeapol_auth.a
-LIBS += $(SRC)/eap_server/libeap_server.a
-LIBS += $(SRC)/ap/libap.a
-LIBS += $(SRC)/radius/libradius.a
-
-OBJS += $(SRC)/drivers/driver_common.o
-
-OBJS += eapol-key-auth.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-eapol-key-auth: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ -Wl,--start-group $(LIBS) -Wl,--end-group
-
-clean: common-clean
-	rm -f eapol-key-auth *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/eapol-key-auth/corpus/supp.msg b/tests/fuzzing/eapol-key-auth/corpus/supp.msg
deleted file mode 100644
index 437d45175448..000000000000
--- a/tests/fuzzing/eapol-key-auth/corpus/supp.msg
+++ /dev/null
diff --git a/tests/fuzzing/eapol-key-auth/eapol-key-auth.c b/tests/fuzzing/eapol-key-auth/eapol-key-auth.c
deleted file mode 100644
index bb46422c6dbc..000000000000
--- a/tests/fuzzing/eapol-key-auth/eapol-key-auth.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/*
- * Testing tool for EAPOL-Key Authenticator routines
- * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "ap/wpa_auth.h"
-#include "../fuzzer-common.h"
-
-
-struct wpa {
-	const u8 *data;
-	size_t data_len;
-	size_t data_offset;
-	int wpa1;
-
-	u8 auth_addr[ETH_ALEN];
-	u8 supp_addr[ETH_ALEN];
-	u8 psk[PMK_LEN];
-
-	/* from supplicant */
-	u8 *supp_eapol;
-	size_t supp_eapol_len;
-
-	struct wpa_auth_callbacks auth_cb;
-	struct wpa_authenticator *auth_group;
-	struct wpa_state_machine *auth;
-
-	u8 supp_ie[80];
-	size_t supp_ie_len;
-
-	int key_request_done;
-	int key_request_done1;
-	int auth_sent;
-};
-
-
-const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
-
-
-static int auth_read_msg(struct wpa *wpa);
-static void supp_eapol_key_request(void *eloop_data, void *user_ctx);
-
-
-static u8 * read_msg(struct wpa *wpa, size_t *ret_len)
-{
-	u16 msg_len;
-	u8 *msg;
-
-	if (wpa->data_len - wpa->data_offset < 2) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len");
-		eloop_terminate();
-		return NULL;
-	}
-	msg_len = WPA_GET_BE16(&wpa->data[wpa->data_offset]);
-	wpa->data_offset += 2;
-
-	msg = os_malloc(msg_len);
-	if (!msg)
-		return NULL;
-	if (msg_len > 0 && wpa->data_len - wpa->data_offset < msg_len) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)",
-			   msg_len);
-		os_free(msg);
-		eloop_terminate();
-		return NULL;
-	}
-	os_memcpy(msg, &wpa->data[wpa->data_offset], msg_len);
-	wpa->data_offset += msg_len;
-	wpa_hexdump(MSG_DEBUG, "TEST: Read message from file", msg, msg_len);
-
-	*ret_len = msg_len;
-	return msg;
-}
-
-
-static void auth_eapol_rx(void *eloop_data, void *user_ctx)
-{
-	struct wpa *wpa = eloop_data;
-
-	wpa_printf(MSG_DEBUG, "AUTH: RX EAPOL frame");
-	wpa->auth_sent = 0;
-	wpa_receive(wpa->auth_group, wpa->auth, wpa->supp_eapol,
-		    wpa->supp_eapol_len);
-	if (!wpa->auth_sent) {
-		/* Speed up process by not going through retransmit timeout */
-		wpa_printf(MSG_DEBUG,
-			   "AUTH: No response was sent - process next message");
-		auth_read_msg(wpa);
-	}
-	if (wpa->wpa1 && wpa->key_request_done && !wpa->key_request_done1) {
-		wpa->key_request_done1 = 1;
-		eloop_register_timeout(0, 0, supp_eapol_key_request,
-				       wpa, NULL);
-	}
-
-}
-
-
-static void auth_logger(void *ctx, const u8 *addr, logger_level level,
-			const char *txt)
-{
-	if (addr)
-		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s",
-			   MAC2STR(addr), txt);
-	else
-		wpa_printf(MSG_DEBUG, "AUTH: %s", txt);
-}
-
-
-static int auth_read_msg(struct wpa *wpa)
-{
-	os_free(wpa->supp_eapol);
-	wpa->supp_eapol = read_msg(wpa, &wpa->supp_eapol_len);
-	if (!wpa->supp_eapol)
-		return -1;
-	eloop_register_timeout(0, 0, auth_eapol_rx, wpa, NULL);
-	return 0;
-}
-
-
-static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
-			   size_t data_len, int encrypt)
-{
-	struct wpa *wpa = ctx;
-
-	wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu "
-		   "encrypt=%d)",
-		   __func__, MAC2STR(addr), (unsigned long) data_len, encrypt);
-	wpa->auth_sent = 1;
-
-	return auth_read_msg(wpa);
-}
-
-
-static const u8 * auth_get_psk(void *ctx, const u8 *addr,
-			       const u8 *p2p_dev_addr, const u8 *prev_psk,
-			       size_t *psk_len, int *vlan_id)
-{
-	struct wpa *wpa = ctx;
-
-	wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
-		   __func__, MAC2STR(addr), prev_psk);
-	if (vlan_id)
-		*vlan_id = 0;
-	if (psk_len)
-		*psk_len = PMK_LEN;
-	if (prev_psk)
-		return NULL;
-	return wpa->psk;
-}
-
-
-static void supp_eapol_key_request(void *eloop_data, void *user_ctx)
-{
-	struct wpa *wpa = eloop_data;
-
-	wpa_printf(MSG_DEBUG, "SUPP: EAPOL-Key Request trigger");
-	if (!eloop_is_timeout_registered(auth_eapol_rx, wpa, NULL))
-		auth_read_msg(wpa);
-}
-
-
-static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
-			const u8 *addr, int idx, u8 *key,
-			size_t key_len, enum key_flag key_flag)
-{
-	struct wpa *wpa = ctx;
-
-	wpa_printf(MSG_DEBUG,
-		   "AUTH: %s (vlan_id=%d alg=%d idx=%d key_len=%d key_flag=0x%x)",
-		   __func__, vlan_id, alg, idx, (int) key_len, key_flag);
-	if (addr)
-		wpa_printf(MSG_DEBUG, "AUTH: addr=" MACSTR, MAC2STR(addr));
-
-	if (alg != WPA_ALG_NONE && idx == 0 && key_len > 0 &&
-	    !wpa->key_request_done) {
-		wpa_printf(MSG_DEBUG, "Test EAPOL-Key Request");
-		wpa->key_request_done = 1;
-		if (!wpa->wpa1)
-			eloop_register_timeout(0, 0, supp_eapol_key_request,
-					       wpa, NULL);
-	}
-
-	return 0;
-}
-
-
-static int auth_init_group(struct wpa *wpa)
-{
-	struct wpa_auth_config conf;
-
-	wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine");
-
-	os_memset(&conf, 0, sizeof(conf));
-	if (wpa->wpa1) {
-		conf.wpa = 1;
-		conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
-		conf.wpa_pairwise = WPA_CIPHER_TKIP;
-		conf.wpa_group = WPA_CIPHER_TKIP;
-	} else {
-		conf.wpa = 2;
-		conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
-		conf.wpa_pairwise = WPA_CIPHER_CCMP;
-		conf.rsn_pairwise = WPA_CIPHER_CCMP;
-		conf.wpa_group = WPA_CIPHER_CCMP;
-		conf.ieee80211w = 2;
-		conf.group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
-	}
-	conf.eapol_version = 2;
-	conf.wpa_group_update_count = 4;
-	conf.wpa_pairwise_update_count = 4;
-
-	wpa->auth_cb.logger = auth_logger;
-	wpa->auth_cb.send_eapol = auth_send_eapol;
-	wpa->auth_cb.get_psk = auth_get_psk;
-	wpa->auth_cb.set_key = auth_set_key;
-
-	wpa->auth_group = wpa_init(wpa->auth_addr, &conf, &wpa->auth_cb, wpa);
-	if (!wpa->auth_group) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int auth_init(struct wpa *wpa)
-{
-	const u8 *supp_ie;
-	size_t supp_ie_len;
-	static const u8 ie_rsn[] = {
-		0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04,
-		0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00,
-		0x00, 0x0f, 0xac, 0x02, 0x80, 0x00
-	};
-	static const u8 ie_wpa[] = {
-		0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00,
-		0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00, 0x50,
-		0xf2, 0x02, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02
-	};
-
-	if (wpa->wpa1) {
-		supp_ie = ie_wpa;
-		supp_ie_len = sizeof(ie_wpa);
-	} else {
-		supp_ie = ie_rsn;
-		supp_ie_len = sizeof(ie_rsn);
-	}
-
-	wpa->auth = wpa_auth_sta_init(wpa->auth_group, wpa->supp_addr, NULL);
-	if (!wpa->auth) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed");
-		return -1;
-	}
-
-	if (wpa_validate_wpa_ie(wpa->auth_group, wpa->auth, 2412, supp_ie,
-				supp_ie_len, NULL, 0, NULL, 0, NULL, 0) !=
-	    WPA_IE_OK) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
-		return -1;
-	}
-
-	wpa_auth_sm_event(wpa->auth, WPA_ASSOC);
-
-	wpa_auth_sta_associated(wpa->auth_group, wpa->auth);
-
-	return 0;
-}
-
-
-static void deinit(struct wpa *wpa)
-{
-	wpa_auth_sta_deinit(wpa->auth);
-	wpa_deinit(wpa->auth_group);
-	os_free(wpa->supp_eapol);
-	wpa->supp_eapol = NULL;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct wpa wpa;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return -1;
-
-	os_memset(&wpa, 0, sizeof(wpa));
-	wpa.data = data;
-	wpa.data_len = size;
-
-	os_memset(wpa.auth_addr, 0x12, ETH_ALEN);
-	os_memset(wpa.supp_addr, 0x32, ETH_ALEN);
-	os_memset(wpa.psk, 0x44, PMK_LEN);
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		goto fail;
-	}
-
-	if (auth_init_group(&wpa) < 0)
-		goto fail;
-
-	if (auth_init(&wpa) < 0)
-		goto fail;
-
-	wpa_printf(MSG_DEBUG, "Starting eloop");
-	eloop_run();
-	wpa_printf(MSG_DEBUG, "eloop done");
-
-fail:
-	deinit(&wpa);
-
-	eloop_destroy();
-
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/eapol-key-supp/.gitignore b/tests/fuzzing/eapol-key-supp/.gitignore
deleted file mode 100644
index dcbbbdb02651..000000000000
--- a/tests/fuzzing/eapol-key-supp/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-eapol-key-supp
diff --git a/tests/fuzzing/eapol-key-supp/Makefile b/tests/fuzzing/eapol-key-supp/Makefile
deleted file mode 100644
index 949e2efe991c..000000000000
--- a/tests/fuzzing/eapol-key-supp/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-ALL=eapol-key-supp
-include ../rules.include
-
-CFLAGS += -DCONFIG_IEEE80211R_AP
-CFLAGS += -DCONFIG_IEEE80211R
-CFLAGS += -DCONFIG_TDLS
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/rsn_supp/librsn_supp.a
-LIBS += $(SRC)/eapol_supp/libeapol_supp.a
-LIBS += $(SRC)/eap_peer/libeap_peer.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += eapol-key-supp.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-eapol-key-supp: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ -Wl,--start-group $(LIBS) -Wl,--end-group
-
-clean: common-clean
-	rm -f eapol-key-supp *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/eapol-key-supp/corpus/auth.msg b/tests/fuzzing/eapol-key-supp/corpus/auth.msg
deleted file mode 100644
index 00ae53dff88e..000000000000
--- a/tests/fuzzing/eapol-key-supp/corpus/auth.msg
+++ /dev/null
diff --git a/tests/fuzzing/eapol-key-supp/eapol-key-supp.c b/tests/fuzzing/eapol-key-supp/eapol-key-supp.c
deleted file mode 100644
index 487c889d7a6d..000000000000
--- a/tests/fuzzing/eapol-key-supp/eapol-key-supp.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Testing tool for EAPOL-Key Supplicant routines
- * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "rsn_supp/wpa.h"
-#include "../fuzzer-common.h"
-
-
-struct wpa {
-	const u8 *data;
-	size_t data_len;
-	size_t data_offset;
-	int wpa1;
-
-	u8 auth_addr[ETH_ALEN];
-	u8 supp_addr[ETH_ALEN];
-	u8 psk[PMK_LEN];
-
-	/* from authenticator */
-	u8 *auth_eapol;
-	size_t auth_eapol_len;
-
-	struct wpa_sm *supp;
-
-	u8 supp_ie[80];
-	size_t supp_ie_len;
-};
-
-
-const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
-
-
-static u8 * read_msg(struct wpa *wpa, size_t *ret_len)
-{
-	u16 msg_len;
-	u8 *msg;
-
-	if (wpa->data_len - wpa->data_offset < 2) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len");
-		eloop_terminate();
-		return NULL;
-	}
-	msg_len = WPA_GET_BE16(&wpa->data[wpa->data_offset]);
-	wpa->data_offset += 2;
-
-	msg = os_malloc(msg_len);
-	if (!msg)
-		return NULL;
-	if (msg_len > 0 && wpa->data_len - wpa->data_offset < msg_len) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)",
-			   msg_len);
-		os_free(msg);
-		eloop_terminate();
-		return NULL;
-	}
-	os_memcpy(msg, &wpa->data[wpa->data_offset], msg_len);
-	wpa->data_offset += msg_len;
-	wpa_hexdump(MSG_DEBUG, "TEST: Read message from file", msg, msg_len);
-
-	*ret_len = msg_len;
-	return msg;
-}
-
-
-static int supp_get_bssid(void *ctx, u8 *bssid)
-{
-	struct wpa *wpa = ctx;
-	wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
-	os_memcpy(bssid, wpa->auth_addr, ETH_ALEN);
-	return 0;
-}
-
-
-static void supp_set_state(void *ctx, enum wpa_states state)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s(state=%d)", __func__, state);
-}
-
-
-static void supp_eapol_rx(void *eloop_data, void *user_ctx)
-{
-	struct wpa *wpa = eloop_data;
-
-	wpa_printf(MSG_DEBUG, "SUPP: RX EAPOL frame");
-	wpa_sm_rx_eapol(wpa->supp, wpa->auth_addr, wpa->auth_eapol,
-			wpa->auth_eapol_len);
-}
-
-
-static int supp_read_msg(struct wpa *wpa)
-{
-	os_free(wpa->auth_eapol);
-	wpa->auth_eapol = read_msg(wpa, &wpa->auth_eapol_len);
-	if (!wpa->auth_eapol)
-		return -1;
-	eloop_register_timeout(0, 0, supp_eapol_rx, wpa, NULL);
-	return 0;
-}
-
-
-static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf,
-			   size_t len)
-{
-	struct wpa *wpa = ctx;
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x "
-		   "len=%lu)",
-		   __func__, MAC2STR(dest), proto, (unsigned long) len);
-
-	return supp_read_msg(wpa);
-}
-
-
-static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data,
-			     u16 data_len, size_t *msg_len, void **data_pos)
-{
-	struct ieee802_1x_hdr *hdr;
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)",
-		   __func__, type, data_len);
-
-	*msg_len = sizeof(*hdr) + data_len;
-	hdr = os_malloc(*msg_len);
-	if (hdr == NULL)
-		return NULL;
-
-	hdr->version = 2;
-	hdr->type = type;
-	hdr->length = host_to_be16(data_len);
-
-	if (data)
-		os_memcpy(hdr + 1, data, data_len);
-	else
-		os_memset(hdr + 1, 0, data_len);
-
-	if (data_pos)
-		*data_pos = hdr + 1;
-
-	return (u8 *) hdr;
-}
-
-
-static int supp_get_beacon_ie(void *ctx)
-{
-	struct wpa *wpa = ctx;
-	const u8 *ie;
-	static const u8 wpaie[] = {
-		0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00,
-		0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00, 0x50,
-		0xf2, 0x02, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02
-	};
-	static const u8 rsne[] = {
-		0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04,
-		0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00,
-		0x00, 0x0f, 0xac, 0x02, 0xc0, 0x00
-	};
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
-
-	ie = wpa->wpa1 ? wpaie : rsne;
-	if (ie[0] == WLAN_EID_RSN)
-		return wpa_sm_set_ap_rsn_ie(wpa->supp, ie, 2 + ie[1]);
-	return wpa_sm_set_ap_wpa_ie(wpa->supp, ie, 2 + ie[1]);
-}
-
-
-static int supp_set_key(void *ctx, enum wpa_alg alg,
-			const u8 *addr, int key_idx, int set_tx,
-			const u8 *seq, size_t seq_len,
-			const u8 *key, size_t key_len, enum key_flag key_flag)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d "
-		   "set_tx=%d key_flag=0x%x)",
-		   __func__, alg, MAC2STR(addr), key_idx, set_tx, key_flag);
-	wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len);
-	wpa_hexdump(MSG_DEBUG, "SUPP: set_key - key", key, key_len);
-	return 0;
-}
-
-
-static int supp_mlme_setprotection(void *ctx, const u8 *addr,
-				   int protection_type, int key_type)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d "
-		   "key_type=%d)",
-		   __func__, MAC2STR(addr), protection_type, key_type);
-	return 0;
-}
-
-
-static void supp_cancel_auth_timeout(void *ctx)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
-}
-
-
-static void * supp_get_network_ctx(void *ctx)
-{
-	return (void *) 1;
-}
-
-
-static void supp_deauthenticate(void *ctx, u16 reason_code)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s(%d)", __func__, reason_code);
-}
-
-
-static enum wpa_states supp_get_state(void *ctx)
-{
-	return WPA_COMPLETED;
-}
-
-
-static int supp_init(struct wpa *wpa)
-{
-	struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx));
-
-	if (!ctx)
-		return -1;
-
-	ctx->ctx = wpa;
-	ctx->msg_ctx = wpa;
-	ctx->set_state = supp_set_state;
-	ctx->get_bssid = supp_get_bssid;
-	ctx->ether_send = supp_ether_send;
-	ctx->get_beacon_ie = supp_get_beacon_ie;
-	ctx->alloc_eapol = supp_alloc_eapol;
-	ctx->set_key = supp_set_key;
-	ctx->mlme_setprotection = supp_mlme_setprotection;
-	ctx->cancel_auth_timeout = supp_cancel_auth_timeout;
-	ctx->get_network_ctx = supp_get_network_ctx;
-	ctx->deauthenticate = supp_deauthenticate;
-	ctx->get_state = supp_get_state;
-	wpa->supp = wpa_sm_init(ctx);
-	if (!wpa->supp) {
-		wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed");
-		return -1;
-	}
-
-	wpa_sm_set_own_addr(wpa->supp, wpa->supp_addr);
-	if (wpa->wpa1) {
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_RSN_ENABLED, 0);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_PROTO, WPA_PROTO_WPA);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_PAIRWISE,
-				 WPA_CIPHER_TKIP);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_GROUP, WPA_CIPHER_TKIP);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_KEY_MGMT,
-				 WPA_KEY_MGMT_PSK);
-	} else {
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_RSN_ENABLED, 1);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_PAIRWISE,
-				 WPA_CIPHER_CCMP);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_KEY_MGMT,
-				 WPA_KEY_MGMT_PSK);
-		wpa_sm_set_param(wpa->supp, WPA_PARAM_MFP,
-				 MGMT_FRAME_PROTECTION_OPTIONAL);
-	}
-	wpa_sm_set_pmk(wpa->supp, wpa->psk, PMK_LEN, NULL, NULL);
-
-	wpa->supp_ie_len = sizeof(wpa->supp_ie);
-	if (wpa_sm_set_assoc_wpa_ie_default(wpa->supp, wpa->supp_ie,
-					    &wpa->supp_ie_len) < 0) {
-		wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()"
-			   " failed");
-		return -1;
-	}
-
-	wpa_sm_notify_assoc(wpa->supp, wpa->auth_addr);
-	supp_read_msg(wpa);
-
-	return 0;
-}
-
-
-static void deinit(struct wpa *wpa)
-{
-	wpa_sm_deinit(wpa->supp);
-	os_free(wpa->auth_eapol);
-	wpa->auth_eapol = NULL;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct wpa wpa;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return -1;
-
-	os_memset(&wpa, 0, sizeof(wpa));
-	wpa.data = data;
-	wpa.data_len = size;
-
-	os_memset(wpa.auth_addr, 0x12, ETH_ALEN);
-	os_memset(wpa.supp_addr, 0x32, ETH_ALEN);
-	os_memset(wpa.psk, 0x44, PMK_LEN);
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		goto fail;
-	}
-
-	if (supp_init(&wpa) < 0)
-		goto fail;
-
-	wpa_printf(MSG_DEBUG, "Starting eloop");
-	eloop_run();
-	wpa_printf(MSG_DEBUG, "eloop done");
-
-fail:
-	deinit(&wpa);
-
-	eloop_destroy();
-
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/eapol-supp/.gitignore b/tests/fuzzing/eapol-supp/.gitignore
deleted file mode 100644
index e370093d82a3..000000000000
--- a/tests/fuzzing/eapol-supp/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-eapol-supp
diff --git a/tests/fuzzing/eapol-supp/Makefile b/tests/fuzzing/eapol-supp/Makefile
deleted file mode 100644
index ea32346b2df1..000000000000
--- a/tests/fuzzing/eapol-supp/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-ALL=eapol-supp
-include ../rules.include
-
-CFLAGS += -DIEEE8021X_EAPOL
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/rsn_supp/librsn_supp.a
-LIBS += $(SRC)/eapol_supp/libeapol_supp.a
-LIBS += $(SRC)/eap_peer/libeap_peer.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += eapol-supp.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-eapol-supp: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ -Wl,--start-group $(LIBS) -Wl,--end-group
-
-clean: common-clean
-	rm -f eapol-supp *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/eapol-supp/corpus/eap-req-identity.dat b/tests/fuzzing/eapol-supp/corpus/eap-req-identity.dat
deleted file mode 100644
index 768b27754167..000000000000
--- a/tests/fuzzing/eapol-supp/corpus/eap-req-identity.dat
+++ /dev/null
diff --git a/tests/fuzzing/eapol-supp/corpus/eap-req-sim.dat b/tests/fuzzing/eapol-supp/corpus/eap-req-sim.dat
deleted file mode 100644
index eb854aae01fd..000000000000
--- a/tests/fuzzing/eapol-supp/corpus/eap-req-sim.dat
+++ /dev/null
diff --git a/tests/fuzzing/eapol-supp/corpus/eapol-key-m1.dat b/tests/fuzzing/eapol-supp/corpus/eapol-key-m1.dat
deleted file mode 100644
index 937721c5013d..000000000000
--- a/tests/fuzzing/eapol-supp/corpus/eapol-key-m1.dat
+++ /dev/null
diff --git a/tests/fuzzing/eapol-supp/eapol-supp.c b/tests/fuzzing/eapol-supp/eapol-supp.c
deleted file mode 100644
index 94e0147adf15..000000000000
--- a/tests/fuzzing/eapol-supp/eapol-supp.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * wpa_supplicant - EAPOL fuzzer
- * Copyright (c) 2015-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/wpa_i.h"
-#include "../fuzzer-common.h"
-
-
-struct arg_ctx {
-	const u8 *data;
-	size_t data_len;
-	struct wpa_sm *wpa;
-	struct eapol_sm *eapol;
-};
-
-
-static void test_send_eapol(void *eloop_data, void *user_ctx)
-{
-	struct arg_ctx *ctx = eloop_data;
-	u8 src[ETH_ALEN] = { 0x02, 0x00, 0x00, 0x00, 0x00, 0x01 };
-	u8 wpa_ie[200];
-	size_t wpa_ie_len;
-
-	wpa_hexdump(MSG_MSGDUMP, "fuzzer - EAPOL", ctx->data, ctx->data_len);
-
-	eapol_sm_notify_portEnabled(ctx->eapol, true);
-
-	wpa_sm_set_param(ctx->wpa, WPA_PARAM_PROTO, WPA_PROTO_RSN);
-	wpa_sm_set_param(ctx->wpa, WPA_PARAM_RSN_ENABLED, 1);
-	wpa_sm_set_param(ctx->wpa, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK);
-	wpa_sm_set_param(ctx->wpa, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP);
-	wpa_sm_set_param(ctx->wpa, WPA_PARAM_GROUP, WPA_CIPHER_CCMP);
-
-	wpa_ie_len = sizeof(wpa_ie);
-	wpa_sm_set_assoc_wpa_ie_default(ctx->wpa, wpa_ie, &wpa_ie_len);
-
-	if (eapol_sm_rx_eapol(ctx->eapol, src, ctx->data, ctx->data_len) <= 0)
-		wpa_sm_rx_eapol(ctx->wpa, src, ctx->data, ctx->data_len);
-
-	eloop_terminate();
-}
-
-
-static void * get_network_ctx(void *arg)
-{
-	return (void *) 1;
-}
-
-
-static void set_state(void *arg, enum wpa_states state)
-{
-}
-
-
-static void deauthenticate(void *arg, u16 reason_code)
-{
-}
-
-
-static u8 * alloc_eapol(void *arg, u8 type,
-			const void *data, u16 data_len,
-			size_t *msg_len, void **data_pos)
-{
-	struct ieee802_1x_hdr *hdr;
-
-	*msg_len = sizeof(*hdr) + data_len;
-	hdr = os_malloc(*msg_len);
-	if (hdr == NULL)
-		return NULL;
-
-	hdr->version = 2;
-	hdr->type = type;
-	hdr->length = host_to_be16(data_len);
-
-	if (data)
-		os_memcpy(hdr + 1, data, data_len);
-	else
-		os_memset(hdr + 1, 0, data_len);
-
-	if (data_pos)
-		*data_pos = hdr + 1;
-
-	return (u8 *) hdr;
-}
-
-
-static int ether_send(void *arg, const u8 *dest, u16 proto,
-		      const u8 *buf, size_t len)
-{
-	return 0;
-}
-
-
-static int get_bssid(void *ctx, u8 *bssid)
-{
-	return -1;
-}
-
-
-static int eapol_send(void *ctx, int type, const u8 *buf, size_t len)
-{
-	return 0;
-}
-
-
-static int init_wpa(struct arg_ctx *arg)
-{
-	struct wpa_sm_ctx *ctx;
-
-	ctx = os_zalloc(sizeof(*ctx));
-	if (ctx == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
-		return -1;
-	}
-
-	ctx->ctx = arg;
-	ctx->msg_ctx = arg;
-	ctx->get_network_ctx = get_network_ctx;
-	ctx->set_state = set_state;
-	ctx->deauthenticate = deauthenticate;
-	ctx->alloc_eapol = alloc_eapol;
-	ctx->ether_send = ether_send;
-	ctx->get_bssid = get_bssid;
-
-	arg->wpa = wpa_sm_init(ctx);
-	if (!arg->wpa)
-		return -1;
-	arg->wpa->pmk_len = PMK_LEN;
-	return 0;
-}
-
-
-static int init_eapol(struct arg_ctx *arg)
-{
-	struct eapol_ctx *ctx;
-
-	ctx = os_zalloc(sizeof(*ctx));
-	if (ctx == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
-		return -1;
-	}
-
-	ctx->ctx = arg;
-	ctx->msg_ctx = arg;
-	ctx->eapol_send = eapol_send;
-
-	arg->eapol = eapol_sm_init(ctx);
-	return arg->eapol ? 0 : -1;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct arg_ctx ctx;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return 0;
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		return 0;
-	}
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	ctx.data = data;
-	ctx.data_len = size;
-	if (init_wpa(&ctx) || init_eapol(&ctx))
-		goto fail;
-
-	eloop_register_timeout(0, 0, test_send_eapol, &ctx, NULL);
-
-	wpa_printf(MSG_DEBUG, "Starting eloop");
-	eloop_run();
-	wpa_printf(MSG_DEBUG, "eloop done");
-
-fail:
-	if (ctx.wpa)
-		wpa_sm_deinit(ctx.wpa);
-	if (ctx.eapol)
-		eapol_sm_deinit(ctx.eapol);
-
-	eloop_destroy();
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/fuzzer-common.c b/tests/fuzzing/fuzzer-common.c
deleted file mode 100644
index 43b91e19a512..000000000000
--- a/tests/fuzzing/fuzzer-common.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Common helper functions for fuzzing tools
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-
-
-void wpa_fuzzer_set_debug_level(void)
-{
-	static int first = 1;
-
-	if (first) {
-		char *env;
-
-		first = 0;
-		env = getenv("WPADEBUG");
-		if (env)
-			wpa_debug_level = atoi(env);
-		else
-			wpa_debug_level = MSG_ERROR + 1;
-
-		wpa_debug_show_keys = 1;
-	}
-}
-
-
-#ifndef TEST_LIBFUZZER
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
-
-int main(int argc, char *argv[])
-{
-	char *data;
-	size_t len;
-
-	if (argc < 2) {
-		printf("usage: %s <file>\n", argv[0]);
-		return -1;
-	}
-
-	data = os_readfile(argv[1], &len);
-	if (!data) {
-		printf("Could not read '%s'\n", argv[1]);
-		return -1;
-	}
-
-	LLVMFuzzerTestOneInput((const uint8_t *) data, len);
-	os_free(data);
-	return 0;
-}
-#endif /* !TEST_LIBFUZZER */
diff --git a/tests/fuzzing/fuzzer-common.h b/tests/fuzzing/fuzzer-common.h
deleted file mode 100644
index 80ebfd28ba76..000000000000
--- a/tests/fuzzing/fuzzer-common.h
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Common helper functions for fuzzing tools
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef FUZZER_COMMON_H
-#define FUZZER_COMMON_H
-
-void wpa_fuzzer_set_debug_level(void);
-
-#endif /* FUZZER_COMMON_H */
diff --git a/tests/fuzzing/json/.gitignore b/tests/fuzzing/json/.gitignore
deleted file mode 100644
index 3c840093b758..000000000000
--- a/tests/fuzzing/json/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-json
diff --git a/tests/fuzzing/json/Makefile b/tests/fuzzing/json/Makefile
deleted file mode 100644
index 9dd51a5f22ef..000000000000
--- a/tests/fuzzing/json/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-ALL=json
-include ../rules.include
-
-OBJS += $(SRC)/utils/base64.o
-OBJS += $(SRC)/utils/common.o
-OBJS += $(SRC)/utils/json.o
-OBJS += $(SRC)/utils/os_unix.o
-OBJS += $(SRC)/utils/wpa_debug.o
-OBJS += $(SRC)/utils/wpabuf.o
-
-OBJS += json.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-json: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	rm -f json *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/json/corpus/1.json b/tests/fuzzing/json/corpus/1.json
deleted file mode 100644
index 16c8b963cc14..000000000000
--- a/tests/fuzzing/json/corpus/1.json
+++ /dev/null
@@ -1 +0,0 @@
-{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
diff --git a/tests/fuzzing/json/corpus/2.json b/tests/fuzzing/json/corpus/2.json
deleted file mode 100644
index 0967ef424bce..000000000000
--- a/tests/fuzzing/json/corpus/2.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/tests/fuzzing/json/corpus/3.json b/tests/fuzzing/json/corpus/3.json
deleted file mode 100644
index 573541ac9702..000000000000
--- a/tests/fuzzing/json/corpus/3.json
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/tests/fuzzing/json/json.c b/tests/fuzzing/json/json.c
deleted file mode 100644
index af6c5e74cd54..000000000000
--- a/tests/fuzzing/json/json.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * JSON parser - test program
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "utils/json.h"
-#include "../fuzzer-common.h"
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct json_token *root;
-	char *txt;
-	size_t buflen = 10000;
-
-	wpa_fuzzer_set_debug_level();
-
-	root = json_parse((const char *) data, size);
-	if (!root) {
-		wpa_printf(MSG_DEBUG, "JSON parsing failed");
-		return 0;
-	}
-
-	txt = os_zalloc(buflen);
-	if (txt) {
-		json_print_tree(root, txt, buflen);
-		wpa_printf(MSG_DEBUG, "%s", txt);
-		os_free(txt);
-	}
-	json_free(root);
-
-	return 0;
-}
diff --git a/tests/fuzzing/p2p/.gitignore b/tests/fuzzing/p2p/.gitignore
deleted file mode 100644
index 8bea15da48ef..000000000000
--- a/tests/fuzzing/p2p/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-p2p
diff --git a/tests/fuzzing/p2p/Makefile b/tests/fuzzing/p2p/Makefile
deleted file mode 100644
index acac9d38f1b1..000000000000
--- a/tests/fuzzing/p2p/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-ALL=p2p
-include ../rules.include
-
-LIBS += $(SRC)/utils/libutils.a
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/p2p/libp2p.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/wps/libwps.a
-
-OBJS += p2p.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-p2p: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS)
-
-clean: common-clean
-	rm -f p2p *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/p2p/corpus/go-neg-req.dat b/tests/fuzzing/p2p/corpus/go-neg-req.dat
deleted file mode 100644
index ed06834d71a1..000000000000
--- a/tests/fuzzing/p2p/corpus/go-neg-req.dat
+++ /dev/null
diff --git a/tests/fuzzing/p2p/corpus/invitation-req.dat b/tests/fuzzing/p2p/corpus/invitation-req.dat
deleted file mode 100644
index 5991f3e6e3f9..000000000000
--- a/tests/fuzzing/p2p/corpus/invitation-req.dat
+++ /dev/null
diff --git a/tests/fuzzing/p2p/corpus/p2ps-pd-req.dat b/tests/fuzzing/p2p/corpus/p2ps-pd-req.dat
deleted file mode 100644
index 7e1b6d91dead..000000000000
--- a/tests/fuzzing/p2p/corpus/p2ps-pd-req.dat
+++ /dev/null
diff --git a/tests/fuzzing/p2p/corpus/proberesp-go.dat b/tests/fuzzing/p2p/corpus/proberesp-go.dat
deleted file mode 100644
index 8541652ff955..000000000000
--- a/tests/fuzzing/p2p/corpus/proberesp-go.dat
+++ /dev/null
diff --git a/tests/fuzzing/p2p/corpus/proberesp.dat b/tests/fuzzing/p2p/corpus/proberesp.dat
deleted file mode 100644
index 8d997d1c5e13..000000000000
--- a/tests/fuzzing/p2p/corpus/proberesp.dat
+++ /dev/null
diff --git a/tests/fuzzing/p2p/p2p.c b/tests/fuzzing/p2p/p2p.c
deleted file mode 100644
index fc83c3561c1a..000000000000
--- a/tests/fuzzing/p2p/p2p.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * wpa_supplicant - P2P fuzzer
- * Copyright (c) 2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "p2p/p2p.h"
-#include "../fuzzer-common.h"
-
-
-static void debug_print(void *ctx, int level, const char *msg)
-{
-	wpa_printf(level, "P2P: %s", msg);
-}
-
-
-static void find_stopped(void *ctx)
-{
-}
-
-
-static int start_listen(void *ctx, unsigned int freq,
-			unsigned int duration,
-			const struct wpabuf *probe_resp_ie)
-{
-	return 0;
-}
-
-
-static void stop_listen(void *ctx)
-{
-}
-
-
-static void dev_found(void *ctx, const u8 *addr,
-		      const struct p2p_peer_info *info,
-		      int new_device)
-{
-}
-
-
-static void dev_lost(void *ctx, const u8 *dev_addr)
-{
-}
-
-
-static int send_action(void *ctx, unsigned int freq, const u8 *dst,
-		       const u8 *src, const u8 *bssid, const u8 *buf,
-		       size_t len, unsigned int wait_time, int *scheduled)
-{
-	*scheduled = 0;
-	return 0;
-}
-
-
-static void send_action_done(void *ctx)
-{
-}
-
-
-static void go_neg_req_rx(void *ctx, const u8 *src, u16 dev_passwd_id,
-			  u8 go_intent)
-{
-}
-
-
-static struct p2p_data * init_p2p(void)
-{
-	struct p2p_config p2p;
-
-	os_memset(&p2p, 0, sizeof(p2p));
-	p2p.max_peers = 100;
-	p2p.passphrase_len = 8;
-	p2p.channels.reg_classes = 1;
-	p2p.channels.reg_class[0].reg_class = 81;
-	p2p.channels.reg_class[0].channel[0] = 1;
-	p2p.channels.reg_class[0].channel[1] = 2;
-	p2p.channels.reg_class[0].channels = 2;
-	p2p.debug_print = debug_print;
-	p2p.find_stopped = find_stopped;
-	p2p.start_listen = start_listen;
-	p2p.stop_listen = stop_listen;
-	p2p.dev_found = dev_found;
-	p2p.dev_lost = dev_lost;
-	p2p.send_action = send_action;
-	p2p.send_action_done = send_action_done;
-	p2p.go_neg_req_rx = go_neg_req_rx;
-
-	return p2p_init(&p2p);
-}
-
-
-struct arg_ctx {
-	const u8 *data;
-	size_t data_len;
-	struct p2p_data *p2p;
-	int count;
-};
-
-
-static void test_send(void *eloop_data, void *user_ctx)
-{
-	struct arg_ctx *ctx = eloop_data;
-	struct os_reltime rx_time;
-
-	wpa_hexdump(MSG_MSGDUMP, "fuzzer - IEs", ctx->data, ctx->data_len);
-
-	os_memset(&rx_time, 0, sizeof(rx_time));
-	p2p_scan_res_handler(ctx->p2p, (u8 *) "\x02\x00\x00\x00\x01\x00", 2412,
-			     &rx_time, 0, ctx->data, ctx->data_len);
-	p2p_scan_res_handled(ctx->p2p, 0);
-
-	p2p_probe_req_rx(ctx->p2p, (u8 *) "\x02\x00\x00\x00\x01\x00",
-			 (u8 *) "\x02\x00\x00\x00\x00\x00",
-			 (u8 *) "\x02\x00\x00\x00\x00\x00",
-			 ctx->data, ctx->data_len, 2412, 0);
-
-	if (ctx->data_len >= IEEE80211_HDRLEN + 1) {
-		struct os_reltime rx_time;
-		const struct ieee80211_mgmt *mgmt;
-
-		mgmt = (const struct ieee80211_mgmt *) ctx->data;
-		os_memset(&rx_time, 0, sizeof(rx_time));
-		p2p_rx_action(ctx->p2p, mgmt->da, mgmt->sa, mgmt->bssid,
-			      mgmt->u.action.category,
-			      (const u8 *) ctx->data + IEEE80211_HDRLEN + 1,
-			      ctx->data_len - IEEE80211_HDRLEN - 1, 2412);
-	}
-
-	eloop_terminate();
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct p2p_data *p2p;
-	struct arg_ctx ctx;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return -1;
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		return 0;
-	}
-
-	p2p = init_p2p();
-	if (!p2p) {
-		wpa_printf(MSG_ERROR, "P2P init failed");
-		return 0;
-	}
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	ctx.p2p = p2p;
-	ctx.data = data;
-	ctx.data_len = size;
-
-	eloop_register_timeout(0, 0, test_send, &ctx, NULL);
-
-	wpa_printf(MSG_DEBUG, "Starting eloop");
-	eloop_run();
-	wpa_printf(MSG_DEBUG, "eloop done");
-
-	p2p_deinit(p2p);
-	eloop_destroy();
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/rules.include b/tests/fuzzing/rules.include
deleted file mode 100644
index e2cf577af811..000000000000
--- a/tests/fuzzing/rules.include
+++ /dev/null
@@ -1,31 +0,0 @@
-FUZZ_RULES := $(lastword $(MAKEFILE_LIST))
-include $(dir $(FUZZ_RULES))../../src/build.rules
-
-FUZZ_CFLAGS =
-
-ifdef LIBFUZZER
-CC ?= clang
-#FUZZ_FLAGS ?= -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
-FUZZ_FLAGS ?= -fsanitize=fuzzer,address
-ifndef CFLAGS
-FUZZ_CFLAGS += $(FUZZ_FLAGS)
-endif
-endif
-
-FUZZ_CFLAGS += -DCONFIG_NO_RANDOM_POOL -DTEST_FUZZ
-export FUZZ_CFLAGS
-CFLAGS ?= -MMD -O2 -Wall -g
-CFLAGS += $(FUZZ_CFLAGS)
-ifdef LIBFUZZER
-CFLAGS += -DTEST_LIBFUZZER
-LDFLAGS += $(FUZZ_FLAGS)
-endif
-
-WPAS_SRC=../../../wpa_supplicant
-SRC=../../../src
-
-CFLAGS += -I$(SRC) -I$(SRC)/utils -I$(WPAS_SRC)
-OBJS += ../fuzzer-common.o
-
-# for the lib builds
-export TEST_FUZZ=y
diff --git a/tests/fuzzing/sae/.gitignore b/tests/fuzzing/sae/.gitignore
deleted file mode 100644
index 1bb959165a21..000000000000
--- a/tests/fuzzing/sae/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-sae
diff --git a/tests/fuzzing/sae/Makefile b/tests/fuzzing/sae/Makefile
deleted file mode 100644
index ee4b0c0b6a22..000000000000
--- a/tests/fuzzing/sae/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-ALL=sae
-include ../rules.include
-
-CFLAGS += -DCONFIG_SHA256
-CFLAGS += -DCONFIG_ECC
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/utils/libutils.a
-
-OBJS += $(SRC)/crypto/crypto_openssl.o
-OBJS += $(SRC)/crypto/dh_groups.o
-OBJS += $(SRC)/crypto/sha256-prf.o
-OBJS += $(SRC)/crypto/sha256-kdf.o
-OBJS += $(SRC)/common/dragonfly.o
-
-OBJS += sae.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-sae: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ -lcrypto
-
-clean: common-clean
-	rm -f sae *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/sae/corpus/sae-commit-h2e-rejected-groups.dat b/tests/fuzzing/sae/corpus/sae-commit-h2e-rejected-groups.dat
deleted file mode 100644
index cd129a474a72..000000000000
--- a/tests/fuzzing/sae/corpus/sae-commit-h2e-rejected-groups.dat
+++ /dev/null
diff --git a/tests/fuzzing/sae/corpus/sae-commit-h2e-token.dat b/tests/fuzzing/sae/corpus/sae-commit-h2e-token.dat
deleted file mode 100644
index b2886c70d209..000000000000
--- a/tests/fuzzing/sae/corpus/sae-commit-h2e-token.dat
+++ /dev/null
diff --git a/tests/fuzzing/sae/corpus/sae-commit-pw-id.dat b/tests/fuzzing/sae/corpus/sae-commit-pw-id.dat
deleted file mode 100644
index 5ca903ed2016..000000000000
--- a/tests/fuzzing/sae/corpus/sae-commit-pw-id.dat
+++ /dev/null
diff --git a/tests/fuzzing/sae/corpus/sae-commit-token.dat b/tests/fuzzing/sae/corpus/sae-commit-token.dat
deleted file mode 100644
index b25cc49f8e10..000000000000
--- a/tests/fuzzing/sae/corpus/sae-commit-token.dat
+++ /dev/null
diff --git a/tests/fuzzing/sae/corpus/sae-commit-valid.dat b/tests/fuzzing/sae/corpus/sae-commit-valid.dat
deleted file mode 100644
index eadfa4993b89..000000000000
--- a/tests/fuzzing/sae/corpus/sae-commit-valid.dat
+++ /dev/null
diff --git a/tests/fuzzing/sae/sae.c b/tests/fuzzing/sae/sae.c
deleted file mode 100644
index 8819a4abbc8f..000000000000
--- a/tests/fuzzing/sae/sae.c
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * SAE fuzzer
- * Copyright (c) 2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/sae.h"
-#include "../fuzzer-common.h"
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct sae_data sae;
-	u16 res;
-	const u8 *token = NULL;
-	size_t token_len = 0;
-	int groups[] = { 19, 0 };
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return 0;
-
-	os_memset(&sae, 0, sizeof(sae));
-	res = sae_parse_commit(&sae, data, size, &token, &token_len, groups, 0);
-	wpa_printf(MSG_DEBUG, "sae_parse_commit(0): %u", res);
-	sae_clear_data(&sae);
-	res = sae_parse_commit(&sae, data, size, &token, &token_len, groups, 1);
-	wpa_printf(MSG_DEBUG, "sae_parse_commit(1): %u", res);
-	sae_clear_data(&sae);
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/tls-client/.gitignore b/tests/fuzzing/tls-client/.gitignore
deleted file mode 100644
index b41f93681f4d..000000000000
--- a/tests/fuzzing/tls-client/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-tls-client
diff --git a/tests/fuzzing/tls-client/Makefile b/tests/fuzzing/tls-client/Makefile
deleted file mode 100644
index 84cfa0431566..000000000000
--- a/tests/fuzzing/tls-client/Makefile
+++ /dev/null
@@ -1,32 +0,0 @@
-ALL=tls-client
-include ../rules.include
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/rsn_supp/librsn_supp.a
-LIBS += $(SRC)/eapol_supp/libeapol_supp.a
-LIBS += $(SRC)/eap_peer/libeap_peer.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/utils/libutils.a
-
-ELIBS += $(SRC)/crypto/libcrypto.a
-ELIBS += $(SRC)/tls/libtls.a
-
-OBJS += tls-client.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-_OBJS_VAR := ELIBS
-include ../../../src/objs.mk
-
-tls-client: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	rm -f tls-client *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/tls-client/corpus/server.msg b/tests/fuzzing/tls-client/corpus/server.msg
deleted file mode 100644
index 0f842fdf75e1..000000000000
--- a/tests/fuzzing/tls-client/corpus/server.msg
+++ /dev/null
diff --git a/tests/fuzzing/tls-client/tls-client.c b/tests/fuzzing/tls-client/tls-client.c
deleted file mode 100644
index b15b71984883..000000000000
--- a/tests/fuzzing/tls-client/tls-client.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Testing tool for TLSv1 client routines
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/tls.h"
-#include "../fuzzer-common.h"
-
-#ifndef CERTDIR
-#define CERTDIR "../../hwsim/auth_serv/"
-#endif
-
-struct context {
-	const u8 *data;
-	size_t data_len;
-	size_t data_offset;
-};
-
-
-static struct wpabuf * read_msg(struct context *ctx)
-{
-	u16 msg_len;
-	struct wpabuf *msg;
-
-	if (ctx->data_len - ctx->data_offset < 2) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len");
-		return NULL;
-	}
-	msg_len = WPA_GET_BE16(&ctx->data[ctx->data_offset]);
-	ctx->data_offset += 2;
-
-	msg = wpabuf_alloc(msg_len);
-	if (!msg)
-		return NULL;
-	if (msg_len > 0 && ctx->data_len - ctx->data_offset < msg_len) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)",
-			   msg_len);
-		wpabuf_free(msg);
-		return NULL;
-	}
-	wpabuf_put_data(msg, &ctx->data[ctx->data_offset], msg_len);
-	ctx->data_offset += msg_len;
-	wpa_hexdump_buf(MSG_DEBUG, "TEST: Read message from file", msg);
-
-	return msg;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct context ctx;
-	struct tls_config conf;
-	void *tls_client;
-	struct tls_connection_params params;
-	struct tls_connection *conn_client = NULL;
-	int ret = -1;
-	struct wpabuf *in = NULL, *out = NULL, *appl;
-
-	wpa_fuzzer_set_debug_level();
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	ctx.data = data;
-	ctx.data_len = size;
-
-	os_memset(&conf, 0, sizeof(conf));
-	tls_client = tls_init(&conf);
-	if (!tls_client)
-		goto fail;
-
-	os_memset(&params, 0, sizeof(params));
-	params.ca_cert = CERTDIR "ca.pem";
-	params.client_cert = CERTDIR "server.pem";
-	params.private_key = CERTDIR "server.key";
-	params.dh_file = CERTDIR "dh.conf";
-
-	conn_client = tls_connection_init(tls_client);
-	if (!conn_client)
-		goto fail;
-
-	in = NULL;
-	for (;;) {
-		appl = NULL;
-		out = tls_connection_handshake(tls_client, conn_client, in,
-					       &appl);
-		wpabuf_free(in);
-		in = NULL;
-		if (!out)
-			goto fail;
-		if (tls_connection_get_failed(tls_client, conn_client)) {
-			wpa_printf(MSG_ERROR, "TLS handshake failed");
-			goto fail;
-		}
-		if (tls_connection_established(tls_client, conn_client))
-			break;
-
-		appl = NULL;
-		in = read_msg(&ctx);
-		wpabuf_free(out);
-		out = NULL;
-		if (!in)
-			goto fail;
-		if (tls_connection_established(tls_client, conn_client))
-			break;
-	}
-
-	wpabuf_free(in);
-	in = wpabuf_alloc(100);
-	if (!in)
-		goto fail;
-	wpabuf_put_str(in, "PING");
-	wpabuf_free(out);
-	out = tls_connection_encrypt(tls_client, conn_client, in);
-	wpabuf_free(in);
-	in = NULL;
-	if (!out)
-		goto fail;
-
-	wpabuf_free(in);
-	in = wpabuf_alloc(100);
-	if (!in)
-		goto fail;
-	wpabuf_put_str(in, "PONG");
-	wpabuf_free(out);
-	out = read_msg(&ctx);
-	wpabuf_free(in);
-	in = NULL;
-	if (!out)
-		goto fail;
-
-	in = tls_connection_decrypt(tls_client, conn_client, out);
-	wpabuf_free(out);
-	out = NULL;
-	if (!in)
-		goto fail;
-	wpa_hexdump_buf(MSG_DEBUG, "Client decrypted ApplData", in);
-
-	ret = 0;
-fail:
-	if (tls_client) {
-		if (conn_client)
-			tls_connection_deinit(tls_client, conn_client);
-		tls_deinit(tls_client);
-	}
-	wpabuf_free(in);
-	wpabuf_free(out);
-
-	return ret;
-}
diff --git a/tests/fuzzing/tls-server/.gitignore b/tests/fuzzing/tls-server/.gitignore
deleted file mode 100644
index 341256f57f3f..000000000000
--- a/tests/fuzzing/tls-server/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-tls-server
diff --git a/tests/fuzzing/tls-server/Makefile b/tests/fuzzing/tls-server/Makefile
deleted file mode 100644
index 8e2400310397..000000000000
--- a/tests/fuzzing/tls-server/Makefile
+++ /dev/null
@@ -1,32 +0,0 @@
-ALL=tls-server
-include ../rules.include
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/rsn_supp/librsn_supp.a
-LIBS += $(SRC)/eapol_supp/libeapol_supp.a
-LIBS += $(SRC)/eap_peer/libeap_peer.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/utils/libutils.a
-
-ELIBS += $(SRC)/crypto/libcrypto.a
-ELIBS += $(SRC)/tls/libtls.a
-
-OBJS += tls-server.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-_OBJS_VAR := ELIBS
-include ../../../src/objs.mk
-
-tls-server: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	rm -f tls-server *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/tls-server/corpus/client.msg b/tests/fuzzing/tls-server/corpus/client.msg
deleted file mode 100644
index cb390143b0ea..000000000000
--- a/tests/fuzzing/tls-server/corpus/client.msg
+++ /dev/null
diff --git a/tests/fuzzing/tls-server/tls-server.c b/tests/fuzzing/tls-server/tls-server.c
deleted file mode 100644
index d64cd7ad9756..000000000000
--- a/tests/fuzzing/tls-server/tls-server.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Testing tool for TLSv1 server routines
- * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/tls.h"
-#include "../fuzzer-common.h"
-
-#ifndef CERTDIR
-#define CERTDIR "../../hwsim/auth_serv/"
-#endif
-
-struct context {
-	const u8 *data;
-	size_t data_len;
-	size_t data_offset;
-};
-
-
-static struct wpabuf * read_msg(struct context *ctx)
-{
-	u16 msg_len;
-	struct wpabuf *msg;
-
-	if (ctx->data_len - ctx->data_offset < 2) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len");
-		return NULL;
-	}
-	msg_len = WPA_GET_BE16(&ctx->data[ctx->data_offset]);
-	ctx->data_offset += 2;
-
-	msg = wpabuf_alloc(msg_len);
-	if (!msg)
-		return NULL;
-	if (msg_len > 0 && ctx->data_len - ctx->data_offset < msg_len) {
-		wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)",
-			   msg_len);
-		wpabuf_free(msg);
-		return NULL;
-	}
-	wpabuf_put_data(msg, &ctx->data[ctx->data_offset], msg_len);
-	ctx->data_offset += msg_len;
-	wpa_hexdump_buf(MSG_DEBUG, "TEST: Read message from file", msg);
-
-	return msg;
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct context ctx;
-	struct tls_config conf;
-	void *tls_server;
-	struct tls_connection_params params;
-	struct tls_connection *conn_server = NULL;
-	int ret = -1;
-	struct wpabuf *in = NULL, *out = NULL, *appl;
-
-	wpa_fuzzer_set_debug_level();
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	ctx.data = data;
-	ctx.data_len = size;
-
-	os_memset(&conf, 0, sizeof(conf));
-	tls_server = tls_init(&conf);
-	if (!tls_server)
-		goto fail;
-
-	os_memset(&params, 0, sizeof(params));
-	params.ca_cert = CERTDIR "ca.pem";
-	params.client_cert = CERTDIR "server.pem";
-	params.private_key = CERTDIR "server.key";
-	params.dh_file = CERTDIR "dh.conf";
-
-	if (tls_global_set_params(tls_server, &params)) {
-		wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
-		goto fail;
-	}
-
-	conn_server = tls_connection_init(tls_server);
-	if (!conn_server)
-		goto fail;
-
-	in = NULL;
-	for (;;) {
-		appl = NULL;
-		out = read_msg(&ctx);
-		wpabuf_free(in);
-		in = NULL;
-		if (!out)
-			goto fail;
-
-		appl = NULL;
-		in = tls_connection_server_handshake(tls_server, conn_server,
-						     out, &appl);
-		wpabuf_free(out);
-		out = NULL;
-		if (!in)
-			goto fail;
-		if (tls_connection_get_failed(tls_server, conn_server)) {
-			wpa_printf(MSG_ERROR, "TLS handshake failed");
-			goto fail;
-		}
-		if (tls_connection_established(tls_server, conn_server))
-			break;
-	}
-
-	wpabuf_free(in);
-	in = wpabuf_alloc(100);
-	if (!in)
-		goto fail;
-	wpabuf_put_str(in, "PING");
-	wpabuf_free(out);
-	out = read_msg(&ctx);
-	wpabuf_free(in);
-	in = NULL;
-	if (!out)
-		goto fail;
-
-	in = tls_connection_decrypt(tls_server, conn_server, out);
-	wpabuf_free(out);
-	out = NULL;
-	if (!in)
-		goto fail;
-	wpa_hexdump_buf(MSG_DEBUG, "Server decrypted ApplData", in);
-
-	wpabuf_free(in);
-	in = wpabuf_alloc(100);
-	if (!in)
-		goto fail;
-	wpabuf_put_str(in, "PONG");
-	wpabuf_free(out);
-	out = tls_connection_encrypt(tls_server, conn_server, in);
-	wpabuf_free(in);
-	in = NULL;
-	if (!out)
-		goto fail;
-
-	ret = 0;
-fail:
-	if (tls_server) {
-		if (conn_server)
-			tls_connection_deinit(tls_server, conn_server);
-		tls_deinit(tls_server);
-	}
-	wpabuf_free(in);
-	wpabuf_free(out);
-
-	return ret;
-}
diff --git a/tests/fuzzing/wnm/.gitignore b/tests/fuzzing/wnm/.gitignore
deleted file mode 100644
index 0e1d383dc444..000000000000
--- a/tests/fuzzing/wnm/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-wnm
diff --git a/tests/fuzzing/wnm/Makefile b/tests/fuzzing/wnm/Makefile
deleted file mode 100644
index 60d27b3a1535..000000000000
--- a/tests/fuzzing/wnm/Makefile
+++ /dev/null
@@ -1,60 +0,0 @@
-ALL=wnm
-include ../rules.include
-
-CFLAGS += -DCONFIG_WNM
-CFLAGS += -DCONFIG_INTERWORKING
-CFLAGS += -DCONFIG_GAS
-CFLAGS += -DCONFIG_HS20
-CFLAGS += -DIEEE8021X_EAPOL
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/rsn_supp/librsn_supp.a
-LIBS += $(SRC)/eapol_supp/libeapol_supp.a
-LIBS += $(SRC)/eap_peer/libeap_peer.a
-LIBS += $(SRC)/eap_common/libeap_common.a
-LIBS += $(SRC)/l2_packet/libl2_packet.a
-LIBS += $(SRC)/utils/libutils.a
-
-ELIBS += $(SRC)/crypto/libcrypto.a
-ELIBS += $(SRC)/tls/libtls.a
-
-OBJS += $(WPAS_SRC)/bssid_ignore.o
-OBJS += $(WPAS_SRC)/bss.o
-OBJS += $(WPAS_SRC)/config.o
-OBJS += $(WPAS_SRC)/config_file.o
-OBJS += $(WPAS_SRC)/eap_register.o
-OBJS += $(WPAS_SRC)/events.o
-OBJS += $(WPAS_SRC)/gas_query.o
-OBJS += $(WPAS_SRC)/hs20_supplicant.o
-OBJS += $(WPAS_SRC)/interworking.o
-OBJS += $(WPAS_SRC)/notify.o
-OBJS += $(WPAS_SRC)/offchannel.o
-OBJS += $(WPAS_SRC)/op_classes.o
-OBJS += $(WPAS_SRC)/robust_av.o
-OBJS += $(WPAS_SRC)/rrm.o
-OBJS += $(WPAS_SRC)/scan.o
-OBJS += $(WPAS_SRC)/wmm_ac.o
-OBJS += $(WPAS_SRC)/wnm_sta.o
-OBJS += $(WPAS_SRC)/wpa_supplicant.o
-OBJS += $(WPAS_SRC)/wpas_glue.o
-OBJS += $(SRC)/drivers/driver_common.o
-OBJS += $(SRC)/drivers/drivers.o
-
-OBJS += wnm.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-_OBJS_VAR := ELIBS
-include ../../../src/objs.mk
-
-wnm: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	rm -f wnm *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/wnm/corpus/bss-tm-req.dat b/tests/fuzzing/wnm/corpus/bss-tm-req.dat
deleted file mode 100644
index 14510bb3ad11..000000000000
--- a/tests/fuzzing/wnm/corpus/bss-tm-req.dat
+++ /dev/null
diff --git a/tests/fuzzing/wnm/corpus/oss-fuzz-0001.dat b/tests/fuzzing/wnm/corpus/oss-fuzz-0001.dat
deleted file mode 100644
index 53fdf659c438..000000000000
--- a/tests/fuzzing/wnm/corpus/oss-fuzz-0001.dat
+++ /dev/null
diff --git a/tests/fuzzing/wnm/corpus/oss-fuzz-0002.dat b/tests/fuzzing/wnm/corpus/oss-fuzz-0002.dat
deleted file mode 100644
index cb700936fad5..000000000000
--- a/tests/fuzzing/wnm/corpus/oss-fuzz-0002.dat
+++ /dev/null
diff --git a/tests/fuzzing/wnm/corpus/wnm-notif.dat b/tests/fuzzing/wnm/corpus/wnm-notif.dat
deleted file mode 100644
index c234d3ad5b69..000000000000
--- a/tests/fuzzing/wnm/corpus/wnm-notif.dat
+++ /dev/null
diff --git a/tests/fuzzing/wnm/wnm.c b/tests/fuzzing/wnm/wnm.c
deleted file mode 100644
index 7afc648e442a..000000000000
--- a/tests/fuzzing/wnm/wnm.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * wpa_supplicant - WNM fuzzer
- * Copyright (c) 2015-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/wpa_i.h"
-#include "wpa_supplicant_i.h"
-#include "bss.h"
-#include "wnm_sta.h"
-#include "../../../wpa_supplicant/config.h"
-#include "../fuzzer-common.h"
-
-
-struct arg_ctx {
-	const u8 *data;
-	size_t data_len;
-	struct wpa_supplicant wpa_s;
-	struct wpa_bss bss;
-	struct wpa_driver_ops driver;
-	struct wpa_sm wpa;
-	struct wpa_config conf;
-};
-
-
-static void test_send_wnm(void *eloop_data, void *user_ctx)
-{
-	struct arg_ctx *ctx = eloop_data;
-	const struct ieee80211_mgmt *mgmt;
-
-	wpa_hexdump(MSG_MSGDUMP, "fuzzer - WNM", ctx->data, ctx->data_len);
-
-	mgmt = (const struct ieee80211_mgmt *) ctx->data;
-	ieee802_11_rx_wnm_action(&ctx->wpa_s, mgmt, ctx->data_len);
-
-	eloop_terminate();
-}
-
-
-static int init_wpa(struct arg_ctx *ctx)
-{
-	ctx->wpa_s.wpa_state = WPA_COMPLETED;
-	os_memcpy(ctx->wpa_s.bssid, "\x02\x00\x00\x00\x03\x00", ETH_ALEN);
-	ctx->wpa_s.current_bss = &ctx->bss;
-	ctx->wpa_s.driver = &ctx->driver;
-	ctx->wpa_s.wpa = &ctx->wpa;
-	ctx->wpa_s.conf = &ctx->conf;
-
-	return 0;
-}
-
-
-static void deinit_wpa(struct arg_ctx *ctx)
-{
-	wnm_deallocate_memory(&ctx->wpa_s);
-}
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct arg_ctx ctx;
-
-	wpa_fuzzer_set_debug_level();
-
-	if (os_program_init())
-		return 0;
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		return 0;
-	}
-
-	os_memset(&ctx, 0, sizeof(ctx));
-	ctx.data = data;
-	ctx.data_len = size;
-	if (init_wpa(&ctx))
-		goto fail;
-
-	eloop_register_timeout(0, 0, test_send_wnm, &ctx, NULL);
-
-	wpa_printf(MSG_DEBUG, "Starting eloop");
-	eloop_run();
-	wpa_printf(MSG_DEBUG, "eloop done");
-	deinit_wpa(&ctx);
-
-fail:
-	eloop_destroy();
-	os_program_deinit();
-
-	return 0;
-}
diff --git a/tests/fuzzing/x509/.gitignore b/tests/fuzzing/x509/.gitignore
deleted file mode 100644
index 490a5d71f3f2..000000000000
--- a/tests/fuzzing/x509/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-x509
diff --git a/tests/fuzzing/x509/Makefile b/tests/fuzzing/x509/Makefile
deleted file mode 100644
index 306473c3dba3..000000000000
--- a/tests/fuzzing/x509/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-ALL=x509
-include ../rules.include
-
-LIBS += $(SRC)/common/libcommon.a
-LIBS += $(SRC)/crypto/libcrypto.a
-LIBS += $(SRC)/tls/libtls.a
-LIBS += $(SRC)/utils/libutils.a
-
-ELIBS += $(SRC)/crypto/libcrypto.a
-ELIBS += $(SRC)/tls/libtls.a
-
-OBJS += x509.o
-
-_OBJS_VAR := OBJS
-include ../../../src/objs.mk
-
-_OBJS_VAR := LIBS
-include ../../../src/objs.mk
-
-_OBJS_VAR := ELIBS
-include ../../../src/objs.mk
-
-x509: $(OBJS) $(LIBS)
-	$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
-
-clean: common-clean
-	rm -f x509 *~ *.o *.d ../*~ ../*.o ../*.d
diff --git a/tests/fuzzing/x509/corpus/ca.der b/tests/fuzzing/x509/corpus/ca.der
deleted file mode 100644
index 09d5fa051bf3..000000000000
--- a/tests/fuzzing/x509/corpus/ca.der
+++ /dev/null
diff --git a/tests/fuzzing/x509/corpus/oss-fuzz-15408 b/tests/fuzzing/x509/corpus/oss-fuzz-15408
deleted file mode 100644
index a6f74c54623f..000000000000
--- a/tests/fuzzing/x509/corpus/oss-fuzz-15408
+++ /dev/null
@@ -1 +0,0 @@
-0‚
™0‚
•  
	         0
	           0/10	    €  1 0                           0
 3 6 91  1 2Z
 3 6 7 6 1 2Z0/10	      1 0                           0�Ÿ0
	                                                 ÿ                                                                      ÿ                   ÿ             £P0N0                         0                         0U0!
 ÿ 
\ No newline at end of file
diff --git a/tests/fuzzing/x509/x509.c b/tests/fuzzing/x509/x509.c
deleted file mode 100644
index 2969fea3e287..000000000000
--- a/tests/fuzzing/x509/x509.c
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Testing tool for X.509v3 routines
- * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "tls/x509v3.h"
-#include "../fuzzer-common.h"
-
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-	struct x509_certificate *cert;
-
-	wpa_fuzzer_set_debug_level();
-
-	cert = x509_certificate_parse(data, size);
-	x509_certificate_free(cert);
-	return 0;
-}
diff --git a/tests/hwsim/.gitignore b/tests/hwsim/.gitignore
deleted file mode 100644
index 25f0f66cf900..000000000000
--- a/tests/hwsim/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-sigma_dut
diff --git a/tests/hwsim/README b/tests/hwsim/README
deleted file mode 100644
index f0d8b18e3479..000000000000
--- a/tests/hwsim/README
+++ /dev/null
@@ -1,220 +0,0 @@
-Automated hostapd/wpa_supplicant testing with mac80211_hwsim
-------------------------------------------------------------
-
-This directory contains testing infrastructure and test cases to run
-automated tests of full hostapd and wpa_supplicant functionality. This
-testing is done with the help of mac80211_hwsim which is Linux kernel
-driver that simulates IEEE 802.11 radios without requiring any
-additional hardware. This setup most of the hostapd and wpa_supplicant
-functionality (and large parts of the Linux cfg80211 and mac80211
-functionality for that matter) to be tested.
-
-mac80211_hwsim is loaded with five simulated radios to allow different
-device combinations to be tested. wlantest is used analyze raw packets
-captured through the hwsim0 monitor interface that capture all frames
-sent on all channels. wlantest is used to store the frames for
-analysis. Three wpa_supplicant processes are used to control three
-virtual radios and one hostapd process is used to dynamically control
-the other two virtual radios. wpa_supplicant/hostapd test functionality
-is used to verify that data connection (both unicast and broadcast)
-works between two netdevs.
-
-The python scripts and tools in this directory control test case
-execution. They interact wpa_supplicant and hostapd through control
-interfaces to perform the operations. In addition, wlantest_cli is used
-to verify that operations have been performed correctly and that the
-network connection works in the expected way.
-
-These test cases are run automatically against the hostap.git commits
-for regression testing and to help in keeping the hostap.git master
-branch in stable state. Results from these tests are available here:
-http://buildbot.w1.fi/hwsim/
-
-
-Building binaries for testing
------------------------------
-
-You will need to build (or use already built) components to be
-tested. These are available in the hostap.git repository and can be
-built for example as follows:
-
-cd ../../wpa_supplicant
-cp ../tests/hwsim/example-wpa_supplicant.config .config
-make clean
-make
-cd ../hostapd
-cp ../tests/hwsim/example-hostapd.config .config
-make clean
-make hostapd hostapd_cli hlr_auc_gw
-cd ../wlantest
-make clean
-make
-
-Alternatively, the build.sh script here can be used to run these steps
-with conditional creation of .config files only if they do not exist.
-
-The test scripts can find the binaries in the locations where they were
-built. It is also possible to install wlantest_cli somewhere on the path
-to use pre-built tools.
-
-Please note that some of the configuration parameters used to enable
-more testing coverage may require development packages that may not be
-installed by default in many distributions. For example, following
-Debian/Ubuntu packages are likely to be needed:
-- binutils-dev
-- libsqlite3-dev
-- libpcap-dev
-
-example-setup.txt provides more complete step-by-step example on how a
-test setup can be built.
-
-
-wpaspy
-------
-
-The python scripts use wpaspy.py to interact with the wpa_supplicant
-control interface, but the run-tests.py script adds the (relative)
-path into the environment so it doesn't need to be installed.
-
-
-mac80211_hwsim
---------------
-
-mac80211_hwsim kernel module is available from the upstream Linux
-kernel. Some Linux distributions enable it by default. If that's not the
-case, you can either enable it in the kernel configuration
-(CONFIG_MAC80211_HWSIM=m) and rebuild your kernel or use Backports with
-CPTCFG_MAC80211_HWSIM=m to replace the wireless LAN components in the
-base kernel.
-
-
-sudo
-----
-
-Some parts of the testing process requires root privileges. The test
-scripts are currently using sudo to achieve this. To be able to run the
-tests, you'll probably want to enable sudo with a timeout to not expire
-password entry very quickly. For example, use this in the sudoers file:
-
-Defaults        env_reset,timestamp_timeout=180
-
-Or on a dedicated test system, you could even disable password prompting
-with this in sudoers:
-
-%sudo   ALL=NOPASSWD: ALL
-
-
-Other network interfaces
-------------------------
-
-Some of the test scripts are still using hardcoded interface names, so
-the easiest way of making things work is to avoid using other network
-devices that may use conflicting interface names. For example, unload
-any wireless LAN driver before running the tests and make sure that
-wlan0..4 gets assigned as the interface names for the mac80211_hwsim
-radios. It may also be possible to rename the interface expectations in
-run-tests.py to allow other names to be used.
-
-Please also note that some commonly enabled tools, like NetworkManager,
-may end up trying to control new network interfaces automatically. This
-can result in conflicts with the test scripts and you may need to
-disable such network services or at least mark the mac80211_hwsim wlan#
-interfaces as umanaged. As an example, this can be done in
-/etc/NetworkManager/NetworkManager.conf with following addition:
-
-[keyfile]
-unmanaged-devices=mac:02:00:00:00:00:00;mac:02:00:00:00:01:00;mac:02:00:00:00:02:00;mac:02:00:00:00:03:00;mac:02:00:00:00:04:00
-
-
-Running tests
--------------
-
-Simplest way to run a full set of the test cases is by running
-run-all.sh in tests/hwsim directory. This will use start.sh to load the
-mac80211_hwsim module and start wpa_supplicant, hostapd, and various
-test tools. run-tests.sh is then used to run through all the defined
-test cases and stop.sh to stop the programs and unload the kernel
-module.
-
-run-all.sh can be used to run the same test cases under different
-conditions:
-
-# run normal test cases
-./run-all.sh
-
-# run normal test cases under valgrind
-./run-all.sh valgrind
-
-# run normal test cases with Linux tracing
-./run-all.sh trace
-
-# run normal test cases with multi channel support (see details below)
-./run-all.sh channels=<num of channels>
-
-run-all.sh directs debug logs into the logs subdirectory (or $LOGDIR if
-present in the environment). Log file names include the current UNIX
-timestamp and a postfix to identify the specific log:
-- *.log0 = wpa_supplicant debug log for the first radio
-- *.log1 = wpa_supplicant debug log for the second radio
-- *.log2 = wpa_supplicant debug log for the third radio
-- *.hostapd = hostapd debug log
-- hwsim0 = wlantest debug log
-- hwsim0.pcapng = capture with all frames exchanged during the tests
-- *.log = debug prints from the test scripts
-- trace.dat = Linux tracing record (if enabled)
-- hlr_auc_gw - hlr_auc_gw (EAP-SIM/AKA/AKA' authentication) log
-- auth_serv - hostapd as RADIUS authentication server log
-
-
-For manual testing, ./start.sh can be used to initialize interfaces and
-programs and run-tests.py to execute one or more test
-cases. run-tests.py output verbosity can be controlled with -d (more
-verbose debug output) and -q (less verbose output) on the command
-line. "-f <module name>" (pointing to file test_<module name>.py) can be
-used to specify that all test cases from a single file are to be
-run. Test name as the last command line argument can be specified that a
-single test case is to be run (e.g., "./run-tests.py ap_pmf_required").
-
-Notice that some tests require the driver to support concurrent
-operation on multi channels in order to run. These tests will be skipped
-in case the driver does not support multi channels. To enable support
-for multi channel, the number of supported channel is passed as an
-argument to run-all.sh or start.sh
-
-
-Adding/modifying test cases
----------------------------
-
-All the test cases are defined in the test_*.py files. These are python
-scripts that can use the local helper classes to interact with the test
-components. While various python constructs can be used in the scripts,
-only a minimal level of python knowledge should really be needed to
-modify and add new test cases. The easiest starting point for this is
-likely to take a look at some of the example scripts. When working on a
-new test, run-tests.py with -d and the test case name on the command
-line is a convenient way of verifying functionality.
-
-run-tests.py will automatically import all test cases from the test_*.py
-files in this directory. All functions starting with the "test_" prefix
-in these files are assumed to be test cases. Each test case is named by
-the function name following the "test_" prefix.
-
-
-Results database
-----------------
-
-run-tests.py can be requested to write results from the execution of
-each test case into an sqlite database. The "-S <path to database>" and
-"-b <build id>" command line arguments can be used to do that. The
-database must have been prepared before this, e.g., with following:
-
-cat | sqlite3 /tmp/example.db <<EOF
-CREATE TABLE results (test,result,run,time,duration,build,commitid);
-CREATE INDEX results_idx ON results (test);
-CREATE INDEX results_idx2 ON results (run);
-CREATE TABLE tests (test,description);
-CREATE UNIQUE INDEX tests_idx ON tests (test);
-CREATE TABLE logs (test,run,type,contents);
-CREATE INDEX logs_idx ON logs (test);
-CREATE INDEX logs_idx2 ON logs (run);
-EOF
diff --git a/tests/hwsim/auth_serv/as.conf b/tests/hwsim/auth_serv/as.conf
deleted file mode 100644
index 3c0eda22f739..000000000000
--- a/tests/hwsim/auth_serv/as.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-driver=none
-radius_server_clients=auth_serv/radius_clients.conf
-radius_server_acct_port=1813
-eap_server=1
-eap_user_file=auth_serv/eap_user.conf
-
-interface=as
-ctrl_interface=/var/run/hostapd
-ctrl_interface_group=admin
-
-ca_cert=auth_serv/ca.pem
-server_cert=auth_serv/server.pem
-private_key=auth_serv/server.key
-ocsp_stapling_response=LOGDIR/ocsp-server-cache.der
-ocsp_stapling_response_multi=auth_serv/ocsp-multi-server-cache.der
-server_id=server.w1.fi
-eap_sim_db=unix:/tmp/hlr_auc_gw.sock
-dh_file=auth_serv/dh.conf
-pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
-eap_fast_a_id=101112131415161718191a1b1c1d1e1f
-eap_fast_a_id_info=test server
-eap_sim_aka_result_ind=1
-tls_flags=[ENABLE-TLSv1.3]
-
-dump_msk_file=LOGDIR/as-msk.lst
-
-hs20_t_c_server_url=https://example.com/t_and_c?addr=@1@&ap=123
diff --git a/tests/hwsim/auth_serv/as2.conf b/tests/hwsim/auth_serv/as2.conf
deleted file mode 100644
index 963db7aea568..000000000000
--- a/tests/hwsim/auth_serv/as2.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-driver=none
-radius_server_clients=auth_serv/radius_clients.conf
-radius_server_auth_port=1814
-eap_server=1
-eap_user_file=auth_serv/eap_user.conf
-
-interface=as2
-ctrl_interface=/var/run/hostapd
-ctrl_interface_group=admin
-
-ca_cert=auth_serv/ca.pem
-server_cert=auth_serv/server.pem
-private_key=auth_serv/server.key
-ocsp_stapling_response=LOGDIR/ocsp-server-cache.der
-ocsp_stapling_response_multi=auth_serv/ocsp-multi-server-cache.der
-server_id=server2.w1.fi
-eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=LOGDIR/hostapd.db
-dh_file=auth_serv/dh.conf
-pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
-eap_fast_a_id=101112131415161718191a1b1c1d1e1f
-eap_fast_a_id_info=test server2
-eap_sim_aka_result_ind=1
-
-dump_msk_file=LOGDIR/as2-msk.lst
diff --git a/tests/hwsim/auth_serv/ca-and-crl-expired.pem b/tests/hwsim/auth_serv/ca-and-crl-expired.pem
deleted file mode 100644
index dc7bf98c1546..000000000000
--- a/tests/hwsim/auth_serv/ca-and-crl-expired.pem
+++ /dev/null
@@ -1,90 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            42:97:6c:30:8e:79:fc:7b:6a:e3:ef:9d:18:a4:74:9d:8b:5f:57:53
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Validity
-            Not Before: May  2 19:49:48 2020 GMT
-            Not After : Apr 30 19:49:48 2030 GMT
-        Subject: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:bc:f4:ee:44:62:7f:62:4f:a1:81:46:ba:c4:aa:
-                    1e:fd:4e:d0:ed:f1:47:cb:25:5b:66:7a:86:39:91:
-                    ca:b5:61:a7:7e:2f:3c:63:7d:39:b8:1a:9e:cb:6d:
-                    32:32:91:de:49:49:84:da:15:be:2b:dd:c6:bc:1f:
-                    dc:6e:c0:2d:77:f2:d0:7b:2c:40:19:07:60:55:b0:
-                    ff:7c:51:ef:38:d1:f0:2a:da:a8:cc:ea:d6:54:a4:
-                    ef:be:17:44:1a:9e:33:70:57:a4:f3:06:ac:3d:ee:
-                    4b:2d:e5:46:25:2d:33:09:f6:49:a8:02:31:a4:65:
-                    9b:32:0a:67:f5:02:e1:3b:47:a6:ae:e4:f6:85:eb:
-                    5d:3e:02:66:dd:11:98:ac:34:72:c2:8f:25:55:4a:
-                    6a:ea:e8:82:2f:bd:7f:78:31:a4:5a:d7:32:bb:64:
-                    48:46:23:ef:c8:c9:e2:84:00:56:72:e8:4b:54:95:
-                    62:3a:5a:11:79:ee:40:43:9e:16:2c:cc:e6:45:f4:
-                    bb:82:28:c2:83:35:2c:55:36:99:59:11:b1:15:d0:
-                    03:c1:a5:37:e1:1f:bb:43:c7:b4:b9:33:de:14:d7:
-                    7c:99:45:0f:c1:06:fe:b6:25:10:59:b7:72:76:7f:
-                    91:4b:ea:d1:b9:6a:6a:ed:dd:1b:a9:0e:a7:29:48:
-                    b7:4d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         41:f9:c3:a3:77:11:92:55:e7:4b:4a:32:6a:31:d9:51:cf:06:
-         a5:39:ea:30:98:b8:8d:4f:24:c5:34:fd:c6:98:10:59:32:7e:
-         57:f5:8f:ba:67:c9:fc:44:68:b3:7c:f1:af:3a:5f:0d:8f:a1:
-         fe:41:21:0e:e9:08:a3:63:49:66:34:4a:cd:ce:66:74:47:30:
-         f7:dc:82:99:21:56:82:ff:2d:12:90:7d:7a:64:22:a0:ed:fa:
-         62:d9:5a:d3:97:96:0c:04:a7:47:88:da:53:b6:33:15:15:f9:
-         da:ee:ac:25:e9:07:02:89:bc:73:a2:c6:27:6f:1f:bd:73:b8:
-         8e:f7:94:54:57:a7:8b:5b:9a:24:aa:86:d4:04:5c:8c:cb:28:
-         a2:45:f9:34:f0:01:20:bb:06:e8:41:14:d2:d7:ca:e8:bf:4e:
-         16:72:22:a0:0c:86:ca:73:23:09:ae:71:f1:52:0c:db:b2:8a:
-         4d:94:a5:fa:15:81:5b:a2:95:62:50:a1:d6:64:fe:4c:0c:60:
-         8d:9b:0f:b8:41:ac:cb:31:c2:17:6c:7b:61:13:16:9a:db:64:
-         fc:5f:47:84:3d:d2:2e:db:0b:9e:b6:1e:85:04:c1:e5:c0:b2:
-         6d:8f:f2:99:00:3a:1a:ab:02:cf:45:7a:26:c1:b0:1f:c6:b0:
-         d0:4d:f7:52
------BEGIN CERTIFICATE-----
-MIIDYDCCAkigAwIBAgIUQpdsMI55/Htq4++dGKR0nYtfV1MwDQYJKoZIhvcNAQEL
-BQAwQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoMBXcx
-LmZpMRAwDgYDVQQDDAdSb290IENBMB4XDTIwMDUwMjE5NDk0OFoXDTMwMDQzMDE5
-NDk0OFowQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoM
-BXcxLmZpMRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAvPTuRGJ/Yk+hgUa6xKoe/U7Q7fFHyyVbZnqGOZHKtWGnfi88Y305
-uBqey20yMpHeSUmE2hW+K93GvB/cbsAtd/LQeyxAGQdgVbD/fFHvONHwKtqozOrW
-VKTvvhdEGp4zcFek8wasPe5LLeVGJS0zCfZJqAIxpGWbMgpn9QLhO0emruT2hetd
-PgJm3RGYrDRywo8lVUpq6uiCL71/eDGkWtcyu2RIRiPvyMnihABWcuhLVJViOloR
-ee5AQ54WLMzmRfS7gijCgzUsVTaZWRGxFdADwaU34R+7Q8e0uTPeFNd8mUUPwQb+
-tiUQWbdydn+RS+rRuWpq7d0bqQ6nKUi3TQIDAQABo1AwTjAdBgNVHQ4EFgQUpP25
-ORuBs6rriB3Ugam1EXDMp+EwHwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDM
-p+EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQfnDo3cRklXnS0oy
-ajHZUc8GpTnqMJi4jU8kxTT9xpgQWTJ+V/WPumfJ/ERos3zxrzpfDY+h/kEhDukI
-o2NJZjRKzc5mdEcw99yCmSFWgv8tEpB9emQioO36Ytla05eWDASnR4jaU7YzFRX5
-2u6sJekHAom8c6LGJ28fvXO4jveUVFeni1uaJKqG1ARcjMsookX5NPABILsG6EEU
-0tfK6L9OFnIioAyGynMjCa5x8VIM27KKTZSl+hWBW6KVYlCh1mT+TAxgjZsPuEGs
-yzHCF2x7YRMWmttk/F9HhD3SLtsLnrYehQTB5cCybY/ymQA6GqsCz0V6JsGwH8aw
-0E33Ug==
------END CERTIFICATE-----
------BEGIN X509 CRL-----
-MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJGSTEQMA4GA1UE
-BwwHVHV1c3VsYTEOMAwGA1UECgwFdzEuZmkxEDAOBgNVBAMMB1Jvb3QgQ0EXDTIw
-MDUwMjE1MDYwN1oXDTIwMDUwMjE2MDYwN1qgDjAMMAoGA1UdFAQDAgEHMA0GCSqG
-SIb3DQEBCwUAA4IBAQBpgpd1hBcONRssjbezGJDE4WC4gSpW9ufS7OgzWXky9AIq
-ea5engK/LCTn0GZVwRvuDkHn0H/dS68pFoQSnrbyS7Alz8oJf/T41vKgG8sxkfra
-tvezWu7x8Kaz6QQuoxoGERZhudyNoPTUYKQpqnUjlz0088j+HqBuy6uSQsDlOXI7
-dxbXU25JvJlebJEeMxd/R+8SkVmXN6OR9RO+kkm0BIjhuUc2BOToxZhPj4PS7If0
-RO5S7WSgZOyg1d0yq/EMNvfm8gT5RioC0rceBlt5FIbjg+xn4VExyg73CbeMjC8O
-CRblHL1o5GK7zHTyKFZ/KUdKIc9sdB/Eehcyvo+Z
------END X509 CRL-----
diff --git a/tests/hwsim/auth_serv/ca-and-crl.pem b/tests/hwsim/auth_serv/ca-and-crl.pem
deleted file mode 100644
index 4e8367884a78..000000000000
--- a/tests/hwsim/auth_serv/ca-and-crl.pem
+++ /dev/null
@@ -1,90 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            42:97:6c:30:8e:79:fc:7b:6a:e3:ef:9d:18:a4:74:9d:8b:5f:57:53
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Validity
-            Not Before: May  2 19:49:48 2020 GMT
-            Not After : Apr 30 19:49:48 2030 GMT
-        Subject: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:bc:f4:ee:44:62:7f:62:4f:a1:81:46:ba:c4:aa:
-                    1e:fd:4e:d0:ed:f1:47:cb:25:5b:66:7a:86:39:91:
-                    ca:b5:61:a7:7e:2f:3c:63:7d:39:b8:1a:9e:cb:6d:
-                    32:32:91:de:49:49:84:da:15:be:2b:dd:c6:bc:1f:
-                    dc:6e:c0:2d:77:f2:d0:7b:2c:40:19:07:60:55:b0:
-                    ff:7c:51:ef:38:d1:f0:2a:da:a8:cc:ea:d6:54:a4:
-                    ef:be:17:44:1a:9e:33:70:57:a4:f3:06:ac:3d:ee:
-                    4b:2d:e5:46:25:2d:33:09:f6:49:a8:02:31:a4:65:
-                    9b:32:0a:67:f5:02:e1:3b:47:a6:ae:e4:f6:85:eb:
-                    5d:3e:02:66:dd:11:98:ac:34:72:c2:8f:25:55:4a:
-                    6a:ea:e8:82:2f:bd:7f:78:31:a4:5a:d7:32:bb:64:
-                    48:46:23:ef:c8:c9:e2:84:00:56:72:e8:4b:54:95:
-                    62:3a:5a:11:79:ee:40:43:9e:16:2c:cc:e6:45:f4:
-                    bb:82:28:c2:83:35:2c:55:36:99:59:11:b1:15:d0:
-                    03:c1:a5:37:e1:1f:bb:43:c7:b4:b9:33:de:14:d7:
-                    7c:99:45:0f:c1:06:fe:b6:25:10:59:b7:72:76:7f:
-                    91:4b:ea:d1:b9:6a:6a:ed:dd:1b:a9:0e:a7:29:48:
-                    b7:4d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         41:f9:c3:a3:77:11:92:55:e7:4b:4a:32:6a:31:d9:51:cf:06:
-         a5:39:ea:30:98:b8:8d:4f:24:c5:34:fd:c6:98:10:59:32:7e:
-         57:f5:8f:ba:67:c9:fc:44:68:b3:7c:f1:af:3a:5f:0d:8f:a1:
-         fe:41:21:0e:e9:08:a3:63:49:66:34:4a:cd:ce:66:74:47:30:
-         f7:dc:82:99:21:56:82:ff:2d:12:90:7d:7a:64:22:a0:ed:fa:
-         62:d9:5a:d3:97:96:0c:04:a7:47:88:da:53:b6:33:15:15:f9:
-         da:ee:ac:25:e9:07:02:89:bc:73:a2:c6:27:6f:1f:bd:73:b8:
-         8e:f7:94:54:57:a7:8b:5b:9a:24:aa:86:d4:04:5c:8c:cb:28:
-         a2:45:f9:34:f0:01:20:bb:06:e8:41:14:d2:d7:ca:e8:bf:4e:
-         16:72:22:a0:0c:86:ca:73:23:09:ae:71:f1:52:0c:db:b2:8a:
-         4d:94:a5:fa:15:81:5b:a2:95:62:50:a1:d6:64:fe:4c:0c:60:
-         8d:9b:0f:b8:41:ac:cb:31:c2:17:6c:7b:61:13:16:9a:db:64:
-         fc:5f:47:84:3d:d2:2e:db:0b:9e:b6:1e:85:04:c1:e5:c0:b2:
-         6d:8f:f2:99:00:3a:1a:ab:02:cf:45:7a:26:c1:b0:1f:c6:b0:
-         d0:4d:f7:52
------BEGIN CERTIFICATE-----
-MIIDYDCCAkigAwIBAgIUQpdsMI55/Htq4++dGKR0nYtfV1MwDQYJKoZIhvcNAQEL
-BQAwQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoMBXcx
-LmZpMRAwDgYDVQQDDAdSb290IENBMB4XDTIwMDUwMjE5NDk0OFoXDTMwMDQzMDE5
-NDk0OFowQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoM
-BXcxLmZpMRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAvPTuRGJ/Yk+hgUa6xKoe/U7Q7fFHyyVbZnqGOZHKtWGnfi88Y305
-uBqey20yMpHeSUmE2hW+K93GvB/cbsAtd/LQeyxAGQdgVbD/fFHvONHwKtqozOrW
-VKTvvhdEGp4zcFek8wasPe5LLeVGJS0zCfZJqAIxpGWbMgpn9QLhO0emruT2hetd
-PgJm3RGYrDRywo8lVUpq6uiCL71/eDGkWtcyu2RIRiPvyMnihABWcuhLVJViOloR
-ee5AQ54WLMzmRfS7gijCgzUsVTaZWRGxFdADwaU34R+7Q8e0uTPeFNd8mUUPwQb+
-tiUQWbdydn+RS+rRuWpq7d0bqQ6nKUi3TQIDAQABo1AwTjAdBgNVHQ4EFgQUpP25
-ORuBs6rriB3Ugam1EXDMp+EwHwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDM
-p+EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQfnDo3cRklXnS0oy
-ajHZUc8GpTnqMJi4jU8kxTT9xpgQWTJ+V/WPumfJ/ERos3zxrzpfDY+h/kEhDukI
-o2NJZjRKzc5mdEcw99yCmSFWgv8tEpB9emQioO36Ytla05eWDASnR4jaU7YzFRX5
-2u6sJekHAom8c6LGJ28fvXO4jveUVFeni1uaJKqG1ARcjMsookX5NPABILsG6EEU
-0tfK6L9OFnIioAyGynMjCa5x8VIM27KKTZSl+hWBW6KVYlCh1mT+TAxgjZsPuEGs
-yzHCF2x7YRMWmttk/F9HhD3SLtsLnrYehQTB5cCybY/ymQA6GqsCz0V6JsGwH8aw
-0E33Ug==
------END CERTIFICATE-----
------BEGIN X509 CRL-----
-MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJGSTEQMA4GA1UE
-BwwHVHV1c3VsYTEOMAwGA1UECgwFdzEuZmkxEDAOBgNVBAMMB1Jvb3QgQ0EXDTIw
-MDUwMzE0NTY1M1oXDTI4MDUwMzE0NTY1M1qgDjAMMAoGA1UdFAQDAgECMA0GCSqG
-SIb3DQEBCwUAA4IBAQCaoYj8yLx4eF+bupRl0YQ7h8MlZ3nFmEJFCXlRrPurWLC0
-tUC/8mMA4GJR6CUGUTZ70pfxKoC1Uca5uMJjNkfOJu0UAnMoiGk7W3Fqbbihigku
-KU48HHieHoKBFc1+95I1TDVHnaDUkoDpT5W9J9yk5XHzJC7xZC411CM2tRZrKo/h
-DRyooWZ5KPT+fthgzDvGSngbMXWumWYMv33PhiMrRlwQgxdt5ECXMbsIN9nY6Sz2
-RFbR9gVA3DwQ5TCMC3UFvHOEn5WcsEeMlNGdoTEb0LbGLnAIxnvHN626HeAgfruj
-6Zec54XKEBnpwBlpfENL6eWJZ+NNVkedrSYdcVM0
------END X509 CRL-----
diff --git a/tests/hwsim/auth_serv/ca-incorrect-key.pem b/tests/hwsim/auth_serv/ca-incorrect-key.pem
deleted file mode 100644
index ae28d447c435..000000000000
--- a/tests/hwsim/auth_serv/ca-incorrect-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCorkTzjidMmpUN
-G78W6HDErNBhAgZVX6grzX+v1l9YxzUitpwgQP319PlMdHGDtY7E1h0kwlrmifsA
-6p6Ejk1o4BYzLnZtcC/nhu8zjyCakDhgvpwbzL5m6TwVsJHyAhUsmdpOZOFH/yVY
-zgmN1jnKi7MTnEUgXafts5ZJ9+yf1ju1G/pMynZpcayln2ffMaiAz7YGbefjGLKe
-kjgOX82UfZqqvkMu6b5u+hSRRRexDEqsQZxOT/X8iO4VL6tWu8LVU+PJ+bKSiIfW
-oNgqpzAddrv0kAW59u8RCjI/eyXceywsCcEQ2V2JwjL7p4Oil4yyyxHHAi5nmQ7Z
-225UszcJAgMBAAECggEAEaLGysAeE8BFvS0deYOr5qQ61SmlB+AMcSf3JadAKMQL
-Jin5gNXKt6B5QCkchSzCVIoeWe2IG3ppp9rf3/QQ29ox9//vmdmU6JwO/lEEk6Ro
-gJTtNWrerVvNUGc5mxfkptkfHfsmIqTmfrZsAUxYlnisrGw2PgAMwql4GRu2va84
-8ZVUVG6+WNizMetsDU1ZuGLVYL7e7YHQG34xW898mdjojv0pJ/XO0mkJvjWMnVCA
-+gQrct7k3G+59ap5p9hd/1kCtFqV4E6XkdqW4bP8W+jXPwyReAxLSibU6VYZVoAV
-VYpkH0f6vDxn8mfEX4llSnOADeYlahO1QkCJE7xxUQKBgQDTCMCIfrmzrfMZo/s7
-68EjGjmBYipaXIZRtIptk//2FmWkm6VHKi5rWO01BUFXFoTEP3syc6BbWhdgRawi
-iM4yS/83sogE8Zl8UKKAv1kcm+HRqrJ+o02b2glcqRmLQPOKcHjNgyWV/yZYbHX0
-BE8yMXlJDBVRcNkGWBtcDuEQ7wKBgQDMn0VBUZyv6ud7vpeLa2RNl7vMyvYAu+Vo
-73lWbvwldAY8md4/Oh9ZWsznpSXer0Kx0cHgGfaZw0yzazg9P25RVOmXt01t21l0
-atz82CTAkWDKT7NdXscW5aAtmsCNIpNLcScU94F9jtNKidMB+FUGhcX1gvNQoFQo
-kHp0cr9HhwKBgDYGxZOsLcqMO/JSgt0iS/26lwJCqWkcyt5cBBxtiVfs//SWTEfd
-yqh8ya2LPOEYyMCdJ+MQqvr4I4foDluA/pjtz9bog94QJCUpV5Dya9PhLHzK4It/
-Lz05IrBwMjPuWusURDkI3DR8b8qvabsg502IUO6cg1CoPUdcgxScUo5NAoGAbExH
-nUCSi1DqX0YKcxHNrnuGO+eXt9+6lYVZVPO8pB36Rwyw4gnjGanDFT8FAg0EYZTA
-5dkX+V2yNKukwlXWD1m/oDq10lTrzX/ZokDLgtfuwGTaa6qD+Ixj8H8dNhV8m8sx
-ghlVAZ0cGzFC6qICbkdS9JPwL1YL9MQy63rn3fUCgYEAj3kgp+ByZJjA4fEk+CkB
-V6VL+3GKEq0oc910O4flUfIRO7bOh9XOcrPyhES9Kxj5hh8UP4OTiTmnQmtqEMq0
-K5/8FojDEnh3DmCC6ZDe79vYXQB4c2MRJg1DApZiklpsLJSIjO4ZQ4H3aQQEKCQe
-DOd7egyPAkD7rmwgWBvF3Nk=
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ca-incorrect.der b/tests/hwsim/auth_serv/ca-incorrect.der
deleted file mode 100644
index 75bb94d71aef..000000000000
--- a/tests/hwsim/auth_serv/ca-incorrect.der
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/ca-incorrect.pem b/tests/hwsim/auth_serv/ca-incorrect.pem
deleted file mode 100644
index 4afabbd42f31..000000000000
--- a/tests/hwsim/auth_serv/ca-incorrect.pem
+++ /dev/null
@@ -1,79 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            59:db:b0:44:3b:5a:59:c8:8e:2b:14:38:c4:3b:60:b6:1f:a5:fe:38
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = FI, L = Tuusula, O = w1.fi, CN = TEST - Incorrect Root CA
-        Validity
-            Not Before: May  2 19:49:48 2020 GMT
-            Not After : Apr 30 19:49:48 2030 GMT
-        Subject: C = FI, L = Tuusula, O = w1.fi, CN = TEST - Incorrect Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a8:ae:44:f3:8e:27:4c:9a:95:0d:1b:bf:16:e8:
-                    70:c4:ac:d0:61:02:06:55:5f:a8:2b:cd:7f:af:d6:
-                    5f:58:c7:35:22:b6:9c:20:40:fd:f5:f4:f9:4c:74:
-                    71:83:b5:8e:c4:d6:1d:24:c2:5a:e6:89:fb:00:ea:
-                    9e:84:8e:4d:68:e0:16:33:2e:76:6d:70:2f:e7:86:
-                    ef:33:8f:20:9a:90:38:60:be:9c:1b:cc:be:66:e9:
-                    3c:15:b0:91:f2:02:15:2c:99:da:4e:64:e1:47:ff:
-                    25:58:ce:09:8d:d6:39:ca:8b:b3:13:9c:45:20:5d:
-                    a7:ed:b3:96:49:f7:ec:9f:d6:3b:b5:1b:fa:4c:ca:
-                    76:69:71:ac:a5:9f:67:df:31:a8:80:cf:b6:06:6d:
-                    e7:e3:18:b2:9e:92:38:0e:5f:cd:94:7d:9a:aa:be:
-                    43:2e:e9:be:6e:fa:14:91:45:17:b1:0c:4a:ac:41:
-                    9c:4e:4f:f5:fc:88:ee:15:2f:ab:56:bb:c2:d5:53:
-                    e3:c9:f9:b2:92:88:87:d6:a0:d8:2a:a7:30:1d:76:
-                    bb:f4:90:05:b9:f6:ef:11:0a:32:3f:7b:25:dc:7b:
-                    2c:2c:09:c1:10:d9:5d:89:c2:32:fb:a7:83:a2:97:
-                    8c:b2:cb:11:c7:02:2e:67:99:0e:d9:db:6e:54:b3:
-                    37:09
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                0B:56:70:D1:C5:1C:DE:A7:F3:27:07:62:EA:F9:32:BD:C6:95:DD:51
-            X509v3 Authority Key Identifier: 
-                keyid:0B:56:70:D1:C5:1C:DE:A7:F3:27:07:62:EA:F9:32:BD:C6:95:DD:51
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         9f:dd:16:ec:26:65:db:7b:49:82:83:f7:72:49:84:44:9e:b7:
-         ec:fa:35:53:f9:7c:fd:e1:1e:b0:ec:bc:44:45:6e:47:26:9a:
-         d4:03:91:e5:72:25:3d:86:93:e0:9a:9a:e2:95:f2:e9:3d:57:
-         26:d4:7e:0a:36:9f:db:f0:76:09:51:98:9c:e9:96:cc:64:5e:
-         c6:c7:d1:59:46:da:4d:03:5a:4f:64:f6:b0:2b:f8:12:f2:a1:
-         0a:f2:a4:b9:df:0e:5f:b4:f3:18:26:0e:ab:18:29:33:5c:40:
-         54:48:f6:c2:37:ea:62:45:ae:d6:39:fe:75:f0:61:ff:3d:65:
-         3e:65:38:e9:07:08:2f:ea:d0:80:8a:4d:0a:62:9c:ae:22:45:
-         aa:7e:09:be:43:ce:bd:fc:f7:8c:b4:ba:e2:52:f1:1d:79:7c:
-         ad:2f:09:29:82:6d:0d:64:d1:25:a3:9b:36:eb:1b:e0:f0:04:
-         18:c4:29:d3:2e:c7:67:12:fa:3d:1f:81:e3:2c:5b:25:63:8c:
-         c8:1c:9b:bd:e6:c1:22:c8:34:17:fd:64:3a:3f:30:75:36:18:
-         e2:2d:49:16:07:ad:ba:ce:28:c7:df:06:81:57:55:cd:34:7b:
-         81:fd:5e:97:5d:c5:d1:dd:f1:61:2d:f5:ce:06:7f:4d:2e:a4:
-         5e:77:9b:d1
------BEGIN CERTIFICATE-----
-MIIDgjCCAmqgAwIBAgIUWduwRDtaWciOKxQ4xDtgth+l/jgwDQYJKoZIhvcNAQEL
-BQAwUjELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoMBXcx
-LmZpMSEwHwYDVQQDDBhURVNUIC0gSW5jb3JyZWN0IFJvb3QgQ0EwHhcNMjAwNTAy
-MTk0OTQ4WhcNMzAwNDMwMTk0OTQ4WjBSMQswCQYDVQQGEwJGSTEQMA4GA1UEBwwH
-VHV1c3VsYTEOMAwGA1UECgwFdzEuZmkxITAfBgNVBAMMGFRFU1QgLSBJbmNvcnJl
-Y3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKiuRPOO
-J0yalQ0bvxbocMSs0GECBlVfqCvNf6/WX1jHNSK2nCBA/fX0+Ux0cYO1jsTWHSTC
-WuaJ+wDqnoSOTWjgFjMudm1wL+eG7zOPIJqQOGC+nBvMvmbpPBWwkfICFSyZ2k5k
-4Uf/JVjOCY3WOcqLsxOcRSBdp+2zlkn37J/WO7Ub+kzKdmlxrKWfZ98xqIDPtgZt
-5+MYsp6SOA5fzZR9mqq+Qy7pvm76FJFFF7EMSqxBnE5P9fyI7hUvq1a7wtVT48n5
-spKIh9ag2CqnMB12u/SQBbn27xEKMj97Jdx7LCwJwRDZXYnCMvung6KXjLLLEccC
-LmeZDtnbblSzNwkCAwEAAaNQME4wHQYDVR0OBBYEFAtWcNHFHN6n8ycHYur5Mr3G
-ld1RMB8GA1UdIwQYMBaAFAtWcNHFHN6n8ycHYur5Mr3Gld1RMAwGA1UdEwQFMAMB
-Af8wDQYJKoZIhvcNAQELBQADggEBAJ/dFuwmZdt7SYKD93JJhESet+z6NVP5fP3h
-HrDsvERFbkcmmtQDkeVyJT2Gk+CamuKV8uk9VybUfgo2n9vwdglRmJzplsxkXsbH
-0VlG2k0DWk9k9rAr+BLyoQrypLnfDl+08xgmDqsYKTNcQFRI9sI36mJFrtY5/nXw
-Yf89ZT5lOOkHCC/q0ICKTQpinK4iRap+Cb5Dzr3894y0uuJS8R15fK0vCSmCbQ1k
-0SWjmzbrG+DwBBjEKdMux2cS+j0fgeMsWyVjjMgcm73mwSLINBf9ZDo/MHU2GOIt
-SRYHrbrOKMffBoFXVc00e4H9XpddxdHd8WEt9c4Gf00upF53m9E=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ca-key.pem b/tests/hwsim/auth_serv/ca-key.pem
deleted file mode 100644
index b66e03802935..000000000000
--- a/tests/hwsim/auth_serv/ca-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC89O5EYn9iT6GB
-RrrEqh79TtDt8UfLJVtmeoY5kcq1Yad+LzxjfTm4Gp7LbTIykd5JSYTaFb4r3ca8
-H9xuwC138tB7LEAZB2BVsP98Ue840fAq2qjM6tZUpO++F0QanjNwV6TzBqw97kst
-5UYlLTMJ9kmoAjGkZZsyCmf1AuE7R6au5PaF610+AmbdEZisNHLCjyVVSmrq6IIv
-vX94MaRa1zK7ZEhGI+/IyeKEAFZy6EtUlWI6WhF57kBDnhYszOZF9LuCKMKDNSxV
-NplZEbEV0APBpTfhH7tDx7S5M94U13yZRQ/BBv62JRBZt3J2f5FL6tG5amrt3Rup
-DqcpSLdNAgMBAAECggEBAJ9YofITaj8aziT545jjqfyN0c1G0vdyinCSVM0JsHtj
-Xd8gsHlp6hnigRUmAdX5gw4krJ9JBLVzchvFdpwC/pUPtFabC3bP7KJ3AAzz/5vY
-FwPcn8snIxYAfZi9gBY+YTyU/KphbzFO2iFbHttNEaSOCLFhIEH12XnKor5Q7mWQ
-5HHlTdCzvRlGQwSdrmYctQmekdSgffF56ebZzlkwrJAF+o8NX44mcNWSausnEuds
-S7Cah4dxT3Hm8luXfd1u3fCiT/p0ubMT66OVjo2cB0CIQxSpGWoIMuVrVrlzQbNt
-gtQ2cred2HKizlYpCjNd2zrRHauIc2koqQTP0+yNE5UCgYEA6Fuc4Wrq/maMQiOT
-QI46K5PktWArxFO152chdLpjy9qKmm0o7MjBZubRRW0kYHvtUwu15wcCH8Ctwucn
-JGrvtS3lMbNy14kQG7OrT87u2J5VyXNbGxOIhoeDRxEKCbDfyA+4c7sGHMxczxPc
-q6tWJ8cZeXLl8TMLacyG5aWF1WMCgYEA0C7RtPZh6J4XfsgZjO/7FoVgBp5yoche
-Hc6gwHiT7qYAbDQgOq7g41jEtYoO/e8qRsxsJHJlVzYIe3WlK5IC78sk6ZS7hZ6M
-LjfhnBPV1Ddtdq4w2VKY7fDYPvZK3DOc0FOIlaPicxWXUUDt0Tfud2qgYbebz+R6
-wmxqqcYM948CgYEAq6C/yGFJIpBsmY3dfpmPrhCXpsFakrGic0JiG+5xOGo8ZsSq
-rfu7n15uxXFQpVPkgKrtubAbiYiw0H4dE3FJjfJQkN2TvlCnbU7RAyo+khKiGyLx
-8JYFChmehie32mCjawrxm8pRQYRSKULqhIMSKF+QGX0dC4RAse041vfkWzECgYAr
-tAh2EtsO+FE6Xktu2No/KhS0jwLFj8iiPURl42o6yUKBdJfnedrgHzx8V9U53cFk
-R3nUVOeNXVx+fn4EHYzcRisjlgOf017ePQDxwQA8or4qEftTRBGyscLTxOSGQZeD
-7GVZ9KOPQVMYzaafKzy2eP3eRatCA1b6BcSGi3shZQKBgQDA1h0rSoFoXsel8MAV
-MPkGt6gzUdzKb/Qt3BOolnsIcd4Vn19uLCcLdhxRkD37MW/9/mgV+Q57DYyvS9OC
-xi6q7ukgDE3YTK5WChmqJ4p0aEP4bEt6N1VIo55HCFoJy01NIJLs4VAW4y88CzDp
-otex1UmIWQdfnDbIVW9NNFVTiQ==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ca.der b/tests/hwsim/auth_serv/ca.der
deleted file mode 100644
index b03de0177f76..000000000000
--- a/tests/hwsim/auth_serv/ca.der
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/ca.pem b/tests/hwsim/auth_serv/ca.pem
deleted file mode 100644
index 7fcbdf7675f3..000000000000
--- a/tests/hwsim/auth_serv/ca.pem
+++ /dev/null
@@ -1,79 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            42:97:6c:30:8e:79:fc:7b:6a:e3:ef:9d:18:a4:74:9d:8b:5f:57:53
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Validity
-            Not Before: May  2 19:49:48 2020 GMT
-            Not After : Apr 30 19:49:48 2030 GMT
-        Subject: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:bc:f4:ee:44:62:7f:62:4f:a1:81:46:ba:c4:aa:
-                    1e:fd:4e:d0:ed:f1:47:cb:25:5b:66:7a:86:39:91:
-                    ca:b5:61:a7:7e:2f:3c:63:7d:39:b8:1a:9e:cb:6d:
-                    32:32:91:de:49:49:84:da:15:be:2b:dd:c6:bc:1f:
-                    dc:6e:c0:2d:77:f2:d0:7b:2c:40:19:07:60:55:b0:
-                    ff:7c:51:ef:38:d1:f0:2a:da:a8:cc:ea:d6:54:a4:
-                    ef:be:17:44:1a:9e:33:70:57:a4:f3:06:ac:3d:ee:
-                    4b:2d:e5:46:25:2d:33:09:f6:49:a8:02:31:a4:65:
-                    9b:32:0a:67:f5:02:e1:3b:47:a6:ae:e4:f6:85:eb:
-                    5d:3e:02:66:dd:11:98:ac:34:72:c2:8f:25:55:4a:
-                    6a:ea:e8:82:2f:bd:7f:78:31:a4:5a:d7:32:bb:64:
-                    48:46:23:ef:c8:c9:e2:84:00:56:72:e8:4b:54:95:
-                    62:3a:5a:11:79:ee:40:43:9e:16:2c:cc:e6:45:f4:
-                    bb:82:28:c2:83:35:2c:55:36:99:59:11:b1:15:d0:
-                    03:c1:a5:37:e1:1f:bb:43:c7:b4:b9:33:de:14:d7:
-                    7c:99:45:0f:c1:06:fe:b6:25:10:59:b7:72:76:7f:
-                    91:4b:ea:d1:b9:6a:6a:ed:dd:1b:a9:0e:a7:29:48:
-                    b7:4d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         41:f9:c3:a3:77:11:92:55:e7:4b:4a:32:6a:31:d9:51:cf:06:
-         a5:39:ea:30:98:b8:8d:4f:24:c5:34:fd:c6:98:10:59:32:7e:
-         57:f5:8f:ba:67:c9:fc:44:68:b3:7c:f1:af:3a:5f:0d:8f:a1:
-         fe:41:21:0e:e9:08:a3:63:49:66:34:4a:cd:ce:66:74:47:30:
-         f7:dc:82:99:21:56:82:ff:2d:12:90:7d:7a:64:22:a0:ed:fa:
-         62:d9:5a:d3:97:96:0c:04:a7:47:88:da:53:b6:33:15:15:f9:
-         da:ee:ac:25:e9:07:02:89:bc:73:a2:c6:27:6f:1f:bd:73:b8:
-         8e:f7:94:54:57:a7:8b:5b:9a:24:aa:86:d4:04:5c:8c:cb:28:
-         a2:45:f9:34:f0:01:20:bb:06:e8:41:14:d2:d7:ca:e8:bf:4e:
-         16:72:22:a0:0c:86:ca:73:23:09:ae:71:f1:52:0c:db:b2:8a:
-         4d:94:a5:fa:15:81:5b:a2:95:62:50:a1:d6:64:fe:4c:0c:60:
-         8d:9b:0f:b8:41:ac:cb:31:c2:17:6c:7b:61:13:16:9a:db:64:
-         fc:5f:47:84:3d:d2:2e:db:0b:9e:b6:1e:85:04:c1:e5:c0:b2:
-         6d:8f:f2:99:00:3a:1a:ab:02:cf:45:7a:26:c1:b0:1f:c6:b0:
-         d0:4d:f7:52
------BEGIN CERTIFICATE-----
-MIIDYDCCAkigAwIBAgIUQpdsMI55/Htq4++dGKR0nYtfV1MwDQYJKoZIhvcNAQEL
-BQAwQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoMBXcx
-LmZpMRAwDgYDVQQDDAdSb290IENBMB4XDTIwMDUwMjE5NDk0OFoXDTMwMDQzMDE5
-NDk0OFowQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoM
-BXcxLmZpMRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAvPTuRGJ/Yk+hgUa6xKoe/U7Q7fFHyyVbZnqGOZHKtWGnfi88Y305
-uBqey20yMpHeSUmE2hW+K93GvB/cbsAtd/LQeyxAGQdgVbD/fFHvONHwKtqozOrW
-VKTvvhdEGp4zcFek8wasPe5LLeVGJS0zCfZJqAIxpGWbMgpn9QLhO0emruT2hetd
-PgJm3RGYrDRywo8lVUpq6uiCL71/eDGkWtcyu2RIRiPvyMnihABWcuhLVJViOloR
-ee5AQ54WLMzmRfS7gijCgzUsVTaZWRGxFdADwaU34R+7Q8e0uTPeFNd8mUUPwQb+
-tiUQWbdydn+RS+rRuWpq7d0bqQ6nKUi3TQIDAQABo1AwTjAdBgNVHQ4EFgQUpP25
-ORuBs6rriB3Ugam1EXDMp+EwHwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDM
-p+EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQfnDo3cRklXnS0oy
-ajHZUc8GpTnqMJi4jU8kxTT9xpgQWTJ+V/WPumfJ/ERos3zxrzpfDY+h/kEhDukI
-o2NJZjRKzc5mdEcw99yCmSFWgv8tEpB9emQioO36Ytla05eWDASnR4jaU7YzFRX5
-2u6sJekHAom8c6LGJ28fvXO4jveUVFeni1uaJKqG1ARcjMsookX5NPABILsG6EEU
-0tfK6L9OFnIioAyGynMjCa5x8VIM27KKTZSl+hWBW6KVYlCh1mT+TAxgjZsPuEGs
-yzHCF2x7YRMWmttk/F9HhD3SLtsLnrYehQTB5cCybY/ymQA6GqsCz0V6JsGwH8aw
-0E33Ug==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/dh.conf b/tests/hwsim/auth_serv/dh.conf
deleted file mode 100644
index f8cd30fd84d9..000000000000
--- a/tests/hwsim/auth_serv/dh.conf
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAn5Zfi2JHL512eWsfgD2un5TKWlIvNVIYedyWyzkG7JvccUIdaqx1
-xDVXldaAXW2VkDoRGpFSNk43fPfrYcDIZiWHydNjetQ4Cejv7GcjBPMbNm47eIO1
-+9OXrBwpYatW8npTRGF83TqQ/wJgjfr3Cl580Qp2Tv9XjGWHjqDmJI8xVmmOjn/w
-sT1sSN0MryujDzxh7AtkX2NtJMTB1o1Z8MZPnRbxf1crECUNOhYTuTIkzJU1lROq
-HKR72RcMUfJp6GxrYRmx8CQ69UwUwyJoedkkV39HRqvZGc8b8HLFwmlhkGy+qfaN
-zNugMb5eoRAqm+6ZQjZJWAU29+OG/Ku2owIBAg==
------END DH PARAMETERS-----
diff --git a/tests/hwsim/auth_serv/dh2.conf b/tests/hwsim/auth_serv/dh2.conf
deleted file mode 100644
index 5532efe2a6e6..000000000000
--- a/tests/hwsim/auth_serv/dh2.conf
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAnMarPft+gvX8Ul5WKDn3rSa67dCNNhIivHnHBTn7I6LFE4pf3NY6
-KCUcVgJtOl55+58GxkpFsTZEmcykrbTjtJIyNfXFx6n/JKZTNYT0Vv7xmpSN3v53
-208v8rY91OiqO3T8L1PAsENMwuvMZL65IdLiMmVpAktgLGCafektBkaHj29bYCGS
-oGwz65iypzZGKGZmzET168lbh1SIuZkq3JOFEvE0ZJS5XhLrVUw14uZV/7lPRE+E
-dtza3kVlJXbkgnkrBsiuBlmWiga7EjPtD2o18WhPThI8zX/FoAyQUem4DkhfSpS8
-FrJUrODwQQycS5AaexDmZqHJ/L4GdlHcAwIBAg==
------END DH PARAMETERS-----
diff --git a/tests/hwsim/auth_serv/dh_param_3072.pem b/tests/hwsim/auth_serv/dh_param_3072.pem
deleted file mode 100644
index cc72bc2576be..000000000000
--- a/tests/hwsim/auth_serv/dh_param_3072.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBiAKCAYEA3HLNJq+KXn0kCgo4QNnZNmkzwAVLPyIoK24CCfXC53Ax2jAY7iCu
-recce4hWsRAXjfFLcdGlcHPQ6saSwKE80ebj2eSpiASnAMO46PaGDxpycLl+Ac92
-RTaNDFYXveOMSAQboBC6KlNuf4hf7m+ZNxNTEdhKJnx5DmE5UbRKLzndH49OSsNG
-9ip+gHvO6FmRI4bUr5tosVfcVv2nWA0aRknEWFgUw5qKzi0XIejxHf+SKl+XlHGF
-/HuFV7zvksy/wVd0aMl40QSRTLvUfK+jwjPyAKFi7pSEa+cJGJNO1AVfiDCQ8xiA
-wXM4cqU1cUgTuSZZy3itLIlr3+a0O0PQ/zYCgSZlfRBtbWoOK54RhEJ33xTUVcIH
-bMkS8lmqscVIccPVzC9cv+MASbrfE1wvSJFkW1cHy+LScyQLaXeiqovH0HWp60cN
-9UhTcBRV49JTZfTk4wcfc50q+oNNMOXiHXX6Cz7YYkWQhVarawZcOOXkL5LwyqWE
-Fd2a8VjMc7ujAgEC
------END DH PARAMETERS-----
diff --git a/tests/hwsim/auth_serv/dsaparam.pem b/tests/hwsim/auth_serv/dsaparam.pem
deleted file mode 100644
index 890695d40592..000000000000
--- a/tests/hwsim/auth_serv/dsaparam.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIICLQKCAQEA4Gx/0VQqdHPnUdPwtyYRYPMqJqIufW2SkWMEVCMHLo6yZx+2Y1Kn
-N8Zi7TlCHshBXPS/ZF3jMpFk5lOf0M/YujayuVl1iii7B79d5NC0eehX3LnlS3WK
-npGmuCIlnxPrOvrrwx9gPznruNrLNh57IERidYtolFAPjtNKuCYbCmpS1J6mh3pR
-XlNkkTC6L2zkkgDwDZQzJmbQ5gSDY57uneSOgZaPGOYt+Uxsv4v/xxBRTALEcRDk
-AyB0OhzNx5gsNw1qfO1Ck1IOG0Z+A8VnS6Kpeh42bCTdF3OfXwK2BgOzQLCpyEfp
-MEqgRG7VUQjlsdkUy35apIvYpZbovgmbbQIhAIc7hanE2sJ1kKBMYxQx6mlxc+NI
-LxoyLRqAE0iQs08HAoIBAQCFmPw/JGlVVMMdC3RYlTdH2Lu2lGJoDmuuKhrmQOo/
-/jAcShg3n2hVSKzximtZX+KNoJ3TklWG30jPsV1CSOeX0IDeiuEiH/1bGAtHmIxo
-BLbF5fS94fAbL9IAXhuXaHozgnVoutbFUxGVCCopPmYnX8nDCHdy6cHQld1/S5Y4
-hYWQTTSJETUzqYUWQtdAzUCPFBwDGJA7CpYgGQ3mJRUt/Hk6QnEc8NrAFNvbnxWA
-me0/rZmg4lZwtA8GfrOzsZSVXCsL56KZZ8iMElfcN/E4fxWOfBoFkNI3IOc5B+j2
-EsZcXUcbK2o57BHiZ1GMcbfnuz5STFY8/vBXpyAbBDqO
------END DSA PARAMETERS-----
diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
deleted file mode 100644
index b5c65f17866d..000000000000
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ /dev/null
@@ -1,167 +0,0 @@
-"pwd user"	PWD	"secret password"
-"pwd user@domain"	PWD	"secret password"
-"pwd-hash"	PWD	hash:e3718ece8ab74792cbbfffd316d2d19a
-"pwd-hash-sha1"	PWD	ssha1:046239e0660a59015231082a071c803e9f5848ae42eaccb4c08c97ae397bc879c4b071b9088ee715
-"pwd-hash-sha256"	PWD	ssha256:eb0fc747d940308ee5ddcb88d4998a39fa9fcad3044872cf35a1b54b8d351dadc05f525ec27be0d35eca52a328c582ebc7
-"pwd-hash-sha512"	PWD	ssha512:368d96e5acb41b164fe5ce038ab7c3552a82f88fae2e8481da525cc2c68c53b19390a91ccc61a1a04595b620b92e47c39bae353108035c49aaeb23859ad6d22dc08d2057cdd9f0831636a47cbac8d23ed7de8575a197b6320d5627e8f9768bd2109471bc7dff566f7a5e0e9990c285dc1d42e02ed06d6f9490323053ab252d88
-"pwd.user@test123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890.example.com"	PWD	"secret password"
-"gpsk user"	GPSK	"abcdefghijklmnop0123456789abcdef"
-"gpsk user@domain"	GPSK	"abcdefghijklmnop0123456789abcdef"
-"sake user"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-"sake user@domain"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-"eke user"	EKE	"hello"
-"eke user@domain"	EKE	"hello"
-"ikev2 user"	IKEV2	"ike password"
-"ikev2 user@domain"	IKEV2	"ike password"
-"pax.user@example.com"	PAX	0123456789abcdef0123456789abcdef
-"psk.user@example.com"	PSK	0123456789abcdef0123456789abcdef
-"vendor-test"	VENDOR-TEST	"foo"
-"vendor-test-2"	VENDOR-TEST	"foo"	[2]
-"osen@example.com"	WFA-UNAUTH-TLS
-"unauth-tls"	UNAUTH-TLS
-
-"WFA-SimpleConfig-Enrollee-1-0"	WSC
-"WFA-SimpleConfig-Enrollee-unexpected"	WSC
-
-"erp-fast@example.com"	FAST
-"erp-fast@example.com"	GTC	"password"	[2]
-"erp-gpsk@example.com"	GPSK	"abcdefghijklmnop0123456789abcdef"
-"erp-eke@example.com"	EKE	"hello"
-"erp-pax@example.com"	PAX	0123456789abcdef0123456789abcdef
-"erp-peap@example.com"	PEAP
-"erp-peap@example.com"	MSCHAPV2	"password"	[2]
-"erp-teap@example.com"	TEAP
-"erp-teap@example.com"	MSCHAPV2	"password"	[2]
-"erp-psk@example.com"	PSK	0123456789abcdef0123456789abcdef
-"erp-pwd@example.com"	PWD	"secret password"
-"erp-sake@example.com"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-"erp-tls@example.com"	TLS
-"erp-ttls@example.com"	TTLS
-"erp-ttls@example.com"	TTLS-PAP	"password"	[2]
-"erp-ttls"	TTLS
-"erp-ttls"	TTLS-PAP	"password"	[2]
-"erp-ikev2@example.com"	IKEV2	"password"
-"psk@erp.example.com"	PSK	0123456789abcdef0123456789abcdef
-"pwd@erp.example.com"	PWD	"secret password"
-
-"vlan1"	PAX	0123456789abcdef0123456789abcdef
-radius_accept_attr=64:d:13
-radius_accept_attr=65:d:6
-radius_accept_attr=81:s:1
-
-"vlan2"	PAX	0123456789abcdef0123456789abcdef
-radius_accept_attr=64:d:13
-radius_accept_attr=65:d:6
-radius_accept_attr=81:s:2
-
-"vlan1b"	PAX	0123456789abcdef0123456789abcdef
-radius_accept_attr=56:x:32000001
-
-"vlan1tagged"   PAX     0123456789abcdef0123456789abcdef
-radius_accept_attr=56:x:31000001
-
-"vlan12mixed"   PAX     0123456789abcdef0123456789abcdef
-radius_accept_attr=56:x:31000001
-radius_accept_attr=64:d:13
-radius_accept_attr=65:d:6
-radius_accept_attr=81:s:2
-
-"test-class"	PAX	0123456789abcdef0123456789abcdef
-radius_accept_attr=25:x:00112233445566778899
-
-"gpsk-cui"	GPSK	"abcdefghijklmnop0123456789abcdef"
-radius_accept_attr=89:s:gpsk-chargeable-user-identity
-radius_accept_attr=25:x:00112233445566778899aa
-
-"gpsk-vlan1"	GPSK	"abcdefghijklmnop0123456789abcdef"
-radius_accept_attr=64:d:13
-radius_accept_attr=65:d:6
-radius_accept_attr=81:s:1
-
-"gpsk-user-session-timeout"	GPSK	"abcdefghijklmnop0123456789abcdef"
-radius_accept_attr=27:d:3
-
-"phase1-user"	MSCHAPV2,MD5,GTC	"password"
-
-"/C=FI/O=w1.fi/CN=Test User"	TLS	[2]
-
-"020000000000"	MACACL	"020000000000"
-
-"020000000100"	MACACL	"020000000100"
-radius_accept_attr=1:s:test-user
-radius_accept_attr=89:s:macacl-cui-test
-
-"020000000200"	MACACL	"020000000200"
-radius_accept_attr=56:x:32000011
-
-"0232010000000000@ttls"	TTLS,AKA
-"0232010000000000@peap"	PEAP,AKA
-"0232010000000000@fast"	FAST,AKA
-"1232010000000000@ttls"	TTLS,SIM
-"1232010000000000@peap"	PEAP,SIM
-"1232010000000000@fast"	FAST,SIM
-"6555444333222111@both" AKA',AKA
-"peap-ver0"	PEAP	[ver=0]
-"peap-ver1"	PEAP	[ver=1]
-
-"0"*		AKA
-"1"*		SIM
-"2"*		AKA
-"3"*		SIM
-"4"*		AKA
-"5"*		SIM
-"6"*		AKA'
-"7"*		AKA'
-"8"*		AKA'
-"TEAP"		TEAP
-*		TTLS,TLS,PEAP,FAST,TEAP,SIM,AKA',AKA
-
-"0"*		AKA	[2]
-"1"*		SIM	[2]
-"2"*		AKA	[2]
-"3"*		SIM	[2]
-"4"*		AKA	[2]
-"5"*		SIM	[2]
-"6"*		AKA'	[2]
-"7"*		AKA'	[2]
-"8"*		AKA'	[2]
-
-"pap user"	TTLS-PAP	"password"	[2]
-"pap-secret"	TTLS-PAP	"63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"	[2]
-"pap-secret@example.com"	TTLS-PAP	"63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"	[2]
-"chap user"	TTLS-CHAP	"password"	[2]
-"mschap user"	TTLS-MSCHAP	"password"	[2]
-"DOMAIN\mschapv2 user"	TTLS-MSCHAPV2	hash:8846f7eaee8fb117ad06bdd830b7586c	[2]
-"mschapv2 user@domain"	TTLS-MSCHAPV2	hash:8846f7eaee8fb117ad06bdd830b7586c	[2]
-"hs20-test"	TTLS-MSCHAPV2	"password"	[2]
-"hs20-test-with-domain@example.com"	TTLS-MSCHAPV2	"password"	[2]
-"utf8-user"	TTLS-MSCHAPV2	"secret-åäö-€-password"	[2]
-"utf8-user-hash"	TTLS-MSCHAPV2	hash:bd5844fad2489992da7fe8c5a01559cf	[2]
-
-"user"	MSCHAPV2,MD5,GTC	"password"	[2]
-"user@example.com"	MSCHAPV2,MD5,GTC	"password"	[2]
-"user2"	MSCHAPV2,MD5,GTC	"password"	[2]
-"DOMAIN\user3"	MSCHAPV2	"password"	[2]
-"user-no-passwd"	MSCHAPV2,MD5,GTC	[2]
-"machine"	MSCHAPV2,MD5,GTC	"machine-password"	[2]
-"cert user"	TLS	[2]
-"user-secret"	GTC	"63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"	[2]
-"user-pwd-2"	PWD	"password"	[2]
-"user-eke-2"	EKE	"password"	[2]
-
-"hs20-deauth-test"	TTLS-MSCHAPV2	"password"	[2]
-radius_accept_attr=26:x:00009f680405016400
-
-"hs20-subrem-test"	TTLS-MSCHAPV2	"password"	[2]
-radius_accept_attr=26:x:00009f6801170168747470733a2f2f6578616d706c652e636f6d2f
-
-"hs20-session-info-test"	TTLS-MSCHAPV2	"password"	[2]
-radius_accept_attr=27:d:63
-radius_accept_attr=26:x:00009f6805170168747470733a2f2f6578616d706c652e636f6d2f
-
-"hs20-t-c-test"	TTLS-MSCHAPV2	"password"	[2]
-radius_accept_attr=26:x:00009f68090601000000
-radius_accept_attr=89:s:hs20-cui
-
-"test-user"	TTLS-PAP	"password"	[2]
-radius_accept_attr=1:s:real-user
diff --git a/tests/hwsim/auth_serv/eap_user_vlan.conf b/tests/hwsim/auth_serv/eap_user_vlan.conf
deleted file mode 100644
index f8ab168b1227..000000000000
--- a/tests/hwsim/auth_serv/eap_user_vlan.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-"vlan1"	PAX	0123456789abcdef0123456789abcdef
-radius_accept_attr=64:d:13
-radius_accept_attr=65:d:6
-radius_accept_attr=81:s:2
-
-"vlan1tagged"   PAX     0123456789abcdef0123456789abcdef
-radius_accept_attr=56:x:31000002
diff --git a/tests/hwsim/auth_serv/ec-ca-openssl.cnf b/tests/hwsim/auth_serv/ec-ca-openssl.cnf
deleted file mode 100644
index c249ad4c3e1d..000000000000
--- a/tests/hwsim/auth_serv/ec-ca-openssl.cnf
+++ /dev/null
@@ -1,111 +0,0 @@
-# OpenSSL configuration file for Suite B
-
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-oid_section		= new_oids
-
-[ new_oids ]
-
-[ ca ]
-default_ca	= CA_default
-
-[ CA_default ]
-
-dir		= ./ec-ca
-certs		= $dir/certs
-crl_dir		= $dir/crl
-database	= $dir/index.txt
-unique_subject	= no
-new_certs_dir	= $dir/newcerts
-certificate	= $dir/cacert.pem
-serial		= $dir/serial
-crlnumber	= $dir/crlnumber
-crl		= $dir/crl.pem
-private_key	= $dir/private/cakey.pem
-RANDFILE	= $dir/private/.rand
-
-x509_extensions	= ext_client
-
-name_opt 	= ca_default
-cert_opt 	= ca_default
-
-copy_extensions = copy
-
-default_days	= 3650
-default_crl_days= 30
-default_md	= default
-preserve	= no
-
-policy		= policy_match
-
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= optional
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-#emailAddress		= optional
-
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-#emailAddress		= optional
-
-[ req ]
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca
-
-string_mask = utf8only
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= FI
-countryName_min			= 2
-countryName_max			= 2
-
-localityName			= Locality Name (eg, city)
-localityName_default		= Helsinki
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= w1.fi
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-#@CN@
-commonName_max			= 64
-
-[ req_attributes ]
-
-[ v3_ca ]
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, cRLSign, keyCertSign
-
-[ crl_ext ]
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ ext_client ]
-
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-#@ALTNAME@
-extendedKeyUsage = clientAuth
-keyUsage = digitalSignature, keyEncipherment
-
-[ ext_server ]
-
-basicConstraints=critical, CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-#@ALTNAME@
-extendedKeyUsage = critical, serverAuth
-keyUsage = digitalSignature, keyEncipherment
diff --git a/tests/hwsim/auth_serv/ec-ca.key b/tests/hwsim/auth_serv/ec-ca.key
deleted file mode 100644
index 51898ecf0e08..000000000000
--- a/tests/hwsim/auth_serv/ec-ca.key
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIFOOw/NwKqjhaX2da7e7SYrgsMLmr6wX3c1SuR2AsxaUoAoGCCqGSM49
-AwEHoUQDQgAEcLjqwWO1Eg+FfjDonVsEpGN0vPuJV1lGd/mKkQHFYxDzLaJHNM8i
-QKH1dAT4M/8reNYF5rzkwC6V33R6T5Hqjg==
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec-ca.pem b/tests/hwsim/auth_serv/ec-ca.pem
deleted file mode 100644
index f2bb4bcad9da..000000000000
--- a/tests/hwsim/auth_serv/ec-ca.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICAjCCAaegAwIBAgIJAPdTJDJVY8FeMAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTI4LWJpdCBSb290IENBMB4XDTE2MDIwMTA5MjUyM1oXDTI2MDEy
-OTA5MjUyM1owUjELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4wDAYD
-VQQKDAV3MS5maTEgMB4GA1UEAwwXU3VpdGUgQiAxMjgtYml0IFJvb3QgQ0EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAARwuOrBY7USD4V+MOidWwSkY3S8+4lXWUZ3
-+YqRAcVjEPMtokc0zyJAofV0BPgz/yt41gXmvOTALpXfdHpPkeqOo2YwZDAdBgNV
-HQ4EFgQUcyrcCIxm5gVTsimSHN2Km8Amy/gwHwYDVR0jBBgwFoAUcyrcCIxm5gVT
-simSHN2Km8Amy/gwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYw
-CgYIKoZIzj0EAwIDSQAwRgIhAOHO2+N8tgUQKakQcLGR+kB3mKPmjyhu478xmrKg
-wQq9AiEAmnN7YQBgVBk/+zOri1rCCP8DJ3gE+BSUA3cyQGUvtAc=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ec-generate.sh b/tests/hwsim/auth_serv/ec-generate.sh
deleted file mode 100755
index c9fdabc6b438..000000000000
--- a/tests/hwsim/auth_serv/ec-generate.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/sh
-
-OPENSSL=openssl
-
-CURVE=prime256v1
-DIGEST="-sha256"
-DIGEST_CA="-md sha256"
-
-echo
-echo "---[ Root CA ]----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = Suite B 128-bit Root CA/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec-ca.key -name $CURVE -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -x509 -new -key ec-ca.key -out ec-ca.pem -outform PEM -days 3650 $DIGEST
-mkdir -p ec-ca/certs ec-ca/crl ec-ca/newcerts ec-ca/private
-touch ec-ca/index.txt
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Server ]-----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec-server.key -name $CURVE -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec-server.key -out ec-server.req -outform PEM $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec-ca.key -cert ec-ca.pem -create_serial -in ec-server.req -out ec-server.pem -extensions ext_server $DIGEST_CA
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User ]-------------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user@w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec-user.key -name $CURVE -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec-user.key -out ec-user.req -outform PEM -extensions ext_client $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec-ca.key -cert ec-ca.pem -create_serial -in ec-user.req -out ec-user.pem -extensions ext_client $DIGEST_CA
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Verify ]-----------------------------------------------------------"
-echo
-
-$OPENSSL verify -CAfile ec-ca.pem ec-server.pem
-$OPENSSL verify -CAfile ec-ca.pem ec-user.pem
diff --git a/tests/hwsim/auth_serv/ec-server.key b/tests/hwsim/auth_serv/ec-server.key
deleted file mode 100644
index bb28e91883dd..000000000000
--- a/tests/hwsim/auth_serv/ec-server.key
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIEoiI2GTM68G6vG2zpbM/a5j7e2yBCCWxaNe+nKPT47+oAoGCCqGSM49
-AwEHoUQDQgAEJu1Mahit1ZcoiSaYwew1ugckxpSGVvbrZUVf/IF13kiW+JBMcgrX
-oukSJOw2LVtLLJEf24YHRST8Dw7Kpzr+bQ==
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec-server.pem b/tests/hwsim/auth_serv/ec-server.pem
deleted file mode 100644
index e5d021c0a6c4..000000000000
--- a/tests/hwsim/auth_serv/ec-server.pem
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 11095559361558864825 (0x99fb5873d9f9e3b9)
-    Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 128-bit Root CA
-        Validity
-            Not Before: Feb  1 09:25:23 2016 GMT
-            Not After : Jan 29 09:25:23 2026 GMT
-        Subject: C=FI, O=w1.fi, CN=server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (256 bit)
-                pub: 
-                    04:26:ed:4c:6a:18:ad:d5:97:28:89:26:98:c1:ec:
-                    35:ba:07:24:c6:94:86:56:f6:eb:65:45:5f:fc:81:
-                    75:de:48:96:f8:90:4c:72:0a:d7:a2:e9:12:24:ec:
-                    36:2d:5b:4b:2c:91:1f:db:86:07:45:24:fc:0f:0e:
-                    ca:a7:3a:fe:6d
-                ASN1 OID: prime256v1
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                A4:A4:2C:68:89:C6:74:44:B4:BF:9A:BF:5F:D6:02:2C:DC:FE:4F:5A
-            X509v3 Authority Key Identifier: 
-                keyid:73:2A:DC:08:8C:66:E6:05:53:B2:29:92:1C:DD:8A:9B:C0:26:CB:F8
-
-            X509v3 Subject Alternative Name: critical
-                DNS:server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:20:25:ec:c6:e5:a2:66:e9:3a:f5:fa:b0:4a:dd:24:
-         89:fa:d0:e3:78:a6:2e:a5:da:39:8b:96:7a:ac:ae:17:1f:ef:
-         02:21:00:a8:2a:d1:f1:54:73:b9:8e:b9:8b:48:63:54:01:b3:
-         a3:cd:02:05:ba:d0:53:63:0b:d0:9c:f2:13:74:60:7a:a2
------BEGIN CERTIFICATE-----
-MIICEDCCAbagAwIBAgIJAJn7WHPZ+eO5MAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTI4LWJpdCBSb290IENBMB4XDTE2MDIwMTA5MjUyM1oXDTI2MDEy
-OTA5MjUyM1owNDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRUwEwYDVQQD
-DAxzZXJ2ZXIudzEuZmkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQm7UxqGK3V
-lyiJJpjB7DW6ByTGlIZW9utlRV/8gXXeSJb4kExyCtei6RIk7DYtW0sskR/bhgdF
-JPwPDsqnOv5to4GSMIGPMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKSkLGiJxnRE
-tL+av1/WAizc/k9aMB8GA1UdIwQYMBaAFHMq3AiMZuYFU7IpkhzdipvAJsv4MBoG
-A1UdEQEB/wQQMA6CDHNlcnZlci53MS5maTAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
-ATALBgNVHQ8EBAMCBaAwCgYIKoZIzj0EAwIDSAAwRQIgJezG5aJm6Tr1+rBK3SSJ
-+tDjeKYupdo5i5Z6rK4XH+8CIQCoKtHxVHO5jrmLSGNUAbOjzQIFutBTYwvQnPIT
-dGB6og==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ec-user.key b/tests/hwsim/auth_serv/ec-user.key
deleted file mode 100644
index dc6a7f030a84..000000000000
--- a/tests/hwsim/auth_serv/ec-user.key
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEINKa/lt6n2rVp/6cLl65e8GR0vY0WKDfpBGltnggadz3oAoGCCqGSM49
-AwEHoUQDQgAEDbAoh2fby/hkxmF9Hm8fyzBHCpaDzFuAyG+SYmTBqpccxTXXfSNJ
-eYQXMoPTm14BXWgiTf7U9/C3FHolI5oBNQ==
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec-user.pem b/tests/hwsim/auth_serv/ec-user.pem
deleted file mode 100644
index a4d682496969..000000000000
--- a/tests/hwsim/auth_serv/ec-user.pem
+++ /dev/null
@@ -1,52 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 11095559361558864826 (0x99fb5873d9f9e3ba)
-    Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 128-bit Root CA
-        Validity
-            Not Before: Feb  1 09:25:23 2016 GMT
-            Not After : Jan 29 09:25:23 2026 GMT
-        Subject: C=FI, O=w1.fi, CN=user
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (256 bit)
-                pub: 
-                    04:0d:b0:28:87:67:db:cb:f8:64:c6:61:7d:1e:6f:
-                    1f:cb:30:47:0a:96:83:cc:5b:80:c8:6f:92:62:64:
-                    c1:aa:97:1c:c5:35:d7:7d:23:49:79:84:17:32:83:
-                    d3:9b:5e:01:5d:68:22:4d:fe:d4:f7:f0:b7:14:7a:
-                    25:23:9a:01:35
-                ASN1 OID: prime256v1
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                0E:0F:F9:64:AC:F9:DB:7C:45:22:9A:DF:E0:DB:1E:25:9D:8F:4D:C3
-            X509v3 Authority Key Identifier: 
-                keyid:73:2A:DC:08:8C:66:E6:05:53:B2:29:92:1C:DD:8A:9B:C0:26:CB:F8
-
-            X509v3 Subject Alternative Name: 
-                email:user@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:12:a1:d9:30:43:fb:12:3d:67:72:a2:12:24:7c:
-         cb:1e:ce:f7:e6:fe:b6:79:b4:af:d8:85:72:49:2d:e9:de:01:
-         02:20:18:f3:6a:65:5d:c0:04:df:28:5a:44:b1:5f:75:25:eb:
-         a8:56:e9:5d:35:3c:9e:8d:63:cc:47:7f:22:a1:c0:27
------BEGIN CERTIFICATE-----
-MIIB/DCCAaOgAwIBAgIJAJn7WHPZ+eO6MAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTI4LWJpdCBSb290IENBMB4XDTE2MDIwMTA5MjUyM1oXDTI2MDEy
-OTA5MjUyM1owLDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMQ0wCwYDVQQD
-DAR1c2VyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDbAoh2fby/hkxmF9Hm8f
-yzBHCpaDzFuAyG+SYmTBqpccxTXXfSNJeYQXMoPTm14BXWgiTf7U9/C3FHolI5oB
-NaOBhzCBhDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQOD/lkrPnbfEUimt/g2x4lnY9N
-wzAfBgNVHSMEGDAWgBRzKtwIjGbmBVOyKZIc3YqbwCbL+DAVBgNVHREEDjAMgQp1
-c2VyQHcxLmZpMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIFoDAKBggq
-hkjOPQQDAgNHADBEAiASodkwQ/sSPWdyohIkfMsezvfm/rZ5tK/YhXJJLeneAQIg
-GPNqZV3ABN8oWkSxX3Ul66hW6V01PJ6NY8xHfyKhwCc=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ec2-ca.key b/tests/hwsim/auth_serv/ec2-ca.key
deleted file mode 100644
index 96a28fde0a15..000000000000
--- a/tests/hwsim/auth_serv/ec2-ca.key
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIg==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDA7pLB5W+c/cHKznKIRC3UH3qvF2gdij3svRR+zYaNf427Z/I0H4Xki
-HOFgPZ9ded2gBwYFK4EEACKhZANiAARWEuSpvRL6glbrbPMhDEcvHpQCirI4GtFD
-FYUEYIDqRObNZkeM4A9ygH3HUUmdm3SLHVxb+2nIVfPY3jyxwfOZGiL6ASomy1Ww
-GY0AAaXU61MCiJBny1VTsjR7Dw+VcRc=
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec2-ca.pem b/tests/hwsim/auth_serv/ec2-ca.pem
deleted file mode 100644
index b745ed33238a..000000000000
--- a/tests/hwsim/auth_serv/ec2-ca.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPjCCAcSgAwIBAgIJAIEUIb9N+rpkMAoGCCqGSM49BAMDMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTkyLWJpdCBSb290IENBMB4XDTE2MDIwMTA5MjYyNFoXDTI2MDEy
-OTA5MjYyNFowUjELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4wDAYD
-VQQKDAV3MS5maTEgMB4GA1UEAwwXU3VpdGUgQiAxOTItYml0IFJvb3QgQ0EwdjAQ
-BgcqhkjOPQIBBgUrgQQAIgNiAARWEuSpvRL6glbrbPMhDEcvHpQCirI4GtFDFYUE
-YIDqRObNZkeM4A9ygH3HUUmdm3SLHVxb+2nIVfPY3jyxwfOZGiL6ASomy1WwGY0A
-AaXU61MCiJBny1VTsjR7Dw+VcRejZjBkMB0GA1UdDgQWBBS4l8m+YxKr9qCMtl77
-l24QjtxI9TAfBgNVHSMEGDAWgBS4l8m+YxKr9qCMtl77l24QjtxI9TASBgNVHRMB
-Af8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjEA
-v+QeMLDKAY3+9dbdzPit9WCg7erYxa0LsV6ZTr4wIYwUIkybksD1Bwlq7Sw/lVpO
-AjBy4q3wJbj6unHQq9VsCKpHWiTi/WeKRo8X0djScKsN7R92A3vGgdhVEAXP0vTl
-Rn0=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ec2-generate.sh b/tests/hwsim/auth_serv/ec2-generate.sh
deleted file mode 100755
index b7287a90d922..000000000000
--- a/tests/hwsim/auth_serv/ec2-generate.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-
-OPENSSL=openssl
-
-CURVE=secp384r1
-DIGEST="-sha384"
-DIGEST_CA="-md sha384"
-
-echo
-echo "---[ Root CA ]----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = Suite B 192-bit Root CA/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec2-ca.key -name $CURVE -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -x509 -new -key ec2-ca.key -out ec2-ca.pem -outform PEM -days 3650 $DIGEST
-mkdir -p ec-ca/certs ec-ca/crl ec-ca/newcerts ec-ca/private
-touch ec-ca/index.txt
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Server ]-----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec2-server.key -name $CURVE -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec2-server.key -out ec2-server.req -outform PEM $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec2-ca.key -cert ec2-ca.pem -create_serial -in ec2-server.req -out ec2-server.pem -extensions ext_server $DIGEST_CA
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User ]-------------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user@w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec2-user.key -name $CURVE -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec2-user.key -out ec2-user.req -outform PEM -extensions ext_client $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec2-ca.key -cert ec2-ca.pem -create_serial -in ec2-user.req -out ec2-user.pem -extensions ext_client $DIGEST_CA
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User p256 ]--------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user-p256/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user-p256@w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL ecparam -out ec2-user-p256.key -name prime256v1 -genkey
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec2-user-p256.key -out ec2-user-p256.req -outform PEM -extensions ext_client -sha256
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec2-ca.key -cert ec2-ca.pem -create_serial -in ec2-user-p256.req -out ec2-user-p256.pem -extensions ext_client -md sha256
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Verify ]-----------------------------------------------------------"
-echo
-
-$OPENSSL verify -CAfile ec2-ca.pem ec2-server.pem
-$OPENSSL verify -CAfile ec2-ca.pem ec2-user.pem
-$OPENSSL verify -CAfile ec2-ca.pem ec2-user-p256.pem
diff --git a/tests/hwsim/auth_serv/ec2-server.key b/tests/hwsim/auth_serv/ec2-server.key
deleted file mode 100644
index e59a9be11e43..000000000000
--- a/tests/hwsim/auth_serv/ec2-server.key
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIg==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDAgwG8tK5eYT4AX09cjhztI1oSnO7iEVf8n6UdbY41gmuU+ce+HPfpt
-mRFxdKSU29CgBwYFK4EEACKhZANiAAS4CCNfatEOzJswkLMlEn+bPMUEYQEYQwad
-uiJ3hJHkHxKnjjamvn+OCHxZwX0I2ci19y+cxgCIAKHRI2C/iijvr12ZcOkVEysf
-PODhGzHDloYyEfLcPSJ9hTk1ZIvyRSU=
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec2-server.pem b/tests/hwsim/auth_serv/ec2-server.pem
deleted file mode 100644
index f30e09fcba35..000000000000
--- a/tests/hwsim/auth_serv/ec2-server.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 11652367451091730033 (0xa1b58675baa57e71)
-    Signature Algorithm: ecdsa-with-SHA384
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 192-bit Root CA
-        Validity
-            Not Before: Feb  1 09:26:24 2016 GMT
-            Not After : Jan 29 09:26:24 2026 GMT
-        Subject: C=FI, O=w1.fi, CN=server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub: 
-                    04:b8:08:23:5f:6a:d1:0e:cc:9b:30:90:b3:25:12:
-                    7f:9b:3c:c5:04:61:01:18:43:06:9d:ba:22:77:84:
-                    91:e4:1f:12:a7:8e:36:a6:be:7f:8e:08:7c:59:c1:
-                    7d:08:d9:c8:b5:f7:2f:9c:c6:00:88:00:a1:d1:23:
-                    60:bf:8a:28:ef:af:5d:99:70:e9:15:13:2b:1f:3c:
-                    e0:e1:1b:31:c3:96:86:32:11:f2:dc:3d:22:7d:85:
-                    39:35:64:8b:f2:45:25
-                ASN1 OID: secp384r1
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                EA:4A:EB:D2:AD:05:FC:FD:5F:A0:CA:8A:53:3B:4D:ED:F5:6B:EF:75
-            X509v3 Authority Key Identifier: 
-                keyid:B8:97:C9:BE:63:12:AB:F6:A0:8C:B6:5E:FB:97:6E:10:8E:DC:48:F5
-
-            X509v3 Subject Alternative Name: critical
-                DNS:server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: ecdsa-with-SHA384
-         30:65:02:30:1f:26:d2:79:e7:54:59:1a:b8:3b:92:26:05:1d:
-         f7:57:43:9d:8e:01:3d:57:ca:54:e1:9b:2e:ec:3a:32:a0:0d:
-         8b:7c:70:c2:27:d2:31:8b:39:5c:64:6d:81:dd:14:56:02:31:
-         00:f1:ac:58:25:9a:9e:cd:1c:fa:76:9d:da:1a:6b:28:b5:43:
-         15:4e:c7:aa:4d:26:4d:44:26:23:86:a8:5f:6e:f5:42:6d:26:
-         37:99:1d:70:b9:8e:96:4d:69:99:a9:6f:c6
------BEGIN CERTIFICATE-----
-MIICTTCCAdOgAwIBAgIJAKG1hnW6pX5xMAoGCCqGSM49BAMDMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTkyLWJpdCBSb290IENBMB4XDTE2MDIwMTA5MjYyNFoXDTI2MDEy
-OTA5MjYyNFowNDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRUwEwYDVQQD
-DAxzZXJ2ZXIudzEuZmkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS4CCNfatEOzJsw
-kLMlEn+bPMUEYQEYQwaduiJ3hJHkHxKnjjamvn+OCHxZwX0I2ci19y+cxgCIAKHR
-I2C/iijvr12ZcOkVEysfPODhGzHDloYyEfLcPSJ9hTk1ZIvyRSWjgZIwgY8wDAYD
-VR0TAQH/BAIwADAdBgNVHQ4EFgQU6krr0q0F/P1foMqKUztN7fVr73UwHwYDVR0j
-BBgwFoAUuJfJvmMSq/agjLZe+5duEI7cSPUwGgYDVR0RAQH/BBAwDoIMc2VydmVy
-LncxLmZpMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAKBggq
-hkjOPQQDAwNoADBlAjAfJtJ551RZGrg7kiYFHfdXQ52OAT1XylThmy7sOjKgDYt8
-cMIn0jGLOVxkbYHdFFYCMQDxrFglmp7NHPp2ndoaayi1QxVOx6pNJk1EJiOGqF9u
-9UJtJjeZHXC5jpZNaZmpb8Y=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ec2-user-p256.key b/tests/hwsim/auth_serv/ec2-user-p256.key
deleted file mode 100644
index 08aae75dd247..000000000000
--- a/tests/hwsim/auth_serv/ec2-user-p256.key
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIPrr8f6NDa+p9BbWuyoFWfshi7pBwZVSltEoE3JoKMfEoAoGCCqGSM49
-AwEHoUQDQgAEt4F55Q020CgCdvgNzw3I+K/eZiDJIODExC0Qti5YJWD/Ah5KG3lh
-qmRWRLRLn+giBMgUEJeWDjWcHdzWBYhwEQ==
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec2-user-p256.pem b/tests/hwsim/auth_serv/ec2-user-p256.pem
deleted file mode 100644
index 7deb9c1b1160..000000000000
--- a/tests/hwsim/auth_serv/ec2-user-p256.pem
+++ /dev/null
@@ -1,56 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 12897810923590592256 (0xb2fe3ab310c52700)
-    Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 192-bit Root CA
-        Validity
-            Not Before: Jan 12 18:16:42 2018 GMT
-            Not After : Jan 10 18:16:42 2028 GMT
-        Subject: C=FI, O=w1.fi, CN=user-p256
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (256 bit)
-                pub: 
-                    04:b7:81:79:e5:0d:36:d0:28:02:76:f8:0d:cf:0d:
-                    c8:f8:af:de:66:20:c9:20:e0:c4:c4:2d:10:b6:2e:
-                    58:25:60:ff:02:1e:4a:1b:79:61:aa:64:56:44:b4:
-                    4b:9f:e8:22:04:c8:14:10:97:96:0e:35:9c:1d:dc:
-                    d6:05:88:70:11
-                ASN1 OID: prime256v1
-                NIST CURVE: P-256
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                EC:7E:B2:10:44:3E:D2:A1:98:E4:1E:8F:7E:32:49:2E:B2:59:3C:92
-            X509v3 Authority Key Identifier: 
-                keyid:B8:97:C9:BE:63:12:AB:F6:A0:8C:B6:5E:FB:97:6E:10:8E:DC:48:F5
-
-            X509v3 Subject Alternative Name: 
-                email:user-p256@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: ecdsa-with-SHA256
-         30:65:02:31:00:c9:1e:c8:25:d5:69:1c:24:4f:09:b6:45:31:
-         c2:46:a0:44:84:ae:b1:e3:bb:34:19:f6:04:63:61:cf:37:7a:
-         9b:a1:72:99:9d:86:36:26:35:a1:99:0a:3a:7c:06:26:3e:02:
-         30:70:e8:c3:20:0a:c5:4f:f6:95:6c:0a:b1:7a:1b:5d:b0:d2:
-         c6:10:4d:2f:44:31:c7:1a:db:6c:25:07:4b:2d:94:0e:c9:b4:
-         b1:c8:8c:cb:ea:67:8f:37:20:f6:cc:64:fe
------BEGIN CERTIFICATE-----
-MIICJzCCAa2gAwIBAgIJALL+OrMQxScAMAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTkyLWJpdCBSb290IENBMB4XDTE4MDExMjE4MTY0MloXDTI4MDEx
-MDE4MTY0MlowMTELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRIwEAYDVQQD
-DAl1c2VyLXAyNTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3gXnlDTbQKAJ2
-+A3PDcj4r95mIMkg4MTELRC2LlglYP8CHkobeWGqZFZEtEuf6CIEyBQQl5YONZwd
-3NYFiHARo4GMMIGJMAkGA1UdEwQCMAAwHQYDVR0OBBYEFOx+shBEPtKhmOQej34y
-SS6yWTySMB8GA1UdIwQYMBaAFLiXyb5jEqv2oIy2XvuXbhCO3Ej1MBoGA1UdEQQT
-MBGBD3VzZXItcDI1NkB3MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
-BAMCBaAwCgYIKoZIzj0EAwIDaAAwZQIxAMkeyCXVaRwkTwm2RTHCRqBEhK6x47s0
-GfYEY2HPN3qboXKZnYY2JjWhmQo6fAYmPgIwcOjDIArFT/aVbAqxehtdsNLGEE0v
-RDHHGttsJQdLLZQOybSxyIzL6mePNyD2zGT+
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ec2-user.key b/tests/hwsim/auth_serv/ec2-user.key
deleted file mode 100644
index 035e25cde23e..000000000000
--- a/tests/hwsim/auth_serv/ec2-user.key
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIg==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCkY69v8ff6oUI3wxJYeJdT500cYU9SE7LOLByjFyW5kKh0wfNI+PTj
-QCboPDTNgy6gBwYFK4EEACKhZANiAATuB6iYrTnzUXstmwJhnMBpU3SB6Hwa92ne
-S3VaDG2HGjdfBCV5JUHXt4o4JTtknjum/cKR/99xQ6pvBemWQjEcyeAyK18zIQrP
-Kce5MCGEcJ8c5GwKVwVYlBPzr85IcBg=
------END EC PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ec2-user.pem b/tests/hwsim/auth_serv/ec2-user.pem
deleted file mode 100644
index 03253b79f746..000000000000
--- a/tests/hwsim/auth_serv/ec2-user.pem
+++ /dev/null
@@ -1,57 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 11652367451091730034 (0xa1b58675baa57e72)
-    Signature Algorithm: ecdsa-with-SHA384
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 192-bit Root CA
-        Validity
-            Not Before: Feb  1 09:26:24 2016 GMT
-            Not After : Jan 29 09:26:24 2026 GMT
-        Subject: C=FI, O=w1.fi, CN=user
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub: 
-                    04:ee:07:a8:98:ad:39:f3:51:7b:2d:9b:02:61:9c:
-                    c0:69:53:74:81:e8:7c:1a:f7:69:de:4b:75:5a:0c:
-                    6d:87:1a:37:5f:04:25:79:25:41:d7:b7:8a:38:25:
-                    3b:64:9e:3b:a6:fd:c2:91:ff:df:71:43:aa:6f:05:
-                    e9:96:42:31:1c:c9:e0:32:2b:5f:33:21:0a:cf:29:
-                    c7:b9:30:21:84:70:9f:1c:e4:6c:0a:57:05:58:94:
-                    13:f3:af:ce:48:70:18
-                ASN1 OID: secp384r1
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                63:19:63:3E:D9:CB:7F:DC:C9:E0:DD:4D:75:A4:34:63:18:16:C3:EF
-            X509v3 Authority Key Identifier: 
-                keyid:B8:97:C9:BE:63:12:AB:F6:A0:8C:B6:5E:FB:97:6E:10:8E:DC:48:F5
-
-            X509v3 Subject Alternative Name: 
-                email:user@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: ecdsa-with-SHA384
-         30:66:02:31:00:91:55:b8:e4:26:b6:19:10:b3:f5:47:fb:a0:
-         dc:6a:a1:1b:c6:53:28:be:bd:9e:94:48:34:45:cc:87:41:64:
-         14:2d:d0:bb:dd:75:0a:c3:47:3a:05:7f:35:5c:1c:be:51:02:
-         31:00:ce:4e:8d:cb:05:73:0d:f5:03:74:c5:b1:11:14:a8:0b:
-         e7:d8:26:36:bc:3b:90:60:5a:0e:bf:06:df:27:a3:59:79:52:
-         7b:8e:7c:06:57:70:46:4c:dd:6f:dc:13:95:94
------BEGIN CERTIFICATE-----
-MIICOzCCAcCgAwIBAgIJAKG1hnW6pX5yMAoGCCqGSM49BAMDMFIxCzAJBgNVBAYT
-AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
-F1N1aXRlIEIgMTkyLWJpdCBSb290IENBMB4XDTE2MDIwMTA5MjYyNFoXDTI2MDEy
-OTA5MjYyNFowLDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMQ0wCwYDVQQD
-DAR1c2VyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7geomK0581F7LZsCYZzAaVN0
-geh8Gvdp3kt1Wgxthxo3XwQleSVB17eKOCU7ZJ47pv3Ckf/fcUOqbwXplkIxHMng
-MitfMyEKzynHuTAhhHCfHORsClcFWJQT86/OSHAYo4GHMIGEMAkGA1UdEwQCMAAw
-HQYDVR0OBBYEFGMZYz7Zy3/cyeDdTXWkNGMYFsPvMB8GA1UdIwQYMBaAFLiXyb5j
-Eqv2oIy2XvuXbhCO3Ej1MBUGA1UdEQQOMAyBCnVzZXJAdzEuZmkwEwYDVR0lBAww
-CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMAoGCCqGSM49BAMDA2kAMGYCMQCRVbjk
-JrYZELP1R/ug3GqhG8ZTKL69npRINEXMh0FkFC3Qu911CsNHOgV/NVwcvlECMQDO
-To3LBXMN9QN0xbERFKgL59gmNrw7kGBaDr8G3yejWXlSe458BldwRkzdb9wTlZQ=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/hlr_auc_gw.gsm b/tests/hwsim/auth_serv/hlr_auc_gw.gsm
deleted file mode 100644
index b67aeca3df29..000000000000
--- a/tests/hwsim/auth_serv/hlr_auc_gw.gsm
+++ /dev/null
@@ -1,17 +0,0 @@
-# Test triplets generated with GSM-Milenage using
-# Ki = 90dca4eda45b53cf0f12d7c9c3bc6a89
-# OPc = cb9cccc4b9258e6dca4760379fb82581
-
-# GSM authentication triplet file for EAP-SIM authenticator
-# IMSI:Kc:SRES:RAND
-# IMSI: ASCII string (numbers)
-# Kc: hex, 8 octets
-# SRES: hex, 4 octets
-# RAND: hex, 16 octets
-
-232010000000001:79747302dd684291:fbe55c44:d29b2f51f1fd20304ad0c447b4dcdc37
-232010000000001:2f2eaa1d83e43813:6e2e3ea3:e19a8e96255b88e8a8be104637d165b2
-232010000000001:b7c935bfb51f2c5a:257581f5:8079c338eb4195d0fe2d46b357979054
-232010000000001:bc93df6af0412a69:dae1faa0:a48b8e2a59b8bed468ea3d57ef9ee118
-232010000000001:626db3b0e9e321c3:a3e33208:38e7e65d0c0ef82185d1697410f2b31a
-232010000000001:df3cab53d00c622e:0b785f5d:d8a4a9efe1689d232468f316d2a84270
diff --git a/tests/hwsim/auth_serv/hlr_auc_gw.milenage_db b/tests/hwsim/auth_serv/hlr_auc_gw.milenage_db
deleted file mode 100644
index fefe5145ff0b..000000000000
--- a/tests/hwsim/auth_serv/hlr_auc_gw.milenage_db
+++ /dev/null
@@ -1,16 +0,0 @@
-# Parameters for Milenage (Example algorithms for AKA).
-# The example Ki, OPc, and AMF values here are from 3GPP TS 35.208 v6.0.0
-# 4.3.20 Test Set 20. SQN is the last used SQN value.
-# These values can be used for both UMTS (EAP-AKA) and GSM (EAP-SIM)
-# authentication. In case of GSM/EAP-SIM, AMF and SQN values are not used, but
-# stub values will need to be included in this file.
-
-# IMSI Ki OPc AMF SQN
-232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000
-
-# Modified version of the previous to allow testing with replaced SIM.
-232010000000009 a0dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000
-
-# These values are from Test Set 19 which has the AMF separation bit set to 1
-# and as such, is suitable for EAP-AKA' test.
-555444333222111 5122250214c33e723a5dd523fc145fc0 981d464c7c52eb6e5036234984ad0bcf c3ab 16f3b3f70fc1
diff --git a/tests/hwsim/auth_serv/iCA-server/ca-and-root.pem b/tests/hwsim/auth_serv/iCA-server/ca-and-root.pem
deleted file mode 100644
index 2f10391d0d1c..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/ca-and-root.pem
+++ /dev/null
@@ -1,160 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f7
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a2:b0:de:7f:e6:17:69:4b:bb:8d:dc:4f:8b:95:
-                    33:5e:13:ee:a1:01:f5:82:de:6e:fc:83:db:e7:22:
-                    5f:b9:8d:2b:de:10:72:4e:da:81:c1:f7:f3:eb:0e:
-                    db:5b:5f:90:92:bb:41:68:55:4f:84:d9:73:5b:0c:
-                    6d:40:e6:c5:0f:5d:5c:5e:80:1e:64:87:5a:99:44:
-                    8b:3d:61:20:f0:15:cc:87:95:5b:a0:46:0f:bc:5c:
-                    14:ee:ac:4f:c8:7c:d2:c0:ef:60:94:22:b6:74:05:
-                    4f:ca:97:01:0a:30:b4:50:44:89:d0:c2:6b:e5:7f:
-                    ce:66:22:1a:d6:38:7c:ff:42:42:ca:58:a0:38:85:
-                    ca:f1:b1:1f:33:27:db:bf:5c:49:96:36:7a:11:2f:
-                    62:d7:eb:7e:9f:9b:9c:0e:2b:df:cd:59:bc:ee:e8:
-                    6a:e3:7d:fa:06:ba:34:42:b5:7d:e7:be:e1:7b:85:
-                    af:1b:25:a9:45:33:06:cb:cc:0d:ca:78:5c:56:52:
-                    ac:43:7e:f6:0c:e7:fb:86:b4:ac:d7:f4:b2:54:ee:
-                    65:7a:5c:32:6b:33:a0:68:1b:d8:ea:c8:74:94:08:
-                    00:7f:9b:f0:da:80:0f:f2:45:13:11:63:4c:e6:d2:
-                    97:d3:ae:12:b0:7c:e8:f0:56:c0:7b:7c:82:99:6d:
-                    3b:5d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         86:74:75:b2:bb:b0:85:25:48:38:e1:34:54:d5:d4:3a:9f:0e:
-         b1:96:fd:cc:ea:15:21:72:da:9e:ef:e2:fa:ae:29:74:dc:83:
-         36:87:88:7d:75:51:9a:c5:6e:a8:80:77:3f:5c:ed:9e:ac:57:
-         17:ed:ab:64:4f:15:8b:47:90:0a:17:2a:7e:49:a9:01:a1:41:
-         66:d4:fe:be:18:70:d6:23:f7:0b:0a:53:d7:75:a8:7f:0a:52:
-         1c:1d:8c:63:6f:82:ed:ed:fd:e2:fe:86:ef:0a:4c:f8:d7:93:
-         56:9a:a3:dd:74:02:8c:b3:31:83:c1:8a:66:c6:c0:1d:dc:00:
-         5c:57:f4:31:31:8b:d4:84:d8:da:6d:d6:f6:e4:10:7e:bb:f2:
-         41:95:dd:a6:0c:37:c7:22:80:e6:36:3e:34:c6:1c:73:ab:42:
-         90:6e:f8:db:e8:b6:c0:b2:f5:17:d2:6f:d3:8c:fb:14:25:8e:
-         72:81:45:76:86:f7:d1:d9:3d:ff:b1:a2:10:6f:c0:24:e7:70:
-         3f:2d:cf:32:ee:06:70:d5:1b:04:84:6d:48:69:26:1e:98:5a:
-         ed:e3:61:f5:29:45:88:25:cf:7f:c4:fb:f3:87:a7:11:95:9e:
-         cf:a8:aa:88:db:12:32:66:66:c4:1d:12:b1:62:1d:fa:28:f4:
-         97:ac:df:2e
------BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIJANjT46bL48z3MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMD4xCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVy
-bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/m
-F2lLu43cT4uVM14T7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhV
-T4TZc1sMbUDmxQ9dXF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQi
-tnQFT8qXAQowtFBEidDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEv
-Ytfrfp+bnA4r381ZvO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+
-9gzn+4a0rNf0slTuZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB8
-6PBWwHt8gpltO10CAwEAAaNmMGQwHQYDVR0OBBYEFOvcjTh1EC/mgo7+Q+yffmMi
-vVFVMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMBIGA1UdEwEB/wQI
-MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGdHWy
-u7CFJUg44TRU1dQ6nw6xlv3M6hUhctqe7+L6ril03IM2h4h9dVGaxW6ogHc/XO2e
-rFcX7atkTxWLR5AKFyp+SakBoUFm1P6+GHDWI/cLClPXdah/ClIcHYxjb4Lt7f3i
-/obvCkz415NWmqPddAKMszGDwYpmxsAd3ABcV/QxMYvUhNjabdb25BB+u/JBld2m
-DDfHIoDmNj40xhxzq0KQbvjb6LbAsvUX0m/TjPsUJY5ygUV2hvfR2T3/saIQb8Ak
-53A/Lc8y7gZw1RsEhG1IaSYemFrt42H1KUWIJc9/xPvzh6cRlZ7PqKqI2xIyZmbE
-HRKxYh36KPSXrN8u
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            42:97:6c:30:8e:79:fc:7b:6a:e3:ef:9d:18:a4:74:9d:8b:5f:57:53
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Validity
-            Not Before: May  2 19:49:48 2020 GMT
-            Not After : Apr 30 19:49:48 2030 GMT
-        Subject: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:bc:f4:ee:44:62:7f:62:4f:a1:81:46:ba:c4:aa:
-                    1e:fd:4e:d0:ed:f1:47:cb:25:5b:66:7a:86:39:91:
-                    ca:b5:61:a7:7e:2f:3c:63:7d:39:b8:1a:9e:cb:6d:
-                    32:32:91:de:49:49:84:da:15:be:2b:dd:c6:bc:1f:
-                    dc:6e:c0:2d:77:f2:d0:7b:2c:40:19:07:60:55:b0:
-                    ff:7c:51:ef:38:d1:f0:2a:da:a8:cc:ea:d6:54:a4:
-                    ef:be:17:44:1a:9e:33:70:57:a4:f3:06:ac:3d:ee:
-                    4b:2d:e5:46:25:2d:33:09:f6:49:a8:02:31:a4:65:
-                    9b:32:0a:67:f5:02:e1:3b:47:a6:ae:e4:f6:85:eb:
-                    5d:3e:02:66:dd:11:98:ac:34:72:c2:8f:25:55:4a:
-                    6a:ea:e8:82:2f:bd:7f:78:31:a4:5a:d7:32:bb:64:
-                    48:46:23:ef:c8:c9:e2:84:00:56:72:e8:4b:54:95:
-                    62:3a:5a:11:79:ee:40:43:9e:16:2c:cc:e6:45:f4:
-                    bb:82:28:c2:83:35:2c:55:36:99:59:11:b1:15:d0:
-                    03:c1:a5:37:e1:1f:bb:43:c7:b4:b9:33:de:14:d7:
-                    7c:99:45:0f:c1:06:fe:b6:25:10:59:b7:72:76:7f:
-                    91:4b:ea:d1:b9:6a:6a:ed:dd:1b:a9:0e:a7:29:48:
-                    b7:4d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         41:f9:c3:a3:77:11:92:55:e7:4b:4a:32:6a:31:d9:51:cf:06:
-         a5:39:ea:30:98:b8:8d:4f:24:c5:34:fd:c6:98:10:59:32:7e:
-         57:f5:8f:ba:67:c9:fc:44:68:b3:7c:f1:af:3a:5f:0d:8f:a1:
-         fe:41:21:0e:e9:08:a3:63:49:66:34:4a:cd:ce:66:74:47:30:
-         f7:dc:82:99:21:56:82:ff:2d:12:90:7d:7a:64:22:a0:ed:fa:
-         62:d9:5a:d3:97:96:0c:04:a7:47:88:da:53:b6:33:15:15:f9:
-         da:ee:ac:25:e9:07:02:89:bc:73:a2:c6:27:6f:1f:bd:73:b8:
-         8e:f7:94:54:57:a7:8b:5b:9a:24:aa:86:d4:04:5c:8c:cb:28:
-         a2:45:f9:34:f0:01:20:bb:06:e8:41:14:d2:d7:ca:e8:bf:4e:
-         16:72:22:a0:0c:86:ca:73:23:09:ae:71:f1:52:0c:db:b2:8a:
-         4d:94:a5:fa:15:81:5b:a2:95:62:50:a1:d6:64:fe:4c:0c:60:
-         8d:9b:0f:b8:41:ac:cb:31:c2:17:6c:7b:61:13:16:9a:db:64:
-         fc:5f:47:84:3d:d2:2e:db:0b:9e:b6:1e:85:04:c1:e5:c0:b2:
-         6d:8f:f2:99:00:3a:1a:ab:02:cf:45:7a:26:c1:b0:1f:c6:b0:
-         d0:4d:f7:52
------BEGIN CERTIFICATE-----
-MIIDYDCCAkigAwIBAgIUQpdsMI55/Htq4++dGKR0nYtfV1MwDQYJKoZIhvcNAQEL
-BQAwQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoMBXcx
-LmZpMRAwDgYDVQQDDAdSb290IENBMB4XDTIwMDUwMjE5NDk0OFoXDTMwMDQzMDE5
-NDk0OFowQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoM
-BXcxLmZpMRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAvPTuRGJ/Yk+hgUa6xKoe/U7Q7fFHyyVbZnqGOZHKtWGnfi88Y305
-uBqey20yMpHeSUmE2hW+K93GvB/cbsAtd/LQeyxAGQdgVbD/fFHvONHwKtqozOrW
-VKTvvhdEGp4zcFek8wasPe5LLeVGJS0zCfZJqAIxpGWbMgpn9QLhO0emruT2hetd
-PgJm3RGYrDRywo8lVUpq6uiCL71/eDGkWtcyu2RIRiPvyMnihABWcuhLVJViOloR
-ee5AQ54WLMzmRfS7gijCgzUsVTaZWRGxFdADwaU34R+7Q8e0uTPeFNd8mUUPwQb+
-tiUQWbdydn+RS+rRuWpq7d0bqQ6nKUi3TQIDAQABo1AwTjAdBgNVHQ4EFgQUpP25
-ORuBs6rriB3Ugam1EXDMp+EwHwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDM
-p+EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQfnDo3cRklXnS0oy
-ajHZUc8GpTnqMJi4jU8kxTT9xpgQWTJ+V/WPumfJ/ERos3zxrzpfDY+h/kEhDukI
-o2NJZjRKzc5mdEcw99yCmSFWgv8tEpB9emQioO36Ytla05eWDASnR4jaU7YzFRX5
-2u6sJekHAom8c6LGJ28fvXO4jveUVFeni1uaJKqG1ARcjMsookX5NPABILsG6EEU
-0tfK6L9OFnIioAyGynMjCa5x8VIM27KKTZSl+hWBW6KVYlCh1mT+TAxgjZsPuEGs
-yzHCF2x7YRMWmttk/F9HhD3SLtsLnrYehQTB5cCybY/ymQA6GqsCz0V6JsGwH8aw
-0E33Ug==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-server/cacert.pem b/tests/hwsim/auth_serv/iCA-server/cacert.pem
deleted file mode 100644
index 1ea16ecde90c..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/cacert.pem
+++ /dev/null
@@ -1,81 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f7
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a2:b0:de:7f:e6:17:69:4b:bb:8d:dc:4f:8b:95:
-                    33:5e:13:ee:a1:01:f5:82:de:6e:fc:83:db:e7:22:
-                    5f:b9:8d:2b:de:10:72:4e:da:81:c1:f7:f3:eb:0e:
-                    db:5b:5f:90:92:bb:41:68:55:4f:84:d9:73:5b:0c:
-                    6d:40:e6:c5:0f:5d:5c:5e:80:1e:64:87:5a:99:44:
-                    8b:3d:61:20:f0:15:cc:87:95:5b:a0:46:0f:bc:5c:
-                    14:ee:ac:4f:c8:7c:d2:c0:ef:60:94:22:b6:74:05:
-                    4f:ca:97:01:0a:30:b4:50:44:89:d0:c2:6b:e5:7f:
-                    ce:66:22:1a:d6:38:7c:ff:42:42:ca:58:a0:38:85:
-                    ca:f1:b1:1f:33:27:db:bf:5c:49:96:36:7a:11:2f:
-                    62:d7:eb:7e:9f:9b:9c:0e:2b:df:cd:59:bc:ee:e8:
-                    6a:e3:7d:fa:06:ba:34:42:b5:7d:e7:be:e1:7b:85:
-                    af:1b:25:a9:45:33:06:cb:cc:0d:ca:78:5c:56:52:
-                    ac:43:7e:f6:0c:e7:fb:86:b4:ac:d7:f4:b2:54:ee:
-                    65:7a:5c:32:6b:33:a0:68:1b:d8:ea:c8:74:94:08:
-                    00:7f:9b:f0:da:80:0f:f2:45:13:11:63:4c:e6:d2:
-                    97:d3:ae:12:b0:7c:e8:f0:56:c0:7b:7c:82:99:6d:
-                    3b:5d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         86:74:75:b2:bb:b0:85:25:48:38:e1:34:54:d5:d4:3a:9f:0e:
-         b1:96:fd:cc:ea:15:21:72:da:9e:ef:e2:fa:ae:29:74:dc:83:
-         36:87:88:7d:75:51:9a:c5:6e:a8:80:77:3f:5c:ed:9e:ac:57:
-         17:ed:ab:64:4f:15:8b:47:90:0a:17:2a:7e:49:a9:01:a1:41:
-         66:d4:fe:be:18:70:d6:23:f7:0b:0a:53:d7:75:a8:7f:0a:52:
-         1c:1d:8c:63:6f:82:ed:ed:fd:e2:fe:86:ef:0a:4c:f8:d7:93:
-         56:9a:a3:dd:74:02:8c:b3:31:83:c1:8a:66:c6:c0:1d:dc:00:
-         5c:57:f4:31:31:8b:d4:84:d8:da:6d:d6:f6:e4:10:7e:bb:f2:
-         41:95:dd:a6:0c:37:c7:22:80:e6:36:3e:34:c6:1c:73:ab:42:
-         90:6e:f8:db:e8:b6:c0:b2:f5:17:d2:6f:d3:8c:fb:14:25:8e:
-         72:81:45:76:86:f7:d1:d9:3d:ff:b1:a2:10:6f:c0:24:e7:70:
-         3f:2d:cf:32:ee:06:70:d5:1b:04:84:6d:48:69:26:1e:98:5a:
-         ed:e3:61:f5:29:45:88:25:cf:7f:c4:fb:f3:87:a7:11:95:9e:
-         cf:a8:aa:88:db:12:32:66:66:c4:1d:12:b1:62:1d:fa:28:f4:
-         97:ac:df:2e
------BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIJANjT46bL48z3MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMD4xCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVy
-bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/m
-F2lLu43cT4uVM14T7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhV
-T4TZc1sMbUDmxQ9dXF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQi
-tnQFT8qXAQowtFBEidDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEv
-Ytfrfp+bnA4r381ZvO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+
-9gzn+4a0rNf0slTuZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB8
-6PBWwHt8gpltO10CAwEAAaNmMGQwHQYDVR0OBBYEFOvcjTh1EC/mgo7+Q+yffmMi
-vVFVMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMBIGA1UdEwEB/wQI
-MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGdHWy
-u7CFJUg44TRU1dQ6nw6xlv3M6hUhctqe7+L6ril03IM2h4h9dVGaxW6ogHc/XO2e
-rFcX7atkTxWLR5AKFyp+SakBoUFm1P6+GHDWI/cLClPXdah/ClIcHYxjb4Lt7f3i
-/obvCkz415NWmqPddAKMszGDwYpmxsAd3ABcV/QxMYvUhNjabdb25BB+u/JBld2m
-DDfHIoDmNj40xhxzq0KQbvjb6LbAsvUX0m/TjPsUJY5ygUV2hvfR2T3/saIQb8Ak
-53A/Lc8y7gZw1RsEhG1IaSYemFrt42H1KUWIJc9/xPvzh6cRlZ7PqKqI2xIyZmbE
-HRKxYh36KPSXrN8u
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-server/careq.pem b/tests/hwsim/auth_serv/iCA-server/careq.pem
deleted file mode 100644
index 31445908bed8..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/careq.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICljCCAX4CAQAwUTELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVkaWF0ZSBDQTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/mF2lLu43cT4uVM14T
-7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhVT4TZc1sMbUDmxQ9d
-XF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQitnQFT8qXAQowtFBE
-idDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEvYtfrfp+bnA4r381Z
-vO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+9gzn+4a0rNf0slTu
-ZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB86PBWwHt8gpltO10C
-AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA+ruQc1HRbWOLQh+vOzw4e8WMPZ3nr
-9qTDKjtpQKQUiNy7ZtCvi3kTtYVQcmyXWFf+Fq7NCHfH6GUgXfH/cCsOW0gdsPmH
-YuAfZam1njO3+qZqacCpxaVmn3XExC01oIFLf0CtepXrMDh23MoPtZt7kh7bwomG
-vrUtAecjLuZIIVzD2OkOIFZCEi4Dce85+CrDw7Es59xj1WySvHMWgU5prOf5Wp//
-7yS26YYjHcaJ3ePO/mFnB3XH4rrQwczNAHx6W4NE0IPvbE9FRN7fIQGPCN40XsPc
-XCR12oNtPBWpHExHsqCk6d6B3omfLUJe8eJiY1hPKiDI2ATdBoX5Ogbs
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/iCA-server/index.txt b/tests/hwsim/auth_serv/iCA-server/index.txt
deleted file mode 100644
index fe7d248642f0..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/index.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-V	300501152010Z		5C9DE4A6D17A49C88375E75768F77216B2AEB782	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
-R	300501152010Z	200503152010Z	5C9DE4A6D17A49C88375E75768F77216B2AEB783	unknown	/C=FI/O=w1.fi/CN=server-revoked.w1.fi
diff --git a/tests/hwsim/auth_serv/iCA-server/index.txt.attr b/tests/hwsim/auth_serv/iCA-server/index.txt.attr
deleted file mode 100644
index 3a7e39e6ee60..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = no
diff --git a/tests/hwsim/auth_serv/iCA-server/private/cakey.pem b/tests/hwsim/auth_serv/iCA-server/private/cakey.pem
deleted file mode 100644
index 67bad6718007..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/private/cakey.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCisN5/5hdpS7uN
-3E+LlTNeE+6hAfWC3m78g9vnIl+5jSveEHJO2oHB9/PrDttbX5CSu0FoVU+E2XNb
-DG1A5sUPXVxegB5kh1qZRIs9YSDwFcyHlVugRg+8XBTurE/IfNLA72CUIrZ0BU/K
-lwEKMLRQRInQwmvlf85mIhrWOHz/QkLKWKA4hcrxsR8zJ9u/XEmWNnoRL2LX636f
-m5wOK9/NWbzu6GrjffoGujRCtX3nvuF7ha8bJalFMwbLzA3KeFxWUqxDfvYM5/uG
-tKzX9LJU7mV6XDJrM6BoG9jqyHSUCAB/m/DagA/yRRMRY0zm0pfTrhKwfOjwVsB7
-fIKZbTtdAgMBAAECggEAU2/YPMn5mcQAZYnmtdSIKqiYSrThgAOp8hGCFzE23Me9
-Br9ykGRaBeuvig7tixgg4k/tBKA0DxMiqUBfS9jOmcms1L5qV+5fFZnku070AI19
-fs+n1TP5YAXtqlZu+Iij4dUit/ZxkmEjAeid3OcLotrzvz/m7CW26gR1tQX1fUdh
-+YFwUjyY1g2QRrUiPI/LJnOwJeZuxjnRaabmYjKvjHcbN/kmKWxqBrrTMU6KNq0o
-4PPKragvpvePrKSPwOyQROlRXsj6qY/FMrXVrSVGfrUAk7NCmccbtJM6SY2/k3ly
-Y69YWNj2laui5loTpUcuTFFPwmHkHBJC6GJCGoaHYQKBgQDNonjx7e0dzLjRzMUg
-1SX4oH+IqL4oMq1Cs3l9iibFXFpG23gCh7ao54ehmYJE3088L7NGvGjoMl/4uj+T
-WElFENCk0lzjxPPAEkAuHY3JApL+0ZsU4RyWjNVSOaD7eQCfN/og0ZgNW6+TUiOu
-Wq6rA/KTywSUnnwdvqMTTXhDaQKBgQDKicYXLH8TmOvauRkrfWjS5XhBEplskxiQ
-uqlQEXlbT3jymyIAdt+3hnydL557lbKPfTe/rs22wnH/++aUQTzQgKNs7oWSFyDt
-km0LCGdLg7NuVNI4Sdi5SoIWsTcAkmkYA+KFy3YQK9vwr3eZ3ExbYI55QTyoVKON
-jReguOBd1QKBgQC8LTMqiYVUoNR8wTuf6Q4/cHhk0a56UK22/VBvLq5+Kx49+3be
-Md1Ywc+fdT/90LDMrgYL9Dy4R+kFT0MAjmk2d8XHHu58TO6WVN1AljD6wo1L/PpC
-6CHmL2jDPxNvLPMBwRL3V3Yiu0V3tlIKqtdujkU9NCqz6jhAbAUFk/47CQKBgQCw
-PRB868AsCl349iXbvQWwtfJdFVUhsCGpFnPr8ziZZt8EpE8C/m2PIdxfXqdWPJ2i
-1D/lcLMae7p9F/G9QcMsXzNVv3vE8pE5iLeP6SERCanhsLc4ObH3Ecl++3ez7LK8
-Le03pSK30aJRni3BWXur66ouAsFIbFXg/0v3E8hQfQKBgQCicOnaNKD/dARZZhfR
-eoX+97PRTpoloOF+jd/AOYq4ATZoNQwF2Jizs8fDbi0SUWFoFG8UmrrJ4xv4DBDq
-rAeHvZle2K8od1/NjOG5/WFAF0/Aci+R5U/bX2/2vspb5AWBdwMbvnf7GKtwrAYU
-TiK7X/iftZZWuApQauRR4yrCAw==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/iCA-server/serial b/tests/hwsim/auth_serv/iCA-server/serial
deleted file mode 100644
index b40c841093d6..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/serial
+++ /dev/null
@@ -1 +0,0 @@
-5C9DE4A6D17A49C88375E75768F77216B2AEB784
diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked.key b/tests/hwsim/auth_serv/iCA-server/server-revoked.key
deleted file mode 100644
index 85c11d612a6b..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server-revoked.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6httirVW8O0Hx
-we89YRNtZYrRvlhBpuBd8sXzp8HCbJ6wX/AWLOS6fSa3aUNysdco0gY9bpxnMjg/
-PGOUjWPpf7N7ZwvWyQLs2n7hWyHkoeoB7Li9b17SkuUz2qUTpo4EtRl6B5roA+69
-SixlbOw6SDh+DTAw7hrZGr4C0OHylRchCDxJTY8Rx7SM5pNLSvrdrApy2IKK4WyZ
-HncbiBKzcs/c+lfSY+EtwFpXNtT/NyAgAbQRGSz5m/b6k//KafKE62+vRLgY49hC
-KZchAeFHofztWHSwq/l1XOhJqhZKGTHoxYxgmUif2XiS7DELIGTZVxxuaqbd+FUv
-zCt2EbWbAgMBAAECggEBAIXTM5u8mQKP0WROrALxnyqh69NIKbIQtHEzOWrzNUT1
-AXWxn2OJmiFioWB+GXI0vhX/eZKhxX0Uvt4/yYJPXxusD22+JPRZC8w7h0TQSaTr
-tiTjXjgrq3CRC/kEKePLX6Fo/Xpb8nv8NlGA4hFy8JlwL3fgpm60pnaVhTYn/7Q2
-oey4zIKwnRYp8oFf58iu5Otjga247AWiR3VDHTeSlvSQOMj+4RybQgpbeB6hVfrs
-0IjR7hq+dBoMdY5NuEPhGIvcoQq2T6K7hYqIx2ou8OCDeBefdJOm30Y2Iu1CpEx5
-dwJWtgv+ZVHUKl7MlXYiLVZjzX2ZSOJukeNs8AoRrwECgYEA25Z2/XlT2E3C24Q3
-S6GZJtbPnvYLr8xHzQ1ljA39ltu5PQXcKRYAgaOGQtl6NhrpoE8uiiVXegbw0CP2
-yyKLlqn0JvJaZREpJcCPqdt4jDgNZ3ajXhiq1SFGsZsLxmrM0Iu43Kf2nxVQyP0R
-6npuvlagOnggvCMzQWfQqsxrxDsCgYEA2XTy5BwmDhoczMbQozFFCd8MbzoDwnDR
-hXVSEbG0TjNe/d9UfD8Y9xsV8tlkcDhfS3lwMFHp/poSnvjrF2vGmMNaLEcZnQEX
-crqrL6gRpUs6dpv40Q/Dtkze3p2DoCD+La94RHjHrXtTJ5DZcliNZJt90zXz0Kmy
-6abXvv8jniECgYEAjxSQvgLjdirdEAoruZU3ZM5NhKeP3+G820iiZUrsdPMA1VlP
-JlpWxCIYJtDsR/rrRfCyQ4OnZzTEjusQMTZ2PBrLouEBs58l75p0Qdpmxv7zBPqR
-4osyLSO8m5eKaaRHho+0SdsL4IaUGBKGLQHPzShGyTJjKhPJnxGVLuV6RucCgYAI
-9XR8SVyYACNnnFlEH+eEPJg6jN1SyWsYYHj9GaEgB6XGN8k3RTI2G/uPgb1NkkT6
-ywoAM5+8SYSy3/ZvhJUt/f5dDKDVgxIAPAiJchcoBC1obYyWsFuTyx7zdPHTSwit
-wSjnSUKQtx/55VHQEC3jEzTf2r0sv5ELZ0BEMia5gQKBgQCgOkdrjh7CHy8qZ51i
-mlctafZyOnqp98i6q+R5AN5S9EDemKtUmAq7JSmBX/5cn1wgde115YiEwvt/xNmE
-c0RBpcz+ZsgJnoQsCPUJmzIkwMIjZ3t9nrdHDTegcNJM1M7V7xN4jf7ycoynEmGK
-k4XzV7M/nhOjiRwWCq6ba3Ddwg==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked.pem b/tests/hwsim/auth_serv/iCA-server/server-revoked.pem
deleted file mode 100644
index 031b9d1a9ba8..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server-revoked.pem
+++ /dev/null
@@ -1,86 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            5c:9d:e4:a6:d1:7a:49:c8:83:75:e7:57:68:f7:72:16:b2:ae:b7:83
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  1 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=server-revoked.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:ba:86:db:62:ad:55:bc:3b:41:f1:c1:ef:3d:61:
-                    13:6d:65:8a:d1:be:58:41:a6:e0:5d:f2:c5:f3:a7:
-                    c1:c2:6c:9e:b0:5f:f0:16:2c:e4:ba:7d:26:b7:69:
-                    43:72:b1:d7:28:d2:06:3d:6e:9c:67:32:38:3f:3c:
-                    63:94:8d:63:e9:7f:b3:7b:67:0b:d6:c9:02:ec:da:
-                    7e:e1:5b:21:e4:a1:ea:01:ec:b8:bd:6f:5e:d2:92:
-                    e5:33:da:a5:13:a6:8e:04:b5:19:7a:07:9a:e8:03:
-                    ee:bd:4a:2c:65:6c:ec:3a:48:38:7e:0d:30:30:ee:
-                    1a:d9:1a:be:02:d0:e1:f2:95:17:21:08:3c:49:4d:
-                    8f:11:c7:b4:8c:e6:93:4b:4a:fa:dd:ac:0a:72:d8:
-                    82:8a:e1:6c:99:1e:77:1b:88:12:b3:72:cf:dc:fa:
-                    57:d2:63:e1:2d:c0:5a:57:36:d4:ff:37:20:20:01:
-                    b4:11:19:2c:f9:9b:f6:fa:93:ff:ca:69:f2:84:eb:
-                    6f:af:44:b8:18:e3:d8:42:29:97:21:01:e1:47:a1:
-                    fc:ed:58:74:b0:ab:f9:75:5c:e8:49:aa:16:4a:19:
-                    31:e8:c5:8c:60:99:48:9f:d9:78:92:ec:31:0b:20:
-                    64:d9:57:1c:6e:6a:a6:dd:f8:55:2f:cc:2b:76:11:
-                    b5:9b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                FB:67:34:A4:0E:E6:BB:BF:90:0D:7C:B2:69:E8:04:D5:71:8F:76:44
-            X509v3 Authority Key Identifier: 
-                keyid:EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-
-            X509v3 Subject Alternative Name: critical
-                DNS:server-revoked.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha256WithRSAEncryption
-         22:c0:a0:7c:25:b4:4d:61:44:25:09:9c:14:8d:35:6e:36:7b:
-         91:60:6b:35:90:48:a9:a2:ee:81:70:c4:d8:2a:9d:a3:7e:a2:
-         c9:0c:dc:b2:73:98:01:cf:db:d4:3a:17:8a:b6:3d:b5:97:47:
-         33:e9:b6:14:ed:a6:8e:a4:6d:34:d0:03:3a:01:04:ce:28:24:
-         f9:c3:15:a9:b1:8c:2a:dc:8d:40:98:ac:78:8f:f5:fc:53:88:
-         0e:84:28:39:86:75:59:ad:12:54:77:f2:9c:e1:d2:4e:e1:ee:
-         8d:57:f3:41:ab:15:4d:ab:77:75:47:9a:c6:36:28:08:b5:8d:
-         c7:9f:5a:87:87:f8:a7:17:9a:44:4e:ce:84:24:12:da:7f:a8:
-         ab:15:fd:24:9b:cf:1c:ae:2f:8f:13:28:27:09:1e:57:2b:ca:
-         1f:c8:bc:a4:95:08:27:4e:c4:21:68:a5:45:9f:5a:42:1c:7f:
-         37:59:d7:ed:30:be:ed:26:12:5d:80:f5:7d:7d:94:ff:52:56:
-         fc:67:0f:3f:00:21:e7:b4:2f:48:7b:77:86:fb:16:28:ab:68:
-         e1:4d:80:eb:5e:4b:99:88:2f:ec:a3:1d:06:c5:04:2e:bb:56:
-         fb:6b:75:9d:5b:78:83:63:2b:70:7c:21:94:a1:58:a4:8e:8b:
-         30:d3:28:88
------BEGIN CERTIFICATE-----
-MIIDozCCAougAwIBAgIUXJ3kptF6SciDdedXaPdyFrKut4MwDQYJKoZIhvcNAQEL
-BQAwPjELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTZXJ2
-ZXIgSW50ZXJtZWRpYXRlIENBMB4XDTIwMDUwMzE1MjAxMFoXDTMwMDUwMTE1MjAx
-MFowPDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR0wGwYDVQQDDBRzZXJ2
-ZXItcmV2b2tlZC53MS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALqG22KtVbw7QfHB7z1hE21litG+WEGm4F3yxfOnwcJsnrBf8BYs5Lp9JrdpQ3Kx
-1yjSBj1unGcyOD88Y5SNY+l/s3tnC9bJAuzafuFbIeSh6gHsuL1vXtKS5TPapROm
-jgS1GXoHmugD7r1KLGVs7DpIOH4NMDDuGtkavgLQ4fKVFyEIPElNjxHHtIzmk0tK
-+t2sCnLYgorhbJkedxuIErNyz9z6V9Jj4S3AWlc21P83ICABtBEZLPmb9vqT/8pp
-8oTrb69EuBjj2EIplyEB4Ueh/O1YdLCr+XVc6EmqFkoZMejFjGCZSJ/ZeJLsMQsg
-ZNlXHG5qpt34VS/MK3YRtZsCAwEAAaOBmjCBlzAMBgNVHRMBAf8EAjAAMB0GA1Ud
-DgQWBBT7ZzSkDua7v5ANfLJp6ATVcY92RDAfBgNVHSMEGDAWgBTr3I04dRAv5oKO
-/kPsn35jIr1RVTAiBgNVHREBAf8EGDAWghRzZXJ2ZXItcmV2b2tlZC53MS5maTAW
-BgNVHSUBAf8EDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEL
-BQADggEBACLAoHwltE1hRCUJnBSNNW42e5FgazWQSKmi7oFwxNgqnaN+oskM3LJz
-mAHP29Q6F4q2PbWXRzPpthTtpo6kbTTQAzoBBM4oJPnDFamxjCrcjUCYrHiP9fxT
-iA6EKDmGdVmtElR38pzh0k7h7o1X80GrFU2rd3VHmsY2KAi1jcefWoeH+KcXmkRO
-zoQkEtp/qKsV/SSbzxyuL48TKCcJHlcryh/IvKSVCCdOxCFopUWfWkIcfzdZ1+0w
-vu0mEl2A9X19lP9SVvxnDz8AIee0L0h7d4b7FiiraOFNgOteS5mIL+yjHQbFBC67
-VvtrdZ1beINjK3B8IZShWKSOizDTKIg=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked.req b/tests/hwsim/auth_serv/iCA-server/server-revoked.req
deleted file mode 100644
index b4c0f2374879..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server-revoked.req
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIClDCCAXwCAQAwTzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUc2VydmVyLXJldm9rZWQudzEuZmkwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6httirVW8O0Hxwe89YRNtZYrR
-vlhBpuBd8sXzp8HCbJ6wX/AWLOS6fSa3aUNysdco0gY9bpxnMjg/PGOUjWPpf7N7
-ZwvWyQLs2n7hWyHkoeoB7Li9b17SkuUz2qUTpo4EtRl6B5roA+69SixlbOw6SDh+
-DTAw7hrZGr4C0OHylRchCDxJTY8Rx7SM5pNLSvrdrApy2IKK4WyZHncbiBKzcs/c
-+lfSY+EtwFpXNtT/NyAgAbQRGSz5m/b6k//KafKE62+vRLgY49hCKZchAeFHofzt
-WHSwq/l1XOhJqhZKGTHoxYxgmUif2XiS7DELIGTZVxxuaqbd+FUvzCt2EbWbAgMB
-AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAo3V6gURcTGy95qxhogpMRD20D9VwiK5m
-O81e8wvu6bFn0881Khzi24M4D54JG7NBiVl8FyW7zfnmzpd7lxceSyOuEF7wSIYD
-+GrVQ8wgcfPTy0z9iUH/lEjiesv7BEq9AuvAUXSaBC1dPaoWdmEZ+EJRSehle2fj
-Lw1OtkjAN47eXo+gXE+kW1V4oM0mI6n7EJ8lEyz6/CUf3mw3EBLXhIncVRthKbrt
-S4ujuaak3AGD+KBkxLjxTOIb0IPPsX+lYUly+PayUSe2LhQI0p34wN7Tb4oSu4qH
-nZZFb5RIysq0av7y8SqUoJJyaEiYtXxbbUKme/6xUqY4OMpP+01EOQ==
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem b/tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem
deleted file mode 100644
index 09619be1aaa5..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f7
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a2:b0:de:7f:e6:17:69:4b:bb:8d:dc:4f:8b:95:
-                    33:5e:13:ee:a1:01:f5:82:de:6e:fc:83:db:e7:22:
-                    5f:b9:8d:2b:de:10:72:4e:da:81:c1:f7:f3:eb:0e:
-                    db:5b:5f:90:92:bb:41:68:55:4f:84:d9:73:5b:0c:
-                    6d:40:e6:c5:0f:5d:5c:5e:80:1e:64:87:5a:99:44:
-                    8b:3d:61:20:f0:15:cc:87:95:5b:a0:46:0f:bc:5c:
-                    14:ee:ac:4f:c8:7c:d2:c0:ef:60:94:22:b6:74:05:
-                    4f:ca:97:01:0a:30:b4:50:44:89:d0:c2:6b:e5:7f:
-                    ce:66:22:1a:d6:38:7c:ff:42:42:ca:58:a0:38:85:
-                    ca:f1:b1:1f:33:27:db:bf:5c:49:96:36:7a:11:2f:
-                    62:d7:eb:7e:9f:9b:9c:0e:2b:df:cd:59:bc:ee:e8:
-                    6a:e3:7d:fa:06:ba:34:42:b5:7d:e7:be:e1:7b:85:
-                    af:1b:25:a9:45:33:06:cb:cc:0d:ca:78:5c:56:52:
-                    ac:43:7e:f6:0c:e7:fb:86:b4:ac:d7:f4:b2:54:ee:
-                    65:7a:5c:32:6b:33:a0:68:1b:d8:ea:c8:74:94:08:
-                    00:7f:9b:f0:da:80:0f:f2:45:13:11:63:4c:e6:d2:
-                    97:d3:ae:12:b0:7c:e8:f0:56:c0:7b:7c:82:99:6d:
-                    3b:5d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         86:74:75:b2:bb:b0:85:25:48:38:e1:34:54:d5:d4:3a:9f:0e:
-         b1:96:fd:cc:ea:15:21:72:da:9e:ef:e2:fa:ae:29:74:dc:83:
-         36:87:88:7d:75:51:9a:c5:6e:a8:80:77:3f:5c:ed:9e:ac:57:
-         17:ed:ab:64:4f:15:8b:47:90:0a:17:2a:7e:49:a9:01:a1:41:
-         66:d4:fe:be:18:70:d6:23:f7:0b:0a:53:d7:75:a8:7f:0a:52:
-         1c:1d:8c:63:6f:82:ed:ed:fd:e2:fe:86:ef:0a:4c:f8:d7:93:
-         56:9a:a3:dd:74:02:8c:b3:31:83:c1:8a:66:c6:c0:1d:dc:00:
-         5c:57:f4:31:31:8b:d4:84:d8:da:6d:d6:f6:e4:10:7e:bb:f2:
-         41:95:dd:a6:0c:37:c7:22:80:e6:36:3e:34:c6:1c:73:ab:42:
-         90:6e:f8:db:e8:b6:c0:b2:f5:17:d2:6f:d3:8c:fb:14:25:8e:
-         72:81:45:76:86:f7:d1:d9:3d:ff:b1:a2:10:6f:c0:24:e7:70:
-         3f:2d:cf:32:ee:06:70:d5:1b:04:84:6d:48:69:26:1e:98:5a:
-         ed:e3:61:f5:29:45:88:25:cf:7f:c4:fb:f3:87:a7:11:95:9e:
-         cf:a8:aa:88:db:12:32:66:66:c4:1d:12:b1:62:1d:fa:28:f4:
-         97:ac:df:2e
------BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIJANjT46bL48z3MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMD4xCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVy
-bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/m
-F2lLu43cT4uVM14T7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhV
-T4TZc1sMbUDmxQ9dXF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQi
-tnQFT8qXAQowtFBEidDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEv
-Ytfrfp+bnA4r381ZvO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+
-9gzn+4a0rNf0slTuZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB8
-6PBWwHt8gpltO10CAwEAAaNmMGQwHQYDVR0OBBYEFOvcjTh1EC/mgo7+Q+yffmMi
-vVFVMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMBIGA1UdEwEB/wQI
-MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGdHWy
-u7CFJUg44TRU1dQ6nw6xlv3M6hUhctqe7+L6ril03IM2h4h9dVGaxW6ogHc/XO2e
-rFcX7atkTxWLR5AKFyp+SakBoUFm1P6+GHDWI/cLClPXdah/ClIcHYxjb4Lt7f3i
-/obvCkz415NWmqPddAKMszGDwYpmxsAd3ABcV/QxMYvUhNjabdb25BB+u/JBld2m
-DDfHIoDmNj40xhxzq0KQbvjb6LbAsvUX0m/TjPsUJY5ygUV2hvfR2T3/saIQb8Ak
-53A/Lc8y7gZw1RsEhG1IaSYemFrt42H1KUWIJc9/xPvzh6cRlZ7PqKqI2xIyZmbE
-HRKxYh36KPSXrN8u
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            5c:9d:e4:a6:d1:7a:49:c8:83:75:e7:57:68:f7:72:16:b2:ae:b7:83
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  1 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=server-revoked.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:ba:86:db:62:ad:55:bc:3b:41:f1:c1:ef:3d:61:
-                    13:6d:65:8a:d1:be:58:41:a6:e0:5d:f2:c5:f3:a7:
-                    c1:c2:6c:9e:b0:5f:f0:16:2c:e4:ba:7d:26:b7:69:
-                    43:72:b1:d7:28:d2:06:3d:6e:9c:67:32:38:3f:3c:
-                    63:94:8d:63:e9:7f:b3:7b:67:0b:d6:c9:02:ec:da:
-                    7e:e1:5b:21:e4:a1:ea:01:ec:b8:bd:6f:5e:d2:92:
-                    e5:33:da:a5:13:a6:8e:04:b5:19:7a:07:9a:e8:03:
-                    ee:bd:4a:2c:65:6c:ec:3a:48:38:7e:0d:30:30:ee:
-                    1a:d9:1a:be:02:d0:e1:f2:95:17:21:08:3c:49:4d:
-                    8f:11:c7:b4:8c:e6:93:4b:4a:fa:dd:ac:0a:72:d8:
-                    82:8a:e1:6c:99:1e:77:1b:88:12:b3:72:cf:dc:fa:
-                    57:d2:63:e1:2d:c0:5a:57:36:d4:ff:37:20:20:01:
-                    b4:11:19:2c:f9:9b:f6:fa:93:ff:ca:69:f2:84:eb:
-                    6f:af:44:b8:18:e3:d8:42:29:97:21:01:e1:47:a1:
-                    fc:ed:58:74:b0:ab:f9:75:5c:e8:49:aa:16:4a:19:
-                    31:e8:c5:8c:60:99:48:9f:d9:78:92:ec:31:0b:20:
-                    64:d9:57:1c:6e:6a:a6:dd:f8:55:2f:cc:2b:76:11:
-                    b5:9b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                FB:67:34:A4:0E:E6:BB:BF:90:0D:7C:B2:69:E8:04:D5:71:8F:76:44
-            X509v3 Authority Key Identifier: 
-                keyid:EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-
-            X509v3 Subject Alternative Name: critical
-                DNS:server-revoked.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha256WithRSAEncryption
-         22:c0:a0:7c:25:b4:4d:61:44:25:09:9c:14:8d:35:6e:36:7b:
-         91:60:6b:35:90:48:a9:a2:ee:81:70:c4:d8:2a:9d:a3:7e:a2:
-         c9:0c:dc:b2:73:98:01:cf:db:d4:3a:17:8a:b6:3d:b5:97:47:
-         33:e9:b6:14:ed:a6:8e:a4:6d:34:d0:03:3a:01:04:ce:28:24:
-         f9:c3:15:a9:b1:8c:2a:dc:8d:40:98:ac:78:8f:f5:fc:53:88:
-         0e:84:28:39:86:75:59:ad:12:54:77:f2:9c:e1:d2:4e:e1:ee:
-         8d:57:f3:41:ab:15:4d:ab:77:75:47:9a:c6:36:28:08:b5:8d:
-         c7:9f:5a:87:87:f8:a7:17:9a:44:4e:ce:84:24:12:da:7f:a8:
-         ab:15:fd:24:9b:cf:1c:ae:2f:8f:13:28:27:09:1e:57:2b:ca:
-         1f:c8:bc:a4:95:08:27:4e:c4:21:68:a5:45:9f:5a:42:1c:7f:
-         37:59:d7:ed:30:be:ed:26:12:5d:80:f5:7d:7d:94:ff:52:56:
-         fc:67:0f:3f:00:21:e7:b4:2f:48:7b:77:86:fb:16:28:ab:68:
-         e1:4d:80:eb:5e:4b:99:88:2f:ec:a3:1d:06:c5:04:2e:bb:56:
-         fb:6b:75:9d:5b:78:83:63:2b:70:7c:21:94:a1:58:a4:8e:8b:
-         30:d3:28:88
------BEGIN CERTIFICATE-----
-MIIDozCCAougAwIBAgIUXJ3kptF6SciDdedXaPdyFrKut4MwDQYJKoZIhvcNAQEL
-BQAwPjELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTZXJ2
-ZXIgSW50ZXJtZWRpYXRlIENBMB4XDTIwMDUwMzE1MjAxMFoXDTMwMDUwMTE1MjAx
-MFowPDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR0wGwYDVQQDDBRzZXJ2
-ZXItcmV2b2tlZC53MS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALqG22KtVbw7QfHB7z1hE21litG+WEGm4F3yxfOnwcJsnrBf8BYs5Lp9JrdpQ3Kx
-1yjSBj1unGcyOD88Y5SNY+l/s3tnC9bJAuzafuFbIeSh6gHsuL1vXtKS5TPapROm
-jgS1GXoHmugD7r1KLGVs7DpIOH4NMDDuGtkavgLQ4fKVFyEIPElNjxHHtIzmk0tK
-+t2sCnLYgorhbJkedxuIErNyz9z6V9Jj4S3AWlc21P83ICABtBEZLPmb9vqT/8pp
-8oTrb69EuBjj2EIplyEB4Ueh/O1YdLCr+XVc6EmqFkoZMejFjGCZSJ/ZeJLsMQsg
-ZNlXHG5qpt34VS/MK3YRtZsCAwEAAaOBmjCBlzAMBgNVHRMBAf8EAjAAMB0GA1Ud
-DgQWBBT7ZzSkDua7v5ANfLJp6ATVcY92RDAfBgNVHSMEGDAWgBTr3I04dRAv5oKO
-/kPsn35jIr1RVTAiBgNVHREBAf8EGDAWghRzZXJ2ZXItcmV2b2tlZC53MS5maTAW
-BgNVHSUBAf8EDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEL
-BQADggEBACLAoHwltE1hRCUJnBSNNW42e5FgazWQSKmi7oFwxNgqnaN+oskM3LJz
-mAHP29Q6F4q2PbWXRzPpthTtpo6kbTTQAzoBBM4oJPnDFamxjCrcjUCYrHiP9fxT
-iA6EKDmGdVmtElR38pzh0k7h7o1X80GrFU2rd3VHmsY2KAi1jcefWoeH+KcXmkRO
-zoQkEtp/qKsV/SSbzxyuL48TKCcJHlcryh/IvKSVCCdOxCFopUWfWkIcfzdZ1+0w
-vu0mEl2A9X19lP9SVvxnDz8AIee0L0h7d4b7FiiraOFNgOteS5mIL+yjHQbFBC67
-VvtrdZ1beINjK3B8IZShWKSOizDTKIg=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server.key b/tests/hwsim/auth_serv/iCA-server/server.key
deleted file mode 100644
index 068c0f6d045e..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCsIexV4pRs1Rtt
-+neHf34q9SZOPCjUcFBwVeKp1atiFQECtZDoVZF8sPSf/RE8c3L3Vn1MtVYhjxfE
-ZVwqPw3iIqWA7RqwqIzimvePd23FJJ8rwDommxN1ltLPGUzK7ZCzyNrnIAOmCl2t
-BJ1rN51p6Wxj1RLa/8Kl1PQE3845wgY9P+yLPZ4cpy3yY1N+OqpoCrCTsmk9I9qx
-rv6Q+sbq7jWUTZrYXW+57YBrG71GVqu/KYrJIOUxPRGW4MVWWOHxhG28D+WbvJ91
-KwMBGliOiCKzCnyNs00egjF1f88oOqrA9cNFcrxI95phESwx1D1bbiXKKuqI6Vj+
-7g0A1TaLAgMBAAECggEBAKBGHeaCSK1laFro4i76GSIqjXY/Mc1MnrlaXujAGQoE
-gKJjKQAL3KF7qurlGg1tedivYY/xMLeiowCtWDnF6Els9SmsnDNtXXEJ1gRxsXXk
-+YglPn//2QieXL+U0RoKRbgBB0I5XuxVro+RQno4mIurWs9B8IKVrkn2lReMxFql
-tXaAUEkvnIbEnEuXUtb7XNzAv3LeF5XrFZ5egHggKwDlA1o0wl2Nx0JVynX9EJER
-VoWWWAvJhtZLQb2EetYKA2WOIwkCwFMX/EYP4BuGRFLnrPOMMqAkS42ZdVLhwCk7
-m00J5GO1Bwf9OBy2aPVGubaU4P+BKHkCSzxs22guIWECgYEA064UlbqudqL+Jtpc
-B4gYqh4d61Cf8PaOz61YVggpcXTQtf+Ov02h3M2Iq0i42fw4hewRRiQmFyOP8daA
-OsqAHj0eOv4ibE23hR1KssBl3fBt6ubjCxeFf3Sl0e0j+5XFgCPYEdJPPsJhY91f
-TK6IUYq9DAITdmU2+TL5RdK7KVMCgYEA0CwfEaveSzeBZTMudh0WsywF6EsplWHM
-QyawOPbltZxxTQHDAillFyoPHNtFZs8KBVdmTxcITW3YyaEFbZ0rXLKFjyHiMQfG
-KSCB2nzFOhT8eXsdVyXahXkKiIsoFjaKqRRsNoxyUtbj8Pu7/CRtbabDLOj/iF43
-eo8iNn3LvukCgYEA0Bq+Zg1n436OekgGXekwxl5hb6yN8WmUMRvsUngntkDvx119
-SxnZXag7CpmuEbBjKVZSDTEQuYLeyxTkb+gRWKkhhUG/OdaV66pGe8Gm5DCw/1UK
-NSdkuU9GjkGjNH2j8zxJ+gtWmQ6kjHdgb5TOs8u/24RW+fi7uPaiFkD8e70CgYEA
-pml+9Lt12p8me2Xs0FL0oIqitk3PkjE5/rxgx0jn3MSQ9kRgRcwdmeTva9wFoOgF
-VLvHd5Yr9unHEXf9ROENlu7HQeKOVS+nw5zO8YAokgPQyLQYgmAqTeSy/PBxPUCg
-nAVNdFXV1k8erLgwUKI2MB/NiotAKx1WME1XxkPNqnECgYAR6WJkK4t4uJueta3P
-c4AUU585nTX6CyH7oxkud/s+Mg6ztbtC9/BSxtQNTJKWhbqdpI7xz2807Wzv3/6h
-IFpCPf3aXWX9yp3FlohRfE/hCRz8IhBzQNCUaXxMta3KOVw0u88aQycEI8CGad2Z
-By9hDAFwSLj4vQuD0VclFyCfZA==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server.pem b/tests/hwsim/auth_serv/iCA-server/server.pem
deleted file mode 100644
index 58d76bcbee6b..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server.pem
+++ /dev/null
@@ -1,86 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            5c:9d:e4:a6:d1:7a:49:c8:83:75:e7:57:68:f7:72:16:b2:ae:b7:82
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  1 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:ac:21:ec:55:e2:94:6c:d5:1b:6d:fa:77:87:7f:
-                    7e:2a:f5:26:4e:3c:28:d4:70:50:70:55:e2:a9:d5:
-                    ab:62:15:01:02:b5:90:e8:55:91:7c:b0:f4:9f:fd:
-                    11:3c:73:72:f7:56:7d:4c:b5:56:21:8f:17:c4:65:
-                    5c:2a:3f:0d:e2:22:a5:80:ed:1a:b0:a8:8c:e2:9a:
-                    f7:8f:77:6d:c5:24:9f:2b:c0:3a:26:9b:13:75:96:
-                    d2:cf:19:4c:ca:ed:90:b3:c8:da:e7:20:03:a6:0a:
-                    5d:ad:04:9d:6b:37:9d:69:e9:6c:63:d5:12:da:ff:
-                    c2:a5:d4:f4:04:df:ce:39:c2:06:3d:3f:ec:8b:3d:
-                    9e:1c:a7:2d:f2:63:53:7e:3a:aa:68:0a:b0:93:b2:
-                    69:3d:23:da:b1:ae:fe:90:fa:c6:ea:ee:35:94:4d:
-                    9a:d8:5d:6f:b9:ed:80:6b:1b:bd:46:56:ab:bf:29:
-                    8a:c9:20:e5:31:3d:11:96:e0:c5:56:58:e1:f1:84:
-                    6d:bc:0f:e5:9b:bc:9f:75:2b:03:01:1a:58:8e:88:
-                    22:b3:0a:7c:8d:b3:4d:1e:82:31:75:7f:cf:28:3a:
-                    aa:c0:f5:c3:45:72:bc:48:f7:9a:61:11:2c:31:d4:
-                    3d:5b:6e:25:ca:2a:ea:88:e9:58:fe:ee:0d:00:d5:
-                    36:8b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                E9:E3:CE:7A:C2:27:BF:88:CF:19:9E:5C:6C:DC:12:C0:D5:00:64:15
-            X509v3 Authority Key Identifier: 
-                keyid:EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-
-            X509v3 Subject Alternative Name: critical
-                DNS:server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha256WithRSAEncryption
-         1b:c4:4a:ea:b3:ee:c3:82:4d:98:93:49:6a:34:98:80:b6:a3:
-         dc:00:d5:ca:27:56:43:e2:71:4c:60:a1:ef:c2:41:9c:fa:93:
-         a4:61:20:f5:3f:2c:3a:91:e8:12:e1:7a:51:c0:86:2b:cf:1b:
-         73:26:b3:0c:e7:03:2e:8e:48:49:3e:32:29:df:b2:9e:d5:29:
-         26:bf:c3:3e:eb:7d:34:96:c7:6e:0e:ae:16:a1:a1:fa:25:dd:
-         a3:2e:3e:4e:3e:76:ff:d6:35:ef:d4:07:2f:d2:6f:48:08:ab:
-         e7:4a:09:ff:43:09:ec:32:49:19:52:cd:30:03:22:3c:f0:9c:
-         9b:e3:fd:bc:e7:f9:d1:7a:da:c6:66:bf:e0:86:95:5c:45:43:
-         07:26:6d:70:fc:24:66:4a:cd:86:bd:6c:d3:7a:0d:12:4b:33:
-         bc:a0:4b:81:08:1a:26:bc:42:a2:e7:37:36:56:ac:ef:85:34:
-         52:89:33:df:b6:33:11:ac:20:67:cd:8d:ce:d7:bb:cb:bc:b5:
-         16:3c:08:cf:c7:1a:68:60:16:9c:55:e6:b5:17:4f:3f:69:f9:
-         b4:18:70:af:60:5d:0f:c4:66:08:b9:75:a3:78:11:f7:8f:8d:
-         f1:2b:4e:05:b9:90:b6:f3:99:8b:0c:43:6a:8c:b4:cc:ff:2f:
-         58:70:d7:8e
------BEGIN CERTIFICATE-----
-MIIDkzCCAnugAwIBAgIUXJ3kptF6SciDdedXaPdyFrKut4IwDQYJKoZIhvcNAQEL
-BQAwPjELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTZXJ2
-ZXIgSW50ZXJtZWRpYXRlIENBMB4XDTIwMDUwMzE1MjAxMFoXDTMwMDUwMTE1MjAx
-MFowNDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRUwEwYDVQQDDAxzZXJ2
-ZXIudzEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsIexV4pRs
-1Rtt+neHf34q9SZOPCjUcFBwVeKp1atiFQECtZDoVZF8sPSf/RE8c3L3Vn1MtVYh
-jxfEZVwqPw3iIqWA7RqwqIzimvePd23FJJ8rwDommxN1ltLPGUzK7ZCzyNrnIAOm
-Cl2tBJ1rN51p6Wxj1RLa/8Kl1PQE3845wgY9P+yLPZ4cpy3yY1N+OqpoCrCTsmk9
-I9qxrv6Q+sbq7jWUTZrYXW+57YBrG71GVqu/KYrJIOUxPRGW4MVWWOHxhG28D+Wb
-vJ91KwMBGliOiCKzCnyNs00egjF1f88oOqrA9cNFcrxI95phESwx1D1bbiXKKuqI
-6Vj+7g0A1TaLAgMBAAGjgZIwgY8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6ePO
-esInv4jPGZ5cbNwSwNUAZBUwHwYDVR0jBBgwFoAU69yNOHUQL+aCjv5D7J9+YyK9
-UVUwGgYDVR0RAQH/BBAwDoIMc2VydmVyLncxLmZpMBYGA1UdJQEB/wQMMAoGCCsG
-AQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAG8RK6rPuw4JN
-mJNJajSYgLaj3ADVyidWQ+JxTGCh78JBnPqTpGEg9T8sOpHoEuF6UcCGK88bcyaz
-DOcDLo5IST4yKd+yntUpJr/DPut9NJbHbg6uFqGh+iXdoy4+Tj52/9Y179QHL9Jv
-SAir50oJ/0MJ7DJJGVLNMAMiPPCcm+P9vOf50Xraxma/4IaVXEVDByZtcPwkZkrN
-hr1s03oNEkszvKBLgQgaJrxCouc3Nlas74U0Uokz37YzEawgZ82Nzte7y7y1FjwI
-z8caaGAWnFXmtRdPP2n5tBhwr2BdD8RmCLl1o3gR94+N8StOBbmQtvOZiwxDaoy0
-zP8vWHDXjg==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server.req b/tests/hwsim/auth_serv/iCA-server/server.req
deleted file mode 100644
index 181564b93ade..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server.req
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCHsVeKUbNUbbfp3h39+KvUmTjwo1HBQcFXi
-qdWrYhUBArWQ6FWRfLD0n/0RPHNy91Z9TLVWIY8XxGVcKj8N4iKlgO0asKiM4pr3
-j3dtxSSfK8A6JpsTdZbSzxlMyu2Qs8ja5yADpgpdrQSdazedaelsY9US2v/CpdT0
-BN/OOcIGPT/siz2eHKct8mNTfjqqaAqwk7JpPSPasa7+kPrG6u41lE2a2F1vue2A
-axu9RlarvymKySDlMT0RluDFVljh8YRtvA/lm7yfdSsDARpYjogiswp8jbNNHoIx
-dX/PKDqqwPXDRXK8SPeaYREsMdQ9W24lyirqiOlY/u4NANU2iwIDAQABoAAwDQYJ
-KoZIhvcNAQELBQADggEBACNfUGcccnZoS3TqbWbfYMtWhi0a80xuWb+8v//aO0D2
-NeJMFmOKVgChOqHZza8rnIGMCOEbL1DkEJIZh1Z5ovy0fkGbcdCxeJIcem8PRLK0
-oFiLgIM9MeVDTSLY6FP7hjifR3x6SnO39DahiycnG45Kek7kVq25oCuyKxJrsoEQ
-pwHdPG1VWvgDy4O7u2RA6kedU2gWjgHVUCJYpeJFp953kV1qrMM/ynFYJF049etm
-Vyl/wxM69LP/bibElna/iAVFPBCe4Mav/bbI371Ju0AHzcdNxdoMnHgEhHB7c7Ye
-QmZKRVi2HHD+PZ1xdtvqJD3EtSKkOuY8JRy6EteGdR4=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/iCA-server/server_and_ica.pem b/tests/hwsim/auth_serv/iCA-server/server_and_ica.pem
deleted file mode 100644
index c7798a214012..000000000000
--- a/tests/hwsim/auth_serv/iCA-server/server_and_ica.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f7
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a2:b0:de:7f:e6:17:69:4b:bb:8d:dc:4f:8b:95:
-                    33:5e:13:ee:a1:01:f5:82:de:6e:fc:83:db:e7:22:
-                    5f:b9:8d:2b:de:10:72:4e:da:81:c1:f7:f3:eb:0e:
-                    db:5b:5f:90:92:bb:41:68:55:4f:84:d9:73:5b:0c:
-                    6d:40:e6:c5:0f:5d:5c:5e:80:1e:64:87:5a:99:44:
-                    8b:3d:61:20:f0:15:cc:87:95:5b:a0:46:0f:bc:5c:
-                    14:ee:ac:4f:c8:7c:d2:c0:ef:60:94:22:b6:74:05:
-                    4f:ca:97:01:0a:30:b4:50:44:89:d0:c2:6b:e5:7f:
-                    ce:66:22:1a:d6:38:7c:ff:42:42:ca:58:a0:38:85:
-                    ca:f1:b1:1f:33:27:db:bf:5c:49:96:36:7a:11:2f:
-                    62:d7:eb:7e:9f:9b:9c:0e:2b:df:cd:59:bc:ee:e8:
-                    6a:e3:7d:fa:06:ba:34:42:b5:7d:e7:be:e1:7b:85:
-                    af:1b:25:a9:45:33:06:cb:cc:0d:ca:78:5c:56:52:
-                    ac:43:7e:f6:0c:e7:fb:86:b4:ac:d7:f4:b2:54:ee:
-                    65:7a:5c:32:6b:33:a0:68:1b:d8:ea:c8:74:94:08:
-                    00:7f:9b:f0:da:80:0f:f2:45:13:11:63:4c:e6:d2:
-                    97:d3:ae:12:b0:7c:e8:f0:56:c0:7b:7c:82:99:6d:
-                    3b:5d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         86:74:75:b2:bb:b0:85:25:48:38:e1:34:54:d5:d4:3a:9f:0e:
-         b1:96:fd:cc:ea:15:21:72:da:9e:ef:e2:fa:ae:29:74:dc:83:
-         36:87:88:7d:75:51:9a:c5:6e:a8:80:77:3f:5c:ed:9e:ac:57:
-         17:ed:ab:64:4f:15:8b:47:90:0a:17:2a:7e:49:a9:01:a1:41:
-         66:d4:fe:be:18:70:d6:23:f7:0b:0a:53:d7:75:a8:7f:0a:52:
-         1c:1d:8c:63:6f:82:ed:ed:fd:e2:fe:86:ef:0a:4c:f8:d7:93:
-         56:9a:a3:dd:74:02:8c:b3:31:83:c1:8a:66:c6:c0:1d:dc:00:
-         5c:57:f4:31:31:8b:d4:84:d8:da:6d:d6:f6:e4:10:7e:bb:f2:
-         41:95:dd:a6:0c:37:c7:22:80:e6:36:3e:34:c6:1c:73:ab:42:
-         90:6e:f8:db:e8:b6:c0:b2:f5:17:d2:6f:d3:8c:fb:14:25:8e:
-         72:81:45:76:86:f7:d1:d9:3d:ff:b1:a2:10:6f:c0:24:e7:70:
-         3f:2d:cf:32:ee:06:70:d5:1b:04:84:6d:48:69:26:1e:98:5a:
-         ed:e3:61:f5:29:45:88:25:cf:7f:c4:fb:f3:87:a7:11:95:9e:
-         cf:a8:aa:88:db:12:32:66:66:c4:1d:12:b1:62:1d:fa:28:f4:
-         97:ac:df:2e
------BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIJANjT46bL48z3MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMD4xCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVy
-bWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKw3n/m
-F2lLu43cT4uVM14T7qEB9YLebvyD2+ciX7mNK94Qck7agcH38+sO21tfkJK7QWhV
-T4TZc1sMbUDmxQ9dXF6AHmSHWplEiz1hIPAVzIeVW6BGD7xcFO6sT8h80sDvYJQi
-tnQFT8qXAQowtFBEidDCa+V/zmYiGtY4fP9CQspYoDiFyvGxHzMn279cSZY2ehEv
-Ytfrfp+bnA4r381ZvO7oauN9+ga6NEK1fee+4XuFrxslqUUzBsvMDcp4XFZSrEN+
-9gzn+4a0rNf0slTuZXpcMmszoGgb2OrIdJQIAH+b8NqAD/JFExFjTObSl9OuErB8
-6PBWwHt8gpltO10CAwEAAaNmMGQwHQYDVR0OBBYEFOvcjTh1EC/mgo7+Q+yffmMi
-vVFVMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMBIGA1UdEwEB/wQI
-MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGdHWy
-u7CFJUg44TRU1dQ6nw6xlv3M6hUhctqe7+L6ril03IM2h4h9dVGaxW6ogHc/XO2e
-rFcX7atkTxWLR5AKFyp+SakBoUFm1P6+GHDWI/cLClPXdah/ClIcHYxjb4Lt7f3i
-/obvCkz415NWmqPddAKMszGDwYpmxsAd3ABcV/QxMYvUhNjabdb25BB+u/JBld2m
-DDfHIoDmNj40xhxzq0KQbvjb6LbAsvUX0m/TjPsUJY5ygUV2hvfR2T3/saIQb8Ak
-53A/Lc8y7gZw1RsEhG1IaSYemFrt42H1KUWIJc9/xPvzh6cRlZ7PqKqI2xIyZmbE
-HRKxYh36KPSXrN8u
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            5c:9d:e4:a6:d1:7a:49:c8:83:75:e7:57:68:f7:72:16:b2:ae:b7:82
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  1 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:ac:21:ec:55:e2:94:6c:d5:1b:6d:fa:77:87:7f:
-                    7e:2a:f5:26:4e:3c:28:d4:70:50:70:55:e2:a9:d5:
-                    ab:62:15:01:02:b5:90:e8:55:91:7c:b0:f4:9f:fd:
-                    11:3c:73:72:f7:56:7d:4c:b5:56:21:8f:17:c4:65:
-                    5c:2a:3f:0d:e2:22:a5:80:ed:1a:b0:a8:8c:e2:9a:
-                    f7:8f:77:6d:c5:24:9f:2b:c0:3a:26:9b:13:75:96:
-                    d2:cf:19:4c:ca:ed:90:b3:c8:da:e7:20:03:a6:0a:
-                    5d:ad:04:9d:6b:37:9d:69:e9:6c:63:d5:12:da:ff:
-                    c2:a5:d4:f4:04:df:ce:39:c2:06:3d:3f:ec:8b:3d:
-                    9e:1c:a7:2d:f2:63:53:7e:3a:aa:68:0a:b0:93:b2:
-                    69:3d:23:da:b1:ae:fe:90:fa:c6:ea:ee:35:94:4d:
-                    9a:d8:5d:6f:b9:ed:80:6b:1b:bd:46:56:ab:bf:29:
-                    8a:c9:20:e5:31:3d:11:96:e0:c5:56:58:e1:f1:84:
-                    6d:bc:0f:e5:9b:bc:9f:75:2b:03:01:1a:58:8e:88:
-                    22:b3:0a:7c:8d:b3:4d:1e:82:31:75:7f:cf:28:3a:
-                    aa:c0:f5:c3:45:72:bc:48:f7:9a:61:11:2c:31:d4:
-                    3d:5b:6e:25:ca:2a:ea:88:e9:58:fe:ee:0d:00:d5:
-                    36:8b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                E9:E3:CE:7A:C2:27:BF:88:CF:19:9E:5C:6C:DC:12:C0:D5:00:64:15
-            X509v3 Authority Key Identifier: 
-                keyid:EB:DC:8D:38:75:10:2F:E6:82:8E:FE:43:EC:9F:7E:63:22:BD:51:55
-
-            X509v3 Subject Alternative Name: critical
-                DNS:server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha256WithRSAEncryption
-         1b:c4:4a:ea:b3:ee:c3:82:4d:98:93:49:6a:34:98:80:b6:a3:
-         dc:00:d5:ca:27:56:43:e2:71:4c:60:a1:ef:c2:41:9c:fa:93:
-         a4:61:20:f5:3f:2c:3a:91:e8:12:e1:7a:51:c0:86:2b:cf:1b:
-         73:26:b3:0c:e7:03:2e:8e:48:49:3e:32:29:df:b2:9e:d5:29:
-         26:bf:c3:3e:eb:7d:34:96:c7:6e:0e:ae:16:a1:a1:fa:25:dd:
-         a3:2e:3e:4e:3e:76:ff:d6:35:ef:d4:07:2f:d2:6f:48:08:ab:
-         e7:4a:09:ff:43:09:ec:32:49:19:52:cd:30:03:22:3c:f0:9c:
-         9b:e3:fd:bc:e7:f9:d1:7a:da:c6:66:bf:e0:86:95:5c:45:43:
-         07:26:6d:70:fc:24:66:4a:cd:86:bd:6c:d3:7a:0d:12:4b:33:
-         bc:a0:4b:81:08:1a:26:bc:42:a2:e7:37:36:56:ac:ef:85:34:
-         52:89:33:df:b6:33:11:ac:20:67:cd:8d:ce:d7:bb:cb:bc:b5:
-         16:3c:08:cf:c7:1a:68:60:16:9c:55:e6:b5:17:4f:3f:69:f9:
-         b4:18:70:af:60:5d:0f:c4:66:08:b9:75:a3:78:11:f7:8f:8d:
-         f1:2b:4e:05:b9:90:b6:f3:99:8b:0c:43:6a:8c:b4:cc:ff:2f:
-         58:70:d7:8e
------BEGIN CERTIFICATE-----
-MIIDkzCCAnugAwIBAgIUXJ3kptF6SciDdedXaPdyFrKut4IwDQYJKoZIhvcNAQEL
-BQAwPjELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTZXJ2
-ZXIgSW50ZXJtZWRpYXRlIENBMB4XDTIwMDUwMzE1MjAxMFoXDTMwMDUwMTE1MjAx
-MFowNDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRUwEwYDVQQDDAxzZXJ2
-ZXIudzEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsIexV4pRs
-1Rtt+neHf34q9SZOPCjUcFBwVeKp1atiFQECtZDoVZF8sPSf/RE8c3L3Vn1MtVYh
-jxfEZVwqPw3iIqWA7RqwqIzimvePd23FJJ8rwDommxN1ltLPGUzK7ZCzyNrnIAOm
-Cl2tBJ1rN51p6Wxj1RLa/8Kl1PQE3845wgY9P+yLPZ4cpy3yY1N+OqpoCrCTsmk9
-I9qxrv6Q+sbq7jWUTZrYXW+57YBrG71GVqu/KYrJIOUxPRGW4MVWWOHxhG28D+Wb
-vJ91KwMBGliOiCKzCnyNs00egjF1f88oOqrA9cNFcrxI95phESwx1D1bbiXKKuqI
-6Vj+7g0A1TaLAgMBAAGjgZIwgY8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6ePO
-esInv4jPGZ5cbNwSwNUAZBUwHwYDVR0jBBgwFoAU69yNOHUQL+aCjv5D7J9+YyK9
-UVUwGgYDVR0RAQH/BBAwDoIMc2VydmVyLncxLmZpMBYGA1UdJQEB/wQMMAoGCCsG
-AQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAG8RK6rPuw4JN
-mJNJajSYgLaj3ADVyidWQ+JxTGCh78JBnPqTpGEg9T8sOpHoEuF6UcCGK88bcyaz
-DOcDLo5IST4yKd+yntUpJr/DPut9NJbHbg6uFqGh+iXdoy4+Tj52/9Y179QHL9Jv
-SAir50oJ/0MJ7DJJGVLNMAMiPPCcm+P9vOf50Xraxma/4IaVXEVDByZtcPwkZkrN
-hr1s03oNEkszvKBLgQgaJrxCouc3Nlas74U0Uokz37YzEawgZ82Nzte7y7y1FjwI
-z8caaGAWnFXmtRdPP2n5tBhwr2BdD8RmCLl1o3gR94+N8StOBbmQtvOZiwxDaoy0
-zP8vWHDXjg==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-user/ca-and-root.pem b/tests/hwsim/auth_serv/iCA-user/ca-and-root.pem
deleted file mode 100644
index 41c8240e52a2..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/ca-and-root.pem
+++ /dev/null
@@ -1,160 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f8
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=User Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:b9:88:7a:fc:1a:f9:00:68:63:c7:40:ff:d5:38:
-                    8e:88:8c:c9:8f:66:ec:74:0a:a6:f1:18:30:30:36:
-                    9a:2a:98:c5:a0:46:02:e2:3c:64:86:79:43:45:19:
-                    83:7a:82:3d:f9:c6:af:01:11:91:2c:4f:07:f8:d7:
-                    ef:da:80:6c:07:88:6a:1e:e6:0e:78:ca:08:50:4f:
-                    f0:8a:2e:54:41:9f:04:63:8b:70:99:ae:6f:95:ed:
-                    5c:c8:34:8e:6b:36:64:bc:44:c9:fb:cb:50:ef:b1:
-                    5b:9b:2c:db:2a:a7:f9:e0:e2:48:57:78:cf:ba:0f:
-                    1a:af:5a:63:64:18:39:9c:d4:af:8d:f9:27:d9:10:
-                    b4:67:17:a1:24:98:f1:ef:ce:ad:12:6f:e4:47:36:
-                    b6:d2:b6:1c:04:03:76:43:63:fb:b6:3e:3f:1a:c8:
-                    c4:8b:69:28:7c:75:dc:bb:36:7f:ad:6a:a2:c1:32:
-                    f3:5e:64:86:57:f1:ee:20:af:64:bd:e0:7c:ba:68:
-                    9b:75:ed:b3:1c:0f:12:e0:52:12:ff:18:0e:8f:1d:
-                    bf:c8:88:56:35:4d:9e:1f:74:1e:19:d7:0c:b4:e7:
-                    46:ee:cf:c6:63:35:ba:16:7f:05:84:8b:bf:16:72:
-                    05:ee:22:6e:3a:54:80:2b:0e:36:96:8d:65:5f:64:
-                    12:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                F0:F7:82:29:71:CD:AF:72:CE:F6:3C:0B:40:16:C2:FD:9F:8A:51:A7
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         70:45:66:14:00:22:85:1c:f8:b9:b3:2c:e8:64:4d:01:53:b8:
-         cb:23:ad:fa:01:7c:27:f7:aa:8d:d8:6c:6a:f8:72:21:63:bf:
-         30:7e:05:8c:84:e3:d1:1e:d1:f3:1d:80:3d:e8:75:06:ae:1b:
-         48:a9:cf:0e:c6:59:6b:f8:d1:25:5a:64:b7:46:2d:29:72:da:
-         d6:3a:79:d3:92:41:d7:31:e4:4e:5e:1b:62:88:41:77:f6:62:
-         a2:3e:c1:a2:ef:79:0c:8f:39:7c:df:a0:4b:d5:ac:58:aa:3e:
-         fd:95:6b:f7:c0:42:29:2e:86:67:5e:d9:3e:7b:e7:a6:bd:3b:
-         7e:3b:19:54:9b:89:40:0e:39:23:8a:af:f2:db:12:5b:09:b4:
-         45:df:c8:3e:8f:fc:fc:55:3e:35:8d:7b:82:50:d5:a3:ea:bb:
-         c4:40:6d:61:ad:92:b2:66:91:0f:5b:3d:49:5e:b5:3e:98:15:
-         9e:2a:23:06:35:e0:13:bc:50:84:06:e4:1b:b9:fc:32:a2:4a:
-         0d:e5:86:ac:69:47:c3:17:11:07:ac:5a:09:69:ed:99:d0:52:
-         fd:6d:ab:0d:44:35:bb:c0:76:27:50:75:df:06:78:f6:92:54:
-         fc:54:76:b5:6f:a0:f6:51:20:1f:7f:8e:aa:5f:c8:48:88:e4:
-         1a:83:f6:b7
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIJANjT46bL48z4MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMDwxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1l
-ZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iHr8GvkA
-aGPHQP/VOI6IjMmPZux0CqbxGDAwNpoqmMWgRgLiPGSGeUNFGYN6gj35xq8BEZEs
-Twf41+/agGwHiGoe5g54yghQT/CKLlRBnwRji3CZrm+V7VzINI5rNmS8RMn7y1Dv
-sVubLNsqp/ng4khXeM+6DxqvWmNkGDmc1K+N+SfZELRnF6EkmPHvzq0Sb+RHNrbS
-thwEA3ZDY/u2Pj8ayMSLaSh8ddy7Nn+taqLBMvNeZIZX8e4gr2S94Hy6aJt17bMc
-DxLgUhL/GA6PHb/IiFY1TZ4fdB4Z1wy050buz8ZjNboWfwWEi78WcgXuIm46VIAr
-DjaWjWVfZBLNAgMBAAGjZjBkMB0GA1UdDgQWBBTw94Ipcc2vcs72PAtAFsL9n4pR
-pzAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TASBgNVHRMBAf8ECDAG
-AQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcEVmFAAi
-hRz4ubMs6GRNAVO4yyOt+gF8J/eqjdhsavhyIWO/MH4FjITj0R7R8x2APeh1Bq4b
-SKnPDsZZa/jRJVpkt0YtKXLa1jp505JB1zHkTl4bYohBd/Zioj7Bou95DI85fN+g
-S9WsWKo+/ZVr98BCKS6GZ17ZPnvnpr07fjsZVJuJQA45I4qv8tsSWwm0Rd/IPo/8
-/FU+NY17glDVo+q7xEBtYa2SsmaRD1s9SV61PpgVniojBjXgE7xQhAbkG7n8MqJK
-DeWGrGlHwxcRB6xaCWntmdBS/W2rDUQ1u8B2J1B13wZ49pJU/FR2tW+g9lEgH3+O
-ql/ISIjkGoP2tw==
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            42:97:6c:30:8e:79:fc:7b:6a:e3:ef:9d:18:a4:74:9d:8b:5f:57:53
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Validity
-            Not Before: May  2 19:49:48 2020 GMT
-            Not After : Apr 30 19:49:48 2030 GMT
-        Subject: C = FI, L = Tuusula, O = w1.fi, CN = Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:bc:f4:ee:44:62:7f:62:4f:a1:81:46:ba:c4:aa:
-                    1e:fd:4e:d0:ed:f1:47:cb:25:5b:66:7a:86:39:91:
-                    ca:b5:61:a7:7e:2f:3c:63:7d:39:b8:1a:9e:cb:6d:
-                    32:32:91:de:49:49:84:da:15:be:2b:dd:c6:bc:1f:
-                    dc:6e:c0:2d:77:f2:d0:7b:2c:40:19:07:60:55:b0:
-                    ff:7c:51:ef:38:d1:f0:2a:da:a8:cc:ea:d6:54:a4:
-                    ef:be:17:44:1a:9e:33:70:57:a4:f3:06:ac:3d:ee:
-                    4b:2d:e5:46:25:2d:33:09:f6:49:a8:02:31:a4:65:
-                    9b:32:0a:67:f5:02:e1:3b:47:a6:ae:e4:f6:85:eb:
-                    5d:3e:02:66:dd:11:98:ac:34:72:c2:8f:25:55:4a:
-                    6a:ea:e8:82:2f:bd:7f:78:31:a4:5a:d7:32:bb:64:
-                    48:46:23:ef:c8:c9:e2:84:00:56:72:e8:4b:54:95:
-                    62:3a:5a:11:79:ee:40:43:9e:16:2c:cc:e6:45:f4:
-                    bb:82:28:c2:83:35:2c:55:36:99:59:11:b1:15:d0:
-                    03:c1:a5:37:e1:1f:bb:43:c7:b4:b9:33:de:14:d7:
-                    7c:99:45:0f:c1:06:fe:b6:25:10:59:b7:72:76:7f:
-                    91:4b:ea:d1:b9:6a:6a:ed:dd:1b:a9:0e:a7:29:48:
-                    b7:4d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         41:f9:c3:a3:77:11:92:55:e7:4b:4a:32:6a:31:d9:51:cf:06:
-         a5:39:ea:30:98:b8:8d:4f:24:c5:34:fd:c6:98:10:59:32:7e:
-         57:f5:8f:ba:67:c9:fc:44:68:b3:7c:f1:af:3a:5f:0d:8f:a1:
-         fe:41:21:0e:e9:08:a3:63:49:66:34:4a:cd:ce:66:74:47:30:
-         f7:dc:82:99:21:56:82:ff:2d:12:90:7d:7a:64:22:a0:ed:fa:
-         62:d9:5a:d3:97:96:0c:04:a7:47:88:da:53:b6:33:15:15:f9:
-         da:ee:ac:25:e9:07:02:89:bc:73:a2:c6:27:6f:1f:bd:73:b8:
-         8e:f7:94:54:57:a7:8b:5b:9a:24:aa:86:d4:04:5c:8c:cb:28:
-         a2:45:f9:34:f0:01:20:bb:06:e8:41:14:d2:d7:ca:e8:bf:4e:
-         16:72:22:a0:0c:86:ca:73:23:09:ae:71:f1:52:0c:db:b2:8a:
-         4d:94:a5:fa:15:81:5b:a2:95:62:50:a1:d6:64:fe:4c:0c:60:
-         8d:9b:0f:b8:41:ac:cb:31:c2:17:6c:7b:61:13:16:9a:db:64:
-         fc:5f:47:84:3d:d2:2e:db:0b:9e:b6:1e:85:04:c1:e5:c0:b2:
-         6d:8f:f2:99:00:3a:1a:ab:02:cf:45:7a:26:c1:b0:1f:c6:b0:
-         d0:4d:f7:52
------BEGIN CERTIFICATE-----
-MIIDYDCCAkigAwIBAgIUQpdsMI55/Htq4++dGKR0nYtfV1MwDQYJKoZIhvcNAQEL
-BQAwQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoMBXcx
-LmZpMRAwDgYDVQQDDAdSb290IENBMB4XDTIwMDUwMjE5NDk0OFoXDTMwMDQzMDE5
-NDk0OFowQTELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAMBgNVBAoM
-BXcxLmZpMRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAvPTuRGJ/Yk+hgUa6xKoe/U7Q7fFHyyVbZnqGOZHKtWGnfi88Y305
-uBqey20yMpHeSUmE2hW+K93GvB/cbsAtd/LQeyxAGQdgVbD/fFHvONHwKtqozOrW
-VKTvvhdEGp4zcFek8wasPe5LLeVGJS0zCfZJqAIxpGWbMgpn9QLhO0emruT2hetd
-PgJm3RGYrDRywo8lVUpq6uiCL71/eDGkWtcyu2RIRiPvyMnihABWcuhLVJViOloR
-ee5AQ54WLMzmRfS7gijCgzUsVTaZWRGxFdADwaU34R+7Q8e0uTPeFNd8mUUPwQb+
-tiUQWbdydn+RS+rRuWpq7d0bqQ6nKUi3TQIDAQABo1AwTjAdBgNVHQ4EFgQUpP25
-ORuBs6rriB3Ugam1EXDMp+EwHwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDM
-p+EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQfnDo3cRklXnS0oy
-ajHZUc8GpTnqMJi4jU8kxTT9xpgQWTJ+V/WPumfJ/ERos3zxrzpfDY+h/kEhDukI
-o2NJZjRKzc5mdEcw99yCmSFWgv8tEpB9emQioO36Ytla05eWDASnR4jaU7YzFRX5
-2u6sJekHAom8c6LGJ28fvXO4jveUVFeni1uaJKqG1ARcjMsookX5NPABILsG6EEU
-0tfK6L9OFnIioAyGynMjCa5x8VIM27KKTZSl+hWBW6KVYlCh1mT+TAxgjZsPuEGs
-yzHCF2x7YRMWmttk/F9HhD3SLtsLnrYehQTB5cCybY/ymQA6GqsCz0V6JsGwH8aw
-0E33Ug==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-user/cacert.pem b/tests/hwsim/auth_serv/iCA-user/cacert.pem
deleted file mode 100644
index f55814817e4a..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/cacert.pem
+++ /dev/null
@@ -1,81 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f8
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=User Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:b9:88:7a:fc:1a:f9:00:68:63:c7:40:ff:d5:38:
-                    8e:88:8c:c9:8f:66:ec:74:0a:a6:f1:18:30:30:36:
-                    9a:2a:98:c5:a0:46:02:e2:3c:64:86:79:43:45:19:
-                    83:7a:82:3d:f9:c6:af:01:11:91:2c:4f:07:f8:d7:
-                    ef:da:80:6c:07:88:6a:1e:e6:0e:78:ca:08:50:4f:
-                    f0:8a:2e:54:41:9f:04:63:8b:70:99:ae:6f:95:ed:
-                    5c:c8:34:8e:6b:36:64:bc:44:c9:fb:cb:50:ef:b1:
-                    5b:9b:2c:db:2a:a7:f9:e0:e2:48:57:78:cf:ba:0f:
-                    1a:af:5a:63:64:18:39:9c:d4:af:8d:f9:27:d9:10:
-                    b4:67:17:a1:24:98:f1:ef:ce:ad:12:6f:e4:47:36:
-                    b6:d2:b6:1c:04:03:76:43:63:fb:b6:3e:3f:1a:c8:
-                    c4:8b:69:28:7c:75:dc:bb:36:7f:ad:6a:a2:c1:32:
-                    f3:5e:64:86:57:f1:ee:20:af:64:bd:e0:7c:ba:68:
-                    9b:75:ed:b3:1c:0f:12:e0:52:12:ff:18:0e:8f:1d:
-                    bf:c8:88:56:35:4d:9e:1f:74:1e:19:d7:0c:b4:e7:
-                    46:ee:cf:c6:63:35:ba:16:7f:05:84:8b:bf:16:72:
-                    05:ee:22:6e:3a:54:80:2b:0e:36:96:8d:65:5f:64:
-                    12:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                F0:F7:82:29:71:CD:AF:72:CE:F6:3C:0B:40:16:C2:FD:9F:8A:51:A7
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         70:45:66:14:00:22:85:1c:f8:b9:b3:2c:e8:64:4d:01:53:b8:
-         cb:23:ad:fa:01:7c:27:f7:aa:8d:d8:6c:6a:f8:72:21:63:bf:
-         30:7e:05:8c:84:e3:d1:1e:d1:f3:1d:80:3d:e8:75:06:ae:1b:
-         48:a9:cf:0e:c6:59:6b:f8:d1:25:5a:64:b7:46:2d:29:72:da:
-         d6:3a:79:d3:92:41:d7:31:e4:4e:5e:1b:62:88:41:77:f6:62:
-         a2:3e:c1:a2:ef:79:0c:8f:39:7c:df:a0:4b:d5:ac:58:aa:3e:
-         fd:95:6b:f7:c0:42:29:2e:86:67:5e:d9:3e:7b:e7:a6:bd:3b:
-         7e:3b:19:54:9b:89:40:0e:39:23:8a:af:f2:db:12:5b:09:b4:
-         45:df:c8:3e:8f:fc:fc:55:3e:35:8d:7b:82:50:d5:a3:ea:bb:
-         c4:40:6d:61:ad:92:b2:66:91:0f:5b:3d:49:5e:b5:3e:98:15:
-         9e:2a:23:06:35:e0:13:bc:50:84:06:e4:1b:b9:fc:32:a2:4a:
-         0d:e5:86:ac:69:47:c3:17:11:07:ac:5a:09:69:ed:99:d0:52:
-         fd:6d:ab:0d:44:35:bb:c0:76:27:50:75:df:06:78:f6:92:54:
-         fc:54:76:b5:6f:a0:f6:51:20:1f:7f:8e:aa:5f:c8:48:88:e4:
-         1a:83:f6:b7
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIJANjT46bL48z4MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMDwxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1l
-ZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iHr8GvkA
-aGPHQP/VOI6IjMmPZux0CqbxGDAwNpoqmMWgRgLiPGSGeUNFGYN6gj35xq8BEZEs
-Twf41+/agGwHiGoe5g54yghQT/CKLlRBnwRji3CZrm+V7VzINI5rNmS8RMn7y1Dv
-sVubLNsqp/ng4khXeM+6DxqvWmNkGDmc1K+N+SfZELRnF6EkmPHvzq0Sb+RHNrbS
-thwEA3ZDY/u2Pj8ayMSLaSh8ddy7Nn+taqLBMvNeZIZX8e4gr2S94Hy6aJt17bMc
-DxLgUhL/GA6PHb/IiFY1TZ4fdB4Z1wy050buz8ZjNboWfwWEi78WcgXuIm46VIAr
-DjaWjWVfZBLNAgMBAAGjZjBkMB0GA1UdDgQWBBTw94Ipcc2vcs72PAtAFsL9n4pR
-pzAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TASBgNVHRMBAf8ECDAG
-AQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcEVmFAAi
-hRz4ubMs6GRNAVO4yyOt+gF8J/eqjdhsavhyIWO/MH4FjITj0R7R8x2APeh1Bq4b
-SKnPDsZZa/jRJVpkt0YtKXLa1jp505JB1zHkTl4bYohBd/Zioj7Bou95DI85fN+g
-S9WsWKo+/ZVr98BCKS6GZ17ZPnvnpr07fjsZVJuJQA45I4qv8tsSWwm0Rd/IPo/8
-/FU+NY17glDVo+q7xEBtYa2SsmaRD1s9SV61PpgVniojBjXgE7xQhAbkG7n8MqJK
-DeWGrGlHwxcRB6xaCWntmdBS/W2rDUQ1u8B2J1B13wZ49pJU/FR2tW+g9lEgH3+O
-ql/ISIjkGoP2tw==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-user/careq.pem b/tests/hwsim/auth_serv/iCA-user/careq.pem
deleted file mode 100644
index 58a202e231dc..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/careq.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIClDCCAXwCAQAwTzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlhdGUgQ0EwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iHr8GvkAaGPHQP/VOI6IjMmP
-Zux0CqbxGDAwNpoqmMWgRgLiPGSGeUNFGYN6gj35xq8BEZEsTwf41+/agGwHiGoe
-5g54yghQT/CKLlRBnwRji3CZrm+V7VzINI5rNmS8RMn7y1DvsVubLNsqp/ng4khX
-eM+6DxqvWmNkGDmc1K+N+SfZELRnF6EkmPHvzq0Sb+RHNrbSthwEA3ZDY/u2Pj8a
-yMSLaSh8ddy7Nn+taqLBMvNeZIZX8e4gr2S94Hy6aJt17bMcDxLgUhL/GA6PHb/I
-iFY1TZ4fdB4Z1wy050buz8ZjNboWfwWEi78WcgXuIm46VIArDjaWjWVfZBLNAgMB
-AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAt/AtU5ZkTH2fksE0NkQ24G2s/3FGSPH1
-wOtQKHUaUXHWeAddimhKOCo2nStyzJ3SYkrkBaGkCf2YDVmDT2FJrEEU/8fhwWgb
-VPdqMHG+tXhzAf6AoqOZ/r/5wGLEvOXuoVlF4Ey+dfYPBpfvJRjOl/xHN7B+b5Pe
-1Q25yWo3ekdeRIWZnJx7b/5xkgSH1blqiSVVlhQ9uOUeBiOIS+CXGBo+kqcGRxm2
-awQRONpQb4dJ2+PEAFMTWHs/WWHpftDx878YafRfrcEx9iCWb4L4FKQo7VgcmgSs
-cErQMDUfGOmRKTXJ6pJAv6O8KdWaDuTiM7o6yo5VggIcUTj2XGkRLQ==
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/iCA-user/index.txt b/tests/hwsim/auth_serv/iCA-user/index.txt
deleted file mode 100644
index df7ada787ca1..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/index.txt
+++ /dev/null
@@ -1 +0,0 @@
-V	300501152011Z		5923F47610CA8942F55C075C62D2678BE42292A9	unknown	/C=FI/O=w1.fi/CN=user.w1.fi
diff --git a/tests/hwsim/auth_serv/iCA-user/index.txt.attr b/tests/hwsim/auth_serv/iCA-user/index.txt.attr
deleted file mode 100644
index 3a7e39e6ee60..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = no
diff --git a/tests/hwsim/auth_serv/iCA-user/private/cakey.pem b/tests/hwsim/auth_serv/iCA-user/private/cakey.pem
deleted file mode 100644
index fb51ae7ea3f4..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/private/cakey.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5iHr8GvkAaGPH
-QP/VOI6IjMmPZux0CqbxGDAwNpoqmMWgRgLiPGSGeUNFGYN6gj35xq8BEZEsTwf4
-1+/agGwHiGoe5g54yghQT/CKLlRBnwRji3CZrm+V7VzINI5rNmS8RMn7y1DvsVub
-LNsqp/ng4khXeM+6DxqvWmNkGDmc1K+N+SfZELRnF6EkmPHvzq0Sb+RHNrbSthwE
-A3ZDY/u2Pj8ayMSLaSh8ddy7Nn+taqLBMvNeZIZX8e4gr2S94Hy6aJt17bMcDxLg
-UhL/GA6PHb/IiFY1TZ4fdB4Z1wy050buz8ZjNboWfwWEi78WcgXuIm46VIArDjaW
-jWVfZBLNAgMBAAECggEAJ3Ghm+lsGK8Yz2q9OSp9+v/bdjZOfNkq5sTasdVZ70Zt
-dYaM5GYshP5Q0+b5sdjwriKUYCjI8V+X9UqLPqvgy7UvwoPsfbeODuz/2ZDB7vWM
-rFEfzjxskrZU7GdoA9kbj38cZgCyo1LUg+gEbEwr7qiM8rPHjenaJX+U89nGndWo
-xbjy+PtpSkcNV38H690w2elxTIz4XBHRFumQ4rmlGaa9rMTKRkeVaV42cAdScwmh
-OR/Cy0XW+x2xyQolBIBRSp7Sn5xtulA1g4iaifVtY8qNQhQ9++TxkId3+VB/7HGJ
-kYmfucUPeTD1SR6yVhhXtmrpTfas0rvzAR2RAxjsbQKBgQDspqiXOGSXJS0XupVR
-Zzpb44306Zr9kobLZoIjLa4igEoJvB3IZTLNMK6UAvbDiQJYAP4Mx0x8hWhyWcb+
-PiXDfWFshlQvLKikt4hLtxBGCoGf4TcR5y2qkOlRjAC+LwgGMQ1q34E5JI1sOo/2
-frB1dYApow9IpC4Svy2QIFkicwKBgQDIs9+laNPoFwHljEF7xRA3QYt2+03ps4gF
-GsO/vb73C0sStS5M9I0MlY44Fk7dtEo6WQCORHlusc0Zr1qli6EdUh5wnR6SMqYZ
-IX3gJiGzu8AQBGTL/fZAzy4YQeiVicJCUeu2MxXhKcqstWC4UUyQgys67by0YvpF
-qn7TtYRlvwKBgQC2YN4u5IQJQ9pTnjTzLlX4eQ9u/xW2dFUzrkV+7PZ1ml70z6g4
-R112ax0v7nTUTuOihOlFWdblZD8RWYUVbTnXRepuI7v/OzCg+NyuVV/SSsiJOZ0i
-TAKSn+lgMkBkUYSimO0ZPzSsoDHphdxrAEnny+1AqWze88CaLAHmQDfRZwKBgHgy
-iWEVm7smdENWMS1/wotlHLIgJPQuSerMsajWaVSolchZa6Y423RK6QacDZVnUQEK
-pnONfLAXmb6lLwNv0QivUn2dC18BKEpqrWkdTRfH/GlbSEaHDQCZU4DBkBpmi0mO
-qDzQ8WyMy82NPqSEQ/dUJwK+uEHL+RjZ1+TQk78fAoGBAJcRCj4OBMHBSKazW/T2
-b8WXps3bEwdDBg8lBj2yv10AN6DtJqhPd4DaEdriRSMaufrPuNEdkMbOHkXGqPM6
-Fayi/ayFGGO20XrfuUHRbLCiF1f8/OZSTOEXFpungFLk2awpTkcsbwQ0GK/BU2H1
-hW28/pW9mlvPCm3HQFE8rMxS
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/iCA-user/serial b/tests/hwsim/auth_serv/iCA-user/serial
deleted file mode 100644
index 24ff150cb5a8..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/serial
+++ /dev/null
@@ -1 +0,0 @@
-5923F47610CA8942F55C075C62D2678BE42292AA
diff --git a/tests/hwsim/auth_serv/iCA-user/user.key b/tests/hwsim/auth_serv/iCA-user/user.key
deleted file mode 100644
index 1ede4cd1926e..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/user.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDUXyPsAcY+0lnu
-381yjUHOQK+GvsKZaTuRo3wt5PWhcjwOuaalofWlv19TmDPCwBgkR0yES57R8kkF
-hS2HVq5DvKGJ10qpZhPHrjVKzC9ztlB+Y7qwpryV8fGaw6mymD7/J5dks1QJB/xu
-xM9/keCXwmMQodrmqX1AuQO+txxGkBBfmgrljAlW076lwUJd9Ezlvv3ZZkP56Tg2
-GmbTO3wRRnkWebjPgRQKTLe+e/KD9IcqHrH/eBwVUyF/dtFVDwi+EQ8Z60Zhrak2
-vLuBvzdtDF/RZ3Gp2iduL5DoO9Brl8Mb582BQA3WLv4kQGeE7eq38ybFIzX5fLVc
-+d8fn6CFAgMBAAECggEAHiVvPPY3hP1pJL6CNGuW1sdZ4z+68fn9KbxSSVWCBKvp
-mJGD9WkbLK8QwhYN6uxHwQaZ9wGhBt5kvTLddqO4Uwc4yw9Tmt5RmnvBNt/rMHrF
-zFstyhuxE3vntvdlZGO2NZQSKopGOI34qGSpq8syXXiLhXXkU+/lRsW8oVru2Zkh
-dZMgdOmd9aTNNXA1f4uufOBnlgv0g+VeXAH/k1juybQYj2BilLZFUSkWtRxffm98
-hyMKHkcr4XEdZSyuhAM/yHn0REG//XMrKCoe5snzV9R3BKuJpMVctrePAKlKdIbk
-OJz6EJfT4whDuI9nO0aCIJCKx88Qsgka0JOHVuL0tQKBgQDsi66IONWzR2/K4K+r
-9G38T5bzg3qB5YbXHyqRgU77W13Z2CaEjzB1QfX8pFaPARMJxg+WXupbSq632iTH
-wPMjnSMYc4PeucyvEAudUeP8yc8hx5vVRCIyIyz3QhAB2bo48EKq9dSwsCJ1HrIO
-xtjEU9x+BLl6cgesdVZgl75oBwKBgQDl1n2TPUoxpYkF5cavbs2c7wPXajbd54h8
-EwwF71AWMsngjuY02pzKDniU5tKgHHWXvGdZ5ER+7JJyqenyAQgdfjkKJ4ujqsOL
-MHsLEH1qopWGNtrDxGFfibBNMrKPM2n/oYbYsrfSvKadhwZbwDVq4ZtzmszWqLtf
-+weGR4jYEwKBgQCKGN5TLwMsAFe21MgalsAjXn/dOPQro8m+C7b5bcmjm2rGRJfw
-Kfx7aH/o+DSElnb77MKq4kzl8UrhkRyJ9g68yv9zRfVF8akaxz5QoT9+FH+10+gZ
-cQaZyMl2rP3VZrx+g14Ymx6J7LqhL8N6NwLUU7VVaQK0BqCOQY6lI9IIvwKBgHyn
-EARDQXIbrW0dadzL44gxuYujd45yfHuOeP7fBDiF4yd/WSthRZfwsUVQyvs7dCuP
-ax49x0hvVh4KOW+fT59vTdBMElf5zYQ4DwO5NcwX0bCxH4T9hTIjoxK7ZEx2Pg7+
-s/vjMf+BgXv+N1ybql0FbyIL2vyxFq6/nx0cvwMxAoGAMTuKJfxbN8UfQzGWWZ9g
-Q3YQhEwOytLYs3yiymSlUfNlyFGC41zM1Jn/wsx7koWyTdzVYoOR7Dm/yKMwcRrc
-Oqd+04Vn5BF81HgM8rmEUxD5x5WXWALg8pN2r8gb7QUlcjkxMEbfyKSo515JbnYc
-84mcq6qC9A8ksJ/KdFv7dTY=
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/iCA-user/user.pem b/tests/hwsim/auth_serv/iCA-user/user.pem
deleted file mode 100644
index 4ed6c06e2d2b..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/user.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            59:23:f4:76:10:ca:89:42:f5:5c:07:5c:62:d2:67:8b:e4:22:92:a9
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=User Intermediate CA
-        Validity
-            Not Before: May  3 15:20:11 2020 GMT
-            Not After : May  1 15:20:11 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=user.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:d4:5f:23:ec:01:c6:3e:d2:59:ee:df:cd:72:8d:
-                    41:ce:40:af:86:be:c2:99:69:3b:91:a3:7c:2d:e4:
-                    f5:a1:72:3c:0e:b9:a6:a5:a1:f5:a5:bf:5f:53:98:
-                    33:c2:c0:18:24:47:4c:84:4b:9e:d1:f2:49:05:85:
-                    2d:87:56:ae:43:bc:a1:89:d7:4a:a9:66:13:c7:ae:
-                    35:4a:cc:2f:73:b6:50:7e:63:ba:b0:a6:bc:95:f1:
-                    f1:9a:c3:a9:b2:98:3e:ff:27:97:64:b3:54:09:07:
-                    fc:6e:c4:cf:7f:91:e0:97:c2:63:10:a1:da:e6:a9:
-                    7d:40:b9:03:be:b7:1c:46:90:10:5f:9a:0a:e5:8c:
-                    09:56:d3:be:a5:c1:42:5d:f4:4c:e5:be:fd:d9:66:
-                    43:f9:e9:38:36:1a:66:d3:3b:7c:11:46:79:16:79:
-                    b8:cf:81:14:0a:4c:b7:be:7b:f2:83:f4:87:2a:1e:
-                    b1:ff:78:1c:15:53:21:7f:76:d1:55:0f:08:be:11:
-                    0f:19:eb:46:61:ad:a9:36:bc:bb:81:bf:37:6d:0c:
-                    5f:d1:67:71:a9:da:27:6e:2f:90:e8:3b:d0:6b:97:
-                    c3:1b:e7:cd:81:40:0d:d6:2e:fe:24:40:67:84:ed:
-                    ea:b7:f3:26:c5:23:35:f9:7c:b5:5c:f9:df:1f:9f:
-                    a0:85
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                4F:DA:AA:81:CB:4A:79:E4:8B:4A:92:FC:38:41:92:BA:D9:F9:4C:32
-            X509v3 Authority Key Identifier: 
-                keyid:F0:F7:82:29:71:CD:AF:72:CE:F6:3C:0B:40:16:C2:FD:9F:8A:51:A7
-
-            X509v3 Subject Alternative Name: critical
-                DNS:user.w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha256WithRSAEncryption
-         86:b3:8b:79:3b:32:a2:34:bb:9b:12:9d:ad:d2:c7:c6:58:cd:
-         24:14:70:7b:4f:7c:52:9a:36:c1:72:aa:bb:a7:a8:a0:ae:82:
-         ff:ea:9e:14:29:5f:04:82:8f:0a:46:ee:6b:b8:c8:f9:4f:8d:
-         1a:af:e6:d2:b0:87:4c:f4:a0:f9:c3:1c:cf:16:2e:28:c7:95:
-         5c:86:a8:15:52:e8:9b:4d:40:6c:b0:82:f9:e5:8e:10:1f:f8:
-         d9:7a:4a:a6:e6:fb:00:ab:13:09:ee:4a:2b:6f:aa:a0:5d:90:
-         e9:89:40:68:fd:1e:99:f1:cf:5d:fb:d4:76:16:6b:76:52:66:
-         17:77:68:e3:d1:7a:35:17:e3:81:9a:46:bd:c9:44:37:10:c4:
-         a4:13:dd:f6:c9:b8:08:f4:e1:92:18:7f:8c:c5:c9:14:4b:34:
-         5b:d4:db:46:a3:6b:61:1c:5b:52:b4:24:73:98:ce:b2:5a:f3:
-         51:72:68:bc:d0:8f:36:5d:16:58:b9:91:2e:e2:6f:09:33:40:
-         13:f7:ba:8f:b7:36:02:36:1c:0e:c4:db:a2:dc:17:31:dd:6b:
-         4c:e3:5e:04:ab:d5:30:fd:f6:ba:1a:00:04:ea:4b:88:34:d8:
-         5e:f2:0a:44:61:05:1c:7b:42:86:7e:42:e8:42:f1:19:a2:48:
-         28:44:97:3e
------BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIUWSP0dhDKiUL1XAdcYtJni+QikqkwDQYJKoZIhvcNAQEL
-BQAwPDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR0wGwYDVQQDDBRVc2Vy
-IEludGVybWVkaWF0ZSBDQTAeFw0yMDA1MDMxNTIwMTFaFw0zMDA1MDExNTIwMTFa
-MDIxCzAJBgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTETMBEGA1UEAwwKdXNlci53
-MS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANRfI+wBxj7SWe7f
-zXKNQc5Ar4a+wplpO5GjfC3k9aFyPA65pqWh9aW/X1OYM8LAGCRHTIRLntHySQWF
-LYdWrkO8oYnXSqlmE8euNUrML3O2UH5jurCmvJXx8ZrDqbKYPv8nl2SzVAkH/G7E
-z3+R4JfCYxCh2uapfUC5A763HEaQEF+aCuWMCVbTvqXBQl30TOW+/dlmQ/npODYa
-ZtM7fBFGeRZ5uM+BFApMt7578oP0hyoesf94HBVTIX920VUPCL4RDxnrRmGtqTa8
-u4G/N20MX9FncanaJ24vkOg70GuXwxvnzYFADdYu/iRAZ4Tt6rfzJsUjNfl8tVz5
-3x+foIUCAwEAAaOBijCBhzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRP2qqBy0p55ItK
-kvw4QZK62flMMjAfBgNVHSMEGDAWgBTw94Ipcc2vcs72PAtAFsL9n4pRpzAYBgNV
-HREBAf8EDjAMggp1c2VyLncxLmZpMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAhrOLeTsyojS7mxKdrdLHxljNJBRw
-e098Upo2wXKqu6eooK6C/+qeFClfBIKPCkbua7jI+U+NGq/m0rCHTPSg+cMczxYu
-KMeVXIaoFVLom01AbLCC+eWOEB/42XpKpub7AKsTCe5KK2+qoF2Q6YlAaP0emfHP
-XfvUdhZrdlJmF3do49F6NRfjgZpGvclENxDEpBPd9sm4CPThkhh/jMXJFEs0W9Tb
-RqNrYRxbUrQkc5jOslrzUXJovNCPNl0WWLmRLuJvCTNAE/e6j7c2AjYcDsTbotwX
-Md1rTONeBKvVMP32uhoABOpLiDTYXvIKRGEFHHtChn5C6ELxGaJIKESXPg==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/iCA-user/user.req b/tests/hwsim/auth_serv/iCA-user/user.req
deleted file mode 100644
index 5b5256655e1c..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/user.req
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICijCCAXICAQAwRTELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTETMBEGA1UEAwwKdXNlci53MS5maTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANRfI+wBxj7SWe7fzXKNQc5Ar4a+wplpO5GjfC3k
-9aFyPA65pqWh9aW/X1OYM8LAGCRHTIRLntHySQWFLYdWrkO8oYnXSqlmE8euNUrM
-L3O2UH5jurCmvJXx8ZrDqbKYPv8nl2SzVAkH/G7Ez3+R4JfCYxCh2uapfUC5A763
-HEaQEF+aCuWMCVbTvqXBQl30TOW+/dlmQ/npODYaZtM7fBFGeRZ5uM+BFApMt757
-8oP0hyoesf94HBVTIX920VUPCL4RDxnrRmGtqTa8u4G/N20MX9FncanaJ24vkOg7
-0GuXwxvnzYFADdYu/iRAZ4Tt6rfzJsUjNfl8tVz53x+foIUCAwEAAaAAMA0GCSqG
-SIb3DQEBCwUAA4IBAQBXDSMg3STy5dxee9/+DnPa859cH3b3xawbT7RY4j3n/ZCL
-RiB6EqH8L0wSEwTZpF1YqNdjx1weDwxA1eM4esLslcyyCdMTRXVS7QogwuHj+Qo4
-3qqiSFOpJBh7zxdz3Eph/4rr0SdeUefHUyFvKvu7gcS1LwHY0vCGQ3FO6eVLDZl4
-eEMdz6MynkBBj1kjYWnn8jaUraNBqOFKg9ll3S5K9RH3yJZhdhcodiun2S2IaL4E
-evgt2u2Fr9Eka2wXRBlf1F+raSyVsdFY4a3aMzYQes0whGwWpmkMOo/4Ax8TL+co
-SMc3B4yezaS4iypgI9EZThe4/KaidGEqCkyAPOem
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/iCA-user/user_and_ica.pem b/tests/hwsim/auth_serv/iCA-user/user_and_ica.pem
deleted file mode 100644
index 50df34d62bd1..000000000000
--- a/tests/hwsim/auth_serv/iCA-user/user_and_ica.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            59:23:f4:76:10:ca:89:42:f5:5c:07:5c:62:d2:67:8b:e4:22:92:a9
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, O=w1.fi, CN=User Intermediate CA
-        Validity
-            Not Before: May  3 15:20:11 2020 GMT
-            Not After : May  1 15:20:11 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=user.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:d4:5f:23:ec:01:c6:3e:d2:59:ee:df:cd:72:8d:
-                    41:ce:40:af:86:be:c2:99:69:3b:91:a3:7c:2d:e4:
-                    f5:a1:72:3c:0e:b9:a6:a5:a1:f5:a5:bf:5f:53:98:
-                    33:c2:c0:18:24:47:4c:84:4b:9e:d1:f2:49:05:85:
-                    2d:87:56:ae:43:bc:a1:89:d7:4a:a9:66:13:c7:ae:
-                    35:4a:cc:2f:73:b6:50:7e:63:ba:b0:a6:bc:95:f1:
-                    f1:9a:c3:a9:b2:98:3e:ff:27:97:64:b3:54:09:07:
-                    fc:6e:c4:cf:7f:91:e0:97:c2:63:10:a1:da:e6:a9:
-                    7d:40:b9:03:be:b7:1c:46:90:10:5f:9a:0a:e5:8c:
-                    09:56:d3:be:a5:c1:42:5d:f4:4c:e5:be:fd:d9:66:
-                    43:f9:e9:38:36:1a:66:d3:3b:7c:11:46:79:16:79:
-                    b8:cf:81:14:0a:4c:b7:be:7b:f2:83:f4:87:2a:1e:
-                    b1:ff:78:1c:15:53:21:7f:76:d1:55:0f:08:be:11:
-                    0f:19:eb:46:61:ad:a9:36:bc:bb:81:bf:37:6d:0c:
-                    5f:d1:67:71:a9:da:27:6e:2f:90:e8:3b:d0:6b:97:
-                    c3:1b:e7:cd:81:40:0d:d6:2e:fe:24:40:67:84:ed:
-                    ea:b7:f3:26:c5:23:35:f9:7c:b5:5c:f9:df:1f:9f:
-                    a0:85
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                4F:DA:AA:81:CB:4A:79:E4:8B:4A:92:FC:38:41:92:BA:D9:F9:4C:32
-            X509v3 Authority Key Identifier: 
-                keyid:F0:F7:82:29:71:CD:AF:72:CE:F6:3C:0B:40:16:C2:FD:9F:8A:51:A7
-
-            X509v3 Subject Alternative Name: critical
-                DNS:user.w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha256WithRSAEncryption
-         86:b3:8b:79:3b:32:a2:34:bb:9b:12:9d:ad:d2:c7:c6:58:cd:
-         24:14:70:7b:4f:7c:52:9a:36:c1:72:aa:bb:a7:a8:a0:ae:82:
-         ff:ea:9e:14:29:5f:04:82:8f:0a:46:ee:6b:b8:c8:f9:4f:8d:
-         1a:af:e6:d2:b0:87:4c:f4:a0:f9:c3:1c:cf:16:2e:28:c7:95:
-         5c:86:a8:15:52:e8:9b:4d:40:6c:b0:82:f9:e5:8e:10:1f:f8:
-         d9:7a:4a:a6:e6:fb:00:ab:13:09:ee:4a:2b:6f:aa:a0:5d:90:
-         e9:89:40:68:fd:1e:99:f1:cf:5d:fb:d4:76:16:6b:76:52:66:
-         17:77:68:e3:d1:7a:35:17:e3:81:9a:46:bd:c9:44:37:10:c4:
-         a4:13:dd:f6:c9:b8:08:f4:e1:92:18:7f:8c:c5:c9:14:4b:34:
-         5b:d4:db:46:a3:6b:61:1c:5b:52:b4:24:73:98:ce:b2:5a:f3:
-         51:72:68:bc:d0:8f:36:5d:16:58:b9:91:2e:e2:6f:09:33:40:
-         13:f7:ba:8f:b7:36:02:36:1c:0e:c4:db:a2:dc:17:31:dd:6b:
-         4c:e3:5e:04:ab:d5:30:fd:f6:ba:1a:00:04:ea:4b:88:34:d8:
-         5e:f2:0a:44:61:05:1c:7b:42:86:7e:42:e8:42:f1:19:a2:48:
-         28:44:97:3e
------BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIUWSP0dhDKiUL1XAdcYtJni+QikqkwDQYJKoZIhvcNAQEL
-BQAwPDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMR0wGwYDVQQDDBRVc2Vy
-IEludGVybWVkaWF0ZSBDQTAeFw0yMDA1MDMxNTIwMTFaFw0zMDA1MDExNTIwMTFa
-MDIxCzAJBgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTETMBEGA1UEAwwKdXNlci53
-MS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANRfI+wBxj7SWe7f
-zXKNQc5Ar4a+wplpO5GjfC3k9aFyPA65pqWh9aW/X1OYM8LAGCRHTIRLntHySQWF
-LYdWrkO8oYnXSqlmE8euNUrML3O2UH5jurCmvJXx8ZrDqbKYPv8nl2SzVAkH/G7E
-z3+R4JfCYxCh2uapfUC5A763HEaQEF+aCuWMCVbTvqXBQl30TOW+/dlmQ/npODYa
-ZtM7fBFGeRZ5uM+BFApMt7578oP0hyoesf94HBVTIX920VUPCL4RDxnrRmGtqTa8
-u4G/N20MX9FncanaJ24vkOg70GuXwxvnzYFADdYu/iRAZ4Tt6rfzJsUjNfl8tVz5
-3x+foIUCAwEAAaOBijCBhzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRP2qqBy0p55ItK
-kvw4QZK62flMMjAfBgNVHSMEGDAWgBTw94Ipcc2vcs72PAtAFsL9n4pRpzAYBgNV
-HREBAf8EDjAMggp1c2VyLncxLmZpMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
-DwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAhrOLeTsyojS7mxKdrdLHxljNJBRw
-e098Upo2wXKqu6eooK6C/+qeFClfBIKPCkbua7jI+U+NGq/m0rCHTPSg+cMczxYu
-KMeVXIaoFVLom01AbLCC+eWOEB/42XpKpub7AKsTCe5KK2+qoF2Q6YlAaP0emfHP
-XfvUdhZrdlJmF3do49F6NRfjgZpGvclENxDEpBPd9sm4CPThkhh/jMXJFEs0W9Tb
-RqNrYRxbUrQkc5jOslrzUXJovNCPNl0WWLmRLuJvCTNAE/e6j7c2AjYcDsTbotwX
-Md1rTONeBKvVMP32uhoABOpLiDTYXvIKRGEFHHtChn5C6ELxGaJIKESXPg==
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cc:f8
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 15:20:10 2020 GMT
-            Not After : May  3 15:20:10 2030 GMT
-        Subject: C=FI, O=w1.fi, CN=User Intermediate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:b9:88:7a:fc:1a:f9:00:68:63:c7:40:ff:d5:38:
-                    8e:88:8c:c9:8f:66:ec:74:0a:a6:f1:18:30:30:36:
-                    9a:2a:98:c5:a0:46:02:e2:3c:64:86:79:43:45:19:
-                    83:7a:82:3d:f9:c6:af:01:11:91:2c:4f:07:f8:d7:
-                    ef:da:80:6c:07:88:6a:1e:e6:0e:78:ca:08:50:4f:
-                    f0:8a:2e:54:41:9f:04:63:8b:70:99:ae:6f:95:ed:
-                    5c:c8:34:8e:6b:36:64:bc:44:c9:fb:cb:50:ef:b1:
-                    5b:9b:2c:db:2a:a7:f9:e0:e2:48:57:78:cf:ba:0f:
-                    1a:af:5a:63:64:18:39:9c:d4:af:8d:f9:27:d9:10:
-                    b4:67:17:a1:24:98:f1:ef:ce:ad:12:6f:e4:47:36:
-                    b6:d2:b6:1c:04:03:76:43:63:fb:b6:3e:3f:1a:c8:
-                    c4:8b:69:28:7c:75:dc:bb:36:7f:ad:6a:a2:c1:32:
-                    f3:5e:64:86:57:f1:ee:20:af:64:bd:e0:7c:ba:68:
-                    9b:75:ed:b3:1c:0f:12:e0:52:12:ff:18:0e:8f:1d:
-                    bf:c8:88:56:35:4d:9e:1f:74:1e:19:d7:0c:b4:e7:
-                    46:ee:cf:c6:63:35:ba:16:7f:05:84:8b:bf:16:72:
-                    05:ee:22:6e:3a:54:80:2b:0e:36:96:8d:65:5f:64:
-                    12:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                F0:F7:82:29:71:CD:AF:72:CE:F6:3C:0B:40:16:C2:FD:9F:8A:51:A7
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha256WithRSAEncryption
-         70:45:66:14:00:22:85:1c:f8:b9:b3:2c:e8:64:4d:01:53:b8:
-         cb:23:ad:fa:01:7c:27:f7:aa:8d:d8:6c:6a:f8:72:21:63:bf:
-         30:7e:05:8c:84:e3:d1:1e:d1:f3:1d:80:3d:e8:75:06:ae:1b:
-         48:a9:cf:0e:c6:59:6b:f8:d1:25:5a:64:b7:46:2d:29:72:da:
-         d6:3a:79:d3:92:41:d7:31:e4:4e:5e:1b:62:88:41:77:f6:62:
-         a2:3e:c1:a2:ef:79:0c:8f:39:7c:df:a0:4b:d5:ac:58:aa:3e:
-         fd:95:6b:f7:c0:42:29:2e:86:67:5e:d9:3e:7b:e7:a6:bd:3b:
-         7e:3b:19:54:9b:89:40:0e:39:23:8a:af:f2:db:12:5b:09:b4:
-         45:df:c8:3e:8f:fc:fc:55:3e:35:8d:7b:82:50:d5:a3:ea:bb:
-         c4:40:6d:61:ad:92:b2:66:91:0f:5b:3d:49:5e:b5:3e:98:15:
-         9e:2a:23:06:35:e0:13:bc:50:84:06:e4:1b:b9:fc:32:a2:4a:
-         0d:e5:86:ac:69:47:c3:17:11:07:ac:5a:09:69:ed:99:d0:52:
-         fd:6d:ab:0d:44:35:bb:c0:76:27:50:75:df:06:78:f6:92:54:
-         fc:54:76:b5:6f:a0:f6:51:20:1f:7f:8e:aa:5f:c8:48:88:e4:
-         1a:83:f6:b7
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIJANjT46bL48z4MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDA1MDMxNTIwMTBaFw0zMDA1MDMxNTIwMTBaMDwxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1l
-ZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iHr8GvkA
-aGPHQP/VOI6IjMmPZux0CqbxGDAwNpoqmMWgRgLiPGSGeUNFGYN6gj35xq8BEZEs
-Twf41+/agGwHiGoe5g54yghQT/CKLlRBnwRji3CZrm+V7VzINI5rNmS8RMn7y1Dv
-sVubLNsqp/ng4khXeM+6DxqvWmNkGDmc1K+N+SfZELRnF6EkmPHvzq0Sb+RHNrbS
-thwEA3ZDY/u2Pj8ayMSLaSh8ddy7Nn+taqLBMvNeZIZX8e4gr2S94Hy6aJt17bMc
-DxLgUhL/GA6PHb/IiFY1TZ4fdB4Z1wy050buz8ZjNboWfwWEi78WcgXuIm46VIAr
-DjaWjWVfZBLNAgMBAAGjZjBkMB0GA1UdDgQWBBTw94Ipcc2vcs72PAtAFsL9n4pR
-pzAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TASBgNVHRMBAf8ECDAG
-AQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcEVmFAAi
-hRz4ubMs6GRNAVO4yyOt+gF8J/eqjdhsavhyIWO/MH4FjITj0R7R8x2APeh1Bq4b
-SKnPDsZZa/jRJVpkt0YtKXLa1jp505JB1zHkTl4bYohBd/Zioj7Bou95DI85fN+g
-S9WsWKo+/ZVr98BCKS6GZ17ZPnvnpr07fjsZVJuJQA45I4qv8tsSWwm0Rd/IPo/8
-/FU+NY17glDVo+q7xEBtYa2SsmaRD1s9SV61PpgVniojBjXgE7xQhAbkG7n8MqJK
-DeWGrGlHwxcRB6xaCWntmdBS/W2rDUQ1u8B2J1B13wZ49pJU/FR2tW+g9lEgH3+O
-ql/ISIjkGoP2tw==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ica-generate.sh b/tests/hwsim/auth_serv/ica-generate.sh
deleted file mode 100755
index d3fe7b96458f..000000000000
--- a/tests/hwsim/auth_serv/ica-generate.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/sh
-
-OPENSSL=openssl
-
-echo
-echo "---[ Intermediate CA - Server ]-----------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/ec-ca/rootCA/" |
-	sed "s/#@CN@/commonName_default = Server Intermediate CA/" \
-	> openssl.cnf.tmp
-mkdir -p iCA-server/certs iCA-server/crl iCA-server/newcerts iCA-server/private
-touch iCA-server/index.txt
-$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/private/cakey.pem -out iCA-server/careq.pem -outform PEM -days 3652 -sha256
-$OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out iCA-server/cacert.pem -days 3652 -batch -keyfile ca-key.pem -cert ca.pem -extensions v3_ca -outdir rootCA/newcerts -infiles iCA-server/careq.pem
-cat iCA-server/cacert.pem ca.pem  > iCA-server/ca-and-root.pem
-rm openssl.cnf.tmp
-
-echo
-echo "---[ Intermediate CA - User ]-------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/ec-ca/rootCA/" |
-	sed "s/#@CN@/commonName_default = User Intermediate CA/" \
-	> openssl.cnf.tmp
-mkdir -p iCA-user/certs iCA-user/crl iCA-user/newcerts iCA-user/private
-touch iCA-user/index.txt
-$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-user/private/cakey.pem -out iCA-user/careq.pem -outform PEM -days 3652 -sha256
-$OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out iCA-user/cacert.pem -days 3652 -batch -keyfile ca-key.pem -cert ca.pem -extensions v3_ca -outdir rootCA/newcerts -infiles iCA-user/careq.pem
-cat iCA-user/cacert.pem ca.pem  > iCA-user/ca-and-root.pem
-rm openssl.cnf.tmp
-
-echo
-echo "---[ Server ]-----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/ec-ca/iCA-server/" |
-	sed "s/#@CN@/commonName_default = server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
-	> openssl.cnf.tmp
-$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server.key -out iCA-server/server.req -outform PEM -sha256
-$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server.req -out iCA-server/server.pem -extensions ext_server -md sha256
-cat iCA-server/cacert.pem iCA-server/server.pem > iCA-server/server_and_ica.pem
-rm openssl.cnf.tmp
-
-echo
-echo "---[ Server - revoked ]-------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/ec-ca/iCA-server/" |
-	sed "s/#@CN@/commonName_default = server-revoked.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server-revoked.w1.fi/" \
-	> openssl.cnf.tmp
-$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server-revoked.key -out iCA-server/server-revoked.req -outform PEM -sha256
-$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server-revoked.req -out iCA-server/server-revoked.pem -extensions ext_server -md sha256
-$OPENSSL ca -config openssl.cnf.tmp -revoke iCA-server/server-revoked.pem -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem
-cat iCA-server/cacert.pem iCA-server/server-revoked.pem > iCA-server/server-revoked_and_ica.pem
-rm openssl.cnf.tmp
-
-echo
-echo "---[ User ]-----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/ec-ca/iCA-user/" |
-	sed "s/#@CN@/commonName_default = user.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:user.w1.fi/" \
-	> openssl.cnf.tmp
-$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-user/user.key -out iCA-user/user.req -outform PEM -sha256
-$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-user/private/cakey.pem -cert iCA-user/cacert.pem -create_serial -in iCA-user/user.req -out iCA-user/user.pem -extensions ext_client -md sha256
-cat iCA-user/user.pem iCA-user/cacert.pem > iCA-user/user_and_ica.pem
-rm openssl.cnf.tmp
-
-echo
-echo "---[ Verify ]-----------------------------------------------------------"
-echo
-
-$OPENSSL verify -CAfile ca.pem iCA-server/cacert.pem
-$OPENSSL verify -CAfile ca.pem iCA-user/cacert.pem
-$OPENSSL verify -CAfile ca.pem -untrusted iCA-server/cacert.pem iCA-server/server.pem
-$OPENSSL verify -CAfile ca.pem -untrusted iCA-server/cacert.pem iCA-server/server-revoked.pem
-$OPENSSL verify -CAfile ca.pem iCA-user/cacert.pem
-$OPENSSL verify -CAfile ca.pem -untrusted iCA-user/cacert.pem iCA-user/user.pem
diff --git a/tests/hwsim/auth_serv/index-revoked.txt b/tests/hwsim/auth_serv/index-revoked.txt
deleted file mode 100644
index c58b7a413740..000000000000
--- a/tests/hwsim/auth_serv/index-revoked.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-V	230627164122Z		D8D3E3A6CBE3CCC1	unknown	/C=FI/O=w1.fi/CN=Root CA
-V	150215075930Z		D8D3E3A6CBE3CCC9	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
-V	140102000000Z		D8D3E3A6CBE3CCCA	unknown	/C=FI/O=w1.fi/CN=server4.w1.fi
-V	150215083008Z		D8D3E3A6CBE3CCCB	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
-V	150228224144Z		D8D3E3A6CBE3CCCC	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
-V	160111185024Z		D8D3E3A6CBE3CCCD	unknown	/C=FI/O=w1.fi/CN=ocsp.w1.fi
-R	150929211300Z	160111185024Z	D8D3E3A6CBE3CCD1	unknown	/C=FI/O=w1.fi/CN=Test User
-R	210502195538Z	160111185024Z	D8D3E3A6CBE3CD5F	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
diff --git a/tests/hwsim/auth_serv/index-unknown.txt b/tests/hwsim/auth_serv/index-unknown.txt
deleted file mode 100644
index 97dfbbaa61d1..000000000000
--- a/tests/hwsim/auth_serv/index-unknown.txt
+++ /dev/null
@@ -1 +0,0 @@
-V	230627164122Z		D8D3E3A6CBE3CCC1	unknown	/C=FI/O=w1.fi/CN=Root CA
diff --git a/tests/hwsim/auth_serv/index.txt b/tests/hwsim/auth_serv/index.txt
deleted file mode 100644
index 94f59ea3798e..000000000000
--- a/tests/hwsim/auth_serv/index.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-V	230627164122Z		D8D3E3A6CBE3CCC1	unknown	/C=FI/O=w1.fi/CN=Root CA
-V	150215075930Z		D8D3E3A6CBE3CCC9	unknown	/C=FI/O=w1.fi/CN=server3.w1.fi
-V	140102000000Z		D8D3E3A6CBE3CCCA	unknown	/C=FI/O=w1.fi/CN=server4.w1.fi
-V	150215083008Z		D8D3E3A6CBE3CCCB	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
-V	150228224144Z		D8D3E3A6CBE3CCCC	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
-V	160111185024Z		D8D3E3A6CBE3CCCD	unknown	/C=FI/O=w1.fi/CN=ocsp.w1.fi
-V	150929211300Z		D8D3E3A6CBE3CCD1	unknown	/C=FI/O=w1.fi/CN=Test User
-V	220503170253Z		D8D3E3A6CBE3CD69	unknown	/C=FI/O=w1.fi/CN=server.w1.fi
diff --git a/tests/hwsim/auth_serv/ocsp-multi-server-cache.der b/tests/hwsim/auth_serv/ocsp-multi-server-cache.der
deleted file mode 100644
index 8f76fc838e16..000000000000
--- a/tests/hwsim/auth_serv/ocsp-multi-server-cache.der
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/ocsp-req.der b/tests/hwsim/auth_serv/ocsp-req.der
deleted file mode 100644
index 5d33b6972b16..000000000000
--- a/tests/hwsim/auth_serv/ocsp-req.der
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/ocsp-responder.csr b/tests/hwsim/auth_serv/ocsp-responder.csr
deleted file mode 100644
index d00550cdd0b1..000000000000
--- a/tests/hwsim/auth_serv/ocsp-responder.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICiTCCAXECAQAwRDELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRMwEQYDVQQDDApvY3NwLncxLmZpMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEApyKFXbs7HAKaAXOqiGNuoUMztf0C/h/IIwSLjFFS
-W+DMYmAqqrqIT0E5a/s0wKJ6dy7hVp7vyq5n1fmLX6uuh+GwFCMDrWlL3yuRcHXN
-v2VAEtDrL4nwQRUb7UwNOpKWkfjNVDgV62tFn1KFfk4Vq05L6yLCXb7/Nm9CJ9hL
-xuG++AjPrP1RMKLogBMABbYFVUIL+h5AhFAJjCU1VCVFOZ9OfArZxEoMFk4+aH8b
-rclTCFy4BNTWk2L9r/m0HfSWPpudFG0cbCOuPce0zzGQIGqAmWJ+XOnV1b1ZTaPZ
-3On76Htlh9X5SZ6+DvOpId6U6FT8gM/a44+axkx2GA7+qwIDAQABoAAwDQYJKoZI
-hvcNAQELBQADggEBAE/iM0/mhspobneVqSBhCrM2n0KUozbLRBZXfc8hCMW85XPI
-kD7bJdTwndj6wGAd2G4IQr4jeR4tGUU6XAYEsyIVfFlHlBQaUjF9EJmnqqwDAlN3
-v6em8QEv49EL2HO0Q1MFsly2CUk07WYpy0ll5wTjEXIEQ/2J9jNJfgPDs06IQAQi
-9WkFCfBogTn23ZRxomYqukqbirHxGJ2XFRM/LkssyIkMi0jEWzljXYiuzhuD/KtP
-hXXYXcJdL3WdZU9FZw/na4pBrtCTscluwaTDEaW4k60ge/ne51pB32RfsF4aEfsx
-/Xrxva+5dZexgMxK078QL2q7o43HprVa1U/wBfg=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/ocsp-responder.key b/tests/hwsim/auth_serv/ocsp-responder.key
deleted file mode 100644
index f5dc4e822368..000000000000
--- a/tests/hwsim/auth_serv/ocsp-responder.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnIoVduzscApoB
-c6qIY26hQzO1/QL+H8gjBIuMUVJb4MxiYCqquohPQTlr+zTAonp3LuFWnu/KrmfV
-+Ytfq66H4bAUIwOtaUvfK5Fwdc2/ZUAS0OsvifBBFRvtTA06kpaR+M1UOBXra0Wf
-UoV+ThWrTkvrIsJdvv82b0In2EvG4b74CM+s/VEwouiAEwAFtgVVQgv6HkCEUAmM
-JTVUJUU5n058CtnESgwWTj5ofxutyVMIXLgE1NaTYv2v+bQd9JY+m50UbRxsI649
-x7TPMZAgaoCZYn5c6dXVvVlNo9nc6fvoe2WH1flJnr4O86kh3pToVPyAz9rjj5rG
-THYYDv6rAgMBAAECggEAEyuNeoPIMt1Fhtcaf0xQWyTXII+lsTo5/XI/A1gshydQ
-qhP3sN92VQjZKj6E/Xdlbpgs9n+CZ4/7jvpxdwa9HQ7Q4G5ntJM4RZ+8rdaFQ+e8
-Iqxd3XUH3p8qNdycQ9Seep28B2XrdbY3JSAU+bjBGYYAhTbWbmRC5555SxKvFl+M
-xtSbujwAEgDYpvBYpiqBf2lfglQ/UgY8xmGrAwxhEAuNTYZj8MCsMFM6s0iwq0oo
-UhpXKIVtcrlujXrQJpEfZjsqOLTPe/Jw85CW3upJuSewAPC4zX8adSv62ZMHOQXZ
-StPh1vOuA9dcC2dJCf4LCuyPDjhTnS+s/fc10kV9qQKBgQDXp99f7YPB3dEdZC5S
-Lf5dDn+7r2QrxIiky+iLgsC4SrvEGr997TRmUrBYj+HnLKjgB5qLVZwtWYhWYW04
-ly/J08croMU2C6q5iqYUvMmW65T2zsNkII4ztvKp7zYX9UnIqS3AsuvqUmFFPb1B
-o/VWvBJ+xYcb1zFyqDr2lxV4bQKBgQDGZuXzyfkxH8WuX3XxSlhYfFVwWU+q5LX2
-scg2Rm4vQ6rtaaYIznKN/jaSFanXbf48b6glkkmn9fNERktyqK3p90rOkM6MEXb7
-61+pJdAPs9DD1fi2gw/KtLEkZqPymnO/BlJJbkBbm8Co+w5oRANLa/4J+3eLibf0
-6MN7kimUdwKBgQDTqF2iRvkkE1MkZ6jW23FlX8+aI8BK/K+oHsFz+7auqhqzlBUR
-wPfG3a1anoz3WWu9xXi2/CU2lUMslJ6gBjLPAd3fQgGM09KSHDR48flg+ILR4YkA
-ArvOoeZ1RuRuiz4JhZH0KSdGaegyDzBq9kLbB+eXKMM8Xe6YO+jzEMHv2QKBgFzu
-0gOxtcHm6gfVuz883ckE5Fht3T1lSD6349pYf0AwaB4xAI7bdRlB3HntH9NDOHVC
-r/Z5YXsFX9+5NZoNnPkc1rOPbNB7VcqG5BYtGhpg1gcFcSy8k2cV4Gv2kBERe+oc
-oeq3c/n1KPd+Ma9xPEHV4fb3DXYVGk/jv71gJ43dAoGAcV2MV2vaH657r6cK+Ddh
-8GUw6eSBDfK80Q0BQ2vRsAunE4pKPwYDo60eIKAhhQAol3OVDNf67ItGLX9Mc+yQ
-pXoadPaEkFWgYR5xaUzsVJomtrb9xa3VBhOsVvCZZtNhP8PNcnAA+sfZCNysbWlX
-yIWM7r1ekF8uEPTM5XLtZY4=
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/ocsp-responder.pem b/tests/hwsim/auth_serv/ocsp-responder.pem
deleted file mode 100644
index 18fecde142d2..000000000000
--- a/tests/hwsim/auth_serv/ocsp-responder.pem
+++ /dev/null
@@ -1,76 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:72
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=ocsp.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a7:22:85:5d:bb:3b:1c:02:9a:01:73:aa:88:63:
-                    6e:a1:43:33:b5:fd:02:fe:1f:c8:23:04:8b:8c:51:
-                    52:5b:e0:cc:62:60:2a:aa:ba:88:4f:41:39:6b:fb:
-                    34:c0:a2:7a:77:2e:e1:56:9e:ef:ca:ae:67:d5:f9:
-                    8b:5f:ab:ae:87:e1:b0:14:23:03:ad:69:4b:df:2b:
-                    91:70:75:cd:bf:65:40:12:d0:eb:2f:89:f0:41:15:
-                    1b:ed:4c:0d:3a:92:96:91:f8:cd:54:38:15:eb:6b:
-                    45:9f:52:85:7e:4e:15:ab:4e:4b:eb:22:c2:5d:be:
-                    ff:36:6f:42:27:d8:4b:c6:e1:be:f8:08:cf:ac:fd:
-                    51:30:a2:e8:80:13:00:05:b6:05:55:42:0b:fa:1e:
-                    40:84:50:09:8c:25:35:54:25:45:39:9f:4e:7c:0a:
-                    d9:c4:4a:0c:16:4e:3e:68:7f:1b:ad:c9:53:08:5c:
-                    b8:04:d4:d6:93:62:fd:af:f9:b4:1d:f4:96:3e:9b:
-                    9d:14:6d:1c:6c:23:ae:3d:c7:b4:cf:31:90:20:6a:
-                    80:99:62:7e:5c:e9:d5:d5:bd:59:4d:a3:d9:dc:e9:
-                    fb:e8:7b:65:87:d5:f9:49:9e:be:0e:f3:a9:21:de:
-                    94:e8:54:fc:80:cf:da:e3:8f:9a:c6:4c:76:18:0e:
-                    fe:ab
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-    Signature Algorithm: sha256WithRSAEncryption
-         b9:ef:0b:f2:ad:4b:e1:ac:0b:34:e2:ed:a7:db:20:3d:51:12:
-         62:f8:1a:e4:b7:25:8a:3e:fa:be:98:2e:e0:33:d8:d1:97:a6:
-         27:2a:c7:ba:05:ef:9b:f4:36:a2:b7:55:fc:85:fe:39:99:aa:
-         fe:b6:a0:cd:68:6b:3a:fd:a5:cc:63:e3:b2:90:70:bd:85:d8:
-         29:47:ba:d8:ae:46:46:4a:af:e6:19:4f:7e:b3:42:74:3b:1f:
-         c4:00:8f:a5:15:eb:cc:3d:d6:9d:92:c5:0a:61:78:10:0b:2a:
-         18:4e:eb:cd:74:32:c0:fb:d1:7d:00:3e:c3:00:4e:a6:c0:4e:
-         9b:b7:78:b7:5f:aa:96:d8:91:88:d5:83:fa:a3:65:69:b3:94:
-         e0:a9:4f:90:8d:64:ef:2e:bf:86:37:8a:61:3c:e9:a1:81:39:
-         08:75:d9:ea:c8:d6:5b:56:b0:f2:1a:36:2d:82:93:41:45:71:
-         c0:a1:f0:25:39:30:ef:44:79:ad:8b:18:fd:06:4c:c0:4b:62:
-         cf:f1:fb:bc:7b:ee:38:09:05:44:fa:4a:3c:c4:53:b9:68:18:
-         c1:6c:e4:ae:e0:ce:00:70:67:d1:37:ce:90:c6:0e:dc:c0:e3:
-         c8:01:5d:33:32:ab:c4:cb:45:1c:27:36:f7:b2:31:f7:99:8c:
-         b1:72:65:89
------BEGIN CERTIFICATE-----
-MIIDJTCCAg2gAwIBAgIJANjT46bL481yMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDIxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTETMBEGA1UEAwwKb2NzcC53MS5maTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcihV27OxwCmgFzqohjbqFD
-M7X9Av4fyCMEi4xRUlvgzGJgKqq6iE9BOWv7NMCiencu4Vae78quZ9X5i1+rrofh
-sBQjA61pS98rkXB1zb9lQBLQ6y+J8EEVG+1MDTqSlpH4zVQ4FetrRZ9ShX5OFatO
-S+siwl2+/zZvQifYS8bhvvgIz6z9UTCi6IATAAW2BVVCC/oeQIRQCYwlNVQlRTmf
-TnwK2cRKDBZOPmh/G63JUwhcuATU1pNi/a/5tB30lj6bnRRtHGwjrj3HtM8xkCBq
-gJliflzp1dW9WU2j2dzp++h7ZYfV+Umevg7zqSHelOhU/IDP2uOPmsZMdhgO/qsC
-AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
-BQUHAwkwDQYJKoZIhvcNAQELBQADggEBALnvC/KtS+GsCzTi7afbID1REmL4GuS3
-JYo++r6YLuAz2NGXpicqx7oF75v0NqK3VfyF/jmZqv62oM1oazr9pcxj47KQcL2F
-2ClHutiuRkZKr+YZT36zQnQ7H8QAj6UV68w91p2SxQpheBALKhhO6810MsD70X0A
-PsMATqbATpu3eLdfqpbYkYjVg/qjZWmzlOCpT5CNZO8uv4Y3imE86aGBOQh12erI
-1ltWsPIaNi2Ck0FFccCh8CU5MO9Eea2LGP0GTMBLYs/x+7x77jgJBUT6SjzEU7lo
-GMFs5K7gzgBwZ9E3zpDGDtzA48gBXTMyq8TLRRwnNveyMfeZjLFyZYk=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/ocsp-server-cache.der b/tests/hwsim/auth_serv/ocsp-server-cache.der
deleted file mode 100644
index 342215977079..000000000000
--- a/tests/hwsim/auth_serv/ocsp-server-cache.der
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/ocsp-server-cache.der-invalid b/tests/hwsim/auth_serv/ocsp-server-cache.der-invalid
deleted file mode 100644
index 218bd035a34d..000000000000
--- a/tests/hwsim/auth_serv/ocsp-server-cache.der-invalid
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/openssl2.cnf b/tests/hwsim/auth_serv/openssl2.cnf
deleted file mode 100644
index 5c67c4f04977..000000000000
--- a/tests/hwsim/auth_serv/openssl2.cnf
+++ /dev/null
@@ -1,147 +0,0 @@
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-oid_section		= new_oids
-
-[ new_oids ]
-
-[ ca ]
-default_ca	= CA_default
-
-[ CA_default ]
-
-dir		= ./test-ca
-certs		= $dir/certs
-crl_dir		= $dir/crl
-database	= $dir/index.txt
-unique_subject	= no
-new_certs_dir	= $dir/newcerts
-certificate	= $dir/cacert.pem
-serial		= $dir/serial
-crlnumber	= $dir/crlnumber
-crl		= $dir/crl.pem
-private_key	= $dir/private/cakey.pem
-RANDFILE	= $dir/private/.rand
-
-x509_extensions	= usr_cert
-
-name_opt 	= ca_default
-cert_opt 	= ca_default
-
-default_days	= 365
-default_crl_days= 30
-default_md	= default
-preserve	= no
-
-policy		= policy_match
-
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= optional
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-[ req ]
-default_bits		= 2048
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca
-
-string_mask = utf8only
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= FI
-countryName_min			= 2
-countryName_max			= 2
-
-localityName			= Locality Name (eg, city)
-localityName_default		= Tuusula
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= w1.fi
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-#@CN@
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-##0.subjectAltName = dNSName:server.w1.fi
-
-[ req_attributes ]
-
-[ usr_cert ]
-
-basicConstraints=CA:FALSE
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
-
-[ v3_req ]
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName=DNS:example.com,DNS:another.example.com
-
-[ v3_ca ]
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer
-
-basicConstraints = CA:true
-
-[ crl_ext ]
-
-authorityKeyIdentifier=keyid:always
-
-[ v3_OCSP ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = OCSPSigning
-
-[ ext_client ]
-
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
-#@ALTNAME@
-
-extendedKeyUsage = clientAuth
-
-[ ext_server ]
-
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
-#@ALTNAME@
-#@CERTPOL@
-
-extendedKeyUsage = serverAuth
-
-[ ext_client_server ]
-
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
-#@ALTNAME@
-
-extendedKeyUsage = clientAuth, serverAuth
diff --git a/tests/hwsim/auth_serv/radius_clients.conf b/tests/hwsim/auth_serv/radius_clients.conf
deleted file mode 100644
index 7e340152d2a8..000000000000
--- a/tests/hwsim/auth_serv/radius_clients.conf
+++ /dev/null
@@ -1 +0,0 @@
-0.0.0.0/0	radius
diff --git a/tests/hwsim/auth_serv/radius_clients_ipv6.conf b/tests/hwsim/auth_serv/radius_clients_ipv6.conf
deleted file mode 100644
index 8723efcb677c..000000000000
--- a/tests/hwsim/auth_serv/radius_clients_ipv6.conf
+++ /dev/null
@@ -1 +0,0 @@
-::1	radius
diff --git a/tests/hwsim/auth_serv/radius_clients_none.conf b/tests/hwsim/auth_serv/radius_clients_none.conf
deleted file mode 100644
index f671e5936ef9..000000000000
--- a/tests/hwsim/auth_serv/radius_clients_none.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-1.2.3.4	foo
-#
-
-2.3.4.5/32	bar
diff --git a/tests/hwsim/auth_serv/rootCA/index.txt b/tests/hwsim/auth_serv/rootCA/index.txt
deleted file mode 100644
index 7f364381bf33..000000000000
--- a/tests/hwsim/auth_serv/rootCA/index.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-V	251222193736Z		D8D3E3A6CBE3CCF3	unknown	/C=FI/O=w1.fi/CN=Server Intermediate CA
-V	251222193736Z		D8D3E3A6CBE3CCF4	unknown	/C=FI/O=w1.fi/CN=User Intermediate CA
-V	300503151922Z		D8D3E3A6CBE3CCF5	unknown	/C=FI/O=w1.fi/CN=Server Intermediate CA
-V	300503151922Z		D8D3E3A6CBE3CCF6	unknown	/C=FI/O=w1.fi/CN=User Intermediate CA
-V	300503152010Z		D8D3E3A6CBE3CCF7	unknown	/C=FI/O=w1.fi/CN=Server Intermediate CA
-V	300503152010Z		D8D3E3A6CBE3CCF8	unknown	/C=FI/O=w1.fi/CN=User Intermediate CA
diff --git a/tests/hwsim/auth_serv/rootCA/index.txt.attr b/tests/hwsim/auth_serv/rootCA/index.txt.attr
deleted file mode 100644
index 3a7e39e6ee60..000000000000
--- a/tests/hwsim/auth_serv/rootCA/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = no
diff --git a/tests/hwsim/auth_serv/rootCA/serial b/tests/hwsim/auth_serv/rootCA/serial
deleted file mode 100644
index 4c71e29e21ca..000000000000
--- a/tests/hwsim/auth_serv/rootCA/serial
+++ /dev/null
@@ -1 +0,0 @@
-D8D3E3A6CBE3CCF9
diff --git a/tests/hwsim/auth_serv/rsa3072-ca.key b/tests/hwsim/auth_serv/rsa3072-ca.key
deleted file mode 100644
index 023409c24140..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-ca.key
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDiAu/025dmYcmq
-o9AhYIhHpHjo9DCIg1tjbybtl0upoTTrO9paSG00hVnZ1hL8iL+Dez9KL+3zbsiQ
-ilnLWTLvVa1WJlytk8yhXohK2D+frPyqTmH2GjewI/N0+o2lJPzXycFTX9GjWeAg
-2Mc4GeIOHbY3QZCP8PQBxzyfiH30Pins2ZmtKVegzuaNBN2ZXp5ZZ+ABjpyBkmjv
-vb8kb89DQBVgzow5Wk77efs6Av2Js128i/PPQfDVkEuHJaaltMF5V3JCj7TR0nji
-+6l6wzE4oBc5zuKYJ/Ux6H9789Zws5Q3gi+VeeJ+8PzPTmCN3mtAh7NXPKI7MlFj
-EQiSkJ7nOGtc0UKNTZXq7w0JjNlHurc/cVrYfer6+gPf623EMwCZ/zw+YyjKEjMg
-MFoaeR4G4nkPklpx4GYM0knBkcoSczBkdcpasHeCEXQoNkS7u+RjzHAsYNoSOad0
-gWLLym0EyGKj7Ws2U3jXM3r5j8n2xOv9JGAZ8/q8K1QRrxQw5tsCAwEAAQKCAYAY
-+KwciLqkpD9M7EaNuYW1LLXzPy+xlZneVaSeca35cwdOylEo0oHGYMl5qQ51+oH2
-fAKVJtCKqf3dAnxDXHqlOPkq4Jgy0Xa1iaVTZ6s38DwGcRyfvWvTuVUn4psN2RVa
-nj8PADJAcyixWGJCj5GLb7r3RfY8ASpkm+fV1JXeC5RESBKTsFKvQMz2XchCLtMe
-G70DTwd5xXx0qKla1EO5MXZrOMcDezfozyRz12q98SR1NZ1dk/KRFh1SNFXCT0Mv
-+yD0clnPJa13kYHvXRABHfzx/3z7NQk9UM9bd5iWsLLQm57HtfbpV089H4XsAobU
-xabRbuen9JrejsMETudCtP/ftZQNKEjAyY6y0yrOM4c/z1IL4zc75KW3gh/0ruPa
-XTlHEBvA3h29W1dLhk9oyeiFHiV8BRffjlyS325CX9z89hdoPK1cZwuIDgqdTpVw
-VL6MqKxu72oyLWZcq4CKT6ZIpLgwRAfPZ/oCsJQZbO46PIg5hRIlNEb1H5vGkDEC
-gcEA+qE5IS8kt676UXZLEjp3UtsuGHzfj+kC2x9dVepRL8bxf58W65ZsZim9xZ56
-Ls8gw8NXh7/7SRqHBpaH6Sg7YZZFzfD6RB86O7atZ2CwTMMuBcN5zZc6AwfH418Z
-wHaQeN1gYAyLdHf80rMMlElz8hjJ3uCuBWG70WinemzynlS14AtG4HB09C1vmjnD
-Q4L8lCmEQpqy3GeKDQnWTIhzoqenr1+iQF7bdCUw878yMI0x7Di+okiWFC7HnW/y
-qPiZAoHBAObarPdCbpqiUtymTRbdq1xP69pZXcMOmgL+kLEELhhl9BfJqbXY51xn
-NCIpIMH3CyhJ5/Og9TCE72gfhA2jzJK9mK6Jmiz04BViCf308yh9y6TaZSdsOEz6
-M+uVbuP+UcBLV5AV9UvrgWDcWOm46W63v7Mgqh6x7rC1rR+VFi3Lj2HoU4aM4mEM
-E5OfbgMxWUQNKkyUy58KUs2wu58v+K7N8eu3Fa4Sl63xkRi1YKgqYAxeRKknrNb+
-IkVq5zC/kwKBwHOB8k5057swDXWVyytvfqbVFP18L5yniwVqAx4hi6E1Uv+6Vlnl
-TbgX7LozO6RvGW6fjKunsywR6cEDh0fRnuxu0WUEdpMGwVPb8Tb/vMDkA0XsvSof
-VEEpSNplbfzhp9vMSyp5HZxj4EVK97Uv1RvyiLcLXahlTqZIUUd/BqIp8Fh9WgD+
-Uyhl+FVf4bovmDDAoZAAtAYYQeuYaQeEq6Z/Fi0hKin4jbONoG315C+0Ixn3XQR1
-55UNqjnI6lEtoQKBwQCi/VvHi2jJ1reIQAYHkeRN3cOYuyXe9O06Ff+Ua24cHceU
-D/a5hHX9IISHZeBR8hk3jc6tjUPvyLu7GR1EABUMub4V5OMswIuBrWF+ozYWrZJd
-RzDJ/7dUagbEWxIa+NFBYjBlc4tn2dPTzl8cTUjKugMn9nUGDPyIWQztUnaBSMpo
-Bv8J7WhbuooL3TFwIaRzzpPB1ABbvo8t2IzvXJBI4vDeSrqM12WuEvMtrcmbkaeU
-s+3oPDHk7TLHLi4ile8CgcEAmV1hwY4s78tMYrUbDypyH9r5a2QT9ezyPS64WntC
-y3I4zVwO0pqtPMXQCgby2Z+PkuBC1WWCFSZZ4Aw5P/0OShIf+ADMewFF//DvReEc
-p+kh/7vKulnX4mPQGkuSnCmO5zyMDroP8JtTnkX8K4P143vQY4n/oFogUx+4lTG/
-bedKQgI9v+ubb0JsZkENPirKyIOdiTz64fjD+IKMgq15SYifVundDC/ubG5Cr0rn
-PId0vxr7ixFQPAT1hwUT1CuI
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/rsa3072-ca.pem b/tests/hwsim/auth_serv/rsa3072-ca.pem
deleted file mode 100644
index 1347046d223a..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-ca.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEizCCAvOgAwIBAgIJAIAj56DfmvbYMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
-BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMjcw
-OTE1MTgxNjQwWjBRMQswCQYDVQQGEwJGSTERMA8GA1UEBwwISGVsc2lua2kxDjAM
-BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTdWl0ZSBCIFJTQSAzayBSb290IENBMIIB
-ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4gLv9NuXZmHJqqPQIWCIR6R4
-6PQwiINbY28m7ZdLqaE06zvaWkhtNIVZ2dYS/Ii/g3s/Si/t827IkIpZy1ky71Wt
-ViZcrZPMoV6IStg/n6z8qk5h9ho3sCPzdPqNpST818nBU1/Ro1ngINjHOBniDh22
-N0GQj/D0Acc8n4h99D4p7NmZrSlXoM7mjQTdmV6eWWfgAY6cgZJo772/JG/PQ0AV
-YM6MOVpO+3n7OgL9ibNdvIvzz0Hw1ZBLhyWmpbTBeVdyQo+00dJ44vupesMxOKAX
-Oc7imCf1Meh/e/PWcLOUN4IvlXnifvD8z05gjd5rQIezVzyiOzJRYxEIkpCe5zhr
-XNFCjU2V6u8NCYzZR7q3P3Fa2H3q+voD3+ttxDMAmf88PmMoyhIzIDBaGnkeBuJ5
-D5JaceBmDNJJwZHKEnMwZHXKWrB3ghF0KDZEu7vkY8xwLGDaEjmndIFiy8ptBMhi
-o+1rNlN41zN6+Y/J9sTr/SRgGfP6vCtUEa8UMObbAgMBAAGjZjBkMB0GA1UdDgQW
-BBQh9+/awzQ67c3VUMCzugnuP4DXcDAfBgNVHSMEGDAWgBQh9+/awzQ67c3VUMCz
-ugnuP4DXcDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkq
-hkiG9w0BAQwFAAOCAYEAHmNoYP+c4TRPSogjCswhbzSVEpZhnjEg0Yd8XkGxKeBw
-o0hsPRFWjj/vO3uVeqoAyj2zkpiulPjBqlhLbwX31Q0T6vknWfNOsXgv2lB1yEZN
-HqxyEYsMN5RpEVqRRio66dhmALYuacX6gIphueTetaR9zeq1yy8GD0/omB7Ryig6
-5dMoTt4c9g8YFZE7AENkkbzMPqTdGKnY4uUQKgDBPH3TIlckx5zNq8GXTcAy4zyc
-4gj7NGPDdU5nk6BNRmlhFlsTaLHNc8C+5tI5fEx057AEa/7kggskvHxc7zespVMj
-RjTR9qkNC15IJHClMhBMiIDyURZF6Z3nyD0tMBJuIt2GU3gTqZLnrChp7PLXRCN/
-uByPuhJ528FzhQ1hnz93qBQ7OAamHfo44Zyk5wFnIUy+sd9QsM9zm+33/j0Vd5ar
-fzSfGRHJTb8xF7vH7TBH92CifdO17WNqH6+7KkFkEK44Dn87gjsgC8mXAOsE6HFw
-lKzThlrFLvCBIsQ4V9qH
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/rsa3072-generate.sh b/tests/hwsim/auth_serv/rsa3072-generate.sh
deleted file mode 100755
index 2c1c3cbebaf9..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-generate.sh
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-OPENSSL=openssl
-
-echo
-echo "---[ DH parameters ]----------------------------------------------------"
-echo
-
-if [ -r dh_param_3072.pem ]; then
-    echo "Use already generated dh_param_3072.pem"
-else
-    openssl dhparam -out dh_param_3072.pem 3072
-fi
-
-echo
-echo "---[ Root CA ]----------------------------------------------------------"
-echo
-
-if [ -r rsa3072-ca.key ]; then
-    echo "Use already generated Root CA"
-else
-    cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = Suite B RSA 3k Root CA/" |
-	sed s%\./ec-ca$%./rsa3072-ca% \
-	    > rsa3072-ca-openssl.cnf.tmp
-    $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:3072 -nodes -keyout rsa3072-ca.key -out rsa3072-ca.pem -outform PEM -days 3650 -sha384
-    mkdir -p rsa3072-ca/certs rsa3072-ca/crl rsa3072-ca/newcerts rsa3072-ca/private
-    touch rsa3072-ca/index.txt
-    rm rsa3072-ca-openssl.cnf.tmp
-fi
-
-echo
-echo "---[ Server ]-----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = rsa3072.server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:rsa3072.server.w1.fi/" |
-	sed s%\./ec-ca$%./rsa3072-ca% \
-	> rsa3072-ca-openssl.cnf.tmp
-if [ ! -r rsa3072-server.req ]; then
-    $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-server.key -out rsa3072-server.req -outform PEM -sha384
-fi
-$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-server.req -out rsa3072-server.pem -extensions ext_server -days 730 -md sha384
-rm rsa3072-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User SHA-384 ]-----------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user-rsa3072/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user-rsa3072@w1.fi/" |
-	sed s%\./ec-ca$%./rsa3072-ca% \
-	> rsa3072-ca-openssl.cnf.tmp
-if [ ! -r rsa3072-user.req ]; then
-    $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-user.key -out rsa3072-user.req -outform PEM -extensions ext_client -sha384
-fi
-$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-user.req -out rsa3072-user.pem -extensions ext_client -days 730 -md sha384
-rm rsa3072-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User RSA2048 ]-----------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user-rsa3072-rsa2048/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user-rsa3072-rsa2048@w1.fi/" |
-	sed s%\./ec-ca$%./rsa3072-ca% \
-	> rsa3072-ca-openssl.cnf.tmp
-if [ ! -r rsa3072-user-rsa2048.req ]; then
-    $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout rsa3072-user-rsa2048.key -out rsa3072-user-rsa2048.req -outform PEM -extensions ext_client -sha384
-fi
-$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-user-rsa2048.req -out rsa3072-user-rsa2048.pem -extensions ext_client -days 730 -md sha384
-rm rsa3072-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Verify ]-----------------------------------------------------------"
-echo
-
-$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-server.pem
-$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-user.pem
-$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-user-rsa2048.pem
diff --git a/tests/hwsim/auth_serv/rsa3072-server.key b/tests/hwsim/auth_serv/rsa3072-server.key
deleted file mode 100644
index 3319dd3f8011..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-server.key
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQD+qVxZj6qAy7hK
-ifk66H0kUbjyBcZC4Gi1pPF+ijGi4AxYxYAgyyDwDsFrTeHX68xFSMmwD4/vgNsb
-YAKv7+gKKcgE33CS6fHcakc7Wm8Q5hlNk5LQCo6iTTKfE8g0bBpM7KTtiSoD+xgN
-fw3ePn/YXSel4XtiY3FhRVL5RxAdKMJdc/udA2i/baQSEnTH0LiHQ7Nnh85ue1gf
-LzLrEB/ndFw62YwYyASVa+M7JUwK25nzWbCOet765NtQFZCiMOKKxqkGMOPXKd0m
-qJVubvXEQtD3fkBNPf2tL89A3dTAa4CiNH4FL78yRAvUeG0qEgh8hLRNUVrlhG4X
-JkOMg2sW81/6s5+E0yur8z4sI2W5EXbhhRLOuwM4WYK/THe6O5BRnGd2sB50HkzI
-sTXWNyncfsOJzIaeCDGccOpabIeSU+uZ+zPSMvGBMXigyX1t2WsH+shKZ1csjKbO
-5X42lfEJvd+/yFM9IWf9k8uyerVWYZ4vzmn6+lYKa5xpePdOVHMCAwEAAQKCAYAG
-VHVcMIr/apDpIWbVhQPfTDy5n1UfQm633SK3j33OW51S843Mwt/Nt8AtB6GOeWj5
-a+a/fpOIU36evpMyhlcRMZqsLFWjATemz+l3WzcZh26nk/x5OVn0RND2TUqTqwA4
-W0V6NgeaU7p0U20n0gvhd+dNYz5q4qfl0BBQ6+hFoUa7he+CJpyK7ZG/dT/7239K
-tW8XKrQB4QT+uXCdkSgJ28WTHOczkn0yrZzXUoUCXBUGjHsr/3fdaqTc57xRm79p
-HDAjOavFnSDENTDsB5R9jmN70BY008xoitAtUzMkCVABbxn9npvjrTjKw/fg3oph
-1Ml8JaLDjsh3UzhqnmYKIJrZvdyfe7/Q9j7KtECPuxdf170BJ3jPrJPcWTecazfh
-szpt1beLyv8o4D7ttmgs/n1OXhGL1smcrTeIXdmrBlfIiKjY+3EE9SpxvXN/9DCy
-+jnuEfy1KkbEhHSPVplGmyHb8xToA5FUfWsX/wWo0CZbH1ouquUHdcq/HsFGLZkC
-gcEA/2tBin4Hmmn5987Y17Iv3WG0XZFNW5jfvt0THo5R+Phg3DKGyYKFtrnS6bMZ
-IKl7YvpxZZ6+w0wBkaQWE/y9wN2oeiQE8WMvnYptGXs+sVXCNQJmKbZHxnZuQrwr
-KGAIwhGxShbx+rAzyXakKM0p2PUyHg9xAPu3Sfmb8zYWc8KZ62Xxf3tFErnGeJUm
-ZgdqtWvOWXJxMz2nM/Ow6FlnHr0Wo8ZEpli5kWlTwp+S7Trn6969lVJV4cGjPJxD
-7kGnAoHBAP89qeS0vx6XmMwqfgH+OTrRO6+F2sGOSvrcSWRBS0R4ninIOXASMWxH
-W/bAgzUwGB7bTUmVjQRGkFXIn0YcBlvMVJlvpQ0DqPftVY9Fa2TSUa2//M8PbIgk
-NsHa89YWkkKFMOZUH9JzIkn4H+f6mNv83sMOWGrdaymiLP7NxgA8VIeybekQ73j3
-thnDT2xyMXwO6Y0FbySvV8y6AEFTOq5vgR8A0orEEeP0eUlBzv030J/CNW4hXo0c
-qVsknTo4VQKBwQDw1s3CLPw2Wd9eDyjgmiAP+2T7JVtwF0JC0mqI0WHyBSIv/2Sg
-9fXnSmjZ/Aqhha3WspfiXkE6HZ0NG0/GIPc7uMZ4BSa0BfaL8k7VTCTdSiQJn+19
-P2eGd32YZ526QHOBqvUlC2W4IBV0ze4Umv/ul6VeOukvKCq4Eik+t62MEd7Y3BNP
-RYjoE0xVvy2p3yx7TOAR75tV2bijgBE7xbE6hsmmO/nXcKnptwtH5PfBwV2WRz00
-Y6KfcNre9+oF6tkCgcEAifVrgenML53jAd+p0iv2BPuY1it0bRAbKPKuXJkKNM05
-N/44RYIf4pXDeGDfynzfXLZOVQqXeQsm8qcIp9139mBADdsRjDJBPxiyGUl9XbZs
-XYya+dQtZnykeC1/hGUY0wmov6YSuS5wByktHbcOrkFEqotzcPeS96LnzSWt8uyp
-B9uCmuoDdg/2BoDRyh0C8DojNI0OYPbBby/N+YEiA6zTTs2j/0sxHFRExjrixW1I
-v0E6nfc9YupuA4yLyy8tAoHBAPoDc7AZeCsAIrGU/ojvPEMGYk/DyCnPyalrTeI3
-DP01lx3/URyhIawu0k9oXQy6IdyJ4BHonMRSHqoMw53W9Lvany0n1CgW9+84JZ1C
-9H6VyK+uxK/00UYEDwVf5PSZiWFxa4h7uQm/EDzTEF/cim47DbpQR8j8YkJ77+dZ
-lBleLkVv9CgT2eH4zGAjAiD5KPd0pQEPse5jNXnwI/+qa5rKZBWFcnFRiHbcMqDF
-b7FtSAoTF3UtdZ9XQUM0V4ZwuA==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/rsa3072-server.pem b/tests/hwsim/auth_serv/rsa3072-server.pem
deleted file mode 100644
index 39e022130ba8..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-server.pem
+++ /dev/null
@@ -1,106 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ad:8c:09:e8:fb:a2:88:ce
-        Signature Algorithm: sha384WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA
-        Validity
-            Not Before: Aug 19 10:56:47 2021 GMT
-            Not After : Aug 19 10:56:47 2023 GMT
-        Subject: C=FI, O=w1.fi, CN=rsa3072.server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
-                Modulus:
-                    00:fe:a9:5c:59:8f:aa:80:cb:b8:4a:89:f9:3a:e8:
-                    7d:24:51:b8:f2:05:c6:42:e0:68:b5:a4:f1:7e:8a:
-                    31:a2:e0:0c:58:c5:80:20:cb:20:f0:0e:c1:6b:4d:
-                    e1:d7:eb:cc:45:48:c9:b0:0f:8f:ef:80:db:1b:60:
-                    02:af:ef:e8:0a:29:c8:04:df:70:92:e9:f1:dc:6a:
-                    47:3b:5a:6f:10:e6:19:4d:93:92:d0:0a:8e:a2:4d:
-                    32:9f:13:c8:34:6c:1a:4c:ec:a4:ed:89:2a:03:fb:
-                    18:0d:7f:0d:de:3e:7f:d8:5d:27:a5:e1:7b:62:63:
-                    71:61:45:52:f9:47:10:1d:28:c2:5d:73:fb:9d:03:
-                    68:bf:6d:a4:12:12:74:c7:d0:b8:87:43:b3:67:87:
-                    ce:6e:7b:58:1f:2f:32:eb:10:1f:e7:74:5c:3a:d9:
-                    8c:18:c8:04:95:6b:e3:3b:25:4c:0a:db:99:f3:59:
-                    b0:8e:7a:de:fa:e4:db:50:15:90:a2:30:e2:8a:c6:
-                    a9:06:30:e3:d7:29:dd:26:a8:95:6e:6e:f5:c4:42:
-                    d0:f7:7e:40:4d:3d:fd:ad:2f:cf:40:dd:d4:c0:6b:
-                    80:a2:34:7e:05:2f:bf:32:44:0b:d4:78:6d:2a:12:
-                    08:7c:84:b4:4d:51:5a:e5:84:6e:17:26:43:8c:83:
-                    6b:16:f3:5f:fa:b3:9f:84:d3:2b:ab:f3:3e:2c:23:
-                    65:b9:11:76:e1:85:12:ce:bb:03:38:59:82:bf:4c:
-                    77:ba:3b:90:51:9c:67:76:b0:1e:74:1e:4c:c8:b1:
-                    35:d6:37:29:dc:7e:c3:89:cc:86:9e:08:31:9c:70:
-                    ea:5a:6c:87:92:53:eb:99:fb:33:d2:32:f1:81:31:
-                    78:a0:c9:7d:6d:d9:6b:07:fa:c8:4a:67:57:2c:8c:
-                    a6:ce:e5:7e:36:95:f1:09:bd:df:bf:c8:53:3d:21:
-                    67:fd:93:cb:b2:7a:b5:56:61:9e:2f:ce:69:fa:fa:
-                    56:0a:6b:9c:69:78:f7:4e:54:73
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                82:D7:75:95:94:9E:35:F7:1F:91:6D:37:9F:26:4F:3D:9D:C1:6E:96
-            X509v3 Authority Key Identifier: 
-                keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70
-
-            X509v3 Subject Alternative Name: critical
-                DNS:rsa3072.server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha384WithRSAEncryption
-         8c:3a:e4:8b:4f:42:ae:13:a4:c5:1e:eb:72:0d:15:c0:59:aa:
-         09:e9:ee:b4:97:94:ab:1a:fc:b1:b0:48:39:90:35:45:8b:40:
-         59:7b:51:d3:be:b1:ac:9c:90:9d:5c:0a:1c:34:41:d7:74:5f:
-         5a:84:a2:11:f6:66:ef:ae:22:66:1f:76:fb:c3:e0:65:3f:12:
-         59:6b:4b:84:6a:dd:58:ab:3d:1b:3f:d3:c8:51:84:72:7f:c1:
-         92:e5:d1:79:b4:62:9d:55:e1:6f:fa:c2:30:6c:6e:0d:ae:1c:
-         8b:d5:e5:02:99:c0:c2:95:ac:d5:d6:9a:2d:9d:a3:20:56:f4:
-         e7:60:0a:03:08:85:98:27:df:97:48:a6:92:6e:b4:fa:a5:e0:
-         46:0b:85:b7:6c:07:73:c5:59:a4:a9:db:3a:42:6c:1a:25:af:
-         4a:70:39:1d:5c:d7:08:41:57:b0:d7:59:66:c2:97:a5:09:4a:
-         11:1f:a5:f7:23:cb:c4:2c:d3:9e:ae:4a:86:56:e1:1a:e7:f3:
-         7c:c4:5c:b1:ae:c2:ea:1f:67:5a:10:e4:02:01:bd:92:b8:0f:
-         56:26:e3:27:24:6e:53:94:c0:16:fe:fa:e2:ed:4f:42:8d:dc:
-         23:9b:96:2e:5b:a5:47:56:a0:0d:09:17:28:3a:f2:a4:2e:71:
-         65:93:88:3c:ff:61:92:04:75:59:96:5f:40:85:e1:be:1d:59:
-         ec:8d:4b:b7:82:3b:bb:a1:06:c2:c4:44:7a:de:3e:fe:68:e8:
-         a3:43:a5:50:80:fd:11:1d:2c:ff:27:8d:e9:71:6d:c6:01:20:
-         0d:9a:5e:6c:c6:11:83:da:cc:fd:dd:a3:59:5c:b1:64:e1:81:
-         b4:6f:34:60:df:b5:bb:3d:5f:2b:f8:ef:73:d0:54:39:e4:dd:
-         4b:c9:5f:87:e9:1f:fb:c4:e2:f7:f6:6e:21:70:14:3b:0e:6e:
-         2d:11:e5:db:b8:18:d3:d2:9f:1b:a5:85:ae:89:f6:55:33:13:
-         e6:da:b4:1b:10:bc
------BEGIN CERTIFICATE-----
-MIIEqzCCAxOgAwIBAgIJAK2MCej7oojOMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
-BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMjEwODE5MTA1NjQ3WhcNMjMw
-ODE5MTA1NjQ3WjA8MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxHTAbBgNV
-BAMMFHJzYTMwNzIuc2VydmVyLncxLmZpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
-MIIBigKCAYEA/qlcWY+qgMu4Son5Ouh9JFG48gXGQuBotaTxfooxouAMWMWAIMsg
-8A7Ba03h1+vMRUjJsA+P74DbG2ACr+/oCinIBN9wkunx3GpHO1pvEOYZTZOS0AqO
-ok0ynxPINGwaTOyk7YkqA/sYDX8N3j5/2F0npeF7YmNxYUVS+UcQHSjCXXP7nQNo
-v22kEhJ0x9C4h0OzZ4fObntYHy8y6xAf53RcOtmMGMgElWvjOyVMCtuZ81mwjnre
-+uTbUBWQojDiisapBjDj1yndJqiVbm71xELQ935ATT39rS/PQN3UwGuAojR+BS+/
-MkQL1HhtKhIIfIS0TVFa5YRuFyZDjINrFvNf+rOfhNMrq/M+LCNluRF24YUSzrsD
-OFmCv0x3ujuQUZxndrAedB5MyLE11jcp3H7DicyGnggxnHDqWmyHklPrmfsz0jLx
-gTF4oMl9bdlrB/rISmdXLIymzuV+NpXxCb3fv8hTPSFn/ZPLsnq1VmGeL85p+vpW
-CmucaXj3TlRzAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgtd1
-lZSeNfcfkW03nyZPPZ3BbpYwHwYDVR0jBBgwFoAUIffv2sM0Ou3N1VDAs7oJ7j+A
-13AwIgYDVR0RAQH/BBgwFoIUcnNhMzA3Mi5zZXJ2ZXIudzEuZmkwFgYDVR0lAQH/
-BAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBDAUAA4IBgQCM
-OuSLT0KuE6TFHutyDRXAWaoJ6e60l5SrGvyxsEg5kDVFi0BZe1HTvrGsnJCdXAoc
-NEHXdF9ahKIR9mbvriJmH3b7w+BlPxJZa0uEat1Yqz0bP9PIUYRyf8GS5dF5tGKd
-VeFv+sIwbG4NrhyL1eUCmcDClazV1potnaMgVvTnYAoDCIWYJ9+XSKaSbrT6peBG
-C4W3bAdzxVmkqds6QmwaJa9KcDkdXNcIQVew11lmwpelCUoRH6X3I8vELNOerkqG
-VuEa5/N8xFyxrsLqH2daEOQCAb2SuA9WJuMnJG5TlMAW/vri7U9Cjdwjm5YuW6VH
-VqANCRcoOvKkLnFlk4g8/2GSBHVZll9AheG+HVnsjUu3gju7oQbCxER63j7+aOij
-Q6VQgP0RHSz/J43pcW3GASANml5sxhGD2sz93aNZXLFk4YG0bzRg37W7PV8r+O9z
-0FQ55N1LyV+H6R/7xOL39m4hcBQ7Dm4tEeXbuBjT0p8bpYWuifZVMxPm2rQbELw=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/rsa3072-server.req b/tests/hwsim/auth_serv/rsa3072-server.req
deleted file mode 100644
index b06d8c695c4e..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-server.req
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDlDCCAfwCAQAwTzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUcnNhMzA3Mi5zZXJ2ZXIudzEuZmkwggGi
-MA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD+qVxZj6qAy7hKifk66H0kUbjy
-BcZC4Gi1pPF+ijGi4AxYxYAgyyDwDsFrTeHX68xFSMmwD4/vgNsbYAKv7+gKKcgE
-33CS6fHcakc7Wm8Q5hlNk5LQCo6iTTKfE8g0bBpM7KTtiSoD+xgNfw3ePn/YXSel
-4XtiY3FhRVL5RxAdKMJdc/udA2i/baQSEnTH0LiHQ7Nnh85ue1gfLzLrEB/ndFw6
-2YwYyASVa+M7JUwK25nzWbCOet765NtQFZCiMOKKxqkGMOPXKd0mqJVubvXEQtD3
-fkBNPf2tL89A3dTAa4CiNH4FL78yRAvUeG0qEgh8hLRNUVrlhG4XJkOMg2sW81/6
-s5+E0yur8z4sI2W5EXbhhRLOuwM4WYK/THe6O5BRnGd2sB50HkzIsTXWNyncfsOJ
-zIaeCDGccOpabIeSU+uZ+zPSMvGBMXigyX1t2WsH+shKZ1csjKbO5X42lfEJvd+/
-yFM9IWf9k8uyerVWYZ4vzmn6+lYKa5xpePdOVHMCAwEAAaAAMA0GCSqGSIb3DQEB
-DAUAA4IBgQBMKANR6G6HmsFZkpY1mc3JIKJgZkfuokL8NqpDOw6R+vg/nJhLVObf
-jvtQAtUxTeIvLLTpYjOePCl/SxuQ120PEEXlBiwYvo+J4NKYMTprBDfocMACHBvF
-X9QljgeZ2z1/fSncyWdSzz6dBq3e5wBSGQi/7GB85SE/3ovm1Cks3fxxSslukwxC
-9OfnRECVrlmMPY8KMkU7rM83f0rcxK193VUu7tOuP+s/bNhdto96LZj8qFfAdoSc
-622A5TH0VWhvw1c6RKSKIBAmbAJ/fyaENYZ5XQALMoagTRNg626w5DaXd81JwOC1
-TPT2o9oFXGS/W8owTwDzTubXCaRPysQIVF4mq937SIy/UIxcaBw1TzRzpW22lql7
-muWfRSsmUgHOlxhQJH3SrYnkEzm4+0NzOLqM9xoABKH91uTt7MD+3x/rpB9Yjc8I
-f0B+PiRZosmS8IiOjkexGJa3Lm1RTGxWrulLc7pY8euNcfNi4HAfQL7fhJlor68T
-R9SB/u7pBfo=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/rsa3072-user-rsa2048.key b/tests/hwsim/auth_serv/rsa3072-user-rsa2048.key
deleted file mode 100644
index a20e20ac04b6..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-user-rsa2048.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbZv+LlWaWLkp0
-AoBD/An6tkF4Cfjpv2tB/Vu/zGbYB8MN7EiXjSxPWPW1JwfuSHxrmKJ26IuUEXdo
-NkMfLIif1kDf7CcWY640HNXsJsXZrXepcxSGo6QuZ2P96NfdxxhnCtOvv30gmmf9
-XMB8bszYqz0rjq4JDLUj2bT5++Jp42kFKF3uNxvHwLqDzuEwYh+p3aue1N2M5KTg
-H6XclUgCoJ/0pahxyI8GvkxOQYx/kUeoBm1Gw0m4r8UnRkHiLLZtaGbawAyEvt9h
-yklH9xlmNgkFGyebgEPwVUG0Tg8lceW6uNxysLVJqJUCSahnKnjztA6raQXp2TCt
-sL0m8I0zAgMBAAECggEBAK720V1X9CpZmggvomgUy0SDKWx3z2dgvkEusYcfkvg+
-IF+vCSjKbQaN88vV524vogEQBKd8xSp8T1PsydRHaGDGtI+dvIIPVfG6+SHMvcTc
-n+uimUDRqPFUhBoNIHB9AEnUCYJC258vYzRaTiotFfDHhg2BR+pxltaTG86q/yDe
-vmVw1RJhf9V2g4t3IIVrviYl08jk1BaBlOIMMCLA1mgfSBCD02J9cOLjVCO3QsPA
-daR3qD2zOy7elAsbR0X25xFH7fDBiYj6XasawWiuYxihuJR9yLUbu2IXIQRZgE34
-LZeoc+GNAkUGC7AiNVoC0wnhEzSXtNg5pudiq7T6hyECgYEA8arqoMGNSwzkyB7l
-YbAeICCNXi870oyB+TzfJIaDlFNmxnpSETh2cE+xwJi6MSCrtIE7/5k7zfGn8OIF
-W6fqBIIum0tKdYdIyPKxsyJJsumqYYo0ukmiHhRmPy7oJ49DGip7em/Sm72L6Nv6
-SAnswsSDOYGOFd6SUXuLQCPQ/GMCgYEA6GoKvsAsRVMMODb2dYK+LHvWrE1/a4fd
-Q2YTpAk8CED9vxY3LlmF6Guuw0AwHGNkbxw0O7Le97+Ei5iP8P4sFFHorZ0byu3d
-leo2enR2cAS9JAc3ERrZDl9kS1Y/1jNE3To+tSjtjMecMj/mOOC/9RC3xUytfTQk
-FV71TGIxfPECgYBHdrdzWkkiDGoLE7fZL295KKclVupl1M8KmQmTj4ORdShLQRjL
-ptq/U5HI1mEY7gRYmG7ZosKgn/l9rhjPhdQaCTUnDxixsJPBeKM7ycPpeFe+CFSX
-Ufby1i12ObTFHgRF1JI3HqI1E9Qvw/07GFQ/NEVp1/ngVbUHC3WePfkq6QKBgAkX
-vPvhgNnleeDpJZNLXi1XWvq6vXVzh1CPucz9H4AjKspDED2b+wUw0VGKPVee+9rs
-+44qXVbMA1+CxH7lMsxIuBWyw9eYnsaytxbrX4baaJv0PE9LAZryWHYqFa1HrDYL
-hVCJHWIYnR/KKDOpd1kbIlVxvofbdl3vrSEj5lPBAoGBAMWJPg4YIL7etbE3UAXb
-aN9vuzH3Zh/yFCKJ2RHo1/tlqJKYRmW8mJSLSx2vVWg/xGIMfe8Eboj4TnlBJDOC
-gUjVCAnk3b9ZBEQqU5TKjB9h91xpJIkfd0Z7OiJJ7N+JWAtnUtFSux3kGgZi2aGP
-9rzRN4p1+s80q5+BjOUJrPi0
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/rsa3072-user-rsa2048.pem b/tests/hwsim/auth_serv/rsa3072-user-rsa2048.pem
deleted file mode 100644
index f5a4d632831c..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-user-rsa2048.pem
+++ /dev/null
@@ -1,96 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ad:8c:09:e8:fb:a2:88:d0
-        Signature Algorithm: sha384WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA
-        Validity
-            Not Before: Aug 19 10:56:47 2021 GMT
-            Not After : Aug 19 10:56:47 2023 GMT
-        Subject: C=FI, O=w1.fi, CN=user-rsa3072-rsa2048
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:db:66:ff:8b:95:66:96:2e:4a:74:02:80:43:fc:
-                    09:fa:b6:41:78:09:f8:e9:bf:6b:41:fd:5b:bf:cc:
-                    66:d8:07:c3:0d:ec:48:97:8d:2c:4f:58:f5:b5:27:
-                    07:ee:48:7c:6b:98:a2:76:e8:8b:94:11:77:68:36:
-                    43:1f:2c:88:9f:d6:40:df:ec:27:16:63:ae:34:1c:
-                    d5:ec:26:c5:d9:ad:77:a9:73:14:86:a3:a4:2e:67:
-                    63:fd:e8:d7:dd:c7:18:67:0a:d3:af:bf:7d:20:9a:
-                    67:fd:5c:c0:7c:6e:cc:d8:ab:3d:2b:8e:ae:09:0c:
-                    b5:23:d9:b4:f9:fb:e2:69:e3:69:05:28:5d:ee:37:
-                    1b:c7:c0:ba:83:ce:e1:30:62:1f:a9:dd:ab:9e:d4:
-                    dd:8c:e4:a4:e0:1f:a5:dc:95:48:02:a0:9f:f4:a5:
-                    a8:71:c8:8f:06:be:4c:4e:41:8c:7f:91:47:a8:06:
-                    6d:46:c3:49:b8:af:c5:27:46:41:e2:2c:b6:6d:68:
-                    66:da:c0:0c:84:be:df:61:ca:49:47:f7:19:66:36:
-                    09:05:1b:27:9b:80:43:f0:55:41:b4:4e:0f:25:71:
-                    e5:ba:b8:dc:72:b0:b5:49:a8:95:02:49:a8:67:2a:
-                    78:f3:b4:0e:ab:69:05:e9:d9:30:ad:b0:bd:26:f0:
-                    8d:33
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                CC:85:AA:3D:E4:37:51:3E:70:46:96:8E:00:65:C3:81:20:E0:E4:87
-            X509v3 Authority Key Identifier: 
-                keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70
-
-            X509v3 Subject Alternative Name: 
-                email:user-rsa3072-rsa2048@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha384WithRSAEncryption
-         cf:0f:89:a8:6e:1e:ca:36:a7:35:90:60:66:0a:d3:ae:59:00:
-         10:18:e7:33:26:96:df:36:81:0e:43:bd:e2:f9:38:ee:6f:9a:
-         9f:a2:f4:a2:75:58:ef:47:83:64:1b:aa:61:99:f9:49:53:5d:
-         cf:ab:e1:79:33:ad:d0:87:3e:b7:0b:8a:8e:aa:a2:0f:e1:be:
-         c9:91:c1:e7:d6:0d:e0:16:3d:4c:01:62:eb:c0:d5:7c:7b:94:
-         d5:6b:7b:0c:c0:d8:bd:0f:b6:b4:1c:7f:c7:77:40:e3:d1:c8:
-         d8:df:36:56:01:69:c6:10:20:c0:88:57:a4:cf:4b:99:1a:ba:
-         1b:4c:d3:06:1a:ce:b7:92:3d:71:47:5a:66:c0:84:a3:b3:92:
-         01:62:b8:8d:c0:b4:c3:f5:07:a3:93:38:94:e8:d5:76:04:19:
-         68:8b:11:5e:2e:03:64:8e:a9:ad:29:8b:45:a2:0d:4e:a3:c1:
-         33:a5:5c:5e:a4:7d:9e:7f:13:96:b6:f0:18:3b:8b:03:9c:fa:
-         2a:03:02:17:ef:6f:23:fe:a0:6d:b1:52:32:64:da:ac:d9:f8:
-         aa:bc:d4:8b:50:a7:3c:b4:ca:b5:62:5e:ce:87:f1:85:4e:a7:
-         98:85:ea:17:6e:3a:ef:5e:74:4e:13:7c:17:5b:72:92:aa:bf:
-         dc:b3:03:28:79:83:89:e5:b2:f9:85:64:f2:d1:7a:cb:cb:22:
-         87:1a:ce:34:c7:a3:8d:06:04:3d:ad:f8:f1:af:0b:d0:2a:06:
-         26:de:8d:fc:7a:07:0a:82:98:0b:2f:40:bb:d8:36:d7:7f:df:
-         ba:f3:b7:5d:5b:9b:8f:4f:48:71:b6:cf:05:e7:a3:6c:e8:37:
-         3a:f1:23:73:da:00:c3:b5:99:b1:eb:24:7f:57:8d:71:f4:37:
-         11:c3:61:19:3c:70:8b:9b:2a:cb:6f:5e:25:33:99:0f:d2:a4:
-         68:35:b5:2a:fb:8b:d4:9f:04:3f:58:e0:f4:d5:dd:a5:ca:d8:
-         55:00:50:db:51:ce
------BEGIN CERTIFICATE-----
-MIIEKDCCApCgAwIBAgIJAK2MCej7oojQMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
-BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMjEwODE5MTA1NjQ3WhcNMjMw
-ODE5MTA1NjQ3WjA8MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxHTAbBgNV
-BAMMFHVzZXItcnNhMzA3Mi1yc2EyMDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA22b/i5Vmli5KdAKAQ/wJ+rZBeAn46b9rQf1bv8xm2AfDDexIl40s
-T1j1tScH7kh8a5iiduiLlBF3aDZDHyyIn9ZA3+wnFmOuNBzV7CbF2a13qXMUhqOk
-Lmdj/ejX3ccYZwrTr799IJpn/VzAfG7M2Ks9K46uCQy1I9m0+fviaeNpBShd7jcb
-x8C6g87hMGIfqd2rntTdjOSk4B+l3JVIAqCf9KWocciPBr5MTkGMf5FHqAZtRsNJ
-uK/FJ0ZB4iy2bWhm2sAMhL7fYcpJR/cZZjYJBRsnm4BD8FVBtE4PJXHlurjccrC1
-SaiVAkmoZyp487QOq2kF6dkwrbC9JvCNMwIDAQABo4GXMIGUMAkGA1UdEwQCMAAw
-HQYDVR0OBBYEFMyFqj3kN1E+cEaWjgBlw4Eg4OSHMB8GA1UdIwQYMBaAFCH379rD
-NDrtzdVQwLO6Ce4/gNdwMCUGA1UdEQQeMByBGnVzZXItcnNhMzA3Mi1yc2EyMDQ4
-QHcxLmZpMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIFoDANBgkqhkiG
-9w0BAQwFAAOCAYEAzw+JqG4eyjanNZBgZgrTrlkAEBjnMyaW3zaBDkO94vk47m+a
-n6L0onVY70eDZBuqYZn5SVNdz6vheTOt0Ic+twuKjqqiD+G+yZHB59YN4BY9TAFi
-68DVfHuU1Wt7DMDYvQ+2tBx/x3dA49HI2N82VgFpxhAgwIhXpM9LmRq6G0zTBhrO
-t5I9cUdaZsCEo7OSAWK4jcC0w/UHo5M4lOjVdgQZaIsRXi4DZI6prSmLRaINTqPB
-M6VcXqR9nn8TlrbwGDuLA5z6KgMCF+9vI/6gbbFSMmTarNn4qrzUi1CnPLTKtWJe
-zofxhU6nmIXqF2467150ThN8F1tykqq/3LMDKHmDieWy+YVk8tF6y8sihxrONMej
-jQYEPa348a8L0CoGJt6N/HoHCoKYCy9Au9g213/fuvO3XVubj09IcbbPBeejbOg3
-OvEjc9oAw7WZseskf1eNcfQ3EcNhGTxwi5sqy29eJTOZD9KkaDW1KvuL1J8EP1jg
-9NXdpcrYVQBQ21HO
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/rsa3072-user-rsa2048.req b/tests/hwsim/auth_serv/rsa3072-user-rsa2048.req
deleted file mode 100644
index 5dc231bc0b4c..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-user-rsa2048.req
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIClDCCAXwCAQAwTzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUdXNlci1yc2EzMDcyLXJzYTIwNDgwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbZv+LlWaWLkp0AoBD/An6tkF4
-Cfjpv2tB/Vu/zGbYB8MN7EiXjSxPWPW1JwfuSHxrmKJ26IuUEXdoNkMfLIif1kDf
-7CcWY640HNXsJsXZrXepcxSGo6QuZ2P96NfdxxhnCtOvv30gmmf9XMB8bszYqz0r
-jq4JDLUj2bT5++Jp42kFKF3uNxvHwLqDzuEwYh+p3aue1N2M5KTgH6XclUgCoJ/0
-pahxyI8GvkxOQYx/kUeoBm1Gw0m4r8UnRkHiLLZtaGbawAyEvt9hyklH9xlmNgkF
-GyebgEPwVUG0Tg8lceW6uNxysLVJqJUCSahnKnjztA6raQXp2TCtsL0m8I0zAgMB
-AAGgADANBgkqhkiG9w0BAQwFAAOCAQEAIymC4XT/XzkwrdIS/gE7QOu144FJiy4Y
-gA+udw+z4n1e59j9nNTVcaVliSWl4J33XYdUAAiSq78gRUW8xzhrjri1QkNyYg9M
-/ZkjkFN0vqFLr/ts8SX6x8VuqHGSzP1DCOKcYGLRXZWvzA8LMz4ZmxVdzEGEAL3Z
-UQwfAPXvervh2jKtesi2UeCM3PyJmterxCuPyujybK4WvRVvxMSsCOiIT4LzxKfD
-MuRZ/7UbGoVOBXwrlYfrr+UmVLc9HJG86GvOKCgnQh0s/QaM69PPLRajXIh4eJdj
-v7YnrfnxEV8wmTUg9QjMOdnlDCmPZcAyGBEubNYSzJAzE8aOQOi0bA==
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/rsa3072-user.key b/tests/hwsim/auth_serv/rsa3072-user.key
deleted file mode 100644
index 11afa84b0164..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-user.key
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCSd2eORDSDqDf5
-qcRyXHFynTUdPYw0Ilwk+IeB3t6spZN3xTikgpyMBpsUi1IJMkwxxfjpL2SKOQpw
-nk6KnLylq3gYUkR1/sMAYecfRcAScuQ4niid9nZgcLN7EcqQmCrqJsBcrqkSzFIR
-pgKs6FlWeqiT7P0G7qzorxdoV085ytRISYq0jT4hUaOW558k5fUQ5zb+jjOyfSJm
-j0Jlzw9PzKMkD+O6mIk1p1SZ7IFHxC+yOzuyTM6kqFpmEECODX1n2O0a/eVhFtv1
-THNAOeN9bycmCGgYAt87WgQKCMVTux0AkWz2OCrwqp8rNm6VJKcahNhcavjVP2IP
-IEu3lsbCG/iBZBMVeptdmO4P2XM31TyfNVKT33KdidSfIPIThRIAfCMnzvnd4reC
-CaL6JlQix/20+hrTbSmPG2cTL9ji8Fx1nqp5/MG3SF0IEgE3eBP5Uzc6qCE45190
-+4VTayFrgsmlQSyjOXQUoFwDyBMXVaYVRVI8ubk//tmoFG8gxSECAwEAAQKCAYBq
-xnOPCngCNwM/lhzphi0KckMDYxgv9ZCZPzmCWxiYYkjkerm1bKZ1imdKDdsrayiS
-7JFuZad1AOp0eWQmtubsG9n8WRUhtC0yvSzB5paEnI92Gw7fQYrA+chOgwTabqRy
-ePepWYdWde+qgAzZQrXGTrtQw+ceQ6d4JhT5cxUFu7EQVdSxlXpizeJlo8uoGaCT
-xwuXfdGAYKtQe0XbdJzj/vo70v2gzYzRuX/6iqkgyYw/8eCuNkI7VaQ5XcXCCWB1
-nCf578JBXynJEpEBh6FEZj6LzBD7aop2ErYkiTRdWKTvweqVxSQtiiS//FH91tiy
-hMm61mzgf4kTf1FsFokp+xssSbHKhxTsZO4pXoupdUTfG9B8vAlbQObDiOmLUtdX
-mpXkDDnZUD//alLGxbiOmncH4K/VGuZuSXnSkbUnjrdkOGVtSy4cwxAbgii1z6D9
-jeImt4vTvFkt3jiqfPs7/c6M6giEY3OyjbR8P3jksBC4urKTWI+B010AsKUur5UC
-gcEAwnj7nNSyABEhyimKIfGIjXGiKaRevfstRTs+fRYWGkcVvVZQ2s1xxTAXGiYa
-kJgFUL3lTfbdvkTHEp5U7PrC4ErXBAV61fjv9DfRGFTIvtOM10YfrS/GeZuJYHXe
-abrVliB56jiOg2tq6XrKPe6f7vZFDaan2srh0/FN/CEHom2WS7mQL+VjwwCtBZHh
-aMMkg/bW9qaV0fWwi2dK97vcQzb3udgnnC6M2P6bK7og9Vfa8tW8kVtSBVjyoGu7
-1aCrAoHBAMDOO+LM8nPhju/jeWH2366YhGbRZM2lpqb6b7c/09AUC4ESK82S9AKe
-1Ppa8Q5KnaI0PAg7V6CebL1EjGgzUcWZWzC7Q8u+In7ktq09G0uk6vtlfpwjx4OU
-Q9DiosZdBASKmhQpmYRYawbvjQXhPIexAYSvwb+930g93+gmLOXOtg1C/y2vHtsm
-JU8bCkXceC2PsCB2D8aOKlUoyutXMW8VX0VmBab0JBuTp9T+woYp5RXj2Id1CuOC
-BlJZZNjpYwKBwQC9wGJxsi9EVXMM2N9JI21D5d5+lz1CTfTsGlRspMJIPZf+uFwI
-QnGCH9xKzWcaMtrs330AR6IxZtZ/WjIvULYZN6z45YfnhBBN0LCa9w8w8yX3XxrF
-V1pnidXPYvLzYzPIWkPav/h+Tq9wxTjUmSNAfNb/7N7XYyJaNJcNLgVO/XKqzJLd
-yQtAWEZ6qs6v88iLYqx42i5RQVNTkiPZ+Vl/1AB/O2PaxqjziepKDkDeYyzlyJtH
-kT1Ernd/A9+xICUCgcAszkCAflxBrcNH4DcPGw30RyFNu4+PctV9rGlVzpFso5vg
-zNY9Gc925G5eF9A5IAHt9fGVgCTnAKoIeeufM33nS7IzavFgYbkmgAQr0i2LsLGi
-5n07z9zHqSbxXhmxu1/5pjQUR26ToPCOVhERsrwcVHgj26xM4NUItshX7Lc2WIla
-H52pgi7LgtvcvE3w2kFbZS7q/ETCQbt4utgdRNAKHo9bU1Aw8j+J4RB5oRKXlxjT
-s3VYVUzIfij17ixPdD0CgcA8LTjVgy6jeCeCWIUjoAlPLuMB3A/zU3ZxeWJ7uEUj
-Xjz/6ToSQBWtbW1xtKBW9RZBzbIZCgiNBqO38DqKzoKY6T/muIJniLUW5lshj5B5
-XFSanprP/vp+J8lEaTiVAAfsbt2/ZuZq+IAxwDo9oifr5NtKvexaiEJ0apx/e0yg
-tvwouNj0+z89rF2INCDbWB3750mPcBRafASXyVRCwiopzfdFHZB1boUcSq7cRY2R
-cTEirRqQCdUI6fmEGFMYR6A=
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/rsa3072-user.pem b/tests/hwsim/auth_serv/rsa3072-user.pem
deleted file mode 100644
index dff6581f629a..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-user.pem
+++ /dev/null
@@ -1,106 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ad:8c:09:e8:fb:a2:88:cf
-        Signature Algorithm: sha384WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA
-        Validity
-            Not Before: Aug 19 10:56:47 2021 GMT
-            Not After : Aug 19 10:56:47 2023 GMT
-        Subject: C=FI, O=w1.fi, CN=user-rsa3072
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
-                Modulus:
-                    00:92:77:67:8e:44:34:83:a8:37:f9:a9:c4:72:5c:
-                    71:72:9d:35:1d:3d:8c:34:22:5c:24:f8:87:81:de:
-                    de:ac:a5:93:77:c5:38:a4:82:9c:8c:06:9b:14:8b:
-                    52:09:32:4c:31:c5:f8:e9:2f:64:8a:39:0a:70:9e:
-                    4e:8a:9c:bc:a5:ab:78:18:52:44:75:fe:c3:00:61:
-                    e7:1f:45:c0:12:72:e4:38:9e:28:9d:f6:76:60:70:
-                    b3:7b:11:ca:90:98:2a:ea:26:c0:5c:ae:a9:12:cc:
-                    52:11:a6:02:ac:e8:59:56:7a:a8:93:ec:fd:06:ee:
-                    ac:e8:af:17:68:57:4f:39:ca:d4:48:49:8a:b4:8d:
-                    3e:21:51:a3:96:e7:9f:24:e5:f5:10:e7:36:fe:8e:
-                    33:b2:7d:22:66:8f:42:65:cf:0f:4f:cc:a3:24:0f:
-                    e3:ba:98:89:35:a7:54:99:ec:81:47:c4:2f:b2:3b:
-                    3b:b2:4c:ce:a4:a8:5a:66:10:40:8e:0d:7d:67:d8:
-                    ed:1a:fd:e5:61:16:db:f5:4c:73:40:39:e3:7d:6f:
-                    27:26:08:68:18:02:df:3b:5a:04:0a:08:c5:53:bb:
-                    1d:00:91:6c:f6:38:2a:f0:aa:9f:2b:36:6e:95:24:
-                    a7:1a:84:d8:5c:6a:f8:d5:3f:62:0f:20:4b:b7:96:
-                    c6:c2:1b:f8:81:64:13:15:7a:9b:5d:98:ee:0f:d9:
-                    73:37:d5:3c:9f:35:52:93:df:72:9d:89:d4:9f:20:
-                    f2:13:85:12:00:7c:23:27:ce:f9:dd:e2:b7:82:09:
-                    a2:fa:26:54:22:c7:fd:b4:fa:1a:d3:6d:29:8f:1b:
-                    67:13:2f:d8:e2:f0:5c:75:9e:aa:79:fc:c1:b7:48:
-                    5d:08:12:01:37:78:13:f9:53:37:3a:a8:21:38:e7:
-                    5f:74:fb:85:53:6b:21:6b:82:c9:a5:41:2c:a3:39:
-                    74:14:a0:5c:03:c8:13:17:55:a6:15:45:52:3c:b9:
-                    b9:3f:fe:d9:a8:14:6f:20:c5:21
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                B1:4F:36:17:24:40:AD:6B:05:33:87:C4:AD:4F:4A:53:AF:F5:D6:23
-            X509v3 Authority Key Identifier: 
-                keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70
-
-            X509v3 Subject Alternative Name: 
-                email:user-rsa3072@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha384WithRSAEncryption
-         46:8b:f8:99:9e:59:45:06:16:c4:09:52:4e:06:63:25:55:9f:
-         e7:4b:65:41:b3:af:64:1f:ff:70:17:18:a4:0f:d7:95:97:bd:
-         81:2a:f7:df:8f:c5:76:ec:f0:95:4d:c2:17:3f:54:7d:63:1a:
-         82:3c:22:7b:49:55:6c:c0:9b:a2:66:fe:9c:d5:ce:ee:9c:f0:
-         f3:17:32:84:09:0d:e6:a9:13:a5:af:94:95:ed:8c:85:cd:c9:
-         65:ed:6a:05:3f:56:8d:07:1e:be:b4:eb:5b:92:d3:bb:90:4f:
-         1c:e7:3b:bc:b0:9a:da:c9:d7:14:55:de:a7:68:d0:c7:58:7e:
-         73:21:4b:9c:9e:37:38:d3:e2:77:ec:56:8e:b7:43:01:4a:7c:
-         15:0e:ed:b9:e5:fe:28:b9:df:f4:4f:96:43:2d:9c:d3:7f:dc:
-         46:37:8e:3a:60:47:1b:24:b6:a5:df:34:7b:b5:32:6a:1c:f0:
-         37:3c:10:0a:5c:53:6b:11:11:aa:1c:4b:da:d2:b5:e0:59:ee:
-         f1:0f:0c:f5:ec:49:14:24:a1:68:39:b2:85:c6:30:79:e1:ac:
-         5e:08:1a:93:ba:fc:97:1c:aa:e2:1f:99:2c:ca:0b:3f:7a:ab:
-         9e:35:ab:b7:78:f5:a0:d2:38:f8:ed:91:e7:9e:0c:b7:fc:ce:
-         d9:bc:f6:f5:cc:6b:a2:0a:78:94:ac:16:aa:f5:b3:8b:7e:e8:
-         3d:67:4d:e8:5d:fc:6a:f1:a4:0f:7d:20:f0:e7:7f:af:f4:71:
-         73:e5:77:e3:6b:41:9b:25:fb:65:4a:96:60:ac:58:18:27:21:
-         a3:aa:89:fb:c3:e6:e5:bf:ad:89:92:ae:9e:66:18:49:6f:16:
-         01:2c:05:76:17:92:34:9a:dc:ed:d8:e0:f6:20:37:29:ef:4b:
-         6c:6e:23:94:67:3d:c8:04:39:46:10:c5:bf:02:cf:1a:52:b6:
-         43:35:84:aa:b1:0e:0b:d7:cb:4c:89:bc:43:f8:84:3f:39:8f:
-         6e:ea:28:e6:d9:a6
------BEGIN CERTIFICATE-----
-MIIEmDCCAwCgAwIBAgIJAK2MCej7oojPMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
-BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMjEwODE5MTA1NjQ3WhcNMjMw
-ODE5MTA1NjQ3WjA0MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxFTATBgNV
-BAMMDHVzZXItcnNhMzA3MjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
-AJJ3Z45ENIOoN/mpxHJccXKdNR09jDQiXCT4h4He3qylk3fFOKSCnIwGmxSLUgky
-TDHF+OkvZIo5CnCeToqcvKWreBhSRHX+wwBh5x9FwBJy5DieKJ32dmBws3sRypCY
-KuomwFyuqRLMUhGmAqzoWVZ6qJPs/QburOivF2hXTznK1EhJirSNPiFRo5bnnyTl
-9RDnNv6OM7J9ImaPQmXPD0/MoyQP47qYiTWnVJnsgUfEL7I7O7JMzqSoWmYQQI4N
-fWfY7Rr95WEW2/VMc0A5431vJyYIaBgC3ztaBAoIxVO7HQCRbPY4KvCqnys2bpUk
-pxqE2Fxq+NU/Yg8gS7eWxsIb+IFkExV6m12Y7g/ZczfVPJ81UpPfcp2J1J8g8hOF
-EgB8IyfO+d3it4IJovomVCLH/bT6GtNtKY8bZxMv2OLwXHWeqnn8wbdIXQgSATd4
-E/lTNzqoITjnX3T7hVNrIWuCyaVBLKM5dBSgXAPIExdVphVFUjy5uT/+2agUbyDF
-IQIDAQABo4GPMIGMMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLFPNhckQK1rBTOHxK1P
-SlOv9dYjMB8GA1UdIwQYMBaAFCH379rDNDrtzdVQwLO6Ce4/gNdwMB0GA1UdEQQW
-MBSBEnVzZXItcnNhMzA3MkB3MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
-HQ8EBAMCBaAwDQYJKoZIhvcNAQEMBQADggGBAEaL+JmeWUUGFsQJUk4GYyVVn+dL
-ZUGzr2Qf/3AXGKQP15WXvYEq99+PxXbs8JVNwhc/VH1jGoI8IntJVWzAm6Jm/pzV
-zu6c8PMXMoQJDeapE6WvlJXtjIXNyWXtagU/Vo0HHr6061uS07uQTxznO7ywmtrJ
-1xRV3qdo0MdYfnMhS5yeNzjT4nfsVo63QwFKfBUO7bnl/ii53/RPlkMtnNN/3EY3
-jjpgRxsktqXfNHu1Mmoc8Dc8EApcU2sREaocS9rSteBZ7vEPDPXsSRQkoWg5soXG
-MHnhrF4IGpO6/JccquIfmSzKCz96q541q7d49aDSOPjtkeeeDLf8ztm89vXMa6IK
-eJSsFqr1s4t+6D1nTehd/GrxpA99IPDnf6/0cXPld+NrQZsl+2VKlmCsWBgnIaOq
-ifvD5uW/rYmSrp5mGElvFgEsBXYXkjSa3O3Y4PYgNynvS2xuI5RnPcgEOUYQxb8C
-zxpStkM1hKqxDgvXy0yJvEP4hD85j27qKObZpg==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/rsa3072-user.req b/tests/hwsim/auth_serv/rsa3072-user.req
deleted file mode 100644
index c3d197411356..000000000000
--- a/tests/hwsim/auth_serv/rsa3072-user.req
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDjDCCAfQCAQAwRzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w
-DAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMdXNlci1yc2EzMDcyMIIBojANBgkqhkiG
-9w0BAQEFAAOCAY8AMIIBigKCAYEAkndnjkQ0g6g3+anEclxxcp01HT2MNCJcJPiH
-gd7erKWTd8U4pIKcjAabFItSCTJMMcX46S9kijkKcJ5Oipy8pat4GFJEdf7DAGHn
-H0XAEnLkOJ4onfZ2YHCzexHKkJgq6ibAXK6pEsxSEaYCrOhZVnqok+z9Bu6s6K8X
-aFdPOcrUSEmKtI0+IVGjluefJOX1EOc2/o4zsn0iZo9CZc8PT8yjJA/jupiJNadU
-meyBR8Qvsjs7skzOpKhaZhBAjg19Z9jtGv3lYRbb9UxzQDnjfW8nJghoGALfO1oE
-CgjFU7sdAJFs9jgq8KqfKzZulSSnGoTYXGr41T9iDyBLt5bGwhv4gWQTFXqbXZju
-D9lzN9U8nzVSk99ynYnUnyDyE4USAHwjJ8753eK3ggmi+iZUIsf9tPoa020pjxtn
-Ey/Y4vBcdZ6qefzBt0hdCBIBN3gT+VM3OqghOOdfdPuFU2sha4LJpUEsozl0FKBc
-A8gTF1WmFUVSPLm5P/7ZqBRvIMUhAgMBAAGgADANBgkqhkiG9w0BAQwFAAOCAYEA
-WDsGMRPDTMIrBUPqqRztaslOEL0wylg7frSuUPpaWBO6Gjwo+6JmmVTIUcCTTmR9
-7OUlmo8zf6+AR+as1rBb0tXmM1uifP9ml7yE2aNnPG6ACQSvYzF5ra95+qqWY9kH
-j6OWxW7hsirmNS8BfaIu0eK6OeG+4yfmOI784VR6JndnsrQ9cviv/FYX1+NLSH85
-wp2M8fXoeC7Qnwe6D8+pTj0v/HEcIL5ZRrYjeaZSyCMXkpUDyfY0L18HbklUxn+K
-nWWQoWZy3QXSc5vub7POeCnIm9mKIU+n8sAwqQ3Xx01gJBK4wrO0uGv3tsTCfs+7
-0zsECDr21fCQAJGJHEfPWYKhRHx5SiTtUK6/KiVsPYaBK8Ac5+QwscXzYKJyzi8Y
-e+v5YTFOZ4L1Ub8/TBaeB1J8CAtrwZkB5a50wRM2GHhushXTsnArvjForsmGHMhl
-7CKB06/Ry69SwE1+Nl88kdYGsVcVoJEFvz0aLIra7BeZyJPkanlmDUD61iXf7Dkk
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-certpol.csr b/tests/hwsim/auth_serv/server-certpol.csr
deleted file mode 100644
index 2e1c31a2b7bd..000000000000
--- a/tests/hwsim/auth_serv/server-certpol.csr
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDlDCCAfwCAQAwTzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMR4wHAYDVQQDDBVzZXJ2ZXItcG9saWNpZXMudzEuZmkwggGi
-MA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDSpu+bvWBjoXWtS9NvWV6E+mSg
-ZCQLeEj8jWaLL24dRCuuw22UusujNL4LTkeNW9mZpqgHCYdVsjd+R2dcdF8sg3my
-CEe07E/vdVhnxlhMT2jBGBqETXgjSJoUOG5bShLrhsT3TDisY6dh+rNkfIkOKfef
-+HXD75DCcZahq2nTwnQTz+j3CZjtOnnWxEZJk3g7FqWp3fDrvUSn3E7O96fJP3gI
-iwXGFy7u3xGg9/VYgHbCNO+5eL7EXL5fXte3zaMSxON2/GSFZGVr2lzJOFA5iXLl
-IO+5C8wyJjx5XkqNeI1q3XM6yEInQw3dBR+8hN9WLX6YUJ6LeLDn/ag5B1cFEvwA
-74nwPwP2k1uwRFdhYUcFbMQWmGG4kzJFOfu7jjuHGF86B1fRmIkdhbde6htReZRc
-2Pq9unUAA+P0A81c2xahrLf0k37smrDmnE5dPLoBMsxwykk8kv7SiIGd2/S7gP7v
-iVDqgJW9xPoo2MCGYTfXmSuOuQZ4mghEF9oZNZcCAwEAAaAAMA0GCSqGSIb3DQEB
-CwUAA4IBgQC9HigmR7s38B1IRYNJ1WwC7UlV4fFTElisntPXiQsDZzvZ0Gufsobx
-Bk/As4DWsQEJ17EvF0LXnsgRG670bnh/YibkaVBF71XLkBAfkXGaa1nw4VNC4EEJ
-sPIcrEQGxhkAJHvT3cZ0zWQnSKbcZbt6Vn0bNoRPihDKTek6dPPI9HamDsu0OBl1
-l8FdMfG4Ge1NquABvgBSrt85XHXfCBYlXBsnJ5XeA8A2t7JtW6C51EVGGachglPB
-ajrtuD00puJ+Cx+a7k5OHniTpAUHS6EOYpcWcUrzIKVCAGlHFd4XOZdD0hP7/eFR
-H57JjFTwDENSCU1GiRwra/ACswR2XWYQH0v+CvbKUx6ZivtKLkuGr4go/YIgVeXq
-WM7b+tDopZVFsjdrbkuefkimYIJdwmZXukM5qP0pKTGNM9zeBaAs9bAKDs42jF2f
-8i9M7DpIzJ9X1Y8xhaBEjodUcCtT5LFPNh0JT5wwkbS2SGgQiti3MdcnQQYqXDUZ
-xd6npHU4F+c=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-certpol.key b/tests/hwsim/auth_serv/server-certpol.key
deleted file mode 100644
index fdd41eb1d05c..000000000000
--- a/tests/hwsim/auth_serv/server-certpol.key
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSpu+bvWBjoXWt
-S9NvWV6E+mSgZCQLeEj8jWaLL24dRCuuw22UusujNL4LTkeNW9mZpqgHCYdVsjd+
-R2dcdF8sg3myCEe07E/vdVhnxlhMT2jBGBqETXgjSJoUOG5bShLrhsT3TDisY6dh
-+rNkfIkOKfef+HXD75DCcZahq2nTwnQTz+j3CZjtOnnWxEZJk3g7FqWp3fDrvUSn
-3E7O96fJP3gIiwXGFy7u3xGg9/VYgHbCNO+5eL7EXL5fXte3zaMSxON2/GSFZGVr
-2lzJOFA5iXLlIO+5C8wyJjx5XkqNeI1q3XM6yEInQw3dBR+8hN9WLX6YUJ6LeLDn
-/ag5B1cFEvwA74nwPwP2k1uwRFdhYUcFbMQWmGG4kzJFOfu7jjuHGF86B1fRmIkd
-hbde6htReZRc2Pq9unUAA+P0A81c2xahrLf0k37smrDmnE5dPLoBMsxwykk8kv7S
-iIGd2/S7gP7viVDqgJW9xPoo2MCGYTfXmSuOuQZ4mghEF9oZNZcCAwEAAQKCAYA/
-Xm6oOCD9971Rw4S4c3cGo9iPk3Bwbt/t8Y+OgVcrwK0vZqTZYBQQZbZh6kuGD8J3
-AXZ8n3Yx5mnhOBO08WEMIAUE9I61s30ceP1+QmGfmyfVJq4bbL6eRqHrQUqZdcAZ
-UDKCflByM4xP4j4DFZ+ZPjC60+CBb9jpVYhN3CX6yP1oVFwtrJpviu7KF8NZMN6z
-T83IOvbVw9sacCDZDBFSbiBq2X+EJsc8nqhL9yu8UvDm3UvcTKF+qrOuNvbH2TkP
-+vxSVC8Y81VoBR5ngsQzZc+XDrplMb/BA4UJVncxMJ8kg0U08RwDTYwoLo6vKeus
-xqGESyBbjbC5QpPdX+hjHqmNdjjbYS47zkWrZ8geE5jpIx9A1hePd/MxZeX9rZWp
-lZm8yWF5DMFF6CZxc/FlYI0aXP8C1rV+GBZ5gkRq/6E5hiLbdbbNGB6IENvACIbD
-qQwwuIl8qwIgzBey6e0WYnKH1U00YIUg8OgXXFsjzAw40ltPCjwoRt9KSOp3MxkC
-gcEA/3XjtPvq2eauJjFTJ1ewLmbu2JTV+8mrA39UD0clCqptH7fVaSdxjeniOu7/
-UiPjNoFMr8+Ec6s/RkIWyOeKVjnKhqVLR91XGXz8PzYQMvhKmfEHfe7mCZ94RapU
-Hl2k6ZpJLq384i/5KYDU3i3a+9DD+iZQ4P66HGnCKLILpbV8vz4ZFASp8ffU1snL
-JPLm3UhqTVf4ZeJlL5xbuqk9QHl7jz5UDNpytk5zkEPCDzh0OH+OyZ+nSJiKDok2
-pjM7AoHBANMY0lGwDavtTf9xghLHtevQlJSm/JbBfM7Hp81/UY+Ibl7uRyQXkEdd
-03szMFoP0UbsJHg9hPN07yv3rJpyBh2O5atgWqidYq4nJLBC1a5RALiqfaHnJNhe
-IV4d8+TE0jOLUE2cMuWQFabKpHCGZ4GdTZNMsz1VKCx3cQwQ7GF75ZKBKIYYxMNi
-yIen+dpCmEAvubMXLyB24mGQ3qbIml01cT7R1j1QNVGvXGDRhhRGlyzm8W1decza
-CX9mgUVpVQKBwQCqDWX5EkExsDd5QRhjdiHXobmY/uq643Itr9LbILbttKlTleJA
-T3ttxqVMKdBYc39KxyOvXOqEvRgvwsq8DjWuVGYW322Pdy4Fz4dy5KA/7bxrYWFl
-WWRUP42mgk3gsOGYh5XztupB/0FTeWk6RTgirMPofx0TyT1GsLgIswzB0GAsRkAX
-bUtbwWgzWr0Z6X/5Cb2Joue9mslUujbtuL8Hblbr8cetjrUR2oNfI1vJGgFzoqYA
-XYDT+IbeSkTQugUCgcEAo5pRJk4zylOYZ6kpDjUJoUF+ZdclXBGJERlby8ApDfzG
-zXwOVsKMZ0MobAs4JhSsNTM+8JF9QNIXqxPBCdHlO3NMPI3otVWE7UQZAyJJSVgu
-HvDDfX8O50HMyoycQWjpIFmQWxX7vD73CNV0rGD+R04KmWaQY7Bj+lJ3ospa6RKE
-0g6XwZXgqS0eDUT6N1X1eYmDenE1bQu2V7dXWBuQxzxsECvAxrQrHquyBLdeGsi6
-0WoLIp+XjlRNmBdxiMIhAoHANi3K+ExLqmkbspSOmRUJiDkxxoaZAvc0EfqUBRU1
-8H1syqeBzIKYbIsmipWoHgapJPuDtMKWS/7EihkkHTlMjBMORr/JgF14TYAK5nP1
-/YUUv7UgsJvBFZLLepbbcrNxeb2WC9TsdNlxxpwx89661sBiDrwPztBEqyGPBa/b
-oOwesnmVlDS/BjUUt7xNHHxGMRNE0eOg7x7NIplPb5y7+X5BTwpuuzHRcimUpIbr
-V+nPmVUHX6GcYg7TZpT+bgcO
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-certpol.pem b/tests/hwsim/auth_serv/server-certpol.pem
deleted file mode 100644
index b72f528fe294..000000000000
--- a/tests/hwsim/auth_serv/server-certpol.pem
+++ /dev/null
@@ -1,102 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:6f
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=server-policies.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
-                Modulus:
-                    00:d2:a6:ef:9b:bd:60:63:a1:75:ad:4b:d3:6f:59:
-                    5e:84:fa:64:a0:64:24:0b:78:48:fc:8d:66:8b:2f:
-                    6e:1d:44:2b:ae:c3:6d:94:ba:cb:a3:34:be:0b:4e:
-                    47:8d:5b:d9:99:a6:a8:07:09:87:55:b2:37:7e:47:
-                    67:5c:74:5f:2c:83:79:b2:08:47:b4:ec:4f:ef:75:
-                    58:67:c6:58:4c:4f:68:c1:18:1a:84:4d:78:23:48:
-                    9a:14:38:6e:5b:4a:12:eb:86:c4:f7:4c:38:ac:63:
-                    a7:61:fa:b3:64:7c:89:0e:29:f7:9f:f8:75:c3:ef:
-                    90:c2:71:96:a1:ab:69:d3:c2:74:13:cf:e8:f7:09:
-                    98:ed:3a:79:d6:c4:46:49:93:78:3b:16:a5:a9:dd:
-                    f0:eb:bd:44:a7:dc:4e:ce:f7:a7:c9:3f:78:08:8b:
-                    05:c6:17:2e:ee:df:11:a0:f7:f5:58:80:76:c2:34:
-                    ef:b9:78:be:c4:5c:be:5f:5e:d7:b7:cd:a3:12:c4:
-                    e3:76:fc:64:85:64:65:6b:da:5c:c9:38:50:39:89:
-                    72:e5:20:ef:b9:0b:cc:32:26:3c:79:5e:4a:8d:78:
-                    8d:6a:dd:73:3a:c8:42:27:43:0d:dd:05:1f:bc:84:
-                    df:56:2d:7e:98:50:9e:8b:78:b0:e7:fd:a8:39:07:
-                    57:05:12:fc:00:ef:89:f0:3f:03:f6:93:5b:b0:44:
-                    57:61:61:47:05:6c:c4:16:98:61:b8:93:32:45:39:
-                    fb:bb:8e:3b:87:18:5f:3a:07:57:d1:98:89:1d:85:
-                    b7:5e:ea:1b:51:79:94:5c:d8:fa:bd:ba:75:00:03:
-                    e3:f4:03:cd:5c:db:16:a1:ac:b7:f4:93:7e:ec:9a:
-                    b0:e6:9c:4e:5d:3c:ba:01:32:cc:70:ca:49:3c:92:
-                    fe:d2:88:81:9d:db:f4:bb:80:fe:ef:89:50:ea:80:
-                    95:bd:c4:fa:28:d8:c0:86:61:37:d7:99:2b:8e:b9:
-                    06:78:9a:08:44:17:da:19:35:97
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                3E:AD:0D:4D:7E:FA:A2:4A:D5:F5:31:EA:B6:B4:BF:83:B1:55:7E:C7
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Subject Alternative Name: 
-                DNS:server-policies.w1.fi
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.40808.1.3.1
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         ae:91:58:d8:0f:03:02:4e:84:da:cd:13:7d:5c:d0:52:04:08:
-         7f:ea:12:73:5d:ad:a1:64:a2:0d:e6:83:ca:fa:35:7d:1e:35:
-         bd:24:5d:19:b7:1b:f4:dd:75:a0:86:60:65:e0:73:69:55:ae:
-         37:13:82:99:ad:8a:fb:de:73:51:45:b6:38:e0:3a:6c:b0:f1:
-         e8:b3:09:10:f9:89:87:c9:64:be:ac:27:c2:cc:e9:1b:dc:0f:
-         c4:37:8e:1e:a3:16:2c:42:ed:da:c9:27:c0:ee:fd:45:62:b1:
-         e6:71:ca:a5:a3:3b:6b:62:03:fb:a3:aa:fd:b4:0e:e2:3f:d1:
-         c1:27:92:54:e8:fa:34:01:d3:4f:22:6e:00:24:e7:34:7a:e6:
-         ef:6e:d3:6b:ae:f2:a9:df:dd:79:1b:1f:ee:52:56:69:26:dc:
-         0e:e8:48:9f:36:11:0e:c7:7c:48:ec:0a:c2:d6:ea:f7:9a:06:
-         65:e1:6c:77:45:76:51:2d:74:2d:16:6a:0b:1b:76:d7:46:2f:
-         e1:30:ea:59:c9:0f:da:43:c6:bf:4b:0e:31:9c:ae:80:0a:bb:
-         86:d0:ee:91:0d:9a:72:3e:8d:c4:bc:08:43:d2:31:ba:06:2b:
-         b6:27:ba:f1:bb:56:22:1a:f8:b4:46:32:da:bf:0a:1c:a6:1e:
-         4b:03:23:c1
------BEGIN CERTIFICATE-----
-MIIEWDCCA0CgAwIBAgIJANjT46bL481vMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMD0xCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEeMBwGA1UEAwwVc2VydmVyLXBvbGlj
-aWVzLncxLmZpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0qbvm71g
-Y6F1rUvTb1lehPpkoGQkC3hI/I1miy9uHUQrrsNtlLrLozS+C05HjVvZmaaoBwmH
-VbI3fkdnXHRfLIN5sghHtOxP73VYZ8ZYTE9owRgahE14I0iaFDhuW0oS64bE90w4
-rGOnYfqzZHyJDin3n/h1w++QwnGWoatp08J0E8/o9wmY7Tp51sRGSZN4Oxalqd3w
-671Ep9xOzvenyT94CIsFxhcu7t8RoPf1WIB2wjTvuXi+xFy+X17Xt82jEsTjdvxk
-hWRla9pcyThQOYly5SDvuQvMMiY8eV5KjXiNat1zOshCJ0MN3QUfvITfVi1+mFCe
-i3iw5/2oOQdXBRL8AO+J8D8D9pNbsERXYWFHBWzEFphhuJMyRTn7u447hxhfOgdX
-0ZiJHYW3XuobUXmUXNj6vbp1AAPj9APNXNsWoay39JN+7Jqw5pxOXTy6ATLMcMpJ
-PJL+0oiBndv0u4D+74lQ6oCVvcT6KNjAhmE315krjrkGeJoIRBfaGTWXAgMBAAGj
-gdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUPq0NTX76okrV9THqtrS/g7FVfscw
-HwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDMp+EwNQYIKwYBBQUHAQEEKTAn
-MCUGCCsGAQUFBzABhhlodHRwOi8vc2VydmVyLncxLmZpOjg4ODgvMCAGA1UdEQQZ
-MBeCFXNlcnZlci1wb2xpY2llcy53MS5maTAYBgNVHSAEETAPMA0GCysGAQQBgr5o
-AQMBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCukVjY
-DwMCToTazRN9XNBSBAh/6hJzXa2hZKIN5oPK+jV9HjW9JF0Ztxv03XWghmBl4HNp
-Va43E4KZrYr73nNRRbY44DpssPHoswkQ+YmHyWS+rCfCzOkb3A/EN44eoxYsQu3a
-ySfA7v1FYrHmccqloztrYgP7o6r9tA7iP9HBJ5JU6Po0AdNPIm4AJOc0eubvbtNr
-rvKp3915Gx/uUlZpJtwO6EifNhEOx3xI7ArC1ur3mgZl4Wx3RXZRLXQtFmoLG3bX
-Ri/hMOpZyQ/aQ8a/Sw4xnK6ACruG0O6RDZpyPo3EvAhD0jG6Biu2J7rxu1YiGvi0
-RjLavwocph5LAyPB
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server-certpol2.csr b/tests/hwsim/auth_serv/server-certpol2.csr
deleted file mode 100644
index 63ed9abae49e..000000000000
--- a/tests/hwsim/auth_serv/server-certpol2.csr
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDlTCCAf0CAQAwUDELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMIIB
-ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5lDRKAUnbNRC00LHzFOpa8Kj
-qyBvFzSd5B0x0MRoZULV6L2quOTp9u4udc1qjPaOqq9sfOs1UFWxwrP4p9AeozMm
-aEAgE3QIh++2OvF/PvV/k0R0N4vDiae6X0I5SiIgQGbGb3fPVD8FYd6rcfqfeG2X
-SuhgoBGqbLqdRGUY6OCP0d/alatBLGNl9kJC5h9CpBx0IEn01JIO4747Vf04aHQ6
-5N+aK5W/6dE4ixYkIDXbuNAVMC4vaiS54enntrW95g9Z3d+VnKsDtMVCgUhhzDwG
-F4VjbijL14jRzkDH/2FRrLu6I8lCp30nDR5TkM8iP1f1/xoFDJx6G/viR19Fy+6I
-paBUcYP309PFvLJ+haexGs+Ry4s5unwsnbLFecPggHMGME9dgVLiv0NVhV1kxJes
-6S1+MLXhUlBTDKwkjnuiV43/sQW6IzOmCKO0OEL2XNm8XXWVgv9NmttWLxs40lEF
-LJBi8Y5M7uobrqpTdIW6xsPCSzC94C7IrH4lzDJfAgMBAAGgADANBgkqhkiG9w0B
-AQsFAAOCAYEAe5pIVGtUDu9+vI7oIDAc/AkiPxCsM1W8r/geTQvGaP1FzuppXbo+
-i1U2iGTC2P/9ZJ+zMBbj7IVvPg9KWOnDP98BZB6iHSYOm6OYBsIpm9uSvET7qJ+M
-22xZe89abeYNFgDpKYJRasFEG3ze2HvNvZUolR8RYakTeBCwlO8snqiZgjJdwbFz
-0fVWqVoFCZN0AUvzfAeqFwZpZ9cQRETOB10DbVxnWe58mJgFckXwSynmxdP4o+9L
-QUq8HB9FMlUyn60usP121Wm1LC3tvJpecl4otQqu2nPnmhUWMMiBMRpPwOqB0fnn
-gfdqON5cligShTernXXtdBnXoeM+ZT2qayazuZ/3JD5ioVM2ZVVNRfPZTmDwF9+1
-w0TC4YfEuAHMfOAnfr+lOt0HI3lGIqTzbze7IPRK1mbfq6gOa0DzQw04vflLFVzx
-/f9S0K8sHeKj3DaaezCGY3T/rUMbmwT/pSNNK56zcddBcj/fFf+3NhcbC09U8V4h
-RBL7vBjsIWsH
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-certpol2.key b/tests/hwsim/auth_serv/server-certpol2.key
deleted file mode 100644
index 29e59dc94408..000000000000
--- a/tests/hwsim/auth_serv/server-certpol2.key
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDmUNEoBSds1ELT
-QsfMU6lrwqOrIG8XNJ3kHTHQxGhlQtXovaq45On27i51zWqM9o6qr2x86zVQVbHC
-s/in0B6jMyZoQCATdAiH77Y68X8+9X+TRHQ3i8OJp7pfQjlKIiBAZsZvd89UPwVh
-3qtx+p94bZdK6GCgEapsup1EZRjo4I/R39qVq0EsY2X2QkLmH0KkHHQgSfTUkg7j
-vjtV/ThodDrk35orlb/p0TiLFiQgNdu40BUwLi9qJLnh6ee2tb3mD1nd35WcqwO0
-xUKBSGHMPAYXhWNuKMvXiNHOQMf/YVGsu7ojyUKnfScNHlOQzyI/V/X/GgUMnHob
-++JHX0XL7oiloFRxg/fT08W8sn6Fp7Eaz5HLizm6fCydssV5w+CAcwYwT12BUuK/
-Q1WFXWTEl6zpLX4wteFSUFMMrCSOe6JXjf+xBbojM6YIo7Q4QvZc2bxddZWC/02a
-21YvGzjSUQUskGLxjkzu6huuqlN0hbrGw8JLML3gLsisfiXMMl8CAwEAAQKCAYEA
-z/4yNPManKTASKtpZjQzr3aSeiuLR6ij4msfHssRAEmwhkQrFljclbyZxpcg33aW
-drx/u/xqJEePhicjquE/meDKkaE/lnHWdnTb3DVV1dS9RpCuZ69Xgkwv+nEC7dkN
-yTtHf0jyusFDKhR+Piu4sng+Bk7/W+84OoL5Hdgy+7Q5Da8cZsfGzsBhR1ils86N
-T0nG8ZX4fbP9sFyOl2Rb+bDlsuXgA/Zz30OrzafMLi6VZDy+tckv1qqeF9A2CwHq
-avLsnqatMqZBbYkbo9munv2Fhs4z1KJQl6u3BifnFX4ZiP/tCBdc/Clgbr/dw2e+
-6GEclNT0eSiB9vUw3wHINRqnU35i8wIOmMJ7wG5q+PeRn8sEfkRSCshKjIfvBcHG
-G/rVmILERKMJQax2MavGWhYYtWEu5cMOdK3hDb7/0uODv1oJYQGp5qNom6U0efLK
-oD3la3E3KfYbCLdA1XBG8p9TcOFbm2hm7c1UFzBQ805JmR4SIvcR5gEkOadcTajp
-AoHBAP629szQlStD/1cHi4X9rQ7Nm2LqljLp6hVn+KOZztqEaT36HqU7247sII93
-axMLVMRxebK5gZ5H/UF9M/75MWoUvnlbkWPPeRdr2HJUc/h7HbV/V79NSjfLBFqG
-kX6Gx6V4PQg3dww/FPJBQuRP84gUFMDvMhoXutjVY5aoCPwyiez7qEEYjyyyIEFW
-JKRgqp1LMHH/yOWvytOdjNhTlx9AMnAyNa8LJWtxPgqtZIN4ifjPbytdZfVA6y8Y
-hZanwwKBwQDnelWxu9QxSOT9kCMWRtdkb2e04NyyDSN4XHv0UQ5tfGYnphE7cjIL
-9wmutI16mueKSkO2pECjKSnsraEwXAxMazwFjHZmq5c6LzxZ1HpmnW+31vHu5Q9R
-t9oB9eY6nrNmPtSur5bfRzC7qzBJtrjNEmzJ2aS71yMC0cuZvmjko9t0U48qbgJv
-zoOUuyCmz5PK1dOd0OyzH11XsRzfcf/nOqZUhQ0zaG0WSewmbqpVW2PsxkIEYlr6
-0hGtSjG2PTUCgcEAp4Py6h5fjDXLDxSCORvtnaexAqvfHhrifTOEvSuhc+rTQBRn
-5SlpqyQ2AcR64ep41D0A2X7Q9STJNTG/aXe/fNGptyx2gNro+3NMxVwvbQKjNkNK
-lSCip/DXqyWHOFwxnuxlzyqTG7W889nhwT+nnR3/zCdDnw9uLb6hIWrfheVC+l1D
-eZRKTQ3U0sNxk72TV6EkekTLfetQDD44a+kFoWLaCRmsXrOI55FxSRph2WkD7GOX
-7EAflt0cDzwkV0F7AoHAbiVfO5imCuGl3SZGG+aPvcHpNj+9pJft5esULJiZZe3I
-6lryXjgjql/d4p0VqV6miL535CPaggknYvDn/4v9aiuovvcsrARAjLZHYHNj3wpR
-S8hjDQtAM+FpQn+RExnLQf7p00nIX+yPOu3lp13kJ+j5jT8cTSm9Bi1wVXMulIWH
-+p18RXNdg3hgUliM2/NwXxdKgBEXYNCu6PhlRcoIPC5DUXqSYoDxT6bTUSJduQoo
-zVU1usJWin2FXdEtQIt1AoHAG0JIyXgEjYlLd7neRUvMT19CyJ7H5pipRBNGPmqY
-0rTsXxPo3htYCJnPd3/vSVZ6YMhztWN9PxVcv4zyo5AkoYwXIoFezUy5Gs/81eZW
-H8TTvo/sZRwdRPfN8a8eULFVUByBrVx5+2fXEQvq6FrlI056WWNb2LbBy9V5+37I
-3DQASpLlDDFdMVXtADPDoVoSJbiDcoA9Y3KCJ4a9qgLBCzMjZRAzoCobaTjmcut4
-1Peox0uGkHST86FZUyHbn9C5
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-certpol2.pem b/tests/hwsim/auth_serv/server-certpol2.pem
deleted file mode 100644
index cc8ff5789e4a..000000000000
--- a/tests/hwsim/auth_serv/server-certpol2.pem
+++ /dev/null
@@ -1,102 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:70
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=server-policies2.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
-                Modulus:
-                    00:e6:50:d1:28:05:27:6c:d4:42:d3:42:c7:cc:53:
-                    a9:6b:c2:a3:ab:20:6f:17:34:9d:e4:1d:31:d0:c4:
-                    68:65:42:d5:e8:bd:aa:b8:e4:e9:f6:ee:2e:75:cd:
-                    6a:8c:f6:8e:aa:af:6c:7c:eb:35:50:55:b1:c2:b3:
-                    f8:a7:d0:1e:a3:33:26:68:40:20:13:74:08:87:ef:
-                    b6:3a:f1:7f:3e:f5:7f:93:44:74:37:8b:c3:89:a7:
-                    ba:5f:42:39:4a:22:20:40:66:c6:6f:77:cf:54:3f:
-                    05:61:de:ab:71:fa:9f:78:6d:97:4a:e8:60:a0:11:
-                    aa:6c:ba:9d:44:65:18:e8:e0:8f:d1:df:da:95:ab:
-                    41:2c:63:65:f6:42:42:e6:1f:42:a4:1c:74:20:49:
-                    f4:d4:92:0e:e3:be:3b:55:fd:38:68:74:3a:e4:df:
-                    9a:2b:95:bf:e9:d1:38:8b:16:24:20:35:db:b8:d0:
-                    15:30:2e:2f:6a:24:b9:e1:e9:e7:b6:b5:bd:e6:0f:
-                    59:dd:df:95:9c:ab:03:b4:c5:42:81:48:61:cc:3c:
-                    06:17:85:63:6e:28:cb:d7:88:d1:ce:40:c7:ff:61:
-                    51:ac:bb:ba:23:c9:42:a7:7d:27:0d:1e:53:90:cf:
-                    22:3f:57:f5:ff:1a:05:0c:9c:7a:1b:fb:e2:47:5f:
-                    45:cb:ee:88:a5:a0:54:71:83:f7:d3:d3:c5:bc:b2:
-                    7e:85:a7:b1:1a:cf:91:cb:8b:39:ba:7c:2c:9d:b2:
-                    c5:79:c3:e0:80:73:06:30:4f:5d:81:52:e2:bf:43:
-                    55:85:5d:64:c4:97:ac:e9:2d:7e:30:b5:e1:52:50:
-                    53:0c:ac:24:8e:7b:a2:57:8d:ff:b1:05:ba:23:33:
-                    a6:08:a3:b4:38:42:f6:5c:d9:bc:5d:75:95:82:ff:
-                    4d:9a:db:56:2f:1b:38:d2:51:05:2c:90:62:f1:8e:
-                    4c:ee:ea:1b:ae:aa:53:74:85:ba:c6:c3:c2:4b:30:
-                    bd:e0:2e:c8:ac:7e:25:cc:32:5f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                4E:01:8B:7E:C2:77:94:E1:68:B3:C4:29:35:24:05:0B:DE:84:4A:89
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Subject Alternative Name: 
-                DNS:server-policies2.w1.fi
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.40808.1.3.2
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         58:a7:cd:3e:71:b1:2c:df:ab:0e:bb:37:68:95:6d:20:75:c0:
-         38:96:e2:56:eb:57:4a:d7:43:93:d2:28:a7:d9:82:ff:eb:aa:
-         03:c3:c4:06:09:04:1e:1b:f0:18:2a:27:32:30:22:97:93:21:
-         06:e8:2b:4f:73:dc:84:39:6f:e9:ad:2e:d6:e3:c1:e9:36:59:
-         aa:7c:d0:a5:3e:23:9a:bc:db:d9:bf:38:f6:21:ef:bd:0e:4b:
-         4d:4d:5d:0e:8a:ae:fe:d0:47:ae:8f:4d:fc:c2:bb:5b:8f:a4:
-         06:4d:0b:26:e3:9e:f8:dd:d1:e0:21:92:55:17:85:49:09:ad:
-         45:24:e5:05:55:68:b9:45:36:af:0d:b8:6f:eb:66:3d:fb:ab:
-         68:c4:d2:e7:7e:6a:a9:ad:23:4a:25:72:db:ae:96:03:a5:c7:
-         3f:a4:8e:f8:7c:16:5a:c4:32:53:9f:56:eb:a4:f1:99:dc:ac:
-         0b:4f:2d:0f:f1:03:ca:ba:b2:0b:6f:9f:4d:90:84:66:3a:a5:
-         b3:f0:a2:50:59:cb:1b:19:af:6d:62:95:73:a4:94:76:8d:3e:
-         18:49:72:be:42:a1:66:a6:ee:d7:08:51:da:8b:d8:d6:6d:36:
-         e2:2f:4b:78:74:2c:10:17:0c:84:16:14:ba:b8:10:28:dc:0b:
-         22:aa:40:93
------BEGIN CERTIFICATE-----
-MIIEWjCCA0KgAwIBAgIJANjT46bL481wMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMD4xCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWc2VydmVyLXBvbGlj
-aWVzMi53MS5maTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOZQ0SgF
-J2zUQtNCx8xTqWvCo6sgbxc0neQdMdDEaGVC1ei9qrjk6fbuLnXNaoz2jqqvbHzr
-NVBVscKz+KfQHqMzJmhAIBN0CIfvtjrxfz71f5NEdDeLw4mnul9COUoiIEBmxm93
-z1Q/BWHeq3H6n3htl0roYKARqmy6nURlGOjgj9Hf2pWrQSxjZfZCQuYfQqQcdCBJ
-9NSSDuO+O1X9OGh0OuTfmiuVv+nROIsWJCA127jQFTAuL2okueHp57a1veYPWd3f
-lZyrA7TFQoFIYcw8BheFY24oy9eI0c5Ax/9hUay7uiPJQqd9Jw0eU5DPIj9X9f8a
-BQycehv74kdfRcvuiKWgVHGD99PTxbyyfoWnsRrPkcuLObp8LJ2yxXnD4IBzBjBP
-XYFS4r9DVYVdZMSXrOktfjC14VJQUwysJI57oleN/7EFuiMzpgijtDhC9lzZvF11
-lYL/TZrbVi8bONJRBSyQYvGOTO7qG66qU3SFusbDwkswveAuyKx+JcwyXwIDAQAB
-o4HXMIHUMAkGA1UdEwQCMAAwHQYDVR0OBBYEFE4Bi37Cd5ThaLPEKTUkBQvehEqJ
-MB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUFBwEBBCkw
-JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAhBgNVHREE
-GjAYghZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMBgGA1UdIAQRMA8wDQYLKwYBBAGC
-vmgBAwIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAFin
-zT5xsSzfqw67N2iVbSB1wDiW4lbrV0rXQ5PSKKfZgv/rqgPDxAYJBB4b8BgqJzIw
-IpeTIQboK09z3IQ5b+mtLtbjwek2Wap80KU+I5q829m/OPYh770OS01NXQ6Krv7Q
-R66PTfzCu1uPpAZNCybjnvjd0eAhklUXhUkJrUUk5QVVaLlFNq8NuG/rZj37q2jE
-0ud+aqmtI0olctuulgOlxz+kjvh8FlrEMlOfVuuk8ZncrAtPLQ/xA8q6sgtvn02Q
-hGY6pbPwolBZyxsZr21ilXOklHaNPhhJcr5CoWam7tcIUdqL2NZtNuIvS3h0LBAX
-DIQWFLq4ECjcCyKqQJM=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server-eku-client-server.csr b/tests/hwsim/auth_serv/server-eku-client-server.csr
deleted file mode 100644
index 5546903e5649..000000000000
--- a/tests/hwsim/auth_serv/server-eku-client-server.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI2LncxLmZpMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CP0gBK+SmRNr5mvUu+N9XOaGigrkujUkCU+
-hUefycS5ejUkhC8eURZm06wx6vFjpEzqJvD6Ycef8nRpangJxcmJdNttuse2sfBh
-H+86HNXG/JVdmzfWW8s3k1ntUPJqogFcniKvOjHZ7uszSZNORu6de4aG2isd+fOi
-AX0NVRw7Z+nJ+7ypUkxKIYVoUC/kBcE/4LOjJdRsLmF8ndXak7sZ/uq/8sj53N5I
-VOH+1LWUWj8sK4yxbO86sNIMLBN1YduXa/pr+Z33FKo1cthMC6FcCMWH1OSHHWsK
-UB+1Dj+7NovG4L0eGuEc8zekkWVMQ7SezBthaAm9HqthvcGRcQIDAQABoAAwDQYJ
-KoZIhvcNAQELBQADggEBABgknYle2ID7r8gu0VCYupOKsdU0CIfxqozbW2REuWnO
-W5EYv/oma1ONr3DPr/pLfeCVxtqRLNBC4UAi6Pxsn4A8kxm93voZ2/9b+fvwfrqo
-yKgo2X2+fn/k3IeRvKdq8o3frVzdBZmVv1irbrXeel7IRyjvG6nqwoT5jhCI4F8m
-iAht0otWVPdyuIXmHsofB6wgkmFw8AqHIuKS2gl8zeByGkfO/bCFrv1G2rEacyjt
-/pLaeI2VYZW5i+JvoAXSqAzV6xpc13Tts4MlQhSw8diE/NVsw7uBuJQaiE+vpgvm
-1jmcmIttnkZmvkhvdW3P62OttNVGiyBfq/GVPhOfeKE=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-eku-client-server.key b/tests/hwsim/auth_serv/server-eku-client-server.key
deleted file mode 100644
index 42103e4ae907..000000000000
--- a/tests/hwsim/auth_serv/server-eku-client-server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQI/SAEr5KZE2v
-ma9S7431c5oaKCuS6NSQJT6FR5/JxLl6NSSELx5RFmbTrDHq8WOkTOom8Pphx5/y
-dGlqeAnFyYl02226x7ax8GEf7zoc1cb8lV2bN9ZbyzeTWe1Q8mqiAVyeIq86Mdnu
-6zNJk05G7p17hobaKx3586IBfQ1VHDtn6cn7vKlSTEohhWhQL+QFwT/gs6Ml1Gwu
-YXyd1dqTuxn+6r/yyPnc3khU4f7UtZRaPywrjLFs7zqw0gwsE3Vh25dr+mv5nfcU
-qjVy2EwLoVwIxYfU5IcdawpQH7UOP7s2i8bgvR4a4RzzN6SRZUxDtJ7MG2FoCb0e
-q2G9wZFxAgMBAAECggEAL7pO8p9Zq01c0wt2vJnZ/5LGn4DenQ1u0K75qy5FYcsO
-jQtqmDUFyqpMYfV2bN11b9ODTfKsN4fDEaHIGnX0J7qTHozCmLX7Gsp4Ow5sUPhk
-bL8De/hN2za6Q7u3Q3yTHxsY1do2PC36P2MHm7N/m5xT2GN8wMJqWUqYt6apS/6H
-c2UkjhopRH17WhIEIvWLhZ6IYahRpaDk6zlYTwbVJ/0T/mmK/Wmpmr/aeSVkG980
-MQUHugdOrrkV8+WFxlzzpIRa+3XFmxXNOuhXemz23tS4JEBsD0gdesvoWuszqysd
-1n+W5j+OpksiF1DFWSuMKFFqurd91yjOhAsM5ex1kQKBgQDnjTpvSBTMDGNGm8qo
-9POjIqa/8zS0yzwYLB4/pzym5eaIEOAq+H0W+EU8h5zes3E1lGLKO/2iT3lWTxzo
-E7Fq9I2AbzMSgyZiEJq6IfiLMRhh51sPTGX+KIjC44fdfofdTc2GNePsf/IP+JGy
-DPv/8mU+j0heSwyLZJCSvoNdCwKBgQDmHe2z6MIb2Rze3vgJERIrTRfxyRjwKRUd
-xI7QEe/fRjhlCNyzP9sQZzJFXNean4qNg0SOGy8+KjTgI+n9HxUTvLADxnVtey3I
-G78JVu5QJ4onJ3iAlCSlY6exiY9ZQjI6akCC748t03WNLQXO6lUsopLZqOx8oP+M
-84UFoNjA8wKBgERiTj6tQA8fHXat7gVGCmpEgpCv6AH4/6934BsWbfAwd4v5x+qI
-5pCRFAmTV33h6u5S+3YUj4yPAhu+U6AqqLwYq22h6ahu+Tf/BWMxQzEAd936MMds
-3bZZDELaZbbBdqiiIK+hXMXs53VWCNlXwljNop7+O/Y1HehQ8+2SvEMPAoGBAJhn
-5//Iv46MHBfr2qC+oqb1F0+2nYKp4udlQCTETHc23bDkzq8VMrRJdL0FwXISCkSx
-VN09Weu1LnHot1dCl8YLqRPHBAzvkSHAZqT74zhJB7Ho7WFTPHYha3YlIkC+m9+e
-cX2GxfBW5bsLv5YMEz9NqS7pNz9PrhEfU9GndwdLAoGAJ4f7qIUTweLL+295Q/dx
-lGlBzkTkfw0kiEEOgWwjXbox1NJnsfrneGvPgccTeMtimtkGk/vTUtIuo4EDwjJ7
-mcUnhXIgHGngx8bOzt4G3RGOLAaf1l+IcBhxqLJFhArDZYSVYMQ6vwwRuyXfO+I9
-4It3NqEusGrCV/ydOmKtXEg=
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-eku-client-server.pem b/tests/hwsim/auth_serv/server-eku-client-server.pem
deleted file mode 100644
index 6286160390f0..000000000000
--- a/tests/hwsim/auth_serv/server-eku-client-server.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:6d
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=server6.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:d0:23:f4:80:12:be:4a:64:4d:af:99:af:52:ef:
-                    8d:f5:73:9a:1a:28:2b:92:e8:d4:90:25:3e:85:47:
-                    9f:c9:c4:b9:7a:35:24:84:2f:1e:51:16:66:d3:ac:
-                    31:ea:f1:63:a4:4c:ea:26:f0:fa:61:c7:9f:f2:74:
-                    69:6a:78:09:c5:c9:89:74:db:6d:ba:c7:b6:b1:f0:
-                    61:1f:ef:3a:1c:d5:c6:fc:95:5d:9b:37:d6:5b:cb:
-                    37:93:59:ed:50:f2:6a:a2:01:5c:9e:22:af:3a:31:
-                    d9:ee:eb:33:49:93:4e:46:ee:9d:7b:86:86:da:2b:
-                    1d:f9:f3:a2:01:7d:0d:55:1c:3b:67:e9:c9:fb:bc:
-                    a9:52:4c:4a:21:85:68:50:2f:e4:05:c1:3f:e0:b3:
-                    a3:25:d4:6c:2e:61:7c:9d:d5:da:93:bb:19:fe:ea:
-                    bf:f2:c8:f9:dc:de:48:54:e1:fe:d4:b5:94:5a:3f:
-                    2c:2b:8c:b1:6c:ef:3a:b0:d2:0c:2c:13:75:61:db:
-                    97:6b:fa:6b:f9:9d:f7:14:aa:35:72:d8:4c:0b:a1:
-                    5c:08:c5:87:d4:e4:87:1d:6b:0a:50:1f:b5:0e:3f:
-                    bb:36:8b:c6:e0:bd:1e:1a:e1:1c:f3:37:a4:91:65:
-                    4c:43:b4:9e:cc:1b:61:68:09:bd:1e:ab:61:bd:c1:
-                    91:71
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                AB:D2:88:CA:9C:44:26:89:2E:C0:B9:8D:46:DD:5C:69:02:9E:01:CB
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication, TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         97:a5:19:d6:b9:1e:74:53:d4:38:5d:95:2a:8c:6f:88:10:c4:
-         47:28:29:4e:08:65:51:8f:af:34:1e:17:7a:62:7c:8e:f4:c4:
-         6d:ed:94:a9:fa:03:85:9d:7d:01:f8:e3:03:a4:a7:52:0c:6e:
-         46:db:de:44:bc:ce:b3:5a:fc:72:01:a0:b2:49:b2:b2:ce:de:
-         46:d4:68:d7:70:94:7b:48:b9:c9:6c:78:d3:68:3d:4f:66:15:
-         7d:99:ac:65:70:0f:62:ed:b5:a5:b4:69:c4:bc:57:f5:ea:1d:
-         3c:cd:99:36:6f:86:bc:57:69:76:58:fd:15:5d:8d:ed:0c:ca:
-         d8:bb:8e:7d:72:39:ff:04:e9:35:88:88:fa:5c:d7:f5:10:f5:
-         19:4f:2d:90:2f:f3:82:36:7f:4f:45:c5:98:97:f5:f0:61:86:
-         64:ce:b7:24:98:85:f1:59:59:67:ee:51:d0:e7:37:fb:2f:a7:
-         5d:a5:91:a3:f9:97:a8:54:4d:df:ec:22:d1:3e:0e:4d:5c:40:
-         11:2a:43:7d:69:36:73:5e:be:c8:73:d4:74:99:5f:c8:87:c1:
-         99:c0:e6:38:af:f2:8c:39:b7:65:90:a8:58:fa:a2:99:69:e6:
-         ad:77:3e:94:fc:82:38:cf:5f:17:77:e8:4e:6a:8b:75:21:ce:
-         9b:7f:6c:00
------BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIJANjT46bL481tMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5m
-aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAj9IASvkpkTa+Zr1Lv
-jfVzmhooK5Lo1JAlPoVHn8nEuXo1JIQvHlEWZtOsMerxY6RM6ibw+mHHn/J0aWp4
-CcXJiXTbbbrHtrHwYR/vOhzVxvyVXZs31lvLN5NZ7VDyaqIBXJ4irzox2e7rM0mT
-TkbunXuGhtorHfnzogF9DVUcO2fpyfu8qVJMSiGFaFAv5AXBP+CzoyXUbC5hfJ3V
-2pO7Gf7qv/LI+dzeSFTh/tS1lFo/LCuMsWzvOrDSDCwTdWHbl2v6a/md9xSqNXLY
-TAuhXAjFh9Tkhx1rClAftQ4/uzaLxuC9HhrhHPM3pJFlTEO0nswbYWgJvR6rYb3B
-kXECAwEAAaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBSr0ojKnEQmiS7AuY1G
-3VxpAp4ByzAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
-BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
-HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IB
-AQCXpRnWuR50U9Q4XZUqjG+IEMRHKClOCGVRj680Hhd6YnyO9MRt7ZSp+gOFnX0B
-+OMDpKdSDG5G295EvM6zWvxyAaCySbKyzt5G1GjXcJR7SLnJbHjTaD1PZhV9maxl
-cA9i7bWltGnEvFf16h08zZk2b4a8V2l2WP0VXY3tDMrYu459cjn/BOk1iIj6XNf1
-EPUZTy2QL/OCNn9PRcWYl/XwYYZkzrckmIXxWVln7lHQ5zf7L6ddpZGj+ZeoVE3f
-7CLRPg5NXEARKkN9aTZzXr7Ic9R0mV/Ih8GZwOY4r/KMObdlkKhY+qKZaeatdz6U
-/II4z18Xd+hOaot1Ic6bf2wA
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server-eku-client.csr b/tests/hwsim/auth_serv/server-eku-client.csr
deleted file mode 100644
index 8fe7071e1291..000000000000
--- a/tests/hwsim/auth_serv/server-eku-client.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI1LncxLmZpMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZRggLjIYRiMAp3czMR00Re1O0ecOA87knT7
-6idFRIqaKk0QJY53zhoJyXMZ/txwNl6M+o9MhLv3cuSUT/xHKn2JkqMrWmmcyFoQ
-OTJhfQp4GbQ266xM1q91ABROFS9fg+5i9ax7DIG6ogg2e/DvYzFi+4amz9o2g0SN
-dSi25BDzMt2KbFvuT/EeUwsTfMe8954ygB5jPpJ1L8UhXvAqrOI05BeyNPfoKhKK
-IbgD57bY+DK1/nFFUpjeuT1B9ZCldoPBGMpQXSxSi25Pp1u72OMUJXDe0cedWc8k
-Rsf1bm+DZu0bHT5RBJRnZN9RIjzA4SQKN2rcaov9RVuWLQOsYwIDAQABoAAwDQYJ
-KoZIhvcNAQELBQADggEBAGDFw8louhTAswtYHa+aFvsSEB209lYFdHxn3wohbK1r
-q3IPcuTiQdZR2jEllGVaXZC6eAkYO8iD+NL/iCteUivY6Jqrd5cM0IAzPLuNe89O
-SSnPqUep59LObZUAsW/KaOB75xsLbm68fG2NmwOBB+8ZCRvQowcbY6nEAgaFM46V
-UxOHr3ZdluhAyVIikmZLmXEbv5OaXZfc3PiifJIDgAmMf9ePjm6QZEQJ5RdBxlWT
-IhU0rz9haagA13hXWurUCo8gWZoQqqCinjxLu0dV62kVCgq5Bk8HE4gvswJvCqME
-TKEpPJBjmKGTeU1BbFWy6nrirsCVPybj841pMQkSWHY=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-eku-client.key b/tests/hwsim/auth_serv/server-eku-client.key
deleted file mode 100644
index a43976ccd97a..000000000000
--- a/tests/hwsim/auth_serv/server-eku-client.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCllGCAuMhhGIwC
-ndzMxHTRF7U7R5w4DzuSdPvqJ0VEipoqTRAljnfOGgnJcxn+3HA2Xoz6j0yEu/dy
-5JRP/EcqfYmSoytaaZzIWhA5MmF9CngZtDbrrEzWr3UAFE4VL1+D7mL1rHsMgbqi
-CDZ78O9jMWL7hqbP2jaDRI11KLbkEPMy3YpsW+5P8R5TCxN8x7z3njKAHmM+knUv
-xSFe8Cqs4jTkF7I09+gqEoohuAPnttj4MrX+cUVSmN65PUH1kKV2g8EYylBdLFKL
-bk+nW7vY4xQlcN7Rx51ZzyRGx/Vub4Nm7RsdPlEElGdk31EiPMDhJAo3atxqi/1F
-W5YtA6xjAgMBAAECggEAJ+QYX8qk0+ejC5pWsKp/7kQE8JQvCb55vq4aZu4xHPM7
-cwd/5VxudqQFSZhGYgVfr2mWE2NkrvHOCssRBDgmORFnjIFtF2osUISKNg1yOTrF
-doPZW2v2Ux6QVIWPzkDMhS9wffmg54F1okXSQofoVIB4dVqaY6cRzQw9/ETj0wvz
-JwSstS76VbTZSzXl/IMMiIlGLq2o4SVmTDgK5Uz8ouOIIzoVG4tQCjtAPCfu1pG9
-VYTCfE1gnGFx1bl3p1yoh468h1PqyYqDgo9heyU+aYk21v/Rm0ARj2TSkJcSF5Cv
-Y3JUg1oaIMw7HxXEnkw+L3sqy9alGkJ33pbOAzva6QKBgQDO9H7ToPJysx2cO2/a
-Jk7OvoyQ0AMNG7lNS4crG9SvL0SbxfDdif9yaDlasT3T18uTMuRJRo6vF8v820LY
-HIdmBT6FxC+zwBRKnXMFtSrZIsl4zpOeHW2pOTM4So92K9NlSGOogQulzQyE8yeL
-kHAJmnAevUMyxgQ/S8xpTJrzfQKBgQDM0blWZ91B4VvqP7MzdjPHI1yXt5miEY9P
-ltTtTnmjFjvLweheoyYPW64tvxyRueEPNQB39BbYax3Zweg7TPng/lOMEwMG40dT
-a4LBMK74r0OLvPfds6jSGnENmyNkUZhTCf+hgXOMeiXGqjFAIPQoA+23tNNaDPRG
-emIjx69lXwKBgE4QmfqYPnwXpna1UObYBmgkJn/FhzEdoRNQByeystJ2IQola0sV
-796nA+N68hiD0Q2wZ75gOBhCALdbueYtNMG9/qyUqW3DaaQPqkCf6w7G+Xpxaet9
-rEzl/7UfIuhvdalB2h3It60OIMfRtLwHesuUjvB5ceyoFxgNLokV1Wk9AoGANMRD
-L1OK2RIqD+thS3zEUiV2EVAnsG09so91Q73X8IAl35SRPPBjOcmw0fBOd+yfYr+Q
-41ZrHE5cXmFqZvyp06Ex/QBY40licsdb5FGagk8E49dHNEK414ggYBT7xTiQObR1
-uzIShrphSRFHpvHWdQiuEYnweV6lABM/fWBQe5kCgYBJWEJSAkyp8L4TIlt41ctK
-MSjXuSwO1ktUYxQwIRZn/qcTxAAZLeE4Ow50Eoz7qtdMpn9/UdogpVpeZ9ZbSFSh
-2OD15rQJWVWs9ftgV8Ny3LzCdchmIw4/pRFMkK1ECog6F2WecwYUspEWgfGTy50V
-JyZlR6lQlgsLo0xLZJYyYA==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-eku-client.pem b/tests/hwsim/auth_serv/server-eku-client.pem
deleted file mode 100644
index af5c5c24eb86..000000000000
--- a/tests/hwsim/auth_serv/server-eku-client.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:6c
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=server5.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:a5:94:60:80:b8:c8:61:18:8c:02:9d:dc:cc:c4:
-                    74:d1:17:b5:3b:47:9c:38:0f:3b:92:74:fb:ea:27:
-                    45:44:8a:9a:2a:4d:10:25:8e:77:ce:1a:09:c9:73:
-                    19:fe:dc:70:36:5e:8c:fa:8f:4c:84:bb:f7:72:e4:
-                    94:4f:fc:47:2a:7d:89:92:a3:2b:5a:69:9c:c8:5a:
-                    10:39:32:61:7d:0a:78:19:b4:36:eb:ac:4c:d6:af:
-                    75:00:14:4e:15:2f:5f:83:ee:62:f5:ac:7b:0c:81:
-                    ba:a2:08:36:7b:f0:ef:63:31:62:fb:86:a6:cf:da:
-                    36:83:44:8d:75:28:b6:e4:10:f3:32:dd:8a:6c:5b:
-                    ee:4f:f1:1e:53:0b:13:7c:c7:bc:f7:9e:32:80:1e:
-                    63:3e:92:75:2f:c5:21:5e:f0:2a:ac:e2:34:e4:17:
-                    b2:34:f7:e8:2a:12:8a:21:b8:03:e7:b6:d8:f8:32:
-                    b5:fe:71:45:52:98:de:b9:3d:41:f5:90:a5:76:83:
-                    c1:18:ca:50:5d:2c:52:8b:6e:4f:a7:5b:bb:d8:e3:
-                    14:25:70:de:d1:c7:9d:59:cf:24:46:c7:f5:6e:6f:
-                    83:66:ed:1b:1d:3e:51:04:94:67:64:df:51:22:3c:
-                    c0:e1:24:0a:37:6a:dc:6a:8b:fd:45:5b:96:2d:03:
-                    ac:63
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                32:9F:9F:30:24:73:73:CB:8D:53:3A:80:23:EB:5B:5D:4C:DD:06:01
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         95:fa:5c:72:fc:2e:aa:a2:b4:f9:22:11:d2:84:33:91:f4:2c:
-         27:59:b9:2d:0c:46:b1:cb:58:2e:66:bd:ed:8d:f8:ad:45:a2:
-         37:7c:51:41:42:5a:ca:8a:c6:8b:3d:60:0f:6e:88:d9:44:25:
-         d2:e1:5c:92:fb:38:2e:90:a1:c4:d0:81:07:59:79:58:50:23:
-         f5:1d:f9:ac:11:99:51:eb:78:49:64:11:84:4c:ce:6f:6a:5d:
-         51:1d:2f:99:10:e9:f2:46:33:94:5c:8c:be:0d:26:bb:27:57:
-         e7:c8:f1:c3:9e:8f:10:04:2f:8a:a0:cd:39:af:01:1c:19:b0:
-         f9:da:38:6f:e8:2e:df:7d:ec:05:0c:09:bc:56:01:50:15:63:
-         50:a5:06:55:37:04:7e:74:a0:08:20:e3:29:c6:c3:36:87:76:
-         1f:f2:98:dc:cf:58:cd:c6:17:51:46:d2:ff:3a:97:4d:b2:27:
-         bb:8c:f0:13:79:53:2b:a7:cf:e5:88:7c:eb:33:b8:54:c4:2e:
-         64:de:34:af:4e:74:05:b1:13:fd:ed:54:60:2c:31:b8:7f:a6:
-         0d:4f:dd:9d:e3:0d:aa:ad:ba:0d:25:07:c2:0d:53:a8:f4:93:
-         37:75:60:2b:75:5f:db:53:d8:44:fd:4d:c9:91:4e:6a:ca:6d:
-         a5:ae:ba:74
------BEGIN CERTIFICATE-----
-MIIDlDCCAnygAwIBAgIJANjT46bL481sMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5m
-aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWUYIC4yGEYjAKd3MzE
-dNEXtTtHnDgPO5J0++onRUSKmipNECWOd84aCclzGf7ccDZejPqPTIS793LklE/8
-Ryp9iZKjK1ppnMhaEDkyYX0KeBm0NuusTNavdQAUThUvX4PuYvWsewyBuqIINnvw
-72MxYvuGps/aNoNEjXUotuQQ8zLdimxb7k/xHlMLE3zHvPeeMoAeYz6SdS/FIV7w
-KqziNOQXsjT36CoSiiG4A+e22Pgytf5xRVKY3rk9QfWQpXaDwRjKUF0sUotuT6db
-u9jjFCVw3tHHnVnPJEbH9W5vg2btGx0+UQSUZ2TfUSI8wOEkCjdq3GqL/UVbli0D
-rGMCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQyn58wJHNzy41TOoAj
-61tdTN0GATAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
-BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
-EwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAJX6XHL8Lqqi
-tPkiEdKEM5H0LCdZuS0MRrHLWC5mve2N+K1Fojd8UUFCWsqKxos9YA9uiNlEJdLh
-XJL7OC6QocTQgQdZeVhQI/Ud+awRmVHreElkEYRMzm9qXVEdL5kQ6fJGM5RcjL4N
-JrsnV+fI8cOejxAEL4qgzTmvARwZsPnaOG/oLt997AUMCbxWAVAVY1ClBlU3BH50
-oAgg4ynGwzaHdh/ymNzPWM3GF1FG0v86l02yJ7uM8BN5Uyunz+WIfOszuFTELmTe
-NK9OdAWxE/3tVGAsMbh/pg1P3Z3jDaqtug0lB8INU6j0kzd1YCt1X9tT2ET9TcmR
-TmrKbaWuunQ=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server-expired.csr b/tests/hwsim/auth_serv/server-expired.csr
deleted file mode 100644
index f06a33da1426..000000000000
--- a/tests/hwsim/auth_serv/server-expired.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI0LncxLmZpMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHfxPmbn/AtR+dijri/2SnU4PtRHe9YkMrTI
-2eDQpRL0iaeJAdlUQ86BSr3tFvN8wWc2i3NNIZHnS350xTsVuMZGfqmikcP1kLPP
-+Qzrum/uuat3PQOenXcHv5dq1E222v02VCXjCSaJf6ERwfbcvlxXqOZFVz2YFAZy
-rOnIgQY4nM/NCg54Tp57EMJhpUPvNBbfPOCjRHdIzb7kecsxOZ9T3aMOdlpsJF5W
-NZuifbOeQvFhnOieHLiaEB4yKSHLMBbgAxH5iPKPBKXmp5xz4ZPYUS27RYOPtpNB
-OUGEX0utACWRPRYK6/C4kuBcdWWFF9KA5l5moqTfxwh2M0nPHQIDAQABoAAwDQYJ
-KoZIhvcNAQELBQADggEBAIeunczvT7br/9Jk6zARkS7gZpAeRckiMMPFHD1HLiFM
-ngU/PL4RD0TRF0cHGn+qJex7Ch97ZMHsGl0ECjXEL84UYnAdWGPddLv72XpeNX+d
-f/QTWg9jVrZGspI1he6jN9JghZatKDEPYrXhFv0JbxrA4LoUzV2qGgh2ALpmP0LV
-Xqje+tAoZbf8J7mba/Z2yqjJuJMxkOC+2cCUvN07+ndCGbixtzT2wZfPlVkp/af2
-HJyduA6qkLJWcrAER6jHaI3Cxq92u/H7D6Z++7v0vN8fV6inyZNadurUGY/VsIUn
-jorEWeP7v1UKgLXXqBTdP5YA0Gi3O0dx7iLGalbHV9s=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-expired.key b/tests/hwsim/auth_serv/server-expired.key
deleted file mode 100644
index 545beab67f03..000000000000
--- a/tests/hwsim/auth_serv/server-expired.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCwd/E+Zuf8C1H5
-2KOuL/ZKdTg+1Ed71iQytMjZ4NClEvSJp4kB2VRDzoFKve0W83zBZzaLc00hkedL
-fnTFOxW4xkZ+qaKRw/WQs8/5DOu6b+65q3c9A56ddwe/l2rUTbba/TZUJeMJJol/
-oRHB9ty+XFeo5kVXPZgUBnKs6ciBBjicz80KDnhOnnsQwmGlQ+80Ft884KNEd0jN
-vuR5yzE5n1Pdow52WmwkXlY1m6J9s55C8WGc6J4cuJoQHjIpIcswFuADEfmI8o8E
-peannHPhk9hRLbtFg4+2k0E5QYRfS60AJZE9Fgrr8LiS4Fx1ZYUX0oDmXmaipN/H
-CHYzSc8dAgMBAAECggEBAJjiMQUJDm6UOB8nCxd7wfrb9zCnpI6rBY1QhroMRXbe
-JzGjDdWmPZTJMcZZKTC7HhhInT7PU8GDsEj9c5j0CWudi7FsscVrajJFNibkhM1u
-7/m3jYQ0wJRXbUUVn53y/jpXKVxZvopM8s658rKCdtgNFHzlkql0WW7v7yXTHLx6
-AM+559Y+LZZ3jAndrHdEpM1vCAG0VE85Ycv+1lBqlFEOthrWDL16UX6BBK5mjUsZ
-QtSUzn8q5OfX8DVKOlZNA85+kdJAK2ysx13DApmFr9unvH0kKfp06sFMOLbV09dF
-kJSNmzWGthVU5oo9rln7L2ctLzjwYfYCC2x36WREI5kCgYEA29J6FYwptBCWBiep
-UnRmGD/9UWr77jyNfYSZpYq5WZZ5swHTdkIeBu6f/u43adLjqcggsWtDZKEMbaZG
-pE3K+8NRUvw2NOt0oBVtYvSyAuDLlOroA3CcEu8089dnojSnENQe6vSsUh54qe5i
-LS7VdJGv2LyT7828Df0JhLL93CcCgYEAzYLk9DTZ5rIQ7AIhyW+IoduQUWhnfS/j
-usueMnvkpuYf+mVtbl1Xn8HiJPaiLrjwu/VSE5zim1tHEXRRhw4euG6p5s1V28S+
-mSOHr+jgLFZQ2hRKZKaV/8ayWJYYtLQ6E7n61mwvoeXUfOnRrP2/drWjJ9MUYt+/
-oTfS7eATERsCgYBfIYVoEdJydMMYQs3KO0l7sSWluJDylw38hgggVhrEpJRiXaXw
-BckM4vQm1Vzx1Sxla5CKd4sg33mLcmwb6vavYeWt7ixfVo6QQPWn35GyISq5dbeW
-1YMVxqO56zyUPAkZBVOkBuMUXs+Fav7d4ujJm8roFyRGoViDDUCzRusJ/QKBgQDF
-z0zjRg/K/vBMyoyM4D8qVDVoNk8Ob08KmDzwKNJgVzbGhGQ9i7jwu+UZYQ+gW0DU
-GgBjgmmX0dbpFQX4Mf4d1d7RmikfPROcQVe0WTmVU4vFLSyiDrpolG9L10V2gdc4
-75ViWIXMlnTduw2oLiHheFnP1ltUBDvmSN5NOpX/qwKBgQCmAR9C6xL68ZFO6HR1
-wswgZEDks4Da1ibWm8uw54YmdT5nG8CakhGwzLcS0Np3xvQ1WgUA1ic2XnHXHwuI
-piU5MbI8+O0hdPQLG4meuZeWINt3QDH5OzuwPCwhZCZkrpG9IfrIAaaaltKHaLMC
-bBd+f4vilJMr+V+VPOKFoUBibg==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-expired.pem b/tests/hwsim/auth_serv/server-expired.pem
deleted file mode 100644
index 301ff6082ad3..000000000000
--- a/tests/hwsim/auth_serv/server-expired.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:6b
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: Jan  1 00:00:00 2020 GMT
-            Not After : Jan  2 00:00:00 2020 GMT
-        Subject: C=FI, O=w1.fi, CN=server4.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:b0:77:f1:3e:66:e7:fc:0b:51:f9:d8:a3:ae:2f:
-                    f6:4a:75:38:3e:d4:47:7b:d6:24:32:b4:c8:d9:e0:
-                    d0:a5:12:f4:89:a7:89:01:d9:54:43:ce:81:4a:bd:
-                    ed:16:f3:7c:c1:67:36:8b:73:4d:21:91:e7:4b:7e:
-                    74:c5:3b:15:b8:c6:46:7e:a9:a2:91:c3:f5:90:b3:
-                    cf:f9:0c:eb:ba:6f:ee:b9:ab:77:3d:03:9e:9d:77:
-                    07:bf:97:6a:d4:4d:b6:da:fd:36:54:25:e3:09:26:
-                    89:7f:a1:11:c1:f6:dc:be:5c:57:a8:e6:45:57:3d:
-                    98:14:06:72:ac:e9:c8:81:06:38:9c:cf:cd:0a:0e:
-                    78:4e:9e:7b:10:c2:61:a5:43:ef:34:16:df:3c:e0:
-                    a3:44:77:48:cd:be:e4:79:cb:31:39:9f:53:dd:a3:
-                    0e:76:5a:6c:24:5e:56:35:9b:a2:7d:b3:9e:42:f1:
-                    61:9c:e8:9e:1c:b8:9a:10:1e:32:29:21:cb:30:16:
-                    e0:03:11:f9:88:f2:8f:04:a5:e6:a7:9c:73:e1:93:
-                    d8:51:2d:bb:45:83:8f:b6:93:41:39:41:84:5f:4b:
-                    ad:00:25:91:3d:16:0a:eb:f0:b8:92:e0:5c:75:65:
-                    85:17:d2:80:e6:5e:66:a2:a4:df:c7:08:76:33:49:
-                    cf:1d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                21:B0:31:C6:14:D4:BD:5C:DF:70:24:51:34:9E:93:F5:18:B3:1C:A1
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         55:80:01:89:67:34:7c:4b:99:71:f5:5e:49:ea:51:f4:21:a4:
-         0f:3d:85:1c:ac:70:bf:a6:ef:50:85:de:df:1f:c6:93:44:3a:
-         0b:4d:e9:d9:25:e4:23:4b:c6:d5:6d:bc:ad:19:bc:be:05:e7:
-         5a:16:c5:6b:97:b4:8c:fc:9c:4e:52:3d:73:58:9e:df:0d:1f:
-         ae:a5:95:59:ed:5b:d6:8f:02:aa:c1:76:81:66:c9:46:f6:c3:
-         18:f2:a9:fb:e3:42:92:09:5f:7c:82:2e:fb:21:96:93:d1:63:
-         56:1e:3f:68:d4:96:f0:a7:2d:2f:f1:f1:39:ff:2a:56:1b:59:
-         4a:7a:b2:e9:11:ad:c0:66:59:ae:b5:d4:88:ce:65:d7:98:d8:
-         bf:77:96:9d:50:59:1b:28:6f:e7:0c:c5:dc:99:55:2e:62:11:
-         19:f2:bc:22:f9:35:91:7b:c5:ea:59:48:be:b1:90:a2:b6:5c:
-         f4:da:3a:48:98:7a:9a:74:55:f3:85:bb:ab:31:8b:d1:75:68:
-         f0:c3:dd:f1:ba:42:c7:4b:43:18:77:77:32:c1:80:61:22:48:
-         39:39:5c:ad:c0:b0:3a:73:5f:43:89:8e:32:40:3d:48:c7:dd:
-         20:d3:ba:15:b4:ac:0a:b4:86:0e:34:53:21:e5:91:c8:8e:56:
-         6e:9f:ce:62
------BEGIN CERTIFICATE-----
-MIIDlDCCAnygAwIBAgIJANjT46bL481rMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMDAxMDEwMDAwMDBaFw0yMDAxMDIwMDAwMDBaMDUxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNC53MS5m
-aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB38T5m5/wLUfnYo64v
-9kp1OD7UR3vWJDK0yNng0KUS9ImniQHZVEPOgUq97RbzfMFnNotzTSGR50t+dMU7
-FbjGRn6popHD9ZCzz/kM67pv7rmrdz0Dnp13B7+XatRNttr9NlQl4wkmiX+hEcH2
-3L5cV6jmRVc9mBQGcqzpyIEGOJzPzQoOeE6eexDCYaVD7zQW3zzgo0R3SM2+5HnL
-MTmfU92jDnZabCReVjWbon2znkLxYZzonhy4mhAeMikhyzAW4AMR+YjyjwSl5qec
-c+GT2FEtu0WDj7aTQTlBhF9LrQAlkT0WCuvwuJLgXHVlhRfSgOZeZqKk38cIdjNJ
-zx0CAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQhsDHGFNS9XN9wJFE0
-npP1GLMcoTAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
-BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
-EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAFWAAYlnNHxL
-mXH1XknqUfQhpA89hRyscL+m71CF3t8fxpNEOgtN6dkl5CNLxtVtvK0ZvL4F51oW
-xWuXtIz8nE5SPXNYnt8NH66llVntW9aPAqrBdoFmyUb2wxjyqfvjQpIJX3yCLvsh
-lpPRY1YeP2jUlvCnLS/x8Tn/KlYbWUp6sukRrcBmWa611IjOZdeY2L93lp1QWRso
-b+cMxdyZVS5iERnyvCL5NZF7xepZSL6xkKK2XPTaOkiYepp0VfOFu6sxi9F1aPDD
-3fG6QsdLQxh3dzLBgGEiSDk5XK3AsDpzX0OJjjJAPUjH3SDTuhW0rAq0hg40UyHl
-kciOVm6fzmI=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server-extra.pkcs12 b/tests/hwsim/auth_serv/server-extra.pkcs12
deleted file mode 100644
index d9cd6e2ff0be..000000000000
--- a/tests/hwsim/auth_serv/server-extra.pkcs12
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/server-long-duration.csr b/tests/hwsim/auth_serv/server-long-duration.csr
deleted file mode 100644
index 6324b778fa5b..000000000000
--- a/tests/hwsim/auth_serv/server-long-duration.csr
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIEjDCCAnQCAQAwRzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI3LncxLmZpMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAvxDC67+9DyFoRCZ41pAP3pxneAdvLjThUaY0
-bh1P8R8at5N6GgE2BNTjNfCbUo3MLYCTaDcACV/hDYo1dPXuHhZpkxZHqpPKaKc5
-bbXbVz1FY4k4nj5XOdi9TLKgqyefSTjGxfTojYs3up8PGqADdNh3lKTdNomrGl7W
-elrLv0AEkWqchPOBN6amSZH+aeyAoluyBBFXtuRoIurZG0zB+dOiKLG16bROCCU3
-ZIIUG9Lcdfj0SN658zWULWmxPESx9wgacUFMdMlwwXsJWP3hc206cMg6ue600Od9
-70j6+4Hv5P45h03cScAV7JDiDeqdqcAZQNbHc0NulROyDQ6Qwr8r2S2chUgqxUCe
-N2fP5xuVwiav4GGiplEHMxU1NnQz/HT4RoA2bTnfJLGoCwWFvmIc0I4JWikMSJ2B
-vMX39Mmcq+kTbhFZkMqWr8aQGPc+WFHkv9EeIFyXBtHPYRtn9WEAhwKQWs4tyzWx
-lmrZ/keQA7ddxz1IwF4quWbsNrjs3Q90MmVQLLfcGkdrSTMo9jc91Q17MHmG3dXX
-w4tV+oysWMivlBwDhosGngW5tfgUGBS2PiSV+JvEQGT3ooMR7LegH0yUrjMPvtTo
-4mtUu3Hypu8HXxM1Zja2MGQV0mDwxM6LfSuxiKI/WLdQfbuUpDl734zsZMjFjYZU
-b/GHk1ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQCFXmnZDE5Nyumifcrtxblr
-PyO2zktJmwwpJZJfzz0iCdtdx2fbrjbg18wLrfCAQA1VAFFv9rvq5Z9gx4FdBitR
-NLH6xWK2nFDJl8OqPW4cFmiuO90OVGayp3ZdYaJMLQOMN2V7TSvap/RBqXtfznRL
-7Ftqyn1Fryhtt6OcDf4JSSN60MwLH141bR2M0cMm0fU/A+S5XCGh+7s9m+wOjbRO
-h4AGxrIcB4vV76ljt2jVTRukTECndxtwPqtmZIP6+h4Ichh/zapwoXPxXOfo0afi
-dRnu7CXlN36rHk6rr8PhIp+kjArRDBDHJ9Agk1zudzTbK1yOEr6bX7MBtyEvvcfO
-NRO8VDKGJSeHjmeDP0LdJeyl3bOpwaS4aj+iKykN4SlA6S/3rZptJczsYtKQP46w
-HAWEZ2N+HBtClP4KJYn9lcQdsqVmBBAbrET2ttbtu+PnBD7FeQZmjxPBVXu0K8FC
-BwWMFWdAZTjOOz+AP41KBw2/kKSYlx/WBH2Ort1pKIuUr+kLEuYHnXU5+EMDJOnY
-Z4L+1zQbVz92mhOL9CbdCqgbxJ0eZjKV+LInLjgQhqD8mIV6pq/lbNlVs2om2JQS
-byRGe6baceitwjfMi/kO58JkYoZS2nvcBb4XZ3foogN+I8PIL5oGOpXGcSmuZHfL
-5fjSUaTpPgNeNHSUWxgKng==
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-long-duration.key b/tests/hwsim/auth_serv/server-long-duration.key
deleted file mode 100644
index 3ae384507a4a..000000000000
--- a/tests/hwsim/auth_serv/server-long-duration.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC/EMLrv70PIWhE
-JnjWkA/enGd4B28uNOFRpjRuHU/xHxq3k3oaATYE1OM18JtSjcwtgJNoNwAJX+EN
-ijV09e4eFmmTFkeqk8popzlttdtXPUVjiTiePlc52L1MsqCrJ59JOMbF9OiNize6
-nw8aoAN02HeUpN02iasaXtZ6Wsu/QASRapyE84E3pqZJkf5p7ICiW7IEEVe25Ggi
-6tkbTMH506IosbXptE4IJTdkghQb0tx1+PRI3rnzNZQtabE8RLH3CBpxQUx0yXDB
-ewlY/eFzbTpwyDq57rTQ533vSPr7ge/k/jmHTdxJwBXskOIN6p2pwBlA1sdzQ26V
-E7INDpDCvyvZLZyFSCrFQJ43Z8/nG5XCJq/gYaKmUQczFTU2dDP8dPhGgDZtOd8k
-sagLBYW+YhzQjglaKQxInYG8xff0yZyr6RNuEVmQypavxpAY9z5YUeS/0R4gXJcG
-0c9hG2f1YQCHApBazi3LNbGWatn+R5ADt13HPUjAXiq5Zuw2uOzdD3QyZVAst9wa
-R2tJMyj2Nz3VDXsweYbd1dfDi1X6jKxYyK+UHAOGiwaeBbm1+BQYFLY+JJX4m8RA
-ZPeigxHst6AfTJSuMw++1Ojia1S7cfKm7wdfEzVmNrYwZBXSYPDEzot9K7GIoj9Y
-t1B9u5SkOXvfjOxkyMWNhlRv8YeTUQIDAQABAoICAEJ/OefExq7yaJB3d0ztvKg0
-dQpgRACn5Nd+6fZ8+yqnMaw8hp1wWHWcBivqvpQfx7T6b9MweTHKDdChjnNTeHk+
-QaYwdebXIvYDZUhap6kYKQM4ad0hQ0hdt5xu+t42nwhj20JgN2Oz1UR9QUt571oG
-ULAKJPdrOIKoCStyWEEKrcxSd4EKIqnUtUEbr5j799UJ5s3ln0qG+ftVExSeRVCG
-qIRTPUXGO/Y3xayUXR1F6PaiG5sU8VDFD/oyM74PBoU8a7+JA2wOA9FC2gD/8ywy
-EsnX1iCKBKJEPx89niRUl8Jx/GGr5oRAdyDrV9GSGydONTvMxIPILz9xKGHE9PpH
-mxYAY2h5691PeLB9zr58puhVsMVaCZkgfhWuodE1aFuSxaAqxIT/5cvDKkW/LQ3L
-kLiV3yb4BANys5P0WCGxBndGUoyHlSRFfr70ujPk/GQi/YgD/FWy/VkIY9x0WQR0
-Br9NS3bQhlqQEkF51xdJEOc2nUD5f2siZpSm4+vJ6gdCtO+eFA87smIxV1jCORFq
-lSCSKN5ACJqfjIIAvnyTO/JIpOo3FGjJT8LZh3kj8+lQn5b8EH3nCtPETp/lzJWd
-B302qq8U3V7OR0SH2j0qyZ7xC9CWXI6nAsbVuYRDxi2x7EEYIndfxi+9bIttBtlo
-oul2knJ9zGKjGcC+5joFAoIBAQD3JlTm+Bvw54xv6VqDw0/Dy7CzYAMST14oT4D+
-wqpTvWFFS4YmFj5z37qZMeSVrIs23cXBzanGtMux2qeSChTBsgAhOV9N9vFNVm4V
-1M23NWdx0jTXGUZuEhGJ7viF2ENYyOsiSdSeSDZRk10xp/ya+YzMfytC8z35zaaH
-I4XYSxIeWAKcvlPeMf66+azB5D6hmw5hCI9Is1ZyQYUDHHZLEuGxyMJ76Vas/+5C
-6WoYe+QhMN7mn7drDtrSudauACZQNjEQ9O9RV1c2Vv0Lv6MESQnsVtIGpg6yerB+
-Oj8wgo4tSJ1sW1qESH2o4LrBPFLKCJBYeQuyinZyNCoDAYL/AoIBAQDF6Et04Qgp
-s7bAf+M/wUE7EEiNQoTkZfTHEcwNF7GcemlF85Wehq36PB2ePFaR79aZwngkn0zz
-uMTvQVJq3jH+0uJ/j/MbUJ82dpuNf7NeplnhHrWQhiayoSbTKcSawKe6ckVrfwLy
-/tV0ttkAiDPjEK/TpIJVqucmEHjHjpE6iRCqgt47eyB+VK+L7sPJQKLB4nIwqEYo
-KcwwLl/f7pKjCYnkxk44Fffoy29mwPUWY0TtNuDYZNSP19sAsFem0pevLTU+PYII
-Pvra5WnJ3JQc0jCYCL09y+HL73jvAEPhMqfO10uUbCC8W3KI9jvWwHI20tUqMXQL
-E26g95bV6/mvAoIBADT4NC4kcuiY19KMcufWjlvqZf6rzzy3YfjFwWHYmuTDq/tM
-Cn5TOiNfigCXXuRtTJD/ywiUaZS63wVJVazJGFXDLp/wSerNyD3JDmMDbuubOIZ+
-hPCs7BlfKf8kBoO5LAX1Wd/JbxZVZ77oFIs187/LSE/z2XPJ6jiFyPEhvefzfvid
-6EFr0VHH6U5tgIc1we6k6toFGaB9P0PRow5dpUTF0TVnT7d69Say23/fwutociZi
-8QMArDD3yBJt3gMA6TU7yBxYQopua7SrxCQmeGvMs6HBodXm9TNvdDA5j513/bza
-2VKF6cp8NuJg9+W+ZggC+dzcZJNpdaVYZMCsLEUCggEAPLyi07bwO2QlFQTqqDlW
-HJtNuNSOVk4YBjQnDGmWH7DNuCMeau1oXWCvsk1QQC98C+pL1ulww2eUQN0qPxP8
-AfmUe5OhB2QByMQzzwQ+9zBUaytyi20wWSft82ZhKSExGJ5TQb9UF2Ev/0bSaEBk
-tC392BUnzsTJdbweZRgS6AUCsWHCdDzAZyT0Txyyx4Pnr1sgsmAiT9csDClfUSk1
-pYWa5TQa80mCsNYmVUGotfs3PxnVfXPMbGzRkG+OJuuAk8lrCrPzwTYa5Kz9f28L
-oaC8OxyLf3ifzmerFKZfLrDOIUOftWhNz6C9EN2I1cpwAvVHaFCPDYskK5BwoSxv
-jwKCAQEAkb5RnSaRQENeHSqnU5tNyZj5Grcsd6dPlqWRe+tZfPxfNs45n9Qsuu/+
-N1W5ZoqfNKoL9Rn9FWK98/VN47CxshtIVVYLDF+1+bdi5PgBCvG7W+77mLoaRiur
-49XrQ7e5+mlKpjV1809fZGZ6UX1b7oeoBwEXAKU/vqOA/9T65SaBLo2pcxGFK+LL
-H2gynD0uB3eS8SVTQLZ1nt2siPcbfqbTJnKhgwmm0bJxwAFzC54uvtoOjlZcsqvB
-AuBc6reTuBQTn9+mJC0oDAjuyiDLuByU9BvTSjPwqMTt9SoKEAwsYo0t16LfxSZh
-7i4QyQhhpHEPAMqvU0qdRdiWQ1QFhA==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-long-duration.pem b/tests/hwsim/auth_serv/server-long-duration.pem
deleted file mode 100644
index 930550df8f94..000000000000
--- a/tests/hwsim/auth_serv/server-long-duration.pem
+++ /dev/null
@@ -1,107 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:6e
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : Apr 21 17:02:53 2071 GMT
-        Subject: C=FI, O=w1.fi, CN=server7.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
-                Modulus:
-                    00:bf:10:c2:eb:bf:bd:0f:21:68:44:26:78:d6:90:
-                    0f:de:9c:67:78:07:6f:2e:34:e1:51:a6:34:6e:1d:
-                    4f:f1:1f:1a:b7:93:7a:1a:01:36:04:d4:e3:35:f0:
-                    9b:52:8d:cc:2d:80:93:68:37:00:09:5f:e1:0d:8a:
-                    35:74:f5:ee:1e:16:69:93:16:47:aa:93:ca:68:a7:
-                    39:6d:b5:db:57:3d:45:63:89:38:9e:3e:57:39:d8:
-                    bd:4c:b2:a0:ab:27:9f:49:38:c6:c5:f4:e8:8d:8b:
-                    37:ba:9f:0f:1a:a0:03:74:d8:77:94:a4:dd:36:89:
-                    ab:1a:5e:d6:7a:5a:cb:bf:40:04:91:6a:9c:84:f3:
-                    81:37:a6:a6:49:91:fe:69:ec:80:a2:5b:b2:04:11:
-                    57:b6:e4:68:22:ea:d9:1b:4c:c1:f9:d3:a2:28:b1:
-                    b5:e9:b4:4e:08:25:37:64:82:14:1b:d2:dc:75:f8:
-                    f4:48:de:b9:f3:35:94:2d:69:b1:3c:44:b1:f7:08:
-                    1a:71:41:4c:74:c9:70:c1:7b:09:58:fd:e1:73:6d:
-                    3a:70:c8:3a:b9:ee:b4:d0:e7:7d:ef:48:fa:fb:81:
-                    ef:e4:fe:39:87:4d:dc:49:c0:15:ec:90:e2:0d:ea:
-                    9d:a9:c0:19:40:d6:c7:73:43:6e:95:13:b2:0d:0e:
-                    90:c2:bf:2b:d9:2d:9c:85:48:2a:c5:40:9e:37:67:
-                    cf:e7:1b:95:c2:26:af:e0:61:a2:a6:51:07:33:15:
-                    35:36:74:33:fc:74:f8:46:80:36:6d:39:df:24:b1:
-                    a8:0b:05:85:be:62:1c:d0:8e:09:5a:29:0c:48:9d:
-                    81:bc:c5:f7:f4:c9:9c:ab:e9:13:6e:11:59:90:ca:
-                    96:af:c6:90:18:f7:3e:58:51:e4:bf:d1:1e:20:5c:
-                    97:06:d1:cf:61:1b:67:f5:61:00:87:02:90:5a:ce:
-                    2d:cb:35:b1:96:6a:d9:fe:47:90:03:b7:5d:c7:3d:
-                    48:c0:5e:2a:b9:66:ec:36:b8:ec:dd:0f:74:32:65:
-                    50:2c:b7:dc:1a:47:6b:49:33:28:f6:37:3d:d5:0d:
-                    7b:30:79:86:dd:d5:d7:c3:8b:55:fa:8c:ac:58:c8:
-                    af:94:1c:03:86:8b:06:9e:05:b9:b5:f8:14:18:14:
-                    b6:3e:24:95:f8:9b:c4:40:64:f7:a2:83:11:ec:b7:
-                    a0:1f:4c:94:ae:33:0f:be:d4:e8:e2:6b:54:bb:71:
-                    f2:a6:ef:07:5f:13:35:66:36:b6:30:64:15:d2:60:
-                    f0:c4:ce:8b:7d:2b:b1:88:a2:3f:58:b7:50:7d:bb:
-                    94:a4:39:7b:df:8c:ec:64:c8:c5:8d:86:54:6f:f1:
-                    87:93:51
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                30:C9:45:D8:D3:C8:8E:E6:41:B8:29:BD:48:DE:BF:CD:9A:A5:81:CE
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         aa:73:6c:8d:3b:7e:cb:87:82:2f:b8:05:f7:79:1c:5d:ec:37:
-         76:ac:c1:e3:27:73:1b:71:0a:85:ba:55:ce:53:a2:70:38:b4:
-         e4:09:f4:19:c1:b5:0e:a1:52:d3:9f:3b:3b:dd:a9:86:97:3d:
-         e7:40:b8:16:9f:47:51:e5:39:2e:93:cb:61:a8:b1:f2:f6:53:
-         9f:50:04:c6:88:5c:ce:69:ed:cc:c3:39:0a:76:af:64:8f:ce:
-         6c:88:62:b7:46:ce:fc:fe:4a:e2:ea:f7:a8:af:5b:f5:43:a1:
-         96:fe:3c:db:a1:a2:72:3f:47:f3:5b:ae:50:27:7b:11:f8:e8:
-         22:a6:8d:73:32:56:c8:dd:d5:95:51:aa:9f:f7:4d:53:e7:0b:
-         e6:fa:c2:4e:59:55:92:44:78:df:e5:b0:1d:cc:69:3e:86:73:
-         3a:9f:69:30:54:9c:6b:55:7c:79:ba:62:d5:0a:de:18:b3:0c:
-         29:34:7b:ef:0d:5c:54:71:ad:69:f5:63:93:49:31:03:2e:dc:
-         3c:2b:78:82:ff:4f:b7:59:77:5d:34:0b:4a:41:3e:51:47:83:
-         4e:2a:cb:88:28:33:42:df:8f:81:c3:89:01:f4:8a:ef:56:db:
-         ca:07:95:53:c6:68:bf:21:5f:1d:20:da:55:c7:0a:7f:a5:4b:
-         7c:f4:04:32
------BEGIN CERTIFICATE-----
-MIIEljCCA36gAwIBAgIJANjT46bL481uMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAgFw0yMTA1MDMxNzAyNTNaGA8yMDcxMDQyMTE3MDI1M1owNTEL
-MAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI3Lncx
-LmZpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvxDC67+9DyFoRCZ4
-1pAP3pxneAdvLjThUaY0bh1P8R8at5N6GgE2BNTjNfCbUo3MLYCTaDcACV/hDYo1
-dPXuHhZpkxZHqpPKaKc5bbXbVz1FY4k4nj5XOdi9TLKgqyefSTjGxfTojYs3up8P
-GqADdNh3lKTdNomrGl7WelrLv0AEkWqchPOBN6amSZH+aeyAoluyBBFXtuRoIurZ
-G0zB+dOiKLG16bROCCU3ZIIUG9Lcdfj0SN658zWULWmxPESx9wgacUFMdMlwwXsJ
-WP3hc206cMg6ue600Od970j6+4Hv5P45h03cScAV7JDiDeqdqcAZQNbHc0NulROy
-DQ6Qwr8r2S2chUgqxUCeN2fP5xuVwiav4GGiplEHMxU1NnQz/HT4RoA2bTnfJLGo
-CwWFvmIc0I4JWikMSJ2BvMX39Mmcq+kTbhFZkMqWr8aQGPc+WFHkv9EeIFyXBtHP
-YRtn9WEAhwKQWs4tyzWxlmrZ/keQA7ddxz1IwF4quWbsNrjs3Q90MmVQLLfcGkdr
-STMo9jc91Q17MHmG3dXXw4tV+oysWMivlBwDhosGngW5tfgUGBS2PiSV+JvEQGT3
-ooMR7LegH0yUrjMPvtTo4mtUu3Hypu8HXxM1Zja2MGQV0mDwxM6LfSuxiKI/WLdQ
-fbuUpDl734zsZMjFjYZUb/GHk1ECAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1Ud
-DgQWBBQwyUXY08iO5kG4Kb1I3r/NmqWBzjAfBgNVHSMEGDAWgBSk/bk5G4GzquuI
-HdSBqbURcMyn4TA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9z
-ZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
-AQELBQADggEBAKpzbI07fsuHgi+4Bfd5HF3sN3asweMncxtxCoW6Vc5TonA4tOQJ
-9BnBtQ6hUtOfOzvdqYaXPedAuBafR1HlOS6Ty2GosfL2U59QBMaIXM5p7czDOQp2
-r2SPzmyIYrdGzvz+SuLq96ivW/VDoZb+PNuhonI/R/NbrlAnexH46CKmjXMyVsjd
-1ZVRqp/3TVPnC+b6wk5ZVZJEeN/lsB3MaT6GczqfaTBUnGtVfHm6YtUK3hizDCk0
-e+8NXFRxrWn1Y5NJMQMu3DwreIL/T7dZd100C0pBPlFHg04qy4goM0Lfj4HDiQH0
-iu9W28oHlVPGaL8hXx0g2lXHCn+lS3z0BDI=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server-no-dnsname.csr b/tests/hwsim/auth_serv/server-no-dnsname.csr
deleted file mode 100644
index 6f59b705c803..000000000000
--- a/tests/hwsim/auth_serv/server-no-dnsname.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXIzLncxLmZpMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuutBG9M6yO4kk513ADQDdmtCSH4Ekotzdt9
-Y6EyEo64473flTk6F2VU+CDWcTd9t7RyMXp6Pbp0cvOsnRY4NRt9UDutll2nwHYL
-u0wGqND3LT2UpRQmGhHYQhstTm5gnWrPIts2ZeIXNbxpLqsw5c38muRPD9EBw+Yz
-cTHNb9qMIZ33G9Htfjl6/WmjiBzm9tM7Gh7TcMOtNSoipN5gkDdd5+DOm31MtctB
-G5yWUd9YTbdn2pUlYIr/bGKE2tYkuWXZeln4yL0DvvYX2A6GrppMfVP2sQ6CzQZh
-d91GXP1FavLoIspji9Mc9k8Q7OoaCB44PYBso0hH8hYqB1v3iQIDAQABoAAwDQYJ
-KoZIhvcNAQELBQADggEBAFOyTkNJyRKkPGdTpgnqiapijSufwkt3uETE+4SgVwSu
-ctfu4IKhwgecJl4HiyVj8vwEoB5tJLdK4EG/wSBVdqd5nN2OEm4FClqfqgiuftrU
-O+pvl+HSU3X9CrW4Is0Vmb2x5SMRPwvW3lA+fcKMpjUfbUA0E5kii18qir/UsVuH
-EHCJ18BRoqUS+x4r+nxjS+ErSkdTtQtrZVOH2z9IEVGtc7tSxd9Dy4+L8TX0UNEP
-PEZlvuLAR5py3/zeFjkekQKx2AhJqpPC+/NMmkbm+n81NgcBG02rCL2vLALtm9cf
-6VbDKAi/K0tm3s9HHm6euogDB6q4TioPLxUpIR34W4c=
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-no-dnsname.key b/tests/hwsim/auth_serv/server-no-dnsname.key
deleted file mode 100644
index f1e96e5b6d2c..000000000000
--- a/tests/hwsim/auth_serv/server-no-dnsname.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDC660Eb0zrI7iS
-TnXcANAN2a0JIfgSSi3N231joTISjrjjvd+VOToXZVT4INZxN323tHIxeno9unRy
-86ydFjg1G31QO62WXafAdgu7TAao0PctPZSlFCYaEdhCGy1ObmCdas8i2zZl4hc1
-vGkuqzDlzfya5E8P0QHD5jNxMc1v2owhnfcb0e1+OXr9aaOIHOb20zsaHtNww601
-KiKk3mCQN13n4M6bfUy1y0EbnJZR31hNt2falSVgiv9sYoTa1iS5Zdl6WfjIvQO+
-9hfYDoaumkx9U/axDoLNBmF33UZc/UVq8ugiymOL0xz2TxDs6hoIHjg9gGyjSEfy
-FioHW/eJAgMBAAECggEAD8yKeZGL6oM6sqEpbGukcXrzS4o1UUYx8D2aLDkkldx7
-n/oD5VR+IOdVu8btmr+ksP8vQlNrFRXH2olltFXYuHVB8v7jUwzETBVFXikLYSOO
-5VvYcIjxjatkm/cX9QN9UUUXBPw/rIJm3zQmUmIN1JKdpvBaeC24tugxwzsGK8qm
-kefz6Rc+UTC0tLz62ti6fWeR6TipRFdExtXLRZlwYCDy33GBj1VRRSI5ZFxjPHqI
-tChrK2OUkZrkWUsUZiPq3hFytNyfVbSzqBHJPwhufuUZw5SsSrluqJbrtoi+kOKY
-lJ/gE7BBL7ZOEj9chHG5WXwN0hsyEzkm582Ls/CDAQKBgQD9L8WFL5UQitnVsEZB
-+rv6WQwYsS5H2nsjRasiGp155eSGnFlkqZbUBkFCAU0FjHotTFl3ZPd+w2JP6mda
-zKnAj9SfgX7UF4M8Vx3KbW2qMamycFhW3YUOyk7b3oCMKLHhwC0tcOWDqxNOgR5y
-syulT8aDse9Ey/c8yIefY37VuwKBgQDFFihbgtUuR3gJR6jMWxXfNlpxyyEA77QN
-HHsLjqcq1Kte/KrV2zUXy+aZAJYjnvLMOZodxRkGv+I6309S3TG9gzDNt1iguYNa
-ETif4hDJoQHrXgWnkPKjuGyE811ArhHfdrPEjBhNX538T4fPZD0FJM4ZpVlvoMyz
-NnNieN2RiwKBgQCnir1CbUJPOBL+fS+A6dMKz3JZxKXDlqh1ptygLMyYpbCcA0qE
-elT86Ua1zvaQ/Wy8HRH3GDFPCSw9hffu9hA/BO7GvoKXBxgpDd0A33j6bvLEyeMr
-WFt8dhPJG2wlU6iiovFCaLr4bnTQNlFXxYjUU/4hl9WlyPNKnchhiQ2dkQKBgQC9
-akA7QxCzu8hn0tEuJlRtBIYEW59KkRXQjBDN2Lpc9awGTHu7sUPjrPnhDqk9buQW
-1z2BYw5caEp7HmfUUfYeF1nuPEoXnnPZOjfboZ9UyUNY/DIfC7XHF9ZkKKj1ItbW
-l/TJ74LjygPCnIUAE2x55xeVmk7MdBSIIMrgVx1LZQKBgDFj79Q2LNKZ9OpCs/X6
-fcu30wHRTraQ4mntoQYycjn3IuGfPJ+bFYaz9oyjarMbGeVftdpwWSMQBm/a7nCU
-aWPBq+INWls8NE2WtX7jzWj00AzT8TEGbJirQfOJbNXCGrVW7GrGH6JlZYpsC/lb
-+CynJQUivjDzYCz1sGjNScGs
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-no-dnsname.pem b/tests/hwsim/auth_serv/server-no-dnsname.pem
deleted file mode 100644
index 170098dc18c9..000000000000
--- a/tests/hwsim/auth_serv/server-no-dnsname.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:6a
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=server3.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:c2:eb:ad:04:6f:4c:eb:23:b8:92:4e:75:dc:00:
-                    d0:0d:d9:ad:09:21:f8:12:4a:2d:cd:db:7d:63:a1:
-                    32:12:8e:b8:e3:bd:df:95:39:3a:17:65:54:f8:20:
-                    d6:71:37:7d:b7:b4:72:31:7a:7a:3d:ba:74:72:f3:
-                    ac:9d:16:38:35:1b:7d:50:3b:ad:96:5d:a7:c0:76:
-                    0b:bb:4c:06:a8:d0:f7:2d:3d:94:a5:14:26:1a:11:
-                    d8:42:1b:2d:4e:6e:60:9d:6a:cf:22:db:36:65:e2:
-                    17:35:bc:69:2e:ab:30:e5:cd:fc:9a:e4:4f:0f:d1:
-                    01:c3:e6:33:71:31:cd:6f:da:8c:21:9d:f7:1b:d1:
-                    ed:7e:39:7a:fd:69:a3:88:1c:e6:f6:d3:3b:1a:1e:
-                    d3:70:c3:ad:35:2a:22:a4:de:60:90:37:5d:e7:e0:
-                    ce:9b:7d:4c:b5:cb:41:1b:9c:96:51:df:58:4d:b7:
-                    67:da:95:25:60:8a:ff:6c:62:84:da:d6:24:b9:65:
-                    d9:7a:59:f8:c8:bd:03:be:f6:17:d8:0e:86:ae:9a:
-                    4c:7d:53:f6:b1:0e:82:cd:06:61:77:dd:46:5c:fd:
-                    45:6a:f2:e8:22:ca:63:8b:d3:1c:f6:4f:10:ec:ea:
-                    1a:08:1e:38:3d:80:6c:a3:48:47:f2:16:2a:07:5b:
-                    f7:89
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                5E:84:D6:31:98:17:71:F8:63:5C:32:5B:7D:33:C0:D4:FA:36:A7:6A
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         8a:b4:ef:15:b7:6f:b7:cd:e6:c0:3b:e2:bb:67:5e:d0:0a:81:
-         53:84:60:b8:60:05:9b:c7:b9:b9:87:34:1f:33:a4:fb:db:ed:
-         e9:0f:83:a4:3d:8b:4e:ff:aa:35:a8:f4:8c:35:78:a0:fb:e0:
-         b3:a3:11:92:ce:76:b2:3a:06:4f:3f:bb:9c:ca:e3:95:ec:44:
-         cb:72:1f:93:5d:df:d7:9e:76:41:4c:61:cb:70:03:5d:45:69:
-         da:c6:f5:60:68:83:f9:c7:73:8e:fb:4c:47:28:8e:b7:c9:e4:
-         cc:12:44:46:cc:97:77:6c:aa:02:57:d9:5a:f9:92:0c:a6:81:
-         12:b3:e0:fd:e1:9b:46:83:c8:bc:b5:85:4e:bd:9a:1b:9b:a5:
-         bd:cb:af:9b:dc:ce:62:3b:b3:ff:0f:85:e3:47:66:d0:dc:c6:
-         c4:02:36:e0:01:42:4c:c5:1f:de:da:92:1f:09:f3:22:f5:37:
-         ef:55:ca:7c:12:f7:2f:34:a1:ff:fe:b8:fc:32:34:ee:a4:ff:
-         f1:ba:c5:f5:d3:9e:d2:f8:3d:d9:fa:81:8f:40:80:7f:67:b5:
-         4d:0a:03:f7:f9:4e:3f:f8:74:29:f8:26:6d:5e:9e:dd:6d:f2:
-         0a:1d:6a:41:0c:5b:c2:27:81:2b:c1:86:0e:24:64:37:92:2a:
-         09:fb:ae:c7
------BEGIN CERTIFICATE-----
-MIIDlDCCAnygAwIBAgIJANjT46bL481qMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyMy53MS5m
-aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLrrQRvTOsjuJJOddwA
-0A3ZrQkh+BJKLc3bfWOhMhKOuOO935U5OhdlVPgg1nE3fbe0cjF6ej26dHLzrJ0W
-ODUbfVA7rZZdp8B2C7tMBqjQ9y09lKUUJhoR2EIbLU5uYJ1qzyLbNmXiFzW8aS6r
-MOXN/JrkTw/RAcPmM3ExzW/ajCGd9xvR7X45ev1po4gc5vbTOxoe03DDrTUqIqTe
-YJA3Xefgzpt9TLXLQRucllHfWE23Z9qVJWCK/2xihNrWJLll2XpZ+Mi9A772F9gO
-hq6aTH1T9rEOgs0GYXfdRlz9RWry6CLKY4vTHPZPEOzqGggeOD2AbKNIR/IWKgdb
-94kCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRehNYxmBdx+GNcMlt9
-M8DU+janajAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
-BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
-EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIq07xW3b7fN
-5sA74rtnXtAKgVOEYLhgBZvHubmHNB8zpPvb7ekPg6Q9i07/qjWo9Iw1eKD74LOj
-EZLOdrI6Bk8/u5zK45XsRMtyH5Nd39eedkFMYctwA11FadrG9WBog/nHc477TEco
-jrfJ5MwSREbMl3dsqgJX2Vr5kgymgRKz4P3hm0aDyLy1hU69mhubpb3Lr5vczmI7
-s/8PheNHZtDcxsQCNuABQkzFH97akh8J8yL1N+9VynwS9y80of/+uPwyNO6k//G6
-xfXTntL4Pdn6gY9AgH9ntU0KA/f5Tj/4dCn4Jm1ent1t8godakEMW8IngSvBhg4k
-ZDeSKgn7rsc=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server.csr b/tests/hwsim/auth_serv/server.csr
deleted file mode 100644
index 3e8f7d96528a..000000000000
--- a/tests/hwsim/auth_serv/server.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICizCCAXMCAQAwRjELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRUwEwYDVQQDDAxzZXJ2ZXIudzEuZmkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQD9Dl7NGSxqQYPZLA42zQmwj7LJjMjSAzhuVLxD
-7s74WbHpP23UXuPFcxk9C7wp19BudQA1/PdlsbYPywZJz6lOPcJkSxgkCnC4blTc
-kD9sGP22iKs33ItLteH/7btFBaPwqlEr8XkGfy/NXfzmiq8buXvKQ3UBHY4t2RET
-hvs8S2CkKUnj0iAgy1wNnNKcMCERvLN032Swt2fuat+vPRgCt9zlVHW1bEDEsIob
-xv2rHrnv0YMJDVW6F4hO0L3PczZ8KEv2qkjU6Psl2B2vyWhzrEauy+t5Nletw3AC
-FW3wpUNzq3IEsRZgdA5KwY9SKBqVfqvQBPb6Edob0ZmkT57tAgMBAAGgADANBgkq
-hkiG9w0BAQsFAAOCAQEAUQqUbXEUfPwdJoYL1jPZFCXDMFLjQgro6uWQ+yK8NEOX
-MekF9AmJkBNHfOXfhtpuSutn+4TGLGShS+ocvR9oGJkSULZYOzbsntP6ZEcwaxo5
-rvSSmm1cx1GNQQ/dzoefeWlRnaUVcOTljMutCae1X9KTXuLW2DreEwo4aqPsu+EK
-iSL/GcdYozU+p+ZE0BP26kDeQYKYD/1XOXvGclCAG11U3M03cazqiLr+auNhAL0T
-y4PYJnrNhTZdIXLXsPTKcG2VhbGSC7NTia10XRl2Jr+yFTRvR2S0F1vZczbXc7gj
-JBMk6kojPpMvqe2WmaXWEH+tzeBvTELnJDHdDl+w9A==
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server.key b/tests/hwsim/auth_serv/server.key
deleted file mode 100644
index 7dd02ae13791..000000000000
--- a/tests/hwsim/auth_serv/server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD9Dl7NGSxqQYPZ
-LA42zQmwj7LJjMjSAzhuVLxD7s74WbHpP23UXuPFcxk9C7wp19BudQA1/PdlsbYP
-ywZJz6lOPcJkSxgkCnC4blTckD9sGP22iKs33ItLteH/7btFBaPwqlEr8XkGfy/N
-Xfzmiq8buXvKQ3UBHY4t2REThvs8S2CkKUnj0iAgy1wNnNKcMCERvLN032Swt2fu
-at+vPRgCt9zlVHW1bEDEsIobxv2rHrnv0YMJDVW6F4hO0L3PczZ8KEv2qkjU6Psl
-2B2vyWhzrEauy+t5Nletw3ACFW3wpUNzq3IEsRZgdA5KwY9SKBqVfqvQBPb6Edob
-0ZmkT57tAgMBAAECggEARr4KsIl2CipQgpi3TIibSdmSIJgT1+oAj49upgsPnwvs
-GYma2YDBagRYLOGn84aahRZ+PZl/S9WXUOjv1BiSewX23vTDRegJRPXLEXHd2QlP
-fATO4Knt4vdwu4wpCw2dm/zw/jjeHXvW0DGTLpvcggKjYZLkFbC+e4CwLmZQu7TE
-e5QnNDqzNjiHEYJ7P70/o5otgVCo2Kn/on+/dsVf5/x0zPktoKO/aWZPkC8ef+aY
-rClhFRQZtrys6/dQ5r3ZTtublCRB3hq3tx/THJKROFvkSDiI0fJJkn2PxjKaA4ot
-8Gm3598Dj5sjlluanEg72n0jreSS6WYnHfCp2/7HgQKBgQD/ZNvLsoNABNQFXhin
-6e6PBG+VU1GY5yWXsdNA1NcOaq7PhdNnpQ2SkIZIwfdNmypMtY/y7yxAlv7jgqzQ
-UEo4ZXQirq6ehKddy0olpu0gN8SOwKJ8VCSnGaZXp8E0ueRTLLD4JAvg4mQY+mJ5
-AYTa4Y75JTFOTe/x9+DbFLOSzQKBgQD9qBdywd/eEf45KPnoLnvDTxpS/4b5liMS
-q+j8bFz5NmL/6TkAZp7Clp95wMh0Qeg0yznDNUOKG48yHJuUp8TuUTXE39u5CTki
-s1wRYEtUKwKbjKyurGkR49BhJEo+aO2ai14D+pEDCoYDhICNk5IaHolmIvMPG+4I
-HAG9B1l8oQKBgAVVvQWnR/iZYThve8JeL56LMC2FXQn9ohpmG4yaJZfmgJpTKFRc
-7Uinfjac3qafXCXYERa5CkqbHN3xx9xeIP7Gl8N1tK4ZBUn/SiA5OXDX2WJGAd7o
-/w8CiSgBmBaa33shTt0QG7Np5z9iU5ZFgtnzpkHsFfiVxjJexDKvXwTtAoGBAIqK
-y7vXHoH5S+RGeDCTau+i/drFTCB4G1HwaUGtoh5P0US7SnHomt/nStVCMXomIUDs
-mvD+35PIN68EJwnLlGkiG/8a0bS/z+AfHLM06A/hqfvxmsOQ0ZZ+2mqkWpS51MTr
-R/9eVOPXVJkJPvmU12DCuwL5Jc5jz9/IBD8Ni5fhAoGBANsZyLEn9Rm2/kL6xe1k
-jqe0gtGEctd71NdurFXSDGG1CZFeUGFGshGalRu6RqcCP6r/LpZHZc6vFDDep/1G
-1fSLR3ula5rBAIrMUQPXq3LXpvC3BCZFvn3A2LRjNYB9LG5WtL/lfkeTzrx9L8hL
-6mC0BwuQ5yNIyfXv1/0dQD0+
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server.pem b/tests/hwsim/auth_serv/server.pem
deleted file mode 100644
index bc95b1bb2ff2..000000000000
--- a/tests/hwsim/auth_serv/server.pem
+++ /dev/null
@@ -1,87 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:69
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:fd:0e:5e:cd:19:2c:6a:41:83:d9:2c:0e:36:cd:
-                    09:b0:8f:b2:c9:8c:c8:d2:03:38:6e:54:bc:43:ee:
-                    ce:f8:59:b1:e9:3f:6d:d4:5e:e3:c5:73:19:3d:0b:
-                    bc:29:d7:d0:6e:75:00:35:fc:f7:65:b1:b6:0f:cb:
-                    06:49:cf:a9:4e:3d:c2:64:4b:18:24:0a:70:b8:6e:
-                    54:dc:90:3f:6c:18:fd:b6:88:ab:37:dc:8b:4b:b5:
-                    e1:ff:ed:bb:45:05:a3:f0:aa:51:2b:f1:79:06:7f:
-                    2f:cd:5d:fc:e6:8a:af:1b:b9:7b:ca:43:75:01:1d:
-                    8e:2d:d9:11:13:86:fb:3c:4b:60:a4:29:49:e3:d2:
-                    20:20:cb:5c:0d:9c:d2:9c:30:21:11:bc:b3:74:df:
-                    64:b0:b7:67:ee:6a:df:af:3d:18:02:b7:dc:e5:54:
-                    75:b5:6c:40:c4:b0:8a:1b:c6:fd:ab:1e:b9:ef:d1:
-                    83:09:0d:55:ba:17:88:4e:d0:bd:cf:73:36:7c:28:
-                    4b:f6:aa:48:d4:e8:fb:25:d8:1d:af:c9:68:73:ac:
-                    46:ae:cb:eb:79:36:57:ad:c3:70:02:15:6d:f0:a5:
-                    43:73:ab:72:04:b1:16:60:74:0e:4a:c1:8f:52:28:
-                    1a:95:7e:ab:d0:04:f6:fa:11:da:1b:d1:99:a4:4f:
-                    9e:ed
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                71:26:7A:1F:72:81:97:24:11:AA:C0:75:FA:BF:31:10:69:49:D0:E7
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Subject Alternative Name: 
-                DNS:server.w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         b1:d9:6f:63:a1:39:81:55:10:cd:05:c1:cc:14:7d:33:0a:9a:
-         ef:c0:34:dc:77:76:5b:41:92:20:15:a3:c6:01:af:1f:05:7c:
-         bb:37:4a:1d:1f:00:5e:4a:17:6b:7a:6a:6c:a4:fb:c7:e4:1e:
-         e2:38:7f:25:d1:45:9b:eb:68:95:f9:1b:ba:9f:40:b9:5d:c7:
-         6c:a0:46:6b:05:ac:f4:38:4d:64:0b:5d:e0:7b:30:31:b8:a6:
-         da:d0:a5:3e:81:7b:6a:1a:b5:4f:2d:4a:f2:00:68:13:68:b8:
-         83:6b:79:f9:b2:63:a7:df:52:de:8e:12:9d:87:73:ec:4b:47:
-         38:a2:98:29:a8:c8:8b:8e:b1:2b:47:dd:eb:cf:6a:dd:21:02:
-         00:5e:7d:8d:4c:19:aa:7d:1b:f4:9b:a6:a8:f8:f3:a7:9d:66:
-         e8:54:0c:dc:7f:e9:af:a2:4c:88:8b:87:54:28:33:c5:53:87:
-         b0:41:e4:2e:33:7b:aa:c0:29:82:c2:bd:54:10:29:f9:2d:a4:
-         99:d1:e7:c7:57:07:66:cc:d0:2e:74:5d:98:28:0a:fe:8a:32:
-         3c:62:3d:30:7c:75:0c:16:31:ce:cb:e7:41:1e:4f:3c:92:1a:
-         3e:80:b1:13:78:b5:53:b2:6a:44:9f:c1:3b:92:cf:08:0e:08:
-         32:10:27:1b
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIJANjT46bL481pMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDQxCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZp
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Q5ezRksakGD2SwONs0J
-sI+yyYzI0gM4blS8Q+7O+Fmx6T9t1F7jxXMZPQu8KdfQbnUANfz3ZbG2D8sGSc+p
-Tj3CZEsYJApwuG5U3JA/bBj9toirN9yLS7Xh/+27RQWj8KpRK/F5Bn8vzV385oqv
-G7l7ykN1AR2OLdkRE4b7PEtgpClJ49IgIMtcDZzSnDAhEbyzdN9ksLdn7mrfrz0Y
-Arfc5VR1tWxAxLCKG8b9qx6579GDCQ1VuheITtC9z3M2fChL9qpI1Oj7Jdgdr8lo
-c6xGrsvreTZXrcNwAhVt8KVDc6tyBLEWYHQOSsGPUigalX6r0AT2+hHaG9GZpE+e
-7QIDAQABo4GzMIGwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFHEmeh9ygZckEarAdfq/
-MRBpSdDnMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUF
-BwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAX
-BgNVHREEEDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ
-KoZIhvcNAQELBQADggEBALHZb2OhOYFVEM0FwcwUfTMKmu/ANNx3dltBkiAVo8YB
-rx8FfLs3Sh0fAF5KF2t6amyk+8fkHuI4fyXRRZvraJX5G7qfQLldx2ygRmsFrPQ4
-TWQLXeB7MDG4ptrQpT6Be2oatU8tSvIAaBNouINrefmyY6ffUt6OEp2Hc+xLRzii
-mCmoyIuOsStH3evPat0hAgBefY1MGap9G/Sbpqj486edZuhUDNx/6a+iTIiLh1Qo
-M8VTh7BB5C4ze6rAKYLCvVQQKfktpJnR58dXB2bM0C50XZgoCv6KMjxiPTB8dQwW
-Mc7L50EeTzySGj6AsRN4tVOyakSfwTuSzwgOCDIQJxs=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/server.pkcs12 b/tests/hwsim/auth_serv/server.pkcs12
deleted file mode 100644
index 310e988a9ef8..000000000000
--- a/tests/hwsim/auth_serv/server.pkcs12
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/sha384-server.key b/tests/hwsim/auth_serv/sha384-server.key
deleted file mode 100644
index 10ff1450e934..000000000000
--- a/tests/hwsim/auth_serv/sha384-server.key
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDm91jBTdZzl79p
-4ZPklcK5EoOMvj3++QdZ+7pFKmDFHX8qqfk6HXz4fkFXMYokV2pFvRh+i+wvbAPc
-OLI6cxSSSz02yspRkcN1hDlERfjIrMrJq5M5GgoT1F2zQ0Wc+inXDetgIG1QOb+q
-oQR3mxMCQLphohv8n2JkW6+Lmdt9zsx9tOQWjFSB3YFdcb4yhGP5sJ4n8EanpNdR
-k0NbdKffehDDxXUtb4O1U6i/H1NFA0/l/oN0IuhwXkdkv8ikdpPke+FqCp8H6CZM
-vZrC3ItJpIm+k/eXIyAvW4hag/75GfGeV7b4MnVegcylWtacFpaDRsklfAStMXd5
-EOiC4cmANIYupoZwfiSadthk9BbBqzRAcpvFljgFeUeR5N8St4B1noPwatoMuMzh
-WG28Iv/hNr8Rj/vzWznO0xp3lPckZPVHzrl08U1QSH9j6SqsmGMY1Y4riRGzNkUf
-o7eV9GB8kKp6oWM6TCuyRbMhS0LB/TNH3682oBJMEftK5HBiTf8CAwEAAQKCAYEA
-txfjyzGaTH5CZnxFklLKT46GrF7vpJ3jnwi37DahCgHNGpQuF0zjEdZ8k9OY0CBg
-BbLWpRLlA97b3IsxdrZd2287sqDl6+3ihdlw0Fer1eFszJxwFDc5P+j88qvkloGW
-A35sVgK+xXdSIsCMWwia9BE970Hkb8ol5KruKXupjT0PzKNGoT1TjLN85wfRIBjl
-bD3/0mdei21Yp7lXDzwWDEmm2ptAvekF/wu33PLHPxFWGFw/9yPpIZMLg6mpM/8u
-0lWjpuTuQZLAVU0yKag5mhRa9rwCqslxDZzNXYA7hUO57hT+diO1U447cdAEYzpF
-XUZrPBHUOlaRNd2f2INFAX3W0SraSTp3IX2KBd3daU2aSN6y4DMO4I9wJwJV4vrC
-1rnJB+e9DnBNUezhgpiDOE0+vOprrqGtXsdULgFuPd47b2eU4WWvFHeeKuMBgrRg
-iRSgaxButfFIryRhCYA88cXFG0qO3qNUPMmDTCRjS1S6rhQeP8dxN6kcJc+o/+Ep
-AoHBAP95nPrypMNYJAlQtlgYMbxyMRLz7HXLN/TklEtPMNsjK8LHIIa3v3uv8gbk
-1VmXc8oQa4NB8cu9CtX98fSwvbiuwXjhxFe0mMlg4QdkbCQYXj3CeDsE5PNO3aXK
-oIF1WzJZYN+KV/NgyCIP/hAgBBmDFcfgovJb3YvMGmC3/2MmP3+1tgsLabPXoJSZ
-Uqc7c5m9Tlm7NP8LAi/zRjFOD+b3BDIH8e8ADV02uAYe0fyCcihaf7ZYbiROG2KE
-BNlbgwKBwQDncNdXOgz9bb0C+HymH0LwB0KECt2NNN0DV1GXoH8IXEYtK4V2XJdU
-P63EtMfaUgk0vyL/pIWQLlyt9bW0Gnr0nDY3NiX2ctRnh6WUzKNrpdQmhquEWXXw
-pujDupY2O90lXeJdMhp2WWT+22IFMykwLY2sVBJzhXpY2lUd/EBgFiUpD8NRAt2V
-f98eJYd3lC1JEsrEgCQrvEzc+B9y7GHPm8YevJrIcNvYMjUXEMo8rmjd+GZC4SD/
-rZVcCBrYDtUCgcEA7fbkjye26zJNltO0lYgrw8GGDoZgyjP5skW8EA36jxRKrcp3
-dKTxWo+/3EYIqMQXGa+DxaaGSGWVE1DQsEB05/L3ydZZ4ewZqPJxiUY0KMb9+X8M
-KMVdUXkzojuEmDGtOc/hGTeuxsdug7Przi9UQkNE5YJLpX6GdbIvG8onu74jxZyH
-re/6jIccT24lfBo3iou30IM9URd6+RkcV87DpzqNkOCvrRSaXioa7bCFnjQPi6EI
-dtwV9AFBJtmb/q5rAoHAAt/l7NFtw+APDvBjK/ULccvFSbqQ0eYsMJRvEQEPUt1C
-ieEWgUfZIVTBJcZRDScjsiIFn0M93XKV+BsrLJd/m3YtPjZP9mWqubZ3mgeIqBeh
-MPFPRA+QZXLNRVEV+Ip5zrMB0sKCjaHCnV/AMexWwKBwOAm7SPAJev0LPZoaepcL
-0xy9Ak6UzfyOmuNAcX3Hqjavig1FZb2q/rueOGEzPc7jgRI6oe607FSDUEwHFwXb
-i5ZAPuho7oQLbN805iYZAoHAReFyMpjLEXOfyJQAOZb1BQHJ4U8AyYyPleXB/Bh1
-EmO+Qv3VhtqorN0g3t7XaupEqcPBRWQHxo8hlrP+6Rj4fVnT8gFYOb1QMmy5EW2b
-0sdt74xLv4LI6TLLZim+akYNuFxQbBnLHJgDXgjinM+jZfzve39Uhz7ojrFaySqW
-bRcQzciRgbHWrSxkLGq+gJDyjvKkszs4RN9J7LH+C8+BiyRhgxc2ZTja75bq5TQB
-Tohu1wDMgHHInYJkhZNxYIGX
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/sha384-server.pem b/tests/hwsim/auth_serv/sha384-server.pem
deleted file mode 100644
index d51921f4f31a..000000000000
--- a/tests/hwsim/auth_serv/sha384-server.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 14110776913249282218 (0xc3d38cd72b01a8aa)
-    Signature Algorithm: sha384WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=SHA384 and SHA512 Root CA
-        Validity
-            Not Before: Nov 29 22:33:25 2015 GMT
-            Not After : Nov 26 22:33:25 2025 GMT
-        Subject: C=FI, O=w1.fi, CN=sha384.server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:e6:f7:58:c1:4d:d6:73:97:bf:69:e1:93:e4:95:
-                    c2:b9:12:83:8c:be:3d:fe:f9:07:59:fb:ba:45:2a:
-                    60:c5:1d:7f:2a:a9:f9:3a:1d:7c:f8:7e:41:57:31:
-                    8a:24:57:6a:45:bd:18:7e:8b:ec:2f:6c:03:dc:38:
-                    b2:3a:73:14:92:4b:3d:36:ca:ca:51:91:c3:75:84:
-                    39:44:45:f8:c8:ac:ca:c9:ab:93:39:1a:0a:13:d4:
-                    5d:b3:43:45:9c:fa:29:d7:0d:eb:60:20:6d:50:39:
-                    bf:aa:a1:04:77:9b:13:02:40:ba:61:a2:1b:fc:9f:
-                    62:64:5b:af:8b:99:db:7d:ce:cc:7d:b4:e4:16:8c:
-                    54:81:dd:81:5d:71:be:32:84:63:f9:b0:9e:27:f0:
-                    46:a7:a4:d7:51:93:43:5b:74:a7:df:7a:10:c3:c5:
-                    75:2d:6f:83:b5:53:a8:bf:1f:53:45:03:4f:e5:fe:
-                    83:74:22:e8:70:5e:47:64:bf:c8:a4:76:93:e4:7b:
-                    e1:6a:0a:9f:07:e8:26:4c:bd:9a:c2:dc:8b:49:a4:
-                    89:be:93:f7:97:23:20:2f:5b:88:5a:83:fe:f9:19:
-                    f1:9e:57:b6:f8:32:75:5e:81:cc:a5:5a:d6:9c:16:
-                    96:83:46:c9:25:7c:04:ad:31:77:79:10:e8:82:e1:
-                    c9:80:34:86:2e:a6:86:70:7e:24:9a:76:d8:64:f4:
-                    16:c1:ab:34:40:72:9b:c5:96:38:05:79:47:91:e4:
-                    df:12:b7:80:75:9e:83:f0:6a:da:0c:b8:cc:e1:58:
-                    6d:bc:22:ff:e1:36:bf:11:8f:fb:f3:5b:39:ce:d3:
-                    1a:77:94:f7:24:64:f5:47:ce:b9:74:f1:4d:50:48:
-                    7f:63:e9:2a:ac:98:63:18:d5:8e:2b:89:11:b3:36:
-                    45:1f:a3:b7:95:f4:60:7c:90:aa:7a:a1:63:3a:4c:
-                    2b:b2:45:b3:21:4b:42:c1:fd:33:47:df:af:36:a0:
-                    12:4c:11:fb:4a:e4:70:62:4d:ff
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                C8:A6:E4:81:75:69:7C:09:1D:A1:E6:14:CE:62:65:4E:56:D8:92:79
-            X509v3 Authority Key Identifier: 
-                keyid:0E:74:B5:09:EC:FB:FA:E7:BA:6B:1A:F6:2B:28:7E:A9:70:DA:D7:18
-
-            X509v3 Subject Alternative Name: critical
-                DNS:sha384.server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha384WithRSAEncryption
-         04:da:fd:8c:4d:ae:05:1a:bc:39:7d:b4:6e:b1:fa:9e:6c:39:
-         a1:58:24:49:59:0b:2a:d9:2c:c3:64:93:07:72:b0:37:3e:24:
-         9d:b0:b4:6e:d7:4c:75:57:74:1a:4a:f1:34:4f:83:3d:eb:b3:
-         77:a0:b3:1a:90:f2:6b:57:7b:46:a2:cb:f4:31:d8:9f:e8:1f:
-         5c:3f:b3:ac:ff:2d:c8:d5:f2:1b:dd:7c:9b:b8:7f:61:13:3a:
-         b1:14:82:4d:52:cf:d0:dc:6f:20:e7:94:06:6b:9f:6d:49:dc:
-         41:9b:9e:66:41:d6:45:15:af:92:00:6d:75:5f:95:93:ec:29:
-         7d:f9:a8:57:1a:16:a4:f9:9e:ac:e1:86:f2:d3:38:25:16:e3:
-         a1:f2:9f:3b:7e:a7:9b:b9:e7:24:0f:f3:da:66:c4:de:34:3c:
-         75:58:b2:64:e2:d1:2e:6d:ac:f8:03:d9:d2:a9:b6:67:d9:98:
-         51:76:b5:1f:a8:a0:5f:73:65:dd:52:04:88:f4:e6:d7:cb:94:
-         83:ac:08:29:25:c5:aa:8a:44:6d:73:14:cf:9a:48:24:ab:46:
-         d1:85:ee:29:81:e6:23:03:82:57:34:2c:f8:e1:5f:03:53:79:
-         f7:ca:b3:58:2c:60:8f:52:d1:20:6e:f0:5a:f4:7e:52:fa:a8:
-         fa:4d:6c:a8:67:d6:da:a5:da:9c:54:c6:34:3a:ca:06:32:a8:
-         45:3b:41:95:6e:81:07:9b:f4:fb:6a:4b:7c:ee:d5:7f:30:7e:
-         c2:39:8d:88:b4:c9:62:5f:14:3a:1c:48:9d:b6:06:d8:8e:12:
-         1c:99:e0:d6:7a:a6:e4:0a:b4:23:33:98:3a:00:5b:2d:d2:0a:
-         05:b8:9c:1f:9d:f0:1e:a0:d4:88:35:0e:47:bc:59:f3:f2:08:
-         5e:f6:11:b2:53:b3:b4:80:c9:3b:18:e4:51:45:43:9b:7b:8f:
-         7d:23:0b:2e:66:da:29:b9:0c:98:16:7a:2b:b5:a7:37:e1:f6:
-         20:cc:06:56:50:7c:36:6b:f3:c8:00:08:7b:bb:df:4d:94:e1:
-         04:49:7b:e7:c7:77:66:c1:42:59:f3:40:91:eb:c7:98:14:cc:
-         3f:26:0d:7c:8a:c9:9e:ce:2e:82:99:5b:b3:9a:39:a4:56:8d:
-         46:13:fa:dc:6e:a0:6d:43:68:05:53:78:c9:d7:dd:45:ca:b1:
-         0f:ca:ef:e5:5f:54:8e:52:94:ee:4b:ab:0d:dd:02:81:e5:92:
-         d9:b8:6a:58:7f:14:f4:a7:9a:18:9c:51:4f:ec:5f:7e:6e:b1:
-         4a:46:bf:5d:c7:4f:19:16:f5:df:0c:fc:92:4b:d8:23:e9:7b:
-         43:38:82:5e:82:f7:04:e1
------BEGIN CERTIFICATE-----
-MIIFLDCCAxSgAwIBAgIJAMPTjNcrAaiqMA0GCSqGSIb3DQEBDAUAMFQxCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIjAgBgNV
-BAMMGVNIQTM4NCBhbmQgU0hBNTEyIFJvb3QgQ0EwHhcNMTUxMTI5MjIzMzI1WhcN
-MjUxMTI2MjIzMzI1WjA7MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxHDAa
-BgNVBAMME3NoYTM4NC5zZXJ2ZXIudzEuZmkwggGiMA0GCSqGSIb3DQEBAQUAA4IB
-jwAwggGKAoIBgQDm91jBTdZzl79p4ZPklcK5EoOMvj3++QdZ+7pFKmDFHX8qqfk6
-HXz4fkFXMYokV2pFvRh+i+wvbAPcOLI6cxSSSz02yspRkcN1hDlERfjIrMrJq5M5
-GgoT1F2zQ0Wc+inXDetgIG1QOb+qoQR3mxMCQLphohv8n2JkW6+Lmdt9zsx9tOQW
-jFSB3YFdcb4yhGP5sJ4n8EanpNdRk0NbdKffehDDxXUtb4O1U6i/H1NFA0/l/oN0
-IuhwXkdkv8ikdpPke+FqCp8H6CZMvZrC3ItJpIm+k/eXIyAvW4hag/75GfGeV7b4
-MnVegcylWtacFpaDRsklfAStMXd5EOiC4cmANIYupoZwfiSadthk9BbBqzRAcpvF
-ljgFeUeR5N8St4B1noPwatoMuMzhWG28Iv/hNr8Rj/vzWznO0xp3lPckZPVHzrl0
-8U1QSH9j6SqsmGMY1Y4riRGzNkUfo7eV9GB8kKp6oWM6TCuyRbMhS0LB/TNH3682
-oBJMEftK5HBiTf8CAwEAAaOBmTCBljAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTI
-puSBdWl8CR2h5hTOYmVOVtiSeTAfBgNVHSMEGDAWgBQOdLUJ7Pv657prGvYrKH6p
-cNrXGDAhBgNVHREBAf8EFzAVghNzaGEzODQuc2VydmVyLncxLmZpMBYGA1UdJQEB
-/wQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQwFAAOCAgEA
-BNr9jE2uBRq8OX20brH6nmw5oVgkSVkLKtksw2STB3KwNz4knbC0btdMdVd0Gkrx
-NE+DPeuzd6CzGpDya1d7RqLL9DHYn+gfXD+zrP8tyNXyG918m7h/YRM6sRSCTVLP
-0NxvIOeUBmufbUncQZueZkHWRRWvkgBtdV+Vk+wpffmoVxoWpPmerOGG8tM4JRbj
-ofKfO36nm7nnJA/z2mbE3jQ8dViyZOLRLm2s+APZ0qm2Z9mYUXa1H6igX3Nl3VIE
-iPTm18uUg6wIKSXFqopEbXMUz5pIJKtG0YXuKYHmIwOCVzQs+OFfA1N598qzWCxg
-j1LRIG7wWvR+Uvqo+k1sqGfW2qXanFTGNDrKBjKoRTtBlW6BB5v0+2pLfO7VfzB+
-wjmNiLTJYl8UOhxInbYG2I4SHJng1nqm5Aq0IzOYOgBbLdIKBbicH53wHqDUiDUO
-R7xZ8/IIXvYRslOztIDJOxjkUUVDm3uPfSMLLmbaKbkMmBZ6K7WnN+H2IMwGVlB8
-NmvzyAAIe7vfTZThBEl758d3ZsFCWfNAkevHmBTMPyYNfIrJns4ugplbs5o5pFaN
-RhP63G6gbUNoBVN4ydfdRcqxD8rv5V9UjlKU7kurDd0CgeWS2bhqWH8U9KeaGJxR
-T+xffm6xSka/XcdPGRb13wz8kkvYI+l7QziCXoL3BOE=
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/sha384-user.key b/tests/hwsim/auth_serv/sha384-user.key
deleted file mode 100644
index 6a15e795bb15..000000000000
--- a/tests/hwsim/auth_serv/sha384-user.key
+++ /dev/null
@@ -1,38 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIGnAIBADANBgkqhkiG9w0BAQEFAASCBoYwggaCAgEAAoIBaw1HuCl0ydhb9q0E
-epVENi+Gp7eksHMq2Rx97T29DDwFe8jpVlVWJ1b0oKq96+o6RSzYtp1UGhgSCXiw
-ZPZgrVmZAnJJJU9JceoJDl3PIhkDKfApKxz9LvrmajocRiezZoaTIKj31URKALae
-Id/aY/+ACoBBxIeZoH5g8zPDIg4jEPQJ8ul3WMfKY96vFne1SGjri5iwj72RV+9t
-Pi/jgNSEwgFvUIp/mxR9bT4EmfdXwFhDUlfb7YRA45fzewcualxQE1P+LX7919i5
-mz4zH+OQFvFRtx6VwHVq9Hea2Ix0k3/0JUl1arSbE8h3J5aO377wDUK9DDfjFc8t
-qV4S1rZaJo2Gw++sLni28HBj4iw9qOuLThVRuZA1uDiBvbap9VcJiiDy6RKyyE1X
-Y230W6bXOGKbcw4h1QDLoDOMxDJTXsVOzErCE6Be8K9SviwWFIpdF3xL1i+ddKhi
-dd/Kp59niREH4qvg68TUrQIDAQABAoIBawv9Rt9uh9gkVpSnaYAfIAhSOlLKhV7E
-PVTCv4+wgD4j+ThOqNnMOSIBIphjdHx3dQJi+KMbTZ+TkSd7oPrqFza/s/y32s41
-EXnoCSdaHH+WYqNml3zJe0ObCCZEZnXrOlGevKqvbMQFR5WXOB/gC82crF5Ugfim
-EsZmAssljTZUJDceUEbEr8tYBkgBrHgQmznWBaapKGxNrqUC7FTRwPqcjIY9F+qh
-/8FE535JKzOp7oYA6XNQDLCUMI5oALmc5lq/a9g+HQpr26LNxQW5fadOKQUwZFiJ
-nRtcQo6+JZzXdobH5FZ1oNi2uOHVSiQnnQgqhESJ6jLGWJxVUGXo6kqBWWmICF9D
-g07ky+mssXXCPvNwtG9Mc4yh2Mm+LzDJI1rgMgoA08N0j+q5fT8QzmDZEmM/Gzsf
-NP/GjsLIXE+KjMcILrxDtvbNRv/hx/ys9yQjK9+VR7+uZWmXYaxH3r7D8g5XHdBz
-5/XCpQKBtgPYnHvwMRsZsQZae25/FCUfBT97JmGhr8ifGv0dhSZKRcP4zNtGU4ow
-H6J/B/eecH6bVb4/ja/nSUlLIoAUqqJWWurXdkwZII3b3PzbkqkCnZayBy2x3OIi
-VE7bVUpCSz0EIyuUjqrwc/d3PqrIARwiuucbgXqC8gqaAEUoXQGRGGKoerZLv/dQ
-VyTlyjXDlJYLub7cLBBCo8mpii6AFbc0Js+1qZJfUp0D+12qlfu9qy1W3/efAoG2
-A3PuRMQtWn0q84o36zQaJRbMQlymiMOMQBzFmR8GUiAiXHUqPZgAPsvzs7RllCTL
-ItDiKMcpE6/6MN0ArmDHA5bnAnu29SkPRiD7rU/ZGTR2Y9uujj0DIBcNHS/bbDtT
-xEwFnshSz6vvpxu6DtJ8uvEf3wJyeZmdMJeDmrBnadqT2juZIseGHneHrjJK3ZyU
-iLRI0ulXAbziwxnkKj9QUaHK0XiSzjAAt5NRTLoALix0ittJgDMCgbYBnDEGgatN
-GRhO/Jony/N3BuF/jeKnhLS+XD1EMZOIUBeczw+TzIE0nKjhsiR3uVCG8CiZGKoM
-NdssX9P1orE8fMJbBhB0EyDZwm1lPdbMAlhOugDfVFKQKKb6zD+McuxkgtLmb666
-SSeDNdx6SniMes2b6pvt2dvSLF5olVk6Sq/WvYmBv3yB4JRa0ggxMcuGdSoxiKK5
-u+wthFhg1yZAKAkHc5mluVoweXZF5CAd321F8dSZKQKBtgEEpWTXqDv/nrOztSuA
-8JixMUf8RAseBnQ9R7MQJ+/9k8RJtEv3T1M1FsaN0kot00yP5bB6kc1BXfgcov/I
-f8a6L6JW0qtWES/vt+byHaVGCAcIF1/P8+T5hx9tJjmzAM9oT1vz3B9qpr9S+Lk4
-Lhl90pUTBqh+uJBEjUUG8WeQUXrPiidsSEshmfuuzs6sRkxNRRAUSFi11vQK5XHj
-u45mtASyli+AjiWTpiyGyFjVOQRdBz5rAoG1ErrUGzeHL9plx9NPsUgw2TMAt//g
-yu1a9yDl6oARMkWMXKFytPBwwBY6H0zE74qvVQVcxHEMLGTOiLTHU57meGfVbfW+
-ikWO82ztD30nSrQ2vH3sZjeftU98R7y8L+f9icNftUTo3oA1pU8QuOj+2J/ja2Pa
-ksRDoe8fqUCi3OhiG7dhBcuK4wc0p17qjmKS+fA/Ky4yV24LuxWp1ge737rjlrvm
-hoCJF/ERHMvfrviGjrs+Rg==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/sha384-user.pem b/tests/hwsim/auth_serv/sha384-user.pem
deleted file mode 100644
index 6935dd34d3bd..000000000000
--- a/tests/hwsim/auth_serv/sha384-user.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 14110776913249282220 (0xc3d38cd72b01a8ac)
-    Signature Algorithm: sha384WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=SHA384 and SHA512 Root CA
-        Validity
-            Not Before: Nov 29 22:33:25 2015 GMT
-            Not After : Nov 26 22:33:25 2025 GMT
-        Subject: C=FI, O=w1.fi, CN=user-sha384
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (2900 bit)
-                Modulus:
-                    0d:47:b8:29:74:c9:d8:5b:f6:ad:04:7a:95:44:36:
-                    2f:86:a7:b7:a4:b0:73:2a:d9:1c:7d:ed:3d:bd:0c:
-                    3c:05:7b:c8:e9:56:55:56:27:56:f4:a0:aa:bd:eb:
-                    ea:3a:45:2c:d8:b6:9d:54:1a:18:12:09:78:b0:64:
-                    f6:60:ad:59:99:02:72:49:25:4f:49:71:ea:09:0e:
-                    5d:cf:22:19:03:29:f0:29:2b:1c:fd:2e:fa:e6:6a:
-                    3a:1c:46:27:b3:66:86:93:20:a8:f7:d5:44:4a:00:
-                    b6:9e:21:df:da:63:ff:80:0a:80:41:c4:87:99:a0:
-                    7e:60:f3:33:c3:22:0e:23:10:f4:09:f2:e9:77:58:
-                    c7:ca:63:de:af:16:77:b5:48:68:eb:8b:98:b0:8f:
-                    bd:91:57:ef:6d:3e:2f:e3:80:d4:84:c2:01:6f:50:
-                    8a:7f:9b:14:7d:6d:3e:04:99:f7:57:c0:58:43:52:
-                    57:db:ed:84:40:e3:97:f3:7b:07:2e:6a:5c:50:13:
-                    53:fe:2d:7e:fd:d7:d8:b9:9b:3e:33:1f:e3:90:16:
-                    f1:51:b7:1e:95:c0:75:6a:f4:77:9a:d8:8c:74:93:
-                    7f:f4:25:49:75:6a:b4:9b:13:c8:77:27:96:8e:df:
-                    be:f0:0d:42:bd:0c:37:e3:15:cf:2d:a9:5e:12:d6:
-                    b6:5a:26:8d:86:c3:ef:ac:2e:78:b6:f0:70:63:e2:
-                    2c:3d:a8:eb:8b:4e:15:51:b9:90:35:b8:38:81:bd:
-                    b6:a9:f5:57:09:8a:20:f2:e9:12:b2:c8:4d:57:63:
-                    6d:f4:5b:a6:d7:38:62:9b:73:0e:21:d5:00:cb:a0:
-                    33:8c:c4:32:53:5e:c5:4e:cc:4a:c2:13:a0:5e:f0:
-                    af:52:be:2c:16:14:8a:5d:17:7c:4b:d6:2f:9d:74:
-                    a8:62:75:df:ca:a7:9f:67:89:11:07:e2:ab:e0:eb:
-                    c4:d4:ad
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                85:5F:26:C0:68:70:33:79:E3:BA:57:A3:5F:52:94:38:F0:6E:53:05
-            X509v3 Authority Key Identifier: 
-                keyid:0E:74:B5:09:EC:FB:FA:E7:BA:6B:1A:F6:2B:28:7E:A9:70:DA:D7:18
-
-            X509v3 Subject Alternative Name: 
-                email:user-sha384@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha384WithRSAEncryption
-         81:95:03:32:e7:e5:e3:0e:22:0e:cc:a5:b5:96:3e:15:a8:6c:
-         f5:e2:1f:32:b9:09:71:b5:fa:f4:84:ae:e1:8c:d4:cb:ef:e3:
-         b4:58:aa:bd:bc:df:6a:9c:91:9b:5a:d4:e1:b0:1c:dc:dc:e9:
-         b6:68:71:83:e1:7e:1c:81:fd:a6:3b:14:67:1a:67:64:ed:a8:
-         3c:43:2f:cf:e1:63:51:f0:9d:1d:e7:0c:0f:58:bc:bd:bf:af:
-         ee:55:f8:1f:5a:9e:1f:c2:74:f0:8a:e4:5f:b2:19:e3:e8:c2:
-         5c:1c:39:f4:24:51:ae:d2:21:da:b8:12:97:ff:2a:d9:ff:61:
-         02:31:1f:87:3b:14:0b:7b:9a:77:11:a8:83:25:38:6a:1d:89:
-         fc:48:75:8c:2f:38:a7:66:ee:a9:65:2c:d9:f8:bf:e0:12:d6:
-         b7:11:07:d0:72:a8:76:53:32:94:39:47:be:74:69:f6:6b:13:
-         2f:eb:e1:a2:8e:32:43:0a:cc:13:ea:00:29:cc:99:7b:eb:5c:
-         06:d5:4d:ef:6e:2a:96:6b:33:a3:6f:53:0c:59:4e:89:9b:56:
-         f6:a3:94:0d:7b:21:df:0e:af:b7:df:cf:56:98:81:02:9d:e2:
-         f1:29:90:2e:7f:be:4d:24:6f:46:8d:af:ff:f9:30:7b:40:48:
-         1c:1b:68:6e:9f:ec:e2:33:51:7c:ed:ee:12:bb:3a:97:ce:85:
-         fe:d9:c3:0b:1a:a6:1b:12:bb:db:4f:f3:b1:e5:80:25:b9:62:
-         7a:e9:8e:17:44:97:cc:54:bf:8e:c3:aa:37:b2:74:e9:58:9b:
-         d7:53:00:4d:82:c2:42:ba:c1:c2:7f:00:fa:da:06:dc:98:04:
-         68:35:d6:3c:14:4e:dc:4d:e4:d8:b9:b5:e2:17:79:91:3b:d7:
-         c7:f1:ff:e7:a3:25:68:c4:96:29:c6:b9:45:e3:3d:1c:29:22:
-         2f:0b:c7:8c:8e:b6:0a:0a:82:20:0b:50:ca:e6:c6:de:01:38:
-         f9:3b:31:e0:1c:85:11:bd:a9:9e:bf:8c:f7:f2:64:03:ca:60:
-         16:2d:26:94:eb:9f:8a:d0:5e:1c:eb:3c:26:7e:03:84:d2:f0:
-         5a:b3:8a:7b:86:86:67:ce:1e:c9:c8:ad:3b:0f:08:7f:3e:54:
-         fa:ad:e4:5e:3f:c1:cb:50:3a:dd:ba:b1:0e:d2:9b:88:46:17:
-         bb:67:cf:5c:11:f3:a3:f7:0b:95:ae:25:ce:3c:e9:ca:aa:46:
-         f8:a9:8c:cf:a9:cb:bc:00:94:a1:c7:02:98:1e:e5:b1:c7:e7:
-         51:50:f7:5e:a5:c8:e9:ff:e0:50:17:cc:10:c5:f8:0a:68:ba:
-         ca:78:f8:1a:6c:ac:f2:10
------BEGIN CERTIFICATE-----
-MIIFAzCCAuugAwIBAgIJAMPTjNcrAaisMA0GCSqGSIb3DQEBDAUAMFQxCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIjAgBgNV
-BAMMGVNIQTM4NCBhbmQgU0hBNTEyIFJvb3QgQ0EwHhcNMTUxMTI5MjIzMzI1WhcN
-MjUxMTI2MjIzMzI1WjAzMQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxFDAS
-BgNVBAMMC3VzZXItc2hhMzg0MIIBjDANBgkqhkiG9w0BAQEFAAOCAXkAMIIBdAKC
-AWsNR7gpdMnYW/atBHqVRDYvhqe3pLBzKtkcfe09vQw8BXvI6VZVVidW9KCqvevq
-OkUs2LadVBoYEgl4sGT2YK1ZmQJySSVPSXHqCQ5dzyIZAynwKSsc/S765mo6HEYn
-s2aGkyCo99VESgC2niHf2mP/gAqAQcSHmaB+YPMzwyIOIxD0CfLpd1jHymPerxZ3
-tUho64uYsI+9kVfvbT4v44DUhMIBb1CKf5sUfW0+BJn3V8BYQ1JX2+2EQOOX83sH
-LmpcUBNT/i1+/dfYuZs+Mx/jkBbxUbcelcB1avR3mtiMdJN/9CVJdWq0mxPIdyeW
-jt++8A1CvQw34xXPLaleEta2WiaNhsPvrC54tvBwY+IsPajri04VUbmQNbg4gb22
-qfVXCYog8ukSsshNV2Nt9Fum1zhim3MOIdUAy6AzjMQyU17FTsxKwhOgXvCvUr4s
-FhSKXRd8S9YvnXSoYnXfyqefZ4kRB+Kr4OvE1K0CAwEAAaOBjjCBizAJBgNVHRME
-AjAAMB0GA1UdDgQWBBSFXybAaHAzeeO6V6NfUpQ48G5TBTAfBgNVHSMEGDAWgBQO
-dLUJ7Pv657prGvYrKH6pcNrXGDAcBgNVHREEFTATgRF1c2VyLXNoYTM4NEB3MS5m
-aTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEM
-BQADggIBAIGVAzLn5eMOIg7MpbWWPhWobPXiHzK5CXG1+vSEruGM1Mvv47RYqr28
-32qckZta1OGwHNzc6bZocYPhfhyB/aY7FGcaZ2TtqDxDL8/hY1HwnR3nDA9YvL2/
-r+5V+B9anh/CdPCK5F+yGePowlwcOfQkUa7SIdq4Epf/Ktn/YQIxH4c7FAt7mncR
-qIMlOGodifxIdYwvOKdm7qllLNn4v+AS1rcRB9ByqHZTMpQ5R750afZrEy/r4aKO
-MkMKzBPqACnMmXvrXAbVTe9uKpZrM6NvUwxZTombVvajlA17Id8Or7ffz1aYgQKd
-4vEpkC5/vk0kb0aNr//5MHtASBwbaG6f7OIzUXzt7hK7OpfOhf7ZwwsaphsSu9tP
-87HlgCW5YnrpjhdEl8xUv47DqjeydOlYm9dTAE2CwkK6wcJ/APraBtyYBGg11jwU
-TtxN5Ni5teIXeZE718fx/+ejJWjElinGuUXjPRwpIi8Lx4yOtgoKgiALUMrmxt4B
-OPk7MeAchRG9qZ6/jPfyZAPKYBYtJpTrn4rQXhzrPCZ+A4TS8FqzinuGhmfOHsnI
-rTsPCH8+VPqt5F4/wctQOt26sQ7Sm4hGF7tnz1wR86P3C5WuJc486cqqRvipjM+p
-y7wAlKHHApge5bHH51FQ916lyOn/4FAXzBDF+Apousp4+BpsrPIQ
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/sha512-ca.key b/tests/hwsim/auth_serv/sha512-ca.key
deleted file mode 100644
index b4f7eb24f0b1..000000000000
--- a/tests/hwsim/auth_serv/sha512-ca.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCgV1xtgG7ws5e4
-N+F5KfWrEMKzsP5P8PXVMiB6Rv/Wuzi1EHZjNdbUQuVV+hHRI1K2ReqXAeaNyhEE
-Jn42hGndcHKHfcAUTQWQWfCscP32Ti2YSViHD60sqZKr4agDoLkMR21BMHXgrU6W
-QED070WE0CbELVUtcb17oPh/ndh46Ftb5U6H5rpY8T13148xhNCh8yKAOcFfE9GW
-Z3mTMp+VxmcK72KL4Yga7bU3Uk5xHlFZ0rK1W0xItEi+SGfMLELalP6wAYMVtPAA
-iqepg3WSq5eNyZgTwq5jAuLP/4Bf1C7WhNveFE9WalJ3rrYEs7Rd+mOYm0QXcH8t
-IqC9UTUhfI3wJOpLGEfHieLHCDl8SYijET+hFFTYiU1jj4sQjAeY8VnC7/tmjJpC
-j6oNcbr57WwMxO/Xafo0JW3axZiyfDUlPShPbhyBjhq2/3wOKJUbeK/cY9J0CjW1
-5k8DYjSC0vGFwl4CRmhfN/5XeO9kGQR9kQjha59v2/gW4wKFnuqPyWyY4vWgcEmc
-8kqJqrkR61fwZ3H7G5ErMw/q/jR9tuqcTuRvQjh1LEtv2UxzNg68L73nhqT4UQRO
-uXkXPsUCN13Bgm3OzTul+zmbXtRlH/2oc+16IyzICj5VWpiZgC7D7Ljnlquvo1/3
-EitInFWjEl8kpsPJnBT4id/xrJHoywIDAQABAoICAFFF1ti+R/2D2ryKvqQOy7KJ
-DVfNuCpHJiSJgwLX6CgswAKvNIL3MExpGBvrZIqQkAVKDS27zeRC7zseU81IcuzG
-aZcZ+3mOzOotXJvbri7h06SkUNYs8Qd5cJnlCKfGGOYLcmqfqLBYyEPKj+JXQfKf
-G3dGzyz4wSXgIvV0ydwHUv+SjKrAHealaRXM0o00GBhuyCccn1KVFiBZlLsy5sch
-SOu3CUmD6NxVbwx6kL4vsuaHsQPSIimcEF87DjnkmYJ4EVyfd5VSIHD11yRKORc+
-GNTKwWYKwR/4v4TUqnpob9FWiKfZvZk8zU5S5XoeqKcWGtOop+wFnsD/E2DCv93K
-vbY0n5B5L5XFjtmBYuvdqXe4RH46ZgyePI3G6DSTCq5L8/+5pZlTeny4Vz77ecm8
-CU/4XOcYMIBZim9Fie4jQLpD4KNjKjhXLjpetNyHp3sIoghb90Qv5UdLZ6dnf4+D
-nxbg+tfvwltNfPgCvrOh3OcnSSLUSb5kSim0xpFtaH5QgAQhVaFaDY8GtaOnPyRG
-39XPwpAQXpt8EyW4omwtI8QL+/bciQNg0tVLHkxg7qOEPWGoaxvQbxT8EBGufRz9
-7qvl1ajGEAeaDY62HUssBW2+YhFKNLbzWBVO/S4AWPYPLMeAVQfFNVXWyS5www7P
-DfQXAt+rwLWwfvpW2C2BAoIBAQDVVXpIykVnUuQoRclLMnm8Z5DMfWOP/Oj3Em2z
-nKvnyM+rXEr7sT7XLAJa4aU0Fg27omUXZpNB6UDntWLOHXi+Zh3PgMd1CqdIclVK
-z6uGfK9TKHIQpYY7RLGcvBAjfnyv2KKcqBi2IQEXidoHLtZ2gQJJQ1Aoiw8gIQAe
-kZjXwcxlEgDdVR4+Zamj5QRfAG7Nd7PVl06gJNyCinS21/UFELz6hB4COgVjOPzr
-FvhoPrZE6QUNm76wFVXhYl9Taj/lM+0q5b88ZCJCqhma6aGOuVRaSpaTeRYC63ys
-oTYdUR5Cc7Z4h8iFW4S6Qs992MvH3k73R6/ad0o8kaUrZU1BAoIBAQDAaLP8jjc8
-4cDi3lNos0cSiF2OBazsCAsI5IRovkkugSDYK9FKOrQ0P8mFTsA+IapAe8gMIjZY
-ivRJ8dQ8beNhub9gULlNpp8VZ0QJV5jn1qp1vqW72ti28KcwPFTSmQZKMevwl6Bw
-t/s3RY3SndU3LJ1RdtZuhC9tgAGbH/Os524kvBc8sPjQkwRP8MABF/4XTS1aR7yO
-6kka1ZxJ32X7Chz7pO/IagTmAhJmbLkponWPtCvwlHx8SFE0dyC86snhb7CIr8B/
-+1BBueTjUhrhADCm6X106hIgm7C2o9m+x92Y7KHM4yEjHEo8+VVC8WV5TmcXOqMM
-nqYCHeNn1tcLAoIBAQC9w2MbDJHf7uP0zt7XfPa8mIM84uyFUDsKS+I5OsvPSdkw
-XNB2QpvbWtJddQo24sckeLfjsOKcZpfNhJN3NNAKzVsHEU5a1jcnQkyMV14EKzTp
-i7irBhH49onnGYJhkEnpQZKkNwKEP6dxALZoXUl38BnQgYf0CH5T3gb1Kh4DDeh6
-nyEVwHk+l7/mgfj5aLEnI6tb+1N9MEzV8cMQQdk5wEHZtVvcLzBLqo2PsMcWM3J+
-qahNCpT8nH3gFlklIgXkI+R7nBIX7hprolNUcS28fy6Bgoeedr8VqdMk2+H/AgEg
-qz1MybucpGPUK0nWb9oU17L2U1YhxqrKZeO+TkYBAoIBAAu7Vp4jncKckUJEBBny
-NHcw0WODfRO3OdUE+f3Y/GVVgkcsBMrd4Xb+HK+AKcCgFN1xrrTusRmc/2Ay2poE
-qUSgKscYpPPTIQgRD9jx+mTIdgRP55MYuPYOnmMWiqV8pyGHAbfdxu6YiTzJhOg+
-r215zu3UrSZ38NxgXbizrgvw4Ipk3ZXZxJITJMQrDcoDSH7rOcSzcw/TwTldpPXs
-JS+1YicF24kAzeOoZK7SGkgrm7dzaOp2Y1DAqBLm4JwkRML2KHFtJfOnwzD+wLIL
-o4/sjwreWcPzMb/DPnckbnZvgVd9ti/j+XVGmFA3c7dtOJ645RhJfv+Z/M1MPT1r
-oBkCggEAWqkhZDArd1EqwauhCKwAb2Bp8IVd3rAyaBMtQZVebf467rMh0o4FaPZb
-a4oTZQEAAvlabbKiNW16kmdhzhXNIpgtsTQ1ZfagjHP3fPp0mz3XQiATudaxQBVH
-o7hKafsr2YJLWD03RO+hO2UPr/rLqN9+8/MlT5pityn1QZHpHf9qzliUhw/2zAjq
-kgygbM8UCEXl7zb7ptxaiPsxBn+ynwxgzibwLRHiePOfil8fD5hyE/5gRISrQidA
-VO5RzhqnD3kDH7Da8BPJt917CsgvZ+VffzDP4D/V+L1a/R1ldyXG+omn7qED1ui6
-V2qOAd4RYJFC9FFgNAWy22r3lSYw+g==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/sha512-ca.pem b/tests/hwsim/auth_serv/sha512-ca.pem
deleted file mode 100644
index 2ed9314ba65a..000000000000
--- a/tests/hwsim/auth_serv/sha512-ca.pem
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFkTCCA3mgAwIBAgIJAPz9Jkl2amj5MA0GCSqGSIb3DQEBDQUAMFQxCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIjAgBgNV
-BAMMGVNIQTM4NCBhbmQgU0hBNTEyIFJvb3QgQ0EwHhcNMTUxMTI5MjIzMzI0WhcN
-MjUxMTI2MjIzMzI0WjBUMQswCQYDVQQGEwJGSTERMA8GA1UEBwwISGVsc2lua2kx
-DjAMBgNVBAoMBXcxLmZpMSIwIAYDVQQDDBlTSEEzODQgYW5kIFNIQTUxMiBSb290
-IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoFdcbYBu8LOXuDfh
-eSn1qxDCs7D+T/D11TIgekb/1rs4tRB2YzXW1ELlVfoR0SNStkXqlwHmjcoRBCZ+
-NoRp3XByh33AFE0FkFnwrHD99k4tmElYhw+tLKmSq+GoA6C5DEdtQTB14K1OlkBA
-9O9FhNAmxC1VLXG9e6D4f53YeOhbW+VOh+a6WPE9d9ePMYTQofMigDnBXxPRlmd5
-kzKflcZnCu9ii+GIGu21N1JOcR5RWdKytVtMSLRIvkhnzCxC2pT+sAGDFbTwAIqn
-qYN1kquXjcmYE8KuYwLiz/+AX9Qu1oTb3hRPVmpSd662BLO0XfpjmJtEF3B/LSKg
-vVE1IXyN8CTqSxhHx4nixwg5fEmIoxE/oRRU2IlNY4+LEIwHmPFZwu/7ZoyaQo+q
-DXG6+e1sDMTv12n6NCVt2sWYsnw1JT0oT24cgY4atv98DiiVG3iv3GPSdAo1teZP
-A2I0gtLxhcJeAkZoXzf+V3jvZBkEfZEI4Wufb9v4FuMChZ7qj8lsmOL1oHBJnPJK
-iaq5EetX8Gdx+xuRKzMP6v40fbbqnE7kb0I4dSxLb9lMczYOvC+954ak+FEETrl5
-Fz7FAjddwYJtzs07pfs5m17UZR/9qHPteiMsyAo+VVqYmYAuw+y455arr6Nf9xIr
-SJxVoxJfJKbDyZwU+Inf8ayR6MsCAwEAAaNmMGQwHQYDVR0OBBYEFA50tQns+/rn
-umsa9isofqlw2tcYMB8GA1UdIwQYMBaAFA50tQns+/rnumsa9isofqlw2tcYMBIG
-A1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUA
-A4ICAQCSG0Tk6pMvUxSMi9q4Bnq1jjMehEVZH6JHoADSjYDpRYj26Zjzd5k1qRua
-rdAlugMaV/Jq0kcebcvIRl1de0BPx7qfRzq39lSVDojtefjj824EsYj+rBssmwUZ
-e5XfXzxSmfEtT7Ot1PMLyCUCeg7JPr0dbdo7EVjh6XhYo0IlLsOJcKwfj/z74K14
-SlL1jXknhQgizCzt/gFkrdrFFCg0cCTjG5gKVHnn97GY61PI1CEMYGjkP2x7wv2o
-dJE09ElEPjrQOiShqfmfeUOuM6xmYzZFtVWp/M+tEQdL5WsBrN2dujHA+Ftf3xrF
-aRlGLFCzqlC+HU1CSsiI4gXXJT4Bp6WrVP/insAuuS/a8KQRkox8JvPBOqnYf/m4
-JvGJbhukEgbhUdUON4UtWwr3pTkt16SKmE3IdG/Umabi+bSkMmSzw3Iy12LOkrhT
-5OVbU+EwFolc6WUmp5VnhD/NtNdTvaTIjuujU4MyXkBfHvPj4bR62/cSXdGL4LzL
-UjlrFEN3RnFiF4/slrT4z4VRa4FqaYg+aRnMuGwPMHBjUTmyQp1yjF0kp/MYDGF7
-YO46+ep1pwx7zboB1nsKPdLzwEHvO7p6yBO2daEBCiE4RpedSjkpNhYgfHn4WVoX
-NPZChYbX8mGds3xnB6BGsfvzXEtCtmOGbDRIJm6aB7qTrfHiYA==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/sha512-generate.sh b/tests/hwsim/auth_serv/sha512-generate.sh
deleted file mode 100755
index d692465e8d21..000000000000
--- a/tests/hwsim/auth_serv/sha512-generate.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/sh
-
-OPENSSL=openssl
-
-DIGEST="-sha512"
-DIGEST_CA="-md sha512"
-
-echo
-echo "---[ Root CA ]----------------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = SHA384 and SHA512 Root CA/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:4096 -nodes -keyout sha512-ca.key -out sha512-ca.pem -outform PEM -days 3650 $DIGEST
-mkdir -p ec-ca/certs ec-ca/crl ec-ca/newcerts ec-ca/private
-touch ec-ca/index.txt
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Server SHA-512 ]---------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = sha512.server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:sha512.server.w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -newkey rsa:3500 -nodes -keyout sha512-server.key -out sha512-server.req -outform PEM $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile sha512-ca.key -cert sha512-ca.pem -create_serial -in sha512-server.req -out sha512-server.pem -extensions ext_server $DIGEST_CA
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Server SHA-384 ]---------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = sha384.server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:sha384.server.w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout sha384-server.key -out sha384-server.req -outform PEM $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile sha512-ca.key -cert sha512-ca.pem -create_serial -in sha384-server.req -out sha384-server.pem -extensions ext_server -md sha384
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User SHA-512 ]-----------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user-sha512/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user-sha512@w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -newkey rsa:3400 -nodes -keyout sha512-user.key -out sha512-user.req -outform PEM -extensions ext_client $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile sha512-ca.key -cert sha512-ca.pem -create_serial -in sha512-user.req -out sha512-user.pem -extensions ext_client $DIGEST_CA
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ User SHA-384 ]-----------------------------------------------------"
-echo
-
-cat ec-ca-openssl.cnf |
-	sed "s/#@CN@/commonName_default = user-sha384/" |
-	sed "s/#@ALTNAME@/subjectAltName=email:user-sha384@w1.fi/" \
-	> ec-ca-openssl.cnf.tmp
-$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -newkey rsa:2900 -nodes -keyout sha384-user.key -out sha384-user.req -outform PEM -extensions ext_client $DIGEST
-$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile sha512-ca.key -cert sha512-ca.pem -create_serial -in sha384-user.req -out sha384-user.pem -extensions ext_client -md sha384
-rm ec-ca-openssl.cnf.tmp
-
-echo
-echo "---[ Verify ]-----------------------------------------------------------"
-echo
-
-$OPENSSL verify -CAfile sha512-ca.pem sha512-server.pem
-$OPENSSL verify -CAfile sha512-ca.pem sha384-server.pem
-$OPENSSL verify -CAfile sha512-ca.pem sha512-user.pem
-$OPENSSL verify -CAfile sha512-ca.pem sha384-user.pem
diff --git a/tests/hwsim/auth_serv/sha512-server.key b/tests/hwsim/auth_serv/sha512-server.key
deleted file mode 100644
index 8cc5e80a0cd8..000000000000
--- a/tests/hwsim/auth_serv/sha512-server.key
+++ /dev/null
@@ -1,45 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIH7AIBADANBgkqhkiG9w0BAQEFAASCB9YwggfSAgEAAoIBtgyUrc5DYSg0X9fe
-xaXrNjYldxn7pZsOu+1u2RAbcNNKFPs+XFCihLMu/QnNxKv5+n7njugzUIoBg0I5
-Oydoi/rmXGCG6NBWWnm8KsqpC/WJ1aMldsFxi4oyKieBizGo+alsYgApzWp8LMwD
-NHdfk+fyGoyneJowKdGVO2BridD0abGCfBdztSta76bse8eb4wo8TEGYrbSkBTBV
-YFmpDRw5tLTzcPy300fmRD+PPm7QMY6F7i8s9Z2GwYJ3Ec30Fah4KhidtiwfllHW
-PLYu9ONl1J9OkuZVGOI+bh7FPV11ISx6r8r+Cz0YlkyG8qf4bbMPDcv3RYa/iCFV
-9BzMp++ySRNCzpV0+mSw5P842hTvXBBwCqgwTyL4+Vao9Pcf6TGISn3tESeJSecG
-plrTJ9xgey2RWkgRP+Cj0r2Jr8ijhKAntYmY/TxY9KjbgXu6CAvVXzB86hnVd9+F
-+sT060f/cGXZ0ZF5EKcbEcqu2N+98fFU2Q2LeBxgzZ5jBAWGYKsZ58/dz+o9Df+B
-F4t0W4Wp5JPKdIbkTETUCwaNBtM1TvetKvZ30HZc/DxjLv0/QkE2ctZ4PwIDAQAB
-AoIBtglR7/y5T/W/7yz2HUhQmyW71aMLGWFopfI8x1O2cHwnCqoiRbN64oH4En87
-0DJzi46OLwF4WncSrdHWoisMuX7TP6ZG65zEDFzY+H6Qg4qQZRNrArJGUtC7Xx1L
-S/orK2HHKEbksQftHCa7TRgOV31ijyaaPq9DdQeN3aINqNiC6PYXK6UYFCQdRyNL
-WFvE8Yq4pumFmVIUnL900F877Ll3SpcvLgoaiMxgGzlW/jKLy9rA/3Y1gXQEy8DC
-Qw9nftACzXTVCYtgjzTrWKjC2qrH2p92Tz+R1VBuXUPZLMhCGGI9eYWdaaoCFsPy
-RRsDhLpExK+WcQyinPrhUinr8p8DsgL2Qn6LJCBRbSS7kYa4cT//e+ohsvelE+sv
-9nhUEpyndUW5FNm4fp29wi+mKfhFWlYXsMA5xJ2btcKZPH1iVuV3oPI6ykj2RSRc
-/ZfnXyyCKxnYlZ2mQCmB2HpU6gTwp7LJY6X//dODFtuuVXXdDKAQLTfcCIhBWcAW
-MRFjs7UeY9D+iiSmMH7NAgaWWLJUIVFKbRj6hItCjfJV/bub6kfy5AXmx9kAqv58
-+muUMiWBHC15iQKB2z1ZBWNWFaa4fPlLUNo0orxDOv1vPUChs1D8SyD/7486XE9K
-VHolpWy6d/XmuQTFSbRs2E4XaWQNirXPG5FVpe4D8YnL57E1sITYTdqnYbeifZVb
-+Wt+u89d4a1jEECFqHXUKixm0/kcl++UJwkYLm9eol5Ip8pp6OC6upht8p+8HHHr
-1lL4Alzwq/8iUkIy79BQQurcIAzAE2CBgzbU4Dc63yiyqRhepeOhqdCZDr35F1E3
-RxgsCsmKDIJQ2bV80Q+yrGVcR4Uz+oeG3MjAzsmQR4IvsU5jGSd2TQKB2zR/rWEJ
-WsVgMFiAyFdYI45x+bpG9tOuc6VHNX/7f0DeOlM/eXnvRwpvW9LDBwCXIkJkwOSx
-bMtlQge/RI0AwchzvEz3UMYpHYtaJmYCxUXLHc/ziYrNHfsZOVIIw1y6yrrfWGiV
-54nFdFRZx2aXZpPqa2oVUqxl3qkKEpPgLzQancS5xDcm14J65pCYbuodNkz02Buv
-8RzSakF+UJmLhBulMBHMgN0NGNnTYfomUFCb2/Plu/kK58raokOxiAgusCDgpgsR
-ohwdTjBb/GJ8VceGvooqBXVB9FJGuwKB2wn5zN9/YxvuShw7vBUPlBrrD8+gZCR7
-Zu5XaFwgYjM3OUWHf78xGfpZRCKPdyyobDjTrkTcl722WgUAfaofdFEFAST4LF/r
-rB2eEuLobwJugN9lymRJgn7Q9F6+iikD0wX+DzGTMwsCNE64F7Tp4rsnd12/kNFg
-cYcBtlANKPQCodmAkSSCwdedJ0rgqOGs6MRGGOuaCfgoz73UsaKb8S3p+9nhW4/j
-7DPc2QFbskMAG2OQipYKq2JkeW5DeXOCrXhRBKmi3NpzPl0FeCeI+tdaB9bKrJlj
-kfaRzQKB2xGoJ44NcWQU9+2sUrVdxYexOca2+2kysV6TVqEW2zPcCk3ZeWfTXFdc
-IMwAICjIrBMcg+vm6Kp4Af9NCydJa+OZWWmhfJ9JUNB/n46LvAG/UOWSCV6PolfD
-og2/OMXFZU34tGlokZk6ueds0q3kmfGB1GK3jTjCgmLkKl9l9TpXAV0bBa1u+Oi/
-oTBctGE1NgAoEU8um6+P7YDdlQovbF1H76Ts3SJ7tzH78GYL4NNbuFyNle0rB86o
-Pg76dMAbw80rAW2TnqxKBvQo2/fbzZXv8cHSZEeNyTiq5QKB2xDSGoN8kLg3VpUf
-tqhy60WuLPOlzrOmRPRFAPzT/tOqKSfa59/QXuXcZ1z3tI7DN0TLMGc9weNcytvD
-KJrZTtqsyjRrdpTQfMBzn3+sP4dXg9vw9fRmKOHLo323Vr4WPXeWBBkUGGCLr7qM
-Lw2iWNO64lwG7qOz53IVAkgQv4hHkpZdc5UKdFBef6OT+pgSG8MOEVkMfnGcqWh8
-dMbbIQ5xvHOhsplzQm/V2x7ucmFMaT/HO6FGSeIYmX/ZsWyBvfA5zJtAc79KGX0k
-Jer426hlmX1bSvfG1YJlXg==
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/sha512-server.pem b/tests/hwsim/auth_serv/sha512-server.pem
deleted file mode 100644
index 9e669937104e..000000000000
--- a/tests/hwsim/auth_serv/sha512-server.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 14110776913249282217 (0xc3d38cd72b01a8a9)
-    Signature Algorithm: sha512WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=SHA384 and SHA512 Root CA
-        Validity
-            Not Before: Nov 29 22:33:25 2015 GMT
-            Not After : Nov 26 22:33:25 2025 GMT
-        Subject: C=FI, O=w1.fi, CN=sha512.server.w1.fi
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3500 bit)
-                Modulus:
-                    0c:94:ad:ce:43:61:28:34:5f:d7:de:c5:a5:eb:36:
-                    36:25:77:19:fb:a5:9b:0e:bb:ed:6e:d9:10:1b:70:
-                    d3:4a:14:fb:3e:5c:50:a2:84:b3:2e:fd:09:cd:c4:
-                    ab:f9:fa:7e:e7:8e:e8:33:50:8a:01:83:42:39:3b:
-                    27:68:8b:fa:e6:5c:60:86:e8:d0:56:5a:79:bc:2a:
-                    ca:a9:0b:f5:89:d5:a3:25:76:c1:71:8b:8a:32:2a:
-                    27:81:8b:31:a8:f9:a9:6c:62:00:29:cd:6a:7c:2c:
-                    cc:03:34:77:5f:93:e7:f2:1a:8c:a7:78:9a:30:29:
-                    d1:95:3b:60:6b:89:d0:f4:69:b1:82:7c:17:73:b5:
-                    2b:5a:ef:a6:ec:7b:c7:9b:e3:0a:3c:4c:41:98:ad:
-                    b4:a4:05:30:55:60:59:a9:0d:1c:39:b4:b4:f3:70:
-                    fc:b7:d3:47:e6:44:3f:8f:3e:6e:d0:31:8e:85:ee:
-                    2f:2c:f5:9d:86:c1:82:77:11:cd:f4:15:a8:78:2a:
-                    18:9d:b6:2c:1f:96:51:d6:3c:b6:2e:f4:e3:65:d4:
-                    9f:4e:92:e6:55:18:e2:3e:6e:1e:c5:3d:5d:75:21:
-                    2c:7a:af:ca:fe:0b:3d:18:96:4c:86:f2:a7:f8:6d:
-                    b3:0f:0d:cb:f7:45:86:bf:88:21:55:f4:1c:cc:a7:
-                    ef:b2:49:13:42:ce:95:74:fa:64:b0:e4:ff:38:da:
-                    14:ef:5c:10:70:0a:a8:30:4f:22:f8:f9:56:a8:f4:
-                    f7:1f:e9:31:88:4a:7d:ed:11:27:89:49:e7:06:a6:
-                    5a:d3:27:dc:60:7b:2d:91:5a:48:11:3f:e0:a3:d2:
-                    bd:89:af:c8:a3:84:a0:27:b5:89:98:fd:3c:58:f4:
-                    a8:db:81:7b:ba:08:0b:d5:5f:30:7c:ea:19:d5:77:
-                    df:85:fa:c4:f4:eb:47:ff:70:65:d9:d1:91:79:10:
-                    a7:1b:11:ca:ae:d8:df:bd:f1:f1:54:d9:0d:8b:78:
-                    1c:60:cd:9e:63:04:05:86:60:ab:19:e7:cf:dd:cf:
-                    ea:3d:0d:ff:81:17:8b:74:5b:85:a9:e4:93:ca:74:
-                    86:e4:4c:44:d4:0b:06:8d:06:d3:35:4e:f7:ad:2a:
-                    f6:77:d0:76:5c:fc:3c:63:2e:fd:3f:42:41:36:72:
-                    d6:78:3f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                39:3B:83:DB:3C:59:8F:5C:66:D8:86:6A:22:F9:F6:6C:B4:29:37:A3
-            X509v3 Authority Key Identifier: 
-                keyid:0E:74:B5:09:EC:FB:FA:E7:BA:6B:1A:F6:2B:28:7E:A9:70:DA:D7:18
-
-            X509v3 Subject Alternative Name: critical
-                DNS:sha512.server.w1.fi
-            X509v3 Extended Key Usage: critical
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha512WithRSAEncryption
-         8f:42:08:a0:bc:c1:eb:50:ef:6a:26:b7:3e:54:a6:7a:ad:b0:
-         66:d3:1d:4c:d4:bc:63:9f:f9:b8:58:ec:33:82:9a:7e:60:28:
-         e8:2b:ee:a6:51:46:7f:bf:c4:39:71:8e:a4:d8:11:88:2e:89:
-         60:82:4a:d7:e9:a5:6e:cb:ec:4b:79:d4:48:3f:e3:fd:1f:e2:
-         6f:7e:43:bf:63:ff:e3:ec:d3:82:7f:bd:2a:3a:66:45:50:d5:
-         f7:ea:5b:28:4c:b0:f8:89:8a:03:e3:22:6a:eb:ee:09:46:6a:
-         8a:c6:c9:a7:62:41:ae:ea:42:5a:7c:16:0a:b3:33:51:5c:b7:
-         26:51:68:cb:ec:7e:6e:7c:cd:1b:24:be:c9:91:53:0f:dc:d2:
-         e0:d3:df:18:05:ca:f6:98:bf:d2:d6:c2:88:8f:93:91:2d:7b:
-         6d:3c:56:c2:0d:90:11:93:29:67:5e:c5:b7:c5:0f:e0:b3:09:
-         d6:60:ca:b5:d5:8d:ff:fd:57:6b:fb:05:23:62:8f:4e:bf:03:
-         bc:da:ba:81:a3:7f:53:f4:8f:d1:49:1c:e0:32:47:b6:b9:71:
-         d4:85:5e:a8:44:63:47:1d:9d:6b:34:eb:c5:da:02:2a:5a:07:
-         5b:3f:0c:47:f2:a3:54:5d:e0:3a:0c:eb:77:3b:d5:fd:03:1e:
-         01:f6:c5:68:3f:d6:ed:cb:f9:4c:03:06:65:a9:9a:39:6b:20:
-         d7:11:eb:62:c7:09:0d:b0:51:b4:49:ff:3e:02:7d:e4:a1:6b:
-         36:bf:f3:04:33:1f:7e:b2:69:af:7d:bb:a8:ef:7f:7e:0b:d3:
-         33:4f:8e:61:09:fa:a3:b9:d5:97:8c:0b:90:17:ce:72:52:2a:
-         de:b8:96:4d:36:c0:b8:d7:7d:9e:56:e0:38:6b:a7:02:a0:90:
-         6f:e8:ee:4f:f2:26:f3:6b:a4:75:80:8f:b0:c4:1b:d4:37:49:
-         75:4b:d9:ed:2b:11:3c:ed:a8:dd:4b:8f:01:60:4d:26:f4:2d:
-         6b:74:d5:75:79:88:2f:18:5e:76:6c:80:2c:eb:da:e2:cc:46:
-         a1:67:89:f5:f6:29:35:ae:b2:f6:79:a8:c3:43:f6:6a:a3:39:
-         d7:64:65:b7:bd:a6:c9:2d:60:70:4b:d9:60:1b:a9:a6:5e:b0:
-         cd:88:02:ae:28:57:b0:46:44:1a:ad:dc:1f:bb:e3:90:db:3c:
-         07:a1:bf:a9:31:1c:0d:97:37:78:80:8a:7f:f8:7a:60:0b:0f:
-         fe:d1:bc:38:ff:b3:72:72:80:e0:65:1d:86:90:b0:f6:7a:38:
-         1b:7b:05:b7:d9:f9:44:3e:4a:1c:2b:d4:3a:cc:db:75:20:eb:
-         6d:bf:22:4b:83:1c:4f:39
------BEGIN CERTIFICATE-----
-MIIFYTCCA0mgAwIBAgIJAMPTjNcrAaipMA0GCSqGSIb3DQEBDQUAMFQxCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIjAgBgNV
-BAMMGVNIQTM4NCBhbmQgU0hBNTEyIFJvb3QgQ0EwHhcNMTUxMTI5MjIzMzI1WhcN
-MjUxMTI2MjIzMzI1WjA7MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxHDAa
-BgNVBAMME3NoYTUxMi5zZXJ2ZXIudzEuZmkwggHXMA0GCSqGSIb3DQEBAQUAA4IB
-xAAwggG/AoIBtgyUrc5DYSg0X9fexaXrNjYldxn7pZsOu+1u2RAbcNNKFPs+XFCi
-hLMu/QnNxKv5+n7njugzUIoBg0I5Oydoi/rmXGCG6NBWWnm8KsqpC/WJ1aMldsFx
-i4oyKieBizGo+alsYgApzWp8LMwDNHdfk+fyGoyneJowKdGVO2BridD0abGCfBdz
-tSta76bse8eb4wo8TEGYrbSkBTBVYFmpDRw5tLTzcPy300fmRD+PPm7QMY6F7i8s
-9Z2GwYJ3Ec30Fah4KhidtiwfllHWPLYu9ONl1J9OkuZVGOI+bh7FPV11ISx6r8r+
-Cz0YlkyG8qf4bbMPDcv3RYa/iCFV9BzMp++ySRNCzpV0+mSw5P842hTvXBBwCqgw
-TyL4+Vao9Pcf6TGISn3tESeJSecGplrTJ9xgey2RWkgRP+Cj0r2Jr8ijhKAntYmY
-/TxY9KjbgXu6CAvVXzB86hnVd9+F+sT060f/cGXZ0ZF5EKcbEcqu2N+98fFU2Q2L
-eBxgzZ5jBAWGYKsZ58/dz+o9Df+BF4t0W4Wp5JPKdIbkTETUCwaNBtM1TvetKvZ3
-0HZc/DxjLv0/QkE2ctZ4PwIDAQABo4GZMIGWMAwGA1UdEwEB/wQCMAAwHQYDVR0O
-BBYEFDk7g9s8WY9cZtiGaiL59my0KTejMB8GA1UdIwQYMBaAFA50tQns+/rnumsa
-9isofqlw2tcYMCEGA1UdEQEB/wQXMBWCE3NoYTUxMi5zZXJ2ZXIudzEuZmkwFgYD
-VR0lAQH/BAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBDQUA
-A4ICAQCPQgigvMHrUO9qJrc+VKZ6rbBm0x1M1Lxjn/m4WOwzgpp+YCjoK+6mUUZ/
-v8Q5cY6k2BGILolggkrX6aVuy+xLedRIP+P9H+JvfkO/Y//j7NOCf70qOmZFUNX3
-6lsoTLD4iYoD4yJq6+4JRmqKxsmnYkGu6kJafBYKszNRXLcmUWjL7H5ufM0bJL7J
-kVMP3NLg098YBcr2mL/S1sKIj5ORLXttPFbCDZARkylnXsW3xQ/gswnWYMq11Y3/
-/Vdr+wUjYo9OvwO82rqBo39T9I/RSRzgMke2uXHUhV6oRGNHHZ1rNOvF2gIqWgdb
-PwxH8qNUXeA6DOt3O9X9Ax4B9sVoP9bty/lMAwZlqZo5ayDXEetixwkNsFG0Sf8+
-An3koWs2v/MEMx9+smmvfbuo739+C9MzT45hCfqjudWXjAuQF85yUireuJZNNsC4
-132eVuA4a6cCoJBv6O5P8ibza6R1gI+wxBvUN0l1S9ntKxE87ajdS48BYE0m9C1r
-dNV1eYgvGF52bIAs69rizEahZ4n19ik1rrL2eajDQ/ZqoznXZGW3vabJLWBwS9lg
-G6mmXrDNiAKuKFewRkQardwfu+OQ2zwHob+pMRwNlzd4gIp/+HpgCw/+0bw4/7Ny
-coDgZR2GkLD2ejgbewW32flEPkocK9Q6zNt1IOttvyJLgxxPOQ==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/sha512-user.key b/tests/hwsim/auth_serv/sha512-user.key
deleted file mode 100644
index 5985ea1ba233..000000000000
--- a/tests/hwsim/auth_serv/sha512-user.key
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIHtQIBADANBgkqhkiG9w0BAQEFAASCB58wggebAgEAAoIBqgDEVq3fqyK8sXHD
-9eeLAaxkWFeX9PoC8rLx/kuMBuEz/IuY1/JwkPPeOUUXn/fDNQCvS12aGtoyxBHE
-ucBF6j6ojz+tGS88Sfzvp+VTjbIdryyd+oMZondO4GIflxCTnY0GE+ZuUeltD9mX
-HkGEFwl1Jf9cB3iUXz6X5mTXSeXlmKHL4g34wDMtc+shaINM5G0gJEWl7qebruCp
-FFVpGkkjy+QzMpjnwSYJSaC31Y/w9QTjFERdfy0TwmATJ+7mPbhsQ6Rob5olyZBt
-6a4pXdjbJm/7RAW4ov11NV0aChHzAkv1hC62Gmp51PamFu7VrxrZ9TlzNGQnJied
-IqpuK0C/eap7zjtlbsgkkOwkKZiHWf7l/opJ8yWX524STzd+ekA5EoUr7YDd0Ig1
-UYkxvIsLIza7+hOyq6ugcNeZuurCOE4OG+GGTLFSpu+FqBfS/DqptZ3xxQINKugI
-g9srE1scoP8ZvKyclHgqLZPXJZM0fZnkPEzN9EK84vPH7D387cX2LMBO/6vudL/F
-VTDwdLSbvKw9lwsnNP7hiy8LUIqk+3vhClWztNwd4QIDAQABAoIBqX/9zZ1or914
-g6RuksHglmRX3spVzgHL+3GcB93Bwl+ke9Bovkg5hnDQvsTW6KpdzBN6OwuyA5pi
-jP7E5J3vRWeW8rjCGTPhO71zoyDj10BYqOpXm81DRympRu43CXxhkcRrhqVWSqhp
-U7ya4bTdW7H90klJKYb3zBM0A3sBVphk9ty1gcwuZ25zCc4elrGym5z/aFPyj1sD
-FrvCYKeCljl6uknR6zHxjP0y/U26L/qxj70Ewkh9FoKyDPWP68I2bBpPwka+sit+
-CeRNGNcosayzkv6m2BcPm3LZMzLouoWCkAszYhwXhAqSHQzFNqoCv/IW68qYGVgr
-XtKbDB/SYGbatP2+SIbPt3oW907yW/Zfv7hDvSZF3BNEVooPC6f6NWHTdGBLHCWJ
-1FvBWpSKF2uwy+s6aV2YTdB5S0myE7p9KlY/SZiHSNjWt16puC6mHyOpBc2yEGGi
-zCCANSxUEg1C6EKquk8bfJ/6WRnnEt96d5DFRFMKHDFEIxITThQDIcITuh8YLLBM
-fPDMc2HxSR5fyfkgR9wj7+hxHSoRmWNnnAnm2kr5SwMBAoHVDpslqXfYhhtcdrCm
-NqJpQxHqCYHiWLDCGl52Tjyq21quYQC4IDPk1qb9bIUjw9cYk0OlSY1tT+0z2DfG
-iN7lWSjVqlxXZihjQIkh1d2UV2SQHuAqnWnDSRwKjkWmDzLPFM4ZC52x7ZH54Rba
-iEnSDOy59Kuw05gE0+ia1AEROSmV5ROgFevEnwp3fX7/T0e9cEr5+z3LyNDY/6I4
-PHgBN9/OXhbBO+rWSFEEezQ8JEu5DfgZ9vAN8y3dNoRZcsYR/mafimygcVhKwySj
-hDi/lEoVcxIxAoHVDXE5jfRVrdKSIVMkngFuMM+p8IItpDDX3MHmFzqW8PDZu/BD
-VdqKa3Thc9f/rPwdUwOIFUfUxqIZum8n809rkAtBhxcases+E3NcHESulnM4kJNO
-gVS0TdfdaANeLXxd6zuXgxsxXU/omdqH2ZqlSFy2VvQncNJov1s6R6m5y22aOKdu
-fdgA9suzEh3PAHhqVRXGEGXakbJg/irVX15odZMn0jume5+2ajWyt6skoCR1UI9H
-FMHU5KS3mpFba7L1sG39dZS5C4R4sV3Vz4NpTtnTuKqxAoHVBcDn3RHwoSM2ESsU
-zoC7pkfwQT6Awx8d1vVO9RLA2xeliWCXJ1hJ1KSDP7RSmlqou5nyCj9DyDBQM+QE
-uPXUsoJ7aFhntT5DmrBqO6zFOofKnd7/6nI3Ex2QquqUt3f0SuXEx+aeqE7Qd/Jg
-sz8hFyZJOjBHv5IqlK8UDl89QZ84BLzuWrQ9B8k/uJfGSpyf6xQd1PJKzBg44ros
-HOXI1RG8YSPlioy/TE1dzoqNBl8tzmrlD3kQhbKTaV5JPgT4IZabUhPoP73f9W8B
-WpxgGzHzsRiBAoHVAiizU8dwk3CEo/GUqgQUzKYt50EhT4PAx+YkrIpuf9hPQE5A
-omNtZADrzQ1eNUxw8UpZ6wEUfaq/cyAzTHLvFb2ZErd1RCpCWCFpI+ksGWH8Lcxb
-CY6vPuly2CfiUm/tLcDuftI5RYF2HG/q7dpWvZ6WcrTYONiyljlyzNvHyZKa+Ip7
-xp6Q2RKyejBrdOniOjQ7EZsqVchOp8P9bUnegTPXa37FKInoZHqnb7R/N3FjnkLE
-6eKP7QE/tAWwp0WhDGs+EEqIxf7K28H0e1Xh7hYyWTChAoHVBn76/JDy92nDEWjG
-JkEJBeh88mT6ocKvFYbKrSAjBpFrPiTbHJ6Md0duRgvSB2ikGQnJfESz7Q/M5bdo
-Ssy0qH9Paugbye4FgVwQCECkfJkB3Ijn9VuR+8cdoCySXPzhWDU6UXh5taSvsHvT
-LRLyBjFC/6UTsElVCam28aujJmNI7X+LbXBij4a3J8nXO3BFqK8HIopeG2z1lyBi
-fgtLN2fTl6adq8lDYxoMBPmrEmob5lKwCPsOMCLz50WEacNK8CFZ6QUiwx1ZhJeA
-HR9JilLQkZRY
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/sha512-user.pem b/tests/hwsim/auth_serv/sha512-user.pem
deleted file mode 100644
index df2a0bd1d623..000000000000
--- a/tests/hwsim/auth_serv/sha512-user.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 14110776913249282219 (0xc3d38cd72b01a8ab)
-    Signature Algorithm: sha512WithRSAEncryption
-        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=SHA384 and SHA512 Root CA
-        Validity
-            Not Before: Nov 29 22:33:25 2015 GMT
-            Not After : Nov 26 22:33:25 2025 GMT
-        Subject: C=FI, O=w1.fi, CN=user-sha512
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3400 bit)
-                Modulus:
-                    00:c4:56:ad:df:ab:22:bc:b1:71:c3:f5:e7:8b:01:
-                    ac:64:58:57:97:f4:fa:02:f2:b2:f1:fe:4b:8c:06:
-                    e1:33:fc:8b:98:d7:f2:70:90:f3:de:39:45:17:9f:
-                    f7:c3:35:00:af:4b:5d:9a:1a:da:32:c4:11:c4:b9:
-                    c0:45:ea:3e:a8:8f:3f:ad:19:2f:3c:49:fc:ef:a7:
-                    e5:53:8d:b2:1d:af:2c:9d:fa:83:19:a2:77:4e:e0:
-                    62:1f:97:10:93:9d:8d:06:13:e6:6e:51:e9:6d:0f:
-                    d9:97:1e:41:84:17:09:75:25:ff:5c:07:78:94:5f:
-                    3e:97:e6:64:d7:49:e5:e5:98:a1:cb:e2:0d:f8:c0:
-                    33:2d:73:eb:21:68:83:4c:e4:6d:20:24:45:a5:ee:
-                    a7:9b:ae:e0:a9:14:55:69:1a:49:23:cb:e4:33:32:
-                    98:e7:c1:26:09:49:a0:b7:d5:8f:f0:f5:04:e3:14:
-                    44:5d:7f:2d:13:c2:60:13:27:ee:e6:3d:b8:6c:43:
-                    a4:68:6f:9a:25:c9:90:6d:e9:ae:29:5d:d8:db:26:
-                    6f:fb:44:05:b8:a2:fd:75:35:5d:1a:0a:11:f3:02:
-                    4b:f5:84:2e:b6:1a:6a:79:d4:f6:a6:16:ee:d5:af:
-                    1a:d9:f5:39:73:34:64:27:26:27:9d:22:aa:6e:2b:
-                    40:bf:79:aa:7b:ce:3b:65:6e:c8:24:90:ec:24:29:
-                    98:87:59:fe:e5:fe:8a:49:f3:25:97:e7:6e:12:4f:
-                    37:7e:7a:40:39:12:85:2b:ed:80:dd:d0:88:35:51:
-                    89:31:bc:8b:0b:23:36:bb:fa:13:b2:ab:ab:a0:70:
-                    d7:99:ba:ea:c2:38:4e:0e:1b:e1:86:4c:b1:52:a6:
-                    ef:85:a8:17:d2:fc:3a:a9:b5:9d:f1:c5:02:0d:2a:
-                    e8:08:83:db:2b:13:5b:1c:a0:ff:19:bc:ac:9c:94:
-                    78:2a:2d:93:d7:25:93:34:7d:99:e4:3c:4c:cd:f4:
-                    42:bc:e2:f3:c7:ec:3d:fc:ed:c5:f6:2c:c0:4e:ff:
-                    ab:ee:74:bf:c5:55:30:f0:74:b4:9b:bc:ac:3d:97:
-                    0b:27:34:fe:e1:8b:2f:0b:50:8a:a4:fb:7b:e1:0a:
-                    55:b3:b4:dc:1d:e1
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                2F:60:49:97:43:3C:7A:7E:22:C1:44:0B:43:78:D4:9D:7C:DF:A6:12
-            X509v3 Authority Key Identifier: 
-                keyid:0E:74:B5:09:EC:FB:FA:E7:BA:6B:1A:F6:2B:28:7E:A9:70:DA:D7:18
-
-            X509v3 Subject Alternative Name: 
-                email:user-sha512@w1.fi
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha512WithRSAEncryption
-         9d:58:98:97:95:49:c5:bc:be:f2:1d:01:65:ff:2b:5c:24:81:
-         71:87:05:3e:11:1d:2f:f2:16:12:d3:0e:36:72:af:87:6b:81:
-         c1:7c:aa:c8:be:be:a7:90:2c:7b:35:7c:0f:8b:67:e2:9c:da:
-         26:ad:09:fc:56:28:78:3b:3a:00:91:8d:f9:d1:39:a2:c5:3f:
-         e4:97:42:70:5c:93:93:23:5f:01:67:37:b7:d9:12:0c:14:dd:
-         9d:73:be:9e:46:47:90:21:26:6d:0e:4c:af:0b:80:41:06:94:
-         86:ef:49:66:1c:70:83:9c:1b:71:83:16:38:22:f5:a0:47:09:
-         bd:69:0f:9f:5b:19:1b:d4:44:f5:15:65:d5:6c:2b:d1:8c:c7:
-         3a:f4:a7:22:b0:53:e0:27:ff:06:c6:37:a7:cf:a6:25:2a:d4:
-         24:90:3e:46:59:6a:9b:dd:57:71:d1:79:3a:e2:6c:b5:22:19:
-         0f:dd:e6:d4:04:eb:fc:65:98:da:fd:e3:7c:04:d6:a0:2a:9e:
-         19:d8:aa:44:a7:8e:c6:7d:35:00:e5:ac:24:2f:ec:53:0a:7b:
-         3d:bc:67:f3:23:95:fd:98:8b:ba:ac:e0:25:90:b2:38:e1:bb:
-         62:a3:0c:39:bb:3b:79:40:53:91:20:10:86:88:f3:ae:ba:5a:
-         7a:eb:61:72:4d:3b:cc:fc:1c:ff:86:fb:6a:83:b8:ca:9a:34:
-         dc:66:46:e7:d9:39:59:a1:91:a9:d2:b9:38:c7:84:b9:23:10:
-         a6:21:e3:de:a1:56:90:bd:63:48:c7:10:d6:2d:2d:e0:90:ba:
-         19:3a:57:c4:ea:e4:d8:62:f3:84:c4:dd:a9:e9:fe:07:33:dc:
-         ed:7e:27:9d:4a:9e:d4:3d:12:35:84:f0:df:cf:d3:8d:7c:f8:
-         2d:cd:2b:24:70:92:40:b1:9f:38:b5:b1:34:b5:47:1b:19:6c:
-         5a:a2:ce:04:5a:e6:ce:a4:18:11:88:2c:d6:53:80:3d:87:88:
-         5b:89:63:47:0e:ed:52:7b:49:7f:0b:31:66:9c:54:5f:08:7d:
-         d7:e3:6e:6c:d6:12:a0:a8:cf:d9:69:6a:53:10:bf:67:d6:0c:
-         2e:8e:6a:9a:35:c6:0a:bd:ee:28:2b:9f:d9:af:89:0f:19:5f:
-         23:d2:f8:ce:04:69:78:a8:a3:33:3d:dc:d7:09:77:cb:51:8c:
-         80:0e:aa:07:60:34:32:b1:b7:e6:04:1c:5d:8e:53:1f:be:fe:
-         49:8a:21:a2:d8:f0:f8:ce:70:a4:b7:6e:90:ec:9d:68:f7:33:
-         08:67:59:d7:ff:f6:20:00:f5:51:79:66:e6:35:bd:29:85:62:
-         d3:e1:3a:1c:b3:8c:ef:8d
------BEGIN CERTIFICATE-----
-MIIFQjCCAyqgAwIBAgIJAMPTjNcrAairMA0GCSqGSIb3DQEBDQUAMFQxCzAJBgNV
-BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIjAgBgNV
-BAMMGVNIQTM4NCBhbmQgU0hBNTEyIFJvb3QgQ0EwHhcNMTUxMTI5MjIzMzI1WhcN
-MjUxMTI2MjIzMzI1WjAzMQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxFDAS
-BgNVBAMMC3VzZXItc2hhNTEyMIIByzANBgkqhkiG9w0BAQEFAAOCAbgAMIIBswKC
-AaoAxFat36sivLFxw/XniwGsZFhXl/T6AvKy8f5LjAbhM/yLmNfycJDz3jlFF5/3
-wzUAr0tdmhraMsQRxLnAReo+qI8/rRkvPEn876flU42yHa8snfqDGaJ3TuBiH5cQ
-k52NBhPmblHpbQ/Zlx5BhBcJdSX/XAd4lF8+l+Zk10nl5Zihy+IN+MAzLXPrIWiD
-TORtICRFpe6nm67gqRRVaRpJI8vkMzKY58EmCUmgt9WP8PUE4xREXX8tE8JgEyfu
-5j24bEOkaG+aJcmQbemuKV3Y2yZv+0QFuKL9dTVdGgoR8wJL9YQuthpqedT2phbu
-1a8a2fU5czRkJyYnnSKqbitAv3mqe847ZW7IJJDsJCmYh1n+5f6KSfMll+duEk83
-fnpAORKFK+2A3dCINVGJMbyLCyM2u/oTsquroHDXmbrqwjhODhvhhkyxUqbvhagX
-0vw6qbWd8cUCDSroCIPbKxNbHKD/GbysnJR4Ki2T1yWTNH2Z5DxMzfRCvOLzx+w9
-/O3F9izATv+r7nS/xVUw8HS0m7ysPZcLJzT+4YsvC1CKpPt74QpVs7TcHeECAwEA
-AaOBjjCBizAJBgNVHRMEAjAAMB0GA1UdDgQWBBQvYEmXQzx6fiLBRAtDeNSdfN+m
-EjAfBgNVHSMEGDAWgBQOdLUJ7Pv657prGvYrKH6pcNrXGDAcBgNVHREEFTATgRF1
-c2VyLXNoYTUxMkB3MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
-BaAwDQYJKoZIhvcNAQENBQADggIBAJ1YmJeVScW8vvIdAWX/K1wkgXGHBT4RHS/y
-FhLTDjZyr4drgcF8qsi+vqeQLHs1fA+LZ+Kc2iatCfxWKHg7OgCRjfnROaLFP+SX
-QnBck5MjXwFnN7fZEgwU3Z1zvp5GR5AhJm0OTK8LgEEGlIbvSWYccIOcG3GDFjgi
-9aBHCb1pD59bGRvURPUVZdVsK9GMxzr0pyKwU+An/wbGN6fPpiUq1CSQPkZZapvd
-V3HReTribLUiGQ/d5tQE6/xlmNr943wE1qAqnhnYqkSnjsZ9NQDlrCQv7FMKez28
-Z/Mjlf2Yi7qs4CWQsjjhu2KjDDm7O3lAU5EgEIaI8666WnrrYXJNO8z8HP+G+2qD
-uMqaNNxmRufZOVmhkanSuTjHhLkjEKYh496hVpC9Y0jHENYtLeCQuhk6V8Tq5Nhi
-84TE3anp/gcz3O1+J51KntQ9EjWE8N/P0418+C3NKyRwkkCxnzi1sTS1RxsZbFqi
-zgRa5s6kGBGILNZTgD2HiFuJY0cO7VJ7SX8LMWacVF8IfdfjbmzWEqCoz9lpalMQ
-v2fWDC6Oapo1xgq97igrn9mviQ8ZXyPS+M4EaXioozM93NcJd8tRjIAOqgdgNDKx
-t+YEHF2OUx++/kmKIaLY8PjOcKS3bpDsnWj3MwhnWdf/9iAA9VF5ZuY1vSmFYtPh
-OhyzjO+N
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/update.sh b/tests/hwsim/auth_serv/update.sh
deleted file mode 100755
index b2296b2fbf20..000000000000
--- a/tests/hwsim/auth_serv/update.sh
+++ /dev/null
@@ -1,181 +0,0 @@
-#!/bin/sh
-
-OPENSSL=openssl
-
-mkdir -p test-ca/newcerts
-
-echo
-echo "---[ DH parameters ]----------------------------------------------------"
-echo
-
-if [ -r dh.conf ]; then
-    echo "Use already generated dh.conf"
-else
-    openssl dhparam -out dh.conf 2048
-fi
-
-echo
-echo "---[ Root CA ]----------------------------------------------------------"
-echo
-
-if [ -r ca-key.pem ]; then
-    echo "Use already generated Root CA"
-else
-    cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = TEST - Incorrect Root CA/" \
-	    > ca-openssl.cnf.tmp
-    $OPENSSL req -config ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:2048 -nodes -keyout ca-incorrect-key.pem -out ca-incorrect.der -outform DER -days 3650 -sha256
-    $OPENSSL x509 -in ca-incorrect.der -inform DER -out ca-incorrect.pem -outform PEM -text
-
-    cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = Root CA/" \
-	    > ca-openssl.cnf.tmp
-    $OPENSSL req -config ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:2048 -nodes -keyout ca-key.pem -out ca.der -outform DER -days 3650 -sha256
-    $OPENSSL x509 -in ca.der -inform DER -out ca.pem -outform PEM -text
-    mkdir -p test-ca/certs test-ca/crl test-ca/newcerts test-ca/private
-    touch test-ca/index.txt
-    echo 01 > test-ca/crlnumber
-    cp ca.pem test-ca/cacert.pem
-    cp ca-key.pem test-ca/private/cakey.pem
-    $OPENSSL ca -config ca-openssl.cnf.tmp -gencrl -crldays 2922 -out crl.pem
-    cat ca.pem crl.pem > ca-and-crl.pem
-    faketime yesterday $OPENSSL ca -config ca-openssl.cnf.tmp -gencrl -crlhours 1 -out crl.pem
-    cat ca.pem crl.pem > ca-and-crl-expired.pem
-    rm crl.pem
-    rm ca-openssl.cnf.tmp
-fi
-
-echo
-echo "---[ Update server certificates ]---------------------------------------"
-echo
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=DNS:server.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r server.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server.csr -out server.pem -extensions ext_server
-
-$OPENSSL pkcs12 -export -out server.pkcs12 -in server.pem -inkey server.key -passout pass:
-$OPENSSL pkcs12 -export -out server-extra.pkcs12 -in server.pem -inkey server.key -descert -certfile user.pem -passout pass:whatever -name server
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server3.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r server-no-dnsname.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout server-no-dnsname.key -out server-no-dnsname.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-no-dnsname.csr -out server-no-dnsname.pem -extensions ext_server
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server4.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r server-expired.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout server-expired.key -out server-expired.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-expired.csr -out server-expired.pem -extensions ext_server -startdate 200101000000Z -enddate 200102000000Z
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server5.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r server-eku-client.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout server-eku-client.key -out server-eku-client.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client.csr -out server-eku-client.pem -extensions ext_client
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server6.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r server-eku-client-server.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout server-eku-client-server.key -out server-eku-client-server.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client-server.csr -out server-eku-client-server.pem -extensions ext_client_server
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server7.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r server-long-duration.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:4096 -nodes -keyout server-long-duration.key -out server-long-duration.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-long-duration.csr -out server-long-duration.pem -extensions ext_server -days 18250
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server-policies.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies.w1.fi/" |
-	sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.1/" \
-	> openssl.cnf.tmp
-if [ ! -r server-certpol.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = server-policies2.w1.fi/" |
-	sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies2.w1.fi/" |
-	sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.2/" \
-	> openssl.cnf.tmp
-if [ ! -r server-certpol2.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol2.key -out server-certpol2.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol2.csr -out server-certpol2.pem -extensions ext_server
-
-echo
-echo "---[ Update user certificates ]-----------------------------------------"
-echo
-
-cat openssl2.cnf | sed "s/#@CN@/commonName_default = Test User/" > openssl.cnf.tmp
-if [ ! -r user.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout user.key -out user.csr -outform PEM -sha256
-    $OPENSSL rsa -in user.key -out user.rsa-key
-    $OPENSSL pkcs8 -topk8 -in user.key -out user.key.pkcs8 -inform PEM -v2 des-ede3-cbc -v2prf hmacWithSHA1 -passout pass:whatever
-    $OPENSSL pkcs8 -topk8 -in user.key -out user.key.pkcs8.pkcs5v15 -inform PEM -v1 pbeWithMD5AndDES-CBC -passout pass:whatever
-fi
-
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in user.csr -out user.pem -extensions ext_client
-rm openssl.cnf.tmp
-
-$OPENSSL pkcs12 -export -out user.pkcs12 -in user.pem -inkey user.key -descert -passout pass:whatever
-$OPENSSL pkcs12 -export -out user2.pkcs12 -in user.pem -inkey user.key -descert -name Test -certfile server.pem -passout pass:whatever
-$OPENSSL pkcs12 -export -out user3.pkcs12 -in user.pem -inkey user.key -descert -name "my certificates" -certfile ca.pem -passout pass:whatever
-
-echo
-echo "---[ Update OCSP ]------------------------------------------------------"
-echo
-
-cat openssl2.cnf |
-	sed "s/#@CN@/commonName_default = ocsp.w1.fi/" \
-	> openssl.cnf.tmp
-if [ ! -r ocsp-responder.csr ]; then
-    $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout ocsp-responder.key -out ocsp-responder.csr -outform PEM -sha256
-fi
-$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in ocsp-responder.csr -out ocsp-responder.pem -extensions v3_OCSP
-
-$OPENSSL ocsp -CAfile test-ca/cacert.pem -issuer test-ca/cacert.pem -cert server.pem -reqout ocsp-req.der -no_nonce
-$OPENSSL ocsp -index test-ca/index.txt -rsigner test-ca/cacert.pem -rkey test-ca/private/cakey.pem -CA test-ca/cacert.pem -resp_no_certs -reqin ocsp-req.der -respout ocsp-server-cache.der
-SIZ=`ls -l ocsp-server-cache.der | cut -f5 -d' '`
-(echo -n 000; echo "obase=16;$SIZ" | bc) | xxd -r -ps > ocsp-multi-server-cache.der
-cat ocsp-server-cache.der >> ocsp-multi-server-cache.der
-
-echo
-echo "---[ Additional steps ]-------------------------------------------------"
-echo
-
-echo "test_ap_eap.py: ap_wpa2_eap_ttls_server_cert_hash srv_cert_hash"
-
-$OPENSSL x509 -in server.pem -out server.der -outform DER
-HASH=`sha256sum server.der | cut -f1 -d' '`
-rm server.der
-sed -i "s/srv_cert_hash =.*/srv_cert_hash = \"$HASH\"/" ../test_ap_eap.py
-
-echo "index.txt: server time+serial"
-
-grep -v CN=server.w1.fi index.txt > index.txt.new
-grep CN=server.w1.fi test-ca/index.txt | tail -1 >> index.txt.new
-mv index.txt.new index.txt
-
-echo "start.sh: openssl ocsp -reqout serial"
-
-SERIAL=`grep CN=server.w1.fi test-ca/index.txt | tail -1 | cut -f4`
-sed -i "s/'-serial', '0x[^']*'/'-serial', '0x$SERIAL'/" ../test_ap_eap.py
diff --git a/tests/hwsim/auth_serv/user.csr b/tests/hwsim/auth_serv/user.csr
deleted file mode 100644
index 49c179f26e1c..000000000000
--- a/tests/hwsim/auth_serv/user.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICiDCCAXACAQAwQzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
-BgNVBAoMBXcxLmZpMRIwEAYDVQQDDAlUZXN0IFVzZXIwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC8JAjZB20ZDpRca9mKhBsDIuIaBkLTC2CNXzEEBvqi
-QGoMJClYzYO/Op1/Nw1NJ13VV1cc8751PzpMRG8CL1uLLLBcRykZMQjRKPUenFuc
-t+drQDUQPn9mZxahTmiKccwyWOMIh6IqBy1/c/ZD5X/09nSuJ+jSXK6bgtmlKnJ2
-hC/jYqpBHt4zt2T4eW/6CbW8sIzNNIItxBBViepsOJL+YdZkhATUCjcyN43DVdH8
-q7hVBqkATzHiQvHntC6cRQ3cqfmtsnfB8LHDolomkL0ZL0YdpSE98DVilMjPMz/Y
-ol3fzFgACI3tsQTFKz8aFfaSCNTxQs1s2/L/4G5phNiLAgMBAAGgADANBgkqhkiG
-9w0BAQsFAAOCAQEAJB2hPF8r/cPO7+4fPf3oXwEwf0YsXHzVwUnawgtMNyU10rJX
-qqQIi2elEJfgYqmUhmXBrBIm06bRXlcR+QoWwX4sHk3rmHQYPy190bNpTaHVN9bZ
-kZndOcdaog1a3Lbui+e/brpzo0kGskW9TsDsOkYjzgIzQHGQtfcPfLhnLj4+sRyq
-tnV0vvHl3SyPmsVxrazRO4LgMBmwGx6QC4Yf3w25Us3aLzJqsZHDBRsVRdoHyLYd
-Jwt2fE2dLzGNkGFUP3BeJMHze1CqRybfoVlBU1IZRYlRQ8yOO/IpO7pa363Xx5Ar
-DsD2xcG7WvAjQ08vVgW2ShQRIIeX0Luhd6fqQg==
------END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/user.key b/tests/hwsim/auth_serv/user.key
deleted file mode 100644
index 1e114958ada2..000000000000
--- a/tests/hwsim/auth_serv/user.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8JAjZB20ZDpRc
-a9mKhBsDIuIaBkLTC2CNXzEEBvqiQGoMJClYzYO/Op1/Nw1NJ13VV1cc8751PzpM
-RG8CL1uLLLBcRykZMQjRKPUenFuct+drQDUQPn9mZxahTmiKccwyWOMIh6IqBy1/
-c/ZD5X/09nSuJ+jSXK6bgtmlKnJ2hC/jYqpBHt4zt2T4eW/6CbW8sIzNNIItxBBV
-iepsOJL+YdZkhATUCjcyN43DVdH8q7hVBqkATzHiQvHntC6cRQ3cqfmtsnfB8LHD
-olomkL0ZL0YdpSE98DVilMjPMz/Yol3fzFgACI3tsQTFKz8aFfaSCNTxQs1s2/L/
-4G5phNiLAgMBAAECggEAAVFTSonVxsYmXdtXg7PXKJd28+21TBsZSwQuqLOPz9EZ
-rQoXzApscMttTPXKvw6Whqb88jP20oVl2CDmkiJYxsnCVnMdI5MHV8esp9E6hwd2
-tHaXqIx3gfUY4HpXGxke7/9VX7rrdNXmCK18PQ9/bOzI9mtLIyYJBwfMlG6OrKvP
-QoeLwoZiMDvA3nS8a/TeTPNXI1md7GHfPXqOumAngV0E4FuT7XfkaeBVzataUStY
-D9WEhjtiEahCJWqtN7U/Zq4qKB6XrrVye8BixDNRf/Qnz5SPrhWk3rWPEAqPBcqO
-EirQapQAI+e974irowq1WOUV4xDYWq8QoXrMWFwFEQKBgQDjwxs+i+P33efaeTXG
-AjK/qieLn7JvnHIxAOPK+qzPY75b01U0JH9qRKs1J2dxUQQFWu2rWtbLAVDf8et/
-URL8ZAqCy2U8HOUJuu+x9kNoLRxREuY9EhMeQ6P6clTGx1fgIc9BXsT+UjMK6I+R
-3JwZEwLYf3E81KU9CmKpCfUZwwKBgQDTd2TRu9fIbmIrAf6StvsSD2OWQ/RBavNE
-pISLH5/orvt3kXy9I6bAyW+FyHZ4620CE24fzstWH8l3F1jIvCf32wa8cTi1EA7l
-Rh8gVRC0s2CdETse7lUHTqqoqO6ckT9p0ZLLHfbALsy0jIOZUno0uVgYPzbWkvXW
-j76Q27uRmQKBgG38qgtqQoxP/MbkAbO9HASyhqZGWETNp9dCNr6ujwUXhbWSOHMV
-rPIEdykT/kAaf3aWkm9NTqx51jRO/wpcfG6lYO4IirqcuX4ZZ+bopWSJZENCfSzA
-rbrPr0AiNg5H9YemzA8lVLv7tepuo+YsQrVZGOazpFtb1O/FNB+tT09BAoGBAMlG
-zCyhOasp/cBn3pJxHhq7kROWzKdzj+cXHJ17VW5ZFztgvDUe+PppAQB6pOFFXHVs
-XxZhc8Me8FitXTF7fiN5UzkMH2ifxz3Nd5UDwqnsTppRq08ulLom02NDoBJgYdZr
-xugUNigIo4l6cUv/aBhFDifOC3lDWkGGgmFI9IiJAoGAUMIiyteV7zqrc3ncrnYu
-Nvg90VeA7CMa0SvmOMYS0M8fUUHtbthfr64c2fWM9JFflApRtVkHSclRMI1RqmVW
-SvDqS4kxb0NC5HiWioRHb3PlEqL8F076lySD/25sNwWwHwMq1MJPOi7cEXc1YtWS
-26WD/C6dauV5FnMa7eX1D3I=
------END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/user.key.pkcs8 b/tests/hwsim/auth_serv/user.key.pkcs8
deleted file mode 100644
index 8302fbbbf8d3..000000000000
--- a/tests/hwsim/auth_serv/user.key.pkcs8
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2spAA/WpqE0CAggA
-MBQGCCqGSIb3DQMHBAi7csj8UwjU3ASCBMgK0/gob5gOgeDoZVERabnAazadQ7I9
-/QuAc75PEkl99YfjhiRXJyWWiOKNkGjgqTsXEfGp73/c3ilzKeoOtg/lhppZJ8VZ
-z2ePXO+BOx/xlgeLj+fEmXAjKZZBJ76FCUH/P6sWe8MTLMN1g67QeK6akwj7KCzO
-yPNOtL9FJbcq/Y0HxDy+266G2Y9ZVwtY45uOFXClWli1aRMz0/FRt7ijr5x7JsZj
-kqUgB7qPl2+wMEXLhU/m8Gn2JdkxRsrDn7Hq86TOAF+CpWpjxGTEZFqzrMcVXJ2I
-2oXntqwQdq9clLaMjPNP7eGZ7tmu3cQX6IypScZirJWgsb2+t3Hv3108wS9WZ7ZS
-eTvg8rVgrorP8lMPFqCuljEZyIWryN5EZ85/WlxjgpZQnnvEmNgckPcQM9KfjT9l
-UXsd3yaS+K6vA/NMgutSEQSFXLilpgr6wz19IvzIEeaGIU78GbBfSK/7kFWSb3WD
-mmub9LN9CKgwGMc640hHHY7EUX71QIxLitcA/lIxftnjPQ5brh7P+0gwray01i1Y
-SGaqLPNbgU+tLC7WnbadanTYRuMheTLmMgf8aIOiU9IT+JFiwm1s0jcVLlZyIsWF
-HH9xNcf4SYz1lUGcHnn/IlMd6PGucicmd17Qewi5Y/vil48r799Fr1KO/GCbxtkP
-qMjVqql1vRIo6tY++n9uwnTgg5NGrgLsFAWusulvEaC2BCTh1XqwtIC09zaonhy5
-30nadFWDnmR4MpPksjCBs5MCt2dBNF72JH/cFSTH7JpqDuthMJcprKc9b3MhQEqK
-srSr2HnDlOir6Ubvz2LCyAsuKui1B4UOnZ8q3lHPjIXHCZBWcdj+hLCmgncf/Sjq
-xvh0AmwPvn+kcG7W1DQ/ZfG7uh5oui4F9laVV3nuyOPzxdiuNFqYjHLb7rVgQOvK
-jjHYhd2pJAYDO13GrXVG1H2ipEUr8u/uDlr7HLdtvAZqsTSNMQZk3t2/TI2nJDli
-BPyJO72LVvwV0Jy5yH24qFwrzOmOcnNv1H14hPdwOOvhEQIWbAXRPTdf/ukC7HEb
-mKBfToPHALxnKPmcp9iERkcNZ8OfLqRdjCvZoD7K1caZFqv9Uc3U2kaQT0b9lm+1
-3UDd1n0YfxA/iJ0S2/KSroDAt/wWnznuJ9PlzpQfZ2BqlAxeFQ0RH1K97D6be5IW
-bxFxwkOwVK98j/g0+Y8/I0P2kNYH7WZ0ipkyM16TuhzUMKIuaoFxywwWaZg16F1x
-YJsKjjpDCAWAl1fARvMiUHko28drBRGbFzrRzBwtE9+jxGWAF48xStswrzQV2/Ct
-8Vll5BAfzSW8MLlvgJUECxFMOgsjS1GveHDcmEQ3z3JWBxGEXrYOYj0iDFNprrYu
-Q5e7q41R4BL7CxN6JYiLWJXw3K5hXEzaS8vB96r+2CCRMw2IQ2n7OTBBsEIqIV5f
-v++PKOwtZKpasnA7lblRZp8M/XFSOj591EBzwKGsXkOme7StZTngKjZKzf2xE56p
-TRPpxNeyi4Y9U7QuO0q/AOcQG0spI0c4X8QlIPwByL1CvVLiWnnmlCiU9g8fl0pk
-pVFASYyQPe0wAMU5C+zogf6K5N6rEcLbM3kNbvNE1zvPgzZpkAT6W41UZmB2828C
-Dx8=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/user.key.pkcs8.pkcs5v15 b/tests/hwsim/auth_serv/user.key.pkcs8.pkcs5v15
deleted file mode 100644
index 028177658db6..000000000000
--- a/tests/hwsim/auth_serv/user.key.pkcs8.pkcs5v15
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6TAbBgkqhkiG9w0BBQMwDgQIuIvpaVfmxx8CAggABIIEyMeuOVWbTSBwOkM1
-W3SdLlK0quEYilKanms32+3L7esusdyVU2u8J8tiiAvh84/xaCet99V7g/qYIYE7
-7wHTuB77BPGHRMZCKX2GOwJWxNVWUimB+kUX0yYIUwJx3CO3SExVPd2lcjnTMq5D
-PtaIHgJsPLU8wE3A1sVEGnfjE+73JtU/NJ7tS49WXNvQGd9ZeL4z3SqWt4HWmDdE
-TVOiAcQ2V7xrpfLP71ElW3D9oiL5Ba7NTCSYtLNfpQOKTiz8QQWzpkT1+IXNZvig
-yyYsNEZDzHQLmZXJVPsbHL8eoqzEpeH7mz/guQPBv1Rl8/PoiNY1bT8RV+EIp0Ne
-6FNv2OiQtV50XNRlM5c3gS9RvWEYwZ8PCCc3ZCaRw5dH1dghiBk91i17//GLkyV1
-gZUNrT7YqlwPBiksOwFYsGPgWP7tT1aKeEXaLXXtx7pIhRqUN9IJFSVs5hmSkSmk
-a4IuZGWEhhXpPm8cKsmrrMOXH3t48qR7OwUaERhcC4Qr23J1/8Whh8xNabIO0VXY
-HCiAdtlMO70GPlYq06lM+L5eF697qB/065Pf4bhjav8rs5QNvt5GzWWYo9uDaEib
-8n6tuOTxcf6yoe2fWgEpRk6jh9G9IS89pksusKDfizQg68q/Na1kmor7zT2FJAbC
-S/VCOfs8MH2zd8ZnEsvoUhR5ibjBU8aUe9ir5OT5vjaazRLpod2X7LKWdcb7irZA
-MvR9e1L+Z3RPLPoR8moYxLXZjd4F78rDDTYVFrYJGZTRmkJ9ukNzsI2ZzeRzNhqN
-kHDsSsjMYCI/QkTOFCOmoNrUOGiH1cXqRc0JD5PY7FRS+8qvw73uAFV7yTAmxikQ
-5IeNZvD+zJ6cvDb2ZR5iCmTA2f5uxsKl2hBe6uCdLLDPtlYHS0ZSmUolco6JrkDP
-ns5BR3e06C6YeHwM694dTGeffIFfKmVEkYBaJ8Hcuey9I2L2N69222pPcrUT947o
-TCXgZdjTNKSQEvEBPDHo9GRoJimnZODomJ9f/Da7BBIp+gHfE2rTS2+rUsU+5Kby
-AXJnaLpWu9zgSri6lNAtQZkmk3haL255AtycyLGuITxKTxjVSmZBQV/6zQQwcJNv
-e9PGNpI+EccjdjcI/UxDnW9ShuBbPTClrFmrE0jQjg4LZIR87pSO8jaBpg/2Q5ws
-nUnLrHbXuHuJqeFR1gg0zfkvulS5ldPdqDYeTEOpATmTcFHYTolwUa+cdJbeeo3P
-6s2RAyY9eGOgkgW8P0/nmfaHhVe8JBaHATx9liB3CFQ6kiU63YcBdgGdyzsYcIOK
-MR20MT9dq4l+Sij3EZABFqgCEypMgt+TUlzIXZbWBSaWmi8ScFAlQw9LmVuaOMMV
-hpTIuCenWVJVtWaHUIZkT316uENX3rQnDm1jR6UBSxFhKIsh+afeQMS6F656giAe
-rcwqkIDbglfvhN6NmjQppbfMpmiFE71XFmPBzofC3MvIh/2hB9tvEBnYKoJCMy1c
-XEbHynt7bRDm47Ev6gjAVWMZ1h40r79vvavK/vCA1b6Nd/F4gU+lGdB0tj/Pv2di
-4jvhiyE90tDCSHAe0BOnPFdWkLvru9BU2xixb/pegRT722jZj9PJb4jY79wT3PdM
-QHb1ZpXzRuidMI1ICQ==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/user.pem b/tests/hwsim/auth_serv/user.pem
deleted file mode 100644
index 08ee21e5c38b..000000000000
--- a/tests/hwsim/auth_serv/user.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d8:d3:e3:a6:cb:e3:cd:71
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
-        Validity
-            Not Before: May  3 17:02:53 2021 GMT
-            Not After : May  3 17:02:53 2022 GMT
-        Subject: C=FI, O=w1.fi, CN=Test User
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:bc:24:08:d9:07:6d:19:0e:94:5c:6b:d9:8a:84:
-                    1b:03:22:e2:1a:06:42:d3:0b:60:8d:5f:31:04:06:
-                    fa:a2:40:6a:0c:24:29:58:cd:83:bf:3a:9d:7f:37:
-                    0d:4d:27:5d:d5:57:57:1c:f3:be:75:3f:3a:4c:44:
-                    6f:02:2f:5b:8b:2c:b0:5c:47:29:19:31:08:d1:28:
-                    f5:1e:9c:5b:9c:b7:e7:6b:40:35:10:3e:7f:66:67:
-                    16:a1:4e:68:8a:71:cc:32:58:e3:08:87:a2:2a:07:
-                    2d:7f:73:f6:43:e5:7f:f4:f6:74:ae:27:e8:d2:5c:
-                    ae:9b:82:d9:a5:2a:72:76:84:2f:e3:62:aa:41:1e:
-                    de:33:b7:64:f8:79:6f:fa:09:b5:bc:b0:8c:cd:34:
-                    82:2d:c4:10:55:89:ea:6c:38:92:fe:61:d6:64:84:
-                    04:d4:0a:37:32:37:8d:c3:55:d1:fc:ab:b8:55:06:
-                    a9:00:4f:31:e2:42:f1:e7:b4:2e:9c:45:0d:dc:a9:
-                    f9:ad:b2:77:c1:f0:b1:c3:a2:5a:26:90:bd:19:2f:
-                    46:1d:a5:21:3d:f0:35:62:94:c8:cf:33:3f:d8:a2:
-                    5d:df:cc:58:00:08:8d:ed:b1:04:c5:2b:3f:1a:15:
-                    f6:92:08:d4:f1:42:cd:6c:db:f2:ff:e0:6e:69:84:
-                    d8:8b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                FB:85:00:A8:DF:D6:0C:0E:A7:E3:39:61:D9:BE:CE:2A:EF:6D:28:D8
-            X509v3 Authority Key Identifier: 
-                keyid:A4:FD:B9:39:1B:81:B3:AA:EB:88:1D:D4:81:A9:B5:11:70:CC:A7:E1
-
-            Authority Information Access: 
-                OCSP - URI:http://server.w1.fi:8888/
-
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-    Signature Algorithm: sha256WithRSAEncryption
-         a1:96:48:41:04:5c:06:bd:0b:34:59:c0:49:fa:d6:08:e4:30:
-         79:cf:0d:42:36:10:a1:4a:8d:41:f9:c4:91:1b:8c:cf:36:24:
-         21:e8:cc:d8:7e:ac:cc:ca:79:fd:49:fa:6d:0b:20:3f:cc:1e:
-         0b:df:bc:ac:3d:f6:19:c6:99:f9:5f:86:17:ce:00:63:8a:95:
-         42:4c:92:5e:d7:5c:6d:1c:3a:13:b9:3e:d1:dd:d0:78:0d:7e:
-         b4:13:19:95:4b:e0:7f:11:97:41:c2:92:de:f0:43:0f:8b:36:
-         53:0f:5d:d9:12:16:85:22:bf:8f:e6:b1:95:94:0b:dc:ff:3a:
-         a3:ce:27:f9:1d:58:20:bc:0c:45:d7:96:fc:76:de:26:57:58:
-         d0:e2:57:d3:32:e1:c5:1b:37:0c:54:36:ed:5b:0d:d4:ef:cc:
-         43:c6:a6:66:0f:ce:33:4f:96:b9:22:6d:1d:1d:3f:4c:6c:05:
-         68:8d:48:2b:12:37:2a:d5:05:33:e0:b5:12:8f:00:73:43:64:
-         0e:28:75:04:b8:6f:29:da:22:e7:2c:78:97:f8:b0:37:8e:f6:
-         0d:04:98:e1:2f:6e:fd:40:97:54:50:2c:ca:cf:68:16:55:ca:
-         c0:37:bd:d5:3c:5e:50:64:4b:dd:3c:d3:b4:88:25:a9:11:d3:
-         60:bc:a7:88
------BEGIN CERTIFICATE-----
-MIIDkDCCAnigAwIBAgIJANjT46bL481xMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
-BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
-AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDExCzAJ
-BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCQI2QdtGQ6UXGvZioQbAyLi
-GgZC0wtgjV8xBAb6okBqDCQpWM2DvzqdfzcNTSdd1VdXHPO+dT86TERvAi9biyyw
-XEcpGTEI0Sj1HpxbnLfna0A1ED5/ZmcWoU5oinHMMljjCIeiKgctf3P2Q+V/9PZ0
-rifo0lyum4LZpSpydoQv42KqQR7eM7dk+Hlv+gm1vLCMzTSCLcQQVYnqbDiS/mHW
-ZIQE1Ao3MjeNw1XR/Ku4VQapAE8x4kLx57QunEUN3Kn5rbJ3wfCxw6JaJpC9GS9G
-HaUhPfA1YpTIzzM/2KJd38xYAAiN7bEExSs/GhX2kgjU8ULNbNvy/+BuaYTYiwID
-AQABo4GaMIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPuFAKjf1gwOp+M5Ydm+zirv
-bSjYMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUFBwEB
-BCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNV
-HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAoZZIQQRcBr0LNFnA
-SfrWCOQwec8NQjYQoUqNQfnEkRuMzzYkIejM2H6szMp5/Un6bQsgP8weC9+8rD32
-GcaZ+V+GF84AY4qVQkySXtdcbRw6E7k+0d3QeA1+tBMZlUvgfxGXQcKS3vBDD4s2
-Uw9d2RIWhSK/j+axlZQL3P86o84n+R1YILwMRdeW/HbeJldY0OJX0zLhxRs3DFQ2
-7VsN1O/MQ8amZg/OM0+WuSJtHR0/TGwFaI1IKxI3KtUFM+C1Eo8Ac0NkDih1BLhv
-Kdoi5yx4l/iwN472DQSY4S9u/UCXVFAsys9oFlXKwDe91TxeUGRL3TzTtIglqRHT
-YLyniA==
------END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/user.pkcs12 b/tests/hwsim/auth_serv/user.pkcs12
deleted file mode 100644
index 96108f24b192..000000000000
--- a/tests/hwsim/auth_serv/user.pkcs12
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/user.rsa-key b/tests/hwsim/auth_serv/user.rsa-key
deleted file mode 100644
index c77924a3ee43..000000000000
--- a/tests/hwsim/auth_serv/user.rsa-key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvCQI2QdtGQ6UXGvZioQbAyLiGgZC0wtgjV8xBAb6okBqDCQp
-WM2DvzqdfzcNTSdd1VdXHPO+dT86TERvAi9biyywXEcpGTEI0Sj1HpxbnLfna0A1
-ED5/ZmcWoU5oinHMMljjCIeiKgctf3P2Q+V/9PZ0rifo0lyum4LZpSpydoQv42Kq
-QR7eM7dk+Hlv+gm1vLCMzTSCLcQQVYnqbDiS/mHWZIQE1Ao3MjeNw1XR/Ku4VQap
-AE8x4kLx57QunEUN3Kn5rbJ3wfCxw6JaJpC9GS9GHaUhPfA1YpTIzzM/2KJd38xY
-AAiN7bEExSs/GhX2kgjU8ULNbNvy/+BuaYTYiwIDAQABAoIBAAFRU0qJ1cbGJl3b
-V4Oz1yiXdvPttUwbGUsELqizj8/RGa0KF8wKbHDLbUz1yr8Oloam/PIz9tKFZdgg
-5pIiWMbJwlZzHSOTB1fHrKfROocHdrR2l6iMd4H1GOB6VxsZHu//VV+663TV5git
-fD0Pf2zsyPZrSyMmCQcHzJRujqyrz0KHi8KGYjA7wN50vGv03kzzVyNZnexh3z16
-jrpgJ4FdBOBbk+135GngVc2rWlErWA/VhIY7YhGoQiVqrTe1P2auKigel661cnvA
-YsQzUX/0J8+Uj64VpN61jxAKjwXKjhIq0GqUACPnve+Iq6MKtVjlFeMQ2FqvEKF6
-zFhcBRECgYEA48MbPovj993n2nk1xgIyv6oni5+yb5xyMQDjyvqsz2O+W9NVNCR/
-akSrNSdncVEEBVrtq1rWywFQ3/Hrf1ES/GQKgstlPBzlCbrvsfZDaC0cURLmPRIT
-HkOj+nJUxsdX4CHPQV7E/lIzCuiPkdycGRMC2H9xPNSlPQpiqQn1GcMCgYEA03dk
-0bvXyG5iKwH+krb7Eg9jlkP0QWrzRKSEix+f6K77d5F8vSOmwMlvhch2eOttAhNu
-H87LVh/JdxdYyLwn99sGvHE4tRAO5UYfIFUQtLNgnRE7Hu5VB06qqKjunJE/adGS
-yx32wC7MtIyDmVJ6NLlYGD821pL11o++kNu7kZkCgYBt/KoLakKMT/zG5AGzvRwE
-soamRlhEzafXQja+ro8FF4W1kjhzFazyBHcpE/5AGn92lpJvTU6sedY0Tv8KXHxu
-pWDuCIq6nLl+GWfm6KVkiWRDQn0swK26z69AIjYOR/WHpswPJVS7+7XqbqPmLEK1
-WRjms6RbW9TvxTQfrU9PQQKBgQDJRswsoTmrKf3AZ96ScR4au5ETlsync4/nFxyd
-e1VuWRc7YLw1Hvj6aQEAeqThRVx1bF8WYXPDHvBYrV0xe34jeVM5DB9on8c9zXeV
-A8Kp7E6aUatPLpS6JtNjQ6ASYGHWa8boFDYoCKOJenFL/2gYRQ4nzgt5Q1pBhoJh
-SPSIiQKBgFDCIsrXle86q3N53K52Ljb4PdFXgOwjGtEr5jjGEtDPH1FB7W7YX6+u
-HNn1jPSRX5QKUbVZB0nJUTCNUaplVkrw6kuJMW9DQuR4loqER29z5RKi/BdO+pck
-g/9ubDcFsB8DKtTCTzou3BF3NWLVktulg/wunWrleRZzGu3l9Q9y
------END RSA PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/user2.pkcs12 b/tests/hwsim/auth_serv/user2.pkcs12
deleted file mode 100644
index 1ede5d977834..000000000000
--- a/tests/hwsim/auth_serv/user2.pkcs12
+++ /dev/null
diff --git a/tests/hwsim/auth_serv/user3.pkcs12 b/tests/hwsim/auth_serv/user3.pkcs12
deleted file mode 100644
index a5dfb755041b..000000000000
--- a/tests/hwsim/auth_serv/user3.pkcs12
+++ /dev/null
diff --git a/tests/hwsim/build.sh b/tests/hwsim/build.sh
deleted file mode 100755
index cb4700166f82..000000000000
--- a/tests/hwsim/build.sh
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd $(dirname $0)
-
-usage()
-{
-	echo "$0 [-c | --codecov] [-f | --force-config]"
-	exit 1
-}
-
-use_lcov=0
-force_config=0
-while [ "$1" != "" ]; do
-	case $1 in
-		-c | --codecov ) shift
-			echo "$0: use code coverage specified"
-			use_lcov=1
-			;;
-		-f | --force-config ) shift
-			force_config=1
-			echo "$0: force copy config specified"
-			;;
-		* ) usage
-	esac
-done
-
-JOBS=`nproc`
-if [ -z "$ABC" ]; then
-    JOBS=8
-fi
-
-echo "Building TNC testing tools"
-cd tnc
-make QUIET=1 -j$JOBS
-
-echo "Building wlantest"
-cd ../../../wlantest
-make QUIET=1 -j$JOBS > /dev/null
-
-echo "Building hs20-osu-client"
-cd ../hs20/client/
-make QUIET=1 CONFIG_NO_BROWSER=1
-
-echo "Building hostapd"
-cd ../../hostapd
-if [ ! -e .config -o $force_config -eq 1 ]; then
-    if ! cmp ../tests/hwsim/example-hostapd.config .config >/dev/null 2>&1 ; then
-      cp ../tests/hwsim/example-hostapd.config .config
-    fi
-fi
-
-if [ $use_lcov -eq 1 ]; then
-    if ! grep -q CONFIG_CODE_COVERAGE .config; then
-	    echo CONFIG_CODE_COVERAGE=y >> .config
-    else
-	    echo "CONFIG_CODE_COVERAGE already exists in hostapd/.config. Ignore"
-    fi
-fi
-
-make QUIET=1 -j$JOBS hostapd hostapd_cli hlr_auc_gw
-
-echo "Building wpa_supplicant"
-cd ../wpa_supplicant
-if [ ! -e .config -o $force_config -eq 1 ]; then
-    if ! cmp ../tests/hwsim/example-wpa_supplicant.config .config >/dev/null 2>&1 ; then
-      cp ../tests/hwsim/example-wpa_supplicant.config .config
-    fi
-fi
-
-if [ $use_lcov -eq 1 ]; then
-    if ! grep -q CONFIG_CODE_COVERAGE .config; then
-	    echo CONFIG_CODE_COVERAGE=y >> .config
-    else
-	    echo "CONFIG_CODE_COVERAGE already exists in wpa_supplicant/.config. Ignore"
-    fi
-fi
-
-if [ -z $FIPSLD_CC ]; then
-export FIPSLD_CC=gcc
-fi
-make QUIET=1 -j$JOBS
diff --git a/tests/hwsim/check_kernel.py b/tests/hwsim/check_kernel.py
deleted file mode 100644
index 446c9a04e914..000000000000
--- a/tests/hwsim/check_kernel.py
+++ /dev/null
@@ -1,31 +0,0 @@
-# kernel message checker module
-#
-# Copyright (c) 2013, Intel Corporation
-#
-# Author: Johannes Berg <johannes@sipsolutions.net>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-#
-"""
-Tests for kernel messages to find if there were any issues in them.
-"""
-
-import re
-
-lockdep_messages = [
-  'possible circular locking dependency',
-  '.*-safe -> .*unsafe lock order detected',
-  'possible recursive locking detected',
-  'inconsistent lock state',
-  'possible irq lock inversion dependency',
-  'suspicious RCU usage',
-]
-lockdep = r'(\[\s*)?(INFO|WARNING): (%s)|\*\*\* DEADLOCK \*\*\*' % ('|'.join(lockdep_messages), )
-issue = re.compile('(\[[0-9 .]*\] )?(WARNING:|BUG:|%s|RTNL: assertion failed).*' % lockdep)
-
-def check_kernel(logfile):
-    for line in open(logfile, 'r'):
-        if issue.match(line):
-            return False
-    return True
diff --git a/tests/hwsim/devdetail.xml b/tests/hwsim/devdetail.xml
deleted file mode 100644
index 6d0389e8a133..000000000000
--- a/tests/hwsim/devdetail.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<DevDetail xmlns="urn:oma:mo:oma-dm-devdetail:1.0">
-	<Ext>
-		<org.wi-fi>
-			<Wi-Fi>
-				<EAPMethodList>
-					<EAPMethod1>
-						<EAPType>13</EAPType>
-					</EAPMethod1>
-					<EAPMethod2>
-						<EAPType>21</EAPType>
-						<InnerMethod>MS-CHAP-V2</InnerMethod>
-					</EAPMethod2>
-					<EAPMethod3>
-						<EAPType>18</EAPType>
-					</EAPMethod3>
-					<EAPMethod4>
-						<EAPType>23</EAPType>
-					</EAPMethod4>
-					<EAPMethod5>
-						<EAPType>50</EAPType>
-					</EAPMethod5>
-				</EAPMethodList>
-				<ManufacturingCertificate>false</ManufacturingCertificate>
-				<Wi-FiMACAddress>020102030405</Wi-FiMACAddress>
-				<IMSI>310026000000000</IMSI>
-				<IMEI_MEID>imei:490123456789012</IMEI_MEID>
-				<ClientTriggerRedirectURI>http://localhost:12345/</ClientTriggerRedirectURI>
-				<Ops>
-					<launchBrowserToURI></launchBrowserToURI>
-					<negotiateClientCertTLS></negotiateClientCertTLS>
-					<getCertificate></getCertificate>
-				</Ops>
-			</Wi-Fi>
-		</org.wi-fi>
-	</Ext>
-	<URI>
-		<MaxDepth>0</MaxDepth>
-		<MaxTotLen>0</MaxTotLen>
-		<MaxSegLen>0</MaxSegLen>
-	</URI>
-	<DevType>MobilePhone</DevType>
-	<OEM>Manufacturer</OEM>
-	<FwV>1.0</FwV>
-	<SwV>1.0</SwV>
-	<HwV>1.0</HwV>
-	<LrgObj>false</LrgObj>
-</DevDetail>
diff --git a/tests/hwsim/devinfo.xml b/tests/hwsim/devinfo.xml
deleted file mode 100644
index d48a520a98a1..000000000000
--- a/tests/hwsim/devinfo.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<DevInfo xmlns="urn:oma:mo:oma-dm-devinfo:1.0">
-	<DevId>urn:Example:HS20-station:123456</DevId>
-	<Man>Manufacturer</Man>
-	<Mod>HS20-station</Mod>
-	<DmV>1.2</DmV>
-	<Lang>en</Lang>
-</DevInfo>
diff --git a/tests/hwsim/dictionary.radius b/tests/hwsim/dictionary.radius
deleted file mode 100644
index d2112dad3f48..000000000000
--- a/tests/hwsim/dictionary.radius
+++ /dev/null
@@ -1,20 +0,0 @@
-ATTRIBUTE	User-Name		1	string
-ATTRIBUTE	User-Password		2	string
-ATTRIBUTE	NAS-IP-Address		4	ipaddr
-ATTRIBUTE	State			24	octets
-ATTRIBUTE	Vendor-Specific		26	octets
-ATTRIBUTE	Session-Timeout		27	integer
-ATTRIBUTE	Calling-Station-Id	31	string
-ATTRIBUTE	NAS-Identifier		32	string
-ATTRIBUTE	Acct-Session-Id		44	string
-ATTRIBUTE	Acct-Multi-Session-Id	50	string
-ATTRIBUTE	Event-Timestamp		55	date
-ATTRIBUTE	Tunnel-Type		64	integer
-ATTRIBUTE	Tunnel-Medium-Type	65	integer
-ATTRIBUTE	Tunnel-Password		69	octets
-ATTRIBUTE	EAP-Message		79	string
-ATTRIBUTE	Message-Authenticator	80	octets
-ATTRIBUTE	Tunnel-Private-Group-ID	81	string
-ATTRIBUTE	Acct-Interim-Interval	85	integer
-ATTRIBUTE	Chargeable-User-Identity 89	string
-ATTRIBUTE	Error-Cause		101	integer
diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config
deleted file mode 100644
index d01a1d2edcfe..000000000000
--- a/tests/hwsim/example-hostapd.config
+++ /dev/null
@@ -1,116 +0,0 @@
-#CC=ccache gcc
-
-CONFIG_DRIVER_NONE=y
-CONFIG_DRIVER_NL80211=y
-CONFIG_RSN_PREAUTH=y
-
-#CONFIG_TLS=internal
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-CONFIG_TLS=openssl
-
-CONFIG_EAP=y
-CONFIG_ERP=y
-CONFIG_EAP_MD5=y
-CONFIG_EAP_TLS=y
-CONFIG_EAP_MSCHAPV2=y
-CONFIG_EAP_PEAP=y
-CONFIG_EAP_GTC=y
-CONFIG_EAP_TTLS=y
-CONFIG_EAP_SIM=y
-CONFIG_EAP_AKA=y
-CONFIG_EAP_AKA_PRIME=y
-CONFIG_EAP_GPSK=y
-CONFIG_EAP_GPSK_SHA256=y
-CONFIG_EAP_SAKE=y
-CONFIG_EAP_PAX=y
-CONFIG_EAP_PSK=y
-CONFIG_EAP_VENDOR_TEST=y
-CONFIG_EAP_FAST=y
-CONFIG_EAP_TEAP=y
-CONFIG_EAP_IKEV2=y
-CONFIG_EAP_TNC=y
-CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
-LIBS += -rdynamic
-CONFIG_EAP_UNAUTH_TLS=y
-ifeq ($(CONFIG_TLS), openssl)
-CONFIG_EAP_PWD=y
-endif
-CONFIG_EAP_EKE=y
-CONFIG_PKCS12=y
-CONFIG_RADIUS_SERVER=y
-CONFIG_IPV6=y
-CONFIG_TLSV11=y
-CONFIG_TLSV12=y
-
-CONFIG_FULL_DYNAMIC_VLAN=y
-CONFIG_VLAN_NETLINK=y
-CONFIG_LIBNL32=y
-CONFIG_LIBNL3_ROUTE=y
-CONFIG_IEEE80211R=y
-CONFIG_IEEE80211AC=y
-CONFIG_IEEE80211AX=y
-
-CONFIG_OCV=y
-
-CONFIG_WPS=y
-CONFIG_WPS_UPNP=y
-CONFIG_WPS_NFC=y
-#CONFIG_WPS_STRICT=y
-CONFIG_WPA_TRACE=y
-CONFIG_WPA_TRACE_BFD=y
-
-CONFIG_P2P_MANAGER=y
-CONFIG_DEBUG_FILE=y
-CONFIG_DEBUG_LINUX_TRACING=y
-CONFIG_WPA_CLI_EDIT=y
-CONFIG_ACS=y
-CONFIG_NO_RANDOM_POOL=y
-CONFIG_WNM=y
-CONFIG_INTERWORKING=y
-CONFIG_HS20=y
-CONFIG_SQLITE=y
-CONFIG_SAE=y
-CONFIG_SAE_PK=y
-CFLAGS += -DALL_DH_GROUPS
-
-CONFIG_FST=y
-CONFIG_FST_TEST=y
-
-CONFIG_TESTING_OPTIONS=y
-CFLAGS += -DCONFIG_RADIUS_TEST
-CONFIG_MODULE_TESTS=y
-
-CONFIG_SUITEB=y
-
-# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
-# This can be used as a more efficient memory error detector than valgrind
-# (though, with still some CPU and memory cost, so VM cases will need more
-# memory allocated for the guest).
-#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
-#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
-#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
-#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
-#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
-
-# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
-# following lines.
-#CFLAGS += -Wno-format-nonliteral
-#CFLAGS += -fsanitize=undefined
-##CFLAGS += -fno-sanitize-recover
-#LIBS += -fsanitize=undefined
-##LIBS += -fno-sanitize-recover
-#LIBS_h += -fsanitize=undefined
-#LIBS_n += -fsanitize=undefined
-#LIBS_c += -fsanitize=undefined
-CONFIG_MBO=y
-
-CONFIG_TAXONOMY=y
-CONFIG_FILS=y
-CONFIG_FILS_SK_PFS=y
-CONFIG_OWE=y
-CONFIG_DPP=y
-CONFIG_DPP2=y
-CONFIG_WEP=y
-CONFIG_PASN=y
-CONFIG_AIRTIME_POLICY=y
diff --git a/tests/hwsim/example-setup.txt b/tests/hwsim/example-setup.txt
deleted file mode 100644
index cf5cf3ba6761..000000000000
--- a/tests/hwsim/example-setup.txt
+++ /dev/null
@@ -1,191 +0,0 @@
-Step-by-step guide for setting up hostapd/wpa_supplicant test framework
------------------------------------------------------------------------
-
-This document can be used as a quick guide for getting started with
-hostapd/wpa_supplicant test framework with mac80211_hwsim. While the
-example here uses Ubuntu 14.04.1 server to have a list of exact steps,
-there are no requirements for using that specific distribution in the
-testing setup.
-
-The steps here describe how to run a full Linux installation in a
-virtual machine with any host system (e.g., Linux, Windows, or OS X as
-the host and using kvm, VirtualBox, etc. for running the virtual guest
-system). For more advanced (and significantly faster and with more
-testing coverage) configuration on a Linux host system, parallel virtual
-machines can be used as an alternative setup. See tests/hwsim/vm/README
-for more details on that.
-
-
-Install Ubuntu Server 14.04.1 in the virtual machine
-
-- download installation image, e.g.,
-  http://releases.ubuntu.com/14.04.1/ubuntu-14.04.1-server-amd64.iso
-- use virtualization software specific steps to create a new VM and
-  install the the guest system with default settings (i.e., no need to
-  select any extra packages during initial installation)
-- if the host system has multiple CPU cores, it is likely a good idea to
-  enabled at least two CPUs in the guest; 1024 MB of RAM should be enough
-  for testing purposes
-- 8 GB of virtual hard driver should be fine for this purpose
-- boot to the installed operating system
-
-
-Install the prerequisite packages that may not have been installed by default
-
-sudo apt-get install build-essential git libpcap-dev libsqlite3-dev binutils-dev libnl-3-dev libnl-genl-3-dev libnl-route-3-dev libssl-dev libiberty-dev libdbus-1-dev iw bridge-utils python-pyrad python-crypto tshark
-
-optional:
-sudo apt-get install python-netifaces
-
-
-Install a recent kernel wireless components (mac80211_hwsim, mac80211,
-cfg80211)
-
-For this step, the kernel version may be updated, but the simpler option
-is to install the latest version of Backports package. For example:
-
-wget http://www.kernel.org/pub/linux/kernel/projects/backports/stable/v3.19-rc1/backports-3.19-rc1-1.tar.xz
-tar xJf backports-3.19-rc1-1.tar.xz
-cd backports-3.19-rc1-1
-
-cat > defconfigs/mac80211_hwsim <<EOF
-CPTCFG_CFG80211=m
-CPTCFG_CFG80211_WEXT=y
-CPTCFG_MAC80211=m
-CPTCFG_MAC80211_LEDS=y
-CPTCFG_MAC80211_MESH=y
-CPTCFG_WLAN=y
-CPTCFG_MAC80211_HWSIM=m
-EOF
-
-make defconfig-mac80211_hwsim
-make
-sudo make install
-cd ..
-
-
-Update iw based on custom iw.git build
-
-Couple of the test cases expect iw to have support for requesting
-cfg80211 scan results to be flushed. That functionality is not included
-in the version that Ubuntu 14.04.1 includes (iw v3.4). Following steps
-can be used to replace that version with a custom build. This is
-optional, i.e., most test cases will work with the old iw version, but
-some test cases are skipped and some are more likely to fail if iw does
-not get updated.
-
-wget https://www.kernel.org/pub/software/network/iw/iw-3.17.tar.gz
-tar xf iw-3.17.tar.gz
-cd iw-3.17
-make
-sudo mv /sbin/iw{,-distro}
-sudo cp iw /sbin/iw
-cd ..
-
-
-Update wireless-regdb
-
-Number of VHT and DFS test cases are skipped if the old wireless-regdb
-version from Ubuntu 14.04 (2013.02.13) is used. Following steps can
-optionally be used to update wireless-regdb to a newer snapshot to
-enable additional test cases:
-
-wget http://kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2014.10.07.tar.xz
-tar xJf wireless-regdb-2014.10.07.tar.xz
-sudo mv /lib/crda/regulatory.bin{,-distro}
-sudo cp wireless-regdb-2014.10.07/regulatory.bin /lib/crda/regulatory.bin
-
-# following command can be used to verify that the new version is trusted
-regdbdump /lib/crda/regulatory.bin
-
-
-Download a snapshot of the hostap.git repository and build the programs
-
-git clone git://w1.fi/hostap.git
-cd hostap/tests/hwsim
-./build.sh
-
-
-Setup is now ready for testing. You can run a quick test to confirm that
-things work as expected:
-
-# load mac80211_hwsim and start test software
-./start.sh
-
-# run a single test case ap_open
-sudo ./run-tests.py ap_open
-
-This should print out following style results:
-
-DEV: wlan0: 02:00:00:00:00:00
-DEV: wlan1: 02:00:00:00:01:00
-DEV: wlan2: 02:00:00:00:02:00
-APDEV: wlan3
-APDEV: wlan4
-START ap_open 1/1
-Test: AP with open mode (no security) configuration
-Starting AP wlan3
-Connect STA wlan0 to AP
-PASS ap_open 0.175895 2015-01-17 20:12:07.486006
-passed all 1 test case(s)
-
-(If that "PASS ap_open" line does not show up, something unexpected has
-happened and the setup is not in working condition.)
-
-# to stop test software and unload mac80211_hwsim
-./stop.sh
-
-
-To run all available test cases (about thousand or so), you can run following:
-
-./run-all.sh
-
-This will take about half an hour to hour to run (if that sounds long, see
-vm/README for information on how parallel VMs can be used to speed this
-up; e.g., a 4-core i7-4770K can run these in under 10 minutes with 7
-parallel VMs).
-
-The results may look something like this:
-
-START grpform_goneg_fail_with_group_iface 1/981
-PASS grpform_goneg_fail_with_group_iface 0.371424 2015-01-17 22:17:16.659803
-START grpform2 2/981
-PASS grpform2 1.476142 2015-01-17 22:17:18.136539
-...
-START ext_password_psk_not_found 981/981
-PASS ext_password_psk_not_found 1.544709 2015-01-17 22:46:56.489764
-failed tests: wext_wpa2_psk wext_wep_open_auth wext_open wext_rfkill wext_scan_hidden wext_pmksa_cache wext_wep_shared_key_auth
-
-
-In this example, about 860 test cases passed and about 100 were skipped.
-
-Most of the skipped test cases are in following categories:
-- D-Bus (requires kvm-based test run, see vm/README)
-- VHT 80 and 160 MHz channels (requires wireless-regdb update)
-- DFS (requires wireless-regdb updates)
-
-The following test failed every time (i.e., other failed cases could be
-passed on second attempt):
-
-wext_pmf wext_wpa2_psk wext_wep_open_auth wext_open wext_rfkill wext_scan_hidden wext_pmksa_cache wext_wep_shared_key_auth
-
-WEXT failures are due to the specific cfg80211/mac80211 version from
-Backports not allowing WEXT support to be enabled. A newer build
-addresses that and these WEXT test cases pass, e.g., with this snapshot
-build:
-http://buildbot.w1.fi/backports-wireless-testing/backports-wireless-testing-2015-01-18-ba3f765.tar.bz2
-
-With that version, ibss_rsn is failing due to a known cfg80211
-regression in the specific snapshot build. All other test cases passed
-at least on retry or were skipped due to missing testing capability.
-
-With systemd based distros, e.g., Ubuntu 16.04, systemd-rfkill.service might
-block the mac80211_hwsim network devices.
-The tests will fail with
-  Exception: Failed to enable hostapd interface wlan3
-In the *.hostapd log, would will read
-  nl80211: Could not yet enable interface 'wlan3' due to rfkill
-Your syslog will read
-  systemd[1]: Starting Load/Save RF Kill Switch Status...
-This can be fixed by
-  systemctl mask systemd-rfkill.service
diff --git a/tests/hwsim/example-wpa_supplicant.config b/tests/hwsim/example-wpa_supplicant.config
deleted file mode 100644
index 5e5acd695729..000000000000
--- a/tests/hwsim/example-wpa_supplicant.config
+++ /dev/null
@@ -1,160 +0,0 @@
-#CC=ccache gcc
-
-CONFIG_TLS=openssl
-#CONFIG_TLS=wolfssl
-#CONFIG_TLS=internal
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-CONFIG_IEEE8021X_EAPOL=y
-
-CONFIG_ERP=y
-CONFIG_EAP_MD5=y
-CONFIG_MSCHAPV2=y
-CONFIG_EAP_TLS=y
-CONFIG_EAP_PEAP=y
-CONFIG_EAP_TTLS=y
-CONFIG_EAP_GTC=y
-CONFIG_EAP_OTP=y
-CONFIG_EAP_PSK=y
-CONFIG_EAP_PAX=y
-CONFIG_EAP_LEAP=y
-CONFIG_EAP_SIM=y
-CONFIG_EAP_AKA=y
-CONFIG_EAP_AKA_PRIME=y
-CONFIG_EAP_VENDOR_TEST=y
-CONFIG_EAP_TLV=y
-CONFIG_EAP_SAKE=y
-CONFIG_EAP_GPSK=y
-CONFIG_EAP_GPSK_SHA256=y
-CONFIG_EAP_EKE=y
-CONFIG_EAP_TNC=y
-CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
-LIBS += -rdynamic
-CONFIG_EAP_FAST=y
-CONFIG_EAP_TEAP=y
-CONFIG_EAP_IKEV2=y
-
-ifeq ($(CONFIG_TLS), openssl)
-CONFIG_EAP_PWD=y
-endif
-
-CONFIG_USIM_SIMULATOR=y
-CONFIG_SIM_SIMULATOR=y
-
-#CONFIG_PCSC=y
-CONFIG_IPV6=y
-CONFIG_DRIVER_NONE=y
-CONFIG_PKCS12=y
-CONFIG_CTRL_IFACE=unix
-
-CONFIG_WPA_CLI_EDIT=y
-
-CONFIG_OCSP=y
-
-#CONFIG_ELOOP_POLL=y
-
-CONFIG_CTRL_IFACE_DBUS_NEW=y
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-CONFIG_IEEE80211R=y
-CONFIG_IEEE80211AC=y
-CONFIG_IEEE80211AX=y
-
-CONFIG_OCV=y
-
-CONFIG_DEBUG_FILE=y
-
-CONFIG_WPS=y
-#CONFIG_WPS_STRICT=y
-CONFIG_WPS_UPNP=y
-CONFIG_WPS_NFC=y
-CONFIG_WPS_ER=y
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-
-CONFIG_DRIVER_WEXT=y
-
-CONFIG_DRIVER_NL80211=y
-CFLAGS += -I/usr/include/libnl3
-CONFIG_LIBNL32=y
-
-CONFIG_IBSS_RSN=y
-
-CONFIG_AP=y
-CONFIG_MESH=y
-CONFIG_P2P=y
-CONFIG_WIFI_DISPLAY=y
-
-CONFIG_ACS=y
-
-CONFIG_BGSCAN_SIMPLE=y
-CONFIG_BGSCAN_LEARN=y
-
-CONFIG_WPA_TRACE=y
-CONFIG_WPA_TRACE_BFD=y
-
-CONFIG_TDLS=y
-CONFIG_TDLS_TESTING=y
-CONFIG_NO_RANDOM_POOL=y
-
-CONFIG_TLSV11=y
-CONFIG_TLSV12=y
-
-CONFIG_HT_OVERRIDES=y
-CONFIG_VHT_OVERRIDES=y
-CONFIG_HE_OVERRIDES=y
-
-CONFIG_DEBUG_LINUX_TRACING=y
-
-CONFIG_INTERWORKING=y
-CONFIG_HS20=y
-
-CONFIG_AUTOSCAN_EXPONENTIAL=y
-CONFIG_AUTOSCAN_PERIODIC=y
-
-CONFIG_EXT_PASSWORD_TEST=y
-CONFIG_EXT_PASSWORD_FILE=y
-
-CONFIG_EAP_UNAUTH_TLS=y
-
-CONFIG_SAE=y
-CONFIG_SAE_PK=y
-CFLAGS += -DALL_DH_GROUPS
-
-CONFIG_WNM=y
-
-CONFIG_FST=y
-CONFIG_FST_TEST=y
-
-CONFIG_TESTING_OPTIONS=y
-CONFIG_MODULE_TESTS=y
-
-CONFIG_SUITEB=y
-
-# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
-# This can be used as a more efficient memory error detector than valgrind
-# (though, with still some CPU and memory cost, so VM cases will need more
-# memory allocated for the guest).
-#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
-#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
-#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
-#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
-
-# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
-# following lines.
-#CFLAGS += -Wno-format-nonliteral
-#CFLAGS += -fsanitize=undefined
-##CFLAGS += -fno-sanitize-recover
-#LIBS += -fsanitize=undefined
-##LIBS += -fno-sanitize-recover
-#LIBS_c += -fsanitize=undefined
-#LIBS_p += -fsanitize=undefined
-CONFIG_MBO=y
-CONFIG_FILS=y
-CONFIG_FILS_SK_PFS=y
-CONFIG_PMKSA_CACHE_EXTERNAL=y
-CONFIG_OWE=y
-CONFIG_DPP=y
-CONFIG_DPP2=y
-CONFIG_WEP=y
-CONFIG_PASN=y
diff --git a/tests/hwsim/fst_module_aux.py b/tests/hwsim/fst_module_aux.py
deleted file mode 100644
index 03a0bd73e5fc..000000000000
--- a/tests/hwsim/fst_module_aux.py
+++ /dev/null
@@ -1,832 +0,0 @@
-# FST tests related classes
-# Copyright (c) 2015, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-import os
-import signal
-import time
-import re
-
-import hostapd
-import wpaspy
-import utils
-from wpasupplicant import WpaSupplicant
-
-import fst_test_common
-
-logger = logging.getLogger()
-
-def parse_fst_iface_event(ev):
-    """Parses FST iface event that comes as a string, e.g.
-    "<3>FST-EVENT-IFACE attached ifname=wlan9 group=fstg0"
-    Returns a dictionary with parsed "event_type", "ifname", and "group"; or
-    None if not an FST event or can't be parsed."""
-    event = {}
-    if ev.find("FST-EVENT-IFACE") == -1:
-        return None
-    if ev.find("attached") != -1:
-        event['event_type'] = 'attached'
-    elif ev.find("detached") != -1:
-        event['event_type'] = 'detached'
-    else:
-        return None
-    f = re.search("ifname=(\S+)", ev)
-    if f is not None:
-        event['ifname'] = f.group(1)
-    f = re.search("group=(\S+)", ev)
-    if f is not None:
-        event['group'] = f.group(1)
-    return event
-
-def parse_fst_session_event(ev):
-    """Parses FST session event that comes as a string, e.g.
-    "<3>FST-EVENT-SESSION event_type=EVENT_FST_SESSION_STATE session_id=0 reason=REASON_STT"
-    Returns a dictionary with parsed "type", "id", and "reason"; or None if not
-    a FST event or can't be parsed"""
-    event = {}
-    if ev.find("FST-EVENT-SESSION") == -1:
-        return None
-    event['new_state'] = '' # The field always exists in the dictionary
-    f = re.search("event_type=(\S+)", ev)
-    if f is None:
-        return None
-    event['type'] = f.group(1)
-    f = re.search("session_id=(\d+)", ev)
-    if f is not None:
-        event['id'] = f.group(1)
-    f = re.search("old_state=(\S+)", ev)
-    if f is not None:
-        event['old_state'] = f.group(1)
-    f = re.search("new_state=(\S+)", ev)
-    if f is not None:
-        event['new_state'] = f.group(1)
-    f = re.search("reason=(\S+)", ev)
-    if f is not None:
-        event['reason'] = f.group(1)
-    return event
-
-def start_two_ap_sta_pairs(apdev, rsn=False):
-    """auxiliary function that creates two pairs of APs and STAs"""
-    ap1 = FstAP(apdev[0]['ifname'], 'fst_11a', 'a',
-                fst_test_common.fst_test_def_chan_a,
-                fst_test_common.fst_test_def_group,
-                fst_test_common.fst_test_def_prio_low,
-                fst_test_common.fst_test_def_llt, rsn=rsn)
-    ap1.start()
-    ap2 = FstAP(apdev[1]['ifname'], 'fst_11g', 'g',
-                fst_test_common.fst_test_def_chan_g,
-                fst_test_common.fst_test_def_group,
-                fst_test_common.fst_test_def_prio_high,
-                fst_test_common.fst_test_def_llt, rsn=rsn)
-    ap2.start()
-
-    sta1 = FstSTA('wlan5',
-                  fst_test_common.fst_test_def_group,
-                  fst_test_common.fst_test_def_prio_low,
-                  fst_test_common.fst_test_def_llt, rsn=rsn)
-    sta1.start()
-    sta2 = FstSTA('wlan6',
-                  fst_test_common.fst_test_def_group,
-                  fst_test_common.fst_test_def_prio_high,
-                  fst_test_common.fst_test_def_llt, rsn=rsn)
-    sta2.start()
-
-    return ap1, ap2, sta1, sta2
-
-def stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2):
-    sta1.stop()
-    sta2.stop()
-    ap1.stop()
-    ap2.stop()
-    fst_test_common.fst_clear_regdom()
-
-def connect_two_ap_sta_pairs(ap1, ap2, dev1, dev2, rsn=False):
-    """Connects a pair of stations, each one to a separate AP"""
-    dev1.scan(freq=fst_test_common.fst_test_def_freq_a)
-    dev2.scan(freq=fst_test_common.fst_test_def_freq_g)
-
-    if rsn:
-        dev1.connect(ap1, psk="12345678",
-                     scan_freq=fst_test_common.fst_test_def_freq_a)
-        dev2.connect(ap2, psk="12345678",
-                     scan_freq=fst_test_common.fst_test_def_freq_g)
-    else:
-        dev1.connect(ap1, key_mgmt="NONE",
-                     scan_freq=fst_test_common.fst_test_def_freq_a)
-        dev2.connect(ap2, key_mgmt="NONE",
-                     scan_freq=fst_test_common.fst_test_def_freq_g)
-
-def disconnect_two_ap_sta_pairs(ap1, ap2, dev1, dev2):
-    dev1.disconnect()
-    dev2.disconnect()
-
-def external_sta_connect(sta, ap, **kwargs):
-    """Connects the external station to the given AP"""
-    if not isinstance(sta, WpaSupplicant):
-        raise Exception("Bad STA object")
-    if not isinstance(ap, FstAP):
-        raise Exception("Bad AP object to connect to")
-    hap = ap.get_instance()
-    sta.connect(ap.get_ssid(), **kwargs)
-
-def disconnect_external_sta(sta, ap, check_disconnect=True):
-    """Disconnects the external station from the AP"""
-    if not isinstance(sta, WpaSupplicant):
-        raise Exception("Bad STA object")
-    if not isinstance(ap, FstAP):
-        raise Exception("Bad AP object to connect to")
-    sta.request("DISCONNECT")
-    if check_disconnect:
-        hap = ap.get_instance()
-        ev = hap.wait_event(["AP-STA-DISCONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("No disconnection event received from %s" % ap.get_ssid())
-
-#
-# FstDevice class
-# This is the parent class for the AP (FstAP) and STA (FstSTA) that implements
-# FST functionality.
-#
-class FstDevice:
-    def __init__(self, iface, fst_group, fst_pri, fst_llt=None, rsn=False):
-        self.iface = iface
-        self.fst_group = fst_group
-        self.fst_pri = fst_pri
-        self.fst_llt = fst_llt  # None llt means no llt parameter will be set
-        self.instance = None    # Hostapd/WpaSupplicant instance
-        self.peer_obj = None    # Peer object, must be a FstDevice child object
-        self.new_peer_addr = None # Peer MAC address for new session iface
-        self.old_peer_addr = None # Peer MAC address for old session iface
-        self.role = 'initiator' # Role: initiator/responder
-        s = self.grequest("FST-MANAGER TEST_REQUEST IS_SUPPORTED")
-        if not s.startswith('OK'):
-            raise utils.HwsimSkip("FST not supported")
-        self.rsn = rsn
-
-    def ifname(self):
-        return self.iface
-
-    def get_instance(self):
-        """Gets the Hostapd/WpaSupplicant instance"""
-        raise Exception("Virtual get_instance() called!")
-
-    def get_own_mac_address(self):
-        """Gets the device's own MAC address"""
-        raise Exception("Virtual get_own_mac_address() called!")
-
-    def get_new_peer_addr(self):
-        return self.new_peer_addr
-
-    def get_old_peer_addr(self):
-        return self.old_peer_addr
-
-    def get_actual_peer_addr(self):
-        """Gets the peer address. A connected AP/station address is returned."""
-        raise Exception("Virtual get_actual_peer_addr() called!")
-
-    def grequest(self, req):
-        """Send request on the global control interface"""
-        raise Exception("Virtual grequest() called!")
-
-    def wait_gevent(self, events, timeout=None):
-        """Wait for a list of events on the global interface"""
-        raise Exception("Virtual wait_gevent() called!")
-
-    def request(self, req):
-        """Issue a request to the control interface"""
-        h = self.get_instance()
-        return h.request(req)
-
-    def wait_event(self, events, timeout=None):
-        """Wait for an event from the control interface"""
-        h = self.get_instance()
-        if timeout is not None:
-            return h.wait_event(events, timeout=timeout)
-        else:
-            return h.wait_event(events)
-
-    def set_old_peer_addr(self, peer_addr=None):
-        """Sets the peer address"""
-        if peer_addr is not None:
-            self.old_peer_addr = peer_addr
-        else:
-            self.old_peer_addr = self.get_actual_peer_addr()
-
-    def set_new_peer_addr(self, peer_addr=None):
-        """Sets the peer address"""
-        if peer_addr is not None:
-            self.new_peer_addr = peer_addr
-        else:
-            self.new_peer_addr = self.get_actual_peer_addr()
-
-    def add_peer(self, obj, old_peer_addr=None, new_peer_addr=None):
-        """Add peer for FST session(s). 'obj' is a FstDevice subclass object.
-        The method must be called before add_session().
-        If peer_addr is not specified, the address of the currently connected
-        station is used."""
-        if not isinstance(obj, FstDevice):
-            raise Exception("Peer must be a FstDevice object")
-        self.peer_obj = obj
-        self.set_old_peer_addr(old_peer_addr)
-        self.set_new_peer_addr(new_peer_addr)
-
-    def get_peer(self):
-        """Returns peer object"""
-        return self.peer_obj
-
-    def set_fst_parameters(self, group_id=None, pri=None, llt=None):
-        """Change/set new FST parameters. Can be used to start FST sessions with
-        different FST parameters than defined in the configuration file."""
-        if group_id is not None:
-            self.fst_group = group_id
-        if pri is not None:
-            self.fst_pri = pri
-        if llt is not None:
-            self.fst_llt = llt
-
-    def get_local_mbies(self, ifname=None):
-        if_name = ifname if ifname is not None else self.iface
-        return self.grequest("FST-MANAGER TEST_REQUEST GET_LOCAL_MBIES " + if_name)
-
-    def add_session(self):
-        """Adds an FST session. add_peer() must be called calling this
-        function"""
-        if self.peer_obj is None:
-            raise Exception("Peer wasn't added before starting session")
-        self.dump_monitor()
-        grp = ' ' + self.fst_group if self.fst_group != '' else ''
-        sid = self.grequest("FST-MANAGER SESSION_ADD" + grp)
-        sid = sid.strip()
-        if sid.startswith("FAIL"):
-            raise Exception("Cannot add FST session with groupid ==" + grp)
-        self.dump_monitor()
-        return sid
-
-    def set_session_param(self, params):
-        request = "FST-MANAGER SESSION_SET"
-        if params is not None and params != '':
-            request = request + ' ' + params
-        return self.grequest(request)
-
-    def get_session_params(self, sid):
-        request = "FST-MANAGER SESSION_GET " + sid
-        res = self.grequest(request)
-        if res.startswith("FAIL"):
-            return None
-        params = {}
-        for i in res.splitlines():
-            p = i.split('=')
-            params[p[0]] = p[1]
-        return params
-
-    def iface_peers(self, ifname):
-        grp = self.fst_group if self.fst_group != '' else ''
-        res = self.grequest("FST-MANAGER IFACE_PEERS " + grp + ' ' + ifname)
-        if res.startswith("FAIL"):
-            return None
-        return res.splitlines()
-
-    def get_peer_mbies(self, ifname, peer_addr):
-        return self.grequest("FST-MANAGER GET_PEER_MBIES %s %s" % (ifname, peer_addr))
-
-    def list_ifaces(self):
-        grp = self.fst_group if self.fst_group != '' else ''
-        res = self.grequest("FST-MANAGER LIST_IFACES " + grp)
-        if res.startswith("FAIL"):
-            return None
-        ifaces = []
-        for i in res.splitlines():
-            p = i.split(':')
-            iface = {}
-            iface['name'] = p[0]
-            iface['priority'] = p[1]
-            iface['llt'] = p[2]
-            ifaces.append(iface)
-        return ifaces
-
-    def list_groups(self):
-        res = self.grequest("FST-MANAGER LIST_GROUPS")
-        if res.startswith("FAIL"):
-            return None
-        return res.splitlines()
-
-    def configure_session(self, sid, new_iface, old_iface=None):
-        """Calls session_set for a number of parameters some of which are stored
-        in "self" while others are passed to this function explicitly. If
-        old_iface is None, current iface is used; if old_iface is an empty
-        string."""
-        self.dump_monitor()
-        oldiface = old_iface if old_iface is not None else self.iface
-        s = self.set_session_param(sid + ' old_ifname=' + oldiface)
-        if not s.startswith("OK"):
-            raise Exception("Cannot set FST session old_ifname: " + s)
-        if new_iface is not None:
-            s = self.set_session_param(sid + " new_ifname=" + new_iface)
-            if not s.startswith("OK"):
-                raise Exception("Cannot set FST session new_ifname:" + s)
-        if self.new_peer_addr is not None and self.new_peer_addr != '':
-            s = self.set_session_param(sid + " new_peer_addr=" + self.new_peer_addr)
-            if not s.startswith("OK"):
-                raise Exception("Cannot set FST session peer address:" + s + " (new)")
-        if self.old_peer_addr is not None and self.old_peer_addr != '':
-            s = self.set_session_param(sid + " old_peer_addr=" + self.old_peer_addr)
-            if not s.startswith("OK"):
-                raise Exception("Cannot set FST session peer address:" + s + " (old)")
-        if self.fst_llt is not None and self.fst_llt != '':
-            s = self.set_session_param(sid + " llt=" + self.fst_llt)
-            if not s.startswith("OK"):
-                raise Exception("Cannot set FST session llt:" + s)
-        self.dump_monitor()
-
-    def send_iface_attach_request(self, ifname, group, llt, priority):
-        request = "FST-ATTACH " + ifname + ' ' + group
-        if llt is not None:
-            request += " llt=" + llt
-        if priority is not None:
-            request += " priority=" + priority
-        res = self.grequest(request)
-        if not res.startswith("OK"):
-            raise Exception("Cannot attach FST iface: " + res)
-
-    def send_iface_detach_request(self, ifname):
-        res = self.grequest("FST-DETACH " + ifname)
-        if not res.startswith("OK"):
-            raise Exception("Cannot detach FST iface: " + res)
-
-    def send_session_setup_request(self, sid):
-        s = self.grequest("FST-MANAGER SESSION_INITIATE " + sid)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send setup request: %s" % s)
-        return s
-
-    def send_session_setup_response(self, sid, response):
-        request = "FST-MANAGER SESSION_RESPOND " + sid + " " + response
-        s = self.grequest(request)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send setup response: %s" % s)
-        return s
-
-    def send_test_session_setup_request(self, fsts_id,
-                                        additional_parameter=None):
-        request = "FST-MANAGER TEST_REQUEST SEND_SETUP_REQUEST " + fsts_id
-        if additional_parameter is not None:
-            request += " " + additional_parameter
-        s = self.grequest(request)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send FST setup request: %s" % s)
-        return s
-
-    def send_test_session_setup_response(self, fsts_id,
-                                         response, additional_parameter=None):
-        request = "FST-MANAGER TEST_REQUEST SEND_SETUP_RESPONSE " + fsts_id + " " + response
-        if additional_parameter is not None:
-            request += " " + additional_parameter
-        s = self.grequest(request)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send FST setup response: %s" % s)
-        return s
-
-    def send_test_ack_request(self, fsts_id):
-        s = self.grequest("FST-MANAGER TEST_REQUEST SEND_ACK_REQUEST " + fsts_id)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send FST ack request: %s" % s)
-        return s
-
-    def send_test_ack_response(self, fsts_id):
-        s = self.grequest("FST-MANAGER TEST_REQUEST SEND_ACK_RESPONSE " + fsts_id)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send FST ack response: %s" % s)
-        return s
-
-    def send_test_tear_down(self, fsts_id):
-        s = self.grequest("FST-MANAGER TEST_REQUEST SEND_TEAR_DOWN " + fsts_id)
-        if not s.startswith('OK'):
-            raise Exception("Cannot send FST tear down: %s" % s)
-        return s
-
-    def get_fsts_id_by_sid(self, sid):
-        s = self.grequest("FST-MANAGER TEST_REQUEST GET_FSTS_ID " + sid)
-        if s == ' ' or s.startswith('FAIL'):
-            raise Exception("Cannot get fsts_id for sid == %s" % sid)
-        return int(s)
-
-    def wait_for_iface_event(self, timeout):
-        while True:
-            ev = self.wait_gevent(["FST-EVENT-IFACE"], timeout)
-            if ev is None:
-                raise Exception("No FST-EVENT-IFACE received")
-            event = parse_fst_iface_event(ev)
-            if event is None:
-                # We can't parse so it's not our event, wait for next one
-                continue
-            return event
-
-    def wait_for_session_event(self, timeout, events_to_ignore=[],
-                               events_to_count=[]):
-        while True:
-            ev = self.wait_gevent(["FST-EVENT-SESSION"], timeout)
-            if ev is None:
-                raise Exception("No FST-EVENT-SESSION received")
-            event = parse_fst_session_event(ev)
-            if event is None:
-                # We can't parse so it's not our event, wait for next one
-                continue
-            if len(events_to_ignore) > 0:
-                if event['type'] in events_to_ignore:
-                    continue
-            elif len(events_to_count) > 0:
-                if event['type'] not in events_to_count:
-                    continue
-            return event
-
-    def initiate_session(self, sid, response="accept"):
-        """Initiates FST session with given session id 'sid'.
-        'response' is the session respond answer: "accept", "reject", or a
-        special "timeout" value to skip the response in order to test session
-        timeouts.
-        Returns: "OK" - session has been initiated, otherwise the reason for the
-        reset: REASON_REJECT, REASON_STT."""
-        strsid = ' ' + sid if sid != '' else ''
-        s = self.grequest("FST-MANAGER SESSION_INITIATE"+ strsid)
-        if not s.startswith('OK'):
-            raise Exception("Cannot initiate fst session: %s" % s)
-        ev = self.peer_obj.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION received")
-        # We got FST event
-        event = parse_fst_session_event(ev)
-        if event == None:
-            raise Exception("Unrecognized FST event: " % ev)
-        if event['type'] != 'EVENT_FST_SETUP':
-            raise Exception("Expected FST_SETUP event, got: " + event['type'])
-        ev = self.peer_obj.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION received")
-        event = parse_fst_session_event(ev)
-        if event == None:
-            raise Exception("Unrecognized FST event: " % ev)
-        if event['type'] != 'EVENT_FST_SESSION_STATE':
-            raise Exception("Expected EVENT_FST_SESSION_STATE event, got: " + event['type'])
-        if event['new_state'] != "SETUP_COMPLETION":
-            raise Exception("Expected new state SETUP_COMPLETION, got: " + event['new_state'])
-        if response == '':
-            return 'OK'
-        if response != "timeout":
-            s = self.peer_obj.grequest("FST-MANAGER SESSION_RESPOND "+ event['id'] + " " + response)  # Or reject
-            if not s.startswith('OK'):
-                raise Exception("Error session_respond: %s" % s)
-        # Wait for EVENT_FST_SESSION_STATE events. We should get at least 2
-        # events. The 1st event will be EVENT_FST_SESSION_STATE
-        # old_state=INITIAL new_state=SETUP_COMPLETED. The 2nd event will be
-        # either EVENT_FST_ESTABLISHED with the session id or
-        # EVENT_FST_SESSION_STATE with new_state=INITIAL if the session was
-        # reset, the reason field will tell why.
-        result = ''
-        while result == '':
-            ev = self.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-            if ev is None:
-                break # No session event received
-            event = parse_fst_session_event(ev)
-            if event == None:
-                # We can't parse so it's not our event, wait for next one
-                continue
-            if event['type'] == 'EVENT_FST_ESTABLISHED':
-                result = "OK"
-                break
-            elif event['type'] == "EVENT_FST_SESSION_STATE":
-                if event['new_state'] == "INITIAL":
-                    # Session was reset, the only reason to get back to initial
-                    # state.
-                    result = event['reason']
-                    break
-        if result == '':
-            raise Exception("No event for session respond")
-        return result
-
-    def transfer_session(self, sid):
-        """Transfers the session. 'sid' is the session id. 'hsta' is the
-        station-responder object.
-        Returns: REASON_SWITCH - the session has been transferred successfully
-        or a REASON_... reported by the reset event."""
-        request = "FST-MANAGER SESSION_TRANSFER"
-        self.dump_monitor()
-        if sid != '':
-            request += ' ' + sid
-        s = self.grequest(request)
-        if not s.startswith('OK'):
-            raise Exception("Cannot transfer fst session: %s" % s)
-        result = ''
-        while result == '':
-            ev = self.peer_obj.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-            if ev is None:
-                raise Exception("Missing session transfer event")
-            # We got FST event. We expect TRANSITION_CONFIRMED state and then
-            # INITIAL (reset) with the reason (e.g. "REASON_SWITCH").
-            # Right now we'll be waiting for the reset event and record the
-            # reason.
-            event = parse_fst_session_event(ev)
-            if event == None:
-                raise Exception("Unrecognized FST event: " % ev)
-            if event['new_state'] == 'INITIAL':
-                result = event['reason']
-        self.dump_monitor()
-        return result
-
-    def wait_for_tear_down(self):
-        ev = self.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION received")
-        # We got FST event
-        event = parse_fst_session_event(ev)
-        if event == None:
-            raise Exception("Unrecognized FST event: " % ev)
-        if event['type'] != 'EVENT_FST_SESSION_STATE':
-            raise Exception("Expected EVENT_FST_SESSION_STATE event, got: " + event['type'])
-        if event['new_state'] != "INITIAL":
-            raise Exception("Expected new state INITIAL, got: " + event['new_state'])
-        if event['reason'] != 'REASON_TEARDOWN':
-            raise Exception("Expected reason REASON_TEARDOWN, got: " + event['reason'])
-
-    def teardown_session(self, sid):
-        """Tears down FST session with a given session id ('sid')"""
-        strsid = ' ' + sid if sid != '' else ''
-        s = self.grequest("FST-MANAGER SESSION_TEARDOWN" + strsid)
-        if not s.startswith('OK'):
-            raise Exception("Cannot tear down fst session: %s" % s)
-        self.peer_obj.wait_for_tear_down()
-
-
-    def remove_session(self, sid, wait_for_tear_down=True):
-        """Removes FST session with a given session id ('sid')"""
-        strsid = ' ' + sid if sid != '' else ''
-        s = self.grequest("FST-MANAGER SESSION_REMOVE" + strsid)
-        if not s.startswith('OK'):
-            raise Exception("Cannot remove fst session: %s" % s)
-        if wait_for_tear_down == True:
-            self.peer_obj.wait_for_tear_down()
-
-    def remove_all_sessions(self):
-        """Removes FST session with a given session id ('sid')"""
-        grp = ' ' + self.fst_group if self.fst_group != '' else ''
-        s = self.grequest("FST-MANAGER LIST_SESSIONS" + grp)
-        if not s.startswith('FAIL'):
-            for sid in s.splitlines():
-                sid = sid.strip()
-                if len(sid) != 0:
-                    self.remove_session(sid, wait_for_tear_down=False)
-
-
-#
-# FstAP class
-#
-class FstAP(FstDevice):
-    def __init__(self, iface, ssid, mode, chan, fst_group, fst_pri,
-                 fst_llt=None, rsn=False):
-        """If fst_group is empty, then FST parameters will not be set
-        If fst_llt is empty, the parameter will not be set and the default value
-        is expected to be configured."""
-        self.ssid = ssid
-        self.mode = mode
-        self.chan = chan
-        self.reg_ctrl = fst_test_common.HapdRegCtrl()
-        self.reg_ctrl.add_ap(iface, self.chan)
-        self.global_instance = hostapd.HostapdGlobal()
-        FstDevice.__init__(self, iface, fst_group, fst_pri, fst_llt, rsn)
-
-    def start(self, return_early=False):
-        """Starts AP the "standard" way as it was intended by hostapd tests.
-        This will work only when FST supports fully dynamically loading
-        parameters in hostapd."""
-        params = {}
-        params['ssid'] = self.ssid
-        params['hw_mode'] = self.mode
-        params['channel'] = self.chan
-        params['country_code'] = 'US'
-        if self.rsn:
-            params['wpa'] = '2'
-            params['wpa_key_mgmt'] = 'WPA-PSK'
-            params['rsn_pairwise'] = 'CCMP'
-            params['wpa_passphrase'] = '12345678'
-        self.hapd = hostapd.add_ap(self.iface, params)
-        if not self.hapd.ping():
-            raise Exception("Could not ping FST hostapd")
-        self.reg_ctrl.start()
-        self.get_global_instance()
-        if return_early:
-            return self.hapd
-        if len(self.fst_group) != 0:
-            self.send_iface_attach_request(self.iface, self.fst_group,
-                                           self.fst_llt, self.fst_pri)
-        return self.hapd
-
-    def stop(self):
-        """Removes the AP, To be used when dynamic fst APs are implemented in
-        hostapd."""
-        if len(self.fst_group) != 0:
-            self.remove_all_sessions()
-            try:
-                self.send_iface_detach_request(self.iface)
-            except Exception as e:
-                logger.info(str(e))
-        self.reg_ctrl.stop()
-        del self.global_instance
-        self.global_instance = None
-
-    def get_instance(self):
-        """Return the Hostapd/WpaSupplicant instance"""
-        if self.instance is None:
-            self.instance = hostapd.Hostapd(self.iface)
-        return self.instance
-
-    def get_global_instance(self):
-        return self.global_instance
-
-    def get_own_mac_address(self):
-        """Gets the device's own MAC address"""
-        h = self.get_instance()
-        status = h.get_status()
-        return status['bssid[0]']
-
-    def get_actual_peer_addr(self):
-        """Gets the peer address. A connected station address is returned."""
-        # Use the device instance, the global control interface doesn't have
-        # station address
-        h = self.get_instance()
-        sta = h.get_sta(None)
-        if sta is None or 'addr' not in sta:
-            # Maybe station is not connected?
-            addr = None
-        else:
-            addr = sta['addr']
-        return addr
-
-    def grequest(self, req):
-        """Send request on the global control interface"""
-        logger.debug("FstAP::grequest: " + req)
-        h = self.get_global_instance()
-        return h.request(req)
-
-    def wait_gevent(self, events, timeout=None):
-        """Wait for a list of events on the global interface"""
-        h = self.get_global_instance()
-        if timeout is not None:
-            return h.wait_event(events, timeout=timeout)
-        else:
-            return h.wait_event(events)
-
-    def get_ssid(self):
-        return self.ssid
-
-    def dump_monitor(self):
-        """Dump control interface monitor events"""
-        if self.instance:
-            self.instance.dump_monitor()
-
-#
-# FstSTA class
-#
-class FstSTA(FstDevice):
-    def __init__(self, iface, fst_group, fst_pri, fst_llt=None, rsn=False):
-        """If fst_group is empty, then FST parameters will not be set
-        If fst_llt is empty, the parameter will not be set and the default value
-        is expected to be configured."""
-        FstDevice.__init__(self, iface, fst_group, fst_pri, fst_llt, rsn)
-        self.connected = None # FstAP object the station is connected to
-
-    def start(self):
-        """Current implementation involves running another instance of
-        wpa_supplicant with fixed FST STAs configurations. When any type of
-        dynamic STA loading is implemented, rewrite the function similarly to
-        FstAP."""
-        h = self.get_instance()
-        h.interface_add(self.iface, drv_params="force_connect_cmd=1")
-        if not h.global_ping():
-            raise Exception("Could not ping FST wpa_supplicant")
-        if len(self.fst_group) != 0:
-            self.send_iface_attach_request(self.iface, self.fst_group,
-                                           self.fst_llt, self.fst_pri)
-        return None
-
-    def stop(self):
-        """Removes the STA. In a static (temporary) implementation does nothing,
-        the STA will be removed when the fst wpa_supplicant process is killed by
-        fstap.cleanup()."""
-        h = self.get_instance()
-        h.dump_monitor()
-        if len(self.fst_group) != 0:
-            self.remove_all_sessions()
-            self.send_iface_detach_request(self.iface)
-            h.dump_monitor()
-        h.interface_remove(self.iface)
-        h.close_ctrl()
-        del h
-        self.instance = None
-
-    def get_instance(self):
-        """Return the Hostapd/WpaSupplicant instance"""
-        if self.instance is None:
-             self.instance = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        return self.instance
-
-    def get_own_mac_address(self):
-        """Gets the device's own MAC address"""
-        h = self.get_instance()
-        status = h.get_status()
-        return status['address']
-
-    def get_actual_peer_addr(self):
-        """Gets the peer address. A connected station address is returned"""
-        h = self.get_instance()
-        status = h.get_status()
-        return status['bssid']
-
-    def grequest(self, req):
-        """Send request on the global control interface"""
-        logger.debug("FstSTA::grequest: " + req)
-        h = self.get_instance()
-        return h.global_request(req)
-
-    def wait_gevent(self, events, timeout=None):
-        """Wait for a list of events on the global interface"""
-        h = self.get_instance()
-        if timeout is not None:
-            return h.wait_global_event(events, timeout=timeout)
-        else:
-            return h.wait_global_event(events)
-
-    def scan(self, freq=None, no_wait=False, only_new=False):
-        """Issue Scan with given parameters. Returns the BSS dictionary for the
-        AP found (the 1st BSS found. TODO: What if the AP required is not the
-        1st in list?) or None if no BSS found. None call be also a result of
-        no_wait=True. Note, request("SCAN_RESULTS") can be used to get all the
-        results at once."""
-        h = self.get_instance()
-        h.dump_monitor()
-        h.scan(None, freq, no_wait, only_new)
-        r = h.get_bss('0')
-        h.dump_monitor()
-        return r
-
-    def connect(self, ap, **kwargs):
-        """Connects to the given AP"""
-        if not isinstance(ap, FstAP):
-            raise Exception("Bad AP object to connect to")
-        h = self.get_instance()
-        hap = ap.get_instance()
-        h.dump_monitor()
-        h.connect(ap.get_ssid(), **kwargs)
-        h.dump_monitor()
-        self.connected = ap
-
-    def connect_to_external_ap(self, ap, ssid, check_connection=True, **kwargs):
-        """Connects to the given external AP"""
-        if not isinstance(ap, hostapd.Hostapd):
-            raise Exception("Bad AP object to connect to")
-        h = self.get_instance()
-        h.dump_monitor()
-        h.connect(ssid, **kwargs)
-        self.connected = ap
-        if check_connection:
-            ev = ap.wait_event(["AP-STA-CONNECTED"], timeout=10)
-            if ev is None:
-                self.connected = None
-                raise Exception("No connection event received from %s" % ssid)
-            h.dump_monitor()
-
-    def disconnect(self, check_disconnect=True):
-        """Disconnects from the AP the station is currently connected to"""
-        if self.connected is not None:
-            h = self.get_instance()
-            h.dump_monitor()
-            h.request("DISCONNECT")
-            if check_disconnect:
-                hap = self.connected.get_instance()
-                ev = hap.wait_event(["AP-STA-DISCONNECTED"], timeout=10)
-                if ev is None:
-                    raise Exception("No disconnection event received from %s" % self.connected.get_ssid())
-                h.dump_monitor()
-            self.connected = None
-
-
-    def disconnect_from_external_ap(self, check_disconnect=True):
-        """Disconnects from the external AP the station is currently connected
-        to"""
-        if self.connected is not None:
-            h = self.get_instance()
-            h.dump_monitor()
-            h.request("DISCONNECT")
-            if check_disconnect:
-                hap = self.connected
-                ev = hap.wait_event(["AP-STA-DISCONNECTED"], timeout=10)
-                if ev is None:
-                    raise Exception("No disconnection event received from AP")
-                h.dump_monitor()
-            self.connected = None
-
-    def dump_monitor(self):
-        """Dump control interface monitor events"""
-        if self.instance:
-            self.instance.dump_monitor()
diff --git a/tests/hwsim/fst_test_common.py b/tests/hwsim/fst_test_common.py
deleted file mode 100644
index 440d65f9f3fd..000000000000
--- a/tests/hwsim/fst_test_common.py
+++ /dev/null
@@ -1,92 +0,0 @@
-# FST tests related definitions
-# Copyright (c) 2015, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import subprocess
-import time
-import logging
-
-import hostapd
-
-logger = logging.getLogger()
-
-fst_test_def_group = 'fstg0'
-fst_test_def_freq_g = '2412' # Channel 1
-fst_test_def_freq_a = '5180' # Channel 36
-fst_test_def_chan_g = '1'
-fst_test_def_chan_a = '36'
-fst_test_def_prio_low = '100'
-fst_test_def_prio_high = '110'
-fst_test_def_llt = '100'
-fst_test_def_reg_domain = '00'
-
-class HapdRegCtrl:
-    def __init__(self):
-        self.ifname = None
-        self.changed = False
-
-    def start(self):
-        if self.ifname != None:
-             hapd = hostapd.Hostapd(self.ifname)
-             self.changed = self.wait_hapd_reg_change(hapd)
-
-    def stop(self):
-        if self.changed == True:
-            self.restore_reg_domain()
-            self.changed = False
-
-    def add_ap(self, ifname, chan):
-        if self.changed == False and self.channel_may_require_reg_change(chan):
-             self.ifname = ifname
-
-    @staticmethod
-    def channel_may_require_reg_change(chan):
-        if int(chan) > 14:
-            return True
-        return False
-
-    @staticmethod
-    def wait_hapd_reg_change(hapd):
-        state = hapd.get_status_field("state")
-        if state != "COUNTRY_UPDATE":
-            state = hapd.get_status_field("state")
-            if state != "ENABLED":
-                raise Exception("Unexpected interface state - expected COUNTRY_UPDATE")
-            else:
-                logger.debug("fst hostapd: regulatory domain already set")
-                return True
-
-        logger.debug("fst hostapd: waiting for regulatory domain to be set...")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        logger.debug("fst hostapd: regulatory domain set")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state - expected ENABLED")
-
-        logger.debug("fst hostapd: regulatory domain ready")
-        return True
-
-    @staticmethod
-    def restore_reg_domain():
-        logger.debug("fst hostapd: waiting for regulatory domain to be restored...")
-
-        res = subprocess.call(['iw', 'reg', 'set', fst_test_def_reg_domain])
-        if res != 0:
-            raise Exception("Cannot restore regulatory domain")
-
-        logger.debug("fst hostapd: regulatory domain ready")
-
-def fst_clear_regdom():
-    cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    if "country 00:" not in res:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        time.sleep(0.1)
diff --git a/tests/hwsim/hostapd.py b/tests/hwsim/hostapd.py
deleted file mode 100644
index f9becfcef4a6..000000000000
--- a/tests/hwsim/hostapd.py
+++ /dev/null
@@ -1,885 +0,0 @@
-# Python class for controlling hostapd
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import re
-import time
-import logging
-import binascii
-import struct
-import tempfile
-import wpaspy
-import remotehost
-import utils
-import subprocess
-
-logger = logging.getLogger()
-hapd_ctrl = '/var/run/hostapd'
-hapd_global = '/var/run/hostapd-global'
-
-def mac2tuple(mac):
-    return struct.unpack('6B', binascii.unhexlify(mac.replace(':', '')))
-
-class HostapdGlobal:
-    def __init__(self, apdev=None, global_ctrl_override=None):
-        try:
-            hostname = apdev['hostname']
-            port = apdev['port']
-        except:
-            hostname = None
-            port = 8878
-        self.host = remotehost.Host(hostname)
-        self.hostname = hostname
-        self.port = port
-        if hostname is None:
-            global_ctrl = hapd_global
-            if global_ctrl_override:
-                global_ctrl = global_ctrl_override
-            self.ctrl = wpaspy.Ctrl(global_ctrl)
-            self.mon = wpaspy.Ctrl(global_ctrl)
-            self.dbg = ""
-        else:
-            self.ctrl = wpaspy.Ctrl(hostname, port)
-            self.mon = wpaspy.Ctrl(hostname, port)
-            self.dbg = hostname + "/" + str(port)
-        self.mon.attach()
-
-    def cmd_execute(self, cmd_array, shell=False):
-        if self.hostname is None:
-            if shell:
-                cmd = ' '.join(cmd_array)
-            else:
-                cmd = cmd_array
-            proc = subprocess.Popen(cmd, stderr=subprocess.STDOUT,
-                                    stdout=subprocess.PIPE, shell=shell)
-            out = proc.communicate()[0]
-            ret = proc.returncode
-            return ret, out.decode()
-        else:
-            return self.host.execute(cmd_array)
-
-    def request(self, cmd, timeout=10):
-        logger.debug(self.dbg + ": CTRL(global): " + cmd)
-        return self.ctrl.request(cmd, timeout)
-
-    def wait_event(self, events, timeout):
-        start = os.times()[4]
-        while True:
-            while self.mon.pending():
-                ev = self.mon.recv()
-                logger.debug(self.dbg + "(global): " + ev)
-                for event in events:
-                    if event in ev:
-                        return ev
-            now = os.times()[4]
-            remaining = start + timeout - now
-            if remaining <= 0:
-                break
-            if not self.mon.pending(timeout=remaining):
-                break
-        return None
-
-    def add(self, ifname, driver=None):
-        cmd = "ADD " + ifname + " " + hapd_ctrl
-        if driver:
-            cmd += " " + driver
-        res = self.request(cmd)
-        if "OK" not in res:
-            raise Exception("Could not add hostapd interface " + ifname)
-
-    def add_iface(self, ifname, confname):
-        res = self.request("ADD " + ifname + " config=" + confname)
-        if "OK" not in res:
-            raise Exception("Could not add hostapd interface")
-
-    def add_bss(self, phy, confname, ignore_error=False):
-        res = self.request("ADD bss_config=" + phy + ":" + confname)
-        if "OK" not in res:
-            if not ignore_error:
-                raise Exception("Could not add hostapd BSS")
-
-    def remove(self, ifname):
-        self.request("REMOVE " + ifname, timeout=30)
-
-    def relog(self):
-        self.request("RELOG")
-
-    def flush(self):
-        self.request("FLUSH")
-
-    def get_ctrl_iface_port(self, ifname):
-        if self.hostname is None:
-            return None
-
-        res = self.request("INTERFACES ctrl")
-        lines = res.splitlines()
-        found = False
-        for line in lines:
-            words = line.split()
-            if words[0] == ifname:
-                found = True
-                break
-        if not found:
-            raise Exception("Could not find UDP port for " + ifname)
-        res = line.find("ctrl_iface=udp:")
-        if res == -1:
-            raise Exception("Wrong ctrl_interface format")
-        words = line.split(":")
-        return int(words[1])
-
-    def terminate(self):
-        self.mon.detach()
-        self.mon.close()
-        self.mon = None
-        self.ctrl.terminate()
-        self.ctrl = None
-
-    def send_file(self, src, dst):
-        self.host.send_file(src, dst)
-
-class Hostapd:
-    def __init__(self, ifname, bssidx=0, hostname=None, port=8877):
-        self.hostname = hostname
-        self.host = remotehost.Host(hostname, ifname)
-        self.ifname = ifname
-        if hostname is None:
-            self.ctrl = wpaspy.Ctrl(os.path.join(hapd_ctrl, ifname))
-            self.mon = wpaspy.Ctrl(os.path.join(hapd_ctrl, ifname))
-            self.dbg = ifname
-        else:
-            self.ctrl = wpaspy.Ctrl(hostname, port)
-            self.mon = wpaspy.Ctrl(hostname, port)
-            self.dbg = hostname + "/" + ifname
-        self.mon.attach()
-        self.bssid = None
-        self.bssidx = bssidx
-
-    def cmd_execute(self, cmd_array, shell=False):
-        if self.hostname is None:
-            if shell:
-                cmd = ' '.join(cmd_array)
-            else:
-                cmd = cmd_array
-            proc = subprocess.Popen(cmd, stderr=subprocess.STDOUT,
-                                    stdout=subprocess.PIPE, shell=shell)
-            out = proc.communicate()[0]
-            ret = proc.returncode
-            return ret, out.decode()
-        else:
-            return self.host.execute(cmd_array)
-
-    def close_ctrl(self):
-        if self.mon is not None:
-            self.mon.detach()
-            self.mon.close()
-            self.mon = None
-            self.ctrl.close()
-            self.ctrl = None
-
-    def own_addr(self):
-        if self.bssid is None:
-            self.bssid = self.get_status_field('bssid[%d]' % self.bssidx)
-        return self.bssid
-
-    def get_addr(self, group=False):
-        return self.own_addr()
-
-    def request(self, cmd):
-        logger.debug(self.dbg + ": CTRL: " + cmd)
-        return self.ctrl.request(cmd)
-
-    def ping(self):
-        return "PONG" in self.request("PING")
-
-    def set(self, field, value):
-        if "OK" not in self.request("SET " + field + " " + value):
-            if "TKIP" in value and (field == "wpa_pairwise" or \
-                                    field == "rsn_pairwise"):
-                raise utils.HwsimSkip("Cipher TKIP not supported")
-            raise Exception("Failed to set hostapd parameter " + field)
-
-    def set_defaults(self):
-        self.set("driver", "nl80211")
-        self.set("hw_mode", "g")
-        self.set("channel", "1")
-        self.set("ieee80211n", "1")
-        self.set("logger_stdout", "-1")
-        self.set("logger_stdout_level", "0")
-
-    def set_open(self, ssid):
-        self.set_defaults()
-        self.set("ssid", ssid)
-
-    def set_wpa2_psk(self, ssid, passphrase):
-        self.set_defaults()
-        self.set("ssid", ssid)
-        self.set("wpa_passphrase", passphrase)
-        self.set("wpa", "2")
-        self.set("wpa_key_mgmt", "WPA-PSK")
-        self.set("rsn_pairwise", "CCMP")
-
-    def set_wpa_psk(self, ssid, passphrase):
-        self.set_defaults()
-        self.set("ssid", ssid)
-        self.set("wpa_passphrase", passphrase)
-        self.set("wpa", "1")
-        self.set("wpa_key_mgmt", "WPA-PSK")
-        self.set("wpa_pairwise", "TKIP")
-
-    def set_wpa_psk_mixed(self, ssid, passphrase):
-        self.set_defaults()
-        self.set("ssid", ssid)
-        self.set("wpa_passphrase", passphrase)
-        self.set("wpa", "3")
-        self.set("wpa_key_mgmt", "WPA-PSK")
-        self.set("wpa_pairwise", "TKIP")
-        self.set("rsn_pairwise", "CCMP")
-
-    def set_wep(self, ssid, key):
-        self.set_defaults()
-        self.set("ssid", ssid)
-        self.set("wep_key0", key)
-
-    def enable(self):
-        if "OK" not in self.request("ENABLE"):
-            raise Exception("Failed to enable hostapd interface " + self.ifname)
-
-    def disable(self):
-        if "OK" not in self.request("DISABLE"):
-            raise Exception("Failed to disable hostapd interface " + self.ifname)
-
-    def dump_monitor(self):
-        while self.mon.pending():
-            ev = self.mon.recv()
-            logger.debug(self.dbg + ": " + ev)
-
-    def wait_event(self, events, timeout):
-        if not isinstance(events, list):
-            raise Exception("Hostapd.wait_event() called with incorrect events argument type")
-        start = os.times()[4]
-        while True:
-            while self.mon.pending():
-                ev = self.mon.recv()
-                logger.debug(self.dbg + ": " + ev)
-                for event in events:
-                    if event in ev:
-                        return ev
-            now = os.times()[4]
-            remaining = start + timeout - now
-            if remaining <= 0:
-                break
-            if not self.mon.pending(timeout=remaining):
-                break
-        return None
-
-    def wait_sta(self, addr=None, timeout=2):
-        ev = self.wait_event(["AP-STA-CONNECT"], timeout=timeout)
-        if ev is None:
-            raise Exception("AP did not report STA connection")
-        if addr and addr not in ev:
-            raise Exception("Unexpected STA address in connection event: " + ev)
-
-    def wait_ptkinitdone(self, addr, timeout=2):
-        while timeout > 0:
-            sta = self.get_sta(addr)
-            if 'hostapdWPAPTKState' not in sta:
-                raise Exception("GET_STA did not return hostapdWPAPTKState")
-            state = sta['hostapdWPAPTKState']
-            if state == "11":
-                return
-            time.sleep(0.1)
-            timeout -= 0.1
-        raise Exception("Timeout while waiting for PTKINITDONE")
-
-    def get_status(self):
-        res = self.request("STATUS")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            [name, value] = l.split('=', 1)
-            vals[name] = value
-        return vals
-
-    def get_status_field(self, field):
-        vals = self.get_status()
-        if field in vals:
-            return vals[field]
-        return None
-
-    def get_driver_status(self):
-        res = self.request("STATUS-DRIVER")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            [name, value] = l.split('=', 1)
-            vals[name] = value
-        return vals
-
-    def get_driver_status_field(self, field):
-        vals = self.get_driver_status()
-        if field in vals:
-            return vals[field]
-        return None
-
-    def get_config(self):
-        res = self.request("GET_CONFIG")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            [name, value] = l.split('=', 1)
-            vals[name] = value
-        return vals
-
-    def mgmt_rx(self, timeout=5):
-        ev = self.wait_event(["MGMT-RX"], timeout=timeout)
-        if ev is None:
-            return None
-        msg = {}
-        frame = binascii.unhexlify(ev.split(' ')[1])
-        msg['frame'] = frame
-
-        hdr = struct.unpack('<HH6B6B6BH', frame[0:24])
-        msg['fc'] = hdr[0]
-        msg['subtype'] = (hdr[0] >> 4) & 0xf
-        hdr = hdr[1:]
-        msg['duration'] = hdr[0]
-        hdr = hdr[1:]
-        msg['da'] = "%02x:%02x:%02x:%02x:%02x:%02x" % hdr[0:6]
-        hdr = hdr[6:]
-        msg['sa'] = "%02x:%02x:%02x:%02x:%02x:%02x" % hdr[0:6]
-        hdr = hdr[6:]
-        msg['bssid'] = "%02x:%02x:%02x:%02x:%02x:%02x" % hdr[0:6]
-        hdr = hdr[6:]
-        msg['seq_ctrl'] = hdr[0]
-        msg['payload'] = frame[24:]
-
-        return msg
-
-    def mgmt_tx(self, msg):
-        t = (msg['fc'], 0) + mac2tuple(msg['da']) + mac2tuple(msg['sa']) + mac2tuple(msg['bssid']) + (0,)
-        hdr = struct.pack('<HH6B6B6BH', *t)
-        res = self.request("MGMT_TX " + binascii.hexlify(hdr + msg['payload']).decode())
-        if "OK" not in res:
-            raise Exception("MGMT_TX command to hostapd failed")
-
-    def get_sta(self, addr, info=None, next=False):
-        cmd = "STA-NEXT " if next else "STA "
-        if addr is None:
-            res = self.request("STA-FIRST")
-        elif info:
-            res = self.request(cmd + addr + " " + info)
-        else:
-            res = self.request(cmd + addr)
-        lines = res.splitlines()
-        vals = dict()
-        first = True
-        for l in lines:
-            if first and '=' not in l:
-                vals['addr'] = l
-                first = False
-            else:
-                [name, value] = l.split('=', 1)
-                vals[name] = value
-        return vals
-
-    def get_mib(self, param=None):
-        if param:
-            res = self.request("MIB " + param)
-        else:
-            res = self.request("MIB")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            name_val = l.split('=', 1)
-            if len(name_val) > 1:
-                vals[name_val[0]] = name_val[1]
-        return vals
-
-    def get_pmksa(self, addr):
-        res = self.request("PMKSA")
-        lines = res.splitlines()
-        for l in lines:
-            if addr not in l:
-                continue
-            vals = dict()
-            [index, aa, pmkid, expiration, opportunistic] = l.split(' ')
-            vals['index'] = index
-            vals['pmkid'] = pmkid
-            vals['expiration'] = expiration
-            vals['opportunistic'] = opportunistic
-            return vals
-        return None
-
-    def dpp_qr_code(self, uri):
-        res = self.request("DPP_QR_CODE " + uri)
-        if "FAIL" in res:
-            raise Exception("Failed to parse QR Code URI")
-        return int(res)
-
-    def dpp_nfc_uri(self, uri):
-        res = self.request("DPP_NFC_URI " + uri)
-        if "FAIL" in res:
-            raise Exception("Failed to parse NFC URI")
-        return int(res)
-
-    def dpp_bootstrap_gen(self, type="qrcode", chan=None, mac=None, info=None,
-                          curve=None, key=None):
-        cmd = "DPP_BOOTSTRAP_GEN type=" + type
-        if chan:
-            cmd += " chan=" + chan
-        if mac:
-            if mac is True:
-                mac = self.own_addr()
-            cmd += " mac=" + mac.replace(':', '')
-        if info:
-            cmd += " info=" + info
-        if curve:
-            cmd += " curve=" + curve
-        if key:
-            cmd += " key=" + key
-        res = self.request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to generate bootstrapping info")
-        return int(res)
-
-    def dpp_bootstrap_set(self, id, conf=None, configurator=None, ssid=None,
-                          extra=None):
-        cmd = "DPP_BOOTSTRAP_SET %d" % id
-        if ssid:
-            cmd += " ssid=" + binascii.hexlify(ssid.encode()).decode()
-        if extra:
-            cmd += " " + extra
-        if conf:
-            cmd += " conf=" + conf
-        if configurator is not None:
-            cmd += " configurator=%d" % configurator
-        if "OK" not in self.request(cmd):
-            raise Exception("Failed to set bootstrapping parameters")
-
-    def dpp_listen(self, freq, netrole=None, qr=None, role=None):
-        cmd = "DPP_LISTEN " + str(freq)
-        if netrole:
-            cmd += " netrole=" + netrole
-        if qr:
-            cmd += " qr=" + qr
-        if role:
-            cmd += " role=" + role
-        if "OK" not in self.request(cmd):
-            raise Exception("Failed to start listen operation")
-
-    def dpp_auth_init(self, peer=None, uri=None, conf=None, configurator=None,
-                      extra=None, own=None, role=None, neg_freq=None,
-                      ssid=None, passphrase=None, expect_fail=False,
-                      conn_status=False, nfc_uri=None):
-        cmd = "DPP_AUTH_INIT"
-        if peer is None:
-            if nfc_uri:
-                peer = self.dpp_nfc_uri(nfc_uri)
-            else:
-                peer = self.dpp_qr_code(uri)
-        cmd += " peer=%d" % peer
-        if own is not None:
-            cmd += " own=%d" % own
-        if role:
-            cmd += " role=" + role
-        if extra:
-            cmd += " " + extra
-        if conf:
-            cmd += " conf=" + conf
-        if configurator is not None:
-            cmd += " configurator=%d" % configurator
-        if neg_freq:
-            cmd += " neg_freq=%d" % neg_freq
-        if ssid:
-            cmd += " ssid=" + binascii.hexlify(ssid.encode()).decode()
-        if passphrase:
-            cmd += " pass=" + binascii.hexlify(passphrase.encode()).decode()
-        if conn_status:
-            cmd += " conn_status=1"
-        res = self.request(cmd)
-        if expect_fail:
-            if "FAIL" not in res:
-                raise Exception("DPP authentication started unexpectedly")
-            return
-        if "OK" not in res:
-            raise Exception("Failed to initiate DPP Authentication")
-
-    def dpp_pkex_init(self, identifier, code, role=None, key=None, curve=None,
-                      extra=None, use_id=None, v2=False):
-        if use_id is None:
-            id1 = self.dpp_bootstrap_gen(type="pkex", key=key, curve=curve)
-        else:
-            id1 = use_id
-        cmd = "own=%d " % id1
-        if identifier:
-            cmd += "identifier=%s " % identifier
-        if v2:
-            cmd += "init=2 "
-        else:
-            cmd += "init=1 "
-        if role:
-            cmd += "role=%s " % role
-        if extra:
-            cmd += extra + " "
-        cmd += "code=%s" % code
-        res = self.request("DPP_PKEX_ADD " + cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to set PKEX data (initiator)")
-        return id1
-
-    def dpp_pkex_resp(self, freq, identifier, code, key=None, curve=None,
-                      listen_role=None):
-        id0 = self.dpp_bootstrap_gen(type="pkex", key=key, curve=curve)
-        cmd = "own=%d " % id0
-        if identifier:
-            cmd += "identifier=%s " % identifier
-        cmd += "code=%s" % code
-        res = self.request("DPP_PKEX_ADD " + cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to set PKEX data (responder)")
-        self.dpp_listen(freq, role=listen_role)
-
-    def dpp_configurator_add(self, curve=None, key=None):
-        cmd = "DPP_CONFIGURATOR_ADD"
-        if curve:
-            cmd += " curve=" + curve
-        if key:
-            cmd += " key=" + key
-        res = self.request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        return int(res)
-
-    def dpp_configurator_remove(self, conf_id):
-        res = self.request("DPP_CONFIGURATOR_REMOVE %d" % conf_id)
-        if "OK" not in res:
-            raise Exception("DPP_CONFIGURATOR_REMOVE failed")
-
-    def note(self, txt):
-        self.request("NOTE " + txt)
-
-    def send_file(self, src, dst):
-        self.host.send_file(src, dst)
-
-    def get_ptksa(self, bssid, cipher):
-        res = self.request("PTKSA_CACHE_LIST")
-        lines = res.splitlines()
-        for l in lines:
-            if bssid not in l or cipher not in l:
-                continue
-            vals = dict()
-            [index, addr, cipher, expiration, tk, kdk] = l.split(' ', 5)
-            vals['index'] = index
-            vals['addr'] = addr
-            vals['cipher'] = cipher
-            vals['expiration'] = expiration
-            vals['tk'] = tk
-            vals['kdk'] = kdk
-            return vals
-        return None
-
-def add_ap(apdev, params, wait_enabled=True, no_enable=False, timeout=30,
-           global_ctrl_override=None, driver=False):
-        if isinstance(apdev, dict):
-            ifname = apdev['ifname']
-            try:
-                hostname = apdev['hostname']
-                port = apdev['port']
-                logger.info("Starting AP " + hostname + "/" + port + " " + ifname)
-            except:
-                logger.info("Starting AP " + ifname)
-                hostname = None
-                port = 8878
-        else:
-            ifname = apdev
-            logger.info("Starting AP " + ifname + " (old add_ap argument type)")
-            hostname = None
-            port = 8878
-        hapd_global = HostapdGlobal(apdev,
-                                    global_ctrl_override=global_ctrl_override)
-        hapd_global.remove(ifname)
-        hapd_global.add(ifname, driver=driver)
-        port = hapd_global.get_ctrl_iface_port(ifname)
-        hapd = Hostapd(ifname, hostname=hostname, port=port)
-        if not hapd.ping():
-            raise Exception("Could not ping hostapd")
-        hapd.set_defaults()
-        fields = ["ssid", "wpa_passphrase", "nas_identifier", "wpa_key_mgmt",
-                  "wpa", "wpa_deny_ptk0_rekey",
-                  "wpa_pairwise", "rsn_pairwise", "auth_server_addr",
-                  "acct_server_addr", "osu_server_uri"]
-        for field in fields:
-            if field in params:
-                hapd.set(field, params[field])
-        for f, v in list(params.items()):
-            if f in fields:
-                continue
-            if isinstance(v, list):
-                for val in v:
-                    hapd.set(f, val)
-            else:
-                hapd.set(f, v)
-        if no_enable:
-            return hapd
-        hapd.enable()
-        if wait_enabled:
-            ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=timeout)
-            if ev is None:
-                raise Exception("AP startup timed out")
-            if "AP-ENABLED" not in ev:
-                raise Exception("AP startup failed")
-        return hapd
-
-def add_bss(apdev, ifname, confname, ignore_error=False):
-    phy = utils.get_phy(apdev)
-    try:
-        hostname = apdev['hostname']
-        port = apdev['port']
-        logger.info("Starting BSS " + hostname + "/" + port + " phy=" + phy + " ifname=" + ifname)
-    except:
-        logger.info("Starting BSS phy=" + phy + " ifname=" + ifname)
-        hostname = None
-        port = 8878
-    hapd_global = HostapdGlobal(apdev)
-    confname = cfg_file(apdev, confname, ifname)
-    hapd_global.send_file(confname, confname)
-    hapd_global.add_bss(phy, confname, ignore_error)
-    port = hapd_global.get_ctrl_iface_port(ifname)
-    hapd = Hostapd(ifname, hostname=hostname, port=port)
-    if not hapd.ping():
-        raise Exception("Could not ping hostapd")
-    return hapd
-
-def add_iface(apdev, confname):
-    ifname = apdev['ifname']
-    try:
-        hostname = apdev['hostname']
-        port = apdev['port']
-        logger.info("Starting interface " + hostname + "/" + port + " " + ifname)
-    except:
-        logger.info("Starting interface " + ifname)
-        hostname = None
-        port = 8878
-    hapd_global = HostapdGlobal(apdev)
-    confname = cfg_file(apdev, confname, ifname)
-    hapd_global.send_file(confname, confname)
-    hapd_global.add_iface(ifname, confname)
-    port = hapd_global.get_ctrl_iface_port(ifname)
-    hapd = Hostapd(ifname, hostname=hostname, port=port)
-    if not hapd.ping():
-        raise Exception("Could not ping hostapd")
-    return hapd
-
-def remove_bss(apdev, ifname=None):
-    if ifname == None:
-        ifname = apdev['ifname']
-    try:
-        hostname = apdev['hostname']
-        port = apdev['port']
-        logger.info("Removing BSS " + hostname + "/" + port + " " + ifname)
-    except:
-        logger.info("Removing BSS " + ifname)
-    hapd_global = HostapdGlobal(apdev)
-    hapd_global.remove(ifname)
-
-def terminate(apdev):
-    try:
-        hostname = apdev['hostname']
-        port = apdev['port']
-        logger.info("Terminating hostapd " + hostname + "/" + port)
-    except:
-        logger.info("Terminating hostapd")
-    hapd_global = HostapdGlobal(apdev)
-    hapd_global.terminate()
-
-def wpa2_params(ssid=None, passphrase=None, wpa_key_mgmt="WPA-PSK",
-                ieee80211w=None):
-    params = {"wpa": "2",
-              "wpa_key_mgmt": wpa_key_mgmt,
-              "rsn_pairwise": "CCMP"}
-    if ssid:
-        params["ssid"] = ssid
-    if passphrase:
-        params["wpa_passphrase"] = passphrase
-    if ieee80211w is not None:
-        params["ieee80211w"] = ieee80211w
-    return params
-
-def wpa_params(ssid=None, passphrase=None):
-    params = {"wpa": "1",
-              "wpa_key_mgmt": "WPA-PSK",
-              "wpa_pairwise": "TKIP"}
-    if ssid:
-        params["ssid"] = ssid
-    if passphrase:
-        params["wpa_passphrase"] = passphrase
-    return params
-
-def wpa_mixed_params(ssid=None, passphrase=None):
-    params = {"wpa": "3",
-              "wpa_key_mgmt": "WPA-PSK",
-              "wpa_pairwise": "TKIP",
-              "rsn_pairwise": "CCMP"}
-    if ssid:
-        params["ssid"] = ssid
-    if passphrase:
-        params["wpa_passphrase"] = passphrase
-    return params
-
-def radius_params():
-    params = {"auth_server_addr": "127.0.0.1",
-              "auth_server_port": "1812",
-              "auth_server_shared_secret": "radius",
-              "nas_identifier": "nas.w1.fi"}
-    return params
-
-def wpa_eap_params(ssid=None):
-    params = radius_params()
-    params["wpa"] = "1"
-    params["wpa_key_mgmt"] = "WPA-EAP"
-    params["wpa_pairwise"] = "TKIP"
-    params["ieee8021x"] = "1"
-    if ssid:
-        params["ssid"] = ssid
-    return params
-
-def wpa2_eap_params(ssid=None):
-    params = radius_params()
-    params["wpa"] = "2"
-    params["wpa_key_mgmt"] = "WPA-EAP"
-    params["rsn_pairwise"] = "CCMP"
-    params["ieee8021x"] = "1"
-    if ssid:
-        params["ssid"] = ssid
-    return params
-
-def b_only_params(channel="1", ssid=None, country=None):
-    params = {"hw_mode": "b",
-              "channel": channel}
-    if ssid:
-        params["ssid"] = ssid
-    if country:
-        params["country_code"] = country
-    return params
-
-def g_only_params(channel="1", ssid=None, country=None):
-    params = {"hw_mode": "g",
-              "channel": channel}
-    if ssid:
-        params["ssid"] = ssid
-    if country:
-        params["country_code"] = country
-    return params
-
-def a_only_params(channel="36", ssid=None, country=None):
-    params = {"hw_mode": "a",
-              "channel": channel}
-    if ssid:
-        params["ssid"] = ssid
-    if country:
-        params["country_code"] = country
-    return params
-
-def ht20_params(channel="1", ssid=None, country=None):
-    params = {"ieee80211n": "1",
-              "channel": channel,
-              "hw_mode": "g"}
-    if int(channel) > 14:
-        params["hw_mode"] = "a"
-    if ssid:
-        params["ssid"] = ssid
-    if country:
-        params["country_code"] = country
-    return params
-
-def ht40_plus_params(channel="1", ssid=None, country=None):
-    params = ht20_params(channel, ssid, country)
-    params['ht_capab'] = "[HT40+]"
-    return params
-
-def ht40_minus_params(channel="1", ssid=None, country=None):
-    params = ht20_params(channel, ssid, country)
-    params['ht_capab'] = "[HT40-]"
-    return params
-
-def cmd_execute(apdev, cmd, shell=False):
-    hapd_global = HostapdGlobal(apdev)
-    return hapd_global.cmd_execute(cmd, shell=shell)
-
-def send_file(apdev, src, dst):
-    hapd_global = HostapdGlobal(apdev)
-    return hapd_global.send_file(src, dst)
-
-def acl_file(dev, apdev, conf):
-    fd, filename = tempfile.mkstemp(dir='/tmp', prefix=conf + '-')
-    f = os.fdopen(fd, 'w')
-
-    if conf == 'hostapd.macaddr':
-        mac0 = dev[0].get_status_field("address")
-        f.write(mac0 + '\n')
-        f.write("02:00:00:00:00:12\n")
-        f.write("02:00:00:00:00:34\n")
-        f.write("-02:00:00:00:00:12\n")
-        f.write("-02:00:00:00:00:34\n")
-        f.write("01:01:01:01:01:01\n")
-        f.write("03:01:01:01:01:03\n")
-    elif conf == 'hostapd.accept':
-        mac0 = dev[0].get_status_field("address")
-        mac1 = dev[1].get_status_field("address")
-        f.write(mac0 + "    1\n")
-        f.write(mac1 + "    2\n")
-    elif conf == 'hostapd.accept2':
-        mac0 = dev[0].get_status_field("address")
-        mac1 = dev[1].get_status_field("address")
-        mac2 = dev[2].get_status_field("address")
-        f.write(mac0 + "    1\n")
-        f.write(mac1 + "    2\n")
-        f.write(mac2 + "    3\n")
-    else:
-        f.close()
-        os.unlink(filename)
-        return conf
-
-    return filename
-
-def bssid_inc(apdev, inc=1):
-    parts = apdev['bssid'].split(':')
-    parts[5] = '%02x' % (int(parts[5], 16) + int(inc))
-    bssid = '%s:%s:%s:%s:%s:%s' % (parts[0], parts[1], parts[2],
-                                   parts[3], parts[4], parts[5])
-    return bssid
-
-def cfg_file(apdev, conf, ifname=None):
-    match = re.search(r'^bss-.+', conf)
-    if match:
-        # put cfg file in /tmp directory
-        fd, fname = tempfile.mkstemp(dir='/tmp', prefix=conf + '-')
-        f = os.fdopen(fd, 'w')
-        idx = ''.join(filter(str.isdigit, conf.split('-')[-1]))
-        if ifname is None:
-            ifname = apdev['ifname']
-            if idx != '1':
-                ifname = ifname + '-' + idx
-
-        f.write("driver=nl80211\n")
-        f.write("ctrl_interface=/var/run/hostapd\n")
-        f.write("hw_mode=g\n")
-        f.write("channel=1\n")
-        f.write("ieee80211n=1\n")
-        if conf.startswith('bss-ht40-'):
-            f.write("ht_capab=[HT40+]\n")
-        f.write("interface=%s\n" % ifname)
-
-        f.write("ssid=bss-%s\n" % idx)
-        if conf == 'bss-2-dup.conf':
-            bssid = apdev['bssid']
-        else:
-            bssid = bssid_inc(apdev, int(idx) - 1)
-        f.write("bssid=%s\n" % bssid)
-
-        return fname
-
-    return conf
diff --git a/tests/hwsim/hostapd.vlan b/tests/hwsim/hostapd.vlan
deleted file mode 100644
index b0e905bf5afb..000000000000
--- a/tests/hwsim/hostapd.vlan
+++ /dev/null
@@ -1,2 +0,0 @@
-1	hwsimvlan1
-*	testvlan#
diff --git a/tests/hwsim/hostapd.vlan2 b/tests/hwsim/hostapd.vlan2
deleted file mode 100644
index 46bf6281ddf5..000000000000
--- a/tests/hwsim/hostapd.vlan2
+++ /dev/null
@@ -1,3 +0,0 @@
-1	hwsimvlan1
-3	hwsimvlan3	hwsimbr3
-*	testvlan#
diff --git a/tests/hwsim/hostapd.wlan3.vlan b/tests/hwsim/hostapd.wlan3.vlan
deleted file mode 100644
index 768fad7bd42b..000000000000
--- a/tests/hwsim/hostapd.wlan3.vlan
+++ /dev/null
@@ -1,2 +0,0 @@
-1	wlan3.1
-*	wlan3.#
diff --git a/tests/hwsim/hostapd.wlan4.vlan b/tests/hwsim/hostapd.wlan4.vlan
deleted file mode 100644
index 744e84fc3c65..000000000000
--- a/tests/hwsim/hostapd.wlan4.vlan
+++ /dev/null
@@ -1,2 +0,0 @@
-1	wlan4.1
-*	wlan4.#
diff --git a/tests/hwsim/hostapd.wpa_psk b/tests/hwsim/hostapd.wpa_psk
deleted file mode 100644
index 7644f894a27f..000000000000
--- a/tests/hwsim/hostapd.wpa_psk
+++ /dev/null
@@ -1,5 +0,0 @@
-00:00:00:00:00:00 secret passphrase
-02:00:00:00:00:00 very secret
-00:11:22:33:44:55 another passphrase
-00:22:33:44:55:66 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-00:00:00:00:00:00 another passphrase for all STAs
diff --git a/tests/hwsim/hwsim.py b/tests/hwsim/hwsim.py
deleted file mode 100644
index bc8aabdd49c2..000000000000
--- a/tests/hwsim/hwsim.py
+++ /dev/null
@@ -1,114 +0,0 @@
-#
-# HWSIM generic netlink controller code
-# Copyright (c) 2014	Intel Corporation
-#
-# Author: Johannes Berg <johannes.berg@intel.com>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import netlink, os
-
-# constants
-HWSIM_CMD_CREATE_RADIO = 4
-HWSIM_CMD_DESTROY_RADIO = 5
-
-HWSIM_ATTR_CHANNELS = 9
-HWSIM_ATTR_RADIO_ID = 10
-HWSIM_ATTR_SUPPORT_P2P_DEVICE = 14
-HWSIM_ATTR_USE_CHANCTX = 15
-
-# the controller class
-class HWSimController(object):
-    def __init__(self):
-        self._conn = netlink.Connection(netlink.NETLINK_GENERIC)
-        self._fid = netlink.genl_controller.get_family_id(b'MAC80211_HWSIM')
-
-    def create_radio(self, n_channels=None, use_chanctx=False,
-                     use_p2p_device=False):
-        attrs = []
-        if n_channels:
-            attrs.append(netlink.U32Attr(HWSIM_ATTR_CHANNELS, n_channels))
-        if use_chanctx:
-            attrs.append(netlink.FlagAttr(HWSIM_ATTR_USE_CHANCTX))
-        if use_p2p_device:
-            attrs.append(netlink.FlagAttr(HWSIM_ATTR_SUPPORT_P2P_DEVICE))
-
-        msg = netlink.GenlMessage(self._fid, HWSIM_CMD_CREATE_RADIO,
-                                  flags=netlink.NLM_F_REQUEST |
-                                        netlink.NLM_F_ACK,
-                                  attrs=attrs)
-        return msg.send_and_recv(self._conn).ret
-
-    def destroy_radio(self, radio_id):
-        attrs = [netlink.U32Attr(HWSIM_ATTR_RADIO_ID, radio_id)]
-        msg = netlink.GenlMessage(self._fid, HWSIM_CMD_DESTROY_RADIO,
-                                  flags=netlink.NLM_F_REQUEST |
-                                        netlink.NLM_F_ACK,
-                                  attrs=attrs)
-        msg.send_and_recv(self._conn)
-
-class HWSimRadio(object):
-    def __init__(self, n_channels=None, use_chanctx=False,
-                 use_p2p_device=False):
-        self._controller = HWSimController()
-        self._n_channels = n_channels
-        self._use_chanctx = use_chanctx
-        self._use_p2p_dev = use_p2p_device
-
-    def __enter__(self):
-        self._radio_id = self._controller.create_radio(
-              n_channels=self._n_channels,
-              use_chanctx=self._use_chanctx,
-              use_p2p_device=self._use_p2p_dev)
-        if self._radio_id < 0:
-            raise Exception("Failed to create radio (err:%d)" % self._radio_id)
-        try:
-            iface = os.listdir('/sys/class/mac80211_hwsim/hwsim%d/net/' % self._radio_id)[0]
-        except Exception as e:
-            self._controller.destroy_radio(self._radio_id)
-            raise e
-        return self._radio_id, iface
-
-    def __exit__(self, type, value, traceback):
-        self._controller.destroy_radio(self._radio_id)
-
-
-def create(args):
-    print('Created radio %d' % c.create_radio(n_channels=args.channels,
-                                              use_chanctx=args.chanctx))
-
-def destroy(args):
-    print(c.destroy_radio(args.radio))
-
-if __name__ == '__main__':
-    import argparse
-    c = HWSimController()
-
-    parser = argparse.ArgumentParser(description='send hwsim control commands')
-    subparsers = parser.add_subparsers(help="Commands", dest='command')
-    parser_create = subparsers.add_parser('create', help='create a radio')
-    parser_create.add_argument('--channels', metavar='<number_of_channels>', type=int,
-                               default=0,
-                               help='Number of concurrent channels supported ' +
-                               'by the radio. If not specified, the number ' +
-                               'of channels specified in the ' +
-                               'mac80211_hwsim.channels module parameter is ' +
-                               'used')
-    parser_create.add_argument('--chanctx', action="store_true",
-                               help='Use channel contexts, regardless of ' +
-                               'whether the number of channels is 1 or ' +
-                               'greater. By default channel contexts are ' +
-                               'only used if the number of channels is ' +
-                               'greater than 1.')
-    parser_create.set_defaults(func=create)
-
-    parser_destroy = subparsers.add_parser('destroy', help='destroy a radio')
-    parser_destroy.add_argument('radio', metavar='<radio>', type=int,
-                                default=0,
-                                help='The number of the radio to be ' +
-                                'destroyed (i.e., 0 for phy0, 1 for phy1...)')
-    parser_destroy.set_defaults(func=destroy)
-
-    args = parser.parse_args()
-    args.func(args)
diff --git a/tests/hwsim/hwsim_utils.py b/tests/hwsim/hwsim_utils.py
deleted file mode 100644
index eb312bf96b2b..000000000000
--- a/tests/hwsim/hwsim_utils.py
+++ /dev/null
@@ -1,246 +0,0 @@
-# hwsim testing utilities
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import time
-import logging
-logger = logging.getLogger()
-
-from wpasupplicant import WpaSupplicant
-
-def config_data_test(dev1, dev2, dev1group, dev2group, ifname1, ifname2):
-    cmd = "DATA_TEST_CONFIG 1"
-    if ifname1:
-        cmd = cmd + " ifname=" + ifname1
-    if dev1group:
-        res = dev1.group_request(cmd)
-    else:
-        res = dev1.request(cmd)
-    if "OK" not in res:
-        raise Exception("Failed to enable data test functionality")
-
-    cmd = "DATA_TEST_CONFIG 1"
-    if ifname2:
-        cmd = cmd + " ifname=" + ifname2
-    if dev2group:
-        res = dev2.group_request(cmd)
-    else:
-        res = dev2.request(cmd)
-    if "OK" not in res:
-        raise Exception("Failed to enable data test functionality")
-
-def run_multicast_connectivity_test(dev1, dev2, tos=None,
-                                    dev1group=False, dev2group=False,
-                                    ifname1=None, ifname2=None,
-                                    config=True, timeout=5,
-                                    send_len=None, multicast_to_unicast=False,
-                                    broadcast_retry_c=1):
-    addr1 = dev1.get_addr(dev1group)
-    addr2 = dev2.get_addr(dev2group)
-
-    if config:
-        config_data_test(dev1, dev2, dev1group, dev2group, ifname1, ifname2)
-
-    cmd = "DATA_TEST_TX ff:ff:ff:ff:ff:ff {} {}".format(addr1, tos)
-    if send_len is not None:
-        cmd += " len=" + str(send_len)
-    for i in range(broadcast_retry_c):
-        try:
-            if dev1group:
-                dev1.group_request(cmd)
-            else:
-                dev1.request(cmd)
-            if dev2group:
-                ev = dev2.wait_group_event(["DATA-TEST-RX"],
-                                           timeout=timeout)
-            else:
-                ev = dev2.wait_event(["DATA-TEST-RX"], timeout=timeout)
-            if ev is None:
-                raise Exception("dev1->dev2 broadcast data delivery failed")
-            if multicast_to_unicast:
-                if "DATA-TEST-RX ff:ff:ff:ff:ff:ff {}".format(addr1) in ev:
-                    raise Exception("Unexpected dev1->dev2 broadcast data result: multicast to unicast conversion missing")
-                if "DATA-TEST-RX {} {}".format(addr2, addr1) not in ev:
-                    raise Exception("Unexpected dev1->dev2 broadcast data result (multicast to unicast enabled)")
-            else:
-                if "DATA-TEST-RX ff:ff:ff:ff:ff:ff {}".format(addr1) not in ev:
-                    raise Exception("Unexpected dev1->dev2 broadcast data result")
-            if send_len is not None:
-                if " len=" + str(send_len) not in ev:
-                    raise Exception("Unexpected dev1->dev2 broadcast data length")
-            else:
-                if " len=" in ev:
-                    raise Exception("Unexpected dev1->dev2 broadcast data length")
-            break
-        except Exception as e:
-            if i == broadcast_retry_c - 1:
-                raise
-
-def run_connectivity_test(dev1, dev2, tos, dev1group=False, dev2group=False,
-                          ifname1=None, ifname2=None, config=True, timeout=5,
-                          multicast_to_unicast=False, broadcast=True,
-                          send_len=None):
-    addr1 = dev1.get_addr(dev1group)
-    addr2 = dev2.get_addr(dev2group)
-
-    dev1.dump_monitor()
-    dev2.dump_monitor()
-
-    if dev1.hostname is None and dev2.hostname is None:
-        broadcast_retry_c = 1
-    else:
-        broadcast_retry_c = 10
-
-    try:
-        if config:
-            config_data_test(dev1, dev2, dev1group, dev2group, ifname1, ifname2)
-
-        cmd = "DATA_TEST_TX {} {} {}".format(addr2, addr1, tos)
-        if send_len is not None:
-            cmd += " len=" + str(send_len)
-        if dev1group:
-            dev1.group_request(cmd)
-        else:
-            dev1.request(cmd)
-        if dev2group:
-            ev = dev2.wait_group_event(["DATA-TEST-RX"], timeout=timeout)
-        else:
-            ev = dev2.wait_event(["DATA-TEST-RX"], timeout=timeout)
-        if ev is None:
-            raise Exception("dev1->dev2 unicast data delivery failed")
-        if "DATA-TEST-RX {} {}".format(addr2, addr1) not in ev:
-            raise Exception("Unexpected dev1->dev2 unicast data result")
-        if send_len is not None:
-            if " len=" + str(send_len) not in ev:
-                raise Exception("Unexpected dev1->dev2 unicast data length")
-        else:
-            if " len=" in ev:
-                raise Exception("Unexpected dev1->dev2 unicast data length")
-
-        if broadcast:
-            run_multicast_connectivity_test(dev1, dev2, tos,
-                                            dev1group, dev2group,
-                                            ifname1, ifname2, False, timeout,
-                                            send_len, False, broadcast_retry_c)
-
-        cmd = "DATA_TEST_TX {} {} {}".format(addr1, addr2, tos)
-        if send_len is not None:
-            cmd += " len=" + str(send_len)
-        if dev2group:
-            dev2.group_request(cmd)
-        else:
-            dev2.request(cmd)
-        if dev1group:
-            ev = dev1.wait_group_event(["DATA-TEST-RX"], timeout=timeout)
-        else:
-            ev = dev1.wait_event(["DATA-TEST-RX"], timeout=timeout)
-        if ev is None:
-            raise Exception("dev2->dev1 unicast data delivery failed")
-        if "DATA-TEST-RX {} {}".format(addr1, addr2) not in ev:
-            raise Exception("Unexpected dev2->dev1 unicast data result")
-        if send_len is not None:
-            if " len=" + str(send_len) not in ev:
-                raise Exception("Unexpected dev2->dev1 unicast data length")
-        else:
-            if " len=" in ev:
-                raise Exception("Unexpected dev2->dev1 unicast data length")
-
-        if broadcast:
-            run_multicast_connectivity_test(dev2, dev1, tos,
-                                            dev2group, dev1group,
-                                            ifname2, ifname1, False, timeout,
-                                            send_len, multicast_to_unicast,
-                                            broadcast_retry_c)
-
-    finally:
-        if config:
-            if dev1group:
-                dev1.group_request("DATA_TEST_CONFIG 0")
-            else:
-                dev1.request("DATA_TEST_CONFIG 0")
-            if dev2group:
-                dev2.group_request("DATA_TEST_CONFIG 0")
-            else:
-                dev2.request("DATA_TEST_CONFIG 0")
-
-def test_connectivity(dev1, dev2, dscp=None, tos=None, max_tries=1,
-                      dev1group=False, dev2group=False,
-                      ifname1=None, ifname2=None, config=True, timeout=5,
-                      multicast_to_unicast=False, success_expected=True,
-                      broadcast=True, send_len=None):
-    if dscp:
-        tos = dscp << 2
-    if not tos:
-        tos = 0
-
-    success = False
-    last_err = None
-    for i in range(0, max_tries):
-        try:
-            run_connectivity_test(dev1, dev2, tos, dev1group, dev2group,
-                                  ifname1, ifname2, config=config,
-                                  timeout=timeout,
-                                  multicast_to_unicast=multicast_to_unicast,
-                                  broadcast=broadcast, send_len=send_len)
-            success = True
-            break
-        except Exception as e:
-            last_err = e
-            if i + 1 < max_tries:
-                time.sleep(1)
-    if success_expected and not success:
-        raise Exception(last_err)
-    if not success_expected and success:
-        raise Exception("Unexpected connectivity detected")
-
-def test_connectivity_iface(dev1, dev2, ifname, dscp=None, tos=None,
-                            max_tries=1, timeout=5):
-    test_connectivity(dev1, dev2, dscp, tos, ifname2=ifname,
-                      max_tries=max_tries, timeout=timeout)
-
-def test_connectivity_p2p(dev1, dev2, dscp=None, tos=None):
-    test_connectivity(dev1, dev2, dscp, tos, dev1group=True, dev2group=True)
-
-def test_connectivity_p2p_sta(dev1, dev2, dscp=None, tos=None):
-    test_connectivity(dev1, dev2, dscp, tos, dev1group=True, dev2group=False)
-
-def test_connectivity_sta(dev1, dev2, dscp=None, tos=None):
-    test_connectivity(dev1, dev2, dscp, tos)
-
-(PS_DISABLED, PS_ENABLED, PS_AUTO_POLL, PS_MANUAL_POLL) = list(range(4))
-
-def set_powersave(dev, val):
-    phy = dev.get_driver_status_field("phyname")
-    fname = '/sys/kernel/debug/ieee80211/%s/hwsim/ps' % phy
-    data = '%d' % val
-    (res, data) = dev.cmd_execute(["echo", data, ">", fname], shell=True)
-    if res != 0:
-        raise Exception("Failed to set power save for device")
-
-def set_group_map(dev, val):
-    phy = dev.get_driver_status_field("phyname")
-    fname = '/sys/kernel/debug/ieee80211/%s/hwsim/group' % phy
-    data = '%d' % val
-    (res, data) = dev.cmd_execute(["echo", data, ">", fname], shell=True)
-    if res != 0:
-        raise Exception("Failed to set group map for %s" % phy)
-
-def set_rx_rssi(dev, val):
-    """
-    Configure signal strength when receiving transmitted frames.
-    mac80211_hwsim driver sets rssi to: TX power - 50
-    According to that set tx_power in order to get the desired RSSI.
-    Valid RSSI range: -50 to -30.
-    """
-    tx_power = (val + 50) * 100
-    ifname = dev.get_driver_status_field("ifname")
-    (res, data) = dev.cmd_execute(['iw', ifname, 'set', 'txpower',
-                                   'fixed', str(tx_power)])
-    if res != 0:
-        raise Exception("Failed to set RSSI to %d" % val)
-
-def reset_rx_rssi(dev):
-    set_rx_rssi(dev, -30)
diff --git a/tests/hwsim/multi-bss-acs.conf b/tests/hwsim/multi-bss-acs.conf
deleted file mode 100644
index f5a25e82bb55..000000000000
--- a/tests/hwsim/multi-bss-acs.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-driver=nl80211
-
-hw_mode=g
-channel=0
-ieee80211n=1
-
-interface=wlan3
-ctrl_interface=/var/run/hostapd
-
-ssid=bss-1
-
-bss=wlan3-2
-bssid=02:00:00:00:03:01
-ctrl_interface=/var/run/hostapd
-ssid=bss-2
-wpa=2
-wpa_key_mgmt=WPA-PSK
-rsn_pairwise=CCMP
-wpa_passphrase=12345678
-
-bss=wlan3-3
-bssid=02:00:00:00:03:02
-ctrl_interface=/var/run/hostapd
-ssid=bss-3
-wpa=2
-wpa_key_mgmt=SAE
-rsn_pairwise=CCMP
-sae_password=qwertyuiop
diff --git a/tests/hwsim/multi-bss-iface-per_sta_vif.conf b/tests/hwsim/multi-bss-iface-per_sta_vif.conf
deleted file mode 100644
index 874cb0771c81..000000000000
--- a/tests/hwsim/multi-bss-iface-per_sta_vif.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-driver=nl80211
-
-hw_mode=g
-channel=1
-ieee80211n=1
-
-interface=wlan3
-ctrl_interface=/var/run/hostapd
-
-ssid=bss-1
-dynamic_vlan=1
-vlan_tagged_interface=stub0
-vlan_bridge=brvlan
-wpa=2
-wpa_key_mgmt=WPA-EAP
-rsn_pairwise=CCMP
-ieee8021x=1
-auth_server_addr=127.0.0.1
-auth_server_port=18128
-auth_server_shared_secret=radius
-nas_identifier=nas.w1.fi
-vlan_naming=1
-per_sta_vif=1
-
-bss=wlan3-2
-bssid=02:00:00:00:03:01
-ctrl_interface=/var/run/hostapd
-ssid=bss-2
-
-dynamic_vlan=1
-vlan_tagged_interface=stub0
-vlan_bridge=brvlan
-wpa=2
-wpa_key_mgmt=WPA-EAP
-rsn_pairwise=CCMP
-ieee8021x=1
-auth_server_addr=127.0.0.1
-auth_server_port=18128
-auth_server_shared_secret=radius
-nas_identifier=nas.w1.fi
-vlan_naming=1
-per_sta_vif=1
diff --git a/tests/hwsim/multi-bss-iface.conf b/tests/hwsim/multi-bss-iface.conf
deleted file mode 100644
index 5370352c920e..000000000000
--- a/tests/hwsim/multi-bss-iface.conf
+++ /dev/null
@@ -1,40 +0,0 @@
-driver=nl80211
-
-hw_mode=g
-channel=1
-ieee80211n=1
-
-interface=wlan3
-ctrl_interface=/var/run/hostapd
-
-ssid=bss-1
-dynamic_vlan=1
-vlan_tagged_interface=stub0
-vlan_bridge=brvlan
-wpa=2
-wpa_key_mgmt=WPA-EAP
-rsn_pairwise=CCMP
-ieee8021x=1
-auth_server_addr=127.0.0.1
-auth_server_port=18128
-auth_server_shared_secret=radius
-nas_identifier=nas.w1.fi
-vlan_naming=1
-
-bss=wlan3-2
-bssid=02:00:00:00:03:01
-ctrl_interface=/var/run/hostapd
-ssid=bss-2
-
-dynamic_vlan=1
-vlan_tagged_interface=stub0
-vlan_bridge=brvlan
-wpa=2
-wpa_key_mgmt=WPA-EAP
-rsn_pairwise=CCMP
-ieee8021x=1
-auth_server_addr=127.0.0.1
-auth_server_port=18128
-auth_server_shared_secret=radius
-nas_identifier=nas.w1.fi
-vlan_naming=1
diff --git a/tests/hwsim/multi-bss.conf b/tests/hwsim/multi-bss.conf
deleted file mode 100644
index 64584b64b2ed..000000000000
--- a/tests/hwsim/multi-bss.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-driver=nl80211
-
-hw_mode=g
-channel=1
-ieee80211n=1
-
-interface=wlan3
-ctrl_interface=/var/run/hostapd
-
-ssid=bss-1
-
-
-bss=wlan3-2
-bssid=02:00:00:00:03:01
-ctrl_interface=/var/run/hostapd
-ssid=bss-2
-
-bss=wlan3-3
-bssid=02:00:00:00:03:02
-ctrl_interface=/var/run/hostapd
-ssid=bss-3
diff --git a/tests/hwsim/netlink.py b/tests/hwsim/netlink.py
deleted file mode 100644
index 7e6327a7b775..000000000000
--- a/tests/hwsim/netlink.py
+++ /dev/null
@@ -1,237 +0,0 @@
-#
-# (Generic) Netlink message generation/parsing
-# Copyright (c) 2007	Johannes Berg <johannes@sipsolutions.net>
-# Copyright (c) 2014	Intel Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import struct, socket
-
-# flags
-NLM_F_REQUEST = 1
-NLM_F_MULTI = 2
-NLM_F_ACK = 4
-NLM_F_ECHO = 8
-
-# types
-NLMSG_NOOP	= 1
-NLMSG_ERROR	= 2
-NLMSG_DONE	= 3
-NLMSG_OVERRUN	= 4
-NLMSG_MIN_TYPE	= 0x10
-
-class Attr(object):
-    def __init__(self, attr_type, data, *values):
-        self._type = attr_type
-        if len(values):
-            self._data = struct.pack(data, *values)
-        else:
-            self._data = data
-
-    def _dump(self):
-        hdr = struct.pack("HH", len(self._data) + 4, self._type)
-        length = len(self._data)
-        pad = ((length + 4 - 1) & ~3) - length
-        return hdr + self._data + b'\x00' * pad
-
-    def __repr__(self):
-        return '<Attr type %d, data "%s">' % (self._type, repr(self._data))
-
-    def u16(self):
-        return struct.unpack('H', self._data)[0]
-    def s16(self):
-        return struct.unpack('h', self._data)[0]
-    def u32(self):
-        return struct.unpack('I', self._data)[0]
-    def s32(self):
-        return struct.unpack('i', self._data)[0]
-    def str(self):
-        return self._data
-    def nulstr(self):
-        return self._data.split('\0')[0]
-    def nested(self):
-        return parse_attributes(self._data)
-
-class StrAttr(Attr):
-    def __init__(self, attr_type, data):
-        Attr.__init__(self, attr_type, "%ds" % len(data), data)
-
-class NulStrAttr(Attr):
-    def __init__(self, attr_type, data):
-        Attr.__init__(self, attr_type, "%dsB" % len(data), data, 0)
-
-class U32Attr(Attr):
-    def __init__(self, attr_type, val):
-        Attr.__init__(self, attr_type, "I", val)
-
-class U8Attr(Attr):
-    def __init__(self, attr_type, val):
-        Attr.__init__(self, attr_type, "B", val)
-
-class FlagAttr(Attr):
-    def __init__(self, attr_type):
-        Attr.__init__(self, attr_type, b"")
-
-class Nested(Attr):
-    def __init__(self, attr_type, attrs):
-        self.attrs = attrs
-        self.type = attr_type
-
-    def _dump(self):
-        contents = []
-        for attr in self.attrs:
-            contents.append(attr._dump())
-        contents = ''.join(contents)
-        length = len(contents)
-        hdr = struct.pack("HH", length+4, self.type)
-        return hdr + contents
-
-NETLINK_ROUTE = 0
-NETLINK_UNUSED = 1
-NETLINK_USERSOCK = 2
-NETLINK_FIREWALL = 3
-NETLINK_INET_DIAG = 4
-NETLINK_NFLOG = 5
-NETLINK_XFRM = 6
-NETLINK_SELINUX = 7
-NETLINK_ISCSI = 8
-NETLINK_AUDIT = 9
-NETLINK_FIB_LOOKUP = 10
-NETLINK_CONNECTOR = 11
-NETLINK_NETFILTER = 12
-NETLINK_IP6_FW = 13
-NETLINK_DNRTMSG = 14
-NETLINK_KOBJECT_UEVENT = 15
-NETLINK_GENERIC = 16
-
-class Message(object):
-    def __init__(self, msg_type, flags=0, seq=-1, payload=None):
-        self.type = msg_type
-        self.flags = flags
-        self.seq = seq
-        self.pid = -1
-        payload = payload or []
-        if isinstance(payload, list):
-            self.payload = bytes()
-            for attr in payload:
-                self.payload += attr._dump()
-        else:
-            self.payload = payload
-
-    def send(self, conn):
-        if self.seq == -1:
-            self.seq = conn.seq()
-
-        self.pid = conn.pid
-        length = len(self.payload)
-
-        hdr = struct.pack("IHHII", length + 4*4, self.type,
-                          self.flags, self.seq, self.pid)
-        conn.send(hdr + self.payload)
-
-    def __repr__(self):
-        return '<netlink.Message type=%d, pid=%d, seq=%d, flags=0x%x "%s">' % (
-            self.type, self.pid, self.seq, self.flags, repr(self.payload))
-
-    @property
-    def ret(self):
-        assert self.type == NLMSG_ERROR
-        return struct.unpack("i", self.payload[:4])[0]
-
-    def send_and_recv(self, conn):
-        self.send(conn)
-        while True:
-            m = conn.recv()
-            if m.seq == self.seq:
-                return m
-
-class Connection(object):
-    def __init__(self, nltype, groups=0, unexpected_msg_handler=None):
-        self.descriptor = socket.socket(socket.AF_NETLINK,
-                                        socket.SOCK_RAW, nltype)
-        self.descriptor.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 65536)
-        self.descriptor.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 65536)
-        self.descriptor.bind((0, groups))
-        self.pid, self.groups = self.descriptor.getsockname()
-        self._seq = 0
-        self.unexpected = unexpected_msg_handler
-    def send(self, msg):
-        self.descriptor.send(msg)
-    def recv(self):
-        contents = self.descriptor.recv(16384)
-        # XXX: python doesn't give us message flags, check
-        #      len(contents) vs. msglen for TRUNC
-        msglen, msg_type, flags, seq, pid = struct.unpack("IHHII",
-                                                          contents[:16])
-        msg = Message(msg_type, flags, seq, contents[16:])
-        msg.pid = pid
-        if msg.type == NLMSG_ERROR:
-            import os
-            errno = msg.ret
-            if errno < 0:
-                err = OSError("Netlink error: %s (%d)" % (
-                    os.strerror(-errno), -errno))
-                err.errno = -errno
-                raise err
-        return msg
-    def seq(self):
-        self._seq += 1
-        return self._seq
-
-def parse_attributes(data):
-    attrs = {}
-    while len(data):
-        attr_len, attr_type = struct.unpack("HH", data[:4])
-        attrs[attr_type] = Attr(attr_type, data[4:attr_len])
-        attr_len = ((attr_len + 4 - 1) & ~3)
-        data = data[attr_len:]
-    return attrs
-
-
-
-CTRL_CMD_UNSPEC = 0
-CTRL_CMD_NEWFAMILY = 1
-CTRL_CMD_DELFAMILY = 2
-CTRL_CMD_GETFAMILY = 3
-CTRL_CMD_NEWOPS = 4
-CTRL_CMD_DELOPS = 5
-CTRL_CMD_GETOPS = 6
-
-CTRL_ATTR_UNSPEC = 0
-CTRL_ATTR_FAMILY_ID = 1
-CTRL_ATTR_FAMILY_NAME = 2
-CTRL_ATTR_VERSION = 3
-CTRL_ATTR_HDRSIZE = 4
-CTRL_ATTR_MAXATTR = 5
-CTRL_ATTR_OPS = 6
-
-class GenlHdr(object):
-    def __init__(self, cmd, version=0):
-        self.cmd = cmd
-        self.version = version
-    def _dump(self):
-        return struct.pack("BBxx", self.cmd, self.version)
-
-def _genl_hdr_parse(data):
-    return GenlHdr(*struct.unpack("BBxx", data))
-
-GENL_ID_CTRL = NLMSG_MIN_TYPE
-
-class GenlMessage(Message):
-    def __init__(self, family, cmd, attrs=[], flags=0):
-        Message.__init__(self, family, flags=flags, payload=[GenlHdr(cmd)] + attrs)
-
-class GenlController(object):
-    def __init__(self, conn):
-        self.conn = conn
-    def get_family_id(self, family):
-        a = NulStrAttr(CTRL_ATTR_FAMILY_NAME, family)
-        m = GenlMessage(GENL_ID_CTRL, CTRL_CMD_GETFAMILY, flags=NLM_F_REQUEST, attrs=[a])
-        m.send(self.conn)
-        m = self.conn.recv()
-        gh = _genl_hdr_parse(m.payload[:4])
-        attrs = parse_attributes(m.payload[4:])
-        return attrs[CTRL_ATTR_FAMILY_ID].u16()
-
-genl_controller = GenlController(Connection(NETLINK_GENERIC))
diff --git a/tests/hwsim/nl80211.py b/tests/hwsim/nl80211.py
deleted file mode 100644
index 55642c022b38..000000000000
--- a/tests/hwsim/nl80211.py
+++ /dev/null
@@ -1,357 +0,0 @@
-# nl80211 definitions
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import struct
-
-nl80211_cmd = {
-    'GET_WIPHY': 1,
-    'SET_WIPHY': 2,
-    'NEW_WIPHY': 3,
-    'DEL_WIPHY': 4,
-    'GET_INTERFACE': 5,
-    'SET_INTERFACE': 6,
-    'NEW_INTERFACE': 7,
-    'DEL_INTERFACE': 8,
-    'GET_KEY': 9,
-    'SET_KEY': 10,
-    'NEW_KEY': 11,
-    'DEL_KEY': 12,
-    'GET_BEACON': 13,
-    'SET_BEACON': 14,
-    'START_AP': 15,
-    'STOP_AP': 16,
-    'GET_STATION': 17,
-    'SET_STATION': 18,
-    'NEW_STATION': 19,
-    'DEL_STATION': 20,
-    'GET_MPATH': 21,
-    'SET_MPATH': 22,
-    'NEW_MPATH': 23,
-    'DEL_MPATH': 24,
-    'SET_BSS': 25,
-    'SET_REG': 26,
-    'REQ_SET_REG': 27,
-    'GET_MESH_CONFIG': 28,
-    'SET_MESH_CONFIG': 29,
-    'SET_MGMT_EXTRA_IE[RESERVED]': 30,
-    'GET_REG': 31,
-    'GET_SCAN': 32,
-    'TRIGGER_SCAN': 33,
-    'NEW_SCAN_RESULTS': 34,
-    'SCAN_ABORTED': 35,
-    'REG_CHANGE': 36,
-    'AUTHENTICATE': 37,
-    'ASSOCIATE': 38,
-    'DEAUTHENTICATE': 39,
-    'DISASSOCIATE': 40,
-    'MICHAEL_MIC_FAILURE': 41,
-    'REG_BEACON_HINT': 42,
-    'JOIN_IBSS': 43,
-    'LEAVE_IBSS': 44,
-    'TESTMODE': 45,
-    'CONNECT': 46,
-    'ROAM': 47,
-    'DISCONNECT': 48,
-    'SET_WIPHY_NETNS': 49,
-    'GET_SURVEY': 50,
-    'NEW_SURVEY_RESULTS': 51,
-    'SET_PMKSA': 52,
-    'DEL_PMKSA': 53,
-    'FLUSH_PMKSA': 54,
-    'REMAIN_ON_CHANNEL': 55,
-    'CANCEL_REMAIN_ON_CHANNEL': 56,
-    'SET_TX_BITRATE_MASK': 57,
-    'REGISTER_FRAME': 58,
-    'FRAME': 59,
-    'FRAME_TX_STATUS': 60,
-    'SET_POWER_SAVE': 61,
-    'GET_POWER_SAVE': 62,
-    'SET_CQM': 63,
-    'NOTIFY_CQM': 64,
-    'SET_CHANNEL': 65,
-    'SET_WDS_PEER': 66,
-    'FRAME_WAIT_CANCEL': 67,
-    'JOIN_MESH': 68,
-    'LEAVE_MESH': 69,
-    'UNPROT_DEAUTHENTICATE': 70,
-    'UNPROT_DISASSOCIATE': 71,
-    'NEW_PEER_CANDIDATE': 72,
-    'GET_WOWLAN': 73,
-    'SET_WOWLAN': 74,
-    'START_SCHED_SCAN': 75,
-    'STOP_SCHED_SCAN': 76,
-    'SCHED_SCAN_RESULTS': 77,
-    'SCHED_SCAN_STOPPED': 78,
-    'SET_REKEY_OFFLOAD': 79,
-    'PMKSA_CANDIDATE': 80,
-    'TDLS_OPER': 81,
-    'TDLS_MGMT': 82,
-    'UNEXPECTED_FRAME': 83,
-    'PROBE_CLIENT': 84,
-    'REGISTER_BEACONS': 85,
-    'UNEXPECTED_4ADDR_FRAME': 86,
-    'SET_NOACK_MAP': 87,
-    'CH_SWITCH_NOTIFY': 88,
-    'START_P2P_DEVICE': 89,
-    'STOP_P2P_DEVICE': 90,
-    'CONN_FAILED': 91,
-    'SET_MCAST_RATE': 92,
-    'SET_MAC_ACL': 93,
-    'RADAR_DETECT': 94,
-    'GET_PROTOCOL_FEATURES': 95,
-    'UPDATE_FT_IES': 96,
-    'FT_EVENT': 97,
-    'CRIT_PROTOCOL_START': 98,
-    'CRIT_PROTOCOL_STOP': 99,
-    'GET_COALESCE': 100,
-    'SET_COALESCE': 101,
-    'CHANNEL_SWITCH': 102,
-    'VENDOR': 103,
-    'SET_QOS_MAP': 104,
-}
-
-nl80211_attr = {
-    'WIPHY': 1,
-    'WIPHY_NAME': 2,
-    'IFINDEX': 3,
-    'IFNAME': 4,
-    'IFTYPE': 5,
-    'MAC': 6,
-    'KEY_DATA': 7,
-    'KEY_IDX': 8,
-    'KEY_CIPHER': 9,
-    'KEY_SEQ': 10,
-    'KEY_DEFAULT': 11,
-    'BEACON_INTERVAL': 12,
-    'DTIM_PERIOD': 13,
-    'BEACON_HEAD': 14,
-    'BEACON_TAIL': 15,
-    'STA_AID': 16,
-    'STA_FLAGS': 17,
-    'STA_LISTEN_INTERVAL': 18,
-    'STA_SUPPORTED_RATES': 19,
-    'STA_VLAN': 20,
-    'STA_INFO': 21,
-    'WIPHY_BANDS': 22,
-    'MNTR_FLAGS': 23,
-    'MESH_ID': 24,
-    'STA_PLINK_ACTION': 25,
-    'MPATH_NEXT_HOP': 26,
-    'MPATH_INFO': 27,
-    'BSS_CTS_PROT': 28,
-    'BSS_SHORT_PREAMBLE': 29,
-    'BSS_SHORT_SLOT_TIME': 30,
-    'HT_CAPABILITY': 31,
-    'SUPPORTED_IFTYPES': 32,
-    'REG_ALPHA2': 33,
-    'REG_RULES': 34,
-    'MESH_CONFIG': 35,
-    'BSS_BASIC_RATES': 36,
-    'WIPHY_TXQ_PARAMS': 37,
-    'WIPHY_FREQ': 38,
-    'WIPHY_CHANNEL_TYPE': 39,
-    'KEY_DEFAULT_MGMT': 40,
-    'MGMT_SUBTYPE': 41,
-    'IE': 42,
-    'MAX_NUM_SCAN_SSIDS': 43,
-    'SCAN_FREQUENCIES': 44,
-    'SCAN_SSIDS': 45,
-    'GENERATION': 46,
-    'BSS': 47,
-    'REG_INITIATOR': 48,
-    'REG_TYPE': 49,
-    'SUPPORTED_COMMANDS': 50,
-    'FRAME': 51,
-    'SSID': 52,
-    'AUTH_TYPE': 53,
-    'REASON_CODE': 54,
-    'KEY_TYPE': 55,
-    'MAX_SCAN_IE_LEN': 56,
-    'CIPHER_SUITES': 57,
-    'FREQ_BEFORE': 58,
-    'FREQ_AFTER': 59,
-    'FREQ_FIXED': 60,
-    'WIPHY_RETRY_SHORT': 61,
-    'WIPHY_RETRY_LONG': 62,
-    'WIPHY_FRAG_THRESHOLD': 63,
-    'WIPHY_RTS_THRESHOLD': 64,
-    'TIMED_OUT': 65,
-    'USE_MFP': 66,
-    'STA_FLAGS2': 67,
-    'CONTROL_PORT': 68,
-    'TESTDATA': 69,
-    'PRIVACY': 70,
-    'DISCONNECTED_BY_AP': 71,
-    'STATUS_CODE': 72,
-    'CIPHER_SUITES_PAIRWISE': 73,
-    'CIPHER_SUITE_GROUP': 74,
-    'WPA_VERSIONS': 75,
-    'AKM_SUITES': 76,
-    'REQ_IE': 77,
-    'RESP_IE': 78,
-    'PREV_BSSID': 79,
-    'KEY': 80,
-    'KEYS': 81,
-    'PID': 82,
-    '4ADDR': 83,
-    'SURVEY_INFO': 84,
-    'PMKID': 85,
-    'MAX_NUM_PMKIDS': 86,
-    'DURATION': 87,
-    'COOKIE': 88,
-    'WIPHY_COVERAGE_CLASS': 89,
-    'TX_RATES': 90,
-    'FRAME_MATCH': 91,
-    'ACK': 92,
-    'PS_STATE': 93,
-    'CQM': 94,
-    'LOCAL_STATE_CHANGE': 95,
-    'AP_ISOLATE': 96,
-    'WIPHY_TX_POWER_SETTING': 97,
-    'WIPHY_TX_POWER_LEVEL': 98,
-    'TX_FRAME_TYPES': 99,
-    'RX_FRAME_TYPES': 100,
-    'FRAME_TYPE': 101,
-    'CONTROL_PORT_ETHERTYPE': 102,
-    'CONTROL_PORT_NO_ENCRYPT': 103,
-    'SUPPORT_IBSS_RSN': 104,
-    'WIPHY_ANTENNA_TX': 105,
-    'WIPHY_ANTENNA_RX': 106,
-    'MCAST_RATE': 107,
-    'OFFCHANNEL_TX_OK': 108,
-    'BSS_HT_OPMODE': 109,
-    'KEY_DEFAULT_TYPES': 110,
-    'MAX_REMAIN_ON_CHANNEL_DURATION': 111,
-    'MESH_SETUP': 112,
-    'WIPHY_ANTENNA_AVAIL_TX': 113,
-    'WIPHY_ANTENNA_AVAIL_RX': 114,
-    'SUPPORT_MESH_AUTH': 115,
-    'STA_PLINK_STATE': 116,
-    'WOWLAN_TRIGGERS': 117,
-    'WOWLAN_TRIGGERS_SUPPORTED': 118,
-    'SCHED_SCAN_INTERVAL': 119,
-    'INTERFACE_COMBINATIONS': 120,
-    'SOFTWARE_IFTYPES': 121,
-    'REKEY_DATA': 122,
-    'MAX_NUM_SCHED_SCAN_SSIDS': 123,
-    'MAX_SCHED_SCAN_IE_LEN': 124,
-    'SCAN_SUPP_RATES': 125,
-    'HIDDEN_SSID': 126,
-    'IE_PROBE_RESP': 127,
-    'IE_ASSOC_RESP': 128,
-    'STA_WME': 129,
-    'SUPPORT_AP_UAPSD': 130,
-    'ROAM_SUPPORT': 131,
-    'SCHED_SCAN_MATCH': 132,
-    'MAX_MATCH_SETS': 133,
-    'PMKSA_CANDIDATE': 134,
-    'TX_NO_CCK_RATE': 135,
-    'TDLS_ACTION': 136,
-    'TDLS_DIALOG_TOKEN': 137,
-    'TDLS_OPERATION': 138,
-    'TDLS_SUPPORT': 139,
-    'TDLS_EXTERNAL_SETUP': 140,
-    'DEVICE_AP_SME': 141,
-    'DONT_WAIT_FOR_ACK': 142,
-    'FEATURE_FLAGS': 143,
-    'PROBE_RESP_OFFLOAD': 144,
-    'PROBE_RESP': 145,
-    'DFS_REGION': 146,
-    'DISABLE_HT': 147,
-    'HT_CAPABILITY_MASK': 148,
-    'NOACK_MAP': 149,
-    'INACTIVITY_TIMEOUT': 150,
-    'RX_SIGNAL_DBM': 151,
-    'BG_SCAN_PERIOD': 152,
-    'WDEV': 153,
-    'USER_REG_HINT_TYPE': 154,
-    'CONN_FAILED_REASON': 155,
-    'SAE_DATA': 156,
-    'VHT_CAPABILITY': 157,
-    'SCAN_FLAGS': 158,
-    'CHANNEL_WIDTH': 159,
-    'CENTER_FREQ1': 160,
-    'CENTER_FREQ2': 161,
-    'P2P_CTWINDOW': 162,
-    'P2P_OPPPS': 163,
-    'LOCAL_MESH_POWER_MODE': 164,
-    'ACL_POLICY': 165,
-    'MAC_ADDRS': 166,
-    'MAC_ACL_MAX': 167,
-    'RADAR_EVENT': 168,
-    'EXT_CAPA': 169,
-    'EXT_CAPA_MASK': 170,
-    'STA_CAPABILITY': 171,
-    'STA_EXT_CAPABILITY': 172,
-    'PROTOCOL_FEATURES': 173,
-    'SPLIT_WIPHY_DUMP': 174,
-    'DISABLE_VHT': 175,
-    'VHT_CAPABILITY_MASK': 176,
-    'MDID': 177,
-    'IE_RIC': 178,
-    'CRIT_PROT_ID': 179,
-    'MAX_CRIT_PROT_DURATION': 180,
-    'PEER_AID': 181,
-    'COALESCE_RULE': 182,
-    'CH_SWITCH_COUNT': 183,
-    'CH_SWITCH_BLOCK_TX': 184,
-    'CSA_IES': 185,
-    'CSA_C_OFF_BEACON': 186,
-    'CSA_C_OFF_PRESP': 187,
-    'RXMGMT_FLAGS': 188,
-    'STA_SUPPORTED_CHANNELS': 189,
-    'STA_SUPPORTED_OPER_CLASSES': 190,
-    'HANDLE_DFS': 191,
-    'SUPPORT_5_MHZ': 192,
-    'SUPPORT_10_MHZ': 193,
-    'OPMODE_NOTIF': 194,
-    'VENDOR_ID': 195,
-    'VENDOR_SUBCMD': 196,
-    'VENDOR_DATA': 197,
-    'VENDOR_EVENTS': 198,
-    'QOS_MAP': 199,
-    'MAC_HINT': 200,
-    'WIPHY_FREQ_HINT': 201,
-    'MAX_AP_ASSOC_STA': 202,
-}
-
-def build_nl80211_attr(id, val):
-    attr = struct.pack("@HH", 4 + len(val), nl80211_attr[id]) + val
-    if len(attr) % 4 != 0:
-        attr += b'\x00' * (4 - (len(attr) % 4))
-    return attr
-
-def build_nl80211_attr_u32(id, val):
-    return build_nl80211_attr(id, struct.pack("@I", val))
-
-def build_nl80211_attr_u16(id, val):
-    return build_nl80211_attr(id, struct.pack("@H", val))
-
-def build_nl80211_attr_u8(id, val):
-    return build_nl80211_attr(id, struct.pack("@B", val))
-
-def build_nl80211_attr_flag(id):
-    return build_nl80211_attr(id, b'')
-
-def build_nl80211_attr_mac(id, val):
-    addr = struct.unpack('6B', binascii.unhexlify(val.replace(':', '')))
-    aval = struct.pack('<6B', *addr)
-    return build_nl80211_attr(id, aval)
-
-def parse_nl80211_attrs(msg):
-    attrs = {}
-    while len(msg) >= 4:
-        alen, attr = struct.unpack("@HH", msg[0:4])
-        if alen < 4:
-            raise Exception("Too short nl80211 attribute")
-        alen -= 4
-        msg = msg[4:]
-        if alen > len(msg):
-            raise Exception("nl80211 attribute underflow")
-        attrs[attr] = msg[0:alen]
-        msg = msg[alen:]
-    return attrs
diff --git a/tests/hwsim/owe-bss-1.conf b/tests/hwsim/owe-bss-1.conf
deleted file mode 100644
index 40cadc992da8..000000000000
--- a/tests/hwsim/owe-bss-1.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-driver=nl80211
-
-hw_mode=g
-channel=1
-ieee80211n=1
-
-interface=wlan3
-bssid=02:00:00:00:03:00
-ctrl_interface=/var/run/hostapd
-
-ssid=transition-mode-open
-owe_transition_ifname=wlan3-2
diff --git a/tests/hwsim/owe-bss-2.conf b/tests/hwsim/owe-bss-2.conf
deleted file mode 100644
index 8a5415e9fd01..000000000000
--- a/tests/hwsim/owe-bss-2.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-driver=nl80211
-
-hw_mode=g
-channel=1
-ieee80211n=1
-
-interface=wlan3-2
-bssid=02:00:00:00:03:01
-ctrl_interface=/var/run/hostapd
-
-ssid=transition-mode-owe
-wpa=2
-wpa_key_mgmt=OWE
-rsn_pairwise=CCMP
-owe_transition_ifname=wlan3
-ignore_broadcast_ssid=1
diff --git a/tests/hwsim/p2p0.conf b/tests/hwsim/p2p0.conf
deleted file mode 100644
index 9482bdca4dc3..000000000000
--- a/tests/hwsim/p2p0.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=admin
-device_name=Device A
-p2p_no_group_iface=1
diff --git a/tests/hwsim/p2p1.conf b/tests/hwsim/p2p1.conf
deleted file mode 100644
index 3622b152366e..000000000000
--- a/tests/hwsim/p2p1.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=admin
-device_name=Device B
-p2p_no_group_iface=1
diff --git a/tests/hwsim/p2p2.conf b/tests/hwsim/p2p2.conf
deleted file mode 100644
index eda52e13bbf9..000000000000
--- a/tests/hwsim/p2p2.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=admin
-device_name=Device C
-p2p_no_group_iface=1
diff --git a/tests/hwsim/p2p_utils.py b/tests/hwsim/p2p_utils.py
deleted file mode 100644
index bfd8e2e44eaa..000000000000
--- a/tests/hwsim/p2p_utils.py
+++ /dev/null
@@ -1,394 +0,0 @@
-# P2P helper functions
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import threading
-import time
-try:
-    from Queue import Queue
-except ImportError:
-    from queue import Queue
-
-import hwsim_utils
-
-MGMT_SUBTYPE_PROBE_REQ = 4
-MGMT_SUBTYPE_ACTION = 13
-ACTION_CATEG_PUBLIC = 4
-
-P2P_GO_NEG_REQ = 0
-P2P_GO_NEG_RESP = 1
-P2P_GO_NEG_CONF = 2
-P2P_INVITATION_REQ = 3
-P2P_INVITATION_RESP = 4
-P2P_DEV_DISC_REQ = 5
-P2P_DEV_DISC_RESP = 6
-P2P_PROV_DISC_REQ = 7
-P2P_PROV_DISC_RESP = 8
-
-P2P_ATTR_STATUS = 0
-P2P_ATTR_MINOR_REASON_CODE = 1
-P2P_ATTR_CAPABILITY = 2
-P2P_ATTR_DEVICE_ID = 3
-P2P_ATTR_GROUP_OWNER_INTENT = 4
-P2P_ATTR_CONFIGURATION_TIMEOUT = 5
-P2P_ATTR_LISTEN_CHANNEL = 6
-P2P_ATTR_GROUP_BSSID = 7
-P2P_ATTR_EXT_LISTEN_TIMING = 8
-P2P_ATTR_INTENDED_INTERFACE_ADDR = 9
-P2P_ATTR_MANAGEABILITY = 10
-P2P_ATTR_CHANNEL_LIST = 11
-P2P_ATTR_NOTICE_OF_ABSENCE = 12
-P2P_ATTR_DEVICE_INFO = 13
-P2P_ATTR_GROUP_INFO = 14
-P2P_ATTR_GROUP_ID = 15
-P2P_ATTR_INTERFACE = 16
-P2P_ATTR_OPERATING_CHANNEL = 17
-P2P_ATTR_INVITATION_FLAGS = 18
-P2P_ATTR_OOB_GO_NEG_CHANNEL = 19
-P2P_ATTR_SERVICE_HASH = 21
-P2P_ATTR_SESSION_INFORMATION_DATA = 22
-P2P_ATTR_CONNECTION_CAPABILITY = 23
-P2P_ATTR_ADVERTISEMENT_ID = 24
-P2P_ATTR_ADVERTISED_SERVICE = 25
-P2P_ATTR_SESSION_ID = 26
-P2P_ATTR_FEATURE_CAPABILITY = 27
-P2P_ATTR_PERSISTENT_GROUP = 28
-P2P_ATTR_VENDOR_SPECIFIC = 221
-
-P2P_SC_SUCCESS = 0
-P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE = 1
-P2P_SC_FAIL_INCOMPATIBLE_PARAMS = 2
-P2P_SC_FAIL_LIMIT_REACHED = 3
-P2P_SC_FAIL_INVALID_PARAMS = 4
-P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE = 5
-P2P_SC_FAIL_PREV_PROTOCOL_ERROR = 6
-P2P_SC_FAIL_NO_COMMON_CHANNELS = 7
-P2P_SC_FAIL_UNKNOWN_GROUP = 8
-P2P_SC_FAIL_BOTH_GO_INTENT_15 = 9
-P2P_SC_FAIL_INCOMPATIBLE_PROV_METHOD = 10
-P2P_SC_FAIL_REJECTED_BY_USER = 11
-
-WSC_ATTR_CONFIG_METHODS = 0x1008
-
-WLAN_EID_SSID = 0
-WLAN_EID_SUPP_RATES = 1
-WLAN_EID_VENDOR_SPECIFIC = 221
-
-def go_neg_pin_authorized_persistent(i_dev, r_dev, i_intent=None, r_intent=None,
-                                     i_method='enter', r_method='display',
-                                     test_data=True, r_listen=True):
-    if r_listen:
-        r_dev.p2p_listen()
-    i_dev.p2p_listen()
-    pin = r_dev.wps_read_pin()
-    logger.info("Start GO negotiation " + i_dev.ifname + " -> " + r_dev.ifname)
-    r_dev.p2p_go_neg_auth(i_dev.p2p_dev_addr(), pin, r_method,
-                          go_intent=r_intent, persistent=True)
-    if r_listen:
-        r_dev.p2p_listen()
-    i_res = i_dev.p2p_go_neg_init(r_dev.p2p_dev_addr(), pin, i_method,
-                                  timeout=20, go_intent=i_intent,
-                                  persistent=True)
-    r_res = r_dev.p2p_go_neg_auth_result()
-    logger.debug("i_res: " + str(i_res))
-    logger.debug("r_res: " + str(r_res))
-    r_dev.dump_monitor()
-    i_dev.dump_monitor()
-    logger.info("Group formed")
-    if test_data:
-        hwsim_utils.test_connectivity_p2p(r_dev, i_dev)
-    return [i_res, r_res]
-
-def terminate_group(go, cli):
-    logger.info("Terminate persistent group")
-    cli.close_monitor_group()
-    go.remove_group()
-    cli.wait_go_ending_session()
-
-def invite(inv, resp, extra=None, persistent_reconnect=True, use_listen=True):
-    addr = resp.p2p_dev_addr()
-    if persistent_reconnect:
-        resp.global_request("SET persistent_reconnect 1")
-    else:
-        resp.global_request("SET persistent_reconnect 0")
-    if use_listen:
-        resp.p2p_listen()
-    else:
-        resp.p2p_find(social=True)
-    if not inv.discover_peer(addr, social=True):
-        raise Exception("Peer " + addr + " not found")
-    inv.dump_monitor()
-    peer = inv.get_peer(addr)
-    cmd = "P2P_INVITE persistent=" + peer['persistent'] + " peer=" + addr
-    if extra:
-        cmd = cmd + " " + extra
-    inv.global_request(cmd)
-
-def check_result(go, cli):
-    ev = go.wait_global_event(["P2P-GROUP-STARTED",
-                               "Failed to start AP functionality"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group re-invocation (on GO)")
-    if "P2P-GROUP-STARTED" not in ev:
-        raise Exception("GO failed to start the group for re-invocation")
-    if "[PERSISTENT]" not in ev:
-        raise Exception("Re-invoked group not marked persistent")
-    go_res = go.group_form_result(ev)
-    if go_res['role'] != 'GO':
-        raise Exception("Persistent group GO did not become GO")
-    if not go_res['persistent']:
-        raise Exception("Persistent group not re-invoked as persistent (GO)")
-    ev = cli.wait_global_event(["P2P-GROUP-STARTED"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group re-invocation (on client)")
-    if "[PERSISTENT]" not in ev:
-        raise Exception("Re-invoked group not marked persistent")
-    cli_res = cli.group_form_result(ev)
-    if cli_res['role'] != 'client':
-        raise Exception("Persistent group client did not become client")
-    if not cli_res['persistent']:
-        raise Exception("Persistent group not re-invoked as persistent (cli)")
-    return [go_res, cli_res]
-
-def form(go, cli, test_data=True, reverse_init=False, r_listen=True):
-    logger.info("Form a persistent group")
-    if reverse_init:
-        [i_res, r_res] = go_neg_pin_authorized_persistent(i_dev=cli, i_intent=0,
-                                                          r_dev=go, r_intent=15,
-                                                          test_data=test_data,
-                                                          r_listen=r_listen)
-    else:
-        [i_res, r_res] = go_neg_pin_authorized_persistent(i_dev=go, i_intent=15,
-                                                          r_dev=cli, r_intent=0,
-                                                          test_data=test_data,
-                                                          r_listen=r_listen)
-    if not i_res['persistent'] or not r_res['persistent']:
-        raise Exception("Formed group was not persistent")
-    terminate_group(go, cli)
-    if reverse_init:
-        return r_res
-    else:
-        return i_res
-
-def invite_from_cli(go, cli, terminate=True):
-    logger.info("Re-invoke persistent group from client")
-    invite(cli, go)
-    [go_res, cli_res] = check_result(go, cli)
-    hwsim_utils.test_connectivity_p2p(go, cli)
-    if terminate:
-        terminate_group(go, cli)
-    return [go_res, cli_res]
-
-def invite_from_go(go, cli, terminate=True, extra=None):
-    logger.info("Re-invoke persistent group from GO")
-    invite(go, cli, extra=extra)
-    [go_res, cli_res] = check_result(go, cli)
-    hwsim_utils.test_connectivity_p2p(go, cli)
-    if terminate:
-        terminate_group(go, cli)
-    return [go_res, cli_res]
-
-def autogo(go, freq=None, persistent=None):
-    logger.info("Start autonomous GO " + go.ifname)
-    res = go.p2p_start_go(freq=freq, persistent=persistent)
-    logger.debug("res: " + str(res))
-    return res
-
-def connect_cli(go, client, social=False, freq=None):
-    logger.info("Try to connect the client to the GO")
-    pin = client.wps_read_pin()
-    go.p2p_go_authorize_client(pin)
-    res = client.p2p_connect_group(go.p2p_dev_addr(), pin, timeout=60,
-                                   social=social, freq=freq)
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(go, client)
-    return res
-
-def check_grpform_results(i_res, r_res):
-    if i_res['result'] != 'success' or r_res['result'] != 'success':
-        raise Exception("Failed group formation")
-    if i_res['ssid'] != r_res['ssid']:
-        raise Exception("SSID mismatch")
-    if i_res['freq'] != r_res['freq']:
-        raise Exception("freq mismatch")
-    if 'go_neg_freq' in r_res and i_res['go_neg_freq'] != r_res['go_neg_freq']:
-        raise Exception("go_neg_freq mismatch")
-    if i_res['freq'] != i_res['go_neg_freq']:
-        raise Exception("freq/go_neg_freq mismatch")
-    if i_res['role'] != i_res['go_neg_role']:
-        raise Exception("role/go_neg_role mismatch")
-    if 'go_neg_role' in r_res and r_res['role'] != r_res['go_neg_role']:
-        raise Exception("role/go_neg_role mismatch")
-    if i_res['go_dev_addr'] != r_res['go_dev_addr']:
-        raise Exception("GO Device Address mismatch")
-
-def go_neg_init(i_dev, r_dev, pin, i_method, i_intent, res):
-    logger.debug("Initiate GO Negotiation from i_dev")
-    try:
-        i_res = i_dev.p2p_go_neg_init(r_dev.p2p_dev_addr(), pin, i_method, timeout=20, go_intent=i_intent)
-        logger.debug("i_res: " + str(i_res))
-    except Exception as e:
-        i_res = None
-        logger.info("go_neg_init thread caught an exception from p2p_go_neg_init: " + str(e))
-    res.put(i_res)
-
-def go_neg_pin(i_dev, r_dev, i_intent=None, r_intent=None, i_method='enter', r_method='display'):
-    r_dev.p2p_listen()
-    i_dev.p2p_listen()
-    pin = r_dev.wps_read_pin()
-    logger.info("Start GO negotiation " + i_dev.ifname + " -> " + r_dev.ifname)
-    r_dev.dump_monitor()
-    res = Queue()
-    t = threading.Thread(target=go_neg_init, args=(i_dev, r_dev, pin, i_method, i_intent, res))
-    t.start()
-    logger.debug("Wait for GO Negotiation Request on r_dev")
-    ev = r_dev.wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-    if ev is None:
-        t.join()
-        raise Exception("GO Negotiation timed out")
-    r_dev.dump_monitor()
-    logger.debug("Re-initiate GO Negotiation from r_dev")
-    try:
-        r_res = r_dev.p2p_go_neg_init(i_dev.p2p_dev_addr(), pin, r_method,
-                                      go_intent=r_intent, timeout=20)
-    except Exception as e:
-        logger.info("go_neg_pin - r_dev.p2p_go_neg_init() exception: " + str(e))
-        t.join()
-        raise
-    logger.debug("r_res: " + str(r_res))
-    r_dev.dump_monitor()
-    t.join()
-    i_res = res.get()
-    if i_res is None:
-        raise Exception("go_neg_init thread failed")
-    logger.debug("i_res: " + str(i_res))
-    logger.info("Group formed")
-    hwsim_utils.test_connectivity_p2p(r_dev, i_dev)
-    i_dev.dump_monitor()
-    return [i_res, r_res]
-
-def go_neg_pin_authorized(i_dev, r_dev, i_intent=None, r_intent=None,
-                          expect_failure=False, i_go_neg_status=None,
-                          i_method='enter', r_method='display', test_data=True,
-                          i_freq=None, r_freq=None,
-                          i_freq2=None, r_freq2=None,
-                          i_max_oper_chwidth=None, r_max_oper_chwidth=None,
-                          i_ht40=False, i_vht=False, r_ht40=False, r_vht=False):
-    i_dev.p2p_listen()
-    pin = r_dev.wps_read_pin()
-    logger.info("Start GO negotiation " + i_dev.ifname + " -> " + r_dev.ifname)
-    r_dev.p2p_go_neg_auth(i_dev.p2p_dev_addr(), pin, r_method,
-                          go_intent=r_intent, freq=r_freq, freq2=r_freq2,
-                          max_oper_chwidth=r_max_oper_chwidth, ht40=r_ht40,
-                          vht=r_vht)
-    r_dev.p2p_listen()
-    i_res = i_dev.p2p_go_neg_init(r_dev.p2p_dev_addr(), pin, i_method,
-                                  timeout=20, go_intent=i_intent,
-                                  expect_failure=expect_failure, freq=i_freq,
-                                  freq2=i_freq2,
-                                  max_oper_chwidth=i_max_oper_chwidth,
-                                  ht40=i_ht40, vht=i_vht)
-    r_res = r_dev.p2p_go_neg_auth_result(expect_failure=expect_failure)
-    logger.debug("i_res: " + str(i_res))
-    logger.debug("r_res: " + str(r_res))
-    r_dev.dump_monitor()
-    i_dev.dump_monitor()
-    if i_go_neg_status:
-        if i_res['result'] != 'go-neg-failed':
-            raise Exception("Expected GO Negotiation failure not reported")
-        if i_res['status'] != i_go_neg_status:
-            raise Exception("Expected GO Negotiation status not seen")
-    if expect_failure:
-        return
-    logger.info("Group formed")
-    if test_data:
-        hwsim_utils.test_connectivity_p2p(r_dev, i_dev)
-    return [i_res, r_res]
-
-def go_neg_init_pbc(i_dev, r_dev, i_intent, res, freq, provdisc):
-    logger.debug("Initiate GO Negotiation from i_dev")
-    try:
-        i_res = i_dev.p2p_go_neg_init(r_dev.p2p_dev_addr(), None, "pbc",
-                                      timeout=20, go_intent=i_intent, freq=freq,
-                                      provdisc=provdisc)
-        logger.debug("i_res: " + str(i_res))
-    except Exception as e:
-        i_res = None
-        logger.info("go_neg_init_pbc thread caught an exception from p2p_go_neg_init: " + str(e))
-    res.put(i_res)
-
-def go_neg_pbc(i_dev, r_dev, i_intent=None, r_intent=None, i_freq=None, r_freq=None, provdisc=False, r_listen=False):
-    if r_listen:
-        r_dev.p2p_listen()
-    else:
-        r_dev.p2p_find(social=True)
-    i_dev.p2p_find(social=True)
-    logger.info("Start GO negotiation " + i_dev.ifname + " -> " + r_dev.ifname)
-    r_dev.dump_monitor()
-    res = Queue()
-    t = threading.Thread(target=go_neg_init_pbc, args=(i_dev, r_dev, i_intent, res, i_freq, provdisc))
-    t.start()
-    logger.debug("Wait for GO Negotiation Request on r_dev")
-    ev = r_dev.wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-    if ev is None:
-        t.join()
-        raise Exception("GO Negotiation timed out")
-    r_dev.dump_monitor()
-    # Allow some time for the GO Neg Resp to go out before initializing new
-    # GO Negotiation.
-    time.sleep(0.2)
-    logger.debug("Re-initiate GO Negotiation from r_dev")
-    try:
-        r_res = r_dev.p2p_go_neg_init(i_dev.p2p_dev_addr(), None, "pbc",
-                                      go_intent=r_intent, timeout=20,
-                                      freq=r_freq)
-    except Exception as e:
-        logger.info("go_neg_pbc - r_dev.p2p_go_neg_init() exception: " + str(e))
-        t.join()
-        raise
-    logger.debug("r_res: " + str(r_res))
-    r_dev.dump_monitor()
-    t.join()
-    i_res = res.get()
-    if i_res is None:
-        raise Exception("go_neg_init_pbc thread failed")
-    logger.debug("i_res: " + str(i_res))
-    logger.info("Group formed")
-    hwsim_utils.test_connectivity_p2p(r_dev, i_dev)
-    i_dev.dump_monitor()
-    return [i_res, r_res]
-
-def go_neg_pbc_authorized(i_dev, r_dev, i_intent=None, r_intent=None,
-                          expect_failure=False, i_freq=None, r_freq=None):
-    i_dev.p2p_listen()
-    logger.info("Start GO negotiation " + i_dev.ifname + " -> " + r_dev.ifname)
-    r_dev.p2p_go_neg_auth(i_dev.p2p_dev_addr(), None, "pbc",
-                          go_intent=r_intent, freq=r_freq)
-    r_dev.p2p_listen()
-    i_res = i_dev.p2p_go_neg_init(r_dev.p2p_dev_addr(), None, "pbc", timeout=20,
-                                  go_intent=i_intent,
-                                  expect_failure=expect_failure, freq=i_freq)
-    r_res = r_dev.p2p_go_neg_auth_result(expect_failure=expect_failure)
-    logger.debug("i_res: " + str(i_res))
-    logger.debug("r_res: " + str(r_res))
-    r_dev.dump_monitor()
-    i_dev.dump_monitor()
-    if expect_failure:
-        return
-    logger.info("Group formed")
-    return [i_res, r_res]
-
-def remove_group(dev1, dev2, allow_failure=False):
-    try:
-        dev1.remove_group()
-    except:
-        if not allow_failure:
-            raise
-    try:
-        dev2.remove_group()
-    except:
-        pass
diff --git a/tests/hwsim/pps-mo-1.xml b/tests/hwsim/pps-mo-1.xml
deleted file mode 100644
index b5f818537230..000000000000
--- a/tests/hwsim/pps-mo-1.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<PerProviderSubscription>
-	<UpdateIdentifier>1</UpdateIdentifier>
-	<Cred01>
-		<Policy>
-			<PreferredRoamingPartnerList>
-				<RP01>
-					<FQDN_Match>another.example.org,includeSubdomains</FQDN_Match>
-					<Priority>10</Priority>
-				</RP01>
-				<RP02>
-					<FQDN_Match>example.com,exactMatch</FQDN_Match>
-					<Priority>20</Priority>
-				</RP02>
-			</PreferredRoamingPartnerList>
-			<PolicyUpdate>
-				<UpdateInterval>10</UpdateInterval>
-				<UpdateMethod>SPP-ClientInitiated</UpdateMethod>
-				<Restriction>Unrestricted</Restriction>
-				<URI>https://policy.example.com/run</URI>
-				<TrustRoot>
-					<CertURL>http://example.com/policy-root.der</CertURL>
-					<CertSHA256Fingerprint>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</CertSHA256Fingerprint>
-				</TrustRoot>
-			</PolicyUpdate>
-		</Policy>
-		<CredentialPriority>1</CredentialPriority>
-		<AAAServerTrustRoot>
-			<Root1>
-				<CertURL>http://example.com/cacert.der</CertURL>
-				<CertSHA256Fingerprint>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</CertSHA256Fingerprint>
-			</Root1>
-		</AAAServerTrustRoot>
-		<SubscriptionUpdate>
-			<UpdateInterval>4294967295</UpdateInterval>
-			<UpdateMethod>SPP-ClientInitiated</UpdateMethod>
-			<Restriction>HomeSP</Restriction>
-			<URI>https://remediation.example.com/run</URI>
-			<TrustRoot>
-				<CertURL>http://example.com/subscription-root.der</CertURL>
-				<CertSHA256Fingerprint>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</CertSHA256Fingerprint>
-			</TrustRoot>
-		</SubscriptionUpdate>
-		<HomeSP>
-			<FriendlyName>Example Operator</FriendlyName>
-			<FQDN>w1.fi</FQDN>
-			<RoamingConsortiumOI>010203040506</RoamingConsortiumOI>
-		</HomeSP>
-		<Credential>
-			<CreationDate>2012-12-01T12:00:00Z</CreationDate>
-			<UsernamePassword>
-				<Username>hs20-test</Username>
-				<Password>cGFzc3dvcmQ=</Password>
-				<MachineManaged>TRUE</MachineManaged>
-				<EAPMethod>
-					<EAPType>21</EAPType>
-					<InnerMethod>MS-CHAP-V2</InnerMethod>
-				</EAPMethod>
-			</UsernamePassword>
-			<Realm>w1.fi</Realm>
-		</Credential>
-	</Cred01>
-</PerProviderSubscription>
diff --git a/tests/hwsim/radius_das.py b/tests/hwsim/radius_das.py
deleted file mode 100644
index 4a43da4474f7..000000000000
--- a/tests/hwsim/radius_das.py
+++ /dev/null
@@ -1,47 +0,0 @@
-# RADIUS DAS extensions to pyrad
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hashlib
-import random
-import struct
-import pyrad.packet
-
-class DisconnectPacket(pyrad.packet.Packet):
-    def __init__(self, code=pyrad.packet.DisconnectRequest, id=None,
-                 secret=None, authenticator=None, **attributes):
-        pyrad.packet.Packet.__init__(self, code, id, secret, authenticator,
-                                     **attributes)
-
-    def RequestPacket(self):
-        attr = b''
-        for code, datalst in sorted(self.items()):
-            for data in datalst:
-                attr += self._PktEncodeAttribute(code, data)
-
-        if self.id is None:
-            self.id = random.randrange(0, 256)
-
-        header = struct.pack('!BBH', self.code, self.id, (20 + len(attr)))
-        self.authenticator = hashlib.md5(header[0:4] + 16 * b'\x00' + attr
-            + self.secret).digest()
-        return header + self.authenticator + attr
-
-class CoAPacket(pyrad.packet.Packet):
-    def __init__(self, code=pyrad.packet.CoARequest, id=None,
-                 secret=None, authenticator=None, **attributes):
-        pyrad.packet.Packet.__init__(self, code, id, secret, authenticator,
-                                     **attributes)
-
-    def RequestPacket(self):
-        attr = self._PktEncodeAttributes()
-
-        if self.id is None:
-            self.id = random.randrange(0, 256)
-
-        header = struct.pack('!BBH', self.code, self.id, (20 + len(attr)))
-        self.authenticator = hashlib.md5(header[0:4] + 16 * b'\x00' + attr
-            + self.secret).digest()
-        return header + self.authenticator + attr
diff --git a/tests/hwsim/remotehost.py b/tests/hwsim/remotehost.py
deleted file mode 100644
index 9d7c657a1e93..000000000000
--- a/tests/hwsim/remotehost.py
+++ /dev/null
@@ -1,259 +0,0 @@
-# Host class
-# Copyright (c) 2016, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-import subprocess
-import threading
-import tempfile
-import os
-import traceback
-import select
-
-logger = logging.getLogger()
-
-def remote_compatible(func):
-    func.remote_compatible = True
-    return func
-
-def execute_thread(command, reply):
-    cmd = ' '.join(command)
-    logger.debug("thread run: " + cmd)
-    err = tempfile.TemporaryFile()
-    try:
-        status = 0
-        buf = subprocess.check_output(command, stderr=err, bufsize=0).decode()
-    except subprocess.CalledProcessError as e:
-        status = e.returncode
-        err.seek(0)
-        buf = err.read()
-    err.close()
-
-    logger.debug("thread cmd: " + cmd)
-    logger.debug("thread exit status: " + str(status))
-    logger.debug("thread exit buf: " + str(buf))
-    reply.append(status)
-    reply.append(buf)
-
-def gen_reaper_file(conf):
-    fd, filename = tempfile.mkstemp(dir='/tmp', prefix=conf + '-')
-    f = os.fdopen(fd, 'w')
-
-    f.write("#!/bin/sh\n")
-    f.write("name=\"$(basename $0)\"\n")
-    f.write("echo $$ > /tmp/$name.pid\n")
-    f.write("exec \"$@\"\n");
-
-    return filename;
-
-class Host():
-    def __init__(self, host=None, ifname=None, port=None, name="", user="root"):
-        self.host = host
-        self.name = name
-        self.user = user
-        self.monitors = []
-        self.monitor_thread = None
-        self.logs = []
-        self.ifname = ifname
-        self.port = port
-        self.dev = None
-        self.monitor_params = []
-        if self.name == "" and host != None:
-            self.name = host
-
-    def local_execute(self, command):
-        logger.debug("execute: " + str(command))
-        err = tempfile.TemporaryFile()
-        try:
-            status = 0
-            buf = subprocess.check_output(command, stderr=err)
-        except subprocess.CalledProcessError as e:
-            status = e.returncode
-            err.seek(0)
-            buf = err.read()
-        err.close()
-
-        logger.debug("status: " + str(status))
-        logger.debug("buf: " + str(buf))
-        return status, buf.decode()
-
-    def execute(self, command):
-        if self.host is None:
-            return self.local_execute(command)
-
-        cmd = ["ssh", self.user + "@" + self.host, ' '.join(command)]
-        _cmd = self.name + " execute: " + ' '.join(cmd)
-        logger.debug(_cmd)
-        err = tempfile.TemporaryFile()
-        try:
-            status = 0
-            buf = subprocess.check_output(cmd, stderr=err)
-        except subprocess.CalledProcessError as e:
-            status = e.returncode
-            err.seek(0)
-            buf = err.read()
-        err.close()
-
-        logger.debug(self.name + " status: " + str(status))
-        logger.debug(self.name + " buf: " + str(buf))
-        return status, buf.decode()
-
-    # async execute
-    def thread_run(self, command, res, use_reaper=True):
-        if use_reaper:
-            filename = gen_reaper_file("reaper")
-            self.send_file(filename, filename)
-            self.execute(["chmod", "755", filename])
-            _command = [filename] + command
-        else:
-            filename = ""
-            _command = command
-
-        if self.host is None:
-            cmd = _command
-        else:
-            cmd = ["ssh", self.user + "@" + self.host, ' '.join(_command)]
-        _cmd = self.name + " thread_run: " + ' '.join(cmd)
-        logger.debug(_cmd)
-        t = threading.Thread(target=execute_thread, name=filename, args=(cmd, res))
-        t.start()
-        return t
-
-    def thread_stop(self, t):
-        if t.name.find("reaper") == -1:
-            raise Exception("use_reaper required")
-
-        pid_file = t.name + ".pid"
-
-        if t.is_alive():
-            cmd = ["kill `cat " + pid_file + "`"]
-            self.execute(cmd)
-
-        # try again
-        self.thread_wait(t, 5)
-        if t.is_alive():
-            cmd = ["kill `cat " + pid_file + "`"]
-            self.execute(cmd)
-
-        # try with -9
-        self.thread_wait(t, 5)
-        if t.is_alive():
-            cmd = ["kill -9 `cat " + pid_file + "`"]
-            self.execute(cmd)
-
-        self.thread_wait(t, 5)
-        if t.is_alive():
-            raise Exception("thread still alive")
-
-        self.execute(["rm", pid_file])
-        self.execute(["rm", t.name])
-        self.local_execute(["rm", t.name])
-
-    def thread_wait(self, t, wait=None):
-        if wait == None:
-            wait_str = "infinite"
-        else:
-            wait_str = str(wait) + "s"
-
-        logger.debug(self.name + " thread_wait(" + wait_str + "): ")
-        if t.is_alive():
-            t.join(wait)
-
-    def pending(self, s, timeout=0):
-        [r, w, e] = select.select([s], [], [], timeout)
-        if r:
-            return True
-        return False
-
-    def proc_run(self, command):
-        filename = gen_reaper_file("reaper")
-        self.send_file(filename, filename)
-        self.execute(["chmod", "755", filename])
-        _command = [filename] + command
-
-        if self.host:
-            cmd = ["ssh", self.user + "@" + self.host, ' '.join(_command)]
-        else:
-            cmd = _command
-
-        _cmd = self.name + " proc_run: " + ' '.join(cmd)
-        logger.debug(_cmd)
-        err = tempfile.TemporaryFile()
-        proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=err,
-                                bufsize=0)
-        proc.reaper_file = filename
-        return proc
-
-    def proc_wait_event(self, proc, events, timeout=10):
-        if not isinstance(events, list):
-            raise Exception("proc_wait_event() events not a list")
-
-        logger.debug(self.name + " proc_wait_event: " + ' '.join(events) + " timeout: " + str(timeout))
-        start = os.times()[4]
-        try:
-            while True:
-                while self.pending(proc.stdout):
-                    line = proc.stdout.readline()
-                    if not line:
-                        return None
-                    line = line.decode()
-                    logger.debug(line.strip('\n'))
-                    for event in events:
-                        if event in line:
-                            return line
-                now = os.times()[4]
-                remaining = start + timeout - now
-                if remaining <= 0:
-                    break
-                if not self.pending(proc.stdout, timeout=remaining):
-                    break
-        except:
-            logger.debug(traceback.format_exc())
-            pass
-        return None
-
-    def proc_stop(self, proc):
-        if not proc:
-            return
-
-        self.execute(["kill `cat " + proc.reaper_file + ".pid`"])
-        self.execute(["rm", proc.reaper_file + ".pid"])
-        self.execute(["rm", proc.reaper_file])
-        self.local_execute(["rm", proc.reaper_file])
-        proc.kill()
-
-    def proc_dump(self, proc):
-        if not proc:
-            return ""
-        return proc.stdout.read()
-
-    def execute_and_wait_event(self, command, events, timeout=10):
-        proc = None
-        ev = None
-
-        try:
-            proc = self.proc_run(command)
-            ev = self.proc_wait_event(proc, events, timeout)
-        except:
-            pass
-
-        self.proc_stop(proc)
-        return ev
-
-    def add_log(self, log_file):
-        self.logs.append(log_file)
-
-    def get_logs(self, local_log_dir=None):
-        for log in self.logs:
-            if local_log_dir:
-                self.local_execute(["scp", self.user + "@[" + self.host + "]:" + log, local_log_dir])
-            self.execute(["rm", log])
-        del self.logs[:]
-
-    def send_file(self, src, dst):
-        if self.host is None:
-            return
-        self.local_execute(["scp", src,
-                            self.user + "@[" + self.host + "]:" + dst])
diff --git a/tests/hwsim/rfkill.py b/tests/hwsim/rfkill.py
deleted file mode 100755
index 72b2527feaa8..000000000000
--- a/tests/hwsim/rfkill.py
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/usr/bin/env python
-#
-# rfkill control code
-#
-# Copyright (c) 2015	Intel Corporation
-#
-# Author: Johannes Berg <johannes.berg@intel.com>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import struct
-import fcntl
-import os
-
-(TYPE_ALL,
- TYPE_WLAN,
- TYPE_BLUETOOTH,
- TYPE_UWB,
- TYPE_WIMAX,
- TYPE_WWAN,
- TYPE_GPS,
- TYPE_FM,
- TYPE_NFC) = list(range(9))
-
-(_OP_ADD,
- _OP_DEL,
- _OP_CHANGE,
- _OP_CHANGE_ALL) = list(range(4))
-
-_type_names = {
-    TYPE_ALL: "all",
-    TYPE_WLAN: "Wireless LAN",
-    TYPE_BLUETOOTH: "Bluetooth",
-    TYPE_UWB: "Ultra-Wideband",
-    TYPE_WIMAX: "WiMAX",
-    TYPE_WWAN: "Wireless WAN",
-    TYPE_GPS: "GPS",
-    TYPE_FM: "FM",
-    TYPE_NFC: "NFC",
-}
-
-# idx, type, op, soft, hard
-_event_struct = '@IBBBB'
-_event_sz = struct.calcsize(_event_struct)
-
-class RFKillException(Exception):
-    pass
-
-class RFKill(object):
-    def __init__(self, idx):
-        self._idx = idx
-        self._type = None
-
-    @property
-    def idx(self):
-        return self._idx
-
-    @property
-    def name(self):
-        return open('/sys/class/rfkill/rfkill%d/name' % self._idx, 'r').read().rstrip()
-
-    @property
-    def type(self):
-        if not self._type:
-            for r, s, h in RFKill.list():
-                if r.idx == self.idx:
-                    self._type = r._type
-                    break
-        return self._type
-
-    @property
-    def type_name(self):
-        return _type_names.get(self._type, "unknown")
-
-    @property
-    def blocked(self):
-        l = RFKill.list()
-        for r, s, h in l:
-            if r.idx == self.idx:
-                return (s, h)
-        raise RFKillException("RFKill instance no longer exists")
-
-    @property
-    def soft_blocked(self):
-        return self.blocked[0]
-
-    @soft_blocked.setter
-    def soft_blocked(self, block):
-        if block:
-            self.block()
-        else:
-            self.unblock()
-
-    @property
-    def hard_blocked(self):
-        return self.blocked[1]
-
-    def block(self):
-        rfk = open('/dev/rfkill', 'wb')
-        s = struct.pack(_event_struct, self.idx, TYPE_ALL, _OP_CHANGE, 1, 0)
-        rfk.write(s)
-        rfk.close()
-
-    def unblock(self):
-        rfk = open('/dev/rfkill', 'wb')
-        s = struct.pack(_event_struct, self.idx, TYPE_ALL, _OP_CHANGE, 0, 0)
-        rfk.write(s)
-        rfk.close()
-
-    @classmethod
-    def block_all(cls, t=TYPE_ALL):
-        rfk = open('/dev/rfkill', 'wb')
-        print(rfk)
-        s = struct.pack(_event_struct, 0, t, _OP_CHANGE_ALL, 1, 0)
-        rfk.write(s)
-        rfk.close()
-
-    @classmethod
-    def unblock_all(cls, t=TYPE_ALL):
-        rfk = open('/dev/rfkill', 'wb')
-        s = struct.pack(_event_struct, 0, t, _OP_CHANGE_ALL, 0, 0)
-        rfk.write(s)
-        rfk.close()
-
-    @classmethod
-    def list(cls):
-        res = []
-        rfk = open('/dev/rfkill', 'rb', buffering=0)
-        fd = rfk.fileno()
-        flgs = fcntl.fcntl(fd, fcntl.F_GETFL)
-        fcntl.fcntl(fd, fcntl.F_SETFL, flgs | os.O_NONBLOCK)
-        while True:
-            try:
-                d = rfk.read(_event_sz)
-                if d == None:
-                    break
-                _idx, _t, _op, _s, _h = struct.unpack(_event_struct, d)
-                if _op != _OP_ADD:
-                    continue
-                r = RFKill(_idx)
-                r._type = _t
-                res.append((r, _s, _h))
-            except IOError:
-                break
-        return res
-
-if __name__ == "__main__":
-    for r, s, h in RFKill.list():
-        print("%d: %s: %s" % (r.idx, r.name, r.type_name))
-        print("\tSoft blocked: %s" % ("yes" if s else "no"))
-        print("\tHard blocked: %s" % ("yes" if h else "no"))
diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
deleted file mode 100755
index ee48cd0581c6..000000000000
--- a/tests/hwsim/run-all.sh
+++ /dev/null
@@ -1,162 +0,0 @@
-#!/bin/sh
-
-errors=0
-umask 0002
-
-DATE="$(date +%s)"
-unset LOGBASEDIR
-if [ -z "$LOGDIR" ]; then
-	LOGBASEDIR=logs
-	LOGDIR=$LOGBASEDIR/$DATE
-	mkdir -p $LOGDIR
-fi
-export LOGDIR
-
-if [ -z "$DBFILE" ]; then
-    DB=""
-else
-    DB="-S $DBFILE --commit $(git rev-parse HEAD)"
-    if [ -n "$BUILD" ]; then
-	DB="$DB -b $BUILD"
-    fi
-    if [ "$PREFILL_DB" = "y" ] ; then
-        DB="$DB --prefill-tests"
-    fi
-fi
-
-usage()
-{
-	echo "$0 [-v | --valgrind | valgrind] [-t | --trace | trace]"
-	echo "\t[-n <num> | --channels <num>] [-B | --build]"
-	echo "\t[-c | --codecov ] [run-tests.py parameters]"
-	exit 1
-}
-
-unset VALGRIND
-unset TRACE
-unset TRACE_ARGS
-unset RUN_TEST_ARGS
-unset BUILD
-unset BUILD_ARGS
-unset CODECOV
-unset VM
-while [ "$1" != "" ]; do
-	case $1 in
-		-v | --valgrind | valgrind)
-			shift
-			echo "$0: using valgrind"
-			VALGRIND=valgrind
-			;;
-		-t | --trace | trace)
-			shift
-			echo "$0: using Trace"
-			TRACE=trace
-			;;
-		-n | --channels)
-			shift
-			NUM_CH=$1
-			shift
-			echo "$0: using channels=$NUM_CH"
-			;;
-		-B | --build)
-			shift
-			echo "$0: build before running tests"
-			BUILD=build
-			;;
-		-c | --codecov)
-			shift
-			echo "$0: using code coverage"
-			CODECOV=lcov
-			BUILD_ARGS=-c
-			;;
-		-h | --help)
-			usage
-			;;
-		-V | --vm)
-			shift
-			echo "$0: running inside a VM"
-			VM=VM
-			;;
-
-		*)
-			RUN_TEST_ARGS="$RUN_TEST_ARGS$1 "
-			shift
-			;;
-	esac
-done
-
-if [ ! -z "$RUN_TEST_ARGS" ]; then
-	echo "$0: passing the following args to run-tests.py: $RUN_TEST_ARGS"
-fi
-
-unset SUFFIX
-if [ ! -z "$BUILD" ]; then
-	SUFFIX=-build
-fi
-
-if [ ! -z "$VALGRIND" ]; then
-	SUFFIX=$SUFFIX-valgrind
-fi
-
-if [ ! -z "$TRACE" ]; then
-	SUFFIX=$SUFFIX-trace
-	TRACE_ARGS="-T"
-fi
-
-if [ ! -z "$CODECOV" ]; then
-	SUFFIX=$SUFFIX-codecov
-fi
-
-if [ ! -z "$BUILD" ]; then
-    echo "Building with args=$BUILD_ARGS"
-    if ! ./build.sh $BUILD_ARGS; then
-	    echo "Failed building components"
-	    exit 1
-    fi
-fi
-
-if ! ./start.sh $VM $VALGRIND $TRACE channels=$NUM_CH; then
-	if ! [ -z "$LOGBASEDIR" ] ; then
-		echo "Could not start test environment" > $LOGDIR/run
-	fi
-	exit 1
-fi
-
-# Only use sudo if not already root.
-if [ "$(id -u)" != 0 ]; then
-	SUDO=sudo
-else
-	SUDO=
-fi
-${SUDO} ./run-tests.py -D --logdir "$LOGDIR" $TRACE_ARGS -q $DB $RUN_TEST_ARGS || errors=1
-
-./stop.sh
-
-if [ ! -z "$VALGRIND" ] ; then
-    failures=`grep "ERROR SUMMARY" $LOGDIR/valgrind-* | grep -v " 0 errors" | wc -l`
-    if [ $failures -gt 0 ]; then
-	echo "Mark as failed due to valgrind errors"
-	errors=1
-    fi
-fi
-
-if tail -100 $LOGDIR/auth_serv | grep -q MEMLEAK; then
-    echo "Mark as failed due to authentication server memory leak"
-    errors=1
-fi
-
-if [ ! -z "$CODECOV" ] ; then
-	lcov -q --capture --directory ../../wpa_supplicant --output-file $LOGDIR/wpas_lcov.info
-	genhtml -q $LOGDIR/wpas_lcov.info --output-directory $LOGDIR/wpas_lcov
-	lcov -q --capture --directory ../../hostapd --output-file $LOGDIR/hostapd_lcov.info
-	genhtml -q $LOGDIR/hostapd_lcov.info --output-directory $LOGDIR/hostapd_lcov
-fi
-
-if [ $errors -gt 0 ]; then
-    if [ -z $VM ]; then
-	tar czf /tmp/hwsim-tests-$DATE-FAILED$SUFFIX.tar.gz $LOGDIR/
-    fi
-    exit 1
-fi
-
-echo "ALL-PASSED"
diff --git a/tests/hwsim/run-tests.py b/tests/hwsim/run-tests.py
deleted file mode 100755
index 019533f54423..000000000000
--- a/tests/hwsim/run-tests.py
+++ /dev/null
@@ -1,692 +0,0 @@
-#!/usr/bin/env python3
-#
-# Test case executor
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import re
-import sys
-import time
-from datetime import datetime
-import argparse
-import subprocess
-import termios
-
-import logging
-logger = logging.getLogger()
-
-try:
-    import sqlite3
-    sqlite3_imported = True
-except ImportError:
-    sqlite3_imported = False
-
-scriptsdir = os.path.dirname(os.path.realpath(sys.modules[__name__].__file__))
-sys.path.append(os.path.join(scriptsdir, '..', '..', 'wpaspy'))
-
-from wpasupplicant import WpaSupplicant
-from hostapd import HostapdGlobal
-from check_kernel import check_kernel
-from wlantest import Wlantest
-from utils import HwsimSkip
-
-def set_term_echo(fd, enabled):
-    [iflag, oflag, cflag, lflag, ispeed, ospeed, cc] = termios.tcgetattr(fd)
-    if enabled:
-        lflag |= termios.ECHO
-    else:
-        lflag &= ~termios.ECHO
-    termios.tcsetattr(fd, termios.TCSANOW,
-                      [iflag, oflag, cflag, lflag, ispeed, ospeed, cc])
-
-def reset_devs(dev, apdev):
-    ok = True
-    for d in dev:
-        try:
-            d.reset()
-        except Exception as e:
-            logger.info("Failed to reset device " + d.ifname)
-            print(str(e))
-            ok = False
-
-    wpas = None
-    try:
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5', monitor=False)
-        ifaces = wpas.global_request("INTERFACES").splitlines()
-        for iface in ifaces:
-            if iface.startswith("wlan"):
-                wpas.interface_remove(iface)
-    except Exception as e:
-        pass
-    if wpas:
-        wpas.close_ctrl()
-        del wpas
-
-    try:
-        hapd = HostapdGlobal()
-        hapd.flush()
-        hapd.remove('wlan3-6')
-        hapd.remove('wlan3-5')
-        hapd.remove('wlan3-4')
-        hapd.remove('wlan3-3')
-        hapd.remove('wlan3-2')
-        for ap in apdev:
-            hapd.remove(ap['ifname'])
-        hapd.remove('as-erp')
-    except Exception as e:
-        logger.info("Failed to remove hostapd interface")
-        print(str(e))
-        ok = False
-    return ok
-
-def add_log_file(conn, test, run, type, path):
-    if not os.path.exists(path):
-        return
-    contents = None
-    with open(path, 'rb') as f:
-        contents = f.read()
-    if contents is None:
-        return
-    sql = "INSERT INTO logs(test,run,type,contents) VALUES(?, ?, ?, ?)"
-    params = (test, run, type, sqlite3.Binary(contents))
-    try:
-        conn.execute(sql, params)
-        conn.commit()
-    except Exception as e:
-        print("sqlite: " + str(e))
-        print("sql: %r" % (params, ))
-
-def report(conn, prefill, build, commit, run, test, result, duration, logdir,
-           sql_commit=True):
-    if conn:
-        if not build:
-            build = ''
-        if not commit:
-            commit = ''
-        if prefill:
-            conn.execute('DELETE FROM results WHERE test=? AND run=? AND result=?', (test, run, 'NOTRUN'))
-        sql = "INSERT INTO results(test,result,run,time,duration,build,commitid) VALUES(?, ?, ?, ?, ?, ?, ?)"
-        params = (test, result, run, time.time(), duration, build, commit)
-        try:
-            conn.execute(sql, params)
-            if sql_commit:
-                conn.commit()
-        except Exception as e:
-            print("sqlite: " + str(e))
-            print("sql: %r" % (params, ))
-
-        if result == "FAIL":
-            for log in ["log", "log0", "log1", "log2", "log3", "log5",
-                        "hostapd", "dmesg", "hwsim0", "hwsim0.pcapng"]:
-                add_log_file(conn, test, run, log,
-                             logdir + "/" + test + "." + log)
-
-class DataCollector(object):
-    def __init__(self, logdir, testname, args):
-        self._logdir = logdir
-        self._testname = testname
-        self._tracing = args.tracing
-        self._dmesg = args.dmesg
-        self._dbus = args.dbus
-    def __enter__(self):
-        if self._tracing:
-            output = os.path.abspath(os.path.join(self._logdir, '%s.dat' % (self._testname, )))
-            self._trace_cmd = subprocess.Popen(['trace-cmd', 'record', '-o', output, '-e', 'mac80211', '-e', 'cfg80211', '-e', 'printk', 'sh', '-c', 'echo STARTED ; read l'],
-                                               stdin=subprocess.PIPE,
-                                               stdout=subprocess.PIPE,
-                                               stderr=open('/dev/null', 'w'),
-                                               cwd=self._logdir)
-            l = self._trace_cmd.stdout.read(7)
-            while self._trace_cmd.poll() is None and b'STARTED' not in l:
-                l += self._trace_cmd.stdout.read(1)
-            res = self._trace_cmd.returncode
-            if res:
-                print("Failed calling trace-cmd: returned exit status %d" % res)
-                sys.exit(1)
-        if self._dbus:
-            output = os.path.abspath(os.path.join(self._logdir, '%s.dbus' % (self._testname, )))
-            self._dbus_cmd = subprocess.Popen(['dbus-monitor', '--system'],
-                                              stdout=open(output, 'w'),
-                                              stderr=open('/dev/null', 'w'),
-                                              cwd=self._logdir)
-            res = self._dbus_cmd.returncode
-            if res:
-                print("Failed calling dbus-monitor: returned exit status %d" % res)
-                sys.exit(1)
-    def __exit__(self, type, value, traceback):
-        if self._tracing:
-            self._trace_cmd.stdin.write(b'DONE\n')
-            self._trace_cmd.stdin.flush()
-            self._trace_cmd.wait()
-        if self._dmesg:
-            output = os.path.join(self._logdir, '%s.dmesg' % (self._testname, ))
-            num = 0
-            while os.path.exists(output):
-                output = os.path.join(self._logdir, '%s.dmesg-%d' % (self._testname, num))
-                num += 1
-            subprocess.call(['dmesg', '-c'], stdout=open(output, 'w'))
-
-def rename_log(logdir, basename, testname, dev):
-    try:
-        import getpass
-        srcname = os.path.join(logdir, basename)
-        dstname = os.path.join(logdir, testname + '.' + basename)
-        num = 0
-        while os.path.exists(dstname):
-            dstname = os.path.join(logdir,
-                                   testname + '.' + basename + '-' + str(num))
-            num = num + 1
-        os.rename(srcname, dstname)
-        if dev:
-            dev.relog()
-            subprocess.call(['chown', '-f', getpass.getuser(), srcname])
-    except Exception as e:
-        logger.info("Failed to rename log files")
-        logger.info(e)
-
-def is_long_duration_test(t):
-    return hasattr(t, "long_duration_test") and t.long_duration_test
-
-def get_test_description(t):
-    if t.__doc__ is None:
-        desc = "MISSING DESCRIPTION"
-    else:
-        desc = t.__doc__
-    if is_long_duration_test(t):
-        desc += " [long]"
-    return desc
-
-def main():
-    tests = []
-    test_modules = []
-    files = os.listdir(scriptsdir)
-    for t in files:
-        m = re.match(r'(test_.*)\.py$', t)
-        if m:
-            logger.debug("Import test cases from " + t)
-            mod = __import__(m.group(1))
-            test_modules.append(mod.__name__.replace('test_', '', 1))
-            for key, val in mod.__dict__.items():
-                if key.startswith("test_"):
-                    tests.append(val)
-    test_names = list(set([t.__name__.replace('test_', '', 1) for t in tests]))
-
-    run = None
-
-    parser = argparse.ArgumentParser(description='hwsim test runner')
-    parser.add_argument('--logdir', metavar='<directory>',
-                        help='log output directory for all other options, ' +
-                             'must be given if other log options are used')
-    group = parser.add_mutually_exclusive_group()
-    group.add_argument('-d', const=logging.DEBUG, action='store_const',
-                       dest='loglevel', default=logging.INFO,
-                       help="verbose debug output")
-    group.add_argument('-q', const=logging.WARNING, action='store_const',
-                       dest='loglevel', help="be quiet")
-
-    parser.add_argument('-S', metavar='<sqlite3 db>', dest='database',
-                        help='database to write results to')
-    parser.add_argument('--prefill-tests', action='store_true', dest='prefill',
-                        help='prefill test database with NOTRUN before all tests')
-    parser.add_argument('--commit', metavar='<commit id>',
-                        help='commit ID, only for database')
-    parser.add_argument('-b', metavar='<build>', dest='build', help='build ID')
-    parser.add_argument('-L', action='store_true', dest='update_tests_db',
-                        help='List tests (and update descriptions in DB)')
-    parser.add_argument('-T', action='store_true', dest='tracing',
-                        help='collect tracing per test case (in log directory)')
-    parser.add_argument('-D', action='store_true', dest='dmesg',
-                        help='collect dmesg per test case (in log directory)')
-    parser.add_argument('--dbus', action='store_true', dest='dbus',
-                        help='collect dbus per test case (in log directory)')
-    parser.add_argument('--shuffle-tests', action='store_true',
-                        dest='shuffle_tests',
-                        help='Shuffle test cases to randomize order')
-    parser.add_argument('--split', help='split tests for parallel execution (<server number>/<total servers>)')
-    parser.add_argument('--no-reset', action='store_true', dest='no_reset',
-                        help='Do not reset devices at the end of the test')
-    parser.add_argument('--long', action='store_true',
-                        help='Include test cases that take long time')
-    parser.add_argument('-f', dest='testmodules', metavar='<test module>',
-                        help='execute only tests from these test modules',
-                        type=str, choices=[[]] + test_modules, nargs='+')
-    parser.add_argument('-l', metavar='<modules file>', dest='mfile',
-                        help='test modules file name')
-    parser.add_argument('-i', action='store_true', dest='stdin_ctrl',
-                        help='stdin-controlled test case execution')
-    parser.add_argument('tests', metavar='<test>', nargs='*', type=str,
-                        help='tests to run (only valid without -f)')
-
-    args = parser.parse_args()
-
-    if (args.tests and args.testmodules) or (args.tests and args.mfile) or (args.testmodules and args.mfile):
-        print('Invalid arguments - only one of (test, test modules, modules file) can be given.')
-        sys.exit(2)
-
-    if args.tests:
-        fail = False
-        for t in args.tests:
-            if t.endswith('*'):
-                prefix = t.rstrip('*')
-                found = False
-                for tn in test_names:
-                    if tn.startswith(prefix):
-                        found = True
-                        break
-                if not found:
-                    print('Invalid arguments - test "%s" wildcard did not match' % t)
-                    fail = True
-            elif t not in test_names:
-                print('Invalid arguments - test "%s" not known' % t)
-                fail = True
-        if fail:
-            sys.exit(2)
-
-    if args.database:
-        if not sqlite3_imported:
-            print("No sqlite3 module found")
-            sys.exit(2)
-        conn = sqlite3.connect(args.database)
-        conn.execute('CREATE TABLE IF NOT EXISTS results (test,result,run,time,duration,build,commitid)')
-        conn.execute('CREATE TABLE IF NOT EXISTS tests (test,description)')
-        conn.execute('CREATE TABLE IF NOT EXISTS logs (test,run,type,contents)')
-    else:
-        conn = None
-
-    if conn:
-        run = int(time.time())
-
-    # read the modules from the modules file
-    if args.mfile:
-        args.testmodules = []
-        with open(args.mfile) as f:
-            for line in f.readlines():
-                line = line.strip()
-                if not line or line.startswith('#'):
-                    continue
-                args.testmodules.append(line)
-
-    tests_to_run = []
-    if args.tests:
-        for selected in args.tests:
-            for t in tests:
-                name = t.__name__.replace('test_', '', 1)
-                if selected.endswith('*'):
-                    prefix = selected.rstrip('*')
-                    if name.startswith(prefix):
-                        tests_to_run.append(t)
-                elif name == selected:
-                    tests_to_run.append(t)
-    else:
-        for t in tests:
-            name = t.__name__.replace('test_', '', 1)
-            if args.testmodules:
-                if t.__module__.replace('test_', '', 1) not in args.testmodules:
-                    continue
-            tests_to_run.append(t)
-
-    if args.update_tests_db:
-        for t in tests_to_run:
-            name = t.__name__.replace('test_', '', 1)
-            print(name + " - " + get_test_description(t))
-            if conn:
-                sql = 'INSERT OR REPLACE INTO tests(test,description) VALUES (?, ?)'
-                params = (name, get_test_description(t))
-                try:
-                    conn.execute(sql, params)
-                except Exception as e:
-                    print("sqlite: " + str(e))
-                    print("sql: %r" % (params,))
-        if conn:
-            conn.commit()
-            conn.close()
-        sys.exit(0)
-
-    if not args.logdir:
-        if os.path.exists('logs/current'):
-            args.logdir = 'logs/current'
-        else:
-            args.logdir = 'logs'
-
-    # Write debug level log to a file and configurable verbosity to stdout
-    logger.setLevel(logging.DEBUG)
-
-    stdout_handler = logging.StreamHandler()
-    stdout_handler.setLevel(args.loglevel)
-    logger.addHandler(stdout_handler)
-
-    file_name = os.path.join(args.logdir, 'run-tests.log')
-    log_handler = logging.FileHandler(file_name, encoding='utf-8')
-    log_handler.setLevel(logging.DEBUG)
-    fmt = "%(asctime)s %(levelname)s %(message)s"
-    log_formatter = logging.Formatter(fmt)
-    log_handler.setFormatter(log_formatter)
-    logger.addHandler(log_handler)
-
-    dev0 = WpaSupplicant('wlan0', '/tmp/wpas-wlan0')
-    dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-    dev2 = WpaSupplicant('wlan2', '/tmp/wpas-wlan2')
-    dev = [dev0, dev1, dev2]
-    apdev = []
-    apdev.append({"ifname": 'wlan3', "bssid": "02:00:00:00:03:00"})
-    apdev.append({"ifname": 'wlan4', "bssid": "02:00:00:00:04:00"})
-
-    for d in dev:
-        if not d.ping():
-            logger.info(d.ifname + ": No response from wpa_supplicant")
-            return
-        logger.info("DEV: " + d.ifname + ": " + d.p2p_dev_addr())
-    for ap in apdev:
-        logger.info("APDEV: " + ap['ifname'])
-
-    passed = []
-    skipped = []
-    failed = []
-
-    # make sure nothing is left over from previous runs
-    # (if there were any other manual runs or we crashed)
-    if not reset_devs(dev, apdev):
-        if conn:
-            conn.close()
-            conn = None
-        sys.exit(1)
-
-    if args.dmesg:
-        subprocess.call(['dmesg', '-c'], stdout=open('/dev/null', 'w'))
-
-    if conn and args.prefill:
-        for t in tests_to_run:
-            name = t.__name__.replace('test_', '', 1)
-            report(conn, False, args.build, args.commit, run, name, 'NOTRUN', 0,
-                   args.logdir, sql_commit=False)
-        conn.commit()
-
-    if args.split:
-        vals = args.split.split('/')
-        split_server = int(vals[0])
-        split_total = int(vals[1])
-        logger.info("Parallel execution - %d/%d" % (split_server, split_total))
-        split_server -= 1
-        tests_to_run.sort(key=lambda t: t.__name__)
-        tests_to_run = [x for i, x in enumerate(tests_to_run) if i % split_total == split_server]
-
-    if args.shuffle_tests:
-        from random import shuffle
-        shuffle(tests_to_run)
-
-    count = 0
-    if args.stdin_ctrl:
-        print("READY")
-        sys.stdout.flush()
-        num_tests = 0
-    else:
-        num_tests = len(tests_to_run)
-    if args.stdin_ctrl:
-        set_term_echo(sys.stdin.fileno(), False)
-
-    check_country_00 = True
-    for d in dev:
-        if d.get_driver_status_field("country") != "00":
-            check_country_00 = False
-
-    while True:
-        if args.stdin_ctrl:
-            test = sys.stdin.readline()
-            if not test:
-                break
-            test = test.splitlines()[0]
-            if test == '':
-                break
-            t = None
-            for tt in tests:
-                name = tt.__name__.replace('test_', '', 1)
-                if name == test:
-                    t = tt
-                    break
-            if not t:
-                print("NOT-FOUND")
-                sys.stdout.flush()
-                continue
-        else:
-            if len(tests_to_run) == 0:
-                break
-            t = tests_to_run.pop(0)
-
-        if dev[0].get_driver_status_field("country") == "98":
-            # Work around cfg80211 regulatory issues in clearing intersected
-            # country code 98. Need to make station disconnect without any
-            # other wiphy being active in the system.
-            logger.info("country=98 workaround - try to clear state")
-            id = dev[1].add_network()
-            dev[1].set_network(id, "mode", "2")
-            dev[1].set_network_quoted(id, "ssid", "country98")
-            dev[1].set_network(id, "key_mgmt", "NONE")
-            dev[1].set_network(id, "frequency", "2412")
-            dev[1].set_network(id, "scan_freq", "2412")
-            dev[1].select_network(id)
-            ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"])
-            if ev:
-                dev[0].connect("country98", key_mgmt="NONE", scan_freq="2412")
-                dev[1].request("DISCONNECT")
-                dev[0].wait_disconnected()
-                dev[0].disconnect_and_stop_scan()
-            dev[0].reset()
-            dev[1].reset()
-            dev[0].dump_monitor()
-            dev[1].dump_monitor()
-
-        name = t.__name__.replace('test_', '', 1)
-        open('/dev/kmsg', 'w').write('running hwsim test case %s\n' % name)
-        if log_handler:
-            log_handler.stream.close()
-            logger.removeHandler(log_handler)
-            file_name = os.path.join(args.logdir, name + '.log')
-            log_handler = logging.FileHandler(file_name, encoding='utf-8')
-            log_handler.setLevel(logging.DEBUG)
-            log_handler.setFormatter(log_formatter)
-            logger.addHandler(log_handler)
-
-        reset_ok = True
-        with DataCollector(args.logdir, name, args):
-            count = count + 1
-            msg = "START {} {}/{}".format(name, count, num_tests)
-            logger.info(msg)
-            if args.loglevel == logging.WARNING:
-                print(msg)
-                sys.stdout.flush()
-            if t.__doc__:
-                logger.info("Test: " + t.__doc__)
-            start = datetime.now()
-            open('/dev/kmsg', 'w').write('TEST-START %s @%.6f\n' % (name, time.time()))
-            for d in dev:
-                try:
-                    d.dump_monitor()
-                    if not d.ping():
-                        raise Exception("PING failed for {}".format(d.ifname))
-                    if not d.global_ping():
-                        raise Exception("Global PING failed for {}".format(d.ifname))
-                    d.request("NOTE TEST-START " + name)
-                except Exception as e:
-                    logger.info("Failed to issue TEST-START before " + name + " for " + d.ifname)
-                    logger.info(e)
-                    print("FAIL " + name + " - could not start test")
-                    if conn:
-                        conn.close()
-                        conn = None
-                    if args.stdin_ctrl:
-                        set_term_echo(sys.stdin.fileno(), True)
-                    sys.exit(1)
-            skip_reason = None
-            try:
-                if is_long_duration_test(t) and not args.long:
-                    raise HwsimSkip("Skip test case with long duration due to --long not specified")
-                if t.__code__.co_argcount > 2:
-                    params = {}
-                    params['logdir'] = args.logdir
-                    params['name'] = name
-                    params['prefix'] = os.path.join(args.logdir, name)
-                    t(dev, apdev, params)
-                elif t.__code__.co_argcount > 1:
-                    t(dev, apdev)
-                else:
-                    t(dev)
-                result = "PASS"
-                if check_country_00:
-                    for d in dev:
-                        country = d.get_driver_status_field("country")
-                        if country is None:
-                            logger.info(d.ifname + ": Could not fetch country code after the test case run")
-                        elif country != "00":
-                            d.dump_monitor()
-                            logger.info(d.ifname + ": Country code not reset back to 00: is " + country)
-                            print(d.ifname + ": Country code not reset back to 00: is " + country)
-                            result = "FAIL"
-
-                            # Try to wait for cfg80211 regulatory state to
-                            # clear.
-                            d.cmd_execute(['iw', 'reg', 'set', '00'])
-                            for i in range(5):
-                                time.sleep(1)
-                                country = d.get_driver_status_field("country")
-                                if country == "00":
-                                    break
-                            if country == "00":
-                                print(d.ifname + ": Country code cleared back to 00")
-                                logger.info(d.ifname + ": Country code cleared back to 00")
-                            else:
-                                print("Country code remains set - expect following test cases to fail")
-                                logger.info("Country code remains set - expect following test cases to fail")
-                            break
-            except HwsimSkip as e:
-                logger.info("Skip test case: %s" % e)
-                skip_reason = e
-                result = "SKIP"
-            except NameError as e:
-                import traceback
-                logger.info(e)
-                traceback.print_exc()
-                result = "FAIL"
-            except Exception as e:
-                import traceback
-                logger.info(e)
-                traceback.print_exc()
-                if args.loglevel == logging.WARNING:
-                    print("Exception: " + str(e))
-                result = "FAIL"
-            open('/dev/kmsg', 'w').write('TEST-STOP %s @%.6f\n' % (name, time.time()))
-            for d in dev:
-                try:
-                    d.dump_monitor()
-                    d.request("NOTE TEST-STOP " + name)
-                except Exception as e:
-                    logger.info("Failed to issue TEST-STOP after {} for {}".format(name, d.ifname))
-                    logger.info(e)
-                    result = "FAIL"
-            if args.no_reset:
-                print("Leaving devices in current state")
-            else:
-                reset_ok = reset_devs(dev, apdev)
-            wpas = None
-            try:
-                wpas = WpaSupplicant(global_iface="/tmp/wpas-wlan5",
-                                     monitor=False)
-                rename_log(args.logdir, 'log5', name, wpas)
-                if not args.no_reset:
-                    wpas.remove_ifname()
-            except Exception as e:
-                pass
-            if wpas:
-                wpas.close_ctrl()
-                del wpas
-
-            for i in range(0, 3):
-                rename_log(args.logdir, 'log' + str(i), name, dev[i])
-            try:
-                hapd = HostapdGlobal()
-            except Exception as e:
-                print("Failed to connect to hostapd interface")
-                print(str(e))
-                reset_ok = False
-                result = "FAIL"
-                hapd = None
-            rename_log(args.logdir, 'hostapd', name, hapd)
-            if hapd:
-                del hapd
-                hapd = None
-
-            # Use None here since this instance of Wlantest() will never be
-            # used for remote host hwsim tests on real hardware.
-            Wlantest.setup(None)
-            wt = Wlantest()
-            rename_log(args.logdir, 'hwsim0.pcapng', name, wt)
-            rename_log(args.logdir, 'hwsim0', name, wt)
-            if os.path.exists(os.path.join(args.logdir, 'fst-wpa_supplicant')):
-                rename_log(args.logdir, 'fst-wpa_supplicant', name, None)
-            if os.path.exists(os.path.join(args.logdir, 'fst-hostapd')):
-                rename_log(args.logdir, 'fst-hostapd', name, None)
-            if os.path.exists(os.path.join(args.logdir, 'wmediumd.log')):
-                rename_log(args.logdir, 'wmediumd.log', name, None)
-
-        end = datetime.now()
-        diff = end - start
-
-        if result == 'PASS' and args.dmesg:
-            if not check_kernel(os.path.join(args.logdir, name + '.dmesg')):
-                logger.info("Kernel issue found in dmesg - mark test failed")
-                result = 'FAIL'
-
-        if result == 'PASS':
-            passed.append(name)
-        elif result == 'SKIP':
-            skipped.append(name)
-        else:
-            failed.append(name)
-
-        report(conn, args.prefill, args.build, args.commit, run, name, result,
-               diff.total_seconds(), args.logdir)
-        result = "{} {} {} {}".format(result, name, diff.total_seconds(), end)
-        logger.info(result)
-        if args.loglevel == logging.WARNING:
-            print(result)
-            if skip_reason:
-                print("REASON", skip_reason)
-            sys.stdout.flush()
-
-        if not reset_ok:
-            print("Terminating early due to device reset failure")
-            break
-    if args.stdin_ctrl:
-        set_term_echo(sys.stdin.fileno(), True)
-
-    if log_handler:
-        log_handler.stream.close()
-        logger.removeHandler(log_handler)
-        file_name = os.path.join(args.logdir, 'run-tests.log')
-        log_handler = logging.FileHandler(file_name, encoding='utf-8')
-        log_handler.setLevel(logging.DEBUG)
-        log_handler.setFormatter(log_formatter)
-        logger.addHandler(log_handler)
-
-    if conn:
-        conn.close()
-
-    if len(failed):
-        logger.info("passed {} test case(s)".format(len(passed)))
-        logger.info("skipped {} test case(s)".format(len(skipped)))
-        logger.info("failed tests: " + ' '.join(failed))
-        if args.loglevel == logging.WARNING:
-            print("failed tests: " + ' '.join(failed))
-        sys.exit(1)
-    logger.info("passed all {} test case(s)".format(len(passed)))
-    if len(skipped):
-        logger.info("skipped {} test case(s)".format(len(skipped)))
-    if args.loglevel == logging.WARNING:
-        print("passed all {} test case(s)".format(len(passed)))
-        if len(skipped):
-            print("skipped {} test case(s)".format(len(skipped)))
-
-if __name__ == "__main__":
-    main()
diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh
deleted file mode 100755
index ac43d10afad8..000000000000
--- a/tests/hwsim/start.sh
+++ /dev/null
@@ -1,213 +0,0 @@
-#!/bin/sh
-
-DIR="$( cd "$( dirname "$0" )" && pwd )"
-WPAS=$DIR/../../wpa_supplicant/wpa_supplicant
-WPACLI=$DIR/../../wpa_supplicant/wpa_cli
-HAPD=$DIR/../../hostapd/hostapd
-HAPD_AS=$DIR/../../hostapd/hostapd
-HAPDCLI=$DIR/../../hostapd/hostapd_cli
-WLANTEST=$DIR/../../wlantest/wlantest
-HLR_AUC_GW=$DIR/../../hostapd/hlr_auc_gw
-
-if [ -z "$LOGDIR" ] ; then
-    DATE="$(date +%s)"
-    LOGDIR="$DIR/logs/$DATE"
-    mkdir -p $LOGDIR
-else
-    if [ -e $LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_supplicant ]; then
-	WPAS=$LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_supplicant
-	WPACLI=$LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_cli
-	# extra code coverage
-	$WPAS > /dev/null 2>&1
-	$WPAS -efoo -Ifoo -mfoo -ofoo -Ofoo -pfoo -Pfoo -h > /dev/null 2>&1
-	$WPAS -bfoo -B -Cfoo -q -W -N -L > /dev/null 2>&1
-	$WPAS -T -v > /dev/null 2>&1
-	$WPAS -u -z > /dev/null 2>&1
-    fi
-    if [ -e $LOGDIR/alt-hostapd/hostapd/hostapd ]; then
-	HAPD=$LOGDIR/alt-hostapd/hostapd/hostapd
-	HAPDCLI=$LOGDIR/alt-hostapd/hostapd/hostapd_cli
-	# extra code coverage
-	$HAPD > /dev/null 2>&1
-	$HAPD -v > /dev/null 2>&1
-	$HAPD -B -efoo -Pfoo -T -bfoo -h > /dev/null 2>&1
-	$HAPD -ufoo > /dev/null 2>&1
-	$HAPD -u00:11:22:33:44:55 > /dev/null 2>&1
-	$HAPD -gfoo > /dev/null 2>&1
-	$HAPD -Gfoo-not-exists > /dev/null 2>&1
-	$HAPD -z > /dev/null 2>&1
-	$HAPD -i foo1,foo2,foo3 > /dev/null 2>&1
-    fi
-    if [ -e $LOGDIR/alt-hostapd-as/hostapd/hostapd ]; then
-	HAPD_AS=$LOGDIR/alt-hostapd-as/hostapd/hostapd
-    fi
-    if [ -e $LOGDIR/alt-hlr_auc_gw/hostapd/hlr_auc_gw ]; then
-	HLR_AUC_GW=$LOGDIR/alt-hlr_auc_gw/hostapd/hlr_auc_gw
-	# extra code coverage
-	$HLR_AUC_GW > /dev/null 2>&1
-	$HLR_AUC_GW -Dfoo -i7 -sfoo -h > /dev/null 2>&1
-	$HLR_AUC_GW -i100 > /dev/null 2>&1
-	$HLR_AUC_GW -z > /dev/null 2>&1
-    fi
-fi
-
-LOGBASEDIR="$( cd "$(dirname "$LOGDIR")" && pwd )"
-if test "$LOGBASEDIR" = "$DIR/logs" -a -w "$LOGBASEDIR" ; then
-    rm -rf "$LOGBASEDIR/current"
-    ln -sf "$(basename "$LOGDIR")" "$LOGBASEDIR/current"
-fi
-
-if groups | tr ' ' "\n" | grep -q ^admin$; then
-    GROUP=admin
-elif groups | tr ' ' "\n" | grep -q ^wheel$; then
-    GROUP=wheel
-else
-    GROUP=adm
-fi
-
-for i in 0 1 2; do
-    sed "s/ GROUP=.*$/ GROUP=$GROUP/" "$DIR/p2p$i.conf" > "$LOGDIR/p2p$i.conf"
-done
-
-sed "s/group=admin/group=$GROUP/;s%LOGDIR%$LOGDIR%g" "$DIR/auth_serv/as.conf" > "$LOGDIR/as.conf"
-sed "s/group=admin/group=$GROUP/;s%LOGDIR%$LOGDIR%g" "$DIR/auth_serv/as2.conf" > "$LOGDIR/as2.conf"
-
-unset VM
-if [ "$1" = "VM" ]; then
-    VM="y"
-    shift
-fi
-
-if [ "$1" = "valgrind" ]; then
-    VALGRIND=y
-    VALGRIND_WPAS="valgrind --log-file=$LOGDIR/valgrind-wlan%d --leak-check=full"
-    VALGRIND_HAPD="valgrind --log-file=$LOGDIR/valgrind-hostapd --leak-check=full"
-    chmod -f a+rx $WPAS
-    chmod -f a+rx $HAPD
-    chmod -f a+rx $HAPD_AS
-    HAPD_AS="valgrind --log-file=$LOGDIR/valgrind-auth-serv --leak-check=full $HAPD_AS"
-    shift
-else
-    unset VALGRIND
-    VALGRIND_WPAS=
-    VALGRIND_HAPD=
-fi
-
-if [ "$1" = "trace" ]; then
-    TRACE="T"
-    shift
-else
-    TRACE=""
-fi
-
-$DIR/stop.sh
-
-TMP=$1
-if [ x${TMP%=[0-9]*} = "xchannels" ]; then
-	NUM_CH=${TMP#channels=}
-	shift
-else
-	NUM_CH=1
-fi
-
-test -d /sys/module/mac80211_hwsim || sudo modprobe mac80211_hwsim radios=7 channels=$NUM_CH support_p2p_device=0 dyndbg=+p
-
-sudo ifconfig hwsim0 up
-sudo $WLANTEST -i hwsim0 -n $LOGDIR/hwsim0.pcapng -c -dtN -L $LOGDIR/hwsim0 &
-for i in 0 1 2; do
-    DBUSARG=""
-    if [ $i = "0" ] && ([ -r /var/run/dbus/pid ] || [ -r /var/run/dbus/system_bus_socket ]); then
-	if $WPAS | grep -q -- -u; then
-	    DBUSARG="-u"
-	fi
-    fi
-    sudo $(printf -- "$VALGRIND_WPAS" $i) $WPAS -g /tmp/wpas-wlan$i -G$GROUP -Dnl80211 -iwlan$i -c $LOGDIR/p2p$i.conf \
-         -ddKt$TRACE -f $LOGDIR/log$i $DBUSARG &
-done
-sudo $(printf -- "$VALGRIND_WPAS" 5) $WPAS -g /tmp/wpas-wlan5 -G$GROUP \
-    -ddKt$TRACE -f $LOGDIR/log5 &
-sudo $VALGRIND_HAPD $HAPD -ddKt$TRACE -g /var/run/hostapd-global -G $GROUP -f $LOGDIR/hostapd &
-HPID=$!
-
-if [ -z "$VM" ]; then
-    # Sleep a bit, otherwise pgrep may run before the child is forked
-    sleep 0.1
-    pgrep -P $HPID > $LOGDIR/hostapd-test.pid
-else
-    echo $HPID > $LOGDIR/hostapd-test.pid
-fi
-
-if [ -x $HLR_AUC_GW ]; then
-    cp $DIR/auth_serv/hlr_auc_gw.milenage_db $LOGDIR/hlr_auc_gw.milenage_db
-    sudo $HLR_AUC_GW -u -m $LOGDIR/hlr_auc_gw.milenage_db -g $DIR/auth_serv/hlr_auc_gw.gsm > $LOGDIR/hlr_auc_gw &
-fi
-
-openssl ocsp -index $DIR/auth_serv/index.txt \
-    -rsigner $DIR/auth_serv/ocsp-responder.pem \
-    -rkey $DIR/auth_serv/ocsp-responder.key \
-    -CA $DIR/auth_serv/ca.pem \
-    -issuer $DIR/auth_serv/ca.pem \
-    -verify_other $DIR/auth_serv/ca.pem -trust_other \
-    -ndays 7 \
-    -reqin $DIR/auth_serv/ocsp-req.der \
-    -respout $LOGDIR/ocsp-server-cache.der > $LOGDIR/ocsp.log 2>&1
-if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
-    cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
-fi
-
-touch $LOGDIR/hostapd.db
-sudo $HAPD_AS -ddKt $LOGDIR/as.conf $LOGDIR/as2.conf > $LOGDIR/auth_serv &
-
-# wait for programs to be fully initialized
-for i in 0 1 2 3 4 5 6 7 8 9; do
-    if [ -e /tmp/wpas-wlan0 ]; then
-	break
-    fi
-    sleep 0.05
-done
-for i in 0 1 2; do
-    for j in `seq 1 10`; do
-	if $WPACLI -g /tmp/wpas-wlan$i ping | grep -q PONG; then
-	    break
-	fi
-	if [ $j = "10" ]; then
-	    echo "Could not connect to /tmp/wpas-wlan$i"
-	    exit 1
-	fi
-	sleep 1
-    done
-done
-
-for j in `seq 1 10`; do
-    if $WPACLI -g /var/run/hostapd-global ping | grep -q PONG; then
-	break
-    fi
-    if [ $j = "10" ]; then
-	echo "Could not connect to /var/run/hostapd-global"
-	exit 1
-    fi
-    sleep 1
-done
-
-for j in `seq 1 10`; do
-    if $HAPDCLI -i as ping | grep -q PONG; then
-	break
-    fi
-    if [ $j = "10" ]; then
-	echo "Could not connect to hostapd-as-RADIUS-server"
-	exit 1
-    fi
-    sleep 1
-done
-
-if [ $USER = "0" -o $USER = "root" ]; then
-    exit 0
-fi
-
-sleep 0.75
-sudo chown -f $USER $LOGDIR/hwsim0.pcapng $LOGDIR/hwsim0 $LOGDIR/log* $LOGDIR/hostapd
-if [ "x$VALGRIND" = "xy" ]; then
-    sudo chown -f $USER $LOGDIR/*valgrind*
-fi
-
-exit 0
diff --git a/tests/hwsim/stop.sh b/tests/hwsim/stop.sh
deleted file mode 100755
index 5d23b5bd68bf..000000000000
--- a/tests/hwsim/stop.sh
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/bin/sh
-
-if pidof wpa_supplicant hostapd valgrind.bin hlr_auc_gw > /dev/null; then
-    RUNNING=yes
-else
-    RUNNING=no
-fi
-
-sudo killall -q hostapd
-sudo killall -q wpa_supplicant
-for i in `pidof valgrind.bin`; do
-    if ps $i | grep -q -E "wpa_supplicant|hostapd"; then
-	sudo kill $i
-    fi
-done
-sudo killall -q wlantest
-if grep -q hwsim0 /proc/net/dev; then
-    sudo ifconfig hwsim0 down
-fi
-
-sudo killall -q hlr_auc_gw
-
-if [ "$RUNNING" = "yes" ]; then
-    # give some time for hostapd and wpa_supplicant to complete deinit
-    for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
-	if ! pidof wpa_supplicant hostapd valgrind.bin hlr_auc_gw > /dev/null; then
-	    break
-	fi
-	if [ $i -gt 10 ]; then
-	    echo "Waiting for processes to exit (1)"
-	    sleep 1
-	else
-	    sleep 0.06
-	fi
-    done
-fi
-
-if pidof wpa_supplicant hostapd hlr_auc_gw > /dev/null; then
-    echo "wpa_supplicant/hostapd/hlr_auc_gw did not exit - try to force them to die"
-    sudo killall -9 -q hostapd
-    sudo killall -9 -q wpa_supplicant
-    sudo killall -9 -q hlr_auc_gw
-    for i in `seq 1 5`; do
-	if pidof wpa_supplicant hostapd hlr_auc_gw > /dev/null; then
-	    echo "Waiting for processes to exit (2)"
-	    sleep 1
-	else
-	    break
-	fi
-    done
-fi
-
-for i in `pidof valgrind.bin`; do
-    if ps $i | grep -q -E "wpa_supplicant|hostapd"; then
-	echo "wpa_supplicant/hostapd(valgrind) did not exit - try to force it to die"
-	sudo kill -9 $i
-    fi
-done
-
-count=0
-for i in /tmp/wpas-wlan0 /tmp/wpas-wlan1 /tmp/wpas-wlan2 /tmp/wpas-wlan5 /var/run/hostapd-global /tmp/hlr_auc_gw.sock /tmp/wpa_ctrl_* /tmp/eap_sim_db_*; do
-    count=$(($count + 1))
-    if [ $count -lt 7 -a -e $i ]; then
-	echo "Waiting for ctrl_iface $i to disappear"
-	sleep 1
-    fi
-    if [ -e $i ]; then
-	echo "Control interface file $i exists - remove it"
-	sudo rm $i
-    fi
-done
-
-if grep -q mac80211_hwsim /proc/modules 2>/dev/null ; then
-    sudo rmmod mac80211_hwsim
-    sudo rmmod mac80211
-    sudo rmmod cfg80211
-    # wait at the end to avoid issues starting something new immediately after
-    # this script returns
-    sleep 1
-fi
diff --git a/tests/hwsim/test_ap_acs.py b/tests/hwsim/test_ap_acs.py
deleted file mode 100644
index 8fc5ec4f3a69..000000000000
--- a/tests/hwsim/test_ap_acs.py
+++ /dev/null
@@ -1,688 +0,0 @@
-# Test cases for automatic channel selection with hostapd
-# Copyright (c) 2013-2018, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import time
-
-import hostapd
-from utils import *
-from test_dfs import wait_dfs_event
-
-def force_prev_ap_on_24g(ap):
-    # For now, make sure the last operating channel was on 2.4 GHz band to get
-    # sufficient survey data from mac80211_hwsim.
-    hostapd.add_ap(ap, {"ssid": "open"})
-    time.sleep(0.1)
-    hostapd.remove_bss(ap)
-
-def force_prev_ap_on_5g(ap):
-    # For now, make sure the last operating channel was on 5 GHz band to get
-    # sufficient survey data from mac80211_hwsim.
-    hostapd.add_ap(ap, {"ssid": "open", "hw_mode": "a",
-                        "channel": "36", "country_code": "US"})
-    time.sleep(0.1)
-    hostapd.remove_bss(ap)
-
-def wait_acs(hapd, return_after_acs=False):
-    ev = hapd.wait_event(["ACS-STARTED", "ACS-COMPLETED", "ACS-FAILED",
-                          "AP-ENABLED", "AP-DISABLED"], timeout=5)
-    if not ev:
-        raise Exception("ACS start timed out")
-    if "ACS-STARTED" not in ev:
-        raise Exception("Unexpected ACS event: " + ev)
-
-    state = hapd.get_status_field("state")
-    if state != "ACS":
-        raise Exception("Unexpected interface state %s (expected ACS)" % state)
-
-    ev = hapd.wait_event(["ACS-COMPLETED", "ACS-FAILED", "AP-ENABLED",
-                          "AP-DISABLED"], timeout=20)
-    if not ev:
-        raise Exception("ACS timed out")
-    if "ACS-COMPLETED" not in ev:
-        raise Exception("Unexpected ACS event: " + ev)
-
-    if return_after_acs:
-        return
-
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=5)
-    if not ev:
-        raise Exception("AP setup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("Unexpected ACS event: " + ev)
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state %s (expected ENABLED)" % state)
-
-def test_ap_acs(dev, apdev):
-    """Automatic channel selection"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_chanlist(dev, apdev):
-    """Automatic channel selection with chanlist set"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['chanlist'] = '1 6 11'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_freqlist(dev, apdev):
-    """Automatic channel selection with freqlist set"""
-    run_ap_acs_freqlist(dev, apdev, [2412, 2437, 2462])
-
-def test_ap_acs_freqlist2(dev, apdev):
-    """Automatic channel selection with freqlist set"""
-    run_ap_acs_freqlist(dev, apdev, [2417, 2432, 2457])
-
-def run_ap_acs_freqlist(dev, apdev, freqlist):
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['freqlist'] = ','.join([str(x) for x in freqlist])
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = int(hapd.get_status_field("freq"))
-    if freq not in freqlist:
-        raise Exception("Unexpected frequency: %d" % freq)
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=str(freq))
-
-def test_ap_acs_invalid_chanlist(dev, apdev):
-    """Automatic channel selection with invalid chanlist"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['chanlist'] = '15-18'
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    res = hapd.request("ENABLE")
-    if "OK" in res:
-        raise Exception("ENABLE command succeeded unexpectedly")
-
-def test_ap_multi_bss_acs(dev, apdev):
-    """hostapd start with a multi-BSS configuration file using ACS"""
-    skip_with_fips(dev[0])
-    check_sae_capab(dev[2])
-    force_prev_ap_on_24g(apdev[0])
-
-    # start the actual test
-    hapd = hostapd.add_iface(apdev[0], 'multi-bss-acs.conf')
-    hapd.enable()
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("bss-1", key_mgmt="NONE", scan_freq=freq)
-    dev[1].connect("bss-2", psk="12345678", scan_freq=freq)
-    dev[2].set("sae_groups", "")
-    dev[2].connect("bss-3", key_mgmt="SAE", psk="qwertyuiop", scan_freq=freq)
-
-def test_ap_acs_40mhz(dev, apdev):
-    """Automatic channel selection for 40 MHz channel"""
-    run_ap_acs_40mhz(dev, apdev, '[HT40+]')
-
-def test_ap_acs_40mhz_plus_or_minus(dev, apdev):
-    """Automatic channel selection for 40 MHz channel (plus or minus)"""
-    run_ap_acs_40mhz(dev, apdev, '[HT40+][HT40-]')
-
-def run_ap_acs_40mhz(dev, apdev, ht_capab):
-    clear_scan_cache(apdev[0])
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['ht_capab'] = ht_capab
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-    sec = hapd.get_status_field("secondary_channel")
-    if int(sec) == 0:
-        raise Exception("Secondary channel not set")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_40mhz_minus(dev, apdev):
-    """Automatic channel selection for HT40- channel"""
-    clear_scan_cache(apdev[0])
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['ht_capab'] = '[HT40-]'
-    params['acs_num_scans'] = '1'
-    params['chanlist'] = '1 11'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-    if not ev:
-        raise Exception("ACS start timed out")
-    # HT40- is not currently supported in hostapd ACS, so do not try to connect
-    # or verify that this operation succeeded.
-
-def test_ap_acs_5ghz(dev, apdev):
-    """Automatic channel selection on 5 GHz"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['country_code'] = 'US'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd)
-        freq = hapd.get_status_field("freq")
-        if int(freq) < 5000:
-            raise Exception("Unexpected frequency")
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_5ghz_40mhz(dev, apdev):
-    """Automatic channel selection on 5 GHz for 40 MHz channel"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd)
-        freq = hapd.get_status_field("freq")
-        if int(freq) < 5000:
-            raise Exception("Unexpected frequency")
-
-        sec = hapd.get_status_field("secondary_channel")
-        if int(sec) == 0:
-            raise Exception("Secondary channel not set")
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_vht(dev, apdev):
-    """Automatic channel selection for VHT"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        params['ieee80211ac'] = '1'
-        params['vht_oper_chwidth'] = '1'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd)
-        freq = hapd.get_status_field("freq")
-        if int(freq) < 5000:
-            raise Exception("Unexpected frequency")
-
-        sec = hapd.get_status_field("secondary_channel")
-        if int(sec) == 0:
-            raise Exception("Secondary channel not set")
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_vht40(dev, apdev):
-    """Automatic channel selection for VHT40"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        params['ieee80211ac'] = '1'
-        params['vht_oper_chwidth'] = '0'
-        params['acs_num_scans'] = '1'
-        params['chanlist'] = '36 149'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd)
-        freq = hapd.get_status_field("freq")
-        if int(freq) < 5000:
-            raise Exception("Unexpected frequency")
-
-        sec = hapd.get_status_field("secondary_channel")
-        if int(sec) == 0:
-            raise Exception("Secondary channel not set")
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_vht80p80(dev, apdev):
-    """Automatic channel selection for VHT 80+80"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        params['ieee80211ac'] = '1'
-        params['vht_oper_chwidth'] = '3'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["ACS-COMPLETED"], timeout=20)
-        if ev is None:
-            raise Exception("ACS did not complete")
-        # ACS for 80+80 is not yet supported, so the AP setup itself will fail.
-        # Do not try to connection before this gets fully supported.
-        ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-        if ev is None:
-            raise Exception("AP enabled/disabled not reported")
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_vht160(dev, apdev):
-    """Automatic channel selection for VHT160"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'ZA'
-        params['ieee80211ac'] = '1'
-        params['vht_oper_chwidth'] = '2'
-        params['ieee80211d'] = '1'
-        params['ieee80211h'] = '1'
-        params['chanlist'] = '100'
-        params['acs_num_scans'] = '1'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-        if not ev:
-            raise Exception("ACS start timed out")
-        # VHT160 is not currently supported in hostapd ACS, so do not try to
-        # enforce successful AP start.
-        if "AP-ENABLED" in ev:
-            freq = hapd.get_status_field("freq")
-            if int(freq) < 5000:
-                raise Exception("Unexpected frequency")
-            dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-            dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_vht160_scan_disable(dev, apdev):
-    """Automatic channel selection for VHT160 and DISABLE during scan"""
-    force_prev_ap_on_5g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['hw_mode'] = 'a'
-    params['channel'] = '0'
-    params['ht_capab'] = '[HT40+]'
-    params['country_code'] = 'ZA'
-    params['ieee80211ac'] = '1'
-    params['vht_oper_chwidth'] = '2'
-    params["vht_oper_centr_freq_seg0_idx"] = "114"
-    params['ieee80211d'] = '1'
-    params['ieee80211h'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    time.sleep(3)
-    clear_regdom(hapd, dev)
-
-def test_ap_acs_bias(dev, apdev):
-    """Automatic channel selection with bias values"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['acs_chan_bias'] = '1:0.8 3:1.2 6:0.7 11:0.8'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_survey(dev, apdev):
-    """Automatic channel selection using acs_survey parameter"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = 'acs_survey'
-    params['acs_num_scans'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_errors(dev, apdev):
-    """Automatic channel selection failures"""
-    clear_scan_cache(apdev[0])
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['acs_num_scans'] = '2'
-    params['chanlist'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-
-    with alloc_fail(hapd, 1, "acs_request_scan"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected success for ENABLE")
-
-    hapd.dump_monitor()
-    with fail_test(hapd, 1, "acs_request_scan"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected success for ENABLE")
-
-    hapd.dump_monitor()
-    with fail_test(hapd, 1, "acs_scan_complete"):
-        hapd.enable()
-        ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-        if not ev:
-            raise Exception("ACS start timed out")
-
-    hapd.dump_monitor()
-    with fail_test(hapd, 1, "acs_request_scan;acs_scan_complete"):
-        hapd.enable()
-        ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-        if not ev:
-            raise Exception("ACS start timed out")
-
-@long_duration_test
-def test_ap_acs_dfs(dev, apdev):
-    """Automatic channel selection, HT scan, and DFS"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        params['ieee80211d'] = '1'
-        params['ieee80211h'] = '1'
-        params['acs_num_scans'] = '1'
-        params['chanlist'] = '52 56 60 64'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd, return_after_acs=True)
-
-        wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        freq = int(hapd.get_status_field("freq"))
-        if freq not in [5260, 5280, 5300, 5320]:
-            raise Exception("Unexpected frequency: %d" % freq)
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=str(freq))
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_ap_acs_exclude_dfs(dev, apdev, params):
-    """Automatic channel selection, exclude DFS"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        params['ieee80211d'] = '1'
-        params['ieee80211h'] = '1'
-        params['acs_num_scans'] = '1'
-        params['acs_exclude_dfs'] = '1'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd)
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        freq = int(hapd.get_status_field("freq"))
-        if freq in [5260, 5280, 5300, 5320,
-                    5500, 5520, 5540, 5560, 5580, 5600, 5620, 5640, 5660, 5680]:
-            raise Exception("Unexpected frequency: %d" % freq)
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=str(freq))
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-@long_duration_test
-def test_ap_acs_vht160_dfs(dev, apdev):
-    """Automatic channel selection 160 MHz, HT scan, and DFS"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'a'
-        params['channel'] = '0'
-        params['ht_capab'] = '[HT40+]'
-        params['country_code'] = 'US'
-        params['ieee80211ac'] = '1'
-        params['vht_oper_chwidth'] = '2'
-        params['ieee80211d'] = '1'
-        params['ieee80211h'] = '1'
-        params['acs_num_scans'] = '1'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd, return_after_acs=True)
-
-        wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        freq = int(hapd.get_status_field("freq"))
-        if freq not in [5180, 5500]:
-            raise Exception("Unexpected frequency: %d" % freq)
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=str(freq))
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_ap_acs_hw_mode_any(dev, apdev):
-    """Automatic channel selection with hw_mode=any"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['hw_mode'] = 'any'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_hw_mode_any_5ghz(dev, apdev):
-    """Automatic channel selection with hw_mode=any and 5 GHz"""
-    try:
-        hapd = None
-        force_prev_ap_on_5g(apdev[0])
-        params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-        params['hw_mode'] = 'any'
-        params['channel'] = '0'
-        params['country_code'] = 'US'
-        params['acs_chan_bias'] = '36:0.7 40:0.7 44:0.7 48:0.7'
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        wait_acs(hapd)
-        freq = hapd.get_status_field("freq")
-        if int(freq) < 5000:
-            raise Exception("Unexpected frequency")
-
-        dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_acs_with_fallback_to_20(dev, apdev):
-    """Automatic channel selection with fallback to 20 MHz"""
-    force_prev_ap_on_24g(apdev[0])
-    params = {"ssid": "legacy-20",
-              "channel": "7", "ieee80211n": "0"}
-    hostapd.add_ap(apdev[1], params)
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['acs_chan_bias'] = '6:0.1'
-    params['ht_capab'] = '[HT40+]'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    logger.info("SIGNAL_POLL: " + str(sig))
-    if "WIDTH=20 MHz" not in sig:
-        raise Exception("Station did not report 20 MHz bandwidth")
-
-def test_ap_acs_rx_during(dev, apdev):
-    """Automatic channel selection and RX during ACS"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['chanlist'] = '1 6 11'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    time.sleep(0.1)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr().replace(':', '')
-    addr = "020304050607"
-    broadcast = 6*"ff"
-
-    probereq = "40000000" + broadcast + addr + broadcast + "1000"
-    probereq += "0000" + "010802040b160c121824" + "32043048606c" + "030100"
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % probereq):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    probereq = "40000000" + broadcast + addr + broadcast + "1000"
-    probereq += "0000" + "010102"
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2437 datarate=0 ssi_signal=-30 frame=%s" % probereq):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    auth = "b0003a01" + bssid + addr + bssid + '1000000001000000'
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth):
-        raise Exception("MGMT_RX_PROCESS failed")
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    time.sleep(0.2)
-    try:
-        for i in range(3):
-            dev[i].request("SCAN_INTERVAL 1")
-            dev[i].connect("test-acs", psk="12345678",
-                           scan_freq="2412 2437 2462", wait_connect=False)
-        wait_acs(hapd)
-        for i in range(3):
-            dev[i].wait_connected()
-    finally:
-        for i in range(3):
-            dev[i].request("SCAN_INTERVAL 5")
-
-def test_ap_acs_he_24g(dev, apdev):
-    """Automatic channel selection on 2.4 GHz with HE"""
-    clear_scan_cache(apdev[0])
-    force_prev_ap_on_24g(apdev[0])
-
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['ieee80211ax'] = '1'
-    params['ht_capab'] = '[HT40+]'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
-
-def test_ap_acs_he_24g_overlap(dev, apdev):
-    """Automatic channel selection on 2.4 GHz with HE (overlap)"""
-    clear_scan_cache(apdev[0])
-    force_prev_ap_on_24g(apdev[0])
-
-    params = {"ssid": "overlapping",
-              "channel": "6", "ieee80211n": "1"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
-    params['channel'] = '0'
-    params['ieee80211ax'] = '1'
-    params['ht_capab'] = '[HT40+]'
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    wait_acs(hapd)
-
-    freq = hapd.get_status_field("freq")
-    if int(freq) < 2400:
-        raise Exception("Unexpected frequency")
-
-    dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
diff --git a/tests/hwsim/test_ap_ciphers.py b/tests/hwsim/test_ap_ciphers.py
deleted file mode 100644
index 72dcfa54211e..000000000000
--- a/tests/hwsim/test_ap_ciphers.py
+++ /dev/null
@@ -1,1200 +0,0 @@
-# Cipher suite tests
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-import os
-import subprocess
-
-import hwsim_utils
-import hostapd
-from utils import *
-from wlantest import Wlantest
-from wpasupplicant import WpaSupplicant
-
-KT_PTK, KT_GTK, KT_IGTK, KT_BIGTK = range(4)
-
-def check_cipher(dev, ap, cipher, group_cipher=None):
-    if cipher not in dev.get_capability("pairwise"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-    if group_cipher and group_cipher not in dev.get_capability("group"):
-        raise HwsimSkip("Cipher %s not supported" % group_cipher)
-    params = {"ssid": "test-wpa2-psk",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": cipher}
-    if group_cipher:
-        params["group_cipher"] = group_cipher
-    else:
-        group_cipher = cipher
-    hapd = hostapd.add_ap(ap, params)
-    dev.connect("test-wpa2-psk", psk="12345678",
-                pairwise=cipher, group=group_cipher, scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev, hapd)
-
-def check_group_mgmt_cipher(dev, ap, cipher, sta_req_cipher=None):
-    if cipher not in dev.get_capability("group_mgmt"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-    params = {"ssid": "test-wpa2-psk-pmf",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "WPA-PSK-SHA256",
-              "rsn_pairwise": "CCMP",
-              "group_mgmt_cipher": cipher}
-    hapd = hostapd.add_ap(ap, params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
-                key_mgmt="WPA-PSK-SHA256", group_mgmt=sta_req_cipher,
-                pairwise="CCMP", group="CCMP", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev, hapd)
-    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
-    dev.wait_disconnected()
-    if wt.get_bss_counter('valid_bip_mmie', ap['bssid']) < 1:
-        raise Exception("No valid BIP MMIE seen")
-    if wt.get_bss_counter('bip_deauth', ap['bssid']) < 1:
-        raise Exception("No valid BIP deauth seen")
-
-    if cipher == "AES-128-CMAC":
-        group_mgmt = "BIP"
-    else:
-        group_mgmt = cipher
-    res = wt.info_bss('group_mgmt', ap['bssid']).strip()
-    if res != group_mgmt:
-        raise Exception("Unexpected group mgmt cipher: " + res)
-
-@remote_compatible
-def test_ap_cipher_tkip(dev, apdev):
-    """WPA2-PSK/TKIP connection"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    check_cipher(dev[0], apdev[0], "TKIP")
-
-@remote_compatible
-def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
-    """WPA-PSK/TKIP countermeasures (detected by AP)"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
-    if dev[0].cmd_execute(["ls", testfile])[0] != 0:
-        raise HwsimSkip("tkip_mic_test not supported in mac80211")
-
-    params = {"ssid": "tkip-countermeasures",
-              "wpa_passphrase": "12345678",
-              "wpa": "1",
-              "wpa_key_mgmt": "WPA-PSK",
-              "wpa_pairwise": "TKIP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("tkip-countermeasures", psk="12345678",
-                   pairwise="TKIP", group="TKIP", scan_freq="2412")
-
-    dev[0].dump_monitor()
-    dev[0].cmd_execute(["echo", "-n", apdev[0]['bssid'], ">", testfile],
-                       shell=True)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection on first Michael MIC failure")
-
-    dev[0].cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile],
-                       shell=True)
-    ev = dev[0].wait_disconnected(timeout=10,
-                                  error="No disconnection after two Michael MIC failures")
-    if "reason=14" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection during TKIP countermeasures")
-
-def test_ap_cipher_tkip_countermeasures_ap_mixed_mode(dev, apdev):
-    """WPA+WPA2-PSK/TKIP countermeasures (detected by mixed mode AP)"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
-    if dev[0].cmd_execute(["ls", testfile])[0] != 0:
-        raise HwsimSkip("tkip_mic_test not supported in mac80211")
-
-    params = {"ssid": "tkip-countermeasures",
-              "wpa_passphrase": "12345678",
-              "wpa": "3",
-              "wpa_key_mgmt": "WPA-PSK",
-              "wpa_pairwise": "TKIP",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("tkip-countermeasures", psk="12345678",
-                   pairwise="TKIP", group="TKIP", scan_freq="2412")
-    dev[1].connect("tkip-countermeasures", psk="12345678",
-                   pairwise="CCMP", scan_freq="2412")
-
-    dev[0].dump_monitor()
-    dev[0].cmd_execute(["echo", "-n", apdev[0]['bssid'], ">", testfile],
-                       shell=True)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection on first Michael MIC failure")
-
-    dev[0].cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile],
-                       shell=True)
-
-    ev = dev[0].wait_disconnected(timeout=10,
-                                  error="No disconnection after two Michael MIC failures")
-    if "reason=14" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-    ev = dev[1].wait_disconnected(timeout=10,
-                                  error="No disconnection after two Michael MIC failures (2)")
-    if "reason=14" not in ev:
-        raise Exception("Unexpected disconnection reason (2): " + ev)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection during TKIP countermeasures (1)")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection during TKIP countermeasures (2)")
-
-@remote_compatible
-def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
-    """WPA-PSK/TKIP countermeasures (detected by STA)"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    params = {"ssid": "tkip-countermeasures",
-              "wpa_passphrase": "12345678",
-              "wpa": "1",
-              "wpa_key_mgmt": "WPA-PSK",
-              "wpa_pairwise": "TKIP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
-    if hapd.cmd_execute(["ls", testfile])[0] != 0:
-        raise HwsimSkip("tkip_mic_test not supported in mac80211")
-
-    dev[0].connect("tkip-countermeasures", psk="12345678",
-                   pairwise="TKIP", group="TKIP", scan_freq="2412")
-
-    dev[0].dump_monitor()
-    hapd.cmd_execute(["echo", "-n", dev[0].own_addr(), ">", testfile],
-                     shell=True)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection on first Michael MIC failure")
-
-    hapd.cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile],
-                     shell=True)
-    ev = dev[0].wait_disconnected(timeout=10,
-                                  error="No disconnection after two Michael MIC failures")
-    if "reason=14 locally_generated=1" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection during TKIP countermeasures")
-
-@long_duration_test
-def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev):
-    """WPA-PSK/TKIP countermeasures (detected by two STAs)"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    params = {"ssid": "tkip-countermeasures",
-              "wpa_passphrase": "12345678",
-              "wpa": "1",
-              "wpa_key_mgmt": "WPA-PSK",
-              "wpa_pairwise": "TKIP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
-    if hapd.cmd_execute(["ls", testfile])[0] != 0:
-        raise HwsimSkip("tkip_mic_test not supported in mac80211")
-
-    dev[0].connect("tkip-countermeasures", psk="12345678",
-                   pairwise="TKIP", group="TKIP", scan_freq="2412")
-    dev[0].dump_monitor()
-    id = dev[1].connect("tkip-countermeasures", psk="12345678",
-                        pairwise="TKIP", group="TKIP", scan_freq="2412")
-    dev[1].dump_monitor()
-
-    hapd.cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile],
-                     shell=True)
-    ev = dev[0].wait_disconnected(timeout=10,
-                                  error="No disconnection after two Michael MIC failure")
-    if "reason=14" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-    ev = dev[1].wait_disconnected(timeout=5,
-                                  error="No disconnection after two Michael MIC failure")
-    if "reason=14" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection during TKIP countermeasures")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection during TKIP countermeasures")
-
-    dev[0].request("REMOVE_NETWORK all")
-    logger.info("Waiting for TKIP countermeasures to end")
-    connected = False
-    start = os.times()[4]
-    while True:
-        now = os.times()[4]
-        if start + 70 < now:
-            break
-        dev[0].connect("tkip-countermeasures", psk="12345678",
-                       pairwise="TKIP", group="TKIP", scan_freq="2412",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT",
-                                "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("No connection result")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            connected = True
-            break
-        if "status_code=1" not in ev:
-            raise Exception("Unexpected connection failure reason during TKIP countermeasures: " + ev)
-        dev[0].request("REMOVE_NETWORK all")
-        time.sleep(1)
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-    if not connected:
-        raise Exception("No connection after TKIP countermeasures terminated")
-
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is None:
-        dev[1].request("DISCONNECT")
-        dev[1].select_network(id)
-        dev[1].wait_connected()
-
-@remote_compatible
-def test_ap_cipher_ccmp(dev, apdev):
-    """WPA2-PSK/CCMP connection"""
-    check_cipher(dev[0], apdev[0], "CCMP")
-
-def test_ap_cipher_gcmp(dev, apdev):
-    """WPA2-PSK/GCMP connection"""
-    check_cipher(dev[0], apdev[0], "GCMP")
-
-def test_ap_cipher_ccmp_256(dev, apdev):
-    """WPA2-PSK/CCMP-256 connection"""
-    check_cipher(dev[0], apdev[0], "CCMP-256")
-
-def test_ap_cipher_gcmp_256(dev, apdev):
-    """WPA2-PSK/GCMP-256 connection"""
-    check_cipher(dev[0], apdev[0], "GCMP-256")
-
-def test_ap_cipher_gcmp_256_group_gcmp_256(dev, apdev):
-    """WPA2-PSK/GCMP-256 connection with group cipher override GCMP-256"""
-    check_cipher(dev[0], apdev[0], "GCMP-256", "GCMP-256")
-
-def test_ap_cipher_gcmp_256_group_gcmp(dev, apdev):
-    """WPA2-PSK/GCMP-256 connection with group cipher override GCMP"""
-    check_cipher(dev[0], apdev[0], "GCMP-256", "GCMP")
-
-def test_ap_cipher_gcmp_256_group_ccmp_256(dev, apdev):
-    """WPA2-PSK/GCMP-256 connection with group cipher override CCMP-256"""
-    check_cipher(dev[0], apdev[0], "GCMP-256", "CCMP-256")
-
-def test_ap_cipher_gcmp_256_group_ccmp(dev, apdev):
-    """WPA2-PSK/GCMP-256 connection with group cipher override CCMP"""
-    check_cipher(dev[0], apdev[0], "GCMP-256", "CCMP")
-
-def test_ap_cipher_gcmp_ccmp(dev, apdev, params):
-    """WPA2-PSK/GCMP/CCMP ciphers"""
-    config = os.path.join(params['logdir'], 'ap_cipher_gcmp_ccmp.conf')
-
-    for cipher in ["CCMP", "GCMP", "CCMP-256", "GCMP-256"]:
-        if cipher not in dev[0].get_capability("pairwise"):
-            raise HwsimSkip("Cipher %s not supported" % cipher)
-        if cipher not in dev[0].get_capability("group"):
-            raise HwsimSkip("Group cipher %s not supported" % cipher)
-
-    params = {"ssid": "test-wpa2-psk",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": "CCMP GCMP CCMP-256 GCMP-256"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-
-    for cipher in ["CCMP", "GCMP", "CCMP-256", "GCMP-256"]:
-        dev[0].connect("test-wpa2-psk", psk="12345678",
-                       pairwise=cipher, group="CCMP", scan_freq="2412")
-        if dev[0].get_status_field("group_cipher") != "CCMP":
-            raise Exception("Unexpected group_cipher")
-        if dev[0].get_status_field("pairwise_cipher") != cipher:
-            raise Exception("Unexpected pairwise_cipher")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].connect("test-wpa2-psk", psk="12345678",
-                   pairwise="CCMP CCMP-256 GCMP GCMP-256",
-                   group="CCMP CCMP-256 GCMP GCMP-256", scan_freq="2412")
-    if dev[0].get_status_field("group_cipher") != "CCMP":
-        raise Exception("Unexpected group_cipher")
-    res = dev[0].get_status_field("pairwise_cipher")
-    if res != "CCMP-256" and res != "GCMP-256":
-        raise Exception("Unexpected pairwise_cipher")
-
-    try:
-        with open(config, "w") as f:
-            f.write("network={\n" +
-                    "\tssid=\"test-wpa2-psk\"\n" +
-                    "\tkey_mgmt=WPA-PSK\n" +
-                    "\tpsk=\"12345678\"\n" +
-                    "\tpairwise=GCMP\n" +
-                    "\tgroup=CCMP\n" +
-                    "\tscan_freq=2412\n" +
-                    "}\n")
-
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add("wlan5", config=config)
-        wpas.wait_connected()
-        if wpas.get_status_field("group_cipher") != "CCMP":
-            raise Exception("Unexpected group_cipher")
-        if wpas.get_status_field("pairwise_cipher") != "GCMP":
-            raise Exception("Unexpected pairwise_cipher")
-    finally:
-        os.remove(config)
-
-@remote_compatible
-def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
-    """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    ssid = "test-wpa-wpa2-psk"
-    passphrase = "12345678"
-    params = {"ssid": ssid,
-              "wpa_passphrase": passphrase,
-              "wpa": "3",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": "CCMP",
-              "wpa_pairwise": "TKIP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].connect(ssid, psk=passphrase, proto="WPA2",
-                   pairwise="CCMP", group="TKIP", scan_freq="2412")
-    status = dev[0].get_status()
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Incorrect key_mgmt reported")
-    if status['pairwise_cipher'] != 'CCMP':
-        raise Exception("Incorrect pairwise_cipher reported")
-    if status['group_cipher'] != 'TKIP':
-        raise Exception("Incorrect group_cipher reported")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if bss['ssid'] != ssid:
-        raise Exception("Unexpected SSID in the BSS entry")
-    if "[WPA-PSK-TKIP]" not in bss['flags']:
-        raise Exception("Missing BSS flag WPA-PSK-TKIP")
-    if "[WPA2-PSK-CCMP]" not in bss['flags']:
-        raise Exception("Missing BSS flag WPA2-PSK-CCMP")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[1].connect(ssid, psk=passphrase, proto="WPA",
-                   pairwise="TKIP", group="TKIP", scan_freq="2412")
-    status = dev[1].get_status()
-    if status['key_mgmt'] != 'WPA-PSK':
-        raise Exception("Incorrect key_mgmt reported")
-    if status['pairwise_cipher'] != 'TKIP':
-        raise Exception("Incorrect pairwise_cipher reported")
-    if status['group_cipher'] != 'TKIP':
-        raise Exception("Incorrect group_cipher reported")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[1], hapd)
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-@remote_compatible
-def test_ap_cipher_wpa_sae(dev, apdev):
-    """WPA-PSK/TKIP and SAE mixed AP - WPA IE and RSNXE coexistence"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    check_sae_capab(dev[0])
-    ssid = "test-wpa-sae"
-    passphrase = "12345678"
-    params = {"ssid": ssid,
-              "wpa_passphrase": passphrase,
-              "wpa": "3",
-              "wpa_key_mgmt": "WPA-PSK SAE",
-              "rsn_pairwise": "CCMP",
-              "wpa_pairwise": "TKIP",
-              "sae_pwe": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-
-    dev[0].connect(ssid, psk=passphrase, proto="WPA",
-                   pairwise="TKIP", group="TKIP", scan_freq="2412")
-    status = dev[0].get_status()
-    if status['key_mgmt'] != 'WPA-PSK':
-        raise Exception("Incorrect key_mgmt reported")
-    if status['pairwise_cipher'] != 'TKIP':
-        raise Exception("Incorrect pairwise_cipher reported")
-    if status['group_cipher'] != 'TKIP':
-        raise Exception("Incorrect group_cipher reported")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_cipher_bip(dev, apdev):
-    """WPA2-PSK with BIP"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC")
-
-def test_ap_cipher_bip_req(dev, apdev):
-    """WPA2-PSK with BIP required"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC", "AES-128-CMAC")
-
-def test_ap_cipher_bip_req2(dev, apdev):
-    """WPA2-PSK with BIP required (2)"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC",
-                            "AES-128-CMAC BIP-GMAC-128 BIP-GMAC-256 BIP-CMAC-256")
-
-def test_ap_cipher_bip_gmac_128(dev, apdev):
-    """WPA2-PSK with BIP-GMAC-128"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128")
-
-def test_ap_cipher_bip_gmac_128_req(dev, apdev):
-    """WPA2-PSK with BIP-GMAC-128 required"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128", "BIP-GMAC-128")
-
-def test_ap_cipher_bip_gmac_256(dev, apdev):
-    """WPA2-PSK with BIP-GMAC-256"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256")
-
-def test_ap_cipher_bip_gmac_256_req(dev, apdev):
-    """WPA2-PSK with BIP-GMAC-256 required"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256", "BIP-GMAC-256")
-
-def test_ap_cipher_bip_cmac_256(dev, apdev):
-    """WPA2-PSK with BIP-CMAC-256"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256")
-
-def test_ap_cipher_bip_cmac_256_req(dev, apdev):
-    """WPA2-PSK with BIP-CMAC-256 required"""
-    check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256", "BIP-CMAC-256")
-
-def test_ap_cipher_bip_req_mismatch(dev, apdev):
-    """WPA2-PSK with BIP cipher mismatch"""
-    group_mgmt = dev[0].get_capability("group_mgmt")
-    for cipher in ["AES-128-CMAC", "BIP-GMAC-256"]:
-        if cipher not in group_mgmt:
-            raise HwsimSkip("Cipher %s not supported" % cipher)
-
-    params = {"ssid": "test-wpa2-psk-pmf",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "WPA-PSK-SHA256",
-              "rsn_pairwise": "CCMP",
-              "group_mgmt_cipher": "AES-128-CMAC"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(hapd.own_addr(), 2412)
-    id = dev[0].connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
-                        key_mgmt="WPA-PSK-SHA256", group_mgmt="BIP-GMAC-256",
-                        pairwise="CCMP", group="CCMP", scan_freq="2412",
-                        wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Network selection result not indicated")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-
-    dev[0].request("DISCONNECT")
-    dev[0].set_network(id, "group_mgmt", "AES-128-CMAC")
-    dev[0].select_network(id)
-    dev[0].wait_connected()
-
-def get_rx_spec(phy, keytype=KT_PTK):
-    keys = "/sys/kernel/debug/ieee80211/%s/keys" % (phy)
-    try:
-        for key in os.listdir(keys):
-            keydir = keys + "/" + key
-            with open(keydir + '/keyidx') as f:
-                keyid = int(f.read())
-            if keytype in (KT_PTK, KT_GTK) and keyid not in (0, 1, 2, 3):
-                continue
-            if keytype == KT_IGTK and keyid not in (4, 5):
-                continue
-            if keytype == KT_BIGTK and keyid not in (6, 7):
-                continue
-            files = os.listdir(keydir)
-            if keytype == KT_PTK and "station" not in files:
-                continue
-            if keytype != KT_PTK and "station" in files:
-                continue
-            with open(keydir + "/rx_spec") as f:
-                return f.read()
-    except OSError as e:
-        raise HwsimSkip("debugfs not supported in mac80211")
-    return None
-
-def get_tk_replay_counter(phy, keytype=KT_PTK):
-    keys = "/sys/kernel/debug/ieee80211/%s/keys" % (phy)
-    try:
-        for key in os.listdir(keys):
-            keydir = keys + "/" + key
-            with open(keydir + '/keyidx') as f:
-                keyid = int(f.read())
-            if keytype in (KT_PTK, KT_GTK) and keyid not in (0, 1, 2, 3):
-                continue
-            if keytype == KT_IGTK and keyid not in (4, 5):
-                continue
-            if keytype == KT_BIGTK and keyid not in (6, 7):
-                continue
-            files = os.listdir(keydir)
-            if keytype == KT_PTK and "station" not in files:
-                continue
-            if keytype != KT_PTK and "station" in files:
-                continue
-            with open(keydir + "/replays") as f:
-                return int(f.read())
-    except OSError as e:
-        raise HwsimSkip("debugfs not supported in mac80211")
-    return None
-
-def test_ap_cipher_replay_protection_ap_ccmp(dev, apdev):
-    """CCMP replay protection on AP"""
-    run_ap_cipher_replay_protection_ap(dev, apdev, "CCMP")
-
-def test_ap_cipher_replay_protection_ap_tkip(dev, apdev):
-    """TKIP replay protection on AP"""
-    skip_without_tkip(dev[0])
-    run_ap_cipher_replay_protection_ap(dev, apdev, "TKIP")
-
-def test_ap_cipher_replay_protection_ap_gcmp(dev, apdev):
-    """GCMP replay protection on AP"""
-    if "GCMP" not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("GCMP not supported")
-    run_ap_cipher_replay_protection_ap(dev, apdev, "GCMP")
-
-def run_ap_cipher_replay_protection_ap(dev, apdev, cipher):
-    params = {"ssid": "test-wpa2-psk",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": cipher}
-    hapd = hostapd.add_ap(apdev[0], params)
-    phy = hapd.get_driver_status_field("phyname")
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678",
-                   pairwise=cipher, group=cipher, scan_freq="2412")
-    hapd.wait_sta()
-
-    if cipher != "TKIP":
-        replays = get_tk_replay_counter(phy)
-        if replays != 0:
-            raise Exception("Unexpected replay reported (1)")
-
-    for i in range(5):
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-    if cipher != "TKIP":
-        replays = get_tk_replay_counter(phy)
-        if replays != 0:
-            raise Exception("Unexpected replay reported (2)")
-
-    if "OK" not in dev[0].request("RESET_PN"):
-        raise Exception("RESET_PN failed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
-                                  success_expected=False)
-
-    if cipher != "TKIP":
-        replays = get_tk_replay_counter(phy)
-        if replays < 1:
-            raise Exception("Replays not reported")
-
-def test_ap_cipher_replay_protection_sta_ccmp(dev, apdev):
-    """CCMP replay protection on STA (TK)"""
-    run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP")
-
-def test_ap_cipher_replay_protection_sta_tkip(dev, apdev):
-    """TKIP replay protection on STA (TK)"""
-    skip_without_tkip(dev[0])
-    run_ap_cipher_replay_protection_sta(dev, apdev, "TKIP")
-
-def test_ap_cipher_replay_protection_sta_gcmp(dev, apdev):
-    """GCMP replay protection on STA (TK)"""
-    if "GCMP" not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("GCMP not supported")
-    run_ap_cipher_replay_protection_sta(dev, apdev, "GCMP")
-
-def test_ap_cipher_replay_protection_sta_gtk_ccmp(dev, apdev):
-    """CCMP replay protection on STA (GTK)"""
-    run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP", keytype=KT_GTK)
-
-def test_ap_cipher_replay_protection_sta_gtk_tkip(dev, apdev):
-    """TKIP replay protection on STA (GTK)"""
-    skip_without_tkip(dev[0])
-    run_ap_cipher_replay_protection_sta(dev, apdev, "TKIP", keytype=KT_GTK)
-
-def test_ap_cipher_replay_protection_sta_gtk_gcmp(dev, apdev):
-    """GCMP replay protection on STA (GTK)"""
-    if "GCMP" not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("GCMP not supported")
-    run_ap_cipher_replay_protection_sta(dev, apdev, "GCMP", keytype=KT_GTK)
-
-def test_ap_cipher_replay_protection_sta_igtk(dev, apdev):
-    """CCMP replay protection on STA (IGTK)"""
-    run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP", keytype=KT_IGTK)
-
-def test_ap_cipher_replay_protection_sta_bigtk(dev, apdev):
-    """CCMP replay protection on STA (BIGTK)"""
-    run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP", keytype=KT_BIGTK)
-
-def run_ap_cipher_replay_protection_sta(dev, apdev, cipher, keytype=KT_PTK):
-    params = {"ssid": "test-wpa2-psk",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": cipher}
-    if keytype == KT_IGTK or keytype == KT_BIGTK:
-        params['ieee80211w'] = '2'
-    if keytype == KT_BIGTK:
-        params['beacon_prot'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    phy = dev[0].get_driver_status_field("phyname")
-    dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w='1',
-                   beacon_prot='1',
-                   pairwise=cipher, group=cipher, scan_freq="2412")
-    hapd.wait_sta()
-
-    if keytype == KT_BIGTK:
-        time.sleep(1)
-
-    if cipher != "TKIP":
-        replays = get_tk_replay_counter(phy, keytype)
-        if replays != 0:
-            raise Exception("Unexpected replay reported (1)")
-
-    for i in range(5):
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-    if cipher != "TKIP":
-        replays = get_tk_replay_counter(phy, keytype)
-        if replays != 0:
-            raise Exception("Unexpected replay reported (2)")
-
-    if keytype == KT_IGTK:
-        hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-        if ev:
-            dev[0].wait_connected()
-
-    addr = "ff:ff:ff:ff:ff:ff" if keytype != KT_PTK else dev[0].own_addr()
-    cmd = "RESET_PN " + addr
-    if keytype == KT_IGTK:
-        cmd += " IGTK"
-    if keytype == KT_BIGTK:
-        cmd += " BIGTK"
-    if "OK" not in hapd.request(cmd):
-        raise Exception("RESET_PN failed")
-    time.sleep(0.1)
-    if keytype == KT_IGTK:
-        hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    elif keytype == KT_BIGTK:
-        time.sleep(1)
-    else:
-        hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
-                                      success_expected=False)
-
-    if cipher != "TKIP":
-        replays = get_tk_replay_counter(phy, keytype)
-        if replays < 1:
-            raise Exception("Replays not reported")
-
-@disable_ipv6
-def test_ap_wpa2_delayed_m3_retransmission(dev, apdev):
-    """Delayed M3 retransmission"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    phy = dev[0].get_driver_status_field("phyname")
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-
-    for i in range(5):
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-    time.sleep(0.1)
-    before_tk = get_rx_spec(phy, keytype=KT_PTK).splitlines()
-    before_gtk = get_rx_spec(phy, keytype=KT_GTK).splitlines()
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_M3 " + addr):
-        raise Exception("RESEND_M3 failed")
-    time.sleep(0.1)
-    after_tk = get_rx_spec(phy, keytype=KT_PTK).splitlines()
-    after_gtk = get_rx_spec(phy, keytype=KT_GTK).splitlines()
-
-    if "OK" not in hapd.request("RESET_PN " + addr):
-        raise Exception("RESET_PN failed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
-                                  success_expected=False)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    for i in range(len(before_tk)):
-        b = int(before_tk[i], 16)
-        a = int(after_tk[i], 16)
-        if a < b:
-            raise Exception("TK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
-
-    for i in range(len(before_gtk)):
-        b = int(before_gtk[i], 16)
-        a = int(after_gtk[i], 16)
-        if a < b:
-            raise Exception("GTK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
-
-@disable_ipv6
-def test_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev):
-    """Delayed M1+M3 retransmission"""
-    run_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev, False)
-
-@disable_ipv6
-def test_ap_wpa2_delayed_m1_m3_retransmission2(dev, apdev):
-    """Delayed M1+M3 retransmission (change M1 ANonce)"""
-    run_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev, True)
-
-def run_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev,
-                                             change_m1_anonce=False):
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    phy = dev[0].get_driver_status_field("phyname")
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-
-    for i in range(5):
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-    time.sleep(0.1)
-    before_tk = get_rx_spec(phy, keytype=KT_PTK).splitlines()
-    before_gtk = get_rx_spec(phy, keytype=KT_GTK).splitlines()
-    addr = dev[0].own_addr()
-    if change_m1_anonce:
-        if "OK" not in hapd.request("RESEND_M1 " + addr + " change-anonce"):
-            raise Exception("RESEND_M1 failed")
-    if "OK" not in hapd.request("RESEND_M1 " + addr):
-        raise Exception("RESEND_M1 failed")
-    if "OK" not in hapd.request("RESEND_M3 " + addr):
-        raise Exception("RESEND_M3 failed")
-    time.sleep(0.1)
-    after_tk = get_rx_spec(phy, keytype=KT_PTK).splitlines()
-    after_gtk = get_rx_spec(phy, keytype=KT_GTK).splitlines()
-
-    if "OK" not in hapd.request("RESET_PN " + addr):
-        raise Exception("RESET_PN failed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
-                                  success_expected=False)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    for i in range(len(before_tk)):
-        b = int(before_tk[i], 16)
-        a = int(after_tk[i], 16)
-        if a < b:
-            raise Exception("TK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
-
-    for i in range(len(before_gtk)):
-        b = int(before_gtk[i], 16)
-        a = int(after_gtk[i], 16)
-        if a < b:
-            raise Exception("GTK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
-
-@disable_ipv6
-def test_ap_wpa2_delayed_group_m1_retransmission(dev, apdev):
-    """Delayed group M1 retransmission"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    phy = dev[0].get_driver_status_field("phyname")
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-
-    for i in range(5):
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-    time.sleep(0.1)
-    before = get_rx_spec(phy, keytype=KT_GTK).splitlines()
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
-        raise Exception("RESEND_GROUP_M1 failed")
-    time.sleep(0.1)
-    after = get_rx_spec(phy, keytype=KT_GTK).splitlines()
-
-    if "OK" not in hapd.request("RESET_PN ff:ff:ff:ff:ff:ff"):
-        raise Exception("RESET_PN failed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
-                                  success_expected=False)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    for i in range(len(before)):
-        b = int(before[i], 16)
-        a = int(after[i], 16)
-        if a < b:
-            raise Exception("RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
-
-@disable_ipv6
-def test_ap_wpa2_delayed_group_m1_retransmission_igtk(dev, apdev):
-    """Delayed group M1 retransmission (check IGTK protection)"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678",
-                                 ieee80211w="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    phy = dev[0].get_driver_status_field("phyname")
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
-                   ieee80211w="1")
-    hapd.wait_sta()
-
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1)
-
-    # deauth once to see that works OK
-    addr = dev[0].own_addr()
-    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
-    dev[0].wait_disconnected(timeout=10)
-
-    # now to check the protection
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-    hapd.wait_sta()
-
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1)
-
-    if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
-        raise Exception("RESEND_GROUP_M1 failed")
-    if "OK" not in hapd.request("RESET_PN ff:ff:ff:ff:ff:ff IGTK"):
-        raise Exception("RESET_PN failed")
-
-    time.sleep(0.1)
-    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_delayed_m1_m3_zero_tk(dev, apdev):
-    """Delayed M1+M3 retransmission and zero TK"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_M1 " + addr + " change-anonce"):
-        raise Exception("RESEND_M1 failed")
-    if "OK" not in hapd.request("RESEND_M1 " + addr):
-        raise Exception("RESEND_M1 failed")
-    if "OK" not in hapd.request("RESEND_M3 " + addr):
-        raise Exception("RESEND_M3 failed")
-
-    KEY_FLAG_RX = 0x04
-    KEY_FLAG_TX = 0x08
-    KEY_FLAG_PAIRWISE = 0x20
-    KEY_FLAG_RX_TX = KEY_FLAG_RX | KEY_FLAG_TX
-    KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX
-    if "OK" not in hapd.request("SET_KEY 3 %s %d %d %s %s %d" % (addr, 0, 1, 6*"00", 16*"00", KEY_FLAG_PAIRWISE_RX_TX)):
-        raise Exception("SET_KEY failed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1, broadcast=False,
-                                  success_expected=False)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_plaintext_m1_m3(dev, apdev):
-    """Plaintext M1/M3 during PTK rekey"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-
-    time.sleep(0.1)
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_M1 " + addr + " plaintext"):
-        raise Exception("RESEND_M1 failed")
-    time.sleep(0.1)
-    if "OK" not in hapd.request("RESEND_M3 " + addr + " plaintext"):
-        raise Exception("RESEND_M3 failed")
-    time.sleep(0.1)
-
-def test_ap_wpa2_plaintext_m1_m3_pmf(dev, apdev):
-    """Plaintext M1/M3 during PTK rekey (PMF)"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w="2",
-                   scan_freq="2412")
-
-    time.sleep(0.1)
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_M1 " + addr + " plaintext"):
-        raise Exception("RESEND_M1 failed")
-    time.sleep(0.1)
-    if "OK" not in hapd.request("RESEND_M3 " + addr + " plaintext"):
-        raise Exception("RESEND_M3 failed")
-    time.sleep(0.1)
-
-def test_ap_wpa2_plaintext_m3(dev, apdev):
-    """Plaintext M3 during PTK rekey"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-
-    time.sleep(0.1)
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_M1 " + addr):
-        raise Exception("RESEND_M1 failed")
-    time.sleep(0.1)
-    if "OK" not in hapd.request("RESEND_M3 " + addr + " plaintext"):
-        raise Exception("RESEND_M3 failed")
-    time.sleep(0.1)
-
-def test_ap_wpa2_plaintext_group_m1(dev, apdev):
-    """Plaintext group M1"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-
-    time.sleep(0.1)
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr + " plaintext"):
-        raise Exception("RESEND_GROUP_M1 failed")
-    time.sleep(0.2)
-    if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
-        raise Exception("RESEND_GROUP_M1 failed")
-    time.sleep(0.1)
-
-def test_ap_wpa2_plaintext_group_m1_pmf(dev, apdev):
-    """Plaintext group M1 (PMF)"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w="2",
-                   scan_freq="2412")
-
-    time.sleep(0.1)
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr + " plaintext"):
-        raise Exception("RESEND_GROUP_M1 failed")
-    time.sleep(0.2)
-    if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
-        raise Exception("RESEND_GROUP_M1 failed")
-    time.sleep(0.1)
-
-def test_ap_wpa2_test_command_failures(dev, apdev):
-    """EAPOL/key config test command failures"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["RESEND_M1 foo",
-             "RESEND_M1 22:22:22:22:22:22",
-             "RESEND_M3 foo",
-             "RESEND_M3 22:22:22:22:22:22",
-             "RESEND_GROUP_M1 foo",
-             "RESEND_GROUP_M1 22:22:22:22:22:22",
-             "SET_KEY foo",
-             "SET_KEY 3 foo",
-             "SET_KEY 3 22:22:22:22:22:22",
-             "SET_KEY 3 22:22:22:22:22:22 1",
-             "SET_KEY 3 22:22:22:22:22:22 1 1",
-             "SET_KEY 3 22:22:22:22:22:22 1 1 q",
-             "SET_KEY 3 22:22:22:22:22:22 1 1 112233445566",
-             "SET_KEY 3 22:22:22:22:22:22 1 1 112233445566 1",
-             "SET_KEY 3 22:22:22:22:22:22 1 1 112233445566 12",
-             "SET_KEY 3 22:22:22:22:22:22 1 1 112233445566 12 1",
-             "SET_KEY 3 22:22:22:22:22:22 1 1 112233445566 12 1 ",
-             "RESET_PN ff:ff:ff:ff:ff:ff BIGTK",
-             "RESET_PN ff:ff:ff:ff:ff:ff IGTK",
-             "RESET_PN 22:22:22:22:22:22",
-             "RESET_PN foo"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-
-def test_ap_wpa2_gtk_initial_rsc_tkip(dev, apdev):
-    """Initial group cipher RSC (TKIP)"""
-    skip_without_tkip(dev[0])
-    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "TKIP")
-
-def test_ap_wpa2_gtk_initial_rsc_ccmp(dev, apdev):
-    """Initial group cipher RSC (CCMP)"""
-    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "CCMP")
-
-def test_ap_wpa2_gtk_initial_rsc_ccmp_256(dev, apdev):
-    """Initial group cipher RSC (CCMP-256)"""
-    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "CCMP-256")
-
-def test_ap_wpa2_gtk_initial_rsc_gcmp(dev, apdev):
-    """Initial group cipher RSC (GCMP)"""
-    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "GCMP")
-
-def test_ap_wpa2_gtk_initial_rsc_gcmp_256(dev, apdev):
-    """Initial group cipher RSC (GCMP-256)"""
-    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "GCMP-256")
-
-def run_ap_wpa2_gtk_initial_rsc(dev, apdev, cipher):
-    if cipher not in dev[0].get_capability("pairwise") or \
-       cipher not in dev[0].get_capability("group"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    params["rsn_pairwise"] = cipher
-    params["group_cipher"] = cipher
-    params["gtk_rsc_override"] = "341200000000"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", proto="WPA2",
-                   pairwise=cipher, group=cipher, scan_freq="2412")
-    hapd.wait_sta()
-    # Verify that unicast traffic works, but broadcast traffic does not.
-    hwsim_utils.test_connectivity(dev[0], hapd, broadcast=False)
-    hwsim_utils.test_connectivity(dev[0], hapd, success_expected=False)
-    hwsim_utils.test_connectivity(dev[0], hapd, success_expected=False)
-
-def test_ap_wpa2_igtk_initial_rsc_aes_128_cmac(dev, apdev):
-    """Initial management group cipher RSC (AES-128-CMAC)"""
-    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "AES-128-CMAC")
-
-def test_ap_wpa2_igtk_initial_rsc_bip_gmac_128(dev, apdev):
-    """Initial management group cipher RSC (BIP-GMAC-128)"""
-    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "BIP-GMAC-128")
-
-def test_ap_wpa2_igtk_initial_rsc_bip_gmac_256(dev, apdev):
-    """Initial management group cipher RSC (BIP-GMAC-256)"""
-    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "BIP-GMAC-256")
-
-def test_ap_wpa2_igtk_initial_rsc_bip_cmac_256(dev, apdev):
-    """Initial management group cipher RSC (BIP-CMAC-256)"""
-    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "BIP-CMAC-256")
-
-def run_ap_wpa2_igtk_initial_rsc(dev, apdev, cipher):
-    if cipher not in dev[0].get_capability("group_mgmt"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    params["ieee80211w"] = "2"
-    params["rsn_pairwise"] = "CCMP"
-    params["group_cipher"] = "CCMP"
-    params["group_mgmt_cipher"] = cipher
-    params["igtk_rsc_override"] = "341200000000"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", proto="WPA2",
-                   ieee80211w="2", pairwise="CCMP", group="CCMP",
-                   group_mgmt=cipher,
-                   scan_freq="2412")
-    hapd.wait_sta()
-    # Verify that broadcast robust management frames are dropped.
-    dev[0].note("Sending broadcast Deauthentication and Disassociation frames with too small IPN")
-    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
-    hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1")
-    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
-    hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1")
-    dev[0].note("Done sending broadcast Deauthentication and Disassociation frames with too small IPN")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    # Verify thar unicast robust management frames go through.
-    hapd.request("DEAUTHENTICATE " + dev[0].own_addr() + " reason=123 test=1")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    if "reason=123" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
diff --git a/tests/hwsim/test_ap_config.py b/tests/hwsim/test_ap_config.py
deleted file mode 100644
index b1d9d2133188..000000000000
--- a/tests/hwsim/test_ap_config.py
+++ /dev/null
@@ -1,581 +0,0 @@
-# hostapd configuration tests
-# Copyright (c) 2014-2016, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import signal
-import time
-import logging
-logger = logging.getLogger(__name__)
-import subprocess
-
-from remotehost import remote_compatible
-import hostapd
-from utils import alloc_fail, fail_test
-
-@remote_compatible
-def test_ap_config_errors(dev, apdev):
-    """Various hostapd configuration errors"""
-
-    # IEEE 802.11d without country code
-    params = {"ssid": "foo", "ieee80211d": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (ieee80211d without country_code)")
-    hostapd.remove_bss(apdev[0])
-
-    # IEEE 802.11h without IEEE 802.11d
-    params = {"ssid": "foo", "ieee80211h": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (ieee80211h without ieee80211d")
-    hostapd.remove_bss(apdev[0])
-
-    # Power Constraint without IEEE 802.11d
-    params = {"ssid": "foo", "local_pwr_constraint": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (local_pwr_constraint without ieee80211d)")
-    hostapd.remove_bss(apdev[0])
-
-    # Spectrum management without Power Constraint
-    params = {"ssid": "foo", "spectrum_mgmt_required": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (spectrum_mgmt_required without local_pwr_constraint)")
-    hostapd.remove_bss(apdev[0])
-
-    # IEEE 802.1X without authentication server
-    params = {"ssid": "foo", "ieee8021x": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (ieee8021x)")
-    hostapd.remove_bss(apdev[0])
-
-    # RADIUS-PSK without macaddr_acl=2
-    params = hostapd.wpa2_params(ssid="foo", passphrase="12345678")
-    params["wpa_psk_radius"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (wpa_psk_radius)")
-    hostapd.remove_bss(apdev[0])
-
-    # FT without NAS-Identifier
-    params = {"wpa": "2",
-              "wpa_key_mgmt": "FT-PSK",
-              "rsn_pairwise": "CCMP",
-              "wpa_passphrase": "12345678"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (FT without nas_identifier)")
-    hostapd.remove_bss(apdev[0])
-
-    # Hotspot 2.0 without WPA2/CCMP
-    params = hostapd.wpa2_params(ssid="foo")
-    params['wpa_key_mgmt'] = "WPA-EAP"
-    params['ieee8021x'] = "1"
-    params['auth_server_addr'] = "127.0.0.1"
-    params['auth_server_port'] = "1812"
-    params['auth_server_shared_secret'] = "radius"
-    params['interworking'] = "1"
-    params['hs20'] = "1"
-    params['wpa'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success (HS 2.0 without WPA2/CCMP)")
-    hostapd.remove_bss(apdev[0])
-
-def test_ap_config_reload(dev, apdev, params):
-    """hostapd configuration reload"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "foo"})
-    hapd.set("ssid", "foobar")
-    with open(os.path.join(params['logdir'], 'hostapd-test.pid'), "r") as f:
-        pid = int(f.read())
-    os.kill(pid, signal.SIGHUP)
-    time.sleep(0.1)
-    dev[0].connect("foobar", key_mgmt="NONE", scan_freq="2412")
-    hapd.set("ssid", "foo")
-    os.kill(pid, signal.SIGHUP)
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-
-def test_ap_config_reload_file(dev, apdev, params):
-    """hostapd configuration reload from file"""
-    hapd = hostapd.add_iface(apdev[0], "bss-1.conf")
-    hapd.enable()
-    hapd.set("ssid", "foobar")
-    with open(os.path.join(params['logdir'], 'hostapd-test.pid'), "r") as f:
-        pid = int(f.read())
-    os.kill(pid, signal.SIGHUP)
-    time.sleep(0.1)
-    dev[0].connect("foobar", key_mgmt="NONE", scan_freq="2412")
-    hapd.set("ssid", "foo")
-    os.kill(pid, signal.SIGHUP)
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-
-def test_ap_config_reload_file_while_disabled(dev, apdev, params):
-    """hostapd configuration reload from file when disabled"""
-    hapd = hostapd.add_iface(apdev[0], "bss-1.conf")
-    hapd.enable()
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=3)
-    if ev is None:
-        raise Exception("AP-ENABLED event not reported")
-    hapd.set("ssid", "foobar")
-    with open(os.path.join(params['logdir'], 'hostapd-test.pid'), "r") as f:
-        pid = int(f.read())
-    hapd.disable()
-    ev = hapd.wait_event(["AP-DISABLED"], timeout=3)
-    if ev is None:
-        raise Exception("AP-DISABLED event not reported")
-    hapd.dump_monitor()
-    os.kill(pid, signal.SIGHUP)
-    time.sleep(0.1)
-    hapd.enable()
-    dev[0].connect("foobar", key_mgmt="NONE", scan_freq="2412")
-
-def write_hostapd_config(conffile, ifname, ssid, ht=True, bss2=False):
-    with open(conffile, "w") as f:
-        f.write("driver=nl80211\n")
-        f.write("hw_mode=g\n")
-        f.write("channel=1\n")
-        if ht:
-            f.write("ieee80211n=1\n")
-        f.write("interface=" + ifname + "\n")
-        f.write("ssid=" + ssid + "\n")
-        if bss2:
-            f.write("bss=" + ifname + "_2\n")
-            f.write("ssid=" + ssid + "-2\n")
-
-def test_ap_config_reload_on_sighup(dev, apdev, params):
-    """hostapd configuration reload modification from file on SIGHUP"""
-    run_ap_config_reload_on_sighup(dev, apdev, params)
-
-def test_ap_config_reload_on_sighup_no_ht(dev, apdev, params):
-    """hostapd configuration reload modification from file on SIGHUP (no HT)"""
-    run_ap_config_reload_on_sighup(dev, apdev, params, ht=False)
-
-def run_ap_config_reload_on_sighup(dev, apdev, params, ht=True):
-    name = "ap_config_reload_on_sighup"
-    if not ht:
-        name += "_no_ht"
-    pidfile = params['prefix'] + ".hostapd.pid"
-    logfile = params['prefix'] + ".hostapd.log"
-    conffile = params['prefix'] + ".hostapd.conf"
-    prg = os.path.join(params['logdir'], 'alt-hostapd/hostapd/hostapd')
-    if not os.path.exists(prg):
-        prg = '../../hostapd/hostapd'
-    write_hostapd_config(conffile, apdev[0]['ifname'], "test-1", ht=ht)
-    cmd = [prg, '-B', '-dddt', '-P', pidfile, '-f', logfile, conffile]
-    res = subprocess.check_call(cmd)
-    if res != 0:
-        raise Exception("Could not start hostapd: %s" % str(res))
-
-    dev[0].connect("test-1", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    write_hostapd_config(conffile, apdev[0]['ifname'], "test-2", ht=ht)
-    with open(pidfile, "r") as f:
-        pid = int(f.read())
-    os.kill(pid, signal.SIGHUP)
-
-    time.sleep(0.1)
-    dev[0].flush_scan_cache()
-
-    dev[0].connect("test-2", key_mgmt="NONE", scan_freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    os.kill(pid, signal.SIGTERM)
-    removed = False
-    for i in range(20):
-        time.sleep(0.1)
-        if not os.path.exists(pidfile):
-            removed = True
-            break
-    if not removed:
-        raise Exception("hostapd PID file not removed on SIGTERM")
-
-    if ht and "dd180050f202" not in bss['ie']:
-            raise Exception("Missing WMM IE after reload")
-    if not ht and "dd180050f202" in bss['ie']:
-            raise Exception("Unexpected WMM IE after reload")
-
-def test_ap_config_reload_on_sighup_bss_changes(dev, apdev, params):
-    """hostapd configuration reload modification from file on SIGHUP with bss remove/add"""
-    pidfile = params['prefix'] + ".hostapd.pid"
-    logfile = params['prefix'] + ".hostapd-log"
-    conffile = params['prefix'] + ".hostapd.conf"
-    prg = os.path.join(params['logdir'], 'alt-hostapd/hostapd/hostapd')
-    if not os.path.exists(prg):
-        prg = '../../hostapd/hostapd'
-    write_hostapd_config(conffile, apdev[0]['ifname'], "test", bss2=True)
-    cmd = [prg, '-B', '-dddt', '-P', pidfile, '-f', logfile, conffile]
-    res = subprocess.check_call(cmd)
-    if res != 0:
-        raise Exception("Could not start hostapd: %s" % str(res))
-
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    dev[1].connect("test-2", key_mgmt="NONE", scan_freq="2412")
-    dev[0].wait_connected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[1].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    write_hostapd_config(conffile, apdev[0]['ifname'], "test-a", bss2=False)
-    with open(pidfile, "r") as f:
-        pid = int(f.read())
-    os.kill(pid, signal.SIGHUP)
-
-    time.sleep(0.5)
-    dev[0].flush_scan_cache()
-
-    dev[0].connect("test-a", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    write_hostapd_config(conffile, apdev[0]['ifname'], "test-b", bss2=True)
-    os.kill(pid, signal.SIGHUP)
-
-    time.sleep(0.5)
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-    dev[0].connect("test-b", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    dev[1].connect("test-b-2", key_mgmt="NONE", scan_freq="2412")
-    dev[0].wait_connected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[1].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    os.kill(pid, signal.SIGTERM)
-
-def test_ap_config_reload_before_enable(dev, apdev, params):
-    """hostapd configuration reload before enable"""
-    hapd = hostapd.add_iface(apdev[0], "bss-1.conf")
-    with open(os.path.join(params['logdir'], 'hostapd-test.pid'), "r") as f:
-        pid = int(f.read())
-    os.kill(pid, signal.SIGHUP)
-    hapd.ping()
-
-def test_ap_config_sigusr1(dev, apdev, params):
-    """hostapd SIGUSR1"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"})
-    with open(os.path.join(params['logdir'], 'hostapd-test.pid'), "r") as f:
-        pid = int(f.read())
-    os.kill(pid, signal.SIGUSR1)
-    dev[0].connect("foobar", key_mgmt="NONE", scan_freq="2412")
-    os.kill(pid, signal.SIGUSR1)
-
-def test_ap_config_invalid_value(dev, apdev, params):
-    """Ignoring invalid hostapd configuration parameter updates"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test"}, no_enable=True)
-    not_exist = "/tmp/hostapd-test/does-not-exist"
-    tests = [("driver", "foobar"),
-             ("ssid2", "Q"),
-             ("macaddr_acl", "255"),
-             ("accept_mac_file", not_exist),
-             ("deny_mac_file", not_exist),
-             ("eapol_version", "255"),
-             ("eap_user_file", not_exist),
-             ("wep_key_len_broadcast", "-1"),
-             ("wep_key_len_unicast", "-1"),
-             ("wep_rekey_period", "-1"),
-             ("eap_rekey_period", "-1"),
-             ("radius_client_addr", "foo"),
-             ("acs_chan_bias", "-1:0.8"),
-             ("acs_chan_bias", "1"),
-             ("acs_chan_bias", "1:p"),
-             ("acs_chan_bias", "1:-0.8"),
-             ("acs_chan_bias", "1:0.8p"),
-             ("dtim_period", "0"),
-             ("bss_load_update_period", "-1"),
-             ("send_probe_response", "255"),
-             ("beacon_rate", "ht:-1"),
-             ("beacon_rate", "ht:32"),
-             ("beacon_rate", "vht:-1"),
-             ("beacon_rate", "vht:10"),
-             ("beacon_rate", "9"),
-             ("beacon_rate", "10001"),
-             ("vlan_file", not_exist),
-             ("bss", ""),
-             ("bssid", "foo"),
-             ("extra_cred", not_exist),
-             ("anqp_elem", "265"),
-             ("anqp_elem", "265"),
-             ("anqp_elem", "265:1"),
-             ("anqp_elem", "265:1q"),
-             ("fst_priority", ""),
-             ("fils_cache_id", "q"),
-             ("venue_url", "foo"),
-             ("venue_url", "1:" + 255*"a"),
-             ("sae_password", "secret|mac=qq"),
-             ("dpp_controller", "ipaddr=1"),
-             ("dpp_controller", "ipaddr=127.0.0.1 pkhash=q"),
-             ("dpp_controller", "ipaddr=127.0.0.1 pkhash=" + 32*"qq"),
-             ("dpp_controller", "pkhash=" + 32*"aa"),
-             ("check_cert_subject", ""),
-             ("eap_teap_auth", "-1"),
-             ("eap_teap_auth", "100"),
-             ("group_cipher", "foo"),
-             ("group_cipher", "NONE"),
-             ("chan_util_avg_period", "-1"),
-             ("multi_ap_backhaul_ssid", ""),
-             ("multi_ap_backhaul_ssid", '""'),
-             ("multi_ap_backhaul_ssid", "1"),
-             ("multi_ap_backhaul_ssid", '"' + 33*"A" + '"'),
-             ("multi_ap_backhaul_wpa_passphrase", ""),
-             ("multi_ap_backhaul_wpa_passphrase", 64*"q"),
-             ("multi_ap_backhaul_wpa_psk", "q"),
-             ("multi_ap_backhaul_wpa_psk", 63*"aa"),
-             ("hs20_release", "0"),
-             ("hs20_release", "255"),
-             ("dhcp_server", "::::::"),
-             ("dpp_netaccesskey", "q"),
-             ("dpp_csign", "q"),
-             ("owe_transition_bssid", "q"),
-             ("owe_transition_ssid", ""),
-             ("owe_transition_ssid", '""'),
-             ("owe_transition_ssid", '"' + 33*"a" + '"'),
-             ("multi_ap", "-1"),
-             ("multi_ap", "255"),
-             ("unknown-item", "foo")]
-    for field, val in tests:
-        if "FAIL" not in hapd.request("SET %s %s" % (field, val)):
-            raise Exception("Invalid %s accepted" % field)
-    hapd.enable()
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-
-def test_ap_config_eap_user_file_parsing(dev, apdev, params):
-    """hostapd eap_user_file parsing"""
-    tmp = params['prefix'] + '.tmp'
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"})
-
-    for i in range(2):
-        if "OK" not in hapd.request("SET eap_user_file auth_serv/eap_user.conf"):
-            raise Exception("eap_user_file rejected")
-
-    tests = ["#\n\n*\tTLS\nradius_accept_attr=:",
-             "foo\n",
-             "\"foo\n",
-             "\"foo\"\n",
-             "\"foo\" FOOBAR\n",
-             "\"foo\" " + 10*"TLS," + "TLS \"\n",
-             "\"foo\" TLS \nfoo\n",
-             "\"foo\" PEAP hash:foo\n",
-             "\"foo\" PEAP hash:8846f7eaee8fb117ad06bdd830b7586q\n",
-             "\"foo\" PEAP 01020\n",
-             "\"foo\" PEAP 010q\n"
-             '"pwd" PWD ssha1:\n',
-             '"pwd" PWD ssha1:' + 20*'00' + '\n',
-             '"pwd" PWD ssha256:\n',
-             '"pwd" PWD ssha512:\n',
-             '"pwd" PWD ssha1:' + 20*'00' + 'qq\n',
-             '"pwd" PWD ssha1:' + 19*'00' + 'qq00\n',
-             "\"foo\" TLS\nradius_accept_attr=123:x:012\n",
-             "\"foo\" TLS\nradius_accept_attr=123:x:012q\n",
-             "\"foo\" TLS\nradius_accept_attr=123:Q:01\n",
-             "\"foo\" TLS\nradius_accept_attr=123\nfoo\n"]
-    for t in tests:
-        with open(tmp, "w") as f:
-            f.write(t)
-        if "FAIL" not in hapd.request("SET eap_user_file " + tmp):
-            raise Exception("Invalid eap_user_file accepted")
-
-    tests = [("\"foo\" TLS\n", 2, "hostapd_config_read_eap_user"),
-             ("\"foo\" PEAP \"foo\"\n", 3, "hostapd_config_read_eap_user"),
-             ("\"foo\" PEAP hash:8846f7eaee8fb117ad06bdd830b75861\n", 3,
-              "hostapd_config_read_eap_user"),
-             ("\"foo\" PEAP 0102\n", 3, "hostapd_config_read_eap_user"),
-             ("\"foo\" TLS\nradius_accept_attr=123\n", 1,
-              "=hostapd_parse_radius_attr"),
-             ("\"foo\" TLS\nradius_accept_attr=123\n", 1,
-              "wpabuf_alloc;hostapd_parse_radius_attr"),
-             ("\"foo\" TLS\nradius_accept_attr=123:s:foo\n", 2,
-              "hostapd_parse_radius_attr"),
-             ("\"foo\" TLS\nradius_accept_attr=123:x:0102\n", 2,
-              "hostapd_parse_radius_attr"),
-             ("\"foo\" TLS\nradius_accept_attr=123:d:1\n", 2,
-              "hostapd_parse_radius_attr"),
-             ('"pwd" PWD ssha1:046239e0660a59015231082a071c803e9f5848ae42eaccb4c08c97ae397bc879c4b071b9088ee715\n', 1, "hostapd_config_eap_user_salted"),
-             ('"pwd" PWD ssha1:046239e0660a59015231082a071c803e9f5848ae42eaccb4c08c97ae397bc879c4b071b9088ee715\n', 2, "hostapd_config_eap_user_salted"),
-             ("* TLS\n", 1, "hostapd_config_read_eap_user")]
-    for t, count, func in tests:
-        with alloc_fail(hapd, count, func):
-            with open(tmp, "w") as f:
-                f.write(t)
-            if "FAIL" not in hapd.request("SET eap_user_file " + tmp):
-                raise Exception("eap_user_file accepted during OOM")
-
-def test_ap_config_set_oom(dev, apdev):
-    """hostapd configuration parsing OOM"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"})
-
-    tests = [(1, "hostapd_parse_das_client",
-              "SET radius_das_client 192.168.1.123 pw"),
-             (1, "hostapd_parse_chanlist", "SET chanlist 1 6 11-13"),
-             (1, "hostapd_config_bss", "SET bss foo"),
-             (2, "hostapd_config_bss", "SET bss foo"),
-             (3, "hostapd_config_bss", "SET bss foo"),
-             (1, "add_r0kh",
-              "SET r0kh 02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f"),
-             (1, "add_r1kh",
-              "SET r1kh 02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f"),
-             (1, "parse_roaming_consortium", "SET roaming_consortium 021122"),
-             (1, "parse_lang_string", "SET venue_name eng:Example venue"),
-             (1, "parse_3gpp_cell_net",
-              "SET anqp_3gpp_cell_net 244,91;310,026;234,56"),
-             (1, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"),
-             (2, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"),
-             (1, "parse_anqp_elem", "SET anqp_elem 265:0000"),
-             (2, "parse_anqp_elem", "SET anqp_elem 266:000000"),
-             (1, "parse_venue_url", "SET venue_url 1:http://example.com/"),
-             (1, "hs20_parse_operator_icon", "SET operator_icon icon"),
-             (2, "hs20_parse_operator_icon", "SET operator_icon icon"),
-             (1, "hs20_parse_conn_capab", "SET hs20_conn_capab 1:0:2"),
-             (1, "hs20_parse_wan_metrics",
-              "SET hs20_wan_metrics 01:8000:1000:80:240:3000"),
-             (1, "hs20_parse_icon",
-              "SET hs20_icon 32:32:eng:image/png:icon32:/tmp/icon32.png"),
-             (1, "hs20_parse_osu_server_uri",
-              "SET osu_server_uri https://example.com/osu/"),
-             (1, "hostapd_config_parse_acs_chan_bias",
-              "SET acs_chan_bias 1:0.8 6:0.8 11:0.8"),
-             (2, "hostapd_config_parse_acs_chan_bias",
-              "SET acs_chan_bias 1:0.8 6:0.8 11:0.8"),
-             (1, "parse_wpabuf_hex", "SET vendor_elements 01020304"),
-             (1, "parse_fils_realm", "SET fils_realm example.com"),
-             (1, "parse_sae_password", "SET sae_password secret"),
-             (2, "parse_sae_password", "SET sae_password secret"),
-             (2, "parse_sae_password", "SET sae_password secret|id=pw"),
-             (3, "parse_sae_password", "SET sae_password secret|id=pw"),
-             (1, "hostapd_dpp_controller_parse", "SET dpp_controller ipaddr=127.0.0.1 pkhash=" + 32*"11"),
-             (1, "hostapd_config_fill", "SET check_cert_subject foo"),
-             (1, "hostapd_config_fill", "SET multi_ap_backhaul_wpa_psk " + 64*"00"),
-             (1, "hostapd_parse_intlist;hostapd_config_fill",
-              "SET owe_groups 19"),
-             (1, "hostapd_config_fill",
-              "SET pac_opaque_encr_key 000102030405060708090a0b0c0d0e0f"),
-             (1, "hostapd_config_fill", "SET eap_message hello"),
-             (1, "hostapd_config_fill",
-              "SET wpa_psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"),
-             (1, "hostapd_config_fill", "SET time_zone EST5"),
-             (1, "hostapd_config_fill",
-              "SET network_auth_type 02http://www.example.com/redirect/"),
-             (1, "hostapd_config_fill", "SET domain_name example.com"),
-             (1, "hostapd_config_fill", "SET hs20_operating_class 5173"),
-             (1, "hostapd_config_fill", "SET own_ie_override 11223344"),
-             (1, "hostapd_parse_intlist", "SET sae_groups 19 25"),
-             (1, "hostapd_parse_intlist", "SET basic_rates 10 20 55 110"),
-             (1, "hostapd_parse_intlist", "SET supported_rates 10 20 55 110")]
-    if "WEP40" in dev[0].get_capability("group"):
-        tests += [(1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""),
-                  (1, "hostapd_config_read_wep", "SET wep_key0 0102030405")]
-    for count, func, cmd in tests:
-        with alloc_fail(hapd, count, func):
-            if "FAIL" not in hapd.request(cmd):
-                raise Exception("Command accepted during OOM: " + cmd)
-
-    hapd.set("hs20_icon", "32:32:eng:image/png:icon32:/tmp/icon32.png")
-    hapd.set("hs20_conn_capab", "1:0:2")
-    hapd.set("nai_realm", "0,example.com;example.net")
-    hapd.set("venue_name", "eng:Example venue")
-    hapd.set("roaming_consortium", "021122")
-    hapd.set("osu_server_uri", "https://example.com/osu/")
-    hapd.set("vendor_elements", "01020304")
-    hapd.set("vendor_elements", "01020304")
-    hapd.set("vendor_elements", "")
-    hapd.set("lci", "11223344")
-    hapd.set("civic", "11223344")
-    hapd.set("lci", "")
-    hapd.set("civic", "")
-
-    tests = [(1, "hs20_parse_icon",
-              "SET hs20_icon 32:32:eng:image/png:icon32:/tmp/icon32.png"),
-             (1, "parse_roaming_consortium", "SET roaming_consortium 021122"),
-             (2, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"),
-             (1, "parse_lang_string", "SET venue_name eng:Example venue"),
-             (1, "hs20_parse_osu_server_uri",
-              "SET osu_server_uri https://example.com/osu/"),
-             (1, "hs20_parse_osu_nai", "SET osu_nai anonymous@example.com"),
-             (1, "hs20_parse_osu_nai2", "SET osu_nai2 anonymous@example.com"),
-             (1, "hostapd_parse_intlist", "SET osu_method_list 1 0"),
-             (1, "hs20_parse_osu_icon", "SET osu_icon icon32"),
-             (2, "hs20_parse_osu_icon", "SET osu_icon icon32"),
-             (2, "hs20_parse_osu_icon", "SET osu_icon icon32"),
-             (1, "hs20_parse_conn_capab", "SET hs20_conn_capab 1:0:2")]
-    for count, func, cmd in tests:
-        with alloc_fail(hapd, count, func):
-            if "FAIL" not in hapd.request(cmd):
-                raise Exception("Command accepted during OOM (2): " + cmd)
-
-    tests = [(1, "parse_fils_realm", "SET fils_realm example.com")]
-    for count, func, cmd in tests:
-        with fail_test(hapd, count, func):
-            if "FAIL" not in hapd.request(cmd):
-                raise Exception("Command accepted during FAIL_TEST: " + cmd)
-
-def test_ap_config_set_errors(dev, apdev):
-    """hostapd configuration parsing errors"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"})
-    if "WEP40" in dev[0].get_capability("group"):
-        hapd.set("wep_key0", '"hello"')
-        hapd.set("wep_key1", '"hello"')
-        hapd.set("wep_key0", '')
-        hapd.set("wep_key0", '"hello"')
-        if "FAIL" not in hapd.request("SET wep_key1 \"hello\""):
-            raise Exception("SET wep_key1 allowed to override existing key")
-        hapd.set("wep_key1", '')
-        hapd.set("wep_key1", '"hello"')
-
-    hapd.set("auth_server_addr", "127.0.0.1")
-    hapd.set("acct_server_addr", "127.0.0.1")
-
-    hapd.set("fst_group_id", "hello")
-    if "FAIL" not in hapd.request("SET fst_group_id hello2"):
-        raise Exception("Duplicate fst_group_id accepted")
-
-    tests = ["SET eap_reauth_period -1",
-             "SET fst_llt ",
-             "SET auth_server_addr_replace foo",
-             "SET acct_server_addr_replace foo"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-
-    # Deprecated entries
-    hapd.set("tx_queue_after_beacon_aifs", '2')
-    hapd.set("tx_queue_beacon_aifs", '2')
-    hapd.set("tx_queue_data9_aifs", '2')
-    hapd.set("debug", '1')
-    hapd.set("dump_file", '/tmp/hostapd-test-dump')
-    hapd.set("eap_authenticator", '0')
-    hapd.set("radio_measurements", '0')
-    hapd.set("radio_measurements", '1')
-    hapd.set("peerkey", "0")
-
-    # Various extra coverage (not really errors)
-    hapd.set("logger_syslog_level", '1')
-    hapd.set("logger_syslog", '0')
-    hapd.set("ctrl_interface_group", '4')
-    hapd.set("tls_flags", "[ALLOW-SIGN-RSA-MD5][DISABLE-TIME-CHECKS][DISABLE-TLSv1.0]")
-
-    for i in range(50000):
-        if "OK" not in hapd.request("SET hs20_conn_capab 17:5060:0"):
-            logger.info("hs20_conn_capab limit at %d" % i)
-            break
-    if i < 1000 or i >= 49999:
-        raise Exception("hs20_conn_capab limit not seen")
diff --git a/tests/hwsim/test_ap_csa.py b/tests/hwsim/test_ap_csa.py
deleted file mode 100644
index 744d1e1f23ef..000000000000
--- a/tests/hwsim/test_ap_csa.py
+++ /dev/null
@@ -1,189 +0,0 @@
-# AP CSA tests
-# Copyright (c) 2013, Luciano Coelho <luciano.coelho@intel.com>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-import hostapd
-from utils import *
-
-def connect(dev, apdev, scan_freq="2412", **kwargs):
-    params = {"ssid": "ap-csa",
-              "channel": "1"}
-    params.update(kwargs)
-    ap = hostapd.add_ap(apdev[0], params)
-    dev.connect("ap-csa", key_mgmt="NONE", scan_freq=scan_freq)
-    return ap
-
-def switch_channel(ap, count, freq):
-    ap.request("CHAN_SWITCH " + str(count) + " " + str(freq))
-
-    ev = ap.wait_event(["CTRL-EVENT-STARTED-CHANNEL-SWITCH"], timeout=10)
-    if ev is None:
-        raise Exception("Channel switch start event not seen")
-    if "freq=" + str(freq) not in ev:
-        raise Exception("Unexpected channel in CS started event")
-
-    ev = ap.wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=10)
-    if ev is None:
-        raise Exception("Channel switch completed event not seen")
-    if "freq=" + str(freq) not in ev:
-        raise Exception("Unexpected channel in CS completed event")
-
-    ev = ap.wait_event(["AP-CSA-FINISHED"], timeout=10)
-    if ev is None:
-        raise Exception("CSA finished event timed out")
-    if "freq=" + str(freq) not in ev:
-        raise Exception("Unexpected channel in CSA finished event")
-
-def wait_channel_switch(dev, freq):
-    ev = dev.wait_event(["CTRL-EVENT-STARTED-CHANNEL-SWITCH"], timeout=5)
-    if ev is None:
-        raise Exception("Channel switch start not reported")
-    if "freq=%d" % freq not in ev:
-        raise Exception("Unexpected frequency in channel switch started: " + ev)
-
-    ev = dev.wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=5)
-    if ev is None:
-        raise Exception("Channel switch not reported")
-    if "freq=%d" % freq not in ev:
-        raise Exception("Unexpected frequency: " + ev)
-
-@remote_compatible
-def test_ap_csa_1_switch(dev, apdev):
-    """AP Channel Switch, one switch"""
-    csa_supported(dev[0])
-    freq = int(dev[0].get_driver_status_field("freq"))
-    if freq != 0:
-        raise Exception("Unexpected driver freq=%d in beginning" % freq)
-    ap = connect(dev[0], apdev)
-    freq = int(dev[0].get_driver_status_field("freq"))
-    if freq != 2412:
-        raise Exception("Unexpected driver freq=%d after association" % freq)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 10, 2462)
-    wait_channel_switch(dev[0], 2462)
-    hwsim_utils.test_connectivity(dev[0], ap)
-    freq = int(dev[0].get_driver_status_field("freq"))
-    if freq != 2462:
-        raise Exception("Unexpected driver freq=%d after channel switch" % freq)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    freq = int(dev[0].get_driver_status_field("freq"))
-    if freq != 0:
-        raise Exception("Unexpected driver freq=%d after disconnection" % freq)
-
-@remote_compatible
-def test_ap_csa_2_switches(dev, apdev):
-    """AP Channel Switch, two switches"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 10, 2462)
-    wait_channel_switch(dev[0], 2462)
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 10, 2412)
-    wait_channel_switch(dev[0], 2412)
-    hwsim_utils.test_connectivity(dev[0], ap)
-
-@remote_compatible
-def test_ap_csa_1_switch_count_0(dev, apdev):
-    """AP Channel Switch, one switch with count 0"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 0, 2462)
-    # this does not result in CSA currently, so do not bother checking
-    # connectivity
-
-@remote_compatible
-def test_ap_csa_2_switches_count_0(dev, apdev):
-    """AP Channel Switch, two switches with count 0"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 0, 2462)
-    # this does not result in CSA currently, so do not bother checking
-    # connectivity
-    switch_channel(ap, 0, 2412)
-    # this does not result in CSA currently, so do not bother checking
-    # connectivity
-
-@remote_compatible
-def test_ap_csa_1_switch_count_1(dev, apdev):
-    """AP Channel Switch, one switch with count 1"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 1, 2462)
-    # this does not result in CSA currently, so do not bother checking
-    # connectivity
-
-@remote_compatible
-def test_ap_csa_2_switches_count_1(dev, apdev):
-    """AP Channel Switch, two switches with count 1"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 1, 2462)
-    # this does not result in CSA currently, so do not bother checking
-    # connectivity
-    switch_channel(ap, 1, 2412)
-    # this does not result in CSA currently, so do not bother checking
-    # connectivity
-
-@remote_compatible
-def test_ap_csa_1_switch_count_2(dev, apdev):
-    """AP Channel Switch, one switch with count 2"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 2, 2462)
-    wait_channel_switch(dev[0], 2462)
-    hwsim_utils.test_connectivity(dev[0], ap)
-
-@remote_compatible
-def test_ap_csa_ecsa_only(dev, apdev):
-    """AP Channel Switch, one switch with only ECSA IE"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev, ecsa_ie_only="1")
-
-    hwsim_utils.test_connectivity(dev[0], ap)
-    switch_channel(ap, 10, 2462)
-    wait_channel_switch(dev[0], 2462)
-    hwsim_utils.test_connectivity(dev[0], ap)
-
-@remote_compatible
-def test_ap_csa_invalid(dev, apdev):
-    """AP Channel Switch - invalid channel"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev)
-
-    vals = [2461, 4900, 4901, 5181, 5746, 5699, 5895, 5899]
-    for val in vals:
-        if "FAIL" not in ap.request("CHAN_SWITCH 1 %d" % val):
-            raise Exception("Invalid channel accepted: %d" % val)
-
-def test_ap_csa_disable(dev, apdev):
-    """AP Channel Switch and DISABLE command before completion"""
-    csa_supported(dev[0])
-    ap = connect(dev[0], apdev, scan_freq="2412 2462")
-    if "OK" not in ap.request("CHAN_SWITCH 10 2462"):
-        raise Exception("CHAN_SWITCH failed")
-    ap.disable()
-    ap.enable()
-    dev[0].wait_disconnected()
-    dev[0].wait_connected()
diff --git a/tests/hwsim/test_ap_dynamic.py b/tests/hwsim/test_ap_dynamic.py
deleted file mode 100644
index ad29eb71eb76..000000000000
--- a/tests/hwsim/test_ap_dynamic.py
+++ /dev/null
@@ -1,586 +0,0 @@
-# Test cases for dynamic BSS changes with hostapd
-# Copyright (c) 2013, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import subprocess
-import logging
-logger = logging.getLogger()
-import os
-
-import hwsim_utils
-import hostapd
-from utils import *
-from test_ap_acs import force_prev_ap_on_24g
-
-@remote_compatible
-def test_ap_change_ssid(dev, apdev):
-    """Dynamic SSID change with hostapd and WPA2-PSK"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk-start",
-                                 passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect("test-wpa2-psk-start", psk="12345678",
-                        scan_freq="2412")
-    dev[0].request("DISCONNECT")
-
-    logger.info("Change SSID dynamically")
-    res = hapd.request("SET ssid test-wpa2-psk-new")
-    if "OK" not in res:
-        raise Exception("SET command failed")
-    res = hapd.request("RELOAD")
-    if "OK" not in res:
-        raise Exception("RELOAD command failed")
-
-    dev[0].set_network_quoted(id, "ssid", "test-wpa2-psk-new")
-    dev[0].connect_network(id)
-
-def test_ap_change_ssid_wps(dev, apdev):
-    """Dynamic SSID change with hostapd and WPA2-PSK using WPS"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk-start",
-                                 passphrase="12345678")
-    # Use a PSK and not the passphrase, because the PSK will have to be computed
-    # again if we use a passphrase.
-    del params["wpa_passphrase"]
-    params["wpa_psk"] = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
-
-    params.update({"wps_state": "2", "eap_server": "1"})
-    bssid = apdev[0]['bssid']
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    new_ssid = "test-wpa2-psk-new"
-    logger.info("Change SSID dynamically (WPS)")
-    res = hapd.request("SET ssid " + new_ssid)
-    if "OK" not in res:
-        raise Exception("SET command failed")
-    res = hapd.request("RELOAD")
-    if "OK" not in res:
-        raise Exception("RELOAD command failed")
-
-    # Connect to the new ssid using wps:
-    hapd.request("WPS_PBC")
-    if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].request("WPS_PBC")
-    dev[0].wait_connected(timeout=20)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != bssid:
-        raise Exception("Not fully connected")
-    if status['ssid'] != new_ssid:
-        raise Exception("Unexpected SSID %s != %s" % (status['ssid'], new_ssid))
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_reload_invalid(dev, apdev):
-    """hostapd RELOAD with invalid configuration"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk-start",
-                                 passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    # Enable IEEE 802.11d without specifying country code
-    hapd.set("ieee80211d", "1")
-    if "FAIL" not in hapd.request("RELOAD"):
-        raise Exception("RELOAD command succeeded")
-    dev[0].connect("test-wpa2-psk-start", psk="12345678", scan_freq="2412")
-
-def multi_check(apdev, dev, check, scan_opt=True):
-    id = []
-    num_bss = len(check)
-    for i in range(0, num_bss):
-        dev[i].request("BSS_FLUSH 0")
-        dev[i].dump_monitor()
-    for i in range(0, num_bss):
-        if check[i]:
-            continue
-        id.append(dev[i].connect("bss-" + str(i + 1), key_mgmt="NONE",
-                                 scan_freq="2412", wait_connect=False))
-    for i in range(num_bss):
-        if not check[i]:
-            continue
-        bssid = hostapd.bssid_inc(apdev, i)
-        if scan_opt:
-            dev[i].scan_for_bss(bssid, freq=2412)
-        id.append(dev[i].connect("bss-" + str(i + 1), key_mgmt="NONE",
-                                 scan_freq="2412", wait_connect=True))
-    first = True
-    for i in range(num_bss):
-        if not check[i]:
-            timeout = 0.2 if first else 0.01
-            first = False
-            ev = dev[i].wait_event(["CTRL-EVENT-CONNECTED"], timeout=timeout)
-            if ev:
-                raise Exception("Unexpected connection")
-
-    for i in range(0, num_bss):
-        dev[i].remove_network(id[i])
-    for i in range(num_bss):
-        if check[i]:
-            dev[i].wait_disconnected(timeout=5)
-
-    res = ''
-    for i in range(0, num_bss):
-        res = res + dev[i].request("BSS RANGE=ALL MASK=0x2")
-
-    for i in range(0, num_bss):
-        if not check[i]:
-            bssid = '02:00:00:00:03:0' + str(i)
-            if bssid in res:
-                raise Exception("Unexpected BSS" + str(i) + " in scan results")
-
-def test_ap_bss_add_remove(dev, apdev):
-    """Dynamic BSS add/remove operations with hostapd"""
-    try:
-        _test_ap_bss_add_remove(dev, apdev)
-    finally:
-        for i in range(3):
-            dev[i].request("SCAN_INTERVAL 5")
-
-def _test_ap_bss_add_remove(dev, apdev):
-    for i in range(3):
-        dev[i].flush_scan_cache()
-        dev[i].request("SCAN_INTERVAL 1")
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    ifname3 = apdev[0]['ifname'] + '-3'
-    logger.info("Set up three BSSes one by one")
-    hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
-    multi_check(apdev[0], dev, [True, False, False])
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    multi_check(apdev[0], dev, [True, True, False])
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-    multi_check(apdev[0], dev, [True, True, True])
-
-    logger.info("Remove the last BSS and re-add it")
-    hostapd.remove_bss(apdev[0], ifname3)
-    multi_check(apdev[0], dev, [True, True, False])
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-    multi_check(apdev[0], dev, [True, True, True])
-
-    logger.info("Remove the middle BSS and re-add it")
-    hostapd.remove_bss(apdev[0], ifname2)
-    multi_check(apdev[0], dev, [True, False, True])
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    multi_check(apdev[0], dev, [True, True, True])
-
-    logger.info("Remove the first BSS and re-add it and other BSSs")
-    hostapd.remove_bss(apdev[0], ifname1)
-    multi_check(apdev[0], dev, [False, False, False])
-    hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-    multi_check(apdev[0], dev, [True, True, True])
-
-    logger.info("Remove two BSSes and re-add them")
-    hostapd.remove_bss(apdev[0], ifname2)
-    multi_check(apdev[0], dev, [True, False, True])
-    hostapd.remove_bss(apdev[0], ifname3)
-    multi_check(apdev[0], dev, [True, False, False])
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    multi_check(apdev[0], dev, [True, True, False])
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-    multi_check(apdev[0], dev, [True, True, True])
-
-    logger.info("Remove three BSSes in and re-add them")
-    hostapd.remove_bss(apdev[0], ifname3)
-    multi_check(apdev[0], dev, [True, True, False])
-    hostapd.remove_bss(apdev[0], ifname2)
-    multi_check(apdev[0], dev, [True, False, False])
-    hostapd.remove_bss(apdev[0], ifname1)
-    multi_check(apdev[0], dev, [False, False, False])
-    hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
-    multi_check(apdev[0], dev, [True, False, False])
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    multi_check(apdev[0], dev, [True, True, False])
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-    multi_check(apdev[0], dev, [True, True, True])
-
-    logger.info("Test error handling if a duplicate ifname is tried")
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf', ignore_error=True)
-    multi_check(apdev[0], dev, [True, True, True])
-
-def test_ap_bss_add_remove_during_ht_scan(dev, apdev):
-    """Dynamic BSS add during HT40 co-ex scan"""
-    for i in range(3):
-        dev[i].flush_scan_cache()
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    confname1 = hostapd.cfg_file(apdev[0], "bss-ht40-1.conf")
-    confname2 = hostapd.cfg_file(apdev[0], "bss-ht40-2.conf")
-    hapd_global = hostapd.HostapdGlobal(apdev)
-    hapd_global.send_file(confname1, confname1)
-    hapd_global.send_file(confname2, confname2)
-    hostapd.add_bss(apdev[0], ifname1, confname1)
-    hostapd.add_bss(apdev[0], ifname2, confname2)
-    multi_check(apdev[0], dev, [True, True], scan_opt=False)
-    hostapd.remove_bss(apdev[0], ifname2)
-    hostapd.remove_bss(apdev[0], ifname1)
-
-    hostapd.add_bss(apdev[0], ifname1, confname1)
-    hostapd.add_bss(apdev[0], ifname2, confname2)
-    hostapd.remove_bss(apdev[0], ifname2)
-    multi_check(apdev[0], dev, [True, False], scan_opt=False)
-    hostapd.remove_bss(apdev[0], ifname1)
-
-    hostapd.add_bss(apdev[0], ifname1, confname1)
-    hostapd.add_bss(apdev[0], ifname2, confname2)
-    hostapd.remove_bss(apdev[0], ifname1)
-    multi_check(apdev[0], dev, [False, False])
-
-def test_ap_multi_bss_config(dev, apdev):
-    """hostapd start with a multi-BSS configuration file"""
-    for i in range(3):
-        dev[i].flush_scan_cache()
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    ifname3 = apdev[0]['ifname'] + '-3'
-    logger.info("Set up three BSSes with one configuration file")
-    hapd = hostapd.add_iface(apdev[0], 'multi-bss.conf')
-    hapd.enable()
-    multi_check(apdev[0], dev, [True, True, True])
-    hostapd.remove_bss(apdev[0], ifname2)
-    multi_check(apdev[0], dev, [True, False, True])
-    hostapd.remove_bss(apdev[0], ifname3)
-    multi_check(apdev[0], dev, [True, False, False])
-    hostapd.remove_bss(apdev[0], ifname1)
-    multi_check(apdev[0], dev, [False, False, False])
-
-    hapd = hostapd.add_iface(apdev[0], 'multi-bss.conf')
-    hapd.enable()
-    hostapd.remove_bss(apdev[0], ifname1)
-    multi_check(apdev[0], dev, [False, False, False])
-
-def invalid_ap(ap):
-    logger.info("Trying to start AP " + ap['ifname'] + " with invalid configuration")
-    hapd = hostapd.add_ap(ap, {}, no_enable=True)
-    hapd.set("ssid", "invalid-config")
-    hapd.set("channel", "12345")
-    try:
-        hapd.enable()
-        started = True
-    except Exception as e:
-        started = False
-    if started:
-        raise Exception("ENABLE command succeeded unexpectedly")
-    return hapd
-
-@remote_compatible
-def test_ap_invalid_config(dev, apdev):
-    """Try to start AP with invalid configuration and fix configuration"""
-    hapd = invalid_ap(apdev[0])
-
-    logger.info("Fix configuration and start AP again")
-    hapd.set("channel", "1")
-    hapd.enable()
-    dev[0].connect("invalid-config", key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ap_invalid_config2(dev, apdev):
-    """Try to start AP with invalid configuration and remove interface"""
-    hapd = invalid_ap(apdev[0])
-    logger.info("Remove interface with failed configuration")
-    hostapd.remove_bss(apdev[0])
-
-def test_ap_remove_during_acs(dev, apdev):
-    """Remove interface during ACS"""
-    force_prev_ap_on_24g(apdev[0])
-    params = hostapd.wpa2_params(ssid="test-acs-remove", passphrase="12345678")
-    params['channel'] = '0'
-    hostapd.add_ap(apdev[0], params)
-    hostapd.remove_bss(apdev[0])
-
-def test_ap_remove_during_acs2(dev, apdev):
-    """Remove BSS during ACS in multi-BSS configuration"""
-    force_prev_ap_on_24g(apdev[0])
-    ifname = apdev[0]['ifname']
-    ifname2 = ifname + "-2"
-    hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
-    hapd.set("ssid", "test-acs-remove")
-    hapd.set("channel", "0")
-    hapd.set("bss", ifname2)
-    hapd.set("ssid", "test-acs-remove2")
-    hapd.enable()
-    hostapd.remove_bss(apdev[0])
-
-def test_ap_remove_during_acs3(dev, apdev):
-    """Remove second BSS during ACS in multi-BSS configuration"""
-    force_prev_ap_on_24g(apdev[0])
-    ifname = apdev[0]['ifname']
-    ifname2 = ifname + "-2"
-    hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
-    hapd.set("ssid", "test-acs-remove")
-    hapd.set("channel", "0")
-    hapd.set("bss", ifname2)
-    hapd.set("ssid", "test-acs-remove2")
-    hapd.enable()
-    hostapd.remove_bss(apdev[0], ifname2)
-
-@remote_compatible
-def test_ap_remove_during_ht_coex_scan(dev, apdev):
-    """Remove interface during HT co-ex scan"""
-    params = hostapd.wpa2_params(ssid="test-ht-remove", passphrase="12345678")
-    params['channel'] = '1'
-    params['ht_capab'] = "[HT40+]"
-    ifname = apdev[0]['ifname']
-    hostapd.add_ap(apdev[0], params)
-    hostapd.remove_bss(apdev[0])
-
-def test_ap_remove_during_ht_coex_scan2(dev, apdev):
-    """Remove BSS during HT co-ex scan in multi-BSS configuration"""
-    ifname = apdev[0]['ifname']
-    ifname2 = ifname + "-2"
-    hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
-    hapd.set("ssid", "test-ht-remove")
-    hapd.set("channel", "1")
-    hapd.set("ht_capab", "[HT40+]")
-    hapd.set("bss", ifname2)
-    hapd.set("ssid", "test-ht-remove2")
-    hapd.enable()
-    hostapd.remove_bss(apdev[0])
-
-def test_ap_remove_during_ht_coex_scan3(dev, apdev):
-    """Remove second BSS during HT co-ex scan in multi-BSS configuration"""
-    ifname = apdev[0]['ifname']
-    ifname2 = ifname + "-2"
-    hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
-    hapd.set("ssid", "test-ht-remove")
-    hapd.set("channel", "1")
-    hapd.set("ht_capab", "[HT40+]")
-    hapd.set("bss", ifname2)
-    hapd.set("ssid", "test-ht-remove2")
-    hapd.enable()
-    hostapd.remove_bss(apdev[0], ifname2)
-
-@remote_compatible
-def test_ap_enable_disable_reenable(dev, apdev):
-    """Enable, disable, re-enable AP"""
-    hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
-    hapd.set("ssid", "dynamic")
-    hapd.enable()
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=30)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    dev[0].connect("dynamic", key_mgmt="NONE", scan_freq="2412")
-    hapd.disable()
-    ev = hapd.wait_event(["AP-DISABLED"], timeout=30)
-    if ev is None:
-        raise Exception("AP disabling timed out")
-    dev[0].wait_disconnected(timeout=10)
-    hapd.enable()
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=30)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    dev[1].connect("dynamic", key_mgmt="NONE", scan_freq="2412")
-    dev[0].wait_connected(timeout=10)
-
-def test_ap_double_disable(dev, apdev):
-    """Double DISABLE regression test"""
-    hapd = hostapd.add_bss(apdev[0], apdev[0]['ifname'], 'bss-1.conf')
-    hostapd.add_bss(apdev[0], apdev[0]['ifname'] + '-2', 'bss-2.conf')
-    hapd.disable()
-    if "FAIL" not in hapd.request("DISABLE"):
-        raise Exception("Second DISABLE accepted unexpectedly")
-    hapd.enable()
-    hapd.disable()
-    if "FAIL" not in hapd.request("DISABLE"):
-        raise Exception("Second DISABLE accepted unexpectedly")
-
-def test_ap_bss_add_many(dev, apdev):
-    """Large number of BSS add operations with hostapd"""
-    try:
-        _test_ap_bss_add_many(dev, apdev)
-    finally:
-        dev[0].request("SCAN_INTERVAL 5")
-        ifname = apdev[0]['ifname']
-        hapd = hostapd.HostapdGlobal(apdev[0])
-        hapd.flush()
-        for i in range(16):
-            ifname2 = ifname + '-' + str(i)
-            hapd.remove(ifname2)
-        try:
-            os.remove('/tmp/hwsim-bss.conf')
-        except:
-            pass
-
-def _test_ap_bss_add_many(dev, apdev):
-    ifname = apdev[0]['ifname']
-    hostapd.add_bss(apdev[0], ifname, 'bss-1.conf')
-    fname = '/tmp/hwsim-bss.conf'
-    for i in range(16):
-        ifname2 = ifname + '-' + str(i)
-        with open(fname, 'w') as f:
-            f.write("driver=nl80211\n")
-            f.write("hw_mode=g\n")
-            f.write("channel=1\n")
-            f.write("ieee80211n=1\n")
-            f.write("interface=%s\n" % ifname2)
-            f.write("bssid=02:00:00:00:03:%02x\n" % (i + 1))
-            f.write("ctrl_interface=/var/run/hostapd\n")
-            f.write("ssid=test-%d\n" % i)
-        hostapd.add_bss(apdev[0], ifname2, fname)
-        os.remove(fname)
-
-    dev[0].request("SCAN_INTERVAL 1")
-    dev[0].connect("bss-1", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=5)
-    for i in range(16):
-        dev[0].connect("test-%d" % i, key_mgmt="NONE", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=5)
-        ifname2 = ifname + '-' + str(i)
-        hostapd.remove_bss(apdev[0], ifname2)
-
-def test_ap_bss_add_reuse_existing(dev, apdev):
-    """Dynamic BSS add operation reusing existing interface"""
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
-    subprocess.check_call(["iw", "dev", ifname1, "interface", "add", ifname2,
-                           "type", "__ap"])
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    hostapd.remove_bss(apdev[0], ifname2)
-    subprocess.check_call(["iw", "dev", ifname2, "del"])
-
-def hapd_bss_out_of_mem(hapd, phy, confname, count, func):
-    with alloc_fail(hapd, count, func):
-        hapd_global = hostapd.HostapdGlobal()
-        res = hapd_global.ctrl.request("ADD bss_config=" + phy + ":" + confname)
-        if "OK" in res:
-            raise Exception("add_bss succeeded")
-
-def test_ap_bss_add_out_of_memory(dev, apdev):
-    """Running out of memory while adding a BSS"""
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "open"})
-
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-
-    confname1 = hostapd.cfg_file(apdev[0], "bss-1.conf")
-    confname2 = hostapd.cfg_file(apdev[0], "bss-2.conf")
-    hapd_bss_out_of_mem(hapd2, 'phy3', confname1, 1, 'hostapd_add_iface')
-    for i in range(1, 3):
-        hapd_bss_out_of_mem(hapd2, 'phy3', confname1,
-                            i, 'hostapd_interface_init_bss')
-    hapd_bss_out_of_mem(hapd2, 'phy3', confname1,
-                        1, 'ieee802_11_build_ap_params')
-
-    hostapd.add_bss(apdev[0], ifname1, confname1)
-
-    hapd_bss_out_of_mem(hapd2, 'phy3', confname2,
-                        1, 'hostapd_interface_init_bss')
-    hapd_bss_out_of_mem(hapd2, 'phy3', confname2,
-                        1, 'ieee802_11_build_ap_params')
-
-    hostapd.add_bss(apdev[0], ifname2, confname2)
-    hostapd.remove_bss(apdev[0], ifname2)
-    hostapd.remove_bss(apdev[0], ifname1)
-
-def test_ap_multi_bss(dev, apdev):
-    """Multiple BSSes with hostapd"""
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    hapd1 = hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
-    hapd2 = hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    dev[0].connect("bss-1", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("bss-2", key_mgmt="NONE", scan_freq="2412")
-
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-    hwsim_utils.test_connectivity(dev[1], hapd2)
-
-    sta0 = hapd1.get_sta(dev[0].own_addr())
-    sta1 = hapd2.get_sta(dev[1].own_addr())
-    if 'rx_packets' not in sta0 or int(sta0['rx_packets']) < 1:
-        raise Exception("sta0 did not report receiving packets")
-    if 'rx_packets' not in sta1 or int(sta1['rx_packets']) < 1:
-        raise Exception("sta1 did not report receiving packets")
-
-@remote_compatible
-def test_ap_add_with_driver(dev, apdev):
-    """Add hostapd interface with driver specified"""
-    ifname = apdev[0]['ifname']
-    try:
-       hostname = apdev[0]['hostname']
-    except:
-       hostname = None
-    hapd_global = hostapd.HostapdGlobal(apdev[0])
-    hapd_global.add(ifname, driver="nl80211")
-    port = hapd_global.get_ctrl_iface_port(ifname)
-    hapd = hostapd.Hostapd(ifname, hostname, port)
-    hapd.set_defaults()
-    hapd.set("ssid", "dynamic")
-    hapd.enable()
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=30)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    dev[0].connect("dynamic", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-
-def test_ap_duplicate_bssid(dev, apdev):
-    """Duplicate BSSID"""
-    params = {"ssid": "test"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    hapd.enable()
-    ifname2 = apdev[0]['ifname'] + '-2'
-    ifname3 = apdev[0]['ifname'] + '-3'
-    # "BSS 'wlan3-2' may not have BSSID set to the MAC address of the radio"
-    try:
-        hostapd.add_bss(apdev[0], ifname2, 'bss-2-dup.conf')
-        raise Exception("BSS add succeeded unexpectedly")
-    except Exception as e:
-        if "Could not add hostapd BSS" in str(e):
-            pass
-        else:
-            raise
-
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.set("bssid", "02:00:00:00:03:02")
-    hapd.disable()
-    # "Duplicate BSSID 02:00:00:00:03:02 on interface 'wlan3-3' and 'wlan3'."
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("ENABLE with duplicate BSSID succeeded unexpectedly")
-
-def test_ap_bss_config_file(dev, apdev, params):
-    """hostapd BSS config file"""
-    pidfile = params['prefix'] + ".hostapd.pid"
-    logfile = params['prefix'] + ".hostapd-log"
-    prg = os.path.join(params['logdir'], 'alt-hostapd/hostapd/hostapd')
-    if not os.path.exists(prg):
-        prg = '../../hostapd/hostapd'
-    phy = get_phy(apdev[0])
-    confname1 = hostapd.cfg_file(apdev[0], "bss-1.conf")
-    confname2 = hostapd.cfg_file(apdev[0], "bss-2.conf")
-    confname3 = hostapd.cfg_file(apdev[0], "bss-3.conf")
-
-    cmd = [prg, '-B', '-dddt', '-P', pidfile, '-f', logfile, '-S', '-T',
-           '-b', phy + ':' + confname1, '-b', phy + ':' + confname2,
-           '-b', phy + ':' + confname3]
-    res = subprocess.check_call(cmd)
-    if res != 0:
-        raise Exception("Could not start hostapd: %s" % str(res))
-    multi_check(apdev[0], dev, [True, True, True])
-    for i in range(0, 3):
-        dev[i].request("DISCONNECT")
-
-    hapd = hostapd.Hostapd(apdev[0]['ifname'])
-    hapd.ping()
-    if "OK" not in hapd.request("TERMINATE"):
-        raise Exception("Failed to terminate hostapd process")
-    ev = hapd.wait_event(["CTRL-EVENT-TERMINATING"], timeout=15)
-    if ev is None:
-        raise Exception("CTRL-EVENT-TERMINATING not seen")
-    for i in range(30):
-        time.sleep(0.1)
-        if not os.path.exists(pidfile):
-            break
-    if os.path.exists(pidfile):
-        raise Exception("PID file exits after process termination")
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
deleted file mode 100644
index 269500a93a69..000000000000
--- a/tests/hwsim/test_ap_eap.py
+++ /dev/null
@@ -1,7516 +0,0 @@
-# -*- coding: utf-8 -*-
-# WPA2-Enterprise tests
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import base64
-import binascii
-import time
-import subprocess
-import logging
-logger = logging.getLogger()
-import os
-import signal
-import socket
-try:
-    import SocketServer
-except ImportError:
-    import socketserver as SocketServer
-import struct
-import tempfile
-
-import hwsim_utils
-from hwsim import HWSimRadio
-import hostapd
-from utils import *
-from wpasupplicant import WpaSupplicant
-from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations, set_test_assoc_ie
-
-try:
-    import OpenSSL
-    openssl_imported = True
-except ImportError:
-    openssl_imported = False
-
-def check_hlr_auc_gw_support():
-    if not os.path.exists("/tmp/hlr_auc_gw.sock"):
-        raise HwsimSkip("No hlr_auc_gw available")
-
-def check_eap_capa(dev, method):
-    res = dev.get_capability("eap")
-    if method not in res:
-        raise HwsimSkip("EAP method %s not supported in the build" % method)
-
-def check_subject_match_support(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
-        raise HwsimSkip("subject_match not supported with this TLS library: " + tls)
-
-def check_check_cert_subject_support(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("check_cert_subject not supported with this TLS library: " + tls)
-
-def check_altsubject_match_support(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
-        raise HwsimSkip("altsubject_match not supported with this TLS library: " + tls)
-
-def check_domain_match(dev):
-    tls = dev.request("GET tls_library")
-    if tls.startswith("internal"):
-        raise HwsimSkip("domain_match not supported with this TLS library: " + tls)
-
-def check_domain_suffix_match(dev):
-    tls = dev.request("GET tls_library")
-    if tls.startswith("internal"):
-        raise HwsimSkip("domain_suffix_match not supported with this TLS library: " + tls)
-
-def check_domain_match_full(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
-        raise HwsimSkip("domain_suffix_match requires full match with this TLS library: " + tls)
-
-def check_cert_probe_support(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("internal"):
-        raise HwsimSkip("Certificate probing not supported with this TLS library: " + tls)
-
-def check_ext_cert_check_support(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("ext_cert_check not supported with this TLS library: " + tls)
-
-def check_ocsp_support(dev):
-    tls = dev.request("GET tls_library")
-    #if tls.startswith("internal"):
-    #    raise HwsimSkip("OCSP not supported with this TLS library: " + tls)
-    #if "BoringSSL" in tls:
-    #    raise HwsimSkip("OCSP not supported with this TLS library: " + tls)
-    if tls.startswith("wolfSSL"):
-        raise HwsimSkip("OCSP not supported with this TLS library: " + tls)
-
-def check_pkcs5_v15_support(dev):
-    tls = dev.request("GET tls_library")
-    if "BoringSSL" in tls or "GnuTLS" in tls:
-        raise HwsimSkip("PKCS#5 v1.5 not supported with this TLS library: " + tls)
-
-def check_ocsp_multi_support(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("internal"):
-        raise HwsimSkip("OCSP-multi not supported with this TLS library: " + tls)
-    as_hapd = hostapd.Hostapd("as")
-    res = as_hapd.request("GET tls_library")
-    del as_hapd
-    if not res.startswith("internal"):
-        raise HwsimSkip("Authentication server does not support ocsp_multi")
-
-def check_pkcs12_support(dev):
-    tls = dev.request("GET tls_library")
-    #if tls.startswith("internal"):
-    #    raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
-    if tls.startswith("wolfSSL"):
-        raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
-
-def check_dh_dsa_support(dev):
-    tls = dev.request("GET tls_library")
-    if tls.startswith("internal"):
-        raise HwsimSkip("DH DSA not supported with this TLS library: " + tls)
-
-def check_ec_support(dev):
-    tls = dev.request("GET tls_library")
-    if tls.startswith("internal"):
-        raise HwsimSkip("EC not supported with this TLS library: " + tls)
-
-def read_pem(fname, decode=True):
-    with open(fname, "r") as f:
-        lines = f.readlines()
-        copy = False
-        cert = ""
-        for l in lines:
-            if "-----END" in l:
-                if not decode:
-                    cert = cert + l
-                break
-            if copy:
-                cert = cert + l
-            if "-----BEGIN" in l:
-                copy = True
-                if not decode:
-                    cert = cert + l
-    if decode:
-        return base64.b64decode(cert)
-    return cert.encode()
-
-def eap_connect(dev, hapd, method, identity,
-                sha256=False, expect_failure=False, local_error_report=False,
-                maybe_local_error=False, report_failure=False,
-                expect_cert_error=None, **kwargs):
-    id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                     eap=method, identity=identity,
-                     wait_connect=False, scan_freq="2412", ieee80211w="1",
-                     **kwargs)
-    eap_check_auth(dev, method, True, sha256=sha256,
-                   expect_failure=expect_failure,
-                   local_error_report=local_error_report,
-                   maybe_local_error=maybe_local_error,
-                   report_failure=report_failure,
-                   expect_cert_error=expect_cert_error)
-    if expect_failure:
-        return id
-    if hapd:
-        ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-        if ev is None:
-            raise Exception("No connection event received from hostapd")
-    return id
-
-def eap_check_auth(dev, method, initial, rsn=True, sha256=False,
-                   expect_failure=False, local_error_report=False,
-                   maybe_local_error=False, report_failure=False,
-                   expect_cert_error=None):
-    ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-    ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD",
-                         "CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP method selection timed out")
-    if "CTRL-EVENT-EAP-FAILURE" in ev:
-        if maybe_local_error:
-            return
-        raise Exception("Could not select EAP method")
-    if method not in ev:
-        raise Exception("Unexpected EAP method")
-    if expect_cert_error is not None:
-        ev = dev.wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                             "CTRL-EVENT-EAP-FAILURE",
-                             "CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-        if ev is None or "reason=%d " % expect_cert_error not in ev:
-            raise Exception("Expected certificate error not reported")
-    if expect_failure:
-        ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE",
-                             "CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-        if ev is None:
-            raise Exception("EAP failure timed out")
-        if "CTRL-EVENT-EAP-SUCCESS" in ev:
-            raise Exception("Unexpected EAP success")
-        ev = dev.wait_disconnected(timeout=10)
-        if maybe_local_error and "locally_generated=1" in ev:
-            return
-        if not local_error_report:
-            if "reason=23" not in ev:
-                raise Exception("Proper reason code for disconnection not reported")
-        return
-    if report_failure:
-        ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                             "CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "CTRL-EVENT-EAP-SUCCESS" not in ev:
-            raise Exception("EAP failed")
-    else:
-        ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("EAP success timed out")
-
-    if initial:
-        ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
-    else:
-        ev = dev.wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Association with the AP timed out")
-    status = dev.get_status()
-    if status["wpa_state"] != "COMPLETED":
-        raise Exception("Connection not completed")
-
-    if status["suppPortStatus"] != "Authorized":
-        raise Exception("Port not authorized")
-    if "selectedMethod" not in status:
-        logger.info("Status: " + str(status))
-        raise Exception("No selectedMethod in status")
-    if method not in status["selectedMethod"]:
-        raise Exception("Incorrect EAP method status")
-    if sha256:
-        e = "WPA2-EAP-SHA256"
-    elif rsn:
-        e = "WPA2/IEEE 802.1X/EAP"
-    else:
-        e = "WPA/IEEE 802.1X/EAP"
-    if status["key_mgmt"] != e:
-        raise Exception("Unexpected key_mgmt status: " + status["key_mgmt"])
-    return status
-
-def eap_reauth(dev, method, rsn=True, sha256=False, expect_failure=False):
-    dev.request("REAUTHENTICATE")
-    return eap_check_auth(dev, method, False, rsn=rsn, sha256=sha256,
-                          expect_failure=expect_failure)
-
-def test_ap_wpa2_eap_sim(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SIM"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "SIM")
-
-    eap_connect(dev[1], hapd, "SIM", "1232010000000001",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    eap_connect(dev[2], hapd, "SIM", "1232010000000002",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                expect_failure=True)
-
-    logger.info("Negative test with incorrect key")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                expect_failure=True)
-
-    logger.info("Invalid GSM-Milenage key")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a",
-                expect_failure=True)
-
-    logger.info("Invalid GSM-Milenage key(2)")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a8q:cb9cccc4b9258e6dca4760379fb82581",
-                expect_failure=True)
-
-    logger.info("Invalid GSM-Milenage key(3)")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb8258q",
-                expect_failure=True)
-
-    logger.info("Invalid GSM-Milenage key(4)")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89qcb9cccc4b9258e6dca4760379fb82581",
-                expect_failure=True)
-
-    logger.info("Missing key configuration")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_sim_sql(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-SIM (SQL)"""
-    check_hlr_auc_gw_support()
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    con = sqlite3.connect(os.path.join(params['logdir'], "hostapd.db"))
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "1814"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-
-    logger.info("SIM fast re-authentication")
-    eap_reauth(dev[0], "SIM")
-
-    logger.info("SIM full auth with pseudonym")
-    with con:
-        cur = con.cursor()
-        cur.execute("DELETE FROM reauth WHERE permanent='1232010000000000'")
-    eap_reauth(dev[0], "SIM")
-
-    logger.info("SIM full auth with permanent identity")
-    with con:
-        cur = con.cursor()
-        cur.execute("DELETE FROM reauth WHERE permanent='1232010000000000'")
-        cur.execute("DELETE FROM pseudonyms WHERE permanent='1232010000000000'")
-    eap_reauth(dev[0], "SIM")
-
-    logger.info("SIM reauth with mismatching MK")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET mk='0000000000000000000000000000000000000000' WHERE permanent='1232010000000000'")
-    eap_reauth(dev[0], "SIM", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='10' WHERE permanent='1232010000000000'")
-    eap_reauth(dev[0], "SIM")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='10' WHERE permanent='1232010000000000'")
-    logger.info("SIM reauth with mismatching counter")
-    eap_reauth(dev[0], "SIM")
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='1001' WHERE permanent='1232010000000000'")
-    logger.info("SIM reauth with max reauth count reached")
-    eap_reauth(dev[0], "SIM")
-
-def test_ap_wpa2_eap_sim_config(dev, apdev):
-    """EAP-SIM configuration options"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="SIM",
-                   identity="1232010000000000",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   phase1="sim_min_num_chal=1",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["EAP: Failed to initialize EAP method: vendor 0 method 18 (SIM)"], timeout=10)
-    if ev is None:
-        raise Exception("No EAP error message seen")
-    dev[0].request("REMOVE_NETWORK all")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="SIM",
-                   identity="1232010000000000",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   phase1="sim_min_num_chal=4",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["EAP: Failed to initialize EAP method: vendor 0 method 18 (SIM)"], timeout=10)
-    if ev is None:
-        raise Exception("No EAP error message seen (2)")
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                phase1="sim_min_num_chal=2")
-    eap_connect(dev[1], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                anonymous_identity="345678")
-
-def test_ap_wpa2_eap_sim_id_0(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SIM (no pseudonym or reauth)"""
-    run_ap_wpa2_eap_sim_id(dev, apdev, 0)
-
-def test_ap_wpa2_eap_sim_id_1(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SIM (pseudonym, no reauth)"""
-    run_ap_wpa2_eap_sim_id(dev, apdev, 1)
-
-def test_ap_wpa2_eap_sim_id_2(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SIM (no pseudonym, reauth)"""
-    run_ap_wpa2_eap_sim_id(dev, apdev, 2)
-
-def test_ap_wpa2_eap_sim_id_3(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SIM (pseudonym and reauth)"""
-    run_ap_wpa2_eap_sim_id(dev, apdev, 3)
-
-def run_ap_wpa2_eap_sim_id(dev, apdev, eap_sim_id):
-    check_hlr_auc_gw_support()
-    params = int_eap_server_params()
-    params['eap_sim_id'] = str(eap_sim_id)
-    params['eap_sim_db'] = 'unix:/tmp/hlr_auc_gw.sock'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    eap_reauth(dev[0], "SIM")
-
-def test_ap_wpa2_eap_sim_ext(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SIM and external GSM auth"""
-    try:
-        _test_ap_wpa2_eap_sim_ext(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_ext(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-    if ev is None:
-        raise Exception("Network connected timed out")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-
-    # IK:CK:RES
-    resp = "00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff:0011223344"
-    # This will fail during processing, but the ctrl_iface command succeeds
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":UMTS-AUTH:" + resp)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during GSM auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:q"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during GSM auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:34"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during GSM auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:0011223344556677"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during GSM auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:0011223344556677:q"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during GSM auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:0011223344556677:00112233"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during GSM auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:0011223344556677:00112233:q"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-
-def test_ap_wpa2_eap_sim_ext_replace_sim(dev, apdev):
-    """EAP-SIM with external GSM auth and replacing SIM without clearing pseudonym id"""
-    try:
-        _test_ap_wpa2_eap_sim_ext_replace_sim(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_ext_replace_sim(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected(timeout=15)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Replace SIM, but forget to drop the previous pseudonym identity
-    dev[0].set_network_quoted(id, "identity", "1232010000000009")
-    dev[0].select_network(id, freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000009 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_sim_ext_replace_sim2(dev, apdev):
-    """EAP-SIM with external GSM auth and replacing SIM and clearing pseudonym identity"""
-    try:
-        _test_ap_wpa2_eap_sim_ext_replace_sim2(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_ext_replace_sim2(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected(timeout=15)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Replace SIM and drop the previous pseudonym identity
-    dev[0].set_network_quoted(id, "identity", "1232010000000009")
-    dev[0].set_network(id, "anonymous_identity", "NULL")
-    dev[0].select_network(id, freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000009 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_sim_ext_replace_sim3(dev, apdev):
-    """EAP-SIM with external GSM auth, replacing SIM, and no identity in config"""
-    try:
-        _test_ap_wpa2_eap_sim_ext_replace_sim3(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_ext_replace_sim3(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-IDENTITY"])
-    if ev is None:
-        raise Exception("Request for identity timed out")
-    rid = ev.split(':')[0].split('-')[-1]
-    dev[0].request("CTRL-RSP-IDENTITY-" + rid + ":1232010000000000")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected(timeout=15)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Replace SIM and drop the previous permanent and pseudonym identities
-    dev[0].set_network(id, "identity", "NULL")
-    dev[0].set_network(id, "anonymous_identity", "NULL")
-    dev[0].select_network(id, freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-IDENTITY"])
-    if ev is None:
-        raise Exception("Request for identity timed out")
-    rid = ev.split(':')[0].split('-')[-1]
-    dev[0].request("CTRL-RSP-IDENTITY-" + rid + ":1232010000000009")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000009 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_sim_ext_auth_fail(dev, apdev):
-    """EAP-SIM with external GSM auth and auth failing"""
-    try:
-        _test_ap_wpa2_eap_sim_ext_auth_fail(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_ext_auth_fail(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    rid = p[0].split('-')[3]
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-FAIL")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_sim_change_bssid(dev, apdev):
-    """EAP-SIM and external GSM auth to check fast reauth with bssid change"""
-    try:
-        _test_ap_wpa2_eap_sim_change_bssid(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_change_bssid(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected(timeout=15)
-    hapd.wait_sta()
-
-    # Verify that EAP-SIM Reauthentication can be used after a profile change
-    # that does not affect EAP parameters.
-    dev[0].set_network(id, "bssid", "any")
-    eap_reauth(dev[0], "SIM")
-
-def test_ap_wpa2_eap_sim_no_change_set(dev, apdev):
-    """EAP-SIM and external GSM auth to check fast reauth with no-change SET_NETWORK"""
-    try:
-        _test_ap_wpa2_eap_sim_no_change_set(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_sim_no_change_set(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected(timeout=15)
-    hapd.wait_sta()
-
-    # Verify that EAP-SIM Reauthentication can be used after network profile
-    # SET_NETWORK commands that do not actually change previously set
-    # parameter values.
-    dev[0].set_network(id, "key_mgmt", "WPA-EAP")
-    dev[0].set_network(id, "eap", "SIM")
-    dev[0].set_network_quoted(id, "identity", "1232010000000000")
-    dev[0].set_network_quoted(id, "ssid", "test-wpa2-eap")
-    eap_reauth(dev[0], "SIM")
-
-def test_ap_wpa2_eap_sim_ext_anonymous(dev, apdev):
-    """EAP-SIM with external GSM auth and anonymous identity"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    try:
-        run_ap_wpa2_eap_sim_ext_anonymous(dev, "anonymous@example.org")
-        run_ap_wpa2_eap_sim_ext_anonymous(dev, "@example.org")
-        run_ap_wpa2_eap_sim_ext_anonymous(dev, "example.org!anonymous@otherexample.org")
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def test_ap_wpa2_eap_sim_ext_anonymous_no_pseudonym(dev, apdev):
-    """EAP-SIM with external GSM auth and anonymous identity without pseudonym update"""
-    check_hlr_auc_gw_support()
-    params = int_eap_server_params()
-    params['eap_sim_id'] = '0'
-    params['eap_sim_db'] = 'unix:/tmp/hlr_auc_gw.sock'
-    hostapd.add_ap(apdev[0], params)
-    try:
-        run_ap_wpa2_eap_sim_ext_anonymous(dev, "anonymous@example.org",
-                                          anon_id_change=False)
-        run_ap_wpa2_eap_sim_ext_anonymous(dev, "@example.org",
-                                          anon_id_change=False)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def run_ap_wpa2_eap_sim_ext_anonymous(dev, anon, anon_id_change=True):
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="SIM", key_mgmt="WPA-EAP",
-                        identity="1232010000000000",
-                        anonymous_identity=anon,
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev[0].wait_connected(timeout=5)
-    anon_id = dev[0].get_network(id, "anonymous_identity").strip('"')
-    if anon_id_change and anon == anon_id:
-        raise Exception("anonymous_identity did not change")
-    if not anon_id_change and anon != anon_id:
-        raise Exception("anonymous_identity changed")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-def test_ap_wpa2_eap_sim_oom(dev, apdev):
-    """EAP-SIM and OOM"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    tests = [(1, "milenage_f2345"),
-             (2, "milenage_f2345"),
-             (3, "milenage_f2345"),
-             (4, "milenage_f2345"),
-             (5, "milenage_f2345"),
-             (6, "milenage_f2345"),
-             (7, "milenage_f2345"),
-             (8, "milenage_f2345"),
-             (9, "milenage_f2345"),
-             (10, "milenage_f2345"),
-             (11, "milenage_f2345"),
-             (12, "milenage_f2345")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="SIM",
-                           identity="1232010000000000",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                           wait_connect=False, scan_freq="2412")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not selected")
-            dev[0].wait_disconnected()
-            dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_aka(dev, apdev):
-    """WPA2-Enterprise connection using EAP-AKA"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "AKA")
-
-    logger.info("Negative test with incorrect key")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                expect_failure=True)
-
-    logger.info("Invalid Milenage key")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a",
-                expect_failure=True)
-
-    logger.info("Invalid Milenage key(2)")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a8q:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                expect_failure=True)
-
-    logger.info("Invalid Milenage key(3)")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb8258q:000000000123",
-                expect_failure=True)
-
-    logger.info("Invalid Milenage key(4)")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:00000000012q",
-                expect_failure=True)
-
-    logger.info("Invalid Milenage key(5)")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581q000000000123",
-                expect_failure=True)
-
-    logger.info("Invalid Milenage key(6)")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="ffdca4eda45b53cf0f12d7c9c3bc6a89qcb9cccc4b9258e6dca4760379fb82581q000000000123",
-                expect_failure=True)
-
-    logger.info("Missing key configuration")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_aka_sql(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-AKA (SQL)"""
-    check_hlr_auc_gw_support()
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    con = sqlite3.connect(os.path.join(params['logdir'], "hostapd.db"))
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "1814"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-
-    logger.info("AKA fast re-authentication")
-    eap_reauth(dev[0], "AKA")
-
-    logger.info("AKA full auth with pseudonym")
-    with con:
-        cur = con.cursor()
-        cur.execute("DELETE FROM reauth WHERE permanent='0232010000000000'")
-    eap_reauth(dev[0], "AKA")
-
-    logger.info("AKA full auth with permanent identity")
-    with con:
-        cur = con.cursor()
-        cur.execute("DELETE FROM reauth WHERE permanent='0232010000000000'")
-        cur.execute("DELETE FROM pseudonyms WHERE permanent='0232010000000000'")
-    eap_reauth(dev[0], "AKA")
-
-    logger.info("AKA reauth with mismatching MK")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET mk='0000000000000000000000000000000000000000' WHERE permanent='0232010000000000'")
-    eap_reauth(dev[0], "AKA", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='10' WHERE permanent='0232010000000000'")
-    eap_reauth(dev[0], "AKA")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='10' WHERE permanent='0232010000000000'")
-    logger.info("AKA reauth with mismatching counter")
-    eap_reauth(dev[0], "AKA")
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='1001' WHERE permanent='0232010000000000'")
-    logger.info("AKA reauth with max reauth count reached")
-    eap_reauth(dev[0], "AKA")
-
-def test_ap_wpa2_eap_aka_config(dev, apdev):
-    """EAP-AKA configuration options"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                anonymous_identity="2345678")
-
-def test_ap_wpa2_eap_aka_ext(dev, apdev):
-    """WPA2-Enterprise connection using EAP-AKA and external UMTS auth"""
-    try:
-        _test_ap_wpa2_eap_aka_ext(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_aka_ext(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="AKA", key_mgmt="WPA-EAP",
-                        identity="0232010000000000",
-                        password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                        wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-    if ev is None:
-        raise Exception("Network connected timed out")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "UMTS-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-
-    # IK:CK:RES
-    resp = "00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff:0011223344"
-    # This will fail during processing, but the ctrl_iface command succeeds
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "UMTS-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during UMTS auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":UMTS-AUTS:112233445566778899aabbccddee"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "UMTS-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during UMTS auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":UMTS-AUTS:12"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-
-    tests = [":UMTS-AUTH:00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff:0011223344",
-             ":UMTS-AUTH:34",
-             ":UMTS-AUTH:00112233445566778899aabbccddeeff.00112233445566778899aabbccddeeff:0011223344",
-             ":UMTS-AUTH:00112233445566778899aabbccddeeff:00112233445566778899aabbccddee:0011223344",
-             ":UMTS-AUTH:00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff.0011223344",
-             ":UMTS-AUTH:00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff0011223344",
-             ":UMTS-AUTH:00112233445566778899aabbccddeeff:00112233445566778899aabbccddeeff:001122334q"]
-    for t in tests:
-        dev[0].select_network(id, freq="2412")
-        ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-        if ev is None:
-            raise Exception("Wait for external SIM processing request timed out")
-        p = ev.split(':', 2)
-        if p[1] != "UMTS-AUTH":
-            raise Exception("Unexpected CTRL-REQ-SIM type")
-        rid = p[0].split('-')[3]
-        # This will fail during UMTS auth validation
-        if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + t):
-            raise Exception("CTRL-RSP-SIM failed")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-        if ev is None:
-            raise Exception("EAP failure not reported")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        time.sleep(0.1)
-        dev[0].dump_monitor()
-
-def test_ap_wpa2_eap_aka_ext_auth_fail(dev, apdev):
-    """EAP-AKA with external UMTS auth and auth failing"""
-    try:
-        _test_ap_wpa2_eap_aka_ext_auth_fail(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_aka_ext_auth_fail(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="AKA", key_mgmt="WPA-EAP",
-                        identity="0232010000000000",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    rid = p[0].split('-')[3]
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":UMTS-FAIL")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_aka_prime(dev, apdev):
-    """WPA2-Enterprise connection using EAP-AKA'"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "AKA'", "6555444333222111",
-                password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "AKA'")
-
-    logger.info("EAP-AKA' bidding protection when EAP-AKA enabled as well")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="AKA' AKA",
-                   identity="6555444333222111@both",
-                   password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-                   wait_connect=False, scan_freq="2412")
-    dev[1].wait_connected(timeout=15)
-
-    logger.info("Negative test with incorrect key")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "AKA'", "6555444333222111",
-                password="ff22250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_aka_prime_sql(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-AKA' (SQL)"""
-    check_hlr_auc_gw_support()
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    con = sqlite3.connect(os.path.join(params['logdir'], "hostapd.db"))
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "1814"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "AKA'", "6555444333222111",
-                password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-
-    logger.info("AKA' fast re-authentication")
-    eap_reauth(dev[0], "AKA'")
-
-    logger.info("AKA' full auth with pseudonym")
-    with con:
-        cur = con.cursor()
-        cur.execute("DELETE FROM reauth WHERE permanent='6555444333222111'")
-    eap_reauth(dev[0], "AKA'")
-
-    logger.info("AKA' full auth with permanent identity")
-    with con:
-        cur = con.cursor()
-        cur.execute("DELETE FROM reauth WHERE permanent='6555444333222111'")
-        cur.execute("DELETE FROM pseudonyms WHERE permanent='6555444333222111'")
-    eap_reauth(dev[0], "AKA'")
-
-    logger.info("AKA' reauth with mismatching k_aut")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET k_aut='0000000000000000000000000000000000000000000000000000000000000000' WHERE permanent='6555444333222111'")
-    eap_reauth(dev[0], "AKA'", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "AKA'", "6555444333222111",
-                password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='10' WHERE permanent='6555444333222111'")
-    eap_reauth(dev[0], "AKA'")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='10' WHERE permanent='6555444333222111'")
-    logger.info("AKA' reauth with mismatching counter")
-    eap_reauth(dev[0], "AKA'")
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "AKA'", "6555444333222111",
-                password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-    with con:
-        cur = con.cursor()
-        cur.execute("UPDATE reauth SET counter='1001' WHERE permanent='6555444333222111'")
-    logger.info("AKA' reauth with max reauth count reached")
-    eap_reauth(dev[0], "AKA'")
-
-def test_ap_wpa2_eap_aka_prime_ext_auth_fail(dev, apdev):
-    """EAP-AKA' with external UMTS auth and auth failing"""
-    try:
-        _test_ap_wpa2_eap_aka_prime_ext_auth_fail(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_aka_prime_ext_auth_fail(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="AKA'", key_mgmt="WPA-EAP",
-                        identity="6555444333222111",
-                        wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    rid = p[0].split('-')[3]
-    dev[0].request("CTRL-RSP-SIM-" + rid + ":UMTS-FAIL")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_aka_prime_ext(dev, apdev):
-    """EAP-AKA' with external UMTS auth to hit Synchronization-Failure"""
-    try:
-        _test_ap_wpa2_eap_aka_prime_ext(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_wpa2_eap_aka_prime_ext(dev, apdev):
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    id = dev[0].connect("test-wpa2-eap", eap="AKA'", key_mgmt="WPA-EAP",
-                        identity="6555444333222111",
-                        password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                        wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-    if ev is None:
-        raise Exception("Network connected timed out")
-
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "UMTS-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    # This will fail during UMTS auth validation
-    if "OK" not in dev[0].request("CTRL-RSP-SIM-" + rid + ":UMTS-AUTS:112233445566778899aabbccddee"):
-        raise Exception("CTRL-RSP-SIM failed")
-    ev = dev[0].wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-
-def test_ap_wpa2_eap_ttls_pap(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/PAP"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-EAP":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-1"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-1")])
-
-def test_ap_wpa2_eap_ttls_pap_subject_match(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/PAP and (alt)subject_match"""
-    check_subject_match_support(dev[0])
-    check_altsubject_match_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                subject_match="/C=FI/O=w1.fi/CN=server.w1.fi",
-                altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/")
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_pap_check_cert_subject(dev, apdev):
-    """EAP-TTLS/PAP and check_cert_subject"""
-    check_check_cert_subject_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["C=FI/O=w1.fi/CN=server.w1.fi",
-             "C=FI/O=w1.fi",
-             "C=FI/CN=server.w1.fi",
-             "O=w1.fi/CN=server.w1.fi",
-             "C=FI",
-             "O=w1.fi",
-             "O=w1.*",
-             "CN=server.w1.fi",
-             "*"]
-    for test in tests:
-        eap_connect(dev[0], hapd, "TTLS", "pap user",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                    check_cert_subject=test)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-def test_ap_wpa2_eap_ttls_pap_check_cert_subject_neg(dev, apdev):
-    """EAP-TTLS/PAP and check_cert_subject (negative)"""
-    check_check_cert_subject_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["C=US",
-             "C",
-             "C=FI1*",
-             "O=w1.f",
-             "O=w1.fi1",
-             "O=w1.fi/O=foo",
-             "O=foo/O=w1.fi",
-             "O=w1.fi/O=w1.fi"]
-    for test in tests:
-        eap_connect(dev[0], hapd, "TTLS", "pap user",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                    expect_failure=True, expect_cert_error=12,
-                    check_cert_subject=test)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-def test_ap_wpa2_eap_ttls_pap_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/PAP - incorrect password"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="wrong",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                expect_failure=True)
-    eap_connect(dev[1], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_chap(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/CHAP"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "chap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=CHAP")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_chap_altsubject_match(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/CHAP"""
-    skip_with_fips(dev[0])
-    check_altsubject_match_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "chap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=CHAP",
-                altsubject_match="EMAIL:noone@example.com;URI:http://example.com/;DNS:server.w1.fi")
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_chap_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/CHAP - incorrect password"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "chap user",
-                anonymous_identity="ttls", password="wrong",
-                ca_cert="auth_serv/ca.pem", phase2="auth=CHAP",
-                expect_failure=True)
-    eap_connect(dev[1], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=CHAP",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAP"""
-    skip_with_fips(dev[0])
-    check_domain_suffix_match(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "mschap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                domain_suffix_match="server.w1.fi")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "TTLS", "mschap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                fragment_size="200")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    eap_connect(dev[0], hapd, "TTLS", "mschap user",
-                anonymous_identity="ttls",
-                password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP")
-
-def test_ap_wpa2_eap_ttls_mschap_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAP - incorrect password"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "mschap user",
-                anonymous_identity="ttls", password="wrong",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                expect_failure=True)
-    eap_connect(dev[1], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                expect_failure=True)
-    eap_connect(dev[2], hapd, "TTLS", "no such user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2"""
-    check_domain_suffix_match(dev[0])
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                domain_suffix_match="server.w1.fi")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    sta1 = hapd.get_sta(dev[0].p2p_interface_addr())
-    eapol1 = hapd.get_sta(dev[0].p2p_interface_addr(), info="eapol")
-    eap_reauth(dev[0], "TTLS")
-    sta2 = hapd.get_sta(dev[0].p2p_interface_addr())
-    eapol2 = hapd.get_sta(dev[0].p2p_interface_addr(), info="eapol")
-    if int(sta2['dot1xAuthEapolFramesRx']) <= int(sta1['dot1xAuthEapolFramesRx']):
-        raise Exception("dot1xAuthEapolFramesRx did not increase")
-    if int(eapol2['authAuthEapStartsWhileAuthenticated']) < 1:
-        raise Exception("authAuthEapStartsWhileAuthenticated did not increase")
-    if int(eapol2['backendAuthSuccesses']) <= int(eapol1['backendAuthSuccesses']):
-        raise Exception("backendAuthSuccesses did not increase")
-
-    logger.info("Password as hash value")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls",
-                password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-
-def test_ap_wpa2_eap_ttls_invalid_phase2(dev, apdev):
-    """EAP-TTLS with invalid phase2 parameter values"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    tests = ["auth=MSCHAPv2", "auth=MSCHAPV2 autheap=MD5",
-             "autheap=MD5 auth=MSCHAPV2", "auth=PAP auth=CHAP",
-             "autheap=MD5 autheap=FOO autheap=MSCHAPV2"]
-    for t in tests:
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="DOMAIN\mschapv2 user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2=t,
-                       wait_connect=False, scan_freq="2412")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
-        if ev is None or "method=21" not in ev:
-            raise Exception("EAP-TTLS not started")
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method",
-                                "CTRL-EVENT-CONNECTED"], timeout=5)
-        if ev is None or "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("No EAP-TTLS failure reported for phase2=" + t)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-def test_ap_wpa2_eap_ttls_mschapv2_suffix_match(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2"""
-    check_domain_match_full(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                domain_suffix_match="w1.fi")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_mschapv2_domain_match(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 (domain_match)"""
-    check_domain_match(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                domain_match="Server.w1.fi")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_mschapv2_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 - incorrect password"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls", password="password1",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                expect_failure=True)
-    eap_connect(dev[1], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_mschapv2_utf8(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 and UTF-8 password"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "utf8-user-hash",
-                anonymous_identity="ttls", password="secret-åäö-€-password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    eap_connect(dev[1], hapd, "TTLS", "utf8-user",
-                anonymous_identity="ttls",
-                password_hex="hash:bd5844fad2489992da7fe8c5a01559cf",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    for p in ["80", "41c041e04141e041", 257*"41"]:
-        dev[2].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="TTLS", identity="utf8-user-hash",
-                       anonymous_identity="ttls", password_hex=p,
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       wait_connect=False, scan_freq="2412")
-        ev = dev[2].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=1)
-        if ev is None:
-            raise Exception("No failure reported")
-        dev[2].request("REMOVE_NETWORK all")
-        dev[2].wait_disconnected()
-
-def test_ap_wpa2_eap_ttls_eap_gtc(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=GTC")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_eap_gtc_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - incorrect password"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="wrong",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_eap_gtc_no_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - no password"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user-no-passwd",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_eap_gtc_server_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - server OOM"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    with alloc_fail(hapd, 1, "eap_gtc_init"):
-        eap_connect(dev[0], hapd, "TTLS", "user",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                    expect_failure=True)
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(hapd, 1, "eap_gtc_buildReq"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       wait_connect=False, scan_freq="2412")
-        # This would eventually time out, but we can stop after having reached
-        # the allocation failure.
-        for i in range(20):
-            time.sleep(0.1)
-            if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                break
-
-def test_ap_wpa2_eap_ttls_eap_gtc_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC (OOM)"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = ["eap_gtc_init",
-             "eap_msg_alloc;eap_gtc_process"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="TTLS", identity="user",
-                           anonymous_identity="ttls", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
-    check_eap_capa(dev[0], "MD5")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=MD5")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - incorrect password"""
-    check_eap_capa(dev[0], "MD5")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="wrong",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - no password"""
-    check_eap_capa(dev[0], "MD5")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user-no-passwd",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - server OOM"""
-    check_eap_capa(dev[0], "MD5")
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    with alloc_fail(hapd, 1, "eap_md5_init"):
-        eap_connect(dev[0], hapd, "TTLS", "user",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
-                    expect_failure=True)
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(hapd, 1, "eap_md5_buildReq"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
-                       wait_connect=False, scan_freq="2412")
-        # This would eventually time out, but we can stop after having reached
-        # the allocation failure.
-        for i in range(20):
-            time.sleep(0.1)
-            if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                break
-
-def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "TTLS")
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password1",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - no password"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "user-no-passwd",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_ttls_eap_mschapv2_server_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - server OOM"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    with alloc_fail(hapd, 1, "eap_mschapv2_init"):
-        eap_connect(dev[0], hapd, "TTLS", "user",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
-                    expect_failure=True)
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(hapd, 1, "eap_mschapv2_build_challenge"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
-                       wait_connect=False, scan_freq="2412")
-        # This would eventually time out, but we can stop after having reached
-        # the allocation failure.
-        for i in range(20):
-            time.sleep(0.1)
-            if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                break
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(hapd, 1, "eap_mschapv2_build_success_req"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
-                       wait_connect=False, scan_freq="2412")
-        # This would eventually time out, but we can stop after having reached
-        # the allocation failure.
-        for i in range(20):
-            time.sleep(0.1)
-            if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                break
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(hapd, 1, "eap_mschapv2_build_failure_req"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="wrong",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
-                       wait_connect=False, scan_freq="2412")
-        # This would eventually time out, but we can stop after having reached
-        # the allocation failure.
-        for i in range(20):
-            time.sleep(0.1)
-            if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                break
-        dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_ttls_eap_sim(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-SIM"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "1232010000000000",
-                anonymous_identity="1232010000000000@ttls",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=SIM")
-    eap_reauth(dev[0], "TTLS")
-
-def run_ext_sim_auth(hapd, dev):
-    ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    rid = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev.request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
-    dev.wait_connected(timeout=15)
-    hapd.wait_sta()
-
-    dev.dump_monitor()
-    dev.request("REAUTHENTICATE")
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP reauthentication did not succeed")
-    ev = dev.wait_event(["WPA: Key negotiation completed"], timeout=5)
-    if ev is None:
-        raise Exception("Key negotiation did not complete")
-    dev.dump_monitor()
-
-def test_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-SIM and external GSM auth"""
-    check_hlr_auc_gw_support()
-    try:
-        run_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def run_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    dev[0].connect("test-wpa2-eap", eap="TTLS", key_mgmt="WPA-EAP",
-                   identity="1232010000000000",
-                   anonymous_identity="1232010000000000@ttls",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   ca_cert="auth_serv/ca.pem", phase2="autheap=SIM",
-                   wait_connect=False, scan_freq="2412")
-    run_ext_sim_auth(hapd, dev[0])
-
-def test_ap_wpa2_eap_ttls_eap_vendor(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-vendor"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "vendor-test-2",
-                anonymous_identity="ttls",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=VENDOR-TEST")
-
-def test_ap_wpa2_eap_peap_eap_sim(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-SIM"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "1232010000000000",
-                anonymous_identity="1232010000000000@peap",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                ca_cert="auth_serv/ca.pem", phase2="auth=SIM")
-    eap_reauth(dev[0], "PEAP")
-
-def test_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-SIM and external GSM auth"""
-    check_hlr_auc_gw_support()
-    try:
-        run_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def run_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    dev[0].connect("test-wpa2-eap", eap="PEAP", key_mgmt="WPA-EAP",
-                   identity="1232010000000000",
-                   anonymous_identity="1232010000000000@peap",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=SIM",
-                   wait_connect=False, scan_freq="2412")
-    run_ext_sim_auth(hapd, dev[0])
-
-def test_ap_wpa2_eap_fast_eap_sim(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/EAP-SIM"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "FAST", "1232010000000000",
-                anonymous_identity="1232010000000000@fast",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                phase1="fast_provisioning=2",
-                pac_file="blob://fast_pac_auth_sim",
-                ca_cert="auth_serv/ca.pem", phase2="auth=SIM")
-    eap_reauth(dev[0], "FAST")
-
-def test_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/EAP-SIM and external GSM auth"""
-    check_hlr_auc_gw_support()
-    try:
-        run_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def run_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET external_sim 1")
-    dev[0].connect("test-wpa2-eap", eap="PEAP", key_mgmt="WPA-EAP",
-                   identity="1232010000000000",
-                   anonymous_identity="1232010000000000@peap",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   phase1="fast_provisioning=2",
-                   pac_file="blob://fast_pac_auth_sim",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=SIM",
-                   wait_connect=False, scan_freq="2412")
-    run_ext_sim_auth(hapd, dev[0])
-
-def test_ap_wpa2_eap_ttls_eap_aka(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/EAP-AKA"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "0232010000000000",
-                anonymous_identity="0232010000000000@ttls",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=AKA")
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_peap_eap_aka(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-AKA"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "0232010000000000",
-                anonymous_identity="0232010000000000@peap",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                ca_cert="auth_serv/ca.pem", phase2="auth=AKA")
-    eap_reauth(dev[0], "PEAP")
-
-def test_ap_wpa2_eap_fast_eap_aka(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/EAP-AKA"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "FAST", "0232010000000000",
-                anonymous_identity="0232010000000000@fast",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                phase1="fast_provisioning=2",
-                pac_file="blob://fast_pac_auth_aka",
-                ca_cert="auth_serv/ca.pem", phase2="auth=AKA")
-    eap_reauth(dev[0], "FAST")
-
-def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "PEAP")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                fragment_size="200")
-
-    logger.info("Password as hash value")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap",
-                password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password1",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_peap_eap_mschapv2_domain(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2 with domain"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", r"DOMAIN\user3",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "PEAP")
-
-def test_ap_wpa2_eap_peap_eap_mschapv2_incorrect_password(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2 - incorrect password"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="wrong",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "user", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="peapver=0 crypto_binding=2",
-                phase2="auth=MSCHAPV2")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "PEAP")
-
-    eap_connect(dev[1], hapd, "PEAP", "user", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="peapver=0 crypto_binding=1",
-                phase2="auth=MSCHAPV2")
-    eap_connect(dev[2], hapd, "PEAP", "user", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="peapver=0 crypto_binding=0",
-                phase2="auth=MSCHAPV2")
-
-def test_ap_wpa2_eap_peap_crypto_binding_server_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding with server OOM"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    with alloc_fail(hapd, 1, "eap_mschapv2_getKey"):
-        eap_connect(dev[0], hapd, "PEAP", "user", password="password",
-                    ca_cert="auth_serv/ca.pem",
-                    phase1="peapver=0 crypto_binding=2",
-                    phase2="auth=MSCHAPV2",
-                    expect_failure=True, local_error_report=True)
-
-def test_ap_wpa2_eap_peap_params(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and various parameters"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                phase1="peapver=0 peaplabel=1",
-                expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                   identity="user",
-                   anonymous_identity="peap", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   phase1="peap_outer_success=0",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("No EAP success seen")
-    # This won't succeed to connect with peap_outer_success=0, so stop here.
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    eap_connect(dev[1], hapd, "PEAP", "user", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="peap_outer_success=1",
-                phase2="auth=MSCHAPV2")
-    eap_connect(dev[2], hapd, "PEAP", "user", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="peap_outer_success=2",
-                phase2="auth=MSCHAPV2")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                   identity="user",
-                   anonymous_identity="peap", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   phase1="peapver=1 peaplabel=1",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("No EAP success seen")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev and "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].disconnect_and_stop_scan()
-
-    tests = [("peap-ver0", ""),
-             ("peap-ver1", ""),
-             ("peap-ver0", "peapver=0"),
-             ("peap-ver1", "peapver=1")]
-    for anon, phase1 in tests:
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                       identity="user", anonymous_identity=anon,
-                       password="password", phase1=phase1,
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = [("peap-ver0", "peapver=1"),
-             ("peap-ver1", "peapver=0")]
-    for anon, phase1 in tests:
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                       identity="user", anonymous_identity=anon,
-                       password="password", phase1=phase1,
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       wait_connect=False, scan_freq="2412")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-        if ev is None:
-            raise Exception("No EAP-Failure seen")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    eap_connect(dev[0], hapd, "PEAP", "user", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="tls_allow_md5=1 tls_disable_session_ticket=1 tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=0 tls_ext_cert_check=0",
-                phase2="auth=MSCHAPV2")
-
-def test_ap_wpa2_eap_peap_eap_gtc(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-GTC"""
-    p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], p)
-    eap_connect(dev[0], hapd, "PEAP", "user", phase1="peapver=1",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=GTC")
-
-def test_ap_wpa2_eap_peap_eap_tls(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-TLS"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "cert user",
-                ca_cert="auth_serv/ca.pem", phase2="auth=TLS",
-                ca_cert2="auth_serv/ca.pem",
-                client_cert2="auth_serv/user.pem",
-                private_key2="auth_serv/user.key")
-    eap_reauth(dev[0], "PEAP")
-
-def test_ap_wpa2_eap_peap_eap_vendor(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PEAP/EAP-vendor"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "vendor-test-2",
-                ca_cert="auth_serv/ca.pem", phase2="auth=VENDOR-TEST")
-
-def test_ap_wpa2_eap_tls(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    eap_reauth(dev[0], "TLS")
-
-def test_eap_tls_pkcs8_pkcs5_v2_des3(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and PKCS #8, PKCS #5 v2 DES3 key"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key.pkcs8",
-                private_key_passwd="whatever")
-
-def test_eap_tls_pkcs8_pkcs5_v15(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and PKCS #8, PKCS #5 v1.5 key"""
-    check_pkcs5_v15_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key.pkcs8.pkcs5v15",
-                private_key_passwd="whatever")
-
-def test_ap_wpa2_eap_tls_blob(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and config blobs"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    cert = read_pem("auth_serv/ca.pem")
-    if "OK" not in dev[0].request("SET blob cacert " +  binascii.hexlify(cert).decode()):
-        raise Exception("Could not set cacert blob")
-    cert = read_pem("auth_serv/user.pem")
-    if "OK" not in dev[0].request("SET blob usercert " + binascii.hexlify(cert).decode()):
-        raise Exception("Could not set usercert blob")
-    key = read_pem("auth_serv/user.rsa-key")
-    if "OK" not in dev[0].request("SET blob userkey " + binascii.hexlify(key).decode()):
-        raise Exception("Could not set cacert blob")
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="blob://cacert",
-                client_cert="blob://usercert",
-                private_key="blob://userkey")
-
-def test_ap_wpa2_eap_tls_blob_pem(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and config blobs (PEM)"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    cert = read_pem("auth_serv/ca.pem", decode=False)
-    if "OK" not in dev[0].request("SET blob cacert " +  binascii.hexlify(cert).decode()):
-        raise Exception("Could not set cacert blob")
-    cert = read_pem("auth_serv/user.pem", decode=False)
-    if "OK" not in dev[0].request("SET blob usercert " + binascii.hexlify(cert).decode()):
-        raise Exception("Could not set usercert blob")
-    key = read_pem("auth_serv/user.key.pkcs8", decode=False)
-    if "OK" not in dev[0].request("SET blob userkey " + binascii.hexlify(key).decode()):
-        raise Exception("Could not set cacert blob")
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="blob://cacert",
-                client_cert="blob://usercert",
-                private_key="blob://userkey",
-                private_key_passwd="whatever")
-
-def test_ap_wpa2_eap_tls_blob_missing(dev, apdev):
-    """EAP-TLS and config blob missing"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user",
-                   ca_cert="blob://testing-blob-does-not-exist",
-                   client_cert="blob://testing-blob-does-not-exist",
-                   private_key="blob://testing-blob-does-not-exist",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"], timeout=10)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_tls_with_tls_len(dev, apdev):
-    """EAP-TLS and TLS Message Length in unfragmented packets"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                phase1="include_tls_length=1",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-
-def test_ap_wpa2_eap_tls_pkcs12(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and PKCS#12"""
-    check_pkcs12_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                private_key="auth_serv/user.pkcs12",
-                private_key_passwd="whatever")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user",
-                   ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-PASSPHRASE"])
-    if ev is None:
-        raise Exception("Request for private key passphrase timed out")
-    id = ev.split(':')[0].split('-')[-1]
-    dev[0].request("CTRL-RSP-PASSPHRASE-" + id + ":whatever")
-    dev[0].wait_connected(timeout=10)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    # Run this twice to verify certificate chain handling with OpenSSL. Use two
-    # different files to cover both cases of the extra certificate being the
-    # one that signed the client certificate and it being unrelated to the
-    # client certificate.
-    for pkcs12 in "auth_serv/user2.pkcs12", "auth_serv/user3.pkcs12":
-        for i in range(2):
-            eap_connect(dev[0], hapd, "TLS", "tls user",
-                        ca_cert="auth_serv/ca.pem",
-                        private_key=pkcs12,
-                        private_key_passwd="whatever")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and PKCS#12 from configuration blob"""
-    cert = read_pem("auth_serv/ca.pem")
-    cacert = binascii.hexlify(cert).decode()
-    run_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev, cacert)
-
-def test_ap_wpa2_eap_tls_pkcs12_blob_pem(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and PKCS#12 from configuration blob and PEM ca_cert blob"""
-    with open("auth_serv/ca.pem", "r") as f:
-        lines = f.readlines()
-        copy = False
-        cert = ""
-        for l in lines:
-            if "-----BEGIN" in l:
-                copy = True
-            if copy:
-                cert += l
-            if "-----END" in l:
-                copy = False
-                break
-    cacert = binascii.hexlify(cert.encode()).decode()
-    run_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev, cacert)
-
-def run_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev, cacert):
-    check_pkcs12_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "OK" not in dev[0].request("SET blob cacert " + cacert):
-        raise Exception("Could not set cacert blob")
-    with open("auth_serv/user.pkcs12", "rb") as f:
-        if "OK" not in dev[0].request("SET blob pkcs12 " + binascii.hexlify(f.read()).decode()):
-            raise Exception("Could not set pkcs12 blob")
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="blob://cacert",
-                private_key="blob://pkcs12",
-                private_key_passwd="whatever")
-
-def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev):
-    """WPA2-Enterprise negative test - incorrect trust root"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    cert = read_pem("auth_serv/ca-incorrect.pem")
-    if "OK" not in dev[0].request("SET blob cacert " + binascii.hexlify(cert).decode()):
-        raise Exception("Could not set cacert blob")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="blob://cacert",
-                   wait_connect=False, scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca-incorrect.pem",
-                   wait_connect=False, scan_freq="2412")
-
-    for dev in (dev[0], dev[1]):
-        ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-        if ev is None:
-            raise Exception("Association and EAP start timed out")
-
-        ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
-        if ev is None:
-            raise Exception("EAP method selection timed out")
-        if "TTLS" not in ev:
-            raise Exception("Unexpected EAP method")
-
-        ev = dev.wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                             "CTRL-EVENT-EAP-SUCCESS",
-                             "CTRL-EVENT-EAP-FAILURE",
-                             "CTRL-EVENT-CONNECTED",
-                             "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("EAP result timed out")
-        if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
-            raise Exception("TLS certificate error not reported")
-
-        ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                             "CTRL-EVENT-EAP-FAILURE",
-                             "CTRL-EVENT-CONNECTED",
-                             "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("EAP result(2) timed out")
-        if "CTRL-EVENT-EAP-FAILURE" not in ev:
-            raise Exception("EAP failure not reported")
-
-        ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
-                             "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("EAP result(3) timed out")
-        if "CTRL-EVENT-DISCONNECTED" not in ev:
-            raise Exception("Disconnection not reported")
-
-        ev = dev.wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-        if ev is None:
-            raise Exception("Network block disabling not reported")
-
-def test_ap_wpa2_eap_tls_diff_ca_trust(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/PAP and different CA trust"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", anonymous_identity="ttls",
-                   password="password", phase2="auth=PAP",
-                   ca_cert="auth_serv/ca.pem",
-                   wait_connect=True, scan_freq="2412")
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                        identity="pap user", anonymous_identity="ttls",
-                        password="password", phase2="auth=PAP",
-                        ca_cert="auth_serv/ca-incorrect.pem",
-                        only_add_network=True, scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21"], timeout=15)
-    if ev is None:
-        raise Exception("EAP-TTLS not re-started")
-
-    ev = dev[0].wait_disconnected(timeout=15)
-    if "reason=23" not in ev:
-        raise Exception("Proper reason code for disconnection not reported")
-
-def test_ap_wpa2_eap_tls_diff_ca_trust2(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/PAP and different CA trust"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", anonymous_identity="ttls",
-                   password="password", phase2="auth=PAP",
-                   wait_connect=True, scan_freq="2412")
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                        identity="pap user", anonymous_identity="ttls",
-                        password="password", phase2="auth=PAP",
-                        ca_cert="auth_serv/ca-incorrect.pem",
-                        only_add_network=True, scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21"], timeout=15)
-    if ev is None:
-        raise Exception("EAP-TTLS not re-started")
-
-    ev = dev[0].wait_disconnected(timeout=15)
-    if "reason=23" not in ev:
-        raise Exception("Proper reason code for disconnection not reported")
-
-def test_ap_wpa2_eap_tls_diff_ca_trust3(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/PAP and different CA trust"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                        identity="pap user", anonymous_identity="ttls",
-                        password="password", phase2="auth=PAP",
-                        ca_cert="auth_serv/ca.pem",
-                        wait_connect=True, scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].set_network_quoted(id, "ca_cert", "auth_serv/ca-incorrect.pem")
-    dev[0].select_network(id, freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21"], timeout=15)
-    if ev is None:
-        raise Exception("EAP-TTLS not re-started")
-
-    ev = dev[0].wait_disconnected(timeout=15)
-    if "reason=23" not in ev:
-        raise Exception("Proper reason code for disconnection not reported")
-
-def test_ap_wpa2_eap_tls_neg_suffix_match(dev, apdev):
-    """WPA2-Enterprise negative test - domain suffix mismatch"""
-    check_domain_suffix_match(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem",
-                   domain_suffix_match="incorrect.example.com",
-                   wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
-    if ev is None:
-        raise Exception("EAP method selection timed out")
-    if "TTLS" not in ev:
-        raise Exception("Unexpected EAP method")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                            "CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
-        raise Exception("TLS certificate error not reported")
-    if "Domain suffix mismatch" not in ev:
-        raise Exception("Domain suffix mismatch not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(2) timed out")
-    if "CTRL-EVENT-EAP-FAILURE" not in ev:
-        raise Exception("EAP failure not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(3) timed out")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Disconnection not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("Network block disabling not reported")
-
-def test_ap_wpa2_eap_tls_neg_domain_match(dev, apdev):
-    """WPA2-Enterprise negative test - domain mismatch"""
-    check_domain_match(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem",
-                   domain_match="w1.fi",
-                   wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
-    if ev is None:
-        raise Exception("EAP method selection timed out")
-    if "TTLS" not in ev:
-        raise Exception("Unexpected EAP method")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                            "CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
-        raise Exception("TLS certificate error not reported")
-    if "Domain mismatch" not in ev:
-        raise Exception("Domain mismatch not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(2) timed out")
-    if "CTRL-EVENT-EAP-FAILURE" not in ev:
-        raise Exception("EAP failure not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(3) timed out")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Disconnection not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("Network block disabling not reported")
-
-def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev):
-    """WPA2-Enterprise negative test - subject mismatch"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem",
-                   subject_match="/C=FI/O=w1.fi/CN=example.com",
-                   wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD",
-                            "EAP: Failed to initialize EAP method"], timeout=10)
-    if ev is None:
-        raise Exception("EAP method selection timed out")
-    if "EAP: Failed to initialize EAP method" in ev:
-        tls = dev[0].request("GET tls_library")
-        if tls.startswith("OpenSSL"):
-            raise Exception("Failed to select EAP method")
-        logger.info("subject_match not supported - connection failed, so test succeeded")
-        return
-    if "TTLS" not in ev:
-        raise Exception("Unexpected EAP method")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                            "CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
-        raise Exception("TLS certificate error not reported")
-    if "Subject mismatch" not in ev:
-        raise Exception("Subject mismatch not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(2) timed out")
-    if "CTRL-EVENT-EAP-FAILURE" not in ev:
-        raise Exception("EAP failure not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(3) timed out")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Disconnection not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("Network block disabling not reported")
-
-def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev):
-    """WPA2-Enterprise negative test - altsubject mismatch"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    tests = ["incorrect.example.com",
-             "DNS:incorrect.example.com",
-             "DNS:w1.fi",
-             "DNS:erver.w1.fi"]
-    for match in tests:
-        _test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev, match)
-
-def _test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev, match):
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem",
-                   altsubject_match=match,
-                   wait_connect=False, scan_freq="2412")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD",
-                            "EAP: Failed to initialize EAP method"], timeout=10)
-    if ev is None:
-        raise Exception("EAP method selection timed out")
-    if "EAP: Failed to initialize EAP method" in ev:
-        tls = dev[0].request("GET tls_library")
-        if tls.startswith("OpenSSL"):
-            raise Exception("Failed to select EAP method")
-        logger.info("altsubject_match not supported - connection failed, so test succeeded")
-        return
-    if "TTLS" not in ev:
-        raise Exception("Unexpected EAP method")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                            "CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
-        raise Exception("TLS certificate error not reported")
-    if "AltSubject mismatch" not in ev:
-        raise Exception("altsubject mismatch not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(2) timed out")
-    if "CTRL-EVENT-EAP-FAILURE" not in ev:
-        raise Exception("EAP failure not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result(3) timed out")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Disconnection not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("Network block disabling not reported")
-
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_unauth_tls(dev, apdev):
-    """WPA2-Enterprise connection using UNAUTH-TLS"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "UNAUTH-TLS", "unauth-tls",
-                ca_cert="auth_serv/ca.pem")
-    eap_reauth(dev[0], "UNAUTH-TLS")
-
-def test_ap_wpa2_eap_ttls_server_cert_hash(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS and server certificate hash"""
-    check_cert_probe_support(dev[0])
-    skip_with_fips(dev[0])
-    srv_cert_hash = "5891bd91eaf977684e70d4376d1514621d18f09ab2020bea1ad293d59a6e8944"
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="probe", ca_cert="probe://",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PEER-CERT depth=0"], timeout=10)
-    if ev is None:
-        raise Exception("No peer server certificate event seen")
-    if "hash=" + srv_cert_hash not in ev:
-        raise Exception("Expected server certificate hash not reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "Server certificate chain probe" not in ev:
-        raise Exception("Server certificate probe not reported")
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].request("REMOVE_NETWORK all")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-    if ev is None:
-        raise Exception("Association and EAP start timed out")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "Server certificate mismatch" not in ev:
-        raise Exception("Server certificate mismatch not reported")
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="hash://server/sha256/" + srv_cert_hash,
-                phase2="auth=MSCHAPV2")
-
-def test_ap_wpa2_eap_ttls_server_cert_hash_invalid(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS and server certificate hash (invalid config)"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="hash://server/md5/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a",
-                   wait_connect=False, scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca",
-                   wait_connect=False, scan_freq="2412")
-    dev[2].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6Q",
-                   wait_connect=False, scan_freq="2412")
-    for i in range(0, 3):
-        ev = dev[i].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-        if ev is None:
-            raise Exception("Association and EAP start timed out")
-        ev = dev[i].wait_event(["EAP: Failed to initialize EAP method: vendor 0 method 21 (TTLS)"], timeout=5)
-        if ev is None:
-            raise Exception("Did not report EAP method initialization failure")
-
-def test_ap_wpa2_eap_pwd(dev, apdev):
-    """WPA2-Enterprise connection using EAP-pwd"""
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PWD", "pwd user", password="secret password")
-    eap_reauth(dev[0], "PWD")
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[1], hapd, "PWD",
-                "pwd.user@test123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890.example.com",
-                password="secret password",
-                fragment_size="90")
-
-    logger.info("Negative test with incorrect password")
-    eap_connect(dev[2], hapd, "PWD", "pwd user", password="secret-password",
-                expect_failure=True, local_error_report=True)
-
-    eap_connect(dev[0], hapd, "PWD",
-                "pwd.user@test123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890.example.com",
-                password="secret password",
-                fragment_size="31")
-
-def test_ap_wpa2_eap_pwd_nthash(dev, apdev):
-    """WPA2-Enterprise connection using EAP-pwd and NTHash"""
-    check_eap_capa(dev[0], "PWD")
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PWD", "pwd-hash", password="secret password")
-    eap_connect(dev[1], hapd, "PWD", "pwd-hash",
-                password_hex="hash:e3718ece8ab74792cbbfffd316d2d19a")
-    eap_connect(dev[2], hapd, "PWD", "pwd user",
-                password_hex="hash:e3718ece8ab74792cbbfffd316d2d19a",
-                expect_failure=True, local_error_report=True)
-
-def test_ap_wpa2_eap_pwd_salt_sha1(dev, apdev):
-    """WPA2-Enterprise connection using EAP-pwd and salted password SHA-1"""
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PWD", "pwd-hash-sha1",
-                password="secret password")
-
-def test_ap_wpa2_eap_pwd_salt_sha256(dev, apdev):
-    """WPA2-Enterprise connection using EAP-pwd and salted password SHA256"""
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PWD", "pwd-hash-sha256",
-                password="secret password")
-
-def test_ap_wpa2_eap_pwd_salt_sha512(dev, apdev):
-    """WPA2-Enterprise connection using EAP-pwd and salted password SHA512"""
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PWD", "pwd-hash-sha512",
-                password="secret password")
-
-def test_ap_wpa2_eap_pwd_groups(dev, apdev):
-    """WPA2-Enterprise connection using various EAP-pwd groups"""
-    check_eap_capa(dev[0], "PWD")
-    tls = dev[0].request("GET tls_library")
-    params = {"ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf"}
-    groups = [19, 20, 21]
-    for i in groups:
-        logger.info("Group %d" % i)
-        params['pwd_group'] = str(i)
-        hapd = hostapd.add_ap(apdev[0], params)
-        eap_connect(dev[0], hapd, "PWD", "pwd user",
-                    password="secret password",
-                    phase1="eap_pwd_groups=0-65535")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        hapd.disable()
-
-def test_ap_wpa2_eap_pwd_invalid_group(dev, apdev):
-    """WPA2-Enterprise connection using invalid EAP-pwd group"""
-    check_eap_capa(dev[0], "PWD")
-    params = {"ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf"}
-    for i in [0, 25, 26, 27]:
-        logger.info("Group %d" % i)
-        params['pwd_group'] = str(i)
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PWD",
-                       identity="pwd user", password="secret password",
-                       phase1="eap_pwd_groups=0-65535",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-        if ev is None:
-            raise Exception("Timeout on EAP failure report (group %d)" % i)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        hapd.disable()
-
-def test_ap_wpa2_eap_pwd_disabled_group(dev, apdev):
-    """WPA2-Enterprise connection using disabled EAP-pwd group"""
-    check_eap_capa(dev[0], "PWD")
-    params = {"ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf"}
-    for i in [19, 21]:
-        logger.info("Group %d" % i)
-        params['pwd_group'] = str(i)
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PWD",
-                       identity="pwd user", password="secret password",
-                       phase1="eap_pwd_groups=20",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-        if ev is None:
-            raise Exception("Timeout on EAP failure report (group %d)" % i)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        hapd.disable()
-
-    params['pwd_group'] = "20"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PWD",
-                   identity="pwd user", password="secret password",
-                   phase1="eap_pwd_groups=20",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_pwd_as_frag(dev, apdev):
-    """WPA2-Enterprise connection using EAP-pwd with server fragmentation"""
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params = {"ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "pwd_group": "19", "fragment_size": "40"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PWD", "pwd user", password="secret password")
-
-def test_ap_wpa2_eap_gpsk(dev, apdev):
-    """WPA2-Enterprise connection using EAP-GPSK"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = eap_connect(dev[0], hapd, "GPSK", "gpsk user",
-                     password="abcdefghijklmnop0123456789abcdef")
-    eap_reauth(dev[0], "GPSK")
-
-    logger.info("Test forced algorithm selection")
-    for phase1 in ["cipher=1", "cipher=2"]:
-        dev[0].set_network_quoted(id, "phase1", phase1)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        dev[0].wait_connected(timeout=10)
-
-    logger.info("Test failed algorithm negotiation")
-    dev[0].set_network_quoted(id, "phase1", "cipher=9")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP failure timed out")
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "GPSK", "gpsk user",
-                password="ffcdefghijklmnop0123456789abcdef",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_sake(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SAKE"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "SAKE", "sake user",
-                password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
-    eap_reauth(dev[0], "SAKE")
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "SAKE", "sake user",
-                password_hex="ff23456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_eke(dev, apdev):
-    """WPA2-Enterprise connection using EAP-EKE"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = eap_connect(dev[0], hapd, "EKE", "eke user", password="hello")
-    eap_reauth(dev[0], "EKE")
-
-    logger.info("Test forced algorithm selection")
-    for phase1 in ["dhgroup=5 encr=1 prf=2 mac=2",
-                   "dhgroup=4 encr=1 prf=2 mac=2",
-                   "dhgroup=3 encr=1 prf=2 mac=2",
-                   "dhgroup=3 encr=1 prf=1 mac=1"]:
-        dev[0].set_network_quoted(id, "phase1", phase1)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        dev[0].wait_connected(timeout=10)
-    dev[0].dump_monitor()
-
-    logger.info("Test failed algorithm negotiation")
-    dev[0].set_network_quoted(id, "phase1", "dhgroup=9 encr=9 prf=9 mac=9")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP failure timed out")
-    dev[0].dump_monitor()
-
-    logger.info("Test unsupported algorithm proposals")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-    eap_connect(dev[0], hapd, "EKE", "eke user", password="hello",
-                phase1="dhgroup=2 encr=1 prf=1 mac=1", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-    eap_connect(dev[0], hapd, "EKE", "eke user", password="hello",
-                phase1="dhgroup=1 encr=1 prf=1 mac=1", expect_failure=True)
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "EKE", "eke user", password="hello1",
-                expect_failure=True)
-
-@long_duration_test
-def test_ap_wpa2_eap_eke_many(dev, apdev):
-    """WPA2-Enterprise connection using EAP-EKE (many connections)"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    success = 0
-    fail = 0
-    for i in range(100):
-        for j in range(3):
-            dev[j].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="EKE",
-                           identity="eke user", password="hello",
-                           phase1="dhgroup=3 encr=1 prf=1 mac=1",
-                           scan_freq="2412", wait_connect=False)
-        for j in range(3):
-            ev = dev[j].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-DISCONNECTED"], timeout=15)
-            if ev is None:
-                raise Exception("No connected/disconnected event")
-            if "CTRL-EVENT-DISCONNECTED" in ev:
-                fail += 1
-                # The RADIUS server limits on active sessions can be hit when
-                # going through this test case, so try to give some more time
-                # for the server to remove sessions.
-                logger.info("Failed to connect i=%d j=%d" % (i, j))
-                dev[j].request("REMOVE_NETWORK all")
-                time.sleep(1)
-            else:
-                success += 1
-                dev[j].request("REMOVE_NETWORK all")
-                dev[j].wait_disconnected()
-            dev[j].dump_monitor()
-    logger.info("Total success=%d failure=%d" % (success, fail))
-
-def test_ap_wpa2_eap_eke_serverid_nai(dev, apdev):
-    """WPA2-Enterprise connection using EAP-EKE with serverid NAI"""
-    params = int_eap_server_params()
-    params['server_id'] = 'example.server@w1.fi'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "EKE", "eke user", password="hello")
-
-def test_ap_wpa2_eap_eke_server_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-EKE with server OOM"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-
-    for count, func in [(1, "eap_eke_build_commit"),
-                        (2, "eap_eke_build_commit"),
-                        (3, "eap_eke_build_commit"),
-                        (1, "eap_eke_build_confirm"),
-                        (2, "eap_eke_build_confirm"),
-                        (1, "eap_eke_process_commit"),
-                        (2, "eap_eke_process_commit"),
-                        (1, "eap_eke_process_confirm"),
-                        (1, "eap_eke_process_identity"),
-                        (2, "eap_eke_process_identity"),
-                        (3, "eap_eke_process_identity"),
-                        (4, "eap_eke_process_identity")]:
-        with alloc_fail(hapd, count, func):
-            eap_connect(dev[0], hapd, "EKE", "eke user", password="hello",
-                        expect_failure=True)
-            dev[0].request("REMOVE_NETWORK all")
-
-    for count, func, pw in [(1, "eap_eke_init", "hello"),
-                            (1, "eap_eke_get_session_id", "hello"),
-                            (1, "eap_eke_getKey", "hello"),
-                            (1, "eap_eke_build_msg", "hello"),
-                            (1, "eap_eke_build_failure", "wrong"),
-                            (1, "eap_eke_build_identity", "hello"),
-                            (2, "eap_eke_build_identity", "hello")]:
-        with alloc_fail(hapd, count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                           eap="EKE", identity="eke user", password=pw,
-                           wait_connect=False, scan_freq="2412")
-            # This would eventually time out, but we can stop after having
-            # reached the allocation failure.
-            for i in range(20):
-                time.sleep(0.1)
-                if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                    break
-            dev[0].request("REMOVE_NETWORK all")
-
-    for count in range(1, 1000):
-        try:
-            with alloc_fail(hapd, count, "eap_server_sm_step"):
-                dev[0].connect("test-wpa2-eap",
-                               key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                               eap="EKE", identity="eke user", password=pw,
-                               wait_connect=False, scan_freq="2412")
-                # This would eventually time out, but we can stop after having
-                # reached the allocation failure.
-                for i in range(10):
-                    time.sleep(0.1)
-                    if hapd.request("GET_ALLOC_FAIL").startswith('0'):
-                        break
-                dev[0].request("REMOVE_NETWORK all")
-        except Exception as e:
-            if str(e) == "Allocation failure did not trigger":
-                if count < 30:
-                    raise Exception("Too few allocation failures")
-                logger.info("%d allocation failures tested" % (count - 1))
-                break
-            raise e
-
-def test_ap_wpa2_eap_ikev2(dev, apdev):
-    """WPA2-Enterprise connection using EAP-IKEv2"""
-    check_eap_capa(dev[0], "IKEV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "IKEV2", "ikev2 user",
-                password="ike password")
-    eap_reauth(dev[0], "IKEV2")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "IKEV2", "ikev2 user",
-                password="ike password", fragment_size="50")
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "IKEV2", "ikev2 user",
-                password="ike-password", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "IKEV2", "ikev2 user",
-                password="ike password", fragment_size="0")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_ikev2_as_frag(dev, apdev):
-    """WPA2-Enterprise connection using EAP-IKEv2 with server fragmentation"""
-    check_eap_capa(dev[0], "IKEV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params = {"ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "fragment_size": "50"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "IKEV2", "ikev2 user",
-                password="ike password")
-    eap_reauth(dev[0], "IKEV2")
-
-def test_ap_wpa2_eap_ikev2_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-IKEv2 and OOM"""
-    check_eap_capa(dev[0], "IKEV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "dh_init"),
-             (2, "dh_init"),
-             (1, "dh_derive_shared")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="IKEV2",
-                           identity="ikev2 user", password="ike password",
-                           wait_connect=False, scan_freq="2412")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not selected")
-            for i in range(10):
-                if "0:" in dev[0].request("GET_ALLOC_FAIL"):
-                    break
-                time.sleep(0.02)
-            dev[0].request("REMOVE_NETWORK all")
-
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("wolfSSL"):
-        tests = [(1, "os_get_random;dh_init")]
-    else:
-        tests = [(1, "crypto_dh_init;dh_init")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="IKEV2",
-                           identity="ikev2 user", password="ike password",
-                           wait_connect=False, scan_freq="2412")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not selected")
-            for i in range(10):
-                if "0:" in dev[0].request("GET_FAIL"):
-                    break
-                time.sleep(0.02)
-            dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_pax(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PAX"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-    eap_reauth(dev[0], "PAX")
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="ff23456789abcdef0123456789abcdef",
-                expect_failure=True)
-
-def test_ap_wpa2_eap_psk(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PSK"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PSK", "psk.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef", sha256=True)
-    eap_reauth(dev[0], "PSK", sha256=True)
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-5"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-5")])
-
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WPA2-EAP-SHA256-CCMP]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    logger.info("Negative test with incorrect password")
-    dev[0].request("REMOVE_NETWORK all")
-    eap_connect(dev[0], hapd, "PSK", "psk.user@example.com",
-                password_hex="ff23456789abcdef0123456789abcdef", sha256=True,
-                expect_failure=True)
-
-def test_ap_wpa2_eap_psk_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PSK and OOM"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    tests = [(1, "=aes_128_eax_encrypt"),
-             (1, "=aes_128_eax_decrypt")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PSK",
-                           identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False, scan_freq="2412")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not selected")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL",
-                              note="Failure not triggered: %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "aes_ctr_encrypt;aes_128_eax_encrypt"),
-             (1, "omac1_aes_128;aes_128_eax_encrypt"),
-             (2, "omac1_aes_128;aes_128_eax_encrypt"),
-             (3, "omac1_aes_128;aes_128_eax_encrypt"),
-             (1, "omac1_aes_vector"),
-             (1, "omac1_aes_128;aes_128_eax_decrypt"),
-             (2, "omac1_aes_128;aes_128_eax_decrypt"),
-             (3, "omac1_aes_128;aes_128_eax_decrypt"),
-             (1, "aes_ctr_encrypt;aes_128_eax_decrypt")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PSK",
-                           identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False, scan_freq="2412")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not selected")
-            wait_fail_trigger(dev[0], "GET_FAIL",
-                              note="Failure not triggered: %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    with fail_test(dev[0], 1, "aes_128_encrypt_block"):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PSK",
-                           identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False, scan_freq="2412")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("EAP method failure not reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
-    """WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
-    skip_without_tkip(dev[0])
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa_eap_params(ssid="test-wpa-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                   identity="user", password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem", wait_connect=False,
-                   scan_freq="2412")
-    eap_check_auth(dev[0], "PEAP", True, rsn=False)
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    eap_reauth(dev[0], "PEAP", rsn=False)
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-1"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-1")])
-    status = dev[0].get_status(extra="VERBOSE")
-    if 'portControl' not in status:
-        raise Exception("portControl missing from STATUS-VERBOSE")
-    if status['portControl'] != 'Auto':
-        raise Exception("Unexpected portControl value: " + status['portControl'])
-    if 'eap_session_id' not in status:
-        raise Exception("eap_session_id missing from STATUS-VERBOSE")
-    if not status['eap_session_id'].startswith("19"):
-        raise Exception("Unexpected eap_session_id value: " + status['eap_session_id'])
-
-def test_ap_wpa2_eap_interactive(dev, apdev):
-    """WPA2-Enterprise connection using interactive identity/password entry"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = [("Connection with dynamic TTLS/MSCHAPv2 password entry",
-              "TTLS", "ttls", "DOMAIN\mschapv2 user", "auth=MSCHAPV2",
-              None, "password"),
-             ("Connection with dynamic TTLS/MSCHAPv2 identity and password entry",
-              "TTLS", "ttls", None, "auth=MSCHAPV2",
-              "DOMAIN\mschapv2 user", "password"),
-             ("Connection with dynamic TTLS/EAP-MSCHAPv2 password entry",
-              "TTLS", "ttls", "user", "autheap=MSCHAPV2", None, "password"),
-             ("Connection with dynamic TTLS/EAP-MD5 password entry",
-              "TTLS", "ttls", "user", "autheap=MD5", None, "password"),
-             ("Connection with dynamic PEAP/EAP-MSCHAPv2 password entry",
-              "PEAP", None, "user", "auth=MSCHAPV2", None, "password"),
-             ("Connection with dynamic PEAP/EAP-GTC password entry",
-              "PEAP", None, "user", "auth=GTC", None, "password")]
-    for [desc, eap, anon, identity, phase2, req_id, req_pw] in tests:
-        logger.info(desc)
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=eap,
-                       anonymous_identity=anon, identity=identity,
-                       ca_cert="auth_serv/ca.pem", phase2=phase2,
-                       wait_connect=False, scan_freq="2412")
-        if req_id:
-            ev = dev[0].wait_event(["CTRL-REQ-IDENTITY"])
-            if ev is None:
-                raise Exception("Request for identity timed out")
-            id = ev.split(':')[0].split('-')[-1]
-            dev[0].request("CTRL-RSP-IDENTITY-" + id + ":" + req_id)
-        ev = dev[0].wait_event(["CTRL-REQ-PASSWORD", "CTRL-REQ-OTP"])
-        if ev is None:
-            raise Exception("Request for password timed out")
-        id = ev.split(':')[0].split('-')[-1]
-        type = "OTP" if "CTRL-REQ-OTP" in ev else "PASSWORD"
-        dev[0].request("CTRL-RSP-" + type + "-" + id + ":" + req_pw)
-        dev[0].wait_connected(timeout=10)
-        dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_ext_enable_network_while_connected(dev, apdev):
-    """WPA2-Enterprise interactive identity entry and ENABLE_NETWORK"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    id_other = dev[0].connect("other", key_mgmt="NONE", scan_freq="2412",
-                              only_add_network=True)
-
-    req_id = "DOMAIN\mschapv2 user"
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   anonymous_identity="ttls", identity=None,
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-REQ-IDENTITY"])
-    if ev is None:
-        raise Exception("Request for identity timed out")
-    id = ev.split(':')[0].split('-')[-1]
-    dev[0].request("CTRL-RSP-IDENTITY-" + id + ":" + req_id)
-    dev[0].wait_connected(timeout=10)
-
-    if "OK" not in dev[0].request("ENABLE_NETWORK " + str(id_other)):
-        raise Exception("Failed to enable network")
-    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected reconnection attempt on ENABLE_NETWORK")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_vendor_test(dev, apdev):
-    """WPA2-Enterprise connection using EAP vendor test"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "VENDOR-TEST", "vendor-test")
-    eap_reauth(dev[0], "VENDOR-TEST")
-    eap_connect(dev[1], hapd, "VENDOR-TEST", "vendor-test",
-                password="pending")
-
-def test_ap_wpa2_eap_vendor_test_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP vendor test (OOM)"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    tests = ["eap_vendor_test_init",
-             "eap_msg_alloc;eap_vendor_test_process",
-             "eap_vendor_test_getKey"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="VENDOR-TEST", identity="vendor-test",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_fast_mschapv2_unauth_prov(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/MSCHAPv2 and unauthenticated provisioning"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "FAST", "user",
-                anonymous_identity="FAST", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                phase1="fast_provisioning=1", pac_file="blob://fast_pac")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    res = eap_reauth(dev[0], "FAST")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-FAST could not use PAC session ticket")
-
-def test_ap_wpa2_eap_fast_pac_file(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-FAST/MSCHAPv2 and PAC file"""
-    check_eap_capa(dev[0], "FAST")
-    pac_file = os.path.join(params['logdir'], "fast.pac")
-    pac_file2 = os.path.join(params['logdir'], "fast-bin.pac")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        eap_connect(dev[0], hapd, "FAST", "user",
-                    anonymous_identity="FAST", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                    phase1="fast_provisioning=1", pac_file=pac_file)
-        with open(pac_file, "r") as f:
-            data = f.read()
-            if "wpa_supplicant EAP-FAST PAC file - version 1" not in data:
-                raise Exception("PAC file header missing")
-            if "PAC-Key=" not in data:
-                raise Exception("PAC-Key missing from PAC file")
-        dev[0].request("REMOVE_NETWORK all")
-        eap_connect(dev[0], hapd, "FAST", "user",
-                    anonymous_identity="FAST", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                    pac_file=pac_file)
-
-        eap_connect(dev[1], hapd, "FAST", "user",
-                    anonymous_identity="FAST", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                    phase1="fast_provisioning=1 fast_pac_format=binary",
-                    pac_file=pac_file2)
-        dev[1].request("REMOVE_NETWORK all")
-        eap_connect(dev[1], hapd, "FAST", "user",
-                    anonymous_identity="FAST", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                    phase1="fast_pac_format=binary",
-                    pac_file=pac_file2)
-    finally:
-        try:
-            os.remove(pac_file)
-        except:
-            pass
-        try:
-            os.remove(pac_file2)
-        except:
-            pass
-
-def test_ap_wpa2_eap_fast_binary_pac(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST and binary PAC format"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "FAST", "user",
-                anonymous_identity="FAST", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                phase1="fast_provisioning=1 fast_max_pac_list_len=1 fast_pac_format=binary",
-                pac_file="blob://fast_pac_bin")
-    res = eap_reauth(dev[0], "FAST")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-FAST could not use PAC session ticket")
-
-    # Verify fast_max_pac_list_len=0 special case
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    eap_connect(dev[0], hapd, "FAST", "user",
-                anonymous_identity="FAST", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                phase1="fast_provisioning=1 fast_max_pac_list_len=0 fast_pac_format=binary",
-                pac_file="blob://fast_pac_bin")
-
-def test_ap_wpa2_eap_fast_missing_pac_config(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST and missing PAC config"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                   identity="user", anonymous_identity="FAST",
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   pac_file="blob://fast_pac_not_in_use",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-    dev[0].request("REMOVE_NETWORK all")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                   identity="user", anonymous_identity="FAST",
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_fast_binary_pac_errors(dev, apdev):
-    """EAP-FAST and binary PAC errors"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "=eap_fast_save_pac_bin"),
-             (1, "eap_fast_write_pac"),
-             (2, "eap_fast_write_pac"),]
-    for count, func in tests:
-        if "OK" not in dev[0].request("SET blob fast_pac_bin_errors "):
-            raise Exception("Could not set blob")
-
-        with alloc_fail(dev[0], count, func):
-            eap_connect(dev[0], hapd, "FAST", "user",
-                        anonymous_identity="FAST", password="password",
-                        ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                        phase1="fast_provisioning=1 fast_pac_format=binary",
-                        pac_file="blob://fast_pac_bin_errors")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = ["00", "000000000000", "6ae4920c0001",
-             "6ae4920c000000",
-             "6ae4920c0000" + "0000" + 32*"00" + "ffff" + "0000",
-             "6ae4920c0000" + "0000" + 32*"00" + "0001" + "0000",
-             "6ae4920c0000" + "0000" + 32*"00" + "0000" + "0001",
-             "6ae4920c0000" + "0000" + 32*"00" + "0000" + "0008" + "00040000" + "0007000100"]
-    for t in tests:
-        if "OK" not in dev[0].request("SET blob fast_pac_bin_errors " + t):
-            raise Exception("Could not set blob")
-
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                       identity="user", anonymous_identity="FAST",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       phase1="fast_provisioning=1 fast_pac_format=binary",
-                       pac_file="blob://fast_pac_bin_errors",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                               timeout=5)
-        if ev is None:
-            raise Exception("Failure not reported")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    pac = "6ae4920c0000" + "0000" + 32*"00" + "0000" + "0000"
-    tests = [(1, "eap_fast_load_pac_bin"),
-             (2, "eap_fast_load_pac_bin"),
-             (3, "eap_fast_load_pac_bin")]
-    for count, func in tests:
-        if "OK" not in dev[0].request("SET blob fast_pac_bin_errors " + pac):
-            raise Exception("Could not set blob")
-
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                           identity="user", anonymous_identity="FAST",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           phase1="fast_provisioning=1 fast_pac_format=binary",
-                           pac_file="blob://fast_pac_bin_errors",
-                           scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=5)
-            if ev is None:
-                raise Exception("Failure not reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    pac = "6ae4920c0000" + "0000" + 32*"00" + "0000" + "0005" + "0011223344"
-    if "OK" not in dev[0].request("SET blob fast_pac_bin_errors " + pac):
-        raise Exception("Could not set blob")
-
-    eap_connect(dev[0], hapd, "FAST", "user",
-                anonymous_identity="FAST", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                phase1="fast_provisioning=1 fast_pac_format=binary",
-                pac_file="blob://fast_pac_bin_errors")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    pac = "6ae4920c0000" + "0000" + 32*"00" + "0000" + "0009" + "00040000" + "0007000100"
-    tests = [(1, "eap_fast_pac_get_a_id"),
-             (2, "eap_fast_pac_get_a_id")]
-    for count, func in tests:
-        if "OK" not in dev[0].request("SET blob fast_pac_bin_errors " + pac):
-            raise Exception("Could not set blob")
-        with alloc_fail(dev[0], count, func):
-            eap_connect(dev[0], hapd, "FAST", "user",
-                        anonymous_identity="FAST", password="password",
-                        ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                        phase1="fast_provisioning=1 fast_pac_format=binary",
-                        pac_file="blob://fast_pac_bin_errors")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_fast_text_pac_errors(dev, apdev):
-    """EAP-FAST and text PAC errors"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "eap_fast_parse_hex;eap_fast_parse_pac_key"),
-             (1, "eap_fast_parse_hex;eap_fast_parse_pac_opaque"),
-             (1, "eap_fast_parse_hex;eap_fast_parse_a_id"),
-             (1, "eap_fast_parse_start"),
-             (1, "eap_fast_save_pac")]
-    for count, func in tests:
-        dev[0].request("FLUSH")
-        if "OK" not in dev[0].request("SET blob fast_pac_text_errors "):
-            raise Exception("Could not set blob")
-
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                           identity="user", anonymous_identity="FAST",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           phase1="fast_provisioning=1",
-                           pac_file="blob://fast_pac_text_errors",
-                           scan_freq="2412", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    pac = "wpa_supplicant EAP-FAST PAC file - version 1\n"
-    pac += "START\n"
-    pac += "PAC-Type\n"
-    pac += "END\n"
-    if "OK" not in dev[0].request("SET blob fast_pac_text_errors " + binascii.hexlify(pac.encode()).decode()):
-        raise Exception("Could not set blob")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                   identity="user", anonymous_identity="FAST",
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   phase1="fast_provisioning=1",
-                   pac_file="blob://fast_pac_text_errors",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"], timeout=5)
-    if ev is None:
-        raise Exception("Failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    dev[0].request("FLUSH")
-    if "OK" not in dev[0].request("SET blob fast_pac_text_errors "):
-        raise Exception("Could not set blob")
-
-    with alloc_fail(dev[0], 1, "eap_fast_add_pac_data"):
-        for i in range(3):
-            params = int_eap_server_params()
-            params['ssid'] = "test-wpa2-eap-2"
-            params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff%02x" % i
-            params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff%02x" % i
-            params['eap_fast_a_id_info'] = "test server %d" % i
-
-            hapd2 = hostapd.add_ap(apdev[1], params)
-
-            dev[0].connect("test-wpa2-eap-2", key_mgmt="WPA-EAP", eap="FAST",
-                           identity="user", anonymous_identity="FAST",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           phase1="fast_provisioning=1",
-                           pac_file="blob://fast_pac_text_errors",
-                           scan_freq="2412", wait_connect=False)
-            dev[0].wait_connected()
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-            hapd2.disable()
-
-def test_ap_wpa2_eap_fast_pac_truncate(dev, apdev):
-    """EAP-FAST and PAC list truncation"""
-    check_eap_capa(dev[0], "FAST")
-    if "OK" not in dev[0].request("SET blob fast_pac_truncate "):
-        raise Exception("Could not set blob")
-    for i in range(5):
-        params = int_eap_server_params()
-        params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff%02x" % i
-        params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff%02x" % i
-        params['eap_fast_a_id_info'] = "test server %d" % i
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                       identity="user", anonymous_identity="FAST",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       phase1="fast_provisioning=1 fast_max_pac_list_len=2",
-                       pac_file="blob://fast_pac_truncate",
-                       scan_freq="2412", wait_connect=False)
-        dev[0].wait_connected()
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-        hapd.disable()
-
-def test_ap_wpa2_eap_fast_pac_refresh(dev, apdev):
-    """EAP-FAST and PAC refresh"""
-    check_eap_capa(dev[0], "FAST")
-    if "OK" not in dev[0].request("SET blob fast_pac_refresh "):
-        raise Exception("Could not set blob")
-    for i in range(2):
-        params = int_eap_server_params()
-        params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff%02x" % i
-        params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff%02x" % i
-        params['eap_fast_a_id_info'] = "test server %d" % i
-        params['pac_key_refresh_time'] = "1"
-        params['pac_key_lifetime'] = "10"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                       identity="user", anonymous_identity="FAST",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       phase1="fast_provisioning=1",
-                       pac_file="blob://fast_pac_refresh",
-                       scan_freq="2412", wait_connect=False)
-        dev[0].wait_connected()
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-        hapd.disable()
-
-    for i in range(2):
-        params = int_eap_server_params()
-        params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff%02x" % i
-        params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff%02x" % i
-        params['eap_fast_a_id_info'] = "test server %d" % i
-        params['pac_key_refresh_time'] = "10"
-        params['pac_key_lifetime'] = "10"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                       identity="user", anonymous_identity="FAST",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       phase1="fast_provisioning=1",
-                       pac_file="blob://fast_pac_refresh",
-                       scan_freq="2412", wait_connect=False)
-        dev[0].wait_connected()
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-        hapd.disable()
-
-def test_ap_wpa2_eap_fast_pac_lifetime(dev, apdev):
-    """EAP-FAST and PAC lifetime"""
-    check_eap_capa(dev[0], "FAST")
-    if "OK" not in dev[0].request("SET blob fast_pac_refresh "):
-        raise Exception("Could not set blob")
-
-    i = 0
-    params = int_eap_server_params()
-    params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff%02x" % i
-    params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff%02x" % i
-    params['eap_fast_a_id_info'] = "test server %d" % i
-    params['pac_key_refresh_time'] = "0"
-    params['pac_key_lifetime'] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                        identity="user", anonymous_identity="FAST",
-                        password="password",
-                        ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                        phase1="fast_provisioning=2",
-                        pac_file="blob://fast_pac_refresh",
-                        scan_freq="2412", wait_connect=False)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    time.sleep(3)
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("No EAP-Failure seen after expired PAC")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].select_network(id)
-    dev[0].wait_connected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_fast_gtc_auth_prov(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/GTC and authenticated provisioning"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "FAST", "user",
-                anonymous_identity="FAST", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                phase1="fast_provisioning=2", pac_file="blob://fast_pac_auth")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    res = eap_reauth(dev[0], "FAST")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-FAST could not use PAC session ticket")
-
-def test_ap_wpa2_eap_fast_gtc_identity_change(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/GTC and identity changing"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = eap_connect(dev[0], hapd, "FAST", "user",
-                     anonymous_identity="FAST", password="password",
-                     ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                     phase1="fast_provisioning=2",
-                     pac_file="blob://fast_pac_auth")
-    dev[0].set_network_quoted(id, "identity", "user2")
-    dev[0].wait_disconnected()
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-    if ev is None:
-        raise Exception("EAP-FAST not started")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_fast_prf_oom(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST and OOM in PRF"""
-    check_eap_capa(dev[0], "FAST")
-    tls = dev[0].request("GET tls_library")
-    if tls.startswith("OpenSSL"):
-        func = "tls_connection_get_eap_fast_key"
-        count = 2
-    elif tls.startswith("internal"):
-        func = "tls_connection_prf"
-        count = 1
-    else:
-        raise HwsimSkip("Unsupported TLS library")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    with alloc_fail(dev[0], count, func):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                       identity="user", anonymous_identity="FAST",
-                       password="password", ca_cert="auth_serv/ca.pem",
-                       phase2="auth=GTC",
-                       phase1="fast_provisioning=2",
-                       pac_file="blob://fast_pac_auth",
-                       wait_connect=False, scan_freq="2412")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-        if ev is None:
-            raise Exception("EAP failure not reported")
-    dev[0].request("DISCONNECT")
-
-def test_ap_wpa2_eap_fast_server_oom(dev, apdev):
-    """EAP-FAST/MSCHAPv2 and server OOM"""
-    check_eap_capa(dev[0], "FAST")
-
-    params = int_eap_server_params()
-    params['dh_file'] = 'auth_serv/dh.conf'
-    params['pac_opaque_encr_key'] = '000102030405060708090a0b0c0d0e0f'
-    params['eap_fast_a_id'] = '1011'
-    params['eap_fast_a_id_info'] = 'another test server'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with alloc_fail(hapd, 1, "tls_session_ticket_ext_cb"):
-        id = eap_connect(dev[0], hapd, "FAST", "user",
-                         anonymous_identity="FAST", password="password",
-                         ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                         phase1="fast_provisioning=1",
-                         pac_file="blob://fast_pac",
-                         expect_failure=True)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("No EAP failure reported")
-        dev[0].wait_disconnected()
-        dev[0].request("DISCONNECT")
-
-    dev[0].select_network(id, freq="2412")
-
-def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev):
-    """EAP-FAST and different TLS cipher suites"""
-    check_eap_capa(dev[0], "FAST")
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
-        raise HwsimSkip("TLS library is not OpenSSL or wolfSSL: " + tls)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET blob fast_pac_ciphers ")
-    eap_connect(dev[0], hapd, "FAST", "user",
-                anonymous_identity="FAST", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                phase1="fast_provisioning=2",
-                pac_file="blob://fast_pac_ciphers")
-    res = dev[0].get_status_field('EAP TLS cipher')
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    if res != "DHE-RSA-AES256-SHA":
-        raise Exception("Unexpected cipher suite for provisioning: " + res)
-
-    tests = ["DHE-RSA-AES128-SHA",
-             "RC4-SHA",
-             "AES128-SHA",
-             "AES256-SHA",
-             "DHE-RSA-AES256-SHA"]
-    for cipher in tests:
-        dev[0].dump_monitor()
-        logger.info("Testing " + cipher)
-        try:
-            eap_connect(dev[0], hapd, "FAST", "user",
-                        openssl_ciphers=cipher,
-                        anonymous_identity="FAST", password="password",
-                        ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                        pac_file="blob://fast_pac_ciphers",
-                        report_failure=True)
-        except Exception as e:
-            if cipher == "RC4-SHA" and \
-               ("Could not select EAP method" in str(e) or \
-                "EAP failed" in str(e)):
-                if "run=OpenSSL 1.1" in tls:
-                    logger.info("Allow failure due to missing TLS library support")
-                    dev[0].request("REMOVE_NETWORK all")
-                    dev[0].wait_disconnected()
-                    continue
-            raise
-        res = dev[0].get_status_field('EAP TLS cipher')
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        if res != cipher:
-            raise Exception("Unexpected TLS cipher info (configured %s): %s" % (cipher, res))
-
-def test_ap_wpa2_eap_fast_prov(dev, apdev):
-    """EAP-FAST and provisioning options"""
-    check_eap_capa(dev[0], "FAST")
-    if "OK" not in dev[0].request("SET blob fast_pac_prov "):
-        raise Exception("Could not set blob")
-
-    i = 100
-    params = int_eap_server_params()
-    params['disable_pmksa_caching'] = '1'
-    params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff%02x" % i
-    params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff%02x" % i
-    params['eap_fast_a_id_info'] = "test server %d" % i
-    params['eap_fast_prov'] = "0"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    logger.info("Provisioning attempt while server has provisioning disabled")
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                        identity="user", anonymous_identity="FAST",
-                        password="password",
-                        ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                        phase1="fast_provisioning=2",
-                        pac_file="blob://fast_pac_prov",
-                        scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='failure'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    logger.info("Authenticated provisioning")
-    hapd.set("eap_fast_prov", "2")
-    hapd.enable()
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='success'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    logger.info("Provisioning disabled - using previously provisioned PAC")
-    hapd.set("eap_fast_prov", "0")
-    hapd.enable()
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='success'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    logger.info("Drop PAC and verify connection failure")
-    if "OK" not in dev[0].request("SET blob fast_pac_prov "):
-        raise Exception("Could not set blob")
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='failure'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    logger.info("Anonymous provisioning")
-    hapd.set("eap_fast_prov", "1")
-    hapd.enable()
-    dev[0].set_network_quoted(id, "phase1", "fast_provisioning=1")
-    dev[0].select_network(id, freq="2412")
-    # Anonymous provisioning results in EAP-Failure first
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='failure'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_disconnected()
-    # And then the actual data connection
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='success'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    logger.info("Provisioning disabled - using previously provisioned PAC")
-    hapd.set("eap_fast_prov", "0")
-    hapd.enable()
-
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='completion'"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP result not reported")
-    if "parameter='success'" not in ev:
-        raise Exception("Unexpected EAP result: " + ev)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-def test_ap_wpa2_eap_fast_eap_vendor(dev, apdev):
-    """WPA2-Enterprise connection using EAP-FAST/EAP-vendor"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "FAST", "vendor-test-2",
-                anonymous_identity="FAST",
-                phase1="fast_provisioning=2", pac_file="blob://fast_pac",
-                ca_cert="auth_serv/ca.pem", phase2="auth=VENDOR-TEST")
-
-def test_ap_wpa2_eap_tls_ocsp(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and verifying OCSP"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                private_key="auth_serv/user.pkcs12",
-                private_key_passwd="whatever", ocsp=2)
-
-def test_ap_wpa2_eap_tls_ocsp_multi(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and verifying OCSP-multi"""
-    check_ocsp_multi_support(dev[0])
-    check_pkcs12_support(dev[0])
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                private_key="auth_serv/user.pkcs12",
-                private_key_passwd="whatever", ocsp=2)
-
-def int_eap_server_params():
-    params = {"ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "dh_file": "auth_serv/dh.conf"}
-    return params
-
-def run_openssl(arg):
-    logger.info(' '.join(arg))
-    cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
-                           stderr=subprocess.PIPE)
-    res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode()
-    cmd.stdout.close()
-    cmd.stderr.close()
-    cmd.wait()
-    if cmd.returncode != 0:
-        raise Exception("bad return code from openssl\n\n" + res)
-    logger.info("openssl result:\n" + res)
-
-def ocsp_cache_key_id(outfile):
-    if os.path.exists(outfile):
-        return
-    arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt",
-           '-rsigner', 'auth_serv/ocsp-responder.pem',
-           '-rkey', 'auth_serv/ocsp-responder.key',
-           '-resp_key_id',
-           '-CA', 'auth_serv/ca.pem',
-           '-issuer', 'auth_serv/ca.pem',
-           '-verify_other', 'auth_serv/ca.pem',
-           '-trust_other',
-           '-ndays', '7',
-           '-reqin', 'auth_serv/ocsp-req.der',
-           '-respout', outfile]
-    run_openssl(arg)
-
-def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
-    """EAP-TLS and OCSP certificate signed OCSP response using key ID"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
-    ocsp_cache_key_id(ocsp)
-    if not os.path.exists(ocsp):
-        raise HwsimSkip("No OCSP response available")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   scan_freq="2412")
-
-def ocsp_req(outfile):
-    if os.path.exists(outfile):
-        return
-    arg = ["openssl", "ocsp",
-           "-reqout", outfile,
-           '-issuer', 'auth_serv/ca.pem',
-           '-sha256',
-           '-serial', '0xD8D3E3A6CBE3CD69',
-           '-no_nonce']
-    run_openssl(arg)
-    if not os.path.exists(outfile):
-        raise HwsimSkip("Failed to generate OCSP request")
-
-def ocsp_resp_ca_signed(reqfile, outfile, status):
-    ocsp_req(reqfile)
-    if os.path.exists(outfile):
-        return
-    arg = ["openssl", "ocsp",
-           "-index", "auth_serv/index%s.txt" % status,
-           "-rsigner", "auth_serv/ca.pem",
-           "-rkey", "auth_serv/ca-key.pem",
-           "-CA", "auth_serv/ca.pem",
-           "-ndays", "7",
-           "-reqin", reqfile,
-           "-resp_no_certs",
-           "-respout", outfile]
-    run_openssl(arg)
-    if not os.path.exists(outfile):
-        raise HwsimSkip("No OCSP response available")
-
-def ocsp_resp_server_signed(reqfile, outfile):
-    ocsp_req(reqfile)
-    if os.path.exists(outfile):
-        return
-    arg = ["openssl", "ocsp",
-           "-index", "auth_serv/index.txt",
-           "-rsigner", "auth_serv/server.pem",
-           "-rkey", "auth_serv/server.key",
-           "-CA", "auth_serv/ca.pem",
-           "-ndays", "7",
-           "-reqin", reqfile,
-           "-respout", outfile]
-    run_openssl(arg)
-    if not os.path.exists(outfile):
-        raise HwsimSkip("No OCSP response available")
-
-def test_ap_wpa2_eap_tls_ocsp_ca_signed_good(dev, apdev, params):
-    """EAP-TLS and CA signed OCSP response (good)"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    req = os.path.join(params['logdir'], "ocsp-req.der")
-    ocsp = os.path.join(params['logdir'], "ocsp-resp-ca-signed.der")
-    ocsp_resp_ca_signed(req, ocsp, "")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_tls_ocsp_ca_signed_revoked(dev, apdev, params):
-    """EAP-TLS and CA signed OCSP response (revoked)"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    req = os.path.join(params['logdir'], "ocsp-req.der")
-    ocsp = os.path.join(params['logdir'], "ocsp-resp-ca-signed-revoked.der")
-    ocsp_resp_ca_signed(req, ocsp, "-revoked")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        if 'certificate revoked' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_tls_ocsp_ca_signed_unknown(dev, apdev, params):
-    """EAP-TLS and CA signed OCSP response (unknown)"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    req = os.path.join(params['logdir'], "ocsp-req.der")
-    ocsp = os.path.join(params['logdir'], "ocsp-resp-ca-signed-unknown.der")
-    ocsp_resp_ca_signed(req, ocsp, "-unknown")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_tls_ocsp_server_signed(dev, apdev, params):
-    """EAP-TLS and server signed OCSP response"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    req = os.path.join(params['logdir'], "ocsp-req.der")
-    ocsp = os.path.join(params['logdir'], "ocsp-resp-server-signed.der")
-    ocsp_resp_server_signed(req, ocsp)
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_tls_ocsp_invalid_data(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and invalid OCSP data"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = "auth_serv/ocsp-req.der"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_tls_ocsp_invalid(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and invalid OCSP response"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = "auth_serv/ocsp-server-cache.der-invalid"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_tls_ocsp_unknown_sign(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TLS and unknown OCSP signer"""
-    check_ocsp_support(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = "auth_serv/ocsp-server-cache.der-unknown-sign"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def ocsp_resp_status(outfile, status):
-    if os.path.exists(outfile):
-        return
-    arg = ["openssl", "ocsp", "-index", "auth_serv/index-%s.txt" % status,
-           '-rsigner', 'auth_serv/ocsp-responder.pem',
-           '-rkey', 'auth_serv/ocsp-responder.key',
-           '-CA', 'auth_serv/ca.pem',
-           '-issuer', 'auth_serv/ca.pem',
-           '-verify_other', 'auth_serv/ca.pem',
-           '-trust_other',
-           '-ndays', '7',
-           '-reqin', 'auth_serv/ocsp-req.der',
-           '-respout', outfile]
-    run_openssl(arg)
-
-def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
-    check_ocsp_support(dev[0])
-    ocsp = os.path.join(params['logdir'], "ocsp-server-cache-revoked.der")
-    ocsp_resp_status(ocsp, "revoked")
-    if not os.path.exists(ocsp):
-        raise HwsimSkip("No OCSP response available")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", ca_cert="auth_serv/ca.pem",
-                   anonymous_identity="ttls", password="password",
-                   phase2="auth=PAP", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        if 'certificate revoked' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown"""
-    check_ocsp_support(dev[0])
-    ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
-    ocsp_resp_status(ocsp, "unknown")
-    if not os.path.exists(ocsp):
-        raise HwsimSkip("No OCSP response available")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", ca_cert="auth_serv/ca.pem",
-                   anonymous_identity="ttls", password="password",
-                   phase2="auth=PAP", ocsp=2,
-                   wait_connect=False, scan_freq="2412")
-    count = 0
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
-        if ev is None:
-            raise Exception("Timeout on EAP status")
-        if 'bad certificate status response' in ev:
-            break
-        count = count + 1
-        if count > 10:
-            raise Exception("Unexpected number of EAP status messages")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown"""
-    check_ocsp_support(dev[0])
-    ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
-    ocsp_resp_status(ocsp, "unknown")
-    if not os.path.exists(ocsp):
-        raise HwsimSkip("No OCSP response available")
-    params = int_eap_server_params()
-    params["ocsp_stapling_response"] = ocsp
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", ca_cert="auth_serv/ca.pem",
-                   anonymous_identity="ttls", password="password",
-                   phase2="auth=PAP", ocsp=1, scan_freq="2412")
-
-def test_ap_wpa2_eap_tls_intermediate_ca(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA"""
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
-    params["server_cert"] = "auth_serv/iCA-server/server.pem"
-    params["private_key"] = "auth_serv/iCA-server/server.key"
-    hostapd.add_ap(apdev[0], params)
-    tls = dev[0].request("GET tls_library")
-    if "GnuTLS" in tls or "wolfSSL" in tls:
-        ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-        client_cert = "auth_serv/iCA-user/user_and_ica.pem"
-    else:
-        ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-        client_cert = "auth_serv/iCA-user/user.pem"
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user",
-                   ca_cert=ca_cert,
-                   client_cert=client_cert,
-                   private_key="auth_serv/iCA-user/user.key",
-                   scan_freq="2412")
-
-def root_ocsp(cert):
-    ca = "auth_serv/ca.pem"
-
-    fd2, fn2 = tempfile.mkstemp()
-    os.close(fd2)
-
-    arg = ["openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
-           "-cert", cert, "-no_nonce", "-text"]
-    run_openssl(arg)
-
-    fd, fn = tempfile.mkstemp()
-    os.close(fd)
-    arg = ["openssl", "ocsp", "-index", "auth_serv/rootCA/index.txt",
-           "-rsigner", ca, "-rkey", "auth_serv/ca-key.pem",
-           "-CA", ca, "-issuer", ca, "-verify_other", ca, "-trust_other",
-           "-ndays", "7", "-reqin", fn2, "-resp_no_certs", "-respout", fn,
-           "-text"]
-    run_openssl(arg)
-    os.unlink(fn2)
-    return fn
-
-def ica_ocsp(cert, md="-sha256"):
-    prefix = "auth_serv/iCA-server/"
-    ca = prefix + "cacert.pem"
-    cert = prefix + cert
-
-    fd2, fn2 = tempfile.mkstemp()
-    os.close(fd2)
-
-    arg = ["openssl", "ocsp", "-reqout", fn2, "-issuer", ca, md,
-           "-cert", cert, "-no_nonce", "-text"]
-    run_openssl(arg)
-
-    fd, fn = tempfile.mkstemp()
-    os.close(fd)
-    arg = ["openssl", "ocsp", "-index", prefix + "index.txt",
-           "-rsigner", ca, "-rkey", prefix + "private/cakey.pem",
-           "-CA", ca, "-issuer", ca, "-verify_other", ca, "-trust_other",
-           "-ndays", "7", "-reqin", fn2, "-resp_no_certs", "-respout", fn,
-           "-text"]
-    run_openssl(arg)
-    os.unlink(fn2)
-    return fn
-
-def test_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA and OCSP on server certificate"""
-    run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha256")
-
-def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA and OCSP on server certificate )SHA1)"""
-    run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1")
-
-def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
-    params["server_cert"] = "auth_serv/iCA-server/server.pem"
-    params["private_key"] = "auth_serv/iCA-server/server.key"
-    fn = ica_ocsp("server.pem", md)
-    params["ocsp_stapling_response"] = fn
-    try:
-        hostapd.add_ap(apdev[0], params)
-        tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user_and_ica.pem"
-        else:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user.pem"
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user",
-                       ca_cert=ca_cert,
-                       client_cert=client_cert,
-                       private_key="auth_serv/iCA-user/user.key",
-                       scan_freq="2412", ocsp=2)
-    finally:
-        os.unlink(fn)
-
-def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA and OCSP on revoked server certificate"""
-    run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params,
-                                                     "-sha256")
-
-def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA and OCSP on revoked server certificate (SHA1)"""
-    run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params,
-                                                     "-sha1")
-
-def run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params, md):
-    check_ocsp_support(dev[0])
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
-    params["server_cert"] = "auth_serv/iCA-server/server-revoked.pem"
-    params["private_key"] = "auth_serv/iCA-server/server-revoked.key"
-    fn = ica_ocsp("server-revoked.pem", md)
-    params["ocsp_stapling_response"] = fn
-    try:
-        hostapd.add_ap(apdev[0], params)
-        tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user_and_ica.pem"
-        else:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user.pem"
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user",
-                       ca_cert=ca_cert,
-                       client_cert=client_cert,
-                       private_key="auth_serv/iCA-user/user.key",
-                       scan_freq="2412", ocsp=1, wait_connect=False)
-        count = 0
-        while True:
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS",
-                                    "CTRL-EVENT-EAP-SUCCESS"])
-            if ev is None:
-                raise Exception("Timeout on EAP status")
-            if "CTRL-EVENT-EAP-SUCCESS" in ev:
-                raise Exception("Unexpected EAP-Success")
-            if 'bad certificate status response' in ev:
-                break
-            if 'certificate revoked' in ev:
-                break
-            count = count + 1
-            if count > 10:
-                raise Exception("Unexpected number of EAP status messages")
-
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-        if ev is None:
-            raise Exception("Timeout on EAP failure report")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    finally:
-        os.unlink(fn)
-
-def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA and OCSP multi missing response"""
-    check_ocsp_support(dev[0])
-    check_ocsp_multi_support(dev[0])
-
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
-    params["server_cert"] = "auth_serv/iCA-server/server.pem"
-    params["private_key"] = "auth_serv/iCA-server/server.key"
-    fn = ica_ocsp("server.pem")
-    params["ocsp_stapling_response"] = fn
-    try:
-        hostapd.add_ap(apdev[0], params)
-        tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user_and_ica.pem"
-        else:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user.pem"
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user",
-                       ca_cert=ca_cert,
-                       client_cert=client_cert,
-                       private_key="auth_serv/iCA-user/user.key",
-                       scan_freq="2412", ocsp=3, wait_connect=False)
-        count = 0
-        while True:
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS",
-                                    "CTRL-EVENT-EAP-SUCCESS"])
-            if ev is None:
-                raise Exception("Timeout on EAP status")
-            if "CTRL-EVENT-EAP-SUCCESS" in ev:
-                raise Exception("Unexpected EAP-Success")
-            if 'bad certificate status response' in ev:
-                break
-            if 'certificate revoked' in ev:
-                break
-            count = count + 1
-            if count > 10:
-                raise Exception("Unexpected number of EAP status messages")
-
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-        if ev is None:
-            raise Exception("Timeout on EAP failure report")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    finally:
-        os.unlink(fn)
-
-def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params):
-    """EAP-TLS with intermediate server/user CA and OCSP multi OK"""
-    check_ocsp_support(dev[0])
-    check_ocsp_multi_support(dev[0])
-
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
-    params["server_cert"] = "auth_serv/iCA-server/server.pem"
-    params["private_key"] = "auth_serv/iCA-server/server.key"
-    fn = ica_ocsp("server.pem")
-    fn2 = root_ocsp("auth_serv/iCA-server/cacert.pem")
-    params["ocsp_stapling_response"] = fn
-
-    with open(fn, "rb") as f:
-        resp_server = f.read()
-    with open(fn2, "rb") as f:
-        resp_ica = f.read()
-
-    fd3, fn3 = tempfile.mkstemp()
-    try:
-        f = os.fdopen(fd3, 'wb')
-        f.write(struct.pack(">L", len(resp_server))[1:4])
-        f.write(resp_server)
-        f.write(struct.pack(">L", len(resp_ica))[1:4])
-        f.write(resp_ica)
-        f.close()
-
-        params["ocsp_stapling_response_multi"] = fn3
-
-        hostapd.add_ap(apdev[0], params)
-        tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user_and_ica.pem"
-        else:
-            ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
-            client_cert = "auth_serv/iCA-user/user.pem"
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user",
-                       ca_cert=ca_cert,
-                       client_cert=client_cert,
-                       private_key="auth_serv/iCA-user/user.key",
-                       scan_freq="2412", ocsp=3)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    finally:
-        os.unlink(fn)
-        os.unlink(fn2)
-        os.unlink(fn3)
-
-def test_ap_wpa2_eap_tls_ocsp_multi_revoked(dev, apdev, params):
-    """EAP-TLS and CA signed OCSP multi response (revoked)"""
-    check_ocsp_support(dev[0])
-    check_ocsp_multi_support(dev[0])
-    check_pkcs12_support(dev[0])
-
-    req = os.path.join(params['logdir'], "ocsp-req.der")
-    ocsp_revoked = os.path.join(params['logdir'],
-                                "ocsp-resp-ca-signed-revoked.der")
-    ocsp_unknown = os.path.join(params['logdir'],
-                                "ocsp-resp-ca-signed-unknown.der")
-    ocsp_resp_ca_signed(req, ocsp_revoked, "-revoked")
-    ocsp_resp_ca_signed(req, ocsp_unknown, "-unknown")
-
-    with open(ocsp_revoked, "rb") as f:
-        resp_revoked = f.read()
-    with open(ocsp_unknown, "rb") as f:
-        resp_unknown = f.read()
-
-    fd, fn = tempfile.mkstemp()
-    try:
-        # This is not really a valid order of the OCSPResponse items in the
-        # list, but this works for now to verify parsing and processing of
-        # multiple responses.
-        f = os.fdopen(fd, 'wb')
-        f.write(struct.pack(">L", len(resp_unknown))[1:4])
-        f.write(resp_unknown)
-        f.write(struct.pack(">L", len(resp_revoked))[1:4])
-        f.write(resp_revoked)
-        f.write(struct.pack(">L", 0)[1:4])
-        f.write(struct.pack(">L", len(resp_unknown))[1:4])
-        f.write(resp_unknown)
-        f.close()
-
-        params = int_eap_server_params()
-        params["ocsp_stapling_response_multi"] = fn
-        hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user", ca_cert="auth_serv/ca.pem",
-                       private_key="auth_serv/user.pkcs12",
-                       private_key_passwd="whatever", ocsp=1,
-                       wait_connect=False, scan_freq="2412")
-        count = 0
-        while True:
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS",
-                                    "CTRL-EVENT-EAP-SUCCESS"])
-            if ev is None:
-                raise Exception("Timeout on EAP status")
-            if "CTRL-EVENT-EAP-SUCCESS" in ev:
-                raise Exception("Unexpected EAP-Success")
-            if 'bad certificate status response' in ev:
-                break
-            if 'certificate revoked' in ev:
-                break
-            count = count + 1
-            if count > 10:
-                raise Exception("Unexpected number of EAP status messages")
-    finally:
-        os.unlink(fn)
-
-def test_ap_wpa2_eap_tls_domain_suffix_match_cn_full(dev, apdev):
-    """WPA2-Enterprise using EAP-TLS and domain suffix match (CN)"""
-    check_domain_match_full(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-no-dnsname.pem"
-    params["private_key"] = "auth_serv/server-no-dnsname.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_suffix_match="server3.w1.fi",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_tls_domain_match_cn(dev, apdev):
-    """WPA2-Enterprise using EAP-TLS and domainmatch (CN)"""
-    check_domain_match(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-no-dnsname.pem"
-    params["private_key"] = "auth_serv/server-no-dnsname.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_match="server3.w1.fi",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_tls_domain_suffix_match_cn(dev, apdev):
-    """WPA2-Enterprise using EAP-TLS and domain suffix match (CN)"""
-    check_domain_match_full(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-no-dnsname.pem"
-    params["private_key"] = "auth_serv/server-no-dnsname.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_suffix_match="w1.fi",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_tls_domain_suffix_mismatch_cn(dev, apdev):
-    """WPA2-Enterprise using EAP-TLS and domain suffix mismatch (CN)"""
-    check_domain_suffix_match(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-no-dnsname.pem"
-    params["private_key"] = "auth_serv/server-no-dnsname.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_suffix_match="example.com",
-                   wait_connect=False,
-                   scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_suffix_match="erver3.w1.fi",
-                   wait_connect=False,
-                   scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-    ev = dev[1].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report (2)")
-
-def test_ap_wpa2_eap_tls_domain_mismatch_cn(dev, apdev):
-    """WPA2-Enterprise using EAP-TLS and domain mismatch (CN)"""
-    check_domain_match(dev[0])
-    check_pkcs12_support(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-no-dnsname.pem"
-    params["private_key"] = "auth_serv/server-no-dnsname.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_match="example.com",
-                   wait_connect=False,
-                   scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user", ca_cert="auth_serv/ca.pem",
-                   private_key="auth_serv/user.pkcs12",
-                   private_key_passwd="whatever",
-                   domain_match="w1.fi",
-                   wait_connect=False,
-                   scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-    ev = dev[1].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report (2)")
-
-def test_ap_wpa2_eap_ttls_expired_cert(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and expired certificate"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-expired.pem"
-    params["private_key"] = "auth_serv/server-expired.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   wait_connect=False,
-                   scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
-    if ev is None:
-        raise Exception("Timeout on EAP certificate error report")
-    if "reason=4" not in ev or "certificate has expired" not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_ttls_ignore_expired_cert(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and ignore certificate expiration"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-expired.pem"
-    params["private_key"] = "auth_serv/server-expired.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   phase1="tls_disable_time_checks=1",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_ttls_long_duration(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and long certificate duration"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-long-duration.pem"
-    params["private_key"] = "auth_serv/server-long-duration.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and server cert with client EKU"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-eku-client.pem"
-    params["private_key"] = "auth_serv/server-eku-client.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   wait_connect=False,
-                   scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("Timeout on EAP failure report")
-
-def test_ap_wpa2_eap_ttls_server_cert_eku_client_server(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and server cert with client and server EKU"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-eku-client-server.pem"
-    params["private_key"] = "auth_serv/server-eku-client-server.key"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and server PKCS#12 file"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    del params["server_cert"]
-    params["private_key"] = "auth_serv/server.pkcs12"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev):
-    """EAP-TTLS and server PKCS#12 file with extra certs"""
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    del params["server_cert"]
-    params["private_key"] = "auth_serv/server-extra.pkcs12"
-    params["private_key_passwd"] = "whatever"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_ttls_dh_params(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=PAP",
-                dh_file="auth_serv/dh.conf")
-
-def test_ap_wpa2_eap_ttls_dh_params_dsa(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS and setting DH params (DSA)"""
-    check_dh_dsa_support(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=PAP",
-                dh_file="auth_serv/dsaparam.pem")
-
-def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev):
-    """EAP-TTLS and DH params file not found"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   dh_file="auth_serv/dh-no-such-file.conf",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("EAP failure timed out")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev):
-    """EAP-TTLS and invalid DH params file"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="mschap user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   dh_file="auth_serv/ca.pem",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("EAP failure timed out")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_ttls_dh_params_blob(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params from blob"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dh = read_pem("auth_serv/dh2.conf")
-    if "OK" not in dev[0].request("SET blob dhparams " + binascii.hexlify(dh).decode()):
-        raise Exception("Could not set dhparams blob")
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=PAP",
-                dh_file="blob://dhparams")
-
-def test_ap_wpa2_eap_ttls_dh_params_server(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and alternative server dhparams"""
-    params = int_eap_server_params()
-    params["dh_file"] = "auth_serv/dh2.conf"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=PAP")
-
-def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
-    """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
-    params = int_eap_server_params()
-    params["dh_file"] = "auth_serv/dsaparam.pem"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=PAP")
-
-def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev):
-    """EAP-TLS server and dhparams file not found"""
-    params = int_eap_server_params()
-    params["dh_file"] = "auth_serv/dh-no-such-file.conf"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted")
-
-def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev):
-    """EAP-TLS server and invalid dhparams file"""
-    params = int_eap_server_params()
-    params["dh_file"] = "auth_serv/ca.pem"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted")
-
-def test_ap_wpa2_eap_reauth(dev, apdev):
-    """WPA2-Enterprise and Authenticator forcing reauthentication"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['eap_reauth_period'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-    logger.info("Wait for reauthentication")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on reauthentication")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on reauthentication")
-    for i in range(0, 20):
-        state = dev[0].get_status_field("wpa_state")
-        if state == "COMPLETED":
-            break
-        time.sleep(0.1)
-    if state != "COMPLETED":
-        raise Exception("Reauthentication did not complete")
-
-def test_ap_wpa2_eap_reauth_ptk_rekey_blocked_ap(dev, apdev):
-    """WPA2-Enterprise and Authenticator forcing reauthentication with PTK rekey blocked on AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['eap_reauth_period'] = '2'
-    params['wpa_deny_ptk0_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-    logger.info("Wait for disconnect due to reauth")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on reauthentication")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Reauthentication without disconnect")
-
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
-    if ev is None:
-        raise Exception("Timeout on reconnect")
-
-def test_ap_wpa2_eap_reauth_ptk_rekey_blocked_sta(dev, apdev):
-    """WPA2-Enterprise and Authenticator forcing reauthentication with PTK rekey blocked on station"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['eap_reauth_period'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                wpa_deny_ptk0_rekey="2")
-    logger.info("Wait for disconnect due to reauth")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on reauthentication")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Reauthentication without disconnect")
-
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
-    if ev is None:
-        raise Exception("Timeout on reconnect")
-
-def test_ap_wpa2_eap_request_identity_message(dev, apdev):
-    """Optional displayable message in EAP Request-Identity"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['eap_message'] = 'hello\\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-
-def test_ap_wpa2_eap_sim_aka_result_ind(dev, apdev):
-    """WPA2-Enterprise using EAP-SIM/AKA and protected result indication"""
-    check_hlr_auc_gw_support()
-    params = int_eap_server_params()
-    params['eap_sim_db'] = "unix:/tmp/hlr_auc_gw.sock"
-    params['eap_sim_aka_result_ind'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    eap_connect(dev[0], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                phase1="result_ind=1")
-    eap_reauth(dev[0], "SIM")
-    eap_connect(dev[1], hapd, "SIM", "1232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                phase1="result_ind=1")
-    eap_reauth(dev[0], "AKA")
-    eap_connect(dev[1], hapd, "AKA", "0232010000000000",
-                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-
-    eap_connect(dev[0], hapd, "AKA'", "6555444333222111",
-                password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-                phase1="result_ind=1")
-    eap_reauth(dev[0], "AKA'")
-    eap_connect(dev[1], hapd, "AKA'", "6555444333222111",
-                password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-
-def test_ap_wpa2_eap_sim_zero_db_timeout(dev, apdev):
-    """WPA2-Enterprise using EAP-SIM with zero database timeout"""
-    check_hlr_auc_gw_support()
-    params = int_eap_server_params()
-    params['eap_sim_db'] = "unix:/tmp/hlr_auc_gw.sock"
-    params['eap_sim_db_timeout'] = "0"
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # Run multiple iterations to make it more likely to hit the case where the
-    # DB request times out and response is lost.
-    for i in range(20):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="SIM",
-                       identity="1232010000000000",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                       wait_connect=False, scan_freq="2412")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("No connection result")
-        dev[0].request("REMOVE_NETWORK all")
-        if "CTRL-EVENT-DISCONNECTED" in ev:
-            break
-        dev[0].wait_disconnected()
-        hapd.ping()
-
-def test_ap_wpa2_eap_too_many_roundtrips(dev, apdev):
-    """WPA2-Enterprise connection resulting in too many EAP roundtrips"""
-    skip_with_fips(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                   eap="TTLS", identity="mschap user",
-                   wait_connect=False, scan_freq="2412", ieee80211w="1",
-                   anonymous_identity="ttls", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   fragment_size="4")
-    ev = dev[0].wait_event(["EAP: more than",
-                            "CTRL-EVENT-EAP-SUCCESS"], timeout=20)
-    if ev is None or "EAP: more than" not in ev:
-        raise Exception("EAP roundtrip limit not reached")
-
-def test_ap_wpa2_eap_too_many_roundtrips_server(dev, apdev):
-    """WPA2-Enterprise connection resulting in too many EAP roundtrips (server)"""
-    run_ap_wpa2_eap_too_many_roundtrips_server(dev, apdev, 10, 10)
-
-def test_ap_wpa2_eap_too_many_roundtrips_server2(dev, apdev):
-    """WPA2-Enterprise connection resulting in too many EAP roundtrips (server)"""
-    run_ap_wpa2_eap_too_many_roundtrips_server(dev, apdev, 10, 1)
-
-def run_ap_wpa2_eap_too_many_roundtrips_server(dev, apdev, max_rounds,
-                                               max_rounds_short):
-    skip_with_fips(dev[0])
-    params = int_eap_server_params()
-    params["max_auth_rounds"] = str(max_rounds)
-    params["max_auth_rounds_short"] = str(max_rounds_short)
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                   eap="TTLS", identity="mschap user",
-                   wait_connect=False, scan_freq="2412", ieee80211w="1",
-                   anonymous_identity="ttls", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                   fragment_size="4")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE",
-                            "CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None or "SUCCESS" in ev:
-        raise Exception("EAP roundtrip limit not reported")
-
-def test_ap_wpa2_eap_expanded_nak(dev, apdev):
-    """WPA2-Enterprise connection with EAP resulting in expanded NAK"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                   eap="PSK", identity="vendor-test",
-                   password_hex="ff23456789abcdef0123456789abcdef",
-                   wait_connect=False)
-
-    found = False
-    for i in range(0, 5):
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"], timeout=16)
-        if ev is None:
-            raise Exception("Association and EAP start timed out")
-        if "refuse proposed method" in ev:
-            found = True
-            break
-    if not found:
-        raise Exception("Unexpected EAP status: " + ev)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
-    if ev is None:
-        raise Exception("EAP failure timed out")
-
-def test_ap_wpa2_eap_sql(dev, apdev, params):
-    """WPA2-Enterprise connection using SQLite for user DB"""
-    skip_with_fips(dev[0])
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    dbfile = os.path.join(params['logdir'], "eap-user.db")
-    try:
-        os.remove(dbfile)
-    except:
-        pass
-    con = sqlite3.connect(dbfile)
-    with con:
-        cur = con.cursor()
-        cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
-        cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
-        cur.execute("INSERT INTO users(identity,methods,password,phase2) VALUES ('user-pap','TTLS-PAP','password',1)")
-        cur.execute("INSERT INTO users(identity,methods,password,phase2) VALUES ('user-chap','TTLS-CHAP','password',1)")
-        cur.execute("INSERT INTO users(identity,methods,password,phase2) VALUES ('user-mschap','TTLS-MSCHAP','password',1)")
-        cur.execute("INSERT INTO users(identity,methods,password,phase2) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1)")
-        cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
-        cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
-
-    try:
-        params = int_eap_server_params()
-        params["eap_user_file"] = "sqlite:" + dbfile
-        hapd = hostapd.add_ap(apdev[0], params)
-        eap_connect(dev[0], hapd, "TTLS", "user-mschapv2",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-        dev[0].request("REMOVE_NETWORK all")
-        eap_connect(dev[1], hapd, "TTLS", "user-mschap",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP")
-        dev[1].request("REMOVE_NETWORK all")
-        eap_connect(dev[0], hapd, "TTLS", "user-chap",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=CHAP")
-        eap_connect(dev[1], hapd, "TTLS", "user-pap",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[1].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[1].wait_disconnected()
-        hapd.disable()
-        hapd.enable()
-        eap_connect(dev[0], hapd, "TTLS", "user-mschapv2",
-                    anonymous_identity="ttls", password="password",
-                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    finally:
-        os.remove(dbfile)
-
-def test_ap_wpa2_eap_non_ascii_identity(dev, apdev):
-    """WPA2-Enterprise connection attempt using non-ASCII identity"""
-    params = int_eap_server_params()
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="\x80", password="password", wait_connect=False)
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="a\x80", password="password", wait_connect=False)
-    for i in range(0, 2):
-        ev = dev[i].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-        if ev is None:
-            raise Exception("Association and EAP start timed out")
-        ev = dev[i].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
-        if ev is None:
-            raise Exception("EAP method selection timed out")
-
-def test_ap_wpa2_eap_non_ascii_identity2(dev, apdev):
-    """WPA2-Enterprise connection attempt using non-ASCII identity"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="\x80", password="password", wait_connect=False)
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="a\x80", password="password", wait_connect=False)
-    for i in range(0, 2):
-        ev = dev[i].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
-        if ev is None:
-            raise Exception("Association and EAP start timed out")
-        ev = dev[i].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
-        if ev is None:
-            raise Exception("EAP method selection timed out")
-
-def test_openssl_cipher_suite_config_wpas(dev, apdev):
-    """OpenSSL cipher suite configuration on wpa_supplicant"""
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("TLS library is not OpenSSL: " + tls)
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                openssl_ciphers="AES128",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-    eap_connect(dev[1], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                openssl_ciphers="EXPORT",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                expect_failure=True, maybe_local_error=True)
-    dev[2].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", anonymous_identity="ttls",
-                   password="password",
-                   openssl_ciphers="FOO",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                   wait_connect=False)
-    ev = dev[2].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP failure after invalid openssl_ciphers not reported")
-    dev[2].request("DISCONNECT")
-
-def test_openssl_cipher_suite_config_hapd(dev, apdev):
-    """OpenSSL cipher suite configuration on hostapd"""
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("wpa_supplicant TLS library is not OpenSSL: " + tls)
-    params = int_eap_server_params()
-    params['openssl_ciphers'] = "AES256"
-    hapd = hostapd.add_ap(apdev[0], params)
-    tls = hapd.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("hostapd TLS library is not OpenSSL: " + tls)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-    eap_connect(dev[1], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                openssl_ciphers="AES128",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                expect_failure=True)
-    eap_connect(dev[2], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                openssl_ciphers="HIGH:!ADH",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-
-    params['openssl_ciphers'] = "FOO"
-    hapd2 = hostapd.add_ap(apdev[1], params, no_enable=True)
-    if "FAIL" not in hapd2.request("ENABLE"):
-        if "run=OpenSSL 1.1.1" in tls:
-            logger.info("Ignore acceptance of an invalid openssl_ciphers value with OpenSSL 1.1.1")
-        else:
-            raise Exception("Invalid openssl_ciphers value accepted")
-
-def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
-    """Key lifetime in memory with WPA2-Enterprise using EAP-TTLS/PAP"""
-    p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], p)
-    password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
-    id = eap_connect(dev[0], hapd, "TTLS", "pap-secret",
-                     anonymous_identity="ttls", password=password,
-                     ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-    run_eap_key_lifetime_in_memory(dev, params, id, password)
-
-def test_wpa2_eap_peap_gtc_key_lifetime_in_memory(dev, apdev, params):
-    """Key lifetime in memory with WPA2-Enterprise using PEAP/GTC"""
-    p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], p)
-    password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
-    id = eap_connect(dev[0], hapd, "PEAP", "user-secret",
-                     anonymous_identity="peap", password=password,
-                     ca_cert="auth_serv/ca.pem", phase2="auth=GTC")
-    run_eap_key_lifetime_in_memory(dev, params, id, password)
-
-def run_eap_key_lifetime_in_memory(dev, params, id, password):
-    pid = find_wpas_process(dev[0])
-
-    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
-    # event has been delivered, so verify that wpa_supplicant has returned to
-    # eloop before reading process memory.
-    time.sleep(1)
-    dev[0].ping()
-    password = password.encode()
-    buf = read_process_memory(pid, password)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].relog()
-    msk = None
-    emsk = None
-    pmk = None
-    ptk = None
-    gtk = None
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        for l in f.readlines():
-            if "EAP-TTLS: Derived key - hexdump" in l or \
-               "EAP-PEAP: Derived key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                msk = binascii.unhexlify(val)
-            if "EAP-TTLS: Derived EMSK - hexdump" in l or \
-               "EAP-PEAP: Derived EMSK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                emsk = binascii.unhexlify(val)
-            if "WPA: PMK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                pmk = binascii.unhexlify(val)
-            if "WPA: PTK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                ptk = binascii.unhexlify(val)
-            if "WPA: Group Key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                gtk = binascii.unhexlify(val)
-    if not msk or not emsk or not pmk or not ptk or not gtk:
-        raise Exception("Could not find keys from debug log")
-    if len(gtk) != 16:
-        raise Exception("Unexpected GTK length")
-
-    kck = ptk[0:16]
-    kek = ptk[16:32]
-    tk = ptk[32:48]
-
-    fname = os.path.join(params['logdir'],
-                         'wpa2_eap_ttls_pap_key_lifetime_in_memory.memctx-')
-
-    logger.info("Checking keys in memory while associated")
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    if password not in buf:
-        raise HwsimSkip("Password not found while associated")
-    if pmk not in buf:
-        raise HwsimSkip("PMK not found while associated")
-    if kck not in buf:
-        raise Exception("KCK not found while associated")
-    if kek not in buf:
-        raise Exception("KEK not found while associated")
-    #if tk in buf:
-    #    raise Exception("TK found from memory")
-
-    logger.info("Checking keys in memory after disassociation")
-    buf = read_process_memory(pid, password)
-
-    # Note: Password is still present in network configuration
-    # Note: PMK is in PMKSA cache and EAP fast re-auth data
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    if gtk in buf:
-        get_key_locations(buf, gtk, "GTK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].set_network_quoted(id, "identity", "foo")
-    logger.info("Checking keys in memory after PMKSA cache and EAP fast reauth flush")
-    buf = read_process_memory(pid, password)
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    verify_not_present(buf, pmk, fname, "PMK")
-
-    dev[0].request("REMOVE_NETWORK all")
-
-    logger.info("Checking keys in memory after network profile removal")
-    buf = read_process_memory(pid, password)
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    verify_not_present(buf, password, fname, "password")
-    verify_not_present(buf, pmk, fname, "PMK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    verify_not_present(buf, gtk, fname, "GTK")
-    verify_not_present(buf, msk, fname, "MSK")
-    verify_not_present(buf, emsk, fname, "EMSK")
-
-def test_ap_wpa2_eap_unexpected_wep_eapol_key(dev, apdev):
-    """WPA2-Enterprise connection and unexpected WEP EAPOL-Key"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-
-    # Send unexpected WEP EAPOL-Key; this gets dropped
-    res = dev[0].request("EAPOL_RX " + bssid + " 0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-def test_ap_wpa2_eap_in_bridge(dev, apdev):
-    """WPA2-EAP and wpas interface in a bridge"""
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    try:
-        _test_ap_wpa2_eap_in_bridge(dev, apdev)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
-        subprocess.call(['brctl', 'delif', br_ifname, ifname])
-        subprocess.call(['brctl', 'delbr', br_ifname])
-        subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
-
-def _test_ap_wpa2_eap_in_bridge(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    subprocess.call(['brctl', 'addbr', br_ifname])
-    subprocess.call(['brctl', 'setfd', br_ifname, '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
-    subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
-    subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
-    wpas.interface_add(ifname, br_ifname=br_ifname)
-    wpas.dump_monitor()
-
-    id = eap_connect(wpas, hapd, "PAX", "pax.user@example.com",
-                     password_hex="0123456789abcdef0123456789abcdef")
-    wpas.dump_monitor()
-    eap_reauth(wpas, "PAX")
-    wpas.dump_monitor()
-    # Try again as a regression test for packet socket workaround
-    eap_reauth(wpas, "PAX")
-    wpas.dump_monitor()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-    wpas.request("RECONNECT")
-    wpas.wait_connected()
-    wpas.dump_monitor()
-
-def test_ap_wpa2_eap_session_ticket(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS and TLS session ticket enabled"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-EAP":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem",
-                phase1="tls_disable_session_ticket=0", phase2="auth=PAP")
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_no_workaround(dev, apdev):
-    """WPA2-Enterprise connection using EAP-TTLS and eap_workaround=0"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-EAP":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", eap_workaround='0',
-                phase2="auth=PAP")
-    eap_reauth(dev[0], "TTLS")
-
-def test_ap_wpa2_eap_tls_check_crl(dev, apdev):
-    """EAP-TLS and server checking CRL"""
-    params = int_eap_server_params()
-    params['check_crl'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # check_crl=1 and no CRL available --> reject connection
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-
-    hapd.disable()
-    hapd.set("ca_cert", "auth_serv/ca-and-crl.pem")
-    hapd.enable()
-
-    # check_crl=1 and valid CRL --> accept
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    dev[0].request("REMOVE_NETWORK all")
-
-    hapd.disable()
-    hapd.set("check_crl", "2")
-    hapd.enable()
-
-    # check_crl=2 and valid CRL --> accept
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_tls_check_crl_not_strict(dev, apdev):
-    """EAP-TLS and server checking CRL with check_crl_strict=0"""
-    params = int_eap_server_params()
-    params['check_crl'] = '1'
-    params['ca_cert'] = "auth_serv/ca-and-crl-expired.pem"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # check_crl_strict=1 and expired CRL --> reject connection
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-
-    hapd.disable()
-    hapd.set("check_crl_strict", "0")
-    hapd.enable()
-
-    # check_crl_strict=0 --> accept
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_wpa2_eap_tls_crl_reload(dev, apdev, params):
-    """EAP-TLS and server reloading CRL from ca_cert"""
-    ca_cert = os.path.join(params['logdir'],
-                           "ap_wpa2_eap_tls_crl_reload.ca_cert")
-    with open('auth_serv/ca.pem', 'r') as f:
-        only_cert = f.read()
-    with open('auth_serv/ca-and-crl.pem', 'r') as f:
-        cert_and_crl = f.read()
-    with open(ca_cert, 'w') as f:
-        f.write(only_cert)
-    params = int_eap_server_params()
-    params['ca_cert'] = ca_cert
-    params['check_crl'] = '1'
-    params['crl_reload_interval'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # check_crl=1 and no CRL available --> reject connection
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key", expect_failure=True)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    with open(ca_cert, 'w') as f:
-        f.write(cert_and_crl)
-    time.sleep(1)
-
-    # check_crl=1 and valid CRL --> accept
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_tls_check_cert_subject(dev, apdev):
-    """EAP-TLS and server checking client subject name"""
-    params = int_eap_server_params()
-    params['check_cert_subject'] = 'C=FI/O=w1.fi/CN=Test User'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_check_cert_subject_support(hapd)
-
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-
-def test_ap_wpa2_eap_tls_check_cert_subject_neg(dev, apdev):
-    """EAP-TLS and server checking client subject name (negative)"""
-    params = int_eap_server_params()
-    params['check_cert_subject'] = 'C=FI/O=example'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_check_cert_subject_support(hapd)
-
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key", expect_failure=True)
-
-def test_ap_wpa2_eap_tls_oom(dev, apdev):
-    """EAP-TLS and OOM"""
-    check_subject_match_support(dev[0])
-    check_altsubject_match_support(dev[0])
-    check_domain_match(dev[0])
-    check_domain_match_full(dev[0])
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "tls_connection_set_subject_match"),
-             (2, "tls_connection_set_subject_match"),
-             (3, "tls_connection_set_subject_match"),
-             (4, "tls_connection_set_subject_match")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                           identity="tls user", ca_cert="auth_serv/ca.pem",
-                           client_cert="auth_serv/user.pem",
-                           private_key="auth_serv/user.key",
-                           subject_match="/C=FI/O=w1.fi/CN=server.w1.fi",
-                           altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/",
-                           domain_suffix_match="server.w1.fi",
-                           domain_match="server.w1.fi",
-                           wait_connect=False, scan_freq="2412")
-            # TLS parameter configuration error results in CTRL-REQ-PASSPHRASE
-            ev = dev[0].wait_event(["CTRL-REQ-PASSPHRASE"], timeout=5)
-            if ev is None:
-                raise Exception("No passphrase request")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_tls_macacl(dev, apdev):
-    """WPA2-Enterprise connection using MAC ACL"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params["macaddr_acl"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[1], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-
-def test_ap_wpa2_eap_oom(dev, apdev):
-    """EAP server and OOM"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-
-    with alloc_fail(hapd, 1, "eapol_auth_alloc"):
-        # The first attempt fails, but STA will send EAPOL-Start to retry and
-        # that succeeds.
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user", ca_cert="auth_serv/ca.pem",
-                       client_cert="auth_serv/user.pem",
-                       private_key="auth_serv/user.key",
-                       scan_freq="2412")
-
-def check_tls_ver(dev, hapd, phase1, expected):
-    eap_connect(dev, hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key",
-                phase1=phase1)
-    ver = dev.get_status_field("eap_tls_version")
-    if ver != expected:
-        raise Exception("Unexpected TLS version (expected %s): %s" % (expected, ver))
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_ap_wpa2_eap_tls_versions(dev, apdev):
-    """EAP-TLS and TLS version configuration"""
-    params = {"ssid": "test-wpa2-eap",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP",
-              "ieee8021x": "1",
-              "eap_server": "1",
-              "tls_flags": "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][ENABLE-TLSv1.3]",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tls = dev[0].request("GET tls_library")
-    if tls.startswith("OpenSSL"):
-        if "build=OpenSSL 1.0.1" not in tls and "run=OpenSSL 1.0.1" not in tls:
-            check_tls_ver(dev[0], hapd,
-                          "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
-                          "TLSv1.2")
-    if tls.startswith("wolfSSL"):
-        if ("build=3.10.0" in tls and "run=3.10.0" in tls) or \
-           ("build=3.13.0" in tls and "run=3.13.0" in tls):
-            check_tls_ver(dev[0], hapd,
-                          "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
-                          "TLSv1.2")
-    elif tls.startswith("internal"):
-        check_tls_ver(dev[0], hapd,
-                      "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", "TLSv1.2")
-    check_tls_ver(dev[1], hapd,
-                  "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
-    check_tls_ver(dev[2], hapd,
-                  "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
-    if "run=OpenSSL 1.1.1" in tls:
-        check_tls_ver(dev[0], hapd,
-                      "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
-
-def test_ap_wpa2_eap_tls_versions_server(dev, apdev):
-    """EAP-TLS and TLS version configuration on server side"""
-    params = {"ssid": "test-wpa2-eap",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP",
-              "ieee8021x": "1",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
-             ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
-             ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
-    for exp, flags in tests:
-        hapd.disable()
-        hapd.set("tls_flags", flags)
-        hapd.enable()
-        check_tls_ver(dev[0], hapd, "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=0 tls_disable_tlsv1_3=0", exp)
-
-def test_ap_wpa2_eap_tls_13(dev, apdev):
-    """EAP-TLS and TLS 1.3"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
-    id = eap_connect(dev[0], hapd, "TLS", "tls user",
-                     ca_cert="auth_serv/ca.pem",
-                     client_cert="auth_serv/user.pem",
-                     private_key="auth_serv/user.key",
-                     phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0")
-    ver = dev[0].get_status_field("eap_tls_version")
-    if ver != "TLSv1.3":
-        raise Exception("Unexpected TLS version")
-
-    eap_reauth(dev[0], "TLS")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_ap_wpa2_eap_ttls_13(dev, apdev):
-    """EAP-TTLS and TLS 1.3"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
-    id = eap_connect(dev[0], hapd, "TTLS", "pap user",
-                     anonymous_identity="ttls", password="password",
-                     ca_cert="auth_serv/ca.pem",
-                     phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0",
-                     phase2="auth=PAP")
-    ver = dev[0].get_status_field("eap_tls_version")
-    if ver != "TLSv1.3":
-        raise Exception("Unexpected TLS version")
-
-    eap_reauth(dev[0], "TTLS")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_ap_wpa2_eap_peap_13(dev, apdev):
-    """PEAP and TLS 1.3"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
-    id = eap_connect(dev[0], hapd, "PEAP", "user",
-                     anonymous_identity="peap", password="password",
-                     ca_cert="auth_serv/ca.pem",
-                     phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0",
-                     phase2="auth=MSCHAPV2")
-    ver = dev[0].get_status_field("eap_tls_version")
-    if ver != "TLSv1.3":
-        raise Exception("Unexpected TLS version")
-
-    eap_reauth(dev[0], "PEAP")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_ap_wpa2_eap_tls_13_ec(dev, apdev):
-    """EAP-TLS and TLS 1.3 (EC certificates)"""
-    params = {"ssid": "test-wpa2-eap",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP",
-              "ieee8021x": "1",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ec-ca.pem",
-              "server_cert": "auth_serv/ec-server.pem",
-              "private_key": "auth_serv/ec-server.key",
-              "tls_flags": "[ENABLE-TLSv1.3]"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tls = hapd.request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
-
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
-    id = eap_connect(dev[0], hapd, "TLS", "tls user",
-                     ca_cert="auth_serv/ec-ca.pem",
-                     client_cert="auth_serv/ec-user.pem",
-                     private_key="auth_serv/ec-user.key",
-                     phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0")
-    ver = dev[0].get_status_field("eap_tls_version")
-    if ver != "TLSv1.3":
-        raise Exception("Unexpected TLS version")
-
-def test_ap_wpa2_eap_tls_rsa_and_ec(dev, apdev, params):
-    """EAP-TLS and both RSA and EC sertificates certificates"""
-    check_ec_support(dev[0])
-    ca = os.path.join(params['logdir'], "ap_wpa2_eap_tls_rsa_and_ec.ca.pem")
-    with open(ca, "w") as f:
-        with open("auth_serv/ca.pem", "r") as f2:
-            f.write(f2.read())
-        with open("auth_serv/ec-ca.pem", "r") as f2:
-            f.write(f2.read())
-    params = {"ssid": "test-wpa2-eap",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP",
-              "ieee8021x": "1",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": ca,
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "server_cert2": "auth_serv/ec-server.pem",
-              "private_key2": "auth_serv/ec-server.key"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    eap_connect(dev[0], hapd, "TLS", "tls user",
-                ca_cert="auth_serv/ec-ca.pem",
-                client_cert="auth_serv/ec-user.pem",
-                private_key="auth_serv/ec-user.key")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    # TODO: Make wpa_supplicant automatically filter out cipher suites that
-    # would require ECDH/ECDSA keys when those are not configured in the
-    # selected client certificate. And for no-client-cert case, deprioritize
-    # those cipher suites based on configured ca_cert value so that the most
-    # likely to work cipher suites are selected by the server. Only do these
-    # when an explicit openssl_ciphers parameter is not set.
-    eap_connect(dev[1], hapd, "TLS", "tls user",
-                openssl_ciphers="DEFAULT:-aECDH:-aECDSA",
-                ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].wait_disconnected()
-
-def test_ap_wpa2_eap_tls_ec_and_rsa(dev, apdev, params):
-    """EAP-TLS and both EC and RSA sertificates certificates"""
-    check_ec_support(dev[0])
-    ca = os.path.join(params['logdir'], "ap_wpa2_eap_tls_ec_and_rsa.ca.pem")
-    with open(ca, "w") as f:
-        with open("auth_serv/ca.pem", "r") as f2:
-            f.write(f2.read())
-        with open("auth_serv/ec-ca.pem", "r") as f2:
-            f.write(f2.read())
-    params = {"ssid": "test-wpa2-eap",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP",
-              "ieee8021x": "1",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": ca,
-              "private_key2": "auth_serv/server-extra.pkcs12",
-              "private_key_passwd2": "whatever",
-              "server_cert": "auth_serv/ec-server.pem",
-              "private_key": "auth_serv/ec-server.key"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    eap_connect(dev[0], hapd, "TLS", "tls user",
-                ca_cert="auth_serv/ec-ca.pem",
-                client_cert="auth_serv/ec-user.pem",
-                private_key="auth_serv/ec-user.key")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    # TODO: Make wpa_supplicant automatically filter out cipher suites that
-    # would require ECDH/ECDSA keys when those are not configured in the
-    # selected client certificate. And for no-client-cert case, deprioritize
-    # those cipher suites based on configured ca_cert value so that the most
-    # likely to work cipher suites are selected by the server. Only do these
-    # when an explicit openssl_ciphers parameter is not set.
-    eap_connect(dev[1], hapd, "TLS", "tls user",
-                openssl_ciphers="DEFAULT:-aECDH:-aECDSA",
-                ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].wait_disconnected()
-
-def test_rsn_ie_proto_eap_sta(dev, apdev):
-    """RSN element protocol testing for EAP cases on STA side"""
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    # This is the RSN element used normally by hostapd
-    params['own_ie_override'] = '30140100000fac040100000fac040100000fac010c00'
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                        identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412")
-
-    tests = [('No RSN Capabilities field',
-              '30120100000fac040100000fac040100000fac01'),
-             ('No AKM Suite fields',
-              '300c0100000fac040100000fac04'),
-             ('No Pairwise Cipher Suite fields',
-              '30060100000fac04'),
-             ('No Group Data Cipher Suite field',
-              '30020100')]
-    for txt, ie in tests:
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        logger.info(txt)
-        hapd.disable()
-        hapd.set('own_ie_override', ie)
-        hapd.enable()
-        dev[0].request("BSS_FLUSH 0")
-        dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def check_tls_session_resumption_capa(dev, hapd):
-    tls = hapd.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("hostapd TLS library is not OpenSSL or wolfSSL: " + tls)
-
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("Session resumption not supported with this TLS library: " + tls)
-
-def test_eap_ttls_pap_session_resumption(dev, apdev):
-    """EAP-TTLS/PAP session resumption"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", eap_workaround='0',
-                phase2="auth=PAP")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_eap_ttls_chap_session_resumption(dev, apdev):
-    """EAP-TTLS/CHAP session resumption"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TTLS", "chap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.der", phase2="auth=CHAP")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_ttls_mschap_session_resumption(dev, apdev):
-    """EAP-TTLS/MSCHAP session resumption"""
-    check_domain_suffix_match(dev[0])
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TTLS", "mschap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                domain_suffix_match="server.w1.fi")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_ttls_mschapv2_session_resumption(dev, apdev):
-    """EAP-TTLS/MSCHAPv2 session resumption"""
-    check_domain_suffix_match(dev[0])
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TTLS", "DOMAIN\mschapv2 user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                domain_suffix_match="server.w1.fi")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_ttls_eap_gtc_session_resumption(dev, apdev):
-    """EAP-TTLS/EAP-GTC session resumption"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TTLS", "user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="autheap=GTC")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_ttls_no_session_resumption(dev, apdev):
-    """EAP-TTLS session resumption disabled on server"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '0'
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "pap user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", eap_workaround='0',
-                phase2="auth=PAP")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the second connection")
-
-def test_eap_peap_session_resumption(dev, apdev):
-    """EAP-PEAP session resumption"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_peap_session_resumption_crypto_binding(dev, apdev):
-    """EAP-PEAP session resumption with crypto binding"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password",
-                phase1="peapver=0 crypto_binding=2",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_peap_no_session_resumption(dev, apdev):
-    """EAP-PEAP session resumption disabled on server"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PEAP", "user",
-                anonymous_identity="peap", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the second connection")
-
-def test_eap_tls_session_resumption(dev, apdev):
-    """EAP-TLS session resumption"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '60'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the third connection")
-
-def test_eap_tls_session_resumption_expiration(dev, apdev):
-    """EAP-TLS session resumption"""
-    params = int_eap_server_params()
-    params['tls_session_lifetime'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_tls_session_resumption_capa(dev[0], hapd)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    # Allow multiple attempts since OpenSSL may not expire the cached entry
-    # immediately.
-    for i in range(10):
-        time.sleep(1.2)
-
-        dev[0].request("REAUTHENTICATE")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-        if ev is None:
-            raise Exception("Key handshake with the AP timed out")
-        if dev[0].get_status_field("tls_session_reused") == '0':
-            break
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Session resumption used after lifetime expiration")
-
-def test_eap_tls_no_session_resumption(dev, apdev):
-    """EAP-TLS session resumption disabled on server"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the second connection")
-
-def test_eap_tls_session_resumption_radius(dev, apdev):
-    """EAP-TLS session resumption (RADIUS)"""
-    params = {"ssid": "as", "beacon_int": "2000",
-              "radius_server_clients": "auth_serv/radius_clients.conf",
-              "radius_server_auth_port": '18128',
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "tls_session_lifetime": "60"}
-    authsrv = hostapd.add_ap(apdev[1], params)
-    check_tls_session_resumption_capa(dev[0], authsrv)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '1':
-        raise Exception("Session resumption not used on the second connection")
-
-def test_eap_tls_no_session_resumption_radius(dev, apdev):
-    """EAP-TLS session resumption disabled (RADIUS)"""
-    params = {"ssid": "as", "beacon_int": "2000",
-              "radius_server_clients": "auth_serv/radius_clients.conf",
-              "radius_server_auth_port": '18128',
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "tls_session_lifetime": "0"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the first connection")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("Key handshake with the AP timed out")
-    if dev[0].get_status_field("tls_session_reused") != '0':
-        raise Exception("Unexpected session resumption on the second connection")
-
-def test_eap_mschapv2_errors(dev, apdev):
-    """EAP-MSCHAPv2 error cases"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    check_eap_capa(dev[0], "FAST")
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="MSCHAPV2",
-                   identity="phase1-user", password="password",
-                   scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    tests = [(1, "hash_nt_password_hash;mschapv2_derive_response"),
-             (1, "nt_password_hash;mschapv2_derive_response"),
-             (1, "nt_password_hash;=mschapv2_derive_response"),
-             (1, "generate_nt_response;mschapv2_derive_response"),
-             (1, "generate_authenticator_response;mschapv2_derive_response"),
-             (1, "nt_password_hash;=mschapv2_derive_response"),
-             (1, "get_master_key;mschapv2_derive_response"),
-             (1, "os_get_random;eap_mschapv2_challenge_reply")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="MSCHAPV2",
-                           identity="phase1-user", password="password",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "hash_nt_password_hash;mschapv2_derive_response"),
-             (1, "hash_nt_password_hash;=mschapv2_derive_response"),
-             (1, "generate_nt_response_pwhash;mschapv2_derive_response"),
-             (1, "generate_authenticator_response_pwhash;mschapv2_derive_response")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="MSCHAPV2",
-                           identity="phase1-user",
-                           password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_mschapv2_init"),
-             (1, "eap_msg_alloc;eap_mschapv2_challenge_reply"),
-             (1, "eap_msg_alloc;eap_mschapv2_success"),
-             (1, "eap_mschapv2_getKey")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="MSCHAPV2",
-                           identity="phase1-user", password="password",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_msg_alloc;eap_mschapv2_failure")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="MSCHAPV2",
-                           identity="phase1-user", password="wrong password",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(2, "eap_mschapv2_init"),
-             (3, "eap_mschapv2_init")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="FAST",
-                           anonymous_identity="FAST", identity="user",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           phase1="fast_provisioning=1",
-                           pac_file="blob://fast_pac",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_eap_gpsk_errors(dev, apdev):
-    """EAP-GPSK error cases"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                   identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    tests = [(1, "os_get_random;eap_gpsk_send_gpsk_2", None),
-             (1, "eap_gpsk_derive_session_id;eap_gpsk_send_gpsk_2",
-              "cipher=1"),
-             (1, "eap_gpsk_derive_session_id;eap_gpsk_send_gpsk_2",
-              "cipher=2"),
-             (1, "eap_gpsk_derive_keys_helper", None),
-             (2, "eap_gpsk_derive_keys_helper", None),
-             (3, "eap_gpsk_derive_keys_helper", None),
-             (1, "eap_gpsk_compute_mic_aes;eap_gpsk_compute_mic;eap_gpsk_send_gpsk_2",
-              "cipher=1"),
-             (1, "hmac_sha256;eap_gpsk_compute_mic;eap_gpsk_send_gpsk_2",
-              "cipher=2"),
-             (1, "eap_gpsk_compute_mic;eap_gpsk_validate_gpsk_3_mic", None),
-             (1, "eap_gpsk_compute_mic;eap_gpsk_send_gpsk_4", None),
-             (1, "eap_gpsk_derive_mid_helper", None)]
-    for count, func, phase1 in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                           identity="gpsk user",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           phase1=phase1,
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_gpsk_init"),
-             (2, "eap_gpsk_init"),
-             (3, "eap_gpsk_init"),
-             (1, "eap_gpsk_process_id_server"),
-             (1, "eap_msg_alloc;eap_gpsk_send_gpsk_2"),
-             (1, "eap_gpsk_derive_session_id;eap_gpsk_send_gpsk_2"),
-             (1, "eap_gpsk_derive_mid_helper;eap_gpsk_derive_session_id;eap_gpsk_send_gpsk_2"),
-             (1, "eap_gpsk_derive_keys"),
-             (1, "eap_gpsk_derive_keys_helper"),
-             (1, "eap_msg_alloc;eap_gpsk_send_gpsk_4"),
-             (1, "eap_gpsk_getKey"),
-             (1, "eap_gpsk_get_emsk"),
-             (1, "eap_gpsk_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].request("ERP_FLUSH")
-            dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                           identity="gpsk user@domain", erp="1",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_sim_db(dev, apdev, params):
-    """EAP-SIM DB error cases"""
-    sockpath = '/tmp/hlr_auc_gw.sock-test'
-    try:
-        os.remove(sockpath)
-    except:
-        pass
-    hparams = int_eap_server_params()
-    hparams['eap_sim_db'] = 'unix:' + sockpath
-    hapd = hostapd.add_ap(apdev[0], hparams)
-
-    # Initial test with hlr_auc_gw socket not available
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                        eap="SIM", identity="1232010000000000",
-                        password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                        scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["EAP-ERROR-CODE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP method specific error code not reported")
-    if int(ev.split()[1]) != 16384:
-        raise Exception("Unexpected EAP method specific error code: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-
-    # Test with invalid responses and response timeout
-
-    class test_handler(SocketServer.DatagramRequestHandler):
-        def handle(self):
-            data = self.request[0].decode().strip()
-            socket = self.request[1]
-            logger.debug("Received hlr_auc_gw request: " + data)
-            # EAP-SIM DB: Failed to parse response string
-            socket.sendto(b"FOO", self.client_address)
-            # EAP-SIM DB: Failed to parse response string
-            socket.sendto(b"FOO 1", self.client_address)
-            # EAP-SIM DB: Unknown external response
-            socket.sendto(b"FOO 1 2", self.client_address)
-            logger.info("No proper response - wait for pending eap_sim_db request timeout")
-
-    server = SocketServer.UnixDatagramServer(sockpath, test_handler)
-    server.timeout = 1
-
-    dev[0].select_network(id)
-    server.handle_request()
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-
-    # Test with a valid response
-
-    class test_handler2(SocketServer.DatagramRequestHandler):
-        def handle(self):
-            data = self.request[0].decode().strip()
-            socket = self.request[1]
-            logger.debug("Received hlr_auc_gw request: " + data)
-            fname = os.path.join(params['logdir'],
-                                 'hlr_auc_gw.milenage_db')
-            cmd = subprocess.Popen(['../../hostapd/hlr_auc_gw',
-                                    '-m', fname, data],
-                                   stdout=subprocess.PIPE)
-            res = cmd.stdout.read().decode().strip()
-            cmd.stdout.close()
-            logger.debug("hlr_auc_gw response: " + res)
-            socket.sendto(res.encode(), self.client_address)
-
-    server.RequestHandlerClass = test_handler2
-
-    dev[0].select_network(id)
-    server.handle_request()
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_sim_db_sqlite(dev, apdev, params):
-    """EAP-SIM DB error cases (SQLite)"""
-    sockpath = '/tmp/hlr_auc_gw.sock-test'
-    try:
-        os.remove(sockpath)
-    except:
-        pass
-    hparams = int_eap_server_params()
-    hparams['eap_sim_db'] = 'unix:' + sockpath
-    hapd = hostapd.add_ap(apdev[0], hparams)
-
-    fname = params['prefix'] + ".milenage_db.sqlite"
-    cmd = subprocess.Popen(['../../hostapd/hlr_auc_gw',
-                            '-D', fname, "FOO"],
-                           stdout=subprocess.PIPE)
-    res = cmd.stdout.read().decode().strip()
-    cmd.stdout.close()
-    logger.debug("hlr_auc_gw response: " + res)
-
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    con = sqlite3.connect(fname)
-    with con:
-        cur = con.cursor()
-        try:
-            cur.execute("INSERT INTO milenage(imsi,ki,opc,amf,sqn) VALUES ('232010000000000', '90dca4eda45b53cf0f12d7c9c3bc6a89', 'cb9cccc4b9258e6dca4760379fb82581', '61df', '000000000000')")
-        except sqlite3.IntegrityError as e:
-            pass
-
-    class test_handler3(SocketServer.DatagramRequestHandler):
-        def handle(self):
-            data = self.request[0].decode().strip()
-            socket = self.request[1]
-            logger.debug("Received hlr_auc_gw request: " + data)
-            cmd = subprocess.Popen(['../../hostapd/hlr_auc_gw',
-                                    '-D', fname, data],
-                                   stdout=subprocess.PIPE)
-            res = cmd.stdout.read().decode().strip()
-            cmd.stdout.close()
-            logger.debug("hlr_auc_gw response: " + res)
-            socket.sendto(res.encode(), self.client_address)
-
-    server = SocketServer.UnixDatagramServer(sockpath, test_handler3)
-    server.timeout = 1
-
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                        eap="SIM", identity="1232010000000000",
-                        password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                        scan_freq="2412", wait_connect=False)
-    server.handle_request()
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_eap_tls_sha512(dev, apdev, params):
-    """EAP-TLS with SHA512 signature"""
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/sha512-ca.pem"
-    params["server_cert"] = "auth_serv/sha512-server.pem"
-    params["private_key"] = "auth_serv/sha512-server.key"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user sha512",
-                   ca_cert="auth_serv/sha512-ca.pem",
-                   client_cert="auth_serv/sha512-user.pem",
-                   private_key="auth_serv/sha512-user.key",
-                   scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user sha512",
-                   ca_cert="auth_serv/sha512-ca.pem",
-                   client_cert="auth_serv/sha384-user.pem",
-                   private_key="auth_serv/sha384-user.key",
-                   scan_freq="2412")
-
-def test_eap_tls_sha384(dev, apdev, params):
-    """EAP-TLS with SHA384 signature"""
-    params = int_eap_server_params()
-    params["ca_cert"] = "auth_serv/sha512-ca.pem"
-    params["server_cert"] = "auth_serv/sha384-server.pem"
-    params["private_key"] = "auth_serv/sha384-server.key"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user sha512",
-                   ca_cert="auth_serv/sha512-ca.pem",
-                   client_cert="auth_serv/sha512-user.pem",
-                   private_key="auth_serv/sha512-user.key",
-                   scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                   identity="tls user sha512",
-                   ca_cert="auth_serv/sha512-ca.pem",
-                   client_cert="auth_serv/sha384-user.pem",
-                   private_key="auth_serv/sha384-user.key",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_assoc_rsn(dev, apdev):
-    """WPA2-Enterprise AP and association request RSN IE differences"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap-11w")
-    params["ieee80211w"] = "2"
-    hostapd.add_ap(apdev[1], params)
-
-    # Success cases with optional RSN IE fields removed one by one
-    tests = [("Normal wpa_supplicant assoc req RSN IE",
-              "30140100000fac040100000fac040100000fac010000"),
-             ("Extra PMKIDCount field in RSN IE",
-              "30160100000fac040100000fac040100000fac0100000000"),
-             ("Extra Group Management Cipher Suite in RSN IE",
-              "301a0100000fac040100000fac040100000fac0100000000000fac06"),
-             ("Extra undefined extension field in RSN IE",
-              "301c0100000fac040100000fac040100000fac0100000000000fac061122"),
-             ("RSN IE without RSN Capabilities",
-              "30120100000fac040100000fac040100000fac01"),
-             ("RSN IE without AKM", "300c0100000fac040100000fac04"),
-             ("RSN IE without pairwise", "30060100000fac04"),
-             ("RSN IE without group", "30020100")]
-    for title, ie in tests:
-        logger.info(title)
-        set_test_assoc_ie(dev[0], ie)
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                       identity="gpsk user",
-                       password="abcdefghijklmnop0123456789abcdef",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = [("Normal wpa_supplicant assoc req RSN IE",
-              "30140100000fac040100000fac040100000fac01cc00"),
-             ("Group management cipher included in assoc req RSN IE",
-              "301a0100000fac040100000fac040100000fac01cc000000000fac06")]
-    for title, ie in tests:
-        logger.info(title)
-        set_test_assoc_ie(dev[0], ie)
-        dev[0].connect("test-wpa2-eap-11w", key_mgmt="WPA-EAP", ieee80211w="1",
-                       eap="GPSK", identity="gpsk user",
-                       password="abcdefghijklmnop0123456789abcdef",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = [("Invalid group cipher", "30060100000fac02", [40, 41]),
-             ("Invalid pairwise cipher", "300c0100000fac040100000fac02", 42)]
-    for title, ie, status in tests:
-        logger.info(title)
-        set_test_assoc_ie(dev[0], ie)
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                       identity="gpsk user",
-                       password="abcdefghijklmnop0123456789abcdef",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-        if ev is None:
-            raise Exception("Association rejection not reported")
-        ok = False
-        if isinstance(status, list):
-            for i in status:
-                ok = "status_code=" + str(i) in ev
-                if ok:
-                    break
-        else:
-            ok = "status_code=" + str(status) in ev
-        if not ok:
-            raise Exception("Unexpected status code: " + ev)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    tests = [("Management frame protection not enabled",
-              "30140100000fac040100000fac040100000fac010000", 31),
-             ("Unsupported management group cipher",
-              "301a0100000fac040100000fac040100000fac01cc000000000fac0b", 46)]
-    for title, ie, status in tests:
-        logger.info(title)
-        set_test_assoc_ie(dev[0], ie)
-        dev[0].connect("test-wpa2-eap-11w", key_mgmt="WPA-EAP", ieee80211w="1",
-                       eap="GPSK", identity="gpsk user",
-                       password="abcdefghijklmnop0123456789abcdef",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-        if ev is None:
-            raise Exception("Association rejection not reported")
-        if "status_code=" + str(status) not in ev:
-            raise Exception("Unexpected status code: " + ev)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-def test_eap_tls_ext_cert_check(dev, apdev):
-    """EAP-TLS and external server certification validation"""
-    # With internal server certificate chain validation
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                        identity="tls user",
-                        ca_cert="auth_serv/ca.pem",
-                        client_cert="auth_serv/user.pem",
-                        private_key="auth_serv/user.key",
-                        phase1="tls_ext_cert_check=1", scan_freq="2412",
-                        only_add_network=True)
-    run_ext_cert_check(dev, apdev, id)
-
-def test_eap_ttls_ext_cert_check(dev, apdev):
-    """EAP-TTLS and external server certification validation"""
-    # Without internal server certificate chain validation
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                        identity="pap user", anonymous_identity="ttls",
-                        password="password", phase2="auth=PAP",
-                        phase1="tls_ext_cert_check=1", scan_freq="2412",
-                        only_add_network=True)
-    run_ext_cert_check(dev, apdev, id)
-
-def test_eap_peap_ext_cert_check(dev, apdev):
-    """EAP-PEAP and external server certification validation"""
-    # With internal server certificate chain validation
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                        identity="user", anonymous_identity="peap",
-                        ca_cert="auth_serv/ca.pem",
-                        password="password", phase2="auth=MSCHAPV2",
-                        phase1="tls_ext_cert_check=1", scan_freq="2412",
-                        only_add_network=True)
-    run_ext_cert_check(dev, apdev, id)
-
-def test_eap_fast_ext_cert_check(dev, apdev):
-    """EAP-FAST and external server certification validation"""
-    check_eap_capa(dev[0], "FAST")
-    # With internal server certificate chain validation
-    dev[0].request("SET blob fast_pac_auth_ext ")
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="FAST",
-                        identity="user", anonymous_identity="FAST",
-                        ca_cert="auth_serv/ca.pem",
-                        password="password", phase2="auth=GTC",
-                        phase1="tls_ext_cert_check=1 fast_provisioning=2",
-                        pac_file="blob://fast_pac_auth_ext",
-                        scan_freq="2412",
-                        only_add_network=True)
-    run_ext_cert_check(dev, apdev, id)
-
-def run_ext_cert_check(dev, apdev, net_id):
-    check_ext_cert_check_support(dev[0])
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].select_network(net_id)
-    certs = {}
-    while True:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PEER-CERT",
-                                "CTRL-REQ-EXT_CERT_CHECK",
-                                "CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("No peer server certificate event seen")
-        if "CTRL-EVENT-EAP-PEER-CERT" in ev:
-            depth = None
-            cert = None
-            vals = ev.split(' ')
-            for v in vals:
-                if v.startswith("depth="):
-                    depth = int(v.split('=')[1])
-                elif v.startswith("cert="):
-                    cert = v.split('=')[1]
-            if depth is not None and cert:
-                certs[depth] = binascii.unhexlify(cert)
-        elif "CTRL-EVENT-EAP-SUCCESS" in ev:
-            raise Exception("Unexpected EAP-Success")
-        elif "CTRL-REQ-EXT_CERT_CHECK" in ev:
-            id = ev.split(':')[0].split('-')[-1]
-            break
-    if 0 not in certs:
-        raise Exception("Server certificate not received")
-    if 1 not in certs:
-        raise Exception("Server certificate issuer not received")
-
-    cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1,
-                                           certs[0])
-    cn = cert.get_subject().commonName
-    logger.info("Server certificate CN=" + cn)
-
-    issuer = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1,
-                                             certs[1])
-    icn = issuer.get_subject().commonName
-    logger.info("Issuer certificate CN=" + icn)
-
-    if cn != "server.w1.fi":
-        raise Exception("Unexpected server certificate CN: " + cn)
-    if icn != "Root CA":
-        raise Exception("Unexpected server certificate issuer CN: " + icn)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=0.1)
-    if ev:
-        raise Exception("Unexpected EAP-Success before external check result indication")
-
-    dev[0].request("CTRL-RSP-EXT_CERT_CHECK-" + id + ":good")
-    dev[0].wait_connected()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-    dev[0].request("SET blob fast_pac_auth_ext ")
-    dev[0].request("RECONNECT")
-
-    ev = dev[0].wait_event(["CTRL-REQ-EXT_CERT_CHECK"], timeout=10)
-    if ev is None:
-        raise Exception("No peer server certificate event seen (2)")
-    id = ev.split(':')[0].split('-')[-1]
-    dev[0].request("CTRL-RSP-EXT_CERT_CHECK-" + id + ":bad")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_eap_tls_errors(dev, apdev):
-    """EAP-TLS error cases"""
-    params = int_eap_server_params()
-    params['fragment_size'] = '100'
-    hostapd.add_ap(apdev[0], params)
-    with alloc_fail(dev[0], 1,
-                    "eap_peer_tls_reassemble_fragment"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user", ca_cert="auth_serv/ca.pem",
-                       client_cert="auth_serv/user.pem",
-                       private_key="auth_serv/user.key",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_tls_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user", ca_cert="auth_serv/ca.pem",
-                       client_cert="auth_serv/user.pem",
-                       private_key="auth_serv/user.key",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_peer_tls_ssl_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                       identity="tls user", ca_cert="auth_serv/ca.pem",
-                       client_cert="auth_serv/user.pem",
-                       private_key="auth_serv/user.key",
-                       engine="1",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = dev[0].wait_event(["CTRL-REQ-PIN"], timeout=5)
-        if ev is None:
-            raise Exception("No CTRL-REQ-PIN seen")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = ["eap_peer_tls_derive_key;eap_tls_success",
-             "eap_peer_tls_derive_session_id;eap_tls_success",
-             "eap_tls_getKey",
-             "eap_tls_get_emsk",
-             "eap_tls_get_session_id"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
-                           identity="tls user@domain",
-                           ca_cert="auth_serv/ca.pem",
-                           client_cert="auth_serv/user.pem",
-                           private_key="auth_serv/user.key",
-                           erp="1",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_unauth_tls_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="UNAUTH-TLS",
-                       identity="unauth-tls", ca_cert="auth_serv/ca.pem",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_peer_tls_ssl_init;eap_unauth_tls_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="UNAUTH-TLS",
-                       identity="unauth-tls", ca_cert="auth_serv/ca.pem",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_wfa_unauth_tls_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="WFA-UNAUTH-TLS",
-                       identity="osen@example.com", ca_cert="auth_serv/ca.pem",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_peer_tls_ssl_init;eap_wfa_unauth_tls_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="WFA-UNAUTH-TLS",
-                       identity="osen@example.com", ca_cert="auth_serv/ca.pem",
-                       wait_connect=False, scan_freq="2412")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_status(dev, apdev):
-    """EAP state machine status information"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                   identity="cert user",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=TLS",
-                   ca_cert2="auth_serv/ca.pem",
-                   client_cert2="auth_serv/user.pem",
-                   private_key2="auth_serv/user.key",
-                   scan_freq="2412", wait_connect=False)
-    success = False
-    states = []
-    method_states = []
-    decisions = []
-    req_methods = []
-    selected_methods = []
-    connected = False
-    for i in range(100000):
-        if not connected and i % 10 == 9:
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.0001)
-            if ev:
-                connected = True
-        s = dev[0].get_status(extra="VERBOSE")
-        if 'EAP state' in s:
-            state = s['EAP state']
-            if state:
-                if state not in states:
-                    states.append(state)
-                if state == "SUCCESS":
-                    success = True
-                    break
-        if 'methodState' in s:
-            val = s['methodState']
-            if val not in method_states:
-                method_states.append(val)
-        if 'decision' in s:
-            val = s['decision']
-            if val not in decisions:
-                decisions.append(val)
-        if 'reqMethod' in s:
-            val = s['reqMethod']
-            if val not in req_methods:
-                req_methods.append(val)
-        if 'selectedMethod' in s:
-            val = s['selectedMethod']
-            if val not in selected_methods:
-                selected_methods.append(val)
-    logger.info("Iterations: %d" % i)
-    logger.info("EAP states: " + str(states))
-    logger.info("methodStates: " + str(method_states))
-    logger.info("decisions: " + str(decisions))
-    logger.info("reqMethods: " + str(req_methods))
-    logger.info("selectedMethods: " + str(selected_methods))
-    if not success:
-        raise Exception("EAP did not succeed")
-    if not connected:
-        dev[0].wait_connected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_eap_gpsk_ptk_rekey_ap(dev, apdev):
-    """WPA2-Enterprise with EAP-GPSK and PTK rekey enforced by AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['wpa_ptk_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = eap_connect(dev[0], hapd, "GPSK", "gpsk user",
-                     password="abcdefghijklmnop0123456789abcdef")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_eap_wildcard_ssid(dev, apdev):
-    """WPA2-Enterprise connection using EAP-GPSK and wildcard SSID"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(bssid=apdev[0]['bssid'], key_mgmt="WPA-EAP", eap="GPSK",
-                   identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eap_psk_mac_addr_change(dev, apdev):
-    """WPA2-Enterprise connection using EAP-PSK after MAC address change"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    cmd = subprocess.Popen(['ps', '-eo', 'pid,command'], stdout=subprocess.PIPE)
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    pid = 0
-    for p in res.splitlines():
-        if "wpa_supplicant" not in p:
-            continue
-        if dev[0].ifname not in p:
-            continue
-        pid = int(p.strip().split(' ')[0])
-    if pid == 0:
-        logger.info("Could not find wpa_supplicant PID")
-    else:
-        logger.info("wpa_supplicant PID %d" % pid)
-
-    addr = dev[0].get_status_field("address")
-    subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
-    subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
-                     '02:11:22:33:44:55'])
-    subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
-    addr1 = dev[0].get_status_field("address")
-    if addr1 != '02:11:22:33:44:55':
-        raise Exception("Failed to change MAC address")
-
-    # Scan using the externally set MAC address, stop the wpa_supplicant
-    # process to avoid it from processing the ifdown event before the interface
-    # is already UP, change the MAC address back, allow the wpa_supplicant
-    # process to continue. This will result in the ifdown + ifup sequence of
-    # RTM_NEWLINK events to be processed while the interface is already UP.
-    try:
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        os.kill(pid, signal.SIGSTOP)
-        time.sleep(0.1)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
-                         addr])
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
-        time.sleep(0.1)
-        os.kill(pid, signal.SIGCONT)
-
-    eap_connect(dev[0], hapd, "PSK", "psk.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-
-    addr2 = dev[0].get_status_field("address")
-    if addr != addr2:
-        raise Exception("Failed to restore MAC address")
-
-def test_ap_wpa2_eap_server_get_id(dev, apdev):
-    """Internal EAP server and dot1xAuthSessionUserName"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key")
-    sta = hapd.get_sta(dev[0].own_addr())
-    if 'dot1xAuthSessionUserName' not in sta:
-        raise Exception("No dot1xAuthSessionUserName included")
-    user = sta['dot1xAuthSessionUserName']
-    if user != "tls user":
-        raise Exception("Unexpected dot1xAuthSessionUserName value: " + user)
-
-def test_ap_wpa2_radius_server_get_id(dev, apdev):
-    """External RADIUS server and dot1xAuthSessionUserName"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TTLS", "test-user",
-                anonymous_identity="ttls", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-    sta = hapd.get_sta(dev[0].own_addr())
-    if 'dot1xAuthSessionUserName' not in sta:
-        raise Exception("No dot1xAuthSessionUserName included")
-    user = sta['dot1xAuthSessionUserName']
-    if user != "real-user":
-        raise Exception("Unexpected dot1xAuthSessionUserName value: " + user)
-
-def test_openssl_systemwide_policy(dev, apdev, test_params):
-    """OpenSSL systemwide policy and overrides"""
-    prefix = "openssl_systemwide_policy"
-    pidfile = os.path.join(test_params['logdir'], prefix + '.pid-wpas')
-    try:
-        with HWSimRadio() as (radio, iface):
-            run_openssl_systemwide_policy(iface, apdev, test_params)
-    finally:
-        if os.path.exists(pidfile):
-            with open(pidfile, 'r') as f:
-                pid = int(f.read().strip())
-                os.kill(pid, signal.SIGTERM)
-
-def write_openssl_cnf(cnf, MinProtocol=None, CipherString=None):
-    with open(cnf, "w") as f:
-        f.write("""openssl_conf = default_conf
-[default_conf]
-ssl_conf = ssl_sect
-[ssl_sect]
-system_default = system_default_sect
-[system_default_sect]
-""")
-        if MinProtocol:
-            f.write("MinProtocol = %s\n" % MinProtocol)
-        if CipherString:
-            f.write("CipherString = %s\n" % CipherString)
-
-def run_openssl_systemwide_policy(iface, apdev, test_params):
-    prefix = "openssl_systemwide_policy"
-    logfile = os.path.join(test_params['logdir'], prefix + '.log-wpas')
-    pidfile = os.path.join(test_params['logdir'], prefix + '.pid-wpas')
-    conffile = os.path.join(test_params['logdir'], prefix + '.conf')
-    openssl_cnf = os.path.join(test_params['logdir'], prefix + '.openssl.cnf')
-
-    write_openssl_cnf(openssl_cnf, "TLSv1.2", "DEFAULT@SECLEVEL=2")
-
-    with open(conffile, 'w') as f:
-        f.write("ctrl_interface=DIR=/var/run/wpa_supplicant\n")
-
-    params = int_eap_server_params()
-    params['tls_flags'] = "[DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"
-
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    prg = os.path.join(test_params['logdir'],
-                       'alt-wpa_supplicant/wpa_supplicant/wpa_supplicant')
-    if not os.path.exists(prg):
-        prg = '../../wpa_supplicant/wpa_supplicant'
-    arg = [prg, '-BddtK', '-P', pidfile, '-f', logfile,
-           '-Dnl80211', '-c', conffile, '-i', iface]
-    logger.info("Start wpa_supplicant: " + str(arg))
-    subprocess.call(arg, env={'OPENSSL_CONF': openssl_cnf})
-    wpas = WpaSupplicant(ifname=iface)
-    try:
-        finish_openssl_systemwide_policy(wpas)
-    finally:
-        wpas.close_monitor()
-        wpas.request("TERMINATE")
-
-def finish_openssl_systemwide_policy(wpas):
-    if "PONG" not in wpas.request("PING"):
-        raise Exception("Could not PING wpa_supplicant")
-    tls = wpas.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("Not using OpenSSL")
-
-    # Use default configuration without any TLS version overrides. This should
-    # end up using OpenSSL systemwide policy and result in failure to find a
-    # compatible protocol version.
-    ca_file = os.path.join(os.getcwd(), "auth_serv/ca.pem")
-    id = wpas.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                      identity="pap user", anonymous_identity="ttls",
-                      password="password", phase2="auth=PAP",
-                      ca_cert=ca_file,
-                      scan_freq="2412", wait_connect=False)
-    ev = wpas.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP not started")
-    ev = wpas.wait_event(["CTRL-EVENT-EAP-STATUS status='local TLS alert'"],
-                         timeout=1)
-    if ev is None:
-        raise HwsimSkip("OpenSSL systemwide policy not supported")
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-    # Explicitly allow TLSv1.0 to be used to override OpenSSL systemwide policy
-    wpas.set_network_quoted(id, "openssl_ciphers", "DEFAULT@SECLEVEL=1")
-    wpas.set_network_quoted(id, "phase1", "tls_disable_tlsv1_0=0")
-    wpas.select_network(id, freq="2412")
-    wpas.wait_connected()
-
-def test_ap_wpa2_eap_tls_tod(dev, apdev):
-    """EAP-TLS server certificate validation and TOD-STRICT"""
-    check_tls_tod(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-certpol.pem"
-    params["private_key"] = "auth_serv/server-certpol.key"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="TLS", identity="tls user",
-                   wait_connect=False, scan_freq="2412",
-                   ca_cert="auth_serv/ca.pem",
-                   client_cert="auth_serv/user.pem",
-                   private_key="auth_serv/user.key")
-    tod0 = None
-    tod1 = None
-    while tod0 is None or tod1 is None:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PEER-CERT"], timeout=10)
-        if ev is None:
-            raise Exception("Peer certificate not reported")
-        if "depth=1 " in ev and "hash=" in ev:
-            tod1 = " tod=1" in ev
-        if "depth=0 " in ev and "hash=" in ev:
-            tod0 = " tod=1" in ev
-    dev[0].wait_connected()
-    if not tod0:
-        raise Exception("TOD-STRICT policy not reported for server certificate")
-    if tod1:
-        raise Exception("TOD-STRICT policy unexpectedly reported for CA certificate")
-
-def test_ap_wpa2_eap_tls_tod_tofu(dev, apdev):
-    """EAP-TLS server certificate validation and TOD-TOFU"""
-    check_tls_tod(dev[0])
-    params = int_eap_server_params()
-    params["server_cert"] = "auth_serv/server-certpol2.pem"
-    params["private_key"] = "auth_serv/server-certpol2.key"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="TLS", identity="tls user",
-                   wait_connect=False, scan_freq="2412",
-                   ca_cert="auth_serv/ca.pem",
-                   client_cert="auth_serv/user.pem",
-                   private_key="auth_serv/user.key")
-    tod0 = None
-    tod1 = None
-    while tod0 is None or tod1 is None:
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PEER-CERT"], timeout=10)
-        if ev is None:
-            raise Exception("Peer certificate not reported")
-        if "depth=1 " in ev and "hash=" in ev:
-            tod1 = " tod=2" in ev
-        if "depth=0 " in ev and "hash=" in ev:
-            tod0 = " tod=2" in ev
-    dev[0].wait_connected()
-    if not tod0:
-        raise Exception("TOD-TOFU policy not reported for server certificate")
-    if tod1:
-        raise Exception("TOD-TOFU policy unexpectedly reported for CA certificate")
-
-def test_ap_wpa2_eap_sake_no_control_port(dev, apdev):
-    """WPA2-Enterprise connection using EAP-SAKE without nl80211 control port"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['driver_params'] = "control_port=0"
-    hapd = hostapd.add_ap(apdev[0], params)
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="control_port=0")
-    eap_connect(wpas, hapd, "SAKE", "sake user",
-                password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
-    eap_reauth(wpas, "SAKE")
-
-    logger.info("Negative test with incorrect password")
-    wpas.request("REMOVE_NETWORK all")
-    eap_connect(wpas, hapd, "SAKE", "sake user",
-                password_hex="ff23456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                expect_failure=True)
-
-def test_ap_wpa3_eap_transition_disable(dev, apdev):
-    """WPA3-Enterprise transition disable indication"""
-    skip_without_tkip(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa3-eap")
-    params["ieee80211w"] = "1"
-    params['transition_disable'] = '0x04'
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect("test-wpa3-eap", key_mgmt="WPA-EAP", ieee80211w="1",
-                        proto="WPA WPA2", pairwise="CCMP", group="TKIP CCMP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412")
-    ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-    if ev is None:
-        raise Exception("Transition disable not indicated")
-    if ev.split(' ')[1] != "04":
-        raise Exception("Unexpected transition disable bitmap: " + ev)
-
-    val = dev[0].get_network(id, "ieee80211w")
-    if val != "2":
-        raise Exception("Unexpected ieee80211w value: " + val)
-    val = dev[0].get_network(id, "key_mgmt")
-    if val != "WPA-EAP":
-        raise Exception("Unexpected key_mgmt value: " + val)
-    val = dev[0].get_network(id, "group")
-    if val != "CCMP":
-        raise Exception("Unexpected group value: " + val)
-    val = dev[0].get_network(id, "proto")
-    if val != "RSN":
-        raise Exception("Unexpected proto value: " + val)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py
deleted file mode 100644
index 00b1635db072..000000000000
--- a/tests/hwsim/test_ap_ft.py
+++ /dev/null
@@ -1,3461 +0,0 @@
-# Fast BSS Transition tests
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import os
-import time
-import logging
-logger = logging.getLogger()
-import signal
-import struct
-import subprocess
-
-import hwsim_utils
-from hwsim import HWSimRadio
-import hostapd
-from tshark import run_tshark
-from utils import *
-from wlantest import Wlantest
-from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
-from test_rrm import check_beacon_req
-from test_suite_b import check_suite_b_192_capa
-
-def ft_base_rsn():
-    params = {"wpa": "2",
-              "wpa_key_mgmt": "FT-PSK",
-              "rsn_pairwise": "CCMP"}
-    return params
-
-def ft_base_mixed():
-    params = {"wpa": "3",
-              "wpa_key_mgmt": "WPA-PSK FT-PSK",
-              "wpa_pairwise": "TKIP",
-              "rsn_pairwise": "CCMP"}
-    return params
-
-def ft_params(rsn=True, ssid=None, passphrase=None):
-    if rsn:
-        params = ft_base_rsn()
-    else:
-        params = ft_base_mixed()
-    if ssid:
-        params["ssid"] = ssid
-    if passphrase:
-        params["wpa_passphrase"] = passphrase
-
-    params["mobility_domain"] = "a1b2"
-    params["r0_key_lifetime"] = "10000"
-    params["pmk_r1_push"] = "1"
-    params["reassociation_deadline"] = "1000"
-    return params
-
-def ft_params1a(rsn=True, ssid=None, passphrase=None):
-    params = ft_params(rsn, ssid, passphrase)
-    params['nas_identifier'] = "nas1.w1.fi"
-    params['r1_key_holder'] = "000102030405"
-    return params
-
-def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
-    params = ft_params1a(rsn, ssid, passphrase)
-    if discovery:
-        params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
-        params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
-    else:
-        params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
-                          "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
-        params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
-    return params
-
-def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
-    params = ft_params1a(rsn, ssid, passphrase)
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
-                      "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
-    return params
-
-def ft_params2a(rsn=True, ssid=None, passphrase=None):
-    params = ft_params(rsn, ssid, passphrase)
-    params['nas_identifier'] = "nas2.w1.fi"
-    params['r1_key_holder'] = "000102030406"
-    return params
-
-def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
-    params = ft_params2a(rsn, ssid, passphrase)
-    if discovery:
-        params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
-        params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
-    else:
-        params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
-                          "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
-        params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
-    return params
-
-def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
-    params = ft_params2a(rsn, ssid, passphrase)
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
-                      "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
-    return params
-
-def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
-    params = ft_params(rsn, ssid, passphrase)
-    params['nas_identifier'] = "nas1.w1.fi"
-    params['r1_key_holder'] = "000102030405"
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
-                      "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
-    return params
-
-def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
-    params = ft_params(rsn, ssid, passphrase)
-    params['nas_identifier'] = "nas2.w1.fi"
-    params['r1_key_holder'] = "000102030406"
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
-                      "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
-    params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
-    return params
-
-def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
-    params = ft_params(rsn, ssid, passphrase)
-    params['nas_identifier'] = "nas2.w1.fi"
-    params['r1_key_holder'] = "000102030406"
-    params['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
-                      "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
-    return params
-
-def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
-              sae=False, eap=False, fail_test=False, roams=1,
-              pairwise_cipher="CCMP", group_cipher="CCMP", ptk_rekey="0",
-              test_connectivity=True, eap_identity="gpsk user", conndev=False,
-              force_initial_conn_to_first_ap=False, sha384=False,
-              group_mgmt=None, ocv=None, sae_password=None,
-              sae_password_id=None, sae_and_psk=False, pmksa_caching=False,
-              roam_with_reassoc=False, also_non_ft=False, only_one_way=False,
-              wait_before_roam=0, return_after_initial=False, ieee80211w="1",
-              sae_transition=False, beacon_prot=False):
-    logger.info("Connect to first AP")
-
-    copts = {}
-    copts["proto"] = "WPA2"
-    copts["ieee80211w"] = ieee80211w
-    copts["scan_freq"] = "2412"
-    copts["pairwise"] = pairwise_cipher
-    copts["group"] = group_cipher
-    copts["wpa_ptk_rekey"] = ptk_rekey
-    if group_mgmt:
-        copts["group_mgmt"] = group_mgmt
-    if ocv:
-        copts["ocv"] = ocv
-    if beacon_prot:
-        copts["beacon_prot"] = "1"
-    if eap:
-        if pmksa_caching:
-            copts["ft_eap_pmksa_caching"] = "1"
-        if also_non_ft:
-            copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP"
-        else:
-            copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
-        copts["eap"] = "GPSK"
-        copts["identity"] = eap_identity
-        copts["password"] = "abcdefghijklmnop0123456789abcdef"
-    else:
-        if sae_transition:
-            copts["key_mgmt"] = "FT-SAE FT-PSK"
-        elif sae:
-            copts["key_mgmt"] = "SAE FT-SAE" if sae_and_psk else "FT-SAE"
-        else:
-            copts["key_mgmt"] = "FT-PSK"
-        if passphrase:
-            copts["psk"] = passphrase
-        if sae_password:
-            copts["sae_password"] = sae_password
-        if sae_password_id:
-            copts["sae_password_id"] = sae_password_id
-    if force_initial_conn_to_first_ap:
-        copts["bssid"] = apdev[0]['bssid']
-    netw = dev.connect(ssid, **copts)
-    if pmksa_caching:
-        if dev.get_status_field('bssid') == apdev[0]['bssid']:
-            hapd0.wait_sta()
-        else:
-            hapd1.wait_sta()
-        dev.request("DISCONNECT")
-        dev.wait_disconnected()
-        dev.request("RECONNECT")
-        ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
-                             "CTRL-EVENT-DISCONNECTED",
-                             "CTRL-EVENT-EAP-STARTED"],
-                            timeout=15)
-        if ev is None:
-            raise Exception("Reconnect timed out")
-        if "CTRL-EVENT-DISCONNECTED" in ev:
-            raise Exception("Unexpected disconnection after RECONNECT")
-        if "CTRL-EVENT-EAP-STARTED" in ev:
-            raise Exception("Unexpected EAP start after RECONNECT")
-
-    if dev.get_status_field('bssid') == apdev[0]['bssid']:
-        ap1 = apdev[0]
-        ap2 = apdev[1]
-        hapd1ap = hapd0
-        hapd2ap = hapd1
-    else:
-        ap1 = apdev[1]
-        ap2 = apdev[0]
-        hapd1ap = hapd1
-        hapd2ap = hapd0
-    if test_connectivity:
-        hapd1ap.wait_sta()
-        if conndev:
-            hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
-        else:
-            hwsim_utils.test_connectivity(dev, hapd1ap)
-
-    if return_after_initial:
-        return ap2['bssid']
-
-    if wait_before_roam:
-        time.sleep(wait_before_roam)
-    dev.scan_for_bss(ap2['bssid'], freq="2412")
-
-    for i in range(0, roams):
-        dev.dump_monitor()
-        hapd1ap.dump_monitor()
-        hapd2ap.dump_monitor()
-
-        # Roaming artificially fast can make data test fail because the key is
-        # set later.
-        time.sleep(0.01)
-        logger.info("Roam to the second AP")
-        if roam_with_reassoc:
-            dev.set_network(netw, "bssid", ap2['bssid'])
-            dev.request("REASSOCIATE")
-            dev.wait_connected()
-        elif over_ds:
-            dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
-        else:
-            dev.roam(ap2['bssid'], fail_test=fail_test)
-        if fail_test:
-            return
-        if dev.get_status_field('bssid') != ap2['bssid']:
-            raise Exception("Did not connect to correct AP")
-        if (i == 0 or i == roams - 1) and test_connectivity:
-            hapd2ap.wait_sta()
-            dev.dump_monitor()
-            hapd1ap.dump_monitor()
-            hapd2ap.dump_monitor()
-            if conndev:
-                hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
-            else:
-                hwsim_utils.test_connectivity(dev, hapd2ap)
-
-        dev.dump_monitor()
-        hapd1ap.dump_monitor()
-        hapd2ap.dump_monitor()
-
-        if only_one_way:
-            return
-        # Roaming artificially fast can make data test fail because the key is
-        # set later.
-        time.sleep(0.01)
-        logger.info("Roam back to the first AP")
-        if roam_with_reassoc:
-            dev.set_network(netw, "bssid", ap1['bssid'])
-            dev.request("REASSOCIATE")
-            dev.wait_connected()
-        elif over_ds:
-            dev.roam_over_ds(ap1['bssid'])
-        else:
-            dev.roam(ap1['bssid'])
-        if dev.get_status_field('bssid') != ap1['bssid']:
-            raise Exception("Did not connect to correct AP")
-        if (i == 0 or i == roams - 1) and test_connectivity:
-            hapd1ap.wait_sta()
-            dev.dump_monitor()
-            hapd1ap.dump_monitor()
-            hapd2ap.dump_monitor()
-            if conndev:
-                hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
-            else:
-                hwsim_utils.test_connectivity(dev, hapd1ap)
-
-def test_ap_ft(dev, apdev):
-    """WPA2-PSK-FT AP"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
-    if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-
-def test_ap_ft_old_key(dev, apdev):
-    """WPA2-PSK-FT AP (old key)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
-
-def test_ap_ft_multi_akm(dev, apdev):
-    """WPA2-PSK-FT AP with non-FT AKMs enabled"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    Wlantest.setup(hapd0)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase(passphrase)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
-    if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
-                   scan_freq="2412")
-
-def test_ap_ft_local_key_gen(dev, apdev):
-    """WPA2-PSK-FT AP with local key generation (without pull/push)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1a(ssid=ssid, passphrase=passphrase)
-    params['ft_psk_generate_local'] = "1"
-    del params['pmk_r1_push']
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2a(ssid=ssid, passphrase=passphrase)
-    params['ft_psk_generate_local'] = "1"
-    del params['pmk_r1_push']
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
-    if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-
-def test_ap_ft_vlan(dev, apdev):
-    """WPA2-PSK-FT AP with VLAN"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    hostapd.send_file(apdev[1], filename, filename)
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
-    if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_ft_vlan_disconnected(dev, apdev):
-    """WPA2-PSK-FT AP with VLAN and local key generation"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    hostapd.send_file(apdev[1], filename, filename)
-
-    params = ft_params1a(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    params['ft_psk_generate_local'] = "1"
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    params = ft_params2a(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    params['ft_psk_generate_local'] = "1"
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
-    if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_ft_vlan_2(dev, apdev):
-    """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1",
-              force_initial_conn_to_first_ap=True)
-    if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_ft_many(dev, apdev):
-    """WPA2-PSK-FT AP multiple times"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
-
-def test_ap_ft_many_vlan(dev, apdev):
-    """WPA2-PSK-FT AP with VLAN multiple times"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    hostapd.send_file(apdev[1], filename, filename)
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50,
-              conndev="brvlan1")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_ft_mixed(dev, apdev):
-    """WPA2-PSK-FT mixed-mode AP"""
-    skip_without_tkip(dev[0])
-    ssid = "test-ft-mixed"
-    passphrase = "12345678"
-
-    params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    vals = key_mgmt.split(' ')
-    if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase,
-              group_cipher="TKIP CCMP")
-
-def test_ap_ft_pmf(dev, apdev):
-    """WPA2-PSK-FT AP with PMF"""
-    run_ap_ft_pmf(dev, apdev, "1")
-
-def test_ap_ft_pmf_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP with PMF (over DS)"""
-    run_ap_ft_pmf(dev, apdev, "1", over_ds=True)
-
-def test_ap_ft_pmf_required(dev, apdev):
-    """WPA2-PSK-FT AP with PMF required on STA"""
-    run_ap_ft_pmf(dev, apdev, "2")
-
-def test_ap_ft_pmf_required_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP with PMF required on STA (over DS)"""
-    run_ap_ft_pmf(dev, apdev, "2", over_ds=True)
-
-def test_ap_ft_pmf_beacon_prot(dev, apdev):
-    """WPA2-PSK-FT AP with PMF and beacon protection"""
-    run_ap_ft_pmf(dev, apdev, "1", beacon_prot=True)
-
-def run_ap_ft_pmf(dev, apdev, ieee80211w, over_ds=False, beacon_prot=False):
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    if beacon_prot:
-        params["beacon_prot"] = "1"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    if beacon_prot:
-        params["beacon_prot"] = "1"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    Wlantest.setup(hapd0)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase(passphrase)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
-              ieee80211w=ieee80211w, over_ds=over_ds, beacon_prot=beacon_prot)
-
-def test_ap_ft_pmf_required_mismatch(dev, apdev):
-    """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF"""
-    run_ap_ft_pmf_required_mismatch(dev, apdev)
-
-def test_ap_ft_pmf_required_mismatch_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF (over DS)"""
-    run_ap_ft_pmf_required_mismatch(dev, apdev, over_ds=True)
-
-def run_ap_ft_pmf_required_mismatch(dev, apdev, over_ds=False):
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "0"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ieee80211w="2",
-              force_initial_conn_to_first_ap=True, fail_test=True,
-              over_ds=over_ds)
-
-def test_ap_ft_pmf_bip_cmac_128(dev, apdev):
-    """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
-    run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC")
-
-def test_ap_ft_pmf_bip_gmac_128(dev, apdev):
-    """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
-    run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128")
-
-def test_ap_ft_pmf_bip_gmac_256(dev, apdev):
-    """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
-    run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256")
-
-def test_ap_ft_pmf_bip_cmac_256(dev, apdev):
-    """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
-    run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256")
-
-def run_ap_ft_pmf_bip(dev, apdev, cipher):
-    if cipher not in dev[0].get_capability("group_mgmt"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["group_mgmt_cipher"] = cipher
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["group_mgmt_cipher"] = cipher
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
-              group_mgmt=cipher)
-
-def test_ap_ft_ocv(dev, apdev):
-    """WPA2-PSK-FT AP with OCV"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    try:
-        hapd0 = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1")
-
-def test_ap_ft_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
-
-def cleanup_ap_ft_separate_hostapd():
-    subprocess.call(["brctl", "delif", "br0ft", "veth0"],
-                    stderr=open('/dev/null', 'w'))
-    subprocess.call(["brctl", "delif", "br1ft", "veth1"],
-                    stderr=open('/dev/null', 'w'))
-    subprocess.call(["ip", "link", "del", "veth0"],
-                    stderr=open('/dev/null', 'w'))
-    subprocess.call(["ip", "link", "del", "veth1"],
-                    stderr=open('/dev/null', 'w'))
-    for ifname in ['br0ft', 'br1ft', 'br-ft']:
-        subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', ifname],
-                        stderr=open('/dev/null', 'w'))
-
-def test_ap_ft_separate_hostapd(dev, apdev, params):
-    """WPA2-PSK-FT AP and separate hostapd process"""
-    try:
-        run_ap_ft_separate_hostapd(dev, apdev, params, False)
-    finally:
-        cleanup_ap_ft_separate_hostapd()
-
-def test_ap_ft_over_ds_separate_hostapd(dev, apdev, params):
-    """WPA2-PSK-FT AP over DS and separate hostapd process"""
-    try:
-        run_ap_ft_separate_hostapd(dev, apdev, params, True)
-    finally:
-        cleanup_ap_ft_separate_hostapd()
-
-def run_ap_ft_separate_hostapd(dev, apdev, params, over_ds):
-    ssid = "test-ft"
-    passphrase = "12345678"
-    logdir = params['logdir']
-    pidfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.pid')
-    logfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.hapd')
-    global_ctrl = '/var/run/hostapd-ft'
-    br_ifname = 'br-ft'
-
-    try:
-        subprocess.check_call(['brctl', 'addbr', br_ifname])
-        subprocess.check_call(['brctl', 'setfd', br_ifname, '0'])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
-
-        subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
-                               "peer", "name", "veth0br"])
-        subprocess.check_call(["ip", "link", "add", "veth1", "type", "veth",
-                               "peer", "name", "veth1br"])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
-        subprocess.check_call(['brctl', 'addif', br_ifname, 'veth0br'])
-        subprocess.check_call(['brctl', 'addif', br_ifname, 'veth1br'])
-
-        subprocess.check_call(['brctl', 'addbr', 'br0ft'])
-        subprocess.check_call(['brctl', 'setfd', 'br0ft', '0'])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
-        subprocess.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
-        subprocess.check_call(['brctl', 'addbr', 'br1ft'])
-        subprocess.check_call(['brctl', 'setfd', 'br1ft', '0'])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
-        subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
-        subprocess.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
-    except subprocess.CalledProcessError:
-        raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
-
-    with HWSimRadio() as (radio, iface):
-        prg = os.path.join(logdir, 'alt-hostapd/hostapd/hostapd')
-        if not os.path.exists(prg):
-            prg = '../../hostapd/hostapd'
-        cmd = [prg, '-B', '-ddKt',
-               '-P', pidfile, '-f', logfile, '-g', global_ctrl]
-        subprocess.check_call(cmd)
-
-        hglobal = hostapd.HostapdGlobal(global_ctrl_override=global_ctrl)
-        apdev_ft = {'ifname': iface}
-        apdev2 = [apdev_ft, apdev[1]]
-
-        params = ft_params1(ssid=ssid, passphrase=passphrase)
-        params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-        params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-        params['bridge'] = 'br0ft'
-        hapd0 = hostapd.add_ap(apdev2[0], params,
-                               global_ctrl_override=global_ctrl)
-        apdev2[0]['bssid'] = hapd0.own_addr()
-        params = ft_params2(ssid=ssid, passphrase=passphrase)
-        params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-        params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-        params['bridge'] = 'br1ft'
-        hapd1 = hostapd.add_ap(apdev2[1], params)
-
-        run_roams(dev[0], apdev2, hapd0, hapd1, ssid, passphrase,
-                  over_ds=over_ds, test_connectivity=False, roams=2)
-
-        hglobal.terminate()
-
-    if os.path.exists(pidfile):
-        with open(pidfile, 'r') as f:
-            pid = int(f.read())
-            f.close()
-        os.kill(pid, signal.SIGTERM)
-
-def test_ap_ft_over_ds_ocv(dev, apdev):
-    """WPA2-PSK-FT AP over DS"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    try:
-        hapd0 = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              ocv="1")
-
-def test_ap_ft_over_ds_disabled(dev, apdev):
-    """WPA2-PSK-FT AP over DS disabled"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['ft_over_ds'] = '0'
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['ft_over_ds'] = '0'
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True)
-
-def test_ap_ft_vlan_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS with VLAN"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    hostapd.send_file(apdev[1], filename, filename)
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              conndev="brvlan1")
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_ft_over_ds_many(dev, apdev):
-    """WPA2-PSK-FT AP over DS multiple times"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              roams=50)
-
-def test_ap_ft_vlan_over_ds_many(dev, apdev):
-    """WPA2-PSK-FT AP over DS with VLAN multiple times"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    hostapd.send_file(apdev[1], filename, filename)
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              roams=50, conndev="brvlan1")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-@remote_compatible
-def test_ap_ft_over_ds_unknown_target(dev, apdev):
-    """WPA2-PSK-FT AP"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
-
-@remote_compatible
-def test_ap_ft_over_ds_unexpected(dev, apdev):
-    """WPA2-PSK-FT AP over DS and unexpected response"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        ap1 = apdev[0]
-        ap2 = apdev[1]
-        hapd1ap = hapd0
-        hapd2ap = hapd1
-    else:
-        ap1 = apdev[1]
-        ap2 = apdev[0]
-        hapd1ap = hapd1
-        hapd2ap = hapd0
-
-    addr = dev[0].own_addr()
-    hapd1ap.set("ext_mgmt_frame_handling", "1")
-    logger.info("Foreign STA address")
-    msg = {}
-    msg['fc'] = 13 << 4
-    msg['da'] = addr
-    msg['sa'] = ap1['bssid']
-    msg['bssid'] = ap1['bssid']
-    msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("No over-the-DS in progress")
-    msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("Non-zero status code")
-    msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
-    hapd1ap.mgmt_tx(msg)
-
-    hapd1ap.dump_monitor()
-
-    dev[0].scan_for_bss(ap2['bssid'], freq="2412")
-    if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
-            raise Exception("FT_DS failed")
-
-    req = hapd1ap.mgmt_rx()
-
-    logger.info("Foreign Target AP")
-    msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
-    hapd1ap.mgmt_tx(msg)
-
-    addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
-
-    logger.info("No IEs")
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("Invalid IEs (trigger parsing failure)")
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("Too short MDIE")
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("Mobility domain mismatch")
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("No FTIE")
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("FTIE SNonce mismatch")
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("No R0KH-ID subelem in FTIE")
-    snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("No R0KH-ID subelem mismatch in FTIE")
-    snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("No R1KH-ID subelem in FTIE")
-    r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
-    hapd1ap.mgmt_tx(msg)
-
-    logger.info("No RSNE")
-    r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
-    msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
-    hapd1ap.mgmt_tx(msg)
-
-def test_ap_ft_pmf_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS with PMF"""
-    run_ap_ft_pmf_bip_over_ds(dev, apdev, None)
-
-def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
-    run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC")
-
-def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
-    run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128")
-
-def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
-    run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256")
-
-def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev):
-    """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
-    run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256")
-
-def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher):
-    if cipher and cipher not in dev[0].get_capability("group_mgmt"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    if cipher:
-        params["group_mgmt_cipher"] = cipher
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    if cipher:
-        params["group_mgmt_cipher"] = cipher
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    Wlantest.setup(hapd0)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase(passphrase)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              group_mgmt=cipher)
-
-def test_ap_ft_over_ds_pull(dev, apdev):
-    """WPA2-PSK-FT AP over DS (pull PMK)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
-
-def test_ap_ft_over_ds_pull_old_key(dev, apdev):
-    """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
-
-def test_ap_ft_over_ds_pull_vlan(dev, apdev):
-    """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    hostapd.send_file(apdev[1], filename, filename)
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              conndev="brvlan1")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def start_ft_sae(dev, apdev, wpa_ptk_rekey=None, sae_pwe=None,
-                 rsne_override=None, rsnxe_override=None,
-                 no_beacon_rsnxe2=False, ext_key_id=False,
-                 skip_prune_assoc=False, ft_rsnxe_used=False,
-                 sae_transition=False):
-    if "SAE" not in dev.get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    if wpa_ptk_rekey:
-        params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
-    if sae_pwe is not None:
-        params['sae_pwe'] = sae_pwe
-    if rsne_override:
-        params['rsne_override_ft'] = rsne_override
-    if rsnxe_override:
-        params['rsnxe_override_ft'] = rsnxe_override
-    if ext_key_id:
-        params['extended_key_id'] = '1'
-    if skip_prune_assoc:
-        params['skip_prune_assoc'] = '1'
-    if ft_rsnxe_used:
-        params['ft_rsnxe_used'] = '1'
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    if not sae_transition:
-        params['wpa_key_mgmt'] = "FT-SAE"
-    if wpa_ptk_rekey:
-        params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
-    if sae_pwe is not None:
-        params['sae_pwe'] = sae_pwe
-    if rsne_override:
-        params['rsne_override_ft'] = rsne_override
-    if rsnxe_override:
-        params['rsnxe_override_ft'] = rsnxe_override
-    if no_beacon_rsnxe2:
-        params['no_beacon_rsnxe'] = "1"
-    if ext_key_id:
-        params['extended_key_id'] = '1'
-    if skip_prune_assoc:
-        params['skip_prune_assoc'] = '1'
-    if ft_rsnxe_used:
-        params['ft_rsnxe_used'] = '1'
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    key_mgmt = hapd1.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-SAE" and not sae_transition:
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    dev.request("SET sae_groups ")
-    return hapd0, hapd1
-
-def test_ap_ft_sae(dev, apdev):
-    """WPA2-PSK-FT-SAE AP"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
-
-def test_ap_ft_sae_transition(dev, apdev):
-    """WPA2-PSK-FT-SAE/PSK AP"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_transition=True)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678",
-              sae_transition=True)
-
-def test_ap_ft_sae_h2e(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E)"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_h2e_and_loop(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (AP H2E, STA loop)"""
-    dev[0].set("sae_pwe", "0")
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2")
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
-
-def test_ap_ft_sae_h2e_and_loop2(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (AP loop, STA H2E)"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="0")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_h2e_downgrade_attack(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E downgrade attack)"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2",
-                                    no_beacon_rsnxe2=True)
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-                  force_initial_conn_to_first_ap=True,
-                  return_after_initial=True)
-        dev[0].scan_for_bss(hapd1.own_addr(), freq="2412")
-        if "OK" not in dev[0].request("ROAM " + hapd1.own_addr()):
-            raise Exception("ROAM command failed")
-        # The target AP is expected to discard Reassociation Response frame due
-        # to RSNXE Used mismatch. This will result in roaming timeout and
-        # returning back to the old AP.
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT",
-                                "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev and "CTRL-EVENT-ASSOC-REJECT" in ev:
-            pass
-        elif ev and hapd1.own_addr() in ev:
-            raise Exception("Roaming succeeded unexpectedly")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_ptk_rekey0(dev, apdev):
-    """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              ptk_rekey="1", roams=0)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_sae_ptk_rekey1(dev, apdev):
-    """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              ptk_rekey="1", only_one_way=True)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_sae_ptk_rekey_ap(dev, apdev):
-    """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              only_one_way=True)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_sae_ptk_rekey_ap_ext_key_id(dev, apdev):
-    """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP (Ext Key ID)"""
-    check_ext_key_id_capa(dev[0])
-    try:
-        dev[0].set("extended_key_id", "1")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2,
-                                    ext_key_id=True)
-        check_ext_key_id_capa(hapd0)
-        check_ext_key_id_capa(hapd1)
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-                  only_one_way=True)
-        check_ptk_rekey(dev[0], hapd0, hapd1)
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        if idx != 1:
-            raise Exception("Unexpected Key ID after TK rekey: %d" % idx)
-    finally:
-        dev[0].set("extended_key_id", "0")
-
-def test_ap_ft_sae_over_ds(dev, apdev):
-    """WPA2-PSK-FT-SAE AP over DS"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              over_ds=True)
-
-def test_ap_ft_sae_over_ds_ptk_rekey0(dev, apdev):
-    """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              over_ds=True, ptk_rekey="1", roams=0)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_sae_over_ds_ptk_rekey1(dev, apdev):
-    """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              over_ds=True, ptk_rekey="1", only_one_way=True)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev, apdev):
-    """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-              over_ds=True, only_one_way=True)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_sae_h2e_rsne_override(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E) and RSNE override (same value)"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2",
-                                    rsne_override="30260100000fac040100000fac040100000fac090c000100" + 16*"ff")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_h2e_rsnxe_override(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E) and RSNXE override (same value)"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2",
-                                    rsnxe_override="F40120")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_h2e_rsne_mismatch(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E) and RSNE mismatch"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2",
-                                    rsne_override="30260100000fac040100000fac040100000fac090c010100" + 16*"ff")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-                  fail_test=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_h2e_rsne_mismatch_pmkr1name(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E) and RSNE mismatch in PMKR1Name"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2",
-                                    rsne_override="30260100000fac040100000fac040100000fac090c000100" + 16*"00")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-                  fail_test=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_h2e_rsnxe_mismatch(dev, apdev):
-    """WPA2-PSK-FT-SAE AP (H2E) and RSNXE mismatch"""
-    try:
-        dev[0].set("sae_pwe", "2")
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2",
-                                    rsnxe_override="F40160")
-        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
-                  fail_test=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_rsnxe_used_mismatch(dev, apdev):
-    """FT-SAE AP and unexpected RSNXE Used in ReassocReq"""
-    try:
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2")
-        dev[0].set("sae_pwe", "0")
-        dev[0].set("ft_rsnxe_used", "1")
-        next = run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678",
-                         sae=True, return_after_initial=True)
-        if "OK" not in dev[0].request("ROAM " + next):
-            raise Exception("ROAM command failed")
-        # The target AP is expected to discard Reassociation Request frame due
-        # to RSNXE Used mismatch. This will result in roaming timeout and
-        # returning back to the old AP.
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
-        if ev and next in ev:
-            raise Exception("Roaming succeeded unexpectedly")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_rsnxe_used_mismatch2(dev, apdev):
-    """FT-SAE AP and unexpected RSNXE Used in ReassocResp"""
-    try:
-        hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="0",
-                                    ft_rsnxe_used=True)
-        dev[0].set("sae_pwe", "2")
-        next = run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678",
-                         sae=True, return_after_initial=True)
-        if "OK" not in dev[0].request("ROAM " + next):
-            raise Exception("ROAM command failed")
-        # The STA is expected to discard Reassociation Response frame due to
-        # RSNXE Used mismatch. This will result in returning back to the old AP.
-        ev = dev[0].wait_disconnected()
-        if next not in ev:
-            raise Exception("Unexpected disconnection BSSID: " + ev)
-        if "reason=13 locally_generated=1" not in ev:
-            raise Exception("Unexpected disconnection reason: " + ev)
-        ev = dev[0].wait_connected()
-        if next in ev:
-            raise Exception("Roaming succeeded unexpectedly")
-
-        hapd0.set("ft_rsnxe_used", "0")
-        hapd1.set("ft_rsnxe_used", "0")
-        dev[0].roam(next);
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_pw_id(dev, apdev):
-    """FT-SAE with Password Identifier"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "test-ft"
-
-    params = ft_params1(ssid=ssid)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-SAE"
-    params['sae_password'] = 'secret|id=pwid'
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-SAE"
-    params['sae_password'] = 'secret|id=pwid'
-    hapd = hostapd.add_ap(apdev[1], params)
-
-    dev[0].request("SET sae_groups ")
-    run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase=None, sae=True,
-              sae_password="secret", sae_password_id="pwid")
-
-def test_ap_ft_sae_with_both_akms(dev, apdev):
-    """SAE + FT-SAE configuration"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE SAE"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE SAE"
-    hapd = hostapd.add_ap(apdev[1], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-SAE":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    dev[0].request("SET sae_groups ")
-    run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
-              sae_and_psk=True)
-
-def test_ap_ft_sae_pmksa_caching(dev, apdev):
-    """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    hapd = hostapd.add_ap(apdev[1], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-SAE":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    dev[0].request("SET sae_groups ")
-    run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
-              pmksa_caching=True)
-
-def test_ap_ft_sae_pmksa_caching_pwe(dev, apdev):
-    """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association (STA PWE both)"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    hapd = hostapd.add_ap(apdev[1], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-SAE":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    try:
-        dev[0].request("SET sae_groups ")
-        dev[0].set("sae_pwe", "2")
-        run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
-                  pmksa_caching=True)
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_ap_ft_sae_pmksa_caching_h2e(dev, apdev):
-    """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association (H2E)"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    params['sae_pwe'] = "1"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-SAE"
-    params['sae_pwe'] = "1"
-    hapd = hostapd.add_ap(apdev[1], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-SAE":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    try:
-        dev[0].request("SET sae_groups ")
-        dev[0].set("sae_pwe", "1")
-        run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
-                  pmksa_caching=True)
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
-                      discovery=False, roams=1, wpa_ptk_rekey=0,
-                      only_one_way=False):
-    ssid = "test-ft"
-    passphrase = "12345678"
-    if vlan:
-        identity = "gpsk-vlan1"
-        conndev = "brvlan1"
-    elif cui:
-        identity = "gpsk-cui"
-        conndev = False
-    else:
-        identity = "gpsk user"
-        conndev = False
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    if vlan:
-        params["dynamic_vlan"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-EAP":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    if vlan:
-        params["dynamic_vlan"] = "1"
-    if wpa_ptk_rekey:
-        params["wpa_ptk_rekey"] = str(wpa_ptk_rekey)
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
-              over_ds=over_ds, roams=roams, eap_identity=identity,
-              conndev=conndev, only_one_way=only_one_way)
-    if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
-    if only_one_way:
-        return
-
-    # Verify EAPOL reauthentication after FT protocol
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        ap = hapd
-    else:
-        ap = hapd1
-    ap.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    if conndev:
-        hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
-    else:
-        hwsim_utils.test_connectivity(dev[0], ap)
-
-def test_ap_ft_eap(dev, apdev):
-    """WPA2-EAP-FT AP"""
-    generic_ap_ft_eap(dev, apdev)
-
-def test_ap_ft_eap_cui(dev, apdev):
-    """WPA2-EAP-FT AP with CUI"""
-    generic_ap_ft_eap(dev, apdev, vlan=False, cui=True)
-
-def test_ap_ft_eap_vlan(dev, apdev):
-    """WPA2-EAP-FT AP with VLAN"""
-    generic_ap_ft_eap(dev, apdev, vlan=True)
-
-def test_ap_ft_eap_vlan_multi(dev, apdev):
-    """WPA2-EAP-FT AP with VLAN"""
-    generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
-
-def test_ap_ft_eap_over_ds(dev, apdev):
-    """WPA2-EAP-FT AP using over-the-DS"""
-    generic_ap_ft_eap(dev, apdev, over_ds=True)
-
-def test_ap_ft_eap_dis(dev, apdev):
-    """WPA2-EAP-FT AP with AP discovery"""
-    generic_ap_ft_eap(dev, apdev, discovery=True)
-
-def test_ap_ft_eap_dis_over_ds(dev, apdev):
-    """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
-    generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
-
-def test_ap_ft_eap_vlan(dev, apdev):
-    """WPA2-EAP-FT AP with VLAN"""
-    generic_ap_ft_eap(dev, apdev, vlan=True)
-
-def test_ap_ft_eap_vlan_multi(dev, apdev):
-    """WPA2-EAP-FT AP with VLAN"""
-    generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
-
-def test_ap_ft_eap_vlan_over_ds(dev, apdev):
-    """WPA2-EAP-FT AP with VLAN + over_ds"""
-    generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
-
-def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
-    """WPA2-EAP-FT AP with VLAN + over_ds"""
-    generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
-
-def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
-    """WPA2-EAP-FT AP (pull PMK)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    if vlan:
-        identity = "gpsk-vlan1"
-        conndev = "brvlan1"
-    else:
-        identity = "gpsk user"
-        conndev = False
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    if vlan:
-        params["dynamic_vlan"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-EAP":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    if vlan:
-        params["dynamic_vlan"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
-              eap_identity=identity, conndev=conndev)
-
-def test_ap_ft_eap_pull(dev, apdev):
-    """WPA2-EAP-FT AP (pull PMK)"""
-    generic_ap_ft_eap_pull(dev, apdev)
-
-def test_ap_ft_eap_pull_vlan(dev, apdev):
-    """WPA2-EAP-FT AP (pull PMK) - with VLAN"""
-    generic_ap_ft_eap_pull(dev, apdev, vlan=True)
-
-def test_ap_ft_eap_pull_wildcard(dev, apdev):
-    """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
-    params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["ft_psk_generate_local"] = "1"
-    params["eap_server"] = "0"
-    params["rkh_pos_timeout"] = "100"
-    params["rkh_neg_timeout"] = "50"
-    params["rkh_pull_timeout"] = "1234"
-    params["rkh_pull_retries"] = "10"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
-    params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["ft_psk_generate_local"] = "1"
-    params["eap_server"] = "0"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
-
-def test_ap_ft_eap_pull_wildcard_multi_bss(dev, apdev, params):
-    """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH with multiple BSSs"""
-    bssconf = os.path.join(params['logdir'],
-                           'ap_ft_eap_pull_wildcard_multi_bss.bss.conf')
-    ssid = "test-ft"
-    passphrase = "12345678"
-    radius = hostapd.radius_params()
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
-    params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["eap_server"] = "0"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-    ifname2 = apdev[0]['ifname'] + "-2"
-    bssid2 = "02:00:00:00:03:01"
-    params['nas_identifier'] = "nas1b.w1.fi"
-    params['r1_key_holder'] = "000102030415"
-    with open(bssconf, 'w') as f:
-        f.write("driver=nl80211\n")
-        f.write("hw_mode=g\n")
-        f.write("channel=1\n")
-        f.write("ieee80211n=1\n")
-        f.write("interface=%s\n" % ifname2)
-        f.write("bssid=%s\n" % bssid2)
-        f.write("ctrl_interface=/var/run/hostapd\n")
-
-        fields = ["ssid", "wpa_passphrase", "nas_identifier", "wpa_key_mgmt",
-                  "wpa", "rsn_pairwise", "auth_server_addr"]
-        for name in fields:
-            f.write("%s=%s\n" % (name, params[name]))
-        for name, val in params.items():
-            if name in fields:
-                continue
-            f.write("%s=%s\n" % (name, val))
-    hapd2 = hostapd.add_bss(apdev[0], ifname2, bssconf)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
-    params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["eap_server"] = "0"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    # The first iteration of the roaming test will use wildcard R0KH discovery
-    # and RRB sequence number synchronization while the second iteration shows
-    # the clean RRB exchange where those extra steps are not needed.
-    for i in range(2):
-        hapd.note("Test iteration %d" % i)
-        dev[0].note("Test iteration %d" % i)
-
-        id = dev[0].connect(ssid, key_mgmt="FT-EAP", eap="GPSK",
-                            identity="gpsk user",
-                            password="abcdefghijklmnop0123456789abcdef",
-                            bssid=bssid2,
-                            scan_freq="2412")
-        res = dev[0].get_status_field("bssid")
-        if res != bssid2:
-            raise Exception("Unexpected BSSID after initial connection: " + res)
-
-        dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-        dev[0].set_network(id, "bssid", "00:00:00:00:00:00")
-        dev[0].roam(apdev[1]['bssid'])
-        res = dev[0].get_status_field("bssid")
-        if res != apdev[1]['bssid']:
-            raise Exception("Unexpected BSSID after first roam: " + res)
-
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].roam(apdev[0]['bssid'])
-        res = dev[0].get_status_field("bssid")
-        if res != apdev[0]['bssid']:
-            raise Exception("Unexpected BSSID after second roam: " + res)
-
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-        hapd2.dump_monitor()
-
-@remote_compatible
-def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
-    """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True)
-
-@remote_compatible
-def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
-    """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True)
-
-@remote_compatible
-def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
-    """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params["nas_identifier"] = "nas0.w1.fi"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
-
-@remote_compatible
-def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
-    """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True)
-
-@remote_compatible
-def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
-    """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True)
-
-def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
-    """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True, eap=True)
-
-def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
-    """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True, eap=True)
-
-def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
-    """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params["nas_identifier"] = "nas0.w1.fi"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
-
-def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
-    """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True, eap=True)
-
-def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
-    """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["pmk_r1_push"] = "0"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              fail_test=True, eap=True)
-
-def test_ap_ft_gtk_rekey(dev, apdev):
-    """WPA2-PSK-FT AP and GTK rekey"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_group_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="1", scan_freq="2412")
-
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out after initial association")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_group_rekey'] = '1'
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].roam(apdev[1]['bssid'])
-    if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
-        raise Exception("Did not connect to correct AP")
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out after FT protocol")
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-
-def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
-    """WPA2-PSK-FT and key lifetime in memory"""
-    ssid = "test-ft"
-    passphrase = "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
-    psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
-    pmk = binascii.unhexlify(psk)
-    p = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], p)
-    p = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], p)
-
-    pid = find_wpas_process(dev[0])
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
-    # event has been delivered, so verify that wpa_supplicant has returned to
-    # eloop before reading process memory.
-    time.sleep(1)
-    dev[0].ping()
-
-    buf = read_process_memory(pid, pmk)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].relog()
-    pmkr0 = None
-    pmkr1 = None
-    ptk = None
-    gtk = None
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        for l in f.readlines():
-            if "FT: PMK-R0 - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                pmkr0 = binascii.unhexlify(val)
-            if "FT: PMK-R1 - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                pmkr1 = binascii.unhexlify(val)
-            if "FT: KCK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                kck = binascii.unhexlify(val)
-            if "FT: KEK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                kek = binascii.unhexlify(val)
-            if "FT: TK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                tk = binascii.unhexlify(val)
-            if "WPA: Group Key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                gtk = binascii.unhexlify(val)
-    if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
-        raise Exception("Could not find keys from debug log")
-    if len(gtk) != 16:
-        raise Exception("Unexpected GTK length")
-
-    logger.info("Checking keys in memory while associated")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, pmkr0, "PMK-R0")
-    get_key_locations(buf, pmkr1, "PMK-R1")
-    if pmk not in buf:
-        raise HwsimSkip("PMK not found while associated")
-    if pmkr0 not in buf:
-        raise HwsimSkip("PMK-R0 not found while associated")
-    if pmkr1 not in buf:
-        raise HwsimSkip("PMK-R1 not found while associated")
-    if kck not in buf:
-        raise Exception("KCK not found while associated")
-    if kek not in buf:
-        raise Exception("KEK not found while associated")
-    #if tk in buf:
-    #    raise Exception("TK found from memory")
-
-    logger.info("Checking keys in memory after disassociation")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, pmkr0, "PMK-R0")
-    get_key_locations(buf, pmkr1, "PMK-R1")
-
-    # Note: PMK/PSK is still present in network configuration
-
-    fname = os.path.join(params['logdir'],
-                         'ft_psk_key_lifetime_in_memory.memctx-')
-    verify_not_present(buf, pmkr0, fname, "PMK-R0")
-    verify_not_present(buf, pmkr1, fname, "PMK-R1")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    if gtk in buf:
-        get_key_locations(buf, gtk, "GTK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-    dev[0].request("REMOVE_NETWORK all")
-
-    logger.info("Checking keys in memory after network profile removal")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, pmkr0, "PMK-R0")
-    get_key_locations(buf, pmkr1, "PMK-R1")
-
-    verify_not_present(buf, pmk, fname, "PMK")
-    verify_not_present(buf, pmkr0, fname, "PMK-R0")
-    verify_not_present(buf, pmkr1, fname, "PMK-R1")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-@remote_compatible
-def test_ap_ft_invalid_resp(dev, apdev):
-    """WPA2-PSK-FT AP and invalid response IEs"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    tests = [
-        # Various IEs for test coverage. The last one is FTIE with invalid
-        # R1KH-ID subelement.
-        "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
-        # FTIE with invalid R0KH-ID subelement (len=0).
-        "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
-        # FTIE with invalid R0KH-ID subelement (len=49).
-        "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
-        # Invalid RSNE.
-        "020002000000" + "3000",
-        # Required IEs missing from protected IE count.
-        "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
-        # RIC missing from protected IE count.
-        "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
-        # Protected IE missing.
-        "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
-    for t in tests:
-        dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-        hapd1.set("ext_mgmt_frame_handling", "1")
-        hapd1.dump_monitor()
-        if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
-            raise Exception("ROAM failed")
-        auth = None
-        for i in range(20):
-            msg = hapd1.mgmt_rx()
-            if msg['subtype'] == 11:
-                auth = msg
-                break
-        if not auth:
-            raise Exception("Authentication frame not seen")
-
-        resp = {}
-        resp['fc'] = auth['fc']
-        resp['da'] = auth['sa']
-        resp['sa'] = auth['da']
-        resp['bssid'] = auth['bssid']
-        resp['payload'] = binascii.unhexlify(t)
-        hapd1.mgmt_tx(resp)
-        hapd1.set("ext_mgmt_frame_handling", "0")
-        dev[0].wait_disconnected()
-
-        dev[0].request("RECONNECT")
-        dev[0].wait_connected()
-
-def test_ap_ft_gcmp_256(dev, apdev):
-    """WPA2-PSK-FT AP with GCMP-256 cipher"""
-    if "GCMP-256" not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("Cipher GCMP-256 not supported")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['rsn_pairwise'] = "GCMP-256"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['rsn_pairwise'] = "GCMP-256"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
-              pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
-
-def setup_ap_ft_oom(dev, apdev):
-    skip_with_fips(dev[0])
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        dst = apdev[1]['bssid']
-    else:
-        dst = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(dst, freq="2412")
-
-    return dst
-
-def test_ap_ft_oom(dev, apdev):
-    """WPA2-PSK-FT and OOM"""
-    dst = setup_ap_ft_oom(dev, apdev)
-    with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
-        dev[0].roam(dst, check_bssid=False, fail_test=True)
-
-def test_ap_ft_oom2(dev, apdev):
-    """WPA2-PSK-FT and OOM (2)"""
-    dst = setup_ap_ft_oom(dev, apdev)
-    with fail_test(dev[0], 1, "wpa_ft_mic"):
-        dev[0].roam(dst, fail_test=True, assoc_reject_ok=True)
-
-def test_ap_ft_oom3(dev, apdev):
-    """WPA2-PSK-FT and OOM (3)"""
-    dst = setup_ap_ft_oom(dev, apdev)
-    with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
-        dev[0].roam(dst)
-
-def test_ap_ft_oom4(dev, apdev):
-    """WPA2-PSK-FT and OOM (4)"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    dst = setup_ap_ft_oom(dev, apdev)
-    dev[0].request("REMOVE_NETWORK all")
-    with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-
-def test_ap_ft_ap_oom(dev, apdev):
-    """WPA2-PSK-FT and AP OOM"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
-    dev[0].roam(bssid1, check_bssid=False)
-
-def test_ap_ft_ap_oom2(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 2"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    dev[0].roam(bssid1)
-    if dev[0].get_status_field('bssid') != bssid1:
-        raise Exception("Did not roam to AP1")
-    # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
-    dev[0].roam(bssid0)
-
-def test_ap_ft_ap_oom3(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 3"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
-        # This will fail due to not being able to send out PMK-R1 pull request
-        dev[0].roam(bssid1, check_bssid=False)
-
-    with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
-        # This will fail due to not being able to send out PMK-R1 pull request
-        dev[0].roam(bssid1, check_bssid=False)
-
-    with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
-        # This will fail due to not being able to send out PMK-R1 pull request
-        dev[0].roam(bssid1, check_bssid=False)
-
-def test_ap_ft_ap_oom3b(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 3b"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
-        # This will fail due to not being able to send out PMK-R1 pull request
-        dev[0].roam(bssid1)
-
-def test_ap_ft_ap_oom4(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 4"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
-        dev[0].roam(bssid1)
-        if dev[0].get_status_field('bssid') != bssid1:
-            raise Exception("Did not roam to AP1")
-
-    with fail_test(hapd0, 1, "i802_get_seqnum;wpa_ft_gtk_subelem"):
-        dev[0].roam(bssid0)
-        if dev[0].get_status_field('bssid') != bssid0:
-            raise Exception("Did not roam to AP0")
-
-    with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
-        dev[0].roam(bssid1)
-        if dev[0].get_status_field('bssid') != bssid1:
-            raise Exception("Did not roam to AP1")
-
-def test_ap_ft_ap_oom5(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 5"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-
-    with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-
-    with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-
-    with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-
-    with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-
-def test_ap_ft_ap_oom6(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 6"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-
-def test_ap_ft_ap_oom7a(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 7a"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="2", scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
-        # This will fail to roam
-        dev[0].roam(bssid1)
-
-def test_ap_ft_ap_oom7b(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 7b"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="2", scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
-        # This will fail to roam
-        dev[0].roam(bssid1)
-
-def test_ap_ft_ap_oom7c(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 7c"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="2", scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
-        # This will fail to roam
-        dev[0].roam(bssid1)
-
-def test_ap_ft_ap_oom7d(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 7d"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="2", scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
-        # This will fail to roam
-        dev[0].roam(bssid1)
-
-def test_ap_ft_ap_oom8(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 8"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['ft_psk_generate_local'] = "1"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['ft_psk_generate_local'] = "1"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-    with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-    with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
-        # This will fail to roam
-        dev[0].roam(bssid1, check_bssid=False)
-
-def test_ap_ft_ap_oom9(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 9"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-
-    with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
-
-    with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
-
-    with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
-
-def test_ap_ft_ap_oom10(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 10"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid1, freq="2412")
-
-    with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd0, "GET_FAIL")
-
-    with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd0, "GET_FAIL")
-
-    with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd0, "GET_FAIL")
-
-    with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
-        # This will fail to roam
-        if "OK" not in dev[0].request("FT_DS " + bssid1):
-            raise Exception("FT_DS failed")
-        wait_fail_trigger(hapd1, "GET_FAIL")
-
-def test_ap_ft_ap_oom11(dev, apdev):
-    """WPA2-PSK-FT and AP OOM 11"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    dev[0].scan_for_bss(bssid0, freq="2412")
-    with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-        wait_fail_trigger(hapd0, "GET_FAIL")
-
-    dev[1].scan_for_bss(bssid0, freq="2412")
-    with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
-        dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                       scan_freq="2412")
-        wait_fail_trigger(hapd0, "GET_FAIL")
-
-def test_ap_ft_over_ds_proto_ap(dev, apdev):
-    """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-    _bssid0 = bssid0.replace(':', '')
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    addr = dev[0].own_addr()
-    _addr = addr.replace(':', '')
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    _bssid1 = bssid1.replace(':', '')
-
-    hapd0.set("ext_mgmt_frame_handling", "1")
-    hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
-    valid = "0601" + _addr + _bssid1
-    tests = ["0601",
-             "0601" + _addr,
-             "0601" + _addr + _bssid0,
-             "0601" + _addr + "ffffffffffff",
-             "0601" + _bssid0 + _bssid0,
-             valid,
-             valid + "01",
-             valid + "3700",
-             valid + "3600",
-             valid + "3603ffffff",
-             valid + "3603a1b2ff",
-             valid + "3603a1b2ff" + "3700",
-             valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
-             valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
-             valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
-             valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
-             valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
-             valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
-             valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
-             valid + "0001"]
-    for t in tests:
-        hapd0.dump_monitor()
-        if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    hapd0.set("ext_mgmt_frame_handling", "0")
-
-def test_ap_ft_over_ds_proto(dev, apdev):
-    """WPA2-PSK-FT AP over DS protocol testing"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    # FT Action Response while no FT-over-DS in progress
-    msg = {}
-    msg['fc'] = 13 << 4
-    msg['da'] = dev[0].own_addr()
-    msg['sa'] = apdev[0]['bssid']
-    msg['bssid'] = apdev[0]['bssid']
-    msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
-    hapd0.mgmt_tx(msg)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    hapd0.set("ext_mgmt_frame_handling", "1")
-    hapd0.dump_monitor()
-    dev[0].request("FT_DS " + apdev[1]['bssid'])
-    for i in range(0, 10):
-        req = hapd0.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 13:
-            break
-        req = None
-    if not req:
-        raise Exception("FT Action frame not received")
-
-    # FT Action Response for unexpected Target AP
-    msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
-    hapd0.mgmt_tx(msg)
-
-    # FT Action Response without MDIE
-    msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
-    hapd0.mgmt_tx(msg)
-
-    # FT Action Response without FTIE
-    msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
-    hapd0.mgmt_tx(msg)
-
-    # FT Action Response with FTIE SNonce mismatch
-    msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
-    hapd0.mgmt_tx(msg)
-
-@remote_compatible
-def test_ap_ft_rrb(dev, apdev):
-    """WPA2-PSK-FT RRB protocol testing"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-
-    _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':', ''))
-    _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    proto = b'\x89\x0d'
-    ehdr = _dst_ll + _src_ll + proto
-
-    # Too short RRB frame
-    pkt = ehdr + b'\x01'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # RRB discarded frame wikth unrecognized type
-    pkt = ehdr + b'\x02' + b'\x02' + b'\x01\x00' + _src_ll
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # RRB frame too short for action frame
-    pkt = ehdr + b'\x01' + b'\x02' + b'\x01\x00' + _src_ll
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Too short RRB frame (not enough room for Action Frame body)
-    pkt = ehdr + b'\x01' + b'\x02' + b'\x00\x00' + _src_ll
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Unexpected Action frame category
-    pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Unexpected Action in RRB Request
-    pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Target AP address in RRB Request does not match with own address
-    pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Not enough room for status code in RRB Response
-    pkt = ehdr + b'\x01' + b'\x01' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # RRB discarded frame with unknown packet_type
-    pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # RRB Response with non-zero status code; no STA match
-    pkt = ehdr + b'\x01' + b'\x01' + b'\x10\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\xff\xff'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # RRB Response with zero status code and extra data; STA match
-    pkt = ehdr + b'\x01' + b'\x01' + b'\x11\x00' + _src_ll + b'\x06\x01' + _src_ll + b'\x00\x00\x00\x00\x00\x00' + b'\x00\x00' + b'\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Too short PMK-R1 pull
-    pkt = ehdr + b'\x01' + b'\xc8' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Too short PMK-R1 resp
-    pkt = ehdr + b'\x01' + b'\xc9' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Too short PMK-R1 push
-    pkt = ehdr + b'\x01' + b'\xca' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # No matching R0KH address found for PMK-R0 pull response
-    pkt = ehdr + b'\x01' + b'\xc9' + b'\x5a\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b'\00'
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-@remote_compatible
-def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
-    """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
-    bssid = apdev[0]['bssid']
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "1"
-    # This is the RSN element used normally by hostapd
-    params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                        ieee80211w="1", scan_freq="2412",
-                        pairwise="CCMP", group="CCMP")
-
-    tests = [('PMKIDCount field included',
-              '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
-             ('Extra IE before RSNE',
-              'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
-             ('PMKIDCount and Group Management Cipher suite fields included',
-              '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
-             ('Extra octet after defined fields (future extensibility)',
-              '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
-             ('No RSN Capabilities field (PMF disabled in practice)',
-              '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
-    for txt, ie in tests:
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        logger.info(txt)
-        hapd.disable()
-        hapd.set('own_ie_override', ie)
-        hapd.enable()
-        dev[0].request("BSS_FLUSH 0")
-        dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    logger.info('Invalid RSNE causing internal hostapd error')
-    hapd.disable()
-    hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
-    hapd.enable()
-    dev[0].request("BSS_FLUSH 0")
-    dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
-    dev[0].select_network(id, freq=2412)
-    # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
-    # complete.
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    dev[0].request("DISCONNECT")
-
-def start_ft(apdev, wpa_ptk_rekey=None):
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    if wpa_ptk_rekey:
-        params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    if wpa_ptk_rekey:
-        params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    return hapd0, hapd1
-
-def check_ptk_rekey(dev, hapd0=None, hapd1=None):
-    ev = dev.wait_event(["CTRL-EVENT-DISCONNECTED",
-                         "WPA: Key negotiation completed"], timeout=5)
-    if ev is None:
-        raise Exception("No event received after roam")
-    if "CTRL-EVENT-DISCONNECTED" in ev:
-        raise Exception("Unexpected disconnection after roam")
-
-    if not hapd0 or not hapd1:
-        return
-    if dev.get_status_field('bssid') == hapd0.own_addr():
-        hapd = hapd0
-    else:
-        hapd = hapd1
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev, hapd)
-
-def test_ap_ft_ptk_rekey(dev, apdev):
-    """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
-    hapd0, hapd1 = start_ft(apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1")
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_ptk_rekey2(dev, apdev):
-    """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
-    hapd0, hapd1 = start_ft(apdev)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1",
-              only_one_way=True)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_ptk_rekey_ap(dev, apdev):
-    """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
-    hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678")
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_ptk_rekey_ap2(dev, apdev):
-    """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
-    hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678",
-              only_one_way=True)
-    check_ptk_rekey(dev[0], hapd0, hapd1)
-
-def test_ap_ft_eap_ptk_rekey_ap(dev, apdev):
-    """WPA2-EAP-FT PTK rekeying triggered by AP"""
-    generic_ap_ft_eap(dev, apdev, only_one_way=True, wpa_ptk_rekey=2)
-    check_ptk_rekey(dev[0])
-
-def test_ap_ft_internal_rrb_check(dev, apdev):
-    """RRB internal delivery only to WPA enabled BSS"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "FT-EAP":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": ssid})
-
-    # Connect to WPA enabled AP
-    dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    # Try over_ds roaming to non-WPA-enabled AP.
-    # If hostapd does not check hapd->wpa_auth internally, it will crash now.
-    dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
-
-def test_ap_ft_extra_ie(dev, apdev):
-    """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
-                   scan_freq="2412")
-    try:
-        # Add Mobility Domain element to test AP validation code.
-        dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
-        dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-        if ev is None:
-            raise Exception("No connection result")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Non-FT association accepted with MDE")
-        if "status_code=43" not in ev:
-            raise Exception("Unexpected status code: " + ev)
-        dev[0].request("DISCONNECT")
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def test_ap_ft_ric(dev, apdev):
-    """WPA2-PSK-FT AP and RIC"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].set("ric_ies", "")
-    dev[0].set("ric_ies", '""')
-    if "FAIL" not in dev[0].request("SET ric_ies q"):
-        raise Exception("Invalid ric_ies value accepted")
-
-    tests = ["3900",
-             "3900ff04eeeeeeee",
-             "390400000000",
-             "390400000000" + "390400000000",
-             "390400000000" + "dd050050f20202",
-             "390400000000" + "dd3d0050f2020201" + 55*"00",
-             "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
-             "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
-    for t in tests:
-        dev[0].set("ric_ies", t)
-        run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
-                  test_connectivity=False)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-def ie_hex(ies, id):
-    return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]).decode()
-
-def test_ap_ft_reassoc_proto(dev, apdev):
-    """WPA2-PSK-FT AP Reassociation Request frame parsing"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="1", scan_freq="2412")
-    if dev[0].get_status_field('bssid') == hapd0.own_addr():
-        hapd1ap = hapd0
-        hapd2ap = hapd1
-    else:
-        hapd1ap = hapd1
-        hapd2ap = hapd0
-
-    dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
-    hapd2ap.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("ROAM " + hapd2ap.own_addr())
-
-    while True:
-        req = hapd2ap.mgmt_rx()
-        hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-        if req['subtype'] == 11:
-            break
-
-    while True:
-        req = hapd2ap.mgmt_rx()
-        if req['subtype'] == 2:
-            break
-        hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    # IEEE 802.11 header + fixed fields before IEs
-    hdr = binascii.hexlify(req['frame'][0:34]).decode()
-    ies = parse_ie(binascii.hexlify(req['frame'][34:]))
-    # First elements: SSID, Supported Rates, Extended Supported Rates
-    ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
-
-    rsne = ie_hex(ies, 48)
-    mde = ie_hex(ies, 54)
-    fte = ie_hex(ies, 55)
-    tests = []
-    # RSN: Trying to use FT, but MDIE not included
-    tests += [rsne]
-    # RSN: Attempted to use unknown MDIE
-    tests += [rsne + "3603000000"]
-    # Invalid RSN pairwise cipher
-    tests += ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
-    # FT: No PMKID in RSNIE
-    tests += ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54)]
-    # FT: Invalid FTIE
-    tests += [rsne + mde]
-    # FT: RIC IE(s) in the frame, but not included in protected IE count
-    # FT: Failed to parse FT IEs
-    tests += [rsne + mde + fte + "3900"]
-    # FT: SNonce mismatch in FTIE
-    tests += [rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00"]
-    # FT: ANonce mismatch in FTIE
-    tests += [rsne + mde + fte[0:40] + 32*"00" + fte[104:]]
-    # FT: No R0KH-ID subelem in FTIE
-    tests += [rsne + mde + "3752" + fte[4:168]]
-    # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
-    tests += [rsne + mde + "3755" + fte[4:168] + "0301ff"]
-    # FT: No R1KH-ID subelem in FTIE
-    tests += [rsne + mde + "375e" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode()]
-    # FT: Unknown R1KH-ID used in ReassocReq
-    tests += [rsne + mde + "3766" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode() + "0106000000000000"]
-    # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
-    tests += [rsne[:-32] + 16*"00" + mde + fte]
-    # Invalid MIC in FTIE
-    tests += [rsne + mde + fte[0:8] + 16*"00" + fte[40:]]
-    for t in tests:
-        hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
-
-def test_ap_ft_reassoc_local_fail(dev, apdev):
-    """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="1", scan_freq="2412")
-    if dev[0].get_status_field('bssid') == hapd0.own_addr():
-        hapd1ap = hapd0
-        hapd2ap = hapd1
-    else:
-        hapd1ap = hapd1
-        hapd2ap = hapd0
-
-    dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
-    # FT: Failed to calculate MIC
-    with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
-        dev[0].request("ROAM " + hapd2ap.own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-        dev[0].request("DISCONNECT")
-        if ev is None:
-            raise Exception("Association reject not seen")
-
-def test_ap_ft_reassoc_replay(dev, apdev, params):
-    """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
-    capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    if dev[0].get_status_field('bssid') == hapd0.own_addr():
-        hapd1ap = hapd0
-        hapd2ap = hapd1
-    else:
-        hapd1ap = hapd1
-        hapd2ap = hapd0
-
-    dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
-    hapd2ap.set("ext_mgmt_frame_handling", "1")
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
-        raise Exception("ROAM failed")
-
-    reassocreq = None
-    count = 0
-    while count < 100:
-        req = hapd2ap.mgmt_rx()
-        count += 1
-        hapd2ap.dump_monitor()
-        hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-        if req['subtype'] == 2:
-            reassocreq = req
-            ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
-            if ev is None:
-                raise Exception("No TX status seen")
-            cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-            if "OK" not in hapd2ap.request(cmd):
-                raise Exception("MGMT_TX_STATUS_PROCESS failed")
-            break
-    hapd2ap.set("ext_mgmt_frame_handling", "0")
-    if reassocreq is None:
-        raise Exception("No Reassociation Request frame seen")
-    dev[0].wait_connected()
-    dev[0].dump_monitor()
-    hapd2ap.dump_monitor()
-
-    hwsim_utils.test_connectivity(dev[0], hapd2ap)
-
-    logger.info("Replay the last Reassociation Request frame")
-    hapd2ap.dump_monitor()
-    hapd2ap.set("ext_mgmt_frame_handling", "1")
-    hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-    ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("No TX status seen")
-    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-    if "OK" not in hapd2ap.request(cmd):
-        raise Exception("MGMT_TX_STATUS_PROCESS failed")
-    hapd2ap.set("ext_mgmt_frame_handling", "0")
-
-    try:
-        hwsim_utils.test_connectivity(dev[0], hapd2ap)
-        ok = True
-    except:
-        ok = False
-
-    ap = hapd2ap.own_addr()
-    sta = dev[0].own_addr()
-    filt = "wlan.fc.type == 2 && " + \
-           "wlan.da == " + sta + " && " + \
-           "wlan.sa == " + ap + " && " + \
-           "wlan.fc.protected == 1"
-    fields = ["wlan.ccmp.extiv"]
-    res = run_tshark(capfile, filt, fields)
-    vals = res.splitlines()
-    logger.info("CCMP PN: " + str(vals))
-    if len(vals) < 2:
-        raise Exception("Could not find all CCMP protected frames from capture")
-    if len(set(vals)) < len(vals):
-        raise Exception("Duplicate CCMP PN used")
-
-    if not ok:
-        raise Exception("The second hwsim connectivity test failed")
-
-def test_ap_ft_psk_file(dev, apdev):
-    """WPA2-PSK-FT AP with PSK from a file"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1a(ssid=ssid, passphrase=passphrase)
-    params['wpa_psk_file'] = 'hostapd.wpa_psk'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[1].connect(ssid, psk="very secret",
-                   key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
-                   scan_freq="2412", wait_connect=False)
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="1", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
-                   ieee80211w="1", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].connect(ssid, psk="secret passphrase",
-                   key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
-                   scan_freq="2412")
-    dev[2].connect(ssid, psk="another passphrase for all STAs",
-                   key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
-                   scan_freq="2412")
-    ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
-    if ev is None:
-        raise Exception("Timed out while waiting for failure report")
-    dev[1].request("REMOVE_NETWORK all")
-
-def test_ap_ft_eap_ap_config_change(dev, apdev):
-    """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-    bssid = apdev[0]['bssid']
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
-    params['wpa_key_mgmt'] = "WPA-EAP"
-    params["ieee8021x"] = "1"
-    params["pmk_r1_push"] = "0"
-    params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
-    params["eap_server"] = "0"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    hapd.set('wpa_key_mgmt', "FT-EAP")
-    hapd.enable()
-
-    dev[0].request("BSS_FLUSH 0")
-    dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
-
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_ap_ft_eap_sha384(dev, apdev):
-    """WPA2-EAP-FT with SHA384"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    conf = hapd0.request("GET_CONFIG")
-    if "key_mgmt=FT-EAP-SHA384" not in conf.splitlines():
-        logger.info("GET_CONFIG:\n" + conf)
-        raise Exception("GET_CONFIG did not report correct key_mgmt")
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
-              sha384=True)
-
-def test_ap_ft_eap_sha384_reassoc(dev, apdev):
-    """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
-    check_suite_b_192_capa(dev)
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
-              sha384=True, also_non_ft=True, roam_with_reassoc=True)
-
-def test_ap_ft_eap_sha384_over_ds(dev, apdev):
-    """WPA2-EAP-FT with SHA384 over DS"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
-              eap=True, sha384=True)
-
-def test_ap_ft_roam_rrm(dev, apdev):
-    """WPA2-PSK-FT AP and radio measurement request"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["rrm_beacon_report"] = "1"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    addr = dev[0].own_addr()
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
-                   scan_freq="2412")
-    check_beacon_req(hapd0, addr, 1)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["rrm_beacon_report"] = "1"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-
-    dev[0].scan_for_bss(bssid1, freq=2412)
-    dev[0].roam(bssid1)
-    check_beacon_req(hapd1, addr, 2)
-
-    dev[0].scan_for_bss(bssid0, freq=2412)
-    dev[0].roam(bssid0)
-    check_beacon_req(hapd0, addr, 3)
-
-def test_ap_ft_pmksa_caching(dev, apdev):
-    """FT-EAP and PMKSA caching for initial mobility domain association"""
-    ssid = "test-ft"
-    identity = "gpsk user"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params["mobility_domain"] = "c3d4"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = ft_params2(ssid=ssid)
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params["ieee8021x"] = "1"
-    params["mobility_domain"] = "c3d4"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True,
-              eap_identity=identity, pmksa_caching=True)
-
-def test_ap_ft_pmksa_caching_sha384(dev, apdev):
-    """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
-    ssid = "test-ft"
-    identity = "gpsk user"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid)
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params["mobility_domain"] = "c3d4"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = ft_params2(ssid=ssid)
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384"
-    params["ieee8021x"] = "1"
-    params["mobility_domain"] = "c3d4"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True,
-              eap_identity=identity, pmksa_caching=True, sha384=True)
-
-def test_ap_ft_r1_key_expiration(dev, apdev):
-    """WPA2-PSK-FT and PMK-R1 expiration"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['r1_max_key_lifetime'] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['r1_max_key_lifetime'] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    # This succeeds, but results in having to run another PMK-R1 pull before the
-    # second AP can complete FT protocol.
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, wait_before_roam=4)
-
-def test_ap_ft_r0_key_expiration(dev, apdev):
-    """WPA2-PSK-FT and PMK-R0 expiration"""
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params.pop('r0_key_lifetime', None)
-    params['ft_r0_key_lifetime'] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params.pop('r0_key_lifetime', None)
-    params['ft_r0_key_lifetime'] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    bssid2 = run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
-                       return_after_initial=True)
-    time.sleep(4)
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    if "OK" not in dev[0].request("ROAM " + bssid2):
-        raise Exception("ROAM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-AUTH-REJECT",
-                            "CTRL-EVENT-ASSOC-REJECT"], timeout=5)
-    dev[0].request("DISCONNECT")
-    if ev is None or "CTRL-EVENT-AUTH-REJECT" not in ev:
-        raise Exception("FT protocol failure not reported")
-    if "status_code=53" not in ev:
-        raise Exception("Unexpected status in FT protocol failure: " + ev)
-
-    # Generate a new PMK-R0
-    dev[0].dump_monitor()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_ap_ft_no_full_ap_client_state(dev, apdev):
-    """WPA2-PSK-FT AP with full_ap_client_state=0"""
-    run_ap_ft_skip_prune_assoc(dev, apdev, False, False)
-
-def test_ap_ft_skip_prune_assoc(dev, apdev):
-    """WPA2-PSK-FT AP with skip_prune_assoc"""
-    run_ap_ft_skip_prune_assoc(dev, apdev, True, True)
-
-def test_ap_ft_skip_prune_assoc2(dev, apdev):
-    """WPA2-PSK-FT AP with skip_prune_assoc (disable full_ap_client_state)"""
-    run_ap_ft_skip_prune_assoc(dev, apdev, True, False, test_connectivity=False)
-
-def test_ap_ft_skip_prune_assoc_pmf(dev, apdev):
-    """WPA2-PSK-FT/PMF AP with skip_prune_assoc"""
-    run_ap_ft_skip_prune_assoc(dev, apdev, True, True, pmf=True)
-
-def test_ap_ft_skip_prune_assoc_pmf_over_ds(dev, apdev):
-    """WPA2-PSK-FT/PMF AP with skip_prune_assoc (over DS)"""
-    run_ap_ft_skip_prune_assoc(dev, apdev, True, True, pmf=True, over_ds=True)
-
-def run_ap_ft_skip_prune_assoc(dev, apdev, skip_prune_assoc,
-                               full_ap_client_state, test_connectivity=True,
-                               pmf=False, over_ds=False):
-    ssid = "test-ft"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    if skip_prune_assoc:
-        params['skip_prune_assoc'] = '1'
-    if not full_ap_client_state:
-        params['driver_params'] = "full_ap_client_state=0"
-    if pmf:
-        params["ieee80211w"] = "2"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    if skip_prune_assoc:
-        params['skip_prune_assoc'] = '1'
-    if not full_ap_client_state:
-        params['driver_params'] = "full_ap_client_state=0"
-    if pmf:
-        params["ieee80211w"] = "2"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
-              ieee80211w="2" if pmf else "0",
-              over_ds=over_ds, test_connectivity=test_connectivity)
-
-def test_ap_ft_sae_skip_prune_assoc(dev, apdev):
-    """WPA2-PSK-FT-SAE AP with skip_prune_assoc"""
-    hapd0, hapd1 = start_ft_sae(dev[0], apdev, skip_prune_assoc=True)
-    run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
diff --git a/tests/hwsim/test_ap_hs20.py b/tests/hwsim/test_ap_hs20.py
deleted file mode 100644
index e3cb8a4c7bc2..000000000000
--- a/tests/hwsim/test_ap_hs20.py
+++ /dev/null
@@ -1,6496 +0,0 @@
-# Hotspot 2.0 tests
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import base64
-import binascii
-import struct
-import time
-import logging
-logger = logging.getLogger()
-import os
-import os.path
-import socket
-import subprocess
-
-import hostapd
-from utils import *
-import hwsim_utils
-from tshark import run_tshark
-from wlantest import Wlantest
-from wpasupplicant import WpaSupplicant
-from wlantest import WlantestCapture
-from test_ap_eap import check_eap_capa, check_domain_match_full
-from test_gas import gas_rx, parse_gas, action_response, anqp_initial_resp, send_gas_resp, ACTION_CATEG_PUBLIC, GAS_INITIAL_RESPONSE
-
-def hs20_ap_params(ssid="test-hs20"):
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_key_mgmt'] = "WPA-EAP"
-    params['ieee80211w'] = "1"
-    params['ieee8021x'] = "1"
-    params['auth_server_addr'] = "127.0.0.1"
-    params['auth_server_port'] = "1812"
-    params['auth_server_shared_secret'] = "radius"
-    params['interworking'] = "1"
-    params['access_network_type'] = "14"
-    params['internet'] = "1"
-    params['asra'] = "0"
-    params['esr'] = "0"
-    params['uesa'] = "0"
-    params['venue_group'] = "7"
-    params['venue_type'] = "1"
-    params['venue_name'] = ["eng:Example venue", "fin:Esimerkkipaikka"]
-    params['roaming_consortium'] = ["112233", "1020304050", "010203040506",
-                                    "fedcba"]
-    params['domain_name'] = "example.com,another.example.com"
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]",
-                           "0,another.example.com"]
-    params['hs20'] = "1"
-    params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
-    params['hs20_conn_capab'] = ["1:0:2", "6:22:1", "17:5060:0"]
-    params['hs20_operating_class'] = "5173"
-    params['anqp_3gpp_cell_net'] = "244,91"
-    return params
-
-def check_auto_select(dev, bssid):
-    dev.scan_for_bss(bssid, freq="2412")
-    dev.request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev.wait_connected(timeout=15)
-    if bssid not in ev:
-        raise Exception("Connected to incorrect network")
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-def interworking_select(dev, bssid, type=None, no_match=False, freq=None):
-    dev.dump_monitor()
-    if bssid and freq and not no_match:
-        dev.scan_for_bss(bssid, freq=freq)
-    freq_extra = " freq=" + str(freq) if freq else ""
-    dev.request("INTERWORKING_SELECT" + freq_extra)
-    ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
-                        timeout=15)
-    if ev is None:
-        raise Exception("Network selection timed out")
-    if no_match:
-        if "INTERWORKING-NO-MATCH" not in ev:
-            raise Exception("Unexpected network match")
-        return
-    if "INTERWORKING-NO-MATCH" in ev:
-        logger.info("Matching network not found - try again")
-        dev.dump_monitor()
-        dev.request("INTERWORKING_SELECT" + freq_extra)
-        ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
-                            timeout=15)
-        if ev is None:
-            raise Exception("Network selection timed out")
-        if "INTERWORKING-NO-MATCH" in ev:
-            raise Exception("Matching network not found")
-    if bssid and bssid not in ev:
-        raise Exception("Unexpected BSSID in match")
-    if type and "type=" + type not in ev:
-        raise Exception("Network type not recognized correctly")
-
-def check_sp_type(dev, sp_type):
-    type = dev.get_status_field("sp_type")
-    if type is None:
-        raise Exception("sp_type not available")
-    if type != sp_type:
-        raise Exception("sp_type did not indicate %s network" % sp_type)
-
-def hlr_auc_gw_available():
-    if not os.path.exists("/tmp/hlr_auc_gw.sock"):
-        raise HwsimSkip("No hlr_auc_gw socket available")
-    if not os.path.exists("../../hostapd/hlr_auc_gw"):
-        raise HwsimSkip("No hlr_auc_gw available")
-
-def interworking_ext_sim_connect(dev, bssid, method):
-    dev.request("INTERWORKING_CONNECT " + bssid)
-    interworking_ext_sim_auth(dev, method)
-
-def interworking_ext_sim_auth(dev, method):
-    ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-    if ev is None:
-        raise Exception("Network connected timed out")
-    if "(" + method + ")" not in ev:
-        raise Exception("Unexpected EAP method selection")
-
-    ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
-    if ev is None:
-        raise Exception("Wait for external SIM processing request timed out")
-    p = ev.split(':', 2)
-    if p[1] != "GSM-AUTH":
-        raise Exception("Unexpected CTRL-REQ-SIM type")
-    id = p[0].split('-')[3]
-    rand = p[2].split(' ')[0]
-
-    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
-                                   "-m",
-                                   "auth_serv/hlr_auc_gw.milenage_db",
-                                   "GSM-AUTH-REQ 232010000000000 " + rand]).decode()
-    if "GSM-AUTH-RESP" not in res:
-        raise Exception("Unexpected hlr_auc_gw response")
-    resp = res.split(' ')[2].rstrip()
-
-    dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
-    dev.wait_connected(timeout=15)
-
-def interworking_connect(dev, bssid, method):
-    dev.request("INTERWORKING_CONNECT " + bssid)
-    interworking_auth(dev, method)
-
-def interworking_auth(dev, method):
-    ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-    if ev is None:
-        raise Exception("Network connected timed out")
-    if "(" + method + ")" not in ev:
-        raise Exception("Unexpected EAP method selection")
-
-    dev.wait_connected(timeout=15)
-
-def check_probe_resp(wt, bssid_unexpected, bssid_expected):
-    if bssid_unexpected:
-        count = wt.get_bss_counter("probe_response", bssid_unexpected)
-        if count > 0:
-            raise Exception("Unexpected Probe Response frame from AP")
-
-    if bssid_expected:
-        count = wt.get_bss_counter("probe_response", bssid_expected)
-        if count == 0:
-            raise Exception("No Probe Response frame from AP")
-
-def test_ap_anqp_sharing(dev, apdev):
-    """ANQP sharing within ESS and explicit unshare"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com"})
-    logger.info("Normal network selection with shared ANQP results")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    interworking_select(dev[0], None, "home", freq="2412")
-    dev[0].dump_monitor()
-    state = dev[0].get_status_field('wpa_state')
-    if state != "DISCONNECTED":
-        raise Exception("Unexpected wpa_state after INTERWORKING_SELECT: " + state)
-
-    logger.debug("BSS entries:\n" + dev[0].request("BSS RANGE=ALL"))
-    res1 = dev[0].get_bss(bssid)
-    res2 = dev[0].get_bss(bssid2)
-    if 'anqp_nai_realm' not in res1:
-        raise Exception("anqp_nai_realm not found for AP1")
-    if 'anqp_nai_realm' not in res2:
-        raise Exception("anqp_nai_realm not found for AP2")
-    if res1['anqp_nai_realm'] != res2['anqp_nai_realm']:
-        raise Exception("ANQP results were not shared between BSSes")
-
-    logger.info("Explicit ANQP request to unshare ANQP results")
-    dev[0].request("ANQP_GET " + bssid + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-
-    dev[0].request("ANQP_GET " + bssid2 + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-
-    res1 = dev[0].get_bss(bssid)
-    res2 = dev[0].get_bss(bssid2)
-    if res1['anqp_nai_realm'] == res2['anqp_nai_realm']:
-        raise Exception("ANQP results were not unshared")
-
-def test_ap_anqp_domain_id(dev, apdev):
-    """ANQP Domain ID"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_domain_id'] = '1234'
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_domain_id'] = '1234'
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com"})
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    interworking_select(dev[0], None, "home", freq="2412")
-
-def test_ap_anqp_no_sharing_diff_ess(dev, apdev):
-    """ANQP no sharing between ESSs"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-another")
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com"})
-    logger.info("Normal network selection with shared ANQP results")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    interworking_select(dev[0], None, "home", freq="2412")
-
-def test_ap_anqp_no_sharing_missing_info(dev, apdev):
-    """ANQP no sharing due to missing information"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['roaming_consortium']
-    del params['domain_name']
-    del params['anqp_3gpp_cell_net']
-    del params['nai_realm']
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com"})
-    logger.info("Normal network selection with shared ANQP results")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    interworking_select(dev[0], None, "home", freq="2412")
-
-def test_ap_anqp_sharing_oom(dev, apdev):
-    """ANQP sharing within ESS and explicit unshare OOM"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com"})
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    interworking_select(dev[0], None, "home", freq="2412")
-    dev[0].dump_monitor()
-
-    with alloc_fail(dev[0], 1, "wpa_bss_anqp_clone"):
-        dev[0].request("ANQP_GET " + bssid + " 263")
-        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-        if ev is None:
-            raise Exception("ANQP operation timed out")
-
-def test_ap_nai_home_realm_query(dev, apdev):
-    """NAI Home Realm Query"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]",
-                           "0,another.example.org"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan(freq="2412")
-    dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " realm=example.com")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-    nai1 = dev[0].get_bss(bssid)['anqp_nai_realm']
-    dev[0].dump_monitor()
-
-    dev[0].request("ANQP_GET " + bssid + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-    nai2 = dev[0].get_bss(bssid)['anqp_nai_realm']
-
-    if len(nai1) >= len(nai2):
-        raise Exception("Unexpected NAI Realm list response lengths")
-    if binascii.hexlify(b"example.com").decode() not in nai1:
-        raise Exception("Home realm not reported")
-    if binascii.hexlify(b"example.org").decode() in nai1:
-        raise Exception("Non-home realm reported")
-    if binascii.hexlify(b"example.com").decode() not in nai2:
-        raise Exception("Home realm not reported in wildcard query")
-    if binascii.hexlify(b"example.org").decode() not in nai2:
-        raise Exception("Non-home realm not reported in wildcard query ")
-
-    cmds = ["foo",
-            "00:11:22:33:44:55 123",
-            "00:11:22:33:44:55 qq"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + cmd):
-            raise Exception("Invalid HS20_GET_NAI_HOME_REALM_LIST accepted: " + cmd)
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
-        raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected ANQP response: " + ev)
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " 01000b6578616d706c652e636f6d"):
-        raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
-    if ev is None:
-        raise Exception("No ANQP response")
-    if "NAI Realm list" not in ev:
-        raise Exception("Missing NAI Realm list: " + ev)
-
-    dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                            'password': "secret",
-                            'domain': "example.com"})
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
-        raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
-    if ev is None:
-        raise Exception("No ANQP response")
-    if "NAI Realm list" not in ev:
-        raise Exception("Missing NAI Realm list: " + ev)
-
-@remote_compatible
-def test_ap_interworking_scan_filtering(dev, apdev):
-    """Interworking scan filtering with HESSID and access network type"""
-    try:
-        _test_ap_interworking_scan_filtering(dev, apdev)
-    finally:
-        dev[0].request("SET hessid 00:00:00:00:00:00")
-        dev[0].request("SET access_network_type 15")
-
-def _test_ap_interworking_scan_filtering(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    ssid = "test-hs20-ap1"
-    params['ssid'] = ssid
-    params['hessid'] = bssid
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    ssid2 = "test-hs20-ap2"
-    params['ssid'] = ssid2
-    params['hessid'] = bssid2
-    params['access_network_type'] = "1"
-    del params['venue_group']
-    del params['venue_type']
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-
-    Wlantest.setup(hapd0)
-    wt = Wlantest()
-    wt.flush()
-
-    # Make sure wlantest has seen both BSSs to avoid issues in trying to clear
-    # counters for non-existing BSS.
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    wt.clear_bss_counters(bssid)
-    wt.clear_bss_counters(bssid2)
-
-    logger.info("Check probe request filtering based on HESSID")
-
-    dev[0].request("SET hessid " + bssid2)
-    dev[0].scan(freq="2412")
-    time.sleep(0.03)
-    check_probe_resp(wt, bssid, bssid2)
-
-    logger.info("Check probe request filtering based on access network type")
-
-    wt.clear_bss_counters(bssid)
-    wt.clear_bss_counters(bssid2)
-    dev[0].request("SET hessid 00:00:00:00:00:00")
-    dev[0].request("SET access_network_type 14")
-    dev[0].scan(freq="2412")
-    time.sleep(0.03)
-    check_probe_resp(wt, bssid2, bssid)
-
-    wt.clear_bss_counters(bssid)
-    wt.clear_bss_counters(bssid2)
-    dev[0].request("SET hessid 00:00:00:00:00:00")
-    dev[0].request("SET access_network_type 1")
-    dev[0].scan(freq="2412")
-    time.sleep(0.03)
-    check_probe_resp(wt, bssid, bssid2)
-
-    logger.info("Check probe request filtering based on HESSID and ANT")
-
-    wt.clear_bss_counters(bssid)
-    wt.clear_bss_counters(bssid2)
-    dev[0].request("SET hessid " + bssid)
-    dev[0].request("SET access_network_type 14")
-    dev[0].scan(freq="2412")
-    time.sleep(0.03)
-    check_probe_resp(wt, bssid2, bssid)
-
-    wt.clear_bss_counters(bssid)
-    wt.clear_bss_counters(bssid2)
-    dev[0].request("SET hessid " + bssid2)
-    dev[0].request("SET access_network_type 14")
-    dev[0].scan(freq="2412")
-    time.sleep(0.03)
-    check_probe_resp(wt, bssid, None)
-    check_probe_resp(wt, bssid2, None)
-
-    wt.clear_bss_counters(bssid)
-    wt.clear_bss_counters(bssid2)
-    dev[0].request("SET hessid " + bssid)
-    dev[0].request("SET access_network_type 1")
-    dev[0].scan(freq="2412")
-    time.sleep(0.03)
-    check_probe_resp(wt, bssid, None)
-    check_probe_resp(wt, bssid2, None)
-
-def test_ap_hs20_select(dev, apdev):
-    """Hotspot 2.0 network selection"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home")
-
-    dev[0].remove_cred(id)
-    id = dev[0].add_cred_values({'realm': "example.com", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "no.match.example.com"})
-    interworking_select(dev[0], bssid, "roaming", freq="2412")
-
-    dev[0].set_cred_quoted(id, "realm", "no.match.example.com")
-    interworking_select(dev[0], bssid, no_match=True, freq="2412")
-
-    res = dev[0].request("SCAN_RESULTS")
-    if "[HS20]" not in res:
-        raise Exception("HS20 flag missing from scan results: " + res)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.org,21"]
-    params['hessid'] = bssid2
-    params['domain_name'] = "example.org"
-    hostapd.add_ap(apdev[1], params)
-    dev[0].remove_cred(id)
-    id = dev[0].add_cred_values({'realm': "example.org", 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.org"})
-    interworking_select(dev[0], bssid2, "home", freq="2412")
-
-def hs20_simulated_sim(dev, ap, method):
-    bssid = ap['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
-    hostapd.add_ap(ap, params)
-
-    dev.hs20_enable()
-    dev.add_cred_values({'imsi': "555444-333222111", 'eap': method,
-                         'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
-    interworking_select(dev, bssid, "home", freq="2412")
-    interworking_connect(dev, bssid, method)
-    check_sp_type(dev, "home")
-
-def test_ap_hs20_sim(dev, apdev):
-    """Hotspot 2.0 with simulated SIM and EAP-SIM"""
-    hlr_auc_gw_available()
-    hs20_simulated_sim(dev[0], apdev[0], "SIM")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on already-connected event")
-
-def test_ap_hs20_sim_invalid(dev, apdev):
-    """Hotspot 2.0 with simulated SIM and EAP-SIM - invalid IMSI"""
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'imsi': "555444-3332221110", 'eap': "SIM",
-                            'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
-    # This hits "No valid IMSI available" in build_root_nai()
-    interworking_select(dev[0], bssid, freq="2412")
-
-def test_ap_hs20_sim_oom(dev, apdev):
-    """Hotspot 2.0 with simulated SIM and EAP-SIM - OOM"""
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'imsi': "555444-333222111", 'eap': "SIM",
-                            'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
-    dev[0].scan_for_bss(bssid, freq=2412)
-    interworking_select(dev[0], bssid, freq="2412")
-
-    with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect_3gpp"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "=interworking_connect_3gpp"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_ap_hs20_aka(dev, apdev):
-    """Hotspot 2.0 with simulated USIM and EAP-AKA"""
-    hlr_auc_gw_available()
-    hs20_simulated_sim(dev[0], apdev[0], "AKA")
-
-def test_ap_hs20_aka_prime(dev, apdev):
-    """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
-    hlr_auc_gw_available()
-    hs20_simulated_sim(dev[0], apdev[0], "AKA'")
-
-def test_ap_hs20_ext_sim(dev, apdev):
-    """Hotspot 2.0 with external SIM processing"""
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "232,01"
-    params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    try:
-        dev[0].request("SET external_sim 1")
-        dev[0].add_cred_values({'imsi': "23201-0000000000", 'eap': "SIM"})
-        interworking_select(dev[0], bssid, "home", freq="2412")
-        interworking_ext_sim_connect(dev[0], bssid, "SIM")
-        check_sp_type(dev[0], "home")
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def test_ap_hs20_ext_sim_roaming(dev, apdev):
-    """Hotspot 2.0 with external SIM processing in roaming network"""
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
-    params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    try:
-        dev[0].request("SET external_sim 1")
-        dev[0].add_cred_values({'imsi': "23201-0000000000", 'eap': "SIM"})
-        interworking_select(dev[0], bssid, "roaming", freq="2412")
-        interworking_ext_sim_connect(dev[0], bssid, "SIM")
-        check_sp_type(dev[0], "roaming")
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def test_ap_hs20_username(dev, apdev):
-    """Hotspot 2.0 connection in username/password credential"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    check_sp_type(dev[0], "home")
-    status = dev[0].get_status()
-    if status['pairwise_cipher'] != "CCMP":
-        raise Exception("Unexpected pairwise cipher")
-    if status['hs20'] != "3":
-        raise Exception("Unexpected HS 2.0 support indication")
-
-    dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-
-def test_ap_hs20_connect_api(dev, apdev):
-    """Hotspot 2.0 connection with connect API"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.hs20_enable()
-    wpas.flush_scan_cache()
-    id = wpas.add_cred_values({'realm': "example.com",
-                               'username': "hs20-test",
-                               'password': "password",
-                               'ca_cert': "auth_serv/ca.pem",
-                               'domain': "example.com",
-                               'update_identifier': "1234"})
-    interworking_select(wpas, bssid, "home", freq="2412")
-    interworking_connect(wpas, bssid, "TTLS")
-    check_sp_type(wpas, "home")
-    status = wpas.get_status()
-    if status['pairwise_cipher'] != "CCMP":
-        raise Exception("Unexpected pairwise cipher")
-    if status['hs20'] != "3":
-        raise Exception("Unexpected HS 2.0 support indication")
-
-def test_ap_hs20_auto_interworking(dev, apdev):
-    """Hotspot 2.0 connection with auto_interworking=1"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable(auto_interworking=True)
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=15)
-    check_sp_type(dev[0], "home")
-    status = dev[0].get_status()
-    if status['pairwise_cipher'] != "CCMP":
-        raise Exception("Unexpected pairwise cipher")
-    if status['hs20'] != "3":
-        raise Exception("Unexpected HS 2.0 support indication")
-
-def test_ap_hs20_auto_interworking_global_pmf(dev, apdev):
-    """Hotspot 2.0 connection with auto_interworking=1 and pmf=2"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable(auto_interworking=True)
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    try:
-        dev[0].set("pmf", "2")
-        dev[0].request("REASSOCIATE")
-        dev[0].wait_connected(timeout=15)
-        pmf = dev[0].get_status_field("pmf")
-        if pmf != "1":
-            raise Exception("Unexpected PMF state: " + str(pmf))
-    finally:
-        dev[0].set("pmf", "0")
-
-def test_ap_hs20_auto_interworking_global_pmf_fail(dev, apdev):
-    """Hotspot 2.0 connection with auto_interworking=1 and pmf=2 failure"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['ieee80211w'] = "0"
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable(auto_interworking=True)
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    try:
-        dev[0].set("pmf", "2")
-        dev[0].request("REASSOCIATE")
-        for i in range(2):
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "INTERWORKING-SELECTED"], timeout=15)
-            if ev is None:
-                raise Exception("Connection result not reported")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection")
-        dev[0].request("DISCONNECT")
-    finally:
-        dev[0].set("pmf", "0")
-
-@remote_compatible
-def test_ap_hs20_auto_interworking_no_match(dev, apdev):
-    """Hotspot 2.0 connection with auto_interworking=1 and no matching network"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "mismatch"})
-
-    dev[0].hs20_enable(auto_interworking=True)
-    id = dev[0].connect("mismatch", psk="12345678", scan_freq="2412",
-                        only_add_network=True)
-    dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect")
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    for i in range(5):
-        logger.info("start ping")
-        if "PONG" not in dev[0].ctrl.request("PING", timeout=2):
-            raise Exception("PING failed")
-        logger.info("ping done")
-        fetch = 0
-        scan = 0
-        for j in range(15):
-            ev = dev[0].wait_event(["ANQP fetch completed",
-                                    "CTRL-EVENT-SCAN-RESULTS"], timeout=0.05)
-            if ev is None:
-                break
-            if "ANQP fetch completed" in ev:
-                fetch += 1
-            else:
-                scan += 1
-        if fetch > 2 * scan + 3:
-            raise Exception("Too many ANQP fetch iterations")
-        dev[0].dump_monitor()
-    dev[0].request("DISCONNECT")
-
-@remote_compatible
-def test_ap_hs20_auto_interworking_no_cred_match(dev, apdev):
-    """Hotspot 2.0 connection with auto_interworking=1 but no cred match"""
-    bssid = apdev[0]['bssid']
-    params = {"ssid": "test"}
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable(auto_interworking=True)
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "hs20-test",
-                            'password': "password",
-                            'ca_cert': "auth_serv/ca.pem",
-                            'domain': "example.com"})
-
-    id = dev[0].connect("test", psk="12345678", only_add_network=True)
-    dev[0].request("ENABLE_NETWORK %s" % id)
-    logger.info("Verify that scanning continues when there is partial network block match")
-    for i in range(0, 2):
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-        if ev is None:
-            raise Exception("Scan timed out")
-        logger.info("Scan completed")
-
-def eap_test(dev, ap, eap_params, method, user, release=0):
-    bssid = ap['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com," + eap_params]
-    if release > 0:
-        params['hs20_release'] = str(release)
-    hapd = hostapd.add_ap(ap, params)
-
-    dev.flush_scan_cache()
-    dev.hs20_enable()
-    dev.add_cred_values({'realm': "example.com",
-                         'ca_cert': "auth_serv/ca.pem",
-                         'username': user,
-                         'password': "password"})
-    interworking_select(dev, bssid, freq="2412")
-    interworking_connect(dev, bssid, method)
-    return hapd
-
-@remote_compatible
-def test_ap_hs20_eap_unknown(dev, apdev):
-    """Hotspot 2.0 connection with unknown EAP method"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,99"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred())
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
-    """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")
-
-def test_ap_hs20_eap_peap_default(dev, apdev):
-    """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    eap_test(dev[0], apdev[0], "25", "PEAP", "user")
-
-def test_ap_hs20_eap_peap_gtc(dev, apdev):
-    """Hotspot 2.0 connection with PEAP/GTC"""
-    eap_test(dev[0], apdev[0], "25[3:6]", "PEAP", "user")
-
-@remote_compatible
-def test_ap_hs20_eap_peap_unknown(dev, apdev):
-    """Hotspot 2.0 connection with PEAP/unknown"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,25[3:99]"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred())
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-def test_ap_hs20_eap_ttls_chap(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/CHAP"""
-    skip_with_fips(dev[0])
-    eap_test(dev[0], apdev[0], "21[2:2]", "TTLS", "chap user")
-
-def test_ap_hs20_eap_ttls_mschap(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/MSCHAP"""
-    skip_with_fips(dev[0])
-    eap_test(dev[0], apdev[0], "21[2:3]", "TTLS", "mschap user")
-
-def test_ap_hs20_eap_ttls_default(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/default"""
-    skip_with_fips(dev[0])
-    eap_test(dev[0], apdev[0], "21", "TTLS", "hs20-test")
-
-def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")
-
-@remote_compatible
-def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/EAP-unknown"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[3:99]"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred())
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-@remote_compatible
-def test_ap_hs20_eap_ttls_eap_unsupported(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/EAP-OTP(unsupported)"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[3:5]"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred())
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-@remote_compatible
-def test_ap_hs20_eap_ttls_unknown(dev, apdev):
-    """Hotspot 2.0 connection with TTLS/unknown"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[2:5]"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred())
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-def test_ap_hs20_eap_fast_mschapv2(dev, apdev):
-    """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
-    check_eap_capa(dev[0], "FAST")
-    eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user")
-
-def test_ap_hs20_eap_fast_gtc(dev, apdev):
-    """Hotspot 2.0 connection with FAST/EAP-GTC"""
-    check_eap_capa(dev[0], "FAST")
-    eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user")
-
-def test_ap_hs20_eap_tls(dev, apdev):
-    """Hotspot 2.0 connection with EAP-TLS"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,13[5:6]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "certificate-user",
-                            'ca_cert': "auth_serv/ca.pem",
-                            'client_cert': "auth_serv/user.pem",
-                            'private_key': "auth_serv/user.key"})
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "TLS")
-
-@remote_compatible
-def test_ap_hs20_eap_cert_unknown(dev, apdev):
-    """Hotspot 2.0 connection with certificate, but unknown EAP method"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,99[5:6]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "certificate-user",
-                            'ca_cert': "auth_serv/ca.pem",
-                            'client_cert': "auth_serv/user.pem",
-                            'private_key': "auth_serv/user.key"})
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-@remote_compatible
-def test_ap_hs20_eap_cert_unsupported(dev, apdev):
-    """Hotspot 2.0 connection with certificate, but unsupported TTLS"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,21[5:6]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "certificate-user",
-                            'ca_cert': "auth_serv/ca.pem",
-                            'client_cert': "auth_serv/user.pem",
-                            'private_key': "auth_serv/user.key"})
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-@remote_compatible
-def test_ap_hs20_eap_invalid_cred(dev, apdev):
-    """Hotspot 2.0 connection with invalid cred configuration"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "certificate-user",
-                            'client_cert': "auth_serv/user.pem"})
-    interworking_select(dev[0], None, no_match=True, freq="2412")
-
-def test_ap_hs20_nai_realms(dev, apdev):
-    """Hotspot 2.0 connection and multiple NAI realms and TTLS/PAP"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "pap user",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    check_sp_type(dev[0], "home")
-
-def test_ap_hs20_roaming_consortium(dev, apdev):
-    """Hotspot 2.0 connection based on roaming consortium match"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].hs20_enable()
-    for consortium in ["112233", "1020304050", "010203040506", "fedcba"]:
-        id = dev[0].add_cred_values({'username': "user",
-                                     'password': "password",
-                                     'domain': "example.com",
-                                     'ca_cert': "auth_serv/ca.pem",
-                                     'roaming_consortium': consortium,
-                                     'eap': "PEAP"})
-        interworking_select(dev[0], bssid, "home", freq="2412")
-        interworking_connect(dev[0], bssid, "PEAP")
-        check_sp_type(dev[0], "home")
-        dev[0].request("INTERWORKING_SELECT auto freq=2412")
-        ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on already-connected event")
-        dev[0].remove_cred(id)
-
-def test_ap_hs20_roaming_consortiums_match(dev, apdev):
-    """Hotspot 2.0 connection based on roaming_consortiums match"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].hs20_enable()
-    tests = [("112233", "112233"),
-             ("ffffff,1020304050,eeeeee", "1020304050")]
-    for consortium, selected in tests:
-        id = dev[0].add_cred_values({'username': "user",
-                                     'password': "password",
-                                     'domain': "my.home.example.com",
-                                     'ca_cert': "auth_serv/ca.pem",
-                                     'roaming_consortiums': consortium,
-                                     'eap': "PEAP"})
-        interworking_select(dev[0], bssid, "roaming", freq="2412")
-        interworking_connect(dev[0], bssid, "PEAP")
-        check_sp_type(dev[0], "roaming")
-        network_id = dev[0].get_status_field("id")
-        sel = dev[0].get_network(network_id, "roaming_consortium_selection")
-        if sel != selected:
-            raise Exception("Unexpected roaming_consortium_selection value: " +
-                            sel)
-        dev[0].request("INTERWORKING_SELECT auto freq=2412")
-        ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on already-connected event")
-        dev[0].remove_cred(id)
-
-def test_ap_hs20_max_roaming_consortiums(dev, apdev):
-    """Maximum number of cred roaming_consortiums"""
-    id = dev[0].add_cred()
-    consortium = (36*",ffffff")[1:]
-    if "OK" not in dev[0].request('SET_CRED %d roaming_consortiums "%s"' % (id, consortium)):
-        raise Exception("Maximum number of consortium OIs rejected")
-    consortium = (37*",ffffff")[1:]
-    if "FAIL" not in dev[0].request('SET_CRED %d roaming_consortiums "%s"' % (id, consortium)):
-        raise Exception("Over maximum number of consortium OIs accepted")
-    dev[0].remove_cred(id)
-
-def test_ap_hs20_roaming_consortium_invalid(dev, apdev):
-    """Hotspot 2.0 connection and invalid roaming consortium ANQP-element"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    # Override Roaming Consortium ANQP-element with an incorrectly encoded
-    # value.
-    params['anqp_elem'] = "261:04fedcba"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'username': "user",
-                                 'password': "password",
-                                 'domain': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'roaming_consortium': "fedcba",
-                                 'eap': "PEAP"})
-    interworking_select(dev[0], bssid, "home", freq="2412", no_match=True)
-
-def test_ap_hs20_roaming_consortium_element(dev, apdev):
-    """Hotspot 2.0 connection and invalid roaming consortium element"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['roaming_consortium']
-    params['vendor_elements'] = '6f00'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    id = dev[0].add_cred_values({'username': "user",
-                                 'password': "password",
-                                 'domain': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'roaming_consortium': "112233",
-                                 'eap': "PEAP"})
-    interworking_select(dev[0], bssid, freq="2412", no_match=True)
-
-    hapd.set('vendor_elements', '6f020001')
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    dev[0].request("BSS_FLUSH 0")
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    interworking_select(dev[0], bssid, freq="2412", no_match=True)
-
-def test_ap_hs20_roaming_consortium_constraints(dev, apdev):
-    """Hotspot 2.0 connection and roaming consortium constraints"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['bss_load_test'] = "12:200:20000"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-
-    vals = {'username': "user",
-            'password': "password",
-            'domain': "example.com",
-            'ca_cert': "auth_serv/ca.pem",
-            'roaming_consortium': "fedcba",
-            'eap': "TTLS"}
-    vals2 = vals.copy()
-    vals2['required_roaming_consortium'] = "223344"
-    id = dev[0].add_cred_values(vals2)
-    interworking_select(dev[0], bssid, "home", freq="2412", no_match=True)
-    dev[0].remove_cred(id)
-
-    vals2 = vals.copy()
-    vals2['min_dl_bandwidth_home'] = "65500"
-    id = dev[0].add_cred_values(vals2)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "below_min_backhaul=1" not in ev:
-        raise Exception("below_min_backhaul not reported")
-    dev[0].remove_cred(id)
-
-    vals2 = vals.copy()
-    vals2['max_bss_load'] = "100"
-    id = dev[0].add_cred_values(vals2)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "over_max_bss_load=1" not in ev:
-        raise Exception("over_max_bss_load not reported")
-    dev[0].remove_cred(id)
-
-    vals2 = vals.copy()
-    vals2['req_conn_capab'] = "6:1234"
-    vals2['domain'] = 'example.org'
-    id = dev[0].add_cred_values(vals2)
-
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "conn_capab_missing=1" not in ev:
-        raise Exception("conn_capab_missing not reported")
-    dev[0].remove_cred(id)
-
-    values = default_cred()
-    values['roaming_consortium'] = "fedcba"
-    id3 = dev[0].add_cred_values(values)
-
-    vals2 = vals.copy()
-    vals2['roaming_consortium'] = "fedcba"
-    vals2['priority'] = "2"
-    id = dev[0].add_cred_values(vals2)
-
-    values = default_cred()
-    values['roaming_consortium'] = "fedcba"
-    id2 = dev[0].add_cred_values(values)
-
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    dev[0].remove_cred(id)
-    dev[0].remove_cred(id2)
-    dev[0].remove_cred(id3)
-
-def test_ap_hs20_3gpp_constraints(dev, apdev):
-    """Hotspot 2.0 connection and 3GPP credential constraints"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
-    params['bss_load_test'] = "12:200:20000"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-
-    vals = {'imsi': "555444-333222111",
-            'eap': "SIM",
-            'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"}
-    vals2 = vals.copy()
-    vals2['required_roaming_consortium'] = "223344"
-    id = dev[0].add_cred_values(vals2)
-    interworking_select(dev[0], bssid, "home", freq="2412", no_match=True)
-    dev[0].remove_cred(id)
-
-    vals2 = vals.copy()
-    vals2['min_dl_bandwidth_home'] = "65500"
-    id = dev[0].add_cred_values(vals2)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "below_min_backhaul=1" not in ev:
-        raise Exception("below_min_backhaul not reported")
-    dev[0].remove_cred(id)
-
-    vals2 = vals.copy()
-    vals2['max_bss_load'] = "100"
-    id = dev[0].add_cred_values(vals2)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "over_max_bss_load=1" not in ev:
-        raise Exception("over_max_bss_load not reported")
-    dev[0].remove_cred(id)
-
-    values = default_cred()
-    values['roaming_consortium'] = "fedcba"
-    id3 = dev[0].add_cred_values(values)
-
-    vals2 = vals.copy()
-    vals2['roaming_consortium'] = "fedcba"
-    vals2['priority'] = "2"
-    id = dev[0].add_cred_values(vals2)
-
-    values = default_cred()
-    values['roaming_consortium'] = "fedcba"
-    id2 = dev[0].add_cred_values(values)
-
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    dev[0].remove_cred(id)
-    dev[0].remove_cred(id2)
-    dev[0].remove_cred(id3)
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    params['bss_load_test'] = "12:200:20000"
-    hapd = hostapd.add_ap(apdev[0], params)
-    vals2 = vals.copy()
-    vals2['req_conn_capab'] = "6:1234"
-    id = dev[0].add_cred_values(vals2)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "conn_capab_missing=1" not in ev:
-        raise Exception("conn_capab_missing not reported")
-    dev[0].remove_cred(id)
-
-def test_ap_hs20_connect_no_full_match(dev, apdev):
-    """Hotspot 2.0 connection and no full match"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].hs20_enable()
-
-    vals = {'username': "user",
-            'password': "password",
-            'domain': "example.com",
-            'ca_cert': "auth_serv/ca.pem",
-            'roaming_consortium': "fedcba",
-            'eap': "TTLS",
-            'min_dl_bandwidth_home': "65500"}
-    id = dev[0].add_cred_values(vals)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "below_min_backhaul=1" not in ev:
-        raise Exception("below_min_backhaul not reported")
-    interworking_connect(dev[0], bssid, "TTLS")
-    dev[0].remove_cred(id)
-    dev[0].wait_disconnected()
-
-    vals = {'imsi': "555444-333222111", 'eap': "SIM",
-            'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-            'min_dl_bandwidth_roaming': "65500"}
-    id = dev[0].add_cred_values(vals)
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-AP"], timeout=15)
-    if ev is None:
-        raise Exception("No AP found")
-    if "below_min_backhaul=1" not in ev:
-        raise Exception("below_min_backhaul not reported")
-    interworking_connect(dev[0], bssid, "SIM")
-    dev[0].remove_cred(id)
-    dev[0].wait_disconnected()
-
-def test_ap_hs20_username_roaming(dev, apdev):
-    """Hotspot 2.0 connection in username/password credential (roaming)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]",
-                           "0,roaming.example.com,21[2:4][5:7]",
-                           "0,another.example.com"]
-    params['domain_name'] = "another.example.com"
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "roaming.example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "roaming", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    check_sp_type(dev[0], "roaming")
-
-def test_ap_hs20_username_unknown(dev, apdev):
-    """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password"})
-    interworking_select(dev[0], bssid, "unknown", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    check_sp_type(dev[0], "unknown")
-
-def test_ap_hs20_username_unknown2(dev, apdev):
-    """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['domain_name']
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "unknown", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    check_sp_type(dev[0], "unknown")
-
-def test_ap_hs20_gas_while_associated(dev, apdev):
-    """Hotspot 2.0 connection with GAS query while associated"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    logger.info("Verifying GAS query while associated")
-    dev[0].request("FETCH_ANQP")
-    for i in range(0, 6):
-        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-        if ev is None:
-            raise Exception("Operation timed out")
-
-def test_ap_hs20_gas_with_another_ap_while_associated(dev, apdev):
-    """GAS query with another AP while associated"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid2
-    params['nai_realm'] = ["0,no-match.example.org,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    dev[0].dump_monitor()
-
-    logger.info("Verifying GAS query with same AP while associated")
-    dev[0].request("ANQP_GET " + bssid + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-    dev[0].dump_monitor()
-
-    logger.info("Verifying GAS query with another AP while associated")
-    dev[0].scan_for_bss(bssid2, 2412)
-    dev[0].request("ANQP_GET " + bssid2 + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-
-def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
-    """Hotspot 2.0 connection with GAS query while associated and using PMF"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid2
-    params['nai_realm'] = ["0,no-match.example.org,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].hs20_enable()
-    dev[0].request("SET pmf 2")
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    logger.info("Verifying GAS query while associated")
-    dev[0].request("FETCH_ANQP")
-    for i in range(0, 2 * 6):
-        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-        if ev is None:
-            raise Exception("Operation timed out")
-
-def test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev):
-    """GAS query with another AP while associated and using PMF"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid2
-    params['nai_realm'] = ["0,no-match.example.org,13[5:6],21[2:4][5:7]"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    dev[0].request("SET pmf 2")
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-
-    logger.info("Verifying GAS query with same AP while associated")
-    dev[0].request("ANQP_GET " + bssid + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-    dev[0].dump_monitor()
-
-    logger.info("Verifying GAS query with another AP while associated")
-    dev[0].scan_for_bss(bssid2, 2412)
-    dev[0].request("ANQP_GET " + bssid2 + " 263")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP operation timed out")
-
-def test_ap_hs20_gas_frag_while_associated(dev, apdev):
-    """Hotspot 2.0 connection with fragmented GAS query while associated"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set("gas_frag_limit", "50")
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    hapd.wait_sta()
-
-    logger.info("Verifying GAS query while associated")
-    dev[0].request("FETCH_ANQP")
-    for i in range(0, 6):
-        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-        if ev is None:
-            raise Exception("Operation timed out")
-
-def test_ap_hs20_multiple_connects(dev, apdev):
-    """Hotspot 2.0 connection through multiple network selections"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'ca_cert': "auth_serv/ca.pem",
-              'username': "hs20-test",
-              'password': "password",
-              'domain': "example.com"}
-    id = dev[0].add_cred_values(values)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    for i in range(0, 3):
-        logger.info("Starting Interworking network selection")
-        dev[0].request("INTERWORKING_SELECT auto freq=2412")
-        while True:
-            ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
-                                    "INTERWORKING-ALREADY-CONNECTED",
-                                    "CTRL-EVENT-CONNECTED"], timeout=15)
-            if ev is None:
-                raise Exception("Connection timed out")
-            if "INTERWORKING-NO-MATCH" in ev:
-                raise Exception("Matching AP not found")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                break
-            if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
-                break
-        if i == 0:
-            dev[0].request("DISCONNECT")
-        dev[0].dump_monitor()
-
-    networks = dev[0].list_networks()
-    if len(networks) > 1:
-        raise Exception("Duplicated network block detected")
-
-def test_ap_hs20_disallow_aps(dev, apdev):
-    """Hotspot 2.0 connection and disallow_aps"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'ca_cert': "auth_serv/ca.pem",
-              'username': "hs20-test",
-              'password': "password",
-              'domain': "example.com"}
-    id = dev[0].add_cred_values(values)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    logger.info("Verify disallow_aps bssid")
-    dev[0].request("SET disallow_aps bssid " + bssid.replace(':', ''))
-    dev[0].request("INTERWORKING_SELECT auto")
-    ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
-    if ev is None:
-        raise Exception("Network selection timed out")
-    dev[0].dump_monitor()
-
-    logger.info("Verify disallow_aps ssid")
-    dev[0].request("SET disallow_aps ssid 746573742d68733230")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
-    if ev is None:
-        raise Exception("Network selection timed out")
-    dev[0].dump_monitor()
-
-    logger.info("Verify disallow_aps clear")
-    dev[0].request("SET disallow_aps ")
-    interworking_select(dev[0], bssid, "home", freq="2412")
-
-    dev[0].request("SET disallow_aps bssid " + bssid.replace(':', ''))
-    ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
-    if "FAIL" not in ret:
-        raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
-
-    if "FAIL" not in dev[0].request("INTERWORKING_CONNECT foo"):
-        raise Exception("Invalid INTERWORKING_CONNECT not rejected")
-    if "FAIL" not in dev[0].request("INTERWORKING_CONNECT 00:11:22:33:44:55"):
-        raise Exception("Invalid INTERWORKING_CONNECT not rejected")
-
-def policy_test(dev, ap, values, only_one=True):
-    dev.dump_monitor()
-    if ap:
-        logger.info("Verify network selection to AP " + ap['ifname'])
-        bssid = ap['bssid']
-        dev.scan_for_bss(bssid, freq="2412")
-    else:
-        logger.info("Verify network selection")
-        bssid = None
-    dev.hs20_enable()
-    id = dev.add_cred_values(values)
-    dev.request("INTERWORKING_SELECT auto freq=2412")
-    events = []
-    while True:
-        ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
-                             "INTERWORKING-BLACKLISTED",
-                             "INTERWORKING-SELECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Network selection timed out")
-        events.append(ev)
-        if "INTERWORKING-NO-MATCH" in ev:
-            raise Exception("Matching AP not found")
-        if bssid and only_one and "INTERWORKING-AP" in ev and bssid not in ev:
-            raise Exception("Unexpected AP claimed acceptable")
-        if "INTERWORKING-SELECTED" in ev:
-            if bssid and bssid not in ev:
-                raise Exception("Selected incorrect BSS")
-            break
-
-    ev = dev.wait_connected(timeout=15)
-    if bssid and bssid not in ev:
-        raise Exception("Connected to incorrect BSS")
-
-    conn_bssid = dev.get_status_field("bssid")
-    if bssid and conn_bssid != bssid:
-        raise Exception("bssid information points to incorrect BSS")
-
-    dev.remove_cred(id)
-    dev.dump_monitor()
-    return events
-
-def default_cred(domain=None, user="hs20-test"):
-    cred = {'realm': "example.com",
-            'ca_cert': "auth_serv/ca.pem",
-            'username': user,
-            'password': "password"}
-    if domain:
-        cred['domain'] = domain
-    return cred
-
-def test_ap_hs20_prefer_home(dev, apdev):
-    """Hotspot 2.0 required roaming consortium"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    params['domain_name'] = "example.org"
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['domain_name'] = "example.com"
-    hostapd.add_ap(apdev[1], params)
-
-    values = default_cred()
-    values['domain'] = "example.com"
-    policy_test(dev[0], apdev[1], values, only_one=False)
-    values['domain'] = "example.org"
-    policy_test(dev[0], apdev[0], values, only_one=False)
-
-def test_ap_hs20_req_roaming_consortium(dev, apdev):
-    """Hotspot 2.0 required roaming consortium"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['roaming_consortium'] = ["223344"]
-    hostapd.add_ap(apdev[1], params)
-
-    values = default_cred()
-    values['required_roaming_consortium'] = "223344"
-    policy_test(dev[0], apdev[1], values)
-    values['required_roaming_consortium'] = "112233"
-    policy_test(dev[0], apdev[0], values)
-
-    id = dev[0].add_cred()
-    dev[0].set_cred(id, "required_roaming_consortium", "112233")
-    dev[0].set_cred(id, "required_roaming_consortium", "112233445566778899aabbccddeeff")
-
-    for val in ["", "1", "11", "1122", "1122334",
-                "112233445566778899aabbccddeeff00"]:
-        if "FAIL" not in dev[0].request('SET_CRED {} required_roaming_consortium {}'.format(id, val)):
-            raise Exception("Invalid roaming consortium value accepted: " + val)
-
-def test_ap_hs20_req_roaming_consortium_no_match(dev, apdev):
-    """Hotspot 2.0 required roaming consortium and no match"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    del params['roaming_consortium']
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['roaming_consortium'] = ["223345"]
-    hostapd.add_ap(apdev[1], params)
-
-    values = default_cred()
-    values['required_roaming_consortium'] = "223344"
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values(values)
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=10)
-    if ev is None:
-        raise Exception("INTERWORKING-NO-MATCH not reported")
-
-def test_ap_hs20_excluded_ssid(dev, apdev):
-    """Hotspot 2.0 exclusion based on SSID"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    params['roaming_consortium'] = ["223344"]
-    params['anqp_3gpp_cell_net'] = "555,444"
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['roaming_consortium'] = ["223344"]
-    params['anqp_3gpp_cell_net'] = "555,444"
-    hostapd.add_ap(apdev[1], params)
-
-    values = default_cred()
-    values['excluded_ssid'] = "test-hs20"
-    events = policy_test(dev[0], apdev[1], values)
-    ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
-    if len(ev) != 1:
-        raise Exception("Excluded network not reported")
-    values['excluded_ssid'] = "test-hs20-other"
-    events = policy_test(dev[0], apdev[0], values)
-    ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[1]['bssid'] in e]
-    if len(ev) != 1:
-        raise Exception("Excluded network not reported")
-
-    values = default_cred()
-    values['roaming_consortium'] = "223344"
-    values['eap'] = "TTLS"
-    values['phase2'] = "auth=MSCHAPV2"
-    values['excluded_ssid'] = "test-hs20"
-    events = policy_test(dev[0], apdev[1], values)
-    ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
-    if len(ev) != 1:
-        raise Exception("Excluded network not reported")
-
-    values = {'imsi': "555444-333222111", 'eap': "SIM",
-              'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-              'excluded_ssid': "test-hs20"}
-    events = policy_test(dev[0], apdev[1], values)
-    ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
-    if len(ev) != 1:
-        raise Exception("Excluded network not reported")
-
-def test_ap_hs20_roam_to_higher_prio(dev, apdev):
-    """Hotspot 2.0 and roaming from current to higher priority network"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-visited")
-    params['domain_name'] = "visited.example.org"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    logger.info("Connect to the only network option")
-    interworking_select(dev[0], bssid, "roaming", freq="2412")
-    dev[0].dump_monitor()
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    logger.info("Start another AP (home operator) and reconnect")
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-home")
-    params['domain_name'] = "example.com"
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].scan_for_bss(bssid2, freq="2412", force_scan=True)
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
-                            "INTERWORKING-ALREADY-CONNECTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection timed out")
-    if "INTERWORKING-NO-MATCH" in ev:
-        raise Exception("Matching AP not found")
-    if "INTERWORKING-ALREADY-CONNECTED" in ev:
-        raise Exception("Unexpected AP selected")
-    if bssid2 not in ev:
-        raise Exception("Unexpected BSSID after reconnection")
-
-def test_ap_hs20_domain_suffix_match_full(dev, apdev):
-    """Hotspot 2.0 and domain_suffix_match"""
-    check_domain_match_full(dev[0])
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'domain_suffix_match': "server.w1.fi"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    dev[0].dump_monitor()
-    interworking_connect(dev[0], bssid, "TTLS")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    dev[0].set_cred_quoted(id, "domain_suffix_match", "no-match.example.com")
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("INTERWORKING_CONNECT " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
-    if ev is None:
-        raise Exception("TLS certificate error not reported")
-    if "Domain suffix mismatch" not in ev:
-        raise Exception("Domain suffix mismatch not reported")
-
-def test_ap_hs20_domain_suffix_match(dev, apdev):
-    """Hotspot 2.0 and domain_suffix_match"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    check_domain_match_full(dev[0])
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'domain_suffix_match': "w1.fi"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    dev[0].dump_monitor()
-    interworking_connect(dev[0], bssid, "TTLS")
-
-def test_ap_hs20_roaming_partner_preference(dev, apdev):
-    """Hotspot 2.0 and roaming partner preference"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    params['domain_name'] = "roaming.example.org"
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['domain_name'] = "roaming.example.net"
-    hostapd.add_ap(apdev[1], params)
-
-    logger.info("Verify default vs. specified preference")
-    values = default_cred()
-    values['roaming_partner'] = "roaming.example.net,1,127,*"
-    policy_test(dev[0], apdev[1], values, only_one=False)
-    values['roaming_partner'] = "roaming.example.net,1,129,*"
-    policy_test(dev[0], apdev[0], values, only_one=False)
-
-    logger.info("Verify partial FQDN match")
-    values['roaming_partner'] = "example.net,0,0,*"
-    policy_test(dev[0], apdev[1], values, only_one=False)
-    values['roaming_partner'] = "example.net,0,255,*"
-    policy_test(dev[0], apdev[0], values, only_one=False)
-
-def test_ap_hs20_max_bss_load(dev, apdev):
-    """Hotspot 2.0 and maximum BSS load"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    params['bss_load_test'] = "12:200:20000"
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['bss_load_test'] = "5:20:10000"
-    hostapd.add_ap(apdev[1], params)
-
-    logger.info("Verify maximum BSS load constraint")
-    values = default_cred()
-    values['domain'] = "example.com"
-    values['max_bss_load'] = "100"
-    events = policy_test(dev[0], apdev[1], values, only_one=False)
-
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
-    if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
-        raise Exception("Maximum BSS Load case not noticed")
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
-    if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
-        raise Exception("Maximum BSS Load case reported incorrectly")
-
-    logger.info("Verify maximum BSS load does not prevent connection")
-    values['max_bss_load'] = "1"
-    events = policy_test(dev[0], None, values)
-
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
-    if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
-        raise Exception("Maximum BSS Load case not noticed")
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
-    if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
-        raise Exception("Maximum BSS Load case not noticed")
-
-def test_ap_hs20_max_bss_load2(dev, apdev):
-    """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    params['bss_load_test'] = "12:200:20000"
-    hostapd.add_ap(apdev[0], params)
-
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    hostapd.add_ap(apdev[1], params)
-
-    logger.info("Verify maximum BSS load constraint with AP advertisement")
-    values = default_cred()
-    values['domain'] = "example.com"
-    values['max_bss_load'] = "100"
-    events = policy_test(dev[0], apdev[1], values, only_one=False)
-
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
-    if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
-        raise Exception("Maximum BSS Load case not noticed")
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
-    if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
-        raise Exception("Maximum BSS Load case reported incorrectly")
-
-def test_ap_hs20_max_bss_load_roaming(dev, apdev):
-    """Hotspot 2.0 and maximum BSS load (roaming)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hs20_ap_params()
-    params['bss_load_test'] = "12:200:20000"
-    hostapd.add_ap(apdev[0], params)
-
-    values = default_cred()
-    values['domain'] = "roaming.example.com"
-    values['max_bss_load'] = "100"
-    events = policy_test(dev[0], apdev[0], values, only_one=True)
-    ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
-    if len(ev) != 1:
-        raise Exception("No INTERWORKING-AP event")
-    if "over_max_bss_load=1" in ev[0]:
-        raise Exception("Maximum BSS Load reported for roaming")
-
-def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
-    """Hotspot 2.0 multi-cred sp_priority"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_multi_cred_sp_prio(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_hs20_multi_cred_sp_prio(dev, apdev):
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['domain_name']
-    params['anqp_3gpp_cell_net'] = "232,01"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET external_sim 1")
-    id1 = dev[0].add_cred_values({'imsi': "23201-0000000000", 'eap': "SIM",
-                                  'provisioning_sp': "example.com",
-                                  'sp_priority' :"1"})
-    id2 = dev[0].add_cred_values({'realm': "example.com",
-                                  'ca_cert': "auth_serv/ca.pem",
-                                  'username': "hs20-test",
-                                  'password': "password",
-                                  'domain': "example.com",
-                                  'provisioning_sp': "example.com",
-                                  'sp_priority': "2"})
-    dev[0].dump_monitor()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    interworking_ext_sim_auth(dev[0], "SIM")
-    check_sp_type(dev[0], "unknown")
-    dev[0].request("REMOVE_NETWORK all")
-
-    dev[0].set_cred(id1, "sp_priority", "2")
-    dev[0].set_cred(id2, "sp_priority", "1")
-    dev[0].dump_monitor()
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    interworking_auth(dev[0], "TTLS")
-    check_sp_type(dev[0], "unknown")
-
-def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
-    """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_multi_cred_sp_prio2(dev, apdev)
-    finally:
-        dev[0].request("SET external_sim 0")
-
-def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['nai_realm']
-    del params['domain_name']
-    params['anqp_3gpp_cell_net'] = "232,01"
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params()
-    params['ssid'] = "test-hs20-other"
-    params['hessid'] = bssid2
-    del params['domain_name']
-    del params['anqp_3gpp_cell_net']
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    dev[0].request("SET external_sim 1")
-    id1 = dev[0].add_cred_values({'imsi': "23201-0000000000", 'eap': "SIM",
-                                  'provisioning_sp': "example.com",
-                                  'sp_priority': "1"})
-    id2 = dev[0].add_cred_values({'realm': "example.com",
-                                  'ca_cert': "auth_serv/ca.pem",
-                                  'username': "hs20-test",
-                                  'password': "password",
-                                  'domain': "example.com",
-                                  'provisioning_sp': "example.com",
-                                  'sp_priority': "2"})
-    dev[0].dump_monitor()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    interworking_ext_sim_auth(dev[0], "SIM")
-    check_sp_type(dev[0], "unknown")
-    conn_bssid = dev[0].get_status_field("bssid")
-    if conn_bssid != bssid:
-        raise Exception("Connected to incorrect BSS")
-    dev[0].request("REMOVE_NETWORK all")
-
-    dev[0].set_cred(id1, "sp_priority", "2")
-    dev[0].set_cred(id2, "sp_priority", "1")
-    dev[0].dump_monitor()
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    interworking_auth(dev[0], "TTLS")
-    check_sp_type(dev[0], "unknown")
-    conn_bssid = dev[0].get_status_field("bssid")
-    if conn_bssid != bssid2:
-        raise Exception("Connected to incorrect BSS")
-
-def test_ap_hs20_multi_cred_sp_prio_same(dev, apdev):
-    """Hotspot 2.0 multi-cred and same sp_priority"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    hlr_auc_gw_available()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['domain_name']
-    params['anqp_3gpp_cell_net'] = "232,01"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    id1 = dev[0].add_cred_values({'realm': "example.com",
-                                  'ca_cert': "auth_serv/ca.pem",
-                                  'username': "hs20-test",
-                                  'password': "password",
-                                  'domain': "domain1.example.com",
-                                  'provisioning_sp': "example.com",
-                                  'sp_priority': "1"})
-    id2 = dev[0].add_cred_values({'realm': "example.com",
-                                  'ca_cert': "auth_serv/ca.pem",
-                                  'username': "hs20-test",
-                                  'password': "password",
-                                  'domain': "domain2.example.com",
-                                  'provisioning_sp': "example.com",
-                                  'sp_priority': "1"})
-    dev[0].dump_monitor()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    check_auto_select(dev[0], bssid)
-
-def check_conn_capab_selection(dev, type, missing):
-    dev.request("INTERWORKING_SELECT freq=2412")
-    ev = dev.wait_event(["INTERWORKING-AP"])
-    if ev is None:
-        raise Exception("Network selection timed out")
-    if "type=" + type not in ev:
-        raise Exception("Unexpected network type")
-    if missing and "conn_capab_missing=1" not in ev:
-        raise Exception("conn_capab_missing not reported")
-    if not missing and "conn_capab_missing=1" in ev:
-        raise Exception("conn_capab_missing reported unexpectedly")
-
-def conn_capab_cred(domain=None, req_conn_capab=None):
-    cred = default_cred(domain=domain)
-    if req_conn_capab:
-        cred['req_conn_capab'] = req_conn_capab
-    return cred
-
-def test_ap_hs20_req_conn_capab(dev, apdev):
-    """Hotspot 2.0 network selection with req_conn_capab"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    logger.info("Not used in home network")
-    values = conn_capab_cred(domain="example.com", req_conn_capab="6:1234")
-    id = dev[0].add_cred_values(values)
-    check_conn_capab_selection(dev[0], "home", False)
-
-    logger.info("Used in roaming network")
-    dev[0].remove_cred(id)
-    values = conn_capab_cred(domain="example.org", req_conn_capab="6:1234")
-    id = dev[0].add_cred_values(values)
-    check_conn_capab_selection(dev[0], "roaming", True)
-
-    logger.info("Verify that req_conn_capab does not prevent connection if no other network is available")
-    check_auto_select(dev[0], bssid)
-
-    logger.info("Additional req_conn_capab checks")
-
-    dev[0].remove_cred(id)
-    values = conn_capab_cred(domain="example.org", req_conn_capab="1:0")
-    id = dev[0].add_cred_values(values)
-    check_conn_capab_selection(dev[0], "roaming", True)
-
-    dev[0].remove_cred(id)
-    values = conn_capab_cred(domain="example.org", req_conn_capab="17:5060")
-    id = dev[0].add_cred_values(values)
-    check_conn_capab_selection(dev[0], "roaming", True)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20b")
-    params['hs20_conn_capab'] = ["1:0:2", "6:22:1", "17:5060:0", "50:0:1"]
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].remove_cred(id)
-    values = conn_capab_cred(domain="example.org", req_conn_capab="50")
-    id = dev[0].add_cred_values(values)
-    dev[0].set_cred(id, "req_conn_capab", "6:22")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-    for i in range(0, 2):
-        ev = dev[0].wait_event(["INTERWORKING-AP"])
-        if ev is None:
-            raise Exception("Network selection timed out")
-        if bssid in ev and "conn_capab_missing=1" not in ev:
-            raise Exception("Missing protocol connection capability not reported")
-        if bssid2 in ev and "conn_capab_missing=1" in ev:
-            raise Exception("Protocol connection capability not reported correctly")
-
-def test_ap_hs20_req_conn_capab2(dev, apdev):
-    """Hotspot 2.0 network selection with req_conn_capab (not present)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    del params['hs20_conn_capab']
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    values = conn_capab_cred(domain="example.org", req_conn_capab="6:1234")
-    id = dev[0].add_cred_values(values)
-    check_conn_capab_selection(dev[0], "roaming", False)
-
-def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
-    """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['domain_name'] = "roaming.example.org"
-    params['hs20_conn_capab'] = ["1:0:2", "6:22:1", "17:5060:0", "50:0:1"]
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-b")
-    params['domain_name'] = "roaming.example.net"
-    hostapd.add_ap(apdev[1], params)
-
-    values = default_cred()
-    values['roaming_partner'] = "roaming.example.net,1,127,*"
-    id = dev[0].add_cred_values(values)
-    check_auto_select(dev[0], bssid2)
-
-    dev[0].set_cred(id, "req_conn_capab", "50")
-    check_auto_select(dev[0], bssid)
-
-    dev[0].remove_cred(id)
-    id = dev[0].add_cred_values(values)
-    dev[0].set_cred(id, "req_conn_capab", "51")
-    check_auto_select(dev[0], bssid2)
-
-def check_bandwidth_selection(dev, type, below):
-    dev.request("INTERWORKING_SELECT freq=2412")
-    ev = dev.wait_event(["INTERWORKING-AP"])
-    if ev is None:
-        raise Exception("Network selection timed out")
-    logger.debug("BSS entries:\n" + dev.request("BSS RANGE=ALL"))
-    if "type=" + type not in ev:
-        raise Exception("Unexpected network type")
-    if below and "below_min_backhaul=1" not in ev:
-        raise Exception("below_min_backhaul not reported")
-    if not below and "below_min_backhaul=1" in ev:
-        raise Exception("below_min_backhaul reported unexpectedly")
-
-def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming=None):
-    cred = default_cred(domain=domain)
-    if dl_home:
-        cred['min_dl_bandwidth_home'] = str(dl_home)
-    if ul_home:
-        cred['min_ul_bandwidth_home'] = str(ul_home)
-    if dl_roaming:
-        cred['min_dl_bandwidth_roaming'] = str(dl_roaming)
-    if ul_roaming:
-        cred['min_ul_bandwidth_roaming'] = str(ul_roaming)
-    return cred
-
-def test_ap_hs20_min_bandwidth_home(dev, apdev):
-    """Hotspot 2.0 network selection with min bandwidth (home)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", False)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", True)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", True)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", True)
-    check_auto_select(dev[0], bssid)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-b")
-    params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
-    hostapd.add_ap(apdev[1], params)
-
-    check_auto_select(dev[0], bssid2)
-
-def test_ap_hs20_min_bandwidth_home2(dev, apdev):
-    """Hotspot 2.0 network selection with min bandwidth - special cases"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", False)
-
-    logger.info("WAN link at capacity")
-    hapd.set('hs20_wan_metrics', "09:8000:1000:80:240:3000")
-    check_bandwidth_selection(dev[0], "home", True)
-
-    logger.info("Downlink/Uplink Load was not measured")
-    hapd.set('hs20_wan_metrics', "01:8000:1000:80:240:0")
-    check_bandwidth_selection(dev[0], "home", False)
-
-    logger.info("Uplink and Downlink max values")
-    hapd.set('hs20_wan_metrics', "01:4294967295:4294967295:80:240:3000")
-    check_bandwidth_selection(dev[0], "home", False)
-
-    dev[0].remove_cred(id)
-
-def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):
-    """Hotspot 2.0 network selection with min bandwidth (home) while hidden SSID is included in scan results"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": 'secret',
-                                     "ignore_broadcast_ssid": "1"})
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.disable()
-    hapd_global = hostapd.HostapdGlobal(apdev[0])
-    hapd_global.flush()
-    hapd_global.remove(apdev[0]['ifname'])
-
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", False)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", True)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", True)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", True)
-    check_auto_select(dev[0], bssid)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-b")
-    params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
-    hostapd.add_ap(apdev[1], params)
-
-    check_auto_select(dev[0], bssid2)
-
-    dev[0].flush_scan_cache()
-
-def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
-    """Hotspot 2.0 network selection with min bandwidth (roaming)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "roaming", False)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=58)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "roaming", True)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=59)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "roaming", True)
-    dev[0].remove_cred(id)
-
-    values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=59)
-    id = dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "roaming", True)
-    check_auto_select(dev[0], bssid)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-b")
-    params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
-    hostapd.add_ap(apdev[1], params)
-
-    check_auto_select(dev[0], bssid2)
-
-def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
-    """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['domain_name'] = "roaming.example.org"
-    params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-b")
-    params['domain_name'] = "roaming.example.net"
-    hostapd.add_ap(apdev[1], params)
-
-    values = default_cred()
-    values['roaming_partner'] = "roaming.example.net,1,127,*"
-    id = dev[0].add_cred_values(values)
-    check_auto_select(dev[0], bssid2)
-
-    dev[0].set_cred(id, "min_dl_bandwidth_roaming", "6000")
-    check_auto_select(dev[0], bssid)
-
-    dev[0].set_cred(id, "min_dl_bandwidth_roaming", "10000")
-    check_auto_select(dev[0], bssid2)
-
-def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):
-    """Hotspot 2.0 network selection with min bandwidth but no WAN Metrics"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    del params['hs20_wan_metrics']
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    values = bw_cred(domain="example.com", dl_home=10000, ul_home=10000,
-                     dl_roaming=10000, ul_roaming=10000)
-    dev[0].add_cred_values(values)
-    check_bandwidth_selection(dev[0], "home", False)
-
-def test_ap_hs20_deauth_req_ess(dev, apdev):
-    """Hotspot 2.0 connection and deauthentication request for ESS"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_deauth_req_ess(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_deauth_req_ess(dev, apdev):
-    dev[0].request("SET pmf 2")
-    hapd = eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
-    dev[0].dump_monitor()
-    addr = dev[0].p2p_interface_addr()
-    hapd.wait_sta()
-    hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/")
-    ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
-    if ev is None:
-        raise Exception("Timeout on deauth imminent notice")
-    if "1 120 http://example.com/" not in ev:
-        raise Exception("Unexpected deauth imminent notice: " + ev)
-    hapd.request("DEAUTHENTICATE " + addr)
-    dev[0].wait_disconnected(timeout=10)
-    if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
-        raise Exception("Network not marked temporarily disabled")
-    ev = dev[0].wait_event(["SME: Trying to authenticate",
-                            "Trying to associate",
-                            "CTRL-EVENT-CONNECTED"], timeout=5)
-    if ev is not None:
-        raise Exception("Unexpected connection attempt")
-
-def test_ap_hs20_deauth_req_bss(dev, apdev):
-    """Hotspot 2.0 connection and deauthentication request for BSS"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_deauth_req_bss(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_deauth_req_bss(dev, apdev):
-    dev[0].request("SET pmf 2")
-    hapd = eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
-    dev[0].dump_monitor()
-    addr = dev[0].p2p_interface_addr()
-    hapd.wait_sta()
-    hapd.request("HS20_DEAUTH_REQ " + addr + " 0 120 http://example.com/")
-    ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
-    if ev is None:
-        raise Exception("Timeout on deauth imminent notice")
-    if "0 120 http://example.com/" not in ev:
-        raise Exception("Unexpected deauth imminent notice: " + ev)
-    hapd.request("DEAUTHENTICATE " + addr + " reason=4")
-    ev = dev[0].wait_disconnected(timeout=10)
-    if "reason=4" not in ev:
-        raise Exception("Unexpected disconnection reason")
-    if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
-        raise Exception("Network not marked temporarily disabled")
-    ev = dev[0].wait_event(["SME: Trying to authenticate",
-                            "Trying to associate",
-                            "CTRL-EVENT-CONNECTED"], timeout=5)
-    if ev is not None:
-        raise Exception("Unexpected connection attempt")
-
-def test_ap_hs20_deauth_req_from_radius(dev, apdev):
-    """Hotspot 2.0 connection and deauthentication request from RADIUS"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_deauth_req_from_radius(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_deauth_req_from_radius(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,21[2:4]"]
-    params['hs20_deauth_req_timeout'] = "2"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET pmf 2")
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "hs20-deauth-test",
-                            'password': "password"})
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on deauth imminent notice")
-    if " 1 100" not in ev:
-        raise Exception("Unexpected deauth imminent contents")
-    dev[0].wait_disconnected(timeout=3)
-
-def test_ap_hs20_deauth_req_without_pmf(dev, apdev):
-    """Hotspot 2.0 connection and deauthentication request without PMF"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].request("SET pmf 0")
-    hapd = eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user", release=1)
-    dev[0].dump_monitor()
-    id = int(dev[0].get_status_field("id"))
-    dev[0].set_network(id, "ieee80211w", "0")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    addr = dev[0].own_addr()
-    hapd.wait_sta()
-    hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/")
-    ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Deauth imminent notice without PMF accepted")
-    with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_ctrl_iface_hs20_deauth_req"):
-        if "FAIL" not in hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/"):
-            raise Exception("HS20_DEAUTH_REQ accepted during OOM")
-
-def test_ap_hs20_deauth_req_pmf_htc(dev, apdev):
-    """Hotspot 2.0 connection and deauthentication request PMF misbehavior (+HTC)"""
-    try:
-        run_ap_hs20_deauth_req_pmf_htc(dev, apdev)
-    finally:
-        stop_monitor(apdev[1]["ifname"])
-
-def run_ap_hs20_deauth_req_pmf_htc(dev, apdev):
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].request("SET pmf 0")
-    hapd = eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user", release=1)
-    dev[0].dump_monitor()
-    addr = dev[0].own_addr()
-    hapd.wait_sta()
-
-    sock = start_monitor(apdev[1]["ifname"])
-    radiotap = radiotap_build()
-    bssid = hapd.own_addr().replace(':', '')
-    addr = dev[0].own_addr().replace(':', '')
-    payload = "0a1a0101dd1b506f9a0101780013687474703a2f2f6578616d706c652e636f6d2f"
-    # Claim there is a HT Control field, but then start the frame body from
-    # there and do not encrypt the Robust Action frame.
-    frame = binascii.unhexlify("d0803a01" + addr + 2 * bssid + "0000" + payload)
-    # Claim there is a HT Control field and start the frame body in the correct
-    # location, but do not encrypt the Robust Action frame. Make the first octet
-    # of HT Control field use a non-robust Action Category value.
-    frame2 = binascii.unhexlify("d0803a01" + addr + 2 * bssid + "0000" + "04000000" + payload)
-
-    sock.send(radiotap + frame)
-    sock.send(radiotap + frame2)
-
-    ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=1)
-    if ev is not None:
-        raise Exception("Deauth imminent notice without PMF accepted")
-
-def test_ap_hs20_remediation_required(dev, apdev):
-    """Hotspot 2.0 connection and remediation required from RADIUS"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_remediation_required(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_remediation_required(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,21[2:4]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET pmf 1")
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "hs20-subrem-test",
-                            'password': "password"})
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on subscription remediation notice")
-    if " 1 https://example.com/" not in ev:
-        raise Exception("Unexpected subscription remediation event contents")
-
-def test_ap_hs20_remediation_required_ctrl(dev, apdev):
-    """Hotspot 2.0 connection and subrem from ctrl_iface"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_remediation_required_ctrl(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_remediation_required_ctrl(dev, apdev):
-    bssid = apdev[0]['bssid']
-    addr = dev[0].own_addr()
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,21[2:4]"]
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET pmf 1")
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred())
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    hapd.request("HS20_WNM_NOTIF " + addr + " https://example.com/")
-    ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on subscription remediation notice")
-    if " 1 https://example.com/" not in ev:
-        raise Exception("Unexpected subscription remediation event contents")
-
-    hapd.request("HS20_WNM_NOTIF " + addr)
-    ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on subscription remediation notice")
-    if not ev.endswith("HS20-SUBSCRIPTION-REMEDIATION "):
-        raise Exception("Unexpected subscription remediation event contents: " + ev)
-
-    if "FAIL" not in hapd.request("HS20_WNM_NOTIF "):
-        raise Exception("Unexpected HS20_WNM_NOTIF success")
-    if "FAIL" not in hapd.request("HS20_WNM_NOTIF foo"):
-        raise Exception("Unexpected HS20_WNM_NOTIF success")
-    if "FAIL" not in hapd.request("HS20_WNM_NOTIF " + addr + " https://12345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678927.very.long.example.com/"):
-        raise Exception("Unexpected HS20_WNM_NOTIF success")
-    if "OK" not in hapd.request("HS20_WNM_NOTIF " + addr + " "):
-        raise Exception("HS20_WNM_NOTIF failed with empty URL")
-
-def test_ap_hs20_session_info(dev, apdev):
-    """Hotspot 2.0 connection and session information from RADIUS"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_session_info(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_ap_hs20_session_info(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,21[2:4]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET pmf 1")
-    dev[0].hs20_enable()
-    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "hs20-session-info-test",
-                            'password': "password"})
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on ESS disassociation imminent notice")
-    if " 1 59904 https://example.com/" not in ev:
-        raise Exception("Unexpected ESS disassociation imminent event contents")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    if ev is None:
-        raise Exception("Scan not started")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=30)
-    if ev is None:
-        raise Exception("Scan not completed")
-
-def test_ap_hs20_osen(dev, apdev):
-    """Hotspot 2.0 OSEN connection"""
-    params = {'ssid': "osen",
-              'osen': "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "1812",
-              'auth_server_shared_secret': "radius"}
-    hostapd.add_ap(apdev[0], params)
-
-    dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    if "WEP40" in dev[2].get_capability("group"):
-        dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
-                       scan_freq="2412", wait_connect=False)
-    dev[0].flush_scan_cache()
-    dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
-                   group="GTK_NOT_USED CCMP",
-                   eap="WFA-UNAUTH-TLS", identity="osen@example.com",
-                   ca_cert="auth_serv/ca.pem",
-                   scan_freq="2412")
-    res = dev[0].get_bss(apdev[0]['bssid'])['flags']
-    if "[OSEN-OSEN-CCMP]" not in res:
-        raise Exception("OSEN not reported in BSS")
-    if "[WEP]" in res:
-        raise Exception("WEP reported in BSS")
-    res = dev[0].request("SCAN_RESULTS")
-    if "[OSEN-OSEN-CCMP]" not in res:
-        raise Exception("OSEN not reported in SCAN_RESULTS")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
-                 group="GTK_NOT_USED CCMP",
-                 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
-                 ca_cert="auth_serv/ca.pem",
-                 scan_freq="2412")
-    wpas.request("DISCONNECT")
-
-def test_ap_hs20_osen_single_ssid(dev, apdev):
-    """Hotspot 2.0 OSEN-single-SSID connection"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['wpa_key_mgmt'] = "WPA-EAP OSEN"
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # RSN-OSEN (for OSU)
-    dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
-                   group="CCMP GTK_NOT_USED",
-                   eap="WFA-UNAUTH-TLS", identity="osen@example.com",
-                   ca_cert="auth_serv/ca.pem", ieee80211w='2',
-                   scan_freq="2412")
-    # RSN-EAP (for data connection)
-    dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   pairwise="CCMP", group="CCMP",
-                   ieee80211w='2', scan_freq="2412")
-
-    res = dev[0].get_bss(apdev[0]['bssid'])['flags']
-    if "[WPA2-EAP+OSEN-CCMP]" not in res:
-        raise Exception("OSEN not reported in BSS")
-    if "[WEP]" in res:
-        raise Exception("WEP reported in BSS")
-    res = dev[0].request("SCAN_RESULTS")
-    if "[WPA2-EAP+OSEN-CCMP]" not in res:
-        raise Exception("OSEN not reported in SCAN_RESULTS")
-
-    hwsim_utils.test_connectivity(dev[1], hapd)
-    hwsim_utils.test_connectivity(dev[0], hapd, broadcast=False)
-    hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
-                                  success_expected=False)
-
-def test_ap_hs20_network_preference(dev, apdev):
-    """Hotspot 2.0 network selection with preferred home network"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'username': "hs20-test",
-              'password': "password",
-              'domain': "example.com"}
-    dev[0].add_cred_values(values)
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "home")
-    dev[0].set_network_quoted(id, "psk", "12345678")
-    dev[0].set_network(id, "priority", "1")
-    dev[0].request("ENABLE_NETWORK %s no-connect" % id)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_connected(timeout=15)
-    if bssid not in ev:
-        raise Exception("Unexpected network selected")
-
-    bssid2 = apdev[1]['bssid']
-    params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection timed out")
-    if "INTERWORKING-ALREADY-CONNECTED" in ev:
-        raise Exception("No roam to higher priority network")
-    if bssid2 not in ev:
-        raise Exception("Unexpected network selected")
-
-def test_ap_hs20_network_preference2(dev, apdev):
-    """Hotspot 2.0 network selection with preferred credential"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-    bssid2 = apdev[1]['bssid']
-    params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'username': "hs20-test",
-              'password': "password",
-              'domain': "example.com",
-              'priority': "1"}
-    dev[0].add_cred_values(values)
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "home")
-    dev[0].set_network_quoted(id, "psk", "12345678")
-    dev[0].request("ENABLE_NETWORK %s no-connect" % id)
-
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_connected(timeout=15)
-    if bssid2 not in ev:
-        raise Exception("Unexpected network selected")
-
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection timed out")
-    if "INTERWORKING-ALREADY-CONNECTED" in ev:
-        raise Exception("No roam to higher priority network")
-    if bssid not in ev:
-        raise Exception("Unexpected network selected")
-
-def test_ap_hs20_network_preference3(dev, apdev):
-    """Hotspot 2.0 network selection with two credential (one preferred)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20b")
-    params['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]"
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'username': "hs20-test",
-              'password': "password",
-              'priority': "1"}
-    dev[0].add_cred_values(values)
-    values = {'realm': "example.org",
-              'username': "hs20-test",
-              'password': "password"}
-    id = dev[0].add_cred_values(values)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_connected(timeout=15)
-    if bssid not in ev:
-        raise Exception("Unexpected network selected")
-
-    dev[0].set_cred(id, "priority", "2")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection timed out")
-    if "INTERWORKING-ALREADY-CONNECTED" in ev:
-        raise Exception("No roam to higher priority network")
-    if bssid2 not in ev:
-        raise Exception("Unexpected network selected")
-
-def test_ap_hs20_network_preference4(dev, apdev):
-    """Hotspot 2.0 network selection with username vs. SIM credential"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20b")
-    params['hessid'] = bssid2
-    params['anqp_3gpp_cell_net'] = "555,444"
-    params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'username': "hs20-test",
-              'password': "password",
-              'priority': "1"}
-    dev[0].add_cred_values(values)
-    values = {'imsi': "555444-333222111",
-              'eap': "SIM",
-              'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"}
-    id = dev[0].add_cred_values(values)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_connected(timeout=15)
-    if bssid not in ev:
-        raise Exception("Unexpected network selected")
-
-    dev[0].set_cred(id, "priority", "2")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "INTERWORKING-ALREADY-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection timed out")
-    if "INTERWORKING-ALREADY-CONNECTED" in ev:
-        raise Exception("No roam to higher priority network")
-    if bssid2 not in ev:
-        raise Exception("Unexpected network selected")
-
-def test_ap_hs20_interworking_select_blocking_scan(dev, apdev):
-    """Ongoing INTERWORKING_SELECT blocking SCAN"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'username': "hs20-test",
-              'password': "password",
-              'domain': "example.com"}
-    dev[0].add_cred_values(values)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    if "FAIL-BUSY" not in dev[0].request("SCAN"):
-        raise Exception("Unexpected SCAN command result")
-    dev[0].wait_connected(timeout=15)
-
-def test_ap_hs20_fetch_osu(dev, apdev):
-    """Hotspot 2.0 OSU provider and icon fetch"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services", "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20b")
-    params['hessid'] = bssid2
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
-    params['osu_ssid'] = '"HS 2.0 OSU OSEN"'
-    params['osu_method_list'] = "0"
-    params['osu_nai'] = "osen@example.com"
-    params['osu_friendly_name'] = ["eng:Test2 OSU", "fin:Testi2-OSU"]
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services2", "fin:Esimerkkipalveluja2"]
-    params['osu_server_uri'] = "https://example.org/osu/"
-    hostapd.add_ap(apdev[1], params)
-
-    with open("w1fi_logo.png", "rb") as f:
-        orig_logo = f.read()
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    try:
-        dev[1].scan_for_bss(bssid, freq="2412")
-        dev[2].scan_for_bss(bssid, freq="2412")
-        dev[0].request("SET osu_dir " + dir)
-        dev[0].request("FETCH_OSU")
-        if "FAIL" not in dev[1].request("HS20_ICON_REQUEST foo w1fi_logo"):
-            raise Exception("Invalid HS20_ICON_REQUEST accepted")
-        if "OK" not in dev[1].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo"):
-            raise Exception("HS20_ICON_REQUEST failed")
-        if "OK" not in dev[2].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON failed")
-        icons = 0
-        while True:
-            ev = dev[0].wait_event(["OSU provider fetch completed",
-                                    "RX-HS20-ANQP-ICON"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on OSU fetch")
-            if "OSU provider fetch completed" in ev:
-                break
-            if "RX-HS20-ANQP-ICON" in ev:
-                with open(ev.split(' ')[1], "rb") as f:
-                    logo = f.read()
-                    if logo == orig_logo:
-                        icons += 1
-
-        with open(dir + "/osu-providers.txt", "r") as f:
-            prov = f.read()
-            logger.debug("osu-providers.txt: " + prov)
-        if "OSU-PROVIDER " + bssid not in prov:
-            raise Exception("Missing OSU_PROVIDER(1)")
-        if "OSU-PROVIDER " + bssid2 not in prov:
-            raise Exception("Missing OSU_PROVIDER(2)")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-    if icons != 2:
-        raise Exception("Unexpected number of icons fetched")
-
-    ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on GAS-QUERY-DONE")
-    ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on GAS-QUERY-DONE")
-    if "freq=2412 status_code=0 result=SUCCESS" not in ev:
-        raise Exception("Unexpected GAS-QUERY-DONE: " + ev)
-    ev = dev[1].wait_event(["RX-HS20-ANQP"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on icon fetch")
-    if "Icon Binary File" not in ev:
-        raise Exception("Unexpected ANQP element")
-
-    ev = dev[2].wait_event(["RX-HS20-ICON"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on RX-HS20-ICON")
-    event_icon_len = ev.split(' ')[3]
-    if " w1fi_logo " not in ev:
-        raise Exception("RX-HS20-ICON did not have the expected file name")
-    if bssid not in ev:
-        raise Exception("RX-HS20-ICON did not have the expected BSSID")
-    if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 0 10"):
-        raise Exception("GET_HS20_ICON 0..10 failed")
-    if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 5 10"):
-        raise Exception("GET_HS20_ICON 5..15 failed")
-    if "FAIL" not in  dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 100000 10"):
-        raise Exception("Unexpected success of GET_HS20_ICON with too large offset")
-    if "FAIL" not in dev[2].request("GET_HS20_ICON " + bssid + " no_such_logo 0 10"):
-        raise Exception("GET_HS20_ICON for not existing icon succeeded")
-    if "FAIL" not in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 0 3070"):
-        raise Exception("GET_HS20_ICON with too many output bytes to fit the buffer succeeded")
-    if "FAIL" not in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 0 0"):
-        raise Exception("GET_HS20_ICON 0..0 succeeded")
-    icon = b''
-    pos = 0
-    while True:
-        if pos > 100000:
-            raise Exception("Unexpectedly long icon")
-        res = dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo %d 1000" % pos)
-        if res.startswith("FAIL"):
-            break
-        icon += base64.b64decode(res)
-        pos += 1000
-    hex = binascii.hexlify(icon).decode()
-    if not hex.startswith("0009696d6167652f706e677d1d"):
-        raise Exception("Unexpected beacon binary header: " + hex)
-    with open('w1fi_logo.png', 'rb') as f:
-        data = f.read()
-        if icon[13:] != data:
-            raise Exception("Unexpected icon data")
-    if len(icon) != int(event_icon_len):
-        raise Exception("Unexpected RX-HS20-ICON event length: " + event_icon_len)
-
-    for i in range(3):
-        if "OK" not in dev[i].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON failed [2]")
-    for i in range(3):
-        ev = dev[i].wait_event(["RX-HS20-ICON"], timeout=5)
-        if ev is None:
-            raise Exception("Timeout on RX-HS20-ICON [2]")
-
-    if "FAIL" not in dev[2].request("DEL_HS20_ICON foo w1fi_logo"):
-        raise Exception("Invalid DEL_HS20_ICON accepted")
-    if "OK" not in dev[2].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("DEL_HS20_ICON failed")
-    if "OK" not in dev[1].request("DEL_HS20_ICON " + bssid):
-        raise Exception("DEL_HS20_ICON failed")
-    if "OK" not in dev[0].request("DEL_HS20_ICON "):
-        raise Exception("DEL_HS20_ICON failed")
-    for i in range(3):
-        if "FAIL" not in dev[i].request("DEL_HS20_ICON "):
-            raise Exception("DEL_HS20_ICON accepted when no icons left")
-
-def test_ap_hs20_fetch_osu_no_info(dev, apdev):
-    """Hotspot 2.0 OSU provider and no AP with info"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    dev[0].scan_for_bss(bssid, freq="2412")
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        dev[0].request("FETCH_OSU")
-        ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
-        if ev is None:
-            raise Exception("Timeout on OSU fetch")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def test_ap_hs20_fetch_osu_no_icon(dev, apdev):
-    """Hotspot 2.0 OSU provider and no icon found"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo-no-file.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    dev[0].scan_for_bss(bssid, freq="2412")
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        dev[0].request("FETCH_OSU")
-        ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
-        if ev is None:
-            raise Exception("Timeout on OSU fetch")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def test_ap_hs20_fetch_osu_single_ssid(dev, apdev):
-    """Hotspot 2.0 OSU provider and single SSID"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo-no-file.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_nai2'] = "osen@example.com"
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    params['wpa_key_mgmt'] = "WPA-EAP OSEN"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    dev[0].scan_for_bss(bssid, freq="2412")
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        dev[0].request("FETCH_OSU")
-        ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
-        if ev is None:
-            raise Exception("Timeout on OSU fetch")
-        osu_ssid = False
-        osu_ssid2 = False
-        osu_nai = False
-        osu_nai2 = False
-        with open(os.path.join(dir, "osu-providers.txt"), "r") as f:
-            for l in f.readlines():
-                logger.info(l.strip())
-                if l.strip() == "osu_ssid=HS 2.0 OSU open":
-                    osu_ssid = True
-                if l.strip() == "osu_ssid2=test-hs20":
-                    osu_ssid2 = True
-                if l.strip().startswith("osu_nai="):
-                    osu_nai = True
-                if l.strip() == "osu_nai2=osen@example.com":
-                    osu_nai2 = True
-        if not osu_ssid:
-            raise Exception("osu_ssid not reported")
-        if not osu_ssid2:
-            raise Exception("osu_ssid2 not reported")
-        if osu_nai:
-            raise Exception("osu_nai reported unexpectedly")
-        if not osu_nai2:
-            raise Exception("osu_nai2 not reported")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def test_ap_hs20_fetch_osu_single_ssid2(dev, apdev):
-    """Hotspot 2.0 OSU provider and single SSID (two OSU providers)"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo-no-file.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_nai2'] = "osen@example.com"
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    params['wpa_key_mgmt'] = "WPA-EAP OSEN"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-
-    hapd.set('osu_server_uri', 'https://another.example.com/osu/')
-    hapd.set('osu_method_list', "1")
-    hapd.set('osu_nai2', "osen@another.example.com")
-    hapd.enable()
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    dev[0].scan_for_bss(bssid, freq="2412")
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        dev[0].request("FETCH_OSU")
-        ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
-        if ev is None:
-            raise Exception("Timeout on OSU fetch")
-        osu_ssid = False
-        osu_ssid2 = False
-        osu_nai = False
-        osu_nai2 = False
-        osu_nai2b = False
-        with open(os.path.join(dir, "osu-providers.txt"), "r") as f:
-            for l in f.readlines():
-                logger.info(l.strip())
-                if l.strip() == "osu_ssid=HS 2.0 OSU open":
-                    osu_ssid = True
-                if l.strip() == "osu_ssid2=test-hs20":
-                    osu_ssid2 = True
-                if l.strip().startswith("osu_nai="):
-                    osu_nai = True
-                if l.strip() == "osu_nai2=osen@example.com":
-                    osu_nai2 = True
-                if l.strip() == "osu_nai2=osen@another.example.com":
-                    osu_nai2b = True
-        if not osu_ssid:
-            raise Exception("osu_ssid not reported")
-        if not osu_ssid2:
-            raise Exception("osu_ssid2 not reported")
-        if osu_nai:
-            raise Exception("osu_nai reported unexpectedly")
-        if not osu_nai2:
-            raise Exception("osu_nai2 not reported")
-        if not osu_nai2b:
-            raise Exception("osu_nai2b not reported")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def get_icon(dev, bssid, iconname):
-    icon = b''
-    pos = 0
-    while True:
-        if pos > 100000:
-            raise Exception("Unexpectedly long icon")
-        res = dev.request("GET_HS20_ICON " + bssid + " " + iconname + " %d 3000" % pos)
-        if res.startswith("FAIL"):
-            break
-        icon += base64.b64decode(res)
-        pos += 3000
-    if len(icon) < 13:
-        raise Exception("Too short GET_HS20_ICON response")
-    return icon[0:13], icon[13:]
-
-def test_ap_hs20_req_hs20_icon(dev, apdev):
-    """Hotspot 2.0 OSU provider and multi-icon fetch with REQ_HS20_ICON"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = ["128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
-                           "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem"]
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = ["w1fi_logo", "w1fi_logo2"]
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    run_req_hs20_icon(dev, bssid)
-
-def run_req_hs20_icon(dev, bssid):
-    # First, fetch two icons from the AP to wpa_supplicant
-
-    if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("REQ_HS20_ICON failed")
-    ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on RX-HS20-ICON (1)")
-
-    if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
-        raise Exception("REQ_HS20_ICON failed")
-    ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on RX-HS20-ICON (2)")
-
-    # Then, fetch the icons from wpa_supplicant for validation
-
-    hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
-    hdr, data2 = get_icon(dev[0], bssid, "test_logo")
-
-    with open('w1fi_logo.png', 'rb') as f:
-        data = f.read()
-        if data1 != data:
-            raise Exception("Unexpected icon data (1)")
-
-    with open('auth_serv/sha512-server.pem', 'rb') as f:
-        data = f.read()
-        if data2 != data:
-            raise Exception("Unexpected icon data (2)")
-
-    # Finally, delete the icons from wpa_supplicant
-
-    if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("DEL_HS20_ICON failed")
-    if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
-        raise Exception("DEL_HS20_ICON failed")
-
-def test_ap_hs20_req_operator_icon(dev, apdev):
-    """Hotspot 2.0 operator icons"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = ["128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
-                           "500:300:fi:image/png:test_logo:auth_serv/sha512-server.pem"]
-    params['operator_icon'] = ["w1fi_logo", "unknown_logo", "test_logo"]
-    hostapd.add_ap(apdev[0], params)
-
-    value = struct.pack('<HH', 128, 80) + b"zxx"
-    value += struct.pack('B', 9) + b"image/png"
-    value += struct.pack('B', 9) + b"w1fi_logo"
-
-    value += struct.pack('<HH', 500, 300) + b"fi\0"
-    value += struct.pack('B', 9) + b"image/png"
-    value += struct.pack('B', 9) + b"test_logo"
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " hs20:12"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
-    if ev is None or "Operator Icon Metadata" not in ev:
-        raise Exception("Did not receive Operator Icon Metadata")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    bss = dev[0].get_bss(bssid)
-    if "hs20_operator_icon_metadata" not in bss:
-        raise Exception("hs20_operator_icon_metadata missing from BSS entry")
-    if bss["hs20_operator_icon_metadata"] != binascii.hexlify(value).decode():
-        raise Exception("Unexpected hs20_operator_icon_metadata value: " +
-                        bss["hs20_operator_icon_metadata"])
-
-    run_req_hs20_icon(dev, bssid)
-
-def test_ap_hs20_req_hs20_icon_oom(dev, apdev):
-    """Hotspot 2.0 icon fetch OOM with REQ_HS20_ICON"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = ["128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
-                           "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem"]
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = ["w1fi_logo", "w1fi_logo2"]
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    if "FAIL" not in dev[0].request("REQ_HS20_ICON 11:22:33:44:55:66 w1fi_logo"):
-        raise Exception("REQ_HS20_ICON succeeded with unknown BSSID")
-
-    with alloc_fail(dev[0], 1, "hs20_build_anqp_req;hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON succeeded during OOM")
-
-    with alloc_fail(dev[0], 1, "gas_query_req;hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON succeeded during OOM")
-
-    with alloc_fail(dev[0], 1, "=hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON succeeded during OOM")
-    with alloc_fail(dev[0], 2, "=hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON succeeded during OOM")
-
-    if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("REQ_HS20_ICON failed")
-    ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on RX-HS20-ICON (1)")
-
-    with alloc_fail(dev[0], 1, "hs20_get_icon"):
-        if "FAIL" not in dev[0].request("GET_HS20_ICON " + bssid + "w1fi_logo 0 100"):
-            raise Exception("GET_HS20_ICON succeeded during OOM")
-
-    if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("DEL_HS20_ICON failed")
-
-    with alloc_fail(dev[0], 1, "=hs20_process_icon_binary_file"):
-        if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_ap_hs20_req_hs20_icon_parallel(dev, apdev):
-    """Hotspot 2.0 OSU provider and multi-icon parallel fetch with REQ_HS20_ICON"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = ["128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
-                           "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem"]
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = ["w1fi_logo", "w1fi_logo2"]
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    # First, fetch two icons from the AP to wpa_supplicant
-
-    if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("REQ_HS20_ICON failed")
-
-    if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
-        raise Exception("REQ_HS20_ICON failed")
-    ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on RX-HS20-ICON (1)")
-    ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on RX-HS20-ICON (2)")
-
-    # Then, fetch the icons from wpa_supplicant for validation
-
-    hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
-    hdr, data2 = get_icon(dev[0], bssid, "test_logo")
-
-    with open('w1fi_logo.png', 'rb') as f:
-        data = f.read()
-        if data1 != data:
-            raise Exception("Unexpected icon data (1)")
-
-    with open('auth_serv/sha512-server.pem', 'rb') as f:
-        data = f.read()
-        if data2 != data:
-            raise Exception("Unexpected icon data (2)")
-
-    # Finally, delete the icons from wpa_supplicant
-
-    if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
-        raise Exception("DEL_HS20_ICON failed")
-    if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
-        raise Exception("DEL_HS20_ICON failed")
-
-def test_ap_hs20_fetch_osu_stop(dev, apdev):
-    """Hotspot 2.0 OSU provider fetch stopped"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        dev[0].request("SCAN freq=2412-2462")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("Scan did not start")
-        if "FAIL" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU accepted while scanning")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-        if ev is None:
-            raise Exception("Scan timed out")
-        hapd.set("ext_mgmt_frame_handling", "1")
-        dev[0].request("FETCH_ANQP")
-        if "FAIL" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU accepted while in FETCH_ANQP")
-        dev[0].request("STOP_FETCH_ANQP")
-        dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-        dev[0].request("INTERWORKING_SELECT freq=2412")
-        for i in range(5):
-            msg = hapd.mgmt_rx()
-            if msg['subtype'] == 13:
-                break
-        if "FAIL" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU accepted while in INTERWORKING_SELECT")
-        ev = dev[0].wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Network selection timed out")
-
-        dev[0].dump_monitor()
-        if "OK" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU failed")
-        dev[0].request("CANCEL_FETCH_OSU")
-
-        for i in range(15):
-            time.sleep(0.5)
-            if dev[0].get_driver_status_field("scan_state") == "SCAN_COMPLETED":
-                break
-
-        dev[0].dump_monitor()
-        if "OK" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU failed")
-        if "FAIL" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU accepted while in FETCH_OSU")
-        ev = dev[0].wait_event(["GAS-QUERY-START"], 10)
-        if ev is None:
-            raise Exception("GAS timed out")
-        if "FAIL" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU accepted while in FETCH_OSU")
-        dev[0].request("CANCEL_FETCH_OSU")
-        ev = dev[0].wait_event(["GAS-QUERY-DONE"], 10)
-        if ev is None:
-            raise Exception("GAS event timed out after CANCEL_FETCH_OSU")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def test_ap_hs20_fetch_osu_proto(dev, apdev):
-    """Hotspot 2.0 OSU provider and protocol testing"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-
-    tests = [("Empty provider list (no OSU SSID field)", b''),
-             ("HS 2.0: Not enough room for OSU SSID",
-              binascii.unhexlify('01')),
-             ("HS 2.0: Invalid OSU SSID Length 33",
-              binascii.unhexlify('21') + 33*b'A'),
-             ("HS 2.0: Not enough room for Number of OSU Providers",
-              binascii.unhexlify('0130')),
-             ("Truncated OSU Provider",
-              binascii.unhexlify('013001020000')),
-             ("HS 2.0: Ignored 5 bytes of extra data after OSU Providers",
-              binascii.unhexlify('0130001122334455')),
-             ("HS 2.0: Not enough room for OSU Friendly Name Length",
-              binascii.unhexlify('013001000000')),
-             ("HS 2.0: Not enough room for OSU Friendly Name Duples",
-              build_prov('0100')),
-             ("Invalid OSU Friendly Name", build_prov('040000000000')),
-             ("Invalid OSU Friendly Name(2)", build_prov('040004000000')),
-             ("HS 2.0: Not enough room for OSU Server URI length",
-              build_prov('0000')),
-             ("HS 2.0: Not enough room for OSU Server URI",
-              build_prov('000001')),
-             ("HS 2.0: Not enough room for OSU Method list length",
-              build_prov('000000')),
-             ("HS 2.0: Not enough room for OSU Method list",
-              build_prov('00000001')),
-             ("HS 2.0: Not enough room for Icons Available Length",
-              build_prov('00000000')),
-             ("HS 2.0: Not enough room for Icons Available Length(2)",
-              build_prov('00000001ff00')),
-             ("HS 2.0: Not enough room for Icons Available",
-              build_prov('000000000100')),
-             ("HS 2.0: Invalid Icon Metadata",
-              build_prov('00000000010000')),
-             ("HS 2.0: Not room for Icon Type",
-              build_prov('000000000900111122223333330200')),
-             ("HS 2.0: Not room for Icon Filename length",
-              build_prov('000000000900111122223333330100')),
-             ("HS 2.0: Not room for Icon Filename",
-              build_prov('000000000900111122223333330001')),
-             ("HS 2.0: Not enough room for OSU_NAI",
-              build_prov('000000000000')),
-             ("HS 2.0: Not enough room for OSU_NAI(2)",
-              build_prov('00000000000001')),
-             ("HS 2.0: Not enough room for OSU Service Description Length",
-              build_prov('00000000000000')),
-             ("HS 2.0: Not enough room for OSU Service Description Length(2)",
-              build_prov('0000000000000000')),
-             ("HS 2.0: Not enough room for OSU Service Description Duples",
-              build_prov('000000000000000100')),
-             ("Invalid OSU Service Description",
-              build_prov('00000000000000040000000000')),
-             ("Invalid OSU Service Description(2)",
-              build_prov('00000000000000040004000000'))]
-
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        run_fetch_osu_icon_failure(hapd, dev, bssid)
-        for note, prov in tests:
-            run_fetch_osu(hapd, dev, bssid, note, prov)
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def test_ap_hs20_fetch_osu_invalid_dir(dev, apdev):
-    """Hotspot 2.0 OSU provider and invalid directory"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch-no-such-dir"
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET osu_dir " + dir)
-    dev[0].request("FETCH_OSU no-scan")
-    ev = dev[0].wait_event(["Could not write OSU provider information"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("Timeout on OSU fetch")
-
-def test_ap_hs20_fetch_osu_oom(dev, apdev):
-    """Hotspot 2.0 OSU provider and OOM"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
-    params['osu_ssid'] = '"HS 2.0 OSU open"'
-    params['osu_method_list'] = "1"
-    params['osu_friendly_name'] = ["eng:Test OSU", "fin:Testi-OSU"]
-    params['osu_icon'] = "w1fi_logo"
-    params['osu_service_desc'] = ["eng:Example services",
-                                  "fin:Esimerkkipalveluja"]
-    params['osu_server_uri'] = "https://example.com/osu/"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dir = "/tmp/osu-fetch"
-    if os.path.isdir(dir):
-       files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-       for f in files:
-           os.remove(dir + "/" + f)
-    else:
-        try:
-            os.makedirs(dir)
-        except:
-            pass
-    dev[0].scan_for_bss(bssid, freq="2412")
-    try:
-        dev[0].request("SET osu_dir " + dir)
-        with alloc_fail(dev[0], 1, "=hs20_osu_add_prov"):
-            dev[0].request("FETCH_OSU no-scan")
-            ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
-            if ev is None:
-                raise Exception("Timeout on OSU fetch")
-        with alloc_fail(dev[0], 1, "hs20_anqp_send_req;hs20_next_osu_icon"):
-            dev[0].request("FETCH_OSU no-scan")
-            ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
-            if ev is None:
-                raise Exception("Timeout on OSU fetch")
-    finally:
-        files = [f for f in os.listdir(dir) if f.startswith("osu-")]
-        for f in files:
-            os.remove(dir + "/" + f)
-        os.rmdir(dir)
-
-def build_prov(prov):
-    data = binascii.unhexlify(prov)
-    return binascii.unhexlify('013001') + struct.pack('<H', len(data)) + data
-
-def handle_osu_prov_fetch(hapd, dev, prov):
-    # GAS/ANQP query for OSU Providers List
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-    dialog_token = gas['dialog_token']
-
-    resp = action_response(query)
-    osu_prov = struct.pack('<HH', 0xdddd, len(prov) + 6) + binascii.unhexlify('506f9a110800') + prov
-    data = struct.pack('<H', len(osu_prov)) + osu_prov
-    resp['payload'] = anqp_initial_resp(dialog_token, 0) + data
-    send_gas_resp(hapd, resp)
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP query response for OSU Providers not received")
-    if "OSU Providers list" not in ev:
-        raise Exception("ANQP query response for OSU Providers not received(2)")
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP query for OSU Providers list not completed")
-
-def start_osu_fetch(hapd, dev, bssid, note):
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("BSS_FLUSH 0")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].dump_monitor()
-    dev[0].request("NOTE " + note)
-    dev[0].request("FETCH_OSU no-scan")
-
-def wait_osu_fetch_completed(dev):
-    ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on OSU fetch")
-
-def run_fetch_osu_icon_failure(hapd, dev, bssid):
-    start_osu_fetch(hapd, dev, bssid, "Icon fetch failure")
-
-    prov = binascii.unhexlify('01ff' + '01' + '800019000b656e6754657374204f53550c66696e54657374692d4f53551868747470733a2f2f6578616d706c652e636f6d2f6f73752f01011b00800050007a787809696d6167652f706e6709773166695f6c6f676f002a0013656e674578616d706c652073657276696365731566696e4573696d65726b6b6970616c76656c756a61')
-    handle_osu_prov_fetch(hapd, dev, prov)
-
-    # GAS/ANQP query for icon
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-    dialog_token = gas['dialog_token']
-
-    resp = action_response(query)
-    # Unexpected Advertisement Protocol in response
-    adv_proto = struct.pack('8B', 108, 6, 127, 0xdd, 0x00, 0x11, 0x22, 0x33)
-    data = struct.pack('<H', 0)
-    resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
-                                  GAS_INITIAL_RESPONSE,
-                                  gas['dialog_token'], 0, 0) + adv_proto + data
-    send_gas_resp(hapd, resp)
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP query for icon not completed")
-
-    wait_osu_fetch_completed(dev)
-
-def run_fetch_osu(hapd, dev, bssid, note, prov):
-    start_osu_fetch(hapd, dev, bssid, note)
-    handle_osu_prov_fetch(hapd, dev, prov)
-    wait_osu_fetch_completed(dev)
-
-def test_ap_hs20_ft(dev, apdev):
-    """Hotspot 2.0 connection with FT"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params['nas_identifier'] = "nas1.w1.fi"
-    params['r1_key_holder'] = "000102030405"
-    params["mobility_domain"] = "a1b2"
-    params["reassociation_deadline"] = "1000"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    dev[0].dump_monitor()
-    key_mgmt = dev[0].get_status_field("key_mgmt")
-    if key_mgmt != "FT-EAP":
-        raise Exception("Unexpected key_mgmt: " + key_mgmt)
-    # speed up testing by avoiding unnecessary scanning of other channels
-    nid = dev[0].get_status_field("id")
-    dev[0].set_network(nid, "scan_freq", "2412")
-
-    params = hs20_ap_params()
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    hapd.disable()
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Connection to AP2 not reported")
-    key_mgmt = dev[0].get_status_field("key_mgmt")
-    if key_mgmt != "WPA2/IEEE 802.1X/EAP":
-        raise Exception("Unexpected key_mgmt: " + key_mgmt)
-
-def test_ap_hs20_remediation_sql(dev, apdev, params):
-    """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    dbfile = params['prefix'] + ".eap-user.db"
-    try:
-        os.remove(dbfile)
-    except:
-        pass
-    con = sqlite3.connect(dbfile)
-    with con:
-        cur = con.cursor()
-        cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
-        cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
-        cur.execute("INSERT INTO users(identity,methods,password,phase2,remediation) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1,'user')")
-        cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
-        cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
-
-    try:
-        params = {"ssid": "as", "beacon_int": "2000",
-                  "radius_server_clients": "auth_serv/radius_clients.conf",
-                  "radius_server_auth_port": '18128',
-                  "eap_server": "1",
-                  "eap_user_file": "sqlite:" + dbfile,
-                  "ca_cert": "auth_serv/ca.pem",
-                  "server_cert": "auth_serv/server.pem",
-                  "private_key": "auth_serv/server.key",
-                  "subscr_remediation_url": "https://example.org/",
-                  "subscr_remediation_method": "1"}
-        hostapd.add_ap(apdev[1], params)
-
-        bssid = apdev[0]['bssid']
-        params = hs20_ap_params()
-        params['auth_server_port'] = "18128"
-        hostapd.add_ap(apdev[0], params)
-
-        dev[0].request("SET pmf 1")
-        dev[0].hs20_enable()
-        id = dev[0].add_cred_values({'realm': "example.com",
-                                     'username': "user-mschapv2",
-                                     'password': "password",
-                                     'ca_cert': "auth_serv/ca.pem"})
-        interworking_select(dev[0], bssid, freq="2412")
-        interworking_connect(dev[0], bssid, "TTLS")
-        ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
-        if ev is None:
-            raise Exception("Timeout on subscription remediation notice")
-        if " 1 https://example.org/" not in ev:
-            raise Exception("Unexpected subscription remediation event contents")
-
-        with con:
-            cur = con.cursor()
-            cur.execute("SELECT * from authlog")
-            rows = cur.fetchall()
-            if len(rows) < 1:
-                raise Exception("No authlog entries")
-
-    finally:
-        os.remove(dbfile)
-        dev[0].request("SET pmf 0")
-
-def test_ap_hs20_sim_provisioning(dev, apdev, params):
-    """Hotspot 2.0 AAA server behavior for SIM provisioning"""
-    check_eap_capa(dev[0], "SIM")
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    dbfile = params['prefix'] + ".eap-user.db"
-    try:
-        os.remove(dbfile)
-    except:
-        pass
-    con = sqlite3.connect(dbfile)
-    with con:
-        cur = con.cursor()
-        cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER, last_msk TEXT)")
-        cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
-        cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('1','SIM')")
-        cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
-        cur.execute("CREATE TABLE current_sessions(mac_addr TEXT PRIMARY KEY, identity TEXT, start_time TEXT, nas TEXT, hs20_t_c_filtering BOOLEAN, waiting_coa_ack BOOLEAN, coa_ack_received BOOLEAN)")
-
-    try:
-        params = {"ssid": "as", "beacon_int": "2000",
-                  "radius_server_clients": "auth_serv/radius_clients.conf",
-                  "radius_server_auth_port": '18128',
-                  "eap_server": "1",
-                  "eap_user_file": "sqlite:" + dbfile,
-                  "eap_sim_db": "unix:/tmp/hlr_auc_gw.sock",
-                  "ca_cert": "auth_serv/ca.pem",
-                  "server_cert": "auth_serv/server.pem",
-                  "private_key": "auth_serv/server.key",
-                  "hs20_sim_provisioning_url":
-                  "https://example.org/?hotspot2dot0-mobile-identifier-hash=",
-                  "subscr_remediation_method": "1"}
-        hostapd.add_ap(apdev[1], params)
-
-        bssid = apdev[0]['bssid']
-        params = hs20_ap_params()
-        params['auth_server_port'] = "18128"
-        hostapd.add_ap(apdev[0], params)
-
-        dev[0].request("SET pmf 1")
-        dev[0].hs20_enable()
-        dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="SIM",
-                       ieee80211w="1",
-                       identity="1232010000000000",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   scan_freq="2412", update_identifier="54321")
-        ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected subscription remediation notice")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="SIM",
-                       ieee80211w="1",
-                       identity="1232010000000000",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                   scan_freq="2412", update_identifier="0")
-        ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
-        if ev is None:
-            raise Exception("Timeout on subscription remediation notice")
-        if " 1 https://example.org/?hotspot2dot0-mobile-identifier-hash=" not in ev:
-            raise Exception("Unexpected subscription remediation event contents: " + ev)
-        id_hash = ev.split(' ')[2].split('=')[1]
-
-        with con:
-            cur = con.cursor()
-            cur.execute("SELECT * from authlog")
-            rows = cur.fetchall()
-            if len(rows) < 1:
-                raise Exception("No authlog entries")
-
-        with con:
-            cur = con.cursor()
-            cur.execute("SELECT * from sim_provisioning")
-            rows = cur.fetchall()
-            if len(rows) != 1:
-                raise Exeception("Unexpected number of rows in sim_provisioning (%d; expected %d)" % (len(rows), 1))
-            logger.info("sim_provisioning: " + str(rows))
-            if len(rows[0][0]) != 32:
-                raise Exception("Unexpected mobile_identifier_hash length in DB")
-            if rows[0][1] != "232010000000000":
-                raise Exception("Unexpected IMSI in DB")
-            if rows[0][2] != dev[0].own_addr():
-                raise Exception("Unexpected MAC address in DB")
-            if rows[0][0] != id_hash:
-                raise Exception("hotspot2dot0-mobile-identifier-hash mismatch")
-    finally:
-        dev[0].request("SET pmf 0")
-
-def test_ap_hs20_external_selection(dev, apdev):
-    """Hotspot 2.0 connection using external network selection and creation"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
-                   ieee80211w="1",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412", update_identifier="54321",
-                   roaming_consortium_selection="1020304050")
-    if dev[0].get_status_field("hs20") != "3":
-        raise Exception("Unexpected hs20 indication")
-    network_id = dev[0].get_status_field("id")
-    sel = dev[0].get_network(network_id, "roaming_consortium_selection")
-    if sel != "1020304050":
-        raise Exception("Unexpected roaming_consortium_selection value: " + sel)
-
-def test_ap_hs20_random_mac_addr(dev, apdev):
-    """Hotspot 2.0 connection with random MAC address"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr = wpas.p2p_interface_addr()
-    wpas.request("SET mac_addr 1")
-    wpas.request("SET preassoc_mac_addr 1")
-    wpas.request("SET rand_addr_lifetime 60")
-    wpas.hs20_enable()
-    wpas.flush_scan_cache()
-    id = wpas.add_cred_values({'realm': "example.com",
-                               'username': "hs20-test",
-                               'password': "password",
-                               'ca_cert': "auth_serv/ca.pem",
-                               'domain': "example.com",
-                               'update_identifier': "1234"})
-    interworking_select(wpas, bssid, "home", freq="2412")
-    interworking_connect(wpas, bssid, "TTLS")
-    addr1 = wpas.get_driver_status_field("addr")
-    if addr == addr1:
-        raise Exception("Did not use random MAC address")
-
-    sta = hapd.get_sta(addr)
-    if sta['addr'] != "FAIL":
-        raise Exception("Unexpected STA association with permanent address")
-    sta = hapd.get_sta(addr1)
-    if sta['addr'] != addr1:
-        raise Exception("STA association with random address not found")
-
-def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
-    """Multiple networks and cred removal"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,25[3:26]"]
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].add_network()
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "user",
-                                 'password': "password"})
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "PEAP")
-    dev[0].add_network()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-
-    hapd.disable()
-    hapd.set("ssid", "another ssid")
-    hapd.enable()
-
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "PEAP")
-    dev[0].add_network()
-    if len(dev[0].list_networks()) != 5:
-        raise Exception("Unexpected number of networks prior to remove_cred")
-
-    dev[0].dump_monitor()
-    dev[0].remove_cred(id)
-    if len(dev[0].list_networks()) != 3:
-        raise Exception("Unexpected number of networks after to remove_cred")
-    dev[0].wait_disconnected(timeout=10)
-
-def test_ap_hs20_interworking_add_network(dev, apdev):
-    """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['nai_realm'] = ["0,example.com,21[3:26][6:7][99:99]"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].add_cred_values(default_cred(user="user"))
-    interworking_select(dev[0], bssid, freq=2412)
-    id = dev[0].interworking_add_network(bssid)
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-
-def _test_ap_hs20_proxyarp(dev, apdev):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '0'
-    params['proxy_arp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "OK" in hapd.request("ENABLE"):
-        raise Exception("Incomplete hostapd configuration was accepted")
-    hapd.set("ap_isolate", "1")
-    if "OK" in hapd.request("ENABLE"):
-        raise Exception("Incomplete hostapd configuration was accepted")
-    hapd.set('bridge', 'ap-br0')
-    hapd.dump_monitor()
-    try:
-        hapd.enable()
-    except:
-        # For now, do not report failures due to missing kernel support
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("AP startup failed")
-
-    dev[0].hs20_enable()
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-    time.sleep(0.1)
-
-    addr0 = dev[0].p2p_interface_addr()
-    addr1 = dev[1].p2p_interface_addr()
-
-    src_ll_opt0 = b"\x01\x01" + binascii.unhexlify(addr0.replace(':', ''))
-    src_ll_opt1 = b"\x01\x01" + binascii.unhexlify(addr1.replace(':', ''))
-
-    pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
-                   ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
-                   opt=src_ll_opt0)
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:dddd::2",
-                   ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:dddd::2",
-                   opt=src_ll_opt1)
-    if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:eeee::2",
-                   ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:eeee::2",
-                   opt=src_ll_opt1)
-    if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After connect: " + str(matches))
-    if len(matches) != 3:
-        raise Exception("Unexpected number of neighbor entries after connect")
-    if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
-        raise Exception("dev0 addr missing")
-    if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
-        raise Exception("dev1 addr(1) missing")
-    if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
-        raise Exception("dev1 addr(2) missing")
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    time.sleep(0.5)
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After disconnect: " + str(matches))
-    if len(matches) > 0:
-        raise Exception("Unexpected neighbor entries after disconnect")
-
-def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
-    """Hotspot 2.0 connection with hidden SSId in scan results"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": 'secret',
-                                     "ignore_broadcast_ssid": "1"})
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.disable()
-    hapd_global = hostapd.HostapdGlobal(apdev[0])
-    hapd_global.flush()
-    hapd_global.remove(apdev[0]['ifname'])
-
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    # clear BSS table to avoid issues in following test cases
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    dev[0].flush_scan_cache()
-
-def test_ap_hs20_proxyarp(dev, apdev):
-    """Hotspot 2.0 and ProxyARP"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_proxyarp(dev, apdev)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1' if disabled else '0'
-    params['proxy_arp'] = '1'
-    params['na_mcast_to_ucast'] = '1'
-    params['ap_isolate'] = '1'
-    params['bridge'] = 'ap-br0'
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    try:
-        hapd.enable()
-    except:
-        # For now, do not report failures due to missing kernel support
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if ev is None:
-        raise Exception("AP startup timed out")
-
-    dev[0].hs20_enable()
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-    time.sleep(0.1)
-
-    addr0 = dev[0].p2p_interface_addr()
-
-    src_ll_opt0 = b"\x01\x01" + binascii.unhexlify(addr0.replace(':', ''))
-
-    pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
-                   ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
-                   opt=src_ll_opt0)
-    if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    pkt = build_ra(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::33",
-                   ip_dst="ff01::1")
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    pkt = build_na(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::44",
-                   ip_dst="ff01::1", target="aaaa:bbbb:cccc::55")
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.123", chaddr=addr0)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-    # another copy for additional code coverage
-    pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.123", chaddr=addr0)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After connect: " + str(matches))
-    if len(matches) != 2:
-        raise Exception("Unexpected number of neighbor entries after connect")
-    if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
-        raise Exception("dev0 addr missing")
-    if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
-        raise Exception("dev0 IPv4 addr missing")
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    time.sleep(0.5)
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After disconnect: " + str(matches))
-    if len(matches) > 0:
-        raise Exception("Unexpected neighbor entries after disconnect")
-
-def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
-    """Hotspot 2.0 and ProxyARP with DGAF disabled"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
-    """Hotspot 2.0 and ProxyARP with DGAF enabled"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def ip_checksum(buf):
-    sum = 0
-    if len(buf) & 0x01:
-        buf += b'\x00'
-    for i in range(0, len(buf), 2):
-        val, = struct.unpack('H', buf[i:i+2])
-        sum += val
-    while (sum >> 16):
-        sum = (sum & 0xffff) + (sum >> 16)
-    return struct.pack('H', ~sum & 0xffff)
-
-def ipv6_solicited_node_mcaddr(target):
-    prefix = socket.inet_pton(socket.AF_INET6, "ff02::1:ff00:0")
-    mask = socket.inet_pton(socket.AF_INET6, "::ff:ffff")
-    _target = socket.inet_pton(socket.AF_INET6, target)
-    p = struct.unpack('4I', prefix)
-    m = struct.unpack('4I', mask)
-    t = struct.unpack('4I', _target)
-    res = (p[0] | (t[0] & m[0]),
-           p[1] | (t[1] & m[1]),
-           p[2] | (t[2] & m[2]),
-           p[3] | (t[3] & m[3]))
-    return socket.inet_ntop(socket.AF_INET6, struct.pack('4I', *res))
-
-def build_icmpv6(ipv6_addrs, type, code, payload):
-    start = struct.pack("BB", type, code)
-    end = payload
-    icmp = start + b'\x00\x00' + end
-    pseudo = ipv6_addrs + struct.pack(">LBBBB", len(icmp), 0, 0, 0, 58)
-    csum = ip_checksum(pseudo + icmp)
-    return start + csum + end
-
-def build_ra(src_ll, ip_src, ip_dst, cur_hop_limit=0, router_lifetime=0,
-             reachable_time=0, retrans_timer=0, opt=None):
-    link_mc = binascii.unhexlify("3333ff000002")
-    _src_ll = binascii.unhexlify(src_ll.replace(':', ''))
-    proto = b'\x86\xdd'
-    ehdr = link_mc + _src_ll + proto
-    _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
-    _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
-
-    adv = struct.pack('>BBHLL', cur_hop_limit, 0, router_lifetime,
-                      reachable_time, retrans_timer)
-    if opt:
-        payload = adv + opt
-    else:
-        payload = adv
-    icmp = build_icmpv6(_ip_src + _ip_dst, 134, 0, payload)
-
-    ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
-    ipv6 += _ip_src + _ip_dst
-
-    return ehdr + ipv6 + icmp
-
-def build_ns(src_ll, ip_src, ip_dst, target, opt=None):
-    link_mc = binascii.unhexlify("3333ff000002")
-    _src_ll = binascii.unhexlify(src_ll.replace(':', ''))
-    proto = b'\x86\xdd'
-    ehdr = link_mc + _src_ll + proto
-    _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
-    if ip_dst is None:
-        ip_dst = ipv6_solicited_node_mcaddr(target)
-    _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
-
-    reserved = b'\x00\x00\x00\x00'
-    _target = socket.inet_pton(socket.AF_INET6, target)
-    if opt:
-        payload = reserved + _target + opt
-    else:
-        payload = reserved + _target
-    icmp = build_icmpv6(_ip_src + _ip_dst, 135, 0, payload)
-
-    ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
-    ipv6 += _ip_src + _ip_dst
-
-    return ehdr + ipv6 + icmp
-
-def send_ns(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
-            hapd_bssid=None):
-    if hapd_bssid:
-        if src_ll is None:
-            src_ll = hapd_bssid
-        cmd = "DATA_TEST_FRAME ifname=ap-br0 "
-    else:
-        if src_ll is None:
-            src_ll = dev.p2p_interface_addr()
-        cmd = "DATA_TEST_FRAME "
-
-    if opt is None:
-        opt = b"\x01\x01" + binascii.unhexlify(src_ll.replace(':', ''))
-
-    pkt = build_ns(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
-                   opt=opt)
-    if "OK" not in dev.request(cmd + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-def build_na(src_ll, ip_src, ip_dst, target, opt=None, flags=0):
-    link_mc = binascii.unhexlify("3333ff000002")
-    _src_ll = binascii.unhexlify(src_ll.replace(':', ''))
-    proto = b'\x86\xdd'
-    ehdr = link_mc + _src_ll + proto
-    _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
-    _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
-
-    _target = socket.inet_pton(socket.AF_INET6, target)
-    if opt:
-        payload = struct.pack('>Bxxx', flags) + _target + opt
-    else:
-        payload = struct.pack('>Bxxx', flags) + _target
-    icmp = build_icmpv6(_ip_src + _ip_dst, 136, 0, payload)
-
-    ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
-    ipv6 += _ip_src + _ip_dst
-
-    return ehdr + ipv6 + icmp
-
-def send_na(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
-            hapd_bssid=None):
-    if hapd_bssid:
-        if src_ll is None:
-            src_ll = hapd_bssid
-        cmd = "DATA_TEST_FRAME ifname=ap-br0 "
-    else:
-        if src_ll is None:
-            src_ll = dev.p2p_interface_addr()
-        cmd = "DATA_TEST_FRAME "
-
-    pkt = build_na(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
-                   opt=opt)
-    if "OK" not in dev.request(cmd + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-def build_dhcp_ack(dst_ll, src_ll, ip_src, ip_dst, yiaddr, chaddr,
-                   subnet_mask="255.255.255.0", truncated_opt=False,
-                   wrong_magic=False, force_tot_len=None, no_dhcp=False,
-                   udp_checksum=True):
-    _dst_ll = binascii.unhexlify(dst_ll.replace(':', ''))
-    _src_ll = binascii.unhexlify(src_ll.replace(':', ''))
-    proto = b'\x08\x00'
-    ehdr = _dst_ll + _src_ll + proto
-    _ip_src = socket.inet_pton(socket.AF_INET, ip_src)
-    _ip_dst = socket.inet_pton(socket.AF_INET, ip_dst)
-    _subnet_mask = socket.inet_pton(socket.AF_INET, subnet_mask)
-
-    _ciaddr = b'\x00\x00\x00\x00'
-    _yiaddr = socket.inet_pton(socket.AF_INET, yiaddr)
-    _siaddr = b'\x00\x00\x00\x00'
-    _giaddr = b'\x00\x00\x00\x00'
-    _chaddr = binascii.unhexlify(chaddr.replace(':', '') + "00000000000000000000")
-    payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
-    payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*b'\x00'
-    # magic
-    if wrong_magic:
-        payload += b'\x63\x82\x53\x00'
-    else:
-        payload += b'\x63\x82\x53\x63'
-    if truncated_opt:
-        payload += b'\x22\xff\x00'
-    # Option: DHCP Message Type = ACK
-    payload += b'\x35\x01\x05'
-    # Pad Option
-    payload += b'\x00'
-    # Option: Subnet Mask
-    payload += b'\x01\x04' + _subnet_mask
-    # Option: Time Offset
-    payload += struct.pack('>BBL', 2, 4, 0)
-    # End Option
-    payload += b'\xff'
-    # Pad Option
-    payload += b'\x00\x00\x00\x00'
-
-    if no_dhcp:
-        payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
-        payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*b'\x00'
-
-    if udp_checksum:
-        pseudohdr = _ip_src + _ip_dst + struct.pack('>BBH', 0, 17,
-                                                    8 + len(payload))
-        udphdr = struct.pack('>HHHH', 67, 68, 8 + len(payload), 0)
-        checksum, = struct.unpack('>H', ip_checksum(pseudohdr + udphdr + payload))
-    else:
-        checksum = 0
-    udp = struct.pack('>HHHH', 67, 68, 8 + len(payload), checksum) + payload
-
-    if force_tot_len:
-        tot_len = force_tot_len
-    else:
-        tot_len = 20 + len(udp)
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    ipv4 = start + csum + _ip_src + _ip_dst
-
-    return ehdr + ipv4 + udp
-
-def build_arp(dst_ll, src_ll, opcode, sender_mac, sender_ip,
-              target_mac, target_ip):
-    _dst_ll = binascii.unhexlify(dst_ll.replace(':', ''))
-    _src_ll = binascii.unhexlify(src_ll.replace(':', ''))
-    proto = b'\x08\x06'
-    ehdr = _dst_ll + _src_ll + proto
-
-    _sender_mac = binascii.unhexlify(sender_mac.replace(':', ''))
-    _sender_ip = socket.inet_pton(socket.AF_INET, sender_ip)
-    _target_mac = binascii.unhexlify(target_mac.replace(':', ''))
-    _target_ip = socket.inet_pton(socket.AF_INET, target_ip)
-
-    arp = struct.pack('>HHBBH', 1, 0x0800, 6, 4, opcode)
-    arp += _sender_mac + _sender_ip
-    arp += _target_mac + _target_ip
-
-    return ehdr + arp
-
-def send_arp(dev, dst_ll="ff:ff:ff:ff:ff:ff", src_ll=None, opcode=1,
-             sender_mac=None, sender_ip="0.0.0.0",
-             target_mac="00:00:00:00:00:00", target_ip="0.0.0.0",
-             hapd_bssid=None):
-    if hapd_bssid:
-        if src_ll is None:
-            src_ll = hapd_bssid
-        if sender_mac is None:
-            sender_mac = hapd_bssid
-        cmd = "DATA_TEST_FRAME ifname=ap-br0 "
-    else:
-        if src_ll is None:
-            src_ll = dev.p2p_interface_addr()
-        if sender_mac is None:
-            sender_mac = dev.p2p_interface_addr()
-        cmd = "DATA_TEST_FRAME "
-
-    pkt = build_arp(dst_ll=dst_ll, src_ll=src_ll, opcode=opcode,
-                    sender_mac=sender_mac, sender_ip=sender_ip,
-                    target_mac=target_mac, target_ip=target_ip)
-    if "OK" not in dev.request(cmd + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-def get_permanent_neighbors(ifname):
-    cmd = subprocess.Popen(['ip', 'nei'], stdout=subprocess.PIPE)
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    return [line for line in res.splitlines() if "PERMANENT" in line and ifname in line]
-
-def get_bridge_macs(ifname):
-    cmd = subprocess.Popen(['brctl', 'showmacs', ifname],
-                           stdout=subprocess.PIPE)
-    res = cmd.stdout.read()
-    cmd.stdout.close()
-    return res.decode()
-
-def tshark_get_arp(cap, filter):
-    res = run_tshark(cap, filter,
-                     ["eth.dst", "eth.src",
-                      "arp.src.hw_mac", "arp.src.proto_ipv4",
-                      "arp.dst.hw_mac", "arp.dst.proto_ipv4"],
-                     wait=False)
-    frames = []
-    for l in res.splitlines():
-        frames.append(l.split('\t'))
-    return frames
-
-def tshark_get_ns(cap):
-    res = run_tshark(cap, "icmpv6.type == 135",
-                     ["eth.dst", "eth.src",
-                      "ipv6.src", "ipv6.dst",
-                      "icmpv6.nd.ns.target_address",
-                      "icmpv6.opt.linkaddr"],
-                     wait=False)
-    frames = []
-    for l in res.splitlines():
-        frames.append(l.split('\t'))
-    return frames
-
-def tshark_get_na(cap):
-    res = run_tshark(cap, "icmpv6.type == 136",
-                     ["eth.dst", "eth.src",
-                      "ipv6.src", "ipv6.dst",
-                      "icmpv6.nd.na.target_address",
-                      "icmpv6.opt.linkaddr"],
-                     wait=False)
-    frames = []
-    for l in res.splitlines():
-        frames.append(l.split('\t'))
-    return frames
-
-def _test_proxyarp_open(dev, apdev, params, ebtables=False):
-    cap_br = params['prefix'] + ".ap-br0.pcap"
-    cap_dev0 = params['prefix'] + ".%s.pcap" % dev[0].ifname
-    cap_dev1 = params['prefix'] + ".%s.pcap" % dev[1].ifname
-    cap_dev2 = params['prefix'] + ".%s.pcap" % dev[2].ifname
-
-    bssid = apdev[0]['bssid']
-    params = {'ssid': 'open'}
-    params['proxy_arp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    hapd.set("ap_isolate", "1")
-    hapd.set('bridge', 'ap-br0')
-    hapd.dump_monitor()
-    try:
-        hapd.enable()
-    except:
-        # For now, do not report failures due to missing kernel support
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("AP startup failed")
-
-    params2 = {'ssid': 'another'}
-    hapd2 = hostapd.add_ap(apdev[1], params2, no_enable=True)
-    hapd2.set('bridge', 'ap-br0')
-    hapd2.enable()
-
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    if ebtables:
-        for chain in ['FORWARD', 'OUTPUT']:
-            try:
-                err = subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
-                                       '-d', 'Broadcast',
-                                       '-o', apdev[0]['ifname'],
-                                       '-j', 'DROP'])
-                if err != 0:
-                    raise
-            except:
-                raise HwsimSkip("No ebtables available")
-
-    time.sleep(0.5)
-    cmd = {}
-    cmd[0] = WlantestCapture('ap-br0', cap_br)
-    cmd[1] = WlantestCapture(dev[0].ifname, cap_dev0)
-    cmd[2] = WlantestCapture(dev[1].ifname, cap_dev1)
-    cmd[3] = WlantestCapture(dev[2].ifname, cap_dev2)
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("another", key_mgmt="NONE", scan_freq="2412")
-    time.sleep(1.1)
-
-    brcmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE)
-    res = brcmd.stdout.read().decode()
-    brcmd.stdout.close()
-    logger.info("Bridge setup: " + res)
-
-    brcmd = subprocess.Popen(['brctl', 'showstp', 'ap-br0'],
-                             stdout=subprocess.PIPE)
-    res = brcmd.stdout.read().decode()
-    brcmd.stdout.close()
-    logger.info("Bridge showstp: " + res)
-
-    addr0 = dev[0].p2p_interface_addr()
-    addr1 = dev[1].p2p_interface_addr()
-    addr2 = dev[2].p2p_interface_addr()
-
-    pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.124", chaddr=addr0)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-    # Change address and verify unicast
-    pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.123", chaddr=addr0,
-                         udp_checksum=False)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Not-associated client MAC address
-    pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.125", chaddr="22:33:44:55:66:77")
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # No IP address
-    pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="0.0.0.0", chaddr=addr1)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Zero subnet mask
-    pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.126", chaddr=addr1,
-                         subnet_mask="0.0.0.0")
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Truncated option
-    pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.127", chaddr=addr1,
-                         truncated_opt=True)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Wrong magic
-    pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.128", chaddr=addr1,
-                         wrong_magic=True)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # Wrong IPv4 total length
-    pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.129", chaddr=addr1,
-                         force_tot_len=1000)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    # BOOTP
-    pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.129", chaddr=addr1,
-                         no_dhcp=True)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    macs = get_bridge_macs("ap-br0")
-    logger.info("After connect (showmacs): " + str(macs))
-
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After connect: " + str(matches))
-    if len(matches) != 1:
-        raise Exception("Unexpected number of neighbor entries after connect")
-    if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
-        raise Exception("dev0 IPv4 addr missing")
-
-    targets = ["192.168.1.123", "192.168.1.124", "192.168.1.125",
-               "192.168.1.126"]
-    for target in targets:
-        send_arp(dev[1], sender_ip="192.168.1.100", target_ip=target)
-
-    for target in targets:
-        send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.101",
-                 target_ip=target)
-
-    for target in targets:
-        send_arp(dev[2], sender_ip="192.168.1.103", target_ip=target)
-
-    # ARP Probe from wireless STA
-    send_arp(dev[1], target_ip="192.168.1.127")
-    # ARP Announcement from wireless STA
-    send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127")
-    send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127",
-             opcode=2)
-
-    macs = get_bridge_macs("ap-br0")
-    logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
-
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After ARP Probe + Announcement: " + str(matches))
-
-    # ARP Request for the newly introduced IP address from wireless STA
-    send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
-
-    # ARP Request for the newly introduced IP address from bridge
-    send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
-             target_ip="192.168.1.127")
-    send_arp(dev[2], sender_ip="192.168.1.103", target_ip="192.168.1.127")
-
-    # ARP Probe from bridge
-    send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.130")
-    send_arp(dev[2], target_ip="192.168.1.131")
-    # ARP Announcement from bridge (not to be learned by AP for proxyarp)
-    send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
-             target_ip="192.168.1.130")
-    send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
-             target_ip="192.168.1.130", opcode=2)
-    send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131")
-    send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131",
-             opcode=2)
-
-    macs = get_bridge_macs("ap-br0")
-    logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
-
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After ARP Probe + Announcement: " + str(matches))
-
-    # ARP Request for the newly introduced IP address from wireless STA
-    send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.130")
-    # ARP Response from bridge (AP does not proxy for non-wireless devices)
-    send_arp(hapd, hapd_bssid=bssid, dst_ll=addr0, sender_ip="192.168.1.130",
-             target_ip="192.168.1.123", opcode=2)
-
-    # ARP Request for the newly introduced IP address from wireless STA
-    send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.131")
-    # ARP Response from bridge (AP does not proxy for non-wireless devices)
-    send_arp(dev[2], dst_ll=addr0, sender_ip="192.168.1.131",
-             target_ip="192.168.1.123", opcode=2)
-
-    # ARP Request for the newly introduced IP address from bridge
-    send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
-             target_ip="192.168.1.130")
-    send_arp(dev[2], sender_ip="192.168.1.104", target_ip="192.168.1.131")
-
-    # ARP Probe from wireless STA (duplicate address; learned through DHCP)
-    send_arp(dev[1], target_ip="192.168.1.123")
-    # ARP Probe from wireless STA (duplicate address; learned through ARP)
-    send_arp(dev[0], target_ip="192.168.1.127")
-
-    # Gratuitous ARP Reply for another STA's IP address
-    send_arp(dev[0], opcode=2, sender_mac=addr0, sender_ip="192.168.1.127",
-             target_mac=addr1, target_ip="192.168.1.127")
-    send_arp(dev[1], opcode=2, sender_mac=addr1, sender_ip="192.168.1.123",
-             target_mac=addr0, target_ip="192.168.1.123")
-    # ARP Request to verify previous mapping
-    send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.123")
-    send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
-
-    try:
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
-    except Exception as e:
-        logger.info("test_connectibity_iface failed: " + str(e))
-        raise HwsimSkip("Assume kernel did not have the required patches for proxyarp")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    time.sleep(1.5)
-    for i in range(len(cmd)):
-        cmd[i].close()
-    time.sleep(0.1)
-    macs = get_bridge_macs("ap-br0")
-    logger.info("After disconnect (showmacs): " + str(macs))
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After disconnect: " + str(matches))
-    if len(matches) > 0:
-        raise Exception("Unexpected neighbor entries after disconnect")
-    if ebtables:
-        cmd = subprocess.Popen(['ebtables', '-L', '--Lc'],
-                               stdout=subprocess.PIPE)
-        res = cmd.stdout.read().decode()
-        cmd.stdout.close()
-        logger.info("ebtables results:\n" + res)
-
-    # Verify that expected ARP messages were seen and no unexpected
-    # ARP messages were seen.
-
-    arp_req = tshark_get_arp(cap_dev0, "arp.opcode == 1")
-    arp_reply = tshark_get_arp(cap_dev0, "arp.opcode == 2")
-    logger.info("dev0 seen ARP requests:\n" + str(arp_req))
-    logger.info("dev0 seen ARP replies:\n" + str(arp_reply))
-
-    if ['ff:ff:ff:ff:ff:ff', addr1,
-        addr1, '192.168.1.100',
-        '00:00:00:00:00:00', '192.168.1.123'] in arp_req:
-        raise Exception("dev0 saw ARP request from dev1")
-    if ['ff:ff:ff:ff:ff:ff', addr2,
-        addr2, '192.168.1.103',
-        '00:00:00:00:00:00', '192.168.1.123'] in arp_req:
-        raise Exception("dev0 saw ARP request from dev2")
-    # TODO: Uncomment once fixed in kernel
-    #if ['ff:ff:ff:ff:ff:ff', bssid,
-    #    bssid, '192.168.1.101',
-    #    '00:00:00:00:00:00', '192.168.1.123'] in arp_req:
-    #    raise Exception("dev0 saw ARP request from br")
-
-    if ebtables:
-        for req in arp_req:
-            if req[1] != addr0:
-                raise Exception("Unexpected foreign ARP request on dev0")
-
-    arp_req = tshark_get_arp(cap_dev1, "arp.opcode == 1")
-    arp_reply = tshark_get_arp(cap_dev1, "arp.opcode == 2")
-    logger.info("dev1 seen ARP requests:\n" + str(arp_req))
-    logger.info("dev1 seen ARP replies:\n" + str(arp_reply))
-
-    if ['ff:ff:ff:ff:ff:ff', addr2,
-        addr2, '192.168.1.103',
-        '00:00:00:00:00:00', '192.168.1.123'] in arp_req:
-        raise Exception("dev1 saw ARP request from dev2")
-    if [addr1, addr0, addr0, '192.168.1.123', addr1, '192.168.1.100'] not in arp_reply:
-        raise Exception("dev1 did not get ARP response for 192.168.1.123")
-
-    if ebtables:
-        for req in arp_req:
-            if req[1] != addr1:
-                raise Exception("Unexpected foreign ARP request on dev1")
-
-    arp_req = tshark_get_arp(cap_dev2, "arp.opcode == 1")
-    arp_reply = tshark_get_arp(cap_dev2, "arp.opcode == 2")
-    logger.info("dev2 seen ARP requests:\n" + str(arp_req))
-    logger.info("dev2 seen ARP replies:\n" + str(arp_reply))
-
-    if [addr2, addr0,
-        addr0, '192.168.1.123',
-        addr2, '192.168.1.103'] not in arp_reply:
-        raise Exception("dev2 did not get ARP response for 192.168.1.123")
-
-    arp_req = tshark_get_arp(cap_br, "arp.opcode == 1")
-    arp_reply = tshark_get_arp(cap_br, "arp.opcode == 2")
-    logger.info("br seen ARP requests:\n" + str(arp_req))
-    logger.info("br seen ARP replies:\n" + str(arp_reply))
-
-    # TODO: Uncomment once fixed in kernel
-    #if [bssid, addr0,
-    #    addr0, '192.168.1.123',
-    #    bssid, '192.168.1.101'] not in arp_reply:
-    #    raise Exception("br did not get ARP response for 192.168.1.123")
-
-def _test_proxyarp_open_ipv6(dev, apdev, params, ebtables=False):
-    cap_br = params['prefix'] + ".ap-br0.pcap"
-    cap_dev0 = params['prefix'] + ".%s.pcap" % dev[0].ifname
-    cap_dev1 = params['prefix'] + ".%s.pcap" % dev[1].ifname
-    cap_dev2 = params['prefix'] + ".%s.pcap" % dev[2].ifname
-
-    bssid = apdev[0]['bssid']
-    params = {'ssid': 'open'}
-    params['proxy_arp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    hapd.set("ap_isolate", "1")
-    hapd.set('bridge', 'ap-br0')
-    hapd.dump_monitor()
-    try:
-        hapd.enable()
-    except:
-        # For now, do not report failures due to missing kernel support
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("AP startup failed")
-
-    params2 = {'ssid': 'another'}
-    hapd2 = hostapd.add_ap(apdev[1], params2, no_enable=True)
-    hapd2.set('bridge', 'ap-br0')
-    hapd2.enable()
-
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    if ebtables:
-        for chain in ['FORWARD', 'OUTPUT']:
-            try:
-                err = subprocess.call(['ebtables', '-A', chain,
-                                       '-d', 'Multicast',
-                                       '-p', 'IPv6',
-                                       '--ip6-protocol', 'ipv6-icmp',
-                                       '--ip6-icmp-type',
-                                       'neighbor-solicitation',
-                                       '-o', apdev[0]['ifname'], '-j', 'DROP'])
-                if err != 0:
-                    raise
-                subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
-                                 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
-                                 '--ip6-icmp-type', 'neighbor-advertisement',
-                                 '-o', apdev[0]['ifname'], '-j', 'DROP'])
-                subprocess.call(['ebtables', '-A', chain,
-                                 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
-                                 '--ip6-icmp-type', 'router-solicitation',
-                                 '-o', apdev[0]['ifname'], '-j', 'DROP'])
-                # Multicast Listener Report Message
-                subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
-                                 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
-                                 '--ip6-icmp-type', '143',
-                                 '-o', apdev[0]['ifname'], '-j', 'DROP'])
-            except:
-                raise HwsimSkip("No ebtables available")
-
-    time.sleep(0.5)
-    cmd = {}
-    cmd[0] = WlantestCapture('ap-br0', cap_br)
-    cmd[1] = WlantestCapture(dev[0].ifname, cap_dev0)
-    cmd[2] = WlantestCapture(dev[1].ifname, cap_dev1)
-    cmd[3] = WlantestCapture(dev[2].ifname, cap_dev2)
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("another", key_mgmt="NONE", scan_freq="2412")
-    time.sleep(0.1)
-
-    brcmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE)
-    res = brcmd.stdout.read().decode()
-    brcmd.stdout.close()
-    logger.info("Bridge setup: " + res)
-
-    brcmd = subprocess.Popen(['brctl', 'showstp', 'ap-br0'],
-                             stdout=subprocess.PIPE)
-    res = brcmd.stdout.read().decode()
-    brcmd.stdout.close()
-    logger.info("Bridge showstp: " + res)
-
-    addr0 = dev[0].p2p_interface_addr()
-    addr1 = dev[1].p2p_interface_addr()
-    addr2 = dev[2].p2p_interface_addr()
-
-    src_ll_opt0 = b"\x01\x01" + binascii.unhexlify(addr0.replace(':', ''))
-    src_ll_opt1 = b"\x01\x01" + binascii.unhexlify(addr1.replace(':', ''))
-
-    # DAD NS
-    send_ns(dev[0], ip_src="::", target="aaaa:bbbb:cccc::2")
-
-    send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2")
-    # test frame without source link-layer address option
-    send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
-            opt='')
-    # test frame with bogus option
-    send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
-            opt=b"\x70\x01\x01\x02\x03\x04\x05\x05")
-    # test frame with truncated source link-layer address option
-    send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
-            opt=b"\x01\x01\x01\x02\x03\x04")
-    # test frame with foreign source link-layer address option
-    send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
-            opt=b"\x01\x01\x01\x02\x03\x04\x05\x06")
-
-    send_ns(dev[1], ip_src="aaaa:bbbb:dddd::2", target="aaaa:bbbb:dddd::2")
-
-    send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
-    # another copy for additional code coverage
-    send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
-
-    macs = get_bridge_macs("ap-br0")
-    logger.info("After connect (showmacs): " + str(macs))
-
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After connect: " + str(matches))
-    if len(matches) != 3:
-        raise Exception("Unexpected number of neighbor entries after connect")
-    if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
-        raise Exception("dev0 addr missing")
-    if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
-        raise Exception("dev1 addr(1) missing")
-    if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
-        raise Exception("dev1 addr(2) missing")
-
-    send_ns(dev[0], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:cccc::2")
-    time.sleep(0.1)
-    send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:dddd::2")
-    time.sleep(0.1)
-    send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:dddd::2",
-            ip_src="aaaa:bbbb:ffff::2")
-    time.sleep(0.1)
-    send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:ff00::2")
-    time.sleep(0.1)
-    send_ns(dev[2], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:ff00::2")
-    time.sleep(0.1)
-    send_ns(dev[2], target="aaaa:bbbb:eeee::2", ip_src="aaaa:bbbb:ff00::2")
-    time.sleep(0.1)
-
-    # Try to probe for an already assigned address
-    send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="::")
-    time.sleep(0.1)
-    send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc::2", ip_src="::")
-    time.sleep(0.1)
-    send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="::")
-    time.sleep(0.1)
-
-    # Unsolicited NA
-    send_na(dev[1], target="aaaa:bbbb:cccc:aeae::3",
-            ip_src="aaaa:bbbb:cccc:aeae::3", ip_dst="ff02::1")
-    send_na(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc:aeae::4",
-            ip_src="aaaa:bbbb:cccc:aeae::4", ip_dst="ff02::1")
-    send_na(dev[2], target="aaaa:bbbb:cccc:aeae::5",
-            ip_src="aaaa:bbbb:cccc:aeae::5", ip_dst="ff02::1")
-
-    try:
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
-    except Exception as e:
-        logger.info("test_connectibity_iface failed: " + str(e))
-        raise HwsimSkip("Assume kernel did not have the required patches for proxyarp")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    time.sleep(0.5)
-    for i in range(len(cmd)):
-        cmd[i].close()
-    macs = get_bridge_macs("ap-br0")
-    logger.info("After disconnect (showmacs): " + str(macs))
-    matches = get_permanent_neighbors("ap-br0")
-    logger.info("After disconnect: " + str(matches))
-    if len(matches) > 0:
-        raise Exception("Unexpected neighbor entries after disconnect")
-    if ebtables:
-        cmd = subprocess.Popen(['ebtables', '-L', '--Lc'],
-                               stdout=subprocess.PIPE)
-        res = cmd.stdout.read().decode()
-        cmd.stdout.close()
-        logger.info("ebtables results:\n" + res)
-
-    ns = tshark_get_ns(cap_dev0)
-    logger.info("dev0 seen NS: " + str(ns))
-    na = tshark_get_na(cap_dev0)
-    logger.info("dev0 seen NA: " + str(na))
-
-    if [addr0, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:cccc::2',
-        'aaaa:bbbb:dddd::2', addr1] not in na:
-        # For now, skip the test instead of reporting the error since the IPv6
-        # proxyarp support is not yet in the upstream kernel tree.
-        #raise Exception("dev0 did not get NA for aaaa:bbbb:dddd::2")
-        raise HwsimSkip("Assume kernel did not have the required patches for proxyarp (IPv6)")
-
-    if ebtables:
-        for req in ns:
-            if req[1] == bssid and req[0] == "33:33:ff:" + bssid[9:] and \
-               req[3] == 'ff02::1:ff00:300' and req[4] == 'fe80::ff:fe00:300':
-                # At least for now, ignore this special case until the kernel
-                # can be prevented from sending it out.
-                logger.info("dev0: Ignore NS from AP to own local addr: " + str(req))
-            elif req[1] != addr0:
-                raise Exception("Unexpected foreign NS on dev0: " + str(req))
-
-    ns = tshark_get_ns(cap_dev1)
-    logger.info("dev1 seen NS: " + str(ns))
-    na = tshark_get_na(cap_dev1)
-    logger.info("dev1 seen NA: " + str(na))
-
-    if [addr1, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:dddd::2',
-        'aaaa:bbbb:cccc::2', addr0] not in na:
-        raise Exception("dev1 did not get NA for aaaa:bbbb:cccc::2")
-
-    if ebtables:
-        for req in ns:
-            if req[1] == bssid and req[0] == "33:33:ff:" + bssid[9:] and \
-               req[3] == 'ff02::1:ff00:300' and req[4] == 'fe80::ff:fe00:300':
-                # At least for now, ignore this special case until the kernel
-                # can be prevented from sending it out.
-                logger.info("dev1: Ignore NS from AP to own local addr: " + str(req))
-            elif req[1] != addr1:
-                raise Exception("Unexpected foreign NS on dev1: " + str(req))
-
-    ns = tshark_get_ns(cap_dev2)
-    logger.info("dev2 seen NS: " + str(ns))
-    na = tshark_get_na(cap_dev2)
-    logger.info("dev2 seen NA: " + str(na))
-
-    # FIX: enable once kernel implementation for proxyarp IPv6 is fixed
-    #if [addr2, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:ff00::2',
-    #    'aaaa:bbbb:cccc::2', addr0] not in na:
-    #    raise Exception("dev2 did not get NA for aaaa:bbbb:cccc::2")
-    #if [addr2, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:ff00::2',
-    #    'aaaa:bbbb:dddd::2', addr1] not in na:
-    #    raise Exception("dev2 did not get NA for aaaa:bbbb:dddd::2")
-    #if [addr2, addr1, 'aaaa:bbbb:eeee::2', 'aaaa:bbbb:ff00::2',
-    #    'aaaa:bbbb:eeee::2', addr1] not in na:
-    #    raise Exception("dev2 did not get NA for aaaa:bbbb:eeee::2")
-
-def test_proxyarp_open(dev, apdev, params):
-    """ProxyARP with open network"""
-    try:
-        _test_proxyarp_open(dev, apdev, params)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def test_proxyarp_open_ipv6(dev, apdev, params):
-    """ProxyARP with open network (IPv6)"""
-    try:
-        _test_proxyarp_open_ipv6(dev, apdev, params)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def test_proxyarp_open_ebtables(dev, apdev, params):
-    """ProxyARP with open network"""
-    try:
-        _test_proxyarp_open(dev, apdev, params, ebtables=True)
-    finally:
-        try:
-            subprocess.call(['ebtables', '-F', 'FORWARD'])
-            subprocess.call(['ebtables', '-F', 'OUTPUT'])
-        except:
-            pass
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def test_proxyarp_open_ebtables_ipv6(dev, apdev, params):
-    """ProxyARP with open network (IPv6)"""
-    try:
-        _test_proxyarp_open_ipv6(dev, apdev, params, ebtables=True)
-    finally:
-        try:
-            subprocess.call(['ebtables', '-F', 'FORWARD'])
-            subprocess.call(['ebtables', '-F', 'OUTPUT'])
-        except:
-            pass
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def test_proxyarp_errors(dev, apdev, params):
-    """ProxyARP error cases"""
-    try:
-        run_proxyarp_errors(dev, apdev, params)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def run_proxyarp_errors(dev, apdev, params):
-    params = {'ssid': 'open',
-              'proxy_arp': '1',
-              'ap_isolate': '1',
-              'bridge': 'ap-br0',
-              'disable_dgaf': '1'}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    try:
-        hapd.enable()
-    except:
-        # For now, do not report failures due to missing kernel support
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("AP startup failed")
-
-    hapd.disable()
-    with alloc_fail(hapd, 1, "l2_packet_init;x_snoop_get_l2_packet;dhcp_snoop_init"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE accepted unexpectedly")
-    with alloc_fail(hapd, 1, "l2_packet_init;x_snoop_get_l2_packet;ndisc_snoop_init"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE accepted unexpectedly")
-    with fail_test(hapd, 1, "l2_packet_set_packet_filter;x_snoop_get_l2_packet;ndisc_snoop_init"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE accepted unexpectedly")
-    with fail_test(hapd, 1, "l2_packet_set_packet_filter;x_snoop_get_l2_packet;dhcp_snoop_init"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE accepted unexpectedly")
-    hapd.enable()
-
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    addr0 = dev[0].own_addr()
-
-    pkt = build_ra(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::33",
-                   ip_dst="ff01::1")
-    with fail_test(hapd, 1, "x_snoop_mcast_to_ucast_convert_send"):
-        if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-            raise Exception("DATA_TEST_FRAME failed")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-
-    with alloc_fail(hapd, 1, "sta_ip6addr_add"):
-        src_ll_opt0 = b"\x01\x01" + binascii.unhexlify(addr0.replace(':', ''))
-        pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
-                       ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
-                       opt=src_ll_opt0)
-        if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
-            raise Exception("DATA_TEST_FRAME failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_ap_hs20_connect_deinit(dev, apdev):
-    """Hotspot 2.0 connection interrupted with deinit"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="")
-    wpas.hs20_enable()
-    wpas.flush_scan_cache()
-    wpas.add_cred_values({'realm': "example.com",
-                          'username': "hs20-test",
-                          'password': "password",
-                          'ca_cert': "auth_serv/ca.pem",
-                          'domain': "example.com"})
-
-    wpas.scan_for_bss(bssid, freq=2412)
-    hapd.disable()
-
-    wpas.request("INTERWORKING_SELECT freq=2412")
-
-    id = wpas.request("RADIO_WORK add block-work")
-    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start (2)")
-
-    # Remove the interface while the gas-query radio work is still pending and
-    # GAS query has not yet been started.
-    wpas.interface_remove("wlan5")
-
-def test_ap_hs20_anqp_format_errors(dev, apdev):
-    """Interworking network selection and ANQP format errors"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    values = {'realm': "example.com",
-              'ca_cert': "auth_serv/ca.pem",
-              'username': "hs20-test",
-              'password': "password",
-              'domain': "example.com"}
-    id = dev[0].add_cred_values(values)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    tests = ["00", "ffff", "010011223344", "020008000005112233445500",
-             "01000400000000", "01000000000000",
-             "01000300000200", "0100040000ff0000", "01000300000100",
-             "01000300000001",
-             "01000600000056112233",
-             "01000900000002050001000111",
-             "01000600000001000000", "01000600000001ff0000",
-             "01000600000001020001",
-             "010008000000010400010001", "0100080000000104000100ff",
-             "010011000000010d00050200020100030005000600",
-             "0000"]
-    for t in tests:
-        hapd.set("anqp_elem", "263:" + t)
-        dev[0].request("INTERWORKING_SELECT freq=2412")
-        ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5)
-        if ev is None:
-            raise Exception("Network selection timed out")
-        dev[0].dump_monitor()
-
-    dev[0].remove_cred(id)
-    id = dev[0].add_cred_values({'imsi': "555444-333222111", 'eap': "AKA",
-                                 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
-
-    tests = ["00", "0100", "0001", "00ff", "000200ff", "0003000101",
-             "00020100"]
-    for t in tests:
-        hapd.set("anqp_elem", "264:" + t)
-        dev[0].request("INTERWORKING_SELECT freq=2412")
-        ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5)
-        if ev is None:
-            raise Exception("Network selection timed out")
-        dev[0].dump_monitor()
-
-def test_ap_hs20_cred_with_nai_realm(dev, apdev):
-    """Hotspot 2.0 network selection and cred_with_nai_realm cred->realm"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com",
-                                 'eap': 'TTLS'})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'realm': "foo.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com",
-                                 'roaming_consortium': "112234",
-                                 'eap': 'TTLS'})
-    interworking_select(dev[0], bssid, "home", freq=2412, no_match=True)
-    dev[0].remove_cred(id)
-
-def test_ap_hs20_cred_and_no_roaming_consortium(dev, apdev):
-    """Hotspot 2.0 network selection and no roaming consortium"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    del params['roaming_consortium']
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com",
-                                 'roaming_consortium': "112234",
-                                 'eap': 'TTLS'})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-
-def test_ap_hs20_interworking_oom(dev, apdev):
-    """Hotspot 2.0 network selection and OOM"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]",
-                           "0,example.com,13[5:6],21[2:4][5:7]",
-                           "0,another.example.com"]
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com",
-                                 'eap': 'TTLS'})
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    funcs = ["wpabuf_alloc;interworking_anqp_send_req",
-             "anqp_build_req;interworking_anqp_send_req",
-             "gas_query_req;interworking_anqp_send_req",
-             "dup_binstr;nai_realm_parse_realm",
-             "=nai_realm_parse_realm",
-             "=nai_realm_parse",
-             "=nai_realm_match"]
-    for func in funcs:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].request("INTERWORKING_SELECT auto freq=2412")
-            ev = dev[0].wait_event(["Starting ANQP"], timeout=5)
-            if ev is None:
-                raise Exception("ANQP did not start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].dump_monitor()
-
-def test_ap_hs20_no_cred_connect(dev, apdev):
-    """Hotspot 2.0 and connect attempt without credential"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    if "FAIL" not in dev[0].request("INTERWORKING_CONNECT " + bssid):
-        raise Exception("Unexpected INTERWORKING_CONNECT success")
-
-def test_ap_hs20_no_rsn_connect(dev, apdev):
-    """Hotspot 2.0 and connect attempt without RSN"""
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa_params(ssid="test-hs20")
-    params['wpa_key_mgmt'] = "WPA-EAP"
-    params['ieee80211w'] = "1"
-    params['ieee8021x'] = "1"
-    params['auth_server_addr'] = "127.0.0.1"
-    params['auth_server_port'] = "1812"
-    params['auth_server_shared_secret'] = "radius"
-    params['interworking'] = "1"
-    params['roaming_consortium'] = ["112233", "1020304050", "010203040506",
-                                    "fedcba"]
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]",
-                           "0,another.example.com"]
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com",
-                                 'roaming_consortium': "112233",
-                                 'eap': 'TTLS'})
-
-    interworking_select(dev[0], bssid, freq=2412, no_match=True)
-    if "FAIL" not in dev[0].request("INTERWORKING_CONNECT " + bssid):
-        raise Exception("Unexpected INTERWORKING_CONNECT success")
-
-def test_ap_hs20_no_match_connect(dev, apdev):
-    """Hotspot 2.0 and connect attempt without matching cred"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    id = dev[0].add_cred_values({'realm': "example.org",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.org",
-                                 'roaming_consortium': "112234",
-                                 'eap': 'TTLS'})
-
-    interworking_select(dev[0], bssid, freq=2412, no_match=True)
-    if "FAIL" not in dev[0].request("INTERWORKING_CONNECT " + bssid):
-        raise Exception("Unexpected INTERWORKING_CONNECT success")
-
-def test_ap_hs20_multiple_home_cred(dev, apdev):
-    """Hotspot 2.0 and select with multiple matching home credentials"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]"]
-    params['domain_name'] = "example.com"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    bssid2 = apdev[1]['bssid']
-    params = hs20_ap_params(ssid="test-hs20-other")
-    params['hessid'] = bssid2
-    params['nai_realm'] = ["0,example.org,13[5:6],21[2:4][5:7]"]
-    params['domain_name'] = "example.org"
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'priority': '2',
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'domain': "example.com"})
-    id2 = dev[0].add_cred_values({'realm': "example.org",
-                                  'priority': '3',
-                                  'username': "hs20-test",
-                                  'password': "password",
-                                  'domain': "example.org"})
-    dev[0].request("INTERWORKING_SELECT auto freq=2412")
-    ev = dev[0].wait_connected(timeout=15)
-    if bssid2 not in ev:
-        raise Exception("Connected to incorrect network")
-
-def test_ap_hs20_anqp_invalid_gas_response(dev, apdev):
-    """Hotspot 2.0 network selection and invalid GAS response"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    dev[0].hs20_enable()
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'domain': "example.com",
-                                 'roaming_consortium': "112234",
-                                 'eap': 'TTLS'})
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-
-    logger.info("ANQP: Unexpected Advertisement Protocol in response")
-    resp = action_response(query)
-    adv_proto = struct.pack('8B', 108, 6, 127, 0xdd, 0x00, 0x11, 0x22, 0x33)
-    data = struct.pack('<H', 0)
-    resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
-                                  GAS_INITIAL_RESPONSE,
-                                  gas['dialog_token'], 0, 0) + adv_proto + data
-    send_gas_resp(hapd, resp)
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("No ANQP-QUERY-DONE seen")
-    if "result=INVALID_FRAME" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    dev[0].request("INTERWORKING_SELECT freq=2412")
-
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-
-    logger.info("ANQP: Invalid element length for Info ID 1234")
-    resp = action_response(query)
-    adv_proto = struct.pack('BBBB', 108, 2, 127, 0)
-    elements = struct.pack('<HH', 1234, 1)
-    data = struct.pack('<H', len(elements)) + elements
-    resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
-                                  GAS_INITIAL_RESPONSE,
-                                  gas['dialog_token'], 0, 0) + adv_proto + data
-    send_gas_resp(hapd, resp)
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("No ANQP-QUERY-DONE seen")
-    if "result=INVALID_FRAME" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    with alloc_fail(dev[0], 1, "=anqp_add_extra"):
-        dev[0].request("INTERWORKING_SELECT freq=2412")
-
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-
-        resp = action_response(query)
-        elements = struct.pack('<HHHH', 1, 0, 1, 0)
-        data = struct.pack('<H', len(elements)) + elements
-        resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
-                                      GAS_INITIAL_RESPONSE,
-                                      gas['dialog_token'], 0, 0) + adv_proto + data
-        send_gas_resp(hapd, resp)
-
-        ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-        if ev is None:
-            raise Exception("No ANQP-QUERY-DONE seen")
-        if "result=SUCCESS" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;anqp_add_extra"):
-        dev[0].request("INTERWORKING_SELECT freq=2412")
-
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-
-        resp = action_response(query)
-        elements = struct.pack('<HHHH', 1, 0, 1, 0)
-        data = struct.pack('<H', len(elements)) + elements
-        resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
-                                      GAS_INITIAL_RESPONSE,
-                                      gas['dialog_token'], 0, 0) + adv_proto + data
-        send_gas_resp(hapd, resp)
-
-        ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-        if ev is None:
-            raise Exception("No ANQP-QUERY-DONE seen")
-        if "result=SUCCESS" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-    tests = [struct.pack('<HH', 0xdddd, 0),
-             struct.pack('<HH3B', 0xdddd, 3, 0x50, 0x6f, 0x9a),
-             struct.pack('<HH4B', 0xdddd, 4, 0x50, 0x6f, 0x9a, 0),
-             struct.pack('<HH4B', 0xdddd, 4, 0x11, 0x22, 0x33, 0),
-             struct.pack('<HHHH', 1, 0, 1, 0)]
-    for elements in tests:
-        dev[0].request("INTERWORKING_SELECT freq=2412")
-
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-
-        resp = action_response(query)
-        data = struct.pack('<H', len(elements)) + elements
-        resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
-                                      GAS_INITIAL_RESPONSE,
-                                      gas['dialog_token'], 0, 0) + adv_proto + data
-        send_gas_resp(hapd, resp)
-
-        ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-        if ev is None:
-            raise Exception("No ANQP-QUERY-DONE seen")
-        if "result=SUCCESS" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-def test_ap_hs20_set_profile_failures(dev, apdev):
-    """Hotspot 2.0 and failures during profile configuration"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['anqp_3gpp_cell_net'] = "555,444"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'domain': "example.com",
-                                 'username': "test",
-                                 'password': "secret",
-                                 'eap': 'TTLS'})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE ssid->eap.eap_methods = os_malloc()")
-    with alloc_fail(dev[0], 1, "interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'domain': "example.com",
-                                 'username': "hs20-test-with-domain@example.com",
-                                 'password': "password"})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE anon = os_malloc()")
-    with alloc_fail(dev[0], 1, "interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE Successful connection with cred->username including realm")
-    dev[0].request("INTERWORKING_CONNECT " + bssid)
-    dev[0].wait_connected()
-    dev[0].remove_cred(id)
-    dev[0].wait_disconnected()
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'domain': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password"})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE anon = os_malloc() (second)")
-    with alloc_fail(dev[0], 1, "interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    with alloc_fail(dev[0], 1, "=interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set(eap)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_eap;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_MSCHAPV2-phase2)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'roaming_consortium': "112233",
-                                 'domain': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'eap': 'TTLS',
-                                 'phase2': "auth=MSCHAPV2"})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE anon = os_strdup()")
-    with alloc_fail(dev[0], 2, "interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(anonymous_identity)")
-    with alloc_fail(dev[0], 1, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE Successful connection with cred->realm not included")
-    dev[0].request("INTERWORKING_CONNECT " + bssid)
-    dev[0].wait_connected()
-    dev[0].remove_cred(id)
-    dev[0].wait_disconnected()
-
-    id = dev[0].add_cred_values({'roaming_consortium': "112233",
-                                 'domain': "example.com",
-                                 'realm': "example.com",
-                                 'username': "user",
-                                 'password': "password",
-                                 'eap': 'PEAP'})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE id = os_strdup()")
-    with alloc_fail(dev[0], 2, "interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(identity)")
-    with alloc_fail(dev[0], 1, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'roaming_consortium': "112233",
-                                 'domain': "example.com",
-                                 'realm': "example.com",
-                                 'username': "user",
-                                 'password': "password",
-                                 'eap': "TTLS"})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE wpa_config_set_quoted(identity) (second)")
-    with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(password)")
-    with alloc_fail(dev[0], 3, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect_roaming_consortium"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    with alloc_fail(dev[0], 1, "=interworking_connect_roaming_consortium"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'roaming_consortium': "112233",
-                                 'domain': "example.com",
-                                 'realm': "example.com",
-                                 'username': "user",
-                                 'eap': "PEAP"})
-    dev[0].set_cred(id, "password", "ext:password")
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE wpa_config_set(password)")
-    with alloc_fail(dev[0], 3, "wpa_config_set;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    with alloc_fail(dev[0], 1, "interworking_set_hs20_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'domain': "example.com",
-                                 'username': "certificate-user",
-                                 'phase1': "include_tls_length=0",
-                                 'domain_suffix_match': "example.com",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'client_cert': "auth_serv/user.pem",
-                                 'private_key': "auth_serv/user.key",
-                                 'private_key_passwd': "secret"})
-    interworking_select(dev[0], bssid, "home", freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE wpa_config_set_quoted(client_cert)")
-    with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(private_key)")
-    with alloc_fail(dev[0], 3, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(private_key_passwd)")
-    with alloc_fail(dev[0], 4, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(ca_cert)")
-    with alloc_fail(dev[0], 5, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(domain_suffix_match)")
-    with alloc_fail(dev[0], 6, "=wpa_config_set_quoted;interworking_set_eap_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    with alloc_fail(dev[0], 1, "interworking_set_hs20_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'imsi': "555444-333222111", 'eap': "SIM",
-                                 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].dump_monitor()
-    with alloc_fail(dev[0], 1, "interworking_set_hs20_params"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set_quoted(password;milenage)")
-    with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_connect_3gpp"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set(eap)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_eap;wpa_config_set;interworking_connect_3gpp"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE set_root_nai:wpa_config_set(identity)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;interworking_connect_3gpp"):
-            dev[0].request("INTERWORKING_CONNECT " + bssid)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].remove_cred(id)
-
-    id = dev[0].add_cred_values({'roaming_consortium': "112233",
-                                 'eap': 'TTLS',
-                                 'username': "user@example.com",
-                                 'password': "password"})
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE Interworking: No EAP method set for credential using roaming consortium")
-    dev[0].request("INTERWORKING_CONNECT " + bssid)
-    dev[0].remove_cred(id)
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,25[3:26]"
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'domain': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password"})
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("NOTE wpa_config_set(PEAP/FAST-phase1)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set(PEAP/FAST-pac_interworking)")
-    with alloc_fail(dev[0], 2, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("NOTE wpa_config_set(PEAP/FAST-phase2)")
-    with alloc_fail(dev[0], 3, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21"
-    hapd = hostapd.add_ap(apdev[0], params)
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].request("NOTE wpa_config_set(TTLS-defaults-phase2)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[2:3]"
-    hapd = hostapd.add_ap(apdev[0], params)
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_MSCHAP-phase2)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[2:2]"
-    hapd = hostapd.add_ap(apdev[0], params)
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_CHAP-phase2)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[2:1]"
-    hapd = hostapd.add_ap(apdev[0], params)
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_PAP-phase2)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    hapd.disable()
-    params = hs20_ap_params()
-    params['nai_realm'] = "0,example.com,21[3:26]"
-    hapd = hostapd.add_ap(apdev[0], params)
-    interworking_select(dev[0], bssid, freq=2412)
-    dev[0].request("NOTE wpa_config_set(TTLS-EAP-MSCHAPV2-phase2)")
-    with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
-        dev[0].request("INTERWORKING_CONNECT " + bssid)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    dev[0].remove_cred(id)
-
-def test_ap_hs20_unexpected(dev, apdev):
-    """Unexpected Hotspot 2.0 AP configuration"""
-    skip_without_tkip(dev[0])
-    skip_without_tkip(dev[1])
-    skip_without_tkip(dev[2])
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa_eap_params(ssid="test-hs20-fake")
-    params['wpa'] = "3"
-    params['wpa_pairwise'] = "TKIP CCMP"
-    params['rsn_pairwise'] = "CCMP"
-    params['ieee80211w'] = "1"
-    #params['vendor_elements'] = 'dd07506f9a10140000'
-    params['vendor_elements'] = 'dd04506f9a10'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("test-hs20-fake", key_mgmt="WPA-EAP", eap="TTLS",
-                   pairwise="TKIP",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-
-    dev[1].hs20_enable()
-    dev[1].scan_for_bss(bssid, freq="2412")
-    dev[1].connect("test-hs20-fake", key_mgmt="WPA-EAP", eap="TTLS",
-                   proto="WPA",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-
-    dev[2].hs20_enable()
-    dev[2].scan_for_bss(bssid, freq="2412")
-    dev[2].connect("test-hs20-fake", key_mgmt="WPA-EAP", eap="TTLS",
-                   ieee80211w="1",
-                   proto="RSN", pairwise="CCMP",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-
-def test_ap_interworking_element_update(dev, apdev):
-    """Dynamic Interworking element update"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    bss = dev[0].get_bss(bssid)
-    logger.info("Before update: " + str(bss))
-    if '6b091e0701020000000300' not in bss['ie']:
-        raise Exception("Expected Interworking element not seen before update")
-
-    # Update configuration parameters related to Interworking element
-    hapd.set('access_network_type', '2')
-    hapd.set('asra', '1')
-    hapd.set('esr', '1')
-    hapd.set('uesa', '1')
-    hapd.set('venue_group', '2')
-    hapd.set('venue_type', '8')
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    dev[0].request("BSS_FLUSH 0")
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    bss = dev[0].get_bss(bssid)
-    logger.info("After update: " + str(bss))
-    if '6b09f20208020000000300' not in bss['ie']:
-        raise Exception("Expected Interworking element not seen after update")
-
-def test_ap_hs20_terms_and_conditions(dev, apdev):
-    """Hotspot 2.0 Terms and Conditions signaling"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['hs20_t_c_filename'] = 'terms-and-conditions'
-    params['hs20_t_c_timestamp'] = '123456789'
-
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="hs20-t-c-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   ieee80211w='2', scan_freq="2412")
-    ev = dev[0].wait_event(["HS20-T-C-ACCEPTANCE"], timeout=5)
-    if ev is None:
-        raise Exception("Terms and Conditions Acceptance notification not received")
-    url = "https://example.com/t_and_c?addr=%s&ap=123" % dev[0].own_addr()
-    if url not in ev:
-        raise Exception("Unexpected URL: " + ev)
-
-def test_ap_hs20_terms_and_conditions_coa(dev, apdev):
-    """Hotspot 2.0 Terms and Conditions signaling - CoA"""
-    try:
-        import pyrad.client
-        import pyrad.packet
-        import pyrad.dictionary
-        import radius_das
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['hs20_t_c_filename'] = 'terms-and-conditions'
-    params['hs20_t_c_timestamp'] = '123456789'
-    params['own_ip_addr'] = "127.0.0.1"
-    params['radius_das_port'] = "3799"
-    params['radius_das_client'] = "127.0.0.1 secret"
-    params['radius_das_require_event_timestamp'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="hs20-t-c-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   ieee80211w='2', scan_freq="2412")
-
-    ev = hapd.wait_event(["HS20-T-C-FILTERING-ADD"], timeout=5)
-    if ev is None:
-        raise Exception("Terms and Conditions filtering not enabled")
-    if ev.split(' ')[1] != dev[0].own_addr():
-        raise Exception("Unexpected STA address for filtering: " + ev)
-
-    ev = dev[0].wait_event(["HS20-T-C-ACCEPTANCE"], timeout=5)
-    if ev is None:
-        raise Exception("Terms and Conditions Acceptance notification not received")
-    url = "https://example.com/t_and_c?addr=%s&ap=123" % dev[0].own_addr()
-    if url not in ev:
-        raise Exception("Unexpected URL: " + ev)
-
-    dict = pyrad.dictionary.Dictionary("dictionary.radius")
-
-    srv = pyrad.client.Client(server="127.0.0.1", acctport=3799,
-                              secret=b"secret", dict=dict)
-    srv.retries = 1
-    srv.timeout = 1
-
-    sta = hapd.get_sta(dev[0].own_addr())
-    multi_sess_id = sta['authMultiSessionId']
-
-    logger.info("CoA-Request with matching Acct-Session-Id")
-    vsa = binascii.unhexlify('00009f68090600000000')
-    req = radius_das.CoAPacket(dict=dict, secret=b"secret",
-                               NAS_IP_Address="127.0.0.1",
-                               Acct_Multi_Session_Id=multi_sess_id,
-                               Chargeable_User_Identity="hs20-cui",
-                               Event_Timestamp=int(time.time()),
-                               Vendor_Specific=vsa)
-    reply = srv.SendPacket(req)
-    logger.debug("RADIUS response from hostapd")
-    for i in list(reply.keys()):
-        logger.debug("%s: %s" % (i, reply[i]))
-    if reply.code != pyrad.packet.CoAACK:
-        raise Exception("CoA-Request failed")
-
-    ev = hapd.wait_event(["HS20-T-C-FILTERING-REMOVE"], timeout=5)
-    if ev is None:
-        raise Exception("Terms and Conditions filtering not disabled")
-    if ev.split(' ')[1] != dev[0].own_addr():
-        raise Exception("Unexpected STA address for filtering: " + ev)
-
-def test_ap_hs20_terms_and_conditions_sql(dev, apdev, params):
-    """Hotspot 2.0 Terms and Conditions using SQLite for user DB"""
-    addr = dev[0].own_addr()
-    run_ap_hs20_terms_and_conditions_sql(dev, apdev, params,
-                                         "https://example.com/t_and_c?addr=@1@&ap=123",
-                                         "https://example.com/t_and_c?addr=" + addr + "&ap=123")
-
-def test_ap_hs20_terms_and_conditions_sql2(dev, apdev, params):
-    """Hotspot 2.0 Terms and Conditions using SQLite for user DB"""
-    addr = dev[0].own_addr()
-    run_ap_hs20_terms_and_conditions_sql(dev, apdev, params,
-                                         "https://example.com/t_and_c?addr=@1@",
-                                         "https://example.com/t_and_c?addr=" + addr)
-
-def run_ap_hs20_terms_and_conditions_sql(dev, apdev, params, url_template,
-                                         url_expected):
-    check_eap_capa(dev[0], "MSCHAPV2")
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    dbfile = params['prefix'] + ".eap-user.db"
-    try:
-        os.remove(dbfile)
-    except:
-        pass
-    con = sqlite3.connect(dbfile)
-    with con:
-        cur = con.cursor()
-        cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER, t_c_timestamp INTEGER)")
-        cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
-        cur.execute("INSERT INTO users(identity,methods,password,phase2) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1)")
-        cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
-        cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
-        cur.execute("CREATE TABLE pending_tc(mac_addr TEXT PRIMARY KEY, identity TEXT)")
-        cur.execute("CREATE TABLE current_sessions(mac_addr TEXT PRIMARY KEY, identity TEXT, start_time TEXT, nas TEXT, hs20_t_c_filtering BOOLEAN, waiting_coa_ack BOOLEAN, coa_ack_received BOOLEAN)")
-
-
-    try:
-        params = {"ssid": "as", "beacon_int": "2000",
-                  "radius_server_clients": "auth_serv/radius_clients.conf",
-                  "radius_server_auth_port": '18128',
-                  "eap_server": "1",
-                  "eap_user_file": "sqlite:" + dbfile,
-                  "ca_cert": "auth_serv/ca.pem",
-                  "server_cert": "auth_serv/server.pem",
-                  "private_key": "auth_serv/server.key"}
-        params['hs20_t_c_server_url'] = url_template
-        authsrv = hostapd.add_ap(apdev[1], params)
-
-        bssid = apdev[0]['bssid']
-        params = hs20_ap_params()
-        params['auth_server_port'] = "18128"
-        params['hs20_t_c_filename'] = 'terms-and-conditions'
-        params['hs20_t_c_timestamp'] = '123456789'
-        params['own_ip_addr'] = "127.0.0.1"
-        params['radius_das_port'] = "3799"
-        params['radius_das_client'] = "127.0.0.1 radius"
-        params['radius_das_require_event_timestamp'] = "1"
-        params['disable_pmksa_caching'] = '1'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].request("SET pmf 1")
-        dev[0].hs20_enable()
-        id = dev[0].add_cred_values({'realm': "example.com",
-                                     'username': "user-mschapv2",
-                                     'password': "password",
-                                     'ca_cert': "auth_serv/ca.pem"})
-        interworking_select(dev[0], bssid, freq="2412")
-        interworking_connect(dev[0], bssid, "TTLS")
-
-        ev = hapd.wait_event(["HS20-T-C-FILTERING-ADD"], timeout=5)
-        if ev is None:
-            raise Exception("Terms and Conditions filtering not enabled")
-        hapd.dump_monitor()
-
-        ev = dev[0].wait_event(["HS20-T-C-ACCEPTANCE"], timeout=5)
-        if ev is None:
-            raise Exception("Terms and Conditions Acceptance notification not received")
-        url = ev.split(' ')[1]
-        if url != url_expected:
-            raise Exception("Unexpected URL delivered to the client: %s (expected %s)" % (url, url_expected))
-        dev[0].dump_monitor()
-
-        with con:
-            cur = con.cursor()
-            cur.execute("SELECT * from current_sessions")
-            rows = cur.fetchall()
-            if len(rows) != 1:
-                raise Exeception("Unexpected number of rows in current_sessions (%d; expected %d)" % (len(rows), 1))
-            logger.info("current_sessions: " + str(rows))
-
-        tests = ["foo", "disconnect q", "coa %s" % dev[0].own_addr()]
-        for t in tests:
-            if "FAIL" not in authsrv.request("DAC_REQUEST " + t):
-                raise Exception("Invalid DAC_REQUEST accepted: " + t)
-        if "OK" not in authsrv.request("DAC_REQUEST coa %s t_c_clear" % dev[0].own_addr()):
-            raise Exception("DAC_REQUEST failed")
-
-        ev = hapd.wait_event(["HS20-T-C-FILTERING-REMOVE"], timeout=5)
-        if ev is None:
-            raise Exception("Terms and Conditions filtering not disabled")
-        if ev.split(' ')[1] != dev[0].own_addr():
-            raise Exception("Unexpected STA address for filtering: " + ev)
-
-        time.sleep(0.2)
-        with con:
-            cur = con.cursor()
-            cur.execute("SELECT * from current_sessions")
-            rows = cur.fetchall()
-            if len(rows) != 1:
-                raise Exeception("Unexpected number of rows in current_sessions (%d; expected %d)" % (len(rows), 1))
-            logger.info("current_sessions: " + str(rows))
-            if rows[0][4] != 0 or rows[0][5] != 0 or rows[0][6] != 1:
-                raise Exception("Unexpected current_sessions information after CoA-ACK")
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        # Simulate T&C server operation on user reading the updated version
-        with con:
-            cur = con.cursor()
-            cur.execute("SELECT identity FROM pending_tc WHERE mac_addr='" +
-                        dev[0].own_addr() + "'")
-            rows = cur.fetchall()
-            if len(rows) != 1:
-                raise Exception("No pending_tc entry found")
-            if rows[0][0] != 'user-mschapv2':
-                raise Exception("Unexpected pending_tc identity value")
-
-            cur.execute("UPDATE users SET t_c_timestamp=123456789 WHERE identity='user-mschapv2'")
-
-        dev[0].request("RECONNECT")
-        dev[0].wait_connected()
-
-        ev = hapd.wait_event(["HS20-T-C-FILTERING-ADD"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Terms and Conditions filtering enabled unexpectedly")
-        hapd.dump_monitor()
-
-        ev = dev[0].wait_event(["HS20-T-C-ACCEPTANCE"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected Terms and Conditions Acceptance notification")
-        dev[0].dump_monitor()
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        # New T&C available
-        hapd.set('hs20_t_c_timestamp', '123456790')
-
-        dev[0].request("RECONNECT")
-        dev[0].wait_connected()
-
-        ev = hapd.wait_event(["HS20-T-C-FILTERING-ADD"], timeout=5)
-        if ev is None:
-            raise Exception("Terms and Conditions filtering not enabled")
-        hapd.dump_monitor()
-
-        ev = dev[0].wait_event(["HS20-T-C-ACCEPTANCE"], timeout=5)
-        if ev is None:
-            raise Exception("Terms and Conditions Acceptance notification not received (2)")
-        dev[0].dump_monitor()
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        # Simulate T&C server operation on user reading the updated version
-        with con:
-            cur = con.cursor()
-            cur.execute("UPDATE users SET t_c_timestamp=123456790 WHERE identity='user-mschapv2'")
-
-        dev[0].request("RECONNECT")
-        dev[0].wait_connected()
-
-        ev = hapd.wait_event(["HS20-T-C-FILTERING-ADD"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Terms and Conditions filtering enabled unexpectedly")
-        hapd.dump_monitor()
-
-        ev = dev[0].wait_event(["HS20-T-C-ACCEPTANCE"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected Terms and Conditions Acceptance notification (2)")
-        dev[0].dump_monitor()
-    finally:
-        os.remove(dbfile)
-        dev[0].request("SET pmf 0")
-
-def test_ap_hs20_release_number_1(dev, apdev):
-    """Hotspot 2.0 with AP claiming support for Release 1"""
-    run_ap_hs20_release_number(dev, apdev, 1)
-
-def test_ap_hs20_release_number_2(dev, apdev):
-    """Hotspot 2.0 with AP claiming support for Release 2"""
-    run_ap_hs20_release_number(dev, apdev, 2)
-
-def test_ap_hs20_release_number_3(dev, apdev):
-    """Hotspot 2.0 with AP claiming support for Release 3"""
-    run_ap_hs20_release_number(dev, apdev, 3)
-
-def run_ap_hs20_release_number(dev, apdev, release):
-    check_eap_capa(dev[0], "MSCHAPV2")
-    eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user",
-             release=release)
-    rel = dev[0].get_status_field('hs20')
-    if rel != str(release):
-        raise Exception("Unexpected release number indicated: " + rel)
-
-def test_ap_hs20_missing_pmf(dev, apdev):
-    """Hotspot 2.0 connection attempt without PMF"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['disable_dgaf'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
-                   ieee80211w="0",
-                   identity="hs20-test", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412", update_identifier="54321",
-                   roaming_consortium_selection="1020304050",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association rejection not reported")
-    if "status_code=31" not in ev:
-        raise Exception("Unexpected rejection reason: " + ev)
-
-def test_ap_hs20_open_osu_association(dev, apdev):
-    """Hotspot 2.0 open OSU association"""
-    try:
-        run_ap_hs20_open_osu_association(dev, apdev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_ap_hs20_open_osu_association(dev, apdev):
-    params = {"ssid": "HS 2.0 OSU open"}
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("HS 2.0 OSU open", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    # Test with unexpected Hotspot 2.0 Indication element in Assoc Req
-    dev[0].request("VENDOR_ELEM_ADD 13 dd07506f9a10220000")
-    dev[0].connect("HS 2.0 OSU open", key_mgmt="NONE", scan_freq="2412")
diff --git a/tests/hwsim/test_ap_ht.py b/tests/hwsim/test_ap_ht.py
deleted file mode 100644
index 510fe0836fc5..000000000000
--- a/tests/hwsim/test_ap_ht.py
+++ /dev/null
@@ -1,1644 +0,0 @@
-# Test cases for HT operations with hostapd
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-import struct
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-import hwsim_utils
-
-def test_ap_ht40_scan(dev, apdev):
-    """HT40 co-ex scan"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2432":
-        raise Exception("Unexpected frequency")
-    pri = hapd.get_status_field("channel")
-    if pri != "5":
-        raise Exception("Unexpected primary channel")
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "-1":
-        raise Exception("Unexpected secondary channel")
-
-    status = hapd.get_status()
-    logger.info("hostapd STATUS: " + str(status))
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-    sta = hapd.get_sta(dev[0].own_addr())
-    logger.info("hostapd STA: " + str(sta))
-
-    res = dev[0].request("SIGNAL_POLL")
-    logger.info("STA SIGNAL_POLL:\n" + res.strip())
-    sig = res.splitlines()
-    if "WIDTH=40 MHz" not in sig:
-        raise Exception("Not a 40 MHz connection")
-
-    if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-        raise Exception("No Supported Operating Classes information for STA")
-    opclass = int(sta['supp_op_classes'][0:2], 16)
-    if opclass != 84:
-        raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-
-def test_ap_ht_wifi_generation(dev, apdev):
-    """HT and wifi_generation"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht",
-              "channel": "6"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-ht", key_mgmt="NONE", scan_freq="2437")
-    status = dev[0].get_status()
-    if 'wifi_generation' not in status:
-        # For now, assume this is because of missing kernel support
-        raise HwsimSkip("Association Request IE reporting not supported")
-        #raise Exception("Missing wifi_generation information")
-    if status['wifi_generation'] != "4":
-        raise Exception("Unexpected wifi_generation value: " + status['wifi_generation'])
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("test-ht", key_mgmt="NONE", scan_freq="2437")
-    status = wpas.get_status()
-    if 'wifi_generation' not in status:
-        # For now, assume this is because of missing kernel support
-        raise HwsimSkip("Association Request IE reporting not supported")
-        #raise Exception("Missing wifi_generation information (connect)")
-    if status['wifi_generation'] != "4":
-        raise Exception("Unexpected wifi_generation value (connect): " + status['wifi_generation'])
-
-@remote_compatible
-def test_ap_ht40_scan_conflict(dev, apdev):
-    """HT40 co-ex scan conflict"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "6",
-              "ht_capab": "[HT40+]"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2432":
-        raise Exception("Unexpected frequency")
-    pri = hapd.get_status_field("channel")
-    if pri != "5":
-        raise Exception("Unexpected primary channel")
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-@remote_compatible
-def test_ap_ht40_scan_conflict2(dev, apdev):
-    """HT40 co-ex scan conflict (HT40-)"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "11",
-              "ht_capab": "[HT40-]"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "1",
-              "ht_capab": "[HT40+]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2412":
-        raise Exception("Unexpected frequency")
-    pri = hapd.get_status_field("channel")
-    if pri != "1":
-        raise Exception("Unexpected primary channel")
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-def test_ap_ht40_scan_not_affected(dev, apdev):
-    """HT40 co-ex scan and other BSS not affected"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht20",
-              "channel": "11"}
-    hostapd.add_ap(apdev[1], params)
-
-    hostapd.cmd_execute(apdev[0], ['ifconfig', apdev[0]['ifname'], 'up'])
-    hostapd.cmd_execute(apdev[0], ['iw', apdev[0]['ifname'], 'scan', 'trigger',
-                                   'freq', '2462'])
-    time.sleep(0.5)
-    hostapd.cmd_execute(apdev[0], ['iw', apdev[0]['ifname'], 'scan', 'dump'])
-    time.sleep(0.1)
-    hostapd.cmd_execute(apdev[0], ['ifconfig', apdev[0]['ifname'], 'down'])
-
-    params = {"ssid": "test-ht40",
-              "channel": "1",
-              "ht_capab": "[HT40+]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2412":
-        raise Exception("Unexpected frequency")
-    pri = hapd.get_status_field("channel")
-    if pri != "1":
-        raise Exception("Unexpected primary channel")
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "1":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-@remote_compatible
-def test_ap_ht40_scan_legacy_conflict(dev, apdev):
-    """HT40 co-ex scan conflict with legacy 20 MHz AP"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "legacy-20",
-              "channel": "7", "ieee80211n": "0"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2432":
-        raise Exception("Unexpected frequency: " + freq)
-    pri = hapd.get_status_field("channel")
-    if pri != "5":
-        raise Exception("Unexpected primary channel: " + pri)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-@remote_compatible
-def test_ap_ht40_scan_ht20_conflict(dev, apdev):
-    """HT40 co-ex scan conflict with HT 20 MHz AP"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "ht-20",
-              "channel": "7", "ieee80211n": "1"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2432":
-        raise Exception("Unexpected frequency: " + freq)
-    pri = hapd.get_status_field("channel")
-    if pri != "5":
-        raise Exception("Unexpected primary channel: " + pri)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-def test_ap_ht40_scan_intolerant(dev, apdev):
-    """HT40 co-ex scan finding an AP advertising 40 MHz intolerant"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "another-bss",
-              "channel": "1",
-              "ht_capab": "[40-INTOLERANT]"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "1",
-              "ht_capab": "[HT40+]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2412":
-        raise Exception("Unexpected frequency: " + freq)
-    pri = hapd.get_status_field("channel")
-    if pri != "1":
-        raise Exception("Unexpected primary channel: " + pri)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-def test_ap_ht40_scan_match(dev, apdev):
-    """HT40 co-ex scan matching configuration"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2432":
-        raise Exception("Unexpected frequency")
-    pri = hapd.get_status_field("channel")
-    if pri != "5":
-        raise Exception("Unexpected primary channel")
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "-1":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-def test_ap_ht40_5ghz_match(dev, apdev):
-    """HT40 co-ex scan on 5 GHz with matching pri/sec channel"""
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "country_code": "US",
-                  "ht_capab": "[HT40+]"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]"}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            time.sleep(0.1)
-            state = hapd.get_status_field("state")
-            if state != "HT_SCAN":
-                raise Exception("Unexpected interface state - expected HT_SCAN")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state - expected ENABLED")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5180":
-            raise Exception("Unexpected frequency")
-        pri = hapd.get_status_field("channel")
-        if pri != "36":
-            raise Exception("Unexpected primary channel")
-        sec = hapd.get_status_field("secondary_channel")
-        if sec != "1":
-            raise Exception("Unexpected secondary channel: " + sec)
-
-        dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-
-def test_ap_ht40_5ghz_switch(dev, apdev):
-    """HT40 co-ex scan on 5 GHz switching pri/sec channel"""
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "country_code": "US",
-                  "ht_capab": "[HT40+]"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "ht_capab": "[HT40-]"}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            time.sleep(0.1)
-            state = hapd.get_status_field("state")
-            if state != "HT_SCAN":
-                raise Exception("Unexpected interface state - expected HT_SCAN")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state - expected ENABLED")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5180":
-            raise Exception("Unexpected frequency: " + freq)
-        pri = hapd.get_status_field("channel")
-        if pri != "36":
-            raise Exception("Unexpected primary channel: " + pri)
-        sec = hapd.get_status_field("secondary_channel")
-        if sec != "1":
-            raise Exception("Unexpected secondary channel: " + sec)
-
-        dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        set_world_reg(apdev[0], apdev[1], dev[0])
-
-def test_ap_ht40_5ghz_switch2(dev, apdev):
-    """HT40 co-ex scan on 5 GHz switching pri/sec channel (2)"""
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "country_code": "US",
-                  "ht_capab": "[HT40+]"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        id = dev[0].add_network()
-        dev[0].set_network(id, "mode", "2")
-        dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network(id, "frequency", "5200")
-        dev[0].set_network(id, "scan_freq", "5200")
-        dev[0].select_network(id)
-        time.sleep(1)
-
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "ht_capab": "[HT40-]"}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            time.sleep(0.1)
-            state = hapd.get_status_field("state")
-            if state != "HT_SCAN":
-                raise Exception("Unexpected interface state - expected HT_SCAN")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state - expected ENABLED")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5180":
-            raise Exception("Unexpected frequency: " + freq)
-        pri = hapd.get_status_field("channel")
-        if pri != "36":
-            raise Exception("Unexpected primary channel: " + pri)
-        sec = hapd.get_status_field("secondary_channel")
-        if sec != "1":
-            raise Exception("Unexpected secondary channel: " + sec)
-
-        dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-
-def test_obss_scan(dev, apdev):
-    """Overlapping BSS scan request"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "obss-scan",
-              "channel": "6",
-              "ht_capab": "[HT40-]",
-              "obss_interval": "10"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = {"ssid": "another-bss",
-              "channel": "9",
-              "ieee80211n": "0"}
-    hostapd.add_ap(apdev[1], params)
-    run_obss_scan(hapd, dev)
-
-def test_obss_scan_ht40_plus(dev, apdev):
-    """Overlapping BSS scan request (HT40+)"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "obss-scan",
-              "channel": "6",
-              "ht_capab": "[HT40+]",
-              "obss_interval": "10"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = {"ssid": "another-bss",
-              "channel": "9",
-              "ieee80211n": "0"}
-    hostapd.add_ap(apdev[1], params)
-    run_obss_scan(hapd, dev, ht40plus=True)
-
-def run_obss_scan(hapd, dev, ht40plus=False):
-    dev[0].connect("obss-scan", key_mgmt="NONE", scan_freq="2437")
-    res = dev[0].request("SIGNAL_POLL")
-    logger.info("SIGNAL_POLL:\n" + res)
-    sig = res.splitlines()
-    if "FREQUENCY=2437" not in sig:
-        raise Exception("Unexpected frequency")
-    if "WIDTH=40 MHz" not in sig:
-        raise Exception("Not a 40 MHz connection")
-    if ht40plus and "CENTER_FRQ1=2447" not in sig:
-        raise Exception("Not HT40+")
-    if not ht40plus and "CENTER_FRQ1=2427" not in sig:
-        raise Exception("Not HT40-")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    logger.info("Waiting for OBSS scan to occur")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timed out while waiting for OBSS scan to start")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Timed out while waiting for OBSS scan results")
-    received = False
-    for i in range(0, 4):
-        frame = hapd.mgmt_rx(timeout=5)
-        if frame is None:
-            raise Exception("MGMT RX wait timed out")
-        if frame['subtype'] != 13:
-            continue
-        payload = frame['payload']
-        if len(payload) < 3:
-            continue
-        (category, action, ie) = struct.unpack('BBB', payload[0:3])
-        if category != 4:
-            continue
-        if action != 0:
-            continue
-        if ie == 72:
-            logger.info("20/40 BSS Coexistence report received")
-            received = True
-            break
-    if not received:
-        raise Exception("20/40 BSS Coexistence report not seen")
-
-def test_obss_scan_40_intolerant(dev, apdev):
-    """Overlapping BSS scan request with 40 MHz intolerant AP"""
-    params = {"ssid": "obss-scan",
-              "channel": "6",
-              "ht_capab": "[HT40-]",
-              "obss_interval": "10"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = {"ssid": "another-bss",
-              "channel": "7",
-              "ht_capab": "[40-INTOLERANT]"}
-    hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect("obss-scan", key_mgmt="NONE", scan_freq="2437")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    logger.info("Waiting for OBSS scan to occur")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timed out while waiting for OBSS scan to start")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Timed out while waiting for OBSS scan results")
-    received = False
-    for i in range(0, 4):
-        frame = hapd.mgmt_rx(timeout=5)
-        if frame is None:
-            raise Exception("MGMT RX wait timed out")
-        if frame['subtype'] != 13:
-            continue
-        payload = frame['payload']
-        if len(payload) < 3:
-            continue
-        (category, action, ie) = struct.unpack('BBB', payload[0:3])
-        if category != 4:
-            continue
-        if action != 0:
-            continue
-        if ie == 72:
-            logger.info("20/40 BSS Coexistence report received")
-            received = True
-            break
-    if not received:
-        raise Exception("20/40 BSS Coexistence report not seen")
-
-def test_obss_coex_report_handling(dev, apdev):
-    """Overlapping BSS scan report handling with obss_interval=0"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "obss-scan",
-              "channel": "6",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("obss-scan", key_mgmt="NONE", scan_freq="2437")
-
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "-1":
-        raise Exception("AP is not using 40 MHz channel")
-
-    # 20/40 MHz co-ex report tests: number of invalid reports and a valid report
-    # that forces 20 MHz channel.
-    tests = ['0400', '040048', '04004801', '0400480000', '0400490100',
-             '040048ff0000', '04004801ff49ff00', '04004801004900',
-             '0400480100490101', '0400480100490201ff',
-             '040048010449020005']
-    for msg in tests:
-        req = "MGMT_TX {} {} freq=2437 action={}".format(bssid, bssid, msg)
-        if "OK" not in dev[0].request(req):
-            raise Exception("Could not send management frame")
-    time.sleep(0.5)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("AP did not move to 20 MHz channel")
-
-def test_obss_coex_report_handling1(dev, apdev):
-    """Overlapping BSS scan report handling with obss_interval=1"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "obss-scan",
-              "channel": "6",
-              "ht_capab": "[HT40+]",
-              "obss_interval": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("obss-scan", key_mgmt="NONE", scan_freq="2437")
-
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "1":
-        raise Exception("AP is not using 40 MHz channel")
-
-    # 20/40 MHz co-ex report forcing 20 MHz channel
-    msg = '040048010449020005'
-    req = "MGMT_TX {} {} freq=2437 action={}".format(bssid, bssid, msg)
-    if "OK" not in dev[0].request(req):
-        raise Exception("Could not send management frame")
-    time.sleep(0.5)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("AP did not move to 20 MHz channel")
-
-    # No 20/40 MHz co-ex reports forcing 20 MHz channel during next interval
-    for i in range(20):
-        sec = hapd.get_status_field("secondary_channel")
-        if sec == "1":
-            break
-        time.sleep(0.5)
-    if sec != "1":
-        raise Exception("AP did not return to 40 MHz channel")
-
-def test_obss_coex_report_handling2(dev, apdev):
-    """Overlapping BSS scan report handling with obss_interval=1 and no overlap"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "obss-scan",
-              "channel": "6",
-              "ht_capab": "[HT40+]",
-              "obss_interval": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("obss-scan", key_mgmt="NONE", scan_freq="2437")
-
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "1":
-        raise Exception("AP is not using 40 MHz channel")
-
-    # 20/40 MHz co-ex report that does not force a move to 20 MHz channel
-    # (out of affected range and matching primary channel cases)
-    msg = '0400' + '480100' + '49020001' + '49020006'
-    req = "MGMT_TX {} {} freq=2437 action={}".format(bssid, bssid, msg)
-    if "OK" not in dev[0].request(req):
-        raise Exception("Could not send management frame")
-    time.sleep(0.5)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "1":
-        raise Exception("Unexpected move to 20 MHz channel")
-
-    # 20/40 MHz co-ex report forcing 20 MHz channel
-    # (out of affected range and in affected range but not matching primary)
-    msg = '0400' + '480100' + '4903000105'
-    req = "MGMT_TX {} {} freq=2437 action={}".format(bssid, bssid, msg)
-    if "OK" not in dev[0].request(req):
-        raise Exception("Could not send management frame")
-    time.sleep(0.5)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("AP did not move to 20 MHz channel")
-
-def test_olbc(dev, apdev):
-    """OLBC detection"""
-    params = {"ssid": "test-olbc",
-              "channel": "6",
-              "ht_capab": "[HT40-]",
-              "ap_table_expiration_time": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    status = hapd.get_status()
-    if status['olbc'] != '0' or status['olbc_ht'] != '0':
-        raise Exception("Unexpected OLBC information")
-
-    params = {"ssid": "olbc-ap",
-              "hw_mode": "b",
-              "channel": "6",
-              "wmm_enabled": "0"}
-    hostapd.add_ap(apdev[1], params)
-    time.sleep(0.5)
-    status = hapd.get_status()
-    if status['olbc'] != '1' or status['olbc_ht'] != '1':
-        raise Exception("Missing OLBC information")
-
-    hostapd.remove_bss(apdev[1])
-
-    logger.info("Waiting for OLBC state to time out")
-    cleared = False
-    for i in range(0, 15):
-        time.sleep(1)
-        status = hapd.get_status()
-        if status['olbc'] == '0' and status['olbc_ht'] == '0':
-            cleared = True
-            break
-    if not cleared:
-        raise Exception("OLBC state did nto time out")
-
-def test_olbc_table_limit(dev, apdev):
-    """OLBC AP table size limit"""
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    ifname3 = apdev[0]['ifname'] + '-3'
-    hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
-    hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
-    hostapd.add_bss(apdev[0], ifname3, 'bss-3.conf')
-
-    params = {"ssid": "test-olbc",
-              "channel": "1",
-              "ap_table_max_size": "2"}
-    hapd = hostapd.add_ap(apdev[1], params)
-
-    time.sleep(0.3)
-    with alloc_fail(hapd, 1, "ap_list_process_beacon"):
-        time.sleep(0.3)
-    hapd.set("ap_table_max_size", "1")
-    time.sleep(0.3)
-    hapd.set("ap_table_max_size", "0")
-    time.sleep(0.3)
-
-def test_olbc_5ghz(dev, apdev):
-    """OLBC detection on 5 GHz"""
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "test-olbc",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        status = hapd.get_status()
-        if status['olbc'] != '0' or status['olbc_ht'] != '0':
-            raise Exception("Unexpected OLBC information")
-
-        params = {"ssid": "olbc-ap",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "0",
-                  "wmm_enabled": "0"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-        found = False
-        for i in range(20):
-            time.sleep(0.1)
-            status = hapd.get_status()
-            logger.debug('olbc_ht: ' + status['olbc_ht'])
-            if status['olbc_ht'] == '1':
-                found = True
-                break
-        if not found:
-            raise Exception("Missing OLBC information")
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        set_world_reg(apdev[0], apdev[1], None)
-
-def test_ap_require_ht(dev, apdev):
-    """Require HT"""
-    params = {"ssid": "require-ht",
-              "require_ht": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[1].connect("require-ht", key_mgmt="NONE", scan_freq="2412",
-                   disable_ht="1", wait_connect=False)
-    dev[0].connect("require-ht", key_mgmt="NONE", scan_freq="2412")
-    ev = dev[1].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-    dev[1].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association rejection timed out")
-    if "status_code=27" not in ev:
-        raise Exception("Unexpected rejection status code")
-    dev[2].connect("require-ht", key_mgmt="NONE", scan_freq="2412",
-                   ht_mcs="0x01 00 00 00 00 00 00 00 00 00",
-                   disable_max_amsdu="1", ampdu_factor="2",
-                   ampdu_density="1", disable_ht40="1", disable_sgi="1",
-                   disable_ldpc="1", rx_stbc="2", tx_stbc="1")
-
-    sta = hapd.get_sta(dev[0].own_addr())
-    if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-        raise Exception("No Supported Operating Classes information for STA")
-    opclass = int(sta['supp_op_classes'][0:2], 16)
-    if opclass != 81:
-        raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-
-def test_ap_ht_stbc(dev, apdev):
-    """HT STBC overrides"""
-    params = {"ssid": "ht"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ht", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("ht", key_mgmt="NONE", scan_freq="2412",
-                   rx_stbc="0", tx_stbc="0")
-    dev[2].connect("ht", key_mgmt="NONE", scan_freq="2412",
-                   rx_stbc="1", tx_stbc="1")
-
-@remote_compatible
-def test_ap_require_ht_limited_rates(dev, apdev):
-    """Require HT with limited supported rates"""
-    params = {"ssid": "require-ht",
-              "supported_rates": "60 120 240 360 480 540",
-              "require_ht": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[1].connect("require-ht", key_mgmt="NONE", scan_freq="2412",
-                   disable_ht="1", wait_connect=False)
-    dev[0].connect("require-ht", key_mgmt="NONE", scan_freq="2412")
-    ev = dev[1].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-    dev[1].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association rejection timed out")
-    if "status_code=27" not in ev:
-        raise Exception("Unexpected rejection status code")
-
-@remote_compatible
-def test_ap_ht_capab_not_supported(dev, apdev):
-    """HT configuration with driver not supporting all ht_capab entries"""
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-][LDPC][SMPS-STATIC][SMPS-DYNAMIC][GF][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][RX-STBC12][RX-STBC123][DELAYED-BA][MAX-AMSDU-7935][DSSS_CCK-40][LSIG-TXOP-PROT]"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Unexpected ENABLE success")
-
-def test_ap_ht_40mhz_intolerant_sta(dev, apdev):
-    """Associated STA indicating 40 MHz intolerant"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "intolerant",
-              "channel": "6",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if hapd.get_status_field("num_sta_ht40_intolerant") != "0":
-        raise Exception("Unexpected num_sta_ht40_intolerant value")
-    if hapd.get_status_field("secondary_channel") != "-1":
-        raise Exception("Unexpected secondary_channel")
-
-    dev[0].connect("intolerant", key_mgmt="NONE", scan_freq="2437")
-    if hapd.get_status_field("num_sta_ht40_intolerant") != "0":
-        raise Exception("Unexpected num_sta_ht40_intolerant value")
-    if hapd.get_status_field("secondary_channel") != "-1":
-        raise Exception("Unexpected secondary_channel")
-
-    dev[2].connect("intolerant", key_mgmt="NONE", scan_freq="2437",
-                   ht40_intolerant="1")
-    time.sleep(1)
-    if hapd.get_status_field("num_sta_ht40_intolerant") != "1":
-        raise Exception("Unexpected num_sta_ht40_intolerant value (expected 1)")
-    if hapd.get_status_field("secondary_channel") != "0":
-        raise Exception("Unexpected secondary_channel (did not disable 40 MHz)")
-
-    dev[2].request("DISCONNECT")
-    time.sleep(1)
-    if hapd.get_status_field("num_sta_ht40_intolerant") != "0":
-        raise Exception("Unexpected num_sta_ht40_intolerant value (expected 0)")
-    if hapd.get_status_field("secondary_channel") != "-1":
-        raise Exception("Unexpected secondary_channel (did not re-enable 40 MHz)")
-
-def test_ap_ht_40mhz_intolerant_sta_deinit(dev, apdev):
-    """Associated STA indicating 40 MHz intolerant and hostapd deinit"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "intolerant",
-              "channel": "6",
-              "ht_capab": "[HT40-]",
-              "obss_interval": "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("intolerant", key_mgmt="NONE", scan_freq="2437",
-                   ht40_intolerant="1")
-    time.sleep(1)
-    if hapd.get_status_field("num_sta_ht40_intolerant") != "1":
-        raise Exception("Unexpected num_sta_ht40_intolerant value (expected 1)")
-    hglobal = hostapd.HostapdGlobal()
-    hglobal.remove(apdev[0]['ifname'])
-
-    dev[0].request("DISCONNECT")
-
-def test_ap_ht_40mhz_intolerant_ap(dev, apdev):
-    """Associated STA reports 40 MHz intolerant AP after association"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "ht",
-              "channel": "6",
-              "ht_capab": "[HT40-]",
-              "obss_interval": "3"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ht", key_mgmt="NONE", scan_freq="2437")
-
-    if hapd.get_status_field("secondary_channel") != "-1":
-        raise Exception("Unexpected secondary channel information")
-
-    logger.info("Start 40 MHz intolerant AP")
-    params = {"ssid": "intolerant",
-              "channel": "5",
-              "ht_capab": "[40-INTOLERANT]"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    logger.info("Waiting for co-ex report from STA")
-    ok = False
-    for i in range(4):
-        ev = dev[0].wait_event(['CTRL-EVENT-SCAN-RESULTS'], timeout=20)
-        if ev is None:
-            raise Exception("No OBSS scan seen")
-        time.sleep(1)
-        if hapd.get_status_field("secondary_channel") == "0":
-            logger.info("AP moved to 20 MHz channel")
-            ok = True
-            break
-    if not ok:
-        raise Exception("AP did not move to 20 MHz channel")
-
-    if "OK" not in hapd2.request("DISABLE"):
-        raise Exception("Failed to disable 40 MHz intolerant AP")
-
-    # make sure the intolerant AP disappears from scan results more quickly
-    dev[0].scan(type="ONLY", freq="2432", only_new=True)
-    dev[0].scan(type="ONLY", freq="2432", only_new=True)
-    dev[0].dump_monitor()
-
-    logger.info("Waiting for AP to move back to 40 MHz channel")
-    ok = False
-    for i in range(0, 30):
-        time.sleep(1)
-        if hapd.get_status_field("secondary_channel") == "-1":
-            logger.info("AP moved to 40 MHz channel")
-            ok = True
-            break
-    if not ok:
-        raise Exception("AP did not move to 40 MHz channel")
-
-def test_ap_ht40_csa(dev, apdev):
-    """HT with 40 MHz channel width and CSA"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "ht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("ht", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5200 ht sec_channel_offset=-1 bandwidth=40")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5200" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected STA disconnection during CSA")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5180 ht sec_channel_offset=1 bandwidth=40")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected STA disconnection during CSA")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        set_world_reg(apdev[0], None, dev[0])
-        dev[0].flush_scan_cache()
-
-def test_ap_ht40_csa2(dev, apdev):
-    """HT with 40 MHz channel width and CSA"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "ht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("ht", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5220 ht sec_channel_offset=1 bandwidth=40")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5220" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected STA disconnection during CSA")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5180 ht sec_channel_offset=1 bandwidth=40")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected STA disconnection during CSA")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        set_world_reg(apdev[0], None, dev[0])
-        dev[0].flush_scan_cache()
-
-def test_ap_ht40_csa3(dev, apdev):
-    """HT with 40 MHz channel width and CSA"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "ht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("ht", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5240 ht sec_channel_offset=-1 bandwidth=40")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5240" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected STA disconnection during CSA")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5180 ht sec_channel_offset=1 bandwidth=40")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected STA disconnection during CSA")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        set_world_reg(apdev[0], None, dev[0])
-        dev[0].flush_scan_cache()
-
-def test_ap_ht_20_to_40_csa(dev, apdev):
-    """HT with 20 MHz channel width doing CSA to 40 MHz"""
-    csa_supported(dev[0])
-
-    params = {"ssid": "ht",
-              "channel": "1",
-              "ieee80211n": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ht", key_mgmt="NONE", scan_freq="2412")
-    hapd.wait_sta()
-    res = dev[0].request("SIGNAL_POLL")
-    logger.info("SIGNAL_POLL:\n" + res)
-    sig = res.splitlines()
-    if 'WIDTH=20 MHz' not in sig:
-        raise Exception("20 MHz channel bandwidth not used on the original channel")
-
-    hapd.request("CHAN_SWITCH 5 2462 ht sec_channel_offset=-1 bandwidth=40")
-    ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-    if ev is None:
-        raise Exception("CSA finished event timed out")
-    if "freq=2462" not in ev:
-        raise Exception("Unexpected channel in CSA finished event")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-    if ev is not None:
-        raise Exception("Unexpected STA disconnection during CSA")
-    res = dev[0].request("SIGNAL_POLL")
-    logger.info("SIGNAL_POLL:\n" + res)
-    sig = res.splitlines()
-    if 'WIDTH=40 MHz' not in sig:
-        raise Exception("40 MHz channel bandwidth not used on the new channel")
-
-@remote_compatible
-def test_prefer_ht20(dev, apdev):
-    """Preference on HT20 over no-HT"""
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211n": "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211n": "1"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    if dev[0].get_status_field('bssid') != bssid2:
-        raise Exception("Unexpected BSS selected")
-
-    est = dev[0].get_bss(bssid)['est_throughput']
-    if est != "54000":
-        raise Exception("Unexpected BSS0 est_throughput: " + est)
-
-    est = dev[0].get_bss(bssid2)['est_throughput']
-    if est != "65000":
-        raise Exception("Unexpected BSS1 est_throughput: " + est)
-
-def test_prefer_ht40(dev, apdev):
-    """Preference on HT40 over HT20"""
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211n": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211n": "1",
-              "ht_capab": "[HT40+]"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    if dev[0].get_status_field('bssid') != bssid2:
-        raise Exception("Unexpected BSS selected")
-
-    est = dev[0].get_bss(bssid)['est_throughput']
-    if est != "65000":
-        raise Exception("Unexpected BSS0 est_throughput: " + est)
-
-    est = dev[0].get_bss(bssid2)['est_throughput']
-    if est != "135000":
-        raise Exception("Unexpected BSS1 est_throughput: " + est)
-
-@remote_compatible
-def test_prefer_ht20_during_roam(dev, apdev):
-    """Preference on HT20 over no-HT in roaming consideration"""
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211n": "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211n": "1"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].scan(freq=2412)
-    dev[0].wait_connected()
-
-    if dev[0].get_status_field('bssid') != bssid2:
-        raise Exception("Unexpected BSS selected")
-
-@remote_compatible
-def test_ap_ht40_5ghz_invalid_pair(dev, apdev):
-    """HT40 on 5 GHz with invalid channel pair"""
-    clear_scan_cache(apdev[0])
-    try:
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "country_code": "US",
-                  "ht_capab": "[HT40+]"}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-DISABLED", "AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup failure timed out")
-        if "AP-ENABLED" in ev:
-            sec = hapd.get_status_field("secondary_channel")
-            if sec != "0":
-                raise Exception("Invalid 40 MHz channel accepted")
-    finally:
-        clear_regdom(hapd, dev)
-
-@remote_compatible
-def test_ap_ht40_5ghz_disabled_sec(dev, apdev):
-    """HT40 on 5 GHz with disabled secondary channel"""
-    clear_scan_cache(apdev[0])
-    try:
-        params = {"ssid": "test-ht40",
-                  "hw_mode": "a",
-                  "channel": "48",
-                  "country_code": "US",
-                  "ht_capab": "[HT40+]"}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-DISABLED", "AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup failure timed out")
-        if "AP-ENABLED" in ev:
-            sec = hapd.get_status_field("secondary_channel")
-            if sec != "0":
-                raise Exception("Invalid 40 MHz channel accepted")
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_ht40_scan_broken_ap(dev, apdev):
-    """HT40 co-ex scan and broken legacy/HT AP"""
-    clear_scan_cache(apdev[0])
-
-    # Broken AP: Include HT Capabilities element but not HT Operation element
-    params = {"ssid": "legacy-20",
-              "channel": "7", "ieee80211n": "0",
-              "wmm_enabled": "1",
-              "vendor_elements": "2d1a0e001bffff000000000000000000000100000000000000000000"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-ht40",
-              "channel": "5",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-
-    state = hapd.get_status_field("state")
-    if state != "HT_SCAN":
-        time.sleep(0.1)
-        state = hapd.get_status_field("state")
-        if state != "HT_SCAN":
-            raise Exception("Unexpected interface state - expected HT_SCAN")
-
-    ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
-    if not ev:
-        raise Exception("AP setup timed out")
-
-    state = hapd.get_status_field("state")
-    if state != "ENABLED":
-        raise Exception("Unexpected interface state - expected ENABLED")
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2432":
-        raise Exception("Unexpected frequency: " + freq)
-    pri = hapd.get_status_field("channel")
-    if pri != "5":
-        raise Exception("Unexpected primary channel: " + pri)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "-1":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-    dev[1].connect("legacy-20", key_mgmt="NONE", scan_freq="2442")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    hwsim_utils.test_connectivity(dev[1], hapd2)
-
-def run_op_class(dev, apdev, hw_mode, channel, country, ht_capab, sec_chan,
-                 freq, opclass, use_op_class=False):
-    clear_scan_cache(apdev[0])
-    try:
-        params = {"ssid": "test-ht40",
-                  "hw_mode": hw_mode,
-                  "channel": channel,
-                  "ht_capab": ht_capab}
-        if use_op_class:
-            params['op_class'] = str(opclass)
-        if country:
-            params['country_code'] = country
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-DISABLED", "AP-ENABLED"], timeout=10)
-        if not ev:
-            raise Exception("AP setup failure timed out")
-        if "AP-DISABLED" in ev:
-            raise HwsimSkip("Channel not supported")
-        sec = hapd.get_status_field("secondary_channel")
-        if sec != sec_chan:
-            raise Exception("Unexpected secondary_channel: " + sec)
-        dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-        bss = dev[0].get_bss(hapd.own_addr())
-        ie = parse_ie(bss['ie'])
-        if 59 not in ie:
-            raise Exception("Missing Supported Operating Classes element")
-        rx_opclass, = struct.unpack('B', ie[59][0:1])
-        if rx_opclass != opclass:
-            raise Exception("Unexpected operating class: %d" % rx_opclass)
-        hapd.disable()
-        hapd.dump_monitor()
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].request("ABORT_SCAN")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-    finally:
-        set_world_reg(apdev[0], None, dev[0])
-        time.sleep(0.1)
-
-def test_ap_ht_op_class_81(dev, apdev):
-    """HT20 on operationg class 81"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "g", "1", None, "", "0", "2412", 81,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_83(dev, apdev):
-    """HT40 on operationg class 83"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "g", "1", None, "[HT40+]", "1", "2412", 83,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_84(dev, apdev):
-    """HT40 on operationg class 84"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "g", "11", None, "[HT40-]", "-1", "2462", 84,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_115(dev, apdev):
-    """HT20 on operationg class 115"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "36", "FI", "", "0", "5180", 115,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_116(dev, apdev):
-    """HT40 on operationg class 116"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "36", "FI", "[HT40+]", "1", "5180", 116,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_117(dev, apdev):
-    """HT40 on operationg class 117"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "40", "FI", "[HT40-]", "-1", "5200", 117,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_118(dev, apdev):
-    """HT20 on operationg class 118"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "60", "PA", "", "0", "5300", 118,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_119(dev, apdev):
-    """HT40 on operationg class 119"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "60", "PA", "[HT40+]", "1", "5300", 119,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_120(dev, apdev):
-    """HT40 on operationg class 120"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "64", "PA", "[HT40-]", "-1", "5320", 120,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_121(dev, apdev):
-    """HT20 on operationg class 121"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "100", "ZA", "", "0", "5500", 121,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_122(dev, apdev):
-    """HT40 on operationg class 122"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "100", "ZA", "[HT40+]", "1", "5500", 122,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_123(dev, apdev):
-    """HT40 on operationg class 123"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "104", "ZA", "[HT40-]", "-1", "5520", 123,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_124(dev, apdev):
-    """HT20 on operationg class 124"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "149", "US", "", "0", "5745", 124,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_125(dev, apdev):
-    """HT20 on operationg class 125"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "169", "NL", "", "0", "5845", 125,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_126(dev, apdev):
-    """HT40 on operationg class 126"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "149", "US", "[HT40+]", "1", "5745", 126,
-                     use_op_class=o)
-
-def test_ap_ht_op_class_127(dev, apdev):
-    """HT40 on operationg class 127"""
-    for o in [False, True]:
-        run_op_class(dev, apdev, "a", "153", "US", "[HT40-]", "-1", "5765", 127,
-                     use_op_class=o)
-
-def test_ap_ht40_plus_minus1(dev, apdev):
-    """HT40 with both plus and minus allowed (1)"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "11",
-              "ht_capab": "[HT40+][HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2462":
-        raise Exception("Unexpected frequency: " + freq)
-    pri = hapd.get_status_field("channel")
-    if pri != "11":
-        raise Exception("Unexpected primary channel: " + pri)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "-1":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-def test_ap_ht40_plus_minus2(dev, apdev):
-    """HT40 with both plus and minus allowed (2)"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "1",
-              "ht_capab": "[HT40+][HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    freq = hapd.get_status_field("freq")
-    if freq != "2412":
-        raise Exception("Unexpected frequency: " + freq)
-    pri = hapd.get_status_field("channel")
-    if pri != "1":
-        raise Exception("Unexpected primary channel: " + pri)
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "1":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq=freq)
-
-def test_ap_ht40_disable(dev, apdev):
-    """HT40 disabling"""
-    clear_scan_cache(apdev[0])
-    params = {"ssid": "test-ht40",
-              "channel": "6",
-              "ht_capab": "[HT40-]"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "-1":
-        raise Exception("Unexpected secondary channel: " + sec)
-
-    id = dev[0].connect("test-ht40", key_mgmt="NONE", scan_freq="2437")
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    logger.info("SIGNAL_POLL: " + str(sig))
-    if "WIDTH=40 MHz" not in sig:
-        raise Exception("Station did not report 40 MHz bandwidth")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.disable()
-    hapd.set("ht_capab", "")
-    hapd.enable()
-    sec = hapd.get_status_field("secondary_channel")
-    if sec != "0":
-        raise Exception("Unexpected secondary channel(2): " + sec)
-
-    dev[0].flush_scan_cache()
-    dev[0].select_network(id, freq=2437)
-    dev[0].wait_connected()
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    logger.info("SIGNAL_POLL: " + str(sig))
-    if "WIDTH=20 MHz" not in sig:
-        raise Exception("Station did not report 20 MHz bandwidth")
-
-def test_ap_ht_wmm_etsi(dev, apdev):
-    """HT and WMM contents in ETSI"""
-    run_ap_ht_wmm(dev, apdev, "FI")
-
-def test_ap_ht_wmm_fcc(dev, apdev):
-    """HT and WMM contents in FCC"""
-    run_ap_ht_wmm(dev, apdev, "US")
-
-def run_ap_ht_wmm(dev, apdev, country):
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        params = {"ssid": "test",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "country_code": country}
-        hapd = hostapd.add_ap(apdev[0], params)
-        freq = hapd.get_status_field("freq")
-        bssid = hapd.own_addr()
-        dev[0].connect("test", key_mgmt="NONE", scan_freq=freq)
-        bss = dev[0].get_bss(bssid)
-        ie = parse_ie(bss['ie'])
-        if 221 not in ie:
-            raise Exception("Could not find WMM IE")
-        wmm = ie[221]
-        if len(wmm) != 24:
-            raise Exception("Unexpected WMM IE length")
-        id, subtype, version, info, reserved = struct.unpack('>LBBBB', wmm[0:8])
-        if id != 0x0050f202 or subtype != 1 or version != 1:
-            raise Exception("Not a WMM IE")
-        ac = []
-        for i in range(4):
-            ac.append(struct.unpack('<BBH', wmm[8 + i * 4: 12 + i * 4]))
-        logger.info("WMM AC info: " + str(ac))
-
-        aifsn = (ac[0][0] & 0x0f, ac[1][0] & 0x0f,
-                 ac[2][0] & 0x0f, ac[3][0] & 0x0f)
-        logger.info("AIFSN: " + str(aifsn))
-        if aifsn != (3, 7, 2, 2):
-            raise Exception("Unexpected AIFSN value: " + str(aifsn))
-
-        ecw_min = (ac[0][1] & 0x0f, ac[1][1] & 0x0f,
-                   ac[2][1] & 0x0f, ac[3][1] & 0x0f)
-        logger.info("ECW min: " + str(ecw_min))
-        if ecw_min != (4, 4, 3, 2):
-            raise Exception("Unexpected ECW min value: " + str(ecw_min))
-
-        ecw_max = ((ac[0][1] & 0xf0) >> 4, (ac[1][1] & 0xf0) >> 4,
-                   (ac[2][1] & 0xf0) >> 4, (ac[3][1] & 0xf0) >> 4)
-        logger.info("ECW max: " + str(ecw_max))
-        if ecw_max != (10, 10, 4, 3):
-            raise Exception("Unexpected ECW max value: " + str(ecw_max))
-
-        txop = (ac[0][2], ac[1][2], ac[2][2], ac[3][2])
-        logger.info("TXOP: " + str(txop))
-        if txop != (0, 0, 94, 47):
-            raise Exception("Unexpected TXOP value: " + str(txop))
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        set_world_reg(apdev[0], None, dev[0])
-        dev[0].flush_scan_cache()
diff --git a/tests/hwsim/test_ap_mixed.py b/tests/hwsim/test_ap_mixed.py
deleted file mode 100644
index e758ae923cdd..000000000000
--- a/tests/hwsim/test_ap_mixed.py
+++ /dev/null
@@ -1,101 +0,0 @@
-# Mixed AP module parameters enabled
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-
-import hostapd
-import hwsim_utils
-from utils import *
-
-def test_ap_mixed_security(dev, apdev):
-    """WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    dev[0].flush_scan_cache()
-    sae = "SAE" in dev[2].get_capability("auth_alg")
-    ssid = "test-mixed"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "WPA-PSK WPA-PSK-SHA256 WPA-EAP WPA-EAP-SHA256 SAE FT-PSK FT-EAP FT-SAE"
-    params["ieee8021x"] = "1"
-    params["eap_server"] = "1"
-    params["eap_user_file"] = "auth_serv/eap_user.conf"
-    params['nas_identifier'] = "nas1.w1.fi"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, key_mgmt="WPA-PSK", proto="WPA", pairwise="TKIP",
-                   psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="WPA-EAP-SHA256", proto="WPA2", eap="GPSK",
-                   identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    if sae:
-        dev[2].request("SET sae_groups ")
-        dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
-
-    logger.debug(dev[0].request("SCAN_RESULTS"))
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    logger.debug(bss)
-    if "[WPA-EAP+PSK-TKIP]" not in bss['flags']:
-        raise Exception("Unexpected flags (WPA): " + bss['flags'])
-    if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
-        raise Exception("Unexpected flags (WPA2): " + bss['flags'])
-
-    if dev[0].get_status_field("key_mgmt") != "WPA-PSK":
-        raise Exception("Unexpected key_mgmt(1)")
-    if dev[0].get_status_field("pairwise_cipher") != "TKIP":
-        raise Exception("Unexpected pairwise(1)")
-    if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256":
-        raise Exception("Unexpected key_mgmt(2)")
-    if sae and dev[2].get_status_field("key_mgmt") != "SAE":
-        raise Exception("Unexpected key_mgmt(3)")
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    if sae:
-        hwsim_utils.test_connectivity(dev[1], dev[2])
-        hwsim_utils.test_connectivity(dev[0], dev[2])
-    for i in range(3):
-        if i < 2 or sae:
-            hwsim_utils.test_connectivity(dev[i], hapd)
-        dev[i].request("DISCONNECT")
-
-    dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase,
-                   scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="WPA-EAP", proto="WPA", eap="GPSK",
-                   identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    if sae:
-        dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE",
-                       psk=passphrase, scan_freq="2412")
-
-    if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256":
-        raise Exception("Unexpected key_mgmt(1b)")
-    if dev[0].get_status_field("pairwise_cipher") != "CCMP":
-        raise Exception("Unexpected pairwise(1b)")
-    if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP":
-        raise Exception("Unexpected key_mgmt(2b)")
-    if sae and dev[2].get_status_field("key_mgmt") != "SAE":
-        raise Exception("Unexpected key_mgmt(3b)")
-
-    for i in range(3):
-        dev[i].request("DISCONNECT")
-
-    dev[0].connect(ssid, key_mgmt="FT-PSK", psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    if sae:
-        dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE",
-                       scan_freq="2412")
-
-    if dev[0].get_status_field("key_mgmt") != "FT-PSK":
-        raise Exception("Unexpected key_mgmt(1c)")
-    if dev[1].get_status_field("key_mgmt") != "FT-EAP":
-        raise Exception("Unexpected key_mgmt(2c)")
-    if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE":
-        raise Exception("Unexpected key_mgmt(3c)")
diff --git a/tests/hwsim/test_ap_open.py b/tests/hwsim/test_ap_open.py
deleted file mode 100644
index a3bea763a1c4..000000000000
--- a/tests/hwsim/test_ap_open.py
+++ /dev/null
@@ -1,1017 +0,0 @@
-# Open mode AP tests
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import struct
-import subprocess
-import time
-import os
-
-import hostapd
-import hwsim_utils
-from tshark import run_tshark
-from utils import *
-from wpasupplicant import WpaSupplicant
-from wlantest import WlantestCapture
-
-@remote_compatible
-def test_ap_open(dev, apdev):
-    """AP with open mode (no security) configuration"""
-    _test_ap_open(dev, apdev)
-
-def _test_ap_open(dev, apdev):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bg_scan_period="0")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[0].request("DISCONNECT")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No disconnection event received from hostapd")
-
-def test_ap_open_packet_loss(dev, apdev):
-    """AP with open mode configuration and large packet loss"""
-    params = {"ssid": "open",
-              "ignore_probe_probability": "0.5",
-              "ignore_auth_probability": "0.5",
-              "ignore_assoc_probability": "0.5",
-              "ignore_reassoc_probability": "0.5"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    for i in range(0, 3):
-        dev[i].connect("open", key_mgmt="NONE", scan_freq="2412",
-                       wait_connect=False)
-    for i in range(0, 3):
-        dev[i].wait_connected(timeout=20)
-
-@remote_compatible
-def test_ap_open_unknown_action(dev, apdev):
-    """AP with open mode configuration and unknown Action frame"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    bssid = apdev[0]['bssid']
-    cmd = "MGMT_TX {} {} freq=2412 action=765432".format(bssid, bssid)
-    if "FAIL" in dev[0].request(cmd):
-        raise Exception("Could not send test Action frame")
-    ev = dev[0].wait_event(["MGMT-TX-STATUS"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on MGMT-TX-STATUS")
-    if "result=SUCCESS" not in ev:
-        raise Exception("AP did not ack Action frame")
-
-def test_ap_open_invalid_wmm_action(dev, apdev):
-    """AP with open mode configuration and invalid WMM Action frame"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    bssid = apdev[0]['bssid']
-    cmd = "MGMT_TX {} {} freq=2412 action=1100".format(bssid, bssid)
-    if "FAIL" in dev[0].request(cmd):
-        raise Exception("Could not send test Action frame")
-    ev = dev[0].wait_event(["MGMT-TX-STATUS"], timeout=10)
-    if ev is None or "result=SUCCESS" not in ev:
-        raise Exception("AP did not ack Action frame")
-
-@remote_compatible
-def test_ap_open_reconnect_on_inactivity_disconnect(dev, apdev):
-    """Reconnect to open mode AP after inactivity related disconnection"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    hapd.request("DEAUTHENTICATE " + dev[0].p2p_interface_addr() + " reason=4")
-    dev[0].wait_disconnected(timeout=5)
-    dev[0].wait_connected(timeout=2, error="Timeout on reconnection")
-
-@remote_compatible
-def test_ap_open_assoc_timeout(dev, apdev):
-    """AP timing out association"""
-    ssid = "test"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].scan(freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame not received")
-
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = struct.pack('<HHH', 0, 2, 0)
-    hapd.mgmt_tx(resp)
-
-    assoc = 0
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 0:
-            assoc += 1
-            if assoc == 3:
-                break
-    if assoc != 3:
-        raise Exception("Association Request frames not received: assoc=%d" % assoc)
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].wait_connected(timeout=15)
-
-def test_ap_open_auth_drop_sta(dev, apdev):
-    """AP dropping station after successful authentication"""
-    hapd = hostapd.add_ap(apdev[0]['ifname'], {"ssid": "open"})
-    dev[0].scan(freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame not received")
-
-    # turn off before sending successful response
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = struct.pack('<HHH', 0, 2, 0)
-    hapd.mgmt_tx(resp)
-
-    dev[0].wait_connected(timeout=15)
-
-@remote_compatible
-def test_ap_open_id_str(dev, apdev):
-    """AP with open mode and id_str"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412", id_str="foo",
-                   wait_connect=False)
-    ev = dev[0].wait_connected(timeout=10)
-    if "id_str=foo" not in ev:
-        raise Exception("CTRL-EVENT-CONNECT did not have matching id_str: " + ev)
-    if dev[0].get_status_field("id_str") != "foo":
-        raise Exception("id_str mismatch")
-
-@remote_compatible
-def test_ap_open_select_any(dev, apdev):
-    """AP with open mode and select any network"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    id = dev[0].connect("unknown", key_mgmt="NONE", scan_freq="2412",
-                        only_add_network=True)
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   only_add_network=True)
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("No result reported")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-
-    dev[0].select_network("any")
-    dev[0].wait_connected(timeout=10)
-
-@remote_compatible
-def test_ap_open_unexpected_assoc_event(dev, apdev):
-    """AP with open mode and unexpected association event"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=15)
-    dev[0].dump_monitor()
-    # This association will be ignored by wpa_supplicant since the current
-    # state is not to try to connect after that DISCONNECT command.
-    dev[0].cmd_execute(['iw', 'dev', dev[0].ifname, 'connect', 'open', "2412",
-                        apdev[0]['bssid']])
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.3)
-    dev[0].cmd_execute(['iw', 'dev', dev[0].ifname, 'disconnect'])
-    dev[0].dump_monitor()
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-def test_ap_open_external_assoc(dev, apdev):
-    """AP with open mode and external association"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open-ext-assoc"})
-    try:
-        dev[0].request("STA_AUTOCONNECT 0")
-        id = dev[0].connect("open-ext-assoc", key_mgmt="NONE", scan_freq="2412",
-                            only_add_network=True)
-        dev[0].request("ENABLE_NETWORK %s no-connect" % id)
-        dev[0].dump_monitor()
-        # This will be accepted due to matching network
-        dev[0].cmd_execute(['iw', 'dev', dev[0].ifname, 'connect',
-                            'open-ext-assoc', "2412", apdev[0]['bssid']])
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
-                                "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Connection timed out")
-        if "CTRL-EVENT-DISCONNECTED" in ev:
-            raise Exception("Unexpected disconnection event")
-        dev[0].dump_monitor()
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=5)
-    finally:
-        dev[0].request("STA_AUTOCONNECT 1")
-
-@remote_compatible
-def test_ap_bss_load(dev, apdev):
-    """AP with open mode (no security) configuration"""
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "open",
-                           "bss_load_update_period": "10",
-                           "chan_util_avg_period": "20"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    # this does not really get much useful output with mac80211_hwsim currently,
-    # but run through the channel survey update couple of times
-    for i in range(0, 10):
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        time.sleep(0.15)
-    avg = hapd.get_status_field("chan_util_avg")
-    if avg is None:
-        raise Exception("No STATUS chan_util_avg seen")
-
-def test_ap_bss_load_fail(dev, apdev):
-    """BSS Load update failing to get survey data"""
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "open",
-                           "bss_load_update_period": "1"})
-    with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"):
-        wait_fail_trigger(hapd, "GET_FAIL")
-
-def hapd_out_of_mem(hapd, apdev, count, func):
-    with alloc_fail(hapd, count, func):
-        started = False
-        try:
-            hostapd.add_ap(apdev, {"ssid": "open"})
-            started = True
-        except:
-            pass
-        if started:
-            raise Exception("hostapd interface started even with memory allocation failure: %d:%s" % (count, func))
-
-def test_ap_open_out_of_memory(dev, apdev):
-    """hostapd failing to setup interface due to allocation failure"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    flags2 = hapd.request("DRIVER_FLAGS2").splitlines()[1:]
-    hapd_out_of_mem(hapd, apdev[1], 1, "hostapd_alloc_bss_data")
-
-    for i in range(1, 3):
-        hapd_out_of_mem(hapd, apdev[1], i, "hostapd_iface_alloc")
-
-    for i in range(1, 5):
-        hapd_out_of_mem(hapd, apdev[1], i, "hostapd_config_defaults;hostapd_config_alloc")
-
-    hapd_out_of_mem(hapd, apdev[1], 1, "hostapd_config_alloc")
-
-    hapd_out_of_mem(hapd, apdev[1], 1, "hostapd_driver_init")
-
-    for i in range(1, 3):
-        hapd_out_of_mem(hapd, apdev[1], i, "=wpa_driver_nl80211_drv_init")
-
-    if 'CONTROL_PORT_RX' not in flags2:
-        # eloop_register_read_sock() call from i802_init()
-        hapd_out_of_mem(hapd, apdev[1], 1, "eloop_sock_table_add_sock;?eloop_register_sock;?eloop_register_read_sock;=i802_init")
-
-    # verify that a new interface can still be added when memory allocation does
-    # not fail
-    hostapd.add_ap(apdev[1], {"ssid": "open"})
-
-def test_bssid_ignore_accept(dev, apdev):
-    """BSSID ignore/accept list"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "open"})
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bssid_accept=apdev[1]['bssid'])
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bssid_ignore=apdev[1]['bssid'])
-    dev[2].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bssid_accept="00:00:00:00:00:00/00:00:00:00:00:00",
-                   bssid_ignore=apdev[1]['bssid'])
-    if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
-        raise Exception("dev[0] connected to unexpected AP")
-    if dev[1].get_status_field('bssid') != apdev[0]['bssid']:
-        raise Exception("dev[1] connected to unexpected AP")
-    if dev[2].get_status_field('bssid') != apdev[0]['bssid']:
-        raise Exception("dev[2] connected to unexpected AP")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[2].request("REMOVE_NETWORK all")
-
-    dev[2].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bssid_accept="00:00:00:00:00:00", wait_connect=False)
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bssid_accept="11:22:33:44:55:66/ff:00:00:00:00:00 " + apdev[1]['bssid'] + " aa:bb:cc:dd:ee:ff")
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bssid_ignore="11:22:33:44:55:66/ff:00:00:00:00:00 " + apdev[1]['bssid'] + " aa:bb:cc:dd:ee:ff")
-    if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
-        raise Exception("dev[0] connected to unexpected AP")
-    if dev[1].get_status_field('bssid') != apdev[0]['bssid']:
-        raise Exception("dev[1] connected to unexpected AP")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected dev[2] connectin")
-    dev[2].request("REMOVE_NETWORK all")
-
-def test_ap_open_wpas_in_bridge(dev, apdev):
-    """Open mode AP and wpas interface in a bridge"""
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    try:
-        _test_ap_open_wpas_in_bridge(dev, apdev)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
-        subprocess.call(['brctl', 'delif', br_ifname, ifname])
-        subprocess.call(['brctl', 'delbr', br_ifname])
-        subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
-
-def _test_ap_open_wpas_in_bridge(dev, apdev):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    # First, try a failure case of adding an interface
-    try:
-        wpas.interface_add(ifname, br_ifname=br_ifname)
-        raise Exception("Interface addition succeeded unexpectedly")
-    except Exception as e:
-        if "Failed to add" in str(e):
-            logger.info("Ignore expected interface_add failure due to missing bridge interface: " + str(e))
-        else:
-            raise
-
-    # Next, add the bridge interface and add the interface again
-    subprocess.call(['brctl', 'addbr', br_ifname])
-    subprocess.call(['brctl', 'setfd', br_ifname, '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
-    subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
-    subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
-    wpas.interface_add(ifname, br_ifname=br_ifname)
-
-    wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ap_open_start_disabled(dev, apdev):
-    """AP with open mode and beaconing disabled"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open",
-                                     "start_disabled": "1"})
-    bssid = apdev[0]['bssid']
-
-    dev[0].flush_scan_cache()
-    dev[0].scan(freq=2412, only_new=True)
-    if dev[0].get_bss(bssid) is not None:
-        raise Exception("AP was seen beaconing")
-    if "OK" not in hapd.request("RELOAD"):
-        raise Exception("RELOAD failed")
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ap_open_start_disabled2(dev, apdev):
-    """AP with open mode and beaconing disabled (2)"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open",
-                                     "start_disabled": "1"})
-    bssid = apdev[0]['bssid']
-
-    dev[0].flush_scan_cache()
-    dev[0].scan(freq=2412, only_new=True)
-    if dev[0].get_bss(bssid) is not None:
-        raise Exception("AP was seen beaconing")
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-@remote_compatible
-def test_ap_open_ifdown(dev, apdev):
-    """AP with open mode and external ifconfig down"""
-    params = {"ssid": "open",
-              "ap_max_inactivity": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-DISCONNECTED (1)")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-DISCONNECTED (2)")
-    ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=5)
-    if ev is None:
-        raise Exception("No INTERFACE-DISABLED event")
-    # The following wait tests beacon loss detection in mac80211 on dev0.
-    # dev1 is used to test stopping of AP side functionality on client polling.
-    dev[1].request("REMOVE_NETWORK all")
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
-    dev[0].wait_disconnected()
-    dev[1].wait_disconnected()
-    ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No INTERFACE-ENABLED event")
-    dev[0].wait_connected()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_open_disconnect_in_ps(dev, apdev, params):
-    """Disconnect with the client in PS to regression-test a kernel bug"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bg_scan_period="0")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-
-    time.sleep(0.2)
-    # enable power save mode
-    hwsim_utils.set_powersave(dev[0], hwsim_utils.PS_ENABLED)
-    time.sleep(0.1)
-    try:
-        # inject some traffic
-        sa = hapd.own_addr()
-        da = dev[0].own_addr()
-        hapd.request('DATA_TEST_CONFIG 1')
-        hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
-        hapd.request('DATA_TEST_CONFIG 0')
-
-        # let the AP send couple of Beacon frames
-        time.sleep(0.3)
-
-        # disconnect - with traffic pending - shouldn't cause kernel warnings
-        dev[0].request("DISCONNECT")
-    finally:
-        hwsim_utils.set_powersave(dev[0], hwsim_utils.PS_DISABLED)
-
-    time.sleep(0.2)
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan_mgt.tim.partial_virtual_bitmap",
-                     ["wlan_mgt.tim.partial_virtual_bitmap"])
-    if out is not None:
-        state = 0
-        for l in out.splitlines():
-            pvb = int(l, 16)
-            if pvb > 0 and state == 0:
-                state = 1
-            elif pvb == 0 and state == 1:
-                state = 2
-        if state != 2:
-            raise Exception("Didn't observe TIM bit getting set and unset (state=%d)" % state)
-
-def test_ap_open_sta_ps(dev, apdev):
-    """Station power save operation"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bg_scan_period="0")
-    hapd.wait_sta()
-
-    time.sleep(0.2)
-    try:
-        dev[0].cmd_execute(['iw', 'dev', dev[0].ifname,
-                            'set', 'power_save', 'on'])
-        run_ap_open_sta_ps(dev, hapd)
-    finally:
-        dev[0].cmd_execute(['iw', 'dev', dev[0].ifname,
-                            'set', 'power_save', 'off'])
-
-def run_ap_open_sta_ps(dev, hapd):
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    # Give time to enter PS
-    time.sleep(0.2)
-
-    phyname = dev[0].get_driver_status_field("phyname")
-    hw_conf = '/sys/kernel/debug/ieee80211/' + phyname + '/hw_conf'
-
-    try:
-        ok = False
-        for i in range(10):
-            with open(hw_conf, 'r') as f:
-                val = int(f.read())
-            if val & 2:
-                ok = True
-                break
-            time.sleep(0.2)
-
-        if not ok:
-            raise Exception("STA did not enter power save")
-
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-        hapd.request("DEAUTHENTICATE " + dev[0].own_addr())
-        dev[0].wait_disconnected()
-    except FileNotFoundError:
-        raise HwsimSkip("Kernel does not support inspecting HW PS state")
-
-def test_ap_open_ps_mc_buf(dev, apdev, params):
-    """Multicast buffering with a station in power save"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bg_scan_period="0")
-    hapd.wait_sta()
-
-    buffered_mcast = 0
-    try:
-        dev[0].cmd_execute(['iw', 'dev', dev[0].ifname,
-                            'set', 'power_save', 'on'])
-        # Give time to enter PS
-        time.sleep(0.3)
-
-        for i in range(10):
-            # Verify that multicast frames are released
-            hwsim_utils.run_multicast_connectivity_test(hapd, dev[0])
-
-            # Check frames were buffered until DTIM
-            out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                             "wlan.fc.type_subtype == 0x0008",
-                             ["wlan.tim.bmapctl.multicast"])
-            for line in out.splitlines():
-                buffered_mcast = int(line)
-                if buffered_mcast == 1:
-                    break
-            if buffered_mcast == 1:
-                break
-    finally:
-        dev[0].cmd_execute(['iw', 'dev', dev[0].ifname,
-                            'set', 'power_save', 'off'])
-
-    if buffered_mcast != 1:
-        raise Exception("AP did not buffer multicast frames")
-
-@remote_compatible
-def test_ap_open_select_network(dev, apdev):
-    """Open mode connection and SELECT_NETWORK to change network"""
-    hapd1 = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid1 = apdev[0]['bssid']
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "open2"})
-    bssid2 = apdev[1]['bssid']
-
-    id1 = dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                         only_add_network=True)
-    id2 = dev[0].connect("open2", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-
-    dev[0].select_network(id1)
-    dev[0].wait_connected()
-    res = dev[0].request("BSSID_IGNORE")
-    if bssid1 in res or bssid2 in res:
-        raise Exception("Unexpected BSSID ignore list entry")
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-
-    dev[0].select_network(id2)
-    dev[0].wait_connected()
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-    res = dev[0].request("BSSID_IGNORE")
-    if bssid1 in res or bssid2 in res:
-        raise Exception("Unexpected BSSID ignore list entry(2)")
-
-@remote_compatible
-def test_ap_open_disable_enable(dev, apdev):
-    """AP with open mode getting disabled and re-enabled"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bg_scan_period="0")
-
-    for i in range(2):
-        hapd.request("DISABLE")
-        dev[0].wait_disconnected()
-        hapd.request("ENABLE")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-def sta_enable_disable(dev, bssid):
-    dev.scan_for_bss(bssid, freq=2412)
-    work_id = dev.request("RADIO_WORK add block-work")
-    ev = dev.wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    id = dev.connect("open", key_mgmt="NONE", scan_freq="2412",
-                     only_add_network=True)
-    dev.request("ENABLE_NETWORK %d" % id)
-    if "connect@" not in dev.request("RADIO_WORK show"):
-        raise Exception("connect radio work missing")
-    dev.request("DISABLE_NETWORK %d" % id)
-    dev.request("RADIO_WORK done " + work_id)
-
-    ok = False
-    for i in range(30):
-        if "connect@" not in dev.request("RADIO_WORK show"):
-            ok = True
-            break
-        time.sleep(0.1)
-    if not ok:
-        raise Exception("connect radio work not completed")
-    ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    dev.request("DISCONNECT")
-
-def test_ap_open_sta_enable_disable(dev, apdev):
-    """AP with open mode and wpa_supplicant ENABLE/DISABLE_NETWORK"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = apdev[0]['bssid']
-
-    sta_enable_disable(dev[0], bssid)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    sta_enable_disable(wpas, bssid)
-
-@remote_compatible
-def test_ap_open_select_twice(dev, apdev):
-    """AP with open mode and select network twice"""
-    id = dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                        only_add_network=True)
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("No result reported")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    # Verify that the second SELECT_NETWORK starts a new scan immediately by
-    # waiting less than the default scan period.
-    dev[0].select_network(id)
-    dev[0].wait_connected(timeout=3)
-
-@remote_compatible
-def test_ap_open_reassoc_not_found(dev, apdev):
-    """AP with open mode and REASSOCIATE not finding a match"""
-    id = dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                        only_add_network=True)
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("No result reported")
-    dev[0].request("DISCONNECT")
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-
-    dev[0].request("REASSOCIATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("No result reported")
-    dev[0].request("DISCONNECT")
-
-@remote_compatible
-def test_ap_open_sta_statistics(dev, apdev):
-    """AP with open mode and STA statistics"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    stats1 = hapd.get_sta(addr)
-    logger.info("stats1: " + str(stats1))
-    time.sleep(0.4)
-    stats2 = hapd.get_sta(addr)
-    logger.info("stats2: " + str(stats2))
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    stats3 = hapd.get_sta(addr)
-    logger.info("stats3: " + str(stats3))
-
-    # Cannot require specific inactive_msec changes without getting rid of all
-    # unrelated traffic, so for now, just print out the results in the log for
-    # manual checks.
-
-@remote_compatible
-def test_ap_open_poll_sta(dev, apdev):
-    """AP with open mode and STA poll"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    if "OK" not in hapd.request("POLL_STA " + addr):
-        raise Exception("POLL_STA failed")
-    ev = hapd.wait_event(["AP-STA-POLL-OK"], timeout=5)
-    if ev is None:
-        raise Exception("Poll response not seen")
-    if addr not in ev:
-        raise Exception("Unexpected poll response: " + ev)
-
-def test_ap_open_poll_sta_no_ack(dev, apdev):
-    """AP with open mode and STA poll without ACK"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.set("ext_mgmt_frame_handling", "0")
-    if "OK" not in hapd.request("POLL_STA " + addr):
-        raise Exception("POLL_STA failed")
-    ev = hapd.wait_event(["AP-STA-POLL-OK"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected poll response reported")
-
-def test_ap_open_pmf_default(dev, apdev):
-    """AP with open mode (no security) configuration and pmf=2"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   ieee80211w="2", wait_connect=False)
-    dev[2].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   ieee80211w="1")
-    try:
-        dev[0].request("SET pmf 2")
-        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-    finally:
-        dev[0].request("SET pmf 0")
-    dev[2].request("DISCONNECT")
-    dev[2].wait_disconnected()
-
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected dev[1] connection")
-    dev[1].request("DISCONNECT")
-
-def test_ap_open_drv_fail(dev, apdev):
-    """AP with open mode and driver operations failing"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"):
-        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"):
-        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-
-def run_multicast_to_unicast(dev, apdev, convert):
-    params = {"ssid": "open"}
-    params["multicast_to_unicast"] = "1" if convert else "0"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    hwsim_utils.test_connectivity(dev[0], hapd, multicast_to_unicast=convert)
-    dev[0].request("DISCONNECT")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No disconnection event received from hostapd")
-
-def test_ap_open_multicast_to_unicast(dev, apdev):
-    """Multicast-to-unicast conversion enabled"""
-    run_multicast_to_unicast(dev, apdev, True)
-
-def test_ap_open_multicast_to_unicast_disabled(dev, apdev):
-    """Multicast-to-unicast conversion disabled"""
-    run_multicast_to_unicast(dev, apdev, False)
-
-def test_ap_open_drop_duplicate(dev, apdev, params):
-    """AP dropping duplicate management frames"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open",
-                                     "interworking": "1"})
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr().replace(':', '')
-    addr = "020304050607"
-    auth = "b0003a01" + bssid + addr + bssid + '1000000001000000'
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth):
-        raise Exception("MGMT_RX_PROCESS failed")
-    auth = "b0083a01" + bssid + addr + bssid + '1000000001000000'
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    ies = "00046f70656e010802040b160c12182432043048606c2d1a3c101bffff0000000000000000000001000000000000000000007f0a04000a020140004000013b155151525354737475767778797a7b7c7d7e7f808182dd070050f202000100"
-    assoc_req = "00003a01" + bssid + addr + bssid + "2000" + "21040500" + ies
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc_req):
-        raise Exception("MGMT_RX_PROCESS failed")
-    assoc_req = "00083a01" + bssid + addr + bssid + "2000" + "21040500" + ies
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc_req):
-        raise Exception("MGMT_RX_PROCESS failed")
-    reassoc_req = "20083a01" + bssid + addr + bssid + "2000" + "21040500" + ies
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % reassoc_req):
-        raise Exception("MGMT_RX_PROCESS failed")
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % reassoc_req):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    action = "d0003a01" + bssid + addr + bssid + "1000" + "040a006c0200000600000102000101"
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % action):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    action = "d0083a01" + bssid + addr + bssid + "1000" + "040a006c0200000600000102000101"
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % action):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type == 0", ["wlan.fc.subtype"])
-    num_auth = 0
-    num_assoc = 0
-    num_reassoc = 0
-    num_action = 0
-    for subtype in out.splitlines():
-        val = int(subtype)
-        if val == 11:
-            num_auth += 1
-        elif val == 1:
-            num_assoc += 1
-        elif val == 3:
-            num_reassoc += 1
-        elif val == 13:
-            num_action += 1
-    if num_auth != 1:
-        raise Exception("Unexpected number of Authentication frames: %d" % num_auth)
-    if num_assoc != 1:
-        raise Exception("Unexpected number of association frames: %d" % num_assoc)
-    if num_reassoc != 1:
-        raise Exception("Unexpected number of reassociation frames: %d" % num_reassoc)
-    if num_action != 1:
-        raise Exception("Unexpected number of Action frames: %d" % num_action)
-
-def test_ap_open_select_network_freq(dev, apdev):
-    """AP with open mode and use for SELECT_NETWORK freq parameter"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    id = dev[0].connect("open", key_mgmt="NONE", only_add_network=True)
-    dev[0].select_network(id, freq=2412)
-    start = os.times()[4]
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Scan not started")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=15)
-    if ev is None:
-        raise Exception("Scan not completed")
-    end = os.times()[4]
-    logger.info("Scan duration: {} seconds".format(end - start))
-    if end - start > 3:
-        raise Exception("Scan took unexpectedly long time")
-    dev[0].wait_connected()
-
-def test_ap_open_noncountry(dev, apdev):
-    """AP with open mode and noncountry entity as Country String"""
-    _test_ap_open_country(dev, apdev, "XX", "0x58")
-
-def test_ap_open_country_table_e4(dev, apdev):
-    """AP with open mode and Table E-4 Country String"""
-    _test_ap_open_country(dev, apdev, "DE", "0x04")
-
-def test_ap_open_country_indoor(dev, apdev):
-    """AP with open mode and indoor country code"""
-    _test_ap_open_country(dev, apdev, "DE", "0x49")
-
-def test_ap_open_country_outdoor(dev, apdev):
-    """AP with open mode and outdoor country code"""
-    _test_ap_open_country(dev, apdev, "DE", "0x4f")
-
-def _test_ap_open_country(dev, apdev, country_code, country3):
-    try:
-        hapd = None
-        hapd = run_ap_open_country(dev, apdev, country_code, country3)
-    finally:
-        clear_regdom(hapd, dev)
-
-def run_ap_open_country(dev, apdev, country_code, country3):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open",
-                                     "country_code": country_code,
-                                     "country3": country3,
-                                     "ieee80211d": "1"})
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[0].wait_regdom(country_ie=True)
-    return hapd
-
-def test_ap_open_disable_select(dev, apdev):
-    """DISABLE_NETWORK for connected AP followed by SELECT_NETWORK"""
-    hapd1 = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "open"})
-    id = dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-    dev[0].request("DISABLE_NETWORK %d" % id)
-    dev[0].wait_disconnected()
-    res = dev[0].request("BSSID_IGNORE")
-    if hapd1.own_addr() in res or hapd2.own_addr() in res:
-        raise Exception("Unexpected BSSID ignore list entry added")
-    dev[0].request("SELECT_NETWORK %d" % id)
-    dev[0].wait_connected()
-
-def test_ap_open_reassoc_same(dev, apdev):
-    """AP with open mode and STA reassociating back to same AP without auth exchange"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    try:
-        dev[0].request("SET reassoc_same_bss_optim 1")
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].request("SET reassoc_same_bss_optim 0")
-
-def test_ap_open_no_reflection(dev, apdev):
-    """AP with open mode, STA sending packets to itself"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    # test normal connectivity is OK
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    # test that we can't talk to ourselves
-    addr = dev[0].own_addr()
-    res = dev[0].request('DATA_TEST_CONFIG 1')
-    try:
-        assert 'OK' in res
-
-        cmd = "DATA_TEST_TX {} {} {}".format(addr, addr, 0)
-        dev[0].request(cmd)
-
-        ev = dev[0].wait_event(["DATA-TEST-RX"], timeout=1)
-
-        if ev is not None and "DATA-TEST-RX {} {}".format(addr, addr) in ev:
-            raise Exception("STA can unexpectedly talk to itself")
-    finally:
-        dev[0].request('DATA_TEST_CONFIG 0')
-
-def test_ap_no_auth_ack(dev, apdev):
-    """AP not receiving Authentication frame ACK"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open",
-                                     "ap_max_inactivity": "1"})
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr()
-    addr = "02:01:02:03:04:05"
-    frame = "b0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000" + "000001000000"
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for Authentication frame not reported")
-    if "ok=0 buf=b0" not in ev:
-        raise Exception("Unexpected TX status contents: " + ev)
-
-    # wait for STA to be removed due to timeout
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for Deauthentication frame not reported")
-    if "ok=0 buf=c0" not in ev:
-        raise Exception("Unexpected TX status contents (disconnect): " + ev)
-
-def test_ap_open_layer_2_update(dev, apdev, params):
-    """AP with open mode (no security) and Layer 2 Update frame"""
-    prefix = "ap_open_layer_2_update"
-    ifname = apdev[0]["ifname"]
-    cap = os.path.join(params['logdir'], prefix + "." + ifname + ".pcap")
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    wt = WlantestCapture(ifname, cap)
-    time.sleep(1)
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    time.sleep(1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    time.sleep(0.5)
-    wt.close()
-
-    # Check for Layer 2 Update frame and unexpected frames from the station
-    # that did not fully complete authentication.
-    res = run_tshark(cap, "basicxid.llc.xid.format == 0x81",
-                     ["eth.src"], wait=False)
-    real_sta_seen = False
-    unexpected_sta_seen = False
-    real_addr = dev[0].own_addr()
-    for l in res.splitlines():
-        if l == real_addr:
-            real_sta_seen = True
-        else:
-            unexpected_sta_seen = True
-    if unexpected_sta_seen:
-        raise Exception("Layer 2 Update frame from unexpected STA seen")
-    if not real_sta_seen:
-        raise Exception("Layer 2 Update frame from real STA not seen")
diff --git a/tests/hwsim/test_ap_params.py b/tests/hwsim/test_ap_params.py
deleted file mode 100644
index 72ac8e443ff9..000000000000
--- a/tests/hwsim/test_ap_params.py
+++ /dev/null
@@ -1,972 +0,0 @@
-# Test various AP mode parameters
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import os
-import struct
-import subprocess
-import time
-
-import hwsim_utils
-import hostapd
-from tshark import run_tshark
-from utils import *
-
-@remote_compatible
-def test_ap_fragmentation_rts_set_high(dev, apdev):
-    """WPA2-PSK AP with fragmentation and RTS thresholds larger than frame length"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['rts_threshold'] = "1000"
-    params['fragm_threshold'] = "2000"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].request("DISCONNECT")
-    hapd.disable()
-    hapd.set('fragm_threshold', '-1')
-    hapd.set('rts_threshold', '-1')
-    hapd.enable()
-
-@remote_compatible
-def test_ap_fragmentation_open(dev, apdev):
-    """Open AP with fragmentation threshold"""
-    ssid = "fragmentation"
-    params = {}
-    params['ssid'] = ssid
-    params['fragm_threshold'] = "1000"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].request("DISCONNECT")
-    hapd.disable()
-    hapd.set('fragm_threshold', '-1')
-    hapd.enable()
-
-@remote_compatible
-def test_ap_fragmentation_wpa2(dev, apdev):
-    """WPA2-PSK AP with fragmentation threshold"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['fragm_threshold'] = "1000"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].request("DISCONNECT")
-    hapd.disable()
-    hapd.set('fragm_threshold', '-1')
-    hapd.enable()
-
-def test_ap_vendor_elements(dev, apdev):
-    """WPA2-PSK AP with vendor elements added"""
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['vendor_elements'] = "dd0411223301"
-    params['assocresp_elements'] = "dd0411223302"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    bss = dev[0].get_bss(bssid)
-    if "dd0411223301" not in bss['ie']:
-        raise Exception("Vendor element not shown in scan results")
-
-    hapd.set('vendor_elements', 'dd051122330203dd0400137400dd04001374ff')
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    bss = dev[1].get_bss(bssid)
-    if "dd0411223301" in bss['ie']:
-        raise Exception("Old vendor element still in scan results")
-    if "dd051122330203" not in bss['ie']:
-        raise Exception("New vendor element not shown in scan results")
-
-def test_ap_element_parse(dev, apdev):
-    """Information element parsing - extra coverage"""
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-psk"
-    params = {'ssid': ssid,
-              'vendor_elements': "380501020304059e009e009e009e009e009e00"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    bss = dev[0].get_bss(bssid)
-    if "38050102030405" not in bss['ie']:
-        raise Exception("Timeout element not shown in scan results")
-
-@remote_compatible
-def test_ap_element_parse_oom(dev, apdev):
-    """Information element parsing OOM"""
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-psk"
-    params = {'ssid': ssid,
-              'vendor_elements': "dd0d506f9a0a00000600411c440028"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;ieee802_11_vendor_ie_concat"):
-        bss = dev[0].get_bss(bssid)
-        logger.info(str(bss))
-
-def test_ap_country(dev, apdev):
-    """WPA2-PSK AP setting country code and using 5 GHz band"""
-    try:
-        hapd = None
-        bssid = apdev[0]['bssid']
-        ssid = "test-wpa2-psk"
-        passphrase = 'qwertyuiop'
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        params['country_code'] = 'FI'
-        params['ieee80211d'] = '1'
-        params['hw_mode'] = 'a'
-        params['channel'] = '36'
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect(ssid, psk=passphrase, scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_ap_acl_accept(dev, apdev):
-    """MAC ACL accept list"""
-    ssid = "acl"
-    params = {}
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
-    hostapd.send_file(apdev[0], filename, filename)
-    params['ssid'] = ssid
-    params['accept_mac_file'] = filename
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    hapd.request("SET macaddr_acl 1")
-    dev[1].dump_monitor()
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_acl_deny(dev, apdev):
-    """MAC ACL deny list"""
-    ssid = "acl"
-    params = {}
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
-    hostapd.send_file(apdev[0], filename, filename)
-    params['ssid'] = ssid
-    params['deny_mac_file'] = filename
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", passive=True)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_acl_mgmt(dev, apdev):
-    """MAC ACL accept/deny management"""
-    ssid = "acl"
-    params = {}
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
-    hostapd.send_file(apdev[0], filename, filename)
-    params['ssid'] = ssid
-    params['deny_mac_file'] = filename
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
-    logger.info("accept: " + str(accept))
-    deny = hapd.request("DENY_ACL SHOW").splitlines()
-    logger.info("deny: " + str(deny))
-    if len(accept) != 0:
-        raise Exception("Unexpected number of accept entries")
-    if len(deny) != 3:
-        raise Exception("Unexpected number of deny entries")
-    if "01:01:01:01:01:01 VLAN_ID=0" not in deny:
-        raise Exception("Missing deny entry")
-
-    if "OK" not in hapd.request("ACCEPT_ACL DEL_MAC 22:33:44:55:66:77"):
-        raise Exception("DEL_MAC with empty list failed")
-    if "FAIL" not in hapd.request("ACCEPT_ACL ADD_MAC 22:33:44:55:66"):
-        raise Exception("ADD_MAC with invalid MAC address accepted")
-    hapd.request("ACCEPT_ACL ADD_MAC 22:33:44:55:66:77")
-    if "FAIL" not in hapd.request("ACCEPT_ACL DEL_MAC 22:33:44:55:66"):
-        raise Exception("DEL_MAC with invalid MAC address accepted")
-    hapd.request("DENY_ACL ADD_MAC 22:33:44:55:66:88 VLAN_ID=2")
-
-    accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
-    logger.info("accept: " + str(accept))
-    deny = hapd.request("DENY_ACL SHOW").splitlines()
-    logger.info("deny: " + str(deny))
-    if len(accept) != 1:
-        raise Exception("Unexpected number of accept entries (2)")
-    if len(deny) != 4:
-        raise Exception("Unexpected number of deny entries (2)")
-    if "01:01:01:01:01:01 VLAN_ID=0" not in deny:
-        raise Exception("Missing deny entry (2)")
-    if "22:33:44:55:66:88 VLAN_ID=2" not in deny:
-        raise Exception("Missing deny entry (2)")
-    if "22:33:44:55:66:77 VLAN_ID=0" not in accept:
-        raise Exception("Missing accept entry (2)")
-
-    hapd.request("ACCEPT_ACL DEL_MAC 22:33:44:55:66:77")
-    hapd.request("DENY_ACL DEL_MAC 22:33:44:55:66:88")
-
-    accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
-    logger.info("accept: " + str(accept))
-    deny = hapd.request("DENY_ACL SHOW").splitlines()
-    logger.info("deny: " + str(deny))
-    if len(accept) != 0:
-        raise Exception("Unexpected number of accept entries (3)")
-    if len(deny) != 3:
-        raise Exception("Unexpected number of deny entries (3)")
-    if "01:01:01:01:01:01 VLAN_ID=0" not in deny:
-        raise Exception("Missing deny entry (3)")
-
-    hapd.request("ACCEPT_ACL CLEAR")
-    hapd.request("DENY_ACL CLEAR")
-
-    accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
-    logger.info("accept: " + str(accept))
-    deny = hapd.request("DENY_ACL SHOW").splitlines()
-    logger.info("deny: " + str(deny))
-    if len(accept) != 0:
-        raise Exception("Unexpected number of accept entries (4)")
-    if len(deny) != 0:
-        raise Exception("Unexpected number of deny entries (4)")
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[0].dump_monitor()
-    hapd.request("DENY_ACL ADD_MAC " + dev[0].own_addr())
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_acl_accept_changes(dev, apdev):
-    """MAC ACL accept list changes"""
-    ssid = "acl"
-    params = {}
-    params['ssid'] = ssid
-    params['macaddr_acl'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("ACCEPT_ACL ADD_MAC " + dev[0].own_addr())
-    hapd.request("ACCEPT_ACL ADD_MAC " + dev[1].own_addr())
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hapd.request("ACCEPT_ACL DEL_MAC " + dev[0].own_addr())
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    hapd.request("ACCEPT_ACL CLEAR")
-    dev[1].wait_disconnected()
-    dev[1].request("DISCONNECT")
-
-@remote_compatible
-def test_ap_wds_sta(dev, apdev):
-    """WPA2-PSK AP with STA using 4addr mode"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wds_sta'] = "1"
-    params['wds_bridge'] = "wds-br0"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
-        dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-        ev = hapd.wait_event(["WDS-STA-INTERFACE-ADDED"], timeout=10)
-        if ev is None:
-            raise Exception("No WDS-STA-INTERFACE-ADDED event seen")
-        if "sta_addr=" + dev[0].own_addr() not in ev:
-            raise Exception("No sta_addr match in " + ev)
-        if "ifname=" + hapd.ifname + ".sta" not in ev:
-            raise Exception("No ifname match in " + ev)
-        sta = hapd.get_sta(dev[0].own_addr())
-        if "wds_sta_ifname" not in sta:
-            raise Exception("Missing wds_sta_ifname in STA data")
-        if "ifname=" + sta['wds_sta_ifname'] not in ev:
-            raise Exception("wds_sta_ifname %s not in event: %s" %
-                            (sta['wds_sta_ifname'], ev))
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-        dev[0].request("SET reassoc_same_bss_optim 1")
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=5, timeout=1)
-    finally:
-        dev[0].request("SET reassoc_same_bss_optim 0")
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
-        dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
-
-def test_ap_wds_sta_eap(dev, apdev):
-    """WPA2-EAP AP with STA using 4addr mode"""
-    ssid = "test-wpa2-eap"
-    params = hostapd.wpa2_eap_params(ssid=ssid)
-    params['wds_sta'] = "1"
-    params['wds_bridge'] = "wds-br0"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
-        dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
-        dev[0].connect(ssid, key_mgmt="WPA-EAP", eap="GPSK",
-                       identity="gpsk user",
-                       password="abcdefghijklmnop0123456789abcdef",
-                       scan_freq="2412")
-        ev = hapd.wait_event(["WDS-STA-INTERFACE-ADDED"], timeout=10)
-        if ev is None:
-            raise Exception("No WDS-STA-INTERFACE-ADDED event seen")
-        if "sta_addr=" + dev[0].own_addr() not in ev:
-            raise Exception("No sta_addr match in " + ev)
-        if "ifname=" + hapd.ifname + ".sta" not in ev:
-            raise Exception("No ifname match in " + ev)
-        sta = hapd.get_sta(dev[0].own_addr())
-        if "wds_sta_ifname" not in sta:
-            raise Exception("Missing wds_sta_ifname in STA data")
-        if "ifname=" + sta['wds_sta_ifname'] not in ev:
-            raise Exception("wds_sta_ifname %s not in event: %s" %
-                            (sta['wds_sta_ifname'], ev))
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-    finally:
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
-        dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
-
-def test_ap_wds_sta_open(dev, apdev):
-    """Open AP with STA using 4addr mode"""
-    ssid = "test-wds-open"
-    params = {}
-    params['ssid'] = ssid
-    params['wds_sta'] = "1"
-    params['wds_bridge'] = "wds-br0"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
-        dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
-        dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-        dev[0].request("SET reassoc_same_bss_optim 1")
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=5, timeout=1)
-    finally:
-        dev[0].request("SET reassoc_same_bss_optim 0")
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
-        dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
-
-def test_ap_wds_sta_wep(dev, apdev):
-    """WEP AP with STA using 4addr mode"""
-    check_wep_capa(dev[0])
-    ssid = "test-wds-wep"
-    params = {}
-    params['ssid'] = ssid
-    params["ieee80211n"] = "0"
-    params['wep_key0'] = '"hello"'
-    params['wds_sta'] = "1"
-    params['wds_bridge'] = "wds-br0"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
-        dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
-        dev[0].connect(ssid, key_mgmt="NONE", wep_key0='"hello"',
-                       scan_freq="2412")
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=15)
-        dev[0].request("SET reassoc_same_bss_optim 1")
-        dev[0].request("REATTACH")
-        dev[0].wait_connected()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
-                                            max_tries=5, timeout=1)
-    finally:
-        dev[0].request("SET reassoc_same_bss_optim 0")
-        dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
-        dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
-
-@remote_compatible
-def test_ap_inactivity_poll(dev, apdev):
-    """AP using inactivity poll"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['ap_max_inactivity'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("MGMT RX wait timed out for Deauth")
-    hapd.set("ext_mgmt_frame_handling", "0")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=30)
-    if ev is None:
-        raise Exception("STA disconnection on inactivity was not reported")
-
-@remote_compatible
-def test_ap_inactivity_disconnect(dev, apdev):
-    """AP using inactivity disconnect"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['ap_max_inactivity'] = "1"
-    params['skip_inactivity_poll'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("MGMT RX wait timed out for Deauth")
-    hapd.set("ext_mgmt_frame_handling", "0")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=30)
-    if ev is None:
-        raise Exception("STA disconnection on inactivity was not reported")
-
-@remote_compatible
-def test_ap_basic_rates(dev, apdev):
-    """Open AP with lots of basic rates"""
-    ssid = "basic rates"
-    params = {}
-    params['ssid'] = ssid
-    params['basic_rates'] = "10 20 55 110 60 90 120 180 240 360 480 540"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ap_short_preamble(dev, apdev):
-    """Open AP with short preamble"""
-    ssid = "short preamble"
-    params = {}
-    params['ssid'] = ssid
-    params['preamble'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-def test_ap_spectrum_management_required(dev, apdev):
-    """Open AP with spectrum management required"""
-    ssid = "spectrum mgmt"
-    params = {}
-    params['ssid'] = ssid
-    params["country_code"] = "JP"
-    params["hw_mode"] = "a"
-    params["channel"] = "36"
-    params["ieee80211d"] = "1"
-    params["local_pwr_constraint"] = "3"
-    params['spectrum_mgmt_required'] = "1"
-    try:
-        hapd = None
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect(ssid, key_mgmt="NONE", scan_freq="5180")
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-@remote_compatible
-def test_ap_max_listen_interval(dev, apdev):
-    """Open AP with maximum listen interval limit"""
-    ssid = "listen"
-    params = {}
-    params['ssid'] = ssid
-    params['max_listen_interval'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-    if ev is None:
-        raise Exception("Association rejection not reported")
-    if "status_code=51" not in ev:
-        raise Exception("Unexpected ASSOC-REJECT reason")
-
-@remote_compatible
-def test_ap_max_num_sta(dev, apdev):
-    """Open AP with maximum STA count"""
-    ssid = "max"
-    params = {}
-    params['ssid'] = ssid
-    params['max_num_sta'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-
-def test_ap_max_num_sta_no_probe_resp(dev, apdev, params):
-    """Maximum STA count and limit on Probe Response frames"""
-    logdir = params['logdir']
-    dev[0].flush_scan_cache()
-    ssid = "max"
-    params = {}
-    params['ssid'] = ssid
-    params['beacon_int'] = "2000"
-    params['max_num_sta'] = "1"
-    params['no_probe_resp_if_max_sta'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[0].scan(freq=2412, type="ONLY")
-    dev[0].scan(freq=2412, type="ONLY")
-    seen = dev[0].get_bss(apdev[0]['bssid']) != None
-    dev[1].scan(freq=2412, type="ONLY")
-    if seen:
-        out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"),
-                         "wlan.fc.type_subtype == 5", ["wlan.da"])
-        if out:
-            if dev[0].own_addr() not in out:
-                # Discovery happened through Beacon frame reception. That's not
-                # an error case.
-                seen = False
-            if dev[1].own_addr() not in out:
-                raise Exception("No Probe Response frames to dev[1] seen")
-        if seen:
-            raise Exception("AP found unexpectedly")
-
-@remote_compatible
-def test_ap_tx_queue_params(dev, apdev):
-    """Open AP with TX queue params set"""
-    ssid = "tx"
-    params = {}
-    params['ssid'] = ssid
-    params['tx_queue_data2_aifs'] = "4"
-    params['tx_queue_data2_cwmin'] = "7"
-    params['tx_queue_data2_cwmax'] = "1023"
-    params['tx_queue_data2_burst'] = "4.2"
-    params['tx_queue_data1_aifs'] = "4"
-    params['tx_queue_data1_cwmin'] = "7"
-    params['tx_queue_data1_cwmax'] = "1023"
-    params['tx_queue_data1_burst'] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_tx_queue_params_invalid(dev, apdev):
-    """Invalid TX queue params set (cwmin/cwmax)"""
-    ssid = "tx"
-    params = {}
-    params['ssid'] = ssid
-    params['tx_queue_data2_aifs'] = "4"
-    params['tx_queue_data2_cwmin'] = "7"
-    params['tx_queue_data2_cwmax'] = "1023"
-    params['tx_queue_data2_burst'] = "4.2"
-    params['wmm_ac_bk_cwmin'] = "4"
-    params['wmm_ac_bk_cwmax'] = "10"
-    params['wmm_ac_bk_aifs'] = "7"
-    params['wmm_ac_bk_txop_limit'] = "0"
-    params['wmm_ac_bk_acm'] = "0"
-
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # Valid WMM change
-    hapd.set("wmm_ac_be_cwmin", "3")
-
-    # "Invalid TX queue cwMin/cwMax values. cwMin(7) greater than cwMax(3)"
-    if "FAIL" not in hapd.request('SET tx_queue_data2_cwmax 3'):
-        raise Exception("TX cwMax < cwMin accepted")
-    # "Invalid WMM AC cwMin/cwMax values. cwMin(4) greater than cwMax(3)"
-    if "FAIL" not in hapd.request('SET wmm_ac_bk_cwmax 3'):
-        raise Exception("AC cwMax < cwMin accepted")
-
-    hapd.request("SET tx_queue_data2_cwmax 1023")
-    hapd.set("wmm_ac_bk_cwmax", "10")
-    # Invalid IEs to cause WMM parameter update failing
-    hapd.set("vendor_elements", "dd04112233")
-    hapd.set("wmm_ac_be_cwmin", "3")
-    # Valid IEs to cause WMM parameter update succeeding
-    hapd.set("vendor_elements", "dd0411223344")
-    hapd.set("wmm_ac_be_cwmin", "3")
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-def test_ap_beacon_rate_legacy(dev, apdev):
-    """Open AP with Beacon frame TX rate 5.5 Mbps"""
-    hapd = hostapd.add_ap(apdev[0], {'ssid': 'beacon-rate'})
-    res = hapd.get_driver_status_field('capa.flags')
-    if (int(res, 0) & 0x0000080000000000) == 0:
-        raise HwsimSkip("Setting Beacon frame TX rate not supported")
-    hapd.disable()
-    hapd.set('beacon_rate', '55')
-    hapd.enable()
-    dev[0].connect('beacon-rate', key_mgmt="NONE", scan_freq="2412")
-    time.sleep(0.5)
-
-def test_ap_beacon_rate_legacy2(dev, apdev):
-    """Open AP with Beacon frame TX rate 12 Mbps in VHT BSS"""
-    hapd = hostapd.add_ap(apdev[0], {'ssid': 'beacon-rate'})
-    res = hapd.get_driver_status_field('capa.flags')
-    if (int(res, 0) & 0x0000080000000000) == 0:
-        raise HwsimSkip("Setting Beacon frame TX rate not supported")
-    hapd.disable()
-    hapd.set('beacon_rate', '120')
-    hapd.set("country_code", "DE")
-    hapd.set("hw_mode", "a")
-    hapd.set("channel", "36")
-    hapd.set("ieee80211n", "1")
-    hapd.set("ieee80211ac", "1")
-    hapd.set("ht_capab", "[HT40+]")
-    hapd.set("vht_capab", "")
-    hapd.set("vht_oper_chwidth", "0")
-    hapd.set("vht_oper_centr_freq_seg0_idx", "0")
-    try:
-        hapd.enable()
-        dev[0].scan_for_bss(hapd.own_addr(), freq="5180")
-        dev[0].connect('beacon-rate', key_mgmt="NONE", scan_freq="5180")
-        time.sleep(0.5)
-    finally:
-        dev[0].request("DISCONNECT")
-        hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-
-def test_ap_beacon_rate_ht(dev, apdev):
-    """Open AP with Beacon frame TX rate HT-MCS 0"""
-    hapd = hostapd.add_ap(apdev[0], {'ssid': 'beacon-rate'})
-    res = hapd.get_driver_status_field('capa.flags')
-    if (int(res, 0) & 0x0000100000000000) == 0:
-        raise HwsimSkip("Setting Beacon frame TX rate not supported")
-    hapd.disable()
-    hapd.set('beacon_rate', 'ht:0')
-    hapd.enable()
-    dev[0].connect('beacon-rate', key_mgmt="NONE", scan_freq="2412")
-    time.sleep(0.5)
-
-def test_ap_beacon_rate_ht2(dev, apdev):
-    """Open AP with Beacon frame TX rate HT-MCS 1 in VHT BSS"""
-    hapd = hostapd.add_ap(apdev[0], {'ssid': 'beacon-rate'})
-    res = hapd.get_driver_status_field('capa.flags')
-    if (int(res, 0) & 0x0000100000000000) == 0:
-        raise HwsimSkip("Setting Beacon frame TX rate not supported")
-    hapd.disable()
-    hapd.set('beacon_rate', 'ht:1')
-    hapd.set("country_code", "DE")
-    hapd.set("hw_mode", "a")
-    hapd.set("channel", "36")
-    hapd.set("ieee80211n", "1")
-    hapd.set("ieee80211ac", "1")
-    hapd.set("ht_capab", "[HT40+]")
-    hapd.set("vht_capab", "")
-    hapd.set("vht_oper_chwidth", "0")
-    hapd.set("vht_oper_centr_freq_seg0_idx", "0")
-    try:
-        hapd.enable()
-        dev[0].scan_for_bss(hapd.own_addr(), freq="5180")
-        dev[0].connect('beacon-rate', key_mgmt="NONE", scan_freq="5180")
-        time.sleep(0.5)
-    finally:
-        dev[0].request("DISCONNECT")
-        hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-
-def test_ap_beacon_rate_vht(dev, apdev):
-    """Open AP with Beacon frame TX rate VHT-MCS 0"""
-    hapd = hostapd.add_ap(apdev[0], {'ssid': 'beacon-rate'})
-    res = hapd.get_driver_status_field('capa.flags')
-    if (int(res, 0) & 0x0000200000000000) == 0:
-        raise HwsimSkip("Setting Beacon frame TX rate not supported")
-    hapd.disable()
-    hapd.set('beacon_rate', 'vht:0')
-    hapd.set("country_code", "DE")
-    hapd.set("hw_mode", "a")
-    hapd.set("channel", "36")
-    hapd.set("ieee80211n", "1")
-    hapd.set("ieee80211ac", "1")
-    hapd.set("ht_capab", "[HT40+]")
-    hapd.set("vht_capab", "")
-    hapd.set("vht_oper_chwidth", "0")
-    hapd.set("vht_oper_centr_freq_seg0_idx", "0")
-    try:
-        hapd.enable()
-        dev[0].scan_for_bss(hapd.own_addr(), freq="5180")
-        dev[0].connect('beacon-rate', key_mgmt="NONE", scan_freq="5180")
-        time.sleep(0.5)
-    finally:
-        dev[0].request("DISCONNECT")
-        hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-
-def test_ap_wep_to_wpa(dev, apdev):
-    """WEP to WPA2-PSK configuration change in hostapd"""
-    check_wep_capa(dev[0])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-to-wpa",
-                           "wep_key0": '"hello"'})
-    dev[0].flush_scan_cache()
-    dev[0].connect("wep-to-wpa", key_mgmt="NONE", wep_key0='"hello"',
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.disable()
-    hapd.set("wep_key0", "")
-    hapd.set("wpa_passphrase", "12345678")
-    hapd.set("wpa", "2")
-    hapd.set("wpa_key_mgmt", "WPA-PSK")
-    hapd.set("rsn_pairwise", "CCMP")
-    hapd.enable()
-
-    dev[0].connect("wep-to-wpa", psk="12345678", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_missing_psk(dev, apdev):
-    """WPA2-PSK AP and no PSK configured"""
-    ssid = "test-wpa2-psk"
-    params = hostapd.wpa2_params(ssid=ssid)
-    try:
-        # "WPA-PSK enabled, but PSK or passphrase is not configured."
-        hostapd.add_ap(apdev[0], params)
-        raise Exception("AP setup succeeded unexpectedly")
-    except Exception as e:
-        if "Failed to enable hostapd" in str(e):
-            pass
-        else:
-            raise
-
-def test_ap_eapol_version(dev, apdev):
-    """hostapd eapol_version configuration"""
-    passphrase = "asdfghjkl"
-    params = hostapd.wpa2_params(ssid="test1", passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = hostapd.wpa2_params(ssid="test2", passphrase=passphrase)
-    params['eapol_version'] = '1'
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].connect("test1", psk=passphrase, scan_freq="2412",
-                   wait_connect=False)
-    ev1 = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev1 is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    hapd.request("SET ext_eapol_frame_io 0")
-
-    hapd2.request("SET ext_eapol_frame_io 1")
-    dev[1].connect("test2", psk=passphrase, scan_freq="2412",
-                   wait_connect=False)
-    ev2 = hapd2.wait_event(["EAPOL-TX"], timeout=15)
-    if ev2 is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    hapd2.request("SET ext_eapol_frame_io 0")
-
-    dev[0].wait_connected()
-    dev[1].wait_connected()
-
-    ver1 = ev1.split(' ')[2][0:2]
-    ver2 = ev2.split(' ')[2][0:2]
-    if ver1 != "02":
-        raise Exception("Unexpected default eapol_version: " + ver1)
-    if ver2 != "01":
-        raise Exception("eapol_version did not match configuration: " + ver2)
-
-def test_ap_dtim_period(dev, apdev):
-    """DTIM period configuration"""
-    ssid = "dtim-period"
-    params = {'ssid': ssid, 'dtim_period': "10"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    for i in range(10):
-        dev[0].scan(freq="2412")
-        bss = dev[0].get_bss(bssid)
-        if 'beacon_ie' in bss:
-            break
-        time.sleep(0.2)
-    if 'beacon_ie' not in bss:
-        raise Exception("Did not find Beacon IEs")
-
-    ie = parse_ie(bss['beacon_ie'])
-    if 5 not in ie:
-        raise Exception("TIM element missing")
-    count, period = struct.unpack('BB', ie[5][0:2])
-    logger.info("DTIM count %d  DTIM period %d" % (count, period))
-    if period != 10:
-        raise Exception("Unexpected DTIM period: %d" % period)
-    if count >= period:
-        raise Exception("Unexpected DTIM count: %d" % count)
-
-def test_ap_no_probe_resp(dev, apdev):
-    """AP with Probe Response frame sending from hostapd disabled"""
-    ssid = "no-probe-resp"
-    params = {'ssid': ssid, 'send_probe_response': "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq="2412", passive=True)
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    bss = dev[0].get_bss(bssid)
-    if 'ie' in bss and 'beacon_ie' in bss and \
-       len(bss['ie']) != len(bss['beacon_ie']):
-        raise Exception("Probe Response frames seen")
-
-def test_ap_long_preamble(dev, apdev):
-    """AP with long preamble"""
-    ssid = "long-preamble"
-    params = {'ssid': ssid, 'preamble': "0",
-              'hw_mode': 'b', 'ieee80211n': '0',
-              'supported_rates': '10', 'basic_rates': '10'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wmm_uapsd(dev, apdev):
-    """AP with U-APSD advertisement"""
-    ssid = "uapsd"
-    params = {'ssid': ssid, 'uapsd_advertisement_enabled': "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wowlan_triggers(dev, apdev):
-    """AP with wowlan_triggers"""
-    ssid = "wowlan"
-    params = {'ssid': ssid, 'wowlan_triggers': "any"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_notify_mgmt_frames(dev, apdev):
-    """hostapd notify_mgmt_frames configuration enabled"""
-    ssid = "mgmt_frames"
-    params = {'ssid': ssid, 'notify_mgmt_frames': "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    ev = hapd.wait_event(["AP-MGMT-FRAME-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("AP-MGMT-FRAME-RECEIVED wait timed out")
-    if "buf=b0" not in ev:
-        raise Exception("Expected auth request in AP-MGMT-FRAME-RECEIVED")
-
-def test_ap_notify_mgmt_frames_disabled(dev, apdev):
-    """hostapd notify_mgmt_frames configuration disabled"""
-    ssid = "mgmt_frames"
-    params = {'ssid': ssid, 'notify_mgmt_frames': "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    ev = hapd.wait_event(["AP-MGMT-FRAME-RECEIVED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected AP-MGMT-FRAME-RECEIVED")
-
-def test_ap_airtime_policy_static(dev, apdev):
-    """Airtime policy - static"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['airtime_mode'] = "1"
-    params['airtime_update_interval'] = "200"
-    params['airtime_sta_weight'] = dev[0].own_addr() + " 512"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    time.sleep(1)
-
-def test_ap_airtime_policy_per_bss_dynamic(dev, apdev):
-    """Airtime policy - per-BSS dynamic"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['airtime_mode'] = "2"
-    params['airtime_update_interval'] = "200"
-    params['airtime_bss_weight'] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    time.sleep(1)
-
-def test_ap_airtime_policy_per_bss_limit(dev, apdev):
-    """Airtime policy - per-BSS limit"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['airtime_mode'] = "3"
-    params['airtime_update_interval'] = "200"
-    params['airtime_bss_weight'] = "2"
-    params['airtime_bss_limit'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    time.sleep(1)
-    hapd.set("force_backlog_bytes", "1")
-    time.sleep(1)
-
-def test_ap_airtime_policy_per_bss_limit_invalid(dev, apdev):
-    """Airtime policy - per-BSS limit (invalid)"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['airtime_mode'] = "3"
-    params['airtime_update_interval'] = "0"
-    params['airtime_bss_weight'] = "2"
-    params['airtime_bss_limit'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid airtime policy configuration accepted")
-    hapd.set("airtime_update_interval", "200")
-    hapd.enable()
-    hapd.set("airtime_update_interval", "0")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    time.sleep(1)
diff --git a/tests/hwsim/test_ap_pmf.py b/tests/hwsim/test_ap_pmf.py
deleted file mode 100644
index 6c2a58ac4df2..000000000000
--- a/tests/hwsim/test_ap_pmf.py
+++ /dev/null
@@ -1,1204 +0,0 @@
-# Protected management frames tests
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import os
-import time
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-import hostapd
-from utils import *
-from wlantest import Wlantest
-from wpasupplicant import WpaSupplicant
-
-@remote_compatible
-def test_ap_pmf_required(dev, apdev):
-    """WPA2-PSK AP with PMF required"""
-    ssid = "test-pmf-required"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-PSK-SHA256":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    if "[WPA2-PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[1].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[1], hapd)
-    if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
-        raise Exception("SA_QUERY failed")
-    if "OK" not in hapd.request("SA_QUERY " + dev[1].own_addr()):
-        raise Exception("SA_QUERY failed")
-    if "FAIL" not in hapd.request("SA_QUERY foo"):
-        raise Exception("Invalid SA_QUERY accepted")
-    wt.require_ap_pmf_mandatory(apdev[0]['bssid'])
-    wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
-    wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
-    time.sleep(0.1)
-    if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
-                          dev[0].p2p_interface_addr()) < 1:
-        raise Exception("STA did not reply to SA Query")
-    if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
-                          dev[1].p2p_interface_addr()) < 1:
-        raise Exception("STA did not reply to SA Query")
-
-def start_ocv_ap(apdev):
-    ssid = "test-pmf-required"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    try:
-        hapd = hostapd.add_ap(apdev, params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    return hapd, ssid, wt
-
-@remote_compatible
-def test_ocv_sa_query(dev, apdev):
-    """Test SA Query with OCV"""
-    hapd, ssid, wt = start_ocv_ap(apdev[0])
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-
-    # Test that client can handle SA Query with OCI element
-    if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
-        raise Exception("SA_QUERY failed")
-    ev = hapd.wait_event(["OCV-FAILURE"], timeout=0.1)
-    if ev:
-        raise Exception("Unexpected OCV failure reported")
-    if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
-                          dev[0].own_addr()) < 1:
-        raise Exception("STA did not reply to SA Query")
-
-    # Test that AP can handle SA Query with OCI element
-    if "OK" not in dev[0].request("UNPROT_DEAUTH"):
-        raise Exception("Triggering SA Query from the STA failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
-    if ev is not None:
-        raise Exception("SA Query from the STA failed")
-
-@remote_compatible
-def test_ocv_sa_query_csa(dev, apdev):
-    """Test SA Query with OCV after channel switch"""
-    hapd, ssid, wt = start_ocv_ap(apdev[0])
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-
-    hapd.request("CHAN_SWITCH 5 2437")
-    time.sleep(1)
-    if wt.get_sta_counter("valid_saqueryreq_tx", apdev[0]['bssid'],
-                          dev[0].own_addr()) < 1:
-        raise Exception("STA did not start SA Query after channel switch")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=16)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-def test_ocv_sa_query_csa_no_resp(dev, apdev):
-    """Test SA Query with OCV after channel switch getting no response"""
-    hapd, ssid, wt = start_ocv_ap(apdev[0])
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    hapd.request("CHAN_SWITCH 5 2437")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnection after CSA not reported")
-    if "locally_generated=1" not in ev:
-        raise Exception("Unexpectedly disconnected by AP: " + ev)
-
-def test_ocv_sa_query_csa_missing(dev, apdev):
-    """Test SA Query with OCV missing after channel switch"""
-    hapd, ssid, wt = start_ocv_ap(apdev[0])
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    ev = hapd.wait_event(['MGMT-RX'], timeout=5)
-    if ev is None:
-        raise Exception("Deauthentication frame RX not reported")
-    hapd.set("ext_mgmt_frame_handling", "0")
-    hapd.request("CHAN_SWITCH 5 2437")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("No disconnection event received from hostapd")
-
-@remote_compatible
-def test_ap_pmf_optional(dev, apdev):
-    """WPA2-PSK AP with PMF optional"""
-    ssid = "test-pmf-optional"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["ieee80211w"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[1].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[1], hapd)
-    wt.require_ap_pmf_optional(apdev[0]['bssid'])
-    wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
-    wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
-
-@remote_compatible
-def test_ap_pmf_optional_2akm(dev, apdev):
-    """WPA2-PSK AP with PMF optional (2 AKMs)"""
-    ssid = "test-pmf-optional-2akm"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256"
-    params["ieee80211w"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[1].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[1], hapd)
-    wt.require_ap_pmf_optional(apdev[0]['bssid'])
-    wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
-    wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[0].p2p_interface_addr(),
-                            "PSK-SHA256")
-    wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
-    wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[1].p2p_interface_addr(),
-                            "PSK-SHA256")
-
-@remote_compatible
-def test_ap_pmf_negative(dev, apdev):
-    """WPA2-PSK AP without PMF (negative test)"""
-    ssid = "test-pmf-negative"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    try:
-        dev[1].connect(ssid, psk="12345678", ieee80211w="2",
-                       key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                       scan_freq="2412")
-        hwsim_utils.test_connectivity(dev[1], hapd)
-        raise Exception("PMF required STA connected to no PMF AP")
-    except Exception as e:
-        logger.debug("Ignore expected exception: " + str(e))
-    wt.require_ap_no_pmf(apdev[0]['bssid'])
-
-@remote_compatible
-def test_ap_pmf_assoc_comeback(dev, apdev):
-    """WPA2-PSK AP with PMF association comeback"""
-    ssid = "assoc-comeback"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
-    if wt.get_sta_counter("assocresp_comeback", apdev[0]['bssid'],
-                          dev[0].p2p_interface_addr()) < 1:
-        raise Exception("AP did not use association comeback request")
-
-@remote_compatible
-def test_ap_pmf_assoc_comeback2(dev, apdev):
-    """WPA2-PSK AP with PMF association comeback (using DROP_SA)"""
-    ssid = "assoc-comeback"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["ieee80211w"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK", proto="WPA2", scan_freq="2412")
-    if "OK" not in dev[0].request("DROP_SA"):
-        raise Exception("DROP_SA failed")
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
-    if wt.get_sta_counter("reassocresp_comeback", apdev[0]['bssid'],
-                          dev[0].p2p_interface_addr()) < 1:
-        raise Exception("AP did not use reassociation comeback request")
-
-@remote_compatible
-def test_ap_pmf_assoc_comeback_wps(dev, apdev):
-    """WPA2-PSK AP with PMF association comeback (WPS)"""
-    ssid = "assoc-comeback"
-    appin = "12345670"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params["eap_server"] = "1"
-    params["wps_state"] = "2"
-    params["ap_pin"] = appin
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].wps_reg(apdev[0]['bssid'], appin)
-    if wt.get_sta_counter("assocresp_comeback", apdev[0]['bssid'],
-                          dev[0].p2p_interface_addr()) < 1:
-        raise Exception("AP did not use association comeback request")
-
-def test_ap_pmf_ap_dropping_sa(dev, apdev):
-    """WPA2-PSK PMF AP dropping SA"""
-    ssid = "pmf"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    addr0 = dev[0].own_addr()
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    # Drop SA and association at the AP locally without notifying the STA. This
-    # results in the STA getting unprotected Deauthentication frames when trying
-    # to transmit the next Class 3 frame.
-    if "OK" not in hapd.request("DEAUTHENTICATE " + addr0 + " tx=0"):
-        raise Exception("DEAUTHENTICATE command failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection event after DEAUTHENTICATE tx=0: " + ev)
-    dev[0].request("DATA_TEST_CONFIG 1")
-    dev[0].request("DATA_TEST_TX " + bssid + " " + addr0)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    dev[0].request("DATA_TEST_CONFIG 0")
-    if ev is None or "locally_generated=1" not in ev:
-        raise Exception("Locally generated disconnection not reported")
-
-def test_ap_pmf_valid_broadcast_deauth(dev, apdev):
-    """WPA2-PSK PMF AP sending valid broadcast deauth without dropping SA"""
-    run_ap_pmf_valid(dev, apdev, False, True)
-
-def test_ap_pmf_valid_broadcast_disassoc(dev, apdev):
-    """WPA2-PSK PMF AP sending valid broadcast disassoc without dropping SA"""
-    run_ap_pmf_valid(dev, apdev, True, True)
-
-def test_ap_pmf_valid_unicast_deauth(dev, apdev):
-    """WPA2-PSK PMF AP sending valid unicast deauth without dropping SA"""
-    run_ap_pmf_valid(dev, apdev, False, False)
-
-def test_ap_pmf_valid_unicast_disassoc(dev, apdev):
-    """WPA2-PSK PMF AP sending valid unicast disassoc without dropping SA"""
-    run_ap_pmf_valid(dev, apdev, True, False)
-
-def run_ap_pmf_valid(dev, apdev, disassociate, broadcast):
-    ssid = "pmf"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    addr0 = dev[0].own_addr()
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    cmd = "DISASSOCIATE " if disassociate else "DEAUTHENTICATE "
-    cmd += "ff:ff:ff:ff:ff:ff" if broadcast else addr0
-    cmd += " test=1"
-    if "OK" not in hapd.request(cmd):
-        raise Exception("hostapd command failed")
-    sta = hapd.get_sta(addr0)
-    if not sta:
-        raise Exception("STA entry lost")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    if "locally_generated=1" in ev:
-        raise Exception("Unexpected locally generated disconnection")
-
-    # Wait for SA Query procedure to fail and association comeback to succeed
-    dev[0].wait_connected()
-
-def start_wpas_ap(ssid):
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="use_monitor=1")
-    id = wpas.add_network()
-    wpas.set_network(id, "mode", "2")
-    wpas.set_network_quoted(id, "ssid", ssid)
-    wpas.set_network(id, "proto", "WPA2")
-    wpas.set_network(id, "key_mgmt", "WPA-PSK-SHA256")
-    wpas.set_network(id, "ieee80211w", "2")
-    wpas.set_network_quoted(id, "psk", "12345678")
-    wpas.set_network(id, "pairwise", "CCMP")
-    wpas.set_network(id, "group", "CCMP")
-    wpas.set_network(id, "frequency", "2412")
-    wpas.set_network(id, "scan_freq", "2412")
-    wpas.connect_network(id)
-    wpas.dump_monitor()
-    return wpas
-
-def test_ap_pmf_sta_sa_query(dev, apdev):
-    """WPA2-PSK AP with station using SA Query"""
-    ssid = "assoc-comeback"
-    addr = dev[0].own_addr()
-
-    wpas = start_wpas_ap(ssid)
-    bssid = wpas.own_addr()
-
-    Wlantest.setup(wpas)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    wpas.dump_monitor()
-    wpas.request("DEAUTHENTICATE " + addr + " test=0")
-    wpas.dump_monitor()
-    wpas.request("DISASSOCIATE " + addr + " test=0")
-    wpas.dump_monitor()
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
-    wpas.dump_monitor()
-    wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
-    wpas.dump_monitor()
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
-        raise Exception("STA did not send SA Query")
-    if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) < 1:
-        raise Exception("AP did not reply to SA Query")
-    wpas.dump_monitor()
-
-def test_ap_pmf_sta_sa_query_no_response(dev, apdev):
-    """WPA2-PSK AP with station using SA Query and getting no response"""
-    ssid = "assoc-comeback"
-    addr = dev[0].own_addr()
-
-    wpas = start_wpas_ap(ssid)
-    bssid = wpas.own_addr()
-
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    wpas.dump_monitor()
-    wpas.request("DEAUTHENTICATE " + addr + " test=0")
-    wpas.dump_monitor()
-    wpas.request("DISASSOCIATE " + addr + " test=0")
-    wpas.dump_monitor()
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    wpas.request("SET ext_mgmt_frame_handling 1")
-    wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
-    wpas.dump_monitor()
-    wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
-    wpas.dump_monitor()
-    dev[0].wait_disconnected()
-    wpas.dump_monitor()
-    wpas.request("SET ext_mgmt_frame_handling 0")
-    dev[0].wait_connected()
-    wpas.dump_monitor()
-
-def test_ap_pmf_sta_unprot_deauth_burst(dev, apdev):
-    """WPA2-PSK AP with station receiving burst of unprotected Deauthentication frames"""
-    ssid = "deauth-attack"
-    addr = dev[0].own_addr()
-
-    wpas = start_wpas_ap(ssid)
-    bssid = wpas.own_addr()
-
-    Wlantest.setup(wpas)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-
-    for i in range(0, 10):
-        wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
-        wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
-    num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
-    if num_req < 1:
-        raise Exception("STA did not send SA Query")
-    if num_resp < 1:
-        raise Exception("AP did not reply to SA Query")
-    if num_req > 1:
-        raise Exception("STA initiated too many SA Query procedures (%d)" % num_req)
-
-    time.sleep(10)
-    for i in range(0, 5):
-        wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
-        wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
-    num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
-    if num_req != 2 or num_resp != 2:
-        raise Exception("Unexpected number of SA Query procedures (req=%d resp=%d)" % (num_req, num_resp))
-
-def test_ap_pmf_sta_sa_query_oom(dev, apdev):
-    """WPA2-PSK AP with station using SA Query (OOM)"""
-    ssid = "assoc-comeback"
-    addr = dev[0].own_addr()
-    wpas = start_wpas_ap(ssid)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    with alloc_fail(dev[0], 1, "=sme_sa_query_timer"):
-        wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].request("DISCONNECT")
-    wpas.request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_pmf_sta_sa_query_local_failure(dev, apdev):
-    """WPA2-PSK AP with station using SA Query (local failure)"""
-    ssid = "assoc-comeback"
-    addr = dev[0].own_addr()
-    wpas = start_wpas_ap(ssid)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    with fail_test(dev[0], 1, "os_get_random;sme_sa_query_timer"):
-        wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-    dev[0].request("DISCONNECT")
-    wpas.request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_pmf_sta_sa_query_hostapd(dev, apdev):
-    """WPA2-PSK AP with station using SA Query (hostapd)"""
-    ssid = "assoc-comeback"
-    passphrase = "12345678"
-    addr = dev[0].own_addr()
-
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase,
-                                 wpa_key_mgmt="WPA-PSK-SHA256",
-                                 ieee80211w="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " test=0") or \
-       "OK" not in hapd.request("DISASSOCIATE " + addr + " test=0"):
-        raise Exception("Failed to send unprotected disconnection messages")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
-       "OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
-        raise Exception("Failed to send unprotected disconnection messages (2)")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
-        raise Exception("STA did not send SA Query")
-    if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) < 1:
-        raise Exception("AP did not reply to SA Query")
-
-def test_ap_pmf_sta_sa_query_no_response_hostapd(dev, apdev):
-    """WPA2-PSK AP with station using SA Query and getting no response (hostapd)"""
-    ssid = "assoc-comeback"
-    passphrase = "12345678"
-    addr = dev[0].own_addr()
-
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase,
-                                 wpa_key_mgmt="WPA-PSK-SHA256",
-                                 ieee80211w="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
-       "OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
-        raise Exception("Failed to send unprotected disconnection messages")
-    dev[0].wait_disconnected()
-    hapd.set("ext_mgmt_frame_handling", "0")
-    if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
-        raise Exception("STA did not send SA Query")
-    if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) > 0:
-        raise Exception("AP replied to SA Query")
-    dev[0].wait_connected()
-
-def test_ap_pmf_sta_unprot_deauth_burst_hostapd(dev, apdev):
-    """WPA2-PSK AP with station receiving burst of unprotected Deauthentication frames (hostapd)"""
-    ssid = "deauth-attack"
-    passphrase = "12345678"
-    addr = dev[0].own_addr()
-
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase,
-                                 wpa_key_mgmt="WPA-PSK-SHA256",
-                                 ieee80211w="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    for i in range(10):
-        if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
-           "OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
-            raise Exception("Failed to send unprotected disconnection messages")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
-    num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
-    if num_req < 1:
-        raise Exception("STA did not send SA Query")
-    if num_resp < 1:
-        raise Exception("AP did not reply to SA Query")
-    if num_req > 1:
-        raise Exception("STA initiated too many SA Query procedures (%d)" % num_req)
-
-    time.sleep(10)
-    for i in range(5):
-        if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
-           "OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
-            raise Exception("Failed to send unprotected disconnection messages")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
-    num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
-    if num_req != 2 or num_resp != 2:
-        raise Exception("Unexpected number of SA Query procedures (req=%d resp=%d)" % (num_req, num_resp))
-
-def test_ap_pmf_required_eap(dev, apdev):
-    """WPA2-EAP AP with PMF required"""
-    ssid = "test-pmf-required-eap"
-    params = hostapd.wpa2_eap_params(ssid=ssid)
-    params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-EAP-SHA256":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    dev[0].connect("test-pmf-required-eap", key_mgmt="WPA-EAP-SHA256",
-                   ieee80211w="2", eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[1].connect("test-pmf-required-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                   ieee80211w="1", eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-def test_ap_pmf_optional_eap(dev, apdev):
-    """WPA2EAP AP with PMF optional"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params["ieee80211w"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap user", anonymous_identity="ttls",
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                   ieee80211w="1", scan_freq="2412")
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
-                   eap="TTLS", identity="pap user", anonymous_identity="ttls",
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                   ieee80211w="2", scan_freq="2412")
-
-@remote_compatible
-def test_ap_pmf_required_sha1(dev, apdev):
-    """WPA2-PSK AP with PMF required with SHA1 AKM"""
-    ssid = "test-pmf-required-sha1"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-PSK":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK", proto="WPA2", scan_freq="2412")
-    if "[WPA2-PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing RSN element info")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_pmf_toggle(dev, apdev):
-    """WPA2-PSK AP with PMF optional and changing PMF on reassociation"""
-    try:
-        _test_ap_pmf_toggle(dev, apdev)
-    finally:
-        dev[0].request("SET reassoc_same_bss_optim 0")
-
-def _test_ap_pmf_toggle(dev, apdev):
-    ssid = "test-pmf-optional"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["ieee80211w"] = "1"
-    params["assoc_sa_query_max_timeout"] = "1"
-    params["assoc_sa_query_retry_timeout"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    bssid = apdev[0]['bssid']
-    addr = dev[0].own_addr()
-    dev[0].request("SET reassoc_same_bss_optim 1")
-    id = dev[0].connect(ssid, psk="12345678", ieee80211w="1",
-                        key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                        scan_freq="2412")
-    wt.require_ap_pmf_optional(bssid)
-    wt.require_sta_pmf(bssid, addr)
-    sta = hapd.get_sta(addr)
-    if '[MFP]' not in sta['flags']:
-        raise Exception("MFP flag not present for STA")
-
-    dev[0].set_network(id, "ieee80211w", "0")
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected()
-    wt.require_sta_no_pmf(bssid, addr)
-    sta = hapd.get_sta(addr)
-    if '[MFP]' in sta['flags']:
-        raise Exception("MFP flag unexpectedly present for STA")
-    err, data = hapd.cmd_execute(['iw', 'dev', apdev[0]['ifname'], 'station',
-                                  'get', addr])
-    if "yes" in [l for l in data.splitlines() if "MFP" in l][0]:
-        raise Exception("Kernel STA entry had MFP enabled")
-
-    dev[0].set_network(id, "ieee80211w", "1")
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected()
-    wt.require_sta_pmf(bssid, addr)
-    sta = hapd.get_sta(addr)
-    if '[MFP]' not in sta['flags']:
-        raise Exception("MFP flag not present for STA")
-    err, data = hapd.cmd_execute(['iw', 'dev', apdev[0]['ifname'], 'station',
-                                  'get', addr])
-    if "yes" not in [l for l in data.splitlines() if "MFP" in l][0]:
-        raise Exception("Kernel STA entry did not have MFP enabled")
-
-@remote_compatible
-def test_ap_pmf_required_sta_no_pmf(dev, apdev):
-    """WPA2-PSK AP with PMF required and PMF disabled on STA"""
-    ssid = "test-pmf-required"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # Disable PMF on the station and try to connect
-    dev[0].connect(ssid, psk="12345678", ieee80211w="0",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
-                            "CTRL-EVENT-ASSOC-REJECT"], timeout=2)
-    if ev is None:
-        raise Exception("No connection result")
-    if "CTRL-EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Tried to connect to PMF required AP without PMF enabled")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_ap_pmf_inject_auth(dev, apdev):
-    """WPA2-PSK AP with PMF and Authentication frame injection"""
-    ssid = "test-pmf"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    bssid = hapd.own_addr().replace(':', '')
-    addr = dev[0].own_addr().replace(':', '')
-
-    # Inject an unprotected Authentication frame claiming to be from the
-    # associated STA, from another STA, from the AP's own address, from all
-    # zeros and all ones addresses, and from a multicast address.
-    hapd.request("SET ext_mgmt_frame_handling 1")
-    failed = False
-    addresses = [ addr, "021122334455", bssid, 6*"00", 6*"ff", 6*"01" ]
-    for a in addresses:
-        auth = "b0003a01" + bssid + a + bssid + '1000000001000000'
-        res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth)
-        if "OK" not in res:
-            failed = True
-    hapd.request("SET ext_mgmt_frame_handling 0")
-    if failed:
-        raise Exception("MGMT_RX_PROCESS failed")
-    time.sleep(0.1)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev:
-        raise Exception("Unexpected disconnection reported on the STA")
-
-    # Verify that original association is still functional.
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    # Inject an unprotected Association Request frame (with and without RSNE)
-    # claiming to be from the set of test addresses.
-    hapd.request("SET ext_mgmt_frame_handling 1")
-    for a in addresses:
-        assoc = "00003a01" + bssid + a + bssid + '2000' + '31040500' + '0008746573742d706d66' + '010802040b160c121824' + '301a0100000fac040100000fac040100000fac06c0000000000fac06'
-        res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc)
-        if "OK" not in res:
-            failed = True
-
-        assoc = "00003a01" + bssid + a + bssid + '2000' + '31040500' + '0008746573742d706d66' + '010802040b160c121824' + '3000'
-        res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc)
-        if "OK" not in res:
-            failed = True
-
-        assoc = "00003a01" + bssid + a + bssid + '2000' + '31040500' + '0008746573742d706d66' + '010802040b160c121824'
-        res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc)
-        if "OK" not in res:
-            failed = True
-    hapd.request("SET ext_mgmt_frame_handling 0")
-    if failed:
-        raise Exception("MGMT_RX_PROCESS failed")
-    time.sleep(5)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev:
-        raise Exception("Unexpected disconnection reported on the STA")
-
-    # Verify that original association is still functional.
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_pmf_inject_data(dev, apdev):
-    """WPA2-PSK AP with PMF and Data frame injection"""
-    try:
-        run_ap_pmf_inject_data(dev, apdev)
-    finally:
-        stop_monitor(apdev[1]["ifname"])
-
-def run_ap_pmf_inject_data(dev, apdev):
-    ssid = "test-pmf"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    sock = start_monitor(apdev[1]["ifname"])
-    radiotap = radiotap_build()
-
-    bssid = hapd.own_addr().replace(':', '')
-    addr = dev[0].own_addr().replace(':', '')
-
-    # Inject Data frame with A2=broadcast, A2=multicast, A2=BSSID, A2=STA, and
-    # A2=unknown unicast
-    addresses = [ 6*"ff", 6*"01", bssid, addr, "020102030405" ]
-    for a in addresses:
-        frame = binascii.unhexlify("48010000" + bssid + a + bssid + "0000")
-        sock.send(radiotap + frame)
-
-    time.sleep(0.1)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev:
-        raise Exception("Unexpected disconnection reported on the STA")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_pmf_tkip_reject(dev, apdev):
-    """Mixed mode BSS and MFP-enabled AP rejecting TKIP"""
-    skip_without_tkip(dev[0])
-    params = hostapd.wpa2_params(ssid="test-pmf", passphrase="12345678")
-    params['wpa'] = '3'
-    params["ieee80211w"] = "1"
-    params["wpa_pairwise"] = "TKIP CCMP"
-    params["rsn_pairwise"] = "TKIP CCMP"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-pmf", psk="12345678", pairwise="CCMP", ieee80211w="2",
-                   scan_freq="2412")
-    dev[0].dump_monitor()
-
-    dev[1].connect("test-pmf", psk="12345678", proto="WPA", pairwise="TKIP",
-                   ieee80211w="0", scan_freq="2412")
-    dev[1].dump_monitor()
-
-    dev[2].connect("test-pmf", psk="12345678", pairwise="TKIP",
-                   ieee80211w="2", scan_freq="2412", wait_connect=False)
-    ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("No connection result reported")
-    if "CTRL-EVENT-ASSOC-REJECT" not in ev:
-        raise Exception("MFP + TKIP connection was not rejected")
-    if "status_code=31" not in ev:
-        raise Exception("Unexpected status code in rejection: " + ev)
-    dev[2].request("DISCONNECT")
-    dev[2].dump_monitor()
-
-def test_ap_pmf_sa_query_timeout(dev, apdev):
-    """SA Query timeout"""
-    ssid = "test-pmf-required"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in dev[0].request("UNPROT_DEAUTH"):
-        raise Exception("Triggering SA Query from the STA failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=2)
-    if ev is None:
-        raise Exception("No disconnection on SA Query timeout seen")
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].wait_connected()
-    dev[0].dump_monitor()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in dev[0].request("UNPROT_DEAUTH"):
-        raise Exception("Triggering SA Query from the STA failed")
-    ev = hapd.mgmt_rx()
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-    hapd.set("ext_mgmt_frame_handling", "1")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1.5)
-    if ev is not None:
-        raise Exception("Unexpected disconnection after reconnection seen")
-
-def mac80211_read_key(keydir):
-    vals = {}
-    for name in os.listdir(keydir):
-        try:
-            with open(os.path.join(keydir, name)) as f:
-                vals[name] = f.read().strip()
-        except OSError as e:
-            pass
-    return vals
-
-def check_mac80211_bigtk(dev, hapd):
-    sta_key = None
-    ap_key = None
-
-    phy = dev.get_driver_status_field("phyname")
-    keys = "/sys/kernel/debug/ieee80211/%s/keys" % phy
-    try:
-        for key in os.listdir(keys):
-            keydir = os.path.join(keys, key)
-            vals = mac80211_read_key(keydir)
-            keyidx = int(vals['keyidx'])
-            if keyidx == 6 or keyidx == 7:
-                sta_key = vals;
-                break
-    except OSError as e:
-        raise HwsimSkip("debugfs not supported in mac80211 (STA)")
-
-    phy = hapd.get_driver_status_field("phyname")
-    keys = "/sys/kernel/debug/ieee80211/%s/keys" % phy
-    try:
-        for key in os.listdir(keys):
-            keydir = os.path.join(keys, key)
-            vals = mac80211_read_key(keydir)
-            keyidx = int(vals['keyidx'])
-            if keyidx == 6 or keyidx == 7:
-                ap_key = vals;
-                break
-    except OSError as e:
-        raise HwsimSkip("debugfs not supported in mac80211 (AP)")
-
-    if not sta_key:
-        raise Exception("Could not find STA key information from debugfs")
-    logger.info("STA key: " + str(sta_key))
-
-    if not ap_key:
-        raise Exception("Could not find AP key information from debugfs")
-    logger.info("AP key: " + str(ap_key))
-
-    if sta_key['key'] != ap_key['key']:
-        raise Exception("AP and STA BIGTK mismatch")
-
-    if sta_key['keyidx'] != ap_key['keyidx']:
-        raise Exception("AP and STA BIGTK keyidx mismatch")
-
-    if sta_key['algorithm'] != ap_key['algorithm']:
-        raise Exception("AP and STA BIGTK algorithm mismatch")
-
-    replays = int(sta_key['replays'])
-    icverrors = int(sta_key['icverrors'])
-    if replays > 0 or icverrors > 0:
-        raise Exception("STA reported errors: replays=%d icverrors=%d" % replays, icverrors)
-
-    rx_spec = int(sta_key['rx_spec'], base=16)
-    if rx_spec < 3:
-        raise Exception("STA did not update BIGTK receive counter sufficiently")
-
-    tx_spec = int(ap_key['tx_spec'], base=16)
-    if tx_spec < 3:
-        raise Exception("AP did not update BIGTK BIPN sufficiently")
-
-def test_ap_pmf_beacon_protection_bip(dev, apdev):
-    """WPA2-PSK Beacon protection (BIP)"""
-    run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC")
-
-def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev):
-    """WPA2-PSK Beacon protection (BIP-CMAC-256)"""
-    run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256")
-
-def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev):
-    """WPA2-PSK Beacon protection (BIP-GMAC-128)"""
-    run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128")
-
-def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev):
-    """WPA2-PSK Beacon protection (BIP-GMAC-256)"""
-    run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256")
-
-def run_ap_pmf_beacon_protection(dev, apdev, cipher):
-    ssid = "test-beacon-prot"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params["beacon_prot"] = "1"
-    params["group_mgmt_cipher"] = cipher
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to enable hostapd interface" in str(e):
-            raise HwsimSkip("Beacon protection not supported")
-        raise
-
-    bssid = hapd.own_addr()
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    # STA with Beacon protection enabled
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-
-    # STA with Beacon protection disabled
-    dev[1].connect(ssid, psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-
-    time.sleep(1)
-    check_mac80211_bigtk(dev[0], hapd)
-
-    valid_bip = wt.get_bss_counter('valid_bip_mmie', bssid)
-    invalid_bip = wt.get_bss_counter('invalid_bip_mmie', bssid)
-    missing_bip = wt.get_bss_counter('missing_bip_mmie', bssid)
-    logger.info("wlantest BIP counters: valid=%d invalid=%d missing=%d" % (valid_bip, invalid_bip, missing_bip))
-    if valid_bip < 0 or invalid_bip > 0 or missing_bip > 0:
-        raise Exception("Unexpected wlantest BIP counters: valid=%d invalid=%d missing=%d" % (valid_bip, invalid_bip, missing_bip))
-
-def test_ap_pmf_beacon_protection_mismatch(dev, apdev):
-    """WPA2-PSK Beacon protection MIC mismatch"""
-    run_ap_pmf_beacon_protection_mismatch(dev, apdev, False)
-
-def test_ap_pmf_beacon_protection_missing(dev, apdev):
-    """WPA2-PSK Beacon protection MME missing"""
-    run_ap_pmf_beacon_protection_mismatch(dev, apdev, True)
-
-def run_ap_pmf_beacon_protection_mismatch(dev, apdev, clear):
-    ssid = "test-beacon-prot"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params["beacon_prot"] = "1"
-    params["group_mgmt_cipher"] = "AES-128-CMAC"
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to enable hostapd interface" in str(e):
-            raise HwsimSkip("Beacon protection not supported")
-        raise
-
-    bssid = hapd.own_addr()
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-
-    WPA_ALG_NONE = 0
-    WPA_ALG_IGTK = 4
-    KEY_FLAG_DEFAULT = 0x02
-    KEY_FLAG_TX = 0x08
-    KEY_FLAG_GROUP = 0x10
-    KEY_FLAG_GROUP_TX_DEFAULT = KEY_FLAG_GROUP | KEY_FLAG_TX | KEY_FLAG_DEFAULT
-
-    addr = "ff:ff:ff:ff:ff:ff"
-
-    if clear:
-        res = hapd.request("SET_KEY %d %s %d %d %s %s %d" % (WPA_ALG_NONE, addr, 6, 1, 6*"00", "", KEY_FLAG_GROUP))
-    else:
-        res = hapd.request("SET_KEY %d %s %d %d %s %s %d" % (WPA_ALG_IGTK, addr, 6, 1, 6*"00", 16*"00", KEY_FLAG_GROUP_TX_DEFAULT))
-    if "OK" not in res:
-        raise Exception("SET_KEY failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-UNPROT-BEACON"], timeout=5)
-    if ev is None:
-        raise Exception("Unprotected Beacon frame not reported")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-BEACON-LOSS"], timeout=5)
-    if ev is None:
-        raise Exception("Beacon loss not reported")
-
-    ev = hapd.wait_event(["CTRL-EVENT-UNPROT-BEACON"], timeout=5)
-    if ev is None:
-        raise Exception("WNM-Notification Request frame not reported")
-
-def test_ap_pmf_sta_global_require(dev, apdev):
-    """WPA2-PSK AP with PMF optional and wpa_supplicant pmf=2"""
-    ssid = "test-pmf-optional"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["ieee80211w"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("pmf", "2")
-        dev[0].connect(ssid, psk="12345678",
-                       key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                       scan_freq="2412")
-        pmf = dev[0].get_status_field("pmf")
-        if pmf != "1":
-            raise Exception("Unexpected PMF state: " + str(pmf))
-    finally:
-        dev[0].set("pmf", "0")
-
-def test_ap_pmf_sta_global_require2(dev, apdev):
-    """WPA2-PSK AP with PMF optional and wpa_supplicant pmf=2 (2)"""
-    ssid = "test-pmf-optional"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["ieee80211w"] = "0"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    try:
-        dev[0].scan_for_bss(bssid, freq=2412)
-        dev[0].set("pmf", "2")
-        dev[0].connect(ssid, psk="12345678",
-                       key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("Connection result not reported")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
-    finally:
-        dev[0].set("pmf", "0")
diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py
deleted file mode 100644
index 2271fc3539dd..000000000000
--- a/tests/hwsim/test_ap_psk.py
+++ /dev/null
@@ -1,3573 +0,0 @@
-# WPA2-Personal tests
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-from Crypto.Cipher import AES
-import hashlib
-import hmac
-import logging
-logger = logging.getLogger()
-import os
-import re
-import socket
-import struct
-import subprocess
-import time
-
-import hostapd
-from utils import *
-import hwsim_utils
-from wpasupplicant import WpaSupplicant
-from tshark import run_tshark
-from wlantest import WlantestCapture, Wlantest
-
-def check_mib(dev, vals):
-    mib = dev.get_mib()
-    for v in vals:
-        if mib[v[0]] != v[1]:
-            raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
-
-@remote_compatible
-def test_ap_wpa2_psk(dev, apdev):
-    """WPA2-PSK AP with PSK instead of passphrase"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "WPA-PSK":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-    dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    pkt = dev[0].request("PKTCNT_POLL").splitlines()
-    if "FREQUENCY=2412" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
-    if "TXBAD=0" not in pkt:
-        raise Exception("Unexpected TXBAD value: " + str(pkt))
-
-def test_ap_wpa2_psk_file(dev, apdev):
-    """WPA2-PSK AP with PSK from a file"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_psk_file'] = 'hostapd.wpa_psk'
-    hostapd.add_ap(apdev[0], params)
-    dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
-    dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
-    dev[2].request("REMOVE_NETWORK all")
-    dev[0].connect(ssid, psk="very secret", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
-    dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
-    ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
-    if ev is None:
-        raise Exception("Timed out while waiting for failure report")
-    dev[1].request("REMOVE_NETWORK all")
-
-def check_no_keyid(hapd, dev):
-    addr = dev.own_addr()
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
-    if ev is None:
-        raise Exception("No AP-STA-CONNECTED indicated")
-    if addr not in ev:
-        raise Exception("AP-STA-CONNECTED for unexpected STA")
-    if "keyid=" in ev:
-        raise Exception("Unexpected keyid indication")
-
-def check_keyid(hapd, dev, keyid):
-    addr = dev.own_addr()
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
-    if ev is None:
-        raise Exception("No AP-STA-CONNECTED indicated")
-    if addr not in ev:
-        raise Exception("AP-STA-CONNECTED for unexpected STA")
-    if "keyid=" + keyid not in ev:
-        raise Exception("Incorrect keyid indication")
-    sta = hapd.get_sta(addr)
-    if 'keyid' not in sta or sta['keyid'] != keyid:
-        raise Exception("Incorrect keyid in STA output")
-    dev.request("REMOVE_NETWORK all")
-
-def check_disconnect(dev, expected):
-    for i in range(2):
-        if expected[i]:
-            dev[i].wait_disconnected()
-            dev[i].request("REMOVE_NETWORK all")
-        else:
-            ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-            if ev is not None:
-                raise Exception("Unexpected disconnection")
-            dev[i].request("REMOVE_NETWORK all")
-            dev[i].wait_disconnected()
-
-def test_ap_wpa2_psk_file_keyid(dev, apdev, params):
-    """WPA2-PSK AP with PSK from a file (keyid and reload)"""
-    psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
-    with open(psk_file, 'w') as f:
-        f.write('00:00:00:00:00:00 secret passphrase\n')
-        f.write('02:00:00:00:00:00 very secret\n')
-        f.write('00:00:00:00:00:00 another passphrase for all STAs\n')
-    ssid = "test-wpa2-psk"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop')
-    params['wpa_psk_file'] = psk_file
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, psk="very secret", scan_freq="2412")
-    check_no_keyid(hapd, dev[0])
-
-    dev[1].connect(ssid, psk="another passphrase for all STAs",
-                   scan_freq="2412")
-    check_no_keyid(hapd, dev[1])
-
-    dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
-    check_no_keyid(hapd, dev[2])
-
-    with open(psk_file, 'w') as f:
-        f.write('00:00:00:00:00:00 secret passphrase\n')
-        f.write('02:00:00:00:00:00 very secret\n')
-        f.write('00:00:00:00:00:00 changed passphrase\n')
-    if "OK" not in hapd.request("RELOAD_WPA_PSK"):
-        raise Exception("RELOAD_WPA_PSK failed")
-
-    check_disconnect(dev, [False, True, False])
-
-    with open(psk_file, 'w') as f:
-        f.write('00:00:00:00:00:00 secret passphrase\n')
-        f.write('keyid=foo 02:00:00:00:00:00 very secret\n')
-        f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
-    if "OK" not in hapd.request("RELOAD_WPA_PSK"):
-        raise Exception("RELOAD_WPA_PSK failed")
-
-    dev[0].connect(ssid, psk="very secret", scan_freq="2412")
-    check_keyid(hapd, dev[0], "foo")
-
-    dev[1].connect(ssid, psk="another passphrase for all STAs",
-                   scan_freq="2412")
-    check_keyid(hapd, dev[1], "bar")
-
-    dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
-    check_no_keyid(hapd, dev[2])
-
-    dev[0].wait_disconnected()
-    dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412")
-    check_no_keyid(hapd, dev[0])
-
-    with open(psk_file, 'w') as f:
-        f.write('# empty\n')
-    if "OK" not in hapd.request("RELOAD_WPA_PSK"):
-        raise Exception("RELOAD_WPA_PSK failed")
-
-    check_disconnect(dev, [True, True, False])
-
-    with open(psk_file, 'w') as f:
-        f.write('broken\n')
-    if "FAIL" not in hapd.request("RELOAD_WPA_PSK"):
-        raise Exception("RELOAD_WPA_PSK succeeded with invalid file")
-
-@remote_compatible
-def test_ap_wpa2_psk_mem(dev, apdev):
-    """WPA2-PSK AP with passphrase only in memory"""
-    try:
-        _test_ap_wpa2_psk_mem(dev, apdev)
-    finally:
-        dev[0].request("SCAN_INTERVAL 5")
-        dev[1].request("SCAN_INTERVAL 5")
-
-def _test_ap_wpa2_psk_mem(dev, apdev):
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
-    dev[0].request("SCAN_INTERVAL 1")
-    ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
-    if ev is None:
-        raise Exception("Request for PSK/passphrase timed out")
-    id = ev.split(':')[0].split('-')[-1]
-    dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
-    dev[0].wait_connected(timeout=10)
-
-    dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
-    dev[1].request("SCAN_INTERVAL 1")
-    ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
-    if ev is None:
-        raise Exception("Request for PSK/passphrase timed out(2)")
-    id = ev.split(':')[0].split('-')[-1]
-    dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
-    dev[1].wait_connected(timeout=10)
-
-@remote_compatible
-def test_ap_wpa2_ptk_rekey(dev, apdev):
-    """WPA2-PSK AP and PTK rekey enforced by station"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase(passphrase)
-
-    dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed",
-                            "CTRL-EVENT-DISCONNECTED"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    if "CTRL-EVENT-DISCONNECTED" in ev:
-       raise Exception("Disconnect instead of rekey")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_ptk_rekey_blocked_ap(dev, apdev):
-    """WPA2-PSK AP and PTK rekey enforced by station and AP blocking it"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_deny_ptk0_rekey'] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    conf = hapd.request("GET_CONFIG").splitlines()
-    if "wpa_deny_ptk0_rekey=2" not in conf:
-        raise Exception("wpa_deny_ptk0_rekey value not in GET_CONFIG")
-    dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed",
-                            "CTRL-EVENT-DISCONNECTED"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    if "WPA: Key negotiation completed" in ev:
-        raise Exception("No disconnect, PTK rekey succeeded")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
-    if ev is None:
-        raise Exception("Reconnect too slow")
-
-def test_ap_wpa2_ptk_rekey_blocked_sta(dev, apdev):
-    """WPA2-PSK AP and PTK rekey enforced by station while also blocking it"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412",
-                   wpa_deny_ptk0_rekey="2")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed",
-                            "CTRL-EVENT-DISCONNECTED"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    if "WPA: Key negotiation completed" in ev:
-        raise Exception("No disconnect, PTK rekey succeeded")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
-    if ev is None:
-        raise Exception("Reconnect too slow")
-
-def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
-    """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
-    dev[0].dump_monitor()
-    anonce1 = dev[0].request("GET anonce")
-    if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
-        raise Exception("KEY_REQUEST failed")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    anonce2 = dev[0].request("GET anonce")
-    if anonce1 == anonce2:
-        raise Exception("AP did not update ANonce in requested PTK rekeying")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
-    """WPA2-PSK AP and PTK rekey enforced by AP"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_ptk_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
-    """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
-                   wpa_ptk_rekey="1", scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
-
-@remote_compatible
-def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
-    """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params['wpa_ptk_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
-                   scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
-
-@remote_compatible
-def test_ap_wpa_ptk_rekey(dev, apdev):
-    """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    ssid = "test-wpa-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
-    if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Scan results missing WPA element info")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa_ptk_rekey_ap(dev, apdev):
-    """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    ssid = "test-wpa-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_ptk_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa_ccmp(dev, apdev):
-    """WPA-PSK/CCMP"""
-    ssid = "test-wpa-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_pairwise'] = "CCMP"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
-                       ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
-                       ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
-                       ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
-                       ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
-                       ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
-                       ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
-                       ("dot1xSuppSuppControlledPortStatus", "Authorized")])
-
-def test_ap_wpa2_psk_file_errors(dev, apdev):
-    """WPA2-PSK AP with various PSK file error and success cases"""
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-    ssid = "psk"
-    pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
-    try:
-        os.remove(pskfile)
-    except:
-        pass
-
-    params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile}
-
-    try:
-        # missing PSK file
-        hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected ENABLE success")
-        hapd.request("DISABLE")
-
-        # invalid MAC address
-        with open(pskfile, "w") as f:
-            f.write("\n")
-            f.write("foo\n")
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected ENABLE success")
-        hapd.request("DISABLE")
-
-        # no PSK on line
-        with open(pskfile, "w") as f:
-            f.write("00:11:22:33:44:55\n")
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected ENABLE success")
-        hapd.request("DISABLE")
-
-        # invalid PSK
-        with open(pskfile, "w") as f:
-            f.write("00:11:22:33:44:55 1234567\n")
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected ENABLE success")
-        hapd.request("DISABLE")
-
-        # empty token at the end of the line
-        with open(pskfile, "w") as f:
-            f.write("=\n")
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("Unexpected ENABLE success")
-        hapd.request("DISABLE")
-
-        # valid PSK file
-        with open(pskfile, "w") as f:
-            f.write("00:11:22:33:44:55 12345678\n")
-            f.write(addr0 + " 123456789\n")
-            f.write(addr1 + " 123456789a\n")
-            f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
-        if "FAIL" in hapd.request("ENABLE"):
-            raise Exception("Unexpected ENABLE failure")
-
-        dev[0].connect(ssid, psk="123456789", scan_freq="2412")
-        dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
-        dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
-
-    finally:
-        try:
-            os.remove(pskfile)
-        except:
-            pass
-
-@remote_compatible
-def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
-    """WPA2-PSK AP and wildcard SSID configuration"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
-                   scan_freq="2412")
-    dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
-
-@remote_compatible
-def test_ap_wpa2_gtk_rekey(dev, apdev):
-    """WPA2-PSK AP and GTK rekey enforced by AP"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_group_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_gtk_rekey_request(dev, apdev):
-    """WPA2-PSK AP and GTK rekey by AP request"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    if "OK" not in hapd.request("REKEY_GTK"):
-        raise Exception("REKEY_GTK failed")
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_gtk_rekey_failure(dev, apdev):
-    """WPA2-PSK AP and GTK rekey failure"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    with fail_test(hapd, 1, "wpa_group_config_group_keys"):
-        if "OK" not in hapd.request("REKEY_GTK"):
-            raise Exception("REKEY_GTK failed")
-        wait_fail_trigger(hapd, "GET_FAIL")
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_gtk_rekey_request(dev, apdev):
-    """WPA2-PSK AP and GTK rekey request from multiple stations"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    for i in range(3):
-        dev[i].connect(ssid, psk=passphrase, scan_freq="2412")
-        hapd.wait_sta()
-    for i in range(3):
-        if "OK" not in dev[i].request("KEY_REQUEST 0 0"):
-            raise Exception("KEY_REQUEST failed")
-    for i in range(3):
-        ev = dev[i].wait_event(["WPA: Group rekeying completed"], timeout=2)
-        if ev is None:
-            raise Exception("GTK rekey timed out")
-    time.sleep(1)
-    for i in range(3):
-        hwsim_utils.test_connectivity(dev[i], hapd)
-
-@remote_compatible
-def test_ap_wpa_gtk_rekey(dev, apdev):
-    """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    ssid = "test-wpa-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_group_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa2_gmk_rekey(dev, apdev):
-    """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_group_rekey'] = '1'
-    params['wpa_gmk_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    for i in range(0, 3):
-        ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-        if ev is None:
-            raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa2_strict_rekey(dev, apdev):
-    """WPA2-PSK AP and strict GTK rekey enforced by AP"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_strict_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[1].request("DISCONNECT")
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa2_bridge_fdb(dev, apdev):
-    """Bridge FDB entry removal"""
-    hapd = None
-    try:
-        ssid = "test-wpa2-psk"
-        passphrase = "12345678"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        params['bridge'] = 'ap-br0'
-        hapd = hostapd.add_ap(apdev[0], params)
-        hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
-        hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
-                       bssid=apdev[0]['bssid'])
-        dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
-                       bssid=apdev[0]['bssid'])
-        hapd.wait_sta()
-        hapd.wait_sta()
-        addr0 = dev[0].p2p_interface_addr()
-        hwsim_utils.test_connectivity_sta(dev[0], dev[1])
-        err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
-        hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        time.sleep(1)
-        err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
-
-        addr1 = dev[1].p2p_interface_addr()
-        if addr0 not in macs1 or addr1 not in macs1:
-            raise Exception("Bridge FDB entry missing")
-        if addr0 in macs2 or addr1 in macs2:
-            raise Exception("Bridge FDB entry was not removed")
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
-                                       'down'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
-
-@remote_compatible
-def test_ap_wpa2_already_in_bridge(dev, apdev):
-    """hostapd behavior with interface already in bridge"""
-    ifname = apdev[0]['ifname']
-    br_ifname = 'ext-ap-br0'
-    try:
-        ssid = "test-wpa2-psk"
-        passphrase = "12345678"
-        hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
-                                       'up'])
-        hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        hapd = hostapd.add_ap(apdev[0], params)
-        if hapd.get_driver_status_field('brname') != br_ifname:
-            raise Exception("Bridge name not identified correctly")
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
-                                       'down'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
-        hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
-
-@remote_compatible
-def test_ap_wpa2_in_different_bridge(dev, apdev):
-    """hostapd behavior with interface in different bridge"""
-    ifname = apdev[0]['ifname']
-    br_ifname = 'ext-ap-br0'
-    try:
-        ssid = "test-wpa2-psk"
-        passphrase = "12345678"
-        hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
-                                       'up'])
-        hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
-        time.sleep(0.5)
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        params['bridge'] = 'ap-br0'
-        hapd = hostapd.add_ap(apdev[0], params)
-        hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
-                                       'up'])
-        brname = hapd.get_driver_status_field('brname')
-        if brname != 'ap-br0':
-            raise Exception("Incorrect bridge: " + brname)
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
-        if hapd.get_driver_status_field("added_bridge") != "1":
-            raise Exception("Unexpected added_bridge value")
-        if hapd.get_driver_status_field("added_if_into_bridge") != "1":
-            raise Exception("Unexpected added_if_into_bridge value")
-        dev[0].request("DISCONNECT")
-        hapd.disable()
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
-                                       'down'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
-                                       "2>", "/dev/null"], shell=True)
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
-
-@remote_compatible
-def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
-    """hostapd behavior with interface added to bridge externally"""
-    ifname = apdev[0]['ifname']
-    br_ifname = 'ext-ap-br0'
-    try:
-        ssid = "test-wpa2-psk"
-        passphrase = "12345678"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
-                                       'up'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-        if hapd.get_driver_status_field('brname') != br_ifname:
-            raise Exception("Bridge name not identified correctly")
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
-                                       'down'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
-
-def setup_psk_ext(dev, apdev, wpa_ptk_rekey=None):
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    if wpa_ptk_rekey:
-        params['wpa_ptk_rekey'] = wpa_ptk_rekey
-    hapd = hostapd.add_ap(apdev, params)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev.request("SET ext_eapol_frame_io 1")
-    dev.connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
-    return hapd
-
-def ext_4way_hs(hapd, dev):
-    bssid = hapd.own_addr()
-    addr = dev.own_addr()
-    first = None
-    last = None
-    while True:
-        ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAPOL-TX from hostapd")
-        if "AP-STA-CONNECTED" in ev:
-            dev.wait_connected(timeout=15)
-            break
-        if not first:
-            first = ev.split(' ')[2]
-        last = ev.split(' ')[2]
-        res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-        if "OK" not in res:
-            raise Exception("EAPOL_RX to wpa_supplicant failed")
-        ev = dev.wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            break
-        res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-        if "OK" not in res:
-            raise Exception("EAPOL_RX to hostapd failed")
-    return first, last
-
-def test_ap_wpa2_psk_ext(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    ext_4way_hs(hapd, dev[0])
-
-def test_ap_wpa2_psk_unexpected(dev, apdev):
-    """WPA2-PSK and supplicant receiving unexpected EAPOL-Key frames"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    first, last = ext_4way_hs(hapd, dev[0])
-
-    # Not associated - Delay processing of received EAPOL frame (state=COMPLETED
-    # bssid=02:00:00:00:03:00)
-    other = "02:11:22:33:44:55"
-    res = dev[0].request("EAPOL_RX " + other + " " + first)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # WPA: EAPOL-Key Replay Counter did not increase - dropping packet
-    bssid = hapd.own_addr()
-    res = dev[0].request("EAPOL_RX " + bssid + " " + last)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # WPA: Invalid EAPOL-Key MIC - dropping packet
-    msg = last[0:18] + '01' + last[20:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=12)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    # Do not send to the AP
-    dev[0].wait_connected(timeout=15)
-
-    # EAPOL-Key msg 3/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    # Do not send the first msg 3/4 to the STA yet; wait for retransmission
-    # from AP.
-    msg3_1 = ev
-
-    # EAPOL-Key msg 3/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3_2 = ev
-
-    # Send the first msg 3/4 to STA
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-    dev[0].wait_connected(timeout=15)
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    # Send the second msg 3/4 to STA
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    # Do not send the second msg 4/4 to the AP
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg1 = ev.split(' ')[2]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    msg4 = ev.split(' ')[2]
-    # Do not send msg 4/4 to hostapd to trigger retry
-
-    # STA believes everything is ready
-    dev[0].wait_connected()
-
-    # EAPOL-Key msg 3/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3 = ev.split(' ')[2]
-
-    # Send a forged msg 1/4 to STA (update replay counter)
-    msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
-    # and replace nonce (this results in "WPA: ANonce from message 1 of
-    # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
-    # wpa_supplicant processed msg 3/4 afterwards)
-    #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
-    if ev is None:
-        # wpa_supplicant seems to have ignored the forged message. This means
-        # the attack would fail.
-        logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
-        return
-    # Do not send msg 2/4 to hostapd
-
-    # Send previously received msg 3/4 to STA
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg1 = ev.split(' ')[2]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    msg4 = ev.split(' ')[2]
-    # Do not send msg 4/4 to hostapd to trigger retry
-
-    # STA believes everything is ready
-    dev[0].wait_connected()
-
-    # EAPOL-Key msg 3/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3 = ev.split(' ')[2]
-
-    # Send a forged msg 1/4 to STA (update replay counter)
-    msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
-    if ev is None:
-        # wpa_supplicant seems to have ignored the forged message. This means
-        # the attack would fail.
-        logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
-        return
-    # Do not send msg 2/4 to hostapd
-
-    # EAPOL-Key msg 3/4 (retry 2)
-    # New one needed to get the correct Replay Counter value
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3 = ev.split(' ')[2]
-
-    # Send msg 3/4 to STA
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg1 = ev.split(' ')[2]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    msg4 = ev.split(' ')[2]
-    # Do not send msg 4/4 to hostapd to trigger retry
-
-    # STA believes everything is ready
-    dev[0].wait_connected()
-
-    # EAPOL-Key msg 3/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3 = ev.split(' ')[2]
-
-    # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
-    msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    # Do not send msg 2/4 to hostapd
-
-    # Send a forged msg 1/4 to STA (back to previously used ANonce)
-    msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
-    if ev is None:
-        # wpa_supplicant seems to have ignored the forged message. This means
-        # the attack would fail.
-        logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
-        return
-    # Do not send msg 2/4 to hostapd
-
-    # EAPOL-Key msg 3/4 (retry 2)
-    # New one needed to get the correct Replay Counter value
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3 = ev.split(' ')[2]
-
-    # Send msg 3/4 to STA
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev):
-    """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
-    hapd = setup_psk_ext(dev[0], apdev[0], wpa_ptk_rekey="3")
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    msg2 = ev.split(' ')[2]
-    # Do not send this to the AP
-
-    # EAPOL-Key msg 1/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    msg4 = ev.split(' ')[2]
-    # Do not send msg 4/4 to AP
-
-    # EAPOL-Key msg 3/4 (retry)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    msg4b = ev.split(' ')[2]
-    # Do not send msg 4/4 to AP
-
-    # Send the previous EAPOL-Key msg 4/4 to AP
-    res = hapd.request("EAPOL_RX " + addr + " " + msg4)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    # Wait for PTK rekeying to be initialized
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-
-    # EAPOL-Key msg 2/4 from the previous 4-way handshake
-    # hostapd is expected to ignore this due to unexpected Replay Counter
-    res = hapd.request("EAPOL_RX " + addr + " " + msg2)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    keyinfo = ev.split(' ')[2][10:14]
-    if keyinfo != "008a":
-        raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
-
-    # EAPOL-Key msg 4/4 from the previous 4-way handshake
-    # hostapd is expected to ignore this due to unexpected Replay Counter
-    res = hapd.request("EAPOL_RX " + addr + " " + msg4b)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
-    # was accepted, there would be no more EAPOL-Key frames. If the Replay
-    # Counters were rejected, there would be a retransmitted msg 1/4 here.
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=1.1)
-    if ev is None:
-        raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
-    keyinfo = ev.split(' ')[2][10:14]
-    if keyinfo != "008a":
-        raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
-
-def parse_eapol(data):
-    (version, type, length) = struct.unpack('>BBH', data[0:4])
-    payload = data[4:]
-    if length > len(payload):
-        raise Exception("Invalid EAPOL length")
-    if length < len(payload):
-        payload = payload[0:length]
-    eapol = {}
-    eapol['version'] = version
-    eapol['type'] = type
-    eapol['length'] = length
-    eapol['payload'] = payload
-    if type == 3:
-        # EAPOL-Key
-        (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
-        payload = payload[1:]
-        if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
-            # RSN EAPOL-Key
-            (key_info, key_len) = struct.unpack('>HH', payload[0:4])
-            eapol['rsn_key_info'] = key_info
-            eapol['rsn_key_len'] = key_len
-            eapol['rsn_replay_counter'] = payload[4:12]
-            eapol['rsn_key_nonce'] = payload[12:44]
-            eapol['rsn_key_iv'] = payload[44:60]
-            eapol['rsn_key_rsc'] = payload[60:68]
-            eapol['rsn_key_id'] = payload[68:76]
-            eapol['rsn_key_mic'] = payload[76:92]
-            payload = payload[92:]
-            (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
-            payload = payload[2:]
-            eapol['rsn_key_data'] = payload
-    return eapol
-
-def build_eapol(msg):
-    data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
-    if msg['type'] == 3:
-        data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
-                            msg['rsn_key_len'])
-        data += msg['rsn_replay_counter']
-        data += msg['rsn_key_nonce']
-        data += msg['rsn_key_iv']
-        data += msg['rsn_key_rsc']
-        data += msg['rsn_key_id']
-        data += msg['rsn_key_mic']
-        data += struct.pack('>H', msg['rsn_key_data_len'])
-        data += msg['rsn_key_data']
-    else:
-        data += msg['payload']
-    return data
-
-def sha1_prf(key, label, data, outlen):
-    res = b''
-    counter = 0
-    while outlen > 0:
-        m = hmac.new(key, label.encode(), hashlib.sha1)
-        m.update(struct.pack('B', 0))
-        m.update(data)
-        m.update(struct.pack('B', counter))
-        counter += 1
-        hash = m.digest()
-        if outlen > len(hash):
-            res += hash
-            outlen -= len(hash)
-        else:
-            res += hash[0:outlen]
-            outlen = 0
-    return res
-
-def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
-    if addr1 < addr2:
-        data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', ''))
-    else:
-        data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', ''))
-    if nonce1 < nonce2:
-        data += nonce1 + nonce2
-    else:
-        data += nonce2 + nonce1
-    label = "Pairwise key expansion"
-    ptk = sha1_prf(pmk, label, data, 48)
-    kck = ptk[0:16]
-    kek = ptk[16:32]
-    return (ptk, kck, kek)
-
-def eapol_key_mic(kck, msg):
-    msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
-    data = build_eapol(msg)
-    m = hmac.new(kck, data, hashlib.sha1)
-    msg['rsn_key_mic'] = m.digest()[0:16]
-
-def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
-    msg['rsn_key_info'] = key_info
-    msg['rsn_key_len'] = key_len
-    if nonce:
-        msg['rsn_key_nonce'] = nonce
-    else:
-        msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
-    if data:
-        msg['rsn_key_data_len'] = len(data)
-        msg['rsn_key_data'] = data
-        msg['length'] = 95 + len(data)
-    else:
-        msg['rsn_key_data_len'] = 0
-        msg['rsn_key_data'] = b''
-        msg['length'] = 95
-
-def recv_eapol(hapd):
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    eapol = binascii.unhexlify(ev.split(' ')[2])
-    return parse_eapol(eapol)
-
-def send_eapol(hapd, addr, data):
-    res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode())
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
-    logger.info("Send EAPOL-Key msg " + info)
-    rsn_eapol_key_set(msg, key_info, 0, nonce, data)
-    eapol_key_mic(kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-
-def eapol_test(apdev, dev, wpa2=True, ieee80211w=0):
-    bssid = apdev['bssid']
-    if wpa2:
-        ssid = "test-wpa2-psk"
-    else:
-        ssid = "test-wpa-psk"
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    pmk = binascii.unhexlify(psk)
-    if wpa2:
-        params = hostapd.wpa2_params(ssid=ssid)
-    else:
-        params = hostapd.wpa_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    params['ieee80211w'] = str(ieee80211w)
-    hapd = hostapd.add_ap(apdev, params)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev.request("SET ext_eapol_frame_io 1")
-    dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False,
-                ieee80211w=str(ieee80211w))
-    addr = dev.p2p_interface_addr()
-    if wpa2:
-        if ieee80211w == 2:
-            rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00')
-        else:
-            rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
-    else:
-        rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
-    snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
-    return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol(dev, apdev):
-    """WPA2-PSK AP using external EAPOL supplicant"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg = recv_eapol(hapd)
-    anonce = msg['rsn_key_nonce']
-    logger.info("Replay same data back")
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
-    rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
-    msg['length'] = 95 + 22 - 1
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-    logger.info("Replay same data back")
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
-    """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg1 = recv_eapol(hapd)
-    anonce = msg1['rsn_key_nonce']
-
-    msg2 = recv_eapol(hapd)
-    if anonce != msg2['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.info("Send EAPOL-Key msg 2/4")
-    msg = msg2
-    rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
-    eapol_key_mic(kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
-    """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg1 = recv_eapol(hapd)
-    anonce = msg1['rsn_key_nonce']
-    msg2 = recv_eapol(hapd)
-    if anonce != msg2['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-    reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
-    reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
-    """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg1 = recv_eapol(hapd)
-    anonce = msg1['rsn_key_nonce']
-
-    msg2 = recv_eapol(hapd)
-    if anonce != msg2['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-    reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
-
-    snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
-    reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
-    """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg1 = recv_eapol(hapd)
-    anonce = msg1['rsn_key_nonce']
-    msg2 = recv_eapol(hapd)
-    if anonce != msg2['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-    reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
-
-    snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
-
-    reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
-    """WPA2 4-way handshake using external EAPOL supplicant"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg = recv_eapol(hapd)
-    anonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    # Incorrect descriptor type (frame dropped)
-    msg['descr_type'] = 253
-    rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
-    eapol_key_mic(kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    # Incorrect descriptor type, but with a workaround (frame processed)
-    msg['descr_type'] = 254
-    rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
-    eapol_key_mic(kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-    logger.info("Replay same data back")
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa_psk_ext_eapol(dev, apdev):
-    """WPA2-PSK AP using external EAPOL supplicant"""
-    skip_without_tkip(dev[0])
-    (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
-                                                              wpa2=False)
-
-    msg = recv_eapol(hapd)
-    anonce = msg['rsn_key_nonce']
-    logger.info("Replay same data back")
-    send_eapol(hapd, addr, build_eapol(msg))
-    logger.info("Too short data")
-    send_eapol(hapd, addr, build_eapol(msg)[0:98])
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-    msg['descr_type'] = 2
-    reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
-    msg['descr_type'] = 254
-    reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-    logger.info("Replay same data back")
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
-    """WPA2-PSK 4-way handshake with strange key info values"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    msg = recv_eapol(hapd)
-    anonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-    rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
-    send_eapol(hapd, addr, build_eapol(msg))
-    rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
-    send_eapol(hapd, addr, build_eapol(msg))
-    # SMK M1
-    rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
-    send_eapol(hapd, addr, build_eapol(msg))
-    # SMK M3
-    rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
-    send_eapol(hapd, addr, build_eapol(msg))
-    # Request
-    rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
-    send_eapol(hapd, addr, build_eapol(msg))
-    # Request
-    rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
-    tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
-    eapol_key_mic(tmp_kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
-
-    msg = recv_eapol(hapd)
-    if anonce != msg['rsn_key_nonce']:
-        raise Exception("ANonce changed")
-
-    # Request (valic MIC)
-    rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
-    eapol_key_mic(kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-    # Request (valid MIC, replayed counter)
-    rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
-    eapol_key_mic(kck, msg)
-    send_eapol(hapd, addr, build_eapol(msg))
-
-    reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
-    hapd.wait_sta(timeout=15)
-
-def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16):
-    msg = {}
-    msg['version'] = 2
-    msg['type'] = 3
-    msg['length'] = 95 + len(key_data)
-
-    msg['descr_type'] = 2
-    msg['rsn_key_info'] = 0x8a
-    msg['rsn_key_len'] = key_len
-    msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
-    msg['rsn_key_nonce'] = anonce
-    msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
-    msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
-    msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
-    msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
-    msg['rsn_key_data_len'] = len(key_data)
-    msg['rsn_key_data'] = key_data
-    return msg
-
-def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
-                        key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
-    msg = {}
-    msg['version'] = 2
-    msg['type'] = 3
-    msg['length'] = 95 + len(key_data) + extra_len
-
-    msg['descr_type'] = descr_type
-    msg['rsn_key_info'] = key_info
-    msg['rsn_key_len'] = key_len
-    msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
-    msg['rsn_key_nonce'] = anonce
-    msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
-    msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
-    msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
-    msg['rsn_key_data_len'] = len(key_data)
-    msg['rsn_key_data'] = key_data
-    eapol_key_mic(kck, msg)
-    return msg
-
-def aes_wrap(kek, plain):
-    n = len(plain) // 8
-    a = 0xa6a6a6a6a6a6a6a6
-    enc = AES.new(kek).encrypt
-    r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
-    for j in range(6):
-        for i in range(1, n + 1):
-            b = enc(struct.pack('>Q', a) + r[i - 1])
-            a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
-            r[i - 1] = b[8:]
-    return struct.pack('>Q', a) + b''.join(r)
-
-def pad_key_data(plain):
-    pad_len = len(plain) % 8
-    if pad_len:
-        pad_len = 8 - pad_len
-        plain += b'\xdd'
-        pad_len -= 1
-        plain += pad_len * b'\x00'
-    return plain
-
-def test_ap_wpa2_psk_supp_proto(dev, apdev):
-    """WPA2-PSK 4-way handshake protocol testing for supplicant"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Invalid AES wrap data length 0")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
-    if ev is None:
-        raise Exception("Unsupported AES-WRAP len 0 not reported")
-
-    logger.debug("Invalid AES wrap data length 1")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
-    if ev is None:
-        raise Exception("Unsupported AES-WRAP len 1 not reported")
-
-    logger.debug("Invalid AES wrap data length 9")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
-    if ev is None:
-        raise Exception("Unsupported AES-WRAP len 9 not reported")
-
-    logger.debug("Invalid AES wrap data payload")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
-    # do not increment counter to test replay protection
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: AES unwrap failed"])
-    if ev is None:
-        raise Exception("AES unwrap failure not reported")
-
-    logger.debug("Replay Count not increasing")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
-    if ev is None:
-        raise Exception("Replay Counter replay not reported")
-
-    logger.debug("Missing Ack bit in key info")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
-                              key_info=0x134a)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
-    if ev is None:
-        raise Exception("Missing Ack bit not reported")
-
-    logger.debug("Unexpected Request bit in key info")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
-                              key_info=0x1bca)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
-    if ev is None:
-        raise Exception("Request bit not reported")
-
-    logger.debug("Unsupported key descriptor version 0")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
-                              replay_counter=counter, key_info=0x13c8)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
-    if ev is None:
-        raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
-
-    logger.debug("Key descriptor version 1 not allowed with CCMP")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
-                              replay_counter=counter, key_info=0x13c9)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
-    if ev is None:
-        raise Exception("Not allowed EAPOL-Key descriptor version not reported")
-
-    logger.debug("Invalid AES wrap payload with key descriptor version 2")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
-                              replay_counter=counter, key_info=0x13ca)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: AES unwrap failed"])
-    if ev is None:
-        raise Exception("AES unwrap failure not reported")
-
-    logger.debug("Key descriptor version 3 workaround")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
-                              replay_counter=counter, key_info=0x13cb)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
-    if ev is None:
-        raise Exception("CCMP key descriptor mismatch not reported")
-    ev = dev[0].wait_event(["WPA: Interoperability workaround"])
-    if ev is None:
-        raise Exception("AES-128-CMAC workaround not reported")
-    ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
-    if ev is None:
-        raise Exception("MIC failure with AES-128-CMAC workaround not reported")
-
-    logger.debug("Unsupported key descriptor version 4")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
-                              replay_counter=counter, key_info=0x13cc)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
-    if ev is None:
-        raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
-
-    logger.debug("Unsupported key descriptor version 7")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
-                              replay_counter=counter, key_info=0x13cf)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
-    if ev is None:
-        raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
-
-    logger.debug("Too short EAPOL header length")
-    dev[0].dump_monitor()
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
-                              extra_len=-1)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
-    if ev is None:
-        raise Exception("Key data overflow not reported")
-
-    logger.debug("Too long EAPOL header length")
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
-                              extra_len=1)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-
-    logger.debug("Unsupported descriptor type 0")
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
-                              descr_type=0)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-
-    logger.debug("WPA descriptor type 0")
-    msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
-                              descr_type=254)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-
-    logger.debug("Non-zero key index for pairwise key")
-    dev[0].dump_monitor()
-    wrapped = aes_wrap(kek, 16*b'z')
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
-                              key_info=0x13ea)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
-    if ev is None:
-        raise Exception("Non-zero key index not reported")
-
-    logger.debug("Invalid Key Data plaintext payload --> disconnect")
-    dev[0].dump_monitor()
-    wrapped = aes_wrap(kek, 16*b'z')
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: IE not included"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("No IEs in msg 3/4 --> disconnect")
-    dev[0].dump_monitor()
-    wrapped = aes_wrap(kek, 16*b'\x00')
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: IE mismatch"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Msg 3/4 with mismatching IE")
-    dev[0].dump_monitor()
-    wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: success"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_connected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: no GTK"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected connection completion reported")
-
-def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: ANonce change"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
-    if ev is None:
-        raise Exception("ANonce change not reported")
-
-def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: unexpected group message"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Group key 1/2 instead of msg 3/4")
-    dev[0].dump_monitor()
-    wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
-                              key_info=0x13c2)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
-    if ev is None:
-        raise Exception("Unexpected group key message not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-@remote_compatible
-def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4 with invalid KDE
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter,
-                              key_data=binascii.unhexlify('5555'))
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
-                              key_len=15)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
-    if ev is None:
-        raise Exception("Invalid CCMP key length not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: wrong group key length"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
-    if ev is None:
-        raise Exception("Invalid CCMP key length not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
-    if ev is None:
-        raise Exception("GTK Tx bit workaround not reported")
-    dev[0].wait_connected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_connected(timeout=1)
-
-    logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
-                              key_info=0x13c2)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"])
-    if ev is None:
-        raise Exception("GTK rekeing not reported")
-
-    logger.debug("Unencrypted GTK KDE in group msg 1/2")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
-    msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
-                              key_info=0x03c2)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
-    if ev is None:
-        raise Exception("Unencrypted GTK KDE not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_connected(timeout=1)
-
-    logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
-                              key_info=0x13c2)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
-    if ev is None:
-        raise Exception("Missing GTK KDE not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_connected(timeout=1)
-
-    logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
-                              key_info=0x13c2)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33",
-                            "RSN: Too long GTK in GTK KDE (len=33)"])
-    if ev is None:
-        raise Exception("Too long GTK KDE not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    dev[0].wait_disconnected(timeout=1)
-
-def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("Valid EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
-    msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
-                              key_info=0x03ca)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
-    if ev is None:
-        raise Exception("Unencrypted GTK KDE not reported")
-    dev[0].wait_disconnected(timeout=1)
-
-def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False):
-    (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0],
-                                                              ieee80211w=2)
-
-    # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-    msg = recv_eapol(hapd)
-    dev[0].dump_monitor()
-
-    # Build own EAPOL-Key msg 1/4
-    anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
-    counter = 1
-    msg = build_eapol_key_1_4(anonce, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    msg = recv_eapol(dev[0])
-    snonce = msg['rsn_key_nonce']
-
-    (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
-
-    logger.debug("EAPOL-Key msg 3/4")
-    dev[0].dump_monitor()
-    gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
-    plain = rsne + gtk_kde
-    if igtk_kde:
-        plain += igtk_kde
-    wrapped = aes_wrap(kek, pad_key_data(plain))
-    msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
-    counter += 1
-    send_eapol(dev[0], bssid, build_eapol(msg))
-    if fail:
-        dev[0].wait_disconnected(timeout=1)
-        return
-
-    dev[0].wait_connected(timeout=1)
-
-    # Verify that an unprotected broadcast Deauthentication frame is ignored
-    bssid = binascii.unhexlify(hapd.own_addr().replace(':', ''))
-    sock = start_monitor(apdev[1]["ifname"])
-    radiotap = radiotap_build()
-    frame = binascii.unhexlify("c0003a01")
-    frame += 6*b'\xff' + bssid + bssid
-    frame += binascii.unhexlify("1000" + "0300")
-    sock.send(radiotap + frame)
-    # And same with incorrect BIP protection
-    for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]:
-        frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9")
-        sock.send(radiotap + frame2)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False):
-    try:
-        run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail)
-    finally:
-        stop_monitor(apdev[1]["ifname"])
-
-def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: no IGTK KDE"""
-    run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None)
-
-def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: valid IGTK KDE"""
-    igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77')
-    run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
-
-def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID"""
-    igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77')
-    run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
-
-def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: too large IGTK KeyID"""
-    igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77')
-    run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
-
-def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev):
-    """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID"""
-    igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77')
-    run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
-
-def find_wpas_process(dev):
-    ifname = dev.ifname
-    err, data = dev.cmd_execute(['ps', 'ax'])
-    for l in data.splitlines():
-        if "wpa_supplicant" not in l:
-            continue
-        if "-i" + ifname not in l:
-            continue
-        return int(l.strip().split(' ')[0])
-    raise Exception("Could not find wpa_supplicant process")
-
-def read_process_memory(pid, key=None):
-    buf = bytes()
-    logger.info("Reading process memory (pid=%d)" % pid)
-    with open('/proc/%d/maps' % pid, 'r') as maps, \
-         open('/proc/%d/mem' % pid, 'rb') as mem:
-        for l in maps.readlines():
-            m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
-            if not m:
-                continue
-            start = int(m.group(1), 16)
-            end = int(m.group(2), 16)
-            perm = m.group(3)
-            if start > 0xffffffffffff:
-                continue
-            if end < start:
-                continue
-            if not perm.startswith('rw'):
-                continue
-            for name in ["[heap]", "[stack]"]:
-                if name in l:
-                    logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
-            mem.seek(start)
-            data = mem.read(end - start)
-            buf += data
-            if key and key in data:
-                logger.info("Key found in " + l)
-    logger.info("Total process memory read: %d bytes" % len(buf))
-    return buf
-
-def verify_not_present(buf, key, fname, keyname):
-    pos = buf.find(key)
-    if pos < 0:
-        return
-
-    prefix = 2048 if pos > 2048 else pos
-    with open(fname + keyname, 'wb') as f:
-        f.write(buf[pos - prefix:pos + 2048])
-    raise Exception(keyname + " found after disassociation")
-
-def get_key_locations(buf, key, keyname):
-    count = 0
-    pos = 0
-    while True:
-        pos = buf.find(key, pos)
-        if pos < 0:
-            break
-        logger.info("Found %s at %d" % (keyname, pos))
-        context = 128
-        start = pos - context if pos > context else 0
-        before = binascii.hexlify(buf[start:pos])
-        context += len(key)
-        end = pos + context if pos < len(buf) - context else len(buf) - context
-        after = binascii.hexlify(buf[pos + len(key):end])
-        logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
-        count += 1
-        pos += len(key)
-    return count
-
-def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
-    """WPA2-PSK and PSK/PTK lifetime in memory"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    pmk = binascii.unhexlify(psk)
-    p = hostapd.wpa2_params(ssid=ssid)
-    p['wpa_psk'] = psk
-    hapd = hostapd.add_ap(apdev[0], p)
-
-    pid = find_wpas_process(dev[0])
-
-    id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
-                        only_add_network=True)
-
-    logger.info("Checking keys in memory after network profile configuration")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-
-    dev[0].request("REMOVE_NETWORK all")
-    logger.info("Checking keys in memory after network profile removal")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-
-    id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
-                        only_add_network=True)
-
-    logger.info("Checking keys in memory before connection")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-
-    dev[0].connect_network(id, timeout=20)
-    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
-    # event has been delivered, so verify that wpa_supplicant has returned to
-    # eloop before reading process memory.
-    time.sleep(1)
-    dev[0].ping()
-
-    buf = read_process_memory(pid, pmk)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].relog()
-    ptk = None
-    gtk = None
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        for l in f.readlines():
-            if "WPA: PTK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                ptk = binascii.unhexlify(val)
-            if "WPA: Group Key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                gtk = binascii.unhexlify(val)
-    if not pmk or not ptk or not gtk:
-        raise Exception("Could not find keys from debug log")
-    if len(gtk) != 16:
-        raise Exception("Unexpected GTK length")
-
-    kck = ptk[0:16]
-    kek = ptk[16:32]
-    tk = ptk[32:48]
-
-    logger.info("Checking keys in memory while associated")
-    get_key_locations(buf, pmk, "PMK")
-    if pmk not in buf:
-        raise HwsimSkip("PMK not found while associated")
-    if kck not in buf:
-        raise Exception("KCK not found while associated")
-    if kek not in buf:
-        raise Exception("KEK not found while associated")
-    #if tk in buf:
-    #    raise Exception("TK found from memory")
-
-    logger.info("Checking keys in memory after disassociation")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-
-    # Note: PMK/PSK is still present in network configuration
-
-    fname = os.path.join(params['logdir'],
-                         'wpa2_psk_key_lifetime_in_memory.memctx-')
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    if gtk in buf:
-        get_key_locations(buf, gtk, "GTK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-    dev[0].request("REMOVE_NETWORK all")
-
-    logger.info("Checking keys in memory after network profile removal")
-    buf = read_process_memory(pid, pmk)
-    get_key_locations(buf, pmk, "PMK")
-
-    verify_not_present(buf, pmk, fname, "PMK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-@remote_compatible
-def test_ap_wpa2_psk_wep(dev, apdev):
-    """WPA2-PSK AP and WEP enabled"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        hapd.set('wep_key0', '"hello"')
-        raise Exception("WEP key accepted to WPA2 network")
-    except Exception:
-        pass
-
-def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
-    """WPA2-PSK AP and wpas interface in a bridge"""
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    try:
-        _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
-        subprocess.call(['brctl', 'delif', br_ifname, ifname])
-        subprocess.call(['brctl', 'delbr', br_ifname])
-        subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
-
-def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    subprocess.call(['brctl', 'addbr', br_ifname])
-    subprocess.call(['brctl', 'setfd', br_ifname, '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
-    subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
-    subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
-    wpas.interface_add(ifname, br_ifname=br_ifname)
-    wpas.dump_monitor()
-
-    wpas.connect(ssid, psk=passphrase, scan_freq="2412")
-    wpas.dump_monitor()
-
-@remote_compatible
-def test_ap_wpa2_psk_ifdown(dev, apdev):
-    """AP with open mode and external ifconfig down"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
-    ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No INTERFACE-DISABLED event")
-    # this wait tests beacon loss detection in mac80211
-    dev[0].wait_disconnected()
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
-    ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No INTERFACE-ENABLED event")
-    dev[0].wait_connected()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
-    """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
-    hapd = setup_psk_ext(dev[0], apdev[0])
-    bssid = apdev[0]['bssid']
-    addr = dev[0].own_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    logger.info("Drop the first EAPOL-Key msg 4/4")
-
-    # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
-    # doesn't. Use normal EAPOL TX/RX to handle retries.
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    dev[0].wait_connected()
-
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev is not None:
-        logger.info("Disconnection detected")
-        # The EAPOL-Key retries are supposed to allow the connection to be
-        # established without having to reassociate. However, this does not
-        # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
-        # after the pairwise key has been configured and AP will drop those and
-        # disconnect the station after reaching retransmission limit. Connection
-        # is then established after reassociation. Once that behavior has been
-        # optimized to prevent EAPOL-Key frame encryption for retransmission
-        # case, this exception can be uncommented here.
-        #raise Exception("Unexpected disconnection")
-
-@remote_compatible
-def test_ap_wpa2_psk_disable_enable(dev, apdev):
-    """WPA2-PSK AP getting disabled and re-enabled"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
-
-    for i in range(2):
-        hapd.request("DISABLE")
-        dev[0].wait_disconnected()
-        hapd.request("ENABLE")
-        dev[0].wait_connected()
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
-    """WPA2-PSK AP and station using incorrect passphrase"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
-                   wait_connect=False)
-    ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
-    if ev is None:
-        raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    hapd.set("wpa_passphrase", "incorrect passphrase")
-    hapd.enable()
-
-    dev[0].wait_connected(timeout=20)
-
-@remote_compatible
-def test_ap_wpa_ie_parsing(dev, apdev):
-    """WPA IE parsing"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    ssid = "test-wpa-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
-                        only_add_network=True)
-
-    tests = ["dd040050f201",
-             "dd050050f20101",
-             "dd060050f2010100",
-             "dd060050f2010001",
-             "dd070050f201010000",
-             "dd080050f20101000050",
-             "dd090050f20101000050f2",
-             "dd0a0050f20101000050f202",
-             "dd0b0050f20101000050f20201",
-             "dd0c0050f20101000050f2020100",
-             "dd0c0050f20101000050f2020000",
-             "dd0c0050f20101000050f202ffff",
-             "dd0d0050f20101000050f202010000",
-             "dd0e0050f20101000050f20201000050",
-             "dd0f0050f20101000050f20201000050f2",
-             "dd100050f20101000050f20201000050f202",
-             "dd110050f20101000050f20201000050f20201",
-             "dd120050f20101000050f20201000050f2020100",
-             "dd120050f20101000050f20201000050f2020000",
-             "dd120050f20101000050f20201000050f202ffff",
-             "dd130050f20101000050f20201000050f202010000",
-             "dd140050f20101000050f20201000050f20201000050",
-             "dd150050f20101000050f20201000050f20201000050f2"]
-    for t in tests:
-        try:
-            if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
-                raise Exception("VENDOR_ELEM_ADD failed")
-            dev[0].select_network(id)
-            ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-            if ev is None:
-                raise Exception("Association rejection not reported")
-            dev[0].request("DISCONNECT")
-            dev[0].dump_monitor()
-        finally:
-            dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-    tests = ["dd170050f20101000050f20201000050f20201000050f202ff",
-             "dd180050f20101000050f20201000050f20201000050f202ffff",
-             "dd190050f20101000050f20201000050f20201000050f202ffffff"]
-    for t in tests:
-        try:
-            if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
-                raise Exception("VENDOR_ELEM_ADD failed")
-            dev[0].select_network(id)
-            ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED',
-                                    'WPA: 4-Way Handshake failed'], timeout=10)
-            if ev is None:
-                raise Exception("Association failed unexpectedly")
-            dev[0].request("DISCONNECT")
-            dev[0].dump_monitor()
-        finally:
-            dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-@remote_compatible
-def test_ap_wpa2_psk_no_random(dev, apdev):
-    """WPA2-PSK AP and no random numbers available"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    hapd = hostapd.add_ap(apdev[0], params)
-    with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
-        id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
-                            wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Disconnection event not reported")
-        dev[0].request("DISCONNECT")
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-
-@remote_compatible
-def test_rsn_ie_proto_psk_sta(dev, apdev):
-    """RSN element protocol testing for PSK cases on STA side"""
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    # This is the RSN element used normally by hostapd
-    params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
-        raise Exception("Invalid own_ie_override value accepted")
-    id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-
-    tests = [('No RSN Capabilities field',
-              '30120100000fac040100000fac040100000fac02'),
-             ('Reserved RSN Capabilities bits set',
-              '30140100000fac040100000fac040100000fac023cff'),
-             ('Truncated RSN Capabilities field',
-              '30130100000fac040100000fac040100000fac023c'),
-             ('Extra pairwise cipher suite (unsupported)',
-              '30180100000fac040200ffffffff000fac040100000fac020c00'),
-             ('Extra AKM suite (unsupported)',
-              '30180100000fac040100000fac040200ffffffff000fac020c00'),
-             ('PMKIDCount field included',
-              '30160100000fac040100000fac040100000fac020c000000'),
-             ('Truncated PMKIDCount field',
-              '30150100000fac040100000fac040100000fac020c0000'),
-             ('Unexpected Group Management Cipher Suite with PMF disabled',
-              '301a0100000fac040100000fac040100000fac020c000000000fac06'),
-             ('Extra octet after defined fields (future extensibility)',
-              '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
-    for txt, ie in tests:
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        dev[0].request("NOTE " + txt)
-        logger.info(txt)
-        hapd.disable()
-        hapd.set('own_ie_override', ie)
-        hapd.enable()
-        dev[0].request("BSS_FLUSH 0")
-        dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-
-@remote_compatible
-def test_ap_cli_order(dev, apdev):
-    """hostapd configuration parameter SET ordering"""
-    ssid = "test-rsn-setup"
-    passphrase = 'zzzzzzzz'
-
-    hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
-    hapd.set('ssid', ssid)
-    hapd.set('wpa_passphrase', passphrase)
-    hapd.set('rsn_pairwise', 'CCMP')
-    hapd.set('wpa_key_mgmt', 'WPA-PSK')
-    hapd.set('wpa', '2')
-    hapd.enable()
-    cfg = hapd.get_config()
-    if cfg['group_cipher'] != 'CCMP':
-        raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
-    if cfg['rsn_pairwise_cipher'] != 'CCMP':
-        raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
-
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("AP startup failed")
-
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-
-def set_test_assoc_ie(dev, ie):
-    if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
-        raise Exception("Could not set TEST_ASSOC_IE")
-
-@remote_compatible
-def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
-    """WPA2-PSK AP and association request RSN IE differences"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = [("Normal wpa_supplicant assoc req RSN IE",
-              "30140100000fac040100000fac040100000fac020000"),
-             ("RSN IE without RSN Capabilities",
-              "30120100000fac040100000fac040100000fac02")]
-    for title, ie in tests:
-        logger.info(title)
-        set_test_assoc_ie(dev[0], ie)
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = [("WPA IE instead of RSN IE and only RSN enabled on AP",
-              "dd160050f20101000050f20201000050f20201000050f202", 40),
-             ("Empty RSN IE", "3000", 40),
-             ("RSN IE with truncated Version", "300101", 40),
-             ("RSN IE with only Version", "30020100", 43)]
-    for title, ie, status in tests:
-        logger.info(title)
-        set_test_assoc_ie(dev[0], ie)
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-        if ev is None:
-            raise Exception("Association rejection not reported")
-        if "status_code=" + str(status) not in ev:
-            raise Exception("Unexpected status code: " + ev)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-def test_ap_wpa2_psk_ft_workaround(dev, apdev):
-    """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
-    ssid = "test-wpa2-psk-ft"
-    passphrase = 'qwertyuiop'
-
-    params = {"wpa": "2",
-              "wpa_key_mgmt": "FT-PSK WPA-PSK",
-              "rsn_pairwise": "CCMP",
-              "ssid": ssid,
-              "wpa_passphrase": passphrase}
-    params["mobility_domain"] = "a1b2"
-    params["r0_key_lifetime"] = "10000"
-    params["pmk_r1_push"] = "1"
-    params["reassociation_deadline"] = "1000"
-    params['nas_identifier'] = "nas1.w1.fi"
-    params['r1_key_holder'] = "000102030405"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
-    set_test_assoc_ie(dev[0],
-                      "30180100000fac040100000fac040200000fac02000fac040000")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev):
-    """WPA2-PSK AP and association request RSN IE with PMKID"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
-    """WPA-PSK AP and only rsn_pairwise set"""
-    skip_without_tkip(dev[0])
-    params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
-                   scan_freq="2412")
-
-def test_ap_wpa2_eapol_retry_limit(dev, apdev):
-    """WPA2-PSK EAPOL-Key retry limit configuration"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_ptk_rekey'] = '2'
-    params['wpa_group_update_count'] = '1'
-    params['wpa_pairwise_update_count'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-
-    if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
-        raise Exception("Invalid wpa_group_update_count value accepted")
-    if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
-        raise Exception("Invalid wpa_pairwise_update_count value accepted")
-
-def test_ap_wpa2_disable_eapol_retry(dev, apdev):
-    """WPA2-PSK disable EAPOL-Key retry"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_disable_eapol_key_retries'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    logger.info("Verify working 4-way handshake without retries")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    addr = dev[0].own_addr()
-
-    logger.info("Verify no retransmission of message 3/4")
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
-    dev[0].dump_monitor()
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX (M2) to hostapd failed")
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
-    if ev is not None:
-        raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
-    """WPA2-PSK disable EAPOL-Key retry for group handshake"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_disable_eapol_key_retries'] = '1'
-    params['wpa_strict_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.wait_sta()
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.wait_sta()
-    dev[0].dump_monitor()
-    addr = dev[0].own_addr()
-
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    dev[1].request("RECONNECT")
-    dev[1].wait_connected()
-    hapd.wait_sta()
-    dev[0].dump_monitor()
-
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-    dev[1].request("DISCONNECT")
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
-    if ev is not None:
-        raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-def test_ap_wpa2_psk_mic_0(dev, apdev):
-    """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
-    skip_without_tkip(dev[0])
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['rsn_pairwise'] = "TKIP"
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
-    addr = dev[0].own_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-    dev[0].dump_monitor()
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    msg3 = ev.split(' ')[2]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 4/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    # Do not send to the AP
-
-    # EAPOL-Key msg 3/4 with MIC=0 and modifications
-    eapol_hdr = msg3[0:8]
-    key_type = msg3[8:10]
-    key_info = msg3[10:14]
-    key_length = msg3[14:18]
-    replay_counter = msg3[18:34]
-    key_nonce = msg3[34:98]
-    key_iv = msg3[98:130]
-    key_rsc = msg3[130:146]
-    key_id = msg3[146:162]
-    key_mic = msg3[162:194]
-    key_data_len = msg3[194:198]
-    key_data = msg3[198:]
-
-    msg3b = eapol_hdr + key_type
-    msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9)
-    msg3b += key_length
-    msg3b += '0000000000000003'
-    msg3b += key_nonce + key_iv + key_rsc + key_id
-    msg3b += 32*'0' # Clear MIC value
-    msg3b += key_data_len + key_data
-    dev[0].dump_monitor()
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-    ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2)
-    if ev is None:
-        raise Exception("No event from wpa_supplicant")
-    if "EAPOL-TX" in ev:
-        raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
-    dev[0].request("DISCONNECT")
-
-def test_ap_wpa2_psk_local_error(dev, apdev):
-    """WPA2-PSK and local error cases on supplicant"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(dev[0], 1, "sha1_prf;wpa_pmk_to_ptk"):
-        id = dev[0].connect(ssid, key_mgmt="WPA-PSK", psk=passphrase,
-                            scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-        if ev is None:
-            raise Exception("Disconnection event not reported")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    with fail_test(dev[0], 1, "sha256_prf;wpa_pmk_to_ptk"):
-        id = dev[0].connect(ssid, key_mgmt="WPA-PSK-SHA256", psk=passphrase,
-                            scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-        if ev is None:
-            raise Exception("Disconnection event not reported")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-def test_ap_wpa2_psk_inject_assoc(dev, apdev, params):
-    """WPA2-PSK AP and Authentication and Association Request frame injection"""
-    prefix = "ap_wpa2_psk_inject_assoc"
-    ifname = apdev[0]["ifname"]
-    cap = os.path.join(params['logdir'], prefix + "." + ifname + ".pcap")
-
-    ssid = "test"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    hapd = hostapd.add_ap(apdev[0], params)
-    wt = WlantestCapture(ifname, cap)
-    time.sleep(1)
-
-    bssid = hapd.own_addr().replace(':', '')
-
-    hapd.request("SET ext_mgmt_frame_handling 1")
-    addr = "021122334455"
-    auth = "b0003a01" + bssid + addr + bssid + '1000000001000000'
-    res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth)
-    if "OK" not in res:
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("No TX status seen")
-    ev = ev.replace("ok=0", "ok=1")
-    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-    if "OK" not in hapd.request(cmd):
-        raise Exception("MGMT_TX_STATUS_PROCESS failed")
-
-    assoc = "00003a01" + bssid + addr + bssid + '2000' + '31040500' + '000474657374' + '010802040b160c121824' + '30140100000fac040100000fac040100000fac020000'
-    res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc)
-    if "OK" not in res:
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("No TX status seen")
-    ev = ev.replace("ok=0", "ok=1")
-    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-    if "OK" not in hapd.request(cmd):
-        raise Exception("MGMT_TX_STATUS_PROCESS failed")
-    hapd.request("SET ext_mgmt_frame_handling 0")
-
-    dev[0].connect(ssid, psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    time.sleep(1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    time.sleep(0.5)
-    wt.close()
-    time.sleep(0.5)
-
-    # Check for Layer 2 Update frame and unexpected frames from the station
-    # that did not fully complete authentication.
-    res = run_tshark(cap, "basicxid.llc.xid.format == 0x81",
-                     ["eth.src"], wait=False)
-    real_sta_seen = False
-    unexpected_sta_seen = False
-    real_addr = dev[0].own_addr()
-    for l in res.splitlines():
-        if l == real_addr:
-            real_sta_seen = True
-        else:
-            unexpected_sta_seen = True
-    if unexpected_sta_seen:
-        raise Exception("Layer 2 Update frame from unexpected STA seen")
-    if not real_sta_seen:
-        raise Exception("Layer 2 Update frame from real STA not seen")
-
-    res = run_tshark(cap, "eth.src == 02:11:22:33:44:55", ["eth.src"],
-                     wait=False)
-    if len(res) > 0:
-        raise Exception("Unexpected frame from unauthorized STA seen")
-
-def test_ap_wpa2_psk_no_control_port(dev, apdev):
-    """WPA2-PSK AP without nl80211 control port"""
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['driver_params'] = "control_port=0"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="control_port=0")
-    wpas.connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(wpas, hapd)
-    if "OK" not in wpas.request("KEY_REQUEST 0 1"):
-        raise Exception("KEY_REQUEST failed")
-    ev = wpas.wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hapd.wait_ptkinitdone(wpas.own_addr())
-    hwsim_utils.test_connectivity(wpas, hapd)
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_ap_wpa2_psk_ap_control_port(dev, apdev):
-    """WPA2-PSK AP with nl80211 control port in AP mode"""
-    run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val=1)
-
-def test_ap_wpa2_psk_ap_control_port_disabled(dev, apdev):
-    """WPA2-PSK AP with nl80211 control port in AP mode disabled"""
-    run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val=0)
-
-def run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val):
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['driver_params'] = "control_port_ap=%d" % ctrl_val
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    flags = hapd.request("DRIVER_FLAGS").splitlines()[1:]
-    flags2 = hapd.request("DRIVER_FLAGS2").splitlines()[1:]
-    logger.info("AP driver flags: " + str(flags))
-    logger.info("AP driver flags2: " + str(flags2))
-    if 'CONTROL_PORT' not in flags or 'CONTROL_PORT_RX' not in flags2:
-        raise HwsimSkip("No AP driver support for CONTROL_PORT")
-
-    flags = dev[0].request("DRIVER_FLAGS").splitlines()[1:]
-    flags2 = dev[0].request("DRIVER_FLAGS2").splitlines()[1:]
-    logger.info("STA driver flags: " + str(flags))
-    logger.info("STA driver flags2: " + str(flags2))
-    if 'CONTROL_PORT' not in flags or 'CONTROL_PORT_RX' not in flags2:
-        raise HwsimSkip("No STA driver support for CONTROL_PORT")
-
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
-        raise Exception("KEY_REQUEST failed")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hapd.wait_ptkinitdone(dev[0].own_addr())
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev):
-    """RSNE mismatch in EAPOL-Key msg 3/4"""
-    ie = "30140100000fac040100000fac040100000fac020c80"
-    run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, ie)
-
-def test_ap_wpa2_psk_rsne_mismatch_ap2(dev, apdev):
-    """RSNE mismatch in EAPOL-Key msg 3/4"""
-    ie = "30150100000fac040100000fac040100000fac020c0000"
-    run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, ie)
-
-def test_ap_wpa2_psk_rsne_mismatch_ap3(dev, apdev):
-    """RSNE mismatch in EAPOL-Key msg 3/4"""
-    run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, "")
-
-def run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, rsne):
-    params = hostapd.wpa2_params(ssid="psk", passphrase="12345678")
-    params['rsne_override_eapol'] = rsne
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("psk", psk="12345678", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["Associated with"], timeout=10)
-    if ev is None:
-        raise Exception("No indication of association seen")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=5)
-    dev[0].request("REMOVE_NETWORK all")
-    if ev is None:
-        raise Exception("No disconnection seen")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Unexpected connection")
-    if "reason=17 locally_generated=1" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_ap_wpa2_psk_rsnxe_mismatch_ap(dev, apdev):
-    """RSNXE mismatch in EAPOL-Key msg 3/4"""
-    params = hostapd.wpa2_params(ssid="psk", passphrase="12345678")
-    params['rsnxe_override_eapol'] = "F40100"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("psk", psk="12345678", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["Associated with"], timeout=10)
-    if ev is None:
-        raise Exception("No indication of association seen")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=5)
-    dev[0].request("REMOVE_NETWORK all")
-    if ev is None:
-        raise Exception("No disconnection seen")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Unexpected connection")
-    if "reason=17 locally_generated=1" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap0(dev, apdev):
-    """WPA2-PSK AP and PTK rekey by AP (disabled on STA)"""
-    run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 0)
-
-def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap1(dev, apdev):
-    """WPA2-PSK AP and PTK rekey by AP (start with Key ID 0)"""
-    run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 1)
-
-def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap2(dev, apdev):
-    """WPA2-PSK AP and PTK rekey by AP (start with Key ID 1)"""
-    run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 2, 1)
-
-def run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, ap_ext_key_id,
-                                            sta_ext_key_id):
-    check_ext_key_id_capa(dev[0])
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['wpa_ptk_rekey'] = '2'
-    params['extended_key_id'] = str(ap_ext_key_id)
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_ext_key_id_capa(hapd)
-    try:
-        dev[0].set("extended_key_id", str(sta_ext_key_id))
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        expect_idx = 1 if ap_ext_key_id == 2 and sta_ext_key_id else 0
-        if idx != expect_idx:
-            raise Exception("Unexpected Key ID for the first TK: %d (expected %d)" % (idx, expect_idx))
-        ev = dev[0].wait_event(["WPA: Key negotiation completed"])
-        if ev is None:
-            raise Exception("PTK rekey timed out")
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        expect_idx = 1 if ap_ext_key_id == 1 and sta_ext_key_id else 0
-        if idx != expect_idx:
-            raise Exception("Unexpected Key ID for the second TK: %d (expected %d)" % (idx, expect_idx))
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].set("extended_key_id", "0")
-
-def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta0(dev, apdev):
-    """Extended Key ID and PTK rekey by station (Ext Key ID disabled on AP)"""
-    run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 0)
-
-def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta1(dev, apdev):
-    """Extended Key ID and PTK rekey by station (start with Key ID 0)"""
-    run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 1)
-
-def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta2(dev, apdev):
-    """Extended Key ID and PTK rekey by station (start with Key ID 1)"""
-    run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 2)
-
-def run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, ext_key_id):
-    check_ext_key_id_capa(dev[0])
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['extended_key_id'] = str(ext_key_id)
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_ext_key_id_capa(hapd)
-
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase(passphrase)
-
-    try:
-        dev[0].set("extended_key_id", "1")
-        dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1",
-                       scan_freq="2412")
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        expect_idx = 1 if ext_key_id == 2 else 0
-        if idx != expect_idx:
-            raise Exception("Unexpected Key ID for the first TK: %d (expected %d)" % (idx, expect_idx))
-        ev = dev[0].wait_event(["WPA: Key negotiation completed",
-                                "CTRL-EVENT-DISCONNECTED"])
-        if ev is None:
-            raise Exception("PTK rekey timed out")
-        if "CTRL-EVENT-DISCONNECTED" in ev:
-            raise Exception("Disconnect instead of rekey")
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        expect_idx = 1 if ext_key_id == 1 else 0
-        if idx != expect_idx:
-            raise Exception("Unexpected Key ID for the second TK: %d (expected %d)" % (idx, expect_idx))
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].set("extended_key_id", "0")
diff --git a/tests/hwsim/test_ap_qosmap.py b/tests/hwsim/test_ap_qosmap.py
deleted file mode 100644
index e4e940f0813f..000000000000
--- a/tests/hwsim/test_ap_qosmap.py
+++ /dev/null
@@ -1,169 +0,0 @@
-# QoS Mapping tests
-# Copyright (c) 2013-2016, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-import hostapd
-from utils import HwsimSkip, alloc_fail, fail_test
-from wlantest import Wlantest
-
-def check_qos_map(ap, hapd, dev, sta, dscp, tid, ap_tid=None):
-    if not ap_tid:
-        ap_tid = tid
-    bssid = ap['bssid']
-    wt = Wlantest()
-    wt.clear_sta_counters(bssid, sta)
-    hwsim_utils.test_connectivity(dev, hapd, dscp=dscp, config=False)
-    sleep_time = 0.02 if dev.hostname is None else 0.2
-    time.sleep(sleep_time)
-    tx = wt.get_tx_tid(bssid, sta, tid)
-    if tx == 0:
-        [tx, rx] = wt.get_tid_counters(bssid, sta)
-        logger.info("Expected TX DSCP " + str(dscp) + " with TID " + str(tid) + " but counters: " + str(tx))
-        raise Exception("No STA->AP data frame using the expected TID")
-    rx = wt.get_rx_tid(bssid, sta, ap_tid)
-    if rx == 0:
-        [tx, rx] = wt.get_tid_counters(bssid, sta)
-        logger.info("Expected RX DSCP " + str(dscp) + " with TID " + str(ap_tid) + " but counters: " + str(rx))
-        raise Exception("No AP->STA data frame using the expected TID")
-
-@remote_compatible
-def test_ap_qosmap(dev, apdev):
-    """QoS mapping"""
-    drv_flags = dev[0].get_driver_status_field("capa.flags")
-    if int(drv_flags, 0) & 0x40000000 == 0:
-        raise HwsimSkip("Driver does not support QoS Map")
-    ssid = "test-qosmap"
-    params = {"ssid": ssid}
-    params['qos_map_set'] = '53,2,22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    time.sleep(0.1)
-    addr = dev[0].p2p_interface_addr()
-    dev[0].request("DATA_TEST_CONFIG 1")
-    hapd.request("DATA_TEST_CONFIG 1")
-    Wlantest.setup(hapd)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 53, 2)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 22, 6)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 8, 0)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 15, 0)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 0, 1)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 7, 1)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 16, 3)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 31, 3)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 32, 4)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 39, 4)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 40, 6)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 47, 6)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 48, 7)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 55, 7)
-    hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55")
-    hapd.request("SEND_QOS_MAP_CONF " + dev[0].get_status_field("address"))
-    check_qos_map(apdev[0], hapd, dev[0], addr, 53, 7)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 22, 6)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 48, 7)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 55, 7)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 56, 56 >> 3)
-    check_qos_map(apdev[0], hapd, dev[0], addr, 63, 63 >> 3)
-    dev[0].request("DATA_TEST_CONFIG 0")
-    hapd.request("DATA_TEST_CONFIG 0")
-
-@remote_compatible
-def test_ap_qosmap_default(dev, apdev):
-    """QoS mapping with default values"""
-    ssid = "test-qosmap-default"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    dev[0].request("DATA_TEST_CONFIG 1")
-    hapd.request("DATA_TEST_CONFIG 1")
-    Wlantest.setup(hapd)
-    for dscp in [0, 7, 8, 15, 16, 23, 24, 31, 32, 39, 40, 47, 48, 55, 56, 63]:
-        check_qos_map(apdev[0], hapd, dev[0], addr, dscp, dscp >> 3)
-    dev[0].request("DATA_TEST_CONFIG 0")
-    hapd.request("DATA_TEST_CONFIG 0")
-
-@remote_compatible
-def test_ap_qosmap_default_acm(dev, apdev):
-    """QoS mapping with default values and ACM=1 for VO/VI"""
-    ssid = "test-qosmap-default"
-    params = {"ssid": ssid,
-              "wmm_ac_bk_aifs": "7",
-              "wmm_ac_bk_cwmin": "4",
-              "wmm_ac_bk_cwmax": "10",
-              "wmm_ac_bk_txop_limit": "0",
-              "wmm_ac_bk_acm": "0",
-              "wmm_ac_be_aifs": "3",
-              "wmm_ac_be_cwmin": "4",
-              "wmm_ac_be_cwmax": "10",
-              "wmm_ac_be_txop_limit": "0",
-              "wmm_ac_be_acm": "0",
-              "wmm_ac_vi_aifs": "2",
-              "wmm_ac_vi_cwmin": "3",
-              "wmm_ac_vi_cwmax": "4",
-              "wmm_ac_vi_txop_limit": "94",
-              "wmm_ac_vi_acm": "1",
-              "wmm_ac_vo_aifs": "2",
-              "wmm_ac_vo_cwmin": "2",
-              "wmm_ac_vo_cwmax": "2",
-              "wmm_ac_vo_txop_limit": "47",
-              "wmm_ac_vo_acm": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    dev[0].request("DATA_TEST_CONFIG 1")
-    hapd.request("DATA_TEST_CONFIG 1")
-    Wlantest.setup(hapd)
-    for dscp in [0, 7, 8, 15, 16, 23, 24, 31, 32, 39, 40, 47, 48, 55, 56, 63]:
-        ap_tid = dscp >> 3
-        tid = ap_tid
-        # downgrade VI/VO to BE
-        if tid in [4, 5, 6, 7]:
-            tid = 3
-        check_qos_map(apdev[0], hapd, dev[0], addr, dscp, tid, ap_tid)
-    dev[0].request("DATA_TEST_CONFIG 0")
-    hapd.request("DATA_TEST_CONFIG 0")
-
-@remote_compatible
-def test_ap_qosmap_invalid(dev, apdev):
-    """QoS mapping ctrl_iface error handling"""
-    ssid = "test-qosmap"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"):
-        raise Exception("Unexpected SEND_QOS_MAP_CONF success")
-    if "FAIL" not in hapd.request("SET_QOS_MAP_SET "):
-        raise Exception("Unexpected SET_QOS_MAP_SET success")
-    if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3"):
-        raise Exception("Unexpected SET_QOS_MAP_SET success")
-    if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,-2,3"):
-        raise Exception("Unexpected SET_QOS_MAP_SET success")
-    if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59"):
-        raise Exception("Unexpected SET_QOS_MAP_SET success")
-    if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21"):
-        raise Exception("Unexpected SET_QOS_MAP_SET success")
-
-    if "FAIL" in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"):
-        raise Exception("Unexpected SET_QOS_MAP_SET failure")
-    if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"):
-        raise Exception("Unexpected SEND_QOS_MAP_CONF success")
-    if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44"):
-        raise Exception("Unexpected SEND_QOS_MAP_CONF success")
-
-    with fail_test(hapd, 1, "hostapd_ctrl_iface_set_qos_map_set"):
-        if "FAIL" not in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"):
-            raise Exception("SET_QOS_MAP_SET accepted during forced driver failure")
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    with alloc_fail(hapd, 1,
-                    "wpabuf_alloc;hostapd_ctrl_iface_send_qos_map_conf"):
-        if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF " + dev[0].own_addr()):
-            raise Exception("SEND_QOS_MAP_CONF accepted during OOM")
diff --git a/tests/hwsim/test_ap_roam.py b/tests/hwsim/test_ap_roam.py
deleted file mode 100644
index 0bc54b391e86..000000000000
--- a/tests/hwsim/test_ap_roam.py
+++ /dev/null
@@ -1,395 +0,0 @@
-# Roaming tests
-# Copyright (c) 2013-2021, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-
-@remote_compatible
-def test_ap_roam_open(dev, apdev):
-    """Roam between two open APs"""
-    hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE")
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": "test-open"})
-    dev[0].scan(type="ONLY")
-    dev[0].roam(apdev[1]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-    dev[0].roam(apdev[0]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-def test_ap_ignore_bssid_all(dev, apdev, params):
-    """Ensure we clear the ignore BSSID list if all visible APs reject"""
-    hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open", "max_num_sta": "0"})
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": "test-open", "max_num_sta": "0"})
-    bss0 = hapd0.own_addr()
-    bss1 = hapd1.own_addr()
-
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False, bssid=bss0)
-    if not dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10):
-        raise Exception("AP 0 didn't reject us")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False, bssid=bss1)
-    if not dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10):
-        raise Exception("AP 1 didn't reject us")
-    ignore_list = get_bssid_ignore_list(dev[0])
-    logger.info("ignore list: " + str(ignore_list))
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    hapd0.set("max_num_sta", "1")
-    # All visible APs were ignored; we should clear the ignore list and find
-    # the AP that now accepts us.
-    dev[0].scan_for_bss(bss0, freq=2412)
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412", bssid=bss0)
-
-@remote_compatible
-def test_ap_roam_open_failed(dev, apdev):
-    """Roam failure due to rejected authentication"""
-    hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    params = {"ssid": "test-open", "max_num_sta": "0"}
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid = hapd1.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("ROAM " + bssid):
-        raise Exception("ROAM failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], 1)
-    if not ev:
-        raise Exception("CTRL-EVENT-AUTH-REJECT was not seen")
-
-    dev[0].wait_connected(timeout=5)
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-def test_ap_roam_open_failed_ssid_mismatch(dev, apdev):
-    """Roam failure due to SSID mismatch"""
-    hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    bssid0 = hapd0.own_addr()
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": "test-open2"})
-    bssid1 = hapd1.own_addr()
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(bssid0, freq=2412)
-    dev[0].scan_for_bss(bssid1, freq=2412)
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    hapd0.wait_sta()
-    bssid = dev[0].get_status_field("bssid")
-    if bssid != bssid0:
-        raise Exception("Unexpected BSSID reported after initial connection: " + bssid)
-    if "FAIL" not in dev[0].request("ROAM " + bssid1):
-        raise Exception("ROAM succeed unexpectedly")
-    bssid = dev[0].get_status_field("bssid")
-    if bssid != bssid0:
-        raise Exception("Unexpected BSSID reported after failed roam attempt: " + bssid)
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-@remote_compatible
-def test_ap_roam_wpa2_psk(dev, apdev):
-    """Roam between two WPA2-PSK APs"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-psk", psk="12345678")
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan(type="ONLY")
-    dev[0].roam(apdev[1]['bssid'])
-    hapd1.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-    dev[0].roam(apdev[0]['bssid'])
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-def test_ap_roam_wpa2_psk_pmf_mismatch(dev, apdev):
-    """Roam between two WPA2-PSK APs - PMF mismatch"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    params['ieee80211w'] = '1'
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-    params['ieee80211w'] = '0'
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(bssid0, freq=2412)
-    dev[0].scan_for_bss(bssid1, freq=2412)
-    dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w='2')
-    hapd0.wait_sta()
-    bssid = dev[0].get_status_field("bssid")
-    if bssid != bssid0:
-        raise Exception("Unexpected BSSID reported after initial connection: " + bssid)
-    if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
-        raise Exception("ROAM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-    if ev is not None:
-        raise Exception("Unexpected connection reported")
-    bssid = dev[0].get_status_field("bssid")
-    if bssid != bssid0:
-        raise Exception("Unexpected BSSID reported after failed roam attempt: " + bssid)
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-def get_bssid_ignore_list(dev):
-    return dev.request("BSSID_IGNORE").splitlines()
-
-def test_ap_reconnect_auth_timeout(dev, apdev, params):
-    """Reconnect to 2nd AP and authentication times out"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5",
-                       drv_params="force_connect_cmd=1,force_bss_selection=1")
-
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    wpas.scan_for_bss(bssid0, freq=2412)
-    id = wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(wpas, hapd0)
-
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-
-    wpas.request("BSSID_IGNORE " + bssid0)
-
-    wpas.scan_for_bss(bssid1, freq=2412)
-    wpas.request("DISCONNECT")
-    if "OK" not in wpas.request("SET ignore_auth_resp 1"):
-        raise Exception("SET ignore_auth_resp failed")
-    if "OK" not in wpas.request("ENABLE_NETWORK " + str(id)):
-        raise Exception("ENABLE_NETWORK failed")
-    if "OK" not in wpas.request("SELECT_NETWORK " + str(id)):
-        raise Exception("SELECT_NETWORK failed")
-
-    logger.info("Wait ~10s for auth timeout...")
-    time.sleep(10)
-    ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], 12)
-    if not ev:
-        raise Exception("CTRL-EVENT-SCAN-STARTED not seen")
-
-    b = get_bssid_ignore_list(wpas)
-    if '00:00:00:00:00:00' in b:
-        raise Exception("Unexpected ignore list contents: " + str(b))
-    if bssid1 not in b:
-        raise Exception("Unexpected ignore list contents: " + str(b))
-
-def test_ap_roam_with_reassoc_auth_timeout(dev, apdev, params):
-    """Roam using reassoc between two APs and authentication times out"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5",
-                       drv_params="force_connect_cmd=1,force_bss_selection=1")
-
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    bssid0 = hapd0.own_addr()
-
-    id = wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(wpas, hapd0)
-
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid1 = hapd1.own_addr()
-    wpas.scan_for_bss(bssid1, freq=2412)
-
-    if "OK" not in wpas.request("SET_NETWORK " + str(id) + " bssid " + bssid1):
-        raise Exception("SET_NETWORK failed")
-    if "OK" not in wpas.request("SET ignore_auth_resp 1"):
-        raise Exception("SET ignore_auth_resp failed")
-    if "OK" not in wpas.request("REASSOCIATE"):
-        raise Exception("REASSOCIATE failed")
-
-    logger.info("Wait ~10s for auth timeout...")
-    time.sleep(10)
-    ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], 12)
-    if not ev:
-        raise Exception("CTRL-EVENT-SCAN-STARTED not seen")
-
-    b = get_bssid_ignore_list(wpas)
-    if bssid0 in b:
-        raise Exception("Unexpected ignore list contents: " + str(b))
-
-def test_ap_roam_wpa2_psk_failed(dev, apdev, params):
-    """Roam failure with WPA2-PSK AP due to wrong passphrase"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    params['wpa_passphrase'] = "22345678"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    bssid = hapd1.own_addr()
-    dev[0].scan_for_bss(bssid, freq=2412)
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("ROAM " + bssid):
-        raise Exception("ROAM failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED",
-                            "CTRL-EVENT-CONNECTED"], 5)
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Got unexpected CTRL-EVENT-CONNECTED")
-    if "CTRL-EVENT-SSID-TEMP-DISABLED" not in ev:
-        raise Exception("CTRL-EVENT-SSID-TEMP-DISABLED not seen")
-
-    if "OK" not in dev[0].request("SELECT_NETWORK id=" + str(id)):
-        raise Exception("SELECT_NETWORK failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-REENABLED"], 3)
-    if not ev:
-        raise Exception("CTRL-EVENT-SSID-REENABLED not seen")
-
-    dev[0].wait_connected(timeout=5)
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-@remote_compatible
-def test_ap_reassociation_to_same_bss(dev, apdev):
-    """Reassociate to the same BSS"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE")
-    hapd.wait_sta()
-
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=10, error="Reassociation timed out")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[0].request("REATTACH")
-    dev[0].wait_connected(timeout=10, error="Reattach timed out")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    # Wait for previous scan results to expire to trigger new scan
-    time.sleep(5)
-    dev[0].request("REATTACH")
-    dev[0].wait_connected(timeout=10, error="Reattach timed out")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_ap_roam_set_bssid(dev, apdev):
-    """Roam control"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    hostapd.add_ap(apdev[1], {"ssid": "test-open"})
-    id = dev[0].connect("test-open", key_mgmt="NONE", bssid=apdev[1]['bssid'],
-                        scan_freq="2412")
-    if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
-        raise Exception("Unexpected BSS")
-    # for now, these are just verifying that the code path to indicate
-    # within-ESS roaming changes can be executed; the actual results of those
-    # operations are not currently verified (that would require a test driver
-    # that does BSS selection)
-    dev[0].set_network(id, "bssid", "")
-    dev[0].set_network(id, "bssid", apdev[0]['bssid'])
-    dev[0].set_network(id, "bssid", apdev[1]['bssid'])
-
-@remote_compatible
-def test_ap_roam_wpa2_psk_race(dev, apdev):
-    """Roam between two WPA2-PSK APs and try to hit a disconnection race"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-    params['channel'] = '2'
-    hapd1 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq=2417)
-    dev[0].roam(apdev[1]['bssid'])
-    hapd1.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-    dev[0].roam(apdev[0]['bssid'])
-    hapd0.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    # Wait at least two seconds to trigger the previous issue with the
-    # disconnection callback.
-    for i in range(3):
-        time.sleep(0.8)
-        hwsim_utils.test_connectivity(dev[0], hapd0)
-
-def test_ap_roam_signal_level_override(dev, apdev):
-    """Roam between two APs based on driver signal level override"""
-    hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    bssid0 = apdev[0]['bssid']
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": "test-open"})
-    bssid1 = apdev[1]['bssid']
-    dev[0].scan_for_bss(bssid0, freq=2412)
-    dev[0].scan_for_bss(bssid1, freq=2412)
-
-    dev[0].connect("test-open", key_mgmt="NONE")
-    bssid = dev[0].get_status_field('bssid')
-    if bssid == bssid0:
-        dst = bssid1
-        src = bssid0
-    else:
-        dst = bssid0
-        src = bssid1
-
-    dev[0].scan(freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], 0.5)
-    if ev is not None:
-        raise Exception("Unexpected roam")
-
-    orig_res = dev[0].request("SIGNAL_POLL")
-    dev[0].set("driver_signal_override", src + " -1 -2 -3 -4 -5")
-    res = dev[0].request("SIGNAL_POLL").splitlines()
-    if "RSSI=-1" not in res or \
-       "AVG_RSSI=-2" not in res or \
-       "AVG_BEACON_RSSI=-3" not in res or \
-       "NOISE=-4" not in res:
-        raise Exception("SIGNAL_POLL override did not work: " + str(res))
-
-    dev[0].set("driver_signal_override", src)
-    new_res = dev[0].request("SIGNAL_POLL")
-    if orig_res != new_res:
-        raise Exception("SIGNAL_POLL restore did not work: " + new_res)
-
-    tests = [("-30 -30 -30 -95 -30", "-30 -30 -30 -95 -30"),
-             ("-30 -30 -30 -95 -30", "-20 -20 -20 -95 -20"),
-             ("-90 -90 -90 -95 -90", "-89 -89 -89 -95 -89"),
-             ("-90 -90 -90 -95 -95", "-89 -89 -89 -95 -89")]
-    for src_override, dst_override in tests:
-        dev[0].set("driver_signal_override", src + " " + src_override)
-        dev[0].set("driver_signal_override", dst + " " + dst_override)
-        dev[0].scan(freq=2412)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], 0.1)
-        if ev is not None:
-            raise Exception("Unexpected roam")
-        dev[0].dump_monitor()
-
-    dev[0].set("driver_signal_override", src + " -90 -90 -90 -95 -90")
-    dev[0].set("driver_signal_override", dst + " -80 -80 -80 -95 -80")
-    dev[0].scan(freq=2412)
-    dev[0].wait_connected()
-    if dst != dev[0].get_status_field('bssid'):
-        raise Exception("Unexpected AP after roam")
-    dev[0].dump_monitor()
-
-def test_ap_roam_during_scan(dev, apdev):
-    """Roam command during a scan operation"""
-    hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].scan_for_bss(hapd0.own_addr(), freq=2412)
-    dev[0].connect("test-open", key_mgmt="NONE")
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": "test-open"})
-    dev[0].scan_for_bss(hapd1.own_addr(), freq=2412)
-    if "OK" not in dev[0].request("SCAN"):
-        raise Exception("Failed to start scan")
-    if "OK" not in dev[0].request("ROAM " + hapd1.own_addr()):
-        raise Exception("Failed to issue ROAM")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection not reported after ROAM")
-    if hapd1.own_addr() not in ev:
-        raise Exception("Connected to unexpected AP")
diff --git a/tests/hwsim/test_ap_tdls.py b/tests/hwsim/test_ap_tdls.py
deleted file mode 100644
index 8cdd00235567..000000000000
--- a/tests/hwsim/test_ap_tdls.py
+++ /dev/null
@@ -1,652 +0,0 @@
-# TDLS tests
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-import subprocess
-
-import hwsim_utils
-from hostapd import HostapdGlobal
-from hostapd import Hostapd
-import hostapd
-from utils import *
-from wlantest import Wlantest
-
-def start_ap_wpa2_psk(ap):
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    return hostapd.add_ap(ap, params)
-
-def connectivity(dev, hapd):
-    hwsim_utils.test_connectivity_sta(dev[0], dev[1])
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    hwsim_utils.test_connectivity(dev[1], hapd)
-
-def connect_2sta(dev, ssid, hapd, sae=False):
-    key_mgmt = "SAE" if sae else "WPA-PSK"
-    ieee80211w = "2" if sae else "1"
-    dev[0].connect(ssid, key_mgmt=key_mgmt, psk="12345678",
-                   ieee80211w=ieee80211w, scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt=key_mgmt, psk="12345678",
-                   ieee80211w=ieee80211w, scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    connectivity(dev, hapd)
-
-def connect_2sta_wpa2_psk(dev, hapd):
-    connect_2sta(dev, "test-wpa2-psk", hapd)
-
-def connect_2sta_wpa_psk(dev, hapd):
-    connect_2sta(dev, "test-wpa-psk", hapd)
-
-def connect_2sta_wpa_psk_mixed(dev, hapd):
-    dev[0].connect("test-wpa-mixed-psk", psk="12345678", proto="WPA",
-                   scan_freq="2412")
-    dev[1].connect("test-wpa-mixed-psk", psk="12345678", proto="WPA2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    connectivity(dev, hapd)
-
-def connect_2sta_wep(dev, hapd):
-    dev[0].connect("test-wep", key_mgmt="NONE", wep_key0='"hello"',
-                   scan_freq="2412")
-    dev[1].connect("test-wep", key_mgmt="NONE", wep_key0='"hello"',
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    connectivity(dev, hapd)
-
-def connect_2sta_open(dev, hapd, scan_freq="2412"):
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq=scan_freq)
-    dev[1].connect("test-open", key_mgmt="NONE", scan_freq=scan_freq)
-    hapd.wait_sta()
-    hapd.wait_sta()
-    connectivity(dev, hapd)
-
-def wlantest_setup(hapd):
-    Wlantest.setup(hapd)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    wt.add_wepkey("68656c6c6f")
-
-def wlantest_tdls_packet_counters(bssid, addr0, addr1):
-    wt = Wlantest()
-    dl = wt.get_tdls_counter("valid_direct_link", bssid, addr0, addr1)
-    inv_dl = wt.get_tdls_counter("invalid_direct_link", bssid, addr0, addr1)
-    ap = wt.get_tdls_counter("valid_ap_path", bssid, addr0, addr1)
-    inv_ap = wt.get_tdls_counter("invalid_ap_path", bssid, addr0, addr1)
-    return [dl, inv_dl, ap, inv_ap]
-
-def tdls_check_dl(sta0, sta1, bssid, addr0, addr1):
-    wt = Wlantest()
-    wt.tdls_clear(bssid, addr0, addr1)
-    hwsim_utils.test_connectivity_sta(sta0, sta1)
-    [dl, inv_dl, ap, inv_ap] = wlantest_tdls_packet_counters(bssid, addr0, addr1)
-    if dl == 0:
-        raise Exception("No valid frames through direct link")
-    if inv_dl > 0:
-        raise Exception("Invalid frames through direct link")
-    if ap > 0:
-        raise Exception("Unexpected frames through AP path")
-    if inv_ap > 0:
-        raise Exception("Invalid frames through AP path")
-
-def tdls_check_ap(sta0, sta1, bssid, addr0, addr1):
-    wt = Wlantest()
-    wt.tdls_clear(bssid, addr0, addr1)
-    hwsim_utils.test_connectivity_sta(sta0, sta1)
-    [dl, inv_dl, ap, inv_ap] = wlantest_tdls_packet_counters(bssid, addr0, addr1)
-    if dl > 0:
-        raise Exception("Unexpected frames through direct link")
-    if inv_dl > 0:
-        raise Exception("Invalid frames through direct link")
-    if ap == 0:
-        raise Exception("No valid frames through AP path")
-    if inv_ap > 0:
-        raise Exception("Invalid frames through AP path")
-
-def check_connectivity(sta0, sta1, hapd):
-    hwsim_utils.test_connectivity_sta(sta0, sta1)
-    hwsim_utils.test_connectivity(sta0, hapd)
-    hwsim_utils.test_connectivity(sta1, hapd)
-
-def setup_tdls(sta0, sta1, hapd, reverse=False, expect_fail=False, sae=False):
-    logger.info("Setup TDLS")
-    check_connectivity(sta0, sta1, hapd)
-    bssid = hapd.own_addr()
-    addr0 = sta0.p2p_interface_addr()
-    addr1 = sta1.p2p_interface_addr()
-    wt = Wlantest()
-    wt.tdls_clear(bssid, addr0, addr1)
-    wt.tdls_clear(bssid, addr1, addr0)
-    sta0.tdls_setup(addr1)
-    time.sleep(1)
-    if expect_fail:
-        if not sae:
-            tdls_check_ap(sta0, sta1, bssid, addr0, addr1)
-        return
-    if reverse:
-        addr1 = sta0.p2p_interface_addr()
-        addr0 = sta1.p2p_interface_addr()
-    if not sae:
-        conf = wt.get_tdls_counter("setup_conf_ok", bssid, addr0, addr1)
-        if conf == 0:
-            raise Exception("No TDLS Setup Confirm (success) seen")
-        tdls_check_dl(sta0, sta1, bssid, addr0, addr1)
-    check_connectivity(sta0, sta1, hapd)
-
-def teardown_tdls(sta0, sta1, hapd, responder=False, wildcard=False, sae=False):
-    logger.info("Teardown TDLS")
-    check_connectivity(sta0, sta1, hapd)
-    bssid = hapd.own_addr()
-    addr0 = sta0.p2p_interface_addr()
-    addr1 = sta1.p2p_interface_addr()
-    if responder:
-        sta1.tdls_teardown(addr0)
-    elif wildcard:
-        sta0.tdls_teardown("*")
-    else:
-        sta0.tdls_teardown(addr1)
-    time.sleep(1)
-    if not sae:
-        wt = Wlantest()
-        teardown = wt.get_tdls_counter("teardown", bssid, addr0, addr1)
-        if teardown == 0:
-            raise Exception("No TDLS Setup Teardown seen")
-        tdls_check_ap(sta0, sta1, bssid, addr0, addr1)
-    check_connectivity(sta0, sta1, hapd)
-
-def check_tdls_link(sta0, sta1, connected=True):
-    addr0 = sta0.own_addr()
-    addr1 = sta1.own_addr()
-    status0 = sta0.tdls_link_status(addr1).rstrip()
-    status1 = sta1.tdls_link_status(addr0).rstrip()
-    logger.info("%s: %s" % (sta0.ifname, status0))
-    logger.info("%s: %s" % (sta1.ifname, status1))
-    if status0 != status1:
-        raise Exception("TDLS link status differs between stations")
-    if "status: connected" in status0:
-        if not connected:
-            raise Exception("Expected TDLS link status NOT to be connected")
-    else:
-        if connected:
-            raise Exception("Expected TDLS link status to be connected")
-
-@remote_compatible
-def test_ap_tdls_discovery(dev, apdev):
-    """WPA2-PSK AP and two stations using TDLS discovery"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[0].request("TDLS_DISCOVER " + dev[1].p2p_interface_addr())
-    time.sleep(0.2)
-
-def test_ap_wpa2_tdls(dev, apdev):
-    """WPA2-PSK AP and two stations using TDLS"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    teardown_tdls(dev[0], dev[1], hapd)
-    setup_tdls(dev[1], dev[0], hapd)
-    #teardown_tdls(dev[0], dev[1], hapd)
-
-def test_ap_wpa2_tdls_concurrent_init(dev, apdev):
-    """Concurrent TDLS setup initiation"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[0].request("SET tdls_testing 0x80")
-    setup_tdls(dev[1], dev[0], hapd, reverse=True)
-
-def test_ap_wpa2_tdls_concurrent_init2(dev, apdev):
-    """Concurrent TDLS setup initiation (reverse)"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[1].request("SET tdls_testing 0x80")
-    setup_tdls(dev[0], dev[1], hapd)
-
-def test_ap_wpa2_tdls_decline_resp(dev, apdev):
-    """Decline TDLS Setup Response"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[1].request("SET tdls_testing 0x200")
-    setup_tdls(dev[1], dev[0], hapd, expect_fail=True)
-
-def test_ap_wpa2_tdls_long_lifetime(dev, apdev):
-    """TDLS with long TPK lifetime"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[1].request("SET tdls_testing 0x40")
-    setup_tdls(dev[1], dev[0], hapd)
-
-def test_ap_wpa2_tdls_long_frame(dev, apdev):
-    """TDLS with long setup/teardown frames"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[0].request("SET tdls_testing 0x1")
-    dev[1].request("SET tdls_testing 0x1")
-    setup_tdls(dev[1], dev[0], hapd)
-    teardown_tdls(dev[1], dev[0], hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-
-def test_ap_wpa2_tdls_reneg(dev, apdev):
-    """Renegotiate TDLS link"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    setup_tdls(dev[1], dev[0], hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-
-def test_ap_wpa2_tdls_wrong_lifetime_resp(dev, apdev):
-    """Incorrect TPK lifetime in TDLS Setup Response"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[1].request("SET tdls_testing 0x10")
-    setup_tdls(dev[0], dev[1], hapd, expect_fail=True)
-
-def test_ap_wpa2_tdls_diff_rsnie(dev, apdev):
-    """TDLS with different RSN IEs"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[1].request("SET tdls_testing 0x2")
-    setup_tdls(dev[1], dev[0], hapd)
-    teardown_tdls(dev[1], dev[0], hapd)
-
-def test_ap_wpa2_tdls_wrong_tpk_m2_mic(dev, apdev):
-    """Incorrect MIC in TDLS Setup Response"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[0].request("SET tdls_testing 0x800")
-    addr0 = dev[0].p2p_interface_addr()
-    dev[1].tdls_setup(addr0)
-    time.sleep(1)
-
-def test_ap_wpa2_tdls_wrong_tpk_m3_mic(dev, apdev):
-    """Incorrect MIC in TDLS Setup Confirm"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[1].request("SET tdls_testing 0x800")
-    addr0 = dev[0].p2p_interface_addr()
-    dev[1].tdls_setup(addr0)
-    time.sleep(1)
-
-def test_ap_wpa2_tdls_double_tpk_m2(dev, apdev):
-    """Double TPK M2 during TDLS setup initiation"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    dev[0].request("SET tdls_testing 0x1000")
-    setup_tdls(dev[1], dev[0], hapd)
-
-def test_ap_wpa_tdls(dev, apdev):
-    """WPA-PSK AP and two stations using TDLS"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    skip_without_tkip(dev[1])
-    hapd = hostapd.add_ap(apdev[0],
-                          hostapd.wpa_params(ssid="test-wpa-psk",
-                                             passphrase="12345678"))
-    wlantest_setup(hapd)
-    connect_2sta_wpa_psk(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    teardown_tdls(dev[0], dev[1], hapd)
-    setup_tdls(dev[1], dev[0], hapd)
-
-def test_ap_wpa_mixed_tdls(dev, apdev):
-    """WPA+WPA2-PSK AP and two stations using TDLS"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    hapd = hostapd.add_ap(apdev[0],
-                          hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk",
-                                                   passphrase="12345678"))
-    wlantest_setup(hapd)
-    connect_2sta_wpa_psk_mixed(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    teardown_tdls(dev[0], dev[1], hapd)
-    setup_tdls(dev[1], dev[0], hapd)
-
-def test_ap_wep_tdls(dev, apdev):
-    """WEP AP and two stations using TDLS"""
-    check_wep_capa(dev[0])
-    check_wep_capa(dev[1])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "test-wep", "wep_key0": '"hello"'})
-    wlantest_setup(hapd)
-    connect_2sta_wep(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    teardown_tdls(dev[0], dev[1], hapd)
-    setup_tdls(dev[1], dev[0], hapd)
-
-def test_ap_open_tdls(dev, apdev):
-    """Open AP and two stations using TDLS"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    wlantest_setup(hapd)
-    connect_2sta_open(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    teardown_tdls(dev[0], dev[1], hapd)
-    setup_tdls(dev[1], dev[0], hapd)
-    teardown_tdls(dev[1], dev[0], hapd, wildcard=True)
-
-def test_ap_wpa2_tdls_bssid_mismatch(dev, apdev):
-    """TDLS failure due to BSSID mismatch"""
-    try:
-        ssid = "test-wpa2-psk"
-        passphrase = "12345678"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        params['bridge'] = 'ap-br0'
-        hapd = hostapd.add_ap(apdev[0], params)
-        hostapd.add_ap(apdev[1], params)
-        wlantest_setup(hapd)
-        subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
-                       bssid=apdev[0]['bssid'])
-        dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
-                       bssid=apdev[1]['bssid'])
-        hwsim_utils.test_connectivity_sta(dev[0], dev[1])
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
-        hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
-
-        addr0 = dev[0].p2p_interface_addr()
-        dev[1].tdls_setup(addr0)
-        time.sleep(1)
-        hwsim_utils.test_connectivity_sta(dev[0], dev[1])
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
-        subprocess.call(['brctl', 'delbr', 'ap-br0'])
-
-def test_ap_wpa2_tdls_responder_teardown(dev, apdev):
-    """TDLS teardown from responder with WPA2-PSK AP"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    teardown_tdls(dev[0], dev[1], hapd, responder=True)
-
-def tdls_clear_reg(hapd, dev):
-    if hapd:
-        hapd.request("DISABLE")
-    dev[1].request("DISCONNECT")
-    dev[0].disconnect_and_stop_scan()
-    dev[1].disconnect_and_stop_scan()
-    subprocess.call(['iw', 'reg', 'set', '00'])
-    dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-def test_ap_open_tdls_vht(dev, apdev):
-    """Open AP and two stations using TDLS"""
-    params = {"ssid": "test-open",
-              "country_code": "DE",
-              "hw_mode": "a",
-              "channel": "36",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "ht_capab": "",
-              "vht_capab": "",
-              "vht_oper_chwidth": "0",
-              "vht_oper_centr_freq_seg0_idx": "0"}
-    hapd = None
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-        wlantest_setup(hapd)
-        connect_2sta_open(dev, hapd, scan_freq="5180")
-        setup_tdls(dev[0], dev[1], hapd)
-        teardown_tdls(dev[0], dev[1], hapd)
-        setup_tdls(dev[1], dev[0], hapd)
-        teardown_tdls(dev[1], dev[0], hapd, wildcard=True)
-    finally:
-        tdls_clear_reg(hapd, dev)
-
-def test_ap_open_tdls_vht80(dev, apdev):
-    """Open AP and two stations using TDLS with VHT 80"""
-    params = {"ssid": "test-open",
-              "country_code": "US",
-              "hw_mode": "a",
-              "channel": "36",
-              "ht_capab": "[HT40+]",
-              "vht_capab": "[VHT160]",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_capab": "",
-              "vht_oper_chwidth": "1",
-              "vht_oper_centr_freq_seg0_idx": "42"}
-    try:
-        hapd = None
-        hapd = hostapd.add_ap(apdev[0], params)
-        wlantest_setup(hapd)
-        connect_2sta_open(dev, hapd, scan_freq="5180")
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "WIDTH=80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        setup_tdls(dev[0], dev[1], hapd)
-        for i in range(10):
-            check_connectivity(dev[0], dev[1], hapd)
-        for i in range(2):
-            cmd = subprocess.Popen(['iw', dev[0].ifname, 'station', 'dump'],
-                                   stdout=subprocess.PIPE)
-            res = cmd.stdout.read()
-            cmd.stdout.close()
-            logger.info("Station dump on dev[%d]:\n%s" % (i, res.decode()))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        tdls_clear_reg(hapd, dev)
-
-def test_ap_open_tdls_vht80plus80(dev, apdev):
-    """Open AP and two stations using TDLS with VHT 80+80"""
-    params = {"ssid": "test-open",
-              "country_code": "US",
-              "hw_mode": "a",
-              "channel": "36",
-              "ht_capab": "[HT40+]",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_capab": "[VHT160-80PLUS80]",
-              "vht_oper_chwidth": "3",
-              "vht_oper_centr_freq_seg0_idx": "42",
-              "vht_oper_centr_freq_seg1_idx": "155"}
-    try:
-        hapd = None
-        hapd = hostapd.add_ap(apdev[0], params)
-        wlantest_setup(hapd)
-        connect_2sta_open(dev, hapd, scan_freq="5180")
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        if "CENTER_FRQ1=5210" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-        if "CENTER_FRQ2=5775" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-        setup_tdls(dev[0], dev[1], hapd)
-        for i in range(10):
-            check_connectivity(dev[0], dev[1], hapd)
-        for i in range(2):
-            cmd = subprocess.Popen(['iw', dev[0].ifname, 'station', 'dump'],
-                                   stdout=subprocess.PIPE)
-            res = cmd.stdout.read()
-            cmd.stdout.close()
-            logger.info("Station dump on dev[%d]:\n%s" % (i, res.decode()))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        tdls_clear_reg(hapd, dev)
-
-def test_ap_open_tdls_vht160(dev, apdev):
-    """Open AP and two stations using TDLS with VHT 160"""
-    params = {"ssid": "test-open",
-              "country_code": "ZA",
-              "hw_mode": "a",
-              "channel": "104",
-              "ht_capab": "[HT40-]",
-              "vht_capab": "[VHT160]",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_oper_chwidth": "2",
-              "vht_oper_centr_freq_seg0_idx": "114"}
-    try:
-        hapd = None
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=2)
-        if not ev:
-            cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-            reg = cmd.stdout.readlines()
-            for r in reg:
-                if "5490" in r and "DFS" in r:
-                    raise HwsimSkip("ZA regulatory rule did not have DFS requirement removed")
-            raise Exception("AP setup timed out")
-        wlantest_setup(hapd)
-        connect_2sta_open(dev, hapd, scan_freq="5520")
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        setup_tdls(dev[0], dev[1], hapd)
-        for i in range(10):
-            check_connectivity(dev[0], dev[1], hapd)
-        for i in range(2):
-            cmd = subprocess.Popen(['iw', dev[0].ifname, 'station', 'dump'],
-                                   stdout=subprocess.PIPE)
-            res = cmd.stdout.read()
-            cmd.stdout.close()
-            logger.info("Station dump on dev[%d]:\n%s" % (i, res.decode()))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        tdls_clear_reg(hapd, dev)
-
-def test_tdls_chan_switch(dev, apdev):
-    """Open AP and two stations using TDLS"""
-    flags = int(dev[0].get_driver_status_field('capa.flags'), 16)
-    if flags & 0x800000000 == 0:
-        raise HwsimSkip("Driver does not support TDLS channel switching")
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    wlantest_setup(hapd)
-    connect_2sta_open(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-    if "OK" not in dev[0].request("TDLS_CHAN_SWITCH " + dev[1].own_addr() + " 81 2462"):
-        raise Exception("Failed to enable TDLS channel switching")
-    if "OK" not in dev[0].request("TDLS_CANCEL_CHAN_SWITCH " + dev[1].own_addr()):
-        raise Exception("Could not disable TDLS channel switching")
-    if "FAIL" not in dev[0].request("TDLS_CANCEL_CHAN_SWITCH " + dev[1].own_addr()):
-        raise Exception("TDLS_CANCEL_CHAN_SWITCH accepted even though channel switching was already disabled")
-    if "FAIL" not in dev[0].request("TDLS_CHAN_SWITCH foo 81 2462"):
-        raise Exception("Invalid TDLS channel switching command accepted")
-
-def test_ap_tdls_link_status(dev, apdev):
-    """Check TDLS link status between two stations"""
-    hapd = start_ap_wpa2_psk(apdev[0])
-    wlantest_setup(hapd)
-    connect_2sta_wpa2_psk(dev, hapd)
-    check_tdls_link(dev[0], dev[1], connected=False)
-    setup_tdls(dev[0], dev[1], hapd)
-    check_tdls_link(dev[0], dev[1], connected=True)
-    teardown_tdls(dev[0], dev[1], hapd)
-    check_tdls_link(dev[0], dev[1], connected=False)
-    if "FAIL" not in dev[0].request("TDLS_LINK_STATUS foo"):
-        raise Exception("Unexpected TDLS_LINK_STATUS response for invalid argument")
-
-def test_ap_tdls_prohibit(dev, apdev):
-    """Open AP and TDLS prohibited"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open",
-                                     "tdls_prohibit": "1"})
-    connect_2sta_open(dev, hapd)
-    if "FAIL" not in dev[0].request("TDLS_SETUP " + dev[1].own_addr()):
-        raise Exception("TDLS_SETUP accepted unexpectedly")
-
-def test_ap_tdls_chan_switch_prohibit(dev, apdev):
-    """Open AP and TDLS channel switch prohibited"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open",
-                                     "tdls_prohibit_chan_switch": "1"})
-    wlantest_setup(hapd)
-    connect_2sta_open(dev, hapd)
-    setup_tdls(dev[0], dev[1], hapd)
-
-def test_ap_open_tdls_external_control(dev, apdev):
-    """TDLS and tdls_external_control"""
-    try:
-        _test_ap_open_tdls_external_control(dev, apdev)
-    finally:
-        dev[0].set("tdls_external_control", "0")
-
-def _test_ap_open_tdls_external_control(dev, apdev):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-
-    dev[0].set("tdls_external_control", "1")
-    if "FAIL" in dev[0].request("TDLS_SETUP " + addr1):
-        # tdls_external_control not supported; try without it
-        dev[0].set("tdls_external_control", "0")
-        if "FAIL" in dev[0].request("TDLS_SETUP " + addr1):
-            raise Exception("TDLS_SETUP failed")
-    connected = False
-    for i in range(50):
-        res0 = dev[0].request("TDLS_LINK_STATUS " + addr1)
-        res1 = dev[1].request("TDLS_LINK_STATUS " + addr0)
-        if "TDLS link status: connected" in res0 and "TDLS link status: connected" in res1:
-            connected = True
-            break
-        time.sleep(0.1)
-    if not connected:
-        raise Exception("TDLS setup did not complete")
-
-    dev[0].set("tdls_external_control", "1")
-    if "FAIL" in dev[0].request("TDLS_TEARDOWN " + addr1):
-        # tdls_external_control not supported; try without it
-        dev[0].set("tdls_external_control", "0")
-        if "FAIL" in dev[0].request("TDLS_TEARDOWN " + addr1):
-            raise Exception("TDLS_TEARDOWN failed")
-    for i in range(50):
-        res0 = dev[0].request("TDLS_LINK_STATUS " + addr1)
-        res1 = dev[1].request("TDLS_LINK_STATUS " + addr0)
-        if "TDLS link status: connected" not in res0 and "TDLS link status: connected" not in res1:
-            connected = False
-            break
-        time.sleep(0.1)
-    if connected:
-        raise Exception("TDLS teardown did not complete")
-
-def test_ap_sae_tdls(dev, apdev):
-    """SAE AP and two stations using TDLS"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    wlantest_setup(hapd)
-    connect_2sta(dev, "test-wpa2-psk", hapd, sae=True)
-    setup_tdls(dev[0], dev[1], hapd, sae=True)
-    teardown_tdls(dev[0], dev[1], hapd, sae=True)
-    setup_tdls(dev[1], dev[0], hapd, sae=True)
diff --git a/tests/hwsim/test_ap_track.py b/tests/hwsim/test_ap_track.py
deleted file mode 100644
index ba8f3eb252cd..000000000000
--- a/tests/hwsim/test_ap_track.py
+++ /dev/null
@@ -1,437 +0,0 @@
-# Test cases for hostapd tracking unconnected stations
-# Copyright (c) 2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import subprocess
-import time
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import parse_ie, disable_hapd, clear_regdom_dev
-
-def test_ap_track_sta(dev, apdev):
-    """Dualband AP tracking unconnected stations"""
-
-    try:
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "g",
-                  "channel": "6",
-                  "track_sta_max_num": "2"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "track_sta_max_num": "100",
-                  "track_sta_max_age": "1"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        _test_ap_track_sta(dev, hapd, apdev[0]['bssid'], hapd2,
-                           apdev[1]['bssid'])
-    finally:
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev, 3)
-
-def _test_ap_track_sta(dev, hapd, bssid, hapd2, bssid2):
-    for i in range(2):
-        dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-        dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
-        dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
-        dev[2].scan_for_bss(bssid2, freq=5200, force_scan=True)
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-
-    track = hapd.request("TRACK_STA_LIST")
-    if addr0 not in track or addr1 not in track:
-        raise Exception("Station missing from 2.4 GHz tracking")
-    if addr2 in track:
-        raise Exception("Unexpected station included in 2.4 GHz tracking")
-
-    track = hapd2.request("TRACK_STA_LIST")
-    if addr0 not in track or addr2 not in track:
-        raise Exception("Station missing from 5 GHz tracking")
-    if addr1 in track:
-        raise Exception("Unexpected station included in 5 GHz tracking")
-
-    # Test expiration
-    time.sleep(1.1)
-    track = hapd.request("TRACK_STA_LIST")
-    if addr0 not in track or addr1 not in track:
-        raise Exception("Station missing from 2.4 GHz tracking (expiration)")
-    track = hapd2.request("TRACK_STA_LIST")
-    if addr0 in track or addr2 in track:
-        raise Exception("Station not expired from 5 GHz tracking")
-
-    # Test maximum list length
-    dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-    dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
-    dev[2].scan_for_bss(bssid, freq=2437, force_scan=True)
-    track = hapd.request("TRACK_STA_LIST")
-    if len(track.splitlines()) != 2:
-        raise Exception("Unexpected number of entries: %d" % len(track.splitlines()))
-    if addr1 not in track or addr2 not in track:
-        raise Exception("Station missing from 2.4 GHz tracking (max limit)")
-
-def test_ap_track_sta_no_probe_resp(dev, apdev):
-    """Dualband AP not replying to probes from dualband STA on 2.4 GHz"""
-    try:
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "g",
-                  "channel": "6",
-                  "beacon_int": "10000",
-                  "no_probe_resp_if_seen_on": apdev[1]['ifname']}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "track_sta_max_num": "100"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        _test_ap_track_sta_no_probe_resp(dev, apdev[0]['bssid'],
-                                         apdev[1]['bssid'])
-    finally:
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev, 2)
-
-def _test_ap_track_sta_no_probe_resp(dev, bssid, bssid2):
-    dev[0].flush_scan_cache()
-
-    dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
-    dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
-    dev[0].scan(freq=2437, type="ONLY")
-    dev[0].scan(freq=2437, type="ONLY")
-
-    bss = dev[0].get_bss(bssid)
-    if bss:
-        ie = parse_ie(bss['ie'])
-        # Check whether this is from a Beacon frame (TIM element included) since
-        # it is possible that a Beacon frame was received during the active
-        # scan. This test should fail only if a Probe Response frame was
-        # received.
-        if 5 not in ie:
-            raise Exception("2.4 GHz AP found unexpectedly")
-
-def test_ap_track_sta_no_auth(dev, apdev):
-    """Dualband AP rejecting authentication from dualband STA on 2.4 GHz"""
-    try:
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "g",
-                  "channel": "6",
-                  "track_sta_max_num": "100",
-                  "no_auth_if_seen_on": apdev[1]['ifname']}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "track_sta_max_num": "100"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        _test_ap_track_sta_no_auth(dev, apdev[0]['bssid'], apdev[1]['bssid'])
-    finally:
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev, 2)
-
-def _test_ap_track_sta_no_auth(dev, bssid, bssid2):
-    dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-    dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
-    dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
-
-    dev[1].connect("track", key_mgmt="NONE", scan_freq="2437")
-
-    dev[0].connect("track", key_mgmt="NONE", scan_freq="2437",
-                   freq_list="2437", wait_connect=False)
-    dev[1].request("DISCONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-AUTH-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("Unknown connection result")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if "status_code=82" not in ev:
-        raise Exception("Unexpected rejection reason: " + ev)
-    if "ie=34" not in ev:
-        raise Exception("No Neighbor Report element: " + ev)
-    dev[0].request("DISCONNECT")
-
-def test_ap_track_sta_no_auth_passive(dev, apdev):
-    """AP rejecting authentication from dualband STA on 2.4 GHz (passive)"""
-    try:
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "g",
-                  "channel": "6",
-                  "no_auth_if_seen_on": apdev[1]['ifname']}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "interworking": "1",
-                  "venue_name": "eng:Venue",
-                  "track_sta_max_num": "100"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        _test_ap_track_sta_no_auth_passive(dev, apdev[0]['bssid'],
-                                           apdev[1]['bssid'])
-    finally:
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev)
-
-def _test_ap_track_sta_no_auth_passive(dev, bssid, bssid2):
-    dev[0].flush_scan_cache()
-
-    dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-    for i in range(10):
-        dev[0].request("SCAN freq=5200 passive=1")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=5)
-        if ev is None:
-            raise Exception("Scan did not complete")
-        if dev[0].get_bss(bssid2):
-            break
-        if i == 9:
-            raise Exception("AP not found with passive scans")
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid2 + " 258"):
-        raise Exception("ANQP_GET command failed")
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    dev[0].connect("track", key_mgmt="NONE", scan_freq="2437",
-                   freq_list="2437", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-AUTH-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("Unknown connection result")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if "status_code=82" not in ev:
-        raise Exception("Unexpected rejection reason: " + ev)
-    dev[0].request("DISCONNECT")
-
-def test_ap_track_sta_force_5ghz(dev, apdev):
-    """Dualband AP forcing dualband STA to connect on 5 GHz"""
-    try:
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "g",
-                  "channel": "6",
-                  "no_probe_resp_if_seen_on": apdev[1]['ifname'],
-                  "no_auth_if_seen_on": apdev[1]['ifname']}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "track_sta_max_num": "100"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        _test_ap_track_sta_force_5ghz(dev, apdev[0]['bssid'], apdev[1]['bssid'])
-    finally:
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev)
-
-def _test_ap_track_sta_force_5ghz(dev, bssid, bssid2):
-    dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-    dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
-
-    dev[0].connect("track", key_mgmt="NONE", scan_freq="2437 5200")
-    freq = dev[0].get_status_field('freq')
-    if freq != '5200':
-        raise Exception("Unexpected operating channel")
-    dev[0].request("DISCONNECT")
-
-def test_ap_track_sta_force_2ghz(dev, apdev):
-    """Dualband AP forcing dualband STA to connect on 2.4 GHz"""
-    try:
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "g",
-                  "channel": "6",
-                  "track_sta_max_num": "100"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "track",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "no_probe_resp_if_seen_on": apdev[0]['ifname'],
-                  "no_auth_if_seen_on": apdev[0]['ifname']}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        _test_ap_track_sta_force_2ghz(dev, apdev[0]['bssid'], apdev[1]['bssid'])
-    finally:
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev)
-
-def _test_ap_track_sta_force_2ghz(dev, bssid, bssid2):
-    dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
-    dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-
-    dev[0].connect("track", key_mgmt="NONE", scan_freq="2437 5200")
-    freq = dev[0].get_status_field('freq')
-    if freq != '2437':
-        raise Exception("Unexpected operating channel")
-    dev[0].request("DISCONNECT")
-
-def test_ap_track_taxonomy(dev, apdev):
-    """AP tracking STA taxonomy"""
-    try:
-        _test_ap_track_taxonomy(dev, apdev)
-    finally:
-        dev[1].request("SET p2p_disabled 0")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-
-def _test_ap_track_taxonomy(dev, apdev):
-    params = {"ssid": "track",
-              "country_code": "US",
-              "hw_mode": "g",
-              "channel": "6",
-              "track_sta_max_num": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
-    addr0 = dev[0].own_addr()
-    dev[0].connect("track", key_mgmt="NONE", scan_freq="2437")
-
-    dev[1].request("SET p2p_disabled 1")
-    dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
-    addr1 = dev[1].own_addr()
-    dev[1].connect("track", key_mgmt="NONE", scan_freq="2437")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("SET model_name track test")
-    wpas.scan_for_bss(bssid, freq=2437, force_scan=True)
-    addr = wpas.own_addr()
-    wpas.connect("track", key_mgmt="NONE", scan_freq="2437")
-
-    if "FAIL" not in hapd.request("SIGNATURE abc"):
-        raise Exception("SIGNATURE failure not reported (1)")
-    if "FAIL" not in hapd.request("SIGNATURE 22:33:44:55:66:77"):
-        raise Exception("SIGNATURE failure not reported (2)")
-
-    res = hapd.request("SIGNATURE " + addr0)
-    logger.info("sta0: " + res)
-    if not res.startswith("wifi4|probe:"):
-        raise Exception("Unexpected SIGNATURE prefix")
-    if "|assoc:" not in res:
-        raise Exception("Missing assoc info in SIGNATURE")
-    if "wps:track_test" in res:
-        raise Exception("Unexpected WPS model name")
-
-    res = hapd.request("SIGNATURE " + addr1)
-    logger.info("sta1: " + res)
-    if not res.startswith("wifi4|probe:"):
-        raise Exception("Unexpected SIGNATURE prefix")
-    if "|assoc:" not in res:
-        raise Exception("Missing assoc info in SIGNATURE")
-    if "wps:" in res:
-        raise Exception("Unexpected WPS info")
-    if ",221(0050f2,4)," in res:
-        raise Exception("Unexpected WPS IE info")
-    if ",221(506f9a,9)," in res:
-        raise Exception("Unexpected P2P IE info")
-
-    res = hapd.request("SIGNATURE " + addr)
-    logger.info("sta: " + res)
-    if not res.startswith("wifi4|probe:"):
-        raise Exception("Unexpected SIGNATURE prefix")
-    if "|assoc:" not in res:
-        raise Exception("Missing assoc info in SIGNATURE")
-    if "wps:track_test" not in res:
-        raise Exception("Missing WPS model name")
-    if ",221(0050f2,4)," not in res:
-        raise Exception("Missing WPS IE info")
-    if ",221(506f9a,9)," not in res:
-        raise Exception("Missing P2P IE info")
-
-    addr2 = dev[2].own_addr()
-    res = hapd.request("SIGNATURE " + addr2)
-    if "FAIL" not in res:
-        raise Exception("Unexpected SIGNATURE success for sta2 (1)")
-
-    for i in range(10):
-        dev[2].request("SCAN freq=2437 passive=1")
-        ev = dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-        if ev is None:
-            raise Exception("Scan did not complete")
-        if dev[2].get_bss(bssid):
-            break
-
-    res = hapd.request("SIGNATURE " + addr2)
-    if "FAIL" not in res:
-        raise Exception("Unexpected SIGNATURE success for sta2 (2)")
-
-    dev[2].connect("track", key_mgmt="NONE", scan_freq="2437")
-
-    res = hapd.request("SIGNATURE " + addr2)
-    if "FAIL" not in res and len(res) > 0:
-        raise Exception("Unexpected SIGNATURE success for sta2 (3)")
-
-    dev[2].scan_for_bss(bssid, freq=2437, force_scan=True)
-
-    res = hapd.request("SIGNATURE " + addr2)
-    logger.info("sta2: " + res)
-    if not res.startswith("wifi4|probe:"):
-        raise Exception("Unexpected SIGNATURE prefix")
-    if "|assoc:" not in res:
-        raise Exception("Missing assoc info in SIGNATURE")
-
-def test_ap_track_taxonomy_5g(dev, apdev):
-    """AP tracking STA taxonomy (5 GHz)"""
-    try:
-        _test_ap_track_taxonomy_5g(dev, apdev)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-
-def _test_ap_track_taxonomy_5g(dev, apdev):
-    params = {"ssid": "track",
-              "country_code": "US",
-              "hw_mode": "a",
-              "channel": "40",
-              "track_sta_max_num": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=5200, force_scan=True)
-    addr0 = dev[0].own_addr()
-    dev[0].connect("track", key_mgmt="NONE", scan_freq="5200")
-
-    res = hapd.request("SIGNATURE " + addr0)
-    logger.info("sta0: " + res)
-    if not res.startswith("wifi4|probe:"):
-        raise Exception("Unexpected SIGNATURE prefix")
-    if "|assoc:" not in res:
-        raise Exception("Missing assoc info in SIGNATURE")
-    if ",htcap:" not in res:
-        raise Exception("Missing HT info in SIGNATURE")
-    if ",vhtcap:" not in res:
-        raise Exception("Missing VHT info in SIGNATURE")
diff --git a/tests/hwsim/test_ap_vht.py b/tests/hwsim/test_ap_vht.py
deleted file mode 100644
index b47aaa2a43f7..000000000000
--- a/tests/hwsim/test_ap_vht.py
+++ /dev/null
@@ -1,1338 +0,0 @@
-# Test cases for VHT operations with hostapd
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-# Copyright (c) 2013, Intel Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os
-import subprocess, time
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from test_dfs import wait_dfs_event
-
-def test_ap_vht80(dev, apdev):
-    """VHT with 80 MHz channel width"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        est = dev[0].get_bss(bssid)['est_throughput']
-        if est != "390001":
-            raise Exception("Unexpected BSS est_throughput: " + est)
-        status = dev[0].get_status()
-        if status["ieee80211ac"] != "1":
-            raise Exception("Unexpected STATUS ieee80211ac value (STA)")
-        status = hapd.get_status()
-        logger.info("hostapd STATUS: " + str(status))
-        if status["ieee80211n"] != "1":
-            raise Exception("Unexpected STATUS ieee80211n value")
-        if status["ieee80211ac"] != "1":
-            raise Exception("Unexpected STATUS ieee80211ac value")
-        if status["secondary_channel"] != "1":
-            raise Exception("Unexpected STATUS secondary_channel value")
-        if status["vht_oper_chwidth"] != "1":
-            raise Exception("Unexpected STATUS vht_oper_chwidth value")
-        if status["vht_oper_centr_freq_seg0_idx"] != "42":
-            raise Exception("Unexpected STATUS vht_oper_centr_freq_seg0_idx value")
-        if "vht_caps_info" not in status:
-            raise Exception("Missing vht_caps_info")
-
-        sta = hapd.get_sta(dev[0].own_addr())
-        logger.info("hostapd STA: " + str(sta))
-        if "[HT]" not in sta['flags']:
-            raise Exception("Missing STA flag: HT")
-        if "[VHT]" not in sta['flags']:
-            raise Exception("Missing STA flag: VHT")
-        if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-            raise Exception("No Supported Operating Classes information for STA")
-        opclass = int(sta['supp_op_classes'][0:2], 16)
-        if opclass != 128:
-            raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_ap_vht_wifi_generation(dev, apdev):
-    """VHT and wifi_generation"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        status = dev[0].get_status()
-        if 'wifi_generation' not in status:
-            # For now, assume this is because of missing kernel support
-            raise HwsimSkip("Association Request IE reporting not supported")
-            #raise Exception("Missing wifi_generation information")
-        if status['wifi_generation'] != "5":
-            raise Exception("Unexpected wifi_generation value: " + status['wifi_generation'])
-
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-        wpas.connect("vht", key_mgmt="NONE", scan_freq="5180")
-        status = wpas.get_status()
-        if 'wifi_generation' not in status:
-            # For now, assume this is because of missing kernel support
-            raise HwsimSkip("Association Request IE reporting not supported")
-            #raise Exception("Missing wifi_generation information (connect)")
-        if status['wifi_generation'] != "5":
-            raise Exception("Unexpected wifi_generation value (connect): " + status['wifi_generation'])
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def vht80_test(apdev, dev, channel, ht_capab):
-    clear_scan_cache(apdev)
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": str(channel),
-                  "ht_capab": ht_capab,
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev, params)
-        bssid = apdev['bssid']
-
-        dev[0].connect("vht", key_mgmt="NONE",
-                       scan_freq=str(5000 + 5 * channel))
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht80b(dev, apdev):
-    """VHT with 80 MHz channel width (HT40- channel 40)"""
-    vht80_test(apdev[0], dev, 40, "[HT40-]")
-
-def test_ap_vht80c(dev, apdev):
-    """VHT with 80 MHz channel width (HT40+ channel 44)"""
-    vht80_test(apdev[0], dev, 44, "[HT40+]")
-
-def test_ap_vht80d(dev, apdev):
-    """VHT with 80 MHz channel width (HT40- channel 48)"""
-    vht80_test(apdev[0], dev, 48, "[HT40-]")
-
-def test_ap_vht80_params(dev, apdev):
-    """VHT with 80 MHz channel width and number of optional features enabled"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+][SHORT-GI-40][DSS_CCK-40]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_capab": "[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP0]",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "require_vht": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[1].connect("vht", key_mgmt="NONE", scan_freq="5180",
-                       disable_vht="1", wait_connect=False)
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        dev[2].connect("vht", key_mgmt="NONE", scan_freq="5180",
-                       disable_sgi="1")
-        ev = dev[1].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-        if ev is None:
-            raise Exception("Association rejection timed out")
-        if "status_code=104" not in ev:
-            raise Exception("Unexpected rejection status code")
-        dev[1].request("DISCONNECT")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sta0 = hapd.get_sta(dev[0].own_addr())
-        sta2 = hapd.get_sta(dev[2].own_addr())
-        capab0 = int(sta0['vht_caps_info'], base=16)
-        capab2 = int(sta2['vht_caps_info'], base=16)
-        if capab0 & 0x60 == 0:
-            raise Exception("dev[0] did not support SGI")
-        if capab2 & 0x60 != 0:
-            raise Exception("dev[2] claimed support for SGI")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev, count=3)
-
-def test_ap_vht80_invalid(dev, apdev):
-    """VHT with invalid 80 MHz channel configuration (seg1)"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "155",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This fails due to unexpected seg1 configuration
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("AP-DISABLED not reported")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht80_invalid2(dev, apdev):
-    """VHT with invalid 80 MHz channel configuration (seg0)"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "46",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This fails due to invalid seg0 configuration
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("AP-DISABLED not reported")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht_20(devs, apdevs):
-    """VHT and 20 MHz channel"""
-    dev = devs[0]
-    ap = apdevs[0]
-    try:
-        hapd = None
-        params = {"ssid": "test-vht20",
-                  "country_code": "DE",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ht_capab": "",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0",
-                  "supported_rates": "60 120 240 360 480 540",
-                  "require_vht": "1"}
-        hapd = hostapd.add_ap(ap, params)
-        dev.connect("test-vht20", scan_freq="5180", key_mgmt="NONE")
-        hwsim_utils.test_connectivity(dev, hapd)
-
-        sta = hapd.get_sta(dev.own_addr())
-        if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-            raise Exception("No Supported Operating Classes information for STA")
-        opclass = int(sta['supp_op_classes'][0:2], 16)
-        if opclass != 115:
-            raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-    finally:
-        dev.request("DISCONNECT")
-        clear_regdom(hapd, devs)
-
-def test_ap_vht_40(devs, apdevs):
-    """VHT and 40 MHz channel"""
-    dev = devs[0]
-    ap = apdevs[0]
-    try:
-        hapd = None
-        params = {"ssid": "test-vht40",
-                  "country_code": "DE",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0"}
-        hapd = hostapd.add_ap(ap, params)
-        dev.connect("test-vht40", scan_freq="5180", key_mgmt="NONE")
-        hwsim_utils.test_connectivity(dev, hapd)
-
-        sta = hapd.get_sta(dev.own_addr())
-        if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-            raise Exception("No Supported Operating Classes information for STA")
-        opclass = int(sta['supp_op_classes'][0:2], 16)
-        if opclass != 116:
-            raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-    finally:
-        dev.request("DISCONNECT")
-        clear_regdom(hapd, devs)
-
-def test_ap_vht_capab_not_supported(dev, apdev):
-    """VHT configuration with driver not supporting all vht_capab entries"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+][SHORT-GI-40][DSS_CCK-40]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_capab": "[MAX-MPDU-7991][MAX-MPDU-11454][VHT160][VHT160-80PLUS80][RXLDPC][SHORT-GI-80][SHORT-GI-160][TX-STBC-2BY1][RX-STBC-1][RX-STBC-12][RX-STBC-123][RX-STBC-1234][SU-BEAMFORMER][SU-BEAMFORMEE][BF-ANTENNA-2][BF-ANTENNA-3][BF-ANTENNA-4][SOUNDING-DIMENSION-2][SOUNDING-DIMENSION-3][SOUNDING-DIMENSION-4][MU-BEAMFORMER][VHT-TXOP-PS][HTC-VHT][MAX-A-MPDU-LEN-EXP0][MAX-A-MPDU-LEN-EXP7][VHT-LINK-ADAPT2][VHT-LINK-ADAPT3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN]",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "require_vht": "1"}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("Startup failure not reported")
-        for i in range(1, 7):
-            if "OK" not in hapd.request("SET vht_capab [MAX-A-MPDU-LEN-EXP%d]" % i):
-                raise Exception("Unexpected SET failure")
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht160(dev, apdev):
-    """VHT with 160 MHz channel width (1)"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "50",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        bssid = apdev[0]['bssid']
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event")
-
-        state = hapd.get_status_field("state")
-        if state != "DFS":
-            if state == "DISABLED" and not os.path.exists("dfs"):
-                # Not all systems have recent enough CRDA version and
-                # wireless-regdb changes to support 160 MHz and DFS. For now,
-                # do not report failures for this test case.
-                raise HwsimSkip("CRDA or wireless-regdb did not support 160 MHz")
-            raise Exception("Unexpected interface state: " + state)
-
-        logger.info("Waiting for CAC to complete")
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected DFS freq result")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-
-        est = dev[0].get_bss(bssid)['est_throughput']
-        if est != "780001":
-            raise Exception("Unexpected BSS est_throughput: " + est)
-
-        sta = hapd.get_sta(dev[0].own_addr())
-        if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-            raise Exception("No Supported Operating Classes information for STA")
-        opclass = int(sta['supp_op_classes'][0:2], 16)
-        if opclass != 129:
-            raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_ap_vht160b(dev, apdev):
-    """VHT with 160 MHz channel width (2)"""
-    try:
-        hapd = None
-
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "104",
-                  "ht_capab": "[HT40-]",
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[1], params, wait_enabled=False)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event(2)")
-
-        state = hapd.get_status_field("state")
-        if state != "DFS":
-            if state == "DISABLED" and not os.path.exists("dfs"):
-                # Not all systems have recent enough CRDA version and
-                # wireless-regdb changes to support 160 MHz and DFS. For now,
-                # do not report failures for this test case.
-                raise HwsimSkip("CRDA or wireless-regdb did not support 160 MHz")
-            raise Exception("Unexpected interface state: " + state)
-
-        logger.info("Waiting for CAC to complete")
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed(2)")
-        if "freq=5520" not in ev:
-            raise Exception("Unexpected DFS freq result(2)")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out(2)")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state(2)")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5520":
-            raise Exception("Unexpected frequency(2)")
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5520")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5520" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_ap_vht160_no_dfs_100_plus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (100 plus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "100", "[HT40+]")
-
-def test_ap_vht160_no_dfs(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (104 minus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "104", "[HT40-]")
-
-def test_ap_vht160_no_dfs_108_plus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (108 plus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "108", "[HT40+]")
-
-def test_ap_vht160_no_dfs_112_minus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (112 minus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "112", "[HT40-]")
-
-def test_ap_vht160_no_dfs_116_plus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (116 plus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "116", "[HT40+]")
-
-def test_ap_vht160_no_dfs_120_minus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (120 minus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "120", "[HT40-]")
-
-def test_ap_vht160_no_dfs_124_plus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (124 plus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "124", "[HT40+]")
-
-def test_ap_vht160_no_dfs_128_minus(dev, apdev):
-    """VHT with 160 MHz channel width and no DFS (128 minus)"""
-    run_ap_vht160_no_dfs(dev, apdev, "128", "[HT40-]")
-
-def run_ap_vht160_no_dfs(dev, apdev, channel, ht_capab):
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "ZA",
-                  "hw_mode": "a",
-                  "channel": channel,
-                  "ht_capab": ht_capab,
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=2)
-        if not ev:
-            cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-            reg = cmd.stdout.readlines()
-            for r in reg:
-                if b"5490" in r and b"DFS" in r:
-                    raise HwsimSkip("ZA regulatory rule did not have DFS requirement removed")
-            raise Exception("AP setup timed out")
-
-        freq = str(int(channel) * 5 + 5000)
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=" + freq not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht160_no_ht40(dev, apdev):
-    """VHT with 160 MHz channel width and HT40 disabled"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "ZA",
-                  "hw_mode": "a",
-                  "channel": "108",
-                  "ht_capab": "",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=2)
-        if not ev:
-            cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-            reg = cmd.stdout.readlines()
-            for r in reg:
-                if "5490" in r and "DFS" in r:
-                    raise HwsimSkip("ZA regulatory rule did not have DFS requirement removed")
-            raise Exception("AP setup timed out")
-        if "AP-ENABLED" in ev:
-            # This was supposed to fail due to sec_channel_offset == 0
-            raise Exception("Unexpected AP-ENABLED")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht80plus80(dev, apdev):
-    """VHT with 80+80 MHz channel width"""
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "52",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "[VHT160-80PLUS80]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "58",
-                  "vht_oper_centr_freq_seg1_idx": "155",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This will actually fail since DFS on 80+80 is not yet supported
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        # ignore result to avoid breaking the test once 80+80 DFS gets enabled
-
-        params = {"ssid": "vht2",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "[VHT160-80PLUS80]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "155"}
-        hapd2 = hostapd.add_ap(apdev[1], params, wait_enabled=False)
-
-        ev = hapd2.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out(2)")
-        if "AP-DISABLED" in ev:
-            # Assume this failed due to missing regulatory update for now
-            raise HwsimSkip("80+80 MHz channel not supported in regulatory information")
-
-        state = hapd2.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state(2)")
-
-        dev[1].connect("vht2", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[1], hapd2)
-        sig = dev[1].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        if "CENTER_FRQ1=5210" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-        if "CENTER_FRQ2=5775" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-
-        sta = hapd2.get_sta(dev[1].own_addr())
-        if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
-            raise Exception("No Supported Operating Classes information for STA")
-        opclass = int(sta['supp_op_classes'][0:2], 16)
-        if opclass != 130:
-            raise Exception("Unexpected Current Operating Class from STA: %d" % opclass)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_ap_vht80plus80_invalid(dev, apdev):
-    """VHT with invalid 80+80 MHz channel"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "0",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This fails due to missing(invalid) seg1 configuration
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("AP-DISABLED not reported")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht80_csa(dev, apdev):
-    """VHT with 80 MHz channel width and CSA"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "155"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5745")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5180 ht vht blocktx center_freq1=5210 sec_channel_offset=1 bandwidth=80")
-        ev = hapd.wait_event(["CTRL-EVENT-STARTED-CHANNEL-SWITCH"], timeout=10)
-        if ev is None:
-            raise Exception("Channel switch start event not seen")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CS started")
-        ev = hapd.wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=10)
-        if ev is None:
-            raise Exception("Channel switch completion event not seen")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CS completed")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        time.sleep(0.5)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5745")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5745" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        time.sleep(0.5)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        # This CSA to same channel will fail in kernel, so use this only for
-        # extra code coverage.
-        hapd.request("CHAN_SWITCH 5 5745")
-        hapd.wait_event(["AP-CSA-FINISHED"], timeout=1)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_ap_vht_csa_vht80p80(dev, apdev):
-    """VHT CSA with VHT80+80 getting enabled"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "0"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5745")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        #if "OK" not in hapd.request("CHAN_SWITCH 5 5765 sec_channel_offset=-1 center_freq1=5775 center_freq2=5210 bandwidth=80 vht"):
-        if "OK" not in hapd.request("CHAN_SWITCH 5 5180 sec_channel_offset=1 center_freq1=5210 center_freq2=5775 bandwidth=80 vht"):
-            raise Exception("CHAN_SWITCH command failed")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=5)
-        if ev is None:
-            raise Exception("Channel switch event not seen")
-        if "freq=5180" not in ev:
-            raise Exception("Channel mismatch: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected disconnection event from station")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        dev[1].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[1], hapd)
-
-        if dev[1].get_status_field("ieee80211ac") != '1':
-            raise Exception("VHT not enabled as part of channel switch")
-        sig = dev[1].request("SIGNAL_POLL").splitlines()
-        logger.info("SIGNAL_POLL(1): " + str(sig))
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Correct FREQUENCY missing from SIGNAL_POLL")
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Correct WIDTH missing from SIGNAL_POLL")
-        if "CENTER_FRQ1=5210" not in sig:
-            raise Exception("Correct CENTER_FRQ1 missing from SIGNAL_POLL")
-        if "CENTER_FRQ2=5775" not in sig:
-            raise Exception("Correct CENTER_FRQ1 missing from SIGNAL_POLL")
-
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        logger.info("SIGNAL_POLL(0): " + str(sig))
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_ap_vht_csa_vht40(dev, apdev):
-    """VHT CSA with VHT40 getting enabled"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "0"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5745")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5765 sec_channel_offset=-1 center_freq1=5755 bandwidth=40 vht")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5765" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=5)
-        if ev is None:
-            raise Exception("Channel switch event not seen")
-        if "freq=5765" not in ev:
-            raise Exception("Channel mismatch: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected disconnection event from station")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        dev[1].connect("vht", key_mgmt="NONE", scan_freq="5765")
-        hwsim_utils.test_connectivity(dev[1], hapd)
-
-        if dev[1].get_status_field("ieee80211ac") != '1':
-            raise Exception("VHT not enabled as part of channel switch")
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_ap_vht_csa_vht20(dev, apdev):
-    """VHT CSA with VHT20 getting enabled"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "0"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5745")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5200 center_freq1=5200 bandwidth=20 vht")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5200" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        time.sleep(0.5)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        dev[1].connect("vht", key_mgmt="NONE", scan_freq="5200")
-        hwsim_utils.test_connectivity(dev[1], hapd)
-
-        if dev[1].get_status_field("ieee80211ac") != '1':
-            raise Exception("VHT not enabled as part of channel switch")
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_ap_vht_csa_vht40_disable(dev, apdev):
-    """VHT CSA with VHT40 getting disabled"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5200 5745")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5200 center_freq1=5210 sec_channel_offset=1 bandwidth=40 ht")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5200" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        ev = dev[0].wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=5)
-        if ev is None:
-            raise Exception("Channel switch event not seen")
-        if "freq=5200" not in ev:
-            raise Exception("Channel mismatch: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-        if ev:
-            # mac80211 does not support CSA to disable VHT, so the channel
-            # switch will be followed by disconnection and attempt to reconnect.
-            # Wait for that here to avoid failing the test case based on how
-            # example the connectivity test would get timed compared to getting
-            # disconnected or reconnected.
-            dev[0].wait_connected()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        dev[1].connect("vht", key_mgmt="NONE", scan_freq="5200")
-        hwsim_utils.test_connectivity(dev[1], hapd)
-
-        if dev[1].get_status_field("ieee80211ac") == '1':
-            raise Exception("VHT not disabled as part of channel switch")
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_ap_vht_on_24ghz(dev, apdev):
-    """Subset of VHT features on 2.4 GHz"""
-    hapd = None
-    params = {"ssid": "test-vht-2g",
-              "hw_mode": "g",
-              "channel": "1",
-              "ieee80211n": "1",
-              "vendor_vht": "1",
-              "vht_capab": "[MAX-MPDU-11454]",
-              "vht_oper_chwidth": "0",
-              "vht_oper_centr_freq_seg0_idx": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 dd1300904c0400bf0c3240820feaff0000eaff0000"):
-            raise Exception("Failed to add vendor element")
-        dev[0].connect("test-vht-2g", scan_freq="2412", key_mgmt="NONE")
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sta = hapd.get_sta(dev[0].own_addr())
-        if '[VENDOR_VHT]' not in sta['flags']:
-            raise Exception("No VENDOR_VHT STA flag")
-
-        dev[1].connect("test-vht-2g", scan_freq="2412", key_mgmt="NONE")
-        hapd.wait_sta()
-        sta = hapd.get_sta(dev[1].own_addr())
-        if '[VENDOR_VHT]' in sta['flags']:
-            raise Exception("Unexpected VENDOR_VHT STA flag")
-
-        status = dev[0].get_status()
-        if 'wifi_generation' in status:
-            if status['wifi_generation'] != "4":
-                raise Exception("Unexpected wifi_generation value: " + status['wifi_generation'])
-
-        status = dev[1].get_status()
-        if 'wifi_generation' in status:
-            if status['wifi_generation'] != "4":
-                raise Exception("Unexpected wifi_generation value(2): " + status['wifi_generation'])
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def test_ap_vht_on_24ghz_2(dev, apdev):
-    """Subset of VHT features on 2.4 GHz (2)"""
-    hapd = None
-    params = {"ssid": "test-vht-2g",
-              "hw_mode": "g",
-              "channel": "1",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vendor_vht": "1",
-              "vht_capab": "[MAX-MPDU-11454]",
-              "vht_oper_chwidth": "0",
-              "vht_oper_centr_freq_seg0_idx": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 bf0cfa048003aaaa0000aaaa0000dd1300904c0400bf0c3240820feaff0000eaff0000"):
-            raise Exception("Failed to add vendor element")
-        dev[0].connect("test-vht-2g", scan_freq="2412", key_mgmt="NONE")
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sta = hapd.get_sta(dev[0].own_addr())
-        if '[VHT]' not in sta['flags']:
-            raise Exception("No VHT STA flag")
-
-        dev[1].connect("test-vht-2g", scan_freq="2412", key_mgmt="NONE")
-        hapd.wait_sta()
-        sta = hapd.get_sta(dev[1].own_addr())
-        if '[VENDOR_VHT]' in sta['flags']:
-            raise Exception("Unexpected VENDOR_VHT STA flag")
-        if '[VHT]' in sta['flags']:
-            raise Exception("Unexpected VHT STA flag")
-
-        status = dev[0].get_status()
-        if 'wifi_generation' in status:
-            if status['wifi_generation'] != "4":
-                raise Exception("Unexpected wifi_generation value: " + status['wifi_generation'])
-
-        status = dev[1].get_status()
-        if 'wifi_generation' in status:
-            if status['wifi_generation'] != "4":
-                raise Exception("Unexpected wifi_generation value(2): " + status['wifi_generation'])
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def test_prefer_vht40(dev, apdev):
-    """Preference on VHT40 over HT40"""
-    try:
-        hapd = None
-        hapd2 = None
-
-        params = {"ssid": "test",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ht_capab": "[HT40+]"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        params = {"ssid": "test",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-        bssid2 = apdev[1]['bssid']
-
-        dev[0].scan_for_bss(bssid, freq=5180)
-        dev[0].scan_for_bss(bssid2, freq=5180)
-        dev[0].connect("test", scan_freq="5180", key_mgmt="NONE")
-        if dev[0].get_status_field('bssid') != bssid2:
-            raise Exception("Unexpected BSS selected")
-
-        est = dev[0].get_bss(bssid)['est_throughput']
-        if est != "135000":
-            raise Exception("Unexpected BSS0 est_throughput: " + est)
-
-        est = dev[0].get_bss(bssid2)['est_throughput']
-        if est != "180001":
-            raise Exception("Unexpected BSS1 est_throughput: " + est)
-    finally:
-        dev[0].request("DISCONNECT")
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev)
-
-def test_ap_vht80_pwr_constraint(dev, apdev):
-    """VHT with 80 MHz channel width and local power constraint"""
-    hapd = None
-    try:
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211d": "1",
-                  "local_pwr_constraint": "3",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        dev[0].wait_regdom(country_ie=True)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_ap_vht_use_sta_nsts(dev, apdev):
-    """VHT with 80 MHz channel width and use_sta_nsts=1"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "use_sta_nsts": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_ap_vht_tkip(dev, apdev):
-    """VHT and TKIP"""
-    skip_without_tkip(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "wpa": "1",
-                  "wpa_key_mgmt": "WPA-PSK",
-                  "wpa_pairwise": "TKIP",
-                  "wpa_passphrase": "12345678",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("vht", psk="12345678", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=20 MHz (no HT)" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        status = hapd.get_status()
-        logger.info("hostapd STATUS: " + str(status))
-        if status["ieee80211n"] != "0":
-            raise Exception("Unexpected STATUS ieee80211n value")
-        if status["ieee80211ac"] != "0":
-            raise Exception("Unexpected STATUS ieee80211ac value")
-        if status["secondary_channel"] != "0":
-            raise Exception("Unexpected STATUS secondary_channel value")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_ap_vht_40_fallback_to_20(devs, apdevs):
-    """VHT and 40 MHz channel configuration falling back to 20 MHz"""
-    dev = devs[0]
-    ap = apdevs[0]
-    try:
-        hapd = None
-        params = {"ssid": "test-vht40",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "basic_rates": "60 120 240",
-                  "channel": "161",
-                  "ieee80211d": "1",
-                  "ieee80211h": "1",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ht_capab": "[HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]",
-                  "vht_capab": "[RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC1][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7]",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "155"}
-        hapd = hostapd.add_ap(ap, params)
-        dev.connect("test-vht40", scan_freq="5805", key_mgmt="NONE")
-        dev.wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev, hapd)
-    finally:
-        clear_regdom(hapd, devs)
-
-def test_ap_vht80_to_24g_ht(dev, apdev):
-    """VHT with 80 MHz channel width reconfigured to 2.4 GHz HT"""
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_capab": "[MAX-MPDU-11454]",
-                  "vht_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        hapd.disable()
-        hapd.set("ieee80211ac", "0")
-        hapd.set("hw_mode", "g")
-        hapd.set("channel", "1")
-        hapd.set("ht_capab", "")
-        hapd.set("vht_capab", "")
-        hapd.enable()
-
-        dev[0].connect("vht", key_mgmt="NONE", scan_freq="2412")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_ap_vht_csa_invalid(dev, apdev):
-    """VHT CSA with invalid parameters"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "vht",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "0"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        tests = ["5 5765 center_freq1=5180",
-                 "5 5765 bandwidth=40",
-                 "5 5765 bandwidth=40 center_freq2=5180",
-                 "5 5765 bandwidth=40 sec_channel_offset=1 center_freq1=5180",
-                 "5 5765 bandwidth=40 sec_channel_offset=-1 center_freq1=5180",
-                 "5 5765 bandwidth=40 sec_channel_offset=2 center_freq1=5180",
-                 "5 5765 bandwidth=80",
-                 "5 5765 bandwidth=80 sec_channel_offset=-1",
-                 "5 5765 bandwidth=80 center_freq1=5755",
-                 "5 5765 bandwidth=80 sec_channel_offset=1 center_freq1=5180",
-                 "5 5765 bandwidth=80 sec_channel_offset=-1 center_freq1=5180",
-                 "5 5765 bandwidth=80 sec_channel_offset=2 center_freq1=5180",
-                 "5 5765 bandwidth=80 sec_channel_offset=-1 center_freq1=5775 center_freq2=5775",
-                 "5 5765 bandwidth=160",
-                 "5 5765 bandwidth=160 center_freq1=5755",
-                 "5 5765 bandwidth=160 center_freq1=5755 center_freq2=5755",
-                 "5 5765 bandwidth=160 center_freq1=5755 center_freq2=5755 sec_channel_offset=-1",
-                 "5 5765 bandwidth=160 center_freq1=5754 sec_channel_offset=1",
-                 "5 5765 bandwidth=160 center_freq1=5755 sec_channel_offset=2",
-                 "5 5765 sec_channel_offset=-1"]
-        for t in tests:
-            if "FAIL" not in hapd.request("CHAN_SWITCH " + t):
-                raise Exception("Invalid CHAN_SWITCH accepted: " + t)
-
-        hapd.request("CHAN_SWITCH 5 5765 bandwidth=160 center_freq1=5755 sec_channel_offset=1")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on AP-CSA-FINISHED")
-
-        hapd.request("CHAN_SWITCH 5 5765 bandwidth=160 center_freq1=5775 sec_channel_offset=-1")
-        time.sleep(1)
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
diff --git a/tests/hwsim/test_ap_vlan.py b/tests/hwsim/test_ap_vlan.py
deleted file mode 100644
index e4bfd68693b2..000000000000
--- a/tests/hwsim/test_ap_vlan.py
+++ /dev/null
@@ -1,807 +0,0 @@
-#!/usr/bin/python
-#
-# Test cases for AP VLAN
-# Copyright (c) 2013-2016, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import subprocess
-import logging
-logger = logging.getLogger(__name__)
-
-try:
-    import netifaces
-    netifaces_imported = True
-except ImportError:
-    netifaces_imported = False
-
-import hwsim_utils
-import hostapd
-from utils import iface_is_in_bridge, HwsimSkip, alloc_fail
-import os
-from tshark import run_tshark
-
-def test_ap_vlan_open(dev, apdev):
-    """AP VLAN with open network"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = {"ssid": "test-vlan-open",
-              "dynamic_vlan": "1",
-              "accept_mac_file": filename}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_vlan_file_open(dev, apdev):
-    """AP VLAN with open network and vlan_file mapping"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = {"ssid": "test-vlan-open",
-              "dynamic_vlan": "1",
-              "vlan_file": "hostapd.vlan",
-              "accept_mac_file": filename}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_vlan_file_open2(dev, apdev):
-    """AP VLAN with open network and vlan_file mapping (2)"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept2')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = {"ssid": "test-vlan-open",
-              "dynamic_vlan": "1",
-              "vlan_file": "hostapd.vlan2",
-              "accept_mac_file": filename}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity_iface(dev[2], hapd, "hwsimbr3")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_vlan_file_parsing(dev, apdev, params):
-    """hostapd vlan_file/mac_file parsing"""
-    tmp = os.path.join(params['logdir'], 'ap_vlan_file_parsing.tmp')
-    params = {"ssid": "test-vlan-open", "dynamic_vlan": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = ["#\n\n0\t11\n",
-             "1  netdev  br\n1",
-             "* ",
-             "1 netdev12345678901234567890"]
-    for t in tests:
-        with open(tmp, "w") as f:
-            f.write(t)
-        if "FAIL" not in hapd.request("SET vlan_file " + tmp):
-            raise Exception("Invalid vlan_file accepted")
-
-    with open(tmp, "w") as f:
-        f.write("1\tvlan\n")
-    with alloc_fail(hapd, 1, "=hostapd_config_read_vlan_file"):
-        if "FAIL" not in hapd.request("SET vlan_file " + tmp):
-            raise Exception("vlan_file accepted during OOM")
-
-    tests = ["#\n\n0\tvlan\n",
-             "4095\tvlan\n",
-             "vlan\n",
-             "1\t1234567890abcdef1234567890\n",
-             "1\n"]
-    for t in tests:
-        with open(tmp, "w") as f:
-            f.write(t)
-        if "FAIL" not in hapd.request("SET accept_mac_file " + tmp):
-            raise Exception("Invalid accept_mac_file accepted")
-
-    with open(tmp, "w") as f:
-        f.write("00:11:22:33:44:55\n")
-    with alloc_fail(hapd, 1, "hostapd_config_read_maclist"):
-        if "FAIL" not in hapd.request("SET accept_mac_file " + tmp):
-            raise Exception("accept_mac_file accepted during OOM")
-
-def test_ap_vlan_wpa2(dev, apdev):
-    """AP VLAN with WPA2-PSK"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = hostapd.wpa2_params(ssid="test-vlan",
-                                 passphrase="12345678")
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
-    dev[1].connect("test-vlan", psk="12345678", scan_freq="2412")
-    dev[2].connect("test-vlan", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_vlan_wpa2_radius(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and RADIUS attributes"""
-    params = hostapd.wpa2_eap_params(ssid="test-vlan")
-    params['dynamic_vlan'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="vlan1",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[1].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="vlan2",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-
-def test_ap_vlan_wpa2_radius_2(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and RADIUS EGRESS_VLANID attributes"""
-    params = hostapd.wpa2_eap_params(ssid="test-vlan")
-    params['dynamic_vlan'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="vlan1b",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-
-def test_ap_vlan_wpa2_radius_local(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and local file setting VLAN IDs"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = hostapd.wpa2_eap_params(ssid="test-vlan")
-    params['dynamic_vlan'] = "0"
-    params['vlan_file'] = "hostapd.vlan"
-    params['vlan_bridge'] = "test_br_vlan"
-    params['accept_mac_file'] = filename
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[1].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "test_br_vlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "test_br_vlan2")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_vlan_wpa2_radius_id_change(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID"""
-    generic_ap_vlan_wpa2_radius_id_change(dev, apdev, False)
-
-def test_ap_vlan_tagged_wpa2_radius_id_change(dev, apdev):
-    """AP tagged VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID"""
-    ifname1 = 'wlan0.1'
-    ifname2 = 'wlan0.2'
-    try:
-        # Create tagged interface for wpa_supplicant
-        subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
-                         'name', ifname1, 'type', 'vlan', 'id', '1'])
-        subprocess.call(['ifconfig', ifname1, 'up'])
-
-        subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
-                         'name', ifname2, 'type', 'vlan', 'id', '2'])
-        subprocess.call(['ifconfig', ifname2, 'up'])
-
-        generic_ap_vlan_wpa2_radius_id_change(dev, apdev, True)
-    finally:
-        subprocess.call(['ifconfig', ifname1, 'down'])
-        subprocess.call(['ifconfig', ifname2, 'down'])
-        subprocess.call(['ip', 'link', 'del', ifname1])
-        subprocess.call(['ip', 'link', 'del', ifname2])
-
-def generic_ap_vlan_wpa2_radius_id_change(dev, apdev, tagged):
-    as_params = {"ssid": "as",
-                 "beacon_int": "2000",
-                 "radius_server_clients": "auth_serv/radius_clients.conf",
-                 "radius_server_auth_port": '18128',
-                 "eap_server": "1",
-                 "eap_user_file": "auth_serv/eap_user.conf",
-                 "ca_cert": "auth_serv/ca.pem",
-                 "server_cert": "auth_serv/server.pem",
-                 "private_key": "auth_serv/server.key"}
-    authserv = hostapd.add_ap(apdev[1], as_params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-vlan")
-    params['dynamic_vlan'] = "1"
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    identity = "vlan1tagged" if tagged else "vlan1"
-
-    dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity=identity,
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    if tagged:
-        hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.1",
-                                          ifname2="brvlan1")
-    else:
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-
-    logger.info("VLAN-ID -> 2")
-
-    authserv.disable()
-    authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf")
-    authserv.enable()
-
-    dev[0].dump_monitor()
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("EAP reauthentication timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
-    if ev is None:
-        raise Exception("4-way handshake after reauthentication timed out")
-    state = dev[0].get_status_field('wpa_state')
-    if state != "COMPLETED":
-        raise Exception("Unexpected state after reauth: " + state)
-    sta = hapd.get_sta(dev[0].own_addr())
-    if 'vlan_id' not in sta:
-        raise Exception("No VLAN ID in STA info")
-    if (not tagged) and (sta['vlan_id'] != '2'):
-        raise Exception("Unexpected VLAN ID: " + sta['vlan_id'])
-    if tagged:
-        hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.2",
-                                          ifname2="brvlan2")
-    else:
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
-
-    logger.info("VLAN-ID -> 1")
-    time.sleep(1)
-
-    authserv.disable()
-    authserv.set('eap_user_file', "auth_serv/eap_user.conf")
-    authserv.enable()
-
-    dev[0].dump_monitor()
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("EAP reauthentication timed out")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
-    if ev is None:
-        raise Exception("4-way handshake after reauthentication timed out")
-    state = dev[0].get_status_field('wpa_state')
-    if state != "COMPLETED":
-        raise Exception("Unexpected state after reauth: " + state)
-    sta = hapd.get_sta(dev[0].own_addr())
-    if 'vlan_id' not in sta:
-        raise Exception("No VLAN ID in STA info")
-    if (not tagged) and (sta['vlan_id'] != '1'):
-        raise Exception("Unexpected VLAN ID: " + sta['vlan_id'])
-    time.sleep(0.2)
-    try:
-        if tagged:
-            hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
-                                              ifname1="wlan0.1",
-                                              ifname2="brvlan1")
-        else:
-            hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    except Exception as e:
-        # It is possible for new bridge setup to not be ready immediately, so
-        # try again to avoid reporting issues related to that.
-        logger.info("First VLAN-ID 1 data test failed - try again")
-        if tagged:
-            hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
-                                              ifname1="wlan0.1",
-                                              ifname2="brvlan1")
-        else:
-            hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-
-def test_ap_vlan_wpa2_radius_required(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and RADIUS attributes required"""
-    params = hostapd.wpa2_eap_params(ssid="test-vlan")
-    params['dynamic_vlan'] = "2"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="vlan1",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                   identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Timeout on connection attempt")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected success without tunnel parameters")
-
-def test_ap_vlan_tagged(dev, apdev):
-    """AP VLAN with tagged interface"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = {"ssid": "test-vlan-open",
-              "dynamic_vlan": "1",
-              "vlan_tagged_interface": "lo",
-              "accept_mac_file": filename}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brlo.1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brlo.2")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def ap_vlan_iface_cleanup_multibss_cleanup():
-    subprocess.call(['ifconfig', 'stub0', 'down'],
-                    stderr=open('/dev/null', 'w'))
-    ifnames = ['wlan3.1', 'wlan3.2', 'wlan3-2.1', 'wlan3-2.2', 'stub0.2',
-               'stub0.1', 'stub0', 'brvlan1', 'brvlan2']
-    for ifname in ifnames:
-        subprocess.call(['ip', 'link', 'del', ifname],
-                        stderr=open('/dev/null', 'w'))
-
-def ap_vlan_iface_test_and_prepare_environ():
-    ifaces = netifaces.interfaces()
-    if "stub0" in ifaces:
-        raise Exception("stub0 already exists before")
-    ifaces = netifaces.interfaces()
-    if "stub0.1" in ifaces:
-        raise Exception("stub0.1 already exists before")
-
-    subprocess.call(['ip', 'link', 'add', 'stub0', 'type', 'dummy'])
-    subprocess.call(['ifconfig', 'stub0', 'up'])
-
-    ifaces = netifaces.interfaces()
-    if "stub0" not in ifaces:
-        raise HwsimSkip("failed to add stub0 - missing kernel config DUMMY ?")
-
-    subprocess.call(['ip', 'link', 'add', 'link', 'stub0', 'name', 'stub0.1',
-                     'type', 'vlan', 'id', '1'])
-
-    ifaces = netifaces.interfaces()
-    if "stub0.1" not in ifaces:
-        raise HwsimSkip("failed to add stub0.1 - missing kernel config VLAN_8021Q ?")
-
-    subprocess.call(['ip', 'link', 'del', 'stub0.1'])
-
-    ifaces = netifaces.interfaces()
-    if "stub0.1" in ifaces:
-        raise Exception("stub0.1 was not removed before testing")
-
-def test_ap_vlan_iface_cleanup_multibss(dev, apdev):
-    """AP VLAN operation in multi-BSS multi-VLAN case"""
-    ap_vlan_iface_cleanup_multibss(dev, apdev, 'multi-bss-iface.conf')
-
-def ap_vlan_iface_cleanup_multibss(dev, apdev, cfgfile):
-    # AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID
-    # check that multiple bss do not interfere with each other with respect
-    # to deletion of bridge and tagged interface.
-
-    if not netifaces_imported:
-        raise HwsimSkip("python module netifaces not available")
-
-    try:
-        ap_vlan_iface_cleanup_multibss_cleanup()
-        ap_vlan_iface_test_and_prepare_environ()
-
-        as_params = {"ssid": "as",
-                     "beacon_int": "2000",
-                     "radius_server_clients": "auth_serv/radius_clients.conf",
-                     "radius_server_auth_port": '18128',
-                     "eap_server": "1",
-                     "eap_user_file": "auth_serv/eap_user.conf",
-                     "ca_cert": "auth_serv/ca.pem",
-                     "server_cert": "auth_serv/server.pem",
-                     "private_key": "auth_serv/server.key",
-                     "vlan_naming": "1"}
-        authserv = hostapd.add_ap(apdev[1], as_params)
-
-        # start the actual test
-        hapd = hostapd.add_iface(apdev[0], cfgfile)
-        hapd1 = hostapd.Hostapd("wlan3-2", 1)
-        hapd1.enable()
-
-        ifaces = netifaces.interfaces()
-        if "brvlan1" in ifaces:
-            raise Exception("bridge brvlan1 already exists before")
-        if "brvlan2" in ifaces:
-            raise Exception("bridge brvlan2 already exists before")
-
-        dev[0].connect("bss-1", key_mgmt="WPA-EAP", eap="PAX",
-                       identity="vlan1",
-                       password_hex="0123456789abcdef0123456789abcdef",
-                       scan_freq="2412")
-        hapd.wait_sta()
-
-        ifaces = netifaces.interfaces()
-        if "brvlan1" not in ifaces:
-            raise Exception("bridge brvlan1 was not created")
-
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-        if not iface_is_in_bridge("brvlan1", "stub0.1"):
-            raise Exception("stub0.1 not in brvlan1")
-
-        dev[1].connect("bss-2", key_mgmt="WPA-EAP", eap="PAX",
-                       identity="vlan1",
-                       password_hex="0123456789abcdef0123456789abcdef",
-                       scan_freq="2412")
-
-        hapd1.wait_sta()
-        hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1")
-        if not iface_is_in_bridge("brvlan1", "stub0.1"):
-            raise Exception("stub0.1 not in brvlan1")
-
-        authserv.disable()
-        authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf")
-        authserv.enable()
-
-        logger.info("wlan0 -> VLAN 2")
-
-        dev[0].dump_monitor()
-        dev[0].request("REAUTHENTICATE")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP reauthentication timed out")
-        ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
-        if ev is None:
-            raise Exception("4-way handshake after reauthentication timed out")
-        state = dev[0].get_status_field('wpa_state')
-        if state != "COMPLETED":
-            raise Exception("Unexpected state after reauth: " + state)
-
-        ifaces = netifaces.interfaces()
-        if "brvlan1" not in ifaces:
-            raise Exception("bridge brvlan1 has been removed too early")
-
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2",
-                                            max_tries=5)
-
-        if not iface_is_in_bridge("brvlan2", "stub0.2"):
-            raise Exception("stub0.2 not in brvlan2")
-
-        logger.info("test wlan1 == VLAN 1")
-        hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1")
-        if not iface_is_in_bridge("brvlan1", "stub0.1"):
-            raise Exception("stub0.1 not in brvlan1")
-
-        logger.info("wlan1 -> VLAN 2")
-
-        dev[1].dump_monitor()
-        dev[1].request("REAUTHENTICATE")
-        ev = dev[1].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP reauthentication timed out")
-        ev = dev[1].wait_event(["WPA: Key negotiation completed"], timeout=5)
-        if ev is None:
-            raise Exception("4-way handshake after reauthentication timed out")
-        state = dev[1].get_status_field('wpa_state')
-        if state != "COMPLETED":
-            raise Exception("Unexpected state after reauth: " + state)
-
-        # it can take some time for data connectivity to be updated
-        hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan2",
-                                            max_tries=5)
-        logger.info("test wlan0 == VLAN 2")
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
-
-        if not iface_is_in_bridge("brvlan2", "stub0.2"):
-            raise Exception("stub0.2 not in brvlan2")
-
-        ifaces = netifaces.interfaces()
-        if "brvlan1" in ifaces:
-            raise Exception("bridge brvlan1 has not been cleaned up")
-
-        # disconnect dev0 first to test a corner case
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[1].request("DISCONNECT")
-        dev[1].wait_disconnected()
-
-        # station removal needs some time
-        for i in range(15):
-            time.sleep(1)
-            ifaces = netifaces.interfaces()
-            if "brvlan2" not in ifaces:
-                break
-
-        ifaces = netifaces.interfaces()
-        if "brvlan2" in ifaces:
-            raise Exception("bridge brvlan2 has not been cleaned up")
-
-        hapd.request("DISABLE")
-    finally:
-        ap_vlan_iface_cleanup_multibss_cleanup()
-
-def test_ap_vlan_iface_cleanup_multibss_per_sta_vif(dev, apdev):
-    """AP VLAN operation in multi-BSS multi-VLAN case with per-sta-vif set"""
-
-    # AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID
-    # check that multiple bss do not interfere with each other with respect
-    # to deletion of bridge and tagged interface. per_sta_vif is enabled.
-    ap_vlan_iface_cleanup_multibss(dev, apdev,
-                                   'multi-bss-iface-per_sta_vif.conf')
-
-def test_ap_vlan_without_station(dev, apdev, p):
-    """AP VLAN with WPA2-PSK and no station"""
-    try:
-        filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-        hostapd.send_file(apdev[0], filename, filename)
-        subprocess.call(['brctl', 'addbr', 'brvlan1'])
-        subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
-        subprocess.call(['ifconfig', 'brvlan1', 'up'])
-        # use a passphrase wlantest does not know, so it cannot
-        # inject decrypted frames into pcap
-        params = hostapd.wpa2_params(ssid="test-vlan",
-                                     passphrase="12345678x")
-        params['dynamic_vlan'] = "1"
-        params['vlan_file'] = 'hostapd.wlan3.vlan'
-        params['accept_mac_file'] = filename
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        # inject some traffic
-        sa = hapd.own_addr()
-        da = "ff:ff:ff:ff:ff:00"
-        hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
-        hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
-        hapd.request('DATA_TEST_CONFIG 0')
-        time.sleep(.1)
-
-        dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412")
-
-        # inject some traffic
-        sa = hapd.own_addr()
-        da = "ff:ff:ff:ff:ff:01"
-        hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
-        hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
-        hapd.request('DATA_TEST_CONFIG 0')
-
-        # let the AP send couple of Beacon frames
-        time.sleep(1)
-        out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
-                         "wlan.da == ff:ff:ff:ff:ff:00",
-                         ["wlan.fc.protected"])
-
-        if out is not None:
-            lines = out.splitlines()
-            if len(lines) < 1:
-                # Newer kernel versions filter out frames when there are no
-                # authorized stations on an AP/AP_VLAN interface, so do not
-                # trigger an error here.
-                logger.info("first frame not observed")
-            state = 1
-            for l in lines:
-                is_protected = int(l, 16)
-                if is_protected != 1:
-                    state = 0
-            if state != 1:
-                raise Exception("Broadcast packets were not encrypted when no station was connected")
-        else:
-            raise Exception("first frame not observed")
-
-        out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
-                         "wlan.da == ff:ff:ff:ff:ff:01",
-                         ["wlan.fc.protected"])
-
-        if out is not None:
-            lines = out.splitlines()
-            if len(lines) < 1:
-                raise Exception("second frame not observed")
-            state = 1
-            for l in lines:
-                is_protected = int(l, 16)
-                if is_protected != 1:
-                    state = 0
-            if state != 1:
-                raise Exception("Broadcast packets were not encrypted when station was connected")
-        else:
-            raise Exception("second frame not observed")
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        if filename.startswith('/tmp/'):
-            os.unlink(filename)
-
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'brvlan1'])
-
-@remote_compatible
-def test_ap_open_per_sta_vif(dev, apdev):
-    """AP VLAN with open network"""
-    params = {"ssid": "test-vlan-open",
-              "per_sta_vif": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity_iface(dev[0], hapd,
-                                        apdev[0]['ifname'] + ".4096")
-
-@remote_compatible
-def test_ap_vlan_open_per_sta_vif(dev, apdev):
-    """AP VLAN (dynamic) with open network"""
-    params = {"ssid": "test-vlan-open",
-              "per_sta_vif": "1",
-              "dynamic_vlan": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity_iface(dev[0], hapd,
-                                        apdev[0]['ifname'] + ".4096")
-
-def test_ap_vlan_wpa2_radius_tagged(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and RADIUS EGRESS_VLANID attributes"""
-    ifname = 'wlan0.1'
-    try:
-        params = hostapd.wpa2_eap_params(ssid="test-vlan")
-        params['dynamic_vlan'] = "1"
-        params["vlan_naming"] = "1"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                       identity="vlan1tagged",
-                       password_hex="0123456789abcdef0123456789abcdef",
-                       scan_freq="2412")
-
-        # Create tagged interface for wpa_supplicant
-        subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
-                         'name', ifname, 'type', 'vlan', 'id', '1'])
-        subprocess.call(['ifconfig', ifname, 'up'])
-
-        hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1=ifname,
-                                          ifname2="brvlan1")
-    finally:
-        subprocess.call(['ifconfig', ifname, 'down'])
-        subprocess.call(['ip', 'link', 'del', ifname])
-
-def test_ap_vlan_wpa2_radius_mixed(dev, apdev):
-    """AP VLAN with WPA2-Enterprise and tagged+untagged VLANs"""
-    ifname = 'wlan0.1'
-    try:
-        params = hostapd.wpa2_eap_params(ssid="test-vlan")
-        params['dynamic_vlan'] = "1"
-        params["vlan_naming"] = "1"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
-                       identity="vlan12mixed",
-                       password_hex="0123456789abcdef0123456789abcdef",
-                       scan_freq="2412")
-
-        # Add tagged VLAN interface to wpa_supplicant interface for testing
-        subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
-                         'name', ifname, 'type', 'vlan', 'id', '1'])
-        subprocess.call(['ifconfig', ifname, 'up'])
-
-        logger.info("Test connectivity in untagged VLAN 2")
-        hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
-                                          ifname1=dev[0].ifname,
-                                          ifname2="brvlan2")
-        logger.info("Test connectivity in tagged VLAN 1")
-        hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1=ifname,
-                                          ifname2="brvlan1")
-    finally:
-        subprocess.call(['ifconfig', ifname, 'down'])
-        subprocess.call(['ip', 'link', 'del', ifname])
-
-def test_ap_vlan_reconnect(dev, apdev):
-    """AP VLAN with WPA2-PSK connect, disconnect, connect"""
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    hostapd.send_file(apdev[0], filename, filename)
-    params = hostapd.wpa2_params(ssid="test-vlan",
-                                 passphrase="12345678")
-    params['dynamic_vlan'] = "1"
-    params['accept_mac_file'] = filename
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    logger.info("connect sta")
-    dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    logger.info("disconnect sta")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected(timeout=10)
-    time.sleep(1)
-    logger.info("reconnect sta")
-    dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_ap_vlan_psk(dev, apdev, params):
-    """AP VLAN based on PSK/passphrase"""
-    psk_file = os.path.join(params['logdir'], 'ap_vlan_psk.wpa_psk')
-    with open(psk_file, 'w') as f:
-        f.write('vlanid=1 00:00:00:00:00:00 passphrase-for-vlan-1\n')
-        f.write('vlanid=2 00:00:00:00:00:00 passphrase-for-vlan-2\n')
-        f.write('vlanid=3 00:00:00:00:00:00 passphrase-for-vlan-3\n')
-
-    ssid = 'test-vlan-rsn'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['dynamic_vlan'] = "1"
-    params['wpa_psk_file'] = psk_file
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, psk="passphrase-for-vlan-1", scan_freq="2412")
-    dev[1].connect(ssid, psk="passphrase-for-vlan-2", scan_freq="2412")
-    dev[2].connect(ssid, psk="passphrase-for-vlan-3", scan_freq="2412")
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
-
-def test_ap_vlan_sae(dev, apdev, params):
-    """AP VLAN based on SAE Password Identifier"""
-    for i in range(3):
-        if "SAE" not in dev[i].get_capability("auth_alg"):
-            raise HwsimSkip("SAE not supported")
-    params = hostapd.wpa2_params(ssid="test-sae-vlan")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['pw1|vlanid=1|id=id1',
-                              'pw2|mac=ff:ff:ff:ff:ff:ff|vlanid=2|id=id2',
-                              'pw3|vlanid=3|id=id3']
-    params['dynamic_vlan'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    for i in range(3):
-        dev[i].request("SET sae_groups ")
-        dev[i].connect("test-sae-vlan", sae_password="pw%d" % (i + 1),
-                       sae_password_id="id%d" % (i + 1),
-                       key_mgmt="SAE", scan_freq="2412")
-        hapd.wait_sta()
-
-    hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
-    hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
-    hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
diff --git a/tests/hwsim/test_ap_wps.py b/tests/hwsim/test_ap_wps.py
deleted file mode 100644
index 62972ac703fd..000000000000
--- a/tests/hwsim/test_ap_wps.py
+++ /dev/null
@@ -1,10608 +0,0 @@
-# WPS tests
-# Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-from tshark import run_tshark
-import base64
-import binascii
-from Crypto.Cipher import AES
-import hashlib
-import hmac
-import os
-import time
-import sys
-import stat
-import subprocess
-import logging
-logger = logging.getLogger()
-import re
-import socket
-import struct
-try:
-    from http.client import HTTPConnection
-    from urllib.request import urlopen
-    from urllib.parse import urlparse, urljoin
-    from urllib.error import HTTPError
-    from io import StringIO
-    from socketserver import StreamRequestHandler, TCPServer
-except ImportError:
-    from httplib import HTTPConnection
-    from urllib import urlopen
-    from urlparse import urlparse, urljoin
-    from urllib2 import build_opener, ProxyHandler, HTTPError
-    from StringIO import StringIO
-    from SocketServer import StreamRequestHandler, TCPServer
-import urllib
-import xml.etree.ElementTree as ET
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from test_ap_eap import int_eap_server_params
-
-def wps_start_ap(apdev, ssid="test-wps-conf", extra_cred=None):
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-    if extra_cred:
-        params['extra_cred'] = extra_cred
-    return hostapd.add_ap(apdev, params)
-
-@remote_compatible
-def test_ap_wps_init(dev, apdev):
-    """Initial AP configuration with first WPS Enrollee"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "home")
-    dev[0].set_network_quoted(id, "psk", "12345678")
-    dev[0].request("ENABLE_NETWORK %s no-connect" % id)
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "home2")
-    dev[0].set_network(id, "bssid", "00:11:22:33:44:55")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].request("ENABLE_NETWORK %s no-connect" % id)
-
-    dev[0].request("WPS_PBC")
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    status = hapd.request("WPS_GET_STATUS")
-    if "PBC Status: Disabled" not in status:
-        raise Exception("PBC status not shown correctly")
-    if "Last WPS result: Success" not in status:
-        raise Exception("Last WPS result not shown correctly")
-    if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
-        raise Exception("Peer address not shown correctly")
-    conf = hapd.request("GET_CONFIG")
-    if "wps_state=configured" not in conf:
-        raise Exception("AP not in WPS configured state")
-    if "wpa=2" in conf:
-        if "rsn_pairwise_cipher=CCMP" not in conf:
-            raise Exception("Unexpected rsn_pairwise_cipher")
-        if "group_cipher=CCMP" not in conf:
-            raise Exception("Unexpected group_cipher")
-    else:
-        if "wpa=3" not in conf:
-            raise Exception("AP not in WPA+WPA2 configuration")
-        if "rsn_pairwise_cipher=CCMP TKIP" not in conf:
-            raise Exception("Unexpected rsn_pairwise_cipher")
-        if "wpa_pairwise_cipher=CCMP TKIP" not in conf:
-            raise Exception("Unexpected wpa_pairwise_cipher")
-        if "group_cipher=TKIP" not in conf:
-            raise Exception("Unexpected group_cipher")
-
-    if len(dev[0].list_networks()) != 3:
-        raise Exception("Unexpected number of network blocks")
-
-def test_ap_wps_init_2ap_pbc(dev, apdev):
-    """Initial two-radio AP configuration with first WPS PBC Enrollee"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hostapd.add_ap(apdev[1], params)
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "[WPS-PBC]" not in bss['flags']:
-        raise Exception("WPS-PBC flag missing from AP1")
-    bss = dev[0].get_bss(apdev[1]['bssid'])
-    if "[WPS-PBC]" not in bss['flags']:
-        raise Exception("WPS-PBC flag missing from AP2")
-    dev[0].dump_monitor()
-    dev[0].request("SET wps_cred_processing 2")
-    dev[0].request("WPS_PBC")
-    ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=30)
-    dev[0].request("SET wps_cred_processing 0")
-    if ev is None:
-        raise Exception("WPS cred event not seen")
-    if "100e" not in ev:
-        raise Exception("WPS attributes not included in the cred event")
-    dev[0].wait_connected(timeout=30)
-
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    bss = dev[1].get_bss(apdev[0]['bssid'])
-    if "[WPS-PBC]" in bss['flags']:
-        raise Exception("WPS-PBC flag not cleared from AP1")
-    bss = dev[1].get_bss(apdev[1]['bssid'])
-    if "[WPS-PBC]" in bss['flags']:
-        raise Exception("WPS-PBC flag not cleared from AP2")
-
-def test_ap_wps_init_2ap_pin(dev, apdev):
-    """Initial two-radio AP configuration with first WPS PIN Enrollee"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hostapd.add_ap(apdev[1], params)
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "[WPS-AUTH]" not in bss['flags']:
-        raise Exception("WPS-AUTH flag missing from AP1")
-    bss = dev[0].get_bss(apdev[1]['bssid'])
-    if "[WPS-AUTH]" not in bss['flags']:
-        raise Exception("WPS-AUTH flag missing from AP2")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN any " + pin)
-    dev[0].wait_connected(timeout=30)
-
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    bss = dev[1].get_bss(apdev[0]['bssid'])
-    if "[WPS-AUTH]" in bss['flags']:
-        raise Exception("WPS-AUTH flag not cleared from AP1")
-    bss = dev[1].get_bss(apdev[1]['bssid'])
-    if "[WPS-AUTH]" in bss['flags']:
-        raise Exception("WPS-AUTH flag not cleared from AP2")
-
-@remote_compatible
-def test_ap_wps_init_through_wps_config(dev, apdev):
-    """Initial AP configuration using wps_config command"""
-    ssid = "test-wps-init-config"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
-        raise Exception("WPS_CONFIG command failed")
-    ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
-    # It takes some time for the AP to update Beacon and Probe Response frames,
-    # so wait here before requesting the scan to be started to avoid adding
-    # extra five second wait to the test due to fetching obsolete scan results.
-    hapd.ping()
-    time.sleep(0.2)
-    dev[0].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
-                   pairwise="CCMP", group="CCMP")
-
-    if "FAIL" not in hapd.request("WPS_CONFIG foo"):
-        raise Exception("Invalid WPS_CONFIG accepted")
-
-@remote_compatible
-def test_ap_wps_init_through_wps_config_2(dev, apdev):
-    """AP configuration using wps_config and wps_cred_processing=2"""
-    ssid = "test-wps-init-config"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                           "wps_cred_processing": "2"})
-    if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
-        raise Exception("WPS_CONFIG command failed")
-    ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
-    if "100e" not in ev:
-        raise Exception("WPS-NEW-AP-SETTINGS did not include Credential")
-
-@remote_compatible
-def test_ap_wps_invalid_wps_config_passphrase(dev, apdev):
-    """AP configuration using wps_config command with invalid passphrase"""
-    ssid = "test-wps-init-config"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    if "FAIL" not in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"1234567").decode()):
-        raise Exception("Invalid WPS_CONFIG command accepted")
-
-def test_ap_wps_conf(dev, apdev):
-    """WPS PBC provisioning with configured AP"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].set("device_name", "Device A")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED':
-        raise Exception("Not fully connected")
-    if status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Unexpected BSSID")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    sta = hapd.get_sta(dev[0].p2p_interface_addr())
-    if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
-        raise Exception("Device name not available in STA command")
-
-def test_ap_wps_conf_5ghz(dev, apdev):
-    """WPS PBC provisioning with configured AP on 5 GHz band"""
-    try:
-        hapd = None
-        ssid = "test-wps-conf"
-        params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                  "wpa_passphrase": "12345678", "wpa": "2",
-                  "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                  "country_code": "FI", "hw_mode": "a", "channel": "36"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        logger.info("WPS provisioning step")
-        hapd.request("WPS_PBC")
-        dev[0].set("device_name", "Device A")
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="5180")
-        dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[0].wait_connected(timeout=30)
-
-        sta = hapd.get_sta(dev[0].p2p_interface_addr())
-        if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
-            raise Exception("Device name not available in STA command")
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_ap_wps_conf_chan14(dev, apdev):
-    """WPS PBC provisioning with configured AP on channel 14"""
-    try:
-        hapd = None
-        ssid = "test-wps-conf"
-        params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                  "wpa_passphrase": "12345678", "wpa": "2",
-                  "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                  "country_code": "JP", "hw_mode": "b", "channel": "14"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        logger.info("WPS provisioning step")
-        hapd.request("WPS_PBC")
-        dev[0].set("device_name", "Device A")
-        dev[0].request("WPS_PBC")
-        dev[0].wait_connected(timeout=30)
-
-        sta = hapd.get_sta(dev[0].p2p_interface_addr())
-        if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
-            raise Exception("Device name not available in STA command")
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-@remote_compatible
-def test_ap_wps_twice(dev, apdev):
-    """WPS provisioning with twice to change passphrase"""
-    ssid = "test-wps-twice"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    dev[0].request("DISCONNECT")
-
-    logger.info("Restart AP with different passphrase and re-run WPS")
-    hostapd.remove_bss(apdev[0])
-    params['wpa_passphrase'] = 'another passphrase'
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    networks = dev[0].list_networks()
-    if len(networks) > 1:
-        raise Exception("Unexpected duplicated network block present")
-
-@remote_compatible
-def test_ap_wps_incorrect_pin(dev, apdev):
-    """WPS PIN provisioning with incorrect PIN"""
-    ssid = "test-wps-incorrect-pin"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    logger.info("WPS provisioning attempt 1")
-    hapd.request("WPS_PIN any 12345670")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s 55554444" % apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
-    if ev is None:
-        raise Exception("WPS operation timed out")
-    if "config_error=18" not in ev:
-        raise Exception("Incorrect config_error reported")
-    if "msg=8" not in ev:
-        raise Exception("PIN error detected on incorrect message")
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].request("WPS_CANCEL")
-    # if a scan was in progress, wait for it to complete before trying WPS again
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-
-    status = hapd.request("WPS_GET_STATUS")
-    if "Last WPS result: Failed" not in status:
-        raise Exception("WPS failure result not shown correctly")
-
-    logger.info("WPS provisioning attempt 2")
-    hapd.request("WPS_PIN any 12345670")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s 12344444" % apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
-    if ev is None:
-        raise Exception("WPS operation timed out")
-    if "config_error=18" not in ev:
-        raise Exception("Incorrect config_error reported")
-    if "msg=10" not in ev:
-        raise Exception("PIN error detected on incorrect message")
-    dev[0].wait_disconnected(timeout=10)
-
-@remote_compatible
-def test_ap_wps_conf_pin(dev, apdev):
-    """WPS PIN provisioning with configured AP"""
-    ssid = "test-wps-conf-pin"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    bss = dev[1].get_bss(apdev[0]['bssid'])
-    if "[WPS-AUTH]" in bss['flags']:
-        raise Exception("WPS-AUTH flag not cleared")
-    logger.info("Try to connect from another station using the same PIN")
-    pin = dev[1].request("WPS_PIN " + apdev[0]['bssid'])
-    ev = dev[1].wait_event(["WPS-M2D", "CTRL-EVENT-CONNECTED"], timeout=30)
-    if ev is None:
-        raise Exception("Operation timed out")
-    if "WPS-M2D" not in ev:
-        raise Exception("Unexpected WPS operation started")
-    hapd.request("WPS_PIN any " + pin)
-    dev[1].wait_connected(timeout=30)
-
-def test_ap_wps_conf_pin_mixed_mode(dev, apdev):
-    """WPS PIN provisioning with configured AP (WPA+WPA2)"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-conf-pin-mixed"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "3",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                           "wpa_pairwise": "TKIP"})
-
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
-
-    logger.info("WPS provisioning step (auth_types=0x1b)")
-    if "OK" not in dev[0].request("SET wps_force_auth_types 0x1b"):
-        raise Exception("Failed to set wps_force_auth_types 0x1b")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
-
-    logger.info("WPS provisioning step (auth_types=0 encr_types=0)")
-    if "OK" not in dev[0].request("SET wps_force_auth_types 0"):
-        raise Exception("Failed to set wps_force_auth_types 0")
-    if "OK" not in dev[0].request("SET wps_force_encr_types 0"):
-        raise Exception("Failed to set wps_force_encr_types 0")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
-
-    dev[0].request("SET wps_force_auth_types ")
-    dev[0].request("SET wps_force_encr_types ")
-
-@remote_compatible
-def test_ap_wps_conf_pin_v1(dev, apdev):
-    """WPS PIN provisioning with configured WPS v1.0 AP"""
-    ssid = "test-wps-conf-pin-v1"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("SET wps_version_number 0x10")
-    hapd.request("WPS_PIN any " + pin)
-    found = False
-    for i in range(0, 10):
-        dev[0].scan(freq="2412")
-        if "[WPS-PIN]" in dev[0].request("SCAN_RESULTS"):
-            found = True
-            break
-    if not found:
-        hapd.request("SET wps_version_number 0x20")
-        raise Exception("WPS-PIN flag not seen in scan results")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-    hapd.request("SET wps_version_number 0x20")
-
-@remote_compatible
-def test_ap_wps_conf_pin_2sta(dev, apdev):
-    """Two stations trying to use WPS PIN at the same time"""
-    ssid = "test-wps-conf-pin2"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    pin = "12345670"
-    pin2 = "55554444"
-    hapd.request("WPS_PIN " + dev[0].get_status_field("uuid") + " " + pin)
-    hapd.request("WPS_PIN " + dev[1].get_status_field("uuid") + " " + pin)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-    dev[1].wait_connected(timeout=30)
-
-@remote_compatible
-def test_ap_wps_conf_pin_timeout(dev, apdev):
-    """WPS PIN provisioning with configured AP timing out PIN"""
-    ssid = "test-wps-conf-pin"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    addr = dev[0].p2p_interface_addr()
-    pin = dev[0].wps_read_pin()
-    if "FAIL" not in hapd.request("WPS_PIN "):
-        raise Exception("Unexpected success on invalid WPS_PIN")
-    hapd.request("WPS_PIN any " + pin + " 1")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    time.sleep(1.1)
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=20)
-    if ev is None:
-        raise Exception("WPS-PIN-NEEDED event timed out")
-    ev = dev[0].wait_event(["WPS-M2D"])
-    if ev is None:
-        raise Exception("M2D not reported")
-    dev[0].request("WPS_CANCEL")
-
-    hapd.request("WPS_PIN any " + pin + " 20 " + addr)
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-
-def test_ap_wps_reg_connect(dev, apdev):
-    """WPS registrar using AP PIN to connect"""
-    ssid = "test-wps-reg-ap-pin"
-    appin = "12345670"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "ap_pin": appin})
-    logger.info("WPS provisioning step")
-    dev[0].dump_monitor()
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-def test_ap_wps_reg_connect_zero_len_ap_pin(dev, apdev):
-    """hostapd with zero length ap_pin parameter"""
-    ssid = "test-wps-reg-ap-pin"
-    appin = ""
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "ap_pin": appin})
-    logger.info("WPS provisioning step")
-    dev[0].dump_monitor()
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin, no_wait=True)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("No WPS-FAIL reported")
-    if "msg=5 config_error=15" not in ev:
-        raise Exception("Unexpected WPS-FAIL: " + ev)
-
-def test_ap_wps_reg_connect_mixed_mode(dev, apdev):
-    """WPS registrar using AP PIN to connect (WPA+WPA2)"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-reg-ap-pin"
-    appin = "12345670"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "3",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "wpa_pairwise": "TKIP", "ap_pin": appin})
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-def test_ap_wps_reg_override_ap_settings(dev, apdev):
-    """WPS registrar and ap_settings override"""
-    ap_settings = "/tmp/ap_wps_reg_override_ap_settings"
-    try:
-        os.remove(ap_settings)
-    except:
-        pass
-    # Override AP Settings with values that point to another AP
-    data = build_wsc_attr(ATTR_NETWORK_INDEX, b'\x01')
-    data += build_wsc_attr(ATTR_SSID, b"test")
-    data += build_wsc_attr(ATTR_AUTH_TYPE, b'\x00\x01')
-    data += build_wsc_attr(ATTR_ENCR_TYPE, b'\x00\x01')
-    data += build_wsc_attr(ATTR_NETWORK_KEY, b'')
-    data += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[1]['bssid'].replace(':', '')))
-    with open(ap_settings, "wb") as f:
-        f.write(data)
-    ssid = "test-wps-reg-ap-pin"
-    appin = "12345670"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "ap_pin": appin, "ap_settings": ap_settings})
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "test"})
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin)
-    ev = hapd2.wait_event(['AP-STA-CONNECTED'], timeout=10)
-    os.remove(ap_settings)
-    if ev is None:
-        raise Exception("No connection with the other AP")
-
-def check_wps_reg_failure(dev, ap, appin):
-    dev.request("WPS_REG " + ap['bssid'] + " " + appin)
-    ev = dev.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS operation timed out")
-    if "WPS-SUCCESS" in ev:
-        raise Exception("WPS operation succeeded unexpectedly")
-    if "config_error=15" not in ev:
-        raise Exception("WPS setup locked state was not reported correctly")
-
-def test_ap_wps_random_ap_pin(dev, apdev):
-    """WPS registrar using random AP PIN"""
-    ssid = "test-wps-reg-random-ap-pin"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    appin = hapd.request("WPS_AP_PIN random")
-    if "FAIL" in appin:
-        raise Exception("Could not generate random AP PIN")
-    if appin not in hapd.request("WPS_AP_PIN get"):
-        raise Exception("Could not fetch current AP PIN")
-    logger.info("WPS provisioning step")
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin)
-
-    hapd.request("WPS_AP_PIN disable")
-    logger.info("WPS provisioning step with AP PIN disabled")
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    check_wps_reg_failure(dev[1], apdev[0], appin)
-
-    logger.info("WPS provisioning step with AP PIN reset")
-    appin = "12345670"
-    hapd.request("WPS_AP_PIN set " + appin)
-    dev[1].wps_reg(apdev[0]['bssid'], appin)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected(timeout=10)
-    dev[1].wait_disconnected(timeout=10)
-
-    logger.info("WPS provisioning step after AP PIN timeout")
-    hapd.request("WPS_AP_PIN disable")
-    appin = hapd.request("WPS_AP_PIN random 1")
-    time.sleep(1.1)
-    if "FAIL" not in hapd.request("WPS_AP_PIN get"):
-        raise Exception("AP PIN unexpectedly still enabled")
-    check_wps_reg_failure(dev[0], apdev[0], appin)
-
-    logger.info("WPS provisioning step after AP PIN timeout(2)")
-    hapd.request("WPS_AP_PIN disable")
-    appin = "12345670"
-    hapd.request("WPS_AP_PIN set " + appin + " 1")
-    time.sleep(1.1)
-    if "FAIL" not in hapd.request("WPS_AP_PIN get"):
-        raise Exception("AP PIN unexpectedly still enabled")
-    check_wps_reg_failure(dev[1], apdev[0], appin)
-
-    with fail_test(hapd, 1, "os_get_random;wps_generate_pin"):
-        hapd.request("WPS_AP_PIN random 1")
-        hapd.request("WPS_AP_PIN disable")
-
-    with alloc_fail(hapd, 1, "upnp_wps_set_ap_pin"):
-        hapd.request("WPS_AP_PIN set 12345670")
-        hapd.request("WPS_AP_PIN disable")
-
-    if "FAIL" not in hapd.request("WPS_AP_PIN set"):
-        raise Exception("Invalid WPS_AP_PIN accepted")
-    if "FAIL" not in hapd.request("WPS_AP_PIN foo"):
-        raise Exception("Invalid WPS_AP_PIN accepted")
-    if "FAIL" not in hapd.request("WPS_AP_PIN set " + 9*'1'):
-        raise Exception("Invalid WPS_AP_PIN accepted")
-
-def test_ap_wps_reg_config(dev, apdev):
-    """WPS registrar configuring an AP using AP PIN"""
-    ssid = "test-wps-init-ap-pin"
-    appin = "12345670"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "ap_pin": appin})
-    logger.info("WPS configuration step")
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    new_ssid = "wps-new-ssid"
-    new_passphrase = "1234567890"
-    dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
-                   new_passphrase)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != new_ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    logger.info("Re-configure back to open")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].flush_scan_cache()
-    dev[0].dump_monitor()
-    dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-open", "OPEN", "NONE", "")
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != "wps-open":
-        raise Exception("Unexpected SSID")
-    if status['key_mgmt'] != 'NONE':
-        raise Exception("Unexpected key_mgmt")
-
-def test_ap_wps_reg_config_ext_processing(dev, apdev):
-    """WPS registrar configuring an AP with external config processing"""
-    ssid = "test-wps-init-ap-pin"
-    appin = "12345670"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wps_cred_processing": "1", "ap_pin": appin}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    new_ssid = "wps-new-ssid"
-    new_passphrase = "1234567890"
-    dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
-                   new_passphrase, no_wait=True)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS registrar operation timed out")
-    ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS configuration timed out")
-    if "1026" not in ev:
-        raise Exception("AP Settings missing from event")
-    hapd.request("SET wps_cred_processing 0")
-    if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(new_ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(new_passphrase.encode()).decode()):
-        raise Exception("WPS_CONFIG command failed")
-    dev[0].wait_connected(timeout=15)
-
-def test_ap_wps_reg_config_tkip(dev, apdev):
-    """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-init-ap"
-    appin = "12345670"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                           "ap_pin": appin})
-    logger.info("WPS configuration step")
-    dev[0].flush_scan_cache()
-    dev[0].request("SET wps_version_number 0x10")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    new_ssid = "wps-new-ssid-with-tkip"
-    new_passphrase = "1234567890"
-    dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPAPSK", "TKIP",
-                   new_passphrase)
-    logger.info("Re-connect to verify WPA2 mixed mode")
-    dev[0].request("DISCONNECT")
-    id = 0
-    dev[0].set_network(id, "pairwise", "CCMP")
-    dev[0].set_network(id, "proto", "RSN")
-    dev[0].connect_network(id)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected: wpa_state={} bssid={}".format(status['wpa_state'], status['bssid']))
-    if status['ssid'] != new_ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['group_cipher'] != 'TKIP':
-        conf = hapd.request("GET_CONFIG")
-        if "group_cipher=CCMP" not in conf or status['group_cipher'] != 'CCMP':
-            raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-def test_ap_wps_setup_locked(dev, apdev):
-    """WPS registrar locking up AP setup on AP PIN failures"""
-    ssid = "test-wps-incorrect-ap-pin"
-    appin = "12345670"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                           "ap_pin": appin})
-    new_ssid = "wps-new-ssid-test"
-    new_passphrase = "1234567890"
-
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    ap_setup_locked = False
-    for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
-        dev[0].dump_monitor()
-        logger.info("Try incorrect AP PIN - attempt " + pin)
-        dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
-                       "CCMP", new_passphrase, no_wait=True)
-        ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
-        if ev is None:
-            raise Exception("Timeout on receiving WPS operation failure event")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
-        if "config_error=15" in ev:
-            logger.info("AP Setup Locked")
-            ap_setup_locked = True
-        elif "config_error=18" not in ev:
-            raise Exception("config_error=18 not reported")
-        dev[0].wait_disconnected(timeout=10)
-        time.sleep(0.1)
-    if not ap_setup_locked:
-        raise Exception("AP setup was not locked")
-    dev[0].request("WPS_CANCEL")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True,
-                        only_new=True)
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'wps_ap_setup_locked' not in bss or bss['wps_ap_setup_locked'] != '1':
-        logger.info("BSS: " + str(bss))
-        raise Exception("AP Setup Locked not indicated in scan results")
-
-    status = hapd.request("WPS_GET_STATUS")
-    if "Last WPS result: Failed" not in status:
-        raise Exception("WPS failure result not shown correctly")
-    if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
-        raise Exception("Peer address not shown correctly")
-
-    time.sleep(0.5)
-    dev[0].dump_monitor()
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
-    if ev is None:
-        raise Exception("WPS success was not reported")
-    dev[0].wait_connected(timeout=30)
-
-    appin = hapd.request("WPS_AP_PIN random")
-    if "FAIL" in appin:
-        raise Exception("Could not generate random AP PIN")
-    ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=10)
-    if ev is None:
-        raise Exception("Failed to unlock AP PIN")
-
-def test_ap_wps_setup_locked_timeout(dev, apdev):
-    """WPS re-enabling AP PIN after timeout"""
-    ssid = "test-wps-incorrect-ap-pin"
-    appin = "12345670"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                           "ap_pin": appin})
-    new_ssid = "wps-new-ssid-test"
-    new_passphrase = "1234567890"
-
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    ap_setup_locked = False
-    for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
-        dev[0].dump_monitor()
-        logger.info("Try incorrect AP PIN - attempt " + pin)
-        dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
-                       "CCMP", new_passphrase, no_wait=True)
-        ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on receiving WPS operation failure event")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
-        if "config_error=15" in ev:
-            logger.info("AP Setup Locked")
-            ap_setup_locked = True
-            break
-        elif "config_error=18" not in ev:
-            raise Exception("config_error=18 not reported")
-        dev[0].wait_disconnected(timeout=10)
-        time.sleep(0.1)
-    if not ap_setup_locked:
-        raise Exception("AP setup was not locked")
-    ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=80)
-    if ev is None:
-        raise Exception("AP PIN did not get unlocked on 60 second timeout")
-
-def test_ap_wps_setup_locked_2(dev, apdev):
-    """WPS AP configured for special ap_setup_locked=2 mode"""
-    ssid = "test-wps-ap-pin"
-    appin = "12345670"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "ap_pin": appin, "ap_setup_locked": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    new_ssid = "wps-new-ssid-test"
-    new_passphrase = "1234567890"
-
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-    dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK",
-                   "CCMP", new_passphrase, no_wait=True)
-
-    ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("hostapd did not report WPS failure")
-    if "msg=12 config_error=15" not in ev:
-        raise Exception("Unexpected failure reason (AP): " + ev)
-
-    ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
-    if ev is None:
-        raise Exception("Timeout on receiving WPS operation failure event")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if "config_error=15" not in ev:
-        raise Exception("Unexpected failure reason (STA): " + ev)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-
-def setup_ap_wps_pbc_overlap_2ap(apdev):
-    params = {"ssid": "wps1", "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "wps_independent": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = {"ssid": "wps2", "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "123456789", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "wps_independent": "1"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    hapd.request("WPS_PBC")
-    hapd2.request("WPS_PBC")
-    return hapd, hapd2
-
-@remote_compatible
-def test_ap_wps_pbc_overlap_2ap(dev, apdev):
-    """WPS PBC session overlap with two active APs"""
-    hapd, hapd2 = setup_ap_wps_pbc_overlap_2ap(apdev)
-    logger.info("WPS provisioning step")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].request("WPS_PBC")
-    ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
-    hapd.request("DISABLE")
-    hapd2.request("DISABLE")
-    dev[0].flush_scan_cache()
-    if ev is None:
-        raise Exception("PBC session overlap not detected")
-
-@remote_compatible
-def test_ap_wps_pbc_overlap_2ap_specific_bssid(dev, apdev):
-    """WPS PBC session overlap with two active APs (specific BSSID selected)"""
-    hapd, hapd2 = setup_ap_wps_pbc_overlap_2ap(apdev)
-    logger.info("WPS provisioning step")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=15)
-    dev[0].request("DISCONNECT")
-    hapd.request("DISABLE")
-    hapd2.request("DISABLE")
-    dev[0].flush_scan_cache()
-    if ev is None:
-        raise Exception("PBC session overlap result not reported")
-    if "CTRL-EVENT-CONNECTED" not in ev:
-        raise Exception("Connection did not complete")
-
-@remote_compatible
-def test_ap_wps_pbc_overlap_2sta(dev, apdev):
-    """WPS PBC session overlap with two active STAs"""
-    ssid = "test-wps-pbc-overlap"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[1].dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[1].request("WPS_PBC " + apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
-    if ev is None:
-        raise Exception("PBC session overlap not detected (dev0)")
-    if "config_error=12" not in ev:
-        raise Exception("PBC session overlap not correctly reported (dev0)")
-    dev[0].request("WPS_CANCEL")
-    dev[0].request("DISCONNECT")
-    ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
-    if ev is None:
-        raise Exception("PBC session overlap not detected (dev1)")
-    if "config_error=12" not in ev:
-        raise Exception("PBC session overlap not correctly reported (dev1)")
-    dev[1].request("WPS_CANCEL")
-    dev[1].request("DISCONNECT")
-    ev = hapd.wait_event(["WPS-OVERLAP-DETECTED"], timeout=1)
-    if ev is None:
-        raise Exception("PBC session overlap not detected (AP)")
-    if "PBC Status: Overlap" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-    hapd.request("WPS_CANCEL")
-    ret = hapd.request("WPS_PBC")
-    if "FAIL" not in ret:
-        raise Exception("PBC mode allowed to be started while PBC overlap still active")
-    hapd.request("DISABLE")
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-def test_ap_wps_pbc_session_workaround(dev, apdev):
-    """WPS PBC session overlap workaround"""
-    ssid = "test-wps-pbc-overlap"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    bssid = hapd.own_addr()
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("WPS_PBC " + bssid)
-    dev[0].wait_connected(timeout=30)
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected(timeout=30)
-    dev[0].dump_monitor()
-    # Trigger AP/Registrar to ignore PBC activation immediately after
-    # successfully completed provisioning
-    dev[0].request("WPS_PBC " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("No scan results reported")
-    dev[0].request("WPS_CANCEL")
-    dev[0].dump_monitor()
-
-    # Verify that PBC session overlap does not prevent connection
-    hapd.request("WPS_PBC")
-    dev[1].scan_for_bss(bssid, freq="2412")
-    dev[1].request("WPS_PBC " + bssid)
-    dev[1].wait_connected()
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].wait_disconnected()
-
-    hapd.request("DISABLE")
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-@remote_compatible
-def test_ap_wps_cancel(dev, apdev):
-    """WPS AP cancelling enabled config method"""
-    ssid = "test-wps-ap-cancel"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    bssid = apdev[0]['bssid']
-
-    logger.info("Verify PBC enable/cancel")
-    hapd.request("WPS_PBC")
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "[WPS-PBC]" not in bss['flags']:
-        raise Exception("WPS-PBC flag missing")
-    if "FAIL" in hapd.request("WPS_CANCEL"):
-        raise Exception("WPS_CANCEL failed")
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "[WPS-PBC]" in bss['flags']:
-        raise Exception("WPS-PBC flag not cleared")
-
-    logger.info("Verify PIN enable/cancel")
-    hapd.request("WPS_PIN any 12345670")
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "[WPS-AUTH]" not in bss['flags']:
-        raise Exception("WPS-AUTH flag missing")
-    if "FAIL" in hapd.request("WPS_CANCEL"):
-        raise Exception("WPS_CANCEL failed")
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "[WPS-AUTH]" in bss['flags']:
-        raise Exception("WPS-AUTH flag not cleared")
-
-def test_ap_wps_er_add_enrollee(dev, apdev):
-    """WPS ER configuring AP and adding a new enrollee using PIN"""
-    try:
-        _test_ap_wps_er_add_enrollee(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_add_enrollee(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    'friendly_name': "WPS AP - <>&'\" - TEST",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-    logger.info("WPS configuration step")
-    new_passphrase = "1234567890"
-    dev[0].dump_monitor()
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
-                   new_passphrase)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    logger.info("Start ER")
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-    if "|WPS AP - &lt;&gt;&amp;&apos;&quot; - TEST|Company|" not in ev:
-        raise Exception("Expected friendly name not found")
-
-    logger.info("Learn AP configuration through UPnP")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not in settings")
-    if "ssid=" + ssid not in ev:
-        raise Exception("Expected SSID not in settings")
-    if "key=" + new_passphrase not in ev:
-        raise Exception("Expected passphrase not in settings")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL after AP learn timed out")
-    time.sleep(0.1)
-
-    logger.info("Add Enrollee using ER")
-    pin = dev[1].wps_read_pin()
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[1].dump_monitor()
-    dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
-    if ev is None:
-        raise Exception("Enrollee did not report success")
-    dev[1].wait_connected(timeout=15)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-    hwsim_utils.test_connectivity_sta(dev[0], dev[1])
-
-    logger.info("Add a specific Enrollee using ER")
-    pin = dev[2].wps_read_pin()
-    addr2 = dev[2].p2p_interface_addr()
-    dev[0].dump_monitor()
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[2].dump_monitor()
-    dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee not seen")
-    if addr2 not in ev:
-        raise Exception("Unexpected Enrollee MAC address")
-    dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
-    dev[2].wait_connected(timeout=30)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-    logger.info("Verify registrar selection behavior")
-    dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected(timeout=10)
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[1].scan(freq="2412")
-    bss = dev[1].get_bss(apdev[0]['bssid'])
-    if "[WPS-AUTH]" not in bss['flags']:
-        # It is possible for scan to miss an update especially when running
-        # tests under load with multiple VMs, so allow another attempt.
-        dev[1].scan(freq="2412")
-        bss = dev[1].get_bss(apdev[0]['bssid'])
-        if "[WPS-AUTH]" not in bss['flags']:
-            raise Exception("WPS-AUTH flag missing")
-
-    logger.info("Stop ER")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_STOP")
-    ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"])
-    if ev is None:
-        raise Exception("WPS ER unsubscription timed out")
-    # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
-    # a bit before verifying that the scan results have changed.
-    time.sleep(0.2)
-
-    for i in range(0, 10):
-        dev[1].request("BSS_FLUSH 0")
-        dev[1].scan(freq="2412", only_new=True)
-        bss = dev[1].get_bss(apdev[0]['bssid'])
-        if bss and 'flags' in bss and "[WPS-AUTH]" not in bss['flags']:
-            break
-        logger.debug("WPS-AUTH flag was still in place - wait a bit longer")
-        time.sleep(0.1)
-    if "[WPS-AUTH]" in bss['flags']:
-        raise Exception("WPS-AUTH flag not removed")
-
-def test_ap_wps_er_add_enrollee_uuid(dev, apdev):
-    """WPS ER adding a new enrollee identified by UUID"""
-    try:
-        _test_ap_wps_er_add_enrollee_uuid(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_add_enrollee_uuid(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-    logger.info("WPS configuration step")
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-
-    logger.info("Start ER")
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    logger.info("Learn AP configuration through UPnP")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not in settings")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL after AP learn timed out")
-    time.sleep(0.1)
-
-    logger.info("Add a specific Enrollee using ER (PBC/UUID)")
-    addr1 = dev[1].p2p_interface_addr()
-    dev[0].dump_monitor()
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[1].dump_monitor()
-    dev[1].request("WPS_PBC %s" % apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee not seen")
-    if addr1 not in ev:
-        raise Exception("Unexpected Enrollee MAC address")
-    uuid = ev.split(' ')[1]
-    dev[0].request("WPS_ER_PBC " + uuid)
-    dev[1].wait_connected(timeout=30)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-    logger.info("Add a specific Enrollee using ER (PIN/UUID)")
-    pin = dev[2].wps_read_pin()
-    addr2 = dev[2].p2p_interface_addr()
-    dev[0].dump_monitor()
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[2].dump_monitor()
-    dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee not seen")
-    if addr2 not in ev:
-        raise Exception("Unexpected Enrollee MAC address")
-    uuid = ev.split(' ')[1]
-    dev[0].request("WPS_ER_PIN " + uuid + " " + pin)
-    dev[2].wait_connected(timeout=30)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-    ev = dev[0].wait_event(["WPS-ER-ENROLLEE-REMOVE"], timeout=15)
-    if ev is None:
-        raise Exception("No Enrollee STA entry timeout seen")
-
-    logger.info("Stop ER")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_STOP")
-
-def test_ap_wps_er_multi_add_enrollee(dev, apdev):
-    """Multiple WPS ERs adding a new enrollee using PIN"""
-    try:
-        _test_ap_wps_er_multi_add_enrollee(dev, apdev)
-    finally:
-        for i in range(2):
-            dev[i].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_multi_add_enrollee(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    'friendly_name': "WPS AP",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-
-    for i in range(2):
-        dev[i].flush_scan_cache()
-        dev[i].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[i].wps_reg(apdev[0]['bssid'], ap_pin)
-    for i in range(2):
-        dev[i].request("WPS_ER_START ifname=lo")
-    for i in range(2):
-        ev = dev[i].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-        if ev is None:
-            raise Exception("AP discovery timed out")
-        dev[i].dump_monitor()
-    for i in range(2):
-        dev[i].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    for i in range(2):
-        ev = dev[i].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-        if ev is None:
-            raise Exception("AP learn timed out")
-        ev = dev[i].wait_event(["WPS-FAIL"], timeout=15)
-        if ev is None:
-            raise Exception("WPS-FAIL after AP learn timed out")
-
-    time.sleep(0.1)
-
-    pin = dev[2].wps_read_pin()
-    addr = dev[2].own_addr()
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_PIN any " + pin + " " + addr)
-    dev[1].dump_monitor()
-    dev[1].request("WPS_ER_PIN any " + pin + " " + addr)
-
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[2].dump_monitor()
-    dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[2].wait_event(["WPS-SUCCESS"], timeout=30)
-    if ev is None:
-        raise Exception("Enrollee did not report success")
-    dev[2].wait_connected(timeout=15)
-
-def test_ap_wps_er_add_enrollee_pbc(dev, apdev):
-    """WPS ER connected to AP and adding a new enrollee using PBC"""
-    try:
-        _test_ap_wps_er_add_enrollee_pbc(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_add_enrollee_pbc(dev, apdev):
-    ssid = "wps-er-add-enrollee-pbc"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-    logger.info("Learn AP configuration")
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-
-    logger.info("Start ER")
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    enrollee = dev[1].p2p_interface_addr()
-
-    if "FAIL-UNKNOWN-UUID" not in dev[0].request("WPS_ER_PBC " + enrollee):
-        raise Exception("Unknown UUID not reported")
-
-    logger.info("Add Enrollee using ER and PBC")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[1].request("WPS_PBC")
-
-    for i in range(0, 2):
-        ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
-        if ev is None:
-            raise Exception("Enrollee discovery timed out")
-        if enrollee in ev:
-            break
-        if i == 1:
-            raise Exception("Expected Enrollee not found")
-    if "FAIL-NO-AP-SETTINGS" not in dev[0].request("WPS_ER_PBC " + enrollee):
-        raise Exception("Unknown UUID not reported")
-    logger.info("Use learned network configuration on ER")
-    dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
-    if "OK" not in dev[0].request("WPS_ER_PBC " + enrollee):
-        raise Exception("WPS_ER_PBC failed")
-
-    ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("Enrollee did not report success")
-    dev[1].wait_connected(timeout=15)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-    hwsim_utils.test_connectivity_sta(dev[0], dev[1])
-
-def test_ap_wps_er_pbc_overlap(dev, apdev):
-    """WPS ER connected to AP and PBC session overlap"""
-    try:
-        _test_ap_wps_er_pbc_overlap(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_pbc_overlap(dev, apdev):
-    ssid = "wps-er-add-enrollee-pbc"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    # avoid leaving dev 1 or 2 as the last Probe Request to the AP
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True)
-
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_START ifname=lo")
-
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    # verify BSSID selection of the AP instead of UUID
-    if "FAIL" in dev[0].request("WPS_ER_SET_CONFIG " + apdev[0]['bssid'] + " 0"):
-        raise Exception("Could not select AP based on BSSID")
-
-    dev[0].dump_monitor()
-    dev[1].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[2].request("WPS_PBC " + apdev[0]['bssid'])
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("PBC scan failed")
-    ev = dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("PBC scan failed")
-    found1 = False
-    found2 = False
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-    for i in range(3):
-        ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
-        if ev is None:
-            raise Exception("Enrollee discovery timed out")
-        if addr1 in ev:
-            found1 = True
-            if found2:
-                break
-        if addr2 in ev:
-            found2 = True
-            if found1:
-                break
-    if dev[0].request("WPS_ER_PBC " + ap_uuid) != "FAIL-PBC-OVERLAP\n":
-        raise Exception("PBC overlap not reported")
-    dev[1].request("WPS_CANCEL")
-    dev[2].request("WPS_CANCEL")
-    if dev[0].request("WPS_ER_PBC foo") != "FAIL\n":
-        raise Exception("Invalid WPS_ER_PBC accepted")
-
-def test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
-    """WPS v1.0 ER connected to AP and adding a new enrollee using PIN"""
-    try:
-        _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
-    ssid = "wps-er-add-enrollee-pbc"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-    logger.info("Learn AP configuration")
-    dev[0].request("SET wps_version_number 0x10")
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-
-    logger.info("Start ER")
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    logger.info("Use learned network configuration on ER")
-    dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
-
-    logger.info("Add Enrollee using ER and PIN")
-    enrollee = dev[1].p2p_interface_addr()
-    pin = dev[1].wps_read_pin()
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_PIN any " + pin + " " + enrollee)
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[1].dump_monitor()
-    dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[1].wait_connected(timeout=30)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-@remote_compatible
-def test_ap_wps_er_config_ap(dev, apdev):
-    """WPS ER configuring AP over UPnP"""
-    try:
-        _test_ap_wps_er_config_ap(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_config_ap(dev, apdev):
-    ssid = "wps-er-ap-config"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-
-    logger.info("Connect ER to the AP")
-    dev[0].connect(ssid, psk="12345678", scan_freq="2412")
-
-    logger.info("WPS configuration step")
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-    new_passphrase = "1234567890"
-    dev[0].request("WPS_ER_CONFIG " + apdev[0]['bssid'] + " " + ap_pin + " " +
-                   binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " +
-                   binascii.hexlify(new_passphrase.encode()).decode())
-    ev = dev[0].wait_event(["WPS-SUCCESS"])
-    if ev is None:
-        raise Exception("WPS ER configuration operation timed out")
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].connect(ssid, psk="1234567890", scan_freq="2412")
-
-    logger.info("WPS ER restart")
-    dev[0].request("WPS_ER_START")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out on ER restart")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found on ER restart")
-    if "OK" not in dev[0].request("WPS_ER_STOP"):
-        raise Exception("WPS_ER_STOP failed")
-    if "OK" not in dev[0].request("WPS_ER_STOP"):
-        raise Exception("WPS_ER_STOP failed")
-
-@remote_compatible
-def test_ap_wps_er_cache_ap_settings(dev, apdev):
-    """WPS ER caching AP settings"""
-    try:
-        _test_ap_wps_er_cache_ap_settings(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_cache_ap_settings(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-    id = int(dev[0].list_networks()[0]['id'])
-    dev[0].set_network(id, "scan_freq", "2412")
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL after AP learn timed out")
-    time.sleep(0.1)
-
-    hapd.disable()
-
-    for i in range(2):
-        ev = dev[0].wait_event(["WPS-ER-AP-REMOVE", "CTRL-EVENT-DISCONNECTED"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("AP removal or disconnection timed out")
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    for i in range(2):
-        ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("AP discovery or connection timed out")
-
-    pin = dev[1].wps_read_pin()
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
-
-    time.sleep(0.2)
-
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[1].dump_monitor()
-    dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
-    if ev is None:
-        raise Exception("Enrollee did not report success")
-    dev[1].wait_connected(timeout=15)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_STOP")
-
-def test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
-    """WPS ER caching AP settings (OOM)"""
-    try:
-        _test_ap_wps_er_cache_ap_settings_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-    id = int(dev[0].list_networks()[0]['id'])
-    dev[0].set_network(id, "scan_freq", "2412")
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL after AP learn timed out")
-    time.sleep(0.1)
-
-    with alloc_fail(dev[0], 1, "=wps_er_ap_use_cached_settings"):
-        hapd.disable()
-
-        for i in range(2):
-            ev = dev[0].wait_event(["WPS-ER-AP-REMOVE",
-                                    "CTRL-EVENT-DISCONNECTED"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("AP removal or disconnection timed out")
-
-        hapd = hostapd.add_ap(apdev[0], params)
-        for i in range(2):
-            ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("AP discovery or connection timed out")
-
-    dev[0].request("WPS_ER_STOP")
-
-def test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
-    """WPS ER caching AP settings (OOM 2)"""
-    try:
-        _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-    id = int(dev[0].list_networks()[0]['id'])
-    dev[0].set_network(id, "scan_freq", "2412")
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL after AP learn timed out")
-    time.sleep(0.1)
-
-    with alloc_fail(dev[0], 1, "=wps_er_ap_cache_settings"):
-        hapd.disable()
-
-        for i in range(2):
-            ev = dev[0].wait_event(["WPS-ER-AP-REMOVE",
-                                    "CTRL-EVENT-DISCONNECTED"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("AP removal or disconnection timed out")
-
-        hapd = hostapd.add_ap(apdev[0], params)
-        for i in range(2):
-            ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("AP discovery or connection timed out")
-
-    dev[0].request("WPS_ER_STOP")
-
-def test_ap_wps_er_subscribe_oom(dev, apdev):
-    """WPS ER subscribe OOM"""
-    try:
-        _test_ap_wps_er_subscribe_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_subscribe_oom(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-    id = int(dev[0].list_networks()[0]['id'])
-    dev[0].set_network(id, "scan_freq", "2412")
-
-    with alloc_fail(dev[0], 1, "http_client_addr;wps_er_subscribe"):
-        dev[0].request("WPS_ER_START ifname=lo")
-        for i in range(50):
-            res = dev[0].request("GET_ALLOC_FAIL")
-            if res.startswith("0:"):
-                break
-            time.sleep(0.1)
-        ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=0)
-        if ev:
-            raise Exception("Unexpected AP discovery during OOM")
-
-    dev[0].request("WPS_ER_STOP")
-
-def test_ap_wps_er_set_sel_reg_oom(dev, apdev):
-    """WPS ER SetSelectedRegistrar OOM"""
-    try:
-        _test_ap_wps_er_set_sel_reg_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_set_sel_reg_oom(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("AP not discovered")
-
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL timed out")
-    time.sleep(0.1)
-
-    for func in ["http_client_url_parse;wps_er_send_set_sel_reg",
-                 "wps_er_soap_hdr;wps_er_send_set_sel_reg",
-                 "http_client_addr;wps_er_send_set_sel_reg",
-                 "wpabuf_alloc;wps_er_set_sel_reg"]:
-        with alloc_fail(dev[0], 1, func):
-            if "OK" not in dev[0].request("WPS_ER_PBC " + ap_uuid):
-                raise Exception("WPS_ER_PBC failed")
-            ev = dev[0].wait_event(["WPS-PBC-ACTIVE"], timeout=3)
-            if ev is None:
-                raise Exception("WPS-PBC-ACTIVE not seen")
-
-    dev[0].request("WPS_ER_STOP")
-
-@remote_compatible
-def test_ap_wps_er_learn_oom(dev, apdev):
-    """WPS ER learn OOM"""
-    try:
-        _test_ap_wps_er_learn_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_learn_oom(dev, apdev):
-    ssid = "wps-er-add-enrollee"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("AP not discovered")
-
-    for func in ["wps_er_http_put_message_cb",
-                 "xml_get_base64_item;wps_er_http_put_message_cb",
-                 "http_client_url_parse;wps_er_ap_put_message",
-                 "wps_er_soap_hdr;wps_er_ap_put_message",
-                 "http_client_addr;wps_er_ap_put_message"]:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-            ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=1)
-            if ev is not None:
-                raise Exception("AP learn succeeded during OOM")
-
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=10)
-    if ev is None:
-        raise Exception("AP learn did not succeed")
-
-    if "FAIL" not in dev[0].request("WPS_ER_LEARN 00000000-9e5c-4e73-bd82-f89cbcd10d7e " + ap_pin):
-        raise Exception("WPS_ER_LEARN for unknown AP accepted")
-
-    dev[0].request("WPS_ER_STOP")
-
-def test_ap_wps_fragmentation(dev, apdev):
-    """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-fragmentation"
-    appin = "12345670"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "3",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                           "wpa_pairwise": "TKIP", "ap_pin": appin,
-                           "fragment_size": "50"})
-    logger.info("WPS provisioning step (PBC)")
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    dev[0].request("SET wps_fragment_size 50")
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED':
-        raise Exception("Not fully connected")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    logger.info("WPS provisioning step (PIN)")
-    pin = dev[1].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[1].request("SET wps_fragment_size 50")
-    dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[1].wait_connected(timeout=30)
-    status = dev[1].get_status()
-    if status['wpa_state'] != 'COMPLETED':
-        raise Exception("Not fully connected")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    logger.info("WPS connection as registrar")
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[2].request("SET wps_fragment_size 50")
-    dev[2].wps_reg(apdev[0]['bssid'], appin)
-    status = dev[2].get_status()
-    if status['wpa_state'] != 'COMPLETED':
-        raise Exception("Not fully connected")
-    if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-@remote_compatible
-def test_ap_wps_new_version_sta(dev, apdev):
-    """WPS compatibility with new version number on the station"""
-    ssid = "test-wps-ver"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("SET wps_version_number 0x43")
-    dev[0].request("SET wps_vendor_ext_m1 000137100100020001")
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-
-@remote_compatible
-def test_ap_wps_new_version_ap(dev, apdev):
-    """WPS compatibility with new version number on the AP"""
-    ssid = "test-wps-ver"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    if "FAIL" in hapd.request("SET wps_version_number 0x43"):
-        raise Exception("Failed to enable test functionality")
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    hapd.request("SET wps_version_number 0x20")
-
-@remote_compatible
-def test_ap_wps_check_pin(dev, apdev):
-    """Verify PIN checking through control interface"""
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wps", "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    for t in [("12345670", "12345670"),
-              ("12345678", "FAIL-CHECKSUM"),
-              ("12345", "FAIL"),
-              ("123456789", "FAIL"),
-              ("1234-5670", "12345670"),
-              ("1234 5670", "12345670"),
-              ("1-2.3:4 5670", "12345670")]:
-        res = hapd.request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
-        res2 = dev[0].request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
-        if res != res2:
-            raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
-        if res != t[1]:
-            raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res, t[1]))
-
-    if "FAIL" not in hapd.request("WPS_CHECK_PIN 12345"):
-        raise Exception("Unexpected WPS_CHECK_PIN success")
-    if "FAIL" not in hapd.request("WPS_CHECK_PIN 123456789"):
-        raise Exception("Unexpected WPS_CHECK_PIN success")
-
-    for i in range(0, 10):
-        pin = dev[0].request("WPS_PIN get")
-        rpin = dev[0].request("WPS_CHECK_PIN " + pin).rstrip('\n')
-        if pin != rpin:
-            raise Exception("Random PIN validation failed for " + pin)
-
-def test_ap_wps_pin_get_failure(dev, apdev):
-    """PIN generation failure"""
-    with fail_test(dev[0], 1,
-                   "os_get_random;wpa_supplicant_ctrl_iface_wps_pin"):
-        if "FAIL" not in dev[0].request("WPS_PIN get"):
-            raise Exception("WPS_PIN did not report failure")
-
-def test_ap_wps_wep_config(dev, apdev):
-    """WPS 2.0 AP rejecting WEP configuration"""
-    ssid = "test-wps-config"
-    appin = "12345670"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "ap_pin": appin})
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-new-ssid-wep", "OPEN", "WEP",
-                   "hello", no_wait=True)
-    ev = hapd.wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL timed out")
-    if "reason=2" not in ev:
-        raise Exception("Unexpected reason code in WPS-FAIL")
-    status = hapd.request("WPS_GET_STATUS")
-    if "Last WPS result: Failed" not in status:
-        raise Exception("WPS failure result not shown correctly")
-    if "Failure Reason: WEP Prohibited" not in status:
-        raise Exception("Failure reason not reported correctly")
-    if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
-        raise Exception("Peer address not shown correctly")
-
-def test_ap_wps_wep_enroll(dev, apdev):
-    """WPS 2.0 STA rejecting WEP configuration"""
-    ssid = "test-wps-wep"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "skip_cred_build": "1", "extra_cred": "wps-wep-cred"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL event timed out")
-    if "msg=12" not in ev or "reason=2 (WEP Prohibited)" not in ev:
-        raise Exception("Unexpected WPS-FAIL event: " + ev)
-
-@remote_compatible
-def test_ap_wps_ie_fragmentation(dev, apdev):
-    """WPS AP using fragmented WPS IE"""
-    ssid = "test-wps-ie-fragmentation"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "1234567890abcdef1234567890abcdef",
-              "manufacturer": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
-              "model_name": "1234567890abcdef1234567890abcdef",
-              "model_number": "1234567890abcdef1234567890abcdef",
-              "serial_number": "1234567890abcdef1234567890abcdef"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
-        logger.info("Device Name not received correctly")
-        logger.info(bss)
-        # This can fail if Probe Response frame is missed and Beacon frame was
-        # used to fill in the BSS entry. This can happen, e.g., during heavy
-        # load every now and then and is not really an error, so try to
-        # workaround by runnign another scan.
-        dev[0].scan(freq="2412", only_new=True)
-        bss = dev[0].get_bss(apdev[0]['bssid'])
-        if not bss or "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
-            logger.info(bss)
-            raise Exception("Device Name not received correctly")
-    if len(re.findall("dd..0050f204", bss['ie'])) != 2:
-        raise Exception("Unexpected number of WPS IEs")
-
-def get_psk(pskfile):
-    psks = {}
-    with open(pskfile, "r") as f:
-        lines = f.read().splitlines()
-        for l in lines:
-            if l == "# WPA PSKs":
-                continue
-            vals = l.split(' ')
-            if len(vals) != 3 or vals[0] != "wps=1":
-                continue
-            addr = vals[1]
-            psk = vals[2]
-            psks[addr] = psk
-    return psks
-
-def test_ap_wps_per_station_psk(dev, apdev):
-    """WPS PBC provisioning with per-station PSK"""
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-    ssid = "wps"
-    appin = "12345670"
-    pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
-    try:
-        os.remove(pskfile)
-    except:
-        pass
-
-    hapd = None
-    try:
-        with open(pskfile, "w") as f:
-            f.write("# WPA PSKs\n")
-
-        params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                  "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
-                  "rsn_pairwise": "CCMP", "ap_pin": appin,
-                  "wpa_psk_file": pskfile}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        logger.info("First enrollee")
-        hapd.request("WPS_PBC")
-        dev[0].flush_scan_cache()
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[0].wait_connected(timeout=30)
-
-        logger.info("Second enrollee")
-        hapd.request("WPS_PBC")
-        dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[1].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[1].wait_connected(timeout=30)
-
-        logger.info("External registrar")
-        dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[2].wps_reg(apdev[0]['bssid'], appin)
-
-        logger.info("Verifying PSK results")
-        psks = get_psk(pskfile)
-        if addr0 not in psks:
-            raise Exception("No PSK recorded for sta0")
-        if addr1 not in psks:
-            raise Exception("No PSK recorded for sta1")
-        if addr2 not in psks:
-            raise Exception("No PSK recorded for sta2")
-        if psks[addr0] == psks[addr1]:
-            raise Exception("Same PSK recorded for sta0 and sta1")
-        if psks[addr0] == psks[addr2]:
-            raise Exception("Same PSK recorded for sta0 and sta2")
-        if psks[addr1] == psks[addr2]:
-            raise Exception("Same PSK recorded for sta1 and sta2")
-
-        dev[0].request("REMOVE_NETWORK all")
-        logger.info("Second external registrar")
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[0].wps_reg(apdev[0]['bssid'], appin)
-        psks2 = get_psk(pskfile)
-        if addr0 not in psks2:
-            raise Exception("No PSK recorded for sta0(reg)")
-        if psks[addr0] == psks2[addr0]:
-            raise Exception("Same PSK recorded for sta0(enrollee) and sta0(reg)")
-    finally:
-        os.remove(pskfile)
-        if hapd:
-            dev[0].request("DISCONNECT")
-            dev[1].request("DISCONNECT")
-            dev[2].request("DISCONNECT")
-            hapd.disable()
-            dev[0].flush_scan_cache()
-            dev[1].flush_scan_cache()
-            dev[2].flush_scan_cache()
-
-def test_ap_wps_per_station_psk_preset(dev, apdev):
-    """WPS PIN provisioning with per-station PSK preset"""
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-    ssid = "wps"
-    appin = "12345670"
-    pskfile = "/tmp/ap_wps_per_enrollee_psk_preset.psk_file"
-    try:
-        os.remove(pskfile)
-    except:
-        pass
-
-    hapd = None
-    try:
-        with open(pskfile, "w") as f:
-            f.write("# WPA PSKs\n")
-            f.write("wps=1 " + addr0 + " preset-passphrase-0\n")
-            f.write("wps=1 " + addr2 + " preset-passphrase-2\n")
-
-        params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                  "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
-                  "rsn_pairwise": "CCMP", "ap_pin": appin,
-                  "wpa_psk_file": pskfile}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        logger.info("First enrollee")
-        pin = dev[0].wps_read_pin()
-        hapd.request("WPS_PIN any " + pin)
-        dev[0].scan_for_bss(bssid, freq=2412)
-        dev[0].request("WPS_PIN %s %s" % (bssid, pin))
-        dev[0].wait_connected(timeout=30)
-
-        logger.info("Second enrollee")
-        pin = dev[1].wps_read_pin()
-        hapd.request("WPS_PIN any " + pin)
-        dev[1].scan_for_bss(bssid, freq=2412)
-        dev[1].request("WPS_PIN %s %s" % (bssid, pin))
-        dev[1].wait_connected(timeout=30)
-
-        logger.info("External registrar")
-        dev[2].scan_for_bss(bssid, freq=2412)
-        dev[2].wps_reg(bssid, appin)
-
-        logger.info("Verifying PSK results")
-        psks = get_psk(pskfile)
-        if addr0 not in psks:
-            raise Exception("No PSK recorded for sta0")
-        if addr1 not in psks:
-            raise Exception("No PSK recorded for sta1")
-        if addr2 not in psks:
-            raise Exception("No PSK recorded for sta2")
-        logger.info("PSK[0]: " + psks[addr0])
-        logger.info("PSK[1]: " + psks[addr1])
-        logger.info("PSK[2]: " + psks[addr2])
-        if psks[addr0] == psks[addr1]:
-            raise Exception("Same PSK recorded for sta0 and sta1")
-        if psks[addr0] == psks[addr2]:
-            raise Exception("Same PSK recorded for sta0 and sta2")
-        if psks[addr1] == psks[addr2]:
-            raise Exception("Same PSK recorded for sta1 and sta2")
-        pmk0 = hapd.request("GET_PMK " + addr0)
-        pmk1 = hapd.request("GET_PMK " + addr1)
-        pmk2 = hapd.request("GET_PMK " + addr2)
-        logger.info("PMK[0]: " + pmk0)
-        logger.info("PMK[1]: " + pmk1)
-        logger.info("PMK[2]: " + pmk2)
-        if pmk0 != "565faec21ff04702d9d17c464e1301efd36c8a3ea46bb866b4bec7fed4384579":
-            raise Exception("PSK[0] mismatch")
-        if psks[addr1] != pmk1:
-            raise Exception("PSK[1] mismatch")
-        if psks[addr2] != pmk2:
-            raise Exception("PSK[2] mismatch")
-
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        logger.info("First enrollee again")
-        pin = dev[0].wps_read_pin()
-        hapd.request("WPS_PIN any " + pin)
-        dev[0].scan_for_bss(bssid, freq=2412)
-        dev[0].request("WPS_PIN %s %s" % (bssid, pin))
-        dev[0].wait_connected(timeout=30)
-        psks2 = get_psk(pskfile)
-        if addr0 not in psks2:
-            raise Exception("No PSK recorded for sta0 (2)")
-        if psks[addr0] != psks2[addr0]:
-            raise Exception("Different PSK recorded for sta0(enrollee) and sta0(enrollee 2)")
-    finally:
-        os.remove(pskfile)
-
-def test_ap_wps_per_station_psk_failure(dev, apdev):
-    """WPS PBC provisioning with per-station PSK (file not writable)"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    ssid = "wps"
-    appin = "12345670"
-    pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
-    try:
-        os.remove(pskfile)
-    except:
-        pass
-
-    hapd = None
-    try:
-        with open(pskfile, "w") as f:
-            f.write("# WPA PSKs\n")
-
-        params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                  "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
-                  "rsn_pairwise": "CCMP", "ap_pin": appin,
-                  "wpa_psk_file": pskfile}
-        hapd = hostapd.add_ap(apdev[0], params)
-        if "FAIL" in hapd.request("SET wpa_psk_file /tmp/does/not/exists/ap_wps_per_enrollee_psk_failure.psk_file"):
-            raise Exception("Failed to set wpa_psk_file")
-
-        logger.info("First enrollee")
-        hapd.request("WPS_PBC")
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[0].wait_connected(timeout=30)
-
-        logger.info("Second enrollee")
-        hapd.request("WPS_PBC")
-        dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[1].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[1].wait_connected(timeout=30)
-
-        logger.info("External registrar")
-        dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-        dev[2].wps_reg(apdev[0]['bssid'], appin)
-
-        logger.info("Verifying PSK results")
-        psks = get_psk(pskfile)
-        if len(psks) > 0:
-            raise Exception("PSK recorded unexpectedly")
-    finally:
-        if hapd:
-            for i in range(3):
-                dev[i].request("DISCONNECT")
-            hapd.disable()
-            for i in range(3):
-                dev[i].flush_scan_cache()
-        os.remove(pskfile)
-
-def test_ap_wps_pin_request_file(dev, apdev):
-    """WPS PIN provisioning with configured AP"""
-    ssid = "wps"
-    pinfile = "/tmp/ap_wps_pin_request_file.log"
-    if os.path.exists(pinfile):
-        os.remove(pinfile)
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wps_pin_requests": pinfile,
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    uuid = dev[0].get_status_field("uuid")
-    pin = dev[0].wps_read_pin()
-    try:
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=15)
-        if ev is None:
-            raise Exception("PIN needed event not shown")
-        if uuid not in ev:
-            raise Exception("UUID mismatch")
-        dev[0].request("WPS_CANCEL")
-        success = False
-        with open(pinfile, "r") as f:
-            lines = f.readlines()
-            for l in lines:
-                if uuid in l:
-                    success = True
-                    break
-        if not success:
-            raise Exception("PIN request entry not in the log file")
-    finally:
-        try:
-            os.remove(pinfile)
-        except:
-            pass
-
-def test_ap_wps_auto_setup_with_config_file(dev, apdev):
-    """WPS auto-setup with configuration file"""
-    skip_without_tkip(dev[0])
-    conffile = "/tmp/ap_wps_auto_setup_with_config_file.conf"
-    ifname = apdev[0]['ifname']
-    try:
-        with open(conffile, "w") as f:
-            f.write("driver=nl80211\n")
-            f.write("hw_mode=g\n")
-            f.write("channel=1\n")
-            f.write("ieee80211n=1\n")
-            f.write("interface=%s\n" % ifname)
-            f.write("ctrl_interface=/var/run/hostapd\n")
-            f.write("ssid=wps\n")
-            f.write("eap_server=1\n")
-            f.write("wps_state=1\n")
-        hapd = hostapd.add_bss(apdev[0], ifname, conffile)
-        hapd.request("WPS_PBC")
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[0].wait_connected(timeout=30)
-        with open(conffile, "r") as f:
-            lines = f.read().splitlines()
-            vals = dict()
-            for l in lines:
-                try:
-                    [name, value] = l.split('=', 1)
-                    vals[name] = value
-                except ValueError as e:
-                    if "# WPS configuration" in l:
-                        pass
-                    else:
-                        raise Exception("Unexpected configuration line: " + l)
-        if vals['ieee80211n'] != '1' or vals['wps_state'] != '2' or "WPA-PSK" not in vals['wpa_key_mgmt']:
-            raise Exception("Incorrect configuration: " + str(vals))
-    finally:
-        try:
-            os.remove(conffile)
-        except:
-            pass
-
-@long_duration_test
-def test_ap_wps_pbc_timeout(dev, apdev):
-    """wpa_supplicant PBC walk time and WPS ER SelReg timeout"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hapd = add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    urls = upnp_get_urls(location)
-    eventurl = urlparse(urls['event_sub_url'])
-    ctrlurl = urlparse(urls['control_url'])
-
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc)
-
-    class WPSERHTTPServer(StreamRequestHandler):
-        def handle(self):
-            data = self.rfile.readline().strip()
-            logger.debug(data)
-            self.wfile.write(gen_wps_event())
-
-    server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
-    server.timeout = 1
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid)
-
-    msg = '''<?xml version="1.0"?>
-<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
-<s:Body>
-<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
-<NewMessage>EEoAARAQQQABARASAAIAABBTAAIxSBBJAA4ANyoAASABBv///////xBIABA2LbR7pTpRkYj7
-VFi5hrLk
-</NewMessage>
-</u:SetSelectedRegistrar>
-</s:Body>
-</s:Envelope>'''
-    headers = {"Content-type": 'text/xml; charset="utf-8"'}
-    headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
-    conn.request("POST", ctrlurl.path, msg, headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    server.handle_request()
-
-    logger.info("Start WPS_PBC and wait for PBC walk time expiration")
-    if "OK" not in dev[0].request("WPS_PBC"):
-        raise Exception("WPS_PBC failed")
-
-    start = os.times()[4]
-
-    server.handle_request()
-    dev[1].request("BSS_FLUSH 0")
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
-                        only_new=True)
-    bss = dev[1].get_bss(apdev[0]['bssid'])
-    logger.debug("BSS: " + str(bss))
-    if '[WPS-AUTH]' not in bss['flags']:
-        raise Exception("WPS not indicated authorized")
-
-    server.handle_request()
-
-    wps_timeout_seen = False
-
-    while True:
-        hapd.dump_monitor()
-        dev[1].dump_monitor()
-        if not wps_timeout_seen:
-            ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=0)
-            if ev is not None:
-                logger.info("PBC timeout seen")
-                wps_timeout_seen = True
-        else:
-            dev[0].dump_monitor()
-        now = os.times()[4]
-        if now - start > 130:
-            raise Exception("Selected registration information not removed")
-        dev[1].request("BSS_FLUSH 0")
-        dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
-                            only_new=True)
-        bss = dev[1].get_bss(apdev[0]['bssid'])
-        logger.debug("BSS: " + str(bss))
-        if '[WPS-AUTH]' not in bss['flags']:
-            break
-        server.handle_request()
-
-    server.server_close()
-
-    if wps_timeout_seen:
-        return
-
-    now = os.times()[4]
-    if now < start + 150:
-        dur = start + 150 - now
-    else:
-        dur = 1
-    logger.info("Continue waiting for PBC timeout (%d sec)" % dur)
-    ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=dur)
-    if ev is None:
-        raise Exception("WPS-TIMEOUT not reported")
-
-def add_ssdp_ap(ap, ap_uuid):
-    ssid = "wps-ssdp"
-    ap_pin = "12345670"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo",
-              "friendly_name": "WPS Access Point",
-              "manufacturer_url": "http://www.example.com/",
-              "model_description": "Wireless Access Point",
-              "model_url": "http://www.example.com/model/",
-              "upc": "123456789012"}
-    return hostapd.add_ap(ap, params)
-
-def ssdp_send(msg, no_recv=False):
-    socket.setdefaulttimeout(1)
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
-    sock.bind(("127.0.0.1", 0))
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    if no_recv:
-        return None
-    return sock.recv(1000).decode()
-
-def ssdp_send_msearch(st, no_recv=False):
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MX: 1',
-            'MAN: "ssdp:discover"',
-            'ST: ' + st,
-            '', ''])
-    return ssdp_send(msg, no_recv=no_recv)
-
-def test_ap_wps_ssdp_msearch(dev, apdev):
-    """WPS AP and SSDP M-SEARCH messages"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'Host: 239.255.255.250:1900',
-            'Mx: 1',
-            'Man: "ssdp:discover"',
-            'St: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    ssdp_send(msg)
-
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'host:\t239.255.255.250:1900\t\t\t\t \t\t',
-            'mx: \t1\t\t   ',
-            'man: \t \t "ssdp:discover"   ',
-            'st: urn:schemas-wifialliance-org:device:WFADevice:1\t\t',
-            '', ''])
-    ssdp_send(msg)
-
-    ssdp_send_msearch("ssdp:all")
-    ssdp_send_msearch("upnp:rootdevice")
-    ssdp_send_msearch("uuid:" + ap_uuid)
-    ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1")
-    ssdp_send_msearch("urn:schemas-wifialliance-org:device:WFADevice:1")
-
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST:\t239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 130',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    ssdp_send(msg, no_recv=True)
-
-def test_ap_wps_ssdp_invalid_msearch(dev, apdev):
-    """WPS AP and invalid SSDP M-SEARCH messages"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    socket.setdefaulttimeout(1)
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
-    sock.bind(("127.0.0.1", 0))
-
-    logger.debug("Missing MX")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Negative MX")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MX: -1',
-            'MAN: "ssdp:discover"',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Invalid MX")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MX; 1',
-            'MAN: "ssdp:discover"',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Missing MAN")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Invalid MAN")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MX: 1',
-            'MAN: foo',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MX: 1',
-            'MAN; "ssdp:discover"',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Missing HOST")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Missing ST")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Mismatching ST")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: uuid:16d5f8a9-4ee4-4f5e-81f9-cc6e2f47f42d',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: foo:bar',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: foobar',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Invalid ST")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST; urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Invalid M-SEARCH")
-    msg = '\r\n'.join([
-            'M+SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    msg = '\r\n'.join([
-            'M-SEARCH-* HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    logger.debug("Invalid message format")
-    sock.sendto(b"NOTIFY * HTTP/1.1", ("239.255.255.250", 1900))
-    msg = '\r'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    try:
-        r = sock.recv(1000)
-        raise Exception("Unexpected M-SEARCH response: " + r)
-    except socket.timeout:
-        pass
-
-    logger.debug("Valid M-SEARCH")
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-
-    try:
-        r = sock.recv(1000)
-        pass
-    except socket.timeout:
-        raise Exception("No SSDP response")
-
-def test_ap_wps_ssdp_burst(dev, apdev):
-    """WPS AP and SSDP burst"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    msg = '\r\n'.join([
-            'M-SEARCH * HTTP/1.1',
-            'HOST: 239.255.255.250:1900',
-            'MAN: "ssdp:discover"',
-            'MX: 1',
-            'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
-            '', ''])
-    socket.setdefaulttimeout(1)
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
-    sock.bind(("127.0.0.1", 0))
-    for i in range(0, 25):
-        sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    resp = 0
-    while True:
-        try:
-            r = sock.recv(1000).decode()
-            if not r.startswith("HTTP/1.1 200 OK\r\n"):
-                raise Exception("Unexpected message: " + r)
-            resp += 1
-        except socket.timeout:
-            break
-    if resp < 20:
-        raise Exception("Too few SSDP responses")
-
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
-    sock.bind(("127.0.0.1", 0))
-    for i in range(0, 25):
-        sock.sendto(msg.encode(), ("239.255.255.250", 1900))
-    while True:
-        try:
-            r = sock.recv(1000).decode()
-            if ap_uuid in r:
-                break
-        except socket.timeout:
-            raise Exception("No SSDP response")
-
-def ssdp_get_location(uuid):
-    res = ssdp_send_msearch("uuid:" + uuid)
-    location = None
-    for l in res.splitlines():
-        if l.lower().startswith("location:"):
-            location = l.split(':', 1)[1].strip()
-            break
-    if location is None:
-        raise Exception("No UPnP location found")
-    return location
-
-def upnp_get_urls(location):
-    if sys.version_info[0] > 2:
-        conn = urlopen(location)
-    else:
-        conn = urlopen(location, proxies={})
-    tree = ET.parse(conn)
-    root = tree.getroot()
-    urn = '{urn:schemas-upnp-org:device-1-0}'
-    service = root.find("./" + urn + "device/" + urn + "serviceList/" + urn + "service")
-    res = {}
-    res['scpd_url'] = urljoin(location, service.find(urn + 'SCPDURL').text)
-    res['control_url'] = urljoin(location,
-                                 service.find(urn + 'controlURL').text)
-    res['event_sub_url'] = urljoin(location,
-                                   service.find(urn + 'eventSubURL').text)
-    return res
-
-def upnp_soap_action(conn, path, action, include_soap_action=True,
-                     soap_action_override=None, newmsg=None, neweventtype=None,
-                     neweventmac=None):
-    soapns = 'http://schemas.xmlsoap.org/soap/envelope/'
-    wpsns = 'urn:schemas-wifialliance-org:service:WFAWLANConfig:1'
-    ET.register_namespace('soapenv', soapns)
-    ET.register_namespace('wfa', wpsns)
-    attrib = {}
-    attrib['{%s}encodingStyle' % soapns] = 'http://schemas.xmlsoap.org/soap/encoding/'
-    root = ET.Element("{%s}Envelope" % soapns, attrib=attrib)
-    body = ET.SubElement(root, "{%s}Body" % soapns)
-    act = ET.SubElement(body, "{%s}%s" % (wpsns, action))
-    if newmsg:
-        msg = ET.SubElement(act, "NewMessage")
-        msg.text = base64.b64encode(newmsg.encode()).decode()
-    if neweventtype:
-        msg = ET.SubElement(act, "NewWLANEventType")
-        msg.text = neweventtype
-    if neweventmac:
-        msg = ET.SubElement(act, "NewWLANEventMAC")
-        msg.text = neweventmac
-
-    headers = {"Content-type": 'text/xml; charset="utf-8"'}
-    if include_soap_action:
-        headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % action
-    elif soap_action_override:
-        headers["SOAPAction"] = soap_action_override
-    decl = b'<?xml version=\'1.0\' encoding=\'utf8\'?>\n'
-    conn.request("POST", path, decl + ET.tostring(root), headers)
-    return conn.getresponse()
-
-def test_ap_wps_upnp(dev, apdev):
-    """WPS AP and UPnP operations"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    urls = upnp_get_urls(location)
-
-    if sys.version_info[0] > 2:
-        conn = urlopen(urls['scpd_url'])
-    else:
-        conn = urlopen(urls['scpd_url'], proxies={})
-    scpd = conn.read()
-
-    if sys.version_info[0] > 2:
-        try:
-            conn = urlopen(urljoin(location, "unknown.html"))
-            raise Exception("Unexpected HTTP response to GET unknown URL")
-        except HTTPError as e:
-            if e.code != 404:
-                raise Exception("Unexpected HTTP response to GET unknown URL")
-    else:
-        conn = urlopen(urljoin(location, "unknown.html"), proxies={})
-        if conn.getcode() != 404:
-            raise Exception("Unexpected HTTP response to GET unknown URL")
-
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc)
-    #conn.set_debuglevel(1)
-    headers = {"Content-type": 'text/xml; charset="utf-8"',
-               "SOAPAction": '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo"'}
-    conn.request("POST", "hello", "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    conn.request("UNKNOWN", "hello", "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 501:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    headers = {"Content-type": 'text/xml; charset="utf-8"',
-               "SOAPAction": '"urn:some-unknown-action#GetDeviceInfo"'}
-    ctrlurl = urlparse(urls['control_url'])
-    conn.request("POST", ctrlurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 401:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("GetDeviceInfo without SOAPAction header")
-    resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
-                            include_soap_action=False)
-    if resp.status != 401:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("GetDeviceInfo with invalid SOAPAction header")
-    for act in ["foo",
-                "urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo",
-                '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1"',
-                '"urn:schemas-wifialliance-org:service:WFAWLANConfig:123#GetDevice']:
-        resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
-                                include_soap_action=False,
-                                soap_action_override=act)
-        if resp.status != 401:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    dev = resp.read().decode()
-    if "NewDeviceInfo" not in dev:
-        raise Exception("Unexpected GetDeviceInfo response")
-
-    logger.debug("PutMessage without required parameters")
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutMessage")
-    if resp.status != 600:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("PutWLANResponse without required parameters")
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse")
-    if resp.status != 600:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("SetSelectedRegistrar from unregistered ER")
-    resp = upnp_soap_action(conn, ctrlurl.path, "SetSelectedRegistrar")
-    if resp.status != 501:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Unknown action")
-    resp = upnp_soap_action(conn, ctrlurl.path, "Unknown")
-    if resp.status != 401:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-def test_ap_wps_upnp_subscribe(dev, apdev):
-    """WPS AP and UPnP event subscription"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hapd = add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    urls = upnp_get_urls(location)
-    eventurl = urlparse(urls['event_sub_url'])
-
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc)
-    #conn.set_debuglevel(1)
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", "hello", "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    headers = {"NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:foobar",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Valid subscription")
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid)
-
-    logger.debug("Invalid re-subscription")
-    headers = {"NT": "upnp:event",
-               "sid": "123456734567854",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Invalid re-subscription")
-    headers = {"NT": "upnp:event",
-               "sid": "uuid:123456734567854",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Invalid re-subscription")
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "sid": sid,
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("SID mismatch in re-subscription")
-    headers = {"NT": "upnp:event",
-               "sid": "uuid:4c2bca79-1ff4-4e43-85d4-952a2b8a51fb",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Valid re-subscription")
-    headers = {"NT": "upnp:event",
-               "sid": sid,
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid2 = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid2)
-
-    if sid != sid2:
-        raise Exception("Unexpected SID change")
-
-    logger.debug("Valid re-subscription")
-    headers = {"NT": "upnp:event",
-               "sid": "uuid: \t \t" + sid.split(':')[1],
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Invalid unsubscription")
-    headers = {"sid": sid}
-    conn.request("UNSUBSCRIBE", "/hello", "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    headers = {"foo": "bar"}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Valid unsubscription")
-    headers = {"sid": sid}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Unsubscription for not existing SID")
-    headers = {"sid": sid}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 412:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Invalid unsubscription")
-    headers = {"sid": " \t \tfoo"}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Invalid unsubscription")
-    headers = {"sid": "uuid:\t \tfoo"}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Invalid unsubscription")
-    headers = {"NT": "upnp:event",
-               "sid": sid}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "sid": sid}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 400:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.debug("Valid subscription with multiple callbacks")
-    headers = {"callback": '<http://127.0.0.1:12345/event> <http://127.0.0.1:12345/event>\t<http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid)
-
-    # Force subscription to be deleted due to errors
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    with alloc_fail(hapd, 1, "event_build_message"):
-        for i in range(10):
-            dev[1].dump_monitor()
-            dev[2].dump_monitor()
-            dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-            dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-            dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-            dev[1].request("WPS_CANCEL")
-            dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-            dev[2].request("WPS_CANCEL")
-            if i % 4 == 1:
-                time.sleep(1)
-            else:
-                time.sleep(0.1)
-    time.sleep(0.2)
-
-    headers = {"sid": sid}
-    conn.request("UNSUBSCRIBE", eventurl.path, "", headers)
-    resp = conn.getresponse()
-    if resp.status != 200 and resp.status != 412:
-        raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    with alloc_fail(hapd, 1, "http_client_addr;event_send_start"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 200:
-            raise Exception("Unexpected HTTP response for SUBSCRIBE: %d" % resp.status)
-        sid = resp.getheader("sid")
-        logger.debug("Subscription SID " + sid)
-
-    headers = {"sid": sid}
-    conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid)
-
-    with alloc_fail(hapd, 1, "=wps_upnp_event_add"):
-        for i in range(2):
-            dev[1].dump_monitor()
-            dev[2].dump_monitor()
-            dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-            dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-            dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-            dev[1].request("WPS_CANCEL")
-            dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-            dev[2].request("WPS_CANCEL")
-            if i == 0:
-                time.sleep(1)
-            else:
-                time.sleep(0.1)
-
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "wpabuf_dup;wps_upnp_event_add"):
-        dev[1].dump_monitor()
-        dev[2].dump_monitor()
-        dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[1].request("WPS_CANCEL")
-        dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[2].request("WPS_CANCEL")
-        time.sleep(0.1)
-
-    with fail_test(hapd, 1, "os_get_random;uuid_make;subscription_start"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "=subscription_start"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    headers = {"callback": '',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 500:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    headers = {"callback": ' <',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 500:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    with alloc_fail(hapd, 1, "wpabuf_alloc;subscription_first_event"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "wps_upnp_event_add;subscription_first_event"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "subscr_addr_add_url"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 2, "subscr_addr_add_url"):
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    for i in range(6):
-        headers = {"callback": '<http://127.0.0.1:%d/event>' % (12345 + i),
-                   "NT": "upnp:event",
-                   "timeout": "Second-1234"}
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 200:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "=upnp_wps_device_send_wlan_event"):
-        dev[1].dump_monitor()
-        dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[1].request("WPS_CANCEL")
-        time.sleep(0.1)
-
-    with alloc_fail(hapd, 1, "wpabuf_alloc;upnp_wps_device_send_event"):
-        dev[1].dump_monitor()
-        dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[1].request("WPS_CANCEL")
-        time.sleep(0.1)
-
-    with alloc_fail(hapd, 1,
-                    "base64_gen_encode;?base64_encode;upnp_wps_device_send_wlan_event"):
-        dev[1].dump_monitor()
-        dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[1].request("WPS_CANCEL")
-        time.sleep(0.1)
-
-    hapd.disable()
-    with alloc_fail(hapd, 1, "get_netif_info"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
-
-def test_ap_wps_upnp_subscribe_events(dev, apdev):
-    """WPS AP and UPnP event subscription and many events"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hapd = add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    urls = upnp_get_urls(location)
-    eventurl = urlparse(urls['event_sub_url'])
-
-    class WPSERHTTPServer(StreamRequestHandler):
-        def handle(self):
-            data = self.rfile.readline().strip()
-            logger.debug(data)
-            self.wfile.write(gen_wps_event())
-
-    server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
-    server.timeout = 1
-
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc)
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid)
-
-    # Fetch the first event message
-    server.handle_request()
-
-    # Force subscription event queue to reach the maximum length by generating
-    # new proxied events without the ER fetching any of the pending events.
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    for i in range(16):
-        dev[1].dump_monitor()
-        dev[2].dump_monitor()
-        dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[1].request("WPS_CANCEL")
-        dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        dev[2].request("WPS_CANCEL")
-        if i % 4 == 1:
-            time.sleep(1)
-        else:
-            time.sleep(0.1)
-
-    hapd.request("WPS_PIN any 12345670")
-    dev[1].dump_monitor()
-    dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-    ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("WPS success not reported")
-
-    # Close the WPS ER HTTP server without fetching all the pending events.
-    # This tests hostapd code path that clears subscription and the remaining
-    # event queue when the interface is deinitialized.
-    server.handle_request()
-    server.server_close()
-
-    dev[1].wait_connected()
-
-def test_ap_wps_upnp_http_proto(dev, apdev):
-    """WPS AP and UPnP/HTTP protocol testing"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc, timeout=0.2)
-    #conn.set_debuglevel(1)
-
-    conn.request("HEAD", "hello")
-    resp = conn.getresponse()
-    if resp.status != 501:
-        raise Exception("Unexpected response to HEAD: " + str(resp.status))
-    conn.close()
-
-    for cmd in ["PUT", "DELETE", "TRACE", "CONNECT", "M-SEARCH", "M-POST"]:
-        try:
-            conn.request(cmd, "hello")
-            resp = conn.getresponse()
-        except Exception as e:
-            pass
-        conn.close()
-
-    headers = {"Content-Length": 'abc'}
-    conn.request("HEAD", "hello", "\r\n\r\n", headers)
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-    headers = {"Content-Length": '-10'}
-    conn.request("HEAD", "hello", "\r\n\r\n", headers)
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-    headers = {"Content-Length": '10000000000000'}
-    conn.request("HEAD", "hello", "\r\n\r\nhello", headers)
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-    headers = {"Transfer-Encoding": 'abc'}
-    conn.request("HEAD", "hello", "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 501:
-        raise Exception("Unexpected response to HEAD: " + str(resp.status))
-    conn.close()
-
-    headers = {"Transfer-Encoding": 'chunked'}
-    conn.request("HEAD", "hello", "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 501:
-        raise Exception("Unexpected response to HEAD: " + str(resp.status))
-    conn.close()
-
-    # Too long a header
-    conn.request("HEAD", 5000 * 'A')
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-    # Long URL but within header length limits
-    conn.request("HEAD", 3000 * 'A')
-    resp = conn.getresponse()
-    if resp.status != 501:
-        raise Exception("Unexpected response to HEAD: " + str(resp.status))
-    conn.close()
-
-    headers = {"Content-Length": '20'}
-    conn.request("POST", "hello", 10 * 'A' + "\r\n\r\n", headers)
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-    conn.request("POST", "hello", 5000 * 'A' + "\r\n\r\n")
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    conn.close()
-
-    conn.request("POST", "hello", 60000 * 'A' + "\r\n\r\n")
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-def test_ap_wps_upnp_http_proto_chunked(dev, apdev):
-    """WPS AP and UPnP/HTTP protocol testing for chunked encoding"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc)
-    #conn.set_debuglevel(1)
-
-    headers = {"Transfer-Encoding": 'chunked'}
-    conn.request("POST", "hello",
-                 "a\r\nabcdefghij\r\n" + "2\r\nkl\r\n" + "0\r\n\r\n",
-                 headers)
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    conn.close()
-
-    conn.putrequest("POST", "hello")
-    conn.putheader('Transfer-Encoding', 'chunked')
-    conn.endheaders()
-    conn.send(b"a\r\nabcdefghij\r\n")
-    time.sleep(0.1)
-    conn.send(b"2\r\nkl\r\n")
-    conn.send(b"0\r\n\r\n")
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    conn.close()
-
-    conn.putrequest("POST", "hello")
-    conn.putheader('Transfer-Encoding', 'chunked')
-    conn.endheaders()
-    completed = False
-    try:
-        for i in range(20000):
-            conn.send(b"1\r\nZ\r\n")
-        conn.send(b"0\r\n\r\n")
-        resp = conn.getresponse()
-        completed = True
-    except Exception as e:
-        pass
-    conn.close()
-    if completed:
-        raise Exception("Too long chunked request did not result in connection reset")
-
-    headers = {"Transfer-Encoding": 'chunked'}
-    conn.request("POST", "hello", "80000000\r\na", headers)
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-    conn.request("POST", "hello", "10000000\r\na", headers)
-    try:
-        resp = conn.getresponse()
-    except Exception as e:
-        pass
-    conn.close()
-
-@remote_compatible
-def test_ap_wps_disabled(dev, apdev):
-    """WPS operations while WPS is disabled"""
-    ssid = "test-wps-disabled"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid})
-    if "FAIL" not in hapd.request("WPS_PBC"):
-        raise Exception("WPS_PBC succeeded unexpectedly")
-    if "FAIL" not in hapd.request("WPS_CANCEL"):
-        raise Exception("WPS_CANCEL succeeded unexpectedly")
-
-def test_ap_wps_mixed_cred(dev, apdev):
-    """WPS 2.0 STA merging mixed mode WPA/WPA2 credentials"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-wep"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "skip_cred_build": "1", "extra_cred": "wps-mixed-cred"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
-    if ev is None:
-        raise Exception("WPS-SUCCESS event timed out")
-    nets = dev[0].list_networks()
-    if len(nets) != 1:
-        raise Exception("Unexpected number of network blocks")
-    id = nets[0]['id']
-    proto = dev[0].get_network(id, "proto")
-    if proto != "WPA RSN":
-        raise Exception("Unexpected merged proto field value: " + proto)
-    pairwise = dev[0].get_network(id, "pairwise")
-    p = pairwise.split()
-    if "CCMP" not in p or "TKIP" not in p:
-        raise Exception("Unexpected merged pairwise field value: " + pairwise)
-
-@remote_compatible
-def test_ap_wps_while_connected(dev, apdev):
-    """WPS PBC provisioning while connected to another AP"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    hostapd.add_ap(apdev[1], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-    logger.info("WPS provisioning step")
-    hapd.request("WPS_PBC")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Unexpected BSSID")
-
-@remote_compatible
-def test_ap_wps_while_connected_no_autoconnect(dev, apdev):
-    """WPS PBC provisioning while connected to another AP and STA_AUTOCONNECT disabled"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    hostapd.add_ap(apdev[1], {"ssid": "open"})
-
-    try:
-        dev[0].request("STA_AUTOCONNECT 0")
-        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-        logger.info("WPS provisioning step")
-        hapd.request("WPS_PBC")
-        dev[0].dump_monitor()
-        dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[0].wait_connected(timeout=30)
-        status = dev[0].get_status()
-        if status['bssid'] != apdev[0]['bssid']:
-            raise Exception("Unexpected BSSID")
-    finally:
-        dev[0].request("STA_AUTOCONNECT 1")
-
-@remote_compatible
-def test_ap_wps_from_event(dev, apdev):
-    """WPS PBC event on AP to enable PBC"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    hapd.dump_monitor()
-    dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-
-    ev = hapd.wait_event(['WPS-ENROLLEE-SEEN'], timeout=15)
-    if ev is None:
-        raise Exception("No WPS-ENROLLEE-SEEN event on AP")
-    vals = ev.split(' ')
-    if vals[1] != dev[0].p2p_interface_addr():
-        raise Exception("Unexpected enrollee address: " + vals[1])
-    if vals[5] != '4':
-        raise Exception("Unexpected Device Password Id: " + vals[5])
-    hapd.request("WPS_PBC")
-    dev[0].wait_connected(timeout=30)
-
-def test_ap_wps_ap_scan_2(dev, apdev):
-    """AP_SCAN 2 for WPS"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    hapd.request("WPS_PBC")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.dump_monitor()
-
-    if "OK" not in wpas.request("AP_SCAN 2"):
-        raise Exception("Failed to set AP_SCAN 2")
-
-    wpas.flush_scan_cache()
-    wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
-    wpas.dump_monitor()
-    wpas.request("WPS_PBC " + apdev[0]['bssid'])
-    ev = wpas.wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-SUCCESS event timed out")
-    wpas.wait_connected(timeout=30)
-    wpas.dump_monitor()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    id = wpas.list_networks()[0]['id']
-    pairwise = wpas.get_network(id, "pairwise")
-    if "CCMP" not in pairwise.split():
-        raise Exception("Unexpected pairwise parameter value: " + pairwise)
-    group = wpas.get_network(id, "group")
-    if "CCMP" not in group.split():
-        raise Exception("Unexpected group parameter value: " + group)
-    # Need to select a single cipher for ap_scan=2 testing
-    wpas.set_network(id, "pairwise", "CCMP")
-    wpas.set_network(id, "group", "CCMP")
-    wpas.request("BSS_FLUSH 0")
-    wpas.dump_monitor()
-    wpas.request("REASSOCIATE")
-    wpas.wait_connected(timeout=30)
-    wpas.dump_monitor()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.flush_scan_cache()
-
-@remote_compatible
-def test_ap_wps_eapol_workaround(dev, apdev):
-    """EAPOL workaround code path for 802.1X header length mismatch"""
-    ssid = "test-wps"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    bssid = apdev[0]['bssid']
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-    hapd.request("WPS_PBC")
-    dev[0].request("WPS_PBC")
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-
-    res = dev[0].request("EAPOL_RX " + bssid + " 020000040193000501FFFF")
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-def test_ap_wps_iteration(dev, apdev):
-    """WPS PIN and iterate through APs without selected registrar"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    ssid2 = "test-wps-conf2"
-    hapd2 = hostapd.add_ap(apdev[1],
-                           {"ssid": ssid2, "eap_server": "1", "wps_state": "2",
-                            "wpa_passphrase": "12345678", "wpa": "2",
-                            "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    pin = dev[0].request("WPS_PIN any")
-
-    # Wait for iteration through all WPS APs to happen before enabling any
-    # Registrar.
-    for i in range(2):
-        ev = dev[0].wait_event(["Associated with"], timeout=30)
-        if ev is None:
-            raise Exception("No association seen")
-        ev = dev[0].wait_event(["WPS-M2D"], timeout=10)
-        if ev is None:
-            raise Exception("No M2D from AP")
-        dev[0].wait_disconnected()
-
-    # Verify that each AP requested PIN
-    ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("No WPS-PIN-NEEDED event from AP")
-    ev = hapd2.wait_event(["WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("No WPS-PIN-NEEDED event from AP2")
-
-    # Provide PIN to one of the APs and verify that connection gets formed
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].wait_connected(timeout=30)
-
-def test_ap_wps_iteration_error(dev, apdev):
-    """WPS AP iteration on no Selected Registrar and error case with an AP"""
-    ssid = "test-wps-conf-pin"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                           "wps_independent": "1"})
-    hapd.request("SET ext_eapol_frame_io 1")
-    bssid = apdev[0]['bssid']
-    pin = dev[0].wps_read_pin()
-    dev[0].request("WPS_PIN any " + pin)
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("No EAPOL-TX (EAP-Request/Identity) from hostapd")
-    dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("No EAPOL-TX (EAP-WSC/Start) from hostapd")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("No CTRL-EVENT-EAP-STARTED")
-
-    # Do not forward any more EAPOL frames to test wpa_supplicant behavior for
-    # a case with an incorrectly behaving WPS AP.
-
-    # Start the real target AP and activate registrar on it.
-    hapd2 = hostapd.add_ap(apdev[1],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                           "wps_independent": "1"})
-    hapd2.request("WPS_PIN any " + pin)
-
-    dev[0].wait_disconnected(timeout=15)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("No CTRL-EVENT-EAP-STARTED for the second AP")
-    ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
-    if ev is None:
-        raise Exception("No WPS-CRED-RECEIVED for the second AP")
-    dev[0].wait_connected(timeout=15)
-
-@remote_compatible
-def test_ap_wps_priority(dev, apdev):
-    """WPS PIN provisioning with configured AP and wps_priority"""
-    ssid = "test-wps-conf-pin"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    try:
-        dev[0].request("SET wps_priority 6")
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        dev[0].wait_connected(timeout=30)
-        netw = dev[0].list_networks()
-        prio = dev[0].get_network(netw[0]['id'], 'priority')
-        if prio != '6':
-            raise Exception("Unexpected network priority: " + prio)
-    finally:
-        dev[0].request("SET wps_priority 0")
-
-@remote_compatible
-def test_ap_wps_and_non_wps(dev, apdev):
-    """WPS and non-WPS AP in single hostapd process"""
-    params = {"ssid": "wps", "eap_server": "1", "wps_state": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = {"ssid": "no wps"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    appin = hapd.request("WPS_AP_PIN random")
-    if "FAIL" in appin:
-        raise Exception("Could not generate random AP PIN")
-    if appin not in hapd.request("WPS_AP_PIN get"):
-        raise Exception("Could not fetch current AP PIN")
-
-    if "FAIL" in hapd.request("WPS_PBC"):
-        raise Exception("WPS_PBC failed")
-    if "FAIL" in hapd.request("WPS_CANCEL"):
-        raise Exception("WPS_CANCEL failed")
-
-def test_ap_wps_init_oom(dev, apdev):
-    """Initial AP configuration and OOM during PSK generation"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with alloc_fail(hapd, 1, "base64_gen_encode;?base64_encode;wps_build_cred"):
-        pin = dev[0].wps_read_pin()
-        hapd.request("WPS_PIN any " + pin)
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        dev[0].wait_disconnected()
-
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].wait_connected(timeout=30)
-
-@remote_compatible
-def test_ap_wps_er_oom(dev, apdev):
-    """WPS ER OOM in XML processing"""
-    try:
-        _test_ap_wps_er_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-        dev[1].request("WPS_CANCEL")
-        dev[0].request("DISCONNECT")
-
-def _test_ap_wps_er_oom(dev, apdev):
-    ssid = "wps-er-ap-config"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "wpa_passphrase": "12345678", "wpa": "2",
-                    "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-                    "device_name": "Wireless AP", "manufacturer": "Company",
-                    "model_name": "WAP", "model_number": "123",
-                    "serial_number": "12345", "device_type": "6-0050F204-1",
-                    "os_version": "01020300",
-                    "config_methods": "label push_button",
-                    "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
-
-    dev[0].connect(ssid, psk="12345678", scan_freq="2412")
-
-    with alloc_fail(dev[0], 1,
-                    "base64_gen_decode;?base64_decode;xml_get_base64_item"):
-        dev[0].request("WPS_ER_START ifname=lo")
-        ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=3)
-        if ev is not None:
-            raise Exception("Unexpected AP discovery")
-
-    dev[0].request("WPS_ER_STOP")
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    with alloc_fail(dev[0], 1,
-                    "base64_gen_decode;?base64_decode;xml_get_base64_item"):
-        dev[1].request("WPS_PBC " + apdev[0]['bssid'])
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-        if ev is None:
-            raise Exception("PBC scan failed")
-        ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
-        if ev is None:
-            raise Exception("Enrollee discovery timed out")
-
-@remote_compatible
-def test_ap_wps_er_init_oom(dev, apdev):
-    """WPS ER and OOM during init"""
-    try:
-        _test_ap_wps_er_init_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_init_oom(dev, apdev):
-    with alloc_fail(dev[0], 1, "wps_er_init"):
-        if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
-            raise Exception("WPS_ER_START succeeded during OOM")
-    with alloc_fail(dev[0], 1, "http_server_init"):
-        if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
-            raise Exception("WPS_ER_START succeeded during OOM")
-    with alloc_fail(dev[0], 2, "http_server_init"):
-        if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
-            raise Exception("WPS_ER_START succeeded during OOM")
-    with alloc_fail(dev[0], 1, "eloop_sock_table_add_sock;?eloop_register_sock;wps_er_ssdp_init"):
-        if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
-            raise Exception("WPS_ER_START succeeded during OOM")
-    with fail_test(dev[0], 1, "os_get_random;wps_er_init"):
-        if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
-            raise Exception("WPS_ER_START succeeded during os_get_random failure")
-
-@remote_compatible
-def test_ap_wps_er_init_fail(dev, apdev):
-    """WPS ER init failure"""
-    if "FAIL" not in dev[0].request("WPS_ER_START ifname=does-not-exist"):
-        dev[0].request("WPS_ER_STOP")
-        raise Exception("WPS_ER_START with non-existing ifname succeeded")
-
-def test_ap_wps_wpa_cli_action(dev, apdev, test_params):
-    """WPS events and wpa_cli action script"""
-    logdir = os.path.abspath(test_params['logdir'])
-    pidfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.pid')
-    logfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.res')
-    actionfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.action.sh')
-
-    with open(actionfile, 'w') as f:
-        f.write('#!/bin/sh\n')
-        f.write('echo $* >> %s\n' % logfile)
-        # Kill the process and wait some time before returning to allow all the
-        # pending events to be processed with some of this happening after the
-        # eloop SIGALRM signal has been scheduled.
-        f.write('if [ $2 = "WPS-SUCCESS" -a -r %s ]; then kill `cat %s`; sleep 1; fi\n' % (pidfile, pidfile))
-
-    os.chmod(actionfile, stat.S_IREAD | stat.S_IWRITE | stat.S_IEXEC |
-             stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
-
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    prg = os.path.join(test_params['logdir'],
-                       'alt-wpa_supplicant/wpa_supplicant/wpa_cli')
-    if not os.path.exists(prg):
-        prg = '../../wpa_supplicant/wpa_cli'
-    arg = [prg, '-P', pidfile, '-B', '-i', dev[0].ifname, '-a', actionfile]
-    subprocess.call(arg)
-
-    arg = ['ps', 'ax']
-    cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
-    out = cmd.communicate()[0].decode()
-    cmd.wait()
-    logger.debug("Processes:\n" + out)
-    if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) not in out:
-        raise Exception("Did not see wpa_cli running")
-
-    hapd.request("WPS_PIN any 12345670")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-    dev[0].wait_connected(timeout=30)
-
-    for i in range(30):
-        if not os.path.exists(pidfile):
-            break
-        time.sleep(0.1)
-
-    if not os.path.exists(logfile):
-        raise Exception("wpa_cli action results file not found")
-    with open(logfile, 'r') as f:
-        res = f.read()
-    if "WPS-SUCCESS" not in res:
-        raise Exception("WPS-SUCCESS event not seen in action file")
-
-    arg = ['ps', 'ax']
-    cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
-    out = cmd.communicate()[0].decode()
-    cmd.wait()
-    logger.debug("Remaining processes:\n" + out)
-    if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) in out:
-        raise Exception("wpa_cli still running")
-
-    if os.path.exists(pidfile):
-        raise Exception("PID file not removed")
-
-def test_ap_wps_er_ssdp_proto(dev, apdev):
-    """WPS ER SSDP protocol testing"""
-    try:
-        _test_ap_wps_er_ssdp_proto(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_ssdp_proto(dev, apdev):
-    socket.setdefaulttimeout(1)
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.bind(("239.255.255.250", 1900))
-    if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo foo"):
-        raise Exception("Invalid filter accepted")
-    if "OK" not in dev[0].request("WPS_ER_START ifname=lo 1.2.3.4"):
-        raise Exception("WPS_ER_START with filter failed")
-    (msg, addr) = sock.recvfrom(1000)
-    msg = msg.decode()
-    logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
-    if "M-SEARCH" not in msg:
-        raise Exception("Not an M-SEARCH")
-    sock.sendto(b"FOO", addr)
-    time.sleep(0.1)
-    dev[0].request("WPS_ER_STOP")
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    (msg, addr) = sock.recvfrom(1000)
-    msg = msg.decode()
-    logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
-    if "M-SEARCH" not in msg:
-        raise Exception("Not an M-SEARCH")
-    sock.sendto(b"FOO", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nFOO\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nNTS:foo\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nNTS:ssdp:byebye\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\ncache-control:   foo=1\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\ncache-control:   max-age=1\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nusn:\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nusn:foo\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nusn:   uuid:\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nusn:   uuid:     \r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nusn:   uuid:     foo\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nNTS:ssdp:byebye\r\n\r\n", addr)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\n\r\n", addr)
-    with alloc_fail(dev[0], 1, "wps_er_ap_add"):
-        sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
-        time.sleep(0.1)
-    with alloc_fail(dev[0], 2, "wps_er_ap_add"):
-        sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
-        time.sleep(0.1)
-
-    # Add an AP with bogus URL
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
-    # Update timeout on AP without updating URL
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
-    ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
-    if ev is None:
-        raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
-
-    # Add an AP with a valid URL (but no server listing to it)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
-    ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
-    if ev is None:
-        raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
-
-    sock.close()
-
-wps_event_url = None
-
-def gen_upnp_info(eventSubURL='wps_event', controlURL='wps_control',
-                  udn='uuid:27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'):
-    payload = '''<?xml version="1.0"?>
-<root xmlns="urn:schemas-upnp-org:device-1-0">
-<specVersion>
-<major>1</major>
-<minor>0</minor>
-</specVersion>
-<device>
-<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
-<friendlyName>WPS Access Point</friendlyName>
-<manufacturer>Company</manufacturer>
-<modelName>WAP</modelName>
-<modelNumber>123</modelNumber>
-<serialNumber>12345</serialNumber>
-'''
-    if udn:
-        payload += '<UDN>' + udn + '</UDN>'
-    payload += '''<serviceList>
-<service>
-<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
-<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
-<SCPDURL>wps_scpd.xml</SCPDURL>
-'''
-    if controlURL:
-        payload += '<controlURL>' + controlURL + '</controlURL>\n'
-    if eventSubURL:
-        payload += '<eventSubURL>' + eventSubURL + '</eventSubURL>\n'
-    payload += '''</service>
-</serviceList>
-</device>
-</root>
-'''
-    hdr = 'HTTP/1.1 200 OK\r\n' + \
-          'Content-Type: text/xml; charset="utf-8"\r\n' + \
-          'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-          'Connection: close\r\n' + \
-          'Content-Length: ' + str(len(payload)) + '\r\n' + \
-          'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-    return (hdr + payload).encode()
-
-def gen_wps_control(payload_override=None):
-    payload = '''<?xml version="1.0"?>
-<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
-<s:Body>
-<u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
-<NewDeviceInfo>EEoAARAQIgABBBBHABAn6oAanlxOc72C+Jy80Q1+ECAABgIAAAADABAaABCJZ7DPtbU3Ust9
-Z3wJF07WEDIAwH45D3i1OqB7eJGwTzqeapS71h3KyXncK2xJZ+xqScrlorNEg6LijBJzG2Ca
-+FZli0iliDJd397yAx/jk4nFXco3q5ylBSvSw9dhJ5u1xBKSnTilKGlUHPhLP75PUqM3fot9
-7zwtFZ4bx6x1sBA6oEe2d0aUJmLumQGCiKEIWlnxs44zego/2tAe81bDzdPBM7o5HH/FUhD+
-KoGzFXp51atP+1n9Vta6AkI0Vye99JKLcC6Md9dMJltSVBgd4Xc4lRAEAAIAIxAQAAIADRAN
-AAEBEAgAAgAEEEQAAQIQIQAHQ29tcGFueRAjAANXQVAQJAADMTIzEEIABTEyMzQ1EFQACAAG
-AFDyBAABEBEAC1dpcmVsZXNzIEFQEDwAAQEQAgACAAAQEgACAAAQCQACAAAQLQAEgQIDABBJ
-AAYANyoAASA=
-</NewDeviceInfo>
-</u:GetDeviceInfoResponse>
-</s:Body>
-</s:Envelope>
-'''
-    if payload_override:
-        payload = payload_override
-    hdr = 'HTTP/1.1 200 OK\r\n' + \
-          'Content-Type: text/xml; charset="utf-8"\r\n' + \
-          'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-          'Connection: close\r\n' + \
-          'Content-Length: ' + str(len(payload)) + '\r\n' + \
-          'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-    return (hdr + payload).encode()
-
-def gen_wps_event(sid='uuid:7eb3342a-8a5f-47fe-a585-0785bfec6d8a'):
-    payload = ""
-    hdr = 'HTTP/1.1 200 OK\r\n' + \
-          'Content-Type: text/xml; charset="utf-8"\r\n' + \
-          'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-          'Connection: close\r\n' + \
-          'Content-Length: ' + str(len(payload)) + '\r\n'
-    if sid:
-        hdr += 'SID: ' + sid + '\r\n'
-    hdr += 'Timeout: Second-1801\r\n' + \
-          'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-    return (hdr + payload).encode()
-
-class WPSAPHTTPServer(StreamRequestHandler):
-    def handle(self):
-        data = self.rfile.readline().decode().strip()
-        logger.info("HTTP server received: " + data)
-        while True:
-            hdr = self.rfile.readline().decode().strip()
-            if len(hdr) == 0:
-                break
-            logger.info("HTTP header: " + hdr)
-            if "CALLBACK:" in hdr:
-                global wps_event_url
-                wps_event_url = hdr.split(' ')[1].strip('<>')
-
-        if "GET /foo.xml" in data:
-            self.handle_upnp_info()
-        elif "POST /wps_control" in data:
-            self.handle_wps_control()
-        elif "SUBSCRIBE /wps_event" in data:
-            self.handle_wps_event()
-        else:
-            self.handle_others(data)
-
-    def handle_upnp_info(self):
-        self.wfile.write(gen_upnp_info())
-
-    def handle_wps_control(self):
-        self.wfile.write(gen_wps_control())
-
-    def handle_wps_event(self):
-        self.wfile.write(gen_wps_event())
-
-    def handle_others(self, data):
-        logger.info("Ignore HTTP request: " + data)
-
-class MyTCPServer(TCPServer):
-    def __init__(self, addr, handler):
-        self.allow_reuse_address = True
-        TCPServer.__init__(self, addr, handler)
-
-def wps_er_start(dev, http_server, max_age=1, wait_m_search=False,
-                 location_url=None):
-    socket.setdefaulttimeout(1)
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.bind(("239.255.255.250", 1900))
-    dev.request("WPS_ER_START ifname=lo")
-    for i in range(100):
-        (msg, addr) = sock.recvfrom(1000)
-        msg = msg.decode()
-        logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
-        if "M-SEARCH" in msg:
-            break
-        if not wait_m_search:
-            raise Exception("Not an M-SEARCH")
-        if i == 99:
-            raise Exception("No M-SEARCH seen")
-
-    # Add an AP with a valid URL and server listing to it
-    server = MyTCPServer(("127.0.0.1", 12345), http_server)
-    if not location_url:
-        location_url = 'http://127.0.0.1:12345/foo.xml'
-    sock.sendto(("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:%s\r\ncache-control:max-age=%d\r\n\r\n" % (location_url, max_age)).encode(), addr)
-    server.timeout = 1
-    return server, sock
-
-def wps_er_stop(dev, sock, server, on_alloc_fail=False):
-    sock.close()
-    server.server_close()
-
-    if on_alloc_fail:
-        done = False
-        for i in range(50):
-            res = dev.request("GET_ALLOC_FAIL")
-            if res.startswith("0:"):
-                done = True
-                break
-            time.sleep(0.1)
-        if not done:
-            raise Exception("No allocation failure reported")
-    else:
-        ev = dev.wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
-        if ev is None:
-            raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
-    dev.request("WPS_ER_STOP")
-
-def run_wps_er_proto_test(dev, handler, no_event_url=False, location_url=None,
-                          max_age=1):
-    try:
-        uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
-        server, sock = wps_er_start(dev, handler, location_url=location_url,
-                                    max_age=max_age)
-        global wps_event_url
-        wps_event_url = None
-        server.handle_request()
-        server.handle_request()
-        server.handle_request()
-        server.server_close()
-        if no_event_url:
-            if wps_event_url:
-                raise Exception("Received event URL unexpectedly")
-            return
-        if wps_event_url is None:
-            raise Exception("Did not get event URL")
-        logger.info("Event URL: " + wps_event_url)
-    finally:
-            dev.request("WPS_ER_STOP")
-
-def send_wlanevent(url, uuid, data, no_response=False):
-    conn = HTTPConnection(url.netloc)
-    payload = '''<?xml version="1.0" encoding="utf-8"?>
-<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
-<e:property><STAStatus>1</STAStatus></e:property>
-<e:property><APStatus>1</APStatus></e:property>
-<e:property><WLANEvent>'''
-    payload += base64.b64encode(data).decode()
-    payload += '</WLANEvent></e:property></e:propertyset>'
-    headers = {"Content-type": 'text/xml; charset="utf-8"',
-               "Server": "Unspecified, UPnP/1.0, Unspecified",
-               "HOST": url.netloc,
-               "NT": "upnp:event",
-               "SID": "uuid:" + uuid,
-               "SEQ": "0",
-               "Content-Length": str(len(payload))}
-    conn.request("NOTIFY", url.path, payload, headers)
-    if no_response:
-        try:
-            conn.getresponse()
-        except Exception as e:
-            pass
-        return
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-def test_ap_wps_er_http_proto(dev, apdev):
-    """WPS ER HTTP protocol testing"""
-    try:
-        _test_ap_wps_er_http_proto(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_http_proto(dev, apdev):
-    uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
-    server, sock = wps_er_start(dev[0], WPSAPHTTPServer, max_age=15)
-    global wps_event_url
-    wps_event_url = None
-    server.handle_request()
-    server.handle_request()
-    server.handle_request()
-    server.server_close()
-    if wps_event_url is None:
-        raise Exception("Did not get event URL")
-    logger.info("Event URL: " + wps_event_url)
-
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
-    if ev is None:
-        raise Exception("No WPS-ER-AP-ADD event")
-    if uuid not in ev:
-        raise Exception("UUID mismatch")
-
-    sock.close()
-
-    logger.info("Valid Probe Request notification")
-    url = urlparse(wps_event_url)
-    conn = HTTPConnection(url.netloc)
-    payload = '''<?xml version="1.0" encoding="utf-8"?>
-<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
-<e:property><STAStatus>1</STAStatus></e:property>
-<e:property><APStatus>1</APStatus></e:property>
-<e:property><WLANEvent>ATAyOjAwOjAwOjAwOjAwOjAwEEoAARAQOgABAhAIAAIxSBBHABA2LbR7pTpRkYj7VFi5hrLk
-EFQACAAAAAAAAAAAEDwAAQMQAgACAAAQCQACAAAQEgACAAAQIQABIBAjAAEgECQAASAQEQAI
-RGV2aWNlIEEQSQAGADcqAAEg
-</WLANEvent></e:property>
-</e:propertyset>
-'''
-    headers = {"Content-type": 'text/xml; charset="utf-8"',
-               "Server": "Unspecified, UPnP/1.0, Unspecified",
-               "HOST": url.netloc,
-               "NT": "upnp:event",
-               "SID": "uuid:" + uuid,
-               "SEQ": "0",
-               "Content-Length": str(len(payload))}
-    conn.request("NOTIFY", url.path, payload, headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=5)
-    if ev is None:
-        raise Exception("No WPS-ER-ENROLLEE-ADD event")
-    if "362db47b-a53a-5191-88fb-5458b986b2e4" not in ev:
-        raise Exception("No Enrollee UUID match")
-
-    logger.info("Incorrect event URL AP id")
-    conn = HTTPConnection(url.netloc)
-    conn.request("NOTIFY", url.path + '123', payload, headers)
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.info("Missing AP id")
-    conn = HTTPConnection(url.netloc)
-    conn.request("NOTIFY", '/event/' + url.path.split('/')[2],
-                 payload, headers)
-    time.sleep(0.1)
-
-    logger.info("Incorrect event URL event id")
-    conn = HTTPConnection(url.netloc)
-    conn.request("NOTIFY", '/event/123456789/123', payload, headers)
-    time.sleep(0.1)
-
-    logger.info("Incorrect event URL prefix")
-    conn = HTTPConnection(url.netloc)
-    conn.request("NOTIFY", '/foobar/123456789/123', payload, headers)
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.info("Unsupported request")
-    conn = HTTPConnection(url.netloc)
-    conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
-    resp = conn.getresponse()
-    if resp.status != 501:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    logger.info("Unsupported request and OOM")
-    with alloc_fail(dev[0], 1, "wps_er_http_req"):
-        conn = HTTPConnection(url.netloc)
-        conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
-        time.sleep(0.5)
-
-    logger.info("Too short WLANEvent")
-    data = b'\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("Invalid WLANEventMAC")
-    data = b'\x00qwertyuiopasdfghjklzxcvbnm'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("Unknown WLANEventType")
-    data = b'\xff02:00:00:00:00:00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("Probe Request notification without any attributes")
-    data = b'\x0102:00:00:00:00:00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("Probe Request notification with invalid attribute")
-    data = b'\x0102:00:00:00:00:00\xff'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message without any attributes")
-    data = b'\x0202:00:00:00:00:00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message with invalid attribute")
-    data = b'\x0202:00:00:00:00:00\xff'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message from new STA and not M1")
-    data = b'\x0202:ff:ff:ff:ff:ff' + b'\x10\x22\x00\x01\x05'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1")
-    data = b'\x0202:00:00:00:00:00'
-    data += b'\x10\x22\x00\x01\x04'
-    data += b'\x10\x47\x00\x10' + 16 * b'\x00'
-    data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
-    data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
-    data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
-    data += b'\x10\x04\x00\x02\x00\x00'
-    data += b'\x10\x10\x00\x02\x00\x00'
-    data += b'\x10\x0d\x00\x01\x00'
-    data += b'\x10\x08\x00\x02\x00\x00'
-    data += b'\x10\x44\x00\x01\x00'
-    data += b'\x10\x21\x00\x00'
-    data += b'\x10\x23\x00\x00'
-    data += b'\x10\x24\x00\x00'
-    data += b'\x10\x42\x00\x00'
-    data += b'\x10\x54\x00\x08' + 8 * b'\x00'
-    data += b'\x10\x11\x00\x00'
-    data += b'\x10\x3c\x00\x01\x00'
-    data += b'\x10\x02\x00\x02\x00\x00'
-    data += b'\x10\x12\x00\x02\x00\x00'
-    data += b'\x10\x09\x00\x02\x00\x00'
-    data += b'\x10\x2d\x00\x04\x00\x00\x00\x00'
-    m1 = data
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: WSC_ACK")
-    data = b'\x0202:00:00:00:00:00' + b'\x10\x22\x00\x01\x0d'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1")
-    send_wlanevent(url, uuid, m1)
-
-    logger.info("EAP message: WSC_NACK")
-    data = b'\x0202:00:00:00:00:00' + b'\x10\x22\x00\x01\x0e'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 - Too long attribute values")
-    data = b'\x0202:00:00:00:00:00'
-    data += b'\x10\x11\x00\x21' + 33 * b'\x00'
-    data += b'\x10\x45\x00\x21' + 33 * b'\x00'
-    data += b'\x10\x42\x00\x21' + 33 * b'\x00'
-    data += b'\x10\x24\x00\x21' + 33 * b'\x00'
-    data += b'\x10\x23\x00\x21' + 33 * b'\x00'
-    data += b'\x10\x21\x00\x41' + 65 * b'\x00'
-    data += b'\x10\x49\x00\x09\x00\x37\x2a\x05\x02\x00\x00\x05\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing UUID-E")
-    data = b'\x0202:00:00:00:00:00'
-    data += b'\x10\x22\x00\x01\x04'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing MAC Address")
-    data += b'\x10\x47\x00\x10' + 16 * b'\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Enrollee Nonce")
-    data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Public Key")
-    data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Authentication Type flags")
-    data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Encryption Type Flags")
-    data += b'\x10\x04\x00\x02\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Connection Type flags")
-    data += b'\x10\x10\x00\x02\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Config Methods")
-    data += b'\x10\x0d\x00\x01\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Wi-Fi Protected Setup State")
-    data += b'\x10\x08\x00\x02\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Manufacturer")
-    data += b'\x10\x44\x00\x01\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Model Name")
-    data += b'\x10\x21\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Model Number")
-    data += b'\x10\x23\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Serial Number")
-    data += b'\x10\x24\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Primary Device Type")
-    data += b'\x10\x42\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Device Name")
-    data += b'\x10\x54\x00\x08' + 8 * b'\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing RF Bands")
-    data += b'\x10\x11\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Association State")
-    data += b'\x10\x3c\x00\x01\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Device Password ID")
-    data += b'\x10\x02\x00\x02\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing Configuration Error")
-    data += b'\x10\x12\x00\x02\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("EAP message: M1 missing OS Version")
-    data += b'\x10\x09\x00\x02\x00\x00'
-    send_wlanevent(url, uuid, data)
-
-    logger.info("Check max concurrent requests")
-    addr = (url.hostname, url.port)
-    socks = {}
-    for i in range(20):
-        socks[i] = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                                 socket.IPPROTO_TCP)
-        socks[i].settimeout(10)
-        socks[i].connect(addr)
-    for i in range(20):
-        socks[i].send(b"GET / HTTP/1.1\r\n\r\n")
-    count = 0
-    for i in range(20):
-        try:
-            res = socks[i].recv(100).decode()
-            if "HTTP/1" in res:
-                count += 1
-            else:
-                logger.info("recv[%d]: len=%d" % (i, len(res)))
-        except:
-            pass
-        socks[i].close()
-    logger.info("%d concurrent HTTP GET operations returned response" % count)
-    if count < 8:
-        raise Exception("Too few concurrent HTTP connections accepted")
-
-    logger.info("OOM in HTTP server")
-    for func in ["http_request_init", "httpread_create",
-                 "eloop_register_timeout;httpread_create",
-                 "eloop_sock_table_add_sock;?eloop_register_sock;httpread_create",
-                 "httpread_hdr_analyze"]:
-        with alloc_fail(dev[0], 1, func):
-            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                                 socket.IPPROTO_TCP)
-            sock.connect(addr)
-            sock.send(b"GET / HTTP/1.1\r\n\r\n")
-            try:
-                sock.recv(100)
-            except:
-                pass
-            sock.close()
-
-    logger.info("Invalid HTTP header")
-    for req in [" GET / HTTP/1.1\r\n\r\n",
-                "HTTP/1.1 200 OK\r\n\r\n",
-                "HTTP/\r\n\r\n",
-                "GET %%a%aa% HTTP/1.1\r\n\r\n",
-                "GET / HTTP/1.1\r\n FOO\r\n\r\n",
-                "NOTIFY / HTTP/1.1\r\n" + 4097*'a' + '\r\n\r\n',
-                "NOTIFY / HTTP/1.1\r\n\r\n" + 8193*'a',
-                "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n foo\r\n",
-                "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n1\r\nfoo\r\n",
-                "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\n",
-                "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\naa\ra\r\n\ra"]:
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                             socket.IPPROTO_TCP)
-        sock.settimeout(0.1)
-        sock.connect(addr)
-        sock.send(req.encode())
-        try:
-            sock.recv(100)
-        except:
-            pass
-        sock.close()
-
-    with alloc_fail(dev[0], 2, "httpread_read_handler"):
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                             socket.IPPROTO_TCP)
-        sock.connect(addr)
-        sock.send(b"NOTIFY / HTTP/1.1\r\n\r\n" + 4500 * b'a')
-        try:
-            sock.recv(100)
-        except:
-            pass
-        sock.close()
-
-    conn = HTTPConnection(url.netloc)
-    payload = '<foo'
-    headers = {"Content-type": 'text/xml; charset="utf-8"',
-               "Server": "Unspecified, UPnP/1.0, Unspecified",
-               "HOST": url.netloc,
-               "NT": "upnp:event",
-               "SID": "uuid:" + uuid,
-               "SEQ": "0",
-               "Content-Length": str(len(payload))}
-    conn.request("NOTIFY", url.path, payload, headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    conn = HTTPConnection(url.netloc)
-    payload = '<WLANEvent foo></WLANEvent>'
-    headers = {"Content-type": 'text/xml; charset="utf-8"',
-               "Server": "Unspecified, UPnP/1.0, Unspecified",
-               "HOST": url.netloc,
-               "NT": "upnp:event",
-               "SID": "uuid:" + uuid,
-               "SEQ": "0",
-               "Content-Length": str(len(payload))}
-    conn.request("NOTIFY", url.path, payload, headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(dev[0], 1, "xml_get_first_item"):
-        send_wlanevent(url, uuid, b'')
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc_ext_data;xml_get_base64_item"):
-        send_wlanevent(url, uuid, b'foo')
-
-    for func in ["wps_init",
-                 "wps_process_manufacturer",
-                 "wps_process_model_name",
-                 "wps_process_model_number",
-                 "wps_process_serial_number",
-                 "wps_process_dev_name"]:
-        with alloc_fail(dev[0], 1, func):
-            send_wlanevent(url, uuid, m1)
-
-    with alloc_fail(dev[0], 1, "wps_er_http_resp_ok"):
-        send_wlanevent(url, uuid, m1, no_response=True)
-
-    with alloc_fail(dev[0], 1, "wps_er_http_resp_not_found"):
-        url2 = urlparse(wps_event_url.replace('/event/', '/notfound/'))
-        send_wlanevent(url2, uuid, m1, no_response=True)
-
-    logger.info("EAP message: M1")
-    data = b'\x0202:11:22:00:00:00'
-    data += b'\x10\x22\x00\x01\x04'
-    data += b'\x10\x47\x00\x10' + 16 * b'\x00'
-    data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
-    data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
-    data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
-    data += b'\x10\x04\x00\x02\x00\x00'
-    data += b'\x10\x10\x00\x02\x00\x00'
-    data += b'\x10\x0d\x00\x01\x00'
-    data += b'\x10\x08\x00\x02\x00\x00'
-    data += b'\x10\x44\x00\x01\x00'
-    data += b'\x10\x21\x00\x00'
-    data += b'\x10\x23\x00\x00'
-    data += b'\x10\x24\x00\x00'
-    data += b'\x10\x42\x00\x00'
-    data += b'\x10\x54\x00\x08' + 8 * b'\x00'
-    data += b'\x10\x11\x00\x00'
-    data += b'\x10\x3c\x00\x01\x00'
-    data += b'\x10\x02\x00\x02\x00\x00'
-    data += b'\x10\x12\x00\x02\x00\x00'
-    data += b'\x10\x09\x00\x02\x00\x00'
-    data += b'\x10\x2d\x00\x04\x00\x00\x00\x00'
-    dev[0].dump_monitor()
-    with alloc_fail(dev[0], 1, "wps_er_add_sta_data"):
-        send_wlanevent(url, uuid, data)
-        ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected enrollee add event")
-    send_wlanevent(url, uuid, data)
-    ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=2)
-    if ev is None:
-        raise Exception("Enrollee add event not seen")
-
-    with alloc_fail(dev[0], 1,
-                    "base64_gen_encode;?base64_encode;wps_er_soap_hdr"):
-        send_wlanevent(url, uuid, data)
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;wps_er_soap_hdr"):
-        send_wlanevent(url, uuid, data)
-
-    with alloc_fail(dev[0], 1, "http_client_url_parse;wps_er_sta_send_msg"):
-        send_wlanevent(url, uuid, data)
-
-    with alloc_fail(dev[0], 1, "http_client_addr;wps_er_sta_send_msg"):
-        send_wlanevent(url, uuid, data)
-
-def test_ap_wps_er_http_proto_no_event_sub_url(dev, apdev):
-    """WPS ER HTTP protocol testing - no eventSubURL"""
-    class WPSAPHTTPServer_no_event_sub_url(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(gen_upnp_info(eventSubURL=None))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_event_sub_url,
-                          no_event_url=True)
-
-def test_ap_wps_er_http_proto_event_sub_url_dns(dev, apdev):
-    """WPS ER HTTP protocol testing - DNS name in eventSubURL"""
-    class WPSAPHTTPServer_event_sub_url_dns(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(gen_upnp_info(eventSubURL='http://example.com/wps_event'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_event_sub_url_dns,
-                          no_event_url=True)
-
-def test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
-    """WPS ER HTTP protocol testing - subscribe OOM"""
-    try:
-        _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
-    tests = [(1, "http_client_url_parse"),
-             (1, "wpabuf_alloc;wps_er_subscribe"),
-             (1, "http_client_addr"),
-             (1, "eloop_sock_table_add_sock;?eloop_register_sock;http_client_addr"),
-             (1, "eloop_register_timeout;http_client_addr")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            server, sock = wps_er_start(dev[0], WPSAPHTTPServer)
-            server.handle_request()
-            server.handle_request()
-            wps_er_stop(dev[0], sock, server, on_alloc_fail=True)
-
-def test_ap_wps_er_http_proto_no_sid(dev, apdev):
-    """WPS ER HTTP protocol testing - no SID"""
-    class WPSAPHTTPServer_no_sid(WPSAPHTTPServer):
-        def handle_wps_event(self):
-            self.wfile.write(gen_wps_event(sid=None))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_sid)
-
-def test_ap_wps_er_http_proto_invalid_sid_no_uuid(dev, apdev):
-    """WPS ER HTTP protocol testing - invalid SID - no UUID"""
-    class WPSAPHTTPServer_invalid_sid_no_uuid(WPSAPHTTPServer):
-        def handle_wps_event(self):
-            self.wfile.write(gen_wps_event(sid='FOO'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_no_uuid)
-
-def test_ap_wps_er_http_proto_invalid_sid_uuid(dev, apdev):
-    """WPS ER HTTP protocol testing - invalid SID UUID"""
-    class WPSAPHTTPServer_invalid_sid_uuid(WPSAPHTTPServer):
-        def handle_wps_event(self):
-            self.wfile.write(gen_wps_event(sid='uuid:FOO'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_uuid)
-
-def test_ap_wps_er_http_proto_subscribe_failing(dev, apdev):
-    """WPS ER HTTP protocol testing - SUBSCRIBE failing"""
-    class WPSAPHTTPServer_fail_subscribe(WPSAPHTTPServer):
-        def handle_wps_event(self):
-            payload = ""
-            hdr = 'HTTP/1.1 404 Not Found\r\n' + \
-                  'Content-Type: text/xml; charset="utf-8"\r\n' + \
-                  'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-                  'Connection: close\r\n' + \
-                  'Content-Length: ' + str(len(payload)) + '\r\n' + \
-                  'Timeout: Second-1801\r\n' + \
-                  'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-            self.wfile.write((hdr + payload).encode())
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_fail_subscribe)
-
-def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
-    """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
-    class WPSAPHTTPServer_subscribe_invalid_response(WPSAPHTTPServer):
-        def handle_wps_event(self):
-            payload = ""
-            hdr = 'HTTP/1.1 FOO\r\n' + \
-                  'Content-Type: text/xml; charset="utf-8"\r\n' + \
-                  'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-                  'Connection: close\r\n' + \
-                  'Content-Length: ' + str(len(payload)) + '\r\n' + \
-                  'Timeout: Second-1801\r\n' + \
-                  'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-            self.wfile.write((hdr + payload).encode())
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_subscribe_invalid_response)
-
-def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
-    """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
-    class WPSAPHTTPServer_invalid_m1(WPSAPHTTPServer):
-        def handle_wps_control(self):
-            payload = '''<?xml version="1.0"?>
-<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
-<s:Body>
-<u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
-<NewDeviceInfo>Rk9P</NewDeviceInfo>
-</u:GetDeviceInfoResponse>
-</s:Body>
-</s:Envelope>
-'''
-            self.wfile.write(gen_wps_control(payload_override=payload))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_m1, no_event_url=True)
-
-def test_ap_wps_er_http_proto_upnp_info_no_device(dev, apdev):
-    """WPS ER HTTP protocol testing - No device in UPnP info"""
-    class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            payload = '''<?xml version="1.0"?>
-<root xmlns="urn:schemas-upnp-org:device-1-0">
-<specVersion>
-<major>1</major>
-<minor>0</minor>
-</specVersion>
-</root>
-'''
-            hdr = 'HTTP/1.1 200 OK\r\n' + \
-                  'Content-Type: text/xml; charset="utf-8"\r\n' + \
-                  'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-                  'Connection: close\r\n' + \
-                  'Content-Length: ' + str(len(payload)) + '\r\n' + \
-                  'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-            self.wfile.write((hdr + payload).encode())
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
-
-def test_ap_wps_er_http_proto_upnp_info_no_device_type(dev, apdev):
-    """WPS ER HTTP protocol testing - No deviceType in UPnP info"""
-    class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            payload = '''<?xml version="1.0"?>
-<root xmlns="urn:schemas-upnp-org:device-1-0">
-<specVersion>
-<major>1</major>
-<minor>0</minor>
-</specVersion>
-<device>
-</device>
-</root>
-'''
-            hdr = 'HTTP/1.1 200 OK\r\n' + \
-                  'Content-Type: text/xml; charset="utf-8"\r\n' + \
-                  'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
-                  'Connection: close\r\n' + \
-                  'Content-Length: ' + str(len(payload)) + '\r\n' + \
-                  'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
-            self.wfile.write((hdr + payload).encode())
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
-
-def test_ap_wps_er_http_proto_upnp_info_invalid_udn_uuid(dev, apdev):
-    """WPS ER HTTP protocol testing - Invalid UDN UUID"""
-    class WPSAPHTTPServer_invalid_udn_uuid(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(gen_upnp_info(udn='uuid:foo'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_udn_uuid)
-
-def test_ap_wps_er_http_proto_no_control_url(dev, apdev):
-    """WPS ER HTTP protocol testing - no controlURL"""
-    class WPSAPHTTPServer_no_control_url(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(gen_upnp_info(controlURL=None))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_control_url,
-                          no_event_url=True)
-
-def test_ap_wps_er_http_proto_control_url_dns(dev, apdev):
-    """WPS ER HTTP protocol testing - DNS name in controlURL"""
-    class WPSAPHTTPServer_control_url_dns(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(gen_upnp_info(controlURL='http://example.com/wps_control'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_control_url_dns,
-                          no_event_url=True)
-
-def test_ap_wps_http_timeout(dev, apdev):
-    """WPS AP/ER and HTTP timeout"""
-    try:
-        _test_ap_wps_http_timeout(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_http_timeout(dev, apdev):
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    url = urlparse(location)
-    addr = (url.hostname, url.port)
-    logger.debug("Open HTTP connection to hostapd, but do not complete request")
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                         socket.IPPROTO_TCP)
-    sock.connect(addr)
-    sock.send(b"G")
-
-    class StubServer(StreamRequestHandler):
-        def handle(self):
-            logger.debug("StubServer - start 31 sec wait")
-            time.sleep(31)
-            logger.debug("StubServer - wait done")
-
-    logger.debug("Start WPS ER")
-    server, sock2 = wps_er_start(dev[0], StubServer, max_age=40,
-                                 wait_m_search=True)
-
-    logger.debug("Start server to accept, but not complete, HTTP connection from WPS ER")
-    # This will wait for 31 seconds..
-    server.handle_request()
-
-    logger.debug("Complete HTTP connection with hostapd (that should have already closed the connection)")
-    try:
-        sock.send("ET / HTTP/1.1\r\n\r\n")
-        res = sock.recv(100)
-        sock.close()
-    except:
-        pass
-
-def test_ap_wps_er_url_parse(dev, apdev):
-    """WPS ER and URL parsing special cases"""
-    try:
-        _test_ap_wps_er_url_parse(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_url_parse(dev, apdev):
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.settimeout(1)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.bind(("239.255.255.250", 1900))
-    dev[0].request("WPS_ER_START ifname=lo")
-    (msg, addr) = sock.recvfrom(1000)
-    msg = msg.decode()
-    logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
-    if "M-SEARCH" not in msg:
-        raise Exception("Not an M-SEARCH")
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1\r\ncache-control:max-age=1\r\n\r\n", addr)
-    ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1/:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
-    ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
-    sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://255.255.255.255:0/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
-    ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
-
-    sock.close()
-
-def test_ap_wps_er_link_update(dev, apdev):
-    """WPS ER and link update special cases"""
-    class WPSAPHTTPServer_link_update(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update)
-
-    class WPSAPHTTPServer_link_update2(WPSAPHTTPServer):
-        def handle_others(self, data):
-            if "GET / " in data:
-                self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update2,
-                          location_url='http://127.0.0.1:12345')
-
-def test_ap_wps_er_http_client(dev, apdev):
-    """WPS ER and HTTP client special cases"""
-    with alloc_fail(dev[0], 1, "http_link_update"):
-        run_wps_er_proto_test(dev[0], WPSAPHTTPServer)
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;http_client_url"):
-        run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
-
-    with alloc_fail(dev[0], 1, "httpread_create;http_client_tx_ready"):
-        run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
-
-    class WPSAPHTTPServer_req_as_resp(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            self.wfile.write(b"GET / HTTP/1.1\r\n\r\n")
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_req_as_resp,
-                          no_event_url=True)
-
-def test_ap_wps_er_http_client_timeout(dev, apdev):
-    """WPS ER and HTTP client timeout"""
-    class WPSAPHTTPServer_timeout(WPSAPHTTPServer):
-        def handle_upnp_info(self):
-            time.sleep(31)
-            self.wfile.write(b"GET / HTTP/1.1\r\n\r\n")
-    run_wps_er_proto_test(dev[0], WPSAPHTTPServer_timeout,
-                          no_event_url=True, max_age=60)
-
-def test_ap_wps_init_oom(dev, apdev):
-    """wps_init OOM cases"""
-    ssid = "test-wps"
-    appin = "12345670"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "ap_pin": appin}
-    hapd = hostapd.add_ap(apdev[0], params)
-    pin = dev[0].wps_read_pin()
-
-    with alloc_fail(hapd, 1, "wps_init"):
-        hapd.request("WPS_PIN any " + pin)
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("No EAP failure reported")
-        dev[0].request("WPS_CANCEL")
-
-    with alloc_fail(dev[0], 2, "wps_init"):
-        hapd.request("WPS_PIN any " + pin)
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("No EAP failure reported")
-        dev[0].request("WPS_CANCEL")
-
-    with alloc_fail(dev[0], 2, "wps_init"):
-        hapd.request("WPS_PBC")
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[0].request("WPS_PBC %s" % (apdev[0]['bssid']))
-        ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("No EAP failure reported")
-        dev[0].request("WPS_CANCEL")
-
-    dev[0].dump_monitor()
-    new_ssid = "wps-new-ssid"
-    new_passphrase = "1234567890"
-    with alloc_fail(dev[0], 3, "wps_init"):
-        dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
-                       new_passphrase, no_wait=True)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("No EAP failure reported")
-
-    dev[0].flush_scan_cache()
-
-@remote_compatible
-def test_ap_wps_invalid_assoc_req_elem(dev, apdev):
-    """WPS and invalid IE in Association Request frame"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    pin = "12345670"
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    try:
-        dev[0].request("VENDOR_ELEM_ADD 13 dd050050f20410")
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        for i in range(5):
-            ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
-            if ev and "vendor=14122" in ev:
-                break
-        if ev is None or "vendor=14122" not in ev:
-            raise Exception("EAP-WSC not started")
-        dev[0].request("WPS_CANCEL")
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def test_ap_wps_pbc_pin_mismatch(dev, apdev):
-    """WPS PBC/PIN mismatch"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("SET wps_version_number 0x10")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    hapd.request("WPS_PBC")
-    pin = dev[0].wps_read_pin()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-    dev[0].request("WPS_CANCEL")
-
-    hapd.request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-@remote_compatible
-def test_ap_wps_ie_invalid(dev, apdev):
-    """WPS PIN attempt with AP that has invalid WSC IE"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "vendor_elements": "dd050050f20410"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = {'ssid': "another", "vendor_elements": "dd050050f20410"}
-    hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    pin = dev[0].wps_read_pin()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-    dev[0].request("WPS_CANCEL")
-
-@remote_compatible
-def test_ap_wps_scan_prio_order(dev, apdev):
-    """WPS scan priority ordering"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = {'ssid': "another", "vendor_elements": "dd050050f20410"}
-    hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    pin = dev[0].wps_read_pin()
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-    dev[0].request("WPS_CANCEL")
-
-def test_ap_wps_probe_req_ie_oom(dev, apdev):
-    """WPS ProbeReq IE OOM"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    with alloc_fail(dev[0], 1, "wps_build_probe_req_ie"):
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Association not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "wps_ie_encapsulate"):
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Association not seen")
-    dev[0].request("WPS_CANCEL")
-    hapd.disable()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    time.sleep(0.2)
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_assoc_req_ie_oom(dev, apdev):
-    """WPS AssocReq IE OOM"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    with alloc_fail(dev[0], 1, "wps_build_assoc_req_ie"):
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Association not seen")
-    dev[0].request("WPS_CANCEL")
-
-def test_ap_wps_assoc_resp_ie_oom(dev, apdev):
-    """WPS AssocResp IE OOM"""
-    ssid = "test-wps"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    with alloc_fail(hapd, 1, "wps_build_assoc_resp_ie"):
-        dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-        ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Association not seen")
-    dev[0].request("WPS_CANCEL")
-
-@remote_compatible
-def test_ap_wps_bss_info_errors(dev, apdev):
-    """WPS BSS info errors"""
-    params = {"ssid": "1",
-              "vendor_elements": "dd0e0050f20410440001ff101100010a"}
-    hostapd.add_ap(apdev[0], params)
-    params = {'ssid': "2", "vendor_elements": "dd050050f20410"}
-    hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    logger.info("BSS: " + str(bss))
-    if "wps_state" in bss:
-        raise Exception("Unexpected wps_state in BSS info")
-    if 'wps_device_name' not in bss:
-        raise Exception("No wps_device_name in BSS info")
-    if bss['wps_device_name'] != '_':
-        raise Exception("Unexpected wps_device_name value")
-    bss = dev[0].get_bss(apdev[1]['bssid'])
-    logger.info("BSS: " + str(bss))
-
-    with alloc_fail(dev[0], 1, "=wps_attr_text"):
-        bss = dev[0].get_bss(apdev[0]['bssid'])
-        logger.info("BSS(OOM): " + str(bss))
-
-def wps_run_pbc_fail_ap(apdev, dev, hapd):
-    hapd.request("WPS_PBC")
-    dev.scan_for_bss(apdev['bssid'], freq="2412")
-    dev.request("WPS_PBC " + apdev['bssid'])
-    ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("No EAP failure reported")
-    dev.request("WPS_CANCEL")
-    dev.wait_disconnected()
-    for i in range(5):
-        try:
-            dev.flush_scan_cache()
-            break
-        except Exception as e:
-            if str(e).startswith("Failed to trigger scan"):
-                # Try again
-                time.sleep(1)
-            else:
-                raise
-
-def wps_run_pbc_fail(apdev, dev):
-    hapd = wps_start_ap(apdev)
-    wps_run_pbc_fail_ap(apdev, dev, hapd)
-
-@remote_compatible
-def test_ap_wps_pk_oom(dev, apdev):
-    """WPS and public key OOM"""
-    with alloc_fail(dev[0], 1, "wps_build_public_key"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_pk_oom_ap(dev, apdev):
-    """WPS and public key OOM on AP"""
-    hapd = wps_start_ap(apdev[0])
-    with alloc_fail(hapd, 1, "wps_build_public_key"):
-        wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
-
-@remote_compatible
-def test_ap_wps_encr_oom_ap(dev, apdev):
-    """WPS and encrypted settings decryption OOM on AP"""
-    hapd = wps_start_ap(apdev[0])
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    with alloc_fail(hapd, 1, "wps_decrypt_encr_settings"):
-        dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
-        ev = hapd.wait_event(["WPS-FAIL"], timeout=10)
-        if ev is None:
-            raise Exception("No WPS-FAIL reported")
-        dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-
-@remote_compatible
-def test_ap_wps_encr_no_random_ap(dev, apdev):
-    """WPS and no random data available for encryption on AP"""
-    hapd = wps_start_ap(apdev[0])
-    with fail_test(hapd, 1, "os_get_random;wps_build_encr_settings"):
-        wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
-
-@remote_compatible
-def test_ap_wps_e_hash_no_random_sta(dev, apdev):
-    """WPS and no random data available for e-hash on STA"""
-    with fail_test(dev[0], 1, "os_get_random;wps_build_e_hash"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_m1_no_random(dev, apdev):
-    """WPS and no random for M1 on STA"""
-    with fail_test(dev[0], 1, "os_get_random;wps_build_m1"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_m1_oom(dev, apdev):
-    """WPS and OOM for M1 on STA"""
-    with alloc_fail(dev[0], 1, "wps_build_m1"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_m3_oom(dev, apdev):
-    """WPS and OOM for M3 on STA"""
-    with alloc_fail(dev[0], 1, "wps_build_m3"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_m5_oom(dev, apdev):
-    """WPS and OOM for M5 on STA"""
-    hapd = wps_start_ap(apdev[0])
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "wps_build_m5"):
-            dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("No EAP failure reported")
-            dev[0].request("WPS_CANCEL")
-            dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-@remote_compatible
-def test_ap_wps_m5_no_random(dev, apdev):
-    """WPS and no random for M5 on STA"""
-    with fail_test(dev[0], 1,
-                   "os_get_random;wps_build_encr_settings;wps_build_m5"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_m7_oom(dev, apdev):
-    """WPS and OOM for M7 on STA"""
-    hapd = wps_start_ap(apdev[0])
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "wps_build_m7"):
-            dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("No EAP failure reported")
-            dev[0].request("WPS_CANCEL")
-            dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-@remote_compatible
-def test_ap_wps_m7_no_random(dev, apdev):
-    """WPS and no random for M7 on STA"""
-    with fail_test(dev[0], 1,
-                   "os_get_random;wps_build_encr_settings;wps_build_m7"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-@remote_compatible
-def test_ap_wps_wsc_done_oom(dev, apdev):
-    """WPS and OOM for WSC_Done on STA"""
-    with alloc_fail(dev[0], 1, "wps_build_wsc_done"):
-        wps_run_pbc_fail(apdev[0], dev[0])
-
-def test_ap_wps_random_psk_fail(dev, apdev):
-    """WPS and no random for PSK on AP"""
-    ssid = "test-wps"
-    pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
-    appin = "12345670"
-    try:
-        os.remove(pskfile)
-    except:
-        pass
-
-    try:
-        with open(pskfile, "w") as f:
-            f.write("# WPA PSKs\n")
-
-        params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                  "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
-                  "rsn_pairwise": "CCMP", "ap_pin": appin,
-                  "wpa_psk_file": pskfile}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        with fail_test(hapd, 1, "os_get_random;wps_build_cred_network_key"):
-            dev[0].request("WPS_REG " + apdev[0]['bssid'] + " " + appin)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("No EAP failure reported")
-            dev[0].request("WPS_CANCEL")
-        dev[0].wait_disconnected()
-
-        with fail_test(hapd, 1, "os_get_random;wps_build_cred"):
-            wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
-
-        with alloc_fail(hapd, 1, "wps_build_cred"):
-            wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
-
-        with alloc_fail(hapd, 2, "wps_build_cred"):
-            wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
-    finally:
-        os.remove(pskfile)
-
-def wps_ext_eap_identity_req(dev, hapd, bssid):
-    logger.debug("EAP-Identity/Request")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-def wps_ext_eap_identity_resp(hapd, dev, addr):
-    ev = dev.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-def wps_ext_eap_wsc(dst, src, src_addr, msg):
-    logger.debug(msg)
-    ev = src.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    res = dst.request("EAPOL_RX " + src_addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-
-def wps_start_ext(apdev, dev, pbc=False, pin=None):
-    addr = dev.own_addr()
-    bssid = apdev['bssid']
-    ssid = "test-wps-conf"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev, params)
-
-    if pbc:
-        hapd.request("WPS_PBC")
-    else:
-        if pin is None:
-            pin = dev.wps_read_pin()
-        hapd.request("WPS_PIN any " + pin)
-    dev.scan_for_bss(bssid, freq="2412")
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev.request("SET ext_eapol_frame_io 1")
-
-    if pbc:
-        dev.request("WPS_PBC " + bssid)
-    else:
-        dev.request("WPS_PIN " + bssid + " " + pin)
-    return addr, bssid, hapd
-
-def wps_auth_corrupt(dst, src, addr):
-    ev = src.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    src.request("SET ext_eapol_frame_io 0")
-    dst.request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[-24:-16] != '10050008':
-        raise Exception("Could not find Authenticator attribute")
-    # Corrupt Authenticator value
-    msg = msg[:-1] + '%x' % ((int(msg[-1], 16) + 1) % 16)
-    res = dst.request("EAPOL_RX " + addr + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-
-def wps_fail_finish(hapd, dev, fail_str):
-    ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("WPS-FAIL not indicated")
-    if fail_str not in ev:
-        raise Exception("Unexpected WPS-FAIL value: " + ev)
-    dev.request("WPS_CANCEL")
-    dev.wait_disconnected()
-
-def wps_auth_corrupt_from_ap(dev, hapd, bssid, fail_str):
-    wps_auth_corrupt(dev, hapd, bssid)
-    wps_fail_finish(hapd, dev, fail_str)
-
-def wps_auth_corrupt_to_ap(dev, hapd, addr, fail_str):
-    wps_auth_corrupt(hapd, dev, addr)
-    wps_fail_finish(hapd, dev, fail_str)
-
-def test_ap_wps_authenticator_mismatch_m2(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M2"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=5")
-
-def test_ap_wps_authenticator_mismatch_m3(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M3"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
-    logger.debug("M3")
-    wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=7")
-
-def test_ap_wps_authenticator_mismatch_m4(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M4"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
-    logger.debug("M4")
-    wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=8")
-
-def test_ap_wps_authenticator_mismatch_m5(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M5"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
-    logger.debug("M5")
-    wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=9")
-
-def test_ap_wps_authenticator_mismatch_m6(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M6"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
-    logger.debug("M6")
-    wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=10")
-
-def test_ap_wps_authenticator_mismatch_m7(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M7"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
-    logger.debug("M7")
-    wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=11")
-
-def test_ap_wps_authenticator_mismatch_m8(dev, apdev):
-    """WPS and Authenticator attribute mismatch in M8"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M7")
-    logger.debug("M8")
-    wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=12")
-
-def test_ap_wps_authenticator_missing_m2(dev, apdev):
-    """WPS and Authenticator attribute missing from M2"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[-24:-16] != '10050008':
-        raise Exception("Could not find Authenticator attribute")
-    # Remove Authenticator value
-    msg = msg[:-24]
-    mlen = "%04x" % (int(msg[4:8], 16) - 12)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    wps_fail_finish(hapd, dev[0], "msg=5")
-
-def test_ap_wps_m2_dev_passwd_id_p2p(dev, apdev):
-    """WPS and M2 with different Device Password ID (P2P)"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[722:730] != '10120002':
-        raise Exception("Could not find Device Password ID attribute")
-    # Replace Device Password ID value. This will fail Authenticator check, but
-    # allows the code path in wps_process_dev_pw_id() to be checked from debug
-    # log.
-    msg = msg[0:730] + "0005" + msg[734:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    wps_fail_finish(hapd, dev[0], "msg=5")
-
-def test_ap_wps_m2_dev_passwd_id_change_pin_to_pbc(dev, apdev):
-    """WPS and M2 with different Device Password ID (PIN to PBC)"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[722:730] != '10120002':
-        raise Exception("Could not find Device Password ID attribute")
-    # Replace Device Password ID value (PIN --> PBC). This will be rejected.
-    msg = msg[0:730] + "0004" + msg[734:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    wps_fail_finish(hapd, dev[0], "msg=5")
-
-def test_ap_wps_m2_dev_passwd_id_change_pbc_to_pin(dev, apdev):
-    """WPS and M2 with different Device Password ID (PBC to PIN)"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[722:730] != '10120002':
-        raise Exception("Could not find Device Password ID attribute")
-    # Replace Device Password ID value. This will fail Authenticator check, but
-    # allows the code path in wps_process_dev_pw_id() to be checked from debug
-    # log.
-    msg = msg[0:730] + "0000" + msg[734:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    wps_fail_finish(hapd, dev[0], "msg=5")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_missing_dev_passwd_id(dev, apdev):
-    """WPS and M2 without Device Password ID"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[722:730] != '10120002':
-        raise Exception("Could not find Device Password ID attribute")
-    # Remove Device Password ID value. This will fail Authenticator check, but
-    # allows the code path in wps_process_dev_pw_id() to be checked from debug
-    # log.
-    mlen = "%04x" % (int(msg[4:8], 16) - 6)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:722] + msg[734:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    wps_fail_finish(hapd, dev[0], "msg=5")
-
-def test_ap_wps_m2_missing_registrar_nonce(dev, apdev):
-    """WPS and M2 without Registrar Nonce"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[96:104] != '10390010':
-        raise Exception("Could not find Registrar Nonce attribute")
-    # Remove Registrar Nonce. This will fail Authenticator check, but
-    # allows the code path in wps_process_registrar_nonce() to be checked from
-    # the debug log.
-    mlen = "%04x" % (int(msg[4:8], 16) - 20)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:96] + msg[136:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnect event not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_missing_enrollee_nonce(dev, apdev):
-    """WPS and M2 without Enrollee Nonce"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[56:64] != '101a0010':
-        raise Exception("Could not find enrollee Nonce attribute")
-    # Remove Enrollee Nonce. This will fail Authenticator check, but
-    # allows the code path in wps_process_enrollee_nonce() to be checked from
-    # the debug log.
-    mlen = "%04x" % (int(msg[4:8], 16) - 20)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:56] + msg[96:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnect event not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_missing_uuid_r(dev, apdev):
-    """WPS and M2 without UUID-R"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[136:144] != '10480010':
-        raise Exception("Could not find enrollee Nonce attribute")
-    # Remove UUID-R. This will fail Authenticator check, but allows the code
-    # path in wps_process_uuid_r() to be checked from the debug log.
-    mlen = "%04x" % (int(msg[4:8], 16) - 20)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:136] + msg[176:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnect event not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_invalid(dev, apdev):
-    """WPS and M2 parsing failure"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[136:144] != '10480010':
-        raise Exception("Could not find enrollee Nonce attribute")
-    # Remove UUID-R. This will fail Authenticator check, but allows the code
-    # path in wps_process_uuid_r() to be checked from the debug log.
-    mlen = "%04x" % (int(msg[4:8], 16) - 1)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:-2]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnect event not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_missing_msg_type(dev, apdev):
-    """WPS and M2 without Message Type"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[46:54] != '10220001':
-        raise Exception("Could not find Message Type attribute")
-    # Remove Message Type. This will fail Authenticator check, but allows the
-    # code path in wps_process_wsc_msg() to be checked from the debug log.
-    mlen = "%04x" % (int(msg[4:8], 16) - 5)
-    msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:46] + msg[56:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnect event not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_unknown_msg_type(dev, apdev):
-    """WPS and M2 but unknown Message Type"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[46:54] != '10220001':
-        raise Exception("Could not find Message Type attribute")
-    # Replace Message Type value. This will be rejected.
-    msg = msg[0:54] + "00" + msg[56:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnect event not seen")
-    dev[0].request("WPS_CANCEL")
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_unknown_opcode(dev, apdev):
-    """WPS and M2 but unknown opcode"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    # Replace opcode. This will be discarded in EAP-WSC processing.
-    msg = msg[0:32] + "00" + msg[34:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_unknown_opcode2(dev, apdev):
-    """WPS and M2 but unknown opcode (WSC_Start)"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    # Replace opcode. This will be discarded in EAP-WSC processing.
-    msg = msg[0:32] + "01" + msg[34:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_m2_unknown_opcode3(dev, apdev):
-    """WPS and M2 but unknown opcode (WSC_Done)"""
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
-    logger.debug("M2")
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    # Replace opcode. This will be discarded in WPS Enrollee processing.
-    msg = msg[0:32] + "05" + msg[34:]
-    res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def wps_m2_but_other(dev, apdev, title, msgtype):
-    addr, bssid, hapd = wps_start_ext(apdev, dev)
-    wps_ext_eap_identity_req(dev, hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev, addr)
-    wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev, addr, "M1")
-    logger.debug(title)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev.request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[46:54] != '10220001':
-        raise Exception("Could not find Message Type attribute")
-    # Replace Message Type value. This will be rejected.
-    msg = msg[0:54] + msgtype + msg[56:]
-    res = dev.request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = dev.wait_event(["WPS-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("WPS-FAIL event not seen")
-    dev.request("WPS_CANCEL")
-    dev.wait_disconnected()
-
-def wps_m4_but_other(dev, apdev, title, msgtype):
-    addr, bssid, hapd = wps_start_ext(apdev, dev)
-    wps_ext_eap_identity_req(dev, hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev, addr)
-    wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
-    wps_ext_eap_wsc(hapd, dev, addr, "M1")
-    wps_ext_eap_wsc(dev, hapd, bssid, "M2")
-    wps_ext_eap_wsc(hapd, dev, addr, "M3")
-    logger.debug(title)
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev.request("SET ext_eapol_frame_io 0")
-    msg = ev.split(' ')[2]
-    if msg[46:54] != '10220001':
-        raise Exception("Could not find Message Type attribute")
-    # Replace Message Type value. This will be rejected.
-    msg = msg[0:54] + msgtype + msg[56:]
-    res = dev.request("EAPOL_RX " + bssid + " " + msg)
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-    ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("WPS-FAIL event not seen")
-    dev.request("WPS_CANCEL")
-    dev.wait_disconnected()
-
-def test_ap_wps_m2_msg_type_m4(dev, apdev):
-    """WPS and M2 but Message Type M4"""
-    wps_m2_but_other(dev[0], apdev[0], "M2/M4", "08")
-
-def test_ap_wps_m2_msg_type_m6(dev, apdev):
-    """WPS and M2 but Message Type M6"""
-    wps_m2_but_other(dev[0], apdev[0], "M2/M6", "0a")
-
-def test_ap_wps_m2_msg_type_m8(dev, apdev):
-    """WPS and M2 but Message Type M8"""
-    wps_m2_but_other(dev[0], apdev[0], "M2/M8", "0c")
-
-def test_ap_wps_m4_msg_type_m2(dev, apdev):
-    """WPS and M4 but Message Type M2"""
-    wps_m4_but_other(dev[0], apdev[0], "M4/M2", "05")
-
-def test_ap_wps_m4_msg_type_m2d(dev, apdev):
-    """WPS and M4 but Message Type M2D"""
-    wps_m4_but_other(dev[0], apdev[0], "M4/M2D", "06")
-
-@remote_compatible
-def test_ap_wps_config_methods(dev, apdev):
-    """WPS configuration method parsing"""
-    ssid = "test-wps-conf"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "config_methods": "ethernet display ext_nfc_token int_nfc_token physical_display physical_push_button"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "config_methods": "display push_button"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-def test_ap_wps_set_selected_registrar_proto(dev, apdev):
-    """WPS UPnP SetSelectedRegistrar protocol testing"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hapd = add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    urls = upnp_get_urls(location)
-    eventurl = urlparse(urls['event_sub_url'])
-    ctrlurl = urlparse(urls['control_url'])
-    url = urlparse(location)
-    conn = HTTPConnection(url.netloc)
-
-    class WPSERHTTPServer(StreamRequestHandler):
-        def handle(self):
-            data = self.rfile.readline().strip()
-            logger.debug(data)
-            self.wfile.write(gen_wps_event())
-
-    server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
-    server.timeout = 1
-
-    headers = {"callback": '<http://127.0.0.1:12345/event>',
-               "NT": "upnp:event",
-               "timeout": "Second-1234"}
-    conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-    sid = resp.getheader("sid")
-    logger.debug("Subscription SID " + sid)
-    server.handle_request()
-
-    tests = [(500, "10"),
-             (200, "104a000110" + "1041000101" + "101200020000" +
-              "105300023148" +
-              "1049002c00372a0001200124111111111111222222222222333333333333444444444444555555555555666666666666" +
-              "10480010362db47ba53a519188fb5458b986b2e4"),
-             (200, "104a000110" + "1041000100" + "101200020000" +
-              "105300020000"),
-             (200, "104a000110" + "1041000100"),
-             (200, "104a000110")]
-    for status, test in tests:
-        tlvs = binascii.unhexlify(test)
-        newmsg = base64.b64encode(tlvs).decode()
-        msg = '<?xml version="1.0"?>\n'
-        msg += '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'
-        msg += '<s:Body>'
-        msg += '<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">'
-        msg += '<NewMessage>'
-        msg += newmsg
-        msg += "</NewMessage></u:SetSelectedRegistrar></s:Body></s:Envelope>"
-        headers = {"Content-type": 'text/xml; charset="utf-8"'}
-        headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
-        conn.request("POST", ctrlurl.path, msg, headers)
-        resp = conn.getresponse()
-        if resp.status != status:
-            raise Exception("Unexpected HTTP response: %d (expected %d)" % (resp.status, status))
-
-def test_ap_wps_adv_oom(dev, apdev):
-    """WPS AP and advertisement OOM"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hapd = add_ssdp_ap(apdev[0], ap_uuid)
-
-    with alloc_fail(hapd, 1, "=msearchreply_state_machine_start"):
-        ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
-                          no_recv=True)
-        time.sleep(0.2)
-
-    with alloc_fail(hapd, 1, "eloop_register_timeout;msearchreply_state_machine_start"):
-        ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
-                          no_recv=True)
-        time.sleep(0.2)
-
-    with alloc_fail(hapd, 1,
-                    "next_advertisement;advertisement_state_machine_stop"):
-        hapd.disable()
-
-    with alloc_fail(hapd, 1, "ssdp_listener_start"):
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
-
-def test_wps_config_methods(dev):
-    """WPS config method update"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.request("SET config_methods display label"):
-        raise Exception("Failed to set config_methods")
-    if wpas.request("GET config_methods").strip() != "display label":
-        raise Exception("config_methods were not updated")
-    if "OK" not in wpas.request("SET config_methods "):
-        raise Exception("Failed to clear config_methods")
-    if wpas.request("GET config_methods").strip() != "":
-        raise Exception("config_methods were not cleared")
-
-WPS_VENDOR_ID_WFA = 14122
-WPS_VENDOR_TYPE = 1
-
-# EAP-WSC Op-Code values
-WSC_Start = 0x01
-WSC_ACK = 0x02
-WSC_NACK = 0x03
-WSC_MSG = 0x04
-WSC_Done = 0x05
-WSC_FRAG_ACK = 0x06
-
-ATTR_AP_CHANNEL = 0x1001
-ATTR_ASSOC_STATE = 0x1002
-ATTR_AUTH_TYPE = 0x1003
-ATTR_AUTH_TYPE_FLAGS = 0x1004
-ATTR_AUTHENTICATOR = 0x1005
-ATTR_CONFIG_METHODS = 0x1008
-ATTR_CONFIG_ERROR = 0x1009
-ATTR_CONFIRM_URL4 = 0x100a
-ATTR_CONFIRM_URL6 = 0x100b
-ATTR_CONN_TYPE = 0x100c
-ATTR_CONN_TYPE_FLAGS = 0x100d
-ATTR_CRED = 0x100e
-ATTR_ENCR_TYPE = 0x100f
-ATTR_ENCR_TYPE_FLAGS = 0x1010
-ATTR_DEV_NAME = 0x1011
-ATTR_DEV_PASSWORD_ID = 0x1012
-ATTR_E_HASH1 = 0x1014
-ATTR_E_HASH2 = 0x1015
-ATTR_E_SNONCE1 = 0x1016
-ATTR_E_SNONCE2 = 0x1017
-ATTR_ENCR_SETTINGS = 0x1018
-ATTR_ENROLLEE_NONCE = 0x101a
-ATTR_FEATURE_ID = 0x101b
-ATTR_IDENTITY = 0x101c
-ATTR_IDENTITY_PROOF = 0x101d
-ATTR_KEY_WRAP_AUTH = 0x101e
-ATTR_KEY_ID = 0x101f
-ATTR_MAC_ADDR = 0x1020
-ATTR_MANUFACTURER = 0x1021
-ATTR_MSG_TYPE = 0x1022
-ATTR_MODEL_NAME = 0x1023
-ATTR_MODEL_NUMBER = 0x1024
-ATTR_NETWORK_INDEX = 0x1026
-ATTR_NETWORK_KEY = 0x1027
-ATTR_NETWORK_KEY_INDEX = 0x1028
-ATTR_NEW_DEVICE_NAME = 0x1029
-ATTR_NEW_PASSWORD = 0x102a
-ATTR_OOB_DEVICE_PASSWORD = 0x102c
-ATTR_OS_VERSION = 0x102d
-ATTR_POWER_LEVEL = 0x102f
-ATTR_PSK_CURRENT = 0x1030
-ATTR_PSK_MAX = 0x1031
-ATTR_PUBLIC_KEY = 0x1032
-ATTR_RADIO_ENABLE = 0x1033
-ATTR_REBOOT = 0x1034
-ATTR_REGISTRAR_CURRENT = 0x1035
-ATTR_REGISTRAR_ESTABLISHED = 0x1036
-ATTR_REGISTRAR_LIST = 0x1037
-ATTR_REGISTRAR_MAX = 0x1038
-ATTR_REGISTRAR_NONCE = 0x1039
-ATTR_REQUEST_TYPE = 0x103a
-ATTR_RESPONSE_TYPE = 0x103b
-ATTR_RF_BANDS = 0x103c
-ATTR_R_HASH1 = 0x103d
-ATTR_R_HASH2 = 0x103e
-ATTR_R_SNONCE1 = 0x103f
-ATTR_R_SNONCE2 = 0x1040
-ATTR_SELECTED_REGISTRAR = 0x1041
-ATTR_SERIAL_NUMBER = 0x1042
-ATTR_WPS_STATE = 0x1044
-ATTR_SSID = 0x1045
-ATTR_TOTAL_NETWORKS = 0x1046
-ATTR_UUID_E = 0x1047
-ATTR_UUID_R = 0x1048
-ATTR_VENDOR_EXT = 0x1049
-ATTR_VERSION = 0x104a
-ATTR_X509_CERT_REQ = 0x104b
-ATTR_X509_CERT = 0x104c
-ATTR_EAP_IDENTITY = 0x104d
-ATTR_MSG_COUNTER = 0x104e
-ATTR_PUBKEY_HASH = 0x104f
-ATTR_REKEY_KEY = 0x1050
-ATTR_KEY_LIFETIME = 0x1051
-ATTR_PERMITTED_CFG_METHODS = 0x1052
-ATTR_SELECTED_REGISTRAR_CONFIG_METHODS = 0x1053
-ATTR_PRIMARY_DEV_TYPE = 0x1054
-ATTR_SECONDARY_DEV_TYPE_LIST = 0x1055
-ATTR_PORTABLE_DEV = 0x1056
-ATTR_AP_SETUP_LOCKED = 0x1057
-ATTR_APPLICATION_EXT = 0x1058
-ATTR_EAP_TYPE = 0x1059
-ATTR_IV = 0x1060
-ATTR_KEY_PROVIDED_AUTO = 0x1061
-ATTR_802_1X_ENABLED = 0x1062
-ATTR_APPSESSIONKEY = 0x1063
-ATTR_WEPTRANSMITKEY = 0x1064
-ATTR_REQUESTED_DEV_TYPE = 0x106a
-
-# Message Type
-WPS_Beacon = 0x01
-WPS_ProbeRequest = 0x02
-WPS_ProbeResponse = 0x03
-WPS_M1 = 0x04
-WPS_M2 = 0x05
-WPS_M2D = 0x06
-WPS_M3 = 0x07
-WPS_M4 = 0x08
-WPS_M5 = 0x09
-WPS_M6 = 0x0a
-WPS_M7 = 0x0b
-WPS_M8 = 0x0c
-WPS_WSC_ACK = 0x0d
-WPS_WSC_NACK = 0x0e
-WPS_WSC_DONE = 0x0f
-
-def get_wsc_msg(dev):
-    ev = dev.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX")
-    data = binascii.unhexlify(ev.split(' ')[2])
-    msg = {}
-
-    # Parse EAPOL header
-    if len(data) < 4:
-        raise Exception("No room for EAPOL header")
-    version, type, length = struct.unpack('>BBH', data[0:4])
-    msg['eapol_version'] = version
-    msg['eapol_type'] = type
-    msg['eapol_length'] = length
-    data = data[4:]
-    if length != len(data):
-        raise Exception("EAPOL header length mismatch (%d != %d)" % (length, len(data)))
-    if type != 0:
-        raise Exception("Unexpected EAPOL header type: %d" % type)
-
-    # Parse EAP header
-    if len(data) < 4:
-        raise Exception("No room for EAP header")
-    code, identifier, length = struct.unpack('>BBH', data[0:4])
-    msg['eap_code'] = code
-    msg['eap_identifier'] = identifier
-    msg['eap_length'] = length
-    data = data[4:]
-    if msg['eapol_length'] != msg['eap_length']:
-        raise Exception("EAP header length mismatch (%d != %d)" % (msg['eapol_length'], length))
-
-    # Parse EAP expanded header
-    if len(data) < 1:
-        raise Exception("No EAP type included")
-    msg['eap_type'], = struct.unpack('B', data[0:1])
-    data = data[1:]
-
-    if msg['eap_type'] == 254:
-        if len(data) < 3 + 4:
-            raise Exception("Truncated EAP expanded header")
-        msg['eap_vendor_id'], msg['eap_vendor_type'] = struct.unpack('>LL', b'\x00' + data[0:7])
-        data = data[7:]
-    else:
-        raise Exception("Unexpected EAP type")
-
-    if msg['eap_vendor_id'] != WPS_VENDOR_ID_WFA:
-        raise Exception("Unexpected Vendor-Id")
-    if msg['eap_vendor_type'] != WPS_VENDOR_TYPE:
-        raise Exception("Unexpected Vendor-Type")
-
-    # Parse EAP-WSC header
-    if len(data) < 2:
-        raise Exception("Truncated EAP-WSC header")
-    msg['wsc_opcode'], msg['wsc_flags'] = struct.unpack('BB', data[0:2])
-    data = data[2:]
-
-    # Parse WSC attributes
-    msg['raw_attrs'] = data
-    attrs = {}
-    while len(data) > 0:
-        if len(data) < 4:
-            raise Exception("Truncated attribute header")
-        attr, length = struct.unpack('>HH', data[0:4])
-        data = data[4:]
-        if length > len(data):
-            raise Exception("Truncated attribute 0x%04x" % attr)
-        attrs[attr] = data[0:length]
-        data = data[length:]
-    msg['wsc_attrs'] = attrs
-
-    if ATTR_MSG_TYPE in attrs:
-        msg['wsc_msg_type'], = struct.unpack('B', attrs[ATTR_MSG_TYPE])
-
-    return msg
-
-def recv_wsc_msg(dev, opcode, msg_type):
-    msg = get_wsc_msg(dev)
-    if msg['wsc_opcode'] != opcode or msg['wsc_msg_type'] != msg_type:
-        raise Exception("Unexpected Op-Code/MsgType")
-    return msg, msg['wsc_attrs'], msg['raw_attrs']
-
-def build_wsc_attr(attr, payload):
-    _payload = payload if type(payload) == bytes else payload.encode()
-    return struct.pack('>HH', attr, len(_payload)) + _payload
-
-def build_attr_msg_type(msg_type):
-    return build_wsc_attr(ATTR_MSG_TYPE, struct.pack('B', msg_type))
-
-def build_eap_wsc(eap_code, eap_id, payload, opcode=WSC_MSG):
-    length = 4 + 8 + 2 + len(payload)
-    # EAPOL header
-    msg = struct.pack('>BBH', 2, 0, length)
-    # EAP header
-    msg += struct.pack('>BBH', eap_code, eap_id, length)
-    # EAP expanded header for EAP-WSC
-    msg += struct.pack('B', 254)
-    msg += struct.pack('>L', WPS_VENDOR_ID_WFA)[1:4]
-    msg += struct.pack('>L', WPS_VENDOR_TYPE)
-    # EAP-WSC header
-    msg += struct.pack('BB', opcode, 0)
-    # WSC attributes
-    msg += payload
-    return msg
-
-def build_eap_success(eap_id):
-    length = 4
-    # EAPOL header
-    msg = struct.pack('>BBH', 2, 0, length)
-    # EAP header
-    msg += struct.pack('>BBH', 3, eap_id, length)
-    return msg
-
-def build_eap_failure(eap_id):
-    length = 4
-    # EAPOL header
-    msg = struct.pack('>BBH', 2, 0, length)
-    # EAP header
-    msg += struct.pack('>BBH', 4, eap_id, length)
-    return msg
-
-def send_wsc_msg(dev, src, msg):
-    res = dev.request("EAPOL_RX " + src + " " + binascii.hexlify(msg).decode())
-    if "OK" not in res:
-        raise Exception("EAPOL_RX failed")
-
-group_5_prime = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
-group_5_generator = 2
-
-def wsc_kdf(key, label, bits):
-    result = b''
-    i = 1
-    while len(result) * 8 < bits:
-        data = struct.pack('>L', i) + label.encode() + struct.pack('>L', bits)
-        m = hmac.new(key, data, hashlib.sha256)
-        result += m.digest()
-        i += 1
-    return result[0:bits // 8]
-
-def wsc_keys(kdk):
-    keys = wsc_kdf(kdk, "Wi-Fi Easy and Secure Key Derivation", 640)
-    authkey = keys[0:32]
-    keywrapkey = keys[32:48]
-    emsk = keys[48:80]
-    return authkey, keywrapkey, emsk
-
-def wsc_dev_pw_half_psk(authkey, dev_pw):
-    m = hmac.new(authkey, dev_pw.encode(), hashlib.sha256)
-    return m.digest()[0:16]
-
-def wsc_dev_pw_psk(authkey, dev_pw):
-    dev_pw_1 = dev_pw[0:len(dev_pw) // 2]
-    dev_pw_2 = dev_pw[len(dev_pw) // 2:]
-    psk1 = wsc_dev_pw_half_psk(authkey, dev_pw_1)
-    psk2 = wsc_dev_pw_half_psk(authkey, dev_pw_2)
-    return psk1, psk2
-
-def build_attr_authenticator(authkey, prev_msg, curr_msg):
-    m = hmac.new(authkey, prev_msg + curr_msg, hashlib.sha256)
-    auth = m.digest()[0:8]
-    return build_wsc_attr(ATTR_AUTHENTICATOR, auth)
-
-def build_attr_encr_settings(authkey, keywrapkey, data):
-    m = hmac.new(authkey, data, hashlib.sha256)
-    kwa = m.digest()[0:8]
-    data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
-    iv = 16*b'\x99'
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    pad_len = 16 - len(data) % 16
-    ps = pad_len * struct.pack('B', pad_len)
-    data += ps
-    wrapped = aes.encrypt(data)
-    return build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
-
-def decrypt_attr_encr_settings(authkey, keywrapkey, data):
-    if len(data) < 32 or len(data) % 16 != 0:
-        raise Exception("Unexpected Encrypted Settings length: %d" % len(data))
-    iv = data[0:16]
-    encr = data[16:]
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    decrypted = aes.decrypt(encr)
-    pad_len, = struct.unpack('B', decrypted[-1:])
-    if pad_len > len(decrypted):
-        raise Exception("Invalid padding in Encrypted Settings")
-    for i in range(-pad_len, -1):
-        if decrypted[i] != decrypted[-1]:
-            raise Exception("Invalid PS value in Encrypted Settings")
-
-    decrypted = decrypted[0:len(decrypted) - pad_len]
-    if len(decrypted) < 12:
-        raise Exception("Truncated Encrypted Settings plaintext")
-    kwa = decrypted[-12:]
-    attr, length = struct.unpack(">HH", kwa[0:4])
-    if attr != ATTR_KEY_WRAP_AUTH or length != 8:
-        raise Exception("Invalid KWA header")
-    kwa = kwa[4:]
-    decrypted = decrypted[0:len(decrypted) - 12]
-
-    m = hmac.new(authkey, decrypted, hashlib.sha256)
-    calc_kwa = m.digest()[0:8]
-    if kwa != calc_kwa:
-        raise Exception("KWA mismatch")
-
-    return decrypted
-
-def zeropad_str(val, pad_len):
-    while len(val) < pad_len * 2:
-        val = '0' + val
-    return val
-
-def wsc_dh_init():
-    # For now, use a hardcoded private key. In theory, this is supposed to be
-    # randomly selected.
-    own_private = 0x123456789
-    own_public = pow(group_5_generator, own_private, group_5_prime)
-    pk = binascii.unhexlify(zeropad_str(format(own_public, '02x'), 192))
-    return own_private, pk
-
-def wsc_dh_kdf(peer_pk, own_private, mac_addr, e_nonce, r_nonce):
-    peer_public = int(binascii.hexlify(peer_pk), 16)
-    if peer_public < 2 or peer_public >= group_5_prime:
-        raise Exception("Invalid peer public key")
-    if pow(peer_public, (group_5_prime - 1) // 2, group_5_prime) != 1:
-        raise Exception("Unexpected Legendre symbol for peer public key")
-
-    shared_secret = pow(peer_public, own_private, group_5_prime)
-    ss = zeropad_str(format(shared_secret, "02x"), 192)
-    logger.debug("DH shared secret: " + ss)
-
-    dhkey = hashlib.sha256(binascii.unhexlify(ss)).digest()
-    logger.debug("DHKey: " + binascii.hexlify(dhkey).decode())
-
-    m = hmac.new(dhkey, e_nonce + mac_addr + r_nonce, hashlib.sha256)
-    kdk = m.digest()
-    logger.debug("KDK: " + binascii.hexlify(kdk).decode())
-    authkey, keywrapkey, emsk = wsc_keys(kdk)
-    logger.debug("AuthKey: " + binascii.hexlify(authkey).decode())
-    logger.debug("KeyWrapKey: " + binascii.hexlify(keywrapkey).decode())
-    logger.debug("EMSK: " + binascii.hexlify(emsk).decode())
-    return authkey, keywrapkey
-
-def wsc_dev_pw_hash(authkey, dev_pw, e_pk, r_pk):
-    psk1, psk2 = wsc_dev_pw_psk(authkey, dev_pw)
-    logger.debug("PSK1: " + binascii.hexlify(psk1).decode())
-    logger.debug("PSK2: " + binascii.hexlify(psk2).decode())
-
-    # Note: Secret values are supposed to be random, but hardcoded values are
-    # fine for testing.
-    s1 = 16*b'\x77'
-    m = hmac.new(authkey, s1 + psk1 + e_pk + r_pk, hashlib.sha256)
-    hash1 = m.digest()
-    logger.debug("Hash1: " + binascii.hexlify(hash1).decode())
-
-    s2 = 16*b'\x88'
-    m = hmac.new(authkey, s2 + psk2 + e_pk + r_pk, hashlib.sha256)
-    hash2 = m.digest()
-    logger.debug("Hash2: " + binascii.hexlify(hash2).decode())
-    return s1, s2, hash1, hash2
-
-def build_m1(eap_id, uuid_e, mac_addr, e_nonce, e_pk,
-             manufacturer='', model_name='', config_methods='\x00\x00'):
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M1)
-    attrs += build_wsc_attr(ATTR_UUID_E, uuid_e)
-    attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_PUBLIC_KEY, e_pk)
-    attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
-    attrs += build_wsc_attr(ATTR_CONFIG_METHODS, config_methods)
-    attrs += build_wsc_attr(ATTR_WPS_STATE, '\x00')
-    attrs += build_wsc_attr(ATTR_MANUFACTURER, manufacturer)
-    attrs += build_wsc_attr(ATTR_MODEL_NAME, model_name)
-    attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
-    attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
-    attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
-    attrs += build_wsc_attr(ATTR_DEV_NAME, '')
-    attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
-    attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
-    m1 = build_eap_wsc(2, eap_id, attrs)
-    return m1, attrs
-
-def build_m2(authkey, m1, eap_id, e_nonce, r_nonce, uuid_r, r_pk,
-             dev_pw_id='\x00\x00', eap_code=1):
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M2)
-    if e_nonce:
-        attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    if r_nonce:
-        attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
-    if r_pk:
-        attrs += build_wsc_attr(ATTR_PUBLIC_KEY, r_pk)
-    attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
-    attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
-    attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
-    attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
-    attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
-    attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
-    attrs += build_wsc_attr(ATTR_DEV_NAME, '')
-    attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
-    attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
-    attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
-    attrs += build_attr_authenticator(authkey, m1, attrs)
-    m2 = build_eap_wsc(eap_code, eap_id, attrs)
-    return m2, attrs
-
-def build_m2d(m1, eap_id, e_nonce, r_nonce, uuid_r, dev_pw_id=None, eap_code=1):
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M2D)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
-    attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
-    attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
-    attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
-    #attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
-    attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
-    attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
-    attrs += build_wsc_attr(ATTR_DEV_NAME, '')
-    attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
-    attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
-    attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
-    if dev_pw_id:
-        attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
-    m2d = build_eap_wsc(eap_code, eap_id, attrs)
-    return m2d, attrs
-
-def build_ack(eap_id, e_nonce, r_nonce, msg_type=WPS_WSC_ACK, eap_code=1):
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    if msg_type is not None:
-        attrs += build_attr_msg_type(msg_type)
-    if e_nonce:
-        attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    if r_nonce:
-        attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_ACK)
-    return msg, attrs
-
-def build_nack(eap_id, e_nonce, r_nonce, config_error='\x00\x00',
-               msg_type=WPS_WSC_NACK, eap_code=1):
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    if msg_type is not None:
-        attrs += build_attr_msg_type(msg_type)
-    if e_nonce:
-        attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    if r_nonce:
-        attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    if config_error:
-        attrs += build_wsc_attr(ATTR_CONFIG_ERROR, config_error)
-    msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_NACK)
-    return msg, attrs
-
-def test_wps_ext(dev, apdev):
-    """WPS against external implementation"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-    wsc_start_id = msg['eap_identifier']
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-
-    authkey, keywrapkey = wsc_dh_kdf(m2_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, e_nonce,
-                                     m2_attrs[ATTR_REGISTRAR_NONCE])
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk,
-                                                   m2_attrs[ATTR_PUBLIC_KEY])
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
-                            m2_attrs[ATTR_REGISTRAR_NONCE])
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
-                            m2_attrs[ATTR_REGISTRAR_NONCE])
-    data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    logger.debug("Receive M6 from AP")
-    msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
-
-    logger.debug("Send M7 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M7)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
-                            m2_attrs[ATTR_REGISTRAR_NONCE])
-    data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
-    m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    raw_m7_attrs = attrs
-    send_wsc_msg(hapd, addr, m7)
-
-    logger.debug("Receive M8 from AP")
-    msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
-    m8_cred = decrypt_attr_encr_settings(authkey, keywrapkey,
-                                         m8_attrs[ATTR_ENCR_SETTINGS])
-    logger.debug("M8 Credential: " + binascii.hexlify(m8_cred).decode())
-
-    logger.debug("Prepare WSC_Done")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_WSC_DONE)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
-                            m2_attrs[ATTR_REGISTRAR_NONCE])
-    wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    # Do not send WSC_Done yet to allow exchangw with STA complete before the
-    # AP disconnects.
-
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-
-    eap_id = wsc_start_id
-    logger.debug("Send WSC/Start to STA")
-    wsc_start = build_eap_wsc(1, eap_id, b'', opcode=WSC_Start)
-    send_wsc_msg(dev[0], bssid, wsc_start)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
-    raw_m4_attrs = attrs
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 from STA")
-    msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
-
-    logger.debug("Send M6 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M6)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
-                            m1_attrs[ATTR_ENROLLEE_NONCE])
-    data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
-    raw_m6_attrs = attrs
-    m6 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m6)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M7 from STA")
-    msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
-
-    logger.debug("Send M8 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M8)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
-                            m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
-    attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
-    raw_m8_attrs = attrs
-    m8 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m8)
-    eap_id = (eap_id + 1) % 256
-
-    ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("wpa_supplicant did not report credential")
-
-    logger.debug("Receive WSC_Done from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
-        raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
-
-    logger.debug("Send WSC_Done to AP")
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-    send_wsc_msg(hapd, addr, wsc_done)
-
-    ev = hapd.wait_event(["WPS-REG-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("hostapd did not report WPS success")
-
-    dev[0].wait_connected()
-
-def wps_start_kwa(dev, apdev):
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-
-    return r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs
-
-def wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id):
-    attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_kwa_proto_no_kwa(dev, apdev):
-    """WPS and KWA error: No KWA attribute"""
-    r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    # Encrypted Settings without KWA
-    iv = 16*b'\x99'
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    pad_len = 16 - len(data) % 16
-    ps = pad_len * struct.pack('B', pad_len)
-    data += ps
-    wrapped = aes.encrypt(data)
-    attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
-    wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
-
-def test_wps_ext_kwa_proto_data_after_kwa(dev, apdev):
-    """WPS and KWA error: Data after KWA"""
-    r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    # Encrypted Settings and data after KWA
-    m = hmac.new(authkey, data, hashlib.sha256)
-    kwa = m.digest()[0:8]
-    data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
-    data += build_wsc_attr(ATTR_VENDOR_EXT, "1234567890")
-    iv = 16*b'\x99'
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    pad_len = 16 - len(data) % 16
-    ps = pad_len * struct.pack('B', pad_len)
-    data += ps
-    wrapped = aes.encrypt(data)
-    attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
-    wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
-
-def test_wps_ext_kwa_proto_kwa_mismatch(dev, apdev):
-    """WPS and KWA error: KWA mismatch"""
-    r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    # Encrypted Settings and KWA with incorrect value
-    data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, 8*'\x00')
-    iv = 16*b'\x99'
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    pad_len = 16 - len(data) % 16
-    ps = pad_len * struct.pack('B', pad_len)
-    data += ps
-    wrapped = aes.encrypt(data)
-    attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
-    wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
-
-def wps_run_cred_proto(dev, apdev, m8_cred, connect=False, no_connect=False):
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
-    raw_m4_attrs = attrs
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 from STA")
-    msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
-
-    logger.debug("Send M6 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M6)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
-                            m1_attrs[ATTR_ENROLLEE_NONCE])
-    data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
-    raw_m6_attrs = attrs
-    m6 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m6)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M7 from STA")
-    msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
-
-    logger.debug("Send M8 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M8)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
-                            m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
-    attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
-    raw_m8_attrs = attrs
-    m8 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m8)
-    eap_id = (eap_id + 1) % 256
-
-    if no_connect:
-        logger.debug("Receive WSC_Done from STA")
-        msg = get_wsc_msg(dev[0])
-        if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
-            raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
-
-        hapd.request("SET ext_eapol_frame_io 0")
-        dev[0].request("SET ext_eapol_frame_io 0")
-
-        send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-
-        dev[0].wait_disconnected()
-        dev[0].request("REMOVE_NETWORK all")
-    elif connect:
-        logger.debug("Receive WSC_Done from STA")
-        msg = get_wsc_msg(dev[0])
-        if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
-            raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
-
-        hapd.request("SET ext_eapol_frame_io 0")
-        dev[0].request("SET ext_eapol_frame_io 0")
-
-        send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-
-        dev[0].wait_connected()
-    else:
-        # Verify STA NACK's the credential
-        msg = get_wsc_msg(dev[0])
-        if msg['wsc_opcode'] != WSC_NACK:
-            raise Exception("Unexpected message - expected WSC_Nack")
-        dev[0].request("WPS_CANCEL")
-        send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-        dev[0].wait_disconnected()
-
-def build_cred(nw_idx='\x01', ssid='test-wps-conf', auth_type='\x00\x20',
-               encr_type='\x00\x08', nw_key="12345678",
-               mac_addr='\x00\x00\x00\x00\x00\x00'):
-    attrs = b''
-    if nw_idx is not None:
-        attrs += build_wsc_attr(ATTR_NETWORK_INDEX, nw_idx)
-    if ssid is not None:
-        attrs += build_wsc_attr(ATTR_SSID, ssid)
-    if auth_type is not None:
-        attrs += build_wsc_attr(ATTR_AUTH_TYPE, auth_type)
-    if encr_type is not None:
-        attrs += build_wsc_attr(ATTR_ENCR_TYPE, encr_type)
-    if nw_key is not None:
-        attrs += build_wsc_attr(ATTR_NETWORK_KEY, nw_key)
-    if mac_addr is not None:
-        attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
-    return build_wsc_attr(ATTR_CRED, attrs)
-
-def test_wps_ext_cred_proto_success(dev, apdev):
-    """WPS and Credential: success"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr)
-    wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
-
-def test_wps_ext_cred_proto_mac_addr_mismatch(dev, apdev):
-    """WPS and Credential: MAC Address mismatch"""
-    m8_cred = build_cred()
-    wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
-
-def test_wps_ext_cred_proto_zero_padding(dev, apdev):
-    """WPS and Credential: zeropadded attributes"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, ssid='test-wps-conf\x00',
-                         nw_key="12345678\x00")
-    wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
-
-def test_wps_ext_cred_proto_ssid_missing(dev, apdev):
-    """WPS and Credential: SSID missing"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, ssid=None)
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_cred_proto_ssid_zero_len(dev, apdev):
-    """WPS and Credential: Zero-length SSID"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, ssid="")
-    wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
-
-def test_wps_ext_cred_proto_auth_type_missing(dev, apdev):
-    """WPS and Credential: Auth Type missing"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, auth_type=None)
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_cred_proto_encr_type_missing(dev, apdev):
-    """WPS and Credential: Encr Type missing"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, encr_type=None)
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_cred_proto_network_key_missing(dev, apdev):
-    """WPS and Credential: Network Key missing"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, nw_key=None)
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_cred_proto_network_key_missing_open(dev, apdev):
-    """WPS and Credential: Network Key missing (open)"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, auth_type='\x00\x01',
-                         encr_type='\x00\x01', nw_key=None, ssid="foo")
-    wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
-
-def test_wps_ext_cred_proto_mac_addr_missing(dev, apdev):
-    """WPS and Credential: MAC Address missing"""
-    m8_cred = build_cred(mac_addr=None)
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_cred_proto_invalid_encr_type(dev, apdev):
-    """WPS and Credential: Invalid Encr Type"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = build_cred(mac_addr=mac_addr, encr_type='\x00\x00')
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_cred_proto_missing_cred(dev, apdev):
-    """WPS and Credential: Missing Credential"""
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    m8_cred = b''
-    wps_run_cred_proto(dev, apdev, m8_cred)
-
-def test_wps_ext_proto_m2_no_public_key(dev, apdev):
-    """WPS and no Public Key in M2"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, None)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    # Verify STA NACK's the credential
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m2_invalid_public_key(dev, apdev):
-    """WPS and invalid Public Key in M2"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, 192*b'\xff')
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    # Verify STA NACK's the credential
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m2_public_key_oom(dev, apdev):
-    """WPS and Public Key OOM in M2"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;wps_process_pubkey"):
-        send_wsc_msg(dev[0], bssid, m2)
-        eap_id = (eap_id + 1) % 256
-
-        # Verify STA NACK's the credential
-        msg = get_wsc_msg(dev[0])
-        if msg['wsc_opcode'] != WSC_NACK:
-            raise Exception("Unexpected message - expected WSC_Nack")
-        dev[0].request("WPS_CANCEL")
-        send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-        dev[0].wait_disconnected()
-
-def test_wps_ext_proto_nack_m3(dev, apdev):
-    """WPS and NACK M3"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
-                            r_nonce, config_error='\x01\x23')
-    send_wsc_msg(dev[0], bssid, msg)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("Failure not reported")
-    if "msg=7 config_error=291" not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-def test_wps_ext_proto_nack_m5(dev, apdev):
-    """WPS and NACK M5"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
-    raw_m4_attrs = attrs
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 from STA")
-    msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
-
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
-                            r_nonce, config_error='\x01\x24')
-    send_wsc_msg(dev[0], bssid, msg)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("Failure not reported")
-    if "msg=9 config_error=292" not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-def wps_nack_m3(dev, apdev):
-    pin = "00000000"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk, dev_pw_id='\x00\x04')
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-    return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid
-
-def test_wps_ext_proto_nack_m3_no_config_error(dev, apdev):
-    """WPS and NACK M3 missing Config Error"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, e_nonce, r_nonce, config_error=None)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_no_e_nonce(dev, apdev):
-    """WPS and NACK M3 missing E-Nonce"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, None, r_nonce)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_e_nonce_mismatch(dev, apdev):
-    """WPS and NACK M3 E-Nonce mismatch"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, 16*'\x00', r_nonce)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_no_r_nonce(dev, apdev):
-    """WPS and NACK M3 missing R-Nonce"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, e_nonce, None)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_r_nonce_mismatch(dev, apdev):
-    """WPS and NACK M3 R-Nonce mismatch"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, e_nonce, 16*'\x00')
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_no_msg_type(dev, apdev):
-    """WPS and NACK M3 no Message Type"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=None)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_invalid_msg_type(dev, apdev):
-    """WPS and NACK M3 invalid Message Type"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=123)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_nack_m3_invalid_attr(dev, apdev):
-    """WPS and NACK M3 invalid attribute"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    attrs = b'\x10\x10\x00'
-    msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_NACK)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_no_e_nonce(dev, apdev):
-    """WPS and ACK M3 missing E-Nonce"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_ack(eap_id, None, r_nonce)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_e_nonce_mismatch(dev, apdev):
-    """WPS and ACK M3 E-Nonce mismatch"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_ack(eap_id, 16*'\x00', r_nonce)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_no_r_nonce(dev, apdev):
-    """WPS and ACK M3 missing R-Nonce"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_ack(eap_id, e_nonce, None)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_r_nonce_mismatch(dev, apdev):
-    """WPS and ACK M3 R-Nonce mismatch"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_ack(eap_id, e_nonce, 16*'\x00')
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_no_msg_type(dev, apdev):
-    """WPS and ACK M3 no Message Type"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=None)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_invalid_msg_type(dev, apdev):
-    """WPS and ACK M3 invalid Message Type"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send NACK to STA")
-    msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=123)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3_invalid_attr(dev, apdev):
-    """WPS and ACK M3 invalid attribute"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send ACK to STA")
-    attrs = b'\x10\x10\x00'
-    msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_ACK)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def test_wps_ext_proto_ack_m3(dev, apdev):
-    """WPS and ACK M3"""
-    eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
-    logger.debug("Send ACK to STA")
-    msg, attrs = build_ack(eap_id, e_nonce, r_nonce)
-    send_wsc_msg(dev[0], bssid, msg)
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    dev[0].flush_scan_cache()
-
-def wps_to_m3_helper(dev, apdev):
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-    wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Receive M1 from STA")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
-    eap_id = (msg['eap_identifier'] + 1) % 256
-
-    authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
-                                     mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
-                                                   m1_attrs[ATTR_PUBLIC_KEY],
-                                                   e_pk)
-
-    logger.debug("Send M2 to STA")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
-                                m1_attrs[ATTR_ENROLLEE_NONCE],
-                                r_nonce, uuid_r, e_pk)
-    send_wsc_msg(dev[0], bssid, m2)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M3 from STA")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
-    return eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey
-
-def wps_to_m3(dev, apdev):
-    eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
-    return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s1, raw_m3_attrs, authkey, keywrapkey
-
-def wps_to_m5(dev, apdev):
-    eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
-    raw_m4_attrs = attrs
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 from STA")
-    msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
-
-    return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s2, raw_m5_attrs, authkey, keywrapkey
-
-def test_wps_ext_proto_m4_missing_r_hash1(dev, apdev):
-    """WPS and no R-Hash1 in M4"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    #attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, m3, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m4_missing_r_hash2(dev, apdev):
-    """WPS and no R-Hash2 in M4"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    #attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, m3, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m4_missing_r_snonce1(dev, apdev):
-    """WPS and no R-SNonce1 in M4"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    #data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    data = b''
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, m3, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m4_invalid_pad_string(dev, apdev):
-    """WPS and invalid pad string in M4"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-
-    m = hmac.new(authkey, data, hashlib.sha256)
-    kwa = m.digest()[0:8]
-    data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
-    iv = 16*b'\x99'
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    pad_len = 16 - len(data) % 16
-    ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', pad_len - 1)
-    data += ps
-    wrapped = aes.encrypt(data)
-    attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
-
-    attrs += build_attr_authenticator(authkey, m3, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m4_invalid_pad_value(dev, apdev):
-    """WPS and invalid pad value in M4"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-
-    m = hmac.new(authkey, data, hashlib.sha256)
-    kwa = m.digest()[0:8]
-    data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
-    iv = 16*b'\x99'
-    aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
-    pad_len = 16 - len(data) % 16
-    ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', 255)
-    data += ps
-    wrapped = aes.encrypt(data)
-    attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
-
-    attrs += build_attr_authenticator(authkey, m3, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m4_no_encr_settings(dev, apdev):
-    """WPS and no Encr Settings in M4"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
-
-    logger.debug("Send M4 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    attrs += build_attr_authenticator(authkey, m3, attrs)
-    m4 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m4)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M5 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m6_missing_r_snonce2(dev, apdev):
-    """WPS and no R-SNonce2 in M6"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
-
-    logger.debug("Send M6 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M6)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    #data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
-    data = b''
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, m5, attrs)
-    m6 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m6)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M7 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m6_no_encr_settings(dev, apdev):
-    """WPS and no Encr Settings in M6"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
-
-    logger.debug("Send M6 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M6)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
-    #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, m5, attrs)
-    m6 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m6)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M7 (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def test_wps_ext_proto_m8_no_encr_settings(dev, apdev):
-    """WPS and no Encr Settings in M6"""
-    eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
-
-    logger.debug("Send M6 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M6)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, m5, attrs)
-    raw_m6_attrs = attrs
-    m6 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m6)
-    eap_id = (eap_id + 1) % 256
-
-    logger.debug("Receive M7 from STA")
-    msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
-
-    logger.debug("Send M8 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M8)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    #attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
-    attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
-    raw_m8_attrs = attrs
-    m8 = build_eap_wsc(1, eap_id, attrs)
-    send_wsc_msg(dev[0], bssid, m8)
-
-    logger.debug("Receive WSC_Done (NACK) from STA")
-    msg = get_wsc_msg(dev[0])
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_Nack")
-
-    dev[0].request("WPS_CANCEL")
-    send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
-    dev[0].wait_disconnected()
-
-def wps_start_ext_reg(apdev, dev):
-    addr = dev.own_addr()
-    bssid = apdev['bssid']
-    ssid = "test-wps-conf"
-    appin = "12345670"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "ap_pin": appin}
-    hapd = hostapd.add_ap(apdev, params)
-
-    dev.scan_for_bss(bssid, freq="2412")
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev.request("SET ext_eapol_frame_io 1")
-
-    dev.request("WPS_REG " + bssid + " " + appin)
-
-    return addr, bssid, hapd
-
-def wps_run_ap_settings_proto(dev, apdev, ap_settings, success):
-    addr, bssid, hapd = wps_start_ext_reg(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive M1 from AP")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
-    mac_addr = m1_attrs[ATTR_MAC_ADDR]
-    e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
-    e_pk = m1_attrs[ATTR_PUBLIC_KEY]
-
-    appin = '12345670'
-    uuid_r = 16*b'\x33'
-    r_nonce = 16*b'\x44'
-    own_private, r_pk = wsc_dh_init()
-    authkey, keywrapkey = wsc_dh_kdf(e_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, appin, e_pk, r_pk)
-
-    logger.debug("Send M2 to AP")
-    m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, msg['eap_identifier'],
-                                e_nonce, r_nonce, uuid_r, r_pk, eap_code=2)
-    send_wsc_msg(hapd, addr, m2)
-
-    logger.debug("Receive M3 from AP")
-    msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M3)
-
-    logger.debug("Send M4 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M4)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
-    attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
-    data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
-    raw_m4_attrs = attrs
-    m4 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m4)
-
-    logger.debug("Receive M5 from AP")
-    msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M5)
-
-    logger.debug("Send M6 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M6)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
-    raw_m6_attrs = attrs
-    m6 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m6)
-
-    logger.debug("Receive M7 from AP")
-    msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M7)
-
-    logger.debug("Send M8 to STA")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M8)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    if ap_settings:
-        attrs += build_attr_encr_settings(authkey, keywrapkey, ap_settings)
-    attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
-    raw_m8_attrs = attrs
-    m8 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m8)
-
-    if success:
-        ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
-        if ev is None:
-            raise Exception("New AP settings not reported")
-        logger.debug("Receive WSC_Done from AP")
-        msg = get_wsc_msg(hapd)
-        if msg['wsc_opcode'] != WSC_Done:
-            raise Exception("Unexpected message - expected WSC_Done")
-
-        logger.debug("Send WSC_ACK to AP")
-        ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
-                               eap_code=2)
-        send_wsc_msg(hapd, addr, ack)
-        dev[0].wait_disconnected()
-    else:
-        ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
-        if ev is None:
-            raise Exception("WPS failure not reported")
-        logger.debug("Receive WSC_NACK from AP")
-        msg = get_wsc_msg(hapd)
-        if msg['wsc_opcode'] != WSC_NACK:
-            raise Exception("Unexpected message - expected WSC_NACK")
-
-        logger.debug("Send WSC_NACK to AP")
-        nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
-                                 eap_code=2)
-        send_wsc_msg(hapd, addr, nack)
-        dev[0].wait_disconnected()
-
-def test_wps_ext_ap_settings_success(dev, apdev):
-    """WPS and AP Settings: success"""
-    ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
-    ap_settings += build_wsc_attr(ATTR_SSID, "test")
-    ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
-    ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
-    wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
-
-@remote_compatible
-def test_wps_ext_ap_settings_missing(dev, apdev):
-    """WPS and AP Settings: missing"""
-    wps_run_ap_settings_proto(dev, apdev, None, False)
-
-@remote_compatible
-def test_wps_ext_ap_settings_mac_addr_mismatch(dev, apdev):
-    """WPS and AP Settings: MAC Address mismatch"""
-    ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
-    ap_settings += build_wsc_attr(ATTR_SSID, "test")
-    ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
-    ap_settings += build_wsc_attr(ATTR_MAC_ADDR, '\x00\x00\x00\x00\x00\x00')
-    wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
-
-@remote_compatible
-def test_wps_ext_ap_settings_mac_addr_missing(dev, apdev):
-    """WPS and AP Settings: missing MAC Address"""
-    ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
-    ap_settings += build_wsc_attr(ATTR_SSID, "test")
-    ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
-    wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
-
-@remote_compatible
-def test_wps_ext_ap_settings_reject_encr_type(dev, apdev):
-    """WPS and AP Settings: reject Encr Type"""
-    ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
-    ap_settings += build_wsc_attr(ATTR_SSID, "test")
-    ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
-    ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x00')
-    ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
-    ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
-    wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
-
-@remote_compatible
-def test_wps_ext_ap_settings_m2d(dev, apdev):
-    """WPS and AP Settings: M2D"""
-    addr, bssid, hapd = wps_start_ext_reg(apdev[0], dev[0])
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive M1 from AP")
-    msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
-    e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
-
-    r_nonce = 16*'\x44'
-    uuid_r = 16*'\x33'
-
-    logger.debug("Send M2D to AP")
-    m2d, raw_m2d_attrs = build_m2d(raw_m1_attrs, msg['eap_identifier'],
-                                   e_nonce, r_nonce, uuid_r,
-                                   dev_pw_id='\x00\x00', eap_code=2)
-    send_wsc_msg(hapd, addr, m2d)
-
-    ev = hapd.wait_event(["WPS-M2D"], timeout=5)
-    if ev is None:
-        raise Exception("M2D not reported")
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-def wps_wait_ap_nack(hapd, dev, e_nonce, r_nonce):
-    logger.debug("Receive WSC_NACK from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_NACK:
-        raise Exception("Unexpected message - expected WSC_NACK")
-
-    logger.debug("Send WSC_NACK to AP")
-    nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
-                             eap_code=2)
-    send_wsc_msg(hapd, dev.own_addr(), nack)
-    dev.wait_disconnected()
-
-@remote_compatible
-def test_wps_ext_m3_missing_e_hash1(dev, apdev):
-    """WPS proto: M3 missing E-Hash1"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    #attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m3_missing_e_hash2(dev, apdev):
-    """WPS proto: M3 missing E-Hash2"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    #attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m5_missing_e_snonce1(dev, apdev):
-    """WPS proto: M5 missing E-SNonce1"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    #data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    data = b''
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m5_e_snonce1_mismatch(dev, apdev):
-    """WPS proto: M5 E-SNonce1 mismatch"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE1, 16*'\x00')
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-def test_wps_ext_m7_missing_e_snonce2(dev, apdev):
-    """WPS proto: M7 missing E-SNonce2"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    logger.debug("Receive M6 from AP")
-    msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
-
-    logger.debug("Send M7 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M7)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
-    data = b''
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
-    m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    raw_m7_attrs = attrs
-    send_wsc_msg(hapd, addr, m7)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m7_e_snonce2_mismatch(dev, apdev):
-    """WPS proto: M7 E-SNonce2 mismatch"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    logger.debug("Receive M6 from AP")
-    msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
-
-    logger.debug("Send M7 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M7)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE2, 16*'\x00')
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
-    m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    raw_m7_attrs = attrs
-    send_wsc_msg(hapd, addr, m7)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m1_pubkey_oom(dev, apdev):
-    """WPS proto: M1 PubKey OOM"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*'\x11'
-    e_nonce = 16*'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    with alloc_fail(hapd, 1, "wpabuf_alloc_copy;wps_process_pubkey"):
-        m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                    e_nonce, e_pk)
-        send_wsc_msg(hapd, addr, m1)
-        wps_wait_eap_failure(hapd, dev[0])
-
-def wps_wait_eap_failure(hapd, dev):
-    ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    dev.wait_disconnected()
-
-@remote_compatible
-def test_wps_ext_m3_m1(dev, apdev):
-    """WPS proto: M3 replaced with M1"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3(M1) to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M1)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m5_m3(dev, apdev):
-    """WPS proto: M5 replaced with M3"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5(M3) to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m3_m2(dev, apdev):
-    """WPS proto: M3 replaced with M2"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3(M2) to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M2)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m3_m5(dev, apdev):
-    """WPS proto: M3 replaced with M5"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3(M5) to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m3_m7(dev, apdev):
-    """WPS proto: M3 replaced with M7"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3(M7) to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M7)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m3_done(dev, apdev):
-    """WPS proto: M3 replaced with WSC_Done"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3(WSC_Done) to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_WSC_DONE)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    send_wsc_msg(hapd, addr, m3)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_nack_invalid(dev, apdev):
-    """WPS proto: M2 followed by invalid NACK"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_NACK to AP")
-    attrs = b'\x10\x00\x00'
-    nack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_NACK)
-    send_wsc_msg(hapd, addr, nack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_nack_no_msg_type(dev, apdev):
-    """WPS proto: M2 followed by NACK without Msg Type"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_NACK to AP")
-    nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
-                             msg_type=None, eap_code=2)
-    send_wsc_msg(hapd, addr, nack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_nack_invalid_msg_type(dev, apdev):
-    """WPS proto: M2 followed by NACK with invalid Msg Type"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_NACK to AP")
-    nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
-                             msg_type=WPS_WSC_ACK, eap_code=2)
-    send_wsc_msg(hapd, addr, nack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_nack_e_nonce_mismatch(dev, apdev):
-    """WPS proto: M2 followed by NACK with e-nonce mismatch"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_NACK to AP")
-    nack, attrs = build_nack(msg['eap_identifier'], 16*b'\x00', r_nonce,
-                             eap_code=2)
-    send_wsc_msg(hapd, addr, nack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_nack_no_config_error(dev, apdev):
-    """WPS proto: M2 followed by NACK without Config Error"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_NACK to AP")
-    nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
-                             config_error=None, eap_code=2)
-    send_wsc_msg(hapd, addr, nack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_ack_invalid(dev, apdev):
-    """WPS proto: M2 followed by invalid ACK"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_ACK to AP")
-    attrs = b'\x10\x00\x00'
-    ack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_ACK)
-    send_wsc_msg(hapd, addr, ack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_ack(dev, apdev):
-    """WPS proto: M2 followed by ACK"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_ACK to AP")
-    ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce, eap_code=2)
-    send_wsc_msg(hapd, addr, ack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_ack_no_msg_type(dev, apdev):
-    """WPS proto: M2 followed by ACK missing Msg Type"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_ACK to AP")
-    ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
-                           msg_type=None, eap_code=2)
-    send_wsc_msg(hapd, addr, ack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_ack_invalid_msg_type(dev, apdev):
-    """WPS proto: M2 followed by ACK with invalid Msg Type"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_ACK to AP")
-    ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
-                          msg_type=WPS_WSC_NACK, eap_code=2)
-    send_wsc_msg(hapd, addr, ack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m2_ack_e_nonce_mismatch(dev, apdev):
-    """WPS proto: M2 followed by ACK with e-nonce mismatch"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send WSC_ACK to AP")
-    ack, attrs = build_ack(msg['eap_identifier'], 16*b'\x00', r_nonce,
-                           eap_code=2)
-    send_wsc_msg(hapd, addr, ack)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m1_invalid(dev, apdev):
-    """WPS proto: M1 failing parsing"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    logger.debug("Send M1 to AP")
-    attrs = b'\x10\x00\x00'
-    m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m1)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-def test_wps_ext_m1_missing_msg_type(dev, apdev):
-    """WPS proto: M1 missing Msg Type"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    logger.debug("Send M1 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m1)
-
-    wps_wait_ap_nack(hapd, dev[0], 16*b'\x00', 16*b'\x00')
-
-def wps_ext_wsc_done(dev, apdev):
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    logger.debug("Receive M6 from AP")
-    msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
-
-    logger.debug("Send M7 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M7)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
-    m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    raw_m7_attrs = attrs
-    send_wsc_msg(hapd, addr, m7)
-
-    logger.debug("Receive M8 from AP")
-    msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
-    return hapd, msg, e_nonce, r_nonce
-
-@remote_compatible
-def test_wps_ext_wsc_done_invalid(dev, apdev):
-    """WPS proto: invalid WSC_Done"""
-    hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
-
-    logger.debug("Send WSC_Done to AP")
-    attrs = b'\x10\x00\x00'
-    wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_wsc_done_no_msg_type(dev, apdev):
-    """WPS proto: invalid WSC_Done"""
-    hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
-
-    logger.debug("Send WSC_Done to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    #attrs += build_attr_msg_type(WPS_WSC_DONE)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_wsc_done_wrong_msg_type(dev, apdev):
-    """WPS proto: WSC_Done with wrong Msg Type"""
-    hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
-
-    logger.debug("Send WSC_Done to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_WSC_ACK)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_wsc_done_no_e_nonce(dev, apdev):
-    """WPS proto: WSC_Done without e_nonce"""
-    hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
-
-    logger.debug("Send WSC_Done to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_WSC_DONE)
-    #attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-def test_wps_ext_wsc_done_no_r_nonce(dev, apdev):
-    """WPS proto: WSC_Done without r_nonce"""
-    hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
-
-    logger.debug("Send WSC_Done to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_WSC_DONE)
-    attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
-    #attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
-    send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
-
-    wps_wait_eap_failure(hapd, dev[0])
-
-@remote_compatible
-def test_wps_ext_m7_no_encr_settings(dev, apdev):
-    """WPS proto: M7 without Encr Settings"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk)
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-    r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
-    r_pk = m2_attrs[ATTR_PUBLIC_KEY]
-
-    authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
-                                     r_nonce)
-    e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
-
-    logger.debug("Send M3 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M3)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
-    attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
-    attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
-    raw_m3_attrs = attrs
-    m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m3)
-
-    logger.debug("Receive M4 from AP")
-    msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
-
-    logger.debug("Send M5 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M5)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
-    attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
-    raw_m5_attrs = attrs
-    m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    send_wsc_msg(hapd, addr, m5)
-
-    logger.debug("Receive M6 from AP")
-    msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
-
-    logger.debug("Send M7 to AP")
-    attrs = build_wsc_attr(ATTR_VERSION, '\x10')
-    attrs += build_attr_msg_type(WPS_M7)
-    attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
-    #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
-    #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
-    attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
-    m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
-    raw_m7_attrs = attrs
-    send_wsc_msg(hapd, addr, m7)
-
-    wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
-
-@remote_compatible
-def test_wps_ext_m1_workaround(dev, apdev):
-    """WPS proto: M1 Manufacturer/Model workaround"""
-    pin = "12345670"
-    addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
-    wps_ext_eap_identity_req(dev[0], hapd, bssid)
-    wps_ext_eap_identity_resp(hapd, dev[0], addr)
-
-    logger.debug("Receive WSC/Start from AP")
-    msg = get_wsc_msg(hapd)
-    if msg['wsc_opcode'] != WSC_Start:
-        raise Exception("Unexpected Op-Code for WSC/Start")
-
-    mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    uuid_e = 16*b'\x11'
-    e_nonce = 16*b'\x22'
-    own_private, e_pk = wsc_dh_init()
-
-    logger.debug("Send M1 to AP")
-    m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
-                                e_nonce, e_pk, manufacturer='Apple TEST',
-                                model_name='AirPort', config_methods=b'\xff\xff')
-    send_wsc_msg(hapd, addr, m1)
-
-    logger.debug("Receive M2 from AP")
-    msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
-
-@remote_compatible
-def test_ap_wps_disable_enable(dev, apdev):
-    """WPS and DISABLE/ENABLE AP"""
-    hapd = wps_start_ap(apdev[0])
-    hapd.disable()
-    hapd.enable()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-
-def test_ap_wps_upnp_web_oom(dev, apdev, params):
-    """hostapd WPS UPnP web OOM"""
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    hapd = add_ssdp_ap(apdev[0], ap_uuid)
-
-    location = ssdp_get_location(ap_uuid)
-    url = urlparse(location)
-    urls = upnp_get_urls(location)
-    eventurl = urlparse(urls['event_sub_url'])
-    ctrlurl = urlparse(urls['control_url'])
-
-    conn = HTTPConnection(url.netloc)
-    with alloc_fail(hapd, 1, "web_connection_parse_get"):
-        conn.request("GET", "/wps_device.xml")
-        try:
-            resp = conn.getresponse()
-        except:
-            pass
-
-    conn = HTTPConnection(url.netloc)
-    conn.request("GET", "/unknown")
-    resp = conn.getresponse()
-    if resp.status != 404:
-        raise Exception("Unexpected HTTP result for unknown URL: %d" + resp.status)
-
-    with alloc_fail(hapd, 1, "web_connection_parse_get"):
-        conn.request("GET", "/unknown")
-        try:
-            resp = conn.getresponse()
-            print(resp.status)
-        except:
-            pass
-
-    conn = HTTPConnection(url.netloc)
-    conn.request("GET", "/wps_device.xml")
-    resp = conn.getresponse()
-    if resp.status != 200:
-        raise Exception("GET /wps_device.xml failed")
-
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
-    if resp.status != 200:
-        raise Exception("GetDeviceInfo failed")
-
-    with alloc_fail(hapd, 1, "web_process_get_device_info"):
-        conn = HTTPConnection(url.netloc)
-        resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
-        if resp.status != 500:
-            raise Exception("Internal error not reported from GetDeviceInfo OOM")
-
-    with alloc_fail(hapd, 1, "wps_build_m1;web_process_get_device_info"):
-        conn = HTTPConnection(url.netloc)
-        resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
-        if resp.status != 500:
-            raise Exception("Internal error not reported from GetDeviceInfo OOM")
-
-    with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_send_reply"):
-        conn = HTTPConnection(url.netloc)
-        try:
-            resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
-        except:
-            pass
-
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
-    if resp.status != 200:
-        raise Exception("GetDeviceInfo failed")
-
-    # No NewWLANEventType in PutWLANResponse NewMessage
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse", newmsg="foo")
-    if resp.status != 600:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    # No NewWLANEventMAC in PutWLANResponse NewMessage
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
-                            newmsg="foo", neweventtype="1")
-    if resp.status != 600:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    # Invalid NewWLANEventMAC in PutWLANResponse NewMessage
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
-                            newmsg="foo", neweventtype="1",
-                            neweventmac="foo")
-    if resp.status != 600:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    # Workaround for NewWLANEventMAC in PutWLANResponse NewMessage
-    # Ignored unexpected PutWLANResponse WLANEventType 1
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
-                            newmsg="foo", neweventtype="1",
-                            neweventmac="00.11.22.33.44.55")
-    if resp.status != 500:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    # PutWLANResponse NewMessage with invalid EAP message
-    conn = HTTPConnection(url.netloc)
-    resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
-                            newmsg="foo", neweventtype="2",
-                            neweventmac="00:11:22:33:44:55")
-    if resp.status != 200:
-        raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "web_connection_parse_subscribe"):
-        conn = HTTPConnection(url.netloc)
-        headers = {"callback": '<http://127.0.0.1:12345/event>',
-                   "NT": "upnp:event",
-                   "timeout": "Second-1234"}
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        try:
-            resp = conn.getresponse()
-        except:
-            pass
-
-    with alloc_fail(hapd, 1, "dup_binstr;web_connection_parse_subscribe"):
-        conn = HTTPConnection(url.netloc)
-        headers = {"callback": '<http://127.0.0.1:12345/event>',
-                   "NT": "upnp:event",
-                   "timeout": "Second-1234"}
-        conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        resp = conn.getresponse()
-        if resp.status != 500:
-            raise Exception("Unexpected HTTP response: %d" % resp.status)
-
-    with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_parse_unsubscribe"):
-        conn = HTTPConnection(url.netloc)
-        headers = {"callback": '<http://127.0.0.1:12345/event>',
-                   "NT": "upnp:event",
-                   "timeout": "Second-1234"}
-        conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
-        try:
-            resp = conn.getresponse()
-        except:
-            pass
-
-    with alloc_fail(hapd, 1, "web_connection_unimplemented"):
-        conn = HTTPConnection(url.netloc)
-        conn.request("HEAD", "/wps_device.xml")
-        try:
-            resp = conn.getresponse()
-        except:
-            pass
-
-def test_ap_wps_frag_ack_oom(dev, apdev):
-    """WPS and fragment ack OOM"""
-    dev[0].request("SET wps_fragment_size 50")
-    hapd = wps_start_ap(apdev[0])
-    with alloc_fail(hapd, 1, "eap_wsc_build_frag_ack"):
-        wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
-
-def wait_scan_stopped(dev):
-    dev.request("ABORT_SCAN")
-    for i in range(50):
-        res = dev.get_driver_status_field("scan_state")
-        if "SCAN_STARTED" not in res and "SCAN_REQUESTED" not in res:
-            break
-        logger.debug("Waiting for scan to complete")
-        time.sleep(0.1)
-
-@remote_compatible
-def test_ap_wps_eap_wsc_errors(dev, apdev):
-    """WPS and EAP-WSC error cases"""
-    ssid = "test-wps-conf-pin"
-    appin = "12345670"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "fragment_size": "300", "ap_pin": appin}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-
-    dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK", "CCMP",
-                   "new passphrase", no_wait=True)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
-    if ev is None:
-        raise Exception("WPS-FAIL not reported")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    wait_scan_stopped(dev[0])
-    dev[0].dump_monitor()
-
-    dev[0].wps_reg(bssid, appin, "new ssid", "FOO", "CCMP",
-                   "new passphrase", no_wait=True)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
-    if ev is None:
-        raise Exception("WPS-FAIL not reported")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    wait_scan_stopped(dev[0])
-    dev[0].dump_monitor()
-
-    dev[0].wps_reg(bssid, appin, "new ssid", "WPA2PSK", "FOO",
-                   "new passphrase", no_wait=True)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
-    if ev is None:
-        raise Exception("WPS-FAIL not reported")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    wait_scan_stopped(dev[0])
-    dev[0].dump_monitor()
-
-    dev[0].wps_reg(bssid, appin + "new_key=a", "new ssid", "WPA2PSK", "CCMP",
-                   "new passphrase", no_wait=True)
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
-    if ev is None:
-        raise Exception("WPS-FAIL not reported")
-    dev[0].request("WPS_CANCEL")
-    dev[0].wait_disconnected()
-    wait_scan_stopped(dev[0])
-    dev[0].dump_monitor()
-
-    tests = ["eap_wsc_init",
-             "eap_msg_alloc;eap_wsc_build_msg",
-             "wpabuf_alloc;eap_wsc_process_fragment"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].request("WPS_PIN %s %s" % (bssid, pin))
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("WPS_CANCEL")
-            dev[0].wait_disconnected()
-            wait_scan_stopped(dev[0])
-            dev[0].dump_monitor()
-
-    tests = [(1, "wps_decrypt_encr_settings"),
-             (2, "hmac_sha256;wps_derive_psk")]
-    for count, func in tests:
-        hapd.request("WPS_PIN any " + pin)
-        with fail_test(dev[0], count, func):
-            dev[0].request("WPS_PIN %s %s" % (bssid, pin))
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("WPS_CANCEL")
-            dev[0].wait_disconnected()
-            wait_scan_stopped(dev[0])
-            dev[0].dump_monitor()
-
-    with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_sm_build_expanded_nak"):
-        dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK",
-                       "CCMP", "new passphrase", no_wait=True)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("WPS_CANCEL")
-        dev[0].wait_disconnected()
-        wait_scan_stopped(dev[0])
-        dev[0].dump_monitor()
-
-def test_ap_wps_eap_wsc(dev, apdev):
-    """WPS and EAP-WSC in network profile"""
-    params = int_eap_server_params()
-    params["wps_state"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    logger.info("Unexpected identity")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-unexpected",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("No phase1 parameter")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("No PIN/PBC in phase1")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   phase1="foo", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("Invalid pkhash in phase1")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   phase1="foo pkhash=q pbc=1", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("Zero fragment_size")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   fragment_size="0", phase1="pin=12345670", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["WPS-M2D"], timeout=5)
-    if ev is None:
-        raise Exception("No M2D seen")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("Missing new_auth")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   phase1="pin=12345670 new_ssid=aa", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("Missing new_encr")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("Missing new_key")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
-                   phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa new_encr=CCMP",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP method start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_ap_wps_and_bss_limit(dev, apdev):
-    """WPS and wpa_supplicant BSS entry limit"""
-    try:
-        _test_ap_wps_and_bss_limit(dev, apdev)
-    finally:
-        dev[0].request("SET bss_max_count 200")
-        pass
-
-def _test_ap_wps_and_bss_limit(dev, apdev):
-    params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    params = {"ssid": "test-wps-2", "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "1234567890", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    id = dev[1].add_network()
-    dev[1].set_network(id, "mode", "2")
-    dev[1].set_network_quoted(id, "ssid", "wpas-ap-no-wps")
-    dev[1].set_network_quoted(id, "psk", "12345678")
-    dev[1].set_network(id, "frequency", "2462")
-    dev[1].set_network(id, "scan_freq", "2462")
-    dev[1].set_network(id, "wps_disabled", "1")
-    dev[1].select_network(id)
-
-    id = dev[2].add_network()
-    dev[2].set_network(id, "mode", "2")
-    dev[2].set_network_quoted(id, "ssid", "wpas-ap")
-    dev[2].set_network_quoted(id, "psk", "12345678")
-    dev[2].set_network(id, "frequency", "2437")
-    dev[2].set_network(id, "scan_freq", "2437")
-    dev[2].select_network(id)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    id = wpas.add_network()
-    wpas.set_network(id, "mode", "2")
-    wpas.set_network_quoted(id, "ssid", "wpas-ap")
-    wpas.set_network_quoted(id, "psk", "12345678")
-    wpas.set_network(id, "frequency", "2437")
-    wpas.set_network(id, "scan_freq", "2437")
-    wpas.select_network(id)
-
-    dev[1].wait_connected()
-    dev[2].wait_connected()
-    wpas.wait_connected()
-    wpas.request("WPS_PIN any 12345670")
-
-    hapd.request("WPS_PBC")
-    hapd2.request("WPS_PBC")
-
-    dev[0].request("SET bss_max_count 1")
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "testing")
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "testing")
-    dev[0].set_network(id, "key_mgmt", "WPS")
-
-    dev[0].request("WPS_PBC")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    dev[0].request("WPS_CANCEL")
-
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "testing")
-    dev[0].set_network(id, "key_mgmt", "WPS")
-
-    dev[0].scan(freq="2412")
-
-def test_ap_wps_pbc_2ap(dev, apdev):
-    """WPS PBC with two APs advertising same SSID"""
-    params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "wps_independent": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "123456789", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "wps_independent": "1"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    hapd.request("WPS_PBC")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.dump_monitor()
-    wpas.flush_scan_cache()
-
-    wpas.scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    wpas.scan_for_bss(apdev[1]['bssid'], freq="2412")
-    wpas.request("WPS_PBC")
-    wpas.wait_connected()
-    wpas.request("DISCONNECT")
-    hapd.request("DISABLE")
-    hapd2.request("DISABLE")
-    wpas.flush_scan_cache()
-
-def test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
-    """WPS ER enrolling a new device to a configured AP"""
-    try:
-        _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
-    ssid = "wps-er-enrollee-to-conf-ap"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
-    dev[0].dump_monitor()
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    pin = dev[2].wps_read_pin()
-    addr2 = dev[2].own_addr()
-    dev[0].dump_monitor()
-    dev[2].scan_for_bss(bssid, freq=2412)
-    dev[2].dump_monitor()
-    dev[2].request("WPS_PIN %s %s" % (bssid, pin))
-
-    for i in range(3):
-        ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
-        if ev is None:
-            raise Exception("Enrollee not seen")
-        if addr2 in ev:
-            break
-    if addr2 not in ev:
-        raise Exception("Unexpected Enrollee MAC address")
-    dev[0].dump_monitor()
-
-    dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " " + str(id))
-    dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
-    dev[2].wait_connected(timeout=30)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-def test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
-    """WPS ER enrolling a new device to a configured AP (2)"""
-    try:
-        _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
-    ssid = "wps-er-enrollee-to-conf-ap"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
-    dev[0].dump_monitor()
-
-    dev[0].request("WPS_ER_START ifname=lo")
-    ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
-    ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
-    if ev is None:
-        raise Exception("AP learn timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not in settings")
-    ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-FAIL after AP learn timed out")
-    time.sleep(0.1)
-
-    pin = dev[1].wps_read_pin()
-    addr1 = dev[1].own_addr()
-    dev[0].dump_monitor()
-    dev[0].request("WPS_ER_PIN any " + pin)
-    time.sleep(0.1)
-    dev[1].scan_for_bss(bssid, freq=2412)
-    dev[1].request("WPS_PIN any %s" % pin)
-    ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
-    if ev is None:
-        raise Exception("Enrollee did not report success")
-    dev[1].wait_connected(timeout=15)
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-
-def test_ap_wps_ignore_broadcast_ssid(dev, apdev):
-    """WPS AP trying to ignore broadcast SSID"""
-    ssid = "test-wps"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                           "ignore_broadcast_ssid": "1"})
-    if "FAIL" not in hapd.request("WPS_PBC"):
-        raise Exception("WPS unexpectedly enabled")
-
-def test_ap_wps_wep(dev, apdev):
-    """WPS AP trying to enable WEP"""
-    check_wep_capa(dev[0])
-    ssid = "test-wps"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                           "ieee80211n": "0", "wep_key0": '"hello"'})
-    if "FAIL" not in hapd.request("WPS_PBC"):
-        raise Exception("WPS unexpectedly enabled")
-
-def test_ap_wps_tkip(dev, apdev):
-    """WPS AP trying to enable TKIP"""
-    ssid = "test-wps"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                           "ieee80211n": "0", "wpa": '1',
-                           "wpa_key_mgmt": "WPA-PSK",
-                           "wpa_passphrase": "12345678"})
-    if "FAIL" not in hapd.request("WPS_PBC"):
-        raise Exception("WPS unexpectedly enabled")
-
-def test_ap_wps_conf_stub_cred(dev, apdev):
-    """WPS PIN provisioning with configured AP using stub cred"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    hapd.request("WPS_PIN any 12345670")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    try:
-        hapd.set("wps_testing_stub_cred", "1")
-        dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        for i in range(1, 3):
-            ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
-            if ev is None:
-                raise Exception("WPS credential %d not received" % i)
-        dev[0].wait_connected(timeout=30)
-    finally:
-        hapd.set("wps_testing_stub_cred", "0")
-
-def test_ap_wps_rf_bands(dev, apdev):
-    """WPS and wps_rf_bands configuration"""
-    ssid = "test-wps-conf"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "wps_rf_bands": "ag"}
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + bssid)
-    dev[0].wait_connected(timeout=30)
-    bss = dev[0].get_bss(bssid)
-    logger.info("BSS: " + str(bss))
-    if "103c000103" not in bss['ie']:
-        raise Exception("RF Bands attribute with expected values not found")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.set("wps_rf_bands", "ad")
-    hapd.set("wps_rf_bands", "a")
-    hapd.set("wps_rf_bands", "g")
-    hapd.set("wps_rf_bands", "b")
-    hapd.set("wps_rf_bands", "ga")
-    hapd.disable()
-    dev[0].dump_monitor()
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_pbc_in_m1(dev, apdev):
-    """WPS and pbc_in_m1"""
-    ssid = "test-wps-conf"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "config_methods": "virtual_push_button virtual_display",
-              "pbc_in_m1": "1"}
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    hapd.request("WPS_PBC")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("WPS_PBC " + bssid)
-    dev[0].wait_connected(timeout=30)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-    dev[0].dump_monitor()
-    dev[0].flush_scan_cache()
-
-def test_ap_wps_pbc_mac_addr_change(dev, apdev, params):
-    """WPS M1 with MAC address change"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-mac-addr-change"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    hapd.request("WPS_PBC")
-    if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-    dev[0].flush_scan_cache()
-
-    test_addr = '02:11:22:33:44:55'
-    addr = dev[0].get_status_field("address")
-    if addr == test_addr:
-        raise Exception("Unexpected initial MAC address")
-
-    try:
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
-                         test_addr])
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
-        addr1 = dev[0].get_status_field("address")
-        if addr1 != test_addr:
-            raise Exception("Failed to change MAC address")
-
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-        dev[0].request("WPS_PBC " + apdev[0]['bssid'])
-        dev[0].wait_connected(timeout=30)
-        status = dev[0].get_status()
-        if status['wpa_state'] != 'COMPLETED' or \
-           status['bssid'] != apdev[0]['bssid']:
-            raise Exception("Not fully connected")
-
-        out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                         "wps.message_type == 0x04",
-                         display=["wps.mac_address"])
-        res = out.splitlines()
-
-        if len(res) < 1:
-            raise Exception("No M1 message with MAC address found")
-        if res[0] != addr1:
-            raise Exception("Wrong M1 MAC address")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        hapd.disable()
-        dev[0].dump_monitor()
-        dev[0].flush_scan_cache()
-    finally:
-        # Restore MAC address
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
-                         addr])
-        subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
-
-def test_ap_wps_pin_start_failure(dev, apdev):
-    """WPS_PIN start failure"""
-    with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
-        if "FAIL" not in dev[0].request("WPS_PIN any 12345670"):
-            raise Exception("WPS_PIN not rejected during OOM")
-    with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
-        if "FAIL" not in dev[0].request("WPS_PIN any"):
-            raise Exception("WPS_PIN not rejected during OOM")
-
-def test_ap_wps_ap_pin_failure(dev, apdev):
-    """WPS_AP_PIN failure"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
-    dev[0].set_network_quoted(id, "psk", "1234567890")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    dev[0].wait_connected()
-
-    with fail_test(dev[0], 1,
-                   "os_get_random;wpa_supplicant_ctrl_iface_wps_ap_pin"):
-        if "FAIL" not in dev[0].request("WPS_AP_PIN random"):
-            raise Exception("WPS_AP_PIN random accepted")
-    with alloc_fail(dev[0], 1, "wpas_wps_ap_pin_set"):
-        if "FAIL" not in dev[0].request("WPS_AP_PIN set 12345670"):
-            raise Exception("WPS_AP_PIN set accepted")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_ap_wps_random_uuid(dev, apdev, params):
-    """WPS and random UUID on Enrollee"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-
-    config = os.path.join(params['logdir'], 'ap_wps_random_uuid.conf')
-    with open(config, "w") as f:
-        f.write("auto_uuid=1\n")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    uuid = []
-    for i in range(3):
-        wpas.interface_add("wlan5", config=config)
-
-        wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
-        wpas.dump_monitor()
-        wpas.request("WPS_PBC " + apdev[0]['bssid'])
-
-        ev = hapd.wait_event(["WPS-ENROLLEE-SEEN"], timeout=10)
-        if ev is None:
-            raise Exception("Enrollee not seen")
-        uuid.append(ev.split(' ')[2])
-        wpas.request("WPS_CANCEL")
-        wpas.dump_monitor()
-
-        wpas.interface_remove("wlan5")
-
-        hapd.dump_monitor()
-
-    logger.info("Seen UUIDs: " + str(uuid))
-    if uuid[0] == uuid[1] or uuid[0] == uuid[2] or uuid[1] == uuid[2]:
-        raise Exception("Same UUID used multiple times")
-
-def test_ap_wps_conf_pin_gcmp_128(dev, apdev):
-    """WPS PIN provisioning with configured AP using GCMP-128"""
-    run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP")
-
-def test_ap_wps_conf_pin_gcmp_256(dev, apdev):
-    """WPS PIN provisioning with configured AP using GCMP-256"""
-    run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP-256")
-
-def test_ap_wps_conf_pin_ccmp_256(dev, apdev):
-    """WPS PIN provisioning with configured AP using CCMP-256"""
-    run_ap_wps_conf_pin_cipher(dev, apdev, "CCMP-256")
-
-def run_ap_wps_conf_pin_cipher(dev, apdev, cipher):
-    if cipher not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-    ssid = "test-wps-conf-pin"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK",
-                           "rsn_pairwise": cipher})
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=15)
-
-def test_ap_wps_and_sae(dev, apdev):
-    """Initial AP configuration with first WPS Enrollee and adding SAE"""
-    skip_without_tkip(dev[0])
-    skip_without_tkip(dev[1])
-    try:
-        run_ap_wps_and_sae(dev, apdev)
-    finally:
-        dev[0].set("wps_cred_add_sae", "0")
-
-def run_ap_wps_and_sae(dev, apdev):
-    check_sae_capab(dev[0])
-    ssid = "test-wps-sae"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1",
-                           "wps_cred_add_sae": "1"})
-    logger.info("WPS provisioning step")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-
-    dev[0].set("wps_cred_add_sae", "1")
-    dev[0].request("SET sae_groups ")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['key_mgmt'] != "SAE":
-        raise Exception("SAE not used")
-    if 'pmf' not in status or status['pmf'] != "1":
-        raise Exception("PMF not enabled")
-
-    pin = dev[1].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
-    dev[1].wait_connected(timeout=30)
-    status = dev[1].get_status()
-    if status['key_mgmt'] != "WPA2-PSK":
-        raise Exception("WPA2-PSK not used")
-    if 'pmf' in status:
-        raise Exception("PMF enabled")
-
-def test_ap_wps_conf_and_sae(dev, apdev):
-    """WPS PBC provisioning with configured AP using PSK+SAE"""
-    try:
-        run_ap_wps_conf_and_sae(dev, apdev)
-    finally:
-        dev[0].set("wps_cred_add_sae", "0")
-
-def run_ap_wps_conf_and_sae(dev, apdev):
-    check_sae_capab(dev[0])
-    ssid = "test-wps-conf-sae"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "ieee80211w": "1", "sae_require_mfp": "1",
-                           "wpa_key_mgmt": "WPA-PSK SAE",
-                           "rsn_pairwise": "CCMP"})
-
-    dev[0].set("wps_cred_add_sae", "1")
-    dev[0].request("SET sae_groups ")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['key_mgmt'] != "SAE":
-        raise Exception("SAE not used")
-    if 'pmf' not in status or status['pmf'] != "1":
-        raise Exception("PMF not enabled")
-
-    dev[1].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
-                   key_mgmt="WPA-PSK", ieee80211w="0")
-
-def test_ap_wps_conf_and_sae_h2e(dev, apdev):
-    """WPS PIN provisioning with configured AP using PSK+SAE(H2E)"""
-    try:
-        run_ap_wps_conf_and_sae_h2e(dev, apdev)
-    finally:
-        dev[0].set("wps_cred_add_sae", "0")
-        dev[0].set("sae_pwe", "0")
-
-def run_ap_wps_conf_and_sae_h2e(dev, apdev):
-    check_sae_capab(dev[0])
-    ssid = "test-wps-conf-sae"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "ieee80211w": "1", "sae_require_mfp": "1",
-                           "sae_pwe": "1",
-                           "wpa_key_mgmt": "WPA-PSK SAE",
-                           "rsn_pairwise": "CCMP"})
-
-    dev[0].set("wps_cred_add_sae", "1")
-    dev[0].set("sae_pwe", "1")
-    dev[0].request("SET sae_groups ")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
-    dev[0].wait_connected(timeout=30)
-    status = dev[0].get_status()
-    if status['key_mgmt'] != "SAE":
-        raise Exception("SAE not used")
-    if 'pmf' not in status or status['pmf'] != "1":
-        raise Exception("PMF not enabled")
-
-def test_ap_wps_reg_config_and_sae(dev, apdev):
-    """WPS registrar configuring an AP using AP PIN and using PSK+SAE"""
-    try:
-        run_ap_wps_reg_config_and_sae(dev, apdev)
-    finally:
-        dev[0].set("wps_cred_add_sae", "0")
-
-def run_ap_wps_reg_config_and_sae(dev, apdev):
-    check_sae_capab(dev[0])
-    ssid = "test-wps-init-ap-pin-sae"
-    appin = "12345670"
-    hostapd.add_ap(apdev[0],
-                   {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                    "ap_pin": appin, "wps_cred_add_sae": "1"})
-    logger.info("WPS configuration step")
-    dev[0].flush_scan_cache()
-    dev[0].set("wps_cred_add_sae", "1")
-    dev[0].request("SET sae_groups ")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
-    dev[0].dump_monitor()
-    new_ssid = "wps-new-ssid"
-    new_passphrase = "1234567890"
-    dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
-                   new_passphrase)
-    status = dev[0].get_status()
-    if status['key_mgmt'] != "SAE":
-        raise Exception("SAE not used")
-    if 'pmf' not in status or status['pmf'] != "1":
-        raise Exception("PMF not enabled")
-
-    dev[1].connect(new_ssid, psk=new_passphrase, scan_freq="2412", proto="WPA2",
-                   key_mgmt="WPA-PSK", ieee80211w="0")
-
-def test_ap_wps_appl_ext(dev, apdev):
-    """WPS Application Extension attribute"""
-    ssid = "test-wps-conf"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wps_application_ext": 16*"11" + 5*"ee",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    pin = dev[0].wps_read_pin()
-    hapd.request("WPS_PIN any " + pin)
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
-    dev[0].wait_connected(timeout=30)
-
-@long_duration_test
-def test_ap_wps_pbc_ap_timeout(dev, apdev):
-    """WPS PBC timeout on AP"""
-    run_ap_wps_ap_timeout(dev, apdev, "WPS_PBC")
-
-@long_duration_test
-def test_ap_wps_pin_ap_timeout(dev, apdev):
-    """WPS PIN timeout on AP"""
-    run_ap_wps_ap_timeout(dev, apdev, "WPS_PIN any 12345670 10")
-
-def run_ap_wps_ap_timeout(dev, apdev, cmd):
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    bssid = hapd.own_addr()
-    hapd.request(cmd)
-    time.sleep(1)
-    dev[0].scan_for_bss(bssid, freq="2412")
-    bss = dev[0].get_bss(bssid)
-    logger.info("BSS during active Registrar: " + str(bss))
-    if not bss['ie'].endswith("0106ffffffffffff"):
-        raise Exception("Authorized MAC not included")
-    ev = hapd.wait_event(["WPS-TIMEOUT"], timeout=130)
-    if ev is None and "PBC" in cmd:
-        raise Exception("WPS-TIMEOUT not reported")
-    if "PBC" in cmd and \
-       "PBC Status: Timed-out" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-
-    time.sleep(5)
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    bss = dev[0].get_bss(bssid)
-    logger.info("BSS after timeout: " + str(bss))
-    if bss['ie'].endswith("0106ffffffffffff"):
-        raise Exception("Authorized MAC not removed")
-
-def test_ap_wps_er_unsubscribe_errors(dev, apdev):
-    """WPS ER and UNSUBSCRIBE errors"""
-    start_wps_ap(apdev[0])
-    tests = [(1, "http_client_url_parse;wps_er_ap_unsubscribe"),
-             (1, "wpabuf_alloc;wps_er_ap_unsubscribe"),
-             (1, "http_client_addr;wps_er_ap_unsubscribe")]
-    try:
-        for count, func in tests:
-            start_wps_er(dev[0])
-            with alloc_fail(dev[0], count, func):
-                dev[0].request("WPS_ER_STOP")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def start_wps_ap(apdev):
-    ssid = "wps-er-ap-config"
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hostapd.add_ap(apdev, params)
-
-def start_wps_er(dev):
-    ssid = "wps-er-ap-config"
-    dev.connect(ssid, psk="12345678", scan_freq="2412")
-    dev.request("WPS_ER_START ifname=lo")
-    ev = dev.wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-
-def test_ap_wps_registrar_init_errors(dev, apdev):
-    """WPS Registrar init errors"""
-    hapd = wps_start_ap(apdev[0], extra_cred="wps-mixed-cred")
-    hapd.disable()
-    tests = [(1, "wps_registrar_init"),
-             (1, "wpabuf_alloc_copy;wps_registrar_init"),
-             (1, "wps_set_ie;wps_registrar_init")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            if "FAIL" not in hapd.request("ENABLE"):
-                raise Exception("ENABLE succeeded unexpectedly")
-
-def test_ap_wps_config_without_wps(dev, apdev):
-    """AP configuration attempt using wps_config when WPS is disabled"""
-    ssid = "test-wps-init-config"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid})
-    if "FAIL" not in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
-        raise Exception("WPS_CONFIG command succeeded unexpectedly")
diff --git a/tests/hwsim/test_authsrv.py b/tests/hwsim/test_authsrv.py
deleted file mode 100644
index e0665bcb26b2..000000000000
--- a/tests/hwsim/test_authsrv.py
+++ /dev/null
@@ -1,262 +0,0 @@
-# hostapd authentication server tests
-# Copyright (c) 2017, Jouni Malinen
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-from utils import alloc_fail, fail_test, wait_fail_trigger
-
-def authsrv_params():
-    params = {"ssid": "as", "beacon_int": "2000",
-              "radius_server_clients": "auth_serv/radius_clients.conf",
-              "radius_server_auth_port": '18128',
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "eap_sim_db": "unix:/tmp/hlr_auc_gw.sock",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "eap_message": "hello"}
-    return params
-
-def test_authsrv_oom(dev, apdev):
-    """Authentication server OOM"""
-    params = authsrv_params()
-    authsrv = hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(hapd.own_addr(), 2412)
-    with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       wait_connect=False, scan_freq="2412")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("EAP failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    with alloc_fail(authsrv, 1, "srv_log"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    with alloc_fail(authsrv, 1, "radius_server_new_session"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       wait_connect=False, scan_freq="2412")
-        dev[0].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    for count in range(1, 3):
-        with alloc_fail(authsrv, count, "=radius_server_get_new_session"):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           eap="TTLS", identity="user",
-                           anonymous_identity="ttls", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                           wait_connect=False, scan_freq="2412")
-            dev[0].wait_disconnected()
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    with alloc_fail(authsrv, 1, "eap_server_sm_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="TTLS", identity="user",
-                       anonymous_identity="ttls", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       wait_connect=False, scan_freq="2412")
-        dev[0].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    tests = ["radius_server_encapsulate_eap",
-             "radius_server_receive_auth"]
-    for t in tests:
-        with alloc_fail(authsrv, 1, t):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           eap="TTLS", identity="user",
-                           anonymous_identity="ttls", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(authsrv, "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-    tests = ["radius_msg_add_attr;radius_server_encapsulate_eap",
-             "radius_msg_add_eap;radius_server_encapsulate_eap",
-             "radius_msg_finish_srv;radius_server_encapsulate_eap"]
-    for t in tests:
-        with fail_test(authsrv, 1, t):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           eap="TTLS", identity="user",
-                           anonymous_identity="ttls", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(authsrv, "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-    with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
-        with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           eap="TTLS", identity="user",
-                           anonymous_identity="ttls", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(authsrv, "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-    with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
-        with fail_test(authsrv, 1,
-                       "radius_msg_finish_srv;radius_server_reject"):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           eap="TTLS", identity="user",
-                           anonymous_identity="ttls", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                           wait_connect=False, scan_freq="2412")
-            wait_fail_trigger(authsrv, "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-    authsrv.disable()
-    with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"):
-        if "FAIL" not in authsrv.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
-    with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"):
-        if "FAIL" not in authsrv.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
-
-    for count in range(1, 4):
-        with alloc_fail(authsrv, count,
-                        "radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"):
-            if "FAIL" not in authsrv.request("ENABLE"):
-                raise Exception("ENABLE succeeded during OOM")
-
-    with alloc_fail(authsrv, 1, "eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"):
-        if "FAIL" not in authsrv.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
-
-    with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
-        if "FAIL" not in authsrv.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
-
-    for count in range(1, 3):
-        with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
-            if "FAIL" not in authsrv.request("ENABLE"):
-                raise Exception("ENABLE succeeded during OOM")
-
-def test_authsrv_errors_1(dev, apdev):
-    """Authentication server errors (1)"""
-    params = authsrv_params()
-    params["eap_user_file"] = "sqlite:auth_serv/does-not-exist/does-not-exist"
-    authsrv = hostapd.add_ap(apdev[1], params, no_enable=True)
-    if "FAIL" not in authsrv.request("ENABLE"):
-        raise Exception("ENABLE succeeded with invalid SQLite EAP user file")
-
-def test_authsrv_errors_2(dev, apdev):
-    """Authentication server errors (2)"""
-    params = authsrv_params()
-    params["radius_server_clients"] = "auth_serv/does-not-exist"
-    authsrv = hostapd.add_ap(apdev[1], params, no_enable=True)
-    if "FAIL" not in authsrv.request("ENABLE"):
-        raise Exception("ENABLE succeeded with invalid RADIUS client file")
-
-def test_authsrv_errors_3(dev, apdev):
-    """Authentication server errors (3)"""
-    params = authsrv_params()
-    params["eap_sim_db"] = "unix:/tmp/hlr_auc_gw.sock db=auth_serv/does-not-exist/does-not-exist"
-    authsrv = hostapd.add_ap(apdev[1], params, no_enable=True)
-    if "FAIL" not in authsrv.request("ENABLE"):
-        raise Exception("ENABLE succeeded with invalid RADIUS client file")
-
-def test_authsrv_testing_options(dev, apdev):
-    """Authentication server and testing options"""
-    params = authsrv_params()
-    authsrv = hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(hapd.own_addr(), 2412)
-    # The first two would be fine to run with any server build; the rest are
-    # actually supposed to fail, but they don't fail when using a server build
-    # that does not support the TLS protocol tests.
-    tests = ["foo@test-unknown",
-             "foo@test-tls-unknown",
-             "foo@test-tls-1",
-             "foo@test-tls-2",
-             "foo@test-tls-3",
-             "foo@test-tls-4",
-             "foo@test-tls-5",
-             "foo@test-tls-6",
-             "foo@test-tls-7",
-             "foo@test-tls-8"]
-    for t in tests:
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="TTLS", identity="user",
-                       anonymous_identity=t,
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_authsrv_unknown_user(dev, apdev):
-    """Authentication server and unknown user"""
-    params = authsrv_params()
-    params["eap_user_file"] = "auth_serv/eap_user_vlan.conf"
-    authsrv = hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="TTLS", identity="user",
-                   anonymous_identity="ttls", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                   wait_connect=False, scan_freq="2412")
-    dev[0].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_authsrv_unknown_client(dev, apdev):
-    """Authentication server and unknown user"""
-    params = authsrv_params()
-    params["radius_server_clients"] = "auth_serv/radius_clients_none.conf"
-    authsrv = hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # RADIUS SRV: Unknown client 127.0.0.1 - packet ignored
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="TTLS", identity="user",
-                   anonymous_identity="ttls", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                   wait_connect=False, scan_freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP not started")
-    dev[0].request("REMOVE_NETWORK all")
diff --git a/tests/hwsim/test_autoscan.py b/tests/hwsim/test_autoscan.py
deleted file mode 100644
index 544cd0099d0f..000000000000
--- a/tests/hwsim/test_autoscan.py
+++ /dev/null
@@ -1,81 +0,0 @@
-# autoscan tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-import os
-
-import hostapd
-
-def test_autoscan_periodic(dev, apdev):
-    """autoscan_periodic"""
-    hostapd.add_ap(apdev[0], {"ssid": "autoscan"})
-
-    try:
-        if "OK" not in dev[0].request("AUTOSCAN periodic:1"):
-            raise Exception("Failed to set autoscan")
-        id = dev[0].connect("not-used", key_mgmt="NONE", scan_freq="2412",
-                            wait_connect=False)
-        times = {}
-        for i in range(0, 3):
-            logger.info("Waiting for scan to start")
-            start = os.times()[4]
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("did not start a scan")
-            stop = os.times()[4]
-            times[i] = stop - start
-            logger.info("Waiting for scan to complete")
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-            if ev is None:
-                raise Exception("did not complete a scan")
-        if times[0] > 1 or times[1] < 0.5 or times[1] > 1.5 or times[2] < 0.5 or times[2] > 1.5:
-            raise Exception("Unexpected scan timing: " + str(times))
-
-        # scan some more channels to allow some more time for reseting AUTOSCAN
-        # while a scan is in progress
-        dev[0].set_network(id, "scan_freq", "2412 2437 2462 5180 5200 5220 5240")
-        dev[0].dump_monitor()
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("did not start a scan")
-        if "OK" not in dev[0].request("AUTOSCAN periodic:2"):
-            raise Exception("Failed to (re)set autoscan")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-        if ev is None:
-            raise Exception("did not complete a scan")
-    finally:
-        dev[0].request("AUTOSCAN ")
-
-@remote_compatible
-def test_autoscan_exponential(dev, apdev):
-    """autoscan_exponential"""
-    hostapd.add_ap(apdev[0], {"ssid": "autoscan"})
-
-    try:
-        if "OK" not in dev[0].request("AUTOSCAN exponential:2:10"):
-            raise Exception("Failed to set autoscan")
-        dev[0].connect("not-used", key_mgmt="NONE", scan_freq="2412",
-                       wait_connect=False)
-        times = {}
-        for i in range(0, 3):
-            logger.info("Waiting for scan to start")
-            start = os.times()[4]
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("did not start a scan")
-            stop = os.times()[4]
-            times[i] = stop - start
-            logger.info("Waiting for scan to complete")
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-            if ev is None:
-                raise Exception("did not complete a scan")
-        if times[0] > 1 or times[1] < 1 or times[1] > 3 or times[2] < 3 or times[2] > 5:
-            raise Exception("Unexpected scan timing: " + str(times))
-    finally:
-        dev[0].request("AUTOSCAN ")
diff --git a/tests/hwsim/test_bgscan.py b/tests/hwsim/test_bgscan.py
deleted file mode 100644
index e3c1790ba420..000000000000
--- a/tests/hwsim/test_bgscan.py
+++ /dev/null
@@ -1,315 +0,0 @@
-# bgscan tests
-# Copyright (c) 2014-2017, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import time
-import logging
-logger = logging.getLogger()
-import os
-
-import hostapd
-from utils import alloc_fail, fail_test
-
-def test_bgscan_simple(dev, apdev):
-    """bgscan_simple"""
-    hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-    hostapd.add_ap(apdev[1], {"ssid": "bgscan"})
-
-    dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-20:2")
-    dev[1].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-45:2")
-
-    dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-45")
-    dev[2].request("REMOVE_NETWORK all")
-    dev[2].wait_disconnected()
-
-    dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:0:0")
-    dev[2].request("REMOVE_NETWORK all")
-    dev[2].wait_disconnected()
-
-    dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple")
-    dev[2].request("REMOVE_NETWORK all")
-    dev[2].wait_disconnected()
-
-    dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1")
-    dev[2].request("REMOVE_NETWORK all")
-    dev[2].wait_disconnected()
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SIGNAL-CHANGE"], timeout=10)
-    if ev is None:
-        raise Exception("dev0 did not indicate signal change event")
-    if "above=0" not in ev:
-        raise Exception("Unexpected signal change event contents from dev0: " + ev)
-
-    ev = dev[1].wait_event(["CTRL-EVENT-SIGNAL-CHANGE"], timeout=10)
-    if ev is None:
-        raise Exception("dev1 did not indicate signal change event")
-    if "above=1" not in ev:
-        raise Exception("Unexpected signal change event contents from dev1: " + ev)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=3)
-    if ev is None:
-        raise Exception("dev0 did not start a scan")
-
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=3)
-    if ev is None:
-        raise Exception("dev1 did not start a scan")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-    if ev is None:
-        raise Exception("dev0 did not complete a scan")
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-    if ev is None:
-        raise Exception("dev1 did not complete a scan")
-
-def test_bgscan_simple_beacon_loss(dev, apdev):
-    """bgscan_simple and beacon loss"""
-    params = hostapd.wpa2_params(ssid="bgscan", passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("disable_sa_query", "1")
-    dev[0].connect("bgscan", ieee80211w="2", key_mgmt="WPA-PSK-SHA256",
-                   psk="12345678", scan_freq="2412",
-                   bgscan="simple:100:-20:200")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in hapd.request("STOP_AP"):
-        raise Exception("Failed to stop AP")
-    hapd.disable()
-    hapd.set("ssid", "foo")
-    hapd.set("beacon_int", "10000")
-    hapd.enable()
-    ev = dev[0].wait_event(["CTRL-EVENT-BEACON-LOSS"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon loss not reported")
-
-def test_bgscan_simple_scan_failure(dev, apdev):
-    """bgscan_simple and scan failure"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-20:2")
-    with alloc_fail(dev[0], 1,
-                    "wpa_supplicant_trigger_scan;bgscan_simple_timeout"):
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=10)
-        if ev is None:
-            raise Exception("No scan failure reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-    if ev is None:
-        raise Exception("Scanning not continued after failure")
-
-def test_bgscan_simple_scanning(dev, apdev):
-    """bgscan_simple and scanning behavior"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-20:2")
-    # Go through seven bgscan_simple_timeout calls for code coverage. This falls
-    # back from short to long scan interval and then reduces short_scan_count
-    # back to zero.
-    for i in range(7):
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-        if ev is None:
-            raise Exception("Scanning not continued")
-
-def test_bgscan_simple_same_scan_int(dev, apdev):
-    """bgscan_simple and same short/long scan interval"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-20:1")
-    for i in range(2):
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-        if ev is None:
-            raise Exception("Scanning not continued")
-
-def test_bgscan_simple_oom(dev, apdev):
-    """bgscan_simple OOM"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    with alloc_fail(dev[0], 1, "bgscan_simple_init"):
-        dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="simple:1:-20:2")
-
-def test_bgscan_simple_driver_conf_failure(dev, apdev):
-    """bgscan_simple driver configuration failure"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    with fail_test(dev[0], 1, "bgscan_simple_init"):
-        dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="simple:1:-20:2")
-
-def test_bgscan_learn(dev, apdev):
-    """bgscan_learn"""
-    hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-    hostapd.add_ap(apdev[1], {"ssid": "bgscan"})
-
-    try:
-        os.remove("/tmp/test_bgscan_learn.bgscan")
-    except:
-        pass
-
-    try:
-        dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn:1:-20:2")
-        id = dev[1].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                            bgscan="learn:1:-45:2:/tmp/test_bgscan_learn.bgscan")
-
-        dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn:1:-45")
-        dev[2].request("REMOVE_NETWORK all")
-        dev[2].wait_disconnected()
-
-        dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn:0:0")
-        dev[2].request("REMOVE_NETWORK all")
-        dev[2].wait_disconnected()
-
-        dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn")
-        dev[2].request("REMOVE_NETWORK all")
-        dev[2].wait_disconnected()
-
-        dev[2].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn:1")
-        dev[2].request("REMOVE_NETWORK all")
-        dev[2].wait_disconnected()
-
-        ev = dev[0].wait_event(["CTRL-EVENT-SIGNAL-CHANGE"], timeout=10)
-        if ev is None:
-            raise Exception("dev0 did not indicate signal change event")
-        if "above=0" not in ev:
-            raise Exception("Unexpected signal change event contents from dev0: " + ev)
-
-        ev = dev[1].wait_event(["CTRL-EVENT-SIGNAL-CHANGE"], timeout=10)
-        if ev is None:
-            raise Exception("dev1 did not indicate signal change event")
-        if "above=1" not in ev:
-            raise Exception("Unexpected signal change event contents from dev1: " + ev)
-
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=3)
-        if ev is None:
-            raise Exception("dev0 did not start a scan")
-
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=3)
-        if ev is None:
-            raise Exception("dev1 did not start a scan")
-
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        if ev is None:
-            raise Exception("dev0 did not complete a scan")
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-        if ev is None:
-            raise Exception("dev1 did not complete a scan")
-
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        dev[0].request("REMOVE_NETWORK all")
-
-        with open("/tmp/test_bgscan_learn.bgscan", "r") as f:
-            lines = f.read().splitlines()
-        if lines[0] != "wpa_supplicant-bgscan-learn":
-            raise Exception("Unexpected bgscan header line")
-        if 'BSS 02:00:00:00:03:00 2412' not in lines:
-            raise Exception("Missing BSS1")
-        if 'BSS 02:00:00:00:04:00 2412' not in lines:
-            raise Exception("Missing BSS2")
-        if 'NEIGHBOR 02:00:00:00:03:00 02:00:00:00:04:00' not in lines:
-            raise Exception("Missing BSS1->BSS2 neighbor entry")
-        if 'NEIGHBOR 02:00:00:00:04:00 02:00:00:00:03:00' not in lines:
-            raise Exception("Missing BSS2->BSS1 neighbor entry")
-
-        dev[1].set_network(id, "scan_freq", "")
-        dev[1].connect_network(id)
-
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("dev1 did not start a scan")
-
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-        if ev is None:
-            raise Exception("dev1 did not complete a scan")
-
-        dev[1].request("REMOVE_NETWORK all")
-    finally:
-        try:
-            os.remove("/tmp/test_bgscan_learn.bgscan")
-        except:
-            pass
-
-def test_bgscan_learn_beacon_loss(dev, apdev):
-    """bgscan_simple and beacon loss"""
-    params = hostapd.wpa2_params(ssid="bgscan", passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("disable_sa_query", "1")
-    dev[0].connect("bgscan", ieee80211w="2", key_mgmt="WPA-PSK-SHA256",
-                   psk="12345678", scan_freq="2412", bgscan="learn:100:-20:200")
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in hapd.request("STOP_AP"):
-        raise Exception("Failed to stop AP")
-    hapd.disable()
-    hapd.set("ssid", "foo")
-    hapd.set("beacon_int", "10000")
-    hapd.enable()
-    ev = dev[0].wait_event(["CTRL-EVENT-BEACON-LOSS"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon loss not reported")
-
-def test_bgscan_learn_scan_failure(dev, apdev):
-    """bgscan_learn and scan failure"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="learn:1:-20:2")
-    with alloc_fail(dev[0], 1,
-                    "wpa_supplicant_trigger_scan;bgscan_learn_timeout"):
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=10)
-        if ev is None:
-            raise Exception("No scan failure reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-    if ev is None:
-        raise Exception("Scanning not continued after failure")
-
-def test_bgscan_learn_oom(dev, apdev):
-    """bgscan_learn OOM"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    with alloc_fail(dev[0], 1, "bgscan_learn_init"):
-        dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn:1:-20:2")
-
-def test_bgscan_learn_driver_conf_failure(dev, apdev):
-    """bgscan_learn driver configuration failure"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-
-    with fail_test(dev[0], 1, "bgscan_learn_init"):
-        dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                       bgscan="learn:1:-20:2")
-
-def test_bgscan_unknown_module(dev, apdev):
-    """bgscan init failing due to unknown module"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-    dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="unknown:-20:2")
-
-def test_bgscan_reconfig(dev, apdev):
-    """bgscan parameter update"""
-    hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
-    hostapd.add_ap(apdev[1], {"ssid": "bgscan"})
-
-    id = dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
-                        bgscan="simple:1:-20:2")
-    dev[0].set_network_quoted(id, "bgscan", "simple:1:-45:2")
-    dev[0].set_network_quoted(id, "bgscan", "learn:1:-20:2")
-    dev[0].set_network_quoted(id, "bgscan", "")
diff --git a/tests/hwsim/test_cert_check.py b/tests/hwsim/test_cert_check.py
deleted file mode 100644
index 191a1d1aa1ce..000000000000
--- a/tests/hwsim/test_cert_check.py
+++ /dev/null
@@ -1,312 +0,0 @@
-# Test cases for X.509 certificate checking
-# Copyright (c) 2019, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-try:
-    import OpenSSL
-    openssl_imported = True
-except ImportError:
-    openssl_imported = False
-
-from utils import HwsimSkip
-import hostapd
-from test_ap_eap import check_domain_suffix_match, check_altsubject_match_support, check_domain_match
-
-def check_cert_check_support():
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-
-def start_hapd(apdev, server_cert="auth_serv/server.pem"):
-    params = {"ssid": "cert-check", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": server_cert,
-              "private_key": "auth_serv/server.key",
-              "dh_file": "auth_serv/dh.conf"}
-    hapd = hostapd.add_ap(apdev, params)
-    return hapd
-
-def load_certs():
-    with open("auth_serv/ca.pem", "rb") as f:
-        res = f.read()
-        cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                 res)
-
-    with open("auth_serv/ca-key.pem", "rb") as f:
-        res = f.read()
-        cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res)
-
-    with open("auth_serv/server.pem", "rb") as f:
-        res = f.read()
-        servercert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, res)
-
-    return cacert, cakey, servercert
-
-def start_cert(servercert, cacert, cn='server.w1.fi', v3=True):
-    cert = OpenSSL.crypto.X509()
-    cert.set_serial_number(12345)
-    cert.gmtime_adj_notBefore(-10)
-    cert.gmtime_adj_notAfter(1000)
-    cert.set_pubkey(servercert.get_pubkey())
-    dn = cert.get_subject()
-    dn.CN = cn
-    cert.set_subject(dn)
-    if v3:
-        cert.set_version(2)
-        cert.add_extensions([
-            OpenSSL.crypto.X509Extension(b"basicConstraints", True,
-                                         b"CA:FALSE"),
-            OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False,
-                                         b"hash", subject=cert),
-            OpenSSL.crypto.X509Extension(b"authorityKeyIdentifier", False,
-                                         b"keyid:always", issuer=cacert),
-        ])
-    return cert
-
-def sign_cert(cert, cert_file, cakey, cacert):
-    cert.set_issuer(cacert.get_subject())
-    cert.sign(cakey, "sha256")
-    with open(cert_file, 'wb') as f:
-        f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                cert))
-
-def check_connect(dev, fail=False, wait_error=None, **kwargs):
-    dev.connect("cert-check", key_mgmt="WPA-EAP", eap="TTLS",
-                identity="pap user", anonymous_identity="ttls",
-                password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                scan_freq="2412", wait_connect=False, **kwargs)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("EAP not started")
-    if fail:
-        if wait_error:
-            ev = dev.wait_event([wait_error], timeout=5)
-            if ev is None:
-                raise Exception("Specific error not reported")
-        ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-        if ev is None:
-            raise Exception("EAP failure not reported")
-    else:
-        dev.wait_connected()
-    dev.request("REMOVE_NETWORK all")
-    dev.request("ABORT_SCAN")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_cert_check_basic(dev, apdev, params):
-    """Basic test with generated X.509 server certificate"""
-    check_cert_check_support()
-    cert_file = os.path.join(params['logdir'], "cert_check_basic.pem")
-    cacert, cakey, servercert = load_certs()
-
-    cert = start_cert(servercert, cacert, v3=False)
-    sign_cert(cert, cert_file, cakey, cacert)
-    hapd = start_hapd(apdev[0], server_cert=cert_file)
-    check_connect(dev[0])
-
-def test_cert_check_v3(dev, apdev, params):
-    """Basic test with generated X.509v3 server certificate"""
-    check_cert_check_support()
-    cert_file = os.path.join(params['logdir'], "cert_check_v3.pem")
-    cacert, cakey, servercert = load_certs()
-
-    cert = start_cert(servercert, cacert)
-    sign_cert(cert, cert_file, cakey, cacert)
-    hapd = start_hapd(apdev[0], server_cert=cert_file)
-    check_connect(dev[0])
-
-def test_cert_check_dnsname(dev, apdev, params):
-    """Certificate check with multiple dNSName values"""
-    check_cert_check_support()
-    check_domain_suffix_match(dev[0])
-    check_domain_match(dev[0])
-    cert_file = os.path.join(params['logdir'], "cert_check_dnsname.pem")
-    cacert, cakey, servercert = load_certs()
-
-    cert = start_cert(servercert, cacert, cn="server")
-    dns = ["DNS:one.example.com", "DNS:two.example.com",
-           "DNS:three.example.com"]
-    cert.add_extensions([OpenSSL.crypto.X509Extension(b"subjectAltName", False,
-                                                      ",".join(dns).encode())])
-    sign_cert(cert, cert_file, cakey, cacert)
-    hapd = start_hapd(apdev[0], server_cert=cert_file)
-    check_connect(dev[0])
-
-    tests = ["two.example.com",
-             "one.example.com",
-             "tWo.Example.com",
-             "three.example.com",
-             "no.match.example.com;two.example.com;no.match.example.org",
-             "no.match.example.com;example.com;no.match.example.org",
-             "no.match.example.com;no.match.example.org;example.com",
-             "example.com",
-             "com"]
-    for match in tests:
-        check_connect(dev[0], domain_suffix_match=match)
-
-    tests = ["four.example.com",
-             "foo.one.example.com",
-             "no.match.example.org;no.match.example.com",
-             "xample.com"]
-    for match in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      domain_suffix_match=match)
-
-    tests = ["one.example.com",
-             "two.example.com",
-             "three.example.com",
-             "no.match.example.com;two.example.com;no.match.example.org",
-             "tWo.Example.Com"]
-    for match in tests:
-        check_connect(dev[0], domain_match=match)
-
-    tests = ["four.example.com",
-             "foo.one.example.com",
-             "example.com",
-             "xample.com",
-             "no.match.example.org;no.match.example.com",
-             "ne.example.com"]
-    for match in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      domain_match=match)
-
-def test_cert_check_dnsname_wildcard(dev, apdev, params):
-    """Certificate check with multiple dNSName wildcard values"""
-    check_cert_check_support()
-    check_domain_suffix_match(dev[0])
-    check_domain_match(dev[0])
-    cert_file = os.path.join(params['logdir'], "cert_check_dnsname.pem")
-    cacert, cakey, servercert = load_certs()
-
-    cert = start_cert(servercert, cacert, cn="server")
-    dns = ["DNS:*.one.example.com", "DNS:two.example.com",
-           "DNS:*.three.example.com"]
-    cert.add_extensions([OpenSSL.crypto.X509Extension(b"subjectAltName", False,
-                                                      ",".join(dns).encode())])
-    sign_cert(cert, cert_file, cakey, cacert)
-    hapd = start_hapd(apdev[0], server_cert=cert_file)
-    check_connect(dev[0])
-
-    tests = ["two.example.com",
-             "one.example.com",
-             "tWo.Example.com",
-             "three.example.com",
-             "no.match.example.com;two.example.com;no.match.example.org",
-             "no.match.example.com;example.com;no.match.example.org",
-             "no.match.example.com;no.match.example.org;example.com",
-             "example.com",
-             "com"]
-    for match in tests:
-        check_connect(dev[0], domain_suffix_match=match)
-
-    tests = ["four.example.com",
-             "foo.one.example.com",
-             "no.match.example.org;no.match.example.com",
-             "xample.com"]
-    for match in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      domain_suffix_match=match)
-
-    tests = ["*.one.example.com",
-             "two.example.com",
-             "*.three.example.com",
-             "no.match.example.com;two.example.com;no.match.example.org",
-             "tWo.Example.Com"]
-    for match in tests:
-        check_connect(dev[0], domain_match=match)
-
-    tests = ["four.example.com",
-             "foo.one.example.com",
-             "example.com",
-             "xample.com",
-             "no.match.example.org;no.match.example.com",
-             "one.example.com"]
-    for match in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      domain_match=match)
-
-def test_cert_check_dnsname_alt(dev, apdev, params):
-    """Certificate check with multiple dNSName values using altsubject_match"""
-    check_cert_check_support()
-    check_altsubject_match_support(dev[0])
-    cert_file = os.path.join(params['logdir'], "cert_check_dnsname_alt.pem")
-    cacert, cakey, servercert = load_certs()
-
-    cert = start_cert(servercert, cacert, cn="server")
-    dns = ["DNS:*.one.example.com", "DNS:two.example.com",
-           "DNS:*.three.example.com"]
-    cert.add_extensions([OpenSSL.crypto.X509Extension(b"subjectAltName", False,
-                                                      ",".join(dns).encode())])
-    sign_cert(cert, cert_file, cakey, cacert)
-    hapd = start_hapd(apdev[0], server_cert=cert_file)
-
-    tests = ["DNS:*.one.example.com",
-             "DNS:two.example.com",
-             "DNS:*.three.example.com",
-             "DNS:*.three.example.com;DNS:two.example.com;DNS:*.one.example.com",
-             "DNS:foo.example.org;DNS:two.example.com;DNS:bar.example.org"]
-    for alt in tests:
-        check_connect(dev[0], altsubject_match=alt)
-
-    tests = ["DNS:one.example.com",
-             "DNS:four.example.com;DNS:five.example.com"]
-    for alt in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      altsubject_match=alt)
-
-def test_cert_check_dnsname_cn(dev, apdev, params):
-    """Certificate check with dNSName in CN"""
-    check_cert_check_support()
-    check_domain_suffix_match(dev[0])
-    check_domain_match(dev[0])
-    cert_file = os.path.join(params['logdir'], "cert_check_dnsname_cn.pem")
-    cacert, cakey, servercert = load_certs()
-
-    cert = start_cert(servercert, cacert, cn="server.example.com")
-    sign_cert(cert, cert_file, cakey, cacert)
-    hapd = start_hapd(apdev[0], server_cert=cert_file)
-    check_connect(dev[0])
-
-    tests = ["server.example.com",
-             "example.com",
-             "eXample.Com",
-             "no.match.example.com;example.com;no.match.example.org",
-             "no.match.example.com;server.example.com;no.match.example.org",
-             "com"]
-    for match in tests:
-        check_connect(dev[0], domain_suffix_match=match)
-
-    tests = ["aaa.example.com",
-             "foo.server.example.com",
-             "no.match.example.org;no.match.example.com",
-             "xample.com"]
-    for match in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      domain_suffix_match=match)
-
-    tests = ["server.example.com",
-             "no.match.example.com;server.example.com;no.match.example.org",
-             "sErver.Example.Com"]
-    for match in tests:
-        check_connect(dev[0], domain_match=match)
-
-    tests = ["aaa.example.com",
-             "foo.server.example.com",
-             "example.com",
-             "no.match.example.org;no.match.example.com",
-             "xample.com"]
-    for match in tests:
-        check_connect(dev[0], fail=True,
-                      wait_error="CTRL-EVENT-EAP-TLS-CERT-ERROR",
-                      domain_match=match)
diff --git a/tests/hwsim/test_cfg80211.py b/tests/hwsim/test_cfg80211.py
deleted file mode 100644
index 3ee7a909b8ba..000000000000
--- a/tests/hwsim/test_cfg80211.py
+++ /dev/null
@@ -1,150 +0,0 @@
-# cfg80211 test cases
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import binascii
-import os
-import time
-
-import hostapd
-import hwsim_utils
-from tshark import run_tshark
-from nl80211 import *
-from wpasupplicant import WpaSupplicant
-from utils import *
-
-def nl80211_command(dev, cmd, attr):
-    res = dev.request("VENDOR ffffffff {} {}".format(nl80211_cmd[cmd],
-                                                     binascii.hexlify(attr).decode()))
-    if "FAIL" in res:
-        raise Exception("nl80211 command failed")
-    return binascii.unhexlify(res)
-
-@remote_compatible
-def test_cfg80211_disassociate(dev, apdev):
-    """cfg80211 disassociation command"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-
-    ifindex = int(dev[0].get_driver_status_field("ifindex"))
-    attrs = build_nl80211_attr_u32('IFINDEX', ifindex)
-    attrs += build_nl80211_attr_u16('REASON_CODE', 1)
-    attrs += build_nl80211_attr_mac('MAC', apdev[0]['bssid'])
-    nl80211_command(dev[0], 'DISASSOCIATE', attrs)
-
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No disconnection event received from hostapd")
-
-def nl80211_frame(dev, ifindex, frame, freq=None, duration=None, offchannel_tx_ok=False):
-    attrs = build_nl80211_attr_u32('IFINDEX', ifindex)
-    if freq is not None:
-        attrs += build_nl80211_attr_u32('WIPHY_FREQ', freq)
-    if duration is not None:
-        attrs += build_nl80211_attr_u32('DURATION', duration)
-    if offchannel_tx_ok:
-        attrs += build_nl80211_attr_flag('OFFCHANNEL_TX_OK')
-    attrs += build_nl80211_attr('FRAME', frame)
-    return parse_nl80211_attrs(nl80211_command(dev, 'FRAME', attrs))
-
-def nl80211_frame_wait_cancel(dev, ifindex, cookie):
-    attrs = build_nl80211_attr_u32('IFINDEX', ifindex)
-    attrs += build_nl80211_attr('COOKIE', cookie)
-    return nl80211_command(dev, 'FRAME_WAIT_CANCEL', attrs)
-
-def nl80211_remain_on_channel(dev, ifindex, freq, duration):
-    attrs = build_nl80211_attr_u32('IFINDEX', ifindex)
-    attrs += build_nl80211_attr_u32('WIPHY_FREQ', freq)
-    attrs += build_nl80211_attr_u32('DURATION', duration)
-    return nl80211_command(dev, 'REMAIN_ON_CHANNEL', attrs)
-
-def test_cfg80211_tx_frame(dev, apdev, params):
-    """cfg80211 offchannel TX frame command"""
-
-    dev[0].p2p_start_go(freq='2412')
-    go = WpaSupplicant(dev[0].group_ifname)
-    frame = binascii.unhexlify("d0000000020000000100" + go.own_addr().replace(':', '') + "02000000010000000409506f9a090001dd5e506f9a0902020025080401001f0502006414060500585804510b0906000200000000000b1000585804510b0102030405060708090a0b0d1d000200000000000108000000000000000000101100084465766963652041110500585804510bdd190050f204104a0001101012000200011049000600372a000120")
-    ifindex = int(go.get_driver_status_field("ifindex"))
-    res = nl80211_frame(go, ifindex, frame, freq=2422, duration=500,
-                        offchannel_tx_ok=True)
-    time.sleep(0.1)
-
-    # note: Uncommenting this seems to remove the incorrect channel issue
-    #nl80211_frame_wait_cancel(dev[0], ifindex, res[nl80211_attr['COOKIE']])
-
-    # note: this Action frame ends up getting sent incorrectly on 2422 MHz
-    nl80211_frame(go, ifindex, frame, freq=2412)
-    time.sleep(1.5)
-    # note: also the Deauthenticate frame sent by the GO going down ends up
-    # being transmitted incorrectly on 2422 MHz.
-
-    del go
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type_subtype == 13", ["radiotap.channel.freq"])
-    if out is not None:
-        freq = out.splitlines()
-        if len(freq) != 2:
-            raise Exception("Unexpected number of Action frames (%d)" % len(freq))
-        if freq[0] != "2422":
-            raise Exception("First Action frame on unexpected channel: %s MHz" % freq[0])
-        if freq[1] != "2412":
-            raise Exception("Second Action frame on unexpected channel: %s MHz" % freq[1])
-
-@remote_compatible
-def test_cfg80211_wep_key_idx_change(dev, apdev):
-    """WEP Shared Key authentication and key index change without deauth"""
-    check_wep_capa(dev[0])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-shared-key",
-                           "wep_key0": '"hello12345678"',
-                           "wep_key1": '"other12345678"',
-                           "auth_algs": "2"})
-    id = dev[0].connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                        wep_key0='"hello12345678"',
-                        wep_key1='"other12345678"',
-                        wep_tx_keyidx="0",
-                        scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[0].set_network(id, "wep_tx_keyidx", "1")
-
-    # clear cfg80211 auth state to allow new auth without deauth frame
-    ifindex = int(dev[0].get_driver_status_field("ifindex"))
-    attrs = build_nl80211_attr_u32('IFINDEX', ifindex)
-    attrs += build_nl80211_attr_u16('REASON_CODE', 1)
-    attrs += build_nl80211_attr_mac('MAC', apdev[0]['bssid'])
-    attrs += build_nl80211_attr_flag('LOCAL_STATE_CHANGE')
-    nl80211_command(dev[0], 'DEAUTHENTICATE', attrs)
-    dev[0].wait_disconnected(timeout=5, error="Local-deauth timed out")
-
-    # the previous command results in deauth event followed by auto-reconnect
-    dev[0].wait_connected(timeout=10, error="Reassociation timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_cfg80211_hostapd_ext_sta_remove(dev, apdev):
-    """cfg80211 DEL_STATION issued externally to hostapd"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    id = dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-    ifindex = int(hapd.get_driver_status_field("ifindex"))
-    attrs = build_nl80211_attr_u32('IFINDEX', ifindex)
-    attrs += build_nl80211_attr_u16('REASON_CODE', 1)
-    attrs += build_nl80211_attr_u8('MGMT_SUBTYPE', 12)
-    attrs += build_nl80211_attr_mac('MAC', dev[0].own_addr())
-    nl80211_command(hapd, 'DEL_STATION', attrs)
-
-    # Currently, hostapd ignores the NL80211_CMD_DEL_STATION event if
-    # drv->device_ap_sme == 0 (which is the case with mac80211_hwsim), so no
-    # further action happens here. If that event were to be used to remove the
-    # STA entry from hostapd even in device_ap_sme == 0 case, this test case
-    # could be extended to cover additional operations.
diff --git a/tests/hwsim/test_connect_cmd.py b/tests/hwsim/test_connect_cmd.py
deleted file mode 100644
index d101ee7052fc..000000000000
--- a/tests/hwsim/test_connect_cmd.py
+++ /dev/null
@@ -1,254 +0,0 @@
-# cfg80211 connect command (SME in the driver/firmware)
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import time
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from p2p_utils import *
-from utils import *
-
-def test_connect_cmd_open(dev, apdev):
-    """Open connection using cfg80211 connect command"""
-    params = {"ssid": "sta-connect",
-              "manage_p2p": "1",
-              "allow_cross_connection": "1"}
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412",
-                 bg_scan_period="1")
-    wpas.dump_monitor()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_wep(dev, apdev):
-    """WEP Open System using cfg80211 connect command"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    check_wep_capa(wpas)
-
-    params = {"ssid": "sta-connect-wep", "wep_key0": '"hello"'}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
-                 wep_key0='"hello"')
-    wpas.dump_monitor()
-    hwsim_utils.test_connectivity(wpas, hapd)
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_wep_shared(dev, apdev):
-    """WEP Shared key using cfg80211 connect command"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    check_wep_capa(wpas)
-
-    params = {"ssid": "sta-connect-wep", "wep_key0": '"hello"',
-              "auth_algs": "2"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    id = wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
-                      auth_alg="SHARED", wep_key0='"hello"')
-    wpas.dump_monitor()
-    hwsim_utils.test_connectivity(wpas, hapd)
-    wpas.request("DISCONNECT")
-    wpas.remove_network(id)
-    wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
-                 auth_alg="OPEN SHARED", wep_key0='"hello"')
-    wpas.dump_monitor()
-    hwsim_utils.test_connectivity(wpas, hapd)
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_p2p_management(dev, apdev):
-    """Open connection using cfg80211 connect command and AP using P2P management"""
-    params = {"ssid": "sta-connect",
-              "manage_p2p": "1",
-              "allow_cross_connection": "0"}
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412")
-    wpas.dump_monitor()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_wpa2_psk(dev, apdev):
-    """WPA2-PSK connection using cfg80211 connect command"""
-    params = hostapd.wpa2_params(ssid="sta-connect", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", psk="12345678", scan_freq="2412")
-    wpas.dump_monitor()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_concurrent_grpform_while_connecting(dev, apdev):
-    """Concurrent P2P group formation while connecting to an AP using cfg80211 connect command"""
-    logger.info("Start connection to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("test-open", key_mgmt="NONE", wait_connect=False)
-    wpas.dump_monitor()
-
-    logger.info("Form a P2P group while connecting to an AP")
-    wpas.request("SET p2p_no_group_iface 0")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_freq=2412,
-                                           r_dev=wpas, r_freq=2412)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], wpas)
-    wpas.dump_monitor()
-
-    logger.info("Confirm AP connection after P2P group removal")
-    hwsim_utils.test_connectivity(wpas, hapd)
-
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_reject_assoc(dev, apdev):
-    """Connection using cfg80211 connect command getting rejected"""
-    params = {"ssid": "sta-connect",
-              "require_ht": "1"}
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412",
-                 disable_ht="1", wait_connect=False)
-    ev = wpas.wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=15)
-    if ev is None:
-        raise Exception("Association rejection timed out")
-    if "status_code=27" not in ev:
-        raise Exception("Unexpected rejection status code")
-
-    wpas.request("DISCONNECT")
-    wpas.dump_monitor()
-
-def test_connect_cmd_disconnect_event(dev, apdev):
-    """Connection using cfg80211 connect command getting disconnected by the AP"""
-    params = {"ssid": "sta-connect"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412")
-
-    if "OK" not in hapd.request("DEAUTHENTICATE " + wpas.p2p_interface_addr()):
-        raise Exception("DEAUTHENTICATE command failed")
-    ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnection event timed out")
-    # This event was actually based on deauthenticate event since we force
-    # connect command to be used with a driver that supports auth+assoc for
-    # testing purposes. Anyway, wait some time to allow the debug log to capture
-    # the following NL80211_CMD_DISCONNECT event.
-    time.sleep(0.1)
-    wpas.dump_monitor()
-
-    # Clean up to avoid causing issue for following test cases
-    wpas.request("REMOVE_NETWORK all")
-    wpas.wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=2)
-    wpas.flush_scan_cache()
-    wpas.dump_monitor()
-    wpas.interface_remove("wlan5")
-    del wpas
-
-def test_connect_cmd_roam(dev, apdev):
-    """cfg80211 connect command to trigger roam"""
-    params = {"ssid": "sta-connect"}
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412")
-    wpas.dump_monitor()
-
-    hostapd.add_ap(apdev[1], params)
-    wpas.scan_for_bss(apdev[1]['bssid'], freq=2412, force_scan=True)
-    wpas.roam(apdev[1]['bssid'])
-    time.sleep(0.1)
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_wpa_psk_roam(dev, apdev):
-    """WPA2/WPA-PSK connection using cfg80211 connect command to trigger roam"""
-    params = hostapd.wpa2_params(ssid="sta-connect", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("sta-connect", psk="12345678", scan_freq="2412")
-    wpas.dump_monitor()
-
-    params = hostapd.wpa_params(ssid="sta-connect", passphrase="12345678")
-    hostapd.add_ap(apdev[1], params)
-    wpas.scan_for_bss(apdev[1]['bssid'], freq=2412, force_scan=True)
-    wpas.roam(apdev[1]['bssid'])
-    time.sleep(0.1)
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-def test_connect_cmd_bssid_hint(dev, apdev):
-    """cfg80211 connect command with bssid_hint"""
-    params = {"ssid": "sta-connect"}
-    hostapd.add_ap(apdev[0], params)
-    hostapd.add_ap(apdev[1], params)
-
-    # This does not really give full coverage with mac80211_hwsim since the
-    # driver does not end up claiming support for driver-based BSS selection.
-    # Anyway, some test coverage can be achieved for setting the parameter and
-    # checking that it does not prevent connection with another BSSID.
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412",
-                 bssid_hint=apdev[0]['bssid'])
-    wpas.request("REMOVE_NETWORK all")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-    wpas.request("BSS_FLUSH 0")
-    wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412",
-                 bssid_hint='22:33:44:55:66:77')
-    wpas.request("REMOVE_NETWORK all")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-    # Additional coverage using ap_scan=2 to prevent scan entry -based selection
-    # within wpa_supplicant from overriding bssid_hint.
-
-    try:
-        if "OK" not in wpas.request("AP_SCAN 2"):
-            raise Exception("Failed to set AP_SCAN 2")
-        wpas.request("BSS_FLUSH 0")
-        wpas.connect("sta-connect", key_mgmt="NONE", scan_freq="2412",
-                     bssid_hint='22:33:44:55:66:77')
-        wpas.request("REMOVE_NETWORK all")
-        wpas.wait_disconnected()
-        wpas.dump_monitor()
-    finally:
-        wpas.request("AP_SCAN 1")
-    wpas.flush_scan_cache()
diff --git a/tests/hwsim/test_dbus.py b/tests/hwsim/test_dbus.py
deleted file mode 100644
index 28fb05014736..000000000000
--- a/tests/hwsim/test_dbus.py
+++ /dev/null
@@ -1,6204 +0,0 @@
-# wpa_supplicant D-Bus interface tests
-# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import logging
-logger = logging.getLogger()
-import subprocess
-import time
-import shutil
-import struct
-import sys
-
-try:
-    if sys.version_info[0] > 2:
-        from gi.repository import GObject as gobject
-    else:
-        import gobject
-    import dbus
-    dbus_imported = True
-except ImportError:
-    dbus_imported = False
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from p2p_utils import *
-from test_ap_tdls import connect_2sta_open
-from test_ap_eap import check_altsubject_match_support
-from test_nfc_p2p import set_ip_addr_info
-from test_wpas_mesh import check_mesh_support, add_open_mesh_network
-
-WPAS_DBUS_SERVICE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_PATH = "/fi/w1/wpa_supplicant1"
-WPAS_DBUS_IFACE = "fi.w1.wpa_supplicant1.Interface"
-WPAS_DBUS_IFACE_WPS = WPAS_DBUS_IFACE + ".WPS"
-WPAS_DBUS_NETWORK = "fi.w1.wpa_supplicant1.Network"
-WPAS_DBUS_BSS = "fi.w1.wpa_supplicant1.BSS"
-WPAS_DBUS_IFACE_P2PDEVICE = WPAS_DBUS_IFACE + ".P2PDevice"
-WPAS_DBUS_P2P_PEER = "fi.w1.wpa_supplicant1.Peer"
-WPAS_DBUS_GROUP = "fi.w1.wpa_supplicant1.Group"
-WPAS_DBUS_PERSISTENT_GROUP = "fi.w1.wpa_supplicant1.PersistentGroup"
-WPAS_DBUS_IFACE_MESH = WPAS_DBUS_IFACE + ".Mesh"
-
-def prepare_dbus(dev):
-    if not dbus_imported:
-        logger.info("No dbus module available")
-        raise HwsimSkip("No dbus module available")
-    try:
-        from dbus.mainloop.glib import DBusGMainLoop
-        dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
-        bus = dbus.SystemBus()
-        wpas_obj = bus.get_object(WPAS_DBUS_SERVICE, WPAS_DBUS_PATH)
-        wpas = dbus.Interface(wpas_obj, WPAS_DBUS_SERVICE)
-        path = wpas.GetInterface(dev.ifname)
-        if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-        return (bus, wpas_obj, path, if_obj)
-    except Exception as e:
-        raise HwsimSkip("Could not connect to D-Bus: %s" % e)
-
-class TestDbus(object):
-    def __init__(self, bus):
-        self.loop = gobject.MainLoop()
-        self.signals = []
-        self.bus = bus
-
-    def __exit__(self, type, value, traceback):
-        for s in self.signals:
-            s.remove()
-
-    def add_signal(self, handler, interface, name, byte_arrays=False):
-        s = self.bus.add_signal_receiver(handler, dbus_interface=interface,
-                                         signal_name=name,
-                                         byte_arrays=byte_arrays)
-        self.signals.append(s)
-
-    def timeout(self, *args):
-        logger.debug("timeout")
-        self.loop.quit()
-        return False
-
-class alloc_fail_dbus(object):
-    def __init__(self, dev, count, funcs, operation="Operation",
-                 expected="NoMemory"):
-        self._dev = dev
-        self._count = count
-        self._funcs = funcs
-        self._operation = operation
-        self._expected = expected
-    def __enter__(self):
-        cmd = "TEST_ALLOC_FAIL %d:%s" % (self._count, self._funcs)
-        if "OK" not in self._dev.request(cmd):
-            raise HwsimSkip("TEST_ALLOC_FAIL not supported")
-    def __exit__(self, type, value, traceback):
-        if type is None:
-            raise Exception("%s succeeded during out-of-memory" % self._operation)
-        if type == dbus.exceptions.DBusException and self._expected in str(value):
-            return True
-        if self._dev.request("GET_ALLOC_FAIL") != "0:%s" % self._funcs:
-            raise Exception("%s did not trigger allocation failure" % self._operation)
-        return False
-
-def start_ap(ap, ssid="test-wps",
-             ap_uuid="27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"):
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "ap_pin": "12345670", "uuid": ap_uuid}
-    return hostapd.add_ap(ap, params)
-
-def test_dbus_getall(dev, apdev):
-    """D-Bus GetAll"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    props = wpas_obj.GetAll(WPAS_DBUS_SERVICE,
-                            dbus_interface=dbus.PROPERTIES_IFACE)
-    logger.debug("GetAll(fi.w1.wpa.supplicant1, /fi/w1/wpa_supplicant1) ==> " + str(props))
-
-    props = if_obj.GetAll(WPAS_DBUS_IFACE,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-    logger.debug("GetAll(%s, %s): %s" % (WPAS_DBUS_IFACE, path, str(props)))
-
-    props = if_obj.GetAll(WPAS_DBUS_IFACE_WPS,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-    logger.debug("GetAll(%s, %s): %s" % (WPAS_DBUS_IFACE_WPS, path, str(props)))
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'BSSs',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 0:
-        raise Exception("Unexpected BSSs entry: " + str(res))
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'Networks',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 0:
-        raise Exception("Unexpected Networks entry: " + str(res))
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq=2412)
-    id = dev[0].add_network()
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].set_network_quoted(id, "ssid", "test")
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'BSSs',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 1:
-        raise Exception("Missing BSSs entry: " + str(res))
-    bss_obj = bus.get_object(WPAS_DBUS_SERVICE, res[0])
-    props = bss_obj.GetAll(WPAS_DBUS_BSS, dbus_interface=dbus.PROPERTIES_IFACE)
-    logger.debug("GetAll(%s, %s): %s" % (WPAS_DBUS_BSS, res[0], str(props)))
-    bssid_str = ''
-    for item in props['BSSID']:
-        if len(bssid_str) > 0:
-            bssid_str += ':'
-        bssid_str += '%02x' % item
-    if bssid_str != bssid:
-        raise Exception("Unexpected BSSID in BSSs entry")
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'Networks',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 1:
-        raise Exception("Missing Networks entry: " + str(res))
-    net_obj = bus.get_object(WPAS_DBUS_SERVICE, res[0])
-    props = net_obj.GetAll(WPAS_DBUS_NETWORK,
-                           dbus_interface=dbus.PROPERTIES_IFACE)
-    logger.debug("GetAll(%s, %s): %s" % (WPAS_DBUS_NETWORK, res[0], str(props)))
-    ssid = props['Properties']['ssid']
-    if ssid != '"test"':
-        raise Exception("Unexpected SSID in network entry")
-
-def test_dbus_getall_oom(dev, apdev):
-    """D-Bus GetAll wpa_config_get_all() OOM"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].set_network_quoted(id, "ssid", "test")
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'Networks',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 1:
-        raise Exception("Missing Networks entry: " + str(res))
-    net_obj = bus.get_object(WPAS_DBUS_SERVICE, res[0])
-    for i in range(1, 50):
-        with alloc_fail(dev[0], i, "wpa_config_get_all"):
-            try:
-                props = net_obj.GetAll(WPAS_DBUS_NETWORK,
-                                       dbus_interface=dbus.PROPERTIES_IFACE)
-            except dbus.exceptions.DBusException as e:
-                pass
-
-def dbus_get(dbus, wpas_obj, prop, expect=None, byte_arrays=False):
-    val = wpas_obj.Get(WPAS_DBUS_SERVICE, prop,
-                       dbus_interface=dbus.PROPERTIES_IFACE,
-                       byte_arrays=byte_arrays)
-    if expect is not None and val != expect:
-        raise Exception("Unexpected %s: %s (expected: %s)" %
-                        (prop, str(val), str(expect)))
-    return val
-
-def dbus_set(dbus, wpas_obj, prop, val):
-    wpas_obj.Set(WPAS_DBUS_SERVICE, prop, val,
-                 dbus_interface=dbus.PROPERTIES_IFACE)
-
-def test_dbus_properties(dev, apdev):
-    """D-Bus Get/Set fi.w1.wpa_supplicant1 properties"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    dbus_get(dbus, wpas_obj, "DebugLevel", expect="msgdump")
-    dbus_set(dbus, wpas_obj, "DebugLevel", "debug")
-    dbus_get(dbus, wpas_obj, "DebugLevel", expect="debug")
-    for (val, err) in [(3, "Error.Failed: wrong property type"),
-                       ("foo", "Error.Failed: wrong debug level value")]:
-        try:
-            dbus_set(dbus, wpas_obj, "DebugLevel", val)
-            raise Exception("Invalid DebugLevel value accepted: " + str(val))
-        except dbus.exceptions.DBusException as e:
-            if err not in str(e):
-                raise Exception("Unexpected error message: " + str(e))
-    dbus_set(dbus, wpas_obj, "DebugLevel", "msgdump")
-    dbus_get(dbus, wpas_obj, "DebugLevel", expect="msgdump")
-
-    dbus_get(dbus, wpas_obj, "DebugTimestamp", expect=True)
-    dbus_set(dbus, wpas_obj, "DebugTimestamp", False)
-    dbus_get(dbus, wpas_obj, "DebugTimestamp", expect=False)
-    try:
-        dbus_set(dbus, wpas_obj, "DebugTimestamp", "foo")
-        raise Exception("Invalid DebugTimestamp value accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-    dbus_set(dbus, wpas_obj, "DebugTimestamp", True)
-    dbus_get(dbus, wpas_obj, "DebugTimestamp", expect=True)
-
-    dbus_get(dbus, wpas_obj, "DebugShowKeys", expect=True)
-    dbus_set(dbus, wpas_obj, "DebugShowKeys", False)
-    dbus_get(dbus, wpas_obj, "DebugShowKeys", expect=False)
-    try:
-        dbus_set(dbus, wpas_obj, "DebugShowKeys", "foo")
-        raise Exception("Invalid DebugShowKeys value accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-    dbus_set(dbus, wpas_obj, "DebugShowKeys", True)
-    dbus_get(dbus, wpas_obj, "DebugShowKeys", expect=True)
-
-    res = dbus_get(dbus, wpas_obj, "Interfaces")
-    if len(res) != 1:
-        raise Exception("Unexpected Interfaces value: " + str(res))
-
-    res = dbus_get(dbus, wpas_obj, "EapMethods")
-    if len(res) < 5 or "TTLS" not in res:
-        raise Exception("Unexpected EapMethods value: " + str(res))
-
-    res = dbus_get(dbus, wpas_obj, "Capabilities")
-    if len(res) < 2 or "p2p" not in res:
-        raise Exception("Unexpected Capabilities value: " + str(res))
-
-    dbus_get(dbus, wpas_obj, "WFDIEs", byte_arrays=True)
-    val = binascii.unhexlify("010006020304050608")
-    dbus_set(dbus, wpas_obj, "WFDIEs", dbus.ByteArray(val))
-    res = dbus_get(dbus, wpas_obj, "WFDIEs", byte_arrays=True)
-    if val != res:
-        raise Exception("WFDIEs value changed")
-    try:
-        dbus_set(dbus, wpas_obj, "WFDIEs", dbus.ByteArray(b'\x00'))
-        raise Exception("Invalid WFDIEs value accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-    dbus_set(dbus, wpas_obj, "WFDIEs", dbus.ByteArray(b''))
-    dbus_set(dbus, wpas_obj, "WFDIEs", dbus.ByteArray(val))
-    dbus_set(dbus, wpas_obj, "WFDIEs", dbus.ByteArray(b''))
-    res = dbus_get(dbus, wpas_obj, "WFDIEs", byte_arrays=True)
-    if len(res) != 0:
-        raise Exception("WFDIEs not cleared properly")
-
-    res = dbus_get(dbus, wpas_obj, "EapMethods")
-    try:
-        dbus_set(dbus, wpas_obj, "EapMethods", res)
-        raise Exception("Invalid Set accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: Property is read-only" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        wpas_obj.SetFoo(WPAS_DBUS_SERVICE, "DebugShowKeys", True,
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Unknown method accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownMethod" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        wpas_obj.Get("foo", "DebugShowKeys",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Get accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: No such property" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    test_obj = bus.get_object(WPAS_DBUS_SERVICE, WPAS_DBUS_PATH,
-                              introspect=False)
-    try:
-        test_obj.Get(123, "DebugShowKeys",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Get accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: Invalid arguments" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-    try:
-        test_obj.Get(WPAS_DBUS_SERVICE, 123,
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Get accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: Invalid arguments" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        wpas_obj.Set(WPAS_DBUS_SERVICE, "WFDIEs",
-                     dbus.ByteArray(b'', variant_level=2),
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: invalid message format" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-def test_dbus_set_global_properties(dev, apdev):
-    """D-Bus Get/Set fi.w1.wpa_supplicant1 interface global properties"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    dev[0].set("model_name", "")
-    props = [('Okc', '0', '1'), ('ModelName', '', 'blahblahblah')]
-
-    for p in props:
-        res = if_obj.Get(WPAS_DBUS_IFACE, p[0],
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if res != p[1]:
-            raise Exception("Unexpected " + p[0] + " value: " + str(res))
-
-        if_obj.Set(WPAS_DBUS_IFACE, p[0], p[2],
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-
-        res = if_obj.Get(WPAS_DBUS_IFACE, p[0],
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if res != p[2]:
-            raise Exception("Unexpected " + p[0] + " value after set: " + str(res))
-    dev[0].set("model_name", "")
-
-def test_dbus_invalid_method(dev, apdev):
-    """D-Bus invalid method"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    try:
-        wps.Foo()
-        raise Exception("Unknown method accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownMethod" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    test_obj = bus.get_object(WPAS_DBUS_SERVICE, path, introspect=False)
-    test_wps = dbus.Interface(test_obj, WPAS_DBUS_IFACE_WPS)
-    try:
-        test_wps.Start(123)
-        raise Exception("WPS.Start with incorrect signature accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: Invalid arg" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-def test_dbus_get_set_wps(dev, apdev):
-    """D-Bus Get/Set for WPS properties"""
-    try:
-        _test_dbus_get_set_wps(dev, apdev)
-    finally:
-        dev[0].request("SET wps_cred_processing 0")
-        dev[0].request("SET config_methods display keypad virtual_display nfc_interface p2ps")
-        dev[0].set("device_name", "Device A")
-        dev[0].set("manufacturer", "")
-        dev[0].set("model_name", "")
-        dev[0].set("model_number", "")
-        dev[0].set("serial_number", "")
-        dev[0].set("device_type", "0-00000000-0")
-
-def _test_dbus_get_set_wps(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    if_obj.Get(WPAS_DBUS_IFACE_WPS, "ConfigMethods",
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-    val = "display keypad virtual_display nfc_interface"
-    dev[0].request("SET config_methods " + val)
-
-    config = if_obj.Get(WPAS_DBUS_IFACE_WPS, "ConfigMethods",
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-    if config != val:
-        raise Exception("Unexpected Get(ConfigMethods) result: " + config)
-
-    val2 = "push_button display"
-    if_obj.Set(WPAS_DBUS_IFACE_WPS, "ConfigMethods", val2,
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    config = if_obj.Get(WPAS_DBUS_IFACE_WPS, "ConfigMethods",
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-    if config != val2:
-        raise Exception("Unexpected Get(ConfigMethods) result after Set: " + config)
-
-    dev[0].request("SET config_methods " + val)
-
-    for i in range(3):
-        dev[0].request("SET wps_cred_processing " + str(i))
-        val = if_obj.Get(WPAS_DBUS_IFACE_WPS, "ProcessCredentials",
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        expected_val = False if i == 1 else True
-        if val != expected_val:
-            raise Exception("Unexpected Get(ProcessCredentials) result({}): {}".format(i, val))
-
-    tests = [("device_name", "DeviceName"),
-             ("manufacturer", "Manufacturer"),
-             ("model_name", "ModelName"),
-             ("model_number", "ModelNumber"),
-             ("serial_number", "SerialNumber")]
-
-    for f1, f2 in tests:
-        val2 = "test-value-test"
-        dev[0].set(f1, val2)
-        val = if_obj.Get(WPAS_DBUS_IFACE_WPS, f2,
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if val != val2:
-            raise Exception("Get(%s) returned unexpected value" % f2)
-        val2 = "TEST-value"
-        if_obj.Set(WPAS_DBUS_IFACE_WPS, f2, val2,
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        val = if_obj.Get(WPAS_DBUS_IFACE_WPS, f2,
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if val != val2:
-            raise Exception("Get(%s) returned unexpected value after Set" % f2)
-
-    dev[0].set("device_type", "5-0050F204-1")
-    val = if_obj.Get(WPAS_DBUS_IFACE_WPS, "DeviceType",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if val[0] != 0x00 or val[1] != 0x05 != val[2] != 0x00 or val[3] != 0x50 or val[4] != 0xf2 or val[5] != 0x04 or val[6] != 0x00 or val[7] != 0x01:
-        raise Exception("DeviceType mismatch")
-    if_obj.Set(WPAS_DBUS_IFACE_WPS, "DeviceType", val,
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    val = if_obj.Get(WPAS_DBUS_IFACE_WPS, "DeviceType",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if val[0] != 0x00 or val[1] != 0x05 != val[2] != 0x00 or val[3] != 0x50 or val[4] != 0xf2 or val[5] != 0x04 or val[6] != 0x00 or val[7] != 0x01:
-        raise Exception("DeviceType mismatch after Set")
-
-    val2 = b'\x01\x02\x03\x04\x05\x06\x07\x08'
-    if_obj.Set(WPAS_DBUS_IFACE_WPS, "DeviceType", dbus.ByteArray(val2),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    val = if_obj.Get(WPAS_DBUS_IFACE_WPS, "DeviceType",
-                     dbus_interface=dbus.PROPERTIES_IFACE,
-                     byte_arrays=True)
-    if val != val2:
-        raise Exception("DeviceType mismatch after Set (2)")
-
-    class TestDbusGetSet(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.signal_received = False
-            self.signal_received_deprecated = False
-            self.sets_done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_sets)
-            gobject.timeout_add(1000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE_WPS,
-                            "PropertiesChanged")
-            self.add_signal(self.propertiesChanged2, dbus.PROPERTIES_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("PropertiesChanged: " + str(properties))
-            if "ProcessCredentials" in properties:
-                self.signal_received_deprecated = True
-                if self.sets_done and self.signal_received:
-                    self.loop.quit()
-
-        def propertiesChanged2(self, interface_name, changed_properties,
-                               invalidated_properties):
-            logger.debug("propertiesChanged2: interface_name=%s changed_properties=%s invalidated_properties=%s" % (interface_name, str(changed_properties), str(invalidated_properties)))
-            if interface_name != WPAS_DBUS_IFACE_WPS:
-                return
-            if "ProcessCredentials" in changed_properties:
-                self.signal_received = True
-                if self.sets_done and self.signal_received_deprecated:
-                    self.loop.quit()
-
-        def run_sets(self, *args):
-            logger.debug("run_sets")
-            if_obj.Set(WPAS_DBUS_IFACE_WPS, "ProcessCredentials",
-                       dbus.Boolean(1),
-                       dbus_interface=dbus.PROPERTIES_IFACE)
-            if if_obj.Get(WPAS_DBUS_IFACE_WPS, "ProcessCredentials",
-                          dbus_interface=dbus.PROPERTIES_IFACE) != True:
-                raise Exception("Unexpected Get(ProcessCredentials) result after Set")
-            if_obj.Set(WPAS_DBUS_IFACE_WPS, "ProcessCredentials",
-                       dbus.Boolean(0),
-                       dbus_interface=dbus.PROPERTIES_IFACE)
-            if if_obj.Get(WPAS_DBUS_IFACE_WPS, "ProcessCredentials",
-                          dbus_interface=dbus.PROPERTIES_IFACE) != False:
-                raise Exception("Unexpected Get(ProcessCredentials) result after Set")
-
-            self.dbus_sets_done = True
-            return False
-
-        def success(self):
-            return self.signal_received and self.signal_received_deprecated
-
-    with TestDbusGetSet(bus) as t:
-        if not t.success():
-            raise Exception("No signal received for ProcessCredentials change")
-
-def test_dbus_wps_invalid(dev, apdev):
-    """D-Bus invaldi WPS operation"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    failures = [{'Role': 'foo', 'Type': 'pbc'},
-                {'Role': 123, 'Type': 'pbc'},
-                {'Type': 'pbc'},
-                {'Role': 'enrollee'},
-                {'Role': 'registrar'},
-                {'Role': 'enrollee', 'Type': 123},
-                {'Role': 'enrollee', 'Type': 'foo'},
-                {'Role': 'enrollee', 'Type': 'pbc',
-                 'Bssid': '02:33:44:55:66:77'},
-                {'Role': 'enrollee', 'Type': 'pin', 'Pin': 123},
-                {'Role': 'enrollee', 'Type': 'pbc',
-                 'Bssid': dbus.ByteArray(b'12345')},
-                {'Role': 'enrollee', 'Type': 'pbc',
-                 'P2PDeviceAddress': 12345},
-                {'Role': 'enrollee', 'Type': 'pbc',
-                 'P2PDeviceAddress': dbus.ByteArray(b'12345')},
-                {'Role': 'enrollee', 'Type': 'pbc', 'Foo': 'bar'}]
-    for args in failures:
-        try:
-            wps.Start(args)
-            raise Exception("Invalid WPS.Start() arguments accepted: " + str(args))
-        except dbus.exceptions.DBusException as e:
-            if not str(e).startswith("fi.w1.wpa_supplicant1.InvalidArgs"):
-                raise Exception("Unexpected error message: " + str(e))
-
-def test_dbus_wps_oom(dev, apdev):
-    """D-Bus WPS operation (OOM)"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    with alloc_fail_dbus(dev[0], 1, "=wpas_dbus_getter_state", "Get"):
-        if_obj.Get(WPAS_DBUS_IFACE, "State",
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq=2412)
-
-    time.sleep(0.05)
-    for i in range(1, 3):
-        with alloc_fail_dbus(dev[0], i, "=wpas_dbus_getter_bsss", "Get"):
-            if_obj.Get(WPAS_DBUS_IFACE, "BSSs",
-                       dbus_interface=dbus.PROPERTIES_IFACE)
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'BSSs',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    bss_obj = bus.get_object(WPAS_DBUS_SERVICE, res[0])
-    with alloc_fail_dbus(dev[0], 1, "=wpas_dbus_getter_bss_rates", "Get"):
-        bss_obj.Get(WPAS_DBUS_BSS, "Rates",
-                    dbus_interface=dbus.PROPERTIES_IFACE)
-    with alloc_fail(dev[0], 1,
-                    "wpa_bss_get_bit_rates;wpas_dbus_getter_bss_rates"):
-        try:
-            bss_obj.Get(WPAS_DBUS_BSS, "Rates",
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-        except dbus.exceptions.DBusException as e:
-            pass
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].set_network_quoted(id, "ssid", "test")
-
-    for i in range(1, 3):
-        with alloc_fail_dbus(dev[0], i, "=wpas_dbus_getter_networks", "Get"):
-            if_obj.Get(WPAS_DBUS_IFACE, "Networks",
-                       dbus_interface=dbus.PROPERTIES_IFACE)
-
-    with alloc_fail_dbus(dev[0], 1, "wpas_dbus_getter_interfaces", "Get"):
-        dbus_get(dbus, wpas_obj, "Interfaces")
-
-    for i in range(1, 6):
-        with alloc_fail_dbus(dev[0], i, "=eap_get_names_as_string_array;wpas_dbus_getter_eap_methods", "Get"):
-            dbus_get(dbus, wpas_obj, "EapMethods")
-
-    with alloc_fail_dbus(dev[0], 1, "wpas_dbus_setter_config_methods", "Set",
-                         expected="Error.Failed: Failed to set property"):
-        val2 = "push_button display"
-        if_obj.Set(WPAS_DBUS_IFACE_WPS, "ConfigMethods", val2,
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-
-    with alloc_fail_dbus(dev[0], 1, "=wpa_config_add_network;wpas_dbus_handler_wps_start",
-                         "WPS.Start",
-                         expected="UnknownError: WPS start failed"):
-        wps.Start({'Role': 'enrollee', 'Type': 'pin', 'Pin': '12345670'})
-
-def test_dbus_wps_pbc(dev, apdev):
-    """D-Bus WPS/PBC operation and signals"""
-    try:
-        _test_dbus_wps_pbc(dev, apdev)
-    finally:
-        dev[0].request("SET wps_cred_processing 0")
-
-def _test_dbus_wps_pbc(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    hapd.request("WPS_PBC")
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET wps_cred_processing 2")
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, 'BSSs',
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 1:
-        raise Exception("Missing BSSs entry: " + str(res))
-    bss_obj = bus.get_object(WPAS_DBUS_SERVICE, res[0])
-    props = bss_obj.GetAll(WPAS_DBUS_BSS, dbus_interface=dbus.PROPERTIES_IFACE)
-    logger.debug("GetAll(%s, %s): %s" % (WPAS_DBUS_BSS, res[0], str(props)))
-    if 'WPS' not in props:
-        raise Exception("No WPS information in the BSS entry")
-    if 'Type' not in props['WPS']:
-        raise Exception("No Type field in the WPS dictionary")
-    if props['WPS']['Type'] != 'pbc':
-        raise Exception("Unexpected WPS Type: " + props['WPS']['Type'])
-
-    class TestDbusWps(TestDbus):
-        def __init__(self, bus, wps):
-            TestDbus.__init__(self, bus)
-            self.success_seen = False
-            self.credentials_received = False
-            self.wps = wps
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.start_pbc)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.wpsEvent, WPAS_DBUS_IFACE_WPS, "Event")
-            self.add_signal(self.credentials, WPAS_DBUS_IFACE_WPS,
-                            "Credentials")
-            self.loop.run()
-            return self
-
-        def wpsEvent(self, name, args):
-            logger.debug("wpsEvent: %s args='%s'" % (name, str(args)))
-            if name == "success":
-                self.success_seen = True
-                if self.credentials_received:
-                    self.loop.quit()
-
-        def credentials(self, args):
-            logger.debug("credentials: " + str(args))
-            self.credentials_received = True
-            if self.success_seen:
-                self.loop.quit()
-
-        def start_pbc(self, *args):
-            logger.debug("start_pbc")
-            self.wps.Start({'Role': 'enrollee', 'Type': 'pbc'})
-            return False
-
-        def success(self):
-            return self.success_seen and self.credentials_received
-
-    with TestDbusWps(bus, wps) as t:
-        if not t.success():
-            raise Exception("Failure in D-Bus operations")
-
-    dev[0].wait_connected(timeout=10)
-    dev[0].request("DISCONNECT")
-    hapd.disable()
-    dev[0].flush_scan_cache()
-
-def test_dbus_wps_pbc_overlap(dev, apdev):
-    """D-Bus WPS/PBC operation and signal for PBC overlap"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    hapd2 = start_ap(apdev[1], ssid="test-wps2",
-                     ap_uuid="27ea801a-9e5c-4e73-bd82-f89cbcd10d7f")
-    hapd.request("WPS_PBC")
-    hapd2.request("WPS_PBC")
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq="2412")
-    bssid2 = apdev[1]['bssid']
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    class TestDbusWps(TestDbus):
-        def __init__(self, bus, wps):
-            TestDbus.__init__(self, bus)
-            self.overlap_seen = False
-            self.wps = wps
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.start_pbc)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.wpsEvent, WPAS_DBUS_IFACE_WPS, "Event")
-            self.loop.run()
-            return self
-
-        def wpsEvent(self, name, args):
-            logger.debug("wpsEvent: %s args='%s'" % (name, str(args)))
-            if name == "pbc-overlap":
-                self.overlap_seen = True
-                self.loop.quit()
-
-        def start_pbc(self, *args):
-            logger.debug("start_pbc")
-            self.wps.Start({'Role': 'enrollee', 'Type': 'pbc'})
-            return False
-
-        def success(self):
-            return self.overlap_seen
-
-    with TestDbusWps(bus, wps) as t:
-        if not t.success():
-            raise Exception("Failure in D-Bus operations")
-
-    dev[0].request("WPS_CANCEL")
-    dev[0].request("DISCONNECT")
-    hapd.disable()
-    dev[0].flush_scan_cache()
-
-def test_dbus_wps_pin(dev, apdev):
-    """D-Bus WPS/PIN operation and signals"""
-    try:
-        _test_dbus_wps_pin(dev, apdev)
-    finally:
-        dev[0].request("SET wps_cred_processing 0")
-
-def _test_dbus_wps_pin(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    hapd.request("WPS_PIN any 12345670")
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET wps_cred_processing 2")
-
-    class TestDbusWps(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.success_seen = False
-            self.credentials_received = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.start_pin)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.wpsEvent, WPAS_DBUS_IFACE_WPS, "Event")
-            self.add_signal(self.credentials, WPAS_DBUS_IFACE_WPS,
-                            "Credentials")
-            self.loop.run()
-            return self
-
-        def wpsEvent(self, name, args):
-            logger.debug("wpsEvent: %s args='%s'" % (name, str(args)))
-            if name == "success":
-                self.success_seen = True
-                if self.credentials_received:
-                    self.loop.quit()
-
-        def credentials(self, args):
-            logger.debug("credentials: " + str(args))
-            self.credentials_received = True
-            if self.success_seen:
-                self.loop.quit()
-
-        def start_pin(self, *args):
-            logger.debug("start_pin")
-            bssid_ay = dbus.ByteArray(binascii.unhexlify(bssid.replace(':', '').encode()))
-            wps.Start({'Role': 'enrollee', 'Type': 'pin', 'Pin': '12345670',
-                       'Bssid': bssid_ay})
-            return False
-
-        def success(self):
-            return self.success_seen and self.credentials_received
-
-    with TestDbusWps(bus) as t:
-        if not t.success():
-            raise Exception("Failure in D-Bus operations")
-
-    dev[0].wait_connected(timeout=10)
-
-def test_dbus_wps_pin2(dev, apdev):
-    """D-Bus WPS/PIN operation and signals (PIN from wpa_supplicant)"""
-    try:
-        _test_dbus_wps_pin2(dev, apdev)
-    finally:
-        dev[0].request("SET wps_cred_processing 0")
-
-def _test_dbus_wps_pin2(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET wps_cred_processing 2")
-
-    class TestDbusWps(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.success_seen = False
-            self.failed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.start_pin)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.wpsEvent, WPAS_DBUS_IFACE_WPS, "Event")
-            self.add_signal(self.credentials, WPAS_DBUS_IFACE_WPS,
-                            "Credentials")
-            self.loop.run()
-            return self
-
-        def wpsEvent(self, name, args):
-            logger.debug("wpsEvent: %s args='%s'" % (name, str(args)))
-            if name == "success":
-                self.success_seen = True
-                if self.credentials_received:
-                    self.loop.quit()
-
-        def credentials(self, args):
-            logger.debug("credentials: " + str(args))
-            self.credentials_received = True
-            if self.success_seen:
-                self.loop.quit()
-
-        def start_pin(self, *args):
-            logger.debug("start_pin")
-            bssid_ay = dbus.ByteArray(binascii.unhexlify(bssid.replace(':', '').encode()))
-            res = wps.Start({'Role': 'enrollee', 'Type': 'pin',
-                             'Bssid': bssid_ay})
-            pin = res['Pin']
-            h = hostapd.Hostapd(apdev[0]['ifname'])
-            h.request("WPS_PIN any " + pin)
-            return False
-
-        def success(self):
-            return self.success_seen and self.credentials_received
-
-    with TestDbusWps(bus) as t:
-        if not t.success():
-            raise Exception("Failure in D-Bus operations")
-
-    dev[0].wait_connected(timeout=10)
-
-def test_dbus_wps_pin_m2d(dev, apdev):
-    """D-Bus WPS/PIN operation and signals with M2D"""
-    try:
-        _test_dbus_wps_pin_m2d(dev, apdev)
-    finally:
-        dev[0].request("SET wps_cred_processing 0")
-
-def _test_dbus_wps_pin_m2d(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET wps_cred_processing 2")
-
-    class TestDbusWps(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.success_seen = False
-            self.credentials_received = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.start_pin)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.wpsEvent, WPAS_DBUS_IFACE_WPS, "Event")
-            self.add_signal(self.credentials, WPAS_DBUS_IFACE_WPS,
-                            "Credentials")
-            self.loop.run()
-            return self
-
-        def wpsEvent(self, name, args):
-            logger.debug("wpsEvent: %s args='%s'" % (name, str(args)))
-            if name == "success":
-                self.success_seen = True
-                if self.credentials_received:
-                    self.loop.quit()
-            elif name == "m2d":
-                h = hostapd.Hostapd(apdev[0]['ifname'])
-                h.request("WPS_PIN any 12345670")
-
-        def credentials(self, args):
-            logger.debug("credentials: " + str(args))
-            self.credentials_received = True
-            if self.success_seen:
-                self.loop.quit()
-
-        def start_pin(self, *args):
-            logger.debug("start_pin")
-            bssid_ay = dbus.ByteArray(binascii.unhexlify(bssid.replace(':', '').encode()))
-            wps.Start({'Role': 'enrollee', 'Type': 'pin', 'Pin': '12345670',
-                       'Bssid': bssid_ay})
-            return False
-
-        def success(self):
-            return self.success_seen and self.credentials_received
-
-    with TestDbusWps(bus) as t:
-        if not t.success():
-            raise Exception("Failure in D-Bus operations")
-
-    dev[0].wait_connected(timeout=10)
-
-def test_dbus_wps_reg(dev, apdev):
-    """D-Bus WPS/Registrar operation and signals"""
-    try:
-        _test_dbus_wps_reg(dev, apdev)
-    finally:
-        dev[0].request("SET wps_cred_processing 0")
-
-def _test_dbus_wps_reg(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    hapd.request("WPS_PIN any 12345670")
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].request("SET wps_cred_processing 2")
-
-    class TestDbusWps(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.credentials_received = False
-
-        def __enter__(self):
-            gobject.timeout_add(100, self.start_reg)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.wpsEvent, WPAS_DBUS_IFACE_WPS, "Event")
-            self.add_signal(self.credentials, WPAS_DBUS_IFACE_WPS,
-                            "Credentials")
-            self.loop.run()
-            return self
-
-        def wpsEvent(self, name, args):
-            logger.debug("wpsEvent: %s args='%s'" % (name, str(args)))
-
-        def credentials(self, args):
-            logger.debug("credentials: " + str(args))
-            self.credentials_received = True
-            self.loop.quit()
-
-        def start_reg(self, *args):
-            logger.debug("start_reg")
-            bssid_ay = dbus.ByteArray(binascii.unhexlify(bssid.replace(':', '').encode()))
-            wps.Start({'Role': 'registrar', 'Type': 'pin',
-                       'Pin': '12345670', 'Bssid': bssid_ay})
-            return False
-
-        def success(self):
-            return self.credentials_received
-
-    with TestDbusWps(bus) as t:
-        if not t.success():
-            raise Exception("Failure in D-Bus operations")
-
-    dev[0].wait_connected(timeout=10)
-
-def test_dbus_wps_cancel(dev, apdev):
-    """D-Bus WPS Cancel operation"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wps = dbus.Interface(if_obj, WPAS_DBUS_IFACE_WPS)
-
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    wps.Cancel()
-    dev[0].scan_for_bss(bssid, freq="2412")
-    bssid_ay = dbus.ByteArray(binascii.unhexlify(bssid.replace(':', '').encode()))
-    wps.Start({'Role': 'enrollee', 'Type': 'pin', 'Pin': '12345670',
-               'Bssid': bssid_ay})
-    wps.Cancel()
-    dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 1)
-
-def test_dbus_scan_invalid(dev, apdev):
-    """D-Bus invalid scan method"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    tests = [({}, "InvalidArgs"),
-             ({'Type': 123}, "InvalidArgs"),
-             ({'Type': 'foo'}, "InvalidArgs"),
-             ({'Type': 'active', 'Foo': 'bar'}, "InvalidArgs"),
-             ({'Type': 'active', 'SSIDs': 'foo'}, "InvalidArgs"),
-             ({'Type': 'active', 'SSIDs': ['foo']}, "InvalidArgs"),
-             ({'Type': 'active',
-               'SSIDs': [dbus.ByteArray(b"1"), dbus.ByteArray(b"2"),
-                         dbus.ByteArray(b"3"), dbus.ByteArray(b"4"),
-                         dbus.ByteArray(b"5"), dbus.ByteArray(b"6"),
-                         dbus.ByteArray(b"7"), dbus.ByteArray(b"8"),
-                         dbus.ByteArray(b"9"), dbus.ByteArray(b"10"),
-                         dbus.ByteArray(b"11"), dbus.ByteArray(b"12"),
-                         dbus.ByteArray(b"13"), dbus.ByteArray(b"14"),
-                         dbus.ByteArray(b"15"), dbus.ByteArray(b"16"),
-                         dbus.ByteArray(b"17")]},
-              "InvalidArgs"),
-             ({'Type': 'active',
-               'SSIDs': [dbus.ByteArray(b"1234567890abcdef1234567890abcdef1")]},
-              "InvalidArgs"),
-             ({'Type': 'active', 'IEs': 'foo'}, "InvalidArgs"),
-             ({'Type': 'active', 'IEs': ['foo']}, "InvalidArgs"),
-             ({'Type': 'active', 'Channels': 2412}, "InvalidArgs"),
-             ({'Type': 'active', 'Channels': [2412]}, "InvalidArgs"),
-             ({'Type': 'active',
-               'Channels': [(dbus.Int32(2412), dbus.UInt32(20))]},
-              "InvalidArgs"),
-             ({'Type': 'active',
-               'Channels': [(dbus.UInt32(2412), dbus.Int32(20))]},
-              "InvalidArgs"),
-             ({'Type': 'active', 'AllowRoam': "yes"}, "InvalidArgs"),
-             ({'Type': 'passive', 'IEs': [dbus.ByteArray(b"\xdd\x00")]},
-              "InvalidArgs"),
-             ({'Type': 'passive', 'SSIDs': [dbus.ByteArray(b"foo")]},
-              "InvalidArgs")]
-    for (t, err) in tests:
-        try:
-            iface.Scan(t)
-            raise Exception("Invalid Scan() arguments accepted: " + str(t))
-        except dbus.exceptions.DBusException as e:
-            if err not in str(e):
-                raise Exception("Unexpected error message for invalid Scan(%s): %s" % (str(t), str(e)))
-
-def test_dbus_scan_oom(dev, apdev):
-    """D-Bus scan method and OOM"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "wpa_scan_clone_params;wpas_dbus_handler_scan",
-                         "Scan", expected="ScanError: Scan request rejected"):
-        iface.Scan({'Type': 'passive',
-                    'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "=wpas_dbus_get_scan_channels;wpas_dbus_handler_scan",
-                         "Scan"):
-        iface.Scan({'Type': 'passive',
-                    'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "=wpas_dbus_get_scan_ies;wpas_dbus_handler_scan",
-                         "Scan"):
-        iface.Scan({'Type': 'active',
-                    'IEs': [dbus.ByteArray(b"\xdd\x00")],
-                    'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "=wpas_dbus_get_scan_ssids;wpas_dbus_handler_scan",
-                         "Scan"):
-        iface.Scan({'Type': 'active',
-                    'SSIDs': [dbus.ByteArray(b"open"),
-                              dbus.ByteArray()],
-                    'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-
-def test_dbus_scan(dev, apdev):
-    """D-Bus scan and related signals"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-
-    class TestDbusScan(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.scan_completed = 0
-            self.bss_added = False
-            self.fail_reason = None
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_scan)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.scanDone, WPAS_DBUS_IFACE, "ScanDone")
-            self.add_signal(self.bssAdded, WPAS_DBUS_IFACE, "BSSAdded")
-            self.add_signal(self.bssRemoved, WPAS_DBUS_IFACE, "BSSRemoved")
-            self.loop.run()
-            return self
-
-        def scanDone(self, success):
-            logger.debug("scanDone: success=%s" % success)
-            self.scan_completed += 1
-            if self.scan_completed == 1:
-                iface.Scan({'Type': 'passive',
-                            'AllowRoam': True,
-                            'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-            elif self.scan_completed == 2:
-                iface.Scan({'Type': 'passive',
-                            'AllowRoam': False})
-            elif self.bss_added and self.scan_completed == 3:
-                self.loop.quit()
-
-        def bssAdded(self, bss, properties):
-            logger.debug("bssAdded: %s" % bss)
-            logger.debug(str(properties))
-            if 'WPS' in properties:
-                if 'Type' in properties['WPS']:
-                    self.fail_reason = "Unexpected WPS dictionary entry in non-WPS BSS"
-                    self.loop.quit()
-            self.bss_added = True
-            if self.scan_completed == 3:
-                self.loop.quit()
-
-        def bssRemoved(self, bss):
-            logger.debug("bssRemoved: %s" % bss)
-
-        def run_scan(self, *args):
-            logger.debug("run_scan")
-            iface.Scan({'Type': 'active',
-                        'SSIDs': [dbus.ByteArray(b"open"),
-                                  dbus.ByteArray()],
-                        'IEs': [dbus.ByteArray(b"\xdd\x00"),
-                                dbus.ByteArray()],
-                        'AllowRoam': False,
-                        'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-            return False
-
-        def success(self):
-            return self.scan_completed == 3 and self.bss_added
-
-    with TestDbusScan(bus) as t:
-        if t.fail_reason:
-            raise Exception(t.fail_reason)
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, "BSSs",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) < 1:
-        raise Exception("Scan result not in BSSs property")
-    iface.FlushBSS(0)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "BSSs",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 0:
-        raise Exception("FlushBSS() did not remove scan results from BSSs property")
-    iface.FlushBSS(1)
-
-def test_dbus_scan_rand(dev, apdev):
-    """D-Bus MACAddressRandomizationMask property Get/Set"""
-    try:
-        run_dbus_scan_rand(dev, apdev)
-    finally:
-        dev[0].request("MAC_RAND_SCAN all enable=0")
-
-def run_dbus_scan_rand(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 0:
-        logger.info(str(res))
-        raise Exception("Unexpected initial MACAddressRandomizationMask value")
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask", "foo",
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs: invalid message format" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                   {"foo": "bar"},
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set accepted")
-    except dbus.exceptions.DBusException as e:
-        if "wpas_dbus_setter_mac_address_randomization_mask: mask was not a byte array" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                   {"foo": dbus.ByteArray(b'123456')},
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set accepted")
-    except dbus.exceptions.DBusException as e:
-        if 'wpas_dbus_setter_mac_address_randomization_mask: bad scan type "foo"' not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                   {"scan": dbus.ByteArray(b'12345')},
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set accepted")
-    except dbus.exceptions.DBusException as e:
-        if 'wpas_dbus_setter_mac_address_randomization_mask: malformed MAC mask given' not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-               {"scan": dbus.ByteArray(b'123456')},
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 1:
-        logger.info(str(res))
-        raise Exception("Unexpected MACAddressRandomizationMask value")
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                   {"scan": dbus.ByteArray(b'123456'),
-                    "sched_scan": dbus.ByteArray(b'987654')},
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-    except dbus.exceptions.DBusException as e:
-        # sched_scan is unlikely to be supported
-        pass
-
-    if_obj.Set(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-               dbus.Dictionary({}, signature='sv'),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "MACAddressRandomizationMask",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 0:
-        logger.info(str(res))
-        raise Exception("Unexpected MACAddressRandomizationMask value")
-
-def test_dbus_scan_busy(dev, apdev):
-    """D-Bus scan trigger rejection when busy with previous scan"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    if "OK" not in dev[0].request("SCAN freq=2412-2462"):
-        raise Exception("Failed to start scan")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], 15)
-    if ev is None:
-        raise Exception("Scan start timed out")
-
-    try:
-        iface.Scan({'Type': 'active', 'AllowRoam': False})
-        raise Exception("Scan() accepted when busy")
-    except dbus.exceptions.DBusException as e:
-        if "ScanError: Scan request reject" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan timed out")
-
-def test_dbus_scan_abort(dev, apdev):
-    """D-Bus scan trigger and abort"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    iface.Scan({'Type': 'active', 'AllowRoam': False})
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], 15)
-    if ev is None:
-        raise Exception("Scan start timed out")
-
-    iface.AbortScan()
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan abort result timed out")
-    dev[0].dump_monitor()
-    iface.Scan({'Type': 'active', 'AllowRoam': False})
-    iface.AbortScan()
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan timed out")
-
-def test_dbus_connect(dev, apdev):
-    """D-Bus AddNetwork and connect"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.network_added = False
-            self.network_selected = False
-            self.network_removed = False
-            self.state = 0
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.networkAdded, WPAS_DBUS_IFACE, "NetworkAdded")
-            self.add_signal(self.networkRemoved, WPAS_DBUS_IFACE,
-                            "NetworkRemoved")
-            self.add_signal(self.networkSelected, WPAS_DBUS_IFACE,
-                            "NetworkSelected")
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def networkAdded(self, network, properties):
-            logger.debug("networkAdded: %s" % str(network))
-            logger.debug(str(properties))
-            self.network_added = True
-
-        def networkRemoved(self, network):
-            logger.debug("networkRemoved: %s" % str(network))
-            self.network_removed = True
-
-        def networkSelected(self, network):
-            logger.debug("networkSelected: %s" % str(network))
-            self.network_selected = True
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                if self.state == 0:
-                    self.state = 1
-                    iface.Disconnect()
-                elif self.state == 2:
-                    self.state = 3
-                    iface.Disconnect()
-                elif self.state == 4:
-                    self.state = 5
-                    iface.Reattach()
-                elif self.state == 5:
-                    self.state = 6
-                    iface.Disconnect()
-                elif self.state == 7:
-                    self.state = 8
-                    res = iface.SignalPoll()
-                    logger.debug("SignalPoll: " + str(res))
-                    if 'frequency' not in res or res['frequency'] != 2412:
-                        self.state = -1
-                        logger.info("Unexpected SignalPoll result")
-                    iface.RemoveNetwork(self.netw)
-            if 'State' in properties and properties['State'] == "disconnected":
-                if self.state == 1:
-                    self.state = 2
-                    iface.SelectNetwork(self.netw)
-                elif self.state == 3:
-                    self.state = 4
-                    iface.Reassociate()
-                elif self.state == 6:
-                    self.state = 7
-                    iface.Reconnect()
-                elif self.state == 8:
-                    self.state = 9
-                    self.loop.quit()
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-PSK',
-                                    'psk': passphrase,
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            if not self.network_added or \
-               not self.network_removed or \
-               not self.network_selected:
-                return False
-            return self.state == 9
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_remove_connected(dev, apdev):
-    """D-Bus RemoveAllNetworks while connected"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-open"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid})
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.network_added = False
-            self.network_selected = False
-            self.network_removed = False
-            self.state = 0
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.networkAdded, WPAS_DBUS_IFACE, "NetworkAdded")
-            self.add_signal(self.networkRemoved, WPAS_DBUS_IFACE,
-                            "NetworkRemoved")
-            self.add_signal(self.networkSelected, WPAS_DBUS_IFACE,
-                            "NetworkSelected")
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def networkAdded(self, network, properties):
-            logger.debug("networkAdded: %s" % str(network))
-            logger.debug(str(properties))
-            self.network_added = True
-
-        def networkRemoved(self, network):
-            logger.debug("networkRemoved: %s" % str(network))
-            self.network_removed = True
-
-        def networkSelected(self, network):
-            logger.debug("networkSelected: %s" % str(network))
-            self.network_selected = True
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                if self.state == 0:
-                    self.state = 1
-                    iface.Disconnect()
-                elif self.state == 2:
-                    self.state = 3
-                    iface.Disconnect()
-                elif self.state == 4:
-                    self.state = 5
-                    iface.Reattach()
-                elif self.state == 5:
-                    self.state = 6
-                    iface.Disconnect()
-                elif self.state == 7:
-                    self.state = 8
-                    res = iface.SignalPoll()
-                    logger.debug("SignalPoll: " + str(res))
-                    if 'frequency' not in res or res['frequency'] != 2412:
-                        self.state = -1
-                        logger.info("Unexpected SignalPoll result")
-                    iface.RemoveAllNetworks()
-            if 'State' in properties and properties['State'] == "disconnected":
-                if self.state == 1:
-                    self.state = 2
-                    iface.SelectNetwork(self.netw)
-                elif self.state == 3:
-                    self.state = 4
-                    iface.Reassociate()
-                elif self.state == 6:
-                    self.state = 7
-                    iface.Reconnect()
-                elif self.state == 8:
-                    self.state = 9
-                    self.loop.quit()
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'NONE',
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            if not self.network_added or \
-               not self.network_removed or \
-               not self.network_selected:
-                return False
-            return self.state == 9
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_connect_psk_mem(dev, apdev):
-    """D-Bus AddNetwork and connect with memory-only PSK"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.connected = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.add_signal(self.networkRequest, WPAS_DBUS_IFACE,
-                            "NetworkRequest")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                self.connected = True
-                self.loop.quit()
-
-        def networkRequest(self, path, field, txt):
-            logger.debug("networkRequest: %s %s %s" % (path, field, txt))
-            if field == "PSK_PASSPHRASE":
-                iface.NetworkReply(path, field, '"' + passphrase + '"')
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-PSK',
-                                    'mem_only_psk': 1,
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            return self.connected
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_connect_oom(dev, apdev):
-    """D-Bus AddNetwork and connect when out-of-memory"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    if "OK" not in dev[0].request("TEST_ALLOC_FAIL 0:"):
-        raise HwsimSkip("TEST_ALLOC_FAIL not supported in the build")
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.network_added = False
-            self.network_selected = False
-            self.network_removed = False
-            self.state = 0
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(1500, self.timeout)
-            self.add_signal(self.networkAdded, WPAS_DBUS_IFACE, "NetworkAdded")
-            self.add_signal(self.networkRemoved, WPAS_DBUS_IFACE,
-                            "NetworkRemoved")
-            self.add_signal(self.networkSelected, WPAS_DBUS_IFACE,
-                            "NetworkSelected")
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def networkAdded(self, network, properties):
-            logger.debug("networkAdded: %s" % str(network))
-            logger.debug(str(properties))
-            self.network_added = True
-
-        def networkRemoved(self, network):
-            logger.debug("networkRemoved: %s" % str(network))
-            self.network_removed = True
-
-        def networkSelected(self, network):
-            logger.debug("networkSelected: %s" % str(network))
-            self.network_selected = True
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                if self.state == 0:
-                    self.state = 1
-                    iface.Disconnect()
-                elif self.state == 2:
-                    self.state = 3
-                    iface.Disconnect()
-                elif self.state == 4:
-                    self.state = 5
-                    iface.Reattach()
-                elif self.state == 5:
-                    self.state = 6
-                    res = iface.SignalPoll()
-                    logger.debug("SignalPoll: " + str(res))
-                    if 'frequency' not in res or res['frequency'] != 2412:
-                        self.state = -1
-                        logger.info("Unexpected SignalPoll result")
-                    iface.RemoveNetwork(self.netw)
-            if 'State' in properties and properties['State'] == "disconnected":
-                if self.state == 1:
-                    self.state = 2
-                    iface.SelectNetwork(self.netw)
-                elif self.state == 3:
-                    self.state = 4
-                    iface.Reassociate()
-                elif self.state == 6:
-                    self.state = 7
-                    self.loop.quit()
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-PSK',
-                                    'psk': passphrase,
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            try:
-                self.netw = iface.AddNetwork(args)
-            except Exception as e:
-                logger.info("Exception on AddNetwork: " + str(e))
-                self.loop.quit()
-                return False
-            try:
-                iface.SelectNetwork(self.netw)
-            except Exception as e:
-                logger.info("Exception on SelectNetwork: " + str(e))
-                self.loop.quit()
-
-            return False
-
-        def success(self):
-            if not self.network_added or \
-               not self.network_removed or \
-               not self.network_selected:
-                return False
-            return self.state == 7
-
-    count = 0
-    for i in range(1, 1000):
-        for j in range(3):
-            dev[j].dump_monitor()
-        dev[0].request("TEST_ALLOC_FAIL %d:main" % i)
-        try:
-            with TestDbusConnect(bus) as t:
-                if not t.success():
-                    logger.info("Iteration %d - Expected signals not seen" % i)
-                else:
-                    logger.info("Iteration %d - success" % i)
-
-            state = dev[0].request('GET_ALLOC_FAIL')
-            logger.info("GET_ALLOC_FAIL: " + state)
-            dev[0].dump_monitor()
-            dev[0].request("TEST_ALLOC_FAIL 0:")
-            if i < 3:
-                raise Exception("Connection succeeded during out-of-memory")
-            if not state.startswith('0:'):
-                count += 1
-                if count == 5:
-                    break
-        except:
-            pass
-
-    # Force regulatory update to re-fetch hw capabilities for the following
-    # test cases.
-    try:
-        dev[0].dump_monitor()
-        subprocess.call(['iw', 'reg', 'set', 'US'])
-        ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-    finally:
-        dev[0].dump_monitor()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-
-def test_dbus_while_not_connected(dev, apdev):
-    """D-Bus invalid operations while not connected"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    try:
-        iface.Disconnect()
-        raise Exception("Disconnect() accepted when not connected")
-    except dbus.exceptions.DBusException as e:
-        if "NotConnected" not in str(e):
-            raise Exception("Unexpected error message for invalid Disconnect: " + str(e))
-
-    try:
-        iface.Reattach()
-        raise Exception("Reattach() accepted when not connected")
-    except dbus.exceptions.DBusException as e:
-        if "NotConnected" not in str(e):
-            raise Exception("Unexpected error message for invalid Reattach: " + str(e))
-
-def test_dbus_connect_eap(dev, apdev):
-    """D-Bus AddNetwork and connect to EAP network"""
-    check_altsubject_match_support(dev[0])
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "ieee8021x-open"
-    params = hostapd.radius_params()
-    params["ssid"] = ssid
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.certification_received = False
-            self.eap_status = False
-            self.state = 0
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.add_signal(self.certification, WPAS_DBUS_IFACE,
-                            "Certification", byte_arrays=True)
-            self.add_signal(self.networkRequest, WPAS_DBUS_IFACE,
-                            "NetworkRequest")
-            self.add_signal(self.eap, WPAS_DBUS_IFACE, "EAP")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                if self.state == 0:
-                    self.state = 1
-                    iface.EAPLogoff()
-                    logger.info("Set dNSName constraint")
-                    net_obj = bus.get_object(WPAS_DBUS_SERVICE, self.netw)
-                    args = dbus.Dictionary({'altsubject_match':
-                                            self.server_dnsname},
-                                           signature='sv')
-                    net_obj.Set(WPAS_DBUS_NETWORK, "Properties", args,
-                                dbus_interface=dbus.PROPERTIES_IFACE)
-                elif self.state == 2:
-                    self.state = 3
-                    iface.Disconnect()
-                    logger.info("Set non-matching dNSName constraint")
-                    net_obj = bus.get_object(WPAS_DBUS_SERVICE, self.netw)
-                    args = dbus.Dictionary({'altsubject_match':
-                                            self.server_dnsname + "FOO"},
-                                           signature='sv')
-                    net_obj.Set(WPAS_DBUS_NETWORK, "Properties", args,
-                                dbus_interface=dbus.PROPERTIES_IFACE)
-            if 'State' in properties and properties['State'] == "disconnected":
-                if self.state == 1:
-                    self.state = 2
-                    iface.EAPLogon()
-                    iface.SelectNetwork(self.netw)
-                if self.state == 3:
-                    self.state = 4
-                    iface.SelectNetwork(self.netw)
-
-        def certification(self, args):
-            logger.debug("certification: %s" % str(args))
-            self.certification_received = True
-            if args['depth'] == 0:
-                # The test server certificate is supposed to have dNSName
-                if len(args['altsubject']) < 1:
-                    raise Exception("Missing dNSName")
-                dnsname = args['altsubject'][0]
-                if not dnsname.startswith("DNS:"):
-                    raise Exception("Expected dNSName not found: " + dnsname)
-                logger.info("altsubject: " + dnsname)
-                self.server_dnsname = dnsname
-
-        def eap(self, status, parameter):
-            logger.debug("EAP: status=%s parameter=%s" % (status, parameter))
-            if status == 'completion' and parameter == 'success':
-                self.eap_status = True
-            if self.state == 4 and status == 'remote certificate verification' and parameter == 'AltSubject mismatch':
-                self.state = 5
-                self.loop.quit()
-
-        def networkRequest(self, path, field, txt):
-            logger.debug("networkRequest: %s %s %s" % (path, field, txt))
-            if field == "PASSWORD":
-                iface.NetworkReply(path, field, "password")
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'IEEE8021X',
-                                    'eapol_flags': 0,
-                                    'eap': 'TTLS',
-                                    'anonymous_identity': 'ttls',
-                                    'identity': 'pap user',
-                                    'ca_cert': 'auth_serv/ca.pem',
-                                    'phase2': 'auth=PAP',
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            if not self.eap_status or not self.certification_received:
-                return False
-            return self.state == 5
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_network(dev, apdev):
-    """D-Bus AddNetwork/RemoveNetwork parameters and error cases"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    args = dbus.Dictionary({'ssid': "foo",
-                            'key_mgmt': 'WPA-PSK',
-                            'psk': "12345678",
-                            'identity': dbus.ByteArray([1, 2]),
-                            'priority': dbus.Int32(0),
-                            'scan_freq': dbus.UInt32(2412)},
-                           signature='sv')
-    netw = iface.AddNetwork(args)
-    id = int(dev[0].list_networks()[0]['id'])
-    val = dev[0].get_network(id, "scan_freq")
-    if val != "2412":
-        raise Exception("Invalid scan_freq value: " + str(val))
-    iface.RemoveNetwork(netw)
-
-    args = dbus.Dictionary({'ssid': "foo",
-                            'key_mgmt': 'NONE',
-                            'scan_freq': "2412 2432",
-                            'freq_list': "2412 2417 2432"},
-                           signature='sv')
-    netw = iface.AddNetwork(args)
-    id = int(dev[0].list_networks()[0]['id'])
-    val = dev[0].get_network(id, "scan_freq")
-    if val != "2412 2432":
-        raise Exception("Invalid scan_freq value (2): " + str(val))
-    val = dev[0].get_network(id, "freq_list")
-    if val != "2412 2417 2432":
-        raise Exception("Invalid freq_list value: " + str(val))
-    iface.RemoveNetwork(netw)
-    try:
-        iface.RemoveNetwork(netw)
-        raise Exception("Invalid RemoveNetwork() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "NetworkUnknown" not in str(e):
-            raise Exception("Unexpected error message for invalid RemoveNetwork: " + str(e))
-    try:
-        iface.SelectNetwork(netw)
-        raise Exception("Invalid SelectNetwork() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "NetworkUnknown" not in str(e):
-            raise Exception("Unexpected error message for invalid RemoveNetwork: " + str(e))
-
-    args = dbus.Dictionary({'ssid': "foo1", 'key_mgmt': 'NONE',
-                            'identity': "testuser", 'scan_freq': '2412'},
-                           signature='sv')
-    netw1 = iface.AddNetwork(args)
-    args = dbus.Dictionary({'ssid': "foo2", 'key_mgmt': 'NONE'},
-                           signature='sv')
-    netw2 = iface.AddNetwork(args)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "Networks",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 2:
-        raise Exception("Unexpected number of networks")
-
-    net_obj = bus.get_object(WPAS_DBUS_SERVICE, netw1)
-    res = net_obj.Get(WPAS_DBUS_NETWORK, "Enabled",
-                      dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != False:
-        raise Exception("Added network was unexpectedly enabled by default")
-    net_obj.Set(WPAS_DBUS_NETWORK, "Enabled", dbus.Boolean(True),
-                dbus_interface=dbus.PROPERTIES_IFACE)
-    res = net_obj.Get(WPAS_DBUS_NETWORK, "Enabled",
-                      dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != True:
-        raise Exception("Set(Enabled,True) did not seem to change property value")
-    net_obj.Set(WPAS_DBUS_NETWORK, "Enabled", dbus.Boolean(False),
-                dbus_interface=dbus.PROPERTIES_IFACE)
-    res = net_obj.Get(WPAS_DBUS_NETWORK, "Enabled",
-                      dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != False:
-        raise Exception("Set(Enabled,False) did not seem to change property value")
-    try:
-        net_obj.Set(WPAS_DBUS_NETWORK, "Enabled", dbus.UInt32(1),
-                    dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(Enabled,1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(Enabled,1): " + str(e))
-
-    args = dbus.Dictionary({'ssid': "foo1new"}, signature='sv')
-    net_obj.Set(WPAS_DBUS_NETWORK, "Properties", args,
-                dbus_interface=dbus.PROPERTIES_IFACE)
-    res = net_obj.Get(WPAS_DBUS_NETWORK, "Properties",
-                      dbus_interface=dbus.PROPERTIES_IFACE)
-    if res['ssid'] != '"foo1new"':
-        raise Exception("Set(Properties) failed to update ssid")
-    if res['identity'] != '"testuser"':
-        raise Exception("Set(Properties) unexpectedly changed unrelated parameter")
-
-    iface.RemoveAllNetworks()
-    res = if_obj.Get(WPAS_DBUS_IFACE, "Networks",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != 0:
-        raise Exception("Unexpected number of networks")
-    iface.RemoveAllNetworks()
-
-    tests = [dbus.Dictionary({'psk': "1234567"}, signature='sv'),
-             dbus.Dictionary({'identity': dbus.ByteArray()},
-                             signature='sv'),
-             dbus.Dictionary({'identity': dbus.Byte(1)}, signature='sv')]
-    for args in tests:
-        try:
-            iface.AddNetwork(args)
-            raise Exception("Invalid AddNetwork args accepted: " + str(args))
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid AddNetwork: " + str(e))
-
-def test_dbus_network_oom(dev, apdev):
-    """D-Bus AddNetwork/RemoveNetwork parameters and OOM error cases"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    args = dbus.Dictionary({'ssid': "foo1", 'key_mgmt': 'NONE',
-                            'identity': "testuser", 'scan_freq': '2412'},
-                           signature='sv')
-    netw1 = iface.AddNetwork(args)
-    net_obj = bus.get_object(WPAS_DBUS_SERVICE, netw1)
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "wpa_config_get_all;wpas_dbus_getter_network_properties",
-                         "Get"):
-        net_obj.Get(WPAS_DBUS_NETWORK, "Properties",
-                    dbus_interface=dbus.PROPERTIES_IFACE)
-
-    iface.RemoveAllNetworks()
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "wpas_dbus_new_decompose_object_path;wpas_dbus_handler_remove_network",
-                         "RemoveNetwork", "InvalidArgs"):
-        iface.RemoveNetwork(dbus.ObjectPath("/fi/w1/wpa_supplicant1/Interfaces/1234/Networks/1234"))
-
-    with alloc_fail(dev[0], 1, "wpa_dbus_register_object_per_iface;wpas_dbus_register_network"):
-        args = dbus.Dictionary({'ssid': "foo2", 'key_mgmt': 'NONE'},
-                               signature='sv')
-        try:
-            netw = iface.AddNetwork(args)
-            # Currently, AddNetwork() succeeds even if os_strdup() for path
-            # fails, so remove the network if that occurs.
-            iface.RemoveNetwork(netw)
-        except dbus.exceptions.DBusException as e:
-            pass
-
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "=wpas_dbus_register_network"):
-            try:
-                netw = iface.AddNetwork(args)
-                # Currently, AddNetwork() succeeds even if network registration
-                # fails, so remove the network if that occurs.
-                iface.RemoveNetwork(netw)
-            except dbus.exceptions.DBusException as e:
-                pass
-
-    with alloc_fail_dbus(dev[0], 1,
-                         "=wpa_config_add_network;wpas_dbus_handler_add_network",
-                         "AddNetwork",
-                         "UnknownError: wpa_supplicant could not add a network"):
-        args = dbus.Dictionary({'ssid': "foo2", 'key_mgmt': 'NONE'},
-                               signature='sv')
-        netw = iface.AddNetwork(args)
-
-    tests = [(1,
-              'wpa_dbus_dict_get_entry;set_network_properties;wpas_dbus_handler_add_network',
-              dbus.Dictionary({'ssid': dbus.ByteArray(b' ')},
-                              signature='sv')),
-             (1, '=set_network_properties;wpas_dbus_handler_add_network',
-              dbus.Dictionary({'ssid': 'foo'}, signature='sv')),
-             (1, '=set_network_properties;wpas_dbus_handler_add_network',
-              dbus.Dictionary({'eap': 'foo'}, signature='sv')),
-             (1, '=set_network_properties;wpas_dbus_handler_add_network',
-              dbus.Dictionary({'priority': dbus.UInt32(1)},
-                              signature='sv')),
-             (1, '=set_network_properties;wpas_dbus_handler_add_network',
-              dbus.Dictionary({'priority': dbus.Int32(1)},
-                              signature='sv')),
-             (1, '=set_network_properties;wpas_dbus_handler_add_network',
-              dbus.Dictionary({'ssid': dbus.ByteArray(b' ')},
-                              signature='sv'))]
-    for (count, funcs, args) in tests:
-        with alloc_fail_dbus(dev[0], count, funcs, "AddNetwork", "InvalidArgs"):
-            netw = iface.AddNetwork(args)
-
-    if len(if_obj.Get(WPAS_DBUS_IFACE, 'Networks',
-                      dbus_interface=dbus.PROPERTIES_IFACE)) > 0:
-        raise Exception("Unexpected network block added")
-    if len(dev[0].list_networks()) > 0:
-        raise Exception("Unexpected network block visible")
-
-def test_dbus_interface(dev, apdev):
-    """D-Bus CreateInterface/GetInterface/RemoveInterface parameters and error cases"""
-    try:
-        _test_dbus_interface(dev, apdev)
-    finally:
-        # Need to force P2P channel list update since the 'lo' interface
-        # with driver=none ends up configuring default dualband channels.
-        dev[0].request("SET country US")
-        ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-        if ev is None:
-            ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
-                                          timeout=1)
-        dev[0].request("SET country 00")
-        ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-        if ev is None:
-            ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
-                                          timeout=1)
-        subprocess.call(['iw', 'reg', 'set', '00'])
-
-def _test_dbus_interface(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wpas = dbus.Interface(wpas_obj, WPAS_DBUS_SERVICE)
-
-    params = dbus.Dictionary({'Ifname': 'lo', 'Driver': 'none'},
-                             signature='sv')
-    path = wpas.CreateInterface(params)
-    logger.debug("New interface path: " + str(path))
-    path2 = wpas.GetInterface("lo")
-    if path != path2:
-        raise Exception("Interface object mismatch")
-
-    params = dbus.Dictionary({'Ifname': 'lo',
-                              'Driver': 'none',
-                              'ConfigFile': 'foo',
-                              'BridgeIfname': 'foo',},
-                             signature='sv')
-    try:
-        wpas.CreateInterface(params)
-        raise Exception("Invalid CreateInterface() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InterfaceExists" not in str(e):
-            raise Exception("Unexpected error message for invalid CreateInterface: " + str(e))
-
-    wpas.RemoveInterface(path)
-    try:
-        wpas.RemoveInterface(path)
-        raise Exception("Invalid RemoveInterface() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InterfaceUnknown" not in str(e):
-            raise Exception("Unexpected error message for invalid RemoveInterface: " + str(e))
-
-    params = dbus.Dictionary({'Ifname': 'lo', 'Driver': 'none',
-                              'Foo': 123},
-                             signature='sv')
-    try:
-        wpas.CreateInterface(params)
-        raise Exception("Invalid CreateInterface() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid CreateInterface: " + str(e))
-
-    params = dbus.Dictionary({'Driver': 'none'}, signature='sv')
-    try:
-        wpas.CreateInterface(params)
-        raise Exception("Invalid CreateInterface() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid CreateInterface: " + str(e))
-
-    try:
-        wpas.GetInterface("lo")
-        raise Exception("Invalid GetInterface() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InterfaceUnknown" not in str(e):
-            raise Exception("Unexpected error message for invalid RemoveInterface: " + str(e))
-
-def test_dbus_interface_oom(dev, apdev):
-    """D-Bus CreateInterface/GetInterface/RemoveInterface OOM error cases"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wpas = dbus.Interface(wpas_obj, WPAS_DBUS_SERVICE)
-
-    with alloc_fail_dbus(dev[0], 1, "wpa_dbus_dict_get_entry;wpas_dbus_handler_create_interface", "CreateInterface", "InvalidArgs"):
-        params = dbus.Dictionary({'Ifname': 'lo', 'Driver': 'none'},
-                                 signature='sv')
-        wpas.CreateInterface(params)
-
-    for i in range(1, 1000):
-        dev[0].request("TEST_ALLOC_FAIL %d:wpa_supplicant_add_iface;wpas_dbus_handler_create_interface" % i)
-        params = dbus.Dictionary({'Ifname': 'lo', 'Driver': 'none'},
-                                 signature='sv')
-        try:
-            npath = wpas.CreateInterface(params)
-            wpas.RemoveInterface(npath)
-            logger.info("CreateInterface succeeds after %d allocation failures" % i)
-            state = dev[0].request('GET_ALLOC_FAIL')
-            logger.info("GET_ALLOC_FAIL: " + state)
-            dev[0].dump_monitor()
-            dev[0].request("TEST_ALLOC_FAIL 0:")
-            if i < 5:
-                raise Exception("CreateInterface succeeded during out-of-memory")
-            if not state.startswith('0:'):
-                break
-        except dbus.exceptions.DBusException as e:
-            pass
-
-    for arg in ['Driver', 'Ifname', 'ConfigFile', 'BridgeIfname']:
-        with alloc_fail_dbus(dev[0], 1, "=wpas_dbus_handler_create_interface",
-                             "CreateInterface"):
-            params = dbus.Dictionary({arg: 'foo'}, signature='sv')
-            wpas.CreateInterface(params)
-
-def test_dbus_blob(dev, apdev):
-    """D-Bus AddNetwork/RemoveNetwork parameters and error cases"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    blob = dbus.ByteArray(b"\x01\x02\x03")
-    iface.AddBlob('blob1', blob)
-    try:
-        iface.AddBlob('blob1', dbus.ByteArray(b"\x01\x02\x04"))
-        raise Exception("Invalid AddBlob() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "BlobExists" not in str(e):
-            raise Exception("Unexpected error message for invalid AddBlob: " + str(e))
-    res = iface.GetBlob('blob1')
-    if len(res) != len(blob):
-        raise Exception("Unexpected blob data length")
-    for i in range(len(res)):
-        if res[i] != dbus.Byte(blob[i]):
-            raise Exception("Unexpected blob data")
-    res = if_obj.Get(WPAS_DBUS_IFACE, "Blobs",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if 'blob1' not in res:
-        raise Exception("Added blob missing from Blobs property")
-    iface.RemoveBlob('blob1')
-    try:
-        iface.RemoveBlob('blob1')
-        raise Exception("Invalid RemoveBlob() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "BlobUnknown" not in str(e):
-            raise Exception("Unexpected error message for invalid RemoveBlob: " + str(e))
-    try:
-        iface.GetBlob('blob1')
-        raise Exception("Invalid GetBlob() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "BlobUnknown" not in str(e):
-            raise Exception("Unexpected error message for invalid GetBlob: " + str(e))
-
-    class TestDbusBlob(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.blob_added = False
-            self.blob_removed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_blob)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.blobAdded, WPAS_DBUS_IFACE, "BlobAdded")
-            self.add_signal(self.blobRemoved, WPAS_DBUS_IFACE, "BlobRemoved")
-            self.loop.run()
-            return self
-
-        def blobAdded(self, blobName):
-            logger.debug("blobAdded: %s" % blobName)
-            if blobName == 'blob2':
-                self.blob_added = True
-
-        def blobRemoved(self, blobName):
-            logger.debug("blobRemoved: %s" % blobName)
-            if blobName == 'blob2':
-                self.blob_removed = True
-                self.loop.quit()
-
-        def run_blob(self, *args):
-            logger.debug("run_blob")
-            iface.AddBlob('blob2', dbus.ByteArray(b"\x01\x02\x04"))
-            iface.RemoveBlob('blob2')
-            return False
-
-        def success(self):
-            return self.blob_added and self.blob_removed
-
-    with TestDbusBlob(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_blob_oom(dev, apdev):
-    """D-Bus AddNetwork/RemoveNetwork OOM error cases"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    for i in range(1, 4):
-        with alloc_fail_dbus(dev[0], i, "wpas_dbus_handler_add_blob",
-                             "AddBlob"):
-            iface.AddBlob('blob_no_mem', dbus.ByteArray(b"\x01\x02\x03\x04"))
-
-def test_dbus_autoscan(dev, apdev):
-    """D-Bus Autoscan()"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    iface.AutoScan("foo")
-    iface.AutoScan("periodic:1")
-    iface.AutoScan("")
-    dev[0].request("AUTOSCAN ")
-
-def test_dbus_autoscan_oom(dev, apdev):
-    """D-Bus Autoscan() OOM"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    with alloc_fail_dbus(dev[0], 1, "wpas_dbus_handler_autoscan", "AutoScan"):
-        iface.AutoScan("foo")
-    dev[0].request("AUTOSCAN ")
-
-def test_dbus_tdls_invalid(dev, apdev):
-    """D-Bus invalid TDLS operations"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    connect_2sta_open(dev, hapd)
-    addr1 = dev[1].p2p_interface_addr()
-
-    try:
-        iface.TDLSDiscover("foo")
-        raise Exception("Invalid TDLSDiscover() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid TDLSDiscover: " + str(e))
-
-    try:
-        iface.TDLSStatus("foo")
-        raise Exception("Invalid TDLSStatus() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid TDLSStatus: " + str(e))
-
-    res = iface.TDLSStatus(addr1)
-    if res != "peer does not exist":
-        raise Exception("Unexpected TDLSStatus response")
-
-    try:
-        iface.TDLSSetup("foo")
-        raise Exception("Invalid TDLSSetup() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid TDLSSetup: " + str(e))
-
-    try:
-        iface.TDLSTeardown("foo")
-        raise Exception("Invalid TDLSTeardown() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid TDLSTeardown: " + str(e))
-
-    try:
-        iface.TDLSTeardown("00:11:22:33:44:55")
-        raise Exception("TDLSTeardown accepted for unknown peer")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownError: error performing TDLS teardown" not in str(e):
-            raise Exception("Unexpected error message: " + str(e))
-
-    try:
-        iface.TDLSChannelSwitch({})
-        raise Exception("Invalid TDLSChannelSwitch() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid TDLSChannelSwitch: " + str(e))
-
-    try:
-        iface.TDLSCancelChannelSwitch("foo")
-        raise Exception("Invalid TDLSCancelChannelSwitch() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid TDLSCancelChannelSwitch: " + str(e))
-
-def test_dbus_tdls_oom(dev, apdev):
-    """D-Bus TDLS operations during OOM"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    with alloc_fail_dbus(dev[0], 1, "wpa_tdls_add_peer", "TDLSSetup",
-                         "UnknownError: error performing TDLS setup"):
-        iface.TDLSSetup("00:11:22:33:44:55")
-
-def test_dbus_tdls(dev, apdev):
-    """D-Bus TDLS"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    connect_2sta_open(dev, hapd)
-
-    addr1 = dev[1].p2p_interface_addr()
-
-    class TestDbusTdls(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.tdls_setup = False
-            self.tdls_teardown = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_tdls)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-
-        def run_tdls(self, *args):
-            logger.debug("run_tdls")
-            iface.TDLSDiscover(addr1)
-            gobject.timeout_add(100, self.run_tdls2)
-            return False
-
-        def run_tdls2(self, *args):
-            logger.debug("run_tdls2")
-            iface.TDLSSetup(addr1)
-            gobject.timeout_add(500, self.run_tdls3)
-            return False
-
-        def run_tdls3(self, *args):
-            logger.debug("run_tdls3")
-            res = iface.TDLSStatus(addr1)
-            if res == "connected":
-                self.tdls_setup = True
-            else:
-                logger.info("Unexpected TDLSStatus: " + res)
-            iface.TDLSTeardown(addr1)
-            gobject.timeout_add(200, self.run_tdls4)
-            return False
-
-        def run_tdls4(self, *args):
-            logger.debug("run_tdls4")
-            res = iface.TDLSStatus(addr1)
-            if res == "peer does not exist":
-                self.tdls_teardown = True
-            else:
-                logger.info("Unexpected TDLSStatus: " + res)
-            self.loop.quit()
-            return False
-
-        def success(self):
-            return self.tdls_setup and self.tdls_teardown
-
-    with TestDbusTdls(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_tdls_channel_switch(dev, apdev):
-    """D-Bus TDLS channel switch configuration"""
-    flags = int(dev[0].get_driver_status_field('capa.flags'), 16)
-    if flags & 0x800000000 == 0:
-        raise HwsimSkip("Driver does not support TDLS channel switching")
-
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    connect_2sta_open(dev, hapd)
-
-    addr1 = dev[1].p2p_interface_addr()
-
-    class TestDbusTdls(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.tdls_setup = False
-            self.tdls_done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_tdls)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-
-        def run_tdls(self, *args):
-            logger.debug("run_tdls")
-            iface.TDLSDiscover(addr1)
-            gobject.timeout_add(100, self.run_tdls2)
-            return False
-
-        def run_tdls2(self, *args):
-            logger.debug("run_tdls2")
-            iface.TDLSSetup(addr1)
-            gobject.timeout_add(500, self.run_tdls3)
-            return False
-
-        def run_tdls3(self, *args):
-            logger.debug("run_tdls3")
-            res = iface.TDLSStatus(addr1)
-            if res == "connected":
-                self.tdls_setup = True
-            else:
-                logger.info("Unexpected TDLSStatus: " + res)
-
-            # Unknown dict entry
-            args = dbus.Dictionary({'Foobar': dbus.Byte(1)},
-                                   signature='sv')
-            try:
-                iface.TDLSChannelSwitch(args)
-            except Exception as e:
-                if "InvalidArgs" not in str(e):
-                    raise Exception("Unexpected exception")
-
-            # Missing OperClass
-            args = dbus.Dictionary({}, signature='sv')
-            try:
-                iface.TDLSChannelSwitch(args)
-            except Exception as e:
-                if "InvalidArgs" not in str(e):
-                    raise Exception("Unexpected exception")
-
-            # Missing Frequency
-            args = dbus.Dictionary({'OperClass': dbus.Byte(1)},
-                                   signature='sv')
-            try:
-                iface.TDLSChannelSwitch(args)
-            except Exception as e:
-                if "InvalidArgs" not in str(e):
-                    raise Exception("Unexpected exception")
-
-            # Missing PeerAddress
-            args = dbus.Dictionary({'OperClass': dbus.Byte(1),
-                                     'Frequency': dbus.UInt32(2417)},
-                                   signature='sv')
-            try:
-                iface.TDLSChannelSwitch(args)
-            except Exception as e:
-                if "InvalidArgs" not in str(e):
-                    raise Exception("Unexpected exception")
-
-            # Valid parameters
-            args = dbus.Dictionary({'OperClass': dbus.Byte(1),
-                                    'Frequency': dbus.UInt32(2417),
-                                    'PeerAddress': addr1,
-                                    'SecChannelOffset': dbus.UInt32(0),
-                                    'CenterFrequency1': dbus.UInt32(0),
-                                    'CenterFrequency2': dbus.UInt32(0),
-                                    'Bandwidth': dbus.UInt32(20),
-                                    'HT': dbus.Boolean(False),
-                                    'VHT': dbus.Boolean(False)},
-                                   signature='sv')
-            iface.TDLSChannelSwitch(args)
-
-            gobject.timeout_add(200, self.run_tdls4)
-            return False
-
-        def run_tdls4(self, *args):
-            logger.debug("run_tdls4")
-            iface.TDLSCancelChannelSwitch(addr1)
-            self.tdls_done = True
-            self.loop.quit()
-            return False
-
-        def success(self):
-            return self.tdls_setup and self.tdls_done
-
-    with TestDbusTdls(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_pkcs11(dev, apdev):
-    """D-Bus SetPKCS11EngineAndModulePath()"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    try:
-        iface.SetPKCS11EngineAndModulePath("foo", "bar")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: Reinit of the EAPOL" not in str(e):
-            raise Exception("Unexpected error message for invalid SetPKCS11EngineAndModulePath: " + str(e))
-
-    try:
-        iface.SetPKCS11EngineAndModulePath("foo", "")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: Reinit of the EAPOL" not in str(e):
-            raise Exception("Unexpected error message for invalid SetPKCS11EngineAndModulePath: " + str(e))
-
-    iface.SetPKCS11EngineAndModulePath("", "bar")
-    res = if_obj.Get(WPAS_DBUS_IFACE, "PKCS11EnginePath",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != "":
-        raise Exception("Unexpected PKCS11EnginePath value: " + res)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "PKCS11ModulePath",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != "bar":
-        raise Exception("Unexpected PKCS11ModulePath value: " + res)
-
-    iface.SetPKCS11EngineAndModulePath("", "")
-    res = if_obj.Get(WPAS_DBUS_IFACE, "PKCS11EnginePath",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != "":
-        raise Exception("Unexpected PKCS11EnginePath value: " + res)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "PKCS11ModulePath",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != "":
-        raise Exception("Unexpected PKCS11ModulePath value: " + res)
-
-def test_dbus_apscan(dev, apdev):
-    """D-Bus Get/Set ApScan"""
-    try:
-        _test_dbus_apscan(dev, apdev)
-    finally:
-        dev[0].request("AP_SCAN 1")
-
-def _test_dbus_apscan(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, "ApScan",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != 1:
-        raise Exception("Unexpected initial ApScan value: %d" % res)
-
-    for i in range(3):
-        if_obj.Set(WPAS_DBUS_IFACE, "ApScan", dbus.UInt32(i),
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-        res = if_obj.Get(WPAS_DBUS_IFACE, "ApScan",
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if res != i:
-            raise Exception("Unexpected ApScan value %d (expected %d)" % (res, i))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "ApScan", dbus.Int16(-1),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(ApScan,-1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(ApScan,-1): " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "ApScan", dbus.UInt32(123),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(ApScan,123) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: ap_scan must be 0, 1, or 2" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(ApScan,123): " + str(e))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "ApScan", dbus.UInt32(1),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-def test_dbus_pmf(dev, apdev):
-    """D-Bus Get/Set Pmf"""
-    try:
-        _test_dbus_pmf(dev, apdev)
-    finally:
-        dev[0].request("SET pmf 0")
-
-def _test_dbus_pmf(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    dev[0].set("pmf", "0")
-    res = if_obj.Get(WPAS_DBUS_IFACE, "Pmf",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != "0":
-        raise Exception("Unexpected initial Pmf value: %s" % res)
-
-    for i in range(3):
-        if_obj.Set(WPAS_DBUS_IFACE, "Pmf", str(i),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        res = if_obj.Get(WPAS_DBUS_IFACE, "Pmf",
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if res != str(i):
-            raise Exception("Unexpected Pmf value %s (expected %d)" % (res, i))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "Pmf", "1",
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-def test_dbus_fastreauth(dev, apdev):
-    """D-Bus Get/Set FastReauth"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    res = if_obj.Get(WPAS_DBUS_IFACE, "FastReauth",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != True:
-        raise Exception("Unexpected initial FastReauth value: " + str(res))
-
-    for i in [False, True]:
-        if_obj.Set(WPAS_DBUS_IFACE, "FastReauth", dbus.Boolean(i),
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-        res = if_obj.Get(WPAS_DBUS_IFACE, "FastReauth",
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if res != i:
-            raise Exception("Unexpected FastReauth value %d (expected %d)" % (res, i))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "FastReauth", dbus.Int16(-1),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(FastReauth,-1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(ApScan,-1): " + str(e))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "FastReauth", dbus.Boolean(True),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-def test_dbus_bss_expire(dev, apdev):
-    """D-Bus Get/Set BSSExpireAge and BSSExpireCount"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireAge", dbus.UInt32(179),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "BSSExpireAge",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != 179:
-        raise Exception("Unexpected BSSExpireAge value %d (expected %d)" % (res, i))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireCount", dbus.UInt32(3),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "BSSExpireCount",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != 3:
-        raise Exception("Unexpected BSSExpireCount value %d (expected %d)" % (res, i))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireAge", dbus.Int16(-1),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(BSSExpireAge,-1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(BSSExpireAge,-1): " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireAge", dbus.UInt32(9),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(BSSExpireAge,9) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: BSSExpireAge must be >= 10" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(BSSExpireAge,9): " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireCount", dbus.Int16(-1),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(BSSExpireCount,-1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(BSSExpireCount,-1): " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireCount", dbus.UInt32(0),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(BSSExpireCount,0) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: BSSExpireCount must be > 0" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(BSSExpireCount,0): " + str(e))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireAge", dbus.UInt32(180),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    if_obj.Set(WPAS_DBUS_IFACE, "BSSExpireCount", dbus.UInt32(2),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-def test_dbus_country(dev, apdev):
-    """D-Bus Get/Set Country"""
-    try:
-        _test_dbus_country(dev, apdev)
-    finally:
-        dev[0].request("SET country 00")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-
-def _test_dbus_country(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    # work around issues with possible pending regdom event from the end of
-    # the previous test case
-    time.sleep(0.2)
-    dev[0].dump_monitor()
-
-    if_obj.Set(WPAS_DBUS_IFACE, "Country", "FI",
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "Country",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != "FI":
-        raise Exception("Unexpected Country value %s (expected FI)" % res)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"])
-    if ev is None:
-        # For now, work around separate P2P Device interface event delivery
-        ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-        if ev is None:
-            raise Exception("regdom change event not seen")
-    if "init=USER type=COUNTRY alpha2=FI" not in ev:
-        raise Exception("Unexpected event contents: " + ev)
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "Country", dbus.Int16(-1),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(Country,-1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(Country,-1): " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "Country", "F",
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(Country,F) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: invalid country code" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(Country,F): " + str(e))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "Country", "00",
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"])
-    if ev is None:
-        # For now, work around separate P2P Device interface event delivery
-        ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-        if ev is None:
-            raise Exception("regdom change event not seen")
-    # init=CORE was previously used due to invalid db.txt data for 00. For
-    # now, allow both it and the new init=USER after fixed db.txt.
-    if "init=CORE type=WORLD" not in ev and "init=USER type=WORLD" not in ev:
-        raise Exception("Unexpected event contents: " + ev)
-
-def test_dbus_scan_interval(dev, apdev):
-    """D-Bus Get/Set ScanInterval"""
-    try:
-        _test_dbus_scan_interval(dev, apdev)
-    finally:
-        dev[0].request("SCAN_INTERVAL 5")
-
-def _test_dbus_scan_interval(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    if_obj.Set(WPAS_DBUS_IFACE, "ScanInterval", dbus.Int32(3),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res = if_obj.Get(WPAS_DBUS_IFACE, "ScanInterval",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if res != 3:
-        raise Exception("Unexpected ScanInterval value %d (expected %d)" % (res, i))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "ScanInterval", dbus.UInt16(100),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(ScanInterval,100) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: wrong property type" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(ScanInterval,100): " + str(e))
-
-    try:
-        if_obj.Set(WPAS_DBUS_IFACE, "ScanInterval", dbus.Int32(-1),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(ScanInterval,-1) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: scan_interval must be >= 0" not in str(e):
-            raise Exception("Unexpected error message for invalid Set(ScanInterval,-1): " + str(e))
-
-    if_obj.Set(WPAS_DBUS_IFACE, "ScanInterval", dbus.Int32(5),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-def test_dbus_probe_req_reporting(dev, apdev):
-    """D-Bus Probe Request reporting"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    dev[1].p2p_find(social=True)
-
-    class TestDbusProbe(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.reported = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.probeRequest, WPAS_DBUS_IFACE, "ProbeRequest",
-                            byte_arrays=True)
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            self.iface = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE)
-            self.iface.SubscribeProbeReq()
-            self.group_p2p = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-        def probeRequest(self, args):
-            logger.debug("probeRequest: args=%s" % str(args))
-            self.reported = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            params = dbus.Dictionary({'frequency': 2412})
-            p2p.GroupAdd(params)
-            return False
-
-        def success(self):
-            return self.reported
-
-    with TestDbusProbe(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-        t.iface.UnsubscribeProbeReq()
-        try:
-            t.iface.UnsubscribeProbeReq()
-            raise Exception("Invalid UnsubscribeProbeReq() accepted")
-        except dbus.exceptions.DBusException as e:
-            if "NoSubscription" not in str(e):
-                raise Exception("Unexpected error message for invalid UnsubscribeProbeReq(): " + str(e))
-        t.group_p2p.Disconnect()
-
-    with TestDbusProbe(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-        # On purpose, leave ProbeReq subscription in place to test automatic
-        # cleanup.
-
-    dev[1].p2p_stop_find()
-
-def test_dbus_probe_req_reporting_oom(dev, apdev):
-    """D-Bus Probe Request reporting (OOM)"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    # Need to make sure this process has not already subscribed to avoid false
-    # failures due to the operation succeeding due to os_strdup() not even
-    # getting called.
-    try:
-        iface.UnsubscribeProbeReq()
-        was_subscribed = True
-    except dbus.exceptions.DBusException as e:
-        was_subscribed = False
-        pass
-
-    with alloc_fail_dbus(dev[0], 1, "wpas_dbus_handler_subscribe_preq",
-                         "SubscribeProbeReq"):
-        iface.SubscribeProbeReq()
-
-    if was_subscribed:
-        # On purpose, leave ProbeReq subscription in place to test automatic
-        # cleanup.
-        iface.SubscribeProbeReq()
-
-def test_dbus_p2p_invalid(dev, apdev):
-    """D-Bus invalid P2P operations"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    try:
-        p2p.RejectPeer(path + "/Peers/00112233445566")
-        raise Exception("Invalid RejectPeer accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownError: Failed to call wpas_p2p_reject" not in str(e):
-            raise Exception("Unexpected error message for invalid RejectPeer(): " + str(e))
-
-    try:
-        p2p.RejectPeer("/foo")
-        raise Exception("Invalid RejectPeer accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid RejectPeer(): " + str(e))
-
-    tests = [{},
-             {'peer': 'foo'},
-             {'foo': "bar"},
-             {'iface': "abc"},
-             {'iface': 123}]
-    for t in tests:
-        try:
-            p2p.RemoveClient(t)
-            raise Exception("Invalid RemoveClient accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid RemoveClient(): " + str(e))
-
-    tests = [{'DiscoveryType': 'foo'},
-             {'RequestedDeviceTypes': 'foo'},
-             {'RequestedDeviceTypes': ['foo']},
-             {'RequestedDeviceTypes': ['1', '2', '3', '4', '5', '6', '7', '8',
-                                       '9', '10', '11', '12', '13', '14', '15',
-                                       '16', '17']},
-             {'RequestedDeviceTypes': dbus.Array([], signature="s")},
-             {'RequestedDeviceTypes': dbus.Array([['foo']], signature="as")},
-             {'RequestedDeviceTypes': dbus.Array([], signature="i")},
-             {'RequestedDeviceTypes': [dbus.ByteArray(b'12345678'),
-                                       dbus.ByteArray(b'1234567')]},
-             {'Foo': dbus.Int16(1)},
-             {'Foo': dbus.UInt16(1)},
-             {'Foo': dbus.Int64(1)},
-             {'Foo': dbus.UInt64(1)},
-             {'Foo': dbus.Double(1.23)},
-             {'Foo': dbus.Signature('s')},
-             {'Foo': 'bar'}]
-    for t in tests:
-        try:
-            p2p.Find(dbus.Dictionary(t))
-            raise Exception("Invalid Find accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid Find(): " + str(e))
-
-    for p in ["/foo",
-              "/fi/w1/wpa_supplicant1/Interfaces/1234",
-              "/fi/w1/wpa_supplicant1/Interfaces/1234/Networks/1234"]:
-        try:
-            p2p.RemovePersistentGroup(dbus.ObjectPath(p))
-            raise Exception("Invalid RemovePersistentGroup accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid RemovePersistentGroup: " + str(e))
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        p2p.Listen(5)
-        raise Exception("Invalid Listen accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownError: Could not start P2P listen" not in str(e):
-            raise Exception("Unexpected error message for invalid Listen: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    test_obj = bus.get_object(WPAS_DBUS_SERVICE, path, introspect=False)
-    test_p2p = dbus.Interface(test_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    try:
-        test_p2p.Listen("foo")
-        raise Exception("Invalid Listen accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid Listen: " + str(e))
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        p2p.ExtendedListen(dbus.Dictionary({}))
-        raise Exception("Invalid ExtendedListen accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownError: failed to initiate a p2p_ext_listen" not in str(e):
-            raise Exception("Unexpected error message for invalid ExtendedListen: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        args = {'duration1': 30000, 'interval1': 102400,
-                'duration2': 20000, 'interval2': 102400}
-        p2p.PresenceRequest(args)
-        raise Exception("Invalid PresenceRequest accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownError: Failed to invoke presence request" not in str(e):
-            raise Exception("Unexpected error message for invalid PresenceRequest: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    try:
-        params = dbus.Dictionary({'frequency': dbus.Int32(-1)})
-        p2p.GroupAdd(params)
-        raise Exception("Invalid GroupAdd accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid GroupAdd: " + str(e))
-
-    try:
-        params = dbus.Dictionary({'persistent_group_object':
-                                  dbus.ObjectPath(path),
-                                  'frequency': 2412})
-        p2p.GroupAdd(params)
-        raise Exception("Invalid GroupAdd accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid GroupAdd: " + str(e))
-
-    try:
-        p2p.Disconnect()
-        raise Exception("Invalid Disconnect accepted")
-    except dbus.exceptions.DBusException as e:
-        if "UnknownError: failed to disconnect" not in str(e):
-            raise Exception("Unexpected error message for invalid Disconnect: " + str(e))
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        p2p.Flush()
-        raise Exception("Invalid Flush accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: P2P is not available for this interface" not in str(e):
-            raise Exception("Unexpected error message for invalid Flush: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        args = {'peer': path,
-                'join': True,
-                'wps_method': 'pbc',
-                'frequency': 2412}
-        pin = p2p.Connect(args)
-        raise Exception("Invalid Connect accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: P2P is not available for this interface" not in str(e):
-            raise Exception("Unexpected error message for invalid Connect: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    tests = [{'frequency': dbus.Int32(-1)},
-             {'wps_method': 'pbc'},
-             {'wps_method': 'foo'}]
-    for args in tests:
-        try:
-            pin = p2p.Connect(args)
-            raise Exception("Invalid Connect accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid Connect: " + str(e))
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        args = {'peer': path}
-        pin = p2p.Invite(args)
-        raise Exception("Invalid Invite accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: P2P is not available for this interface" not in str(e):
-            raise Exception("Unexpected error message for invalid Invite: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    try:
-        args = {'foo': 'bar'}
-        pin = p2p.Invite(args)
-        raise Exception("Invalid Invite accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid Connect: " + str(e))
-
-    tests = [(path, 'display', "InvalidArgs"),
-             (dbus.ObjectPath(path + "/Peers/00112233445566"),
-              'display',
-              "UnknownError: Failed to send provision discovery request"),
-             (dbus.ObjectPath(path + "/Peers/00112233445566"),
-              'keypad',
-              "UnknownError: Failed to send provision discovery request"),
-             (dbus.ObjectPath(path + "/Peers/00112233445566"),
-              'pbc',
-              "UnknownError: Failed to send provision discovery request"),
-             (dbus.ObjectPath(path + "/Peers/00112233445566"),
-              'pushbutton',
-              "UnknownError: Failed to send provision discovery request"),
-             (dbus.ObjectPath(path + "/Peers/00112233445566"),
-              'foo', "InvalidArgs")]
-    for (p, method, err) in tests:
-        try:
-            p2p.ProvisionDiscoveryRequest(p, method)
-            raise Exception("Invalid ProvisionDiscoveryRequest accepted")
-        except dbus.exceptions.DBusException as e:
-            if err not in str(e):
-                raise Exception("Unexpected error message for invalid ProvisionDiscoveryRequest: " + str(e))
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "Peers",
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Get(Peers) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: P2P is not available for this interface" not in str(e):
-            raise Exception("Unexpected error message for invalid Get(Peers): " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-def test_dbus_p2p_oom(dev, apdev):
-    """D-Bus P2P operations and OOM"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    with alloc_fail_dbus(dev[0], 1, "_wpa_dbus_dict_entry_get_string_array",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': ['bar']}))
-
-    with alloc_fail_dbus(dev[0], 2, "_wpa_dbus_dict_entry_get_string_array",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': ['bar']}))
-
-    with alloc_fail_dbus(dev[0], 10, "_wpa_dbus_dict_entry_get_string_array",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': ['1', '2', '3', '4', '5', '6', '7',
-                                          '8', '9']}))
-
-    with alloc_fail_dbus(dev[0], 1, ":=_wpa_dbus_dict_entry_get_binarray",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': [dbus.ByteArray(b'123')]}))
-
-    with alloc_fail_dbus(dev[0], 1, "_wpa_dbus_dict_entry_get_byte_array;_wpa_dbus_dict_entry_get_binarray",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': [dbus.ByteArray(b'123')]}))
-
-    with alloc_fail_dbus(dev[0], 2, "=_wpa_dbus_dict_entry_get_binarray",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': [dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123'),
-                                          dbus.ByteArray(b'123')]}))
-
-    with alloc_fail_dbus(dev[0], 1, "wpabuf_alloc_ext_data;_wpa_dbus_dict_entry_get_binarray",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': [dbus.ByteArray(b'123')]}))
-
-    with alloc_fail_dbus(dev[0], 1, "_wpa_dbus_dict_fill_value_from_variant;wpas_dbus_handler_p2p_find",
-                         "Find", "InvalidArgs"):
-        p2p.Find(dbus.Dictionary({'Foo': path}))
-
-    with alloc_fail_dbus(dev[0], 1, "_wpa_dbus_dict_entry_get_byte_array",
-                         "AddService", "InvalidArgs"):
-        args = {'service_type': 'bonjour',
-                'response': dbus.ByteArray(500*b'b')}
-        p2p.AddService(args)
-
-    with alloc_fail_dbus(dev[0], 2, "_wpa_dbus_dict_entry_get_byte_array",
-                         "AddService", "InvalidArgs"):
-        p2p.AddService(args)
-
-def test_dbus_p2p_discovery(dev, apdev):
-    """D-Bus P2P discovery"""
-    try:
-        run_dbus_p2p_discovery(dev, apdev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 1 *")
-
-def run_dbus_p2p_discovery(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-
-    dev[1].request("SET sec_device_type 1-0050F204-2")
-    dev[1].request("VENDOR_ELEM_ADD 1 dd0c0050f2041049000411223344")
-    dev[1].request("VENDOR_ELEM_ADD 1 dd06001122335566")
-    dev[1].p2p_listen()
-    addr1 = dev[1].p2p_dev_addr()
-    a1 = binascii.unhexlify(addr1.replace(':', ''))
-
-    wfd_devinfo = "00001c440028"
-    dev[2].request("SET wifi_display 1")
-    dev[2].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo)
-    wfd = binascii.unhexlify('000006' + wfd_devinfo)
-    dev[2].p2p_listen()
-    addr2 = dev[2].p2p_dev_addr()
-    a2 = binascii.unhexlify(addr2.replace(':', ''))
-
-    res = if_obj.GetAll(WPAS_DBUS_IFACE_P2PDEVICE,
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-    if 'Peers' not in res:
-        raise Exception("GetAll result missing Peers")
-    if len(res['Peers']) != 0:
-        raise Exception("Unexpected peer(s) in the list")
-
-    args = {'DiscoveryType': 'social',
-            'RequestedDeviceTypes': [dbus.ByteArray(b'12345678')],
-            'Timeout': dbus.Int32(1)}
-    p2p.Find(dbus.Dictionary(args))
-    p2p.StopFind()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.found = False
-            self.found2 = False
-            self.found_prop = False
-            self.lost = False
-            self.find_stopped = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.deviceFoundProperties,
-                            WPAS_DBUS_IFACE_P2PDEVICE, "DeviceFoundProperties")
-            self.add_signal(self.deviceLost, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceLost")
-            self.add_signal(self.provisionDiscoveryResponseEnterPin,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "ProvisionDiscoveryResponseEnterPin")
-            self.add_signal(self.findStopped, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "FindStopped")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            res = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "Peers",
-                             dbus_interface=dbus.PROPERTIES_IFACE)
-            if len(res) < 1:
-                raise Exception("Unexpected number of peers")
-            if path not in res:
-                raise Exception("Mismatch in peer object path")
-            peer_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-            res = peer_obj.GetAll(WPAS_DBUS_P2P_PEER,
-                                  dbus_interface=dbus.PROPERTIES_IFACE,
-                                  byte_arrays=True)
-            logger.debug("peer properties: " + str(res))
-
-            if res['DeviceAddress'] == a1:
-                if 'SecondaryDeviceTypes' not in res:
-                    raise Exception("Missing SecondaryDeviceTypes")
-                sec = res['SecondaryDeviceTypes']
-                if len(sec) < 1:
-                    raise Exception("Secondary device type missing")
-                if b"\x00\x01\x00\x50\xF2\x04\x00\x02" not in sec:
-                    raise Exception("Secondary device type mismatch")
-
-                if 'VendorExtension' not in res:
-                    raise Exception("Missing VendorExtension")
-                vendor = res['VendorExtension']
-                if len(vendor) < 1:
-                    raise Exception("Vendor extension missing")
-                if b"\x11\x22\x33\x44" not in vendor:
-                    raise Exception("Secondary device type mismatch")
-
-                if 'VSIE' not in res:
-                    raise Exception("Missing VSIE")
-                vendor = res['VSIE']
-                if len(vendor) < 1:
-                    raise Exception("VSIE missing")
-                if vendor != b"\xdd\x06\x00\x11\x22\x33\x55\x66":
-                    raise Exception("VSIE mismatch")
-
-                self.found = True
-            elif res['DeviceAddress'] == a2:
-                if 'IEs' not in res:
-                    raise Exception("IEs missing")
-                if res['IEs'] != wfd:
-                    raise Exception("IEs mismatch")
-                self.found2 = True
-            else:
-                raise Exception("Unexpected peer device address")
-
-            if self.found and self.found2:
-                p2p.StopFind()
-                p2p.RejectPeer(path)
-                p2p.ProvisionDiscoveryRequest(path, 'display')
-
-        def deviceLost(self, path):
-            logger.debug("deviceLost: path=%s" % path)
-            if not self.found or not self.found2:
-                # This may happen if a previous test case ended up scheduling
-                # deviceLost event and that event did not get delivered before
-                # starting the next test execution.
-                logger.debug("Ignore deviceLost before the deviceFound events")
-                return
-            self.lost = True
-            try:
-                p2p.RejectPeer(path)
-                raise Exception("Invalid RejectPeer accepted")
-            except dbus.exceptions.DBusException as e:
-                if "UnknownError: Failed to call wpas_p2p_reject" not in str(e):
-                    raise Exception("Unexpected error message for invalid RejectPeer(): " + str(e))
-            self.loop.quit()
-
-        def deviceFoundProperties(self, path, properties):
-            logger.debug("deviceFoundProperties: path=%s" % path)
-            logger.debug("peer properties: " + str(properties))
-            if properties['DeviceAddress'] == a1:
-                self.found_prop = True
-
-        def provisionDiscoveryResponseEnterPin(self, peer_object):
-            logger.debug("provisionDiscoveryResponseEnterPin - peer=%s" % peer_object)
-            p2p.Flush()
-
-        def findStopped(self):
-            logger.debug("findStopped")
-            self.find_stopped = True
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social',
-                                      'Timeout': dbus.Int32(10)}))
-            return False
-
-        def success(self):
-            return self.found and self.lost and self.found2 and self.find_stopped
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[1].request("VENDOR_ELEM_REMOVE 1 *")
-    dev[1].p2p_stop_find()
-
-    p2p.Listen(1)
-    dev[2].p2p_stop_find()
-    dev[2].request("P2P_FLUSH")
-    if not dev[2].discover_peer(addr0):
-        raise Exception("Peer not found")
-    p2p.StopFind()
-    dev[2].p2p_stop_find()
-
-    try:
-        p2p.ExtendedListen(dbus.Dictionary({'foo': 100}))
-        raise Exception("Invalid ExtendedListen accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid ExtendedListen(): " + str(e))
-
-    p2p.ExtendedListen(dbus.Dictionary({'period': 100, 'interval': 1000}))
-    p2p.ExtendedListen(dbus.Dictionary({}))
-    dev[0].global_request("P2P_EXT_LISTEN")
-
-def test_dbus_p2p_discovery_freq(dev, apdev):
-    """D-Bus P2P discovery on a specific non-social channel"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr1 = dev[1].p2p_dev_addr()
-    autogo(dev[1], freq=2422)
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.found = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(5000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            self.found = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'freq': 2422}))
-            return False
-
-        def success(self):
-            return self.found
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[1].remove_group()
-    p2p.StopFind()
-
-def test_dbus_p2p_service_discovery(dev, apdev):
-    """D-Bus P2P service discovery"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    bonjour_query = dbus.ByteArray(binascii.unhexlify('0b5f6166706f766572746370c00c000c01'))
-    bonjour_response = dbus.ByteArray(binascii.unhexlify('074578616d706c65c027'))
-
-    args = {'service_type': 'bonjour',
-            'query': bonjour_query,
-            'response': bonjour_response}
-    p2p.AddService(args)
-    p2p.FlushService()
-    p2p.AddService(args)
-
-    try:
-        p2p.DeleteService(args)
-        raise Exception("Invalid DeleteService() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid DeleteService(): " + str(e))
-
-    args = {'service_type': 'bonjour',
-            'query': bonjour_query}
-    p2p.DeleteService(args)
-    try:
-        p2p.DeleteService(args)
-        raise Exception("Invalid DeleteService() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid DeleteService(): " + str(e))
-
-    args = {'service_type': 'upnp',
-            'version': 0x10,
-            'service': 'uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice'}
-    p2p.AddService(args)
-    p2p.DeleteService(args)
-    try:
-        p2p.DeleteService(args)
-        raise Exception("Invalid DeleteService() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid DeleteService(): " + str(e))
-
-    tests = [{'service_type': 'foo'},
-             {'service_type': 'foo', 'query': bonjour_query},
-             {'service_type': 'upnp'},
-             {'service_type': 'upnp', 'version': 0x10},
-             {'service_type': 'upnp',
-              'service': 'uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice'},
-             {'version': 0x10,
-              'service': 'uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice'},
-             {'service_type': 'upnp', 'foo': 'bar'},
-             {'service_type': 'bonjour'},
-             {'service_type': 'bonjour', 'query': 'foo'},
-             {'service_type': 'bonjour', 'foo': 'bar'}]
-    for args in tests:
-        try:
-            p2p.DeleteService(args)
-            raise Exception("Invalid DeleteService() accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid DeleteService(): " + str(e))
-
-    tests = [{'service_type': 'foo'},
-             {'service_type': 'upnp'},
-             {'service_type': 'upnp', 'version': 0x10},
-             {'service_type': 'upnp',
-              'service': 'uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice'},
-             {'version': 0x10,
-              'service': 'uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice'},
-             {'service_type': 'upnp', 'foo': 'bar'},
-             {'service_type': 'bonjour'},
-             {'service_type': 'bonjour', 'query': 'foo'},
-             {'service_type': 'bonjour', 'response': 'foo'},
-             {'service_type': 'bonjour', 'query': bonjour_query},
-             {'service_type': 'bonjour', 'response': bonjour_response},
-             {'service_type': 'bonjour', 'query': dbus.ByteArray(500*b'a')},
-             {'service_type': 'bonjour', 'foo': 'bar'}]
-    for args in tests:
-        try:
-            p2p.AddService(args)
-            raise Exception("Invalid AddService() accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid AddService(): " + str(e))
-
-    args = {'tlv': dbus.ByteArray(b"\x02\x00\x00\x01")}
-    ref = p2p.ServiceDiscoveryRequest(args)
-    p2p.ServiceDiscoveryCancelRequest(ref)
-    try:
-        p2p.ServiceDiscoveryCancelRequest(ref)
-        raise Exception("Invalid ServiceDiscoveryCancelRequest() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid AddService(): " + str(e))
-    try:
-        p2p.ServiceDiscoveryCancelRequest(dbus.UInt64(0))
-        raise Exception("Invalid ServiceDiscoveryCancelRequest() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid AddService(): " + str(e))
-
-    args = {'service_type': 'upnp',
-            'version': 0x10,
-            'service': 'ssdp:foo'}
-    ref = p2p.ServiceDiscoveryRequest(args)
-    p2p.ServiceDiscoveryCancelRequest(ref)
-
-    tests = [{'service_type': 'foo'},
-             {'foo': 'bar'},
-             {'tlv': 'foo'},
-             {},
-             {'version': 0},
-             {'service_type': 'upnp',
-              'service': 'ssdp:foo'},
-             {'service_type': 'upnp',
-              'version': 0x10},
-             {'service_type': 'upnp',
-              'version': 0x10,
-              'service': 'ssdp:foo',
-              'peer_object': dbus.ObjectPath(path + "/Peers")},
-             {'service_type': 'upnp',
-              'version': 0x10,
-              'service': 'ssdp:foo',
-              'peer_object': path + "/Peers"},
-             {'service_type': 'upnp',
-              'version': 0x10,
-              'service': 'ssdp:foo',
-              'peer_object': dbus.ObjectPath(path + "/Peers/00112233445566")}]
-    for args in tests:
-        try:
-            p2p.ServiceDiscoveryRequest(args)
-            raise Exception("Invalid ServiceDiscoveryRequest accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid ServiceDiscoveryRequest(): " + str(e))
-
-    args = {'foo': 'bar'}
-    try:
-        p2p.ServiceDiscoveryResponse(dbus.Dictionary(args, signature='sv'))
-        raise Exception("Invalid ServiceDiscoveryResponse accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e):
-            raise Exception("Unexpected error message for invalid ServiceDiscoveryResponse(): " + str(e))
-
-def test_dbus_p2p_service_discovery_query(dev, apdev):
-    """D-Bus P2P service discovery query"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].request("P2P_SERVICE_ADD bonjour 0b5f6166706f766572746370c00c000c01 074578616d706c65c027")
-    dev[1].p2p_listen()
-    addr1 = dev[1].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.serviceDiscoveryResponse,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "ServiceDiscoveryResponse", byte_arrays=True)
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            args = {'peer_object': path,
-                    'tlv': dbus.ByteArray(b"\x02\x00\x00\x01")}
-            p2p.ServiceDiscoveryRequest(args)
-
-        def serviceDiscoveryResponse(self, sd_request):
-            logger.debug("serviceDiscoveryResponse: sd_request=%s" % str(sd_request))
-            self.done = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social',
-                                      'Timeout': dbus.Int32(10)}))
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[1].p2p_stop_find()
-
-def test_dbus_p2p_service_discovery_external(dev, apdev):
-    """D-Bus P2P service discovery with external response"""
-    try:
-        _test_dbus_p2p_service_discovery_external(dev, apdev)
-    finally:
-        dev[0].request("P2P_SERV_DISC_EXTERNAL 0")
-
-def _test_dbus_p2p_service_discovery_external(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    resp = "0300000101"
-
-    dev[1].request("P2P_FLUSH")
-    dev[1].request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    dev[1].p2p_find(social=True)
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.sd = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.serviceDiscoveryRequest,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "ServiceDiscoveryRequest")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-
-        def serviceDiscoveryRequest(self, sd_request):
-            logger.debug("serviceDiscoveryRequest: sd_request=%s" % str(sd_request))
-            self.sd = True
-            args = {'peer_object': sd_request['peer_object'],
-                    'frequency': sd_request['frequency'],
-                    'dialog_token': sd_request['dialog_token'],
-                    'tlvs': dbus.ByteArray(binascii.unhexlify(resp))}
-            p2p.ServiceDiscoveryResponse(dbus.Dictionary(args, signature='sv'))
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.ServiceDiscoveryExternal(1)
-            p2p.ServiceUpdate()
-            p2p.Listen(15)
-            return False
-
-        def success(self):
-            return self.sd
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr0 not in ev:
-        raise Exception("Unexpected address in SD Response: " + ev)
-    if ev.split(' ')[4] != resp:
-        raise Exception("Unexpected response data SD Response: " + ev)
-    dev[1].p2p_stop_find()
-
-    p2p.StopFind()
-    p2p.ServiceDiscoveryExternal(0)
-
-def test_dbus_p2p_autogo(dev, apdev):
-    """D-Bus P2P autonomous GO"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.first = True
-            self.waiting_end = False
-            self.exceptions = False
-            self.deauthorized = False
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.persistentGroupAdded,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "PersistentGroupAdded")
-            self.add_signal(self.persistentGroupRemoved,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "PersistentGroupRemoved")
-            self.add_signal(self.provisionDiscoveryRequestDisplayPin,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "ProvisionDiscoveryRequestDisplayPin")
-            self.add_signal(self.staAuthorized, WPAS_DBUS_IFACE,
-                            "StaAuthorized")
-            self.add_signal(self.staDeauthorized, WPAS_DBUS_IFACE,
-                            "StaDeauthorized")
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            self.group = properties['group_object']
-            self.g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                           properties['interface_object'])
-            role = self.g_if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "Role",
-                                     dbus_interface=dbus.PROPERTIES_IFACE)
-            if role != "GO":
-                self.exceptions = True
-                raise Exception("Unexpected role reported: " + role)
-            group = self.g_if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "Group",
-                                      dbus_interface=dbus.PROPERTIES_IFACE)
-            if group != properties['group_object']:
-                self.exceptions = True
-                raise Exception("Unexpected Group reported: " + str(group))
-            go = self.g_if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "PeerGO",
-                                   dbus_interface=dbus.PROPERTIES_IFACE)
-            if go != '/':
-                self.exceptions = True
-                raise Exception("Unexpected PeerGO value: " + str(go))
-            if self.first:
-                self.first = False
-                logger.info("Remove persistent group instance")
-                group_p2p = dbus.Interface(self.g_if_obj,
-                                           WPAS_DBUS_IFACE_P2PDEVICE)
-                group_p2p.Disconnect()
-            else:
-                dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-                dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 join")
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            if self.waiting_end:
-                logger.info("Remove persistent group")
-                p2p.RemovePersistentGroup(self.persistent)
-            else:
-                logger.info("Re-start persistent group")
-                params = dbus.Dictionary({'persistent_group_object':
-                                          self.persistent,
-                                          'frequency': 2412})
-                p2p.GroupAdd(params)
-
-        def persistentGroupAdded(self, path, properties):
-            logger.debug("persistentGroupAdded: %s %s" % (path, str(properties)))
-            self.persistent = path
-
-        def persistentGroupRemoved(self, path):
-            logger.debug("persistentGroupRemoved: %s" % path)
-            self.done = True
-            self.loop.quit()
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            peer_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-            self.peer = peer_obj.GetAll(WPAS_DBUS_P2P_PEER,
-                                        dbus_interface=dbus.PROPERTIES_IFACE,
-                                        byte_arrays=True)
-            logger.debug('peer properties: ' + str(self.peer))
-
-        def provisionDiscoveryRequestDisplayPin(self, peer_object, pin):
-            logger.debug("provisionDiscoveryRequestDisplayPin - peer=%s pin=%s" % (peer_object, pin))
-            self.peer_path = peer_object
-            peer = binascii.unhexlify(peer_object.split('/')[-1])
-            addr = ':'.join(["%02x" % i for i in struct.unpack('6B', peer)])
-
-            params = {'Role': 'registrar',
-                      'P2PDeviceAddress': self.peer['DeviceAddress'],
-                      'Bssid': self.peer['DeviceAddress'],
-                      'Type': 'pin'}
-            wps = dbus.Interface(self.g_if_obj, WPAS_DBUS_IFACE_WPS)
-            try:
-                wps.Start(params)
-                self.exceptions = True
-                raise Exception("Invalid WPS.Start() accepted")
-            except dbus.exceptions.DBusException as e:
-                if "InvalidArgs" not in str(e):
-                    self.exceptions = True
-                    raise Exception("Unexpected error message: " + str(e))
-            params = {'Role': 'registrar',
-                      'P2PDeviceAddress': self.peer['DeviceAddress'],
-                      'Type': 'pin',
-                      'Pin': '12345670'}
-            logger.info("Authorize peer to connect to the group")
-            wps.Start(params)
-
-        def staAuthorized(self, name):
-            logger.debug("staAuthorized: " + name)
-            peer_obj = bus.get_object(WPAS_DBUS_SERVICE, self.peer_path)
-            res = peer_obj.GetAll(WPAS_DBUS_P2P_PEER,
-                                  dbus_interface=dbus.PROPERTIES_IFACE,
-                                  byte_arrays=True)
-            logger.debug("Peer properties: " + str(res))
-            if 'Groups' not in res or len(res['Groups']) != 1:
-                self.exceptions = True
-                raise Exception("Unexpected number of peer Groups entries")
-            if res['Groups'][0] != self.group:
-                self.exceptions = True
-                raise Exception("Unexpected peer Groups[0] value")
-
-            g_obj = bus.get_object(WPAS_DBUS_SERVICE, self.group)
-            res = g_obj.GetAll(WPAS_DBUS_GROUP,
-                               dbus_interface=dbus.PROPERTIES_IFACE,
-                               byte_arrays=True)
-            logger.debug("Group properties: " + str(res))
-            if 'Members' not in res or len(res['Members']) != 1:
-                self.exceptions = True
-                raise Exception("Unexpected number of group members")
-
-            ext = dbus.ByteArray(b"\x11\x22\x33\x44")
-            # Earlier implementation of this interface was a bit strange. The
-            # property is defined to have aay signature and that is what the
-            # getter returned. However, the setter expected there to be a
-            # dictionary with 'WPSVendorExtensions' as the key surrounding these
-            # values.. The current implementations maintains support for that
-            # for backwards compability reasons. Verify that encoding first.
-            vals = dbus.Dictionary({'WPSVendorExtensions': [ext]},
-                                   signature='sv')
-            g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', vals,
-                      dbus_interface=dbus.PROPERTIES_IFACE)
-            res = g_obj.Get(WPAS_DBUS_GROUP, 'WPSVendorExtensions',
-                               dbus_interface=dbus.PROPERTIES_IFACE,
-                               byte_arrays=True)
-            if len(res) != 1:
-                self.exceptions = True
-                raise Exception("Unexpected number of vendor extensions")
-            if res[0] != ext:
-                self.exceptions = True
-                raise Exception("Vendor extension value changed")
-
-            # And now verify that the more appropriate encoding is accepted as
-            # well.
-            res.append(dbus.ByteArray(b'\xaa\xbb\xcc\xdd\xee\xff'))
-            g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', res,
-                      dbus_interface=dbus.PROPERTIES_IFACE)
-            res2 = g_obj.Get(WPAS_DBUS_GROUP, 'WPSVendorExtensions',
-                             dbus_interface=dbus.PROPERTIES_IFACE,
-                             byte_arrays=True)
-            if len(res) != 2:
-                self.exceptions = True
-                raise Exception("Unexpected number of vendor extensions")
-            if res[0] != res2[0] or res[1] != res2[1]:
-                self.exceptions = True
-                raise Exception("Vendor extension value changed")
-
-            for i in range(10):
-                res.append(dbus.ByteArray(b'\xaa\xbb'))
-            try:
-                g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', res,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-                self.exceptions = True
-                raise Exception("Invalid Set(WPSVendorExtensions) accepted")
-            except dbus.exceptions.DBusException as e:
-                if "Error.Failed" not in str(e):
-                    self.exceptions = True
-                    raise Exception("Unexpected error message for invalid Set(WPSVendorExtensions): " + str(e))
-
-            vals = dbus.Dictionary({'Foo': [ext]}, signature='sv')
-            try:
-                g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', vals,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-                self.exceptions = True
-                raise Exception("Invalid Set(WPSVendorExtensions) accepted")
-            except dbus.exceptions.DBusException as e:
-                if "InvalidArgs" not in str(e):
-                    self.exceptions = True
-                    raise Exception("Unexpected error message for invalid Set(WPSVendorExtensions): " + str(e))
-
-            vals = ["foo"]
-            try:
-                g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', vals,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-                self.exceptions = True
-                raise Exception("Invalid Set(WPSVendorExtensions) accepted")
-            except dbus.exceptions.DBusException as e:
-                if "Error.Failed" not in str(e):
-                    self.exceptions = True
-                    raise Exception("Unexpected error message for invalid Set(WPSVendorExtensions): " + str(e))
-
-            vals = [["foo"]]
-            try:
-                g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', vals,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-                self.exceptions = True
-                raise Exception("Invalid Set(WPSVendorExtensions) accepted")
-            except dbus.exceptions.DBusException as e:
-                if "Error.Failed" not in str(e):
-                    self.exceptions = True
-                    raise Exception("Unexpected error message for invalid Set(WPSVendorExtensions): " + str(e))
-
-            p2p.RemoveClient({'peer': self.peer_path})
-
-            self.waiting_end = True
-            group_p2p = dbus.Interface(self.g_if_obj,
-                                       WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-        def staDeauthorized(self, name):
-            logger.debug("staDeauthorized: " + name)
-            self.deauthorized = True
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            params = dbus.Dictionary({'persistent': True,
-                                      'frequency': 2412})
-            logger.info("Add a persistent group")
-            p2p.GroupAdd(params)
-            return False
-
-        def success(self):
-            return self.done and self.deauthorized and not self.exceptions
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[1].wait_go_ending_session()
-
-def test_dbus_p2p_autogo_pbc(dev, apdev):
-    """D-Bus P2P autonomous GO and PBC"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.first = True
-            self.waiting_end = False
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.provisionDiscoveryPBCRequest,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "ProvisionDiscoveryPBCRequest")
-            self.add_signal(self.staAuthorized, WPAS_DBUS_IFACE,
-                            "StaAuthorized")
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            self.group = properties['group_object']
-            self.g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                           properties['interface_object'])
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.global_request("P2P_CONNECT " + addr0 + " pbc join")
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-            self.loop.quit()
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            peer_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-            self.peer = peer_obj.GetAll(WPAS_DBUS_P2P_PEER,
-                                        dbus_interface=dbus.PROPERTIES_IFACE,
-                                        byte_arrays=True)
-            logger.debug('peer properties: ' + str(self.peer))
-
-        def provisionDiscoveryPBCRequest(self, peer_object):
-            logger.debug("provisionDiscoveryPBCRequest - peer=%s" % peer_object)
-            self.peer_path = peer_object
-            peer = binascii.unhexlify(peer_object.split('/')[-1])
-            addr = ':'.join(["%02x" % i for i in struct.unpack('6B', peer)])
-            params = {'Role': 'registrar',
-                      'P2PDeviceAddress': self.peer['DeviceAddress'],
-                      'Type': 'pbc'}
-            logger.info("Authorize peer to connect to the group")
-            wps = dbus.Interface(self.g_if_obj, WPAS_DBUS_IFACE_WPS)
-            wps.Start(params)
-
-        def staAuthorized(self, name):
-            logger.debug("staAuthorized: " + name)
-            group_p2p = dbus.Interface(self.g_if_obj,
-                                       WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            params = dbus.Dictionary({'frequency': 2412})
-            p2p.GroupAdd(params)
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[1].wait_go_ending_session()
-    dev[1].flush_scan_cache()
-
-def test_dbus_p2p_autogo_legacy(dev, apdev):
-    """D-Bus P2P autonomous GO and legacy STA"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.staAuthorized, WPAS_DBUS_IFACE,
-                            "StaAuthorized")
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                   properties['group_object'])
-            res = g_obj.GetAll(WPAS_DBUS_GROUP,
-                               dbus_interface=dbus.PROPERTIES_IFACE,
-                               byte_arrays=True)
-            bssid = ':'.join(["%02x" % i for i in struct.unpack('6B', res['BSSID'])])
-
-            pin = '12345670'
-            params = {'Role': 'enrollee',
-                      'Type': 'pin',
-                      'Pin': pin}
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            wps = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_WPS)
-            wps.Start(params)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.scan_for_bss(bssid, freq=2412)
-            dev1.request("WPS_PIN " + bssid + " " + pin)
-            self.group_p2p = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-            self.loop.quit()
-
-        def staAuthorized(self, name):
-            logger.debug("staAuthorized: " + name)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.request("DISCONNECT")
-            self.group_p2p.Disconnect()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            params = dbus.Dictionary({'frequency': 2412})
-            p2p.GroupAdd(params)
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_join(dev, apdev):
-    """D-Bus P2P join an autonomous GO"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[1].p2p_start_go(freq=2412)
-    dev1_group_ifname = dev[1].group_ifname
-    dev[2].p2p_listen()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-            self.peer = None
-            self.go = None
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.invitationResult, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "InvitationResult")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            peer_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-            res = peer_obj.GetAll(WPAS_DBUS_P2P_PEER,
-                                  dbus_interface=dbus.PROPERTIES_IFACE,
-                                  byte_arrays=True)
-            logger.debug('peer properties: ' + str(res))
-            if addr2.replace(':', '') in path:
-                self.peer = path
-            elif addr1.replace(':', '') in path:
-                self.go = path
-            if self.peer and self.go:
-                logger.info("Join the group")
-                p2p.StopFind()
-                args = {'peer': self.go,
-                        'join': True,
-                        'wps_method': 'pin',
-                        'frequency': 2412}
-                pin = p2p.Connect(args)
-
-                dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-                dev1.group_ifname = dev1_group_ifname
-                dev1.group_request("WPS_PIN any " + pin)
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            role = g_if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "Role",
-                                dbus_interface=dbus.PROPERTIES_IFACE)
-            if role != "client":
-                raise Exception("Unexpected role reported: " + role)
-            group = g_if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "Group",
-                                 dbus_interface=dbus.PROPERTIES_IFACE)
-            if group != properties['group_object']:
-                raise Exception("Unexpected Group reported: " + str(group))
-            go = g_if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "PeerGO",
-                              dbus_interface=dbus.PROPERTIES_IFACE)
-            if go != self.go:
-                raise Exception("Unexpected PeerGO value: " + str(go))
-
-            g_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                   properties['group_object'])
-            res = g_obj.GetAll(WPAS_DBUS_GROUP,
-                               dbus_interface=dbus.PROPERTIES_IFACE,
-                               byte_arrays=True)
-            logger.debug("Group properties: " + str(res))
-
-            ext = dbus.ByteArray(b"\x11\x22\x33\x44")
-            try:
-                # Set(WPSVendorExtensions) not allowed for P2P Client
-                g_obj.Set(WPAS_DBUS_GROUP, 'WPSVendorExtensions', res,
-                          dbus_interface=dbus.PROPERTIES_IFACE)
-                raise Exception("Invalid Set(WPSVendorExtensions) accepted")
-            except dbus.exceptions.DBusException as e:
-                if "Error.Failed: Failed to set property" not in str(e):
-                    raise Exception("Unexpected error message for invalid Set(WPSVendorExtensions): " + str(e))
-
-            group_p2p = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            args = {'duration1': 30000, 'interval1': 102400,
-                    'duration2': 20000, 'interval2': 102400}
-            group_p2p.PresenceRequest(args)
-
-            args = {'peer': self.peer}
-            group_p2p.Invite(args)
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-            self.loop.quit()
-
-        def invitationResult(self, result):
-            logger.debug("invitationResult: " + str(result))
-            if result['status'] != 1:
-                raise Exception("Unexpected invitation result: " + str(result))
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.group_ifname = dev1_group_ifname
-            dev1.remove_group()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[2].p2p_stop_find()
-
-def test_dbus_p2p_invitation_received(dev, apdev):
-    """D-Bus P2P and InvitationReceived"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    form(dev[0], dev[1])
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].p2p_listen()
-    dev[0].global_request("SET persistent_reconnect 0")
-
-    if not dev[1].discover_peer(addr0, social=True):
-        raise Exception("Peer " + addr0 + " not found")
-    peer = dev[1].get_peer(addr0)
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.invitationReceived, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "InvitationReceived")
-            self.loop.run()
-            return self
-
-        def invitationReceived(self, result):
-            logger.debug("invitationReceived: " + str(result))
-            self.done = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            cmd = "P2P_INVITE persistent=" + peer['persistent'] + " peer=" + addr0
-            dev1.global_request(cmd)
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-def test_dbus_p2p_config(dev, apdev):
-    """D-Bus Get/Set P2PDeviceConfig"""
-    try:
-        _test_dbus_p2p_config(dev, apdev)
-    finally:
-        dev[0].request("P2P_SET ssid_postfix ")
-
-def _test_dbus_p2p_config(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    res = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                     dbus_interface=dbus.PROPERTIES_IFACE,
-                     byte_arrays=True)
-    if_obj.Set(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig", res,
-               dbus_interface=dbus.PROPERTIES_IFACE)
-    res2 = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                      dbus_interface=dbus.PROPERTIES_IFACE,
-                      byte_arrays=True)
-
-    if len(res) != len(res2):
-        raise Exception("Different number of parameters")
-    for k in res:
-        if res[k] != res2[k]:
-            raise Exception("Parameter %s value changes" % k)
-
-    changes = {'SsidPostfix': 'foo',
-               'VendorExtension': [dbus.ByteArray(b'\x11\x22\x33\x44')],
-               'SecondaryDeviceTypes': [dbus.ByteArray(b'\x11\x22\x33\x44\x55\x66\x77\x88')]}
-    if_obj.Set(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-               dbus.Dictionary(changes, signature='sv'),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-    res2 = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                      dbus_interface=dbus.PROPERTIES_IFACE,
-                      byte_arrays=True)
-    logger.debug("P2PDeviceConfig: " + str(res2))
-    if 'VendorExtension' not in res2 or len(res2['VendorExtension']) != 1:
-        raise Exception("VendorExtension does not match")
-    if 'SecondaryDeviceTypes' not in res2 or len(res2['SecondaryDeviceTypes']) != 1:
-        raise Exception("SecondaryDeviceType does not match")
-
-    changes = {'SsidPostfix': '',
-               'VendorExtension': dbus.Array([], signature="ay"),
-               'SecondaryDeviceTypes': dbus.Array([], signature="ay")}
-    if_obj.Set(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-               dbus.Dictionary(changes, signature='sv'),
-               dbus_interface=dbus.PROPERTIES_IFACE)
-
-    res3 = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                      dbus_interface=dbus.PROPERTIES_IFACE,
-                      byte_arrays=True)
-    logger.debug("P2PDeviceConfig: " + str(res3))
-    if 'VendorExtension' in res3:
-        raise Exception("VendorExtension not removed")
-    if 'SecondaryDeviceTypes' in res3:
-        raise Exception("SecondaryDeviceType not removed")
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                   dbus_interface=dbus.PROPERTIES_IFACE,
-                   byte_arrays=True)
-        raise Exception("Invalid Get(P2PDeviceConfig) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: P2P is not available for this interface" not in str(e):
-            raise Exception("Unexpected error message for invalid Invite: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    try:
-        dev[0].request("P2P_SET disabled 1")
-        changes = {'SsidPostfix': 'foo'}
-        if_obj.Set(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                   dbus.Dictionary(changes, signature='sv'),
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        raise Exception("Invalid Set(P2PDeviceConfig) accepted")
-    except dbus.exceptions.DBusException as e:
-        if "Error.Failed: P2P is not available for this interface" not in str(e):
-            raise Exception("Unexpected error message for invalid Invite: " + str(e))
-    finally:
-        dev[0].request("P2P_SET disabled 0")
-
-    tests = [{'DeviceName': 123},
-             {'SsidPostfix': 123},
-             {'Foo': 'Bar'}]
-    for changes in tests:
-        try:
-            if_obj.Set(WPAS_DBUS_IFACE_P2PDEVICE, "P2PDeviceConfig",
-                       dbus.Dictionary(changes, signature='sv'),
-                       dbus_interface=dbus.PROPERTIES_IFACE)
-            raise Exception("Invalid Set(P2PDeviceConfig) accepted")
-        except dbus.exceptions.DBusException as e:
-            if "InvalidArgs" not in str(e):
-                raise Exception("Unexpected error message for invalid Invite: " + str(e))
-
-def test_dbus_p2p_persistent(dev, apdev):
-    """D-Bus P2P persistent group"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.persistentGroupAdded,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "PersistentGroupAdded")
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            group_p2p = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.loop.quit()
-
-        def persistentGroupAdded(self, path, properties):
-            logger.debug("persistentGroupAdded: %s %s" % (path, str(properties)))
-            self.persistent = path
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            params = dbus.Dictionary({'persistent': True,
-                                      'frequency': 2412})
-            logger.info("Add a persistent group")
-            p2p.GroupAdd(params)
-            return False
-
-        def success(self):
-            return True
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-        persistent = t.persistent
-
-    p_obj = bus.get_object(WPAS_DBUS_SERVICE, persistent)
-    res = p_obj.Get(WPAS_DBUS_PERSISTENT_GROUP, "Properties",
-                    dbus_interface=dbus.PROPERTIES_IFACE, byte_arrays=True)
-    logger.info("Persistent group Properties: " + str(res))
-    vals = dbus.Dictionary({'ssid': 'DIRECT-foo'}, signature='sv')
-    p_obj.Set(WPAS_DBUS_PERSISTENT_GROUP, "Properties", vals,
-              dbus_interface=dbus.PROPERTIES_IFACE)
-    res2 = p_obj.Get(WPAS_DBUS_PERSISTENT_GROUP, "Properties",
-                     dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(res) != len(res2):
-        raise Exception("Different number of parameters")
-    for k in res:
-        if k != 'ssid' and res[k] != res2[k]:
-            raise Exception("Parameter %s value changes" % k)
-    if res2['ssid'] != '"DIRECT-foo"':
-        raise Exception("Unexpected ssid")
-
-    args = dbus.Dictionary({'ssid': 'DIRECT-testing',
-                            'psk': '1234567890'}, signature='sv')
-    group = p2p.AddPersistentGroup(args)
-
-    groups = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "PersistentGroups",
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(groups) != 2:
-        raise Exception("Unexpected number of persistent groups: " + str(groups))
-
-    p2p.RemoveAllPersistentGroups()
-
-    groups = if_obj.Get(WPAS_DBUS_IFACE_P2PDEVICE, "PersistentGroups",
-                        dbus_interface=dbus.PROPERTIES_IFACE)
-    if len(groups) != 0:
-        raise Exception("Unexpected number of persistent groups: " + str(groups))
-
-    try:
-        p2p.RemovePersistentGroup(persistent)
-        raise Exception("Invalid RemovePersistentGroup accepted")
-    except dbus.exceptions.DBusException as e:
-        if "NetworkUnknown: There is no such persistent group" not in str(e):
-            raise Exception("Unexpected error message for invalid RemovePersistentGroup: " + str(e))
-
-def test_dbus_p2p_reinvoke_persistent(dev, apdev):
-    """D-Bus P2P reinvoke persistent group"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    addr0 = dev[0].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.first = True
-            self.waiting_end = False
-            self.done = False
-            self.invited = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.persistentGroupAdded,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "PersistentGroupAdded")
-            self.add_signal(self.provisionDiscoveryRequestDisplayPin,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "ProvisionDiscoveryRequestDisplayPin")
-            self.add_signal(self.staAuthorized, WPAS_DBUS_IFACE,
-                            "StaAuthorized")
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            self.g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                           properties['interface_object'])
-            if not self.invited:
-                g_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                       properties['group_object'])
-                res = g_obj.GetAll(WPAS_DBUS_GROUP,
-                                   dbus_interface=dbus.PROPERTIES_IFACE,
-                                   byte_arrays=True)
-                bssid = ':'.join(["%02x" % i for i in struct.unpack('6B', res['BSSID'])])
-                dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-                dev1.scan_for_bss(bssid, freq=2412)
-                dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 join")
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            if self.invited:
-                self.done = True
-                self.loop.quit()
-            else:
-                dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-                dev1.global_request("SET persistent_reconnect 1")
-                dev1.p2p_listen()
-
-                args = {'persistent_group_object': dbus.ObjectPath(path),
-                        'peer': self.peer_path}
-                try:
-                    pin = p2p.Invite(args)
-                    raise Exception("Invalid Invite accepted")
-                except dbus.exceptions.DBusException as e:
-                    if "InvalidArgs" not in str(e):
-                        raise Exception("Unexpected error message for invalid Invite: " + str(e))
-
-                args = {'persistent_group_object': self.persistent,
-                        'peer': self.peer_path}
-                pin = p2p.Invite(args)
-                self.invited = True
-
-                self.sta_group_ev = dev1.wait_global_event(["P2P-GROUP-STARTED"],
-                                                           timeout=15)
-                if self.sta_group_ev is None:
-                    raise Exception("P2P-GROUP-STARTED event not seen")
-
-        def persistentGroupAdded(self, path, properties):
-            logger.debug("persistentGroupAdded: %s %s" % (path, str(properties)))
-            self.persistent = path
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            peer_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-            self.peer = peer_obj.GetAll(WPAS_DBUS_P2P_PEER,
-                                        dbus_interface=dbus.PROPERTIES_IFACE,
-                                        byte_arrays=True)
-
-        def provisionDiscoveryRequestDisplayPin(self, peer_object, pin):
-            logger.debug("provisionDiscoveryRequestDisplayPin - peer=%s pin=%s" % (peer_object, pin))
-            self.peer_path = peer_object
-            peer = binascii.unhexlify(peer_object.split('/')[-1])
-            addr = ':'.join(["%02x" % i for i in struct.unpack('6B', peer)])
-            params = {'Role': 'registrar',
-                      'P2PDeviceAddress': self.peer['DeviceAddress'],
-                      'Bssid': self.peer['DeviceAddress'],
-                      'Type': 'pin',
-                      'Pin': '12345670'}
-            logger.info("Authorize peer to connect to the group")
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            wps = dbus.Interface(self.g_if_obj, WPAS_DBUS_IFACE_WPS)
-            wps.Start(params)
-            self.sta_group_ev = dev1.wait_global_event(["P2P-GROUP-STARTED"],
-                                                       timeout=15)
-            if self.sta_group_ev is None:
-                raise Exception("P2P-GROUP-STARTED event not seen")
-
-        def staAuthorized(self, name):
-            logger.debug("staAuthorized: " + name)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.group_form_result(self.sta_group_ev)
-            dev1.remove_group()
-            ev = dev1.wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-            if ev is None:
-                raise Exception("Group removal timed out")
-            group_p2p = dbus.Interface(self.g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            params = dbus.Dictionary({'persistent': True,
-                                      'frequency': 2412})
-            logger.info("Add a persistent group")
-            p2p.GroupAdd(params)
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_go_neg_rx(dev, apdev):
-    """D-Bus P2P GO Negotiation receive"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    addr0 = dev[0].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.goNegotiationRequest,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationRequest",
-                            byte_arrays=True)
-            self.add_signal(self.goNegotiationSuccess,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationSuccess",
-                            byte_arrays=True)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-
-        def goNegotiationRequest(self, path, dev_passwd_id, go_intent=0):
-            logger.debug("goNegotiationRequest: path=%s dev_passwd_id=%d go_intent=%d" % (path, dev_passwd_id, go_intent))
-            if dev_passwd_id != 1:
-                raise Exception("Unexpected dev_passwd_id=%d" % dev_passwd_id)
-            args = {'peer': path, 'wps_method': 'display', 'pin': '12345670',
-                    'go_intent': 15, 'persistent': False, 'frequency': 5175}
-            try:
-                p2p.Connect(args)
-                raise Exception("Invalid Connect accepted")
-            except dbus.exceptions.DBusException as e:
-                if "ConnectChannelUnsupported" not in str(e):
-                    raise Exception("Unexpected error message for invalid Connect: " + str(e))
-
-            args = {'peer': path, 'wps_method': 'display', 'pin': '12345670',
-                    'go_intent': 15, 'persistent': False}
-            p2p.Connect(args)
-
-        def goNegotiationSuccess(self, properties):
-            logger.debug("goNegotiationSuccess: properties=%s" % str(properties))
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            group_p2p = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Listen(10)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            if not dev1.discover_peer(addr0):
-                raise Exception("Peer not found")
-            dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 enter")
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_go_neg_auth(dev, apdev):
-    """D-Bus P2P GO Negotiation authorized"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].p2p_listen()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-            self.peer_joined = False
-            self.peer_disconnected = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.goNegotiationSuccess,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationSuccess",
-                            byte_arrays=True)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.staDeauthorized, WPAS_DBUS_IFACE,
-                            "StaDeauthorized")
-            self.add_signal(self.peerJoined, WPAS_DBUS_GROUP,
-                            "PeerJoined")
-            self.add_signal(self.peerDisconnected, WPAS_DBUS_GROUP,
-                            "PeerDisconnected")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            args = {'peer': path, 'wps_method': 'keypad',
-                    'go_intent': 15, 'authorize_only': True}
-            try:
-                p2p.Connect(args)
-                raise Exception("Invalid Connect accepted")
-            except dbus.exceptions.DBusException as e:
-                if "InvalidArgs" not in str(e):
-                    raise Exception("Unexpected error message for invalid Connect: " + str(e))
-
-            args = {'peer': path, 'wps_method': 'keypad', 'pin': '12345670',
-                    'go_intent': 15, 'authorize_only': True}
-            p2p.Connect(args)
-            p2p.Listen(10)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            if not dev1.discover_peer(addr0):
-                raise Exception("Peer not found")
-            dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 display go_intent=0")
-            ev = dev1.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-            if ev is None:
-                raise Exception("Group formation timed out")
-            self.sta_group_ev = ev
-
-        def goNegotiationSuccess(self, properties):
-            logger.debug("goNegotiationSuccess: properties=%s" % str(properties))
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            self.g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                           properties['interface_object'])
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.group_form_result(self.sta_group_ev)
-            dev1.remove_group()
-
-        def staDeauthorized(self, name):
-            logger.debug("staDeuthorized: " + name)
-            group_p2p = dbus.Interface(self.g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-        def peerJoined(self, peer):
-            logger.debug("peerJoined: " + peer)
-            self.peer_joined = True
-
-        def peerDisconnected(self, peer):
-            logger.debug("peerDisconnected: " + peer)
-            self.peer_disconnected = True
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done and self.peer_joined and self.peer_disconnected
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_go_neg_init(dev, apdev):
-    """D-Bus P2P GO Negotiation initiation"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].p2p_listen()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-            self.peer_group_added = False
-            self.peer_group_removed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.goNegotiationSuccess,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationSuccess",
-                            byte_arrays=True)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.propertiesChanged, dbus.PROPERTIES_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            args = {'peer': path, 'wps_method': 'keypad', 'pin': '12345670',
-                    'go_intent': 0}
-            p2p.Connect(args)
-
-            ev = dev1.wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout while waiting for GO Neg Request")
-            dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 display go_intent=15")
-            ev = dev1.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-            if ev is None:
-                raise Exception("Group formation timed out")
-            self.sta_group_ev = ev
-            dev1.close_monitor_global()
-            dev1.close_monitor_mon()
-            dev1 = None
-
-        def goNegotiationSuccess(self, properties):
-            logger.debug("goNegotiationSuccess: properties=%s" % str(properties))
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            group_p2p = dbus.Interface(g_if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1', monitor=False)
-            dev1.group_form_result(self.sta_group_ev)
-            dev1.remove_group()
-            dev1 = None
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-
-        def propertiesChanged(self, interface_name, changed_properties,
-                              invalidated_properties):
-            logger.debug("propertiesChanged: interface_name=%s changed_properties=%s invalidated_properties=%s" % (interface_name, str(changed_properties), str(invalidated_properties)))
-            if interface_name != WPAS_DBUS_P2P_PEER:
-                return
-            if "Groups" not in changed_properties:
-                return
-            if len(changed_properties["Groups"]) > 0:
-                self.peer_group_added = True
-            if len(changed_properties["Groups"]) == 0:
-                if not self.peer_group_added:
-                    # This is likely a leftover event from an earlier test case,
-                    # ignore it to allow this test case to go through its steps.
-                    logger.info("Ignore propertiesChanged indicating group removal before group has been added")
-                    return
-                self.peer_group_removed = True
-                self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done and self.peer_group_added and self.peer_group_removed
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_group_termination_by_go(dev, apdev):
-    """D-Bus P2P group removal on GO terminating the group"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].p2p_listen()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-            self.peer_group_added = False
-            self.peer_group_removed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.goNegotiationSuccess,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationSuccess",
-                            byte_arrays=True)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.propertiesChanged, dbus.PROPERTIES_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            args = {'peer': path, 'wps_method': 'keypad', 'pin': '12345670',
-                    'go_intent': 0}
-            p2p.Connect(args)
-
-            ev = dev1.wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout while waiting for GO Neg Request")
-            dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 display go_intent=15")
-            ev = dev1.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-            if ev is None:
-                raise Exception("Group formation timed out")
-            self.sta_group_ev = ev
-            dev1.close_monitor_global()
-            dev1.close_monitor_mon()
-            dev1 = None
-
-        def goNegotiationSuccess(self, properties):
-            logger.debug("goNegotiationSuccess: properties=%s" % str(properties))
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1', monitor=False)
-            dev1.group_form_result(self.sta_group_ev)
-            dev1.remove_group()
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-
-        def propertiesChanged(self, interface_name, changed_properties,
-                              invalidated_properties):
-            logger.debug("propertiesChanged: interface_name=%s changed_properties=%s invalidated_properties=%s" % (interface_name, str(changed_properties), str(invalidated_properties)))
-            if interface_name != WPAS_DBUS_P2P_PEER:
-                return
-            if "Groups" not in changed_properties:
-                return
-            if len(changed_properties["Groups"]) > 0:
-                self.peer_group_added = True
-            if len(changed_properties["Groups"]) == 0 and self.peer_group_added:
-                self.peer_group_removed = True
-                self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done and self.peer_group_added and self.peer_group_removed
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_group_idle_timeout(dev, apdev):
-    """D-Bus P2P group removal on idle timeout"""
-    try:
-        dev[0].global_request("SET p2p_group_idle 1")
-        _test_dbus_p2p_group_idle_timeout(dev, apdev)
-    finally:
-        dev[0].global_request("SET p2p_group_idle 0")
-
-def _test_dbus_p2p_group_idle_timeout(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].p2p_listen()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-            self.group_started = False
-            self.peer_group_added = False
-            self.peer_group_removed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.goNegotiationSuccess,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationSuccess",
-                            byte_arrays=True)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.propertiesChanged, dbus.PROPERTIES_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            args = {'peer': path, 'wps_method': 'keypad', 'pin': '12345670',
-                    'go_intent': 0}
-            p2p.Connect(args)
-
-            ev = dev1.wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout while waiting for GO Neg Request")
-            dev1.global_request("P2P_CONNECT " + addr0 + " 12345670 display go_intent=15")
-            ev = dev1.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-            if ev is None:
-                raise Exception("Group formation timed out")
-            self.sta_group_ev = ev
-            dev1.close_monitor_global()
-            dev1.close_monitor_mon()
-            dev1 = None
-
-        def goNegotiationSuccess(self, properties):
-            logger.debug("goNegotiationSuccess: properties=%s" % str(properties))
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            self.group_started = True
-            g_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                      properties['interface_object'])
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1', monitor=False)
-            dev1.group_form_result(self.sta_group_ev)
-            ifaddr = dev1.group_request("STA-FIRST").splitlines()[0]
-            # Force disassociation with different reason code so that the
-            # P2P Client using D-Bus does not get normal group termination event
-            # from the GO.
-            dev1.group_request("DEAUTHENTICATE " + ifaddr + " reason=0 test=0")
-            dev1.remove_group()
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-            self.done = True
-
-        def propertiesChanged(self, interface_name, changed_properties,
-                              invalidated_properties):
-            logger.debug("propertiesChanged: interface_name=%s changed_properties=%s invalidated_properties=%s" % (interface_name, str(changed_properties), str(invalidated_properties)))
-            if interface_name != WPAS_DBUS_P2P_PEER:
-                return
-            if not self.group_started:
-                return
-            if "Groups" not in changed_properties:
-                return
-            if len(changed_properties["Groups"]) > 0:
-                self.peer_group_added = True
-            if len(changed_properties["Groups"]) == 0:
-                self.peer_group_removed = True
-                self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done and self.peer_group_added and self.peer_group_removed
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_wps_failure(dev, apdev):
-    """D-Bus P2P WPS failure"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    addr0 = dev[0].p2p_dev_addr()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.wps_failed = False
-            self.formation_failure = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.goNegotiationRequest,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationRequest",
-                            byte_arrays=True)
-            self.add_signal(self.goNegotiationSuccess,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GONegotiationSuccess",
-                            byte_arrays=True)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.wpsFailed, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "WpsFailed")
-            self.add_signal(self.groupFormationFailure,
-                            WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFormationFailure")
-            self.loop.run()
-            return self
-
-        def goNegotiationRequest(self, path, dev_passwd_id, go_intent=0):
-            logger.debug("goNegotiationRequest: path=%s dev_passwd_id=%d go_intent=%d" % (path, dev_passwd_id, go_intent))
-            if dev_passwd_id != 1:
-                raise Exception("Unexpected dev_passwd_id=%d" % dev_passwd_id)
-            args = {'peer': path, 'wps_method': 'display', 'pin': '12345670',
-                    'go_intent': 15}
-            p2p.Connect(args)
-
-        def goNegotiationSuccess(self, properties):
-            logger.debug("goNegotiationSuccess: properties=%s" % str(properties))
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            raise Exception("Unexpected GroupStarted")
-
-        def wpsFailed(self, name, args):
-            logger.debug("wpsFailed - name=%s args=%s" % (name, str(args)))
-            self.wps_failed = True
-            if self.formation_failure:
-                self.loop.quit()
-
-        def groupFormationFailure(self, reason):
-            logger.debug("groupFormationFailure - reason=%s" % reason)
-            self.formation_failure = True
-            if self.wps_failed:
-                self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Listen(10)
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            if not dev1.discover_peer(addr0):
-                raise Exception("Peer not found")
-            dev1.global_request("P2P_CONNECT " + addr0 + " 87654321 enter")
-            return False
-
-        def success(self):
-            return self.wps_failed and self.formation_failure
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_two_groups(dev, apdev):
-    """D-Bus P2P with two concurrent groups"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    dev[0].request("SET p2p_no_group_iface 0")
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[1].p2p_start_go(freq=2412)
-    dev1_group_ifname = dev[1].group_ifname
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-            self.peer = None
-            self.go = None
-            self.group1 = None
-            self.group2 = None
-            self.groups_removed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, dbus.PROPERTIES_IFACE,
-                            "PropertiesChanged", byte_arrays=True)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.add_signal(self.groupFinished, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupFinished")
-            self.add_signal(self.peerJoined, WPAS_DBUS_GROUP,
-                            "PeerJoined")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, interface_name, changed_properties,
-                              invalidated_properties):
-            logger.debug("propertiesChanged: interface_name=%s changed_properties=%s invalidated_properties=%s" % (interface_name, str(changed_properties), str(invalidated_properties)))
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            if addr2.replace(':', '') in path:
-                self.peer = path
-            elif addr1.replace(':', '') in path:
-                self.go = path
-            if self.go and not self.group1:
-                logger.info("Join the group")
-                p2p.StopFind()
-                pin = '12345670'
-                dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-                dev1.group_ifname = dev1_group_ifname
-                dev1.group_request("WPS_PIN any " + pin)
-                args = {'peer': self.go,
-                        'join': True,
-                        'wps_method': 'pin',
-                        'pin': pin,
-                        'frequency': 2412}
-                p2p.Connect(args)
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            prop = if_obj.GetAll(WPAS_DBUS_IFACE_P2PDEVICE,
-                                 dbus_interface=dbus.PROPERTIES_IFACE)
-            logger.debug("p2pdevice properties: " + str(prop))
-
-            g_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                   properties['group_object'])
-            res = g_obj.GetAll(WPAS_DBUS_GROUP,
-                               dbus_interface=dbus.PROPERTIES_IFACE,
-                               byte_arrays=True)
-            logger.debug("Group properties: " + str(res))
-
-            if not self.group1:
-                self.group1 = properties['group_object']
-                self.group1iface = properties['interface_object']
-                self.g1_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                                self.group1iface)
-
-                logger.info("Start autonomous GO")
-                params = dbus.Dictionary({'frequency': 2412})
-                p2p.GroupAdd(params)
-            elif not self.group2:
-                self.group2 = properties['group_object']
-                self.group2iface = properties['interface_object']
-                self.g2_if_obj = bus.get_object(WPAS_DBUS_SERVICE,
-                                                self.group2iface)
-                self.g2_bssid = res['BSSID']
-
-            if self.group1 and self.group2:
-                logger.info("Authorize peer to join the group")
-                a2 = binascii.unhexlify(addr2.replace(':', ''))
-                params = {'Role': 'enrollee',
-                          'P2PDeviceAddress': dbus.ByteArray(a2),
-                          'Bssid': dbus.ByteArray(a2),
-                          'Type': 'pin',
-                          'Pin': '12345670'}
-                g_wps = dbus.Interface(self.g2_if_obj, WPAS_DBUS_IFACE_WPS)
-                g_wps.Start(params)
-
-                bssid = ':'.join(["%02x" % i for i in struct.unpack('6B', self.g2_bssid)])
-                dev2 = WpaSupplicant('wlan2', '/tmp/wpas-wlan2')
-                dev2.scan_for_bss(bssid, freq=2412)
-                dev2.global_request("P2P_CONNECT " + bssid + " 12345670 join freq=2412")
-                ev = dev2.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-                if ev is None:
-                    raise Exception("Group join timed out")
-                self.dev2_group_ev = ev
-
-        def groupFinished(self, properties):
-            logger.debug("groupFinished: " + str(properties))
-
-            if self.group1 == properties['group_object']:
-                self.group1 = None
-            elif self.group2 == properties['group_object']:
-                self.group2 = None
-
-            if not self.group1 and not self.group2:
-                self.done = True
-                self.loop.quit()
-
-        def peerJoined(self, peer):
-            logger.debug("peerJoined: " + peer)
-            if self.groups_removed:
-                return
-            self.check_results()
-
-            dev2 = WpaSupplicant('wlan2', '/tmp/wpas-wlan2')
-            dev2.group_form_result(self.dev2_group_ev)
-            dev2.remove_group()
-
-            logger.info("Disconnect group2")
-            group_p2p = dbus.Interface(self.g2_if_obj,
-                                       WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-
-            logger.info("Disconnect group1")
-            group_p2p = dbus.Interface(self.g1_if_obj,
-                                       WPAS_DBUS_IFACE_P2PDEVICE)
-            group_p2p.Disconnect()
-            self.groups_removed = True
-
-        def check_results(self):
-            logger.info("Check results with two concurrent groups in operation")
-
-            g1_obj = bus.get_object(WPAS_DBUS_SERVICE, self.group1)
-            res1 = g1_obj.GetAll(WPAS_DBUS_GROUP,
-                                 dbus_interface=dbus.PROPERTIES_IFACE,
-                                 byte_arrays=True)
-
-            g2_obj = bus.get_object(WPAS_DBUS_SERVICE, self.group2)
-            res2 = g2_obj.GetAll(WPAS_DBUS_GROUP,
-                                 dbus_interface=dbus.PROPERTIES_IFACE,
-                                 byte_arrays=True)
-
-            logger.info("group1 = " + self.group1)
-            logger.debug("Group properties: " + str(res1))
-
-            logger.info("group2 = " + self.group2)
-            logger.debug("Group properties: " + str(res2))
-
-            prop = if_obj.GetAll(WPAS_DBUS_IFACE_P2PDEVICE,
-                                 dbus_interface=dbus.PROPERTIES_IFACE)
-            logger.debug("p2pdevice properties: " + str(prop))
-
-            if res1['Role'] != 'client':
-                raise Exception("Group1 role reported incorrectly: " + res1['Role'])
-            if res2['Role'] != 'GO':
-                raise Exception("Group2 role reported incorrectly: " + res2['Role'])
-            if prop['Role'] != 'device':
-                raise Exception("p2pdevice role reported incorrectly: " + prop['Role'])
-
-            if len(res2['Members']) != 1:
-                   raise Exception("Unexpected Members value for group 2")
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-    dev[1].remove_group()
-
-def test_dbus_p2p_cancel(dev, apdev):
-    """D-Bus P2P Cancel"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-    try:
-        p2p.Cancel()
-        raise Exception("Unexpected p2p.Cancel() success")
-    except dbus.exceptions.DBusException as e:
-        pass
-
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].p2p_listen()
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.deviceFound, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "DeviceFound")
-            self.loop.run()
-            return self
-
-        def deviceFound(self, path):
-            logger.debug("deviceFound: path=%s" % path)
-            args = {'peer': path, 'wps_method': 'keypad', 'pin': '12345670',
-                    'go_intent': 0}
-            p2p.Connect(args)
-            p2p.Cancel()
-            self.done = True
-            self.loop.quit()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            p2p.Find(dbus.Dictionary({'DiscoveryType': 'social'}))
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_p2p_ip_addr(dev, apdev):
-    """D-Bus P2P and IP address parameters"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    p2p = dbus.Interface(if_obj, WPAS_DBUS_IFACE_P2PDEVICE)
-
-    vals = [("IpAddrGo", "192.168.43.1"),
-            ("IpAddrMask", "255.255.255.0"),
-            ("IpAddrStart", "192.168.43.100"),
-            ("IpAddrEnd", "192.168.43.199")]
-    for field, value in vals:
-        if_obj.Set(WPAS_DBUS_IFACE, field, value,
-                   dbus_interface=dbus.PROPERTIES_IFACE)
-        val = if_obj.Get(WPAS_DBUS_IFACE, field,
-                         dbus_interface=dbus.PROPERTIES_IFACE)
-        if val != value:
-            raise Exception("Unexpected %s value: %s" % (field, val))
-
-    set_ip_addr_info(dev[1])
-
-    dev[0].global_request("SET p2p_go_intent 0")
-
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    class TestDbusP2p(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.groupStarted, WPAS_DBUS_IFACE_P2PDEVICE,
-                            "GroupStarted")
-            self.loop.run()
-            return self
-
-        def groupStarted(self, properties):
-            logger.debug("groupStarted: " + str(properties))
-            self.loop.quit()
-
-            if 'IpAddrGo' not in properties:
-                logger.info("IpAddrGo missing from GroupStarted")
-            ip_addr_go = properties['IpAddrGo']
-            addr = "%d.%d.%d.%d" % (ip_addr_go[0], ip_addr_go[1], ip_addr_go[2], ip_addr_go[3])
-            if addr != "192.168.42.1":
-                logger.info("Unexpected IpAddrGo value: " + addr)
-            self.done = True
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusP2p(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_introspect(dev, apdev):
-    """D-Bus introspection"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-
-    res = if_obj.Introspect(WPAS_DBUS_IFACE,
-                            dbus_interface=dbus.INTROSPECTABLE_IFACE)
-    logger.info("Initial Introspect: " + str(res))
-    if res is None or "Introspectable" not in res or "GroupStarted" not in res:
-        raise Exception("Unexpected initial Introspect response: " + str(res))
-    if "FastReauth" not in res or "PassiveScan" not in res:
-        raise Exception("Unexpected initial Introspect response: " + str(res))
-
-    with alloc_fail(dev[0], 1, "wpa_dbus_introspect"):
-        res2 = if_obj.Introspect(WPAS_DBUS_IFACE,
-                                 dbus_interface=dbus.INTROSPECTABLE_IFACE)
-        logger.info("Introspect: " + str(res2))
-        if res2 is not None:
-            raise Exception("Unexpected Introspect response")
-
-    with alloc_fail(dev[0], 1, "=add_interface;wpa_dbus_introspect"):
-        res2 = if_obj.Introspect(WPAS_DBUS_IFACE,
-                                 dbus_interface=dbus.INTROSPECTABLE_IFACE)
-        logger.info("Introspect: " + str(res2))
-        if res2 is None:
-            raise Exception("No Introspect response")
-        if len(res2) >= len(res):
-            raise Exception("Unexpected Introspect response")
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;add_interface;wpa_dbus_introspect"):
-        res2 = if_obj.Introspect(WPAS_DBUS_IFACE,
-                                 dbus_interface=dbus.INTROSPECTABLE_IFACE)
-        logger.info("Introspect: " + str(res2))
-        if res2 is None:
-            raise Exception("No Introspect response")
-        if len(res2) >= len(res):
-            raise Exception("Unexpected Introspect response")
-
-    with alloc_fail(dev[0], 2, "=add_interface;wpa_dbus_introspect"):
-        res2 = if_obj.Introspect(WPAS_DBUS_IFACE,
-                                 dbus_interface=dbus.INTROSPECTABLE_IFACE)
-        logger.info("Introspect: " + str(res2))
-        if res2 is None:
-            raise Exception("No Introspect response")
-        if len(res2) >= len(res):
-            raise Exception("Unexpected Introspect response")
-
-def run_busctl(service, obj):
-    if not shutil.which("busctl"):
-        raise HwsimSkip("No busctl available")
-    logger.info("busctl introspect %s %s" % (service, obj))
-    cmd = subprocess.Popen(['busctl', 'introspect', service, obj],
-                           stdout=subprocess.PIPE,
-                           stderr=subprocess.PIPE)
-    out = cmd.communicate()
-    cmd.wait()
-    logger.info("busctl stdout:\n%s" % out[0].strip())
-    if len(out[1]) > 0:
-        logger.info("busctl stderr: %s" % out[1].decode().strip())
-    if "Duplicate property" in out[1].decode():
-        raise Exception("Duplicate property")
-
-def test_dbus_introspect_busctl(dev, apdev):
-    """D-Bus introspection with busctl"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    ifaces = dbus_get(dbus, wpas_obj, "Interfaces")
-    run_busctl(WPAS_DBUS_SERVICE, WPAS_DBUS_PATH)
-    run_busctl(WPAS_DBUS_SERVICE, WPAS_DBUS_PATH + "/Interfaces")
-    run_busctl(WPAS_DBUS_SERVICE, ifaces[0])
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq=2412)
-    id = dev[0].add_network()
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].set_network_quoted(id, "ssid", "test")
-
-    run_busctl(WPAS_DBUS_SERVICE, ifaces[0] + "/BSSs/0")
-    run_busctl(WPAS_DBUS_SERVICE, ifaces[0] + "/Networks/0")
-
-def test_dbus_ap(dev, apdev):
-    """D-Bus AddNetwork for AP mode"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.started = False
-            self.sta_added = False
-            self.sta_removed = False
-            self.authorized = False
-            self.deauthorized = False
-            self.stations = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.networkAdded, WPAS_DBUS_IFACE, "NetworkAdded")
-            self.add_signal(self.networkSelected, WPAS_DBUS_IFACE,
-                            "NetworkSelected")
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.add_signal(self.stationAdded, WPAS_DBUS_IFACE, "StationAdded")
-            self.add_signal(self.stationRemoved, WPAS_DBUS_IFACE,
-                            "StationRemoved")
-            self.add_signal(self.staAuthorized, WPAS_DBUS_IFACE,
-                            "StaAuthorized")
-            self.add_signal(self.staDeauthorized, WPAS_DBUS_IFACE,
-                            "StaDeauthorized")
-            self.loop.run()
-            return self
-
-        def networkAdded(self, network, properties):
-            logger.debug("networkAdded: %s" % str(network))
-            logger.debug(str(properties))
-
-        def networkSelected(self, network):
-            logger.debug("networkSelected: %s" % str(network))
-            self.network_selected = True
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                self.started = True
-                dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-                dev1.connect(ssid, psk=passphrase, scan_freq="2412")
-
-        def stationAdded(self, station, properties):
-            logger.debug("stationAdded: %s" % str(station))
-            logger.debug(str(properties))
-            self.sta_added = True
-            res = if_obj.Get(WPAS_DBUS_IFACE, 'Stations',
-                             dbus_interface=dbus.PROPERTIES_IFACE)
-            logger.info("Stations: " + str(res))
-            if len(res) == 1:
-                self.stations = True
-            else:
-                raise Exception("Missing Stations entry: " + str(res))
-
-        def stationRemoved(self, station):
-            logger.debug("stationRemoved: %s" % str(station))
-            self.sta_removed = True
-            res = if_obj.Get(WPAS_DBUS_IFACE, 'Stations',
-                             dbus_interface=dbus.PROPERTIES_IFACE)
-            logger.info("Stations: " + str(res))
-            if len(res) != 0:
-                self.stations = False
-                raise Exception("Unexpected Stations entry: " + str(res))
-            self.loop.quit()
-
-        def staAuthorized(self, name):
-            logger.debug("staAuthorized: " + name)
-            self.authorized = True
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.request("DISCONNECT")
-
-        def staDeauthorized(self, name):
-            logger.debug("staDeauthorized: " + name)
-            self.deauthorized = True
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-PSK',
-                                    'psk': passphrase,
-                                    'mode': 2,
-                                    'frequency': 2412,
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            return self.started and self.sta_added and self.sta_removed and \
-                self.authorized and self.deauthorized
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_ap_scan(dev, apdev):
-    """D-Bus AddNetwork for AP mode and scan"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = hapd.own_addr()
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.started = False
-            self.scan_completed = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.add_signal(self.scanDone, WPAS_DBUS_IFACE, "ScanDone")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                self.started = True
-                logger.info("Try to scan in AP mode")
-                iface.Scan({'Type': 'active',
-                            'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-                logger.info("Scan() returned")
-
-        def scanDone(self, success):
-            logger.debug("scanDone: success=%s" % success)
-            if self.started:
-                self.scan_completed = True
-                self.loop.quit()
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-PSK',
-                                    'psk': passphrase,
-                                    'mode': 2,
-                                    'frequency': 2412,
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            return self.started and self.scan_completed
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_connect_wpa_eap(dev, apdev):
-    """D-Bus AddNetwork and connection with WPA+WPA2-Enterprise AP"""
-    skip_without_tkip(dev[0])
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-wpa-eap"
-    params = hostapd.wpa_eap_params(ssid=ssid)
-    params["wpa"] = "3"
-    params["rsn_pairwise"] = "CCMP"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.add_signal(self.eap, WPAS_DBUS_IFACE, "EAP")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                self.done = True
-                self.loop.quit()
-
-        def eap(self, status, parameter):
-            logger.debug("EAP: status=%s parameter=%s" % (status, parameter))
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-EAP',
-                                    'eap': 'PEAP',
-                                    'identity': 'user',
-                                    'password': 'password',
-                                    'ca_cert': 'auth_serv/ca.pem',
-                                    'phase2': 'auth=MSCHAPV2',
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_ap_scan_2_ap_mode_scan(dev, apdev):
-    """AP_SCAN 2 AP mode and D-Bus Scan()"""
-    try:
-        _test_dbus_ap_scan_2_ap_mode_scan(dev, apdev)
-    finally:
-        dev[0].request("AP_SCAN 1")
-
-def _test_dbus_ap_scan_2_ap_mode_scan(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    if "OK" not in dev[0].request("AP_SCAN 2"):
-        raise Exception("Failed to set AP_SCAN 2")
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("AP failed to start")
-
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
-        iface.Scan({'Type': 'active',
-                    'AllowRoam': True,
-                    'Channels': [(dbus.UInt32(2412), dbus.UInt32(20))]})
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED",
-                                "AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("CTRL-EVENT-SCAN-FAILED not seen")
-        if "AP-DISABLED" in ev:
-            raise Exception("Unexpected AP-DISABLED event")
-        if "retry=1" in ev:
-            # Wait for the retry to scan happen
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED",
-                                    "AP-DISABLED"], timeout=5)
-            if ev is None:
-                raise Exception("CTRL-EVENT-SCAN-FAILED not seen - retry")
-            if "AP-DISABLED" in ev:
-                raise Exception("Unexpected AP-DISABLED event - retry")
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_dbus_expectdisconnect(dev, apdev):
-    """D-Bus ExpectDisconnect"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    wpas = dbus.Interface(wpas_obj, WPAS_DBUS_SERVICE)
-
-    params = {"ssid": "test-open"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-
-    # This does not really verify the behavior other than by going through the
-    # code path for additional coverage.
-    wpas.ExpectDisconnect()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_dbus_save_config(dev, apdev):
-    """D-Bus SaveConfig"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-    try:
-        iface.SaveConfig()
-        raise Exception("SaveConfig() accepted unexpectedly")
-    except dbus.exceptions.DBusException as e:
-        if not str(e).startswith("fi.w1.wpa_supplicant1.UnknownError: Not allowed to update configuration"):
-            raise Exception("Unexpected error message for SaveConfig(): " + str(e))
-
-def test_dbus_vendor_elem(dev, apdev):
-    """D-Bus vendor element operations"""
-    try:
-        _test_dbus_vendor_elem(dev, apdev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 1 *")
-
-def _test_dbus_vendor_elem(dev, apdev):
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    dev[0].request("VENDOR_ELEM_REMOVE 1 *")
-
-    try:
-        ie = dbus.ByteArray(b"\x00\x00")
-        iface.VendorElemAdd(-1, ie)
-        raise Exception("Invalid VendorElemAdd() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Invalid ID" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemAdd[1]: " + str(e))
-
-    try:
-        ie = dbus.ByteArray(b'')
-        iface.VendorElemAdd(1, ie)
-        raise Exception("Invalid VendorElemAdd() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Invalid value" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemAdd[2]: " + str(e))
-
-    try:
-        ie = dbus.ByteArray(b"\x00\x01")
-        iface.VendorElemAdd(1, ie)
-        raise Exception("Invalid VendorElemAdd() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Parse error" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemAdd[3]: " + str(e))
-
-    try:
-        iface.VendorElemGet(-1)
-        raise Exception("Invalid VendorElemGet() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Invalid ID" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemGet[1]: " + str(e))
-
-    try:
-        iface.VendorElemGet(1)
-        raise Exception("Invalid VendorElemGet() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "ID value does not exist" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemGet[2]: " + str(e))
-
-    try:
-        ie = dbus.ByteArray(b"\x00\x00")
-        iface.VendorElemRem(-1, ie)
-        raise Exception("Invalid VendorElemRemove() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Invalid ID" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemRemove[1]: " + str(e))
-
-    try:
-        ie = dbus.ByteArray(b'')
-        iface.VendorElemRem(1, ie)
-        raise Exception("Invalid VendorElemRemove() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Invalid value" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemRemove[1]: " + str(e))
-
-    iface.VendorElemRem(1, b"*")
-
-    ie = dbus.ByteArray(b"\x00\x01\x00")
-    iface.VendorElemAdd(1, ie)
-
-    val = iface.VendorElemGet(1)
-    if len(val) != len(ie):
-        raise Exception("Unexpected VendorElemGet length")
-    for i in range(len(val)):
-        if val[i] != dbus.Byte(ie[i]):
-            raise Exception("Unexpected VendorElemGet data")
-
-    ie2 = dbus.ByteArray(b"\xe0\x00")
-    iface.VendorElemAdd(1, ie2)
-
-    ies = ie + ie2
-    val = iface.VendorElemGet(1)
-    if len(val) != len(ies):
-        raise Exception("Unexpected VendorElemGet length[2]")
-    for i in range(len(val)):
-        if val[i] != dbus.Byte(ies[i]):
-            raise Exception("Unexpected VendorElemGet data[2]")
-
-    try:
-        test_ie = dbus.ByteArray(b"\x01\x01")
-        iface.VendorElemRem(1, test_ie)
-        raise Exception("Invalid VendorElemRemove() accepted")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "Parse error" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemRemove[1]: " + str(e))
-
-    iface.VendorElemRem(1, ie)
-    val = iface.VendorElemGet(1)
-    if len(val) != len(ie2):
-        raise Exception("Unexpected VendorElemGet length[3]")
-
-    iface.VendorElemRem(1, b"*")
-    try:
-        iface.VendorElemGet(1)
-        raise Exception("Invalid VendorElemGet() accepted after removal")
-    except dbus.exceptions.DBusException as e:
-        if "InvalidArgs" not in str(e) or "ID value does not exist" not in str(e):
-            raise Exception("Unexpected error message for invalid VendorElemGet after removal: " + str(e))
-
-def test_dbus_assoc_reject(dev, apdev):
-    """D-Bus AssocStatusCode"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-open"
-    params = {"ssid": ssid,
-              "max_listen_interval": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.assoc_status_seen = False
-            self.state = 0
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'AssocStatusCode' in properties:
-                status = properties['AssocStatusCode']
-                if status != 51:
-                    logger.info("Unexpected status code: " + str(status))
-                else:
-                    self.assoc_status_seen = True
-                iface.Disconnect()
-                self.loop.quit()
-
-        def run_connect(self, *args):
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'NONE',
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            return self.assoc_status_seen
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_mesh(dev, apdev):
-    """D-Bus mesh"""
-    check_mesh_support(dev[0])
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    mesh = dbus.Interface(if_obj, WPAS_DBUS_IFACE_MESH)
-
-    add_open_mesh_network(dev[1])
-    addr1 = dev[1].own_addr()
-
-    class TestDbusMesh(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_test)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.meshGroupStarted, WPAS_DBUS_IFACE_MESH,
-                            "MeshGroupStarted")
-            self.add_signal(self.meshGroupRemoved, WPAS_DBUS_IFACE_MESH,
-                            "MeshGroupRemoved")
-            self.add_signal(self.meshPeerConnected, WPAS_DBUS_IFACE_MESH,
-                            "MeshPeerConnected")
-            self.add_signal(self.meshPeerDisconnected, WPAS_DBUS_IFACE_MESH,
-                            "MeshPeerDisconnected")
-            self.loop.run()
-            return self
-
-        def meshGroupStarted(self, args):
-            logger.debug("MeshGroupStarted: " + str(args))
-
-        def meshGroupRemoved(self, args):
-            logger.debug("MeshGroupRemoved: " + str(args))
-            self.done = True
-            self.loop.quit()
-
-        def meshPeerConnected(self, args):
-            logger.debug("MeshPeerConnected: " + str(args))
-
-            res = if_obj.Get(WPAS_DBUS_IFACE_MESH, 'MeshPeers',
-                             dbus_interface=dbus.PROPERTIES_IFACE,
-                             byte_arrays=True)
-            logger.debug("MeshPeers: " + str(res))
-            if len(res) != 1:
-                raise Exception("Unexpected number of MeshPeer values")
-            if binascii.hexlify(res[0]).decode() != addr1.replace(':', ''):
-                raise Exception("Unexpected peer address")
-
-            res = if_obj.Get(WPAS_DBUS_IFACE_MESH, 'MeshGroup',
-                             dbus_interface=dbus.PROPERTIES_IFACE,
-                             byte_arrays=True)
-            logger.debug("MeshGroup: " + str(res))
-            if res != b"wpas-mesh-open":
-                raise Exception("Unexpected MeshGroup")
-            dev1 = WpaSupplicant('wlan1', '/tmp/wpas-wlan1')
-            dev1.mesh_group_remove()
-
-        def meshPeerDisconnected(self, args):
-            logger.debug("MeshPeerDisconnected: " + str(args))
-            dev0 = WpaSupplicant('wlan0', '/tmp/wpas-wlan0')
-            dev0.mesh_group_remove()
-
-        def run_test(self, *args):
-            logger.debug("run_test")
-            dev0 = WpaSupplicant('wlan0', '/tmp/wpas-wlan0')
-            add_open_mesh_network(dev0)
-            return False
-
-        def success(self):
-            return self.done
-
-    with TestDbusMesh(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_roam(dev, apdev):
-    """D-Bus Roam"""
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(bssid, freq=2412)
-    bssid2 = apdev[1]['bssid']
-    dev[0].scan_for_bss(bssid2, freq=2412)
-
-    class TestDbusConnect(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.state = 0
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_connect)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
-                            "PropertiesChanged")
-            self.loop.run()
-            return self
-
-        def propertiesChanged(self, properties):
-            logger.debug("propertiesChanged: %s" % str(properties))
-            if 'State' in properties and properties['State'] == "completed":
-                if self.state == 0:
-                    self.state = 1
-                    cur = properties["CurrentBSS"]
-                    bss_obj = bus.get_object(WPAS_DBUS_SERVICE, cur)
-                    res = bss_obj.Get(WPAS_DBUS_BSS, 'BSSID',
-                                      dbus_interface=dbus.PROPERTIES_IFACE)
-                    bssid_str = ''
-                    for item in res:
-                        if len(bssid_str) > 0:
-                            bssid_str += ':'
-                        bssid_str += '%02x' % item
-                    dst = bssid if bssid_str == bssid2 else bssid2
-                    iface.Roam(dst)
-                elif self.state == 1:
-                    if "RoamComplete" in properties and \
-                       properties["RoamComplete"]:
-                        self.state = 2
-                        self.loop.quit()
-
-        def run_connect(self, *args):
-            logger.debug("run_connect")
-            args = dbus.Dictionary({'ssid': ssid,
-                                    'key_mgmt': 'WPA-PSK',
-                                    'psk': passphrase,
-                                    'scan_freq': 2412},
-                                   signature='sv')
-            self.netw = iface.AddNetwork(args)
-            iface.SelectNetwork(self.netw)
-            return False
-
-        def success(self):
-            return self.state == 2
-
-    with TestDbusConnect(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
-
-def test_dbus_creds(dev, apdev):
-    "D-Bus interworking credentials"
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    args = {'domain': 'server.w1.fi',
-            'realm': 'server.w1.fi',
-            'roaming_consortium': '50a9bf',
-            'required_roaming_consortium': '23bf50',
-            'eap': 'TTLS',
-            'phase2': 'auth=MSCHAPV2',
-            'username': 'user',
-            'password': 'password',
-            'domain_suffix_match': 'server.w1.fi',
-            'ca_cert': 'auth_serv/ca.pem'}
-
-    path = iface.AddCred(dbus.Dictionary(args, signature='sv'))
-    for k, v in args.items():
-        if k == 'password':
-            continue
-        prop = dev[0].get_cred(0, k)
-        if prop != v:
-            raise Exception('Credential add failed: %s does not match %s' % (prop, v))
-
-    iface.RemoveCred(path)
-    if not "FAIL" in dev[0].get_cred(0, 'domain'):
-        raise Exception("Credential remove failed")
-
-    # Removal of multiple credentials
-    cred1 = {'domain': 'server1.w1.fi','realm': 'server1.w1.fi','eap': 'TTLS'}
-    iface.AddCred(dbus.Dictionary(cred1, signature='sv'))
-    if "FAIL" in dev[0].get_cred(0, 'domain'):
-        raise Exception("Failed to add credential")
-
-    cred2 = {'domain': 'server2.w1.fi','realm': 'server2.w1.fi','eap': 'TTLS'}
-    iface.AddCred(dbus.Dictionary(cred2, signature='sv'))
-    if "FAIL" in dev[0].get_cred(1, 'domain'):
-        raise Exception("Failed to add credential")
-
-    iface.RemoveAllCreds()
-    if not "FAIL" in dev[0].get_cred(0, 'domain'):
-        raise Exception("Credential remove failed")
-    if not "FAIL" in dev[0].get_cred(1, 'domain'):
-        raise Exception("Credential remove failed")
-
-def test_dbus_interworking(dev, apdev):
-    "D-Bus interworking selection"
-    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
-    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)
-
-    params = {"ssid": "test-interworking", "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP", "rsn_pairwise": "CCMP",
-              "ieee8021x": "1", "eapol_version": "2",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "interworking": "1",
-              "domain_name": "server.w1.fi",
-              "nai_realm": "0,server.w1.fi,21[2:4][5:7]",
-              "roaming_consortium": "2233445566",
-              "hs20": "1", "anqp_domain_id": "1234"}
-
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    class TestDbusInterworking(TestDbus):
-        def __init__(self, bus):
-            TestDbus.__init__(self, bus)
-            self.interworking_ap_seen = False
-            self.interworking_select_done = False
-
-        def __enter__(self):
-            gobject.timeout_add(1, self.run_select)
-            gobject.timeout_add(15000, self.timeout)
-            self.add_signal(self.interworkingAPAdded, WPAS_DBUS_IFACE,
-                            "InterworkingAPAdded")
-            self.add_signal(self.interworkingSelectDone, WPAS_DBUS_IFACE,
-                            "InterworkingSelectDone")
-            self.loop.run()
-            return self
-
-        def interworkingAPAdded(self, bss, cred, properties):
-            logger.debug("interworkingAPAdded: bss=%s cred=%s %s" % (bss, cred, str(properties)))
-            if self.cred == cred:
-                self.interworking_ap_seen = True
-
-        def interworkingSelectDone(self):
-            logger.debug("interworkingSelectDone")
-            self.interworking_select_done = True
-            self.loop.quit()
-
-        def run_select(self, *args):
-            args = {"domain": "server.w1.fi",
-                    "realm": "server.w1.fi",
-                    "eap": "TTLS",
-                    "phase2": "auth=MSCHAPV2",
-                    "username": "user",
-                    "password": "password",
-                    "domain_suffix_match": "server.w1.fi",
-                    "ca_cert": "auth_serv/ca.pem"}
-            self.cred = iface.AddCred(dbus.Dictionary(args, signature='sv'))
-            iface.InterworkingSelect()
-            return False
-
-        def success(self):
-            return self.interworking_ap_seen and self.interworking_select_done
-
-    with TestDbusInterworking(bus) as t:
-        if not t.success():
-            raise Exception("Expected signals not seen")
diff --git a/tests/hwsim/test_dfs.py b/tests/hwsim/test_dfs.py
deleted file mode 100644
index c5876539ffc6..000000000000
--- a/tests/hwsim/test_dfs.py
+++ /dev/null
@@ -1,767 +0,0 @@
-# Test cases for DFS
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import os
-import subprocess
-import time
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-import hostapd
-from utils import *
-
-def wait_dfs_event(hapd, event, timeout):
-    dfs_events = ["DFS-RADAR-DETECTED", "DFS-NEW-CHANNEL",
-                  "DFS-CAC-START", "DFS-CAC-COMPLETED",
-                  "DFS-NOP-FINISHED", "AP-ENABLED", "AP-CSA-FINISHED"]
-    ev = hapd.wait_event(dfs_events, timeout=timeout)
-    if not ev:
-        raise Exception("DFS event timed out")
-    if event and event not in ev:
-        raise Exception("Unexpected DFS event: " + ev + " (expected: %s)" % event)
-    return ev
-
-def start_dfs_ap(ap, ssid="dfs", ht=True, ht40=False,
-                 ht40minus=False, vht80=False, vht20=False, chanlist=None,
-                 channel=None, country="FI", rrm_beacon_report=False,
-                 chan100=False):
-    ifname = ap['ifname']
-    logger.info("Starting AP " + ifname + " on DFS channel")
-    hapd = hostapd.add_ap(ap, {}, no_enable=True)
-    hapd.set("ssid", ssid)
-    hapd.set("country_code", country)
-    hapd.set("ieee80211d", "1")
-    hapd.set("ieee80211h", "1")
-    hapd.set("hw_mode", "a")
-    if chan100:
-        hapd.set("channel", "100")
-    else:
-        hapd.set("channel", "52")
-    if not ht:
-        hapd.set("ieee80211n", "0")
-    if ht40:
-        hapd.set("ht_capab", "[HT40+]")
-    elif ht40minus:
-        hapd.set("ht_capab", "[HT40-]")
-        hapd.set("channel", "56")
-    if vht80:
-        hapd.set("ieee80211ac", "1")
-        hapd.set("vht_oper_chwidth", "1")
-        if chan100:
-            hapd.set("vht_oper_centr_freq_seg0_idx", "106")
-        else:
-            hapd.set("vht_oper_centr_freq_seg0_idx", "58")
-    if vht20:
-        hapd.set("ieee80211ac", "1")
-        hapd.set("vht_oper_chwidth", "0")
-        hapd.set("vht_oper_centr_freq_seg0_idx", "0")
-    if chanlist:
-        hapd.set("chanlist", chanlist)
-    if channel:
-        hapd.set("channel", str(channel))
-    if rrm_beacon_report:
-        hapd.set("rrm_beacon_report", "1")
-    hapd.enable()
-
-    ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-    if "DFS-CAC-START" not in ev:
-        raise Exception("Unexpected DFS event: " + ev)
-
-    state = hapd.get_status_field("state")
-    if state != "DFS":
-        raise Exception("Unexpected interface state: " + state)
-
-    return hapd
-
-def dfs_simulate_radar(hapd):
-    logger.info("Trigger a simulated radar event")
-    phyname = hapd.get_driver_status_field("phyname")
-    radar_file = '/sys/kernel/debug/ieee80211/' + phyname + '/hwsim/dfs_simulate_radar'
-    with open(radar_file, 'w') as f:
-        f.write('1')
-
-def test_dfs(dev, apdev):
-    """DFS CAC functionality on clear channel"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], country="US")
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS freq result")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5260":
-            raise Exception("Unexpected frequency")
-
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("RADAR DETECTED freq=5260 ht_enabled=1 chan_width=1")
-        ev = hapd.wait_event(["DFS-RADAR-DETECTED"], timeout=10)
-        if ev is None:
-            raise Exception("DFS-RADAR-DETECTED event not reported")
-        if "freq=5260" not in ev:
-            raise Exception("Incorrect frequency in radar detected event: " + ev)
-        ev = hapd.wait_event(["DFS-NEW-CHANNEL"], timeout=70)
-        if ev is None:
-            raise Exception("DFS-NEW-CHANNEL event not reported")
-        if "freq=5260" in ev:
-            raise Exception("Channel did not change after radar was detected")
-
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=70)
-        if ev is None:
-            raise Exception("AP-CSA-FINISHED event not reported")
-        if "freq=5260" in ev:
-            raise Exception("Channel did not change after radar was detected(2)")
-        time.sleep(1)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        clear_regdom(hapd, dev)
-
-@long_duration_test
-def test_dfs_etsi(dev, apdev):
-    """DFS and uniform spreading requirement for ETSI"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0])
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS freq result")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5260":
-            raise Exception("Unexpected frequency")
-
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("RADAR DETECTED freq=%s ht_enabled=1 chan_width=1" % freq)
-        ev = hapd.wait_event(["DFS-RADAR-DETECTED"], timeout=5)
-        if ev is None:
-            raise Exception("DFS-RADAR-DETECTED event not reported")
-        if "freq=%s" % freq not in ev:
-            raise Exception("Incorrect frequency in radar detected event: " + ev)
-        ev = hapd.wait_event(["DFS-NEW-CHANNEL"], timeout=5)
-        if ev is None:
-            raise Exception("DFS-NEW-CHANNEL event not reported")
-        if "freq=%s" % freq in ev:
-            raise Exception("Channel did not change after radar was detected")
-
-        ev = hapd.wait_event(["AP-CSA-FINISHED", "DFS-CAC-START"], timeout=10)
-        if ev is None:
-            raise Exception("AP-CSA-FINISHED or DFS-CAC-START event not reported")
-        if "DFS-CAC-START" in ev:
-            # The selected new channel requires CAC
-            ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-            if "success=1" not in ev:
-                raise Exception("CAC failed")
-
-            ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-            if not ev:
-                raise Exception("AP setup timed out")
-            ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=30)
-            if not ev:
-                raise Exception("STA did not reconnect on new DFS channel")
-        else:
-            # The new channel did not require CAC - try again
-            if "freq=%s" % freq in ev:
-                raise Exception("Channel did not change after radar was detected(2)")
-            time.sleep(1)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_radar1(dev, apdev):
-    """DFS CAC functionality with radar detected during initial CAC"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0])
-        time.sleep(1)
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5260" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS radar detection freq")
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5260" in ev:
-            raise Exception("Unexpected DFS new freq")
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" in ev:
-            logger.info("Started AP on non-DFS channel")
-        else:
-            logger.info("Trying to start AP on another DFS channel")
-            if "DFS-CAC-START" not in ev:
-                raise Exception("Unexpected DFS event: " + ev)
-            if "freq=5260" in ev:
-                raise Exception("Unexpected DFS CAC freq")
-
-            ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-            if "success=1" not in ev:
-                raise Exception("CAC failed")
-            if "freq=5260" in ev:
-                raise Exception("Unexpected DFS freq result - radar channel")
-
-            ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-            if not ev:
-                raise Exception("AP setup timed out")
-
-            state = hapd.get_status_field("state")
-            if state != "ENABLED":
-                raise Exception("Unexpected interface state")
-
-            freq = hapd.get_status_field("freq")
-            if freq == "5260":
-                raise Exception("Unexpected frequency: " + freq)
-
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_radar2(dev, apdev):
-    """DFS CAC functionality with radar detected after initial CAC"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], ssid="dfs2", ht40=True)
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=70)
-        if not ev:
-            raise Exception("AP2 setup timed out")
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260 ht_enabled=1 chan_offset=1 chan_width=2" not in ev:
-            raise Exception("Unexpected DFS radar detection freq from AP2")
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5260" in ev:
-            raise Exception("Unexpected DFS new freq for AP2")
-
-        wait_dfs_event(hapd, None, 5)
-    finally:
-        clear_regdom(hapd, dev)
-
-@remote_compatible
-def test_dfs_radar_on_non_dfs_channel(dev, apdev):
-    """DFS radar detection test code on non-DFS channel"""
-    params = {"ssid": "radar"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    hapd.request("RADAR DETECTED freq=5260 ht_enabled=1 chan_width=1")
-    hapd.request("RADAR DETECTED freq=2412 ht_enabled=1 chan_width=1")
-
-def test_dfs_radar_chanlist(dev, apdev):
-    """DFS chanlist when radar is detected"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="40 44")
-        time.sleep(1)
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5260" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS radar detection freq")
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5200 chan=40" not in ev and "freq=5220 chan=44" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_radar_chanlist_vht80(dev, apdev):
-    """DFS chanlist when radar is detected and VHT80 configured"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="36", ht40=True, vht80=True)
-        time.sleep(1)
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5260" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS radar detection freq")
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5180 chan=36 sec_chan=1" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-
-        if hapd.get_status_field('vht_oper_centr_freq_seg0_idx') != "42":
-            raise Exception("Unexpected seg0 idx")
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_radar_chanlist_vht20(dev, apdev):
-    """DFS chanlist when radar is detected and VHT40 configured"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="36", vht20=True)
-        time.sleep(1)
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5260" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS radar detection freq")
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5180 chan=36 sec_chan=0" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_radar_no_ht(dev, apdev):
-    """DFS chanlist when radar is detected and no HT configured"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="36", ht=False)
-        time.sleep(1)
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5260" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260 ht_enabled=0" not in ev:
-            raise Exception("Unexpected DFS radar detection freq: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5180 chan=36 sec_chan=0" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_radar_ht40minus(dev, apdev):
-    """DFS chanlist when radar is detected and HT40- configured"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="36", ht40minus=True)
-        time.sleep(1)
-
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5280 ht_enabled=1 chan_offset=-1" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5280 ht_enabled=1 chan_offset=-1" not in ev:
-            raise Exception("Unexpected DFS radar detection freq: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5180 chan=36 sec_chan=1" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        dev[0].connect("dfs", key_mgmt="NONE")
-        dev[0].wait_regdom(country_ie=True)
-        dev[0].request("STA_AUTOCONNECT 0")
-    finally:
-        clear_regdom(hapd, dev)
-        dev[0].request("STA_AUTOCONNECT 1")
-
-@long_duration_test
-def test_dfs_ht40_minus(dev, apdev):
-    """DFS CAC functionality on channel 104 HT40-"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], ht40minus=True, channel=104)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5520" not in ev:
-            raise Exception("Unexpected DFS freq result")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5520":
-            raise Exception("Unexpected frequency")
-
-        dev[0].connect("dfs", key_mgmt="NONE", scan_freq="5520")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dfs_cac_restart_on_enable(dev, apdev):
-    """DFS CAC interrupted and restarted"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0])
-        time.sleep(0.1)
-        subprocess.check_call(['ip', 'link', 'set', 'dev', hapd.ifname, 'down'])
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5260" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-        time.sleep(0.1)
-        subprocess.check_call(['ip', 'link', 'set', 'dev', hapd.ifname, 'up'])
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        hapd.disable()
-
-    finally:
-        clear_regdom(hapd, dev)
-
-@long_duration_test
-def test_dfs_rrm(dev, apdev):
-    """DFS with RRM"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], country="US", rrm_beacon_report=True)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev or "freq=5260" not in ev:
-            raise Exception("Unexpected DFS freq result")
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        dev[0].connect("dfs", key_mgmt="NONE", scan_freq="5260")
-        dev[0].wait_regdom(country_ie=True)
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        addr = dev[0].own_addr()
-        token = hapd.request("REQ_BEACON " + addr + " " + "51000000000002ffffffffffff")
-        if "FAIL" in token:
-            raise Exception("REQ_BEACON failed")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received")
-    finally:
-        clear_regdom(hapd, dev)
-
-@long_duration_test
-def test_dfs_radar_vht80_downgrade(dev, apdev):
-    """DFS channel bandwidth downgrade from VHT80 to VHT40"""
-    try:
-        # Start with 80 MHz channel 100 (5500 MHz) to find a radar
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="100-140",
-                            ht40=True, vht80=True, chan100=True)
-        time.sleep(1)
-        dfs_simulate_radar(hapd)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event")
-        if "success=0 freq=5500" not in ev:
-            raise Exception("Unexpected DFS aborted event contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5500" not in ev:
-            raise Exception("Unexpected DFS radar detection freq: " + ev)
-
-        # The only other available 80 MHz channel in the chanlist is
-        # 116 (5580 MHz), so that will be selected next.
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5580 chan=116 sec_chan=1" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        if "freq=5580" not in ev:
-            raise Exception("Unexpected DFS CAC freq: " + ev)
-
-        time.sleep(1)
-        dfs_simulate_radar(hapd)
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 5)
-        if ev is None:
-            raise Exception("Timeout on DFS aborted event (2)")
-        if "success=0 freq=5580" not in ev:
-            raise Exception("Unexpected DFS aborted event (2) contents: " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5580" not in ev:
-            raise Exception("Unexpected DFS radar detection (2) freq: " + ev)
-
-        # No more 80 MHz channels are available, so have to downgrade to 40 MHz
-        # channels and the only remaining one is channel 132 (5660 MHz).
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5660 chan=132 sec_chan=1" not in ev:
-            raise Exception("Unexpected DFS new freq (2): " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        if "freq=5660" not in ev:
-            raise Exception("Unexpected DFS CAC freq (2): " + ev)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5660" not in ev:
-            raise Exception("Unexpected DFS freq result: " + ev)
-
-        ev = wait_dfs_event(hapd, None, 5)
-        if "AP-ENABLED" not in ev:
-            raise Exception("Unexpected DFS event: " + ev)
-        dev[0].connect("dfs", key_mgmt="NONE", scan_freq="5660")
-        dev[0].wait_regdom(country_ie=True)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5660" not in sig or "WIDTH=40 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
-    finally:
-        clear_regdom(hapd, dev)
-
-@long_duration_test
-def test_dfs_chan_switch(dev, apdev):
-    """DFS channel switch"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], country="US")
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS freq result")
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-        freq = hapd.get_status_field("freq")
-        if freq != "5260":
-            raise Exception("Unexpected frequency")
-
-        dev[0].connect("dfs", key_mgmt="NONE", scan_freq="5260 5280")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        if "OK" not in hapd.request("CHAN_SWITCH 5 5280 ht"):
-            raise Exception("CHAN_SWITCH failed")
-        # This results in BSS going down before restart, so the STA is expected
-        # to report disconnection.
-        dev[0].wait_disconnected()
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "freq=5280" not in ev:
-            raise Exception("Unexpected channel: " + ev)
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5280" not in ev:
-            raise Exception("Unexpected DFS freq result")
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-        freq = hapd.get_status_field("freq")
-        if freq != "5280":
-            raise Exception("Unexpected frequency")
-
-        dev[0].wait_connected(timeout=30)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        clear_regdom(hapd, dev)
-
-@long_duration_test
-def test_dfs_no_available_channel(dev, apdev):
-    """DFS and no available channel after radar detection"""
-    try:
-        hapd = None
-        hapd = start_dfs_ap(apdev[0], chanlist="56")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=70)
-        if not ev:
-            raise Exception("AP2 setup timed out")
-
-        dfs_simulate_radar(hapd)
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5260 ht_enabled=1 chan_offset=0 chan_width=1" not in ev:
-            raise Exception("Unexpected DFS radar detection freq from AP")
-
-        ev = wait_dfs_event(hapd, "DFS-NEW-CHANNEL", 5)
-        if "freq=5280 chan=56" not in ev:
-            raise Exception("Unexpected DFS new freq: " + ev)
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "freq=5280" not in ev:
-            raise Exception("Unexpected channel: " + ev)
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5280" not in ev:
-            raise Exception("Unexpected DFS freq result")
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        dfs_simulate_radar(hapd)
-        ev = wait_dfs_event(hapd, "DFS-RADAR-DETECTED", 5)
-        if "freq=5280 ht_enabled=1 chan_offset=0 chan_width=1" not in ev:
-            raise Exception("Unexpected DFS radar detection freq from AP [2]")
-
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=10)
-        if ev is None:
-            raise Exception("AP was not disabled")
-    finally:
-        clear_regdom(hapd, dev)
-
-def dfs_chan_switch_precac(dev, apdev, country):
-    """DFS channel switch pre CAC"""
-    try:
-        hapd = None
-
-        # Toggle regulatory - clean all preCAC
-        hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', 'US'])
-
-        hapd = start_dfs_ap(apdev[0], country=country)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5260" not in ev:
-            raise Exception("Unexpected DFS freq result")
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-        freq = hapd.get_status_field("freq")
-        if freq != "5260":
-            raise Exception("Unexpected frequency")
-
-        # TODO add/connect station here
-        # Today skip this step while dev[0].connect()
-        # for some reason toggle regulatory to US
-        # and clean preCAC
-
-        # Back to non DFS channel
-        if "OK" not in hapd.request("CHAN_SWITCH 5 5180 ht"):
-            raise Exception("CHAN_SWITCH 5180 failed")
-
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=5)
-        if not ev:
-            raise Exception("No CSA finished event - 5180")
-        freq = hapd.get_status_field("freq")
-        if freq != "5180":
-            raise Exception("Unexpected frequency")
-
-        # Today cfg80211 first send AP-CSA-FINISHED and next
-        # DFS-PRE-CAC-EXPIRED
-        ev = hapd.wait_event(["DFS-PRE-CAC-EXPIRED"], timeout=3)
-        if not ev and country == 'US':
-            raise Exception("US - no CAC-EXPIRED event")
-
-	# Back again to DFS channel (CAC passed)
-        if "OK" not in hapd.request("CHAN_SWITCH 5 5260 ht"):
-            raise Exception("CHAN_SWITCH 5260 failed")
-
-        if country == 'US':
-            # For non EU we should start CAC again
-            ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-            if not ev:
-                raise Exception("No DFS CAC start event")
-        else:
-            # For EU preCAC should be used
-            ev = wait_dfs_event(hapd, "AP-CSA-FINISHED", 5)
-            if not ev:
-                raise Exception("No CSA finished event - 5260")
-    finally:
-        clear_regdom(hapd, dev)
-
-@long_duration_test
-def test_dfs_eu_chan_switch_precac(dev, apdev):
-    """DFS channel switch pre CAC - ETSI domain"""
-    dfs_chan_switch_precac(dev, apdev, 'PL')
-
-@long_duration_test
-def test_dfs_us_chan_switch_precac(dev, apdev):
-    """DFS channel switch pre CAC - FCC domain"""
-    dfs_chan_switch_precac(dev, apdev, 'US')
diff --git a/tests/hwsim/test_dpp.py b/tests/hwsim/test_dpp.py
deleted file mode 100644
index 339d7297f7d7..000000000000
--- a/tests/hwsim/test_dpp.py
+++ /dev/null
@@ -1,7010 +0,0 @@
-# Test cases for Device Provisioning Protocol (DPP)
-# Copyright (c) 2017, Qualcomm Atheros, Inc.
-# Copyright (c) 2018-2019, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import base64
-import binascii
-import hashlib
-import logging
-logger = logging.getLogger()
-import os
-import socket
-import struct
-import subprocess
-import time
-try:
-    from socketserver import StreamRequestHandler, TCPServer
-except ImportError:
-    from SocketServer import StreamRequestHandler, TCPServer
-
-import hostapd
-import hwsim_utils
-from hwsim import HWSimRadio
-from utils import *
-from wpasupplicant import WpaSupplicant
-from wlantest import WlantestCapture
-
-try:
-    import OpenSSL
-    openssl_imported = True
-except ImportError:
-    openssl_imported = False
-
-def check_dpp_capab(dev, brainpool=False, min_ver=1):
-    if "UNKNOWN COMMAND" in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
-        raise HwsimSkip("DPP not supported")
-    if brainpool:
-        tls = dev.request("GET tls_library")
-        if not tls.startswith("OpenSSL") or "run=BoringSSL" in tls:
-            raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
-    capa = dev.request("GET_CAPABILITY dpp")
-    ver = 1
-    if capa.startswith("DPP="):
-        ver = int(capa[4:])
-    if ver < min_ver:
-        raise HwsimSkip("DPP version %d not supported" % min_ver)
-    return ver
-
-def wait_dpp_fail(dev, expected=None):
-    ev = dev.wait_event(["DPP-FAIL"], timeout=5)
-    if ev is None:
-        raise Exception("Failure not reported")
-    if expected and expected not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-def test_dpp_qr_code_parsing(dev, apdev):
-    """DPP QR Code parsing"""
-    check_dpp_capab(dev[0])
-    id = []
-
-    tests = ["DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:C:81/1,2,3,4,5,6,7,8,9,10,11,12,13,82/14,83/1,2,3,4,5,6,7,8,9,84/5,6,7,8,9,10,11,12,13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:C:81/1,2,3;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
-             "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"]
-    for uri in tests:
-        id.append(dev[0].dpp_qr_code(uri))
-
-        uri2 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
-        if uri != uri2:
-            raise Exception("Returned URI does not match")
-
-    tests = ["foo",
-             "DPP:",
-             "DPP:;;",
-             "DPP:C:1/2;M:;K;;",
-             "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
-             "DPP:K:" + base64.b64encode(b"hello").decode() + ";;",
-             "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
-             "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
-             "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
-             "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
-             "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
-             "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;"]
-    for t in tests:
-        res = dev[0].request("DPP_QR_CODE " + t)
-        if "FAIL" not in res:
-            raise Exception("Accepted invalid QR Code: " + t)
-
-    logger.info("ID: " + str(id))
-    if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
-        raise Exception("Duplicate ID returned")
-
-    if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
-        raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
-    if "OK" not in dev[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
-        raise Exception("DPP_BOOTSTRAP_REMOVE failed")
-
-    id = dev[0].dpp_bootstrap_gen()
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    logger.info("Generated URI: " + uri)
-
-    dev[0].dpp_qr_code(uri)
-
-    id = dev[0].dpp_bootstrap_gen(chan="81/1,115/36", mac="010203040506",
-                                  info="foo")
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    logger.info("Generated URI: " + uri)
-
-    dev[0].dpp_qr_code(uri)
-
-def test_dpp_uri_version(dev, apdev):
-    """DPP URI version information"""
-    check_dpp_capab(dev[0], min_ver=2)
-
-    id0 = dev[0].dpp_bootstrap_gen()
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("Generated URI: " + uri)
-
-    id1 = dev[0].dpp_qr_code(uri)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-    info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id1)
-    logger.info("Parsed URI info:\n" + info)
-    capa = dev[0].request("GET_CAPABILITY dpp")
-    ver = 1
-    if capa.startswith("DPP="):
-        ver = int(capa[4:])
-    if "version=%d" % ver not in info.splitlines():
-        raise Exception("Unexpected version information (with indication)")
-
-    dev[0].set("dpp_version_override", "1")
-    id0 = dev[0].dpp_bootstrap_gen()
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("Generated URI: " + uri)
-
-    id1 = dev[0].dpp_qr_code(uri)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-    info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id1)
-    logger.info("Parsed URI info:\n" + info)
-    if "version=0" not in info.splitlines():
-        raise Exception("Unexpected version information (without indication)")
-
-def test_dpp_qr_code_parsing_fail(dev, apdev):
-    """DPP QR Code parsing local failure"""
-    check_dpp_capab(dev[0])
-    with alloc_fail(dev[0], 1, "dpp_parse_uri_info"):
-        if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
-            raise Exception("DPP_QR_CODE failure not reported")
-
-    with alloc_fail(dev[0], 1, "dpp_parse_uri_pk"):
-        if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
-            raise Exception("DPP_QR_CODE failure not reported")
-
-    with fail_test(dev[0], 1, "dpp_parse_uri_pk"):
-        if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
-            raise Exception("DPP_QR_CODE failure not reported")
-
-    with alloc_fail(dev[0], 1, "dpp_parse_uri"):
-        if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
-            raise Exception("DPP_QR_CODE failure not reported")
-
-dpp_key_p256 = "30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
-dpp_key_p384 = "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
-dpp_key_p521 = "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
-dpp_key_bp256 = "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
-dpp_key_bp384 = "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
-dpp_key_bp512 = "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
-
-def test_dpp_qr_code_curves(dev, apdev):
-    """DPP QR Code and supported curves"""
-    check_dpp_capab(dev[0])
-    tests = [("prime256v1", dpp_key_p256),
-             ("secp384r1", dpp_key_p384),
-             ("secp521r1", dpp_key_p521)]
-    for curve, hex in tests:
-        id = dev[0].dpp_bootstrap_gen(key=hex)
-        info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
-        if "FAIL" in info:
-            raise Exception("Failed to get info for " + curve)
-        if "curve=" + curve not in info:
-            raise Exception("Curve mismatch for " + curve)
-
-def test_dpp_qr_code_curves_brainpool(dev, apdev):
-    """DPP QR Code and supported Brainpool curves"""
-    check_dpp_capab(dev[0], brainpool=True)
-    tests = [("brainpoolP256r1", dpp_key_bp256),
-             ("brainpoolP384r1", dpp_key_bp384),
-             ("brainpoolP512r1", dpp_key_bp512)]
-    for curve, hex in tests:
-        id = dev[0].dpp_bootstrap_gen(key=hex)
-        info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
-        if "FAIL" in info:
-            raise Exception("Failed to get info for " + curve)
-        if "curve=" + curve not in info:
-            raise Exception("Curve mismatch for " + curve)
-
-def test_dpp_qr_code_unsupported_curve(dev, apdev):
-    """DPP QR Code and unsupported curve"""
-    check_dpp_capab(dev[0])
-
-    id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
-    if "FAIL" not in id:
-        raise Exception("Unsupported curve accepted")
-
-    tests = ["30",
-             "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b"]
-    for hex in tests:
-        id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
-        if "FAIL" not in id:
-            raise Exception("Unsupported/invalid curve accepted")
-
-def test_dpp_qr_code_keygen_fail(dev, apdev):
-    """DPP QR Code and keygen failure"""
-    check_dpp_capab(dev[0])
-
-    with alloc_fail(dev[0], 1,
-                    "crypto_ec_key_get_subject_public_key;dpp_keygen"):
-        if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
-            raise Exception("Failure not reported")
-
-    with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen"):
-        if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
-            raise Exception("Failure not reported")
-
-def test_dpp_qr_code_curve_select(dev, apdev):
-    """DPP QR Code and curve selection"""
-    check_dpp_capab(dev[0], brainpool=True)
-    check_dpp_capab(dev[1], brainpool=True)
-
-    bi = []
-    for key in [dpp_key_p256, dpp_key_p384, dpp_key_p521,
-                dpp_key_bp256, dpp_key_bp384, dpp_key_bp512]:
-        id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, key=key)
-        info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
-        for i in info.splitlines():
-            if '=' in i:
-                name, val = i.split('=')
-                if name == "curve":
-                    curve = val
-                    break
-        uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-        bi.append((curve, uri))
-
-    for curve, uri in bi:
-        logger.info("Curve: " + curve)
-        logger.info("URI: " + uri)
-
-        dev[0].dpp_listen(2412)
-        dev[1].dpp_auth_init(uri=uri)
-        wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
-                          allow_enrollee_failure=True, stop_responder=True,
-                          stop_initiator=True)
-
-def test_dpp_qr_code_auth_broadcast(dev, apdev):
-    """DPP QR Code and authentication exchange (broadcast)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1")
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0)
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_qr_code_auth_unicast(dev, apdev):
-    """DPP QR Code and authentication exchange (unicast)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, None)
-
-def test_dpp_qr_code_auth_unicast_ap_enrollee(dev, apdev):
-    """DPP QR Code and authentication exchange (AP enrollee)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="ap")
-
-def run_dpp_configurator_enrollee(dev, apdev, conf_curve=None):
-    run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="configurator",
-                                 configurator=True, conf_curve=conf_curve,
-                                 conf="configurator")
-    ev = dev[0].wait_event(["DPP-CONFIGURATOR-ID"], timeout=2)
-    if ev is None:
-        raise Exception("No Configurator instance added")
-
-def test_dpp_configurator_enrollee(dev, apdev):
-    """DPP Configurator enrolling"""
-    run_dpp_configurator_enrollee(dev, apdev)
-
-def test_dpp_configurator_enrollee_prime256v1(dev, apdev):
-    """DPP Configurator enrolling (prime256v1)"""
-    run_dpp_configurator_enrollee(dev, apdev, conf_curve="prime256v1")
-
-def test_dpp_configurator_enrollee_secp384r1(dev, apdev):
-    """DPP Configurator enrolling (secp384r1)"""
-    run_dpp_configurator_enrollee(dev, apdev, conf_curve="secp384r1")
-
-def test_dpp_configurator_enrollee_secp521r1(dev, apdev):
-    """DPP Configurator enrolling (secp521r1)"""
-    run_dpp_configurator_enrollee(dev, apdev, conf_curve="secp521r1")
-
-def test_dpp_configurator_enrollee_brainpoolP256r1(dev, apdev):
-    """DPP Configurator enrolling (brainpoolP256r1)"""
-    run_dpp_configurator_enrollee(dev, apdev, conf_curve="brainpoolP256r1")
-
-def test_dpp_configurator_enrollee_brainpoolP384r1(dev, apdev):
-    """DPP Configurator enrolling (brainpoolP384r1)"""
-    run_dpp_configurator_enrollee(dev, apdev, conf_curve="brainpoolP384r1")
-
-def test_dpp_configurator_enrollee_brainpoolP512r1(dev, apdev):
-    """DPP Configurator enrolling (brainpoolP512r1)"""
-    run_dpp_configurator_enrollee(dev, apdev, conf_curve="brainpoolP512r1")
-
-def test_dpp_configurator_enroll_conf(dev, apdev):
-    """DPP Configurator enrolling followed by use of the new Configurator"""
-    check_dpp_capab(dev[0], min_ver=2)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-        run_dpp_configurator_enroll_conf(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_configurator_enroll_conf(dev, apdev):
-    run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="configurator",
-                                 configurator=True, conf="configurator",
-                                 qr="mutual", stop_responder=False)
-    ev = dev[0].wait_event(["DPP-CONFIGURATOR-ID"], timeout=2)
-    if ev is None:
-        raise Exception("No Configurator instance added")
-    dev[1].reset()
-    dev[0].dump_monitor()
-
-    ssid = "test-network"
-    passphrase = "test-passphrase"
-    dev[0].set("dpp_configurator_params",
-               "conf=sta-psk ssid=%s pass=%s" % (binascii.hexlify(ssid.encode()).decode(), binascii.hexlify(passphrase.encode()).decode()))
-    dev[0].dpp_listen(2412, role="configurator")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1")
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1])
-
-def test_dpp_qr_code_curve_prime256v1(dev, apdev):
-    """DPP QR Code and curve prime256v1"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1")
-
-def test_dpp_qr_code_curve_secp384r1(dev, apdev):
-    """DPP QR Code and curve secp384r1"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1")
-
-def test_dpp_qr_code_curve_secp521r1(dev, apdev):
-    """DPP QR Code and curve secp521r1"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1")
-
-def test_dpp_qr_code_curve_brainpoolP256r1(dev, apdev):
-    """DPP QR Code and curve brainpoolP256r1"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP256r1")
-
-def test_dpp_qr_code_curve_brainpoolP384r1(dev, apdev):
-    """DPP QR Code and curve brainpoolP384r1"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP384r1")
-
-def test_dpp_qr_code_curve_brainpoolP512r1(dev, apdev):
-    """DPP QR Code and curve brainpoolP512r1"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP512r1")
-
-def test_dpp_qr_code_set_key(dev, apdev):
-    """DPP QR Code and fixed bootstrapping key"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, None, key="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
-
-def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None,
-                                 require_conf_success=False, init_extra=None,
-                                 require_conf_failure=False,
-                                 configurator=False, conf_curve=None,
-                                 conf=None, qr=None, stop_responder=True):
-    brainpool = (curve and "brainpool" in curve) or \
-        (conf_curve and "brainpool" in conf_curve)
-    check_dpp_capab(dev[0], brainpool)
-    check_dpp_capab(dev[1], brainpool)
-    if configurator:
-        conf_id = dev[1].dpp_configurator_add(curve=conf_curve)
-    else:
-        conf_id = None
-
-    if qr == "mutual":
-        logger.info("dev1 displays QR Code and dev0 scans it")
-        id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
-        uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-        id1c = dev[0].dpp_qr_code(uri1)
-    else:
-        id1 = None
-
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve, key=key)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412, netrole=netrole, qr=qr)
-    dev[1].dpp_auth_init(uri=uri0, extra=init_extra, configurator=conf_id,
-                         conf=conf, own=id1)
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=not require_conf_success,
-                      require_configurator_failure=require_conf_failure,
-                      stop_responder=stop_responder)
-
-def test_dpp_qr_code_auth_mutual(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    logger.info("dev1 displays QR Code")
-    id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
-
-    logger.info("dev0 scans QR Code")
-    id0b = dev[0].dpp_qr_code(uri1b)
-
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, own=id1b)
-
-    ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
-    if ev is None:
-        raise Exception("DPP authentication direction not indicated (Initiator)")
-    if "mutual=1" not in ev:
-        raise Exception("Mutual authentication not used")
-
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_qr_code_auth_mutual2(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual2)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    logger.info("dev1 displays QR Code")
-    id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
-
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412, qr="mutual")
-    dev[1].dpp_auth_init(uri=uri0, own=id1b)
-
-    ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-    if ev is None:
-        raise Exception("Pending response not reported")
-    ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-    if ev is None:
-        raise Exception("QR Code scan for mutual authentication not requested")
-
-    logger.info("dev0 scans QR Code")
-    id0b = dev[0].dpp_qr_code(uri1b)
-
-    ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
-    if ev is None:
-        raise Exception("DPP authentication direction not indicated (Initiator)")
-    if "mutual=1" not in ev:
-        raise Exception("Mutual authentication not used")
-
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_qr_code_auth_mutual_p_256(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
-    run_dpp_qr_code_auth_mutual(dev, apdev, "P-256")
-
-def test_dpp_qr_code_auth_mutual_p_384(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
-    run_dpp_qr_code_auth_mutual(dev, apdev, "P-384")
-
-def test_dpp_qr_code_auth_mutual_p_521(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
-    run_dpp_qr_code_auth_mutual(dev, apdev, "P-521")
-
-def test_dpp_qr_code_auth_mutual_bp_256(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
-    run_dpp_qr_code_auth_mutual(dev, apdev, "BP-256")
-
-def test_dpp_qr_code_auth_mutual_bp_384(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
-    run_dpp_qr_code_auth_mutual(dev, apdev, "BP-384")
-
-def test_dpp_qr_code_auth_mutual_bp_512(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
-    run_dpp_qr_code_auth_mutual(dev, apdev, "BP-512")
-
-def run_dpp_qr_code_auth_mutual(dev, apdev, curve):
-    check_dpp_capab(dev[0], curve and "BP-" in curve)
-    check_dpp_capab(dev[1], curve and "BP-" in curve)
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412, qr="mutual")
-    dev[1].dpp_auth_init(uri=uri0)
-
-    ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-    if ev is None:
-        raise Exception("Pending response not reported")
-    uri = ev.split(' ')[1]
-
-    ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-    if ev is None:
-        raise Exception("QR Code scan for mutual authentication not requested")
-
-    logger.info("dev0 scans QR Code")
-    dev[0].dpp_qr_code(uri)
-
-    ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
-    if ev is None:
-        raise Exception("DPP authentication direction not indicated (Initiator)")
-    if "mutual=1" not in ev:
-        raise Exception("Mutual authentication not used")
-
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_auth_resp_retries(dev, apdev):
-    """DPP Authentication Response retries"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].set("dpp_resp_max_tries", "3")
-    dev[0].set("dpp_resp_retry_time", "100")
-
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 displays QR Code")
-    id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412, qr="mutual")
-    dev[1].dpp_auth_init(uri=uri0, own=id1b)
-
-    ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-    if ev is None:
-        raise Exception("Pending response not reported")
-    ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-    if ev is None:
-        raise Exception("QR Code scan for mutual authentication not requested")
-
-    # Stop Initiator from listening to frames to force retransmission of the
-    # DPP Authentication Response frame with Status=0
-    dev[1].request("DPP_STOP_LISTEN")
-
-    dev[1].dump_monitor()
-    dev[0].dump_monitor()
-
-    logger.info("dev0 scans QR Code")
-    id0b = dev[0].dpp_qr_code(uri1b)
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None or "type=1" not in ev:
-        raise Exception("DPP Authentication Response not sent")
-    ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for DPP Authentication Response not reported")
-    if "result=no-ACK" not in ev:
-        raise Exception("Unexpected TX status for Authentication Response: " + ev)
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=15)
-    if ev is None or "type=1" not in ev:
-        raise Exception("DPP Authentication Response retransmission not sent")
-
-def test_dpp_qr_code_auth_mutual_not_used(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual not used)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 displays QR Code")
-    id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
-    logger.info("dev0 does not scan QR Code")
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, own=id1b)
-
-    ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
-    if ev is None:
-        raise Exception("DPP authentication direction not indicated (Initiator)")
-    if "mutual=0" not in ev:
-        raise Exception("Mutual authentication not used")
-
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_qr_code_auth_mutual_curve_mismatch(dev, apdev):
-    """DPP QR Code and authentication exchange (mutual/mismatch)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 displays QR Code")
-    id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve="secp384r1")
-    uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
-    logger.info("dev0 scans QR Code")
-    id0b = dev[0].dpp_qr_code(uri1b)
-    logger.info("dev1 scans QR Code")
-    dev[1].dpp_auth_init(uri=uri0, own=id1b, expect_fail=True)
-
-def test_dpp_qr_code_auth_hostapd_mutual2(dev, apdev):
-    """DPP QR Code and authentication exchange (hostapd mutual2)"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    logger.info("AP displays QR Code")
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    logger.info("dev0 displays QR Code")
-    id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b)
-    logger.info("dev0 scans QR Code and initiates DPP Authentication")
-    hapd.dpp_listen(2412, qr="mutual")
-    dev[0].dpp_auth_init(uri=uri_h, own=id0b)
-
-    ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-    if ev is None:
-        raise Exception("Pending response not reported")
-    ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-    if ev is None:
-        raise Exception("QR Code scan for mutual authentication not requested")
-
-    logger.info("AP scans QR Code")
-    hapd.dpp_qr_code(uri0)
-
-    wait_auth_success(hapd, dev[0], stop_responder=True)
-
-def test_dpp_qr_code_listen_continue(dev, apdev):
-    """DPP QR Code and listen operation needing continuation"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    logger.info("Wait for listen to expire and get restarted")
-    time.sleep(5.5)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[1].dpp_auth_init(uri=uri0)
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
-    """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
-    try:
-        run_dpp_qr_code_auth_initiator_enrollee(dev, apdev)
-    finally:
-        dev[0].set("gas_address3", "0")
-        dev[1].set("gas_address3", "0")
-
-def run_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].request("SET gas_address3 1")
-    dev[1].request("SET gas_address3 1")
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
-                      allow_enrollee_failure=True, stop_responder=True)
-
-def test_dpp_qr_code_auth_initiator_either_1(dev, apdev):
-    """DPP QR Code and authentication exchange (Initiator in either role)"""
-    run_dpp_qr_code_auth_initiator_either(dev, apdev, None, dev[1], dev[0])
-
-def test_dpp_qr_code_auth_initiator_either_2(dev, apdev):
-    """DPP QR Code and authentication exchange (Initiator in either role)"""
-    run_dpp_qr_code_auth_initiator_either(dev, apdev, "enrollee",
-                                          dev[1], dev[0])
-
-def test_dpp_qr_code_auth_initiator_either_3(dev, apdev):
-    """DPP QR Code and authentication exchange (Initiator in either role)"""
-    run_dpp_qr_code_auth_initiator_either(dev, apdev, "configurator",
-                                          dev[0], dev[1])
-
-def run_dpp_qr_code_auth_initiator_either(dev, apdev, resp_role,
-                                          conf_dev, enrollee_dev):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412, role=resp_role)
-    dev[1].dpp_auth_init(uri=uri0, role="either")
-    wait_auth_success(dev[0], dev[1], configurator=conf_dev,
-                      enrollee=enrollee_dev, allow_enrollee_failure=True,
-                      stop_responder=True)
-
-def run_init_incompatible_roles(dev, role="enrollee"):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    logger.info("dev1 scans QR Code")
-    id1 = dev[1].dpp_qr_code(uri0)
-
-    logger.info("dev1 initiates DPP Authentication")
-    dev[0].dpp_listen(2412, role=role)
-    return id1
-
-def test_dpp_qr_code_auth_incompatible_roles(dev, apdev):
-    """DPP QR Code and authentication exchange (incompatible roles)"""
-    id1 = run_init_incompatible_roles(dev)
-    dev[1].dpp_auth_init(peer=id1, role="enrollee")
-    ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
-    if ev is None:
-        raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
-    ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
-    if ev is None:
-        raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
-    dev[1].dpp_auth_init(peer=id1, role="configurator")
-    wait_auth_success(dev[0], dev[1], stop_responder=True)
-
-def test_dpp_qr_code_auth_incompatible_roles2(dev, apdev):
-    """DPP QR Code and authentication exchange (incompatible roles 2)"""
-    id1 = run_init_incompatible_roles(dev, role="configurator")
-    dev[1].dpp_auth_init(peer=id1, role="configurator")
-    ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
-    if ev is None:
-        raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
-    ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
-    if ev is None:
-        raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
-
-def test_dpp_qr_code_auth_incompatible_roles_failure(dev, apdev):
-    """DPP QR Code and authentication exchange (incompatible roles failure)"""
-    id1 = run_init_incompatible_roles(dev, role="configurator")
-    with alloc_fail(dev[0], 1, "dpp_auth_build_resp_status"):
-        dev[1].dpp_auth_init(peer=id1, role="configurator")
-        ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
-        if ev is None:
-            raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
-
-def test_dpp_qr_code_auth_incompatible_roles_failure2(dev, apdev):
-    """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
-    id1 = run_init_incompatible_roles(dev, role="configurator")
-    with alloc_fail(dev[1], 1, "dpp_auth_resp_rx_status"):
-        dev[1].dpp_auth_init(peer=id1, role="configurator")
-        wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
-
-def test_dpp_qr_code_auth_incompatible_roles_failure3(dev, apdev):
-    """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
-    id1 = run_init_incompatible_roles(dev, role="configurator")
-    with fail_test(dev[1], 1, "dpp_auth_resp_rx_status"):
-        dev[1].dpp_auth_init(peer=id1, role="configurator")
-        wait_dpp_fail(dev[1], "AES-SIV decryption failed")
-
-def test_dpp_qr_code_auth_neg_chan(dev, apdev):
-    """DPP QR Code and authentication exchange with requested different channel"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    conf_id = dev[1].dpp_configurator_add()
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", neg_freq=2462,
-                         configurator=conf_id)
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Request not sent")
-    if "freq=2412 type=0" not in ev:
-        raise Exception("Unexpected TX data for Authentication Request: " + ev)
-
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Request not received")
-    if "freq=2412 type=0" not in ev:
-        raise Exception("Unexpected RX data for Authentication Request: " + ev)
-
-    ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for DPP Authentication Request not reported")
-    if "freq=2412 result=SUCCESS" not in ev:
-        raise Exception("Unexpected TX status for Authentication Request: " + ev)
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Response not sent")
-    if "freq=2462 type=1" not in ev:
-        raise Exception("Unexpected TX data for Authentication Response: " + ev)
-
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Response not received")
-    if "freq=2462 type=1" not in ev:
-        raise Exception("Unexpected RX data for Authentication Response: " + ev)
-
-    ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for DPP Authentication Response not reported")
-    if "freq=2462 result=SUCCESS" not in ev:
-        raise Exception("Unexpected TX status for Authentication Response: " + ev)
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Confirm not sent")
-    if "freq=2462 type=2" not in ev:
-        raise Exception("Unexpected TX data for Authentication Confirm: " + ev)
-
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Confirm not received")
-    if "freq=2462 type=2" not in ev:
-        raise Exception("Unexpected RX data for Authentication Confirm: " + ev)
-
-    ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for DPP Authentication Confirm not reported")
-    if "freq=2462 result=SUCCESS" not in ev:
-        raise Exception("Unexpected TX status for Authentication Confirm: " + ev)
-
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
-                      stop_responder=True)
-
-def test_dpp_config_legacy(dev, apdev):
-    """DPP Config Object for legacy network using passphrase"""
-    check_dpp_capab(dev[1])
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 require_conf_success=True)
-
-def test_dpp_config_legacy_psk_hex(dev, apdev):
-    """DPP Config Object for legacy network using PSK"""
-    check_dpp_capab(dev[1])
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 require_conf_success=True)
-
-def test_dpp_config_fragmentation(dev, apdev):
-    """DPP Config Object for legacy network requiring fragmentation"""
-    check_dpp_capab(dev[1])
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 require_conf_success=True)
-
-def test_dpp_config_legacy_gen(dev, apdev):
-    """Generate DPP Config Object for legacy network"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-psk pass=%s" % binascii.hexlify(b"passphrase").decode(),
-                                 require_conf_success=True)
-
-def test_dpp_config_legacy_gen_psk(dev, apdev):
-    """Generate DPP Config Object for legacy network (PSK)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                                 require_conf_success=True)
-
-def test_dpp_config_dpp_gen_prime256v1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-256)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True)
-
-def test_dpp_config_dpp_gen_secp384r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-384)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True)
-
-def test_dpp_config_dpp_gen_secp521r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-521)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True)
-
-def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-256 + P-256)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="prime256v1")
-
-def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-256 + P-384)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="secp384r1")
-
-def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-256 + P-521)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="secp521r1")
-
-def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-384 + P-256)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="prime256v1")
-
-def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-384 + P-384)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="secp384r1")
-
-def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-384 + P-521)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="secp521r1")
-
-def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-521 + P-256)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="prime256v1")
-
-def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-521 + P-384)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="secp384r1")
-
-def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev, apdev):
-    """Generate DPP Config Object for DPP network (P-521 + P-521)"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True,
-                                 conf_curve="secp521r1")
-
-def test_dpp_config_dpp_gen_expiry(dev, apdev):
-    """Generate DPP Config Object for DPP network with expiry value"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp expiry=%d" % (time.time() + 1000),
-                                 require_conf_success=True,
-                                 configurator=True)
-
-def test_dpp_config_dpp_gen_expired_key(dev, apdev):
-    """Generate DPP Config Object for DPP network with expiry value"""
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp expiry=%d" % (time.time() - 10),
-                                 require_conf_failure=True,
-                                 configurator=True)
-
-def test_dpp_config_dpp_override_prime256v1(dev, apdev):
-    """DPP Config Object override (P-256)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
-    dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 require_conf_success=True)
-
-def test_dpp_config_dpp_override_secp384r1(dev, apdev):
-    """DPP Config Object override (P-384)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
-    dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
-                                 require_conf_success=True)
-
-def test_dpp_config_dpp_override_secp521r1(dev, apdev):
-    """DPP Config Object override (P-521)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
-    dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
-                                 require_conf_success=True)
-
-def test_dpp_config_override_objects(dev, apdev):
-    """Generate DPP Config Object and override objects)"""
-    check_dpp_capab(dev[1])
-    discovery = '{\n"ssid":"mywifi"\n}'
-    groups = '[\n  {"groupId":"home","netRole":"sta"},\n  {"groupId":"cottage","netRole":"sta"}\n]'
-    dev[1].set("dpp_discovery_override", discovery)
-    dev[1].set("dpp_groups_override", groups)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True)
-
-def build_conf_obj(kty="EC", crv="P-256",
-                   x="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
-                   y="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
-                   kid="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
-                   prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
-                   signed_connector=None,
-                   no_signed_connector=False,
-                   csign=True):
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
-    conf += '"akm":"dpp",'
-
-    if signed_connector:
-        conn = signed_connector
-        conf += '"signedConnector":"%s",' % conn
-    elif not no_signed_connector:
-        payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
-        sign = "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
-        conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
-        conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') + '.'
-        conn += sign
-        conf += '"signedConnector":"%s",' % conn
-
-    if csign:
-        conf += '"csign":{'
-        if kty:
-            conf += '"kty":"%s",' % kty
-        if crv:
-            conf += '"crv":"%s",' % crv
-        if x:
-            conf += '"x":"%s",' % x
-        if y:
-            conf += '"y":"%s",' % y
-        if kid:
-            conf += '"kid":"%s"' % kid
-        conf = conf.rstrip(',')
-        conf += '}'
-    else:
-        conf = conf.rstrip(',')
-
-    conf += '}}'
-
-    return conf
-
-def run_dpp_config_error(dev, apdev, conf,
-                         skip_net_access_key_mismatch=True,
-                         conf_failure=True):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    if skip_net_access_key_mismatch:
-        dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
-    dev[1].set("dpp_config_obj_override", conf)
-    run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
-                                 require_conf_success=not conf_failure,
-                                 require_conf_failure=conf_failure)
-
-def test_dpp_config_jwk_error_no_kty(dev, apdev):
-    """DPP Config Object JWK error - no kty"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(kty=None))
-
-def test_dpp_config_jwk_error_unexpected_kty(dev, apdev):
-    """DPP Config Object JWK error - unexpected kty"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(kty="unknown"))
-
-def test_dpp_config_jwk_error_no_crv(dev, apdev):
-    """DPP Config Object JWK error - no crv"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(crv=None))
-
-def test_dpp_config_jwk_error_unsupported_crv(dev, apdev):
-    """DPP Config Object JWK error - unsupported curve"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(crv="unsupported"))
-
-def test_dpp_config_jwk_error_no_x(dev, apdev):
-    """DPP Config Object JWK error - no x"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(x=None))
-
-def test_dpp_config_jwk_error_invalid_x(dev, apdev):
-    """DPP Config Object JWK error - invalid x"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(x="MTIz"))
-
-def test_dpp_config_jwk_error_no_y(dev, apdev):
-    """DPP Config Object JWK error - no y"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(y=None))
-
-def test_dpp_config_jwk_error_invalid_y(dev, apdev):
-    """DPP Config Object JWK error - invalid y"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(y="MTIz"))
-
-def test_dpp_config_jwk_error_invalid_xy(dev, apdev):
-    """DPP Config Object JWK error - invalid x,y"""
-    conf = build_conf_obj(x="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
-                          y="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_jwk_error_no_kid(dev, apdev):
-    """DPP Config Object JWK error - no kid"""
-    # csign kid is optional field, so this results in success
-    run_dpp_config_error(dev, apdev, build_conf_obj(kid=None),
-                         conf_failure=False)
-
-def test_dpp_config_jws_error_prot_hdr_not_an_object(dev, apdev):
-    """DPP Config Object JWS error - protected header not an object"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr="1"))
-
-def test_dpp_config_jws_error_prot_hdr_no_typ(dev, apdev):
-    """DPP Config Object JWS error - protected header - no typ"""
-    prot_hdr = '{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
-
-def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev, apdev):
-    """DPP Config Object JWS error - protected header - unsupported typ"""
-    prot_hdr = '{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
-
-def test_dpp_config_jws_error_prot_hdr_no_alg(dev, apdev):
-    """DPP Config Object JWS error - protected header - no alg"""
-    prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
-
-def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev, apdev):
-    """DPP Config Object JWS error - protected header - unexpected alg"""
-    prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
-
-def test_dpp_config_jws_error_prot_hdr_no_kid(dev, apdev):
-    """DPP Config Object JWS error - protected header - no kid"""
-    prot_hdr = '{"typ":"dppCon","alg":"ES256"}'
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
-
-def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev, apdev):
-    """DPP Config Object JWS error - protected header - unexpected kid"""
-    prot_hdr = '{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
-    run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
-
-def test_dpp_config_signed_connector_error_no_dot_1(dev, apdev):
-    """DPP Config Object signedConnector error - no dot(1)"""
-    conn = "MTIz"
-    run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
-
-def test_dpp_config_signed_connector_error_no_dot_2(dev, apdev):
-    """DPP Config Object signedConnector error - no dot(2)"""
-    conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
-    run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
-
-def test_dpp_config_signed_connector_error_unexpected_signature_len(dev, apdev):
-    """DPP Config Object signedConnector error - unexpected signature length"""
-    conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
-    run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
-
-def test_dpp_config_signed_connector_error_invalid_signature_der(dev, apdev):
-    """DPP Config Object signedConnector error - invalid signature DER"""
-    conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
-    run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
-
-def test_dpp_config_no_csign(dev, apdev):
-    """DPP Config Object error - no csign"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(csign=False))
-
-def test_dpp_config_no_signed_connector(dev, apdev):
-    """DPP Config Object error - no signedConnector"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(no_signed_connector=True))
-
-def test_dpp_config_unexpected_signed_connector_char(dev, apdev):
-    """DPP Config Object error - unexpected signedConnector character"""
-    run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector='a\nb'))
-
-def test_dpp_config_root_not_an_object(dev, apdev):
-    """DPP Config Object error - root not an object"""
-    conf = "1"
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_no_wi_fi_tech(dev, apdev):
-    """DPP Config Object error - no wi-fi_tech"""
-    conf = "{}"
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_unsupported_wi_fi_tech(dev, apdev):
-    """DPP Config Object error - unsupported wi-fi_tech"""
-    conf = '{"wi-fi_tech":"unsupported"}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_no_discovery(dev, apdev):
-    """DPP Config Object error - no discovery"""
-    conf = '{"wi-fi_tech":"infra"}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_no_discovery_ssid(dev, apdev):
-    """DPP Config Object error - no discovery::ssid"""
-    conf = '{"wi-fi_tech":"infra","discovery":{}}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_too_long_discovery_ssid(dev, apdev):
-    """DPP Config Object error - too long discovery::ssid"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_no_cred(dev, apdev):
-    """DPP Config Object error - no cred"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_no_cred_akm(dev, apdev):
-    """DPP Config Object error - no cred::akm"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_unsupported_cred_akm(dev, apdev):
-    """DPP Config Object error - unsupported cred::akm"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_no_pass(dev, apdev):
-    """DPP Config Object legacy error - no pass/psk"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_too_short_pass(dev, apdev):
-    """DPP Config Object legacy error - too short pass/psk"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_too_long_pass(dev, apdev):
-    """DPP Config Object legacy error - too long pass/psk"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_psk_with_sae(dev, apdev):
-    """DPP Config Object legacy error - psk_hex with SAE"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_no_pass_for_sae(dev, apdev):
-    """DPP Config Object legacy error - no pass for SAE"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_invalid_psk(dev, apdev):
-    """DPP Config Object legacy error - invalid psk_hex"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
-    run_dpp_config_error(dev, apdev, conf)
-
-def test_dpp_config_error_legacy_too_short_psk(dev, apdev):
-    """DPP Config Object legacy error - too short psk_hex"""
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
-    run_dpp_config_error(dev, apdev, conf)
-
-def get_der_int_32(val):
-    a, b = struct.unpack('BB', val[0:2])
-    if a != 0x02:
-        raise Exception("Invalid DER encoding of INTEGER")
-    if b > len(val) - 2:
-        raise Exception("Invalid length of INTEGER (truncated)")
-    val = val[2:]
-    if b == 32:
-        r = val[0:32]
-    elif b == 33:
-        if val[0] != 0:
-            raise Exception("Too large INTEGER (32)")
-        r = val[1:33]
-    elif b < 32:
-        r = (32 - b) * b'\x00' + val[0:b]
-    else:
-        raise Exception("Invalid length of INTEGER (32): %d" % b)
-    return r, val[b:]
-
-def ecdsa_sign(pkey, message, alg="sha256"):
-    sign = OpenSSL.crypto.sign(pkey, message, alg)
-    logger.debug("sign=" + binascii.hexlify(sign).decode())
-    a, b = struct.unpack('BB', sign[0:2])
-    if a != 0x30:
-        raise Exception("Invalid DER encoding of ECDSA signature")
-    if b != len(sign) - 2:
-        raise Exception("Invalid length of ECDSA signature")
-    sign = sign[2:]
-
-    r, sign = get_der_int_32(sign)
-    s, sign = get_der_int_32(sign)
-    if len(sign) != 0:
-        raise Exception("Extra data at the end of ECDSA signature")
-
-    logger.info("r=" + binascii.hexlify(r).decode())
-    logger.info("s=" + binascii.hexlify(s).decode())
-    raw_sign = r + s
-    return base64.urlsafe_b64encode(raw_sign).decode().rstrip('=')
-
-p256_priv_key = """-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
-AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
-n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
------END EC PRIVATE KEY-----"""
-p256_pub_key_x = binascii.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
-p256_pub_key_y = binascii.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
-
-def run_dpp_config_connector(dev, apdev, expiry=None, payload=None,
-                             skip_net_access_key_mismatch=True,
-                             conf_failure=True):
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-    pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
-                                          p256_priv_key)
-    x = base64.urlsafe_b64encode(p256_pub_key_x).decode().rstrip('=')
-    y = base64.urlsafe_b64encode(p256_pub_key_y).decode().rstrip('=')
-
-    pubkey = b'\x04' + p256_pub_key_x + p256_pub_key_y
-    kid = base64.urlsafe_b64encode(hashlib.sha256(pubkey).digest()).decode().rstrip('=')
-
-    prot_hdr = '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
-
-    if not payload:
-        payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
-        if expiry:
-            payload += ',"expiry":"%s"' % expiry
-        payload += '}'
-    conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
-    conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=')
-    sign = ecdsa_sign(pkey, conn)
-    conn += '.' + sign
-    run_dpp_config_error(dev, apdev,
-                         build_conf_obj(x=x, y=y, signed_connector=conn),
-                         skip_net_access_key_mismatch=skip_net_access_key_mismatch,
-                         conf_failure=conf_failure)
-
-def test_dpp_config_connector_error_ext_sign(dev, apdev):
-    """DPP Config Object connector error - external signature calculation"""
-    run_dpp_config_connector(dev, apdev, conf_failure=False)
-
-def test_dpp_config_connector_error_too_short_timestamp(dev, apdev):
-    """DPP Config Object connector error - too short timestamp"""
-    run_dpp_config_connector(dev, apdev, expiry="1")
-
-def test_dpp_config_connector_error_invalid_timestamp(dev, apdev):
-    """DPP Config Object connector error - invalid timestamp"""
-    run_dpp_config_connector(dev, apdev, expiry=19*"1")
-
-def test_dpp_config_connector_error_invalid_timestamp_date(dev, apdev):
-    """DPP Config Object connector error - invalid timestamp date"""
-    run_dpp_config_connector(dev, apdev, expiry="9999-99-99T99:99:99Z")
-
-def test_dpp_config_connector_error_invalid_time_zone(dev, apdev):
-    """DPP Config Object connector error - invalid time zone"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00*")
-
-def test_dpp_config_connector_error_invalid_time_zone_2(dev, apdev):
-    """DPP Config Object connector error - invalid time zone 2"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+")
-
-def test_dpp_config_connector_error_expired_1(dev, apdev):
-    """DPP Config Object connector error - expired 1"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00")
-
-def test_dpp_config_connector_error_expired_2(dev, apdev):
-    """DPP Config Object connector error - expired 2"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00Z")
-
-def test_dpp_config_connector_error_expired_3(dev, apdev):
-    """DPP Config Object connector error - expired 3"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01")
-
-def test_dpp_config_connector_error_expired_4(dev, apdev):
-    """DPP Config Object connector error - expired 4"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01:02")
-
-def test_dpp_config_connector_error_expired_5(dev, apdev):
-    """DPP Config Object connector error - expired 5"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01")
-
-def test_dpp_config_connector_error_expired_6(dev, apdev):
-    """DPP Config Object connector error - expired 6"""
-    run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01:02")
-
-def test_dpp_config_connector_error_no_groups(dev, apdev):
-    """DPP Config Object connector error - no groups"""
-    payload = '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
-    run_dpp_config_connector(dev, apdev, payload=payload)
-
-def test_dpp_config_connector_error_empty_groups(dev, apdev):
-    """DPP Config Object connector error - empty groups"""
-    payload = '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
-    run_dpp_config_connector(dev, apdev, payload=payload)
-
-def test_dpp_config_connector_error_missing_group_id(dev, apdev):
-    """DPP Config Object connector error - missing groupId"""
-    payload = '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
-    run_dpp_config_connector(dev, apdev, payload=payload)
-
-def test_dpp_config_connector_error_missing_net_role(dev, apdev):
-    """DPP Config Object connector error - missing netRole"""
-    payload = '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
-    run_dpp_config_connector(dev, apdev, payload=payload)
-
-def test_dpp_config_connector_error_missing_net_access_key(dev, apdev):
-    """DPP Config Object connector error - missing netAccessKey"""
-    payload = '{"groups":[{"groupId":"*","netRole":"sta"}]}'
-    run_dpp_config_connector(dev, apdev, payload=payload)
-
-def test_dpp_config_connector_error_net_access_key_mismatch(dev, apdev):
-    """DPP Config Object connector error - netAccessKey mismatch"""
-    payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
-    run_dpp_config_connector(dev, apdev, payload=payload,
-                             skip_net_access_key_mismatch=False)
-
-def test_dpp_gas_timeout(dev, apdev):
-    """DPP and GAS server timeout for a query"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2412)
-
-    # Force GAS fragmentation
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[1].set("dpp_config_obj_override", conf)
-
-    dev[1].dpp_auth_init(uri=uri0)
-
-    # DPP Authentication Request
-    msg = dev[0].mgmt_rx()
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-        msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # DPP Authentication Confirmation
-    msg = dev[0].mgmt_rx()
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-        msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    wait_auth_success(dev[0], dev[1])
-
-    # DPP Configuration Response (GAS Initial Response frame)
-    msg = dev[0].mgmt_rx()
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-        msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # GAS Comeback Response frame
-    msg = dev[0].mgmt_rx()
-    # Do not continue to force timeout on GAS server
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS result not reported (Enrollee)")
-    if "result=TIMEOUT" not in ev:
-        raise Exception("Unexpected GAS result (Enrollee): " + ev)
-    dev[0].set("ext_mgmt_frame_handling", "0")
-
-    ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=15)
-    if ev is None:
-        raise Exception("DPP configuration failure not reported (Configurator)")
-
-    ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=1)
-    if ev is None:
-        raise Exception("DPP configuration failure not reported (Enrollee)")
-
-def test_dpp_akm_sha256(dev, apdev):
-    """DPP AKM (SHA256)"""
-    run_dpp_akm(dev, apdev, 32)
-
-def test_dpp_akm_sha384(dev, apdev):
-    """DPP AKM (SHA384)"""
-    run_dpp_akm(dev, apdev, 48)
-
-def test_dpp_akm_sha512(dev, apdev):
-    """DPP AKM (SHA512)"""
-    run_dpp_akm(dev, apdev, 64)
-
-def run_dpp_akm(dev, apdev, pmk_len):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    params = {"ssid": "dpp",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2"}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    conf = hapd.request("GET_CONFIG")
-    if "key_mgmt=DPP" not in conf.splitlines():
-        logger.info("GET_CONFIG:\n" + conf)
-        raise Exception("GET_CONFIG did not report correct key_mgmt")
-
-    id = dev[0].connect("dpp", key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
-                        dpp_pfs="2", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=2)
-    if not ev:
-        raise Exception("Network mismatch not reported")
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    bssid = hapd.own_addr()
-    pmkid = 16*'11'
-    akmp = 2**23
-    pmk = pmk_len*'22'
-    cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp)
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("PMKSA_ADD failed (wpa_supplicant)")
-    dev[0].select_network(id, freq="2412")
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=2)
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-    if not ev:
-        raise Exception("Association attempt was not rejected")
-    if "status_code=53" not in ev:
-        raise Exception("Unexpected status code: " + ev)
-
-    addr = dev[0].own_addr()
-    cmd = "PMKSA_ADD %s %s %s 0 %d" % (addr, pmkid, pmk, akmp)
-    if "OK" not in hapd.request(cmd):
-        raise Exception("PMKSA_ADD failed (hostapd)")
-
-    dev[0].select_network(id, freq="2412")
-    dev[0].wait_connected()
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "DPP":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-params1_csign = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
-params1_ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
-params1_ap_netaccesskey = "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
-params1_sta_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
-params1_sta_netaccesskey = "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
-
-def test_dpp_network_introduction(dev, apdev):
-    """DPP network introduction"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = {"ssid": "dpp",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": params1_ap_connector,
-              "dpp_csign": params1_csign,
-              "dpp_netaccesskey": params1_ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                        ieee80211w="2",
-                        dpp_csign=params1_csign,
-                        dpp_connector=params1_sta_connector,
-                        dpp_netaccesskey=params1_sta_netaccesskey)
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "DPP":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-def test_dpp_network_introduction_expired(dev, apdev):
-    """DPP network introduction with expired netaccesskey"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = {"ssid": "dpp",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": params1_ap_connector,
-              "dpp_csign": params1_csign,
-              "dpp_netaccesskey": params1_ap_netaccesskey,
-              "dpp_netaccesskey_expiry": "1565530889"}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                   ieee80211w="2",
-                   dpp_csign=params1_csign,
-                   dpp_connector=params1_sta_connector,
-                   dpp_netaccesskey=params1_sta_netaccesskey,
-                   wait_connect=False)
-    ev = hapd.wait_event(["DPP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("No DPP Peer Discovery Request seen")
-    if "type=5" not in ev:
-        raise Exception("Unexpected DPP message received: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    dev[0].request("DISCONNECT")
-    if ev:
-        raise Exception("Connection reported")
-
-    hapd.disable()
-    hapd.set("dpp_netaccesskey_expiry", "2565530889")
-    hapd.enable()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_dpp_and_sae_akm(dev, apdev):
-    """DPP and SAE AKMs"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    if "SAE" not in dev[1].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    params = {"ssid": "dpp+sae",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP SAE",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "sae_password": "sae-password",
-              "dpp_connector": params1_ap_connector,
-              "dpp_csign": params1_csign,
-              "dpp_netaccesskey": params1_ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    id = dev[0].connect("dpp+sae", key_mgmt="DPP", scan_freq="2412",
-                        ieee80211w="2",
-                        dpp_csign=params1_csign,
-                        dpp_connector=params1_sta_connector,
-                        dpp_netaccesskey=params1_sta_netaccesskey)
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "DPP":
-        raise Exception("Unexpected key_mgmt for DPP: " + val)
-
-    dev[1].request("SET sae_groups ")
-    id = dev[1].connect("dpp+sae", key_mgmt="SAE", scan_freq="2412",
-                        ieee80211w="2", psk="sae-password")
-    val = dev[1].get_status_field("key_mgmt")
-    if val != "SAE":
-        raise Exception("Unexpected key_mgmt for SAE: " + val)
-
-def test_dpp_ap_config(dev, apdev):
-    """DPP and AP configuration"""
-    run_dpp_ap_config(dev, apdev)
-
-def test_dpp_ap_config_p256_p256(dev, apdev):
-    """DPP and AP configuration (P-256 + P-256)"""
-    run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-256")
-
-def test_dpp_ap_config_p256_p384(dev, apdev):
-    """DPP and AP configuration (P-256 + P-384)"""
-    run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-384")
-
-def test_dpp_ap_config_p256_p521(dev, apdev):
-    """DPP and AP configuration (P-256 + P-521)"""
-    run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-521")
-
-def test_dpp_ap_config_p384_p256(dev, apdev):
-    """DPP and AP configuration (P-384 + P-256)"""
-    run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-256")
-
-def test_dpp_ap_config_p384_p384(dev, apdev):
-    """DPP and AP configuration (P-384 + P-384)"""
-    run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-384")
-
-def test_dpp_ap_config_p384_p521(dev, apdev):
-    """DPP and AP configuration (P-384 + P-521)"""
-    run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-521")
-
-def test_dpp_ap_config_p521_p256(dev, apdev):
-    """DPP and AP configuration (P-521 + P-256)"""
-    run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-256")
-
-def test_dpp_ap_config_p521_p384(dev, apdev):
-    """DPP and AP configuration (P-521 + P-384)"""
-    run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-384")
-
-def test_dpp_ap_config_p521_p521(dev, apdev):
-    """DPP and AP configuration (P-521 + P-521)"""
-    run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-521")
-
-def test_dpp_ap_config_bp256_bp256(dev, apdev):
-    """DPP and AP configuration (BP-256 + BP-256)"""
-    run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="BP-256")
-
-def test_dpp_ap_config_bp384_bp384(dev, apdev):
-    """DPP and AP configuration (BP-384 + BP-384)"""
-    run_dpp_ap_config(dev, apdev, curve="BP-384", conf_curve="BP-384")
-
-def test_dpp_ap_config_bp512_bp512(dev, apdev):
-    """DPP and AP configuration (BP-512 + BP-512)"""
-    run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="BP-512")
-
-def test_dpp_ap_config_p256_bp256(dev, apdev):
-    """DPP and AP configuration (P-256 + BP-256)"""
-    run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="BP-256")
-
-def test_dpp_ap_config_bp256_p256(dev, apdev):
-    """DPP and AP configuration (BP-256 + P-256)"""
-    run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="P-256")
-
-def test_dpp_ap_config_p521_bp512(dev, apdev):
-    """DPP and AP configuration (P-521 + BP-512)"""
-    run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="BP-512")
-
-def test_dpp_ap_config_bp512_p521(dev, apdev):
-    """DPP and AP configuration (BP-512 + P-521)"""
-    run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="P-521")
-
-def test_dpp_ap_config_reconfig_configurator(dev, apdev):
-    """DPP and AP configuration with Configurator reconfiguration"""
-    run_dpp_ap_config(dev, apdev, reconf_configurator=True)
-
-def update_hapd_config(hapd):
-    ev = hapd.wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
-    if ev is None:
-        raise Exception("SSID not reported (AP)")
-    ssid = ev.split(' ')[1]
-
-    ev = hapd.wait_event(["DPP-CONNECTOR"], timeout=1)
-    if ev is None:
-        raise Exception("Connector not reported (AP)")
-    connector = ev.split(' ')[1]
-
-    ev = hapd.wait_event(["DPP-C-SIGN-KEY"], timeout=1)
-    if ev is None:
-        raise Exception("C-sign-key not reported (AP)")
-    p = ev.split(' ')
-    csign = p[1]
-
-    ev = hapd.wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
-    if ev is None:
-        raise Exception("netAccessKey not reported (AP)")
-    p = ev.split(' ')
-    net_access_key = p[1]
-    net_access_key_expiry = p[2] if len(p) > 2 else None
-
-    logger.info("Update AP configuration to use key_mgmt=DPP")
-    hapd.disable()
-    hapd.set("ssid", ssid)
-    hapd.set("utf8_ssid", "1")
-    hapd.set("wpa", "2")
-    hapd.set("wpa_key_mgmt", "DPP")
-    hapd.set("ieee80211w", "2")
-    hapd.set("rsn_pairwise", "CCMP")
-    hapd.set("dpp_connector", connector)
-    hapd.set("dpp_csign", csign)
-    hapd.set("dpp_netaccesskey", net_access_key)
-    if net_access_key_expiry:
-        hapd.set("dpp_netaccesskey_expiry", net_access_key_expiry)
-    hapd.enable()
-
-def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None,
-                      reconf_configurator=False):
-    brainpool = (curve and "BP-" in curve) or \
-        (conf_curve and "BP-" in conf_curve)
-    check_dpp_capab(dev[0], brainpool)
-    check_dpp_capab(dev[1], brainpool)
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-
-    conf_id = dev[0].dpp_configurator_add(curve=conf_curve)
-
-    if reconf_configurator:
-        csign = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
-        if "FAIL" in csign or len(csign) == 0:
-            raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
-
-    dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
-    update_hapd_config(hapd)
-
-    id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
-    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    if reconf_configurator:
-        dev[0].dpp_configurator_remove(conf_id)
-        conf_id = dev[0].dpp_configurator_add(curve=conf_curve, key=csign)
-
-    dev[1].dpp_listen(2412)
-    dev[0].dpp_auth_init(uri=uri1, conf="sta-dpp", configurator=conf_id)
-    wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1],
-                      stop_responder=True)
-
-    ev = dev[1].wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
-    if ev is None:
-        raise Exception("SSID not reported")
-    ssid = ev.split(' ')[1]
-
-    ev = dev[1].wait_event(["DPP-CONNECTOR"], timeout=1)
-    if ev is None:
-        raise Exception("Connector not reported")
-    connector = ev.split(' ')[1]
-
-    ev = dev[1].wait_event(["DPP-C-SIGN-KEY"], timeout=1)
-    if ev is None:
-        raise Exception("C-sign-key not reported")
-    p = ev.split(' ')
-    csign = p[1]
-
-    ev = dev[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
-    if ev is None:
-        raise Exception("netAccessKey not reported")
-    p = ev.split(' ')
-    net_access_key = p[1]
-    net_access_key_expiry = p[2] if len(p) > 2 else None
-
-    dev[1].dump_monitor()
-
-    id = dev[1].connect(ssid, key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
-                        only_add_network=True)
-    dev[1].set_network_quoted(id, "dpp_connector", connector)
-    dev[1].set_network(id, "dpp_csign", csign)
-    dev[1].set_network(id, "dpp_netaccesskey", net_access_key)
-    if net_access_key_expiry:
-        dev[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry)
-
-    logger.info("Check data connection")
-    dev[1].select_network(id, freq="2412")
-    dev[1].wait_connected()
-
-def test_dpp_auto_connect_1(dev, apdev):
-    """DPP and auto connect (1)"""
-    try:
-        run_dpp_auto_connect(dev, apdev, 1)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_2(dev, apdev):
-    """DPP and auto connect (2)"""
-    try:
-        run_dpp_auto_connect(dev, apdev, 2)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_2_connect_cmd(dev, apdev):
-    """DPP and auto connect (2) using connect_cmd"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    dev_new = [wpas, dev[1]]
-    try:
-        run_dpp_auto_connect(dev_new, apdev, 2)
-    finally:
-        wpas.set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_2_sta_ver1(dev, apdev):
-    """DPP and auto connect (2; STA using ver 1)"""
-    try:
-        run_dpp_auto_connect(dev, apdev, 2, sta_version=1)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_2_ap_ver1(dev, apdev):
-    """DPP and auto connect (2; AP using ver 1)"""
-    try:
-        run_dpp_auto_connect(dev, apdev, 2, ap_version=1)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_2_ver1(dev, apdev):
-    """DPP and auto connect (2; AP and STA using ver 1)"""
-    try:
-        run_dpp_auto_connect(dev, apdev, 2, ap_version=1, sta_version=1)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_2_conf_ver1(dev, apdev):
-    """DPP and auto connect (2; Configurator using ver 1)"""
-    try:
-        run_dpp_auto_connect(dev, apdev, 2, sta1_version=1)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_auto_connect(dev, apdev, processing, ap_version=0, sta_version=0,
-                         sta1_version=0, stop_after_prov=False):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
-    csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
-    ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
-    ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
-
-    params = {"ssid": "test",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": ap_connector,
-              "dpp_csign": csign_pub,
-              "dpp_netaccesskey": ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-        if ap_version:
-            hapd.set("dpp_version_override", str(ap_version))
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    if sta_version:
-        dev[0].set("dpp_version_override", str(sta_version))
-    if sta1_version:
-        dev[1].set("dpp_version_override", str(sta1_version))
-    conf_id = dev[1].dpp_configurator_add(key=csign)
-    dev[0].set("dpp_config_processing", str(processing))
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id)
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id = ev.split(' ')[1]
-    if stop_after_prov:
-        return id, hapd
-
-    if processing == 1:
-        dev[0].select_network(id, freq=2412)
-
-    dev[0].wait_connected()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_dpp_auto_connect_legacy(dev, apdev):
-    """DPP and auto connect (legacy)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_legacy_ssid_charset(dev, apdev):
-    """DPP and auto connect (legacy, ssid_charset)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev, ssid_charset=12345)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_legacy_sae_1(dev, apdev):
-    """DPP and auto connect (legacy SAE)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', psk_sae=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_legacy_sae_2(dev, apdev):
-    """DPP and auto connect (legacy SAE)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_legacy_psk_sae_1(dev, apdev):
-    """DPP and auto connect (legacy PSK+SAE)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
-                                    psk_sae=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_legacy_psk_sae_2(dev, apdev):
-    """DPP and auto connect (legacy PSK+SAE)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
-                                    sae_only=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_auto_connect_legacy_psk_sae_3(dev, apdev):
-    """DPP and auto connect (legacy PSK+SAE)"""
-    try:
-        run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae')
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk',
-                                ssid_charset=None,
-                                psk_sae=False, sae_only=False):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = hostapd.wpa2_params(ssid="dpp-legacy",
-                                 passphrase="secret passphrase")
-    if sae_only:
-            params['wpa_key_mgmt'] = 'SAE'
-            params['ieee80211w'] = '2'
-    elif psk_sae:
-            params['wpa_key_mgmt'] = 'WPA-PSK SAE'
-            params['ieee80211w'] = '1'
-            params['sae_require_mfp'] = '1'
-
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].set("dpp_config_processing", "2")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-legacy",
-                         ssid_charset=ssid_charset,
-                         passphrase="secret passphrase")
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
-    if ssid_charset:
-        ev = dev[0].wait_event(["DPP-CONFOBJ-SSID-CHARSET"], timeout=1)
-        if ev is None:
-            raise Exception("ssid_charset not reported")
-        charset = ev.split(' ')[1]
-        if charset != str(ssid_charset):
-            raise Exception("Incorrect ssid_charset reported: " + ev)
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id = ev.split(' ')[1]
-
-    dev[0].wait_connected()
-
-def test_dpp_auto_connect_legacy_pmf_required(dev, apdev):
-    """DPP and auto connect (legacy, PMF required)"""
-    try:
-        run_dpp_auto_connect_legacy_pmf_required(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_auto_connect_legacy_pmf_required(dev, apdev):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = hostapd.wpa2_params(ssid="dpp-legacy",
-                                 passphrase="secret passphrase")
-    params['wpa_key_mgmt'] = "WPA-PSK-SHA256"
-    params['ieee80211w'] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("dpp_config_processing", "2")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy",
-                         passphrase="secret passphrase")
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    dev[0].wait_connected()
-
-def test_dpp_qr_code_auth_responder_configurator(dev, apdev):
-    """DPP QR Code and responder as the configurator"""
-    run_dpp_qr_code_auth_responder_configurator(dev, apdev, "")
-
-def test_dpp_qr_code_auth_responder_configurator_group_id(dev, apdev):
-    """DPP QR Code and responder as the configurator with group_id)"""
-    run_dpp_qr_code_auth_responder_configurator(dev, apdev,
-                                                " group_id=test-group")
-
-def run_dpp_qr_code_auth_responder_configurator(dev, apdev, extra):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               " conf=sta-dpp configurator=%d%s" % (conf_id, extra))
-    dev[0].dpp_listen(2412, role="configurator")
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
-                      stop_responder=True)
-
-def test_dpp_qr_code_auth_enrollee_init_netrole(dev, apdev):
-    """DPP QR Code and enrollee initiating with netrole specified"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               " conf=configurator configurator=%d" % conf_id)
-    dev[0].dpp_listen(2412, role="configurator")
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee", netrole="configurator")
-    wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
-                      stop_responder=True)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    # verify that netrole resets back to sta, if not explicitly stated
-    dev[0].set("dpp_configurator_params",
-               "conf=sta-dpp configurator=%d" % conf_id)
-    dev[0].dpp_listen(2412, role="configurator")
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
-                      stop_responder=True)
-
-def test_dpp_qr_code_hostapd_init(dev, apdev):
-    """DPP QR Code and hostapd as initiator"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               " conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
-                      stop_responder=True)
-
-def test_dpp_qr_code_hostapd_init_offchannel(dev, apdev):
-    """DPP QR Code and hostapd as initiator (offchannel)"""
-    run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, None)
-
-def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev, apdev):
-    """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
-    run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, "neg_freq=2437")
-
-def run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, extra):
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1,81/11", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               " conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].dpp_listen(2462, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee", extra=extra)
-    wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
-                      stop_responder=True)
-
-def test_dpp_qr_code_hostapd_ignore_mismatch(dev, apdev):
-    """DPP QR Code and hostapd ignoring netaccessKey mismatch"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
-    dev[0].set("dpp_config_obj_override", conf)
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.set("dpp_ignore_netaccesskey_mismatch", "1")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
-                      stop_responder=True)
-
-def test_dpp_test_vector_p_256(dev, apdev):
-    """DPP P-256 test vector (mutual auth)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    # Responder bootstrapping key
-    priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    # Responder protocol keypair override
-    priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
-    dev[0].set("dpp_protocol_key_override",
-               "30310201010420" + priv + "a00a06082a8648ce3d030107")
-
-    dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
-
-    # Initiator bootstrapping key
-    priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
-    id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
-    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    # Initiator protocol keypair override
-    priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
-    dev[1].set("dpp_protocol_key_override",
-               "30310201010420" + priv + "a00a06082a8648ce3d030107")
-
-    dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
-
-    dev[0].dpp_qr_code(uri1)
-    dev[0].dpp_listen(2462, qr="mutual")
-    dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
-    wait_auth_success(dev[0], dev[1])
-
-def test_dpp_test_vector_p_256_b(dev, apdev):
-    """DPP P-256 test vector (Responder-only auth)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    # Responder bootstrapping key
-    priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    # Responder protocol keypair override
-    priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
-    dev[0].set("dpp_protocol_key_override",
-               "30310201010420" + priv + "a00a06082a8648ce3d030107")
-
-    dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
-
-    # Initiator bootstrapping key
-    priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
-    id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
-    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    # Initiator protocol keypair override
-    priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
-    dev[1].set("dpp_protocol_key_override",
-               "30310201010420" + priv + "a00a06082a8648ce3d030107")
-
-    dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
-
-    dev[0].dpp_listen(2462)
-    dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
-    wait_auth_success(dev[0], dev[1])
-
-def der_priv_key_p_521(priv):
-    if len(priv) != 2 * 66:
-        raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv)
-    der_prefix = "30500201010442"
-    der_postfix = "a00706052b81040023"
-    return der_prefix + priv + der_postfix
-
-def test_dpp_test_vector_p_521(dev, apdev):
-    """DPP P-521 test vector (mutual auth)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    # Responder bootstrapping key
-    priv = "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True,
-                                   key=der_priv_key_p_521(priv))
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    # Responder protocol keypair override
-    priv = "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
-    dev[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
-
-    dev[0].set("dpp_nonce_override",
-               "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
-
-    # Initiator bootstrapping key
-    priv = "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
-    id1 = dev[1].dpp_bootstrap_gen(key=der_priv_key_p_521(priv))
-    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    # Initiator protocol keypair override
-    priv = "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
-    dev[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
-
-    dev[1].set("dpp_nonce_override",
-               "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
-
-    dev[0].dpp_qr_code(uri1)
-    dev[0].dpp_listen(2462, qr="mutual")
-    dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
-    wait_auth_success(dev[0], dev[1])
-
-def test_dpp_pkex(dev, apdev):
-    """DPP and PKEX"""
-    run_dpp_pkex(dev, apdev)
-
-def test_dpp_pkex_v2(dev, apdev):
-    """DPP and PKEXv2"""
-    run_dpp_pkex(dev, apdev, v2=True)
-
-def test_dpp_pkex_p256(dev, apdev):
-    """DPP and PKEX (P-256)"""
-    run_dpp_pkex(dev, apdev, "P-256")
-
-def test_dpp_pkex_p384(dev, apdev):
-    """DPP and PKEX (P-384)"""
-    run_dpp_pkex(dev, apdev, "P-384")
-
-def test_dpp_pkex_p521(dev, apdev):
-    """DPP and PKEX (P-521)"""
-    run_dpp_pkex(dev, apdev, "P-521")
-
-def test_dpp_pkex_bp256(dev, apdev):
-    """DPP and PKEX (BP-256)"""
-    run_dpp_pkex(dev, apdev, "brainpoolP256r1")
-
-def test_dpp_pkex_bp384(dev, apdev):
-    """DPP and PKEX (BP-384)"""
-    run_dpp_pkex(dev, apdev, "brainpoolP384r1")
-
-def test_dpp_pkex_bp512(dev, apdev):
-    """DPP and PKEX (BP-512)"""
-    run_dpp_pkex(dev, apdev, "brainpoolP512r1")
-
-def test_dpp_pkex_config(dev, apdev):
-    """DPP and PKEX with initiator as the configurator"""
-    check_dpp_capab(dev[1])
-    conf_id = dev[1].dpp_configurator_add()
-    run_dpp_pkex(dev, apdev,
-                 init_extra="conf=sta-dpp configurator=%d" % (conf_id),
-                 check_config=True)
-
-def test_dpp_pkex_no_identifier(dev, apdev):
-    """DPP and PKEX without identifier"""
-    run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r=None)
-
-def test_dpp_pkex_identifier_mismatch(dev, apdev):
-    """DPP and PKEX with different identifiers"""
-    run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r="bar",
-                 expect_no_resp=True)
-
-def test_dpp_pkex_identifier_mismatch2(dev, apdev):
-    """DPP and PKEX with initiator using identifier and the responder not"""
-    run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r=None,
-                 expect_no_resp=True)
-
-def test_dpp_pkex_identifier_mismatch3(dev, apdev):
-    """DPP and PKEX with responder using identifier and the initiator not"""
-    run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r="bar",
-                 expect_no_resp=True)
-
-def run_dpp_pkex(dev, apdev, curve=None, init_extra=None, check_config=False,
-                 identifier_i="test", identifier_r="test",
-                 expect_no_resp=False, v2=False):
-    min_ver = 3 if v2 else 1
-    check_dpp_capab(dev[0], curve and "brainpool" in curve, min_ver=min_ver)
-    check_dpp_capab(dev[1], curve and "brainpool" in curve, min_ver=min_ver)
-    dev[0].dpp_pkex_resp(2437, identifier=identifier_r, code="secret",
-                         curve=curve)
-    dev[1].dpp_pkex_init(identifier=identifier_i, code="secret", curve=curve,
-                         extra=init_extra, v2=v2)
-
-    if expect_no_resp:
-        ev = dev[0].wait_event(["DPP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("DPP PKEX frame not received")
-        ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=1)
-        if ev is not None:
-            raise Exception("DPP authentication succeeded")
-        ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=0.1)
-        if ev is not None:
-            raise Exception("DPP authentication succeeded")
-        return
-
-    wait_auth_success(dev[0], dev[1],
-                      configurator=dev[1] if check_config else None,
-                      enrollee=dev[0] if check_config else None)
-
-def test_dpp_pkex_5ghz(dev, apdev):
-    """DPP and PKEX on 5 GHz"""
-    try:
-        dev[0].request("SET country US")
-        dev[1].request("SET country US")
-        ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-        if ev is None:
-            ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
-                                          timeout=1)
-        run_dpp_pkex_5ghz(dev, apdev)
-    finally:
-        dev[0].request("SET country 00")
-        dev[1].request("SET country 00")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        time.sleep(0.1)
-
-def run_dpp_pkex_5ghz(dev, apdev):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(5745, identifier="test", code="secret")
-    dev[1].dpp_pkex_init(identifier="test", code="secret")
-    wait_auth_success(dev[0], dev[1], timeout=20)
-
-def test_dpp_pkex_test_vector(dev, apdev):
-    """DPP and PKEX (P-256) test vector"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    init_addr = "ac:64:91:f4:52:07"
-    resp_addr = "6e:5e:ce:6e:f3:dd"
-
-    identifier = "joes_key"
-    code = "thisisreallysecret"
-
-    # Initiator bootstrapping private key
-    init_priv = "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
-
-    # Responder bootstrapping private key
-    resp_priv = "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
-
-    # Initiator x/X keypair override
-    init_x_priv = "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
-
-    # Responder y/Y keypair override
-    resp_y_priv = "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
-
-    p256_prefix = "30310201010420"
-    p256_postfix = "a00a06082a8648ce3d030107"
-
-    dev[0].set("dpp_pkex_own_mac_override", resp_addr)
-    dev[0].set("dpp_pkex_peer_mac_override", init_addr)
-    dev[1].set("dpp_pkex_own_mac_override", init_addr)
-    dev[1].set("dpp_pkex_peer_mac_override", resp_addr)
-
-    # Responder y/Y keypair override
-    dev[0].set("dpp_pkex_ephemeral_key_override",
-               p256_prefix + resp_y_priv + p256_postfix)
-
-    # Initiator x/X keypair override
-    dev[1].set("dpp_pkex_ephemeral_key_override",
-               p256_prefix + init_x_priv + p256_postfix)
-
-    dev[0].dpp_pkex_resp(2437, identifier=identifier, code=code,
-                         key=p256_prefix + resp_priv + p256_postfix)
-    dev[1].dpp_pkex_init(identifier=identifier, code=code,
-                         key=p256_prefix + init_priv + p256_postfix)
-    wait_auth_success(dev[0], dev[1])
-
-def test_dpp_pkex_code_mismatch(dev, apdev):
-    """DPP and PKEX with mismatching code"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
-    id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown")
-    wait_dpp_fail(dev[0], "possible PKEX code mismatch")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[1].dpp_pkex_init(identifier="test", code="secret", use_id=id1)
-    wait_auth_success(dev[0], dev[1])
-
-def test_dpp_pkex_code_mismatch_limit(dev, apdev):
-    """DPP and PKEX with mismatching code limit"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
-
-    id1 = None
-    for i in range(5):
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown",
-                                   use_id=id1)
-        wait_dpp_fail(dev[0], "possible PKEX code mismatch")
-
-    ev = dev[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout=1)
-    if ev is None:
-        raise Exception("PKEX t limit not reported")
-
-def test_dpp_pkex_curve_mismatch(dev, apdev):
-    """DPP and PKEX with mismatching curve"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256")
-    dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384")
-    wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19")
-    wait_dpp_fail(dev[1], "Peer indicated mismatching PKEX group - proposed 19")
-
-def test_dpp_pkex_curve_mismatch_failure(dev, apdev):
-    """DPP and PKEX with mismatching curve (local failure)"""
-    run_dpp_pkex_curve_mismatch_failure(dev, apdev, "=dpp_pkex_rx_exchange_req")
-
-def test_dpp_pkex_curve_mismatch_failure2(dev, apdev):
-    """DPP and PKEX with mismatching curve (local failure 2)"""
-    run_dpp_pkex_curve_mismatch_failure(dev, apdev,
-                                        "dpp_pkex_build_exchange_resp")
-
-def run_dpp_pkex_curve_mismatch_failure(dev, apdev, func):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256")
-
-    with alloc_fail(dev[0], 1, func):
-        dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384")
-
-        ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None:
-            raise Exception("Failure not reported (dev 0)")
-        if "Mismatching PKEX curve: peer=20 own=19" not in ev:
-            raise Exception("Unexpected result: " + ev)
-        wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19")
-
-def test_dpp_pkex_exchange_resp_processing_failure(dev, apdev):
-    """DPP and PKEX with local failure in processing Exchange Resp"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
-
-    with fail_test(dev[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
-        dev[1].dpp_pkex_init(identifier="test", code="secret")
-        wait_fail_trigger(dev[1], "GET_FAIL")
-
-def test_dpp_pkex_commit_reveal_req_processing_failure(dev, apdev):
-    """DPP and PKEX with local failure in processing Commit Reveal Req"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
-
-    with alloc_fail(dev[0], 1,
-                    "crypto_ec_key_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
-        dev[1].dpp_pkex_init(identifier="test", code="secret")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_dpp_pkex_config2(dev, apdev):
-    """DPP and PKEX with responder as the configurator"""
-    check_dpp_capab(dev[0])
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].set("dpp_configurator_params",
-               " conf=sta-dpp configurator=%d" % conf_id)
-    run_dpp_pkex2(dev, apdev)
-
-def run_dpp_pkex2(dev, apdev, curve=None, init_extra=""):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve=curve,
-                         listen_role="configurator")
-    dev[1].dpp_pkex_init(identifier="test", code="secret", role="enrollee",
-                         curve=curve, extra=init_extra)
-    wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1])
-
-def test_dpp_pkex_no_responder(dev, apdev):
-    """DPP and PKEX with no responder (retry behavior)"""
-    check_dpp_capab(dev[0])
-    dev[0].dpp_pkex_init(identifier="test", code="secret")
-
-    for i in range(15):
-        ev = dev[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout=5)
-        if ev is None:
-            raise Exception("DPP PKEX failure not reported")
-        if "DPP-FAIL" not in ev:
-            continue
-        if "No response from PKEX peer" not in ev:
-            raise Exception("Unexpected failure reason: " + ev)
-        break
-
-def test_dpp_pkex_after_retry(dev, apdev):
-    """DPP and PKEX completing after retry"""
-    check_dpp_capab(dev[0])
-    dev[0].dpp_pkex_init(identifier="test", code="secret")
-    time.sleep(0.1)
-    dev[1].dpp_pkex_resp(2437, identifier="test", code="secret")
-    wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1],
-                      allow_enrollee_failure=True)
-
-def test_dpp_pkex_hostapd_responder(dev, apdev):
-    """DPP PKEX with hostapd as responder"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    hapd.dpp_pkex_resp(2437, identifier="test", code="secret")
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_pkex_init(identifier="test", code="secret",
-                         extra="conf=ap-dpp configurator=%d" % conf_id)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                      stop_initiator=True)
-
-def test_dpp_pkex_v2_hostapd_responder(dev, apdev):
-    """DPP PKEXv2 with hostapd as responder"""
-    check_dpp_capab(dev[0], min_ver=3)
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd, min_ver=3)
-    hapd.dpp_pkex_resp(2437, identifier="test", code="secret")
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_pkex_init(identifier="test", code="secret",
-                         extra="conf=ap-dpp configurator=%d" % conf_id, v2=True)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                      stop_initiator=True)
-
-def test_dpp_pkex_hostapd_initiator(dev, apdev):
-    """DPP PKEX with hostapd as initiator"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].set("dpp_configurator_params",
-               " conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
-                         listen_role="configurator")
-    hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee")
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                      stop_initiator=True)
-
-def test_dpp_pkex_v2_hostapd_initiator(dev, apdev):
-    """DPP PKEXv2 with hostapd as initiator"""
-    check_dpp_capab(dev[0], min_ver=3)
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd, min_ver=3)
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].set("dpp_configurator_params",
-               " conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
-                         listen_role="configurator")
-    hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee",
-                       v2=True)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                      stop_initiator=True)
-
-def test_dpp_pkex_hostapd_errors(dev, apdev):
-    """DPP PKEX errors with hostapd"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    id0 = hapd.dpp_bootstrap_gen(type="pkex")
-    tests = ["own=%d" % id0,
-             "own=%d identifier=foo" % id0,
-             ""]
-    for t in tests:
-        if "FAIL" not in hapd.request("DPP_PKEX_ADD " + t):
-            raise Exception("Invalid DPP_PKEX_ADD accepted: " + t)
-
-    res = hapd.request("DPP_PKEX_ADD own=%d code=foo" % id0)
-    if "FAIL" in res:
-        raise Exception("Failed to add PKEX responder")
-    if "OK" not in hapd.request("DPP_PKEX_REMOVE " + res):
-        raise Exception("Failed to remove PKEX responder")
-    if "FAIL" not in hapd.request("DPP_PKEX_REMOVE " + res):
-        raise Exception("Unknown PKEX responder removal accepted")
-
-    res = hapd.request("DPP_PKEX_ADD own=%d code=foo" % id0)
-    if "FAIL" in res:
-        raise Exception("Failed to add PKEX responder")
-    if "OK" not in hapd.request("DPP_PKEX_REMOVE *"):
-        raise Exception("Failed to flush PKEX responders")
-    hapd.request("DPP_PKEX_REMOVE *")
-
-def test_dpp_hostapd_configurator(dev, apdev):
-    """DPP with hostapd as configurator/initiator"""
-    run_dpp_hostapd_configurator(dev, apdev)
-
-def test_dpp_hostapd_configurator_enrollee_v1(dev, apdev):
-    """DPP with hostapd as configurator/initiator with v1 enrollee"""
-    dev[0].set("dpp_version_override", "1")
-    run_dpp_hostapd_configurator(dev, apdev)
-
-def run_dpp_hostapd_configurator(dev, apdev):
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "1"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    id1 = hapd.dpp_qr_code(uri0)
-    res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1)
-    if "FAIL" in res:
-        raise Exception("DPP_BOOTSTRAP_INFO failed")
-    if "type=QRCODE" not in res:
-        raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
-    if "mac_addr=" + dev[0].own_addr() not in res:
-        raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
-    dev[0].dpp_listen(2412)
-    hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp")
-    wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0],
-                      stop_responder=True)
-
-def test_dpp_hostapd_configurator_responder(dev, apdev):
-    """DPP with hostapd as configurator/responder"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "1"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-    hapd.set("dpp_configurator_params",
-             " conf=sta-dpp configurator=%d" % conf_id)
-    id0 = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(hapd, dev[0], configurator=hapd, enrollee=dev[0],
-                      stop_initiator=True)
-
-def test_dpp_hostapd_configurator_fragmentation(dev, apdev):
-    """DPP with hostapd as configurator/initiator requiring fragmentation"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "1"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    id1 = hapd.dpp_qr_code(uri0)
-    res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1)
-    if "FAIL" in res:
-        raise Exception("DPP_BOOTSTRAP_INFO failed")
-    if "type=QRCODE" not in res:
-        raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
-    if "mac_addr=" + dev[0].own_addr() not in res:
-        raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
-    dev[0].dpp_listen(2412)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    hapd.set("dpp_config_obj_override", conf)
-    hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp")
-    wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0],
-                      stop_responder=True)
-
-def test_dpp_hostapd_enrollee_fragmentation(dev, apdev):
-    """DPP and hostapd as Enrollee with GAS fragmentation"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-    dev[0].set("dpp_configurator_params",
-               " conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
-                      stop_responder=True)
-
-def test_dpp_hostapd_enrollee_gas_timeout(dev, apdev):
-    """DPP and hostapd as Enrollee with GAS timeout"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0])
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if "result=TIMEOUT" not in ev:
-        raise Exception("GAS timeout not reported")
-
-def test_dpp_hostapd_enrollee_gas_timeout_comeback(dev, apdev):
-    """DPP and hostapd as Enrollee with GAS timeout during comeback"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=4)
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if "result=TIMEOUT" not in ev:
-        raise Exception("GAS timeout not reported")
-
-def process_dpp_frames(dev, count=3):
-    for i in range(count):
-        msg = dev.mgmt_rx()
-        cmd = "MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())
-        if "OK" not in dev.request(cmd):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-def test_dpp_hostapd_enrollee_gas_errors(dev, apdev):
-    """DPP and hostapd as Enrollee with GAS query local errors"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-
-    # GAS without comeback
-    tests = [(1, "gas_query_append;gas_query_rx_initial", 3, True),
-             (1, "gas_query_rx_initial", 3, True),
-             (1, "gas_query_tx_initial_req", 2, True),
-             (1, "gas_query_ap_req", 2, False)]
-    for count, func, frame_count, wait_ev in tests:
-        dev[0].request("DPP_STOP_LISTEN")
-        dev[0].dpp_listen(2437, role="configurator")
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-        with alloc_fail(hapd, count, func):
-            hapd.dpp_auth_init(uri=uri0, role="enrollee")
-            process_dpp_frames(dev[0], count=frame_count)
-            if wait_ev:
-                ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-                if not ev or "result=INTERNAL_ERROR" not in ev:
-                    raise Exception("Unexpect GAS query result: " + str(ev))
-
-    # GAS with comeback
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-
-    tests = [(1, "gas_query_append;gas_query_rx_comeback", 4),
-             (1, "wpabuf_alloc;gas_query_tx_comeback_req", 3),
-             (1, "hostapd_drv_send_action;gas_query_tx_comeback_req", 3)]
-    for count, func, frame_count in tests:
-        dev[0].request("DPP_STOP_LISTEN")
-        dev[0].dpp_listen(2437, role="configurator")
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-        with alloc_fail(hapd, count, func):
-            hapd.dpp_auth_init(uri=uri0, role="enrollee")
-            process_dpp_frames(dev[0], count=frame_count)
-            ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-            if not ev or "result=INTERNAL_ERROR" not in ev:
-                raise Exception("Unexpect GAS query result: " + str(ev))
-
-def test_dpp_hostapd_enrollee_gas_proto(dev, apdev):
-    """DPP and hostapd as Enrollee with GAS query protocol testing"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    bssid = hapd.own_addr()
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=3)
-    msg = dev[0].mgmt_rx()
-    payload = msg['payload']
-    dialog_token, = struct.unpack('B', payload[2:3])
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0)
-    # GAS: Advertisement Protocol changed between initial and comeback response from 02:00:00:00:00:00
-    adv_proto = "6c087fdd05506f9a1a02"
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if not ev or "result=PEER_ERROR" not in ev:
-        raise Exception("Unexpect GAS query result: " + str(ev))
-    dev[0].request("DPP_STOP_LISTEN")
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=3)
-    msg = dev[0].mgmt_rx()
-    payload = msg['payload']
-    dialog_token, = struct.unpack('B', payload[2:3])
-    # Another comeback delay
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 1)
-    adv_proto = "6c087fdd05506f9a1a01"
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    msg = dev[0].mgmt_rx()
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 1)
-    # GAS: Invalid comeback response with non-zero frag_id and comeback_delay from 02:00:00:00:00:00
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if not ev or "result=PEER_ERROR" not in ev:
-        raise Exception("Unexpect GAS query result: " + str(ev))
-    dev[0].request("DPP_STOP_LISTEN")
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=3)
-    msg = dev[0].mgmt_rx()
-    payload = msg['payload']
-    dialog_token, = struct.unpack('B', payload[2:3])
-    # Valid comeback response
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    msg = dev[0].mgmt_rx()
-    # GAS: Drop frame as possible retry of previous fragment
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: Unexpected frag_id in response from 02:00:00:00:00:00
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x82, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if not ev or "result=PEER_ERROR" not in ev:
-        raise Exception("Unexpect GAS query result: " + str(ev))
-    dev[0].request("DPP_STOP_LISTEN")
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=3)
-    msg = dev[0].mgmt_rx()
-    payload = msg['payload']
-    dialog_token, = struct.unpack('B', payload[2:3])
-    # GAS: Unexpected initial response from 02:00:00:00:00:00 dialog token 3 when waiting for comeback response
-    hdr = struct.pack('<BBBHBH', 4, 11, dialog_token, 0, 0x80, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: Allow non-zero status for outstanding comeback response
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 95, 0x80, 0)
-    # GAS: Ignore 1 octets of extra data after Query Response from 02:00:00:00:00:00
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" + "ff"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: No pending query found for 02:00:00:00:00:00 dialog token 4
-    hdr = struct.pack('<BBBHBH', 4, 13, (dialog_token + 1) % 256, 0, 0x80, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: Truncated Query Response in response from 02:00:00:00:00:00
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "0010"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: No room for GAS Response Length
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "03"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: Unexpected Advertisement Protocol element ID 0 in response from 02:00:00:00:00:00
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0)
-    adv_proto_broken = "0000"
-    action = binascii.hexlify(hdr).decode() + adv_proto_broken + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: No room for Advertisement Protocol element in the response from 02:00:00:00:00:00
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0)
-    adv_proto_broken = "00ff"
-    action = binascii.hexlify(hdr).decode() + adv_proto_broken + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # No room for Comeback Delay
-    hdr = struct.pack('<BBBHBB', 4, 13, dialog_token, 0, 0x81, 0)
-    action = binascii.hexlify(hdr).decode()
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # No room for frag_id
-    hdr = struct.pack('<BBBH', 4, 13, dialog_token, 0)
-    action = binascii.hexlify(hdr).decode()
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: Query to 02:00:00:00:00:00 dialog token 3 failed - status code 1
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 1, 0x81, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if not ev or "result=FAILURE" not in ev:
-        raise Exception("Unexpect GAS query result: " + str(ev))
-    dev[0].request("DPP_STOP_LISTEN")
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=2)
-    msg = dev[0].mgmt_rx()
-    payload = msg['payload']
-    dialog_token, = struct.unpack('B', payload[2:3])
-    # Unexpected comeback delay
-    hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0)
-    adv_proto = "6c087fdd05506f9a1a01"
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    # GAS: Query to 02:00:00:00:00:00 dialog token 3 failed - status code 1
-    hdr = struct.pack('<BBBHBH', 4, 11, dialog_token, 1, 0x80, 0)
-    action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001"
-    cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action)
-    dev[0].request(cmd)
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if not ev or "result=FAILURE" not in ev:
-        raise Exception("Unexpect GAS query result: " + str(ev))
-    dev[0].request("DPP_STOP_LISTEN")
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-def test_dpp_hostapd_enrollee_gas_tx_status_errors(dev, apdev):
-    """DPP and hostapd as Enrollee with GAS TX status errors"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    conf_id = dev[0].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2437, role="configurator")
-    hapd.dpp_auth_init(uri=uri0, role="enrollee")
-    process_dpp_frames(dev[0], count=3)
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    # GAS: TX status for unexpected destination
-    frame = "d0003a01" + "222222222222"
-    frame += hapd.own_addr().replace(':', '') + "ffffffffffff"
-    frame += "5000" + "040a"
-    hapd.request("MGMT_TX_STATUS_PROCESS stype=13 ok=1 buf=" + frame)
-
-    # GAS: No ACK to GAS request
-    frame = "d0003a01" + dev[0].own_addr().replace(':', '')
-    frame += hapd.own_addr().replace(':', '') + "ffffffffffff"
-    frame += "5000" + "040a"
-    hapd.request("MGMT_TX_STATUS_PROCESS stype=13 ok=0 buf=" + frame)
-
-    ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if "result=TIMEOUT" not in ev:
-        raise Exception("GAS timeout not reported")
-
-    # GAS: Unexpected TX status: dst=02:00:00:00:00:00 ok=1 - no query in progress
-    hapd.request("MGMT_TX_STATUS_PROCESS stype=13 ok=1 buf=" + frame)
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-def test_dpp_hostapd_configurator_override_objects(dev, apdev):
-    """DPP with hostapd as configurator and override objects"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "1"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    id1 = hapd.dpp_qr_code(uri0)
-    res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1)
-    if "FAIL" in res:
-        raise Exception("DPP_BOOTSTRAP_INFO failed")
-    dev[0].dpp_listen(2412)
-    discovery = '{\n"ssid":"mywifi"\n}'
-    groups = '[\n  {"groupId":"home","netRole":"sta"},\n  {"groupId":"cottage","netRole":"sta"}\n]'
-    hapd.set("dpp_discovery_override", discovery)
-    hapd.set("dpp_groups_override", groups)
-    hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp")
-    wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0],
-                      stop_responder=True)
-
-def test_dpp_own_config(dev, apdev):
-    """DPP configurator signing own connector"""
-    try:
-        run_dpp_own_config(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_own_config_group_id(dev, apdev):
-    """DPP configurator signing own connector"""
-    try:
-        run_dpp_own_config(dev, apdev, extra=" group_id=test-group")
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_own_config_curve_mismatch(dev, apdev):
-    """DPP configurator signing own connector using mismatching curve"""
-    try:
-        run_dpp_own_config(dev, apdev, own_curve="BP-384", expect_failure=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_own_config(dev, apdev, own_curve=None, expect_failure=False,
-                       extra=None):
-    check_dpp_capab(dev[0], own_curve and "BP" in own_curve)
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id,
-                         extra=extra)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
-    update_hapd_config(hapd)
-
-    dev[0].set("dpp_config_processing", "1")
-    cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id, extra)
-    if own_curve:
-        cmd += " curve=" + own_curve
-    res = dev[0].request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate own configuration")
-
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id = ev.split(' ')[1]
-    dev[0].select_network(id, freq="2412")
-    if expect_failure:
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-        if ev is not None:
-            raise Exception("Unexpected connection")
-        dev[0].request("DISCONNECT")
-    else:
-        dev[0].wait_connected()
-
-def test_dpp_own_config_ap(dev, apdev):
-    """DPP configurator (AP) signing own connector"""
-    try:
-        run_dpp_own_config_ap(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_own_config_ap_group_id(dev, apdev):
-    """DPP configurator (AP) signing own connector (group_id)"""
-    try:
-        run_dpp_own_config_ap(dev, apdev, extra=" group_id=test-group")
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_own_config_ap_reconf(dev, apdev):
-    """DPP configurator (AP) signing own connector and configurator reconf"""
-    try:
-        run_dpp_own_config_ap(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_own_config_ap(dev, apdev, reconf_configurator=False, extra=None):
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-    if reconf_configurator:
-        csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
-        if "FAIL" in csign or len(csign) == 0:
-            raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
-
-    cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id, extra)
-    res = hapd.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate own configuration")
-    update_hapd_config(hapd)
-
-    if reconf_configurator:
-        hapd.dpp_configurator_remove(conf_id)
-        conf_id = hapd.dpp_configurator_add(key=csign)
-
-    id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    dev[0].set("dpp_config_processing", "2")
-    dev[0].dpp_listen(2412)
-    hapd.dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id,
-                       extra=extra)
-    wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0])
-    dev[0].wait_connected()
-
-def test_dpp_intro_mismatch(dev, apdev):
-    """DPP network introduction mismatch cases"""
-    try:
-        wpas = None
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add("wlan5")
-        check_dpp_capab(wpas)
-        run_dpp_intro_mismatch(dev, apdev, wpas)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-        dev[2].set("dpp_config_processing", "0", allow_fail=True)
-        if wpas:
-            wpas.set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_intro_mismatch(dev, apdev, wpas):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    check_dpp_capab(dev[2])
-    logger.info("Start AP in unconfigured state")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    logger.info("Provision AP with DPP configuration")
-    conf_id = dev[1].dpp_configurator_add()
-    dev[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
-    dev[1].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
-    update_hapd_config(hapd)
-
-    logger.info("Provision STA0 with DPP Connector that has mismatching groupId")
-    dev[0].set("dpp_config_processing", "2")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    dev[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id)
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
-
-    logger.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
-    dev[2].set("dpp_config_processing", "2")
-    id2 = dev[2].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri2 = dev[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2)
-    dev[2].dpp_listen(2412)
-    conf_id_2 = dev[1].dpp_configurator_add()
-    dev[1].set("dpp_groups_override", '')
-    dev[1].dpp_auth_init(uri=uri2, conf="sta-dpp", configurator=conf_id_2)
-    wait_auth_success(dev[2], dev[1], configurator=dev[1], enrollee=dev[2])
-
-    logger.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
-    wpas.set("dpp_config_processing", "2")
-    id5 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True, curve="P-521")
-    uri5 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id5)
-    wpas.dpp_listen(2412)
-    dev[1].set("dpp_groups_override", '')
-    dev[1].dpp_auth_init(uri=uri5, conf="sta-dpp", configurator=conf_id)
-    wait_auth_success(wpas, dev[1], configurator=dev[1], enrollee=wpas)
-
-    logger.info("Verify network introduction results")
-    ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
-    if ev is None:
-        raise Exception("DPP network introduction result not seen on STA0")
-    if "status=8" not in ev:
-        raise Exception("Unexpected network introduction result on STA0: " + ev)
-
-    ev = dev[2].wait_event(["DPP-INTRO"], timeout=5)
-    if ev is None:
-        raise Exception("DPP network introduction result not seen on STA2")
-    if "status=8" not in ev:
-        raise Exception("Unexpected network introduction result on STA2: " + ev)
-
-    ev = wpas.wait_event(["DPP-INTRO"], timeout=10)
-    if ev is None:
-        raise Exception("DPP network introduction result not seen on STA5")
-    if "status=7" not in ev:
-        raise Exception("Unexpected network introduction result on STA5: " + ev)
-
-def run_dpp_proto_init(dev, test_dev, test, mutual=False, unicast=True,
-                       listen=True, chan="81/1", init_enrollee=False,
-                       incompatible_roles=False):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[test_dev].set("dpp_test", str(test))
-    if init_enrollee:
-        conf_id = dev[0].dpp_configurator_add()
-    else:
-        conf_id = dev[1].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan=chan, mac=unicast)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    if mutual:
-        id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-        uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
-
-        id0b = dev[0].dpp_qr_code(uri1b)
-        qr = "mutual"
-    else:
-        qr = None
-
-    if init_enrollee:
-        if incompatible_roles:
-            role = "enrollee"
-        else:
-            role = "configurator"
-        dev[0].set("dpp_configurator_params",
-                   " conf=sta-dpp configurator=%d" % conf_id)
-    elif incompatible_roles:
-        role = "enrollee"
-    else:
-        role = None
-
-    if listen:
-        dev[0].dpp_listen(2412, qr=qr, role=role)
-
-    role = None
-    configurator = None
-    conf = None
-    own = None
-
-    if init_enrollee:
-        role="enrollee"
-    else:
-        configurator=conf_id
-        conf="sta-dpp"
-        if incompatible_roles:
-            role="enrollee"
-    if mutual:
-        own = id1b
-    dev[1].dpp_auth_init(uri=uri0, role=role, configurator=configurator,
-                         conf=conf, own=own)
-    return uri0, role, configurator, conf, own
-
-def test_dpp_proto_after_wrapped_data_auth_req(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
-    run_dpp_proto_init(dev, 1, 1)
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Request not seen")
-    if "type=0" not in ev or "ignore=invalid-attributes" not in ev:
-        raise Exception("Unexpected RX info: " + ev)
-    ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def test_dpp_auth_req_stop_after_ack(dev, apdev):
-    """DPP initiator stopping after ACK, but no response"""
-    run_dpp_proto_init(dev, 1, 1, listen=True)
-    ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("Authentication failure not reported")
-
-def test_dpp_auth_req_retries(dev, apdev):
-    """DPP initiator retries with no ACK"""
-    check_dpp_capab(dev[1])
-    dev[1].set("dpp_init_max_tries", "3")
-    dev[1].set("dpp_init_retry_time", "1000")
-    dev[1].set("dpp_resp_wait_time", "100")
-    run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False)
-
-    for i in range(3):
-        ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-        if ev is None:
-            raise Exception("Auth Req not sent (%d)" % i)
-
-    ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("Authentication failure not reported")
-
-def test_dpp_auth_req_retries_multi_chan(dev, apdev):
-    """DPP initiator retries with no ACK and multiple channels"""
-    check_dpp_capab(dev[1])
-    dev[1].set("dpp_init_max_tries", "3")
-    dev[1].set("dpp_init_retry_time", "1000")
-    dev[1].set("dpp_resp_wait_time", "100")
-    run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False,
-                       chan="81/1,81/6,81/11")
-
-    for i in range(3 * 3):
-        ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-        if ev is None:
-            raise Exception("Auth Req not sent (%d)" % i)
-
-    ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("Authentication failure not reported")
-
-def test_dpp_proto_after_wrapped_data_auth_resp(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
-    run_dpp_proto_init(dev, 0, 2)
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Response not seen")
-    if "type=1" not in ev or "ignore=invalid-attributes" not in ev:
-        raise Exception("Unexpected RX info: " + ev)
-    ev = dev[0].wait_event(["DPP-RX"], timeout=1)
-    if ev is None or "type=0" not in ev:
-        raise Exception("DPP Authentication Request not seen")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def test_dpp_proto_after_wrapped_data_auth_conf(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
-    run_dpp_proto_init(dev, 1, 3)
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "type=0" not in ev:
-        raise Exception("DPP Authentication Request not seen")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication Confirm not seen")
-    if "type=2" not in ev or "ignore=invalid-attributes" not in ev:
-        raise Exception("Unexpected RX info: " + ev)
-
-def test_dpp_proto_after_wrapped_data_conf_req(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
-    run_dpp_proto_init(dev, 0, 6)
-    ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=10)
-    if ev is None:
-        raise Exception("DPP Configuration failure not seen")
-
-def test_dpp_proto_after_wrapped_data_conf_resp(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
-    run_dpp_proto_init(dev, 1, 7)
-    ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=10)
-    if ev is None:
-        raise Exception("DPP Configuration failure not seen")
-
-def test_dpp_proto_zero_i_capab(dev, apdev):
-    """DPP protocol testing - zero I-capability in Auth Req"""
-    run_dpp_proto_init(dev, 1, 8)
-    wait_dpp_fail(dev[0], "Invalid role in I-capabilities 0x00")
-    ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def test_dpp_proto_zero_r_capab(dev, apdev):
-    """DPP protocol testing - zero R-capability in Auth Resp"""
-    run_dpp_proto_init(dev, 0, 9)
-    wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x00")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=1)
-    if ev is None or "type=0" not in ev:
-        raise Exception("DPP Authentication Request not seen")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def run_dpp_proto_auth_req_missing(dev, test, reason, mutual=False):
-    run_dpp_proto_init(dev, 1, test, mutual=mutual)
-    wait_dpp_fail(dev[0], reason)
-    ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def test_dpp_proto_auth_req_no_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no R-bootstrap key in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
-
-def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 68, "No matching own bootstrapping key found - ignore message")
-
-def test_dpp_proto_auth_req_no_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no I-bootstrap key in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
-
-def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
-    run_dpp_proto_init(dev, 1, 69, mutual=True)
-    ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-    if ev is None:
-        raise Exception("DPP scan request not seen")
-    ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-    if ev is None:
-        raise Exception("DPP response pending indivation not seen")
-
-def test_dpp_proto_auth_req_no_i_proto_key(dev, apdev):
-    """DPP protocol testing - no I-proto key in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 12, "Missing required Initiator Protocol Key attribute")
-
-def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
-    """DPP protocol testing - invalid I-proto key in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
-
-def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
-    """DPP protocol testing - no I-nonce in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 13, "Missing or invalid I-nonce")
-
-def test_dpp_proto_auth_req_invalid_i_nonce(dev, apdev):
-    """DPP protocol testing - invalid I-nonce in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 81, "Missing or invalid I-nonce")
-
-def test_dpp_proto_auth_req_no_i_capab(dev, apdev):
-    """DPP protocol testing - no I-capab in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 14, "Missing or invalid I-capab")
-
-def test_dpp_proto_auth_req_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in Auth Req"""
-    run_dpp_proto_auth_req_missing(dev, 15, "Missing or invalid required Wrapped Data attribute")
-
-def run_dpp_proto_auth_resp_missing(dev, test, reason,
-                                    incompatible_roles=False):
-    run_dpp_proto_init(dev, 0, test, mutual=True,
-                       incompatible_roles=incompatible_roles)
-    if reason is None:
-        if incompatible_roles:
-            ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
-            if ev is None:
-                raise Exception("DPP-NOT-COMPATIBLE not reported")
-        time.sleep(0.1)
-        return
-    wait_dpp_fail(dev[1], reason)
-    ev = dev[0].wait_event(["DPP-RX"], timeout=1)
-    if ev is None or "type=0" not in ev:
-        raise Exception("DPP Authentication Request not seen")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def test_dpp_proto_auth_resp_no_status(dev, apdev):
-    """DPP protocol testing - no Status in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 16, "Missing or invalid required DPP Status attribute")
-
-def test_dpp_proto_auth_resp_status_no_status(dev, apdev):
-    """DPP protocol testing - no Status in Auth Resp(status)"""
-    run_dpp_proto_auth_resp_missing(dev, 16,
-                                    "Missing or invalid required DPP Status attribute",
-                                    incompatible_roles=True)
-
-def test_dpp_proto_auth_resp_invalid_status(dev, apdev):
-    """DPP protocol testing - invalid Status in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 74, "Responder reported failure")
-
-def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no R-bootstrap key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
-
-def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
-    run_dpp_proto_auth_resp_missing(dev, 17,
-                                    "Missing or invalid required Responder Bootstrapping Key Hash attribute",
-                                    incompatible_roles=True)
-
-def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 70, "Unexpected Responder Bootstrapping Key Hash value")
-
-def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
-    run_dpp_proto_auth_resp_missing(dev, 70,
-                                    "Unexpected Responder Bootstrapping Key Hash value",
-                                    incompatible_roles=True)
-
-def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no I-bootstrap key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 18, None)
-
-def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
-    run_dpp_proto_auth_resp_missing(dev, 18, None, incompatible_roles=True)
-
-def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 71, "Initiator Bootstrapping Key Hash attribute did not match")
-
-def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
-    run_dpp_proto_auth_resp_missing(dev, 71,
-                                    "Initiator Bootstrapping Key Hash attribute did not match",
-                                    incompatible_roles=True)
-
-def test_dpp_proto_auth_resp_no_r_proto_key(dev, apdev):
-    """DPP protocol testing - no R-Proto Key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 19, "Missing required Responder Protocol Key attribute")
-
-def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
-    """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
-
-def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
-    """DPP protocol testing - no R-nonce in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 20, "Missing or invalid R-nonce")
-
-def test_dpp_proto_auth_resp_no_i_nonce(dev, apdev):
-    """DPP protocol testing - no I-nonce in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce")
-
-def test_dpp_proto_auth_resp_status_no_i_nonce(dev, apdev):
-    """DPP protocol testing - no I-nonce in Auth Resp(status)"""
-    run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce",
-                                    incompatible_roles=True)
-
-def test_dpp_proto_auth_resp_no_r_capab(dev, apdev):
-    """DPP protocol testing - no R-capab in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 22, "Missing or invalid R-capabilities")
-
-def test_dpp_proto_auth_resp_no_r_auth(dev, apdev):
-    """DPP protocol testing - no R-auth in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 23, "Missing or invalid Secondary Wrapped Data")
-
-def test_dpp_proto_auth_resp_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 24, "Missing or invalid required Wrapped Data attribute")
-
-def test_dpp_proto_auth_resp_i_nonce_mismatch(dev, apdev):
-    """DPP protocol testing - I-nonce mismatch in Auth Resp"""
-    run_dpp_proto_init(dev, 0, 30, mutual=True)
-    wait_dpp_fail(dev[1], "I-nonce mismatch")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=1)
-    if ev is None or "type=0" not in ev:
-        raise Exception("DPP Authentication Request not seen")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected DPP message seen")
-
-def test_dpp_proto_auth_resp_incompatible_r_capab(dev, apdev):
-    """DPP protocol testing - Incompatible R-capab in Auth Resp"""
-    run_dpp_proto_init(dev, 0, 31, mutual=True)
-    wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x02")
-    wait_dpp_fail(dev[0], "Peer reported incompatible R-capab role")
-
-def test_dpp_proto_auth_resp_r_auth_mismatch(dev, apdev):
-    """DPP protocol testing - R-auth mismatch in Auth Resp"""
-    run_dpp_proto_init(dev, 0, 32, mutual=True)
-    wait_dpp_fail(dev[1], "Mismatching Responder Authenticating Tag")
-    wait_dpp_fail(dev[0], "Peer reported authentication failure")
-
-def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev, apdev):
-    """DPP protocol testing - Auth Conf RX processing failure"""
-    with alloc_fail(dev[0], 1, "dpp_auth_conf_rx_failure"):
-        run_dpp_proto_init(dev, 0, 32, mutual=True)
-        wait_dpp_fail(dev[0], "Authentication failed")
-
-def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev, apdev):
-    """DPP protocol testing - Auth Conf RX processing failure 2"""
-    with fail_test(dev[0], 1, "dpp_auth_conf_rx_failure"):
-        run_dpp_proto_init(dev, 0, 32, mutual=True)
-        wait_dpp_fail(dev[0], "AES-SIV decryption failed")
-
-def run_dpp_proto_auth_conf_missing(dev, test, reason):
-    run_dpp_proto_init(dev, 1, test, mutual=True)
-    if reason is None:
-        time.sleep(0.1)
-        return
-    wait_dpp_fail(dev[0], reason)
-
-def test_dpp_proto_auth_conf_no_status(dev, apdev):
-    """DPP protocol testing - no Status in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 25, "Missing or invalid required DPP Status attribute")
-
-def test_dpp_proto_auth_conf_invalid_status(dev, apdev):
-    """DPP protocol testing - invalid Status in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 75, "Authentication failed")
-
-def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no R-bootstrap key in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
-
-def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 72, "Responder Bootstrapping Key Hash mismatch")
-
-def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no I-bootstrap key in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 27, "Missing Initiator Bootstrapping Key Hash attribute")
-
-def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 73, "Initiator Bootstrapping Key Hash mismatch")
-
-def test_dpp_proto_auth_conf_no_i_auth(dev, apdev):
-    """DPP protocol testing - no I-Auth in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 28, "Missing or invalid Initiator Authenticating Tag")
-
-def test_dpp_proto_auth_conf_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in Auth Conf"""
-    run_dpp_proto_auth_conf_missing(dev, 29, "Missing or invalid required Wrapped Data attribute")
-
-def test_dpp_proto_auth_conf_i_auth_mismatch(dev, apdev):
-    """DPP protocol testing - I-auth mismatch in Auth Conf"""
-    run_dpp_proto_init(dev, 1, 33, mutual=True)
-    wait_dpp_fail(dev[0], "Mismatching Initiator Authenticating Tag")
-
-def test_dpp_proto_auth_conf_replaced_by_resp(dev, apdev):
-    """DPP protocol testing - Auth Conf replaced by Resp"""
-    run_dpp_proto_init(dev, 1, 65, mutual=True)
-    wait_dpp_fail(dev[0], "Unexpected Authentication Response")
-
-def run_dpp_proto_conf_req_missing(dev, test, reason):
-    run_dpp_proto_init(dev, 0, test)
-    wait_dpp_fail(dev[1], reason)
-
-def test_dpp_proto_conf_req_no_e_nonce(dev, apdev):
-    """DPP protocol testing - no E-nonce in Conf Req"""
-    run_dpp_proto_conf_req_missing(dev, 51,
-                                   "Missing or invalid Enrollee Nonce attribute")
-
-def test_dpp_proto_conf_req_invalid_e_nonce(dev, apdev):
-    """DPP protocol testing - invalid E-nonce in Conf Req"""
-    run_dpp_proto_conf_req_missing(dev, 83,
-                                   "Missing or invalid Enrollee Nonce attribute")
-
-def test_dpp_proto_conf_req_no_config_attr_obj(dev, apdev):
-    """DPP protocol testing - no Config Attr Obj in Conf Req"""
-    run_dpp_proto_conf_req_missing(dev, 52,
-                                   "Missing or invalid Config Attributes attribute")
-
-def test_dpp_proto_conf_req_invalid_config_attr_obj(dev, apdev):
-    """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
-    run_dpp_proto_conf_req_missing(dev, 76,
-                                   "Unsupported wi-fi_tech")
-
-def test_dpp_proto_conf_req_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in Conf Req"""
-    run_dpp_proto_conf_req_missing(dev, 53,
-                                   "Missing or invalid required Wrapped Data attribute")
-
-def run_dpp_proto_conf_resp_missing(dev, test, reason):
-    run_dpp_proto_init(dev, 1, test)
-    wait_dpp_fail(dev[0], reason)
-
-def test_dpp_proto_conf_resp_no_e_nonce(dev, apdev):
-    """DPP protocol testing - no E-nonce in Conf Resp"""
-    run_dpp_proto_conf_resp_missing(dev, 54,
-                                    "Missing or invalid Enrollee Nonce attribute")
-
-def test_dpp_proto_conf_resp_no_config_obj(dev, apdev):
-    """DPP protocol testing - no Config Object in Conf Resp"""
-    run_dpp_proto_conf_resp_missing(dev, 55,
-                                    "Missing required Configuration Object attribute")
-
-def test_dpp_proto_conf_resp_no_status(dev, apdev):
-    """DPP protocol testing - no Status in Conf Resp"""
-    run_dpp_proto_conf_resp_missing(dev, 56,
-                                    "Missing or invalid required DPP Status attribute")
-
-def test_dpp_proto_conf_resp_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in Conf Resp"""
-    run_dpp_proto_conf_resp_missing(dev, 57,
-                                    "Missing or invalid required Wrapped Data attribute")
-
-def test_dpp_proto_conf_resp_invalid_status(dev, apdev):
-    """DPP protocol testing - invalid Status in Conf Resp"""
-    run_dpp_proto_conf_resp_missing(dev, 58,
-                                    "Configurator rejected configuration")
-
-def test_dpp_proto_conf_resp_e_nonce_mismatch(dev, apdev):
-    """DPP protocol testing - E-nonce mismatch in Conf Resp"""
-    run_dpp_proto_conf_resp_missing(dev, 59,
-                                    "Enrollee Nonce mismatch")
-
-def test_dpp_proto_stop_at_auth_req(dev, apdev):
-    """DPP protocol testing - stop when receiving Auth Req"""
-    run_dpp_proto_init(dev, 0, 87)
-    ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("Authentication init failure not reported")
-
-def test_dpp_proto_stop_at_auth_resp(dev, apdev):
-    """DPP protocol testing - stop when receiving Auth Resp"""
-    uri0, role, configurator, conf, own = run_dpp_proto_init(dev, 1, 88)
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("Auth Req TX not seen")
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("Auth Resp TX not seen")
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected Auth Conf TX")
-
-    ev = dev[0].wait_event(["DPP-FAIL"], timeout=2)
-    if ev is None or "No Auth Confirm received" not in ev:
-        raise Exception("DPP-FAIL for missing Auth Confirm not reported")
-    time.sleep(0.1)
-
-    # Try again without special testing behavior to confirm Responder is able
-    # to accept a new provisioning attempt.
-    dev[1].set("dpp_test", "0")
-    dev[1].dpp_auth_init(uri=uri0, role=role, configurator=configurator,
-                         conf=conf, own=own)
-    wait_auth_success(dev[0], dev[1])
-
-def test_dpp_proto_stop_at_auth_conf(dev, apdev):
-    """DPP protocol testing - stop when receiving Auth Conf"""
-    run_dpp_proto_init(dev, 0, 89, init_enrollee=True)
-    ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee did not start GAS")
-    ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee did not time out GAS")
-    if "result=TIMEOUT" not in ev:
-        raise Exception("Unexpected GAS result: " + ev)
-
-def test_dpp_proto_stop_at_auth_conf_tx(dev, apdev):
-    """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
-    run_dpp_proto_init(dev, 1, 89, init_enrollee=True)
-    wait_auth_success(dev[0], dev[1], timeout=10)
-    ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected GAS query")
-
-    # There is currently no timeout on GAS server side, so no event to wait for
-    # in this case.
-
-def test_dpp_proto_stop_at_auth_conf_tx2(dev, apdev):
-    """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
-    run_dpp_proto_init(dev, 1, 89)
-    wait_auth_success(dev[0], dev[1], timeout=10)
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-    if ev is None or "result=TIMEOUT" not in ev:
-        raise Exception("GAS query did not time out")
-
-def test_dpp_proto_stop_at_conf_req(dev, apdev):
-    """DPP protocol testing - stop when receiving Auth Req"""
-    run_dpp_proto_init(dev, 1, 90)
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee did not start GAS")
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("Enrollee did not time out GAS")
-    if "result=TIMEOUT" not in ev:
-        raise Exception("Unexpected GAS result: " + ev)
-
-def run_dpp_proto_init_pkex(dev, test_dev, test):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[test_dev].set("dpp_test", str(test))
-    dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
-    dev[1].dpp_pkex_init(identifier="test", code="secret")
-
-def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
-    run_dpp_proto_init_pkex(dev, 1, 4)
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "type=7" not in ev:
-        raise Exception("PKEX Exchange Request not seen")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "type=9" not in ev:
-        raise Exception("PKEX Commit-Reveal Request not seen")
-    if "ignore=invalid-attributes" not in ev:
-        raise Exception("Unexpected RX info: " + ev)
-
-def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev, apdev):
-    """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
-    run_dpp_proto_init_pkex(dev, 0, 5)
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "type=8" not in ev:
-        raise Exception("PKEX Exchange Response not seen")
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "type=10" not in ev:
-        raise Exception("PKEX Commit-Reveal Response not seen")
-    if "ignore=invalid-attributes" not in ev:
-        raise Exception("Unexpected RX info: " + ev)
-
-def run_dpp_proto_pkex_req_missing(dev, test, reason):
-    run_dpp_proto_init_pkex(dev, 1, test)
-    wait_dpp_fail(dev[0], reason)
-
-def run_dpp_proto_pkex_resp_missing(dev, test, reason):
-    run_dpp_proto_init_pkex(dev, 0, test)
-    wait_dpp_fail(dev[1], reason)
-
-def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev, apdev):
-    """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
-    run_dpp_proto_pkex_req_missing(dev, 34,
-                                   "Missing or invalid Finite Cyclic Group attribute")
-
-def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev, apdev):
-    """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
-    run_dpp_proto_pkex_req_missing(dev, 35,
-                                   "Missing Encrypted Key attribute")
-
-def test_dpp_proto_pkex_exchange_resp_no_status(dev, apdev):
-    """DPP protocol testing - no Status in PKEX Exchange Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 36, "No DPP Status attribute")
-
-def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev, apdev):
-    """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 37, "Missing Encrypted Key attribute")
-
-def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
-    run_dpp_proto_pkex_req_missing(dev, 38,
-                                   "No valid peer bootstrapping key found")
-
-def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev, apdev):
-    """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
-    run_dpp_proto_pkex_req_missing(dev, 39, "No valid u (I-Auth tag) found")
-
-def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
-    run_dpp_proto_pkex_req_missing(dev, 40, "Missing or invalid required Wrapped Data attribute")
-
-def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev, apdev):
-    """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 41,
-                                   "No valid peer bootstrapping key found")
-
-def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev, apdev):
-    """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 42, "No valid v (R-Auth tag) found")
-
-def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev, apdev):
-    """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 43, "Missing or invalid required Wrapped Data attribute")
-
-def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev, apdev):
-    """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
-    run_dpp_proto_pkex_req_missing(dev, 44,
-                                   "Invalid Encrypted Key value")
-
-def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev, apdev):
-    """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 45,
-                                    "Invalid Encrypted Key value")
-
-def test_dpp_proto_pkex_exchange_resp_invalid_status(dev, apdev):
-    """DPP protocol testing - invalid Status in PKEX Exchange Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 46,
-                                    "PKEX failed (peer indicated failure)")
-
-def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
-    run_dpp_proto_pkex_req_missing(dev, 47,
-                                   "Peer bootstrapping key is invalid")
-
-def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev):
-    """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 48,
-                                    "Peer bootstrapping key is invalid")
-
-def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev, apdev):
-    """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
-    run_dpp_proto_pkex_req_missing(dev, 49, "No valid u (I-Auth tag) found")
-
-def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev, apdev):
-    """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
-    run_dpp_proto_pkex_resp_missing(dev, 50, "No valid v (R-Auth tag) found")
-
-def test_dpp_proto_stop_at_pkex_exchange_resp(dev, apdev):
-    """DPP protocol testing - stop when receiving PKEX Exchange Response"""
-    run_dpp_proto_init_pkex(dev, 1, 84)
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX Exchange Req TX not seen")
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX Exchange Resp not seen")
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected PKEX CR Req TX")
-
-def test_dpp_proto_stop_at_pkex_cr_req(dev, apdev):
-    """DPP protocol testing - stop when receiving PKEX CR Request"""
-    run_dpp_proto_init_pkex(dev, 0, 85)
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX Exchange Req TX not seen")
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX Exchange Resp not seen")
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX CR Req TX not seen")
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected PKEX CR Resp TX")
-
-def test_dpp_proto_stop_at_pkex_cr_resp(dev, apdev):
-    """DPP protocol testing - stop when receiving PKEX CR Response"""
-    run_dpp_proto_init_pkex(dev, 1, 86)
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX Exchange Req TX not seen")
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX Exchange Resp not seen")
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX CR Req TX not seen")
-
-    ev = dev[0].wait_event(["DPP-TX "], timeout=5)
-    if ev is None:
-        raise Exception("PKEX CR Resp TX not seen")
-
-    ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected Auth Req TX")
-
-def test_dpp_proto_network_introduction(dev, apdev):
-    """DPP protocol testing - network introduction"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = {"ssid": "dpp",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": params1_ap_connector,
-              "dpp_csign": params1_csign,
-              "dpp_netaccesskey": params1_ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    for test in [60, 61, 80, 82]:
-        dev[0].set("dpp_test", str(test))
-        dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
-                       dpp_csign=params1_csign,
-                       dpp_connector=params1_sta_connector,
-                       dpp_netaccesskey=params1_sta_netaccesskey,
-                       wait_connect=False)
-
-        ev = dev[0].wait_event(["DPP-TX "], timeout=10)
-        if ev is None or "type=5" not in ev:
-            raise Exception("Peer Discovery Request TX not reported")
-        ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=2)
-        if ev is None or "result=SUCCESS" not in ev:
-            raise Exception("Peer Discovery Request TX status not reported")
-
-        ev = hapd.wait_event(["DPP-RX"], timeout=10)
-        if ev is None or "type=5" not in ev:
-            raise Exception("Peer Discovery Request RX not reported")
-
-        if test == 80:
-            ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
-            if ev is None:
-                raise Exception("DPP-INTRO not reported for test 80")
-            if "status=7" not in ev:
-                raise Exception("Unexpected result in test 80: " + ev)
-
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-    dev[0].set("dpp_test", "0")
-
-    for test in [62, 63, 64, 77, 78, 79]:
-        hapd.set("dpp_test", str(test))
-        dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
-                       dpp_csign=params1_csign,
-                       dpp_connector=params1_sta_connector,
-                       dpp_netaccesskey=params1_sta_netaccesskey,
-                       wait_connect=False)
-
-        ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
-        if ev is None:
-            raise Exception("Peer introduction result not reported (test %d)" % test)
-        if test == 77:
-            if "fail=transaction_id_mismatch" not in ev:
-                raise Exception("Connector validation failure not reported")
-        elif test == 78:
-            if "status=254" not in ev:
-                raise Exception("Invalid status value not reported")
-        elif test == 79:
-            if "fail=peer_connector_validation_failed" not in ev:
-                raise Exception("Connector validation failure not reported")
-        elif "status=" in ev:
-            raise Exception("Unexpected peer introduction result (test %d): " % test + ev)
-
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-    hapd.set("dpp_test", "0")
-
-    dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
-                   dpp_csign=params1_csign, dpp_connector=params1_sta_connector,
-                   dpp_netaccesskey=params1_sta_netaccesskey)
-
-def test_dpp_hostapd_auth_conf_timeout(dev, apdev):
-    """DPP Authentication Confirm timeout in hostapd"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    hapd.dpp_listen(2412)
-    dev[0].set("dpp_test", "88")
-    dev[0].dpp_auth_init(uri=uri_h)
-    ev = hapd.wait_event(["DPP-FAIL"], timeout=10)
-    if ev is None:
-        raise Exception("DPP-FAIL not reported")
-    if "No Auth Confirm received" not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-def test_dpp_hostapd_auth_resp_retries(dev, apdev):
-    """DPP Authentication Response retries in hostapd"""
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-
-    hapd.set("dpp_resp_max_tries", "3")
-    hapd.set("dpp_resp_retry_time", "100")
-
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0b = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b)
-    hapd.dpp_listen(2412, qr="mutual")
-    dev[0].dpp_auth_init(uri=uri_h, own=id0b)
-
-    ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-    if ev is None:
-        raise Exception("Pending response not reported")
-    ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-    if ev is None:
-        raise Exception("QR Code scan for mutual authentication not requested")
-
-    # Stop Initiator from listening to frames to force retransmission of the
-    # DPP Authentication Response frame with Status=0
-    dev[0].request("DPP_STOP_LISTEN")
-
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-    id0b = hapd.dpp_qr_code(uri0b)
-
-    ev = hapd.wait_event(["DPP-TX "], timeout=5)
-    if ev is None or "type=1" not in ev:
-        raise Exception("DPP Authentication Response not sent")
-    ev = hapd.wait_event(["DPP-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("TX status for DPP Authentication Response not reported")
-    if "result=FAILED" not in ev:
-        raise Exception("Unexpected TX status for Authentication Response: " + ev)
-
-    ev = hapd.wait_event(["DPP-TX "], timeout=15)
-    if ev is None or "type=1" not in ev:
-        raise Exception("DPP Authentication Response retransmission not sent")
-
-def test_dpp_qr_code_no_chan_list_unicast(dev, apdev):
-    """DPP QR Code and no channel list (unicast)"""
-    run_dpp_qr_code_chan_list(dev, apdev, True, 2417, None)
-
-def test_dpp_qr_code_chan_list_unicast(dev, apdev):
-    """DPP QR Code and 2.4 GHz channels (unicast)"""
-    run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
-                              "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
-
-def test_dpp_qr_code_chan_list_unicast2(dev, apdev):
-    """DPP QR Code and 2.4 GHz channels (unicast 2)"""
-    run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
-                              "81/1,2,3,4,5,6,7,8,9,10,11,12,13")
-
-def test_dpp_qr_code_chan_list_no_peer_unicast(dev, apdev):
-    """DPP QR Code and channel list and no peer (unicast)"""
-    run_dpp_qr_code_chan_list(dev, apdev, True, 2417, "81/1,81/6,81/11",
-                              no_wait=True)
-    ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("Initiation failure not reported")
-
-def test_dpp_qr_code_no_chan_list_broadcast(dev, apdev):
-    """DPP QR Code and no channel list (broadcast)"""
-    run_dpp_qr_code_chan_list(dev, apdev, False, 2412, None)
-
-def test_dpp_qr_code_chan_list_broadcast(dev, apdev):
-    """DPP QR Code and some 2.4 GHz channels (broadcast)"""
-    run_dpp_qr_code_chan_list(dev, apdev, False, 2412, "81/1,81/6,81/11",
-                              timeout=10)
-
-def run_dpp_qr_code_chan_list(dev, apdev, unicast, listen_freq, chanlist,
-                              no_wait=False, timeout=5):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[1].set("dpp_init_max_tries", "3")
-    dev[1].set("dpp_init_retry_time", "100")
-    dev[1].set("dpp_resp_wait_time", "1000")
-
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan=chanlist, mac=unicast)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(listen_freq)
-    dev[1].dpp_auth_init(uri=uri0)
-    if no_wait:
-        return
-    wait_auth_success(dev[0], dev[1], timeout=timeout, configurator=dev[1],
-                      enrollee=dev[0], allow_enrollee_failure=True,
-                      stop_responder=True)
-
-def test_dpp_qr_code_chan_list_no_match(dev, apdev):
-    """DPP QR Code and no matching supported channel"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id0 = dev[0].dpp_bootstrap_gen(chan="123/123")
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[1].dpp_auth_init(uri=uri0, expect_fail=True)
-
-def test_dpp_pkex_alloc_fail(dev, apdev):
-    """DPP/PKEX and memory allocation failures"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    tests = [(1, "=dpp_keygen_configurator"),
-             (1, "base64_gen_encode;dpp_keygen_configurator")]
-    for count, func in tests:
-        with alloc_fail(dev[1], count, func):
-            cmd = "DPP_CONFIGURATOR_ADD"
-            res = dev[1].request(cmd)
-            if "FAIL" not in res:
-                raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
-
-    conf_id = dev[1].dpp_configurator_add()
-
-    id0 = None
-    id1 = None
-
-    # Local error cases on the Initiator
-    tests = [(1, "crypto_ec_key_get_pubkey_point"),
-             (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
-             (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
-             (1, "dpp_alloc_msg;dpp_auth_build_req"),
-             (1, "dpp_alloc_msg;dpp_auth_build_conf"),
-             (1, "dpp_bootstrap_key_hash"),
-             (1, "dpp_auth_init"),
-             (1, "dpp_alloc_auth"),
-             (1, "=dpp_auth_resp_rx"),
-             (1, "dpp_build_conf_start"),
-             (1, "dpp_build_conf_obj_dpp"),
-             (2, "dpp_build_conf_obj_dpp"),
-             (3, "dpp_build_conf_obj_dpp"),
-             (4, "dpp_build_conf_obj_dpp"),
-             (5, "dpp_build_conf_obj_dpp"),
-             (6, "dpp_build_conf_obj_dpp"),
-             (7, "dpp_build_conf_obj_dpp"),
-             (8, "dpp_build_conf_obj_dpp"),
-             (1, "dpp_conf_req_rx"),
-             (2, "dpp_conf_req_rx"),
-             (3, "dpp_conf_req_rx"),
-             (4, "dpp_conf_req_rx"),
-             (5, "dpp_conf_req_rx"),
-             (6, "dpp_conf_req_rx"),
-             (7, "dpp_conf_req_rx"),
-             (1, "dpp_pkex_init"),
-             (2, "dpp_pkex_init"),
-             (3, "dpp_pkex_init"),
-             (1, "dpp_pkex_derive_z"),
-             (1, "=dpp_pkex_rx_commit_reveal_resp"),
-             (1, "crypto_ec_key_get_pubkey_point;dpp_build_jwk"),
-             (2, "crypto_ec_key_get_pubkey_point;dpp_build_jwk"),
-             (1, "crypto_ec_key_get_pubkey_point;dpp_auth_init")]
-    for count, func in tests:
-        dev[0].request("DPP_STOP_LISTEN")
-        dev[1].request("DPP_STOP_LISTEN")
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
-                                   use_id=id0)
-
-        with alloc_fail(dev[1], count, func):
-            id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
-                                       use_id=id1,
-                                       extra="conf=sta-dpp configurator=%d" % conf_id,
-                                       allow_fail=True)
-            wait_fail_trigger(dev[1], "GET_ALLOC_FAIL", max_iter=100)
-            ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
-            if ev:
-                dev[0].request("DPP_STOP_LISTEN")
-                dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
-
-    # Local error cases on the Responder
-    tests = [(1, "crypto_ec_key_get_pubkey_point"),
-             (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
-             (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
-             (1, "dpp_alloc_msg;dpp_auth_build_resp"),
-             (1, "crypto_ec_key_get_pubkey_point;dpp_auth_build_resp_ok"),
-             (1, "dpp_alloc_auth"),
-             (1, "=dpp_auth_req_rx"),
-             (1, "=dpp_auth_conf_rx"),
-             (1, "json_parse;dpp_parse_jws_prot_hdr"),
-             (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
-             (1, "json_get_member_base64url;dpp_parse_jwk"),
-             (2, "json_get_member_base64url;dpp_parse_jwk"),
-             (1, "json_parse;dpp_parse_connector"),
-             (1, "dpp_parse_jwk;dpp_parse_connector"),
-             (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
-             (1, "crypto_ec_key_get_pubkey_point;dpp_check_pubkey_match"),
-             (1, "base64_gen_decode;dpp_process_signed_connector"),
-             (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
-             (2, "base64_gen_decode;dpp_process_signed_connector"),
-             (3, "base64_gen_decode;dpp_process_signed_connector"),
-             (4, "base64_gen_decode;dpp_process_signed_connector"),
-             (1, "json_parse;dpp_parse_conf_obj"),
-             (1, "dpp_conf_resp_rx"),
-             (1, "=dpp_pkex_derive_z"),
-             (1, "=dpp_pkex_rx_exchange_req"),
-             (2, "=dpp_pkex_rx_exchange_req"),
-             (3, "=dpp_pkex_rx_exchange_req"),
-             (1, "=dpp_pkex_rx_commit_reveal_req"),
-             (1, "crypto_ec_key_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
-             (1, "dpp_bootstrap_key_hash")]
-    for count, func in tests:
-        dev[0].request("DPP_STOP_LISTEN")
-        dev[1].request("DPP_STOP_LISTEN")
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
-                                   use_id=id0)
-
-        with alloc_fail(dev[0], count, func):
-            id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
-                                       use_id=id1,
-                                       extra="conf=sta-dpp configurator=%d" % conf_id)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", max_iter=100)
-            ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
-            if ev:
-                dev[0].request("DPP_STOP_LISTEN")
-                dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
-
-def test_dpp_pkex_test_fail(dev, apdev):
-    """DPP/PKEX and local failures"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    tests = [(1, "dpp_keygen_configurator")]
-    for count, func in tests:
-        with fail_test(dev[1], count, func):
-            cmd = "DPP_CONFIGURATOR_ADD"
-            res = dev[1].request(cmd)
-            if "FAIL" not in res:
-                raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
-
-    tests = [(1, "dpp_keygen")]
-    for count, func in tests:
-        with fail_test(dev[1], count, func):
-            cmd = "DPP_BOOTSTRAP_GEN type=pkex"
-            res = dev[1].request(cmd)
-            if "FAIL" not in res:
-                raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
-
-    conf_id = dev[1].dpp_configurator_add()
-
-    id0 = None
-    id1 = None
-
-    # Local error cases on the Initiator
-    tests = [(1, "aes_siv_encrypt;dpp_auth_build_req"),
-             (1, "os_get_random;dpp_auth_init"),
-             (1, "dpp_derive_k1;dpp_auth_init"),
-             (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
-             (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
-             (1, "aes_siv_encrypt;dpp_auth_build_conf"),
-             (1, "dpp_derive_k2;dpp_auth_resp_rx"),
-             (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
-             (1, "dpp_derive_bk_ke;dpp_auth_resp_rx"),
-             (1, "dpp_hkdf_expand;dpp_derive_bk_ke;dpp_auth_resp_rx"),
-             (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
-             (1, "aes_siv_encrypt;dpp_build_conf_resp"),
-             (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
-             (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
-             (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
-             (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
-             (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
-             (1, "dpp_bootstrap_key_hash")]
-    for count, func in tests:
-        dev[0].request("DPP_STOP_LISTEN")
-        dev[1].request("DPP_STOP_LISTEN")
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
-                                   use_id=id0)
-
-        with fail_test(dev[1], count, func):
-            id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
-                                       use_id=id1,
-                                       extra="conf=sta-dpp configurator=%d" % conf_id,
-                                       allow_fail=True)
-            wait_fail_trigger(dev[1], "GET_FAIL", max_iter=100)
-            ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
-            if ev:
-                dev[0].request("DPP_STOP_LISTEN")
-                dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
-
-    # Local error cases on the Responder
-    tests = [(1, "aes_siv_encrypt;dpp_auth_build_resp"),
-             (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
-             (1, "os_get_random;dpp_build_conf_req"),
-             (1, "aes_siv_encrypt;dpp_build_conf_req"),
-             (1, "os_get_random;dpp_auth_build_resp_ok"),
-             (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
-             (1, "dpp_derive_bk_ke;dpp_auth_build_resp_ok"),
-             (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
-             (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
-             (1, "dpp_derive_k1;dpp_auth_req_rx"),
-             (1, "aes_siv_decrypt;dpp_auth_req_rx"),
-             (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
-             (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
-             (1, "dpp_check_pubkey_match"),
-             (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
-             (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
-             (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
-             (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
-             (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
-             (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
-             (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
-             (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req")]
-    for count, func in tests:
-        dev[0].request("DPP_STOP_LISTEN")
-        dev[1].request("DPP_STOP_LISTEN")
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
-                                   use_id=id0)
-
-        with fail_test(dev[0], count, func):
-            id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
-                                       use_id=id1,
-                                       extra="conf=sta-dpp configurator=%d" % conf_id)
-            wait_fail_trigger(dev[0], "GET_FAIL", max_iter=100)
-            ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
-            if ev:
-                dev[0].request("DPP_STOP_LISTEN")
-                dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
-
-def test_dpp_keygen_configurator_error(dev, apdev):
-    """DPP Configurator keygen error case"""
-    check_dpp_capab(dev[0])
-    if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
-        raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
-
-def rx_process_frame(dev):
-    msg = dev.mgmt_rx()
-    if msg is None:
-        raise Exception("No management frame RX reported")
-    if "OK" not in dev.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-        msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
-        raise Exception("MGMT_RX_PROCESS failed")
-    return msg
-
-def wait_auth_success(responder, initiator, configurator=None, enrollee=None,
-                      allow_enrollee_failure=False,
-                      allow_configurator_failure=False,
-                      require_configurator_failure=False,
-                      timeout=5, stop_responder=False, stop_initiator=False):
-    res = {}
-    ev = responder.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=timeout)
-    if ev is None or "DPP-AUTH-SUCCESS" not in ev:
-        raise Exception("DPP authentication did not succeed (Responder)")
-    ev = initiator.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=5)
-    if ev is None or "DPP-AUTH-SUCCESS" not in ev:
-        raise Exception("DPP authentication did not succeed (Initiator)")
-    if configurator:
-        ev = configurator.wait_event(["DPP-CONF-SENT",
-                                      "DPP-CONF-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("DPP configuration not completed (Configurator)")
-        if "DPP-CONF-FAILED" in ev and not allow_configurator_failure:
-            raise Exception("DPP configuration did not succeed (Configurator)")
-        if "DPP-CONF-SENT" in ev and require_configurator_failure:
-            raise Exception("DPP configuration succeeded (Configurator)")
-        if "DPP-CONF-SENT" in ev and "wait_conn_status=1" in ev:
-            res['wait_conn_status'] = True
-    if enrollee:
-        ev = enrollee.wait_event(["DPP-CONF-RECEIVED",
-                                  "DPP-CONF-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("DPP configuration not completed (Enrollee)")
-        if "DPP-CONF-FAILED" in ev and not allow_enrollee_failure:
-            raise Exception("DPP configuration did not succeed (Enrollee)")
-    if stop_responder:
-        responder.request("DPP_STOP_LISTEN")
-    if stop_initiator:
-        initiator.request("DPP_STOP_LISTEN")
-    return res
-
-def wait_conf_completion(configurator, enrollee):
-    ev = configurator.wait_event(["DPP-CONF-SENT"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    ev = enrollee.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
-                             timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-
-def start_dpp(dev):
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
-    dev[0].set("dpp_config_obj_override", conf)
-
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee")
-
-def test_dpp_gas_timeout_handling(dev, apdev):
-    """DPP and GAS timeout handling"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    start_dpp(dev)
-
-    # DPP Authentication Request
-    rx_process_frame(dev[0])
-
-    # DPP Authentication Confirmation
-    rx_process_frame(dev[0])
-
-    wait_auth_success(dev[0], dev[1])
-
-    # DPP Configuration Request (GAS Initial Request frame)
-    rx_process_frame(dev[0])
-
-    # DPP Configuration Request (GAS Comeback Request frame)
-    rx_process_frame(dev[0])
-
-    # Wait for GAS timeout
-    ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-
-def test_dpp_gas_comeback_after_failure(dev, apdev):
-    """DPP and GAS comeback after failure"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    start_dpp(dev)
-
-    # DPP Authentication Request
-    rx_process_frame(dev[0])
-
-    # DPP Authentication Confirmation
-    rx_process_frame(dev[0])
-
-    wait_auth_success(dev[0], dev[1])
-
-    # DPP Configuration Request (GAS Initial Request frame)
-    rx_process_frame(dev[0])
-
-    # DPP Configuration Request (GAS Comeback Request frame)
-    msg = dev[0].mgmt_rx()
-    frame = binascii.hexlify(msg['frame']).decode()
-    with alloc_fail(dev[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-            raise Exception("MGMT_RX_PROCESS failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    # Try the same frame again - this is expected to fail since the response has
-    # already been freed.
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # DPP Configuration Request (GAS Comeback Request frame retry)
-    msg = dev[0].mgmt_rx()
-
-def test_dpp_gas(dev, apdev):
-    """DPP and GAS protocol testing"""
-    ver0 = check_dpp_capab(dev[0])
-    ver1 = check_dpp_capab(dev[1])
-    start_dpp(dev)
-
-    # DPP Authentication Request
-    rx_process_frame(dev[0])
-
-    # DPP Authentication Confirmation
-    rx_process_frame(dev[0])
-
-    wait_auth_success(dev[0], dev[1])
-
-    # DPP Configuration Request (GAS Initial Request frame)
-    msg = dev[0].mgmt_rx()
-
-    # Protected Dual of GAS Initial Request frame (dropped by GAS server)
-    if msg == None:
-        raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
-    frame = binascii.hexlify(msg['frame'])
-    frame = frame[0:48] + b"09" + frame[50:]
-    frame = frame.decode()
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    with alloc_fail(dev[0], 1, "gas_server_send_resp"):
-        frame = binascii.hexlify(msg['frame']).decode()
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-            raise Exception("MGMT_RX_PROCESS failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
-        frame = binascii.hexlify(msg['frame']).decode()
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-            raise Exception("MGMT_RX_PROCESS failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    # Add extra data after Query Request field to trigger
-    # "GAS: Ignored extra data after Query Request field"
-    frame = binascii.hexlify(msg['frame']).decode() + "00"
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # DPP Configuration Request (GAS Comeback Request frame)
-    rx_process_frame(dev[0])
-
-    # DPP Configuration Request (GAS Comeback Request frame)
-    rx_process_frame(dev[0])
-
-    # DPP Configuration Request (GAS Comeback Request frame)
-    rx_process_frame(dev[0])
-
-    if ver0 >= 2 and ver1 >= 2:
-        # DPP Configuration Result
-        rx_process_frame(dev[0])
-
-    wait_conf_completion(dev[0], dev[1])
-
-def test_dpp_truncated_attr(dev, apdev):
-    """DPP and truncated attribute"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    start_dpp(dev)
-
-    # DPP Authentication Request
-    msg = dev[0].mgmt_rx()
-    frame = msg['frame']
-
-    # DPP: Truncated message - not enough room for the attribute - dropped
-    frame1 = binascii.hexlify(frame[0:36]).decode()
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame1)):
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "ignore=invalid-attributes" not in ev:
-        raise Exception("Invalid attribute error not reported")
-
-    # DPP: Unexpected octets (3) after the last attribute
-    frame2 = binascii.hexlify(frame).decode() + "000000"
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "ignore=invalid-attributes" not in ev:
-        raise Exception("Invalid attribute error not reported")
-
-def test_dpp_bootstrap_key_autogen_issues(dev, apdev):
-    """DPP bootstrap key autogen issues"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    logger.info("dev1 scans QR Code")
-    id1 = dev[1].dpp_qr_code(uri0)
-
-    logger.info("dev1 initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    with alloc_fail(dev[1], 1, "dpp_autogen_bootstrap_key"):
-        dev[1].dpp_auth_init(peer=id1, expect_fail=True)
-    with alloc_fail(dev[1], 1, "dpp_gen_uri;dpp_autogen_bootstrap_key"):
-        dev[1].dpp_auth_init(peer=id1, expect_fail=True)
-    with fail_test(dev[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
-        dev[1].dpp_auth_init(peer=id1, expect_fail=True)
-    dev[0].request("DPP_STOP_LISTEN")
-
-def test_dpp_auth_resp_status_failure(dev, apdev):
-    """DPP and Auth Resp(status) build failure"""
-    with alloc_fail(dev[0], 1, "dpp_auth_build_resp"):
-        run_dpp_proto_auth_resp_missing(dev, 99999, None,
-                                        incompatible_roles=True)
-
-def test_dpp_auth_resp_aes_siv_issue(dev, apdev):
-    """DPP Auth Resp AES-SIV issue"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    logger.info("dev0 displays QR Code")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("dev1 scans QR Code and initiates DPP Authentication")
-    dev[0].dpp_listen(2412)
-    with fail_test(dev[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
-        dev[1].dpp_auth_init(uri=uri0)
-        wait_dpp_fail(dev[1], "AES-SIV decryption failed")
-    dev[0].request("DPP_STOP_LISTEN")
-
-def test_dpp_invalid_legacy_params(dev, apdev):
-    """DPP invalid legacy parameters"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    # No pass/psk
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy",
-                         expect_fail=True)
-
-def test_dpp_invalid_legacy_params2(dev, apdev):
-    """DPP invalid legacy parameters 2"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("dpp_configurator_params",
-               " conf=sta-psk ssid=%s" % (binascii.hexlify(b"dpp-legacy").decode()))
-    dev[0].dpp_listen(2412, role="configurator")
-    dev[1].dpp_auth_init(uri=uri0, role="enrollee")
-    # No pass/psk
-    ev = dev[0].wait_event(["DPP: Failed to set configurator parameters"],
-                           timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration failure not reported")
-
-def test_dpp_legacy_params_failure(dev, apdev):
-    """DPP legacy parameters local failure"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    with alloc_fail(dev[1], 1, "dpp_build_conf_obj_legacy"):
-        dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", passphrase="passphrase",
-                             ssid="dpp-legacy")
-        ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("DPP configuration failure not reported")
-
-def test_dpp_invalid_configurator_key(dev, apdev):
-    """DPP invalid configurator key"""
-    check_dpp_capab(dev[0])
-
-    if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=aa"):
-        raise Exception("Invalid key accepted")
-
-    with alloc_fail(dev[0], 1, "dpp_keygen_configurator"):
-        if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
-            raise Exception("Error not reported")
-
-    with alloc_fail(dev[0], 1,
-                    "crypto_ec_key_get_pubkey_point;dpp_keygen_configurator"):
-        if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
-            raise Exception("Error not reported")
-
-    with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
-        if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
-            raise Exception("Error not reported")
-
-    with fail_test(dev[0], 1, "dpp_keygen_configurator"):
-        if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
-            raise Exception("Error not reported")
-
-def test_dpp_own_config_sign_fail(dev, apdev):
-    """DPP own config signing failure"""
-    check_dpp_capab(dev[0])
-    conf_id = dev[0].dpp_configurator_add()
-    tests = ["",
-             " ",
-             " conf=sta-dpp",
-             " configurator=%d" % conf_id,
-             " conf=sta-dpp configurator=%d curve=unsupported" % conf_id]
-    for t in tests:
-        if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_SIGN " + t):
-            raise Exception("Invalid command accepted: " + t)
-
-def test_dpp_peer_intro_failures(dev, apdev):
-    """DPP peer introduction failures"""
-    try:
-        run_dpp_peer_intro_failures(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_peer_intro_failures(dev, apdev):
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-
-    conf_id = hapd.dpp_configurator_add(key=dpp_key_p256)
-    csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
-    if "FAIL" in csign or len(csign) == 0:
-        raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
-
-    conf_id2 = dev[0].dpp_configurator_add(key=csign)
-    csign2 = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2)
-
-    if csign != csign2:
-        raise Exception("Unexpected difference in configurator key")
-
-    cmd = "DPP_CONFIGURATOR_SIGN  conf=ap-dpp configurator=%d" % conf_id
-    res = hapd.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate own configuration")
-    update_hapd_config(hapd)
-
-    dev[0].set("dpp_config_processing", "1")
-    cmd = "DPP_CONFIGURATOR_SIGN  conf=sta-dpp configurator=%d" % conf_id
-    res = dev[0].request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate own configuration")
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id = ev.split(' ')[1]
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    tests = ["eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
-             "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
-             "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ"]
-    for t in tests:
-        dev[0].set_network_quoted(id, "dpp_connector", t)
-        dev[0].select_network(id, freq=2412)
-        ev = dev[0].wait_event(["DPP-INTRO"], timeout=5)
-        if ev is None or "status=8" not in ev:
-            raise Exception("Introduction failure not reported")
-        dev[0].request("DISCONNECT")
-        dev[0].dump_monitor()
-
-def test_dpp_peer_intro_local_failures(dev, apdev):
-    """DPP peer introduction local failures"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = {"ssid": "dpp",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": params1_ap_connector,
-              "dpp_csign": params1_csign,
-              "dpp_netaccesskey": params1_ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    tests = ["dpp_derive_pmk",
-             "dpp_hkdf_expand;dpp_derive_pmk",
-             "dpp_derive_pmkid"]
-    for func in tests:
-        with fail_test(dev[0], 1, func):
-            dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                           ieee80211w="2",
-                           dpp_csign=params1_csign,
-                           dpp_connector=params1_sta_connector,
-                           dpp_netaccesskey=params1_sta_netaccesskey,
-                           wait_connect=False)
-            ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
-            if ev is None or "fail=peer_connector_validation_failed" not in ev:
-                raise Exception("Introduction failure not reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    tests = [(1, "base64_gen_decode;dpp_peer_intro"),
-             (1, "json_parse;dpp_peer_intro"),
-             (50, "json_parse;dpp_peer_intro"),
-             (1, "=dpp_check_signed_connector;dpp_peer_intro"),
-             (1, "dpp_parse_jwk")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                           ieee80211w="2",
-                           dpp_csign=params1_csign,
-                           dpp_connector=params1_sta_connector,
-                           dpp_netaccesskey=params1_sta_netaccesskey,
-                           wait_connect=False)
-            ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
-            if ev is None or "fail=peer_connector_validation_failed" not in ev:
-                raise Exception("Introduction failure not reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    parts = params1_ap_connector.split('.')
-    for ap_connector in ['.'.join(parts[0:2]), '.'.join(parts[0:1])]:
-        hapd.set("dpp_connector", ap_connector)
-        dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                       ieee80211w="2",
-                       dpp_csign=params1_csign,
-                       dpp_connector=params1_sta_connector,
-                       dpp_netaccesskey=params1_sta_netaccesskey,
-                       wait_connect=False)
-        ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
-        if ev is None:
-            raise Exception("No TX status reported")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    hapd.set("dpp_netaccesskey", "00")
-    dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                   ieee80211w="2",
-                   dpp_csign=params1_csign,
-                   dpp_connector=params1_sta_connector,
-                   dpp_netaccesskey=params1_sta_netaccesskey,
-                   wait_connect=False)
-    ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
-    if ev is None:
-        raise Exception("No TX status reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    hapd.set("dpp_csign", "00")
-    dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                   ieee80211w="2",
-                   dpp_csign=params1_csign,
-                   dpp_connector=params1_sta_connector,
-                   dpp_netaccesskey=params1_sta_netaccesskey,
-                   wait_connect=False)
-    ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
-    if ev is None:
-        raise Exception("No TX status reported")
-    dev[0].request("REMOVE_NETWORK all")
-
-def run_dpp_configurator_id_unknown(dev):
-    check_dpp_capab(dev)
-    conf_id = dev.dpp_configurator_add()
-    if "FAIL" not in dev.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id + 1)):
-        raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
-
-    cmd = "DPP_CONFIGURATOR_SIGN  conf=sta-dpp configurator=%d" % (conf_id + 1)
-    if "FAIL" not in dev.request(cmd):
-        raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
-
-def test_dpp_configurator_id_unknown(dev, apdev):
-    """DPP and unknown configurator id"""
-    run_dpp_configurator_id_unknown(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    run_dpp_configurator_id_unknown(hapd)
-
-def run_dpp_bootstrap_gen_failures(dev):
-    check_dpp_capab(dev)
-
-    tests = ["type=unsupported",
-             "type=qrcode chan=-1",
-             "type=qrcode mac=a",
-             "type=qrcode key=qq",
-             "type=qrcode key=",
-             "type=qrcode info=abc\tdef"]
-    for t in tests:
-        if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN " + t):
-            raise Exception("Command accepted unexpectedly")
-
-    id = dev.dpp_bootstrap_gen()
-    uri = dev.request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    if not uri.startswith("DPP:"):
-        raise Exception("Could not get URI")
-    if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
-        raise Exception("Failure not reported")
-    info = dev.request("DPP_BOOTSTRAP_INFO %d" % id)
-    if not info.startswith("type=QRCODE"):
-        raise Exception("Could not get info")
-    if "FAIL" not in dev.request("DPP_BOOTSTRAP_REMOVE 0"):
-        raise Exception("Failure not reported")
-    if "FAIL" in dev.request("DPP_BOOTSTRAP_REMOVE *"):
-        raise Exception("Failed to remove bootstrap info")
-    if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI %d" % id):
-        raise Exception("Failure not reported")
-    if "FAIL" not in dev.request("DPP_BOOTSTRAP_INFO %d" % id):
-        raise Exception("Failure not reported")
-
-    func = "dpp_bootstrap_gen"
-    with alloc_fail(dev, 1, "=" + func):
-        if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
-            raise Exception("Command accepted unexpectedly")
-
-    with alloc_fail(dev, 1, "dpp_gen_uri;dpp_bootstrap_gen"):
-        if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
-            raise Exception("Command accepted unexpectedly")
-
-    with alloc_fail(dev, 1, "get_param"):
-        dev.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
-
-def test_dpp_bootstrap_gen_failures(dev, apdev):
-    """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
-    run_dpp_bootstrap_gen_failures(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    run_dpp_bootstrap_gen_failures(hapd)
-
-def test_dpp_listen_continue(dev, apdev):
-    """DPP and continue listen state"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    dev[0].dpp_listen(2412)
-    time.sleep(5.1)
-    dev[1].dpp_auth_init(uri=uri)
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
-                      allow_enrollee_failure=True, stop_responder=True,
-                      stop_initiator=True)
-
-def test_dpp_network_addition_failure(dev, apdev):
-    """DPP network addition failure"""
-    try:
-        run_dpp_network_addition_failure(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_network_addition_failure(dev, apdev):
-    check_dpp_capab(dev[0])
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].set("dpp_config_processing", "1")
-    cmd = "DPP_CONFIGURATOR_SIGN  conf=sta-dpp configurator=%d" % conf_id
-    tests = [(1, "=wpas_dpp_add_network"),
-             (2, "=wpas_dpp_add_network"),
-             (3, "=wpas_dpp_add_network"),
-             (4, "=wpas_dpp_add_network"),
-             (1, "wpa_config_add_network;wpas_dpp_add_network")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            res = dev[0].request(cmd)
-            if "OK" in res:
-                ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
-                if ev is None:
-                    raise Exception("Config object not processed")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].dump_monitor()
-
-    cmd = "DPP_CONFIGURATOR_SIGN  conf=sta-psk pass=%s configurator=%d" % (binascii.hexlify(b"passphrase").decode(), conf_id)
-    tests = [(1, "wpa_config_set_quoted;wpas_dpp_add_network")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            res = dev[0].request(cmd)
-            if "OK" in res:
-                ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
-                if ev is None:
-                    raise Exception("Config object not processed")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].dump_monitor()
-
-def test_dpp_two_initiators(dev, apdev):
-    """DPP and two initiators"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    check_dpp_capab(dev[2])
-    id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri)
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exeption("No DPP Authentication Request seen")
-    dev[2].dpp_auth_init(uri=uri)
-    wait_dpp_fail(dev[0],
-                  "DPP-FAIL Already in DPP authentication exchange - ignore new one")
-
-    ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
-    if ev is None:
-        raise Exception("DPP configuration result not seen (Enrollee)")
-    ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
-    if ev is None:
-        raise Exception("DPP configuration result not seen (Responder)")
-
-    dev[0].request("DPP_STOP_LISTEN")
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[2].request("DPP_STOP_LISTEN")
-
-def test_dpp_conf_file_update(dev, apdev, params):
-    """DPP provisioning updating wpa_supplicant configuration file"""
-    config = os.path.join(params['logdir'], 'dpp_conf_file_update.conf')
-    with open(config, "w") as f:
-        f.write("update_config=1\n")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", config=config)
-    check_dpp_capab(wpas)
-    wpas.set("dpp_config_processing", "1")
-    run_dpp_qr_code_auth_unicast([wpas, dev[1]], apdev, None,
-                                 init_extra="conf=sta-dpp",
-                                 require_conf_success=True,
-                                 configurator=True)
-    wpas.interface_remove("wlan5")
-
-    with open(config, "r") as f:
-        res = f.read()
-    for i in ["network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
-              "dpp_netaccesskey=", "dpp_csign="]:
-        if i not in res:
-            raise Exception("Configuration file missing '%s'" % i)
-
-    wpas.interface_add("wlan5", config=config)
-    if len(wpas.list_networks()) != 1:
-        raise Exception("Unexpected number of networks")
-
-def test_dpp_duplicated_auth_resp(dev, apdev):
-    """DPP and duplicated Authentication Response"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[1].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0)
-
-    # DPP Authentication Request
-    rx_process_frame(dev[0])
-
-    # DPP Authentication Response
-    msg = rx_process_frame(dev[1])
-    frame = binascii.hexlify(msg['frame']).decode()
-    # Duplicated frame
-    if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
-        raise Exception("MGMT_RX_PROCESS failed")
-    # Modified frame - nonzero status
-    if frame[2*32:2*37] != "0010010000":
-        raise Exception("Could not find Status attribute")
-    frame2 = frame[0:2*32] + "0010010001" + frame[2*37:]
-    if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
-        raise Exception("MGMT_RX_PROCESS failed")
-    frame2 = frame[0:2*32] + "00100100ff" + frame[2*37:]
-    if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # DPP Authentication Confirmation
-    rx_process_frame(dev[0])
-
-    wait_auth_success(dev[0], dev[1])
-
-    # DPP Configuration Request
-    rx_process_frame(dev[1])
-
-    # DPP Configuration Response
-    rx_process_frame(dev[0])
-
-    wait_conf_completion(dev[1], dev[0])
-
-def test_dpp_duplicated_auth_conf(dev, apdev):
-    """DPP and duplicated Authentication Confirmation"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].set("ext_mgmt_frame_handling", "1")
-    dev[1].set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0)
-
-    # DPP Authentication Request
-    rx_process_frame(dev[0])
-
-    # DPP Authentication Response
-    rx_process_frame(dev[1])
-
-    # DPP Authentication Confirmation
-    msg = rx_process_frame(dev[0])
-    # Duplicated frame
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    wait_auth_success(dev[0], dev[1])
-
-    # DPP Configuration Request
-    rx_process_frame(dev[1])
-
-    # DPP Configuration Response
-    rx_process_frame(dev[0])
-
-    wait_conf_completion(dev[1], dev[0])
-
-def test_dpp_enrollee_reject_config(dev, apdev):
-    """DPP and Enrollee rejecting Config Object"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    dev[0].set("dpp_test", "91")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-sae", ssid="dpp-legacy",
-                         passphrase="secret passphrase")
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=True)
-
-def test_dpp_enrollee_ap_reject_config(dev, apdev):
-    """DPP and Enrollee AP rejecting Config Object"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    hapd.set("dpp_test", "91")
-    conf_id = dev[0].dpp_configurator_add()
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=True)
-
-def test_dpp_legacy_and_dpp_akm(dev, apdev):
-    """DPP and provisoning DPP and legacy AKMs"""
-    try:
-        run_dpp_legacy_and_dpp_akm(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_legacy_and_dpp_akm(dev, apdev):
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-
-    csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
-    csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
-    ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
-    ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
-
-    ssid = "dpp-both"
-    passphrase = "secret passphrase"
-    params = {"ssid": ssid,
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP WPA-PSK SAE",
-              "ieee80211w": "1",
-              "sae_require_mfp": '1',
-              "rsn_pairwise": "CCMP",
-              "wpa_passphrase": passphrase,
-              "dpp_connector": ap_connector,
-              "dpp_csign": csign_pub,
-              "dpp_netaccesskey": ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        raise HwsimSkip("DPP not supported")
-
-    dev[0].request("SET sae_groups ")
-    conf_id = dev[1].dpp_configurator_add(key=csign)
-    dev[0].set("dpp_config_processing", "1")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    dev[1].dpp_auth_init(uri=uri0, conf="sta-psk-sae-dpp", ssid=ssid,
-                         passphrase=passphrase, configurator=conf_id)
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=True)
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id0 = ev.split(' ')[1]
-
-    key_mgmt = dev[0].get_network(id0, "key_mgmt").split(' ')
-    for m in ["SAE", "WPA-PSK", "DPP"]:
-        if m not in key_mgmt:
-            raise Exception("%s missing from key_mgmt" % m)
-
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    dev[0].select_network(id0, freq=2412)
-    dev[0].wait_connected()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-
-    params = {"ssid": ssid,
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK SAE",
-              "ieee80211w": "1",
-              "sae_require_mfp": '1',
-              "rsn_pairwise": "CCMP",
-              "wpa_passphrase": passphrase}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].request("BSS_FLUSH 0")
-    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412, force_scan=True,
-                        only_new=True)
-    dev[0].select_network(id0, freq=2412)
-    dev[0].wait_connected()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_dpp_controller_relay(dev, apdev, params):
-    """DPP Controller/Relay"""
-    try:
-        run_dpp_controller_relay(dev, apdev, params)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_dpp_controller_relay_chirp(dev, apdev, params):
-    """DPP Controller/Relay with chirping"""
-    try:
-        run_dpp_controller_relay(dev, apdev, params, chirp=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def run_dpp_controller_relay(dev, apdev, params, chirp=False):
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-    prefix = "dpp_controller_relay"
-    if chirp:
-        prefix += "_chirp"
-    cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
-
-    wt = WlantestCapture('lo', cap_lo)
-
-    # Controller
-    conf_id = dev[1].dpp_configurator_add()
-    dev[1].set("dpp_configurator_params",
-               "conf=sta-dpp configurator=%d" % conf_id)
-    id_c = dev[1].dpp_bootstrap_gen()
-    uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
-    pkhash = None
-    for line in res.splitlines():
-        name, value = line.split('=')
-        if name == "pkhash":
-            pkhash = value
-            break
-    if not pkhash:
-        raise Exception("Could not fetch public key hash from Controller")
-    if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
-        raise Exception("Failed to start Controller")
-
-    # Relay
-    params = {"ssid": "unconfigured",
-              "channel": "6",
-              "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash}
-    if chirp:
-        params["channel"] = "11"
-        params["dpp_configurator_connectivity"] = "1"
-    relay = hostapd.add_ap(apdev[1], params)
-    check_dpp_capab(relay)
-
-    # Enroll Relay to the network
-    # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported
-    if chirp:
-        id_h = relay.dpp_bootstrap_gen(chan="81/11", mac=True)
-    else:
-        id_h = relay.dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri_r = relay.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    dev[1].dpp_auth_init(uri=uri_r, conf="ap-dpp", configurator=conf_id)
-    wait_auth_success(relay, dev[1], configurator=dev[1], enrollee=relay)
-    update_hapd_config(relay)
-
-    # Initiate from Enrollee with broadcast DPP Authentication Request or
-    # using chirping
-    dev[0].set("dpp_config_processing", "2")
-    if chirp:
-        id1 = dev[0].dpp_bootstrap_gen()
-        uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-        idc = dev[1].dpp_qr_code(uri)
-        dev[1].dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id)
-        if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=5" % id1):
-            raise Exception("DPP_CHIRP failed")
-        ev = relay.wait_event(["DPP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Presence Announcement not seen")
-        if "type=13" not in ev:
-            raise Exception("Unexpected DPP frame received: " + ev)
-    else:
-        dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
-    wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0],
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=True)
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network id not reported")
-    network = int(ev.split(' ')[1])
-    dev[0].wait_connected()
-    dev[0].dump_monitor()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    if "OK" not in dev[0].request("DPP_RECONFIG %s" % network):
-        raise Exception("Failed to start reconfiguration")
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=15)
-    if ev is None:
-        raise Exception("DPP network id not reported for reconfiguration")
-    network2 = int(ev.split(' ')[1])
-    if network == network2:
-        raise Exception("Network ID did not change")
-    dev[0].wait_connected()
-
-    time.sleep(0.5)
-    wt.close()
-
-class MyTCPServer(TCPServer):
-    def __init__(self, addr, handler):
-        self.allow_reuse_address = True
-        TCPServer.__init__(self, addr, handler)
-
-class DPPControllerServer(StreamRequestHandler):
-        def handle(self):
-            data = self.rfile.read()
-            # Do not reply
-
-def test_dpp_relay_incomplete_connections(dev, apdev):
-    """DPP Relay and incomplete connections"""
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-
-    id_c = dev[1].dpp_bootstrap_gen()
-    uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
-    pkhash = None
-    for line in res.splitlines():
-        name, value = line.split('=')
-        if name == "pkhash":
-            pkhash = value
-            break
-    if not pkhash:
-        raise Exception("Could not fetch public key hash from Controller")
-
-    params = {"ssid": "unconfigured",
-              "channel": "6",
-              "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash}
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_dpp_capab(hapd)
-
-    server = MyTCPServer(("127.0.0.1", 8908), DPPControllerServer)
-    server.timeout = 30
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
-    msg = hapd.mgmt_rx()
-    if msg is None:
-        raise Exception("MGMT RX wait timed out")
-    dev[0].request("DPP_STOP_LISTEN")
-    frame = msg['frame']
-    for i in range(20):
-        if i == 14:
-            time.sleep(20)
-        addr = struct.pack('6B', 0x02, 0, 0, 0, 0, i)
-        tmp = frame[0:10] + addr + frame[16:]
-        hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(tmp).decode())
-        ev = hapd.wait_event(["DPP-FAIL"], timeout=0.1)
-        if ev:
-            raise Exception("DPP relay failed [%d]: %s" % (i + 1, ev))
-
-    server.server_close()
-
-def test_dpp_tcp(dev, apdev, params):
-    """DPP over TCP"""
-    prefix = "dpp_tcp"
-    cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
-    try:
-        run_dpp_tcp(dev[0], dev[1], cap_lo)
-    finally:
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_dpp_tcp_port(dev, apdev, params):
-    """DPP over TCP and specified port"""
-    prefix = "dpp_tcp_port"
-    cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
-    try:
-        run_dpp_tcp(dev[0], dev[1], cap_lo, port="23456")
-    finally:
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_dpp_tcp_mutual(dev, apdev, params):
-    """DPP over TCP (mutual)"""
-    cap_lo = os.path.join(params['prefix'], ".lo.pcap")
-    try:
-        run_dpp_tcp(dev[0], dev[1], cap_lo, mutual=True)
-    finally:
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_dpp_tcp_mutual_hostapd_conf(dev, apdev, params):
-    """DPP over TCP (mutual, hostapd as Configurator)"""
-    cap_lo = os.path.join(params['prefix'], ".lo.pcap")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    run_dpp_tcp(dev[0], hapd, cap_lo, mutual=True)
-
-def run_dpp_tcp(dev0, dev1, cap_lo, port=None, mutual=False):
-    check_dpp_capab(dev0)
-    check_dpp_capab(dev1)
-
-    wt = WlantestCapture('lo', cap_lo)
-    time.sleep(1)
-
-    # Controller
-    conf_id = dev1.dpp_configurator_add()
-    dev1.set("dpp_configurator_params",
-             " conf=sta-dpp configurator=%d" % conf_id)
-    id_c = dev1.dpp_bootstrap_gen()
-    uri_c = dev1.request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    res = dev1.request("DPP_BOOTSTRAP_INFO %d" % id_c)
-    pkhash = None
-    for line in res.splitlines():
-        name, value = line.split('=')
-        if name == "pkhash":
-            pkhash = value
-            break
-    if not pkhash:
-        raise Exception("Could not fetch public key hash from Controller")
-    req = "DPP_CONTROLLER_START"
-    if port:
-        req += " tcp_port=" + port
-    if mutual:
-        req += " qr=mutual"
-        id0 = dev0.dpp_bootstrap_gen()
-        uri0 = dev0.request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-        own = id0
-    else:
-        own = None
-    if "OK" not in dev1.request(req):
-        raise Exception("Failed to start Controller")
-
-    # Initiate from Enrollee with broadcast DPP Authentication Request
-    dev0.dpp_auth_init(uri=uri_c, own=own, role="enrollee",
-                       tcp_addr="127.0.0.1", tcp_port=port)
-
-    if mutual:
-        ev = dev0.wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
-        if ev is None:
-            raise Exception("Pending response not reported")
-        ev = dev1.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
-        if ev is None:
-            raise Exception("QR Code scan for mutual authentication not requested")
-
-        id1 = dev1.dpp_qr_code(uri0)
-
-        ev = dev0.wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
-        if ev is None:
-            raise Exception("DPP authentication direction not indicated (Initiator)")
-        if "mutual=1" not in ev:
-            raise Exception("Mutual authentication not used")
-
-    wait_auth_success(dev1, dev0, configurator=dev1, enrollee=dev0,
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=True)
-    time.sleep(0.5)
-    wt.close()
-
-def test_dpp_tcp_conf_init(dev, apdev, params):
-    """DPP over TCP (Configurator initiates)"""
-    cap_lo = os.path.join(params['prefix'], ".lo.pcap")
-    try:
-        run_dpp_tcp_conf_init(dev[0], dev[1], cap_lo)
-    finally:
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_dpp_tcp_conf_init_hostapd_enrollee(dev, apdev, params):
-    """DPP over TCP (Configurator initiates, hostapd as Enrollee)"""
-    cap_lo = os.path.join(params['prefix'], ".lo.pcap")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    run_dpp_tcp_conf_init(dev[0], hapd, cap_lo, conf="ap-dpp")
-
-def run_dpp_tcp_conf_init(dev0, dev1, cap_lo, port=None, conf="sta-dpp"):
-    check_dpp_capab(dev0, min_ver=2)
-    check_dpp_capab(dev1, min_ver=2)
-
-    wt = WlantestCapture('lo', cap_lo)
-    time.sleep(1)
-
-    id_c = dev1.dpp_bootstrap_gen()
-    uri_c = dev1.request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    res = dev1.request("DPP_BOOTSTRAP_INFO %d" % id_c)
-    req = "DPP_CONTROLLER_START role=enrollee"
-    if port:
-        req += " tcp_port=" + port
-    if "OK" not in dev1.request(req):
-        raise Exception("Failed to start Controller")
-
-    conf_id = dev0.dpp_configurator_add()
-    dev0.dpp_auth_init(uri=uri_c, role="configurator", conf=conf,
-                       configurator=conf_id,
-                       tcp_addr="127.0.0.1", tcp_port=port)
-    wait_auth_success(dev1, dev0, configurator=dev0, enrollee=dev1,
-                      allow_enrollee_failure=True,
-                      allow_configurator_failure=True)
-    time.sleep(0.5)
-    wt.close()
-
-def test_dpp_tcp_controller_management_hostapd(dev, apdev, params):
-    """DPP Controller management in hostapd"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-    if "OK" not in hapd.request("DPP_CONTROLLER_START"):
-        raise Exception("Failed to start Controller")
-    if "FAIL" not in hapd.request("DPP_CONTROLLER_START"):
-        raise Exception("DPP_CONTROLLER_START succeeded while already running Controller")
-    hapd.request("DPP_CONTROLLER_STOP")
-    hapd.dpp_configurator_remove(conf_id)
-    if "FAIL" not in hapd.request("DPP_CONFIGURATOR_REMOVE %d" % conf_id):
-        raise Exception("Removal of unknown Configurator accepted")
-
-def test_dpp_tcp_controller_management_hostapd2(dev, apdev, params):
-    """DPP Controller management in hostapd over interface addition/removal"""
-    check_dpp_capab(dev[0], min_ver=2)
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd, min_ver=2)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd2, min_ver=2)
-    id_c = hapd.dpp_bootstrap_gen()
-    uri_c = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    if "OK" not in hapd.request("DPP_CONTROLLER_START role=enrollee"):
-        raise Exception("Failed to start Controller")
-
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_auth_init(uri=uri_c, role="configurator", conf="sta-dpp",
-                       configurator=conf_id, tcp_addr="127.0.0.1")
-    ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Authentication did not succeed")
-    ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Configuration did not succeed")
-
-    hapd_global = hostapd.HostapdGlobal(apdev)
-    hapd_global.remove(apdev[0]['ifname'])
-
-    dev[0].dpp_auth_init(uri=uri_c, role="configurator", conf="sta-dpp",
-                       configurator=conf_id, tcp_addr="127.0.0.1")
-    ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
-    if ev is not None:
-        raise Exception("Unexpected DPP Authentication success")
-
-def test_dpp_tcp_controller_start_failure(dev, apdev, params):
-    """DPP Controller startup failure"""
-    check_dpp_capab(dev[0])
-
-    try:
-        if "OK" not in dev[0].request("DPP_CONTROLLER_START"):
-            raise Exception("Could not start Controller")
-        if "OK" in dev[0].request("DPP_CONTROLLER_START"):
-            raise Exception("Second Controller start not rejected")
-    finally:
-        dev[0].request("DPP_CONTROLLER_STOP")
-
-    tests = ["dpp_controller_start",
-             "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_start"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            if "FAIL" not in dev[0].request("DPP_CONTROLLER_START"):
-                raise Exception("Failure not reported during OOM")
-
-def test_dpp_tcp_init_failure(dev, apdev, params):
-    """DPP TCP init failure"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    id_c = dev[1].dpp_bootstrap_gen()
-    uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    peer = dev[0].dpp_qr_code(uri_c)
-    tests = ["dpp_tcp_init",
-             "eloop_sock_table_add_sock;?eloop_register_sock;dpp_tcp_init",
-             "dpp_tcp_encaps"]
-    cmd = "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            if "FAIL" not in dev[0].request(cmd):
-                raise Exception("DPP_AUTH_INIT accepted during OOM")
-
-def test_dpp_controller_rx_failure(dev, apdev, params):
-    """DPP Controller RX failure"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    try:
-        run_dpp_controller_rx_failure(dev, apdev)
-    finally:
-        dev[0].request("DPP_CONTROLLER_STOP")
-
-def run_dpp_controller_rx_failure(dev, apdev):
-    if "OK" not in dev[0].request("DPP_CONTROLLER_START"):
-        raise Exception("Could not start Controller")
-    id_c = dev[0].dpp_bootstrap_gen()
-    uri_c = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    peer = dev[1].dpp_qr_code(uri_c)
-    tests = ["dpp_controller_tcp_cb",
-             "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_tcp_cb",
-             "dpp_controller_rx",
-             "dpp_controller_rx_auth_req",
-             "wpabuf_alloc;=dpp_tcp_send_msg;dpp_controller_rx_auth_req"]
-    cmd = "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            if "OK" not in dev[1].request(cmd):
-                raise Exception("Failed to initiate TCP connection")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_dpp_controller_rx_errors(dev, apdev, params):
-    """DPP Controller RX error cases"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    try:
-        run_dpp_controller_rx_errors(dev, apdev)
-    finally:
-        dev[0].request("DPP_CONTROLLER_STOP")
-
-def run_dpp_controller_rx_errors(dev, apdev):
-    if "OK" not in dev[0].request("DPP_CONTROLLER_START"):
-        raise Exception("Could not start Controller")
-
-    addr = ("127.0.0.1", 8908)
-
-    tests = [b"abc",
-             b"abcd",
-             b"\x00\x00\x00\x00",
-             b"\x00\x00\x00\x01",
-             b"\x00\x00\x00\x01\x09",
-             b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\xff\xff",
-             b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\xff",
-             b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\x00",
-             b"\x00\x00\x00\x08\x09\x50\x6f\x9a\x1a\x01\x00\xff",
-             b"\x00\x00\x00\x01\x0a",
-             b"\x00\x00\x00\x04\x0a\xff\xff\xff",
-             b"\x00\x00\x00\x01\x0b",
-             b"\x00\x00\x00\x08\x0b\xff\xff\xff\xff\xff\xff\xff",
-             b"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\xff\xff",
-             b"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\x6c\x00",
-             b"\x00\x00\x00\x0a\x0b\xff\x00\x00\xff\xff\x6c\x02\xff\xff",
-             b"\x00\x00\x00\x10\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01",
-             b"\x00\x00\x00\x12\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01\x00\x00",
-             b"\x00\x00\x00\x01\xff",
-             b"\x00\x00\x00\x01\xff\xee"]
-    #define WLAN_PA_GAS_INITIAL_REQ 10
-    #define WLAN_PA_GAS_INITIAL_RESP 11
-
-    for t in tests:
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                             socket.IPPROTO_TCP)
-        sock.settimeout(0.1)
-        sock.connect(addr)
-        sock.send(t)
-        sock.shutdown(1)
-        try:
-            sock.recv(10)
-        except socket.timeout:
-            pass
-        sock.close()
-
-def test_dpp_conn_status_success(dev, apdev):
-    """DPP connection status - success"""
-    try:
-        run_dpp_conn_status(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_conn_status_wrong_passphrase(dev, apdev):
-    """DPP connection status - wrong passphrase"""
-    try:
-        run_dpp_conn_status(dev, apdev, result=2)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_conn_status_no_ap(dev, apdev):
-    """DPP connection status - no AP"""
-    try:
-        run_dpp_conn_status(dev, apdev, result=10)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_conn_status_connector_mismatch(dev, apdev):
-    """DPP connection status - invalid Connector"""
-    try:
-        run_dpp_conn_status(dev, apdev, result=8)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_conn_status_assoc_reject(dev, apdev):
-    """DPP connection status - association rejection"""
-    try:
-        dev[0].request("TEST_ASSOC_IE 30020000")
-        run_dpp_conn_status(dev, apdev, assoc_reject=True)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_conn_status(dev, apdev, result=0, assoc_reject=False):
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-
-    if result != 10:
-        if result == 7 or result == 8:
-            params = {"ssid": "dpp-status",
-                      "wpa": "2",
-                      "wpa_key_mgmt": "DPP",
-                      "ieee80211w": "2",
-                      "rsn_pairwise": "CCMP",
-                      "dpp_connector": params1_ap_connector,
-                      "dpp_csign": params1_csign,
-                      "dpp_netaccesskey": params1_ap_netaccesskey}
-        else:
-            if result == 2:
-                passphrase = "wrong passphrase"
-            else:
-                passphrase = "secret passphrase"
-            params = hostapd.wpa2_params(ssid="dpp-status",
-                                         passphrase=passphrase)
-        try:
-            hapd = hostapd.add_ap(apdev[0], params)
-        except:
-            raise HwsimSkip("DPP not supported")
-
-    dev[0].request("SET sae_groups ")
-    dev[0].set("dpp_config_processing", "2")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    dev[0].dpp_listen(2412)
-    if result == 7 or result == 8:
-        conf = 'sta-dpp'
-        passphrase = None
-        configurator = dev[1].dpp_configurator_add()
-    else:
-        conf = 'sta-psk'
-        passphrase = "secret passphrase"
-        configurator = None
-    dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-status",
-                         passphrase=passphrase, configurator=configurator,
-                         conn_status=True)
-    res = wait_auth_success(dev[0], dev[1], configurator=dev[1],
-                            enrollee=dev[0])
-    if 'wait_conn_status' not in res:
-        raise Exception("Configurator did not request connection status")
-
-    if assoc_reject and result == 0:
-        result = 2
-    ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20)
-    if ev is None:
-        raise Exception("No connection status reported")
-    if "timeout" in ev:
-        raise Exception("Connection status result timeout")
-    if "result=%d" % result not in ev:
-        raise Exception("Unexpected connection status result: " + ev)
-    if "ssid=dpp-status" not in ev:
-        raise Exception("SSID not reported")
-
-    if result == 0:
-        dev[0].wait_connected()
-    if result == 10 and "channel_list=" not in ev:
-        raise Exception("Channel list not reported for no-AP")
-
-def test_dpp_conn_status_success_hostapd_configurator(dev, apdev):
-    """DPP connection status - success with hostapd as Configurator"""
-    try:
-        run_dpp_conn_status_hostapd_configurator(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_conn_status_hostapd_configurator(dev, apdev):
-    check_dpp_capab(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "1"})
-    check_dpp_capab(hapd)
-    conf_id = hapd.dpp_configurator_add()
-
-    cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
-    res = hapd.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate own configuration")
-    update_hapd_config(hapd)
-
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    id1 = hapd.dpp_qr_code(uri0)
-    res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1)
-    if "FAIL" in res:
-        raise Exception("DPP_BOOTSTRAP_INFO failed")
-    if "type=QRCODE" not in res:
-        raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
-    if "mac_addr=" + dev[0].own_addr() not in res:
-        raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
-    dev[0].set("dpp_config_processing", "2")
-    dev[0].dpp_listen(2412)
-    hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp",
-                       conn_status=True)
-    res = wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0])
-    if 'wait_conn_status' not in res:
-        raise Exception("Configurator did not request connection status")
-    ev = hapd.wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20)
-    if ev is None:
-        raise Exception("No connection status reported")
-    if "result=0" not in ev:
-        raise Exception("Unexpected connection status: " + ev)
-
-def test_dpp_mud_url(dev, apdev):
-    """DPP MUD URL"""
-    check_dpp_capab(dev[0])
-    try:
-        dev[0].set("dpp_name", "Test Enrollee")
-        dev[0].set("dpp_mud_url", "https://example.com/mud")
-        run_dpp_qr_code_auth_unicast(dev, apdev, None)
-    finally:
-        dev[0].set("dpp_mud_url", "")
-        dev[0].set("dpp_name", "Test")
-
-def test_dpp_mud_url_hostapd(dev, apdev):
-    """DPP MUD URL from hostapd"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    params = {"ssid": "unconfigured",
-              "dpp_name": "AP Enrollee",
-              "dpp_mud_url": "https://example.com/mud"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_dpp_capab(hapd)
-
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
-    update_hapd_config(hapd)
-
-def test_dpp_config_save(dev, apdev, params):
-    """DPP configuration saving"""
-    config = os.path.join(params['logdir'], 'dpp_config_save.conf')
-    run_dpp_config_save(dev, apdev, config, "test", '"test"')
-
-def test_dpp_config_save2(dev, apdev, params):
-    """DPP configuration saving (2)"""
-    config = os.path.join(params['logdir'], 'dpp_config_save2.conf')
-    run_dpp_config_save(dev, apdev, config, "\\u0001*", '012a')
-
-def test_dpp_config_save3(dev, apdev, params):
-    """DPP configuration saving (3)"""
-    config = os.path.join(params['logdir'], 'dpp_config_save3.conf')
-    run_dpp_config_save(dev, apdev, config, "\\u0001*\\u00c2\\u00bc\\u00c3\\u009e\\u00c3\\u00bf", '012ac2bcc39ec3bf')
-
-def run_dpp_config_save(dev, apdev, config, conf_ssid, exp_ssid):
-    check_dpp_capab(dev[1])
-    with open(config, "w") as f:
-        f.write("update_config=1\n" +
-                "dpp_config_processing=1\n")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", config=config)
-    check_dpp_capab(wpas)
-    conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"' + conf_ssid + '"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
-    dev[1].set("dpp_config_obj_override", conf)
-    dpp_dev = [wpas, dev[1]]
-    run_dpp_qr_code_auth_unicast(dpp_dev, apdev, "prime256v1",
-                                 require_conf_success=True)
-    if "OK" not in wpas.request("SAVE_CONFIG"):
-        raise Exception("Failed to save configuration file")
-    with open(config, "r") as f:
-        data = f.read()
-        logger.info("Saved configuration:\n" + data)
-        if 'ssid=' + exp_ssid + '\n' not in data:
-            raise Exception("SSID not saved")
-        if 'psk="secret passphrase"' not in data:
-            raise Exception("Passphtase not saved")
-
-def test_dpp_nfc_uri(dev, apdev):
-    """DPP bootstrapping via NFC URI record"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    id = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    logger.info("Generated URI: " + uri)
-    info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
-    logger.info("Bootstrapping info:\n" + info)
-    if "type=NFC-URI" not in info:
-        raise Exception("Unexpected bootstrapping info contents")
-
-    dev[0].dpp_listen(2412)
-    conf_id = dev[1].dpp_configurator_add()
-    dev[1].dpp_auth_init(nfc_uri=uri, configurator=conf_id, conf="sta-dpp")
-    wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
-
-def test_dpp_nfc_uri_hostapd(dev, apdev):
-    """DPP bootstrapping via NFC URI record (hostapd)"""
-    check_dpp_capab(dev[0])
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-
-    id = hapd.dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    logger.info("Generated URI: " + uri)
-    info = hapd.request("DPP_BOOTSTRAP_INFO %d" % id)
-    logger.info("Bootstrapping info:\n" + info)
-    if "type=NFC-URI" not in info:
-        raise Exception("Unexpected bootstrapping info contents")
-
-    hapd.dpp_listen(2412)
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_auth_init(nfc_uri=uri, configurator=conf_id, conf="ap-dpp")
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
-
-def test_dpp_nfc_uri_hostapd_tag_read(dev, apdev):
-    """DPP bootstrapping via NFC URI record (hostapd reading tag)"""
-    check_dpp_capab(dev[0])
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-
-    id = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    dev[0].dpp_listen(2412)
-
-    hapd.dpp_auth_init(nfc_uri=uri, role="enrollee")
-    wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd)
-
-def test_dpp_nfc_negotiated_handover(dev, apdev):
-    """DPP bootstrapping via NFC negotiated handover"""
-    run_dpp_nfc_negotiated_handover(dev)
-
-def test_dpp_nfc_negotiated_handover_diff_curve(dev, apdev):
-    """DPP bootstrapping via NFC negotiated handover (different curve)"""
-    run_dpp_nfc_negotiated_handover(dev, curve0="prime256v1",
-                                    curve1="secp384r1")
-
-def test_dpp_nfc_negotiated_handover_hostapd_sel(dev, apdev):
-    """DPP bootstrapping via NFC negotiated handover (hostapd as selector)"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    run_dpp_nfc_negotiated_handover([dev[0], hapd], conf="ap-dpp")
-
-def test_dpp_nfc_negotiated_handover_hostapd_req(dev, apdev):
-    """DPP bootstrapping via NFC negotiated handover (hostapd as requestor)"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-    run_dpp_nfc_negotiated_handover([hapd, dev[0]])
-
-def run_dpp_nfc_negotiated_handover(dev, curve0=None, curve1=None,
-                                    conf="sta-dpp"):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    id0 = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/6,11", mac=True,
-                                   curve=curve0)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    logger.info("Generated URI[0]: " + uri0)
-    id1 = dev[1].dpp_bootstrap_gen(type="nfc-uri", chan="81/1,6,11", mac=True,
-                                   curve=curve1)
-    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-    logger.info("Generated URI[1]: " + uri1)
-
-    # dev[0] acting as NFC Handover Requestor
-    # dev[1] acting as NFC Handover Selector
-    res = dev[1].request("DPP_NFC_HANDOVER_REQ own=%d uri=%s" % (id1, uri0))
-    if "FAIL" in res:
-        raise Exception("Failed to process NFC Handover Request")
-    info = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id1)
-    logger.info("Updated local bootstrapping info:\n" + info)
-    freq = None
-    for line in info.splitlines():
-        if line.startswith("use_freq="):
-            freq = int(line.split('=')[1])
-    if freq is None:
-        raise Exception("Selected channel not indicated")
-    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-    logger.info("Updated URI[1]: " + uri1)
-    dev[1].dpp_listen(freq)
-    res = dev[0].request("DPP_NFC_HANDOVER_SEL own=%d uri=%s" % (id0, uri1))
-    if "FAIL" in res:
-        raise Exception("Failed to process NFC Handover Select")
-    peer = int(res)
-
-    conf_id = dev[0].dpp_configurator_add()
-    dev[0].dpp_auth_init(peer=peer, own=id0, configurator=conf_id,
-                         conf=conf)
-    wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1])
-
-def test_dpp_nfc_errors_hostapd(dev, apdev):
-    """DPP NFC operation failures in hostapd"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    id0 = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/11", mac=True,
-                                   curve="secp384r1")
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "channel": "6"})
-    check_dpp_capab(hapd)
-
-    id_h = hapd.dpp_bootstrap_gen(type="nfc-uri", chan="81/6", mac=True)
-    uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-
-    tests = ["",
-             "own=123456789",
-             "own=%d" % id_h,
-             "own=%d uri=%s" % (id_h, "foo")]
-    for t in tests:
-        if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_REQ " + t):
-            raise Exception("Invalid DPP_NFC_HANDOVER_REQ accepted")
-        if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_SEL " + t):
-            raise Exception("Invalid DPP_NFC_HANDOVER_SEL accepted")
-
-    # DPP: Peer (NFC Handover Selector) used different curve
-    if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_SEL own=%d uri=%s" % (id_h, uri0)):
-        raise Exception("Invalid DPP_NFC_HANDOVER_SEL accepted")
-
-    # DPP: No common channel found
-    if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_REQ own=%d uri=%s" % (id_h, uri0)):
-        raise Exception("DPP_NFC_HANDOVER_REQ with local error accepted")
-
-def test_dpp_with_p2p_device(dev, apdev):
-    """DPP exchange when driver uses a separate P2P Device interface"""
-    check_dpp_capab(dev[0])
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        check_dpp_capab(wpas)
-        id1 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True)
-        uri1 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-        wpas.dpp_listen(2412)
-        time.sleep(7)
-        dev[0].dpp_auth_init(uri=uri1)
-        wait_auth_success(wpas, dev[0], configurator=dev[0], enrollee=wpas,
-                          allow_enrollee_failure=True)
-
-@long_duration_test
-def test_dpp_chirp(dev, apdev):
-    """DPP chirp"""
-    check_dpp_capab(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = {"ssid": "dpp",
-              "channel": "11"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_dpp_capab(hapd)
-    dpp_cc = False
-
-    id1 = dev[0].dpp_bootstrap_gen(chan="81/1")
-    if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=5" % id1):
-        raise Exception("DPP_CHIRP failed")
-    chan1 = 0
-    chan6 = 0
-    chan11 = 0
-    for i in range(30):
-        ev = dev[0].wait_event(["DPP-CHIRP-STOPPED",
-                                "DPP-TX "], timeout=60)
-        if ev is None:
-            raise Exception("DPP chirp stop not reported")
-        if "DPP-CHIRP-STOPPED" in ev:
-            break
-        if "type=13" not in ev:
-            continue
-        freq = int(ev.split(' ')[2].split('=')[1])
-        if freq == 2412:
-            chan1 += 1
-        elif freq == 2437:
-            chan6 += 1
-        elif freq == 2462:
-            chan11 += 1
-        if not dpp_cc:
-            hapd.set("dpp_configurator_connectivity", "1")
-            if "OK" not in hapd.request("UPDATE_BEACON"):
-                raise Exception("UPDATE_BEACON failed")
-            dpp_cc = True
-    if chan1 != 5 or chan6 != 5 or chan11 != 1:
-        raise Exception("Unexpected number of presence announcements sent: %d %d %d" % (chan1, chan6, chan11))
-    ev = hapd.wait_event(["DPP-CHIRP-RX"], timeout=1)
-    if ev is None:
-        raise Exception("No chirp received on the AP")
-    if "freq=2462" not in ev:
-        raise Exception("Chirp reception reported on unexpected channel: " + ev)
-    if "src=" + dev[0].own_addr() not in ev:
-        raise Exception("Unexpected chirp source reported: " + ev)
-
-@long_duration_test
-def test_dpp_chirp_listen(dev, apdev):
-    """DPP chirp with listen"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    id1 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2 listen=2412" % id1):
-        raise Exception("DPP_CHIRP failed")
-    for i in range(30):
-        ev = dev[0].wait_event(["DPP-CHIRP-STOPPED",
-                                "DPP-TX "], timeout=60)
-        if ev is None:
-            raise Exception("DPP chirp stop not reported")
-        if "DPP-CHIRP-STOPPED" in ev:
-            break
-
-def test_dpp_chirp_configurator(dev, apdev):
-    """DPP chirp with a standalone Configurator"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    id1 = dev[0].dpp_bootstrap_gen(chan="81/1")
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    conf_id = dev[1].dpp_configurator_add()
-    idc = dev[1].dpp_qr_code(uri)
-    dev[1].dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id)
-    dev[1].dpp_listen(2437)
-
-    if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2" % id1):
-        raise Exception("DPP_CHIRP failed")
-
-    ev = dev[1].wait_event(["DPP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Presence Announcement not seen")
-    if "type=13" not in ev:
-        raise Exception("Unexpected DPP frame received: " + ev)
-
-    ev = dev[1].wait_event(["DPP-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Authentication Request TX not seen")
-    if "type=0" not in ev:
-        raise Exception("Unexpected DPP frame TX: " + ev)
-    if "dst=" + dev[0].own_addr() not in ev:
-        raise Exception("Unexpected Authentication Request destination: " + ev)
-
-    wait_auth_success(dev[0], dev[1], dev[1], dev[0])
-
-def test_dpp_chirp_ap_as_configurator(dev, apdev):
-    """DPP chirp with an AP as a standalone Configurator"""
-    check_dpp_capab(dev[0], min_ver=2)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd, min_ver=2)
-
-    id1 = dev[0].dpp_bootstrap_gen(chan="81/1")
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    conf_id = hapd.dpp_configurator_add()
-    idc = hapd.dpp_qr_code(uri)
-    hapd.dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id)
-    hapd.dpp_listen(2412)
-
-    if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2" % id1):
-        raise Exception("DPP_CHIRP failed")
-
-    wait_auth_success(dev[0], hapd, hapd, dev[0])
-
-def test_dpp_chirp_configurator_inits(dev, apdev):
-    """DPP chirp with a standalone Configurator initiating"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    id1 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-    conf_id = dev[1].dpp_configurator_add()
-    idc = dev[1].dpp_qr_code(uri)
-
-    if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2 listen=2412" % id1):
-        raise Exception("DPP_CHIRP failed")
-    for i in range(2):
-        ev = dev[0].wait_event(["DPP-TX "], timeout=10)
-        if ev is None or "type=13" not in ev:
-            raise Exception("Presence Announcement not sent")
-
-    dev[1].dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id)
-    wait_auth_success(dev[0], dev[1], dev[1], dev[0])
-
-def test_dpp_chirp_ap(dev, apdev):
-    """DPP chirp by an AP"""
-    check_dpp_capab(dev[0], min_ver=2)
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "start_disabled": "1"})
-    check_dpp_capab(hapd, min_ver=2)
-
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-
-    conf_id = dev[0].dpp_configurator_add()
-    idc = dev[0].dpp_qr_code(uri)
-    dev[0].dpp_bootstrap_set(idc, conf="ap-dpp", configurator=conf_id)
-    dev[0].dpp_listen(2437)
-    if "OK" not in hapd.request("DPP_CHIRP own=%d iter=5" % id_h):
-        raise Exception("DPP_CHIRP failed")
-    wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                      timeout=20)
-    update_hapd_config(hapd)
-
-@long_duration_test
-def test_dpp_chirp_ap_5g(dev, apdev):
-    """DPP chirp by an AP on 5 GHz"""
-    check_dpp_capab(dev[0], min_ver=2)
-
-    try:
-        hapd = None
-        hapd2 = None
-
-        params = {"ssid": "unconfigured",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "40",
-                  "dpp_configurator_connectivity": "1"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-        check_dpp_capab(hapd2, min_ver=2)
-
-        params = {"ssid": "unconfigured",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "start_disabled": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        check_dpp_capab(hapd, min_ver=2)
-
-        id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-        uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-
-        # First, check chirping iteration and timeout
-        if "OK" not in hapd.request("DPP_CHIRP own=%d iter=2" % id_h):
-            raise Exception("DPP_CHIRP failed")
-        chan1 = 0
-        chan6 = 0
-        chan40 = 0
-        chan149 = 0
-        for i in range(30):
-            ev = hapd.wait_event(["DPP-CHIRP-STOPPED", "DPP-TX "], timeout=60)
-            if ev is None:
-                raise Exception("DPP chirp stop not reported")
-            if "DPP-CHIRP-STOPPED" in ev:
-                break
-            if "type=13" not in ev:
-                continue
-            freq = int(ev.split(' ')[2].split('=')[1])
-            if freq == 2412:
-                chan1 += 1
-            elif freq == 2437:
-                chan6 += 1
-            elif freq == 5200:
-                chan40 += 1
-            elif freq == 5745:
-                chan149 += 1
-        if not chan1 or not chan6 or not chan40 or not chan149:
-            raise Exception("Chirp not sent on all channels")
-
-        # Then, check successful chirping
-        conf_id = dev[0].dpp_configurator_add()
-        idc = dev[0].dpp_qr_code(uri)
-        dev[0].dpp_bootstrap_set(idc, conf="ap-dpp", configurator=conf_id)
-        dev[0].dpp_listen(5200)
-        if "OK" not in hapd.request("DPP_CHIRP own=%d iter=5" % id_h):
-            raise Exception("DPP_CHIRP failed")
-        wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
-                          timeout=20)
-        update_hapd_config(hapd)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_dpp_chirp_ap_errors(dev, apdev):
-    """DPP chirp errors in hostapd"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
-                                     "start_disabled": "1"})
-    check_dpp_capab(hapd, min_ver=2)
-
-    id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
-    tests = ["",
-             "own=%d" % (id_h + 1),
-             "own=%d iter=-1" % id_h,
-             "own=%d listen=0" % id_h]
-    for t in tests:
-        if "FAIL" not in hapd.request("DPP_CHIRP " + t):
-            raise Exception("Invalid DPP_CHIRP accepted: " + t)
-    if "OK" not in hapd.request("DPP_CHIRP own=%d iter=5" % id_h):
-        raise Exception("DPP_CHIRP failed")
-
-    hapd.request("DPP_STOP_CHIRP")
-
-def start_dpp_pfs_ap(apdev, pfs, sae=False):
-    params = {"ssid": "dpp",
-              "wpa": "2",
-              "wpa_key_mgmt": "DPP",
-              "dpp_pfs": str(pfs),
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": params1_ap_connector,
-              "dpp_csign": params1_csign,
-              "dpp_netaccesskey": params1_ap_netaccesskey}
-    if sae:
-        params["wpa_key_mgmt"] = "DPP SAE"
-        params["sae_password"] = "sae-password"
-    try:
-        hapd = hostapd.add_ap(apdev, params)
-    except:
-        raise HwsimSkip("DPP not supported")
-    return hapd
-
-def run_dpp_pfs_sta(dev, pfs, fail=False, pfs_expected=None, sae=False):
-    key_mgmt = "DPP SAE" if sae else "DPP"
-    psk = "sae-password" if sae else None
-    dev.connect("dpp", key_mgmt=key_mgmt, scan_freq="2412",
-                ieee80211w="2", dpp_pfs=str(pfs),
-                dpp_csign=params1_csign,
-                dpp_connector=params1_sta_connector,
-                dpp_netaccesskey=params1_sta_netaccesskey,
-                psk=psk,
-                wait_connect=not fail)
-    if fail:
-        for i in range(2):
-            ev = dev.wait_event(["CTRL-EVENT-ASSOC-REJECT",
-                                 "CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("Connection result not reported")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection")
-        dev.request("REMOVE_NETWORK all")
-    else:
-        if pfs_expected is not None:
-            res = dev.get_status_field("dpp_pfs")
-            pfs_used = res == "1"
-            if pfs_expected != pfs_used:
-                raise Exception("Unexpected PFS negotiation result")
-        dev.request("REMOVE_NETWORK all")
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_dpp_pfs_ap_0(dev, apdev):
-    """DPP PFS AP default"""
-    check_dpp_capab(dev[0])
-    hapd = start_dpp_pfs_ap(apdev[0], 0)
-    run_dpp_pfs_sta(dev[0], 0, pfs_expected=True)
-    run_dpp_pfs_sta(dev[0], 1, pfs_expected=True)
-    run_dpp_pfs_sta(dev[0], 2, pfs_expected=False)
-
-def test_dpp_pfs_ap_1(dev, apdev):
-    """DPP PFS AP required"""
-    check_dpp_capab(dev[0])
-    hapd = start_dpp_pfs_ap(apdev[0], 1)
-    run_dpp_pfs_sta(dev[0], 0, pfs_expected=True)
-    run_dpp_pfs_sta(dev[0], 1, pfs_expected=True)
-    run_dpp_pfs_sta(dev[0], 2, fail=True)
-
-def test_dpp_pfs_ap_2(dev, apdev):
-    """DPP PFS AP not allowed"""
-    check_dpp_capab(dev[0])
-    hapd = start_dpp_pfs_ap(apdev[0], 2)
-    run_dpp_pfs_sta(dev[0], 0, pfs_expected=False)
-    run_dpp_pfs_sta(dev[0], 1, fail=True)
-    run_dpp_pfs_sta(dev[0], 2, pfs_expected=False)
-
-def test_dpp_pfs_connect_cmd(dev, apdev):
-    """DPP PFS and cfg80211 connect command"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    check_dpp_capab(wpas)
-    hapd = start_dpp_pfs_ap(apdev[0], 0)
-    run_dpp_pfs_sta(wpas, 0, pfs_expected=True)
-    run_dpp_pfs_sta(wpas, 1, pfs_expected=True)
-    run_dpp_pfs_sta(wpas, 2, pfs_expected=False)
-
-def test_dpp_pfs_connect_cmd_ap_2(dev, apdev):
-    """DPP PFS and cfg80211 connect command (PFS not allowed by AP)"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    check_dpp_capab(wpas)
-    hapd = start_dpp_pfs_ap(apdev[0], 2)
-    run_dpp_pfs_sta(wpas, 0, pfs_expected=False)
-    run_dpp_pfs_sta(wpas, 1, fail=True)
-    run_dpp_pfs_sta(wpas, 2, pfs_expected=False)
-
-def test_dpp_pfs_connect_cmd_ap_2_sae(dev, apdev):
-    """DPP PFS and cfg80211 connect command (PFS not allowed by AP; SAE enabled)"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    check_dpp_capab(wpas)
-    if "SAE" not in wpas.get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    hapd = start_dpp_pfs_ap(apdev[0], 2, sae=True)
-    run_dpp_pfs_sta(wpas, 0, pfs_expected=False, sae=True)
-    run_dpp_pfs_sta(wpas, 1, fail=True, sae=True)
-    run_dpp_pfs_sta(wpas, 2, pfs_expected=False, sae=True)
-
-def test_dpp_pfs_ap_0_sta_ver1(dev, apdev):
-    """DPP PFS AP default with version 1 STA"""
-    check_dpp_capab(dev[0])
-    dev[0].set("dpp_version_override", "1")
-    hapd = start_dpp_pfs_ap(apdev[0], 0)
-    run_dpp_pfs_sta(dev[0], 0, pfs_expected=False)
-
-def test_dpp_pfs_errors(dev, apdev):
-    """DPP PFS error cases"""
-    check_dpp_capab(dev[0], min_ver=2)
-    hapd = start_dpp_pfs_ap(apdev[0], 1)
-    tests = [(1, "dpp_pfs_init"),
-             (1, "crypto_ecdh_init;dpp_pfs_init"),
-             (1, "wpabuf_alloc;dpp_pfs_init")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
-                           ieee80211w="2", dpp_pfs="1",
-                           dpp_csign=params1_csign,
-                           dpp_connector=params1_sta_connector,
-                           dpp_netaccesskey=params1_sta_netaccesskey)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-            hapd.dump_monitor()
-
-def test_dpp_reconfig_connector(dev, apdev):
-    """DPP reconfiguration connector"""
-    try:
-        run_dpp_reconfig_connector(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_reconfig_connector_different_groups(dev, apdev):
-    """DPP reconfiguration connector with different groups"""
-    try:
-        run_dpp_reconfig_connector(dev, apdev, conf_curve="secp384r1")
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-@long_duration_test
-def test_dpp_reconfig_retries(dev, apdev):
-    """DPP reconfiguration retries"""
-    try:
-        run_dpp_reconfig_connector(dev, apdev, test_retries=True)
-        for i in range(4):
-            ev = dev[0].wait_event(["DPP-TX "], timeout=120)
-            if ev is None or "type=14" not in ev:
-                raise Exception("Reconfig Announcement not sent")
-        dev[0].request("DPP_STOP_LISTEN")
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_reconfig_connector(dev, apdev, conf_curve=None,
-                               test_retries=False):
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-
-    ssid = "reconfig"
-    passphrase = "secret passphrase"
-    passphrase2 = "another secret passphrase"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("dpp_config_processing", "2")
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    configurator = dev[1].dpp_configurator_add(curve=conf_curve)
-    conf = 'sta-psk'
-    dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid=ssid,
-                         passphrase=passphrase, configurator=configurator,
-                         conn_status=True)
-    res = wait_auth_success(dev[0], dev[1], configurator=dev[1],
-                            enrollee=dev[0])
-    if 'wait_conn_status' not in res:
-        raise Exception("Configurator did not request connection status")
-    ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20)
-    if ev is None:
-        raise Exception("No connection status reported")
-    dev[1].dump_monitor()
-
-    ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
-    if ev is None:
-        raise Exception("SSID not reported")
-    res_ssid = ev.split(' ')[1]
-    if res_ssid != ssid:
-        raise Exception("Unexpected SSID value")
-
-    ev = dev[0].wait_event(["DPP-CONNECTOR"], timeout=1)
-    if ev is None:
-        raise Exception("Connector not reported")
-    connector = ev.split(' ')[1]
-
-    ev = dev[0].wait_event(["DPP-C-SIGN-KEY"], timeout=1)
-    if ev is None:
-        raise Exception("C-sign-key not reported")
-    p = ev.split(' ')
-    csign = p[1]
-
-    ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
-    if ev is None:
-        raise Exception("netAccessKey not reported")
-    p = ev.split(' ')
-    net_access_key = p[1]
-    net_access_key_expiry = p[2] if len(p) > 2 else None
-
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id = ev.split(' ')[1]
-
-    dev[0].wait_connected()
-
-    n_key_mgmt = dev[0].get_network(id, "key_mgmt")
-    if n_key_mgmt != "WPA-PSK FT-PSK WPA-PSK-SHA256":
-        raise Exception("Unexpected key_mgmt: " + n_key_mgmt)
-    n_connector = dev[0].get_network(id, "dpp_connector")
-    if n_connector.strip('"') != connector:
-        raise Exception("Connector mismatch: %s %s" % (n_connector, connector))
-    n_csign = dev[0].get_network(id, "dpp_csign")
-    if n_csign.strip('"') != csign:
-        raise Exception("csign mismatch: %s %s" % (n_csign, csign))
-    n_net_access_key = dev[0].get_network(id, "dpp_netaccesskey")
-    if n_net_access_key.strip('"') != net_access_key:
-        raise Exception("net_access_key mismatch: %s %s" % (n_net_access_key,
-                                                            net_access_key))
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.disable()
-    hapd.set("wpa_passphrase", passphrase2)
-    hapd.enable()
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    if test_retries:
-        dev[1].request("DPP_STOP_LISTEN")
-        if "OK" not in dev[0].request("DPP_RECONFIG %s iter=10" % id):
-            raise Exception("Failed to start reconfiguration")
-        return
-
-    dev[1].set("dpp_configurator_params",
-               "conf=sta-psk ssid=%s pass=%s conn_status=1" % (binascii.hexlify(ssid.encode()).decode(), binascii.hexlify(passphrase2.encode()).decode()))
-    dev[1].dpp_listen(2437)
-
-    if "OK" not in dev[0].request("DPP_RECONFIG %s" % id):
-        raise Exception("Failed to start reconfiguration")
-    ev = dev[0].wait_event(["DPP-TX "], timeout=10)
-    if ev is None or "type=14" not in ev:
-        raise Exception("Reconfig Announcement not sent")
-
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Reconfig Announcement not received")
-    if "freq=2437 type=14" not in ev:
-        raise Exception("Unexpected RX data for Reconfig Announcement: " + ev)
-
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "freq=2437 type=15" not in ev:
-        raise Exception("DPP Reconfig Authentication Request not received")
-
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "freq=2437 type=16" not in ev:
-        raise Exception("DPP Reconfig Authentication Response not received")
-
-    ev = dev[0].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "freq=2437 type=17" not in ev:
-        raise Exception("DPP Reconfig Authentication Confirm not received")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None or "freq=2437" not in ev:
-        raise Exception("DPP Config Request (GAS) not transmitted")
-
-    ev = dev[1].wait_event(["DPP-CONF-REQ-RX"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Config Request (GAS) not received")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-    if ev is None or "freq=2437" not in ev:
-        raise Exception("DPP Config Response (GAS) not received")
-
-    ev = dev[1].wait_event(["DPP-RX"], timeout=5)
-    if ev is None or "freq=2437 type=11" not in ev:
-        raise Exception("DPP Config Result not received")
-
-    ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
-    if ev is None:
-        raise Exception("DPP Config Response (GAS) not transmitted")
-
-    ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP config response reception result not indicated")
-    if "DPP-CONF-RECEIVED" not in ev:
-        raise Exception("Reconfiguration failed")
-
-    dev[0].wait_connected()
-
-    ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20)
-    if ev is None:
-        raise Exception("No connection status reported")
-
-def test_dpp_reconfig_hostapd_configurator(dev, apdev):
-    """DPP reconfiguration with hostapd as configurator"""
-    try:
-        run_dpp_reconfig_hostapd_configurator(dev, apdev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_reconfig_hostapd_configurator(dev, apdev):
-    ssid = "reconfig-ap"
-    check_dpp_capab(dev[0], min_ver=2)
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd, min_ver=2)
-    conf_id = hapd.dpp_configurator_add()
-
-    cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d ssid=%s" % (conf_id, binascii.hexlify(ssid.encode()).decode())
-    res = hapd.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate own configuration")
-    hapd.set("dpp_configurator_connectivity", "1")
-    update_hapd_config(hapd)
-
-    id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    dev[0].set("dpp_config_processing", "2")
-    dev[0].dpp_listen(2412)
-    hapd.dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id,
-                       extra="expiry=%d" % (time.time() + 10), ssid=ssid)
-    wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0])
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network id not reported")
-    network = int(ev.split(' ')[1])
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    time.sleep(10)
-    if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["DPP-MISSING-CONNECTOR", "CTRL-EVENT-CONNECTED"],
-                           timeout=15)
-    if ev is None or "DPP-MISSING-CONNECTOR" not in ev:
-        raise Exception("Missing Connector not reported")
-    if "netAccessKey expired" not in ev:
-        raise Exception("netAccessKey expiry not indicated")
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    hapd.set("dpp_configurator_params",
-             "conf=sta-dpp configurator=%d ssid=%s" % (conf_id, binascii.hexlify(ssid.encode()).decode()))
-
-    if "OK" not in dev[0].request("DPP_RECONFIG %s" % network):
-        raise Exception("Failed to start reconfiguration")
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=15)
-    if ev is None:
-        raise Exception("DPP network id not reported for reconfiguration")
-    network2 = int(ev.split(' ')[1])
-    if network == network2:
-        raise Exception("Network ID did not change")
-    dev[0].wait_connected()
-
-def test_dpp_qr_code_auth_rand_mac_addr(dev, apdev):
-    """DPP QR Code and authentication exchange (rand_mac_addr=1)"""
-    flags = int(dev[0].get_driver_status_field('capa.flags'), 16)
-    if flags & 0x0000400000000000 == 0:
-        raise HwsimSkip("Driver does not support random GAS TA")
-
-    try:
-        dev[0].set("gas_rand_mac_addr", "1")
-        run_dpp_qr_code_auth_unicast(dev, apdev, None)
-    finally:
-        dev[0].set("gas_rand_mac_addr", "0")
-
-def dpp_sign_cert(cacert, cakey, csr_der):
-    csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_ASN1,
-                                                  csr_der)
-    cert = OpenSSL.crypto.X509()
-    cert.set_serial_number(12345)
-    cert.gmtime_adj_notBefore(-10)
-    cert.gmtime_adj_notAfter(100000)
-    cert.set_pubkey(csr.get_pubkey())
-    dn = csr.get_subject()
-    cert.set_subject(dn)
-    cert.set_version(2)
-    cert.add_extensions([
-        OpenSSL.crypto.X509Extension(b"basicConstraints", True,
-                                     b"CA:FALSE"),
-        OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False,
-                                     b"hash", subject=cert),
-        OpenSSL.crypto.X509Extension(b"authorityKeyIdentifier", False,
-                                     b"keyid:always", issuer=cacert),
-    ])
-    cert.set_issuer(cacert.get_subject())
-    cert.sign(cakey, "sha256")
-    return cert
-
-def test_dpp_enterprise(dev, apdev, params):
-    """DPP and enterprise EAP-TLS provisioning"""
-    check_dpp_capab(dev[0], min_ver=2)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-        run_dpp_enterprise(dev, apdev, params)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_dpp_enterprise(dev, apdev, params):
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    cert_file = params['prefix'] + ".cert.pem"
-    pkcs7_file = params['prefix'] + ".pkcs7.der"
-
-    params = {"ssid": "dpp-ent",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP",
-              "ieee8021x": "1",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ec-ca.pem",
-              "server_cert": "auth_serv/ec-server.pem",
-              "private_key": "auth_serv/ec-server.key"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with open("auth_serv/ec-ca.pem", "rb") as f:
-        res = f.read()
-        cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                 res)
-
-    with open("auth_serv/ec-ca.key", "rb") as f:
-        res = f.read()
-        cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res)
-
-    conf_id = dev[1].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    csrattrs = "MAsGCSqGSIb3DQEJBw=="
-    id1 = dev[1].dpp_auth_init(uri=uri0, configurator=conf_id, conf="sta-dot1x",
-                               csrattrs=csrattrs, ssid="dpp-ent")
-
-    ev = dev[1].wait_event(["DPP-CSR"], timeout=10)
-    if ev is None:
-        raise Exception("Configurator did not receive CSR")
-    id1_csr = int(ev.split(' ')[1].split('=')[1])
-    if id1 != id1_csr:
-        raise Exception("Peer bootstrapping ID mismatch in CSR event")
-    csr = ev.split(' ')[2]
-    if not csr.startswith("csr="):
-        raise Exception("Could not parse CSR event: " + ev)
-    csr = csr[4:]
-    csr = base64.b64decode(csr.encode())
-    logger.info("CSR: " + binascii.hexlify(csr).decode())
-
-    cert = dpp_sign_cert(cacert, cakey, csr)
-    with open(cert_file, 'wb') as f:
-        f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                cert))
-    subprocess.check_call(['openssl', 'crl2pkcs7', '-nocrl',
-                           '-certfile', cert_file,
-                           '-certfile', 'auth_serv/ec-ca.pem',
-                           '-outform', 'DER', '-out', pkcs7_file])
-
-    #caCert = base64.b64encode(b"TODO").decode()
-    #res = dev[1].request("DPP_CA_SET peer=%d name=caCert value=%s" % (id1, caCert))
-    #if "OK" not in res:
-    #    raise Exception("Failed to set caCert")
-
-    name = "server.w1.fi"
-    res = dev[1].request("DPP_CA_SET peer=%d name=trustedEapServerName value=%s" % (id1, name))
-    if "OK" not in res:
-        raise Exception("Failed to set trustedEapServerName")
-
-    with open(pkcs7_file, 'rb') as f:
-        pkcs7_der = f.read()
-        certbag = base64.b64encode(pkcs7_der).decode()
-    res = dev[1].request("DPP_CA_SET peer=%d name=certBag value=%s" % (id1, certbag))
-    if "OK" not in res:
-        raise Exception("Failed to set certBag")
-
-    ev = dev[1].wait_event(["DPP-CONF-SENT", "DPP-CONF-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    if "DPP-CONF-FAILED" in ev:
-        raise Exception("DPP configuration did not succeed (Configurator)")
-
-    ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
-                           timeout=1)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    if "DPP-CONF-FAILED" in ev:
-        raise Exception("DPP configuration did not succeed (Enrollee)")
-
-    ev = dev[0].wait_event(["DPP-CERTBAG"], timeout=1)
-    if ev is None:
-        raise Exception("DPP-CERTBAG not reported")
-    certbag = base64.b64decode(ev.split(' ')[1].encode())
-    if certbag != pkcs7_der:
-        raise Exception("DPP-CERTBAG mismatch")
-
-    #ev = dev[0].wait_event(["DPP-CACERT"], timeout=1)
-    #if ev is None:
-    #    raise Exception("DPP-CACERT not reported")
-
-    ev = dev[0].wait_event(["DPP-SERVER-NAME"], timeout=1)
-    if ev is None:
-        raise Exception("DPP-SERVER-NAME not reported")
-    if ev.split(' ')[1] != name:
-        raise Exception("DPP-SERVER-NAME mismatch: " + ev)
-
-    ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
-    if ev is None:
-        raise Exception("DPP network profile not generated")
-    id = ev.split(' ')[1]
-
-    dev[0].wait_connected()
-
-def test_dpp_enterprise_reject(dev, apdev, params):
-    """DPP and enterprise EAP-TLS provisioning and CSR getting rejected"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    conf_id = dev[1].dpp_configurator_add()
-    id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
-    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-    dev[0].dpp_listen(2412)
-    csrattrs = "MAsGCSqGSIb3DQEJBw=="
-    id1 = dev[1].dpp_auth_init(uri=uri0, configurator=conf_id, conf="sta-dot1x",
-                               csrattrs=csrattrs, ssid="dpp-ent")
-
-    ev = dev[1].wait_event(["DPP-CSR"], timeout=10)
-    if ev is None:
-        raise Exception("Configurator did not receive CSR")
-
-    res = dev[1].request("DPP_CA_SET peer=%d name=status value=5" % id1)
-    if "OK" not in res:
-        raise Exception("Failed to set status")
-
-    ev = dev[1].wait_event(["DPP-CONF-SENT", "DPP-CONF-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    if "DPP-CONF-FAILED" in ev:
-        raise Exception("DPP configuration did not succeed (Configurator)")
-
-    ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
-                           timeout=1)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    if "DPP-CONF-FAILED" not in ev:
-        raise Exception("DPP configuration did not fail (Enrollee)")
-
-def test_dpp_enterprise_tcp(dev, apdev, params):
-    """DPP over TCP for enterprise provisioning"""
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-
-    try:
-        run_dpp_enterprise_tcp(dev, apdev, params)
-    finally:
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def run_dpp_enterprise_tcp(dev, apdev, params):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    cap_lo = params['prefix'] + ".lo.pcap"
-
-    wt = WlantestCapture('lo', cap_lo)
-    time.sleep(1)
-
-    # Controller
-    conf_id = dev[1].dpp_configurator_add()
-    csrattrs = "MAsGCSqGSIb3DQEJBw=="
-    dev[1].set("dpp_configurator_params",
-               "conf=sta-dot1x configurator=%d csrattrs=%s" % (conf_id, csrattrs))
-    id_c = dev[1].dpp_bootstrap_gen()
-    uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
-    req = "DPP_CONTROLLER_START"
-    if "OK" not in dev[1].request(req):
-        raise Exception("Failed to start Controller")
-
-    dev[0].dpp_auth_init(uri=uri_c, role="enrollee", tcp_addr="127.0.0.1")
-    run_dpp_enterprise_tcp_end(params, dev, wt)
-
-def run_dpp_enterprise_tcp_end(params, dev, wt):
-    cert_file = params['prefix'] + ".cert.pem"
-    pkcs7_file = params['prefix'] + ".pkcs7.der"
-
-    with open("auth_serv/ec-ca.pem", "rb") as f:
-        res = f.read()
-        cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                 res)
-
-    with open("auth_serv/ec-ca.key", "rb") as f:
-        res = f.read()
-        cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res)
-
-    ev = dev[1].wait_event(["DPP-CSR"], timeout=10)
-    if ev is None:
-        raise Exception("Configurator did not receive CSR")
-    id1_csr = int(ev.split(' ')[1].split('=')[1])
-    csr = ev.split(' ')[2]
-    if not csr.startswith("csr="):
-        raise Exception("Could not parse CSR event: " + ev)
-    csr = csr[4:]
-    csr = base64.b64decode(csr.encode())
-    logger.info("CSR: " + binascii.hexlify(csr).decode())
-
-    cert = dpp_sign_cert(cacert, cakey, csr)
-    with open(cert_file, 'wb') as f:
-        f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                cert))
-    subprocess.check_call(['openssl', 'crl2pkcs7', '-nocrl',
-                           '-certfile', cert_file,
-                           '-certfile', 'auth_serv/ec-ca.pem',
-                           '-outform', 'DER', '-out', pkcs7_file])
-
-    with open(pkcs7_file, 'rb') as f:
-        pkcs7_der = f.read()
-        certbag = base64.b64encode(pkcs7_der).decode()
-    res = dev[1].request("DPP_CA_SET peer=%d name=certBag value=%s" % (id1_csr, certbag))
-    if "OK" not in res:
-        raise Exception("Failed to set certBag")
-
-    ev = dev[1].wait_event(["DPP-CONF-SENT", "DPP-CONF-FAILED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    if "DPP-CONF-FAILED" in ev:
-        raise Exception("DPP configuration did not succeed (Configurator)")
-
-    ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
-                           timeout=1)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    if "DPP-CONF-RECEIVED" not in ev:
-        raise Exception("DPP configuration did not succeed (Enrollee)")
-
-    time.sleep(0.5)
-    wt.close()
-
-def test_dpp_enterprise_tcp2(dev, apdev, params):
-    """DPP over TCP for enterprise provisioning (Controller initiating)"""
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-
-    try:
-        run_dpp_enterprise_tcp2(dev, apdev, params)
-    finally:
-        dev[0].request("DPP_CONTROLLER_STOP")
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def run_dpp_enterprise_tcp2(dev, apdev, params):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    cap_lo = params['prefix'] + ".lo.pcap"
-    cert_file = params['prefix'] + ".cert.pem"
-    pkcs7_file = params['prefix'] + ".pkcs7.der"
-
-    with open("auth_serv/ec-ca.pem", "rb") as f:
-        res = f.read()
-        cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
-                                                 res)
-
-    with open("auth_serv/ec-ca.key", "rb") as f:
-        res = f.read()
-        cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res)
-
-    wt = WlantestCapture('lo', cap_lo)
-    time.sleep(1)
-
-    # Client/Enrollee/Responder
-    id_e = dev[0].dpp_bootstrap_gen()
-    uri_e = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_e)
-    req = "DPP_CONTROLLER_START"
-    if "OK" not in dev[0].request(req):
-        raise Exception("Failed to start Client/Enrollee")
-
-    # Controller/Configurator/Initiator
-    conf_id = dev[1].dpp_configurator_add()
-    csrattrs = "MAsGCSqGSIb3DQEJBw=="
-    dev[1].dpp_auth_init(uri=uri_e, role="configurator", configurator=conf_id,
-                         conf="sta-dot1x", csrattrs=csrattrs,
-                         tcp_addr="127.0.0.1")
-
-    run_dpp_enterprise_tcp_end(params, dev, wt)
diff --git a/tests/hwsim/test_dpp3.py b/tests/hwsim/test_dpp3.py
deleted file mode 100644
index e50f199f385f..000000000000
--- a/tests/hwsim/test_dpp3.py
+++ /dev/null
@@ -1,49 +0,0 @@
-# Test cases for Device Provisioning Protocol (DPP) version 3
-# Copyright (c) 2021, Qualcomm Innovation Center, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from test_dpp import check_dpp_capab, run_dpp_auto_connect
-
-def test_dpp_network_intro_version(dev, apdev):
-    """DPP Network Introduction and protocol version"""
-    check_dpp_capab(dev[0], min_ver=3)
-
-    try:
-        id, hapd = run_dpp_auto_connect(dev, apdev, 1, stop_after_prov=True)
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_network_intro_version_change(dev, apdev):
-    """DPP Network Introduction and protocol version change"""
-    check_dpp_capab(dev[0], min_ver=3)
-
-    try:
-        dev[0].set("dpp_version_override", "2")
-        id, hapd = run_dpp_auto_connect(dev, apdev, 1, stop_after_prov=True)
-        dev[0].set("dpp_version_override", "3")
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_dpp_network_intro_version_missing_req(dev, apdev):
-    """DPP Network Introduction and protocol version missing from request"""
-    check_dpp_capab(dev[0], min_ver=3)
-
-    try:
-        dev[0].set("dpp_version_override", "2")
-        id, hapd = run_dpp_auto_connect(dev, apdev, 1, stop_after_prov=True)
-        dev[0].set("dpp_version_override", "3")
-        dev[0].set("dpp_test", "92")
-        dev[0].select_network(id, freq=2412)
-        ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
-        if ev is None:
-            raise Exception("DPP network introduction result not seen on STA")
-        if "status=8" not in ev:
-            raise Exception("Unexpected network introduction result on STA: " + ev)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
diff --git a/tests/hwsim/test_dscp.py b/tests/hwsim/test_dscp.py
deleted file mode 100644
index e017938bc355..000000000000
--- a/tests/hwsim/test_dscp.py
+++ /dev/null
@@ -1,407 +0,0 @@
-# Test cases for dscp policy
-# Copyright (c) 2021, Jouni Malinen <j@w1.fi>
-# Copyright (c) 2021, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import struct
-import time
-import sys
-import socket
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-
-def register_dscp_req(hapd):
-    type = 0x00d0
-    match = "7e506f9a1a"
-    if "OK" not in hapd.request("REGISTER_FRAME %04x %s" % (type, match)):
-        raise Exception("Could not register frame reception for Vendor specific protected type")
-
-def send_dscp_req(hapd, da, oui_subtype, dialog_token, req_control, qos_ie,
-                  truncate=False):
-    type = 0
-    subtype = 13
-    category = 126
-    oui_type = 0x506f9a1a
-    if truncate:
-        req = struct.pack('>BLBB', category, oui_type, oui_subtype,
-                          dialog_token)
-    else:
-        req = struct.pack('>BLBBB', category, oui_type, oui_subtype,
-                          dialog_token, req_control)
-        if qos_ie:
-            req += qos_ie
-
-    msg = {}
-    msg['fc'] = 0x00d0
-    msg['sa'] = hapd.own_addr()
-    msg['da'] = da
-    msg['bssid'] = hapd.own_addr()
-    msg['type'] = type
-    msg['subtype'] = subtype
-    msg['payload'] = req
-
-    hapd.mgmt_tx(msg)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None or "stype=13 ok=1" not in ev:
-        raise Exception("No DSCP Policy Request sent")
-
-def prepare_qos_ie(policy_id, req_type, dscp, start_port=0, end_port=0,
-                   frame_classifier=None, frame_class_len=0, domain_name=None):
-    qos_elem_oui_type = 0x229a6f50
-    qos_elem_id = 221
-
-    if policy_id:
-        qos_attr = struct.pack('BBBBB', 2, 3, policy_id, req_type, dscp)
-        qos_attr_len = 5
-    else:
-        qos_attr = 0
-        qos_attr_len = 0
-
-    if start_port and end_port:
-        port_range_attr = struct.pack('>BBHH', 1, 4, start_port, end_port)
-        if qos_attr:
-            qos_attr += port_range_attr
-        else:
-            qos_attr = port_range_attr
-        qos_attr_len += 6
-
-    if frame_classifier and frame_class_len:
-        tclas_attr = struct.pack('>BB%ds' % (len(frame_classifier),), 3,
-                                 len(frame_classifier), frame_classifier)
-        if qos_attr:
-            qos_attr += tclas_attr
-        else:
-            qos_attr = tclas_attr
-        qos_attr_len += 2 + len(frame_classifier)
-
-    if domain_name:
-        s = bytes(domain_name, 'utf-8')
-        domain_name_attr = struct.pack('>BB%ds' % (len(s),), 4, len(s), s)
-        if qos_attr:
-            qos_attr += domain_name_attr
-        else:
-            qos_attr = domain_name_attr
-        qos_attr_len += 2 + len(s)
-
-    qos_attr_len += 4
-    qos_ie = struct.pack('<BBL', qos_elem_id, qos_attr_len,
-                         qos_elem_oui_type) + qos_attr
-
-    return qos_ie
-
-def validate_dscp_req_event(dev, event):
-    ev = dev.wait_event(["CTRL-EVENT-DSCP-POLICY"], timeout=2)
-    if ev is None:
-        raise Exception("No DSCP request reported")
-    if ev != event:
-        raise Exception("Invalid DSCP event received (%s; expected: %s)" % (ev, event))
-
-def handle_dscp_query(hapd, query):
-    msg = hapd.mgmt_rx()
-    if msg['payload'] != query:
-        raise Exception("Invalid DSCP Query received at AP")
-
-def handle_dscp_response(hapd, response):
-    msg = hapd.mgmt_rx()
-    if msg['payload'] != response:
-        raise Exception("Invalid DSCP Response received at AP")
-
-def ap_sta_connectivity(dev, apdev, params):
-    p = hostapd.wpa2_params(passphrase="12345678")
-    p["wpa_key_mgmt"] = "WPA-PSK"
-    p["ieee80211w"] = "1"
-    p.update(params)
-    hapd = hostapd.add_ap(apdev[0], p)
-    register_dscp_req(hapd)
-
-    dev[0].request("SET enable_dscp_policy_capa 1")
-    dev[0].connect("dscp", psk="12345678", ieee80211w="1",
-                   key_mgmt="WPA-PSK WPA-PSK-SHA256", scan_freq="2412")
-    hapd.wait_sta()
-
-    hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-    return hapd
-
-def test_dscp_query(dev, apdev):
-    """DSCP Policy Query"""
-
-    # Positive tests
-    #AP with DSCP Capabilities
-    params = {"ssid": "dscp",
-              "ext_capa": 6*"00" + "40",
-              "assocresp_elements": "dd06506f9a230101",
-              "vendor_elements": "dd06506f9a230101"}
-
-    hapd = ap_sta_connectivity(dev, apdev, params)
-    da = dev[0].own_addr()
-
-    # Query 1
-    cmd = "DSCP_QUERY wildcard"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Query failed")
-    query = b'\x7e\x50\x6f\x9a\x1a\x00\x01'
-    handle_dscp_query(hapd, query)
-
-    # Query 2
-    cmd = "DSCP_QUERY domain_name=example.com"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Query failed")
-    query = b'\x7e\x50\x6f\x9a\x1a\x00\x02\xdd\x11\x50\x6f\x9a\x22\x04\x0b\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d'
-    handle_dscp_query(hapd, query)
-
-    # Negative tests
-
-    cmd = "DSCP_QUERY domain_name=" + 250*'a' + ".example.com"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("Invalid DSCP_QUERY accepted")
-
-    dev[0].disconnect_and_stop_scan()
-    # AP without DSCP Capabilities
-    params = {"ssid": "dscp",
-              "ext_capa": 6*"00" + "40"}
-    hapd = ap_sta_connectivity(dev, apdev, params)
-
-    # Query 3
-    cmd = "DSCP_QUERY wildcard"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("Able to send invalid DSCP Query")
-
-def test_dscp_request(dev, apdev):
-    """DSCP Policy Request"""
-
-    # Positive tests
-
-    #AP with DSCP Capabilities
-    params = {"ssid": "dscp",
-              "ext_capa": 6*"00" + "40",
-              "assocresp_elements": "dd06506f9a230101",
-              "vendor_elements": "dd06506f9a230101"}
-
-    hapd = ap_sta_connectivity(dev, apdev, params)
-    da = dev[0].own_addr()
-
-    # Request 1
-    dialog_token = 5
-    send_dscp_req(hapd, da, 1, dialog_token, 2, 0)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_start clear_all"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_end"
-    validate_dscp_req_event(dev[0], event)
-
-    # DSCP Request with multiple QoS IEs
-    # QoS IE 1
-    dialog_token = 1
-    domain_name = "example.com"
-    ipv4_src_addr = socket.inet_pton(socket.AF_INET, "192.168.0.1")
-    ipv4_dest_addr = socket.inet_pton(socket.AF_INET, "192.168.0.2")
-    frame_classifier_start = [4, 91, 4]
-    frame_classifier_end = [12, 34, 12, 34, 0, 17, 0]
-    frame_classifier = bytes(frame_classifier_start) + ipv4_src_addr + ipv4_dest_addr + bytes(frame_classifier_end)
-    frame_len = len(frame_classifier)
-    qos_ie = prepare_qos_ie(1, 0, 22, 0, 0, frame_classifier, frame_len, domain_name)
-
-    # QoS IE 2
-    ipv6_src_addr = socket.inet_pton(socket.AF_INET6, "aaaa:bbbb:cccc::1")
-    ipv6_dest_addr = socket.inet_pton(socket.AF_INET6, "aaaa:bbbb:cccc::2")
-    frame_classifier_start = [4, 79, 6]
-    frame_classifier_end = [0, 12, 34, 0, 0, 17, 0, 0, 0]
-    frame_classifier = bytes(frame_classifier_start) + ipv6_src_addr + ipv6_dest_addr + bytes(frame_classifier_end)
-    frame_len = len(frame_classifier)
-    ie = prepare_qos_ie(5, 0, 48, 12345, 23456, frame_classifier, frame_len,
-                        None)
-    qos_ie += ie
-
-    # QoS IE 3
-    ie = prepare_qos_ie(4, 0, 32, 12345, 23456, 0, 0, domain_name)
-    qos_ie += ie
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_start"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY add policy_id=1 dscp=22 ip_version=4 src_ip=192.168.0.1 src_port=3106 dst_port=3106 protocol=17 domain_name=example.com"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY add policy_id=5 dscp=48 ip_version=6 src_ip=aaaa:bbbb:cccc::1 dst_ip=aaaa:bbbb:cccc::2 src_port=12 protocol=17 start_port=12345 end_port=23456"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY add policy_id=4 dscp=32 ip_version=0 start_port=12345 end_port=23456 domain_name=example.com"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_end"
-    validate_dscp_req_event(dev[0], event)
-
-    # Negative Tests
-
-    # No DSCP policy attribute
-    dialog_token = 4
-    domain_name = "example.com"
-    qos_ie = prepare_qos_ie(0, 0, 0, 12345, 23456, frame_classifier, frame_len,
-                            domain_name)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_start"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_end"
-    validate_dscp_req_event(dev[0], event)
-
-    # No DSCP stream classifier params
-    dialog_token = 6
-    qos_ie = prepare_qos_ie(1, 0, 32, 0, 0, 0, 0, None)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_start"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY reject policy_id=1"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_end"
-    validate_dscp_req_event(dev[0], event)
-
-    # DSCP request with both destination and domain name
-    dialog_token = 7
-    domain_name = "example.com"
-    ipv4_src_addr = socket.inet_pton(socket.AF_INET, "192.168.0.1")
-    ipv4_dest_addr = socket.inet_pton(socket.AF_INET, "192.168.0.2")
-    frame_classifier_start = [4, 69, 4]
-    frame_classifier_end = [0, 0, 0, 0, 0, 17, 0]
-    frame_classifier = bytes(frame_classifier_start) + ipv4_src_addr + ipv4_dest_addr + bytes(frame_classifier_end)
-    frame_len = len(frame_classifier)
-    qos_ie = prepare_qos_ie(1, 0, 36, 0, 0, frame_classifier, frame_len,
-                            domain_name)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    event  = "<3>CTRL-EVENT-DSCP-POLICY request_start"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY reject policy_id=1"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_end"
-    validate_dscp_req_event(dev[0], event)
-
-    # DSCP request with both port range and destination port
-    frame_classifier_start = [4, 81, 4]
-    frame_classifier_end = [0, 0, 23, 45, 0, 17, 0]
-    frame_classifier = bytes(frame_classifier_start) + ipv4_src_addr + ipv4_dest_addr + bytes(frame_classifier_end)
-    frame_len = len(frame_classifier)
-    qos_ie = prepare_qos_ie(1, 0, 36, 12345, 23456, frame_classifier, frame_len,
-                            None)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_start"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY reject policy_id=1"
-    validate_dscp_req_event(dev[0], event)
-    event = "<3>CTRL-EVENT-DSCP-POLICY request_end"
-    validate_dscp_req_event(dev[0], event)
-
-    # Too short DSCP Policy Request frame
-    dialog_token += 1
-    send_dscp_req(hapd, da, 1, dialog_token, 0, None, truncate=True)
-
-    # Request Type: Remove
-    dialog_token += 1
-    qos_ie = prepare_qos_ie(1, 1, 36)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_start")
-    validate_dscp_req_event(dev[0],
-                            "<3>CTRL-EVENT-DSCP-POLICY remove policy_id=1")
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_end")
-
-    # Request Type: Reserved
-    dialog_token += 1
-    qos_ie = prepare_qos_ie(1, 2, 36)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_start")
-    validate_dscp_req_event(dev[0],
-                            "<3>CTRL-EVENT-DSCP-POLICY reject policy_id=1")
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_end")
-
-def test_dscp_response(dev, apdev):
-    """DSCP Policy Response"""
-
-    # Positive tests
-
-    # AP with DSCP Capabilities
-    params = {"ssid": "dscp",
-              "ext_capa": 6*"00" + "40",
-              "assocresp_elements": "dd06506f9a230101",
-              "vendor_elements": "dd06506f9a230101"}
-    hapd = ap_sta_connectivity(dev, apdev, params)
-    da = dev[0].own_addr()
-
-    # Sending solicited DSCP response after receiving DSCP request
-    dialog_token = 1
-    domain_name = "example.com"
-    ipv4_src_addr = socket.inet_pton(socket.AF_INET, "192.168.0.1")
-    ipv4_dest_addr = socket.inet_pton(socket.AF_INET, "192.168.0.2")
-    frame_classifier_start = [4,91,4]
-    frame_classifier_end = [12,34,12,34,0,17,0]
-    frame_classifier = bytes(frame_classifier_start) + ipv4_src_addr + ipv4_dest_addr + bytes(frame_classifier_end)
-    frame_len = len(frame_classifier)
-    qos_ie = prepare_qos_ie(1, 0, 22, 0, 0, frame_classifier, frame_len,
-                            domain_name)
-    ie = prepare_qos_ie(4, 0, 32, 12345, 23456, 0, 0, domain_name)
-    qos_ie += ie
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-
-    cmd = "DSCP_RESP solicited policy_id=1 status=0 policy_id=4 status=0"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Response failed")
-    response = b'\x7e\x50\x6f\x9a\x1a\x02\x01\x00\x02\x01\x00\x04\x00'
-    handle_dscp_response(hapd, response)
-
-    # Unsolicited DSCP Response without status duples
-    cmd = "DSCP_RESP reset more"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Response failed")
-    response = b'\x7e\x50\x6f\x9a\x1a\x02\x00\x03\x00'
-    handle_dscp_response(hapd, response)
-
-    # Unsolicited DSCP Response with one status duple
-    cmd = "DSCP_RESP policy_id=2 status=0"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Response failed")
-    response = b'\x7e\x50\x6f\x9a\x1a\x02\x00\x00\x01\x02\x00'
-    handle_dscp_response(hapd, response)
-
-    # Negative tests
-
-    # Send solicited DSCP Response without prior DSCP request
-    cmd = "DSCP_RESP solicited policy_id=1 status=0 policy_id=5 status=0"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("Able to send invalid DSCP response")
-
-def test_dscp_unsolicited_req_at_assoc(dev, apdev):
-    """DSCP Policy and unsolicited request at association"""
-    params = {"ssid": "dscp",
-              "ext_capa": 6*"00" + "40",
-              "assocresp_elements": "dd06506f9a230103",
-              "vendor_elements": "dd06506f9a230103"}
-    hapd = ap_sta_connectivity(dev, apdev, params)
-    da = dev[0].own_addr()
-
-    dialog_token = 1
-    qos_ie = prepare_qos_ie(1, 0, 36, 12345, 23456)
-    send_dscp_req(hapd, da, 1, dialog_token, 0, qos_ie)
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_start")
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY add policy_id=1 dscp=36 ip_version=0 start_port=12345 end_port=23456")
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_end")
-
-    cmd = "DSCP_QUERY wildcard"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Query failed")
-
-def test_dscp_missing_unsolicited_req_at_assoc(dev, apdev):
-    """DSCP Policy and missing unsolicited request at association"""
-    params = {"ssid": "dscp",
-              "ext_capa": 6*"00" + "40",
-              "assocresp_elements": "dd06506f9a230103",
-              "vendor_elements": "dd06506f9a230103"}
-    hapd = ap_sta_connectivity(dev, apdev, params)
-    da = dev[0].own_addr()
-
-    cmd = "DSCP_QUERY wildcard"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("DSCP_QUERY accepted during wait for unsolicited requesdt")
-    time.sleep(5)
-    validate_dscp_req_event(dev[0], "<3>CTRL-EVENT-DSCP-POLICY request_wait end")
-
-    cmd = "DSCP_QUERY wildcard"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Sending DSCP Query failed")
diff --git a/tests/hwsim/test_eap.py b/tests/hwsim/test_eap.py
deleted file mode 100644
index 144e4d314070..000000000000
--- a/tests/hwsim/test_eap.py
+++ /dev/null
@@ -1,602 +0,0 @@
-# EAP authentication tests
-# Copyright (c) 2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-
-from utils import alloc_fail, fail_test, wait_fail_trigger, HwsimSkip
-from test_ap_eap import check_eap_capa, int_eap_server_params, eap_connect, \
-    eap_reauth
-
-def int_teap_server_params(eap_teap_auth=None, eap_teap_pac_no_inner=None,
-                           eap_teap_separate_result=None, eap_teap_id=None):
-    params = int_eap_server_params()
-    params['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff00"
-    params['eap_fast_a_id'] = "101112131415161718191a1b1c1dff00"
-    params['eap_fast_a_id_info'] = "test server 0"
-    if eap_teap_auth:
-        params['eap_teap_auth'] = eap_teap_auth
-    if eap_teap_pac_no_inner:
-        params['eap_teap_pac_no_inner'] = eap_teap_pac_no_inner
-    if eap_teap_separate_result:
-        params['eap_teap_separate_result'] = eap_teap_separate_result
-    if eap_teap_id:
-        params['eap_teap_id'] = eap_teap_id
-    return params
-
-def test_eap_teap_eap_mschapv2(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-    eap_reauth(dev[0], "TEAP")
-
-def test_eap_teap_eap_pwd(dev, apdev):
-    """EAP-TEAP with inner EAP-PWD"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user-pwd-2",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=PWD",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_eap_eke(dev, apdev):
-    """EAP-TEAP with inner EAP-EKE"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "EKE")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user-eke-2",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=EKE",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_basic_password_auth(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_basic_password_auth_failure(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth failure"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="incorrect",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac", expect_failure=True)
-
-def test_eap_teap_basic_password_auth_no_password(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth and no password configured"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac", expect_failure=True)
-
-def test_eap_teap_basic_password_auth_id0(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth (eap_teap_id=0)"""
-    run_eap_teap_basic_password_auth_id(dev, apdev, 0)
-
-def test_eap_teap_basic_password_auth_id1(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth (eap_teap_id=1)"""
-    run_eap_teap_basic_password_auth_id(dev, apdev, 1)
-
-def test_eap_teap_basic_password_auth_id2(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth (eap_teap_id=2)"""
-    run_eap_teap_basic_password_auth_id(dev, apdev, 2, failure=True)
-
-def test_eap_teap_basic_password_auth_id3(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth (eap_teap_id=3)"""
-    run_eap_teap_basic_password_auth_id(dev, apdev, 3)
-
-def test_eap_teap_basic_password_auth_id4(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth (eap_teap_id=4)"""
-    run_eap_teap_basic_password_auth_id(dev, apdev, 4)
-
-def run_eap_teap_basic_password_auth_id(dev, apdev, eap_teap_id, failure=False):
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1",
-                                    eap_teap_id=str(eap_teap_id))
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac",
-                expect_failure=failure)
-
-def test_eap_teap_basic_password_auth_machine(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth using machine credential"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "",
-                anonymous_identity="TEAP",
-                machine_identity="machine", machine_password="machine-password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_basic_password_auth_user_and_machine(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth using user and machine credentials"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                machine_identity="machine", machine_password="machine-password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_basic_password_auth_user_and_machine_fail_user(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth using user and machine credentials (fail user)"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="wrong-password",
-                anonymous_identity="TEAP",
-                machine_identity="machine", machine_password="machine-password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac",
-                expect_failure=True)
-
-def test_eap_teap_basic_password_auth_user_and_machine_fail_machine(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth using user and machine credentials (fail machine)"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                machine_identity="machine",
-                machine_password="wrong-machine-password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac",
-                expect_failure=True)
-
-def test_eap_teap_basic_password_auth_user_and_machine_no_machine(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth using user and machine credentials (no machine)"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac",
-                expect_failure=True)
-
-def test_eap_teap_peer_outer_tlvs(dev, apdev):
-    """EAP-TEAP with peer Outer TLVs"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac", phase1="teap_test_outer_tlvs=1")
-
-def test_eap_teap_eap_mschapv2_pac(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 and PAC provisioning"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=2",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-def test_eap_teap_eap_mschapv2_pac_no_inner_eap(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 and PAC without inner EAP"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_pac_no_inner="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=2",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-def test_eap_teap_eap_mschapv2_separate_result(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 and separate message for Result TLV"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_separate_result="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_eap_mschapv2_pac_no_ca_cert(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 and PAC provisioning attempt without ca_cert"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=2",
-                phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] == '1':
-        raise Exception("Unexpected use of PAC session ticket")
-
-def test_eap_teap_eap_mschapv2_id0(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=0)"""
-    run_eap_teap_eap_mschapv2_id(dev, apdev, 0)
-
-def test_eap_teap_eap_mschapv2_id1(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=1)"""
-    run_eap_teap_eap_mschapv2_id(dev, apdev, 1)
-
-def test_eap_teap_eap_mschapv2_id2(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=2)"""
-    run_eap_teap_eap_mschapv2_id(dev, apdev, 2, failure=True)
-
-def test_eap_teap_eap_mschapv2_id3(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=3)"""
-    run_eap_teap_eap_mschapv2_id(dev, apdev, 3)
-
-def test_eap_teap_eap_mschapv2_id4(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=4)"""
-    run_eap_teap_eap_mschapv2_id(dev, apdev, 4)
-
-def run_eap_teap_eap_mschapv2_id(dev, apdev, eap_teap_id, failure=False):
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_id=str(eap_teap_id))
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac",
-                expect_failure=failure)
-
-def test_eap_teap_eap_mschapv2_machine(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 using machine credential"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_id="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "",
-                anonymous_identity="TEAP",
-                machine_identity="machine", machine_password="machine-password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_eap_mschapv2_user_and_machine(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 using user and machine credentials"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                machine_identity="machine", machine_password="machine-password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_eap_mschapv2_user_and_machine_fail_user(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 using user and machine credentials (fail user)"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="wrong-password",
-                anonymous_identity="TEAP",
-                machine_identity="machine", machine_password="machine-password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac",
-                expect_failure=True)
-
-def test_eap_teap_eap_mschapv2_user_and_machine_fail_machine(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 using user and machine credentials (fail machine)"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                machine_identity="machine",
-                machine_password="wrong-machine-password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac",
-                expect_failure=True)
-
-def test_eap_teap_eap_mschapv2_user_and_machine_no_machine(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 using user and machine credentials (no machine)"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac",
-                expect_failure=True)
-
-def test_eap_teap_eap_mschapv2_user_and_eap_tls_machine(dev, apdev):
-    """EAP-TEAP with inner EAP-MSCHAPv2 user and EAP-TLS machine credentials"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    check_eap_capa(dev[0], "TLS")
-    params = int_teap_server_params(eap_teap_id="5")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user", password="password",
-                anonymous_identity="TEAP",
-                machine_identity="cert user",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                machine_phase2="auth=TLS",
-                machine_ca_cert="auth_serv/ca.pem",
-                machine_client_cert="auth_serv/user.pem",
-                machine_private_key="auth_serv/user.key",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_basic_password_auth_pac(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth and PAC"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=2",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-def test_eap_teap_basic_password_auth_pac_binary(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth and PAC (binary)"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=2 teap_max_pac_list_len=2 teap_pac_format=binary",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac_bin")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-def test_eap_teap_basic_password_auth_pac_no_inner_eap(dev, apdev):
-    """EAP-TEAP with Basic-Password-Auth and PAC without inner auth"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="1",
-                                    eap_teap_pac_no_inner="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=2",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-def test_eap_teap_eap_eke_unauth_server_prov(dev, apdev):
-    """EAP-TEAP with inner EAP-EKE and unauthenticated server provisioning"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "EKE")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user-eke-2",
-                anonymous_identity="TEAP", password="password",
-                phase1="teap_provisioning=1",
-                phase2="auth=EKE", pac_file="blob://teap_pac")
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-def test_eap_teap_fragmentation(dev, apdev):
-    """EAP-TEAP with fragmentation"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac", fragment_size="100")
-
-def test_eap_teap_tls_cs_sha1(dev, apdev):
-    """EAP-TEAP with TLS cipher suite that uses SHA-1"""
-    run_eap_teap_tls_cs(dev, apdev, "AES128-SHA")
-
-def test_eap_teap_tls_cs_sha256(dev, apdev):
-    """EAP-TEAP with TLS cipher suite that uses SHA-256"""
-    run_eap_teap_tls_cs(dev, apdev, "AES128-SHA256")
-
-def test_eap_teap_tls_cs_sha384(dev, apdev):
-    """EAP-TEAP with TLS cipher suite that uses SHA-384"""
-    run_eap_teap_tls_cs(dev, apdev, "AES256-GCM-SHA384")
-
-def run_eap_teap_tls_cs(dev, apdev, cipher):
-    check_eap_capa(dev[0], "TEAP")
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("TLS library not supported for TLS CS configuration: " + tls)
-    params = int_teap_server_params(eap_teap_auth="1")
-    params['openssl_ciphers'] = cipher
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac")
-
-def wait_eap_proposed(dev, wait_trigger=None):
-    ev = dev.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    if wait_trigger:
-        wait_fail_trigger(dev, wait_trigger)
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_teap_errors(dev, apdev):
-    """EAP-TEAP local errors"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   scan_freq="2412",
-                   eap="TEAP", identity="user", password="password",
-                   anonymous_identity="TEAP",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   wait_connect=False)
-    wait_eap_proposed(dev[0])
-
-    dev[0].set("blob", "teap_broken_pac 11")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   scan_freq="2412",
-                   eap="TEAP", identity="user", password="password",
-                   anonymous_identity="TEAP",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   pac_file="blob://teap_broken_pac", wait_connect=False)
-    wait_eap_proposed(dev[0])
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   scan_freq="2412",
-                   eap="TEAP", identity="user", password="password",
-                   anonymous_identity="TEAP",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   phase1="teap_pac_format=binary",
-                   pac_file="blob://teap_broken_pac", wait_connect=False)
-    wait_eap_proposed(dev[0])
-
-    tests = [(1, "eap_teap_tlv_eap_payload"),
-             (1, "eap_teap_process_eap_payload_tlv"),
-             (1, "eap_teap_compound_mac"),
-             (1, "eap_teap_tlv_result"),
-             (1, "eap_peer_select_phase2_methods"),
-             (1, "eap_peer_tls_ssl_init"),
-             (1, "eap_teap_session_id"),
-             (1, "wpabuf_alloc;=eap_teap_process_crypto_binding"),
-             (1, "eap_peer_tls_encrypt"),
-             (1, "eap_peer_tls_decrypt"),
-             (1, "eap_teap_getKey"),
-             (1, "eap_teap_session_id"),
-             (1, "eap_teap_init")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="TEAP", identity="user", password="password",
-                           anonymous_identity="TEAP",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           pac_file="blob://teap_pac", wait_connect=False)
-            wait_eap_proposed(dev[0], wait_trigger="GET_ALLOC_FAIL")
-
-    tests = [(1, "eap_teap_derive_eap_msk"),
-             (1, "eap_teap_derive_eap_emsk"),
-             (1, "eap_teap_write_crypto_binding"),
-             (1, "eap_teap_process_crypto_binding"),
-             (1, "eap_teap_derive_msk;eap_teap_process_crypto_binding"),
-             (1, "eap_teap_compound_mac;eap_teap_process_crypto_binding"),
-             (1, "eap_teap_derive_imck")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="TEAP", identity="user", password="password",
-                           anonymous_identity="TEAP",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           pac_file="blob://teap_pac", wait_connect=False)
-            wait_eap_proposed(dev[0], wait_trigger="GET_FAIL")
-
-def test_eap_teap_errors2(dev, apdev):
-    """EAP-TEAP local errors 2 (Basic-Password-Auth specific)"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_teap_server_params(eap_teap_auth="1")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "eap_teap_tlv_pac_ack"),
-             (1, "eap_teap_process_basic_auth_req")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="TEAP", identity="user", password="password",
-                           anonymous_identity="TEAP",
-                           phase1="teap_provisioning=2",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           pac_file="blob://teap_pac", wait_connect=False)
-            wait_eap_proposed(dev[0], wait_trigger="GET_ALLOC_FAIL")
-
-    tests = [(1, "eap_teap_derive_cmk_basic_pw_auth")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="TEAP", identity="user", password="password",
-                           anonymous_identity="TEAP",
-                           phase1="teap_provisioning=2",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           pac_file="blob://teap_pac", wait_connect=False)
-            wait_eap_proposed(dev[0], wait_trigger="GET_FAIL")
-
-def test_eap_teap_eap_vendor(dev, apdev):
-    """EAP-TEAP with inner EAP-vendor"""
-    check_eap_capa(dev[0], "TEAP")
-    check_eap_capa(dev[0], "VENDOR-TEST")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "TEAP", "vendor-test-2",
-                anonymous_identity="TEAP",
-                ca_cert="auth_serv/ca.pem", phase2="auth=VENDOR-TEST",
-                pac_file="blob://teap_pac")
-
-def test_eap_teap_client_cert(dev, apdev):
-    """EAP-TEAP with client certificate in Phase 1"""
-    check_eap_capa(dev[0], "TEAP")
-    params = int_teap_server_params(eap_teap_auth="2")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # verify server accept a client with certificate, but no Phase 2
-    # configuration
-    eap_connect(dev[0], hapd, "TEAP", "user",
-                anonymous_identity="TEAP",
-                phase1="teap_provisioning=2",
-                client_cert="auth_serv/user.pem",
-                private_key="auth_serv/user.key",
-                ca_cert="auth_serv/ca.pem",
-                pac_file="blob://teap_pac")
-    dev[0].dump_monitor()
-    res = eap_reauth(dev[0], "TEAP")
-    if res['tls_session_reused'] != '1':
-        raise Exception("EAP-TEAP could not use PAC session ticket")
-
-    # verify server accepts a client without certificate
-    eap_connect(dev[1], hapd, "TEAP", "user",
-                anonymous_identity="TEAP", password="password",
-                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                pac_file="blob://teap_pac")
diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py
deleted file mode 100644
index a8f4aeb36483..000000000000
--- a/tests/hwsim/test_eap_proto.py
+++ /dev/null
@@ -1,10377 +0,0 @@
-# EAP protocol tests
-# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import hashlib
-import hmac
-import logging
-logger = logging.getLogger()
-import os
-import select
-import struct
-import threading
-import time
-
-import hostapd
-from utils import *
-from test_ap_eap import check_eap_capa, check_hlr_auc_gw_support, int_eap_server_params
-
-try:
-    import OpenSSL
-    openssl_imported = True
-except ImportError:
-    openssl_imported = False
-
-EAP_CODE_REQUEST = 1
-EAP_CODE_RESPONSE = 2
-EAP_CODE_SUCCESS = 3
-EAP_CODE_FAILURE = 4
-EAP_CODE_INITIATE = 5
-EAP_CODE_FINISH = 6
-
-EAP_TYPE_IDENTITY = 1
-EAP_TYPE_NOTIFICATION = 2
-EAP_TYPE_NAK = 3
-EAP_TYPE_MD5 = 4
-EAP_TYPE_OTP = 5
-EAP_TYPE_GTC = 6
-EAP_TYPE_TLS = 13
-EAP_TYPE_LEAP = 17
-EAP_TYPE_SIM = 18
-EAP_TYPE_TTLS = 21
-EAP_TYPE_AKA = 23
-EAP_TYPE_PEAP = 25
-EAP_TYPE_MSCHAPV2 = 26
-EAP_TYPE_TLV = 33
-EAP_TYPE_TNC = 38
-EAP_TYPE_FAST = 43
-EAP_TYPE_PAX = 46
-EAP_TYPE_PSK = 47
-EAP_TYPE_SAKE = 48
-EAP_TYPE_IKEV2 = 49
-EAP_TYPE_AKA_PRIME = 50
-EAP_TYPE_GPSK = 51
-EAP_TYPE_PWD = 52
-EAP_TYPE_EKE = 53
-EAP_TYPE_EXPANDED = 254
-
-# Type field in EAP-Initiate and EAP-Finish messages
-EAP_ERP_TYPE_REAUTH_START = 1
-EAP_ERP_TYPE_REAUTH = 2
-
-EAP_ERP_TLV_KEYNAME_NAI = 1
-EAP_ERP_TV_RRK_LIFETIME = 2
-EAP_ERP_TV_RMSK_LIFETIME = 3
-EAP_ERP_TLV_DOMAIN_NAME = 4
-EAP_ERP_TLV_CRYPTOSUITES = 5
-EAP_ERP_TLV_AUTHORIZATION_INDICATION = 6
-EAP_ERP_TLV_CALLED_STATION_ID = 128
-EAP_ERP_TLV_CALLING_STATION_ID = 129
-EAP_ERP_TLV_NAS_IDENTIFIER = 130
-EAP_ERP_TLV_NAS_IP_ADDRESS = 131
-EAP_ERP_TLV_NAS_IPV6_ADDRESS = 132
-
-def run_pyrad_server(srv, t_stop, eap_handler):
-    srv.RunWithStop(t_stop, eap_handler)
-
-def start_radius_server(eap_handler):
-    try:
-        import pyrad.server
-        import pyrad.packet
-        import pyrad.dictionary
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    class TestServer(pyrad.server.Server):
-        def _HandleAuthPacket(self, pkt):
-            pyrad.server.Server._HandleAuthPacket(self, pkt)
-            eap = b''
-            for p in pkt[79]:
-                eap += p
-            eap_req = self.eap_handler(self.ctx, eap)
-            reply = self.CreateReplyPacket(pkt)
-            if eap_req:
-                while True:
-                    if len(eap_req) > 253:
-                        reply.AddAttribute("EAP-Message", eap_req[0:253])
-                        eap_req = eap_req[253:]
-                    else:
-                        reply.AddAttribute("EAP-Message", eap_req)
-                        break
-            else:
-                logger.info("No EAP request available")
-            reply.code = pyrad.packet.AccessChallenge
-
-            hmac_obj = hmac.new(reply.secret, digestmod=hashlib.md5)
-            hmac_obj.update(struct.pack("B", reply.code))
-            hmac_obj.update(struct.pack("B", reply.id))
-
-            # reply attributes
-            reply.AddAttribute("Message-Authenticator", 16*b'\x00')
-            attrs = reply._PktEncodeAttributes()
-
-            # Length
-            flen = 4 + 16 + len(attrs)
-            hmac_obj.update(struct.pack(">H", flen))
-            hmac_obj.update(pkt.authenticator)
-            hmac_obj.update(attrs)
-            del reply[80]
-            reply.AddAttribute("Message-Authenticator", hmac_obj.digest())
-
-            self.SendReplyPacket(pkt.fd, reply)
-
-        def RunWithStop(self, t_stop, eap_handler):
-            self._poll = select.poll()
-            self._fdmap = {}
-            self._PrepareSockets()
-            self.t_stop = t_stop
-            self.eap_handler = eap_handler
-            self.ctx = {}
-
-            while not t_stop.is_set():
-                for (fd, event) in self._poll.poll(200):
-                    if event == select.POLLIN:
-                        try:
-                            fdo = self._fdmap[fd]
-                            self._ProcessInput(fdo)
-                        except pyrad.server.ServerPacketError as err:
-                            logger.info("pyrad server dropping packet: " + str(err))
-                        except pyrad.packet.PacketError as err:
-                            logger.info("pyrad server received invalid packet: " + str(err))
-                    else:
-                        logger.error("Unexpected event in pyrad server main loop")
-
-            for fd in self.authfds + self.acctfds:
-                fd.close()
-
-    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
-                     authport=18138, acctport=18139)
-    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
-                                                     b"radius",
-                                                     "localhost")
-    srv.BindToAddress("")
-    t_stop = threading.Event()
-    t = threading.Thread(target=run_pyrad_server, args=(srv, t_stop, eap_handler))
-    t.start()
-
-    return {'srv': srv, 'stop': t_stop, 'thread': t}
-
-def stop_radius_server(srv):
-    srv['stop'].set()
-    srv['thread'].join()
-
-def start_ap(ap):
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    params['auth_server_port'] = "18138"
-    hapd = hostapd.add_ap(ap, params)
-    return hapd
-
-def test_eap_proto(dev, apdev):
-    """EAP protocol tests"""
-    check_eap_capa(dev[0], "MD5")
-    def eap_handler(ctx, req):
-        logger.info("eap_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success - id off by 2")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] + 1, 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success - id off by 3")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] + 2, 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('A'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 1, 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('B'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 1, 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('C'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('D'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 1, 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('E'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request (same id)")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'] - 1,
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('F'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 2, 4)
-
-        return None
-
-    srv = start_radius_server(eap_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=1)
-        if ev is not None:
-            raise Exception("Unexpected EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on EAP notification")
-        if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION A":
-            raise Exception("Unexpected notification contents: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on EAP notification")
-        if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION B":
-            raise Exception("Unexpected notification contents: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on EAP notification")
-        if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION C":
-            raise Exception("Unexpected notification contents: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on EAP notification")
-        if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION D":
-            raise Exception("Unexpected notification contents: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on EAP notification")
-        if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION E":
-            raise Exception("Unexpected notification contents: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on EAP notification")
-        if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION F":
-            raise Exception("Unexpected notification contents: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP failure")
-        dev[0].request("REMOVE_NETWORK all")
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_notification_errors(dev, apdev):
-    """EAP Notification errors"""
-    def eap_handler(ctx, req):
-        logger.info("eap_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('A'))
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Notification/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_NOTIFICATION,
-                               ord('A'))
-
-        return None
-
-    srv = start_radius_server(eap_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        with alloc_fail(dev[0], 1, "eap_sm_processNotify"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="MD5", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with alloc_fail(dev[0], 1, "eap_msg_alloc;sm_EAP_NOTIFICATION_Enter"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="MD5", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-    finally:
-        stop_radius_server(srv)
-
-EAP_SAKE_VERSION = 2
-
-EAP_SAKE_SUBTYPE_CHALLENGE = 1
-EAP_SAKE_SUBTYPE_CONFIRM = 2
-EAP_SAKE_SUBTYPE_AUTH_REJECT = 3
-EAP_SAKE_SUBTYPE_IDENTITY = 4
-
-EAP_SAKE_AT_RAND_S = 1
-EAP_SAKE_AT_RAND_P = 2
-EAP_SAKE_AT_MIC_S = 3
-EAP_SAKE_AT_MIC_P = 4
-EAP_SAKE_AT_SERVERID = 5
-EAP_SAKE_AT_PEERID = 6
-EAP_SAKE_AT_SPI_S = 7
-EAP_SAKE_AT_SPI_P = 8
-EAP_SAKE_AT_ANY_ID_REQ = 9
-EAP_SAKE_AT_PERM_ID_REQ = 10
-EAP_SAKE_AT_ENCR_DATA = 128
-EAP_SAKE_AT_IV = 129
-EAP_SAKE_AT_PADDING = 130
-EAP_SAKE_AT_NEXT_TMPID = 131
-EAP_SAKE_AT_MSK_LIFE = 132
-
-def test_eap_proto_sake(dev, apdev):
-    """EAP-SAKE protocol tests"""
-    global eap_proto_sake_test_done
-    eap_proto_sake_test_done = False
-
-    def sake_challenge(ctx):
-        logger.info("Test: Challenge subtype")
-        return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
-                           4 + 1 + 3 + 18,
-                           EAP_TYPE_SAKE,
-                           EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE,
-                           EAP_SAKE_AT_RAND_S, 18, 0, 0, 0, 0)
-
-    def sake_handler(ctx, req):
-        logger.info("sake_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], 4 + 1,
-                               EAP_TYPE_SAKE)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype without any attributes")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype")
-            return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
-                               EAP_SAKE_AT_ANY_ID_REQ, 4, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype (different session id)")
-            return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 1, EAP_SAKE_SUBTYPE_IDENTITY,
-                               EAP_SAKE_AT_PERM_ID_REQ, 4, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype with too short attribute")
-            return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 2,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
-                               EAP_SAKE_AT_ANY_ID_REQ, 2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype with truncated attribute")
-            return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 2,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
-                               EAP_SAKE_AT_ANY_ID_REQ, 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype with too short attribute header")
-            payload = struct.pack("B", EAP_SAKE_AT_ANY_ID_REQ)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype with AT_IV but not AT_ENCR_DATA")
-            payload = struct.pack("BB", EAP_SAKE_AT_IV, 2)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype with skippable and non-skippable unknown attribute")
-            payload = struct.pack("BBBB", 255, 2, 127, 2)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype: AT_RAND_P with invalid payload length")
-            payload = struct.pack("BB", EAP_SAKE_AT_RAND_P, 2)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype: AT_MIC_P with invalid payload length")
-            payload = struct.pack("BB", EAP_SAKE_AT_MIC_P, 2)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype: AT_PERM_ID_REQ with invalid payload length")
-            payload = struct.pack("BBBBBBBBBBBBBB",
-                                  EAP_SAKE_AT_SPI_S, 2,
-                                  EAP_SAKE_AT_SPI_P, 2,
-                                  EAP_SAKE_AT_ENCR_DATA, 2,
-                                  EAP_SAKE_AT_NEXT_TMPID, 2,
-                                  EAP_SAKE_AT_PERM_ID_REQ, 4, 0, 0,
-                                  EAP_SAKE_AT_PERM_ID_REQ, 2)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype: AT_PADDING")
-            payload = struct.pack("BBBBBB",
-                                  EAP_SAKE_AT_PADDING, 3, 0,
-                                  EAP_SAKE_AT_PADDING, 3, 1)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype: AT_MSK_LIFE")
-            payload = struct.pack(">BBLBBH",
-                                  EAP_SAKE_AT_MSK_LIFE, 6, 0,
-                                  EAP_SAKE_AT_MSK_LIFE, 4, 0)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype with invalid attribute length")
-            payload = struct.pack("BB", EAP_SAKE_AT_ANY_ID_REQ, 0)
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + len(payload),
-                               EAP_TYPE_SAKE, EAP_SAKE_VERSION, 0,
-                               EAP_SAKE_SUBTYPE_IDENTITY) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unknown subtype")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, 123)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge subtype without any attributes")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge subtype with too short AT_RAND_S")
-            return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 2,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE,
-                               EAP_SAKE_AT_RAND_S, 2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return sake_challenge(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Identity subtype")
-            return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
-                               EAP_SAKE_AT_ANY_ID_REQ, 4, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return sake_challenge(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Challenge subtype")
-            return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 18,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE,
-                               EAP_SAKE_AT_RAND_S, 18, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return sake_challenge(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Confirm subtype without any attributes")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return sake_challenge(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Confirm subtype with too short AT_MIC_S")
-            return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 2,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM,
-                               EAP_SAKE_AT_MIC_S, 2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Confirm subtype")
-            return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 18,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM,
-                               EAP_SAKE_AT_MIC_S, 18, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return sake_challenge(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Confirm subtype with incorrect AT_MIC_S")
-            return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 18,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM,
-                               EAP_SAKE_AT_MIC_S, 18, 0, 0, 0, 0)
-
-        global eap_proto_sake_test_done
-        if eap_proto_sake_test_done:
-            return sake_challenge(ctx)
-
-        logger.info("No more test responses available - test case completed")
-        eap_proto_sake_test_done = True
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(sake_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        while not eap_proto_sake_test_done:
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SAKE", identity="sake user",
-                           password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-
-        logger.info("Too short password")
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="SAKE", identity="sake user",
-                       password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        time.sleep(0.1)
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_sake_errors(dev, apdev):
-    """EAP-SAKE local error cases"""
-    check_eap_capa(dev[0], "SAKE")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "eap_sake_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SAKE", identity="sake user",
-                           password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-    tests = [(1, "eap_msg_alloc;eap_sake_build_msg;eap_sake_process_challenge"),
-             (1, "=eap_sake_process_challenge"),
-             (1, "eap_sake_compute_mic;eap_sake_process_challenge"),
-             (1, "eap_sake_build_msg;eap_sake_process_confirm"),
-             (1, "eap_sake_compute_mic;eap_sake_process_confirm"),
-             (2, "eap_sake_compute_mic;=eap_sake_process_confirm"),
-             (1, "eap_sake_getKey"),
-             (1, "eap_sake_get_emsk"),
-             (1, "eap_sake_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SAKE", identity="sake user@domain",
-                           password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                           erp="1",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-    tests = [(1, "os_get_random;eap_sake_process_challenge"),
-             (1, "eap_sake_derive_keys;eap_sake_process_challenge"),
-             (2, "eap_sake_derive_keys;eap_sake_process_challenge"),
-             (3, "eap_sake_derive_keys;eap_sake_process_challenge"),
-             (4, "eap_sake_derive_keys;eap_sake_process_challenge"),
-             (5, "eap_sake_derive_keys;eap_sake_process_challenge"),
-             (6, "eap_sake_derive_keys;eap_sake_process_challenge")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SAKE", identity="sake user",
-                           password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-def test_eap_proto_sake_errors2(dev, apdev):
-    """EAP-SAKE protocol tests (2)"""
-    def sake_handler(ctx, req):
-        logger.info("sake_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity subtype")
-            return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SAKE,
-                               EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
-                               EAP_SAKE_AT_ANY_ID_REQ, 4, 0)
-
-    srv = start_radius_server(sake_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_sake_build_msg;eap_sake_process_identity"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SAKE", identity="sake user",
-                           password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected()
-
-    finally:
-        stop_radius_server(srv)
-
-def run_eap_sake_connect(dev):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="SAKE", identity="sake user",
-                password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_sake_errors_server(dev, apdev):
-    """EAP-SAKE local error cases on server"""
-    check_eap_capa(dev[0], "SAKE")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_sake_init"),
-             (1, "eap_sake_build_msg;eap_sake_build_challenge"),
-             (1, "eap_sake_build_msg;eap_sake_build_confirm"),
-             (1, "eap_sake_compute_mic;eap_sake_build_confirm"),
-             (1, "eap_sake_process_challenge"),
-             (1, "eap_sake_getKey"),
-             (1, "eap_sake_get_emsk"),
-             (1, "eap_sake_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_sake_connect(dev[0])
-
-    tests = [(1, "eap_sake_init"),
-             (1, "eap_sake_build_challenge"),
-             (1, "eap_sake_build_confirm"),
-             (1, "eap_sake_derive_keys;eap_sake_process_challenge"),
-             (1, "eap_sake_compute_mic;eap_sake_process_challenge"),
-             (1, "eap_sake_compute_mic;eap_sake_process_confirm"),
-             (1, "eap_sake_compute_mic;eap_sake_build_confirm"),
-             (1, "eap_sake_process_confirm")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_sake_connect(dev[0])
-
-def start_sake_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="SAKE", identity="sake user",
-                password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
-                wait_connect=False)
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # SAKE/Challenge/Request
-
-def stop_sake_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_sake_server(dev, apdev):
-    """EAP-SAKE protocol testing for the server"""
-    check_eap_capa(dev[0], "SAKE")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    # Successful exchange to verify proxying mechanism
-    start_sake_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # SAKE/Challenge/Response
-    proxy_msg(hapd, dev[0]) # SAKE/Confirm/Request
-    proxy_msg(dev[0], hapd) # SAKE/Confirm/Response
-    proxy_msg(hapd, dev[0]) # EAP-Success
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 1/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 2/4
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 3/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 4/4
-    dev[0].wait_connected()
-    stop_sake_assoc(dev[0], hapd)
-
-    start_sake_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-SAKE header
-    # --> EAP-SAKE: Invalid frame
-    msg = resp[0:4] + "0007" + resp[8:12] + "0007" + "300200"
-    tx_msg(dev[0], hapd, msg)
-    # Unknown version
-    # --> EAP-SAKE: Unknown version 1
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "30010000"
-    tx_msg(dev[0], hapd, msg)
-    # Unknown session
-    # --> EAP-SAKE: Session ID mismatch
-    sess, = struct.unpack('B', binascii.unhexlify(resp[20:22]))
-    sess = binascii.hexlify(struct.pack('B', (sess + 1) % 256)).decode()
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "3002" + sess + "00"
-    tx_msg(dev[0], hapd, msg)
-    # Unknown subtype
-    # --> EAP-SAKE: Unexpected subtype=5 in state=1
-    msg = resp[0:22] + "05" + resp[24:]
-    tx_msg(dev[0], hapd, msg)
-    # Empty challenge
-    # --> EAP-SAKE: Response/Challenge did not include AT_RAND_P or AT_MIC_P
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + resp[16:24]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_sake_assoc(dev[0], hapd)
-
-    start_sake_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Invalid attribute in challenge
-    # --> EAP-SAKE: Too short attribute
-    msg = resp[0:4] + "0009" + resp[8:12] + "0009" + resp[16:26]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_sake_assoc(dev[0], hapd)
-
-    start_sake_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # SAKE/Challenge/Response
-    proxy_msg(hapd, dev[0]) # SAKE/Confirm/Request
-    resp = rx_msg(dev[0])
-    # Empty confirm
-    # --> EAP-SAKE: Response/Confirm did not include AT_MIC_P
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + resp[16:26]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_sake_assoc(dev[0], hapd)
-
-    start_sake_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # SAKE/Challenge/Response
-    proxy_msg(hapd, dev[0]) # SAKE/Confirm/Request
-    resp = rx_msg(dev[0])
-    # Invalid attribute in confirm
-    # --> EAP-SAKE: Too short attribute
-    msg = resp[0:4] + "0009" + resp[8:12] + "0009" + resp[16:26]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_sake_assoc(dev[0], hapd)
-
-    start_sake_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # SAKE/Challenge/Response
-    proxy_msg(hapd, dev[0]) # SAKE/Confirm/Request
-    resp = rx_msg(dev[0])
-    # Corrupted AT_MIC_P value
-    # --> EAP-SAKE: Incorrect AT_MIC_P
-    msg = resp[0:30] + "000000000000" + resp[42:]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_sake_assoc(dev[0], hapd)
-
-def test_eap_proto_leap(dev, apdev):
-    """EAP-LEAP protocol tests"""
-    check_eap_capa(dev[0], "LEAP")
-    def leap_handler(ctx, req):
-        logger.info("leap_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        if ctx['num'] == 1:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_LEAP)
-
-        if ctx['num'] == 2:
-            logger.info("Test: Unexpected version")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_LEAP,
-                               0, 0, 0)
-
-        if ctx['num'] == 3:
-            logger.info("Test: Invalid challenge length")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_LEAP,
-                               1, 0, 0)
-
-        if ctx['num'] == 4:
-            logger.info("Test: Truncated challenge")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8)
-
-        if ctx['num'] == 5:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 6:
-            logger.info("Test: Missing payload in Response")
-            return struct.pack(">BBHB", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_LEAP)
-
-        if ctx['num'] == 7:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 8:
-            logger.info("Test: Unexpected version in Response")
-            return struct.pack(">BBHBBBB", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_LEAP,
-                               0, 0, 8)
-
-        if ctx['num'] == 9:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 10:
-            logger.info("Test: Invalid challenge length in Response")
-            return struct.pack(">BBHBBBB", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_LEAP,
-                               1, 0, 0)
-
-        if ctx['num'] == 11:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 12:
-            logger.info("Test: Truncated challenge in Response")
-            return struct.pack(">BBHBBBB", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24)
-
-        if ctx['num'] == 13:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 14:
-            logger.info("Test: Invalid challange value in Response")
-            return struct.pack(">BBHBBBB6L", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0, 0, 0, 0, 0, 0)
-
-        if ctx['num'] == 15:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 16:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        if ctx['num'] == 17:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 18:
-            logger.info("Test: Success")
-            return struct.pack(">BBHB", EAP_CODE_SUCCESS, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_LEAP)
-        # hostapd will drop the next frame in the sequence
-
-        if ctx['num'] == 19:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        if ctx['num'] == 20:
-            logger.info("Test: Failure")
-            return struct.pack(">BBHB", EAP_CODE_FAILURE, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_LEAP)
-
-        return None
-
-    srv = start_radius_server(leap_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 12):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.1)
-            if i == 10:
-                logger.info("Wait for additional roundtrip")
-                time.sleep(1)
-            dev[0].request("REMOVE_NETWORK all")
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_leap_errors(dev, apdev):
-    """EAP-LEAP protocol tests (error paths)"""
-    check_eap_capa(dev[0], "LEAP")
-
-    def leap_handler2(ctx, req):
-        logger.info("leap_handler2 - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challange value in Response")
-            return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_LEAP,
-                               1, 0, 24,
-                               0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
-                               0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
-                               0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid challenge")
-            return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_LEAP,
-                               1, 0, 8, 0, 0)
-
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(leap_handler2)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        with alloc_fail(dev[0], 1, "eap_leap_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_leap_process_request"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user",
-                           password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with alloc_fail(dev[0], 1, "eap_leap_process_success"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "os_get_random;eap_leap_process_success"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "eap_leap_process_response"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user",
-                           password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "nt_password_hash;eap_leap_process_response"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "hash_nt_password_hash;eap_leap_process_response"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with alloc_fail(dev[0], 1, "eap_leap_getKey"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user",
-                           password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "eap_leap_getKey"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user",
-                           password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "nt_password_hash;eap_leap_getKey"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1, "hash_nt_password_hash;eap_leap_getKey"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-        with fail_test(dev[0], 1,
-                       "nt_challenge_response;eap_leap_process_request"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="LEAP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_md5(dev, apdev):
-    """EAP-MD5 protocol tests"""
-    check_eap_capa(dev[0], "MD5")
-
-    def md5_handler(ctx, req):
-        logger.info("md5_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        if ctx['num'] == 1:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_MD5)
-
-        if ctx['num'] == 2:
-            logger.info("Test: Zero-length challenge")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_MD5,
-                               0)
-
-        if ctx['num'] == 3:
-            logger.info("Test: Truncated challenge")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_MD5,
-                               1)
-
-        if ctx['num'] == 4:
-            logger.info("Test: Shortest possible challenge and name")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-
-        return None
-
-    srv = start_radius_server(md5_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 4):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="MD5", identity="user", password="password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_md5_errors(dev, apdev):
-    """EAP-MD5 local error cases"""
-    check_eap_capa(dev[0], "MD5")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    with fail_test(dev[0], 1, "chap_md5"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="phase1-user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_md5_process"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="phase1-user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-
-def run_eap_md5_connect(dev):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="MD5", identity="phase1-user", password="password",
-                wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_md5_errors_server(dev, apdev):
-    """EAP-MD5 local error cases on server"""
-    check_eap_capa(dev[0], "MD5")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_md5_init")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_md5_connect(dev[0])
-
-    tests = [(1, "os_get_random;eap_md5_buildReq"),
-             (1, "chap_md5;eap_md5_process")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_md5_connect(dev[0])
-
-def start_md5_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="MD5", identity="phase1-user", password="password",
-                wait_connect=False)
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # MSCHAPV2/Request
-    proxy_msg(dev, hapd) # NAK
-    proxy_msg(hapd, dev) # MD5 Request
-
-def stop_md5_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_md5_server(dev, apdev):
-    """EAP-MD5 protocol testing for the server"""
-    check_eap_capa(dev[0], "MD5")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    # Successful exchange to verify proxying mechanism
-    start_md5_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # MD5 Response
-    proxy_msg(hapd, dev[0]) # EAP-Success
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("No EAP-Success reported")
-    stop_md5_assoc(dev[0], hapd)
-
-    start_md5_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-MD5 header (no length field)
-    hapd.note("EAP-MD5: Invalid frame")
-    msg = resp[0:4] + "0005" + resp[8:12] + "0005" + "04"
-    tx_msg(dev[0], hapd, msg)
-    # Too short EAP-MD5 header (no length field)
-    hapd.note("EAP-MD5: Invalid response (response_len=0 payload_len=1")
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "0400"
-    tx_msg(dev[0], hapd, msg)
-    stop_md5_assoc(dev[0], hapd)
-
-def test_eap_proto_otp(dev, apdev):
-    """EAP-OTP protocol tests"""
-    def otp_handler(ctx, req):
-        logger.info("otp_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        if ctx['num'] == 1:
-            logger.info("Test: Empty payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_OTP)
-        if ctx['num'] == 2:
-            logger.info("Test: Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'],
-                               4)
-
-        if ctx['num'] == 3:
-            logger.info("Test: Challenge included")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_OTP,
-                               ord('A'))
-        if ctx['num'] == 4:
-            logger.info("Test: Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'],
-                               4)
-
-        return None
-
-    srv = start_radius_server(otp_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 1):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="OTP", identity="user", password="password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="OTP", identity="user", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-REQ-OTP"])
-        if ev is None:
-            raise Exception("Request for password timed out")
-        id = ev.split(':')[0].split('-')[-1]
-        dev[0].request("CTRL-RSP-OTP-" + id + ":password")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"])
-        if ev is None:
-            raise Exception("Success not reported")
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_otp_errors(dev, apdev):
-    """EAP-OTP local error cases"""
-    def otp_handler2(ctx, req):
-        logger.info("otp_handler2 - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge included")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_OTP,
-                               ord('A'))
-
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(otp_handler2)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_otp_process"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="OTP", identity="user", password="password",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-    finally:
-        stop_radius_server(srv)
-
-EAP_GPSK_OPCODE_GPSK_1 = 1
-EAP_GPSK_OPCODE_GPSK_2 = 2
-EAP_GPSK_OPCODE_GPSK_3 = 3
-EAP_GPSK_OPCODE_GPSK_4 = 4
-EAP_GPSK_OPCODE_FAIL = 5
-EAP_GPSK_OPCODE_PROTECTED_FAIL = 6
-
-def test_eap_proto_gpsk(dev, apdev):
-    """EAP-GPSK protocol tests"""
-    def gpsk_handler(ctx, req):
-        logger.info("gpsk_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_GPSK)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unknown opcode")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_GPSK,
-                               255)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected GPSK-3")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_3)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Too short GPSK-1")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Truncated ID_Server")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Missing RAND_Server")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Missing CSuite_List")
-            return struct.pack(">BBHBBH8L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Truncated CSuite_List")
-            return struct.pack(">BBHBBH8LH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Empty CSuite_List")
-            return struct.pack(">BBHBBH8LH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Invalid CSuite_List")
-            return struct.pack(">BBHBBH8LHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 1,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               1, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 No supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected GPSK-1")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite but too short key")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short GPSK-3")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_3)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Mismatch in RAND_Peer")
-            return struct.pack(">BBHBB8L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 32,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_3,
-                               0, 0, 0, 0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Missing RAND_Server")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Mismatch in RAND_Server")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8L", 1, 1, 1, 1, 1, 1, 1, 1)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Missing ID_Server")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8L", 0, 0, 0, 0, 0, 0, 0, 0)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Truncated ID_Server")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 1)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Mismatch in ID_Server")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 3,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBHB8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 3 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 1, ord('A'),
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Mismatch in ID_Server (same length)")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 3,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[15:47]
-            msg += struct.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Missing CSuite_Sel")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 0)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Mismatch in CSuite_Sel")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2 + 6,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Missing len(PD_Payload_Block)")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2 + 6,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Truncated PD_Payload_Block")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2 + 6 + 2,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LHLHH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Missing MAC")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2 + 6 + 3,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LHLHHB",
-                               0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123)
-            return msg
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-1 Supported CSuite")
-            return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 32 + 2 + 6,
-                               EAP_TYPE_GPSK,
-                               EAP_GPSK_OPCODE_GPSK_1, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               6, 0, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: GPSK-3 Incorrect MAC")
-            msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                              4 + 1 + 1 + 32 + 32 + 2 + 6 + 3 + 16,
-                              EAP_TYPE_GPSK,
-                              EAP_GPSK_OPCODE_GPSK_3)
-            msg += req[14:46]
-            msg += struct.pack(">8LHLHHB4L",
-                               0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123,
-                               0, 0, 0, 0)
-            return msg
-
-        return None
-
-    srv = start_radius_server(gpsk_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 27):
-            if i == 12:
-                pw = "short"
-            else:
-                pw = "abcdefghijklmnop0123456789abcdef"
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="GPSK", identity="user", password=pw,
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.05)
-            dev[0].request("REMOVE_NETWORK all")
-    finally:
-        stop_radius_server(srv)
-
-def run_eap_gpsk_connect(dev):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="GPSK", identity="gpsk user",
-                password="abcdefghijklmnop0123456789abcdef",
-                wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_gpsk_errors_server(dev, apdev):
-    """EAP-GPSK local error cases on server"""
-    check_eap_capa(dev[0], "GPSK")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_gpsk_init"),
-             (1, "eap_msg_alloc;eap_gpsk_build_gpsk_1"),
-             (1, "eap_msg_alloc;eap_gpsk_build_gpsk_3"),
-             (1, "eap_gpsk_process_gpsk_2"),
-             (1, "eap_gpsk_derive_keys;eap_gpsk_process_gpsk_2"),
-             (1, "eap_gpsk_derive_session_id;eap_gpsk_process_gpsk_2"),
-             (1, "eap_gpsk_getKey"),
-             (1, "eap_gpsk_get_emsk"),
-             (1, "eap_gpsk_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_gpsk_connect(dev[0])
-
-    tests = [(1, "os_get_random;eap_gpsk_build_gpsk_1"),
-             (1, "eap_gpsk_compute_mic;eap_gpsk_build_gpsk_3"),
-             (1, "eap_gpsk_derive_keys;eap_gpsk_process_gpsk_2"),
-             (1, "eap_gpsk_derive_session_id;eap_gpsk_process_gpsk_2"),
-             (1, "eap_gpsk_compute_mic;eap_gpsk_process_gpsk_2"),
-             (1, "eap_gpsk_compute_mic;eap_gpsk_process_gpsk_4")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_gpsk_connect(dev[0])
-
-def start_gpsk_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="GPSK", identity="gpsk user",
-                password="abcdefghijklmnop0123456789abcdef",
-                wait_connect=False)
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # GPSK-1
-
-def stop_gpsk_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_gpsk_server(dev, apdev):
-    """EAP-GPSK protocol testing for the server"""
-    check_eap_capa(dev[0], "GPSK")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    # Successful exchange to verify proxying mechanism
-    start_gpsk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # GPSK-2
-    proxy_msg(hapd, dev[0]) # GPSK-3
-    proxy_msg(dev[0], hapd) # GPSK-4
-    proxy_msg(hapd, dev[0]) # EAP-Success
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 1/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 2/4
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 3/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 4/4
-    dev[0].wait_connected()
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-GPSK header (no OP-Code)
-    # --> EAP-GPSK: Invalid frame
-    msg = resp[0:4] + "0005" + resp[8:12] + "0005" + "33"
-    tx_msg(dev[0], hapd, msg)
-    # Unknown OP-Code
-    # --> EAP-GPSK: Unexpected opcode=7 in state=0
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "3307"
-    tx_msg(dev[0], hapd, msg)
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for ID_Peer length
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "3302"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for ID_Peer
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "33020001"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for ID_Server length
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "33020000"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for ID_Server
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "330200000001"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # ID_Server mismatch
-    # --> EAP-GPSK: ID_Server in GPSK-1 and GPSK-2 did not match
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "330200000000"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for RAND_Peer
-    msg = resp[0:4] + "0011" + resp[8:12] + "0011" + "330200000007" + binascii.hexlify(b"hostapd").decode()
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for RAND_Server
-    msg = resp[0:4] + "0031" + resp[8:12] + "0031" + "330200000007" + binascii.hexlify(b"hostapd").decode() + 32*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # RAND_Server mismatch
-    # --> EAP-GPSK: RAND_Server in GPSK-1 and GPSK-2 did not match
-    msg = resp[0:4] + "0051" + resp[8:12] + "0051" + "330200000007" + binascii.hexlify(b"hostapd").decode() + 32*"00" + 32*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for CSuite_List length
-    msg = resp[0:4] + "005a" + resp[8:12] + "005a" + resp[16:188]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for CSuite_List
-    msg = resp[0:4] + "005c" + resp[8:12] + "005c" + resp[16:192]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: CSuite_List in GPSK-1 and GPSK-2 did not match
-    msg = resp[0:4] + "005c" + resp[8:12] + "005c" + resp[16:188] + "0000"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for CSuite_Sel
-    msg = resp[0:4] + "0068" + resp[8:12] + "0068" + resp[16:216]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Unsupported CSuite_Sel
-    # --> EAP-GPSK: Peer selected unsupported ciphersuite 0:255
-    msg = resp[0:4] + "006e" + resp[8:12] + "006e" + resp[16:226] + "ff"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for PD_Payload_1 length
-    msg = resp[0:4] + "006e" + resp[8:12] + "006e" + resp[16:228]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Too short message for PD_Payload_1
-    msg = resp[0:4] + "0070" + resp[8:12] + "0070" + resp[16:230] + "ff"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short GPSK-2
-    # --> EAP-GPSK: Message too short for MIC (left=0 miclen=16)
-    msg = resp[0:4] + "0070" + resp[8:12] + "0070" + resp[16:232]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Extra data in the end of GPSK-2
-    # --> EAP-GPSK: Ignored 1 bytes of extra data in the end of GPSK-2
-    msg = resp[0:4] + "0081" + resp[8:12] + "0081" + resp[16:264] + "00"
-    tx_msg(dev[0], hapd, msg)
-    proxy_msg(hapd, dev[0]) # GPSK-3
-    resp = rx_msg(dev[0])
-    # Too short GPSK-4
-    # --> EAP-GPSK: Too short message for PD_Payload_1 length
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "3304"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # EAP-Failure
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # GPSK-2
-    proxy_msg(hapd, dev[0]) # GPSK-3
-    resp = rx_msg(dev[0])
-    # Too short GPSK-4
-    # --> EAP-GPSK: Too short message for PD_Payload_1
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "33040001"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # EAP-Failure
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # GPSK-2
-    proxy_msg(hapd, dev[0]) # GPSK-3
-    resp = rx_msg(dev[0])
-    # Too short GPSK-4
-    # --> EAP-GPSK: Message too short for MIC (left=0 miclen=16)
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "33040000"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # EAP-Failure
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # GPSK-2
-    proxy_msg(hapd, dev[0]) # GPSK-3
-    resp = rx_msg(dev[0])
-    # Incorrect MIC in GPSK-4
-    # --> EAP-GPSK: Incorrect MIC in GPSK-4
-    msg = resp[0:4] + "0018" + resp[8:12] + "0018" + "33040000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # EAP-Failure
-    stop_gpsk_assoc(dev[0], hapd)
-
-    start_gpsk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # GPSK-2
-    proxy_msg(hapd, dev[0]) # GPSK-3
-    resp = rx_msg(dev[0])
-    # Incorrect MIC in GPSK-4
-    # --> EAP-GPSK: Ignored 1 bytes of extra data in the end of GPSK-4
-    msg = resp[0:4] + "0019" + resp[8:12] + "0019" + resp[16:] + "00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # EAP-Success
-    stop_gpsk_assoc(dev[0], hapd)
-
-EAP_EKE_ID = 1
-EAP_EKE_COMMIT = 2
-EAP_EKE_CONFIRM = 3
-EAP_EKE_FAILURE = 4
-
-def test_eap_proto_eke(dev, apdev):
-    """EAP-EKE protocol tests"""
-    def eke_handler(ctx, req):
-        logger.info("eke_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_EKE)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unknown exchange")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               255)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No NumProposals in EAP-EKE-ID/Request")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: NumProposals=0 in EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated Proposals list in EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               2, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported proposals in EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4B4B4B4B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 * 4,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               4, 0,
-                               0, 0, 0, 0,
-                               3, 0, 0, 0,
-                               3, 1, 0, 0,
-                               3, 1, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing IDType/Identity in EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4B4B4B4B4B",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 5 * 4,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               5, 0,
-                               0, 0, 0, 0,
-                               3, 0, 0, 0,
-                               3, 1, 0, 0,
-                               3, 1, 1, 0,
-                               3, 1, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4BB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               1, 0,
-                               3, 1, 1, 1,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4BB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               1, 0,
-                               3, 1, 1, 1,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4BB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               1, 0,
-                               3, 1, 1, 1,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected EAP-EKE-Confirm/Request")
-            return struct.pack(">BBHBB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_CONFIRM)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short EAP-EKE-Failure/Request")
-            return struct.pack(">BBHBB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_FAILURE)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected EAP-EKE-Commit/Request")
-            return struct.pack(">BBHBB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_COMMIT)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4BB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               1, 0,
-                               3, 1, 1, 1,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short EAP-EKE-Commit/Request")
-            return struct.pack(">BBHBB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_COMMIT)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4BB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               1, 0,
-                               1, 1, 1, 1,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
-            return struct.pack(">BBHBB4L32L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16 + 128,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_COMMIT,
-                               0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short EAP-EKE-Confirm/Request")
-            return struct.pack(">BBHBB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_CONFIRM)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid EAP-EKE-ID/Request")
-            return struct.pack(">BBHBBBB4BB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2 + 4 + 1,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_ID,
-                               1, 0,
-                               1, 1, 1, 1,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
-            return struct.pack(">BBHBB4L32L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16 + 128,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_COMMIT,
-                               0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid PNonce_PS and Auth_S values in EAP-EKE-Confirm/Request")
-            return struct.pack(">BBHBB4L8L5L5L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16 + 2 * 16 + 20 + 20,
-                               EAP_TYPE_EKE,
-                               EAP_EKE_CONFIRM,
-                               0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               0, 0, 0, 0, 0,
-                               0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(eke_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 14):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="EKE", identity="user", password="password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            if i in [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            else:
-                time.sleep(0.05)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def eap_eke_test_fail(dev, phase1=None, success=False):
-    dev.connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="EKE", identity="eke user@domain", password="hello",
-                phase1=phase1, erp="1", wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP failure")
-    if not success and "CTRL-EVENT-EAP-FAILURE" not in ev:
-        raise Exception("EAP did not fail during failure test")
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-
-def test_eap_proto_eke_errors(dev, apdev):
-    """EAP-EKE local error cases"""
-    check_eap_capa(dev[0], "EKE")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "eap_eke_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="EKE", identity="eke user", password="hello",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_eke_dh_init", None),
-             (1, "eap_eke_prf_hmac_sha1", "dhgroup=3 encr=1 prf=1 mac=1"),
-             (1, "eap_eke_prf_hmac_sha256", "dhgroup=5 encr=1 prf=2 mac=2"),
-             (1, "eap_eke_prf", None),
-             (1, "os_get_random;eap_eke_dhcomp", None),
-             (1, "aes_128_cbc_encrypt;eap_eke_dhcomp", None),
-             (1, "aes_128_cbc_decrypt;eap_eke_shared_secret", None),
-             (1, "hmac_sha256_vector;eap_eke_shared_secret", None),
-             (1, "eap_eke_prf_hmac_sha256;eap_eke_derive_ke_ki", None),
-             (1, "eap_eke_prf_hmac_sha256;eap_eke_derive_ka", None),
-             (1, "eap_eke_prf_hmac_sha256;eap_eke_derive_msk", None),
-             (1, "os_get_random;eap_eke_prot", None),
-             (1, "aes_128_cbc_decrypt;eap_eke_decrypt_prot", None),
-             (1, "eap_eke_derive_key;eap_eke_process_commit", None),
-             (1, "eap_eke_dh_init;eap_eke_process_commit", None),
-             (1, "eap_eke_shared_secret;eap_eke_process_commit", None),
-             (1, "eap_eke_derive_ke_ki;eap_eke_process_commit", None),
-             (1, "eap_eke_dhcomp;eap_eke_process_commit", None),
-             (1, "os_get_random;eap_eke_process_commit", None),
-             (1, "os_get_random;=eap_eke_process_commit", None),
-             (1, "eap_eke_prot;eap_eke_process_commit", None),
-             (1, "eap_eke_decrypt_prot;eap_eke_process_confirm", None),
-             (1, "eap_eke_derive_ka;eap_eke_process_confirm", None),
-             (1, "eap_eke_auth;eap_eke_process_confirm", None),
-             (2, "eap_eke_auth;eap_eke_process_confirm", None),
-             (1, "eap_eke_prot;eap_eke_process_confirm", None),
-             (1, "aes_128_cbc_encrypt;eap_eke_prot;eap_eke_process_confirm", None),
-             (1, "hmac_sha256;eap_eke_prot;eap_eke_process_confirm", None),
-             (1, "eap_eke_derive_msk;eap_eke_process_confirm", None)]
-    for count, func, phase1 in tests:
-        with fail_test(dev[0], count, func):
-            eap_eke_test_fail(dev[0], phase1)
-
-    tests = [(1, "=eap_eke_derive_ke_ki", None),
-             (1, "=eap_eke_derive_ka", None),
-             (1, "=eap_eke_derive_msk", None),
-             (1, "eap_eke_build_msg;eap_eke_process_id", None),
-             (1, "wpabuf_alloc;eap_eke_process_id", None),
-             (1, "=eap_eke_process_id", None),
-             (1, "wpabuf_alloc;=eap_eke_process_id", None),
-             (1, "wpabuf_alloc;eap_eke_process_id", None),
-             (1, "eap_eke_build_msg;eap_eke_process_commit", None),
-             (1, "wpabuf_resize;eap_eke_process_commit", None),
-             (1, "eap_eke_build_msg;eap_eke_process_confirm", None)]
-    for count, func, phase1 in tests:
-        with alloc_fail(dev[0], count, func):
-            eap_eke_test_fail(dev[0], phase1)
-
-    tests = [(1, "eap_eke_getKey", None),
-             (1, "eap_eke_get_emsk", None),
-             (1, "eap_eke_get_session_id", None)]
-    for count, func, phase1 in tests:
-        with alloc_fail(dev[0], count, func):
-            eap_eke_test_fail(dev[0], phase1, success=True)
-
-EAP_PAX_OP_STD_1 = 0x01
-EAP_PAX_OP_STD_2 = 0x02
-EAP_PAX_OP_STD_3 = 0x03
-EAP_PAX_OP_SEC_1 = 0x11
-EAP_PAX_OP_SEC_2 = 0x12
-EAP_PAX_OP_SEC_3 = 0x13
-EAP_PAX_OP_SEC_4 = 0x14
-EAP_PAX_OP_SEC_5 = 0x15
-EAP_PAX_OP_ACK = 0x21
-
-EAP_PAX_FLAGS_MF = 0x01
-EAP_PAX_FLAGS_CE = 0x02
-EAP_PAX_FLAGS_AI = 0x04
-
-EAP_PAX_MAC_HMAC_SHA1_128 = 0x01
-EAP_PAX_HMAC_SHA256_128 = 0x02
-
-EAP_PAX_DH_GROUP_NONE = 0x00
-EAP_PAX_DH_GROUP_2048_MODP = 0x01
-EAP_PAX_DH_GROUP_3072_MODP = 0x02
-EAP_PAX_DH_GROUP_NIST_ECC_P_256 = 0x03
-
-EAP_PAX_PUBLIC_KEY_NONE = 0x00
-EAP_PAX_PUBLIC_KEY_RSAES_OAEP = 0x01
-EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5 = 0x02
-EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC = 0x03
-
-EAP_PAX_ADE_VENDOR_SPECIFIC = 0x01
-EAP_PAX_ADE_CLIENT_CHANNEL_BINDING = 0x02
-EAP_PAX_ADE_SERVER_CHANNEL_BINDING = 0x03
-
-def test_eap_proto_pax(dev, apdev):
-    """EAP-PAX protocol tests"""
-    def pax_std_1(ctx):
-            logger.info("Test: STD-1")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0x16, 0xc9, 0x08, 0x9d, 0x98, 0xa5, 0x6e, 0x1f,
-                               0xf0, 0xac, 0xcf, 0xc4, 0x66, 0xcd, 0x2d, 0xbf)
-
-    def pax_handler(ctx, req):
-        logger.info("pax_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_PAX)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Minimum length payload")
-            return struct.pack(">BBHB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 16,
-                               EAP_TYPE_PAX,
-                               0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported MAC ID")
-            return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, 255, EAP_PAX_DH_GROUP_NONE,
-                               EAP_PAX_PUBLIC_KEY_NONE,
-                               0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported DH Group ID")
-            return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               255, EAP_PAX_PUBLIC_KEY_NONE,
-                               0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported Public Key ID")
-            return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, 255,
-                               0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: More fragments")
-            return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, EAP_PAX_FLAGS_MF,
-                               EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid ICV")
-            return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid ICV in short frame")
-            return struct.pack(">BBHBBBBBB3L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 12,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Correct ICV - unsupported op_code")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               255, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0x90, 0x78, 0x97, 0x38, 0x29, 0x94, 0x32, 0xd4,
-                               0x81, 0x27, 0xe0, 0xf6, 0x3b, 0x0d, 0xb2, 0xb2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Correct ICV - CE flag in STD-1")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, EAP_PAX_FLAGS_CE,
-                               EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0x9c, 0x98, 0xb4, 0x0b, 0x94, 0x90, 0xde, 0x88,
-                               0xb7, 0x72, 0x63, 0x44, 0x1d, 0xe3, 0x7c, 0x5c)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Correct ICV - too short STD-1 payload")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0xda, 0xab, 0x2c, 0xe7, 0x84, 0x41, 0xb5, 0x5c,
-                               0xee, 0xcf, 0x62, 0x03, 0xc5, 0x69, 0xcb, 0xf4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Correct ICV - incorrect A length in STD-1")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               0, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0xc4, 0xb0, 0x81, 0xe4, 0x6c, 0x8c, 0x20, 0x23,
-                               0x60, 0x46, 0x89, 0xea, 0x94, 0x60, 0xf3, 0x2a)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Correct ICV - extra data in STD-1")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBBH8LB16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 1 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               1,
-                               0x61, 0x49, 0x65, 0x37, 0x21, 0xe8, 0xd8, 0xbf,
-                               0xf3, 0x02, 0x01, 0xe5, 0x42, 0x51, 0xd3, 0x34)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected STD-1")
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0xe5, 0x1d, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
-                               0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return pax_std_1(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MAC ID changed during session")
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_HMAC_SHA256_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0xee, 0x00, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
-                               0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return pax_std_1(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: DH Group ID changed during session")
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_2048_MODP,
-                               EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0xee, 0x01, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
-                               0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return pax_std_1(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Public Key ID changed during session")
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE,
-                               EAP_PAX_PUBLIC_KEY_RSAES_OAEP,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0xee, 0x02, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
-                               0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected STD-3")
-            ctx['id'] = 10
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_3, 0, EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0x47, 0xbb, 0xc0, 0xf9, 0xb9, 0x69, 0xf5, 0xcb,
-                               0x3a, 0xe8, 0xe7, 0xd6, 0x80, 0x28, 0xf2, 0x59)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return pax_std_1(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            # TODO: MAC calculation; for now, this gets dropped due to incorrect
-            # ICV
-            logger.info("Test: STD-3 with CE flag")
-            return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 5 + 2 + 32 + 16,
-                               EAP_TYPE_PAX,
-                               EAP_PAX_OP_STD_3, EAP_PAX_FLAGS_CE,
-                               EAP_PAX_MAC_HMAC_SHA1_128,
-                               EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
-                               32, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0x8a, 0xc2, 0xf9, 0xf4, 0x8b, 0x75, 0x72, 0xa2,
-                               0x4d, 0xd3, 0x1e, 0x54, 0x77, 0x04, 0x05, 0xe2)
-
-        idx += 1
-        if ctx['num'] & 0x1 == idx & 0x1:
-            logger.info("Test: Default request")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_PAX)
-        else:
-            logger.info("Test: Default EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(pax_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 18):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PAX", identity="user",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            logger.info("Waiting for EAP method to start")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.05)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-        logger.info("Too short password")
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PAX", identity="user",
-                       password_hex="0123456789abcdef0123456789abcd",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-        logger.info("No password")
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PAX", identity="user",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_pax_errors(dev, apdev):
-    """EAP-PAX local error cases"""
-    check_eap_capa(dev[0], "PAX")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "eap_pax_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PAX", identity="pax.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = ["eap_msg_alloc;eap_pax_alloc_resp;eap_pax_process_std_1",
-             "eap_msg_alloc;eap_pax_alloc_resp;eap_pax_process_std_3",
-             "eap_pax_getKey",
-             "eap_pax_get_emsk",
-             "eap_pax_get_session_id"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PAX", identity="pax.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           erp="1", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "os_get_random;eap_pax_process_std_1"),
-             (1, "eap_pax_initial_key_derivation"),
-             (1, "eap_pax_mac;eap_pax_process_std_3"),
-             (2, "eap_pax_mac;eap_pax_process_std_3"),
-             (1, "eap_pax_kdf;eap_pax_getKey"),
-             (1, "eap_pax_kdf;eap_pax_get_emsk")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PAX", identity="pax.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           erp="1", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def run_eap_pax_connect(dev):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="PAX", identity="pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_pax_errors_server(dev, apdev):
-    """EAP-PAX local error cases on server"""
-    check_eap_capa(dev[0], "PAX")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_pax_init"),
-             (1, "eap_msg_alloc;eap_pax_build_std_1"),
-             (1, "eap_msg_alloc;eap_pax_build_std_3"),
-             (1, "=eap_pax_process_std_2"),
-             (1, "eap_pax_getKey"),
-             (1, "eap_pax_get_emsk"),
-             (1, "eap_pax_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_pax_connect(dev[0])
-
-    tests = [(1, "os_get_random;eap_pax_build_std_1"),
-             (1, "eap_pax_mac;eap_pax_build_std_1"),
-             (1, "eap_pax_mac;eap_pax_build_std_3"),
-             (2, "eap_pax_mac;=eap_pax_build_std_3"),
-             (1, "eap_pax_initial_key_derivation;eap_pax_process_std_2"),
-             (1, "eap_pax_mac;eap_pax_process_std_2"),
-             (2, "eap_pax_mac;=eap_pax_process_std_2"),
-             (1, "eap_pax_mac;eap_pax_check")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_pax_connect(dev[0])
-
-def start_pax_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="PAX", identity="pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                wait_connect=False)
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # PAX_STD-1
-
-def stop_pax_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_pax_server(dev, apdev):
-    """EAP-PAX protocol testing for the server"""
-    check_eap_capa(dev[0], "PAX")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    # Successful exchange to verify proxying mechanism
-    start_pax_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # PAX_STD-2
-    proxy_msg(hapd, dev[0]) # PAX_STD-3
-    proxy_msg(dev[0], hapd) # PAX-ACK
-    proxy_msg(hapd, dev[0]) # EAP-Success
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 1/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 2/4
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 3/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 4/4
-    dev[0].wait_connected()
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-PAX header (no OP-Code)
-    hapd.note("EAP-PAX: Invalid frame")
-    msg = resp[0:4] + "0005" + resp[8:12] + "0005" + "2e"
-    tx_msg(dev[0], hapd, msg)
-    # Too short EAP-PAX message (no payload)
-    hapd.note("EAP-PAX: Invalid frame")
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "2e1100000000"
-    tx_msg(dev[0], hapd, msg)
-    # Unexpected PAX_SEC-2
-    hapd.note("EAP-PAX: Expected PAX_STD-2 - ignore op 17")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e1100000000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Unexpected MAC ID
-    hapd.note("EAP-PAX: Expected MAC ID 0x1, received 0xff")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e0200ff0000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Unexpected DH Group ID
-    hapd.note("EAP-PAX: Expected DH Group ID 0x0, received 0xff")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e020001ff00" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Unexpected Public Key ID
-    hapd.note("EAP-PAX: Expected Public Key ID 0x0, received 0xff")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e02000100ff" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Unsupported Flags - MF
-    hapd.note("EAP-PAX: fragmentation not supported")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e0201010000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Unsupported Flags - CE
-    hapd.note("EAP-PAX: Unexpected CE flag")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e0202010000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Too short Payload in PAX_STD-2
-    hapd.note("EAP-PAX: Too short PAX_STD-2 (B)")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e0200010000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short Payload in PAX_STD-2
-    hapd.note("EAP-PAX: Too short PAX_STD-2 (CID)")
-    msg = resp[0:4] + "002c" + resp[8:12] + "002c" + "2e0200010000" + "0020" + 32*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short Payload in PAX_STD-2
-    hapd.note("EAP-PAX: Too short PAX_STD-2 (CID)")
-    msg = resp[0:4] + "002e" + resp[8:12] + "002e" + "2e0200010000" + "0020" + 32*"00" + "ffff"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too long CID in PAX_STD-2
-    hapd.note("EAP-PAX: Too long CID")
-    msg = resp[0:4] + "062e" + resp[8:12] + "062e" + "2e0200010000" + "0020" + 32*"00" + "0600" + 1536*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short Payload in PAX_STD-2
-    hapd.note("EAP-PAX: Too short PAX_STD-2 (MAC_CK)")
-    msg = resp[0:4] + "003c" + resp[8:12] + "003c" + "2e0200010000" + "0020" + 32*"00" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Unknown CID for PAX
-    hapd.note("EAP-PAX: EAP-PAX not enabled for CID")
-    msg = resp[0:4] + "0041" + resp[8:12] + "0041" + "2e0200010000" + "0020" + 32*"00" + "0001" + "00" + "0010" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short ICV
-    hapd.note("EAP-PAX: Too short ICV (15) in PAX_STD-2")
-    msg = resp[0:4] + "0063" + resp[8:12] + "0063" + resp[16:206]
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_pax_assoc(dev[0], hapd)
-
-    start_pax_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # PAX_STD-2
-    proxy_msg(hapd, dev[0]) # PAX_STD-3
-    resp = rx_msg(dev[0])
-    # Unexpected PAX_STD-2
-    hapd.note("EAP-PAX: Expected PAX-ACK - ignore op 1")
-    msg = resp[0:4] + "001a" + resp[8:12] + "001a" + "2e0100000000" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    stop_pax_assoc(dev[0], hapd)
-
-def test_eap_proto_psk(dev, apdev):
-    """EAP-PSK protocol tests"""
-    def psk_handler(ctx, req):
-        logger.info("psk_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_PSK)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Non-zero T in first message")
-            return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16,
-                               EAP_TYPE_PSK, 0xc0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first message")
-            return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16,
-                               EAP_TYPE_PSK, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short third message")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_PSK)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first message")
-            return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16,
-                               EAP_TYPE_PSK, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Incorrect T in third message")
-            return struct.pack(">BBHBB4L4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16 + 16,
-                               EAP_TYPE_PSK, 0, 0, 0, 0, 0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first message")
-            return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16,
-                               EAP_TYPE_PSK, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing PCHANNEL in third message")
-            return struct.pack(">BBHBB4L4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16 + 16,
-                               EAP_TYPE_PSK, 0x80, 0, 0, 0, 0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first message")
-            return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16,
-                               EAP_TYPE_PSK, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalic MAC_S in third message")
-            return struct.pack(">BBHBB4L4L5LB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16 + 16 + 21,
-                               EAP_TYPE_PSK, 0x80, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first message")
-            return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 16,
-                               EAP_TYPE_PSK, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(psk_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 6):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PSK", identity="user",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-
-        logger.info("Test: Invalid PSK length")
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PSK", identity="user",
-                       password_hex="0123456789abcdef0123456789abcd",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_psk_errors(dev, apdev):
-    """EAP-PSK local error cases"""
-    check_eap_capa(dev[0], "PSK")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 3):
-        with alloc_fail(dev[0], i, "eap_psk_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PSK", identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    for i in range(1, 4):
-        with fail_test(dev[0], i, "eap_psk_key_setup;eap_psk_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PSK", identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "=eap_psk_process_1"),
-             (2, "=eap_psk_process_1"),
-             (1, "eap_msg_alloc;eap_psk_process_1"),
-             (1, "=eap_psk_process_3"),
-             (2, "=eap_psk_process_3"),
-             (1, "eap_msg_alloc;eap_psk_process_3"),
-             (1, "eap_psk_getKey"),
-             (1, "eap_psk_get_session_id"),
-             (1, "eap_psk_get_emsk")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PSK", identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL",
-                              note="No allocation failure seen for %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "os_get_random;eap_psk_process_1"),
-             (1, "omac1_aes_128;eap_psk_process_3"),
-             (1, "=omac1_aes_vector;omac1_aes_128;aes_128_eax_encrypt"),
-             (2, "=omac1_aes_vector;omac1_aes_128;aes_128_eax_encrypt"),
-             (3, "=omac1_aes_vector;omac1_aes_128;aes_128_eax_encrypt"),
-             (1, "=omac1_aes_vector;omac1_aes_128;aes_128_eax_decrypt"),
-             (2, "=omac1_aes_vector;omac1_aes_128;aes_128_eax_decrypt"),
-             (3, "=omac1_aes_vector;omac1_aes_128;aes_128_eax_decrypt"),
-             (1, "aes_128_eax_decrypt;eap_psk_process_3"),
-             (2, "aes_128_eax_decrypt;eap_psk_process_3"),
-             (3, "aes_128_eax_decrypt;eap_psk_process_3"),
-             (1, "aes_128_eax_encrypt;eap_psk_process_3"),
-             (2, "aes_128_eax_encrypt;eap_psk_process_3"),
-             (3, "aes_128_eax_encrypt;eap_psk_process_3"),
-             (1, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (2, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (3, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (4, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (5, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (6, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (7, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (8, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (9, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (10, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
-             (1, "aes_ctr_encrypt;aes_128_eax_decrypt;eap_psk_process_3"),
-             (1, "aes_ctr_encrypt;aes_128_eax_encrypt;eap_psk_process_3")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PSK", identity="psk.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_FAIL",
-                              note="No failure seen for %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-def run_eap_psk_connect(dev):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="PSK", identity="psk.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_psk_errors_server(dev, apdev):
-    """EAP-PSK local error cases on server"""
-    check_eap_capa(dev[0], "PSK")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_psk_init"),
-             (1, "eap_msg_alloc;eap_psk_build_1"),
-             (1, "eap_msg_alloc;eap_psk_build_3"),
-             (1, "=eap_psk_build_3"),
-             (1, "=eap_psk_process_2"),
-             (2, "=eap_psk_process_2"),
-             (1, "=eap_psk_process_4"),
-             (1, "aes_128_eax_decrypt;eap_psk_process_4"),
-             (1, "eap_psk_getKey"),
-             (1, "eap_psk_get_emsk"),
-             (1, "eap_psk_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_psk_connect(dev[0])
-
-    tests = [(1, "os_get_random;eap_psk_build_1"),
-             (1, "omac1_aes_128;eap_psk_build_3"),
-             (1, "eap_psk_derive_keys;eap_psk_build_3"),
-             (1, "aes_128_eax_encrypt;eap_psk_build_3"),
-             (1, "eap_psk_key_setup;eap_psk_process_2"),
-             (1, "omac1_aes_128;eap_psk_process_2"),
-             (1, "aes_128_eax_decrypt;eap_psk_process_4")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_psk_connect(dev[0])
-
-def start_psk_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="PSK", identity="psk.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                wait_connect=False)
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # PSK-1
-
-def stop_psk_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_psk_server(dev, apdev):
-    """EAP-PSK protocol testing for the server"""
-    check_eap_capa(dev[0], "PSK")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    # Successful exchange to verify proxying mechanism
-    start_psk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # PSK-2
-    proxy_msg(hapd, dev[0]) # PSK-3
-    proxy_msg(dev[0], hapd) # PSK-4
-    proxy_msg(hapd, dev[0]) # EAP-Success
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 1/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 2/4
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 3/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 4/4
-    dev[0].wait_connected()
-    stop_psk_assoc(dev[0], hapd)
-
-    start_psk_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-PSK header (no Flags)
-    hapd.note("EAP-PSK: Invalid frame")
-    msg = resp[0:4] + "0005" + resp[8:12] + "0005" + "2f"
-    tx_msg(dev[0], hapd, msg)
-    # Unexpected PSK-1
-    hapd.note("EAP-PSK: Expected PSK-2 - ignore T=0")
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "2f00"
-    tx_msg(dev[0], hapd, msg)
-    # Too short PSK-2
-    hapd.note("EAP-PSK: Too short frame")
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "2f40"
-    tx_msg(dev[0], hapd, msg)
-    # PSK-2 with unknown ID_P
-    hapd.note("EAP-PSK: EAP-PSK not enabled for ID_P")
-    msg = resp[0:4] + "004a" + resp[8:12] + "004a" + "2f40" + 3*16*"00" + 20*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # EAP-Failure
-    stop_psk_assoc(dev[0], hapd)
-
-    start_psk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # PSK-2
-    proxy_msg(hapd, dev[0]) # PSK-3
-    resp = rx_msg(dev[0])
-    # Unexpected PSK-2
-    hapd.note("EAP-PSK: Expected PSK-4 - ignore T=1")
-    msg = resp[0:4] + "0016" + resp[8:12] + "0016" + "2f40" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    # Too short PSK-4 (no PCHANNEL)
-    hapd.note("EAP-PSK: Too short PCHANNEL data in PSK-4 (len=0, expected 21)")
-    msg = resp[0:4] + "0016" + resp[8:12] + "0016" + "2fc0" + 16*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # PSK-3 retry
-    stop_psk_assoc(dev[0], hapd)
-
-    start_psk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # PSK-2
-    proxy_msg(hapd, dev[0]) # PSK-3
-    resp = rx_msg(dev[0])
-    # PCHANNEL Nonce did not increase
-    hapd.note("EAP-PSK: Nonce did not increase")
-    msg = resp[0:4] + "002b" + resp[8:12] + "002b" + "2fc0" + 16*"00" + 21*"00"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # PSK-3 retry
-    stop_psk_assoc(dev[0], hapd)
-
-    start_psk_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # PSK-2
-    proxy_msg(hapd, dev[0]) # PSK-3
-    resp = rx_msg(dev[0])
-    # Invalid PCHANNEL encryption
-    hapd.note("EAP-PSK: PCHANNEL decryption failed")
-    msg = resp[0:4] + "002b" + resp[8:12] + "002b" + "2fc0" + 16*"00" + 21*"11"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd) # PSK-3 retry
-    stop_psk_assoc(dev[0], hapd)
-
-EAP_SIM_SUBTYPE_START = 10
-EAP_SIM_SUBTYPE_CHALLENGE = 11
-EAP_SIM_SUBTYPE_NOTIFICATION = 12
-EAP_SIM_SUBTYPE_REAUTHENTICATION = 13
-EAP_SIM_SUBTYPE_CLIENT_ERROR = 14
-
-EAP_AKA_SUBTYPE_CHALLENGE = 1
-EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT = 2
-EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE = 4
-EAP_AKA_SUBTYPE_IDENTITY = 5
-EAP_AKA_SUBTYPE_NOTIFICATION = 12
-EAP_AKA_SUBTYPE_REAUTHENTICATION = 13
-EAP_AKA_SUBTYPE_CLIENT_ERROR = 14
-
-EAP_SIM_AT_RAND = 1
-EAP_SIM_AT_AUTN = 2
-EAP_SIM_AT_RES = 3
-EAP_SIM_AT_AUTS = 4
-EAP_SIM_AT_PADDING = 6
-EAP_SIM_AT_NONCE_MT = 7
-EAP_SIM_AT_PERMANENT_ID_REQ = 10
-EAP_SIM_AT_MAC = 11
-EAP_SIM_AT_NOTIFICATION = 12
-EAP_SIM_AT_ANY_ID_REQ = 13
-EAP_SIM_AT_IDENTITY = 14
-EAP_SIM_AT_VERSION_LIST = 15
-EAP_SIM_AT_SELECTED_VERSION = 16
-EAP_SIM_AT_FULLAUTH_ID_REQ = 17
-EAP_SIM_AT_COUNTER = 19
-EAP_SIM_AT_COUNTER_TOO_SMALL = 20
-EAP_SIM_AT_NONCE_S = 21
-EAP_SIM_AT_CLIENT_ERROR_CODE = 22
-EAP_SIM_AT_KDF_INPUT = 23
-EAP_SIM_AT_KDF = 24
-EAP_SIM_AT_IV = 129
-EAP_SIM_AT_ENCR_DATA = 130
-EAP_SIM_AT_NEXT_PSEUDONYM = 132
-EAP_SIM_AT_NEXT_REAUTH_ID = 133
-EAP_SIM_AT_CHECKCODE = 134
-EAP_SIM_AT_RESULT_IND = 135
-EAP_SIM_AT_BIDDING = 136
-
-def test_eap_proto_aka(dev, apdev):
-    """EAP-AKA protocol tests"""
-    def aka_handler(ctx, req):
-        logger.info("aka_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_AKA)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unknown subtype")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA, 255, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Client Error")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CLIENT_ERROR, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short attribute header")
-            return struct.pack(">BBHBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 3,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated attribute")
-            return struct.pack(">BBHBBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255,
-                               255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short attribute data")
-            return struct.pack(">BBHBBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255,
-                               0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Skippable/non-skippable unrecognzized attribute")
-            return struct.pack(">BBHBBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 10,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               255, 1, 0, 127, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request without ID type")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID (duplicate)")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request FULLAUTH_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request FULLAUTH_ID (duplicate)")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request FULLAUTH_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request PERMANENT_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request PERMANENT_ID (duplicate)")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with no attributes")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: AKA Challenge with BIDDING")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_BIDDING, 1, 0x8000)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification with no attributes")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification indicating success, but no MAC")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 32768)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification indicating success, but invalid MAC value")
-            return struct.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 20,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 32768,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification indicating success with zero-key MAC")
-            return struct.pack(">BBHBBHBBHBBH16B", EAP_CODE_REQUEST,
-                               ctx['id'] - 2,
-                               4 + 1 + 3 + 4 + 20,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 32768,
-                               EAP_SIM_AT_MAC, 5, 0,
-                               0xbe, 0x2e, 0xbb, 0xa9, 0xfa, 0x2e, 0x82, 0x36,
-                               0x37, 0x8c, 0x32, 0x41, 0xb7, 0xc7, 0x58, 0xa3)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification before auth")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 16384)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification before auth")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 16385)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification with unrecognized non-failure")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification before auth (duplicate)")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Re-authentication (unexpected) with no attributes")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_REAUTHENTICATION,
-                               0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: AKA Challenge with Checkcode claiming identity round was used")
-            return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: AKA Challenge with Checkcode claiming no identity round was used")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_CHECKCODE, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: AKA Challenge with mismatching Checkcode value")
-            return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Re-authentication (unexpected) with Checkcode claimin identity round was used")
-            return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_REAUTHENTICATION,
-                               0,
-                               EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_RAND length")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_RAND, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_AUTN length")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_AUTN, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unencrypted AT_PADDING")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_PADDING, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_NONCE_MT length")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_NONCE_MT, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_MAC length")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_MAC, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_NOTIFICATION length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_NOTIFICATION, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: AT_IDENTITY overflow")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_IDENTITY, 1, 0xffff)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected AT_VERSION_LIST")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_VERSION_LIST, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_SELECTED_VERSION length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_SELECTED_VERSION, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unencrypted AT_COUNTER")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_COUNTER, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unencrypted AT_COUNTER_TOO_SMALL")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_COUNTER_TOO_SMALL, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unencrypted AT_NONCE_S")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_NONCE_S, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_CLIENT_ERROR_CODE length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_CLIENT_ERROR_CODE, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_IV length")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_IV, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_ENCR_DATA length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_ENCR_DATA, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unencrypted AT_NEXT_PSEUDONYM")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_NEXT_PSEUDONYM, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unencrypted AT_NEXT_REAUTH_ID")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_NEXT_REAUTH_ID, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_RES length")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_RES, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_RES length")
-            return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 24,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_RES, 6, 0xffff, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_AUTS length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_AUTS, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_CHECKCODE length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_CHECKCODE, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_RESULT_IND length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_RESULT_IND, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected AT_KDF_INPUT")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected AT_KDF")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_KDF, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_BIDDING length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_BIDDING, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(aka_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 49):
-            eap = "AKA AKA'" if i == 11 else "AKA"
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap=eap, identity="0232010000000000",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            if i in [0, 15]:
-                time.sleep(0.1)
-            else:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_aka_prime(dev, apdev):
-    """EAP-AKA' protocol tests"""
-    def aka_prime_handler(ctx, req):
-        logger.info("aka_prime_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            dev[0].note("Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_AKA_PRIME)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with no attributes")
-            dev[0].note("Challenge with no attributes")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with empty AT_KDF_INPUT")
-            dev[0].note("Challenge with empty AT_KDF_INPUT")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with AT_KDF_INPUT")
-            dev[0].note("Test: Challenge with AT_KDF_INPUT")
-            return struct.pack(">BBHBBHBBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'))
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with duplicated KDF")
-            dev[0].note("Challenge with duplicated KDF")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 2,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple KDF proposals")
-            dev[0].note("Challenge with multiple KDF proposals (preparation)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with incorrect KDF selected")
-            dev[0].note("Challenge with incorrect KDF selected")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple KDF proposals")
-            dev[0].note("Challenge with multiple KDF proposals (preparation)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with selected KDF not duplicated")
-            dev[0].note("Challenge with selected KDF not duplicated")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple KDF proposals")
-            dev[0].note("Challenge with multiple KDF proposals (preparation)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with selected KDF duplicated (missing MAC, RAND, AUTN)")
-            dev[0].note("Challenge with selected KDF duplicated (missing MAC, RAND, AUTN)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple unsupported KDF proposals")
-            dev[0].note("Challenge with multiple unsupported KDF proposals")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 2 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple KDF proposals")
-            dev[0].note("Challenge with multiple KDF proposals (preparation)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with invalid MAC, RAND, AUTN values)")
-            dev[0].note("Challenge with invalid MAC, RAND, AUTN values)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBHBBH4LBBH4LBBH4L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 * 4 + 20 + 20 + 20,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0,
-                               EAP_SIM_AT_RAND, 5, 0, 0, 0, 0, 0,
-                               EAP_SIM_AT_AUTN, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge - AMF separation bit not set)")
-            dev[0].note("Challenge - AMF separation bit not set)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_MAC, 5, 0, 1, 2, 3, 4,
-                               EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8,
-                               EAP_SIM_AT_AUTN, 5, 0, 9, 10,
-                               0x2fda8ef7, 0xbba518cc)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge - Invalid MAC")
-            dev[0].note("Challenge - Invalid MAC")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_MAC, 5, 0, 1, 2, 3, 4,
-                               EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8,
-                               EAP_SIM_AT_AUTN, 5, 0, 0xffffffff, 0xffffffff,
-                               0xd1f90322, 0x40514cb4)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge - Valid MAC")
-            dev[0].note("Challenge - Valid MAC")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_MAC, 5, 0,
-                               0xf4a3c1d3, 0x7c901401, 0x34bd8b01, 0x6f7fa32f,
-                               EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8,
-                               EAP_SIM_AT_AUTN, 5, 0, 0xffffffff, 0xffffffff,
-                               0xd1f90322, 0x40514cb4)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_KDF_INPUT length")
-            dev[0].note("Invalid AT_KDF_INPUT length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 0xffff, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid AT_KDF length")
-            dev[0].note("Invalid AT_KDF length")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_IDENTITY, 0,
-                               EAP_SIM_AT_KDF, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with large number of KDF proposals")
-            dev[0].note("Challenge with large number of KDF proposals")
-            return struct.pack(">BBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 12 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF, 1, 255,
-                               EAP_SIM_AT_KDF, 1, 254,
-                               EAP_SIM_AT_KDF, 1, 253,
-                               EAP_SIM_AT_KDF, 1, 252,
-                               EAP_SIM_AT_KDF, 1, 251,
-                               EAP_SIM_AT_KDF, 1, 250,
-                               EAP_SIM_AT_KDF, 1, 249,
-                               EAP_SIM_AT_KDF, 1, 248,
-                               EAP_SIM_AT_KDF, 1, 247,
-                               EAP_SIM_AT_KDF, 1, 246,
-                               EAP_SIM_AT_KDF, 1, 245,
-                               EAP_SIM_AT_KDF, 1, 244)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple KDF proposals")
-            dev[0].note("Challenge with multiple KDF proposals (preparation)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 2 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 2,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with an extra KDF appended")
-            dev[0].note("Challenge with an extra KDF appended")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 2,
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with multiple KDF proposals")
-            dev[0].note("Challenge with multiple KDF proposals (preparation)")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 2 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 2,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge with a modified KDF")
-            dev[0].note("Challenge with a modified KDF")
-            return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 3 * 4,
-                               EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
-                               ord('c'), ord('d'),
-                               EAP_SIM_AT_KDF, 1, 1,
-                               EAP_SIM_AT_KDF, 1, 0,
-                               EAP_SIM_AT_KDF, 1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(aka_prime_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 18):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="AKA'", identity="6555444333222111",
-                           password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            if i in [0]:
-                time.sleep(0.1)
-            else:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_sim(dev, apdev):
-    """EAP-SIM protocol tests"""
-    def sim_handler(ctx, req):
-        logger.info("sim_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_SIM)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected AT_AUTN")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_AUTN, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short AT_VERSION_LIST")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: AT_VERSION_LIST overflow")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 1, 0xffff)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected AT_AUTS")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_AUTS, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected AT_CHECKCODE")
-            return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_CHECKCODE, 2, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No AT_VERSION_LIST in Start")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No support version in AT_VERSION_LIST")
-            return struct.pack(">BBHBBHBBH4B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 3, 2, 3, 4, 5)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request without ID type")
-            return struct.pack(">BBHBBHBBH2H", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID (duplicate)")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request FULLAUTH_ID")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request FULLAUTH_ID (duplicate)")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request ANY_ID")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_ANY_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request FULLAUTH_ID")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request PERMANENT_ID")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Identity request PERMANENT_ID (duplicate)")
-            return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 8 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
-                               EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
-                               EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No AT_MAC and AT_RAND in Challenge")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No AT_RAND in Challenge")
-            return struct.pack(">BBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 20,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Insufficient number of challenges in Challenge")
-            return struct.pack(">BBHBBHBBH4LBBH4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 20 + 20,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_RAND, 5, 0, 0, 0, 0, 0,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too many challenges in Challenge")
-            return struct.pack(">BBHBBHBBH4L4L4L4LBBH4L", EAP_CODE_REQUEST,
-                               ctx['id'],
-                               4 + 1 + 3 + 4 + 4 * 16 + 20,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_RAND, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0, 0, 0,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Same RAND multiple times in Challenge")
-            return struct.pack(">BBHBBHBBH4L4L4LBBH4L", EAP_CODE_REQUEST,
-                               ctx['id'],
-                               4 + 1 + 3 + 4 + 3 * 16 + 20,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
-                               EAP_SIM_AT_RAND, 13, 0, 0, 0, 0, 0, 0, 0, 0, 1,
-                               0, 0, 0, 0,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification with no attributes")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification indicating success, but no MAC")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 32768)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification indicating success, but invalid MAC value")
-            return struct.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 20,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 32768,
-                               EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification before auth")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 16384)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification before auth")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 16385)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification with unrecognized non-failure")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Notification before auth (duplicate)")
-            return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
-                               EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Re-authentication (unexpected) with no attributes")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_REAUTHENTICATION,
-                               0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Client Error")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CLIENT_ERROR, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unknown subtype")
-            return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3,
-                               EAP_TYPE_SIM, 255, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(sim_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 25):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SIM", identity="1232010000000000",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            if i in [0]:
-                time.sleep(0.1)
-            else:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_sim_errors(dev, apdev):
-    """EAP-SIM protocol tests (error paths)"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1, "eap_sim_init"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="SIM", identity="1232010000000000",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    with fail_test(dev[0], 1, "os_get_random;eap_sim_init"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="SIM", identity="1232010000000000",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="SIM", identity="1232010000000000",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-
-    with fail_test(dev[0], 1, "aes_128_cbc_encrypt;eap_sim_response_reauth"):
-        hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("EAP re-authentication did not start")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="SIM", identity="1232010000000000",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-
-    with fail_test(dev[0], 1, "os_get_random;eap_sim_msg_add_encr_start"):
-        hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("EAP re-authentication did not start")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="SIM", identity="1232010000000000",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-
-    with fail_test(dev[0], 1, "os_get_random;eap_sim_init_for_reauth"):
-        hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("EAP re-authentication did not start")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="SIM", identity="1232010000000000",
-                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-
-    with alloc_fail(dev[0], 1, "eap_sim_parse_encr;eap_sim_process_reauthentication"):
-        hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("EAP re-authentication did not start")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    tests = [(1, "eap_sim_verify_mac;eap_sim_process_challenge"),
-             (1, "eap_sim_parse_encr;eap_sim_process_challenge"),
-             (1, "eap_sim_msg_init;eap_sim_response_start"),
-             (1, "wpabuf_alloc;eap_sim_msg_init;eap_sim_response_start"),
-             (1, "=eap_sim_learn_ids"),
-             (2, "=eap_sim_learn_ids"),
-             (2, "eap_sim_learn_ids"),
-             (3, "eap_sim_learn_ids"),
-             (1, "eap_sim_process_start"),
-             (1, "eap_sim_getKey"),
-             (1, "eap_sim_get_emsk"),
-             (1, "eap_sim_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SIM", identity="1232010000000000@domain",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                           erp="1", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    tests = [(1, "aes_128_cbc_decrypt;eap_sim_parse_encr")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="SIM", identity="1232010000000000",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    params = int_eap_server_params()
-    params['eap_sim_db'] = "unix:/tmp/hlr_auc_gw.sock"
-    params['eap_sim_aka_result_ind'] = "1"
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1,
-                    "eap_sim_msg_init;eap_sim_response_notification"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       scan_freq="2412",
-                       eap="SIM", identity="1232010000000000",
-                       phase1="result_ind=1",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    tests = ["eap_sim_msg_add_encr_start;eap_sim_response_notification",
-             "aes_128_cbc_encrypt;eap_sim_response_notification"]
-    for func in tests:
-        with fail_test(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="SIM", identity="1232010000000000",
-                           phase1="result_ind=1",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-            dev[0].request("REAUTHENTICATE")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not started on reauthentication")
-            time.sleep(0.1)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    tests = ["eap_sim_parse_encr;eap_sim_process_notification_reauth"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="SIM", identity="1232010000000000",
-                           phase1="result_ind=1",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-            dev[0].request("REAUTHENTICATE")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not started on reauthentication")
-            time.sleep(0.1)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-def test_eap_proto_aka_errors(dev, apdev):
-    """EAP-AKA protocol tests (error paths)"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1, "eap_aka_init"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="AKA", identity="0232010000000000",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = [(1, "=eap_aka_learn_ids"),
-             (2, "=eap_aka_learn_ids"),
-             (1, "eap_sim_parse_encr;eap_aka_process_challenge"),
-             (1, "wpabuf_alloc;eap_aka_add_id_msg"),
-             (1, "eap_aka_getKey"),
-             (1, "eap_aka_get_emsk"),
-             (1, "eap_aka_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="AKA", identity="0232010000000000@domain",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                           erp="1", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    params = int_eap_server_params()
-    params['eap_sim_db'] = "unix:/tmp/hlr_auc_gw.sock"
-    params['eap_sim_aka_result_ind'] = "1"
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1,
-                    "eap_sim_msg_init;eap_aka_response_notification"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="AKA", identity="0232010000000000",
-                       phase1="result_ind=1",
-                       password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    tests = [(1, "aes_128_encrypt_block;milenage_f1;milenage_check", None),
-             (2, "aes_128_encrypt_block;milenage_f1;milenage_check", None),
-             (1, "milenage_f2345;milenage_check", None),
-             (7, "aes_128_encrypt_block;milenage_f2345;milenage_check",
-              "ff0000000123"),
-             (1, "aes_128_encrypt_block;milenage_f1;milenage_check",
-              "fff000000123")]
-    for count, func, seq in tests:
-        if not seq:
-            seq = "000000000123"
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="AKA", identity="0232010000000000",
-                           phase1="result_ind=1",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:" + seq,
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-    tests = ["eap_sim_msg_add_encr_start;eap_aka_response_notification",
-             "aes_128_cbc_encrypt;eap_aka_response_notification"]
-    for func in tests:
-        with fail_test(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="AKA", identity="0232010000000000",
-                           phase1="result_ind=1",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-            dev[0].request("REAUTHENTICATE")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not started on reauthentication")
-            time.sleep(0.1)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    tests = ["eap_sim_parse_encr;eap_aka_process_notification_reauth"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="AKA", identity="0232010000000000",
-                           phase1="result_ind=1",
-                           password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-            dev[0].request("REAUTHENTICATE")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("EAP method not started on reauthentication")
-            time.sleep(0.1)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-def test_eap_proto_aka_prime_errors(dev, apdev):
-    """EAP-AKA' protocol tests (error paths)"""
-    check_hlr_auc_gw_support()
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1, "eap_aka_init"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="AKA'", identity="6555444333222111",
-                       password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="AKA'", identity="6555444333222111",
-                   password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-
-    with fail_test(dev[0], 1, "aes_128_cbc_encrypt;eap_aka_response_reauth"):
-        hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("EAP re-authentication did not start")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="AKA'", identity="6555444333222111",
-                   password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-
-    with alloc_fail(dev[0], 1, "eap_sim_parse_encr;eap_aka_process_reauthentication"):
-        hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("EAP re-authentication did not start")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    tests = [(1, "eap_sim_verify_mac_sha256"),
-             (1, "=eap_aka_process_challenge")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="AKA'", identity="6555444333222111",
-                           password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
-                           erp="1", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-def test_eap_proto_ikev2(dev, apdev):
-    """EAP-IKEv2 protocol tests"""
-    check_eap_capa(dev[0], "IKEV2")
-
-    global eap_proto_ikev2_test_done
-    eap_proto_ikev2_test_done = False
-
-    def ikev2_handler(ctx, req):
-        logger.info("ikev2_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_IKEV2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated Message Length field")
-            return struct.pack(">BBHBB3B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 3,
-                               EAP_TYPE_IKEV2, 0x80, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short Message Length value")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_IKEV2, 0x80, 0, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated message")
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_IKEV2, 0x80, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated message(2)")
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_IKEV2, 0x80, 0xffffffff)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated message(3)")
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_IKEV2, 0xc0, 0xffffffff)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated message(4)")
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_IKEV2, 0xc0, 10000000)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too long fragments (first fragment)")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_IKEV2, 0xc0, 2, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too long fragments (second fragment)")
-            return struct.pack(">BBHBB2B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2,
-                               EAP_TYPE_IKEV2, 0x00, 2, 3)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No Message Length field in first fragment")
-            return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 1,
-                               EAP_TYPE_IKEV2, 0x40, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: ICV before keys")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_IKEV2, 0x20)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported IKEv2 header version")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Incorrect IKEv2 header Length")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0x20, 0, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected IKEv2 Exchange Type in SA_INIT state")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0x20, 0, 0, 0, 28)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected IKEv2 Message ID in SA_INIT state")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0x20, 34, 0, 1, 28)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected IKEv2 Flags value")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0x20, 34, 0, 0, 28)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected IKEv2 Flags value(2)")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0x20, 34, 0x20, 0, 28)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No SAi1 in SA_INIT")
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 28,
-                               EAP_TYPE_IKEV2, 0x00,
-                               0, 0, 0, 0,
-                               0, 0x20, 34, 0x08, 0, 28)
-
-        def build_ike(id, next=0, exch_type=34, flags=0x00, ike=b''):
-            return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, id,
-                               4 + 1 + 1 + 28 + len(ike),
-                               EAP_TYPE_IKEV2, flags,
-                               0, 0, 0, 0,
-                               next, 0x20, exch_type, 0x08, 0,
-                               28 + len(ike)) + ike
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected extra data after payloads")
-            return build_ike(ctx['id'], ike=struct.pack(">B", 1))
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated payload header")
-            return build_ike(ctx['id'], next=128, ike=struct.pack(">B", 1))
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too small payload header length")
-            ike = struct.pack(">BBH", 0, 0, 3)
-            return build_ike(ctx['id'], next=128, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too large payload header length")
-            ike = struct.pack(">BBH", 0, 0, 5)
-            return build_ike(ctx['id'], next=128, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported payload (non-critical and critical)")
-            ike = struct.pack(">BBHBBH", 129, 0, 4, 0, 0x01, 4)
-            return build_ike(ctx['id'], next=128, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Certificate and empty SAi1")
-            ike = struct.pack(">BBHBBH", 33, 0, 4, 0, 0, 4)
-            return build_ike(ctx['id'], next=37, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short proposal")
-            ike = struct.pack(">BBHBBHBBB", 0, 0, 4 + 7,
-                              0, 0, 7, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too small proposal length in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 7, 0, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too large proposal length in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 9, 0, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected proposal type in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              1, 0, 8, 0, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Protocol ID in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 8, 0, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected proposal number in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 8, 0, 1, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Not enough room for SPI in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 8, 1, 1, 1, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected SPI in SAi1")
-            ike = struct.pack(">BBHBBHBBBBB", 0, 0, 4 + 9,
-                              0, 0, 9, 1, 1, 1, 0, 1)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No transforms in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 8, 1, 1, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short transform in SAi1")
-            ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
-                              0, 0, 8, 1, 1, 0, 1)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too small transform length in SAi1")
-            ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
-                              0, 0, 8 + 8, 1, 1, 0, 1,
-                              0, 0, 7, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too large transform length in SAi1")
-            ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
-                              0, 0, 8 + 8, 1, 1, 0, 1,
-                              0, 0, 9, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Transform type in SAi1")
-            ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
-                              0, 0, 8 + 8, 1, 1, 0, 1,
-                              1, 0, 8, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No transform attributes in SAi1")
-            ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
-                              0, 0, 8 + 8, 1, 1, 0, 1,
-                              0, 0, 8, 0, 0, 0)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No transform attr for AES and unexpected data after transforms in SAi1")
-            tlen1 = 8 + 3
-            tlen2 = 8 + 4
-            tlen3 = 8 + 4
-            tlen = tlen1 + tlen2 + tlen3
-            ike = struct.pack(">BBHBBHBBBBBBHBBH3BBBHBBHHHBBHBBHHHB",
-                              0, 0, 4 + 8 + tlen + 1,
-                              0, 0, 8 + tlen + 1, 1, 1, 0, 3,
-                              3, 0, tlen1, 1, 0, 12, 1, 2, 3,
-                              3, 0, tlen2, 1, 0, 12, 0, 128,
-                              0, 0, tlen3, 1, 0, 12, 0x8000 | 14, 127,
-                              1)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        def build_sa(next=0):
-            tlen = 5 * 8
-            return struct.pack(">BBHBBHBBBBBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
-                               next, 0, 4 + 8 + tlen,
-                               0, 0, 8 + tlen, 1, 1, 0, 5,
-                               3, 0, 8, 1, 0, 3,
-                               3, 0, 8, 2, 0, 1,
-                               3, 0, 8, 3, 0, 1,
-                               3, 0, 8, 4, 0, 5,
-                               0, 0, 8, 241, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid proposal, but no KEi in SAi1")
-            ike = build_sa()
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Empty KEi in SAi1")
-            ike = build_sa(next=34) + struct.pack(">BBH", 0, 0, 4)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Mismatch in DH Group in SAi1")
-            ike = build_sa(next=34)
-            ike += struct.pack(">BBHHH", 0, 0, 4 + 4 + 96, 12345, 0)
-            ike += 96*b'\x00'
-            return build_ike(ctx['id'], next=33, ike=ike)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid DH public value length in SAi1")
-            ike = build_sa(next=34)
-            ike += struct.pack(">BBHHH", 0, 0, 4 + 4 + 96, 5, 0)
-            ike += 96*b'\x00'
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        def build_ke(next=0):
-            ke = struct.pack(">BBHHH", next, 0, 4 + 4 + 192, 5, 0)
-            ke += 191*b'\x00'+b'\x02'
-            return ke
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid proposal and KEi, but no Ni in SAi1")
-            ike = build_sa(next=34)
-            ike += build_ke()
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short Ni in SAi1")
-            ike = build_sa(next=34)
-            ike += build_ke(next=40)
-            ike += struct.pack(">BBH", 0, 0, 4)
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too long Ni in SAi1")
-            ike = build_sa(next=34)
-            ike += build_ke(next=40)
-            ike += struct.pack(">BBH", 0, 0, 4 + 257) + 257*b'\x00'
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        def build_ni(next=0):
-            return struct.pack(">BBH", next, 0, 4 + 256) + 256*b'\x00'
-
-        def build_sai1(id):
-            ike = build_sa(next=34)
-            ike += build_ke(next=40)
-            ike += build_ni()
-            return build_ike(ctx['id'], next=33, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
-            return build_sai1(ctx['id'])
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
-            return build_sai1(ctx['id'])
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No integrity checksum")
-            ike = b''
-            return build_ike(ctx['id'], next=37, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
-            return build_sai1(ctx['id'])
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated integrity checksum")
-            return struct.pack(">BBHBB",
-                               EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_IKEV2, 0x20)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
-            return build_sai1(ctx['id'])
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid integrity checksum")
-            ike = b''
-            return build_ike(ctx['id'], next=37, flags=0x20, ike=ike)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("No more test responses available - test case completed")
-            global eap_proto_ikev2_test_done
-            eap_proto_ikev2_test_done = True
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_IKEV2)
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(ikev2_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_ikev2_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="IKEV2", identity="user",
-                           password="password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP method start")
-            if i in [41, 46]:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            else:
-                time.sleep(0.05)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-            dev[1].dump_monitor()
-            dev[2].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def NtPasswordHash(password):
-    pw = password.encode('utf_16_le')
-    return hashlib.new('md4', pw).digest()
-
-def HashNtPasswordHash(password_hash):
-    return hashlib.new('md4', password_hash).digest()
-
-def ChallengeHash(peer_challenge, auth_challenge, username):
-    data = peer_challenge + auth_challenge + username
-    return hashlib.sha1(data).digest()[0:8]
-
-def GenerateAuthenticatorResponse(password, nt_response, peer_challenge,
-                                  auth_challenge, username):
-    magic1 = binascii.unhexlify("4D616769632073657276657220746F20636C69656E74207369676E696E6720636F6E7374616E74")
-    magic2 = binascii.unhexlify("50616420746F206D616B6520697420646F206D6F7265207468616E206F6E6520697465726174696F6E")
-
-    password_hash = NtPasswordHash(password)
-    password_hash_hash = HashNtPasswordHash(password_hash)
-    data = password_hash_hash + nt_response + magic1
-    digest = hashlib.sha1(data).digest()
-
-    challenge = ChallengeHash(peer_challenge, auth_challenge, username.encode())
-
-    data = digest + challenge + magic2
-    resp = hashlib.sha1(data).digest()
-    return resp
-
-def test_eap_proto_ikev2_errors(dev, apdev):
-    """EAP-IKEv2 local error cases"""
-    check_eap_capa(dev[0], "IKEV2")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i, "eap_ikev2_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="IKEV2", identity="ikev2 user",
-                           password="ike password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "ikev2_encr_encrypt"),
-             (1, "ikev2_encr_decrypt"),
-             (1, "ikev2_derive_auth_data"),
-             (2, "ikev2_derive_auth_data"),
-             (1, "=ikev2_decrypt_payload"),
-             (1, "ikev2_encr_decrypt;ikev2_decrypt_payload"),
-             (1, "ikev2_encr_encrypt;ikev2_build_encrypted"),
-             (1, "ikev2_derive_sk_keys"),
-             (2, "ikev2_derive_sk_keys"),
-             (3, "ikev2_derive_sk_keys"),
-             (4, "ikev2_derive_sk_keys"),
-             (5, "ikev2_derive_sk_keys"),
-             (6, "ikev2_derive_sk_keys"),
-             (7, "ikev2_derive_sk_keys"),
-             (8, "ikev2_derive_sk_keys"),
-             (1, "eap_ikev2_derive_keymat;eap_ikev2_peer_keymat"),
-             (1, "eap_msg_alloc;eap_ikev2_build_msg"),
-             (1, "eap_ikev2_getKey"),
-             (1, "eap_ikev2_get_emsk"),
-             (1, "eap_ikev2_get_session_id"),
-             (1, "=ikev2_derive_keys"),
-             (2, "=ikev2_derive_keys"),
-             (1, "wpabuf_alloc;ikev2_process_kei"),
-             (1, "=ikev2_process_idi"),
-             (1, "ikev2_derive_auth_data;ikev2_build_auth"),
-             (1, "wpabuf_alloc;ikev2_build_sa_init"),
-             (2, "wpabuf_alloc;ikev2_build_sa_init"),
-             (3, "wpabuf_alloc;ikev2_build_sa_init"),
-             (4, "wpabuf_alloc;ikev2_build_sa_init"),
-             (5, "wpabuf_alloc;ikev2_build_sa_init"),
-             (6, "wpabuf_alloc;ikev2_build_sa_init"),
-             (1, "wpabuf_alloc;ikev2_build_sa_auth"),
-             (2, "wpabuf_alloc;ikev2_build_sa_auth"),
-             (1, "ikev2_build_auth;ikev2_build_sa_auth")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="IKEV2", identity="ikev2 user@domain",
-                           password="ike password", erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No allocation failure seen for %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "wpabuf_alloc;ikev2_build_notify"),
-             (2, "wpabuf_alloc;ikev2_build_notify"),
-             (1, "ikev2_build_encrypted;ikev2_build_notify")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="IKEV2", identity="ikev2 user",
-                           password="wrong password", erp="1",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No allocation failure seen for %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "ikev2_integ_hash"),
-             (1, "ikev2_integ_hash;ikev2_decrypt_payload"),
-             (1, "os_get_random;ikev2_build_encrypted"),
-             (1, "ikev2_prf_plus;ikev2_derive_sk_keys"),
-             (1, "eap_ikev2_derive_keymat;eap_ikev2_peer_keymat"),
-             (1, "os_get_random;ikev2_build_sa_init"),
-             (2, "os_get_random;ikev2_build_sa_init"),
-             (1, "ikev2_integ_hash;eap_ikev2_validate_icv"),
-             (1, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_keys"),
-             (1, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data"),
-             (2, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data"),
-             (3, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="IKEV2", identity="ikev2 user",
-                           password="ike password", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No failure seen for %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    params = {"ssid": "eap-test2", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "fragment_size": "50"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412)
-
-    tests = [(1, "eap_ikev2_build_frag_ack"),
-             (1, "wpabuf_alloc;eap_ikev2_process_fragment")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test2", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="IKEV2", identity="ikev2 user",
-                           password="ike password", erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No allocation failure seen for %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def run_eap_ikev2_connect(dev):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="IKEV2", identity="ikev2 user",
-                password="ike password",
-                fragment_size="30", wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_ikev2_errors_server(dev, apdev):
-    """EAP-IKEV2 local error cases on server"""
-    check_eap_capa(dev[0], "IKEV2")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_ikev2_init"),
-             (2, "=eap_ikev2_init"),
-             (3, "=eap_ikev2_init"),
-             (1, "eap_msg_alloc;eap_ikev2_build_msg"),
-             (1, "ikev2_initiator_build;eap_ikev2_buildReq"),
-             (1, "eap_ikev2_process_fragment"),
-             (1, "wpabuf_alloc_copy;ikev2_process_ker"),
-             (1, "ikev2_process_idr"),
-             (1, "ikev2_derive_auth_data;ikev2_process_auth_secret"),
-             (1, "ikev2_decrypt_payload;ikev2_process_sa_auth"),
-             (1, "ikev2_process_sa_auth_decrypted;ikev2_process_sa_auth"),
-             (1, "dh_init;ikev2_build_kei"),
-             (1, "ikev2_build_auth"),
-             (1, "wpabuf_alloc;ikev2_build_sa_init"),
-             (1, "ikev2_build_sa_auth"),
-             (1, "=ikev2_build_sa_auth"),
-             (2, "=ikev2_derive_auth_data"),
-             (1, "wpabuf_alloc;ikev2_build_sa_auth"),
-             (2, "wpabuf_alloc;=ikev2_build_sa_auth"),
-             (1, "ikev2_decrypt_payload;ikev2_process_sa_init_encr"),
-             (1, "dh_derive_shared;ikev2_derive_keys"),
-             (1, "=ikev2_derive_keys"),
-             (2, "=ikev2_derive_keys"),
-             (1, "eap_ikev2_getKey"),
-             (1, "eap_ikev2_get_emsk"),
-             (1, "eap_ikev2_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_ikev2_connect(dev[0])
-
-    tests = [(1, "eap_ikev2_validate_icv;eap_ikev2_process_icv"),
-             (1, "eap_ikev2_server_keymat"),
-             (1, "ikev2_build_auth"),
-             (1, "os_get_random;ikev2_build_sa_init"),
-             (2, "os_get_random;ikev2_build_sa_init"),
-             (1, "ikev2_derive_keys"),
-             (2, "ikev2_derive_keys"),
-             (3, "ikev2_derive_keys"),
-             (4, "ikev2_derive_keys"),
-             (5, "ikev2_derive_keys"),
-             (6, "ikev2_derive_keys"),
-             (7, "ikev2_derive_keys"),
-             (8, "ikev2_derive_keys"),
-             (1, "ikev2_decrypt_payload;ikev2_process_sa_auth"),
-             (1, "eap_ikev2_process_icv;eap_ikev2_process")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_ikev2_connect(dev[0])
-
-def start_ikev2_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="IKEV2", identity="ikev2 user",
-                password="ike password", wait_connect=False)
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # IKEV2 1
-
-def stop_ikev2_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_ikev2_server(dev, apdev):
-    """EAP-IKEV2 protocol testing for the server"""
-    check_eap_capa(dev[0], "IKEV2")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    # Successful exchange to verify proxying mechanism
-    start_ikev2_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # IKEV2 2
-    proxy_msg(hapd, dev[0]) # IKEV2 3
-    proxy_msg(dev[0], hapd) # IKEV2 4
-    proxy_msg(hapd, dev[0]) # EAP-Success
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 1/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 2/4
-    proxy_msg(hapd, dev[0]) # EAPOL-Key msg 3/4
-    proxy_msg(dev[0], hapd) # EAPOL-Key msg 4/4
-    dev[0].wait_connected()
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-IKEV2 header
-    hapd.note("IKEV2: Too short frame to include HDR")
-    msg = resp[0:4] + "0005" + resp[8:12] + "0005" + "31"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-IKEV2 header - missing Message Length field
-    hapd.note("EAP-IKEV2: Message underflow")
-    msg = resp[0:4] + "0006" + resp[8:12] + "0006" + "3180"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-IKEV2 header - too small Message Length
-    hapd.note("EAP-IKEV2: Invalid Message Length (0; 1 remaining in this msg)")
-    msg = resp[0:4] + "000b" + resp[8:12] + "000b" + "318000000000ff"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short EAP-IKEV2 header - too large Message Length
-    hapd.note("EAP-IKEV2: Ignore too long message")
-    msg = resp[0:4] + "000b" + resp[8:12] + "000b" + "31c0bbccddeeff"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # No Message Length in first fragment
-    hapd.note("EAP-IKEV2: No Message Length field in a fragmented packet")
-    msg = resp[0:4] + "0007" + resp[8:12] + "0007" + "3140ff"
-    tx_msg(dev[0], hapd, msg)
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # First fragment (valid)
-    hapd.note("EAP-IKEV2: Received 1 bytes in first fragment, waiting for 255 bytes more")
-    msg = resp[0:4] + "000b" + resp[8:12] + "000b" + "31c000000100ff"
-    tx_msg(dev[0], hapd, msg)
-    req = rx_msg(hapd)
-    id, = struct.unpack('B', binascii.unhexlify(req)[5:6])
-    hapd.note("EAP-IKEV2: Received 1 bytes in first fragment, waiting for 254 bytes more")
-    payload = struct.pack('BBB', 49, 0x40, 0)
-    msg = struct.pack('>BBHBBH', 1, 0, 4 + len(payload), 2, id, 4 + len(payload)) + payload
-    tx_msg(dev[0], hapd, binascii.hexlify(msg).decode())
-    req = rx_msg(hapd)
-    id, = struct.unpack('B', binascii.unhexlify(req)[5:6])
-    hapd.note("EAP-IKEV2: Fragment overflow")
-    payload = struct.pack('BB', 49, 0x40) + 255*b'\x00'
-    msg = struct.pack('>BBHBBH', 1, 0, 4 + len(payload), 2, id, 4 + len(payload)) + payload
-    tx_msg(dev[0], hapd, binascii.hexlify(msg).decode())
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    start_ikev2_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # IKEV2 2
-    req = proxy_msg(hapd, dev[0]) # IKEV2 3
-    id, = struct.unpack('B', binascii.unhexlify(req)[5:6])
-    # Missing ICV
-    hapd.note("EAP-IKEV2: The message should have included integrity checksum")
-    payload = struct.pack('BB', 49, 0) + b'\x00'
-    msg = struct.pack('>BBHBBH', 1, 0, 4 + len(payload), 2, id, 4 + len(payload)) + payload
-    tx_msg(dev[0], hapd, binascii.hexlify(msg).decode())
-    rx_msg(hapd)
-    stop_ikev2_assoc(dev[0], hapd)
-
-    tests = [("Unsupported HDR version 0x0 (expected 0x20)",
-              struct.pack('BB', 49, 0) + 16*b'\x00' +
-              struct.pack('>BBBBLL', 0, 0, 0, 0, 0, 0)),
-             ("IKEV2: Invalid length (HDR: 0 != RX: 28)",
-              struct.pack('BB', 49, 0) + 16*b'\x00' +
-              struct.pack('>BBBBLL', 0, 0x20, 0, 0, 0, 0)),
-             ("IKEV2: Unexpected Exchange Type 0 in SA_INIT state",
-              struct.pack('BB', 49, 0) + 16*b'\x00' +
-              struct.pack('>BBBBLL', 0, 0x20, 0, 0, 0, 28)),
-             ("IKEV2: Unexpected Flags value 0x0",
-              struct.pack('BB', 49, 0) + 16*b'\x00' +
-              struct.pack('>BBBBLL', 0, 0x20, 34, 0, 0, 28)),
-             ("IKEV2: SAr1 not received",
-              struct.pack('BB', 49, 0) + 16*b'\x00' +
-              struct.pack('>BBBBLL', 0, 0x20, 34, 0x20, 0, 28))]
-    for txt, payload in tests:
-        start_ikev2_assoc(dev[0], hapd)
-        resp = rx_msg(dev[0])
-        id, = struct.unpack('B', binascii.unhexlify(resp)[5:6])
-        hapd.note(txt)
-        msg = struct.pack('>BBHBBH', 1, 0, 4 + len(payload), 2, id, 4 + len(payload)) + payload
-        tx_msg(dev[0], hapd, binascii.hexlify(msg).decode())
-        rx_msg(hapd)
-        stop_ikev2_assoc(dev[0], hapd)
-
-def test_eap_proto_mschapv2(dev, apdev):
-    """EAP-MSCHAPv2 protocol tests"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-
-    def mschapv2_handler(ctx, req):
-        logger.info("mschapv2_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_MSCHAPV2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unknown MSCHAPv2 op_code")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1,
-                               EAP_TYPE_MSCHAPV2,
-                               0, 0, 5, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid ms_len and unknown MSCHAPv2 op_code")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1,
-                               EAP_TYPE_MSCHAPV2,
-                               255, 0, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Success before challenge")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1,
-                               EAP_TYPE_MSCHAPV2,
-                               3, 0, 5, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure before challenge - required challenge field not present")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1,
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 5, 0)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure before challenge - invalid failure challenge len")
-            payload = b'C=12'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure before challenge - invalid failure challenge len")
-            payload = b'C=12 V=3'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure before challenge - invalid failure challenge")
-            payload = b'C=00112233445566778899aabbccddeefQ '
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure before challenge - password expired")
-            payload = b'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Success after password change")
-            payload = b"S=1122334455667788990011223344556677889900"
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               3, 0, 4 + len(payload)) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid challenge length")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short challenge packet")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1, 16)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1 + 16 + 6,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1 + 16 + 6, 16) + 16*b'A' + b'foobar'
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure - password expired")
-            payload = b'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Success after password change")
-            if len(req) != 591:
-                logger.info("Unexpected Change-Password packet length: %s" % len(req))
-                return None
-            data = req[9:]
-            enc_pw = data[0:516]
-            data = data[516:]
-            enc_hash = data[0:16]
-            data = data[16:]
-            peer_challenge = data[0:16]
-            data = data[16:]
-            # Reserved
-            data = data[8:]
-            nt_response = data[0:24]
-            data = data[24:]
-            flags = data
-            logger.info("enc_hash: " + binascii.hexlify(enc_hash).decode())
-            logger.info("peer_challenge: " + binascii.hexlify(peer_challenge).decode())
-            logger.info("nt_response: " + binascii.hexlify(nt_response).decode())
-            logger.info("flags: " + binascii.hexlify(flags).decode())
-
-            auth_challenge = binascii.unhexlify("00112233445566778899aabbccddeeff")
-            logger.info("auth_challenge: " + binascii.hexlify(auth_challenge).decode())
-
-            auth_resp = GenerateAuthenticatorResponse("new-pw", nt_response,
-                                                      peer_challenge,
-                                                      auth_challenge, "user")
-            payload = b"S=" + binascii.hexlify(auth_resp).decode().upper().encode()
-            logger.info("Success message payload: " + payload.decode())
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               3, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure - password expired")
-            payload = b'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Success after password change")
-            if len(req) != 591:
-                logger.info("Unexpected Change-Password packet length: %s" % len(req))
-                return None
-            data = req[9:]
-            enc_pw = data[0:516]
-            data = data[516:]
-            enc_hash = data[0:16]
-            data = data[16:]
-            peer_challenge = data[0:16]
-            data = data[16:]
-            # Reserved
-            data = data[8:]
-            nt_response = data[0:24]
-            data = data[24:]
-            flags = data
-            logger.info("enc_hash: " + binascii.hexlify(enc_hash).decode())
-            logger.info("peer_challenge: " + binascii.hexlify(peer_challenge).decode())
-            logger.info("nt_response: " + binascii.hexlify(nt_response).decode())
-            logger.info("flags: " + binascii.hexlify(flags).decode())
-
-            auth_challenge = binascii.unhexlify("00112233445566778899aabbccddeeff")
-            logger.info("auth_challenge: " + binascii.hexlify(auth_challenge).decode())
-
-            auth_resp = GenerateAuthenticatorResponse("new-pw", nt_response,
-                                                      peer_challenge,
-                                                      auth_challenge, "user")
-            payload = b"S=" + binascii.hexlify(auth_resp).decode().upper().encode()
-            logger.info("Success message payload: " + payload.decode())
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               3, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1 + 16 + 6,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1 + 16 + 6, 16) + 16*b'A' + b'foobar'
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure - authentication failure")
-            payload = b'E=691 R=1 C=00112233445566778899aabbccddeeff V=3 M=Authentication failed'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1 + 16 + 6,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1 + 16 + 6, 16) + 16*b'A' + b'foobar'
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure - authentication failure")
-            payload = b'E=691 R=1 C=00112233445566778899aabbccddeeff V=3 M=Authentication failed (2)'
-            return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + len(payload),
-                               EAP_TYPE_MSCHAPV2,
-                               4, 0, 4 + len(payload)) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Challenge - invalid ms_len and workaround disabled")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1 + 16 + 6,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1 + 16 + 6 + 1, 16) + 16*b'A' + b'foobar'
-
-        return None
-
-    srv = start_radius_server(mschapv2_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        for i in range(0, 16):
-            logger.info("RUN: %d" % i)
-            if i == 12:
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                               wait_connect=False)
-            elif i == 14:
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               phase2="mschapv2_retry=0",
-                               password="password", wait_connect=False)
-            elif i == 15:
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               eap_workaround="0",
-                               password="password", wait_connect=False)
-            else:
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               password="password", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-
-            if i in [8, 11, 12]:
-                ev = dev[0].wait_event(["CTRL-REQ-NEW_PASSWORD"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on new password request")
-                id = ev.split(':')[0].split('-')[-1]
-                dev[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
-                if i in [11, 12]:
-                    ev = dev[0].wait_event(["CTRL-EVENT-PASSWORD-CHANGED"],
-                                       timeout=10)
-                    if ev is None:
-                        raise Exception("Timeout on password change")
-                    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"],
-                                       timeout=10)
-                    if ev is None:
-                        raise Exception("Timeout on EAP success")
-                else:
-                    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                           timeout=10)
-                    if ev is None:
-                        raise Exception("Timeout on EAP failure")
-
-            if i in [13]:
-                ev = dev[0].wait_event(["CTRL-REQ-IDENTITY"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on identity request")
-                id = ev.split(':')[0].split('-')[-1]
-                dev[0].request("CTRL-RSP-IDENTITY-" + id + ":user")
-
-                ev = dev[0].wait_event(["CTRL-REQ-PASSWORD"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on password request")
-                id = ev.split(':')[0].split('-')[-1]
-                dev[0].request("CTRL-RSP-PASSWORD-" + id + ":password")
-
-                # TODO: Does this work correctly?
-
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-
-            if i in [4, 5, 6, 7, 14]:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
-                                       timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            else:
-                time.sleep(0.05)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_mschapv2_errors(dev, apdev):
-    """EAP-MSCHAPv2 protocol tests (error paths)"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-
-    def mschapv2_fail_password_expired(ctx):
-        logger.info("Test: Failure before challenge - password expired")
-        payload = b'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
-        return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                           4 + 1 + 4 + len(payload),
-                           EAP_TYPE_MSCHAPV2,
-                           4, 0, 4 + len(payload)) + payload
-
-    def mschapv2_success_after_password_change(ctx, req=None):
-        logger.info("Test: Success after password change")
-        if req is None or len(req) != 591:
-            payload = b"S=1122334455667788990011223344556677889900"
-        else:
-            data = req[9:]
-            enc_pw = data[0:516]
-            data = data[516:]
-            enc_hash = data[0:16]
-            data = data[16:]
-            peer_challenge = data[0:16]
-            data = data[16:]
-            # Reserved
-            data = data[8:]
-            nt_response = data[0:24]
-            data = data[24:]
-            flags = data
-            logger.info("enc_hash: " + binascii.hexlify(enc_hash).decode())
-            logger.info("peer_challenge: " + binascii.hexlify(peer_challenge).decode())
-            logger.info("nt_response: " + binascii.hexlify(nt_response).decode())
-            logger.info("flags: " + binascii.hexlify(flags).decode())
-
-            auth_challenge = binascii.unhexlify("00112233445566778899aabbccddeeff")
-            logger.info("auth_challenge: " + binascii.hexlify(auth_challenge).decode())
-
-            auth_resp = GenerateAuthenticatorResponse("new-pw", nt_response,
-                                                      peer_challenge,
-                                                      auth_challenge, "user")
-            payload = b"S=" + binascii.hexlify(auth_resp).decode().upper().encode()
-        return struct.pack(">BBHBBBH", EAP_CODE_REQUEST, ctx['id'],
-                           4 + 1 + 4 + len(payload),
-                           EAP_TYPE_MSCHAPV2,
-                           3, 0, 4 + len(payload)) + payload
-
-    def mschapv2_handler(ctx, req):
-        logger.info("mschapv2_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_fail_password_expired(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return mschapv2_success_after_password_change(ctx, req)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(mschapv2_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        tests = ["os_get_random;eap_mschapv2_change_password",
-                 "generate_nt_response;eap_mschapv2_change_password",
-                 "get_master_key;eap_mschapv2_change_password",
-                 "nt_password_hash;eap_mschapv2_change_password",
-                 "old_nt_password_hash_encrypted_with_new_nt_password_hash"]
-        for func in tests:
-            with fail_test(dev[0], 1, func):
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               password="password", wait_connect=False)
-                ev = dev[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on new password request")
-                id = ev.split(':')[0].split('-')[-1]
-                dev[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
-                time.sleep(0.1)
-                wait_fail_trigger(dev[0], "GET_FAIL")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected(timeout=1)
-
-        tests = ["encrypt_pw_block_with_password_hash;eap_mschapv2_change_password",
-                 "nt_password_hash;eap_mschapv2_change_password",
-                 "nt_password_hash;eap_mschapv2_success"]
-        for func in tests:
-            with fail_test(dev[0], 1, func):
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
-                               wait_connect=False)
-                ev = dev[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on new password request")
-                id = ev.split(':')[0].split('-')[-1]
-                dev[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
-                time.sleep(0.1)
-                wait_fail_trigger(dev[0], "GET_FAIL")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected(timeout=1)
-
-        tests = ["eap_msg_alloc;eap_mschapv2_change_password"]
-        for func in tests:
-            with alloc_fail(dev[0], 1, func):
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               password="password", wait_connect=False)
-                ev = dev[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout=10)
-                if ev is None:
-                    raise Exception("Timeout on new password request")
-                id = ev.split(':')[0].split('-')[-1]
-                dev[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
-                time.sleep(0.1)
-                wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected(timeout=1)
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_pwd(dev, apdev):
-    """EAP-pwd protocol tests"""
-    check_eap_capa(dev[0], "PWD")
-
-    global eap_proto_pwd_test_done, eap_proto_pwd_test_wait
-    eap_proto_pwd_test_done = False
-    eap_proto_pwd_test_wait = False
-
-    def pwd_handler(ctx, req):
-        logger.info("pwd_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        global eap_proto_pwd_test_wait
-        eap_proto_pwd_test_wait = False
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing payload")
-            # EAP-pwd: Got a frame but pos is not NULL and len is 0
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], 4 + 1,
-                               EAP_TYPE_PWD)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing Total-Length field")
-            # EAP-pwd: Frame too short to contain Total-Length field
-            payload = struct.pack("B", 0x80)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too large Total-Length")
-            # EAP-pwd: Incoming fragments whose total length = 65535
-            payload = struct.pack(">BH", 0x80, 65535)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: First fragment")
-            # EAP-pwd: Incoming fragments whose total length = 10
-            # EAP-pwd: ACKing a 0 byte fragment
-            payload = struct.pack(">BH", 0xc0, 10)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Total-Length value in the second fragment")
-            # EAP-pwd: Incoming fragments whose total length = 0
-            # EAP-pwd: Unexpected new fragment start when previous fragment is still in use
-            payload = struct.pack(">BH", 0x80, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: First and only fragment")
-            # EAP-pwd: Incoming fragments whose total length = 0
-            # EAP-pwd: processing frame: exch 0, len 0
-            # EAP-pwd: Ignoring message with unknown opcode 128
-            payload = struct.pack(">BH", 0x80, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: First and only fragment with extra data")
-            # EAP-pwd: Incoming fragments whose total length = 0
-            # EAP-pwd: processing frame: exch 0, len 1
-            # EAP-pwd: Ignoring message with unknown opcode 128
-            payload = struct.pack(">BHB", 0x80, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: First fragment")
-            # EAP-pwd: Incoming fragments whose total length = 2
-            # EAP-pwd: ACKing a 1 byte fragment
-            payload = struct.pack(">BHB", 0xc0, 2, 1)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Extra data in the second fragment")
-            # EAP-pwd: Buffer overflow attack detected (3 vs. 1)!
-            payload = struct.pack(">BBB", 0x0, 2, 3)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short id exchange")
-            # EAP-pwd: processing frame: exch 1, len 0
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">B", 0x01)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported rand func in id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=0 random=0 prf=0 prep=0
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">BHBBLB", 0x01, 0, 0, 0, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported prf in id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=0 prep=0
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 0, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported password pre-processing technique in id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=255
-            # EAP-PWD: Unsupported password pre-processing technique (Prep=255)
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 255)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected id exchange")
-            # EAP-pwd: processing frame: exch 1, len 9
-            # EAP-PWD: PWD-Commit-Req -> FAILURE
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected commit exchange")
-            # EAP-pwd: processing frame: exch 2, len 0
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">B", 0x02)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=None)")
-            # EAP-pwd commit request, password prep is NONE
-            # EAP-pwd: Unexpected Commit payload length 0 (expected 96)
-            payload = struct.pack(">B", 0x02)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Commit payload with all zeros values --> Shared key at infinity")
-            # EAP-pwd: Invalid coordinate in element
-            payload = struct.pack(">B", 0x02) + 96*b'\0'
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Commit payload with valid values")
-            # EAP-pwd commit request, password prep is NONE
-            element = binascii.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
-            scalar = binascii.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
-            payload = struct.pack(">B", 0x02) + element + scalar
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Confirm payload length 0")
-            # EAP-pwd: Unexpected Confirm payload length 0 (expected 32)
-            payload = struct.pack(">B", 0x03)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Commit payload with valid values")
-            # EAP-pwd commit request, password prep is NONE
-            element = binascii.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
-            scalar = binascii.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
-            payload = struct.pack(">B", 0x02) + element + scalar
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Confirm payload with incorrect value")
-            # EAP-PWD (peer): confirm did not verify
-            payload = struct.pack(">B", 0x03) + 32*b'\0'
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected confirm exchange")
-            # EAP-pwd: processing frame: exch 3, len 0
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">B", 0x03)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unsupported password pre-processing technique SASLprep in id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=2
-            # EAP-PWD: Unsupported password pre-processing technique (Prep=2)
-            # EAP-PWD: PWD-ID-Req -> FAILURE
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 2)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=1
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 1)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=MS)")
-            # EAP-pwd commit request, password prep is MS
-            # EAP-pwd: Unexpected Commit payload length 0 (expected 96)
-            payload = struct.pack(">B", 0x02)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=3
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 3)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha1)")
-            # EAP-pwd commit request, password prep is salted sha1
-            # EAP-pwd: Invalid Salt-len
-            payload = struct.pack(">B", 0x02)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=3
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 3)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha1)")
-            # EAP-pwd commit request, password prep is salted sha1
-            # EAP-pwd: Invalid Salt-len
-            payload = struct.pack(">BB", 0x02, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=3
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 3)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha1)")
-            # EAP-pwd commit request, password prep is salted sha1
-            # EAP-pwd: Unexpected Commit payload length 1 (expected 98)
-            payload = struct.pack(">BB", 0x02, 1)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=4
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 4)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha256)")
-            # EAP-pwd commit request, password prep is salted sha256
-            # EAP-pwd: Invalid Salt-len
-            payload = struct.pack(">B", 0x02)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=4
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 4)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha256)")
-            # EAP-pwd commit request, password prep is salted sha256
-            # EAP-pwd: Invalid Salt-len
-            payload = struct.pack(">BB", 0x02, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=4
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 4)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha256)")
-            # EAP-pwd commit request, password prep is salted sha256
-            # EAP-pwd: Unexpected Commit payload length 1 (expected 98)
-            payload = struct.pack(">BB", 0x02, 1)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=5
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 5)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha512)")
-            # EAP-pwd commit request, password prep is salted sha512
-            # EAP-pwd: Invalid Salt-len
-            payload = struct.pack(">B", 0x02)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=5
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 5)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha512)")
-            # EAP-pwd commit request, password prep is salted sha512
-            # EAP-pwd: Invalid Salt-len
-            payload = struct.pack(">BB", 0x02, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            eap_proto_pwd_test_wait = True
-            logger.info("Test: Valid id exchange")
-            # EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=5
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 5)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Commit payload length (prep=ssha512)")
-            # EAP-pwd commit request, password prep is salted sha512
-            # EAP-pwd: Unexpected Commit payload length 1 (expected 98)
-            payload = struct.pack(">BB", 0x02, 1)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        logger.info("No more test responses available - test case completed")
-        global eap_proto_pwd_test_done
-        eap_proto_pwd_test_done = True
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(pwd_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_pwd_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user",
-                           password="secret password",
-                           wait_connect=False)
-            ok = False
-            for j in range(5):
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS",
-                                        "CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                       timeout=5)
-                if ev is None:
-                    raise Exception("Timeout on EAP start")
-                if "CTRL-EVENT-EAP-PROPOSED-METHOD" in ev:
-                    ok = True
-                    break
-                if "CTRL-EVENT-EAP-STATUS" in ev and "status='completion' parameter='failure'" in ev:
-                    ok = True
-                    break
-            if not ok:
-                raise Exception("Expected EAP event not seen")
-            if eap_proto_pwd_test_wait:
-                for k in range(20):
-                    time.sleep(0.1)
-                    if not eap_proto_pwd_test_wait:
-                        break
-                if eap_proto_pwd_test_wait:
-                    raise Exception("eap_proto_pwd_test_wait not cleared")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_pwd_invalid_scalar(dev, apdev):
-    """EAP-pwd protocol tests - invalid server scalar"""
-    check_eap_capa(dev[0], "PWD")
-    run_eap_proto_pwd_invalid_scalar(dev, apdev, 32*b'\0')
-    run_eap_proto_pwd_invalid_scalar(dev, apdev, 31*b'\0' + b'\x01')
-    # Group Order
-    val = binascii.unhexlify("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")
-    run_eap_proto_pwd_invalid_scalar(dev, apdev, val)
-    # Group Order - 1
-    val = binascii.unhexlify("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550")
-    run_eap_proto_pwd_invalid_scalar(dev, apdev, val, valid_scalar=True)
-
-def run_eap_proto_pwd_invalid_scalar(dev, apdev, scalar, valid_scalar=False):
-    global eap_proto_pwd_invalid_scalar_fail
-    eap_proto_pwd_invalid_scalar_fail = False
-
-    def pwd_handler(ctx, req):
-        logger.info("pwd_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid id exchange")
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Commit payload with invalid scalar")
-            payload = struct.pack(">B", 0x02) + binascii.unhexlify("67feb2b46d59e6dd3af3a429ec9c04a949337564615d3a2c19bdf6826eb6f5efa303aed86af3a072ed819d518d620adb2659f0e84c4f8b739629db8c93088cfc") + scalar
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Confirm message next - should not get here")
-            global eap_proto_pwd_invalid_scalar_fail
-            eap_proto_pwd_invalid_scalar_fail = True
-            payload = struct.pack(">B", 0x03) + 32*b'\0'
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        logger.info("No more test responses available - test case completed")
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(pwd_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PWD", identity="pwd user",
-                       password="secret password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-        if ev is None:
-            raise Exception("EAP failure not reported")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected(timeout=1)
-        dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-    if valid_scalar and not eap_proto_pwd_invalid_scalar_fail:
-        raise Exception("Peer did not accept valid EAP-pwd-Commit scalar")
-    if not valid_scalar and eap_proto_pwd_invalid_scalar_fail:
-        raise Exception("Peer did not stop after invalid EAP-pwd-Commit scalar")
-
-def test_eap_proto_pwd_invalid_element(dev, apdev):
-    """EAP-pwd protocol tests - invalid server element"""
-    check_eap_capa(dev[0], "PWD")
-    # Invalid x,y coordinates
-    run_eap_proto_pwd_invalid_element(dev, apdev, 64*b'\x00')
-    run_eap_proto_pwd_invalid_element(dev, apdev, 32*b'\x00' + 32*b'\x01')
-    run_eap_proto_pwd_invalid_element(dev, apdev, 32*b'\x01' + 32*b'\x00')
-    run_eap_proto_pwd_invalid_element(dev, apdev, 32*b'\xff' + 32*b'\x01')
-    run_eap_proto_pwd_invalid_element(dev, apdev, 32*b'\x01' + 32*b'\xff')
-    run_eap_proto_pwd_invalid_element(dev, apdev, 64*b'\xff')
-    # Not on curve
-    run_eap_proto_pwd_invalid_element(dev, apdev, 64*b'\x01')
-
-def run_eap_proto_pwd_invalid_element(dev, apdev, element):
-    global eap_proto_pwd_invalid_element_fail
-    eap_proto_pwd_invalid_element_fail = False
-
-    def pwd_handler(ctx, req):
-        logger.info("pwd_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid id exchange")
-            payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Commit payload with invalid element")
-            payload = struct.pack(">B", 0x02) + element + 31*b'\0' + b'\x02'
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Confirm message next - should not get here")
-            global eap_proto_pwd_invalid_element_fail
-            eap_proto_pwd_invalid_element_fail = True
-            payload = struct.pack(">B", 0x03) + 32*b'\0'
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + len(payload), EAP_TYPE_PWD) + payload
-
-        logger.info("No more test responses available - test case completed")
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(pwd_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PWD", identity="pwd user",
-                       password="secret password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-        if ev is None:
-            raise Exception("EAP failure not reported")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected(timeout=1)
-        dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-    if eap_proto_pwd_invalid_element_fail:
-        raise Exception("Peer did not stop after invalid EAP-pwd-Commit element")
-
-def rx_msg(src):
-    ev = src.wait_event(["EAPOL-TX"], timeout=5)
-    if ev is None:
-        raise Exception("No EAPOL-TX")
-    return ev.split(' ')[2]
-
-def tx_msg(src, dst, msg):
-    dst.request("EAPOL_RX " + src.own_addr() + " " + msg)
-
-def proxy_msg(src, dst):
-    msg = rx_msg(src)
-    tx_msg(src, dst, msg)
-    return msg
-
-def start_pwd_exchange(dev, ap):
-    check_eap_capa(dev, "PWD")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(ap, params)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev.request("SET ext_eapol_frame_io 1")
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PWD", identity="pwd user", password="secret password",
-                   wait_connect=False, scan_freq="2412")
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # EAP-pwd-ID/Request
-    proxy_msg(dev, hapd) # EAP-pwd-ID/Response
-    return hapd
-
-def test_eap_proto_pwd_unexpected_fragment(dev, apdev):
-    """EAP-pwd protocol tests - unexpected more-fragment frame"""
-    hapd = start_pwd_exchange(dev[0], apdev[0])
-
-    # EAP-pwd-Commit/Request
-    req = rx_msg(hapd)
-    if req[18:20] != "02":
-        raise Exception("Unexpected EAP-pwd-Commit/Request flag")
-    msg = req[0:18] + "42" + req[20:]
-    tx_msg(hapd, dev[0], msg)
-
-def test_eap_proto_pwd_reflection_attack(dev, apdev):
-    """EAP-pwd protocol tests - reflection attack on the server"""
-    hapd = start_pwd_exchange(dev[0], apdev[0])
-
-    # EAP-pwd-Commit/Request
-    req = proxy_msg(hapd, dev[0])
-    if len(req) != 212:
-        raise Exception("Unexpected EAP-pwd-Commit/Response length")
-
-    # EAP-pwd-Commit/Response
-    resp = rx_msg(dev[0])
-    # Reflect same Element/Scalar back to the server
-    msg = resp[0:20] + req[20:]
-    tx_msg(dev[0], hapd, msg)
-
-    # EAP-pwd-Commit/Response or EAP-Failure
-    req = rx_msg(hapd)
-    if req[8:10] != "04":
-        # reflect EAP-pwd-Confirm/Request
-        msg = req[0:8] + "02" + req[10:]
-        tx_msg(dev[0], hapd, msg)
-        req = rx_msg(hapd)
-        if req[8:10] == "03":
-            raise Exception("EAP-Success after reflected Element/Scalar")
-        raise Exception("No EAP-Failure to reject invalid EAP-pwd-Commit/Response")
-
-def test_eap_proto_pwd_invalid_scalar_peer(dev, apdev):
-    """EAP-pwd protocol tests - invalid peer scalar"""
-    run_eap_proto_pwd_invalid_scalar_peer(dev, apdev, 32*"00")
-    run_eap_proto_pwd_invalid_scalar_peer(dev, apdev, 31*"00" + "01")
-    # Group Order
-    run_eap_proto_pwd_invalid_scalar_peer(dev, apdev,
-                                          "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")
-    # Group Order - 1
-    run_eap_proto_pwd_invalid_scalar_peer(dev, apdev,
-                                          "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550",
-                                          valid_scalar=True)
-
-def run_eap_proto_pwd_invalid_scalar_peer(dev, apdev, scalar,
-                                          valid_scalar=False):
-    hapd = start_pwd_exchange(dev[0], apdev[0])
-    proxy_msg(hapd, dev[0]) # EAP-pwd-Commit/Request
-
-    # EAP-pwd-Commit/Response
-    resp = rx_msg(dev[0])
-    # Replace scalar with an invalid value
-    msg = resp[0:20] + resp[20:148] + scalar
-    tx_msg(dev[0], hapd, msg)
-
-    # EAP-pwd-Commit/Response or EAP-Failure
-    req = rx_msg(hapd)
-    if valid_scalar and req[8:10] == "04":
-        raise Exception("Unexpected EAP-Failure with valid scalar")
-    if not valid_scalar and req[8:10] != "04":
-        raise Exception("No EAP-Failure to reject invalid scalar")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected(timeout=1)
-    hapd.disable()
-
-def test_eap_proto_pwd_invalid_element_peer(dev, apdev):
-    """EAP-pwd protocol tests - invalid peer element"""
-    # Invalid x,y coordinates
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 64*'00')
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 32*'00' + 32*'01')
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 32*'01' + 32*'00')
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 32*'ff' + 32*'01')
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 32*'01' + 32*'ff')
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 64*'ff')
-    # Not on curve
-    run_eap_proto_pwd_invalid_element_peer(dev, apdev, 64*'01')
-
-def run_eap_proto_pwd_invalid_element_peer(dev, apdev, element):
-    hapd = start_pwd_exchange(dev[0], apdev[0])
-    proxy_msg(hapd, dev[0]) # EAP-pwd-Commit/Request
-
-    # EAP-pwd-Commit/Response
-    resp = rx_msg(dev[0])
-    # Replace element with an invalid value
-    msg = resp[0:20] + element + resp[148:]
-    tx_msg(dev[0], hapd, msg)
-
-    # EAP-pwd-Commit/Response or EAP-Failure
-    req = rx_msg(hapd)
-    if req[8:10] != "04":
-        raise Exception("No EAP-Failure to reject invalid element")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected(timeout=1)
-    hapd.disable()
-
-def test_eap_proto_pwd_errors(dev, apdev):
-    """EAP-pwd local error cases"""
-    check_eap_capa(dev[0], "PWD")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 4):
-        with alloc_fail(dev[0], i, "eap_pwd_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user",
-                           password="secret password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "eap_pwd_get_session_id"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PWD", identity="pwd user",
-                       fragment_size="0",
-                       password="secret password")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    funcs = ["eap_pwd_getkey", "eap_pwd_get_emsk",
-             "=wpabuf_alloc;eap_pwd_perform_commit_exchange",
-             "=wpabuf_alloc;eap_pwd_perform_confirm_exchange"]
-    for func in funcs:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user@domain",
-                           password="secret password", erp="1",
-                           wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i, "eap_pwd_perform_id_exchange"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user",
-                           password="secret password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No allocation failure seen")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;eap_pwd_perform_id_exchange"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PWD", identity="pwd user",
-                       password="secret password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                               timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    for i in range(1, 9):
-        with alloc_fail(dev[0], i, "eap_pwd_perform_commit_exchange"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user",
-                           password="secret password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No allocation failure seen")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    for i in range(1, 12):
-        with alloc_fail(dev[0], i, "eap_pwd_perform_confirm_exchange"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user",
-                           password="secret password",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ok = False
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    ok = True
-                    break
-                time.sleep(0.1)
-            if not ok:
-                raise Exception("No allocation failure seen")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i, "eap_msg_alloc;=eap_pwd_process"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd user",
-                           password="secret password", fragment_size="50",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    # No password configured
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="PWD", identity="pwd user",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=52"],
-                           timeout=15)
-    if ev is None:
-        raise Exception("EAP-pwd not started")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    funcs = [(1, "hash_nt_password_hash;eap_pwd_perform_commit_exchange"),
-             (1, "=crypto_bignum_init;eap_pwd_perform_commit_exchange"),
-             (1, "=crypto_ec_point_init;eap_pwd_perform_commit_exchange"),
-             (2, "=crypto_ec_point_init;eap_pwd_perform_commit_exchange"),
-             (1, "=crypto_ec_point_mul;eap_pwd_perform_commit_exchange"),
-             (2, "=crypto_ec_point_mul;eap_pwd_perform_commit_exchange"),
-             (3, "=crypto_ec_point_mul;eap_pwd_perform_commit_exchange"),
-             (1, "=crypto_ec_point_add;eap_pwd_perform_commit_exchange"),
-             (1, "=crypto_ec_point_invert;eap_pwd_perform_commit_exchange"),
-             (1, "=crypto_ec_point_to_bin;eap_pwd_perform_commit_exchange"),
-             (1, "crypto_hash_finish;eap_pwd_kdf"),
-             (1, "crypto_ec_point_from_bin;eap_pwd_get_element"),
-             (3, "crypto_bignum_init;compute_password_element"),
-             (4, "crypto_bignum_init;compute_password_element"),
-             (1, "crypto_bignum_init_set;compute_password_element"),
-             (2, "crypto_bignum_init_set;compute_password_element"),
-             (3, "crypto_bignum_init_set;compute_password_element"),
-             (1, "crypto_bignum_to_bin;compute_password_element"),
-             (1, "crypto_ec_point_compute_y_sqr;compute_password_element"),
-             (1, "crypto_ec_point_solve_y_coord;compute_password_element"),
-             (1, "crypto_bignum_rand;compute_password_element"),
-             (1, "crypto_bignum_sub;compute_password_element")]
-    for count, func in funcs:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd-hash",
-                           password_hex="hash:e3718ece8ab74792cbbfffd316d2d19a",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("No EAP-Failure reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    params = {"ssid": "eap-test2", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
-              "rsn_pairwise": "CCMP", "ieee8021x": "1",
-              "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
-              "pwd_group": "19", "fragment_size": "40"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;=eap_pwd_process"):
-        dev[0].connect("eap-test2", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PWD", identity="pwd user",
-                       password="secret password",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    for i in range(1, 5):
-        with fail_test(dev[0], i,
-                       "=crypto_ec_point_to_bin;eap_pwd_perform_confirm_exchange"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PWD", identity="pwd-hash",
-                           password_hex="hash:e3718ece8ab74792cbbfffd316d2d19a",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("No EAP-Failure reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-def run_eap_pwd_connect(dev, hash=True, fragment=2000):
-    if hash:
-        dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                    fragment_size=str(fragment),
-                    eap="PWD", identity="pwd-hash",
-                    password_hex="hash:e3718ece8ab74792cbbfffd316d2d19a",
-                    scan_freq="2412", wait_connect=False)
-    else:
-        dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                    fragment_size=str(fragment),
-                    eap="PWD", identity="pwd-hash-sha1",
-                    password="secret password",
-                    scan_freq="2412", wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS", "CTRL-EVENT-EAP-FAILURE",
-                         "CTRL-EVENT-DISCONNECTED"],
-                        timeout=1)
-    dev.request("REMOVE_NETWORK all")
-    if not ev or "CTRL-EVENT-DISCONNECTED" not in ev:
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_eap_proto_pwd_errors_server(dev, apdev):
-    """EAP-pwd local error cases on server"""
-    check_eap_capa(dev[0], "PWD")
-    params = int_eap_server_params()
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "eap_pwd_init"),
-             (2, "eap_pwd_init"),
-             (3, "eap_pwd_init"),
-             (1, "eap_pwd_build_id_req"),
-             (1, "eap_pwd_build_commit_req"),
-             (1, "eap_pwd_build_confirm_req"),
-             (1, "eap_pwd_h_init;eap_pwd_build_confirm_req"),
-             (1, "wpabuf_alloc;eap_pwd_build_confirm_req"),
-             (1, "eap_msg_alloc;eap_pwd_build_req"),
-             (1, "eap_pwd_process_id_resp"),
-             (1, "get_eap_pwd_group;eap_pwd_process_id_resp"),
-             (1, "eap_pwd_process_confirm_resp"),
-             (1, "eap_pwd_h_init;eap_pwd_process_confirm_resp"),
-             (1, "compute_keys;eap_pwd_process_confirm_resp"),
-             (1, "eap_pwd_getkey"),
-             (1, "eap_pwd_get_emsk"),
-             (1, "eap_pwd_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_pwd_connect(dev[0], hash=True)
-
-    tests = [(1, "eap_msg_alloc;eap_pwd_build_req"),
-             (2, "eap_msg_alloc;eap_pwd_build_req"),
-             (1, "wpabuf_alloc;eap_pwd_process")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_pwd_connect(dev[0], hash=True, fragment=13)
-
-    tests = [(4, "eap_pwd_init")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            run_eap_pwd_connect(dev[0], hash=False)
-
-    tests = [(1, "eap_pwd_build_id_req"),
-             (1, "eap_pwd_build_commit_req"),
-             (1, "crypto_ec_point_mul;eap_pwd_build_commit_req"),
-             (1, "crypto_ec_point_invert;eap_pwd_build_commit_req"),
-             (1, "crypto_ec_point_to_bin;eap_pwd_build_commit_req"),
-             (1, "crypto_ec_point_to_bin;eap_pwd_build_confirm_req"),
-             (2, "=crypto_ec_point_to_bin;eap_pwd_build_confirm_req"),
-             (1, "hash_nt_password_hash;eap_pwd_process_id_resp"),
-             (1, "compute_password_element;eap_pwd_process_id_resp"),
-             (1, "crypto_bignum_init;eap_pwd_process_commit_resp"),
-             (1, "crypto_ec_point_mul;eap_pwd_process_commit_resp"),
-             (2, "crypto_ec_point_mul;eap_pwd_process_commit_resp"),
-             (1, "crypto_ec_point_add;eap_pwd_process_commit_resp"),
-             (1, "crypto_ec_point_to_bin;eap_pwd_process_confirm_resp"),
-             (2, "=crypto_ec_point_to_bin;eap_pwd_process_confirm_resp")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            run_eap_pwd_connect(dev[0], hash=True)
-
-def start_pwd_assoc(dev, hapd):
-    dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                eap="PWD", identity="pwd user", password="secret password",
-                wait_connect=False, scan_freq="2412")
-    proxy_msg(hapd, dev) # EAP-Identity/Request
-    proxy_msg(dev, hapd) # EAP-Identity/Response
-    proxy_msg(hapd, dev) # EAP-pwd-Identity/Request
-
-def stop_pwd_assoc(dev, hapd):
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-def test_eap_proto_pwd_server(dev, apdev):
-    """EAP-pwd protocol testing for the server"""
-    check_eap_capa(dev[0], "PWD")
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Replace exch field with unexpected value
-    # --> EAP-pwd: Unexpected opcode=4 in state=0
-    msg = resp[0:18] + "04" + resp[20:]
-    tx_msg(dev[0], hapd, msg)
-
-    # Too short EAP-pwd header (no flags/exch field)
-    # --> EAP-pwd: Invalid frame
-    msg = resp[0:4] + "0005" + resp[8:12] + "0005" + "34"
-    tx_msg(dev[0], hapd, msg)
-
-    # Too short EAP-pwd header (L=1 but only one octet of total length field)
-    # --> EAP-pwd: Frame too short to contain Total-Length field
-    msg = resp[0:4] + "0007" + resp[8:12] + "0007" + "34" + "81ff"
-    tx_msg(dev[0], hapd, msg)
-    # server continues exchange, so start from scratch for the next step
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too large total length
-    msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "34" + "c1ffff"
-    tx_msg(dev[0], hapd, msg)
-    # server continues exchange, so start from scratch for the next step
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # First fragment
-    msg = resp[0:4] + "0009" + resp[8:12] + "0009" + "34" + "c100ff" + "aa"
-    tx_msg(dev[0], hapd, msg)
-    # Ack
-    req = rx_msg(hapd)
-    # Unexpected first fragment
-    # --> EAP-pwd: Unexpected new fragment start when previous fragment is still in use
-    msg = resp[0:4] + "0009" + resp[8:10] + req[10:12] + "0009" + "34" + "c100ee" + "bb"
-    tx_msg(dev[0], hapd, msg)
-    # server continues exchange, so start from scratch for the next step
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too much data in first fragment
-    # --> EAP-pwd: Buffer overflow attack detected! (0+2 > 1)
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "34" + "c10001" + "aabb"
-    tx_msg(dev[0], hapd, msg)
-    # EAP-Failure
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Change parameters
-    # --> EAP-pwd: peer changed parameters
-    msg = resp[0:20] + "ff" + resp[22:]
-    tx_msg(dev[0], hapd, msg)
-    # EAP-Failure
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Too short ID response
-    # --> EAP-pwd: Invalid ID response
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "34" + "01ffeeddcc"
-    tx_msg(dev[0], hapd, msg)
-    # server continues exchange, so start from scratch for the next step
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    # EAP-pwd-Identity/Response
-    resp = rx_msg(dev[0])
-    tx_msg(dev[0], hapd, resp)
-    # EAP-pwd-Commit/Request
-    req = rx_msg(hapd)
-    # Unexpected EAP-pwd-Identity/Response
-    # --> EAP-pwd: Unexpected opcode=1 in state=1
-    msg = resp[0:10] + req[10:12] + resp[12:]
-    tx_msg(dev[0], hapd, msg)
-    # server continues exchange, so start from scratch for the next step
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # EAP-pwd-Identity/Response
-    proxy_msg(hapd, dev[0]) # EAP-pwd-Commit/Request
-    # EAP-pwd-Commit/Response
-    resp = rx_msg(dev[0])
-    # Too short Commit response
-    # --> EAP-pwd: Unexpected Commit payload length 4 (expected 96)
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "34" + "02ffeeddcc"
-    tx_msg(dev[0], hapd, msg)
-    # EAP-Failure
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    proxy_msg(dev[0], hapd) # EAP-pwd-Identity/Response
-    proxy_msg(hapd, dev[0]) # EAP-pwd-Commit/Request
-    proxy_msg(dev[0], hapd) # EAP-pwd-Commit/Response
-    proxy_msg(hapd, dev[0]) # EAP-pwd-Confirm/Request
-    # EAP-pwd-Confirm/Response
-    resp = rx_msg(dev[0])
-    # Too short Confirm response
-    # --> EAP-pwd: Unexpected Confirm payload length 4 (expected 32)
-    msg = resp[0:4] + "000a" + resp[8:12] + "000a" + "34" + "03ffeeddcc"
-    tx_msg(dev[0], hapd, msg)
-    # EAP-Failure
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-    start_pwd_assoc(dev[0], hapd)
-    resp = rx_msg(dev[0])
-    # Set M=1
-    # --> EAP-pwd: No buffer for reassembly
-    msg = resp[0:18] + "41" + resp[20:]
-    tx_msg(dev[0], hapd, msg)
-    # EAP-Failure
-    rx_msg(hapd)
-    stop_pwd_assoc(dev[0], hapd)
-
-def test_eap_proto_erp(dev, apdev):
-    """ERP protocol tests"""
-    check_erp_capa(dev[0])
-
-    global eap_proto_erp_test_done
-    eap_proto_erp_test_done = False
-
-    def erp_handler(ctx, req):
-        logger.info("erp_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing type")
-            return struct.pack(">BBH", EAP_CODE_INITIATE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected type")
-            return struct.pack(">BBHB", EAP_CODE_INITIATE, ctx['id'], 4 + 1,
-                               255)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing Reserved field")
-            return struct.pack(">BBHB", EAP_CODE_INITIATE, ctx['id'], 4 + 1,
-                               EAP_ERP_TYPE_REAUTH_START)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Zero-length TVs/TLVs")
-            payload = b""
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short TLV")
-            payload = struct.pack("B", 191)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated TLV")
-            payload = struct.pack("BB", 191, 1)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Ignored unknown TLV and unknown TV/TLV terminating parsing")
-            payload = struct.pack("BBB", 191, 0, 192)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: More than one keyName-NAI")
-            payload = struct.pack("BBBB", EAP_ERP_TLV_KEYNAME_NAI, 0,
-                                  EAP_ERP_TLV_KEYNAME_NAI, 0)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too short TLV keyName-NAI")
-            payload = struct.pack("B", EAP_ERP_TLV_KEYNAME_NAI)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Truncated TLV keyName-NAI")
-            payload = struct.pack("BB", EAP_ERP_TLV_KEYNAME_NAI, 1)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid rRK lifetime TV followed by too short rMSK lifetime TV")
-            payload = struct.pack(">BLBH", EAP_ERP_TV_RRK_LIFETIME, 0,
-                                  EAP_ERP_TV_RMSK_LIFETIME, 0)
-            return struct.pack(">BBHBB", EAP_CODE_INITIATE, ctx['id'],
-                               4 + 1 + 1 + len(payload),
-                               EAP_ERP_TYPE_REAUTH_START, 0) + payload
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing type (Finish)")
-            return struct.pack(">BBH", EAP_CODE_FINISH, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected type (Finish)")
-            return struct.pack(">BBHB", EAP_CODE_FINISH, ctx['id'], 4 + 1,
-                               255)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing fields (Finish)")
-            return struct.pack(">BBHB", EAP_CODE_FINISH, ctx['id'], 4 + 1,
-                               EAP_ERP_TYPE_REAUTH)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected SEQ (Finish)")
-            return struct.pack(">BBHBBHB", EAP_CODE_FINISH, ctx['id'],
-                               4 + 1 + 4,
-                               EAP_ERP_TYPE_REAUTH, 0, 0xffff, 0)
-
-        logger.info("No more test responses available - test case completed")
-        global eap_proto_erp_test_done
-        eap_proto_erp_test_done = True
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(erp_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_erp_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PAX", identity="pax.user@example.com",
-                           password_hex="0123456789abcdef0123456789abcdef",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_fast_errors(dev, apdev):
-    """EAP-FAST local error cases"""
-    check_eap_capa(dev[0], "FAST")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i, "eap_fast_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="FAST", anonymous_identity="FAST",
-                           identity="user", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                           phase1="fast_provisioning=2",
-                           pac_file="blob://fast_pac_auth",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "wpabuf_alloc;eap_fast_tlv_eap_payload"),
-             (1, "eap_fast_derive_key;eap_fast_derive_key_auth"),
-             (1, "eap_msg_alloc;eap_peer_tls_phase2_nak"),
-             (1, "wpabuf_alloc;eap_fast_tlv_result"),
-             (1, "wpabuf_alloc;eap_fast_tlv_pac_ack"),
-             (1, "=eap_peer_tls_derive_session_id;eap_fast_process_crypto_binding"),
-             (1, "eap_peer_tls_decrypt;eap_fast_decrypt"),
-             (1, "eap_fast_getKey"),
-             (1, "eap_fast_get_session_id"),
-             (1, "eap_fast_get_emsk")]
-    for count, func in tests:
-        dev[0].request("SET blob fast_pac_auth_errors ")
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="FAST", anonymous_identity="FAST",
-                           identity="user@example.com", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                           phase1="fast_provisioning=2",
-                           pac_file="blob://fast_pac_auth_errors",
-                           erp="1",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_fast_derive_key;eap_fast_derive_key_provisioning"),
-             (1, "eap_mschapv2_getKey;eap_fast_get_phase2_key"),
-             (1, "=eap_fast_use_pac_opaque"),
-             (1, "eap_fast_copy_buf"),
-             (1, "=eap_fast_add_pac"),
-             (1, "=eap_fast_init_pac_data"),
-             (1, "=eap_fast_write_pac"),
-             (2, "=eap_fast_write_pac")]
-    for count, func in tests:
-        dev[0].request("SET blob fast_pac_errors ")
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="FAST", anonymous_identity="FAST",
-                           identity="user", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           phase1="fast_provisioning=1",
-                           pac_file="blob://fast_pac_errors",
-                           erp="1",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_fast_get_cmk;eap_fast_process_crypto_binding"),
-             (1, "eap_fast_derive_eap_msk;eap_fast_process_crypto_binding"),
-             (1, "eap_fast_derive_eap_emsk;eap_fast_process_crypto_binding")]
-    for count, func in tests:
-        dev[0].request("SET blob fast_pac_auth_errors ")
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="FAST", anonymous_identity="FAST",
-                           identity="user", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                           phase1="fast_provisioning=2",
-                           pac_file="blob://fast_pac_auth_errors",
-                           erp="1",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    dev[0].request("SET blob fast_pac_errors ")
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="FAST", anonymous_identity="FAST",
-                   identity="user", password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                   phase1="fast_provisioning=1",
-                   pac_file="blob://fast_pac_errors",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    # EAP-FAST: Only EAP-MSCHAPv2 is allowed during unauthenticated
-    # provisioning; reject phase2 type 6
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP failure")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    logger.info("Wrong password in Phase 2")
-    dev[0].request("SET blob fast_pac_errors ")
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="FAST", anonymous_identity="FAST",
-                   identity="user", password="wrong password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   phase1="fast_provisioning=1",
-                   pac_file="blob://fast_pac_errors",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP failure")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    tests = ["FOOBAR\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nFOOBAR\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nSTART\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Type=12345\nEND\n"
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=12\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=1\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=1q\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Opaque=1\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nA-ID=1\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nI-ID=1\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nA-ID-Info=1\nEND\n"]
-    for pac in tests:
-        blob = binascii.hexlify(pac.encode()).decode()
-        dev[0].request("SET blob fast_pac_errors " + blob)
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="FAST", anonymous_identity="FAST",
-                       identity="user", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                       phase1="fast_provisioning=2",
-                       pac_file="blob://fast_pac_errors",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                               timeout=5)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    tests = ["wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nEND\n",
-             "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nEND\nSTART\nEND\nSTART\nEND\n"]
-    for pac in tests:
-        blob = binascii.hexlify(pac.encode()).decode()
-        dev[0].request("SET blob fast_pac_errors " + blob)
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="FAST", anonymous_identity="FAST",
-                       identity="user", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
-                       phase1="fast_provisioning=2",
-                       pac_file="blob://fast_pac_errors")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("SET blob fast_pac_errors ")
-
-def test_eap_proto_peap_errors_server(dev, apdev):
-    """EAP-PEAP local error cases on server"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [(1, "get_asymetric_start_key;eap_mschapv2_getKey"),
-             (1, "generate_authenticator_response_pwhash;eap_mschapv2_process_response"),
-             (1, "hash_nt_password_hash;eap_mschapv2_process_response"),
-             (1, "get_master_key;eap_mschapv2_process_response")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="PEAP", anonymous_identity="peap",
-                           identity="user", password="password",
-                           phase1="peapver=0 crypto_binding=2",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-            if ev is None:
-                raise Exception("EAP-Failure not reported")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_eap_proto_peap_errors(dev, apdev):
-    """EAP-PEAP local error cases"""
-    check_eap_capa(dev[0], "PEAP")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i, "eap_peap_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PEAP", anonymous_identity="peap",
-                           identity="user", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_mschapv2_getKey;eap_peap_get_isk;eap_peap_derive_cmk"),
-             (1, "eap_msg_alloc;eap_tlv_build_result"),
-             (1, "eap_mschapv2_init;eap_peap_phase2_request"),
-             (1, "eap_peer_tls_decrypt;eap_peap_decrypt"),
-             (1, "wpabuf_alloc;=eap_peap_decrypt"),
-             (1, "eap_peer_tls_encrypt;eap_peap_decrypt"),
-             (1, "eap_peer_tls_process_helper;eap_peap_process"),
-             (1, "eap_peer_tls_derive_key;eap_peap_process"),
-             (1, "eap_peer_tls_derive_session_id;eap_peap_process"),
-             (1, "eap_peap_getKey"),
-             (1, "eap_peap_get_session_id")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PEAP", anonymous_identity="peap",
-                           identity="user", password="password",
-                           phase1="peapver=0 crypto_binding=2",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "peap_prfplus;eap_peap_derive_cmk"),
-             (1, "eap_tlv_add_cryptobinding;eap_tlv_build_result"),
-             (1, "peap_prfplus;eap_peap_getKey"),
-             (1, "get_asymetric_start_key;eap_mschapv2_getKey")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="PEAP", anonymous_identity="peap",
-                           identity="user", password="password",
-                           phase1="peapver=0 crypto_binding=2",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    with alloc_fail(dev[0], 1,
-                    "eap_peer_tls_phase2_nak;eap_peap_phase2_request"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="PEAP", anonymous_identity="peap",
-                       identity="cert user", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_eap_proto_ttls_errors(dev, apdev):
-    """EAP-TTLS local error cases"""
-    check_eap_capa(dev[0], "TTLS")
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i, "eap_ttls_init"):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="TTLS", anonymous_identity="ttls",
-                           identity="user", password="password",
-                           ca_cert="auth_serv/ca.pem",
-                           phase2="autheap=MSCHAPV2",
-                           wait_connect=False)
-            ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"],
-                                   timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "eap_peer_tls_derive_key;eap_ttls_v0_derive_key",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_peer_tls_derive_session_id;eap_ttls_v0_derive_key",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "wpabuf_alloc;eap_ttls_phase2_request_mschapv2",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschapv2",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_implicit_identity_request",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_peer_tls_decrypt;eap_ttls_decrypt",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_ttls_getKey",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_ttls_get_session_id",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_ttls_get_emsk",
-              "mschapv2 user@domain", "auth=MSCHAPV2"),
-             (1, "wpabuf_alloc;eap_ttls_phase2_request_mschap",
-              "mschap user", "auth=MSCHAP"),
-             (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschap",
-              "mschap user", "auth=MSCHAP"),
-             (1, "wpabuf_alloc;eap_ttls_phase2_request_chap",
-              "chap user", "auth=CHAP"),
-             (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_chap",
-              "chap user", "auth=CHAP"),
-             (1, "wpabuf_alloc;eap_ttls_phase2_request_pap",
-              "pap user", "auth=PAP"),
-             (1, "wpabuf_alloc;eap_ttls_avp_encapsulate",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_mschapv2_init;eap_ttls_phase2_request_eap_method",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_sm_buildIdentity;eap_ttls_phase2_request_eap",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_ttls_avp_encapsulate;eap_ttls_phase2_request_eap",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_ttls_parse_attr_eap",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_process_decrypted",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_ttls_fake_identity_request",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_msg_alloc;eap_tls_process_output",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_msg_alloc;eap_peer_tls_build_ack",
-              "user", "autheap=MSCHAPV2"),
-             (1, "eap_peer_tls_phase2_nak;eap_ttls_phase2_request_eap_method",
-              "cert user", "autheap=MSCHAPV2")]
-    tls = dev[0].request("GET tls_library")
-    if tls.startswith("internal"):
-        tests += [(1, "tlsv1_client_decrypt;eap_peer_tls_decrypt",
-                   "user", "autheap=MSCHAPV2")]
-    else:
-        tests += [(1, "tls_connection_decrypt;eap_peer_tls_decrypt",
-                   "user", "autheap=MSCHAPV2")]
-    for count, func, identity, phase2 in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="TTLS", anonymous_identity="ttls",
-                           identity=identity, password="password",
-                           ca_cert="auth_serv/ca.pem", phase2=phase2,
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL",
-                              note="Allocation failure not triggered for: %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "os_get_random;eap_ttls_phase2_request_mschapv2"),
-             (1, "mschapv2_derive_response;eap_ttls_phase2_request_mschapv2")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="TTLS", anonymous_identity="ttls",
-                           identity="DOMAIN\mschapv2 user", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_FAIL",
-                              note="Test failure not triggered for: %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    tests = [(1, "nt_challenge_response;eap_ttls_phase2_request_mschap")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="TTLS", anonymous_identity="ttls",
-                           identity="mschap user", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
-                           erp="1", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_FAIL",
-                              note="Test failure not triggered for: %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_eap_proto_expanded(dev, apdev):
-    """EAP protocol tests with expanded header"""
-    global eap_proto_expanded_test_done
-    eap_proto_expanded_test_done = False
-
-    def expanded_handler(ctx, req):
-        logger.info("expanded_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MD5 challenge in expanded header")
-            return struct.pack(">BBHB3BLBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 3,
-                               EAP_TYPE_EXPANDED, 0, 0, 0, EAP_TYPE_MD5,
-                               1, 0xaa, ord('n'))
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid expanded EAP length")
-            return struct.pack(">BBHB3BH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 2,
-                               EAP_TYPE_EXPANDED, 0, 0, 0, EAP_TYPE_MD5)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid expanded frame type")
-            return struct.pack(">BBHB3BL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_EXPANDED, 0, 0, 1, EAP_TYPE_MD5)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: MSCHAPv2 Challenge")
-            return struct.pack(">BBHBBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 4 + 1 + 16 + 6,
-                               EAP_TYPE_MSCHAPV2,
-                               1, 0, 4 + 1 + 16 + 6, 16) + 16*b'A' + b'foobar'
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid expanded frame type")
-            return struct.pack(">BBHB3BL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4,
-                               EAP_TYPE_EXPANDED, 0, 0, 1, EAP_TYPE_MSCHAPV2)
-
-        logger.info("No more test responses available - test case completed")
-        global eap_proto_expanded_test_done
-        eap_proto_expanded_test_done = True
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(expanded_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_expanded_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            if i == 4:
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MSCHAPV2", identity="user",
-                               password="password",
-                               wait_connect=False)
-            else:
-                dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                               eap="MD5", identity="user", password="password",
-                               wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            if i in [1]:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-                if ev is None:
-                    raise Exception("Timeout on EAP method start")
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            elif i in [2, 3]:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                       timeout=5)
-                if ev is None:
-                    raise Exception("Timeout on EAP proposed method")
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            else:
-                time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_tls(dev, apdev):
-    """EAP-TLS protocol tests"""
-    check_eap_capa(dev[0], "TLS")
-    global eap_proto_tls_test_done, eap_proto_tls_test_wait
-    eap_proto_tls_test_done = False
-    eap_proto_tls_test_wait = False
-
-    def tls_handler(ctx, req):
-        logger.info("tls_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        global eap_proto_tls_test_wait
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too much payload in TLS/Start: TLS Message Length (0 bytes) smaller than this fragment (1 bytes)")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_TLS, 0xa0, 0, 1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragmented TLS/Start")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_TLS, 0xe0, 2, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too long fragment of TLS/Start: Invalid reassembly state: tls_in_left=2 tls_in_len=0 in_len=0")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2,
-                               EAP_TYPE_TLS, 0x00, 2, 3)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TLS/Start")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TLS, 0x20)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragmented TLS message")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_TLS, 0xc0, 2, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid TLS message: no Flags octet included + workaround")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_TLS)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Too long fragment of TLS message: more data than TLS message length indicated")
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2,
-                               EAP_TYPE_TLS, 0x00, 2, 3)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragmented TLS/Start and truncated Message Length field")
-            return struct.pack(">BBHBB3B", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 3,
-                               EAP_TYPE_TLS, 0xe0, 1, 2, 3)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TLS/Start")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TLS, 0x20)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragmented TLS message")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_TLS, 0xc0, 2, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid TLS message: no Flags octet included + workaround disabled")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_TLS)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TLS/Start")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TLS, 0x20)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragmented TLS message (long; first)")
-            payload = 1450*b'A'
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + len(payload),
-                               EAP_TYPE_TLS, 0xc0, 65536) + payload
-        # "Too long TLS fragment (size over 64 kB)" on the last one
-        for i in range(44):
-            idx += 1
-            if ctx['num'] == idx:
-                logger.info("Test: Fragmented TLS message (long; cont %d)" % i)
-                eap_proto_tls_test_wait = True
-                payload = 1470*b'A'
-                return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                                   4 + 1 + 1 + len(payload),
-                                   EAP_TYPE_TLS, 0x40) + payload
-        eap_proto_tls_test_wait = False
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TLS/Start")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TLS, 0x20)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Non-ACK to more-fragment message")
-            return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 1,
-                               EAP_TYPE_TLS, 0x00, 255)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Failure")
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        logger.info("No more test responses available - test case completed")
-        global eap_proto_tls_test_done
-        eap_proto_tls_test_done = True
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(tls_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_tls_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            workaround = "0" if i == 6 else "1"
-            fragment_size = "100" if i == 8 else "1400"
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="TLS", identity="tls user",
-                           ca_cert="auth_serv/ca.pem",
-                           client_cert="auth_serv/user.pem",
-                           private_key="auth_serv/user.key",
-                           eap_workaround=workaround,
-                           fragment_size=fragment_size,
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD",
-                                    "CTRL-EVENT-EAP-STATUS"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP method start")
-            time.sleep(0.1)
-            start = os.times()[4]
-            while eap_proto_tls_test_wait:
-                now = os.times()[4]
-                if now - start > 10:
-                    break
-                time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_tnc(dev, apdev):
-    """EAP-TNC protocol tests"""
-    check_eap_capa(dev[0], "TNC")
-    global eap_proto_tnc_test_done
-    eap_proto_tnc_test_done = False
-
-    def tnc_handler(ctx, req):
-        logger.info("tnc_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNC start with unsupported version")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x20)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNC without Flags field")
-            return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1,
-                               EAP_TYPE_TNC)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Message underflow due to missing Message Length")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0xa1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid Message Length")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_TNC, 0xa1, 0, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid Message Length")
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_TNC, 0xe1, 75001)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Start with Message Length")
-            return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4,
-                               EAP_TYPE_TNC, 0xa1, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Server used start flag again")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragmentation and unexpected payload in ack")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x01)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 1,
-                               EAP_TYPE_TNC, 0x01, 0)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Server fragmenting and fragment overflow")
-            return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 4 + 1,
-                               EAP_TYPE_TNC, 0xe1, 2, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 2,
-                               EAP_TYPE_TNC, 0x01, 2, 3)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Server fragmenting and no message length in a fragment")
-            return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + 1,
-                               EAP_TYPE_TNC, 0x61, 2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNC start followed by invalid TNCCS-Batch")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"FOO"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNC start followed by invalid TNCCS-Batch (2)")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"</TNCCS-Batch><TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNCCS-Batch missing BatchId attribute")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch    foo=3></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected IF-TNCCS BatchId")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch    BatchId=123456789></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing IMC-IMV-Message and TNCC-TNCS-Message end tags")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><IMC-IMV-Message><TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing IMC-IMV-Message and TNCC-TNCS-Message Type")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><IMC-IMV-Message></IMC-IMV-Message><TNCC-TNCS-Message></TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing TNCC-TNCS-Message XML end tag")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML></TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing TNCC-TNCS-Message Base64 start tag")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type></TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing TNCC-TNCS-Message Base64 end tag")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><Base64>abc</TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNCC-TNCS-Message Base64 message")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><Base64>aGVsbG8=</Base64></TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid TNCC-TNCS-Message XML message")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b"<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML>hello</XML></TNCC-TNCS-Message></TNCCS-Batch>"
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing TNCCS-Recommendation type")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b'<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation foo=1></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNCCS-Recommendation type=none")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b'<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation type="none"></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: TNCCS-Recommendation type=isolate")
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1,
-                               EAP_TYPE_TNC, 0x21)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Received TNCCS-Batch: " + binascii.hexlify(req[6:]).decode())
-            resp = b'<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation type="isolate"></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(resp),
-                               EAP_TYPE_TNC, 0x01) + resp
-        idx += 1
-        if ctx['num'] == idx:
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        logger.info("No more test responses available - test case completed")
-        global eap_proto_tnc_test_done
-        eap_proto_tnc_test_done = True
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(tnc_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_tnc_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            frag = 1400
-            if i == 8:
-                frag = 150
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                           eap="TNC", identity="tnc", fragment_size=str(frag),
-                           wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD",
-                                    "CTRL-EVENT-EAP-STATUS"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP method start")
-            time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_canned_success_after_identity(dev, apdev):
-    """EAP protocol tests for canned EAP-Success after identity"""
-    check_eap_capa(dev[0], "MD5")
-    def eap_canned_success_handler(ctx, req):
-        logger.info("eap_canned_success_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: EAP-Success")
-            return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
-
-        return None
-
-    srv = start_radius_server(eap_canned_success_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       phase1="allow_canned_success=1",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="user", password="password",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected EAP success")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_proto_wsc(dev, apdev):
-    """EAP-WSC protocol tests"""
-    global eap_proto_wsc_test_done, eap_proto_wsc_wait_failure
-    eap_proto_wsc_test_done = False
-
-    def wsc_handler(ctx, req):
-        logger.info("wsc_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] += 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        global eap_proto_wsc_wait_failure
-        eap_proto_wsc_wait_failure = False
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Missing Flags field")
-            return struct.pack(">BBHB3BLB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 1,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Message underflow (missing Message Length field)")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x02)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid Message Length (> 50000)")
-            return struct.pack(">BBHB3BLBBH", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 4,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x02, 65535)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Invalid Message Length (< current payload)")
-            return struct.pack(">BBHB3BLBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 5,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x02, 0, 0xff)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Op-Code 5 in WAIT_START state")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               5, 0x00)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid WSC Start to start the sequence")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x00)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: No Message Length field in a fragmented packet")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               4, 0x01)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid WSC Start to start the sequence")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x00)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first fragmented packet")
-            return struct.pack(">BBHB3BLBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 5,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               4, 0x03, 10, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Op-Code 5 in fragment (expected 4)")
-            return struct.pack(">BBHB3BLBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 3,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               5, 0x01, 2)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid WSC Start to start the sequence")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x00)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid first fragmented packet")
-            return struct.pack(">BBHB3BLBBHB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 5,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               4, 0x03, 2, 1)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Fragment overflow")
-            return struct.pack(">BBHB3BLBBBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 4,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               4, 0x01, 2, 3)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid WSC Start to start the sequence")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x00)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Unexpected Op-Code 5 in WAIT_FRAG_ACK state")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               5, 0x00)
-
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("Test: Valid WSC Start")
-            return struct.pack(">BBHB3BLBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 3 + 4 + 2,
-                               EAP_TYPE_EXPANDED, 0x00, 0x37, 0x2a, 1,
-                               1, 0x00)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("No more test responses available - test case completed")
-            global eap_proto_wsc_test_done
-            eap_proto_wsc_test_done = True
-            eap_proto_wsc_wait_failure = True
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(wsc_handler)
-
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-        i = 0
-        while not eap_proto_wsc_test_done:
-            i += 1
-            logger.info("Running connection iteration %d" % i)
-            fragment_size = 1398 if i != 9 else 50
-            dev[0].connect("eap-test", key_mgmt="WPA-EAP", eap="WSC",
-                           fragment_size=str(fragment_size),
-                           identity="WFA-SimpleConfig-Enrollee-1-0",
-                           phase1="pin=12345670",
-                           scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-            if ev is None:
-                raise Exception("Timeout on EAP method start")
-            if eap_proto_wsc_wait_failure:
-                ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-                if ev is None:
-                    raise Exception("Timeout on EAP failure")
-            else:
-                time.sleep(0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected(timeout=1)
-            dev[0].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_canned_success_before_method(dev, apdev):
-    """EAP protocol tests for canned EAP-Success before any method"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    bssid = apdev[0]['bssid']
-    hapd.request("SET ext_eapol_frame_io 1")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   phase1="allow_canned_success=1",
-                   eap="MD5", identity="user", password="password",
-                   wait_connect=False)
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-
-    res = dev[0].request("EAPOL_RX " + bssid + " 0200000403020004")
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP success")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_eap_canned_failure_before_method(dev, apdev):
-    """EAP protocol tests for canned EAP-Failure before any method"""
-    params = int_eap_server_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    bssid = apdev[0]['bssid']
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
-                   phase1="allow_canned_success=1",
-                   eap="MD5", identity="user", password="password",
-                   wait_connect=False)
-
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-
-    res = dev[0].request("EAPOL_RX " + bssid + " 0200000404020004")
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on EAP failure")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_eap_nak_oom(dev, apdev):
-    """EAP-Nak OOM"""
-    check_eap_capa(dev[0], "MD5")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_sm_buildNak"):
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="MD5", identity="sake user", password="password",
-                       wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_eap_nak_expanded(dev, apdev):
-    """EAP-Nak with expanded method"""
-    check_eap_capa(dev[0], "MD5")
-    check_eap_capa(dev[0], "VENDOR-TEST")
-    params = hostapd.wpa2_eap_params(ssid="eap-test")
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="VENDOR-TEST WSC",
-                   identity="sake user", password="password",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
-    if ev is None or "NAK" not in ev:
-        raise Exception("No NAK event seen")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("No EAP-Failure seen")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-EAP_TLV_RESULT_TLV = 3
-EAP_TLV_NAK_TLV = 4
-EAP_TLV_ERROR_CODE_TLV = 5
-EAP_TLV_CONNECTION_BINDING_TLV = 6
-EAP_TLV_VENDOR_SPECIFIC_TLV = 7
-EAP_TLV_URI_TLV = 8
-EAP_TLV_EAP_PAYLOAD_TLV = 9
-EAP_TLV_INTERMEDIATE_RESULT_TLV = 10
-EAP_TLV_PAC_TLV = 11
-EAP_TLV_CRYPTO_BINDING_TLV = 12
-EAP_TLV_CALLING_STATION_ID_TLV = 13
-EAP_TLV_CALLED_STATION_ID_TLV = 14
-EAP_TLV_NAS_PORT_TYPE_TLV = 15
-EAP_TLV_SERVER_IDENTIFIER_TLV = 16
-EAP_TLV_IDENTITY_TYPE_TLV = 17
-EAP_TLV_SERVER_TRUSTED_ROOT_TLV = 18
-EAP_TLV_REQUEST_ACTION_TLV = 19
-EAP_TLV_PKCS7_TLV = 20
-
-EAP_TLV_RESULT_SUCCESS = 1
-EAP_TLV_RESULT_FAILURE = 2
-
-EAP_TLV_TYPE_MANDATORY = 0x8000
-EAP_TLV_TYPE_MASK = 0x3fff
-
-PAC_TYPE_PAC_KEY = 1
-PAC_TYPE_PAC_OPAQUE = 2
-PAC_TYPE_CRED_LIFETIME = 3
-PAC_TYPE_A_ID = 4
-PAC_TYPE_I_ID = 5
-PAC_TYPE_A_ID_INFO = 7
-PAC_TYPE_PAC_ACKNOWLEDGEMENT = 8
-PAC_TYPE_PAC_INFO = 9
-PAC_TYPE_PAC_TYPE = 10
-
-def eap_fast_start(ctx):
-    logger.info("Send EAP-FAST/Start")
-    return struct.pack(">BBHBBHH", EAP_CODE_REQUEST, ctx['id'],
-                       4 + 1 + 1 + 4 + 16,
-                       EAP_TYPE_FAST, 0x21, 4, 16) + 16*b'A'
-
-def test_eap_fast_proto(dev, apdev):
-    """EAP-FAST Phase protocol testing"""
-    check_eap_capa(dev[0], "FAST")
-    global eap_fast_proto_ctx
-    eap_fast_proto_ctx = None
-
-    def eap_handler(ctx, req):
-        logger.info("eap_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        global eap_fast_proto_ctx
-        eap_fast_proto_ctx = ctx
-        ctx['test_done'] = False
-
-        idx += 1
-        if ctx['num'] == idx:
-            return eap_fast_start(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            logger.info("EAP-FAST: TLS processing failed")
-            data = b'ABCDEFGHIK'
-            return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                               4 + 1 + 1 + len(data),
-                               EAP_TYPE_FAST, 0x01) + data
-        idx += 1
-        if ctx['num'] == idx:
-            ctx['test_done'] = True
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        logger.info("Past last test case")
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(eap_handler)
-    try:
-        hapd = start_ap(apdev[0])
-        dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="FAST", anonymous_identity="FAST",
-                       identity="user", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       phase1="fast_provisioning=1",
-                       pac_file="blob://fast_pac_proto",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-        if ev is None:
-            raise Exception("Could not start EAP-FAST")
-        ok = False
-        for i in range(100):
-            if eap_fast_proto_ctx:
-                if eap_fast_proto_ctx['test_done']:
-                    ok = True
-                    break
-            time.sleep(0.05)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    finally:
-        stop_radius_server(srv)
-
-def run_eap_fast_phase2(dev, test_payload, test_failure=True):
-    global eap_fast_proto_ctx
-    eap_fast_proto_ctx = None
-
-    def ssl_info_callback(conn, where, ret):
-        logger.debug("SSL: info where=%d ret=%d" % (where, ret))
-
-    def log_conn_state(conn):
-        try:
-            state = conn.state_string()
-        except AttributeError:
-            state = conn.get_state_string()
-        if state:
-            logger.info("State: " + str(state))
-
-    def process_clienthello(ctx, payload):
-        logger.info("Process ClientHello")
-        ctx['sslctx'] = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
-        ctx['sslctx'].set_info_callback(ssl_info_callback)
-        ctx['sslctx'].load_tmp_dh("auth_serv/dh.conf")
-        if OpenSSL.SSL.OPENSSL_VERSION_NUMBER >= 0x10100000:
-            ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0")
-        else:
-            ctx['sslctx'].set_cipher_list("ADH-AES128-SHA")
-        ctx['conn'] = OpenSSL.SSL.Connection(ctx['sslctx'], None)
-        ctx['conn'].set_accept_state()
-        log_conn_state(ctx['conn'])
-        ctx['conn'].bio_write(payload)
-        try:
-            ctx['conn'].do_handshake()
-        except OpenSSL.SSL.WantReadError:
-            pass
-        log_conn_state(ctx['conn'])
-        data = ctx['conn'].bio_read(4096)
-        log_conn_state(ctx['conn'])
-        return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                           4 + 1 + 1 + len(data),
-                           EAP_TYPE_FAST, 0x01) + data
-
-    def process_clientkeyexchange(ctx, payload, appl_data):
-        logger.info("Process ClientKeyExchange")
-        log_conn_state(ctx['conn'])
-        ctx['conn'].bio_write(payload)
-        try:
-            ctx['conn'].do_handshake()
-        except OpenSSL.SSL.WantReadError:
-            pass
-        ctx['conn'].send(appl_data)
-        log_conn_state(ctx['conn'])
-        data = ctx['conn'].bio_read(4096)
-        log_conn_state(ctx['conn'])
-        return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
-                           4 + 1 + 1 + len(data),
-                           EAP_TYPE_FAST, 0x01) + data
-
-    def eap_handler(ctx, req):
-        logger.info("eap_handler - RX " + binascii.hexlify(req).decode())
-        if 'num' not in ctx:
-            ctx['num'] = 0
-        ctx['num'] = ctx['num'] + 1
-        if 'id' not in ctx:
-            ctx['id'] = 1
-        ctx['id'] = (ctx['id'] + 1) % 256
-        idx = 0
-
-        global eap_fast_proto_ctx
-        eap_fast_proto_ctx = ctx
-        ctx['test_done'] = False
-        logger.debug("ctx['num']=%d" % ctx['num'])
-
-        idx += 1
-        if ctx['num'] == idx:
-            return eap_fast_start(ctx)
-        idx += 1
-        if ctx['num'] == idx:
-            return process_clienthello(ctx, req[6:])
-        idx += 1
-        if ctx['num'] == idx:
-            if not test_failure:
-                ctx['test_done'] = True
-            return process_clientkeyexchange(ctx, req[6:], test_payload)
-        idx += 1
-        if ctx['num'] == idx:
-            ctx['test_done'] = True
-            return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-        logger.info("Past last test case")
-        return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
-
-    srv = start_radius_server(eap_handler)
-    try:
-        dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
-                       eap="FAST", anonymous_identity="FAST",
-                       identity="user", password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                       phase1="fast_provisioning=1",
-                       pac_file="blob://fast_pac_proto",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=5)
-        if ev is None:
-            raise Exception("Could not start EAP-FAST")
-        dev[0].dump_monitor()
-        ok = False
-        for i in range(100):
-            if eap_fast_proto_ctx:
-                if eap_fast_proto_ctx['test_done']:
-                    ok = True
-                    break
-            time.sleep(0.05)
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        if not ok:
-            raise Exception("EAP-FAST TLS exchange did not complete")
-        for i in range(3):
-            dev[i].dump_monitor()
-    finally:
-        stop_radius_server(srv)
-
-def test_eap_fast_proto_phase2(dev, apdev):
-    """EAP-FAST Phase 2 protocol testing"""
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-    check_eap_capa(dev[0], "FAST")
-    hapd = start_ap(apdev[0])
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    tests = [("Too short Phase 2 TLV frame (len=3)",
-              "ABC",
-              False),
-             ("EAP-FAST: TLV overflow",
-              struct.pack(">HHB", 0, 2, 0xff),
-              False),
-             ("EAP-FAST: Unknown TLV (optional and mandatory)",
-              struct.pack(">HHB", 0, 1, 0xff) +
-              struct.pack(">HHB", EAP_TLV_TYPE_MANDATORY, 1, 0xff),
-              True),
-             ("EAP-FAST: More than one EAP-Payload TLV in the message",
-              struct.pack(">HHBHHB",
-                          EAP_TLV_EAP_PAYLOAD_TLV, 1, 0xff,
-                          EAP_TLV_EAP_PAYLOAD_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: Unknown Result 255 and More than one Result TLV in the message",
-              struct.pack(">HHHHHH",
-                          EAP_TLV_RESULT_TLV, 2, 0xff,
-                          EAP_TLV_RESULT_TLV, 2, 0xff),
-              True),
-             ("EAP-FAST: Too short Result TLV",
-              struct.pack(">HHB", EAP_TLV_RESULT_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: Unknown Intermediate Result 255 and More than one Intermediate-Result TLV in the message",
-              struct.pack(">HHHHHH",
-                          EAP_TLV_INTERMEDIATE_RESULT_TLV, 2, 0xff,
-                          EAP_TLV_INTERMEDIATE_RESULT_TLV, 2, 0xff),
-              True),
-             ("EAP-FAST: Too short Intermediate-Result TLV",
-              struct.pack(">HHB", EAP_TLV_INTERMEDIATE_RESULT_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: More than one Crypto-Binding TLV in the message",
-              struct.pack(">HH", EAP_TLV_CRYPTO_BINDING_TLV, 60) + 60*b'A' +
-              struct.pack(">HH", EAP_TLV_CRYPTO_BINDING_TLV, 60) + 60*b'A',
-              True),
-             ("EAP-FAST: Too short Crypto-Binding TLV",
-              struct.pack(">HHB", EAP_TLV_CRYPTO_BINDING_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: More than one Request-Action TLV in the message",
-              struct.pack(">HHBBHHBB",
-                          EAP_TLV_REQUEST_ACTION_TLV, 2, 0xff, 0xff,
-                          EAP_TLV_REQUEST_ACTION_TLV, 2, 0xff, 0xff),
-              True),
-             ("EAP-FAST: Too short Request-Action TLV",
-              struct.pack(">HHB", EAP_TLV_REQUEST_ACTION_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: More than one PAC TLV in the message",
-              struct.pack(">HHBHHB",
-                          EAP_TLV_PAC_TLV, 1, 0xff,
-                          EAP_TLV_PAC_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: Too short EAP Payload TLV (Len=3)",
-              struct.pack(">HH3B",
-                          EAP_TLV_EAP_PAYLOAD_TLV, 3, 0, 0, 0),
-              False),
-             ("EAP-FAST: Too short Phase 2 request (Len=0)",
-              struct.pack(">HHBBH",
-                          EAP_TLV_EAP_PAYLOAD_TLV, 4,
-                          EAP_CODE_REQUEST, 0, 0),
-              False),
-             ("EAP-FAST: EAP packet overflow in EAP Payload TLV",
-              struct.pack(">HHBBH",
-                          EAP_TLV_EAP_PAYLOAD_TLV, 4,
-                          EAP_CODE_REQUEST, 0, 4 + 1),
-              False),
-             ("EAP-FAST: Unexpected code=0 in Phase 2 EAP header",
-              struct.pack(">HHBBH",
-                          EAP_TLV_EAP_PAYLOAD_TLV, 4,
-                          0, 0, 0),
-              False),
-             ("EAP-FAST: PAC TLV without Result TLV acknowledging success",
-              struct.pack(">HHB", EAP_TLV_PAC_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: PAC TLV does not include all the required fields",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHB", EAP_TLV_PAC_TLV, 1, 0xff),
-              True),
-             ("EAP-FAST: Invalid PAC-Key length 0, Ignored unknown PAC type 0, and PAC TLV overrun (type=0 len=2 left=1)",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHHHHHHHB", EAP_TLV_PAC_TLV, 4 + 4 + 5,
-                          PAC_TYPE_PAC_KEY, 0, 0, 0, 0, 2, 0),
-              True),
-             ("EAP-FAST: PAC-Info does not include all the required fields",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHHHHHHH", EAP_TLV_PAC_TLV, 4 + 4 + 4 + 32,
-                          PAC_TYPE_PAC_OPAQUE, 0,
-                          PAC_TYPE_PAC_INFO, 0,
-                          PAC_TYPE_PAC_KEY, 32) + 32*b'A',
-              True),
-             ("EAP-FAST: Invalid CRED_LIFETIME length, Ignored unknown PAC-Info type 0, and Invalid PAC-Type length 1",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHHHHHHHHHHHBHH", EAP_TLV_PAC_TLV, 4 + 4 + 13 + 4 + 32,
-                          PAC_TYPE_PAC_OPAQUE, 0,
-                          PAC_TYPE_PAC_INFO, 13, PAC_TYPE_CRED_LIFETIME, 0,
-                          0, 0, PAC_TYPE_PAC_TYPE, 1, 0,
-                          PAC_TYPE_PAC_KEY, 32) + 32*b'A',
-              True),
-             ("EAP-FAST: Unsupported PAC-Type 0",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHHHHHHHHHH", EAP_TLV_PAC_TLV, 4 + 4 + 6 + 4 + 32,
-                          PAC_TYPE_PAC_OPAQUE, 0,
-                          PAC_TYPE_PAC_INFO, 6, PAC_TYPE_PAC_TYPE, 2, 0,
-                          PAC_TYPE_PAC_KEY, 32) + 32*b'A',
-              True),
-             ("EAP-FAST: PAC-Info overrun (type=0 len=2 left=1)",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHHHHHHHBHH", EAP_TLV_PAC_TLV, 4 + 4 + 5 + 4 + 32,
-                          PAC_TYPE_PAC_OPAQUE, 0,
-                          PAC_TYPE_PAC_INFO, 5, 0, 2, 1,
-                          PAC_TYPE_PAC_KEY, 32) + 32*b'A',
-              True),
-             ("EAP-FAST: Valid PAC",
-              struct.pack(">HHH", EAP_TLV_RESULT_TLV, 2,
-                          EAP_TLV_RESULT_SUCCESS) +
-              struct.pack(">HHHHHHHHBHHBHH", EAP_TLV_PAC_TLV,
-                          4 + 4 + 10 + 4 + 32,
-                          PAC_TYPE_PAC_OPAQUE, 0,
-                          PAC_TYPE_PAC_INFO, 10, PAC_TYPE_A_ID, 1, 0x41,
-                          PAC_TYPE_A_ID_INFO, 1, 0x42,
-                          PAC_TYPE_PAC_KEY, 32) + 32*b'A',
-              True),
-             ("EAP-FAST: Invalid version/subtype in Crypto-Binding TLV",
-              struct.pack(">HH", EAP_TLV_CRYPTO_BINDING_TLV, 60) + 60*b'A',
-              True)]
-    for title, payload, failure in tests:
-        logger.info("Phase 2 test: " + title)
-        run_eap_fast_phase2(dev, payload, failure)
-
-def test_eap_fast_tlv_nak_oom(dev, apdev):
-    """EAP-FAST Phase 2 TLV NAK OOM"""
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-    check_eap_capa(dev[0], "FAST")
-    hapd = start_ap(apdev[0])
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    with alloc_fail(dev[0], 1, "eap_fast_tlv_nak"):
-        run_eap_fast_phase2(dev, struct.pack(">HHB", EAP_TLV_TYPE_MANDATORY,
-                                             1, 0xff), False)
diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py
deleted file mode 100644
index 6ca1259ab1a1..000000000000
--- a/tests/hwsim/test_erp.py
+++ /dev/null
@@ -1,741 +0,0 @@
-# EAP Re-authentication Protocol (ERP) tests
-# Copyright (c) 2014-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import logging
-logger = logging.getLogger()
-import os
-import time
-
-import hostapd
-from utils import *
-from test_ap_eap import int_eap_server_params
-from test_ap_psk import find_wpas_process, read_process_memory, verify_not_present, get_key_locations
-
-def test_erp_initiate_reauth_start(dev, apdev):
-    """Authenticator sending EAP-Initiate/Re-auth-Start, but ERP disabled on peer"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PAX", identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-def test_erp_enabled_on_server(dev, apdev):
-    """ERP enabled on internal EAP server, but disabled on peer"""
-    params = int_eap_server_params()
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PAX", identity="pax.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-def test_erp(dev, apdev):
-    """ERP enabled on server and peer"""
-    check_erp_capa(dev[0])
-    params = int_eap_server_params()
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-    for i in range(3):
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "EAP re-authentication completed successfully" not in ev:
-            raise Exception("Did not use ERP")
-        dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def test_erp_server_no_match(dev, apdev):
-    """ERP enabled on server and peer, but server has no key match"""
-    check_erp_capa(dev[0])
-    params = int_eap_server_params()
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=15)
-    hapd.request("ERP_FLUSH")
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-EAP-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("EAP result timed out")
-    if "CTRL-EVENT-EAP-SUCCESS" in ev:
-        raise Exception("Unexpected EAP success")
-    dev[0].request("DISCONNECT")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    if "EAP re-authentication completed successfully" in ev:
-        raise Exception("Unexpected use of ERP")
-    dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def start_erp_as(erp_domain="example.com", msk_dump=None, tls13=False,
-                 eap_user_file="auth_serv/eap_user.conf"):
-    params = {"driver": "none",
-              "interface": "as-erp",
-              "radius_server_clients": "auth_serv/radius_clients.conf",
-              "radius_server_auth_port": '18128',
-              "eap_server": "1",
-              "eap_user_file": eap_user_file,
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key",
-              "eap_sim_db": "unix:/tmp/hlr_auc_gw.sock",
-              "dh_file": "auth_serv/dh.conf",
-              "pac_opaque_encr_key": "000102030405060708090a0b0c0d0e0f",
-              "eap_fast_a_id": "101112131415161718191a1b1c1d1e1f",
-              "eap_fast_a_id_info": "test server",
-              "eap_server_erp": "1",
-              "erp_domain": erp_domain}
-    if msk_dump:
-        params["dump_msk_file"] = msk_dump
-    if tls13:
-        params["tls_flags"] = "[ENABLE-TLSv1.3]"
-    apdev = {'ifname': 'as-erp'}
-    return hostapd.add_ap(apdev, params, driver="none")
-
-def test_erp_radius(dev, apdev):
-    """ERP enabled on RADIUS server and peer"""
-    check_erp_capa(dev[0])
-    start_erp_as()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-    for i in range(3):
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "EAP re-authentication completed successfully" not in ev:
-            raise Exception("Did not use ERP")
-        dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def test_erp_radius_no_wildcard_user(dev, apdev, params):
-    """ERP enabled on RADIUS server and peer and no wildcard user"""
-    check_erp_capa(dev[0])
-    user_file = os.path.join(params['logdir'],
-                             'erp_radius_no_wildcard_user.eap_users')
-    with open(user_file, 'w') as f:
-        f.write('"user@example.com" PSK 0123456789abcdef0123456789abcdef\n')
-    start_erp_as(eap_user_file=user_file)
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PSK", identity="user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-    for i in range(3):
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "EAP re-authentication completed successfully" not in ev:
-            raise Exception("Did not use ERP")
-        dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def test_erp_radius_ext(dev, apdev):
-    """ERP enabled on a separate RADIUS server and peer"""
-    as_hapd = hostapd.Hostapd("as")
-    try:
-        as_hapd.disable()
-        as_hapd.set("eap_server_erp", "1")
-        as_hapd.set("erp_domain", "erp.example.com")
-        as_hapd.enable()
-        run_erp_radius_ext(dev, apdev)
-    finally:
-        as_hapd.disable()
-        as_hapd.set("eap_server_erp", "0")
-        as_hapd.set("erp_domain", "")
-        as_hapd.enable()
-
-def run_erp_radius_ext(dev, apdev):
-    check_erp_capa(dev[0])
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'erp.example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PSK", identity="psk@erp.example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-    for i in range(3):
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "EAP re-authentication completed successfully" not in ev:
-            raise Exception("Did not use ERP")
-        dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def erp_test(dev, hapd, reauth=False, **kwargs):
-    res = dev.get_capability("eap")
-    if kwargs['eap'] not in res:
-        logger.info("Skip ERP test with %s due to missing support" % kwargs['eap'])
-        return
-    hapd.dump_monitor()
-    dev.dump_monitor()
-    dev.request("ERP_FLUSH")
-    id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", erp="1",
-                     scan_freq="2412", **kwargs)
-    dev.request("DISCONNECT")
-    dev.wait_disconnected(timeout=15)
-    dev.dump_monitor()
-    hapd.dump_monitor()
-
-    if reauth:
-        dev.request("ERP_FLUSH")
-        dev.request("RECONNECT")
-        ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "EAP re-authentication completed successfully" in ev:
-            raise Exception("Used ERP unexpectedly")
-        dev.wait_connected(timeout=15, error="Reconnection timed out")
-        dev.request("DISCONNECT")
-        dev.wait_disconnected(timeout=15)
-        dev.dump_monitor()
-        hapd.dump_monitor()
-
-    dev.request("RECONNECT")
-    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    if "EAP re-authentication completed successfully" not in ev:
-        raise Exception("Did not use ERP")
-    dev.wait_connected(timeout=15, error="Reconnection timed out")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    dev.request("DISCONNECT")
-
-def test_erp_radius_eap_methods(dev, apdev):
-    """ERP enabled on RADIUS server and peer"""
-    check_erp_capa(dev[0])
-    eap_methods = dev[0].get_capability("eap")
-    start_erp_as()
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    erp_test(dev[0], hapd, eap="AKA", identity="0232010000000000@example.com",
-             password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-    erp_test(dev[0], hapd, reauth=True,
-             eap="AKA", identity="0232010000000000@example.com",
-             password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
-    erp_test(dev[0], hapd, eap="AKA'", identity="6555444333222111@example.com",
-             password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-    erp_test(dev[0], hapd, reauth=True,
-             eap="AKA'", identity="6555444333222111@example.com",
-             password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
-    erp_test(dev[0], hapd, eap="EKE", identity="erp-eke@example.com",
-             password="hello")
-    if "FAST" in eap_methods:
-        erp_test(dev[0], hapd, eap="FAST", identity="erp-fast@example.com",
-                 password="password", ca_cert="auth_serv/ca.pem",
-                 phase2="auth=GTC",
-                 phase1="fast_provisioning=2",
-                 pac_file="blob://fast_pac_auth_erp")
-    erp_test(dev[0], hapd, eap="GPSK", identity="erp-gpsk@example.com",
-             password="abcdefghijklmnop0123456789abcdef")
-    erp_test(dev[0], hapd, eap="IKEV2", identity="erp-ikev2@example.com",
-             password="password")
-    erp_test(dev[0], hapd, eap="PAX", identity="erp-pax@example.com",
-             password_hex="0123456789abcdef0123456789abcdef")
-    if "MSCHAPV2" in eap_methods:
-        erp_test(dev[0], hapd, eap="PEAP", identity="erp-peap@example.com",
-                 password="password", ca_cert="auth_serv/ca.pem",
-                 phase2="auth=MSCHAPV2")
-        erp_test(dev[0], hapd, eap="TEAP", identity="erp-teap@example.com",
-                 password="password", ca_cert="auth_serv/ca.pem",
-                 phase2="auth=MSCHAPV2", pac_file="blob://teap_pac")
-    erp_test(dev[0], hapd, eap="PSK", identity="erp-psk@example.com",
-             password_hex="0123456789abcdef0123456789abcdef")
-    if "PWD" in eap_methods:
-        erp_test(dev[0], hapd, eap="PWD", identity="erp-pwd@example.com",
-                 password="secret password")
-    erp_test(dev[0], hapd, eap="SAKE", identity="erp-sake@example.com",
-             password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
-    erp_test(dev[0], hapd, eap="SIM", identity="1232010000000000@example.com",
-             password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    erp_test(dev[0], hapd, reauth=True,
-             eap="SIM", identity="1232010000000000@example.com",
-             password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
-    erp_test(dev[0], hapd, eap="TLS", identity="erp-tls@example.com",
-             ca_cert="auth_serv/ca.pem", client_cert="auth_serv/user.pem",
-             private_key="auth_serv/user.key")
-    erp_test(dev[0], hapd, eap="TTLS", identity="erp-ttls@example.com",
-             password="password", ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-
-def test_erp_radius_eap_tls_v13(dev, apdev):
-    """ERP enabled on RADIUS server and peer using EAP-TLS v1.3"""
-    check_erp_capa(dev[0])
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("No TLS v1.3 support in TLS library")
-
-    eap_methods = dev[0].get_capability("eap")
-    start_erp_as(tls13=True)
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    erp_test(dev[0], hapd, eap="TLS", identity="erp-tls@example.com",
-             ca_cert="auth_serv/ca.pem", client_cert="auth_serv/user.pem",
-             private_key="auth_serv/user.key",
-             phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0")
-
-def test_erp_key_lifetime_in_memory(dev, apdev, params):
-    """ERP and key lifetime in memory"""
-    check_erp_capa(dev[0])
-    p = int_eap_server_params()
-    p['erp_send_reauth_start'] = '1'
-    p['erp_domain'] = 'example.com'
-    p['eap_server_erp'] = '1'
-    p['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], p)
-    password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
-
-    pid = find_wpas_process(dev[0])
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="pap-secret@example.com", password=password,
-                   ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                   erp="1", scan_freq="2412")
-
-    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
-    # event has been delivered, so verify that wpa_supplicant has returned to
-    # eloop before reading process memory.
-    time.sleep(1)
-    dev[0].ping()
-    password = password.encode()
-    buf = read_process_memory(pid, password)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=15)
-
-    dev[0].relog()
-    msk = None
-    emsk = None
-    rRK = None
-    rIK = None
-    pmk = None
-    ptk = None
-    gtk = None
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        for l in f.readlines():
-            if "EAP-TTLS: Derived key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                msk = binascii.unhexlify(val)
-            if "EAP-TTLS: Derived EMSK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                emsk = binascii.unhexlify(val)
-            if "EAP: ERP rRK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                rRK = binascii.unhexlify(val)
-            if "EAP: ERP rIK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                rIK = binascii.unhexlify(val)
-            if "WPA: PMK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                pmk = binascii.unhexlify(val)
-            if "WPA: PTK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                ptk = binascii.unhexlify(val)
-            if "WPA: Group Key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                gtk = binascii.unhexlify(val)
-    if not msk or not emsk or not rIK or not rRK or not pmk or not ptk or not gtk:
-        raise Exception("Could not find keys from debug log")
-    if len(gtk) != 16:
-        raise Exception("Unexpected GTK length")
-
-    kck = ptk[0:16]
-    kek = ptk[16:32]
-    tk = ptk[32:48]
-
-    fname = os.path.join(params['logdir'],
-                         'erp_key_lifetime_in_memory.memctx-')
-
-    logger.info("Checking keys in memory while associated")
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    get_key_locations(buf, rRK, "rRK")
-    get_key_locations(buf, rIK, "rIK")
-    if password not in buf:
-        raise HwsimSkip("Password not found while associated")
-    if pmk not in buf:
-        raise HwsimSkip("PMK not found while associated")
-    if kck not in buf:
-        raise Exception("KCK not found while associated")
-    if kek not in buf:
-        raise Exception("KEK not found while associated")
-    #if tk in buf:
-    #    raise Exception("TK found from memory")
-
-    logger.info("Checking keys in memory after disassociation")
-    buf = read_process_memory(pid, password)
-
-    # Note: Password is still present in network configuration
-    # Note: PMK is in EAP fast re-auth data
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    get_key_locations(buf, rRK, "rRK")
-    get_key_locations(buf, rIK, "rIK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    if gtk in buf:
-        get_key_locations(buf, gtk, "GTK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    if "EAP re-authentication completed successfully" not in ev:
-        raise Exception("Did not use ERP")
-    dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=15)
-
-    dev[0].relog()
-    pmk = None
-    ptk = None
-    gtk = None
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        for l in f.readlines():
-            if "WPA: PMK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                pmk = binascii.unhexlify(val)
-            if "WPA: PTK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                ptk = binascii.unhexlify(val)
-            if "WPA: GTK in EAPOL-Key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                gtk = binascii.unhexlify(val)
-    if not pmk or not ptk or not gtk:
-        raise Exception("Could not find keys from debug log")
-
-    kck = ptk[0:16]
-    kek = ptk[16:32]
-    tk = ptk[32:48]
-
-    logger.info("Checking keys in memory after ERP and disassociation")
-    buf = read_process_memory(pid, password)
-
-    # Note: Password is still present in network configuration
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    get_key_locations(buf, rRK, "rRK")
-    get_key_locations(buf, rIK, "rIK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    verify_not_present(buf, gtk, fname, "GTK")
-
-    dev[0].request("REMOVE_NETWORK all")
-
-    logger.info("Checking keys in memory after network profile removal")
-    buf = read_process_memory(pid, password)
-
-    # Note: rRK and rIK are still in memory
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    get_key_locations(buf, msk, "MSK")
-    get_key_locations(buf, emsk, "EMSK")
-    get_key_locations(buf, rRK, "rRK")
-    get_key_locations(buf, rIK, "rIK")
-    verify_not_present(buf, password, fname, "password")
-    verify_not_present(buf, pmk, fname, "PMK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    verify_not_present(buf, gtk, fname, "GTK")
-    verify_not_present(buf, msk, fname, "MSK")
-    verify_not_present(buf, emsk, fname, "EMSK")
-
-    dev[0].request("ERP_FLUSH")
-    logger.info("Checking keys in memory after ERP_FLUSH")
-    buf = read_process_memory(pid, password)
-    get_key_locations(buf, rRK, "rRK")
-    get_key_locations(buf, rIK, "rIK")
-    verify_not_present(buf, rRK, fname, "rRK")
-    verify_not_present(buf, rIK, fname, "rIK")
-
-def test_erp_anonymous_identity(dev, apdev):
-    """ERP and anonymous identity"""
-    check_erp_capa(dev[0])
-    params = int_eap_server_params()
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="erp-ttls",
-                   anonymous_identity="anonymous@example.com",
-                   password="password",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                   erp="1", scan_freq="2412")
-    for i in range(3):
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        if "EAP re-authentication completed successfully" not in ev:
-            raise Exception("Did not use ERP")
-        dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def test_erp_home_realm_oom(dev, apdev):
-    """ERP and home realm OOM"""
-    check_erp_capa(dev[0])
-    params = int_eap_server_params()
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    for count in range(1, 3):
-        with alloc_fail(dev[0], count, "eap_get_realm"):
-            dev[0].request("ERP_FLUSH")
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                           identity="erp-ttls@example.com",
-                           anonymous_identity="anonymous@example.com",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                           erp="1", scan_freq="2412", wait_connect=False)
-            dev[0].wait_connected(timeout=10)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    for count in range(1, 3):
-        with alloc_fail(dev[0], count, "eap_get_realm"):
-            dev[0].request("ERP_FLUSH")
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                           identity="erp-ttls",
-                           anonymous_identity="anonymous@example.com",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                           erp="1", scan_freq="2412", wait_connect=False)
-            dev[0].wait_connected(timeout=10)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    for count in range(1, 3):
-        dev[0].request("ERP_FLUSH")
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412", wait_connect=False)
-        dev[0].wait_connected(timeout=10)
-        if count > 1:
-            continue
-        with alloc_fail(dev[0], count, "eap_get_realm"):
-            dev[0].request("DISCONNECT")
-            dev[0].wait_disconnected(timeout=15)
-            dev[0].request("RECONNECT")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-def test_erp_local_errors(dev, apdev):
-    """ERP and local error cases"""
-    check_erp_capa(dev[0])
-    params = int_eap_server_params()
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['eap_server_erp'] = '1'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("ERP_FLUSH")
-    with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    for count in range(1, 6):
-        dev[0].request("ERP_FLUSH")
-        with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                           identity="erp-ttls@example.com",
-                           anonymous_identity="anonymous@example.com",
-                           password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                           erp="1", scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    dev[0].request("ERP_FLUSH")
-    with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("ERP_FLUSH")
-    with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("ERP_FLUSH")
-    with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("ERP_FLUSH")
-    with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-
-    dev[0].request("ERP_FLUSH")
-    with alloc_fail(dev[0], 1, "eap_peer_finish"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("ERP_FLUSH")
-    with fail_test(dev[0], 1, "hmac_sha256_kdf;eap_peer_finish"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="erp-ttls@example.com",
-                       anonymous_identity="anonymous@example.com",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                       erp="1", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected(timeout=15)
-        dev[0].request("RECONNECT")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
diff --git a/tests/hwsim/test_ext_password.py b/tests/hwsim/test_ext_password.py
deleted file mode 100644
index 789b673d9625..000000000000
--- a/tests/hwsim/test_ext_password.py
+++ /dev/null
@@ -1,112 +0,0 @@
-# External password storage
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import os
-import tempfile
-
-import hostapd
-from utils import skip_with_fips
-from wpasupplicant import WpaSupplicant
-from test_ap_hs20 import hs20_ap_params
-from test_ap_hs20 import interworking_select
-from test_ap_hs20 import interworking_connect
-
-@remote_compatible
-def test_ext_password_psk(dev, apdev):
-    """External password storage for PSK"""
-    params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET ext_password_backend test:psk1=12345678")
-    dev[0].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412")
-
-def test_ext_password_psk_not_found(dev, apdev):
-    """External password storage for PSK and PSK not found"""
-    params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET ext_password_backend test:psk1=12345678")
-    dev[0].connect("ext-pw-psk", raw_psk="ext:psk2", scan_freq="2412",
-                   wait_connect=False)
-    dev[1].request("SET ext_password_backend test:psk1=1234567")
-    dev[1].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
-                   wait_connect=False)
-    dev[2].request("SET ext_password_backend test:psk1=1234567890123456789012345678901234567890123456789012345678901234567890")
-    dev[2].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
-                   wait_connect=False)
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("SET ext_password_backend test:psk1=123456789012345678901234567890123456789012345678901234567890123q")
-    wpas.connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
-                 wait_connect=False)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-    ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-    ev = wpas.wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-
-def test_ext_password_eap(dev, apdev):
-    """External password storage for EAP password"""
-    params = hostapd.wpa2_eap_params(ssid="ext-pw-eap")
-    hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET ext_password_backend test:pw0=hello|pw1=password|pw2=secret")
-    dev[0].connect("ext-pw-eap", key_mgmt="WPA-EAP", eap="PEAP",
-                   identity="user", password_hex="ext:pw1",
-                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                   scan_freq="2412")
-
-def test_ext_password_interworking(dev, apdev):
-    """External password storage for Interworking network selection"""
-    skip_with_fips(dev[0])
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    dev[0].request("SET ext_password_backend test:pw1=password")
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test"})
-    dev[0].set_cred(id, "password", "ext:pw1")
-    interworking_select(dev[0], bssid, freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-def test_ext_password_file_psk(dev, apdev):
-    """External password (file) storage for PSK"""
-    params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-    fd, fn = tempfile.mkstemp()
-    with open(fn, "w") as f:
-        f.write("psk1=12345678\n")
-    os.close(fd)
-    dev[0].request("SET ext_password_backend file:%s" % fn)
-    dev[0].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412")
-    for i in range(2):
-        dev[0].request("REMOVE_NETWORK all")
-        if i == 0:
-            dev[0].wait_disconnected()
-            dev[0].connect("ext-pw-psk", raw_psk="ext:psk2", scan_freq="2412",
-                           wait_connect=False)
-        else:
-            dev[0].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
-                           wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "EXT PW: No PSK found from external storage"],
-                               timeout=10)
-        if i == 0:
-            os.unlink(fn)
-        if ev is None:
-            raise Exception("No connection result reported")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py
deleted file mode 100644
index 4d4ddc39a837..000000000000
--- a/tests/hwsim/test_fils.py
+++ /dev/null
@@ -1,2460 +0,0 @@
-# Test cases for FILS
-# Copyright (c) 2015-2017, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import hashlib
-import logging
-logger = logging.getLogger()
-import os
-import socket
-import struct
-import time
-
-import hostapd
-from tshark import run_tshark
-from wpasupplicant import WpaSupplicant
-import hwsim_utils
-from utils import *
-from test_erp import start_erp_as
-from test_ap_hs20 import ip_checksum
-
-def test_fils_sk_full_auth(dev, apdev, params):
-    """FILS SK full authentication"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['wpa_group_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    bss = dev[0].get_bss(bssid)
-    logger.debug("BSS: " + str(bss))
-    if "[FILS]" not in bss['flags']:
-        raise Exception("[FILS] flag not indicated")
-    if "[WPA2-FILS-SHA256-CCMP]" not in bss['flags']:
-        raise Exception("[WPA2-FILS-SHA256-CCMP] flag not indicated")
-
-    res = dev[0].request("SCAN_RESULTS")
-    logger.debug("SCAN_RESULTS: " + res)
-    if "[FILS]" not in res:
-        raise Exception("[FILS] flag not indicated")
-    if "[WPA2-FILS-SHA256-CCMP]" not in res:
-        raise Exception("[WPA2-FILS-SHA256-CCMP] flag not indicated")
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    conf = hapd.get_config()
-    if conf['key_mgmt'] != 'FILS-SHA256':
-        raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
-
-def test_fils_sk_sha384_full_auth(dev, apdev, params):
-    """FILS SK full authentication (SHA384)"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA384"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['wpa_group_rekey'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    bss = dev[0].get_bss(bssid)
-    logger.debug("BSS: " + str(bss))
-    if "[FILS]" not in bss['flags']:
-        raise Exception("[FILS] flag not indicated")
-    if "[WPA2-FILS-SHA384-CCMP]" not in bss['flags']:
-        raise Exception("[WPA2-FILS-SHA384-CCMP] flag not indicated")
-
-    res = dev[0].request("SCAN_RESULTS")
-    logger.debug("SCAN_RESULTS: " + res)
-    if "[FILS]" not in res:
-        raise Exception("[FILS] flag not indicated")
-    if "[WPA2-FILS-SHA384-CCMP]" not in res:
-        raise Exception("[WPA2-FILS-SHA384-CCMP] flag not indicated")
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("fils", key_mgmt="FILS-SHA384",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    conf = hapd.get_config()
-    if conf['key_mgmt'] != 'FILS-SHA384':
-        raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
-
-def test_fils_sk_pmksa_caching(dev, apdev, params):
-    """FILS SK and PMKSA caching"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change")
-
-    # Verify EAPOL reauthentication after FILS authentication
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_sk_pmksa_caching_ocv(dev, apdev, params):
-    """FILS SK and PMKSA caching with OCV"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['ieee80211w'] = '1'
-    params['ocv'] = '1'
-    try:
-        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412", ieee80211w="1", ocv="1")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change")
-
-    # Verify EAPOL reauthentication after FILS authentication
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_sk_pmksa_caching_and_cache_id(dev, apdev):
-    """FILS SK and PMKSA caching with Cache Identifier"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['fils_cache_id'] = "abcd"
-    params["radius_server_clients"] = "auth_serv/radius_clients.conf"
-    params["radius_server_auth_port"] = '18128'
-    params["eap_server"] = "1"
-    params["eap_user_file"] = "auth_serv/eap_user.conf"
-    params["ca_cert"] = "auth_serv/ca.pem"
-    params["server_cert"] = "auth_serv/server.pem"
-    params["private_key"] = "auth_serv/server.key"
-    params["eap_sim_db"] = "unix:/tmp/hlr_auc_gw.sock"
-    params["dh_file"] = "auth_serv/dh.conf"
-    params["pac_opaque_encr_key"] = "000102030405060708090a0b0c0d0e0f"
-    params["eap_fast_a_id"] = "101112131415161718191a1b1c1d1e1f"
-    params["eap_fast_a_id_info"] = "test server"
-    params["eap_server_erp"] = "1"
-    params["erp_domain"] = "example.com"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-    res = dev[0].request("PMKSA")
-    if "FILS Cache Identifier" not in res:
-        raise Exception("PMKSA list does not include FILS Cache Identifier")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    if "cache_id" not in pmksa:
-        raise Exception("No FILS Cache Identifier listed")
-    if pmksa["cache_id"] != "abcd":
-        raise Exception("The configured FILS Cache Identifier not seen in PMKSA")
-
-    bssid2 = apdev[1]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['fils_cache_id'] = "abcd"
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("ROAM " + bssid2):
-        raise Exception("ROAM failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if bssid2 not in ev:
-        raise Exception("Failed to connect to the second AP")
-
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-    pmksa2 = dev[0].get_pmksa(bssid2)
-    if pmksa2:
-        raise Exception("Unexpected extra PMKSA cache added")
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if not pmksa2:
-        raise Exception("Original PMKSA cache entry removed")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change")
-
-def test_fils_sk_pmksa_caching_ctrl_ext(dev, apdev, params):
-    """FILS SK and PMKSA caching with Cache Identifier and external management"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    hapd_as = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA384"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['fils_cache_id'] = "ffee"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA384",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    res1 = dev[0].request("PMKSA_GET %d" % id)
-    logger.info("PMKSA_GET: " + res1)
-    if "UNKNOWN COMMAND" in res1:
-        raise HwsimSkip("PMKSA_GET not supported in the build")
-    if bssid not in res1:
-        raise Exception("PMKSA cache entry missing")
-    if "ffee" not in res1:
-        raise Exception("FILS Cache Identifier not seen in PMKSA cache entry")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd_as.disable()
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("ERP_FLUSH")
-    for entry in res1.splitlines():
-        if "OK" not in dev[0].request("PMKSA_ADD %d %s" % (id, entry)):
-            raise Exception("Failed to add PMKSA entry")
-
-    bssid2 = apdev[1]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA384"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['fils_cache_id'] = "ffee"
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].set_network(id, "bssid", bssid2)
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_connected()
-    if bssid2 not in ev:
-        raise Exception("Unexpected BSS selected")
-
-def test_fils_sk_erp(dev, apdev, params):
-    """FILS SK using ERP"""
-    run_fils_sk_erp(dev, apdev, "FILS-SHA256", params)
-
-def test_fils_sk_erp_sha384(dev, apdev, params):
-    """FILS SK using ERP and SHA384"""
-    run_fils_sk_erp(dev, apdev, "FILS-SHA384", params)
-
-def run_fils_sk_erp(dev, apdev, key_mgmt, params):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = key_mgmt
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt=key_mgmt,
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_sk_erp_followed_by_pmksa_caching(dev, apdev, params):
-    """FILS SK ERP following by PMKSA caching"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Force the second connection to use ERP by deleting the PMKSA entry.
-    dev[0].request("PMKSA_FLUSH")
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # The third connection is expected to use PMKSA caching for FILS
-    # authentication.
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change")
-
-def test_fils_sk_erp_another_ssid(dev, apdev, params):
-    """FILS SK using ERP and roam to another SSID"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-
-    params = hostapd.wpa2_eap_params(ssid="fils2")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].dump_monitor()
-    id = dev[0].connect("fils2", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412", wait_connect=False)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_sk_multiple_realms(dev, apdev, params):
-    """FILS SK and multiple realms"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    fils_realms = ['r1.example.org', 'r2.EXAMPLE.org', 'r3.example.org',
-                   'r4.example.org', 'r5.example.org', 'r6.example.org',
-                   'r7.example.org', 'r8.example.org',
-                   'example.com',
-                   'r9.example.org', 'r10.example.org', 'r11.example.org',
-                   'r12.example.org', 'r13.example.org', 'r14.example.org',
-                   'r15.example.org', 'r16.example.org']
-    params['fils_realm'] = fils_realms
-    params['fils_cache_id'] = "1234"
-    params['hessid'] = bssid
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 275"):
-        raise Exception("ANQP_GET command failed")
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    bss = dev[0].get_bss(bssid)
-
-    if 'fils_info' not in bss:
-        raise Exception("FILS Indication element information missing")
-    if bss['fils_info'] != '02b8':
-        raise Exception("Unexpected FILS Information: " + bss['fils_info'])
-
-    if 'fils_cache_id' not in bss:
-        raise Exception("FILS Cache Identifier missing")
-    if bss['fils_cache_id'] != '1234':
-        raise Exception("Unexpected FILS Cache Identifier: " + bss['fils_cache_id'])
-
-    if 'fils_realms' not in bss:
-        raise Exception("FILS Realm Identifiers missing")
-    expected = ''
-    count = 0
-    for realm in fils_realms:
-        hash = hashlib.sha256(realm.lower().encode()).digest()
-        expected += binascii.hexlify(hash[0:2]).decode()
-        count += 1
-        if count == 7:
-            break
-    if bss['fils_realms'] != expected:
-        raise Exception("Unexpected FILS Realm Identifiers: " + bss['fils_realms'])
-
-    if 'anqp_fils_realm_info' not in bss:
-        raise Exception("FILS Realm Information ANQP-element not seen")
-    info = bss['anqp_fils_realm_info']
-    expected = ''
-    for realm in fils_realms:
-        hash = hashlib.sha256(realm.lower().encode()).digest()
-        expected += binascii.hexlify(hash[0:2]).decode()
-    if info != expected:
-        raise Exception("Unexpected FILS Realm Info ANQP-element: " + info)
-
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-# DHCP message op codes
-BOOTREQUEST = 1
-BOOTREPLY = 2
-
-OPT_PAD = 0
-OPT_DHCP_MESSAGE_TYPE = 53
-OPT_RAPID_COMMIT = 80
-OPT_END = 255
-
-DHCPDISCOVER = 1
-DHCPOFFER = 2
-DHCPREQUEST = 3
-DHCPDECLINE = 4
-DHCPACK = 5
-DHCPNAK = 6
-DHCPRELEASE = 7
-DHCPINFORM = 8
-
-def build_dhcp(req, dhcp_msg, chaddr, giaddr="0.0.0.0",
-               ip_src="0.0.0.0", ip_dst="255.255.255.255",
-               rapid_commit=True, override_op=None, magic_override=None,
-               opt_end=True, extra_op=None):
-    proto = b'\x08\x00' # IPv4
-    _ip_src = socket.inet_pton(socket.AF_INET, ip_src)
-    _ip_dst = socket.inet_pton(socket.AF_INET, ip_dst)
-
-    _ciaddr = b'\x00\x00\x00\x00'
-    _yiaddr = b'\x00\x00\x00\x00'
-    _siaddr = b'\x00\x00\x00\x00'
-    _giaddr = socket.inet_pton(socket.AF_INET, giaddr)
-    _chaddr = binascii.unhexlify(chaddr.replace(':', '')) + 10 * b'\x00'
-    htype = 1 # Hardware address type; 1 = Ethernet
-    hlen = 6 # Hardware address length
-    hops = 0
-    xid = 123456
-    secs = 0
-    flags = 0
-    if req:
-        op = BOOTREQUEST
-        src_port = 68
-        dst_port = 67
-    else:
-        op = BOOTREPLY
-        src_port = 67
-        dst_port = 68
-    if override_op is not None:
-        op = override_op
-    payload = struct.pack('>BBBBLHH', op, htype, hlen, hops, xid, secs, flags)
-    sname = 64*b'\x00'
-    file = 128*b'\x00'
-    payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + sname + file
-    # magic - DHCP
-    if magic_override is not None:
-        payload += magic_override
-    else:
-        payload += b'\x63\x82\x53\x63'
-    # Option: DHCP Message Type
-    if dhcp_msg is not None:
-        payload += struct.pack('BBB', OPT_DHCP_MESSAGE_TYPE, 1, dhcp_msg)
-    if rapid_commit:
-        # Option: Rapid Commit
-        payload += struct.pack('BB', OPT_RAPID_COMMIT, 0)
-    if extra_op:
-        payload += extra_op
-    # End Option
-    if opt_end:
-        payload += struct.pack('B', OPT_END)
-
-    udp = struct.pack('>HHHH', src_port, dst_port,
-                      8 + len(payload), 0) + payload
-
-    tot_len = 20 + len(udp)
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    ipv4 = start + csum + _ip_src + _ip_dst
-
-    return proto + ipv4 + udp
-
-def fils_hlp_config(fils_hlp_wait_time=10000):
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params['own_ip_addr'] = '127.0.0.3'
-    params['dhcp_server'] = '127.0.0.2'
-    params['fils_hlp_wait_time'] = str(fils_hlp_wait_time)
-    return params
-
-def test_fils_sk_hlp(dev, apdev, params):
-    """FILS SK HLP (rapid commit server)"""
-    run_fils_sk_hlp(dev, apdev, True, params)
-
-def test_fils_sk_hlp_no_rapid_commit(dev, apdev, params):
-    """FILS SK HLP (no rapid commit server)"""
-    run_fils_sk_hlp(dev, apdev, False, params)
-
-def run_fils_sk_hlp(dev, apdev, rapid_commit_server, params):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.settimeout(5)
-    sock.bind(("127.0.0.2", 67))
-
-    bssid = apdev[0]['bssid']
-    params = fils_hlp_config()
-    params['fils_hlp_wait_time'] = '10000'
-    if not rapid_commit_server:
-        params['dhcp_rapid_commit_proxy'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    if "OK" not in dev[0].request("FILS_HLP_REQ_FLUSH"):
-        raise Exception("Failed to flush pending FILS HLP requests")
-    tests = ["",
-             "q",
-             "ff:ff:ff:ff:ff:ff",
-             "ff:ff:ff:ff:ff:ff q"]
-    for t in tests:
-        if "FAIL" not in dev[0].request("FILS_HLP_REQ_ADD " + t):
-            raise Exception("Invalid FILS_HLP_REQ_ADD accepted: " + t)
-    dhcpdisc = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                          chaddr=dev[0].own_addr())
-    tests = ["ff:ff:ff:ff:ff:ff aabb",
-             "ff:ff:ff:ff:ff:ff " + 255*'cc',
-             hapd.own_addr() + " ddee010203040506070809",
-             "ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcpdisc).decode()]
-    for t in tests:
-        if "OK" not in dev[0].request("FILS_HLP_REQ_ADD " + t):
-            raise Exception("FILS_HLP_REQ_ADD failed: " + t)
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    if rapid_commit_server:
-        # TODO: Proper rapid commit response
-        dhcpdisc = build_dhcp(req=False, dhcp_msg=DHCPACK,
-                              chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-        sock.sendto(dhcpdisc[2+20+8:], addr)
-    else:
-        dhcpdisc = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                              chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-        sock.sendto(dhcpdisc[2+20+8:], addr)
-        (msg, addr) = sock.recvfrom(1000)
-        logger.debug("Received DHCP message from %s" % str(addr))
-        dhcpdisc = build_dhcp(req=False, dhcp_msg=DHCPACK, rapid_commit=False,
-                              chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-        sock.sendto(dhcpdisc[2+20+8:], addr)
-    ev = dev[0].wait_event(["FILS-HLP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("FILS HLP response not reported")
-    vals = ev.split(' ')
-    frame = binascii.unhexlify(vals[3].split('=')[1])
-    proto, = struct.unpack('>H', frame[0:2])
-    if proto != 0x0800:
-        raise Exception("Unexpected ethertype in HLP response: %d" % proto)
-    frame = frame[2:]
-    ip = frame[0:20]
-    if ip_checksum(ip) != b'\x00\x00':
-        raise Exception("IP header checksum mismatch in HLP response")
-    frame = frame[20:]
-    udp = frame[0:8]
-    frame = frame[8:]
-    sport, dport, ulen, ucheck = struct.unpack('>HHHH', udp)
-    if sport != 67 or dport != 68:
-        raise Exception("Unexpected UDP port in HLP response")
-    dhcp = frame[0:28]
-    frame = frame[28:]
-    op, htype, hlen, hops, xid, secs, flags, ciaddr, yiaddr, siaddr, giaddr = struct.unpack('>4BL2H4L', dhcp)
-    chaddr = frame[0:16]
-    frame = frame[16:]
-    sname = frame[0:64]
-    frame = frame[64:]
-    file = frame[0:128]
-    frame = frame[128:]
-    options = frame
-    if options[0:4] != b'\x63\x82\x53\x63':
-        raise Exception("No DHCP magic seen in HLP response")
-    options = options[4:]
-    # TODO: fully parse and validate DHCPACK options
-    if struct.pack('BBB', OPT_DHCP_MESSAGE_TYPE, 1, DHCPACK) not in options:
-        raise Exception("DHCPACK not in HLP response")
-
-    dev[0].wait_connected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-
-def test_fils_sk_hlp_timeout(dev, apdev, params):
-    """FILS SK HLP (rapid commit server timeout)"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.settimeout(5)
-    sock.bind(("127.0.0.2", 67))
-
-    bssid = apdev[0]['bssid']
-    params = fils_hlp_config(fils_hlp_wait_time=30)
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    if "OK" not in dev[0].request("FILS_HLP_REQ_FLUSH"):
-        raise Exception("Failed to flush pending FILS HLP requests")
-    dhcpdisc = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                          chaddr=dev[0].own_addr())
-    if "OK" not in dev[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcpdisc).decode()):
-        raise Exception("FILS_HLP_REQ_ADD failed")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    # Wait for HLP wait timeout to hit
-    # FILS: HLP response timeout - continue with association response
-    dev[0].wait_connected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-
-def test_fils_sk_hlp_oom(dev, apdev, params):
-    """FILS SK HLP and hostapd OOM"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.settimeout(5)
-    sock.bind(("127.0.0.2", 67))
-
-    bssid = apdev[0]['bssid']
-    params = fils_hlp_config(fils_hlp_wait_time=500)
-    params['dhcp_rapid_commit_proxy'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    if "OK" not in dev[0].request("FILS_HLP_REQ_FLUSH"):
-        raise Exception("Failed to flush pending FILS HLP requests")
-    dhcpdisc = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                          chaddr=dev[0].own_addr())
-    if "OK" not in dev[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcpdisc).decode()):
-        raise Exception("FILS_HLP_REQ_ADD failed")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    with alloc_fail(hapd, 1, "fils_process_hlp"):
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    with alloc_fail(hapd, 1, "fils_process_hlp_dhcp"):
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    with alloc_fail(hapd, 1, "wpabuf_alloc;fils_process_hlp_dhcp"):
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    with alloc_fail(hapd, 1, "wpabuf_alloc;fils_dhcp_handler"):
-        dev[0].select_network(id, freq=2412)
-        (msg, addr) = sock.recvfrom(1000)
-        logger.debug("Received DHCP message from %s" % str(addr))
-        dhcpdisc = build_dhcp(req=False, dhcp_msg=DHCPACK,
-                              chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-        sock.sendto(dhcpdisc[2+20+8:], addr)
-        dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    with alloc_fail(hapd, 1, "wpabuf_resize;fils_dhcp_handler"):
-        dev[0].select_network(id, freq=2412)
-        (msg, addr) = sock.recvfrom(1000)
-        logger.debug("Received DHCP message from %s" % str(addr))
-        dhcpdisc = build_dhcp(req=False, dhcp_msg=DHCPACK,
-                              chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-        sock.sendto(dhcpdisc[2+20+8:], addr)
-        dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-    with alloc_fail(hapd, 1, "wpabuf_resize;fils_dhcp_request"):
-        sock.sendto(dhcpoffer[2+20+8:], addr)
-        dev[0].wait_connected()
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-
-def test_fils_sk_hlp_req_parsing(dev, apdev, params):
-    """FILS SK HLP request parsing"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = fils_hlp_config(fils_hlp_wait_time=30)
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    if "OK" not in dev[0].request("FILS_HLP_REQ_FLUSH"):
-        raise Exception("Failed to flush pending FILS HLP requests")
-
-    tot_len = 20 + 1
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    _ip_src = b'\x00\x00\x00\x00'
-    _ip_dst = b'\x00\x00\x00\x00'
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    ipv4_overflow = start + csum + _ip_src + _ip_dst
-
-    tot_len = 20
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 123)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    ipv4_unknown_proto = start + csum + _ip_src + _ip_dst
-
-    tot_len = 20
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    ipv4_missing_udp_hdr = start + csum + _ip_src + _ip_dst
-
-    src_port = 68
-    dst_port = 67
-    udp = struct.pack('>HHHH', src_port, dst_port, 8 + 1, 0)
-    tot_len = 20 + len(udp)
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    udp_overflow = start + csum + _ip_src + _ip_dst + udp
-
-    udp = struct.pack('>HHHH', src_port, dst_port, 7, 0)
-    tot_len = 20 + len(udp)
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    udp_underflow = start + csum + _ip_src + _ip_dst + udp
-
-    src_port = 123
-    dst_port = 456
-    udp = struct.pack('>HHHH', src_port, dst_port, 8, 0)
-    tot_len = 20 + len(udp)
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    udp_unknown_port = start + csum + _ip_src + _ip_dst + udp
-
-    src_port = 68
-    dst_port = 67
-    udp = struct.pack('>HHHH', src_port, dst_port, 8, 0)
-    tot_len = 20 + len(udp)
-    start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
-    ipv4 = start + b'\x00\x00' + _ip_src + _ip_dst
-    csum = ip_checksum(ipv4)
-    dhcp_missing_data = start + csum + _ip_src + _ip_dst + udp
-
-    dhcp_not_req = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                              chaddr=dev[0].own_addr(), override_op=BOOTREPLY)
-    dhcp_no_magic = build_dhcp(req=True, dhcp_msg=None,
-                               chaddr=dev[0].own_addr(), magic_override=b'',
-                               rapid_commit=False, opt_end=False)
-    dhcp_unknown_magic = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                                    chaddr=dev[0].own_addr(),
-                                    magic_override=b'\x00\x00\x00\x00')
-    dhcp_opts = build_dhcp(req=True, dhcp_msg=DHCPNAK,
-                           chaddr=dev[0].own_addr(),
-                           extra_op=b'\x00\x11', opt_end=False)
-    dhcp_opts2 = build_dhcp(req=True, dhcp_msg=DHCPNAK,
-                            chaddr=dev[0].own_addr(),
-                            extra_op=b'\x11\x01', opt_end=False)
-    dhcp_valid = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                            chaddr=dev[0].own_addr())
-
-    tests = ["ff",
-             "0800",
-             "0800" + 20*"00",
-             "0800" + binascii.hexlify(ipv4_overflow).decode(),
-             "0800" + binascii.hexlify(ipv4_unknown_proto).decode(),
-             "0800" + binascii.hexlify(ipv4_missing_udp_hdr).decode(),
-             "0800" + binascii.hexlify(udp_overflow).decode(),
-             "0800" + binascii.hexlify(udp_underflow).decode(),
-             "0800" + binascii.hexlify(udp_unknown_port).decode(),
-             "0800" + binascii.hexlify(dhcp_missing_data).decode(),
-             binascii.hexlify(dhcp_not_req).decode(),
-             binascii.hexlify(dhcp_no_magic).decode(),
-             binascii.hexlify(dhcp_unknown_magic).decode()]
-    for t in tests:
-        if "OK" not in dev[0].request("FILS_HLP_REQ_ADD ff:ff:ff:ff:ff:ff " + t):
-            raise Exception("FILS_HLP_REQ_ADD failed: " + t)
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-    tests = [binascii.hexlify(dhcp_opts).decode(),
-             binascii.hexlify(dhcp_opts2).decode()]
-    for t in tests:
-        if "OK" not in dev[0].request("FILS_HLP_REQ_ADD ff:ff:ff:ff:ff:ff " + t):
-            raise Exception("FILS_HLP_REQ_ADD failed: " + t)
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-    if "OK" not in dev[0].request("FILS_HLP_REQ_ADD ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcp_valid).decode()):
-        raise Exception("FILS_HLP_REQ_ADD failed")
-    hapd.set("own_ip_addr", "0.0.0.0")
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.set("dhcp_server", "0.0.0.0")
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS: Failed to bind DHCP socket: Address already in use
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.settimeout(5)
-    sock.bind(("127.0.0.2", 67))
-    hapd.set("own_ip_addr", "127.0.0.2")
-    hapd.set("dhcp_server", "127.0.0.2")
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS: DHCP sendto failed: Invalid argument
-    hapd.set("own_ip_addr", "127.0.0.3")
-    hapd.set("dhcp_server", "127.0.0.2")
-    hapd.set("dhcp_relay_port", "0")
-    hapd.set("dhcp_server_port", "0")
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-
-def test_fils_sk_hlp_dhcp_parsing(dev, apdev, params):
-    """FILS SK HLP and DHCP response parsing"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.settimeout(5)
-    sock.bind(("127.0.0.2", 67))
-
-    bssid = apdev[0]['bssid']
-    params = fils_hlp_config(fils_hlp_wait_time=30)
-    params['dhcp_rapid_commit_proxy'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    if "OK" not in dev[0].request("FILS_HLP_REQ_FLUSH"):
-        raise Exception("Failed to flush pending FILS HLP requests")
-    dhcpdisc = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                          chaddr=dev[0].own_addr())
-    if "OK" not in dev[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcpdisc).decode()):
-        raise Exception("FILS_HLP_REQ_ADD failed")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    with alloc_fail(hapd, 1, "fils_process_hlp"):
-        dev[0].select_network(id, freq=2412)
-        dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpdisc = build_dhcp(req=False, dhcp_msg=DHCPACK,
-                          chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-    #sock.sendto(dhcpdisc[2+20+8:], addr)
-    chaddr = binascii.unhexlify(dev[0].own_addr().replace(':', '')) + 10*b'\x00'
-    tests = [b"\x00",
-             b"\x02" + 500 * b"\x00",
-             b"\x02\x00\x00\x00" + 20*b"\x00" + b"\x7f\x00\x00\x03" + 500*b"\x00",
-             b"\x02\x00\x00\x00" + 20*b"\x00" + b"\x7f\x00\x00\x03" + 16*b"\x00" + 64*b"\x00" + 128*b"\x00" + b"\x63\x82\x53\x63",
-             b"\x02\x00\x00\x00" + 20*b"\x00" + b"\x7f\x00\x00\x03" + 16*b"\x00" + 64*b"\x00" + 128*b"\x00" + b"\x63\x82\x53\x63" + b"\x00\x11",
-             b"\x02\x00\x00\x00" + 20*b"\x00" + b"\x7f\x00\x00\x03" + 16*b"\x00" + 64*b"\x00" + 128*b"\x00" + b"\x63\x82\x53\x63" + b"\x11\x01",
-             b"\x02\x00\x00\x00" + 20*b"\x00" + b"\x7f\x00\x00\x03" + chaddr + 64*b"\x00" + 128*b"\x00" + b"\x63\x82\x53\x63" + b"\x35\x00\xff",
-             b"\x02\x00\x00\x00" + 20*b"\x00" + b"\x7f\x00\x00\x03" + chaddr + 64*b"\x00" + 128*b"\x00" + b"\x63\x82\x53\x63" + b"\x35\x01\x00\xff",
-             1501 * b"\x00"]
-    for t in tests:
-        sock.sendto(t, addr)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS: DHCP sendto failed: Invalid argument for second DHCP TX in proxy
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    hapd.set("dhcp_server_port", "0")
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3")
-    sock.sendto(dhcpoffer[2+20+8:], addr)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.set("dhcp_server_port", "67")
-
-    # Options in DHCPOFFER
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3",
-                           extra_op=b"\x00\x11", opt_end=False)
-    sock.sendto(dhcpoffer[2+20+8:], addr)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Options in DHCPOFFER (2)
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3",
-                           extra_op=b"\x11\x01", opt_end=False)
-    sock.sendto(dhcpoffer[2+20+8:], addr)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Server ID in DHCPOFFER
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3",
-                           extra_op=b"\x36\x01\x30")
-    sock.sendto(dhcpoffer[2+20+8:], addr)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS: Could not update DHCPDISCOVER
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-    dhcpdisc = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                          chaddr=dev[0].own_addr(),
-                          extra_op=b"\x00\x11", opt_end=False)
-    if "OK" not in dev[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcpdisc).decode()):
-        raise Exception("FILS_HLP_REQ_ADD failed")
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3",
-                           extra_op=b"\x36\x01\x30")
-    sock.sendto(dhcpoffer[2+20+8:], addr)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS: Could not update DHCPDISCOVER (2)
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-    dhcpdisc = build_dhcp(req=True, dhcp_msg=DHCPDISCOVER,
-                          chaddr=dev[0].own_addr(),
-                          extra_op=b"\x11\x01", opt_end=False)
-    if "OK" not in dev[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii.hexlify(dhcpdisc).decode()):
-        raise Exception("FILS_HLP_REQ_ADD failed")
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    (msg, addr) = sock.recvfrom(1000)
-    logger.debug("Received DHCP message from %s" % str(addr))
-    dhcpoffer = build_dhcp(req=False, dhcp_msg=DHCPOFFER, rapid_commit=False,
-                           chaddr=dev[0].own_addr(), giaddr="127.0.0.3",
-                           extra_op=b"\x36\x01\x30")
-    sock.sendto(dhcpoffer[2+20+8:], addr)
-    dev[0].wait_connected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].request("FILS_HLP_REQ_FLUSH")
-
-def test_fils_sk_erp_and_reauth(dev, apdev, params):
-    """FILS SK using ERP and AP going away"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params['broadcast_deauth'] = '0'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    hapd.disable()
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    hapd.enable()
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Reconnection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-
-def test_fils_sk_erp_sim(dev, apdev, params):
-    """FILS SK using ERP with SIM"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    realm = 'wlan.mnc001.mcc232.3gppnetwork.org'
-    start_erp_as(erp_domain=realm,
-                 msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['fils_realm'] = realm
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="SIM", identity="1232010000000000@" + realm,
-                        password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
-                        erp="1", scan_freq="2412")
-
-    hapd.disable()
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    hapd.enable()
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Reconnection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-
-def test_fils_sk_pfs_19(dev, apdev, params):
-    """FILS SK with PFS (DH group 19)"""
-    run_fils_sk_pfs(dev, apdev, "19", params)
-
-def test_fils_sk_pfs_20(dev, apdev, params):
-    """FILS SK with PFS (DH group 20)"""
-    run_fils_sk_pfs(dev, apdev, "20", params)
-
-def test_fils_sk_pfs_21(dev, apdev, params):
-    """FILS SK with PFS (DH group 21)"""
-    run_fils_sk_pfs(dev, apdev, "21", params)
-
-def test_fils_sk_pfs_25(dev, apdev, params):
-    """FILS SK with PFS (DH group 25)"""
-    run_fils_sk_pfs(dev, apdev, "25", params)
-
-def test_fils_sk_pfs_26(dev, apdev, params):
-    """FILS SK with PFS (DH group 26)"""
-    run_fils_sk_pfs(dev, apdev, "26", params)
-
-def test_fils_sk_pfs_27(dev, apdev, params):
-    """FILS SK with PFS (DH group 27)"""
-    run_fils_sk_pfs(dev, apdev, "27", params)
-
-def test_fils_sk_pfs_28(dev, apdev, params):
-    """FILS SK with PFS (DH group 28)"""
-    run_fils_sk_pfs(dev, apdev, "28", params)
-
-def test_fils_sk_pfs_29(dev, apdev, params):
-    """FILS SK with PFS (DH group 29)"""
-    run_fils_sk_pfs(dev, apdev, "29", params)
-
-def test_fils_sk_pfs_30(dev, apdev, params):
-    """FILS SK with PFS (DH group 30)"""
-    run_fils_sk_pfs(dev, apdev, "30", params)
-
-def run_fils_sk_pfs(dev, apdev, group, params):
-    check_fils_sk_pfs_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    tls = dev[0].request("GET tls_library")
-    if int(group) in [25]:
-        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)):
-            raise HwsimSkip("EC group not supported")
-    if int(group) in [27, 28, 29, 30]:
-        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)):
-            raise HwsimSkip("Brainpool EC group not supported")
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params['fils_dh_group'] = group
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", fils_dh_group=group, scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_sk_pfs_group_mismatch(dev, apdev, params):
-    """FILS SK PFS DH group mismatch"""
-    check_fils_sk_pfs_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params['fils_dh_group'] = "20"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", fils_dh_group="19", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Authentication rejection not seen")
-    if "auth_type=5 auth_transaction=2 status_code=77" not in ev:
-        raise Exception("Unexpected auth reject value: " + ev)
-
-def test_fils_sk_pfs_pmksa_caching(dev, apdev, params):
-    """FILS SK with PFS and PMKSA caching"""
-    check_fils_sk_pfs_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['fils_dh_group'] = "19"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", fils_dh_group="19", scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS authentication with PMKSA caching and PFS
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change")
-
-    # Verify EAPOL reauthentication after FILS authentication
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS authentication with ERP and PFS
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-EAP-SUCCESS",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using ERP and PFS timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "CTRL-EVENT-EAP-SUCCESS" not in ev:
-        raise Exception("ERP success not reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "SME: Trying to authenticate",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using ERP and PFS timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "SME: Trying to authenticate" in ev:
-        raise Exception("Unexpected extra authentication round with ERP and PFS")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa3 = dev[0].get_pmksa(bssid)
-    if pmksa3 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa2['pmkid'] == pmksa3['pmkid']:
-        raise Exception("PMKID did not change")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # FILS authentication with PMKSA caching and PFS
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa4 = dev[0].get_pmksa(bssid)
-    if pmksa4 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa3['pmkid'] != pmksa4['pmkid']:
-        raise Exception("Unexpected PMKID change (2)")
-
-def test_fils_sk_auth_mismatch(dev, apdev, params):
-    """FILS SK authentication type mismatch (PFS not supported)"""
-    check_fils_sk_pfs_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", fils_dh_group="19", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" not in ev:
-        raise Exception("No EAP exchange seen")
-    dev[0].wait_connected()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0,
-                     pmksa_caching=True, ext_key_id=False):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    if wpa_ptk_rekey:
-        params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
-    if wpa_group_rekey:
-        params['wpa_group_rekey'] = str(wpa_group_rekey)
-    if not pmksa_caching:
-            params['disable_pmksa_caching'] = '1'
-    if ext_key_id:
-        params['extended_key_id'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using ERP or PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    dev[0].dump_monitor()
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    return hapd
-
-def test_fils_auth_gtk_rekey(dev, apdev, params):
-    """GTK rekeying after FILS authentication"""
-    hapd = setup_fils_rekey(dev, apdev, params, wpa_group_rekey=1)
-    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
-    if ev is None:
-        raise Exception("GTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is not None:
-        raise Exception("Rekeying failed - disconnected")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_auth_ptk_rekey_ap(dev, apdev, params):
-    """PTK rekeying after FILS authentication triggered by AP"""
-    hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2)
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3)
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Rekeying failed - disconnected")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_auth_ptk_rekey_ap_erp(dev, apdev, params):
-    """PTK rekeying after FILS authentication triggered by AP (ERP)"""
-    hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2,
-                            pmksa_caching=False)
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3)
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Rekeying failed - disconnected")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_and_ft(dev, apdev, params):
-    """FILS SK using ERP and FT initial mobility domain association"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    er = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-
-    params = hostapd.wpa2_eap_params(ssid="fils-ft")
-    params['wpa_key_mgmt'] = "FILS-SHA256 FT-FILS-SHA256 FT-EAP"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params["mobility_domain"] = "a1b2"
-    params["r0_key_lifetime"] = "10000"
-    params["pmk_r1_push"] = "1"
-    params["reassociation_deadline"] = "1000"
-    params['nas_identifier'] = "nas1.w1.fi"
-    params['r1_key_holder'] = "000102030405"
-    params['r0kh'] = ["02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
-    params['ieee80211w'] = "1"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].dump_monitor()
-    id = dev[0].connect("fils-ft", key_mgmt="FILS-SHA256 FT-FILS-SHA256 FT-EAP",
-                        ieee80211w="1",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412", wait_connect=False)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-AUTH-REJECT",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "CTRL-EVENT-AUTH-REJECT" in ev:
-        raise Exception("Authentication failed")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    er.disable()
-
-    # FIX: FT-FILS-SHA256 does not currently work for FT protocol due to not
-    # fully defined FT Reassociation Request/Response frame MIC use in FTE.
-    # FT-EAP can be used to work around that in this test case to confirm the
-    # FT key hierarchy was properly formed in the previous step.
-    #params['wpa_key_mgmt'] = "FILS-SHA256 FT-FILS-SHA256"
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params['nas_identifier'] = "nas2.w1.fi"
-    params['r1_key_holder'] = "000102030406"
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412", force_scan=True)
-    # FIX: Cannot use FT-over-DS without the FTE MIC issue addressed
-    #dev[0].roam_over_ds(apdev[1]['bssid'])
-    dev[0].roam(apdev[1]['bssid'])
-
-def test_fils_and_ft_over_air(dev, apdev, params):
-    """FILS SK using ERP and FT-over-air (SHA256)"""
-    run_fils_and_ft_over_air(dev, apdev, params, "FT-FILS-SHA256")
-
-def test_fils_and_ft_over_air_sha384(dev, apdev, params):
-    """FILS SK using ERP and FT-over-air (SHA384)"""
-    run_fils_and_ft_over_air(dev, apdev, params, "FT-FILS-SHA384")
-
-def run_fils_and_ft_over_air(dev, apdev, params, key_mgmt):
-    hapd, hapd2 = run_fils_and_ft_setup(dev, apdev, params, key_mgmt)
-    conf = hapd.request("GET_CONFIG")
-    if "key_mgmt=" + key_mgmt not in conf.splitlines():
-        logger.info("GET_CONFIG:\n" + conf)
-        raise Exception("GET_CONFIG did not report correct key_mgmt")
-
-    logger.info("FT protocol using FT key hierarchy established during FILS authentication")
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412", force_scan=True)
-    hapd.request("NOTE FT protocol to AP2 using FT keys established during FILS FILS authentication")
-    dev[0].roam(apdev[1]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-
-    logger.info("FT protocol using the previously established FT key hierarchy from FILS authentication")
-    hapd.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication")
-    dev[0].roam(apdev[0]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    hapd.request("NOTE FT protocol back to AP2 using FT keys established during FILS FILS authentication")
-    dev[0].roam(apdev[1]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-
-    hapd.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication (2)")
-    dev[0].roam(apdev[0]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_and_ft_over_ds(dev, apdev, params):
-    """FILS SK using ERP and FT-over-DS (SHA256)"""
-    run_fils_and_ft_over_ds(dev, apdev, params, "FT-FILS-SHA256")
-
-def test_fils_and_ft_over_ds_sha384(dev, apdev, params):
-    """FILS SK using ERP and FT-over-DS (SHA384)"""
-    run_fils_and_ft_over_ds(dev, apdev, params, "FT-FILS-SHA384")
-
-def run_fils_and_ft_over_ds(dev, apdev, params, key_mgmt):
-    hapd, hapd2 = run_fils_and_ft_setup(dev, apdev, params, key_mgmt)
-
-    logger.info("FT protocol using FT key hierarchy established during FILS authentication")
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412", force_scan=True)
-    hapd.request("NOTE FT protocol to AP2 using FT keys established during FILS FILS authentication")
-    dev[0].roam_over_ds(apdev[1]['bssid'])
-
-    logger.info("FT protocol using the previously established FT key hierarchy from FILS authentication")
-    hapd.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication")
-    dev[0].roam_over_ds(apdev[0]['bssid'])
-
-    hapd.request("NOTE FT protocol back to AP2 using FT keys established during FILS FILS authentication")
-    dev[0].roam_over_ds(apdev[1]['bssid'])
-
-    hapd.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication (2)")
-    dev[0].roam_over_ds(apdev[0]['bssid'])
-
-def run_fils_and_ft_setup(dev, apdev, params, key_mgmt):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    er = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    logger.info("Set up ERP key hierarchy without FILS/FT authentication")
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = key_mgmt
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params['ieee80211w'] = "2"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    hapd.request("NOTE Initial association to establish ERP keys")
-    id = dev[0].connect("fils", key_mgmt=key_mgmt, ieee80211w="2",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-
-    logger.info("Initial mobility domain association using FILS authentication")
-    params = hostapd.wpa2_eap_params(ssid="fils-ft")
-    params['wpa_key_mgmt'] = key_mgmt
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    params["mobility_domain"] = "a1b2"
-    params["r0_key_lifetime"] = "10000"
-    params["pmk_r1_push"] = "1"
-    params["reassociation_deadline"] = "1000"
-    params['nas_identifier'] = "nas1.w1.fi"
-    params['r1_key_holder'] = "000102030405"
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
-                      "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
-    params['ieee80211w'] = "2"
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].dump_monitor()
-    hapd.request("NOTE Initial FT mobility domain association using FILS authentication")
-    dev[0].set_network_quoted(id, "ssid", "fils-ft")
-    dev[0].select_network(id, freq=2412)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-AUTH-REJECT",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "CTRL-EVENT-AUTH-REJECT" in ev:
-        raise Exception("Authentication failed")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    er.disable()
-
-    params['wpa_key_mgmt'] = key_mgmt
-    params['nas_identifier'] = "nas2.w1.fi"
-    params['r1_key_holder'] = "000102030406"
-    params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
-                      "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
-    params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    return hapd, hapd2
-
-def test_fils_assoc_replay(dev, apdev, params):
-    """FILS AP and replayed Association Request frame"""
-    capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as()
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-
-    assocreq = None
-    count = 0
-    while count < 100:
-        req = hapd.mgmt_rx()
-        count += 1
-        hapd.dump_monitor()
-        hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-        if req['subtype'] == 0:
-            assocreq = req
-            ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-            if ev is None:
-                raise Exception("No TX status seen")
-            cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-            if "OK" not in hapd.request(cmd):
-                raise Exception("MGMT_TX_STATUS_PROCESS failed")
-            break
-    hapd.set("ext_mgmt_frame_handling", "0")
-    if assocreq is None:
-        raise Exception("No Association Request frame seen")
-    dev[0].wait_connected()
-    dev[0].dump_monitor()
-    hapd.dump_monitor()
-
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    logger.info("Replay the last Association Request frame")
-    hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("No TX status seen")
-    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-    if "OK" not in hapd.request(cmd):
-        raise Exception("MGMT_TX_STATUS_PROCESS failed")
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    try:
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        ok = True
-    except:
-        ok = False
-
-    ap = hapd.own_addr()
-    sta = dev[0].own_addr()
-    filt = "wlan.fc.type == 2 && " + \
-           "wlan.da == " + sta + " && " + \
-           "wlan.sa == " + ap + " && wlan.ccmp.extiv"
-    fields = ["wlan.ccmp.extiv"]
-    res = run_tshark(capfile, filt, fields)
-    vals = res.splitlines()
-    logger.info("CCMP PN: " + str(vals))
-    if len(vals) < 2:
-        raise Exception("Could not find all CCMP protected frames from capture")
-    if len(set(vals)) < len(vals):
-        raise Exception("Duplicate CCMP PN used")
-
-    if not ok:
-        raise Exception("The second hwsim connectivity test failed")
-
-def test_fils_sk_erp_server_flush(dev, apdev, params):
-    """FILS SK ERP and ERP flush on server, but not on peer"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    hapd_as = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd_as.request("ERP_FLUSH")
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("No authentication rejection seen after ERP flush on server")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-AUTH-REJECT",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection attempt using FILS/ERP timed out")
-    if "CTRL-EVENT-AUTH-REJECT" in ev:
-        raise Exception("Failed to recover from ERP flush on server")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    if "CTRL-EVENT-EAP-STARTED" not in ev:
-        raise Exception("New EAP exchange not seen")
-    dev[0].wait_connected(error="Connection timeout after ERP flush")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-AUTH-REJECT",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection attempt using FILS with new ERP keys timed out")
-    if "CTRL-EVENT-AUTH-REJECT" in ev:
-        raise Exception("Authentication failed with new ERP keys")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed with new ERP keys")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-def test_fils_sk_erp_radius_ext(dev, apdev, params):
-    """FILS SK using ERP and external RADIUS server"""
-    as_hapd = hostapd.Hostapd("as")
-    try:
-        as_hapd.disable()
-        as_hapd.set("eap_server_erp", "1")
-        as_hapd.set("erp_domain", "erp.example.com")
-        as_hapd.enable()
-        run_fils_sk_erp_radius_ext(dev, apdev, params)
-    finally:
-        as_hapd.disable()
-        as_hapd.set("eap_server_erp", "0")
-        as_hapd.set("erp_domain", "")
-        as_hapd.enable()
-
-def run_fils_sk_erp_radius_ext(dev, apdev, params):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['erp_domain'] = 'erp.example.com'
-    params['fils_realm'] = 'erp.example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PWD", identity="pwd@erp.example.com",
-                        password="secret password",
-                        erp="1", scan_freq="2412")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "EVENT-ASSOC-REJECT",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS/ERP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if "EVENT-ASSOC-REJECT" in ev:
-        raise Exception("Association failed")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_fils_sk_erp_radius_roam(dev, apdev):
-    """FILS SK/ERP and roaming with different AKM"""
-    as_hapd = hostapd.Hostapd("as")
-    try:
-        as_hapd.disable()
-        as_hapd.set("eap_server_erp", "1")
-        as_hapd.set("erp_domain", "example.com")
-        as_hapd.enable()
-        run_fils_sk_erp_radius_roam(dev, apdev)
-    finally:
-        as_hapd.disable()
-        as_hapd.set("eap_server_erp", "0")
-        as_hapd.set("erp_domain", "")
-        as_hapd.enable()
-
-def run_fils_sk_erp_radius_roam(dev, apdev):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256 FILS-SHA384",
-                        eap="PWD", identity="erp-pwd@example.com",
-                        password="secret password",
-                        erp="1", scan_freq="2412")
-
-    bssid2 = apdev[1]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA384"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("ROAM " + bssid2):
-        raise Exception("ROAM failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if bssid2 not in ev:
-        raise Exception("Failed to connect to the second AP")
-
-    hapd2.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-
-def test_fils_sk_erp_roam_diff_akm(dev, apdev, params):
-    """FILS SK using ERP and SHA256/SHA384 change in roam"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as()
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256 FILS-SHA384",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using FILS timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    bssid2 = apdev[1]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256 FILS-SHA384"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("ROAM " + bssid2):
-        raise Exception("ROAM failed")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming using FILS timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if bssid2 not in ev:
-        raise Exception("Failed to connect to the second AP")
-
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-
-def test_fils_auth_ptk_rekey_ap_ext_key_id(dev, apdev, params):
-    """PTK rekeying after FILS authentication triggered by AP (Ext Key ID)"""
-    check_ext_key_id_capa(dev[0])
-    try:
-        dev[0].set("extended_key_id", "1")
-        hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2,
-                                ext_key_id=True)
-        check_ext_key_id_capa(hapd)
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        if idx != 0:
-            raise Exception("Unexpected Key ID before TK rekey: %d" % idx)
-        ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3)
-        if ev is None:
-            raise Exception("PTK rekey timed out")
-        idx = int(dev[0].request("GET last_tk_key_idx"))
-        if idx != 1:
-            raise Exception("Unexpected Key ID after TK rekey: %d" % idx)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-        if ev is not None:
-            raise Exception("Rekeying failed - disconnected")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].set("extended_key_id", "0")
-
-def test_fils_discovery_frame(dev, apdev, params):
-    """FILS Discovery frame generation"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['wpa_group_rekey'] = '1'
-    params['fils_discovery_min_interval'] = '20'
-    params['fils_discovery_max_interval'] = '20'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
-
-    if "OK" not in hapd.request("ENABLE"):
-        raise HwsimSkip("FILS Discovery frame transmission not supported")
-
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=5)
-    if ev is None:
-        raise Exception("AP startup timed out")
-    if "AP-ENABLED" not in ev:
-        raise Exception("AP startup failed")
-
-    dev[0].request("ERP_FLUSH")
-    dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   erp="1", scan_freq="2412")
-
-def test_fils_offload_to_driver(dev, apdev, params):
-    """FILS offload to driver"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-    run_fils_offload_to_driver(dev[0], apdev, params)
-
-def test_fils_offload_to_driver2(dev, apdev, params):
-    """FILS offload to driver"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    run_fils_offload_to_driver(wpas, apdev, params)
-
-def run_fils_offload_to_driver(dev, apdev, params):
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev.request("ERP_FLUSH")
-    id = dev.connect("fils", key_mgmt="FILS-SHA256",
-                     eap="PSK", identity="psk.user@example.com",
-                     password_hex="0123456789abcdef0123456789abcdef",
-                     erp="1", scan_freq="2412")
-
-    p = "freq=2412 authorized=1 fils_erp_next_seq_num=4"
-    if "OK" not in dev.request("DRIVER_EVENT ASSOC " + p):
-        raise Exception("DRIVER_EVENT ASSOC did not succeed")
-    dev.wait_connected()
-
-    dev.request("DISCONNECT")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-    dev.select_network(id, freq=2412)
-    dev.wait_connected()
-    dev.dump_monitor()
-
-    # This does not really work properly with SME-in-wpa_supplicant case
-    p = "freq=2412 authorized=1 fils_erp_next_seq_num=4"
-    if "OK" not in dev.request("DRIVER_EVENT ASSOC " + p):
-        raise Exception("DRIVER_EVENT ASSOC did not succeed")
-
-    dev.wait_connected()
-
-def test_fils_sk_okc(dev, apdev, params):
-    """FILS SK and opportunistic key caching"""
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['okc'] = '1'
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", okc=True, scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    hapd.wait_sta()
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    if "OK" not in dev[0].request("ROAM " + bssid2):
-        raise Exception("ROAM failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Connection using OKC/PMKSA caching timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    hapd2.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-    pmksa2 = dev[0].get_pmksa(bssid2)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if 'opportunistic' not in pmksa2 or pmksa2['opportunistic'] != '1':
-        raise Exception("OKC not indicated in PMKSA entry")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change")
diff --git a/tests/hwsim/test_fst_config.py b/tests/hwsim/test_fst_config.py
deleted file mode 100644
index c28786ded853..000000000000
--- a/tests/hwsim/test_fst_config.py
+++ /dev/null
@@ -1,552 +0,0 @@
-# FST configuration tests
-# Copyright (c) 2015, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import subprocess
-import time
-import os
-import signal
-import hostapd
-import wpasupplicant
-import utils
-
-import fst_test_common
-
-class FstLauncherConfig:
-    """FstLauncherConfig class represents configuration to be used for
-    FST config tests related hostapd/wpa_supplicant instances"""
-    def __init__(self, iface, fst_group, fst_pri, fst_llt=None):
-        self.iface = iface
-        self.fst_group = fst_group
-        self.fst_pri = fst_pri
-        self.fst_llt = fst_llt # None llt means no llt parameter will be set
-
-    def ifname(self):
-        return self.iface
-
-    def is_ap(self):
-        """Returns True if the configuration is for AP, otherwise - False"""
-        raise Exception("Virtual is_ap() called!")
-
-    def to_file(self, pathname):
-        """Creates configuration file to be used by FST config tests related
-        hostapd/wpa_supplicant instances"""
-        raise Exception("Virtual to_file() called!")
-
-class FstLauncherConfigAP(FstLauncherConfig):
-    """FstLauncherConfigAP class represents configuration to be used for
-    FST config tests related hostapd instance"""
-    def __init__(self, iface, ssid, mode, chan, fst_group, fst_pri,
-                 fst_llt=None):
-        self.ssid = ssid
-        self.mode = mode
-        self.chan = chan
-        FstLauncherConfig.__init__(self, iface, fst_group, fst_pri, fst_llt)
-
-    def is_ap(self):
-        return True
-
-    def get_channel(self):
-        return self.chan
-
-    def to_file(self, pathname):
-        """Creates configuration file to be used by FST config tests related
-        hostapd instance"""
-        with open(pathname, "w") as f:
-            f.write("country_code=US\n"
-                    "interface=%s\n"
-                    "ctrl_interface=/var/run/hostapd\n"
-                    "ssid=%s\n"
-                    "channel=%s\n"
-                    "hw_mode=%s\n"
-                    "ieee80211n=1\n" % (self.iface, self.ssid, self.chan,
-                                        self.mode))
-            if len(self.fst_group) != 0:
-                f.write("fst_group_id=%s\n"
-                        "fst_priority=%s\n" % (self.fst_group, self.fst_pri))
-                if self.fst_llt is not None:
-                    f.write("fst_llt=%s\n" % self.fst_llt)
-        with open(pathname, "r") as f:
-            logger.debug("wrote hostapd config file %s:\n%s" % (pathname,
-                                                                f.read()))
-
-class FstLauncherConfigSTA(FstLauncherConfig):
-    """FstLauncherConfig class represents configuration to be used for
-    FST config tests related wpa_supplicant instance"""
-    def __init__(self, iface, fst_group, fst_pri, fst_llt=None):
-        FstLauncherConfig.__init__(self, iface, fst_group, fst_pri, fst_llt)
-
-    def is_ap(self):
-        return False
-
-    def to_file(self, pathname):
-        """Creates configuration file to be used by FST config tests related
-        wpa_supplicant instance"""
-        with open(pathname, "w") as f:
-            f.write("ctrl_interface=DIR=/var/run/wpa_supplicant\n"
-                "p2p_no_group_iface=1\n")
-            if len(self.fst_group) != 0:
-                f.write("fst_group_id=%s\n"
-                    "fst_priority=%s\n" % (self.fst_group, self.fst_pri))
-                if self.fst_llt is not None:
-                    f.write("fst_llt=%s\n" % self.fst_llt)
-        with open(pathname, "r") as f:
-            logger.debug("wrote wpa_supplicant config file %s:\n%s" % (pathname, f.read()))
-
-class FstLauncher:
-    """FstLauncher class is responsible for launching and cleaning up of FST
-    config tests related hostapd/wpa_supplicant instances"""
-    def __init__(self, logpath):
-        self.logger = logging.getLogger()
-        self.fst_logpath = logpath
-        self.cfgs_to_run = []
-        self.hapd_fst_global = '/var/run/hostapd-fst-global'
-        self.wsup_fst_global = '/tmp/fststa'
-        self.nof_aps = 0
-        self.nof_stas = 0
-        self.reg_ctrl = fst_test_common.HapdRegCtrl()
-        self.test_is_supported()
-
-    def __enter__(self):
-        return self
-
-    def __exit__(self, type, value, traceback):
-        self.cleanup()
-
-    @staticmethod
-    def test_is_supported():
-        h = hostapd.HostapdGlobal()
-        resp = h.request("FST-MANAGER TEST_REQUEST IS_SUPPORTED")
-        if not resp.startswith("OK"):
-            raise utils.HwsimSkip("FST not supported")
-        w = wpasupplicant.WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        resp = w.global_request("FST-MANAGER TEST_REQUEST IS_SUPPORTED")
-        if not resp.startswith("OK"):
-            raise utils.HwsimSkip("FST not supported")
-
-    def get_cfg_pathname(self, cfg):
-        """Returns pathname of ifname based configuration file"""
-        return self.fst_logpath +'/'+ cfg.ifname() + '.conf'
-
-    def add_cfg(self, cfg):
-        """Adds configuration to be used for launching hostapd/wpa_supplicant
-        instances"""
-        if cfg not in self.cfgs_to_run:
-            self.cfgs_to_run.append(cfg)
-        if cfg.is_ap() == True:
-            self.nof_aps += 1
-        else:
-            self.nof_stas += 1
-
-    def remove_cfg(self, cfg):
-        """Removes configuration previously added with add_cfg"""
-        if cfg in self.cfgs_to_run:
-            self.cfgs_to_run.remove(cfg)
-        if cfg.is_ap() == True:
-            self.nof_aps -= 1
-        else:
-            self.nof_stas -= 1
-        config_file = self.get_cfg_pathname(cfg)
-        if os.path.exists(config_file):
-            os.remove(config_file)
-
-    def run_hostapd(self):
-        """Lauches hostapd with interfaces configured according to
-        FstLauncherConfigAP configurations added"""
-        if self.nof_aps == 0:
-            raise Exception("No FST APs to start")
-        pidfile = self.fst_logpath + '/' + 'myhostapd.pid'
-        mylogfile = self.fst_logpath + '/' + 'fst-hostapd'
-        prg = os.path.join(self.fst_logpath,
-                           'alt-hostapd/hostapd/hostapd')
-        if not os.path.exists(prg):
-            prg = '../../hostapd/hostapd'
-        cmd = [prg, '-B', '-dddt',
-               '-P', pidfile, '-f', mylogfile, '-g', self.hapd_fst_global]
-        for i in range(0, len(self.cfgs_to_run)):
-            cfg = self.cfgs_to_run[i]
-            if cfg.is_ap() == True:
-                cfgfile = self.get_cfg_pathname(cfg)
-                cfg.to_file(cfgfile)
-                cmd.append(cfgfile)
-                self.reg_ctrl.add_ap(cfg.ifname(), cfg.get_channel())
-        self.logger.debug("Starting fst hostapd: " + ' '.join(cmd))
-        res = subprocess.call(cmd)
-        self.logger.debug("fst hostapd start result: %d" % res)
-        if res == 0:
-            self.reg_ctrl.start()
-        return res
-
-    def run_wpa_supplicant(self):
-        """Lauches wpa_supplicant with interfaces configured according to
-        FstLauncherConfigSTA configurations added"""
-        if self.nof_stas == 0:
-            raise Exception("No FST STAs to start")
-        pidfile = self.fst_logpath + '/' + 'mywpa_supplicant.pid'
-        mylogfile = self.fst_logpath + '/' + 'fst-wpa_supplicant'
-        prg = os.path.join(self.fst_logpath,
-                           'alt-wpa_supplicant/wpa_supplicant/wpa_supplicant')
-        if not os.path.exists(prg):
-            prg = '../../wpa_supplicant/wpa_supplicant'
-        cmd = [prg, '-B', '-dddt',
-               '-P' + pidfile, '-f', mylogfile, '-g', self.wsup_fst_global]
-        sta_no = 0
-        for i in range(0, len(self.cfgs_to_run)):
-            cfg = self.cfgs_to_run[i]
-            if cfg.is_ap() == False:
-                cfgfile = self.get_cfg_pathname(cfg)
-                cfg.to_file(cfgfile)
-                cmd.append('-c' + cfgfile)
-                cmd.append('-i' + cfg.ifname())
-                cmd.append('-Dnl80211')
-                if sta_no != self.nof_stas -1:
-                    cmd.append('-N')    # Next station configuration
-                sta_no += 1
-        self.logger.debug("Starting fst supplicant: " + ' '.join(cmd))
-        res = subprocess.call(cmd)
-        self.logger.debug("fst supplicant start result: %d" % res)
-        return res
-
-    def cleanup(self):
-        """Terminates hostapd/wpa_supplicant processes previously launched with
-        run_hostapd/run_wpa_supplicant"""
-        pidfile = self.fst_logpath + '/' + 'myhostapd.pid'
-        self.kill_pid(pidfile, self.nof_aps > 0)
-        pidfile = self.fst_logpath + '/' + 'mywpa_supplicant.pid'
-        self.kill_pid(pidfile, self.nof_stas > 0)
-        self.reg_ctrl.stop()
-        while len(self.cfgs_to_run) != 0:
-            cfg = self.cfgs_to_run[0]
-            self.remove_cfg(cfg)
-        fst_test_common.fst_clear_regdom()
-
-    def kill_pid(self, pidfile, try_again=False):
-        """Kills process by PID file"""
-        if not os.path.exists(pidfile):
-            if not try_again:
-                return
-            # It might take some time for the process to write the PID file,
-            # so wait a bit longer before giving up.
-            self.logger.info("kill_pid: pidfile %s does not exist - try again after a second" % pidfile)
-            time.sleep(1)
-            if not os.path.exists(pidfile):
-                self.logger.info("kill_pid: pidfile %s does not exist - could not kill the process" % pidfile)
-                return
-        pid = -1
-        try:
-            for i in range(3):
-                pf = open(pidfile, 'r')
-                pidtxt = pf.read().strip()
-                self.logger.debug("kill_pid: %s: '%s'" % (pidfile, pidtxt))
-                pf.close()
-                try:
-                    pid = int(pidtxt)
-                    break
-                except Exception as e:
-                    self.logger.debug("kill_pid: No valid PID found: %s" % str(e))
-                    time.sleep(1)
-            self.logger.debug("kill_pid %s --> pid %d" % (pidfile, pid))
-            os.kill(pid, signal.SIGTERM)
-            for i in range(10):
-                try:
-                    # Poll the pid (Is the process still existing?)
-                    os.kill(pid, 0)
-                except OSError:
-                    # No, already done
-                    break
-                # Wait and check again
-                time.sleep(1)
-        except Exception as e:
-            self.logger.debug("Didn't stop the pid=%d. Was it stopped already? (%s)" % (pid, str(e)))
-
-
-def parse_ies(iehex, el=-1):
-    """Parses the information elements hex string 'iehex' in format
-    "0a0b0c0d0e0f". If no 'el' defined just checks the IE string for integrity.
-    If 'el' is defined returns the list of hex values of the specific IE (or
-    empty list if the element is not in the string."""
-    iel = [iehex[i:i + 2] for i in range(0, len(iehex), 2)]
-    for i in range(0, len(iel)):
-         iel[i] = int(iel[i], 16)
-    # Validity check
-    i = 0
-    res = []
-    while i < len(iel):
-        logger.debug("IE found: %x" % iel[i])
-        if el != -1 and el == iel[i]:
-            res = iel[i + 2:i + 2 + iel[i + 1]]
-        i += 2 + iel[i + 1]
-    if i != len(iel):
-        logger.error("Bad IE string: " + iehex)
-        res = []
-    return res
-
-def scan_and_get_bss(dev, frq):
-    """Issues a scan on given device on given frequency, returns the bss info
-    dictionary ('ssid','ie','flags', etc.) or None. Note, the function
-    implies there is only one AP on the given channel. If not a case,
-    the function must be changed to call dev.get_bss() till the AP with the
-    [b]ssid that we need is found"""
-    dev.scan(freq=frq)
-    return dev.get_bss('0')
-
-
-# AP configuration tests
-
-def run_test_ap_configuration(apdev, test_params,
-                              fst_group=fst_test_common.fst_test_def_group,
-                              fst_pri=fst_test_common.fst_test_def_prio_high,
-                              fst_llt=fst_test_common.fst_test_def_llt):
-    """Runs FST hostapd where the 1st AP configuration is fixed, the 2nd fst
-    configuration is provided by the parameters. Returns the result of the run:
-    0 - no errors discovered, an error otherwise. The function is used for
-    simplek "bad configuration" tests."""
-    logdir = test_params['logdir']
-    with FstLauncher(logdir) as fst_launcher:
-        ap1 = FstLauncherConfigAP(apdev[0]['ifname'], 'fst_goodconf', 'a',
-                                  fst_test_common.fst_test_def_chan_a,
-                                  fst_test_common.fst_test_def_group,
-                                  fst_test_common.fst_test_def_prio_low,
-                                  fst_test_common.fst_test_def_llt)
-        ap2 = FstLauncherConfigAP(apdev[1]['ifname'], 'fst_badconf', 'b',
-                                  fst_test_common.fst_test_def_chan_g, fst_group,
-                                  fst_pri, fst_llt)
-        fst_launcher.add_cfg(ap1)
-        fst_launcher.add_cfg(ap2)
-        res = fst_launcher.run_hostapd()
-        return res
-
-def run_test_sta_configuration(test_params,
-                               fst_group=fst_test_common.fst_test_def_group,
-                               fst_pri=fst_test_common.fst_test_def_prio_high,
-                               fst_llt=fst_test_common.fst_test_def_llt):
-    """Runs FST wpa_supplicant where the 1st STA configuration is fixed, the
-    2nd fst configuration is provided by the parameters. Returns the result of
-    the run: 0 - no errors discovered, an error otherwise. The function is used
-    for simple "bad configuration" tests."""
-    logdir = test_params['logdir']
-    with FstLauncher(logdir) as fst_launcher:
-        sta1 = FstLauncherConfigSTA('wlan5',
-                                    fst_test_common.fst_test_def_group,
-                                    fst_test_common.fst_test_def_prio_low,
-                                    fst_test_common.fst_test_def_llt)
-        sta2 = FstLauncherConfigSTA('wlan6', fst_group, fst_pri, fst_llt)
-        fst_launcher.add_cfg(sta1)
-        fst_launcher.add_cfg(sta2)
-        res = fst_launcher.run_wpa_supplicant()
-        return res
-
-def test_fst_ap_config_llt_neg(dev, apdev, test_params):
-    """FST AP configuration negative LLT"""
-    res = run_test_ap_configuration(apdev, test_params, fst_llt='-1')
-    if res == 0:
-        raise Exception("hostapd started with a negative llt")
-
-def test_fst_ap_config_llt_zero(dev, apdev, test_params):
-    """FST AP configuration zero LLT"""
-    res = run_test_ap_configuration(apdev, test_params, fst_llt='0')
-    if res == 0:
-        raise Exception("hostapd started with a zero llt")
-
-def test_fst_ap_config_llt_too_big(dev, apdev, test_params):
-    """FST AP configuration LLT is too big"""
-    res = run_test_ap_configuration(apdev, test_params,
-                                    fst_llt='4294967296') #0x100000000
-    if res == 0:
-        raise Exception("hostapd started with llt that is too big")
-
-def test_fst_ap_config_llt_nan(dev, apdev, test_params):
-    """FST AP configuration LLT is not a number"""
-    res = run_test_ap_configuration(apdev, test_params, fst_llt='nan')
-    if res == 0:
-        raise Exception("hostapd started with llt not a number")
-
-def test_fst_ap_config_pri_neg(dev, apdev, test_params):
-    """FST AP configuration Priority negative"""
-    res = run_test_ap_configuration(apdev, test_params, fst_pri='-1')
-    if res == 0:
-        raise Exception("hostapd started with a negative fst priority")
-
-def test_fst_ap_config_pri_zero(dev, apdev, test_params):
-    """FST AP configuration Priority zero"""
-    res = run_test_ap_configuration(apdev, test_params, fst_pri='0')
-    if res == 0:
-        raise Exception("hostapd started with a zero fst priority")
-
-def test_fst_ap_config_pri_large(dev, apdev, test_params):
-    """FST AP configuration Priority too large"""
-    res = run_test_ap_configuration(apdev, test_params, fst_pri='256')
-    if res == 0:
-        raise Exception("hostapd started with too large fst priority")
-
-def test_fst_ap_config_pri_nan(dev, apdev, test_params):
-    """FST AP configuration Priority not a number"""
-    res = run_test_ap_configuration(apdev, test_params, fst_pri='nan')
-    if res == 0:
-        raise Exception("hostapd started with fst priority not a number")
-
-def test_fst_ap_config_group_len(dev, apdev, test_params):
-    """FST AP configuration Group max length"""
-    res = run_test_ap_configuration(apdev, test_params,
-                                    fst_group='fstg5678abcd34567')
-    if res == 0:
-        raise Exception("hostapd started with fst_group length too big")
-
-def test_fst_ap_config_good(dev, apdev, test_params):
-    """FST AP configuration good parameters"""
-    res = run_test_ap_configuration(apdev, test_params)
-    if res != 0:
-        raise Exception("hostapd didn't start with valid config parameters")
-
-def test_fst_ap_config_default(dev, apdev, test_params):
-    """FST AP configuration default parameters"""
-    res = run_test_ap_configuration(apdev, test_params, fst_llt=None)
-    if res != 0:
-        raise Exception("hostapd didn't start with valid config parameters")
-
-
-# STA configuration tests
-
-def test_fst_sta_config_llt_neg(dev, apdev, test_params):
-    """FST STA configuration negative LLT"""
-    res = run_test_sta_configuration(test_params, fst_llt='-1')
-    if res == 0:
-        raise Exception("wpa_supplicant started with a negative llt")
-
-def test_fst_sta_config_llt_zero(dev, apdev, test_params):
-    """FST STA configuration zero LLT"""
-    res = run_test_sta_configuration(test_params, fst_llt='0')
-    if res == 0:
-        raise Exception("wpa_supplicant started with a zero llt")
-
-def test_fst_sta_config_llt_large(dev, apdev, test_params):
-    """FST STA configuration LLT is too large"""
-    res = run_test_sta_configuration(test_params,
-                                     fst_llt='4294967296') #0x100000000
-    if res == 0:
-        raise Exception("wpa_supplicant started with llt that is too large")
-
-def test_fst_sta_config_llt_nan(dev, apdev, test_params):
-    """FST STA configuration LLT is not a number"""
-    res = run_test_sta_configuration(test_params, fst_llt='nan')
-    if res == 0:
-        raise Exception("wpa_supplicant started with llt not a number")
-
-def test_fst_sta_config_pri_neg(dev, apdev, test_params):
-    """FST STA configuration Priority negative"""
-    res = run_test_sta_configuration(test_params, fst_pri='-1')
-    if res == 0:
-        raise Exception("wpa_supplicant started with a negative fst priority")
-
-def test_fst_sta_config_pri_zero(dev, apdev, test_params):
-    """FST STA configuration Priority zero"""
-    res = run_test_sta_configuration(test_params, fst_pri='0')
-    if res == 0:
-        raise Exception("wpa_supplicant started with a zero fst priority")
-
-def test_fst_sta_config_pri_big(dev, apdev, test_params):
-    """FST STA configuration Priority too large"""
-    res = run_test_sta_configuration(test_params, fst_pri='256')
-    if res == 0:
-        raise Exception("wpa_supplicant started with too large fst priority")
-
-def test_fst_sta_config_pri_nan(dev, apdev, test_params):
-    """FST STA configuration Priority not a number"""
-    res = run_test_sta_configuration(test_params, fst_pri='nan')
-    if res == 0:
-        raise Exception("wpa_supplicant started with fst priority not a number")
-
-def test_fst_sta_config_group_len(dev, apdev, test_params):
-    """FST STA configuration Group max length"""
-    res = run_test_sta_configuration(test_params,
-                                     fst_group='fstg5678abcd34567')
-    if res == 0:
-        raise Exception("wpa_supplicant started with fst_group length too big")
-
-def test_fst_sta_config_good(dev, apdev, test_params):
-    """FST STA configuration good parameters"""
-    res = run_test_sta_configuration(test_params)
-    if res != 0:
-        raise Exception("wpa_supplicant didn't start with valid config parameters")
-
-def test_fst_sta_config_default(dev, apdev, test_params):
-    """FST STA configuration default parameters"""
-    res = run_test_sta_configuration(test_params, fst_llt=None)
-    if res != 0:
-        raise Exception("wpa_supplicant didn't start with valid config parameters")
-
-def test_fst_scan_mb(dev, apdev, test_params):
-    """FST scan valid MB IE presence with normal start"""
-    logdir = test_params['logdir']
-
-    # Test valid MB IE in scan results
-    with FstLauncher(logdir) as fst_launcher:
-        ap1 = FstLauncherConfigAP(apdev[0]['ifname'], 'fst_11a', 'a',
-                                  fst_test_common.fst_test_def_chan_a,
-                                  fst_test_common.fst_test_def_group,
-                                  fst_test_common.fst_test_def_prio_high)
-        ap2 = FstLauncherConfigAP(apdev[1]['ifname'], 'fst_11g', 'b',
-                                  fst_test_common.fst_test_def_chan_g,
-                                  fst_test_common.fst_test_def_group,
-                                  fst_test_common.fst_test_def_prio_low)
-        fst_launcher.add_cfg(ap1)
-        fst_launcher.add_cfg(ap2)
-        res = fst_launcher.run_hostapd()
-        if res != 0:
-            raise Exception("hostapd didn't start properly")
-
-        mbie1 = []
-        flags1 = ''
-        mbie2 = []
-        flags2 = ''
-        # Scan 1st AP
-        vals1 = scan_and_get_bss(dev[0], fst_test_common.fst_test_def_freq_a)
-        if vals1 != None:
-            if 'ie' in vals1:
-                mbie1 = parse_ies(vals1['ie'], 0x9e)
-            if 'flags' in vals1:
-                flags1 = vals1['flags']
-        # Scan 2nd AP
-        vals2 = scan_and_get_bss(dev[2], fst_test_common.fst_test_def_freq_g)
-        if vals2 != None:
-            if 'ie' in vals2:
-                mbie2 = parse_ies(vals2['ie'], 0x9e)
-            if 'flags' in vals2:
-                flags2 = vals2['flags']
-
-    if len(mbie1) == 0:
-        raise Exception("No MB IE created by 1st AP")
-    if len(mbie2) == 0:
-        raise Exception("No MB IE created by 2nd AP")
-
-def test_fst_scan_nomb(dev, apdev, test_params):
-    """FST scan no MB IE presence with 1 AP start"""
-    logdir = test_params['logdir']
-
-    # Test valid MB IE in scan results
-    with FstLauncher(logdir) as fst_launcher:
-        ap1 = FstLauncherConfigAP(apdev[0]['ifname'], 'fst_11a', 'a',
-                                  fst_test_common.fst_test_def_chan_a,
-                                  fst_test_common.fst_test_def_group,
-                                  fst_test_common.fst_test_def_prio_high)
-        fst_launcher.add_cfg(ap1)
-        res = fst_launcher.run_hostapd()
-        if res != 0:
-            raise Exception("Hostapd didn't start properly")
-
-        time.sleep(2)
-        mbie1 = []
-        flags1 = ''
-        vals1 = scan_and_get_bss(dev[0], fst_test_common.fst_test_def_freq_a)
-        if vals1 != None:
-            if 'ie' in vals1:
-                mbie1 = parse_ies(vals1['ie'], 0x9e)
-            if 'flags' in vals1:
-                flags1 = vals1['flags']
-
-    if len(mbie1) != 0:
-        raise Exception("MB IE exists with 1 AP")
diff --git a/tests/hwsim/test_fst_module.py b/tests/hwsim/test_fst_module.py
deleted file mode 100644
index bb3b44ca3c57..000000000000
--- a/tests/hwsim/test_fst_module.py
+++ /dev/null
@@ -1,2825 +0,0 @@
-# FST functionality tests
-# Copyright (c) 2015, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import struct
-import subprocess
-import time
-import os
-import re
-
-import hwsim_utils
-from hwsim import HWSimRadio
-import hostapd
-from wpasupplicant import WpaSupplicant
-import fst_test_common
-import fst_module_aux
-from utils import alloc_fail, HwsimSkip
-
-#enum - bad parameter types
-bad_param_none = 0
-bad_param_session_add_no_params = 1
-bad_param_group_id = 2
-bad_param_session_set_no_params = 3
-bad_param_session_set_unknown_param = 4
-bad_param_session_id = 5
-bad_param_old_iface = 6
-bad_param_new_iface = 7
-bad_param_negative_llt = 8
-bad_param_zero_llt = 9
-bad_param_llt_too_big = 10
-bad_param_llt_nan = 11
-bad_param_peer_addr = 12
-bad_param_session_initiate_no_params = 13
-bad_param_session_initiate_bad_session_id = 14
-bad_param_session_initiate_with_no_new_iface_set = 15
-bad_param_session_initiate_with_bad_peer_addr_set = 16
-bad_param_session_initiate_request_with_bad_stie = 17
-bad_param_session_initiate_response_with_reject = 18
-bad_param_session_initiate_response_with_bad_stie = 19
-bad_param_session_initiate_response_with_zero_llt = 20
-bad_param_session_initiate_stt_no_response = 21
-bad_param_session_initiate_concurrent_setup_request = 22
-bad_param_session_transfer_no_params = 23
-bad_param_session_transfer_bad_session_id = 24
-bad_param_session_transfer_setup_skipped = 25
-bad_param_session_teardown_no_params = 26
-bad_param_session_teardown_bad_session_id = 27
-bad_param_session_teardown_setup_skipped = 28
-bad_param_session_teardown_bad_fsts_id = 29
-
-bad_param_names = ("None",
-                   "No params passed to session add",
-                   "Group ID",
-                   "No params passed to session set",
-                   "Unknown param passed to session set",
-                   "Session ID",
-                   "Old interface name",
-                   "New interface name",
-                   "Negative LLT",
-                   "Zero LLT",
-                   "LLT too big",
-                   "LLT is not a number",
-                   "Peer address",
-                   "No params passed to session initiate",
-                   "Session ID",
-                   "No new_iface was set",
-                   "Peer address",
-                   "Request with bad st ie",
-                   "Response with reject",
-                   "Response with bad st ie",
-                   "Response with zero llt",
-                   "No response, STT",
-                   "Concurrent setup request",
-                   "No params passed to session transfer",
-                   "Session ID",
-                   "Session setup skipped",
-                   "No params passed to session teardown",
-                   "Bad session",
-                   "Session setup skipped",
-                   "Bad fsts_id")
-
-def fst_start_session(apdev, test_params, bad_param_type, start_on_ap,
-                      peer_addr=None):
-    """This function makes the necessary preparations and the adds and sets a
-    session using either correct or incorrect parameters depending on the value
-    of bad_param_type. If the call ends as expected (with session being
-    successfully added and set in case of correct parameters or with the
-    expected exception in case of incorrect parameters), the function silently
-    exits. Otherwise, it throws an exception thus failing the test."""
-
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    bad_parameter_detected = False
-    exception_already_raised = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if start_on_ap:
-            initiator = ap1
-            responder = sta1
-            new_iface = ap2.ifname()
-            new_peer_addr = ap2.get_actual_peer_addr()
-        else:
-            initiator = sta1
-            responder = ap1
-            new_iface = sta2.ifname()
-            new_peer_addr = sta2.get_actual_peer_addr()
-        initiator.add_peer(responder, peer_addr, new_peer_addr)
-        group_id = None
-        if bad_param_type == bad_param_group_id:
-            group_id = '-1'
-        elif bad_param_type == bad_param_session_add_no_params:
-            group_id = ''
-        initiator.set_fst_parameters(group_id=group_id)
-        sid = initiator.add_session()
-        if bad_param_type == bad_param_session_set_no_params:
-            res = initiator.set_session_param(None)
-            if not res.startswith("OK"):
-                raise Exception("Session set operation failed")
-        elif bad_param_type == bad_param_session_set_unknown_param:
-            res = initiator.set_session_param("bad_param=1")
-            if not res.startswith("OK"):
-                raise Exception("Session set operation failed")
-        else:
-            if bad_param_type == bad_param_session_initiate_with_no_new_iface_set:
-                new_iface = None
-            elif bad_param_type == bad_param_new_iface:
-                new_iface = 'wlan12'
-            old_iface = None if bad_param_type != bad_param_old_iface else 'wlan12'
-            llt = None
-            if bad_param_type == bad_param_negative_llt:
-                llt = '-1'
-            elif bad_param_type == bad_param_zero_llt:
-                llt = '0'
-            elif bad_param_type == bad_param_llt_too_big:
-                llt = '4294967296'    #0x100000000
-            elif bad_param_type == bad_param_llt_nan:
-                llt = 'nan'
-            elif bad_param_type == bad_param_session_id:
-                sid = '-1'
-            initiator.set_fst_parameters(llt=llt)
-            initiator.configure_session(sid, new_iface, old_iface)
-    except Exception as e:
-        if e.args[0].startswith("Cannot add FST session with groupid"):
-            if bad_param_type == bad_param_group_id or bad_param_type == bad_param_session_add_no_params:
-                bad_parameter_detected = True
-        elif e.args[0].startswith("Cannot set FST session new_ifname:"):
-            if bad_param_type == bad_param_new_iface:
-                bad_parameter_detected = True
-        elif e.args[0].startswith("Session set operation failed"):
-            if (bad_param_type == bad_param_session_set_no_params or
-                bad_param_type == bad_param_session_set_unknown_param):
-                bad_parameter_detected = True
-        elif e.args[0].startswith("Cannot set FST session old_ifname:"):
-            if (bad_param_type == bad_param_old_iface or
-                bad_param_type == bad_param_session_id or
-                bad_param_type == bad_param_session_set_no_params):
-                bad_parameter_detected = True
-        elif e.args[0].startswith("Cannot set FST session llt:"):
-            if (bad_param_type == bad_param_negative_llt or
-                bad_param_type == bad_param_llt_too_big or
-                bad_param_type == bad_param_llt_nan):
-                bad_parameter_detected = True
-        elif e.args[0].startswith("Cannot set FST session peer address:"):
-            if bad_param_type == bad_param_peer_addr:
-                bad_parameter_detected = True
-        if not bad_parameter_detected:
-            # The exception was unexpected
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if bad_parameter_detected:
-                logger.info("Success. Bad parameter was detected (%s)" % bad_param_names[bad_param_type])
-            else:
-                if bad_param_type == bad_param_none or bad_param_type == bad_param_zero_llt:
-                    logger.info("Success. Session added and set")
-                else:
-                    exception_text = ""
-                    if bad_param_type == bad_param_peer_addr:
-                        exception_text = "Failure. Bad parameter was not detected (Peer address == %s)" % ap1.get_new_peer_addr()
-                    else:
-                        exception_text = "Failure. Bad parameter was not detected (%s)" % bad_param_names[bad_param_type]
-                    raise Exception(exception_text)
-        else:
-            logger.info("Failure. Unexpected exception")
-
-def fst_initiate_session(apdev, test_params, bad_param_type, init_on_ap):
-    """This function makes the necessary preparations and then adds, sets and
-    initiates a session using either correct or incorrect parameters at each
-    stage depending on the value of bad_param_type. If the call ends as expected
-    (with session being successfully added, set and initiated in case of correct
-    parameters or with the expected exception in case of incorrect parameters),
-    the function silently exits. Otherwise it throws an exception thus failing
-    the test."""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    bad_parameter_detected = False
-    exception_already_raised = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        # This call makes sure FstHostapd singleton object is created and, as a
-        # result, the global control interface is registered (this is done from
-        # the constructor).
-        ap1.get_global_instance()
-        if init_on_ap:
-            initiator = ap1
-            responder = sta1
-            new_iface = ap2.ifname() if bad_param_type != bad_param_session_initiate_with_no_new_iface_set else None
-            new_peer_addr = ap2.get_actual_peer_addr()
-            resp_newif = sta2.ifname()
-        else:
-            initiator = sta1
-            responder = ap1
-            new_iface = sta2.ifname() if bad_param_type != bad_param_session_initiate_with_no_new_iface_set else None
-            new_peer_addr = sta2.get_actual_peer_addr()
-            resp_newif = ap2.ifname()
-        peeraddr = None if bad_param_type != bad_param_session_initiate_with_bad_peer_addr_set else '10:DE:AD:DE:AD:11'
-        initiator.add_peer(responder, peeraddr, new_peer_addr)
-        if bad_param_type == bad_param_session_initiate_response_with_zero_llt:
-            initiator.set_fst_parameters(llt='0')
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        if bad_param_type == bad_param_session_initiate_no_params:
-            sid = ''
-        elif bad_param_type == bad_param_session_initiate_bad_session_id:
-            sid = '-1'
-        if bad_param_type == bad_param_session_initiate_request_with_bad_stie:
-            actual_fsts_id = initiator.get_fsts_id_by_sid(sid)
-            initiator.send_test_session_setup_request(str(actual_fsts_id), "bad_new_band")
-            responder.wait_for_session_event(5)
-        elif bad_param_type == bad_param_session_initiate_response_with_reject:
-            initiator.send_session_setup_request(sid)
-            initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            setup_event = responder.wait_for_session_event(5, [],
-                                                           ['EVENT_FST_SETUP'])
-            if 'id' not in setup_event:
-                raise Exception("No session id in FST setup event")
-            responder.send_session_setup_response(str(setup_event['id']),
-                                                  "reject")
-            event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            if event['new_state'] != "INITIAL" or event['reason'] != "REASON_REJECT":
-                raise Exception("Response with reject not handled as expected")
-            bad_parameter_detected = True
-        elif bad_param_type == bad_param_session_initiate_response_with_bad_stie:
-            initiator.send_session_setup_request(sid)
-            initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            responder.wait_for_session_event(5, [], ['EVENT_FST_SETUP'])
-            actual_fsts_id = initiator.get_fsts_id_by_sid(sid)
-            responder.send_test_session_setup_response(str(actual_fsts_id),
-                                                       "accept", "bad_new_band")
-            event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            if event['new_state'] != "INITIAL" or event['reason'] != "REASON_ERROR_PARAMS":
-                raise Exception("Response with bad STIE not handled as expected")
-            bad_parameter_detected = True
-        elif bad_param_type == bad_param_session_initiate_response_with_zero_llt:
-            initiator.initiate_session(sid, "accept")
-            event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            if event['new_state'] != "TRANSITION_DONE":
-                raise Exception("Response reception for a session with llt=0 not handled as expected")
-            bad_parameter_detected = True
-        elif bad_param_type == bad_param_session_initiate_stt_no_response:
-            initiator.send_session_setup_request(sid)
-            initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            responder.wait_for_session_event(5, [], ['EVENT_FST_SETUP'])
-            event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            if event['new_state'] != "INITIAL" or event['reason'] != "REASON_STT":
-                raise Exception("No response scenario not handled as expected")
-            bad_parameter_detected = True
-        elif bad_param_type == bad_param_session_initiate_concurrent_setup_request:
-            responder.add_peer(initiator)
-            resp_sid = responder.add_session()
-            responder.configure_session(resp_sid, resp_newif)
-            initiator.send_session_setup_request(sid)
-            actual_fsts_id = initiator.get_fsts_id_by_sid(sid)
-            responder.send_test_session_setup_request(str(actual_fsts_id))
-            event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-            initiator_addr = initiator.get_own_mac_address()
-            responder_addr = responder.get_own_mac_address()
-            if initiator_addr < responder_addr:
-                event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-                if event['new_state'] != "INITIAL" or event['reason'] != "REASON_SETUP":
-                    raise Exception("Concurrent setup scenario not handled as expected")
-                event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SETUP"])
-                # The incoming setup request received by the initiator has
-                # priority over the one sent previously by the initiator itself
-                # because the initiator's MAC address is numerically lower than
-                # the one of the responder. Thus, the initiator should generate
-                # an FST_SETUP event.
-            else:
-                event = initiator.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-                if event['new_state'] != "INITIAL" or event['reason'] != "REASON_STT":
-                    raise Exception("Concurrent setup scenario not handled as expected")
-                # The incoming setup request was dropped at the initiator
-                # because its MAC address is numerically bigger than the one of
-                # the responder. Thus, the initiator continue to wait for a
-                # setup response until the STT event fires.
-            bad_parameter_detected = True
-        else:
-            initiator.initiate_session(sid, "accept")
-    except Exception as e:
-        if e.args[0].startswith("Cannot initiate fst session"):
-            if bad_param_type != bad_param_none:
-                bad_parameter_detected = True
-        elif e.args[0].startswith("No FST-EVENT-SESSION received"):
-            if bad_param_type == bad_param_session_initiate_request_with_bad_stie:
-                bad_parameter_detected = True
-        if not bad_parameter_detected:
-            #The exception was unexpected
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if bad_parameter_detected:
-                logger.info("Success. Bad parameter was detected (%s)" % bad_param_names[bad_param_type])
-            else:
-                if bad_param_type == bad_param_none:
-                    logger.info("Success. Session initiated")
-                else:
-                    raise Exception("Failure. Bad parameter was not detected (%s)" % bad_param_names[bad_param_type])
-        else:
-            logger.info("Failure. Unexpected exception")
-
-def fst_transfer_session(apdev, test_params, bad_param_type, init_on_ap,
-                         rsn=False):
-    """This function makes the necessary preparations and then adds, sets,
-    initiates and attempts to transfer a session using either correct or
-    incorrect parameters at each stage depending on the value of bad_param_type.
-    If the call ends as expected the function silently exits. Otherwise, it
-    throws an exception thus failing the test."""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev, rsn=rsn)
-    bad_parameter_detected = False
-    exception_already_raised = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2, rsn=rsn)
-        # This call makes sure FstHostapd singleton object is created and, as a
-        # result, the global control interface is registered (this is done from
-        # the constructor).
-        ap1.get_global_instance()
-        if init_on_ap:
-            initiator = ap1
-            responder = sta1
-            new_iface = ap2.ifname()
-            new_peer_addr = ap2.get_actual_peer_addr()
-        else:
-            initiator = sta1
-            responder = ap1
-            new_iface = sta2.ifname()
-            new_peer_addr = sta2.get_actual_peer_addr()
-        initiator.add_peer(responder, new_peer_addr=new_peer_addr)
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        if bad_param_type != bad_param_session_transfer_setup_skipped:
-            initiator.initiate_session(sid, "accept")
-        if bad_param_type == bad_param_session_transfer_no_params:
-            sid = ''
-        elif bad_param_type == bad_param_session_transfer_bad_session_id:
-            sid = '-1'
-        initiator.transfer_session(sid)
-    except Exception as e:
-        if e.args[0].startswith("Cannot transfer fst session"):
-            if bad_param_type != bad_param_none:
-                bad_parameter_detected = True
-        if not bad_parameter_detected:
-            # The exception was unexpected
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if bad_parameter_detected:
-                logger.info("Success. Bad parameter was detected (%s)" % bad_param_names[bad_param_type])
-            else:
-                if bad_param_type == bad_param_none:
-                    logger.info("Success. Session transferred")
-                else:
-                    raise Exception("Failure. Bad parameter was not detected (%s)" % bad_param_names[bad_param_type])
-        else:
-            logger.info("Failure. Unexpected exception")
-
-
-def fst_tear_down_session(apdev, test_params, bad_param_type, init_on_ap):
-    """This function makes the necessary preparations and then adds, sets, and
-    initiates a session. It then issues a tear down command using either
-    correct or incorrect parameters at each stage. If the call ends as expected,
-    the function silently exits. Otherwise, it throws an exception thus failing
-    the test."""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    bad_parameter_detected = False
-    exception_already_raised = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        # This call makes sure FstHostapd singleton object is created and, as a
-        # result, the global control interface is registered (this is done from
-        # the constructor).
-        ap1.get_global_instance()
-        if init_on_ap:
-            initiator = ap1
-            responder = sta1
-            new_iface = ap2.ifname()
-            new_peer_addr = ap2.get_actual_peer_addr()
-        else:
-            initiator = sta1
-            responder = ap1
-            new_iface = sta2.ifname()
-            new_peer_addr = sta2.get_actual_peer_addr()
-        initiator.add_peer(responder, new_peer_addr=new_peer_addr)
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        if bad_param_type != bad_param_session_teardown_setup_skipped:
-            initiator.initiate_session(sid, "accept")
-        if bad_param_type == bad_param_session_teardown_bad_fsts_id:
-            initiator.send_test_tear_down('-1')
-            responder.wait_for_session_event(5)
-        else:
-            if bad_param_type == bad_param_session_teardown_no_params:
-                sid = ''
-            elif bad_param_type == bad_param_session_teardown_bad_session_id:
-                sid = '-1'
-            initiator.teardown_session(sid)
-    except Exception as e:
-        if e.args[0].startswith("Cannot tear down fst session"):
-            if (bad_param_type == bad_param_session_teardown_no_params or
-                bad_param_type == bad_param_session_teardown_bad_session_id or
-                bad_param_type == bad_param_session_teardown_setup_skipped):
-                bad_parameter_detected = True
-        elif e.args[0].startswith("No FST-EVENT-SESSION received"):
-            if bad_param_type == bad_param_session_teardown_bad_fsts_id:
-                bad_parameter_detected = True
-        if not bad_parameter_detected:
-            # The exception was unexpected
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if bad_parameter_detected:
-                logger.info("Success. Bad parameter was detected (%s)" % bad_param_names[bad_param_type])
-            else:
-                if bad_param_type == bad_param_none:
-                    logger.info("Success. Session torn down")
-                else:
-                    raise Exception("Failure. Bad parameter was not detected (%s)" % bad_param_names[bad_param_type])
-        else:
-            logger.info("Failure. Unexpected exception")
-
-
-#enum - remove session scenarios
-remove_scenario_no_params = 0
-remove_scenario_bad_session_id = 1
-remove_scenario_non_established_session = 2
-remove_scenario_established_session = 3
-
-remove_scenario_names = ("No params",
-                         "Bad session id",
-                         "Remove non-established session",
-                         "Remove established session")
-
-
-def fst_remove_session(apdev, test_params, remove_session_scenario, init_on_ap):
-    """This function attempts to remove a session at various stages of its
-    formation, depending on the value of remove_session_scenario. If the call
-    ends as expected, the function silently exits. Otherwise, it throws an
-    exception thus failing the test."""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    bad_parameter_detected = False
-    exception_already_raised = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        # This call makes sure FstHostapd singleton object is created and, as a
-        # result, the global control interface is registered (this is done from
-        # the constructor).
-        ap1.get_global_instance()
-        if init_on_ap:
-            initiator = ap1
-            responder = sta1
-            new_iface = ap2.ifname()
-            new_peer_addr = ap2.get_actual_peer_addr()
-        else:
-            initiator = sta1
-            responder = ap1
-            new_iface = sta2.ifname()
-            new_peer_addr = sta2.get_actual_peer_addr()
-        initiator.add_peer(responder, new_peer_addr=new_peer_addr)
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        if remove_session_scenario != remove_scenario_no_params:
-            if remove_session_scenario != remove_scenario_non_established_session:
-                initiator.initiate_session(sid, "accept")
-        if remove_session_scenario == remove_scenario_no_params:
-            sid = ''
-        elif remove_session_scenario == remove_scenario_bad_session_id:
-            sid = '-1'
-        initiator.remove_session(sid)
-    except Exception as e:
-        if e.args[0].startswith("Cannot remove fst session"):
-            if (remove_session_scenario == remove_scenario_no_params or
-                remove_session_scenario == remove_scenario_bad_session_id):
-                bad_parameter_detected = True
-        elif e.args[0].startswith("No FST-EVENT-SESSION received"):
-            if remove_session_scenario == remove_scenario_non_established_session:
-                bad_parameter_detected = True
-        if not bad_parameter_detected:
-            #The exception was unexpected
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if bad_parameter_detected:
-                logger.info("Success. Remove scenario ended as expected (%s)" % remove_scenario_names[remove_session_scenario])
-            else:
-                if remove_session_scenario == remove_scenario_established_session:
-                    logger.info("Success. Session removed")
-                else:
-                    raise Exception("Failure. Remove scenario ended in an unexpected way (%s)" % remove_scenario_names[remove_session_scenario])
-        else:
-            logger.info("Failure. Unexpected exception")
-
-
-#enum - frame types
-frame_type_session_request = 0
-frame_type_session_response = 1
-frame_type_ack_request = 2
-frame_type_ack_response = 3
-frame_type_tear_down = 4
-
-frame_type_names = ("Session request",
-                    "Session Response",
-                    "Ack request",
-                    "Ack response",
-                    "Tear down")
-
-def fst_send_unexpected_frame(apdev, test_params, frame_type, send_from_ap, additional_param=''):
-    """This function creates two pairs of APs and stations, makes them connect
-    and then causes one side to send an unexpected FST frame of the specified
-    type to the other. The other side should then identify and ignore the
-    frame."""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    exception_already_raised = False
-    frame_receive_timeout = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        # This call makes sure FstHostapd singleton object is created and, as a
-        # result, the global control interface is registered (this is done from
-        # the constructor).
-        ap1.get_global_instance()
-        if send_from_ap:
-            sender = ap1
-            receiver = sta1
-            new_iface = ap2.ifname()
-            new_peer_addr = ap2.get_actual_peer_addr()
-        else:
-            sender = sta1
-            receiver = ap1
-            new_iface = sta2.ifname()
-            new_peer_addr = sta2.get_actual_peer_addr()
-        sender.add_peer(receiver, new_peer_addr=new_peer_addr)
-        sid = sender.add_session()
-        sender.configure_session(sid, new_iface)
-        if frame_type == frame_type_session_request:
-            sender.send_session_setup_request(sid)
-            event = receiver.wait_for_session_event(5)
-            if event['type'] != 'EVENT_FST_SETUP':
-                raise Exception("Unexpected indication: " + event['type'])
-        elif frame_type == frame_type_session_response:
-            #fsts_id doesn't matter, no actual session exists
-            sender.send_test_session_setup_response('0', additional_param)
-            receiver.wait_for_session_event(5)
-        elif frame_type == frame_type_ack_request:
-            #fsts_id doesn't matter, no actual session exists
-            sender.send_test_ack_request('0')
-            receiver.wait_for_session_event(5)
-        elif frame_type == frame_type_ack_response:
-            #fsts_id doesn't matter, no actual session exists
-            sender.send_test_ack_response('0')
-            receiver.wait_for_session_event(5)
-        elif frame_type == frame_type_tear_down:
-            #fsts_id doesn't matter, no actual session exists
-            sender.send_test_tear_down('0')
-            receiver.wait_for_session_event(5)
-    except Exception as e:
-        if e.args[0].startswith("No FST-EVENT-SESSION received"):
-            if frame_type != frame_type_session_request:
-                frame_receive_timeout = True
-        else:
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if frame_receive_timeout:
-                logger.info("Success. Frame was ignored (%s)" % frame_type_names[frame_type])
-            else:
-                if frame_type == frame_type_session_request:
-                    logger.info("Success. Frame received, session created")
-                else:
-                    raise Exception("Failure. Frame was not ignored (%s)" % frame_type_names[frame_type])
-        else:
-            logger.info("Failure. Unexpected exception")
-
-
-#enum - bad session transfer scenarios
-bad_scenario_none = 0
-bad_scenario_ack_req_session_not_set_up = 1
-bad_scenario_ack_req_session_not_established_init_side = 2
-bad_scenario_ack_req_session_not_established_resp_side = 3
-bad_scenario_ack_req_bad_fsts_id = 4
-bad_scenario_ack_resp_session_not_set_up = 5
-bad_scenario_ack_resp_session_not_established_init_side = 6
-bad_scenario_ack_resp_session_not_established_resp_side = 7
-bad_scenario_ack_resp_no_ack_req = 8
-bad_scenario_ack_resp_bad_fsts_id = 9
-
-bad_scenario_names = ("None",
-                      "Ack request received before the session was set up",
-                      "Ack request received on the initiator side before session was established",
-                      "Ack request received on the responder side before session was established",
-                      "Ack request received with bad fsts_id",
-                      "Ack response received before the session was set up",
-                      "Ack response received on the initiator side before session was established",
-                      "Ack response received on the responder side before session was established",
-                      "Ack response received before ack request was sent",
-                      "Ack response received with bad fsts_id")
-
-def fst_bad_transfer(apdev, test_params, bad_scenario_type, init_on_ap):
-    """This function makes the necessary preparations and then adds and sets a
-    session. It then initiates and it unless instructed otherwise) and attempts
-    to send one of the frames involved in the session transfer protocol,
-    skipping or distorting one of the stages according to the value of
-    bad_scenario_type parameter."""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    bad_parameter_detected = False
-    exception_already_raised = False
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        # This call makes sure FstHostapd singleton object is created and, as a
-        # result, the global control interface is registered (this is done from
-        # the constructor).
-        ap1.get_global_instance()
-        if init_on_ap:
-            initiator = ap1
-            responder = sta1
-            new_iface = ap2.ifname()
-            new_peer_addr = ap2.get_actual_peer_addr()
-        else:
-            initiator = sta1
-            responder = ap1
-            new_iface = sta2.ifname()
-            new_peer_addr = sta2.get_actual_peer_addr()
-        initiator.add_peer(responder, new_peer_addr=new_peer_addr)
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        if (bad_scenario_type != bad_scenario_ack_req_session_not_set_up and
-            bad_scenario_type != bad_scenario_ack_resp_session_not_set_up):
-            if (bad_scenario_type != bad_scenario_ack_req_session_not_established_init_side and
-                bad_scenario_type != bad_scenario_ack_resp_session_not_established_init_side and
-                bad_scenario_type != bad_scenario_ack_req_session_not_established_resp_side and
-                bad_scenario_type != bad_scenario_ack_resp_session_not_established_resp_side):
-                response = "accept"
-            else:
-                response = ''
-            initiator.initiate_session(sid, response)
-        if bad_scenario_type == bad_scenario_ack_req_session_not_set_up:
-            #fsts_id doesn't matter, no actual session exists
-            responder.send_test_ack_request('0')
-            initiator.wait_for_session_event(5)
-            # We want to send the unexpected frame to the side that already has
-            # a session created
-        elif bad_scenario_type == bad_scenario_ack_resp_session_not_set_up:
-            #fsts_id doesn't matter, no actual session exists
-            responder.send_test_ack_response('0')
-            initiator.wait_for_session_event(5)
-            # We want to send the unexpected frame to the side that already has
-            # a session created
-        elif bad_scenario_type == bad_scenario_ack_req_session_not_established_init_side:
-            #fsts_id doesn't matter, no actual session exists
-            initiator.send_test_ack_request('0')
-            responder.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        elif bad_scenario_type == bad_scenario_ack_req_session_not_established_resp_side:
-            #fsts_id doesn't matter, no actual session exists
-            responder.send_test_ack_request('0')
-            initiator.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        elif bad_scenario_type == bad_scenario_ack_resp_session_not_established_init_side:
-            #fsts_id doesn't matter, no actual session exists
-            initiator.send_test_ack_response('0')
-            responder.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        elif bad_scenario_type == bad_scenario_ack_resp_session_not_established_resp_side:
-            #fsts_id doesn't matter, no actual session exists
-            responder.send_test_ack_response('0')
-            initiator.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        elif bad_scenario_type == bad_scenario_ack_req_bad_fsts_id:
-            initiator.send_test_ack_request('-1')
-            responder.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        elif bad_scenario_type == bad_scenario_ack_resp_bad_fsts_id:
-            initiator.send_test_ack_response('-1')
-            responder.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        elif bad_scenario_type == bad_scenario_ack_resp_no_ack_req:
-            actual_fsts_id = initiator.get_fsts_id_by_sid(sid)
-            initiator.send_test_ack_response(str(actual_fsts_id))
-            responder.wait_for_session_event(5, ["EVENT_FST_SESSION_STATE"])
-        else:
-            raise Exception("Unknown bad scenario identifier")
-    except Exception as e:
-        if e.args[0].startswith("No FST-EVENT-SESSION received"):
-            bad_parameter_detected = True
-        if not bad_parameter_detected:
-            # The exception was unexpected
-            logger.info(e)
-            exception_already_raised = True
-            raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        if not exception_already_raised:
-            if bad_parameter_detected:
-                logger.info("Success. Bad scenario was handled correctly (%s)" % bad_scenario_names[bad_scenario_type])
-            else:
-                raise Exception("Failure. Bad scenario was handled incorrectly (%s)" % bad_scenario_names[bad_scenario_type])
-        else:
-            logger.info("Failure. Unexpected exception")
-
-def test_fst_sta_connect_to_non_fst_ap(dev, apdev, test_params):
-    """FST STA connecting to non-FST AP"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs must be present on the stations")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_sta_connect_to_fst_ap(dev, apdev, test_params):
-    """FST STA connecting to FST AP"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        orig_sta2_mbies = sta2.get_local_mbies()
-        vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-        sta1.connect(ap1, key_mgmt="NONE",
-                     scan_freq=fst_test_common.fst_test_def_freq_a)
-        time.sleep(2)
-        res_sta2_mbies = sta2.get_local_mbies()
-        if res_sta2_mbies == orig_sta2_mbies:
-            raise Exception("Failure. MB IEs have not been updated")
-    except Exception as e:
-        logger.info(e)
-        raise
-    finally:
-        sta1.disconnect()
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_ap_connect_to_fst_sta(dev, apdev, test_params):
-    """FST AP connecting to FST STA"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        orig_ap_mbies = ap1.get_local_mbies()
-        vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-        sta1.connect(ap1, key_mgmt="NONE",
-                     scan_freq=fst_test_common.fst_test_def_freq_a)
-        time.sleep(2)
-        res_ap_mbies = ap1.get_local_mbies()
-        if res_ap_mbies != orig_ap_mbies:
-            raise Exception("Failure. MB IEs have been unexpectedly updated on the AP")
-    except Exception as e:
-        logger.info(e)
-        raise
-    finally:
-        sta1.disconnect()
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_ap_connect_to_non_fst_sta(dev, apdev, test_params):
-    """FST AP connecting to non-FST STA"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        orig_ap_mbies = ap2.get_local_mbies()
-        vals = dev[0].scan(None, fst_test_common.fst_test_def_freq_g)
-        fst_module_aux.external_sta_connect(dev[0], ap2, key_mgmt="NONE",
-                                            scan_freq=fst_test_common.fst_test_def_freq_g)
-        time.sleep(2)
-        res_ap_mbies = ap2.get_local_mbies()
-        if res_ap_mbies != orig_ap_mbies:
-            raise Exception("Failure. MB IEs have been unexpectedly updated on the AP")
-    except Exception as e:
-        logger.info(e)
-        raise
-    finally:
-        fst_module_aux.disconnect_external_sta(dev[0], ap2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_second_sta_connect_to_non_fst_ap(dev, apdev, test_params):
-    """FST STA 2nd connecting to non-FST AP"""
-    fst_ap1, fst_ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-            sta1.connect(fst_ap1, key_mgmt="NONE", scan_freq=fst_test_common.fst_test_def_freq_a)
-            time.sleep(2)
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs must be present on the stations")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta1.disconnect()
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(fst_ap1, fst_ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_second_sta_connect_to_fst_ap(dev, apdev, test_params):
-    """FST STA 2nd connecting to FST AP"""
-    fst_ap1, fst_ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-            sta1.connect(fst_ap1, key_mgmt="NONE", scan_freq=fst_test_common.fst_test_def_freq_a)
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs must be present on the stations")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta1.disconnect()
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(fst_ap1, fst_ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_disconnect_1_of_2_stas_from_non_fst_ap(dev, apdev, test_params):
-    """FST disconnect 1 of 2 STAs from non-FST AP"""
-    fst_ap1, fst_ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-            sta1.connect(fst_ap1, key_mgmt="NONE", scan_freq=fst_test_common.fst_test_def_freq_a)
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            sta2.disconnect_from_external_ap()
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs must be present on the stations")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta1.disconnect()
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(fst_ap1, fst_ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_disconnect_1_of_2_stas_from_fst_ap(dev, apdev, test_params):
-    """FST disconnect 1 of 2 STAs from FST AP"""
-    fst_ap1, fst_ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-            sta1.connect(fst_ap1, key_mgmt="NONE", scan_freq=fst_test_common.fst_test_def_freq_a)
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            sta1.disconnect()
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs must be present on the stations")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta1.disconnect()
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(fst_ap1, fst_ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_disconnect_2_of_2_stas_from_non_fst_ap(dev, apdev, test_params):
-    """FST disconnect 2 of 2 STAs from non-FST AP"""
-    fst_ap1, fst_ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-            sta1.connect(fst_ap1, key_mgmt="NONE", scan_freq=fst_test_common.fst_test_def_freq_a)
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            sta1.disconnect()
-            time.sleep(2)
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            sta2.disconnect_from_external_ap()
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs must be present on the stations")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta1.disconnect()
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(fst_ap1, fst_ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_disconnect_2_of_2_stas_from_fst_ap(dev, apdev, test_params):
-    """FST disconnect 2 of 2 STAs from FST AP"""
-    fst_ap1, fst_ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    with HWSimRadio() as (radio, iface):
-        non_fst_ap = hostapd.add_ap(iface, {"ssid": "non_fst_11g"})
-        try:
-            vals = sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-            sta1.connect(fst_ap1, key_mgmt="NONE", scan_freq=fst_test_common.fst_test_def_freq_a)
-            sta2.connect_to_external_ap(non_fst_ap, ssid="non_fst_11g",
-                                        key_mgmt="NONE", scan_freq='2412')
-            time.sleep(2)
-            sta2.disconnect_from_external_ap()
-            time.sleep(2)
-            orig_sta1_mbies = sta1.get_local_mbies()
-            orig_sta2_mbies = sta2.get_local_mbies()
-            sta1.disconnect()
-            time.sleep(2)
-            res_sta1_mbies = sta1.get_local_mbies()
-            res_sta2_mbies = sta2.get_local_mbies()
-            if (orig_sta1_mbies.startswith("FAIL") or
-                orig_sta2_mbies.startswith("FAIL") or
-                res_sta1_mbies.startswith("FAIL") or
-                res_sta2_mbies.startswith("FAIL")):
-                raise Exception("Failure. MB IEs should have stayed present on both stations")
-            # Mandatory part of 8.4.2.140 Multi-band element is 24 bytes = 48 hex chars
-            basic_sta1_mbies = res_sta1_mbies[0:48] + res_sta1_mbies[60:108]
-            basic_sta2_mbies = res_sta2_mbies[0:48] + res_sta2_mbies[60:108]
-            if (basic_sta1_mbies != basic_sta2_mbies):
-                raise Exception("Failure. Basic MB IEs should have become identical on both stations")
-            addr_sta1_str = sta1.get_own_mac_address().replace(":", "")
-            addr_sta2_str = sta2.get_own_mac_address().replace(":", "")
-            # Mandatory part of 8.4.2.140 Multi-band element is followed by STA MAC Address field (6 bytes = 12 hex chars)
-            addr_sta1_mbie1 = res_sta1_mbies[48:60]
-            addr_sta1_mbie2 = res_sta1_mbies[108:120]
-            addr_sta2_mbie1 = res_sta2_mbies[48:60]
-            addr_sta2_mbie2 = res_sta2_mbies[108:120]
-            if (addr_sta1_mbie1 != addr_sta1_mbie2 or
-                addr_sta1_mbie1 != addr_sta2_str or
-                addr_sta2_mbie1 != addr_sta2_mbie2 or
-                addr_sta2_mbie1 != addr_sta1_str):
-                raise Exception("Failure. STA Address in MB IEs should have been same as the other STA's")
-        except Exception as e:
-            logger.info(e)
-            raise
-        finally:
-            sta1.disconnect()
-            sta2.disconnect_from_external_ap()
-            fst_module_aux.stop_two_ap_sta_pairs(fst_ap1, fst_ap2, sta1, sta2)
-            hostapd.HostapdGlobal().remove(iface)
-
-def test_fst_disconnect_non_fst_sta(dev, apdev, test_params):
-    """FST disconnect non-FST STA"""
-    ap1, ap2, fst_sta1, fst_sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    external_sta_connected = False
-    try:
-        vals = fst_sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-        fst_sta1.connect(ap1, key_mgmt="NONE",
-                         scan_freq=fst_test_common.fst_test_def_freq_a)
-        vals = dev[0].scan(None, fst_test_common.fst_test_def_freq_g)
-        fst_module_aux.external_sta_connect(dev[0], ap2, key_mgmt="NONE",
-                                            scan_freq=fst_test_common.fst_test_def_freq_g)
-        external_sta_connected = True
-        time.sleep(2)
-        fst_sta1.disconnect()
-        time.sleep(2)
-        orig_ap_mbies = ap2.get_local_mbies()
-        fst_module_aux.disconnect_external_sta(dev[0], ap2)
-        external_sta_connected = False
-        time.sleep(2)
-        res_ap_mbies = ap2.get_local_mbies()
-        if res_ap_mbies != orig_ap_mbies:
-            raise Exception("Failure. MB IEs have been unexpectedly updated on the AP")
-    except Exception as e:
-        logger.info(e)
-        raise
-    finally:
-        fst_sta1.disconnect()
-        if external_sta_connected:
-            fst_module_aux.disconnect_external_sta(dev[0], ap2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, fst_sta1, fst_sta2)
-
-def test_fst_disconnect_fst_sta(dev, apdev, test_params):
-    """FST disconnect FST STA"""
-    ap1, ap2, fst_sta1, fst_sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    external_sta_connected = False
-    try:
-        vals = fst_sta1.scan(freq=fst_test_common.fst_test_def_freq_a)
-        fst_sta1.connect(ap1, key_mgmt="NONE",
-                         scan_freq=fst_test_common.fst_test_def_freq_a)
-        vals = dev[0].scan(None, fst_test_common.fst_test_def_freq_g)
-        fst_module_aux.external_sta_connect(dev[0], ap2, key_mgmt="NONE",
-                                            scan_freq=fst_test_common.fst_test_def_freq_g)
-        external_sta_connected = True
-        time.sleep(2)
-        fst_module_aux.disconnect_external_sta(dev[0], ap2)
-        external_sta_connected = False
-        time.sleep(2)
-        orig_ap_mbies = ap2.get_local_mbies()
-        fst_sta1.disconnect()
-        time.sleep(2)
-        res_ap_mbies = ap2.get_local_mbies()
-        if res_ap_mbies != orig_ap_mbies:
-            raise Exception("Failure. MB IEs have been unexpectedly updated on the AP")
-    except Exception as e:
-        logger.info(e)
-        raise
-    finally:
-        fst_sta1.disconnect()
-        if external_sta_connected:
-            fst_module_aux.disconnect_external_sta(dev[0], ap2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, fst_sta1, fst_sta2)
-
-def test_fst_dynamic_iface_attach(dev, apdev, test_params):
-    """FST dynamic interface attach"""
-    ap1 = fst_module_aux.FstAP(apdev[0]['ifname'], 'fst_11a', 'a',
-                               fst_test_common.fst_test_def_chan_a,
-                               fst_test_common.fst_test_def_group,
-                               fst_test_common.fst_test_def_prio_low,
-                               fst_test_common.fst_test_def_llt)
-    ap1.start()
-    ap2 = fst_module_aux.FstAP(apdev[1]['ifname'], 'fst_11g', 'b',
-                               fst_test_common.fst_test_def_chan_g,
-                               '', '', '')
-    ap2.start()
-
-    sta1 = fst_module_aux.FstSTA('wlan5',
-                                 fst_test_common.fst_test_def_group,
-                                 fst_test_common.fst_test_def_prio_low,
-                                 fst_test_common.fst_test_def_llt)
-    sta1.start()
-    sta2 = fst_module_aux.FstSTA('wlan6', '', '', '')
-    sta2.start()
-
-    try:
-        orig_sta2_mbies = sta2.get_local_mbies()
-        orig_ap2_mbies = ap2.get_local_mbies()
-        sta2.send_iface_attach_request(sta2.ifname(),
-                                       fst_test_common.fst_test_def_group,
-                                       '52', '27')
-        event = sta2.wait_for_iface_event(5)
-        if event['event_type'] != 'attached':
-            raise Exception("Failure. Iface was not properly attached")
-        ap2.send_iface_attach_request(ap2.ifname(),
-                                      fst_test_common.fst_test_def_group,
-                                      '102', '77')
-        event = ap2.wait_for_iface_event(5)
-        if event['event_type'] != 'attached':
-            raise Exception("Failure. Iface was not properly attached")
-        time.sleep(2)
-        res_sta2_mbies = sta2.get_local_mbies()
-        res_ap2_mbies = ap2.get_local_mbies()
-        sta2.send_iface_detach_request(sta2.ifname())
-        event = sta2.wait_for_iface_event(5)
-        if event['event_type'] != 'detached':
-            raise Exception("Failure. Iface was not properly detached")
-        ap2.send_iface_detach_request(ap2.ifname())
-        event = ap2.wait_for_iface_event(5)
-        if event['event_type'] != 'detached':
-            raise Exception("Failure. Iface was not properly detached")
-        if (not orig_sta2_mbies.startswith("FAIL") or
-            not orig_ap2_mbies.startswith("FAIL") or
-            res_sta2_mbies.startswith("FAIL") or
-            res_ap2_mbies.startswith("FAIL")):
-            raise Exception("Failure. MB IEs should have appeared on the station and on the AP")
-    except Exception as e:
-        logger.info(e)
-        raise
-    finally:
-        ap1.stop()
-        ap2.stop()
-        sta1.stop()
-        sta2.stop()
-
-# AP side FST module tests
-
-def test_fst_ap_start_session(dev, apdev, test_params):
-    """FST AP start session"""
-    fst_start_session(apdev, test_params, bad_param_none, True)
-
-def test_fst_ap_start_session_no_add_params(dev, apdev, test_params):
-    """FST AP start session - no add params"""
-    fst_start_session(apdev, test_params, bad_param_session_add_no_params, True)
-
-def test_fst_ap_start_session_bad_group_id(dev, apdev, test_params):
-    """FST AP start session - bad group id"""
-    fst_start_session(apdev, test_params, bad_param_group_id, True)
-
-def test_fst_ap_start_session_no_set_params(dev, apdev, test_params):
-    """FST AP start session - no set params"""
-    fst_start_session(apdev, test_params, bad_param_session_set_no_params, True)
-
-def test_fst_ap_start_session_set_unknown_param(dev, apdev, test_params):
-    """FST AP start session - set unknown param"""
-    fst_start_session(apdev, test_params, bad_param_session_set_unknown_param,
-                      True)
-
-def test_fst_ap_start_session_bad_session_id(dev, apdev, test_params):
-    """FST AP start session - bad session id"""
-    fst_start_session(apdev, test_params, bad_param_session_id, True)
-
-def test_fst_ap_start_session_bad_new_iface(dev, apdev, test_params):
-    """FST AP start session - bad new iface"""
-    fst_start_session(apdev, test_params, bad_param_new_iface, True)
-
-def test_fst_ap_start_session_bad_old_iface(dev, apdev, test_params):
-    """FST AP start session - bad old iface"""
-    fst_start_session(apdev, test_params, bad_param_old_iface, True)
-
-def test_fst_ap_start_session_negative_llt(dev, apdev, test_params):
-    """FST AP start session - negative llt"""
-    fst_start_session(apdev, test_params, bad_param_negative_llt, True)
-
-def test_fst_ap_start_session_zero_llt(dev, apdev, test_params):
-    """FST AP start session - zero llt"""
-    fst_start_session(apdev, test_params, bad_param_zero_llt, True)
-
-def test_fst_ap_start_session_llt_too_big(dev, apdev, test_params):
-    """FST AP start session - llt too large"""
-    fst_start_session(apdev, test_params, bad_param_llt_too_big, True)
-
-def test_fst_ap_start_session_invalid_peer_addr(dev, apdev, test_params):
-    """FST AP start session - invalid peer address"""
-    fst_start_session(apdev, test_params, bad_param_peer_addr, True,
-                      'GG:GG:GG:GG:GG:GG')
-
-def test_fst_ap_start_session_multicast_peer_addr(dev, apdev, test_params):
-    """FST AP start session - multicast peer address"""
-    fst_start_session(apdev, test_params, bad_param_peer_addr, True,
-                      '01:00:11:22:33:44')
-
-def test_fst_ap_start_session_broadcast_peer_addr(dev, apdev, test_params):
-    """FST AP start session - broadcast peer address"""
-    fst_start_session(apdev, test_params, bad_param_peer_addr, True,
-                      'FF:FF:FF:FF:FF:FF')
-
-def test_fst_ap_initiate_session(dev, apdev, test_params):
-    """FST AP initiate session"""
-    fst_initiate_session(apdev, test_params, bad_param_none, True)
-
-def test_fst_ap_initiate_session_no_params(dev, apdev, test_params):
-    """FST AP initiate session - no params"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_no_params, True)
-
-def test_fst_ap_initiate_session_invalid_session_id(dev, apdev, test_params):
-    """FST AP initiate session - invalid session id"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_bad_session_id, True)
-
-def test_fst_ap_initiate_session_no_new_iface(dev, apdev, test_params):
-    """FST AP initiate session - no new iface"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_with_no_new_iface_set, True)
-
-def test_fst_ap_initiate_session_bad_peer_addr(dev, apdev, test_params):
-    """FST AP initiate session - bad peer address"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_with_bad_peer_addr_set,
-                         True)
-
-def test_fst_ap_initiate_session_request_with_bad_stie(dev, apdev, test_params):
-    """FST AP initiate session - request with bad stie"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_request_with_bad_stie, True)
-
-def test_fst_ap_initiate_session_response_with_reject(dev, apdev, test_params):
-    """FST AP initiate session - response with reject"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_response_with_reject, True)
-
-def test_fst_ap_initiate_session_response_with_bad_stie(dev, apdev,
-                                                        test_params):
-    """FST AP initiate session - response with bad stie"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_response_with_bad_stie,
-                         True)
-
-def test_fst_ap_initiate_session_response_with_zero_llt(dev, apdev,
-                                                        test_params):
-    """FST AP initiate session - zero llt"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_response_with_zero_llt,
-                         True)
-
-def test_fst_ap_initiate_session_stt_no_response(dev, apdev, test_params):
-    """FST AP initiate session - stt no response"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_stt_no_response, True)
-
-def test_fst_ap_initiate_session_concurrent_setup_request(dev, apdev,
-                                                          test_params):
-    """FST AP initiate session - concurrent setup request"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_concurrent_setup_request,
-                         True)
-
-def test_fst_ap_session_request_with_no_session(dev, apdev, test_params):
-    """FST AP session request with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_session_request,
-                              True)
-
-def test_fst_ap_session_response_accept_with_no_session(dev, apdev,
-                                                        test_params):
-    """FST AP session response accept with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_session_response,
-                              True, "accept")
-
-def test_fst_ap_session_response_reject_with_no_session(dev, apdev,
-                                                        test_params):
-    """FST AP session response reject with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_session_response,
-                              True, "reject")
-
-def test_fst_ap_ack_request_with_no_session(dev, apdev, test_params):
-    """FST AP ack request with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_ack_request, True)
-
-def test_fst_ap_ack_response_with_no_session(dev, apdev, test_params):
-    """FST AP ack response with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_ack_response, True)
-
-def test_fst_ap_tear_down_response_with_no_session(dev, apdev, test_params):
-    """FST AP tear down response with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_tear_down, True)
-
-def test_fst_ap_transfer_session(dev, apdev, test_params):
-    """FST AP transfer session"""
-    fst_transfer_session(apdev, test_params, bad_param_none, True)
-
-def test_fst_ap_transfer_session_no_params(dev, apdev, test_params):
-    """FST AP transfer session - no params"""
-    fst_transfer_session(apdev, test_params,
-                         bad_param_session_transfer_no_params, True)
-
-def test_fst_ap_transfer_session_bad_session_id(dev, apdev, test_params):
-    """FST AP transfer session - bad session id"""
-    fst_transfer_session(apdev, test_params,
-                         bad_param_session_transfer_bad_session_id, True)
-
-def test_fst_ap_transfer_session_setup_skipped(dev, apdev, test_params):
-    """FST AP transfer session - setup skipped"""
-    fst_transfer_session(apdev, test_params,
-                         bad_param_session_transfer_setup_skipped, True)
-
-def test_fst_ap_ack_request_with_session_not_set_up(dev, apdev, test_params):
-    """FST AP ack request with session not set up"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_req_session_not_set_up, True)
-
-def test_fst_ap_ack_request_with_session_not_established_init_side(dev, apdev,
-                                                                   test_params):
-    """FST AP ack request with session not established init side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_req_session_not_established_init_side,
-                     True)
-
-def test_fst_ap_ack_request_with_session_not_established_resp_side(dev, apdev,
-                                                                   test_params):
-    """FST AP ack request with session not established resp side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_req_session_not_established_resp_side,
-                     True)
-
-def test_fst_ap_ack_request_with_bad_fsts_id(dev, apdev, test_params):
-    """FST AP ack request with bad fsts id"""
-    fst_bad_transfer(apdev, test_params, bad_scenario_ack_req_bad_fsts_id, True)
-
-def test_fst_ap_ack_response_with_session_not_set_up(dev, apdev, test_params):
-    """FST AP ack response with session not set up"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_resp_session_not_set_up, True)
-
-def test_fst_ap_ack_response_with_session_not_established_init_side(dev, apdev, test_params):
-    """FST AP ack response with session not established init side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_resp_session_not_established_init_side,
-                     True)
-
-def test_fst_ap_ack_response_with_session_not_established_resp_side(dev, apdev, test_params):
-    """FST AP ack response with session not established resp side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_resp_session_not_established_resp_side,
-                     True)
-
-def test_fst_ap_ack_response_with_no_ack_request(dev, apdev, test_params):
-    """FST AP ack response with no ack request"""
-    fst_bad_transfer(apdev, test_params, bad_scenario_ack_resp_no_ack_req, True)
-
-def test_fst_ap_tear_down_session(dev, apdev, test_params):
-    """FST AP tear down session"""
-    fst_tear_down_session(apdev, test_params, bad_param_none, True)
-
-def test_fst_ap_tear_down_session_no_params(dev, apdev, test_params):
-    """FST AP tear down session - no params"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_no_params, True)
-
-def test_fst_ap_tear_down_session_bad_session_id(dev, apdev, test_params):
-    """FST AP tear down session - bad session id"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_bad_session_id, True)
-
-def test_fst_ap_tear_down_session_setup_skipped(dev, apdev, test_params):
-    """FST AP tear down session - setup skipped"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_setup_skipped, True)
-
-def test_fst_ap_tear_down_session_bad_fsts_id(dev, apdev, test_params):
-    """FST AP tear down session - bad fsts id"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_bad_fsts_id, True)
-
-def test_fst_ap_remove_session_not_established(dev, apdev, test_params):
-    """FST AP remove session - not established"""
-    fst_remove_session(apdev, test_params,
-                       remove_scenario_non_established_session, True)
-
-def test_fst_ap_remove_session_established(dev, apdev, test_params):
-    """FST AP remove session - established"""
-    fst_remove_session(apdev, test_params,
-                       remove_scenario_established_session, True)
-
-def test_fst_ap_remove_session_no_params(dev, apdev, test_params):
-    """FST AP remove session - no params"""
-    fst_remove_session(apdev, test_params, remove_scenario_no_params, True)
-
-def test_fst_ap_remove_session_bad_session_id(dev, apdev, test_params):
-    """FST AP remove session - bad session id"""
-    fst_remove_session(apdev, test_params, remove_scenario_bad_session_id, True)
-
-def test_fst_ap_ctrl_iface(dev, apdev, test_params):
-    """FST control interface behavior"""
-    hglobal = hostapd.HostapdGlobal()
-    start_num_groups = 0
-    res = hglobal.request("FST-MANAGER LIST_GROUPS")
-    del hglobal
-    if "FAIL" not in res:
-        start_num_groups = len(res.splitlines())
-
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        initiator = ap1
-        responder = sta1
-        initiator.add_peer(responder, None)
-        initiator.set_fst_parameters(group_id=None)
-        sid = initiator.add_session()
-        res = initiator.get_session_params(sid)
-        logger.info("Initial session params:\n" + str(res))
-        if res['state'] != 'INITIAL':
-            raise Exception("Unexpected state: " + res['state'])
-        initiator.set_fst_parameters(llt=None)
-        initiator.configure_session(sid, ap2.ifname(), None)
-        res = initiator.get_session_params(sid)
-        logger.info("Session params after configuration:\n" + str(res))
-        res = initiator.iface_peers(initiator.ifname())
-        logger.info("Interface peers: " + str(res))
-        if len(res) != 1:
-            raise Exception("Unexpected number of peers")
-        res = initiator.get_peer_mbies(initiator.ifname(),
-                                       initiator.get_new_peer_addr())
-        logger.info("Peer MB IEs: " + str(res))
-        res = initiator.list_ifaces()
-        logger.info("Interfaces: " + str(res))
-        if len(res) != 2:
-            raise Exception("Unexpected number of interfaces")
-        res = initiator.list_groups()
-        logger.info("Groups: " + str(res))
-        if len(res) != 1 + start_num_groups:
-            raise Exception("Unexpected number of groups")
-
-        tests = ["LIST_IFACES unknown",
-                 "LIST_IFACES     unknown2",
-                 "SESSION_GET 12345678",
-                 "SESSION_SET " + sid + " unknown=foo",
-                 "SESSION_RESPOND 12345678 foo",
-                 "SESSION_RESPOND " + sid,
-                 "SESSION_RESPOND " + sid + " foo",
-                 "TEST_REQUEST foo",
-                 "TEST_REQUEST SEND_SETUP_REQUEST",
-                 "TEST_REQUEST SEND_SETUP_REQUEST foo",
-                 "TEST_REQUEST SEND_SETUP_RESPONSE",
-                 "TEST_REQUEST SEND_SETUP_RESPONSE foo",
-                 "TEST_REQUEST SEND_ACK_REQUEST",
-                 "TEST_REQUEST SEND_ACK_REQUEST foo",
-                 "TEST_REQUEST SEND_ACK_RESPONSE",
-                 "TEST_REQUEST SEND_ACK_RESPONSE foo",
-                 "TEST_REQUEST SEND_TEAR_DOWN",
-                 "TEST_REQUEST SEND_TEAR_DOWN foo",
-                 "TEST_REQUEST GET_FSTS_ID",
-                 "TEST_REQUEST GET_FSTS_ID foo",
-                 "TEST_REQUEST GET_LOCAL_MBIES",
-                 "TEST_REQUEST GET_LOCAL_MBIES foo",
-                 "GET_PEER_MBIES",
-                 "GET_PEER_MBIES ",
-                 "GET_PEER_MBIES unknown",
-                 "GET_PEER_MBIES unknown unknown",
-                 "GET_PEER_MBIES unknown  " + initiator.get_new_peer_addr(),
-                 "GET_PEER_MBIES " + initiator.ifname() + " 01:ff:ff:ff:ff:ff",
-                 "GET_PEER_MBIES " + initiator.ifname() + " 00:ff:ff:ff:ff:ff",
-                 "GET_PEER_MBIES " + initiator.ifname() + " 00:00:00:00:00:00",
-                 "IFACE_PEERS",
-                 "IFACE_PEERS ",
-                 "IFACE_PEERS unknown",
-                 "IFACE_PEERS unknown unknown",
-                 "IFACE_PEERS " + initiator.fst_group,
-                 "IFACE_PEERS " + initiator.fst_group + " unknown"]
-        for t in tests:
-            if "FAIL" not in initiator.grequest("FST-MANAGER " + t):
-                raise Exception("Unexpected response for invalid FST-MANAGER command " + t)
-        if "UNKNOWN FST COMMAND" not in initiator.grequest("FST-MANAGER unknown"):
-            raise Exception("Unexpected response for unknown FST-MANAGER command")
-
-        tests = ["FST-DETACH", "FST-DETACH ", "FST-DETACH unknown",
-                 "FST-ATTACH", "FST-ATTACH ", "FST-ATTACH unknown",
-                 "FST-ATTACH unknown unknown"]
-        for t in tests:
-            if "FAIL" not in initiator.grequest(t):
-                raise Exception("Unexpected response for invalid command " + t)
-
-        try:
-            # Trying to add same interface again needs to fail.
-            ap1.send_iface_attach_request(ap1.iface, ap1.fst_group,
-                                          ap1.fst_llt, ap1.fst_pri)
-            raise Exception("Duplicate FST-ATTACH succeeded")
-        except Exception as e:
-            if not str(e).startswith("Cannot attach"):
-                raise
-
-        try:
-            ap1.get_fsts_id_by_sid("123")
-        except Exception as e:
-            if not str(e).startswith("Cannot get fsts_id for sid"):
-                raise
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_ap_start_session_oom(dev, apdev, test_params):
-    """FST AP setup failing due to OOM"""
-    ap1 = fst_module_aux.FstAP(apdev[0]['ifname'], 'fst_11a', 'a',
-                               fst_test_common.fst_test_def_chan_a,
-                               fst_test_common.fst_test_def_group,
-                               fst_test_common.fst_test_def_prio_low,
-                               fst_test_common.fst_test_def_llt)
-    ap1.start()
-    try:
-        run_fst_ap_start_session_oom(apdev, ap1)
-    finally:
-        ap1.stop()
-        fst_test_common.fst_clear_regdom()
-
-def run_fst_ap_start_session_oom(apdev, ap1):
-    with alloc_fail(ap1, 1, "fst_iface_create"):
-        ap2_started = False
-        try:
-            ap2 = fst_module_aux.FstAP(apdev[1]['ifname'], 'fst_11g', 'b',
-                                       fst_test_common.fst_test_def_chan_g,
-                                       fst_test_common.fst_test_def_group,
-                                       fst_test_common.fst_test_def_prio_high,
-                                       fst_test_common.fst_test_def_llt)
-            try:
-                # This will fail in fst_iface_create() OOM
-                ap2.start()
-            except:
-                pass
-        finally:
-            try:
-                ap2.stop()
-            except:
-                pass
-
-# STA side FST module tests
-
-def test_fst_sta_start_session(dev, apdev, test_params):
-    """FST STA start session"""
-    fst_start_session(apdev, test_params, bad_param_none, False)
-
-def test_fst_sta_start_session_no_add_params(dev, apdev, test_params):
-    """FST STA start session - no add params"""
-    fst_start_session(apdev, test_params, bad_param_session_add_no_params,
-                      False)
-
-def test_fst_sta_start_session_bad_group_id(dev, apdev, test_params):
-    """FST STA start session - bad group id"""
-    fst_start_session(apdev, test_params, bad_param_group_id, False)
-
-def test_fst_sta_start_session_no_set_params(dev, apdev, test_params):
-    """FST STA start session - no set params"""
-    fst_start_session(apdev, test_params, bad_param_session_set_no_params,
-                      False)
-
-def test_fst_sta_start_session_set_unknown_param(dev, apdev, test_params):
-    """FST STA start session - set unknown param"""
-    fst_start_session(apdev, test_params, bad_param_session_set_unknown_param,
-                      False)
-
-def test_fst_sta_start_session_bad_session_id(dev, apdev, test_params):
-    """FST STA start session - bad session id"""
-    fst_start_session(apdev, test_params, bad_param_session_id, False)
-
-def test_fst_sta_start_session_bad_new_iface(dev, apdev, test_params):
-    """FST STA start session - bad new iface"""
-    fst_start_session(apdev, test_params, bad_param_new_iface, False)
-
-def test_fst_sta_start_session_bad_old_iface(dev, apdev, test_params):
-    """FST STA start session - bad old iface"""
-    fst_start_session(apdev, test_params, bad_param_old_iface, False)
-
-def test_fst_sta_start_session_negative_llt(dev, apdev, test_params):
-    """FST STA start session - negative llt"""
-    fst_start_session(apdev, test_params, bad_param_negative_llt, False)
-
-def test_fst_sta_start_session_zero_llt(dev, apdev, test_params):
-    """FST STA start session - zero llt"""
-    fst_start_session(apdev, test_params, bad_param_zero_llt, False)
-
-def test_fst_sta_start_session_llt_too_big(dev, apdev, test_params):
-    """FST STA start session - llt too large"""
-    fst_start_session(apdev, test_params, bad_param_llt_too_big, False)
-
-def test_fst_sta_start_session_invalid_peer_addr(dev, apdev, test_params):
-    """FST STA start session - invalid peer address"""
-    fst_start_session(apdev, test_params, bad_param_peer_addr, False,
-                      'GG:GG:GG:GG:GG:GG')
-
-def test_fst_sta_start_session_multicast_peer_addr(dev, apdev, test_params):
-    """FST STA start session - multicast peer address"""
-    fst_start_session(apdev, test_params, bad_param_peer_addr, False,
-                      '11:00:11:22:33:44')
-
-def test_fst_sta_start_session_broadcast_peer_addr(dev, apdev, test_params):
-    """FST STA start session - broadcast peer addr"""
-    fst_start_session(apdev, test_params, bad_param_peer_addr, False,
-                      'FF:FF:FF:FF:FF:FF')
-
-def test_fst_sta_initiate_session(dev, apdev, test_params):
-    """FST STA initiate session"""
-    fst_initiate_session(apdev, test_params, bad_param_none, False)
-
-def test_fst_sta_initiate_session_no_params(dev, apdev, test_params):
-    """FST STA initiate session - no params"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_no_params, False)
-
-def test_fst_sta_initiate_session_invalid_session_id(dev, apdev, test_params):
-    """FST STA initiate session - invalid session id"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_bad_session_id, False)
-
-def test_fst_sta_initiate_session_no_new_iface(dev, apdev, test_params):
-    """FST STA initiate session - no new iface"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_with_no_new_iface_set,
-                         False)
-
-def test_fst_sta_initiate_session_bad_peer_addr(dev, apdev, test_params):
-    """FST STA initiate session - bad peer address"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_with_bad_peer_addr_set,
-                         False)
-
-def test_fst_sta_initiate_session_request_with_bad_stie(dev, apdev,
-                                                        test_params):
-    """FST STA initiate session - request with bad stie"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_request_with_bad_stie,
-                         False)
-
-def test_fst_sta_initiate_session_response_with_reject(dev, apdev, test_params):
-    """FST STA initiate session - response with reject"""
-    fst_initiate_session(apdev, test_params, bad_param_session_initiate_response_with_reject, False)
-
-def test_fst_sta_initiate_session_response_with_bad_stie(dev, apdev, test_params):
-    """FST STA initiate session - response with bad stie"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_response_with_bad_stie,
-                         False)
-
-def test_fst_sta_initiate_session_response_with_zero_llt(dev, apdev,
-                                                         test_params):
-    """FST STA initiate session - response with zero llt"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_response_with_zero_llt,
-                         False)
-
-def test_fst_sta_initiate_session_stt_no_response(dev, apdev, test_params):
-    """FST STA initiate session - stt no response"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_stt_no_response, False)
-
-def test_fst_sta_initiate_session_concurrent_setup_request(dev, apdev,
-                                                           test_params):
-    """FST STA initiate session - concurrent setup request"""
-    fst_initiate_session(apdev, test_params,
-                         bad_param_session_initiate_concurrent_setup_request,
-                         False)
-
-def test_fst_sta_session_request_with_no_session(dev, apdev, test_params):
-    """FST STA session request with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_session_request,
-                              False)
-
-def test_fst_sta_session_response_accept_with_no_session(dev, apdev,
-                                                         test_params):
-    """FST STA session response accept with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_session_response,
-                              False, "accept")
-
-def test_fst_sta_session_response_reject_with_no_session(dev, apdev,
-                                                         test_params):
-    """FST STA session response reject with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_session_response,
-                              False, "reject")
-
-def test_fst_sta_ack_request_with_no_session(dev, apdev, test_params):
-    """FST STA ack request with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_ack_request, False)
-
-def test_fst_sta_ack_response_with_no_session(dev, apdev, test_params):
-    """FST STA ack response with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_ack_response,
-                              False)
-
-def test_fst_sta_tear_down_response_with_no_session(dev, apdev, test_params):
-    """FST STA tear down response with no session"""
-    fst_send_unexpected_frame(apdev, test_params, frame_type_tear_down, False)
-
-def test_fst_sta_transfer_session(dev, apdev, test_params):
-    """FST STA transfer session"""
-    fst_transfer_session(apdev, test_params, bad_param_none, False)
-
-def test_fst_sta_transfer_session_no_params(dev, apdev, test_params):
-    """FST STA transfer session - no params"""
-    fst_transfer_session(apdev, test_params,
-                         bad_param_session_transfer_no_params, False)
-
-def test_fst_sta_transfer_session_bad_session_id(dev, apdev, test_params):
-    """FST STA transfer session - bad session id"""
-    fst_transfer_session(apdev, test_params,
-                         bad_param_session_transfer_bad_session_id, False)
-
-def test_fst_sta_transfer_session_setup_skipped(dev, apdev, test_params):
-    """FST STA transfer session - setup skipped"""
-    fst_transfer_session(apdev, test_params,
-                         bad_param_session_transfer_setup_skipped, False)
-
-def test_fst_sta_ack_request_with_session_not_set_up(dev, apdev, test_params):
-    """FST STA ack request with session not set up"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_req_session_not_set_up, False)
-
-def test_fst_sta_ack_request_with_session_not_established_init_side(dev, apdev, test_params):
-    """FST STA ack request with session not established init side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_req_session_not_established_init_side,
-                     False)
-
-def test_fst_sta_ack_request_with_session_not_established_resp_side(dev, apdev, test_params):
-    """FST STA ack request with session not established resp side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_req_session_not_established_resp_side,
-                     False)
-
-def test_fst_sta_ack_request_with_bad_fsts_id(dev, apdev, test_params):
-    """FST STA ack request with bad fsts id"""
-    fst_bad_transfer(apdev, test_params, bad_scenario_ack_req_bad_fsts_id,
-                     False)
-
-def test_fst_sta_ack_response_with_session_not_set_up(dev, apdev, test_params):
-    """FST STA ack response with session not set up"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_resp_session_not_set_up, False)
-
-def test_fst_sta_ack_response_with_session_not_established_init_side(dev, apdev, test_params):
-    """FST STA ack response with session not established init side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_resp_session_not_established_init_side,
-                     False)
-
-def test_fst_sta_ack_response_with_session_not_established_resp_side(dev, apdev, test_params):
-    """FST STA ack response with session not established resp side"""
-    fst_bad_transfer(apdev, test_params,
-                     bad_scenario_ack_resp_session_not_established_resp_side,
-                     False)
-
-def test_fst_sta_ack_response_with_no_ack_request(dev, apdev, test_params):
-    """FST STA ack response with no ack request"""
-    fst_bad_transfer(apdev, test_params, bad_scenario_ack_resp_no_ack_req,
-                     False)
-
-def test_fst_sta_tear_down_session(dev, apdev, test_params):
-    """FST STA tear down session"""
-    fst_tear_down_session(apdev, test_params, bad_param_none, False)
-
-def test_fst_sta_tear_down_session_no_params(dev, apdev, test_params):
-    """FST STA tear down session - no params"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_no_params, False)
-
-def test_fst_sta_tear_down_session_bad_session_id(dev, apdev, test_params):
-    """FST STA tear down session - bad session id"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_bad_session_id, False)
-
-def test_fst_sta_tear_down_session_setup_skipped(dev, apdev, test_params):
-    """FST STA tear down session - setup skipped"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_setup_skipped, False)
-
-def test_fst_sta_tear_down_session_bad_fsts_id(dev, apdev, test_params):
-    """FST STA tear down session - bad fsts id"""
-    fst_tear_down_session(apdev, test_params,
-                          bad_param_session_teardown_bad_fsts_id, False)
-
-def test_fst_sta_remove_session_not_established(dev, apdev, test_params):
-    """FST STA tear down session - not established"""
-    fst_remove_session(apdev, test_params,
-                       remove_scenario_non_established_session, False)
-
-def test_fst_sta_remove_session_established(dev, apdev, test_params):
-    """FST STA remove session - established"""
-    fst_remove_session(apdev, test_params,
-                       remove_scenario_established_session, False)
-
-def test_fst_sta_remove_session_no_params(dev, apdev, test_params):
-    """FST STA remove session - no params"""
-    fst_remove_session(apdev, test_params, remove_scenario_no_params, False)
-
-def test_fst_sta_remove_session_bad_session_id(dev, apdev, test_params):
-    """FST STA remove session - bad session id"""
-    fst_remove_session(apdev, test_params, remove_scenario_bad_session_id,
-                       False)
-
-def test_fst_rsn_ap_transfer_session(dev, apdev, test_params):
-    """FST RSN AP transfer session"""
-    fst_transfer_session(apdev, test_params, bad_param_none, True, rsn=True)
-
-MGMT_SUBTYPE_ACTION = 13
-ACTION_CATEG_FST = 18
-FST_ACTION_SETUP_REQUEST = 0
-FST_ACTION_SETUP_RESPONSE = 1
-FST_ACTION_TEAR_DOWN = 2
-FST_ACTION_ACK_REQUEST = 3
-FST_ACTION_ACK_RESPONSE = 4
-FST_ACTION_ON_CHANNEL_TUNNEL = 5
-
-def hostapd_tx_and_status(hapd, msg):
-    hapd.set("ext_mgmt_frame_handling", "1")
-    hapd.mgmt_tx(msg)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=1)
-    if ev is None or "ok=1" not in ev:
-        raise Exception("No ACK")
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-def test_fst_proto(dev, apdev, test_params):
-    """FST protocol testing"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        hapd = ap1.get_instance()
-        sta = sta1.get_instance()
-        dst = sta.own_addr()
-        src = apdev[0]['bssid']
-
-        msg = {}
-        msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-        msg['da'] = dst
-        msg['sa'] = src
-        msg['bssid'] = src
-
-        # unknown FST Action (255) received!
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST, 255)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Request dropped: too short
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Request dropped: invalid STIE (EID)
-        msg['payload'] = struct.pack("<BBBLBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST, 0, 0,
-                                     163, 11, 0, 0, 0, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Request dropped: invalid STIE (Len)
-        msg['payload'] = struct.pack("<BBBLBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST, 0, 0,
-                                     164, 10, 0, 0, 0, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Request dropped: new and old band IDs are the same
-        msg['payload'] = struct.pack("<BBBLBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST, 0, 0,
-                                     164, 11, 0, 0, 0, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        ifaces = sta1.list_ifaces()
-        id = int(ifaces[0]['name'].split('|')[1])
-        # FST Request dropped: new iface not found (new_band_id mismatch)
-        msg['payload'] = struct.pack("<BBBLBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST, 0, 0,
-                                     164, 11, 0, 0, id + 1, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Action 'Setup Response' dropped: no session in progress found
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE)
-        hostapd_tx_and_status(hapd, msg)
-
-        # Create session
-        initiator = ap1
-        responder = sta1
-        new_iface = ap2.ifname()
-        new_peer_addr = ap2.get_actual_peer_addr()
-        resp_newif = sta2.ifname()
-        peeraddr = None
-        initiator.add_peer(responder, peeraddr, new_peer_addr)
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        initiator.initiate_session(sid, "accept")
-
-        # FST Response dropped due to wrong state: SETUP_COMPLETION
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE)
-        hostapd_tx_and_status(hapd, msg)
-
-        # Too short FST Tear Down dropped
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_TEAR_DOWN)
-        hostapd_tx_and_status(hapd, msg)
-
-        # tear down for wrong FST Setup ID (0)
-        msg['payload'] = struct.pack("<BBL", ACTION_CATEG_FST,
-                                     FST_ACTION_TEAR_DOWN, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # Ack received on wrong interface
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_ACK_REQUEST)
-        hostapd_tx_and_status(hapd, msg)
-
-        # Ack Response in inappropriate session state (SETUP_COMPLETION)
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_ACK_RESPONSE)
-        hostapd_tx_and_status(hapd, msg)
-
-        # Unsupported FST Action frame (On channel tunnel)
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_ON_CHANNEL_TUNNEL)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Request dropped: new iface not found (new_band_id match)
-        # FST Request dropped due to MAC comparison
-        msg['payload'] = struct.pack("<BBBLBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST, 0, 0,
-                                     164, 11, 0, 0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        hapd2 = ap2.get_instance()
-        dst2 = sta2.get_instance().own_addr()
-        src2 = apdev[1]['bssid']
-
-        msg2 = {}
-        msg2['fc'] = MGMT_SUBTYPE_ACTION << 4
-        msg2['da'] = dst2
-        msg2['sa'] = src2
-        msg2['bssid'] = src2
-        # FST Response dropped: wlan6 is not the old iface
-        msg2['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                      FST_ACTION_SETUP_RESPONSE)
-        hostapd_tx_and_status(hapd2, msg2)
-
-        sta.dump_monitor()
-
-        group = ap1.fst_group
-        ap1.send_iface_detach_request(ap1.iface)
-
-        sta.flush_scan_cache()
-        sta.request("REASSOCIATE")
-        sta.wait_connected()
-
-        # FST Request dropped due to no interface connection
-        msg['payload'] = struct.pack("<BBBLBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_REQUEST, 0, 0,
-                                     164, 11, 0, 0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        try:
-            fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        except:
-            pass
-
-def test_fst_setup_response_proto(dev, apdev, test_params):
-    """FST protocol testing for Setup Response"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        hapd = ap1.get_instance()
-        sta = sta1.get_instance()
-        dst = sta.own_addr()
-        src = apdev[0]['bssid']
-
-        sta1.add_peer(ap1, None, sta2.get_actual_peer_addr())
-        sta1.set_fst_parameters(llt='0')
-        sid = sta1.add_session()
-        sta1.configure_session(sid, sta2.ifname())
-        sta1.initiate_session(sid, "")
-
-        msg = {}
-        msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-        msg['da'] = dst
-        msg['sa'] = src
-        msg['bssid'] = src
-
-        # Too short FST Response dropped
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Response dropped: invalid STIE (EID)
-        dialog_token = 1
-        status_code = 0
-        id = 0
-        msg['payload'] = struct.pack("<BBBBBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE, dialog_token,
-                                     status_code,
-                                     163, 11, 0, 0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Response dropped: invalid STIE (Len)
-        dialog_token = 1
-        status_code = 0
-        id = 0
-        msg['payload'] = struct.pack("<BBBBBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE, dialog_token,
-                                     status_code,
-                                     164, 10, 0, 0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Response dropped due to wrong dialog token
-        dialog_token = 123
-        status_code = 0
-        id = 0
-        msg['payload'] = struct.pack("<BBBBBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE, dialog_token,
-                                     status_code,
-                                     164, 11, 0, 0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Response dropped due to wrong FST Session ID
-        dialog_token = 1
-        status_code = 0
-        id = 1
-        msg['payload'] = struct.pack("<BBBBBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE, dialog_token,
-                                     status_code,
-                                     164, 11, int(sid) + 123456,
-                                     0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-
-        # FST Response with non-zero status code
-        dialog_token = 1
-        status_code = 1
-        id = 1
-        msg['payload'] = struct.pack("<BBBBBBLBBBBBBB", ACTION_CATEG_FST,
-                                     FST_ACTION_SETUP_RESPONSE, dialog_token,
-                                     status_code,
-                                     164, 11, int(sid), 0, id, 0, 0, 0, 0, 0)
-        hostapd_tx_and_status(hapd, msg)
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_ack_response_proto(dev, apdev, test_params):
-    """FST protocol testing for Ack Response"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        hapd = ap2.get_instance()
-        sta = sta2.get_instance()
-        dst = sta.own_addr()
-        src = apdev[1]['bssid']
-
-        sta1.add_peer(ap1, None, sta2.get_actual_peer_addr())
-        sta1.set_fst_parameters(llt='0')
-        sid = sta1.add_session()
-        sta1.configure_session(sid, sta2.ifname())
-
-        s = sta1.grequest("FST-MANAGER SESSION_INITIATE "+ sid)
-        if not s.startswith('OK'):
-            raise Exception("Cannot initiate fst session: %s" % s)
-        ev = sta1.peer_obj.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION received")
-        event = fst_module_aux.parse_fst_session_event(ev)
-        if event == None:
-            raise Exception("Unrecognized FST event: " % ev)
-        if event['type'] != 'EVENT_FST_SETUP':
-            raise Exception("Expected FST_SETUP event, got: " + event['type'])
-        ev = sta1.peer_obj.wait_gevent(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION received")
-        event = fst_module_aux.parse_fst_session_event(ev)
-        if event == None:
-            raise Exception("Unrecognized FST event: " % ev)
-        if event['type'] != 'EVENT_FST_SESSION_STATE':
-            raise Exception("Expected EVENT_FST_SESSION_STATE event, got: " + event['type'])
-        if event['new_state'] != "SETUP_COMPLETION":
-            raise Exception("Expected new state SETUP_COMPLETION, got: " + event['new_state'])
-
-        hapd.set("ext_mgmt_frame_handling", "1")
-        s = sta1.peer_obj.grequest("FST-MANAGER SESSION_RESPOND "+ event['id'] + " accept")
-        if not s.startswith('OK'):
-            raise Exception("Error session_respond: %s" % s)
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("No Ack Request seen")
-        msg = {}
-        msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-        msg['da'] = dst
-        msg['sa'] = src
-        msg['bssid'] = src
-
-        # Too short FST Ack Response dropped
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_FST,
-                                     FST_ACTION_ACK_RESPONSE)
-        hapd.mgmt_tx(msg)
-        ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=1)
-        if ev is None or "ok=1" not in ev:
-            raise Exception("No ACK")
-
-        # Ack Response for wrong FSt Setup ID
-        msg['payload'] = struct.pack("<BBBL", ACTION_CATEG_FST,
-                                     FST_ACTION_ACK_RESPONSE,
-                                     0, int(sid) + 123456)
-        hostapd_tx_and_status(hapd, msg)
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_ap_config_oom(dev, apdev, test_params):
-    """FST AP configuration and OOM"""
-    ap1 = fst_module_aux.FstAP(apdev[0]['ifname'], 'fst_11a', 'a',
-                               fst_test_common.fst_test_def_chan_a,
-                               fst_test_common.fst_test_def_group,
-                               fst_test_common.fst_test_def_prio_low)
-    hapd = ap1.start(return_early=True)
-    with alloc_fail(hapd, 1, "fst_group_create"):
-        res = ap1.grequest("FST-ATTACH %s %s" % (ap1.iface, ap1.fst_group))
-        if not res.startswith("FAIL"):
-            raise Exception("FST-ATTACH succeeded unexpectedly")
-
-    with alloc_fail(hapd, 1, "fst_iface_create"):
-        res = ap1.grequest("FST-ATTACH %s %s" % (ap1.iface, ap1.fst_group))
-        if not res.startswith("FAIL"):
-            raise Exception("FST-ATTACH succeeded unexpectedly")
-
-    with alloc_fail(hapd, 1, "fst_group_create_mb_ie"):
-        res = ap1.grequest("FST-ATTACH %s %s" % (ap1.iface, ap1.fst_group))
-        # This is allowed to complete currently
-
-    ap1.stop()
-    fst_test_common.fst_clear_regdom()
-
-def test_fst_send_oom(dev, apdev, test_params):
-    """FST send action OOM"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        hapd = ap1.get_instance()
-        sta = sta1.get_instance()
-        dst = sta.own_addr()
-        src = apdev[0]['bssid']
-
-        # Create session
-        initiator = ap1
-        responder = sta1
-        new_iface = ap2.ifname()
-        new_peer_addr = ap2.get_actual_peer_addr()
-        resp_newif = sta2.ifname()
-        peeraddr = None
-        initiator.add_peer(responder, peeraddr, new_peer_addr)
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        with alloc_fail(hapd, 1, "fst_session_send_action"):
-            res = initiator.grequest("FST-MANAGER SESSION_INITIATE " + sid)
-            if not res.startswith("FAIL"):
-                raise Exception("Unexpected SESSION_INITIATE result")
-
-        res = initiator.grequest("FST-MANAGER SESSION_INITIATE " + sid)
-        if not res.startswith("OK"):
-            raise Exception("SESSION_INITIATE failed")
-
-        tests = ["", "foo", sid, sid + " foo", sid + " foo=bar"]
-        for t in tests:
-            res = initiator.grequest("FST-MANAGER SESSION_SET " + t)
-            if not res.startswith("FAIL"):
-                raise Exception("Invalid SESSION_SET accepted")
-
-        with alloc_fail(hapd, 1, "fst_session_send_action"):
-            res = initiator.grequest("FST-MANAGER SESSION_TEARDOWN " + sid)
-            if not res.startswith("FAIL"):
-                raise Exception("Unexpected SESSION_TEARDOWN result")
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_session_oom(dev, apdev, test_params):
-    """FST session create OOM"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        hapd = ap1.get_instance()
-        sta = sta1.get_instance()
-        dst = sta.own_addr()
-        src = apdev[0]['bssid']
-
-        # Create session
-        initiator = ap1
-        responder = sta1
-        new_iface = ap2.ifname()
-        new_peer_addr = ap2.get_actual_peer_addr()
-        resp_newif = sta2.ifname()
-        peeraddr = None
-        initiator.add_peer(responder, peeraddr, new_peer_addr)
-        with alloc_fail(hapd, 1, "fst_session_create"):
-            sid = initiator.grequest("FST-MANAGER SESSION_ADD " + initiator.fst_group)
-            if not sid.startswith("FAIL"):
-                raise Exception("Unexpected SESSION_ADD success")
-        sid = initiator.add_session()
-        initiator.configure_session(sid, new_iface)
-        with alloc_fail(sta, 1, "fst_session_create"):
-            res = initiator.grequest("FST-MANAGER SESSION_INITIATE " + sid)
-            if not res.startswith("OK"):
-                raise Exception("Unexpected SESSION_INITIATE result")
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def test_fst_attach_zero_llt(dev, apdev):
-    """FST attach with llt=0"""
-    sta1 = fst_module_aux.FstSTA('wlan5', fst_test_common.fst_test_def_group,
-                                 "100", "0")
-    sta1.start()
-    sta1.stop()
-
-def test_fst_session_respond_fail(dev, apdev, test_params):
-    """FST-MANAGER SESSION_RESPOND failure"""
-    ap1, ap2, sta1, sta2 = fst_module_aux.start_two_ap_sta_pairs(apdev)
-    try:
-        fst_module_aux.connect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        sta1.add_peer(ap1, None, sta2.get_actual_peer_addr())
-        sid = sta1.add_session()
-        sta1.configure_session(sid, sta2.ifname())
-        sta1.send_session_setup_request(sid)
-        sta1.wait_for_session_event(5, [], ["EVENT_FST_SESSION_STATE"])
-        ev = ap1.wait_for_session_event(5, [], ['EVENT_FST_SETUP'])
-        if 'id' not in ev:
-            raise Exception("No session id in FST setup event")
-        # Disconnect STA to make SESSION_RESPOND fail due to no peer found
-        sta = sta1.get_instance()
-        sta.request("DISCONNECT")
-        sta.wait_disconnected()
-        req = "FST-MANAGER SESSION_RESPOND %s reject" % ev['id']
-        s = ap1.grequest(req)
-        if not s.startswith("FAIL"):
-            raise Exception("SESSION_RESPOND succeeded unexpectedly")
-    finally:
-        fst_module_aux.disconnect_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-        fst_module_aux.stop_two_ap_sta_pairs(ap1, ap2, sta1, sta2)
-
-def fst_session_set(dev, sid, param, value):
-    cmd = "FST-MANAGER SESSION_SET %s %s=%s" % (sid, param, value)
-    if "OK" not in dev.global_request(cmd):
-        raise Exception(cmd + " failed")
-
-def fst_session_set_ap(dev, sid, param, value):
-    cmd = "FST-MANAGER SESSION_SET %s %s=%s" % (sid, param, value)
-    if "OK" not in dev.request(cmd):
-        raise Exception(cmd + " failed")
-
-def fst_attach_ap(dev, ifname, group):
-    cmd = "FST-ATTACH %s %s" % (ifname, group)
-    if "OK" not in dev.request(cmd):
-        raise Exception("FST-ATTACH (AP) failed")
-    ev = dev.wait_event(['FST-EVENT-IFACE'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-IFACE attached (AP)")
-    for t in ["attached", "ifname=" + ifname, "group=" + group]:
-        if t not in ev:
-            raise Exception("Unexpected FST-EVENT-IFACE data (AP): " + ev)
-
-def fst_attach_sta(dev, ifname, group):
-    if "OK" not in dev.global_request("FST-ATTACH %s %s" % (ifname, group)):
-        raise Exception("FST-ATTACH (STA) failed")
-    ev = dev.wait_global_event(['FST-EVENT-IFACE'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-IFACE attached (STA)")
-    for t in ["attached", "ifname=" + ifname, "group=" + group]:
-        if t not in ev:
-            raise Exception("Unexpected FST-EVENT-IFACE data (STA): " + ev)
-
-def fst_detach_ap(dev, ifname, group):
-    if "OK" not in dev.request("FST-DETACH " + ifname):
-        raise Exception("FST-DETACH (AP) failed for " + ifname)
-    ev = dev.wait_event(['FST-EVENT-IFACE'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-IFACE detached (AP) for " + ifname)
-    for t in ["detached", "ifname=" + ifname, "group=" + group]:
-        if t not in ev:
-            raise Exception("Unexpected FST-EVENT-IFACE data (AP): " + ev)
-
-def fst_detach_sta(dev, ifname, group):
-    dev.dump_monitor()
-    if "OK" not in dev.global_request("FST-DETACH " + ifname):
-        raise Exception("FST-DETACH (STA) failed for " + ifname)
-    ev = dev.wait_global_event(['FST-EVENT-IFACE'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-IFACE detached (STA) for " + ifname)
-    for t in ["detached", "ifname=" + ifname, "group=" + group]:
-        if t not in ev:
-            raise Exception("Unexpected FST-EVENT-IFACE data (STA): " + ev)
-
-def fst_wait_event_peer_ap(dev, event, ifname, addr):
-    ev = dev.wait_event(['FST-EVENT-PEER'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-PEER connected (AP)")
-    for t in [" " + event + " ", "ifname=" + ifname, "peer_addr=" + addr]:
-        if t not in ev:
-            raise Exception("Unexpected FST-EVENT-PEER data (AP): " + ev)
-
-def fst_wait_event_peer_sta(dev, event, ifname, addr):
-    ev = dev.wait_global_event(['FST-EVENT-PEER'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-PEER connected (STA)")
-    for t in [" " + event + " ", "ifname=" + ifname, "peer_addr=" + addr]:
-        if t not in ev:
-            raise Exception("Unexpected FST-EVENT-PEER data (STA): " + ev)
-
-def fst_setup_req(dev, hglobal, freq, dst, req, stie, mbie="", no_wait=False):
-    act = req + stie + mbie
-    dev.request("MGMT_TX %s %s freq=%d action=%s" % (dst, dst, freq, act))
-    ev = dev.wait_event(['MGMT-TX-STATUS'], timeout=5)
-    if ev is None or "result=SUCCESS" not in ev:
-        raise Exception("FST Action frame not ACKed")
-
-    if no_wait:
-        return
-    while True:
-        ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (AP)")
-        if "new_state=SETUP_COMPLETION" in ev:
-            break
-
-def fst_start_and_connect(apdev, group, sgroup):
-    hglobal = hostapd.HostapdGlobal()
-    if "OK" not in hglobal.request("FST-MANAGER TEST_REQUEST IS_SUPPORTED"):
-        raise HwsimSkip("No FST testing support")
-
-    params = {"ssid": "fst_11a", "hw_mode": "a", "channel": "36",
-              "country_code": "US"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    fst_attach_ap(hglobal, apdev[0]['ifname'], group)
-
-    cmd = "FST-ATTACH %s %s" % (apdev[0]['ifname'], group)
-    if "FAIL" not in hglobal.request(cmd):
-        raise Exception("Duplicated FST-ATTACH (AP) accepted")
-
-    params = {"ssid": "fst_11g", "hw_mode": "g", "channel": "1",
-              "country_code": "US"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    fst_attach_ap(hglobal, apdev[1]['ifname'], group)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    fst_attach_sta(wpas, wpas.ifname, sgroup)
-
-    wpas.interface_add("wlan6", set_ifname=False)
-    wpas2 = WpaSupplicant(ifname="wlan6")
-    fst_attach_sta(wpas, wpas2.ifname, sgroup)
-
-    wpas.connect("fst_11a", key_mgmt="NONE", scan_freq="5180",
-                 wait_connect=False)
-    wpas.wait_connected()
-
-    fst_wait_event_peer_sta(wpas, "connected", wpas.ifname, apdev[0]['bssid'])
-    fst_wait_event_peer_ap(hglobal, "connected", apdev[0]['ifname'],
-                           wpas.own_addr())
-
-    wpas2.connect("fst_11g", key_mgmt="NONE", scan_freq="2412",
-                  wait_connect=False)
-    wpas2.wait_connected()
-
-    fst_wait_event_peer_sta(wpas, "connected", wpas2.ifname, apdev[1]['bssid'])
-    fst_wait_event_peer_ap(hglobal, "connected", apdev[1]['ifname'],
-                           wpas2.own_addr())
-    return hglobal, wpas, wpas2, hapd, hapd2
-
-def test_fst_test_setup(dev, apdev, test_params):
-    """FST setup using separate commands"""
-    try:
-        _test_fst_test_setup(dev, apdev, test_params)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_fst_test_setup(dev, apdev, test_params):
-    group = "fstg0b"
-    sgroup = "fstg1b"
-    hglobal, wpas, wpas2, hapd, hapd2 = fst_start_and_connect(apdev, group, sgroup)
-
-    sid = wpas.global_request("FST-MANAGER SESSION_ADD " + sgroup).strip()
-    if "FAIL" in sid:
-        raise Exception("FST-MANAGER SESSION_ADD (STA) failed")
-
-    fst_session_set(wpas, sid, "old_ifname", wpas.ifname)
-    fst_session_set(wpas, sid, "old_peer_addr", apdev[0]['bssid'])
-    fst_session_set(wpas, sid, "new_ifname", wpas2.ifname)
-    fst_session_set(wpas, sid, "new_peer_addr", apdev[1]['bssid'])
-
-    if "OK" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("FST-MANAGER SESSION_INITIATE failed")
-
-    while True:
-        ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (AP)")
-        if "new_state=SETUP_COMPLETION" in ev:
-            f = re.search("session_id=(\d+)", ev)
-            if f is None:
-                raise Exception("No session_id in FST-EVENT-SESSION")
-            sid_ap = f.group(1)
-            cmd = "FST-MANAGER SESSION_RESPOND %s accept" % sid_ap
-            if "OK" not in hglobal.request(cmd):
-                raise Exception("FST-MANAGER SESSION_RESPOND failed on AP")
-            break
-
-    ev = wpas.wait_global_event(["FST-EVENT-SESSION"], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-SESSION")
-    if "new_state=SETUP_COMPLETION" not in ev:
-        raise Exception("Unexpected FST-EVENT-SESSION data: " + ev)
-
-    ev = wpas.wait_global_event(["FST-EVENT-SESSION"], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-SESSION")
-    if "event_type=EVENT_FST_ESTABLISHED" not in ev:
-        raise Exception("Unexpected FST-EVENT-SESSION data: " + ev)
-
-    cmd = "FST-MANAGER SESSION_REMOVE " + sid
-    if "OK" not in wpas.global_request(cmd):
-        raise Exception("FST-MANAGER SESSION_REMOVE failed")
-    ev = wpas.wait_global_event(["FST-EVENT-SESSION"], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-SESSION")
-    if "new_state=INITIAL" not in ev:
-        raise Exception("Unexpected FST-EVENT-SESSION data (STA): " + ev)
-
-    ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-    if ev is None:
-        raise Exception("No FST-EVENT-SESSION (AP)")
-    if "new_state=INITIAL" not in ev:
-        raise Exception("Unexpected FST-EVENT-SESSION data (AP): " + ev)
-
-    if "FAIL" not in wpas.global_request(cmd):
-        raise Exception("Duplicated FST-MANAGER SESSION_REMOVE accepted")
-
-    hglobal.request("FST-MANAGER SESSION_REMOVE " + sid_ap)
-
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    fst_wait_event_peer_sta(wpas, "disconnected", wpas.ifname,
-                            apdev[0]['bssid'])
-    fst_wait_event_peer_ap(hglobal, "disconnected", apdev[0]['ifname'],
-                           wpas.own_addr())
-
-    wpas2.request("DISCONNECT")
-    wpas2.wait_disconnected()
-    fst_wait_event_peer_sta(wpas, "disconnected", wpas2.ifname,
-                            apdev[1]['bssid'])
-    fst_wait_event_peer_ap(hglobal, "disconnected", apdev[1]['ifname'],
-                           wpas2.own_addr())
-
-    fst_detach_ap(hglobal, apdev[0]['ifname'], group)
-    if "FAIL" not in hglobal.request("FST-DETACH " + apdev[0]['ifname']):
-        raise Exception("Duplicated FST-DETACH (AP) accepted")
-    hapd.disable()
-
-    fst_detach_ap(hglobal, apdev[1]['ifname'], group)
-    hapd2.disable()
-
-    fst_detach_sta(wpas, wpas.ifname, sgroup)
-    fst_detach_sta(wpas, wpas2.ifname, sgroup)
-
-def test_fst_setup_mbie_diff(dev, apdev, test_params):
-    """FST setup and different MBIE in FST Setup Request"""
-    try:
-        _test_fst_setup_mbie_diff(dev, apdev, test_params)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_fst_setup_mbie_diff(dev, apdev, test_params):
-    group = "fstg0c"
-    sgroup = "fstg1c"
-    hglobal, wpas, wpas2, hapd, hapd2 = fst_start_and_connect(apdev, group, sgroup)
-
-    # FST Setup Request: Category, FST Action, Dialog Token (non-zero),
-    # LLT (32 bits, see 10.32), Session Transition (see 8.4.2.147),
-    # Multi-band element (optional, see 8.4.2.140)
-
-    # Session Transition: EID, Len, FSTS ID(4), Session Control,
-    # New Band (Band ID, Setup, Operation), Old Band (Band ID, Setup, Operation)
-
-    # Multi-band element: EID, Len, Multi-band Control, Band ID,
-    # Operating Class, Channel Number, BSSID (6), Beacon Interval (2),
-    # TSF Offset (8), Multi-band Connection Capability, FSTSessionTimeOut,
-    # STA MAC Address (6, optional), Pairwise Cipher Suite Count (2, optional),
-    # Pairwise Cipher Suite List (4xm, optional)
-
-    # MBIE with the non-matching STA MAC Address:
-    req = "1200011a060000"
-    stie = "a40b0100000000020001040001"
-    mbie = "9e1c0c0200010200000004000000000000000000000000ff0200000006ff"
-    fst_setup_req(wpas, hglobal, 5180, apdev[0]['bssid'], req, stie, mbie)
-
-    # MBIE without the STA MAC Address:
-    req = "1200011a060000"
-    stie = "a40b0100000000020001040001"
-    mbie = "9e16040200010200000004000000000000000000000000ff"
-    fst_setup_req(wpas, hglobal, 5180, apdev[0]['bssid'], req, stie, mbie)
-
-    # MBIE with unsupported STA Role:
-    req = "1200011a060000"
-    stie = "a40b0100000000020001040001"
-    mbie = "9e16070200010200000004000000000000000000000000ff"
-    fst_setup_req(wpas, hglobal, 5180, apdev[0]['bssid'], req, stie, mbie)
-
-    # MBIE with unsupported Band ID:
-    req = "1200011a060000"
-    stie = "a40b0100000000020001040001"
-    mbie = "9e1604ff00010200000004000000000000000000000000ff"
-    fst_setup_req(wpas, hglobal, 5180, apdev[0]['bssid'], req, stie, mbie)
-
-    # FST Setup Request without MBIE (different FSTS ID):
-    req = "1200011a060000"
-    stie = "a40b0200000000020001040001"
-    fst_setup_req(wpas, hglobal, 5180, apdev[0]['bssid'], req, stie)
-
-    # MBIE update OOM on AP
-    req = "1200011a060000"
-    stie = "a40b0100000000020001040001"
-    mbie = "9e16040200010200000004000000000000000000000000ff"
-    try:
-        with alloc_fail(hapd, 1, "mb_ies_by_info"):
-            fst_setup_req(wpas, hglobal, 5180, apdev[0]['bssid'], req, stie,
-                          mbie, no_wait=True)
-    except HwsimSkip as e:
-        # Skip exception to allow proper cleanup
-        pass
-
-    # Remove sessions to avoid causing issues to following test ases
-    s = hglobal.request("FST-MANAGER LIST_SESSIONS " + group)
-    if not s.startswith("FAIL"):
-        for sid in s.split(' '):
-            if len(sid):
-                hglobal.request("FST-MANAGER SESSION_REMOVE " + sid)
-
-def test_fst_many_setup(dev, apdev, test_params):
-    """FST setup multiple times"""
-    try:
-        _test_fst_many_setup(dev, apdev, test_params)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_fst_many_setup(dev, apdev, test_params):
-    group = "fstg0d"
-    sgroup = "fstg1d"
-    hglobal, wpas, wpas2, hapd, hapd2 = fst_start_and_connect(apdev, group, sgroup)
-
-    sid = wpas.global_request("FST-MANAGER SESSION_ADD " + sgroup).strip()
-    if "FAIL" in sid:
-        raise Exception("FST-MANAGER SESSION_ADD (STA) failed")
-
-    fst_session_set(wpas, sid, "old_ifname", wpas.ifname)
-    fst_session_set(wpas, sid, "old_peer_addr", apdev[0]['bssid'])
-    fst_session_set(wpas, sid, "new_ifname", wpas2.ifname)
-    fst_session_set(wpas, sid, "new_peer_addr", apdev[1]['bssid'])
-
-    for i in range(257):
-        if "OK" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-            raise Exception("FST-MANAGER SESSION_INITIATE failed")
-
-        while True:
-            ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-            if ev is None:
-                raise Exception("No FST-EVENT-SESSION (AP)")
-            if "new_state=SETUP_COMPLETION" in ev:
-                f = re.search("session_id=(\d+)", ev)
-                if f is None:
-                    raise Exception("No session_id in FST-EVENT-SESSION")
-                sid_ap = f.group(1)
-                cmd = "FST-MANAGER SESSION_RESPOND %s accept" % sid_ap
-                if "OK" not in hglobal.request(cmd):
-                    raise Exception("FST-MANAGER SESSION_RESPOND failed on AP")
-                break
-
-        ev = wpas.wait_global_event(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (STA)")
-        if "new_state=SETUP_COMPLETION" not in ev:
-            raise Exception("Unexpected FST-EVENT-SESSION data: " + ev)
-
-        ev = wpas.wait_global_event(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (STA)")
-        if "event_type=EVENT_FST_ESTABLISHED" not in ev:
-            raise Exception("Unexpected FST-EVENT-SESSION data: " + ev)
-
-        if "OK" not in wpas.global_request("FST-MANAGER SESSION_TEARDOWN " + sid):
-            raise Exception("FST-MANAGER SESSION_INITIATE failed")
-
-        if i == 0:
-            if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_TEARDOWN " + sid):
-                raise Exception("Duplicate FST-MANAGER SESSION_TEARDOWN accepted")
-
-        ev = wpas.wait_global_event(["FST-EVENT-SESSION"], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (STA teardown -->initial)")
-        if "new_state=INITIAL" not in ev:
-            raise Exception("Unexpected FST-EVENT-SESSION data (STA): " + ev)
-
-        ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (AP teardown -->initial)")
-        if "new_state=INITIAL" not in ev:
-            raise Exception("Unexpected FST-EVENT-SESSION data (AP): " + ev)
-
-        if "OK" not in hglobal.request("FST-MANAGER SESSION_REMOVE " + sid_ap):
-            raise Exception("FST-MANAGER SESSION_REMOVE (AP) failed")
-
-    if "OK" not in wpas.global_request("FST-MANAGER SESSION_REMOVE " + sid):
-        raise Exception("FST-MANAGER SESSION_REMOVE failed")
-
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    fst_wait_event_peer_sta(wpas, "disconnected", wpas.ifname,
-                            apdev[0]['bssid'])
-    fst_wait_event_peer_ap(hglobal, "disconnected", apdev[0]['ifname'],
-                           wpas.own_addr())
-
-    wpas2.request("DISCONNECT")
-    wpas2.wait_disconnected()
-    fst_wait_event_peer_sta(wpas, "disconnected", wpas2.ifname,
-                            apdev[1]['bssid'])
-    fst_wait_event_peer_ap(hglobal, "disconnected", apdev[1]['ifname'],
-                           wpas2.own_addr())
-
-    fst_detach_ap(hglobal, apdev[0]['ifname'], group)
-    fst_detach_ap(hglobal, apdev[1]['ifname'], group)
-    hapd.disable()
-    hapd2.disable()
-
-    fst_detach_sta(wpas, wpas.ifname, sgroup)
-    fst_detach_sta(wpas, wpas2.ifname, sgroup)
-
-def test_fst_attach_wpas_error(dev, apdev, test_params):
-    """FST attach errors in wpa_supplicant"""
-    if "OK" not in dev[0].global_request("FST-MANAGER TEST_REQUEST IS_SUPPORTED"):
-        raise HwsimSkip("No FST testing support")
-    group = "fstg0"
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    fst_attach_sta(wpas, wpas.ifname, group)
-    if "FAIL" not in wpas.global_request("FST-ATTACH %s %s" % (wpas.ifname,
-                                                               group)):
-        raise Exception("Duplicated FST-ATTACH accepted")
-    if "FAIL" not in wpas.global_request("FST-ATTACH %s %s" % ("foofoo",
-                                                               group)):
-        raise Exception("FST-ATTACH for unknown interface accepted")
-
-def test_fst_session_initiate_errors(dev, apdev, test_params):
-    """FST SESSION_INITIATE error cases"""
-    try:
-        _test_fst_session_initiate_errors(dev, apdev, test_params)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_fst_session_initiate_errors(dev, apdev, test_params):
-    group = "fstg0"
-    sgroup = "fstg1"
-    hglobal, wpas, wpas2, hapd, hapd2 = fst_start_and_connect(apdev, group, sgroup)
-
-    sid = wpas.global_request("FST-MANAGER SESSION_ADD " + sgroup).strip()
-    if "FAIL" in sid:
-        raise Exception("FST-MANAGER SESSION_ADD (STA) failed")
-
-    # No old peer MAC address
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "old_peer_addr", "00:ff:ff:ff:ff:ff")
-    # No new peer MAC address
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "new_peer_addr", "00:ff:ff:ff:ff:fe")
-    # No old interface defined
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "old_ifname", wpas.ifname)
-    # No new interface defined
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "new_ifname", wpas.ifname)
-    # Same interface set as old and new
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "new_ifname", wpas2.ifname)
-    # The preset old peer address is not connected
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "old_peer_addr", apdev[0]['bssid'])
-    # The preset new peer address is not connected
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Invalid FST-MANAGER SESSION_INITIATE accepted")
-
-    fst_session_set(wpas, sid, "new_peer_addr", apdev[1]['bssid'])
-    # Initiate session setup
-    if "OK" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("FST-MANAGER SESSION_INITIATE failed")
-
-    # Session in progress
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("Duplicated FST-MANAGER SESSION_INITIATE accepted")
-
-    sid2 = wpas.global_request("FST-MANAGER SESSION_ADD " + sgroup).strip()
-    if "FAIL" in sid:
-        raise Exception("FST-MANAGER SESSION_ADD (STA) failed")
-    fst_session_set(wpas, sid2, "old_ifname", wpas.ifname)
-    fst_session_set(wpas, sid2, "old_peer_addr", apdev[0]['bssid'])
-    fst_session_set(wpas, sid2, "new_ifname", wpas2.ifname)
-    fst_session_set(wpas, sid2, "new_peer_addr", apdev[1]['bssid'])
-
-    # There is another session in progress (old)
-    if "FAIL" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid2):
-        raise Exception("Duplicated FST-MANAGER SESSION_INITIATE accepted")
-
-    if "OK" not in wpas.global_request("FST-MANAGER SESSION_REMOVE " + sid):
-        raise Exception("FST-MANAGER SESSION_REMOVE failed")
-
-    while True:
-        ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (AP)")
-        if "new_state=SETUP_COMPLETION" in ev:
-            f = re.search("session_id=(\d+)", ev)
-            if f is None:
-                raise Exception("No session_id in FST-EVENT-SESSION")
-            sid_ap = f.group(1)
-            break
-    if "OK" not in hglobal.request("FST-MANAGER SESSION_REMOVE " + sid_ap):
-        raise Exception("FST-MANAGER SESSION_REMOVE (AP) failed")
-
-    if "OK" not in wpas.global_request("FST-MANAGER SESSION_REMOVE " + sid2):
-        raise Exception("FST-MANAGER SESSION_REMOVE failed")
-
-def test_fst_session_respond_errors(dev, apdev, test_params):
-    """FST SESSION_RESPOND error cases"""
-    try:
-        _test_fst_session_respond_errors(dev, apdev, test_params)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_fst_session_respond_errors(dev, apdev, test_params):
-    group = "fstg0b"
-    sgroup = "fstg1b"
-    hglobal, wpas, wpas2, hapd, hapd2 = fst_start_and_connect(apdev, group, sgroup)
-
-    sid = wpas.global_request("FST-MANAGER SESSION_ADD " + sgroup).strip()
-    if "FAIL" in sid:
-        raise Exception("FST-MANAGER SESSION_ADD (STA) failed")
-
-    fst_session_set(wpas, sid, "old_ifname", wpas.ifname)
-    fst_session_set(wpas, sid, "old_peer_addr", apdev[0]['bssid'])
-    fst_session_set(wpas, sid, "new_ifname", wpas2.ifname)
-    fst_session_set(wpas, sid, "new_peer_addr", apdev[1]['bssid'])
-
-    if "OK" not in wpas.global_request("FST-MANAGER SESSION_INITIATE " + sid):
-        raise Exception("FST-MANAGER SESSION_INITIATE failed")
-
-    while True:
-        ev = hglobal.wait_event(['FST-EVENT-SESSION'], timeout=5)
-        if ev is None:
-            raise Exception("No FST-EVENT-SESSION (AP)")
-        if "new_state=SETUP_COMPLETION" in ev:
-            f = re.search("session_id=(\d+)", ev)
-            if f is None:
-                raise Exception("No session_id in FST-EVENT-SESSION")
-            sid_ap = f.group(1)
-            break
-
-    # The preset peer address is not in the peer list
-    fst_session_set_ap(hglobal, sid_ap, "old_peer_addr", "00:00:00:00:00:01")
-    cmd = "FST-MANAGER SESSION_RESPOND %s accept" % sid_ap
-    if "FAIL" not in hglobal.request(cmd):
-        raise Exception("Invalid FST-MANAGER SESSION_RESPOND accepted")
-
-    # Same interface set as old and new
-    fst_session_set_ap(hglobal, sid_ap, "old_peer_addr", wpas.own_addr())
-    fst_session_set_ap(hglobal, sid_ap, "old_ifname", apdev[1]['ifname'])
-    cmd = "FST-MANAGER SESSION_RESPOND %s accept" % sid_ap
-    if "FAIL" not in hglobal.request(cmd):
-        raise Exception("Invalid FST-MANAGER SESSION_RESPOND accepted")
-
-    # valid command
-    fst_session_set_ap(hglobal, sid_ap, "old_ifname", apdev[0]['ifname'])
-    cmd = "FST-MANAGER SESSION_RESPOND %s accept" % sid_ap
-    if "OK" not in hglobal.request(cmd):
-        raise Exception("FST-MANAGER SESSION_RESPOND failed")
-
-    # incorrect state
-    cmd = "FST-MANAGER SESSION_RESPOND %s accept" % sid_ap
-    if "FAIL" not in hglobal.request(cmd):
-        raise Exception("Invalid FST-MANAGER SESSION_RESPOND accepted")
-
-    cmd = "FST-MANAGER SESSION_REMOVE " + sid
-    if "OK" not in wpas.global_request(cmd):
-        raise Exception("FST-MANAGER SESSION_REMOVE (STA) failed")
-
-    cmd = "FST-MANAGER SESSION_REMOVE %s" % sid_ap
-    if "OK" not in hglobal.request(cmd):
-        raise Exception("FST-MANAGER SESSION_REMOVE (AP) failed")
diff --git a/tests/hwsim/test_gas.py b/tests/hwsim/test_gas.py
deleted file mode 100644
index cb4a1a8d6656..000000000000
--- a/tests/hwsim/test_gas.py
+++ /dev/null
@@ -1,2053 +0,0 @@
-# GAS tests
-# Copyright (c) 2013, Qualcomm Atheros, Inc.
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import binascii
-import logging
-logger = logging.getLogger()
-import os
-import re
-import struct
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from tshark import run_tshark
-from utils import alloc_fail, wait_fail_trigger, skip_with_fips, HwsimSkip
-from hwsim import HWSimRadio
-
-def hs20_ap_params():
-    params = hostapd.wpa2_params(ssid="test-gas")
-    params['wpa_key_mgmt'] = "WPA-EAP"
-    params['ieee80211w'] = "1"
-    params['ieee8021x'] = "1"
-    params['auth_server_addr'] = "127.0.0.1"
-    params['auth_server_port'] = "1812"
-    params['auth_server_shared_secret'] = "radius"
-    params['interworking'] = "1"
-    params['access_network_type'] = "14"
-    params['internet'] = "1"
-    params['asra'] = "0"
-    params['esr'] = "0"
-    params['uesa'] = "0"
-    params['venue_group'] = "7"
-    params['venue_type'] = "1"
-    params['venue_name'] = ["eng:Example venue", "fin:Esimerkkipaikka"]
-    params['roaming_consortium'] = ["112233", "1020304050", "010203040506",
-                                    "fedcba"]
-    params['domain_name'] = "example.com,another.example.com"
-    params['nai_realm'] = ["0,example.com,13[5:6],21[2:4][5:7]",
-                           "0,another.example.com"]
-    params['anqp_3gpp_cell_net'] = "244,91"
-    params['network_auth_type'] = "02http://www.example.com/redirect/me/here/"
-    params['ipaddr_type_availability'] = "14"
-    params['hs20'] = "1"
-    params['hs20_oper_friendly_name'] = ["eng:Example operator", "fin:Esimerkkioperaattori"]
-    params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
-    params['hs20_conn_capab'] = ["1:0:2", "6:22:1", "17:5060:0"]
-    params['hs20_operating_class'] = "5173"
-    return params
-
-def start_ap(ap):
-    params = hs20_ap_params()
-    params['hessid'] = ap['bssid']
-    return hostapd.add_ap(ap, params)
-
-def get_gas_response(dev, bssid, info, allow_fetch_failure=False,
-                     extra_test=False):
-    exp = r'<.>(GAS-RESPONSE-INFO) addr=([0-9a-f:]*) dialog_token=([0-9]*) status_code=([0-9]*) resp_len=([\-0-9]*)'
-    res = re.split(exp, info)
-    if len(res) < 6:
-        raise Exception("Could not parse GAS-RESPONSE-INFO")
-    if res[2] != bssid:
-        raise Exception("Unexpected BSSID in response")
-    token = res[3]
-    status = res[4]
-    if status != "0":
-        raise Exception("GAS query failed")
-    resp_len = res[5]
-    if resp_len == "-1":
-        raise Exception("GAS query reported invalid response length")
-    if int(resp_len) > 2000:
-        raise Exception("Unexpected long GAS response")
-
-    if extra_test:
-        if "FAIL" not in dev.request("GAS_RESPONSE_GET " + bssid + " 123456"):
-            raise Exception("Invalid dialog token accepted")
-        if "FAIL-Invalid range" not in dev.request("GAS_RESPONSE_GET " + bssid + " " + token + " 10000,10001"):
-            raise Exception("Invalid range accepted")
-        if "FAIL-Invalid range" not in dev.request("GAS_RESPONSE_GET " + bssid + " " + token + " 0,10000"):
-            raise Exception("Invalid range accepted")
-        if "FAIL" not in dev.request("GAS_RESPONSE_GET " + bssid + " " + token + " 0"):
-            raise Exception("Invalid GAS_RESPONSE_GET accepted")
-
-        res1_2 = dev.request("GAS_RESPONSE_GET " + bssid + " " + token + " 1,2")
-        res5_3 = dev.request("GAS_RESPONSE_GET " + bssid + " " + token + " 5,3")
-
-    resp = dev.request("GAS_RESPONSE_GET " + bssid + " " + token)
-    if "FAIL" in resp:
-        if allow_fetch_failure:
-            logger.debug("GAS response was not available anymore")
-            return
-        raise Exception("Could not fetch GAS response")
-    if len(resp) != int(resp_len) * 2:
-        raise Exception("Unexpected GAS response length")
-    logger.debug("GAS response: " + resp)
-    if extra_test:
-        if resp[2:6] != res1_2:
-            raise Exception("Unexpected response substring res1_2: " + res1_2)
-        if resp[10:16] != res5_3:
-            raise Exception("Unexpected response substring res5_3: " + res5_3)
-
-def test_gas_generic(dev, apdev):
-    """Generic GAS query"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    cmds = ["foo",
-            "00:11:22:33:44:55",
-            "00:11:22:33:44:55 ",
-            "00:11:22:33:44:55  ",
-            "00:11:22:33:44:55 1",
-            "00:11:22:33:44:55 1 1234",
-            "00:11:22:33:44:55 qq",
-            "00:11:22:33:44:55 qq 1234",
-            "00:11:22:33:44:55 00      1",
-            "00:11:22:33:44:55 00 123",
-            "00:11:22:33:44:55 00 ",
-            "00:11:22:33:44:55 00 qq"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("GAS_REQUEST " + cmd):
-            raise Exception("Invalid GAS_REQUEST accepted: " + cmd)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    get_gas_response(dev[0], bssid, ev, extra_test=True)
-
-    if "FAIL" not in dev[0].request("GAS_RESPONSE_GET ff"):
-        raise Exception("Invalid GAS_RESPONSE_GET accepted")
-
-def test_gas_rand_ta(dev, apdev, params):
-    """Generic GAS query with random TA"""
-    flags = int(dev[0].get_driver_status_field('capa.flags'), 16)
-    if flags & 0x0000400000000000 == 0:
-        raise HwsimSkip("Driver does not support random GAS TA")
-
-    try:
-        _test_gas_rand_ta(dev, apdev, params['logdir'])
-    finally:
-        dev[0].request("SET gas_rand_mac_addr 0")
-
-def _test_gas_rand_ta(dev, apdev, logdir):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    req = dev[0].request("SET gas_rand_mac_addr 1")
-    if "FAIL" in req:
-        raise Exception("Failed to set gas_rand_mac_addr")
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    get_gas_response(dev[0], bssid, ev, extra_test=True)
-
-    out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"),
-                     "wlan_mgt.fixed.category_code == 4 && (wlan_mgt.fixed.publicact == 0x0a || wlan_mgt.fixed.publicact == 0x0b)",
-                     display=["wlan.ta", "wlan.ra"])
-    res = out.splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected number of GAS frames")
-    req_ta = res[0].split('\t')[0]
-    resp_ra = res[1].split('\t')[1]
-    logger.info("Request TA: %s, Response RA: %s" % (req_ta, resp_ra))
-    if req_ta != resp_ra:
-        raise Exception("Request TA does not match response RA")
-    if req_ta == dev[0].own_addr():
-        raise Exception("Request TA was own permanent MAC address, not random")
-
-def test_gas_concurrent_scan(dev, apdev):
-    """Generic GAS queries with concurrent scan operation"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    # get BSS entry available to allow GAS query
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    logger.info("Request concurrent operations")
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000801")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    dev[0].scan(no_wait=True)
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000201")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000501")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-
-    responses = 0
-    for i in range(0, 5):
-        ev = dev[0].wait_event(["GAS-RESPONSE-INFO", "CTRL-EVENT-SCAN-RESULTS"],
-                               timeout=10)
-        if ev is None:
-            raise Exception("Operation timed out")
-        if "GAS-RESPONSE-INFO" in ev:
-            responses = responses + 1
-            get_gas_response(dev[0], bssid, ev, allow_fetch_failure=True)
-
-    if responses != 4:
-        raise Exception("Unexpected number of GAS responses")
-
-def test_gas_concurrent_connect(dev, apdev):
-    """Generic GAS queries with concurrent connection operation"""
-    skip_with_fips(dev[0])
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    logger.debug("Start concurrent connect and GAS request")
-    dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem", wait_connect=False,
-                   scan_freq="2412")
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"],
-                           timeout=20)
-    if ev is None:
-        raise Exception("Operation timed out")
-    if "CTRL-EVENT-CONNECTED" not in ev:
-        raise Exception("Unexpected operation order")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"],
-                           timeout=20)
-    if ev is None:
-        raise Exception("Operation timed out")
-    if "GAS-RESPONSE-INFO" not in ev:
-        raise Exception("Unexpected operation order")
-    get_gas_response(dev[0], bssid, ev)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=5)
-
-    logger.debug("Wait six seconds for expiration of connect-without-scan")
-    time.sleep(6)
-    dev[0].dump_monitor()
-
-    logger.debug("Start concurrent GAS request and connect")
-    req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    dev[0].request("RECONNECT")
-
-    ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
-    if ev is None:
-        raise Exception("Operation timed out")
-    get_gas_response(dev[0], bssid, ev)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=20)
-    if ev is None:
-        raise Exception("No new scan results reported")
-
-    ev = dev[0].wait_connected(timeout=20, error="Operation tiemd out")
-    if "CTRL-EVENT-CONNECTED" not in ev:
-        raise Exception("Unexpected operation order")
-
-def gas_fragment_and_comeback(dev, apdev, frag_limit=0, comeback_delay=0):
-    hapd = start_ap(apdev)
-    if frag_limit:
-        hapd.set("gas_frag_limit", str(frag_limit))
-    if comeback_delay:
-        hapd.set("gas_comeback_delay", str(comeback_delay))
-
-    dev.scan_for_bss(apdev['bssid'], freq="2412", force_scan=True)
-    dev.request("FETCH_ANQP")
-    ev = dev.wait_event(["GAS-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("No GAS-QUERY-DONE event")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected GAS result: " + ev)
-    for i in range(0, 13):
-        ev = dev.wait_event(["RX-ANQP", "RX-HS20-ANQP"], timeout=5)
-        if ev is None:
-            raise Exception("Operation timed out")
-    ev = dev.wait_event(["ANQP-QUERY-DONE"], timeout=1)
-    if ev is None:
-        raise Exception("No ANQP-QUERY-DONE event")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected ANQP result: " + ev)
-
-def test_gas_fragment(dev, apdev):
-    """GAS fragmentation"""
-    gas_fragment_and_comeback(dev[0], apdev[0], frag_limit=50)
-
-def test_gas_fragment_mcc(dev, apdev):
-    """GAS fragmentation with mac80211_hwsim MCC enabled"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        gas_fragment_and_comeback(wpas, apdev[0], frag_limit=50)
-
-def test_gas_fragment_with_comeback_delay(dev, apdev):
-    """GAS fragmentation and comeback delay"""
-    gas_fragment_and_comeback(dev[0], apdev[0], frag_limit=50,
-                              comeback_delay=500)
-
-def test_gas_fragment_with_comeback_delay_mcc(dev, apdev):
-    """GAS fragmentation and comeback delay with mac80211_hwsim MCC enabled"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        gas_fragment_and_comeback(wpas, apdev[0], frag_limit=50,
-                                  comeback_delay=500)
-
-def test_gas_comeback_delay(dev, apdev):
-    """GAS comeback delay"""
-    run_gas_comeback_delay(dev, apdev, 500)
-
-def test_gas_comeback_delay_long(dev, apdev):
-    """GAS long comeback delay"""
-    run_gas_comeback_delay(dev, apdev, 2500)
-
-def test_gas_comeback_delay_long2(dev, apdev):
-    """GAS long comeback delay over default STA timeout"""
-    run_gas_comeback_delay(dev, apdev, 6000)
-
-def run_gas_comeback_delay(dev, apdev, delay):
-    hapd = start_ap(apdev[0])
-    hapd.set("gas_comeback_delay", str(delay))
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].request("FETCH_ANQP")
-    if "FAIL-BUSY" not in dev[0].request("SCAN"):
-        raise Exception("SCAN accepted during FETCH_ANQP")
-    for i in range(0, 6):
-        ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
-        if ev is None:
-            raise Exception("Operation timed out")
-
-@remote_compatible
-def test_gas_stop_fetch_anqp(dev, apdev):
-    """Stop FETCH_ANQP operation"""
-    hapd = start_ap(apdev[0])
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("FETCH_ANQP")
-    dev[0].request("STOP_FETCH_ANQP")
-    hapd.set("ext_mgmt_frame_handling", "0")
-    ev = dev[0].wait_event(["RX-ANQP", "GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS-QUERY-DONE timed out")
-    if "RX-ANQP" in ev:
-        raise Exception("Unexpected ANQP response received")
-
-def test_gas_anqp_get(dev, apdev):
-    """GAS/ANQP query for both IEEE 802.11 and Hotspot 2.0 elements"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258,268,hs20:3,hs20:4"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Domain Name list" not in ev:
-        raise Exception("Did not receive Domain Name list")
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
-    if ev is None or "Operator Friendly Name" not in ev:
-        raise Exception("Did not receive Operator Friendly Name")
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
-    if ev is None or "WAN Metrics" not in ev:
-        raise Exception("Did not receive WAN Metrics")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " hs20:3"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
-    if ev is None or "Operator Friendly Name" not in ev:
-        raise Exception("Did not receive Operator Friendly Name")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    if "OK" not in dev[0].request("HS20_ANQP_GET " + bssid + " 3,4"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
-    if ev is None or "Operator Friendly Name" not in ev:
-        raise Exception("Did not receive Operator Friendly Name")
-
-    ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
-    if ev is None or "WAN Metrics" not in ev:
-        raise Exception("Did not receive WAN Metrics")
-
-    logger.info("Attempt an MBO request with an AP that does not support MBO")
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 272,mbo:2"):
-        raise Exception("ANQP_GET command failed (2)")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out (2)")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out (2)")
-
-    cmds = ["",
-            "foo",
-            "00:11:22:33:44:55 258,hs20:-1",
-            "00:11:22:33:44:55 258,hs20:0",
-            "00:11:22:33:44:55 258,hs20:32",
-            "00:11:22:33:44:55 hs20:-1",
-            "00:11:22:33:44:55 hs20:0",
-            "00:11:22:33:44:55 hs20:32",
-            "00:11:22:33:44:55 mbo:-1",
-            "00:11:22:33:44:55 mbo:0",
-            "00:11:22:33:44:55 mbo:999",
-            "00:11:22:33:44:55 mbo:1,258,mbo:2,mbo:3,259",
-            "00:11:22:33:44:55",
-            "00:11:22:33:44:55 ",
-            "00:11:22:33:44:55 0",
-            "00:11:22:33:44:55 1"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("ANQP_GET " + cmd):
-            raise Exception("Invalid ANQP_GET accepted")
-
-    cmds = ["",
-            "foo",
-            "00:11:22:33:44:55 -1",
-            "00:11:22:33:44:55 0",
-            "00:11:22:33:44:55 32",
-            "00:11:22:33:44:55",
-            "00:11:22:33:44:55 ",
-            "00:11:22:33:44:55 0",
-            "00:11:22:33:44:55 1"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("HS20_ANQP_GET " + cmd):
-            raise Exception("Invalid HS20_ANQP_GET accepted")
-
-def test_gas_anqp_get_no_scan(dev, apdev):
-    """GAS/ANQP query without scan"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " freq=2412 258"):
-        raise Exception("ANQP_GET command failed")
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP query timed out")
-    dev[0].dump_monitor()
-
-    if "OK" not in dev[0].request("ANQP_GET 02:11:22:33:44:55 freq=2417 258"):
-        raise Exception("ANQP_GET command failed")
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP query timed out [2]")
-    if "result=FAILURE" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-def test_gas_anqp_get_oom(dev, apdev):
-    """GAS/ANQP query OOM"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;anqp_send_req"):
-        if "FAIL" not in dev[0].request("ANQP_GET " + bssid + " 258,268,hs20:3,hs20:4"):
-            raise Exception("ANQP_GET command accepted during OOM")
-    with alloc_fail(dev[0], 1, "hs20_build_anqp_req;hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("HS20_ANQP_GET " + bssid + " 1"):
-            raise Exception("HS20_ANQP_GET command accepted during OOM")
-    with alloc_fail(dev[0], 1, "gas_query_req;hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("HS20_ANQP_GET " + bssid + " 1"):
-            raise Exception("HS20_ANQP_GET command accepted during OOM")
-    with alloc_fail(dev[0], 1, "=hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON command accepted during OOM")
-    with alloc_fail(dev[0], 2, "=hs20_anqp_send_req"):
-        if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
-            raise Exception("REQ_HS20_ICON command accepted during OOM")
-
-def test_gas_anqp_icon_binary_proto(dev, apdev):
-    """GAS/ANQP and icon binary protocol testing"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    tests = ['010000', '01000000', '00000000', '00030000', '00020000',
-             '00000100', '0001ff0100ee', '0001ff0200ee']
-    for test in tests:
-        dev[0].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo")
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-        resp = action_response(query)
-        data = binascii.unhexlify(test)
-        data = binascii.unhexlify('506f9a110b00') + data
-        data = struct.pack('<HHH', len(data) + 4, 0xdddd, len(data)) + data
-        resp['payload'] = anqp_initial_resp(gas['dialog_token'], 0) + data
-        send_gas_resp(hapd, resp)
-        expect_gas_result(dev[0], "SUCCESS")
-
-def test_gas_anqp_hs20_proto(dev, apdev):
-    """GAS/ANQP and Hotspot 2.0 element protocol testing"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    tests = ['00', '0100', '0201', '0300', '0400', '0500', '0600', '0700',
-             '0800', '0900', '0a00', '0b0000000000']
-    for test in tests:
-        dev[0].request("HS20_ANQP_GET " + bssid + " 3,4")
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-        resp = action_response(query)
-        data = binascii.unhexlify(test)
-        data = binascii.unhexlify('506f9a11') + data
-        data = struct.pack('<HHH', len(data) + 4, 0xdddd, len(data)) + data
-        resp['payload'] = anqp_initial_resp(gas['dialog_token'], 0) + data
-        send_gas_resp(hapd, resp)
-        expect_gas_result(dev[0], "SUCCESS")
-
-def expect_gas_result(dev, result, status=None):
-    ev = dev.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    if "result=" + result not in ev:
-        raise Exception("Unexpected GAS query result")
-    if status and "status_code=" + str(status) + ' ' not in ev:
-        raise Exception("Unexpected GAS status code")
-
-def anqp_get(dev, bssid, id):
-    if "OK" not in dev.request("ANQP_GET " + bssid + " " + str(id)):
-        raise Exception("ANQP_GET command failed")
-    ev = dev.wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-def test_gas_timeout(dev, apdev):
-    """GAS timeout"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    anqp_get(dev[0], bssid, 263)
-
-    ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("MGMT RX wait timed out")
-
-    expect_gas_result(dev[0], "TIMEOUT")
-
-MGMT_SUBTYPE_ACTION = 13
-ACTION_CATEG_PUBLIC = 4
-
-GAS_INITIAL_REQUEST = 10
-GAS_INITIAL_RESPONSE = 11
-GAS_COMEBACK_REQUEST = 12
-GAS_COMEBACK_RESPONSE = 13
-GAS_ACTIONS = [GAS_INITIAL_REQUEST, GAS_INITIAL_RESPONSE,
-               GAS_COMEBACK_REQUEST, GAS_COMEBACK_RESPONSE]
-
-def anqp_adv_proto():
-    return struct.pack('BBBB', 108, 2, 127, 0)
-
-def anqp_initial_resp(dialog_token, status_code, comeback_delay=0):
-    return struct.pack('<BBBHH', ACTION_CATEG_PUBLIC, GAS_INITIAL_RESPONSE,
-                       dialog_token, status_code, comeback_delay) + anqp_adv_proto()
-
-def anqp_comeback_resp(dialog_token, status_code=0, id=0, more=False, comeback_delay=0, bogus_adv_proto=False):
-    if more:
-        id |= 0x80
-    if bogus_adv_proto:
-        adv = struct.pack('BBBB', 108, 2, 127, 1)
-    else:
-        adv = anqp_adv_proto()
-    return struct.pack('<BBBHBH', ACTION_CATEG_PUBLIC, GAS_COMEBACK_RESPONSE,
-                       dialog_token, status_code, id, comeback_delay) + adv
-
-def gas_rx(hapd):
-    count = 0
-    while count < 30:
-        count = count + 1
-        query = hapd.mgmt_rx()
-        if query is None:
-            raise Exception("Action frame not received")
-        if query['subtype'] != MGMT_SUBTYPE_ACTION:
-            continue
-        payload = query['payload']
-        if len(payload) < 2:
-            continue
-        (category, action) = struct.unpack('BB', payload[0:2])
-        if category != ACTION_CATEG_PUBLIC or action not in GAS_ACTIONS:
-            continue
-        return query
-    raise Exception("No Action frame received")
-
-def parse_gas(payload):
-    pos = payload
-    (category, action, dialog_token) = struct.unpack('BBB', pos[0:3])
-    if category != ACTION_CATEG_PUBLIC:
-        return None
-    if action not in GAS_ACTIONS:
-        return None
-    gas = {}
-    gas['action'] = action
-    pos = pos[3:]
-
-    if len(pos) < 1 and action != GAS_COMEBACK_REQUEST:
-        return None
-
-    gas['dialog_token'] = dialog_token
-
-    if action == GAS_INITIAL_RESPONSE:
-        if len(pos) < 4:
-            return None
-        (status_code, comeback_delay) = struct.unpack('<HH', pos[0:4])
-        gas['status_code'] = status_code
-        gas['comeback_delay'] = comeback_delay
-
-    if action == GAS_COMEBACK_RESPONSE:
-        if len(pos) < 5:
-            return None
-        (status_code, frag, comeback_delay) = struct.unpack('<HBH', pos[0:5])
-        gas['status_code'] = status_code
-        gas['frag'] = frag
-        gas['comeback_delay'] = comeback_delay
-
-    return gas
-
-def action_response(req):
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    return resp
-
-def send_gas_resp(hapd, resp):
-    hapd.mgmt_tx(resp)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Missing TX status for GAS response")
-    if "ok=1" not in ev:
-        raise Exception("GAS response not acknowledged")
-
-def test_gas_invalid_response_type(dev, apdev):
-    """GAS invalid response type"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    anqp_get(dev[0], bssid, 263)
-
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-
-    resp = action_response(query)
-    # GAS Comeback Response instead of GAS Initial Response
-    resp['payload'] = anqp_comeback_resp(gas['dialog_token']) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-
-    # station drops the invalid frame, so this needs to result in GAS timeout
-    expect_gas_result(dev[0], "TIMEOUT")
-
-def test_gas_failure_status_code(dev, apdev):
-    """GAS failure status code"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    anqp_get(dev[0], bssid, 263)
-
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-
-    resp = action_response(query)
-    resp['payload'] = anqp_initial_resp(gas['dialog_token'], 61) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-
-    expect_gas_result(dev[0], "FAILURE")
-
-def test_gas_malformed(dev, apdev):
-    """GAS malformed response frames"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    anqp_get(dev[0], bssid, 263)
-
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-
-    resp = action_response(query)
-
-    resp['payload'] = struct.pack('<BBBH', ACTION_CATEG_PUBLIC,
-                                  GAS_COMEBACK_RESPONSE,
-                                  gas['dialog_token'], 0)
-    hapd.mgmt_tx(resp)
-
-    resp['payload'] = struct.pack('<BBBHB', ACTION_CATEG_PUBLIC,
-                                  GAS_COMEBACK_RESPONSE,
-                                  gas['dialog_token'], 0, 0)
-    hapd.mgmt_tx(resp)
-
-    hdr = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC, GAS_INITIAL_RESPONSE,
-                      gas['dialog_token'], 0, 0)
-    resp['payload'] = hdr + struct.pack('B', 108)
-    hapd.mgmt_tx(resp)
-    resp['payload'] = hdr + struct.pack('BB', 108, 0)
-    hapd.mgmt_tx(resp)
-    resp['payload'] = hdr + struct.pack('BB', 108, 1)
-    hapd.mgmt_tx(resp)
-    resp['payload'] = hdr + struct.pack('BB', 108, 255)
-    hapd.mgmt_tx(resp)
-    resp['payload'] = hdr + struct.pack('BBB', 108, 1, 127)
-    hapd.mgmt_tx(resp)
-    resp['payload'] = hdr + struct.pack('BBB', 108, 2, 127)
-    hapd.mgmt_tx(resp)
-    resp['payload'] = hdr + struct.pack('BBBB', 0, 2, 127, 0)
-    hapd.mgmt_tx(resp)
-
-    resp['payload'] = anqp_initial_resp(gas['dialog_token'], 0) + struct.pack('<H', 1)
-    hapd.mgmt_tx(resp)
-
-    resp['payload'] = anqp_initial_resp(gas['dialog_token'], 0) + struct.pack('<HB', 2, 0)
-    hapd.mgmt_tx(resp)
-
-    resp['payload'] = anqp_initial_resp(gas['dialog_token'], 0) + struct.pack('<H', 65535)
-    hapd.mgmt_tx(resp)
-
-    resp['payload'] = anqp_initial_resp(gas['dialog_token'], 0) + struct.pack('<HBB', 1, 0, 0)
-    hapd.mgmt_tx(resp)
-
-    # Station drops invalid frames, but the last of the responses is valid from
-    # GAS view point even though it has an extra octet in the end and the ANQP
-    # part of the response is not valid. This is reported as successfully
-    # completed GAS exchange.
-    expect_gas_result(dev[0], "SUCCESS")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE not reported")
-    if "result=INVALID_FRAME" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-def init_gas(hapd, bssid, dev):
-    anqp_get(dev, bssid, 263)
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-    dialog_token = gas['dialog_token']
-
-    resp = action_response(query)
-    resp['payload'] = anqp_initial_resp(dialog_token, 0, comeback_delay=1) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-    if gas['action'] != GAS_COMEBACK_REQUEST:
-        raise Exception("Unexpected request action")
-    if gas['dialog_token'] != dialog_token:
-        raise Exception("Unexpected dialog token change")
-    return query, dialog_token
-
-def allow_gas_initial_req(hapd, dialog_token):
-    msg = hapd.mgmt_rx(timeout=1)
-    if msg is not None:
-        gas = parse_gas(msg['payload'])
-        if gas['action'] != GAS_INITIAL_REQUEST or dialog_token == gas['dialog_token']:
-            raise Exception("Unexpected management frame")
-
-def test_gas_malformed_comeback_resp(dev, apdev):
-    """GAS malformed comeback response frames"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    logger.debug("Non-zero status code in comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, status_code=2) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "FAILURE", status=2)
-
-    logger.debug("Different advertisement protocol in comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, bogus_adv_proto=True) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "PEER_ERROR")
-
-    logger.debug("Non-zero frag id and comeback delay in comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, id=1, comeback_delay=1) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "PEER_ERROR")
-
-    logger.debug("Unexpected frag id in comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, id=1) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "PEER_ERROR")
-
-    logger.debug("Empty fragment and replay in comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, more=True) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    query = gas_rx(hapd)
-    gas = parse_gas(query['payload'])
-    if gas['action'] != GAS_COMEBACK_REQUEST:
-        raise Exception("Unexpected request action")
-    if gas['dialog_token'] != dialog_token:
-        raise Exception("Unexpected dialog token change")
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    resp['payload'] = anqp_comeback_resp(dialog_token, id=1) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "SUCCESS")
-
-    logger.debug("Unexpected initial response when waiting for comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_initial_resp(dialog_token, 0) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    allow_gas_initial_req(hapd, dialog_token)
-    expect_gas_result(dev[0], "TIMEOUT")
-
-    logger.debug("Too short comeback response")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = struct.pack('<BBBH', ACTION_CATEG_PUBLIC,
-                                  GAS_COMEBACK_RESPONSE, dialog_token, 0)
-    send_gas_resp(hapd, resp)
-    allow_gas_initial_req(hapd, dialog_token)
-    expect_gas_result(dev[0], "TIMEOUT")
-
-    logger.debug("Too short comeback response(2)")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = struct.pack('<BBBHBB', ACTION_CATEG_PUBLIC,
-                                  GAS_COMEBACK_RESPONSE, dialog_token, 0, 0x80,
-                                  0)
-    send_gas_resp(hapd, resp)
-    allow_gas_initial_req(hapd, dialog_token)
-    expect_gas_result(dev[0], "TIMEOUT")
-
-    logger.debug("Maximum comeback response fragment claiming more fragments")
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, more=True) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    for i in range(1, 129):
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-        if gas['action'] != GAS_COMEBACK_REQUEST:
-            raise Exception("Unexpected request action")
-        if gas['dialog_token'] != dialog_token:
-            raise Exception("Unexpected dialog token change")
-        resp = action_response(query)
-        resp['payload'] = anqp_comeback_resp(dialog_token, id=i, more=True) + struct.pack('<H', 0)
-        send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "PEER_ERROR")
-
-def test_gas_comeback_resp_additional_delay(dev, apdev):
-    """GAS comeback response requesting additional delay"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    query, dialog_token = init_gas(hapd, bssid, dev[0])
-    for i in range(0, 2):
-        resp = action_response(query)
-        resp['payload'] = anqp_comeback_resp(dialog_token, status_code=95, comeback_delay=50) + struct.pack('<H', 0)
-        send_gas_resp(hapd, resp)
-        query = gas_rx(hapd)
-        gas = parse_gas(query['payload'])
-        if gas['action'] != GAS_COMEBACK_REQUEST:
-            raise Exception("Unexpected request action")
-        if gas['dialog_token'] != dialog_token:
-            raise Exception("Unexpected dialog token change")
-    resp = action_response(query)
-    resp['payload'] = anqp_comeback_resp(dialog_token, status_code=0) + struct.pack('<H', 0)
-    send_gas_resp(hapd, resp)
-    expect_gas_result(dev[0], "SUCCESS")
-
-def test_gas_unknown_adv_proto(dev, apdev):
-    """Unknown advertisement protocol id"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    req = dev[0].request("GAS_REQUEST " + bssid + " 42 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    expect_gas_result(dev[0], "FAILURE", "59")
-    ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    exp = r'<.>(GAS-RESPONSE-INFO) addr=([0-9a-f:]*) dialog_token=([0-9]*) status_code=([0-9]*) resp_len=([\-0-9]*)'
-    res = re.split(exp, ev)
-    if len(res) < 6:
-        raise Exception("Could not parse GAS-RESPONSE-INFO")
-    if res[2] != bssid:
-        raise Exception("Unexpected BSSID in response")
-    status = res[4]
-    if status != "59":
-        raise Exception("Unexpected GAS-RESPONSE-INFO status")
-
-def test_gas_request_oom(dev, apdev):
-    """GAS_REQUEST OOM"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    with alloc_fail(dev[0], 1, "gas_build_req;gas_send_request"):
-        if "FAIL" not in dev[0].request("GAS_REQUEST " + bssid + " 42"):
-            raise Exception("GAS query request rejected")
-
-    with alloc_fail(dev[0], 1, "gas_query_req;gas_send_request"):
-        if "FAIL" not in dev[0].request("GAS_REQUEST " + bssid + " 42"):
-            raise Exception("GAS query request rejected")
-
-    with alloc_fail(dev[0], 1, "wpabuf_dup;gas_resp_cb"):
-        if "OK" not in dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101"):
-            raise Exception("GAS query request rejected")
-        ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
-        if ev is None:
-            raise Exception("No GAS response")
-        if "status_code=0" not in ev:
-            raise Exception("GAS response indicated a failure")
-
-def test_gas_max_pending(dev, apdev):
-    """GAS and maximum pending query limit"""
-    hapd = start_ap(apdev[0])
-    hapd.set("gas_frag_limit", "50")
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.request("P2P_SET listen_channel 1"):
-        raise Exception("Failed to set listen channel")
-    if "OK" not in wpas.p2p_listen():
-        raise Exception("Failed to start listen state")
-    if "FAIL" in wpas.request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    anqp_query = struct.pack('<HHHHHHHHHH', 256, 16, 257, 258, 260, 261, 262, 263, 264, 268)
-    gas = struct.pack('<H', len(anqp_query)) + anqp_query
-
-    for dialog_token in range(1, 10):
-        msg = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                          dialog_token) + anqp_adv_proto() + gas
-        req = "MGMT_TX {} {} freq=2412 wait_time=10 action={}".format(bssid, bssid, binascii.hexlify(msg).decode())
-        if "OK" not in wpas.request(req):
-            raise Exception("Could not send management frame")
-        resp = wpas.mgmt_rx()
-        if resp is None:
-            raise Exception("MGMT-RX timeout")
-        if 'payload' not in resp:
-            raise Exception("Missing payload")
-        gresp = parse_gas(resp['payload'])
-        if gresp['dialog_token'] != dialog_token:
-            raise Exception("Dialog token mismatch")
-        status_code = gresp['status_code']
-        if dialog_token < 9 and status_code != 0:
-            raise Exception("Unexpected failure status code {} for dialog token {}".format(status_code, dialog_token))
-        if dialog_token > 8 and status_code == 0:
-            raise Exception("Unexpected success status code {} for dialog token {}".format(status_code, dialog_token))
-
-def test_gas_no_pending(dev, apdev):
-    """GAS and no pending query for comeback request"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.request("P2P_SET listen_channel 1"):
-        raise Exception("Failed to set listen channel")
-    if "OK" not in wpas.p2p_listen():
-        raise Exception("Failed to start listen state")
-    if "FAIL" in wpas.request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    msg = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_COMEBACK_REQUEST, 1)
-    req = "MGMT_TX {} {} freq=2412 wait_time=10 action={}".format(bssid, bssid, binascii.hexlify(msg).decode())
-    if "OK" not in wpas.request(req):
-        raise Exception("Could not send management frame")
-    resp = wpas.mgmt_rx()
-    if resp is None:
-        raise Exception("MGMT-RX timeout")
-    if 'payload' not in resp:
-        raise Exception("Missing payload")
-    gresp = parse_gas(resp['payload'])
-    status_code = gresp['status_code']
-    if status_code != 60:
-        raise Exception("Unexpected status code {} (expected 60)".format(status_code))
-
-def test_gas_delete_at_deinit(dev, apdev):
-    """GAS query deleted at deinit"""
-    hapd = start_ap(apdev[0])
-    hapd.set("gas_comeback_delay", "1000")
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    wpas.request("ANQP_GET " + bssid + " 258")
-
-    wpas.global_request("INTERFACE_REMOVE " + wpas.ifname)
-    ev = wpas.wait_event(["GAS-QUERY-DONE"], timeout=2)
-    del wpas
-    if ev is None:
-        raise Exception("GAS-QUERY-DONE not seen")
-    if "result=DELETED_AT_DEINIT" not in ev:
-        raise Exception("Unexpected result code: " + ev)
-
-def test_gas_missing_payload(dev, apdev):
-    """No action code in the query frame"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    cmd = "MGMT_TX {} {} freq=2412 action=040A".format(bssid, bssid)
-    if "FAIL" in dev[0].request(cmd):
-        raise Exception("Could not send test Action frame")
-    ev = dev[0].wait_event(["MGMT-TX-STATUS"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on MGMT-TX-STATUS")
-    if "result=SUCCESS" not in ev:
-        raise Exception("AP did not ack Action frame")
-
-    cmd = "MGMT_TX {} {} freq=2412 action=04".format(bssid, bssid)
-    if "FAIL" in dev[0].request(cmd):
-        raise Exception("Could not send test Action frame")
-    ev = dev[0].wait_event(["MGMT-TX-STATUS"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on MGMT-TX-STATUS")
-    if "result=SUCCESS" not in ev:
-        raise Exception("AP did not ack Action frame")
-
-def test_gas_query_deinit(dev, apdev):
-    """Pending GAS/ANQP query during deinit"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-
-    wpas.scan_for_bss(bssid, freq="2412", force_scan=True)
-    id = wpas.request("RADIO_WORK add block-work")
-    if "OK" not in wpas.request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start (2)")
-
-    # Remove the interface while the gas-query radio work is still pending and
-    # GAS query has not yet been started.
-    wpas.interface_remove("wlan5")
-
-@remote_compatible
-def test_gas_anqp_oom_wpas(dev, apdev):
-    """GAS/ANQP query and OOM in wpa_supplicant"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    with alloc_fail(dev[0], 1, "wpa_bss_anqp_alloc"):
-        if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-            raise Exception("ANQP_GET command failed")
-        ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
-        if ev is None:
-            raise Exception("ANQP query did not complete")
-
-    with alloc_fail(dev[0], 1, "gas_build_req"):
-        if "FAIL" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-            raise Exception("Unexpected ANQP_GET command success (OOM)")
-
-def test_gas_anqp_oom_hapd(dev, apdev):
-    """GAS/ANQP query and OOM in hostapd"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    with alloc_fail(hapd, 1, "gas_build_resp"):
-        # This query will time out due to the AP not sending a response (OOM).
-        if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-            raise Exception("ANQP_GET command failed")
-
-        ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-        if ev is None:
-            raise Exception("GAS query start timed out")
-
-        ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-        if ev is None:
-            raise Exception("GAS query timed out")
-        if "result=TIMEOUT" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-        ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-        if ev is None:
-            raise Exception("ANQP-QUERY-DONE event not seen")
-        if "result=FAILURE" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-    with alloc_fail(hapd, 1, "gas_anqp_build_comeback_resp"):
-        hapd.set("gas_frag_limit", "50")
-
-        # The first attempt of this query will time out due to the AP not
-        # sending a response (OOM), but the retry succeeds.
-        dev[0].request("FETCH_ANQP")
-        ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-        if ev is None:
-            raise Exception("GAS query start timed out")
-
-        ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-        if ev is None:
-            raise Exception("GAS query timed out")
-        if "result=SUCCESS" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-        ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-        if ev is None:
-            raise Exception("ANQP-QUERY-DONE event not seen")
-        if "result=SUCCESS" not in ev:
-            raise Exception("Unexpected result: " + ev)
-
-def test_gas_anqp_extra_elements(dev, apdev):
-    """GAS/ANQP and extra ANQP elements"""
-    geo_loc = "001052834d12efd2b08b9b4bf1cc2c00004104050000000000060100"
-    civic_loc = "0000f9555302f50102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5"
-    held_uri = "https://held.example.com/location"
-    held = struct.pack('BBB', 0, 1 + len(held_uri), 1) + held_uri.encode()
-    supl_fqdn = "supl.example.com"
-    supl = struct.pack('BBB', 0, 1 + len(supl_fqdn), 1) + supl_fqdn.encode()
-    public_id = binascii.hexlify(held + supl).decode()
-    params = {"ssid": "gas/anqp",
-              "interworking": "1",
-              "anqp_elem": ["265:" + geo_loc,
-                            "266:" + civic_loc,
-                            "262:1122334455",
-                            "267:" + public_id,
-                            "279:01020304",
-                            "60000:01",
-                            "299:0102"]}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].flush_scan_cache()
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 265,266"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    bss = dev[0].get_bss(bssid)
-
-    if 'anqp[265]' not in bss:
-        raise Exception("AP Geospatial Location ANQP-element not seen")
-    if bss['anqp[265]'] != geo_loc:
-        raise Exception("Unexpected AP Geospatial Location ANQP-element value: " + bss['anqp[265]'])
-
-    if 'anqp[266]' not in bss:
-        raise Exception("AP Civic Location ANQP-element not seen")
-    if bss['anqp[266]'] != civic_loc:
-        raise Exception("Unexpected AP Civic Location ANQP-element value: " + bss['anqp[266]'])
-
-    dev[1].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[1].request("ANQP_GET " + bssid + " 257,258,259,260,261,262,263,264,265,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    bss = dev[1].get_bss(bssid)
-
-    if 'anqp[265]' not in bss:
-        raise Exception("AP Geospatial Location ANQP-element not seen")
-    if bss['anqp[265]'] != geo_loc:
-        raise Exception("Unexpected AP Geospatial Location ANQP-element value: " + bss['anqp[265]'])
-
-    if 'anqp[266]' in bss:
-        raise Exception("AP Civic Location ANQP-element unexpectedly seen")
-
-    if 'anqp[267]' not in bss:
-        raise Exception("AP Location Public Identifier ANQP-element not seen")
-    if bss['anqp[267]'] != public_id:
-        raise Exception("Unexpected AP Location Public Identifier ANQP-element value: " + bss['anqp[267]'])
-
-    if 'anqp[279]' not in bss:
-        raise Exception("ANQP-element Info ID 279 not seen")
-    if bss['anqp[279]'] != "01020304":
-        raise Exception("Unexpected AP ANQP-element Info ID 279 value: " + bss['anqp[279]'])
-
-    if 'anqp[299]' not in bss:
-        raise Exception("ANQP-element Info ID 299 not seen")
-    if bss['anqp[299]'] != "0102":
-        raise Exception("Unexpected AP ANQP-element Info ID 299 value: " + bss['anqp[299]'])
-
-    if 'anqp_ip_addr_type_availability' not in bss:
-        raise Exception("ANQP-element Info ID 292 not seen")
-    if bss['anqp_ip_addr_type_availability'] != "1122334455":
-        raise Exception("Unexpected AP ANQP-element Info ID 262 value: " + bss['anqp_ip_addr_type_availability'])
-
-def test_gas_anqp_address3_not_assoc(dev, apdev, params):
-    """GAS/ANQP query using IEEE 802.11 compliant Address 3 value when not associated"""
-    try:
-        _test_gas_anqp_address3_not_assoc(dev, apdev, params)
-    finally:
-        dev[0].request("SET gas_address3 0")
-
-def _test_gas_anqp_address3_not_assoc(dev, apdev, params):
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    if "OK" not in dev[0].request("SET gas_address3 1"):
-        raise Exception("Failed to set gas_address3")
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan_mgt.fixed.category_code == 4 && (wlan_mgt.fixed.publicact == 0x0a || wlan_mgt.fixed.publicact == 0x0b)",
-                     display=["wlan.bssid"])
-    res = out.splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected number of GAS frames")
-    if res[0] != 'ff:ff:ff:ff:ff:ff':
-        raise Exception("GAS request used unexpected Address3 field value: " + res[0])
-    if res[1] != 'ff:ff:ff:ff:ff:ff':
-        raise Exception("GAS response used unexpected Address3 field value: " + res[1])
-
-def test_gas_anqp_address3_assoc(dev, apdev, params):
-    """GAS/ANQP query using IEEE 802.11 compliant Address 3 value when associated"""
-    try:
-        _test_gas_anqp_address3_assoc(dev, apdev, params)
-    finally:
-        dev[0].request("SET gas_address3 0")
-
-def _test_gas_anqp_address3_assoc(dev, apdev, params):
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    if "OK" not in dev[0].request("SET gas_address3 1"):
-        raise Exception("Failed to set gas_address3")
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem", scan_freq="2412")
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan_mgt.fixed.category_code == 4 && (wlan_mgt.fixed.publicact == 0x0a || wlan_mgt.fixed.publicact == 0x0b)",
-                     display=["wlan.bssid"])
-    res = out.splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected number of GAS frames")
-    if res[0] != bssid:
-        raise Exception("GAS request used unexpected Address3 field value: " + res[0])
-    if res[1] != bssid:
-        raise Exception("GAS response used unexpected Address3 field value: " + res[1])
-
-def test_gas_anqp_address3_ap_forced(dev, apdev, params):
-    """GAS/ANQP query using IEEE 802.11 compliant Address 3 value on AP"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-    hapd.set("gas_address3", "1")
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan_mgt.fixed.category_code == 4 && (wlan_mgt.fixed.publicact == 0x0a || wlan_mgt.fixed.publicact == 0x0b)",
-                     display=["wlan.bssid"])
-    res = out.splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected number of GAS frames")
-    if res[0] != bssid:
-        raise Exception("GAS request used unexpected Address3 field value: " + res[0])
-    if res[1] != 'ff:ff:ff:ff:ff:ff':
-        raise Exception("GAS response used unexpected Address3 field value: " + res[1])
-
-def test_gas_anqp_address3_ap_non_compliant(dev, apdev, params):
-    """GAS/ANQP query using IEEE 802.11 non-compliant Address 3 (AP)"""
-    try:
-        _test_gas_anqp_address3_ap_non_compliant(dev, apdev, params)
-    finally:
-        dev[0].request("SET gas_address3 0")
-
-def _test_gas_anqp_address3_ap_non_compliant(dev, apdev, params):
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-    hapd.set("gas_address3", "2")
-
-    if "OK" not in dev[0].request("SET gas_address3 1"):
-        raise Exception("Failed to set gas_address3")
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan_mgt.fixed.category_code == 4 && (wlan_mgt.fixed.publicact == 0x0a || wlan_mgt.fixed.publicact == 0x0b)",
-                     display=["wlan.bssid"])
-    res = out.splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected number of GAS frames")
-    if res[0] != 'ff:ff:ff:ff:ff:ff':
-        raise Exception("GAS request used unexpected Address3 field value: " + res[0])
-    if res[1] != bssid:
-        raise Exception("GAS response used unexpected Address3 field value: " + res[1])
-
-def test_gas_anqp_address3_pmf(dev, apdev):
-    """GAS/ANQP query using IEEE 802.11 compliant Address 3 value with PMF"""
-    try:
-        _test_gas_anqp_address3_pmf(dev, apdev)
-    finally:
-        dev[0].request("SET gas_address3 0")
-
-def _test_gas_anqp_address3_pmf(dev, apdev):
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-    hapd.set("gas_comeback_delay", "2")
-    hapd.set("gas_address3", "1")
-
-    if "OK" not in dev[0].request("SET gas_address3 1"):
-        raise Exception("Failed to set gas_address3")
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem", scan_freq="2412",
-                   ieee80211w="2")
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
-    if ev is None or "Venue Name" not in ev:
-        raise Exception("Did not receive Venue Name")
-
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("ANQP-QUERY-DONE event not seen")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected result: " + ev)
-
-    req = dev[0].request("GAS_REQUEST " + bssid + " 42 000102000101")
-    if "FAIL" in req:
-        raise Exception("GAS query request rejected")
-    expect_gas_result(dev[0], "FAILURE", "59")
-
-def test_gas_prot_vs_not_prot(dev, apdev, params):
-    """GAS/ANQP query protected vs. not protected"""
-    hapd = start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS",
-                   identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
-                   password="password", phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem", scan_freq="2412",
-                   ieee80211w="2")
-
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-    if ev is None:
-        raise Exception("No GAS-QUERY-DONE event")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected GAS result: " + ev)
-
-    # GAS: Drop unexpected unprotected GAS frame when PMF is enabled
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    res = dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=d0003a010200000000000200000003000200000003001000040b00000005006c027f000000")
-    dev[0].request("SET ext_mgmt_frame_handling 0")
-    if "OK" not in res:
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # GAS: No pending query found for 02:00:00:00:03:00 dialog token 0
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    res = dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=d0003a010200000000000200000003000200000003001000040b00000005006c027f000000")
-    dev[0].request("SET ext_mgmt_frame_handling 0")
-    if "OK" not in res:
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # GAS: Drop unexpected protected GAS frame when PMF is disabled
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    res = dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=d0003a010200000000000200000003000200000003001000090b00000005006c027f000000")
-    dev[0].request("SET ext_mgmt_frame_handling 0")
-    if "OK" not in res:
-        raise Exception("MGMT_RX_PROCESS failed")
-
-def test_gas_failures(dev, apdev):
-    """GAS failure cases"""
-    hapd = start_ap(apdev[0])
-    hapd.set("gas_comeback_delay", "5")
-    bssid = apdev[0]['bssid']
-
-    hapd2 = start_ap(apdev[1])
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    tests = [(bssid, "gas_build_req;gas_query_tx_comeback_req"),
-             (bssid, "gas_query_tx;gas_query_tx_comeback_req"),
-             (bssid, "gas_query_append;gas_query_rx_comeback"),
-             (bssid2, "gas_query_append;gas_query_rx_initial"),
-             (bssid2, "wpabuf_alloc_copy;gas_query_rx_initial"),
-             (bssid, "gas_query_tx;gas_query_tx_initial_req")]
-    for addr, func in tests:
-        with alloc_fail(dev[0], 1, func):
-            dev[0].request("ANQP_GET " + addr + " 258")
-            ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-            if ev is None:
-                raise Exception("No GAS-QUERY-DONE seen")
-            if "result=INTERNAL_ERROR" not in ev:
-                raise Exception("Unexpected result code: " + ev)
-        dev[0].dump_monitor()
-
-    tests = ["=gas_query_req", "radio_add_work;gas_query_req"]
-    for func in tests:
-        with alloc_fail(dev[0], 1, func):
-            if "FAIL" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-                raise Exception("ANQP_GET succeeded unexpectedly during OOM")
-        dev[0].dump_monitor()
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.scan_for_bss(bssid2, freq="2412")
-    wpas.request("SET preassoc_mac_addr 1111")
-    wpas.request("ANQP_GET " + bssid2 + " 258")
-    ev = wpas.wait_event(["Failed to assign random MAC address for GAS"],
-                         timeout=5)
-    wpas.request("SET preassoc_mac_addr 0")
-    if ev is None:
-        raise Exception("No random MAC address error seen")
-
-def test_gas_anqp_venue_url(dev, apdev):
-    """GAS/ANQP and Venue URL"""
-    venue_group = 1
-    venue_type = 13
-    venue_info = struct.pack('BB', venue_group, venue_type)
-    lang1 = "eng"
-    name1 = "Example venue"
-    lang2 = "fin"
-    name2 = "Esimerkkipaikka"
-    venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
-    venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
-    venue_name = binascii.hexlify(venue_info + venue1 + venue2).decode()
-
-    url1 = b"http://example.com/venue"
-    url2 = b"https://example.org/venue-info/"
-    duple1 = struct.pack('BB', 1 + len(url1), 1) + url1
-    duple2 = struct.pack('BB', 1 + len(url2), 2) + url2
-    venue_url = binascii.hexlify(duple1 + duple2).decode()
-
-    params = {"ssid": "gas/anqp",
-              "interworking": "1",
-              "venue_group": str(venue_group),
-              "venue_type": str(venue_type),
-              "venue_name": [lang1 + ":" + name1, lang2 + ":" + name2],
-              "anqp_elem": ["277:" + venue_url]}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 257,258,277"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-VENUE-URL"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected Venue URL indication without PMF")
-
-    bss = dev[0].get_bss(bssid)
-
-    if 'anqp_venue_name' not in bss:
-        raise Exception("Venue Name ANQP-element not seen")
-    if bss['anqp_venue_name'] != venue_name:
-        raise Exception("Unexpected Venue Name ANQP-element value: " + bss['anqp_venue_name'])
-    if 'anqp[277]' not in bss:
-        raise Exception("Venue URL ANQP-element not seen")
-    if bss['anqp[277]'] != venue_url:
-        raise Exception("Unexpected Venue URL ANQP-element value: " + bss['anqp[277]'])
-
-    if 'anqp_capability_list' not in bss:
-        raise Exception("Capability List ANQP-element not seen")
-    ids = struct.pack('<HHH', 257, 258, 277)
-    if not bss['anqp_capability_list'].startswith(binascii.hexlify(ids).decode()):
-        raise Exception("Unexpected Capability List ANQP-element value: " + bss['anqp_capability_list'])
-
-    if "anqp[277]" not in bss:
-        raise Exception("Venue-URL ANQP info not available")
-    if "protected-anqp-info[277]" in bss:
-        raise Exception("Unexpected Venue-URL protection info")
-
-def test_gas_anqp_venue_url2(dev, apdev):
-    """GAS/ANQP and Venue URL (hostapd venue_url)"""
-    venue_group = 1
-    venue_type = 13
-    venue_info = struct.pack('BB', venue_group, venue_type)
-    lang1 = "eng"
-    name1 = "Example venue"
-    lang2 = "fin"
-    name2 = "Esimerkkipaikka"
-    venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
-    venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
-    venue_name = binascii.hexlify(venue_info + venue1 + venue2).decode()
-
-    url1 = "http://example.com/venue"
-    url2 = "https://example.org/venue-info/"
-    duple1 = struct.pack('BB', 1 + len(url1.encode()), 1) + url1.encode()
-    duple2 = struct.pack('BB', 1 + len(url2.encode()), 2) + url2.encode()
-    venue_url = binascii.hexlify(duple1 + duple2).decode()
-
-    params = {"ssid": "gas/anqp",
-              "interworking": "1",
-              "venue_group": str(venue_group),
-              "venue_type": str(venue_type),
-              "venue_name": [lang1 + ":" + name1, lang2 + ":" + name2],
-              "venue_url": ["1:" + url1, "2:" + url2]}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 257,258,277"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    bss = dev[0].get_bss(bssid)
-
-    if 'anqp_venue_name' not in bss:
-        raise Exception("Venue Name ANQP-element not seen")
-    if bss['anqp_venue_name'] != venue_name:
-        raise Exception("Unexpected Venue Name ANQP-element value: " + bss['anqp_venue_name'])
-    if 'anqp[277]' not in bss:
-        raise Exception("Venue URL ANQP-element not seen")
-    if bss['anqp[277]'] != venue_url:
-        print(venue_url)
-        raise Exception("Unexpected Venue URL ANQP-element value: " + bss['anqp[277]'])
-
-    if 'anqp_capability_list' not in bss:
-        raise Exception("Capability List ANQP-element not seen")
-    ids = struct.pack('<HHH', 257, 258, 277)
-    if not bss['anqp_capability_list'].startswith(binascii.hexlify(ids).decode()):
-        raise Exception("Unexpected Capability List ANQP-element value: " + bss['anqp_capability_list'])
-
-def test_gas_anqp_venue_url_pmf(dev, apdev):
-    """GAS/ANQP and Venue URL with PMF"""
-    venue_group = 1
-    venue_type = 13
-    venue_info = struct.pack('BB', venue_group, venue_type)
-    lang1 = "eng"
-    name1 = "Example venue"
-    lang2 = "fin"
-    name2 = "Esimerkkipaikka"
-    venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
-    venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
-    venue_name = binascii.hexlify(venue_info + venue1 + venue2)
-
-    url1 = "http://example.com/venue"
-    url2 = "https://example.org/venue-info/"
-
-    params = {"ssid": "gas/anqp/pmf",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": "CCMP",
-              "wpa_passphrase": "12345678",
-              "ieee80211w": "2",
-              "interworking": "1",
-              "venue_group": str(venue_group),
-              "venue_type": str(venue_type),
-              "venue_name": [lang1 + ":" + name1, lang2 + ":" + name2],
-              "venue_url": ["1:" + url1, "2:" + url2]}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect("gas/anqp/pmf", psk="12345678", ieee80211w="2",
-                   scan_freq="2412")
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 277"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    ev = dev[0].wait_event(["RX-VENUE-URL"], timeout=5)
-    if ev is None:
-        raise Exception("No Venue URL indication seen")
-    if "1 " + url1 not in ev:
-        raise Exception("Unexpected Venue URL information: " + ev)
-
-    ev = dev[0].wait_event(["RX-VENUE-URL"], timeout=5)
-    if ev is None:
-        raise Exception("No Venue URL indication seen (2)")
-    if "2 " + url2 not in ev:
-        raise Exception("Unexpected Venue URL information (2): " + ev)
-
-    bss = dev[0].get_bss(bssid)
-    if "anqp[277]" not in bss:
-        raise Exception("Venue-URL ANQP info not available")
-    if "protected-anqp-info[277]" not in bss:
-        raise Exception("Venue-URL protection info not available")
-    if bss["protected-anqp-info[277]"] != "1":
-        raise Exception("Venue-URL was not indicated to be protected")
-
-def test_gas_anqp_capab_list(dev, apdev):
-    """GAS/ANQP and Capability List ANQP-element"""
-    params = {"ssid": "gas/anqp",
-              "interworking": "1"}
-    params["anqp_elem"] = []
-    for i in range(0, 400):
-        if i not in [257]:
-            params["anqp_elem"] += ["%d:010203" % i]
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 257"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    bss = dev[0].get_bss(bssid)
-
-    if 'anqp_capability_list' not in bss:
-        raise Exception("Capability List ANQP-element not seen")
-    val = bss['anqp_capability_list']
-    logger.info("anqp_capability_list: " + val)
-    ids = []
-    while len(val) >= 4:
-        id_bin = binascii.unhexlify(val[0:4])
-        id = struct.unpack('<H', id_bin)[0]
-        if id == 0xdddd:
-            break
-        ids.append(id)
-        val = val[4:]
-    logger.info("InfoIDs: " + str(ids))
-    for i in range(257, 300):
-        if i in [273, 274]:
-            continue
-        if i not in ids:
-            raise Exception("Unexpected Capability List ANQP-element value (missing %d): %s" % (i, bss['anqp_capability_list']))
-
-def test_gas_server_oom(dev, apdev):
-    """GAS server OOM"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['gas_comeback_delay'] = "5"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-
-    tests = ["ap_sta_add;gas_dialog_create",
-             "=gas_dialog_create",
-             "wpabuf_alloc_copy;gas_serv_rx_gas_comeback_req"]
-    for t in tests:
-        with alloc_fail(hapd, 1, t):
-            if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-                raise Exception("ANQP_GET command failed")
-            ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-            if ev is None:
-                raise Exception("No GAS-QUERY-DONE seen")
-            dev[0].dump_monitor()
-
-    hapd.set("gas_comeback_delay", "0")
-
-    tests = ["gas_serv_build_gas_resp_payload"]
-    for t in tests:
-        with alloc_fail(hapd, 1, t):
-            if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"):
-                raise Exception("ANQP_GET command failed")
-            ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-            if ev is None:
-                raise Exception("No GAS-QUERY-DONE seen")
-            dev[0].dump_monitor()
-
-    with alloc_fail(hapd, 1,
-                    "gas_build_initial_resp;gas_serv_rx_gas_initial_req"):
-        req = dev[0].request("GAS_REQUEST " + bssid + " 42 000102000101")
-        if "FAIL" in req:
-            raise Exception("GAS query request rejected")
-        ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-        if ev is None:
-            raise Exception("No GAS-QUERY-DONE seen")
-        dev[0].dump_monitor()
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.request("P2P_SET listen_channel 1"):
-        raise Exception("Failed to set listen channel")
-    if "OK" not in wpas.p2p_listen():
-        raise Exception("Failed to start listen state")
-    if "FAIL" in wpas.request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    msg = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_COMEBACK_REQUEST, 1)
-    req = "MGMT_TX {} {} freq=2412 wait_time=10 action={}".format(bssid, bssid, binascii.hexlify(msg).decode())
-    with alloc_fail(hapd, 1,
-                    "gas_anqp_build_comeback_resp_buf;gas_serv_rx_gas_comeback_req"):
-        if "OK" not in wpas.request(req):
-            raise Exception("Could not send management frame")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-def test_gas_anqp_overrides(dev, apdev):
-    """GAS and ANQP overrides"""
-    params = {"ssid": "gas/anqp",
-              "interworking": "1",
-              "anqp_elem": ["257:111111",
-                            "258:222222",
-                            "260:333333",
-                            "261:444444",
-                            "262:555555",
-                            "263:666666",
-                            "264:777777",
-                            "268:888888",
-                            "275:999999"]}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    if "OK" not in dev[0].request("ANQP_GET " + bssid + " 257,258,260,261,262,263,264,268,275"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    elems = 9
-    capa = dev[0].get_capability("fils")
-    if capa is None or "FILS" not in capa:
-        # FILS Realm Info not supported in the build
-        elems -= 1
-    for i in range(elems):
-        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
-        if ev is None:
-            raise Exception("ANQP response not seen")
-
-def test_gas_no_dialog_token_match(dev, apdev):
-    """GAS and no dialog token match for comeback request"""
-    hapd = start_ap(apdev[0])
-    hapd.set("gas_frag_limit", "50")
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.request("P2P_SET listen_channel 1"):
-        raise Exception("Failed to set listen channel")
-    if "OK" not in wpas.p2p_listen():
-        raise Exception("Failed to start listen state")
-    if "FAIL" in wpas.request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    anqp_query = struct.pack('<HHHHHHHHHH', 256, 16, 257, 258, 260, 261, 262, 263, 264, 268)
-    gas = struct.pack('<H', len(anqp_query)) + anqp_query
-
-    dialog_token = 100
-    msg = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                      dialog_token) + anqp_adv_proto() + gas
-    req = "MGMT_TX {} {} freq=2412 wait_time=10 action={}".format(bssid, bssid, binascii.hexlify(msg).decode())
-    if "OK" not in wpas.request(req):
-        raise Exception("Could not send management frame")
-    resp = wpas.mgmt_rx()
-    if resp is None:
-        raise Exception("MGMT-RX timeout")
-    if 'payload' not in resp:
-        raise Exception("Missing payload")
-    gresp = parse_gas(resp['payload'])
-    if gresp['dialog_token'] != dialog_token:
-        raise Exception("Dialog token mismatch")
-    status_code = gresp['status_code']
-    if status_code != 0:
-        raise Exception("Unexpected status code {}".format(status_code))
-
-    msg = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_COMEBACK_REQUEST,
-                      dialog_token + 1)
-    req = "MGMT_TX {} {} freq=2412 wait_time=10 action={}".format(bssid, bssid, binascii.hexlify(msg).decode())
-    if "OK" not in wpas.request(req):
-        raise Exception("Could not send management frame")
-    resp = wpas.mgmt_rx()
-    if resp is None:
-        raise Exception("MGMT-RX timeout")
-    if 'payload' not in resp:
-        raise Exception("Missing payload")
-    gresp = parse_gas(resp['payload'])
-    status_code = gresp['status_code']
-    if status_code != 60:
-        raise Exception("Unexpected failure status code {}".format(status_code))
-
-def test_gas_vendor_spec_errors(dev, apdev):
-    """GAS and vendor specific request error cases"""
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['osu_server_uri'] = "uri"
-    params['hs20_icon'] = "32:32:eng:image/png:icon32:/tmp/icon32.png"
-    del params['nai_realm']
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    tests = ["00 12340000",
-             "00 dddd0300506fff",
-             "00 dddd0400506fffff",
-             "00 dddd0400506f9aff",
-             "00 dddd0400506f9a11",
-             "00 dddd0600506f9a11ff00",
-             "00 dddd0600506f9a110600",
-             "00 dddd0600506f9a110600",
-             "00 dddd0700506f9a11060000",
-             "00 dddd0700506f9a110600ff",
-             "00 dddd0800506f9a110600ff00",
-             "00 dddd0900506f9a110600ff0000",
-             "00 dddd0900506f9a110600ff0001",
-             "00 dddd0900506f9a110600ffff00",
-             "00 dddd0a00506f9a110600ff00013b",
-             "00 dddd0700506f9a110100ff",
-             "00 dddd0700506f9a11010008",
-             "00 dddd14",
-             "00 dddd1400506f9a11"]
-    for t in tests:
-        req = dev[0].request("GAS_REQUEST " + bssid + " " + t)
-        if "FAIL" in req:
-            raise Exception("GAS query request rejected")
-        ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5)
-        if ev is None:
-            raise Exception("GAS query did not start")
-        ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
-        if ev is None:
-            raise Exception("GAS query did not complete")
-        if t == "00 dddd0600506f9a110600":
-            hapd.set("nai_realm", "0,another.example.com")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.request("P2P_SET listen_channel 1"):
-        raise Exception("Failed to set listen channel")
-    if "OK" not in wpas.p2p_listen():
-        raise Exception("Failed to start listen state")
-    if "FAIL" in wpas.request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    anqp_query = struct.pack('<HHHHHHHHHH', 256, 16, 257, 258, 260, 261, 262, 263, 264, 268)
-    gas = struct.pack('<H', len(anqp_query)) + anqp_query
-
-    dialog_token = 100
-    adv = struct.pack('BBBB', 109, 2, 0, 0)
-    adv2 = struct.pack('BBB', 108, 1, 0)
-    adv3 = struct.pack('BBBB', 108, 3, 0, 0)
-    msg = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                      dialog_token) + adv + gas
-    msg2 = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                       dialog_token) + adv2 + gas
-    msg3 = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                       dialog_token) + adv3
-    msg4 = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                       dialog_token) + anqp_adv_proto()
-    msg5 = struct.pack('<BBB', ACTION_CATEG_PUBLIC, GAS_INITIAL_REQUEST,
-                       dialog_token) + anqp_adv_proto() + struct.pack('<H', 1)
-    msg6 = struct.pack('<BB', ACTION_CATEG_PUBLIC, GAS_COMEBACK_REQUEST)
-    tests = [msg, msg2, msg3, msg4, msg5, msg6]
-    for t in tests:
-        req = "MGMT_TX {} {} freq=2412 wait_time=10 action={}".format(bssid, bssid, binascii.hexlify(t).decode())
-        if "OK" not in wpas.request(req):
-            raise Exception("Could not send management frame")
-        ev = wpas.wait_event(["MGMT-TX-STATUS"], timeout=5)
-        if ev is None:
-            raise Exception("No ACK frame seen")
diff --git a/tests/hwsim/test_hapd_ctrl.py b/tests/hwsim/test_hapd_ctrl.py
deleted file mode 100644
index 9cf8ac73ce33..000000000000
--- a/tests/hwsim/test_hapd_ctrl.py
+++ /dev/null
@@ -1,1077 +0,0 @@
-# hostapd control interface
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os
-from remotehost import remote_compatible
-import hostapd
-import hwsim_utils
-from utils import *
-
-@remote_compatible
-def test_hapd_ctrl_status(dev, apdev):
-    """hostapd ctrl_iface STATUS commands"""
-    ssid = "hapd-ctrl"
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    status = hapd.get_status()
-    logger.info("STATUS: " + str(status))
-    driver = hapd.get_driver_status()
-    logger.info("STATUS-DRIVER: " + str(driver))
-
-    if status['bss[0]'] != apdev[0]['ifname']:
-        raise Exception("Unexpected bss[0]")
-    if status['ssid[0]'] != ssid:
-        raise Exception("Unexpected ssid[0]")
-    if status['bssid[0]'] != bssid:
-        raise Exception("Unexpected bssid[0]")
-    if status['freq'] != "2412":
-        raise Exception("Unexpected freq")
-    if status['beacon_int'] != "100":
-        raise Exception("Unexpected beacon_int")
-    if status['dtim_period'] != "2":
-        raise Exception("Unexpected dtim_period")
-    if "max_txpower" not in status:
-        raise Exception("Missing max_txpower")
-    if "ht_caps_info" not in status:
-        raise Exception("Missing ht_caps_info")
-
-    if driver['beacon_set'] != "1":
-        raise Exception("Unexpected beacon_set")
-    if driver['addr'] != bssid:
-        raise Exception("Unexpected addr")
-
-@remote_compatible
-def test_hapd_ctrl_p2p_manager(dev, apdev):
-    """hostapd as P2P Device manager"""
-    ssid = "hapd-p2p-mgr"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['manage_p2p'] = '1'
-    params['allow_cross_connection'] = '0'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " p2p=2"):
-        raise Exception("DEAUTHENTICATE command failed")
-    dev[0].wait_disconnected(timeout=5)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    if "OK" not in hapd.request("DISASSOCIATE " + addr + " p2p=2"):
-        raise Exception("DISASSOCIATE command failed")
-    dev[0].wait_disconnected(timeout=5)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-@remote_compatible
-def test_hapd_ctrl_sta(dev, apdev):
-    """hostapd and STA ctrl_iface commands"""
-    try:
-        run_hapd_ctrl_sta(dev, apdev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_hapd_ctrl_sta(dev, apdev):
-    ssid = "hapd-ctrl-sta"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    hglobal = hostapd.HostapdGlobal(apdev[0])
-    dev[0].request("VENDOR_ELEM_ADD 13 2102ff02")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    addr = dev[0].own_addr()
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=2)
-    if ev is None:
-        raise Exception("No hostapd per-interface event reported")
-    ev2 = hglobal.wait_event(["AP-STA-CONNECTED"], timeout=2)
-    if ev2 is None:
-        raise Exception("No hostapd global event reported")
-    if not ev2.startswith("IFNAME=" + apdev[0]['ifname'] + " <"):
-        raise Exception("Unexpected global event prefix: " + ev2)
-    if ev not in ev2:
-        raise Exception("Event mismatch (%s,%s)" % (ev, ev2))
-    if "FAIL" in hapd.request("STA " + addr):
-        raise Exception("Unexpected STA failure")
-    if "FAIL" not in hapd.request("STA " + addr + " eapol"):
-        raise Exception("Unexpected STA-eapol success")
-    if "FAIL" not in hapd.request("STA " + addr + " foo"):
-        raise Exception("Unexpected STA-foo success")
-    if "FAIL" not in hapd.request("STA 00:11:22:33:44"):
-        raise Exception("Unexpected STA success")
-    if "FAIL" not in hapd.request("STA 00:11:22:33:44:55"):
-        raise Exception("Unexpected STA success")
-
-    if len(hapd.request("STA-NEXT " + addr).splitlines()) > 0:
-        raise Exception("Unexpected STA-NEXT result")
-    if "FAIL" not in hapd.request("STA-NEXT 00:11:22:33:44"):
-        raise Exception("Unexpected STA-NEXT success")
-
-    sta = hapd.get_sta(addr)
-    logger.info("STA: " + str(sta))
-    if "ext_capab" not in sta:
-        raise Exception("Missing ext_capab in STA output")
-    if 'ht_caps_info' not in sta:
-        raise Exception("Missing ht_caps_info in STA output")
-    if 'min_txpower' not in sta:
-        raise Exception("Missing min_txpower in STA output")
-    if 'max_txpower' not in sta:
-        raise Exception("Missing min_txpower in STA output")
-    if sta['min_txpower'] != '-1':
-        raise Exception("Unxpected min_txpower value: " + sta['min_txpower'])
-    if sta['max_txpower'] != '2':
-        raise Exception("Unxpected max_txpower value: " + sta['max_txpower'])
-
-@remote_compatible
-def test_hapd_ctrl_disconnect(dev, apdev):
-    """hostapd and disconnection ctrl_iface commands"""
-    ssid = "hapd-ctrl"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    addr = dev[0].p2p_dev_addr()
-
-    if "FAIL" not in hapd.request("DEAUTHENTICATE 00:11:22:33:44"):
-        raise Exception("Unexpected DEAUTHENTICATE success")
-
-    if "OK" not in hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff"):
-        raise Exception("Unexpected DEAUTHENTICATE failure")
-    dev[0].wait_disconnected(timeout=5)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    if "FAIL" not in hapd.request("DISASSOCIATE 00:11:22:33:44"):
-        raise Exception("Unexpected DISASSOCIATE success")
-
-    if "OK" not in hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff"):
-        raise Exception("Unexpected DISASSOCIATE failure")
-    dev[0].wait_disconnected(timeout=5)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-@remote_compatible
-def test_hapd_ctrl_chan_switch(dev, apdev):
-    """hostapd and CHAN_SWITCH ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("CHAN_SWITCH "):
-        raise Exception("Unexpected CHAN_SWITCH success")
-    if "FAIL" not in hapd.request("CHAN_SWITCH qwerty 2422"):
-        raise Exception("Unexpected CHAN_SWITCH success")
-    if "FAIL" not in hapd.request("CHAN_SWITCH 5 qwerty"):
-        raise Exception("Unexpected CHAN_SWITCH success")
-    if "FAIL" not in hapd.request("CHAN_SWITCH 0 2432 center_freq1=123 center_freq2=234 bandwidth=1000 sec_channel_offset=20 ht vht"):
-        raise Exception("Unexpected CHAN_SWITCH success")
-
-@remote_compatible
-def test_hapd_ctrl_level(dev, apdev):
-    """hostapd and LEVEL ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("LEVEL 0"):
-        raise Exception("Unexpected LEVEL success on non-monitor interface")
-
-@remote_compatible
-def test_hapd_ctrl_new_sta(dev, apdev):
-    """hostapd and NEW_STA ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("NEW_STA 00:11:22:33:44"):
-        raise Exception("Unexpected NEW_STA success")
-    if "OK" not in hapd.request("NEW_STA 00:11:22:33:44:55"):
-        raise Exception("Unexpected NEW_STA failure")
-    if "AUTHORIZED" not in hapd.request("STA 00:11:22:33:44:55"):
-        raise Exception("Unexpected NEW_STA STA status")
-    if "OK" not in hapd.request("NEW_STA 00:11:22:33:44:55"):
-        raise Exception("Unexpected NEW_STA failure")
-    with alloc_fail(hapd, 1, "ap_sta_add;hostapd_ctrl_iface_new_sta"):
-        if "FAIL" not in hapd.request("NEW_STA 00:11:22:33:44:66"):
-            raise Exception("Unexpected NEW_STA success during OOM")
-
-@remote_compatible
-def test_hapd_ctrl_get(dev, apdev):
-    """hostapd and GET ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("GET foo"):
-        raise Exception("Unexpected GET success")
-    if "FAIL" in hapd.request("GET version"):
-        raise Exception("Unexpected GET version failure")
-
-@remote_compatible
-def test_hapd_ctrl_unknown(dev, apdev):
-    """hostapd and unknown ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "UNKNOWN COMMAND" not in hapd.request("FOO"):
-        raise Exception("Unexpected response")
-
-@remote_compatible
-def test_hapd_ctrl_hs20_wnm_notif(dev, apdev):
-    """hostapd and HS20_WNM_NOTIF ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("HS20_WNM_NOTIF 00:11:22:33:44 http://example.com/"):
-        raise Exception("Unexpected HS20_WNM_NOTIF success")
-    if "FAIL" not in hapd.request("HS20_WNM_NOTIF 00:11:22:33:44:55http://example.com/"):
-        raise Exception("Unexpected HS20_WNM_NOTIF success")
-
-@remote_compatible
-def test_hapd_ctrl_hs20_deauth_req(dev, apdev):
-    """hostapd and HS20_DEAUTH_REQ ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("HS20_DEAUTH_REQ 00:11:22:33:44 1 120 http://example.com/"):
-        raise Exception("Unexpected HS20_DEAUTH_REQ success")
-    if "FAIL" not in hapd.request("HS20_DEAUTH_REQ 00:11:22:33:44:55"):
-        raise Exception("Unexpected HS20_DEAUTH_REQ success")
-    if "FAIL" not in hapd.request("HS20_DEAUTH_REQ 00:11:22:33:44:55 1"):
-        raise Exception("Unexpected HS20_DEAUTH_REQ success")
-
-@remote_compatible
-def test_hapd_ctrl_disassoc_imminent(dev, apdev):
-    """hostapd and DISASSOC_IMMINENT ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("DISASSOC_IMMINENT 00:11:22:33:44"):
-        raise Exception("Unexpected DISASSOC_IMMINENT success")
-    if "FAIL" not in hapd.request("DISASSOC_IMMINENT 00:11:22:33:44:55"):
-        raise Exception("Unexpected DISASSOC_IMMINENT success")
-    if "FAIL" not in hapd.request("DISASSOC_IMMINENT 00:11:22:33:44:55 2"):
-        raise Exception("Unexpected DISASSOC_IMMINENT success")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    if "OK" not in hapd.request("DISASSOC_IMMINENT " + addr + " 2"):
-        raise Exception("Unexpected DISASSOC_IMMINENT failure")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan timed out")
-
-@remote_compatible
-def test_hapd_ctrl_ess_disassoc(dev, apdev):
-    """hostapd and ESS_DISASSOC ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("ESS_DISASSOC 00:11:22:33:44"):
-        raise Exception("Unexpected ESS_DISASSOCT success")
-    if "FAIL" not in hapd.request("ESS_DISASSOC 00:11:22:33:44:55"):
-        raise Exception("Unexpected ESS_DISASSOC success")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    if "FAIL" not in hapd.request("ESS_DISASSOC " + addr):
-        raise Exception("Unexpected ESS_DISASSOC success")
-    if "FAIL" not in hapd.request("ESS_DISASSOC " + addr + " -1"):
-        raise Exception("Unexpected ESS_DISASSOC success")
-    if "FAIL" not in hapd.request("ESS_DISASSOC " + addr + " 1"):
-        raise Exception("Unexpected ESS_DISASSOC success")
-    if "OK" not in hapd.request("ESS_DISASSOC " + addr + " 20 http://example.com/"):
-        raise Exception("Unexpected ESS_DISASSOC failure")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan timed out")
-
-def test_hapd_ctrl_set_deny_mac_file(dev, apdev):
-    """hostapd and SET deny_mac_file ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hapd.send_file(filename, filename)
-    if "OK" not in hapd.request("SET deny_mac_file " + filename):
-        raise Exception("Unexpected SET failure")
-    dev[0].wait_disconnected(timeout=15)
-    ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"], 1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_hapd_ctrl_set_accept_mac_file(dev, apdev):
-    """hostapd and SET accept_mac_file ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hapd.send_file(filename, filename)
-    hapd.request("SET macaddr_acl 1")
-    if "OK" not in hapd.request("SET accept_mac_file " + filename):
-        raise Exception("Unexpected SET failure")
-    dev[1].wait_disconnected(timeout=15)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], 1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-def test_hapd_ctrl_set_accept_mac_file_vlan(dev, apdev):
-    """hostapd and SET accept_mac_file ctrl_iface command (VLAN ID)"""
-    ssid = "hapd-ctrl"
-    filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    hapd.send_file(filename, filename)
-    hapd.request("SET macaddr_acl 1")
-    if "OK" not in hapd.request("SET accept_mac_file " + filename):
-        raise Exception("Unexpected SET failure")
-    dev[1].wait_disconnected(timeout=15)
-    dev[0].wait_disconnected(timeout=15)
-    if filename.startswith('/tmp/'):
-        os.unlink(filename)
-
-@remote_compatible
-def test_hapd_ctrl_set_error_cases(dev, apdev):
-    """hostapd and SET error cases"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    errors = ["wpa_key_mgmt FOO",
-              "wpa_key_mgmt WPA-PSK   \t  FOO",
-              "wpa_key_mgmt    \t  ",
-              "wpa_pairwise FOO",
-              "wpa_pairwise   \t   ",
-              'wep_key0 "',
-              'wep_key0 "abcde',
-              "wep_key0 1",
-              "wep_key0 12q3456789",
-              "wep_key_len_broadcast 20",
-              "wep_rekey_period -1",
-              "wep_default_key 4",
-              "r0kh 02:00:00:00:03:0q nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
-              "r0kh 02:00:00:00:03:00 12345678901234567890123456789012345678901234567890.nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
-              "r0kh 02:00:00:00:03:00 nas1.w1.fi 100q02030405060708090a0b0c0d0e0f100q02030405060708090a0b0c0d0e0f",
-              "r1kh 02:00:00:00:04:q0 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
-              "r1kh 02:00:00:00:04:00 00:01:02:03:04:q6 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
-              "r1kh 02:00:00:00:04:00 00:01:02:03:04:06 2q0102030405060708090a0b0c0d0e0f2q0102030405060708090a0b0c0d0e0f",
-              "roaming_consortium 1",
-              "roaming_consortium 12",
-              "roaming_consortium 112233445566778899aabbccddeeff00",
-              'venue_name P"engExample venue"',
-              'venue_name P"engExample venue',
-              "venue_name engExample venue",
-              "venue_name e:Example venue",
-              "venue_name eng1:Example venue",
-              "venue_name eng:Example venue 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890",
-              "anqp_3gpp_cell_net abc",
-              "anqp_3gpp_cell_net ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;",
-              "anqp_3gpp_cell_net 244",
-              "anqp_3gpp_cell_net 24,123",
-              "anqp_3gpp_cell_net 244,1",
-              "anqp_3gpp_cell_net 244,1234",
-              "nai_realm 0",
-              "nai_realm 0,1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890.nas1.w1.fi",
-              "nai_realm 0,example.org,1,2,3,4,5,6,7,8",
-              "nai_realm 0,example.org,1[1:1][2:2][3:3][4:4][5:5]",
-              "nai_realm 0,example.org,1[1]",
-              "nai_realm 0,example.org,1[1:1",
-              "nai_realm 0,a.example.org;b.example.org;c.example.org;d.example.org;e.example.org;f.example.org;g.example.org;h.example.org;i.example.org;j.example.org;k.example.org",
-              "qos_map_set 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60",
-              "qos_map_set 53,2,22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,255,300",
-              "qos_map_set 53,2,22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,255,-1",
-              "qos_map_set 53,2,22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,255,255,1",
-              "qos_map_set 1",
-              "qos_map_set 1,2",
-              "hs20_conn_capab 1",
-              "hs20_conn_capab 6:22",
-              "hs20_wan_metrics 0q:8000:1000:80:240:3000",
-              "hs20_wan_metrics 01",
-              "hs20_wan_metrics 01:8000",
-              "hs20_wan_metrics 01:8000:1000",
-              "hs20_wan_metrics 01:8000:1000:80",
-              "hs20_wan_metrics 01:8000:1000:80:240",
-              "hs20_oper_friendly_name eng1:Example",
-              "hs20_icon 32",
-              "hs20_icon 32:32",
-              "hs20_icon 32:32:eng",
-              "hs20_icon 32:32:eng:image/png",
-              "hs20_icon 32:32:eng:image/png:icon32",
-              "hs20_icon 32:32:eng:image/png:123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890:/tmp/icon32.png",
-              "hs20_icon 32:32:eng:image/png:name:/tmp/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890.png",
-              "osu_ssid ",
-              "osu_ssid P",
-              'osu_ssid P"abc',
-              'osu_ssid "1234567890123456789012345678901234567890"',
-              "osu_friendly_name eng:Example",
-              "osu_nai anonymous@example.com",
-              "osu_nai2 anonymous@example.com",
-              "osu_method_list 1 0",
-              "osu_icon foo",
-              "osu_service_desc eng:Example services",
-              "ssid 1234567890123456789012345678901234567890",
-              "pac_opaque_encr_key 123456",
-              "eap_fast_a_id 12345",
-              "eap_fast_a_id 12345q",
-              "own_ip_addr foo",
-              "auth_server_addr foo2",
-              "auth_server_shared_secret ",
-              "acct_server_addr foo3",
-              "acct_server_shared_secret ",
-              "radius_auth_req_attr 123::",
-              "radius_acct_req_attr 123::",
-              "radius_das_client 192.168.1.123",
-              "radius_das_client 192.168.1.1a foo",
-              "auth_algs 0",
-              "max_num_sta -1",
-              "max_num_sta 1000000",
-              "wpa_passphrase 1234567",
-              "wpa_passphrase 1234567890123456789012345678901234567890123456789012345678901234",
-              "wpa_psk 1234567890123456789012345678901234567890123456789012345678901234a",
-              "wpa_psk 12345678901234567890123456789012345678901234567890123456789012",
-              "wpa_psk_radius 123",
-              "wpa_pairwise NONE",
-              "wpa_pairwise WEP40",
-              "wpa_pairwise WEP104",
-              "rsn_pairwise NONE",
-              "rsn_pairwise WEP40",
-              "rsn_pairwise WEP104",
-              "mobility_domain 01",
-              "r1_key_holder 0011223344",
-              "ctrl_interface_group nosuchgrouphere",
-              "hw_mode foo",
-              "wps_rf_bands foo",
-              "beacon_int 0",
-              "beacon_int 65536",
-              "acs_num_scans 0",
-              "acs_num_scans 101",
-              "rts_threshold -2",
-              "rts_threshold 65536",
-              "fragm_threshold -2",
-              "fragm_threshold 2347",
-              "send_probe_response -1",
-              "send_probe_response 2",
-              "vlan_naming -1",
-              "vlan_naming 10000000",
-              "group_mgmt_cipher FOO",
-              "assoc_sa_query_max_timeout 0",
-              "assoc_sa_query_retry_timeout 0",
-              "wps_state -1",
-              "wps_state 3",
-              "uuid FOO",
-              "device_name 1234567890123456789012345678901234567890",
-              "manufacturer 1234567890123456789012345678901234567890123456789012345678901234567890",
-              "model_name 1234567890123456789012345678901234567890",
-              "model_number 1234567890123456789012345678901234567890",
-              "serial_number 1234567890123456789012345678901234567890",
-              "device_type FOO",
-              "os_version 1",
-              "ap_settings /tmp/does/not/exist/ap-settings.foo",
-              "wps_nfc_dev_pw_id 4",
-              "wps_nfc_dev_pw_id 100000",
-              "time_zone A",
-              "access_network_type -1",
-              "access_network_type 16",
-              "hessid 00:11:22:33:44",
-              "network_auth_type 0q",
-              "ipaddr_type_availability 1q",
-              "hs20_operating_class 0",
-              "hs20_operating_class 0q",
-              "bss_load_test ",
-              "bss_load_test 12",
-              "bss_load_test 12:80",
-              "vendor_elements 0",
-              "vendor_elements 0q",
-              "assocresp_elements 0",
-              "assocresp_elements 0q",
-              "local_pwr_constraint -1",
-              "local_pwr_constraint 256",
-              "wmm_ac_bk_cwmin -1",
-              "wmm_ac_be_cwmin 16",
-              "wmm_ac_vi_cwmax -1",
-              "wmm_ac_vo_cwmax 16",
-              "wmm_ac_foo_cwmax 6",
-              "wmm_ac_bk_aifs 0",
-              "wmm_ac_bk_aifs 256",
-              "wmm_ac_bk_txop_limit -1",
-              "wmm_ac_bk_txop_limit 65536",
-              "wmm_ac_bk_acm -1",
-              "wmm_ac_bk_acm 2",
-              "wmm_ac_bk_foo 2",
-              "tx_queue_foo_aifs 3",
-              "tx_queue_data3_cwmin 4",
-              "tx_queue_data3_cwmax 4",
-              "tx_queue_data3_aifs -4",
-              "tx_queue_data3_foo 1"]
-    for e in errors:
-        if "FAIL" not in hapd.request("SET " + e):
-            raise Exception("Unexpected SET success: '%s'" % e)
-
-    if "OK" not in hapd.request("SET osu_server_uri https://example.com/"):
-        raise Exception("Unexpected SET osu_server_uri failure")
-    if "OK" not in hapd.request("SET osu_friendly_name eng:Example"):
-        raise Exception("Unexpected SET osu_friendly_name failure")
-
-    errors = ["osu_friendly_name eng1:Example",
-              "osu_service_desc eng1:Example services"]
-    for e in errors:
-        if "FAIL" not in hapd.request("SET " + e):
-            raise Exception("Unexpected SET success: '%s'" % e)
-
-    no_err = ["wps_nfc_dh_pubkey 0",
-              "wps_nfc_dh_privkey 0q",
-              "wps_nfc_dev_pw 012",
-              "manage_p2p 0",
-              "disassoc_low_ack 0",
-              "network_auth_type 01",
-              "tdls_prohibit 0",
-              "tdls_prohibit_chan_switch 0"]
-    for e in no_err:
-        if "OK" not in hapd.request("SET " + e):
-            raise Exception("Unexpected SET failure: '%s'" % e)
-
-@remote_compatible
-def test_hapd_ctrl_global(dev, apdev):
-    """hostapd and GET ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    ifname = apdev[0]['ifname']
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd_global = hostapd.HostapdGlobal(apdev[0])
-    res = hapd_global.request("IFNAME=" + ifname + " PING")
-    if "PONG" not in res:
-            raise Exception("Could not ping hostapd interface " + ifname + " via global control interface")
-    res = hapd_global.request("IFNAME=" + ifname + " GET version")
-    if "FAIL" in res:
-           raise Exception("Could not get hostapd version for " + ifname + " via global control interface")
-    res = hapd_global.request("IFNAME=no-such-ifname GET version")
-    if "FAIL-NO-IFNAME-MATCH" not in res:
-           raise Exception("Invalid ifname not reported")
-    res = hapd_global.request("INTERFACES")
-    if "FAIL" in res:
-        raise Exception("INTERFACES command failed")
-    if apdev[0]['ifname'] not in res.splitlines():
-        raise Exception("AP interface missing from INTERFACES")
-    res = hapd_global.request("INTERFACES ctrl")
-    if "FAIL" in res:
-        raise Exception("INTERFACES ctrl command failed")
-    if apdev[0]['ifname'] + " ctrl_iface=" not in res:
-        raise Exception("AP interface missing from INTERFACES ctrl")
-
-    if "FAIL" not in hapd_global.request("DETACH"):
-        raise Exception("DETACH succeeded unexpectedly")
-
-def dup_network(hapd_global, src, dst, param):
-    res = hapd_global.request("DUP_NETWORK %s %s %s" % (src, dst, param))
-    if "OK" not in res:
-        raise Exception("Could not dup %s param from %s to %s" % (param, src,
-                                                                  dst))
-
-def test_hapd_dup_network_global_wpa2(dev, apdev):
-    """hostapd and DUP_NETWORK command (WPA2)"""
-    passphrase = "12345678"
-    src_ssid = "hapd-ctrl-src"
-    dst_ssid = "hapd-ctrl-dst"
-
-    src_params = hostapd.wpa2_params(ssid=src_ssid, passphrase=passphrase)
-    src_ifname = apdev[0]['ifname']
-    src_hapd = hostapd.add_ap(apdev[0], src_params)
-
-    dst_params = {"ssid": dst_ssid}
-    dst_ifname = apdev[1]['ifname']
-    dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
-
-    hapd_global = hostapd.HostapdGlobal()
-
-    for param in ["wpa", "wpa_passphrase", "wpa_key_mgmt", "rsn_pairwise"]:
-        dup_network(hapd_global, src_ifname, dst_ifname, param)
-
-    dst_hapd.enable()
-
-    dev[0].connect(dst_ssid, psk=passphrase, proto="RSN", pairwise="CCMP",
-                   scan_freq="2412")
-    addr = dev[0].own_addr()
-    if "FAIL" in dst_hapd.request("STA " + addr):
-            raise Exception("Could not connect using duplicated wpa params")
-
-    tests = ["a",
-             "no-such-ifname no-such-ifname",
-             src_ifname + " no-such-ifname",
-             src_ifname + " no-such-ifname no-such-param",
-             src_ifname + " " + dst_ifname + " no-such-param"]
-    for t in tests:
-        if "FAIL" not in hapd_global.request("DUP_NETWORK " + t):
-            raise Exception("Invalid DUP_NETWORK accepted: " + t)
-    with alloc_fail(src_hapd, 1, "hostapd_ctrl_iface_dup_param"):
-        if "FAIL" not in hapd_global.request("DUP_NETWORK %s %s wpa" % (src_ifname, dst_ifname)):
-            raise Exception("DUP_NETWORK accepted during OOM")
-
-def test_hapd_dup_network_global_wpa(dev, apdev):
-    """hostapd and DUP_NETWORK command (WPA)"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    src_ssid = "hapd-ctrl-src"
-    dst_ssid = "hapd-ctrl-dst"
-
-    src_params = hostapd.wpa_params(ssid=src_ssid)
-    src_params['wpa_psk'] = psk
-    src_ifname = apdev[0]['ifname']
-    src_hapd = hostapd.add_ap(apdev[0], src_params)
-
-    dst_params = {"ssid": dst_ssid}
-    dst_ifname = apdev[1]['ifname']
-    dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
-
-    hapd_global = hostapd.HostapdGlobal()
-
-    for param in ["wpa", "wpa_psk", "wpa_key_mgmt", "wpa_pairwise"]:
-        dup_network(hapd_global, src_ifname, dst_ifname, param)
-
-    dst_hapd.enable()
-
-    dev[0].connect(dst_ssid, raw_psk=psk, proto="WPA", pairwise="TKIP",
-                   scan_freq="2412")
-    addr = dev[0].own_addr()
-    if "FAIL" in dst_hapd.request("STA " + addr):
-            raise Exception("Could not connect using duplicated wpa params")
-
-@remote_compatible
-def test_hapd_ctrl_log_level(dev, apdev):
-    """hostapd ctrl_iface LOG_LEVEL"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    level = hapd.request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(1): " + level)
-    if "Timestamp: 1" not in level:
-        raise Exception("Unexpected timestamp(1): " + level)
-
-    if "OK" not in hapd.request("LOG_LEVEL  MSGDUMP  0"):
-        raise Exception("LOG_LEVEL failed")
-    level = hapd.request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(2): " + level)
-    if "Timestamp: 0" not in level:
-        raise Exception("Unexpected timestamp(2): " + level)
-
-    if "OK" not in hapd.request("LOG_LEVEL  MSGDUMP  1"):
-        raise Exception("LOG_LEVEL failed")
-    level = hapd.request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(3): " + level)
-    if "Timestamp: 1" not in level:
-        raise Exception("Unexpected timestamp(3): " + level)
-
-    if "FAIL" not in hapd.request("LOG_LEVEL FOO"):
-        raise Exception("Invalid LOG_LEVEL accepted")
-
-    for lev in ["EXCESSIVE", "MSGDUMP", "DEBUG", "INFO", "WARNING", "ERROR"]:
-        if "OK" not in hapd.request("LOG_LEVEL " + lev):
-            raise Exception("LOG_LEVEL failed for " + lev)
-        level = hapd.request("LOG_LEVEL")
-        if "Current level: " + lev not in level:
-            raise Exception("Unexpected debug level: " + level)
-
-    if "OK" not in hapd.request("LOG_LEVEL  MSGDUMP  1"):
-        raise Exception("LOG_LEVEL failed")
-    level = hapd.request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(3): " + level)
-    if "Timestamp: 1" not in level:
-        raise Exception("Unexpected timestamp(3): " + level)
-
-@remote_compatible
-def test_hapd_ctrl_disconnect_no_tx(dev, apdev):
-    """hostapd disconnecting STA without transmitting Deauth/Disassoc"""
-    ssid = "hapd-test"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    addr0 = dev[0].own_addr()
-    dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
-    addr1 = dev[1].own_addr()
-
-    # Disconnect the STA without sending out Deauthentication frame
-    if "OK" not in hapd.request("DEAUTHENTICATE " + addr0 + " tx=0"):
-        raise Exception("DEAUTHENTICATE command failed")
-    # Force disconnection due to AP receiving a frame from not-asssociated STA
-    dev[0].request("DATA_TEST_CONFIG 1")
-    dev[0].request("DATA_TEST_TX " + bssid + " " + addr0)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    dev[0].request("DATA_TEST_CONFIG 0")
-    if ev is None:
-        raise Exception("Disconnection event not seen after TX attempt")
-    if "reason=7" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-    # Disconnect the STA without sending out Disassociation frame
-    if "OK" not in hapd.request("DISASSOCIATE " + addr1 + " tx=0"):
-        raise Exception("DISASSOCIATE command failed")
-    # Force disconnection due to AP receiving a frame from not-asssociated STA
-    dev[1].request("DATA_TEST_CONFIG 1")
-    dev[1].request("DATA_TEST_TX " + bssid + " " + addr1)
-    ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    dev[1].request("DATA_TEST_CONFIG 0")
-    if ev is None:
-        raise Exception("Disconnection event not seen after TX attempt")
-    if "reason=7" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_hapd_ctrl_mib(dev, apdev):
-    """hostapd and MIB ctrl_iface command with open network"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    mib = hapd.request("MIB")
-    if len(mib) != 0:
-        raise Exception("Unexpected MIB response: " + mib)
-
-    mib = hapd.request("MIB radius_server")
-    if len(mib) != 0:
-        raise Exception("Unexpected 'MIB radius_server' response: " + mib)
-
-    if "FAIL" not in hapd.request("MIB foo"):
-        raise Exception("'MIB foo' succeeded")
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-    mib = hapd.request("MIB")
-    if "FAIL" in mib:
-        raise Exception("Unexpected MIB response: " + mib)
-
-    mib = hapd.request("MIB radius_server")
-    if len(mib) != 0:
-        raise Exception("Unexpected 'MIB radius_server' response: " + mib)
-
-    if "FAIL" not in hapd.request("MIB foo"):
-        raise Exception("'MIB foo' succeeded")
-
-def test_hapd_ctrl_not_yet_fully_enabled(dev, apdev):
-    """hostapd and ctrl_iface commands when BSS not yet fully enabled"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-
-    if not hapd.ping():
-        raise Exception("PING failed")
-    if "FAIL" in hapd.request("MIB"):
-        raise Exception("MIB failed")
-    if len(hapd.request("MIB radius_server")) != 0:
-        raise Exception("Unexpected 'MIB radius_server' response")
-    if "state=UNINITIALIZED" not in hapd.request("STATUS"):
-        raise Exception("Unexpected STATUS response")
-    if "FAIL" not in hapd.request("STATUS-DRIVER"):
-        raise Exception("Unexpected response to STATUS-DRIVER")
-    if len(hapd.request("STA-FIRST")) != 0:
-        raise Exception("Unexpected response to STA-FIRST")
-    if "FAIL" not in hapd.request("STA ff:ff:ff:ff:ff:ff"):
-        raise Exception("Unexpected response to STA")
-    cmds = ["NEW_STA 02:ff:ff:ff:ff:ff",
-            "DEAUTHENTICATE 02:ff:ff:ff:ff:ff",
-            "DEAUTHENTICATE 02:ff:ff:ff:ff:ff test=0",
-            "DEAUTHENTICATE 02:ff:ff:ff:ff:ff p2p=0",
-            "DEAUTHENTICATE 02:ff:ff:ff:ff:ff tx=0",
-            "DISASSOCIATE 02:ff:ff:ff:ff:ff",
-            "DISASSOCIATE 02:ff:ff:ff:ff:ff test=0",
-            "DISASSOCIATE 02:ff:ff:ff:ff:ff p2p=0",
-            "DISASSOCIATE 02:ff:ff:ff:ff:ff tx=0",
-            "SA_QUERY 02:ff:ff:ff:ff:ff",
-            "WPS_PIN any 12345670",
-            "WPS_PBC",
-            "WPS_CANCEL",
-            "WPS_AP_PIN random",
-            "WPS_AP_PIN disable",
-            "WPS_CHECK_PIN 123456789",
-            "WPS_GET_STATUS",
-            "WPS_NFC_TAG_READ 00",
-            "WPS_NFC_CONFIG_TOKEN NDEF",
-            "WPS_NFC_TOKEN WPS",
-            "NFC_GET_HANDOVER_SEL NDEF WPS-CR",
-            "NFC_REPORT_HANDOVER RESP WPS 00 00",
-            "SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55",
-            "SEND_QOS_MAP_CONF 02:ff:ff:ff:ff:ff",
-            "HS20_WNM_NOTIF 02:ff:ff:ff:ff:ff https://example.com/",
-            "HS20_DEAUTH_REQ 02:ff:ff:ff:ff:ff 1 120 https://example.com/",
-            "DISASSOC_IMMINENT 02:ff:ff:ff:ff:ff 10",
-            "ESS_DISASSOC 02:ff:ff:ff:ff:ff 10 https://example.com/",
-            "BSS_TM_REQ 02:ff:ff:ff:ff:ff",
-            "GET_CONFIG",
-            "RADAR DETECTED freq=5260 ht_enabled=1 chan_width=1",
-            "CHAN_SWITCH 5 5200 ht sec_channel_offset=-1 bandwidth=40",
-            "TRACK_STA_LIST",
-            "PMKSA",
-            "PMKSA_FLUSH",
-            "SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\"",
-            "REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\"",
-            "REQ_LCI 00:11:22:33:44:55",
-            "REQ_RANGE 00:11:22:33:44:55",
-            "DRIVER_FLAGS",
-            "STOP_AP"]
-    for cmd in cmds:
-        hapd.request(cmd)
-
-def test_hapd_ctrl_set(dev, apdev):
-    """hostapd and SET ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["foo",
-             "wps_version_number 300",
-             "gas_frag_limit 0",
-             "mbo_assoc_disallow 0"]
-    for t in tests:
-        if "FAIL" not in hapd.request("SET " + t):
-            raise Exception("Invalid SET command accepted: " + t)
-
-def test_hapd_ctrl_radar(dev, apdev):
-    """hostapd and RADAR ctrl_iface command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = ["foo", "foo bar"]
-    for t in tests:
-        if "FAIL" not in hapd.request("RADAR " + t):
-            raise Exception("Invalid RADAR command accepted: " + t)
-
-    tests = ["DETECTED freq=2412 chan_offset=12 cf1=1234 cf2=2345",
-             "CAC-FINISHED freq=2412",
-             "CAC-ABORTED freq=2412",
-             "NOP-FINISHED freq=2412"]
-    for t in tests:
-        hapd.request("RADAR " + t)
-
-def test_hapd_ctrl_ext_io_errors(dev, apdev):
-    """hostapd and external I/O errors"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["MGMT_TX 1",
-             "MGMT_TX 1q",
-             "MGMT_RX_PROCESS freq=2412",
-             "MGMT_TX_STATUS_PROCESS style=1 ok=0 buf=12345678",
-             "EAPOL_RX foo",
-             "EAPOL_RX 00:11:22:33:44:55 1",
-             "EAPOL_RX 00:11:22:33:44:55 1q"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-    with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_mgmt_tx"):
-        if "FAIL" not in hapd.request("MGMT_TX 12"):
-            raise Exception("MGMT_TX accepted during OOM")
-    with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_eapol_rx"):
-        if "FAIL" not in hapd.request("EAPOL_RX 00:11:22:33:44:55 11"):
-            raise Exception("EAPOL_RX accepted during OOM")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    tests = ["MGMT_RX_PROCESS freq=2412",
-             "MGMT_RX_PROCESS freq=2412 ssi_signal=0",
-             "MGMT_RX_PROCESS freq=2412 frame=1",
-             "MGMT_RX_PROCESS freq=2412 frame=1q",
-             "MGMT_TX_STATUS_PROCESS style=1 ok=0",
-             "MGMT_TX_STATUS_PROCESS style=1 ok=0 buf=1234567",
-             "MGMT_TX_STATUS_PROCESS style=1 ok=0 buf=1234567q"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-    with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_mgmt_rx_process"):
-        if "FAIL" not in hapd.request("MGMT_RX_PROCESS freq=2412 frame=11"):
-            raise Exception("MGMT_RX_PROCESS accepted during OOM")
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    if "OK" not in hapd.request("DATA_TEST_CONFIG 1"):
-        raise Exception("Failed to enable l2_test")
-    if "OK" not in hapd.request("DATA_TEST_CONFIG 1"):
-        raise Exception("Failed to enable l2_test(2)")
-    tests = ["DATA_TEST_TX foo",
-             "DATA_TEST_TX 00:11:22:33:44:55 foo",
-             "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 -1",
-             "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 256"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-    if "OK" not in hapd.request("DATA_TEST_CONFIG 0"):
-        raise Exception("Failed to disable l2_test")
-    tests = ["DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 0",
-             "DATA_TEST_FRAME ifname=foo",
-             "DATA_TEST_FRAME 1",
-             "DATA_TEST_FRAME 11",
-             "DATA_TEST_FRAME 112233445566778899aabbccddeefq"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-    with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_data_test_frame"):
-        if "FAIL" not in hapd.request("DATA_TEST_FRAME 112233445566778899aabbccddeeff"):
-            raise Exception("DATA_TEST_FRAME accepted during OOM")
-
-def test_hapd_ctrl_vendor_test(dev, apdev):
-    """hostapd and VENDOR test command"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    OUI_QCA = 0x001374
-    QCA_NL80211_VENDOR_SUBCMD_TEST = 1
-    QCA_WLAN_VENDOR_ATTR_TEST = 8
-    attr = struct.pack("@HHI", 4 + 4, QCA_WLAN_VENDOR_ATTR_TEST, 123)
-    cmd = "VENDOR %x %d %s" % (OUI_QCA, QCA_NL80211_VENDOR_SUBCMD_TEST, binascii.hexlify(attr).decode())
-
-    res = hapd.request(cmd)
-    if "FAIL" in res:
-        raise Exception("VENDOR command failed")
-    val, = struct.unpack("@I", binascii.unhexlify(res))
-    if val != 125:
-        raise Exception("Incorrect response value")
-
-    res = hapd.request(cmd + " nested=1")
-    if "FAIL" in res:
-        raise Exception("VENDOR command failed")
-    val, = struct.unpack("@I", binascii.unhexlify(res))
-    if val != 125:
-        raise Exception("Incorrect response value")
-
-    res = hapd.request(cmd + " nested=0")
-    if "FAIL" not in res:
-        raise Exception("VENDOR command with invalid (not nested) data accepted")
-
-def test_hapd_ctrl_vendor_errors(dev, apdev):
-    """hostapd and VENDOR errors"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["q",
-             "10q",
-             "10 10q",
-             "10 10 123q",
-             "10 10"]
-    for t in tests:
-        if "FAIL" not in hapd.request("VENDOR " + t):
-            raise Exception("Invalid VENDOR command accepted: " + t)
-    with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_vendor"):
-        if "FAIL" not in hapd.request("VENDOR 10 10 10"):
-            raise Exception("VENDOR accepted during OOM")
-    with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_ctrl_iface_vendor"):
-        if "FAIL" not in hapd.request("VENDOR 10 10"):
-            raise Exception("VENDOR accepted during OOM")
-
-def test_hapd_ctrl_eapol_reauth_errors(dev, apdev):
-    """hostapd and EAPOL_REAUTH errors"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["foo",
-             "11:22:33:44:55:66"]
-    for t in tests:
-        if "FAIL" not in hapd.request("EAPOL_REAUTH " + t):
-            raise Exception("Invalid EAPOL_REAUTH command accepted: " + t)
-
-def test_hapd_ctrl_eapol_relog(dev, apdev):
-    """hostapd and RELOG"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "OK" not in hapd.request("RELOG"):
-        raise Exception("RELOG failed")
-
-def test_hapd_ctrl_poll_sta_errors(dev, apdev):
-    """hostapd and POLL_STA errors"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["foo",
-             "11:22:33:44:55:66"]
-    for t in tests:
-        if "FAIL" not in hapd.request("POLL_STA " + t):
-            raise Exception("Invalid POLL_STA command accepted: " + t)
-
-def test_hapd_ctrl_update_beacon(dev, apdev):
-    """hostapd and UPDATE_BEACON"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    with fail_test(hapd, 1, "ieee802_11_set_beacon"):
-        if "FAIL" not in hapd.request("UPDATE_BEACON"):
-            raise Exception("UPDATE_BEACON succeeded unexpectedly")
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("DISCONNECT")
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    hapd.disable()
-    if "FAIL" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON did not indicate failure when disabled")
-
-def test_hapd_ctrl_test_fail(dev, apdev):
-    """hostapd and TEST_ALLOC_FAIL/TEST_FAIL"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "OK" not in hapd.request("TEST_ALLOC_FAIL 1:unknownfunc"):
-            raise HwsimSkip("TEST_ALLOC_FAIL not supported")
-    if "OK" not in hapd.request("TEST_ALLOC_FAIL "):
-        raise Exception("TEST_ALLOC_FAIL clearing failed")
-    if "OK" not in hapd.request("TEST_FAIL "):
-        raise Exception("TEST_FAIL clearing failed")
-
-def test_hapd_ctrl_setband(dev, apdev):
-    """hostapd and setband"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    # The actual setband driver operations are not supported without vendor
-    # commands, so only check minimal parsing items here.
-    if "FAIL" not in hapd.request("SET setband foo"):
-        raise Exception("Invalid setband value accepted")
-    vals = ["5G", "6G", "2G", "2G,6G", "2G,5G,6G", "AUTO"]
-    for val in vals:
-        if "OK" not in hapd.request("SET setband " + val):
-            raise Exception("SET setband %s failed" % val)
-
-def test_hapd_ctrl_get_capability(dev, apdev):
-    """hostapd GET_CAPABILITY"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" not in hapd.request("GET_CAPABILITY "):
-        raise Exception("Invalid GET_CAPABILITY accepted")
-    res = hapd.request("GET_CAPABILITY dpp")
-    logger.info("DPP capability: " + res)
-
-def test_hapd_ctrl_pmksa_add_failures(dev, apdev):
-    """hostapd PMKSA_ADD failures"""
-    ssid = "hapd-ctrl"
-    params = {"ssid": ssid}
-    hapd = hostapd.add_ap(apdev[0], params)
-    tests = ["q",
-             "22:22:22:22:22:22",
-             "22:22:22:22:22:22 q",
-             "22:22:22:22:22:22 " + 16*'00',
-             "22:22:22:22:22:22 " + 16*"00" + " " + 10*"00",
-             "22:22:22:22:22:22 " + 16*"00" + " q",
-             "22:22:22:22:22:22 " + 16*"00" + " " + 200*"00",
-             "22:22:22:22:22:22 " + 16*"00" + " " + 32*"00" + " 12345",
-             "22:22:22:22:22:22 " + 16*"00" + " " + 32*"00" + " 12345 1",
-             ""]
-    for t in tests:
-        if "FAIL" not in hapd.request("PMKSA_ADD " + t):
-            raise Exception("Invalid PMKSA_ADD accepted: " + t)
-
-def test_hapd_ctrl_attach_errors(dev, apdev):
-    """hostapd ATTACH errors"""
-    params = {"ssid": "hapd-ctrl"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hglobal = hostapd.HostapdGlobal(apdev[0])
-    with alloc_fail(hapd, 1, "ctrl_iface_attach"):
-        if "FAIL" not in hapd.request("ATTACH foo"):
-            raise Exception("Invalid ATTACH accepted")
-    with alloc_fail(hapd, 1, "ctrl_iface_attach"):
-        if "FAIL" not in hglobal.request("ATTACH foo"):
-            raise Exception("Invalid ATTACH accepted")
diff --git a/tests/hwsim/test_he.py b/tests/hwsim/test_he.py
deleted file mode 100644
index 43dfa5e6531f..000000000000
--- a/tests/hwsim/test_he.py
+++ /dev/null
@@ -1,1221 +0,0 @@
-# HE tests
-# Copyright (c) 2019, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os
-import subprocess, time
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from test_dfs import wait_dfs_event
-
-def test_he_open(dev, apdev):
-    """HE AP with open mode configuration"""
-    params = {"ssid": "he",
-              "ieee80211ax": "1",
-              "he_bss_color": "42",
-              "he_mu_edca_ac_be_ecwmin": "7",
-              "he_mu_edca_ac_be_ecwmax": "15"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if hapd.get_status_field("ieee80211ax") != "1":
-        raise Exception("STATUS did not indicate ieee80211ax=1")
-    dev[0].connect("he", key_mgmt="NONE", scan_freq="2412")
-    sta = hapd.get_sta(dev[0].own_addr())
-    if "[HE]" not in sta['flags']:
-        raise Exception("Missing STA flag: HE")
-
-def test_he_disabled_on_sta(dev, apdev):
-    """HE AP and HE disabled on STA"""
-    params = {"ssid": "he",
-              "ieee80211ax": "1",
-              "he_bss_color": "42",
-              "he_mu_edca_ac_be_ecwmin": "7",
-              "he_mu_edca_ac_be_ecwmax": "15"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("he", key_mgmt="NONE", scan_freq="2412", disable_he="1")
-    sta = hapd.get_sta(dev[0].own_addr())
-    if "[HE]" in sta['flags']:
-        raise Exception("Unexpected STA flag: HE")
-
-def test_he_params(dev, apdev):
-    """HE AP parameters"""
-    params = {"ssid": "he",
-              "ieee80211ax": "1",
-              "he_bss_color": "42",
-              "he_mu_edca_ac_be_ecwmin": "7",
-              "he_mu_edca_ac_be_ecwmax": "15",
-              "he_su_beamformer": "0",
-              "he_su_beamformee": "0",
-              "he_default_pe_duration": "4",
-              "he_twt_required": "1",
-              "he_rts_threshold": "64",
-              "he_basic_mcs_nss_set": "65535",
-              "he_mu_edca_qos_info_param_count": "0",
-              "he_mu_edca_qos_info_q_ack": "0",
-              "he_mu_edca_qos_info_queue_request": "1",
-              "he_mu_edca_qos_info_txop_request": "0",
-              "he_mu_edca_ac_be_aifsn": "0",
-              "he_mu_edca_ac_be_ecwmin": "15",
-              "he_mu_edca_ac_be_ecwmax": "15",
-              "he_mu_edca_ac_be_timer": "255",
-              "he_mu_edca_ac_bk_aifsn": "0",
-              "he_mu_edca_ac_bk_aci": "1",
-              "he_mu_edca_ac_bk_ecwmin": "15",
-              "he_mu_edca_ac_bk_ecwmax": "15",
-              "he_mu_edca_ac_bk_timer": "255",
-              "he_mu_edca_ac_vi_ecwmin": "15",
-              "he_mu_edca_ac_vi_ecwmax": "15",
-              "he_mu_edca_ac_vi_aifsn": "0",
-              "he_mu_edca_ac_vi_aci": "2",
-              "he_mu_edca_ac_vi_timer": "255",
-              "he_mu_edca_ac_vo_aifsn": "0",
-              "he_mu_edca_ac_vo_aci": "3",
-              "he_mu_edca_ac_vo_ecwmin": "15",
-              "he_mu_edca_ac_vo_ecwmax": "15",
-              "he_mu_edca_ac_vo_timer": "255",
-              "he_spr_sr_control": "0",
-              "he_spr_non_srg_obss_pd_max_offset": "0",
-              "he_spr_srg_obss_pd_min_offset": "0",
-              "he_spr_srg_obss_pd_max_offset": "0",
-              "he_spr_srg_bss_colors": "1 2 10 63",
-              "he_spr_srg_partial_bssid": "0 1 3 63",
-              "he_6ghz_max_ampdu_len_exp": "7",
-              "he_6ghz_rx_ant_pat": "1",
-              "he_6ghz_tx_ant_pat": "1",
-              "he_6ghz_max_mpdu": "2",
-              "he_oper_chwidth": "0",
-              "he_oper_centr_freq_seg0_idx": "1",
-              "he_oper_centr_freq_seg1_idx": "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if hapd.get_status_field("ieee80211ax") != "1":
-        raise Exception("STATUS did not indicate ieee80211ax=1")
-    dev[0].connect("he", key_mgmt="NONE", scan_freq="2412")
-
-def test_he_spr_params(dev, apdev):
-    """HE AP spatial reuse parameters"""
-    params = {"ssid": "he",
-              "ieee80211ax": "1",
-              "he_spr_sr_control": "12",
-              "he_spr_non_srg_obss_pd_max_offset": "1",
-              "he_spr_srg_obss_pd_min_offset": "2",
-              "he_spr_srg_obss_pd_max_offset": "3",
-              "he_spr_srg_bss_colors": "1 2 10 63",
-              "he_spr_srg_partial_bssid": "0 1 3 63",
-              "he_oper_chwidth": "0",
-              "he_oper_centr_freq_seg0_idx": "1",
-              "he_oper_centr_freq_seg1_idx": "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    if hapd.get_status_field("ieee80211ax") != "1":
-        raise Exception("STATUS did not indicate ieee80211ax=1")
-    dev[0].connect("he", key_mgmt="NONE", scan_freq="2412")
-
-def he_supported():
-    cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-    reg = cmd.stdout.read().decode()
-    if "@ 80)" in reg or "@ 160)" in reg:
-        return True
-    return False
-
-def test_he80(dev, apdev):
-    """HE with 80 MHz channel width"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_capab": "[MAX-MPDU-11454]",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        est = dev[0].get_bss(bssid)['est_throughput']
-        if est != "600502":
-            raise Exception("Unexpected BSS est_throughput: " + est)
-        status = dev[0].get_status()
-        if status["ieee80211ac"] != "1":
-            raise Exception("Unexpected STATUS ieee80211ac value (STA)")
-        status = hapd.get_status()
-        logger.info("hostapd STATUS: " + str(status))
-        if status["ieee80211n"] != "1":
-            raise Exception("Unexpected STATUS ieee80211n value")
-        if status["ieee80211ac"] != "1":
-            raise Exception("Unexpected STATUS ieee80211ac value")
-        if status["ieee80211ax"] != "1":
-            raise Exception("Unexpected STATUS ieee80211ax value")
-        if status["secondary_channel"] != "1":
-            raise Exception("Unexpected STATUS secondary_channel value")
-        if status["vht_oper_chwidth"] != "1":
-            raise Exception("Unexpected STATUS vht_oper_chwidth value")
-        if status["vht_oper_centr_freq_seg0_idx"] != "42":
-            raise Exception("Unexpected STATUS vht_oper_centr_freq_seg0_idx value")
-        if "vht_caps_info" not in status:
-            raise Exception("Missing vht_caps_info")
-        if status["he_oper_chwidth"] != "1":
-            raise Exception("Unexpected STATUS he_oper_chwidth value")
-        if status["he_oper_centr_freq_seg0_idx"] != "42":
-            raise Exception("Unexpected STATUS he_oper_centr_freq_seg0_idx value")
-
-        sta = hapd.get_sta(dev[0].own_addr())
-        logger.info("hostapd STA: " + str(sta))
-        if "[HT]" not in sta['flags']:
-            raise Exception("Missing STA flag: HT")
-        if "[VHT]" not in sta['flags']:
-            raise Exception("Missing STA flag: VHT")
-        if "[HE]" not in sta['flags']:
-            raise Exception("Missing STA flag: HE")
-
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def _test_he_wifi_generation(dev, apdev, conf, scan_freq):
-    """HE and wifi_generation"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "ieee80211n": "1",
-                  "ieee80211ax": "1"}
-        params.update(conf)
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq=scan_freq)
-        status = dev[0].get_status()
-        if 'wifi_generation' not in status:
-            # For now, assume this is because of missing kernel support
-            raise HwsimSkip("Association Request IE reporting not supported")
-            #raise Exception("Missing wifi_generation information")
-        if status['wifi_generation'] != "6":
-            raise Exception("Unexpected wifi_generation value: " + status['wifi_generation'])
-
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-        wpas.connect("he", key_mgmt="NONE", scan_freq=scan_freq)
-        status = wpas.get_status()
-        if 'wifi_generation' not in status:
-            # For now, assume this is because of missing kernel support
-            raise HwsimSkip("Association Request IE reporting not supported")
-            #raise Exception("Missing wifi_generation information (connect)")
-        if status['wifi_generation'] != "6":
-            raise Exception("Unexpected wifi_generation value (connect): " + status['wifi_generation'])
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_he_wifi_generation(dev, apdev):
-    conf = {
-        "vht_oper_chwidth": "1",
-        "hw_mode": "a",
-        "channel": "36",
-        "ht_capab": "[HT40+]",
-        "vht_oper_centr_freq_seg0_idx": "42",
-        "he_oper_chwidth": "1",
-        "he_oper_centr_freq_seg0_idx": "42",
-        "vht_capab": "[MAX-MPDU-11454]",
-        "ieee80211ac": "1",
-    }
-    _test_he_wifi_generation(dev, apdev, conf, "5180")
-
-def test_he_wifi_generation_24(dev, apdev):
-    conf = {
-        "hw_mode": "g",
-        "channel": "1",
-    }
-    _test_he_wifi_generation(dev, apdev, conf, "2412")
-
-def he80_test(apdev, dev, channel, ht_capab):
-    clear_scan_cache(apdev)
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": str(channel),
-                  "ht_capab": ht_capab,
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev, params)
-        bssid = apdev['bssid']
-
-        dev[0].connect("he", key_mgmt="NONE",
-                       scan_freq=str(5000 + 5 * channel))
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he80b(dev, apdev):
-    """HE with 80 MHz channel width (HT40- channel 40)"""
-    he80_test(apdev[0], dev, 40, "[HT40-]")
-
-def test_he80c(dev, apdev):
-    """HE with 80 MHz channel width (HT40+ channel 44)"""
-    he80_test(apdev[0], dev, 44, "[HT40+]")
-
-def test_he80d(dev, apdev):
-    """HE with 80 MHz channel width (HT40- channel 48)"""
-    he80_test(apdev[0], dev, 48, "[HT40-]")
-
-def test_he80_params(dev, apdev):
-    """HE with 80 MHz channel width and number of optional features enabled"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+][SHORT-GI-40][DSS_CCK-40]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_capab": "[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP0]",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "require_vht": "1",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42",
-                  "he_su_beamformer": "1",
-                  "he_mu_beamformer": "1",
-                  "he_bss_color":"1",
-                  "he_default_pe_duration":"1",
-                  "he_twt_required":"1",
-                  "he_rts_threshold":"1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[1].connect("he", key_mgmt="NONE", scan_freq="5180",
-                       disable_vht="1", wait_connect=False)
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5180")
-        dev[2].connect("he", key_mgmt="NONE", scan_freq="5180",
-                       disable_sgi="1")
-        ev = dev[1].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-        if ev is None:
-            raise Exception("Association rejection timed out")
-        if "status_code=104" not in ev:
-            raise Exception("Unexpected rejection status code")
-        dev[1].request("DISCONNECT")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sta0 = hapd.get_sta(dev[0].own_addr())
-        sta2 = hapd.get_sta(dev[2].own_addr())
-        capab0 = int(sta0['vht_caps_info'], base=16)
-        capab2 = int(sta2['vht_caps_info'], base=16)
-        if capab0 & 0x60 == 0:
-            raise Exception("dev[0] did not support SGI")
-        if capab2 & 0x60 != 0:
-            raise Exception("dev[2] claimed support for SGI")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev, count=3)
-
-def test_he80_invalid(dev, apdev):
-    """HE with invalid 80 MHz channel configuration (seg1)"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "159",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_centr_freq_seg1_idx": "155",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This fails due to unexpected seg1 configuration
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("AP-DISABLED not reported")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he80_invalid2(dev, apdev):
-    """HE with invalid 80 MHz channel configuration (seg0)"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "46",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This fails due to invalid seg0 configuration
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("AP-DISABLED not reported")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he_20(devs, apdevs):
-    """HE and 20 MHz channel"""
-    dev = devs[0]
-    ap = apdevs[0]
-    try:
-        hapd = None
-        params = {"ssid": "test-he20",
-                  "country_code": "DE",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "ht_capab": "",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0",
-                  "supported_rates": "60 120 240 360 480 540",
-                  "require_vht": "1",
-                  "he_oper_chwidth": "0",
-                  "he_oper_centr_freq_seg0_idx": "0"}
-        hapd = hostapd.add_ap(ap, params)
-        dev.connect("test-he20", scan_freq="5180", key_mgmt="NONE")
-        hwsim_utils.test_connectivity(dev, hapd)
-    finally:
-        dev.request("DISCONNECT")
-        clear_regdom(hapd, devs)
-
-def test_he_40(devs, apdevs):
-    """HE and 40 MHz channel"""
-    dev = devs[0]
-    ap = apdevs[0]
-    try:
-        hapd = None
-        params = {"ssid": "test-he40",
-                  "country_code": "DE",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "38",
-                  "he_oper_chwidth": "0",
-                  "he_oper_centr_freq_seg0_idx": "38",
-                  "he_su_beamformer": "1",
-                  "he_mu_beamformer": "1"}
-        hapd = hostapd.add_ap(ap, params)
-        dev.connect("test-he40", scan_freq="5180", key_mgmt="NONE")
-        hwsim_utils.test_connectivity(dev, hapd)
-    finally:
-        dev.request("DISCONNECT")
-        clear_regdom(hapd, devs)
-
-@long_duration_test
-def test_he160(dev, apdev):
-    """HE with 160 MHz channel width (1)"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "50",
-                  "he_oper_chwidth": "2",
-                  "he_oper_centr_freq_seg0_idx": "50",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        bssid = apdev[0]['bssid']
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event")
-
-        state = hapd.get_status_field("state")
-        if state != "DFS":
-            if state == "DISABLED" and not os.path.exists("dfs"):
-                # Not all systems have recent enough CRDA version and
-                # wireless-regdb changes to support 160 MHz and DFS. For now,
-                # do not report failures for this test case.
-                raise HwsimSkip("CRDA or wireless-regdb did not support 160 MHz")
-            raise Exception("Unexpected interface state: " + state)
-
-        logger.info("Waiting for CAC to complete")
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected DFS freq result")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state")
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5180")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        est = dev[0].get_bss(bssid)['est_throughput']
-        if est != "1201002":
-            raise Exception("Unexpected BSS est_throughput: " + est)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-@long_duration_test
-def test_he160b(dev, apdev):
-    """HE with 160 MHz channel width (2)"""
-    try:
-        hapd = None
-
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "104",
-                  "ht_capab": "[HT40-]",
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  "he_oper_chwidth": "2",
-                  "he_oper_centr_freq_seg0_idx": "114",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[1], params, wait_enabled=False)
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
-        if "DFS-CAC-START" not in ev:
-            raise Exception("Unexpected DFS event(2)")
-
-        state = hapd.get_status_field("state")
-        if state != "DFS":
-            if state == "DISABLED" and not os.path.exists("dfs"):
-                # Not all systems have recent enough CRDA version and
-                # wireless-regdb changes to support 160 MHz and DFS. For now,
-                # do not report failures for this test case.
-                raise HwsimSkip("CRDA or wireless-regdb did not support 160 MHz")
-            raise Exception("Unexpected interface state: " + state)
-
-        logger.info("Waiting for CAC to complete")
-
-        ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
-        if "success=1" not in ev:
-            raise Exception("CAC failed(2)")
-        if "freq=5520" not in ev:
-            raise Exception("Unexpected DFS freq result(2)")
-
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out(2)")
-
-        state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state(2)")
-
-        freq = hapd.get_status_field("freq")
-        if freq != "5520":
-            raise Exception("Unexpected frequency(2)")
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5520")
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5520" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_he160_no_dfs_100_plus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (100 plus)"""
-    run_ap_he160_no_dfs(dev, apdev, "100", "[HT40+]")
-
-def test_he160_no_dfs(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (104 minus)"""
-    run_ap_he160_no_dfs(dev, apdev, "104", "[HT40-]")
-
-def test_he160_no_dfs_108_plus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (108 plus)"""
-    run_ap_he160_no_dfs(dev, apdev, "108", "[HT40+]")
-
-def test_he160_no_dfs_112_minus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (112 minus)"""
-    run_ap_he160_no_dfs(dev, apdev, "112", "[HT40-]")
-
-def test_he160_no_dfs_116_plus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (116 plus)"""
-    run_ap_he160_no_dfs(dev, apdev, "116", "[HT40+]")
-
-def test_he160_no_dfs_120_minus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (120 minus)"""
-    run_ap_he160_no_dfs(dev, apdev, "120", "[HT40-]")
-
-def test_he160_no_dfs_124_plus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (124 plus)"""
-    run_ap_he160_no_dfs(dev, apdev, "124", "[HT40+]")
-
-def test_he160_no_dfs_128_minus(dev, apdev):
-    """HE with 160 MHz channel width and no DFS (128 minus)"""
-    run_ap_he160_no_dfs(dev, apdev, "128", "[HT40-]")
-
-def run_ap_he160_no_dfs(dev, apdev, channel, ht_capab):
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "ZA",
-                  "hw_mode": "a",
-                  "channel": channel,
-                  "ht_capab": ht_capab,
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  "he_oper_chwidth": "2",
-                  "he_oper_centr_freq_seg0_idx": "114",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-ENABLED"], timeout=2)
-        if not ev:
-            cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-            reg = cmd.stdout.readlines()
-            for r in reg:
-                if b"5490" in r and b"DFS" in r:
-                    raise HwsimSkip("ZA regulatory rule did not have DFS requirement removed")
-            raise Exception("AP setup timed out")
-
-        freq = str(int(channel) * 5 + 5000)
-        dev[0].connect("he", key_mgmt="NONE", scan_freq=freq)
-        dev[0].wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=" + freq not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he160_no_ht40(dev, apdev):
-    """HE with 160 MHz channel width and HT40 disabled"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "ZA",
-                  "hw_mode": "a",
-                  "channel": "108",
-                  "ht_capab": "",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  "he_oper_chwidth": "2",
-                  "he_oper_centr_freq_seg0_idx": "114",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=2)
-        if not ev:
-            cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-            reg = cmd.stdout.readlines()
-            for r in reg:
-                if "5490" in r and "DFS" in r:
-                    raise HwsimSkip("ZA regulatory rule did not have DFS requirement removed")
-            raise Exception("AP setup timed out")
-        if "AP-ENABLED" in ev:
-            # This was supposed to fail due to sec_channel_offset == 0
-            raise Exception("Unexpected AP-ENABLED")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he80plus80(dev, apdev):
-    """HE with 80+80 MHz channel width"""
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "he",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "52",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "[VHT160-80PLUS80]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "58",
-                  "vht_oper_centr_freq_seg1_idx": "155",
-                  "he_oper_chwidth": "3",
-                  "he_oper_centr_freq_seg0_idx": "58",
-                  "he_oper_centr_freq_seg1_idx": "155",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This will actually fail since DFS on 80+80 is not yet supported
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        # ignore result to avoid breaking the test once 80+80 DFS gets enabled
-
-        params = {"ssid": "he2",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "[VHT160-80PLUS80]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "155",
-                  "he_oper_chwidth": "3",
-                  "he_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_centr_freq_seg1_idx": "155"}
-        hapd2 = hostapd.add_ap(apdev[1], params, wait_enabled=False)
-
-        ev = hapd2.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=5)
-        if not ev:
-            raise Exception("AP setup timed out(2)")
-        if "AP-DISABLED" in ev:
-            # Assume this failed due to missing regulatory update for now
-            raise HwsimSkip("80+80 MHz channel not supported in regulatory information")
-
-        state = hapd2.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("Unexpected interface state(2)")
-
-        dev[1].connect("he2", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[1], hapd2)
-        sig = dev[1].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        if "CENTER_FRQ1=5210" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-        if "CENTER_FRQ2=5775" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_he80plus80_invalid(dev, apdev):
-    """HE with invalid 80+80 MHz channel"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "0",
-                  "he_oper_chwidth": "3",
-                  "he_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_centr_freq_seg1_idx": "0",
-                  'ieee80211d': '1',
-                  'ieee80211h': '1'}
-        hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-        # This fails due to missing(invalid) seg1 configuration
-        ev = hapd.wait_event(["AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("AP-DISABLED not reported")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80/160 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he80_csa(dev, apdev):
-    """HE with 80 MHz channel width and CSA"""
-    csa_supported(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "155",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "155"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5745")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5180 ht vht he blocktx center_freq1=5210 sec_channel_offset=1 bandwidth=80")
-        ev = hapd.wait_event(["CTRL-EVENT-STARTED-CHANNEL-SWITCH"], timeout=10)
-        if ev is None:
-            raise Exception("Channel switch start event not seen")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CS started")
-        ev = hapd.wait_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=10)
-        if ev is None:
-            raise Exception("Channel switch completion event not seen")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CS completed")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5180" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        time.sleep(0.5)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        hapd.request("CHAN_SWITCH 5 5745")
-        ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=5745" not in ev:
-            raise Exception("Unexpected channel in CSA finished event")
-        time.sleep(0.5)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        # This CSA to same channel will fail in kernel, so use this only for
-        # extra code coverage.
-        hapd.request("CHAN_SWITCH 5 5745")
-        hapd.wait_event(["AP-CSA-FINISHED"], timeout=1)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_he_on_24ghz(dev, apdev):
-    """Subset of HE features on 2.4 GHz"""
-    hapd = None
-    params = {"ssid": "test-he-2g",
-              "hw_mode": "g",
-              "channel": "1",
-              "ieee80211n": "1",
-              "ieee80211ax": "1",
-              "vht_oper_chwidth": "0",
-              "vht_oper_centr_freq_seg0_idx": "1",
-              "he_oper_chwidth": "0",
-              "he_oper_centr_freq_seg0_idx": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].connect("test-he-2g", scan_freq="2412", key_mgmt="NONE")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sta = hapd.get_sta(dev[0].own_addr())
-
-        dev[1].connect("test-he-2g", scan_freq="2412", key_mgmt="NONE")
-        sta = hapd.get_sta(dev[1].own_addr())
-
-    finally:
-        dev[0].request("DISCONNECT")
-        dev[1].request("DISCONNECT")
-        if hapd:
-            hapd.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_he80_pwr_constraint(dev, apdev):
-    """HE with 80 MHz channel width and local power constraint"""
-    hapd = None
-    try:
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211d": "1",
-                  "local_pwr_constraint": "3",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5180")
-        dev[0].wait_regdom(country_ie=True)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_he_use_sta_nsts(dev, apdev):
-    """HE with 80 MHz channel width and use_sta_nsts=1"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42",
-                  "use_sta_nsts": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_he_tkip(dev, apdev):
-    """HE and TKIP"""
-    skip_without_tkip(dev[0])
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "wpa": "1",
-                  "wpa_key_mgmt": "WPA-PSK",
-                  "wpa_pairwise": "TKIP",
-                  "wpa_passphrase": "12345678",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        dev[0].connect("he", psk="12345678", scan_freq="5180")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=20 MHz (no HT)" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        status = hapd.get_status()
-        logger.info("hostapd STATUS: " + str(status))
-        if status["ieee80211n"] != "0":
-            raise Exception("Unexpected STATUS ieee80211n value")
-        if status["ieee80211ac"] != "0":
-            raise Exception("Unexpected STATUS ieee80211ac value")
-        if status["ieee80211ax"] != "0":
-            raise Exception("Unexpected STATUS ieee80211ax value")
-        if status["secondary_channel"] != "0":
-            raise Exception("Unexpected STATUS secondary_channel value")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_he_40_fallback_to_20(devs, apdevs):
-    """HE and 40 MHz channel configuration falling back to 20 MHz"""
-    dev = devs[0]
-    ap = apdevs[0]
-    try:
-        hapd = None
-        params = {"ssid": "test-he40",
-                  "country_code": "US",
-                  "hw_mode": "a",
-                  "basic_rates": "60 120 240",
-                  "channel": "161",
-                  "ieee80211d": "1",
-                  "ieee80211h": "1",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "ht_capab": "[HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]",
-                  "vht_capab": "[RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC1][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7]",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "155",
-                  "he_oper_chwidth": "0",
-                  "he_oper_centr_freq_seg0_idx": "155"}
-        hapd = hostapd.add_ap(ap, params)
-        dev.connect("test-he40", scan_freq="5805", key_mgmt="NONE")
-        dev.wait_regdom(country_ie=True)
-        hwsim_utils.test_connectivity(dev, hapd)
-    finally:
-        clear_regdom(hapd, devs)
-
-def test_he80_to_24g_he(dev, apdev):
-    """HE with 80 MHz channel width reconfigured to 2.4 GHz HE"""
-    try:
-        hapd = None
-        params = {"ssid": "he",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ieee80211ax": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_capab": "[MAX-MPDU-11454]",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "he_oper_chwidth": "1",
-                  "he_oper_centr_freq_seg0_idx": "42"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        hapd.disable()
-        hapd.set("ieee80211ac", "0")
-        hapd.set("hw_mode", "g")
-        hapd.set("channel", "1")
-        hapd.set("ht_capab", "")
-        hapd.set("vht_capab", "")
-        hapd.set("he_oper_chwidth", "")
-        hapd.set("he_oper_centr_freq_seg0_idx", "")
-        hapd.set("vht_oper_chwidth", "")
-        hapd.set("vht_oper_centr_freq_seg0_idx", "")
-        hapd.enable()
-
-        dev[0].connect("he", key_mgmt="NONE", scan_freq="2412")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not he_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_he_twt(dev, apdev):
-    """HE and TWT"""
-    params = {"ssid": "he",
-              "ieee80211ax": "1",
-              "he_bss_color": "42",
-              "he_twt_required":"1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("he", key_mgmt="NONE", scan_freq="2412")
-    if "OK" not in dev[0].request("TWT_SETUP"):
-        raise Exception("TWT_SETUP failed")
-    if "OK" not in dev[0].request("TWT_TEARDOWN"):
-        raise Exception("TWT_SETUP failed")
-    if "OK" not in dev[0].request("TWT_SETUP dialog=123 exponent=9 mantissa=10 min_twt=254 setup_cmd=1 twt=1234567890 requestor=1 trigger=0 implicit=0 flow_type=0 flow_id=2 protection=1 twt_channel=3 control=16"):
-        raise Exception("TWT_SETUP failed")
-    if "OK" not in dev[0].request("TWT_TEARDOWN flags=255"):
-        raise Exception("TWT_SETUP failed")
-
-def test_he_6ghz_security(dev, apdev):
-    """HE AP and 6 GHz security parameter validation"""
-    params = {"ssid": "he",
-              "ieee80211ax": "1",
-              "op_class": "131",
-              "channel": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-
-    # Pre-RSNA security methods are not allowed in 6 GHz
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted(1)")
-
-    # Management frame protection is required in 6 GHz"
-    hapd.set("wpa", "2")
-    hapd.set("wpa_passphrase", "12345678")
-    hapd.set("wpa_key_mgmt", "SAE")
-    hapd.set("rsn_pairwise", "CCMP")
-    hapd.set("ieee80211w", "1")
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted(2)")
-
-    # Invalid AKM suite for 6 GHz
-    hapd.set("ieee80211w", "2")
-    hapd.set("wpa_key_mgmt", "SAE WPA-PSK")
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted(3)")
-
-    # Invalid pairwise cipher suite for 6 GHz
-    hapd.set("wpa_key_mgmt", "SAE")
-    hapd.set("rsn_pairwise", "CCMP TKIP")
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted(4)")
-
-    # Invalid group cipher suite for 6 GHz
-    hapd.set("wpa_key_mgmt", "SAE")
-    hapd.set("rsn_pairwise", "CCMP")
-    hapd.set("group_cipher", "TKIP")
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid configuration accepted(5)")
-
-def test_he_prefer_he20(dev, apdev):
-    """Preference on HE20 over HT20"""
-    params = {"ssid": "he",
-              "channel": "1",
-              "ieee80211ax": "0",
-              "ieee80211n": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    params = {"ssid": "test",
-              "channel": "1",
-              "ieee80211ax": "1",
-              "ieee80211n": "1"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    if dev[0].get_status_field('bssid') != bssid2:
-        raise Exception("Unexpected BSS selected")
-
-    est = dev[0].get_bss(bssid)['est_throughput']
-    if est != "65000":
-        raise Exception("Unexpected BSS0 est_throughput: " + est)
-
-    est = dev[0].get_bss(bssid2)['est_throughput']
-    if est != "143402":
-        raise Exception("Unexpected BSS1 est_throughput: " + est)
diff --git a/tests/hwsim/test_hostapd_oom.py b/tests/hwsim/test_hostapd_oom.py
deleted file mode 100644
index 169ae015f8fd..000000000000
--- a/tests/hwsim/test_hostapd_oom.py
+++ /dev/null
@@ -1,173 +0,0 @@
-# hostapd and out-of-memory error paths
-# Copyright (c) 2015, Jouni Malinen
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import time
-
-import hostapd
-from utils import *
-
-def hostapd_oom_loop(apdev, params, start_func="main"):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "ctrl"})
-
-    count = 0
-    for i in range(1, 1000):
-        if "OK" not in hapd.request("TEST_ALLOC_FAIL %d:%s" % (i, start_func)):
-            raise HwsimSkip("TEST_ALLOC_FAIL not supported")
-        try:
-            hostapd.add_ap(apdev[1], params, timeout=2.5)
-            logger.info("Iteration %d - success" % i)
-            hostapd.remove_bss(apdev[1])
-
-            state = hapd.request('GET_ALLOC_FAIL')
-            logger.info("GET_ALLOC_FAIL: " + state)
-            hapd.request("TEST_ALLOC_FAIL 0:")
-            if i < 3:
-                raise Exception("AP setup succeeded during out-of-memory")
-            if state.startswith('0:'):
-                count = 0
-            else:
-                count += 1
-                if count == 5:
-                    break
-        except Exception as e:
-            logger.info("Iteration %d - %s" % (i, str(e)))
-
-@remote_compatible
-def test_hostapd_oom_open(dev, apdev):
-    """hostapd failing to setup open mode due to OOM"""
-    params = {"ssid": "open"}
-    hostapd_oom_loop(apdev, params)
-
-def test_hostapd_oom_wpa2_psk(dev, apdev):
-    """hostapd failing to setup WPA2-PSK mode due to OOM"""
-    params = hostapd.wpa2_params(ssid="test", passphrase="12345678")
-    params['wpa_psk_file'] = 'hostapd.wpa_psk'
-    hostapd_oom_loop(apdev, params)
-
-    tests = ["hostapd_config_read_wpa_psk", "hostapd_derive_psk"]
-    for t in tests:
-        hapd = hostapd.add_ap(apdev[0], {"ssid": "ctrl"})
-        hapd.request("TEST_ALLOC_FAIL 1:%s" % t)
-        try:
-            hostapd.add_ap(apdev[1], params, timeout=2.5)
-            raise Exception("Unexpected add_ap() success during OOM")
-        except Exception as e:
-            if "Failed to enable hostapd" in str(e):
-                pass
-            else:
-                raise
-        state = hapd.request('GET_ALLOC_FAIL')
-        if state != "0:%s" % t:
-            raise Exception("OOM not triggered")
-
-@remote_compatible
-def test_hostapd_oom_wpa2_eap(dev, apdev):
-    """hostapd failing to setup WPA2-EAP mode due to OOM"""
-    params = hostapd.wpa2_eap_params(ssid="test")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hostapd_oom_loop(apdev, params)
-
-@remote_compatible
-def test_hostapd_oom_wpa2_eap_radius(dev, apdev):
-    """hostapd failing to setup WPA2-EAP mode due to OOM in RADIUS"""
-    params = hostapd.wpa2_eap_params(ssid="test")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hostapd_oom_loop(apdev, params, start_func="accounting_init")
-
-def test_hostapd_oom_wpa2_psk_connect(dev, apdev):
-    """hostapd failing during WPA2-PSK mode connection due to OOM"""
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SCAN_INTERVAL 1")
-    count = 0
-    for i in range(1, 1000):
-        logger.info("Iteration %d" % i)
-        if "OK" not in hapd.request("TEST_ALLOC_FAIL %d:main" % i):
-            raise HwsimSkip("TEST_ALLOC_FAIL not supported")
-        id = dev[0].connect("test-wpa2-psk", psk="12345678",
-                            scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=5)
-        if ev is None:
-            logger.info("Timeout while waiting for connection in iteration %d" % i)
-            dev[0].request("REMOVE_NETWORK all")
-            time.sleep(0.1)
-        else:
-            if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev:
-                logger.info("Re-select to avoid long wait for temp disavle")
-                dev[0].select_network(id)
-                dev[0].wait_connected()
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-        for i in range(3):
-            dev[i].dump_monitor()
-        hapd.dump_monitor()
-
-        state = hapd.request('GET_ALLOC_FAIL')
-        logger.info("GET_ALLOC_FAIL: " + state)
-        hapd.request("TEST_ALLOC_FAIL 0:")
-        if state.startswith('0:'):
-            count = 0
-        else:
-            count += 1
-            if count == 5:
-                break
-    dev[0].request("SCAN_INTERVAL 5")
-
-@long_duration_test
-def test_hostapd_oom_wpa2_eap_connect(dev, apdev):
-    """hostapd failing during WPA2-EAP mode connection due to OOM"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SCAN_INTERVAL 1")
-    count = 0
-    for i in range(1, 1000):
-        logger.info("Iteration %d" % i)
-        if "OK" not in hapd.request("TEST_ALLOC_FAIL %d:main" % i):
-            raise HwsimSkip("TEST_ALLOC_FAIL not supported")
-        id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                            eap="GPSK", identity="gpsk user",
-                            password="abcdefghijklmnop0123456789abcdef",
-                            scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=5)
-        if ev is None:
-            logger.info("Timeout while waiting for connection in iteration %d" % i)
-            dev[0].request("REMOVE_NETWORK all")
-            time.sleep(0.1)
-        else:
-            if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev:
-                logger.info("Re-select to avoid long wait for temp disavle")
-                dev[0].select_network(id)
-                dev[0].wait_connected()
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-        for i in range(3):
-            dev[i].dump_monitor()
-        hapd.dump_monitor()
-
-        state = hapd.request('GET_ALLOC_FAIL')
-        logger.info("GET_ALLOC_FAIL: " + state)
-        hapd.request("TEST_ALLOC_FAIL 0:")
-        if state.startswith('0:'):
-            count = 0
-        else:
-            count += 1
-            if count == 5:
-                break
-    dev[0].request("SCAN_INTERVAL 5")
diff --git a/tests/hwsim/test_hs20_filter.py b/tests/hwsim/test_hs20_filter.py
deleted file mode 100644
index 11cf34756319..000000000000
--- a/tests/hwsim/test_hs20_filter.py
+++ /dev/null
@@ -1,205 +0,0 @@
-# Hotspot 2.0 filtering tests
-# Copyright (c) 2015, Intel Deutschland GmbH
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-import hwsim_utils
-import socket
-import subprocess
-import binascii
-from utils import HwsimSkip, require_under_vm
-import os
-import time
-from test_ap_hs20 import build_arp, build_na, hs20_ap_params
-from test_ap_hs20 import interworking_select, interworking_connect
-import struct
-import logging
-logger = logging.getLogger()
-
-class IPAssign(object):
-    def __init__(self, iface, addr, ipv6=False):
-        self._iface = iface
-        self._addr = addr
-        self._cmd = ['ip']
-        if ipv6:
-            self._cmd.append('-6')
-        self._cmd.append('addr')
-        self._ipv6 = ipv6
-    def __enter__(self):
-        subprocess.call(self._cmd + ['add', self._addr, 'dev', self._iface])
-        if self._ipv6:
-            # wait for DAD to finish
-            while True:
-                o = subprocess.check_output(self._cmd + ['show', 'tentative', 'dev', self._iface]).decode()
-                if self._addr not in o:
-                    break
-                time.sleep(0.1)
-    def __exit__(self, type, value, traceback):
-        subprocess.call(self._cmd + ['del', self._addr, 'dev', self._iface])
-
-def hs20_filters_connect(dev, apdev, disable_dgaf=False, proxy_arp=False):
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-
-    # Do not disable dgaf, to test that the station drops unicast IP packets
-    # encrypted with GTK.
-    params['disable_dgaf'] = '0'
-    params['proxy_arp'] = '1'
-    params['ap_isolate'] = '1'
-    params['bridge'] = 'ap-br0'
-
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except:
-        # For now, do not report failures due to missing kernel support.
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in the kernel")
-
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    dev[0].hs20_enable()
-
-    id = dev[0].add_cred_values({'realm': "example.com",
-                                 'username': "hs20-test",
-                                 'password': "password",
-                                 'ca_cert': "auth_serv/ca.pem",
-                                 'domain': "example.com",
-                                 'update_identifier': "1234"})
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-
-    time.sleep(0.1)
-
-    return dev[0], hapd
-
-def _test_ip4_gtk_drop(devs, apdevs, params, dst):
-    require_under_vm()
-    procfile = '/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast' % devs[0].ifname
-    if not os.path.exists(procfile):
-        raise HwsimSkip("kernel doesn't have capability")
-
-    [dev, hapd] = hs20_filters_connect(devs, apdevs)
-    with IPAssign(dev.ifname, '10.0.0.1/24'):
-        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-        s.bind(("10.0.0.1", 12345))
-        s.settimeout(0.1)
-
-        pkt = dst
-        pkt += hapd.own_addr().replace(':', '')
-        pkt += '0800'
-        pkt += '45000020786840004011ae600a0000040a000001'
-        pkt += '30393039000c0000'
-        pkt += '61736466' # "asdf"
-        if "OK" not in hapd.request('DATA_TEST_FRAME ' + pkt):
-            raise Exception("DATA_TEST_FRAME failed")
-        try:
-            logger.info(s.recvfrom(1024))
-            logger.info("procfile=" + procfile + " val=" + open(procfile, 'r').read().rstrip())
-            raise Exception("erroneously received frame!")
-        except socket.timeout:
-            # this is the expected behaviour
-            pass
-
-def test_ip4_gtk_drop_bcast(devs, apdevs, params):
-    """Hotspot 2.0 frame filtering - IPv4 GTK drop broadcast"""
-    _test_ip4_gtk_drop(devs, apdevs, params, dst='ffffffffffff')
-
-def test_ip4_gtk_drop_mcast(devs, apdevs, params):
-    """Hotspot 2.0 frame filtering - IPv4 GTK drop multicast"""
-    _test_ip4_gtk_drop(devs, apdevs, params, dst='ff0000000000')
-
-def _test_ip6_gtk_drop(devs, apdevs, params, dst):
-    require_under_vm()
-    dev = devs[0]
-    procfile = '/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast' % devs[0].ifname
-    if not os.path.exists(procfile):
-        raise HwsimSkip("kernel doesn't have capability")
-
-    [dev, hapd] = hs20_filters_connect(devs, apdevs)
-
-    with IPAssign(dev.ifname, 'fdaa::1/48', ipv6=True):
-        s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
-        s.bind(("fdaa::1", 12345))
-        s.settimeout(0.1)
-
-        pkt = dst
-        pkt += hapd.own_addr().replace(':', '')
-        pkt += '86dd'
-        pkt += '60000000000c1140fdaa0000000000000000000000000002fdaa0000000000000000000000000001'
-        pkt += '30393039000cde31'
-        pkt += '61736466' # "asdf"
-        if "OK" not in hapd.request('DATA_TEST_FRAME ' + pkt):
-            raise Exception("DATA_TEST_FRAME failed")
-        try:
-            logger.info(s.recvfrom(1024))
-            logger.info("procfile=" + procfile + " val=" + open(procfile, 'r').read().rstrip())
-            raise Exception("erroneously received frame!")
-        except socket.timeout:
-            # this is the expected behaviour
-            pass
-
-def test_ip6_gtk_drop_bcast(devs, apdevs, params):
-    """Hotspot 2.0 frame filtering - IPv6 GTK drop broadcast"""
-    _test_ip6_gtk_drop(devs, apdevs, params, dst='ffffffffffff')
-
-def test_ip6_gtk_drop_mcast(devs, apdevs, params):
-    """Hotspot 2.0 frame filtering - IPv6 GTK drop multicast"""
-    _test_ip6_gtk_drop(devs, apdevs, params, dst='ff0000000000')
-
-def test_ip4_drop_gratuitous_arp(devs, apdevs, params):
-    """Hotspot 2.0 frame filtering - IPv4 drop gratuitous ARP"""
-    require_under_vm()
-    procfile = '/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp' % devs[0].ifname
-    if not os.path.exists(procfile):
-        raise HwsimSkip("kernel doesn't have capability")
-
-    [dev, hapd] = hs20_filters_connect(devs, apdevs)
-
-    with IPAssign(dev.ifname, '10.0.0.2/24'):
-        # add an entry that can be updated by gratuitous ARP
-        subprocess.call(['ip', 'neigh', 'add', '10.0.0.1', 'lladdr', '02:00:00:00:00:ff', 'nud', 'reachable', 'dev', dev.ifname])
-        # wait for lock-time
-        time.sleep(1)
-        try:
-            ap_addr = hapd.own_addr()
-            cl_addr = dev.own_addr()
-            pkt = build_arp(cl_addr, ap_addr, 2, ap_addr, '10.0.0.1', ap_addr, '10.0.0.1')
-            pkt = binascii.hexlify(pkt).decode()
-
-            if "OK" not in hapd.request('DATA_TEST_FRAME ' + pkt):
-                raise Exception("DATA_TEST_FRAME failed")
-
-            if hapd.own_addr() in subprocess.check_output(['ip', 'neigh', 'show']).decode():
-                raise Exception("gratuitous ARP frame updated erroneously")
-        finally:
-            subprocess.call(['ip', 'neigh', 'del', '10.0.0.1', 'dev', dev.ifname])
-
-def test_ip6_drop_unsolicited_na(devs, apdevs, params):
-    """Hotspot 2.0 frame filtering - IPv6 drop unsolicited NA"""
-    require_under_vm()
-    procfile = '/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na' % devs[0].ifname
-    if not os.path.exists(procfile):
-        raise HwsimSkip("kernel doesn't have capability")
-
-    [dev, hapd] = hs20_filters_connect(devs, apdevs)
-
-    with IPAssign(dev.ifname, 'fdaa::1/48', ipv6=True):
-        # add an entry that can be updated by unsolicited NA
-        subprocess.call(['ip', '-6', 'neigh', 'add', 'fdaa::2', 'lladdr', '02:00:00:00:00:ff', 'nud', 'reachable', 'dev', dev.ifname])
-        try:
-            ap_addr = hapd.own_addr()
-            cl_addr = dev.own_addr()
-            pkt = build_na(ap_addr, 'fdaa::2', 'ff02::1', 'fdaa::2', flags=0x20,
-                           opt=binascii.unhexlify('0201' + ap_addr.replace(':', '')))
-            pkt = binascii.hexlify(pkt).decode()
-
-            if "OK" not in hapd.request('DATA_TEST_FRAME ' + pkt):
-                raise Exception("DATA_TEST_FRAME failed")
-
-            if hapd.own_addr() in subprocess.check_output(['ip', 'neigh', 'show']).decode():
-                raise Exception("unsolicited NA frame updated erroneously")
-        finally:
-            subprocess.call(['ip', '-6', 'neigh', 'del', 'fdaa::2', 'dev', dev.ifname])
diff --git a/tests/hwsim/test_hs20_pps_mo.py b/tests/hwsim/test_hs20_pps_mo.py
deleted file mode 100644
index 5b0cf12025c8..000000000000
--- a/tests/hwsim/test_hs20_pps_mo.py
+++ /dev/null
@@ -1,43 +0,0 @@
-# Hotspot 2.0 PPS MO tests
-# Copyright (c) 2018, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os.path
-import subprocess
-
-import hostapd
-from utils import HwsimSkip
-from test_ap_hs20 import hs20_ap_params, interworking_select, interworking_connect, check_sp_type
-from test_ap_eap import check_eap_capa, check_domain_suffix_match
-
-def check_hs20_osu_client():
-    if not os.path.exists("../../hs20/client/hs20-osu-client"):
-        raise HwsimSkip("No hs20-osu-client available")
-
-def set_pps(pps_mo):
-    res = subprocess.check_output(["../../hs20/client/hs20-osu-client",
-                                   "set_pps", pps_mo]).decode()
-    logger.info("set_pps result: " + res)
-
-def test_hs20_pps_mo_1(dev, apdev):
-    """Hotspot 2.0 PPS MO with username/password credential"""
-    check_hs20_osu_client()
-    check_eap_capa(dev[0], "MSCHAPV2")
-    check_domain_suffix_match(dev[0])
-    bssid = apdev[0]['bssid']
-    params = hs20_ap_params()
-    params['hessid'] = bssid
-    params['nai_realm'] = ["0,w1.fi,13[5:6],21[2:4][5:7]",
-                           "0,another.example.com"]
-    params['domain_name'] = "w1.fi"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].hs20_enable()
-    set_pps("pps-mo-1.xml")
-    interworking_select(dev[0], bssid, "home", freq="2412")
-    interworking_connect(dev[0], bssid, "TTLS")
-    check_sp_type(dev[0], "home")
diff --git a/tests/hwsim/test_ibss.py b/tests/hwsim/test_ibss.py
deleted file mode 100644
index 29ebd8129ff1..000000000000
--- a/tests/hwsim/test_ibss.py
+++ /dev/null
@@ -1,601 +0,0 @@
-# IBSS test cases
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import time
-import re
-import subprocess
-
-import hwsim_utils
-from utils import *
-
-def connect_ibss_cmd(dev, id, freq=2412):
-    dev.dump_monitor()
-    dev.select_network(id, freq=str(freq))
-
-def wait_ibss_connection(dev):
-    logger.info(dev.ifname + " waiting for IBSS start/join to complete")
-    ev = dev.wait_connected(timeout=20,
-                            error="Connection to the IBSS timed out")
-    exp = r'<.>(CTRL-EVENT-CONNECTED) - Connection to ([0-9a-f:]*) completed.*'
-    s = re.split(exp, ev)
-    if len(s) < 3:
-        return None
-    return s[2]
-
-def wait_4way_handshake(dev1, dev2):
-    logger.info(dev1.ifname + " waiting for 4-way handshake completion with " + dev2.ifname + " " + dev2.p2p_interface_addr())
-    ev = dev1.wait_event(["IBSS-RSN-COMPLETED " + dev2.p2p_interface_addr()],
-                         timeout=20)
-    if ev is None:
-        raise Exception("4-way handshake in IBSS timed out")
-
-def wait_4way_handshake2(dev1, dev2, dev3):
-    logger.info(dev1.ifname + " waiting for 4-way handshake completion with " + dev2.ifname + " " + dev2.p2p_interface_addr() + " and " + dev3.p2p_interface_addr())
-    ev = dev1.wait_event(["IBSS-RSN-COMPLETED " + dev2.p2p_interface_addr(),
-                          "IBSS-RSN-COMPLETED " + dev3.p2p_interface_addr()],
-                         timeout=20)
-    if ev is None:
-        raise Exception("4-way handshake in IBSS timed out")
-    ev = dev1.wait_event(["IBSS-RSN-COMPLETED " + dev2.p2p_interface_addr(),
-                          "IBSS-RSN-COMPLETED " + dev3.p2p_interface_addr()],
-                         timeout=20)
-    if ev is None:
-        raise Exception("4-way handshake in IBSS timed out")
-
-def add_ibss(dev, ssid, psk=None, proto=None, key_mgmt=None, pairwise=None,
-             group=None, beacon_int=None, bssid=None, scan_freq=None,
-             wep_key0=None, freq=2412, chwidth=0, group_rekey=0):
-    id = dev.add_network()
-    dev.set_network(id, "mode", "1")
-    dev.set_network(id, "frequency", str(freq))
-    if chwidth > 0:
-        dev.set_network(id, "max_oper_chwidth", str(chwidth))
-    if scan_freq:
-        dev.set_network(id, "scan_freq", str(scan_freq))
-    dev.set_network_quoted(id, "ssid", ssid)
-    if psk:
-        dev.set_network_quoted(id, "psk", psk)
-    if proto:
-        dev.set_network(id, "proto", proto)
-    if key_mgmt:
-        dev.set_network(id, "key_mgmt", key_mgmt)
-    if pairwise:
-        dev.set_network(id, "pairwise", pairwise)
-    if group:
-        dev.set_network(id, "group", group)
-    if beacon_int:
-        dev.set_network(id, "beacon_int", beacon_int)
-    if bssid:
-        dev.set_network(id, "bssid", bssid)
-    if wep_key0:
-        dev.set_network(id, "wep_key0", wep_key0)
-    if group_rekey:
-        dev.set_network(id, "group_rekey", str(group_rekey))
-    dev.request("ENABLE_NETWORK " + str(id) + " no-connect")
-    return id
-
-def add_ibss_rsn(dev, ssid, group_rekey=0, scan_freq=None):
-    return add_ibss(dev, ssid, "12345678", "RSN", "WPA-PSK", "CCMP", "CCMP",
-                    group_rekey=group_rekey, scan_freq=scan_freq)
-
-def add_ibss_rsn_tkip(dev, ssid):
-    return add_ibss(dev, ssid, "12345678", "RSN", "WPA-PSK", "TKIP", "TKIP")
-
-def add_ibss_wpa_none(dev, ssid):
-    return add_ibss(dev, ssid, "12345678", "WPA", "WPA-NONE", "TKIP", "TKIP")
-
-def add_ibss_wpa_none_ccmp(dev, ssid):
-    return add_ibss(dev, ssid, "12345678", "WPA", "WPA-NONE", "CCMP", "CCMP")
-
-def test_ibss_rsn(dev):
-    """IBSS RSN"""
-    ssid = "ibss-rsn"
-
-    logger.info("Start IBSS on the first STA")
-    id = add_ibss_rsn(dev[0], ssid)
-    # FIX: For now, this disables HT to avoid a strange issue with mac80211
-    # frame reordering during the final test_connectivity() call. Once that is
-    # figured out, these disable_ht=1 calls should be removed from the test
-    # case.
-    dev[0].set_network(id, "disable_ht", "1")
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    logger.info("Join two STAs to the IBSS")
-
-    id = add_ibss_rsn(dev[1], ssid)
-    dev[1].set_network(id, "disable_ht", "1")
-    connect_ibss_cmd(dev[1], id)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-        # try to merge with a scan
-        dev[1].scan()
-    wait_4way_handshake(dev[0], dev[1])
-    wait_4way_handshake(dev[1], dev[0])
-
-    id = add_ibss_rsn(dev[2], ssid)
-    connect_ibss_cmd(dev[2], id)
-    bssid2 = wait_ibss_connection(dev[2])
-    if bssid0 != bssid2:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA2 BSSID " + bssid2)
-        # try to merge with a scan
-        dev[2].scan()
-    wait_4way_handshake(dev[0], dev[2])
-    wait_4way_handshake2(dev[2], dev[0], dev[1])
-
-    # Allow some time for all peers to complete key setup
-    time.sleep(3)
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    hwsim_utils.test_connectivity(dev[0], dev[2])
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-
-    dev[1].request("REMOVE_NETWORK all")
-    time.sleep(1)
-    id = add_ibss_rsn(dev[1], ssid)
-    dev[1].set_network(id, "disable_ht", "1")
-    connect_ibss_cmd(dev[1], id)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-        # try to merge with a scan
-        dev[1].scan()
-    wait_4way_handshake(dev[0], dev[1])
-    wait_4way_handshake(dev[1], dev[0])
-    time.sleep(3)
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-    if "OK" not in dev[0].request("IBSS_RSN " + dev[1].p2p_interface_addr()):
-        raise Exception("IBSS_RSN command failed")
-
-    key_mgmt = dev[0].get_status_field("key_mgmt")
-    if key_mgmt != "WPA2-PSK":
-        raise Exception("Unexpected STATUS key_mgmt: " + key_mgmt)
-
-def test_ibss_rsn_group_rekey(dev):
-    """IBSS RSN group rekeying"""
-    ssid = "ibss-rsn"
-
-    logger.info("Start IBSS on the first STA")
-    id = add_ibss_rsn(dev[0], ssid, group_rekey=4, scan_freq=2412)
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-    dev[0].dump_monitor()
-
-    logger.info("Join two STAs to the IBSS")
-
-    dev[1].scan_for_bss(bssid0, freq=2412)
-    id = add_ibss_rsn(dev[1], ssid, scan_freq=2412)
-    connect_ibss_cmd(dev[1], id)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        raise Exception("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-    wait_4way_handshake(dev[0], dev[1])
-    wait_4way_handshake(dev[1], dev[0])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    ev = dev[1].wait_event(["WPA: Group rekeying completed"], timeout=10)
-    if ev is None:
-        raise Exception("No group rekeying reported")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-def test_ibss_wpa_none(dev):
-    """IBSS WPA-None"""
-    skip_without_tkip(dev[0])
-    skip_without_tkip(dev[1])
-    skip_without_tkip(dev[2])
-    ssid = "ibss-wpa-none"
-
-    logger.info("Start IBSS on the first STA")
-    id = add_ibss_wpa_none(dev[0], ssid)
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    # This is a bit ugly, but no one really cares about WPA-None, so there may
-    # not be enough justification to clean this up.. For now, wpa_supplicant
-    # will show two connection events with mac80211_hwsim where the first one
-    # comes with all zeros address.
-    if bssid0 == "00:00:00:00:00:00":
-        logger.info("Waiting for real BSSID on the first STA")
-        bssid0 = wait_ibss_connection(dev[0])
-
-    logger.info("Join two STAs to the IBSS")
-
-    id = add_ibss_wpa_none(dev[1], ssid)
-    connect_ibss_cmd(dev[1], id)
-    id = add_ibss_wpa_none(dev[2], ssid)
-    connect_ibss_cmd(dev[2], id)
-
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-        bssid1 = wait_ibss_connection(dev[1])
-
-    bssid2 = wait_ibss_connection(dev[2])
-    if bssid0 != bssid2:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA2 BSSID " + bssid2)
-        bssid2 = wait_ibss_connection(dev[2])
-
-    logger.info("bssid0=%s bssid1=%s bssid2=%s" % (bssid0, bssid1, bssid2))
-
-    bss = dev[0].get_bss(bssid0)
-    if not bss:
-        bss = dev[1].get_bss(bssid1)
-        if not bss:
-            raise Exception("Could not find BSS entry for IBSS")
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WPA-None-TKIP]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    # Allow some time for all peers to complete key setup
-    time.sleep(1)
-
-    # This is supposed to work, but looks like WPA-None does not work with
-    # mac80211 currently..
-    try:
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-    except Exception as e:
-        logger.info("Ignoring known connectivity failure: " + str(e))
-    try:
-        hwsim_utils.test_connectivity(dev[0], dev[2])
-    except Exception as e:
-        logger.info("Ignoring known connectivity failure: " + str(e))
-    try:
-        hwsim_utils.test_connectivity(dev[1], dev[2])
-    except Exception as e:
-        logger.info("Ignoring known connectivity failure: " + str(e))
-
-    key_mgmt = dev[0].get_status_field("key_mgmt")
-    if key_mgmt != "WPA-NONE":
-        raise Exception("Unexpected STATUS key_mgmt: " + key_mgmt)
-
-def test_ibss_wpa_none_ccmp(dev):
-    """IBSS WPA-None/CCMP"""
-    skip_without_tkip(dev[0])
-    skip_without_tkip(dev[1])
-    ssid = "ibss-wpa-none"
-
-    logger.info("Start IBSS on the first STA")
-    id = add_ibss_wpa_none(dev[0], ssid)
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    # This is a bit ugly, but no one really cares about WPA-None, so there may
-    # not be enough justification to clean this up.. For now, wpa_supplicant
-    # will show two connection events with mac80211_hwsim where the first one
-    # comes with all zeros address.
-    if bssid0 == "00:00:00:00:00:00":
-        logger.info("Waiting for real BSSID on the first STA")
-        bssid0 = wait_ibss_connection(dev[0])
-
-
-    logger.info("Join a STA to the IBSS")
-    id = add_ibss_wpa_none(dev[1], ssid)
-    connect_ibss_cmd(dev[1], id)
-
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-        bssid1 = wait_ibss_connection(dev[1])
-
-    logger.info("bssid0=%s bssid1=%s" % (bssid0, bssid1))
-
-    # Allow some time for all peers to complete key setup
-    time.sleep(1)
-
-    # This is supposed to work, but looks like WPA-None does not work with
-    # mac80211 currently..
-    try:
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-    except Exception as e:
-        logger.info("Ignoring known connectivity failure: " + str(e))
-
-def test_ibss_open(dev):
-    """IBSS open (no security)"""
-    ssid = "ibss"
-    id = add_ibss(dev[0], ssid, key_mgmt="NONE", beacon_int="150")
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    id = add_ibss(dev[1], ssid, key_mgmt="NONE", beacon_int="200")
-    connect_ibss_cmd(dev[1], id)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-
-    res = dev[0].request("SCAN_RESULTS")
-    if "[IBSS]" not in res:
-        res = dev[1].request("SCAN_RESULTS")
-        if "[IBSS]" not in res:
-            raise Exception("IBSS flag missing from scan results: " + res)
-    bss = dev[0].get_bss(bssid0)
-    if not bss:
-        bss = dev[1].get_bss(bssid1)
-        if not bss:
-            raise Exception("Could not find BSS entry for IBSS")
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[IBSS]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    freq0 = dev[0].get_status_field("freq")
-    freq1 = dev[1].get_status_field("freq")
-    if freq0 != "2412" or freq1 != "2412":
-        raise Exception("IBSS operating frequency not reported correctly (%s %s)" % (freq0, freq1))
-
-    key_mgmt = dev[0].get_status_field("key_mgmt")
-    if key_mgmt != "NONE":
-        raise Exception("Unexpected STATUS key_mgmt: " + key_mgmt)
-
-def test_ibss_open_fixed_bssid(dev):
-    """IBSS open (no security) and fixed BSSID"""
-    ssid = "ibss"
-    bssid = "02:11:22:33:44:55"
-    try:
-        dev[0].request("AP_SCAN 2")
-        add_ibss(dev[0], ssid, key_mgmt="NONE", bssid=bssid, beacon_int="150")
-        dev[0].request("REASSOCIATE")
-
-        dev[1].request("AP_SCAN 2")
-        add_ibss(dev[1], ssid, key_mgmt="NONE", bssid=bssid, beacon_int="200")
-        dev[1].request("REASSOCIATE")
-
-        bssid0 = wait_ibss_connection(dev[0])
-        bssid1 = wait_ibss_connection(dev[1])
-        if bssid0 != bssid:
-            raise Exception("STA0 BSSID " + bssid0 + " differs from fixed BSSID " + bssid)
-        if bssid1 != bssid:
-            raise Exception("STA0 BSSID " + bssid0 + " differs from fixed BSSID " + bssid)
-    finally:
-        dev[0].request("AP_SCAN 1")
-        dev[1].request("AP_SCAN 1")
-
-def test_ibss_open_retry(dev):
-    """IBSS open (no security) with cfg80211 retry workaround"""
-    subprocess.check_call(['iw', 'dev', dev[0].ifname, 'set', 'type', 'adhoc'])
-    subprocess.check_call(['iw', 'dev', dev[0].ifname, 'ibss', 'join',
-                           'ibss-test', '2412', 'HT20', 'fixed-freq',
-                           '02:22:33:44:55:66'])
-    ssid = "ibss"
-    try:
-        dev[0].request("AP_SCAN 2")
-        id = add_ibss(dev[0], ssid, key_mgmt="NONE", beacon_int="150",
-                      bssid="02:33:44:55:66:77", scan_freq=2412)
-        #connect_ibss_cmd(dev[0], id)
-        dev[0].request("REASSOCIATE")
-        bssid0 = wait_ibss_connection(dev[0])
-
-        subprocess.check_call(['iw', 'dev', dev[0].ifname, 'ibss', 'leave'])
-        time.sleep(1)
-        dev[0].request("DISCONNECT")
-    finally:
-        dev[0].request("AP_SCAN 1")
-
-def test_ibss_rsn_tkip(dev):
-    """IBSS RSN with TKIP as the cipher"""
-    skip_without_tkip(dev[0])
-    skip_without_tkip(dev[1])
-    ssid = "ibss-rsn-tkip"
-
-    id = add_ibss_rsn_tkip(dev[0], ssid)
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    id = add_ibss_rsn_tkip(dev[1], ssid)
-    connect_ibss_cmd(dev[1], id)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-        # try to merge with a scan
-        dev[1].scan()
-    wait_4way_handshake(dev[0], dev[1])
-    wait_4way_handshake(dev[1], dev[0])
-
-def test_ibss_wep(dev):
-    """IBSS with WEP"""
-    check_wep_capa(dev[0])
-    check_wep_capa(dev[1])
-
-    ssid = "ibss-wep"
-
-    id = add_ibss(dev[0], ssid, key_mgmt="NONE", wep_key0='"hello"')
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    id = add_ibss(dev[1], ssid, key_mgmt="NONE", wep_key0='"hello"')
-    connect_ibss_cmd(dev[1], id)
-    bssid1 = wait_ibss_connection(dev[1])
-
-@remote_compatible
-def test_ibss_rsn_error_case(dev):
-    """IBSS RSN regression test for IBSS_RSN prior IBSS setup"""
-    if "FAIL" not in dev[0].request("IBSS_RSN 02:03:04:05:06:07"):
-        raise Exception("Unexpected IBSS_RSN result")
-
-def test_ibss_5ghz(dev):
-    """IBSS on 5 GHz band"""
-    try:
-        _test_ibss_5ghz(dev)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_ibss_5ghz(dev):
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        dev[i].dump_monitor()
-
-    ssid = "ibss"
-    id = add_ibss(dev[0], ssid, key_mgmt="NONE", beacon_int="150", freq=5180)
-    connect_ibss_cmd(dev[0], id, freq=5180)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    dev[1].scan_for_bss(bssid0, freq=5180)
-    id = add_ibss(dev[1], ssid, key_mgmt="NONE", beacon_int="200", freq=5180)
-    connect_ibss_cmd(dev[1], id, freq=5180)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_ibss_vht_80p80(dev):
-    """IBSS on VHT 80+80 MHz channel"""
-    try:
-        _test_ibss_vht_80p80(dev)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def _test_ibss_vht_80p80(dev):
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        dev[i].dump_monitor()
-
-    ssid = "ibss"
-    id = add_ibss(dev[0], ssid, key_mgmt="NONE", freq=5180, chwidth=3)
-    connect_ibss_cmd(dev[0], id, freq=5180)
-    bssid0 = wait_ibss_connection(dev[0])
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    if "FREQUENCY=5180" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-    if "WIDTH=80+80 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    if "CENTER_FRQ1=5210" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-    if "CENTER_FRQ2=5775" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-
-    dev[1].scan_for_bss(bssid0, freq=5180)
-    id = add_ibss(dev[1], ssid, key_mgmt="NONE", freq=5180, chwidth=3)
-    connect_ibss_cmd(dev[1], id, freq=5180)
-    bssid1 = wait_ibss_connection(dev[1])
-    if bssid0 != bssid1:
-        logger.info("STA0 BSSID " + bssid0 + " differs from STA1 BSSID " + bssid1)
-
-    sig = dev[1].request("SIGNAL_POLL").splitlines()
-    if "FREQUENCY=5180" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(1b): " + str(sig))
-    logger.info("STA1 SIGNAL_POLL: " + str(sig))
-    # For now, don't report errors on joining STA failing to get 80+80 MHZ
-    # since mac80211 missed functionality for that to work.
-
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_ibss_rsn_oom(dev):
-    """IBSS RSN OOM during wpa_init"""
-    with alloc_fail(dev[0], 1, "wpa_init"):
-        ssid = "ibss-rsn"
-        id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
-        connect_ibss_cmd(dev[0], id)
-        bssid0 = wait_ibss_connection(dev[0])
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    with alloc_fail(dev[0], 1, "=ibss_rsn_init"):
-        ssid = "ibss-rsn"
-        id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
-        connect_ibss_cmd(dev[0], id)
-        bssid0 = wait_ibss_connection(dev[0])
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-def send_eapol_rx(dev, dst):
-    if "OK" not in dev.request("EAPOL_RX %s 0203005f02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
-        raise Exception("EAPOL_RX for %s failed" % dst)
-
-def test_ibss_rsn_eapol_trigger(dev):
-    """IBSS RSN and EAPOL trigger for a new peer"""
-    ssid = "ibss-rsn"
-
-    id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
-    connect_ibss_cmd(dev[0], id)
-    bssid0 = wait_ibss_connection(dev[0])
-
-    send_eapol_rx(dev[0], "02:ff:00:00:00:01")
-    send_eapol_rx(dev[0], "02:ff:00:00:00:01")
-
-    dst = "02:ff:00:00:00:01"
-    logger.info("Too short EAPOL frame")
-    if "OK" not in dev[0].request("EAPOL_RX %s 0203005e02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b1100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
-        raise Exception("EAPOL_RX for %s failed" % dst)
-    logger.info("RSN: EAPOL frame (type 255) discarded, not a Key frame")
-    if "OK" not in dev[0].request("EAPOL_RX %s 02ff005f02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
-        raise Exception("EAPOL_RX for %s failed" % dst)
-    logger.info("RSN: EAPOL frame payload size 96 invalid (frame size 99)")
-    if "OK" not in dev[0].request("EAPOL_RX %s 0203006002008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
-        raise Exception("EAPOL_RX for %s failed" % dst)
-    logger.info("RSN: EAPOL-Key type (255) unknown, discarded")
-    if "OK" not in dev[0].request("EAPOL_RX %s 0203005fff008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
-        raise Exception("EAPOL_RX for %s failed" % dst)
-
-    with alloc_fail(dev[0], 1, "ibss_rsn_rx_eapol"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:02")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "wpa_auth_sta_init;ibss_rsn_auth_init"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:03")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "=ibss_rsn_peer_init"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:04")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "ibss_rsn_process_rx_eapol"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:05")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1,
-                    "wpa_sm_set_assoc_wpa_ie_default;ibss_rsn_supp_init"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:06")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "wpa_sm_init;ibss_rsn_supp_init"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:07")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "=ibss_rsn_supp_init"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:08")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "supp_alloc_eapol"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:09")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with alloc_fail(dev[0], 1, "wpa_validate_wpa_ie;ibss_rsn_auth_init"):
-        send_eapol_rx(dev[0], "02:ff:00:00:00:0a")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    logger.info("RSN: Timeout on waiting Authentication frame response")
-    if "OK" not in dev[0].request("IBSS_RSN 02:ff:00:00:00:0b"):
-        raise Exception("Unexpected IBSS_RSN result")
-    time.sleep(1.1)
diff --git a/tests/hwsim/test_ieee8021x.py b/tests/hwsim/test_ieee8021x.py
deleted file mode 100644
index 630d6d0dbe92..000000000000
--- a/tests/hwsim/test_ieee8021x.py
+++ /dev/null
@@ -1,531 +0,0 @@
-# IEEE 802.1X tests
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import hmac
-import logging
-import os
-import time
-
-import hostapd
-import hwsim_utils
-from utils import *
-from tshark import run_tshark
-
-logger = logging.getLogger()
-
-def test_ieee8021x_wep104(dev, apdev):
-    """IEEE 802.1X connection using dynamic WEP104"""
-    check_wep_capa(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-wep"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "13"
-    params["wep_key_len_unicast"] = "13"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
-                   identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ieee8021x_wep40(dev, apdev):
-    """IEEE 802.1X connection using dynamic WEP40"""
-    check_wep_capa(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-wep"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "5"
-    params["wep_key_len_unicast"] = "5"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
-                   identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ieee8021x_wep_index_workaround(dev, apdev):
-    """IEEE 802.1X and EAPOL-Key index workaround"""
-    check_wep_capa(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-wep"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "5"
-    params["eapol_key_index_workaround"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1",
-                   eap="PSK",
-                   identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-def test_ieee8021x_open(dev, apdev):
-    """IEEE 802.1X connection using open network"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    logger.info("Test EAPOL-Logoff")
-    dev[0].request("LOGOFF")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
-    if ev is None:
-        raise Exception("Did not get disconnected")
-    if "reason=23" not in ev:
-        raise Exception("Unexpected disconnection reason")
-
-    dev[0].request("LOGON")
-    dev[0].connect_network(id)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ieee8021x_static_wep40(dev, apdev):
-    """IEEE 802.1X connection using static WEP40"""
-    run_static_wep(dev, apdev, '"hello"')
-
-def test_ieee8021x_static_wep104(dev, apdev):
-    """IEEE 802.1X connection using static WEP104"""
-    run_static_wep(dev, apdev, '"hello-there-/"')
-
-def run_static_wep(dev, apdev, key):
-    check_wep_capa(dev[0])
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-wep"
-    params["ieee8021x"] = "1"
-    params["wep_key0"] = key
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
-                   identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   wep_key0=key, eapol_flags="0",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ieee8021x_proto(dev, apdev):
-    """IEEE 802.1X and EAPOL supplicant protocol testing"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[1].request("SET ext_eapol_frame_io 1")
-    dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412", wait_connect=False)
-    id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        scan_freq="2412")
-    ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-
-    start = dev[0].get_mib()
-
-    tests = ["11",
-             "11223344",
-             "020000050a93000501",
-             "020300050a93000501",
-             "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-             "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-             "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-             "02aa00050a93000501"]
-    for frame in tests:
-        res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
-        if "OK" not in res:
-            raise Exception("EAPOL_RX to wpa_supplicant failed")
-        dev[1].request("EAPOL_RX " + bssid + " " + frame)
-
-    stop = dev[0].get_mib()
-
-    logger.info("MIB before test frames: " + str(start))
-    logger.info("MIB after test frames: " + str(stop))
-
-    vals = ['dot1xSuppInvalidEapolFramesRx',
-            'dot1xSuppEapLengthErrorFramesRx']
-    for val in vals:
-        if int(stop[val]) <= int(start[val]):
-            raise Exception(val + " did not increase")
-
-@remote_compatible
-def test_ieee8021x_eapol_start(dev, apdev):
-    """IEEE 802.1X and EAPOL-Start retransmissions"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    addr0 = dev[0].own_addr()
-
-    hapd.set("ext_eapol_frame_io", "1")
-    try:
-        dev[0].request("SET EAPOL::startPeriod 1")
-        dev[0].request("SET EAPOL::maxStart 1")
-        dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                       eap="PSK", identity="psk.user@example.com",
-                       password_hex="0123456789abcdef0123456789abcdef",
-                       scan_freq="2412", wait_connect=False)
-        held = False
-        for i in range(30):
-            pae = dev[0].get_status_field('Supplicant PAE state')
-            if pae == "HELD":
-                mib = hapd.get_sta(addr0, info="eapol")
-                if mib['auth_pae_state'] != 'AUTHENTICATING':
-                    raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state'])
-                held = True
-                break
-            time.sleep(0.25)
-        if not held:
-            raise Exception("PAE state HELD not reached")
-        dev[0].wait_disconnected()
-    finally:
-        dev[0].request("SET EAPOL::startPeriod 30")
-        dev[0].request("SET EAPOL::maxStart 3")
-
-def test_ieee8021x_held(dev, apdev):
-    """IEEE 802.1X and HELD state"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    hapd.set("ext_eapol_frame_io", "1")
-    try:
-        dev[0].request("SET EAPOL::startPeriod 1")
-        dev[0].request("SET EAPOL::maxStart 0")
-        dev[0].request("SET EAPOL::heldPeriod 1")
-        dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                       eap="PSK", identity="psk.user@example.com",
-                       password_hex="0123456789abcdef0123456789abcdef",
-                       scan_freq="2412", wait_connect=False)
-        held = False
-        for i in range(30):
-            pae = dev[0].get_status_field('Supplicant PAE state')
-            if pae == "HELD":
-                held = True
-                break
-            time.sleep(0.25)
-        if not held:
-            raise Exception("PAE state HELD not reached")
-
-        hapd.set("ext_eapol_frame_io", "0")
-        for i in range(30):
-            pae = dev[0].get_status_field('Supplicant PAE state')
-            if pae != "HELD":
-                held = False
-                break
-            time.sleep(0.25)
-        if held:
-            raise Exception("PAE state HELD not left")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Connection timed out")
-        if "CTRL-EVENT-DISCONNECTED" in ev:
-            raise Exception("Unexpected disconnection")
-    finally:
-        dev[0].request("SET EAPOL::startPeriod 30")
-        dev[0].request("SET EAPOL::maxStart 3")
-        dev[0].request("SET EAPOL::heldPeriod 60")
-
-def test_ieee8021x_force_unauth(dev, apdev):
-    """IEEE 802.1X and FORCE_UNAUTH state"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    dev[0].request("SET EAPOL::portControl ForceUnauthorized")
-    pae = dev[0].get_status_field('Supplicant PAE state')
-    dev[0].wait_disconnected()
-    dev[0].request("SET EAPOL::portControl Auto")
-
-def send_eapol_key(dev, bssid, signkey, frame_start, frame_end):
-    zero_sign = "00000000000000000000000000000000"
-    frame = frame_start + zero_sign + frame_end
-    hmac_obj = hmac.new(binascii.unhexlify(signkey), digestmod='MD5')
-    hmac_obj.update(binascii.unhexlify(frame))
-    sign = hmac_obj.digest()
-    frame = frame_start + binascii.hexlify(sign).decode() + frame_end
-    dev.request("EAPOL_RX " + bssid + " " + frame)
-
-def test_ieee8021x_eapol_key(dev, apdev):
-    """IEEE 802.1X connection and EAPOL-Key protocol tests"""
-    check_wep_capa(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-wep"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "5"
-    params["wep_key_len_unicast"] = "5"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST",
-                   identity="vendor-test", scan_freq="2412")
-
-    # Hardcoded MSK from VENDOR-TEST
-    encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
-    signkey = "2222222222222222222222222222222222222222222222222222222222222222"
-
-    # EAPOL-Key replay counter does not increase
-    send_eapol_key(dev[0], bssid, signkey,
-                   "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
-                   "1c636a30a4")
-
-    # EAPOL-Key too large Key Length field value
-    send_eapol_key(dev[0], bssid, signkey,
-                   "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
-                   "1c636a30a4")
-
-    # EAPOL-Key too much key data
-    send_eapol_key(dev[0], bssid, signkey,
-                   "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
-                   33*"ff")
-
-    # EAPOL-Key too little key data
-    send_eapol_key(dev[0], bssid, signkey,
-                   "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
-                   "1c636a30")
-
-    # EAPOL-Key with no key data and too long WEP key length
-    send_eapol_key(dev[0], bssid, signkey,
-                   "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
-                   "")
-
-def test_ieee8021x_reauth(dev, apdev):
-    """IEEE 802.1X and EAPOL_REAUTH request"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ieee8021x_reauth_wep(dev, apdev, params):
-    """IEEE 802.1X and EAPOL_REAUTH request with WEP"""
-    check_wep_capa(dev[0])
-    logdir = params['logdir']
-
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "13"
-    params["wep_key_len_unicast"] = "13"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"),
-                     "llc.type == 0x888e", ["eapol.type", "eap.code"])
-    if out is None:
-        raise Exception("Could not find EAPOL frames in capture")
-    num_eapol_key = 0
-    num_eap_req = 0
-    num_eap_resp = 0
-    for line in out.splitlines():
-        vals = line.split()
-        if vals[0] == '3':
-            num_eapol_key += 1
-        if vals[0] == '0' and len(vals) == 2:
-            if vals[1] == '1':
-                num_eap_req += 1
-            elif vals[1] == '2':
-                num_eap_resp += 1
-    logger.info("num_eapol_key: %d" % num_eapol_key)
-    logger.info("num_eap_req: %d" % num_eap_req)
-    logger.info("num_eap_resp: %d" % num_eap_resp)
-    if num_eapol_key < 4:
-        raise Exception("Did not see four unencrypted EAPOL-Key frames")
-    if num_eap_req < 6:
-        raise Exception("Did not see six unencrypted EAP-Request frames")
-    if num_eap_resp < 6:
-        raise Exception("Did not see six unencrypted EAP-Response frames")
-
-def test_ieee8021x_set_conf(dev, apdev):
-    """IEEE 802.1X and EAPOL_SET command"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-    addr0 = dev[0].own_addr()
-    tests = ["EAPOL_SET 1",
-             "EAPOL_SET %sfoo bar" % addr0,
-             "EAPOL_SET %s foo" % addr0,
-             "EAPOL_SET %s foo bar" % addr0,
-             "EAPOL_SET %s AdminControlledDirections bar" % addr0,
-             "EAPOL_SET %s AdminControlledPortControl bar" % addr0,
-             "EAPOL_SET %s reAuthEnabled bar" % addr0,
-             "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0,
-             "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid EAPOL_SET command accepted: " + t)
-
-    tests = [("AdminControlledDirections", "adminControlledDirections", "In"),
-             ("AdminControlledDirections", "adminControlledDirections",
-              "Both"),
-             ("quietPeriod", "quietPeriod", "13"),
-             ("serverTimeout", "serverTimeout", "7"),
-             ("reAuthPeriod", "reAuthPeriod", "1234"),
-             ("reAuthEnabled", "reAuthEnabled", "FALSE"),
-             ("reAuthEnabled", "reAuthEnabled", "TRUE"),
-             ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"),
-             ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"),
-             ("AdminControlledPortControl", "portControl", "ForceAuthorized"),
-             ("AdminControlledPortControl", "portControl",
-              "ForceUnauthorized"),
-             ("AdminControlledPortControl", "portControl", "Auto")]
-    for param, mibparam, val in tests:
-        if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)):
-            raise Exception("Failed to set %s %s" % (param, val))
-        mib = hapd.get_sta(addr0, info="eapol")
-        if mib[mibparam] != val:
-            raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val))
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_ieee8021x_auth_awhile(dev, apdev):
-    """IEEE 802.1X and EAPOL Authenticator aWhile handling"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    params['auth_server_port'] = "18129"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    addr0 = dev[0].own_addr()
-
-    params = {}
-    params['ssid'] = 'as'
-    params['beacon_int'] = '2000'
-    params['radius_server_clients'] = 'auth_serv/radius_clients.conf'
-    params['radius_server_auth_port'] = '18129'
-    params['eap_server'] = '1'
-    params['eap_user_file'] = 'auth_serv/eap_user.conf'
-    params['ca_cert'] = 'auth_serv/ca.pem'
-    params['server_cert'] = 'auth_serv/server.pem'
-    params['private_key'] = 'auth_serv/server.key'
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hapd1.disable()
-    if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0):
-        raise Exception("Failed to set serverTimeout")
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-
-    for i in range(40):
-        mib = hapd.get_sta(addr0, info="eapol")
-        val = int(mib['aWhile'])
-        if val > 0:
-            break
-        time.sleep(1)
-    if val == 0:
-        raise Exception("aWhile did not increase")
-
-    hapd.dump_monitor()
-    for i in range(40):
-        mib = hapd.get_sta(addr0, info="eapol")
-        val = int(mib['aWhile'])
-        if val < 5:
-            break
-        time.sleep(1)
-    ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10)
-    if ev is None:
-        raise Exception("Authentication restart not seen")
-
-def test_ieee8021x_open_leap(dev, apdev):
-    """IEEE 802.1X connection with LEAP included in configuration"""
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-open"
-    params["ieee8021x"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="LEAP", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412", wait_connect=False)
-    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
-                   eap="PSK LEAP", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    ev = dev[1].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=5)
-    dev[1].request("DISCONNECT")
-
-def test_ieee8021x_and_wpa_enabled(dev, apdev):
-    """IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
-    check_wep_capa(dev[0])
-    skip_with_fips(dev[0])
-    params = hostapd.radius_params()
-    params["ssid"] = "ieee8021x-wep"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "13"
-    params["wep_key_len_unicast"] = "13"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK",
-                   identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
diff --git a/tests/hwsim/test_kernel.py b/tests/hwsim/test_kernel.py
deleted file mode 100644
index d0c4faec9da4..000000000000
--- a/tests/hwsim/test_kernel.py
+++ /dev/null
@@ -1,128 +0,0 @@
-# Test a few kernel bugs and functionality
-# Copyright (c) 2016, Intel Deutschland GmbH
-#
-# Author: Johannes Berg <johannes.berg@intel.com>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-import binascii
-import os
-import struct
-from test_wnm import expect_ack
-from tshark import run_tshark
-
-def _test_kernel_bss_leak(dev, apdev, deauth):
-    ssid = "test-bss-leak"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
-    while True:
-        pkt = hapd.mgmt_rx()
-        if not pkt:
-            raise Exception("MGMT RX wait timed out for auth frame")
-        if pkt['fc'] & 0xc:
-            continue
-        if pkt['subtype'] == 0: # assoc request
-            if deauth:
-                # return a deauth immediately
-                hapd.mgmt_tx({
-                    'fc': 0xc0,
-                    'sa': pkt['da'],
-                    'da': pkt['sa'],
-                    'bssid': pkt['bssid'],
-                    'payload': b'\x01\x00',
-                })
-            break
-        else:
-            hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % (
-                         binascii.hexlify(pkt['frame']).decode(), ))
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    hapd.request("STOP_AP")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    dev[0].flush_scan_cache(freq=5180)
-    res = dev[0].request("SCAN_RESULTS")
-    if len(res.splitlines()) > 1:
-        raise Exception("BSS entry should no longer be around")
-
-def test_kernel_bss_leak_deauth(dev, apdev):
-    """cfg80211/mac80211 BSS leak on deauthentication"""
-    return _test_kernel_bss_leak(dev, apdev, deauth=True)
-
-def test_kernel_bss_leak_timeout(dev, apdev):
-    """cfg80211/mac80211 BSS leak on timeout"""
-    return _test_kernel_bss_leak(dev, apdev, deauth=False)
-
-MGMT_SUBTYPE_ACTION = 13
-
-def expect_no_ack(hapd):
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Missing TX status")
-    if "ok=0" not in ev:
-        raise Exception("Action frame unexpectedly acknowledged")
-
-def test_kernel_unknown_action_frame_rejection_sta(dev, apdev, params):
-    """mac80211 and unknown Action frame rejection in STA mode"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unknown-action"})
-    dev[0].connect("unknown-action", key_mgmt="NONE", scan_freq="2412")
-    bssid = hapd.own_addr()
-    addr = dev[0].own_addr()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    # Unicast Action frame with unknown category (response expected)
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = addr
-    msg['sa'] = bssid
-    msg['bssid'] = bssid
-    msg['payload'] = struct.pack("<BB", 0x70, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    # Note: mac80211 does not allow group-addressed Action frames in unknown
-    # categories to be transmitted in AP mode, so for now, these steps are
-    # commented out.
-
-    # Multicast Action frame with unknown category (no response expected)
-    #msg['da'] = "01:ff:ff:ff:ff:ff"
-    #msg['payload'] = struct.pack("<BB", 0x71, 1)
-    #hapd.mgmt_tx(msg)
-    #expect_no_ack(hapd)
-
-    # Broadcast Action frame with unknown category (no response expected)
-    #msg['da'] = "ff:ff:ff:ff:ff:ff"
-    #msg['payload'] = struct.pack("<BB", 0x72, 2)
-    #hapd.mgmt_tx(msg)
-    #expect_no_ack(hapd)
-
-    # Unicast Action frame with error indication category (no response expected)
-    msg['da'] = addr
-    msg['payload'] = struct.pack("<BB", 0xf3, 3)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    # Unicast Action frame with unknown category (response expected)
-    msg['da'] = addr
-    msg['payload'] = struct.pack("<BB", 0x74, 4)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.sa == %s && wlan.fc.type_subtype == 0x0d" % addr,
-                     display=["wlan_mgt.fixed.category_code"])
-    res = out.splitlines()
-    categ = [int(x) for x in res]
-
-    if 0xf2 in categ or 0xf3 in categ:
-        raise Exception("Unexpected Action frame rejection: " + str(categ))
-    if 0xf0 not in categ or 0xf4 not in categ:
-        raise Exception("Action frame rejection missing: " + str(categ))
diff --git a/tests/hwsim/test_macsec.py b/tests/hwsim/test_macsec.py
deleted file mode 100644
index e521c6b3d337..000000000000
--- a/tests/hwsim/test_macsec.py
+++ /dev/null
@@ -1,890 +0,0 @@
-# Test cases for MACsec/MKA
-# Copyright (c) 2018-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import binascii
-import os
-import signal
-import subprocess
-import time
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-import hwsim_utils
-from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger
-from wlantest import WlantestCapture
-
-def cleanup_macsec():
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5', monitor=False)
-    wpas.interface_remove("veth0")
-    wpas.interface_remove("veth1")
-    del wpas
-    subprocess.call(["ip", "link", "del", "veth0"],
-                    stderr=open('/dev/null', 'w'))
-
-def test_macsec_psk(dev, apdev, params):
-    """MACsec PSK"""
-    try:
-        run_macsec_psk(dev, apdev, params, "macsec_psk")
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_mka_life_time(dev, apdev, params):
-    """MACsec PSK - MKA life time"""
-    try:
-        run_macsec_psk(dev, apdev, params, "macsec_psk_mka_life_time")
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5', monitor=False)
-        wpas.interface_remove("veth1")
-        del wpas
-        # Wait for live peer to be removed on veth0
-        time.sleep(6.1)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_integ_only(dev, apdev, params):
-    """MACsec PSK (integrity only)"""
-    try:
-        run_macsec_psk(dev, apdev, params, "macsec_psk_integ_only",
-                       integ_only=True)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_port(dev, apdev, params):
-    """MACsec PSK (port)"""
-    try:
-        run_macsec_psk(dev, apdev, params, "macsec_psk_port",
-                       port0=65534, port1=65534)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_different_ports(dev, apdev, params):
-    """MACsec PSK (different ports)"""
-    try:
-        run_macsec_psk(dev, apdev, params, "macsec_psk_different_ports",
-                       port0=2, port1=3)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_shorter_ckn(dev, apdev, params):
-    """MACsec PSK (shorter CKN)"""
-    try:
-        ckn = "11223344"
-        run_macsec_psk(dev, apdev, params, "macsec_psk_shorter_ckn",
-                       ckn0=ckn, ckn1=ckn)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_shorter_ckn2(dev, apdev, params):
-    """MACsec PSK (shorter CKN, unaligned)"""
-    try:
-        ckn = "112233"
-        run_macsec_psk(dev, apdev, params, "macsec_psk_shorter_ckn2",
-                       ckn0=ckn, ckn1=ckn)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_ckn_mismatch(dev, apdev, params):
-    """MACsec PSK (CKN mismatch)"""
-    try:
-        ckn0 = "11223344"
-        ckn1 = "1122334455667788"
-        run_macsec_psk(dev, apdev, params, "macsec_psk_ckn_mismatch",
-                       ckn0=ckn0, ckn1=ckn1, expect_failure=True)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_cak_mismatch(dev, apdev, params):
-    """MACsec PSK (CAK mismatch)"""
-    try:
-        cak0 = 16*"11"
-        cak1 = 16*"22"
-        run_macsec_psk(dev, apdev, params, "macsec_psk_cak_mismatch",
-                       cak0=cak0, cak1=cak1, expect_failure=True)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_256(dev, apdev, params):
-    """MACsec PSK with 256-bit keys"""
-    try:
-        cak = "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f"
-        run_macsec_psk(dev, apdev, params, "macsec_psk_256", cak0=cak, cak1=cak)
-    finally:
-        cleanup_macsec()
-
-def set_mka_psk_config(dev, mka_priority=None, integ_only=False, port=None,
-                       ckn=None, cak=None):
-    dev.set("eapol_version", "3")
-    dev.set("ap_scan", "0")
-    dev.set("fast_reauth", "1")
-
-    id = dev.add_network()
-    dev.set_network(id, "key_mgmt", "NONE")
-    if cak is None:
-        cak = "000102030405060708090a0b0c0d0e0f"
-    dev.set_network(id, "mka_cak", cak)
-    if ckn is None:
-        ckn = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
-    dev.set_network(id, "mka_ckn", ckn)
-    dev.set_network(id, "eapol_flags", "0")
-    dev.set_network(id, "macsec_policy", "1")
-    if integ_only:
-        dev.set_network(id, "macsec_integ_only", "1")
-    if mka_priority is not None:
-        dev.set_network(id, "mka_priority", str(mka_priority))
-    if port is not None:
-        dev.set_network(id, "macsec_port", str(port))
-
-    dev.select_network(id)
-
-def set_mka_eap_config(dev, mka_priority=None, integ_only=False, port=None):
-    dev.set("eapol_version", "3")
-    dev.set("ap_scan", "0")
-    dev.set("fast_reauth", "1")
-
-    id = dev.add_network()
-    dev.set_network(id, "key_mgmt", "NONE")
-    dev.set_network(id, "eapol_flags", "0")
-    dev.set_network(id, "macsec_policy", "1")
-    if integ_only:
-        dev.set_network(id, "macsec_integ_only", "1")
-    if mka_priority is not None:
-        dev.set_network(id, "mka_priority", str(mka_priority))
-    if port is not None:
-        dev.set_network(id, "macsec_port", str(port))
-
-    dev.set_network(id, "key_mgmt", "IEEE8021X")
-    dev.set_network(id, "eap", "TTLS")
-    dev.set_network_quoted(id, "ca_cert", "auth_serv/ca.pem")
-    dev.set_network_quoted(id, "phase2", "auth=MSCHAPV2")
-    dev.set_network_quoted(id, "anonymous_identity", "ttls")
-    dev.set_network_quoted(id, "identity", "DOMAIN\mschapv2 user")
-    dev.set_network_quoted(id, "password", "password")
-
-    dev.select_network(id)
-
-def log_ip_macsec():
-    cmd = subprocess.Popen(["ip", "macsec", "show"],
-                           stdout=subprocess.PIPE,
-                           stderr=open('/dev/null', 'w'))
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip macsec:\n" + res)
-
-def log_ip_link():
-    cmd = subprocess.Popen(["ip", "link", "show"],
-                           stdout=subprocess.PIPE)
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip link:\n" + res)
-
-def add_veth():
-    try:
-        subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
-                               "peer", "name", "veth1"])
-    except subprocess.CalledProcessError:
-        raise HwsimSkip("veth not supported (kernel CONFIG_VETH)")
-
-def add_wpas_interfaces(count=2):
-    wpa = []
-    try:
-        for i in range(count):
-            wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-            wpas.interface_add("veth%d" % i, driver="macsec_linux")
-            wpa.append(wpas)
-    except Exception as e:
-        if "Failed to add a dynamic wpa_supplicant interface" in str(e):
-            raise HwsimSkip("macsec supported (wpa_supplicant CONFIG_MACSEC, CONFIG_DRIVER_MACSEC_LINUX; kernel CONFIG_MACSEC)")
-        raise
-
-    return wpa
-
-def lower_addr(addr1, addr2):
-    a1 = addr1.split(':')
-    a2 = addr2.split(':')
-    for i in range(6):
-        if binascii.unhexlify(a1[i]) < binascii.unhexlify(a2[i]):
-            return True
-        if binascii.unhexlify(a1[i]) > binascii.unhexlify(a2[i]):
-            return False
-    return False
-
-def wait_mka_done(wpa, expect_failure=False, hostapd=False):
-    max_iter = 14 if expect_failure else 40
-    for i in range(max_iter):
-        done = True
-        for w in wpa:
-            secured = w.get_status_field("Secured")
-            live_peers = w.get_status_field("live_peers")
-            peers = int(live_peers) if live_peers else 0
-            if expect_failure and (secured == "Yes" or peers > 0):
-                raise Exception("MKA completed unexpectedly")
-            expect_peers = len(wpa) - 1
-            if hostapd:
-                expect_peers += 1
-            if peers != expect_peers or secured != "Yes":
-                done = False
-                break
-            w.dump_monitor()
-        if done:
-            break
-        time.sleep(0.5)
-
-    if expect_failure:
-        return
-
-    if not done:
-        raise Exception("MKA not completed successfully")
-
-    if hostapd:
-        # TODO: check that hostapd is the key server
-        return
-
-    key_server = None
-    ks_prio = 999
-    for w in wpa:
-        logger.info("%s STATUS:\n%s" % (w.ifname, w.request("STATUS")))
-        addr = w.get_status_field("address")
-        prio = int(w.get_status_field("Actor Priority"))
-        if key_server is None or prio < ks_prio or \
-           (prio == ks_prio and lower_addr(addr, ks_addr)):
-            key_server = w
-            ks_addr = addr
-            ks_prio = prio
-
-    logger.info("Expected key server: " + key_server.ifname)
-    if key_server.get_status_field("is_key_server") != "Yes":
-        raise Exception("Expected key server was not elected")
-    for w in wpa:
-        if w != key_server and w.get_status_field("is_key_server") == "Yes":
-            raise Exception("Unexpected key server")
-
-def run_macsec_psk(dev, apdev, params, prefix, integ_only=False, port0=None,
-                   port1=None, ckn0=None, ckn1=None, cak0=None, cak1=None,
-                   expect_failure=False):
-    add_veth()
-
-    cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
-    cap_veth1 = os.path.join(params['logdir'], prefix + ".veth1.pcap")
-    cap_macsec0 = os.path.join(params['logdir'], prefix + ".macsec0.pcap")
-    cap_macsec1 = os.path.join(params['logdir'], prefix + ".macsec1.pcap")
-
-    for i in range(2):
-        subprocess.check_call(["ip", "link", "set", "dev", "veth%d" % i, "up"])
-
-    cmd = {}
-    cmd[0] = WlantestCapture('veth0', cap_veth0)
-    cmd[1] = WlantestCapture('veth1', cap_veth1)
-
-    wpa = add_wpas_interfaces()
-    wpas0 = wpa[0]
-    wpas1 = wpa[1]
-
-    set_mka_psk_config(wpas0, integ_only=integ_only, port=port0, ckn=ckn0,
-                       cak=cak0)
-    set_mka_psk_config(wpas1, mka_priority=100, integ_only=integ_only,
-                       port=port1, ckn=ckn1, cak=cak1)
-
-    log_ip_macsec()
-    log_ip_link()
-
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
-    logger.info("wpas0 STATUS-DRIVER:\n" + wpas0.request("STATUS-DRIVER"))
-    logger.info("wpas1 STATUS-DRIVER:\n" + wpas1.request("STATUS-DRIVER"))
-    macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
-    macsec_ifname1 = wpas1.get_driver_status_field("parent_ifname")
-
-    wait_mka_done(wpa, expect_failure=expect_failure)
-
-    if expect_failure:
-        for i in range(len(cmd)):
-            cmd[i].close()
-        return
-
-    cmd[2] = WlantestCapture(macsec_ifname0, cap_macsec0)
-    cmd[3] = WlantestCapture(macsec_ifname1, cap_macsec1)
-    time.sleep(0.5)
-
-    mi0 = wpas0.get_status_field("mi")
-    mi1 = wpas1.get_status_field("mi")
-    sci0 = wpas0.get_status_field("actor_sci")
-    sci1 = wpas1.get_status_field("actor_sci")
-    logger.info("wpas0 MIB:\n" +  wpas0.request("MIB"))
-    logger.info("wpas1 MIB:\n" +  wpas1.request("MIB"))
-    mib0 = wpas0.get_mib()
-    mib1 = wpas1.get_mib()
-
-    if mib0['ieee8021XKayMkaPeerListMI'] != mi1:
-        raise Exception("Unexpected ieee8021XKayMkaPeerListMI value (0)")
-    if mib0['ieee8021XKayMkaPeerListType'] != "1":
-        raise Exception("Unexpected ieee8021XKayMkaPeerListType value (0)")
-    if mib0['ieee8021XKayMkaPeerListSCI'] != sci1:
-        raise Exception("Unexpected ieee8021XKayMkaPeerListSCI value (0)")
-    if mib1['ieee8021XKayMkaPeerListMI'] != mi0:
-        raise Exception("Unexpected ieee8021XKayMkaPeerListMI value (1)")
-    if mib1['ieee8021XKayMkaPeerListType'] != "1":
-        raise Exception("Unexpected ieee8021XKayMkaPeerListType value (1)")
-    if mib1['ieee8021XKayMkaPeerListSCI'] != sci0:
-        raise Exception("Unexpected ieee8021XKayMkaPeerListSCI value (1)")
-
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
-    log_ip_macsec()
-    hwsim_utils.test_connectivity(wpas0, wpas1,
-                                  ifname1=macsec_ifname0,
-                                  ifname2=macsec_ifname1,
-                                  send_len=1400)
-    log_ip_macsec()
-
-    time.sleep(1)
-    for i in range(len(cmd)):
-        cmd[i].close()
-
-def cleanup_macsec_br(count):
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5', monitor=False)
-    for i in range(count):
-        wpas.interface_remove("veth%d" % i)
-        subprocess.call(["ip", "link", "del", "veth%d" % i],
-                        stderr=open('/dev/null', 'w'))
-    del wpas
-    subprocess.call(["ip", "link", "set", "brveth", "down"])
-    subprocess.call(["brctl", "delbr", "brveth"])
-
-def test_macsec_psk_br2(dev, apdev):
-    """MACsec PSK (bridge; 2 devices)"""
-    try:
-        run_macsec_psk_br(dev, apdev, 2, [10, 20])
-    finally:
-        cleanup_macsec_br(count=2)
-
-def test_macsec_psk_br2_same_prio(dev, apdev):
-    """MACsec PSK (bridge; 2 devices, same mka_priority)"""
-    try:
-        run_macsec_psk_br(dev, apdev, 2, [None, None])
-    finally:
-        cleanup_macsec_br(count=2)
-
-def test_macsec_psk_br3(dev, apdev):
-    """MACsec PSK (bridge; 3 devices)"""
-    try:
-        run_macsec_psk_br(dev, apdev, 3, [10, 20, 30])
-    finally:
-        cleanup_macsec_br(count=3)
-
-def test_macsec_psk_br3_same_prio(dev, apdev):
-    """MACsec PSK (bridge; 3 devices, same mka_priority)"""
-    try:
-        run_macsec_psk_br(dev, apdev, 3, [None, None, None])
-    finally:
-        cleanup_macsec_br(count=3)
-
-def run_macsec_psk_br(dev, apdev, count, mka_priority):
-    subprocess.check_call(["brctl", "addbr", "brveth"])
-    subprocess.call(["echo 8 > /sys/devices/virtual/net/brveth/bridge/group_fwd_mask"],
-                    shell=True)
-
-    try:
-        for i in range(count):
-            subprocess.check_call(["ip", "link", "add", "veth%d" % i,
-                                   "type", "veth",
-                                   "peer", "name", "vethbr%d" % i])
-            subprocess.check_call(["ip", "link", "set", "vethbr%d" % i, "up"])
-            subprocess.check_call(["brctl", "addif", "brveth",
-                                   "vethbr%d" % i])
-    except subprocess.CalledProcessError:
-        raise HwsimSkip("veth not supported (kernel CONFIG_VETH)")
-
-    subprocess.check_call(["ip", "link", "set", "brveth", "up"])
-
-    log_ip_link()
-
-    wpa = add_wpas_interfaces(count=count)
-    for i in range(count):
-        set_mka_psk_config(wpa[i], mka_priority=mka_priority[i])
-        wpa[i].dump_monitor()
-    wait_mka_done(wpa)
-
-    macsec_ifname = []
-    for i in range(count):
-        macsec_ifname.append(wpa[i].get_driver_status_field("parent_ifname"))
-
-    timeout = 2
-    max_tries = 2 if count > 2 else 1
-    success_seen = False
-    failure_seen = False
-    for i in range(1, count):
-        try:
-            hwsim_utils.test_connectivity(wpa[0], wpa[i],
-                                          ifname1=macsec_ifname[0],
-                                          ifname2=macsec_ifname[i],
-                                          send_len=1400,
-                                          timeout=timeout, max_tries=max_tries)
-            success_seen = True
-            logger.info("Traffic test %d<->%d success" % (0, i))
-        except:
-            failure_seen = True
-            logger.info("Traffic test %d<->%d failure" % (0, i))
-    for i in range(2, count):
-        try:
-            hwsim_utils.test_connectivity(wpa[1], wpa[i],
-                                          ifname1=macsec_ifname[1],
-                                          ifname2=macsec_ifname[i],
-                                          send_len=1400,
-                                          timeout=timeout, max_tries=max_tries)
-            success_seen = True
-            logger.info("Traffic test %d<->%d success" % (1, i))
-        except:
-            failure_seen = True
-            logger.info("Traffic test %d<->%d failure" % (1, i))
-
-    if not success_seen:
-        raise Exception("None of the data traffic tests succeeded")
-
-    # Something seems to be failing with three device tests semi-regularly, so
-    # do not report this as a failed test case until the real reason behind
-    # those failures have been determined.
-    if failure_seen:
-        if count < 3:
-            raise Exception("Data traffic test failed")
-        else:
-            logger.info("Data traffic test failed - ignore for now for >= 3 device cases")
-
-    for i in range(count):
-        wpa[i].close_monitor()
-    for i in range(count):
-        wpa[0].close_control()
-        del wpa[0]
-
-def test_macsec_psk_ns(dev, apdev, params):
-    """MACsec PSK (netns)"""
-    try:
-        run_macsec_psk_ns(dev, apdev, params)
-    finally:
-        prefix = "macsec_psk_ns"
-        pidfile = os.path.join(params['logdir'], prefix + ".pid")
-        for i in range(2):
-            was_running = False
-            if os.path.exists(pidfile + str(i)):
-                with open(pidfile + str(i), 'r') as f:
-                    pid = int(f.read().strip())
-                    logger.info("wpa_supplicant for wpas%d still running with pid %d - kill it" % (i, pid))
-                    was_running = True
-                    os.kill(pid, signal.SIGTERM)
-            if was_running:
-                time.sleep(1)
-
-        subprocess.call(["ip", "netns", "exec", "ns0",
-                         "ip", "link", "del", "veth0"],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(["ip", "link", "del", "veth0"],
-                        stderr=open('/dev/null', 'w'))
-        log_ip_link_ns()
-        subprocess.call(["ip", "netns", "delete", "ns0"],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(["ip", "netns", "delete", "ns1"],
-                        stderr=open('/dev/null', 'w'))
-
-def log_ip_macsec_ns():
-    cmd = subprocess.Popen(["ip", "macsec", "show"],
-                           stdout=subprocess.PIPE,
-                           stderr=open('/dev/null', 'w'))
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip macsec show:\n" + res)
-
-    cmd = subprocess.Popen(["ip", "netns", "exec", "ns0",
-                            "ip", "macsec", "show"],
-                           stdout=subprocess.PIPE,
-                           stderr=open('/dev/null', 'w'))
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip macsec show (ns0):\n" + res)
-
-    cmd = subprocess.Popen(["ip", "netns", "exec", "ns1",
-                            "ip", "macsec", "show"],
-                           stdout=subprocess.PIPE,
-                           stderr=open('/dev/null', 'w'))
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip macsec show (ns1):\n" + res)
-
-def log_ip_link_ns():
-    cmd = subprocess.Popen(["ip", "link", "show"],
-                           stdout=subprocess.PIPE)
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip link:\n" + res)
-
-    cmd = subprocess.Popen(["ip", "netns", "exec", "ns0",
-                            "ip", "link", "show"],
-                           stdout=subprocess.PIPE,
-                           stderr=open('/dev/null', 'w'))
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip link show (ns0):\n" + res)
-
-    cmd = subprocess.Popen(["ip", "netns", "exec", "ns1",
-                            "ip", "link", "show"],
-                           stdout=subprocess.PIPE,
-                           stderr=open('/dev/null', 'w'))
-    res = cmd.stdout.read().decode()
-    cmd.stdout.close()
-    logger.info("ip link show (ns1):\n" + res)
-
-def write_conf(conffile, mka_priority=None):
-    with open(conffile, 'w') as f:
-        f.write("ctrl_interface=DIR=/var/run/wpa_supplicant\n")
-        f.write("eapol_version=3\n")
-        f.write("ap_scan=0\n")
-        f.write("fast_reauth=1\n")
-        f.write("network={\n")
-        f.write("   key_mgmt=NONE\n")
-        f.write("   mka_cak=000102030405060708090a0b0c0d0e0f\n")
-        f.write("   mka_ckn=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f\n")
-        if mka_priority is not None:
-            f.write("   mka_priority=%d\n" % mka_priority)
-        f.write("   eapol_flags=0\n")
-        f.write("   macsec_policy=1\n")
-        f.write("}\n")
-
-def run_macsec_psk_ns(dev, apdev, params):
-    try:
-        subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
-                               "peer", "name", "veth1"])
-    except subprocess.CalledProcessError:
-        raise HwsimSkip("veth not supported (kernel CONFIG_VETH)")
-
-    prefix = "macsec_psk_ns"
-    conffile = os.path.join(params['logdir'], prefix + ".conf")
-    pidfile = os.path.join(params['logdir'], prefix + ".pid")
-    logfile0 = os.path.join(params['logdir'], prefix + ".veth0.log")
-    logfile1 = os.path.join(params['logdir'], prefix + ".veth1.log")
-    cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
-    cap_veth1 = os.path.join(params['logdir'], prefix + ".veth1.pcap")
-    cap_macsec0 = os.path.join(params['logdir'], prefix + ".macsec0.pcap")
-    cap_macsec1 = os.path.join(params['logdir'], prefix + ".macsec1.pcap")
-
-    for i in range(2):
-        try:
-            subprocess.check_call(["ip", "netns", "add", "ns%d" % i])
-        except subprocess.CalledProcessError:
-            raise HwsimSkip("network namespace not supported (kernel CONFIG_NAMESPACES, CONFIG_NET_NS)")
-        subprocess.check_call(["ip", "link", "set", "veth%d" % i,
-                               "netns", "ns%d" %i])
-        subprocess.check_call(["ip", "netns", "exec", "ns%d" % i,
-                               "ip", "link", "set", "dev", "veth%d" % i,
-                               "up"])
-
-    cmd = {}
-    cmd[0] = WlantestCapture('veth0', cap_veth0, netns='ns0')
-    cmd[1] = WlantestCapture('veth1', cap_veth1, netns='ns1')
-
-    write_conf(conffile + '0')
-    write_conf(conffile + '1', mka_priority=100)
-
-    prg = os.path.join(params['logdir'],
-                       'alt-wpa_supplicant/wpa_supplicant/wpa_supplicant')
-    if not os.path.exists(prg):
-        prg = '../../wpa_supplicant/wpa_supplicant'
-
-    arg = ["ip", "netns", "exec", "ns0",
-           prg, '-BdddtKW', '-P', pidfile + '0', '-f', logfile0,
-           '-g', '/tmp/wpas-veth0',
-           '-Dmacsec_linux', '-c', conffile + '0', '-i', "veth0"]
-    logger.info("Start wpa_supplicant: " + str(arg))
-    try:
-        subprocess.check_call(arg)
-    except subprocess.CalledProcessError:
-        raise HwsimSkip("macsec supported (wpa_supplicant CONFIG_MACSEC, CONFIG_DRIVER_MACSEC_LINUX; kernel CONFIG_MACSEC)")
-
-    if os.path.exists("wpa_supplicant-macsec2"):
-        logger.info("Use alternative wpa_supplicant binary for one of the macsec devices")
-        prg = "wpa_supplicant-macsec2"
-
-    arg = ["ip", "netns", "exec", "ns1",
-           prg, '-BdddtKW', '-P', pidfile + '1', '-f', logfile1,
-           '-g', '/tmp/wpas-veth1',
-           '-Dmacsec_linux', '-c', conffile + '1', '-i', "veth1"]
-    logger.info("Start wpa_supplicant: " + str(arg))
-    subprocess.check_call(arg)
-
-    wpas0 = WpaSupplicant('veth0', '/tmp/wpas-veth0')
-    wpas1 = WpaSupplicant('veth1', '/tmp/wpas-veth1')
-
-    log_ip_macsec_ns()
-    log_ip_link_ns()
-
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
-    logger.info("wpas0 STATUS-DRIVER:\n" + wpas0.request("STATUS-DRIVER"))
-    logger.info("wpas1 STATUS-DRIVER:\n" + wpas1.request("STATUS-DRIVER"))
-
-    for i in range(10):
-        macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
-        macsec_ifname1 = wpas1.get_driver_status_field("parent_ifname")
-        if "Number of Keys" in wpas0.request("STATUS"):
-            key_tx0 = int(wpas0.get_status_field("Number of Keys Distributed"))
-            key_rx0 = int(wpas0.get_status_field("Number of Keys Received"))
-        else:
-            key_tx0 = 0
-            key_rx0 = 0
-        if "Number of Keys" in wpas1.request("STATUS"):
-            key_tx1 = int(wpas1.get_status_field("Number of Keys Distributed"))
-            key_rx1 = int(wpas1.get_status_field("Number of Keys Received"))
-        else:
-            key_tx1 = 0
-            key_rx1 = 0
-        if key_rx0 > 0 and key_tx1 > 0:
-            break
-        time.sleep(1)
-
-    cmd[2] = WlantestCapture(macsec_ifname0, cap_macsec0, netns='ns0')
-    cmd[3] = WlantestCapture(macsec_ifname1, cap_macsec1, netns='ns0')
-    time.sleep(0.5)
-
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
-    log_ip_macsec_ns()
-    hwsim_utils.test_connectivity(wpas0, wpas1,
-                                  ifname1=macsec_ifname0,
-                                  ifname2=macsec_ifname1,
-                                  send_len=1400)
-    log_ip_macsec_ns()
-
-    subprocess.check_call(['ip', 'netns', 'exec', 'ns0',
-                           'ip', 'addr', 'add', '192.168.248.17/30',
-                           'dev', macsec_ifname0])
-    subprocess.check_call(['ip', 'netns', 'exec', 'ns1',
-                           'ip', 'addr', 'add', '192.168.248.18/30',
-                           'dev', macsec_ifname1])
-    c = subprocess.Popen(['ip', 'netns', 'exec', 'ns0',
-                          'ping', '-c', '2', '192.168.248.18'],
-                         stdout=subprocess.PIPE)
-    res = c.stdout.read().decode()
-    c.stdout.close()
-    logger.info("ping:\n" + res)
-    if "2 packets transmitted, 2 received" not in res:
-        raise Exception("ping did not work")
-
-    wpas0.close_monitor()
-    wpas0.request("TERMINATE")
-    wpas0.close_control()
-    del wpas0
-    wpas1.close_monitor()
-    wpas1.request("TERMINATE")
-    wpas1.close_control()
-    del wpas1
-
-    time.sleep(1)
-    for i in range(len(cmd)):
-        cmd[i].close()
-
-def test_macsec_psk_fail_cp(dev, apdev):
-    """MACsec PSK local failures in CP state machine"""
-    try:
-        add_veth()
-        wpa = add_wpas_interfaces()
-        set_mka_psk_config(wpa[0])
-        with alloc_fail(wpa[0], 1, "sm_CP_RECEIVE_Enter"):
-            set_mka_psk_config(wpa[1])
-            wait_fail_trigger(wpa[0], "GET_ALLOC_FAIL", max_iter=100)
-
-        wait_mka_done(wpa)
-    finally:
-        cleanup_macsec()
-
-def test_macsec_psk_fail_cp2(dev, apdev):
-    """MACsec PSK local failures in CP state machine (2)"""
-    try:
-        add_veth()
-        wpa = add_wpas_interfaces()
-        set_mka_psk_config(wpa[0])
-        with alloc_fail(wpa[1], 1, "ieee802_1x_cp_sm_init"):
-            set_mka_psk_config(wpa[1])
-            wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100)
-
-        wait_mka_done(wpa)
-    finally:
-        cleanup_macsec()
-
-def cleanup_macsec_hostapd():
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5', monitor=False)
-    wpas.interface_remove("veth0")
-    del wpas
-    hapd = hostapd.HostapdGlobal()
-    hapd.remove('veth1')
-    subprocess.call(["ip", "link", "del", "veth0"],
-                    stderr=open('/dev/null', 'w'))
-    log_ip_link()
-
-def test_macsec_hostapd_psk(dev, apdev, params):
-    """MACsec PSK with hostapd"""
-    try:
-        run_macsec_hostapd_psk(dev, apdev, params, "macsec_hostapd_psk")
-    finally:
-        cleanup_macsec_hostapd()
-
-def run_macsec_hostapd_psk(dev, apdev, params, prefix, integ_only=False,
-                           port0=None, port1=None, ckn0=None, ckn1=None,
-                           cak0=None, cak1=None, expect_failure=False):
-    add_veth()
-
-    cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
-    cap_veth1 = os.path.join(params['logdir'], prefix + ".veth1.pcap")
-    cap_macsec0 = os.path.join(params['logdir'], prefix + ".macsec0.pcap")
-    cap_macsec1 = os.path.join(params['logdir'], prefix + ".macsec1.pcap")
-
-    for i in range(2):
-        subprocess.check_call(["ip", "link", "set", "dev", "veth%d" % i, "up"])
-
-    cmd = {}
-    cmd[0] = WlantestCapture('veth0', cap_veth0)
-    cmd[1] = WlantestCapture('veth1', cap_veth1)
-
-    wpa = add_wpas_interfaces(count=1)
-    wpas0 = wpa[0]
-
-    set_mka_psk_config(wpas0, integ_only=integ_only, port=port0, ckn=ckn0,
-                       cak=cak0, mka_priority=100)
-
-    if cak1 is None:
-        cak1 = "000102030405060708090a0b0c0d0e0f"
-    if ckn1 is None:
-        ckn1 = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
-    params = {"driver": "macsec_linux",
-              "interface": "veth1",
-              "eapol_version": "3",
-              "mka_cak": cak1,
-              "mka_ckn": ckn1,
-              "macsec_policy": "1",
-              "mka_priority": "1"}
-    if integ_only:
-        params["macsec_integ_only"] = "1"
-    if port1 is not None:
-        params["macsec_port"] = str(port1)
-    apdev = {'ifname': 'veth1'}
-    try:
-        hapd = hostapd.add_ap(apdev, params, driver="macsec_linux")
-    except:
-        raise HwsimSkip("No CONFIG_MACSEC=y in hostapd")
-
-    log_ip_macsec()
-    log_ip_link()
-
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    logger.info("wpas0 STATUS-DRIVER:\n" + wpas0.request("STATUS-DRIVER"))
-
-    wait_mka_done(wpa, expect_failure=expect_failure, hostapd=True)
-    log_ip_link()
-
-    if expect_failure:
-        for i in range(len(cmd)):
-            cmd[i].close()
-        return
-
-    macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
-    macsec_ifname1 = hapd.get_driver_status_field("parent_ifname")
-
-    cmd[2] = WlantestCapture(macsec_ifname0, cap_macsec0)
-    cmd[3] = WlantestCapture(macsec_ifname1, cap_macsec1)
-    time.sleep(0.5)
-
-    logger.info("wpas0 MIB:\n" +  wpas0.request("MIB"))
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    log_ip_macsec()
-    hwsim_utils.test_connectivity(wpas0, hapd,
-                                  ifname1=macsec_ifname0,
-                                  ifname2=macsec_ifname1,
-                                  send_len=1400)
-    log_ip_macsec()
-
-    time.sleep(1)
-    for i in range(len(cmd)):
-        cmd[i].close()
-
-def test_macsec_hostapd_eap(dev, apdev, params):
-    """MACsec EAP with hostapd"""
-    try:
-        run_macsec_hostapd_eap(dev, apdev, params, "macsec_hostapd_eap")
-    finally:
-        cleanup_macsec_hostapd()
-
-def run_macsec_hostapd_eap(dev, apdev, params, prefix, integ_only=False,
-                           port0=None, port1=None, expect_failure=False):
-    add_veth()
-
-    cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
-    cap_veth1 = os.path.join(params['logdir'], prefix + ".veth1.pcap")
-    cap_macsec0 = os.path.join(params['logdir'], prefix + ".macsec0.pcap")
-    cap_macsec1 = os.path.join(params['logdir'], prefix + ".macsec1.pcap")
-
-    for i in range(2):
-        subprocess.check_call(["ip", "link", "set", "dev", "veth%d" % i, "up"])
-
-    cmd = {}
-    cmd[0] = WlantestCapture('veth0', cap_veth0)
-    cmd[1] = WlantestCapture('veth1', cap_veth1)
-
-    wpa = add_wpas_interfaces(count=1)
-    wpas0 = wpa[0]
-
-    set_mka_eap_config(wpas0, integ_only=integ_only, port=port0,
-                       mka_priority=100)
-
-    params = {"driver": "macsec_linux",
-              "interface": "veth1",
-              "eapol_version": "3",
-              "macsec_policy": "1",
-              "mka_priority": "1",
-              "ieee8021x": "1",
-              "auth_server_addr": "127.0.0.1",
-              "auth_server_port": "1812",
-              "auth_server_shared_secret": "radius",
-              "nas_identifier": "nas.w1.fi"}
-    if integ_only:
-        params["macsec_integ_only"] = "1"
-    if port1 is not None:
-        params["macsec_port"] = str(port1)
-    apdev = {'ifname': 'veth1'}
-    try:
-        hapd = hostapd.add_ap(apdev, params, driver="macsec_linux")
-    except:
-        raise HwsimSkip("No CONFIG_MACSEC=y in hostapd")
-
-    log_ip_macsec()
-    log_ip_link()
-
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    logger.info("wpas0 STATUS-DRIVER:\n" + wpas0.request("STATUS-DRIVER"))
-
-    wait_mka_done(wpa, expect_failure=expect_failure, hostapd=True)
-    log_ip_link()
-
-    if expect_failure:
-        for i in range(len(cmd)):
-            cmd[i].close()
-        return
-
-    macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
-    macsec_ifname1 = hapd.get_driver_status_field("parent_ifname")
-
-    cmd[2] = WlantestCapture(macsec_ifname0, cap_macsec0)
-    cmd[3] = WlantestCapture(macsec_ifname1, cap_macsec1)
-    time.sleep(0.5)
-
-    logger.info("wpas0 MIB:\n" +  wpas0.request("MIB"))
-    logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
-    log_ip_macsec()
-    hwsim_utils.test_connectivity(wpas0, hapd,
-                                  ifname1=macsec_ifname0,
-                                  ifname2=macsec_ifname1,
-                                  send_len=1400)
-    log_ip_macsec()
-
-    time.sleep(1)
-    for i in range(len(cmd)):
-        cmd[i].close()
diff --git a/tests/hwsim/test_mbo.py b/tests/hwsim/test_mbo.py
deleted file mode 100644
index d4426ac4be50..000000000000
--- a/tests/hwsim/test_mbo.py
+++ /dev/null
@@ -1,613 +0,0 @@
-# MBO tests
-# Copyright (c) 2016, Intel Deutschland GmbH
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-
-import hostapd
-import os
-import time
-
-import hostapd
-from tshark import run_tshark
-from utils import *
-
-def set_reg(country_code, apdev0=None, apdev1=None, dev0=None):
-    if apdev0:
-        hostapd.cmd_execute(apdev0, ['iw', 'reg', 'set', country_code])
-    if apdev1:
-        hostapd.cmd_execute(apdev1, ['iw', 'reg', 'set', country_code])
-    if dev0:
-        dev0.cmd_execute(['iw', 'reg', 'set', country_code])
-
-def run_mbo_supp_oper_classes(dev, apdev, hapd, hapd2, country, freq_list=None,
-                              disable_ht=False, disable_vht=False):
-    """MBO and supported operating classes"""
-    addr = dev[0].own_addr()
-
-    res2 = None
-    res5 = None
-
-    dev[0].flush_scan_cache()
-    dev[0].dump_monitor()
-
-    logger.info("Country: " + country)
-    dev[0].note("Setting country code " + country)
-    set_reg(country, apdev[0], apdev[1], dev[0])
-    for j in range(5):
-        ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-        if ev is None:
-            raise Exception("No regdom change event")
-        if "alpha2=" + country in ev:
-            break
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[2].dump_monitor()
-    _disable_ht = "1" if disable_ht else "0"
-    _disable_vht = "1" if disable_vht else "0"
-    if hapd:
-        hapd.set("country_code", country)
-        hapd.enable()
-        dev[0].scan_for_bss(hapd.own_addr(), 5180, force_scan=True)
-        dev[0].connect("test-wnm-mbo", key_mgmt="NONE", scan_freq="5180",
-                       freq_list=freq_list, disable_ht=_disable_ht,
-                       disable_vht=_disable_vht)
-        sta = hapd.get_sta(addr)
-        res5 = sta['supp_op_classes'][2:]
-        dev[0].wait_regdom(country_ie=True)
-        time.sleep(0.1)
-        hapd.disable()
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].request("ABORT_SCAN")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-    hapd2.set("country_code", country)
-    hapd2.enable()
-    dev[0].scan_for_bss(hapd2.own_addr(), 2412, force_scan=True)
-    dev[0].connect("test-wnm-mbo-2", key_mgmt="NONE", scan_freq="2412",
-                   freq_list=freq_list, disable_ht=_disable_ht,
-                   disable_vht=_disable_vht)
-    sta = hapd2.get_sta(addr)
-    res2 = sta['supp_op_classes'][2:]
-    dev[0].wait_regdom(country_ie=True)
-    time.sleep(0.1)
-    hapd2.disable()
-    time.sleep(0.1)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].request("ABORT_SCAN")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    return res2, res5
-
-def run_mbo_supp_oper_class(dev, apdev, country, expected, inc5,
-                            freq_list=None, disable_ht=False,
-                            disable_vht=False):
-    if inc5:
-        params = {'ssid': "test-wnm-mbo",
-                  'mbo': '1',
-                  "country_code": "US",
-                  'ieee80211d': '1',
-                  "ieee80211n": "1",
-                  "hw_mode": "a",
-                  "channel": "36"}
-        hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    else:
-        hapd = None
-
-    params = {'ssid': "test-wnm-mbo-2",
-              'mbo': '1',
-              "country_code": "US",
-              'ieee80211d': '1',
-              "ieee80211n": "1",
-              "hw_mode": "g",
-              "channel": "1"}
-    hapd2 = hostapd.add_ap(apdev[1], params, no_enable=True)
-
-    try:
-        dev[0].request("STA_AUTOCONNECT 0")
-        res2, res5 = run_mbo_supp_oper_classes(dev, apdev, hapd, hapd2, country,
-                                               freq_list=freq_list,
-                                               disable_ht=disable_ht,
-                                               disable_vht=disable_vht)
-    finally:
-        dev[0].dump_monitor()
-        dev[0].request("STA_AUTOCONNECT 1")
-        wait_regdom_changes(dev[0])
-        country1 = dev[0].get_driver_status_field("country")
-        logger.info("Country code at the end (1): " + country1)
-        set_reg("00", apdev[0], apdev[1], dev[0])
-        country2 = dev[0].get_driver_status_field("country")
-        logger.info("Country code at the end (2): " + country2)
-        for i in range(5):
-            ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-            if ev is None or "init=USER type=WORLD" in ev:
-                break
-        wait_regdom_changes(dev[0])
-        country3 = dev[0].get_driver_status_field("country")
-        logger.info("Country code at the end (3): " + country3)
-        if country3 != "00":
-            clear_country(dev)
-
-    # For now, allow operating class 129 to be missing since not all
-    # installed regdb files include the 160 MHz channels.
-    expected2 = expected.replace('808182', '8082')
-    # For now, allow operating classes 121-123 to be missing since not all
-    # installed regdb files include the related US DFS channels.
-    expected2 = expected2.replace('78797a7b7c', '787c')
-    expected3 = expected
-    # For now, allow operating classes 124-127 to be missing for Finland
-    # since they were added only recently in regdb.
-    if country == "FI":
-        expected3 = expected3.replace("7b7c7d7e7f80", "7b80")
-    if res2 != expected and res2 != expected2 and res2 != expected3:
-        raise Exception("Unexpected supp_op_class string (country=%s, 2.4 GHz): %s (expected: %s)" % (country, res2, expected))
-    if inc5 and res5 != expected and res5 != expected2 and res5 != expected3:
-        raise Exception("Unexpected supp_op_class string (country=%s, 5 GHz): %s (expected: %s)" % (country, res5, expected))
-
-def test_mbo_supp_oper_classes_za(dev, apdev):
-    """MBO and supported operating classes (ZA)"""
-    run_mbo_supp_oper_class(dev, apdev, "ZA",
-                            "515354737475767778797a7b808182", True)
-
-def test_mbo_supp_oper_classes_fi(dev, apdev):
-    """MBO and supported operating classes (FI)"""
-    run_mbo_supp_oper_class(dev, apdev, "FI",
-                            "515354737475767778797a7b7c7d7e7f808182", True)
-
-def test_mbo_supp_oper_classes_us(dev, apdev):
-    """MBO and supported operating classes (US)"""
-    run_mbo_supp_oper_class(dev, apdev, "US",
-                            "515354737475767778797a7b7c7d7e7f808182", True)
-
-def test_mbo_supp_oper_classes_jp(dev, apdev):
-    """MBO and supported operating classes (JP)"""
-    run_mbo_supp_oper_class(dev, apdev, "JP",
-                            "51525354737475767778797a7b808182", True)
-
-def test_mbo_supp_oper_classes_bd(dev, apdev):
-    """MBO and supported operating classes (BD)"""
-    run_mbo_supp_oper_class(dev, apdev, "BD",
-                            "5153547c7d7e7f80", False)
-
-def test_mbo_supp_oper_classes_sy(dev, apdev):
-    """MBO and supported operating classes (SY)"""
-    run_mbo_supp_oper_class(dev, apdev, "SY",
-                            "515354", False)
-
-def test_mbo_supp_oper_classes_us_freq_list(dev, apdev):
-    """MBO and supported operating classes (US) - freq_list"""
-    run_mbo_supp_oper_class(dev, apdev, "US", "515354", False,
-                            freq_list="2412 2437 2462")
-
-def test_mbo_supp_oper_classes_us_disable_ht(dev, apdev):
-    """MBO and supported operating classes (US) - disable_ht"""
-    run_mbo_supp_oper_class(dev, apdev, "US", "517376797c7d", False,
-                            disable_ht=True)
-
-def test_mbo_supp_oper_classes_us_disable_vht(dev, apdev):
-    """MBO and supported operating classes (US) - disable_vht"""
-    run_mbo_supp_oper_class(dev, apdev, "US",
-                            "515354737475767778797a7b7c7d7e7f", False,
-                            disable_vht=True)
-
-def test_mbo_assoc_disallow(dev, apdev, params):
-    """MBO and association disallowed"""
-    hapd1 = hostapd.add_ap(apdev[0], {"ssid": "MBO", "mbo": "1"})
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "MBO", "mbo": "1"})
-
-    logger.debug("Set mbo_assoc_disallow with invalid value")
-    if "FAIL" not in hapd1.request("SET mbo_assoc_disallow 6"):
-        raise Exception("Set mbo_assoc_disallow for AP1 succeeded unexpectedly with value 6")
-
-    logger.debug("Disallow associations to AP1 and allow association to AP2")
-    if "OK" not in hapd1.request("SET mbo_assoc_disallow 1"):
-        raise Exception("Failed to set mbo_assoc_disallow for AP1")
-    if "OK" not in hapd2.request("SET mbo_assoc_disallow 0"):
-        raise Exception("Failed to set mbo_assoc_disallow for AP2")
-
-    dev[0].connect("MBO", key_mgmt="NONE", scan_freq="2412")
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type == 0 && wlan.fc.type_subtype == 0x00",
-                     wait=False)
-    if "Destination address: " + hapd1.own_addr() in out:
-        raise Exception("Association request sent to disallowed AP")
-
-    timestamp = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                           "wlan.fc.type_subtype == 0x00",
-                           display=['frame.time'], wait=False)
-
-    logger.debug("Allow associations to AP1 and disallow associations to AP2")
-    if "OK" not in hapd1.request("SET mbo_assoc_disallow 0"):
-        raise Exception("Failed to set mbo_assoc_disallow for AP1")
-    if "OK" not in hapd2.request("SET mbo_assoc_disallow 1"):
-        raise Exception("Failed to set mbo_assoc_disallow for AP2")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    # Force new scan, so the assoc_disallowed indication is updated */
-    dev[0].request("FLUSH")
-
-    dev[0].connect("MBO", key_mgmt="NONE", scan_freq="2412")
-
-    filter = 'wlan.fc.type == 0 && wlan.fc.type_subtype == 0x00 && frame.time > "' + timestamp.rstrip() + '"'
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     filter, wait=False)
-    if "Destination address: " + hapd2.own_addr() in out:
-        raise Exception("Association request sent to disallowed AP 2")
-
-def test_mbo_assoc_disallow_ignore(dev, apdev):
-    """MBO and ignoring disallowed association"""
-    try:
-        _test_mbo_assoc_disallow_ignore(dev, apdev)
-    finally:
-        dev[0].request("SCAN_INTERVAL 5")
-
-def _test_mbo_assoc_disallow_ignore(dev, apdev):
-    hapd1 = hostapd.add_ap(apdev[0], {"ssid": "MBO", "mbo": "1"})
-    if "OK" not in hapd1.request("SET mbo_assoc_disallow 1"):
-        raise Exception("Failed to set mbo_assoc_disallow for AP1")
-
-    if "OK" not in dev[0].request("SCAN_INTERVAL 1"):
-        raise Exception("Failed to set scan interval")
-    dev[0].connect("MBO", key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("CTRL-EVENT-NETWORK-NOT-FOUND not seen")
-
-    if "OK" not in dev[0].request("SET ignore_assoc_disallow 1"):
-        raise Exception("Failed to set ignore_assoc_disallow")
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("CTRL-EVENT-ASSOC-REJECT not seen")
-    if "status_code=17" not in ev:
-        raise Exception("Unexpected association reject reason: " + ev)
-
-    if "OK" not in hapd1.request("SET mbo_assoc_disallow 0"):
-        raise Exception("Failed to set mbo_assoc_disallow for AP1")
-    dev[0].wait_connected()
-
-@remote_compatible
-def test_mbo_cell_capa_update(dev, apdev):
-    """MBO cellular data capability update"""
-    ssid = "test-wnm-mbo"
-    params = {'ssid': ssid, 'mbo': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
-        raise Exception("Failed to set STA as cellular data capable")
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-    addr = dev[0].own_addr()
-    sta = hapd.get_sta(addr)
-    if 'mbo_cell_capa' not in sta or sta['mbo_cell_capa'] != '1':
-        raise Exception("mbo_cell_capa missing after association")
-
-    if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
-        raise Exception("Failed to set STA as cellular data not-capable")
-    # Duplicate update for additional code coverage
-    if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
-        raise Exception("Failed to set STA as cellular data not-capable")
-
-    time.sleep(0.2)
-    sta = hapd.get_sta(addr)
-    if 'mbo_cell_capa' not in sta:
-        raise Exception("mbo_cell_capa missing after update")
-    if sta['mbo_cell_capa'] != '3':
-        raise Exception("mbo_cell_capa not updated properly")
-
-@remote_compatible
-def test_mbo_cell_capa_update_pmf(dev, apdev):
-    """MBO cellular data capability update with PMF required"""
-    ssid = "test-wnm-mbo"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params['mbo'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
-        raise Exception("Failed to set STA as cellular data capable")
-
-    dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
-                   proto="WPA2", ieee80211w="2", scan_freq="2412")
-    hapd.wait_sta()
-
-    addr = dev[0].own_addr()
-    sta = hapd.get_sta(addr)
-    if 'mbo_cell_capa' not in sta or sta['mbo_cell_capa'] != '1':
-        raise Exception("mbo_cell_capa missing after association")
-
-    if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
-        raise Exception("Failed to set STA as cellular data not-capable")
-
-    time.sleep(0.2)
-    sta = hapd.get_sta(addr)
-    if 'mbo_cell_capa' not in sta:
-        raise Exception("mbo_cell_capa missing after update")
-    if sta['mbo_cell_capa'] != '3':
-        raise Exception("mbo_cell_capa not updated properly")
-
-def test_mbo_wnm_token_wrap(dev, apdev):
-    """MBO WNM token wrap around"""
-    ssid = "test-wnm-mbo"
-    params = {'ssid': ssid, 'mbo': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-    # Trigger transmission of 256 WNM-Notification frames to wrap around the
-    # 8-bit mbo_wnm_token counter.
-    for i in range(128):
-        if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
-            raise Exception("Failed to set STA as cellular data capable")
-        if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
-            raise Exception("Failed to set STA as cellular data not-capable")
-
-@remote_compatible
-def test_mbo_non_pref_chan(dev, apdev):
-    """MBO non-preferred channel list"""
-    ssid = "test-wnm-mbo"
-    params = {'ssid': ssid, 'mbo': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:99"):
-        raise Exception("Invalid non_pref_chan value accepted")
-    if "FAIL" not in dev[0].request("SET non_pref_chan 81:15:200:3"):
-        raise Exception("Invalid non_pref_chan value accepted")
-    if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3 81:7:201:3"):
-        raise Exception("Invalid non_pref_chan value accepted")
-    if "OK" not in dev[0].request("SET non_pref_chan 81:7:200:3"):
-        raise Exception("Failed to set non-preferred channel list")
-    if "OK" not in dev[0].request("SET non_pref_chan 81:7:200:1 81:9:100:2"):
-        raise Exception("Failed to set non-preferred channel list")
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-    addr = dev[0].own_addr()
-    sta = hapd.get_sta(addr)
-    logger.debug("STA: " + str(sta))
-    if 'non_pref_chan[0]' not in sta:
-        raise Exception("Missing non_pref_chan[0] value (assoc)")
-    if sta['non_pref_chan[0]'] != '81:200:1:7':
-        raise Exception("Unexpected non_pref_chan[0] value (assoc)")
-    if 'non_pref_chan[1]' not in sta:
-        raise Exception("Missing non_pref_chan[1] value (assoc)")
-    if sta['non_pref_chan[1]'] != '81:100:2:9':
-        raise Exception("Unexpected non_pref_chan[1] value (assoc)")
-    if 'non_pref_chan[2]' in sta:
-        raise Exception("Unexpected non_pref_chan[2] value (assoc)")
-
-    if "OK" not in dev[0].request("SET non_pref_chan 81:9:100:2"):
-        raise Exception("Failed to update non-preferred channel list")
-    time.sleep(0.1)
-    sta = hapd.get_sta(addr)
-    logger.debug("STA: " + str(sta))
-    if 'non_pref_chan[0]' not in sta:
-        raise Exception("Missing non_pref_chan[0] value (update 1)")
-    if sta['non_pref_chan[0]'] != '81:100:2:9':
-        raise Exception("Unexpected non_pref_chan[0] value (update 1)")
-    if 'non_pref_chan[1]' in sta:
-        raise Exception("Unexpected non_pref_chan[1] value (update 1)")
-
-    if "OK" not in dev[0].request("SET non_pref_chan 81:9:100:2 81:10:100:2 81:8:100:2 81:7:100:1 81:5:100:1"):
-        raise Exception("Failed to update non-preferred channel list")
-    time.sleep(0.1)
-    sta = hapd.get_sta(addr)
-    logger.debug("STA: " + str(sta))
-    if 'non_pref_chan[0]' not in sta:
-        raise Exception("Missing non_pref_chan[0] value (update 2)")
-    if sta['non_pref_chan[0]'] != '81:100:1:7,5':
-        raise Exception("Unexpected non_pref_chan[0] value (update 2)")
-    if 'non_pref_chan[1]' not in sta:
-        raise Exception("Missing non_pref_chan[1] value (update 2)")
-    if sta['non_pref_chan[1]'] != '81:100:2:9,10,8':
-        raise Exception("Unexpected non_pref_chan[1] value (update 2)")
-    if 'non_pref_chan[2]' in sta:
-        raise Exception("Unexpected non_pref_chan[2] value (update 2)")
-
-    if "OK" not in dev[0].request("SET non_pref_chan 81:5:90:2 82:14:91:2"):
-        raise Exception("Failed to update non-preferred channel list")
-    time.sleep(0.1)
-    sta = hapd.get_sta(addr)
-    logger.debug("STA: " + str(sta))
-    if 'non_pref_chan[0]' not in sta:
-        raise Exception("Missing non_pref_chan[0] value (update 3)")
-    if sta['non_pref_chan[0]'] != '81:90:2:5':
-        raise Exception("Unexpected non_pref_chan[0] value (update 3)")
-    if 'non_pref_chan[1]' not in sta:
-        raise Exception("Missing non_pref_chan[1] value (update 3)")
-    if sta['non_pref_chan[1]'] != '82:91:2:14':
-        raise Exception("Unexpected non_pref_chan[1] value (update 3)")
-    if 'non_pref_chan[2]' in sta:
-        raise Exception("Unexpected non_pref_chan[2] value (update 3)")
-
-    if "OK" not in dev[0].request("SET non_pref_chan "):
-        raise Exception("Failed to update non-preferred channel list")
-    time.sleep(0.1)
-    sta = hapd.get_sta(addr)
-    logger.debug("STA: " + str(sta))
-    if 'non_pref_chan[0]' in sta:
-        raise Exception("Unexpected non_pref_chan[0] value (update 4)")
-
-@remote_compatible
-def test_mbo_sta_supp_op_classes(dev, apdev):
-    """MBO STA supported operating classes"""
-    ssid = "test-wnm-mbo"
-    params = {'ssid': ssid, 'mbo': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-    addr = dev[0].own_addr()
-    sta = hapd.get_sta(addr)
-    logger.debug("STA: " + str(sta))
-    if 'supp_op_classes' not in sta:
-        raise Exception("No supp_op_classes")
-    supp = bytearray(binascii.unhexlify(sta['supp_op_classes']))
-    if supp[0] != 81:
-        raise Exception("Unexpected current operating class %d" % supp[0])
-    if 115 not in supp:
-        raise Exception("Operating class 115 missing")
-
-def test_mbo_failures(dev, apdev):
-    """MBO failure cases"""
-    ssid = "test-wnm-mbo"
-    params = {'ssid': ssid, 'mbo': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with alloc_fail(dev[0], 1, "wpas_mbo_ie"):
-        dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-    with alloc_fail(dev[0], 1, "wpas_mbo_send_wnm_notification"):
-        if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
-            raise Exception("Failed to set STA as cellular data capable")
-    with fail_test(dev[0], 1, "wpas_mbo_send_wnm_notification"):
-        if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
-            raise Exception("Failed to set STA as cellular data not-capable")
-    with alloc_fail(dev[0], 1, "wpas_mbo_update_non_pref_chan"):
-        if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"):
-            raise Exception("non_pref_chan value accepted during OOM")
-    with alloc_fail(dev[0], 2, "wpas_mbo_update_non_pref_chan"):
-        if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"):
-            raise Exception("non_pref_chan value accepted during OOM")
-
-def test_mbo_wnm_bss_tm_ie_parsing(dev, apdev):
-    """MBO BSS transition request MBO IE parsing"""
-    ssid = "test-wnm-mbo"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    addr = dev[0].own_addr()
-    dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK",
-                   proto="WPA2", ieee80211w="0", scan_freq="2412")
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    hdr = "d0003a01" + addr.replace(':', '') + bssid.replace(':', '') + bssid.replace(':', '') + "3000"
-    btm_hdr = "0a070100030001"
-
-    tests = [("Truncated attribute in MBO IE", "dd06506f9a160101"),
-             ("Unexpected cell data capa attribute length in MBO IE",
-              "dd09506f9a160501030500"),
-             ("Unexpected transition reason attribute length in MBO IE",
-              "dd06506f9a160600"),
-             ("Unexpected assoc retry delay attribute length in MBO IE",
-              "dd0c506f9a160100080200000800"),
-             ("Unknown attribute id 255 in MBO IE",
-              "dd06506f9a16ff00")]
-
-    for test, mbo_ie in tests:
-        logger.info(test)
-        dev[0].request("NOTE " + test)
-        frame = hdr + btm_hdr + mbo_ie
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + frame):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    logger.info("Unexpected association retry delay")
-    dev[0].request("NOTE Unexpected association retry delay")
-    btm_hdr = "0a070108030001112233445566778899aabbcc"
-    mbo_ie = "dd08506f9a1608020000"
-    frame = hdr + btm_hdr + mbo_ie
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("SET ext_mgmt_frame_handling 0")
-
-def test_mbo_without_pmf(dev, apdev):
-    """MBO and WPA2 without PMF"""
-    ssid = "test-wnm-mbo"
-    params = {'ssid': ssid, 'mbo': '1', "wpa": '2',
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "wpa_passphrase": "12345678"}
-    try:
-        # "MBO: PMF needs to be enabled whenever using WPA2 with MBO"
-        hostapd.add_ap(apdev[0], params)
-        raise Exception("AP setup succeeded unexpectedly")
-    except Exception as e:
-        if "Failed to enable hostapd" in str(e):
-            pass
-        else:
-            raise
-
-def test_mbo_without_pmf_workaround(dev, apdev):
-    """MBO and WPA2 without PMF on misbehaving AP"""
-    ssid = "test-wnm-mbo"
-    params0 = {'ssid': ssid, "wpa": '2',
-               "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-               "wpa_passphrase": "12345678",
-               "vendor_elements": "dd07506f9a16010100"}
-    params1 = {'ssid': ssid, "mbo": '1', "wpa": '2',
-               "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-               "wpa_passphrase": "12345678", "ieee80211w": "1"}
-    hapd0 = hostapd.add_ap(apdev[0], params0)
-    dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK",
-                   proto="WPA2", ieee80211w="1", scan_freq="2412")
-    hapd0.wait_sta()
-    sta = hapd0.get_sta(dev[0].own_addr())
-    ext_capab = bytearray(binascii.unhexlify(sta['ext_capab']))
-    if ext_capab[2] & 0x08:
-        raise Exception("STA did not disable BSS Transition capability")
-    hapd1 = hostapd.add_ap(apdev[1], params1)
-    dev[0].scan_for_bss(hapd1.own_addr(), 2412, force_scan=True)
-    dev[0].roam(hapd1.own_addr())
-    hapd1.wait_sta()
-    sta = hapd1.get_sta(dev[0].own_addr())
-    ext_capab = bytearray(binascii.unhexlify(sta['ext_capab']))
-    if not ext_capab[2] & 0x08:
-        raise Exception("STA disabled BSS Transition capability")
-    dev[0].roam(hapd0.own_addr())
-    hapd0.wait_sta()
-    sta = hapd0.get_sta(dev[0].own_addr())
-    ext_capab = bytearray(binascii.unhexlify(sta['ext_capab']))
-    if ext_capab[2] & 0x08:
-        raise Exception("STA did not disable BSS Transition capability")
-
-def check_mbo_anqp(dev, bssid, cell_data_conn_pref):
-    if "OK" not in dev.request("ANQP_GET " + bssid + " 272,mbo:2"):
-        raise Exception("ANQP_GET command failed")
-
-    ev = dev.wait_event(["GAS-QUERY-START"], timeout=5)
-    if ev is None:
-        raise Exception("GAS query start timed out")
-
-    ev = dev.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-
-    if cell_data_conn_pref is not None:
-        ev = dev.wait_event(["RX-MBO-ANQP"], timeout=1)
-        if ev is None or "cell_conn_pref" not in ev:
-            raise Exception("Did not receive MBO Cellular Data Connection Preference")
-        if cell_data_conn_pref != int(ev.split('=')[1]):
-            raise Exception("Unexpected cell_conn_pref value: " + ev)
-
-    dev.dump_monitor()
-
-def test_mbo_anqp(dev, apdev):
-    """MBO ANQP"""
-    params = {'ssid': "test-wnm-mbo",
-              'mbo': '1',
-              'interworking': '1',
-              'mbo_cell_data_conn_pref': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
-    check_mbo_anqp(dev[0], bssid, 1)
-
-    hapd.set('mbo_cell_data_conn_pref', '255')
-    check_mbo_anqp(dev[0], bssid, 255)
-
-    hapd.set('mbo_cell_data_conn_pref', '-1')
-    check_mbo_anqp(dev[0], bssid, None)
diff --git a/tests/hwsim/test_module_tests.py b/tests/hwsim/test_module_tests.py
deleted file mode 100644
index 2e96c45d2364..000000000000
--- a/tests/hwsim/test_module_tests.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Module tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import time
-
-import hostapd
-
-def test_module_wpa_supplicant(dev, apdev, params):
-    """wpa_supplicant module tests"""
-    if "OK" not in dev[0].global_request("MODULE_TESTS"):
-        raise Exception("Module tests failed")
-    # allow eloop test to complete
-    time.sleep(0.75)
-    dev[0].relog()
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        res = f.read()
-        if "FAIL - should not have called this function" in res:
-            raise Exception("eloop test failed")
-
-def test_module_hostapd(dev):
-    """hostapd module tests"""
-    hapd_global = hostapd.HostapdGlobal()
-    if "OK" not in hapd_global.ctrl.request("MODULE_TESTS"):
-        raise Exception("Module tests failed")
diff --git a/tests/hwsim/test_monitor_interface.py b/tests/hwsim/test_monitor_interface.py
deleted file mode 100644
index e1a48aeb0c1e..000000000000
--- a/tests/hwsim/test_monitor_interface.py
+++ /dev/null
@@ -1,94 +0,0 @@
-# AP mode using the older monitor interface design
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import time
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import radiotap_build, start_monitor, stop_monitor
-
-def test_monitor_iface_open(dev, apdev):
-    """Open connection using cfg80211 monitor interface on AP"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="use_monitor=1")
-    id = wpas.add_network()
-    wpas.set_network(id, "mode", "2")
-    wpas.set_network_quoted(id, "ssid", "monitor-iface")
-    wpas.set_network(id, "key_mgmt", "NONE")
-    wpas.set_network(id, "frequency", "2412")
-    wpas.connect_network(id)
-
-    dev[0].connect("monitor-iface", key_mgmt="NONE", scan_freq="2412")
-
-def test_monitor_iface_wpa2_psk(dev, apdev):
-    """WPA2-PSK connection using cfg80211 monitor interface on AP"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="use_monitor=1")
-    id = wpas.add_network()
-    wpas.set_network(id, "mode", "2")
-    wpas.set_network_quoted(id, "ssid", "monitor-iface-wpa2")
-    wpas.set_network(id, "proto", "WPA2")
-    wpas.set_network(id, "key_mgmt", "WPA-PSK")
-    wpas.set_network_quoted(id, "psk", "12345678")
-    wpas.set_network(id, "pairwise", "CCMP")
-    wpas.set_network(id, "group", "CCMP")
-    wpas.set_network(id, "frequency", "2412")
-    wpas.connect_network(id)
-
-    dev[0].connect("monitor-iface-wpa2", psk="12345678", scan_freq="2412")
-
-def test_monitor_iface_multi_bss(dev, apdev):
-    """AP mode mmonitor interface with hostapd multi-BSS setup"""
-    params = {"ssid": "monitor-iface", "driver_params": "use_monitor=1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hostapd.add_bss(apdev[0], apdev[0]['ifname'] + '-2', 'bss-2.conf')
-    dev[0].connect("monitor-iface", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("bss-2", key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_monitor_iface_unknown_sta(dev, apdev):
-    """AP mode monitor interface and Data frame from unknown STA"""
-    ssid = "monitor-iface-pmf"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params['driver_params'] = "use_monitor=1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    bssid = apdev[0]['bssid']
-    addr = dev[0].p2p_interface_addr()
-    dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2",
-                   scan_freq="2412")
-    dev[0].request("DROP_SA")
-    # This protected Deauth will be ignored by the STA
-    hapd.request("DEAUTHENTICATE " + addr)
-    # But the unprotected Deauth from TX frame-from-unassoc-STA will now be
-    # processed
-    try:
-        sock = start_monitor(apdev[1]["ifname"])
-        radiotap = radiotap_build()
-
-        bssid = hapd.own_addr().replace(':', '')
-        addr = dev[0].own_addr().replace(':', '')
-
-        # Inject Data frame from STA to AP since we not have SA in place
-        # anymore for normal data TX
-        frame = binascii.unhexlify("48010000" + bssid + addr + bssid + "0000")
-        sock.send(radiotap + frame)
-    finally:
-        stop_monitor(apdev[1]["ifname"])
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No disconnection")
-    dev[0].request("DISCONNECT")
diff --git a/tests/hwsim/test_mscs.py b/tests/hwsim/test_mscs.py
deleted file mode 100644
index b200550b3ac3..000000000000
--- a/tests/hwsim/test_mscs.py
+++ /dev/null
@@ -1,231 +0,0 @@
-# Test cases for MSCS
-# Copyright (c) 2021, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import struct
-import time
-
-import hostapd
-from utils import *
-
-def register_mcsc_req(hapd):
-    type = 0x00d0
-    match = "1304"
-    if "OK" not in hapd.request("REGISTER_FRAME %04x %s" % (type, match)):
-        raise Exception("Could not register frame reception for Robust AV Streaming")
-
-def handle_mscs_req(hapd, wrong_dialog=False, status_code=0):
-    msg = hapd.mgmt_rx()
-    if msg['subtype'] != 13:
-        logger.info("RX:" + str(msg))
-        raise Exception("Received unexpected Management frame")
-    categ, act, dialog_token = struct.unpack('BBB', msg['payload'][0:3])
-    if categ != 19 or act != 4:
-        logger.info("RX:" + str(msg))
-        raise Exception("Received unexpected Action frame")
-
-    if wrong_dialog:
-        dialog_token = (dialog_token + 1) % 256
-    msg['da'] = msg['sa']
-    msg['sa'] = hapd.own_addr()
-    msg['payload'] = struct.pack('<BBBH', 19, 5, dialog_token, status_code)
-    hapd.mgmt_tx(msg)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None or "stype=13 ok=1" not in ev:
-        raise Exception("No TX status reported")
-
-def wait_mscs_result(dev, expect_status=0):
-    ev = dev.wait_event(["CTRL-EVENT-MSCS-RESULT"], timeout=1)
-    if ev is None:
-        raise Exception("No MSCS result reported")
-    if "status_code=%d" % expect_status not in ev:
-        raise Exception("Unexpected MSCS result: " + ev)
-
-def test_mscs_invalid_params(dev, apdev):
-    """MSCS command invalid parameters"""
-    tests = ["",
-             "add Xp_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F",
-             "add up_bitmap=F0 Xp_limit=7 stream_timeout=12345 frame_classifier=045F",
-             "add up_bitmap=F0 up_limit=7 Xtream_timeout=12345 frame_classifier=045F",
-             "add up_bitmap=F0 up_limit=7 stream_timeout=12345 Xrame_classifier=045F",
-             "add up_bitmap=X0 up_limit=7 stream_timeout=12345 frame_classifier=045F",
-             "add up_bitmap=F0 up_limit=7 stream_timeout=0 frame_classifier=045F",
-             "add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=X45F",
-             "change "]
-    for t in tests:
-        if "FAIL" not in dev[0].request("MSCS " + t):
-            raise Exception("Invalid MSCS parameters accepted: " + t)
-
-def test_mscs_without_ap_support(dev, apdev):
-    """MSCS without AP support"""
-    try:
-        run_mscs_without_ap_support(dev, apdev)
-    finally:
-        dev[0].request("MSCS remove")
-
-def run_mscs_without_ap_support(dev, apdev):
-    params = {"ssid": "mscs",
-              "ext_capa_mask": 10*"00" + "20"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    cmd = "MSCS add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Failed to configure MSCS")
-
-    dev[0].connect("mscs", key_mgmt="NONE", scan_freq="2412")
-
-    cmd = "MSCS change up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("MSCS change accepted unexpectedly")
-
-    cmd = "MSCS add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("MSCS add accepted unexpectedly")
-
-def test_mscs_post_assoc(dev, apdev):
-    """MSCS configuration post-association"""
-    try:
-        run_mscs_post_assoc(dev, apdev)
-    finally:
-        dev[0].request("MSCS remove")
-
-def run_mscs_post_assoc(dev, apdev):
-    params = {"ssid": "mscs",
-              "ext_capa": 10*"00" + "20"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    register_mcsc_req(hapd)
-
-    dev[0].connect("mscs", key_mgmt="NONE", scan_freq="2412")
-
-    hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    cmd = "MSCS change up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("MSCS change accepted unexpectedly")
-
-    cmd = "MSCS add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS add failed")
-
-    handle_mscs_req(hapd)
-    wait_mscs_result(dev[0])
-
-    cmd = "MSCS change up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS change failed")
-
-    handle_mscs_req(hapd)
-    wait_mscs_result(dev[0])
-
-    cmd = "MSCS change up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS change failed")
-
-    handle_mscs_req(hapd, status_code=23456)
-    wait_mscs_result(dev[0], expect_status=23456)
-
-def test_mscs_pre_assoc(dev, apdev):
-    """MSCS configuration pre-association"""
-    try:
-        run_mscs_pre_assoc(dev, apdev)
-    finally:
-        dev[0].request("MSCS remove")
-
-def run_mscs_pre_assoc(dev, apdev):
-    params = {"ssid": "mscs",
-              "ext_capa": 10*"00" + "20",
-              "assocresp_elements": "ff0c5800000000000000" + "01020000"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    register_mcsc_req(hapd)
-
-    cmd = "MSCS add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS add failed")
-
-    dev[0].connect("mscs", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    wait_mscs_result(dev[0])
-    dev[0].wait_connected()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    cmd = "MSCS change up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS change failed")
-
-    handle_mscs_req(hapd)
-    wait_mscs_result(dev[0])
-
-    cmd = "MSCS change up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS change failed")
-
-    handle_mscs_req(hapd, wrong_dialog=True)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-MSCS-RESULT"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected MSCS result reported")
-
-def test_mscs_assoc_failure(dev, apdev):
-    """MSCS configuration failure during association exchange"""
-    try:
-        run_mscs_assoc_failure(dev, apdev)
-    finally:
-        dev[0].request("MSCS remove")
-
-def run_mscs_assoc_failure(dev, apdev):
-    params = {"ssid": "mscs",
-              "ext_capa": 10*"00" + "20",
-              "assocresp_elements": "ff0c5800000000000000" + "01020001"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    register_mcsc_req(hapd)
-
-    cmd = "MSCS add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("MSCS add failed")
-
-    dev[0].connect("mscs", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    wait_mscs_result(dev[0], expect_status=256)
-    dev[0].wait_connected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    hapd.dump_monitor()
-    # No MSCS Status subelement
-    hapd.set("assocresp_elements", "ff085800000000000000")
-    dev[0].connect("mscs", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-MSCS-RESULT"],
-                           timeout=10)
-    if ev is None:
-        raise Exception("No connection event")
-    if "CTRL-EVENT-MSCS-RESULT" in ev:
-        raise Exception("Unexpected MSCS result")
-
-def test_mscs_local_errors(dev, apdev):
-    """MSCS configuration local errors"""
-    try:
-        run_mscs_local_errors(dev, apdev)
-    finally:
-        dev[0].request("MSCS remove")
-
-def run_mscs_local_errors(dev, apdev):
-    params = {"ssid": "mscs",
-              "ext_capa": 10*"00" + "20"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    register_mcsc_req(hapd)
-
-    dev[0].connect("mscs", key_mgmt="NONE", scan_freq="2412")
-
-    hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    for count in range(1, 3):
-        with alloc_fail(dev[0], count, "wpas_send_mscs_req"):
-            cmd = "MSCS add up_bitmap=F0 up_limit=7 stream_timeout=12345 frame_classifier=045F"
-            if "FAIL" not in dev[0].request(cmd):
-                raise Exception("MSCS add succeeded in error case")
diff --git a/tests/hwsim/test_multi_ap.py b/tests/hwsim/test_multi_ap.py
deleted file mode 100644
index 99db14ebfae9..000000000000
--- a/tests/hwsim/test_multi_ap.py
+++ /dev/null
@@ -1,368 +0,0 @@
-# Test cases for Multi-AP
-# Copyright (c) 2018, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-
-def test_multi_ap_association(dev, apdev):
-    """Multi-AP association in backhaul BSS"""
-    run_multi_ap_association(dev, apdev, 1)
-    dev[1].connect("multi-ap", psk="12345678", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-ASSOC-REJECT"],
-                           timeout=5)
-    dev[1].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Connection result not reported")
-    if "CTRL-EVENT-ASSOC-REJECT" not in ev:
-        raise Exception("Association rejection not reported")
-    if "status_code=12" not in ev:
-        raise Exception("Unexpected association status code: " + ev)
-
-def test_multi_ap_association_shared_bss(dev, apdev):
-    """Multi-AP association in backhaul BSS (with fronthaul BSS enabled)"""
-    run_multi_ap_association(dev, apdev, 3)
-    dev[1].connect("multi-ap", psk="12345678", scan_freq="2412")
-
-def run_multi_ap_association(dev, apdev, multi_ap, wait_connect=True):
-    params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
-    if multi_ap:
-        params["multi_ap"] = str(multi_ap)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("multi-ap", psk="12345678", scan_freq="2412",
-                   multi_ap_backhaul_sta="1", wait_connect=wait_connect)
-
-def test_multi_ap_backhaul_roam_with_bridge(dev, apdev):
-    """Multi-AP backhaul BSS reassociation to another BSS with bridge"""
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    try:
-        run_multi_ap_backhaul_roam_with_bridge(dev, apdev)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
-        subprocess.call(['brctl', 'delif', br_ifname, ifname])
-        subprocess.call(['brctl', 'delbr', br_ifname])
-        subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
-
-def run_multi_ap_backhaul_roam_with_bridge(dev, apdev):
-    br_ifname = 'sta-br0'
-    ifname = 'wlan5'
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    subprocess.call(['brctl', 'addbr', br_ifname])
-    subprocess.call(['brctl', 'setfd', br_ifname, '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
-    subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
-    subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
-    wpas.interface_add(ifname, br_ifname=br_ifname)
-    wpas.flush_scan_cache()
-
-    params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
-    params["multi_ap"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas.connect("multi-ap", psk="12345678", scan_freq="2412",
-                 multi_ap_backhaul_sta="1")
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-    wpas.scan_for_bss(bssid2, freq="2412", force_scan=True)
-    wpas.roam(bssid2)
-
-def test_multi_ap_disabled_on_ap(dev, apdev):
-    """Multi-AP association attempt when disabled on AP"""
-    run_multi_ap_association(dev, apdev, 0, wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
-                            "CTRL-EVENT-CONNECTED"],
-                           timeout=5)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Connection result not reported")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Unexpected connection result")
-
-def test_multi_ap_fronthaul_on_ap(dev, apdev):
-    """Multi-AP association attempt when only fronthaul BSS on AP"""
-    run_multi_ap_association(dev, apdev, 2, wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
-                            "CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-ASSOC-REJECT"],
-                           timeout=5)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Connection result not reported")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Unexpected connection result")
-
-def remove_apdev(dev, ifname):
-    hglobal = hostapd.HostapdGlobal()
-    hglobal.remove(ifname)
-    dev.cmd_execute(['iw', ifname, 'del'])
-
-def run_multi_ap_wps(dev, apdev, params, params_backhaul=None, add_apdev=False,
-                     run_csa=False, allow_csa_fail=False):
-    """Helper for running Multi-AP WPS tests
-
-    dev[0] does multi_ap WPS, dev[1] does normal WPS. apdev[0] is the fronthaul
-    BSS. If there is a separate backhaul BSS, it must have been set up by the
-    caller. params are the normal SSID parameters, they will be extended with
-    the WPS parameters. multi_ap_bssid must be given if it is not equal to the
-    fronthaul BSSID."""
-
-    wpas_apdev = None
-
-    if params_backhaul:
-        hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
-        multi_ap_bssid =  hapd_backhaul.own_addr()
-    else:
-        multi_ap_bssid = apdev[0]['bssid']
-
-    params.update({"wps_state": "2", "eap_server": "1"})
-
-    # WPS with multi-ap station dev[0]
-    hapd = hostapd.add_ap(apdev[0], params)
-    conf = hapd.request("GET_CONFIG").splitlines()
-    if "ssid=" + params['ssid'] not in conf:
-        raise Exception("GET_CONFIG did not show correct ssid entry")
-    if "multi_ap" in params and \
-       "multi_ap=" + params["multi_ap"] not in conf:
-        raise Exception("GET_CONFIG did not show correct multi_ap entry")
-    if "multi_ap_backhaul_ssid" in params and \
-       "multi_ap_backhaul_ssid=" + params["multi_ap_backhaul_ssid"].strip('"') not in conf:
-        raise Exception("GET_CONFIG did not show correct multi_ap_backhaul_ssid entry")
-    if "wpa" in params and "multi_ap_backhaul_wpa_passphrase" in params and \
-       "multi_ap_backhaul_wpa_passphrase=" + params["multi_ap_backhaul_wpa_passphrase"] not in conf:
-        raise Exception("GET_CONFIG did not show correct multi_ap_backhaul_wpa_passphrase entry")
-    if "multi_ap_backhaul_wpa_psk" in params and \
-       "multi_ap_backhaul_wpa_psk=" + params["multi_ap_backhaul_wpa_psk"] not in conf:
-        raise Exception("GET_CONFIG did not show correct multi_ap_backhaul_wpa_psk entry")
-    hapd.request("WPS_PBC")
-    if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-
-    dev[0].request("WPS_PBC multi_ap=1")
-    dev[0].wait_connected(timeout=20)
-    status = dev[0].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != multi_ap_bssid:
-        raise Exception("Not fully connected")
-    if status['ssid'] != params['multi_ap_backhaul_ssid'].strip('"'):
-        raise Exception("Unexpected SSID %s != %s" % (status['ssid'], params["multi_ap_backhaul_ssid"]))
-    if status['pairwise_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration %s" % status['pairwise_cipher'])
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-
-    status = hapd.request("WPS_GET_STATUS")
-    if "PBC Status: Disabled" not in status:
-        raise Exception("PBC status not shown correctly")
-    if "Last WPS result: Success" not in status:
-        raise Exception("Last WPS result not shown correctly")
-    if "Peer Address: " + dev[0].own_addr() not in status:
-        raise Exception("Peer address not shown correctly")
-
-    if len(dev[0].list_networks()) != 1:
-        raise Exception("Unexpected number of network blocks")
-
-    # WPS with non-Multi-AP station dev[1]
-    hapd.request("WPS_PBC")
-    if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-
-    dev[1].request("WPS_PBC")
-    dev[1].wait_connected(timeout=20)
-    status = dev[1].get_status()
-    if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
-        raise Exception("Not fully connected")
-    if status['ssid'] != params["ssid"]:
-        raise Exception("Unexpected SSID")
-    # Fronthaul may be something else than WPA2-PSK so don't test it.
-
-    status = hapd.request("WPS_GET_STATUS")
-    if "PBC Status: Disabled" not in status:
-        raise Exception("PBC status not shown correctly")
-    if "Last WPS result: Success" not in status:
-        raise Exception("Last WPS result not shown correctly")
-    if "Peer Address: " + dev[1].own_addr() not in status:
-        raise Exception("Peer address not shown correctly")
-
-    if len(dev[1].list_networks()) != 1:
-        raise Exception("Unexpected number of network blocks")
-
-    try:
-        # Add apdev to the same phy that dev[0]
-        if add_apdev:
-            wpas_apdev = {}
-            wpas_apdev['ifname'] = dev[0].ifname + "_ap"
-            status, buf = dev[0].cmd_execute(['iw', dev[0].ifname,
-                                              'interface', 'add',
-                                              wpas_apdev['ifname'],
-                                              'type', 'managed'])
-            if status != 0:
-                raise Exception("iw interface add failed")
-            wpas_hapd = hostapd.add_ap(wpas_apdev, params)
-
-        if run_csa:
-            if 'OK' not in hapd.request("CHAN_SWITCH 5 2462 ht"):
-                raise Exception("chan switch request failed")
-
-            ev = hapd.wait_event(["AP-CSA-FINISHED"], timeout=5)
-            if not ev:
-                raise Exception("chan switch failed")
-
-            # now check station
-            ev = dev[0].wait_event(["CTRL-EVENT-CHANNEL-SWITCH",
-                                    "CTRL-EVENT-DISCONNECTED"], timeout=5)
-            if not ev:
-                raise Exception("sta - no chanswitch event")
-            if "CTRL-EVENT-CHANNEL-SWITCH" not in ev and not allow_csa_fail:
-                raise Exception("Received disconnection event instead of channel switch event")
-
-        if add_apdev:
-            remove_apdev(dev[0], wpas_apdev['ifname'])
-    except:
-        if wpas_apdev:
-            remove_apdev(dev[0], wpas_apdev['ifname'])
-        raise
-
-    return hapd
-
-def test_multi_ap_wps_shared(dev, apdev):
-    """WPS on shared fronthaul/backhaul AP"""
-    ssid = "multi-ap-wps"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params.update({"multi_ap": "3",
-                   "multi_ap_backhaul_ssid": '"%s"' % ssid,
-                   "multi_ap_backhaul_wpa_passphrase": passphrase})
-    hapd = run_multi_ap_wps(dev, apdev, params)
-    # Verify WPS parameter update with Multi-AP
-    if "OK" not in hapd.request("RELOAD"):
-        raise Exception("hostapd RELOAD failed")
-    dev[0].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-    hapd.request("WPS_PBC")
-    dev[0].request("WPS_PBC multi_ap=1")
-    dev[0].wait_connected(timeout=20)
-
-def test_multi_ap_wps_shared_csa(dev, apdev):
-    """WPS on shared fronthaul/backhaul AP, run CSA"""
-    ssid = "multi-ap-wps-csa"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params.update({"multi_ap": "3",
-                   "multi_ap_backhaul_ssid": '"%s"' % ssid,
-                   "multi_ap_backhaul_wpa_passphrase": passphrase})
-    run_multi_ap_wps(dev, apdev, params, run_csa=True)
-
-def test_multi_ap_wps_shared_apdev_csa(dev, apdev):
-    """WPS on shared fronthaul/backhaul AP add apdev on same phy and run CSA"""
-    ssid = "multi-ap-wps-apdev-csa"
-    passphrase = "12345678"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params.update({"multi_ap": "3",
-                   "multi_ap_backhaul_ssid": '"%s"' % ssid,
-                   "multi_ap_backhaul_wpa_passphrase": passphrase})
-    # This case is currently failing toc omplete CSA on the station interface.
-    # For the time being, ignore that to avoid always failing tests. Full
-    # validation can be enabled once the issue behind this is fixed.
-    run_multi_ap_wps(dev, apdev, params, add_apdev=True, run_csa=True,
-                     allow_csa_fail=True)
-
-def test_multi_ap_wps_shared_psk(dev, apdev):
-    """WPS on shared fronthaul/backhaul AP using PSK"""
-    ssid = "multi-ap-wps"
-    psk = "1234567890abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
-    params = hostapd.wpa2_params(ssid=ssid)
-    params.update({"wpa_psk": psk,
-                   "multi_ap": "3",
-                   "multi_ap_backhaul_ssid": '"%s"' % ssid,
-                   "multi_ap_backhaul_wpa_psk": psk})
-    run_multi_ap_wps(dev, apdev, params)
-
-def test_multi_ap_wps_split(dev, apdev):
-    """WPS on split fronthaul and backhaul AP"""
-    backhaul_ssid = "multi-ap-backhaul-wps"
-    backhaul_passphrase = "87654321"
-    params = hostapd.wpa2_params(ssid="multi-ap-fronthaul-wps",
-                                 passphrase="12345678")
-    params.update({"multi_ap": "2",
-                   "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
-                   "multi_ap_backhaul_wpa_passphrase": backhaul_passphrase})
-    params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid,
-                                          passphrase=backhaul_passphrase)
-    params_backhaul.update({"multi_ap": "1"})
-
-    run_multi_ap_wps(dev, apdev, params, params_backhaul)
-
-def test_multi_ap_wps_split_psk(dev, apdev):
-    """WPS on split fronthaul and backhaul AP"""
-    backhaul_ssid = "multi-ap-backhaul-wps"
-    backhaul_psk = "1234567890abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
-    params = hostapd.wpa2_params(ssid="multi-ap-fronthaul-wps",
-                                 passphrase="12345678")
-    params.update({"multi_ap": "2",
-                   "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
-                   "multi_ap_backhaul_wpa_psk": backhaul_psk})
-    params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid)
-    params_backhaul.update({"multi_ap": "1", "wpa_psk": backhaul_psk})
-
-    run_multi_ap_wps(dev, apdev, params, params_backhaul)
-
-def test_multi_ap_wps_split_mixed(dev, apdev):
-    """WPS on split fronthaul and backhaul AP with mixed-mode fronthaul"""
-    skip_without_tkip(dev[0])
-    backhaul_ssid = "multi-ap-backhaul-wps"
-    backhaul_passphrase = "87654321"
-    params = hostapd.wpa_mixed_params(ssid="multi-ap-fronthaul-wps",
-                                      passphrase="12345678")
-    params.update({"multi_ap": "2",
-                   "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
-                   "multi_ap_backhaul_wpa_passphrase": backhaul_passphrase})
-    params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid,
-                                          passphrase=backhaul_passphrase)
-    params_backhaul.update({"multi_ap": "1"})
-
-    run_multi_ap_wps(dev, apdev, params, params_backhaul)
-
-def test_multi_ap_wps_split_open(dev, apdev):
-    """WPS on split fronthaul and backhaul AP with open fronthaul"""
-    backhaul_ssid = "multi-ap-backhaul-wps"
-    backhaul_passphrase = "87654321"
-    params = {"ssid": "multi-ap-wps-fronthaul", "multi_ap": "2",
-              "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
-              "multi_ap_backhaul_wpa_passphrase": backhaul_passphrase}
-    params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid,
-                                          passphrase=backhaul_passphrase)
-    params_backhaul.update({"multi_ap": "1"})
-
-    run_multi_ap_wps(dev, apdev, params, params_backhaul)
-
-def test_multi_ap_wps_fail_non_multi_ap(dev, apdev):
-    """Multi-AP WPS on non-WPS AP fails"""
-
-    params = hostapd.wpa2_params(ssid="non-multi-ap-wps", passphrase="12345678")
-    params.update({"wps_state": "2", "eap_server": "1"})
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-    if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
-        raise Exception("PBC status not shown correctly")
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].request("WPS_PBC %s multi_ap=1" % apdev[0]['bssid'])
-    # Since we will fail to associate and WPS doesn't even get started, there
-    # isn't much we can do except wait for timeout. For PBC, it is not possible
-    # to change the timeout from 2 minutes. Instead of waiting for the timeout,
-    # just check that WPS doesn't finish within reasonable time.
-    for i in range(2):
-        ev = dev[0].wait_event(["WPS-SUCCESS", "WPS-FAIL",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        if ev and "WPS-" in ev:
-            raise Exception("WPS operation completed: " + ev)
-    dev[0].request("WPS_CANCEL")
diff --git a/tests/hwsim/test_nfc_p2p.py b/tests/hwsim/test_nfc_p2p.py
deleted file mode 100644
index 3139dc4d33b4..000000000000
--- a/tests/hwsim/test_nfc_p2p.py
+++ /dev/null
@@ -1,848 +0,0 @@
-# P2P+NFC tests
-# Copyright (c) 2013, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger(__name__)
-
-import hwsim_utils
-from utils import alloc_fail
-
-grpform_events = ["P2P-GROUP-STARTED",
-                  "P2P-GO-NEG-FAILURE",
-                  "P2P-GROUP-FORMATION-FAILURE",
-                  "WPS-PIN-NEEDED",
-                  "WPS-M2D",
-                  "WPS-FAIL"]
-
-def set_ip_addr_info(dev):
-    dev.global_request("SET ip_addr_go 192.168.42.1")
-    dev.global_request("SET ip_addr_mask 255.255.255.0")
-    dev.global_request("SET ip_addr_start 192.168.42.100")
-    dev.global_request("SET ip_addr_end 192.168.42.199")
-
-def check_ip_addr(res):
-    if 'ip_addr' not in res:
-        raise Exception("Did not receive IP address from GO")
-    if '192.168.42.' not in res['ip_addr']:
-        raise Exception("Unexpected IP address received from GO")
-    if 'ip_mask' not in res:
-        raise Exception("Did not receive IP address mask from GO")
-    if '255.255.255.' not in res['ip_mask']:
-        raise Exception("Unexpected IP address mask received from GO")
-    if 'go_ip_addr' not in res:
-        raise Exception("Did not receive GO IP address from GO")
-    if '192.168.42.' not in res['go_ip_addr']:
-        raise Exception("Unexpected GO IP address received from GO")
-
-def test_nfc_p2p_go_neg(dev):
-    """NFC connection handover to form a new P2P group (initiator becomes GO)"""
-    try:
-        _test_nfc_p2p_go_neg(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_go_neg(dev):
-    set_ip_addr_info(dev[0])
-    ip = dev[0].p2pdev_request("GET ip_addr_go")
-    if ip != "192.168.42.1":
-        raise Exception("Unexpected ip_addr_go returned: " + ip)
-    dev[0].global_request("SET p2p_go_intent 10")
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res1['role'] != 'client' or res0['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res1)
-
-def test_nfc_p2p_go_neg_ip_pool_oom(dev):
-    """NFC connection handover to form a new P2P group and IP pool OOM"""
-    try:
-        _test_nfc_p2p_go_neg_ip_pool_oom(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_go_neg_ip_pool_oom(dev):
-    set_ip_addr_info(dev[0])
-    ip = dev[0].p2pdev_request("GET ip_addr_go")
-    if ip != "192.168.42.1":
-        raise Exception("Unexpected ip_addr_go returned: " + ip)
-    dev[0].global_request("SET p2p_go_intent 10")
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    with alloc_fail(dev[0], 1, "bitfield_alloc;wpa_init"):
-        res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-        res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED",
-                                       "P2P-GO-NEG-FAILURE",
-                                       "P2P-GROUP-FORMATION-FAILURE",
-                                       "WPS-PIN-NEEDED"], timeout=15)
-        if ev is None:
-            raise Exception("Group formation timed out")
-        res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    if 'ip_addr' in res1:
-        raise Exception("Unexpectedly received IP address from GO")
-
-def test_nfc_p2p_go_neg_reverse(dev):
-    """NFC connection handover to form a new P2P group (responder becomes GO)"""
-    try:
-        _test_nfc_p2p_go_neg_reverse(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_go_neg_reverse(dev):
-    set_ip_addr_info(dev[1])
-    dev[0].global_request("SET p2p_go_intent 3")
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res0['role'] != 'client' or res1['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res0)
-
-def test_nfc_p2p_initiator_go(dev):
-    """NFC connection handover with initiator already GO"""
-    set_ip_addr_info(dev[0])
-    logger.info("Start autonomous GO")
-    dev[0].p2p_start_go()
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection to the group timed out")
-    res1 = dev[1].group_form_result(ev)
-    if res1['result'] != 'success':
-        raise Exception("Unexpected connection failure")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res1)
-
-def test_nfc_p2p_responder_go(dev):
-    """NFC connection handover with responder already GO"""
-    set_ip_addr_info(dev[1])
-    logger.info("Start autonomous GO")
-    dev[1].p2p_start_go()
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection to the group timed out")
-    res0 = dev[0].group_form_result(ev)
-    if res0['result'] != 'success':
-        raise Exception("Unexpected connection failure")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res0)
-
-def test_nfc_p2p_both_go(dev):
-    """NFC connection handover with both devices already GOs"""
-    set_ip_addr_info(dev[0])
-    set_ip_addr_info(dev[1])
-    logger.info("Start autonomous GOs")
-    dev[0].p2p_start_go()
-    dev[1].p2p_start_go()
-    logger.info("Perform NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[0].wait_event(["P2P-NFC-BOTH-GO"], timeout=15)
-    if ev is None:
-        raise Exception("Time out waiting for P2P-NFC-BOTH-GO (dev0)")
-    ev = dev[1].wait_event(["P2P-NFC-BOTH-GO"], timeout=1)
-    if ev is None:
-        raise Exception("Time out waiting for P2P-NFC-BOTH-GO (dev1)")
-    dev[0].remove_group()
-    dev[1].remove_group()
-
-def test_nfc_p2p_client(dev):
-    """NFC connection handover when one device is P2P client"""
-    logger.info("Start autonomous GOs")
-    go_res = dev[0].p2p_start_go()
-    logger.info("Connect one device as a P2P client")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin,
-                             freq=int(go_res['freq']), timeout=60)
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-
-    logger.info("NFC connection handover between P2P client and P2P device")
-    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[2].request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[1].dump_monitor()
-    dev[2].dump_monitor()
-    res = dev[2].request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[1].request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[1].wait_event(["P2P-NFC-WHILE-CLIENT"], timeout=15)
-    if ev is None:
-        raise Exception("Time out waiting for P2P-NFC-WHILE-CLIENT")
-    ev = dev[2].wait_event(["P2P-NFC-PEER-CLIENT"], timeout=1)
-    if ev is None:
-        raise Exception("Time out waiting for P2P-NFC-PEER-CLIENT")
-
-    logger.info("Connect to group based on upper layer trigger")
-    pin = dev[2].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[2].p2p_connect_group(dev[0].p2p_dev_addr(), pin,
-                             freq=int(go_res['freq']), timeout=60)
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    dev[2].remove_group()
-    dev[1].remove_group()
-    dev[0].remove_group()
-
-def test_nfc_p2p_static_handover_tagdev_client(dev):
-    """NFC static handover to form a new P2P group (NFC Tag device becomes P2P Client)"""
-    try:
-        _test_nfc_p2p_static_handover_tagdev_client(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_static_handover_tagdev_client(dev):
-    set_ip_addr_info(dev[0])
-
-    logger.info("Perform NFC connection handover")
-
-    res = dev[1].global_request("SET p2p_listen_reg_class 81")
-    res2 = dev[1].global_request("SET p2p_listen_channel 6")
-    if "FAIL" in res or "FAIL" in res2:
-        raise Exception("Could not set Listen channel")
-    pw = dev[1].global_request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[1].global_request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[1].global_request("P2P_LISTEN")
-    if "FAIL" in res:
-        raise Exception("Failed to start Listen mode")
-    dev[1].dump_monitor()
-
-    dev[0].dump_monitor()
-    dev[0].global_request("SET p2p_go_intent 10")
-    res = dev[0].global_request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[0].wait_global_event(grpform_events, timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(grpform_events, timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res1['role'] != 'client' or res0['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res1)
-
-def test_nfc_p2p_static_handover_tagdev_client_group_iface(dev):
-    """NFC static handover to form a new P2P group (NFC Tag device becomes P2P Client with group iface)"""
-    try:
-        _test_nfc_p2p_static_handover_tagdev_client_group_iface(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_static_handover_tagdev_client_group_iface(dev):
-    set_ip_addr_info(dev[0])
-
-    logger.info("Perform NFC connection handover")
-
-    res = dev[1].global_request("SET p2p_listen_reg_class 81")
-    res2 = dev[1].global_request("SET p2p_listen_channel 6")
-    if "FAIL" in res or "FAIL" in res2:
-        raise Exception("Could not set Listen channel")
-    pw = dev[1].global_request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    res = dev[1].global_request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[1].global_request("P2P_LISTEN")
-    if "FAIL" in res:
-        raise Exception("Failed to start Listen mode")
-    dev[1].dump_monitor()
-
-    dev[0].dump_monitor()
-    dev[0].global_request("SET p2p_go_intent 10")
-    res = dev[0].global_request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[0].wait_global_event(grpform_events, timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(grpform_events, timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res1['role'] != 'client' or res0['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res1)
-
-def test_nfc_p2p_static_handover_tagdev_go(dev):
-    """NFC static handover to form a new P2P group (NFC Tag device becomes GO)"""
-    try:
-        _test_nfc_p2p_static_handover_tagdev_go(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_static_handover_tagdev_go(dev):
-    set_ip_addr_info(dev[1])
-
-    logger.info("Perform NFC connection handover")
-
-    res = dev[1].global_request("SET p2p_listen_reg_class 81")
-    res2 = dev[1].global_request("SET p2p_listen_channel 6")
-    if "FAIL" in res or "FAIL" in res2:
-        raise Exception("Could not set Listen channel")
-    pw = dev[1].global_request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[1].global_request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[1].global_request("P2P_LISTEN")
-    if "FAIL" in res:
-        raise Exception("Failed to start Listen mode")
-    dev[1].dump_monitor()
-
-    dev[0].dump_monitor()
-    dev[0].global_request("SET p2p_go_intent 3")
-    res = dev[0].global_request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[0].wait_global_event(grpform_events, timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(grpform_events, timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res0['role'] != 'client' or res1['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res0)
-
-def test_nfc_p2p_static_handover_tagdev_go_forced_freq(dev):
-    """NFC static handover to form a new P2P group on forced channel (NFC Tag device becomes GO)"""
-    try:
-        _test_nfc_p2p_static_handover_tagdev_go_forced_freq(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_static_handover_tagdev_go_forced_freq(dev):
-    set_ip_addr_info(dev[1])
-
-    logger.info("Perform NFC connection handover")
-
-    res = dev[1].global_request("SET p2p_listen_reg_class 81")
-    res2 = dev[1].global_request("SET p2p_listen_channel 6")
-    if "FAIL" in res or "FAIL" in res2:
-        raise Exception("Could not set Listen channel")
-    pw = dev[1].global_request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[1].global_request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[1].global_request("P2P_LISTEN")
-    if "FAIL" in res:
-        raise Exception("Failed to start Listen mode")
-    dev[1].dump_monitor()
-
-    dev[0].dump_monitor()
-    dev[0].global_request("SET p2p_go_intent 3")
-    res = dev[0].global_request("WPS_NFC_TAG_READ " + sel + " freq=2442")
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[0].wait_global_event(grpform_events, timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(grpform_events, timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res0['role'] != 'client' or res1['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res0)
-
-def test_nfc_p2p_static_handover_join_tagdev_go(dev):
-    """NFC static handover to join a P2P group (NFC Tag device is the GO)"""
-
-    logger.info("Start autonomous GO")
-    set_ip_addr_info(dev[0])
-    dev[0].p2p_start_go()
-
-    logger.info("Write NFC Tag on the GO")
-    pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[0].request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-
-    logger.info("Read NFC Tag on a P2P Device to join a group")
-    res = dev[1].request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[1].wait_event(grpform_events, timeout=30)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    res = dev[1].group_form_result(ev)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res)
-
-    logger.info("Read NFC Tag on another P2P Device to join a group")
-    res = dev[2].request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[2].wait_event(grpform_events, timeout=30)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    res = dev[2].group_form_result(ev)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[2])
-    check_ip_addr(res)
-
-def test_nfc_p2p_static_handover_join_tagdev_client(dev):
-    """NFC static handover to join a P2P group (NFC Tag device is the P2P Client)"""
-    try:
-        _test_nfc_p2p_static_handover_join_tagdev_client(dev)
-    finally:
-        dev[1].global_request("SET ignore_old_scan_res 0")
-        dev[2].global_request("SET ignore_old_scan_res 0")
-
-def _test_nfc_p2p_static_handover_join_tagdev_client(dev):
-    set_ip_addr_info(dev[0])
-    logger.info("Start autonomous GO")
-    dev[0].p2p_start_go()
-
-    dev[1].global_request("SET ignore_old_scan_res 1")
-    dev[2].global_request("SET ignore_old_scan_res 1")
-
-    logger.info("Write NFC Tag on the P2P Client")
-    res = dev[1].global_request("P2P_LISTEN")
-    if "FAIL" in res:
-        raise Exception("Failed to start Listen mode")
-    pw = dev[1].global_request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[1].global_request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-
-    logger.info("Read NFC Tag on the GO to trigger invitation")
-    res = dev[0].global_request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[1].wait_global_event(grpform_events, timeout=30)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    res = dev[1].group_form_result(ev)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res)
-
-    logger.info("Write NFC Tag on another P2P Client")
-    res = dev[2].global_request("P2P_LISTEN")
-    if "FAIL" in res:
-        raise Exception("Failed to start Listen mode")
-    pw = dev[2].global_request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[2].global_request("P2P_SET nfc_tag 1").rstrip()
-    if "FAIL" in res:
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    sel = dev[2].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-
-    logger.info("Read NFC Tag on the GO to trigger invitation")
-    res = dev[0].global_request("WPS_NFC_TAG_READ " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-    ev = dev[2].wait_global_event(grpform_events, timeout=30)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    res = dev[2].group_form_result(ev)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[2])
-    check_ip_addr(res)
-
-def test_nfc_p2p_go_legacy_config_token(dev):
-    """NFC config token from P2P GO to legacy WPS STA"""
-    logger.info("Start autonomous GOs")
-    dev[0].p2p_start_go()
-    logger.info("Connect legacy WPS STA with configuration token")
-    conf = dev[0].group_request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
-    if "FAIL" in conf:
-        raise Exception("Failed to generate configuration token")
-    dev[1].dump_monitor()
-    res = dev[1].request("WPS_NFC_TAG_READ " + conf)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-    dev[1].wait_connected(timeout=15, error="Joining the group timed out")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    dev[1].request("DISCONNECT")
-    dev[0].remove_group()
-
-def test_nfc_p2p_go_legacy_handover(dev):
-    """NFC token from legacy WPS STA to P2P GO"""
-    logger.info("Start autonomous GOs")
-    dev[0].p2p_start_go()
-    logger.info("Connect legacy WPS STA with connection handover")
-    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[0].group_request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[0].group_request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant (GO)")
-    dev[1].dump_monitor()
-    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant (legacy STA)")
-    dev[1].wait_connected(timeout=15, error="Joining the group timed out")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    dev[1].request("DISCONNECT")
-    dev[0].remove_group()
-
-def test_nfc_p2p_ip_addr_assignment(dev):
-    """NFC connection handover and legacy station IP address assignment"""
-    try:
-        _test_nfc_p2p_ip_addr_assignment(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_ip_addr_assignment(dev):
-    set_ip_addr_info(dev[1])
-    dev[0].global_request("SET p2p_go_intent 3")
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res0['role'] != 'client' or res1['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res0)
-
-    logger.info("Connect legacy P2P client that does not use new IP address assignment")
-    res = dev[2].global_request("P2P_SET disable_ip_addr_req 1")
-    if "FAIL" in res:
-        raise Exception("Failed to disable IP address assignment request")
-    pin = dev[2].wps_read_pin()
-    dev[1].p2p_go_authorize_client(pin)
-    res = dev[2].p2p_connect_group(dev[1].p2p_dev_addr(), pin, timeout=60)
-    logger.info("Client connected")
-    res = dev[2].global_request("P2P_SET disable_ip_addr_req 0")
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    if 'ip_addr' in res:
-        raise Exception("Unexpected IP address assignment")
-
-def test_nfc_p2p_ip_addr_assignment2(dev):
-    """NFC connection handover and IP address assignment for two clients"""
-    try:
-        _test_nfc_p2p_ip_addr_assignment2(dev)
-    finally:
-        dev[0].global_request("SET p2p_go_intent 7")
-
-def _test_nfc_p2p_ip_addr_assignment2(dev):
-    set_ip_addr_info(dev[1])
-    dev[0].global_request("SET p2p_go_intent 3")
-    logger.info("Perform NFC connection handover")
-    req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(resp)")
-    res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to wpa_supplicant(init)")
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res0 = dev[0].group_form_result(ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GO-NEG-FAILURE",
-                                   "P2P-GROUP-FORMATION-FAILURE",
-                                   "WPS-PIN-NEEDED"], timeout=1)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    res1 = dev[1].group_form_result(ev)
-    logger.info("Group formed")
-
-    if res0['role'] != 'client' or res1['role'] != 'GO':
-        raise Exception("Unexpected roles negotiated")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    check_ip_addr(res0)
-    logger.info("Client 1 IP address: " + res0['ip_addr'])
-
-    logger.info("Connect a P2P client")
-    pin = dev[2].wps_read_pin()
-    dev[1].p2p_go_authorize_client(pin)
-    res = dev[2].p2p_connect_group(dev[1].p2p_dev_addr(), pin, timeout=60)
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    check_ip_addr(res)
-    logger.info("Client 2 IP address: " + res['ip_addr'])
-    if res['ip_addr'] == res0['ip_addr']:
-        raise Exception("Same IP address assigned to both clients")
-
-@remote_compatible
-def test_nfc_p2p_tag_enable_disable(dev):
-    """NFC tag enable/disable for P2P"""
-    if "FAIL" in dev[0].request("WPS_NFC_TOKEN NDEF").rstrip():
-        raise Exception("Failed to generate password token")
-    if "OK" not in dev[0].request("P2P_SET nfc_tag 1"):
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    if "OK" not in dev[0].request("P2P_SET nfc_tag 0"):
-        raise Exception("Failed to disable NFC Tag for P2P static handover")
-
-    dev[0].request("SET p2p_no_group_iface 0")
-    if "OK" not in dev[0].request("P2P_SET nfc_tag 1"):
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    if "OK" not in dev[0].request("P2P_SET nfc_tag 0"):
-        raise Exception("Failed to disable NFC Tag for P2P static handover")
-    if "OK" not in dev[0].request("P2P_SET nfc_tag 1"):
-        raise Exception("Failed to enable NFC Tag for P2P static handover")
-    if "OK" not in dev[0].request("P2P_SET nfc_tag 0"):
-        raise Exception("Failed to disable NFC Tag for P2P static handover")
-
-@remote_compatible
-def test_nfc_p2p_static_handover_invalid(dev):
-    """NFC static handover with invalid contents"""
-    logger.info("Unknown OOB GO Neg channel")
-    sel = "D217A36170706C69636174696F6E2F766E642E7766612E7032700071102100012010230001201024000120102C0036C3B2ADB8D26F53CE1CB7F000BEEDA762922FF5307E87CCE484EF4B5DAD440D0A4752579767610AD1293F7A76A66B09A7C9D58A66994E103C000103104200012010470010572CF82FC95756539B16B5CFB298ABF11049000600372A000120002E02020025000D1D000200000001001108000000000000000000101100084465766963652042130600585804ff0B00"
-    if "FAIL" not in dev[0].global_request("WPS_NFC_TAG_READ " + sel):
-        raise Exception("Invalid tag contents accepted (1)")
-
-    logger.info("No OOB GO Neg channel attribute")
-    sel = "D2179A6170706C69636174696F6E2F766E642E7766612E7032700071102100012010230001201024000120102C0036C3B2ADB8D26F53CE1CB7F000BEEDA762922FF5307E87CCE484EF4B5DAD440D0A4752579767610AD1293F7A76A66B09A7C9D58A66994E103C000103104200012010470010572CF82FC95756539B16B5CFB298ABF11049000600372A000120002502020025000D1D000200000001001108000000000000000000101100084465766963652042"
-    if "FAIL" not in dev[0].global_request("WPS_NFC_TAG_READ " + sel):
-        raise Exception("Invalid tag contents accepted (2)")
-
-    logger.info("No Device Info attribute")
-    sel = "D217836170706C69636174696F6E2F766E642E7766612E7032700071102100012010230001201024000120102C0036C3B2ADB8D26F53CE1CB7F000BEEDA762922FF5307E87CCE484EF4B5DAD440D0A4752579767610AD1293F7A76A66B09A7C9D58A66994E103C000103104200012010470010572CF82FC95756539B16B5CFB298ABF11049000600372A000120000E0202002500130600585804510B00"
-    if "FAIL" not in dev[0].global_request("WPS_NFC_TAG_READ " + sel):
-        raise Exception("Invalid tag contents accepted (3)")
diff --git a/tests/hwsim/test_nfc_wps.py b/tests/hwsim/test_nfc_wps.py
deleted file mode 100644
index a0e2d454ffe9..000000000000
--- a/tests/hwsim/test_nfc_wps.py
+++ /dev/null
@@ -1,709 +0,0 @@
-# WPS+NFC tests
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import time
-import subprocess
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-import hostapd
-from utils import *
-
-def check_wpa2_connection(sta, ap, hapd, ssid, mixed=False):
-    status = sta.get_status()
-    if status['wpa_state'] != 'COMPLETED':
-        raise Exception("Not fully connected")
-    if status['bssid'] != ap['bssid']:
-        raise Exception("Unexpected BSSID")
-    if status['ssid'] != ssid:
-        raise Exception("Unexpected SSID")
-    if status['pairwise_cipher'] != 'CCMP':
-        raise Exception("Unexpected encryption configuration")
-    if status['group_cipher'] != 'CCMP' and not mixed:
-        raise Exception("Unexpected encryption configuration")
-    if status['key_mgmt'] != 'WPA2-PSK':
-        raise Exception("Unexpected key_mgmt")
-    hwsim_utils.test_connectivity(sta, hapd)
-
-def ap_wps_params(ssid):
-    return {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-            "wpa_passphrase": "12345678", "wpa": "2",
-            "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
-
-@remote_compatible
-def test_nfc_wps_password_token_sta(dev, apdev):
-    """NFC tag with password token on the station/Enrollee"""
-    ssid = "test-wps-nfc-pw-token-conf"
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("WPS provisioning step using password token from station")
-    wps = dev[0].request("WPS_NFC_TOKEN WPS").rstrip()
-    if "FAIL" in wps:
-        raise Exception("Failed to generate password token (WPS only)")
-    pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = hapd.request("WPS_NFC_TAG_READ " + pw)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("WPS_NFC")
-    if "FAIL" in res:
-        raise Exception("Failed to start Enrollee using NFC password token")
-    dev[0].wait_connected(timeout=30)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
-
-    if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 0"):
-        raise Exception("Invalid WPS_NFC_TAG_READ accepted")
-    if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 0q"):
-        raise Exception("Invalid WPS_NFC_TAG_READ accepted")
-    with alloc_fail(hapd, 1,
-                    "wpabuf_alloc;hostapd_ctrl_iface_wps_nfc_tag_read"):
-        if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 00"):
-            raise Exception("WPS_NFC_TAG_READ accepted during OOM")
-
-def test_nfc_wps_config_token(dev, apdev):
-    """NFC tag with configuration token from AP"""
-    ssid = "test-wps-nfc-conf-token"
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("NFC configuration token from AP to station")
-    conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
-    if "FAIL" in conf:
-        raise Exception("Failed to generate configuration token")
-    ndef_conf = conf
-    dev[0].dump_monitor()
-    res = dev[0].request("WPS_NFC_TAG_READ " + conf)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-    dev[0].wait_connected(timeout=15)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
-
-    with alloc_fail(hapd, 1, "wps_get_oob_cred"):
-        conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
-        if "FAIL" not in conf:
-            raise Exception("Unexpected configuration token received during OOM")
-
-    wps_conf = hapd.request("WPS_NFC_CONFIG_TOKEN WPS").rstrip()
-    if "FAIL" in wps_conf:
-        raise Exception("Failed to generate configuration token (WPS)")
-    if wps_conf not in ndef_conf:
-        raise Exception("WPS config token not within NDEF encapsulated one")
-
-    conf = hapd.request("WPS_NFC_CONFIG_TOKEN FOO").rstrip()
-    if "FAIL" not in conf:
-        raise Exception("Invalid WPS_NFC_CONFIG_TOKEN accepted")
-
-def test_nfc_wps_config_token_init(dev, apdev):
-    """NFC tag with configuration token from AP with auto configuration"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-nfc-conf-token-init"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    logger.info("NFC configuration token from AP to station")
-    conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
-    if "FAIL" in conf:
-        raise Exception("Failed to generate configuration token")
-    dev[0].dump_monitor()
-    res = dev[0].request("WPS_NFC_TAG_READ " + conf)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-    dev[0].wait_connected(timeout=15)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)
-
-@remote_compatible
-def test_nfc_wps_password_token_sta_init(dev, apdev):
-    """Initial AP configuration with first WPS NFC Enrollee"""
-    skip_without_tkip(dev[0])
-    ssid = "test-wps-nfc-pw-token-init"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    logger.info("WPS provisioning step using password token from station")
-    pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = hapd.request("WPS_NFC_TAG_READ " + pw)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("WPS_NFC")
-    if "FAIL" in res:
-        raise Exception("Failed to start Enrollee using NFC password token")
-    dev[0].wait_connected(timeout=30)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)
-
-@remote_compatible
-def test_nfc_wps_password_token_ap(dev, apdev):
-    """WPS registrar configuring an AP using AP password token"""
-    ssid = "test-wps-nfc-pw-token-init"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    logger.info("WPS configuration step")
-    pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = hapd.request("WPS_NFC_TOKEN enable")
-    if "FAIL" in res:
-        raise Exception("Failed to enable AP password token")
-    res = dev[0].request("WPS_NFC_TAG_READ " + pw)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-    dev[0].dump_monitor()
-    new_ssid = "test-wps-nfc-pw-token-new-ssid"
-    new_passphrase = "1234567890"
-    res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " +
-                         binascii.hexlify(new_ssid.encode()).decode() +
-                         " WPA2PSK CCMP " +
-                         binascii.hexlify(new_passphrase.encode()).decode())
-    if "FAIL" in res:
-        raise Exception("Failed to start Registrar using NFC password token")
-    dev[0].wait_connected(timeout=30)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True)
-    if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"):
-        raise Exception("Failed to disable AP password token")
-    if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"):
-        raise Exception("Unexpected WPS_NFC_TOKEN WPS failure")
-
-    with fail_test(hapd, 1, "os_get_random;wps_nfc_token_gen"):
-        if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"):
-            raise Exception("Unexpected WPS_NFC_TOKEN success")
-    with fail_test(hapd, 2, "os_get_random;wps_nfc_token_gen"):
-        if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"):
-            raise Exception("Unexpected WPS_NFC_TOKEN success")
-
-    if "FAIL" not in hapd.request("WPS_NFC_TOKEN foo"):
-        raise Exception("Invalid WPS_NFC_TOKEN accepted")
-
-def test_nfc_wps_password_token_ap_preconf(dev, apdev):
-    """WPS registrar configuring an AP using preconfigured AP password token"""
-    ssid = "test-wps-nfc-pw-token-init"
-    params = {"ssid": ssid, "eap_server": "1",
-              "wps_state": "1",
-              "wps_nfc_dev_pw_id": "49067",
-              "wps_nfc_dh_pubkey": "991B7F54406226505D56C6C701ED2C725E4F4866611357CA1C4D92219B2E91CFC9E4172EB0899421657534DB396A6A11361663ACDC48417541DB8610428773BC18AAA00387775F14EEE49335B574165EF915D055F818B82F99CEF4C5F176E0C5D9055CBAF055A5B20B73B26D74816BA42C1A911FF0B8EDF77C7CEA76F9F6EABBFBF12742AA3E67BE7597FB7321C3B258C57B9EA045B0A7472558F9AA8E810E2E0462FFD9001A7E21C38006529B9FEDAAF47612D3817922F2335A5D541BAA9B7F",
-              "wps_nfc_dh_privkey": "06F35FDA777F6EFF1F7F008AD68C49572C5F2913B1DC96E0AC3AB67D75329D40EEE850C79D83EEA82CE35FADCCB1F2AF08560268B9E9B67BE66C9B7B3E6F462CF91647830CB0A40184CCF8AA74261E0308AB8973FB799C9EA46011C70215AEA83293E0C89AA4EB6CA753A9E689FA3A0A3FB40D0A8D9AD258F3E4DA1625F63C4B347660D17504B25856DE9D18EB76C239EDFF090A0A1779BE848C0F23C20CF83022C91EA56B0375DED0A62DF0B8B91348F667F5A7EAD23F0F033E071DCE11B786",
-              "wps_nfc_dev_pw": "CB7FE7A25053F8F5BF822660C21E66D8A58D3393BB78494E239031D6AABCB90C"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("WPS configuration step")
-    res = hapd.request("WPS_NFC_TOKEN enable")
-    if "FAIL" in res:
-        raise Exception("Failed to enable AP password token")
-    pw = "D217446170706C69636174696F6E2F766E642E7766612E777363102C0036691F6C35AC5FF23180FFBF899BF3E563D047AA68BFABCB7FE7A25053F8F5BF822660C21E66D8A58D3393BB78494E239031D6AABCB90C1049000600372A000120"
-    res = dev[0].request("WPS_NFC_TAG_READ " + pw)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-    dev[0].dump_monitor()
-    new_ssid = "test-wps-nfc-pw-token-new-ssid"
-    new_passphrase = "1234567890"
-    res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " +
-                         binascii.hexlify(new_ssid.encode()).decode() +
-                         " WPA2PSK CCMP " +
-                         binascii.hexlify(new_passphrase.encode()).decode())
-    if "FAIL" in res:
-        raise Exception("Failed to start Registrar using NFC password token")
-    dev[0].wait_connected(timeout=30)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True)
-
-def test_nfc_wps_handover_init(dev, apdev):
-    """Connect to WPS AP with NFC connection handover and move to configured state"""
-    skip_without_tkip(dev[0])
-    try:
-        _test_nfc_wps_handover_init(dev, apdev)
-    finally:
-        dev[0].request("SET ignore_old_scan_res 0")
-
-def _test_nfc_wps_handover_init(dev, apdev):
-    dev[0].request("SET ignore_old_scan_res 1")
-    ssid = "test-wps-nfc-handover-init"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    logger.info("NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    dev[0].wait_connected(timeout=15)
-    # WPS provisioning
-    hapd.wait_sta()
-    # data connection
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)
-
-    with alloc_fail(hapd, 1, "wps_build_nfc_handover_sel"):
-        if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR"):
-            raise Exception("Unexpected NFC_GET_HANDOVER_SEL success during OOM")
-
-    if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF").rstrip():
-        raise Exception("Invalid NFC_GET_HANDOVER_SEL accepted")
-    if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL foo foo").rstrip():
-        raise Exception("Invalid NFC_GET_HANDOVER_SEL accepted")
-    if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF foo").rstrip():
-        raise Exception("Invalid NFC_GET_HANDOVER_SEL accepted")
-    res_ndef = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    res_wps = hapd.request("NFC_GET_HANDOVER_SEL WPS WPS-CR").rstrip()
-    if res_wps not in res_ndef:
-        raise Exception("WPS handover select not in NDEF encapsulated version")
-
-@remote_compatible
-def test_nfc_wps_handover_errors(dev, apdev):
-    """WPS AP NFC handover report error cases"""
-    ssid = "test-wps-nfc-handover"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"):
-        raise Exception("Unexpected handover report success")
-    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"):
-        raise Exception("Unexpected handover report success")
-    for i in range(1, 3):
-        with alloc_fail(hapd, i,
-                        "wpabuf_alloc;hostapd_ctrl_iface_nfc_report_handover"):
-            if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001122"):
-                raise Exception("NFC_REPORT_HANDOVER RESP succeeded during OOM")
-
-def test_nfc_wps_handover(dev, apdev):
-    """Connect to WPS AP with NFC connection handover"""
-    ssid = "test-wps-nfc-handover"
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    dev[0].wait_connected(timeout=30)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
-
-def test_nfc_wps_handover_5ghz(dev, apdev):
-    """Connect to WPS AP with NFC connection handover on 5 GHz band"""
-    hapd = None
-    try:
-        ssid = "test-wps-nfc-handover"
-        params = ap_wps_params(ssid)
-        params["country_code"] = "FI"
-        params["hw_mode"] = "a"
-        params["channel"] = "36"
-        hapd = hostapd.add_ap(apdev[0], params)
-        logger.info("NFC connection handover")
-        req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-        if "FAIL" in req:
-            raise Exception("Failed to generate NFC connection handover request")
-        sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-        if "FAIL" in sel:
-            raise Exception("Failed to generate NFC connection handover select")
-        res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to to hostapd")
-        dev[0].dump_monitor()
-        res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-        dev[0].wait_connected(timeout=30)
-        hapd.wait_sta()
-        check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_nfc_wps_handover_chan14(dev, apdev):
-    """Connect to WPS AP with NFC connection handover on channel 14"""
-    hapd = None
-    try:
-        ssid = "test-wps-nfc-handover"
-        params = ap_wps_params(ssid)
-        params["country_code"] = "JP"
-        params["hw_mode"] = "b"
-        params["channel"] = "14"
-        hapd = hostapd.add_ap(apdev[0], params)
-        logger.info("NFC connection handover")
-        req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-        if "FAIL" in req:
-            raise Exception("Failed to generate NFC connection handover request")
-        sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-        if "FAIL" in sel:
-            raise Exception("Failed to generate NFC connection handover select")
-        res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to to hostapd")
-        dev[0].dump_monitor()
-        res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-        dev[0].wait_connected(timeout=30)
-        hapd.wait_sta()
-        check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_nfc_wps_handover_with_pw_token_set(dev, apdev):
-    """Connect to WPS AP with NFC connection handover (wps_nfc_* set)"""
-    ssid = "test-wps-nfc-handover2"
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    # enable a password token (which won't be used in this test case)
-    pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = hapd.request("WPS_NFC_TOKEN enable")
-    if "FAIL" in pw:
-        raise Exception("Failed to enable AP password token")
-    logger.info("NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    dev[0].wait_connected(timeout=15)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
-
-def test_nfc_wps_handover_pk_hash_mismatch_sta(dev, apdev):
-    """WPS NFC connection handover with invalid pkhash from station (negative)"""
-    ssid = "wps-nfc-handover-pkhash-sta"
-    if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"):
-        raise Exception("Could not enable wps_corrupt_pkhash")
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("Timed out")
-    if "WPS-FAIL" not in ev:
-        raise Exception("Public key hash mismatch not detected")
-
-def test_nfc_wps_handover_pk_hash_mismatch_ap(dev, apdev):
-    """WPS NFC connection handover with invalid pkhash from AP (negative)"""
-    ssid = "wps-nfc-handover-pkhash-ap"
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    if "FAIL" in hapd.request("SET wps_corrupt_pkhash 1"):
-        raise Exception("Could not enable wps_corrupt_pkhash")
-    logger.info("NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[0].dump_monitor()
-    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("Timed out")
-    if "WPS-FAIL" not in ev:
-        raise Exception("Public key hash mismatch not detected")
-
-def start_ap_er(er, ap, ssid):
-    ap_pin = "12345670"
-    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
-    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
-              "wpa_passphrase": "12345678", "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
-              "device_name": "Wireless AP", "manufacturer": "Company",
-              "model_name": "WAP", "model_number": "123",
-              "serial_number": "12345", "device_type": "6-0050F204-1",
-              "os_version": "01020300",
-              "config_methods": "label push_button",
-              "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
-    hapd = hostapd.add_ap(ap, params)
-    logger.info("Learn AP configuration")
-    er.dump_monitor()
-    try:
-        er.request("SET ignore_old_scan_res 1")
-        er.wps_reg(ap['bssid'], ap_pin)
-    finally:
-        er.request("SET ignore_old_scan_res 0")
-
-    logger.info("Start ER")
-    er.request("WPS_ER_STOP")
-    time.sleep(1)
-    er.request("WPS_ER_START ifname=lo")
-    ev = er.wait_event(["WPS-ER-AP-ADD"], timeout=15)
-    if ev is None:
-        raise Exception("AP discovery timed out")
-    if ap_uuid not in ev:
-        raise Exception("Expected AP UUID not found")
-
-    logger.info("Use learned network configuration on ER")
-    er.request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
-    return hapd
-
-@remote_compatible
-def test_nfc_wps_er_pw_token(dev, apdev):
-    """WPS NFC password token from Enrollee to ER"""
-    try:
-        _test_nfc_wps_er_pw_token(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-        dev[1].request("SET ignore_old_scan_res 0")
-
-def _test_nfc_wps_er_pw_token(dev, apdev):
-    ssid = "wps-nfc-er-pw-token"
-    hapd = start_ap_er(dev[0], apdev[0], ssid)
-    logger.info("WPS provisioning step using password token from station")
-    dev[1].request("SET ignore_old_scan_res 1")
-    pw = dev[1].request("WPS_NFC_TOKEN NDEF").rstrip()
-    if "FAIL" in pw:
-        raise Exception("Failed to generate password token")
-    res = dev[0].request("WPS_NFC_TAG_READ " + pw)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to WPS ER")
-    dev[0].dump_monitor()
-    res = dev[1].request("WPS_NFC")
-    if "FAIL" in res:
-        raise Exception("Failed to start Enrollee using NFC password token")
-    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("WPS ER did not report success")
-    dev[1].wait_connected(timeout=15)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[1], apdev[0], hapd, ssid)
-
-@remote_compatible
-def test_nfc_wps_er_config_token(dev, apdev):
-    """WPS NFC configuration token from ER to Enrollee"""
-    try:
-        _test_nfc_wps_er_config_token(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-        dev[1].request("SET ignore_old_scan_res 0")
-
-def _test_nfc_wps_er_config_token(dev, apdev):
-    ssid = "wps-nfc-er-config-token"
-    hapd = start_ap_er(dev[0], apdev[0], ssid)
-    logger.info("WPS provisioning step using configuration token from ER")
-    wps = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN WPS " + apdev[0]['bssid']).rstrip()
-    if "FAIL" in wps:
-        raise Exception("Failed to generate configuration token (WPS format)")
-    conf = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN NDEF " + apdev[0]['bssid']).rstrip()
-    if "FAIL" in conf:
-        raise Exception("Failed to generate configuration token")
-    dev[1].request("SET ignore_old_scan_res 1")
-    res = dev[1].request("WPS_NFC_TAG_READ " + conf)
-    if "FAIL" in res:
-        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-    dev[1].wait_connected(timeout=15)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[1], apdev[0], hapd, ssid)
-
-def test_nfc_wps_er_handover(dev, apdev):
-    """WPS NFC connection handover between Enrollee and ER"""
-    try:
-        _test_nfc_wps_er_handover(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-
-def _test_nfc_wps_er_handover(dev, apdev):
-    ssid = "wps-nfc-er-handover"
-    hapd = start_ap_er(dev[0], apdev[0], ssid)
-    logger.info("WPS provisioning step using connection handover")
-    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[1].dump_monitor()
-    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    dev[1].wait_connected(timeout=15)
-    hapd.wait_sta()
-    check_wpa2_connection(dev[1], apdev[0], hapd, ssid)
-
-def test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev):
-    """WPS NFC connection handover with invalid pkhash from station to ER (negative)"""
-    try:
-        _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-        dev[1].request("SET ignore_old_scan_res 0")
-
-def _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev):
-    ssid = "wps-nfc-er-handover-pkhash-sta"
-    hapd = start_ap_er(dev[0], apdev[0], ssid)
-    logger.info("WPS provisioning step using connection handover")
-    if "FAIL" in dev[1].request("SET wps_corrupt_pkhash 1"):
-        raise Exception("Could not enable wps_corrupt_pkhash")
-    dev[1].request("SET ignore_old_scan_res 1")
-    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[1].dump_monitor()
-    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("Timed out")
-    if "WPS-FAIL" not in ev:
-        raise Exception("Public key hash mismatch not detected")
-
-def test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev):
-    """WPS NFC connection handover with invalid pkhash from ER to station (negative)"""
-    try:
-        _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev)
-    finally:
-        dev[0].request("WPS_ER_STOP")
-        dev[1].request("SET ignore_old_scan_res 0")
-
-def _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev):
-    ssid = "wps-nfc-er-handover-pkhash-er"
-    hapd = start_ap_er(dev[0], apdev[0], ssid)
-    logger.info("WPS provisioning step using connection handover")
-    if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"):
-        raise Exception("Could not enable wps_corrupt_pkhash")
-    dev[1].request("SET ignore_old_scan_res 1")
-    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[1].dump_monitor()
-    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("Timed out")
-    if "WPS-FAIL" not in ev:
-        raise Exception("Public key hash mismatch not detected")
-
-@remote_compatible
-def test_nfc_invalid_ndef_record(dev, apdev):
-    """Invalid NFC NDEF record handling"""
-    tests = ["11223344",
-             "00112233",
-             "0000112233445566",
-             "0800112233445566",
-             "080011223344",
-             "18000000",
-             "18010000",
-             "90000050",
-             "9000005000",
-             "9001013344",
-             "98010101334455",
-             "0017ffffffe3",
-             "0017ffffffe4",
-             "0017ffffffe9",
-             "0000fffffffa",
-             "0017ffffffe46170706c69636174696f6e2f766e642e7766612e777363",
-             "0017ffffffff6170706c69636174696f6e2f766e642e7766612e777363",
-             "0017000000006170706c69636174696f6e2f766e642e7766612e7773ff",
-             "080000000000"]
-    for test in tests:
-        if "FAIL" not in dev[0].request("WPS_NFC_TAG_READ " + test):
-            raise Exception("Invalid tag accepted: " + test)
-
-def test_nfc_wps_handover_failure(dev, apdev):
-    """Connect to WPS AP with NFC connection handover (local failure)"""
-    ssid = "test-wps-nfc-handover"
-    params = ap_wps_params(ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-    logger.info("NFC connection handover")
-    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in req:
-        raise Exception("Failed to generate NFC connection handover request")
-    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    if "FAIL" in sel:
-        raise Exception("Failed to generate NFC connection handover select")
-    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
-    if "FAIL" in res:
-        raise Exception("Failed to report NFC connection handover to to hostapd")
-    dev[0].dump_monitor()
-
-    with alloc_fail(hapd, 1, "wpabuf_dup;wps_build_public_key"):
-        res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
-        ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
-        if ev is None:
-            raise Exception("WPS failure not reported")
diff --git a/tests/hwsim/test_oce.py b/tests/hwsim/test_oce.py
deleted file mode 100644
index 39ec5df5a7ca..000000000000
--- a/tests/hwsim/test_oce.py
+++ /dev/null
@@ -1,185 +0,0 @@
-# OCE tests
-# Copyright (c) 2016, Intel Deutschland GmbH
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-
-from hwsim_utils import set_rx_rssi, reset_rx_rssi
-import time
-import os
-from datetime import datetime
-from utils import HwsimSkip
-
-def check_set_tx_power(dev, apdev):
-    hapd = hostapd.add_ap(apdev[0], {'ssid': 'check_tx_power'})
-    set_rx_rssi(hapd, -50)
-
-    dev[0].scan(freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 2)
-
-    res = dev[0].request("SCAN_RESULTS")
-    if '-50' not in res:
-        raise HwsimSkip('set_rx_rssi not supported')
-
-    reset_rx_rssi(hapd)
-
-    dev[0].scan(freq=2412)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 2)
-
-    res = dev[0].request("SCAN_RESULTS")
-    if '-30' not in res:
-        raise HwsimSkip('set_rx_rssi not supported')
-
-def run_rssi_based_assoc_rej_timeout(dev, apdev, params):
-    rssi_retry_to = 5
-
-    ap_params = {'ssid': "test-RSSI-ar-to",
-                 'rssi_reject_assoc_rssi': '-45',
-                 'rssi_reject_assoc_timeout': str(rssi_retry_to)}
-
-    logger.info("Set APs RSSI rejection threshold to -45 dBm, retry timeout: " +
-                str(rssi_retry_to))
-    hapd = hostapd.add_ap(apdev[0], ap_params)
-
-    logger.info("Set STAs TX RSSI to -50")
-    set_rx_rssi(dev[0], -50)
-
-    logger.info("STA is trying to connect")
-    dev[0].connect("test-RSSI-ar-to", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-
-    ev = dev[0].wait_event(['CTRL-EVENT-ASSOC-REJECT'], 2)
-    if ev is None:
-        raise Exception("Association not rejected")
-    if 'status_code=34' not in ev:
-        raise Exception("STA assoc request was not rejected with status code 34: " + ev)
-    t_rej = datetime.now()
-
-    # Set the scan interval to make dev[0] look for connections
-    if 'OK' not in dev[0].request("SCAN_INTERVAL 1"):
-        raise Exception("Failed to set scan interval")
-
-    logger.info("Validate that STA did not connect or sent assoc request within retry timeout")
-    ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED', 'CTRL-EVENT-ASSOC-REJECT'],
-                           rssi_retry_to + 2)
-    t_ev = datetime.now()
-
-    if ((t_ev - t_rej).total_seconds() < rssi_retry_to):
-        raise Exception("STA sent assoc request within retry timeout")
-
-    if 'CTRL-EVENT-CONNECTED' in ev:
-        raise Exception("STA connected with low RSSI")
-
-    if not ev:
-        raise Exception("STA didn't send association request after retry timeout!")
-
-def test_rssi_based_assoc_rej_timeout(dev, apdev, params):
-    """RSSI-based association rejection: no assoc request during retry timeout"""
-    check_set_tx_power(dev, apdev)
-    try:
-        run_rssi_based_assoc_rej_timeout(dev, apdev, params)
-    finally:
-        reset_rx_rssi(dev[0])
-        dev[0].request("SCAN_INTERVAL 5")
-
-def run_rssi_based_assoc_rej_good_rssi(dev, apdev):
-    ap_params = {'ssid': "test-RSSI-ar-to",
-                 'rssi_reject_assoc_rssi': '-45',
-                 'rssi_reject_assoc_timeout': '60'}
-
-    logger.info("Set APs RSSI rejection threshold to -45 dBm")
-    hapd = hostapd.add_ap(apdev[0], ap_params)
-
-    logger.info("Set STAs TX RSSI to -45")
-    set_rx_rssi(dev[0], -45)
-
-    logger.info("STA is trying to connect")
-    dev[0].connect("test-RSSI-ar-to", key_mgmt="NONE", scan_freq="2412")
-
-def test_rssi_based_assoc_rej_good_rssi(dev, apdev):
-    """RSSI-based association rejection: STA with RSSI above the threshold connects"""
-    check_set_tx_power(dev, apdev)
-    try:
-        run_rssi_based_assoc_rej_good_rssi(dev, apdev)
-    finally:
-        reset_rx_rssi(dev[0])
-
-def run_rssi_based_assoc_rssi_change(dev, hapd):
-    logger.info("Set STAs and APs TX RSSI to -50")
-    set_rx_rssi(dev[0], -50)
-    set_rx_rssi(hapd, -50)
-
-    # Set the scan interval to make dev[0] look for connections
-    if 'OK' not in dev[0].request("SCAN_INTERVAL 1"):
-        raise Exception("Failed to set scan interval")
-
-    logger.info("STA is trying to connect")
-    dev[0].connect("test-RSSI-ar-to", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-
-    try:
-        dev[0].wait_completed(2)
-    except:
-        logger.info("STA didn't connect after 2 seconds.")
-    else:
-        raise Exception("STA connected with low RSSI")
-
-    logger.info("Set STAs and APs TX RSSI to -40dBm, validate that STA connects")
-    set_rx_rssi(dev[0], -40)
-    set_rx_rssi(hapd, -40)
-
-    dev[0].wait_completed(2)
-
-def test_rssi_based_assoc_rssi_change(dev, apdev):
-    """RSSI-based association rejection: connect after improving RSSI"""
-    check_set_tx_power(dev, apdev)
-    try:
-        ap_params = {'ssid': "test-RSSI-ar-to",
-                     'rssi_reject_assoc_rssi': '-45',
-                     'rssi_reject_assoc_timeout': '60'}
-
-        logger.info("Set APs RSSI rejection threshold to -45 dBm, retry timeout: 60")
-        hapd = hostapd.add_ap(apdev[0], ap_params)
-
-        run_rssi_based_assoc_rssi_change(dev, hapd)
-    finally:
-        reset_rx_rssi(dev[0])
-        reset_rx_rssi(hapd)
-        dev[0].request("SCAN_INTERVAL 5")
-
-def test_oce_ap(dev, apdev):
-    """OCE AP"""
-    ssid = "test-oce"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    params['ieee80211w'] = "1"
-    params['mbo'] = "1"
-    params['oce'] = "4"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, ieee80211w="1", scan_freq="2412")
-
-def test_oce_ap_open(dev, apdev):
-    """OCE AP (open)"""
-    ssid = "test-oce"
-    params = {"ssid": ssid}
-    params['mbo'] = "1"
-    params['oce'] = "4"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
-
-def test_oce_ap_open_connect_cmd(dev, apdev):
-    """OCE AP (open, connect command)"""
-    ssid = "test-oce"
-    params = {"ssid": ssid}
-    params['mbo'] = "1"
-    params['oce'] = "4"
-    hapd = hostapd.add_ap(apdev[0], params)
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect(ssid, key_mgmt="NONE", scan_freq="2412")
diff --git a/tests/hwsim/test_ocv.py b/tests/hwsim/test_ocv.py
deleted file mode 100644
index e93cea6ffa18..000000000000
--- a/tests/hwsim/test_ocv.py
+++ /dev/null
@@ -1,1247 +0,0 @@
-# WPA2-Personal OCV tests
-# Copyright (c) 2018, Mathy Vanhoef
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details
-
-from remotehost import remote_compatible
-import binascii, struct
-import logging, time
-logger = logging.getLogger()
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-import hwsim_utils
-from utils import *
-from test_erp import start_erp_as
-from test_ap_ft import ft_params1, ft_params2
-from test_ap_psk import parse_eapol, build_eapol, pmk_to_ptk, eapol_key_mic, recv_eapol, send_eapol, reply_eapol, build_eapol_key_3_4, aes_wrap, pad_key_data
-
-#TODO: Refuse setting up AP with OCV but without MFP support
-#TODO: Refuse to connect to AP that advertises OCV but not MFP
-
-def make_ocikde(op_class, channel, seg1_idx):
-    WLAN_EID_VENDOR_SPECIFIC = 221
-    RSN_KEY_DATA_OCI = b"\x00\x0f\xac\x0d"
-
-    data = RSN_KEY_DATA_OCI + struct.pack("<BBB", op_class, channel, seg1_idx)
-    ocikde = struct.pack("<BB", WLAN_EID_VENDOR_SPECIFIC, len(data)) + data
-
-    return ocikde
-
-def ocv_setup_ap(apdev, params):
-    ssid = "test-wpa2-ocv"
-    passphrase = "qwertyuiop"
-    params.update(hostapd.wpa2_params(ssid=ssid, passphrase=passphrase))
-    try:
-        hapd = hostapd.add_ap(apdev, params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    return hapd, ssid, passphrase
-
-def build_eapol_key_1_2(kck, key_data, replay_counter=3, key_info=0x1382,
-                        extra_len=0, descr_type=2, key_len=16):
-    msg = {}
-    msg['version'] = 2
-    msg['type'] = 3
-    msg['length'] = 95 + len(key_data) + extra_len
-
-    msg['descr_type'] = descr_type
-    msg['rsn_key_info'] = key_info
-    msg['rsn_key_len'] = key_len
-    msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
-    msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
-    msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
-    msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
-    msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
-    msg['rsn_key_data_len'] = len(key_data)
-    msg['rsn_key_data'] = key_data
-    eapol_key_mic(kck, msg)
-    return msg
-
-def build_eapol_key_2_2(kck, key_data, replay_counter=3, key_info=0x0302,
-                        extra_len=0, descr_type=2, key_len=16):
-    return build_eapol_key_1_2(kck, key_data, replay_counter, key_info,
-                               extra_len, descr_type, key_len)
-
-@remote_compatible
-def test_wpa2_ocv(dev, apdev):
-    """OCV on 2.4 GHz"""
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    for ocv in range(2):
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv=str(ocv),
-                       ieee80211w="1")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-@remote_compatible
-def test_wpa2_ocv_5ghz(dev, apdev):
-    """OCV on 5 GHz"""
-    try:
-        run_wpa2_ocv_5ghz(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-
-def run_wpa2_ocv_5ghz(dev, apdev):
-    params = {"hw_mode": "a",
-              "channel": "40",
-              "ieee80211w": "2",
-              "country_code": "US",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    for ocv in range(2):
-        dev[0].connect(ssid, psk=passphrase, scan_freq="5200", ocv=str(ocv),
-                       ieee80211w="1")
-        dev[0].wait_regdom(country_ie=True)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-@remote_compatible
-def test_wpa2_ocv_ht20(dev, apdev):
-    """OCV with HT20 channel"""
-    params = {"channel": "6",
-              "ieee80211n": "1",
-              "ieee80211w": "1",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    for ocv in range(2):
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2437", ocv=str(ocv),
-                       ieee80211w="1", disable_ht="1")
-        dev[1].connect(ssid, psk=passphrase, scan_freq="2437", ocv=str(ocv),
-                       ieee80211w="1")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[1].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[1].wait_disconnected()
-
-@remote_compatible
-def test_wpa2_ocv_ht40(dev, apdev):
-    """OCV with HT40 channel"""
-    try:
-        run_wpa2_ocv_ht40(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def run_wpa2_ocv_ht40(dev, apdev):
-    for channel, capab, freq, mode in [("6", "[HT40-]", "2437", "g"),
-                                       ("6", "[HT40+]", "2437", "g"),
-                                       ("40", "[HT40-]", "5200", "a"),
-                                       ("36", "[HT40+]", "5180", "a")]:
-        params = {"hw_mode": mode,
-                  "channel": channel,
-                  "country_code": "US",
-                  "ieee80211n": "1",
-                  "ht_capab": capab,
-                  "ieee80211w": "1",
-                  "ocv": "1"}
-        hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        for ocv in range(2):
-            dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_ht="1")
-            dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1")
-            dev[0].wait_regdom(country_ie=True)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[1].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[1].wait_disconnected()
-        hapd.disable()
-
-@remote_compatible
-def test_wpa2_ocv_vht40(dev, apdev):
-    """OCV with VHT40 channel"""
-    try:
-        run_wpa2_ocv_vht40(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-
-def run_wpa2_ocv_vht40(dev, apdev):
-    for channel, capab, freq in [("40", "[HT40-]", "5200"),
-                                 ("36", "[HT40+]", "5180")]:
-        params = {"hw_mode": "a",
-                  "channel": channel,
-                  "country_code": "US",
-                  "ht_capab": capab,
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "38",
-                  "ieee80211w": "1",
-                  "ocv": "1"}
-        hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-        for ocv in range(2):
-            dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_ht="1")
-            dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_vht="1")
-            dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1")
-            dev[0].wait_regdom(country_ie=True)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[1].request("REMOVE_NETWORK all")
-            dev[2].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[1].wait_disconnected()
-            dev[2].wait_disconnected()
-        hapd.disable()
-
-@remote_compatible
-def test_wpa2_ocv_vht80(dev, apdev):
-    """OCV with VHT80 channel"""
-    try:
-        run_wpa2_ocv_vht80(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-
-def run_wpa2_ocv_vht80(dev, apdev):
-    for channel, capab, freq in [("40", "[HT40-]", "5200"),
-                                 ("36", "[HT40+]", "5180")]:
-        params = {"hw_mode": "a",
-                  "channel": channel,
-                  "country_code": "US",
-                  "ht_capab": capab,
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "ieee80211w": "1",
-                  "ocv": "1"}
-        hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-        for ocv in range(2):
-            dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_ht="1")
-            dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_vht="1")
-            dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1")
-            dev[0].wait_regdom(country_ie=True)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[1].request("REMOVE_NETWORK all")
-            dev[2].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[1].wait_disconnected()
-            dev[2].wait_disconnected()
-        hapd.disable()
-
-@remote_compatible
-def test_wpa2_ocv_vht160(dev, apdev):
-    """OCV with VHT160 channel"""
-    try:
-        run_wpa2_ocv_vht160(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-
-def run_wpa2_ocv_vht160(dev, apdev):
-    for channel, capab, freq in [("100", "[HT40+]", "5500"),
-                                 ("104", "[HT40-]", "5520")]:
-        params = {"hw_mode": "a",
-                  "channel": channel,
-                  "country_code": "ZA",
-                  "ht_capab": capab,
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  "ieee80211w": "1",
-                  "ocv": "1"}
-        hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-        for ocv in range(2):
-            dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_ht="1")
-            dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_vht="1")
-            dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1")
-            dev[0].wait_regdom(country_ie=True)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[1].request("REMOVE_NETWORK all")
-            dev[2].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[1].wait_disconnected()
-            dev[2].wait_disconnected()
-        hapd.disable()
-
-@remote_compatible
-def test_wpa2_ocv_vht80plus80(dev, apdev):
-    """OCV with VHT80+80 channel"""
-    try:
-        run_wpa2_ocv_vht80plus80(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-
-def run_wpa2_ocv_vht80plus80(dev, apdev):
-    for channel, capab, freq in [("36", "[HT40+]", "5180"),
-                                 ("40", "[HT40-]", "5200")]:
-        params = {"hw_mode": "a",
-                  "channel": channel,
-                  "country_code": "US",
-                  "ht_capab": capab,
-                  "vht_capab": "[VHT160-80PLUS80]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "3",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "vht_oper_centr_freq_seg1_idx": "155",
-                  "ieee80211w": "1",
-                  "ieee80211d": "1",
-                  "ieee80211h": "1",
-                  "ocv": "1"}
-        hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-        for ocv in range(2):
-            dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_ht="1")
-            dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1", disable_vht="1")
-            dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1")
-            dev[0].wait_regdom(country_ie=True)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[1].request("REMOVE_NETWORK all")
-            dev[2].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[1].wait_disconnected()
-            dev[2].wait_disconnected()
-        for i in range(3):
-            dev[i].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv),
-                           ieee80211w="1")
-            if i == 0:
-                dev[i].wait_regdom(country_ie=True)
-        hapd.disable()
-        for i in range(3):
-            dev[i].request("DISCONNECT")
-        for i in range(3):
-            dev[i].disconnect_and_stop_scan()
-
-class APConnection:
-    def init_params(self):
-        # Static parameters
-        self.ssid = "test-wpa2-ocv"
-        self.passphrase = "qwertyuiop"
-        self.psk = "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7"
-
-        # Dynamic parameters
-        self.hapd = None
-        self.addr = None
-        self.rsne = None
-        self.kck = None
-        self.kek = None
-        self.msg = None
-        self.bssid = None
-        self.anonce = None
-        self.snonce = None
-
-    def __init__(self, apdev, dev, params):
-        self.init_params()
-
-        # By default, OCV is enabled for both the client and AP. The following
-        # parameters can be used to disable OCV for the client or AP.
-        ap_ocv = params.pop("ap_ocv", "1")
-        sta_ocv = params.pop("sta_ocv", "1")
-
-        freq = params.pop("freq")
-        params.update(hostapd.wpa2_params(ssid=self.ssid,
-                                          passphrase=self.passphrase))
-        params["wpa_pairwise_update_count"] = "10"
-        params["ocv"] = ap_ocv
-        try:
-            self.hapd = hostapd.add_ap(apdev, params)
-        except Exception as e:
-            if "Failed to set hostapd parameter ocv" in str(e):
-                raise HwsimSkip("OCV not supported")
-            raise
-        self.hapd.request("SET ext_eapol_frame_io 1")
-        dev.request("SET ext_eapol_frame_io 1")
-
-        self.bssid = apdev['bssid']
-        pmk = binascii.unhexlify("c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7")
-
-        if sta_ocv != "0":
-            self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac0280400000000fac06")
-        else:
-            self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac0280000000000fac06")
-        self.snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
-
-        dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq, ocv=sta_ocv,
-                    ieee80211w="1", wait_connect=False)
-        if "country_code" in params:
-            dev.wait_regdom(country_ie=True)
-        self.addr = dev.p2p_interface_addr()
-
-        # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
-        self.msg = recv_eapol(self.hapd)
-        self.anonce = self.msg['rsn_key_nonce']
-        (ptk, self.kck, self.kek) = pmk_to_ptk(pmk, self.addr, self.bssid,
-                                               self.snonce, self.anonce)
-
-    # hapd, addr, rsne, kck, msg, anonce, snonce
-    def test_bad_oci(self, logmsg, op_class, channel, seg1_idx):
-        logger.debug("Bad OCI element: " + logmsg)
-        if op_class is None:
-            ocikde = b''
-        else:
-            ocikde = make_ocikde(op_class, channel, seg1_idx)
-
-        reply_eapol("2/4", self.hapd, self.addr, self.msg, 0x010a, self.snonce,
-                    self.rsne + ocikde, self.kck)
-        self.msg = recv_eapol(self.hapd)
-        if self.anonce != self.msg['rsn_key_nonce'] or self.msg["rsn_key_info"] != 138:
-            raise Exception("Didn't receive retransmitted 1/4")
-
-    def confirm_valid_oci(self, op_class, channel, seg1_idx):
-        logger.debug("Valid OCI element to complete handshake")
-        ocikde = make_ocikde(op_class, channel, seg1_idx)
-
-        reply_eapol("2/4", self.hapd, self.addr, self.msg, 0x010a, self.snonce,
-                    self.rsne + ocikde, self.kck)
-        self.msg = recv_eapol(self.hapd)
-        if self.anonce != self.msg['rsn_key_nonce'] or self.msg["rsn_key_info"] != 5066:
-            raise Exception("Didn't receive 3/4 in response to valid 2/4")
-
-        reply_eapol("4/4", self.hapd, self.addr, self.msg, 0x030a, None, None,
-                    self.kck)
-        self.hapd.wait_sta(timeout=15)
-
-@remote_compatible
-def test_wpa2_ocv_ap_mismatch(dev, apdev):
-    """OCV AP mismatch"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "freq": "2412"}
-    conn = APConnection(apdev[0], dev[0], params)
-    conn.test_bad_oci("element missing", None, 0, 0)
-    conn.test_bad_oci("wrong channel number", 81, 6, 0)
-    conn.test_bad_oci("invalid channel number", 81, 0, 0)
-    conn.test_bad_oci("wrong operating class", 80, 0, 0)
-    conn.test_bad_oci("invalid operating class", 0, 0, 0)
-    conn.confirm_valid_oci(81, 1, 0)
-
-@remote_compatible
-def test_wpa2_ocv_ap_ht_mismatch(dev, apdev):
-    """OCV AP mismatch (HT)"""
-    params = {"channel": "6",
-              "ht_capab": "[HT40-]",
-              "ieee80211w": "1",
-              "freq": "2437"}
-    conn = APConnection(apdev[0], dev[0], params)
-    conn.test_bad_oci("wrong primary channel", 84, 5, 0)
-    conn.test_bad_oci("lower bandwidth than negotiated", 81, 6, 0)
-    conn.test_bad_oci("bad upper/lower channel", 83, 6, 0)
-    conn.confirm_valid_oci(84, 6, 0)
-
-@remote_compatible
-def test_wpa2_ocv_ap_vht80_mismatch(dev, apdev):
-    """OCV AP mismatch (VHT80)"""
-    try:
-        run_wpa2_ocv_ap_vht80_mismatch(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].flush_scan_cache()
-
-def run_wpa2_ocv_ap_vht80_mismatch(dev, apdev):
-    params = {"hw_mode": "a",
-              "channel": "36",
-              "country_code": "US",
-              "ht_capab": "[HT40+]",
-              "ieee80211w": "1",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_oper_chwidth": "1",
-              "freq": "5180",
-              "vht_oper_centr_freq_seg0_idx": "42"}
-    conn = APConnection(apdev[0], dev[0], params)
-    conn.test_bad_oci("wrong primary channel", 128, 38, 0)
-    conn.test_bad_oci("wrong primary channel", 128, 32, 0)
-    conn.test_bad_oci("smaller bandwidth than negotiated", 116, 36, 0)
-    conn.test_bad_oci("smaller bandwidth than negotiated", 115, 36, 0)
-    conn.confirm_valid_oci(128, 36, 0)
-
-    dev[0].dump_monitor()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-@remote_compatible
-def test_wpa2_ocv_ap_vht160_mismatch(dev, apdev):
-    """OCV AP mismatch (VHT160)"""
-    try:
-        run_wpa2_ocv_ap_vht160_mismatch(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def run_wpa2_ocv_ap_vht160_mismatch(dev, apdev):
-    params = {"hw_mode": "a",
-              "channel": "100",
-              "country_code": "ZA",
-              "ht_capab": "[HT40+]",
-              "ieee80211w": "1",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_oper_chwidth": "2",
-              "freq": "5500",
-              "vht_oper_centr_freq_seg0_idx": "114",
-              "ieee80211d": "1",
-              "ieee80211h": "1"}
-    conn = APConnection(apdev[0], dev[0], params)
-    conn.test_bad_oci("wrong primary channel", 129, 36, 0)
-    conn.test_bad_oci("wrong primary channel", 129, 114, 0)
-    conn.test_bad_oci("smaller bandwidth (20 Mhz) than negotiated", 121, 100, 0)
-    conn.test_bad_oci("smaller bandwidth (40 Mhz) than negotiated", 122, 100, 0)
-    conn.test_bad_oci("smaller bandwidth (80 Mhz) than negotiated", 128, 100, 0)
-    conn.test_bad_oci("using 80+80 channel instead of 160", 130, 100, 155)
-    conn.confirm_valid_oci(129, 100, 0)
-
-    dev[0].dump_monitor()
-    if conn.hapd:
-        conn.hapd.request("DISABLE")
-    dev[0].disconnect_and_stop_scan()
-
-@remote_compatible
-def test_wpa2_ocv_ap_vht80plus80_mismatch(dev, apdev):
-    """OCV AP mismatch (VHT80+80)"""
-    try:
-        run_wpa2_ocv_ap_vht80plus80_mismatch(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def run_wpa2_ocv_ap_vht80plus80_mismatch(dev, apdev):
-    params = {"hw_mode": "a",
-              "channel": "36",
-              "country_code": "US",
-              "ht_capab": "[HT40+]",
-              "ieee80211w": "1",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_oper_chwidth": "3",
-              "freq": "5180",
-              "vht_oper_centr_freq_seg0_idx": "42",
-              "ieee80211d": "1",
-              "vht_oper_centr_freq_seg1_idx": "155",
-              "ieee80211h": "1"}
-    conn = APConnection(apdev[0], dev[0], params)
-    conn.test_bad_oci("using 80 MHz operating class", 128, 36, 155)
-    conn.test_bad_oci("wrong frequency segment 1", 130, 36, 138)
-    conn.confirm_valid_oci(130, 36, 155)
-
-    dev[0].dump_monitor()
-    if conn.hapd:
-        conn.hapd.request("DISABLE")
-    dev[0].disconnect_and_stop_scan()
-
-@remote_compatible
-def test_wpa2_ocv_ap_unexpected1(dev, apdev):
-    """OCV and unexpected OCI KDE from station"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ap_ocv": "0",
-              "sta_ocv": "1",
-              "freq": "2412"}
-    conn = APConnection(apdev[0], dev[0], params)
-    logger.debug("Client will send OCI KDE even if it was not negotiated")
-    conn.confirm_valid_oci(81, 1, 0)
-
-@remote_compatible
-def test_wpa2_ocv_ap_unexpected2(dev, apdev):
-    """OCV and unexpected OCI KDE from station"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ap_ocv": "1",
-              "sta_ocv": "0",
-              "freq": "2412"}
-    conn = APConnection(apdev[0], dev[0], params)
-    logger.debug("Client will send OCI KDE even if it was not negotiated")
-    conn.confirm_valid_oci(81, 1, 0)
-
-@remote_compatible
-def test_wpa2_ocv_ap_retransmit_msg3(dev, apdev):
-    """Verify that manually retransmitted msg 3/4 contain a correct OCI"""
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-ocv"
-    passphrase = "qwertyuiop"
-    psk = "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7"
-    params = hostapd.wpa2_params(ssid=ssid)
-    params["wpa_psk"] = psk
-    params["ieee80211w"] = "1"
-    params["ocv"] = "1"
-    params['wpa_disable_eapol_key_retries'] = "1"
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    hapd.request("SET ext_eapol_frame_io 1")
-    dev[0].request("SET ext_eapol_frame_io 1")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False,
-                   ocv="1", ieee80211w="1")
-    addr = dev[0].own_addr()
-
-    # EAPOL-Key msg 1/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to wpa_supplicant failed")
-
-    # EAPOL-Key msg 2/4
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
-    res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
-    if "OK" not in res:
-        raise Exception("EAPOL_RX to hostapd failed")
-
-    # EAPOL-Key msg 3/4
-    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAPOL-TX from hostapd")
-    logger.info("Drop the first EAPOL-Key msg 3/4")
-
-    # Use normal EAPOL TX/RX to handle retries.
-    hapd.request("SET ext_eapol_frame_io 0")
-    dev[0].request("SET ext_eapol_frame_io 0")
-
-    # Manually retransmit EAPOL-Key msg 3/4
-    if "OK" not in hapd.request("RESEND_M3 " + addr):
-        raise Exception("RESEND_M3 failed")
-
-    dev[0].wait_connected()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_wpa2_ocv_ap_group_hs(dev, apdev):
-    """OCV group handshake (AP)"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "freq": "2412",
-              "wpa_strict_rekey": "1"}
-    conn = APConnection(apdev[0], dev[0], params)
-    conn.confirm_valid_oci(81, 1, 0)
-
-    conn.hapd.request("SET ext_eapol_frame_io 0")
-    dev[1].connect(conn.ssid, psk=conn.passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="1")
-    conn.hapd.wait_sta()
-    conn.hapd.request("SET ext_eapol_frame_io 1")
-
-    # Trigger a group key handshake
-    dev[1].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    # Wait for EAPOL-Key msg 1/2
-    conn.msg = recv_eapol(conn.hapd)
-    if conn.msg["rsn_key_info"] != 4994:
-        raise Exception("Didn't receive 1/2 of group key handshake")
-
-    # Send a EAPOL-Key msg 2/2 with a bad OCI
-    logger.info("Bad OCI element")
-    ocikde = make_ocikde(1, 1, 1)
-    msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=3)
-    conn.hapd.dump_monitor()
-    send_eapol(conn.hapd, conn.addr, build_eapol(msg))
-
-    # Wait for retransmitted EAPOL-Key msg 1/2
-    conn.msg = recv_eapol(conn.hapd)
-    if conn.msg["rsn_key_info"] != 4994:
-        raise Exception("Didn't receive 1/2 of group key handshake")
-
-    # Send a EAPOL-Key msg 2/2 with a good OCI
-    logger.info("Good OCI element")
-    ocikde = make_ocikde(81, 1, 0)
-    msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=4)
-    conn.hapd.dump_monitor()
-    send_eapol(conn.hapd, conn.addr, build_eapol(msg))
-
-    # Verify that group key handshake has completed
-    ev = conn.hapd.wait_event(["EAPOL-TX"], timeout=1)
-    if ev is not None:
-        eapol = binascii.unhexlify(ev.split(' ')[2])
-        msg = parse_eapol(eapol)
-        if msg["rsn_key_info"] == 4994:
-            raise Exception("AP didn't accept 2/2 of group key handshake")
-
-class STAConnection:
-    def init_params(self):
-        # Static parameters
-        self.ssid = "test-wpa2-ocv"
-        self.passphrase = "qwertyuiop"
-        self.psk = "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7"
-
-        # Dynamic parameters
-        self.hapd = None
-        self.dev = None
-        self.addr = None
-        self.rsne = None
-        self.kck = None
-        self.kek = None
-        self.msg = None
-        self.bssid = None
-        self.anonce = None
-        self.snonce = None
-        self.gtkie = None
-        self.counter = None
-
-    def __init__(self, apdev, dev, params, sta_params=None):
-        self.init_params()
-        self.dev = dev
-        self.bssid = apdev['bssid']
-
-        freq = params.pop("freq")
-        if sta_params is None:
-            sta_params = dict()
-        if "ocv" not in sta_params:
-            sta_params["ocv"] = "1"
-        if "ieee80211w" not in sta_params:
-            sta_params["ieee80211w"] = "1"
-
-        params.update(hostapd.wpa2_params(ssid=self.ssid,
-                                          passphrase=self.passphrase))
-        params['wpa_pairwise_update_count'] = "10"
-
-        try:
-            self.hapd = hostapd.add_ap(apdev, params)
-        except Exception as e:
-            if "Failed to set hostapd parameter ocv" in str(e):
-                raise HwsimSkip("OCV not supported")
-            raise
-        self.hapd.request("SET ext_eapol_frame_io 1")
-        self.dev.request("SET ext_eapol_frame_io 1")
-        pmk = binascii.unhexlify("c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7")
-
-        self.gtkie = binascii.unhexlify("dd16000fac010100dc11188831bf4aa4a8678d2b41498618")
-        if sta_params["ocv"] != "0":
-            self.rsne = binascii.unhexlify("30140100000fac040100000fac040100000fac028c40")
-        else:
-            self.rsne = binascii.unhexlify("30140100000fac040100000fac040100000fac028c00")
-
-        self.dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq,
-                         wait_connect=False, **sta_params)
-        if "country_code" in params:
-            self.dev.wait_regdom(country_ie=True)
-        self.addr = dev.p2p_interface_addr()
-
-        # Forward msg 1/4 from AP to STA
-        self.msg = recv_eapol(self.hapd)
-        self.anonce = self.msg['rsn_key_nonce']
-        send_eapol(self.dev, self.bssid, build_eapol(self.msg))
-
-        # Capture msg 2/4 from the STA so we can derive the session keys
-        self.msg = recv_eapol(dev)
-        self.snonce = self.msg['rsn_key_nonce']
-        (ptk, self.kck, self.kek) = pmk_to_ptk(pmk, self.addr, self.bssid,
-                                               self.snonce, self.anonce)
-
-        self.counter = struct.unpack('>Q',
-                                     self.msg['rsn_replay_counter'])[0] + 1
-
-    def test_bad_oci(self, logmsg, op_class, channel, seg1_idx, errmsg):
-        logger.info("Bad OCI element: " + logmsg)
-        if op_class is None:
-            ocikde = b''
-        else:
-            ocikde = make_ocikde(op_class, channel, seg1_idx)
-
-        plain = self.rsne + self.gtkie + ocikde
-        wrapped = aes_wrap(self.kek, pad_key_data(plain))
-        msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped,
-                                  replay_counter=self.counter)
-
-        self.dev.dump_monitor()
-        send_eapol(self.dev, self.bssid, build_eapol(msg))
-        self.counter += 1
-
-        ev = self.dev.wait_event([errmsg], timeout=5)
-        if ev is None:
-            raise Exception("Bad OCI not reported")
-
-    def confirm_valid_oci(self, op_class, channel, seg1_idx):
-        logger.debug("Valid OCI element to complete handshake")
-        ocikde = make_ocikde(op_class, channel, seg1_idx)
-
-        plain = self.rsne + self.gtkie + ocikde
-        wrapped = aes_wrap(self.kek, pad_key_data(plain))
-        msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped,
-                                  replay_counter=self.counter)
-
-        self.dev.dump_monitor()
-        send_eapol(self.dev, self.bssid, build_eapol(msg))
-        self.counter += 1
-
-        self.dev.wait_connected(timeout=1)
-
-@remote_compatible
-def test_wpa2_ocv_mismatch_client(dev, apdev):
-    """OCV client mismatch"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ocv": "1",
-              "freq": "2412"}
-    conn = STAConnection(apdev[0], dev[0], params)
-    conn.test_bad_oci("element missing", None, 0, 0,
-                      "did not receive mandatory OCI")
-    conn.test_bad_oci("wrong channel number", 81, 6, 0,
-                      "primary channel mismatch")
-    conn.test_bad_oci("invalid channel number", 81, 0, 0,
-                      "unable to interpret received OCI")
-    conn.test_bad_oci("wrong operating class", 80, 0, 0,
-                      "unable to interpret received OCI")
-    conn.test_bad_oci("invalid operating class", 0, 0, 0,
-                      "unable to interpret received OCI")
-    conn.confirm_valid_oci(81, 1, 0)
-
-@remote_compatible
-def test_wpa2_ocv_vht160_mismatch_client(dev, apdev):
-    """OCV client mismatch (VHT160)"""
-    try:
-        run_wpa2_ocv_vht160_mismatch_client(dev, apdev)
-    finally:
-        set_world_reg(apdev[0], apdev[1], dev[0])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def run_wpa2_ocv_vht160_mismatch_client(dev, apdev):
-    params = {"hw_mode": "a",
-              "channel": "100",
-              "country_code": "ZA",
-              "ht_capab": "[HT40+]",
-              "ieee80211w": "1",
-              "ieee80211n": "1",
-              "ieee80211ac": "1",
-              "vht_oper_chwidth": "2",
-              "ocv": "1",
-              "vht_oper_centr_freq_seg0_idx": "114",
-              "freq": "5500",
-              "ieee80211d": "1",
-              "ieee80211h": "1"}
-    sta_params = {"disable_vht": "1"}
-    conn = STAConnection(apdev[0], dev[0], params, sta_params)
-    conn.test_bad_oci("smaller bandwidth (20 Mhz) than negotiated",
-                      121, 100, 0, "channel bandwidth mismatch")
-    conn.test_bad_oci("wrong frequency, bandwith, and secondary channel",
-                      123, 104, 0, "primary channel mismatch")
-    conn.test_bad_oci("wrong upper/lower behaviour",
-                      129, 104, 0, "primary channel mismatch")
-    conn.confirm_valid_oci(122, 100, 0)
-
-    dev[0].dump_monitor()
-    if conn.hapd:
-        conn.hapd.request("DISABLE")
-    dev[0].disconnect_and_stop_scan()
-
-def test_wpa2_ocv_sta_group_hs(dev, apdev):
-    """OCV group handshake (STA)"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ocv": "1",
-              "freq": "2412",
-              "wpa_strict_rekey": "1"}
-    conn = STAConnection(apdev[0], dev[0], params.copy())
-    conn.confirm_valid_oci(81, 1, 0)
-
-    # Send a EAPOL-Key msg 1/2 with a bad OCI
-    logger.info("Bad OCI element")
-    plain = conn.gtkie + make_ocikde(1, 1, 1)
-    wrapped = aes_wrap(conn.kek, pad_key_data(plain))
-    msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=3)
-    send_eapol(dev[0], conn.bssid, build_eapol(msg))
-
-    # We shouldn't get a EAPOL-Key message back
-    ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
-    if ev is not None:
-        raise Exception("Received response to invalid EAPOL-Key 1/2")
-
-    # Reset AP to try with valid OCI
-    conn.hapd.disable()
-    conn = STAConnection(apdev[0], dev[0], params.copy())
-    conn.confirm_valid_oci(81, 1, 0)
-
-    # Send a EAPOL-Key msg 1/2 with a good OCI
-    logger.info("Good OCI element")
-    plain = conn.gtkie + make_ocikde(81, 1, 0)
-    wrapped = aes_wrap(conn.kek, pad_key_data(plain))
-    msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=4)
-    send_eapol(dev[0], conn.bssid, build_eapol(msg))
-
-    # Wait for EAPOL-Key msg 2/2
-    conn.msg = recv_eapol(dev[0])
-    if conn.msg["rsn_key_info"] != 0x0302:
-        raise Exception("Didn't receive 2/2 of group key handshake")
-
-def test_wpa2_ocv_auto_enable_pmf(dev, apdev):
-    """OCV on 2.4 GHz with PMF getting enabled automatically"""
-    params = {"channel": "1",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    for ocv in range(2):
-        dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv=str(ocv),
-                       ieee80211w="2")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_wpa2_ocv_sta_override_eapol(dev, apdev):
-    """OCV on 2.4 GHz and STA override EAPOL-Key msg 2/4"""
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    dev[0].set("oci_freq_override_eapol", "2462")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=15)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("No connection result reported")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if "reason=15" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-    check_ocv_failure(hapd, "EAPOL-Key msg 2/4", "eapol-key-m2",
-                      dev[0].own_addr())
-
-def test_wpa2_ocv_sta_override_sa_query_req(dev, apdev):
-    """OCV on 2.4 GHz and STA override SA Query Request"""
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2")
-    hapd.wait_sta()
-    dev[0].set("oci_freq_override_saquery_req", "2462")
-    if "OK" not in dev[0].request("UNPROT_DEAUTH"):
-        raise Exception("Triggering SA Query from the STA failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
-    if ev is None:
-        raise Exception("Disconnection after failed SA Query not reported")
-    dev[0].set("oci_freq_override_saquery_req", "0")
-    dev[0].wait_connected()
-    if "OK" not in dev[0].request("UNPROT_DEAUTH"):
-        raise Exception("Triggering SA Query from the STA failed")
-    check_ocv_failure(hapd, "SA Query Request", "saqueryreq",
-                      dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
-    if ev is not None:
-        raise Exception("SA Query from the STA failed")
-
-def test_wpa2_ocv_sta_override_sa_query_resp(dev, apdev):
-    """OCV on 2.4 GHz and STA override SA Query Response"""
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2")
-    dev[0].set("oci_freq_override_saquery_resp", "2462")
-    hapd.wait_sta()
-    if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
-        raise Exception("SA_QUERY failed")
-    check_ocv_failure(hapd, "SA Query Response", "saqueryresp",
-                      dev[0].own_addr())
-
-def check_ocv_failure(dev, frame_txt, frame, addr):
-    ev = dev.wait_event(["OCV-FAILURE"], timeout=3)
-    if ev is None:
-        raise Exception("OCV failure for %s not reported" % frame_txt)
-    if "addr=" + addr not in ev:
-        raise Exception("Unexpected OCV failure addr: " + ev)
-    if "frame=" + frame not in ev:
-        raise Exception("Unexpected OCV failure frame: " + ev)
-    if "error=primary channel mismatch" not in ev:
-        raise Exception("Unexpected OCV failure error: " + ev)
-
-def test_wpa2_ocv_ap_override_eapol_m3(dev, apdev):
-    """OCV on 2.4 GHz and AP override EAPOL-Key msg 3/4"""
-    run_wpa2_ocv_ap_override_eapol_m3(dev, apdev)
-
-def test_wpa2_ocv_ap_override_eapol_m3_post_enable(dev, apdev):
-    """OCV on 2.4 GHz and AP override EAPOL-Key msg 3/4 (post enable)"""
-    run_wpa2_ocv_ap_override_eapol_m3(dev, apdev, True)
-
-def run_wpa2_ocv_ap_override_eapol_m3(dev, apdev, post_enable=False):
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1"}
-    if not post_enable:
-        params["oci_freq_override_eapol_m3"] = "2462"
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    if post_enable:
-        hapd.set("oci_freq_override_eapol_m3", "2462")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2", wait_connect=False)
-
-    check_ocv_failure(dev[0], "EAPOL-Key msg 3/4", "eapol-key-m3", bssid)
-
-    ev = dev[0].wait_disconnected()
-    if "reason=15" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_wpa2_ocv_ap_override_eapol_g1(dev, apdev):
-    """OCV on 2.4 GHz and AP override EAPOL-Key group msg 1/2"""
-    run_wpa2_ocv_ap_override_eapol_g1(dev, apdev)
-
-def test_wpa2_ocv_ap_override_eapol_g1_post_enable(dev, apdev):
-    """OCV on 2.4 GHz and AP override EAPOL-Key group msg 1/2 (post enable)"""
-    run_wpa2_ocv_ap_override_eapol_g1(dev, apdev, True)
-
-def run_wpa2_ocv_ap_override_eapol_g1(dev, apdev, post_enable=False):
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1"}
-    if not post_enable:
-        params["oci_freq_override_eapol_g1"] = "2462"
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2")
-
-    if post_enable:
-        hapd.set("oci_freq_override_eapol_g1", "2462")
-    if "OK" not in hapd.request("REKEY_GTK"):
-        raise Exception("REKEY_GTK failed")
-    check_ocv_failure(dev[0], "EAPOL-Key group msg 1/2", "eapol-key-g1", bssid)
-
-def test_wpa2_ocv_ap_override_saquery_req(dev, apdev):
-    """OCV on 2.4 GHz and AP override SA Query Request"""
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1",
-              "oci_freq_override_saquery_req": "2462"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2")
-
-    if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
-        raise Exception("SA_QUERY failed")
-    check_ocv_failure(dev[0], "SA Query Request", "saqueryreq", bssid)
-
-def test_wpa2_ocv_ap_override_saquery_resp(dev, apdev):
-    """OCV on 2.4 GHz and AP override SA Query Response"""
-    params = {"channel": "1",
-              "ieee80211w": "2",
-              "ocv": "1",
-              "oci_freq_override_saquery_resp": "2462"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="1",
-                   ieee80211w="2")
-
-    if "OK" not in dev[0].request("UNPROT_DEAUTH"):
-        raise Exception("Triggering SA Query from the STA failed")
-    check_ocv_failure(dev[0], "SA Query Response", "saqueryresp", bssid)
-
-def test_wpa2_ocv_ap_override_fils_assoc(dev, apdev, params):
-    """OCV on 2.4 GHz and AP override FILS association"""
-    run_wpa2_ocv_ap_override_fils_assoc(dev, apdev, params)
-
-def test_wpa2_ocv_ap_override_fils_assoc_post_enable(dev, apdev, params):
-    """OCV on 2.4 GHz and AP override FILS association (post enable)"""
-    run_wpa2_ocv_ap_override_fils_assoc(dev, apdev, params, True)
-
-def run_wpa2_ocv_ap_override_fils_assoc(dev, apdev, params, post_enable=False):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    ssid = "test-wpa2-ocv"
-    params = hostapd.wpa2_eap_params(ssid=ssid)
-    params['wpa_key_mgmt'] = "FILS-SHA256"
-    params['auth_server_port'] = "18128"
-    params['erp_send_reauth_start'] = '1'
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['wpa_group_rekey'] = '1'
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    if not post_enable:
-        params["oci_freq_override_fils_assoc"] = "2462"
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    bssid = hapd.own_addr()
-    if post_enable:
-        hapd.set("oci_freq_override_fils_assoc", "2462")
-    dev[0].request("ERP_FLUSH")
-    id = dev[0].connect(ssid, key_mgmt="FILS-SHA256",
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412", ocv="1", ieee80211w="2")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].dump_monitor()
-    dev[0].select_network(id, freq=2412)
-
-    check_ocv_failure(dev[0], "FILS Association Response", "fils-assoc", bssid)
-    dev[0].request("DISCONNECT")
-
-def test_wpa2_ocv_ap_override_ft_assoc(dev, apdev):
-    """OCV on 2.4 GHz and AP override FT reassociation"""
-    run_wpa2_ocv_ap_override_ft_assoc(dev, apdev)
-
-def test_wpa2_ocv_ap_override_ft_assoc_post_enable(dev, apdev):
-    """OCV on 2.4 GHz and AP override FT reassociation (post enable)"""
-    run_wpa2_ocv_ap_override_ft_assoc(dev, apdev, True)
-
-def run_wpa2_ocv_ap_override_ft_assoc(dev, apdev, post_enable=False):
-    ssid = "test-wpa2-ocv"
-    passphrase = "qwertyuiop"
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    if not post_enable:
-        params["oci_freq_override_ft_assoc"] = "2462"
-    try:
-        hapd0 = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params["ocv"] = "1"
-    if not post_enable:
-        params["oci_freq_override_ft_assoc"] = "2462"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    if post_enable:
-        hapd0.set("oci_freq_override_ft_assoc", "2462")
-        hapd1.set("oci_freq_override_ft_assoc", "2462")
-
-    dev[0].connect(ssid, key_mgmt="FT-PSK", psk=passphrase,
-                   scan_freq="2412", ocv="1", ieee80211w="2")
-
-    bssid = dev[0].get_status_field("bssid")
-    bssid0 = hapd0.own_addr()
-    bssid1 = hapd1.own_addr()
-    target = bssid0 if bssid == bssid1 else bssid1
-
-    dev[0].scan_for_bss(target, freq="2412")
-    if "OK" not in dev[0].request("ROAM " + target):
-        raise Exception("ROAM failed")
-
-    check_ocv_failure(dev[0], "FT Reassociation Response", "ft-assoc", target)
-    dev[0].request("DISCONNECT")
-
-@remote_compatible
-def test_wpa2_ocv_no_pmf(dev, apdev):
-    """OCV on 2.4 GHz and no PMF on STA"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    ie = "301a0100000fac040100000fac040100000fac0200400000000fac06"
-    if "OK" not in dev[0].request("TEST_ASSOC_IE " + ie):
-        raise Exception("Could not set TEST_ASSOC_IE")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="0",
-                   ieee80211w="0", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-ASSOC-REJECT"],
-                           timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("No connection result seen")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if "status_code=31" not in ev:
-        raise Exception("Unexpected status code: " + ev)
-
-@remote_compatible
-def test_wpa2_ocv_no_pmf_workaround(dev, apdev):
-    """OCV on 2.4 GHz and no PMF on STA with workaround"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ocv": "2"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    ie = "301a0100000fac040100000fac040100000fac0200400000000fac06"
-    if "OK" not in dev[0].request("TEST_ASSOC_IE " + ie):
-        raise Exception("Could not set TEST_ASSOC_IE")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="0",
-                   ieee80211w="0")
-
-@remote_compatible
-def test_wpa2_ocv_no_oci(dev, apdev):
-    """OCV on 2.4 GHz and no OCI from STA"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    ie = "301a0100000fac040100000fac040100000fac0280400000000fac06"
-    if "OK" not in dev[0].request("TEST_ASSOC_IE " + ie):
-        raise Exception("Could not set TEST_ASSOC_IE")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="0",
-                   ieee80211w="1", wait_connect=False)
-    ev = hapd.wait_event(["OCV-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("No OCV failure reported")
-    if "frame=eapol-key-m2 error=did not receive mandatory OCI" not in ev:
-        raise Exception("Unexpected error: " + ev)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "WPA: 4-Way Handshake failed"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if ev is None:
-        raise Exception("4-way handshake failure not reported")
-
-@remote_compatible
-def test_wpa2_ocv_no_oci_workaround(dev, apdev):
-    """OCV on 2.4 GHz and no OCI from STA with workaround"""
-    params = {"channel": "1",
-              "ieee80211w": "1",
-              "ocv": "2"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    ie = "301a0100000fac040100000fac040100000fac0280400000000fac06"
-    if "OK" not in dev[0].request("TEST_ASSOC_IE " + ie):
-        raise Exception("Could not set TEST_ASSOC_IE")
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv="0",
-                   ieee80211w="1")
-
-def test_wpa2_ocv_without_pmf(dev, apdev):
-    """OCV without PMF"""
-    params = {"channel": "6",
-              "ieee80211n": "1",
-              "ieee80211w": "1",
-              "ocv": "1"}
-    hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params)
-    hapd.disable()
-    hapd.set("ieee80211w", "0")
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("OCV without PMF accepted")
diff --git a/tests/hwsim/test_offchannel_tx.py b/tests/hwsim/test_offchannel_tx.py
deleted file mode 100644
index 85308da26847..000000000000
--- a/tests/hwsim/test_offchannel_tx.py
+++ /dev/null
@@ -1,50 +0,0 @@
-# cfg80211 offchannel TX using remain-on-channel
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from test_gas import start_ap
-from test_gas import anqp_get
-from p2p_utils import *
-
-def test_offchannel_tx_roc_gas(dev, apdev):
-    """GAS using cfg80211 remain-on-channel for offchannel TX"""
-    start_ap(apdev[0])
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="no_offchannel_tx=1")
-    wpas.flush_scan_cache()
-    wpas.scan_for_bss(bssid, freq=2412)
-    anqp_get(wpas, bssid, 263)
-    ev = wpas.wait_event(["GAS-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("GAS query timed out")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Unexpected GAS query result")
-
-def test_offchannel_tx_roc_grpform(dev, apdev):
-    """P2P group formation using cfg80211 remain-on-channel for offchannel TX"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="no_offchannel_tx=1")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_freq=2412,
-                                           r_dev=wpas, r_freq=2412)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], wpas)
-
-def test_offchannel_tx_roc_grpform2(dev, apdev):
-    """P2P group formation(2) using cfg80211 remain-on-channel for offchannel TX"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="no_offchannel_tx=1")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=wpas, i_freq=2412,
-                                           r_dev=dev[0], r_freq=2412)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], wpas)
diff --git a/tests/hwsim/test_owe.py b/tests/hwsim/test_owe.py
deleted file mode 100644
index f72c60682595..000000000000
--- a/tests/hwsim/test_owe.py
+++ /dev/null
@@ -1,953 +0,0 @@
-# Test cases for Opportunistic Wireless Encryption (OWE)
-# Copyright (c) 2017, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import logging
-logger = logging.getLogger()
-import time
-import os
-import struct
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-import hwsim_utils
-from tshark import run_tshark
-from utils import HwsimSkip, fail_test, alloc_fail, wait_fail_trigger
-from test_ap_acs import wait_acs
-
-def test_owe(dev, apdev):
-    """Opportunistic Wireless Encryption"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    conf = hapd.request("GET_CONFIG")
-    if "key_mgmt=OWE" not in conf.splitlines():
-        logger.info("GET_CONFIG:\n" + conf)
-        raise Exception("GET_CONFIG did not report correct key_mgmt")
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    bss = dev[0].get_bss(bssid)
-    if "[WPA2-OWE-CCMP]" not in bss['flags']:
-        raise Exception("OWE AKM not recognized: " + bss['flags'])
-
-    id = dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2", scan_freq="2412")
-    hapd.wait_sta()
-    pmk_h = hapd.request("GET_PMK " + dev[0].own_addr())
-    pmk_w = dev[0].get_pmk(id)
-    if pmk_h != pmk_w:
-        raise Exception("Fetched PMK does not match: hostapd %s, wpa_supplicant %s" % (pmk_h, pmk_w))
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "OWE":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-def test_owe_groups(dev, apdev):
-    """Opportunistic Wireless Encryption - DH groups"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    for group in [19, 20, 21]:
-        dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group))
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-
-def test_owe_pmksa_caching(dev, apdev):
-    """Opportunistic Wireless Encryption and PMKSA caching"""
-    try:
-        run_owe_pmksa_caching(dev, apdev)
-    finally:
-        dev[0].set("reassoc_same_bss_optim", "0")
-
-def test_owe_pmksa_caching_connect_cmd(dev, apdev):
-    """Opportunistic Wireless Encryption and PMKSA caching using cfg80211 connect command"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    try:
-        run_owe_pmksa_caching([wpas], apdev)
-    finally:
-        wpas.set("reassoc_same_bss_optim", "0")
-
-def run_owe_pmksa_caching(dev, apdev):
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].set("reassoc_same_bss_optim", "1")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    id = dev[0].connect("owe", key_mgmt="OWE")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa = dev[0].get_pmksa(bssid)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    dev[0].select_network(id, 2412)
-    dev[0].wait_connected()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa2 = dev[0].get_pmksa(bssid)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    if "OK" not in hapd.request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-
-    dev[0].select_network(id, 2412)
-    dev[0].wait_connected()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    pmksa3 = dev[0].get_pmksa(bssid)
-
-    if pmksa is None or pmksa2 is None or pmksa3 is None:
-        raise Exception("PMKSA entry missing")
-    if pmksa['pmkid'] != pmksa2['pmkid']:
-        raise Exception("Unexpected PMKID change when using PMKSA caching")
-    if pmksa['pmkid'] == pmksa3['pmkid']:
-        raise Exception("PMKID did not change after PMKSA cache flush")
-
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected()
-    pmksa4 = dev[0].get_pmksa(bssid)
-    if pmksa3['pmkid'] != pmksa4['pmkid']:
-        raise Exception("Unexpected PMKID change when using PMKSA caching [2]")
-
-def test_owe_and_psk(dev, apdev):
-    """Opportunistic Wireless Encryption and WPA2-PSK enabled"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe+psk",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE WPA-PSK",
-              "rsn_pairwise": "CCMP",
-              "wpa_passphrase": "12345678"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("owe+psk", psk="12345678")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[1].scan_for_bss(bssid, freq="2412")
-    dev[1].connect("owe+psk", key_mgmt="OWE")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[1], hapd)
-
-def test_owe_transition_mode(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode"""
-    run_owe_transition_mode(dev, apdev)
-
-def test_owe_transition_mode_connect_cmd(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode using cfg80211 connect command"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    run_owe_transition_mode([wpas], apdev)
-
-def test_owe_transition_mode_mismatch1(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (mismatch 1)"""
-    run_owe_transition_mode(dev, apdev, adv_bssid0="02:11:22:33:44:55")
-
-def test_owe_transition_mode_mismatch2(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (mismatch 2)"""
-    run_owe_transition_mode(dev, apdev, adv_bssid1="02:11:22:33:44:66")
-
-def test_owe_transition_mode_mismatch3(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (mismatch 3)"""
-    run_owe_transition_mode(dev, apdev, adv_bssid0="02:11:22:33:44:55",
-                            adv_bssid1="02:11:22:33:44:66")
-
-def run_owe_transition_mode(dev, apdev, adv_bssid0=None, adv_bssid1=None):
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    adv_bssid = adv_bssid0 if adv_bssid0 else apdev[1]['bssid']
-    params = {"ssid": "owe-random",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2",
-              "owe_transition_bssid": adv_bssid,
-              "owe_transition_ssid": '"owe-test"',
-              "ignore_broadcast_ssid": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    adv_bssid = adv_bssid1 if adv_bssid1 else apdev[0]['bssid']
-    params = {"ssid": "owe-test",
-              "owe_transition_bssid": adv_bssid,
-              "owe_transition_ssid": '"owe-random"'}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    bss = dev[0].get_bss(bssid)
-    if "[WPA2-OWE-CCMP]" not in bss['flags']:
-        raise Exception("OWE AKM not recognized: " + bss['flags'])
-    if "[OWE-TRANS]" not in bss['flags']:
-        raise Exception("OWE transition not recognized: " + bss['flags'])
-
-    bss = dev[0].get_bss(bssid2)
-    if "[OWE-TRANS-OPEN]" not in bss['flags']:
-        raise Exception("OWE transition (open) not recognized: " + bss['flags'])
-
-    id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "OWE":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-    logger.info("Move to OWE only mode (disable transition mode)")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    hapd2.disable()
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    hapd.set("owe_transition_bssid", "00:00:00:00:00:00")
-    hapd.set("ignore_broadcast_ssid", '0')
-    hapd.set("ssid", 'owe-test')
-    hapd.enable()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].select_network(id, 2412)
-    dev[0].wait_connected()
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_owe_transition_mode_ifname(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (ifname)"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-random",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2",
-              "owe_transition_ifname": apdev[1]['ifname'],
-              "ignore_broadcast_ssid": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    params = {"ssid": "owe-test",
-              "owe_transition_ifname": apdev[0]['ifname']}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412")
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "OWE":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-def test_owe_transition_mode_ifname_acs(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (ifname, ACS)"""
-    run_owe_transition_mode_ifname_acs(dev, apdev, wait_first=False)
-
-def test_owe_transition_mode_ifname_acs2(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (ifname, ACS)"""
-    run_owe_transition_mode_ifname_acs(dev, apdev, wait_first=True)
-
-def run_owe_transition_mode_ifname_acs(dev, apdev, wait_first):
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-random",
-              "channel": "0",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2",
-              "owe_transition_ifname": apdev[1]['ifname'],
-              "ignore_broadcast_ssid": "1"}
-    hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
-    bssid = hapd.own_addr()
-
-    if wait_first:
-        wait_acs(hapd)
-
-    params = {"ssid": "owe-test",
-              "channel": "0",
-              "owe_transition_ifname": apdev[0]['ifname']}
-    hapd2 = hostapd.add_ap(apdev[1], params, wait_enabled=False)
-    bssid2 = hapd2.own_addr()
-
-    wait_acs(hapd2)
-    if not wait_first:
-        state = hapd.get_status_field("state")
-        if state == "ACS-STARTED":
-            time.sleep(5)
-            state = hapd.get_status_field("state")
-        if state != "ENABLED":
-            raise Exception("AP1 startup did not succeed")
-
-    freq = hapd.get_status_field("freq")
-    freq2 = hapd2.get_status_field("freq")
-
-    dev[0].scan_for_bss(bssid, freq=freq)
-    dev[0].scan_for_bss(bssid2, freq=freq2)
-
-    id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="%s %s" % (freq, freq2))
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "OWE":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-def test_owe_transition_mode_open_only_ap(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode connect to open-only AP"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-test-open"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    bss = dev[0].get_bss(bssid)
-
-    id = dev[0].connect("owe-test-open", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "NONE":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-def test_owe_only_sta(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode disabled on STA"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-test-open"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    id = dev[0].connect("owe-test-open", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412", owe_only="1", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if not ev:
-        raise Exception("Unknown result for the connection attempt")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection to open network")
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    params = {"ssid": "owe-test-open",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_owe_transition_mode_open_multiple_scans(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode and need for multiple scans"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-test",
-              "owe_transition_bssid": apdev[0]['bssid'],
-              "owe_transition_ssid": '"owe-random"'}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    dev[0].dump_monitor()
-    id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=1)
-
-    params = {"ssid": "owe-random",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2",
-              "owe_transition_bssid": apdev[1]['bssid'],
-              "owe_transition_ssid": '"owe-test"',
-              "ignore_broadcast_ssid": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].wait_connected()
-
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "OWE":
-        raise Exception("Unexpected key_mgmt: " + val)
-
-def test_owe_transition_mode_multi_bss(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode (multi BSS)"""
-    try:
-        run_owe_transition_mode_multi_bss(dev, apdev)
-    finally:
-        dev[0].request("SCAN_INTERVAL 5")
-
-def run_owe_transition_mode_multi_bss(dev, apdev):
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    ifname1 = apdev[0]['ifname']
-    ifname2 = apdev[0]['ifname'] + '-2'
-    hapd1 = hostapd.add_bss(apdev[0], ifname1, 'owe-bss-1.conf')
-    hapd2 = hostapd.add_bss(apdev[0], ifname2, 'owe-bss-2.conf')
-    hapd2.bssidx = 1
-
-    bssid = hapd1.own_addr()
-    bssid2 = hapd2.own_addr()
-
-    # Beaconing with the OWE Transition Mode element can start only once both
-    # BSSs are enabled, so the very first Beacon frame may go out without this
-    # element. Wait a bit to avoid getting incomplete scan results.
-    time.sleep(0.1)
-
-    dev[0].request("SCAN_INTERVAL 1")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("transition-mode-open", key_mgmt="OWE")
-    val = dev[0].get_status_field("bssid")
-    if val != bssid2:
-        raise Exception("Unexpected bssid: " + val)
-    val = dev[0].get_status_field("key_mgmt")
-    if val != "OWE":
-        raise Exception("Unexpected key_mgmt: " + val)
-    hwsim_utils.test_connectivity(dev[0], hapd2)
-
-def test_owe_transition_mode_rsne_mismatch(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode and RSNE mismatch"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-random",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2",
-              "rsne_override_eapol": "30140100000fac040100000fac040100000fac020c00",
-              "owe_transition_bssid": apdev[1]['bssid'],
-              "owe_transition_ssid": '"owe-test"',
-              "ignore_broadcast_ssid": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    params = {"ssid": "owe-test",
-              "owe_transition_bssid": apdev[0]['bssid'],
-              "owe_transition_ssid": '"owe-random"'}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=5)
-    if ev is None:
-        raise Exception("OWE PMKSA not created")
-    ev = dev[0].wait_event(["WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp"],
-                           timeout=5)
-    if ev is None:
-        raise Exception("RSNE mismatch not reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=5)
-    dev[0].request("REMOVE_NETWORK all")
-    if ev is None:
-        raise Exception("No disconnection seen")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Unexpected connection")
-    if "reason=17 locally_generated=1" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_owe_unsupported_group(dev, apdev):
-    """Opportunistic Wireless Encryption and unsupported group"""
-    try:
-        run_owe_unsupported_group(dev, apdev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def test_owe_unsupported_group_connect_cmd(dev, apdev):
-    """Opportunistic Wireless Encryption and unsupported group using cfg80211 connect command"""
-    try:
-        wpas = None
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-        run_owe_unsupported_group([wpas], apdev)
-    finally:
-        if wpas:
-            wpas.request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_owe_unsupported_group(dev, apdev):
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    # Override OWE Dh Parameters element with a payload that uses invalid group
-    # 0 (and actual group 19 data) to make the AP reject this with the specific
-    # status code 77.
-    dev[0].request("VENDOR_ELEM_ADD 13 ff23200000783590fb7440e03d5b3b33911f86affdcc6b4411b707846ac4ff08ddc8831ccd")
-
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("owe", key_mgmt="OWE", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association not rejected")
-    if "status_code=77" not in ev:
-        raise Exception("Unexpected rejection reason: " + ev)
-
-def test_owe_limited_group_set(dev, apdev):
-    """Opportunistic Wireless Encryption and limited group set"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "owe_groups": "20 21"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="19", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association not rejected")
-    if "status_code=77" not in ev:
-        raise Exception("Unexpected rejection reason: " + ev)
-    dev[0].dump_monitor()
-
-    for group in [20, 21]:
-        dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group))
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-def test_owe_limited_group_set_pmf(dev, apdev, params):
-    """Opportunistic Wireless Encryption and limited group set (PMF)"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    pcapng = os.path.join(params['logdir'], "hwsim0.pcapng")
-
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "owe_groups": "21"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association not rejected")
-    if "status_code=77" not in ev:
-        raise Exception("Unexpected rejection reason: " + ev)
-    dev[0].dump_monitor()
-
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="20", ieee80211w="2",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Association not rejected (2)")
-    if "status_code=77" not in ev:
-        raise Exception("Unexpected rejection reason (2): " + ev)
-    dev[0].dump_monitor()
-
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="21", ieee80211w="2",
-                   scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    out = run_tshark(pcapng,
-                     "wlan.fc.type_subtype == 1",
-                     display=['wlan_mgt.fixed.status_code'])
-    status = out.splitlines()
-    logger.info("Association Response frame status codes: " + str(status))
-    if len(status) != 3:
-        raise Exception("Unexpected number of Association Response frames")
-    if (int(status[0], base=0) != 77 or int(status[1], base=0) != 77 or
-        int(status[2], base=0) != 0):
-        raise Exception("Unexpected Association Response frame status code")
-
-def test_owe_group_negotiation(dev, apdev):
-    """Opportunistic Wireless Encryption and group negotiation"""
-    run_owe_group_negotiation(dev[0], apdev)
-
-def test_owe_group_negotiation_connect_cmd(dev, apdev):
-    """Opportunistic Wireless Encryption and group negotiation (connect command)"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    run_owe_group_negotiation(wpas, apdev)
-
-def run_owe_group_negotiation(dev, apdev):
-    if "OWE" not in dev.get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "owe_groups": "21"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev.scan_for_bss(bssid, freq="2412")
-    dev.connect("owe", key_mgmt="OWE")
-
-def test_owe_assoc_reject(dev, apdev):
-    """Opportunistic Wireless Encryption association rejection handling"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "require_ht": "1",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "owe_groups": "19"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    # First, reject two associations with HT-required (i.e., not OWE related)
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                   disable_ht="1", scan_freq="2412", wait_connect=False)
-    for i in range(0, 2):
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-        if ev is None:
-            raise Exception("Association rejection not reported")
-
-    # Then, verify that STA tries OWE with the default group (19) on the next
-    # attempt instead of having moved to testing another group.
-    hapd.set("require_ht", "0")
-    for i in range(0, 2):
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT",
-                                "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Association result not reported")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            break
-        if "status_code=77" in ev:
-            raise Exception("Unexpected unsupport group rejection")
-    if "CTRL-EVENT-CONNECTED" not in ev:
-        raise Exception("Did not connect successfully")
-
-def test_owe_local_errors(dev, apdev):
-    """Opportunistic Wireless Encryption - local errors on supplicant"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
-             (1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
-             (1, "wpabuf_alloc;owe_build_assoc_req")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
-                           ieee80211w="2",
-                           scan_freq="2412", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
-             (1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
-             (1, "wpabuf_alloc;=owe_process_assoc_resp")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
-                           ieee80211w="2",
-                           scan_freq="2412", wait_connect=False)
-            dev[0].wait_disconnected()
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
-             (1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
-             (1, "hmac_sha384;owe_process_assoc_resp", 20),
-             (1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
-             (1, "hmac_sha512;owe_process_assoc_resp", 21),
-             (1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
-    for count, func, group in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group),
-                           ieee80211w="2",
-                           scan_freq="2412", wait_connect=False)
-            dev[0].wait_disconnected()
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="18",
-                   ieee80211w="2",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
-    if ev is None:
-        raise Exception("No authentication attempt")
-    time.sleep(0.5)
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-def hapd_auth(hapd):
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame not received")
-
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = struct.pack('<HHH', 0, 2, 0)
-    hapd.mgmt_tx(resp)
-
-def hapd_assoc(hapd, extra):
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 0:
-            break
-        req = None
-    if not req:
-        raise Exception("Association Request frame not received")
-
-    resp = {}
-    resp['fc'] = 0x0010
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    payload = struct.pack('<HHH', 0x0411, 0, 0xc001)
-    payload += binascii.unhexlify("010882848b960c121824")
-    resp['payload'] = payload + extra
-    hapd.mgmt_tx(resp)
-
-def test_owe_invalid_assoc_resp(dev, apdev):
-    """Opportunistic Wireless Encryption - invalid Association Response frame"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    # OWE: No Diffie-Hellman Parameter element found in Association Response frame
-    tests = [b'']
-    # No room for group --> no DH Params
-    tests += [binascii.unhexlify('ff0120')]
-    # OWE: Unexpected Diffie-Hellman group in response: 18
-    tests += [binascii.unhexlify('ff03201200')]
-    # OWE: Invalid peer DH public key
-    tests += [binascii.unhexlify('ff23201300' + 31*'00' + '01')]
-    # OWE: Invalid peer DH public key
-    tests += [binascii.unhexlify('ff24201300' + 33*'ee')]
-    for extra in tests:
-        dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
-                       scan_freq="2412", wait_connect=False)
-        hapd_auth(hapd)
-        hapd_assoc(hapd, extra)
-        dev[0].wait_disconnected()
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].dump_monitor()
-
-    # OWE: Empty public key (this ends up getting padded to a valid point)
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
-                   scan_freq="2412", wait_connect=False)
-    hapd_auth(hapd)
-    hapd_assoc(hapd, binascii.unhexlify('ff03201300'))
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED", "PMKSA-CACHE-ADDED"],
-                           timeout=5)
-    if ev is None:
-        raise Exception("No result reported for empty public key")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-def start_owe(dev, apdev, workaround=0):
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "owe_ptk_workaround": str(workaround),
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].scan_for_bss(hapd.own_addr(), freq="2412")
-    return hapd
-
-def owe_check_ok(dev, hapd, owe_group, owe_ptk_workaround):
-    dev.connect("owe", key_mgmt="OWE", ieee80211w="2",
-                owe_group=owe_group, owe_ptk_workaround=owe_ptk_workaround,
-                scan_freq="2412")
-    hapd.wait_sta()
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_owe_ptk_workaround_ap(dev, apdev):
-    """Opportunistic Wireless Encryption - AP using PTK workaround"""
-    hapd = start_owe(dev, apdev, workaround=1)
-    for group, workaround in [(19, 0), (20, 0), (21, 0),
-                              (19, 1), (20, 1), (21, 1)]:
-        owe_check_ok(dev[0], hapd, str(group), str(workaround))
-
-def test_owe_ptk_hash(dev, apdev):
-    """Opportunistic Wireless Encryption - PTK derivation hash alg"""
-    hapd = start_owe(dev, apdev)
-    for group, workaround in [(19, 0), (20, 0), (21, 0), (19, 1)]:
-        owe_check_ok(dev[0], hapd, str(group), str(workaround))
-
-    for group in [20, 21]:
-        dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                       owe_group=str(group), owe_ptk_workaround="1",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=10)
-        if ev is None:
-            raise Exception("Could not complete OWE association")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=5)
-        if ev is None:
-            raise Exception("Unknown connection result")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
-        dev[0].request("REMOVE_NETWORK all")
-        ev = dev[0].wait_event(["PMKSA-CACHE-REMOVED"], timeout=5)
-        if ev is None:
-            raise Exception("No PMKSA cache removal event seen")
-        dev[0].dump_monitor()
-
-def test_owe_transition_mode_disable(dev, apdev):
-    """Opportunistic Wireless Encryption transition mode disable"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    dev[0].flush_scan_cache()
-    params = {"ssid": "owe-random",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP",
-              "ieee80211w": "2",
-              "transition_disable": '0x08',
-              "owe_transition_bssid": apdev[1]['bssid'],
-              "owe_transition_ssid": '"owe-test"',
-              "ignore_broadcast_ssid": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    params = {"ssid": "owe-test",
-              "owe_transition_bssid": apdev[0]['bssid'],
-              "owe_transition_ssid": '"owe-random"'}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-
-    id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
-                        scan_freq="2412")
-
-    ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-    if ev is None:
-        raise Exception("Transition disable not indicated")
-    if ev.split(' ')[1] != "08":
-        raise Exception("Unexpected transition disable bitmap: " + ev)
-
-    val = dev[0].get_network(id, "owe_only")
-    if val != "1":
-        raise Exception("Unexpected owe_only value: " + val)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_owe_sa_query(dev, apdev):
-    """Opportunistic Wireless Encryption - SA Query"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "OWE",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
-                   scan_freq="2412")
-    hapd.wait_sta()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
diff --git a/tests/hwsim/test_p2p_autogo.py b/tests/hwsim/test_p2p_autogo.py
deleted file mode 100644
index d857c9025b3f..000000000000
--- a/tests/hwsim/test_p2p_autogo.py
+++ /dev/null
@@ -1,936 +0,0 @@
-# P2P autonomous GO test cases
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import time
-import subprocess
-import logging
-logger = logging.getLogger()
-
-import hostapd
-import hwsim_utils
-import utils
-from utils import HwsimSkip
-from wlantest import Wlantest
-from wpasupplicant import WpaSupplicant
-from p2p_utils import *
-from test_p2p_messages import mgmt_tx, parse_p2p_public_action
-
-def test_autogo(dev):
-    """P2P autonomous GO and client joining group"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    res = autogo(dev[0])
-    if "p2p-wlan" in res['ifname']:
-        raise Exception("Unexpected group interface name on GO")
-    res = connect_cli(dev[0], dev[1])
-    if "p2p-wlan" in res['ifname']:
-        raise Exception("Unexpected group interface name on client")
-    bss = dev[1].get_bss("p2p_dev_addr=" + addr0, res['ifname'])
-    if not bss or bss['bssid'] != dev[0].p2p_interface_addr():
-        raise Exception("Unexpected BSSID in the BSS entry for the GO")
-    id = bss['id']
-    bss = dev[1].get_bss("ID-" + id, res['ifname'])
-    if not bss or bss['id'] != id:
-        raise Exception("Could not find BSS entry based on id")
-    res = dev[1].group_request("BSS RANGE=" + id + "- MASK=0x1")
-    if "id=" + id not in res:
-        raise Exception("Could not find BSS entry based on id range")
-
-    res = dev[1].request("SCAN_RESULTS")
-    if "[P2P]" not in res:
-        raise Exception("P2P flag missing from scan results: " + res)
-
-    # Presence request to increase testing coverage
-    if "FAIL" not in dev[1].group_request("P2P_PRESENCE_REQ 30000"):
-        raise Exception("Invald P2P_PRESENCE_REQ accepted")
-    if "FAIL" not in dev[1].group_request("P2P_PRESENCE_REQ 30000 102400 30001"):
-        raise Exception("Invald P2P_PRESENCE_REQ accepted")
-    if "FAIL" in dev[1].group_request("P2P_PRESENCE_REQ 30000 102400"):
-        raise Exception("Could not send presence request")
-    ev = dev[1].wait_group_event(["P2P-PRESENCE-RESPONSE"], 10)
-    if ev is None:
-        raise Exception("Timeout while waiting for Presence Response")
-    if "FAIL" in dev[1].group_request("P2P_PRESENCE_REQ 30000 102400 20000 102400"):
-        raise Exception("Could not send presence request")
-    ev = dev[1].wait_group_event(["P2P-PRESENCE-RESPONSE"])
-    if ev is None:
-        raise Exception("Timeout while waiting for Presence Response")
-    if "FAIL" in dev[1].group_request("P2P_PRESENCE_REQ"):
-        raise Exception("Could not send presence request")
-    ev = dev[1].wait_group_event(["P2P-PRESENCE-RESPONSE"])
-    if ev is None:
-        raise Exception("Timeout while waiting for Presence Response")
-
-    if not dev[2].discover_peer(addr0):
-        raise Exception("Could not discover GO")
-    dev[0].dump_monitor()
-    dev[2].global_request("P2P_PROV_DISC " + addr0 + " display join")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=10)
-    if ev is None:
-        raise Exception("GO did not report P2P-PROV-DISC-SHOW-PIN")
-    if "p2p_dev_addr=" + addr2 not in ev:
-        raise Exception("Unexpected P2P Device Address in event: " + ev)
-    if "group=" + dev[0].group_ifname not in ev:
-        raise Exception("Unexpected group interface in event: " + ev)
-    ev = dev[2].wait_global_event(["P2P-PROV-DISC-ENTER-PIN"], timeout=10)
-    if ev is None:
-        raise Exception("P2P-PROV-DISC-ENTER-PIN not reported")
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_autogo2(dev):
-    """P2P autonomous GO with a separate group interface and client joining group"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    res = autogo(dev[0], freq=2437)
-    if "p2p-wlan" not in res['ifname']:
-        raise Exception("Unexpected group interface name on GO")
-    if res['ifname'] not in utils.get_ifnames():
-        raise Exception("Could not find group interface netdev")
-    connect_cli(dev[0], dev[1], social=True, freq=2437)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    if res['ifname'] in utils.get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-def test_autogo3(dev):
-    """P2P autonomous GO and client with a separate group interface joining group"""
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    autogo(dev[0], freq=2462)
-    res = connect_cli(dev[0], dev[1], social=True, freq=2462)
-    if "p2p-wlan" not in res['ifname']:
-        raise Exception("Unexpected group interface name on client")
-    if res['ifname'] not in utils.get_ifnames():
-        raise Exception("Could not find group interface netdev")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[1].ping()
-    if res['ifname'] in utils.get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-def test_autogo4(dev):
-    """P2P autonomous GO and client joining group (both with a separate group interface)"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    res1 = autogo(dev[0], freq=2412)
-    res2 = connect_cli(dev[0], dev[1], social=True, freq=2412)
-    if "p2p-wlan" not in res1['ifname']:
-        raise Exception("Unexpected group interface name on GO")
-    if "p2p-wlan" not in res2['ifname']:
-        raise Exception("Unexpected group interface name on client")
-    ifnames = utils.get_ifnames()
-    if res1['ifname'] not in ifnames:
-        raise Exception("Could not find GO group interface netdev")
-    if res2['ifname'] not in ifnames:
-        raise Exception("Could not find client group interface netdev")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[1].ping()
-    ifnames = utils.get_ifnames()
-    if res1['ifname'] in ifnames:
-        raise Exception("GO group interface netdev was not removed")
-    if res2['ifname'] in ifnames:
-        raise Exception("Client group interface netdev was not removed")
-
-def test_autogo_m2d(dev):
-    """P2P autonomous GO and clients not authorized"""
-    autogo(dev[0], freq=2412)
-    go_addr = dev[0].p2p_dev_addr()
-
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    if not dev[1].discover_peer(go_addr, social=True):
-        raise Exception("GO " + go_addr + " not found")
-    dev[1].dump_monitor()
-
-    if not dev[2].discover_peer(go_addr, social=True):
-        raise Exception("GO " + go_addr + " not found")
-    dev[2].dump_monitor()
-
-    logger.info("Trying to join the group when GO has not authorized the client")
-    pin = dev[1].wps_read_pin()
-    cmd = "P2P_CONNECT " + go_addr + " " + pin + " join"
-    if "OK" not in dev[1].global_request(cmd):
-        raise Exception("P2P_CONNECT join failed")
-
-    pin = dev[2].wps_read_pin()
-    cmd = "P2P_CONNECT " + go_addr + " " + pin + " join"
-    if "OK" not in dev[2].global_request(cmd):
-        raise Exception("P2P_CONNECT join failed")
-
-    ev = dev[1].wait_global_event(["WPS-M2D"], timeout=16)
-    if ev is None:
-        raise Exception("No global M2D event")
-    ifaces = dev[1].request("INTERFACES").splitlines()
-    iface = ifaces[0] if "p2p-wlan" in ifaces[0] else ifaces[1]
-    wpas = WpaSupplicant(ifname=iface)
-    ev = wpas.wait_event(["WPS-M2D"], timeout=10)
-    if ev is None:
-        raise Exception("No M2D event on group interface")
-
-    ev = dev[2].wait_global_event(["WPS-M2D"], timeout=10)
-    if ev is None:
-        raise Exception("No global M2D event (2)")
-    ev = dev[2].wait_event(["WPS-M2D"], timeout=10)
-    if ev is None:
-        raise Exception("No M2D event on group interface (2)")
-
-@remote_compatible
-def test_autogo_fail(dev):
-    """P2P autonomous GO and incorrect PIN"""
-    autogo(dev[0], freq=2412)
-    go_addr = dev[0].p2p_dev_addr()
-    dev[0].p2p_go_authorize_client("00000000")
-
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    if not dev[1].discover_peer(go_addr, social=True):
-        raise Exception("GO " + go_addr + " not found")
-    dev[1].dump_monitor()
-
-    logger.info("Trying to join the group when GO has not authorized the client")
-    pin = dev[1].wps_read_pin()
-    cmd = "P2P_CONNECT " + go_addr + " " + pin + " join"
-    if "OK" not in dev[1].global_request(cmd):
-        raise Exception("P2P_CONNECT join failed")
-
-    ev = dev[1].wait_global_event(["WPS-FAIL"], timeout=10)
-    if ev is None:
-        raise Exception("No global WPS-FAIL event")
-
-def test_autogo_2cli(dev):
-    """P2P autonomous GO and two clients joining group"""
-    autogo(dev[0], freq=2412)
-    connect_cli(dev[0], dev[1], social=True, freq=2412)
-    connect_cli(dev[0], dev[2], social=True, freq=2412)
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    dev[0].global_request("P2P_REMOVE_CLIENT " + dev[1].p2p_dev_addr())
-    dev[1].wait_go_ending_session()
-    dev[0].global_request("P2P_REMOVE_CLIENT iface=" + dev[2].p2p_interface_addr())
-    dev[2].wait_go_ending_session()
-    if "FAIL" not in dev[0].global_request("P2P_REMOVE_CLIENT foo"):
-        raise Exception("Invalid P2P_REMOVE_CLIENT command accepted")
-    dev[0].remove_group()
-
-def test_autogo_pbc(dev):
-    """P2P autonomous GO and PBC"""
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    autogo(dev[0], freq=2412)
-    if "FAIL" not in dev[0].group_request("WPS_PBC p2p_dev_addr=00:11:22:33:44"):
-        raise Exception("Invalid WPS_PBC succeeded")
-    if "OK" not in dev[0].group_request("WPS_PBC p2p_dev_addr=" + dev[1].p2p_dev_addr()):
-        raise Exception("WPS_PBC failed")
-    dev[2].p2p_connect_group(dev[0].p2p_dev_addr(), "pbc", timeout=0,
-                             social=True)
-    ev = dev[2].wait_global_event(["WPS-M2D"], timeout=15)
-    if ev is None:
-        raise Exception("WPS-M2D not reported")
-    if "config_error=12" not in ev:
-        raise Exception("Unexpected config_error: " + ev)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), "pbc", timeout=15,
-                             social=True)
-
-def test_autogo_pbc_session_overlap(dev, apdev):
-    """P2P autonomous GO and PBC session overlap"""
-    params = {"ssid": "wps", "eap_server": "1", "wps_state": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-    bssid = hapd.own_addr()
-    time.sleep(0.1)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[1].scan_for_bss(bssid, freq=2412)
-
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    autogo(dev[0], freq=2412)
-    if "OK" not in dev[0].group_request("WPS_PBC p2p_dev_addr=" + dev[1].p2p_dev_addr()):
-        raise Exception("WPS_PBC failed")
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), "pbc", timeout=15,
-                             social=True)
-    hapd.disable()
-    remove_group(dev[0], dev[1])
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-def test_autogo_tdls(dev):
-    """P2P autonomous GO and two clients using TDLS"""
-    go = dev[0]
-    logger.info("Start autonomous GO with fixed parameters " + go.ifname)
-    id = go.add_network()
-    go.set_network_quoted(id, "ssid", "DIRECT-tdls")
-    go.set_network_quoted(id, "psk", "12345678")
-    go.set_network(id, "mode", "3")
-    go.set_network(id, "disabled", "2")
-    res = go.p2p_start_go(persistent=id, freq="2462")
-    logger.debug("res: " + str(res))
-    Wlantest.setup(go, True)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-    connect_cli(go, dev[1], social=True, freq=2462)
-    connect_cli(go, dev[2], social=True, freq=2462)
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    bssid = dev[0].p2p_interface_addr()
-    addr1 = dev[1].p2p_interface_addr()
-    addr2 = dev[2].p2p_interface_addr()
-    dev[1].tdls_setup(addr2)
-    time.sleep(1)
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    conf = wt.get_tdls_counter("setup_conf_ok", bssid, addr1, addr2)
-    if conf == 0:
-        raise Exception("No TDLS Setup Confirm (success) seen")
-    dl = wt.get_tdls_counter("valid_direct_link", bssid, addr1, addr2)
-    if dl == 0:
-        raise Exception("No valid frames through direct link")
-    wt.tdls_clear(bssid, addr1, addr2)
-    dev[1].tdls_teardown(addr2)
-    time.sleep(1)
-    teardown = wt.get_tdls_counter("teardown", bssid, addr1, addr2)
-    if teardown == 0:
-        raise Exception("No TDLS Setup Teardown seen")
-    wt.tdls_clear(bssid, addr1, addr2)
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-    ap_path = wt.get_tdls_counter("valid_ap_path", bssid, addr1, addr2)
-    if ap_path == 0:
-        raise Exception("No valid frames via AP path")
-    direct_link = wt.get_tdls_counter("valid_direct_link", bssid, addr1, addr2)
-    if direct_link > 0:
-        raise Exception("Unexpected frames through direct link")
-    idirect_link = wt.get_tdls_counter("invalid_direct_link", bssid, addr1,
-                                       addr2)
-    if idirect_link > 0:
-        raise Exception("Unexpected frames through direct link (invalid)")
-    dev[2].remove_group()
-    dev[1].remove_group()
-    dev[0].remove_group()
-
-def test_autogo_legacy(dev):
-    """P2P autonomous GO and legacy clients"""
-    res = autogo(dev[0], freq=2462)
-    if dev[0].get_group_status_field("passphrase", extra="WPS") != res['passphrase']:
-        raise Exception("passphrase mismatch")
-    if dev[0].group_request("P2P_GET_PASSPHRASE") != res['passphrase']:
-        raise Exception("passphrase mismatch(2)")
-
-    logger.info("Connect P2P client")
-    connect_cli(dev[0], dev[1], social=True, freq=2462)
-
-    if "FAIL" not in dev[1].request("P2P_GET_PASSPHRASE"):
-        raise Exception("P2P_GET_PASSPHRASE succeeded on P2P Client")
-
-    logger.info("Connect legacy WPS client")
-    pin = dev[2].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[2].request("P2P_SET disabled 1")
-    dev[2].dump_monitor()
-    dev[2].request("WPS_PIN any " + pin)
-    dev[2].wait_connected(timeout=30)
-    status = dev[2].get_status()
-    if status['wpa_state'] != 'COMPLETED':
-        raise Exception("Not fully connected")
-    hwsim_utils.test_connectivity_p2p_sta(dev[1], dev[2])
-    dev[2].request("DISCONNECT")
-
-    logger.info("Connect legacy non-WPS client")
-    dev[2].request("FLUSH")
-    dev[2].request("P2P_SET disabled 1")
-    dev[2].connect(ssid=res['ssid'], psk=res['passphrase'], proto='RSN',
-                   key_mgmt='WPA-PSK', pairwise='CCMP', group='CCMP',
-                   scan_freq=res['freq'])
-    hwsim_utils.test_connectivity_p2p_sta(dev[1], dev[2])
-    dev[2].request("DISCONNECT")
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_autogo_chan_switch(dev):
-    """P2P autonomous GO switching channels"""
-    run_autogo_chan_switch(dev)
-
-def run_autogo_chan_switch(dev):
-    autogo(dev[0], freq=2417)
-    connect_cli(dev[0], dev[1], freq=2417)
-    res = dev[0].group_request("CHAN_SWITCH 5 2422")
-    if "FAIL" in res:
-        # for now, skip test since mac80211_hwsim support is not yet widely
-        # deployed
-        raise HwsimSkip("Assume mac80211_hwsim did not support channel switching")
-    ev = dev[0].wait_group_event(["AP-CSA-FINISHED"], timeout=10)
-    if ev is None:
-        raise Exception("CSA finished event timed out")
-    if "freq=2422" not in ev:
-        raise Exception("Unexpected cahnnel in CSA finished event")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    time.sleep(0.1)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_autogo_chan_switch_group_iface(dev):
-    """P2P autonomous GO switching channels (separate group interface)"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    run_autogo_chan_switch(dev)
-
-@remote_compatible
-def test_autogo_extra_cred(dev):
-    """P2P autonomous GO sending two WPS credentials"""
-    if "FAIL" in dev[0].request("SET wps_testing_stub_cred 1"):
-        raise Exception("Failed to enable test mode")
-    autogo(dev[0], freq=2412)
-    connect_cli(dev[0], dev[1], social=True, freq=2412)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_autogo_ifdown(dev):
-    """P2P autonomous GO and external ifdown"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    res = autogo(wpas)
-    wpas.dump_monitor()
-    wpas.interface_remove("wlan5")
-    wpas.interface_add("wlan5")
-    res = autogo(wpas)
-    wpas.dump_monitor()
-    subprocess.call(['ifconfig', res['ifname'], 'down'])
-    ev = wpas.wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-    if ev is None:
-        raise Exception("Group removal not reported")
-    if res['ifname'] not in ev:
-        raise Exception("Unexpected group removal event: " + ev)
-
-@remote_compatible
-def test_autogo_start_during_scan(dev):
-    """P2P autonomous GO started during ongoing manual scan"""
-    try:
-        # use autoscan to set scan_req = MANUAL_SCAN_REQ
-        if "OK" not in dev[0].request("AUTOSCAN periodic:1"):
-            raise Exception("Failed to set autoscan")
-        autogo(dev[0], freq=2462)
-        connect_cli(dev[0], dev[1], social=True, freq=2462)
-        dev[0].remove_group()
-        dev[1].wait_go_ending_session()
-    finally:
-        dev[0].request("AUTOSCAN ")
-
-def test_autogo_passphrase_len(dev):
-    """P2P autonomous GO and longer passphrase"""
-    try:
-        if "OK" not in dev[0].request("SET p2p_passphrase_len 13"):
-            raise Exception("Failed to set passphrase length")
-        res = autogo(dev[0], freq=2412)
-        if len(res['passphrase']) != 13:
-            raise Exception("Unexpected passphrase length")
-        if dev[0].get_group_status_field("passphrase", extra="WPS") != res['passphrase']:
-            raise Exception("passphrase mismatch")
-
-        logger.info("Connect P2P client")
-        connect_cli(dev[0], dev[1], social=True, freq=2412)
-
-        logger.info("Connect legacy WPS client")
-        pin = dev[2].wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-        dev[2].request("P2P_SET disabled 1")
-        dev[2].dump_monitor()
-        dev[2].request("WPS_PIN any " + pin)
-        dev[2].wait_connected(timeout=30)
-        status = dev[2].get_status()
-        if status['wpa_state'] != 'COMPLETED':
-            raise Exception("Not fully connected")
-        dev[2].request("DISCONNECT")
-
-        logger.info("Connect legacy non-WPS client")
-        dev[2].request("FLUSH")
-        dev[2].request("P2P_SET disabled 1")
-        dev[2].connect(ssid=res['ssid'], psk=res['passphrase'], proto='RSN',
-                       key_mgmt='WPA-PSK', pairwise='CCMP', group='CCMP',
-                       scan_freq=res['freq'])
-        hwsim_utils.test_connectivity_p2p_sta(dev[1], dev[2])
-        dev[2].request("DISCONNECT")
-
-        dev[0].remove_group()
-        dev[1].wait_go_ending_session()
-    finally:
-        dev[0].request("SET p2p_passphrase_len 8")
-
-@remote_compatible
-def test_autogo_bridge(dev):
-    """P2P autonomous GO in a bridge"""
-    try:
-        # use autoscan to set scan_req = MANUAL_SCAN_REQ
-        if "OK" not in dev[0].request("AUTOSCAN periodic:1"):
-            raise Exception("Failed to set autoscan")
-        autogo(dev[0])
-        ifname = dev[0].get_group_ifname()
-        dev[0].cmd_execute(['brctl', 'addbr', 'p2p-br0'])
-        dev[0].cmd_execute(['brctl', 'setfd', 'p2p-br0', '0'])
-        dev[0].cmd_execute(['brctl', 'addif', 'p2p-br0', ifname])
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'p2p-br0', 'up'])
-        time.sleep(0.1)
-        dev[0].cmd_execute(['brctl', 'delif', 'p2p-br0', ifname])
-        time.sleep(0.1)
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'p2p-br0', 'down'])
-        time.sleep(0.1)
-        dev[0].cmd_execute(['brctl', 'delbr', 'p2p-br0'])
-        ev = dev[0].wait_global_event(["P2P-GROUP-REMOVED"], timeout=1)
-        if ev is not None:
-            raise Exception("P2P group removed unexpectedly")
-        if dev[0].get_group_status_field('wpa_state') != "COMPLETED":
-            raise Exception("Unexpected wpa_state")
-        dev[0].remove_group()
-    finally:
-        dev[0].request("AUTOSCAN ")
-        dev[0].cmd_execute(['brctl', 'delif', 'p2p-br0', ifname,
-                            '2>', '/dev/null'], shell=True)
-        dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'p2p-br0', 'down',
-                            '2>', '/dev/null'], shell=True)
-        dev[0].cmd_execute(['brctl', 'delbr', 'p2p-br0', '2>', '/dev/null'],
-                           shell=True)
-
-@remote_compatible
-def test_presence_req_on_group_interface(dev):
-    """P2P_PRESENCE_REQ on group interface"""
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    res = autogo(dev[0], freq=2437)
-    res = connect_cli(dev[0], dev[1], social=True, freq=2437)
-    if "FAIL" in dev[1].group_request("P2P_PRESENCE_REQ 30000 102400"):
-        raise Exception("Could not send presence request")
-    ev = dev[1].wait_group_event(["P2P-PRESENCE-RESPONSE"])
-    if ev is None:
-        raise Exception("Timeout while waiting for Presence Response")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_autogo_join_auto_go_not_found(dev):
-    """P2P_CONNECT-auto not finding GO"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("P2P_SET listen_channel 1")
-    wpas.global_request("SET p2p_no_group_iface 0")
-    autogo(wpas, freq=2412)
-    addr = wpas.p2p_dev_addr()
-    bssid = wpas.p2p_interface_addr()
-    wpas.dump_monitor()
-
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    dev[1].scan_for_bss(bssid, freq=2412)
-    # This makes the GO not show up in the scan iteration following the
-    # P2P_CONNECT command by stopping beaconing and handling Probe Request
-    # frames externally (but not really replying to them). P2P listen mode is
-    # needed to keep the GO listening on the operating channel for the PD
-    # exchange.
-    if "OK" not in wpas.group_request("STOP_AP"):
-        raise Exception("STOP_AP failed")
-    wpas.dump_monitor()
-    wpas.group_request("SET ext_mgmt_frame_handling 1")
-    wpas.p2p_listen()
-    wpas.dump_monitor()
-    time.sleep(0.02)
-    dev[1].global_request("P2P_CONNECT " + addr + " pbc auto")
-
-    ev = dev[1].wait_global_event(["P2P-FALLBACK-TO-GO-NEG-ENABLED"], 15)
-    wpas.dump_monitor()
-    if ev is None:
-        raise Exception("Could not trigger old-scan-only case")
-        return
-
-    ev = dev[1].wait_global_event(["P2P-FALLBACK-TO-GO-NEG"], 15)
-    wpas.remove_group()
-    if ev is None:
-        raise Exception("Fallback to GO Negotiation not seen")
-    if "reason=GO-not-found" not in ev:
-        raise Exception("Unexpected reason for fallback: " + ev)
-    wpas.dump_monitor()
-
-def test_autogo_join_auto(dev):
-    """P2P_CONNECT-auto joining a group"""
-    autogo(dev[0])
-    addr = dev[0].p2p_dev_addr()
-    if "OK" not in dev[1].global_request("P2P_CONNECT " + addr + " pbc auto"):
-        raise Exception("P2P_CONNECT failed")
-
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-PBC-REQ"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on P2P-PROV-DISC-PBC-REQ")
-    if "group=" + dev[0].group_ifname not in ev:
-        raise Exception("Unexpected PD event contents: " + ev)
-    dev[0].group_request("WPS_PBC")
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    dev[1].group_form_result(ev)
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[1].flush_scan_cache()
-
-@remote_compatible
-def test_autogo_join_auto_go_neg(dev):
-    """P2P_CONNECT-auto fallback to GO Neg"""
-    dev[1].flush_scan_cache()
-    dev[0].p2p_listen()
-    addr = dev[0].p2p_dev_addr()
-    if not dev[1].discover_peer(addr, social=True):
-        raise Exception("Peer not found")
-    dev[1].p2p_stop_find()
-    if "OK" not in dev[1].global_request("P2P_CONNECT " + addr + " pbc auto"):
-        raise Exception("P2P_CONNECT failed")
-
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on P2P-GO-NEG-REQUEST")
-    peer = ev.split(' ')[1]
-    dev[0].p2p_go_neg_init(peer, None, "pbc", timeout=15, go_intent=15)
-
-    ev = dev[1].wait_global_event(["P2P-FALLBACK-TO-GO-NEG"], timeout=1)
-    if ev is None:
-        raise Exception("No P2P-FALLBACK-TO-GO-NEG event seen")
-    if "P2P-FALLBACK-TO-GO-NEG-ENABLED" in ev:
-        ev = dev[1].wait_global_event(["P2P-FALLBACK-TO-GO-NEG"], timeout=1)
-        if ev is None:
-            raise Exception("No P2P-FALLBACK-TO-GO-NEG event seen")
-    if "reason=peer-not-running-GO" not in ev:
-        raise Exception("Unexpected reason: " + ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    dev[1].group_form_result(ev)
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[1].flush_scan_cache()
-
-@remote_compatible
-def test_autogo_join_auto_go_neg_after_seeing_go(dev):
-    """P2P_CONNECT-auto fallback to GO Neg after seeing GO"""
-    autogo(dev[0], freq=2412)
-    addr = dev[0].p2p_dev_addr()
-    bssid = dev[0].p2p_interface_addr()
-    dev[1].scan_for_bss(bssid, freq=2412)
-    dev[0].remove_group()
-    dev[0].p2p_listen()
-
-    if "OK" not in dev[1].global_request("P2P_CONNECT " + addr + " pbc auto"):
-        raise Exception("P2P_CONNECT failed")
-
-    ev = dev[1].wait_global_event(["P2P-FALLBACK-TO-GO-NEG-ENABLED"],
-                                  timeout=15)
-    if ev is None:
-        raise Exception("No P2P-FALLBACK-TO-GO-NEG-ENABLED event seen")
-
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on P2P-GO-NEG-REQUEST")
-    peer = ev.split(' ')[1]
-    dev[0].p2p_go_neg_init(peer, None, "pbc", timeout=15, go_intent=15)
-
-    ev = dev[1].wait_global_event(["P2P-FALLBACK-TO-GO-NEG"], timeout=1)
-    if ev is None:
-        raise Exception("No P2P-FALLBACK-TO-GO-NEG event seen")
-    if "reason=no-ACK-to-PD-Req" not in ev and "reason=PD-failed" not in ev:
-        raise Exception("Unexpected reason: " + ev)
-
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    dev[1].group_form_result(ev)
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[1].flush_scan_cache()
-
-def test_go_search_non_social(dev):
-    """P2P_FIND with freq parameter to scan a single channel"""
-    addr0 = dev[0].p2p_dev_addr()
-    autogo(dev[0], freq=2422)
-    dev[1].p2p_find(freq=2422)
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=3.5)
-    if ev is None:
-        dev[1].p2p_stop_find()
-        dev[1].p2p_find(freq=2422)
-        ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=3.5)
-        if ev is None:
-            raise Exception("Did not find GO quickly enough")
-    dev[2].p2p_listen()
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Did not find peer")
-    dev[2].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    dev[0].remove_group()
-
-def test_go_search_non_social2(dev):
-    """P2P_FIND with freq parameter to scan a single channel (2)"""
-    addr0 = dev[0].p2p_dev_addr()
-    dev[1].p2p_find(freq=2422)
-    # Wait for the first p2p_find scan round to complete before starting GO
-    time.sleep(1)
-    autogo(dev[0], freq=2422)
-    # Verify that p2p_find is still scanning the specified frequency
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        dev[1].p2p_stop_find()
-        raise Exception("Did not find GO quickly enough")
-    # Verify that p2p_find is scanning the social channels
-    dev[2].p2p_listen()
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Did not find peer")
-    dev[2].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    dev[0].remove_group()
-    dev[1].dump_monitor()
-
-    # Verify that social channel as the specific channel works
-    dev[1].p2p_find(freq=2412)
-    time.sleep(0.5)
-    dev[2].p2p_listen()
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Did not find peer (2)")
-
-def test_autogo_many(dev):
-    """P2P autonomous GO with large number of GO instances"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    for i in range(100):
-        if "OK" not in dev[0].global_request("P2P_GROUP_ADD freq=2412"):
-            logger.info("Was able to add %d groups" % i)
-            if i < 5:
-                raise Exception("P2P_GROUP_ADD failed")
-            stop_ev = dev[0].wait_global_event(["P2P-GROUP-REMOVE"], timeout=1)
-            if stop_ev is not None:
-                raise Exception("Unexpected P2P-GROUP-REMOVE event")
-            break
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("GO start up timed out")
-        dev[0].group_form_result(ev)
-
-    for i in dev[0].global_request("INTERFACES").splitlines():
-        dev[0].request("P2P_GROUP_REMOVE " + i)
-        dev[0].dump_monitor()
-    dev[0].request("P2P_GROUP_REMOVE *")
-
-def test_autogo_many_clients(dev):
-    """P2P autonomous GO and many clients (P2P IE fragmentation)"""
-    try:
-        _test_autogo_many_clients(dev)
-    finally:
-        dev[0].global_request("SET device_name Device A")
-        dev[1].global_request("SET device_name Device B")
-        dev[2].global_request("SET device_name Device C")
-
-def _test_autogo_many_clients(dev):
-    # These long device names will push the P2P IE contents beyond the limit
-    # that requires fragmentation.
-    name0 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
-    name1 = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
-    name2 = "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
-    name3 = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
-    dev[0].global_request("SET device_name " + name0)
-    dev[1].global_request("SET device_name " + name1)
-    dev[2].global_request("SET device_name " + name2)
-
-    addr0 = dev[0].p2p_dev_addr()
-    res = autogo(dev[0], freq=2412)
-    bssid = dev[0].p2p_interface_addr()
-
-    connect_cli(dev[0], dev[1], social=True, freq=2412)
-    dev[0].dump_monitor()
-    connect_cli(dev[0], dev[2], social=True, freq=2412)
-    dev[0].dump_monitor()
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.global_request("SET device_name " + name3)
-    wpas.global_request("SET sec_device_type 1-11111111-1")
-    wpas.global_request("SET sec_device_type 2-22222222-2")
-    wpas.global_request("SET sec_device_type 3-33333333-3")
-    wpas.global_request("SET sec_device_type 4-44444444-4")
-    wpas.global_request("SET sec_device_type 5-55555555-5")
-    connect_cli(dev[0], wpas, social=True, freq=2412)
-    dev[0].dump_monitor()
-
-    dev[1].dump_monitor()
-    dev[1].p2p_find(freq=2412)
-    ev1 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev1 is None:
-        raise Exception("Could not find peer (1)")
-    ev2 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev2 is None:
-        raise Exception("Could not find peer (2)")
-    ev3 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev3 is None:
-        raise Exception("Could not find peer (3)")
-    dev[1].p2p_stop_find()
-
-    for i in [name0, name2, name3]:
-        if i not in ev1 and i not in ev2 and i not in ev3:
-            raise Exception('name "%s" not found' % i)
-
-def rx_pd_req(dev):
-    msg = dev.mgmt_rx()
-    if msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_PROV_DISC_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    p2p['freq'] = msg['freq']
-    return p2p
-
-@remote_compatible
-def test_autogo_scan(dev):
-    """P2P autonomous GO and no P2P IE in Probe Response scan results"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].p2p_start_go(freq=2412, persistent=True)
-    bssid = dev[0].p2p_interface_addr()
-
-    dev[1].discover_peer(addr0)
-    dev[1].p2p_stop_find()
-    ev = dev[1].wait_global_event(["P2P-FIND-STOPPED"], timeout=2)
-    time.sleep(0.1)
-    dev[1].flush_scan_cache()
-
-    pin = dev[1].wps_read_pin()
-    dev[0].group_request("WPS_PIN any " + pin)
-
-    try:
-        dev[1].request("SET p2p_disabled 1")
-        dev[1].request("SCAN freq=2412")
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-        if ev is None:
-            raise Exception("Active scan did not complete")
-    finally:
-        dev[1].request("SET p2p_disabled 0")
-
-    for i in range(2):
-        dev[1].request("SCAN freq=2412 passive=1")
-        ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-        if ev is None:
-            raise Exception("Scan did not complete")
-
-    # Disable management frame processing for a moment to skip Probe Response
-    # frame with P2P IE.
-    dev[0].group_request("SET ext_mgmt_frame_handling 1")
-
-    dev[1].global_request("P2P_CONNECT " + bssid + " " + pin + " freq=2412 join")
-
-    # Skip the first Probe Request frame
-    ev = dev[0].wait_group_event(["MGMT-RX"], timeout=10)
-    if ev is None:
-        raise Exception("No Probe Request frame seen")
-    if not ev.split(' ')[4].startswith("40"):
-        raise Exception("Not a Probe Request frame")
-
-    # If a P2P Device is not used, the PD Request will be received on the group
-    # interface (which is actually wlan0, since a separate interface is not
-    # used), which was set to external management frame handling, so need to
-    # reply to it manually.
-    res = dev[0].get_driver_status()
-    if not (int(res['capa.flags'], 0) & 0x20000000):
-        # Reply to PD Request while still filtering Probe Request frames
-        msg = rx_pd_req(dev[0])
-        mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=10 no_cck=1 action={}".format(addr1, addr0, 2412, "0409506f9a0908%02xdd0a0050f204100800020008" % msg['dialog_token']))
-
-    # Skip Probe Request frames until something else is received
-    for i in range(10):
-        ev = dev[0].wait_group_event(["MGMT-RX"], timeout=10)
-        if ev is None:
-            raise Exception("No frame seen")
-        if not ev.split(' ')[4].startswith("40"):
-            break
-
-    # Allow wpa_supplicant to process authentication and association
-    dev[0].group_request("SET ext_mgmt_frame_handling 0")
-
-    # Joining the group should succeed and indicate persistent group based on
-    # Beacon frame P2P IE.
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("Failed to join group")
-    if "[PERSISTENT]" not in ev:
-        raise Exception("Did not recognize group as persistent")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-@remote_compatible
-def test_autogo_join_before_found(dev):
-    """P2P client joining a group before having found GO Device Address"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    res = autogo(dev[0], freq=2412)
-    if "p2p-wlan" not in res['ifname']:
-        raise Exception("Unexpected group interface name on GO")
-    status = dev[0].get_group_status()
-    bssid = status['bssid']
-
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    cmd = "P2P_CONNECT " + bssid + " " + pin + " join freq=2412"
-    if "OK" not in dev[1].global_request(cmd):
-        raise Exception("P2P_CONNECT join failed")
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Joining the group timed out")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_autogo_noa(dev):
-    """P2P autonomous GO and NoA"""
-    res = autogo(dev[0])
-    dev[0].group_request("P2P_SET noa 1,5,20")
-    dev[0].group_request("P2P_SET noa 255,10,50")
-
-    # Connect and disconnect legacy STA to check NoA special cases
-    try:
-        dev[1].request("SET p2p_disabled 1")
-        dev[1].connect(ssid=res['ssid'], psk=res['passphrase'], proto='RSN',
-                       key_mgmt='WPA-PSK', pairwise='CCMP', group='CCMP',
-                       scan_freq=res['freq'])
-        dev[0].group_request("P2P_SET noa 255,15,55")
-        dev[1].request("DISCONNECT")
-        dev[1].wait_disconnected()
-    finally:
-        dev[1].request("SET p2p_disabled 0")
-
-    dev[0].group_request("P2P_SET noa 0,0,0")
-
-def test_autogo_interworking(dev):
-    """P2P autonomous GO and Interworking"""
-    try:
-        run_autogo_interworking(dev)
-    finally:
-        dev[0].set("go_interworking", "0")
-
-def run_autogo_interworking(dev):
-    dev[0].global_request("SET go_interworking 1")
-    dev[0].global_request("SET go_access_network_type 1")
-    dev[0].global_request("SET go_internet 1")
-    dev[0].global_request("SET go_venue_group 2")
-    dev[0].global_request("SET go_venue_type 3")
-    res = autogo(dev[0])
-    bssid = dev[0].p2p_interface_addr()
-    dev[1].scan_for_bss(bssid, freq=res['freq'])
-    bss = dev[1].get_bss(bssid)
-    dev[0].remove_group()
-    if '6b03110203' not in bss['ie']:
-        raise Exception("Interworking element not seen")
-
-def test_autogo_remove_iface(dev):
-    """P2P autonomous GO and interface being removed"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.global_request("SET p2p_no_group_iface 1")
-    wpas.set("p2p_group_idle", "1")
-    autogo(wpas)
-    wpas.global_request("P2P_SET disallow_freq 5000")
-    time.sleep(0.1)
-    wpas.global_request("INTERFACE_REMOVE " + wpas.ifname)
-    time.sleep(1)
diff --git a/tests/hwsim/test_p2p_channel.py b/tests/hwsim/test_p2p_channel.py
deleted file mode 100644
index d57234dadb64..000000000000
--- a/tests/hwsim/test_p2p_channel.py
+++ /dev/null
@@ -1,1384 +0,0 @@
-# P2P channel selection test cases
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import os
-import subprocess
-import time
-
-import hostapd
-import hwsim_utils
-from tshark import run_tshark
-from wpasupplicant import WpaSupplicant
-from hwsim import HWSimRadio
-from p2p_utils import *
-from utils import *
-
-def set_country(country, dev=None):
-    subprocess.call(['iw', 'reg', 'set', country])
-    time.sleep(0.1)
-    if dev:
-        for i in range(10):
-            ev = dev.wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=15)
-            if ev is None:
-                raise Exception("No regdom change event seen")
-            if "type=COUNTRY alpha2=" + country in ev:
-                return
-        raise Exception("No matching regdom event seen for set_country(%s)" % country)
-
-def test_p2p_channel_5ghz(dev):
-    """P2P group formation with 5 GHz preference"""
-    try:
-        set_country("US", dev[0])
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not follow 5 GHz preference" % freq)
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_5ghz_no_vht(dev):
-    """P2P group formation with 5 GHz preference when VHT channels are disallowed"""
-    try:
-        set_country("US", dev[0])
-        dev[0].global_request("P2P_SET disallow_freq 5180-5240")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not follow 5 GHz preference" % freq)
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_random_social(dev):
-    """P2P group formation with 5 GHz preference but all 5 GHz channels disabled"""
-    try:
-        set_country("US", dev[0])
-        dev[0].global_request("SET p2p_oper_channel 11")
-        dev[0].global_request("P2P_SET disallow_freq 5000-6000,2462")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq not in [2412, 2437, 2462]:
-            raise Exception("Unexpected channel %d MHz - did not pick random social channel" % freq)
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_random(dev):
-    """P2P group formation with 5 GHz preference but all 5 GHz channels and all social channels disabled"""
-    try:
-        set_country("US", dev[0])
-        dev[0].global_request("SET p2p_oper_channel 11")
-        dev[0].global_request("P2P_SET disallow_freq 5000-6000,2412,2437,2462")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq > 2500 or freq in [2412, 2437, 2462]:
-            raise Exception("Unexpected channel %d MHz" % freq)
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_random_social_with_op_class_change(dev, apdev, params):
-    """P2P group formation using random social channel with oper class change needed"""
-    try:
-        set_country("US", dev[0])
-        logger.info("Start group on 5 GHz")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not pick 5 GHz preference" % freq)
-        remove_group(dev[0], dev[1])
-
-        logger.info("Disable 5 GHz and try to re-start group based on 5 GHz preference")
-        dev[0].global_request("SET p2p_oper_reg_class 115")
-        dev[0].global_request("SET p2p_oper_channel 36")
-        dev[0].global_request("P2P_SET disallow_freq 5000-6000")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq not in [2412, 2437, 2462]:
-            raise Exception("Unexpected channel %d MHz - did not pick random social channel" % freq)
-        remove_group(dev[0], dev[1])
-
-        out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                         "wifi_p2p.public_action.subtype == 0")
-        if out is not None:
-            last = None
-            for l in out.splitlines():
-                if "Operating Channel:" not in l:
-                    continue
-                last = l
-            if last is None:
-                raise Exception("Could not find GO Negotiation Request")
-            if "Operating Class 81" not in last:
-                raise Exception("Unexpected operating class: " + last.strip())
-    finally:
-        set_country("00")
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[0].global_request("SET p2p_oper_reg_class 0")
-        dev[0].global_request("SET p2p_oper_channel 0")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_avoid(dev):
-    """P2P and avoid frequencies driver event"""
-    try:
-        set_country("US", dev[0])
-        if "OK" not in dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES 5000-6000,2412,2437,2462"):
-            raise Exception("Could not simulate driver event")
-        ev = dev[0].wait_event(["CTRL-EVENT-AVOID-FREQ"], timeout=10)
-        if ev is None:
-            raise Exception("No CTRL-EVENT-AVOID-FREQ event")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq > 2500 or freq in [2412, 2437, 2462]:
-            raise Exception("Unexpected channel %d MHz" % freq)
-
-        if "OK" not in dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES"):
-            raise Exception("Could not simulate driver event(2)")
-        ev = dev[0].wait_event(["CTRL-EVENT-AVOID-FREQ"], timeout=10)
-        if ev is None:
-            raise Exception("No CTRL-EVENT-AVOID-FREQ event")
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"], timeout=1)
-        if ev is not None:
-            raise Exception("Unexpected + " + ev + " event")
-
-        if "OK" not in dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES " + str(freq)):
-            raise Exception("Could not simulate driver event(3)")
-        ev = dev[0].wait_event(["CTRL-EVENT-AVOID-FREQ"], timeout=10)
-        if ev is None:
-            raise Exception("No CTRL-EVENT-AVOID-FREQ event")
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"],
-                                     timeout=10)
-        if ev is None:
-            raise Exception("No P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED event")
-    finally:
-        set_country("00")
-        dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_avoid2(dev):
-    """P2P and avoid frequencies driver event on 5 GHz"""
-    try:
-        set_country("US", dev[0])
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False,
-                                               i_max_oper_chwidth=80,
-                                               i_ht40=True, i_vht=True)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz" % freq)
-
-        if "OK" not in dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES " + str(freq)):
-            raise Exception("Could not simulate driver event(2)")
-        ev = dev[0].wait_event(["CTRL-EVENT-AVOID-FREQ"], timeout=10)
-        if ev is None:
-            raise Exception("No CTRL-EVENT-AVOID-FREQ event")
-        ev = dev[0].wait_group_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=10)
-        if ev is None:
-            raise Exception("No channel switch event seen")
-        if "ch_width=80 MHz" not in ev:
-            raise Exception("Could not move to a VHT80 channel")
-        ev = dev[0].wait_group_event(["AP-CSA-FINISHED"], timeout=1)
-        if ev is None:
-            raise Exception("No AP-CSA-FINISHED event seen")
-    finally:
-        set_country("00")
-        dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_avoid3(dev):
-    """P2P and avoid frequencies driver event on 5 GHz"""
-    try:
-        dev[0].global_request("SET p2p_pref_chan 128:44")
-        set_country("CN", dev[0])
-        form(dev[0], dev[1])
-        set_country("CN", dev[0])
-        [i_res, r_res] = invite_from_go(dev[0], dev[1], terminate=False,
-                                        extra="ht40 vht")
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz" % freq)
-
-        if "OK" not in dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES 5180-5320,5500-5640"):
-            raise Exception("Could not simulate driver event(2)")
-        ev = dev[0].wait_event(["CTRL-EVENT-AVOID-FREQ"], timeout=10)
-        if ev is None:
-            raise Exception("No CTRL-EVENT-AVOID-FREQ event")
-        ev = dev[0].wait_group_event(["CTRL-EVENT-CHANNEL-SWITCH"], timeout=10)
-        if ev is None:
-            raise Exception("No channel switch event seen")
-        if "ch_width=80 MHz" not in ev:
-            raise Exception("Could not move to a VHT80 channel")
-        ev = dev[0].wait_group_event(["AP-CSA-FINISHED"], timeout=1)
-        if ev is None:
-            raise Exception("No AP-CSA-FINISHED event seen")
-    finally:
-        set_country("00")
-        dev[0].request("DRIVER_EVENT AVOID_FREQUENCIES")
-        dev[0].global_request("SET p2p_pref_chan ")
-        dev[1].flush_scan_cache()
-
-@remote_compatible
-def test_autogo_following_bss(dev, apdev):
-    """P2P autonomous GO operate on the same channel as station interface"""
-    if dev[0].get_mcc() > 1:
-        logger.info("test mode: MCC")
-
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    channels = {3: "2422", 5: "2432", 9: "2452"}
-    for key in channels:
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test',
-                                         "channel": str(key)})
-        dev[0].connect("ap-test", key_mgmt="NONE",
-                       scan_freq=str(channels[key]))
-        res_go = autogo(dev[0])
-        if res_go['freq'] != channels[key]:
-            raise Exception("Group operation channel is not the same as on connected station interface")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        dev[0].remove_group(res_go['ifname'])
-
-@remote_compatible
-def test_go_neg_with_bss_connected(dev, apdev):
-    """P2P channel selection: GO negotiation when station interface is connected"""
-
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": 'bss-2.4ghz', "channel": '5'})
-    dev[0].connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2432")
-    #dev[0] as GO
-    [i_res, r_res] = go_neg_pbc(i_dev=dev[0], i_intent=10, r_dev=dev[1],
-                                r_intent=1)
-    check_grpform_results(i_res, r_res)
-    if i_res['role'] != "GO":
-       raise Exception("GO not selected according to go_intent")
-    if i_res['freq'] != "2432":
-       raise Exception("Group formed on a different frequency than BSS")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].remove_group(i_res['ifname'])
-    dev[1].wait_go_ending_session()
-
-    if dev[0].get_mcc() > 1:
-        logger.info("Skip as-client case due to MCC being enabled")
-        return
-
-    #dev[0] as client
-    [i_res2, r_res2] = go_neg_pbc(i_dev=dev[0], i_intent=1, r_dev=dev[1],
-                                  r_intent=10)
-    check_grpform_results(i_res2, r_res2)
-    if i_res2['role'] != "client":
-       raise Exception("GO not selected according to go_intent")
-    if i_res2['freq'] != "2432":
-       raise Exception("Group formed on a different frequency than BSS")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[1].remove_group(r_res2['ifname'])
-    dev[0].wait_go_ending_session()
-    dev[0].request("DISCONNECT")
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-def test_autogo_with_bss_on_disallowed_chan(dev, apdev):
-    """P2P channel selection: Autonomous GO with BSS on a disallowed channel"""
-
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        try:
-            hapd = hostapd.add_ap(apdev[0], {"ssid": 'bss-2.4ghz',
-                                             "channel": '1'})
-            wpas.global_request("P2P_SET disallow_freq 2412")
-            wpas.connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2412")
-            res = autogo(wpas)
-            if res['freq'] == "2412":
-               raise Exception("GO set on a disallowed channel")
-            hwsim_utils.test_connectivity(wpas, hapd)
-        finally:
-            wpas.global_request("P2P_SET disallow_freq ")
-
-def test_go_neg_with_bss_on_disallowed_chan(dev, apdev):
-    """P2P channel selection: GO negotiation with station interface on a disallowed channel"""
-
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        try:
-            hapd = hostapd.add_ap(apdev[0],
-                                  {"ssid": 'bss-2.4ghz', "channel": '1'})
-            # make sure PBC overlap from old test cases is not maintained
-            dev[1].flush_scan_cache()
-            wpas.connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2412")
-            wpas.global_request("P2P_SET disallow_freq 2412")
-
-            #wpas as GO
-            [i_res, r_res] = go_neg_pbc(i_dev=wpas, i_intent=10, r_dev=dev[1],
-                                        r_intent=1)
-            check_grpform_results(i_res, r_res)
-            if i_res['role'] != "GO":
-               raise Exception("GO not selected according to go_intent")
-            if i_res['freq'] == "2412":
-               raise Exception("Group formed on a disallowed channel")
-            hwsim_utils.test_connectivity(wpas, hapd)
-            wpas.remove_group(i_res['ifname'])
-            dev[1].wait_go_ending_session()
-            dev[1].flush_scan_cache()
-
-            wpas.dump_monitor()
-            dev[1].dump_monitor()
-
-            #wpas as client
-            [i_res2, r_res2] = go_neg_pbc(i_dev=wpas, i_intent=1, r_dev=dev[1],
-                                          r_intent=10)
-            check_grpform_results(i_res2, r_res2)
-            if i_res2['role'] != "client":
-               raise Exception("GO not selected according to go_intent")
-            if i_res2['freq'] == "2412":
-               raise Exception("Group formed on a disallowed channel")
-            hwsim_utils.test_connectivity(wpas, hapd)
-            dev[1].remove_group(r_res2['ifname'])
-            wpas.wait_go_ending_session()
-            ev = dev[1].wait_global_event(["P2P-GROUP-REMOVED"], timeout=5)
-            if ev is None:
-                raise Exception("Group removal not indicated")
-            wpas.request("DISCONNECT")
-            hapd.disable()
-        finally:
-            wpas.global_request("P2P_SET disallow_freq ")
-
-def test_autogo_force_diff_channel(dev, apdev):
-    """P2P autonomous GO and station interface operate on different channels"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        hapd = hostapd.add_ap(apdev[0],
-                              {"ssid": 'ap-test', "channel": '1'})
-        wpas.connect("ap-test", key_mgmt="NONE", scan_freq="2412")
-        wpas.dump_monitor()
-        channels = {2: 2417, 5: 2432, 9: 2452}
-        for key in channels:
-            res_go = autogo(wpas, channels[key])
-            wpas.dump_monitor()
-            hwsim_utils.test_connectivity(wpas, hapd)
-            if int(res_go['freq']) == 2412:
-                raise Exception("Group operation channel is: 2412 excepted: " + res_go['freq'])
-            wpas.remove_group(res_go['ifname'])
-            wpas.dump_monitor()
-
-def test_go_neg_forced_freq_diff_than_bss_freq(dev, apdev):
-    """P2P channel selection: GO negotiation with forced freq different than station interface"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        # Clear possible PBC session overlap from previous test case
-        dev[1].flush_scan_cache()
-
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        hapd = hostapd.add_ap(apdev[0],
-                              {"country_code": 'US',
-                               "ssid": 'bss-5ghz', "hw_mode": 'a',
-                               "channel": '40'})
-        wpas.connect("bss-5ghz", key_mgmt="NONE", scan_freq="5200")
-
-        # GO and peer force the same freq, different than BSS freq,
-        # wpas to become GO
-        [i_res, r_res] = go_neg_pbc(i_dev=dev[1], i_intent=1, i_freq=5180,
-                                    r_dev=wpas, r_intent=14, r_freq=5180)
-        check_grpform_results(i_res, r_res)
-        if i_res['freq'] != "5180":
-           raise Exception("P2P group formed on unexpected frequency: " + i_res['freq'])
-        if r_res['role'] != "GO":
-           raise Exception("GO not selected according to go_intent")
-        hwsim_utils.test_connectivity(wpas, hapd)
-        wpas.remove_group(r_res['ifname'])
-        dev[1].wait_go_ending_session()
-        dev[1].flush_scan_cache()
-
-        # GO and peer force the same freq, different than BSS freq, wpas to
-        # become client
-        [i_res2, r_res2] = go_neg_pbc(i_dev=dev[1], i_intent=14, i_freq=2422,
-                                      r_dev=wpas, r_intent=1, r_freq=2422)
-        check_grpform_results(i_res2, r_res2)
-        if i_res2['freq'] != "2422":
-           raise Exception("P2P group formed on unexpected frequency: " + i_res2['freq'])
-        if r_res2['role'] != "client":
-           raise Exception("GO not selected according to go_intent")
-        hwsim_utils.test_connectivity(wpas, hapd)
-
-        hapd.request("DISABLE")
-        wpas.request("DISCONNECT")
-        wpas.request("ABORT_SCAN")
-        wpas.wait_disconnected()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        wpas.flush_scan_cache()
-
-@remote_compatible
-def test_go_pref_chan_bss_on_diff_chan(dev, apdev):
-    """P2P channel selection: Station on different channel than GO configured pref channel"""
-
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    try:
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'bss-2.4ghz',
-                                         "channel": '1'})
-        dev[0].global_request("SET p2p_pref_chan 81:2")
-        dev[0].connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2412")
-        res = autogo(dev[0])
-        if res['freq'] != "2412":
-           raise Exception("GO channel did not follow BSS")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        dev[0].global_request("SET p2p_pref_chan ")
-
-def test_go_pref_chan_bss_on_disallowed_chan(dev, apdev):
-    """P2P channel selection: Station interface on different channel than GO configured pref channel, and station channel is disallowed"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        try:
-            hapd = hostapd.add_ap(apdev[0], {"ssid": 'bss-2.4ghz',
-                                             "channel": '1'})
-            wpas.global_request("P2P_SET disallow_freq 2412")
-            wpas.global_request("SET p2p_pref_chan 81:2")
-            wpas.connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2412")
-            res2 = autogo(wpas)
-            if res2['freq'] != "2417":
-               raise Exception("GO channel did not follow pref_chan configuration")
-            hwsim_utils.test_connectivity(wpas, hapd)
-        finally:
-            wpas.global_request("P2P_SET disallow_freq ")
-            wpas.global_request("SET p2p_pref_chan ")
-
-@remote_compatible
-def test_no_go_freq(dev, apdev):
-    """P2P channel selection: no GO freq"""
-    try:
-       dev[0].global_request("SET p2p_no_go_freq 2412")
-       # dev[0] as client, channel 1 is ok
-       [i_res, r_res] = go_neg_pbc(i_dev=dev[0], i_intent=1,
-                                   r_dev=dev[1], r_intent=14, r_freq=2412)
-       check_grpform_results(i_res, r_res)
-       if i_res['freq'] != "2412":
-          raise Exception("P2P group not formed on forced freq")
-
-       dev[1].remove_group(r_res['ifname'])
-       dev[0].wait_go_ending_session()
-       dev[0].flush_scan_cache()
-
-       fail = False
-       # dev[0] as GO, channel 1 is not allowed
-       try:
-          dev[0].global_request("SET p2p_no_go_freq 2412")
-          [i_res2, r_res2] = go_neg_pbc(i_dev=dev[0], i_intent=14,
-                                        r_dev=dev[1], r_intent=1, r_freq=2412)
-          check_grpform_results(i_res2, r_res2)
-          fail = True
-       except:
-           pass
-       if fail:
-           raise Exception("GO set on a disallowed freq")
-    finally:
-       dev[0].global_request("SET p2p_no_go_freq ")
-
-@remote_compatible
-def test_go_neg_peers_force_diff_freq(dev, apdev):
-    """P2P channel selection when peers for different frequency"""
-    try:
-       [i_res2, r_res2] = go_neg_pbc(i_dev=dev[0], i_intent=14, i_freq=5180,
-                                     r_dev=dev[1], r_intent=0, r_freq=5200)
-    except Exception as e:
-        return
-    raise Exception("Unexpected group formation success")
-
-@remote_compatible
-def test_autogo_random_channel(dev, apdev):
-    """P2P channel selection: GO instantiated on random channel 1, 6, 11"""
-    freqs = []
-    go_freqs = ["2412", "2437", "2462"]
-    for i in range(0, 20):
-        result = autogo(dev[0])
-        if result['freq'] not in go_freqs:
-           raise Exception("Unexpected frequency selected: " + result['freq'])
-        if result['freq'] not in freqs:
-            freqs.append(result['freq'])
-        if len(freqs) == 3:
-            break
-        dev[0].remove_group(result['ifname'])
-    if i == 20:
-       raise Exception("GO created 20 times and not all social channels were selected. freqs not selected: " + str(list(set(go_freqs) - set(freqs))))
-
-@remote_compatible
-def test_p2p_autogo_pref_chan_disallowed(dev, apdev):
-    """P2P channel selection: GO preferred channels are disallowed"""
-    try:
-       dev[0].global_request("SET p2p_pref_chan 81:1,81:3,81:6,81:9,81:11")
-       dev[0].global_request("P2P_SET disallow_freq 2412,2422,2437,2452,2462")
-       for i in range(0, 5):
-           res = autogo(dev[0])
-           if res['freq'] in ["2412", "2422", "2437", "2452", "2462"]:
-               raise Exception("GO channel is disallowed")
-           dev[0].remove_group(res['ifname'])
-    finally:
-       dev[0].global_request("P2P_SET disallow_freq ")
-       dev[0].global_request("SET p2p_pref_chan ")
-
-def test_p2p_autogo_pref_chan_not_in_regulatory(dev, apdev):
-    """P2P channel selection: GO preferred channel not allowed in the regulatory rules"""
-    try:
-        set_country("US", dev[0])
-        dev[0].global_request("SET p2p_pref_chan 124:149")
-        res = autogo(dev[0], persistent=True)
-        if res['freq'] != "5745":
-            raise Exception("Unexpected channel selected: " + res['freq'])
-        dev[0].remove_group(res['ifname'])
-
-        netw = dev[0].list_networks(p2p=True)
-        if len(netw) != 1:
-            raise Exception("Unexpected number of network blocks: " + str(netw))
-        id = netw[0]['id']
-
-        set_country("JP", dev[0])
-        res = autogo(dev[0], persistent=id)
-        if res['freq'] == "5745":
-            raise Exception("Unexpected channel selected(2): " + res['freq'])
-        dev[0].remove_group(res['ifname'])
-    finally:
-        dev[0].global_request("SET p2p_pref_chan ")
-        clear_regdom_dev(dev)
-
-def run_autogo(dev, param):
-    if "OK" not in dev.global_request("P2P_GROUP_ADD " + param):
-        raise Exception("P2P_GROUP_ADD failed: " + param)
-    ev = dev.wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("GO start up timed out")
-    res = dev.group_form_result(ev)
-    dev.remove_group()
-    return res
-
-def _test_autogo_ht_vht(dev):
-    res = run_autogo(dev[0], "ht40")
-
-    res = run_autogo(dev[0], "vht")
-
-    res = run_autogo(dev[0], "freq=2")
-    freq = int(res['freq'])
-    if freq < 2412 or freq > 2462:
-        raise Exception("Unexpected freq=2 channel: " + str(freq))
-
-    res = run_autogo(dev[0], "freq=5")
-    freq = int(res['freq'])
-    if freq < 5000 or freq >= 6000:
-        raise Exception("Unexpected freq=5 channel: " + str(freq))
-
-    res = run_autogo(dev[0], "freq=5 ht40 vht")
-    logger.info(str(res))
-    freq = int(res['freq'])
-    if freq < 5000 or freq >= 6000:
-        raise Exception("Unexpected freq=5 ht40 vht channel: " + str(freq))
-
-def test_autogo_ht_vht(dev):
-    """P2P autonomous GO with HT/VHT parameters"""
-    try:
-        set_country("US", dev[0])
-        _test_autogo_ht_vht(dev)
-    finally:
-        clear_regdom_dev(dev)
-
-def test_p2p_listen_chan_optimize(dev, apdev):
-    """P2P listen channel optimization"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr5 = wpas.p2p_dev_addr()
-    try:
-        if "OK" not in wpas.global_request("SET p2p_optimize_listen_chan 1"):
-            raise Exception("Failed to set p2p_optimize_listen_chan")
-        wpas.p2p_listen()
-        if not dev[0].discover_peer(addr5):
-            raise Exception("Could not discover peer")
-        peer = dev[0].get_peer(addr5)
-        lfreq = peer['listen_freq']
-        wpas.p2p_stop_find()
-        dev[0].p2p_stop_find()
-
-        channel = "1" if lfreq != '2412' else "6"
-        freq = "2412" if lfreq != '2412' else "2437"
-        params = {"ssid": "test-open", "channel": channel}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        id = wpas.connect("test-open", key_mgmt="NONE", scan_freq=freq)
-        wpas.p2p_listen()
-
-        if "OK" not in dev[0].global_request("P2P_FLUSH"):
-            raise Exception("P2P_FLUSH failed")
-        if not dev[0].discover_peer(addr5):
-            raise Exception("Could not discover peer")
-        peer = dev[0].get_peer(addr5)
-        lfreq2 = peer['listen_freq']
-        if lfreq == lfreq2:
-            raise Exception("Listen channel did not change")
-        if lfreq2 != freq:
-            raise Exception("Listen channel not on AP's operating channel")
-        wpas.p2p_stop_find()
-        dev[0].p2p_stop_find()
-
-        wpas.request("DISCONNECT")
-        wpas.wait_disconnected()
-
-        # for larger coverage, cover case of current channel matching
-        wpas.select_network(id)
-        wpas.wait_connected()
-        wpas.request("DISCONNECT")
-        wpas.wait_disconnected()
-
-        lchannel = "1" if channel != "1" else "6"
-        lfreq3 = "2412" if channel != "1" else "2437"
-        if "OK" not in wpas.global_request("P2P_SET listen_channel " + lchannel):
-            raise Exception("Failed to set listen channel")
-
-        wpas.select_network(id)
-        wpas.wait_connected()
-        wpas.p2p_listen()
-
-        if "OK" not in dev[0].global_request("P2P_FLUSH"):
-            raise Exception("P2P_FLUSH failed")
-        if not dev[0].discover_peer(addr5):
-            raise Exception("Could not discover peer")
-        peer = dev[0].get_peer(addr5)
-        lfreq4 = peer['listen_freq']
-        if lfreq4 != lfreq3:
-            raise Exception("Unexpected Listen channel after configuration")
-        wpas.p2p_stop_find()
-        dev[0].p2p_stop_find()
-    finally:
-        wpas.global_request("SET p2p_optimize_listen_chan 0")
-
-def test_p2p_channel_5ghz_only(dev):
-    """P2P GO start with only 5 GHz band allowed"""
-    try:
-        set_country("US", dev[0])
-        dev[0].global_request("P2P_SET disallow_freq 2400-2500")
-        res = autogo(dev[0])
-        freq = int(res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz" % freq)
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("P2P_SET disallow_freq ")
-        clear_regdom_dev(dev)
-
-def test_p2p_channel_5ghz_165_169_us(dev):
-    """P2P GO and 5 GHz channels 165 (allowed) and 169 (disallowed) in US"""
-    try:
-        set_country("US", dev[0])
-        res = dev[0].p2p_start_go(freq=5825)
-        if res['freq'] != "5825":
-            raise Exception("Unexpected frequency: " + res['freq'])
-        dev[0].remove_group()
-
-        res = dev[0].global_request("P2P_GROUP_ADD freq=5845")
-        if "FAIL" not in res:
-            raise Exception("GO on channel 169 allowed unexpectedly")
-    finally:
-        clear_regdom_dev(dev)
-
-def wait_go_down_up(dev):
-    ev = dev.wait_group_event(["AP-DISABLED"], timeout=5)
-    if ev is None:
-        raise Exception("AP-DISABLED not seen after P2P-REMOVE-AND-REFORM-GROUP")
-    ev = dev.wait_group_event(["AP-ENABLED"], timeout=5)
-    if ev is None:
-        raise Exception("AP-ENABLED not seen after P2P-REMOVE-AND-REFORM-GROUP")
-
-def test_p2p_go_move_reg_change(dev, apdev):
-    """P2P GO move due to regulatory change"""
-    try:
-        set_country("US")
-        dev[0].global_request("P2P_SET disallow_freq 2400-5000,5700-6000")
-        res = autogo(dev[0])
-        freq1 = int(res['freq'])
-        if freq1 < 5000:
-            raise Exception("Unexpected channel %d MHz" % freq1)
-        dev[0].dump_monitor()
-
-        dev[0].global_request("P2P_SET disallow_freq ")
-
-        # GO move is not allowed while waiting for initial client connection
-        connect_cli(dev[0], dev[1], freq=freq1)
-        dev[1].remove_group()
-        ev = dev[1].wait_global_event(["P2P-GROUP-REMOVED"], timeout=5)
-        if ev is None:
-            raise Exception("P2P-GROUP-REMOVED not reported on client")
-        dev[1].dump_monitor()
-        dev[0].dump_monitor()
-
-        freq = dev[0].get_group_status_field('freq')
-        if int(freq) < 5000:
-            raise Exception("Unexpected freq after initial client: " + freq)
-        dev[0].dump_monitor()
-
-        dev[0].request("NOTE Setting country=BD")
-        set_country("BD")
-        dev[0].request("NOTE Waiting for GO channel change")
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"],
-                                     timeout=10)
-        if ev is None:
-            raise Exception("P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED not seen")
-        if "P2P-REMOVE-AND-REFORM-GROUP" in ev:
-            wait_go_down_up(dev[0])
-
-        freq2 = dev[0].get_group_status_field('freq')
-        if freq1 == freq2:
-            raise Exception("Unexpected freq after group reform=" + freq2)
-
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("P2P_SET disallow_freq ")
-        set_country("00")
-
-def test_p2p_go_move_active(dev, apdev):
-    """P2P GO stays in freq although SCM is possible"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise Exception("New radio does not support MCC")
-
-        ndev = [wpas, dev[1]]
-        _test_p2p_go_move_active(ndev, apdev)
-
-def _test_p2p_go_move_active(dev, apdev):
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    try:
-        dev[0].global_request("P2P_SET disallow_freq 2430-6000")
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test',
-                                         "channel": '11'})
-        dev[0].connect("ap-test", key_mgmt="NONE",
-                       scan_freq="2462")
-
-        res = autogo(dev[0])
-        freq = int(res['freq'])
-        if freq > 2430:
-            raise Exception("Unexpected channel %d MHz" % freq)
-
-        # GO move is not allowed while waiting for initial client connection
-        connect_cli(dev[0], dev[1], freq=freq)
-        dev[1].remove_group()
-
-        freq = dev[0].get_group_status_field('freq')
-        if int(freq) > 2430:
-            raise Exception("Unexpected freq after initial client: " + freq)
-
-        dev[0].dump_monitor()
-        dev[0].global_request("P2P_SET disallow_freq ")
-
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"],
-                                     timeout=10)
-        if ev is not None:
-            raise Exception("Unexpected P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED seen")
-
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("P2P_SET disallow_freq ")
-
-def test_p2p_go_move_scm(dev, apdev):
-    """P2P GO move due to SCM operation preference"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise Exception("New radio does not support MCC")
-
-        ndev = [wpas, dev[1]]
-        _test_p2p_go_move_scm(ndev, apdev)
-
-def _test_p2p_go_move_scm(dev, apdev):
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    try:
-        dev[0].global_request("P2P_SET disallow_freq 2430-6000")
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test',
-                                         "channel": '11'})
-        dev[0].connect("ap-test", key_mgmt="NONE",
-                       scan_freq="2462")
-
-        dev[0].global_request("SET p2p_go_freq_change_policy 0")
-        res = autogo(dev[0])
-        freq = int(res['freq'])
-        if freq > 2430:
-            raise Exception("Unexpected channel %d MHz" % freq)
-
-        # GO move is not allowed while waiting for initial client connection
-        connect_cli(dev[0], dev[1], freq=freq)
-        dev[1].remove_group()
-
-        freq = dev[0].get_group_status_field('freq')
-        if int(freq) > 2430:
-            raise Exception("Unexpected freq after initial client: " + freq)
-
-        dev[0].dump_monitor()
-        dev[0].global_request("P2P_SET disallow_freq ")
-
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"], timeout=3)
-        if ev is None:
-            raise Exception("P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED not seen")
-        if "P2P-REMOVE-AND-REFORM-GROUP" in ev:
-            wait_go_down_up(dev[0])
-
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2462':
-            raise Exception("Unexpected freq after group reform=" + freq)
-
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[0].global_request("SET p2p_go_freq_change_policy 2")
-
-def test_p2p_go_move_scm_peer_supports(dev, apdev):
-    """P2P GO move due to SCM operation preference (peer supports)"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise Exception("New radio does not support MCC")
-
-        ndev = [wpas, dev[1]]
-        _test_p2p_go_move_scm_peer_supports(ndev, apdev)
-
-def _test_p2p_go_move_scm_peer_supports(dev, apdev):
-    try:
-        dev[0].global_request("SET p2p_go_freq_change_policy 1")
-        set_country("US", dev[0])
-
-        dev[0].global_request("SET p2p_no_group_iface 0")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not follow 5 GHz preference" % freq)
-
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test',
-                                         "channel": '11'})
-        logger.info('Connecting client to to an AP on channel 11')
-        dev[0].connect("ap-test", key_mgmt="NONE",
-                       scan_freq="2462")
-
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"], timeout=3)
-        if ev is None:
-            raise Exception("P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED not seen")
-        if "P2P-REMOVE-AND-REFORM-GROUP" in ev:
-            wait_go_down_up(dev[0])
-
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2462':
-            raise Exception("Unexpected freq after group reform=" + freq)
-
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("SET p2p_go_freq_change_policy 2")
-        disable_hapd(hapd)
-        clear_regdom_dev(dev, 1)
-
-def test_p2p_go_move_scm_peer_does_not_support(dev, apdev):
-    """No P2P GO move due to SCM operation (peer does not supports)"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise Exception("New radio does not support MCC")
-
-        ndev = [wpas, dev[1]]
-        _test_p2p_go_move_scm_peer_does_not_support(ndev, apdev)
-
-def _test_p2p_go_move_scm_peer_does_not_support(dev, apdev):
-    try:
-        dev[0].global_request("SET p2p_go_freq_change_policy 1")
-        set_country("US", dev[0])
-
-        dev[0].global_request("SET p2p_no_group_iface 0")
-        if "OK" not in dev[1].request("DRIVER_EVENT AVOID_FREQUENCIES 2400-2500"):
-            raise Exception("Could not simulate driver event")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not follow 5 GHz preference" % freq)
-
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test',
-                                         "channel": '11'})
-        logger.info('Connecting client to to an AP on channel 11')
-        dev[0].connect("ap-test", key_mgmt="NONE",
-                       scan_freq="2462")
-
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"],
-                                     timeout=10)
-        if ev is not None:
-            raise Exception("Unexpected P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED seen")
-
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("SET p2p_go_freq_change_policy 2")
-        dev[1].request("DRIVER_EVENT AVOID_FREQUENCIES")
-        disable_hapd(hapd)
-        clear_regdom_dev(dev, 2)
-
-def test_p2p_go_move_scm_multi(dev, apdev):
-    """P2P GO move due to SCM operation preference multiple times"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise Exception("New radio does not support MCC")
-
-        ndev = [wpas, dev[1]]
-        _test_p2p_go_move_scm_multi(ndev, apdev)
-
-def _test_p2p_go_move_scm_multi(dev, apdev):
-    dev[0].request("SET p2p_no_group_iface 0")
-    try:
-        dev[0].global_request("P2P_SET disallow_freq 2430-6000")
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test-1',
-                                         "channel": '11'})
-        dev[0].connect("ap-test-1", key_mgmt="NONE",
-                       scan_freq="2462")
-
-        dev[0].global_request("SET p2p_go_freq_change_policy 0")
-        res = autogo(dev[0])
-        freq = int(res['freq'])
-        if freq > 2430:
-            raise Exception("Unexpected channel %d MHz" % freq)
-
-        # GO move is not allowed while waiting for initial client connection
-        connect_cli(dev[0], dev[1], freq=freq)
-        dev[1].remove_group()
-
-        freq = dev[0].get_group_status_field('freq')
-        if int(freq) > 2430:
-            raise Exception("Unexpected freq after initial client: " + freq)
-
-        dev[0].dump_monitor()
-        dev[0].global_request("P2P_SET disallow_freq ")
-
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"], timeout=3)
-        if ev is None:
-            raise Exception("P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED not seen")
-        if "P2P-REMOVE-AND-REFORM-GROUP" in ev:
-            wait_go_down_up(dev[0])
-
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2462':
-            raise Exception("Unexpected freq after group reform=" + freq)
-
-        hapd = hostapd.add_ap(apdev[0], {"ssid": 'ap-test-2',
-                                         "channel": '6'})
-        dev[0].connect("ap-test-2", key_mgmt="NONE",
-                       scan_freq="2437")
-
-        ev = dev[0].wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                      "AP-CSA-FINISHED"], timeout=5)
-        if ev is None:
-            raise Exception("(2) P2P-REMOVE-AND-REFORM-GROUP or AP-CSA-FINISHED not seen")
-        if "P2P-REMOVE-AND-REFORM-GROUP" in ev:
-            wait_go_down_up(dev[0])
-
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2437':
-            raise Exception("(2) Unexpected freq after group reform=" + freq)
-
-        dev[0].remove_group()
-    finally:
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[0].global_request("SET p2p_go_freq_change_policy 2")
-
-def test_p2p_delay_go_csa(dev, apdev, params):
-    """P2P GO CSA delayed when inviting a P2P Device to an active P2P Group"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        addr0 = wpas.p2p_dev_addr()
-        addr1 = dev[1].p2p_dev_addr()
-
-        try:
-            dev[1].p2p_listen()
-            if not wpas.discover_peer(addr1, social=True):
-                raise Exception("Peer " + addr1 + " not found")
-            wpas.p2p_stop_find()
-
-            hapd = hostapd.add_ap(apdev[0], {"ssid": 'bss-2.4ghz',
-                                             "channel": '1'})
-
-            wpas.connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2412")
-
-            wpas.global_request("SET p2p_go_freq_change_policy 0")
-            wpas.dump_monitor()
-
-            logger.info("Start GO on channel 6")
-            res = autogo(wpas, freq=2437)
-            if res['freq'] != "2437":
-               raise Exception("GO set on a freq=%s instead of 2437" % res['freq'])
-
-            # Start find on dev[1] to run scans with dev[2] in parallel
-            dev[1].p2p_find(social=True)
-
-            # Use another client device to stop the initial client connection
-            # timeout on the GO
-            if not dev[2].discover_peer(addr0, social=True):
-                raise Exception("Peer2 did not find the GO")
-            dev[2].p2p_stop_find()
-            pin = dev[2].wps_read_pin()
-            wpas.p2p_go_authorize_client(pin)
-            dev[2].global_request("P2P_CONNECT " + addr0 + " " + pin + " join freq=2437")
-            ev = dev[2].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-            if ev is None:
-                raise Exception("Peer2 did not get connected")
-
-            if not dev[1].discover_peer(addr0, social=True):
-                raise Exception("Peer did not find the GO")
-
-            pin = dev[1].wps_read_pin()
-            dev[1].global_request("P2P_CONNECT " + addr0 + " " + pin + " join auth")
-            dev[1].p2p_listen()
-
-            # Force P2P GO channel switch on successful invitation signaling
-            wpas.group_request("SET p2p_go_csa_on_inv 1")
-
-            logger.info("Starting invitation")
-            wpas.p2p_go_authorize_client(pin)
-            wpas.global_request("P2P_INVITE group=" + wpas.group_ifname + " peer=" + addr1)
-            ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED",
-                                           "P2P-GROUP-STARTED"], timeout=10)
-
-            if ev is None:
-                raise Exception("Timeout on invitation on peer")
-            if "P2P-INVITATION-RECEIVED" in ev:
-                raise Exception("Unexpected request to accept pre-authorized invitation")
-
-            # A P2P GO move is not expected at this stage, as during the
-            # invitation signaling, the P2P GO includes only its current
-            # operating channel in the channel list, and as the invitation
-            # response can only include channels that were also in the
-            # invitation request channel list, the group common channels
-            # includes only the current P2P GO operating channel.
-            ev = wpas.wait_group_event(["P2P-REMOVE-AND-REFORM-GROUP",
-                                        "AP-CSA-FINISHED"], timeout=1)
-            if ev is not None:
-                raise Exception("Unexpected + " + ev + " event")
-
-        finally:
-            wpas.global_request("SET p2p_go_freq_change_policy 2")
-
-def test_p2p_channel_vht80(dev):
-    """P2P group formation with VHT 80 MHz"""
-    try:
-        set_country("FI", dev[0])
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               i_freq=5180,
-                                               i_max_oper_chwidth=80,
-                                               i_ht40=True, i_vht=True,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not follow 5 GHz preference" % freq)
-        sig = dev[1].group_request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_vht80p80(dev):
-    """P2P group formation and VHT 80+80 MHz channel"""
-    try:
-        set_country("US", dev[0])
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               i_freq=5180,
-                                               i_freq2=5775,
-                                               i_max_oper_chwidth=160,
-                                               i_ht40=True, i_vht=True,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        freq = int(i_res['freq'])
-        if freq < 5000:
-            raise Exception("Unexpected channel %d MHz - did not follow 5 GHz preference" % freq)
-        sig = dev[1].group_request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        if "CENTER_FRQ1=5210" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-        if "CENTER_FRQ2=5775" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_vht80p80_autogo(dev):
-    """P2P autonomous GO and VHT 80+80 MHz channel"""
-    addr0 = dev[0].p2p_dev_addr()
-
-    try:
-        set_country("US", dev[0])
-        if "OK" not in dev[0].global_request("P2P_GROUP_ADD vht freq=5180 freq2=5775"):
-            raise Exception("Could not start GO")
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("GO start up timed out")
-        dev[0].group_form_result(ev)
-
-        pin = dev[1].wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-
-        dev[1].global_request("P2P_CONNECT " + addr0 + " " + pin + " join freq=5180")
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("Peer did not get connected")
-
-        dev[1].group_form_result(ev)
-        sig = dev[1].group_request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        if "CENTER_FRQ1=5210" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-        if "CENTER_FRQ2=5775" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_vht80_autogo(dev):
-    """P2P autonomous GO and VHT 80 MHz channel"""
-    addr0 = dev[0].p2p_dev_addr()
-
-    try:
-        set_country("US", dev[0])
-        if "OK" not in dev[0].global_request("P2P_GROUP_ADD vht freq=5180 max_oper_chwidth=80"):
-            raise Exception("Could not start GO")
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("GO start up timed out")
-        dev[0].group_form_result(ev)
-
-        pin = dev[1].wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-
-        dev[1].global_request("P2P_CONNECT " + addr0 + " " + pin + " join freq=5180")
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("Peer did not get connected")
-
-        dev[1].group_form_result(ev)
-        sig = dev[1].group_request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_vht80p80_persistent(dev):
-    """P2P persistent group re-invocation and VHT 80+80 MHz channel"""
-    addr0 = dev[0].p2p_dev_addr()
-    form(dev[0], dev[1])
-
-    try:
-        set_country("US", dev[0])
-        invite(dev[0], dev[1], extra="vht freq=5745 freq2=5210")
-        [go_res, cli_res] = check_result(dev[0], dev[1])
-
-        sig = dev[1].group_request("SIGNAL_POLL").splitlines()
-        if "FREQUENCY=5745" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80+80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-        if "CENTER_FRQ1=5775" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-        if "CENTER_FRQ2=5210" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-        remove_group(dev[0], dev[1])
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_channel_drv_pref_go_neg(dev):
-    """P2P GO Negotiation with GO device channel preference"""
-    dev[0].global_request("SET get_pref_freq_list_override 3:2417 4:2422")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    freq = int(i_res['freq'])
-    if freq != 2417:
-        raise Exception("Unexpected channel selected: %d" % freq)
-    remove_group(dev[0], dev[1])
-
-def test_p2p_channel_drv_pref_go_neg2(dev):
-    """P2P GO Negotiation with P2P client device channel preference"""
-    dev[0].global_request("SET get_pref_freq_list_override 3:2417,2422")
-    dev[1].global_request("SET get_pref_freq_list_override 4:2422")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    freq = int(i_res['freq'])
-    if freq != 2422:
-        raise Exception("Unexpected channel selected: %d" % freq)
-    remove_group(dev[0], dev[1])
-
-def test_p2p_channel_drv_pref_go_neg3(dev):
-    """P2P GO Negotiation with GO device channel preference"""
-    dev[1].global_request("SET get_pref_freq_list_override 3:2417,2427 4:2422")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                           r_dev=dev[1], r_intent=15,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    freq = int(i_res['freq'])
-    if freq != 2417:
-        raise Exception("Unexpected channel selected: %d" % freq)
-    remove_group(dev[0], dev[1])
-
-def test_p2p_channel_drv_pref_go_neg4(dev):
-    """P2P GO Negotiation with P2P client device channel preference"""
-    dev[0].global_request("SET get_pref_freq_list_override 3:2417,2422,5180")
-    dev[1].global_request("P2P_SET override_pref_op_chan 115:36")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    freq = int(i_res['freq'])
-    if freq != 2417:
-        raise Exception("Unexpected channel selected: %d" % freq)
-    remove_group(dev[0], dev[1])
-
-def test_p2p_channel_drv_pref_go_neg5(dev):
-    """P2P GO Negotiation with P2P client device channel preference"""
-    dev[0].global_request("SET get_pref_freq_list_override 3:2417")
-    dev[1].global_request("SET get_pref_freq_list_override 4:2422")
-    dev[1].global_request("P2P_SET override_pref_op_chan 115:36")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    freq = int(i_res['freq'])
-    if freq != 2417:
-        raise Exception("Unexpected channel selected: %d" % freq)
-    remove_group(dev[0], dev[1])
-
-def test_p2p_channel_drv_pref_autogo(dev):
-    """P2P autonomous GO with driver channel preference"""
-    dev[0].global_request("SET get_pref_freq_list_override 3:2417,2422,5180")
-    res_go = autogo(dev[0])
-    if res_go['freq'] != "2417":
-        raise Exception("Unexpected operating frequency: " + res_go['freq'])
-
-def test_p2p_channel_disable_6ghz(dev):
-    """P2P with 6 GHz disabled"""
-    try:
-        dev[0].global_request("SET p2p_6ghz_disable 1")
-        dev[1].p2p_listen()
-        dev[0].discover_peer(dev[1].p2p_dev_addr(), social=False)
-
-        autogo(dev[1])
-        connect_cli(dev[1], dev[0])
-    finally:
-        dev[0].global_request("SET p2p_6ghz_disable 0")
diff --git a/tests/hwsim/test_p2p_concurrency.py b/tests/hwsim/test_p2p_concurrency.py
deleted file mode 100644
index 8fb2bb9294ab..000000000000
--- a/tests/hwsim/test_p2p_concurrency.py
+++ /dev/null
@@ -1,286 +0,0 @@
-# P2P concurrency test cases
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import subprocess
-import time
-
-import hwsim_utils
-import hostapd
-from p2p_utils import *
-from utils import *
-
-@remote_compatible
-def test_concurrent_autogo(dev, apdev):
-    """Concurrent P2P autonomous GO"""
-    logger.info("Connect to an infrastructure AP")
-    dev[0].request("P2P_SET cross_connect 0")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    logger.info("Start a P2P group while associated to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[0].p2p_start_go()
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60,
-                             social=True)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-    logger.info("Confirm AP connection after P2P group removal")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_concurrent_autogo_5ghz_ht40(dev, apdev):
-    """Concurrent P2P autonomous GO on 5 GHz and HT40 co-ex"""
-    clear_scan_cache(apdev[1])
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "ht40",
-                  "hw_mode": "a",
-                  "channel": "153",
-                  "country_code": "US",
-                  "ht_capab": "[HT40-]"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        params = {"ssid": "test-open-5",
-                  "hw_mode": "a",
-                  "channel": "149",
-                  "country_code": "US"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].request("P2P_SET cross_connect 0")
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=5745)
-        dev[0].scan_for_bss(apdev[1]['bssid'], freq=5765)
-        dev[0].connect("test-open-5", key_mgmt="NONE", scan_freq="5745")
-
-        dev[0].global_request("SET p2p_no_group_iface 0")
-        if "OK" not in dev[0].global_request("P2P_GROUP_ADD ht40"):
-            raise Exception("P2P_GROUP_ADD failed")
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("GO start up timed out")
-        dev[0].group_form_result(ev)
-
-        pin = dev[1].wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-        dev[1].p2p_find(freq=5745)
-        addr0 = dev[0].p2p_dev_addr()
-        count = 0
-        while count < 10:
-            time.sleep(0.25)
-            count += 1
-            if dev[1].peer_known(addr0):
-                break
-        dev[1].p2p_connect_group(addr0, pin, timeout=60)
-
-        dev[0].remove_group()
-        dev[1].wait_go_ending_session()
-    finally:
-        dev[0].request("REMOVE_NETWORK all")
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-
-def test_concurrent_autogo_crossconnect(dev, apdev):
-    """Concurrent P2P autonomous GO"""
-    dev[0].global_request("P2P_SET cross_connect 1")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[0].p2p_start_go(no_event_clear=True)
-    ev = dev[0].wait_global_event(["P2P-CROSS-CONNECT-ENABLE"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on cross connection enabled event")
-    if dev[0].group_ifname + " " + dev[0].ifname not in ev:
-        raise Exception("Unexpected interfaces: " + ev)
-    dev[0].dump_monitor()
-
-    dev[0].global_request("P2P_SET cross_connect 0")
-    ev = dev[0].wait_global_event(["P2P-CROSS-CONNECT-DISABLE"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on cross connection disabled event")
-    if dev[0].group_ifname + " " + dev[0].ifname not in ev:
-        raise Exception("Unexpected interfaces: " + ev)
-    dev[0].remove_group()
-
-    dev[0].global_request("P2P_SET cross_connect 1")
-    dev[0].p2p_start_go(no_event_clear=True)
-    ev = dev[0].wait_global_event(["P2P-CROSS-CONNECT-ENABLE"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on cross connection enabled event")
-    if dev[0].group_ifname + " " + dev[0].ifname not in ev:
-        raise Exception("Unexpected interfaces: " + ev)
-    dev[0].dump_monitor()
-    dev[0].remove_group()
-    ev = dev[0].wait_global_event(["P2P-CROSS-CONNECT-DISABLE"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on cross connection disabled event")
-    dev[0].global_request("P2P_SET cross_connect 0")
-
-@remote_compatible
-def test_concurrent_p2pcli(dev, apdev):
-    """Concurrent P2P client join"""
-    logger.info("Connect to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    logger.info("Join a P2P group while associated to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].p2p_start_go(freq=2412)
-    pin = dev[0].wps_read_pin()
-    dev[1].p2p_go_authorize_client(pin)
-    dev[0].p2p_connect_group(dev[1].p2p_dev_addr(), pin, timeout=60,
-                             social=True)
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    dev[1].remove_group()
-    dev[0].wait_go_ending_session()
-
-    logger.info("Confirm AP connection after P2P group removal")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_concurrent_grpform_go(dev, apdev):
-    """Concurrent P2P group formation to become GO"""
-    logger.info("Connect to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    logger.info("Form a P2P group while associated to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-
-    logger.info("Confirm AP connection after P2P group removal")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_concurrent_grpform_cli(dev, apdev):
-    """Concurrent P2P group formation to become P2P Client"""
-    logger.info("Connect to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    logger.info("Form a P2P group while associated to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                           r_dev=dev[1], r_intent=15)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-
-    logger.info("Confirm AP connection after P2P group removal")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_concurrent_grpform_while_connecting(dev, apdev):
-    """Concurrent P2P group formation while connecting to an AP"""
-    logger.info("Start connection to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", wait_connect=False)
-
-    logger.info("Form a P2P group while connecting to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_freq=2412,
-                                           r_dev=dev[1], r_freq=2412)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-
-    logger.info("Confirm AP connection after P2P group removal")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_concurrent_grpform_while_connecting2(dev, apdev):
-    """Concurrent P2P group formation while connecting to an AP (2)"""
-    logger.info("Start connection to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", wait_connect=False)
-    dev[1].flush_scan_cache()
-
-    logger.info("Form a P2P group while connecting to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    [i_res, r_res] = go_neg_pbc(i_dev=dev[0], i_intent=15, i_freq=2412,
-                                r_dev=dev[1], r_intent=0, r_freq=2412)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-
-    logger.info("Confirm AP connection after P2P group removal")
-    dev[0].wait_completed()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_concurrent_grpform_while_connecting3(dev, apdev):
-    """Concurrent P2P group formation while connecting to an AP (3)"""
-    logger.info("Start connection to an infrastructure AP")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
-    dev[0].connect("test-open", key_mgmt="NONE", wait_connect=False)
-
-    logger.info("Form a P2P group while connecting to an AP")
-    dev[0].global_request("SET p2p_no_group_iface 0")
-
-    [i_res, r_res] = go_neg_pbc(i_dev=dev[1], i_intent=15, i_freq=2412,
-                                r_dev=dev[0], r_intent=0, r_freq=2412)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-
-    logger.info("Confirm AP connection after P2P group removal")
-    dev[0].wait_completed()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-@remote_compatible
-def test_concurrent_persistent_group(dev, apdev):
-    """Concurrent P2P persistent group"""
-    logger.info("Connect to an infrastructure AP")
-    hostapd.add_ap(apdev[0], {"ssid": "test-open", "channel": "2"})
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2417")
-
-    logger.info("Run persistent group test while associated to an AP")
-    form(dev[0], dev[1])
-    [go_res, cli_res] = invite_from_cli(dev[0], dev[1])
-    if go_res['freq'] != '2417':
-        raise Exception("Unexpected channel selected: " + go_res['freq'])
-    [go_res, cli_res] = invite_from_go(dev[0], dev[1])
-    if go_res['freq'] != '2417':
-        raise Exception("Unexpected channel selected: " + go_res['freq'])
-
-def test_concurrent_invitation_channel_mismatch(dev, apdev):
-    """P2P persistent group invitation and channel mismatch"""
-    if dev[0].get_mcc() > 1:
-        raise HwsimSkip("Skip due to MCC being enabled")
-
-    form(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.info("Connect to an infrastructure AP")
-    hostapd.add_ap(apdev[0], {"ssid": "test-open", "channel": "2"})
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2417")
-    invite(dev[1], dev[0], extra="freq=2412")
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-    if ev is None:
-        raise Exception("P2P invitation result not received")
-    if "status=7" not in ev:
-        raise Exception("Unexpected P2P invitation result: " + ev)
diff --git a/tests/hwsim/test_p2p_device.py b/tests/hwsim/test_p2p_device.py
deleted file mode 100644
index ed781d5c50fc..000000000000
--- a/tests/hwsim/test_p2p_device.py
+++ /dev/null
@@ -1,552 +0,0 @@
-# cfg80211 P2P Device
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import time
-
-from wpasupplicant import WpaSupplicant
-from p2p_utils import *
-from test_nfc_p2p import set_ip_addr_info, check_ip_addr, grpform_events
-from hwsim import HWSimRadio
-from utils import HwsimSkip
-import hostapd
-import hwsim_utils
-
-def test_p2p_device_grpform(dev, apdev):
-    """P2P group formation with driver using cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=wpas, r_intent=0)
-        check_grpform_results(i_res, r_res)
-        wpas.dump_monitor()
-        remove_group(dev[0], wpas)
-        wpas.dump_monitor()
-        if not r_res['ifname'].startswith('p2p-' + iface):
-            raise Exception("Unexpected group ifname: " + r_res['ifname'])
-
-        res = wpas.global_request("IFNAME=p2p-dev-" + iface + " STATUS-DRIVER")
-        lines = res.splitlines()
-        found = False
-        for l in lines:
-            try:
-                [name, value] = l.split('=', 1)
-                if name == "wdev_id":
-                    found = True
-                    break
-            except ValueError:
-                pass
-        if not found:
-            raise Exception("wdev_id not found")
-
-def test_p2p_device_grpform2(dev, apdev):
-    """P2P group formation with driver using cfg80211 P2P Device (reverse)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=wpas, i_intent=15,
-                                               r_dev=dev[0], r_intent=0)
-        check_grpform_results(i_res, r_res)
-        wpas.dump_monitor()
-        remove_group(wpas, dev[0])
-        wpas.dump_monitor()
-        if not i_res['ifname'].startswith('p2p-' + iface):
-            raise Exception("Unexpected group ifname: " + i_res['ifname'])
-
-def test_p2p_device_grpform_no_group_iface(dev, apdev):
-    """P2P group formation with driver using cfg80211 P2P Device but no separate group interface"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=wpas, r_intent=0)
-        check_grpform_results(i_res, r_res)
-        wpas.dump_monitor()
-        remove_group(dev[0], wpas)
-        wpas.dump_monitor()
-        if r_res['ifname'] != iface:
-            raise Exception("Unexpected group ifname: " + r_res['ifname'])
-
-def test_p2p_device_grpform_no_group_iface2(dev, apdev):
-    """P2P group formation with driver using cfg80211 P2P Device but no separate group interface (reverse)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=wpas, i_intent=15,
-                                               r_dev=dev[0], r_intent=0)
-        check_grpform_results(i_res, r_res)
-        wpas.dump_monitor()
-        remove_group(dev[0], wpas)
-        wpas.dump_monitor()
-        if i_res['ifname'] != iface:
-            raise Exception("Unexpected group ifname: " + i_res['ifname'])
-
-def test_p2p_device_group_remove(dev, apdev):
-    """P2P group removal via the P2P ctrl interface with driver using cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=wpas, r_intent=0)
-        check_grpform_results(i_res, r_res)
-        # Issue the remove request on the interface which will be removed
-        p2p_iface_wpas = WpaSupplicant(ifname=r_res['ifname'])
-        res = p2p_iface_wpas.request("P2P_GROUP_REMOVE *")
-        if "OK" not in res:
-            raise Exception("Failed to remove P2P group")
-        ev = wpas.wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-        if ev is None:
-            raise Exception("Group removal event not received")
-        if not wpas.global_ping():
-            raise Exception("Could not ping global ctrl_iface after group removal")
-
-def test_p2p_device_concurrent_scan(dev, apdev):
-    """Concurrent P2P and station mode scans with driver using cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.p2p_find()
-        time.sleep(0.1)
-        wpas.request("SCAN")
-        ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Station mode scan did not start")
-
-def test_p2p_device_nfc_invite(dev, apdev):
-    """P2P NFC invitation with driver using cfg80211 P2P Device"""
-    run_p2p_device_nfc_invite(dev, apdev, 0)
-
-def test_p2p_device_nfc_invite_no_group_iface(dev, apdev):
-    """P2P NFC invitation with driver using cfg80211 P2P Device (no separate group interface)"""
-    run_p2p_device_nfc_invite(dev, apdev, 1)
-
-def run_p2p_device_nfc_invite(dev, apdev, no_group_iface):
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface %d" % no_group_iface)
-
-        set_ip_addr_info(dev[0])
-        logger.info("Start autonomous GO")
-        dev[0].p2p_start_go()
-
-        logger.info("Write NFC Tag on the P2P Client")
-        res = wpas.global_request("P2P_LISTEN")
-        if "FAIL" in res:
-            raise Exception("Failed to start Listen mode")
-        wpas.dump_monitor()
-        pw = wpas.global_request("WPS_NFC_TOKEN NDEF").rstrip()
-        if "FAIL" in pw:
-            raise Exception("Failed to generate password token")
-        res = wpas.global_request("P2P_SET nfc_tag 1").rstrip()
-        if "FAIL" in res:
-            raise Exception("Failed to enable NFC Tag for P2P static handover")
-        sel = wpas.global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-        if "FAIL" in sel:
-            raise Exception("Failed to generate NFC connection handover select")
-        wpas.dump_monitor()
-
-        logger.info("Read NFC Tag on the GO to trigger invitation")
-        res = dev[0].global_request("WPS_NFC_TAG_READ " + sel)
-        if "FAIL" in res:
-            raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
-
-        ev = wpas.wait_global_event(grpform_events, timeout=20)
-        if ev is None:
-            raise Exception("Joining the group timed out")
-        res = wpas.group_form_result(ev)
-        wpas.dump_monitor()
-        hwsim_utils.test_connectivity_p2p(dev[0], wpas)
-        check_ip_addr(res)
-        wpas.dump_monitor()
-
-def test_p2p_device_misuses(dev, apdev):
-    """cfg80211 P2P Device misuses"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        # Add a normal network profile to the P2P Device management only
-        # interface to verify that it does not get used.
-        id = int(wpas.global_request('IFNAME=p2p-dev-%s ADD_NETWORK' % iface).strip())
-        wpas.global_request('IFNAME=p2p-dev-%s SET_NETWORK %d ssid "open"' % (iface, id))
-        wpas.global_request('IFNAME=p2p-dev-%s SET_NETWORK %d key_mgmt NONE' % (iface, id))
-        wpas.global_request('IFNAME=p2p-dev-%s ENABLE_NETWORK %d' % (iface, id))
-
-        # Scan requests get ignored on p2p-dev
-        wpas.global_request('IFNAME=p2p-dev-%s SCAN' % iface)
-
-        dev[0].p2p_start_go(freq=2412)
-        addr = dev[0].p2p_interface_addr()
-        wpas.scan_for_bss(addr, freq=2412)
-        wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-        hwsim_utils.test_connectivity(wpas, hapd)
-
-        pin = wpas.wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-        res = wpas.p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60,
-                                     social=True, freq=2412)
-        hwsim_utils.test_connectivity_p2p(dev[0], wpas)
-
-        # Optimize scan-after-disconnect
-        wpas.group_request("SET_NETWORK 0 scan_freq 2412")
-
-        dev[0].group_request("DISASSOCIATE " + wpas.p2p_interface_addr())
-        ev = wpas.wait_group_event(["CTRL-EVENT-DISCONNECT"])
-        if ev is None:
-            raise Exception("Did not see disconnect event on P2P group interface")
-        dev[0].remove_group()
-
-        ev = wpas.wait_group_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("Scan not started")
-        ev = wpas.wait_group_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=15)
-        if ev is None:
-            raise Exception("Scan not completed")
-        time.sleep(1)
-        hwsim_utils.test_connectivity(wpas, hapd)
-
-        ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected disconnection event received from hostapd")
-        ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected disconnection event received from wpa_supplicant")
-
-        wpas.request("DISCONNECT")
-        wpas.wait_disconnected()
-
-def test_p2p_device_incorrect_command_interface(dev, apdev):
-    """cfg80211 P2P Device and P2P_* command on incorrect interface"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        dev[0].p2p_listen()
-        wpas.request('P2P_FIND type=social')
-        ev = wpas.wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("Peer not found")
-        ev = wpas.wait_event(["P2P-DEVICE-FOUND"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected P2P-DEVICE-FOUND event on station interface")
-        wpas.dump_monitor()
-
-        pin = wpas.wps_read_pin()
-        dev[0].p2p_go_neg_auth(wpas.p2p_dev_addr(), pin, "enter", go_intent=14,
-                               freq=2412)
-        wpas.request('P2P_STOP_FIND')
-        wpas.dump_monitor()
-        if "OK" not in wpas.request('P2P_CONNECT ' + dev[0].p2p_dev_addr() + ' ' + pin + ' display go_intent=1'):
-            raise Exception("P2P_CONNECT failed")
-
-        ev = wpas.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Group formation timed out")
-        wpas.group_form_result(ev)
-        wpas.dump_monitor()
-
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Group formation timed out(2)")
-        dev[0].group_form_result(ev)
-
-        dev[0].remove_group()
-        wpas.wait_go_ending_session()
-        wpas.dump_monitor()
-
-def test_p2p_device_incorrect_command_interface2(dev, apdev):
-    """cfg80211 P2P Device and P2P_GROUP_ADD command on incorrect interface"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if "OK" not in wpas.request('P2P_GROUP_ADD'):
-            raise Exception("P2P_GROUP_ADD failed")
-        ev = wpas.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Group formation timed out")
-        res = wpas.group_form_result(ev)
-        wpas.dump_monitor()
-        logger.info("Group results: " + str(res))
-        wpas.remove_group()
-        if not res['ifname'].startswith('p2p-' + iface + '-'):
-            raise Exception("Unexpected group ifname: " + res['ifname'])
-        wpas.dump_monitor()
-
-def test_p2p_device_grpform_timeout_client(dev, apdev):
-    """P2P group formation timeout on client with cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        addr0 = dev[0].p2p_dev_addr()
-        addr5 = wpas.p2p_dev_addr()
-        wpas.p2p_listen()
-        dev[0].discover_peer(addr5)
-        dev[0].p2p_listen()
-        wpas.discover_peer(addr0)
-        wpas.p2p_ext_listen(100, 150)
-        dev[0].global_request("P2P_CONNECT " + addr5 + " 12345670 enter go_intent=15 auth")
-        wpas.global_request("P2P_CONNECT " + addr0 + " 12345670 display go_intent=0")
-        ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=5)
-        if ev is None:
-            raise Exception("GO Negotiation did not succeed")
-        ev = dev[0].wait_global_event(["WPS-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("WPS did not succeed (GO)")
-        if "OK" not in dev[0].global_request("P2P_CANCEL"):
-            wpas.global_request("P2P_CANCEL")
-            del wpas
-            raise HwsimSkip("Did not manage to cancel group formation")
-        dev[0].dump_monitor()
-        ev = wpas.wait_global_event(["WPS-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("WPS did not succeed (Client)")
-        dev[0].dump_monitor()
-        ev = wpas.wait_global_event(["P2P-GROUP-FORMATION-FAILURE"], timeout=20)
-        if ev is None:
-            raise Exception("Group formation timeout not seen on client")
-        ev = wpas.wait_global_event(["P2P-GROUP-REMOVED"], timeout=5)
-        if ev is None:
-            raise Exception("Group removal not seen on client")
-        wpas.p2p_cancel_ext_listen()
-        time.sleep(0.1)
-        ifaces = wpas.global_request("INTERFACES")
-        logger.info("Remaining interfaces: " + ifaces)
-        del wpas
-        if "p2p-" + iface + "-" in ifaces:
-            raise Exception("Group interface still present after failure")
-
-def test_p2p_device_grpform_timeout_go(dev, apdev):
-    """P2P group formation timeout on GO with cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        addr0 = dev[0].p2p_dev_addr()
-        addr5 = wpas.p2p_dev_addr()
-        wpas.p2p_listen()
-        dev[0].discover_peer(addr5)
-        dev[0].p2p_listen()
-        wpas.discover_peer(addr0)
-        wpas.p2p_ext_listen(100, 150)
-        dev[0].global_request("P2P_CONNECT " + addr5 + " 12345670 enter go_intent=0 auth")
-        wpas.global_request("P2P_CONNECT " + addr0 + " 12345670 display go_intent=15")
-        ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=5)
-        if ev is None:
-            raise Exception("GO Negotiation did not succeed")
-        ev = dev[0].wait_global_event(["WPS-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("WPS did not succeed (Client)")
-        if "OK" not in dev[0].global_request("P2P_CANCEL"):
-            if "OK" not in dev[0].global_request("P2P_GROUP_REMOVE *"):
-                wpas.global_request("P2P_CANCEL")
-                del wpas
-                raise HwsimSkip("Did not manage to cancel group formation")
-        dev[0].dump_monitor()
-        ev = wpas.wait_global_event(["WPS-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("WPS did not succeed (GO)")
-        dev[0].dump_monitor()
-        ev = wpas.wait_global_event(["P2P-GROUP-FORMATION-FAILURE"], timeout=20)
-        if ev is None:
-            raise Exception("Group formation timeout not seen on GO")
-        ev = wpas.wait_global_event(["P2P-GROUP-REMOVED"], timeout=5)
-        if ev is None:
-            raise Exception("Group removal not seen on GO")
-        wpas.p2p_cancel_ext_listen()
-        time.sleep(0.1)
-        ifaces = wpas.global_request("INTERFACES")
-        logger.info("Remaining interfaces: " + ifaces)
-        del wpas
-        if "p2p-" + iface + "-" in ifaces:
-            raise Exception("Group interface still present after failure")
-
-def test_p2p_device_autogo(dev, apdev):
-    """P2P autogo using cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        res = wpas.p2p_start_go()
-        if not res['ifname'].startswith('p2p-' + iface):
-            raise Exception("Unexpected group ifname: " + res['ifname'])
-        bssid = wpas.get_group_status_field('bssid')
-
-        dev[0].scan_for_bss(bssid, res['freq'])
-        connect_cli(wpas, dev[0], freq=res['freq'])
-        terminate_group(wpas, dev[0])
-
-def test_p2p_device_autogo_no_group_iface(dev, apdev):
-    """P2P autogo using cfg80211 P2P Device (no separate group interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-
-        res = wpas.p2p_start_go()
-        if res['ifname'] != iface:
-            raise Exception("Unexpected group ifname: " + res['ifname'])
-        bssid = wpas.get_group_status_field('bssid')
-
-        dev[0].scan_for_bss(bssid, res['freq'])
-        connect_cli(wpas, dev[0], freq=res['freq'])
-        terminate_group(wpas, dev[0])
-
-def test_p2p_device_join(dev, apdev):
-    """P2P join-group using cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        res = dev[0].p2p_start_go()
-        bssid = dev[0].get_group_status_field('bssid')
-
-        wpas.scan_for_bss(bssid, res['freq'])
-        res2 = connect_cli(dev[0], wpas, freq=res['freq'])
-        if not res2['ifname'].startswith('p2p-' + iface):
-            raise Exception("Unexpected group ifname: " + res2['ifname'])
-
-        terminate_group(dev[0], wpas)
-
-def test_p2p_device_join_no_group_iface(dev, apdev):
-    """P2P join-group using cfg80211 P2P Device (no separate group interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-
-        res = dev[0].p2p_start_go()
-        bssid = dev[0].get_group_status_field('bssid')
-
-        wpas.scan_for_bss(bssid, res['freq'])
-        res2 = connect_cli(dev[0], wpas, freq=res['freq'])
-        if res2['ifname'] != iface:
-            raise Exception("Unexpected group ifname: " + res2['ifname'])
-
-        terminate_group(dev[0], wpas)
-
-def test_p2p_device_join_no_group_iface_cancel(dev, apdev):
-    """P2P cancel join-group using cfg80211 P2P Device (no separate group interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-
-        res = dev[0].p2p_start_go()
-        bssid = dev[0].get_group_status_field('bssid')
-
-        wpas.scan_for_bss(bssid, res['freq'])
-        pin = wpas.wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-        cmd = "P2P_CONNECT %s %s join freq=%s" % (dev[0].p2p_dev_addr(), pin,
-                                                  res['freq'])
-        if "OK" not in wpas.request(cmd):
-            raise Exception("P2P_CONNECT(join) failed")
-        ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=1)
-        if "OK" not in wpas.request("P2P_CANCEL"):
-            raise Exception("P2P_CANCEL failed")
-
-        dev[0].remove_group()
-
-def test_p2p_device_persistent_group(dev):
-    """P2P persistent group formation and re-invocation with cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        form(dev[0], wpas)
-        invite_from_cli(dev[0], wpas)
-        invite_from_go(dev[0], wpas)
-
-def test_p2p_device_persistent_group_no_group_iface(dev):
-    """P2P persistent group formation and re-invocation with cfg80211 P2P Device (no separate group interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-
-        form(dev[0], wpas)
-        invite_from_cli(dev[0], wpas)
-        invite_from_go(dev[0], wpas)
-
-def test_p2p_device_persistent_group2(dev):
-    """P2P persistent group formation and re-invocation (reverse) with cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 0")
-
-        form(wpas, dev[0])
-        invite_from_cli(wpas, dev[0])
-        invite_from_go(wpas, dev[0])
-
-def test_p2p_device_persistent_group2_no_group_iface(dev):
-    """P2P persistent group formation and re-invocation (reverse) with cfg80211 P2P Device (no separate group interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-
-        form(wpas, dev[0])
-        invite_from_cli(wpas, dev[0])
-        invite_from_go(wpas, dev[0])
-
-def p2p_device_group_conf(dev1, dev2):
-    dev1.global_request("SET p2p_group_idle 12")
-    dev1.global_request("SET p2p_go_freq_change_policy 2")
-    dev1.global_request("SET p2p_go_ctwindow 7")
-
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev1, i_intent=15,
-                                           r_dev=dev2, r_intent=0)
-    check_grpform_results(i_res, r_res)
-
-    if (dev1.group_request("GET p2p_group_idle") != "12" or
-        dev1.group_request("GET p2p_go_freq_change_policy") != "2" or
-        dev1.group_request("GET p2p_go_ctwindow") != "7"):
-        raise Exception("Unexpected configuration value")
-
-    remove_group(dev1, dev2)
-    dev1.global_request("P2P_FLUSH")
-    dev2.global_request("P2P_FLUSH")
-
-def test_p2p_device_conf(dev, apdev):
-    """P2P configuration with cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-        p2p_device_group_conf(wpas, dev[0])
-        wpas.global_request("SET p2p_no_group_iface 0")
-        p2p_device_group_conf(wpas, dev[0])
-
-def test_p2p_device_autogo_chan_switch(dev):
-    """P2P autonomous GO switching channels with cfg80211 P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface 1")
-        autogo(wpas, freq=2417)
-        connect_cli(wpas, dev[1])
-        res = wpas.group_request("CHAN_SWITCH 5 2422")
-        if "FAIL" in res:
-            # for now, skip test since mac80211_hwsim support is not yet widely
-            # deployed
-            raise HwsimSkip("Assume mac80211_hwsim did not support channel switching")
-        ev = wpas.wait_group_event(["AP-CSA-FINISHED"], timeout=10)
-        if ev is None:
-            raise Exception("CSA finished event timed out")
-        if "freq=2422" not in ev:
-            raise Exception("Unexpected cahnnel in CSA finished event")
-        wpas.dump_monitor()
-        dev[1].dump_monitor()
-        time.sleep(0.1)
-        hwsim_utils.test_connectivity_p2p(wpas, dev[1])
diff --git a/tests/hwsim/test_p2p_discovery.py b/tests/hwsim/test_p2p_discovery.py
deleted file mode 100644
index 0537f02e9e5b..000000000000
--- a/tests/hwsim/test_p2p_discovery.py
+++ /dev/null
@@ -1,871 +0,0 @@
-# P2P device discovery test cases
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import binascii
-import os
-import struct
-import time
-
-import hostapd
-import hwsim_utils
-from wpasupplicant import WpaSupplicant
-from p2p_utils import *
-from hwsim import HWSimRadio
-from tshark import run_tshark
-from test_gas import start_ap
-from test_cfg80211 import nl80211_remain_on_channel
-from test_p2p_channel import set_country
-
-@remote_compatible
-def test_discovery(dev):
-    """P2P device discovery and provision discovery"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    logger.info("Start device discovery")
-    dev[0].p2p_find(social=True, delay=1)
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-
-    logger.info("Test provision discovery for display")
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " display")
-    ev1 = dev[1].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=15)
-    if ev1 is None:
-        raise Exception("Provision discovery timed out (display/dev1)")
-    if addr0 not in ev1:
-        raise Exception("Dev0 not in provision discovery event")
-    ev0 = dev[0].wait_global_event(["P2P-PROV-DISC-ENTER-PIN",
-                                    "P2P-PROV-DISC-FAILURE"], timeout=15)
-    if ev0 is None:
-        raise Exception("Provision discovery timed out (display/dev0)")
-    if "P2P-PROV-DISC-FAILURE" in ev0:
-        raise Exception("Provision discovery failed (display/dev0)")
-    if addr1 not in ev0:
-        raise Exception("Dev1 not in provision discovery event")
-
-    logger.info("Test provision discovery for keypad")
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " keypad")
-    ev1 = dev[1].wait_global_event(["P2P-PROV-DISC-ENTER-PIN"], timeout=15)
-    if ev1 is None:
-        raise Exception("Provision discovery timed out (keypad/dev1)")
-    if addr0 not in ev1:
-        raise Exception("Dev0 not in provision discovery event")
-    ev0 = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN",
-                                    "P2P-PROV-DISC-FAILURE"],
-                                   timeout=15)
-    if ev0 is None:
-        raise Exception("Provision discovery timed out (keypad/dev0)")
-    if "P2P-PROV-DISC-FAILURE" in ev0:
-        raise Exception("Provision discovery failed (keypad/dev0)")
-    if addr1 not in ev0:
-        raise Exception("Dev1 not in provision discovery event")
-
-    logger.info("Test provision discovery for push button")
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " pbc")
-    ev1 = dev[1].wait_global_event(["P2P-PROV-DISC-PBC-REQ"], timeout=15)
-    if ev1 is None:
-        raise Exception("Provision discovery timed out (pbc/dev1)")
-    if addr0 not in ev1:
-        raise Exception("Dev0 not in provision discovery event")
-    ev0 = dev[0].wait_global_event(["P2P-PROV-DISC-PBC-RESP",
-                                    "P2P-PROV-DISC-FAILURE"],
-                                   timeout=15)
-    if ev0 is None:
-        raise Exception("Provision discovery timed out (pbc/dev0)")
-    if "P2P-PROV-DISC-FAILURE" in ev0:
-        raise Exception("Provision discovery failed (pbc/dev0)")
-    if addr1 not in ev0:
-        raise Exception("Dev1 not in provision discovery event")
-
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-    if "FAIL" not in dev[0].p2p_find(dev_id="foo"):
-        raise Exception("P2P_FIND with invalid dev_id accepted")
-    if "FAIL" not in dev[0].p2p_find(dev_type="foo"):
-        raise Exception("P2P_FIND with invalid dev_type accepted")
-    if "FAIL" not in dev[0].p2p_find(dev_type="1-foo-2"):
-        raise Exception("P2P_FIND with invalid dev_type accepted")
-    if "FAIL" not in dev[0].p2p_find(dev_type="1-11223344"):
-        raise Exception("P2P_FIND with invalid dev_type accepted")
-
-    if "FAIL" not in dev[0].global_request("P2P_PROV_DISC foo pbc"):
-        raise Exception("Invalid P2P_PROV_DISC accepted")
-    if "FAIL" not in dev[0].global_request("P2P_PROV_DISC 00:11:22:33:44:55"):
-        raise Exception("Invalid P2P_PROV_DISC accepted")
-    if "FAIL" not in dev[0].global_request("P2P_PROV_DISC 00:11:22:33:44:55 pbc join"):
-        raise Exception("Invalid P2P_PROV_DISC accepted")
-    if "FAIL" not in dev[0].global_request("P2P_PROV_DISC 00:11:22:33:44:55 foo"):
-        raise Exception("Invalid P2P_PROV_DISC accepted")
-
-@remote_compatible
-def test_discovery_pd_retries(dev):
-    """P2P device discovery and provision discovery retries"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_stop_find()
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " display")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-FAILURE"], timeout=60)
-    if ev is None:
-        raise Exception("No PD failure reported")
-
-def test_discovery_group_client(dev):
-    """P2P device discovery for a client in a group"""
-    logger.info("Start autonomous GO " + dev[0].ifname)
-    res = dev[0].p2p_start_go(freq="2422")
-    logger.debug("res: " + str(res))
-    logger.info("Connect a client to the GO")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin, freq=int(res['freq']),
-                             timeout=60)
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-    logger.info("Try to discover a P2P client in a group")
-    if not dev[2].discover_peer(dev[1].p2p_dev_addr(), social=False, timeout=10):
-        stop_p2p_find_and_wait(dev[2])
-        if not dev[2].discover_peer(dev[1].p2p_dev_addr(), social=False, timeout=10):
-            stop_p2p_find_and_wait(dev[2])
-            if not dev[2].discover_peer(dev[1].p2p_dev_addr(), social=False, timeout=10):
-                raise Exception("Could not discover group client")
-
-    # This is not really perfect, but something to get a bit more testing
-    # coverage.. For proper discoverability mechanism validation, the P2P
-    # client would need to go to sleep to avoid acknowledging the GO Negotiation
-    # Request frame. Offchannel Listen mode operation on the P2P Client with
-    # mac80211_hwsim is apparently not enough to avoid the acknowledgement on
-    # the operating channel, so need to disconnect from the group which removes
-    # the GO-to-P2P Client part of the discoverability exchange in practice.
-
-    pin = dev[2].wps_read_pin()
-    # make group client non-responsive on operating channel
-    dev[1].dump_monitor()
-    dev[1].group_request("DISCONNECT")
-    ev = dev[1].wait_group_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on waiting disconnection")
-    dev[2].request("P2P_CONNECT {} {} display".format(dev[1].p2p_dev_addr(),
-                                                      pin))
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=2)
-    if ev:
-        raise Exception("Unexpected frame RX on P2P client")
-    # make group client available on operating channe
-    dev[1].group_request("REASSOCIATE")
-    ev = dev[1].wait_global_event(["CTRL-EVENT-CONNECTED",
-                                   "P2P-GO-NEG-REQUEST"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on reconnection to group")
-    if "P2P-GO-NEG-REQUEST" not in ev:
-        ev = dev[1].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on waiting for GO Negotiation Request")
-
-def stop_p2p_find_and_wait(dev):
-    dev.request("P2P_STOP_FIND")
-    for i in range(10):
-        res = dev.get_driver_status_field("scan_state")
-        if "SCAN_STARTED" not in res and "SCAN_REQUESTED" not in res:
-            break
-        logger.debug("Waiting for final P2P_FIND scan to complete")
-        time.sleep(0.02)
-
-def test_discovery_ctrl_char_in_devname(dev):
-    """P2P device discovery and control character in Device Name"""
-    try:
-        _test_discovery_ctrl_char_in_devname(dev)
-    finally:
-        dev[1].global_request("SET device_name Device B")
-
-def _test_discovery_ctrl_char_in_devname(dev):
-    dev[1].global_request("SET device_name Device\tB")
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    res = dev[0].p2p_start_go(freq=2422)
-    bssid = dev[0].p2p_interface_addr()
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].scan_for_bss(bssid, freq=2422)
-    dev[1].p2p_connect_group(addr0, pin, timeout=60, freq=2422)
-    if not dev[2].discover_peer(addr1, social=False, freq=2422, timeout=5):
-        stop_p2p_find_and_wait(dev[2])
-        if not dev[2].discover_peer(addr1, social=False, freq=2422, timeout=5):
-            stop_p2p_find_and_wait(dev[2])
-            if not dev[2].discover_peer(addr1, social=False, freq=2422,
-                                        timeout=5):
-                raise Exception("Could not discover group client")
-    devname = dev[2].get_peer(addr1)['device_name']
-    dev[2].p2p_stop_find()
-    if devname != "Device_B":
-        raise Exception("Unexpected device_name from group client: " + devname)
-
-    terminate_group(dev[0], dev[1])
-    dev[2].request("P2P_FLUSH")
-
-    dev[1].p2p_listen()
-    if not dev[2].discover_peer(addr1, social=True, timeout=10):
-        raise Exception("Could not discover peer")
-    devname = dev[2].get_peer(addr1)['device_name']
-    dev[2].p2p_stop_find()
-    if devname != "Device_B":
-        raise Exception("Unexpected device_name from peer: " + devname)
-
-@remote_compatible
-def test_discovery_dev_type(dev):
-    """P2P device discovery with Device Type filter"""
-    dev[1].request("SET sec_device_type 1-0050F204-2")
-    dev[1].p2p_listen()
-    dev[0].p2p_find(social=True, dev_type="5-0050F204-1")
-    ev = dev[0].wait_global_event(['P2P-DEVICE-FOUND'], timeout=1)
-    if ev:
-        raise Exception("Unexpected P2P device found")
-    dev[0].p2p_find(social=True, dev_type="1-0050F204-2")
-    ev = dev[0].wait_global_event(['P2P-DEVICE-FOUND'], timeout=2)
-    if ev is None:
-        raise Exception("P2P device not found")
-    peer = dev[0].get_peer(dev[1].p2p_dev_addr())
-    if "1-0050F204-2" not in peer['sec_dev_type']:
-        raise Exception("sec_device_type not reported properly")
-
-def test_discovery_dev_type_go(dev):
-    """P2P device discovery with Device Type filter on GO"""
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].request("SET sec_device_type 1-0050F204-2")
-    res = dev[0].p2p_start_go(freq="2412")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60)
-
-    dev[2].p2p_find(social=True, dev_type="5-0050F204-1")
-    ev = dev[2].wait_global_event(['P2P-DEVICE-FOUND'], timeout=1)
-    if ev:
-        raise Exception("Unexpected P2P device found")
-    dev[2].p2p_find(social=True, dev_type="1-0050F204-2")
-    ev = dev[2].wait_global_event(['P2P-DEVICE-FOUND ' + addr1], timeout=2)
-    if ev is None:
-        raise Exception("P2P device not found")
-
-def test_discovery_dev_id(dev):
-    """P2P device discovery with Device ID filter"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("P2P_LISTEN 1")
-    status = wpas.global_request("STATUS")
-    if "p2p_state=LISTEN_ONLY" not in status:
-        raise Exception("Unexpected status: " + status)
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    dev[0].p2p_find(social=True, dev_id="02:03:04:05:06:07")
-    ev = dev[0].wait_global_event(['P2P-DEVICE-FOUND'], timeout=1)
-    if ev:
-        raise Exception("Unexpected P2P device found")
-    dev[0].p2p_find(social=True, dev_id=addr1)
-    ev = dev[0].wait_global_event(['P2P-DEVICE-FOUND'], timeout=5)
-    if ev is None:
-        raise Exception("P2P device not found")
-    if addr1 not in ev:
-        raise Exception("Unexpected P2P peer found")
-    status = wpas.global_request("STATUS")
-    for i in range(0, 2):
-        if "p2p_state=IDLE" in status:
-            break
-        time.sleep(0.5)
-        status = wpas.global_request("STATUS")
-    if "p2p_state=IDLE" not in status:
-        raise Exception("Unexpected status: " + status)
-
-def test_discovery_dev_id_go(dev):
-    """P2P device discovery with Device ID filter on GO"""
-    addr1 = dev[1].p2p_dev_addr()
-    res = dev[0].p2p_start_go(freq="2412")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60)
-
-    dev[2].p2p_find(social=True, dev_id="02:03:04:05:06:07")
-    ev = dev[2].wait_global_event(['P2P-DEVICE-FOUND'], timeout=1)
-    if ev:
-        raise Exception("Unexpected P2P device found")
-    dev[2].p2p_find(social=True, dev_id=addr1)
-    ev = dev[2].wait_global_event(['P2P-DEVICE-FOUND ' + addr1], timeout=2)
-    if ev is None:
-        raise Exception("P2P device not found")
-
-def test_discovery_social_plus_one(dev):
-    """P2P device discovery with social-plus-one"""
-    logger.info("Start autonomous GO " + dev[0].ifname)
-    dev[1].p2p_find(social=True)
-    dev[0].p2p_find(progressive=True)
-    logger.info("Wait for initial progressive find phases")
-    dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    go = dev[2].p2p_dev_addr()
-    dev[2].p2p_start_go(freq="2422")
-    logger.info("Verify whether the GO on non-social channel can be found")
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Peer not found")
-    if go not in ev:
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-        if ev is None:
-            raise Exception("Peer not found")
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Peer not found")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    if not dev[0].peer_known(go):
-        raise Exception("GO not found in progressive scan")
-    if dev[1].peer_known(go):
-        raise Exception("GO found in social-only scan")
-
-def _test_discovery_and_interface_disabled(dev, delay=1):
-    try:
-        if "OK" not in dev[0].p2p_find():
-            raise Exception("Failed to start P2P find")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-        if ev is None:
-            raise Exception("Scan did not start")
-        dev[0].request("DRIVER_EVENT INTERFACE_DISABLED")
-        time.sleep(delay)
-
-        # verify that P2P_FIND is rejected
-        if "FAIL" not in dev[0].p2p_find():
-            raise Exception("New P2P_FIND request was accepted unexpectedly")
-
-        dev[0].request("DRIVER_EVENT INTERFACE_ENABLED")
-        time.sleep(3)
-        dev[0].scan(freq="2412")
-        if "OK" not in dev[0].p2p_find():
-            raise Exception("Failed to start P2P find")
-        dev[0].dump_monitor()
-        dev[1].p2p_listen()
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-        if ev is None:
-            raise Exception("Peer not found")
-    finally:
-        dev[0].request("DRIVER_EVENT INTERFACE_ENABLED")
-
-def test_discovery_and_interface_disabled(dev):
-    """P2P device discovery with interface getting disabled"""
-    _test_discovery_and_interface_disabled(dev, delay=1)
-    _test_discovery_and_interface_disabled(dev, delay=5)
-
-def test_discovery_auto(dev):
-    """P2P device discovery and provision discovery with auto GO/dev selection"""
-    dev[0].flush_scan_cache()
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[2].p2p_start_go(freq="2412")
-    logger.info("Start device discovery")
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    if not dev[0].discover_peer(addr2):
-        raise Exception("Device discovery timed out")
-
-    logger.info("Test provision discovery for display (device)")
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " display auto")
-    ev1 = dev[1].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=15)
-    if ev1 is None:
-        raise Exception("Provision discovery timed out (display/dev1)")
-    if addr0 not in ev1:
-        raise Exception("Dev0 not in provision discovery event")
-    if " group=" in ev1:
-        raise Exception("Unexpected group parameter from non-GO")
-    ev0 = dev[0].wait_global_event(["P2P-PROV-DISC-ENTER-PIN",
-                                    "P2P-PROV-DISC-FAILURE"], timeout=15)
-    if ev0 is None:
-        raise Exception("Provision discovery timed out (display/dev0)")
-    if "P2P-PROV-DISC-FAILURE" in ev0:
-        raise Exception("Provision discovery failed (display/dev0)")
-    if addr1 not in ev0:
-        raise Exception("Dev1 not in provision discovery event")
-    if "peer_go=0" not in ev0:
-        raise Exception("peer_go incorrect in PD response from non-GO")
-
-    logger.info("Test provision discovery for display (GO)")
-    dev[0].global_request("P2P_PROV_DISC " + addr2 + " display auto")
-    ev2 = dev[2].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=15)
-    if ev2 is None:
-        raise Exception("Provision discovery timed out (display/dev2)")
-    if addr0 not in ev2:
-        raise Exception("Dev0 not in provision discovery event")
-    if " group=" not in ev2:
-        raise Exception("Group parameter missing from GO")
-    ev0 = dev[0].wait_global_event(["P2P-PROV-DISC-ENTER-PIN",
-                                    "P2P-PROV-DISC-FAILURE"], timeout=15)
-    if ev0 is None:
-        raise Exception("Provision discovery timed out (display/dev0)")
-    if "P2P-PROV-DISC-FAILURE" in ev0:
-        raise Exception("Provision discovery failed (display/dev0)")
-    if addr2 not in ev0:
-        raise Exception("Dev1 not in provision discovery event")
-    if "peer_go=1" not in ev0:
-        raise Exception("peer_go incorrect in PD response from GO")
-
-def test_discovery_stop(dev):
-    """P2P device discovery and p2p_stop_find"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    dev[2].p2p_listen()
-
-    dev[0].p2p_find(social=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.5)
-    if ev is None:
-        logger.info("No CTRL-EVENT-SCAN-STARTED event")
-    dev[0].p2p_stop_find()
-    ev = dev[0].wait_global_event(["P2P-FIND-STOPPED"], timeout=1)
-    if ev is None:
-        raise Exception("P2P_STOP not reported")
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is not None:
-        raise Exception("Peer found unexpectedly: " + ev)
-
-    dev[0].p2p_find(social=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.5)
-    if ev is None:
-        logger.info("No CTRL-EVENT-SCAN-STARTED event")
-    dev[0].global_request("P2P_FLUSH")
-    ev = dev[0].wait_global_event(["P2P-FIND-STOPPED"], timeout=1)
-    if ev is None:
-        raise Exception("P2P_STOP not reported")
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is not None:
-        raise Exception("Peer found unexpectedly: " + ev)
-
-def test_discovery_restart(dev):
-    """P2P device discovery and p2p_find restart"""
-    autogo(dev[1], freq=2457)
-    dev[0].p2p_find(social=True)
-    dev[0].p2p_stop_find()
-    dev[0].p2p_find(social=False)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=7)
-    if ev is None:
-        dev[0].p2p_find(social=False)
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=7)
-        if ev is None:
-            raise Exception("Peer not found")
-
-def test_discovery_restart_progressive(dev):
-    """P2P device discovery and p2p_find type=progressive restart"""
-    try:
-        set_country("US", dev[1])
-        autogo(dev[1], freq=5805)
-        dev[0].p2p_find(social=True)
-        dev[0].p2p_stop_find()
-        dev[0].p2p_find(progressive=True)
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=20)
-        dev[1].remove_group()
-        if ev is None:
-            raise Exception("Peer not found")
-    finally:
-        set_country("00")
-        dev[1].flush_scan_cache()
-
-def test_p2p_peer_command(dev):
-    """P2P_PEER command"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[1].p2p_listen()
-    dev[2].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    if not dev[0].discover_peer(addr2):
-        raise Exception("Device discovery timed out")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    dev[2].p2p_stop_find()
-
-    res0 = dev[0].request("P2P_PEER FIRST")
-    peer = res0.splitlines()[0]
-    if peer not in [addr1, addr2]:
-        raise Exception("Unexpected P2P_PEER FIRST address")
-    res1 = dev[0].request("P2P_PEER NEXT-" + peer)
-    peer2 = res1.splitlines()[0]
-    if peer2 not in [addr1, addr2] or peer == peer2:
-        raise Exception("Unexpected P2P_PEER NEXT address")
-
-    if "FAIL" not in dev[0].request("P2P_PEER NEXT-foo"):
-        raise Exception("Invalid P2P_PEER command accepted")
-    if "FAIL" not in dev[0].request("P2P_PEER foo"):
-        raise Exception("Invalid P2P_PEER command accepted")
-    if "FAIL" not in dev[0].request("P2P_PEER 00:11:22:33:44:55"):
-        raise Exception("P2P_PEER command for unknown peer accepted")
-
-def test_p2p_listen_and_offchannel_tx(dev):
-    """P2P_LISTEN behavior with offchannel TX"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-
-    dev[0].p2p_listen()
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " display")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-ENTER-PIN"], timeout=15)
-    if ev is None:
-        raise Exception("No PD result reported")
-    dev[1].p2p_stop_find()
-
-    if not dev[2].discover_peer(addr0):
-        raise Exception("Device discovery timed out after PD exchange")
-    dev[2].p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-@remote_compatible
-def test_p2p_listen_and_scan(dev):
-    """P2P_LISTEN and scan"""
-    dev[0].p2p_listen()
-    if "OK" not in dev[0].request("SCAN freq=2412"):
-        raise Exception("Failed to request a scan")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 3)
-    if ev is not None:
-        raise Exception("Unexpected scan results")
-    dev[0].p2p_stop_find()
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan timed out")
-
-def test_p2p_config_methods(dev):
-    """P2P and WPS config method update"""
-    addr0 = dev[0].p2p_dev_addr()
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr1 = wpas.p2p_dev_addr()
-
-    if "OK" not in wpas.request("SET config_methods keypad virtual_push_button"):
-        raise Exception("Failed to set config_methods")
-
-    wpas.p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    dev[0].p2p_stop_find()
-    peer = dev[0].get_peer(addr1)
-    if peer['config_methods'] != '0x180':
-        raise Exception("Unexpected peer config methods(1): " + peer['config_methods'])
-    dev[0].global_request("P2P_FLUSH")
-
-    if "OK" not in wpas.request("SET config_methods virtual_display"):
-        raise Exception("Failed to set config_methods")
-
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    dev[0].p2p_stop_find()
-    peer = dev[0].get_peer(addr1)
-    if peer['config_methods'] != '0x8':
-        raise Exception("Unexpected peer config methods(2): " + peer['config_methods'])
-
-    wpas.p2p_stop_find()
-
-@remote_compatible
-def test_discovery_after_gas(dev, apdev):
-    """P2P device discovery after GAS/ANQP exchange"""
-    hapd = start_ap(apdev[0])
-    hapd.set("gas_frag_limit", "50")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    dev[0].request("FETCH_ANQP")
-    ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("No ANQP-QUERY-DONE event")
-    dev[0].dump_monitor()
-
-    start = os.times()[4]
-    dev[0].p2p_listen()
-    dev[1].p2p_find(social=True)
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Peer not discovered")
-    end = os.times()[4]
-    dev[0].dump_monitor()
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    logger.info("Device discovery after fragmented GAS took %f seconds" % (end - start))
-    if end - start > 1.3:
-        raise Exception("Device discovery took unexpectedly long time")
-
-@remote_compatible
-def test_discovery_listen_find(dev):
-    """P2P_LISTEN immediately followed by P2P_FIND"""
-    # Request an external remain-on-channel operation to delay start of the ROC
-    # for the following p2p_listen() enough to get p2p_find() processed before
-    # the ROC started event shows up. This is done to test a code path where the
-    # p2p_find() needs to clear the wait for the pending listen operation
-    # (p2p->pending_listen_freq).
-    ifindex = int(dev[0].get_driver_status_field("ifindex"))
-    nl80211_remain_on_channel(dev[0], ifindex, 2417, 200)
-
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].p2p_listen()
-    dev[0].p2p_find(social=True)
-    time.sleep(0.4)
-    dev[1].p2p_listen()
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=1.2)
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    if ev is None:
-        raise Exception("Did not find peer quickly enough after stopped P2P_LISTEN")
-
-def test_discovery_long_listen(dev):
-    """Long P2P_LISTEN and offchannel TX"""
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].p2p_listen()
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr = wpas.p2p_dev_addr()
-    if not wpas.discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    peer = wpas.get_peer(addr0)
-    chan = '1' if peer['listen_freq'] == '2462' else '11'
-
-    wpas.request("P2P_SET listen_channel " + chan)
-    wpas.request("P2P_LISTEN 10")
-    if not dev[0].discover_peer(addr):
-        raise Exception("Device discovery timed out (2)")
-
-    time.sleep(0.1)
-    wpas.global_request("P2P_PROV_DISC " + addr0 + " display")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=15)
-    if ev is None:
-        raise Exception("Provision discovery timed out")
-    dev[0].p2p_stop_find()
-
-    # Verify that the long listen period is still continuing after off-channel
-    # TX of Provision Discovery frames.
-    if not dev[1].discover_peer(addr):
-        raise Exception("Device discovery timed out (3)")
-
-    dev[1].p2p_stop_find()
-    wpas.p2p_stop_find()
-
-def test_discovery_long_listen2(dev):
-    """Long P2P_LISTEN longer than remain-on-channel time"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        addr = wpas.p2p_dev_addr()
-        wpas.request("P2P_LISTEN 15")
-
-        # Wait for remain maximum remain-on-channel time to pass
-        time.sleep(7)
-
-        if not dev[0].discover_peer(addr):
-            raise Exception("Device discovery timed out")
-        dev[0].p2p_stop_find()
-        wpas.p2p_stop_find()
-
-def pd_test(dev, addr):
-    if not dev.discover_peer(addr, freq=2412):
-        raise Exception("Device discovery timed out")
-    dev.global_request("P2P_PROV_DISC " + addr + " display")
-    ev0 = dev.wait_global_event(["P2P-PROV-DISC-ENTER-PIN"], timeout=15)
-    if ev0 is None:
-        raise Exception("Provision discovery timed out (display)")
-    dev.p2p_stop_find()
-
-def run_discovery_while_go(wpas, dev, params):
-    wpas.request("P2P_SET listen_channel 1")
-    wpas.p2p_start_go(freq="2412")
-    addr = wpas.p2p_dev_addr()
-    pin = dev[0].wps_read_pin()
-    wpas.p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(addr, pin, freq=2412, timeout=30)
-
-    pd_test(dev[0], addr)
-    wpas.p2p_listen()
-    pd_test(dev[2], addr)
-
-    wpas.p2p_stop_find()
-    terminate_group(wpas, dev[1])
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wifi_p2p.public_action.subtype == 8", ["wlan.da"])
-    da = out.splitlines()
-    logger.info("PD Response DAs: " + str(da))
-    if len(da) != 3:
-        raise Exception("Unexpected DA count for PD Response")
-
-def test_discovery_while_go(dev, apdev, params):
-    """P2P provision discovery from GO"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    run_discovery_while_go(wpas, dev, params)
-
-def test_discovery_while_go_p2p_dev(dev, apdev, params):
-    """P2P provision discovery from GO (using P2P Device interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        run_discovery_while_go(wpas, dev, params)
-
-def run_discovery_while_cli(wpas, dev, params):
-    wpas.request("P2P_SET listen_channel 1")
-    dev[1].p2p_start_go(freq="2412")
-    addr = wpas.p2p_dev_addr()
-    pin = wpas.wps_read_pin()
-    dev[1].p2p_go_authorize_client(pin)
-    wpas.p2p_connect_group(dev[1].p2p_dev_addr(), pin, freq=2412, timeout=30)
-
-    pd_test(dev[0], addr)
-    wpas.p2p_listen()
-    pd_test(dev[2], addr)
-
-    wpas.p2p_stop_find()
-    terminate_group(dev[1], wpas)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wifi_p2p.public_action.subtype == 8", ["wlan.da"])
-    da = out.splitlines()
-    logger.info("PD Response DAs: " + str(da))
-    if len(da) != 3:
-        raise Exception("Unexpected DA count for PD Response")
-
-def test_discovery_while_cli(dev, apdev, params):
-    """P2P provision discovery from CLI"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    run_discovery_while_cli(wpas, dev, params)
-
-def test_discovery_while_cli_p2p_dev(dev, apdev, params):
-    """P2P provision discovery from CLI (using P2P Device interface)"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        run_discovery_while_cli(wpas, dev, params)
-
-def test_discovery_device_name_change(dev):
-    """P2P device discovery and peer changing device name"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.set("device_name", "test-a")
-    wpas.p2p_listen()
-    dev[0].p2p_find(social=True)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Peer not found")
-    if "new=1" not in ev:
-        raise Exception("Incorrect new event: " + ev)
-    if "name='test-a'" not in ev:
-        raise Exception("Unexpected device name(1): " + ev)
-
-    # Verify that new P2P-DEVICE-FOUND event is indicated when the peer changes
-    # its device name.
-    wpas.set("device_name", "test-b")
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Peer update not seen")
-    if "new=0" not in ev:
-        raise Exception("Incorrect update event: " + ev)
-    if "name='test-b'" not in ev:
-        raise Exception("Unexpected device name(2): " + ev)
-    wpas.p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-def test_p2p_group_cli_invalid(dev, apdev):
-    """P2P device discovery with invalid group client info"""
-    attr = struct.pack('<BHBB', 2, 2, 0x25, 0x09)
-
-    attr += struct.pack('<BH', 3, 6) + "\x02\x02\x02\x02\x02\x00".encode()
-
-    cli = bytes()
-    cli += "\x02\x02\x02\x02\x02\x03".encode()
-    cli += "\x02\x02\x02\x02\x02\x04".encode()
-    cli += struct.pack('>BH', 0, 0x3148)
-    dev_type = "\x00\x00\x00\x00\x00\x00\x00\x01".encode()
-    cli += dev_type
-    num_sec = 25
-    cli += struct.pack('B', num_sec)
-    cli += num_sec * dev_type
-    name = "TEST".encode()
-    cli += struct.pack('>HH', 0x1011, len(name)) + name
-    desc = struct.pack('B', len(cli)) + cli
-    attr += struct.pack('<BH', 14, len(desc)) + desc
-
-    p2p_ie = struct.pack('>BBL', 0xdd, 4 + len(attr), 0x506f9a09) + attr
-    ie = binascii.hexlify(p2p_ie).decode()
-
-    params = {"ssid": "DIRECT-test",
-              "eap_server": "1",
-              "wps_state": "2",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-PSK",
-              "rsn_pairwise": "CCMP",
-              "vendor_elements": ie}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    for i in range(2):
-        dev[i].p2p_find(social=True)
-        ev = dev[i].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-        if not ev:
-            raise Exception("P2P device not found")
-
-def test_discovery_max_peers(dev):
-    """P2P device discovery and maximum peer limit exceeded"""
-    dev[0].p2p_listen()
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    probereq1 = "40000000ffffffffffff"
-    probereq2 = "ffffffffffff000000074449524543542d01080c1218243048606c0301012d1afe131bffff000000000000000000000100000000000000000000ff16230178c812400000bfce0000000000000000fafffaffdd730050f204104a000110103a00010110080002314810470010572cf82fc95756539b16b5cfb298abf1105400080000000000000000103c0001031002000200001009000200001012000200001021000120102300012010240001201011000844657669636520421049000900372a000120030101dd11506f9a0902020025000605005858045106"
-
-    # Fill the P2P peer table with max+1 entries based on Probe Request frames
-    # to verify correct behavior on# removing the oldest entry when running out
-    # of room.
-    for i in range(101):
-        addr = "0202020202%02x" % i
-        probereq = probereq1 + addr + probereq2
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=60 ssi_signal=-30 frame=" + probereq):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    res = dev[0].global_request("P2P_PEER FIRST")
-    addr = res.splitlines()[0]
-    peers = [addr]
-    limit = 200
-    while limit > 0:
-        res = dev[0].global_request("P2P_PEER NEXT-" + addr)
-        addr = res.splitlines()[0]
-        if addr == "FAIL":
-            break
-        peers.append(addr)
-        limit -= 1
-    logger.info("Peers: " + str(peers))
-
-    if len(peers) != 100:
-        raise Exception("Unexpected number of peer entries")
-    oldest = "02:02:02:02:02:00"
-    if oldest in peers:
-        raise Exception("Oldest entry is still present")
-    for i in range(101):
-        addr = "02:02:02:02:02:%02x" % i
-        if addr == oldest:
-            continue
-        if addr not in peers:
-            raise Exception("Peer missing from table: " + addr)
-
-    # Provision Discovery Request from the oldest peer (SA) using internally
-    # different P2P Device Address as a regression test for incorrect processing
-    # for this corner case.
-    dst = dev[0].own_addr().replace(':', '')
-    src = peers[99].replace(':', '')
-    devaddr = "0202020202ff"
-    pdreq = "d0004000" + dst + src + dst + "d0000409506f9a090701dd29506f9a0902020025000d1d00" + devaddr + "1108000000000000000000101100084465766963652041dd0a0050f204100800020008"
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=60 ssi_signal=-30 frame=" + pdreq):
-        raise Exception("MGMT_RX_PROCESS failed")
diff --git a/tests/hwsim/test_p2p_ext.py b/tests/hwsim/test_p2p_ext.py
deleted file mode 100644
index 2c23ee9a0b78..000000000000
--- a/tests/hwsim/test_p2p_ext.py
+++ /dev/null
@@ -1,384 +0,0 @@
-# P2P vendor specific extension tests
-# Copyright (c) 2014-2015, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import os
-
-from tshark import run_tshark
-from p2p_utils import *
-
-@remote_compatible
-def test_p2p_ext_discovery(dev):
-    """P2P device discovery with vendor specific extensions"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    try:
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 1 dd050011223344"):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        res = dev[0].request("VENDOR_ELEM_GET 1")
-        if res != "dd050011223344":
-            raise Exception("Unexpected VENDOR_ELEM_GET result: " + res)
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 1 dd06001122335566"):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        res = dev[0].request("VENDOR_ELEM_GET 1")
-        if res != "dd050011223344dd06001122335566":
-            raise Exception("Unexpected VENDOR_ELEM_GET result(2): " + res)
-        res = dev[0].request("VENDOR_ELEM_GET 2")
-        if res != "":
-            raise Exception("Unexpected VENDOR_ELEM_GET result(3): " + res)
-        if "OK" not in dev[0].request("VENDOR_ELEM_REMOVE 1 dd050011223344"):
-            raise Exception("VENDOR_ELEM_REMOVE failed")
-        res = dev[0].request("VENDOR_ELEM_GET 1")
-        if res != "dd06001122335566":
-            raise Exception("Unexpected VENDOR_ELEM_GET result(4): " + res)
-        if "OK" not in dev[0].request("VENDOR_ELEM_REMOVE 1 dd06001122335566"):
-            raise Exception("VENDOR_ELEM_REMOVE failed")
-        res = dev[0].request("VENDOR_ELEM_GET 1")
-        if res != "":
-            raise Exception("Unexpected VENDOR_ELEM_GET result(5): " + res)
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 1 dd050011223344dd06001122335566"):
-            raise Exception("VENDOR_ELEM_ADD failed(2)")
-
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_REMOVE 1 dd051122334455"):
-            raise Exception("Unexpected VENDOR_ELEM_REMOVE success")
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_REMOVE 1 dd"):
-            raise Exception("Unexpected VENDOR_ELEM_REMOVE success(2)")
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_ADD 1 ddff"):
-            raise Exception("Unexpected VENDOR_ELEM_ADD success(3)")
-
-        dev[0].p2p_listen()
-        if not dev[1].discover_peer(addr0):
-            raise Exception("Device discovery timed out")
-        if not dev[0].discover_peer(addr1):
-            raise Exception("Device discovery timed out")
-
-        peer = dev[1].get_peer(addr0)
-        if peer['vendor_elems'] != "dd050011223344dd06001122335566":
-            raise Exception("Vendor elements not reported correctly")
-
-        res = dev[0].request("VENDOR_ELEM_GET 1")
-        if res != "dd050011223344dd06001122335566":
-            raise Exception("Unexpected VENDOR_ELEM_GET result(6): " + res)
-        if "OK" not in dev[0].request("VENDOR_ELEM_REMOVE 1 dd06001122335566"):
-            raise Exception("VENDOR_ELEM_REMOVE failed")
-        res = dev[0].request("VENDOR_ELEM_GET 1")
-        if res != "dd050011223344":
-            raise Exception("Unexpected VENDOR_ELEM_GET result(7): " + res)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 1 *")
-
-@remote_compatible
-def test_p2p_ext_discovery_go(dev):
-    """P2P device discovery with vendor specific extensions for GO"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    try:
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 2 dd050011223344dd06001122335566"):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 3 dd050011223344dd06001122335566"):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 12 dd050011223344dd06001122335566"):
-            raise Exception("VENDOR_ELEM_ADD failed")
-
-        dev[0].p2p_start_go(freq="2412")
-        if not dev[1].discover_peer(addr0):
-            raise Exception("Device discovery timed out")
-        peer = dev[1].get_peer(addr0)
-        if peer['vendor_elems'] != "dd050011223344dd06001122335566":
-            logger.info("Peer vendor_elems: " + peer['vendor_elems'])
-            raise Exception("Vendor elements not reported correctly")
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 2 *")
-        dev[0].request("VENDOR_ELEM_REMOVE 3 *")
-        dev[0].request("VENDOR_ELEM_REMOVE 12 *")
-
-def test_p2p_ext_vendor_elem_probe_req(dev):
-    """VENDOR_ELEM in P2P Probe Request frames"""
-    try:
-        _test_p2p_ext_vendor_elem_probe_req(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 0 *")
-
-def _test_p2p_ext_vendor_elem_probe_req(dev):
-    addr1 = dev[1].p2p_dev_addr()
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 0 dd050011223300"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("MGMT-RX timeout")
-    if " 40" not in ev:
-        raise Exception("Not a Probe Request frame")
-    if "dd050011223300" not in ev:
-        raise Exception("Vendor element not found from Probe Request frame")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-def test_p2p_ext_vendor_elem_pd_req(dev):
-    """VENDOR_ELEM in PD Request frames"""
-    try:
-        _test_p2p_ext_vendor_elem_pd_req(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 4 *")
-
-def _test_p2p_ext_vendor_elem_pd_req(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 4 dd050011223301"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    dev[0].p2p_stop_find()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[0].global_request("P2P_PROV_DISC " + addr1 + " display")
-    for i in range(5):
-        ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("MGMT-RX timeout")
-        if " d0" in ev:
-            break
-    if "dd050011223301" not in ev:
-        raise Exception("Vendor element not found from PD Request frame")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-def test_p2p_ext_vendor_elem_pd_resp(dev):
-    """VENDOR_ELEM in PD Response frames"""
-    try:
-        _test_p2p_ext_vendor_elem_pd_resp(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 5 *")
-
-def _test_p2p_ext_vendor_elem_pd_resp(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 5 dd050011223302"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    dev[1].p2p_stop_find()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[1].global_request("P2P_PROV_DISC " + addr0 + " display")
-    for i in range(5):
-        ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("MGMT-RX timeout")
-        if " d0" in ev:
-            break
-    if "dd050011223302" not in ev:
-        raise Exception("Vendor element not found from PD Response frame")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-def test_p2p_ext_vendor_elem_go_neg_req(dev):
-    """VENDOR_ELEM in GO Negotiation Request frames"""
-    try:
-        _test_p2p_ext_vendor_elem_go_neg_req(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 6 *")
-
-def _test_p2p_ext_vendor_elem_go_neg_req(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 6 dd050011223303"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    dev[0].p2p_stop_find()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[0].global_request("P2P_CONNECT " + addr1 + " 12345670 display")
-    for i in range(5):
-        ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("MGMT-RX timeout")
-        if " d0" in ev:
-            break
-    if "dd050011223303" not in ev:
-        raise Exception("Vendor element not found from GO Negotiation Request frame")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-def test_p2p_ext_vendor_elem_go_neg_resp(dev):
-    """VENDOR_ELEM in GO Negotiation Response frames"""
-    try:
-        _test_p2p_ext_vendor_elem_go_neg_resp(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 7 *")
-
-def _test_p2p_ext_vendor_elem_go_neg_resp(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 7 dd050011223304"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    dev[1].p2p_stop_find()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[1].global_request("P2P_CONNECT " + addr0 + " 12345670 display")
-    for i in range(5):
-        ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("MGMT-RX timeout")
-        if " d0" in ev:
-            break
-    if "dd050011223304" not in ev:
-        raise Exception("Vendor element not found from GO Negotiation Response frame")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-def test_p2p_ext_vendor_elem_go_neg_conf(dev, apdev, params):
-    """VENDOR_ELEM in GO Negotiation Confirm frames"""
-    try:
-        _test_p2p_ext_vendor_elem_go_neg_conf(dev, apdev, params)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 8 *")
-
-def _test_p2p_ext_vendor_elem_go_neg_conf(dev, apdev, params):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 8 dd050011223305"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[0].p2p_listen()
-    dev[1].p2p_go_neg_auth(addr0, "12345670", "enter")
-    dev[1].p2p_listen()
-    dev[0].p2p_go_neg_init(addr1, "12345678", "display")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("GO negotiation timed out")
-    ev = dev[0].wait_global_event(["P2P-GROUP-FORMATION-FAILURE"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation failure not indicated")
-    dev[0].dump_monitor()
-    dev[1].p2p_go_neg_auth_result(expect_failure=True)
-    dev[1].dump_monitor()
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wifi_p2p.public_action.subtype == 2")
-    if "Vendor Specific Data: 3305" not in out:
-        raise Exception("Vendor element not found from GO Negotiation Confirm frame")
-
-def test_p2p_ext_vendor_elem_invitation(dev):
-    """VENDOR_ELEM in Invitation frames"""
-    try:
-        _test_p2p_ext_vendor_elem_invitation(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 9 *")
-        dev[0].request("VENDOR_ELEM_REMOVE 10 *")
-
-def _test_p2p_ext_vendor_elem_invitation(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    form(dev[0], dev[1])
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 9 dd050011223306"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 10 dd050011223307"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Device discovery timed out")
-    peer = dev[0].get_peer(addr1)
-    dev[0].p2p_stop_find()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[0].global_request("P2P_INVITE persistent=" + peer['persistent'] + " peer=" + addr1)
-    for i in range(5):
-        ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("MGMT-RX timeout")
-        if " d0" in ev:
-            break
-    if "dd050011223306" not in ev:
-        raise Exception("Vendor element not found from Invitation Request frame")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 0"):
-        raise Exception("Failed to disable external management frame handling")
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Device discovery timed out")
-    peer = dev[1].get_peer(addr0)
-    dev[1].p2p_stop_find()
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[1].global_request("P2P_INVITE persistent=" + peer['persistent'] + " peer=" + addr0)
-    for i in range(5):
-        ev = dev[1].wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("MGMT-RX timeout")
-        if " d0" in ev:
-            break
-    if "dd050011223307" not in ev:
-        raise Exception("Vendor element not found from Invitation Response frame")
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Group start not reported")
-    dev[0].group_form_result(ev)
-    dev[0].remove_group()
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-def test_p2p_ext_vendor_elem_assoc(dev, apdev, params):
-    """VENDOR_ELEM in Association frames"""
-    try:
-        _test_p2p_ext_vendor_elem_assoc(dev, apdev, params)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 11 *")
-        dev[1].request("VENDOR_ELEM_REMOVE 12 *")
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def _test_p2p_ext_vendor_elem_assoc(dev, apdev, params):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    res = dev[0].get_driver_status()
-    p2p_device = True if (int(res['capa.flags'], 0) & 0x20000000) else False
-
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 11 dd050011223308"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    if "OK" not in dev[1].request("VENDOR_ELEM_ADD 12 dd050011223309"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    if not p2p_device and "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 dd05001122330a"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    dev[0].p2p_listen()
-    dev[1].p2p_listen()
-    dev[1].p2p_go_neg_auth(addr0, "12345670", "enter", go_intent=15)
-    dev[0].p2p_go_neg_init(addr1, "12345670", "display", go_intent=0,
-                           timeout=15)
-    dev[1].p2p_go_neg_auth_result()
-    dev[1].remove_group()
-    dev[0].wait_go_ending_session()
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type_subtype == 0x00", wait=False)
-    if "Vendor Specific Data: 3308" not in out:
-        raise Exception("Vendor element (P2P) not found from Association Request frame")
-    if not p2p_device and "Vendor Specific Data: 330a" not in out:
-        raise Exception("Vendor element (non-P2P) not found from Association Request frame")
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type_subtype == 0x01", wait=False)
-    if "Vendor Specific Data: 3309" not in out:
-        raise Exception("Vendor element not found from Association Response frame")
diff --git a/tests/hwsim/test_p2p_grpform.py b/tests/hwsim/test_p2p_grpform.py
deleted file mode 100644
index 88e253c0b085..000000000000
--- a/tests/hwsim/test_p2p_grpform.py
+++ /dev/null
@@ -1,1185 +0,0 @@
-# P2P group formation test cases
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import logging
-logger = logging.getLogger()
-import struct
-import time
-import os
-
-import hostapd
-import hwsim_utils
-from utils import *
-from wpasupplicant import WpaSupplicant
-from p2p_utils import *
-from test_p2p_messages import parse_p2p_public_action, p2p_hdr, p2p_attr_capability, p2p_attr_go_intent, p2p_attr_config_timeout, p2p_attr_listen_channel, p2p_attr_intended_interface_addr, p2p_attr_channel_list, p2p_attr_device_info, p2p_attr_operating_channel, ie_p2p, ie_wsc, mgmt_tx, P2P_GO_NEG_REQ
-
-@remote_compatible
-def test_grpform(dev):
-    """P2P group formation using PIN and authorized connection (init -> GO)"""
-    try:
-        dev[0].global_request("SET p2p_group_idle 2")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0)
-        check_grpform_results(i_res, r_res)
-        dev[1].remove_group()
-        ev = dev[0].wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-        if ev is None:
-            raise Exception("GO did not remove group on idle timeout")
-        if "GO reason=IDLE" not in ev:
-            raise Exception("Unexpected group removal event: " + ev)
-    finally:
-        dev[0].global_request("SET p2p_group_idle 0")
-
-def test_grpform_a(dev):
-    """P2P group formation using PIN and authorized connection (init -> GO) (init: group iface)"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0)
-    if "p2p-wlan" not in i_res['ifname']:
-        raise Exception("Unexpected group interface name")
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-    if i_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-def test_grpform_b(dev):
-    """P2P group formation using PIN and authorized connection (init -> GO) (resp: group iface)"""
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0)
-    if "p2p-wlan" not in r_res['ifname']:
-        raise Exception("Unexpected group interface name")
-    check_grpform_results(i_res, r_res)
-    addr = dev[0].group_request("P2P_GROUP_MEMBER " + dev[1].p2p_dev_addr())
-    if "FAIL" in addr:
-        raise Exception("P2P_GROUP_MEMBER failed")
-    if addr != dev[1].p2p_interface_addr():
-        raise Exception("Unexpected P2P_GROUP_MEMBER result: " + addr)
-    if "FAIL" not in dev[0].group_request("P2P_GROUP_MEMBER a"):
-        raise Exception("Invalid P2P_GROUP_MEMBER command accepted")
-    if "FAIL" not in dev[0].group_request("P2P_GROUP_MEMBER 00:11:22:33:44:55"):
-        raise Exception("P2P_GROUP_MEMBER for non-member accepted")
-    remove_group(dev[0], dev[1])
-    if r_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-def test_grpform_c(dev):
-    """P2P group formation using PIN and authorized connection (init -> GO) (group iface)"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           r_dev=dev[1], r_intent=0)
-    if "p2p-wlan" not in i_res['ifname']:
-        raise Exception("Unexpected group interface name")
-    if "p2p-wlan" not in r_res['ifname']:
-        raise Exception("Unexpected group interface name")
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-    if i_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-    if r_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-@remote_compatible
-def test_grpform2(dev):
-    """P2P group formation using PIN and authorized connection (resp -> GO)"""
-    go_neg_pin_authorized(i_dev=dev[0], i_intent=0, r_dev=dev[1], r_intent=15)
-    remove_group(dev[0], dev[1])
-
-def test_grpform2_c(dev):
-    """P2P group formation using PIN and authorized connection (resp -> GO) (group iface)"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0, r_dev=dev[1], r_intent=15)
-    remove_group(dev[0], dev[1])
-    if i_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-    if r_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-@remote_compatible
-def test_grpform3(dev):
-    """P2P group formation using PIN and re-init GO Negotiation"""
-    go_neg_pin(i_dev=dev[0], i_intent=15, r_dev=dev[1], r_intent=0)
-    remove_group(dev[0], dev[1])
-
-def test_grpform3_c(dev):
-    """P2P group formation using PIN and re-init GO Negotiation (group iface)"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    [i_res, r_res] = go_neg_pin(i_dev=dev[0], i_intent=15, r_dev=dev[1], r_intent=0)
-    remove_group(dev[0], dev[1])
-    if i_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-    if r_res['ifname'] in get_ifnames():
-        raise Exception("Group interface netdev was not removed")
-
-@remote_compatible
-def test_grpform4(dev):
-    """P2P group formation response during p2p_find"""
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    dev[0].discover_peer(addr1)
-    dev[1].p2p_find(social=True)
-    time.sleep(0.4)
-    dev[0].global_request("P2P_CONNECT " + addr1 + " 12345670 display")
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-    if ev is None:
-        raise Exception("GO Negotiation RX timed out")
-    time.sleep(0.5)
-    dev[1].p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-@remote_compatible
-def test_grpform_pbc(dev):
-    """P2P group formation using PBC and re-init GO Negotiation"""
-    [i_res, r_res] = go_neg_pbc(i_dev=dev[0], i_intent=15, r_dev=dev[1], r_intent=0)
-    check_grpform_results(i_res, r_res)
-    if i_res['role'] != 'GO' or r_res['role'] != 'client':
-        raise Exception("Unexpected device roles")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_grpform_pd(dev):
-    """P2P group formation with PD-before-GO-Neg workaround"""
-    [i_res, r_res] = go_neg_pbc(i_dev=dev[0], provdisc=True, r_dev=dev[1], r_listen=True)
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
-
-def test_grpform_ext_listen(dev):
-    """P2P group formation with extended listen timing enabled"""
-    addr0 = dev[0].p2p_dev_addr()
-    try:
-        if "FAIL" not in dev[0].global_request("P2P_EXT_LISTEN 100"):
-            raise Exception("Invalid P2P_EXT_LISTEN accepted")
-        if "OK" not in dev[0].global_request("P2P_EXT_LISTEN 300 1000"):
-            raise Exception("Failed to set extended listen timing")
-        if "OK" not in dev[1].global_request("P2P_EXT_LISTEN 200 40000"):
-            raise Exception("Failed to set extended listen timing")
-        [i_res, r_res] = go_neg_pbc(i_dev=dev[0], provdisc=True, r_dev=dev[1],
-                                    r_listen=True, i_freq="2417", r_freq="2417",
-                                    i_intent=1, r_intent=15)
-        check_grpform_results(i_res, r_res)
-        peer1 = dev[0].get_peer(dev[1].p2p_dev_addr())
-        if peer1['ext_listen_interval'] != "40000":
-            raise Exception("Extended listen interval not discovered correctly")
-        if peer1['ext_listen_period'] != "200":
-            raise Exception("Extended listen period not discovered correctly")
-        peer0 = dev[1].get_peer(dev[0].p2p_dev_addr())
-        if peer0['ext_listen_interval'] != "1000":
-            raise Exception("Extended listen interval not discovered correctly")
-        if peer0['ext_listen_period'] != "300":
-            raise Exception("Extended listen period not discovered correctly")
-        if not dev[2].discover_peer(addr0):
-            raise Exception("Could not discover peer during ext listen")
-        remove_group(dev[0], dev[1])
-    finally:
-        if "OK" not in dev[0].global_request("P2P_EXT_LISTEN"):
-            raise Exception("Failed to clear extended listen timing")
-        if "OK" not in dev[1].global_request("P2P_EXT_LISTEN"):
-            raise Exception("Failed to clear extended listen timing")
-
-def test_grpform_ext_listen_oper(dev):
-    """P2P extended listen timing operations"""
-    try:
-        _test_grpform_ext_listen_oper(dev)
-    finally:
-        dev[0].global_request("P2P_EXT_LISTEN")
-
-def _test_grpform_ext_listen_oper(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr1 = wpas.p2p_dev_addr()
-    wpas.request("P2P_SET listen_channel 1")
-    wpas.global_request("SET p2p_no_group_iface 0")
-    wpas.request("P2P_LISTEN")
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    dev[0].request("P2P_LISTEN")
-    if not wpas.discover_peer(addr0):
-        raise Exception("Could not discover peer (2)")
-
-    dev[0].global_request("P2P_EXT_LISTEN 300 500")
-    dev[0].global_request("P2P_CONNECT " + addr1 + " 12345670 display auth go_intent=0 freq=2417")
-    wpas.global_request("P2P_CONNECT " + addr0 + " 12345670 enter go_intent=15 freq=2417")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("GO Negotiation failed")
-    ifaces = wpas.request("INTERFACES").splitlines()
-    iface = ifaces[0] if "p2p-wlan" in ifaces[0] else ifaces[1]
-    wpas.group_ifname = iface
-    if "OK" not in wpas.group_request("STOP_AP"):
-        raise Exception("STOP_AP failed")
-    wpas.group_request("SET ext_mgmt_frame_handling 1")
-    dev[1].p2p_find(social=True)
-    time.sleep(1)
-    if dev[1].peer_known(addr0):
-        raise Exception("Unexpected peer discovery")
-    ifaces = dev[0].request("INTERFACES").splitlines()
-    iface = ifaces[0] if "p2p-wlan" in ifaces[0] else ifaces[1]
-    if "OK" not in dev[0].global_request("P2P_GROUP_REMOVE " + iface):
-        raise Exception("Failed to request group removal")
-    wpas.remove_group()
-
-    count = 0
-    timeout = 15
-    found = False
-    while count < timeout * 4:
-        time.sleep(0.25)
-        count = count + 1
-        if dev[1].peer_known(addr0):
-            found = True
-            break
-    dev[1].p2p_stop_find()
-    if not found:
-        raise Exception("Could not discover peer that was supposed to use extended listen")
-
-@remote_compatible
-def test_both_go_intent_15(dev):
-    """P2P GO Negotiation with both devices using GO intent 15"""
-    go_neg_pin_authorized(i_dev=dev[0], i_intent=15, r_dev=dev[1], r_intent=15, expect_failure=True, i_go_neg_status=9)
-
-@remote_compatible
-def test_both_go_neg_display(dev):
-    """P2P GO Negotiation with both devices trying to display PIN"""
-    go_neg_pin_authorized(i_dev=dev[0], r_dev=dev[1], expect_failure=True, i_go_neg_status=10, i_method='display', r_method='display')
-
-@remote_compatible
-def test_both_go_neg_enter(dev):
-    """P2P GO Negotiation with both devices trying to enter PIN"""
-    go_neg_pin_authorized(i_dev=dev[0], r_dev=dev[1], expect_failure=True, i_go_neg_status=10, i_method='enter', r_method='enter')
-
-@remote_compatible
-def test_go_neg_pbc_vs_pin(dev):
-    """P2P GO Negotiation with one device using PBC and the other PIN"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    dev[0].p2p_listen()
-    if "OK" not in dev[0].request("P2P_CONNECT " + addr1 + " pbc auth"):
-        raise Exception("Failed to authorize GO Neg")
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    if "OK" not in dev[1].request("P2P_CONNECT " + addr0 + " 12345670 display"):
-        raise Exception("Failed to initiate GO Neg")
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("GO Negotiation failure timed out")
-    if "status=10" not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-@remote_compatible
-def test_go_neg_pin_vs_pbc(dev):
-    """P2P GO Negotiation with one device using PIN and the other PBC"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    dev[0].p2p_listen()
-    if "OK" not in dev[0].request("P2P_CONNECT " + addr1 + " 12345670 display auth"):
-        raise Exception("Failed to authorize GO Neg")
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    if "OK" not in dev[1].request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("Failed to initiate GO Neg")
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("GO Negotiation failure timed out")
-    if "status=10" not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-def test_grpform_per_sta_psk(dev):
-    """P2P group formation with per-STA PSKs"""
-    dev[0].global_request("P2P_SET per_sta_psk 1")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15, r_dev=dev[1], r_intent=0)
-    check_grpform_results(i_res, r_res)
-
-    pin = dev[2].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    c_res = dev[2].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60)
-    check_grpform_results(i_res, c_res)
-
-    if r_res['psk'] == c_res['psk']:
-        raise Exception("Same PSK assigned for both clients")
-
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[2].wait_go_ending_session()
-
-def test_grpform_per_sta_psk_wps(dev):
-    """P2P group formation with per-STA PSKs with non-P2P WPS STA"""
-    dev[0].global_request("P2P_SET per_sta_psk 1")
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15, r_dev=dev[1], r_intent=0)
-    check_grpform_results(i_res, r_res)
-
-    dev[0].p2p_go_authorize_client_pbc()
-    dev[2].request("WPS_PBC")
-    dev[2].wait_connected(timeout=30)
-
-    hwsim_utils.test_connectivity_p2p_sta(dev[1], dev[2])
-
-    dev[0].remove_group()
-    dev[2].request("DISCONNECT")
-    dev[1].wait_go_ending_session()
-
-@remote_compatible
-def test_grpform_force_chan_go(dev):
-    """P2P group formation forced channel selection by GO"""
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                           i_freq=2432,
-                                           r_dev=dev[1], r_intent=0,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    if i_res['freq'] != "2432":
-        raise Exception("Unexpected channel - did not follow GO's forced channel")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_grpform_force_chan_cli(dev):
-    """P2P group formation forced channel selection by client"""
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                           i_freq=2417,
-                                           r_dev=dev[1], r_intent=15,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    if i_res['freq'] != "2417":
-        raise Exception("Unexpected channel - did not follow GO's forced channel")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_grpform_force_chan_conflict(dev):
-    """P2P group formation fails due to forced channel mismatch"""
-    go_neg_pin_authorized(i_dev=dev[0], i_intent=0, i_freq=2422,
-                          r_dev=dev[1], r_intent=15, r_freq=2427,
-                          expect_failure=True, i_go_neg_status=7)
-
-@remote_compatible
-def test_grpform_pref_chan_go(dev):
-    """P2P group formation preferred channel selection by GO"""
-    try:
-        dev[0].request("SET p2p_pref_chan 81:7")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if i_res['freq'] != "2442":
-            raise Exception("Unexpected channel - did not follow GO's p2p_pref_chan")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[0].request("SET p2p_pref_chan ")
-
-@remote_compatible
-def test_grpform_pref_chan_go_overridden(dev):
-    """P2P group formation preferred channel selection by GO overridden by client"""
-    try:
-        dev[1].request("SET p2p_pref_chan 81:7")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                               i_freq=2422,
-                                               r_dev=dev[1], r_intent=15,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if i_res['freq'] != "2422":
-            raise Exception("Unexpected channel - did not follow client's forced channel")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[1].request("SET p2p_pref_chan ")
-
-@remote_compatible
-def test_grpform_no_go_freq_forcing_chan(dev):
-    """P2P group formation with no-GO freq forcing channel"""
-    try:
-        dev[1].request("SET p2p_no_go_freq 100-200,300,4000-6000")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                               r_dev=dev[1], r_intent=15,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if int(i_res['freq']) > 4000:
-            raise Exception("Unexpected channel - did not follow no-GO freq")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[1].request("SET p2p_no_go_freq ")
-
-@remote_compatible
-def test_grpform_no_go_freq_conflict(dev):
-    """P2P group formation fails due to no-GO range forced by client"""
-    try:
-        dev[1].request("SET p2p_no_go_freq 2000-3000")
-        go_neg_pin_authorized(i_dev=dev[0], i_intent=0, i_freq=2422,
-                              r_dev=dev[1], r_intent=15,
-                              expect_failure=True, i_go_neg_status=7)
-    finally:
-        dev[1].request("SET p2p_no_go_freq ")
-
-@remote_compatible
-def test_grpform_no_5ghz_world_roaming(dev):
-    """P2P group formation with world roaming regulatory"""
-    [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                           r_dev=dev[1], r_intent=15,
-                                           test_data=False)
-    check_grpform_results(i_res, r_res)
-    if int(i_res['freq']) > 4000:
-        raise Exception("Unexpected channel - did not follow world roaming rules")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_grpform_no_5ghz_add_cli(dev):
-    """P2P group formation with passive scan 5 GHz and p2p_add_cli_chan=1"""
-    try:
-        dev[0].request("SET p2p_add_cli_chan 1")
-        dev[1].request("SET p2p_add_cli_chan 1")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                               r_dev=dev[1], r_intent=14,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if int(i_res['freq']) > 4000:
-            raise Exception("Unexpected channel - did not follow world roaming rules")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[0].request("SET p2p_add_cli_chan 0")
-        dev[1].request("SET p2p_add_cli_chan 0")
-
-@remote_compatible
-def test_grpform_no_5ghz_add_cli2(dev):
-    """P2P group formation with passive scan 5 GHz and p2p_add_cli_chan=1 (reverse)"""
-    try:
-        dev[0].request("SET p2p_add_cli_chan 1")
-        dev[1].request("SET p2p_add_cli_chan 1")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=14,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if int(i_res['freq']) > 4000:
-            raise Exception("Unexpected channel - did not follow world roaming rules")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[0].request("SET p2p_add_cli_chan 0")
-        dev[1].request("SET p2p_add_cli_chan 0")
-
-@remote_compatible
-def test_grpform_no_5ghz_add_cli3(dev):
-    """P2P group formation with passive scan 5 GHz and p2p_add_cli_chan=1 (intent 15)"""
-    try:
-        dev[0].request("SET p2p_add_cli_chan 1")
-        dev[1].request("SET p2p_add_cli_chan 1")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=0,
-                                               r_dev=dev[1], r_intent=15,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if int(i_res['freq']) > 4000:
-            raise Exception("Unexpected channel - did not follow world roaming rules")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[0].request("SET p2p_add_cli_chan 0")
-        dev[1].request("SET p2p_add_cli_chan 0")
-
-@remote_compatible
-def test_grpform_no_5ghz_add_cli4(dev):
-    """P2P group formation with passive scan 5 GHz and p2p_add_cli_chan=1 (reverse; intent 15)"""
-    try:
-        dev[0].request("SET p2p_add_cli_chan 1")
-        dev[1].request("SET p2p_add_cli_chan 1")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0,
-                                               test_data=False)
-        check_grpform_results(i_res, r_res)
-        if int(i_res['freq']) > 4000:
-            raise Exception("Unexpected channel - did not follow world roaming rules")
-        remove_group(dev[0], dev[1])
-    finally:
-        dev[0].request("SET p2p_add_cli_chan 0")
-        dev[1].request("SET p2p_add_cli_chan 0")
-
-@remote_compatible
-def test_grpform_incorrect_pin(dev):
-    """P2P GO Negotiation with incorrect PIN"""
-    dev[1].p2p_listen()
-    addr1 = dev[1].p2p_dev_addr()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Peer not found")
-    res = dev[1].global_request("P2P_CONNECT " + dev[0].p2p_dev_addr() + " pin auth go_intent=0")
-    if "FAIL" in res:
-        raise Exception("P2P_CONNECT failed to generate PIN")
-    logger.info("PIN from P2P_CONNECT: " + res)
-    dev[0].global_request("P2P_CONNECT " + addr1 + " 00000000 enter go_intent=15")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("GO Negotiation did not complete successfully(0)")
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=15)
-    if ev is None:
-        raise Exception("GO Negotiation did not complete successfully(1)")
-    ev = dev[1].wait_global_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS failure not reported(1)")
-    if "msg=8 config_error=18" not in ev:
-        raise Exception("Unexpected WPS failure(1): " + ev)
-    ev = dev[0].wait_global_event(["WPS-FAIL"], timeout=15)
-    if ev is None:
-        raise Exception("WPS failure not reported")
-    if "msg=8 config_error=18" not in ev:
-        raise Exception("Unexpected WPS failure: " + ev)
-    ev = dev[1].wait_global_event(["P2P-GROUP-FORMATION-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("Group formation failure timed out")
-    ev = dev[0].wait_global_event(["P2P-GROUP-FORMATION-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("Group formation failure timed out")
-
-@remote_compatible
-def test_grpform_reject(dev):
-    """User rejecting group formation attempt by a P2P peer"""
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].p2p_listen()
-    dev[1].p2p_go_neg_init(addr0, None, "pbc")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=15)
-    if ev is None:
-        raise Exception("GO Negotiation timed out")
-    if "OK" in dev[0].global_request("P2P_REJECT foo"):
-        raise Exception("Invalid P2P_REJECT accepted")
-    if "FAIL" in dev[0].global_request("P2P_REJECT " + ev.split(' ')[1]):
-        raise Exception("P2P_REJECT failed")
-    dev[1].request("P2P_STOP_FIND")
-    dev[1].p2p_go_neg_init(addr0, None, "pbc")
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("Rejection not reported")
-    if "status=11" not in ev:
-        raise Exception("Unexpected status code in rejection")
-
-@remote_compatible
-def test_grpform_pd_no_probe_resp(dev):
-    """GO Negotiation after PD, but no Probe Response"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Peer not found")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_stop_find()
-    peer = dev[0].get_peer(addr1)
-    if peer['listen_freq'] == '0':
-        raise Exception("Peer listen frequency not learned from Probe Request")
-    time.sleep(0.3)
-    dev[0].request("P2P_FLUSH")
-    dev[0].p2p_listen()
-    dev[1].global_request("P2P_PROV_DISC " + addr0 + " display")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=5)
-    if ev is None:
-        raise Exception("PD Request timed out")
-    ev = dev[1].wait_global_event(["P2P-PROV-DISC-ENTER-PIN"], timeout=5)
-    if ev is None:
-        raise Exception("PD Response timed out")
-    peer = dev[0].get_peer(addr1)
-    if peer['listen_freq'] != '0':
-        raise Exception("Peer listen frequency learned unexpectedly from PD Request")
-
-    pin = dev[0].wps_read_pin()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " " + pin + " enter"):
-        raise Exception("P2P_CONNECT on initiator failed")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=5)
-    if ev is None:
-        raise Exception("GO Negotiation start timed out")
-    peer = dev[0].get_peer(addr1)
-    if peer['listen_freq'] == '0':
-        raise Exception("Peer listen frequency not learned from PD followed by GO Neg Req")
-    if "FAIL" in dev[0].global_request("P2P_CONNECT " + addr1 + " " + pin + " display"):
-        raise Exception("P2P_CONNECT on responder failed")
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-
-def test_go_neg_two_peers(dev):
-    """P2P GO Negotiation rejected due to already started negotiation with another peer"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[1].p2p_listen()
-    dev[2].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    if not dev[0].discover_peer(addr2):
-        raise Exception("Could not discover peer")
-    if "OK" not in dev[0].request("P2P_CONNECT " + addr2 + " pbc auth"):
-        raise Exception("Failed to authorize GO Neg")
-    dev[0].p2p_listen()
-    if not dev[2].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    if "OK" not in dev[0].request("P2P_CONNECT " + addr1 + " pbc"):
-        raise Exception("Failed to initiate GO Neg")
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=5)
-    if ev is None:
-        raise Exception("timeout on GO Neg RX event")
-    dev[2].request("P2P_CONNECT " + addr0 + " pbc")
-    ev = dev[2].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("Rejection not reported")
-    if "status=5" not in ev:
-        raise Exception("Unexpected status code in rejection: " + ev)
-
-def clear_pbc_overlap(dev, ap):
-    hostapd.remove_bss(ap)
-    dev[0].request("P2P_CANCEL")
-    dev[1].request("P2P_CANCEL")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    remove_group(dev[0], dev[1], allow_failure=True)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    time.sleep(0.1)
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-    time.sleep(0.1)
-
-@remote_compatible
-def test_grpform_pbc_overlap(dev, apdev):
-    """P2P group formation during PBC overlap"""
-    params = {"ssid": "wps", "eap_server": "1", "wps_state": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-    time.sleep(0.1)
-
-    # Since P2P Client scan case is now optimized to use a specific SSID, the
-    # WPS AP will not reply to that and the scan after GO Negotiation can quite
-    # likely miss the AP due to dwell time being short enough to miss the Beacon
-    # frame. This has made the test case somewhat pointless, but keep it here
-    # for now with an additional scan to confirm that PBC detection works if
-    # there is a BSS entry for a overlapping AP.
-    for i in range(0, 5):
-        dev[0].scan(freq="2412")
-        if dev[0].get_bss(apdev[0]['bssid']) is not None:
-            break
-
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    dev[0].p2p_listen()
-    if "OK" not in dev[0].global_request("P2P_CONNECT " + addr1 + " pbc auth go_intent=0"):
-        raise Exception("Failed to authorize GO Neg")
-    if "OK" not in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=15 freq=2412"):
-        raise Exception("Failed to initiate GO Neg")
-    ev = dev[0].wait_global_event(["WPS-OVERLAP-DETECTED",
-                                   "P2P-GROUP-FORMATION-SUCCESS"], timeout=15)
-    clear_pbc_overlap(dev, apdev[0])
-    if ev is None or "P2P-GROUP-FORMATION-SUCCESS" not in ev:
-        raise Exception("P2P group formation did not complete")
-
-@remote_compatible
-def test_grpform_pbc_overlap_group_iface(dev, apdev):
-    """P2P group formation during PBC overlap using group interfaces"""
-    # Note: Need to include P2P IE from the AP to get the P2P interface BSS
-    # update use this information.
-    params = {"ssid": "wps", "eap_server": "1", "wps_state": "1",
-              "beacon_int": "15", 'manage_p2p': '1'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.request("WPS_PBC")
-
-    dev[0].request("SET p2p_no_group_iface 0")
-    dev[1].request("SET p2p_no_group_iface 0")
-
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    dev[0].p2p_stop_find()
-    dev[0].scan(freq="2412")
-    dev[0].p2p_listen()
-    if "OK" not in dev[0].global_request("P2P_CONNECT " + addr1 + " pbc auth go_intent=0"):
-        raise Exception("Failed to authorize GO Neg")
-    if "OK" not in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=15 freq=2412"):
-        raise Exception("Failed to initiate GO Neg")
-    ev = dev[0].wait_global_event(["WPS-OVERLAP-DETECTED",
-                                   "P2P-GROUP-FORMATION-SUCCESS"], timeout=15)
-    clear_pbc_overlap(dev, apdev[0])
-    if ev is None or "P2P-GROUP-FORMATION-SUCCESS" not in ev:
-        raise Exception("P2P group formation did not complete")
-
-@remote_compatible
-def test_grpform_goneg_fail_with_group_iface(dev):
-    """P2P group formation fails while using group interface"""
-    dev[0].request("SET p2p_no_group_iface 0")
-    dev[1].p2p_listen()
-    peer = dev[1].p2p_dev_addr()
-    if not dev[0].discover_peer(peer):
-        raise Exception("Peer " + peer + " not found")
-    if "OK" not in dev[1].request("P2P_REJECT " + dev[0].p2p_dev_addr()):
-        raise Exception("P2P_REJECT failed")
-    if "OK" not in dev[0].request("P2P_CONNECT " + peer + " pbc"):
-        raise Exception("P2P_CONNECT failed")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("GO Negotiation failure timed out")
-
-@long_duration_test
-def test_grpform_cred_ready_timeout(dev):
-    """P2P GO Negotiation wait for credentials to become ready"""
-    dev[1].p2p_listen()
-    addr1 = dev[1].p2p_dev_addr()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Peer " + addr1 + " not found")
-    if not dev[2].discover_peer(addr1):
-        raise Exception("Peer " + addr1 + " not found(2)")
-
-    start = os.times()[4]
-
-    cmd = "P2P_CONNECT " + addr1 + " 12345670 display"
-    if "OK" not in dev[0].global_request(cmd):
-        raise Exception("Failed to initiate GO Neg")
-
-    if "OK" not in dev[2].global_request(cmd):
-        raise Exception("Failed to initiate GO Neg(2)")
-
-    # First, check with p2p_find
-    ev = dev[2].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=30)
-    if ev is not None:
-        raise Exception("Too early GO Negotiation timeout reported(2)")
-    dev[2].dump_monitor()
-    logger.info("Starting p2p_find to change state")
-    dev[2].p2p_find()
-    for i in range(10):
-        ev = dev[2].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=10)
-        if ev:
-            break
-        dev[2].dump_monitor(global_mon=False)
-    if ev is None:
-        raise Exception("GO Negotiation failure timed out(2)")
-    dev[2].dump_monitor()
-    end = os.times()[4]
-    logger.info("GO Negotiation wait time: {} seconds(2)".format(end - start))
-    if end - start < 120:
-        raise Exception("Too short GO Negotiation wait time(2): {}".format(end - start))
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-
-    wpas.p2p_listen()
-    ev = dev[2].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("Did not discover new device after GO Negotiation failure")
-    if wpas.p2p_dev_addr() not in ev:
-        raise Exception("Unexpected device found: " + ev)
-    dev[2].p2p_stop_find()
-    dev[2].dump_monitor()
-    wpas.p2p_stop_find()
-    wpas.close_monitor()
-    del wpas
-
-    # Finally, verify without p2p_find
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=120)
-    if ev is None:
-        raise Exception("GO Negotiation failure timed out")
-    end = os.times()[4]
-    logger.info("GO Negotiation wait time: {} seconds".format(end - start))
-    if end - start < 120:
-        raise Exception("Too short GO Negotiation wait time: {}".format(end - start))
-
-def test_grpform_no_wsc_done(dev):
-    """P2P group formation with WSC-Done not sent"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    for i in range(0, 2):
-        dev[0].request("SET ext_eapol_frame_io 1")
-        dev[1].request("SET ext_eapol_frame_io 1")
-        dev[0].p2p_listen()
-        dev[1].p2p_go_neg_auth(addr0, "12345670", "display", 0)
-        dev[1].p2p_listen()
-        dev[0].p2p_go_neg_init(addr1, "12345670", "enter", timeout=20,
-                               go_intent=15, wait_group=False)
-
-        mode = None
-        while True:
-            ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAPOL-TX from GO")
-            if not mode:
-                mode = dev[0].get_status_field("mode")
-            res = dev[1].request("EAPOL_RX " + addr0 + " " + ev.split(' ')[2])
-            if "OK" not in res:
-                raise Exception("EAPOL_RX failed")
-            ev = dev[1].wait_event(["EAPOL-TX"], timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAPOL-TX from P2P Client")
-            msg = ev.split(' ')[2]
-            if msg[46:56] == "102200010f":
-                logger.info("Drop WSC_Done")
-                dev[0].request("SET ext_eapol_frame_io 0")
-                dev[1].request("SET ext_eapol_frame_io 0")
-                # Fake EAP-Failure to complete session on the client
-                id = msg[10:12]
-                dev[1].request("EAPOL_RX " + addr0 + " 0300000404" + id + "0004")
-                break
-            res = dev[0].request("EAPOL_RX " + addr1 + " " + msg)
-            if "OK" not in res:
-                raise Exception("EAPOL_RX failed")
-
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Group formation timed out on GO")
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Group formation timed out on P2P Client")
-        dev[0].remove_group()
-        dev[1].wait_go_ending_session()
-
-        if mode != "P2P GO - group formation":
-            raise Exception("Unexpected mode on GO during group formation: " + mode)
-
-@remote_compatible
-def test_grpform_wait_peer(dev):
-    """P2P group formation wait for peer to become ready"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Peer " + addr1 + " not found")
-    dev[0].request("SET extra_roc_dur 500")
-    if "OK" not in dev[0].request("P2P_CONNECT " + addr1 + " 12345670 display go_intent=15"):
-        raise Exception("Failed to initiate GO Neg")
-    time.sleep(3)
-    dev[1].request("P2P_CONNECT " + addr0 + " 12345670 enter go_intent=0")
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    dev[0].group_form_result(ev)
-
-    dev[0].request("SET extra_roc_dur 0")
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    dev[0].remove_group()
-
-@remote_compatible
-def test_invalid_p2p_connect_command(dev):
-    """P2P_CONNECT error cases"""
-    id = dev[0].add_network()
-    for cmd in ["foo",
-                "00:11:22:33:44:55",
-                "00:11:22:33:44:55 pbc persistent=123",
-                "00:11:22:33:44:55 pbc persistent=%d" % id,
-                "00:11:22:33:44:55 pbc go_intent=-1",
-                "00:11:22:33:44:55 pbc go_intent=16",
-                "00:11:22:33:44:55 pin",
-                "00:11:22:33:44:55 pbc freq=0"]:
-        if "FAIL" not in dev[0].request("P2P_CONNECT " + cmd):
-            raise Exception("Invalid P2P_CONNECT command accepted: " + cmd)
-
-    if "FAIL-INVALID-PIN" not in dev[0].request("P2P_CONNECT 00:11:22:33:44:55 1234567"):
-        raise Exception("Invalid PIN was not rejected")
-    if "FAIL-INVALID-PIN" not in dev[0].request("P2P_CONNECT 00:11:22:33:44:55 12345678a"):
-        raise Exception("Invalid PIN was not rejected")
-
-    if "FAIL-CHANNEL-UNSUPPORTED" not in dev[0].request("P2P_CONNECT 00:11:22:33:44:55 pin freq=3000"):
-        raise Exception("Unsupported channel not reported")
-
-@remote_compatible
-def test_p2p_unauthorize(dev):
-    """P2P_UNAUTHORIZE to unauthorize a peer"""
-    if "FAIL" not in dev[0].request("P2P_UNAUTHORIZE foo"):
-        raise Exception("Invalid P2P_UNAUTHORIZE accepted")
-    if "FAIL" not in dev[0].request("P2P_UNAUTHORIZE 00:11:22:33:44:55"):
-        raise Exception("P2P_UNAUTHORIZE for unknown peer accepted")
-
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    pin = dev[0].wps_read_pin()
-    dev[0].p2p_go_neg_auth(addr1, pin, "display")
-    dev[0].p2p_listen()
-    if "OK" not in dev[0].request("P2P_UNAUTHORIZE " + addr1):
-        raise Exception("P2P_UNAUTHORIZE failed")
-    dev[1].p2p_go_neg_init(addr0, pin, "keypad", timeout=0)
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=10)
-    if ev is None:
-        raise Exception("No GO Negotiation Request RX reported")
-
-@remote_compatible
-def test_grpform_pbc_multiple(dev):
-    """P2P group formation using PBC multiple times in a row"""
-    try:
-        dev[1].request("SET passive_scan 1")
-        for i in range(5):
-            [i_res, r_res] = go_neg_pbc_authorized(i_dev=dev[0], i_intent=15,
-                                                   r_dev=dev[1], r_intent=0)
-            remove_group(dev[0], dev[1])
-    finally:
-        dev[1].request("SET passive_scan 0")
-        dev[1].flush_scan_cache()
-
-def test_grpform_not_ready(dev):
-    """Not ready for GO Negotiation (listen)"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    dev[1].global_request("P2P_CONNECT " + addr0 + " pbc")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=5)
-    if ev is None:
-        raise Exception("No P2P-GO-NEG-REQUEST event")
-    dev[0].dump_monitor()
-    time.sleep(5)
-    if not dev[2].discover_peer(addr0):
-        raise Exception("Could not discover peer(2)")
-    for i in range(3):
-        dev[i].p2p_stop_find()
-
-def test_grpform_not_ready2(dev):
-    """Not ready for GO Negotiation (search)"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[0].p2p_find(social=True)
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    dev[1].global_request("P2P_CONNECT " + addr0 + " pbc")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=5)
-    if ev is None:
-        raise Exception("No P2P-GO-NEG-REQUEST event")
-    dev[0].dump_monitor()
-    time.sleep(1)
-    dev[2].p2p_listen()
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("Peer not discovered after GO Neg Resp(status=1) TX")
-    if addr2 not in ev:
-        raise Exception("Unexpected peer discovered: " + ev)
-    for i in range(3):
-        dev[i].p2p_stop_find()
-
-@remote_compatible
-def test_grpform_and_scan(dev):
-    """GO Negotiation and scan operations"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1):
-        raise Exception("Could not discover peer")
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-    if "OK" not in dev[0].request("SCAN TYPE=ONLY freq=2412-2472"):
-        raise Exception("Could not start scan")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Scan did not start")
-    time.sleep(0.1)
-    # Request PD while the previously started scan is still in progress
-    if "OK" not in dev[0].request("P2P_PROV_DISC %s pbc" % addr1):
-        raise Exception("Could not request PD")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-    time.sleep(0.3)
-
-    dev[1].p2p_listen()
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-PBC-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("PD Response not received")
-
-    if "OK" not in dev[0].request("SCAN TYPE=ONLY freq=2412-2472"):
-        raise Exception("Could not start scan")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Scan did not start")
-    time.sleep(0.1)
-    # Request GO Neg while the previously started scan is still in progress
-    if "OK" not in dev[0].request("P2P_CONNECT %s pbc" % addr1):
-        raise Exception("Could not request GO Negotiation")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=10)
-    if ev is None:
-        raise Exception("GO Neg Req RX not reported")
-
-    dev[1].p2p_stop_find()
-
-    if "OK" not in dev[1].request("SCAN TYPE=ONLY freq=2412-2472"):
-        raise Exception("Could not start scan")
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Scan did not start")
-    time.sleep(0.1)
-    dev[1].global_request("P2P_CONNECT " + addr0 + " pbc")
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-
-    ev0 = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev0 is None:
-        raise Exception("Group formation timed out on dev0")
-    dev[0].group_form_result(ev0)
-
-    ev1 = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev1 is None:
-        raise Exception("Group formation timed out on dev1")
-    dev[1].group_form_result(ev1)
-
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    remove_group(dev[0], dev[1])
-
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_grpform_go_neg_dup_on_restart(dev):
-    """Duplicated GO Negotiation Request after GO Neg restart"""
-    if dev[0].p2p_dev_addr() > dev[1].p2p_dev_addr():
-        higher = dev[0]
-        lower = dev[1]
-    else:
-        higher = dev[1]
-        lower = dev[0]
-    addr_low = lower.p2p_dev_addr()
-    addr_high = higher.p2p_dev_addr()
-    higher.p2p_listen()
-    if not lower.discover_peer(addr_high):
-        raise Exception("Could not discover peer")
-    lower.p2p_stop_find()
-
-    if "OK" not in lower.request("P2P_CONNECT %s pbc" % addr_high):
-        raise Exception("Could not request GO Negotiation")
-    ev = higher.wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=10)
-    if ev is None:
-        raise Exception("GO Neg Req RX not reported")
-
-    # Wait for GO Negotiation Response (Status=1) to go through
-    time.sleep(0.2)
-
-    if "FAIL" in lower.request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    higher.p2p_stop_find()
-    higher.global_request("P2P_CONNECT " + addr_low + " pbc")
-
-    # Wait for the GO Negotiation Request frame of the restarted GO Negotiation
-    rx_msg = lower.mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame")
-    if p2p['subtype'] != 0:
-        raise Exception("Unexpected P2P Public Action subtype %d" % p2p['subtype'])
-
-    # Send duplicate GO Negotiation Request from the prior instance of GO
-    # Negotiation
-    lower.p2p_stop_find()
-    peer = higher.get_peer(addr_low)
-
-    msg = p2p_hdr(addr_high, addr_low, type=P2P_GO_NEG_REQ, dialog_token=123)
-    attrs = p2p_attr_capability(dev_capab=0x25, group_capab=0x08)
-    attrs += p2p_attr_go_intent(go_intent=7, tie_breaker=1)
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel(chan=(int(peer['listen_freq']) - 2407) // 5)
-    attrs += p2p_attr_intended_interface_addr(lower.p2p_dev_addr())
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr_low, config_methods=0x80, name="Device A")
-    attrs += p2p_attr_operating_channel()
-    wsc_attrs = struct.pack(">HHH", 0x1012, 2, 4)
-    msg['payload'] += ie_p2p(attrs) + ie_wsc(wsc_attrs)
-    mgmt_tx(lower, "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(addr_high, addr_high, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-
-    # Wait for the GO Negotiation Response frame which would have been sent in
-    # this case previously, but not anymore after the check for
-    # dev->go_neg_req_sent and dev->flags & P2P_DEV_PEER_WAITING_RESPONSE.
-    rx_msg = lower.mgmt_rx(timeout=0.2)
-    if rx_msg is not None:
-        raise Exception("Unexpected management frame")
-
-    if "FAIL" in lower.request("SET ext_mgmt_frame_handling 0"):
-        raise Exception("Failed to disable external management frame handling")
-    lower.p2p_listen()
-
-    ev = lower.wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("GO Negotiation did not succeed on dev0")
-
-    ev = higher.wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("GO Negotiation did not succeed on dev1")
-
-    ev0 = lower.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev0 is None:
-        raise Exception("Group formation timed out on dev0")
-    lower.group_form_result(ev0)
-
-    ev1 = higher.wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev1 is None:
-        raise Exception("Group formation timed out on dev1")
-    higher.group_form_result(ev1)
-
-    lower.dump_monitor()
-    higher.dump_monitor()
-
-    remove_group(lower, higher)
-
-    lower.dump_monitor()
-    higher.dump_monitor()
-
-@remote_compatible
-def test_grpform_go_neg_stopped(dev):
-    """GO Negotiation stopped after TX start"""
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    dev[0].p2p_stop_find()
-    if "OK" not in dev[1].request("P2P_CONNECT %s pbc" % addr0):
-        raise Exception("Could not request GO Negotiation")
-    dev[1].p2p_stop_find()
-    dev[1].p2p_listen()
-    dev[0].p2p_find(social=True)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=1.2)
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    if ev is None:
-        raise Exception("Did not find peer quickly enough after stopped P2P_CONNECT")
-
-def test_grpform_random_addr(dev):
-    """P2P group formation with random interface addresses"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    try:
-        if "OK" not in dev[0].global_request("SET p2p_interface_random_mac_addr 1"):
-            raise Exception("Failed to set p2p_interface_random_mac_addr")
-        if "OK" not in dev[1].global_request("SET p2p_interface_random_mac_addr 1"):
-            raise Exception("Failed to set p2p_interface_random_mac_addr")
-        [i_res, r_res] = go_neg_pin_authorized(i_dev=dev[0], i_intent=15,
-                                               r_dev=dev[1], r_intent=0)
-        if "p2p-wlan" not in i_res['ifname']:
-            raise Exception("Unexpected group interface name")
-        check_grpform_results(i_res, r_res)
-        hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-        remove_group(dev[0], dev[1])
-        if i_res['ifname'] in get_ifnames():
-            raise Exception("Group interface netdev was not removed")
-    finally:
-        dev[0].global_request("SET p2p_interface_random_mac_addr 0")
-        dev[1].global_request("SET p2p_interface_random_mac_addr 0")
diff --git a/tests/hwsim/test_p2p_invitation.py b/tests/hwsim/test_p2p_invitation.py
deleted file mode 100644
index 1e84af29dfb9..000000000000
--- a/tests/hwsim/test_p2p_invitation.py
+++ /dev/null
@@ -1,195 +0,0 @@
-# P2P invitation test cases
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-
-@remote_compatible
-def test_p2p_go_invite(dev):
-    """P2P GO inviting a client to join"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    logger.info("Generate BSS table entry for old group")
-    # this adds more coverage to testing by forcing the GO to be found with an
-    # older entry in the BSS table and with that entry having a different
-    # operating channel.
-    dev[0].p2p_start_go(freq=2422)
-    dev[1].scan()
-    dev[0].remove_group()
-
-    logger.info("Discover peer")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1, social=True):
-        raise Exception("Peer " + addr1 + " not found")
-
-    logger.info("Start GO on non-social channel")
-    res = dev[0].p2p_start_go(freq=2417)
-    logger.debug("res: " + str(res))
-
-    logger.info("Invite peer to join the group")
-    dev[0].global_request("P2P_INVITE group=" + dev[0].group_ifname + " peer=" + addr1)
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation on peer")
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation on GO")
-    if "status=1" not in ev:
-        raise Exception("Unexpected invitation result")
-
-    logger.info("Join the group")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(addr0, pin, timeout=60)
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-
-    logger.info("Terminate group")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-@remote_compatible
-def test_p2p_go_invite_auth(dev):
-    """P2P GO inviting a client to join (authorized invitation)"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    logger.info("Generate BSS table entry for old group")
-    # this adds more coverage to testing by forcing the GO to be found with an
-    # older entry in the BSS table and with that entry having a different
-    # operating channel.
-    dev[0].p2p_start_go(freq=2432)
-    dev[1].scan()
-    dev[0].remove_group()
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.info("Discover peer")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1, social=True):
-        raise Exception("Peer " + addr1 + " not found")
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0, social=True):
-        raise Exception("Peer " + addr0 + " not found")
-    dev[1].p2p_listen()
-
-    logger.info("Authorize invitation")
-    pin = dev[1].wps_read_pin()
-    dev[1].global_request("P2P_CONNECT " + addr0 + " " + pin + " join auth")
-
-    logger.info("Start GO on non-social channel")
-    res = dev[0].p2p_start_go(freq=2427)
-    logger.debug("res: " + str(res))
-
-    logger.info("Invite peer to join the group")
-    dev[0].p2p_go_authorize_client(pin)
-    dev[0].global_request("P2P_INVITE group=" + dev[0].group_ifname + " peer=" + addr1)
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED",
-                                   "P2P-GROUP-STARTED"], timeout=20)
-    if ev is None:
-        raise Exception("Timeout on invitation on peer")
-    if "P2P-INVITATION-RECEIVED" in ev:
-        raise Exception("Unexpected request to accept pre-authorized invitaton")
-    dev[1].group_form_result(ev)
-    dev[0].dump_monitor()
-
-    logger.info("Client connected")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-
-    logger.info("Terminate group")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-@remote_compatible
-def test_p2p_go_invite_unknown(dev):
-    """P2P GO inviting a client that has not discovered the GO"""
-    try:
-        addr0 = dev[0].p2p_dev_addr()
-        addr1 = dev[1].p2p_dev_addr()
-
-        dev[1].p2p_listen()
-        if not dev[0].discover_peer(addr1, social=True):
-            raise Exception("Peer " + addr1 + " not found")
-        dev[1].global_request("P2P_FLUSH")
-        dev[1].p2p_listen()
-
-        dev[0].p2p_start_go(freq=2412)
-
-        logger.info("Invite peer to join the group")
-        # Prevent peer entry from being added for testing coverage
-        if "OK" not in dev[1].global_request("P2P_SET peer_filter 00:11:22:33:44:55"):
-            raise Exception("Failed to set peer_filter")
-        dev[0].p2p_go_authorize_client("12345670")
-        dev[0].global_request("P2P_INVITE group=" + dev[0].group_ifname + " peer=" + addr1)
-        ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=15)
-        if ev is None:
-            raise Exception("Invitation Request not received")
-        ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-        if ev is None:
-            raise Exception("Invitation Response not received")
-        if "status=1" not in ev:
-            raise Exception("Unexpected invitation result: " + ev)
-    finally:
-        dev[1].global_request("P2P_SET peer_filter 00:00:00:00:00:00")
-
-def test_p2p_cli_invite(dev):
-    """P2P Client inviting a device to join"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-
-    dev[0].p2p_start_go(freq=2412)
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(addr0, pin, timeout=60)
-
-    dev[2].p2p_listen()
-    if not dev[1].discover_peer(addr2, social=True):
-        raise Exception("Peer " + addr2 + " not found")
-
-    if "OK" not in dev[1].global_request("P2P_INVITE group=" + dev[1].group_ifname + " peer=" + addr2):
-        raise Exception("Unexpected failure of P2P_INVITE to known peer")
-    ev = dev[2].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation invited peer")
-    if "sa=" + addr1 not in ev:
-        raise Exception("Incorrect source address")
-    if "go_dev_addr=" + addr0 not in ev:
-        raise Exception("Incorrect GO address")
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation on inviting client")
-    if "status=1" not in ev:
-        raise Exception("Unexpected invitation result")
-
-    pin = dev[2].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[2].p2p_connect_group(addr0, pin, timeout=60)
-
-    if "FAIL" not in dev[1].global_request("P2P_INVITE group=" + dev[1].group_ifname + " peer=00:11:22:33:44:55"):
-        raise Exception("Unexpected success of P2P_INVITE to unknown peer")
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[2].wait_go_ending_session()
-
-@remote_compatible
-def test_p2p_invite_invalid(dev):
-    """Invalid parameters to P2P_INVITE"""
-    id = dev[0].add_network()
-    for cmd in ["foo=bar",
-                "persistent=123 peer=foo",
-                "persistent=123",
-                "persistent=%d" % id,
-                "group=foo",
-                "group=foo peer=foo",
-                "group=foo peer=00:11:22:33:44:55 go_dev_addr=foo"]:
-        if "FAIL" not in dev[0].request("P2P_INVITE " + cmd):
-            raise Exception("Invalid P2P_INVITE accepted: " + cmd)
diff --git a/tests/hwsim/test_p2p_messages.py b/tests/hwsim/test_p2p_messages.py
deleted file mode 100644
index a4cac698b2b2..000000000000
--- a/tests/hwsim/test_p2p_messages.py
+++ /dev/null
@@ -1,2143 +0,0 @@
-# P2P protocol tests for various messages
-# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import struct
-import time
-import logging
-logger = logging.getLogger()
-
-import hostapd
-from p2p_utils import *
-from test_gas import anqp_adv_proto
-
-def ie_ssid(ssid):
-    return struct.pack("<BB", WLAN_EID_SSID, len(ssid)) + ssid.encode()
-
-def ie_supp_rates():
-    return struct.pack("<BBBBBBBBBB", WLAN_EID_SUPP_RATES, 8,
-                       2*6, 2*9, 2*12, 2*18, 2*24, 2*36, 2*48, 2*54)
-
-def ie_p2p(attrs):
-    return struct.pack("<BBBBBB", WLAN_EID_VENDOR_SPECIFIC, 4 + len(attrs),
-                       0x50, 0x6f, 0x9a, 9) + attrs
-
-def ie_wsc(attrs):
-    return struct.pack("<BBBBBB", WLAN_EID_VENDOR_SPECIFIC, 4 + len(attrs),
-                       0x00, 0x50, 0xf2, 4) + attrs
-
-def wsc_attr_config_methods(methods=0):
-    return struct.pack(">HHH", WSC_ATTR_CONFIG_METHODS, 2, methods)
-
-def p2p_attr_status(status=P2P_SC_SUCCESS):
-    return struct.pack("<BHB", P2P_ATTR_STATUS, 1, status)
-
-def p2p_attr_minor_reason_code(code=0):
-    return struct.pack("<BHB", P2P_ATTR_MINOR_REASON_CODE, 1, code)
-
-def p2p_attr_capability(dev_capab=0, group_capab=0):
-    return struct.pack("<BHBB", P2P_ATTR_CAPABILITY, 2, dev_capab, group_capab)
-
-def p2p_attr_device_id(addr):
-    val = struct.unpack('6B', binascii.unhexlify(addr.replace(':', '')))
-    t = (P2P_ATTR_DEVICE_ID, 6) + val
-    return struct.pack('<BH6B', *t)
-
-def p2p_attr_go_intent(go_intent=0, tie_breaker=0):
-    return struct.pack("<BHB", P2P_ATTR_GROUP_OWNER_INTENT, 1,
-                       (go_intent << 1) | (tie_breaker & 0x01))
-
-def p2p_attr_config_timeout(go_config_timeout=0, client_config_timeout=0):
-    return struct.pack("<BHBB", P2P_ATTR_CONFIGURATION_TIMEOUT, 2,
-                       go_config_timeout, client_config_timeout)
-
-def p2p_attr_listen_channel(op_class=81, chan=1):
-    return struct.pack("<BHBBBBB", P2P_ATTR_LISTEN_CHANNEL, 5,
-                       0x58, 0x58, 0x04, op_class, chan)
-
-def p2p_attr_group_bssid(addr):
-    val = struct.unpack('6B', binascii.unhexlify(addr.replace(':', '')))
-    t = (P2P_ATTR_GROUP_BSSID, 6) + val
-    return struct.pack('<BH6B', *t)
-
-def p2p_attr_ext_listen_timing(period=0, interval=0):
-    return struct.pack("<BHHH", P2P_ATTR_EXT_LISTEN_TIMING, 4, period, interval)
-
-def p2p_attr_intended_interface_addr(addr):
-    val = struct.unpack('6B', binascii.unhexlify(addr.replace(':', '')))
-    t = (P2P_ATTR_INTENDED_INTERFACE_ADDR, 6) + val
-    return struct.pack('<BH6B', *t)
-
-def p2p_attr_manageability(bitmap=0):
-    return struct.pack("<BHB", P2P_ATTR_MANAGEABILITY, 1, bitmap)
-
-def p2p_attr_channel_list():
-    return struct.pack("<BH3BBB11B", P2P_ATTR_CHANNEL_LIST, 16,
-                       0x58, 0x58, 0x04,
-                       81, 11, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-def p2p_attr_device_info(addr, name="Test", config_methods=0, dev_type="00010050F2040001"):
-    val = struct.unpack('6B', binascii.unhexlify(addr.replace(':', '')))
-    val2 = struct.unpack('8B', binascii.unhexlify(dev_type))
-    t = (P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 4 + len(name)) + val
-    t2 = val2 + (0,)
-    return struct.pack("<BH6B", *t) + struct.pack(">H", config_methods) + struct.pack("8BB", *t2) + struct.pack('>HH', 0x1011, len(name)) + name.encode()
-
-def p2p_attr_group_id(addr, ssid):
-    val = struct.unpack('6B', binascii.unhexlify(addr.replace(':', '')))
-    t = (P2P_ATTR_GROUP_ID, 6 + len(ssid)) + val
-    return struct.pack('<BH6B', *t) + ssid.encode()
-
-def p2p_attr_operating_channel(op_class=81, chan=1):
-    return struct.pack("<BHBBBBB", P2P_ATTR_OPERATING_CHANNEL, 5,
-                       0x58, 0x58, 0x04, op_class, chan)
-
-def p2p_attr_invitation_flags(bitmap=0):
-    return struct.pack("<BHB", P2P_ATTR_INVITATION_FLAGS, 1, bitmap)
-
-def p2p_hdr_helper(dst, src, type=None, dialog_token=1, req=True):
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dst
-    msg['sa'] = src
-    if req:
-        msg['bssid'] = dst
-    else:
-        msg['bssid'] = src
-    msg['payload'] = struct.pack("<BBBBBB",
-                                 ACTION_CATEG_PUBLIC, 9, 0x50, 0x6f, 0x9a, 9)
-    if type is not None:
-        msg['payload'] += struct.pack("<B", type)
-        if dialog_token:
-            msg['payload'] += struct.pack("<B", dialog_token)
-    return msg
-
-def p2p_hdr(dst, src, type=None, dialog_token=1):
-    return p2p_hdr_helper(dst, src, type, dialog_token, True)
-
-def p2p_hdr_resp(dst, src, type=None, dialog_token=1):
-    return p2p_hdr_helper(dst, src, type, dialog_token, False)
-
-def start_p2p(dev, apdev):
-    addr0 = dev[0].p2p_dev_addr()
-    dev[0].p2p_listen()
-    dev[1].p2p_find(social=True)
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Device discovery timed out")
-    dev[1].p2p_stop_find()
-    peer = dev[1].get_peer(addr0)
-
-    bssid = apdev[0]['bssid']
-    params = {'ssid': "test", 'beacon_int': "2000"}
-    if peer['listen_freq'] == "2412":
-        params['channel'] = '1'
-    elif peer['listen_freq'] == "2437":
-        params['channel'] = '6'
-    elif peer['listen_freq'] == "2462":
-        params['channel'] = '11'
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    return addr0, bssid, hapd, int(params['channel'])
-
-def p2p_probe(hapd, src, chan=1):
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_PROBE_REQ << 4
-    msg['da'] = "ff:ff:ff:ff:ff:ff"
-    msg['sa'] = src
-    msg['bssid'] = "ff:ff:ff:ff:ff:ff"
-    attrs = p2p_attr_listen_channel(chan=chan)
-    msg['payload'] = ie_ssid("DIRECT-") + ie_supp_rates() + ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-def parse_p2p_public_action(payload):
-    pos = payload
-    (category, action) = struct.unpack('BB', pos[0:2])
-    if category != ACTION_CATEG_PUBLIC:
-        return None
-    if action != 9:
-        return None
-    pos = pos[2:]
-    (oui1, oui2, oui3, subtype) = struct.unpack('BBBB', pos[0:4])
-    if oui1 != 0x50 or oui2 != 0x6f or oui3 != 0x9a or subtype != 9:
-        return None
-    pos = pos[4:]
-    (subtype, dialog_token) = struct.unpack('BB', pos[0:2])
-    p2p = {}
-    p2p['subtype'] = subtype
-    p2p['dialog_token'] = dialog_token
-    pos = pos[2:]
-    p2p['elements'] = pos
-    while len(pos) > 2:
-        (id, elen) = struct.unpack('BB', pos[0:2])
-        pos = pos[2:]
-        if elen > len(pos):
-            raise Exception("Truncated IE in P2P Public Action frame (elen=%d left=%d)" % (elen, len(pos)))
-        if id == WLAN_EID_VENDOR_SPECIFIC:
-            if elen < 4:
-                raise Exception("Too short vendor specific IE in P2P Public Action frame (elen=%d)" % elen)
-            (oui1, oui2, oui3, subtype) = struct.unpack('BBBB', pos[0:4])
-            if oui1 == 0x50 and oui2 == 0x6f and oui3 == 0x9a and subtype == 9:
-                if 'p2p' in p2p:
-                    p2p['p2p'] += pos[4:elen]
-                else:
-                    p2p['p2p'] = pos[4:elen]
-            if oui1 == 0x00 and oui2 == 0x50 and oui3 == 0xf2 and subtype == 4:
-                p2p['wsc'] = pos[4:elen]
-        pos = pos[elen:]
-    if len(pos) > 0:
-        raise Exception("Invalid element in P2P Public Action frame")
-
-    if 'p2p' in p2p:
-        p2p['p2p_attrs'] = {}
-        pos = p2p['p2p']
-        while len(pos) >= 3:
-            (id, alen) = struct.unpack('<BH', pos[0:3])
-            pos = pos[3:]
-            if alen > len(pos):
-                logger.info("P2P payload: " + binascii.hexlify(p2p['p2p']))
-                raise Exception("Truncated P2P attribute in P2P Public Action frame (alen=%d left=%d p2p-payload=%d)" % (alen, len(pos), len(p2p['p2p'])))
-            p2p['p2p_attrs'][id] = pos[0:alen]
-            pos = pos[alen:]
-        if P2P_ATTR_STATUS in p2p['p2p_attrs']:
-            p2p['p2p_status'] = struct.unpack('B', p2p['p2p_attrs'][P2P_ATTR_STATUS])[0]
-
-    if 'wsc' in p2p:
-        p2p['wsc_attrs'] = {}
-        pos = p2p['wsc']
-        while len(pos) >= 4:
-            (id, alen) = struct.unpack('>HH', pos[0:4])
-            pos = pos[4:]
-            if alen > len(pos):
-                logger.info("WSC payload: " + binascii.hexlify(p2p['wsc']))
-                raise Exception("Truncated WSC attribute in P2P Public Action frame (alen=%d left=%d wsc-payload=%d)" % (alen, len(pos), len(p2p['wsc'])))
-            p2p['wsc_attrs'][id] = pos[0:alen]
-            pos = pos[alen:]
-
-    return p2p
-
-@remote_compatible
-def test_p2p_msg_empty(dev, apdev):
-    """P2P protocol test: empty P2P Public Action frame"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-    msg = p2p_hdr(dst, src)
-    hapd.mgmt_tx(msg)
-
-@remote_compatible
-def test_p2p_msg_long_ssid(dev, apdev):
-    """P2P protocol test: Too long SSID in P2P Public Action frame"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=1)
-    attrs = p2p_attr_config_timeout()
-    attrs += p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, 'DIRECT-foo')
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    msg['payload'] += ie_ssid(255 * 'A')
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on device found event")
-
-@remote_compatible
-def test_p2p_msg_long_dev_name(dev, apdev):
-    """P2P protocol test: Too long Device Name in P2P Public Action frame"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=1)
-    attrs = p2p_attr_config_timeout()
-    attrs += p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, 'DIRECT-foo')
-    attrs += p2p_attr_device_info(src, config_methods=0x0108,
-                                  name="123456789012345678901234567890123")
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_event(["P2P-DEVICE-FOUND"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected device found event")
-
-def test_p2p_msg_invitation_req(dev, apdev):
-    """P2P protocol tests for invitation request processing"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-
-    # Empty P2P Invitation Request (missing dialog token)
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=None)
-    hapd.mgmt_tx(msg)
-    dialog_token = 0
-
-    # Various p2p_parse() failure cases due to invalid attributes
-
-    # Too short attribute header
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BB", P2P_ATTR_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Minimal attribute underflow
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_CAPABILITY, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Large attribute underflow
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_CAPABILITY, 0xffff, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Capability attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_CAPABILITY, 1, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Device ID attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    val = struct.unpack('5B', binascii.unhexlify("1122334455"))
-    t = (P2P_ATTR_DEVICE_ID, 5) + val
-    attrs = struct.pack('<BH5B', *t)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short GO Intent attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_GROUP_OWNER_INTENT, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Status attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_STATUS, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # null Listen channel and too short Listen Channel attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_LISTEN_CHANNEL, 0)
-    attrs += struct.pack("<BHB", P2P_ATTR_LISTEN_CHANNEL, 1, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # null Operating channel and too short Operating Channel attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_OPERATING_CHANNEL, 0)
-    attrs += struct.pack("<BHB", P2P_ATTR_OPERATING_CHANNEL, 1, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Channel List attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHBB", P2P_ATTR_CHANNEL_LIST, 2, 1, 2)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHBB", P2P_ATTR_DEVICE_INFO, 2, 1, 2)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Truncated Secondary Device Types in Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH6BH8BB", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1,
-                        0, 0, 0, 0, 0, 0,
-                        0,
-                        0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x11, 0x22,
-                        255)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Missing Device Name in Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH6BH8BB8B", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 8,
-                        0, 0, 0, 0, 0, 0,
-                        0,
-                        0, 0, 0, 0, 0, 0, 0, 0,
-                        1,
-                        1, 2, 3, 4, 5, 6, 7, 8)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Invalid Device Name header in Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH6BH8BB8B4B", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 8 + 4,
-                        0, 0, 0, 0, 0, 0,
-                        0,
-                        0, 0, 0, 0, 0, 0, 0, 0,
-                        1,
-                        1, 2, 3, 4, 5, 6, 7, 8,
-                        0x11, 0x12, 0, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Invalid Device Name header length in Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH6BH8BB8B4B", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 8 + 4,
-                        0, 0, 0, 0, 0, 0,
-                        0,
-                        0, 0, 0, 0, 0, 0, 0, 0,
-                        1,
-                        1, 2, 3, 4, 5, 6, 7, 8,
-                        0x10, 0x11, 0xff, 0xff)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Invalid Device Name header length in Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    devname = b'A'
-    attrs = struct.pack("<BH6BH8BB8B4B", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 8 + 4 + len(devname),
-                        0, 0, 0, 0, 0, 0,
-                        0,
-                        0, 0, 0, 0, 0, 0, 0, 0,
-                        1,
-                        1, 2, 3, 4, 5, 6, 7, 8,
-                        0x10, 0x11, 0, len(devname) + 1) + devname
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Device Name filtering and too long Device Name in Device Info attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH6BH8BB8B4B4B", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 8 + 4 + 4,
-                        0, 0, 0, 0, 0, 0,
-                        0,
-                        0, 0, 0, 0, 0, 0, 0, 0,
-                        1,
-                        1, 2, 3, 4, 5, 6, 7, 8,
-                        0x10, 0x11, 0, 4,
-                        64, 9, 0, 64)
-    devname = b'123456789012345678901234567890123'
-    attrs += struct.pack("<BH6BH8BB8B4B", P2P_ATTR_DEVICE_INFO, 6 + 2 + 8 + 1 + 8 + 4 + len(devname),
-                         0, 0, 0, 0, 0, 0,
-                         0,
-                         0, 0, 0, 0, 0, 0, 0, 0,
-                         1,
-                         1, 2, 3, 4, 5, 6, 7, 8,
-                         0x10, 0x11, 0, len(devname)) + devname
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Configuration Timeout attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_CONFIGURATION_TIMEOUT, 1, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Intended P2P Interface Address attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_INTENDED_INTERFACE_ADDR, 1, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short P2P Group BSSID attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_GROUP_BSSID, 1, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short P2P Group ID attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_GROUP_ID, 1, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too long P2P Group ID attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH6B", P2P_ATTR_GROUP_ID, 6 + 33, 0, 0, 0, 0, 0, 0) + b"123456789012345678901234567890123"
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Invitation Flags attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_INVITATION_FLAGS, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Valid and too short Manageability attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_manageability()
-    attrs += struct.pack("<BH", P2P_ATTR_MANAGEABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short NoA attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", P2P_ATTR_NOTICE_OF_ABSENCE, 1, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Valid and too short Extended Listen Timing attributes
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_ext_listen_timing(period=100, interval=50)
-    attrs += struct.pack("<BHBBB", P2P_ATTR_EXT_LISTEN_TIMING, 3, 0, 0, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Valid and too short Minor Reason Code attributes
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_minor_reason_code(code=2)
-    attrs += struct.pack("<BH", P2P_ATTR_MINOR_REASON_CODE, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Unknown attribute and too short OOB GO Negotiation Channel attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BHB", 99, 1, 1)
-    attrs += struct.pack("<BHB", P2P_ATTR_OOB_GO_NEG_CHANNEL, 1, 1)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Service Hash attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH5B", P2P_ATTR_SERVICE_HASH, 5, 1, 2, 3, 4, 5)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Connection Capability attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_CONNECTION_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Advertisement ID attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH9B", P2P_ATTR_ADVERTISEMENT_ID, 9, 1, 2, 3, 4, 5,
-                        6, 7, 8, 9)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Truncated and too short Service Instance attributes
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH8B", P2P_ATTR_ADVERTISED_SERVICE, 8, 1, 2, 3, 4, 5,
-                        6, 2, 8)
-    attrs += struct.pack("<BH7B", P2P_ATTR_ADVERTISED_SERVICE, 7, 1, 2, 3, 4, 5,
-                         6, 7)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Session ID attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH4B", P2P_ATTR_SESSION_ID, 4, 1, 2, 3, 4)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Feature Capability attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH", P2P_ATTR_FEATURE_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too short Persistent Group attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH5B", P2P_ATTR_PERSISTENT_GROUP, 5, 1, 2, 3, 4, 5)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    # Too long Persistent Group attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BH9L3B", P2P_ATTR_PERSISTENT_GROUP, 6 + 32 + 1,
-                        1, 2, 3, 4, 5, 6, 7, 8, 9, 1, 2, 3)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    if hapd.mgmt_rx(timeout=0.5) is not None:
-        raise Exception("Unexpected management frame received")
-
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs += p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on device found event")
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on invitation event " + str(dialog_token))
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs += p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on invitation event " + str(dialog_token))
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    #attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    #attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    #attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    #attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    #attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    #attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    #attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-    # Unusable peer operating channel preference
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel(chan=15)
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-def test_p2p_msg_invitation_req_to_go(dev, apdev):
-    """P2P protocol tests for invitation request processing on GO device"""
-    res = form(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    peer = dev[1].get_peer(addr0)
-    listen_freq = peer['listen_freq']
-
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    networks = dev[0].list_networks()
-    if len(networks) != 1:
-        raise Exception("Unexpected number of networks")
-    if "[P2P-PERSISTENT]" not in networks[0]['flags']:
-        raise Exception("Not the persistent group data")
-    dev[0].p2p_start_go(persistent=networks[0]['id'], freq=listen_freq)
-
-    dialog_token = 0
-
-    # Unusable peer operating channel preference
-    dialog_token += 1
-    msg = p2p_hdr(addr0, addr1, type=P2P_INVITATION_REQ,
-                  dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags(bitmap=1)
-    attrs += p2p_attr_operating_channel(chan=15)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_group_id(res['go_dev_addr'], res['ssid'])
-    attrs += p2p_attr_device_info(addr1, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(addr0, addr0, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_RESP:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    if p2p['p2p_status'] != 0:
-        raise Exception("Unexpected status %d" % p2p['p2p_status'])
-
-    # Forced channel re-selection due to channel list
-    dialog_token += 1
-    msg = p2p_hdr(addr0, addr1, type=P2P_INVITATION_REQ,
-                  dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs = p2p_attr_invitation_flags(bitmap=1)
-    attrs += struct.pack("<BH3BBBB", P2P_ATTR_CHANNEL_LIST, 6,
-                         0x58, 0x58, 0x04,
-                         81, 1, 3)
-    attrs += p2p_attr_group_id(res['go_dev_addr'], res['ssid'])
-    attrs += p2p_attr_device_info(addr1, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(addr0, addr0, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_RESP:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    if p2p['p2p_status'] != 7 and dev[1].get_mcc() <= 1:
-        raise Exception("Unexpected status %d" % p2p['p2p_status'])
-
-@remote_compatible
-def test_p2p_msg_invitation_req_unknown(dev, apdev):
-    """P2P protocol tests for invitation request from unknown peer"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-    dialog_token = 0
-
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs += p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += p2p_attr_channel_list()
-    #attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    #attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on invitation event " + str(dialog_token))
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-
-@remote_compatible
-def test_p2p_msg_invitation_no_common_channels(dev, apdev):
-    """P2P protocol tests for invitation request without common channels"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-    dialog_token = 0
-
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_config_timeout()
-    attrs += p2p_attr_invitation_flags()
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_bssid(src)
-    attrs += struct.pack("<BH3BBB", P2P_ATTR_CHANNEL_LIST, 5,
-                         0x58, 0x58, 0x04,
-                         81, 0)
-    attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No invitation response " + str(dialog_token))
-    ev = dev[0].wait_event(["P2P-INVITATION-RECEIVED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected invitation event")
-
-def test_p2p_msg_invitation_resp(dev, apdev):
-    """P2P protocol tests for invitation response processing"""
-    form(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    peer = dev[1].get_peer(addr0)
-
-    # P2P Invitation Response from unknown peer
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=1)
-    hapd.mgmt_tx(msg)
-
-    # P2P Invitation Response from peer that is not in invitation
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=2)
-    attrs = p2p_attr_status()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-    time.sleep(0.25)
-
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    invite(dev[0], dev[1])
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-
-    # Invalid attribute to cause p2p_parse() failure
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=p2p['dialog_token'])
-    attrs = struct.pack("<BB", P2P_ATTR_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    invite(dev[0], dev[1])
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-
-    # missing mandatory Status attribute
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_channel_list()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    invite(dev[0], dev[1])
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-
-    # no channel match (no common channel found at all)
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status()
-    attrs += struct.pack("<BH3BBBB", P2P_ATTR_CHANNEL_LIST, 6,
-                         0x58, 0x58, 0x04,
-                         81, 1, 15)
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    invite(dev[0], dev[1])
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-
-    # no channel match (no acceptable P2P channel)
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status()
-    attrs += struct.pack("<BH3BBBB", P2P_ATTR_CHANNEL_LIST, 6,
-                         0x58, 0x58, 0x04,
-                         81, 1, 12)
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    invite(dev[0], dev[1])
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-
-    # missing mandatory Channel List attribute (ignored as a workaround)
-    msg = p2p_hdr(dst, src, type=P2P_INVITATION_RESP, dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group was not started")
-
-def test_p2p_msg_invitation_resend(dev, apdev):
-    """P2P protocol tests for invitation resending on no-common-channels"""
-    form(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    logger.info("Forced channel in invitation")
-    invite(dev[0], dev[1], extra="freq=2422")
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    msg = p2p_hdr(addr0, addr1, type=P2P_INVITATION_RESP,
-                  dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status(status=P2P_SC_FAIL_NO_COMMON_CHANNELS)
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on invitation result")
-    if "status=7" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-
-    logger.info("Any channel allowed, only preference provided in invitation")
-    invite(dev[0], dev[1], extra="pref=2422")
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    msg = p2p_hdr(addr0, addr1, type=P2P_INVITATION_RESP,
-                  dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status(status=P2P_SC_FAIL_NO_COMMON_CHANNELS)
-    msg['payload'] += ie_p2p(attrs)
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 0"):
-        raise Exception("Failed to disable external management frame handling")
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on invitation result")
-    if "status=0" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group was not started on dev0")
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Group was not started on dev1")
-
-def test_p2p_msg_invitation_resend_duplicate(dev, apdev):
-    """P2P protocol tests for invitation resending on no-common-channels and duplicated response"""
-    form(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-
-    logger.info("Any channel allowed, only preference provided in invitation")
-    invite(dev[0], dev[1], extra="pref=2422")
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    msg = p2p_hdr(addr0, addr1, type=P2P_INVITATION_RESP,
-                  dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status(status=P2P_SC_FAIL_NO_COMMON_CHANNELS)
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    rx_msg = dev[1].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(rx_msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_INVITATION_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-
-    logger.info("Retransmit duplicate of previous response")
-    mgmt_tx(dev[1], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode()))
-
-    logger.info("Transmit real response")
-    msg = p2p_hdr(addr0, addr1, type=P2P_INVITATION_RESP,
-                  dialog_token=p2p['dialog_token'])
-    attrs = p2p_attr_status(status=P2P_SC_SUCCESS)
-    attrs += p2p_attr_channel_list()
-    msg['payload'] += ie_p2p(attrs)
-    if "FAIL" in dev[1].request("MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr0, addr0, rx_msg['freq'], binascii.hexlify(msg['payload']).decode())):
-        raise Exception("Failed to transmit real response")
-    dev[1].request("SET ext_mgmt_frame_handling 0")
-
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation result")
-    if "status=0" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("Group formation timed out")
-    dev[0].group_form_result(ev)
-    dev[0].remove_group()
-
-@remote_compatible
-def test_p2p_msg_pd_req(dev, apdev):
-    """P2P protocol tests for provision discovery request processing"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-    dialog_token = 0
-
-    # Too short attribute header
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_PROV_DISC_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BB", P2P_ATTR_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-
-    if hapd.mgmt_rx(timeout=0.5) is not None:
-        raise Exception("Unexpected management frame received")
-
-    # No attributes
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_PROV_DISC_REQ, dialog_token=dialog_token)
-    attrs = b''
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No PD response " + str(dialog_token))
-
-    # Valid request
-    time.sleep(0.1)
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_PROV_DISC_REQ, dialog_token=dialog_token)
-    attrs = wsc_attr_config_methods(methods=0x1008)
-    msg['payload'] += ie_wsc(attrs)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on device found event")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on PD event")
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No PD response " + str(dialog_token))
-
-    # Unknown group
-    time.sleep(0.1)
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_PROV_DISC_REQ, dialog_token=dialog_token)
-    attrs = wsc_attr_config_methods(methods=0x1008)
-    msg['payload'] += ie_wsc(attrs)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_group_id("02:02:02:02:02:02", "DIRECT-foo")
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No PD response " + str(dialog_token))
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected PD event")
-
-    # Listen channel is not yet known
-    if "FAIL" not in dev[0].global_request("P2P_PROV_DISC " + src + " display"):
-        raise Exception("Unexpected P2P_PROV_DISC success")
-
-    # Unknown peer
-    if "FAIL" not in dev[0].global_request("P2P_PROV_DISC 02:03:04:05:06:07 display"):
-        raise Exception("Unexpected P2P_PROV_DISC success (2)")
-
-def test_p2p_msg_pd(dev, apdev):
-    """P2P protocol tests for provision discovery request processing (known)"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-    dialog_token = 0
-
-    p2p_probe(hapd, src, chan=channel)
-    time.sleep(0.1)
-
-    # Valid request
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_PROV_DISC_REQ, dialog_token=dialog_token)
-    attrs = wsc_attr_config_methods(methods=0x1008)
-    msg['payload'] += ie_wsc(attrs)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on device found event")
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-SHOW-PIN"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on PD event")
-    if hapd.mgmt_rx(timeout=1) is None:
-        raise Exception("No PD response " + str(dialog_token))
-
-    if "FAIL" in dev[0].global_request("P2P_PROV_DISC " + src + " display"):
-        raise Exception("Unexpected P2P_PROV_DISC failure")
-    frame = hapd.mgmt_rx(timeout=1)
-    if frame is None:
-        raise Exception("No PD request " + str(dialog_token))
-    p2p = parse_p2p_public_action(frame['payload'])
-    if p2p is None:
-        raise Exception("Failed to parse PD request")
-
-    # invalid dialog token
-    msg = p2p_hdr_resp(dst, src, type=P2P_PROV_DISC_RESP,
-                       dialog_token=p2p['dialog_token'] + 1)
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-FAILURE"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected PD result event")
-
-    # valid dialog token
-    msg = p2p_hdr_resp(dst, src, type=P2P_PROV_DISC_RESP,
-                       dialog_token=p2p['dialog_token'])
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("Timeout on PD result event")
-
-    # valid dialog token
-    msg = p2p_hdr_resp(dst, src, type=P2P_PROV_DISC_RESP,
-                       dialog_token=p2p['dialog_token'])
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_global_event(["P2P-PROV-DISC-FAILURE"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected PD result event")
-
-def check_p2p_response(hapd, dialog_token, status):
-    resp = hapd.mgmt_rx(timeout=2)
-    if resp is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    p2p = parse_p2p_public_action(resp['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if dialog_token != p2p['dialog_token']:
-        raise Exception("Unexpected dialog token in response")
-    if p2p['p2p_status'] != status:
-        raise Exception("Unexpected status code %s in response (expected %d)" % (p2p['p2p_status'], status))
-
-def test_p2p_msg_go_neg_both_start(dev, apdev):
-    """P2P protocol test for simultaneous GO Neg initiation"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].p2p_listen()
-    dev[1].discover_peer(addr0)
-    dev[1].p2p_listen()
-    dev[0].discover_peer(addr1)
-    dev[0].p2p_listen()
-    if "FAIL" in dev[0].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[0].request("P2P_CONNECT {} pbc".format(addr1))
-    dev[1].request("P2P_CONNECT {} pbc".format(addr0))
-    msg = dev[0].mgmt_rx()
-    if msg is None:
-        raise Exception("MGMT-RX timeout")
-    msg = dev[1].mgmt_rx()
-    if msg is None:
-        raise Exception("MGMT-RX timeout(2)")
-    if "FAIL" in dev[0].request("SET ext_mgmt_frame_handling 0"):
-        raise Exception("Failed to disable external management frame handling")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=2)
-    if ev is not None:
-        raise Exception("Unexpected GO Neg success")
-    if "FAIL" in dev[1].request("SET ext_mgmt_frame_handling 0"):
-        raise Exception("Failed to disable external management frame handling")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("GO Neg did not succeed")
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Group formation not succeed")
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Group formation not succeed")
-
-def test_p2p_msg_go_neg_req(dev, apdev):
-    """P2P protocol tests for invitation request from unknown peer"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-    dialog_token = 0
-
-    # invalid attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = struct.pack("<BB", P2P_ATTR_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    frame = hapd.mgmt_rx(timeout=0.1)
-    if frame is not None:
-        print(frame)
-        raise Exception("Unexpected GO Neg Response")
-
-    # missing atributes
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    #attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    time.sleep(0.1)
-
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    #attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    time.sleep(0.1)
-
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    #attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    time.sleep(0.1)
-
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    #attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    time.sleep(0.1)
-
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    #attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    time.sleep(0.1)
-
-    # SA != P2P Device address
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info("02:02:02:02:02:02", config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-    time.sleep(0.1)
-
-    # unexpected Status attribute
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_status(status=P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE)
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response(1) " + str(dialog_token))
-    time.sleep(0.1)
-
-    # valid (with workarounds) GO Neg Req
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    #attrs = p2p_attr_capability()
-    #attrs += p2p_attr_go_intent()
-    #attrs += p2p_attr_config_timeout()
-    attrs = p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    check_p2p_response(hapd, dialog_token,
-                       P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE)
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=2)
-    if ev is None:
-        raise Exception("Timeout on GO Neg event " + str(dialog_token))
-
-    dev[0].request("P2P_CONNECT " + src + " 12345670 display auth")
-
-    # ready - missing attributes (with workarounds) GO Neg Req
-    time.sleep(0.1)
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    #attrs = p2p_attr_capability()
-    #attrs += p2p_attr_go_intent()
-    #attrs += p2p_attr_config_timeout()
-    attrs = p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    if hapd.mgmt_rx(timeout=2) is None:
-        raise Exception("No GO Neg Response " + str(dialog_token))
-
-    # ready - invalid GO Intent GO Neg Req
-    time.sleep(0.1)
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    #attrs = p2p_attr_capability()
-    attrs = p2p_attr_go_intent(go_intent=16)
-    #attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    check_p2p_response(hapd, dialog_token, P2P_SC_FAIL_INVALID_PARAMS)
-
-    # ready - invalid Channel List
-    time.sleep(0.1)
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    attrs += struct.pack("<BH3BBB11B", P2P_ATTR_CHANNEL_LIST, 16,
-                         0x58, 0x58, 0x04,
-                         81, 12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    check_p2p_response(hapd, dialog_token, P2P_SC_FAIL_NO_COMMON_CHANNELS)
-
-    # ready - invalid GO Neg Req (unsupported Device Password ID)
-    time.sleep(0.1)
-    dialog_token += 1
-    msg = p2p_hdr(dst, src, type=P2P_GO_NEG_REQ, dialog_token=dialog_token)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr("02:02:02:02:02:02")
-    # very long channel list
-    attrs += struct.pack("<BH3BBB11B30B", P2P_ATTR_CHANNEL_LIST, 46,
-                         0x58, 0x58, 0x04,
-                         81, 11, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
-                         1, 1, 1, 2, 1, 2, 3, 1, 3, 4, 1, 4, 5, 1, 5,
-                         6, 1, 6, 7, 1, 7, 8, 1, 8, 9, 1, 9, 10, 1, 10)
-    attrs += p2p_attr_device_info(src, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    hapd.mgmt_tx(msg)
-    check_p2p_response(hapd, dialog_token, P2P_SC_FAIL_INCOMPATIBLE_PROV_METHOD)
-
-def mgmt_tx(dev, msg):
-    for i in range(0, 20):
-        if "FAIL" in dev.request(msg):
-            raise Exception("Failed to send Action frame")
-        ev = dev.wait_event(["MGMT-TX-STATUS"], timeout=10)
-        if ev is None:
-            raise Exception("Timeout on MGMT-TX-STATUS")
-        if "result=SUCCESS" in ev:
-            break
-        time.sleep(0.01)
-    if "result=SUCCESS" not in ev:
-        raise Exception("Peer did not ack Action frame")
-
-def rx_go_neg_req(dev):
-    msg = dev.mgmt_rx()
-    if msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_GO_NEG_REQ:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    p2p['freq'] = msg['freq']
-    return p2p
-
-def rx_go_neg_conf(dev, status=None, dialog_token=None):
-    msg = dev.mgmt_rx()
-    if msg is None:
-        raise Exception("MGMT-RX timeout")
-    p2p = parse_p2p_public_action(msg['payload'])
-    if p2p is None:
-        raise Exception("Not a P2P Public Action frame " + str(dialog_token))
-    if p2p['subtype'] != P2P_GO_NEG_CONF:
-        raise Exception("Unexpected subtype %d" % p2p['subtype'])
-    if dialog_token is not None and dialog_token != p2p['dialog_token']:
-        raise Exception("Unexpected dialog token")
-    if status is not None and p2p['p2p_status'] != status:
-        raise Exception("Unexpected status %d" % p2p['p2p_status'])
-
-def check_p2p_go_neg_fail_event(dev, status):
-    ev = dev.wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("GO Negotiation failure not reported")
-    if "status=%d" % status not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-def test_p2p_msg_go_neg_req_reject(dev, apdev):
-    """P2P protocol tests for user reject incorrectly in GO Neg Req"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].p2p_listen()
-    dev[1].discover_peer(addr0)
-    dev[1].group_request("P2P_CONNECT " + addr0 + " pbc")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on GO Neg Req")
-
-    peer = dev[0].get_peer(addr1)
-    dev[0].p2p_stop_find()
-
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_REQ, dialog_token=123)
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_status(status=P2P_SC_FAIL_REJECTED_BY_USER)
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_listen_channel()
-    attrs += p2p_attr_ext_listen_timing()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=10 no_cck=1 action={}".format(
-        addr1, addr1, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-
-    ev = dev[1].wait_global_event(["P2P-GO-NEG-FAILURE"], timeout=5)
-    if ev is None:
-        raise Exception("GO Negotiation failure not reported")
-    if "status=%d" % P2P_SC_FAIL_REJECTED_BY_USER not in ev:
-        raise Exception("Unexpected failure reason: " + ev)
-
-def test_p2p_msg_unexpected_go_neg_resp(dev, apdev):
-    """P2P protocol tests for unexpected GO Neg Resp"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[1].p2p_listen()
-    dev[0].discover_peer(addr1)
-    dev[0].p2p_stop_find()
-    dev[0].dump_monitor()
-
-    peer = dev[0].get_peer(addr1)
-
-    logger.debug("GO Neg Resp without GO Neg session")
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=123)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=10 no_cck=1 action={}".format(
-        addr1, addr1, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-
-    dev[0].p2p_listen()
-    dev[1].discover_peer(addr0)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("Unexpected GO Neg Resp while waiting for new GO Neg session")
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("P2P_CONNECT failed")
-    ev = dev[0].wait_global_event(["P2P-GO-NEG-REQUEST"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on GO Neg Req")
-    dev[0].p2p_stop_find()
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=10 no_cck=1 action={}".format(
-        addr1, addr1, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("Invalid attribute in GO Neg Response")
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=197)
-    attrs = struct.pack("<BB", P2P_ATTR_CAPABILITY, 0)
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=10 no_cck=1 action={}".format(
-        addr1, addr1, peer['listen_freq'], binascii.hexlify(msg['payload']).decode()))
-    frame = dev[0].mgmt_rx(timeout=0.1)
-    if frame is not None:
-        raise Exception("Unexpected GO Neg Confirm")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp with unexpected dialog token")
-    dev[1].p2p_stop_find()
-    if "FAIL" in dev[0].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    if dialog_token < 255:
-        dialog_token += 1
-    else:
-        dialog_token = 1
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without Status")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    #attrs = p2p_attr_status()
-    attrs = p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without Intended Address")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    #attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    #attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    #attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without GO Intent")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    #attrs += p2p_attr_go_intent()
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp with invalid GO Intent")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent(go_intent=16)
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp with incompatible GO Intent")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=15"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent(go_intent=15)
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INCOMPATIBLE_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INCOMPATIBLE_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without P2P Group ID")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=0"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent(go_intent=15)
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    #attrs += p2p_attr_group_id(src, "DIRECT-foo")
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without Operating Channel")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=0"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent(go_intent=15)
-    #attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    #attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_id(addr0, "DIRECT-foo")
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without Channel List")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=0"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent(go_intent=15)
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    #attrs += p2p_attr_channel_list()
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_id(addr0, "DIRECT-foo")
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_INVALID_PARAMS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_INVALID_PARAMS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.debug("GO Neg Resp without common channels")
-    dev[1].p2p_stop_find()
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_CONNECT " + addr0 + " pbc go_intent=0"):
-        raise Exception("P2P_CONNECT failed(2)")
-    p2p = rx_go_neg_req(dev[0])
-    dev[0].p2p_stop_find()
-    dialog_token = p2p['dialog_token']
-    msg = p2p_hdr(addr1, addr0, type=P2P_GO_NEG_RESP, dialog_token=dialog_token)
-    attrs = p2p_attr_status()
-    attrs += p2p_attr_capability()
-    attrs += p2p_attr_go_intent(go_intent=15)
-    attrs += p2p_attr_config_timeout()
-    attrs += p2p_attr_intended_interface_addr(addr0)
-    attrs += struct.pack("<BH3BBB", P2P_ATTR_CHANNEL_LIST, 5,
-                         0x58, 0x58, 0x04,
-                         81, 0)
-    attrs += p2p_attr_device_info(addr0, config_methods=0x0108)
-    attrs += p2p_attr_operating_channel()
-    attrs += p2p_attr_group_id(addr0, "DIRECT-foo")
-    msg['payload'] += ie_p2p(attrs)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq={} wait_time=200 no_cck=1 action={}".format(
-        addr1, addr1, p2p['freq'], binascii.hexlify(msg['payload']).decode()))
-    check_p2p_go_neg_fail_event(dev[1], P2P_SC_FAIL_NO_COMMON_CHANNELS)
-    rx_go_neg_conf(dev[0], P2P_SC_FAIL_NO_COMMON_CHANNELS, dialog_token)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_p2p_msg_group_info(dev):
-    """P2P protocol tests for Group Info parsing"""
-    try:
-        _test_p2p_msg_group_info(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 2 *")
-
-def _test_p2p_msg_group_info(dev):
-    tests = ["dd08506f9a090e010001",
-             "dd08506f9a090e010000",
-             "dd20506f9a090e190018" + "112233445566" + "aabbccddeeff" + "00" + "0000" + "0000000000000000" + "ff",
-             "dd20506f9a090e190018" + "112233445566" + "aabbccddeeff" + "00" + "0000" + "0000000000000000" + "00",
-             "dd24506f9a090e1d001c" + "112233445566" + "aabbccddeeff" + "00" + "0000" + "0000000000000000" + "00" + "00000000",
-             "dd24506f9a090e1d001c" + "112233445566" + "aabbccddeeff" + "00" + "0000" + "0000000000000000" + "00" + "10110001",
-             "dd24506f9a090e1d001c" + "112233445566" + "aabbccddeeff" + "00" + "0000" + "0000000000000000" + "00" + "1011ffff"]
-    for t in tests:
-        dev[0].request("VENDOR_ELEM_REMOVE 2 *")
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 2 " + t):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        dev[0].p2p_start_go(freq=2412)
-        bssid = dev[0].get_group_status_field('bssid')
-        dev[2].request("BSS_FLUSH 0")
-        dev[2].scan_for_bss(bssid, freq=2412, force_scan=True)
-        bss = dev[2].request("BSS " + bssid)
-        if 'p2p_group_client' in bss:
-            raise Exception("Unexpected p2p_group_client")
-        dev[0].remove_group()
-
-MGMT_SUBTYPE_ACTION = 13
-ACTION_CATEG_PUBLIC = 4
-
-GAS_INITIAL_REQUEST = 10
-GAS_INITIAL_RESPONSE = 11
-GAS_COMEBACK_REQUEST = 12
-GAS_COMEBACK_RESPONSE = 13
-
-def gas_hdr(dst, src, type, req=True, dialog_token=0):
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dst
-    msg['sa'] = src
-    if req:
-        msg['bssid'] = dst
-    else:
-        msg['bssid'] = src
-    if dialog_token is None:
-        msg['payload'] = struct.pack("<BB", ACTION_CATEG_PUBLIC, type)
-    else:
-        msg['payload'] = struct.pack("<BBB", ACTION_CATEG_PUBLIC, type,
-                                     dialog_token)
-    return msg
-
-@remote_compatible
-def test_p2p_msg_sd(dev, apdev):
-    """P2P protocol tests for service discovery messages"""
-    dst, src, hapd, channel = start_p2p(dev, apdev)
-
-    logger.debug("Truncated GAS Initial Request - no Dialog Token field")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST, dialog_token=None)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - no Advertisement Protocol element")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - no Advertisement Protocol element length")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += struct.pack('B', 108)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Invalid GAS Initial Request - unexpected IE")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += struct.pack('BB', 0, 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - too short Advertisement Protocol element")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += struct.pack('BB', 108, 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - too short Advertisement Protocol element 2")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += struct.pack('BBB', 108, 1, 127)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Invalid GAS Initial Request - unsupported GAS advertisement protocol id 255")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += struct.pack('BBBB', 108, 2, 127, 255)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - no Query Request length field")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - too short Query Request length field")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<B', 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - too short Query Request field (minimum underflow)")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<H', 1)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - too short Query Request field (maximum underflow)")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<H', 65535)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - too short Query Request field")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<H', 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Invalid GAS Initial Request - unsupported ANQP Info ID 65535")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<HHH', 4, 65535, 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Invalid GAS Initial Request - invalid ANQP Query Request length (truncated frame)")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<HHH', 4, 56797, 65535)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Invalid GAS Initial Request - invalid ANQP Query Request length (too short Query Request to contain OUI + OUI-type)")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<HHH', 4, 56797, 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Invalid GAS Initial Request - unsupported ANQP vendor OUI-type")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    req = struct.pack('<HH', 56797, 4) + struct.pack('>L', 0x506f9a00)
-    msg['payload'] += struct.pack('<H', len(req)) + req
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - no Service Update Indicator")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    req = struct.pack('<HH', 56797, 4) + struct.pack('>L', 0x506f9a09)
-    msg['payload'] += struct.pack('<H', len(req)) + req
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Initial Request - truncated Service Update Indicator")
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    req = struct.pack('<HH', 56797, 4) + struct.pack('>L', 0x506f9a09)
-    req += struct.pack('<B', 0)
-    msg['payload'] += struct.pack('<H', len(req)) + req
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Unexpected GAS Initial Response")
-    hapd.dump_monitor()
-    msg = gas_hdr(dst, src, GAS_INITIAL_RESPONSE)
-    msg['payload'] += struct.pack('<HH', 0, 0)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<H', 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Truncated GAS Comeback Request - no Dialog Token field")
-    msg = gas_hdr(dst, src, GAS_COMEBACK_REQUEST, dialog_token=None)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("GAS Comeback Request - no pending SD response fragment available")
-    msg = gas_hdr(dst, src, GAS_COMEBACK_REQUEST)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Unexpected GAS Comeback Response")
-    hapd.dump_monitor()
-    msg = gas_hdr(dst, src, GAS_COMEBACK_RESPONSE)
-    msg['payload'] += struct.pack('<HBH', 0, 0, 0)
-    msg['payload'] += anqp_adv_proto()
-    msg['payload'] += struct.pack('<H', 0)
-    hapd.mgmt_tx(msg)
-
-    logger.debug("Minimal GAS Initial Request")
-    hapd.dump_monitor()
-    msg = gas_hdr(dst, src, GAS_INITIAL_REQUEST)
-    msg['payload'] += anqp_adv_proto()
-    req = struct.pack('<HH', 56797, 4) + struct.pack('>L', 0x506f9a09)
-    req += struct.pack('<H', 0)
-    msg['payload'] += struct.pack('<H', len(req)) + req
-    hapd.mgmt_tx(msg)
-    resp = hapd.mgmt_rx()
-    if resp is None:
-        raise Exception("No response to minimal GAS Initial Request")
diff --git a/tests/hwsim/test_p2p_persistent.py b/tests/hwsim/test_p2p_persistent.py
deleted file mode 100644
index 93a0c6826e19..000000000000
--- a/tests/hwsim/test_p2p_persistent.py
+++ /dev/null
@@ -1,676 +0,0 @@
-# P2P persistent group test cases
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import re
-import time
-
-import hwsim_utils
-from p2p_utils import *
-
-@remote_compatible
-def test_persistent_group(dev):
-    """P2P persistent group formation and re-invocation"""
-    form(dev[0], dev[1])
-    invite_from_cli(dev[0], dev[1])
-    invite_from_go(dev[0], dev[1])
-
-    logger.info("Remove group on the client and try to invite from GO")
-    id = None
-    for n in dev[0].list_networks(p2p=True):
-        if "[P2P-PERSISTENT]" in n['flags']:
-            id = n['id']
-            break
-    if id is None:
-        raise Exception("Could not find persistent group entry")
-    clients = dev[0].global_request("GET_NETWORK " + id + " p2p_client_list").rstrip()
-    if dev[1].p2p_dev_addr() not in clients:
-        raise Exception("Peer missing from client list")
-    if "FAIL" not in dev[1].request("SELECT_NETWORK " + str(id)):
-        raise Exception("SELECT_NETWORK succeeded unexpectedly")
-    if "FAIL" not in dev[1].request("SELECT_NETWORK 1234567"):
-        raise Exception("SELECT_NETWORK succeeded unexpectedly(2)")
-    if "FAIL" not in dev[1].request("ENABLE_NETWORK " + str(id)):
-        raise Exception("ENABLE_NETWORK succeeded unexpectedly")
-    if "FAIL" not in dev[1].request("ENABLE_NETWORK 1234567"):
-        raise Exception("ENABLE_NETWORK succeeded unexpectedly(2)")
-    if "FAIL" not in dev[1].request("DISABLE_NETWORK " + str(id)):
-        raise Exception("DISABLE_NETWORK succeeded unexpectedly")
-    if "FAIL" not in dev[1].request("DISABLE_NETWORK 1234567"):
-        raise Exception("DISABLE_NETWORK succeeded unexpectedly(2)")
-    if "FAIL" not in dev[1].request("REMOVE_NETWORK 1234567"):
-        raise Exception("REMOVE_NETWORK succeeded unexpectedly")
-    dev[1].global_request("REMOVE_NETWORK all")
-    if len(dev[1].list_networks(p2p=True)) > 0:
-        raise Exception("Unexpected network block remaining")
-    invite(dev[0], dev[1])
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("No invitation result seen")
-    if "status=8" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-    clients = dev[0].request("GET_NETWORK " + id + " p2p_client_list").rstrip()
-    if dev[1].p2p_dev_addr() in clients:
-        raise Exception("Peer was still in client list")
-
-@remote_compatible
-def test_persistent_group2(dev):
-    """P2P persistent group formation with reverse roles"""
-    form(dev[0], dev[1], reverse_init=True)
-    invite_from_cli(dev[0], dev[1])
-    invite_from_go(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group3(dev):
-    """P2P persistent group formation and re-invocation with empty BSS table"""
-    form(dev[0], dev[1])
-    dev[1].request("BSS_FLUSH 0")
-    invite_from_cli(dev[0], dev[1])
-    dev[1].request("BSS_FLUSH 0")
-    invite_from_go(dev[0], dev[1])
-
-def test_persistent_group_per_sta_psk(dev):
-    """P2P persistent group formation and re-invocation using per-client PSK"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-    dev[0].global_request("P2P_SET per_sta_psk 1")
-    logger.info("Form a persistent group")
-    [i_res, r_res] = go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                                      r_dev=dev[1], r_intent=0)
-    if not i_res['persistent'] or not r_res['persistent']:
-        raise Exception("Formed group was not persistent")
-
-    logger.info("Join another client to the group")
-    pin = dev[2].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    social = int(i_res['freq']) in [2412, 2437, 2462]
-    c_res = dev[2].p2p_connect_group(addr0, pin, timeout=60, social=social,
-                                     freq=i_res['freq'])
-    if not c_res['persistent']:
-        raise Exception("Joining client did not recognize persistent group")
-    if r_res['psk'] == c_res['psk']:
-        raise Exception("Same PSK assigned for both clients")
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-
-    logger.info("Remove persistent group and re-start it manually")
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-    dev[2].wait_go_ending_session()
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[2].dump_monitor()
-
-    for i in range(0, 3):
-        networks = dev[i].list_networks(p2p=True)
-        if len(networks) != 1:
-            raise Exception("Unexpected number of networks")
-        if "[P2P-PERSISTENT]" not in networks[0]['flags']:
-            raise Exception("Not the persistent group data")
-        if i > 0:
-            # speed up testing by avoiding use of the old BSS entry since the
-            # GO may have changed channels
-            dev[i].request("BSS_FLUSH 0")
-            dev[i].scan(freq="2412", only_new=True)
-        if "OK" not in dev[i].global_request("P2P_GROUP_ADD persistent=" + networks[0]['id'] + " freq=2412"):
-            raise Exception("Could not re-start persistent group")
-        ev = dev[i].wait_global_event(["P2P-GROUP-STARTED"], timeout=30)
-        if ev is None:
-            raise Exception("Timeout on group restart")
-        dev[i].group_form_result(ev)
-
-    logger.info("Leave persistent group and rejoin it")
-    dev[2].remove_group()
-    ev = dev[2].wait_global_event(["P2P-GROUP-REMOVED"], timeout=3)
-    if ev is None:
-        raise Exception("Group removal event timed out")
-    if not dev[2].discover_peer(addr0, social=True):
-        raise Exception("Peer " + addr0 + " not found")
-    dev[2].dump_monitor()
-    peer = dev[2].get_peer(addr0)
-    dev[2].global_request("P2P_GROUP_ADD persistent=" + peer['persistent'] + " freq=2412")
-    ev = dev[2].wait_global_event(["P2P-GROUP-STARTED"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group restart (on client)")
-    cli_res = dev[2].group_form_result(ev)
-    if not cli_res['persistent']:
-        raise Exception("Persistent group not restarted as persistent (cli)")
-    hwsim_utils.test_connectivity_p2p(dev[1], dev[2])
-
-    logger.info("Remove one of the clients from the group without removing persistent group information for the client")
-    dev[0].global_request("P2P_REMOVE_CLIENT iface=" + dev[2].p2p_interface_addr())
-    dev[2].wait_go_ending_session()
-
-    logger.info("Try to reconnect after having been removed from group (but persistent group info still present)")
-    if not dev[2].discover_peer(addr0, social=True):
-        raise Exception("Peer " + peer + " not found")
-    dev[2].dump_monitor()
-    peer = dev[2].get_peer(addr0)
-    dev[2].global_request("P2P_GROUP_ADD persistent=" + peer['persistent'] + " freq=2412")
-    ev = dev[2].wait_global_event(["P2P-GROUP-STARTED",
-                                   "WPA: 4-Way Handshake failed"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group restart (on client)")
-    if "P2P-GROUP-STARTED" not in ev:
-        raise Exception("Connection failed")
-
-    logger.info("Remove one of the clients from the group")
-    dev[0].global_request("P2P_REMOVE_CLIENT " + addr2)
-    dev[2].wait_go_ending_session()
-
-    logger.info("Try to reconnect after having been removed from group")
-    if not dev[2].discover_peer(addr0, social=True):
-        raise Exception("Peer " + peer + " not found")
-    dev[2].dump_monitor()
-    peer = dev[2].get_peer(addr0)
-    dev[2].global_request("P2P_GROUP_ADD persistent=" + peer['persistent'] + " freq=2412")
-    ev = dev[2].wait_global_event(["P2P-GROUP-STARTED",
-                                   "WPA: 4-Way Handshake failed"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group restart (on client)")
-    if "P2P-GROUP-STARTED" in ev:
-        raise Exception("Client managed to connect after being removed")
-
-    logger.info("Remove the remaining client from the group")
-    dev[0].global_request("P2P_REMOVE_CLIENT " + addr1)
-    dev[1].wait_go_ending_session()
-
-    logger.info("Terminate persistent group")
-    dev[0].remove_group()
-    dev[0].dump_monitor()
-
-    logger.info("Try to re-invoke persistent group from client")
-    dev[0].global_request("SET persistent_reconnect 1")
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0, social=True):
-        raise Exception("Peer " + peer + " not found")
-    dev[1].dump_monitor()
-    peer = dev[1].get_peer(addr0)
-    dev[1].global_request("P2P_INVITE persistent=" + peer['persistent'] + " peer=" + addr0)
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=30)
-    dev[0].group_form_result(ev)
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "WPA: 4-Way Handshake failed"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group restart (on client)")
-    if "P2P-GROUP-STARTED" in ev:
-        raise Exception("Client managed to re-invoke after being removed")
-    dev[0].dump_monitor()
-
-    logger.info("Terminate persistent group")
-    dev[0].remove_group()
-    dev[0].dump_monitor()
-
-def test_persistent_group_invite_removed_client(dev):
-    """P2P persistent group client removal and re-invitation"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    dev[0].request("P2P_SET per_sta_psk 1")
-    logger.info("Form a persistent group")
-    [i_res, r_res] = go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                                      r_dev=dev[1], r_intent=0)
-    if not i_res['persistent'] or not r_res['persistent']:
-        raise Exception("Formed group was not persistent")
-
-    logger.info("Remove client from the group")
-    dev[0].global_request("P2P_REMOVE_CLIENT " + addr1)
-    dev[1].wait_go_ending_session()
-
-    logger.info("Re-invite the removed client to join the group")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1, social=True):
-        raise Exception("Peer " + peer + " not found")
-    dev[0].global_request("P2P_INVITE group=" + dev[0].group_ifname + " peer=" + addr1)
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation")
-    if "sa=" + addr0 + " persistent=" not in ev:
-        raise Exception("Unexpected invitation event")
-    [event, addr, persistent] = ev.split(' ', 2)
-    dev[1].global_request("P2P_GROUP_ADD " + persistent)
-    ev = dev[1].wait_global_event(["P2P-PERSISTENT-PSK-FAIL"], timeout=30)
-    if ev is None:
-        raise Exception("Did not receive PSK failure report")
-    [tmp, id] = ev.split('=', 1)
-    ev = dev[1].wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-    if ev is None:
-        raise Exception("Group removal event timed out")
-    if "reason=PSK_FAILURE" not in ev:
-        raise Exception("Unexpected group removal reason")
-    dev[1].global_request("REMOVE_NETWORK " + id)
-
-    logger.info("Re-invite after client removed persistent group info")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1, social=True):
-        raise Exception("Peer " + peer + " not found")
-    dev[0].global_request("P2P_INVITE group=" + dev[0].group_ifname + " peer=" + addr1)
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on invitation")
-    if " persistent=" in ev:
-        raise Exception("Unexpected invitation event")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    c_res = dev[1].p2p_connect_group(addr0, pin, timeout=60, social=True,
-                                     freq=i_res['freq'])
-    if not c_res['persistent']:
-        raise Exception("Joining client did not recognize persistent group")
-    if r_res['psk'] == c_res['psk']:
-        raise Exception("Same PSK assigned on both times")
-    hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-
-    terminate_group(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_channel(dev):
-    """P2P persistent group re-invocation with channel selection"""
-    form(dev[0], dev[1], test_data=False)
-
-    logger.info("Re-invoke persistent group from client with forced channel")
-    invite(dev[1], dev[0], "freq=2427")
-    [go_res, cli_res] = check_result(dev[0], dev[1])
-    if go_res['freq'] != "2427":
-        raise Exception("Persistent group client forced channel not followed")
-    terminate_group(dev[0], dev[1])
-
-    logger.info("Re-invoke persistent group from GO with forced channel")
-    invite(dev[0], dev[1], "freq=2432")
-    [go_res, cli_res] = check_result(dev[0], dev[1])
-    if go_res['freq'] != "2432":
-        raise Exception("Persistent group GO channel preference not followed")
-    terminate_group(dev[0], dev[1])
-
-    logger.info("Re-invoke persistent group from client with channel preference")
-    invite(dev[1], dev[0], "pref=2417")
-    [go_res, cli_res] = check_result(dev[0], dev[1])
-    if go_res['freq'] != "2417":
-        raise Exception("Persistent group client channel preference not followed")
-    terminate_group(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_and_role_change(dev):
-    """P2P persistent group, auto GO in another role, and re-invocation"""
-    form(dev[0], dev[1])
-
-    logger.info("Start and stop autonomous GO on previous P2P client device")
-    dev[1].p2p_start_go()
-    dev[1].remove_group()
-    dev[1].dump_monitor()
-
-    logger.info("Re-invoke the persistent group")
-    invite_from_go(dev[0], dev[1])
-
-def test_persistent_go_client_list(dev):
-    """P2P GO and list of clients in persistent group"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    addr2 = dev[2].p2p_dev_addr()
-
-    res = dev[0].p2p_start_go(persistent=True)
-    id = None
-    for n in dev[0].list_networks(p2p=True):
-        if "[P2P-PERSISTENT]" in n['flags']:
-            id = n['id']
-            break
-    if id is None:
-        raise Exception("Could not find persistent group entry")
-
-    connect_cli(dev[0], dev[1], social=True, freq=res['freq'])
-    clients = dev[0].global_request("GET_NETWORK " + id + " p2p_client_list").rstrip()
-    if clients != addr1:
-        raise Exception("Unexpected p2p_client_list entry(2): " + clients)
-    connect_cli(dev[0], dev[2], social=True, freq=res['freq'])
-    clients = dev[0].global_request("GET_NETWORK " + id + " p2p_client_list").rstrip()
-    if clients != addr2 + " " + addr1:
-        raise Exception("Unexpected p2p_client_list entry(3): " + clients)
-
-    peer = dev[1].get_peer(res['go_dev_addr'])
-    dev[1].remove_group()
-    dev[1].global_request("P2P_GROUP_ADD persistent=" + peer['persistent'])
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=30)
-    if ev is None:
-        raise Exception("Timeout on group restart (on client)")
-    dev[1].group_form_result(ev)
-    clients = dev[0].global_request("GET_NETWORK " + id + " p2p_client_list").rstrip()
-    if clients != addr1 + " " + addr2:
-        raise Exception("Unexpected p2p_client_list entry(4): " + clients)
-
-    dev[2].remove_group()
-    dev[1].remove_group()
-    dev[0].remove_group()
-
-    clients = dev[0].global_request("GET_NETWORK " + id + " p2p_client_list").rstrip()
-    if clients != addr1 + " " + addr2:
-        raise Exception("Unexpected p2p_client_list entry(5): " + clients)
-
-    dev[1].p2p_listen()
-    dev[2].p2p_listen()
-    dev[0].request("P2P_FLUSH")
-    dev[0].discover_peer(addr1, social=True)
-    peer = dev[0].get_peer(addr1)
-    if 'persistent' not in peer or peer['persistent'] != id:
-        raise Exception("Persistent group client not recognized(1)")
-
-    dev[0].discover_peer(addr2, social=True)
-    peer = dev[0].get_peer(addr2)
-    if 'persistent' not in peer or peer['persistent'] != id:
-        raise Exception("Persistent group client not recognized(2)")
-
-@remote_compatible
-def test_persistent_group_in_grpform(dev):
-    """P2P persistent group parameters re-used in group formation"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    form(dev[0], dev[1])
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr1, social=True):
-        raise Exception("Could not discover peer")
-    peer = dev[0].get_peer(addr1)
-    if "persistent" not in peer:
-        raise Exception("Could not map peer to a persistent group")
-
-    pin = dev[1].wps_read_pin()
-    dev[1].p2p_go_neg_auth(addr0, pin, "display", go_intent=0)
-    i_res = dev[0].p2p_go_neg_init(addr1, pin, "enter", timeout=20,
-                                   go_intent=15,
-                                   persistent_id=peer['persistent'])
-    r_res = dev[1].p2p_go_neg_auth_result()
-    logger.debug("i_res: " + str(i_res))
-    logger.debug("r_res: " + str(r_res))
-
-@remote_compatible
-def test_persistent_group_without_persistent_reconnect(dev):
-    """P2P persistent group re-invocation without persistent reconnect"""
-    form(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.info("Re-invoke persistent group from client")
-    invite(dev[1], dev[0], persistent_reconnect=False)
-
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=15)
-    if ev is None:
-        raise Exception("No invitation request reported")
-    if "persistent=" not in ev:
-        raise Exception("Invalid invitation type reported: " + ev)
-
-    ev2 = dev[1].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-    if ev2 is None:
-        raise Exception("No invitation response reported")
-    if "status=1" not in ev2:
-        raise Exception("Unexpected status: " + ev2)
-    dev[1].p2p_listen()
-
-    exp = r'<.>(P2P-INVITATION-RECEIVED) sa=([0-9a-f:]*) persistent=([0-9]*) freq=([0-9]*)'
-    s = re.split(exp, ev)
-    if len(s) < 5:
-        raise Exception("Could not parse invitation event")
-    sa = s[2]
-    id = s[3]
-    freq = s[4]
-    logger.info("Invalid P2P_INVITE test coverage")
-    if "FAIL" not in dev[0].global_request("P2P_INVITE persistent=" + id + " peer=" + sa + " freq=0"):
-        raise Exception("Invalid P2P_INVITE accepted")
-    if "FAIL" not in dev[0].global_request("P2P_INVITE persistent=" + id + " peer=" + sa + " pref=0"):
-        raise Exception("Invalid P2P_INVITE accepted")
-    logger.info("Re-initiate invitation based on upper layer acceptance")
-    if "OK" not in dev[0].global_request("P2P_INVITE persistent=" + id + " peer=" + sa + " freq=" + freq):
-        raise Exception("Invitation command failed")
-    [go_res, cli_res] = check_result(dev[0], dev[1])
-    if go_res['freq'] != freq:
-        raise Exception("Unexpected channel on GO: {} MHz, expected {} MHz".format(go_res['freq'], freq))
-    if cli_res['freq'] != freq:
-        raise Exception("Unexpected channel on CLI: {} MHz, expected {} MHz".format(cli_res['freq'], freq))
-    terminate_group(dev[0], dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    logger.info("Re-invoke persistent group from GO")
-    invite(dev[0], dev[1], persistent_reconnect=False)
-
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED"], timeout=15)
-    if ev is None:
-        raise Exception("No invitation request reported")
-    if "persistent=" not in ev:
-        raise Exception("Invalid invitation type reported: " + ev)
-
-    ev2 = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-    if ev2 is None:
-        raise Exception("No invitation response reported")
-    if "status=1" not in ev2:
-        raise Exception("Unexpected status: " + ev2)
-    dev[0].p2p_listen()
-
-    exp = r'<.>(P2P-INVITATION-RECEIVED) sa=([0-9a-f:]*) persistent=([0-9]*)'
-    s = re.split(exp, ev)
-    if len(s) < 4:
-        raise Exception("Could not parse invitation event")
-    sa = s[2]
-    id = s[3]
-    logger.info("Re-initiate invitation based on upper layer acceptance")
-    if "OK" not in dev[1].global_request("P2P_INVITE persistent=" + id + " peer=" + sa + " freq=" + freq):
-        raise Exception("Invitation command failed")
-    [go_res, cli_res] = check_result(dev[0], dev[1])
-    terminate_group(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_already_running(dev):
-    """P2P persistent group formation and invitation while GO already running"""
-    form(dev[0], dev[1])
-    peer = dev[1].get_peer(dev[0].p2p_dev_addr())
-    listen_freq = peer['listen_freq']
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    networks = dev[0].list_networks(p2p=True)
-    if len(networks) != 1:
-        raise Exception("Unexpected number of networks")
-    if "[P2P-PERSISTENT]" not in networks[0]['flags']:
-        raise Exception("Not the persistent group data")
-    if "OK" not in dev[0].global_request("P2P_GROUP_ADD persistent=" + networks[0]['id'] + " freq=" + listen_freq):
-        raise Exception("Could not state GO")
-    invite_from_cli(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_add_cli_chan(dev):
-    """P2P persistent group formation and re-invocation with p2p_add_cli_chan=1"""
-    try:
-        dev[0].request("SET p2p_add_cli_chan 1")
-        dev[1].request("SET p2p_add_cli_chan 1")
-        form(dev[0], dev[1])
-        dev[1].request("BSS_FLUSH 0")
-        dev[1].scan(freq="2412", only_new=True)
-        dev[1].scan(freq="2437", only_new=True)
-        dev[1].scan(freq="2462", only_new=True)
-        dev[1].request("BSS_FLUSH 0")
-        invite_from_cli(dev[0], dev[1])
-        invite_from_go(dev[0], dev[1])
-    finally:
-        dev[0].request("SET p2p_add_cli_chan 0")
-        dev[1].request("SET p2p_add_cli_chan 0")
-
-@remote_compatible
-def test_persistent_invalid_group_add(dev):
-    """Invalid P2P_GROUP_ADD command"""
-    id = dev[0].add_network()
-    if "FAIL" not in dev[0].global_request("P2P_GROUP_ADD persistent=12345"):
-        raise Exception("Invalid P2P_GROUP_ADD accepted")
-    if "FAIL" not in dev[0].global_request("P2P_GROUP_ADD persistent=%d" % id):
-        raise Exception("Invalid P2P_GROUP_ADD accepted")
-    if "FAIL" not in dev[0].global_request("P2P_GROUP_ADD foo"):
-        raise Exception("Invalid P2P_GROUP_ADD accepted")
-
-def test_persistent_group_missed_inv_resp(dev):
-    """P2P persistent group re-invocation with invitation response getting lost"""
-    form(dev[0], dev[1])
-    addr = dev[1].p2p_dev_addr()
-    dev[1].global_request("SET persistent_reconnect 1")
-    dev[1].p2p_listen()
-    if not dev[0].discover_peer(addr, social=True):
-        raise Exception("Peer " + addr + " not found")
-    dev[0].dump_monitor()
-    peer = dev[0].get_peer(addr)
-    # Drop the first Invitation Response frame
-    if "FAIL" in dev[0].request("SET ext_mgmt_frame_handling 1"):
-        raise Exception("Failed to enable external management frame handling")
-    cmd = "P2P_INVITE persistent=" + peer['persistent'] + " peer=" + addr
-    dev[0].global_request(cmd)
-    rx_msg = dev[0].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout (no Invitation Response)")
-    time.sleep(2)
-    # Allow following Invitation Response frame to go through
-    if "FAIL" in dev[0].request("SET ext_mgmt_frame_handling 0"):
-        raise Exception("Failed to disable external management frame handling")
-    time.sleep(1)
-    # Force the P2P Client side to be on its Listen channel for retry
-    dev[1].p2p_listen()
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=15)
-    if ev is None:
-        raise Exception("Invitation result timed out")
-    # Allow P2P Client side to continue connection-to-GO attempts
-    dev[1].p2p_stop_find()
-
-    # Verify that group re-invocation goes through
-    ev = dev[1].wait_global_event(["P2P-GROUP-STARTED",
-                                   "P2P-GROUP-FORMATION-FAILURE"],
-                                  timeout=20)
-    if ev is None:
-        raise Exception("Group start event timed out")
-    if "P2P-GROUP-STARTED" not in ev:
-        raise Exception("Group re-invocation failed")
-    dev[0].group_form_result(ev)
-
-    ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Group start event timed out on GO")
-    dev[0].group_form_result(ev)
-
-    terminate_group(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_profile_add(dev):
-    """Create a P2P persistent group with ADD_NETWORK"""
-    passphrase = "passphrase here"
-    id = dev[0].p2pdev_add_network()
-    dev[0].p2pdev_set_network_quoted(id, "ssid", "DIRECT-ab")
-    dev[0].p2pdev_set_network_quoted(id, "psk", passphrase)
-    dev[0].p2pdev_set_network(id, "mode", "3")
-    dev[0].p2pdev_set_network(id, "disabled", "2")
-    dev[0].p2p_start_go(persistent=id, freq=2412)
-
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    res = dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60,
-                                   social=True, freq=2412)
-    if res['result'] != 'success':
-        raise Exception("Joining the group did not succeed")
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-@remote_compatible
-def test_persistent_group_cancel_on_cli(dev):
-    """P2P persistent group formation, re-invocation, and cancel"""
-    dev[0].global_request("SET p2p_no_group_iface 0")
-    dev[1].global_request("SET p2p_no_group_iface 0")
-    form(dev[0], dev[1])
-
-    invite_from_go(dev[0], dev[1], terminate=False)
-    if "FAIL" not in dev[1].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on CLI")
-    if "FAIL" not in dev[0].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on GO")
-    terminate_group(dev[0], dev[1])
-
-    invite_from_cli(dev[0], dev[1], terminate=False)
-    if "FAIL" not in dev[1].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on CLI")
-    if "FAIL" not in dev[0].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on GO")
-    terminate_group(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_cancel_on_cli2(dev):
-    """P2P persistent group formation, re-invocation, and cancel (2)"""
-    form(dev[0], dev[1])
-    invite_from_go(dev[0], dev[1], terminate=False)
-    if "FAIL" not in dev[1].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on CLI")
-    if "FAIL" not in dev[0].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on GO")
-    terminate_group(dev[0], dev[1])
-
-    invite_from_cli(dev[0], dev[1], terminate=False)
-    if "FAIL" not in dev[1].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on CLI")
-    if "FAIL" not in dev[0].global_request("P2P_CANCEL"):
-        raise Exception("P2P_CANCEL succeeded unexpectedly on GO")
-    terminate_group(dev[0], dev[1])
-
-@remote_compatible
-def test_persistent_group_peer_dropped(dev):
-    """P2P persistent group formation and re-invocation with peer having dropped group"""
-    form(dev[0], dev[1], reverse_init=True)
-    invite_from_cli(dev[0], dev[1])
-
-    logger.info("Remove group on the GO and try to invite from the client")
-    dev[0].global_request("REMOVE_NETWORK all")
-    invite(dev[1], dev[0])
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("No invitation result seen")
-    if "status=8" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-    networks = dev[1].list_networks(p2p=True)
-    if len(networks) > 0:
-        raise Exception("Unexpected network block on client")
-
-    logger.info("Verify that a new group can be formed")
-    form(dev[0], dev[1], reverse_init=True)
-
-@remote_compatible
-def test_persistent_group_peer_dropped2(dev):
-    """P2P persistent group formation and re-invocation with peer having dropped group (2)"""
-    form(dev[0], dev[1])
-    invite_from_go(dev[0], dev[1])
-
-    logger.info("Remove group on the client and try to invite from the GO")
-    dev[1].global_request("REMOVE_NETWORK all")
-    invite(dev[0], dev[1])
-    ev = dev[0].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("No invitation result seen")
-    if "status=8" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-    networks = dev[1].list_networks(p2p=True)
-    if len(networks) > 0:
-        raise Exception("Unexpected network block on client")
-
-    logger.info("Verify that a new group can be formed")
-    form(dev[0], dev[1])
-
-def test_persistent_group_peer_dropped3(dev):
-    """P2P persistent group formation and re-invocation with peer having dropped group (3)"""
-    form(dev[0], dev[1], reverse_init=True)
-    invite_from_cli(dev[0], dev[1])
-
-    logger.info("Remove group on the GO and try to invite from the client")
-    dev[0].global_request("REMOVE_NETWORK all")
-    invite(dev[1], dev[0], use_listen=False)
-    ev = dev[1].wait_global_event(["P2P-INVITATION-RESULT"], timeout=10)
-    if ev is None:
-        raise Exception("No invitation result seen")
-    if "status=8" not in ev:
-        raise Exception("Unexpected invitation result: " + ev)
-    networks = dev[1].list_networks(p2p=True)
-    if len(networks) > 0:
-        raise Exception("Unexpected network block on client")
-
-    time.sleep(0.2)
-    logger.info("Verify that a new group can be formed")
-    form(dev[0], dev[1], reverse_init=True, r_listen=False)
diff --git a/tests/hwsim/test_p2p_service.py b/tests/hwsim/test_p2p_service.py
deleted file mode 100644
index a3891c323784..000000000000
--- a/tests/hwsim/test_p2p_service.py
+++ /dev/null
@@ -1,586 +0,0 @@
-# P2P service discovery test cases
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import os
-import time
-import uuid
-
-import hwsim_utils
-
-def add_bonjour_services(dev):
-    dev.global_request("P2P_SERVICE_ADD bonjour 0b5f6166706f766572746370c00c000c01 074578616d706c65c027")
-    dev.global_request("P2P_SERVICE_ADD bonjour 076578616d706c650b5f6166706f766572746370c00c001001 00")
-    dev.global_request("P2P_SERVICE_ADD bonjour 045f697070c00c000c01 094d795072696e746572c027")
-    dev.global_request("P2P_SERVICE_ADD bonjour 096d797072696e746572045f697070c00c001001 09747874766572733d311a70646c3d6170706c69636174696f6e2f706f7374736372797074")
-
-def add_upnp_services(dev):
-    dev.global_request("P2P_SERVICE_ADD upnp 10 uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice")
-    dev.global_request("P2P_SERVICE_ADD upnp 10 uuid:5566d33e-9774-09ab-4822-333456785632::upnp:rootdevice")
-    dev.global_request("P2P_SERVICE_ADD upnp 10 uuid:1122de4e-8574-59ab-9322-333456789044::urn:schemas-upnp-org:service:ContentDirectory:2")
-    dev.global_request("P2P_SERVICE_ADD upnp 10 uuid:5566d33e-9774-09ab-4822-333456785632::urn:schemas-upnp-org:service:ContentDirectory:2")
-    dev.global_request("P2P_SERVICE_ADD upnp 10 uuid:6859dede-8574-59ab-9332-123456789012::urn:schemas-upnp-org:device:InternetGatewayDevice:1")
-
-def add_extra_services(dev):
-    for i in range(0, 100):
-        dev.global_request("P2P_SERVICE_ADD upnp 10 uuid:" + str(uuid.uuid4()) + "::upnp:rootdevice")
-
-def run_sd(dev, dst, query, exp_query=None, fragment=False, query2=None):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    add_bonjour_services(dev[0])
-    add_upnp_services(dev[0])
-    if fragment:
-        add_extra_services(dev[0])
-    dev[0].p2p_listen()
-
-    dev[1].global_request("P2P_FLUSH")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + dst + " " + query)
-    if query2:
-        dev[1].global_request("P2P_SERV_DISC_REQ " + dst + " " + query2)
-    if not dev[1].discover_peer(addr0, social=True, force_find=True):
-        raise Exception("Peer " + addr0 + " not found")
-
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr1 not in ev:
-        raise Exception("Unexpected service discovery request source")
-    if exp_query is None:
-        exp_query = query
-    if exp_query not in ev and (query2 is None or query2 not in ev):
-        raise Exception("Unexpected service discovery request contents")
-
-    if query2:
-        ev_list = []
-        for i in range(0, 4):
-            ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=10)
-            if ev is None:
-                raise Exception("Service discovery timed out")
-            if addr0 in ev:
-                ev_list.append(ev)
-                if len(ev_list) == 2:
-                    break
-        return ev_list
-
-    for i in range(0, 2):
-        ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=10)
-        if ev is None:
-            raise Exception("Service discovery timed out")
-        if addr0 in ev:
-            break
-
-    dev[0].p2p_stop_find()
-    dev[1].p2p_stop_find()
-
-    if "OK" not in dev[0].global_request("P2P_SERVICE_DEL upnp 10 uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice"):
-        raise Exception("Failed to delete a UPnP service")
-    if "FAIL" not in dev[0].global_request("P2P_SERVICE_DEL upnp 10 uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice"):
-        raise Exception("Unexpected deletion success for UPnP service")
-    if "OK" not in dev[0].global_request("P2P_SERVICE_DEL bonjour 0b5f6166706f766572746370c00c000c01"):
-        raise Exception("Failed to delete a Bonjour service")
-    if "FAIL" not in dev[0].global_request("P2P_SERVICE_DEL bonjour 0b5f6166706f766572746370c00c000c01"):
-        raise Exception("Unexpected deletion success for Bonjour service")
-
-    return ev
-
-@remote_compatible
-def test_p2p_service_discovery(dev):
-    """P2P service discovery"""
-    addr0 = dev[0].p2p_dev_addr()
-    for dst in ["00:00:00:00:00:00", addr0]:
-        ev = run_sd(dev, dst, "02000001")
-        if "0b5f6166706f766572746370c00c000c01" not in ev:
-            raise Exception("Unexpected service discovery response contents (Bonjour)")
-        if "496e7465726e6574" not in ev:
-            raise Exception("Unexpected service discovery response contents (UPnP)")
-
-    for req in ["foo 02000001",
-                addr0,
-                addr0 + " upnp qq urn:schemas-upnp-org:device:InternetGatewayDevice:1",
-                addr0 + " upnp 10",
-                addr0 + " 123",
-                addr0 + " qq"]:
-        if "FAIL" not in dev[1].global_request("P2P_SERV_DISC_REQ " + req):
-            raise Exception("Invalid P2P_SERV_DISC_REQ accepted: " + req)
-
-def test_p2p_service_discovery2(dev):
-    """P2P service discovery with one peer having no services"""
-    dev[2].p2p_listen()
-    for dst in ["00:00:00:00:00:00", dev[0].p2p_dev_addr()]:
-        ev = run_sd(dev, dst, "02000001")
-        if "0b5f6166706f766572746370c00c000c01" not in ev:
-            raise Exception("Unexpected service discovery response contents (Bonjour)")
-        if "496e7465726e6574" not in ev:
-            raise Exception("Unexpected service discovery response contents (UPnP)")
-
-def test_p2p_service_discovery3(dev):
-    """P2P service discovery for Bonjour with one peer having no services"""
-    dev[2].p2p_listen()
-    for dst in ["00:00:00:00:00:00", dev[0].p2p_dev_addr()]:
-        ev = run_sd(dev, dst, "02000101")
-        if "0b5f6166706f766572746370c00c000c01" not in ev:
-            raise Exception("Unexpected service discovery response contents (Bonjour)")
-
-def test_p2p_service_discovery4(dev):
-    """P2P service discovery for UPnP with one peer having no services"""
-    dev[2].p2p_listen()
-    for dst in ["00:00:00:00:00:00", dev[0].p2p_dev_addr()]:
-        ev = run_sd(dev, dst, "02000201")
-        if "496e7465726e6574" not in ev:
-            raise Exception("Unexpected service discovery response contents (UPnP)")
-
-@remote_compatible
-def test_p2p_service_discovery_multiple_queries(dev):
-    """P2P service discovery with multiple queries"""
-    for dst in ["00:00:00:00:00:00", dev[0].p2p_dev_addr()]:
-        ev = run_sd(dev, dst, "02000201", query2="02000101")
-        if "0b5f6166706f766572746370c00c000c01" not in ev[0] + ev[1]:
-            raise Exception("Unexpected service discovery response contents (Bonjour)")
-        if "496e7465726e6574" not in ev[0] + ev[1]:
-            raise Exception("Unexpected service discovery response contents (UPnP)")
-
-def test_p2p_service_discovery_multiple_queries2(dev):
-    """P2P service discovery with multiple queries with one peer having no services"""
-    dev[2].p2p_listen()
-    for dst in ["00:00:00:00:00:00", dev[0].p2p_dev_addr()]:
-        ev = run_sd(dev, dst, "02000201", query2="02000101")
-        if "0b5f6166706f766572746370c00c000c01" not in ev[0] + ev[1]:
-            raise Exception("Unexpected service discovery response contents (Bonjour)")
-        if "496e7465726e6574" not in ev[0] + ev[1]:
-            raise Exception("Unexpected service discovery response contents (UPnP)")
-
-def test_p2p_service_discovery_fragmentation(dev):
-    """P2P service discovery with fragmentation"""
-    for dst in ["00:00:00:00:00:00", dev[0].p2p_dev_addr()]:
-        ev = run_sd(dev, dst, "02000001", fragment=True)
-        if "long response" not in ev:
-            if "0b5f6166706f766572746370c00c000c01" not in ev:
-                raise Exception("Unexpected service discovery response contents (Bonjour)")
-            if "496e7465726e6574" not in ev:
-                raise Exception("Unexpected service discovery response contents (UPnP)")
-
-@remote_compatible
-def test_p2p_service_discovery_bonjour(dev):
-    """P2P service discovery (Bonjour)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "02000101")
-    if "0b5f6166706f766572746370c00c000c01" not in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour)")
-    if "045f697070c00c000c01" not in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour)")
-    if "496e7465726e6574" in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP not expected)")
-
-@remote_compatible
-def test_p2p_service_discovery_bonjour2(dev):
-    """P2P service discovery (Bonjour AFS)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "130001010b5f6166706f766572746370c00c000c01")
-    if "0b5f6166706f766572746370c00c000c01" not in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour)")
-    if "045f697070c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour mismatching)")
-    if "496e7465726e6574" in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP not expected)")
-
-@remote_compatible
-def test_p2p_service_discovery_bonjour3(dev):
-    """P2P service discovery (Bonjour AFS - no match)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "130001010b5f6166706f766572746370c00c000c02")
-    if "0300010102" not in ev:
-        raise Exception("Requested-info-not-available was not indicated")
-    if "0b5f6166706f766572746370c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour)")
-    if "045f697070c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour mismatching)")
-    if "496e7465726e6574" in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP not expected)")
-
-@remote_compatible
-def test_p2p_service_discovery_upnp(dev):
-    """P2P service discovery (UPnP)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "02000201")
-    if "0b5f6166706f766572746370c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour not expected)")
-    if "496e7465726e6574" not in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP)")
-
-@remote_compatible
-def test_p2p_service_discovery_upnp2(dev):
-    """P2P service discovery (UPnP using request helper)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "upnp 10 ssdp:all", "0b00020110737364703a616c6c")
-    if "0b5f6166706f766572746370c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour not expected)")
-    if "496e7465726e6574" not in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP)")
-
-@remote_compatible
-def test_p2p_service_discovery_upnp3(dev):
-    """P2P service discovery (UPnP using request helper - no match)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "upnp 10 ssdp:foo", "0b00020110737364703a666f6f")
-    if "0300020102" not in ev:
-        raise Exception("Requested-info-not-available was not indicated")
-    if "0b5f6166706f766572746370c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour not expected)")
-    if "496e7465726e6574" in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP)")
-
-@remote_compatible
-def test_p2p_service_discovery_ws(dev):
-    """P2P service discovery (WS-Discovery)"""
-    ev = run_sd(dev, "00:00:00:00:00:00", "02000301")
-    if "0b5f6166706f766572746370c00c000c01" in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour not expected)")
-    if "496e7465726e6574" in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP not expected)")
-    if "0300030101" not in ev:
-        raise Exception("Unexpected service discovery response contents (WS)")
-
-@remote_compatible
-def test_p2p_service_discovery_wfd(dev):
-    """P2P service discovery (Wi-Fi Display)"""
-    dev[0].global_request("SET wifi_display 1")
-    ev = run_sd(dev, "00:00:00:00:00:00", "02000401")
-    if " 030004" in ev:
-        raise Exception("Unexpected response to invalid WFD SD query")
-    dev[0].global_request("SET wifi_display 0")
-    ev = run_sd(dev, "00:00:00:00:00:00", "0300040100")
-    if "0300040101" not in ev:
-        raise Exception("Unexpected response to WFD SD query (protocol was disabled)")
-
-@remote_compatible
-def test_p2p_service_discovery_req_cancel(dev):
-    """Cancel a P2P service discovery request"""
-    if "FAIL" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ ab"):
-        raise Exception("Unexpected SD cancel success")
-    if "FAIL" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ qq"):
-        raise Exception("Unexpected SD cancel success")
-    query = dev[0].global_request("P2P_SERV_DISC_REQ " + dev[1].p2p_dev_addr() + " 02000001")
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ " + query):
-        raise Exception("Unexpected SD cancel failure")
-    query1 = dev[0].global_request("P2P_SERV_DISC_REQ " + dev[1].p2p_dev_addr() + " 02000001")
-    query2 = dev[0].global_request("P2P_SERV_DISC_REQ " + dev[1].p2p_dev_addr() + " 02000002")
-    query3 = dev[0].global_request("P2P_SERV_DISC_REQ " + dev[1].p2p_dev_addr() + " 02000003")
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ " + query2):
-        raise Exception("Unexpected SD cancel failure")
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ " + query1):
-        raise Exception("Unexpected SD cancel failure")
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ " + query3):
-        raise Exception("Unexpected SD cancel failure")
-
-    query = dev[0].global_request("P2P_SERV_DISC_REQ 00:00:00:00:00:00 02000001")
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_CANCEL_REQ " + query):
-        raise Exception("Unexpected SD(broadcast) cancel failure")
-
-@remote_compatible
-def test_p2p_service_discovery_go(dev):
-    """P2P service discovery from GO"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    add_bonjour_services(dev[0])
-    add_upnp_services(dev[0])
-
-    dev[0].p2p_start_go(freq=2412)
-
-    dev[1].global_request("P2P_FLUSH")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    if not dev[1].discover_peer(addr0, social=True, force_find=True):
-        raise Exception("Peer " + addr0 + " not found")
-
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr1 not in ev:
-        raise Exception("Unexpected service discovery request source")
-
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr0 not in ev:
-        raise Exception("Unexpected service discovery response source")
-    if "0b5f6166706f766572746370c00c000c01" not in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour)")
-    if "496e7465726e6574" not in ev:
-        raise Exception("Unexpected service discovery response contents (UPnP)")
-    dev[1].p2p_stop_find()
-
-    dev[0].global_request("P2P_SERVICE_FLUSH")
-
-    dev[1].global_request("P2P_FLUSH")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    if not dev[1].discover_peer(addr0, social=True, force_find=True):
-        raise Exception("Peer " + addr0 + " not found")
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr1 not in ev:
-        raise Exception("Unexpected service discovery request source")
-
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr0 not in ev:
-        raise Exception("Unexpected service discovery response source")
-    if "0300000101" not in ev:
-        raise Exception("Unexpected service discovery response contents (Bonjour)")
-    dev[1].p2p_stop_find()
-
-def _test_p2p_service_discovery_external(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    if "FAIL" not in dev[0].global_request("P2P_SERV_DISC_EXTERNAL 2"):
-        raise Exception("Invalid P2P_SERV_DISC_EXTERNAL accepted")
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_EXTERNAL 1"):
-        raise Exception("P2P_SERV_DISC_EXTERNAL failed")
-    dev[0].p2p_listen()
-    dev[1].global_request("P2P_FLUSH")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    if not dev[1].discover_peer(addr0, social=True, force_find=True):
-        raise Exception("Peer " + addr0 + " not found")
-
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr1 not in ev:
-        raise Exception("Unexpected service discovery request source")
-    arg = ev.split(' ')
-    resp = "0300000101"
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_RESP %s %s %s %s" % (arg[2], arg[3], arg[4], resp)):
-        raise Exception("P2P_SERV_DISC_RESP failed")
-
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=15)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr0 not in ev:
-        raise Exception("Unexpected address in SD Response: " + ev)
-    if ev.split(' ')[4] != resp:
-        raise Exception("Unexpected response data SD Response: " + ev)
-    ver = ev.split(' ')[3]
-
-    dev[0].global_request("P2P_SERVICE_UPDATE")
-
-    dev[1].global_request("P2P_FLUSH")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    if not dev[1].discover_peer(addr0, social=True, force_find=True):
-        raise Exception("Peer " + addr0 + " not found")
-
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr1 not in ev:
-        raise Exception("Unexpected service discovery request source")
-    arg = ev.split(' ')
-    resp = "0300000101"
-    if "OK" not in dev[0].global_request("P2P_SERV_DISC_RESP %s %s %s %s" % (arg[2], arg[3], arg[4], resp)):
-        raise Exception("P2P_SERV_DISC_RESP failed")
-
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=15)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if addr0 not in ev:
-        raise Exception("Unexpected address in SD Response: " + ev)
-    if ev.split(' ')[4] != resp:
-        raise Exception("Unexpected response data SD Response: " + ev)
-    ver2 = ev.split(' ')[3]
-    if ver == ver2:
-        raise Exception("Service list version did not change")
-
-    for cmd in ["%s%s%s%s" % (arg[2], arg[3], arg[4], resp),
-                "%s %s %s %s" % ("0", arg[3], arg[4], resp),
-                "%s %s %s %s" % (arg[2], "foo", arg[4], resp),
-                "%s %s%s%s" % (arg[2], arg[3], arg[4], resp),
-                "%s %s %s%s" % (arg[2], arg[3], arg[4], resp),
-                "%s %s %s %s" % (arg[2], arg[3], arg[4], "12345"),
-                "%s %s %s %s" % (arg[2], arg[3], arg[4], "qq")]:
-        if "FAIL" not in dev[0].global_request("P2P_SERV_DISC_RESP " + cmd):
-            raise Exception("Invalid P2P_SERV_DISC_RESP accepted: " + cmd)
-
-@remote_compatible
-def test_p2p_service_discovery_external(dev):
-    """P2P service discovery using external response"""
-    try:
-        _test_p2p_service_discovery_external(dev)
-    finally:
-        dev[0].global_request("P2P_SERV_DISC_EXTERNAL 0")
-
-@remote_compatible
-def test_p2p_service_discovery_invalid_commands(dev):
-    """P2P service discovery invalid commands"""
-    for cmd in ["bonjour",
-                "bonjour 12",
-                "bonjour 123 12",
-                "bonjour qq 12",
-                "bonjour 12 123",
-                "bonjour 12 qq",
-                "upnp 10",
-                "upnp qq uuid:",
-                "foo bar"]:
-        if "FAIL" not in dev[0].global_request("P2P_SERVICE_ADD " + cmd):
-            raise Exception("Invalid P2P_SERVICE_ADD accepted: " + cmd)
-
-    for cmd in ["bonjour",
-                "bonjour 123",
-                "bonjour qq",
-                "upnp 10",
-                "upnp  ",
-                "upnp qq uuid:",
-                "foo bar"]:
-        if "FAIL" not in dev[0].global_request("P2P_SERVICE_DEL " + cmd):
-            raise Exception("Invalid P2P_SERVICE_DEL accepted: " + cmd)
-
-def test_p2p_service_discovery_cancel_during_query(dev):
-    """P2P service discovery and cancel during query"""
-    for i in range(2):
-        add_bonjour_services(dev[i])
-        add_upnp_services(dev[i])
-        add_extra_services(dev[i])
-        dev[i].p2p_listen()
-
-    dev[2].request("P2P_FLUSH")
-    id1 = dev[2].request("P2P_SERV_DISC_REQ 00:00:00:00:00:00 02000201")
-    id2 = dev[2].request("P2P_SERV_DISC_REQ 00:00:00:00:00:00 02000101")
-    dev[2].p2p_find(social=True)
-    ev = dev[2].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Could not discover peer")
-    if "OK" not in dev[2].request("P2P_SERV_DISC_CANCEL_REQ " + id1):
-        raise Exception("Failed to cancel req1")
-    if "OK" not in dev[2].request("P2P_SERV_DISC_CANCEL_REQ " + id2):
-        raise Exception("Failed to cancel req2")
-    ev = dev[2].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=3)
-    # we may or may not get a response depending on timing, so ignore the result
-    dev[2].p2p_stop_find()
-    dev[1].p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-def get_p2p_state(dev):
-    res = dev.global_request("STATUS")
-    p2p_state = None
-    for line in res.splitlines():
-        if line.startswith("p2p_state="):
-            p2p_state = line.split('=')[1]
-            break
-    if p2p_state is None:
-        raise Exception("Could not get p2p_state")
-    return p2p_state
-
-@remote_compatible
-def test_p2p_service_discovery_peer_not_listening(dev):
-    """P2P service discovery and peer not listening"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    add_bonjour_services(dev[0])
-    add_upnp_services(dev[0])
-    dev[0].p2p_listen()
-    dev[1].global_request("P2P_FIND 4 type=social")
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=4)
-    if ev is None:
-        raise Exception("Peer not found")
-    dev[0].p2p_stop_find()
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=1)
-    ev = dev[1].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=1)
-    time.sleep(0.03)
-    dev[1].request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=1)
-    if ev is not None:
-        raise Exception("Service discovery request unexpectedly received")
-    ev = dev[1].wait_global_event(["P2P-FIND-STOPPED", "P2P-SERV-DISC-RESP"],
-                                  timeout=10)
-    if ev is None:
-        raise Exception("P2P-FIND-STOPPED event timed out")
-    if "P2P-SERV-DISC-RESP" in ev:
-        raise Exception("Unexpected SD response")
-    p2p_state = get_p2p_state(dev[1])
-    if p2p_state != "IDLE":
-        raise Exception("Unexpected p2p_state after P2P_FIND timeout: " + p2p_state)
-
-@remote_compatible
-def test_p2p_service_discovery_peer_not_listening2(dev):
-    """P2P service discovery and peer not listening"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    add_bonjour_services(dev[0])
-    add_upnp_services(dev[0])
-    dev[0].p2p_listen()
-    dev[1].global_request("P2P_FIND type=social")
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("Peer not found")
-    dev[0].p2p_stop_find()
-    time.sleep(0.53)
-    dev[1].request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=0.5)
-    if ev is not None:
-        raise Exception("Service discovery request unexpectedly received")
-    dev[1].p2p_stop_find()
-    ev = dev[1].wait_global_event(["P2P-FIND-STOPPED", "P2P-SERV-DISC-RESP"],
-                                  timeout=10)
-    if ev is None:
-        raise Exception("P2P-FIND-STOPPED event timed out")
-    if "P2P-SERV-DISC-RESP" in ev:
-        raise Exception("Unexpected SD response")
-    p2p_state = get_p2p_state(dev[1])
-    if p2p_state != "IDLE":
-        raise Exception("Unexpected p2p_state after P2P_FIND timeout: " + p2p_state)
-
-def test_p2p_service_discovery_restart(dev):
-    """P2P service discovery restarted immediately"""
-    try:
-        _test_p2p_service_discovery_restart(dev)
-    finally:
-        dev[1].global_request("P2P_SET disc_int 1 3 -1")
-
-def _test_p2p_service_discovery_restart(dev):
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    # Use shorter listen interval to keep P2P_FIND loop shorter.
-    dev[1].global_request("P2P_SET disc_int 1 1 10")
-
-    add_bonjour_services(dev[0])
-    #add_upnp_services(dev[0])
-    dev[0].p2p_listen()
-
-    dev[1].global_request("P2P_FLUSH")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-    if not dev[1].discover_peer(addr0, social=True, force_find=True):
-        raise Exception("Peer " + addr0 + " not found")
-
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=10)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-
-    # The following P2P_LISTEN operation used to get delayed due to the last
-    # Action frame TX operation in SD Response using wait_time of 200 ms. It is
-    # somewhat difficult to test for this automatically, but the debug log can
-    # be verified to see that the remain-on-channel event for operation arrives
-    # immediately instead of getting delayed 200 ms. We can use a maximum
-    # acceptable time for the SD Response, but need to keep the limit somewhat
-    # high to avoid making this fail under heavy load. Still, it is apparently
-    # possible for this to take about the same amount of time with fixed
-    # implementation every now and then, so run this multiple time and pass the
-    # test if any attempt is fast enough.
-
-    for i in range(10):
-        dev[0].p2p_stop_find()
-        time.sleep(0.01)
-        dev[0].p2p_listen()
-
-        dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " 02000001")
-        start = os.times()[4]
-        ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=10)
-        if ev is None:
-            raise Exception("Service discovery timed out")
-        end = os.times()[4]
-        logger.info("Second SD Response in " + str(end - start) + " seconds")
-        if end - start < 0.8:
-            break
-
-    if end - start > 0.8:
-        raise Exception("Unexpectedly slow second SD Response: " + str(end - start) + " seconds")
diff --git a/tests/hwsim/test_p2p_set.py b/tests/hwsim/test_p2p_set.py
deleted file mode 100644
index 58577994ea5b..000000000000
--- a/tests/hwsim/test_p2p_set.py
+++ /dev/null
@@ -1,128 +0,0 @@
-# P2P_SET test cases
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-
-def test_p2p_set(dev):
-    """P2P_SET commands"""
-    for cmd in ["",
-                "foo bar",
-                "noa 1",
-                "noa 1,2",
-                "noa 1,2,3",
-                "noa -1,0,0",
-                "noa 256,0,0",
-                "noa 0,-1,0",
-                "noa 0,0,-1",
-                "noa 0,0,1",
-                "noa 255,10,20",
-                "ps 2",
-                "oppps 1",
-                "ctwindow 1",
-                "conc_pref foo",
-                "peer_filter foo",
-                "client_apsd 0",
-                "client_apsd 0,0",
-                "client_apsd 0,0,0",
-                "disc_int 1",
-                "disc_int 1 2",
-                "disc_int 2 1 10",
-                "disc_int -1 0 10",
-                "disc_int 0 -1 10",
-                "ssid_postfix 123456789012345678901234"]:
-        if "FAIL" not in dev[0].request("P2P_SET " + cmd):
-            raise Exception("Invalid P2P_SET accepted: " + cmd)
-    dev[0].request("P2P_SET ps 1")
-    if "OK" not in dev[0].request("P2P_SET ps 0"):
-        raise Exception("P2P_SET ps 0 failed unexpectedly")
-
-def test_p2p_set_discoverability(dev):
-    """P2P_SET discoverability"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    dev[0].p2p_start_go(freq="2412")
-    if "OK" not in dev[1].request("P2P_SET discoverability 0"):
-        raise Exception("P2P_SET discoverability 0 failed")
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(addr0, pin, timeout=20, social=True, freq="2412")
-
-    if not dev[2].discover_peer(addr1, timeout=10):
-        if not dev[2].discover_peer(addr1, timeout=10):
-            if not dev[2].discover_peer(addr1, timeout=10):
-                raise Exception("Could not discover group client")
-
-    peer = dev[2].get_peer(addr1)
-    if int(peer['dev_capab'], 16) & 0x02 != 0:
-        raise Exception("Discoverability dev_capab reported: " + peer['dev_capab'])
-    dev[2].p2p_stop_find()
-
-    if "OK" not in dev[1].request("P2P_SET discoverability 1"):
-        raise Exception("P2P_SET discoverability 1 failed")
-    dev[1].dump_monitor()
-    dev[1].group_request("REASSOCIATE")
-    ev = dev[1].wait_group_event(["CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Connection timed out")
-
-    dev[2].request("P2P_FLUSH")
-    if not dev[2].discover_peer(addr1, timeout=10):
-        if not dev[2].discover_peer(addr1, timeout=10):
-            if not dev[2].discover_peer(addr1, timeout=10):
-                raise Exception("Could not discover group client")
-
-    peer = dev[2].get_peer(addr1)
-    if int(peer['dev_capab'], 16) & 0x02 != 0x02:
-        raise Exception("Discoverability dev_capab reported: " + peer['dev_capab'])
-    dev[2].p2p_stop_find()
-
-def test_p2p_set_managed(dev):
-    """P2P_SET managed"""
-    addr0 = dev[0].p2p_dev_addr()
-
-    if "OK" not in dev[0].request("P2P_SET managed 1"):
-        raise Exception("P2P_SET managed 1 failed")
-
-    dev[0].p2p_listen()
-    if not dev[1].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    peer = dev[1].get_peer(addr0)
-    if int(peer['dev_capab'], 16) & 0x08 != 0x08:
-        raise Exception("Managed dev_capab not reported: " + peer['dev_capab'])
-    dev[1].p2p_stop_find()
-
-    if "OK" not in dev[0].request("P2P_SET managed 0"):
-        raise Exception("P2P_SET managed 0 failed")
-
-    if not dev[2].discover_peer(addr0):
-        raise Exception("Could not discover peer")
-    peer = dev[2].get_peer(addr0)
-    if int(peer['dev_capab'], 16) & 0x08 != 0:
-        raise Exception("Managed dev_capab reported: " + peer['dev_capab'])
-    dev[2].p2p_stop_find()
-    dev[0].p2p_stop_find()
-
-@remote_compatible
-def test_p2p_set_ssid_postfix(dev):
-    """P2P_SET ssid_postfix"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    postfix = "12345678901234567890123"
-
-    try:
-        if "OK" not in dev[0].request("P2P_SET ssid_postfix " + postfix):
-            raise Exception("P2P_SET ssid_postfix failed")
-        dev[0].p2p_start_go(freq="2412")
-        pin = dev[1].wps_read_pin()
-        dev[0].p2p_go_authorize_client(pin)
-        dev[1].p2p_connect_group(addr0, pin, timeout=20, social=True, freq="2412")
-        if postfix not in dev[1].get_group_status_field("ssid"):
-            raise Exception("SSID postfix missing from status")
-        if postfix not in dev[1].group_request("SCAN_RESULTS"):
-            raise Exception("SSID postfix missing from scan results")
-    finally:
-        dev[0].request("P2P_SET ssid_postfix ")
diff --git a/tests/hwsim/test_p2p_wifi_display.py b/tests/hwsim/test_p2p_wifi_display.py
deleted file mode 100644
index 29110bca7c69..000000000000
--- a/tests/hwsim/test_p2p_wifi_display.py
+++ /dev/null
@@ -1,475 +0,0 @@
-# Wi-Fi Display test cases
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-from p2p_utils import *
-
-def test_wifi_display(dev):
-    """Wi-Fi Display extensions to P2P"""
-    wfd_devinfo = "00411c440028"
-    dev[0].request("SET wifi_display 1")
-    dev[0].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo)
-    if wfd_devinfo not in dev[0].request("WFD_SUBELEM_GET 0"):
-        raise Exception("Could not fetch back configured subelement")
-
-    # Associated BSSID
-    dev[0].request("WFD_SUBELEM_SET 1 0006020304050607")
-    # Coupled Sink
-    dev[0].request("WFD_SUBELEM_SET 6 000700000000000000")
-    # Session Info
-    dev[0].request("WFD_SUBELEM_SET 9 0000")
-    # WFD Extended Capability
-    dev[0].request("WFD_SUBELEM_SET 7 00020000")
-    # WFD Content Protection
-    prot = "0001" + "00"
-    dev[0].request("WFD_SUBELEM_SET 5 " + prot)
-    # WFD Video Formats
-    video = "0015" + "010203040506070809101112131415161718192021"
-    dev[0].request("WFD_SUBELEM_SET 3 " + video)
-    # WFD 3D Video Formats
-    video_3d = "0011" + "0102030405060708091011121314151617"
-    dev[0].request("WFD_SUBELEM_SET 4 " + video_3d)
-    # WFD Audio Formats
-    audio = "000f" + "010203040506070809101112131415"
-    dev[0].request("WFD_SUBELEM_SET 2 " + audio)
-
-    elems = dev[0].request("WFD_SUBELEM_GET all")
-    if wfd_devinfo not in elems:
-        raise Exception("Could not fetch back configured subelements")
-
-    wfd_devinfo2 = "00001c440028"
-    dev[1].request("SET wifi_display 1")
-    dev[1].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo2)
-    if wfd_devinfo2 not in dev[1].request("WFD_SUBELEM_GET 0"):
-        raise Exception("Could not fetch back configured subelement")
-
-    dev[0].p2p_listen()
-    if "FAIL" in dev[1].global_request("P2P_SERV_DISC_REQ " + dev[0].p2p_dev_addr() + " wifi-display [source][pri-sink] 2,3,4,5"):
-        raise Exception("Setting SD request failed")
-    dev[1].p2p_find(social=True)
-    ev = dev[0].wait_global_event(["P2P-SERV-DISC-REQ"], timeout=10)
-    if ev is None:
-        raise Exception("Device discovery request not reported")
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Device discovery timed out")
-    if "wfd_dev_info=0x" + wfd_devinfo not in ev:
-        raise Exception("Wi-Fi Display Info not in P2P-DEVICE-FOUND event")
-    if "new=1" not in ev:
-        raise Exception("new=1 flag missing from P2P-DEVICE-FOUND event")
-    ev = dev[1].wait_global_event(["P2P-SERV-DISC-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("Service discovery timed out")
-    if prot not in ev:
-        raise Exception("WFD Content Protection missing from WSD response")
-    if video not in ev:
-        raise Exception("WFD Video Formats missing from WSD response")
-    if video_3d not in ev:
-        raise Exception("WFD 3D Video Formats missing from WSD response")
-    if audio not in ev:
-        raise Exception("WFD Audio Formats missing from WSD response")
-
-    dev[1].dump_monitor()
-    dev[0].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo2)
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Peer info update timed out")
-    if "new=0" not in ev:
-        raise Exception("new=0 flag missing from P2P-DEVICE-FOUND event")
-    if "wfd_dev_info=0x" + wfd_devinfo2 not in ev:
-        raise Exception("Wi-Fi Display Info not in P2P-DEVICE-FOUND event")
-    dev[1].dump_monitor()
-    dev[0].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo)
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-    if ev is None:
-        raise Exception("Peer info update timed out")
-    if "new=0" not in ev:
-        raise Exception("new=0 flag missing from P2P-DEVICE-FOUND event")
-    if "wfd_dev_info=0x" + wfd_devinfo not in ev:
-        raise Exception("Wi-Fi Display Info not in P2P-DEVICE-FOUND event")
-
-    pin = dev[0].wps_read_pin()
-    dev[0].p2p_go_neg_auth(dev[1].p2p_dev_addr(), pin, 'display')
-    res1 = dev[1].p2p_go_neg_init(dev[0].p2p_dev_addr(), pin, 'enter',
-                                  timeout=20, go_intent=15, freq=2437)
-    res2 = dev[0].p2p_go_neg_auth_result()
-
-    bss = dev[0].get_bss("p2p_dev_addr=" + dev[1].p2p_dev_addr())
-    if bss['bssid'] != dev[1].p2p_interface_addr():
-        raise Exception("Unexpected BSSID in the BSS entry for the GO")
-    if wfd_devinfo2 not in bss['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in GO's BSS entry")
-    peer = dev[0].get_peer(dev[1].p2p_dev_addr())
-    if wfd_devinfo2 not in peer['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in GO's peer entry")
-    peer = dev[1].get_peer(dev[0].p2p_dev_addr())
-    if wfd_devinfo not in peer['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in client's peer entry")
-
-    wfd_devinfo3 = "00001c440028"
-    dev[2].request("SET wifi_display 1")
-    dev[2].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo3)
-    dev[2].p2p_find(social=True)
-    ev = dev[2].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Device discovery timed out")
-    if dev[1].p2p_dev_addr() not in ev:
-        ev = dev[2].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-        if ev is None:
-            raise Exception("Device discovery timed out")
-        if dev[1].p2p_dev_addr() not in ev:
-            raise Exception("Could not discover GO")
-    if "wfd_dev_info=0x" + wfd_devinfo2 not in ev:
-        raise Exception("Wi-Fi Display Info not in P2P-DEVICE-FOUND event")
-    bss = dev[2].get_bss("p2p_dev_addr=" + dev[1].p2p_dev_addr())
-    if bss['bssid'] != dev[1].p2p_interface_addr():
-        raise Exception("Unexpected BSSID in the BSS entry for the GO")
-    if wfd_devinfo2 not in bss['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in GO's BSS entry")
-    peer = dev[2].get_peer(dev[1].p2p_dev_addr())
-    if wfd_devinfo2 not in peer['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in GO's peer entry")
-    dev[2].p2p_stop_find()
-
-    if dev[0].request("WFD_SUBELEM_GET 2") != audio:
-        raise Exception("Unexpected WFD_SUBELEM_GET 2 value")
-    if dev[0].request("WFD_SUBELEM_GET 3") != video:
-        raise Exception("Unexpected WFD_SUBELEM_GET 3 value")
-    if dev[0].request("WFD_SUBELEM_GET 4") != video_3d:
-        raise Exception("Unexpected WFD_SUBELEM_GET 42 value")
-    if dev[0].request("WFD_SUBELEM_GET 5") != prot:
-        raise Exception("Unexpected WFD_SUBELEM_GET 5 value")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET "):
-        raise Exception("Unexpected WFD_SUBELEM_SET success")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET 6"):
-        raise Exception("Unexpected WFD_SUBELEM_SET success")
-    if "OK" not in dev[0].request("WFD_SUBELEM_SET 6 "):
-        raise Exception("Unexpected WFD_SUBELEM_SET failure")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET 6 0"):
-        raise Exception("Unexpected WFD_SUBELEM_SET success")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET 6 0q"):
-        raise Exception("Unexpected WFD_SUBELEM_SET success")
-    if dev[0].request("WFD_SUBELEM_GET 6") != "":
-        raise Exception("Unexpected WFD_SUBELEM_GET 6 response")
-    if dev[0].request("WFD_SUBELEM_GET 8") != "":
-        raise Exception("Unexpected WFD_SUBELEM_GET 8 response")
-
-    if dev[0].global_request("WFD_SUBELEM_GET 2") != audio:
-        raise Exception("Unexpected WFD_SUBELEM_GET 2 value from global interface")
-    if "OK" not in dev[0].global_request("WFD_SUBELEM_SET 1 0006020304050608"):
-        raise Exception("WFD_SUBELEM_SET failed on global interface")
-    if dev[0].request("WFD_SUBELEM_GET 1") != "0006020304050608":
-        raise Exception("Unexpected WFD_SUBELEM_GET 1 value (per-interface)")
-
-    elems = dev[0].request("WFD_SUBELEM_GET all")
-    if "OK" not in dev[0].request("WFD_SUBELEM_SET all " + elems):
-        raise Exception("WFD_SUBELEM_SET all failed")
-    if dev[0].request("WFD_SUBELEM_GET all") != elems:
-        raise Exception("Mismatch in WFS_SUBELEM_SET/GET all")
-    test = "00000600411c440028"
-    if "OK" not in dev[0].request("WFD_SUBELEM_SET all " + test):
-        raise Exception("WFD_SUBELEM_SET all failed")
-    if dev[0].request("WFD_SUBELEM_GET all") != test:
-        raise Exception("Mismatch in WFS_SUBELEM_SET/GET all")
-
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET all qwerty"):
-        raise Exception("Invalid WFD_SUBELEM_SET all succeeded")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET all 11"):
-        raise Exception("Invalid WFD_SUBELEM_SET all succeeded")
-    dev[0].request("WFD_SUBELEM_SET all 112233445566")
-    dev[0].request("WFD_SUBELEM_SET all ff0000fe0000fd00")
-
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET 300 112233"):
-        raise Exception("Invalid WFD_SUBELEM_SET 300 succeeded")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_SET -1 112233"):
-        raise Exception("Invalid WFD_SUBELEM_SET -1 succeeded")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_GET 300"):
-        raise Exception("Invalid WFD_SUBELEM_GET 300 succeeded")
-    if "FAIL" not in dev[0].request("WFD_SUBELEM_GET -1"):
-        raise Exception("Invalid WFD_SUBELEM_GET -1 succeeded")
-
-    dev[0].request("SET wifi_display 0")
-    dev[1].request("SET wifi_display 0")
-    dev[2].request("SET wifi_display 0")
-
-def test_wifi_display_r2(dev):
-    """Wi-Fi Display extensions to P2P with R2 subelems"""
-    wfd_devinfo = "00411c440028"
-    dev[0].request("SET wifi_display 1")
-    dev[0].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo)
-
-    # Associated BSSID
-    dev[0].request("WFD_SUBELEM_SET 1 0006020304050607")
-    # Coupled Sink
-    dev[0].request("WFD_SUBELEM_SET 6 000700000000000000")
-    # Session Info
-    dev[0].request("WFD_SUBELEM_SET 9 0000")
-    # WFD Extended Capability
-    dev[0].request("WFD_SUBELEM_SET 7 00020000")
-    # WFD Content Protection
-    prot = "0001" + "00"
-    dev[0].request("WFD_SUBELEM_SET 5 " + prot)
-    # WFD Video Formats
-    video = "0015" + "010203040506070809101112131415161718192021"
-    dev[0].request("WFD_SUBELEM_SET 3 " + video)
-    # WFD 3D Video Formats
-    video_3d = "0011" + "0102030405060708091011121314151617"
-    dev[0].request("WFD_SUBELEM_SET 4 " + video_3d)
-    # WFD Audio Formats
-    audio = "000f" + "010203040506070809101112131415"
-    dev[0].request("WFD_SUBELEM_SET 2 " + audio)
-    # MAC Info
-    mac_info = "0006" + "112233445566"
-    dev[0].request("WFD_SUBELEM_SET 10 " + mac_info)
-    # R2 Device Info
-    r2_dev_info = "0006" + "aabbccddeeff"
-    dev[0].request("WFD_SUBELEM_SET 11 " + r2_dev_info)
-
-    elems = dev[0].request("WFD_SUBELEM_GET all")
-    if wfd_devinfo not in elems:
-        raise Exception("Could not fetch back configured subelements")
-
-    wfd_devinfo2 = "00001c440028"
-    dev[1].request("SET wifi_display 1")
-    dev[1].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo2)
-    if wfd_devinfo2 not in dev[1].request("WFD_SUBELEM_GET 0"):
-        raise Exception("Could not fetch back configured subelement")
-
-    dev[0].p2p_listen()
-    dev[1].p2p_find(social=True)
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=5)
-    if ev is None:
-        raise Exception("Device discovery timed out")
-    if "wfd_dev_info=0x" + wfd_devinfo not in ev:
-        raise Exception("Wi-Fi Display Info not in P2P-DEVICE-FOUND event")
-    if "new=1" not in ev:
-        raise Exception("new=1 flag missing from P2P-DEVICE-FOUND event")
-
-    pin = dev[0].wps_read_pin()
-    dev[0].p2p_go_neg_auth(dev[1].p2p_dev_addr(), pin, 'display')
-    res1 = dev[1].p2p_go_neg_init(dev[0].p2p_dev_addr(), pin, 'enter',
-                                  timeout=20, go_intent=15, freq=2437)
-    res2 = dev[0].p2p_go_neg_auth_result()
-
-    bss = dev[0].get_bss("p2p_dev_addr=" + dev[1].p2p_dev_addr())
-    if bss['bssid'] != dev[1].p2p_interface_addr():
-        raise Exception("Unexpected BSSID in the BSS entry for the GO")
-    if wfd_devinfo2 not in bss['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in GO's BSS entry")
-    peer = dev[0].get_peer(dev[1].p2p_dev_addr())
-    if wfd_devinfo2 not in peer['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in GO's peer entry")
-    peer = dev[1].get_peer(dev[0].p2p_dev_addr())
-    if wfd_devinfo not in peer['wfd_subelems']:
-        raise Exception("Could not see wfd_subelems in client's peer entry")
-    if r2_dev_info not in peer['wfd_subelems']:
-        raise Exception("Could not see r2_dev_info in client's peer entry")
-
-    elems = dev[0].request("WFD_SUBELEM_GET all")
-    if "OK" not in dev[0].request("WFD_SUBELEM_SET all " + elems):
-        raise Exception("WFD_SUBELEM_SET all failed")
-    if dev[0].request("WFD_SUBELEM_GET all") != elems:
-        raise Exception("Mismatch in WFS_SUBELEM_SET/GET all")
-    test = "00000600411c440028"
-    if "OK" not in dev[0].request("WFD_SUBELEM_SET all " + test):
-        raise Exception("WFD_SUBELEM_SET all failed")
-    if dev[0].request("WFD_SUBELEM_GET all") != test:
-        raise Exception("Mismatch in WFS_SUBELEM_SET/GET all")
-
-    dev[0].request("SET wifi_display 0")
-    dev[1].request("SET wifi_display 0")
-    dev[2].request("SET wifi_display 0")
-
-def enable_wifi_display(dev):
-    dev.request("SET wifi_display 1")
-    dev.request("WFD_SUBELEM_SET 0 000600411c440028")
-
-def test_wifi_display_go_invite(dev):
-    """P2P GO with Wi-Fi Display inviting a client to join"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    try:
-        enable_wifi_display(dev[0])
-        enable_wifi_display(dev[1])
-        enable_wifi_display(dev[2])
-
-        dev[1].p2p_listen()
-        if not dev[0].discover_peer(addr1, social=True):
-            raise Exception("Peer " + addr1 + " not found")
-        dev[0].p2p_listen()
-        if not dev[1].discover_peer(addr0, social=True):
-            raise Exception("Peer " + addr0 + " not found")
-        dev[1].p2p_listen()
-
-        logger.info("Authorize invitation")
-        pin = dev[1].wps_read_pin()
-        dev[1].global_request("P2P_CONNECT " + addr0 + " " + pin + " join auth")
-
-        dev[0].p2p_start_go(freq=2412)
-
-        # Add test client to the group
-        connect_cli(dev[0], dev[2], social=True, freq=2412)
-
-        logger.info("Invite peer to join the group")
-        dev[0].p2p_go_authorize_client(pin)
-        dev[0].global_request("P2P_INVITE group=" + dev[0].group_ifname + " peer=" + addr1)
-        ev = dev[1].wait_global_event(["P2P-INVITATION-RECEIVED",
-                                       "P2P-GROUP-STARTED"], timeout=20)
-        if ev is None:
-            raise Exception("Timeout on invitation on peer")
-        if "P2P-INVITATION-RECEIVED" in ev:
-            raise Exception("Unexpected request to accept pre-authorized invitation")
-
-        dev[0].remove_group()
-        dev[1].wait_go_ending_session()
-        dev[2].wait_go_ending_session()
-
-    finally:
-        dev[0].request("SET wifi_display 0")
-        dev[1].request("SET wifi_display 0")
-        dev[2].request("SET wifi_display 0")
-
-def test_wifi_display_persistent_group(dev):
-    """P2P persistent group formation and re-invocation with Wi-Fi Display enabled"""
-    try:
-        enable_wifi_display(dev[0])
-        enable_wifi_display(dev[1])
-        enable_wifi_display(dev[2])
-
-        form(dev[0], dev[1])
-        peer = dev[1].get_peer(dev[0].p2p_dev_addr())
-        listen_freq = peer['listen_freq']
-        invite_from_cli(dev[0], dev[1])
-        invite_from_go(dev[0], dev[1])
-
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        networks = dev[0].list_networks(p2p=True)
-        if len(networks) != 1:
-            raise Exception("Unexpected number of networks")
-        if "[P2P-PERSISTENT]" not in networks[0]['flags']:
-            raise Exception("Not the persistent group data")
-        if "OK" not in dev[0].global_request("P2P_GROUP_ADD persistent=" + networks[0]['id'] + " freq=" + listen_freq):
-            raise Exception("Could not start GO")
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=2)
-        if ev is None:
-            raise Exception("GO start up timed out")
-        dev[0].group_form_result(ev)
-
-        connect_cli(dev[0], dev[2], social=True, freq=listen_freq)
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-        invite(dev[1], dev[0])
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=30)
-        if ev is None:
-            raise Exception("Timeout on group re-invocation (on client)")
-        dev[1].group_form_result(ev)
-
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected P2P-GROUP-START on GO")
-        hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
-
-    finally:
-        dev[0].request("SET wifi_display 0")
-        dev[1].request("SET wifi_display 0")
-        dev[2].request("SET wifi_display 0")
-
-@remote_compatible
-def test_wifi_display_invalid_subelem(dev):
-    """Wi-Fi Display and invalid subelement parsing"""
-    addr1 = dev[1].p2p_dev_addr()
-
-    try:
-        enable_wifi_display(dev[0])
-        enable_wifi_display(dev[1])
-        dev[1].request("WFD_SUBELEM_SET 0 ffff00411c440028")
-
-        dev[1].p2p_listen()
-        dev[0].p2p_find(social=True)
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("Device discovery timed out")
-        if "wfd_dev_info=" in ev:
-            raise Exception("Invalid WFD subelement was shown")
-
-    finally:
-        dev[0].request("SET wifi_display 0")
-        dev[1].request("SET wifi_display 0")
-
-def test_wifi_display_parsing(dev):
-    """Wi-Fi Display extensions to P2P and special parsing cases"""
-    try:
-        _test_wifi_display_parsing(dev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 11 *")
-        dev[0].request("SET wifi_display 0")
-
-def _test_wifi_display_parsing(dev):
-    wfd_devinfo = "00411c440028"
-    dev[0].request("SET wifi_display 1")
-    dev[0].request("WFD_SUBELEM_SET 0 0006" + wfd_devinfo)
-    dev[0].p2p_start_go(freq=2412)
-
-    # P2P Client with invalid WFD IE
-    if "OK" not in dev[1].request("VENDOR_ELEM_ADD 11 dd10506f9a0a000000010000060000ffffff"):
-        raise Exception("VENDOR_ELEM_ADD failed")
-
-    pin = dev[1].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[1].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60,
-                             social=True, freq=2412)
-    bssid = dev[0].get_group_status_field('bssid')
-    dev[2].scan_for_bss(bssid, freq=2412, force_scan=True)
-    bss = dev[2].get_bss(bssid)
-    if bss['wfd_subelems'] != "000006" + wfd_devinfo:
-        raise Exception("Unexpected WFD elements in scan results: " + bss['wfd_subelems'])
-
-    # P2P Client without WFD IE
-    pin = dev[2].wps_read_pin()
-    dev[0].p2p_go_authorize_client(pin)
-    dev[2].p2p_connect_group(dev[0].p2p_dev_addr(), pin, timeout=60,
-                             social=True, freq=2412)
-    dev[2].remove_group()
-
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-def test_wifi_display_disable(dev):
-    """Peer disabling Wi-Fi Display advertisement"""
-    try:
-        enable_wifi_display(dev[1])
-        dev[1].p2p_listen()
-        dev[0].p2p_find(social=True)
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=15)
-        if ev is None:
-            raise Exception("Peer not found")
-        if "wfd_dev_info" not in ev:
-            raise Exception("Missing wfd_dev_info")
-
-        dev[1].request("SET wifi_display 0")
-
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("Peer update not indicated")
-        if "new=0" not in ev:
-            raise Exception("Incorrect update event: " + ev)
-        if "wfd_dev_info" in ev:
-            raise Exception("Unexpected wfd_dev_info")
-
-        ev = dev[0].wait_global_event(["P2P-DEVICE-FOUND"], timeout=0.75)
-        if ev is not None:
-            raise Exception("Unexpected peer found event: " + ev)
-        dev[0].p2p_stop_find()
-        dev[1].p2p_stop_find()
-
-    finally:
-        dev[1].request("SET wifi_display 0")
diff --git a/tests/hwsim/test_p2ps.py b/tests/hwsim/test_p2ps.py
deleted file mode 100644
index b85fcd766a46..000000000000
--- a/tests/hwsim/test_p2ps.py
+++ /dev/null
@@ -1,1689 +0,0 @@
-# P2P services
-# Copyright (c) 2014-2015, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import time
-import random
-import re
-
-import hwsim_utils
-from wpasupplicant import WpaSupplicant
-import hostapd
-from p2p_utils import *
-from utils import HwsimSkip
-from hwsim import HWSimRadio
-
-# Dev[0] -> Advertiser
-# Dev[1] -> Seeker
-# ev0 -> Event generated at advertiser side
-# ev1 -> Event generated at Seeker side
-
-def p2ps_advertise(r_dev, r_role, svc_name, srv_info, rsp_info=None, cpt=None):
-    """P2PS Advertise function"""
-    adv_id = random.randrange(1, 0xFFFFFFFF)
-    advid = hex(adv_id)[2:]
-
-    cpt_param = (" cpt=" + cpt) if cpt is not None else ""
-
-    if rsp_info is not None and srv_info is not None:
-        if "OK" not in r_dev.global_request("P2P_SERVICE_ADD asp " + str(r_role) + " " + str(advid) + " 1 1108 " + svc_name + cpt_param + " svc_info='" + srv_info + "'" + " rsp_info=" + rsp_info + "'"):
-            raise Exception("P2P_SERVICE_ADD with response info and service info failed")
-
-    if rsp_info is None and srv_info is not None:
-        if "OK" not in r_dev.global_request("P2P_SERVICE_ADD asp " + str(r_role) + " " + str(advid) + " 1 1108 " + svc_name + cpt_param + " svc_info='" + srv_info + "'"):
-            raise Exception("P2P_SERVICE_ADD with service info failed")
-
-    if rsp_info is None and srv_info is None:
-        if "OK" not in r_dev.global_request("P2P_SERVICE_ADD asp " + str(r_role) + " " + str(advid) + " 1 1108 " + svc_name + cpt_param):
-            raise Exception("P2P_SERVICE_ADD without service info and without response info failed")
-
-    if rsp_info is not None and srv_info is None:
-        if "OK" not in r_dev.global_request("P2P_SERVICE_ADD asp " + str(r_role) + " " + str(adv_id) + " 1 1108 " + svc_name + cpt_param + " svc_info='" + " rsp_info=" + rsp_info + "'"):
-            raise Exception("P2P_SERVICE_ADD with response info failed")
-
-    r_dev.p2p_listen()
-    return advid
-
-def p2ps_exact_seek(i_dev, r_dev, svc_name, srv_info=None,
-                    single_peer_expected=True):
-    """P2PS exact service seek request"""
-    if srv_info is not None:
-        ev1 = i_dev.global_request("P2P_SERV_DISC_REQ 00:00:00:00:00:00 asp 1 " + svc_name + " '" + srv_info + "'")
-        if ev1 is None:
-            raise Exception("Failed to add Service Discovery request for exact seek request")
-
-    if "OK" not in i_dev.global_request("P2P_FIND 10 type=social seek=" + svc_name):
-        raise Exception("Failed to initiate seek operation")
-
-    timeout = time.time() + 10
-    ev1 = i_dev.wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    while ev1 is not None and not single_peer_expected:
-        if r_dev.p2p_dev_addr() in ev1 and "adv_id=" in ev1:
-            break
-        ev1 = i_dev.wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-
-        if timeout < time.time():
-            raise Exception("Device not found")
-
-    if ev1 is None:
-        raise Exception("P2P-DEVICE-FOUND timeout on seeker side")
-    if r_dev.p2p_dev_addr() not in ev1:
-        raise Exception("Unexpected peer")
-
-    if srv_info is None:
-        adv_id = ev1.split("adv_id=")[1].split(" ")[0]
-        rcvd_svc_name = ev1.split("asp_svc=")[1].split(" ")[0]
-        if rcvd_svc_name != svc_name:
-            raise Exception("service name not matching")
-    else:
-        ev1 = i_dev.wait_global_event(["P2P-SERV-ASP-RESP"], timeout=10)
-        if ev1 is None:
-            raise Exception("Failed to receive Service Discovery Response")
-        if r_dev.p2p_dev_addr() not in ev1:
-            raise Exception("Service Discovery response from Unknown Peer")
-        if srv_info is not None and srv_info not in ev1:
-            raise Exception("service info not available in Service Discovery response")
-        adv_id = ev1.split(" ")[3]
-        rcvd_svc_name = ev1.split(" ")[6]
-        if rcvd_svc_name != svc_name:
-            raise Exception("service name not matching")
-
-    i_dev.p2p_stop_find()
-    return [adv_id, rcvd_svc_name]
-
-def p2ps_nonexact_seek(i_dev, r_dev, svc_name, srv_info=None, adv_num=None):
-    """P2PS nonexact service seek request"""
-    if adv_num is None:
-       adv_num = 1
-    if srv_info is not None:
-        ev1 = i_dev.global_request("P2P_SERV_DISC_REQ 00:00:00:00:00:00 asp 1 " + svc_name + " '" + srv_info + "'")
-    else:
-        ev1 = i_dev.global_request("P2P_SERV_DISC_REQ 00:00:00:00:00:00 asp 1 " + svc_name + " '")
-    if ev1 is None:
-        raise Exception("Failed to add Service Discovery request for nonexact seek request")
-    if "OK" not in i_dev.global_request("P2P_FIND 10 type=social seek="):
-        raise Exception("Failed to initiate seek")
-    ev1 = i_dev.wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev1 is None:
-        raise Exception("P2P-DEVICE-FOUND timeout on seeker side")
-    if r_dev.p2p_dev_addr() not in ev1:
-        raise Exception("Unexpected peer")
-    ev_list = []
-    for i in range(0, adv_num):
-        ev1 = i_dev.wait_global_event(["P2P-SERV-ASP-RESP"], timeout=10)
-        if ev1 is None:
-            raise Exception("Failed to receive Service Discovery Response")
-        if r_dev.p2p_dev_addr() not in ev1:
-            raise Exception("Service Discovery response from Unknown Peer")
-        if srv_info is not None and srv_info not in ev1:
-            raise Exception("service info not available in Service Discovery response")
-        adv_id = ev1.split(" ")[3]
-        rcvd_svc_name = ev1.split(" ")[6]
-        ev_list.append(''.join([adv_id, ' ', rcvd_svc_name]))
-
-    i_dev.p2p_stop_find()
-    return ev_list
-
-def p2ps_parse_event(ev, *args):
-    ret = ()
-    for arg in args:
-        m = re.search("\s+" + arg + r"=(\S+)", ev)
-        ret += (m.group(1) if m is not None else None,)
-    return ret
-
-def p2ps_provision(seeker, advertiser, adv_id, auto_accept=True, method="1000",
-                   adv_cpt=None, seeker_cpt=None, handler=None, adv_role=None,
-                   seeker_role=None):
-    addr0 = seeker.p2p_dev_addr()
-    addr1 = advertiser.p2p_dev_addr()
-
-    seeker.asp_provision(addr1, adv_id=str(adv_id), adv_mac=addr1, session_id=1,
-                         session_mac=addr0, method=method, cpt=seeker_cpt,
-                         role=seeker_role)
-
-    if not auto_accept or method == "100":
-        pin = None
-        ev_pd_start = advertiser.wait_global_event(["P2PS-PROV-START"],
-                                                   timeout=10)
-        if ev_pd_start is None:
-            raise Exception("P2PS-PROV-START timeout on Advertiser side")
-        peer = ev_pd_start.split()[1]
-        advert_id, advert_mac, session, session_mac =\
-            p2ps_parse_event(ev_pd_start, "adv_id", "adv_mac", "session", "mac")
-
-        ev = seeker.wait_global_event(["P2P-PROV-DISC-FAILURE"], timeout=10)
-        if ev is None:
-            raise Exception("P2P-PROV-DISC-FAILURE timeout on seeker side")
-
-        if handler:
-            handler(seeker, advertiser)
-
-        # Put seeker into a listen state, since we expect the deferred flow to
-        # continue.
-        seeker.p2p_ext_listen(500, 500)
-
-        if method == "100":
-            ev = advertiser.wait_global_event(["P2P-PROV-DISC-ENTER-PIN"],
-                                              timeout=10)
-            if ev is None:
-                raise Exception("P2P-PROV-DISC-ENTER-PIN timeout on advertiser side")
-            if addr0 not in ev:
-                raise Exception("Unknown peer " + addr0)
-            ev = seeker.wait_global_event(["P2P-PROV-DISC-SHOW-PIN"],
-                                          timeout=10)
-            if ev is None:
-                raise Exception("P2P-PROV-DISC-SHOW-PIN timeout on seeker side")
-            if addr1 not in ev:
-                raise Exception("Unknown peer " + addr1)
-            pin = ev.split()[2]
-        elif method == "8":
-            ev = advertiser.wait_global_event(["P2P-PROV-DISC-SHOW-PIN"],
-                                              timeout=10)
-            if ev is None:
-                raise Exception("P2P-PROV-DISC-SHOW-PIN timeout on advertiser side")
-            if addr0 not in ev:
-                raise Exception("Unknown peer " + addr0)
-            pin = ev.split()[2]
-
-        # Stop P2P_LISTEN before issuing P2P_ASP_PROVISION_RESP to avoid
-        # excessive delay and test case timeouts if it takes large number of
-        # retries to find the peer awake on its Listen channel.
-        advertiser.p2p_stop_find()
-
-        advertiser.asp_provision(peer, adv_id=advert_id, adv_mac=advert_mac,
-                                 session_id=int(session, 0),
-                                 session_mac=session_mac, status=12,
-                                 cpt=adv_cpt, role=adv_role)
-
-        ev1 = seeker.wait_global_event(["P2PS-PROV-DONE"], timeout=10)
-        if ev1 is None:
-            raise Exception("P2PS-PROV-DONE timeout on seeker side")
-
-        ev2 = advertiser.wait_global_event(["P2PS-PROV-DONE"], timeout=10)
-        if ev2 is None:
-            raise Exception("P2PS-PROV-DONE timeout on advertiser side")
-
-        if method == "8":
-            ev = seeker.wait_global_event(["P2P-PROV-DISC-ENTER-PIN"],
-                                          timeout=10)
-            if ev is None:
-                raise Exception("P2P-PROV-DISC-ENTER-PIN failed on seeker side")
-            if addr1 not in ev:
-                raise Exception("Unknown peer " + addr1)
-
-        seeker.p2p_cancel_ext_listen()
-        if pin is not None:
-            return ev1, ev2, pin
-        return ev1, ev2
-
-    # Auto-accept is true and the method is either P2PS or advertiser is DISPLAY
-    ev1 = seeker.wait_global_event(["P2PS-PROV-DONE"], timeout=10)
-    if ev1 is None:
-        raise Exception("P2PS-PROV-DONE timeout on seeker side")
-
-    ev2 = advertiser.wait_global_event(["P2PS-PROV-DONE"], timeout=10)
-    if ev2 is None:
-        raise Exception("P2PS-PROV-DONE timeout on advertiser side")
-
-    if method == "8":
-        ev = seeker.wait_global_event(["P2P-PROV-DISC-ENTER-PIN"], timeout=10)
-        if ev is None:
-            raise Exception("P2P-PROV-DISC-ENTER-PIN timeout on seeker side")
-        if addr1 not in ev:
-            raise Exception("Unknown peer " + addr1)
-        ev = advertiser.wait_global_event(["P2P-PROV-DISC-SHOW-PIN"],
-                                          timeout=10)
-        if ev is None:
-            raise Exception("P2P-PROV-DISC-SHOW-PIN timeout on advertiser side")
-        if addr0 not in ev:
-            raise Exception("Unknown peer " + addr0)
-        pin = ev.split()[2]
-        return ev1, ev2, pin
-
-    return ev1, ev2
-
-def p2ps_connect_pd(dev0, dev1, ev0, ev1, pin=None, join_extra="", go_ev=None):
-    conf_methods_map = {"8": "p2ps", "1": "display", "5": "keypad"}
-    peer0 = ev0.split()[1]
-    peer1 = ev1.split()[1]
-    status0, conncap0, adv_id0, adv_mac0, mac0, session0, dev_passwd_id0, go0, join0, feature_cap0, persist0, group_ssid0 =\
-        p2ps_parse_event(ev0, "status", "conncap", "adv_id", "adv_mac", "mac", "session", "dev_passwd_id", "go", "join", "feature_cap", "persist", "group_ssid")
-    status1, conncap1, adv_id1, adv_mac1, mac1, session1, dev_passwd_id1, go1, join1, feature_cap1, persist1, group_ssid1 =\
-        p2ps_parse_event(ev1, "status", "conncap", "adv_id", "adv_mac", "mac", "session", "dev_passwd_id", "go", "join", "feature_cap", "persist", "group_ssid")
-
-    if status0 != "0" and status0 != "12":
-        raise Exception("PD failed on " + dev0.p2p_dev_addr())
-
-    if status1 != "0" and status1 != "12":
-        raise Exception("PD failed on " + dev1.p2p_dev_addr())
-
-    if status0 == "12" and status1 == "12":
-        raise Exception("Both sides have status 12 which doesn't make sense")
-
-    if adv_id0 != adv_id1 or adv_id0 is None:
-        raise Exception("Adv. IDs don't match")
-
-    if adv_mac0 != adv_mac1 or adv_mac0 is None:
-        raise Exception("Adv. MACs don't match")
-
-    if session0 != session1 or session0 is None:
-        raise Exception("Session IDs don't match")
-
-    if mac0 != mac1 or mac0 is None:
-        raise Exception("Session MACs don't match")
-
-    #TODO: Validate feature capability
-
-    if bool(persist0) != bool(persist1):
-        raise Exception("Only one peer has persistent group")
-
-    if persist0 is None and not all([conncap0, conncap1, dev_passwd_id0,
-                                     dev_passwd_id1]):
-        raise Exception("Persistent group not used but conncap/dev_passwd_id are missing")
-
-    if persist0 is not None and any([conncap0, conncap1, dev_passwd_id0,
-                                     dev_passwd_id1]):
-        raise Exception("Persistent group is used but conncap/dev_passwd_id are present")
-
-    # Persistent Connection (todo: handle frequency)
-    if persist0 is not None:
-        dev0.p2p_stop_find()
-        if "OK" not in dev0.global_request("P2P_GROUP_ADD persistent=" + persist0 + " freq=2412"):
-            raise Exception("Could not re-start persistent group")
-        ev0 = dev0.wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev0 is None:
-            raise Exception("P2P-GROUP-STARTED timeout on " + dev0.p2p_dev_addr())
-        dev0.group_form_result(ev0)
-
-        if "OK" not in dev1.global_request("P2P_GROUP_ADD persistent=" + persist1 + " freq=2412"):
-            raise Exception("Could not re-start persistent group")
-        ev1 = dev1.wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev1 is None:
-            raise Exception("P2P-GROUP-STARTED timeout on " + dev1.p2p_dev_addr())
-        dev1.group_form_result(ev1)
-        if "GO" in ev0:
-            ev = dev0.wait_global_event(["AP-STA-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("AP-STA-CONNECTED timeout on " + dev0.p2p_dev_addr())
-        else:
-            ev = dev1.wait_global_event(["AP-STA-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("AP-STA-CONNECTED timeout on " + dev1.p2p_dev_addr())
-    else:
-        try:
-            method0 = conf_methods_map[dev_passwd_id0]
-            method1 = conf_methods_map[dev_passwd_id1]
-        except KeyError:
-            raise Exception("Unsupported method")
-
-        if method0 == "p2ps":
-            pin = "12345670"
-        if pin is None:
-            raise Exception("Pin is not provided")
-
-        if conncap0 == "1" and conncap1 == "1": # NEW/NEW - GON
-            if any([join0, join1, go0, go1]):
-                raise Exception("Unexpected join/go PD attributes")
-            dev0.p2p_listen()
-            if "OK" not in dev0.global_request("P2P_CONNECT " + peer0 + " " + pin + " " + method0 + " persistent auth"):
-                raise Exception("P2P_CONNECT fails on " + dev0.p2p_dev_addr())
-            if "OK" not in dev1.global_request("P2P_CONNECT " + peer1 + " " + pin + " " + method1 + " persistent"):
-                raise Exception("P2P_CONNECT fails on " + dev1.p2p_dev_addr())
-            ev = dev0.wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=10)
-            if ev is None:
-                raise Exception("GO Neg did not succeed on " + dev0.p2p_dev_addr())
-            ev = dev1.wait_global_event(["P2P-GO-NEG-SUCCESS"], timeout=10)
-            if ev is None:
-                raise Exception("GO Neg did not succeed on " + dev1.p2p_dev_addr())
-            ev = dev0.wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-            if ev is None:
-                raise Exception("P2P-GROUP-STARTED timeout on " + dev0.p2p_dev_addr())
-            dev0.group_form_result(ev)
-            ev = dev1.wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-            if ev is None:
-                raise Exception("P2P-GROUP-STARTED timeout on " + dev1.p2p_dev_addr())
-            dev1.group_form_result(ev)
-        else:
-            if conncap0 == "2" and conncap1 == "4":  # dev0 CLI, dev1 GO
-                dev_cli, dev_go, go_if, join_address, go_method, cli_method, join_ssid = dev0, dev1, go1, join0, method1, method0, group_ssid0
-            elif conncap0 == "4" and conncap1 == "2":  # dev0 GO, dev1 CLI
-                dev_cli, dev_go, go_if, join_address, go_method, cli_method, join_ssid = dev1, dev0, go0, join1, method0, method1, group_ssid1
-            else:
-                raise Exception("Bad connection capabilities")
-
-            if go_if is None:
-                raise Exception("Device " + dev_go.p2p_dev_addr() + " failed to become GO")
-            if join_address is None:
-                raise Exception("Device " + dev_cli.p2p_dev_addr() + " failed to become CLI")
-
-            if not dev_go.get_group_ifname().startswith('p2p-'):
-                if go_ev:
-                    ev = go_ev
-                else:
-                    ev = dev_go.wait_global_event(["P2P-GROUP-STARTED"],
-                                                  timeout=10)
-                if ev is None:
-                    raise Exception("P2P-GROUP-STARTED timeout on " + dev_go.p2p_dev_addr())
-                dev_go.group_form_result(ev)
-
-            if go_method != "p2ps":
-                ev = dev_go.group_request("WPS_PIN any " + pin)
-                if ev is None:
-                    raise Exception("Failed to initiate pin authorization on registrar side")
-            if join_ssid:
-                group_ssid_txt = " ssid=" + join_ssid
-            else:
-                group_ssid_txt = ""
-            if "OK" not in dev_cli.global_request("P2P_CONNECT " + join_address + " " + pin + " " + cli_method + join_extra + " persistent join" + group_ssid_txt):
-                raise Exception("P2P_CONNECT failed on " + dev_cli.p2p_dev_addr())
-            ev = dev_cli.wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-            if ev is None:
-                raise Exception("P2P-GROUP-STARTED timeout on " + dev_cli.p2p_dev_addr())
-            dev_cli.group_form_result(ev)
-            ev = dev_go.wait_global_event(["AP-STA-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("AP-STA-CONNECTED timeout on " + dev_go.p2p_dev_addr())
-
-    hwsim_utils.test_connectivity_p2p(dev0, dev1)
-
-def set_no_group_iface(dev, enable):
-    if enable:
-        res = dev.get_driver_status()
-        if (int(res['capa.flags'], 0) & 0x20000000):
-            raise HwsimSkip("P2P Device used. Cannot set enable no_group_iface")
-        dev.global_request("SET p2p_no_group_iface 1")
-    else:
-        dev.global_request("SET p2p_no_group_iface 0")
-
-@remote_compatible
-def test_p2ps_exact_search(dev):
-    """P2PS exact service request"""
-    p2ps_advertise(r_dev=dev[0], r_role='1', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx')
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-@remote_compatible
-def test_p2ps_exact_search_srvinfo(dev):
-    """P2PS exact service request with service info"""
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-@remote_compatible
-def test_p2ps_nonexact_search(dev):
-    """P2PS nonexact seek request"""
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.play.rx',
-                   srv_info='I support Miracast Mode ')
-    ev_list = p2ps_nonexact_seek(i_dev=dev[1], r_dev=dev[0],
-                                 svc_name='org.wi-fi.wfds.play*')
-    adv_id = ev_list[0].split()[0]
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-@remote_compatible
-def test_p2ps_nonexact_search_srvinfo(dev):
-    """P2PS nonexact seek request with service info"""
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    ev_list = p2ps_nonexact_seek(i_dev=dev[1], r_dev=dev[0],
-                                 svc_name='org.wi-fi.wfds.send*',
-                                 srv_info='2 GB')
-    adv_id = ev_list[0].split()[0]
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-@remote_compatible
-def test_p2ps_connect_p2ps_method_nonautoaccept(dev):
-    """P2PS connect for non-auto-accept and P2PS config method"""
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    ev_list = p2ps_nonexact_seek(i_dev=dev[1], r_dev=dev[0],
-                                 svc_name='org.wi-fi.wfds.send*',
-                                 srv_info='2 GB')
-    adv_id = ev_list[0].split()[0]
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False)
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_p2ps_method_autoaccept(dev):
-    """P2PS connection with P2PS default config method and auto-accept"""
-    p2ps_advertise(r_dev=dev[0], r_role='1', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_keypad_method_nonautoaccept(dev):
-    """P2PS Connection with non-auto-accept and seeker having keypad method"""
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    ev_list = p2ps_nonexact_seek(i_dev=dev[1], r_dev=dev[0],
-                                 svc_name='org.wi-fi.wfds.send*',
-                                 srv_info='2 GB')
-    adv_id = ev_list[0].split()[0]
-
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False, method="8")
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, pin)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_display_method_nonautoaccept(dev):
-    """P2PS connection with non-auto-accept and seeker having display method"""
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    ev_list = p2ps_nonexact_seek(i_dev=dev[1], r_dev=dev[0],
-                                 svc_name='org.wi-fi.wfds*', srv_info='2 GB')
-    adv_id = ev_list[0].split()[0]
-
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False, method="100")
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, pin)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_keypad_method_autoaccept(dev):
-    """P2PS connection with auto-accept and keypad method on seeker side"""
-    p2ps_advertise(r_dev=dev[0], r_role='1', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id, method="8")
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, pin)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_display_method_autoaccept(dev):
-    """P2PS connection with auto-accept and display method on seeker side"""
-    p2ps_advertise(r_dev=dev[0], r_role='1', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id, method="100")
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, pin)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_adv_go_p2ps_method(dev):
-    """P2PS auto-accept connection with advertisement as GO and P2PS method"""
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_adv_go_p2ps_method_group_iface(dev):
-    """P2PS auto-accept connection with advertisement as GO and P2PS method using separate group interface"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_adv_client_p2ps_method(dev):
-    """P2PS auto-accept connection with advertisement as Client and P2PS method"""
-    p2ps_advertise(r_dev=dev[0], r_role='2', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-def p2ps_connect_adv_go_pin_method(dev, keep_group=False):
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id, method="8")
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, pin)
-
-    if not keep_group:
-        ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-        if ev0 is None:
-            raise Exception("Unable to remove the advertisement instance")
-        remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_connect_adv_go_pin_method(dev):
-    """P2PS advertiser as GO with keypad config method on seeker side and auto-accept"""
-    p2ps_connect_adv_go_pin_method(dev)
-
-@remote_compatible
-def test_p2ps_connect_adv_client_pin_method(dev):
-    """P2PS advertiser as client with keypad config method on seeker side and auto-accept"""
-    dev[0].flush_scan_cache()
-    p2ps_advertise(r_dev=dev[0], r_role='2', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id, method="8")
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, pin)
-
-    ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev0 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    remove_group(dev[0], dev[1])
-
-def test_p2ps_service_discovery_multiple_queries(dev):
-    """P2P service discovery with multiple queries"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-    adv_id1 = p2ps_advertise(r_dev=dev[0], r_role='0',
-                             svc_name='org.wi-fi.wfds.send.tx',
-                             srv_info='I can transfer files upto size of 2 GB')
-    adv_id2 = p2ps_advertise(r_dev=dev[0], r_role='0',
-                             svc_name='org.wi-fi.wfds.send.rx',
-                             srv_info='I can receive files upto size of 2 GB')
-    adv_id3 = p2ps_advertise(r_dev=dev[0], r_role='1',
-                             svc_name='org.wi-fi.wfds.display.tx',
-                             srv_info='Miracast Mode')
-    adv_id4 = p2ps_advertise(r_dev=dev[0], r_role='1',
-                             svc_name='org.wi-fi.wfds.display.rx',
-                             srv_info='Miracast Mode')
-
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " asp 1 org.wi-fi.wfds.display.tx 'Miracast Mode'")
-    dev[1].global_request("P2P_FIND 10 type=social seek=org.wi-fi.wfds.display.tx")
-    dev[1].global_request("P2P_SERV_DISC_REQ " + addr0 + " asp 2 org.wi-fi.wfds.send* 'size of 2 GB'")
-    dev[1].p2p_stop_find()
-    dev[1].global_request("P2P_FIND 10 type=social seek=")
-    ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("P2P Device Found timed out")
-    if addr0 not in ev:
-        raise Exception("Unexpected service discovery request source")
-    ev_list = []
-    for i in range(0, 3):
-        ev = dev[1].wait_global_event(["P2P-SERV-ASP-RESP"], timeout=10)
-        if ev is None:
-            raise Exception("P2P Service discovery timed out")
-        if addr0 in ev:
-            ev_list.append(ev)
-            if len(ev_list) == 3:
-                break
-    dev[1].p2p_stop_find()
-
-    for test in [("seek=org.wi-fi.wfds.display.TX",
-                  "asp_svc=org.wi-fi.wfds.display.tx"),
-                 ("seek=foo seek=org.wi-fi.wfds.display.tx seek=bar",
-                  "asp_svc=org.wi-fi.wfds.display.tx"),
-                 ("seek=1 seek=2 seek=3 seek=org.wi-fi.wfds.display.tx seek=4 seek=5 seek=6",
-                  "asp_svc=org.wi-fi.wfds.display.tx"),
-                 ("seek=not-found", None),
-                 ("seek=org.wi-fi.wfds", "asp_svc=org.wi-fi.wfds")]:
-        dev[2].global_request("P2P_FIND 10 type=social " + test[0])
-        if test[1] is None:
-            ev = dev[2].wait_global_event(["P2P-DEVICE-FOUND"], timeout=1)
-            if ev is not None:
-                raise Exception("Unexpected device found: " + ev)
-            continue
-        ev = dev[2].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("P2P device discovery timed out (dev2)")
-            if test[1] not in ev:
-                raise Exception("Expected asp_svc not reported: " + ev)
-        dev[2].p2p_stop_find()
-        dev[2].request("P2P_FLUSH")
-
-    dev[0].p2p_stop_find()
-
-    ev1 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id1))
-    if ev1 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    ev2 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id2))
-    if ev2 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    ev3 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id3))
-    if ev3 is None:
-        raise Exception("Unable to remove the advertisement instance")
-    ev4 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id4))
-    if ev4 is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-    if "OK" not in dev[0].global_request("P2P_SERVICE_ADD asp 1 12345678 1 1108 org.wi-fi.wfds.foobar svc_info='Test'"):
-        raise Exception("P2P_SERVICE_ADD failed")
-    if "OK" not in dev[0].global_request("P2P_SERVICE_DEL asp all"):
-        raise Exception("P2P_SERVICE_DEL asp all failed")
-    if "OK" not in dev[0].global_request("P2P_SERVICE_ADD asp 1 12345678 1 1108 org.wi-fi.wfds.foobar svc_info='Test'"):
-        raise Exception("P2P_SERVICE_ADD failed")
-    if "OK" not in dev[0].global_request("P2P_SERVICE_REP asp 1 12345678 1 1108 org.wi-fi.wfds.foobar svc_info='Test'"):
-        raise Exception("P2P_SERVICE_REP failed")
-    if "FAIL" not in dev[0].global_request("P2P_SERVICE_REP asp 1 12345678 1 1108 org.wi-fi.wfds.Foo svc_info='Test'"):
-        raise Exception("Invalid P2P_SERVICE_REP accepted")
-    if "OK" not in dev[0].global_request("P2P_SERVICE_ADD asp 1 a2345678 1 1108 org.wi-fi.wfds.something svc_info='Test'"):
-        raise Exception("P2P_SERVICE_ADD failed")
-    if "OK" not in dev[0].global_request("P2P_SERVICE_ADD asp 1 a2345679 1 1108 org.wi-fi.wfds.Foo svc_info='Test'"):
-        raise Exception("P2P_SERVICE_ADD failed")
-
-def get_ifnames():
-    with open('/proc/net/dev', 'r') as f:
-        data = f.read()
-    ifnames = []
-    for line in data.splitlines():
-        ifname = line.strip().split(' ')[0]
-        if ':' not in ifname:
-            continue
-        ifname = ifname.split(':')[0]
-        ifnames.append(ifname)
-    return ifnames
-
-def p2ps_connect_p2ps_method(dev, keep_group=False, join_extra="", flush=True):
-    if flush:
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-    p2ps_advertise(r_dev=dev[0], r_role='2', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    go_ev = None
-    if "join=" in ev0 and "go=" in ev1:
-        # dev[1] started GO and dev[0] is about to join it.
-        # Parse P2P-GROUP-STARTED from the GO to learn the operating frequency.
-        go_ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if go_ev is None:
-            raise Exception("P2P-GROUP-STARTED timeout on dev1")
-        res = dev[1].group_form_result(go_ev)
-        if join_extra == "":
-            join_extra = " freq=" + res['freq']
-
-    ifnames = get_ifnames()
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1, join_extra=join_extra,
-                    go_ev=go_ev)
-
-    grp_ifname0 = dev[0].get_group_ifname()
-    grp_ifname1 = dev[1].get_group_ifname()
-    if not keep_group:
-        ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-        if ev0 is None:
-            raise Exception("Unable to remove the advertisement instance")
-        ifnames = ifnames + get_ifnames()
-        remove_group(dev[0], dev[1])
-        ifnames = ifnames + get_ifnames()
-
-    return grp_ifname0, grp_ifname1, ifnames
-
-def has_string_prefix(vals, prefix):
-    for val in vals:
-        if val.startswith(prefix):
-            return True
-    return False
-
-def test_p2ps_connect_p2ps_method_1(dev):
-    """P2PS connection with P2PS method - no group interface"""
-    set_no_group_iface(dev[0], 1)
-    set_no_group_iface(dev[1], 1)
-
-    (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(dev)
-    if grp_ifname0 != dev[0].ifname:
-        raise Exception("unexpected dev0 group ifname: " + grp_ifname0)
-    if grp_ifname1 != dev[1].ifname:
-        raise Exception("unexpected dev1 group ifname: " + grp_ifname1)
-    if has_string_prefix(ifnames, 'p2p-' + grp_ifname0):
-        raise Exception("dev0 group interface unexpectedly present")
-    if has_string_prefix(ifnames, 'p2p-' + grp_ifname1):
-        raise Exception("dev1 group interface unexpectedly present")
-
-def test_p2ps_connect_p2ps_method_2(dev):
-    """P2PS connection with P2PS method - group interface on dev0"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 1)
-
-    (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(dev)
-    if not grp_ifname0.startswith('p2p-' + dev[0].ifname + '-'):
-        raise Exception("unexpected dev0 group ifname: " + grp_ifname0)
-    if grp_ifname1 != dev[1].ifname:
-        raise Exception("unexpected dev1 group ifname: " + grp_ifname1)
-    if has_string_prefix(ifnames, 'p2p-' + grp_ifname0):
-        raise Exception("dev0 group interface unexpectedly present")
-
-def test_p2ps_connect_p2ps_method_3(dev):
-    """P2PS connection with P2PS method - group interface on dev1"""
-    set_no_group_iface(dev[0], 1)
-    set_no_group_iface(dev[1], 0)
-
-    (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(dev)
-    if grp_ifname0 != dev[0].ifname:
-        raise Exception("unexpected dev0 group ifname: " + grp_ifname0)
-    if not grp_ifname1.startswith('p2p-' + dev[1].ifname + '-'):
-        raise Exception("unexpected dev1 group ifname: " + grp_ifname1)
-    if has_string_prefix(ifnames, 'p2p-' + grp_ifname0):
-        raise Exception("dev0 group interface unexpectedly present")
-
-def test_p2ps_connect_p2ps_method_4(dev):
-    """P2PS connection with P2PS method - group interface on both"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(dev)
-    if not grp_ifname0.startswith('p2p-' + dev[0].ifname + '-'):
-        raise Exception("unexpected dev0 group ifname: " + grp_ifname0)
-    if not grp_ifname1.startswith('p2p-' + dev[1].ifname + '-'):
-        raise Exception("unexpected dev1 group ifname: " + grp_ifname1)
-
-def test_p2ps_connect_adv_go_persistent(dev):
-    """P2PS auto-accept connection with advertisement as GO and having persistent group"""
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                     r_dev=dev[1], r_intent=0)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    if "persist=" not in ev0 or "persist=" not in ev1:
-        raise Exception("Persistent group isn't used by peers")
-
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-    remove_group(dev[0], dev[1])
-
-def test_p2ps_stale_group_removal(dev):
-    """P2PS stale group removal"""
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                     r_dev=dev[1], r_intent=0)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-    # Drop the first persistent group on dev[1] and form new persistent groups
-    # on both devices.
-    dev[1].p2pdev_request("FLUSH")
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                     r_dev=dev[1], r_intent=0)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-    # The GO now has a stale persistent group as the first entry. Try to go
-    # through P2PS sequence to hit stale group removal.
-    if len(dev[0].list_networks(p2p=True)) != 2:
-        raise Exception("Unexpected number of networks on dev[0]")
-    if len(dev[1].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[1]")
-
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    if "persist=" not in ev0 or "persist=" not in ev1:
-        raise Exception("Persistent group isn't used by peers")
-
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-    remove_group(dev[0], dev[1])
-
-    if len(dev[0].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[0] (2)")
-    if len(dev[1].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[1] (2)")
-
-def test_p2ps_stale_group_removal2(dev):
-    """P2PS stale group removal (2)"""
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=0,
-                                     r_dev=dev[1], r_intent=15)
-    dev[1].remove_group()
-    dev[0].wait_go_ending_session()
-
-    # Drop the first persistent group on dev[1] and form new persistent groups
-    # on both devices.
-    dev[1].p2pdev_request("FLUSH")
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=0,
-                                     r_dev=dev[1], r_intent=15)
-    dev[1].remove_group()
-    dev[0].wait_go_ending_session()
-
-    # The P2P Client now has a stale persistent group as the first entry. Try
-    # to go through P2PS sequence to hit stale group removal.
-    if len(dev[0].list_networks(p2p=True)) != 2:
-        raise Exception("Unexpected number of networks on dev[0]")
-    if len(dev[1].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[1]")
-
-    p2ps_advertise(r_dev=dev[1], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[0], r_dev=dev[1],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    ev0, ev1 = p2ps_provision(dev[0], dev[1], adv_id)
-    # This hits persistent group removal on dev[0] (P2P Client)
-
-def test_p2ps_stale_group_removal3(dev):
-    """P2PS stale group removal (3)"""
-    dev[0].p2p_start_go(persistent=True)
-    dev[0].remove_group()
-    if len(dev[0].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[0]")
-
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                     r_dev=dev[1], r_intent=0)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-    # The GO now has a stale persistent group as the first entry. Try to go
-    # through P2PS sequence to hit stale group removal.
-    if len(dev[0].list_networks(p2p=True)) != 2:
-        raise Exception("Unexpected number of networks on dev[0] (2)")
-    if len(dev[1].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[1] (2)")
-
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    if "persist=" not in ev0 or "persist=" not in ev1:
-        raise Exception("Persistent group isn't used by peers")
-
-    p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-    remove_group(dev[0], dev[1])
-
-    if len(dev[0].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[0] (3)")
-    if len(dev[1].list_networks(p2p=True)) != 1:
-        raise Exception("Unexpected number of networks on dev[1] (3)")
-
-@remote_compatible
-def test_p2ps_adv_go_persistent_no_peer_entry(dev):
-    """P2PS advertisement as GO having persistent group (no peer entry)"""
-    go_neg_pin_authorized_persistent(i_dev=dev[0], i_intent=15,
-                                     r_dev=dev[1], r_intent=0)
-    dev[0].remove_group()
-    dev[1].wait_go_ending_session()
-
-    p2ps_advertise(r_dev=dev[0], r_role='4', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    dev[0].global_request("P2P_FLUSH")
-    dev[0].p2p_listen()
-    ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-    if "persist=" not in ev0 or "persist=" not in ev1:
-        raise Exception("Persistent group isn't used by peers")
-
-@remote_compatible
-def test_p2ps_pd_follow_on_status_failure(dev):
-    """P2PS PD follow on request with status 11"""
-    addr0 = dev[0].p2p_dev_addr()
-    addr1 = dev[1].p2p_dev_addr()
-
-    p2ps_advertise(r_dev=dev[0], r_role='0', svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB')
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    dev[1].asp_provision(addr0, adv_id=str(adv_id), adv_mac=addr0,
-                         session_id=1, session_mac=addr1)
-    ev_pd_start = dev[0].wait_global_event(["P2PS-PROV-START"], timeout=10)
-    if ev_pd_start is None:
-        raise Exception("P2PS-PROV-START timeout on Advertiser side")
-    ev = dev[1].wait_global_event(["P2P-PROV-DISC-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("P2P-PROV-DISC-FAILURE timeout on seeker side")
-    dev[1].p2p_ext_listen(500, 500)
-    dev[0].p2p_stop_find()
-    dev[0].asp_provision(addr1, adv_id=str(adv_id), adv_mac=addr0, session_id=1,
-                         session_mac=addr1, status=11, method=0)
-
-    ev = dev[1].wait_global_event(["P2PS-PROV-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("P2P-PROV-DONE timeout on seeker side")
-    if adv_id not in ev:
-        raise Exception("P2P-PROV-DONE without adv_id on seeker side")
-    if "status=11" not in ev:
-        raise Exception("P2P-PROV-DONE without status on seeker side")
-
-    ev = dev[0].wait_global_event(["P2PS-PROV-DONE"], timeout=10)
-    if ev is None:
-        raise Exception("P2P-PROV-DONE timeout on advertiser side")
-    if adv_id not in ev:
-        raise Exception("P2P-PROV-DONE without adv_id on advertiser side")
-    if "status=11" not in ev:
-        raise Exception("P2P-PROV-DONE without status on advertiser side")
-
-def test_p2ps_client_probe(dev):
-    """P2PS CLI discoverability on operating channel"""
-    cli_probe = dev[0].global_request("SET p2p_cli_probe 1")
-    p2ps_connect_p2ps_method(dev, keep_group=True)
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[2], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              single_peer_expected=False)
-    dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    remove_group(dev[0], dev[1])
-
-def test_p2ps_go_probe(dev):
-    """P2PS GO discoverability on operating channel"""
-    p2ps_connect_adv_go_pin_method(dev, keep_group=True)
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[2], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              single_peer_expected=False)
-    dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_wildcard_p2ps(dev):
-    """P2PS wildcard SD Probe Request/Response"""
-    p2ps_wildcard = "org.wi-fi.wfds"
-
-    adv_id = p2ps_advertise(r_dev=dev[0], r_role='1',
-                            svc_name='org.foo.service',
-                            srv_info='I can do stuff')
-    adv_id2 = p2ps_advertise(r_dev=dev[0], r_role='1',
-                             svc_name='org.wi-fi.wfds.send.rx',
-                             srv_info='I can receive files upto size 2 GB')
-
-    if "OK" not in dev[1].global_request("P2P_FIND 10 type=social seek=org.foo.service seek=" + p2ps_wildcard):
-        raise Exception("Failed on P2P_FIND command")
-
-    ev1 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev1 is None:
-        raise Exception("P2P-DEVICE-FOUND timeout on seeker side")
-    if dev[0].p2p_dev_addr() not in ev1:
-        raise Exception("Unexpected peer")
-
-    ev2 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev2 is None:
-        raise Exception("P2P-DEVICE-FOUND timeout on seeker side (2)")
-    if dev[0].p2p_dev_addr() not in ev2:
-        raise Exception("Unexpected peer (2)")
-
-    if p2ps_wildcard not in ev1 + ev2:
-        raise Exception("P2PS Wildcard name not found in P2P-DEVICE-FOUND event")
-    if "org.foo.service" not in ev1 + ev2:
-        raise Exception("Vendor specific service name not found in P2P-DEVICE-FOUND event")
-
-    if "OK" not in dev[1].global_request("P2P_STOP_FIND"):
-        raise Exception("P2P_STOP_FIND failed")
-    dev[1].dump_monitor()
-
-    res = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if res is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-    if "OK" not in dev[1].global_request("P2P_FIND 10 type=social seek=" + p2ps_wildcard):
-        raise Exception("Failed on P2P_FIND command")
-
-    ev1 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-    if ev1 is None:
-        raise Exception("P2P-DEVICE-FOUND timeout on seeker side")
-    if dev[0].p2p_dev_addr() not in ev1:
-        raise Exception("Unexpected peer")
-    if p2ps_wildcard not in ev1:
-        raise Exception("P2PS Wildcard name not found in P2P-DEVICE-FOUND event (2)")
-    dev[1].dump_monitor()
-
-    res = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id2))
-    if res is None:
-        raise Exception("Unable to remove the advertisement instance 2")
-
-    dev[1].p2p_stop_find()
-    time.sleep(0.1)
-    if "OK" not in dev[1].global_request("P2P_FIND 10 type=social seek=" + p2ps_wildcard):
-        raise Exception("Failed on P2P_FIND command")
-
-    ev1 = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=2)
-    if ev1 is not None:
-        raise Exception("Unexpected P2P-DEVICE-FOUND event on seeker side")
-    dev[1].p2p_stop_find()
-    dev[1].dump_monitor()
-
-def test_p2ps_many_services_in_probe(dev):
-    """P2PS with large number of services in Probe Request/Response"""
-    long1 = 'org.example.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789.a'
-    long2 = 'org.example.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789.b'
-    long3 = 'org.example.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789.c'
-    long4 = 'org.example.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789.d'
-    long5 = 'org.example.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789.e'
-    for name in [long1, long2, long3, long4, long5]:
-        p2ps_advertise(r_dev=dev[0], r_role='1',
-                       svc_name=name,
-                       srv_info='I can do stuff')
-
-    if "OK" not in dev[1].global_request("P2P_FIND 10 type=social seek=%s seek=%s seek=%s seek=%s seek=%s" % (long1, long2, long3, long4, long5)):
-        raise Exception("Failed on P2P_FIND command")
-
-    events = ""
-    # Note: Require only four events since all the services do not fit within
-    # the length limit.
-    for i in range(4):
-        ev = dev[1].wait_global_event(["P2P-DEVICE-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("Missing P2P-DEVICE-FOUND")
-        events = events + ev
-    dev[1].p2p_stop_find()
-    dev[1].dump_monitor()
-    for name in [long2, long3, long4, long5]:
-        if name not in events:
-            raise Exception("Service missing from peer events")
-
-def p2ps_test_feature_capability_cpt(dev, adv_cpt, seeker_cpt, adv_role,
-                                     result):
-    p2ps_advertise(r_dev=dev[0], r_role=adv_role,
-                   svc_name='org.wi-fi.wfds.send.rx',
-                   srv_info='I can receive files upto size 2 GB', cpt=adv_cpt)
-    [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                              svc_name='org.wi-fi.wfds.send.rx',
-                                              srv_info='2 GB')
-    auto_accept = adv_role != "0"
-    ev1, ev0, pin = p2ps_provision(dev[1], dev[0], adv_id,
-                                   auto_accept=auto_accept, adv_cpt=adv_cpt,
-                                   seeker_cpt=seeker_cpt, method="8")
-
-    status0, fcap0 = p2ps_parse_event(ev0, "status", "feature_cap")
-    status1, fcap1 = p2ps_parse_event(ev0, "status", "feature_cap")
-
-    if fcap0 is None:
-        raise Exception("Bad feature capability on Seeker side")
-    if fcap1 is None:
-        raise Exception("Bad feature capability on Advertiser side")
-    if fcap0 != fcap1:
-        raise Exception("Incompatible feature capability values")
-
-    if status0 not in ("0", "12") or status1 not in ("0", "12"):
-        raise Exception("Unexpected PD result status")
-
-    if result == "UDP" and fcap0[1] != "1":
-        raise Exception("Unexpected CPT feature capability value (expected: UDP)")
-    elif result == "MAC" and fcap0[1] != "2":
-        raise Exception("Unexpected CPT feature capability value (expected: MAC)")
-
-    ev = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-    if ev is None:
-        raise Exception("Unable to remove the advertisement instance")
-
-@remote_compatible
-def test_p2ps_feature_capability_mac_autoaccept(dev):
-    """P2PS PD Feature Capability CPT: advertiser MAC, seeker UDP:MAC, autoaccept"""
-    p2ps_test_feature_capability_cpt(dev, adv_cpt="MAC", seeker_cpt="UDP:MAC",
-                                     adv_role="4", result="MAC")
-
-@remote_compatible
-def test_p2ps_feature_capability_mac_nonautoaccept(dev):
-    """P2PS PD Feature Capability CPT: advertiser:MAC, seeker UDP:MAC, nonautoaccept"""
-    p2ps_test_feature_capability_cpt(dev, adv_cpt="MAC", seeker_cpt="UDP:MAC",
-                                     adv_role="0", result="MAC")
-
-@remote_compatible
-def test_p2ps_feature_capability_mac_udp_autoaccept(dev):
-    """P2PS PD Feature Capability CPT: advertiser MAC:UDP, seeker UDP:MAC, autoaccept"""
-    p2ps_test_feature_capability_cpt(dev, adv_cpt="MAC:UDP",
-                                     seeker_cpt="UDP:MAC", adv_role="2",
-                                     result="MAC")
-
-@remote_compatible
-def test_p2ps_feature_capability_mac_udp_nonautoaccept(dev):
-    """P2PS PD Feature Capability CPT: advertiser MAC:UDP, seeker UDP:MAC, nonautoaccept"""
-    p2ps_test_feature_capability_cpt(dev, adv_cpt="MAC:UDP",
-                                     seeker_cpt="UDP:MAC", adv_role="0",
-                                     result="UDP")
-
-@remote_compatible
-def test_p2ps_feature_capability_udp_mac_autoaccept(dev):
-    """P2PS PD Feature Capability CPT: advertiser UDP:MAC, seeker MAC:UDP, autoaccept"""
-    p2ps_test_feature_capability_cpt(dev, adv_cpt="UDP:MAC",
-                                     seeker_cpt="MAC:UDP", adv_role="2",
-                                     result="UDP")
-
-@remote_compatible
-def test_p2ps_feature_capability_udp_mac_nonautoaccept(dev):
-    """P2PS PD Feature Capability CPT: advertiser UDP:MAC, seeker MAC:UDP,  nonautoaccept"""
-    p2ps_test_feature_capability_cpt(dev, adv_cpt="UDP:MAC",
-                                     seeker_cpt="MAC:UDP", adv_role="0",
-                                     result="MAC")
-
-def test_p2ps_channel_one_connected(dev, apdev):
-    """P2PS connection with P2PS method - one of the stations connected"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        hapd = hostapd.add_ap(apdev[0],
-                              {"ssid": 'bss-2.4ghz', "channel": '7'})
-        dev[1].connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2442")
-
-        (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(dev, keep_group=True, join_extra=" freq=2442")
-        freq = dev[0].get_group_status_field('freq')
-
-        if freq != '2442':
-            raise Exception('Unexpected frequency for group 2442 != ' + freq)
-    finally:
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        remove_group(dev[0], dev[1])
-
-def set_random_listen_chan(dev):
-    chan = random.randrange(0, 3) * 5 + 1
-    dev.global_request("P2P_SET listen_channel %d" % chan)
-
-def test_p2ps_channel_both_connected_same(dev, apdev):
-    """P2PS connection with P2PS method - stations connected on same channel"""
-    set_no_group_iface(dev[2], 0)
-    set_no_group_iface(dev[1], 0)
-
-    dev[2].global_request("P2P_SET listen_channel 6")
-    dev[1].global_request("P2P_SET listen_channel 6")
-
-    dev[1].flush_scan_cache()
-    dev[2].flush_scan_cache()
-
-    try:
-        hapd = hostapd.add_ap(apdev[0],
-                              {"ssid": 'bss-2.4ghz', "channel": '6'})
-
-        dev[2].connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2437")
-        dev[1].connect("bss-2.4ghz", key_mgmt="NONE", scan_freq="2437")
-
-        tmpdev = [dev[2], dev[1]]
-        (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(tmpdev, keep_group=True, join_extra=" freq=2437", flush=False)
-        freq = dev[2].get_group_status_field('freq')
-
-        if freq != '2437':
-            raise Exception('Unexpected frequency for group 2437 != ' + freq)
-    finally:
-        dev[2].global_request("P2P_SERVICE_DEL asp all")
-        for i in range(1, 3):
-            set_random_listen_chan(dev[i])
-        remove_group(dev[2], dev[1])
-
-def disconnect_handler(seeker, advertiser):
-    advertiser.request("DISCONNECT")
-    advertiser.wait_disconnected(timeout=1)
-
-def test_p2ps_channel_both_connected_different(dev, apdev):
-    """P2PS connection with P2PS method - stations connected on different channel"""
-    if dev[0].get_mcc() > 1:
-        raise HwsimSkip('Skip due to MCC being enabled')
-
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        hapd1 = hostapd.add_ap(apdev[0],
-                               {"ssid": 'bss-channel-3', "channel": '3'})
-
-        hapd2 = hostapd.add_ap(apdev[1],
-                               {"ssid": 'bss-channel-10', "channel": '10'})
-
-        dev[0].connect("bss-channel-3", key_mgmt="NONE", scan_freq="2422")
-        dev[1].connect("bss-channel-10", key_mgmt="NONE", scan_freq="2457")
-
-        p2ps_advertise(r_dev=dev[0], r_role='2',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False,
-                                  handler=disconnect_handler)
-        p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2457':
-            raise Exception('Unexpected frequency for group 2457 != ' + freq)
-    finally:
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        remove_group(dev[0], dev[1])
-
-def test_p2ps_channel_both_connected_different_mcc(dev, apdev):
-    """P2PS connection with P2PS method - stations connected on different channels with mcc"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        set_no_group_iface(wpas, 0)
-        set_no_group_iface(dev[1], 0)
-
-        try:
-            hapd1 = hostapd.add_ap(apdev[0],
-                                   {"ssid": 'bss-channel-3', "channel": '3'})
-
-            hapd2 = hostapd.add_ap(apdev[1],
-                                   {"ssid": 'bss-channel-10', "channel": '10'})
-
-            wpas.connect("bss-channel-3", key_mgmt="NONE", scan_freq="2422")
-            dev[1].connect("bss-channel-10", key_mgmt="NONE", scan_freq="2457")
-
-            (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method([wpas, dev[1]], keep_group=True)
-            freq = wpas.get_group_status_field('freq')
-
-            if freq != '2422' and freq != '2457':
-                raise Exception('Unexpected frequency for group =' + freq)
-        finally:
-            wpas.global_request("P2P_SERVICE_DEL asp all")
-            remove_group(wpas, dev[1])
-
-def clear_disallow_handler(seeker, advertiser):
-    advertiser.global_request("P2P_SET disallow_freq ")
-
-@remote_compatible
-def test_p2ps_channel_disallow_freq(dev, apdev):
-    """P2PS connection with P2PS method - disallow freqs"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        dev[0].global_request("P2P_SET disallow_freq 2412-2457")
-        dev[1].global_request("P2P_SET disallow_freq 2417-2462")
-
-        p2ps_advertise(r_dev=dev[0], r_role='2',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False,
-                                  handler=clear_disallow_handler)
-        p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2412':
-            raise Exception('Unexpected frequency for group 2412 != ' + freq)
-    finally:
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[1].global_request("P2P_SET disallow_freq ")
-        remove_group(dev[0], dev[1])
-
-def test_p2ps_channel_sta_connected_disallow_freq(dev, apdev):
-    """P2PS connection with P2PS method - one station and disallow freqs"""
-    if dev[0].get_mcc() > 1:
-        raise HwsimSkip('Skip due to MCC being enabled')
-
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        dev[0].global_request("P2P_SET disallow_freq 2437")
-        hapd = hostapd.add_ap(apdev[0],
-                              {"ssid": 'bss-channel-6', "channel": '6'})
-
-        dev[1].connect("bss-channel-6", key_mgmt="NONE", scan_freq="2437")
-
-        p2ps_advertise(r_dev=dev[0], r_role='2',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False,
-                                  handler=clear_disallow_handler)
-        p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2437':
-            raise Exception('Unexpected frequency for group 2437 != ' + freq)
-    finally:
-        dev[0].global_request("P2P_SET disallow_freq ")
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        remove_group(dev[0], dev[1])
-
-def test_p2ps_channel_sta_connected_disallow_freq_mcc(dev, apdev):
-    """P2PS connection with P2PS method - one station and disallow freqs with mcc"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise Exception("New radio does not support MCC")
-
-        set_no_group_iface(dev[0], 0)
-        set_no_group_iface(wpas, 0)
-
-        try:
-            dev[0].global_request("P2P_SET disallow_freq 2437")
-            hapd1 = hostapd.add_ap(apdev[0],
-                                   {"ssid": 'bss-channel-6', "channel": '6'})
-
-            wpas.connect("bss-channel-6", key_mgmt="NONE", scan_freq="2437")
-
-            tmpdev = [dev[0], wpas]
-            (grp_ifname0, grp_ifname1, ifnames) = p2ps_connect_p2ps_method(tmpdev, keep_group=True)
-
-            freq = dev[0].get_group_status_field('freq')
-            if freq == '2437':
-                raise Exception('Unexpected frequency=2437')
-        finally:
-            dev[0].global_request("P2P_SET disallow_freq ")
-            dev[0].global_request("P2P_SERVICE_DEL asp all")
-            remove_group(dev[0], wpas)
-
-@remote_compatible
-def test_p2ps_active_go_adv(dev, apdev):
-    """P2PS connection with P2PS method - active GO on advertiser"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        # Add a P2P GO
-        dev[0].global_request("P2P_GROUP_ADD persistent")
-        ev = dev[0].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("P2P-GROUP-STARTED timeout on " + dev[0].p2p_dev_addr())
-
-        dev[0].group_form_result(ev)
-
-        p2ps_advertise(r_dev=dev[0], r_role='4',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  single_peer_expected=False)
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-
-        # explicitly stop find/listen as otherwise the long listen started by
-        # the advertiser would prevent the seeker to connect with the P2P GO
-        dev[0].p2p_stop_find()
-        p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-    finally:
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        remove_group(dev[0], dev[1])
-
-@remote_compatible
-def test_p2ps_active_go_seeker(dev, apdev):
-    """P2PS connection with P2PS method - active GO on seeker"""
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        # Add a P2P GO on the seeker
-        dev[1].global_request("P2P_GROUP_ADD persistent")
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("P2P-GROUP-STARTED timeout on " + dev[1].p2p_dev_addr())
-
-        res = dev[1].group_form_result(ev)
-
-        p2ps_advertise(r_dev=dev[0], r_role='2',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id)
-        p2ps_connect_pd(dev[0], dev[1], ev0, ev1,
-                        join_extra=" freq=" + res['freq'])
-    finally:
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        remove_group(dev[0], dev[1])
-
-def test_p2ps_channel_active_go_and_station_same(dev, apdev):
-    """P2PS connection, active P2P GO and station on channel"""
-    set_no_group_iface(dev[2], 0)
-    set_no_group_iface(dev[1], 0)
-
-    dev[2].global_request("P2P_SET listen_channel 11")
-    dev[1].global_request("P2P_SET listen_channel 11")
-    try:
-        hapd = hostapd.add_ap(apdev[0],
-                              {"ssid": 'bss-channel-11', "channel": '11'})
-
-        dev[2].connect("bss-channel-11", key_mgmt="NONE", scan_freq="2462")
-
-        # Add a P2P GO on the seeker
-        dev[1].global_request("P2P_GROUP_ADD freq=2462 persistent")
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("P2P-GROUP-STARTED timeout on " + dev[1].p2p_dev_addr())
-
-        dev[1].group_form_result(ev)
-
-        p2ps_advertise(r_dev=dev[2], r_role='2',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[2],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[2], adv_id)
-        p2ps_connect_pd(dev[2], dev[1], ev0, ev1, join_extra=" freq=2462")
-    finally:
-        dev[2].global_request("P2P_SERVICE_DEL asp all")
-        for i in range(1, 3):
-            set_random_listen_chan(dev[i])
-        remove_group(dev[2], dev[1])
-
-def test_p2ps_channel_active_go_and_station_different(dev, apdev):
-    """P2PS connection, active P2P GO and station on channel"""
-    if dev[0].get_mcc() > 1:
-        raise HwsimSkip('Skip due to MCC being enabled')
-
-    set_no_group_iface(dev[0], 0)
-    set_no_group_iface(dev[1], 0)
-
-    try:
-        hapd = hostapd.add_ap(apdev[0],
-                              {"ssid": 'bss-channel-2', "channel": '2'})
-
-        dev[0].connect("bss-channel-2", key_mgmt="NONE", scan_freq="2417")
-
-        # Add a P2P GO on the seeker. Force the listen channel to be the same,
-        # as extended listen will not kick as long as P2P GO is waiting for
-        # initial connection.
-        dev[1].global_request("P2P_SET listen_channel 11")
-        dev[1].global_request("P2P_GROUP_ADD freq=2462 persistent")
-        ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-        if ev is None:
-            raise Exception("P2P-GROUP-STARTED timeout on " + dev[1].p2p_dev_addr())
-
-        dev[1].group_form_result(ev)
-
-        p2ps_advertise(r_dev=dev[0], r_role='2',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[1], dev[0], adv_id, auto_accept=False,
-                                  handler=disconnect_handler, adv_role='2',
-                                  seeker_role='4')
-        p2ps_connect_pd(dev[0], dev[1], ev0, ev1)
-        freq = dev[0].get_group_status_field('freq')
-        if freq != '2462':
-            raise Exception('Unexpected frequency for group 2462!=' + freq)
-    finally:
-        dev[0].global_request("P2P_SERVICE_DEL asp all")
-        set_random_listen_chan(dev[1])
-
-@remote_compatible
-def test_p2ps_channel_active_go_and_station_different_mcc(dev, apdev):
-    """P2PS connection, active P2P GO and station on channel"""
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        set_no_group_iface(wpas, 0)
-        set_no_group_iface(dev[1], 0)
-
-        try:
-            hapd = hostapd.add_ap(apdev[0],
-                                  {"ssid": 'bss-channel-6', "channel": '6'})
-
-            wpas.global_request("P2P_SET listen_channel 1")
-            wpas.connect("bss-channel-6", key_mgmt="NONE", scan_freq="2437")
-
-            # Add a P2P GO on the seeker
-            dev[1].global_request("P2P_SET listen_channel 1")
-            dev[1].global_request("P2P_GROUP_ADD freq=2462 persistent")
-            ev = dev[1].wait_global_event(["P2P-GROUP-STARTED"], timeout=10)
-            if ev is None:
-                raise Exception("P2P-GROUP-STARTED timeout on " + dev[1].p2p_dev_addr())
-
-            dev[1].group_form_result(ev)
-
-            p2ps_advertise(r_dev=wpas, r_role='2',
-                           svc_name='org.wi-fi.wfds.send.rx',
-                           srv_info='I can receive files upto size 2 GB')
-            [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[1], r_dev=wpas,
-                                                      svc_name='org.wi-fi.wfds.send.rx',
-                                                      srv_info='2 GB')
-
-            ev1, ev0 = p2ps_provision(dev[1], wpas, adv_id)
-            p2ps_connect_pd(wpas, dev[1], ev0, ev1)
-        finally:
-            set_random_listen_chan(dev[1])
-            set_random_listen_chan(wpas)
-            wpas.request("DISCONNECT")
-            hapd.disable()
-            wpas.global_request("P2P_SERVICE_DEL asp all")
-            remove_group(wpas, dev[1], allow_failure=True)
-
-def test_p2ps_connect_p2p_device(dev):
-    """P2PS connection using cfg80211 P2P Device"""
-    run_p2ps_connect_p2p_device(dev, 0)
-
-def test_p2ps_connect_p2p_device_no_group_iface(dev):
-    """P2PS connection using cfg80211 P2P Device (no separate group interface)"""
-    run_p2ps_connect_p2p_device(dev, 1)
-
-def run_p2ps_connect_p2p_device(dev, no_group_iface):
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface %d" % no_group_iface)
-
-        p2ps_advertise(r_dev=dev[0], r_role='1',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=wpas, r_dev=dev[0],
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(wpas, dev[0], adv_id)
-        p2ps_connect_pd(dev[0], wpas, ev0, ev1)
-
-        ev0 = dev[0].global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-        if ev0 is None:
-            raise Exception("Unable to remove the advertisement instance")
-        remove_group(dev[0], wpas)
-
-def test_p2ps_connect_p2p_device2(dev):
-    """P2PS connection using cfg80211 P2P Device (reverse)"""
-    run_p2ps_connect_p2p_device2(dev, 0)
-
-def test_p2ps_connect_p2p_device2_no_group_iface(dev):
-    """P2PS connection using cfg80211 P2P Device (reverse) (no separate group interface)"""
-    run_p2ps_connect_p2p_device2(dev, 1)
-
-def run_p2ps_connect_p2p_device2(dev, no_group_iface):
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        wpas.global_request("SET p2p_no_group_iface %d" % no_group_iface)
-
-        p2ps_advertise(r_dev=wpas, r_role='1',
-                       svc_name='org.wi-fi.wfds.send.rx',
-                       srv_info='I can receive files upto size 2 GB')
-        [adv_id, rcvd_svc_name] = p2ps_exact_seek(i_dev=dev[0], r_dev=wpas,
-                                                  svc_name='org.wi-fi.wfds.send.rx',
-                                                  srv_info='2 GB')
-
-        ev1, ev0 = p2ps_provision(dev[0], wpas, adv_id)
-        p2ps_connect_pd(wpas, dev[0], ev0, ev1)
-
-        ev0 = wpas.global_request("P2P_SERVICE_DEL asp " + str(adv_id))
-        if ev0 is None:
-            raise Exception("Unable to remove the advertisement instance")
-        remove_group(wpas, dev[0])
-
-@remote_compatible
-def test_p2ps_connect_p2ps_method_no_pin(dev):
-    """P2P group formation using P2PS method without specifying PIN"""
-    dev[0].p2p_listen()
-    dev[1].p2p_go_neg_auth(dev[0].p2p_dev_addr(), None, "p2ps", go_intent=15)
-    dev[1].p2p_listen()
-    i_res = dev[0].p2p_go_neg_init(dev[1].p2p_dev_addr(), None, "p2ps",
-                                   timeout=20, go_intent=0)
-    r_res = dev[1].p2p_go_neg_auth_result()
-    logger.debug("i_res: " + str(i_res))
-    logger.debug("r_res: " + str(r_res))
-    check_grpform_results(i_res, r_res)
-    remove_group(dev[0], dev[1])
diff --git a/tests/hwsim/test_pasn.py b/tests/hwsim/test_pasn.py
deleted file mode 100644
index 6f7a806f5c46..000000000000
--- a/tests/hwsim/test_pasn.py
+++ /dev/null
@@ -1,854 +0,0 @@
-# Test cases for PASN
-# Copyright (C) 2019 Intel Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import os
-import time
-import logging
-logger = logging.getLogger()
-import socket
-import struct
-import subprocess
-import re
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from hwsim import HWSimRadio
-from test_erp import start_erp_as
-from test_ap_ft import run_roams, ft_params1, ft_params2
-
-def check_pasn_capab(dev):
-    if "PASN" not in dev.get_capability("auth_alg"):
-        raise HwsimSkip("PASN not supported")
-
-def pasn_ap_params(akmp="PASN", cipher="CCMP", group="19"):
-    params = {"ssid": "test-wpa2-pasn",
-              "wpa_passphrase": "12345678",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "WPA-PSK " + akmp,
-              "rsn_pairwise": cipher,
-              "pasn_groups" : group}
-
-    return params
-
-def start_pasn_ap(apdev, params):
-    try:
-        return hostapd.add_ap(apdev, params)
-    except Exception as e:
-        if "Failed to set hostapd parameter wpa_key_mgmt" in str(e) or \
-           "Failed to set hostapd parameter force_kdk_derivation" in str(e):
-            raise HwsimSkip("PASN not supported")
-        raise
-
-def check_pasn_ptk(dev, hapd, cipher, fail_ptk=False, clear_keys=True):
-    sta_ptksa = dev.get_ptksa(hapd.own_addr(), cipher)
-    ap_ptksa = hapd.get_ptksa(dev.own_addr(), cipher)
-
-    if not (sta_ptksa and ap_ptksa):
-        if fail_ptk:
-            return
-        raise Exception("Could not get PTKSA entry")
-
-    logger.info("sta: TK: %s KDK: %s" % (sta_ptksa['tk'], sta_ptksa['kdk']))
-    logger.info("ap : TK: %s KDK: %s" % (ap_ptksa['tk'], ap_ptksa['kdk']))
-
-    if sta_ptksa['tk'] != ap_ptksa['tk'] or sta_ptksa['kdk'] != ap_ptksa['kdk']:
-        raise Exception("TK/KDK mismatch")
-    elif fail_ptk:
-        raise Exception("TK/KDK match although key derivation should have failed")
-    elif clear_keys:
-        cmd = "PASN_DEAUTH bssid=%s" % hapd.own_addr()
-        dev.request(cmd)
-
-        # Wait a little to let the AP process the deauth
-        time.sleep(0.2)
-
-        sta_ptksa = dev.get_ptksa(hapd.own_addr(), cipher)
-        ap_ptksa = hapd.get_ptksa(dev.own_addr(), cipher)
-        if sta_ptksa or ap_ptksa:
-            raise Exception("TK/KDK not deleted as expected")
-
-def check_pasn_akmp_cipher(dev, hapd, akmp="PASN", cipher="CCMP",
-                           group="19", status=0, fail=0, nid="",
-                           fail_ptk=False):
-    dev.flush_scan_cache()
-    dev.scan(type="ONLY", freq=2412)
-
-    cmd = "PASN_START bssid=%s akmp=%s cipher=%s group=%s" % (hapd.own_addr(), akmp, cipher, group)
-
-    if nid != "":
-        cmd += " nid=%s" % nid
-
-    resp = dev.request(cmd)
-
-    if fail:
-        if "OK" in resp:
-            raise Exception("Unexpected success to start PASN authentication")
-        return
-
-    if "OK" not in resp:
-        raise Exception("Failed to start PASN authentication")
-
-    ev = dev.wait_event(["PASN-AUTH-STATUS"], 3)
-    if not ev:
-        raise Exception("PASN: PASN-AUTH-STATUS not seen")
-
-    if hapd.own_addr() + " akmp=" + akmp + ", status=" + str(status) not in ev:
-        raise Exception("PASN: unexpected status")
-
-    if status:
-        return
-
-    check_pasn_ptk(dev, hapd, cipher, fail_ptk)
-
-@remote_compatible
-def test_pasn_ccmp(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "19")
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP")
-
-@remote_compatible
-def test_pasn_gcmp(dev, apdev):
-    """PASN authentication with WPA2/GCMP AP"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "GCMP", "19")
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "GCMP")
-
-@remote_compatible
-def test_pasn_ccmp_256(dev, apdev):
-    """PASN authentication with WPA2/CCMP256 AP"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP-256", "19")
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP-256")
-
-@remote_compatible
-def test_pasn_gcmp_256(dev, apdev):
-    """PASN authentication with WPA2/GCMP-256 AP"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "GCMP-256", "19")
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "GCMP-256")
-
-@remote_compatible
-def test_pasn_group_mismatch(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP with group mismatch"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "20")
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP", status=77)
-
-@remote_compatible
-def test_pasn_channel_mismatch(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP with channel mismatch"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP")
-    params['channel'] = "6"
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP", fail=1)
-
-@remote_compatible
-def test_pasn_while_connected_same_channel(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP while connected same channel"""
-    check_pasn_capab(dev[0])
-
-    ssid = "test-wpa2-psk"
-    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_psk'] = psk
-    hapd = start_pasn_ap(apdev[0], params)
-
-    dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
-
-    params = pasn_ap_params("PASN", "CCMP")
-    hapd = start_pasn_ap(apdev[1], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP")
-
-@remote_compatible
-def test_pasn_while_connected_same_ap(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP while connected to it"""
-    check_pasn_capab(dev[0])
-
-    params = hostapd.wpa2_params(ssid="test-wpa2-psk",
-                                 passphrase="12345678")
-    hapd = start_pasn_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP", fail=1)
-
-@remote_compatible
-def test_pasn_while_connected_diff_channel(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP while connected diff channel"""
-    check_pasn_capab(dev[0])
-
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise HwsimSkip("PASN: New radio does not support MCC")
-
-        params = hostapd.wpa2_params(ssid="test-wpa2-psk",
-                                     passphrase="12345678")
-        params['channel'] = "6"
-        hapd = start_pasn_ap(apdev[0], params)
-        wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2437")
-
-        params = pasn_ap_params("PASN", "CCMP")
-        hapd2 = start_pasn_ap(apdev[1], params)
-
-        check_pasn_akmp_cipher(wpas, hapd2, "PASN", "CCMP")
-
-@remote_compatible
-def test_pasn_sae_pmksa_cache(dev, apdev):
-    """PASN authentication with SAE AP with PMKSA caching"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE PASN'
-    params['sae_pwe'] = "2"
-    hapd = start_pasn_ap(apdev[0], params)
-
-    try:
-        dev[0].set("sae_groups", "19")
-        dev[0].set("sae_pwe", "2")
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412")
-
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def check_pasn_fils_pmksa_cache(dev, apdev, params, key_mgmt):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-    check_pasn_capab(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = key_mgmt + " PASN"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    hapd = start_pasn_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].request("ERP_FLUSH")
-
-    id = dev[0].connect("fils", key_mgmt=key_mgmt,
-                        eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef",
-                        erp="1", scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    check_pasn_akmp_cipher(dev[0], hapd, key_mgmt, "CCMP")
-
-@remote_compatible
-def test_pasn_fils_sha256_pmksa_cache(dev, apdev, params):
-    """PASN authentication with FILS-SHA256 with PMKSA caching"""
-    check_pasn_fils_pmksa_cache(dev, apdev, params, "FILS-SHA256")
-
-@remote_compatible
-def test_pasn_fils_sha384_pmksa_cache(dev, apdev, params):
-    """PASN authentication with FILS-SHA384 with PMKSA caching"""
-    check_pasn_fils_pmksa_cache(dev, apdev, params, "FILS-SHA384")
-
-@remote_compatible
-def test_pasn_sae_kdk(dev, apdev):
-    """Station authentication with SAE AP with KDK derivation during connection"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    try:
-        params = hostapd.wpa2_params(ssid="test-sae",
-                                     passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE PASN'
-        params['sae_pwe'] = "2"
-        params['force_kdk_derivation'] = "1"
-        hapd = start_pasn_ap(apdev[0], params)
-
-        dev[0].set("force_kdk_derivation", "1")
-        dev[0].set("sae_pwe", "2")
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-
-        check_pasn_ptk(dev[0], hapd, "CCMP", clear_keys=False)
-    finally:
-        dev[0].set("force_kdk_derivation", "0")
-        dev[0].set("sae_pwe", "0")
-
-
-def check_pasn_fils_kdk(dev, apdev, params, key_mgmt):
-    check_fils_capa(dev[0])
-    check_erp_capa(dev[0])
-    check_pasn_capab(dev[0])
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    try:
-        bssid = apdev[0]['bssid']
-        params = hostapd.wpa2_eap_params(ssid="fils")
-        params['wpa_key_mgmt'] = key_mgmt
-        params['auth_server_port'] = "18128"
-        params['erp_domain'] = 'example.com'
-        params['fils_realm'] = 'example.com'
-        params['disable_pmksa_caching'] = '1'
-        params['force_kdk_derivation'] = "1"
-        hapd = start_pasn_ap(apdev[0], params)
-
-        dev[0].scan_for_bss(bssid, freq=2412)
-        dev[0].request("ERP_FLUSH")
-        dev[0].set("force_kdk_derivation", "1")
-
-        id = dev[0].connect("fils", key_mgmt=key_mgmt,
-                            eap="PSK", identity="psk.user@example.com",
-                            password_hex="0123456789abcdef0123456789abcdef",
-                            erp="1", scan_freq="2412")
-
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        check_pasn_ptk(dev[0], hapd, "CCMP", clear_keys=False)
-
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-
-        dev[0].dump_monitor()
-        dev[0].select_network(id, freq=2412)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                                "EVENT-ASSOC-REJECT",
-                                "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Connection using FILS/ERP timed out")
-        if "CTRL-EVENT-EAP-STARTED" in ev:
-            raise Exception("Unexpected EAP exchange")
-        if "EVENT-ASSOC-REJECT" in ev:
-            raise Exception("Association failed")
-
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-
-        check_pasn_ptk(dev[0], hapd, "CCMP", clear_keys=False)
-    finally:
-        dev[0].set("force_kdk_derivation", "0")
-
-@remote_compatible
-def test_pasn_fils_sha256_kdk(dev, apdev, params):
-    """Station authentication with FILS-SHA256 with KDK derivation during connection"""
-    check_pasn_fils_kdk(dev, apdev, params, "FILS-SHA256")
-
-@remote_compatible
-def test_pasn_fils_sha384_kdk(dev, apdev, params):
-    """Station authentication with FILS-SHA384 with KDK derivation during connection"""
-    check_pasn_fils_kdk(dev, apdev, params, "FILS-SHA384")
-
-@remote_compatible
-def test_pasn_sae(dev, apdev):
-    """PASN authentication with SAE AP with PMK derivation + PMKSA caching"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    params = hostapd.wpa2_params(ssid="test-pasn-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE PASN'
-    params['sae_pwe'] = "2"
-    hapd = start_pasn_ap(apdev[0], params)
-
-    try:
-        dev[0].set("sae_pwe", "2")
-        dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", only_add_network=True)
-
-        # first test with a valid PSK
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="0")
-
-        # And now with PMKSA caching
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP")
-
-        # And now with a wrong passphrase
-        if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-            raise Exception("PMKSA_FLUSH failed")
-
-        dev[0].set_network_quoted(0, "psk", "12345678787")
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", status=1, nid="0")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-@remote_compatible
-def test_pasn_sae_while_connected_same_channel(dev, apdev):
-    """PASN SAE authentication while connected same channel"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    params = hostapd.wpa2_params(ssid="test-pasn-wpa2-psk",
-                                 passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].set("sae_pwe", "2")
-        dev[0].connect("test-pasn-wpa2-psk", psk="12345678", scan_freq="2412")
-
-        params = hostapd.wpa2_params(ssid="test-pasn-sae",
-                                     passphrase="12345678")
-
-        params['wpa_key_mgmt'] = 'SAE PASN'
-        params['sae_pwe'] = "2"
-        hapd = start_pasn_ap(apdev[1], params)
-
-        dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", only_add_network=True)
-
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="1")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-@remote_compatible
-def test_pasn_sae_while_connected_diff_channel(dev, apdev):
-    """PASN SAE authentication while connected diff channel"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-
-        if wpas.get_mcc() < 2:
-            raise HwsimSkip("PASN: New radio does not support MCC")
-
-        params = hostapd.wpa2_params(ssid="test-pasn-wpa2-psk",
-                                     passphrase="12345678")
-        params['channel'] = "6"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        try:
-            wpas.set("sae_pwe", "2")
-            wpas.connect("test-pasn-wpa2-psk", psk="12345678", scan_freq="2437")
-
-            params = hostapd.wpa2_params(ssid="test-pasn-sae",
-                                         passphrase="12345678")
-
-            params['wpa_key_mgmt'] = 'SAE PASN'
-            params['sae_pwe'] = "2"
-            hapd = start_pasn_ap(apdev[1], params)
-
-            wpas.connect("test-pasn-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412", only_add_network=True)
-
-            check_pasn_akmp_cipher(wpas, hapd, "SAE", "CCMP", nid="1")
-        finally:
-            wpas.set("sae_pwe", "0")
-
-def pasn_fils_setup(wpas, apdev, params, key_mgmt):
-    check_fils_capa(wpas)
-    check_erp_capa(wpas)
-
-    wpas.flush_scan_cache()
-
-    start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
-
-    bssid = apdev[0]['bssid']
-    params = hostapd.wpa2_eap_params(ssid="fils")
-    params['wpa_key_mgmt'] = key_mgmt + " PASN"
-    params['auth_server_port'] = "18128"
-    params['erp_domain'] = 'example.com'
-    params['fils_realm'] = 'example.com'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    id = wpas.connect("fils", key_mgmt=key_mgmt,
-                      eap="PSK", identity="psk.user@example.com",
-                      password_hex="0123456789abcdef0123456789abcdef",
-                      erp="1", scan_freq="2412")
-
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    wpas.dump_monitor()
-
-    if "FAIL" in wpas.request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-
-    return hapd
-
-def check_pasn_fils(dev, apdev, params, key_mgmt):
-    check_pasn_capab(dev[0])
-
-    hapd = pasn_fils_setup(dev[0], apdev, params, key_mgmt);
-    check_pasn_akmp_cipher(dev[0], hapd, key_mgmt, "CCMP", nid="0")
-
-@remote_compatible
-def test_pasn_fils_sha256(dev, apdev, params):
-    """PASN FILS authentication using SHA-256"""
-    check_pasn_fils(dev, apdev, params, "FILS-SHA256")
-
-@remote_compatible
-def test_pasn_fils_sha384(dev, apdev, params):
-    """PASN FILS authentication using SHA-384"""
-    check_pasn_fils(dev, apdev, params, "FILS-SHA384")
-
-def check_pasn_fils_connected_same_channel(dev, apdev, params, key_mgmt):
-    check_pasn_capab(dev[0])
-
-    hapd = pasn_fils_setup(dev[0], apdev, params, key_mgmt);
-
-    # Connect to another AP on the same channel
-    hapd1 = hostapd.add_ap(apdev[1], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bg_scan_period="0")
-
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-
-    # And perform the PASN authentication with FILS
-    check_pasn_akmp_cipher(dev[0], hapd, key_mgmt, "CCMP", nid="0")
-
-@remote_compatible
-def test_pasn_fils_sha256_connected_same_channel(dev, apdev, params):
-    """PASN FILS authentication using SHA-256 while connected same channel"""
-    check_pasn_fils_connected_same_channel(dev, apdev, params, "FILS-SHA256")
-
-@remote_compatible
-def test_pasn_fils_sha384_connected_same_channel(dev, apdev, params):
-    """PASN FILS authentication using SHA-384 while connected same channel"""
-    check_pasn_fils_connected_same_channel(dev, apdev, params, "FILS-SHA384")
-
-def check_pasn_fils_connected_diff_channel(dev, apdev, params, key_mgmt):
-    check_pasn_capab(dev[0])
-
-    with HWSimRadio(n_channels=2) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        if wpas.get_mcc() < 2:
-           raise Exception("New radio does not support MCC")
-
-        hapd = pasn_fils_setup(wpas, apdev, params, key_mgmt);
-
-        # Connect to another AP on a different channel
-        hapd1 = hostapd.add_ap(apdev[1], {"ssid": "open", "channel" : "6"})
-        wpas.connect("open", key_mgmt="NONE", scan_freq="2437",
-                bg_scan_period="0")
-
-        hwsim_utils.test_connectivity(wpas, hapd1)
-
-        # And perform the PASN authentication with FILS
-        check_pasn_akmp_cipher(wpas, hapd, key_mgmt, "CCMP", nid="0")
-
-@remote_compatible
-def test_pasn_fils_sha256_connected_diff_channel(dev, apdev, params):
-    """PASN FILS authentication using SHA-256 while connected diff channel"""
-    check_pasn_fils_connected_diff_channel(dev, apdev, params, "FILS-SHA256")
-
-@remote_compatible
-def test_pasn_fils_sha384_connected_diff_channel(dev, apdev, params):
-    """PASN FILS authentication using SHA-384 while connected diff channel"""
-    check_pasn_fils_connected_diff_channel(dev, apdev, params, "FILS-SHA384")
-
-def test_pasn_ft_psk(dev, apdev):
-    """PASN authentication with FT-PSK"""
-    check_pasn_capab(dev[0])
-
-    ssid = "test-pasn-ft-psk"
-    passphrase = "12345678"
-
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] += " PASN"
-    hapd0 = hostapd.add_ap(apdev[0], params)
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] += " PASN"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
-
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        pasn_hapd = hapd1
-    else:
-        pasn_hapd = hapd0
-
-    check_pasn_akmp_cipher(dev[0], pasn_hapd, "FT-PSK", "CCMP")
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, only_one_way=1)
-
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        pasn_hapd = hapd1
-    else:
-        pasn_hapd = hapd0
-
-    check_pasn_akmp_cipher(dev[0], pasn_hapd, "FT-PSK", "CCMP")
-
-def test_pasn_ft_eap(dev, apdev):
-    """PASN authentication with FT-EAP"""
-    check_pasn_capab(dev[0])
-
-    ssid = "test-pasn-ft-psk"
-    passphrase = "12345678"
-    identity = "gpsk user"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-EAP PASN"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params['wpa_key_mgmt'] = "FT-EAP PASN"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
-              eap_identity=identity)
-
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        pasn_hapd = hapd1
-    else:
-        pasn_hapd = hapd0
-
-    check_pasn_akmp_cipher(dev[0], pasn_hapd, "FT-EAP", "CCMP")
-
-def test_pasn_ft_eap_sha384(dev, apdev):
-    """PASN authentication with FT-EAP-SHA-384"""
-    check_pasn_capab(dev[0])
-
-    ssid = "test-pasn-ft-psk"
-    passphrase = "12345678"
-    identity = "gpsk user"
-
-    radius = hostapd.radius_params()
-    params = ft_params1(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384 PASN"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    params = ft_params2(ssid=ssid, passphrase=passphrase)
-    params["ieee80211w"] = "2"
-    params['wpa_key_mgmt'] = "FT-EAP-SHA384 PASN"
-    params["ieee8021x"] = "1"
-    params = dict(list(radius.items()) + list(params.items()))
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
-              sha384=True)
-
-    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
-        pasn_hapd = hapd1
-    else:
-        pasn_hapd = hapd0
-
-    check_pasn_akmp_cipher(dev[0], pasn_hapd, "FT-EAP-SHA384", "CCMP")
-
-def test_pasn_sta_mic_error(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP with corrupted MIC on station"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "19")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        # When forcing MIC corruption, the exchange would be still successful
-        # on the station side, but the AP would fail the exchange and would not
-        # store the keys.
-        dev[0].set("pasn_corrupt_mic", "1")
-        check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP", fail_ptk=True)
-    finally:
-        dev[0].set("pasn_corrupt_mic", "0")
-
-    # Now verify the successful case
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP")
-
-def test_pasn_ap_mic_error(dev, apdev):
-    """PASN authentication with WPA2/CCMP AP with corrupted MIC on AP"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "19")
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    params['pasn_corrupt_mic'] = "1"
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd1, "PASN", "CCMP", status=1)
-    check_pasn_akmp_cipher(dev[0], hapd0, "PASN", "CCMP")
-
-@remote_compatible
-def test_pasn_comeback(dev, apdev, params):
-    """PASN authentication with comeback flow"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "19")
-    params['sae_anti_clogging_threshold'] = '0'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan(type="ONLY", freq=2412)
-    cmd = "PASN_START bssid=%s akmp=PASN cipher=CCMP group=19" % bssid
-
-    resp = dev[0].request(cmd)
-    if "OK" not in resp:
-        raise Exception("Failed to start PASN authentication")
-
-    ev = dev[0].wait_event(["PASN-AUTH-STATUS"], 3)
-    if not ev:
-        raise Exception("PASN: PASN-AUTH-STATUS not seen")
-
-    if bssid + " akmp=PASN, status=30 comeback_after=" not in ev:
-        raise Exception("PASN: unexpected status")
-
-    comeback = re.split("comeback=", ev)[1]
-
-    cmd = "PASN_START bssid=%s akmp=PASN cipher=CCMP group=19 comeback=%s" % \
-            (bssid, comeback)
-
-    resp = dev[0].request(cmd)
-    if "OK" not in resp:
-        raise Exception("Failed to start PASN authentication")
-
-    ev = dev[0].wait_event(["PASN-AUTH-STATUS"], 3)
-    if not ev:
-        raise Exception("PASN: PASN-AUTH-STATUS not seen")
-
-    if bssid + " akmp=PASN, status=0" not in ev:
-        raise Exception("PASN: unexpected status with comeback token")
-
-    check_pasn_ptk(dev[0], hapd, "CCMP")
-
-@remote_compatible
-def test_pasn_comeback_after_0(dev, apdev, params):
-    """PASN authentication with comeback flow with comeback after set to 0"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "19")
-    params['anti_clogging_threshold'] = '0'
-    params['pasn_comeback_after'] = '0'
-    hapd = start_pasn_ap(apdev[0], params)
-
-    check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP")
-
-@remote_compatible
-def test_pasn_comeback_after_0_sae(dev, apdev):
-    """PASN authentication with SAE, with comeback flow where comeback after is set to 0"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    params = hostapd.wpa2_params(ssid="test-pasn-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE PASN'
-    params['anti_clogging_threshold'] = '0'
-    params['pasn_comeback_after'] = '0'
-    params['sae_pwe'] = "2"
-    hapd = start_pasn_ap(apdev[0], params)
-
-    try:
-        dev[0].set("sae_pwe", "2")
-        dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", only_add_network=True)
-
-        # first test with a valid PSK
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="0")
-
-        # And now with PMKSA caching
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP")
-
-        # And now with a wrong passphrase
-        if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-            raise Exception("PMKSA_FLUSH failed")
-
-        dev[0].set_network_quoted(0, "psk", "12345678787")
-        check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", status=1, nid="0")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-@remote_compatible
-def test_pasn_comeback_multi(dev, apdev):
-    """PASN authentication with SAE, with multiple stations with comeback"""
-    check_pasn_capab(dev[0])
-    check_sae_capab(dev[0])
-
-    params = hostapd.wpa2_params(ssid="test-pasn-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE PASN'
-    params['anti_clogging_threshold'] = '1'
-    params['pasn_comeback_after'] = '0'
-    hapd = start_pasn_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    id = {}
-    for i in range(0, 2):
-        dev[i].flush_scan_cache()
-        dev[i].scan(type="ONLY", freq=2412)
-        id[i] = dev[i].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE",
-                               scan_freq="2412", only_add_network=True)
-
-    for i in range(0, 2):
-        cmd = "PASN_START bssid=%s akmp=PASN cipher=CCMP group=19, nid=%s" % (bssid, id[i])
-        resp = dev[i].request(cmd)
-
-        if "OK" not in resp:
-            raise Exception("Failed to start pasn authentication")
-
-    for i in range(0, 2):
-        ev = dev[i].wait_event(["PASN-AUTH-STATUS"], 3)
-        if not ev:
-            raise Exception("PASN: PASN-AUTH-STATUS not seen")
-
-        if bssid + " akmp=PASN, status=0" not in ev:
-            raise Exception("PASN: unexpected status")
-
-        check_pasn_ptk(dev[i], hapd, "CCMP")
-
-def test_pasn_kdk_derivation(dev, apdev):
-    """PASN authentication with forced KDK derivation"""
-    check_pasn_capab(dev[0])
-
-    params = pasn_ap_params("PASN", "CCMP", "19")
-    hapd0 = start_pasn_ap(apdev[0], params)
-
-    params['force_kdk_derivation'] = "1"
-    hapd1 = start_pasn_ap(apdev[1], params)
-
-    try:
-        check_pasn_akmp_cipher(dev[0], hapd0, "PASN", "CCMP")
-        dev[0].set("force_kdk_derivation", "1")
-        check_pasn_akmp_cipher(dev[0], hapd1, "PASN", "CCMP")
-    finally:
-        dev[0].set("force_kdk_derivation", "0")
diff --git a/tests/hwsim/test_pmksa_cache.py b/tests/hwsim/test_pmksa_cache.py
deleted file mode 100644
index 10d76a394f8d..000000000000
--- a/tests/hwsim/test_pmksa_cache.py
+++ /dev/null
@@ -1,1267 +0,0 @@
-# WPA2-Enterprise PMKSA caching tests
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import logging
-logger = logging.getLogger()
-import socket
-import struct
-import subprocess
-import time
-
-import hostapd
-import hwsim_utils
-from wpasupplicant import WpaSupplicant
-from utils import alloc_fail, HwsimSkip, wait_fail_trigger
-from test_ap_eap import eap_connect
-
-def test_pmksa_cache_on_roam_back(dev, apdev):
-    """PMKSA cache to skip EAP on reassociation back to same AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].dump_monitor()
-    logger.info("Roam to AP2")
-    # It can take some time for the second AP to become ready to reply to Probe
-    # Request frames especially under heavy CPU load, so allow couple of rounds
-    # of scanning to avoid reporting errors incorrectly just because of scans
-    # not having seen the target AP.
-    for i in range(0, 10):
-        dev[0].scan(freq="2412")
-        if dev[0].get_bss(bssid2) is not None:
-            break
-        logger.info("Scan again to find target AP")
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    dev[0].wait_connected(timeout=10, error="Roaming timed out")
-    pmksa2 = dev[0].get_pmksa(bssid2)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa2['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    dev[0].dump_monitor()
-    logger.info("Roam back to AP1")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    pmksa1b = dev[0].get_pmksa(bssid)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("Unexpected PMKID change for AP1")
-
-    dev[0].dump_monitor()
-    if "FAIL" in dev[0].request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-    if dev[0].get_pmksa(bssid) is not None or dev[0].get_pmksa(bssid2) is not None:
-        raise Exception("PMKSA_FLUSH did not remove PMKSA entries")
-    dev[0].wait_disconnected(timeout=5)
-    dev[0].wait_connected(timeout=15, error="Reconnection timed out")
-
-def test_pmksa_cache_and_reauth(dev, apdev):
-    """PMKSA caching and EAPOL reauthentication"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].dump_monitor()
-    logger.info("Roam to AP2")
-    # It can take some time for the second AP to become ready to reply to Probe
-    # Request frames especially under heavy CPU load, so allow couple of rounds
-    # of scanning to avoid reporting errors incorrectly just because of scans
-    # not having seen the target AP.
-    for i in range(0, 10):
-        dev[0].scan(freq="2412")
-        if dev[0].get_bss(bssid2) is not None:
-            break
-        logger.info("Scan again to find target AP")
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    dev[0].wait_connected(timeout=10, error="Roaming timed out")
-
-    dev[0].dump_monitor()
-    logger.info("Roam back to AP1")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    # Verify EAPOL reauthentication after PMKSA caching
-    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not start")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
-    if ev is None:
-        raise Exception("EAP authentication did not succeed")
-
-def test_pmksa_cache_and_ptk_rekey_ap(dev, apdev):
-    """PMKSA caching and PTK rekey triggered by AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    params['wpa_ptk_rekey'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].dump_monitor()
-    logger.info("Roam to AP2")
-    # It can take some time for the second AP to become ready to reply to Probe
-    # Request frames especially under heavy CPU load, so allow couple of rounds
-    # of scanning to avoid reporting errors incorrectly just because of scans
-    # not having seen the target AP.
-    for i in range(0, 10):
-        dev[0].scan(freq="2412")
-        if dev[0].get_bss(bssid2) is not None:
-            break
-        logger.info("Scan again to find target AP")
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    dev[0].wait_connected(timeout=10, error="Roaming timed out")
-
-    dev[0].dump_monitor()
-    logger.info("Roam back to AP1")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    # Verify PTK rekeying after PMKSA caching
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3)
-    if ev is None:
-        raise Exception("PTK rekey timed out")
-
-def test_pmksa_cache_opportunistic_only_on_sta(dev, apdev):
-    """Opportunistic PMKSA caching enabled only on station"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef", okc=True,
-                   scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].dump_monitor()
-    logger.info("Roam to AP2")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    dev[0].wait_connected(timeout=10, error="Roaming timed out")
-    pmksa2 = dev[0].get_pmksa(bssid2)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa2['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    dev[0].dump_monitor()
-    logger.info("Roam back to AP1")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    pmksa1b = dev[0].get_pmksa(bssid)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("Unexpected PMKID change for AP1")
-
-def test_pmksa_cache_opportunistic(dev, apdev):
-    """Opportunistic PMKSA caching"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    params['okc'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef", okc=True,
-                   scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].dump_monitor()
-    logger.info("Roam to AP2")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    pmksa2 = dev[0].get_pmksa(bssid2)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry created")
-
-    dev[0].dump_monitor()
-    logger.info("Roam back to AP1")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    pmksa1b = dev[0].get_pmksa(bssid)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("Unexpected PMKID change for AP1")
-
-def test_pmksa_cache_opportunistic_connect(dev, apdev):
-    """Opportunistic PMKSA caching with connect API"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    params['okc'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    wpas.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                 eap="GPSK", identity="gpsk user",
-                 password="abcdefghijklmnop0123456789abcdef", okc=True,
-                 scan_freq="2412")
-    pmksa = wpas.get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    wpas.dump_monitor()
-    logger.info("Roam to AP2")
-    wpas.scan_for_bss(bssid2, freq="2412", force_scan=True)
-    wpas.request("ROAM " + bssid2)
-    ev = wpas.wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    pmksa2 = wpas.get_pmksa(bssid2)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry created")
-
-    wpas.dump_monitor()
-    logger.info("Roam back to AP1")
-    wpas.scan(freq="2412")
-    wpas.request("ROAM " + bssid)
-    ev = wpas.wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    pmksa1b = wpas.get_pmksa(bssid)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("Unexpected PMKID change for AP1")
-
-def test_pmksa_cache_expiration(dev, apdev):
-    """PMKSA cache entry expiration"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].request("SET dot11RSNAConfigPMKLifetime 10")
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    hapd.wait_sta()
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    logger.info("Wait for PMKSA cache entry to expire")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("No EAP reauthentication seen")
-    if "CTRL-EVENT-DISCONNECTED" in ev:
-        raise Exception("Unexpected disconnection")
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if pmksa['pmkid'] == pmksa2['pmkid']:
-        raise Exception("PMKID did not change")
-    hapd.wait_ptkinitdone(dev[0].own_addr())
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_pmksa_cache_expiration_disconnect(dev, apdev):
-    """PMKSA cache entry expiration (disconnect)"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].request("SET dot11RSNAConfigPMKLifetime 2")
-    dev[0].request("SET dot11RSNAConfigPMKReauthThreshold 100")
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    hapd.request("SET auth_server_shared_secret incorrect")
-    logger.info("Wait for PMKSA cache entry to expire")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("No EAP reauthentication seen")
-    if "CTRL-EVENT-DISCONNECTED" not in ev:
-        raise Exception("Missing disconnection")
-    hapd.request("SET auth_server_shared_secret radius")
-    ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=15)
-    if ev is None:
-        raise Exception("No EAP reauthentication seen")
-    pmksa2 = dev[0].get_pmksa(bssid)
-    if pmksa['pmkid'] == pmksa2['pmkid']:
-        raise Exception("PMKID did not change")
-
-def test_pmksa_cache_and_cui(dev, apdev):
-    """PMKSA cache and Chargeable-User-Identity"""
-    params = hostapd.wpa2_eap_params(ssid="cui")
-    params['radius_request_cui'] = '1'
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("cui", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk-cui",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-
-    dev[0].dump_monitor()
-    logger.info("Disconnect and reconnect to the same AP")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("Reconnect timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    pmksa1b = dev[0].get_pmksa(bssid)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("Unexpected PMKID change for AP1")
-
-    dev[0].request("REAUTHENTICATE")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    for i in range(0, 20):
-        state = dev[0].get_status_field("wpa_state")
-        if state == "COMPLETED":
-            break
-        time.sleep(0.1)
-    if state != "COMPLETED":
-        raise Exception("Reauthentication did not complete")
-
-def test_pmksa_cache_preauth_auto(dev, apdev):
-    """RSN pre-authentication based on pre-connection scan results"""
-    try:
-        run_pmksa_cache_preauth_auto(dev, apdev)
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev',
-                                       'ap-br0', 'down', '2>', '/dev/null'],
-                            shell=True)
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0',
-                                       '2>', '/dev/null'], shell=True)
-
-def run_pmksa_cache_preauth_auto(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['bridge'] = 'ap-br0'
-    params['rsn_preauth'] = '1'
-    params['rsn_preauth_interfaces'] = 'ap-br0'
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    eap_connect(dev[0], None, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-
-    found = False
-    for i in range(20):
-        time.sleep(0.5)
-        res1 = dev[0].get_pmksa(apdev[0]['bssid'])
-        res2 = dev[0].get_pmksa(apdev[1]['bssid'])
-        if res1 and res2:
-            found = True
-            break
-    if not found:
-        raise Exception("The expected PMKSA cache entries not found")
-
-def generic_pmksa_cache_preauth(dev, apdev, extraparams, identity, databridge,
-                                force_disconnect=False):
-    if not extraparams:
-        extraparams = [{}, {}]
-    try:
-        params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-        params['bridge'] = 'ap-br0'
-        for key, value in extraparams[0].items():
-            params[key] = value
-
-        hapd = hostapd.add_ap(apdev[0], params)
-        hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
-        hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-        eap_connect(dev[0], hapd, "PAX", identity,
-                    password_hex="0123456789abcdef0123456789abcdef")
-
-        # Verify connectivity in the correct VLAN
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
-
-        params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-        params['bridge'] = 'ap-br0'
-        params['rsn_preauth'] = '1'
-        params['rsn_preauth_interfaces'] = databridge
-        for key, value in extraparams[1].items():
-            params[key] = value
-        hapd1 = hostapd.add_ap(apdev[1], params)
-        bssid1 = apdev[1]['bssid']
-        dev[0].scan(freq="2412")
-        success = False
-        status_seen = False
-        for i in range(0, 50):
-            if not status_seen:
-                status = dev[0].request("STATUS")
-                if "Pre-authentication EAPOL state machines:" in status:
-                    status_seen = True
-            time.sleep(0.1)
-            pmksa = dev[0].get_pmksa(bssid1)
-            if pmksa:
-                success = True
-                break
-        if not success:
-            raise Exception("No PMKSA cache entry created from pre-authentication")
-        if not status_seen:
-            raise Exception("Pre-authentication EAPOL status was not available")
-
-        dev[0].scan(freq="2412")
-        if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"):
-            raise Exception("Scan results missing RSN element info")
-        dev[0].request("ROAM " + bssid1)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                                "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Roaming with the AP timed out")
-        if "CTRL-EVENT-EAP-STARTED" in ev:
-            raise Exception("Unexpected EAP exchange")
-        pmksa2 = dev[0].get_pmksa(bssid1)
-        if pmksa2 is None:
-            raise Exception("No PMKSA cache entry")
-        if pmksa['pmkid'] != pmksa2['pmkid']:
-            raise Exception("Unexpected PMKID change")
-
-        hapd1.wait_sta()
-        # Verify connectivity in the correct VLAN
-        hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
-
-        if not force_disconnect:
-            return
-
-        # Disconnect the STA from both APs to avoid forceful ifdown by the
-        # test script on a VLAN that this has an associated STA. That used to
-        # trigger a mac80211 warning.
-        dev[0].request("DISCONNECT")
-        hapd.request("DISABLE")
-
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev',
-                                       'ap-br0', 'down', '2>', '/dev/null'],
-                            shell=True)
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0',
-                                       '2>', '/dev/null'], shell=True)
-
-def test_pmksa_cache_preauth(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry"""
-    generic_pmksa_cache_preauth(dev, apdev, None,
-                                "pax.user@example.com", "ap-br0")
-
-def test_pmksa_cache_preauth_per_sta_vif(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry with per_sta_vif"""
-    extraparams = [{}, {}]
-    extraparams[0]['per_sta_vif'] = "1"
-    extraparams[1]['per_sta_vif'] = "1"
-    generic_pmksa_cache_preauth(dev, apdev, extraparams,
-                                "pax.user@example.com", "ap-br0")
-
-def test_pmksa_cache_preauth_vlan_enabled(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set)"""
-    extraparams = [{}, {}]
-    extraparams[0]['dynamic_vlan'] = '1'
-    extraparams[1]['dynamic_vlan'] = '1'
-    generic_pmksa_cache_preauth(dev, apdev, extraparams,
-                                "pax.user@example.com", "ap-br0")
-
-def test_pmksa_cache_preauth_vlan_enabled_per_sta_vif(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set, with per_sta_vif enabled)"""
-    extraparams = [{}, {}]
-    extraparams[0]['per_sta_vif'] = "1"
-    extraparams[1]['per_sta_vif'] = "1"
-    extraparams[0]['dynamic_vlan'] = '1'
-    extraparams[1]['dynamic_vlan'] = '1'
-    generic_pmksa_cache_preauth(dev, apdev, extraparams,
-                                "pax.user@example.com", "ap-br0")
-
-def test_pmksa_cache_preauth_vlan_used(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set)"""
-    run_pmksa_cache_preauth_vlan_used(dev, apdev, None, force_disconnect=True)
-
-def run_pmksa_cache_preauth_vlan_used(dev, apdev, extraparams=None,
-                                      force_disconnect=False):
-    try:
-        subprocess.call(['brctl', 'addbr', 'brvlan1'])
-        subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
-        if not extraparams:
-            extraparams = [{}, {}]
-        extraparams[0]['dynamic_vlan'] = '1'
-        extraparams[0]['vlan_file'] = 'hostapd.wlan3.vlan'
-        extraparams[1]['dynamic_vlan'] = '1'
-        extraparams[1]['vlan_file'] = 'hostapd.wlan4.vlan'
-        generic_pmksa_cache_preauth(dev, apdev, extraparams,
-                                    "vlan1", "brvlan1",
-                                    force_disconnect=force_disconnect)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan4.1'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'brvlan1'])
-
-def test_pmksa_cache_preauth_vlan_used_per_sta_vif(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set, per_sta_vif=1)"""
-    extraparams = [{}, {}]
-    extraparams[0]['per_sta_vif'] = "1"
-    extraparams[1]['per_sta_vif'] = "1"
-    run_pmksa_cache_preauth_vlan_used(dev, apdev, extraparams)
-
-def test_pmksa_cache_disabled(dev, apdev):
-    """PMKSA cache disabling on AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    params['disable_pmksa_caching'] = '1'
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].dump_monitor()
-    logger.info("Roam to AP2")
-    dev[0].scan_for_bss(bssid2, freq="2412")
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    dev[0].wait_connected(timeout=10, error="Roaming timed out")
-
-    dev[0].dump_monitor()
-    logger.info("Roam back to AP1")
-    dev[0].scan(freq="2412")
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("EAP exchange missing")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-
-def test_pmksa_cache_ap_expiration(dev, apdev):
-    """PMKSA cache entry expiring on AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].cmd_execute(['iw', 'dev', dev[0].ifname,
-                        'set', 'power_save', 'off'])
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk-user-session-timeout",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    hapd.dump_monitor()
-
-    dev[0].request("DISCONNECT")
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No disconnection event received from hostapd")
-    dev[0].wait_disconnected()
-
-    # Wait for session timeout to remove PMKSA cache entry
-    time.sleep(5)
-    dev[0].dump_monitor()
-    hapd.dump_monitor()
-
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Reconnection with the AP timed out")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("EAP exchange missing")
-    dev[0].wait_connected(timeout=20, error="Reconnect timed out")
-    dev[0].dump_monitor()
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd [2]")
-    hapd.dump_monitor()
-
-    # Wait for session timeout
-    ev = hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("No disconnection event received from hostapd [2]")
-    dev[0].wait_disconnected(timeout=20)
-    dev[0].wait_connected(timeout=20, error="Reassociation timed out")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd [3]")
-    hapd.dump_monitor()
-    dev[0].dump_monitor()
-
-def test_pmksa_cache_multiple_sta(dev, apdev):
-    """PMKSA cache with multiple stations"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    for d in dev:
-        d.flush_scan_cache()
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk-user-session-timeout",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    dev[1].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    dev[2].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk-user-session-timeout",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.flush_scan_cache()
-    wpas.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                 eap="GPSK", identity="gpsk user",
-                 password="abcdefghijklmnop0123456789abcdef",
-                 scan_freq="2412")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    logger.info("Roam to AP2")
-    for sta in [dev[1], dev[0], dev[2], wpas]:
-        sta.dump_monitor()
-        sta.scan_for_bss(bssid2, freq="2412")
-        if "OK" not in sta.request("ROAM " + bssid2):
-            raise Exception("ROAM command failed (" + sta.ifname + ")")
-        ev = sta.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("EAP success timed out")
-        sta.wait_connected(timeout=10, error="Roaming timed out")
-        sta.dump_monitor()
-
-    logger.info("Roam back to AP1")
-    for sta in [dev[1], wpas, dev[0], dev[2]]:
-        sta.dump_monitor()
-        sta.scan(freq="2412")
-        sta.dump_monitor()
-        sta.request("ROAM " + bssid)
-        sta.wait_connected(timeout=10, error="Roaming timed out")
-        sta.dump_monitor()
-
-    time.sleep(4)
-
-    logger.info("Roam back to AP2")
-    for sta in [dev[1], wpas, dev[0], dev[2]]:
-        sta.dump_monitor()
-        sta.scan(freq="2412")
-        sta.dump_monitor()
-        sta.request("ROAM " + bssid2)
-        sta.wait_connected(timeout=10, error="Roaming timed out")
-        sta.dump_monitor()
-
-def test_pmksa_cache_opportunistic_multiple_sta(dev, apdev):
-    """Opportunistic PMKSA caching with multiple stations"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    params['okc'] = "1"
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    for d in dev:
-        d.flush_scan_cache()
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.flush_scan_cache()
-    for sta in [dev[0], dev[1], dev[2], wpas]:
-        sta.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                    eap="GPSK", identity="gpsk user",
-                    password="abcdefghijklmnop0123456789abcdef", okc=True,
-                    scan_freq="2412")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    logger.info("Roam to AP2")
-    for sta in [dev[2], dev[0], wpas, dev[1]]:
-        sta.dump_monitor()
-        sta.scan_for_bss(bssid2, freq="2412")
-        if "OK" not in sta.request("ROAM " + bssid2):
-            raise Exception("ROAM command failed")
-        ev = sta.wait_event(["CTRL-EVENT-EAP-STARTED",
-                             "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Roaming with the AP timed out")
-        if "CTRL-EVENT-EAP-STARTED" in ev:
-            raise Exception("Unexpected EAP exchange")
-        pmksa2 = sta.get_pmksa(bssid2)
-        if pmksa2 is None:
-            raise Exception("No PMKSA cache entry created")
-        sta.dump_monitor()
-
-    logger.info("Roam back to AP1")
-    for sta in [dev[0], dev[1], dev[2], wpas]:
-        sta.dump_monitor()
-        sta.scan_for_bss(bssid, freq="2412")
-        sta.request("ROAM " + bssid)
-        ev = sta.wait_event(["CTRL-EVENT-EAP-STARTED",
-                             "CTRL-EVENT-CONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("Roaming with the AP timed out")
-        if "CTRL-EVENT-EAP-STARTED" in ev:
-            raise Exception("Unexpected EAP exchange")
-
-def test_pmksa_cache_preauth_oom(dev, apdev):
-    """RSN pre-authentication to generate PMKSA cache entry and OOM"""
-    try:
-        _test_pmksa_cache_preauth_oom(dev, apdev)
-    finally:
-        hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
-                                       'down'])
-        hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
-
-def _test_pmksa_cache_preauth_oom(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['bridge'] = 'ap-br0'
-    hapd = hostapd.add_ap(apdev[0], params)
-    hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
-    hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                bssid=apdev[0]['bssid'])
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['bridge'] = 'ap-br0'
-    params['rsn_preauth'] = '1'
-    params['rsn_preauth_interfaces'] = 'ap-br0'
-    hapd = hostapd.add_ap(apdev[1], params)
-    bssid1 = apdev[1]['bssid']
-
-    tests = [(1, "rsn_preauth_receive"),
-             (2, "rsn_preauth_receive"),
-             (1, "rsn_preauth_send"),
-             (1, "wpa_auth_pmksa_add_preauth;rsn_preauth_finished")]
-    for test in tests:
-        hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
-        with alloc_fail(hapd, test[0], test[1]):
-            dev[0].scan_for_bss(bssid1, freq="2412")
-            if "OK" not in dev[0].request("PREAUTH " + bssid1):
-                raise Exception("PREAUTH failed")
-
-            success = False
-            count = 0
-            for i in range(50):
-                time.sleep(0.1)
-                pmksa = dev[0].get_pmksa(bssid1)
-                if pmksa:
-                    success = True
-                    break
-                state = hapd.request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    count += 1
-                    if count > 2:
-                        break
-            logger.info("PMKSA cache success: " + str(success))
-
-            dev[0].request("PMKSA_FLUSH")
-            dev[0].wait_disconnected()
-            dev[0].wait_connected()
-            dev[0].dump_monitor()
-
-def test_pmksa_cache_size_limit(dev, apdev):
-    """PMKSA cache size limit in wpa_supplicant"""
-    try:
-        _test_pmksa_cache_size_limit(dev, apdev)
-    finally:
-        try:
-            hapd = hostapd.HostapdGlobal(apdev[0])
-            hapd.flush()
-            hapd.remove(apdev[0]['ifname'])
-        except:
-            pass
-        params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-        bssid = apdev[0]['bssid']
-        params['bssid'] = bssid
-        hostapd.add_ap(apdev[0], params)
-
-def _test_pmksa_cache_size_limit(dev, apdev):
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412", only_add_network=True)
-    for i in range(33):
-        bssid = apdev[0]['bssid'][0:15] + "%02x" % i
-        logger.info("Iteration with BSSID " + bssid)
-        params['bssid'] = bssid
-        hostapd.add_ap(apdev[0], params)
-        dev[0].request("BSS_FLUSH 0")
-        dev[0].scan_for_bss(bssid, freq=2412, only_new=True)
-        dev[0].select_network(id)
-        dev[0].wait_connected()
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-        entries = len(dev[0].request("PMKSA").splitlines()) - 1
-        if i == 32:
-            if entries != 32:
-                raise Exception("Unexpected number of PMKSA entries after expected removal of the oldest entry")
-        elif i + 1 != entries:
-            raise Exception("Unexpected number of PMKSA entries")
-
-        hapd = hostapd.HostapdGlobal(apdev[0])
-        hapd.flush()
-        hapd.remove(apdev[0]['ifname'])
-
-def test_pmksa_cache_preauth_timeout(dev, apdev):
-    """RSN pre-authentication timing out"""
-    try:
-        _test_pmksa_cache_preauth_timeout(dev, apdev)
-    finally:
-        dev[0].request("SET dot11RSNAConfigSATimeout 60")
-
-def _test_pmksa_cache_preauth_timeout(dev, apdev):
-    dev[0].request("SET dot11RSNAConfigSATimeout 1")
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                bssid=apdev[0]['bssid'])
-    if "OK" not in dev[0].request("PREAUTH f2:11:22:33:44:55"):
-        raise Exception("PREAUTH failed")
-    ev = dev[0].wait_event(["RSN: pre-authentication with"], timeout=5)
-    if ev is None:
-        raise Exception("No timeout event seen")
-    if "timed out" not in ev:
-        raise Exception("Unexpected event: " + ev)
-
-def test_pmksa_cache_preauth_wpas_oom(dev, apdev):
-    """RSN pre-authentication OOM in wpa_supplicant"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    hapd = hostapd.add_ap(apdev[0], params)
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                bssid=apdev[0]['bssid'])
-    for i in range(1, 11):
-        with alloc_fail(dev[0], i, "rsn_preauth_init"):
-            res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
-            logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
-            for j in range(10):
-                state = dev[0].request('GET_ALLOC_FAIL')
-                if state.startswith('0:'):
-                    break
-                time.sleep(0.05)
-
-def test_pmksa_cache_ctrl(dev, apdev):
-    """PMKSA cache control interface operations"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    addr = dev[0].own_addr()
-
-    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-
-    pmksa_sta = dev[0].get_pmksa(bssid)
-    if pmksa_sta is None:
-        raise Exception("No PMKSA cache entry created on STA")
-    pmksa_ap = hapd.get_pmksa(addr)
-    if pmksa_ap is None:
-        raise Exception("No PMKSA cache entry created on AP")
-    if pmksa_sta['pmkid'] != pmksa_ap['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-
-    if "OK" not in hapd.request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-    pmksa_ap = hapd.get_pmksa(addr)
-    if pmksa_ap is not None:
-        raise Exception("PMKSA cache entry was not removed on AP")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-    pmksa_sta2 = dev[0].get_pmksa(bssid)
-    if pmksa_sta2 is None:
-        raise Exception("No PMKSA cache entry created on STA after reconnect")
-    pmksa_ap2 = hapd.get_pmksa(addr)
-    if pmksa_ap2 is None:
-        raise Exception("No PMKSA cache entry created on AP after reconnect")
-    if pmksa_sta2['pmkid'] != pmksa_ap2['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries after reconnect")
-    if pmksa_sta2['pmkid'] == pmksa_sta['pmkid']:
-        raise Exception("PMKID did not change after reconnect")
-
-def test_pmksa_cache_ctrl_events(dev, apdev):
-    """PMKSA cache control interface events"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412", wait_connect=False)
-
-    ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=15)
-    if ev is None:
-        raise Exception("No PMKSA-CACHE-ADDED event")
-    dev[0].wait_connected()
-    items = ev.split(' ')
-    if items[1] != bssid:
-        raise Exception("BSSID mismatch: " + ev)
-    if int(items[2]) != id:
-        raise Exception("network_id mismatch: " + ev)
-
-    dev[0].request("PMKSA_FLUSH")
-    ev = dev[0].wait_event(["PMKSA-CACHE-REMOVED"], timeout=15)
-    if ev is None:
-        raise Exception("No PMKSA-CACHE-REMOVED event")
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    items = ev.split(' ')
-    if items[1] != bssid:
-        raise Exception("BSSID mismatch: " + ev)
-    if int(items[2]) != id:
-        raise Exception("network_id mismatch: " + ev)
-
-def test_pmksa_cache_ctrl_ext(dev, apdev):
-    """PMKSA cache control interface for external management"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412")
-
-    res1 = dev[0].request("PMKSA_GET %d" % id)
-    logger.info("PMKSA_GET: " + res1)
-    if "UNKNOWN COMMAND" in res1:
-        raise HwsimSkip("PMKSA_GET not supported in the build")
-    if bssid not in res1:
-        raise Exception("PMKSA cache entry missing")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-    dev[0].scan_for_bss(bssid2, freq=2412, force_scan=True)
-    dev[0].request("ROAM " + bssid2)
-    dev[0].wait_connected()
-
-    res2 = dev[0].request("PMKSA_GET %d" % id)
-    logger.info("PMKSA_GET: " + res2)
-    if bssid not in res2:
-        raise Exception("PMKSA cache entry 1 missing")
-    if bssid2 not in res2:
-        raise Exception("PMKSA cache entry 2 missing")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].request("PMKSA_FLUSH")
-
-    id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412", only_add_network=True)
-    res3 = dev[0].request("PMKSA_GET %d" % id)
-    if res3 != '':
-        raise Exception("Unexpected PMKSA cache entry remains: " + res3)
-    res4 = dev[0].request("PMKSA_GET %d" % (id + 1234))
-    if not res4.startswith('FAIL'):
-        raise Exception("Unexpected PMKSA cache entry for unknown network: " + res4)
-
-    for entry in res2.splitlines():
-        if "OK" not in dev[0].request("PMKSA_ADD %d %s" % (id, entry)):
-            raise Exception("Failed to add PMKSA entry")
-
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange after external PMKSA cache restore")
-
-def test_pmksa_cache_ctrl_ext_ft(dev, apdev):
-    """PMKSA cache control interface for external management (FT)"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    params['wpa_key_mgmt'] = "FT-EAP"
-    params['nas_identifier'] = "nas.w1.fi"
-    params['r1_key_holder'] = "000102030406"
-    params["mobility_domain"] = "a1b2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="FT-EAP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        scan_freq="2412")
-
-    res1 = dev[0].request("PMKSA_GET %d" % id)
-    logger.info("PMKSA_GET: " + res1)
-    if "UNKNOWN COMMAND" in res1:
-        raise HwsimSkip("PMKSA_GET not supported in the build")
-    if bssid not in res1:
-        raise Exception("PMKSA cache entry missing")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].request("PMKSA_FLUSH")
-
-    id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="FT-EAP",
-                        eap="GPSK", identity="gpsk user",
-                        password="abcdefghijklmnop0123456789abcdef",
-                        ft_eap_pmksa_caching="1",
-                        scan_freq="2412", only_add_network=True)
-    res3 = dev[0].request("PMKSA_GET %d" % id)
-    if res3 != '':
-        raise Exception("Unexpected PMKSA cache entry remains: " + res3)
-
-    for entry in res1.splitlines():
-        if "OK" not in dev[0].request("PMKSA_ADD %d %s" % (id, entry)):
-            raise Exception("Failed to add PMKSA entry")
-
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Connection with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange after external PMKSA cache restore")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].request("PMKSA_FLUSH")
-    # Add a PMKSA cache entry for FT-EAP with PMKSA caching disabled to confirm
-    # that the PMKID is not configured to the driver (this part requires manual
-    # check of the debug log currently).
-    dev[0].set_network(id, "ft_eap_pmksa_caching", "0")
-    for entry in res1.splitlines():
-        if "OK" not in dev[0].request("PMKSA_ADD %d %s" % (id, entry)):
-            raise Exception("Failed to add PMKSA entry")
-
-def test_rsn_preauth_processing(dev, apdev):
-    """RSN pre-authentication processing on AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['rsn_preauth'] = '1'
-    params['rsn_preauth_interfaces'] = "lo"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    _bssid = binascii.unhexlify(bssid.replace(':', ''))
-    eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef")
-    addr = dev[0].own_addr()
-    _addr = binascii.unhexlify(addr.replace(':', ''))
-
-    sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
-                         socket.htons(0x88c7))
-    sock.bind(("lo", socket.htons(0x88c7)))
-
-    foreign = b"\x02\x03\x04\x05\x06\x07"
-    proto = b"\x88\xc7"
-    tests = []
-    # RSN: too short pre-auth packet (len=14)
-    tests += [_bssid + foreign + proto]
-    # Not EAPOL-Start
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 0, 0)]
-    # RSN: pre-auth for foreign address 02:03:04:05:06:07
-    tests += [foreign + foreign + proto + struct.pack('>BBH', 0, 0, 0)]
-    # RSN: pre-auth for already association STA 02:00:00:00:00:00
-    tests += [_bssid + _addr + proto + struct.pack('>BBH', 0, 0, 0)]
-    # New STA
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 1, 1)]
-    # IEEE 802.1X: received EAPOL-Start from STA
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 1, 0)]
-    # frame too short for this IEEE 802.1X packet
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 1, 1)]
-    # EAPOL-Key - Dropped key data from unauthorized Supplicant
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 2, 3, 0)]
-    # EAPOL-Encapsulated-ASF-Alert
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 2, 4, 0)]
-    # unknown IEEE 802.1X packet type
-    tests += [_bssid + foreign + proto + struct.pack('>BBH', 2, 255, 0)]
-    for t in tests:
-        sock.send(t)
-
-def test_rsn_preauth_local_errors(dev, apdev):
-    """RSN pre-authentication and local errors on AP"""
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['rsn_preauth'] = '1'
-    params['rsn_preauth_interfaces'] = "lo"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-    _bssid = binascii.unhexlify(bssid.replace(':', ''))
-
-    sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
-                         socket.htons(0x88c7))
-    sock.bind(("lo", socket.htons(0x88c7)))
-
-    foreign = b"\x02\x03\x04\x05\x06\x07"
-    foreign2 = b"\x02\x03\x04\x05\x06\x08"
-    proto = b"\x88\xc7"
-
-    with alloc_fail(hapd, 1, "ap_sta_add;rsn_preauth_receive"):
-        sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-    with alloc_fail(hapd, 1, "eapol_auth_alloc;rsn_preauth_receive"):
-        sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-    sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
-
-    with alloc_fail(hapd, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"):
-        sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-    sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
-
-    hapd.request("DISABLE")
-    tests = [(1, "=rsn_preauth_iface_add"),
-             (2, "=rsn_preauth_iface_add"),
-             (1, "l2_packet_init;rsn_preauth_iface_add"),
-             (1, "rsn_preauth_iface_init"),
-             (1, "rsn_preauth_iface_init")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            if "FAIL" not in hapd.request("ENABLE"):
-                raise Exception("ENABLE succeeded unexpectedly")
-
-    hapd.set("rsn_preauth_interfaces", "lo  lo lo does-not-exist lo ")
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("ENABLE succeeded unexpectedly")
-    hapd.set("rsn_preauth_interfaces", " lo  lo ")
-    if "OK" not in hapd.request("ENABLE"):
-        raise Exception("ENABLE failed")
-    sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
-    sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
-
-def test_pmksa_cache_add_failure(dev, apdev):
-    """PMKSA cache add failure"""
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    with alloc_fail(dev[0], 1, "pmksa_cache_add"):
-        dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                       eap="GPSK", identity="gpsk user",
-                       password="abcdefghijklmnop0123456789abcdef",
-                       scan_freq="2412")
-    pmksa = dev[0].get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
diff --git a/tests/hwsim/test_radio_work.py b/tests/hwsim/test_radio_work.py
deleted file mode 100644
index 536afba740f7..000000000000
--- a/tests/hwsim/test_radio_work.py
+++ /dev/null
@@ -1,133 +0,0 @@
-# Radio work tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import time
-import logging
-logger = logging.getLogger()
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-
-def test_ext_radio_work(dev, apdev):
-    """External radio work item"""
-    id = dev[0].request("RADIO_WORK add test-work-a")
-    if "FAIL" in id:
-        raise Exception("Failed to add radio work")
-    id2 = dev[0].request("RADIO_WORK add test-work-b freq=2417")
-    if "FAIL" in id2:
-        raise Exception("Failed to add radio work")
-    id3 = dev[0].request("RADIO_WORK add test-work-c")
-    if "FAIL" in id3:
-        raise Exception("Failed to add radio work")
-
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    if "EXT-RADIO-WORK-START " + id not in ev:
-        raise Exception("Unexpected radio work start id")
-
-    items = dev[0].request("RADIO_WORK show")
-    if "ext:test-work-a@wlan0:0:1:" not in items:
-        logger.info("Pending radio work items:\n" + items)
-        raise Exception("Radio work item(a) missing from the list")
-    if "ext:test-work-b@wlan0:2417:0:" not in items:
-        logger.info("Pending radio work items:\n" + items)
-        raise Exception("Radio work item(b) missing from the list")
-    if "ext:test-work-c@wlan0:0:0:" not in items:
-        logger.info("Pending radio work items:\n" + items)
-        raise Exception("Radio work item(c) missing from the list")
-
-    dev[0].request("RADIO_WORK done " + id2)
-    dev[0].request("RADIO_WORK done " + id)
-
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    if "EXT-RADIO-WORK-START " + id3 not in ev:
-        raise Exception("Unexpected radio work start id")
-    dev[0].request("RADIO_WORK done " + id3)
-    items = dev[0].request("RADIO_WORK show")
-    if "ext:" in items:
-        logger.info("Pending radio work items:\n" + items)
-        raise Exception("Unexpected remaining radio work item")
-
-    id = dev[0].request("RADIO_WORK add test-work timeout=1")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-TIMEOUT"], timeout=2)
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to time out")
-    if id not in ev:
-        raise Exception("Radio work id mismatch")
-
-    for i in range(5):
-        dev[0].request(("RADIO_WORK add test-work-%d-" % i) + 100*'a')
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    if "FAIL" not in dev[0].request("RADIO_WORK done 12345678"):
-        raise Exception("Invalid RADIO_WORK done accepted")
-    if "FAIL" not in dev[0].request("RADIO_WORK foo"):
-        raise Exception("Invalid RADIO_WORK accepted")
-    dev[0].request("FLUSH")
-    items = dev[0].request("RADIO_WORK show")
-    if items != "":
-        raise Exception("Unexpected radio work remaining after FLUSH: " + items)
-
-def test_radio_work_cancel(dev, apdev):
-    """Radio work items cancelled on interface removal"""
-    params = hostapd.wpa2_params(ssid="radio", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.scan(freq="2412")
-
-    id = wpas.request("RADIO_WORK add test-work-a")
-    if "FAIL" in id:
-        raise Exception("Failed to add radio work")
-    ev = wpas.wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    if "EXT-RADIO-WORK-START " + id not in ev:
-        raise Exception("Unexpected radio work start id")
-
-    wpas.connect("radio", psk="12345678", scan_freq="2412",
-                   wait_connect=False)
-    time.sleep(1)
-    wpas.interface_remove("wlan5")
-    # add to allow log file renaming
-    wpas.interface_add("wlan5")
-
-def test_ext_radio_work_disconnect_connect(dev, apdev):
-    """External radio work and DISCONNECT clearing connection attempt"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-
-    # Start a radio work to block connection attempt
-    id1 = dev[0].request("RADIO_WORK add test-work-a")
-    if "FAIL" in id1:
-        raise Exception("Failed to add radio work")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    items = dev[0].request("RADIO_WORK show")
-    if "connect" not in items:
-        raise Exception("Connection radio work not scheduled")
-    dev[0].request("DISCONNECT")
-    items = dev[0].request("RADIO_WORK show")
-    if "connect" in items:
-        raise Exception("Connection radio work not removed on DISCONNECT")
-
-    # Clear radio work to allow any pending work to be started
-    dev[0].request("RADIO_WORK done " + id1)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-    if ev is not None:
-        raise Exception("Unexpected connection seen")
diff --git a/tests/hwsim/test_radius.py b/tests/hwsim/test_radius.py
deleted file mode 100644
index ca96c979e125..000000000000
--- a/tests/hwsim/test_radius.py
+++ /dev/null
@@ -1,1710 +0,0 @@
-# RADIUS tests
-# Copyright (c) 2013-2016, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import hashlib
-import hmac
-import logging
-logger = logging.getLogger()
-import os
-import select
-import struct
-import subprocess
-import threading
-import time
-
-import hostapd
-from utils import *
-from test_ap_hs20 import build_dhcp_ack
-from test_ap_ft import ft_params1
-
-def connect(dev, ssid, wait_connect=True):
-    dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412",
-                eap="PSK", identity="psk.user@example.com",
-                password_hex="0123456789abcdef0123456789abcdef",
-                wait_connect=wait_connect)
-
-@remote_compatible
-def test_radius_auth_unreachable(dev, apdev):
-    """RADIUS Authentication server unreachable"""
-    params = hostapd.wpa2_eap_params(ssid="radius-auth")
-    params['auth_server_port'] = "18139"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-auth", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"])
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    logger.info("Checking for RADIUS retries")
-    time.sleep(4)
-    mib = hapd.get_mib()
-    if "radiusAuthClientAccessRequests" not in mib:
-        raise Exception("Missing MIB fields")
-    if int(mib["radiusAuthClientAccessRetransmissions"]) < 1:
-        raise Exception("Missing RADIUS Authentication retransmission")
-    if int(mib["radiusAuthClientPendingRequests"]) < 1:
-        raise Exception("Missing pending RADIUS Authentication request")
-
-def test_radius_auth_unreachable2(dev, apdev):
-    """RADIUS Authentication server unreachable (2)"""
-    subprocess.call(['ip', 'ro', 'replace', '192.168.213.17', 'dev', 'lo'])
-    params = hostapd.wpa2_eap_params(ssid="radius-auth")
-    params['auth_server_addr'] = "192.168.213.17"
-    params['auth_server_port'] = "18139"
-    hapd = hostapd.add_ap(apdev[0], params)
-    subprocess.call(['ip', 'ro', 'del', '192.168.213.17', 'dev', 'lo'])
-    connect(dev[0], "radius-auth", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"])
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    logger.info("Checking for RADIUS retries")
-    time.sleep(4)
-    mib = hapd.get_mib()
-    if "radiusAuthClientAccessRequests" not in mib:
-        raise Exception("Missing MIB fields")
-    logger.info("radiusAuthClientAccessRetransmissions: " + mib["radiusAuthClientAccessRetransmissions"])
-
-def test_radius_auth_unreachable3(dev, apdev):
-    """RADIUS Authentication server initially unreachable, but then available"""
-    subprocess.call(['ip', 'ro', 'replace', 'blackhole', '192.168.213.18'])
-    params = hostapd.wpa2_eap_params(ssid="radius-auth")
-    params['auth_server_addr'] = "192.168.213.18"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-auth", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"])
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    subprocess.call(['ip', 'ro', 'del', 'blackhole', '192.168.213.18'])
-    time.sleep(0.1)
-    dev[0].request("DISCONNECT")
-    hapd.set('auth_server_addr_replace', '127.0.0.1')
-    dev[0].request("RECONNECT")
-
-    dev[0].wait_connected()
-
-def test_radius_acct_unreachable(dev, apdev):
-    """RADIUS Accounting server unreachable"""
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "18139"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-acct")
-    logger.info("Checking for RADIUS retries")
-    time.sleep(4)
-    mib = hapd.get_mib()
-    if "radiusAccClientRetransmissions" not in mib:
-        raise Exception("Missing MIB fields")
-    if int(mib["radiusAccClientRetransmissions"]) < 2:
-        raise Exception("Missing RADIUS Accounting retransmissions")
-    if int(mib["radiusAccClientPendingRequests"]) < 2:
-        raise Exception("Missing pending RADIUS Accounting requests")
-
-def test_radius_acct_unreachable2(dev, apdev):
-    """RADIUS Accounting server unreachable(2)"""
-    subprocess.call(['ip', 'ro', 'replace', '192.168.213.17', 'dev', 'lo'])
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "192.168.213.17"
-    params['acct_server_port'] = "18139"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    subprocess.call(['ip', 'ro', 'del', '192.168.213.17', 'dev', 'lo'])
-    connect(dev[0], "radius-acct")
-    logger.info("Checking for RADIUS retries")
-    found = False
-    for i in range(4):
-        time.sleep(1)
-        mib = hapd.get_mib()
-        if "radiusAccClientRetransmissions" not in mib:
-            raise Exception("Missing MIB fields")
-        if int(mib["radiusAccClientRetransmissions"]) > 0 or \
-           int(mib["radiusAccClientPendingRequests"]) > 0:
-            found = True
-    if not found:
-        raise Exception("Missing pending or retransmitted RADIUS Accounting requests")
-
-def test_radius_acct_unreachable3(dev, apdev):
-    """RADIUS Accounting server initially unreachable, but then available"""
-    require_under_vm()
-    subprocess.call(['ip', 'ro', 'replace', 'blackhole', '192.168.213.18'])
-    as_hapd = hostapd.Hostapd("as")
-    as_mib_start = as_hapd.get_mib(param="radius_server")
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "192.168.213.18"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-acct")
-    subprocess.call(['ip', 'ro', 'del', 'blackhole', '192.168.213.18'])
-    time.sleep(0.1)
-    dev[0].request("DISCONNECT")
-    hapd.set('acct_server_addr_replace', '127.0.0.1')
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-    time.sleep(1)
-    as_mib_end = as_hapd.get_mib(param="radius_server")
-    req_s = int(as_mib_start['radiusAccServTotalResponses'])
-    req_e = int(as_mib_end['radiusAccServTotalResponses'])
-    if req_e <= req_s:
-        raise Exception("Unexpected RADIUS server acct MIB value")
-
-def test_radius_acct_unreachable4(dev, apdev):
-    """RADIUS Accounting server unreachable and multiple STAs"""
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "18139"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    for i in range(20):
-        connect(dev[0], "radius-acct")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_radius_acct(dev, apdev):
-    """RADIUS Accounting"""
-    as_hapd = hostapd.Hostapd("as")
-    as_mib_start = as_hapd.get_mib(param="radius_server")
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    params['radius_auth_req_attr'] = ["126:s:Operator", "77:s:testing",
-                                      "62:d:1"]
-    params['radius_acct_req_attr'] = ["126:s:Operator", "62:d:1",
-                                      "77:s:testing"]
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-acct")
-    dev[1].connect("radius-acct", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="PAX", identity="test-class",
-                   password_hex="0123456789abcdef0123456789abcdef")
-    dev[2].connect("radius-acct", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk-cui",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    logger.info("Checking for RADIUS counters")
-    count = 0
-    while True:
-        mib = hapd.get_mib()
-        if int(mib['radiusAccClientResponses']) >= 3:
-            break
-        time.sleep(0.1)
-        count += 1
-        if count > 10:
-            raise Exception("Did not receive Accounting-Response packets")
-
-    if int(mib['radiusAccClientRetransmissions']) > 0:
-        raise Exception("Unexpected Accounting-Request retransmission")
-
-    as_mib_end = as_hapd.get_mib(param="radius_server")
-
-    req_s = int(as_mib_start['radiusAccServTotalRequests'])
-    req_e = int(as_mib_end['radiusAccServTotalRequests'])
-    if req_e < req_s + 2:
-        raise Exception("Unexpected RADIUS server acct MIB value")
-
-    acc_s = int(as_mib_start['radiusAuthServAccessAccepts'])
-    acc_e = int(as_mib_end['radiusAuthServAccessAccepts'])
-    if acc_e < acc_s + 1:
-        raise Exception("Unexpected RADIUS server auth MIB value")
-
-def test_radius_req_attr(dev, apdev, params):
-    """RADIUS request attributes"""
-    try:
-        import sqlite3
-    except ImportError:
-        raise HwsimSkip("No sqlite3 module available")
-    db = os.path.join(params['logdir'], "radius_req_attr.sqlite")
-    as_hapd = hostapd.Hostapd("as")
-    params = hostapd.wpa2_eap_params(ssid="radius-req-attr")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    params['radius_auth_req_attr'] = ["126:s:Operator"]
-    params['radius_acct_req_attr'] = ["126:s:Operator"]
-    params['radius_req_attr_sqlite'] = db
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with sqlite3.connect(db) as conn:
-        sql = "INSERT INTO radius_attributes(sta,reqtype,attr) VALUES (?,?,?)"
-        for e in [(dev[0].own_addr(), "auth", "77:s:conn-info-0"),
-                  (dev[1].own_addr(), "auth", "77:s:conn-info-1"),
-                  (dev[1].own_addr(), "auth", "77:s:conn-info-1a"),
-                  (dev[1].own_addr(), "acct", "77:s:conn-info-1b")]:
-            conn.execute(sql, e)
-        conn.commit()
-
-    connect(dev[0], "radius-req-attr")
-    connect(dev[1], "radius-req-attr")
-    connect(dev[2], "radius-req-attr")
-
-def test_radius_acct_non_ascii_ssid(dev, apdev):
-    """RADIUS Accounting and non-ASCII SSID"""
-    params = hostapd.wpa2_eap_params()
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    ssid2 = "740665007374"
-    params['ssid2'] = ssid2
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid2=ssid2, key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="PSK", identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef")
-
-def test_radius_acct_pmksa_caching(dev, apdev):
-    """RADIUS Accounting with PMKSA caching"""
-    as_hapd = hostapd.Hostapd("as")
-    as_mib_start = as_hapd.get_mib(param="radius_server")
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-acct")
-    dev[1].connect("radius-acct", key_mgmt="WPA-EAP", scan_freq="2412",
-                   eap="PAX", identity="test-class",
-                   password_hex="0123456789abcdef0123456789abcdef")
-    for d in [dev[0], dev[1]]:
-        d.request("REASSOCIATE")
-        d.wait_connected(timeout=15, error="Reassociation timed out")
-
-    count = 0
-    while True:
-        mib = hapd.get_mib()
-        if int(mib['radiusAccClientResponses']) >= 4:
-            break
-        time.sleep(0.1)
-        count += 1
-        if count > 10:
-            raise Exception("Did not receive Accounting-Response packets")
-
-    if int(mib['radiusAccClientRetransmissions']) > 0:
-        raise Exception("Unexpected Accounting-Request retransmission")
-
-    as_mib_end = as_hapd.get_mib(param="radius_server")
-
-    req_s = int(as_mib_start['radiusAccServTotalRequests'])
-    req_e = int(as_mib_end['radiusAccServTotalRequests'])
-    if req_e < req_s + 2:
-        raise Exception("Unexpected RADIUS server acct MIB value")
-
-    acc_s = int(as_mib_start['radiusAuthServAccessAccepts'])
-    acc_e = int(as_mib_end['radiusAuthServAccessAccepts'])
-    if acc_e < acc_s + 1:
-        raise Exception("Unexpected RADIUS server auth MIB value")
-
-def test_radius_acct_interim(dev, apdev):
-    """RADIUS Accounting interim update"""
-    as_hapd = hostapd.Hostapd("as")
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    params['radius_acct_interim_interval'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-acct")
-    logger.info("Checking for RADIUS counters")
-    as_mib_start = as_hapd.get_mib(param="radius_server")
-    time.sleep(4.1)
-    as_mib_end = as_hapd.get_mib(param="radius_server")
-    req_s = int(as_mib_start['radiusAccServTotalRequests'])
-    req_e = int(as_mib_end['radiusAccServTotalRequests'])
-    if req_e < req_s + 3:
-        raise Exception("Unexpected RADIUS server acct MIB value (req_e=%d req_s=%d)" % (req_e, req_s))
-    # Disable Accounting server and wait for interim update retries to fail and
-    # expire.
-    as_hapd.disable()
-    time.sleep(15)
-    as_hapd.enable()
-    ok = False
-    for i in range(10):
-        time.sleep(1)
-        as_mib = as_hapd.get_mib(param="radius_server")
-        if int(as_mib['radiusAccServTotalRequests']) > 0:
-            ok = True
-            break
-    if not ok:
-        raise Exception("Accounting updates did not seen after server restart")
-
-def test_radius_acct_interim_unreachable(dev, apdev):
-    """RADIUS Accounting interim update with unreachable server"""
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "18139"
-    params['acct_server_shared_secret'] = "radius"
-    params['radius_acct_interim_interval'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    start = hapd.get_mib()
-    connect(dev[0], "radius-acct")
-    logger.info("Waiting for interium accounting updates")
-    time.sleep(3.1)
-    end = hapd.get_mib()
-    req_s = int(start['radiusAccClientTimeouts'])
-    req_e = int(end['radiusAccClientTimeouts'])
-    if req_e < req_s + 2:
-        raise Exception("Unexpected RADIUS server acct MIB value")
-
-def test_radius_acct_interim_unreachable2(dev, apdev):
-    """RADIUS Accounting interim update with unreachable server (retry)"""
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "18139"
-    params['acct_server_shared_secret'] = "radius"
-    # Use long enough interim update interval to allow RADIUS retransmission
-    # case (3 seconds) to trigger first.
-    params['radius_acct_interim_interval'] = "4"
-    hapd = hostapd.add_ap(apdev[0], params)
-    start = hapd.get_mib()
-    connect(dev[0], "radius-acct")
-    logger.info("Waiting for interium accounting updates")
-    time.sleep(7.5)
-    end = hapd.get_mib()
-    req_s = int(start['radiusAccClientTimeouts'])
-    req_e = int(end['radiusAccClientTimeouts'])
-    if req_e < req_s + 2:
-        raise Exception("Unexpected RADIUS server acct MIB value")
-
-def test_radius_acct_ipaddr(dev, apdev):
-    """RADIUS Accounting and Framed-IP-Address"""
-    try:
-        _test_radius_acct_ipaddr(dev, apdev)
-    finally:
-        subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                        stderr=open('/dev/null', 'w'))
-        subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                        stderr=open('/dev/null', 'w'))
-
-def _test_radius_acct_ipaddr(dev, apdev):
-    params = {"ssid": "radius-acct-open",
-              'acct_server_addr': "127.0.0.1",
-              'acct_server_port': "1813",
-              'acct_server_shared_secret': "radius",
-              'proxy_arp': '1',
-              'ap_isolate': '1',
-              'bridge': 'ap-br0'}
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    try:
-        hapd.enable()
-    except:
-        # For now, do not report failures due to missing kernel support
-        raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
-    bssid = apdev[0]['bssid']
-
-    subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-    subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-    dev[0].connect("radius-acct-open", key_mgmt="NONE", scan_freq="2412")
-    addr0 = dev[0].own_addr()
-
-    pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
-                         ip_src="192.168.1.1", ip_dst="255.255.255.255",
-                         yiaddr="192.168.1.123", chaddr=addr0)
-    if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
-        raise Exception("DATA_TEST_FRAME failed")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    hapd.disable()
-
-def send_and_check_reply(srv, req, code, error_cause=0):
-    reply = srv.SendPacket(req)
-    logger.debug("RADIUS response from hostapd")
-    for i in list(reply.keys()):
-        logger.debug("%s: %s" % (i, reply[i]))
-    if reply.code != code:
-        raise Exception("Unexpected response code")
-    if error_cause:
-        if 'Error-Cause' not in reply:
-            raise Exception("Missing Error-Cause")
-            if reply['Error-Cause'][0] != error_cause:
-                raise Exception("Unexpected Error-Cause: {}".format(reply['Error-Cause']))
-
-def test_radius_acct_psk(dev, apdev):
-    """RADIUS Accounting - PSK"""
-    as_hapd = hostapd.Hostapd("as")
-    params = hostapd.wpa2_params(ssid="radius-acct", passphrase="12345678")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius-acct", psk="12345678", scan_freq="2412")
-
-def test_radius_acct_psk_sha256(dev, apdev):
-    """RADIUS Accounting - PSK SHA256"""
-    as_hapd = hostapd.Hostapd("as")
-    params = hostapd.wpa2_params(ssid="radius-acct", passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius-acct", key_mgmt="WPA-PSK-SHA256",
-                   psk="12345678", scan_freq="2412")
-
-def test_radius_acct_ft_psk(dev, apdev):
-    """RADIUS Accounting - FT-PSK"""
-    as_hapd = hostapd.Hostapd("as")
-    params = ft_params1(ssid="radius-acct", passphrase="12345678")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius-acct", key_mgmt="FT-PSK",
-                   psk="12345678", scan_freq="2412")
-
-def test_radius_acct_ieee8021x(dev, apdev):
-    """RADIUS Accounting - IEEE 802.1X"""
-    check_wep_capa(dev[0])
-    skip_with_fips(dev[0])
-    as_hapd = hostapd.Hostapd("as")
-    params = hostapd.radius_params()
-    params["ssid"] = "radius-acct-1x"
-    params["ieee8021x"] = "1"
-    params["wep_key_len_broadcast"] = "13"
-    params["wep_key_len_unicast"] = "13"
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius-acct-1x", key_mgmt="IEEE8021X", eap="PSK",
-                   identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef",
-                   scan_freq="2412")
-
-def test_radius_das_disconnect(dev, apdev):
-    """RADIUS Dynamic Authorization Extensions - Disconnect"""
-    try:
-        import pyrad.client
-        import pyrad.packet
-        import pyrad.dictionary
-        import radius_das
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    params = hostapd.wpa2_eap_params(ssid="radius-das")
-    params['radius_das_port'] = "3799"
-    params['radius_das_client'] = "127.0.0.1 secret"
-    params['radius_das_require_event_timestamp'] = "1"
-    params['own_ip_addr'] = "127.0.0.1"
-    params['nas_identifier'] = "nas.example.com"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-das")
-    addr = dev[0].p2p_interface_addr()
-    sta = hapd.get_sta(addr)
-    id = sta['dot1xAuthSessionId']
-
-    dict = pyrad.dictionary.Dictionary("dictionary.radius")
-
-    srv = pyrad.client.Client(server="127.0.0.1", acctport=3799,
-                              secret=b"secret", dict=dict)
-    srv.retries = 1
-    srv.timeout = 1
-
-    logger.info("Disconnect-Request with incorrect secret")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"incorrect",
-                                      User_Name="foo",
-                                      NAS_Identifier="localhost",
-                                      Event_Timestamp=int(time.time()))
-    logger.debug(req)
-    try:
-        reply = srv.SendPacket(req)
-        raise Exception("Unexpected response to Disconnect-Request")
-    except pyrad.client.Timeout:
-        logger.info("Disconnect-Request with incorrect secret properly ignored")
-
-    logger.info("Disconnect-Request without Event-Timestamp")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      User_Name="psk.user@example.com")
-    logger.debug(req)
-    try:
-        reply = srv.SendPacket(req)
-        raise Exception("Unexpected response to Disconnect-Request")
-    except pyrad.client.Timeout:
-        logger.info("Disconnect-Request without Event-Timestamp properly ignored")
-
-    logger.info("Disconnect-Request with non-matching Event-Timestamp")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      User_Name="psk.user@example.com",
-                                      Event_Timestamp=123456789)
-    logger.debug(req)
-    try:
-        reply = srv.SendPacket(req)
-        raise Exception("Unexpected response to Disconnect-Request")
-    except pyrad.client.Timeout:
-        logger.info("Disconnect-Request with non-matching Event-Timestamp properly ignored")
-
-    logger.info("Disconnect-Request with unsupported attribute")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      User_Name="foo",
-                                      User_Password="foo",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 401)
-
-    logger.info("Disconnect-Request with invalid Calling-Station-Id")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      User_Name="foo",
-                                      Calling_Station_Id="foo",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 407)
-
-    logger.info("Disconnect-Request with mismatching User-Name")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      User_Name="foo",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    logger.info("Disconnect-Request with mismatching Calling-Station-Id")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Calling_Station_Id="12:34:56:78:90:aa",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    logger.info("Disconnect-Request with mismatching Acct-Session-Id")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Acct_Session_Id="12345678-87654321",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    logger.info("Disconnect-Request with mismatching Acct-Session-Id (len)")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Acct_Session_Id="12345678",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    logger.info("Disconnect-Request with mismatching Acct-Multi-Session-Id")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Acct_Multi_Session_Id="12345678+87654321",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    logger.info("Disconnect-Request with mismatching Acct-Multi-Session-Id (len)")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Acct_Multi_Session_Id="12345678",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    logger.info("Disconnect-Request with no session identification attributes")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 503)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    logger.info("Disconnect-Request with mismatching NAS-IP-Address")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="192.168.3.4",
-                                      Acct_Session_Id=id,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 403)
-
-    logger.info("Disconnect-Request with mismatching NAS-Identifier")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_Identifier="unknown.example.com",
-                                      Acct_Session_Id=id,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, 403)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    logger.info("Disconnect-Request with matching Acct-Session-Id")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Acct_Session_Id=id,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    logger.info("Disconnect-Request with matching Acct-Multi-Session-Id")
-    sta = hapd.get_sta(addr)
-    multi_sess_id = sta['authMultiSessionId']
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Acct_Multi_Session_Id=multi_sess_id,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    logger.info("Disconnect-Request with matching User-Name")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_Identifier="nas.example.com",
-                                      User_Name="psk.user@example.com",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    logger.info("Disconnect-Request with matching Calling-Station-Id")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      Calling_Station_Id=addr,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[0].wait_disconnected(timeout=10)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", "CTRL-EVENT-CONNECTED"])
-    if ev is None:
-        raise Exception("Timeout while waiting for re-connection")
-    if "CTRL-EVENT-EAP-STARTED" not in ev:
-        raise Exception("Unexpected skipping of EAP authentication in reconnection")
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    logger.info("Disconnect-Request with matching Calling-Station-Id and non-matching CUI")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Calling_Station_Id=addr,
-                                      Chargeable_User_Identity="foo@example.com",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, error_cause=503)
-
-    logger.info("Disconnect-Request with matching CUI")
-    dev[1].connect("radius-das", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk-cui",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      Chargeable_User_Identity="gpsk-chargeable-user-identity",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[1].wait_disconnected(timeout=10)
-    dev[1].wait_connected(timeout=10, error="Re-connection timed out")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    connect(dev[2], "radius-das")
-
-    logger.info("Disconnect-Request with matching User-Name - multiple sessions matching")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_Identifier="nas.example.com",
-                                      User_Name="psk.user@example.com",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, error_cause=508)
-
-    logger.info("Disconnect-Request with User-Name matching multiple sessions, Calling-Station-Id only one")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_Identifier="nas.example.com",
-                                      Calling_Station_Id=addr,
-                                      User_Name="psk.user@example.com",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[0].wait_disconnected(timeout=10)
-    dev[0].wait_connected(timeout=10, error="Re-connection timed out")
-
-    ev = dev[2].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-
-    logger.info("Disconnect-Request with matching Acct-Multi-Session-Id after disassociation")
-    sta = hapd.get_sta(addr)
-    multi_sess_id = sta['authMultiSessionId']
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Acct_Multi_Session_Id=multi_sess_id,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    dev[0].wait_connected(timeout=15)
-
-    logger.info("Disconnect-Request with matching User-Name after disassociation")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    dev[2].request("DISCONNECT")
-    dev[2].wait_disconnected(timeout=10)
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      User_Name="psk.user@example.com",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    logger.info("Disconnect-Request with matching CUI after disassociation")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected(timeout=10)
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Chargeable_User_Identity="gpsk-chargeable-user-identity",
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    logger.info("Disconnect-Request with matching Calling-Station-Id after disassociation")
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    dev[0].wait_connected(timeout=15)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Calling_Station_Id=addr,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-    logger.info("Disconnect-Request with mismatching Calling-Station-Id after disassociation")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Calling_Station_Id=addr,
-                                      Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectNAK, error_cause=503)
-
-def add_message_auth_req(req):
-    req.authenticator = req.CreateAuthenticator()
-    hmac_obj = hmac.new(req.secret, digestmod=hashlib.md5)
-    hmac_obj.update(struct.pack("B", req.code))
-    hmac_obj.update(struct.pack("B", req.id))
-
-    # request attributes
-    req.AddAttribute("Message-Authenticator", 16*b"\x00")
-    attrs = b''
-    for code, datalst in sorted(req.items()):
-        for data in datalst:
-            attrs += req._PktEncodeAttribute(code, data)
-
-    # Length
-    flen = 4 + 16 + len(attrs)
-    hmac_obj.update(struct.pack(">H", flen))
-    hmac_obj.update(16*b"\x00") # all zeros Authenticator in calculation
-    hmac_obj.update(attrs)
-    del req[80]
-    req.AddAttribute("Message-Authenticator", hmac_obj.digest())
-
-def test_radius_das_disconnect_time_window(dev, apdev):
-    """RADIUS Dynamic Authorization Extensions - Disconnect - time window"""
-    try:
-        import pyrad.client
-        import pyrad.packet
-        import pyrad.dictionary
-        import radius_das
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    params = hostapd.wpa2_eap_params(ssid="radius-das")
-    params['radius_das_port'] = "3799"
-    params['radius_das_client'] = "127.0.0.1 secret"
-    params['radius_das_require_event_timestamp'] = "1"
-    params['radius_das_require_message_authenticator'] = "1"
-    params['radius_das_time_window'] = "10"
-    params['own_ip_addr'] = "127.0.0.1"
-    params['nas_identifier'] = "nas.example.com"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-das")
-    addr = dev[0].own_addr()
-    sta = hapd.get_sta(addr)
-    id = sta['dot1xAuthSessionId']
-
-    dict = pyrad.dictionary.Dictionary("dictionary.radius")
-
-    srv = pyrad.client.Client(server="127.0.0.1", acctport=3799,
-                              secret=b"secret", dict=dict)
-    srv.retries = 1
-    srv.timeout = 1
-
-    logger.info("Disconnect-Request with unsupported attribute")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Calling_Station_Id=addr,
-                                      Event_Timestamp=int(time.time()) - 50)
-    add_message_auth_req(req)
-    logger.debug(req)
-    try:
-        reply = srv.SendPacket(req)
-        raise Exception("Unexpected response to Disconnect-Request")
-    except pyrad.client.Timeout:
-        logger.info("Disconnect-Request with non-matching Event-Timestamp properly ignored")
-
-    logger.info("Disconnect-Request with unsupported attribute")
-    req = radius_das.DisconnectPacket(dict=dict, secret=b"secret",
-                                      NAS_IP_Address="127.0.0.1",
-                                      NAS_Identifier="nas.example.com",
-                                      Calling_Station_Id=addr,
-                                      Event_Timestamp=int(time.time()))
-    add_message_auth_req(req)
-    send_and_check_reply(srv, req, pyrad.packet.DisconnectACK)
-
-def test_radius_das_coa(dev, apdev):
-    """RADIUS Dynamic Authorization Extensions - CoA"""
-    try:
-        import pyrad.client
-        import pyrad.packet
-        import pyrad.dictionary
-        import radius_das
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    params = hostapd.wpa2_eap_params(ssid="radius-das")
-    params['radius_das_port'] = "3799"
-    params['radius_das_client'] = "127.0.0.1 secret"
-    params['radius_das_require_event_timestamp'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-das")
-    addr = dev[0].p2p_interface_addr()
-    sta = hapd.get_sta(addr)
-    id = sta['dot1xAuthSessionId']
-
-    dict = pyrad.dictionary.Dictionary("dictionary.radius")
-
-    srv = pyrad.client.Client(server="127.0.0.1", acctport=3799,
-                              secret=b"secret", dict=dict)
-    srv.retries = 1
-    srv.timeout = 1
-
-    # hostapd does not currently support CoA-Request, so NAK is expected
-    logger.info("CoA-Request with matching Acct-Session-Id")
-    req = radius_das.CoAPacket(dict=dict, secret=b"secret",
-                               Acct_Session_Id=id,
-                               Event_Timestamp=int(time.time()))
-    send_and_check_reply(srv, req, pyrad.packet.CoANAK, error_cause=405)
-
-def test_radius_ipv6(dev, apdev):
-    """RADIUS connection over IPv6"""
-    params = {}
-    params['ssid'] = 'as'
-    params['beacon_int'] = '2000'
-    params['radius_server_clients'] = 'auth_serv/radius_clients_ipv6.conf'
-    params['radius_server_ipv6'] = '1'
-    params['radius_server_auth_port'] = '18129'
-    params['radius_server_acct_port'] = '18139'
-    params['eap_server'] = '1'
-    params['eap_user_file'] = 'auth_serv/eap_user.conf'
-    params['ca_cert'] = 'auth_serv/ca.pem'
-    params['server_cert'] = 'auth_serv/server.pem'
-    params['private_key'] = 'auth_serv/server.key'
-    hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="radius-ipv6")
-    params['auth_server_addr'] = "::0"
-    params['auth_server_port'] = "18129"
-    params['acct_server_addr'] = "::0"
-    params['acct_server_port'] = "18139"
-    params['acct_server_shared_secret'] = "radius"
-    params['own_ip_addr'] = "::0"
-    hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-ipv6")
-
-def test_radius_macacl(dev, apdev):
-    """RADIUS MAC ACL"""
-    params = hostapd.radius_params()
-    params["ssid"] = "radius"
-    params["macaddr_acl"] = "2"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius", key_mgmt="NONE", scan_freq="2412")
-
-    # Invalid VLAN ID from RADIUS server
-    dev[2].connect("radius", key_mgmt="NONE", scan_freq="2412")
-    dev[2].request("REMOVE_NETWORK all")
-    dev[2].wait_disconnected()
-    dev[2].connect("radius", key_mgmt="NONE", scan_freq="2412")
-
-def test_radius_macacl_acct(dev, apdev):
-    """RADIUS MAC ACL and accounting enabled"""
-    params = hostapd.radius_params()
-    params["ssid"] = "radius"
-    params["macaddr_acl"] = "2"
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("radius", key_mgmt="NONE", scan_freq="2412")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[1].request("RECONNECT")
-
-def test_radius_macacl_oom(dev, apdev):
-    """RADIUS MAC ACL and OOM"""
-    params = hostapd.radius_params()
-    params["ssid"] = "radius"
-    params["macaddr_acl"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 1, "hostapd_allowed_address"):
-        dev[0].connect("radius", key_mgmt="NONE", scan_freq="2412")
-
-    dev[1].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 2, "hostapd_allowed_address"):
-        dev[1].connect("radius", key_mgmt="NONE", scan_freq="2412")
-
-    dev[2].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 2, "=hostapd_allowed_address"):
-        dev[2].connect("radius", key_mgmt="NONE", scan_freq="2412")
-
-def test_radius_macacl_unreachable(dev, apdev):
-    """RADIUS MAC ACL and server unreachable"""
-    params = hostapd.radius_params()
-    params['auth_server_port'] = "18139"
-    params["ssid"] = "radius"
-    params["macaddr_acl"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    dev[0].connect("radius", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=3)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-    logger.info("Fix authentication server port")
-    hapd.set("auth_server_port", "1812")
-    hapd.disable()
-    hapd.enable()
-    dev[0].wait_connected(timeout=20)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_radius_failover(dev, apdev):
-    """RADIUS Authentication and Accounting server failover"""
-    subprocess.call(['ip', 'ro', 'replace', '192.168.213.17', 'dev', 'lo'])
-    as_hapd = hostapd.Hostapd("as")
-    as_mib_start = as_hapd.get_mib(param="radius_server")
-    params = hostapd.wpa2_eap_params(ssid="radius-failover")
-    params["auth_server_addr"] = "192.168.213.17"
-    params["auth_server_port"] = "1812"
-    params["auth_server_shared_secret"] = "testing"
-    params['acct_server_addr'] = "192.168.213.17"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "testing"
-    params['radius_retry_primary_interval'] = "20"
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    hapd.set("auth_server_addr", "127.0.0.1")
-    hapd.set("auth_server_port", "1812")
-    hapd.set("auth_server_shared_secret", "radius")
-    hapd.set('acct_server_addr', "127.0.0.1")
-    hapd.set('acct_server_port', "1813")
-    hapd.set('acct_server_shared_secret', "radius")
-    hapd.enable()
-    ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
-    if ev is None:
-        raise Exception("AP startup timed out")
-        if "AP-ENABLED" not in ev:
-            raise Exception("AP startup failed")
-    start = os.times()[4]
-
-    try:
-        subprocess.call(['ip', 'ro', 'replace', 'prohibit', '192.168.213.17'])
-        dev[0].request("SET EAPOL::authPeriod 5")
-        connect(dev[0], "radius-failover", wait_connect=False)
-        dev[0].wait_connected(timeout=20)
-    finally:
-        dev[0].request("SET EAPOL::authPeriod 30")
-        subprocess.call(['ip', 'ro', 'del', '192.168.213.17'])
-
-    as_mib_end = as_hapd.get_mib(param="radius_server")
-    req_s = int(as_mib_start['radiusAccServTotalRequests'])
-    req_e = int(as_mib_end['radiusAccServTotalRequests'])
-    if req_e <= req_s:
-        raise Exception("Unexpected RADIUS server acct MIB value")
-
-    end = os.times()[4]
-    try:
-        subprocess.call(['ip', 'ro', 'replace', 'prohibit', '192.168.213.17'])
-        dev[1].request("SET EAPOL::authPeriod 5")
-        if end - start < 21:
-            time.sleep(21 - (end - start))
-        connect(dev[1], "radius-failover", wait_connect=False)
-        dev[1].wait_connected(timeout=20)
-    finally:
-        dev[1].request("SET EAPOL::authPeriod 30")
-        subprocess.call(['ip', 'ro', 'del', '192.168.213.17'])
-
-def run_pyrad_server(srv, t_events):
-    srv.RunWithStop(t_events)
-
-def test_radius_protocol(dev, apdev):
-    """RADIUS Authentication protocol tests with a fake server"""
-    try:
-        import pyrad.server
-        import pyrad.packet
-        import pyrad.dictionary
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    class TestServer(pyrad.server.Server):
-        def _HandleAuthPacket(self, pkt):
-            pyrad.server.Server._HandleAuthPacket(self, pkt)
-            logger.info("Received authentication request")
-            reply = self.CreateReplyPacket(pkt)
-            reply.code = pyrad.packet.AccessAccept
-            if self.t_events['msg_auth'].is_set():
-                logger.info("Add Message-Authenticator")
-                if self.t_events['wrong_secret'].is_set():
-                    logger.info("Use incorrect RADIUS shared secret")
-                    pw = b"incorrect"
-                else:
-                    pw = reply.secret
-                hmac_obj = hmac.new(pw, digestmod=hashlib.md5)
-                hmac_obj.update(struct.pack("B", reply.code))
-                hmac_obj.update(struct.pack("B", reply.id))
-
-                # reply attributes
-                reply.AddAttribute("Message-Authenticator", 16*b"\x00")
-                attrs = reply._PktEncodeAttributes()
-
-                # Length
-                flen = 4 + 16 + len(attrs)
-                hmac_obj.update(struct.pack(">H", flen))
-                hmac_obj.update(pkt.authenticator)
-                hmac_obj.update(attrs)
-                if self.t_events['double_msg_auth'].is_set():
-                    logger.info("Include two Message-Authenticator attributes")
-                else:
-                    del reply[80]
-                reply.AddAttribute("Message-Authenticator", hmac_obj.digest())
-            self.SendReplyPacket(pkt.fd, reply)
-
-        def RunWithStop(self, t_events):
-            self._poll = select.poll()
-            self._fdmap = {}
-            self._PrepareSockets()
-            self.t_events = t_events
-
-            while not t_events['stop'].is_set():
-                for (fd, event) in self._poll.poll(1000):
-                    if event == select.POLLIN:
-                        try:
-                            fdo = self._fdmap[fd]
-                            self._ProcessInput(fdo)
-                        except pyrad.server.ServerPacketError as err:
-                            logger.info("pyrad server dropping packet: " + str(err))
-                        except pyrad.packet.PacketError as err:
-                            logger.info("pyrad server received invalid packet: " + str(err))
-                    else:
-                        logger.error("Unexpected event in pyrad server main loop")
-
-            for fd in self.authfds + self.acctfds:
-                fd.close()
-
-    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
-                     authport=18138, acctport=18139)
-    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
-                                                     b"radius",
-                                                     "localhost")
-    srv.BindToAddress("")
-    t_events = {}
-    t_events['stop'] = threading.Event()
-    t_events['msg_auth'] = threading.Event()
-    t_events['wrong_secret'] = threading.Event()
-    t_events['double_msg_auth'] = threading.Event()
-    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
-    t.start()
-
-    try:
-        params = hostapd.wpa2_eap_params(ssid="radius-test")
-        params['auth_server_port'] = "18138"
-        hapd = hostapd.add_ap(apdev[0], params)
-        connect(dev[0], "radius-test", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
-        if ev is None:
-            raise Exception("Timeout on EAP start")
-        time.sleep(1)
-        dev[0].request("REMOVE_NETWORK all")
-        time.sleep(0.1)
-        dev[0].dump_monitor()
-        t_events['msg_auth'].set()
-        t_events['wrong_secret'].set()
-        connect(dev[0], "radius-test", wait_connect=False)
-        time.sleep(1)
-        dev[0].request("REMOVE_NETWORK all")
-        time.sleep(0.1)
-        dev[0].dump_monitor()
-        t_events['wrong_secret'].clear()
-        connect(dev[0], "radius-test", wait_connect=False)
-        time.sleep(1)
-        dev[0].request("REMOVE_NETWORK all")
-        time.sleep(0.1)
-        dev[0].dump_monitor()
-        t_events['double_msg_auth'].set()
-        connect(dev[0], "radius-test", wait_connect=False)
-        time.sleep(1)
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def build_tunnel_password(secret, authenticator, psk):
-    a = b"\xab\xcd"
-    psk = psk.encode()
-    padlen = 16 - (1 + len(psk)) % 16
-    if padlen == 16:
-        padlen = 0
-    p = struct.pack('B', len(psk)) + psk + padlen * b'\x00'
-    cc_all = bytes()
-    b = hashlib.md5(secret + authenticator + a).digest()
-    while len(p) > 0:
-        pp = bytearray(p[0:16])
-        p = p[16:]
-        bb = bytearray(b)
-        cc = bytearray(pp[i] ^ bb[i] for i in range(len(bb)))
-        cc_all += cc
-        b = hashlib.md5(secret + cc).digest()
-    data = b'\x00' + a + bytes(cc_all)
-    return data
-
-def start_radius_psk_server(psk, invalid_code=False, acct_interim_interval=0,
-                            session_timeout=0, reject=False):
-    try:
-        import pyrad.server
-        import pyrad.packet
-        import pyrad.dictionary
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    class TestServer(pyrad.server.Server):
-        def _HandleAuthPacket(self, pkt):
-            pyrad.server.Server._HandleAuthPacket(self, pkt)
-            logger.info("Received authentication request")
-            reply = self.CreateReplyPacket(pkt)
-            reply.code = pyrad.packet.AccessAccept
-            if self.t_events['invalid_code']:
-                reply.code = pyrad.packet.AccessRequest
-            if self.t_events['reject']:
-                reply.code = pyrad.packet.AccessReject
-            data = build_tunnel_password(reply.secret, pkt.authenticator,
-                                         self.t_events['psk'])
-            reply.AddAttribute("Tunnel-Password", data)
-            if self.t_events['acct_interim_interval']:
-                reply.AddAttribute("Acct-Interim-Interval",
-                                   self.t_events['acct_interim_interval'])
-            if self.t_events['session_timeout']:
-                reply.AddAttribute("Session-Timeout",
-                                   self.t_events['session_timeout'])
-            self.SendReplyPacket(pkt.fd, reply)
-
-        def RunWithStop(self, t_events):
-            self._poll = select.poll()
-            self._fdmap = {}
-            self._PrepareSockets()
-            self.t_events = t_events
-
-            while not t_events['stop'].is_set():
-                for (fd, event) in self._poll.poll(1000):
-                    if event == select.POLLIN:
-                        try:
-                            fdo = self._fdmap[fd]
-                            self._ProcessInput(fdo)
-                        except pyrad.server.ServerPacketError as err:
-                            logger.info("pyrad server dropping packet: " + str(err))
-                        except pyrad.packet.PacketError as err:
-                            logger.info("pyrad server received invalid packet: " + str(err))
-                    else:
-                        logger.error("Unexpected event in pyrad server main loop")
-
-            for fd in self.authfds + self.acctfds:
-                fd.close()
-
-    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
-                     authport=18138, acctport=18139)
-    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
-                                                     b"radius",
-                                                     "localhost")
-    srv.BindToAddress("")
-    t_events = {}
-    t_events['stop'] = threading.Event()
-    t_events['psk'] = psk
-    t_events['invalid_code'] = invalid_code
-    t_events['acct_interim_interval'] = acct_interim_interval
-    t_events['session_timeout'] = session_timeout
-    t_events['reject'] = reject
-    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
-    t.start()
-    return t, t_events
-
-def hostapd_radius_psk_test_params():
-    params = hostapd.radius_params()
-    params['ssid'] = "test-wpa2-psk"
-    params["wpa"] = "2"
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["rsn_pairwise"] = "CCMP"
-    params['macaddr_acl'] = '2'
-    params['wpa_psk_radius'] = '2'
-    params['auth_server_port'] = "18138"
-    return params
-
-def test_radius_psk(dev, apdev):
-    """WPA2 with PSK from RADIUS"""
-    t, t_events = start_radius_psk_server("12345678")
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
-        t_events['psk'] = "0123456789abcdef"
-        dev[1].connect("test-wpa2-psk", psk="0123456789abcdef",
-                       scan_freq="2412")
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_invalid(dev, apdev):
-    """WPA2 with invalid PSK from RADIUS"""
-    t, t_events = start_radius_psk_server("1234567")
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
-                       wait_connect=False)
-        time.sleep(1)
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_invalid2(dev, apdev):
-    """WPA2 with invalid PSK (hexstring) from RADIUS"""
-    t, t_events = start_radius_psk_server(64*'q')
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
-                       wait_connect=False)
-        time.sleep(1)
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_hex_psk(dev, apdev):
-    """WPA2 with PSK hexstring from RADIUS"""
-    t, t_events = start_radius_psk_server(64*'2', acct_interim_interval=19,
-                                          session_timeout=123)
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-psk", raw_psk=64*'2', scan_freq="2412")
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_unknown_code(dev, apdev):
-    """WPA2 with PSK from RADIUS and unknown code"""
-    t, t_events = start_radius_psk_server(64*'2', invalid_code=True)
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
-                       wait_connect=False)
-        time.sleep(1)
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_reject(dev, apdev):
-    """WPA2 with PSK from RADIUS and reject"""
-    t, t_events = start_radius_psk_server("12345678", reject=True)
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10)
-        if ev is None:
-            raise Exception("No CTRL-EVENT-AUTH-REJECT event")
-        dev[0].request("DISCONNECT")
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_oom(dev, apdev):
-    """WPA2 with PSK from RADIUS and OOM"""
-    t, t_events = start_radius_psk_server(64*'2')
-
-    try:
-        params = hostapd_radius_psk_test_params()
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-        dev[0].scan_for_bss(bssid, freq="2412")
-        with alloc_fail(hapd, 1, "=hostapd_acl_recv_radius"):
-            dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
-                           wait_connect=False)
-            wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_psk_default(dev, apdev):
-    """WPA2 with default PSK"""
-    ssid = "test-wpa2-psk"
-    params = hostapd.radius_params()
-    params['ssid'] = ssid
-    params["wpa"] = "2"
-    params["wpa_key_mgmt"] = "WPA-PSK"
-    params["rsn_pairwise"] = "CCMP"
-    params['macaddr_acl'] = '2'
-    params['wpa_psk_radius'] = '1'
-    params['wpa_passphrase'] = 'qwertyuiop'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(ssid, psk="qwertyuiop", scan_freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    hapd.disable()
-    hapd.set("wpa_psk_radius", "2")
-    hapd.enable()
-    dev[0].connect(ssid, psk="qwertyuiop", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("No CTRL-EVENT-AUTH-REJECT event")
-    dev[0].request("DISCONNECT")
-
-def test_radius_auth_force_client_addr(dev, apdev):
-    """RADIUS client address specified"""
-    params = hostapd.wpa2_eap_params(ssid="radius-auth")
-    params['radius_client_addr'] = "127.0.0.1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-auth")
-
-def test_radius_auth_force_client_dev(dev, apdev):
-    """RADIUS client device specified"""
-    params = hostapd.wpa2_eap_params(ssid="radius-auth")
-    params['radius_client_dev'] = "lo"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-auth")
-
-@remote_compatible
-def test_radius_auth_force_invalid_client_addr(dev, apdev):
-    """RADIUS client address specified and invalid address"""
-    params = hostapd.wpa2_eap_params(ssid="radius-auth")
-    #params['radius_client_addr'] = "10.11.12.14"
-    params['radius_client_addr'] = "1::2"
-    hapd = hostapd.add_ap(apdev[0], params)
-    connect(dev[0], "radius-auth", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"])
-    if ev is None:
-        raise Exception("Timeout on EAP start")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-def add_message_auth(req):
-    req.authenticator = req.CreateAuthenticator()
-    hmac_obj = hmac.new(req.secret, digestmod=hashlib.md5)
-    hmac_obj.update(struct.pack("B", req.code))
-    hmac_obj.update(struct.pack("B", req.id))
-
-    # request attributes
-    req.AddAttribute("Message-Authenticator", 16*b"\x00")
-    attrs = req._PktEncodeAttributes()
-
-    # Length
-    flen = 4 + 16 + len(attrs)
-    hmac_obj.update(struct.pack(">H", flen))
-    hmac_obj.update(req.authenticator)
-    hmac_obj.update(attrs)
-    del req[80]
-    req.AddAttribute("Message-Authenticator", hmac_obj.digest())
-
-def test_radius_server_failures(dev, apdev):
-    """RADIUS server failure cases"""
-    try:
-        import pyrad.client
-        import pyrad.packet
-        import pyrad.dictionary
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    dict = pyrad.dictionary.Dictionary("dictionary.radius")
-    client = pyrad.client.Client(server="127.0.0.1", authport=1812,
-                                 secret=b"radius", dict=dict)
-    client.retries = 1
-    client.timeout = 1
-
-    # unexpected State
-    req = client.CreateAuthPacket(code=pyrad.packet.AccessRequest,
-                                  User_Name="foo")
-    req['State'] = b'foo-state'
-    add_message_auth(req)
-    reply = client.SendPacket(req)
-    if reply.code != pyrad.packet.AccessReject:
-        raise Exception("Unexpected RADIUS response code " + str(reply.code))
-
-    # no EAP-Message
-    req = client.CreateAuthPacket(code=pyrad.packet.AccessRequest,
-                                  User_Name="foo")
-    add_message_auth(req)
-    try:
-        reply = client.SendPacket(req)
-        raise Exception("Unexpected response")
-    except pyrad.client.Timeout:
-        pass
-
-def test_ap_vlan_wpa2_psk_radius_required(dev, apdev):
-    """AP VLAN with WPA2-PSK and RADIUS attributes required"""
-    try:
-        import pyrad.server
-        import pyrad.packet
-        import pyrad.dictionary
-    except ImportError:
-        raise HwsimSkip("No pyrad modules available")
-
-    class TestServer(pyrad.server.Server):
-        def _HandleAuthPacket(self, pkt):
-            pyrad.server.Server._HandleAuthPacket(self, pkt)
-            logger.info("Received authentication request")
-            reply = self.CreateReplyPacket(pkt)
-            reply.code = pyrad.packet.AccessAccept
-            secret = reply.secret
-            if self.t_events['extra'].is_set():
-                reply.AddAttribute("Chargeable-User-Identity", "test-cui")
-                reply.AddAttribute("User-Name", "test-user")
-            if self.t_events['long'].is_set():
-                reply.AddAttribute("Tunnel-Type", 13)
-                reply.AddAttribute("Tunnel-Medium-Type", 6)
-                reply.AddAttribute("Tunnel-Private-Group-ID", "1")
-            self.SendReplyPacket(pkt.fd, reply)
-
-        def RunWithStop(self, t_events):
-            self._poll = select.poll()
-            self._fdmap = {}
-            self._PrepareSockets()
-            self.t_events = t_events
-
-            while not t_events['stop'].is_set():
-                for (fd, event) in self._poll.poll(1000):
-                    if event == select.POLLIN:
-                        try:
-                            fdo = self._fdmap[fd]
-                            self._ProcessInput(fdo)
-                        except pyrad.server.ServerPacketError as err:
-                            logger.info("pyrad server dropping packet: " + str(err))
-                        except pyrad.packet.PacketError as err:
-                            logger.info("pyrad server received invalid packet: " + str(err))
-                    else:
-                        logger.error("Unexpected event in pyrad server main loop")
-
-            for fd in self.authfds + self.acctfds:
-                fd.close()
-
-    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
-                     authport=18138, acctport=18139)
-    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
-                                                     b"radius",
-                                                     "localhost")
-    srv.BindToAddress("")
-    t_events = {}
-    t_events['stop'] = threading.Event()
-    t_events['long'] = threading.Event()
-    t_events['extra'] = threading.Event()
-    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
-    t.start()
-
-    try:
-        ssid = "test-wpa2-psk"
-        params = hostapd.radius_params()
-        params['ssid'] = ssid
-        params["wpa"] = "2"
-        params["wpa_key_mgmt"] = "WPA-PSK"
-        params["rsn_pairwise"] = "CCMP"
-        params['macaddr_acl'] = '2'
-        params['dynamic_vlan'] = "2"
-        params['wpa_passphrase'] = '0123456789abcdefghi'
-        params['auth_server_port'] = "18138"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        logger.info("connecting without VLAN")
-        dev[0].connect(ssid, psk="0123456789abcdefghi", scan_freq="2412",
-                       wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=20)
-        if ev is None:
-            raise Exception("Timeout on connection attempt")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected success without vlan parameters")
-        logger.info("connecting without VLAN failed as expected")
-
-        logger.info("connecting without VLAN (CUI/User-Name)")
-        t_events['extra'].set()
-        dev[1].connect(ssid, psk="0123456789abcdefghi", scan_freq="2412",
-                       wait_connect=False)
-        ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=20)
-        if ev is None:
-            raise Exception("Timeout on connection attempt")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected success without vlan parameters(2)")
-        logger.info("connecting without VLAN failed as expected(2)")
-        t_events['extra'].clear()
-
-        t_events['long'].set()
-        logger.info("connecting with VLAN")
-        dev[2].connect(ssid, psk="0123456789abcdefghi", scan_freq="2412",
-                       wait_connect=False)
-        ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=20)
-        if ev is None:
-            raise Exception("Timeout on connection attempt")
-        if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev:
-            raise Exception("Unexpected failure with vlan parameters")
-        logger.info("connecting with VLAN succeeded as expected")
-    finally:
-        t_events['stop'].set()
-        t.join()
-
-def test_radius_mppe_failure(dev, apdev):
-    """RADIUS failure when adding MPPE keys"""
-    params = {"ssid": "as", "beacon_int": "2000",
-              "radius_server_clients": "auth_serv/radius_clients.conf",
-              "radius_server_auth_port": '18127',
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ca.pem",
-              "server_cert": "auth_serv/server.pem",
-              "private_key": "auth_serv/server.key"}
-    authsrv = hostapd.add_ap(apdev[1], params)
-
-    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
-    params['auth_server_port'] = "18127"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(authsrv, 1, "os_get_random;radius_msg_add_mppe_keys"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-                       identity="user", anonymous_identity="ttls",
-                       password="password",
-                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
-                       wait_connect=False, scan_freq="2412")
-        dev[0].wait_disconnected()
-        dev[0].request("REMOVE_NETWORK all")
-
-def test_radius_acct_failure(dev, apdev):
-    """RADIUS Accounting and failure to add attributes"""
-    # Connection goes through, but Accounting-Request cannot be sent out due to
-    # NAS-Identifier being too long to fit into a RADIUS attribute.
-    params = {"ssid": "radius-acct-open",
-              'acct_server_addr': "127.0.0.1",
-              'acct_server_port': "1813",
-              'acct_server_shared_secret': "radius",
-              'nas_identifier': 255*'A'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("radius-acct-open", key_mgmt="NONE", scan_freq="2412")
-
-def test_radius_acct_failure_oom(dev, apdev):
-    """RADIUS Accounting and failure to add attributes due to OOM"""
-    params = {"ssid": "radius-acct-open",
-              'acct_server_addr': "127.0.0.1",
-              'acct_server_port': "1813",
-              'acct_server_shared_secret': "radius",
-              'radius_acct_interim_interval': "1",
-              'nas_identifier': 250*'A',
-              'radius_acct_req_attr': ["126:s:" + 250*'B',
-                                       "77:s:" + 250*'C',
-                                       "127:s:" + 250*'D',
-                                       "181:s:" + 250*'E']}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 1, "radius_msg_add_attr;?radius_msg_add_attr_int32;=accounting_msg"):
-        dev[0].connect("radius-acct-open", key_mgmt="NONE", scan_freq="2412")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[1].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 1, "accounting_sta_report"):
-        dev[1].connect("radius-acct-open", key_mgmt="NONE", scan_freq="2412")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-        dev[1].request("REMOVE_NETWORK all")
-        dev[1].wait_disconnected()
-
-    tests = [(1, "radius_msg_add_attr;?radius_msg_add_attr_int32;=accounting_msg"),
-             (2, "radius_msg_add_attr;accounting_msg"),
-             (3, "radius_msg_add_attr;accounting_msg")]
-    for count, func in tests:
-        with fail_test(hapd, count, func):
-            dev[0].connect("radius-acct-open", key_mgmt="NONE",
-                           scan_freq="2412")
-            wait_fail_trigger(hapd, "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    dev[0].connect("radius-acct-open", key_mgmt="NONE", scan_freq="2412")
-    with fail_test(hapd, 8,
-                   "radius_msg_add_attr;?radius_msg_add_attr_int32;=accounting_sta_report"):
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-        wait_fail_trigger(hapd, "GET_FAIL")
-
-    with fail_test(hapd, 1, "radius_msg_add_attr;=accounting_report_state"):
-        hapd.disable()
-
-def test_radius_acct_failure_oom_rsn(dev, apdev):
-    """RADIUS Accounting in RSN and failure to add attributes due to OOM"""
-    params = hostapd.wpa2_eap_params(ssid="radius-acct")
-    params['acct_server_addr'] = "127.0.0.1"
-    params['acct_server_port'] = "1813"
-    params['acct_server_shared_secret'] = "radius"
-    params['radius_acct_interim_interval'] = "1"
-    params['nas_identifier'] = 250*'A'
-    params['radius_acct_req_attr'] = ["126:s:" + 250*'B',
-                                      "77:s:" + 250*'C',
-                                      "127:s:" + 250*'D',
-                                      "181:s:" + 250*'E']
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 1, "radius_msg_add_attr;?radius_msg_add_attr_int32;=accounting_msg"):
-        connect(dev[0], "radius-acct")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-    dev[1].scan_for_bss(bssid, freq="2412")
-    with alloc_fail(hapd, 1, "accounting_sta_report"):
-        connect(dev[1], "radius-acct")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-    dev[2].scan_for_bss(bssid, freq="2412")
-    connect(dev[2], "radius-acct")
-
-    for i in range(1, 8):
-        with alloc_fail(hapd, i, "radius_msg_add_attr;?radius_msg_add_attr_int32;=accounting_msg"):
-            wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-    for i in range(1, 15):
-        with alloc_fail(hapd, i, "radius_msg_add_attr;?radius_msg_add_attr_int32;=accounting_sta_report"):
-            wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-def test_radius_acct_failure_sta_data(dev, apdev):
-    """RADIUS Accounting and failure to get STA data"""
-    params = {"ssid": "radius-acct-open",
-              'acct_server_addr': "127.0.0.1",
-              'acct_server_port': "1813",
-              'acct_server_shared_secret': "radius"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(hapd, 1, "accounting_sta_update_stats"):
-        dev[0].connect("radius-acct-open", key_mgmt="NONE", scan_freq="2412")
-        dev[0].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=1)
diff --git a/tests/hwsim/test_rfkill.py b/tests/hwsim/test_rfkill.py
deleted file mode 100644
index 5acfb5663d9a..000000000000
--- a/tests/hwsim/test_rfkill.py
+++ /dev/null
@@ -1,242 +0,0 @@
-# rfkill tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import time
-
-import hostapd
-from hostapd import HostapdGlobal
-import hwsim_utils
-from wpasupplicant import WpaSupplicant
-from rfkill import RFKill
-from utils import HwsimSkip
-from hwsim import HWSimRadio
-
-def get_rfkill(dev):
-    phy = dev.get_driver_status_field("phyname")
-    try:
-        for r, s, h in RFKill.list():
-            if r.name == phy:
-                return r
-    except Exception as e:
-        raise HwsimSkip("No rfkill available: " + str(e))
-    raise HwsimSkip("No rfkill match found for the interface")
-
-def test_rfkill_open(dev, apdev):
-    """rfkill block/unblock during open mode connection"""
-    rfk = get_rfkill(dev[0])
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    try:
-        logger.info("rfkill block")
-        rfk.block()
-        dev[0].wait_disconnected(timeout=10,
-                                 error="Missing disconnection event on rfkill block")
-
-        if "FAIL" not in dev[0].request("REASSOCIATE"):
-            raise Exception("REASSOCIATE accepted while disabled")
-        if "FAIL" not in dev[0].request("REATTACH"):
-            raise Exception("REATTACH accepted while disabled")
-        if "FAIL" not in dev[0].request("RECONNECT"):
-            raise Exception("RECONNECT accepted while disabled")
-        if "FAIL" not in dev[0].request("FETCH_OSU"):
-            raise Exception("FETCH_OSU accepted while disabled")
-
-        logger.info("rfkill unblock")
-        rfk.unblock()
-        dev[0].wait_connected(timeout=10,
-                              error="Missing connection event on rfkill unblock")
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        rfk.unblock()
-
-def test_rfkill_wpa2_psk(dev, apdev):
-    """rfkill block/unblock during WPA2-PSK connection"""
-    rfk = get_rfkill(dev[0])
-
-    ssid = "test-wpa2-psk"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
-    hapd.wait_sta()
-    try:
-        logger.info("rfkill block")
-        rfk.block()
-        dev[0].wait_disconnected(timeout=10,
-                                 error="Missing disconnection event on rfkill block")
-
-        logger.info("rfkill unblock")
-        rfk.unblock()
-        dev[0].wait_connected(timeout=10,
-                              error="Missing connection event on rfkill unblock")
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(dev[0], hapd)
-    finally:
-        rfk.unblock()
-
-def test_rfkill_autogo(dev, apdev):
-    """rfkill block/unblock for autonomous P2P GO"""
-    rfk0 = get_rfkill(dev[0])
-    rfk1 = get_rfkill(dev[1])
-
-    dev[0].p2p_start_go()
-    dev[1].request("SET p2p_no_group_iface 0")
-    dev[1].p2p_start_go()
-
-    try:
-        logger.info("rfkill block 0")
-        rfk0.block()
-        ev = dev[0].wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-        if ev is None:
-            raise Exception("Group removal not reported")
-        if "reason=UNAVAILABLE" not in ev:
-            raise Exception("Unexpected group removal reason: " + ev)
-        if "FAIL" not in dev[0].request("P2P_LISTEN 1"):
-            raise Exception("P2P_LISTEN accepted unexpectedly")
-        if "FAIL" not in dev[0].request("P2P_LISTEN"):
-            raise Exception("P2P_LISTEN accepted unexpectedly")
-
-        logger.info("rfkill block 1")
-        rfk1.block()
-        ev = dev[1].wait_global_event(["P2P-GROUP-REMOVED"], timeout=10)
-        if ev is None:
-            raise Exception("Group removal not reported")
-        if "reason=UNAVAILABLE" not in ev:
-            raise Exception("Unexpected group removal reason: " + ev)
-
-        logger.info("rfkill unblock 0")
-        rfk0.unblock()
-        logger.info("rfkill unblock 1")
-        rfk1.unblock()
-        time.sleep(1)
-    finally:
-        rfk0.unblock()
-        rfk1.unblock()
-
-def _test_rfkill_p2p_discovery(dev0, dev1):
-    """rfkill block/unblock P2P Discovery"""
-    rfk0 = get_rfkill(dev0)
-    rfk1 = get_rfkill(dev1)
-
-    try:
-        addr0 = dev0.p2p_dev_addr()
-
-        logger.info("rfkill block 0")
-        rfk0.block()
-        logger.info("rfkill block 1")
-        rfk1.block()
-
-        for i in range(10):
-            time.sleep(0.1)
-            if dev0.get_status_field("wpa_state") == "INTERFACE_DISABLED" and dev1.get_status_field("wpa_state") == "INTERFACE_DISABLED":
-                break
-
-        if "OK" in dev0.p2p_listen():
-            raise Exception("P2P Listen success although in rfkill")
-
-        if "OK" in dev1.p2p_find():
-            raise Exception("P2P Find success although in rfkill")
-
-        dev0.dump_monitor()
-        dev1.dump_monitor()
-
-        logger.info("rfkill unblock 0")
-        rfk0.unblock()
-        logger.info("rfkill unblock 1")
-        rfk1.unblock()
-
-        for i in range(10):
-            time.sleep(0.1)
-            if dev0.get_status_field("wpa_state") != "INTERFACE_DISABLED" and dev1.get_status_field("wpa_state") != "INTERFACE_DISABLED":
-                break
-
-        if "OK" not in dev0.p2p_listen():
-            raise Exception("P2P Listen failed after unblocking rfkill")
-
-        if not dev1.discover_peer(addr0, social=True):
-            raise Exception("Failed to discover peer after unblocking rfkill")
-
-    finally:
-        rfk0.unblock()
-        rfk1.unblock()
-        dev0.p2p_stop_find()
-        dev1.p2p_stop_find()
-        dev0.dump_monitor()
-        dev1.dump_monitor()
-
-def test_rfkill_p2p_discovery(dev, apdev):
-    """rfkill block/unblock P2P Discovery"""
-    _test_rfkill_p2p_discovery(dev[0], dev[1])
-
-def test_rfkill_p2p_discovery_p2p_dev(dev, apdev):
-    """rfkill block/unblock P2P Discovery with P2P Device"""
-    with HWSimRadio(use_p2p_device=True) as (radio, iface):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add(iface)
-        _test_rfkill_p2p_discovery(dev[0], wpas)
-        _test_rfkill_p2p_discovery(wpas, dev[1])
-
-def test_rfkill_hostapd(dev, apdev):
-    """rfkill block/unblock during and prior to hostapd operations"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-
-    rfk = get_rfkill(hapd)
-
-    try:
-        rfk.block()
-        ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("INTERFACE-DISABLED event not seen")
-        rfk.unblock()
-        ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=5)
-        if ev is None:
-            raise Exception("INTERFACE-ENABLED event not seen")
-        # hostapd does not current re-enable beaconing automatically
-        hapd.disable()
-        hapd.enable()
-        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-        rfk.block()
-        ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("INTERFACE-DISABLED event not seen")
-        dev[0].wait_disconnected(timeout=10)
-        dev[0].request("DISCONNECT")
-        hapd.disable()
-
-        hglobal = HostapdGlobal(apdev[0])
-        hglobal.flush()
-        hglobal.remove(apdev[0]['ifname'])
-
-        hapd = hostapd.add_ap(apdev[0], {"ssid": "open2"},
-                              no_enable=True)
-        if "FAIL" not in hapd.request("ENABLE"):
-            raise Exception("ENABLE succeeded unexpectedly (rfkill)")
-    finally:
-        rfk.unblock()
-
-def test_rfkill_wpas(dev, apdev):
-    """rfkill block prior to wpa_supplicant start"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    rfk = get_rfkill(wpas)
-    wpas.interface_remove("wlan5")
-    try:
-        rfk.block()
-        wpas.interface_add("wlan5")
-        time.sleep(0.5)
-        state = wpas.get_status_field("wpa_state")
-        if state != "INTERFACE_DISABLED":
-            raise Exception("Unexpected state with rfkill blocked: " + state)
-        rfk.unblock()
-        time.sleep(0.5)
-        state = wpas.get_status_field("wpa_state")
-        if state == "INTERFACE_DISABLED":
-            raise Exception("Unexpected state with rfkill unblocked: " + state)
-    finally:
-        rfk.unblock()
diff --git a/tests/hwsim/test_rrm.py b/tests/hwsim/test_rrm.py
deleted file mode 100644
index db671318381d..000000000000
--- a/tests/hwsim/test_rrm.py
+++ /dev/null
@@ -1,2147 +0,0 @@
-# Radio measurement
-# Copyright(c) 2013 - 2016 Intel Mobile Communications GmbH.
-# Copyright(c) 2011 - 2016 Intel Corporation. All rights reserved.
-# Copyright (c) 2017, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import re
-import logging
-logger = logging.getLogger()
-import struct
-import subprocess
-import time
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from remotehost import remote_compatible
-
-def check_rrm_support(dev):
-    rrm = int(dev.get_driver_status_field("capa.rrm_flags"), 16)
-    if rrm & 0x5 != 0x5 and rrm & 0x10 != 0x10:
-        raise HwsimSkip("Required RRM capabilities are not supported")
-
-def check_tx_power_support(dev):
-    rrm = int(dev.get_driver_status_field("capa.rrm_flags"), 16)
-    if rrm & 0x8 != 0x8:
-        raise HwsimSkip("Required RRM capabilities are not supported")
-
-nr = "00112233445500000000510107"
-lci = "01000800101298c0b512926666f6c2f1001c00004104050000c00012"
-civic = "01000b0011223344556677889900998877665544332211aabbccddeeff"
-
-def check_nr_results(dev, bssids=None, lci=False, civic=False):
-    if bssids is None:
-        ev = dev.wait_event(["RRM-NEIGHBOR-REP-REQUEST-FAILED"], timeout=10)
-        if ev is None:
-            raise Exception("RRM neighbor report failure not received")
-        return
-
-    received = []
-    for bssid in bssids:
-        ev = dev.wait_event(["RRM-NEIGHBOR-REP-RECEIVED"], timeout=10)
-        if ev is None:
-            raise Exception("RRM report result not indicated")
-        received.append(ev)
-
-    for bssid in bssids:
-        found = False
-        for r in received:
-            if "RRM-NEIGHBOR-REP-RECEIVED bssid=" + bssid in r:
-                if lci and "lci=" not in r:
-                    raise Exception("LCI data not reported for %s" % bssid)
-                if civic and "civic=" not in r:
-                    raise Exception("civic data not reported for %s" % bssid)
-                received.remove(r)
-                found = True
-                break
-        if not found:
-            raise Exception("RRM report result for %s not indicated" % bssid)
-
-def test_rrm_neighbor_db(dev, apdev):
-    """hostapd ctrl_iface SET_NEIGHBOR"""
-    params = {"ssid": "test", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    params = {"ssid": "test2", "rrm_neighbor_report": "1"}
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    res = hapd.request("SHOW_NEIGHBOR")
-    if len(res.splitlines()) != 1:
-        raise Exception("Unexpected SHOW_NEIGHBOR output(1): " + res)
-    if apdev[0]['bssid'] not in res:
-        raise Exception("Own BSS not visible in SHOW_NEIGHBOR output")
-
-    if "OK" not in hapd2.request("SET_NEIGHBOR " + res.strip()):
-        raise Exception("Failed to copy neighbor entry to another hostapd")
-    res2 = hapd2.request("SHOW_NEIGHBOR")
-    if len(res2.splitlines()) != 2:
-        raise Exception("Unexpected SHOW_NEIGHBOR output: " + res2)
-    if res not in res2:
-        raise Exception("Copied entry not visible")
-
-    # Bad BSSID
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:gg ssid=\"test1\" nr=" + nr):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # Bad SSID
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=test1 nr=" + nr):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # Bad SSID end
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1 nr=" + nr):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # No SSID
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 nr=" + nr):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # No NR
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\""):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # Odd length of NR
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr[:-1]):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # Invalid lci
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr + " lci=1"):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # Invalid civic
-    if "FAIL" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr + " civic=1"):
-        raise Exception("Set neighbor succeeded unexpectedly")
-
-    # No entry yet in database
-    if "FAIL" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\""):
-        raise Exception("Remove neighbor succeeded unexpectedly")
-
-    # Add a neighbor entry
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr + " lci=" + lci + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-
-    res = hapd.request("SHOW_NEIGHBOR")
-    if len(res.splitlines()) != 2:
-        raise Exception("Unexpected SHOW_NEIGHBOR output(2): " + res)
-    if apdev[0]['bssid'] not in res:
-        raise Exception("Own BSS not visible in SHOW_NEIGHBOR output")
-    if "00:11:22:33:44:55" not in res:
-        raise Exception("Added BSS not visible in SHOW_NEIGHBOR output")
-
-    # Another BSSID with the same SSID
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:56 ssid=\"test1\" nr=" + nr + " lci=" + lci + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-
-    res = hapd.request("SHOW_NEIGHBOR")
-    if len(res.splitlines()) != 3:
-        raise Exception("Unexpected SHOW_NEIGHBOR output(3): " + res)
-    if apdev[0]['bssid'] not in res:
-        raise Exception("Own BSS not visible in SHOW_NEIGHBOR output")
-    if "00:11:22:33:44:55" not in res:
-        raise Exception("Added BSS not visible in SHOW_NEIGHBOR output")
-    if "00:11:22:33:44:56" not in res:
-        raise Exception("Second added BSS not visible in SHOW_NEIGHBOR output")
-
-    # Fewer parameters
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr):
-        raise Exception("Set neighbor failed")
-
-    # SSID in hex format
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=7465737431 nr=" + nr):
-        raise Exception("Set neighbor failed")
-
-    # With more parameters
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-
-    # With all parameters
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr + " lci=" + lci + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-
-    # Another SSID on the same BSSID
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test2\" nr=" + nr + " lci=" + lci):
-        raise Exception("Set neighbor failed")
-
-    if "OK" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\""):
-        raise Exception("Remove neighbor failed")
-
-    if "OK" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:56 ssid=\"test1\""):
-        raise Exception("Remove neighbor failed")
-
-    if "OK" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test2\""):
-        raise Exception("Remove neighbor failed")
-
-    # Double remove
-    if "FAIL" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\""):
-        raise Exception("Remove neighbor succeeded unexpectedly")
-
-    # Stationary AP
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test3\" nr=" + nr + " lci=" + lci + " civic=" + civic + " stat"):
-        raise Exception("Set neighbor failed")
-
-    res = hapd.request("SHOW_NEIGHBOR")
-    if len(res.splitlines()) != 2:
-        raise Exception("Unexpected SHOW_NEIGHBOR output(4): " + res)
-    if "00:11:22:33:44:55" not in res or " stat" not in res:
-        raise Exception("Unexpected SHOW_NEIGHBOR output(4b): " + res)
-
-    if "OK" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test3\""):
-        raise Exception("Remove neighbor failed")
-
-    # Add an entry for following REMOVE_NEIGHBOR tests
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=7465737431 nr=" + nr):
-        raise Exception("Set neighbor failed")
-
-    # Invalid remove - bad BSSID
-    if "FAIL" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:5 ssid=\"test1\""):
-        raise Exception("Remove neighbor succeeded unexpectedly")
-
-    # Invalid remove - bad SSID
-    if "FAIL" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1"):
-        raise Exception("Remove neighbor succeeded unexpectedly")
-
-    # Remove without specifying SSID
-    if "OK" not in hapd.request("REMOVE_NEIGHBOR 00:11:22:33:44:55"):
-        raise Exception("Remove neighbor without SSID failed")
-
-    res = hapd.request("SHOW_NEIGHBOR")
-    if len(res.splitlines()) != 1:
-        raise Exception("Unexpected SHOW_NEIGHBOR output(5): " + res)
-    if apdev[0]['bssid'] not in res:
-        raise Exception("Own BSS not visible in SHOW_NEIGHBOR output")
-
-def test_rrm_neighbor_db_failures(dev, apdev):
-    """hostapd ctrl_iface SET_NEIGHBOR failures"""
-    params = {"ssid": "test", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    cmd = "SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test1\" nr=" + nr + " lci=" + lci + " civic=" + civic
-    tests = [(1, "hostapd_neighbor_add"),
-             (1, "wpabuf_dup;hostapd_neighbor_set"),
-             (2, "wpabuf_dup;hostapd_neighbor_set"),
-             (3, "wpabuf_dup;hostapd_neighbor_set")]
-    for count, func in tests:
-        with alloc_fail(hapd, count, func):
-            if "FAIL" not in hapd.request(cmd):
-                raise Exception("Set neighbor succeeded")
-
-def test_rrm_neighbor_db_disabled(dev, apdev):
-    """hostapd ctrl_iface SHOW_NEIGHBOR while neighbor report disabled"""
-    params = {"ssid": "test"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    if "FAIL" not in hapd.request("SHOW_NEIGHBOR"):
-        raise Exception("SHOW_NEIGHBOR accepted")
-
-def test_rrm_neighbor_rep_req(dev, apdev):
-    """wpa_supplicant ctrl_iface NEIGHBOR_REP_REQUEST"""
-    check_rrm_support(dev[0])
-
-    nr1 = "00112233445500000000510107"
-    nr2 = "00112233445600000000510107"
-    nr3 = "dd112233445500000000510107"
-
-    params = {"ssid": "test", "rnr": "1"}
-    hostapd.add_ap(apdev[0]['ifname'], params)
-    params = {"ssid": "test2", "rrm_neighbor_report": "1", "rnr": "1"}
-    hapd = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    bssid1 = apdev[1]['bssid']
-
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request succeeded unexpectedly (AP without RRM)")
-    if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"abcdef\""):
-        raise Exception("Request succeeded unexpectedly (AP without RRM 2)")
-    dev[0].request("DISCONNECT")
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], [bssid1])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST lci"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], [bssid1])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST lci civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], [bssid1])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test3\""):
-        raise Exception("Request failed")
-    check_nr_results(dev[0])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test3\" lci civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0])
-
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"test3\" nr=" + nr1 + " lci=" + lci + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:56 ssid=\"test3\" nr=" + nr2 + " lci=" + lci + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:56 ssid=\"test4\" nr=" + nr2 + " lci=" + lci + " civic=" + civic):
-        raise Exception("Set neighbor failed")
-    if "OK" not in hapd.request("SET_NEIGHBOR dd:11:22:33:44:55 ssid=\"test5\" nr=" + nr3 + " lci=" + lci):
-        raise Exception("Set neighbor failed")
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test3\""):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:55", "00:11:22:33:44:56"])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test3\" lci"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:55", "00:11:22:33:44:56"],
-                     lci=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test3\" civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:55", "00:11:22:33:44:56"],
-                     civic=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test3\" lci civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:55", "00:11:22:33:44:56"],
-                     lci=True, civic=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test4\""):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:56"])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test4\" lci"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:56"], lci=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test4\" civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:56"], civic=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test4\" lci civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["00:11:22:33:44:56"], lci=True, civic=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test5\""):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["dd:11:22:33:44:55"])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test5\" lci"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["dd:11:22:33:44:55"], lci=True)
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test5\" civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["dd:11:22:33:44:55"])
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST ssid=\"test5\" lci civic"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], ["dd:11:22:33:44:55"], lci=True)
-
-    if "OK" not in hapd.request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-    time.sleep(0.2)
-    dev[1].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-def test_rrm_neighbor_rep_oom(dev, apdev):
-    """hostapd neighbor report OOM"""
-    check_rrm_support(dev[0])
-
-    nr1 = "00112233445500000000510107"
-    nr2 = "00112233445600000000510107"
-    nr3 = "dd112233445500000000510107"
-
-    params = {"ssid": "test", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-
-    with alloc_fail(hapd, 1, "hostapd_send_nei_report_resp"):
-        if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-            raise Exception("Request failed")
-        ev = dev[0].wait_event(["RRM-NEIGHBOR-REP-REQUEST-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("Neighbor report failure not reported")
-
-def test_rrm_lci_req(dev, apdev):
-    """hostapd lci request"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    # station not specified
-    if "FAIL" not in hapd.request("REQ_LCI "):
-        raise Exception("REQ_LCI with no station succeeded unexpectedly")
-
-    # station that is not connected specified
-    if "FAIL" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-        raise Exception("REQ_LCI succeeded unexpectedly (station not connected)")
-
-    dev[0].request("SET LCI ")
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    # station connected without LCI
-    if "FAIL" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-        raise Exception("REQ_LCI succeeded unexpectedly (station without lci)")
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=2)
-
-    dev[0].request("SET LCI " + lci)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    # station connected with LCI
-    if "OK" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-        raise Exception("REQ_LCI failed unexpectedly")
-
-def test_rrm_lci_req_timeout(dev, apdev):
-    """hostapd lci request timeout"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].request("SET LCI " + lci)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in hapd.request("REQ_LCI " + addr):
-        raise Exception("REQ_LCI failed unexpectedly")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("No response seen at the AP")
-    # Ignore response and wait for HOSTAPD_RRM_REQUEST_TIMEOUT
-    time.sleep(5.1)
-    # Process response after timeout
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % ev.split(' ')[1]):
-        raise Exception("MGMT_RX_PROCESS failed")
-    for i in range(257):
-        if "OK" not in hapd.request("REQ_LCI " + addr):
-            raise Exception("REQ_LCI failed unexpectedly")
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_rrm_lci_req_oom(dev, apdev):
-    """LCI report generation OOM"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].request("SET LCI " + lci)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    with alloc_fail(dev[0], 1, "wpabuf_resize;wpas_rrm_build_lci_report"):
-        if "OK" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-            raise Exception("REQ_LCI failed unexpectedly")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    dev[0].request("SET LCI ")
-    # This in in wpas_rrm_build_lci_report(), but backtrace may not always work
-    # for the "reject" label there.
-    with alloc_fail(dev[0], 1, "wpabuf_resize;wpas_rrm_handle_msr_req_element"):
-        if "OK" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-            raise Exception("REQ_LCI failed unexpectedly")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_rrm_lci_req_ap_oom(dev, apdev):
-    """LCI report generation AP OOM and failure"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].request("SET LCI " + lci)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_send_lci_req"):
-        if "FAIL" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-            raise Exception("REQ_LCI succeeded during OOM")
-
-    with fail_test(hapd, 1, "nl80211_send_frame_cmd;hostapd_send_lci_req"):
-        if "FAIL" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-            raise Exception("REQ_LCI succeeded during failure testing")
-
-def test_rrm_lci_req_get_reltime_failure(dev, apdev):
-    """LCI report generation and os_get_reltime() failure"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].request("SET LCI " + lci)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    with fail_test(dev[0], 1, "os_get_reltime;wpas_rrm_build_lci_report"):
-        if "OK" not in hapd.request("REQ_LCI " + dev[0].own_addr()):
-            raise Exception("REQ_LCI failed unexpectedly")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-
-def test_rrm_neighbor_rep_req_from_conf(dev, apdev):
-    """wpa_supplicant ctrl_iface NEIGHBOR_REP_REQUEST and hostapd config"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "test2", "rrm_neighbor_report": "1",
-              "stationary_ap": "1", "lci": lci, "civic": civic}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    bssid = apdev[0]['bssid']
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request failed")
-    check_nr_results(dev[0], [bssid])
-
-def test_rrm_neighbor_rep_req_timeout(dev, apdev):
-    """wpa_supplicant behavior on NEIGHBOR_REP_REQUEST response timeout"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "test2", "rrm_neighbor_report": "1",
-              "stationary_ap": "1", "lci": lci, "civic": civic}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request failed")
-    msg = hapd.mgmt_rx()
-    if msg is None:
-        raise Exception("Neighbor report request not seen")
-    check_nr_results(dev[0])
-
-def test_rrm_neighbor_rep_req_oom(dev, apdev):
-    """wpa_supplicant ctrl_iface NEIGHBOR_REP_REQUEST OOM"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "test2", "rrm_neighbor_report": "1",
-              "stationary_ap": "1", "lci": lci, "civic": civic}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;wpas_rrm_process_neighbor_rep"):
-        if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-            raise Exception("Request failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with fail_test(dev[0], 1,
-                    "wpa_driver_nl80211_send_action;wpas_rrm_send_neighbor_rep_request"):
-        if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-            raise Exception("Request succeeded unexpectedly")
-
-    with alloc_fail(dev[0], 1,
-                    "wpabuf_alloc;wpas_rrm_send_neighbor_rep_request"):
-        if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-            raise Exception("Request succeeded unexpectedly")
-
-def test_rrm_neighbor_rep_req_disconnect(dev, apdev):
-    """wpa_supplicant behavior on disconnection during NEIGHBOR_REP_REQUEST"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "test2", "rrm_neighbor_report": "1",
-              "stationary_ap": "1", "lci": lci, "civic": civic}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request accepted while disconnected")
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request failed")
-    msg = hapd.mgmt_rx()
-    if msg is None:
-        raise Exception("Neighbor report request not seen")
-    dev[0].request("DISCONNECT")
-    check_nr_results(dev[0])
-
-def test_rrm_neighbor_rep_req_not_supported(dev, apdev):
-    """NEIGHBOR_REP_REQUEST for AP not supporting neighbor report"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "test2", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request accepted unexpectedly")
-
-def test_rrm_neighbor_rep_req_busy(dev, apdev):
-    """wpa_supplicant and concurrent NEIGHBOR_REP_REQUEST commands"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "test2", "rrm_neighbor_report": "1",
-              "stationary_ap": "1", "lci": lci, "civic": civic}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request failed")
-    msg = hapd.mgmt_rx()
-    if msg is None:
-        raise Exception("Neighbor report request not seen")
-
-    if "FAIL" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
-        raise Exception("Request accepted while disconnected")
-
-def test_rrm_ftm_range_req(dev, apdev):
-    """hostapd FTM range request command"""
-    check_rrm_support(dev[0])
-    try:
-        run_rrm_ftm_range_req(dev, apdev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_rrm_ftm_range_req(dev, apdev):
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    # station not specified
-    if "FAIL" not in hapd.request("REQ_RANGE "):
-        raise Exception("REQ_RANGE with no station succeeded unexpectedly")
-
-    # station that is not connected specified
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr()):
-        raise Exception("REQ_RANGE succeeded unexpectedly (station not connected)")
-
-    # No responders specified
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 10"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (no responder)")
-
-    # Bad responder address
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 10 00:11:22:33:44:"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (bad responder address)")
-
-    # Bad responder address
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 10 00:11:22:33:44:55 00:11:22:33:44"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (bad responder address 2)")
-
-    # Bad min_ap value
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 300 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (invalid min_ap value)")
-
-    # Bad rand value
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " -1 10 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (invalid rand value)")
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 65536 10 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (invalid rand value)")
-
-    # Missing min_ap value
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (missing min_ap value)")
-
-    # Too many responders
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 10" + 20*" 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (too many responders)")
-    # Wrong min AP count
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 10 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (responder not in database)")
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    # Override RM capabilities to include FTM range report
-    dev[1].request("VENDOR_ELEM_ADD 13 46057100000004")
-    dev[1].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    # Request range: Destination address is not connected
-    if "FAIL" not in hapd.request("REQ_RANGE 11:22:33:44:55:66 10 1 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (responder not in database)")
-
-    # Responder not in database
-    # Note: this check would pass since the station does not support FTM range
-    # request and not because the responder is not in the database.
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[0].own_addr() + " 10 1 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (responder not in database)")
-
-    # Missing neighbor report for 00:11:22:33:44:55
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[1].own_addr() + " 10 1 00:11:22:33:44:55"):
-        raise Exception("REQ_RANGE succeeded unexpectedly (responder not in database)")
-
-    # Send request
-    if "OK" not in hapd.request("REQ_RANGE " + dev[1].own_addr() + " 10 1 " + bssid):
-        raise Exception("REQ_RANGE failed unexpectedly")
-
-    # Too long range request
-    if "FAIL" not in hapd.request("REQ_RANGE " + dev[1].own_addr() + " 10 1" + 16*(" " + bssid)):
-        raise Exception("REQ_RANGE accepted for too long range request")
-
-    time.sleep(0.1)
-    dev[0].request("DISCONNECT")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-
-def test_rrm_ftm_range_req_timeout(dev, apdev):
-    """hostapd FTM range request timeout"""
-    check_rrm_support(dev[0])
-    try:
-        run_rrm_ftm_range_req_timeout(dev, apdev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_rrm_ftm_range_req_timeout(dev, apdev):
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    # Override RM capabilities to include FTM range report
-    dev[1].request("VENDOR_ELEM_ADD 13 46057100000004")
-    dev[1].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[1].own_addr()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in hapd.request("REQ_RANGE " + addr + " 10 1 " + bssid):
-        raise Exception("REQ_RANGE failed")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("No response seen at the AP")
-    # Ignore response and wait for HOSTAPD_RRM_REQUEST_TIMEOUT
-    time.sleep(5.1)
-    # Process response after timeout
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % ev.split(' ')[1]):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    for i in range(257):
-        if "OK" not in hapd.request("REQ_RANGE " + addr + " 10 1 " + bssid):
-            raise Exception("REQ_RANGE failed")
-        dev[1].dump_monitor()
-        hapd.dump_monitor()
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-
-def test_rrm_ftm_range_req_failure(dev, apdev):
-    """hostapd FTM range request failure"""
-    check_rrm_support(dev[0])
-    try:
-        run_rrm_ftm_range_req_failure(dev, apdev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_rrm_ftm_range_req_failure(dev, apdev):
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    # Override RM capabilities to include FTM range report
-    dev[1].request("VENDOR_ELEM_ADD 13 46057100000004")
-    dev[1].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-
-    with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_send_range_req"):
-        if "FAIL" not in hapd.request("REQ_RANGE " + dev[1].own_addr() + " 10 1 " + bssid):
-            raise Exception("REQ_RANGE succeeded during OOM")
-
-    with fail_test(hapd, 1, "nl80211_send_frame_cmd;hostapd_send_range_req"):
-        if "FAIL" not in hapd.request("REQ_RANGE " + dev[1].own_addr() + " 10 1 " + bssid):
-            raise Exception("REQ_RANGE succeeded during failure testing")
-
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-
-def test_rrm_ftm_capa_indication(dev, apdev):
-    """FTM capability indication"""
-    try:
-        _test_rrm_ftm_capa_indication(dev, apdev)
-    finally:
-        dev[0].request("SET ftm_initiator 0")
-        dev[0].request("SET ftm_responder 0")
-
-def _test_rrm_ftm_capa_indication(dev, apdev):
-    params = {"ssid": "ftm",
-              "ftm_responder": "1",
-              "ftm_initiator": "1",}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    if "OK" not in dev[0].request("SET ftm_initiator 1"):
-        raise Exception("could not set ftm_initiator")
-    if "OK" not in dev[0].request("SET ftm_responder 1"):
-        raise Exception("could not set ftm_responder")
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True)
-
-class BeaconReport:
-    def __init__(self, report):
-        self.opclass, self.channel, self.start, self.duration, self.frame_info, self.rcpi, self.rsni = struct.unpack("<BBQHBBB", report[0:15])
-        report = report[15:]
-        self.bssid = report[0:6]
-        self.bssid_str = "%02x:%02x:%02x:%02x:%02x:%02x" % (struct.unpack('6B', self.bssid))
-        report = report[6:]
-        self.antenna_id, self.parent_tsf = struct.unpack("<BI", report[0:5])
-        report = report[5:]
-        self.subelems = report
-        self.frame_body = None
-        self.frame_body_fragment_id = None
-        self.last_indication = None
-        while len(report) >= 2:
-            eid, elen = struct.unpack('BB', report[0:2])
-            report = report[2:]
-            if len(report) < elen:
-                raise Exception("Invalid subelement in beacon report")
-            if eid == 1:
-                # Reported Frame Body
-                # Contents depends on the reporting detail request:
-                # 0 = no Reported Frame Body subelement
-                # 1 = all fixed fields and any elements identified in Request
-                #     element
-                # 2 = all fixed fields and all elements
-                # Fixed fields: Timestamp[8] BeaconInt[2] CapabInfo[2]
-                self.frame_body = report[0:elen]
-            if eid == 2:
-                self.frame_body_fragment_id = report[0:elen]
-            if eid == 164:
-                self.last_indication = report[0:elen]
-            report = report[elen:]
-    def __str__(self):
-        txt = "opclass={} channel={} start={} duration={} frame_info={} rcpi={} rsni={} bssid={} antenna_id={} parent_tsf={}".format(self.opclass, self.channel, self.start, self.duration, self.frame_info, self.rcpi, self.rsni, self.bssid_str, self.antenna_id, self.parent_tsf)
-        if self.frame_body:
-            txt += " frame_body=" + binascii.hexlify(self.frame_body).decode()
-        if self.frame_body_fragment_id:
-            txt += " fragment_id=" + binascii.hexlify(self.frame_body_fragment_id).decode()
-        if self.last_indication:
-            txt += " last_indication=" + binascii.hexlify(self.last_indication).decode()
-
-        return txt
-
-def run_req_beacon(hapd, addr, request):
-    token = hapd.request("REQ_BEACON " + addr + " " + request)
-    if "FAIL" in token:
-        raise Exception("REQ_BEACON failed")
-
-    ev = hapd.wait_event(["BEACON-REQ-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("No TX status event for beacon request received")
-    fields = ev.split(' ')
-    if fields[1] != addr:
-        raise Exception("Unexpected STA address in TX status: " + fields[1])
-    if fields[2] != token:
-        raise Exception("Unexpected dialog token in TX status: " + fields[2] + " (expected " + token + ")")
-    if fields[3] != "ack=1":
-        raise Exception("Unexected ACK status in TX status: " + fields[3])
-    return token
-
-@remote_compatible
-def test_rrm_beacon_req_table(dev, apdev):
-    """Beacon request - beacon table mode"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another"})
-
-    tests = ["REQ_BEACON ",
-             "REQ_BEACON q",
-             "REQ_BEACON 11:22:33:44:55:66",
-             "REQ_BEACON 11:22:33:44:55:66 req_mode=q",
-             "REQ_BEACON 11:22:33:44:55:66 req_mode=11",
-             "REQ_BEACON 11:22:33:44:55:66 1",
-             "REQ_BEACON 11:22:33:44:55:66 1q",
-             "REQ_BEACON 11:22:33:44:55:66 11223344556677889900aabbccddeeff"]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: " + t)
-
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq=2412)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        if fields[1] != addr:
-            raise Exception("Unexpected STA address in beacon report response: " + fields[1])
-        if fields[2] != token:
-            raise Exception("Unexpected dialog token in beacon report response: " + fields[2] + " (expected " + token + ")")
-        if fields[3] != "00":
-            raise Exception("Unexpected measurement report mode")
-
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-
-        # Default reporting detail is 2, i.e., all fixed fields and elements.
-        if not report.frame_body:
-            raise Exception("Reported Frame Body subelement missing")
-        if len(report.frame_body) <= 12:
-            raise Exception("Too short Reported Frame Body subelement")
-
-def test_rrm_beacon_req_frame_body_fragmentation(dev, apdev):
-    """Beacon request - beacon table mode - frame body fragmentation"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set('vendor_elements', ("dd051122330203dd0400137400dd04001374ffdd0511"
-              "22330203dd0400137400dd04001374ffdd051122330203dd0400137400dd04001"
-              "374ffdd051122330203dd0400137400dd04001374ffdd051122330203dd040013"
-              "7400dd04001374ffdd051122330203dd0400137400dd04001374ffdd051122330"
-              "203dd0400137400dd04001374ffdd051122330203dd0400137400dd04001374ff"
-              "dd051122330203dd0400137400dd04001374ff"))
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff")
-
-    # 2 beacon reports elements are expected because of fragmentation
-    for i in range(0, 2):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        if fields[1] != addr:
-            raise Exception("Unexpected STA address in beacon report response: " + fields[1])
-        if fields[2] != token:
-            raise Exception("Unexpected dialog token in beacon report response: " + fields[2] + " (expected " + token + ")")
-        if fields[3] != "00":
-            raise Exception("Unexpected measurement report mode")
-
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-
-        # Default reporting detail is 2, i.e., all fixed fields and elements.
-        if not report.frame_body_fragment_id:
-            raise Exception("Reported Frame Body Fragment ID subelement missing")
-        fragment_id = binascii.hexlify(report.frame_body_fragment_id)
-        frag_number = int(fragment_id[2:], 16) & int(0x7f)
-        if frag_number != i:
-            raise Exception("Incorrect fragment number: %d" % frag_number)
-        more_frags = int(fragment_id[2:], 16) >> 7
-        if i == 0 and more_frags != 1:
-            raise Exception("more fragments bit is not set on first fragment")
-        if i == 1 and more_frags != 0:
-            raise Exception("more fragments bit is set on last fragment")
-
-def test_rrm_beacon_req_last_frame_indication(dev, apdev):
-    """Beacon request - beacon table mode - last frame indication"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    # The request contains the last beacon report indication subelement
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffffa40101")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        if fields[1] != addr:
-            raise Exception("Unexpected STA address in beacon report response: " + fields[1])
-        if fields[2] != token:
-            raise Exception("Unexpected dialog token in beacon report response: " + fields[2] + " (expected " + token + ")")
-        if fields[3] != "00":
-            raise Exception("Unexpected measurement report mode")
-
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-
-        if not report.last_indication:
-            raise Exception("Last Beacon Report Indication subelement missing")
-
-        last = binascii.hexlify(report.last_indication).decode()
-        if (i == 2 and last != '01') or (i != 2 and last != '00'):
-            raise Exception("last beacon report indication is not set on last frame")
-
-    # The request does not contain the last beacon report indication subelement
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        if fields[1] != addr:
-            raise Exception("Unexpected STA address in beacon report response: " + fields[1])
-        if fields[2] != token:
-            raise Exception("Unexpected dialog token in beacon report response: " + fields[2] + " (expected " + token + ")")
-        if fields[3] != "00":
-            raise Exception("Unexpected measurement report mode")
-
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-
-        if report.last_indication:
-            raise Exception("Last Beacon Report Indication subelement present but not requested")
-
-@remote_compatible
-def test_rrm_beacon_req_table_detail(dev, apdev):
-    """Beacon request - beacon table mode - reporting detail"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    logger.info("Reporting Detail 0")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020100")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if report.frame_body:
-        raise Exception("Reported Frame Body subelement included with Reporting Detail 0")
-    hapd.dump_monitor()
-
-    logger.info("Reporting Detail 1")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if not report.frame_body:
-        raise Exception("Reported Frame Body subelement missing")
-    if len(report.frame_body) != 12:
-        raise Exception("Unexpected Reported Frame Body subelement length with Reporting Detail 1")
-    hapd.dump_monitor()
-
-    logger.info("Reporting Detail 2")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020102")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if not report.frame_body:
-        raise Exception("Reported Frame Body subelement missing")
-    if len(report.frame_body) <= 12:
-        raise Exception("Unexpected Reported Frame Body subelement length with Reporting Detail 2")
-    hapd.dump_monitor()
-
-    logger.info("Reporting Detail 3 (invalid)")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020103")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response to invalid reporting detail 3")
-    hapd.dump_monitor()
-
-    logger.info("Reporting Detail (too short)")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "0200")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response to invalid reporting detail")
-    hapd.dump_monitor()
-
-@remote_compatible
-def test_rrm_beacon_req_table_request(dev, apdev):
-    """Beacon request - beacon table mode - request element"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].flush_scan_cache()
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a03000106")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if not report.frame_body:
-        raise Exception("Reported Frame Body subelement missing")
-    if len(report.frame_body) != 12 + 5 + 10:
-        raise Exception("Unexpected Reported Frame Body subelement length with Reporting Detail 1 and requested elements SSID + SuppRates")
-    hapd.dump_monitor()
-
-    logger.info("Incorrect reporting detail with request subelement")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020102" + "0a03000106")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response (invalid reporting detail)")
-    hapd.dump_monitor()
-
-    logger.info("Invalid request subelement length")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a00")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response (invalid request subelement length)")
-    hapd.dump_monitor()
-
-    logger.info("Multiple request subelements")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a0100" + "0a0101")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response (multiple request subelements)")
-    hapd.dump_monitor()
-
-@remote_compatible
-def test_rrm_beacon_req_table_request_oom(dev, apdev):
-    """Beacon request - beacon table mode - request element OOM"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    with alloc_fail(dev[0], 1,
-                    "bitfield_alloc;wpas_rm_handle_beacon_req_subelem"):
-        token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a03000106")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected beacon report response received (OOM)")
-
-    with alloc_fail(dev[0], 1,
-                    "wpabuf_alloc;wpas_rrm_send_msr_report_mpdu"):
-        token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a03000106")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected beacon report response received (OOM)")
-
-    with fail_test(dev[0], 1,
-                    "wpa_driver_nl80211_send_action;wpas_rrm_send_msr_report_mpdu"):
-        token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a03000106")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected beacon report response received (OOM)")
-
-    with alloc_fail(dev[0], 1,
-                    "wpabuf_resize;wpas_add_beacon_rep"):
-        token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a03000106")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received (OOM -> empty report)")
-        fields = ev.split(' ')
-        if len(fields[4]) > 0:
-            raise Exception("Unexpected beacon report received")
-
-@remote_compatible
-def test_rrm_beacon_req_table_bssid(dev, apdev):
-    """Beacon request - beacon table mode - specific BSSID"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    bssid2 = hapd2.own_addr()
-    token = run_req_beacon(hapd, addr, "51000000000002" + bssid2.replace(':', ''))
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if "bssid=" + bssid2 not in str(report):
-        raise Exception("Report for unexpected BSS")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response")
-
-@remote_compatible
-def test_rrm_beacon_req_table_ssid(dev, apdev):
-    """Beacon request - beacon table mode - specific SSID"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    bssid2 = hapd2.own_addr()
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "0007" + binascii.hexlify(b"another").decode())
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if "bssid=" + bssid2 not in str(report):
-        raise Exception("Report for unexpected BSS")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response")
-    hapd.dump_monitor()
-
-    logger.info("Wildcard SSID")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "0000")
-    for i in range(2):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received")
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-    hapd.dump_monitor()
-
-    logger.info("Too long SSID")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "0021" + 33*"00")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response (invalid SSID subelement in request)")
-    hapd.dump_monitor()
-
-@remote_compatible
-def test_rrm_beacon_req_table_info(dev, apdev):
-    """Beacon request - beacon table mode - Reporting Information subelement"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    logger.info("Unsupported reporting information 1")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "01020100")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response (incapable) is not received")
-
-    fields = ev.split(' ')
-    if fields[3] != "02":
-        raise Exception("Beacon report response - unexpected mode (" + fields[3] + ")")
-    hapd.dump_monitor()
-
-    logger.info("Invalid reporting information length")
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "010100")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response (invalid reporting information length)")
-    hapd.dump_monitor()
-
-@remote_compatible
-def test_rrm_beacon_req_table_unknown_subelem(dev, apdev):
-    """Beacon request - beacon table mode - unknown subelement"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "330101" + "fe00")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-
-@remote_compatible
-def test_rrm_beacon_req_table_truncated_subelem(dev, apdev):
-    """Beacon request - beacon table mode - Truncated subelement"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "0001")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response (truncated subelement)")
-    hapd.dump_monitor()
-
-@remote_compatible
-def test_rrm_beacon_req_table_rsne(dev, apdev):
-    """Beacon request - beacon table mode - RSNE reporting"""
-    params = hostapd.wpa2_params(ssid="rrm-rsn", passphrase="12345678")
-    params["rrm_beacon_report"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm-rsn", psk="12345678", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000002ffffffffffff" + "020101" + "0a0130")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if not report.frame_body:
-        raise Exception("Reported Frame Body subelement missing")
-    if len(report.frame_body) != 12 + 22:
-        raise Exception("Unexpected Reported Frame Body subelement length with Reporting Detail 1 and requested element RSNE")
-    if binascii.unhexlify("30140100000fac040100000fac040100000fac020c00") not in report.frame_body:
-        raise Exception("Full RSNE not found")
-
-def test_rrm_beacon_req_table_vht(dev, apdev):
-    """Beacon request - beacon table mode - VHT"""
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        params = {"ssid": "rrm-vht",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "rrm_beacon_report": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        params = {"ssid": "test-vht40",
-                  "country_code": "FI",
-                  "hw_mode": "a",
-                  "channel": "48",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ht_capab": "[HT40-]",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0",
-                }
-        hapd2 = hostapd.add_ap(apdev[1], params)
-
-        dev[0].scan_for_bss(apdev[1]['bssid'], freq=5240)
-        dev[0].connect("rrm-vht", key_mgmt="NONE", scan_freq="5180")
-
-        addr = dev[0].own_addr()
-
-        token = run_req_beacon(hapd, addr, "f0000000000002ffffffffffff")
-        for i in range(2):
-            ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-            if ev is None:
-                raise Exception("Beacon report %d response not received" % i)
-            fields = ev.split(' ')
-            report = BeaconReport(binascii.unhexlify(fields[4]))
-            logger.info("Received beacon report: " + str(report))
-            if report.bssid_str == apdev[0]['bssid']:
-                if report.opclass != 128 or report.channel != 36:
-                    raise Exception("Incorrect opclass/channel for AP0")
-            elif report.bssid_str == apdev[1]['bssid']:
-                if report.opclass != 117 or report.channel != 48:
-                    raise Exception("Incorrect opclass/channel for AP1")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        dev[0].request("DISCONNECT")
-        disable_hapd(hapd)
-        disable_hapd(hapd2)
-        clear_regdom_dev(dev)
-
-@remote_compatible
-def test_rrm_beacon_req_active(dev, apdev):
-    """Beacon request - active scan mode"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000640001ffffffffffff")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.bssid_str == apdev[0]['bssid']:
-            if report.opclass != 81 or report.channel != 1:
-                raise Exception("Incorrect opclass/channel for AP0")
-        elif report.bssid_str == apdev[1]['bssid']:
-            if report.opclass != 81 or report.channel != 11:
-                raise Exception("Incorrect opclass/channel for AP1")
-
-@remote_compatible
-def test_rrm_beacon_req_active_ignore_old_result(dev, apdev):
-    """Beacon request - active scan mode and old scan result"""
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another"})
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq=2412)
-    hapd2.disable()
-
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51010000640001ffffffffffff")
-
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-    if report.bssid_str == apdev[1]['bssid']:
-        raise Exception("Old BSS reported")
-
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response")
-
-def start_ap(dev):
-    id = dev.add_network()
-    dev.set_network(id, "mode", "2")
-    dev.set_network_quoted(id, "ssid", 32*'A')
-    dev.set_network_quoted(id, "psk", "1234567890")
-    dev.set_network(id, "frequency", "2412")
-    dev.set_network(id, "scan_freq", "2412")
-    dev.select_network(id)
-    dev.wait_connected()
-
-def test_rrm_beacon_req_active_many(dev, apdev):
-    """Beacon request - active scan mode and many BSSs"""
-    for i in range(1, 7):
-        ifname = apdev[0]['ifname'] if i == 1 else apdev[0]['ifname'] + "-%d" % i
-        hapd1 = hostapd.add_bss(apdev[0], ifname, 'bss-%i.conf' % i)
-        hapd1.set('vendor_elements', "dd50" + 80*'bb')
-        hapd1.request("UPDATE_BEACON")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("SET device_name " + 20*'a')
-    start_ap(wpas)
-    start_ap(dev[1])
-    start_ap(dev[2])
-
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    params['vendor_elements'] = "dd50" + 80*'aa'
-    hapd = hostapd.add_ap(apdev[1]['ifname'], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    ok = False
-    for j in range(3):
-        token = run_req_beacon(hapd, addr, "51010000640001ffffffffffff")
-
-        for i in range(10):
-            ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-            if ev is None:
-                raise Exception("Beacon report %d response not received" % i)
-            fields = ev.split(' ')
-            if len(fields[4]) == 0:
-                break
-            report = BeaconReport(binascii.unhexlify(fields[4]))
-            logger.info("Received beacon report: " + str(report))
-            if i == 9:
-                ok = True
-        if ok:
-            break
-
-@remote_compatible
-def test_rrm_beacon_req_active_ap_channels(dev, apdev):
-    """Beacon request - active scan mode with AP Channel Report subelement"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51ff0000640001ffffffffffff" + "dd0111" + "330351010b" + "dd0111")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.bssid_str == apdev[0]['bssid']:
-            if report.opclass != 81 or report.channel != 1:
-                raise Exception("Incorrect opclass/channel for AP0")
-        elif report.bssid_str == apdev[1]['bssid']:
-            if report.opclass != 81 or report.channel != 11:
-                raise Exception("Incorrect opclass/channel for AP1")
-
-@remote_compatible
-def test_rrm_beacon_req_passive_ap_channels(dev, apdev):
-    """Beacon request - passive scan mode with AP Channel Report subelement"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51ff0000640000ffffffffffff" + "330351010b" + "3300" + "dd00")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.bssid_str == apdev[0]['bssid']:
-            if report.opclass != 81 or report.channel != 1:
-                raise Exception("Incorrect opclass/channel for AP0")
-        elif report.bssid_str == apdev[1]['bssid']:
-            if report.opclass != 81 or report.channel != 11:
-                raise Exception("Incorrect opclass/channel for AP1")
-
-@remote_compatible
-def test_rrm_beacon_req_active_single_channel(dev, apdev):
-    """Beacon request - active scan mode with single channel"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "510b0000640001ffffffffffff")
-
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received")
-    fields = ev.split(' ')
-    report = BeaconReport(binascii.unhexlify(fields[4]))
-    logger.info("Received beacon report: " + str(report))
-
-@remote_compatible
-def test_rrm_beacon_req_active_ap_channels_unknown_opclass(dev, apdev):
-    """Beacon request - active scan mode with AP Channel Report subelement and unknown opclass"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51ff0000640001ffffffffffff" + "3303ff010b")
-
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response (refused) not received")
-
-    fields = ev.split(' ')
-    if fields[3] != "04":
-        raise Exception("Unexpected beacon report mode: " + fields[3])
-
-@remote_compatible
-def test_rrm_beacon_req_active_ap_channel_oom(dev, apdev):
-    """Beacon request - AP Channel Report subelement and OOM"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    with alloc_fail(dev[0], 1, "wpas_add_channels"):
-        token = run_req_beacon(hapd, addr, "51ff0000640001ffffffffffff" + "330351010b")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        # allow either not to respond or send refused response
-        if ev is not None:
-            fields = ev.split(' ')
-            if fields[3] != "04":
-                raise Exception("Unexpected Beacon report during OOM with mode: " + fields[3])
-
-@remote_compatible
-def test_rrm_beacon_req_active_scan_fail(dev, apdev):
-    """Beacon request - Active scan failure"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    with alloc_fail(dev[0], 1, "wpa_supplicant_trigger_scan"):
-        token = run_req_beacon(hapd, addr, "51ff0000640001ffffffffffff" + "330351010b")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("No Beacon report")
-        fields = ev.split(' ')
-        if fields[3] != "04":
-            raise Exception("Unexpected Beacon report contents: " + ev)
-
-@remote_compatible
-def test_rrm_beacon_req_active_zero_duration(dev, apdev):
-    """Beacon request - Action scan and zero duration"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000000001ffffffffffff")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected Beacon report")
-
-@remote_compatible
-def test_rrm_beacon_req_active_fail_random(dev, apdev):
-    """Beacon request - active scan mode os_get_random failure"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    with fail_test(dev[0], 1, "os_get_random;wpas_rm_handle_beacon_req"):
-        token = run_req_beacon(hapd, addr, "51000000640001ffffffffffff")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received")
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-
-@remote_compatible
-def test_rrm_beacon_req_passive(dev, apdev):
-    """Beacon request - passive scan mode"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "another", "channel": "11"})
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51000000640000ffffffffffff")
-
-    for i in range(1, 3):
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report %d response not received" % i)
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.bssid_str == apdev[0]['bssid']:
-            if report.opclass != 81 or report.channel != 1:
-                raise Exception("Incorrect opclass/channel for AP0")
-        elif report.bssid_str == apdev[1]['bssid']:
-            if report.opclass != 81 or report.channel != 11:
-                raise Exception("Incorrect opclass/channel for AP1")
-
-@remote_compatible
-def test_rrm_beacon_req_passive_no_match(dev, apdev):
-    """Beacon request - passive scan mode and no matching BSS"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "51010000640000021122334455")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report %d response not received" % i)
-    fields = ev.split(' ')
-    if len(fields[4]) > 0:
-        raise Exception("Unexpected beacon report BSS")
-
-@remote_compatible
-def test_rrm_beacon_req_passive_no_match_oom(dev, apdev):
-    """Beacon request - passive scan mode and no matching BSS (OOM)"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    with alloc_fail(dev[0], 1, "wpabuf_resize;wpas_beacon_rep_scan_process"):
-        token = run_req_beacon(hapd, addr, "51010000640000021122334455")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=0.2)
-        if ev is not None:
-            raise Exception("Unexpected Beacon report response during OOM")
-
-    # verify reporting is still functional
-    token = run_req_beacon(hapd, addr, "51010000640000021122334455")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report %d response not received" % i)
-    fields = ev.split(' ')
-    if len(fields[4]) > 0:
-        raise Exception("Unexpected beacon report BSS")
-
-@remote_compatible
-def test_rrm_beacon_req_active_duration_mandatory(dev, apdev):
-    """Beacon request - Action scan and duration mandatory"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    token = run_req_beacon(hapd, addr, "req_mode=10 51000000640001ffffffffffff")
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("No Beacon report response")
-    fields = ev.split(' ')
-    rrm = int(dev[0].get_driver_status_field("capa.rrm_flags"), 16)
-    if rrm & 0x20 == 0x20:
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-    else:
-        # Driver does not support scan dwell time setting, so wpa_supplicant
-        # rejects the measurement request due to the mandatory duration using
-        # Measurement Report Mode field Incapable=1.
-        if fields[3] != '02':
-            raise Exception("Unexpected Measurement Report Mode: " + fields[3])
-        if len(fields[4]) > 0:
-            raise Exception("Unexpected beacon report received")
-
-def test_rrm_beacon_req_passive_scan_vht(dev, apdev):
-    """Beacon request - passive scan mode - VHT"""
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        params = {"ssid": "rrm-vht",
-                  "country_code": "FI",
-                  'ieee80211d': '1',
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ht_capab": "[HT40+]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "1",
-                  "vht_oper_centr_freq_seg0_idx": "42",
-                  "rrm_beacon_report": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=5180)
-        dev[0].connect("rrm-vht", key_mgmt="NONE", scan_freq="5180")
-
-        addr = dev[0].own_addr()
-
-        token = run_req_beacon(hapd, addr, "80000000640000ffffffffffff")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received")
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.opclass != 128 or report.channel != 36:
-            raise Exception("Incorrect opclass/channel for AP")
-
-        token = run_req_beacon(hapd, addr, "82000000640000ffffffffffff")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received")
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.opclass != 128 or report.channel != 36:
-            raise Exception("Incorrect opclass/channel for AP")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            if not vht_supported():
-                raise HwsimSkip("80 MHz channel not supported in regulatory information")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_rrm_beacon_req_passive_scan_vht160(dev, apdev):
-    """Beacon request - passive scan mode - VHT160"""
-    clear_scan_cache(apdev[0])
-    try:
-        hapd = None
-        params = {"ssid": "rrm-vht",
-                  "country_code": "ZA",
-                  'ieee80211d': '1',
-                  "hw_mode": "a",
-                  "channel": "104",
-                  "ht_capab": "[HT40-]",
-                  "vht_capab": "[VHT160]",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "vht_oper_chwidth": "2",
-                  "vht_oper_centr_freq_seg0_idx": "114",
-                  "rrm_beacon_report": "1"}
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq=5520)
-        dev[0].connect("rrm-vht", key_mgmt="NONE", scan_freq="5520")
-        sig = dev[0].request("SIGNAL_POLL").splitlines()
-        if "WIDTH=160 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
-
-        addr = dev[0].own_addr()
-
-        token = run_req_beacon(hapd, addr, "81000000640000ffffffffffff")
-        ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-        if ev is None:
-            raise Exception("Beacon report response not received")
-        fields = ev.split(' ')
-        report = BeaconReport(binascii.unhexlify(fields[4]))
-        logger.info("Received beacon report: " + str(report))
-        if report.opclass != 129 or report.channel != 104:
-            raise Exception("Incorrect opclass/channel for AP")
-    except Exception as e:
-        if isinstance(e, Exception) and str(e) == "AP startup failed":
-            raise HwsimSkip("ZA regulatory rule likely did not have DFS requirement removed")
-        raise
-    finally:
-        clear_regdom(hapd, dev)
-
-def test_rrm_beacon_req_ap_errors(dev, apdev):
-    """Beacon request - AP error cases"""
-    try:
-        run_rrm_beacon_req_ap_errors(dev, apdev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_rrm_beacon_req_ap_errors(dev, apdev):
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-    # Override RM capabilities (remove all)
-    dev[1].request("VENDOR_ELEM_ADD 13 46050000000000")
-    dev[1].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr1 = dev[1].own_addr()
-
-    # Beacon request: Too short request data
-    if "FAIL" not in hapd.request("REQ_BEACON " + addr + " 11"):
-        raise Exception("Invalid REQ_BEACON accepted")
-
-    # Beacon request: 02:00:00:00:01:00 does not support table beacon report
-    if "FAIL" not in hapd.request("REQ_BEACON " + addr1 + " 51000000000002ffffffffffff"):
-        raise Exception("Invalid REQ_BEACON accepted")
-
-    # Beacon request: 02:00:00:00:01:00 does not support active beacon report
-    if "FAIL" not in hapd.request("REQ_BEACON " + addr1 + " 51000000640001ffffffffffff"):
-        raise Exception("Invalid REQ_BEACON accepted")
-
-    # Beacon request: 02:00:00:00:01:00 does not support passive beacon report
-    if "FAIL" not in hapd.request("REQ_BEACON " + addr1 + " 510b0000640000ffffffffffff"):
-        raise Exception("Invalid REQ_BEACON accepted")
-
-    # Beacon request: Unknown measurement mode 3
-    if "FAIL" not in hapd.request("REQ_BEACON " + addr1 + " 510b0000640003ffffffffffff"):
-        raise Exception("Invalid REQ_BEACON accepted")
-
-    for i in range(257):
-        if "FAIL" in hapd.request("REQ_BEACON " + addr + " 510b0000640000ffffffffffff"):
-            raise Exception("REQ_BEACON failed")
-        dev[0].dump_monitor()
-        hapd.dump_monitor()
-
-    with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_send_beacon_req"):
-        if "FAIL" not in hapd.request("REQ_BEACON " + addr + " 510b0000640000ffffffffffff"):
-            raise Exception("REQ_BEACON accepted during OOM")
-
-    with fail_test(hapd, 1, "nl80211_send_frame_cmd;hostapd_send_beacon_req"):
-        if "FAIL" not in hapd.request("REQ_BEACON " + addr + " 510b0000640000ffffffffffff"):
-            raise Exception("REQ_BEACON accepted during failure testing")
-
-def test_rrm_req_reject_oom(dev, apdev):
-    """Radio measurement request - OOM while rejecting a request"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + addr.replace(':', '') + 2*bssid.replace(':', '') + "1000"
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-
-    with alloc_fail(dev[0], 1, "wpabuf_resize;wpas_rrm_handle_msr_req_element"):
-        # "RRM: Parallel measurements are not supported, reject"
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "05000100002603010105"):
-            raise Exception("MGMT_RX_PROCESS failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        ev = hapd.wait_event(["MGMT-RX"], timeout=0.2)
-        if ev is not None:
-            raise Exception("Unexpected beacon report response during OOM")
-
-def test_rrm_req_when_rrm_not_used(dev, apdev):
-    """Radio/link measurement request for non-RRM association"""
-    params = {"ssid": "rrm"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + addr.replace(':', '') + 2*bssid.replace(':', '') + "1000"
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "050001000026030100fe"):
-        raise Exception("MGMT_RX_PROCESS failed")
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "0502000000"):
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response when RRM is disabled")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "050001000026030100fe"):
-        raise Exception("MGMT_RX_PROCESS failed")
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "0502000000"):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-@remote_compatible
-def test_rrm_req_proto(dev, apdev):
-    """Radio measurement request - protocol testing"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].request("SET LCI ")
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + addr.replace(':', '') + 2*bssid.replace(':', '') + "1000"
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-
-    tests = []
-    # "RRM: Ignoring too short radio measurement request"
-    tests += ["0500", "050001", "05000100"]
-    # No measurement request element at all
-    tests += ["0500010000"]
-    # "RRM: Truncated element"
-    tests += ["050001000026"]
-    # "RRM: Element length too short"
-    tests += ["05000100002600", "0500010000260111", "050001000026021122"]
-    # "RRM: Element length too long"
-    tests += ["05000100002603", "0500010000260311", "050001000026031122"]
-    # "RRM: Enable bit not supported, ignore"
-    tests += ["05000100002603010200"]
-    # "RRM: Measurement report failed. TX power insertion not supported"
-    #    OR
-    # "RRM: Link measurement report failed. Request too short"
-    tests += ["0502"]
-    # Too short LCI request
-    tests += ["05000100002603010008"]
-    # Too short neighbor report response
-    tests += ["0505"]
-    # Unexpected neighbor report response
-    tests += ["050500", "050501", "050502", "050503", "050504", "050505"]
-    # Too short beacon request
-    tests += ["05000100002603010005",
-              "0500010000260f010005112233445566778899aabbcc"]
-    # Unknown beacon report mode
-    tests += ["05000100002610010005112233445566778899aabbccdd"]
-    # "RRM: Expected Measurement Request element, but EID is 0"
-    tests += ["05000100000000"]
-    for t in tests:
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected response seen at the AP: " + ev)
-
-    tests = []
-    # "RRM: Parallel measurements are not supported, reject"
-    tests += ["05000100002603010105"]
-    # "RRM: Unsupported radio measurement type 254"
-    tests += ["050001000026030100fe"]
-    # Reject LCI request
-    tests += ["0500010000260701000811223344"]
-    # Beacon report info subelement; no valid channels
-    tests += ["05000100002614010005112233445566008899aabbccdd01020000"]
-    for t in tests:
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-        ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("No response seen at the AP")
-        hapd.dump_monitor()
-
-    dev[0].request("SET LCI " + lci)
-    tests = []
-    # "Not building LCI report - bad location subject"
-    tests += ["0500010000260701000811223344"]
-    for t in tests:
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected response seen at the AP: " + ev)
-
-    tests = []
-    # LCI report or reject
-    tests += ["0500010000260701000801223344",
-              "05000100002607010008010402ff",
-              "05000100002608010008010402ffff"]
-    for t in tests:
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-        ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-        if ev is None:
-            raise Exception("No response seen at the AP")
-        hapd.dump_monitor()
-
-    # Verify rejection of a group-addressed request frame
-    hdr = "d0003a01" + "ffffffffffff" + 2*bssid.replace(':', '') + "1000"
-    # "RRM: Parallel measurements are not supported, reject"
-    t = "05000100002603010105"
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected response seen at the AP (broadcast request rejected)")
-    hapd.dump_monitor()
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("SET ext_mgmt_frame_handling 0")
-    dev[0].request("SET LCI ")
-
-def test_rrm_link_measurement(dev, apdev):
-    """Radio measurement request - link measurement"""
-    check_tx_power_support(dev[0])
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + addr.replace(':', '') + 2*bssid.replace(':', '') + "1000"
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "0502000000"):
-        raise Exception("MGMT_RX_PROCESS failed")
-    ev = hapd.wait_event(["MGMT-RX"], timeout=5)
-    if ev is None:
-        raise Exception("No link measurement report seen")
-
-def test_rrm_link_measurement_oom(dev, apdev):
-    """Radio measurement request - link measurement OOM"""
-    check_tx_power_support(dev[0])
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + addr.replace(':', '') + 2*bssid.replace(':', '') + "1000"
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;wpas_rrm_handle_link_measurement_request"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "0502000000"):
-            raise Exception("MGMT_RX_PROCESS failed")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    with fail_test(dev[0], 1, "wpas_rrm_handle_link_measurement_request"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "0502000000"):
-            raise Exception("MGMT_RX_PROCESS failed")
-        wait_fail_trigger(dev[0], "GET_FAIL")
-
-    ev = hapd.wait_event(["MGMT-RX"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected beacon report response during OOM")
-
-def test_rrm_rep_parse_proto(dev, apdev):
-    """hostapd rrm report parsing protocol testing"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    dev[0].request("SET LCI " + lci)
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    tests = ["0501",
-             "05ff01",
-             "0501012703fffffe2700",
-             "0501012703ffff05",
-             "05010127ffffff05" + 252*"00",
-             "0504012603ffffff2600",
-             "0504012603ffff08",
-             "0504012608ffff08ffffffffff",
-             "0504012608ffff08ff04021234",
-             "0504012608ffff08ff04020100",
-             "0504012608ffff08ff0402ffff"]
-    for t in tests:
-        if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed for " + t)
-
-    if "OK" not in hapd.request("SET_NEIGHBOR 00:11:22:33:44:55 ssid=\"rrm\" nr=" + nr + " lci=" + lci):
-        raise Exception("Set neighbor failed")
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "0504012608ffff08ff04021000"):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-def test_rrm_unexpected(dev, apdev):
-    """hostapd unexpected rrm"""
-    check_rrm_support(dev[0])
-
-    params = {"ssid": "rrm", "rrm_neighbor_report": "0"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    tests = ["050401"]
-    for t in tests:
-        if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed for " + t)
-
-def check_beacon_req(hapd, addr, idx):
-    request = "51000000000002ffffffffffff" + "020100"
-    token = hapd.request("REQ_BEACON " + addr + " " + request)
-    if "FAIL" in token:
-        raise Exception("REQ_BEACON failed (%d)" % idx)
-    ev = hapd.wait_event(["BEACON-RESP-RX"], timeout=10)
-    if ev is None:
-        raise Exception("Beacon report response not received (%d)" % idx)
-
-def test_rrm_reassociation(dev, apdev):
-    """Radio measurement request - reassociation"""
-    params = {"ssid": "rrm", "rrm_beacon_report": "1"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    addr = dev[0].own_addr()
-    dev[0].flush_scan_cache()
-    dev[0].connect("rrm", key_mgmt="NONE", scan_freq="2412")
-    check_beacon_req(hapd, addr, 1)
-
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected()
-    check_beacon_req(hapd, addr, 1)
-
-    hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
-    bssid2 = hapd2.own_addr()
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2)
-    check_beacon_req(hapd2, addr, 2)
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].roam(bssid)
-    check_beacon_req(hapd, addr, 3)
diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py
deleted file mode 100644
index a8a4ac00c856..000000000000
--- a/tests/hwsim/test_sae.py
+++ /dev/null
@@ -1,2782 +0,0 @@
-# Test cases for SAE
-# Copyright (c) 2013-2020, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import os
-import time
-import logging
-logger = logging.getLogger()
-import socket
-import struct
-import subprocess
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from test_ap_psk import find_wpas_process, read_process_memory, verify_not_present, get_key_locations
-
-@remote_compatible
-def test_sae(dev, apdev):
-    """SAE with default group"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    key_mgmt = hapd.get_config()['key_mgmt']
-    if key_mgmt.split(' ')[0] != "SAE":
-        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
-
-    dev[0].request("SET sae_groups ")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        scan_freq="2412")
-    hapd.wait_sta()
-    if dev[0].get_status_field('sae_group') != '19':
-            raise Exception("Expected default SAE group not used")
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WPA2-SAE-CCMP]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    res = hapd.request("STA-FIRST")
-    if "sae_group=19" not in res.splitlines():
-        raise Exception("hostapd STA output did not specify SAE group")
-
-    pmk_h = hapd.request("GET_PMK " + dev[0].own_addr())
-    pmk_w = dev[0].get_pmk(id)
-    if pmk_h != pmk_w:
-        raise Exception("Fetched PMK does not match: hostapd %s, wpa_supplicant %s" % (pmk_h, pmk_w))
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    pmk_h2 = hapd.request("GET_PMK " + dev[0].own_addr())
-    if pmk_h != pmk_h2:
-        raise Exception("Fetched PMK from PMKSA cache does not match: %s, %s" % (pmk_h, pmk_h2))
-    if "FAIL" not in hapd.request("GET_PMK foo"):
-        raise Exception("Invalid GET_PMK did not return failure")
-    if "FAIL" not in hapd.request("GET_PMK 02:ff:ff:ff:ff:ff"):
-        raise Exception("GET_PMK for unknown STA did not return failure")
-
-@remote_compatible
-def test_sae_password_ecc(dev, apdev):
-    """SAE with number of different passwords (ECC)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 19")
-
-    for i in range(10):
-        password = "12345678-" + str(i)
-        hapd.set("wpa_passphrase", password)
-        dev[0].connect("test-sae", psk=password, key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-@remote_compatible
-def test_sae_password_ffc(dev, apdev):
-    """SAE with number of different passwords (FFC)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '15'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 15")
-
-    for i in range(10):
-        password = "12345678-" + str(i)
-        hapd.set("wpa_passphrase", password)
-        dev[0].connect("test-sae", psk=password, key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-@remote_compatible
-def test_sae_pmksa_caching(dev, apdev):
-    """SAE and PMKSA caching"""
-    run_sae_pmksa_caching(dev, apdev)
-
-@remote_compatible
-def test_sae_pmksa_caching_pmkid(dev, apdev):
-    """SAE and PMKSA caching (PMKID in AssocReq after SAE)"""
-    try:
-        dev[0].set("sae_pmkid_in_assoc", "1")
-        run_sae_pmksa_caching(dev, apdev)
-    finally:
-        dev[0].set("sae_pmkid_in_assoc", "0")
-
-def run_sae_pmksa_caching(dev, apdev):
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    sta0 = hapd.get_sta(dev[0].own_addr())
-    if sta0['wpa'] != '2' or sta0['AKMSuiteSelector'] != '00-0f-ac-8':
-        raise Exception("SAE STA(0) AKM suite selector reported incorrectly")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected(timeout=15, error="Reconnect timed out")
-    if dev[0].get_status_field('sae_group') is not None:
-            raise Exception("SAE group claimed to have been used")
-    sta0 = hapd.get_sta(dev[0].own_addr())
-    if sta0['wpa'] != '2' or sta0['AKMSuiteSelector'] != '00-0f-ac-8':
-        raise Exception("SAE STA(0) AKM suite selector reported incorrectly after PMKSA caching")
-
-@remote_compatible
-def test_sae_pmksa_caching_disabled(dev, apdev):
-    """SAE and PMKSA caching disabled"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['disable_pmksa_caching'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected(timeout=15, error="Reconnect timed out")
-    if dev[0].get_status_field('sae_group') != '19':
-            raise Exception("Expected default SAE group not used")
-
-def test_sae_groups(dev, apdev):
-    """SAE with all supported groups"""
-    check_sae_capab(dev[0])
-    # This is the full list of supported groups, but groups 14-16 (2048-4096 bit
-    # MODP) and group 21 (521-bit random ECP group) are a bit too slow on some
-    # VMs and can result in hitting the mac80211 authentication timeout, so
-    # allow them to fail and just report such failures in the debug log.
-    sae_groups = [19, 25, 26, 20, 21, 1, 2, 5, 14, 15, 16, 22, 23, 24]
-    tls = dev[0].request("GET tls_library")
-    if tls.startswith("OpenSSL") and "run=OpenSSL 1." in tls:
-        logger.info("Add Brainpool EC groups since OpenSSL is new enough")
-        sae_groups += [27, 28, 29, 30]
-    heavy_groups = [14, 15, 16]
-    suitable_groups = [15, 16, 17, 18, 19, 20, 21]
-    groups = [str(g) for g in sae_groups]
-    params = hostapd.wpa2_params(ssid="test-sae-groups",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = ' '.join(groups)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    for g in groups:
-        logger.info("Testing SAE group " + g)
-        dev[0].request("SET sae_groups " + g)
-        id = dev[0].connect("test-sae-groups", psk="12345678", key_mgmt="SAE",
-                            scan_freq="2412", wait_connect=False)
-        if int(g) in heavy_groups:
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
-            if ev is None:
-                logger.info("No connection with heavy SAE group %s did not connect - likely hitting timeout in mac80211" % g)
-                dev[0].remove_network(id)
-                time.sleep(0.1)
-                dev[0].dump_monitor()
-                continue
-            logger.info("Connection with heavy SAE group " + g)
-        else:
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                if "BoringSSL" in tls and int(g) in [25]:
-                    logger.info("Ignore connection failure with group " + g + " with BoringSSL")
-                    dev[0].remove_network(id)
-                    dev[0].dump_monitor()
-                    continue
-                if int(g) not in suitable_groups:
-                    logger.info("Ignore connection failure with unsuitable group " + g)
-                    dev[0].remove_network(id)
-                    dev[0].dump_monitor()
-                    continue
-                raise Exception("Connection timed out with group " + g)
-        if dev[0].get_status_field('sae_group') != g:
-            raise Exception("Expected SAE group not used")
-        pmksa = dev[0].get_pmksa(hapd.own_addr())
-        if not pmksa:
-            raise Exception("No PMKSA cache entry added")
-        if pmksa['pmkid'] == '00000000000000000000000000000000':
-            raise Exception("All zeros PMKID derived for group %s" % g)
-        dev[0].remove_network(id)
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-@remote_compatible
-def test_sae_group_nego(dev, apdev):
-    """SAE group negotiation"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae-group-nego",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '19'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 25 26 20 19")
-    dev[0].connect("test-sae-group-nego", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412")
-    if dev[0].get_status_field('sae_group') != '19':
-        raise Exception("Expected SAE group not used")
-
-def test_sae_group_nego_no_match(dev, apdev):
-    """SAE group negotiation (no match)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae-group-nego",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    # None-existing SAE group to force all attempts to be rejected
-    params['sae_groups'] = '0'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae-group-nego", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    dev[0].request("REMOVE_NETWORK all")
-    if ev is None:
-        raise Exception("Network profile disabling not reported")
-
-@remote_compatible
-def test_sae_anti_clogging(dev, apdev):
-    """SAE anti clogging"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_anti_clogging_threshold'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-    id = {}
-    for i in range(0, 2):
-        dev[i].scan(freq="2412")
-        id[i] = dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                               scan_freq="2412", only_add_network=True)
-    for i in range(0, 2):
-        dev[i].select_network(id[i])
-    for i in range(0, 2):
-        dev[i].wait_connected(timeout=10)
-
-def test_sae_forced_anti_clogging(dev, apdev):
-    """SAE anti clogging (forced)"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_anti_clogging_threshold'] = '0'
-    hostapd.add_ap(apdev[0], params)
-    dev[2].connect("test-sae", psk="12345678", scan_freq="2412")
-    for i in range(0, 2):
-        dev[i].request("SET sae_groups ")
-        dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-
-def test_sae_mixed(dev, apdev):
-    """Mixed SAE and non-SAE network"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_anti_clogging_threshold'] = '0'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[2].connect("test-sae", psk="12345678", scan_freq="2412")
-    for i in range(0, 2):
-        dev[i].request("SET sae_groups ")
-        dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-    sta0 = hapd.get_sta(dev[0].own_addr())
-    sta2 = hapd.get_sta(dev[2].own_addr())
-    if sta0['wpa'] != '2' or sta0['AKMSuiteSelector'] != '00-0f-ac-8':
-        raise Exception("SAE STA(0) AKM suite selector reported incorrectly")
-    if sta2['wpa'] != '2' or sta2['AKMSuiteSelector'] != '00-0f-ac-2':
-        raise Exception("PSK STA(2) AKM suite selector reported incorrectly")
-
-def test_sae_and_psk(dev, apdev):
-    """SAE and PSK enabled in network profile"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE WPA-PSK",
-                   scan_freq="2412")
-
-def test_sae_and_psk2(dev, apdev):
-    """SAE and PSK enabled in network profile (use PSK)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-psk", psk="12345678", key_mgmt="SAE WPA-PSK",
-                   scan_freq="2412")
-
-def test_sae_wpa3_roam(dev, apdev):
-    """SAE and WPA3-Personal transition mode roaming"""
-    check_sae_capab(dev[0])
-
-    # WPA3-Personal only AP
-    params = hostapd.wpa2_params(ssid="test", passphrase="12345678")
-    params['ieee80211w'] = '2'
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd0 = hostapd.add_ap(apdev[0], params)
-
-    # WPA2-Personal only AP
-    params = hostapd.wpa2_params(ssid="test", passphrase="12345678")
-    hapd1 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].set("sae_groups", "")
-    dev[0].connect("test", psk="12345678", key_mgmt="SAE WPA-PSK",
-                   ieee80211w="1", scan_freq="2412")
-    bssid = dev[0].get_status_field('bssid')
-
-    # Disable the current AP to force roam to the other one
-    if bssid == apdev[0]['bssid']:
-        hapd0.disable()
-    else:
-        hapd1.disable()
-    dev[0].wait_connected()
-
-    # Disable the current AP to force roam to the other (previous) one
-    if bssid == apdev[0]['bssid']:
-        hapd0.enable()
-        hapd1.disable()
-    else:
-        hapd1.enable()
-        hapd0.disable()
-    dev[0].wait_connected()
-
-    # Force roam to an AP in WPA3-Personal transition mode
-    if bssid == apdev[0]['bssid']:
-        hapd1.set("ieee80211w", "1")
-        hapd1.set("sae_require_mfp", "1")
-        hapd1.set("wpa_key_mgmt", "SAE WPA-PSK")
-        hapd1.enable()
-        hapd0.disable()
-    else:
-        hapd0.set("ieee80211w", "1")
-        hapd0.set("sae_require_mfp", "1")
-        hapd0.set("wpa_key_mgmt", "SAE WPA-PSK")
-        hapd0.enable()
-        hapd1.disable()
-    dev[0].wait_connected()
-    status = dev[0].get_status()
-    if status['key_mgmt'] != "SAE":
-        raise Exception("Did not use SAE with WPA3-Personal transition mode AP")
-    if status['pmf'] != "1":
-        raise Exception("Did not use PMF with WPA3-Personal transition mode AP")
-
-def test_sae_mixed_mfp(dev, apdev):
-    """Mixed SAE and non-SAE network and MFP required with SAE"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params["ieee80211w"] = "1"
-    params['sae_require_mfp'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", ieee80211w="2",
-                   scan_freq="2412")
-    dev[0].dump_monitor()
-
-    dev[1].request("SET sae_groups ")
-    dev[1].connect("test-sae", psk="12345678", key_mgmt="SAE", ieee80211w="0",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("No connection result reported")
-    if "CTRL-EVENT-ASSOC-REJECT" not in ev:
-        raise Exception("SAE connection without MFP was not rejected")
-    if "status_code=31" not in ev:
-        raise Exception("Unexpected status code in rejection: " + ev)
-    dev[1].request("DISCONNECT")
-    dev[1].dump_monitor()
-
-    dev[2].connect("test-sae", psk="12345678", ieee80211w="0", scan_freq="2412")
-    dev[2].dump_monitor()
-
-def test_sae_and_psk_transition_disable(dev, apdev):
-    """SAE and PSK transition disable indication"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params["ieee80211w"] = "1"
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['transition_disable'] = '0x01'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE WPA-PSK",
-                        ieee80211w="1", scan_freq="2412")
-    ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-    if ev is None:
-        raise Exception("Transition disable not indicated")
-    if ev.split(' ')[1] != "01":
-        raise Exception("Unexpected transition disable bitmap: " + ev)
-
-    val = dev[0].get_network(id, "ieee80211w")
-    if val != "2":
-        raise Exception("Unexpected ieee80211w value: " + val)
-    val = dev[0].get_network(id, "key_mgmt")
-    if val != "SAE":
-        raise Exception("Unexpected key_mgmt value: " + val)
-    val = dev[0].get_network(id, "group")
-    if val != "CCMP":
-        raise Exception("Unexpected group value: " + val)
-    val = dev[0].get_network(id, "proto")
-    if val != "RSN":
-        raise Exception("Unexpected proto value: " + val)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    dev[0].request("RECONNECT")
-    dev[0].wait_connected()
-
-def test_sae_mfp(dev, apdev):
-    """SAE and MFP enabled without sae_require_mfp"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "1"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", ieee80211w="2",
-                   scan_freq="2412")
-
-    dev[1].request("SET sae_groups ")
-    dev[1].connect("test-sae", psk="12345678", key_mgmt="SAE", ieee80211w="0",
-                   scan_freq="2412")
-
-@remote_compatible
-def test_sae_missing_password(dev, apdev):
-    """SAE and missing password"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    id = dev[0].connect("test-sae",
-                        raw_psk="46b4a73b8a951ad53ebd2e0afdb9c5483257edd4c21d12b7710759da70945858",
-                        key_mgmt="SAE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(['CTRL-EVENT-SSID-TEMP-DISABLED'], timeout=10)
-    if ev is None:
-        raise Exception("Invalid network not temporarily disabled")
-
-
-def test_sae_key_lifetime_in_memory(dev, apdev, params):
-    """SAE and key lifetime in memory"""
-    check_sae_capab(dev[0])
-    password = "5ad144a7c1f5a5503baa6fa01dabc15b1843e8c01662d78d16b70b5cd23cf8b"
-    p = hostapd.wpa2_params(ssid="test-sae", passphrase=password)
-    p['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], p)
-
-    pid = find_wpas_process(dev[0])
-
-    dev[0].request("SET sae_groups ")
-    id = dev[0].connect("test-sae", psk=password, key_mgmt="SAE",
-                        scan_freq="2412")
-
-    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
-    # event has been delivered, so verify that wpa_supplicant has returned to
-    # eloop before reading process memory.
-    time.sleep(1)
-    dev[0].ping()
-    password = password.encode()
-    buf = read_process_memory(pid, password)
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    dev[0].relog()
-    sae_k = None
-    sae_keyseed = None
-    sae_kck = None
-    pmk = None
-    ptk = None
-    gtk = None
-    with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
-        for l in f.readlines():
-            if "SAE: k - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                sae_k = binascii.unhexlify(val)
-            if "SAE: keyseed - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                sae_keyseed = binascii.unhexlify(val)
-            if "SAE: KCK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                sae_kck = binascii.unhexlify(val)
-            if "SAE: PMK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                pmk = binascii.unhexlify(val)
-            if "WPA: PTK - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                ptk = binascii.unhexlify(val)
-            if "WPA: Group Key - hexdump" in l:
-                val = l.strip().split(':')[3].replace(' ', '')
-                gtk = binascii.unhexlify(val)
-    if not sae_k or not sae_keyseed or not sae_kck or not pmk or not ptk or not gtk:
-        raise Exception("Could not find keys from debug log")
-    if len(gtk) != 16:
-        raise Exception("Unexpected GTK length")
-
-    kck = ptk[0:16]
-    kek = ptk[16:32]
-    tk = ptk[32:48]
-
-    fname = os.path.join(params['logdir'],
-                         'sae_key_lifetime_in_memory.memctx-')
-
-    logger.info("Checking keys in memory while associated")
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    if password not in buf:
-        raise HwsimSkip("Password not found while associated")
-    if pmk not in buf:
-        raise HwsimSkip("PMK not found while associated")
-    if kck not in buf:
-        raise Exception("KCK not found while associated")
-    if kek not in buf:
-        raise Exception("KEK not found while associated")
-    #if tk in buf:
-    #    raise Exception("TK found from memory")
-    verify_not_present(buf, sae_k, fname, "SAE(k)")
-    verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)")
-    verify_not_present(buf, sae_kck, fname, "SAE(KCK)")
-
-    logger.info("Checking keys in memory after disassociation")
-    buf = read_process_memory(pid, password)
-
-    # Note: Password is still present in network configuration
-    # Note: PMK is in PMKSA cache
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    if gtk in buf:
-        get_key_locations(buf, gtk, "GTK")
-    verify_not_present(buf, gtk, fname, "GTK")
-    verify_not_present(buf, sae_k, fname, "SAE(k)")
-    verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)")
-    verify_not_present(buf, sae_kck, fname, "SAE(KCK)")
-
-    dev[0].request("PMKSA_FLUSH")
-    logger.info("Checking keys in memory after PMKSA cache flush")
-    buf = read_process_memory(pid, password)
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    verify_not_present(buf, pmk, fname, "PMK")
-
-    dev[0].request("REMOVE_NETWORK all")
-
-    logger.info("Checking keys in memory after network profile removal")
-    buf = read_process_memory(pid, password)
-
-    get_key_locations(buf, password, "Password")
-    get_key_locations(buf, pmk, "PMK")
-    verify_not_present(buf, password, fname, "password")
-    verify_not_present(buf, pmk, fname, "PMK")
-    verify_not_present(buf, kck, fname, "KCK")
-    verify_not_present(buf, kek, fname, "KEK")
-    verify_not_present(buf, tk, fname, "TK")
-    verify_not_present(buf, gtk, fname, "GTK")
-    verify_not_present(buf, sae_k, fname, "SAE(k)")
-    verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)")
-    verify_not_present(buf, sae_kck, fname, "SAE(KCK)")
-
-@remote_compatible
-def test_sae_oom_wpas(dev, apdev):
-    """SAE and OOM in wpa_supplicant"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '19 25 26 20'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 20")
-    with alloc_fail(dev[0], 1, "sae_set_group"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-
-    dev[0].request("SET sae_groups ")
-    with alloc_fail(dev[0], 2, "sae_set_group"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_commit"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_confirm"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(dev[0], 1, "=sme_authenticate"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-
-    with alloc_fail(dev[0], 1, "radio_add_work;sme_authenticate"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-
-@remote_compatible
-def test_sae_proto_ecc(dev, apdev):
-    """SAE protocol testing (ECC)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SET sae_groups 19")
-
-    tests = [("Confirm mismatch",
-              "1300" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              "0000800edebc3f260dc1fe7e0b20888af2b8a3316252ec37388a8504e25b73dc4240"),
-             ("Commit without even full cyclic group field",
-              "13",
-              None),
-             ("Too short commit",
-              "1300" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02",
-              None),
-             ("Invalid commit scalar (0)",
-              "1300" + "0000000000000000000000000000000000000000000000000000000000000000" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              None),
-             ("Invalid commit scalar (1)",
-              "1300" + "0000000000000000000000000000000000000000000000000000000000000001" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              None),
-             ("Invalid commit scalar (> r)",
-              "1300" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              None),
-             ("Commit element not on curve",
-              "1300" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728d0000000000000000000000000000000000000000000000000000000000000000",
-              None),
-             ("Invalid commit element (y coordinate > P)",
-              "1300" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-              None),
-             ("Invalid commit element (x coordinate > P)",
-              "1300" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              None),
-             ("Different group in commit",
-              "1400" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              None),
-             ("Too short confirm",
-              "1300" + "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03" + "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728dd3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8",
-              "0000800edebc3f260dc1fe7e0b20888af2b8a3316252ec37388a8504e25b73dc42")]
-    for (note, commit, confirm) in tests:
-        logger.info(note)
-        dev[0].scan_for_bss(bssid, freq=2412)
-        hapd.set("ext_mgmt_frame_handling", "1")
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-
-        logger.info("Commit")
-        for i in range(0, 10):
-            req = hapd.mgmt_rx()
-            if req is None:
-                raise Exception("MGMT RX wait timed out (commit)")
-            if req['subtype'] == 11:
-                break
-            req = None
-        if not req:
-            raise Exception("Authentication frame (commit) not received")
-
-        hapd.dump_monitor()
-        resp = {}
-        resp['fc'] = req['fc']
-        resp['da'] = req['sa']
-        resp['sa'] = req['da']
-        resp['bssid'] = req['bssid']
-        resp['payload'] = binascii.unhexlify("030001000000" + commit)
-        hapd.mgmt_tx(resp)
-
-        if confirm:
-            logger.info("Confirm")
-            for i in range(0, 10):
-                req = hapd.mgmt_rx()
-                if req is None:
-                    raise Exception("MGMT RX wait timed out (confirm)")
-                if req['subtype'] == 11:
-                    break
-                req = None
-            if not req:
-                raise Exception("Authentication frame (confirm) not received")
-
-            hapd.dump_monitor()
-            resp = {}
-            resp['fc'] = req['fc']
-            resp['da'] = req['sa']
-            resp['sa'] = req['da']
-            resp['bssid'] = req['bssid']
-            resp['payload'] = binascii.unhexlify("030002000000" + confirm)
-            hapd.mgmt_tx(resp)
-
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-        hapd.set("ext_mgmt_frame_handling", "0")
-        hapd.dump_monitor()
-
-@remote_compatible
-def test_sae_proto_ffc(dev, apdev):
-    """SAE protocol testing (FFC)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SET sae_groups 2")
-
-    tests = [("Confirm mismatch",
-              "0200" + "0c70519d874e3e4930a917cc5e17ea7a26028211159f217bab28b8d6c56691805e49f03249b2c6e22c7c9f86b30e04ccad2deedd5e5108ae07b737c00001c59cd0eb08b1dfc7f1b06a1542e2b6601a963c066e0c65940983a03917ae57a101ce84b5cbbc76ff33ebb990aac2e54aa0f0ab6ec0a58113d927683502b2cb2347d2" + "a8c00117493cdffa5dd671e934bc9cb1a69f39e25e9dd9cd9afd3aea2441a0f5491211c7ba50a753563f9ce943b043557cb71193b28e86ed9544f4289c471bf91b70af5c018cf4663e004165b0fd0bc1d8f3f78adf42eee92bcbc55246fd3ee9f107ab965dc7d4986f23eb71d616ebfe6bfe0a6c1ac5dc1718acee17c9a17486",
-              "0000f3116a9731f1259622e3eb55d4b3b50ba16f8c5f5565b28e609b180c51460251"),
-             ("Too short commit",
-              "0200" + "0c70519d874e3e4930a917cc5e17ea7a26028211159f217bab28b8d6c56691805e49f03249b2c6e22c7c9f86b30e04ccad2deedd5e5108ae07b737c00001c59cd0eb08b1dfc7f1b06a1542e2b6601a963c066e0c65940983a03917ae57a101ce84b5cbbc76ff33ebb990aac2e54aa0f0ab6ec0a58113d927683502b2cb2347d2" + "a8c00117493cdffa5dd671e934bc9cb1a69f39e25e9dd9cd9afd3aea2441a0f5491211c7ba50a753563f9ce943b043557cb71193b28e86ed9544f4289c471bf91b70af5c018cf4663e004165b0fd0bc1d8f3f78adf42eee92bcbc55246fd3ee9f107ab965dc7d4986f23eb71d616ebfe6bfe0a6c1ac5dc1718acee17c9a174",
-              None),
-             ("Invalid element (0) in commit",
-              "0200" + "0c70519d874e3e4930a917cc5e17ea7a26028211159f217bab28b8d6c56691805e49f03249b2c6e22c7c9f86b30e04ccad2deedd5e5108ae07b737c00001c59cd0eb08b1dfc7f1b06a1542e2b6601a963c066e0c65940983a03917ae57a101ce84b5cbbc76ff33ebb990aac2e54aa0f0ab6ec0a58113d927683502b2cb2347d2" + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-              None),
-             ("Invalid element (1) in commit",
-              "0200" + "0c70519d874e3e4930a917cc5e17ea7a26028211159f217bab28b8d6c56691805e49f03249b2c6e22c7c9f86b30e04ccad2deedd5e5108ae07b737c00001c59cd0eb08b1dfc7f1b06a1542e2b6601a963c066e0c65940983a03917ae57a101ce84b5cbbc76ff33ebb990aac2e54aa0f0ab6ec0a58113d927683502b2cb2347d2" + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-              None),
-             ("Invalid element (> P) in commit",
-              "0200" + "0c70519d874e3e4930a917cc5e17ea7a26028211159f217bab28b8d6c56691805e49f03249b2c6e22c7c9f86b30e04ccad2deedd5e5108ae07b737c00001c59cd0eb08b1dfc7f1b06a1542e2b6601a963c066e0c65940983a03917ae57a101ce84b5cbbc76ff33ebb990aac2e54aa0f0ab6ec0a58113d927683502b2cb2347d2" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-              None)]
-    for (note, commit, confirm) in tests:
-        logger.info(note)
-        dev[0].scan_for_bss(bssid, freq=2412)
-        hapd.set("ext_mgmt_frame_handling", "1")
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-
-        logger.info("Commit")
-        for i in range(0, 10):
-            req = hapd.mgmt_rx()
-            if req is None:
-                raise Exception("MGMT RX wait timed out (commit)")
-            if req['subtype'] == 11:
-                break
-            req = None
-        if not req:
-            raise Exception("Authentication frame (commit) not received")
-
-        hapd.dump_monitor()
-        resp = {}
-        resp['fc'] = req['fc']
-        resp['da'] = req['sa']
-        resp['sa'] = req['da']
-        resp['bssid'] = req['bssid']
-        resp['payload'] = binascii.unhexlify("030001000000" + commit)
-        hapd.mgmt_tx(resp)
-
-        if confirm:
-            logger.info("Confirm")
-            for i in range(0, 10):
-                req = hapd.mgmt_rx()
-                if req is None:
-                    raise Exception("MGMT RX wait timed out (confirm)")
-                if req['subtype'] == 11:
-                    break
-                req = None
-            if not req:
-                raise Exception("Authentication frame (confirm) not received")
-
-            hapd.dump_monitor()
-            resp = {}
-            resp['fc'] = req['fc']
-            resp['da'] = req['sa']
-            resp['sa'] = req['da']
-            resp['bssid'] = req['bssid']
-            resp['payload'] = binascii.unhexlify("030002000000" + confirm)
-            hapd.mgmt_tx(resp)
-
-        time.sleep(0.1)
-        dev[0].request("REMOVE_NETWORK all")
-        hapd.set("ext_mgmt_frame_handling", "0")
-        hapd.dump_monitor()
-
-
-def test_sae_proto_commit_delayed(dev, apdev):
-    """SAE protocol testing - Commit delayed"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SET sae_groups 19")
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-
-    logger.info("Commit")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (commit)")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (commit) not received")
-
-    hapd.dump_monitor()
-    time.sleep(2.5)
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Commit/Confirm")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (confirm)")
-        if req['subtype'] == 11:
-            trans, = struct.unpack('<H', req['payload'][2:4])
-            if trans == 1:
-                logger.info("Extra Commit")
-                hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-                continue
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (confirm) not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Association Request")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (AssocReq)")
-        if req['subtype'] == 0:
-            break
-        req = None
-    if not req:
-        raise Exception("Association Request frame not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Management frame TX status not reported (1)")
-    if "stype=1 ok=1" not in ev:
-        raise Exception("Unexpected management frame TX status (1): " + ev)
-    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-    if "OK" not in hapd.request(cmd):
-        raise Exception("MGMT_TX_STATUS_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    dev[0].wait_connected()
-
-def test_sae_proto_commit_replay(dev, apdev):
-    """SAE protocol testing - Commit replay"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SET sae_groups 19")
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-
-    logger.info("Commit")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (commit)")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (commit) not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-    logger.info("Replay Commit")
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Confirm")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (confirm)")
-        if req['subtype'] == 11:
-            trans, = struct.unpack('<H', req['payload'][2:4])
-            if trans == 1:
-                logger.info("Extra Commit")
-                hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-                continue
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (confirm) not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Association Request")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (AssocReq)")
-        if req['subtype'] == 0:
-            break
-        req = None
-    if not req:
-        raise Exception("Association Request frame not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-    for i in range(0, 10):
-        ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-        if ev is None:
-            raise Exception("Management frame TX status not reported (1)")
-        if "stype=11 ok=1" in ev:
-            continue
-        if "stype=12 ok=1" in ev:
-            continue
-        if "stype=1 ok=1" not in ev:
-            raise Exception("Unexpected management frame TX status (1): " + ev)
-        cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-        if "OK" not in hapd.request(cmd):
-            raise Exception("MGMT_TX_STATUS_PROCESS failed")
-        break
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    dev[0].wait_connected()
-
-def test_sae_proto_confirm_replay(dev, apdev):
-    """SAE protocol testing - Confirm replay"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SET sae_groups 19")
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-
-    logger.info("Commit")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (commit)")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (commit) not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Confirm")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (confirm)")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (confirm) not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Replay Confirm")
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-
-    logger.info("Association Request")
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (AssocReq)")
-        if req['subtype'] == 0:
-            break
-        req = None
-    if not req:
-        raise Exception("Association Request frame not received")
-
-    hapd.dump_monitor()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Management frame TX status not reported (1)")
-    if "stype=1 ok=1" not in ev:
-        raise Exception("Unexpected management frame TX status (1): " + ev)
-    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
-    if "OK" not in hapd.request(cmd):
-        raise Exception("MGMT_TX_STATUS_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-    dev[0].wait_connected()
-
-def test_sae_proto_hostapd(dev, apdev):
-    """SAE protocol testing with hostapd"""
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = "19 65535"
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr().replace(':', '')
-    addr = "020000000000"
-    addr2 = "020000000001"
-    hdr = "b0003a01" + bssid + addr + bssid + "1000"
-    hdr2 = "b0003a01" + bssid + addr2 + bssid + "1000"
-    group = "1300"
-    scalar = "f7df19f4a7fef1d3b895ea1de150b7c5a7a705c8ebb31a52b623e0057908bd93"
-    element_x = "21931572027f2e953e2a49fab3d992944102cc95aa19515fc068b394fb25ae3c"
-    element_y = "cb4eeb94d7b0b789abfdb73a67ab9d6d5efa94dd553e0e724a6289821cbce530"
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030001000000" + group + scalar + element_x + element_y)
-    # "SAE: Not enough data for scalar"
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030001000000" + group + scalar[:-2])
-    # "SAE: Do not allow group to be changed"
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030001000000" + "ffff" + scalar[:-2])
-    # "SAE: Unsupported Finite Cyclic Group 65535"
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr2 + "030001000000" + "ffff" + scalar[:-2])
-
-def test_sae_proto_hostapd_ecc(dev, apdev):
-    """SAE protocol testing with hostapd (ECC)"""
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="foofoofoo")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = "19"
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr().replace(':', '')
-    addr = "020000000000"
-    addr2 = "020000000001"
-    hdr = "b0003a01" + bssid + addr + bssid + "1000"
-    hdr2 = "b0003a01" + bssid + addr2 + bssid + "1000"
-    group = "1300"
-    scalar = "9e9a959bf2dda875a4a29ce9b2afef46f2d83060930124cd9e39ddce798cd69a"
-    element_x = "dfc55fd8622b91d362f4d1fc9646474d7fba0ff7cce6ca58b8e96a931e070220"
-    element_y = "dac8a4e80724f167c1349cc9e1f9dd82a7c77b29d49789b63b72b4c849301a28"
-    # sae_parse_commit_element_ecc() failure to parse peer element
-    # (depending on crypto library, either crypto_ec_point_from_bin() failure
-    # or crypto_ec_point_is_on_curve() returning 0)
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030001000000" + group + scalar + element_x + element_y)
-    # Unexpected continuation of the connection attempt with confirm
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030002000000" + "0000" + "fd7b081ff4e8676f03612a4140eedcd3c179ab3a13b93863c6f7ca451340b9ae")
-
-def test_sae_proto_hostapd_ffc(dev, apdev):
-    """SAE protocol testing with hostapd (FFC)"""
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="foofoofoo")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = "22"
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr().replace(':', '')
-    addr = "020000000000"
-    addr2 = "020000000001"
-    hdr = "b0003a01" + bssid + addr + bssid + "1000"
-    hdr2 = "b0003a01" + bssid + addr2 + bssid + "1000"
-    group = "1600"
-    scalar = "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044cc46a73c07ef479dc66ec1f5e8ccf25131fa40"
-    element = "0f1d67025e12fc874cf718c35b19d1ab2db858215623f1ce661cbd1d7b1d7a09ceda7dba46866cf37044259b5cac4db15e7feb778edc8098854b93a84347c1850c02ee4d7dac46db79c477c731085d5b39f56803cda1eeac4a2fbbccb9a546379e258c00ebe93dfdd0a34cf8ce5c55cf905a89564a590b7e159fb89198e9d5cd"
-    # sae_parse_commit_element_ffc() failure to parse peer element
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030001000000" + group + scalar + element)
-    # Unexpected continuation of the connection attempt with confirm
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "030002000000" + "0000" + "fd7b081ff4e8676f03612a4140eedcd3c179ab3a13b93863c6f7ca451340b9ae")
-
-def sae_start_ap(apdev, sae_pwe):
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="foofoofoo")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = "19"
-    params['sae_pwe'] = str(sae_pwe)
-    return hostapd.add_ap(apdev, params)
-
-def check_commit_status(hapd, use_status, expect_status):
-    hapd.set("ext_mgmt_frame_handling", "1")
-    bssid = hapd.own_addr().replace(':', '')
-    addr = "020000000000"
-    addr2 = "020000000001"
-    hdr = "b0003a01" + bssid + addr + bssid + "1000"
-    hdr2 = "b0003a01" + bssid + addr2 + bssid + "1000"
-    group = "1300"
-    scalar = "033d3635b39666ed427fd4a3e7d37acec2810afeaf1687f746a14163ff0e6d03"
-    element_x = "559cb8928db4ce4e3cbd6555e837591995e5ebe503ef36b503d9ca519d63728d"
-    element_y = "d3c7c676b8e8081831b6bc3a64bdf136061a7de175e17d1965bfa41983ed02f8"
-    status = binascii.hexlify(struct.pack('<H', use_status)).decode()
-    hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "03000100" + status + group + scalar + element_x + element_y)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("MGMT-TX-STATUS not seen")
-    msg = ev.split(' ')[3].split('=')[1]
-    body = msg[2 * 24:]
-    status, = struct.unpack('<H', binascii.unhexlify(body[8:12]))
-    if status != expect_status:
-        raise Exception("Unexpected status code: %d" % status)
-
-def test_sae_proto_hostapd_status_126(dev, apdev):
-    """SAE protocol testing with hostapd (status code 126)"""
-    hapd = sae_start_ap(apdev[0], 0)
-    check_commit_status(hapd, 126, 1)
-    check_commit_status(hapd, 0, 0)
-
-def test_sae_proto_hostapd_status_127(dev, apdev):
-    """SAE protocol testing with hostapd (status code 127)"""
-    hapd = sae_start_ap(apdev[0], 2)
-    check_commit_status(hapd, 127, 1)
-    check_commit_status(hapd, 0, 0)
-
-@remote_compatible
-def test_sae_no_ffc_by_default(dev, apdev):
-    """SAE and default groups rejecting FFC"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 15")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=3)
-    if ev is None:
-        raise Exception("Did not try to authenticate")
-    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=3)
-    if ev is None:
-        raise Exception("Did not try to authenticate (2)")
-    dev[0].request("REMOVE_NETWORK all")
-
-def sae_reflection_attack(apdev, dev, group):
-    check_sae_capab(dev)
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="no-knowledge-of-passphrase")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev, params)
-    bssid = apdev['bssid']
-
-    dev.scan_for_bss(bssid, freq=2412)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    dev.request("SET sae_groups %d" % group)
-    dev.connect("test-sae", psk="reflection-attack", key_mgmt="SAE",
-                scan_freq="2412", wait_connect=False)
-
-    # Commit
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame not received")
-
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = req['payload']
-    hapd.mgmt_tx(resp)
-
-    # Confirm
-    req = hapd.mgmt_rx(timeout=0.5)
-    if req is not None:
-        if req['subtype'] == 11:
-            raise Exception("Unexpected Authentication frame seen")
-
-@remote_compatible
-def test_sae_reflection_attack_ecc(dev, apdev):
-    """SAE reflection attack (ECC)"""
-    sae_reflection_attack(apdev[0], dev[0], 19)
-
-@remote_compatible
-def test_sae_reflection_attack_ffc(dev, apdev):
-    """SAE reflection attack (FFC)"""
-    sae_reflection_attack(apdev[0], dev[0], 15)
-
-def sae_reflection_attack_internal(apdev, dev, group):
-    check_sae_capab(dev)
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="no-knowledge-of-passphrase")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_reflection_attack'] = '1'
-    hapd = hostapd.add_ap(apdev, params)
-    bssid = apdev['bssid']
-
-    dev.scan_for_bss(bssid, freq=2412)
-    dev.request("SET sae_groups %d" % group)
-    dev.connect("test-sae", psk="reflection-attack", key_mgmt="SAE",
-                scan_freq="2412", wait_connect=False)
-    ev = dev.wait_event(["SME: Trying to authenticate"], timeout=10)
-    if ev is None:
-        raise Exception("No authentication attempt seen")
-    ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-@remote_compatible
-def test_sae_reflection_attack_ecc_internal(dev, apdev):
-    """SAE reflection attack (ECC) - internal"""
-    sae_reflection_attack_internal(apdev[0], dev[0], 19)
-
-@remote_compatible
-def test_sae_reflection_attack_ffc_internal(dev, apdev):
-    """SAE reflection attack (FFC) - internal"""
-    sae_reflection_attack_internal(apdev[0], dev[0], 15)
-
-@remote_compatible
-def test_sae_commit_override(dev, apdev):
-    """SAE commit override (hostapd)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_commit_override'] = '13ffbad00d215867a7c5ff37d87bb9bdb7cb116e520f71e8d7a794ca2606d537ddc6c099c40e7a25372b80a8fd443cd7dd222c8ea21b8ef372d4b3e316c26a73fd999cc79ad483eb826e7b3893ea332da68fa13224bcdeb4fb18b0584dd100a2c514'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="test-sae", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-@remote_compatible
-def test_sae_commit_override2(dev, apdev):
-    """SAE commit override (wpa_supplicant)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET sae_groups ")
-    dev[0].set('sae_commit_override', '13ffbad00d215867a7c5ff37d87bb9bdb7cb116e520f71e8d7a794ca2606d537ddc6c099c40e7a25372b80a8fd443cd7dd222c8ea21b8ef372d4b3e316c26a73fd999cc79ad483eb826e7b3893ea332da68fa13224bcdeb4fb18b0584dd100a2c514')
-    dev[0].connect("test-sae", psk="test-sae", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-def test_sae_commit_invalid_scalar_element_ap(dev, apdev):
-    """SAE commit invalid scalar/element from AP"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_commit_override'] = '1300' + 96*'00'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="test-sae", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-def test_sae_commit_invalid_element_ap(dev, apdev):
-    """SAE commit invalid element from AP"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_commit_override'] = '1300' + 31*'00' + '02' + 64*'00'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="test-sae", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-def test_sae_commit_invalid_scalar_element_sta(dev, apdev):
-    """SAE commit invalid scalar/element from STA"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET sae_groups ")
-    dev[0].set('sae_commit_override', '1300' + 96*'00')
-    dev[0].connect("test-sae", psk="test-sae", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-def test_sae_commit_invalid_element_sta(dev, apdev):
-    """SAE commit invalid element from STA"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].request("SET sae_groups ")
-    dev[0].set('sae_commit_override', '1300' + 31*'00' + '02' + 64*'00')
-    dev[0].connect("test-sae", psk="test-sae", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-
-@remote_compatible
-def test_sae_anti_clogging_proto(dev, apdev):
-    """SAE anti clogging protocol testing"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="no-knowledge-of-passphrase")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="anti-cloggign", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-
-    # Commit
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame not received")
-
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = binascii.unhexlify("030001004c00" + "ffff00")
-    hapd.mgmt_tx(resp)
-
-    # Confirm (not received due to DH group being rejected)
-    req = hapd.mgmt_rx(timeout=0.5)
-    if req is not None:
-        if req['subtype'] == 11:
-            raise Exception("Unexpected Authentication frame seen")
-
-@remote_compatible
-def test_sae_no_random(dev, apdev):
-    """SAE and no random numbers available"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    tests = [(1, "os_get_random;sae_derive_pwe_ecc")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-@remote_compatible
-def test_sae_pwe_failure(dev, apdev):
-    """SAE and pwe failure"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '19 15'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 19")
-    with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ecc"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    with fail_test(dev[0], 1, "sae_test_pwd_seed_ecc"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("SET sae_groups 15")
-    with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ffc"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-    dev[0].request("SET sae_groups 15")
-    with fail_test(dev[0], 1, "sae_test_pwd_seed_ffc"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-    with fail_test(dev[0], 2, "sae_test_pwd_seed_ffc"):
-        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-@remote_compatible
-def test_sae_bignum_failure(dev, apdev):
-    """SAE and bignum failure"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '19 15 22'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 19")
-    tests = [(1, "crypto_bignum_init_set;dragonfly_get_rand_1_to_p_1"),
-             (1, "crypto_bignum_init;dragonfly_is_quadratic_residue_blind"),
-             (1, "crypto_bignum_mulmod;dragonfly_is_quadratic_residue_blind"),
-             (2, "crypto_bignum_mulmod;dragonfly_is_quadratic_residue_blind"),
-             (3, "crypto_bignum_mulmod;dragonfly_is_quadratic_residue_blind"),
-             (1, "crypto_bignum_legendre;dragonfly_is_quadratic_residue_blind"),
-             (1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"),
-             (1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"),
-             (1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"),
-             (1, "crypto_ec_point_init;sae_derive_pwe_ecc"),
-             (1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"),
-             (1, "crypto_ec_point_init;sae_derive_commit_element_ecc"),
-             (1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"),
-             (1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"),
-             (1, "crypto_bignum_init;=sae_derive_commit"),
-             (1, "crypto_ec_point_init;sae_derive_k_ecc"),
-             (1, "crypto_ec_point_mul;sae_derive_k_ecc"),
-             (1, "crypto_ec_point_add;sae_derive_k_ecc"),
-             (2, "crypto_ec_point_mul;sae_derive_k_ecc"),
-             (1, "crypto_ec_point_to_bin;sae_derive_k_ecc"),
-             (1, "crypto_bignum_legendre;dragonfly_get_random_qr_qnr"),
-             (1, "sha256_prf;sae_derive_keys"),
-             (1, "crypto_bignum_init;sae_derive_keys"),
-             (1, "crypto_bignum_init_set;sae_parse_commit_scalar"),
-             (1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"),
-             (1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            hapd.request("NOTE STA failure testing %d:%s" % (count, func))
-            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL", timeout=0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-            hapd.dump_monitor()
-
-    dev[0].request("SET sae_groups 15")
-    tests = [(1, "crypto_bignum_init_set;sae_set_group"),
-             (2, "crypto_bignum_init_set;sae_set_group"),
-             (1, "crypto_bignum_init;sae_derive_commit"),
-             (2, "crypto_bignum_init;sae_derive_commit"),
-             (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
-             (1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"),
-             (1, "crypto_bignum_init;sae_derive_pwe_ffc"),
-             (1, "crypto_bignum_init;sae_derive_commit_element_ffc"),
-             (1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"),
-             (1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"),
-             (1, "crypto_bignum_init;sae_derive_k_ffc"),
-             (1, "crypto_bignum_exptmod;sae_derive_k_ffc"),
-             (1, "crypto_bignum_mulmod;sae_derive_k_ffc"),
-             (2, "crypto_bignum_exptmod;sae_derive_k_ffc"),
-             (1, "crypto_bignum_to_bin;sae_derive_k_ffc"),
-             (1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
-             (1, "crypto_bignum_init;sae_parse_commit_element_ffc"),
-             (2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
-             (1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            hapd.request("NOTE STA failure testing %d:%s" % (count, func))
-            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL", timeout=0.1)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-            hapd.dump_monitor()
-
-def test_sae_bignum_failure_unsafe_group(dev, apdev):
-    """SAE and bignum failure unsafe group"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '22'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups 22")
-    tests = [(1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
-             (1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"),
-             (1, "crypto_bignum_div;sae_test_pwd_seed_ffc")]
-    for count, func in tests:
-        with fail_test(dev[0], count, func):
-            hapd.request("NOTE STA failure testing %d:%s" % (count, func))
-            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].dump_monitor()
-            hapd.dump_monitor()
-
-def test_sae_invalid_anti_clogging_token_req(dev, apdev):
-    """SAE and invalid anti-clogging token request"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    # Beacon more frequently since Probe Request frames are practically ignored
-    # in this test setup (ext_mgmt_frame_handled=1 on hostapd side) and
-    # wpa_supplicant scans may end up getting ignored if no new results are
-    # available due to the missing Probe Response frames.
-    params['beacon_int'] = '20'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SET sae_groups 19")
-    dev[0].scan_for_bss(bssid, freq=2412)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["SME: Trying to authenticate"])
-    if ev is None:
-        raise Exception("No authentication attempt seen (1)")
-    dev[0].dump_monitor()
-
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (commit)")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (commit) not received")
-
-    hapd.dump_monitor()
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = binascii.unhexlify("030001004c0013")
-    hapd.mgmt_tx(resp)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Management frame TX status not reported (1)")
-    if "stype=11 ok=1" not in ev:
-        raise Exception("Unexpected management frame TX status (1): " + ev)
-
-    ev = dev[0].wait_event(["SME: Trying to authenticate"])
-    if ev is None:
-        raise Exception("No authentication attempt seen (2)")
-    dev[0].dump_monitor()
-
-    for i in range(0, 10):
-        req = hapd.mgmt_rx()
-        if req is None:
-            raise Exception("MGMT RX wait timed out (commit) (2)")
-        if req['subtype'] == 11:
-            break
-        req = None
-    if not req:
-        raise Exception("Authentication frame (commit) not received (2)")
-
-    hapd.dump_monitor()
-    resp = {}
-    resp['fc'] = req['fc']
-    resp['da'] = req['sa']
-    resp['sa'] = req['da']
-    resp['bssid'] = req['bssid']
-    resp['payload'] = binascii.unhexlify("030001000100")
-    hapd.mgmt_tx(resp)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Management frame TX status not reported (1)")
-    if "stype=11 ok=1" not in ev:
-        raise Exception("Unexpected management frame TX status (1): " + ev)
-
-    ev = dev[0].wait_event(["SME: Trying to authenticate"])
-    if ev is None:
-        raise Exception("No authentication attempt seen (3)")
-    dev[0].dump_monitor()
-
-    dev[0].request("DISCONNECT")
-
-def test_sae_password(dev, apdev):
-    """SAE and sae_password in hostapd configuration"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_password'] = "sae-password"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="sae-password", key_mgmt="SAE",
-                   scan_freq="2412")
-    dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
-    dev[2].request("SET sae_groups ")
-    dev[2].connect("test-sae", sae_password="sae-password", key_mgmt="SAE",
-                   scan_freq="2412")
-
-def test_sae_password_short(dev, apdev):
-    """SAE and short password"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = "secret"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", sae_password="secret", key_mgmt="SAE",
-                   scan_freq="2412")
-
-def test_sae_password_long(dev, apdev):
-    """SAE and long password"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = 100*"A"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", sae_password=100*"A", key_mgmt="SAE",
-                   scan_freq="2412")
-
-def test_sae_connect_cmd(dev, apdev):
-    """SAE with connect command"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-    check_sae_capab(wpas)
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas.request("SET sae_groups ")
-    wpas.connect("test-sae", psk="12345678", key_mgmt="SAE",
-                 scan_freq="2412", wait_connect=False)
-    # mac80211_hwsim does not support SAE offload, so accept both a successful
-    # connection and association rejection.
-    ev = wpas.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-ASSOC-REJECT",
-                          "Association request to the driver failed"],
-                         timeout=15)
-    if ev is None:
-        raise Exception("No connection result reported")
-
-def run_sae_password_id(dev, apdev, groups=None):
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    if groups:
-        params['sae_groups'] = groups
-    else:
-        groups = ""
-    params['sae_password'] = ['secret|mac=ff:ff:ff:ff:ff:ff|id=pw id',
-                              'foo|mac=02:02:02:02:02:02',
-                              'another secret|mac=ff:ff:ff:ff:ff:ff|id=' + 29*'A']
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups " + groups)
-    dev[0].connect("test-sae", sae_password="secret", sae_password_id="pw id",
-                   key_mgmt="SAE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    # SAE Password Identifier element with the exact same length as the
-    # optional Anti-Clogging Token field
-    dev[0].connect("test-sae", sae_password="another secret",
-                   sae_password_id=29*'A',
-                   key_mgmt="SAE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    dev[0].connect("test-sae", sae_password="secret", sae_password_id="unknown",
-                   key_mgmt="SAE", scan_freq="2412", wait_connect=False)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SAE-UNKNOWN-PASSWORD-IDENTIFIER"],
-                           timeout=10)
-    if ev is None:
-        raise Exception("Unknown password identifier not reported")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_sae_password_id(dev, apdev):
-    """SAE and password identifier"""
-    run_sae_password_id(dev, apdev, "")
-
-def test_sae_password_id_ecc(dev, apdev):
-    """SAE and password identifier (ECC)"""
-    run_sae_password_id(dev, apdev, "19")
-
-def test_sae_password_id_ffc(dev, apdev):
-    """SAE and password identifier (FFC)"""
-    run_sae_password_id(dev, apdev, "15")
-
-def test_sae_password_id_only(dev, apdev):
-    """SAE and password identifier (exclusively)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = 'secret|id=pw id'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", sae_password="secret", sae_password_id="pw id",
-                   key_mgmt="SAE", scan_freq="2412")
-
-def test_sae_password_id_pwe_looping(dev, apdev):
-    """SAE and password identifier with forced PWE looping"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = 'secret|id=pw id'
-    params['sae_pwe'] = "3"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    try:
-        dev[0].set("sae_pwe", "3")
-        dev[0].connect("test-sae", sae_password="secret",
-                       sae_password_id="pw id",
-                       key_mgmt="SAE", scan_freq="2412")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_password_id_pwe_check_ap(dev, apdev):
-    """SAE and password identifier with STA using unexpected PWE derivation"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = 'secret|id=pw id'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    try:
-        dev[0].set("sae_pwe", "3")
-        dev[0].connect("test-sae", sae_password="secret",
-                       sae_password_id="pw id",
-                       key_mgmt="SAE", scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-        if ev is None or "CTRL-EVENT-SSID-TEMP-DISABLED" not in ev:
-            raise Exception("Connection failure not reported")
-    finally:
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_password_id_pwe_check_sta(dev, apdev):
-    """SAE and password identifier with AP using unexpected PWE derivation"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = "3"
-    params['sae_password'] = 'secret|id=pw id'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", sae_password="secret",
-                   sae_password_id="pw id",
-                   key_mgmt="SAE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None or "CTRL-EVENT-NETWORK-NOT-FOUND" not in ev:
-        raise Exception("Connection failure not reported")
-
-def test_sae_forced_anti_clogging_pw_id(dev, apdev):
-    """SAE anti clogging (forced and Password Identifier)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_anti_clogging_threshold'] = '0'
-    params['sae_password'] = 'secret|id=' + 29*'A'
-    hostapd.add_ap(apdev[0], params)
-    for i in range(0, 2):
-        dev[i].request("SET sae_groups ")
-        dev[i].connect("test-sae", sae_password="secret",
-                       sae_password_id=29*'A', key_mgmt="SAE", scan_freq="2412")
-
-def test_sae_reauth(dev, apdev):
-    """SAE reauthentication"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        ieee80211w="2", scan_freq="2412")
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=10)
-    hapd.set("ext_mgmt_frame_handling", "0")
-    dev[0].request("PMKSA_FLUSH")
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
-
-def test_sae_anti_clogging_during_attack(dev, apdev):
-    """SAE anti clogging during an attack"""
-    try:
-        run_sae_anti_clogging_during_attack(dev, apdev)
-    finally:
-        stop_monitor(apdev[1]["ifname"])
-
-def build_sae_commit(bssid, addr, group=21, token=None):
-    if group == 19:
-        scalar = binascii.unhexlify("7332d3ebff24804005ccd8c56141e3ed8d84f40638aa31cd2fac11d4d2e89e7b")
-        element = binascii.unhexlify("954d0f4457066bff3168376a1d7174f4e66620d1792406f613055b98513a7f03a538c13dfbaf2029e2adc6aa96aa0ddcf08ac44887b02f004b7f29b9dbf4b7d9")
-    elif group == 21:
-        scalar = binascii.unhexlify("001eec673111b902f5c8a61c8cb4c1c4793031aeea8c8c319410903bc64bcbaea134ab01c4e016d51436f5b5426f7e2af635759a3033fb4031ea79f89a62a3e2f828")
-        element = binascii.unhexlify("00580eb4b448ea600ea277d5e66e4ed37db82bb04ac90442e9c3727489f366ba4b82f0a472d02caf4cdd142e96baea5915d71374660ee23acbaca38cf3fe8c5fb94b01abbc5278121635d7c06911c5dad8f18d516e1fbe296c179b7c87a1dddfab393337d3d215ed333dd396da6d8f20f798c60d054f1093c24d9c2d98e15c030cc375f0")
-        pass
-    frame = binascii.unhexlify("b0003a01")
-    frame += bssid + addr + bssid
-    frame += binascii.unhexlify("1000")
-    auth_alg = 3
-    transact = 1
-    status = 0
-    frame += struct.pack("<HHHH", auth_alg, transact, status, group)
-    if token:
-        frame += token
-    frame += scalar + element
-    return frame
-
-def sae_rx_commit_token_req(sock, radiotap, send_two=False):
-    msg = sock.recv(1500)
-    ver, pad, length, present = struct.unpack('<BBHL', msg[0:8])
-    frame = msg[length:]
-    if len(frame) < 4:
-        return False
-    fc, duration = struct.unpack('<HH', frame[0:4])
-    if fc != 0xb0:
-        return False
-    frame = frame[4:]
-    da = frame[0:6]
-    if da[0] != 0xf2:
-        return False
-    sa = frame[6:12]
-    bssid = frame[12:18]
-    body = frame[20:]
-
-    alg, seq, status, group = struct.unpack('<HHHH', body[0:8])
-    if alg != 3 or seq != 1 or status != 76:
-        return False
-    token = body[8:]
-
-    frame = build_sae_commit(bssid, da, token=token)
-    sock.send(radiotap + frame)
-    if send_two:
-        sock.send(radiotap + frame)
-    return True
-
-def run_sae_anti_clogging_during_attack(dev, apdev):
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = '21'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
-    dev[0].request("SET sae_groups 21")
-    dev[1].scan_for_bss(hapd.own_addr(), freq=2412)
-    dev[1].request("SET sae_groups 21")
-
-    sock = start_monitor(apdev[1]["ifname"])
-    radiotap = radiotap_build()
-
-    bssid = binascii.unhexlify(hapd.own_addr().replace(':', ''))
-    for i in range(16):
-        addr = binascii.unhexlify("f2%010x" % i)
-        frame = build_sae_commit(bssid, addr)
-        sock.send(radiotap + frame)
-        sock.send(radiotap + frame)
-
-    count = 0
-    for i in range(150):
-        if sae_rx_commit_token_req(sock, radiotap, send_two=True):
-            count += 1
-    logger.info("Number of token responses sent: %d" % count)
-    if count < 10:
-        raise Exception("Too few token responses seen: %d" % count)
-
-    for i in range(16):
-        addr = binascii.unhexlify("f201%08x" % i)
-        frame = build_sae_commit(bssid, addr)
-        sock.send(radiotap + frame)
-
-    count = 0
-    for i in range(150):
-        if sae_rx_commit_token_req(sock, radiotap):
-            count += 1
-            if count == 10:
-                break
-    if count < 5:
-        raise Exception("Too few token responses in second round: %d" % count)
-
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-    dev[1].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412", wait_connect=False)
-
-    count = 0
-    connected0 = False
-    connected1 = False
-    for i in range(1000):
-        if sae_rx_commit_token_req(sock, radiotap):
-            count += 1
-            addr = binascii.unhexlify("f202%08x" % i)
-            frame = build_sae_commit(bssid, addr)
-            sock.send(radiotap + frame)
-        while dev[0].mon.pending():
-            ev = dev[0].mon.recv()
-            logger.debug("EV0: " + ev)
-            if "CTRL-EVENT-CONNECTED" in ev:
-                connected0 = True
-        while dev[1].mon.pending():
-            ev = dev[1].mon.recv()
-            logger.debug("EV1: " + ev)
-            if "CTRL-EVENT-CONNECTED" in ev:
-                connected1 = True
-        if connected0 and connected1:
-            break
-        time.sleep(0.00000001)
-    if not connected0:
-        raise Exception("Real station(0) did not get connected")
-    if not connected1:
-        raise Exception("Real station(1) did not get connected")
-    if count < 1:
-        raise Exception("Too few token responses in third round: %d" % count)
-
-def test_sae_sync(dev, apdev):
-    """SAE dot11RSNASAESync"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_sync'] = '1'
-    hostapd.add_ap(apdev[0], params)
-
-    # TODO: More complete dot11RSNASAESync testing. For now, this is really only
-    # checking that sae_sync config parameter is accepted.
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-    id = {}
-    for i in range(0, 2):
-        dev[i].scan(freq="2412")
-        id[i] = dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                               scan_freq="2412", only_add_network=True)
-    for i in range(0, 2):
-        dev[i].select_network(id[i])
-    for i in range(0, 2):
-        dev[i].wait_connected(timeout=10)
-
-def test_sae_confirm_immediate(dev, apdev):
-    """SAE and AP sending Confirm message without waiting STA"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_confirm_immediate'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412")
-
-def test_sae_confirm_immediate2(dev, apdev):
-    """SAE and AP sending Confirm message without waiting STA (2)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_confirm_immediate'] = '2'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].request("SET sae_groups ")
-    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412")
-
-def test_sae_pwe_group_19(dev, apdev):
-    """SAE PWE derivation options with group 19"""
-    run_sae_pwe_group(dev, apdev, 19)
-
-def test_sae_pwe_group_20(dev, apdev):
-    """SAE PWE derivation options with group 20"""
-    run_sae_pwe_group(dev, apdev, 20)
-
-def test_sae_pwe_group_21(dev, apdev):
-    """SAE PWE derivation options with group 21"""
-    run_sae_pwe_group(dev, apdev, 21)
-
-def test_sae_pwe_group_25(dev, apdev):
-    """SAE PWE derivation options with group 25"""
-    run_sae_pwe_group(dev, apdev, 25)
-
-def test_sae_pwe_group_28(dev, apdev):
-    """SAE PWE derivation options with group 28"""
-    run_sae_pwe_group(dev, apdev, 28)
-
-def test_sae_pwe_group_29(dev, apdev):
-    """SAE PWE derivation options with group 29"""
-    run_sae_pwe_group(dev, apdev, 29)
-
-def test_sae_pwe_group_30(dev, apdev):
-    """SAE PWE derivation options with group 30"""
-    run_sae_pwe_group(dev, apdev, 30)
-
-def test_sae_pwe_group_1(dev, apdev):
-    """SAE PWE derivation options with group 1"""
-    run_sae_pwe_group(dev, apdev, 1)
-
-def test_sae_pwe_group_2(dev, apdev):
-    """SAE PWE derivation options with group 2"""
-    run_sae_pwe_group(dev, apdev, 2)
-
-def test_sae_pwe_group_5(dev, apdev):
-    """SAE PWE derivation options with group 5"""
-    run_sae_pwe_group(dev, apdev, 5)
-
-def test_sae_pwe_group_14(dev, apdev):
-    """SAE PWE derivation options with group 14"""
-    run_sae_pwe_group(dev, apdev, 14)
-
-def test_sae_pwe_group_15(dev, apdev):
-    """SAE PWE derivation options with group 15"""
-    run_sae_pwe_group(dev, apdev, 15)
-
-def test_sae_pwe_group_16(dev, apdev):
-    """SAE PWE derivation options with group 16"""
-    run_sae_pwe_group(dev, apdev, 16)
-
-def test_sae_pwe_group_22(dev, apdev):
-    """SAE PWE derivation options with group 22"""
-    run_sae_pwe_group(dev, apdev, 22)
-
-def test_sae_pwe_group_23(dev, apdev):
-    """SAE PWE derivation options with group 23"""
-    run_sae_pwe_group(dev, apdev, 23)
-
-def test_sae_pwe_group_24(dev, apdev):
-    """SAE PWE derivation options with group 24"""
-    run_sae_pwe_group(dev, apdev, 24)
-
-def start_sae_pwe_ap(apdev, group, sae_pwe):
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = str(group)
-    params['sae_pwe'] = str(sae_pwe)
-    return hostapd.add_ap(apdev, params)
-
-def run_sae_pwe_group(dev, apdev, group):
-    check_sae_capab(dev[0])
-    tls = dev[0].request("GET tls_library")
-    if group in [27, 28, 29, 30]:
-        if tls.startswith("OpenSSL") and "run=OpenSSL 1." in tls:
-            logger.info("Add Brainpool EC groups since OpenSSL is new enough")
-        else:
-            raise HwsimSkip("Brainpool curve not supported")
-    start_sae_pwe_ap(apdev[0], group, 2)
-    try:
-        check_sae_pwe_group(dev[0], group, 0)
-        check_sae_pwe_group(dev[0], group, 1)
-        check_sae_pwe_group(dev[0], group, 2)
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def check_sae_pwe_group(dev, group, sae_pwe):
-    dev.set("sae_groups", str(group))
-    dev.set("sae_pwe", str(sae_pwe))
-    dev.connect("sae-pwe", psk="12345678", key_mgmt="SAE", scan_freq="2412")
-    dev.request("REMOVE_NETWORK all")
-    dev.wait_disconnected()
-    dev.dump_monitor()
-
-def test_sae_pwe_h2e_only_ap(dev, apdev):
-    """SAE PWE derivation with H2E-only AP"""
-    check_sae_capab(dev[0])
-    start_sae_pwe_ap(apdev[0], 19, 1)
-    try:
-        check_sae_pwe_group(dev[0], 19, 1)
-        check_sae_pwe_group(dev[0], 19, 2)
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-    dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("No indication of mismatching network seen")
-
-def test_sae_pwe_h2e_only_ap_sta_forcing_loop(dev, apdev):
-    """SAE PWE derivation with H2E-only AP and STA forcing loop"""
-    check_sae_capab(dev[0])
-    start_sae_pwe_ap(apdev[0], 19, 1)
-    dev[0].set("ignore_sae_h2e_only", "1")
-    dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("No indication of temporary disabled network seen")
-
-def test_sae_pwe_loop_only_ap(dev, apdev):
-    """SAE PWE derivation with loop-only AP"""
-    check_sae_capab(dev[0])
-    start_sae_pwe_ap(apdev[0], 19, 0)
-    try:
-        check_sae_pwe_group(dev[0], 19, 0)
-        check_sae_pwe_group(dev[0], 19, 2)
-        dev[0].set("sae_pwe", "1")
-        dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-        if ev is None:
-            raise Exception("No indication of mismatching network seen")
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_h2e_rejected_groups(dev, apdev):
-    """SAE H2E and rejected groups indication"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = "19"
-    params['sae_pwe'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("sae_groups", "21 20 19")
-        dev[0].set("sae_pwe", "1")
-        dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412")
-        addr = dev[0].own_addr()
-        hapd.wait_sta(addr)
-        sta = hapd.get_sta(addr)
-        if 'sae_rejected_groups' not in sta:
-            raise Exception("No sae_rejected_groups")
-        val = sta['sae_rejected_groups']
-        if val != "21 20":
-            raise Exception("Unexpected sae_rejected_groups value: " + val)
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_h2e_rejected_groups_unexpected(dev, apdev):
-    """SAE H2E and rejected groups indication (unexpected group)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_groups'] = "19 20"
-    params['sae_pwe'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("sae_groups", "21 19")
-        dev[0].set("extra_sae_rejected_groups", "19")
-        dev[0].set("sae_pwe", "1")
-        dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-        dev[0].request("DISCONNECT")
-        if ev is None:
-            raise Exception("No indication of temporary disabled network seen")
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_h2e_password_id(dev, apdev):
-    """SAE H2E and password identifier"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = '1'
-    params['sae_password'] = 'secret|id=pw id'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].request("SET sae_groups ")
-        dev[0].set("sae_pwe", "1")
-        dev[0].connect("test-sae", sae_password="secret",
-                       sae_password_id="pw id",
-                       key_mgmt="SAE", scan_freq="2412")
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_pwe_in_psk_ap(dev, apdev):
-    """sae_pwe parameter in PSK-only-AP"""
-    params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
-    params['sae_pwe'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
-
-def test_sae_auth_restart(dev, apdev):
-    """SAE and authentication restarts with H2E/looping"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = '2'
-    params['sae_password'] = 'secret|id=pw id'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[0].request("SET sae_groups ")
-        for pwe in [1, 0, 1]:
-            dev[0].set("sae_pwe", str(pwe))
-            dev[0].connect("test-sae", sae_password="secret",
-                           sae_password_id="pw id",
-                           key_mgmt="SAE", scan_freq="2412")
-            # Disconnect without hostapd removing the STA entry so that the
-            # following SAE authentication instance starts with an existing
-            # STA entry that has maintained some SAE state.
-            hapd.set("ext_mgmt_frame_handling", "1")
-            dev[0].request("REMOVE_NETWORK all")
-            req = hapd.mgmt_rx()
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-            hapd.set("ext_mgmt_frame_handling", "0")
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_rsne_mismatch(dev, apdev):
-    """SAE and RSNE mismatch in EAPOL-Key msg 2/4"""
-    check_sae_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    # First, test with matching RSNE to confirm testing capability
-    dev[0].set("rsne_override_eapol",
-               "30140100000fac040100000fac040100000fac080000")
-    dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                   scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    # Then, test with modified RSNE
-    tests = ["30140100000fac040100000fac040100000fac080010", "0000"]
-    for ie in tests:
-        dev[0].set("rsne_override_eapol", ie)
-        dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["Associated with"], timeout=10)
-        if ev is None:
-            raise Exception("No indication of association seen")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=5)
-        dev[0].request("REMOVE_NETWORK all")
-        if ev is None:
-            raise Exception("No disconnection seen")
-        if "CTRL-EVENT-DISCONNECTED" not in ev:
-            raise Exception("Unexpected connection")
-        dev[0].dump_monitor()
-
-def test_sae_h2e_rsnxe_mismatch(dev, apdev):
-    """SAE H2E and RSNXE mismatch in EAPOL-Key msg 2/4"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("sae_groups", "19")
-        dev[0].set("sae_pwe", "1")
-        for rsnxe in ["F40100", "F400", ""]:
-            dev[0].set("rsnxe_override_eapol", rsnxe)
-            dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["Associated with"], timeout=10)
-            if ev is None:
-                raise Exception("No indication of association seen")
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-DISCONNECTED"], timeout=5)
-            dev[0].request("REMOVE_NETWORK all")
-            if ev is None:
-                raise Exception("No disconnection seen")
-            if "CTRL-EVENT-DISCONNECTED" not in ev:
-                raise Exception("Unexpected connection")
-            dev[0].dump_monitor()
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_h2e_rsnxe_mismatch_retries(dev, apdev):
-    """SAE H2E and RSNXE mismatch in EAPOL-Key msg 2/4 retries"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("sae_groups", "19")
-        dev[0].set("sae_pwe", "1")
-        rsnxe = "F40100"
-        dev[0].set("rsnxe_override_eapol", rsnxe)
-        dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["Associated with"], timeout=10)
-        if ev is None:
-            raise Exception("No indication of association seen")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=5)
-        if ev is None:
-            raise Exception("No disconnection seen")
-        if "CTRL-EVENT-DISCONNECTED" not in ev:
-            raise Exception("Unexpected connection")
-
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        if ev is None:
-            raise Exception("No disconnection seen (2)")
-        if "CTRL-EVENT-DISCONNECTED" not in ev:
-            raise Exception("Unexpected connection (2)")
-
-        dev[0].dump_monitor()
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_h2e_rsnxe_mismatch_assoc(dev, apdev):
-    """SAE H2E and RSNXE mismatch in EAPOL-Key msg 2/4 (assoc)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("sae_groups", "19")
-        dev[0].set("sae_pwe", "1")
-        for rsnxe in ["F40100", "F400", ""]:
-            dev[0].set("rsnxe_override_assoc", rsnxe)
-            dev[0].set("rsnxe_override_eapol", "F40120")
-            dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["Associated with"], timeout=10)
-            if ev is None:
-                raise Exception("No indication of association seen")
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-DISCONNECTED"], timeout=5)
-            dev[0].request("REMOVE_NETWORK all")
-            if ev is None:
-                raise Exception("No disconnection seen")
-            if "CTRL-EVENT-DISCONNECTED" not in ev:
-                raise Exception("Unexpected connection")
-            dev[0].dump_monitor()
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_h2e_rsnxe_mismatch_ap(dev, apdev):
-    """SAE H2E and RSNXE mismatch in EAPOL-Key msg 3/4"""
-    run_sae_h2e_rsnxe_mismatch_ap(dev, apdev, "F40100")
-
-def test_sae_h2e_rsnxe_mismatch_ap2(dev, apdev):
-    """SAE H2E and RSNXE mismatch in EAPOL-Key msg 3/4"""
-    run_sae_h2e_rsnxe_mismatch_ap(dev, apdev, "F400")
-
-def test_sae_h2e_rsnxe_mismatch_ap3(dev, apdev):
-    """SAE H2E and RSNXE mismatch in EAPOL-Key msg 3/4"""
-    run_sae_h2e_rsnxe_mismatch_ap(dev, apdev, "")
-
-def run_sae_h2e_rsnxe_mismatch_ap(dev, apdev, rsnxe):
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="sae-pwe", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_pwe'] = "1"
-    params['rsnxe_override_eapol'] = rsnxe
-    hapd = hostapd.add_ap(apdev[0], params)
-    try:
-        dev[0].set("sae_groups", "19")
-        dev[0].set("sae_pwe", "1")
-        dev[0].connect("sae-pwe", psk="12345678", key_mgmt="SAE",
-                       scan_freq="2412", wait_connect=False)
-        ev = dev[0].wait_event(["Associated with"], timeout=10)
-        if ev is None:
-            raise Exception("No indication of association seen")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                "CTRL-EVENT-DISCONNECTED"], timeout=5)
-        dev[0].request("REMOVE_NETWORK all")
-        if ev is None:
-            raise Exception("No disconnection seen")
-        if "CTRL-EVENT-DISCONNECTED" not in ev:
-            raise Exception("Unexpected connection")
-    finally:
-        dev[0].set("sae_groups", "")
-        dev[0].set("sae_pwe", "0")
-
-def test_sae_forced_anti_clogging_h2e(dev, apdev):
-    """SAE anti clogging (forced, H2E)"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_pwe'] = "1"
-    params['sae_anti_clogging_threshold'] = '0'
-    hostapd.add_ap(apdev[0], params)
-    dev[2].connect("test-sae", psk="12345678", scan_freq="2412")
-    try:
-        for i in range(2):
-            dev[i].request("SET sae_groups ")
-            dev[i].set("sae_pwe", "1")
-            dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412")
-    finally:
-        for i in range(2):
-            dev[i].set("sae_pwe", "0")
-
-def test_sae_forced_anti_clogging_h2e_loop(dev, apdev):
-    """SAE anti clogging (forced, H2E + loop)"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_pwe'] = "2"
-    params['sae_anti_clogging_threshold'] = '0'
-    hostapd.add_ap(apdev[0], params)
-    dev[2].connect("test-sae", psk="12345678", scan_freq="2412")
-    try:
-        for i in range(2):
-            dev[i].request("SET sae_groups ")
-            dev[i].set("sae_pwe", "2")
-            dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                           scan_freq="2412")
-    finally:
-        for i in range(2):
-            dev[i].set("sae_pwe", "0")
-
-def test_sae_okc(dev, apdev):
-    """SAE and opportunistic key caching"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['okc'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].set("sae_groups", "")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        okc=True, scan_freq="2412")
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used")
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2)
-    dev[0].dump_monitor()
-    hapd2.wait_sta()
-    if "sae_group" in dev[0].get_status():
-        raise Exception("SAE authentication used during roam to AP2")
-
-    dev[0].roam(bssid)
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    if "sae_group" in dev[0].get_status():
-        raise Exception("SAE authentication used during roam to AP1")
-
-def test_sae_okc_sta_only(dev, apdev):
-    """SAE and opportunistic key caching only on STA"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].set("sae_groups", "")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        okc=True, scan_freq="2412")
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used")
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2, assoc_reject_ok=True)
-    dev[0].dump_monitor()
-    hapd2.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used during roam to AP2")
-
-def test_sae_okc_pmk_lifetime(dev, apdev):
-    """SAE and opportunistic key caching and PMK lifetime"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['okc'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].set("sae_groups", "")
-    dev[0].set("dot11RSNAConfigPMKLifetime", "10")
-    dev[0].set("dot11RSNAConfigPMKReauthThreshold", "30")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        okc=True, scan_freq="2412")
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used")
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    time.sleep(5)
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2)
-    dev[0].dump_monitor()
-    hapd2.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used during roam to AP2 after reauth threshold")
-
-def test_sae_pmk_lifetime(dev, apdev):
-    """SAE and PMK lifetime"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].set("sae_groups", "")
-    dev[0].set("dot11RSNAConfigPMKLifetime", "10")
-    dev[0].set("dot11RSNAConfigPMKReauthThreshold", "50")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        scan_freq="2412")
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used")
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2)
-    dev[0].dump_monitor()
-    hapd2.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used during roam to AP2")
-
-    dev[0].roam(bssid)
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-    if "sae_group" in dev[0].get_status():
-        raise Exception("SAE authentication used during roam to AP1")
-
-    time.sleep(6)
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2)
-    dev[0].dump_monitor()
-    hapd2.wait_sta()
-    if "sae_group" not in dev[0].get_status():
-        raise Exception("SAE authentication not used during roam to AP2 after reauth threshold")
-
-    ev = dev[0].wait_event(["PMKSA-CACHE-REMOVED"], 11)
-    if ev is None:
-        raise Exception("PMKSA cache entry did not expire")
-    if bssid2 in ev:
-        raise Exception("Unexpected expiration of the current SAE PMKSA cache entry")
-
-def test_sae_and_psk_multiple_passwords(dev, apdev, params):
-    """SAE and PSK with multiple passwords/passphrases"""
-    check_sae_capab(dev[0])
-    check_sae_capab(dev[1])
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    psk_file = os.path.join(params['logdir'],
-                            'sae_and_psk_multiple_passwords.wpa_psk')
-    with open(psk_file, 'w') as f:
-        f.write(addr0 + ' passphrase0\n')
-        f.write(addr1 + ' passphrase1\n')
-    params = hostapd.wpa2_params(ssid="test-sae")
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_password'] = ['passphrase0|mac=' + addr0,
-                              'passphrase1|mac=' + addr1]
-    params['wpa_psk_file'] = psk_file
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("sae_groups", "")
-    dev[0].connect("test-sae", sae_password="passphrase0",
-                   key_mgmt="SAE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    dev[0].connect("test-sae", psk="passphrase0", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    dev[1].set("sae_groups", "")
-    dev[1].connect("test-sae", sae_password="passphrase1",
-                   key_mgmt="SAE", scan_freq="2412")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].wait_disconnected()
-
-    dev[1].connect("test-sae", psk="passphrase1", scan_freq="2412")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].wait_disconnected()
-
-def test_sae_pmf_roam(dev, apdev):
-    """SAE/PMF roam"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['ieee80211w'] = '2'
-    params['skip_prune_assoc'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].set("sae_groups", "")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        ieee80211w="2", scan_freq="2412")
-    dev[0].dump_monitor()
-    hapd.wait_sta()
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].roam(bssid2)
-    dev[0].dump_monitor()
-    hapd2.wait_sta()
-
-    dev[0].roam(bssid)
-    dev[0].dump_monitor()
-
-def test_sae_ocv_pmk(dev, apdev):
-    """SAE with OCV and fetching PMK (successful 4-way handshake)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['ieee80211w'] = '2'
-    params['ocv'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("sae_groups", "")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", ocv="1",
-                        ieee80211w="2", scan_freq="2412")
-    hapd.wait_sta()
-
-    pmk_h = hapd.request("GET_PMK " + dev[0].own_addr())
-    if "FAIL" in pmk_h or len(pmk_h) == 0:
-        raise Exception("Failed to fetch PMK from hostapd during a successful authentication")
-
-    pmk_w = dev[0].get_pmk(id)
-    if pmk_h != pmk_w:
-        raise Exception("Fetched PMK does not match: hostapd %s, wpa_supplicant %s" % (pmk_h, pmk_w))
-
-def test_sae_ocv_pmk_failure(dev, apdev):
-    """SAE with OCV and fetching PMK (failed 4-way handshake)"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['ieee80211w'] = '2'
-    params['ocv'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].set("sae_groups", "")
-    dev[0].set("oci_freq_override_eapol", "2462")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", ocv="1",
-                        ieee80211w="2", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("No connection result reported")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-
-    pmk_h = hapd.request("GET_PMK " + dev[0].own_addr())
-    if "FAIL" in pmk_h or len(pmk_h) == 0:
-        raise Exception("Failed to fetch PMK from hostapd during a successful authentication")
-
-    res = dev[0].request("PMKSA_GET %d" % id)
-    if not res.startswith(hapd.own_addr()):
-        raise Exception("PMKSA from wpa_supplicant does not have matching BSSID")
-    pmk_w = res.split(' ')[2]
-    if pmk_h != pmk_w:
-        raise Exception("Fetched PMK does not match: hostapd %s, wpa_supplicant %s" % (pmk_h, pmk_w))
-
-    dev[0].request("DISCONNECT")
-    time.sleep(0.1)
-    pmk_h2 = hapd.request("GET_PMK " + dev[0].own_addr())
-    res = dev[0].request("PMKSA_GET %d" % id)
-    pmk_w2 = res.split(' ')[2]
-    if pmk_h2 != pmk_h:
-        raise Exception("hostapd did not report correct PMK after disconnection")
-    if pmk_w2 != pmk_w:
-        raise Exception("wpa_supplicant did not report correct PMK after disconnection")
-
-def test_sae_reject(dev, apdev):
-    """SAE and AP rejecting connection"""
-    check_sae_capab(dev[0])
-    params = hostapd.wpa2_params(ssid="test-sae",
-                                 passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params['max_num_sta'] = '0'
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].set("sae_groups", "")
-    id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
-                        scan_freq="2412", wait_connect=False)
-    if not dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=10):
-        raise Exception("Authentication rejection not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
diff --git a/tests/hwsim/test_sae_pk.py b/tests/hwsim/test_sae_pk.py
deleted file mode 100644
index 3bbc62ecd0ba..000000000000
--- a/tests/hwsim/test_sae_pk.py
+++ /dev/null
@@ -1,462 +0,0 @@
-# Test cases for SAE-PK
-# Copyright (c) 2020, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-from utils import *
-
-SAE_PK_SSID = "SAE-PK test"
-
-SAE_PK_SEC3_PW = "r6cr-6ksa-56og"
-SAE_PK_SEC3_M = "089ec11475d55f0d38403f5117a6d64d"
-SAE_PK_19_PK = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg=="
-
-SAE_PK_20_PW = "4zsy-uspe-xbfr-3ifo"
-SAE_PK_20_M = "206902f9f09b62e3fafcd487c65f5c64"
-SAE_PK_20_PK = "MIGkAgEBBDA4wpA6w/fK0g3a2V6QmcoxNoFCVuQPyzWvKYimJkgXsVsXt2ERXQ7dGOVXeycM5DqgBwYFK4EEACKhZANiAARTdszGBNe2PGCnc8Wvs+IDvdVEf4PPBrty0meRZf6UTbGouquTHpy6KKTq5sxrulYzsQFimg4op0UJBGxAzqo0EtTgMlLiBvY0I3Nl3N69MhWo8nvnmguvGGN32AAPXpQ="
-
-SAE_PK_21_PW = "vluk-umpa-3mbw-zrhe-s2n2"
-SAE_PK_21_M = "1c63c1b17e9a999f0693b4341a970a63"
-SAE_PK_21_PK = "MIHcAgEBBEIBnFBjU0ywxo1dLTYcg2aZdMfNY7JHt4GTADRTgJ7RRo9qzRIlfmK7p+BP1c8YM8ia8v7YDTut00rDOfzkdmLOi0WgBwYFK4EEACOhgYkDgYYABAD6n3DHI+qaj/lElhe2sUSKqAe4sweckMlr9bhdmwp8Wsx5lKR/Tt7WPexeqFrA47nChw5WMWy6qJanCKNFvGYG0ADUWnxesYczGtCdUYJQgs3X5tHSapMssz6tP8QL0X9adTI/H3tFYhiVIdor03eZDUVnej78/F31CcHcjGBEyItVfw=="
-
-def run_sae_pk(apdev, dev, ssid, pw, m, pk, ap_groups=None,
-               confirm_immediate=False):
-    params = hostapd.wpa2_params(ssid=ssid)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (pw, m, pk)]
-    if ap_groups:
-        params['sae_groups'] = ap_groups
-    if confirm_immediate:
-        params['sae_confirm_immediate'] = '1'
-    hapd = hostapd.add_ap(apdev, params)
-    bssid = hapd.own_addr()
-
-    dev.connect(ssid, sae_password=pw, key_mgmt="SAE", scan_freq="2412")
-    bss = dev.get_bss(bssid)
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[SAE-H2E]" not in bss['flags'] or "[SAE-PK]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-    status = dev.get_status()
-    if "sae_h2e" not in status or "sae_pk" not in status or \
-       status["sae_h2e"] != "1" or status["sae_pk"] != "1":
-        raise Exception("SAE-PK or H2E not indicated in STATUS")
-    dev.request("REMOVE_NETWORK *")
-    dev.wait_disconnected()
-    hapd.disable()
-
-def test_sae_pk(dev, apdev):
-    """SAE-PK"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "")
-
-    passwords = [SAE_PK_SEC3_PW,
-                 "r6cr-6ksa-56oo-5557",
-                 "r6cr-6ksa-56oo-555p-wi44",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghb",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghv-vwro",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taqj",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfq",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye3x",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye35-4rne",
-                 "r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye35-4rny-5yqz"]
-    for p in passwords:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, p, SAE_PK_SEC3_M,
-                   SAE_PK_19_PK)
-
-def test_sae_pk_group_negotiation(dev, apdev):
-    """SAE-PK"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "20 19")
-
-    try:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
-                   SAE_PK_SEC3_M, SAE_PK_19_PK, ap_groups="19 20")
-    finally:
-        dev[0].set("sae_groups", "")
-
-def test_sae_pk_sec_3(dev, apdev):
-    """SAE-PK with Sec 3"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "")
-
-    run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-               SAE_PK_19_PK)
-
-def test_sae_pk_sec_5(dev, apdev):
-    """SAE-PK with Sec 5"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "")
-
-    pw = "hbbi-f4xq-b457-jjew-muei"
-    m = "d2e5fa27d1be8897f987f2d480d2af6b"
-    run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK)
-
-def test_sae_pk_group_20(dev, apdev):
-    """SAE-PK with group 20"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "20")
-
-    try:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW,
-                   SAE_PK_20_M, SAE_PK_20_PK, ap_groups="20")
-    finally:
-        dev[0].set("sae_groups", "")
-
-def test_sae_pk_group_21(dev, apdev):
-    """SAE-PK with group 21"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "21")
-
-    try:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_21_PW,
-                   SAE_PK_21_M, SAE_PK_21_PK, ap_groups="21")
-    finally:
-        dev[0].set("sae_groups", "")
-
-def test_sae_pk_group_20_sae_group_19(dev, apdev):
-    """SAE-PK with group 20 with SAE group 19"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "19")
-    try:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW,
-                   SAE_PK_20_M, SAE_PK_20_PK, ap_groups="19")
-    finally:
-        dev[0].set("sae_groups", "")
-
-def test_sae_pk_group_20_sae_group_21(dev, apdev):
-    """SAE-PK with group 20 with SAE group 21"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "21")
-    try:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW,
-                   SAE_PK_20_M, SAE_PK_20_PK, ap_groups="21")
-    finally:
-        dev[0].set("sae_groups", "")
-
-def test_sae_pk_group_19_sae_group_20(dev, apdev):
-    """SAE-PK with group 19 with SAE group 20"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "20")
-    try:
-        run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
-                   SAE_PK_SEC3_M, SAE_PK_19_PK, ap_groups="20")
-    finally:
-        dev[0].set("sae_groups", "")
-
-def test_sae_pk_password_without_pk(dev, apdev):
-    """SAE-PK password but not SAE-PK on the AP"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = SAE_PK_SEC3_PW
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                   key_mgmt="SAE", scan_freq="2412")
-    if dev[0].get_status_field("sae_pk") != "0":
-        raise Exception("Unexpected sae_pk STATUS value")
-
-def test_sae_pk_only(dev, apdev):
-    """SAE-PK only"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = SAE_PK_SEC3_PW
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                   key_mgmt="SAE", sae_pk="1",
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None:
-        raise Exception("No result for the connection attempt")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection without SAE-PK")
-    dev[0].request("DISCONNECT")
-    dev[0].dump_monitor()
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid2, freq=2412, force_scan=True)
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_connected()
-    if bssid2 not in ev:
-        raise Exception("Unexpected connection BSSID")
-    if dev[0].get_status_field("sae_pk") != "1":
-        raise Exception("SAE-PK was not used")
-
-def test_sae_pk_modes(dev, apdev):
-    """SAE-PK modes"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    tests = [(2, 0), (1, 1), (0, 1)]
-    for sae_pk, expected in tests:
-        dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                       key_mgmt="SAE", sae_pk=str(sae_pk), ieee80211w="2",
-                       scan_freq="2412")
-        val = dev[0].get_status_field("sae_pk")
-        if val != str(expected):
-            raise Exception("Unexpected sae_pk=%d result %s" % (sae_pk, val))
-        dev[0].request("REMOVE_NETWORK *")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-def test_sae_pk_not_on_ap(dev, apdev):
-    """SAE-PK password, but no PK on AP"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = SAE_PK_SEC3_PW
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                   key_mgmt="SAE", scan_freq="2412")
-    if dev[0].get_status_field("sae_pk") == "1":
-        raise Exception("SAE-PK was claimed to be used")
-
-def test_sae_pk_transition_disable(dev, apdev):
-    """SAE-PK transition disable indication"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    params['transition_disable'] = '0x02'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    id = dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                        key_mgmt="SAE", scan_freq="2412")
-    ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-    if ev is None:
-        raise Exception("Transition disable not indicated")
-    if ev.split(' ')[1] != "02":
-        raise Exception("Unexpected transition disable bitmap: " + ev)
-
-    val = dev[0].get_network(id, "sae_pk")
-    if val != "1":
-        raise Exception("Unexpected sae_pk value: " + str(val))
-
-def test_sae_pk_mixed(dev, apdev):
-    """SAE-PK mixed deployment"""
-    run_sae_pk_mixed(dev, apdev)
-
-def test_sae_pk_mixed_immediate_confirm(dev, apdev):
-    """SAE-PK mixed deployment with immediate confirm on AP"""
-    run_sae_pk_mixed(dev, apdev, confirm_immediate=True)
-
-def run_sae_pk_mixed(dev, apdev, confirm_immediate=False):
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = SAE_PK_SEC3_PW
-    if confirm_immediate:
-        params['sae_confirm_immediate'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    # Disable HT from the SAE-PK BSS to make the station prefer the other BSS
-    # by default.
-    params['ieee80211n'] = '0'
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].scan_for_bss(bssid2, freq=2412)
-
-    dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                   key_mgmt="SAE", scan_freq="2412")
-
-    if dev[0].get_status_field("sae_pk") != "1":
-        raise Exception("SAE-PK was not used")
-    if dev[0].get_status_field("bssid") != bssid2:
-        raise Exception("Unexpected BSSID selected")
-
-def check_sae_pk_sta_connect_failure(dev):
-    dev.connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                key_mgmt="SAE", scan_freq="2412", wait_connect=False)
-    ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
-                         "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No result for the connection attempt")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-
-def test_sae_pk_missing_ie(dev, apdev):
-    """SAE-PK and missing SAE-PK IE in confirm"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    params['sae_pk_omit'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_sae_pk_sta_connect_failure(dev[0])
-
-def test_sae_pk_unexpected_status(dev, apdev):
-    """SAE-PK and unexpected status code in commit"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    params['sae_commit_status'] = '126'
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_sae_pk_sta_connect_failure(dev[0])
-
-def test_sae_pk_invalid_signature(dev, apdev):
-    """SAE-PK and invalid signature"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    other = "MHcCAQEEILw+nTjFzRyhVea0G6KbwZu18oWrfhzppxj+MceUO3YLoAoGCCqGSM49AwEHoUQDQgAELdou6LuTDNiMVlMB65KsWhQFbPXR9url0EA6luWzUfAuGoDXYJUBTVz6Nv3mz6oQcDrSiDmz/LejndJ0YHGgfQ=="
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
-                                                  SAE_PK_19_PK, other)]
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_sae_pk_sta_connect_failure(dev[0])
-
-def test_sae_pk_invalid_fingerprint(dev, apdev):
-    """SAE-PK and invalid fingerprint"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    other = "431ff8322f93b9dc50ded9f3d14ace21"
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, other,
-                                               SAE_PK_19_PK)]
-    hapd = hostapd.add_ap(apdev[0], params)
-    check_sae_pk_sta_connect_failure(dev[0])
-
-def test_sae_pk_confirm_immediate(dev, apdev):
-    """SAE-PK with immediate confirm on AP"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "")
-
-    run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
-               SAE_PK_SEC3_M, SAE_PK_19_PK, confirm_immediate=True)
-
-def test_sae_pk_and_psk(dev, apdev):
-    """SAE-PK and PSK"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-    dev[0].set("sae_groups", "")
-    dev[2].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW,
-                                               SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    params['wpa_passphrase'] = SAE_PK_SEC3_PW
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW, key_mgmt="SAE",
-                   scan_freq="2412")
-    dev[1].connect(SAE_PK_SSID, psk=SAE_PK_SEC3_PW, key_mgmt="WPA-PSK",
-                   scan_freq="2412")
-    dev[2].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW, key_mgmt="SAE",
-                   sae_pk="2", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK *")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-    dev[0].connect(SAE_PK_SSID, psk=SAE_PK_SEC3_PW, key_mgmt="SAE",
-                   scan_freq="2412")
-    status = dev[0].get_status()
-    if "sae_h2e" not in status or "sae_pk" not in status or \
-       status["sae_h2e"] != "1" or status["sae_pk"] != "1":
-        raise Exception("SAE-PK or H2E not indicated in STATUS")
-
-def test_sae_pk_and_psk_invalid_password(dev, apdev):
-    """SAE-PK and PSK using invalid password combination"""
-    check_sae_pk_capab(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE WPA-PSK'
-    params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW,
-                                               SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    params['wpa_passphrase'] = SAE_PK_20_PW
-    hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
-    res = hapd.request("ENABLE")
-    if "FAIL" not in res:
-        raise Exception("Invalid configuration accepted")
-
-def test_sae_pk_invalid_pw(dev, apdev):
-    """SAE-PK with invalid password on AP"""
-    check_sae_pk_capab(dev[0])
-    dev[0].set("sae_groups", "")
-
-    params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    params["sae_pk_password_check_skip"] = "1"
-    invalid_pw = "r6cr+6ksa+56og"
-    params['sae_password'] = ['%s|pk=%s:%s' % (invalid_pw, SAE_PK_SEC3_M,
-                                               SAE_PK_19_PK)]
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect(SAE_PK_SSID, sae_password=invalid_pw,
-                   key_mgmt="SAE", ieee80211w="2", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK *")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
-                   key_mgmt="SAE", ieee80211w="2", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No result for the connection attempt")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection with invalid SAE-PK password")
-    dev[0].request("DISCONNECT")
diff --git a/tests/hwsim/test_scan.py b/tests/hwsim/test_scan.py
deleted file mode 100644
index 24a7903ab217..000000000000
--- a/tests/hwsim/test_scan.py
+++ /dev/null
@@ -1,2025 +0,0 @@
-# Scanning tests
-# Copyright (c) 2013-2016, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import time
-import logging
-logger = logging.getLogger()
-import os
-import struct
-import subprocess
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from tshark import run_tshark
-from test_ap_csa import switch_channel, wait_channel_switch
-
-def check_scan(dev, params, other_started=False, test_busy=False):
-    if not other_started:
-        dev.dump_monitor()
-    id = dev.request("SCAN " + params)
-    if "FAIL" in id:
-        raise Exception("Failed to start scan")
-    id = int(id)
-
-    if test_busy:
-        if "FAIL-BUSY" not in dev.request("SCAN"):
-            raise Exception("SCAN command while already scanning not rejected")
-
-    if other_started:
-        ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"])
-        if ev is None:
-            raise Exception("Other scan did not start")
-        if "id=" + str(id) in ev:
-            raise Exception("Own scan id unexpectedly included in start event")
-
-        ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-        if ev is None:
-            raise Exception("Other scan did not complete")
-        if "id=" + str(id) in ev:
-            raise Exception("Own scan id unexpectedly included in completed event")
-
-    ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    if ev is None:
-        raise Exception("Scan did not start")
-    if "id=" + str(id) not in ev:
-        raise Exception("Scan id not included in start event")
-    if test_busy:
-        if "FAIL-BUSY" not in dev.request("SCAN"):
-            raise Exception("SCAN command while already scanning not rejected")
-
-    ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-    if "id=" + str(id) not in ev:
-        raise Exception("Scan id not included in completed event")
-
-def check_scan_retry(dev, params, bssid):
-    for i in range(0, 5):
-        check_scan(dev, "freq=2412-2462,5180 use_id=1")
-        if int(dev.get_bss(bssid)['age']) <= 1:
-            return
-    raise Exception("Unexpectedly old BSS entry")
-
-@remote_compatible
-def test_scan(dev, apdev):
-    """Control interface behavior on scan parameters"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    logger.info("Full scan")
-    check_scan(dev[0], "use_id=1", test_busy=True)
-
-    logger.info("Limited channel scan")
-    check_scan_retry(dev[0], "freq=2412-2462,5180 use_id=1", bssid)
-
-    # wait long enough to allow next scans to be verified not to find the AP
-    time.sleep(2)
-
-    logger.info("Passive single-channel scan")
-    check_scan(dev[0], "freq=2457 passive=1 use_id=1")
-    logger.info("Active single-channel scan")
-    check_scan(dev[0], "freq=2452 passive=0 use_id=1")
-    if int(dev[0].get_bss(bssid)['age']) < 2:
-        raise Exception("Unexpectedly updated BSS entry")
-
-    logger.info("Active single-channel scan on AP's operating channel")
-    check_scan_retry(dev[0], "freq=2412 passive=0 use_id=1", bssid)
-
-@remote_compatible
-def test_scan_tsf(dev, apdev):
-    """Scan and TSF updates from Beacon/Probe Response frames"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan",
-                              'beacon_int': "100"})
-    bssid = apdev[0]['bssid']
-
-    tsf = []
-    for passive in [1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1]:
-        check_scan(dev[0], "freq=2412 passive=%d use_id=1" % passive)
-        bss = dev[0].get_bss(bssid)
-        if bss:
-            tsf.append(int(bss['tsf']))
-            logger.info("TSF: " + bss['tsf'])
-    if tsf[-3] <= tsf[-4]:
-        # For now, only write this in the log without failing the test case
-        # since mac80211_hwsim does not yet update the Timestamp field in
-        # Probe Response frames.
-        logger.info("Probe Response did not update TSF")
-        #raise Exception("Probe Response did not update TSF")
-    if tsf[-1] <= tsf[-3]:
-        raise Exception("Beacon did not update TSF")
-    if 0 in tsf:
-        raise Exception("0 TSF reported")
-
-@remote_compatible
-def test_scan_only(dev, apdev):
-    """Control interface behavior on scan parameters with type=only"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    logger.info("Full scan")
-    check_scan(dev[0], "type=only use_id=1")
-
-    logger.info("Limited channel scan")
-    check_scan_retry(dev[0], "type=only freq=2412-2462,5180 use_id=1", bssid)
-
-    # wait long enough to allow next scans to be verified not to find the AP
-    time.sleep(2)
-
-    logger.info("Passive single-channel scan")
-    check_scan(dev[0], "type=only freq=2457 passive=1 use_id=1")
-    logger.info("Active single-channel scan")
-    check_scan(dev[0], "type=only freq=2452 passive=0 use_id=1")
-    if int(dev[0].get_bss(bssid)['age']) < 2:
-        raise Exception("Unexpectedly updated BSS entry")
-
-    logger.info("Active single-channel scan on AP's operating channel")
-    check_scan_retry(dev[0], "type=only freq=2412 passive=0 use_id=1", bssid)
-
-@remote_compatible
-def test_scan_external_trigger(dev, apdev):
-    """Avoid operations during externally triggered scan"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-    dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger'])
-    check_scan(dev[0], "use_id=1", other_started=True)
-
-def test_scan_bss_expiration_count(dev, apdev):
-    """BSS entry expiration based on scan results without match"""
-    if "FAIL" not in dev[0].request("BSS_EXPIRE_COUNT 0"):
-        raise Exception("Invalid BSS_EXPIRE_COUNT accepted")
-    if "OK" not in dev[0].request("BSS_EXPIRE_COUNT 2"):
-        raise Exception("BSS_EXPIRE_COUNT failed")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-    dev[0].scan(freq="2412", only_new=True)
-    if bssid not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("BSS not found in initial scan")
-    hapd.request("DISABLE")
-    # Try to give enough time for hostapd to have stopped mac80211 from
-    # beaconing before checking a new scan. This is needed with UML time travel
-    # testing.
-    hapd.ping()
-    time.sleep(0.2)
-    dev[0].scan(freq="2412", only_new=True)
-    if bssid not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("BSS not found in first scan without match")
-    dev[0].scan(freq="2412", only_new=True)
-    if bssid in dev[0].request("SCAN_RESULTS"):
-        raise Exception("BSS found after two scans without match")
-
-@remote_compatible
-def test_scan_bss_expiration_age(dev, apdev):
-    """BSS entry expiration based on age"""
-    try:
-        if "FAIL" not in dev[0].request("BSS_EXPIRE_AGE COUNT 9"):
-            raise Exception("Invalid BSS_EXPIRE_AGE accepted")
-        if "OK" not in dev[0].request("BSS_EXPIRE_AGE 10"):
-            raise Exception("BSS_EXPIRE_AGE failed")
-        hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-        bssid = apdev[0]['bssid']
-        # Allow couple more retries to avoid reporting errors during heavy load
-        for i in range(5):
-            dev[0].scan(freq="2412")
-            if bssid in dev[0].request("SCAN_RESULTS"):
-                break
-        if bssid not in dev[0].request("SCAN_RESULTS"):
-            raise Exception("BSS not found in initial scan")
-        hapd.request("DISABLE")
-        logger.info("Waiting for BSS entry to expire")
-        time.sleep(7)
-        if bssid not in dev[0].request("SCAN_RESULTS"):
-            raise Exception("BSS expired too quickly")
-        ev = dev[0].wait_event(["CTRL-EVENT-BSS-REMOVED"], timeout=15)
-        if ev is None:
-            raise Exception("BSS entry expiration timed out")
-        if bssid in dev[0].request("SCAN_RESULTS"):
-            raise Exception("BSS not removed after expiration time")
-    finally:
-        dev[0].request("BSS_EXPIRE_AGE 180")
-
-@remote_compatible
-def test_scan_filter(dev, apdev):
-    """Filter scan results based on SSID"""
-    try:
-        if "OK" not in dev[0].request("SET filter_ssids 1"):
-            raise Exception("SET failed")
-        id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True)
-        hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-        bssid = apdev[0]['bssid']
-        hostapd.add_ap(apdev[1], {"ssid": "test-scan2"})
-        bssid2 = apdev[1]['bssid']
-        dev[0].scan(freq="2412", only_new=True)
-        if bssid not in dev[0].request("SCAN_RESULTS"):
-            raise Exception("BSS not found in scan results")
-        if bssid2 in dev[0].request("SCAN_RESULTS"):
-            raise Exception("Unexpected BSS found in scan results")
-        dev[0].set_network_quoted(id, "ssid", "")
-        dev[0].scan(freq="2412")
-        id2 = dev[0].connect("test", key_mgmt="NONE", only_add_network=True)
-        dev[0].scan(freq="2412")
-    finally:
-        dev[0].request("SET filter_ssids 0")
-
-@remote_compatible
-def test_scan_int(dev, apdev):
-    """scan interval configuration"""
-    try:
-        if "FAIL" not in dev[0].request("SCAN_INTERVAL -1"):
-            raise Exception("Accepted invalid scan interval")
-        if "OK" not in dev[0].request("SCAN_INTERVAL 1"):
-            raise Exception("Failed to set scan interval")
-        dev[0].connect("not-used", key_mgmt="NONE", scan_freq="2412",
-                       wait_connect=False)
-        times = {}
-        for i in range(0, 3):
-            logger.info("Waiting for scan to start")
-            start = os.times()[4]
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("did not start a scan")
-            stop = os.times()[4]
-            times[i] = stop - start
-            logger.info("Waiting for scan to complete")
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
-            if ev is None:
-                raise Exception("did not complete a scan")
-        logger.info("times=" + str(times))
-        if times[0] > 1 or times[1] < 0.5 or times[1] > 1.5 or times[2] < 0.5 or times[2] > 1.5:
-            raise Exception("Unexpected scan timing: " + str(times))
-    finally:
-        dev[0].request("SCAN_INTERVAL 5")
-
-def test_scan_bss_operations(dev, apdev):
-    """Control interface behavior on BSS parameters"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-    hostapd.add_ap(apdev[1], {"ssid": "test2-scan"})
-    bssid2 = apdev[1]['bssid']
-
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-
-    id1 = dev[0].request("BSS FIRST MASK=0x1").splitlines()[0].split('=')[1]
-    id2 = dev[0].request("BSS LAST MASK=0x1").splitlines()[0].split('=')[1]
-
-    res = dev[0].request("BSS RANGE=ALL MASK=0x20001")
-    if "id=" + id1 not in res:
-        raise Exception("Missing BSS " + id1)
-    if "id=" + id2 not in res:
-        raise Exception("Missing BSS " + id2)
-    if "====" not in res:
-        raise Exception("Missing delim")
-    if "####" not in res:
-        raise Exception("Missing end")
-
-    res = dev[0].request("BSS RANGE=ALL MASK=0")
-    if "id=" + id1 not in res:
-        raise Exception("Missing BSS " + id1)
-    if "id=" + id2 not in res:
-        raise Exception("Missing BSS " + id2)
-    if "====" in res:
-        raise Exception("Unexpected delim")
-    if "####" in res:
-        raise Exception("Unexpected end delim")
-
-    res = dev[0].request("BSS RANGE=ALL MASK=0x1").splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected result: " + str(res))
-    res = dev[0].request("BSS FIRST MASK=0x1")
-    if "id=" + id1 not in res:
-        raise Exception("Unexpected result: " + res)
-    res = dev[0].request("BSS LAST MASK=0x1")
-    if "id=" + id2 not in res:
-        raise Exception("Unexpected result: " + res)
-    res = dev[0].request("BSS ID-" + id1 + " MASK=0x1")
-    if "id=" + id1 not in res:
-        raise Exception("Unexpected result: " + res)
-    res = dev[0].request("BSS NEXT-" + id1 + " MASK=0x1")
-    if "id=" + id2 not in res:
-        raise Exception("Unexpected result: " + res)
-    res = dev[0].request("BSS NEXT-" + id2 + " MASK=0x1")
-    if "id=" in res:
-        raise Exception("Unexpected result: " + res)
-
-    if len(dev[0].request("BSS RANGE=" + id2 + " MASK=0x1").splitlines()) != 0:
-        raise Exception("Unexpected RANGE=1 result")
-    if len(dev[0].request("BSS RANGE=" + id1 + "- MASK=0x1").splitlines()) != 2:
-        raise Exception("Unexpected RANGE=0- result")
-    if len(dev[0].request("BSS RANGE=-" + id2 + " MASK=0x1").splitlines()) != 2:
-        raise Exception("Unexpected RANGE=-1 result")
-    if len(dev[0].request("BSS RANGE=" + id1 + "-" + id2 + " MASK=0x1").splitlines()) != 2:
-        raise Exception("Unexpected RANGE=0-1 result")
-    if len(dev[0].request("BSS RANGE=" + id2 + "-" + id2 + " MASK=0x1").splitlines()) != 1:
-        raise Exception("Unexpected RANGE=1-1 result")
-    if len(dev[0].request("BSS RANGE=" + str(int(id2) + 1) + "-" + str(int(id2) + 10) + " MASK=0x1").splitlines()) != 0:
-        raise Exception("Unexpected RANGE=2-10 result")
-    if len(dev[0].request("BSS RANGE=0-" + str(int(id2) + 10) + " MASK=0x1").splitlines()) != 2:
-        raise Exception("Unexpected RANGE=0-10 result")
-    if len(dev[0].request("BSS RANGE=" + id1 + "-" + id1 + " MASK=0x1").splitlines()) != 1:
-        raise Exception("Unexpected RANGE=0-0 result")
-
-    res = dev[0].request("BSS p2p_dev_addr=FOO")
-    if "FAIL" in res or "id=" in res:
-        raise Exception("Unexpected result: " + res)
-    res = dev[0].request("BSS p2p_dev_addr=00:11:22:33:44:55")
-    if "FAIL" in res or "id=" in res:
-        raise Exception("Unexpected result: " + res)
-
-    dev[0].request("BSS_FLUSH 1000")
-    res = dev[0].request("BSS RANGE=ALL MASK=0x1").splitlines()
-    if len(res) != 2:
-        raise Exception("Unexpected result after BSS_FLUSH 1000")
-    dev[0].request("BSS_FLUSH 0")
-    res = dev[0].request("BSS RANGE=ALL MASK=0x1").splitlines()
-    if len(res) != 0:
-        raise Exception("Unexpected result after BSS_FLUSH 0")
-
-@remote_compatible
-def test_scan_and_interface_disabled(dev, apdev):
-    """Scan operation when interface gets disabled"""
-    try:
-        dev[0].request("SCAN")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-        if ev is None:
-            raise Exception("Scan did not start")
-        dev[0].request("DRIVER_EVENT INTERFACE_DISABLED")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=7)
-        if ev is not None:
-            raise Exception("Scan completed unexpectedly")
-
-        # verify that scan is rejected
-        if "FAIL" not in dev[0].request("SCAN"):
-            raise Exception("New scan request was accepted unexpectedly")
-
-        dev[0].request("DRIVER_EVENT INTERFACE_ENABLED")
-        dev[0].scan(freq="2412")
-    finally:
-        dev[0].request("DRIVER_EVENT INTERFACE_ENABLED")
-
-@remote_compatible
-def test_scan_for_auth(dev, apdev):
-    """cfg80211 workaround with scan-for-auth"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    # Block sme-connect radio work with an external radio work item, so that
-    # SELECT_NETWORK can decide to use fast associate without a new scan while
-    # cfg80211 still has the matching BSS entry, but the actual connection is
-    # not yet started.
-    id = dev[0].request("RADIO_WORK add block-work")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    dev[0].dump_monitor()
-    # Clear cfg80211 BSS table.
-    res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger',
-                                    'freq', '2457', 'flush'])
-    if res != 0:
-        raise HwsimSkip("iw scan trigger flush not supported")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-    if ev is None:
-        raise Exception("External flush scan timed out")
-    # Release blocking radio work to allow connection to go through with the
-    # cfg80211 BSS entry missing.
-    dev[0].request("RADIO_WORK done " + id)
-
-    dev[0].wait_connected(timeout=15)
-
-@remote_compatible
-def test_scan_for_auth_fail(dev, apdev):
-    """cfg80211 workaround with scan-for-auth failing"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    # Block sme-connect radio work with an external radio work item, so that
-    # SELECT_NETWORK can decide to use fast associate without a new scan while
-    # cfg80211 still has the matching BSS entry, but the actual connection is
-    # not yet started.
-    id = dev[0].request("RADIO_WORK add block-work")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    dev[0].dump_monitor()
-    hapd.disable()
-    # Clear cfg80211 BSS table.
-    res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger',
-                                    'freq', '2457', 'flush'])
-    if res != 0:
-        raise HwsimSkip("iw scan trigger flush not supported")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-    if ev is None:
-        raise Exception("External flush scan timed out")
-    # Release blocking radio work to allow connection to go through with the
-    # cfg80211 BSS entry missing.
-    dev[0].request("RADIO_WORK done " + id)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS",
-                            "CTRL-EVENT-CONNECTED"], 15)
-    if ev is None:
-        raise Exception("Scan event missing")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    dev[0].request("DISCONNECT")
-
-@remote_compatible
-def test_scan_for_auth_wep(dev, apdev):
-    """cfg80211 scan-for-auth workaround with WEP keys"""
-    check_wep_capa(dev[0])
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep", "wep_key0": '"abcde"',
-                           "auth_algs": "2"})
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    # Block sme-connect radio work with an external radio work item, so that
-    # SELECT_NETWORK can decide to use fast associate without a new scan while
-    # cfg80211 still has the matching BSS entry, but the actual connection is
-    # not yet started.
-    id = dev[0].request("RADIO_WORK add block-work")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-    dev[0].connect("wep", key_mgmt="NONE", wep_key0='"abcde"',
-                   auth_alg="SHARED", scan_freq="2412", wait_connect=False)
-    dev[0].dump_monitor()
-    # Clear cfg80211 BSS table.
-    res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger',
-                                    'freq', '2457', 'flush'])
-    if res != 0:
-        raise HwsimSkip("iw scan trigger flush not supported")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
-    if ev is None:
-        raise Exception("External flush scan timed out")
-    # Release blocking radio work to allow connection to go through with the
-    # cfg80211 BSS entry missing.
-    dev[0].request("RADIO_WORK done " + id)
-
-    dev[0].wait_connected(timeout=15)
-
-@remote_compatible
-def test_scan_hidden(dev, apdev):
-    """Control interface behavior on scan parameters"""
-    dev[0].flush_scan_cache()
-    ssid = "test-scan"
-    wrong_ssid = "wrong"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid,
-                                     "ignore_broadcast_ssid": "1"})
-    bssid = apdev[0]['bssid']
-
-    check_scan(dev[0], "freq=2412 use_id=1")
-    try:
-        payload = struct.pack('BB', 0, len(wrong_ssid)) + wrong_ssid.encode()
-        ssid_list = struct.pack('BB', 84, len(payload)) + payload
-        cmd = "VENDOR_ELEM_ADD 14 " + binascii.hexlify(ssid_list).decode()
-        if "OK" not in dev[0].request(cmd):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        check_scan(dev[0], "freq=2412 use_id=1")
-
-        payload = struct.pack('<L', binascii.crc32(wrong_ssid.encode()))
-        ssid_list = struct.pack('BBB', 255, 1 + len(payload), 58) + payload
-        cmd = "VENDOR_ELEM_ADD 14 " + binascii.hexlify(ssid_list).decode()
-        if "OK" not in dev[0].request(cmd):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        check_scan(dev[0], "freq=2412 use_id=1")
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 14 *")
-    if "test-scan" in dev[0].request("SCAN_RESULTS"):
-        raise Exception("BSS unexpectedly found in initial scan")
-
-    id1 = dev[0].connect("foo", key_mgmt="NONE", scan_ssid="1",
-                         only_add_network=True)
-    id2 = dev[0].connect("test-scan", key_mgmt="NONE", scan_ssid="1",
-                         only_add_network=True)
-    id3 = dev[0].connect("bar", key_mgmt="NONE", only_add_network=True)
-
-    check_scan(dev[0], "freq=2412 use_id=1")
-    if "test-scan" in dev[0].request("SCAN_RESULTS"):
-        raise Exception("BSS unexpectedly found in scan")
-
-    # Allow multiple attempts to be more robust under heavy CPU load that can
-    # result in Probe Response frames getting sent only after the station has
-    # already stopped waiting for the response on the channel.
-    found = False
-    for i in range(10):
-        check_scan(dev[0], "scan_id=%d,%d,%d freq=2412 use_id=1" % (id1, id2, id3))
-        if "test-scan" in dev[0].request("SCAN_RESULTS"):
-            found = True
-            break
-    if not found:
-        raise Exception("BSS not found in scan")
-
-    if "FAIL" not in dev[0].request("SCAN scan_id=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17"):
-        raise Exception("Too many scan_id values accepted")
-
-    # Duplicate SSID removal
-    check_scan(dev[0], "scan_id=%d,%d,%d freq=2412 use_id=1" % (id1, id1, id2))
-
-    dev[0].request("REMOVE_NETWORK all")
-    hapd.disable()
-    dev[0].flush_scan_cache(freq=2432)
-    dev[0].flush_scan_cache()
-
-def test_scan_and_bss_entry_removed(dev, apdev):
-    """Last scan result and connect work processing on BSS entry update"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open",
-                                     "eap_server": "1",
-                                     "wps_state": "2"})
-    bssid = apdev[0]['bssid']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-
-    # Add a BSS entry
-    dev[0].scan_for_bss(bssid, freq="2412")
-    wpas.scan_for_bss(bssid, freq="2412")
-
-    # Start a connect radio work with a blocking entry preventing this from
-    # proceeding; this stores a pointer to the selected BSS entry.
-    id = dev[0].request("RADIO_WORK add block-work")
-    w_id = wpas.request("RADIO_WORK add block-work")
-    dev[0].wait_event(["EXT-RADIO-WORK-START"], timeout=1)
-    wpas.wait_event(["EXT-RADIO-WORK-START"], timeout=1)
-    nid = dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                         wait_connect=False)
-    w_nid = wpas.connect("open", key_mgmt="NONE", scan_freq="2412",
-                         wait_connect=False)
-    time.sleep(0.1)
-
-    # Remove the BSS entry
-    dev[0].request("BSS_FLUSH 0")
-    wpas.request("BSS_FLUSH 0")
-
-    # Allow the connect radio work to continue. The bss entry stored in the
-    # pending connect work is now stale. This will result in the connection
-    # attempt failing since the BSS entry does not exist.
-    dev[0].request("RADIO_WORK done " + id)
-    wpas.request("RADIO_WORK done " + w_id)
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    dev[0].remove_network(nid)
-    ev = wpas.wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    wpas.remove_network(w_nid)
-    time.sleep(0.5)
-    dev[0].request("BSS_FLUSH 0")
-    wpas.request("BSS_FLUSH 0")
-
-    # Add a BSS entry
-    dev[0].scan_for_bss(bssid, freq="2412")
-    wpas.scan_for_bss(bssid, freq="2412")
-
-    # Start a connect radio work with a blocking entry preventing this from
-    # proceeding; this stores a pointer to the selected BSS entry.
-    id = dev[0].request("RADIO_WORK add block-work")
-    w_id = wpas.request("RADIO_WORK add block-work")
-    dev[0].wait_event(["EXT-RADIO-WORK-START"], timeout=1)
-    wpas.wait_event(["EXT-RADIO-WORK-START"], timeout=1)
-
-    # Schedule a connection based on the current BSS entry.
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    wpas.connect("open", key_mgmt="NONE", scan_freq="2412",
-                 wait_connect=False)
-
-    # Update scan results with results that have longer set of IEs so that new
-    # memory needs to be allocated for the BSS entry.
-    hapd.request("WPS_PBC")
-    time.sleep(0.1)
-    subprocess.call(['iw', dev[0].ifname, 'scan', 'trigger', 'freq', '2412'])
-    subprocess.call(['iw', wpas.ifname, 'scan', 'trigger', 'freq', '2412'])
-    time.sleep(0.1)
-
-    # Allow the connect radio work to continue. The bss entry stored in the
-    # pending connect work becomes stale during the scan and it must have been
-    # updated for the connection to work.
-    dev[0].request("RADIO_WORK done " + id)
-    wpas.request("RADIO_WORK done " + w_id)
-
-    dev[0].wait_connected(timeout=15, error="No connection (sme-connect)")
-    wpas.wait_connected(timeout=15, error="No connection (connect)")
-    dev[0].request("DISCONNECT")
-    wpas.request("DISCONNECT")
-    dev[0].flush_scan_cache()
-    wpas.flush_scan_cache()
-
-@remote_compatible
-def test_scan_reqs_with_non_scan_radio_work(dev, apdev):
-    """SCAN commands while non-scan radio_work is in progress"""
-    id = dev[0].request("RADIO_WORK add test-work-a")
-    ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
-    if ev is None:
-        raise Exception("Timeout while waiting radio work to start")
-
-    if "OK" not in dev[0].request("SCAN"):
-        raise Exception("SCAN failed")
-    if "FAIL-BUSY" not in dev[0].request("SCAN"):
-        raise Exception("SCAN accepted while one is already pending")
-    if "FAIL-BUSY" not in dev[0].request("SCAN"):
-        raise Exception("SCAN accepted while one is already pending")
-
-    res = dev[0].request("RADIO_WORK show").splitlines()
-    count = 0
-    for l in res:
-        if "scan" in l:
-            count += 1
-    if count != 1:
-        logger.info(res)
-        raise Exception("Unexpected number of scan radio work items")
-
-    dev[0].dump_monitor()
-    dev[0].request("RADIO_WORK done " + id)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("Scan did not start")
-    if "FAIL-BUSY" not in dev[0].request("SCAN"):
-        raise Exception("SCAN accepted while one is already in progress")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.2)
-    if ev is not None:
-        raise Exception("Unexpected scan started")
-
-def test_scan_setband(dev, apdev):
-    """Band selection for scan operations"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    devs = [ dev[0], dev[1], dev[2], wpas ]
-
-    try:
-        hapd = None
-        hapd2 = None
-        params = {"ssid": "test-setband",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "country_code": "US"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = apdev[0]['bssid']
-
-        params = {"ssid": "test-setband",
-                  "hw_mode": "g",
-                  "channel": "1"}
-        hapd2 = hostapd.add_ap(apdev[1], params)
-        bssid2 = apdev[1]['bssid']
-
-        if "FAIL" not in dev[0].request("SET setband FOO"):
-            raise Exception("Invalid set setband accepted")
-        if "OK" not in dev[0].request("SET setband AUTO"):
-            raise Exception("Failed to set setband")
-        if "OK" not in dev[1].request("SET setband 5G"):
-            raise Exception("Failed to set setband")
-        if "OK" not in dev[2].request("SET setband 2G"):
-            raise Exception("Failed to set setband")
-        if "OK" not in wpas.request("SET setband 2G,5G"):
-            raise Exception("Failed to set setband")
-
-        # Allow a retry to avoid reporting errors during heavy load
-        for j in range(5):
-            for d in devs:
-                d.request("SCAN only_new=1")
-
-            for d in devs:
-                ev = d.wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-                if ev is None:
-                    raise Exception("Scan timed out")
-
-            res0 = dev[0].request("SCAN_RESULTS")
-            res1 = dev[1].request("SCAN_RESULTS")
-            res2 = dev[2].request("SCAN_RESULTS")
-            res3 = wpas.request("SCAN_RESULTS")
-            if bssid in res0 and bssid2 in res0 and \
-               bssid in res1 and bssid2 in res2 and \
-               bssid in res3 and bssid2 in res3:
-                break
-
-        res = dev[0].request("SCAN_RESULTS")
-        if bssid not in res or bssid2 not in res:
-            raise Exception("Missing scan result(0)")
-
-        res = dev[1].request("SCAN_RESULTS")
-        if bssid not in res:
-            raise Exception("Missing scan result(1)")
-        if bssid2 in res:
-            raise Exception("Unexpected scan result(1)")
-
-        res = dev[2].request("SCAN_RESULTS")
-        if bssid2 not in res:
-            raise Exception("Missing scan result(2)")
-        if bssid in res:
-            raise Exception("Unexpected scan result(2)")
-
-        res = wpas.request("SCAN_RESULTS")
-        if bssid not in res or bssid2 not in res:
-            raise Exception("Missing scan result(3)")
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        for d in devs:
-            d.request("SET setband AUTO")
-            d.flush_scan_cache()
-
-@remote_compatible
-def test_scan_hidden_many(dev, apdev):
-    """scan_ssid=1 with large number of profile with hidden SSID"""
-    try:
-        _test_scan_hidden_many(dev, apdev)
-    finally:
-        dev[0].flush_scan_cache(freq=2432)
-        dev[0].flush_scan_cache()
-        dev[0].request("SCAN_INTERVAL 5")
-
-def _test_scan_hidden_many(dev, apdev):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan-ssid",
-                                     "ignore_broadcast_ssid": "1"})
-    bssid = apdev[0]['bssid']
-
-    dev[0].request("SCAN_INTERVAL 1")
-
-    for i in range(5):
-        id = dev[0].add_network()
-        dev[0].set_network_quoted(id, "ssid", "foo")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network(id, "disabled", "0")
-        dev[0].set_network(id, "scan_freq", "2412")
-        dev[0].set_network(id, "scan_ssid", "1")
-
-    dev[0].set_network_quoted(id, "ssid", "test-scan-ssid")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "scan_ssid", "1")
-
-    for i in range(5):
-        id = dev[0].add_network()
-        dev[0].set_network_quoted(id, "ssid", "foo")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network(id, "disabled", "0")
-        dev[0].set_network(id, "scan_freq", "2412")
-        dev[0].set_network(id, "scan_ssid", "1")
-
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected(timeout=30)
-    dev[0].request("REMOVE_NETWORK all")
-    hapd.disable()
-
-def test_scan_random_mac(dev, apdev, params):
-    """Random MAC address in scans"""
-    try:
-        _test_scan_random_mac(dev, apdev, params)
-    finally:
-        dev[0].request("MAC_RAND_SCAN all enable=0")
-
-def _test_scan_random_mac(dev, apdev, params):
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    tests = ["",
-             "addr=foo",
-             "mask=foo",
-             "enable=1",
-             "all enable=1 mask=00:11:22:33:44:55",
-             "all enable=1 addr=00:11:22:33:44:55",
-             "all enable=1 addr=01:11:22:33:44:55 mask=ff:ff:ff:ff:ff:ff",
-             "all enable=1 addr=00:11:22:33:44:55 mask=fe:ff:ff:ff:ff:ff",
-             "enable=2 scan sched pno all",
-             "pno enable=1",
-             "all enable=2",
-             "foo"]
-    for args in tests:
-        if "FAIL" not in dev[0].request("MAC_RAND_SCAN " + args):
-            raise Exception("Invalid MAC_RAND_SCAN accepted: " + args)
-
-    if dev[0].get_driver_status_field('capa.mac_addr_rand_scan_supported') != '1':
-        raise HwsimSkip("Driver does not support random MAC address for scanning")
-
-    tests = ["all enable=1",
-             "all enable=1 addr=f2:11:22:33:44:55 mask=ff:ff:ff:ff:ff:ff",
-             "all enable=1 addr=f2:11:33:00:00:00 mask=ff:ff:ff:00:00:00"]
-    for args in tests:
-        dev[0].request("MAC_RAND_SCAN " + args)
-        dev[0].scan_for_bss(bssid, freq=2412, force_scan=True)
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type_subtype == 4", ["wlan.ta"])
-    if out is not None:
-        addr = out.splitlines()
-        logger.info("Probe Request frames seen from: " + str(addr))
-        if dev[0].own_addr() in addr:
-            raise Exception("Real address used to transmit Probe Request frame")
-        if "f2:11:22:33:44:55" not in addr:
-            raise Exception("Fully configured random address not seen")
-        found = False
-        for a in addr:
-            if a.startswith('f2:11:33'):
-                found = True
-                break
-        if not found:
-            raise Exception("Fixed OUI random address not seen")
-
-def test_scan_random_mac_connected(dev, apdev, params):
-    """Random MAC address in scans while connected"""
-    try:
-        _test_scan_random_mac_connected(dev, apdev, params)
-    finally:
-        dev[0].request("MAC_RAND_SCAN all enable=0")
-
-def _test_scan_random_mac_connected(dev, apdev, params):
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-    if dev[0].get_driver_status_field('capa.mac_addr_rand_scan_supported') != '1':
-        raise HwsimSkip("Driver does not support random MAC address for scanning")
-
-    dev[0].connect("test-scan", key_mgmt="NONE", scan_freq="2412")
-
-    hostapd.add_ap(apdev[1], {"ssid": "test-scan-2", "channel": "11"})
-    bssid1 = apdev[1]['bssid']
-
-    # Verify that scanning can be completed while connected even if that means
-    # disabling use of random MAC address.
-    dev[0].request("MAC_RAND_SCAN all enable=1")
-    dev[0].scan_for_bss(bssid1, freq=2462, force_scan=True)
-
-@remote_compatible
-def test_scan_trigger_failure(dev, apdev):
-    """Scan trigger to the driver failing"""
-    if dev[0].get_status_field('wpa_state') == "SCANNING":
-        raise Exception("wpa_state was already SCANNING")
-
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    if "OK" not in dev[0].request("SET test_failure 1"):
-        raise Exception("Failed to set test_failure")
-
-    if "OK" not in dev[0].request("SCAN"):
-        raise Exception("SCAN command failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=10)
-    if ev is None:
-        raise Exception("Did not receive CTRL-EVENT-SCAN-FAILED event")
-    if "retry=1" in ev:
-        raise Exception("Unexpected scan retry indicated")
-    if dev[0].get_status_field('wpa_state') == "SCANNING":
-        raise Exception("wpa_state SCANNING not cleared")
-
-    id = dev[0].connect("test-scan", key_mgmt="NONE", scan_freq="2412",
-                        only_add_network=True)
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=10)
-    if ev is None:
-        raise Exception("Did not receive CTRL-EVENT-SCAN-FAILED event")
-    if "retry=1" not in ev:
-        raise Exception("No scan retry indicated for connection")
-    if dev[0].get_status_field('wpa_state') == "SCANNING":
-        raise Exception("wpa_state SCANNING not cleared")
-    dev[0].request("SET test_failure 0")
-    dev[0].wait_connected()
-
-    dev[0].request("SET test_failure 1")
-    if "OK" not in dev[0].request("SCAN"):
-        raise Exception("SCAN command failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=10)
-    if ev is None:
-        raise Exception("Did not receive CTRL-EVENT-SCAN-FAILED event")
-    if "retry=1" in ev:
-        raise Exception("Unexpected scan retry indicated")
-    if dev[0].get_status_field('wpa_state') != "COMPLETED":
-        raise Exception("wpa_state COMPLETED not restored")
-    dev[0].request("SET test_failure 0")
-
-@remote_compatible
-def test_scan_specify_ssid(dev, apdev):
-    """Control interface behavior on scan SSID parameter"""
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-hidden",
-                                     "ignore_broadcast_ssid": "1"})
-    bssid = apdev[0]['bssid']
-    check_scan(dev[0], "freq=2412 use_id=1 ssid 414243")
-    bss = dev[0].get_bss(bssid)
-    if bss is not None and bss['ssid'] == 'test-hidden':
-        raise Exception("BSS entry for hidden AP present unexpectedly")
-    # Allow couple more retries to avoid reporting errors during heavy load
-    for i in range(5):
-        check_scan(dev[0], "freq=2412 ssid 414243 ssid 746573742d68696464656e ssid 616263313233 use_id=1")
-        bss = dev[0].get_bss(bssid)
-        if bss and 'test-hidden' in dev[0].request("SCAN_RESULTS"):
-            break
-    if bss is None:
-        raise Exception("BSS entry for hidden AP not found")
-    if 'test-hidden' not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("Expected SSID not included in the scan results")
-
-    hapd.disable()
-    dev[0].flush_scan_cache(freq=2432)
-    dev[0].flush_scan_cache()
-
-    if "FAIL" not in dev[0].request("SCAN ssid foo"):
-        raise Exception("Invalid SCAN command accepted")
-
-@remote_compatible
-def test_scan_ap_scan_2_ap_mode(dev, apdev):
-    """AP_SCAN 2 AP mode and scan()"""
-    try:
-        _test_scan_ap_scan_2_ap_mode(dev, apdev)
-    finally:
-        dev[0].request("AP_SCAN 1")
-
-def _test_scan_ap_scan_2_ap_mode(dev, apdev):
-    if "OK" not in dev[0].request("AP_SCAN 2"):
-        raise Exception("Failed to set AP_SCAN 2")
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "disabled", "0")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("AP failed to start")
-
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
-        if "OK" not in dev[0].request("SCAN freq=2412"):
-            raise Exception("SCAN command failed unexpectedly")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED",
-                                "AP-DISABLED"], timeout=5)
-        if ev is None:
-            raise Exception("CTRL-EVENT-SCAN-FAILED not seen")
-        if "AP-DISABLED" in ev:
-            raise Exception("Unexpected AP-DISABLED event")
-        if "retry=1" in ev:
-            # Wait for the retry to scan happen
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED",
-                                    "AP-DISABLED"], timeout=5)
-            if ev is None:
-                raise Exception("CTRL-EVENT-SCAN-FAILED not seen - retry")
-            if "AP-DISABLED" in ev:
-                raise Exception("Unexpected AP-DISABLED event - retry")
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_scan_bss_expiration_on_ssid_change(dev, apdev):
-    """BSS entry expiration when AP changes SSID"""
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-
-    hapd.request("DISABLE")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    if "OK" not in dev[0].request("BSS_EXPIRE_COUNT 3"):
-        raise Exception("BSS_EXPIRE_COUNT failed")
-    dev[0].scan(freq="2412")
-    dev[0].scan(freq="2412")
-    if "OK" not in dev[0].request("BSS_EXPIRE_COUNT 2"):
-        raise Exception("BSS_EXPIRE_COUNT failed")
-    res = dev[0].request("SCAN_RESULTS")
-    if "test-scan" not in res:
-        raise Exception("The first SSID not in scan results")
-    if "open" not in res:
-        raise Exception("The second SSID not in scan results")
-    dev[0].connect("open", key_mgmt="NONE")
-
-    dev[0].request("BSS_FLUSH 0")
-    res = dev[0].request("SCAN_RESULTS")
-    if "test-scan" in res:
-        raise Exception("The BSS entry with the old SSID was not removed")
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_scan_dfs(dev, apdev, params):
-    """Scan on DFS channels"""
-    try:
-        _test_scan_dfs(dev, apdev, params)
-    finally:
-        clear_regdom_dev(dev)
-
-def _test_scan_dfs(dev, apdev, params):
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        dev[i].dump_monitor()
-
-    if "OK" not in dev[0].request("SCAN"):
-        raise Exception("SCAN command failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-
-    if "OK" not in dev[0].request("SCAN freq=2412,5180,5260,5500,5600,5745"):
-        raise Exception("SCAN command failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-
-    out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
-                     "wlan.fc.type_subtype == 4", ["radiotap.channel.freq"])
-    if out is not None:
-        freq = out.splitlines()
-        freq = [int(f) for f in freq]
-        freq = list(set(freq))
-        freq.sort()
-        logger.info("Active scan seen on channels: " + str(freq))
-        for f in freq:
-            if (f >= 5260 and f <= 5320) or (f >= 5500 and f <= 5700):
-                raise Exception("Active scan on DFS channel: %d" % f)
-            if f in [2467, 2472]:
-                raise Exception("Active scan on US-disallowed channel: %d" % f)
-
-@remote_compatible
-def test_scan_abort(dev, apdev):
-    """Aborting a full scan"""
-    dev[0].request("SCAN")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    if ev is None:
-        raise Exception("Scan did not start")
-    if "OK" not in dev[0].request("ABORT_SCAN"):
-        raise Exception("ABORT_SCAN command failed")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=2)
-    if ev is None:
-        raise Exception("Scan did not terminate")
-
-@remote_compatible
-def test_scan_abort_on_connect(dev, apdev):
-    """Aborting a full scan on connection request"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    dev[0].request("SCAN")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    if ev is None:
-        raise Exception("Scan did not start")
-    dev[0].connect("test-scan", key_mgmt="NONE")
-
-@remote_compatible
-def test_scan_ext(dev, apdev):
-    """Custom IE in Probe Request frame"""
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    try:
-        if "OK" not in dev[0].request("VENDOR_ELEM_ADD 14 dd050011223300"):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        check_scan(dev[0], "freq=2412 use_id=1")
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 14 *")
-
-def test_scan_fail(dev, apdev):
-    """Scan failures"""
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
-        dev[0].request("DISCONNECT")
-        if "OK" not in dev[0].request("SCAN freq=2412"):
-            raise Exception("SCAN failed")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("Did not see scan failure event")
-    dev[0].dump_monitor()
-
-    for i in range(1, 5):
-        with alloc_fail(dev[0], i,
-                        "wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
-            if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
-                raise Exception("SCAN failed")
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
-            if ev is None:
-                raise Exception("Did not see scan failure event")
-        dev[0].dump_monitor()
-
-    with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
-        if "OK" not in dev[0].request("SCAN freq=2412"):
-            raise Exception("SCAN failed")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("Did not see scan failure event")
-    dev[0].dump_monitor()
-
-    try:
-        if "OK" not in dev[0].request("SET filter_ssids 1"):
-            raise Exception("SET failed")
-        id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True)
-        with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
-            # While the filter list cannot be created due to memory allocation
-            # failure, this scan is expected to be completed without SSID
-            # filtering.
-            if "OK" not in dev[0].request("SCAN freq=2412"):
-                raise Exception("SCAN failed")
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-            if ev is None:
-                raise Exception("Scan did not complete")
-        dev[0].remove_network(id)
-    finally:
-        dev[0].request("SET filter_ssids 0")
-    dev[0].dump_monitor()
-
-    with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
-        if "OK" not in dev[0].request("SCAN freq=2412"):
-            raise Exception("SCAN failed")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("Did not see scan started event")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-    dev[0].dump_monitor()
-
-    try:
-        if "OK" not in dev[0].request("SET setband 2G"):
-            raise Exception("SET setband failed")
-        with alloc_fail(dev[0], 1, "=wpa_add_scan_freqs_list"):
-            # While the frequency list cannot be created due to memory
-            # allocation failure, this scan is expected to be completed without
-            # frequency filtering.
-            if "OK" not in dev[0].request("SCAN"):
-                raise Exception("SCAN failed")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("ABORT_SCAN")
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-            if ev is None:
-                raise Exception("Scan did not complete")
-    finally:
-        dev[0].request("SET setband AUTO")
-    dev[0].dump_monitor()
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("SET preassoc_mac_addr 1")
-    with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
-        if "OK" not in wpas.request("SCAN freq=2412"):
-            raise Exception("SCAN failed")
-        ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("Did not see scan failure event")
-    wpas.request("SET preassoc_mac_addr 0")
-    wpas.dump_monitor()
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    with alloc_fail(dev[0], 1, "wpa_bss_add"):
-        dev[0].flush_scan_cache()
-        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
-
-def test_scan_fail_type_only(dev, apdev):
-    """Scan failures for TYPE=ONLY"""
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
-        dev[0].request("SCAN TYPE=ONLY freq=2417")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
-        if ev is None:
-            raise Exception("Scan trigger failure not reported")
-    # Verify that scan_only_handler() does not get left set as the
-    # wpa_s->scan_res_handler in failure case.
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_scan_freq_list(dev, apdev):
-    """Scan with SET freq_list and scan_cur_freq"""
-    try:
-        if "OK" not in dev[0].request("SET freq_list 2412 2417"):
-            raise Exception("SET freq_list failed")
-        check_scan(dev[0], "use_id=1")
-    finally:
-        dev[0].request("SET freq_list ")
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    dev[0].connect("test-scan", key_mgmt="NONE", scan_freq="2412")
-    try:
-        if "OK" not in dev[0].request("SET scan_cur_freq 1"):
-            raise Exception("SET scan_cur_freq failed")
-        check_scan(dev[0], "use_id=1")
-    finally:
-        dev[0].request("SET scan_cur_freq 0")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_scan_bss_limit(dev, apdev):
-    """Scan and wpa_supplicant BSS entry limit"""
-    try:
-        _test_scan_bss_limit(dev, apdev)
-    finally:
-        dev[0].request("SET bss_max_count 200")
-        pass
-
-def _test_scan_bss_limit(dev, apdev):
-    dev[0].flush_scan_cache()
-    # Trigger 'Increasing the MAX BSS count to 2 because all BSSes are in use.
-    # We should normally not get here!' message by limiting the maximum BSS
-    # count to one so that the second AP would not fit in the BSS list and the
-    # first AP cannot be removed from the list since it is still in use.
-    dev[0].request("SET bss_max_count 1")
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    dev[0].connect("test-scan", key_mgmt="NONE", scan_freq="2412")
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "test-scan-2",
-                                      "channel": "6"})
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq=2437, force_scan=True)
-
-def run_scan(dev, bssid, exp_freq):
-    for i in range(5):
-        dev.request("SCAN freq=2412,2437,2462")
-        ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-        if ev is None:
-            raise Exception("Scan did not complete")
-        bss = dev.get_bss(bssid)
-        freq = int(bss['freq']) if bss else 0
-        if freq == exp_freq:
-            break
-    if freq != exp_freq:
-        raise Exception("BSS entry shows incorrect frequency: %d != %d" % (freq, exp_freq))
-
-def test_scan_chan_switch(dev, apdev):
-    """Scanning and AP changing channels"""
-
-    # This test verifies that wpa_supplicant updates its local BSS table based
-    # on the correct cfg80211 scan entry in cases where the cfg80211 BSS table
-    # has multiple (one for each frequency) BSS entries for the same BSS.
-
-    csa_supported(dev[0])
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan", "channel": "1"})
-    csa_supported(hapd)
-    bssid = hapd.own_addr()
-
-    logger.info("AP channel switch while not connected")
-    run_scan(dev[0], bssid, 2412)
-    dev[0].dump_monitor()
-    switch_channel(hapd, 1, 2437)
-    run_scan(dev[0], bssid, 2437)
-    dev[0].dump_monitor()
-    switch_channel(hapd, 1, 2462)
-    run_scan(dev[0], bssid, 2462)
-    dev[0].dump_monitor()
-
-    logger.info("AP channel switch while connected")
-    dev[0].connect("test-scan", key_mgmt="NONE", scan_freq="2412 2437 2462")
-    run_scan(dev[0], bssid, 2462)
-    dev[0].dump_monitor()
-    switch_channel(hapd, 2, 2437)
-    wait_channel_switch(dev[0], 2437)
-    dev[0].dump_monitor()
-    run_scan(dev[0], bssid, 2437)
-    dev[0].dump_monitor()
-    switch_channel(hapd, 2, 2412)
-    wait_channel_switch(dev[0], 2412)
-    dev[0].dump_monitor()
-    run_scan(dev[0], bssid, 2412)
-    dev[0].dump_monitor()
-
-@reset_ignore_old_scan_res
-def test_scan_new_only(dev, apdev):
-    """Scan and only_new=1 multiple times"""
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    dev[0].set("ignore_old_scan_res", "1")
-    # Get the BSS added to cfg80211 BSS list
-    bssid = hapd.own_addr()
-    dev[0].scan_for_bss(bssid, freq=2412)
-    bss = dev[0].get_bss(bssid)
-    idx1 = bss['update_idx']
-    dev[0].scan_for_bss(bssid, freq=2412, force_scan=True)
-    dev[0].scan_for_bss(bssid, freq=2412, force_scan=True)
-    bss = dev[0].get_bss(bssid)
-    idx2 = bss['update_idx']
-    if int(idx2) <= int(idx1):
-        raise Exception("Scan result update_idx did not increase")
-    # Disable AP to ensure there are no new scan results after this.
-    hapd.disable()
-
-    # Try to scan multiple times to verify that old scan results do not get
-    # accepted as new.
-    for i in range(10):
-        dev[0].scan(freq=2412)
-        bss = dev[0].get_bss(bssid)
-        if bss:
-            idx = bss['update_idx']
-            if int(idx) > int(idx2):
-                raise Exception("Unexpected update_idx increase")
-
-def test_scan_flush(dev, apdev):
-    """Ongoing scan and FLUSH"""
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    dev[0].dump_monitor()
-    dev[0].request("SCAN TYPE=ONLY freq=2412-2472 passive=1")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not start")
-    time.sleep(0.1)
-    dev[0].request("FLUSH")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS",
-                            "CTRL-EVENT-SCAN-FAILED",
-                            "CTRL-EVENT-BSS-ADDED"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-    if "CTRL-EVENT-BSS-ADDED" in ev:
-        raise Exception("Unexpected BSS entry addition after FLUSH")
-
-def test_scan_ies(dev, apdev):
-    """Scan and both Beacon and Probe Response frame IEs"""
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan",
-                                     "beacon_int": "20"})
-    bssid = hapd.own_addr()
-    dev[0].dump_monitor()
-
-    for i in range(10):
-        dev[0].request("SCAN TYPE=ONLY freq=2412 passive=1")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=15)
-        if ev is None:
-            raise Exception("Scan did not complete")
-        if dev[0].get_bss(bssid):
-            break
-
-    for i in range(10):
-        dev[0].scan_for_bss(bssid, freq=2412, force_scan=True)
-        bss = dev[0].get_bss(bssid)
-        if 'beacon_ie' in bss:
-            if bss['ie'] != bss['beacon_ie']:
-                break
-
-    if not bss or 'beacon_ie' not in bss:
-        raise Exception("beacon_ie not present")
-    ie = parse_ie(bss['ie'])
-    logger.info("ie: " + str(list(ie.keys())))
-    beacon_ie = parse_ie(bss['beacon_ie'])
-    logger.info("beacon_ie: " + str(list(ie.keys())))
-    if bss['ie'] == bss['beacon_ie']:
-        raise Exception("Both ie and beacon_ie show same data")
-
-def test_scan_parsing(dev, apdev):
-    """Scan result parsing"""
-    if "OK" not in dev[0].request("DRIVER_EVENT SCAN_RES START"):
-        raise Exception("DRIVER_EVENT SCAN_RES START failed")
-
-    if "FAIL" not in dev[0].request("DRIVER_EVENT SCAN_RES foo "):
-        raise Exception("Invalid DRIVER_EVENT SCAN_RES accepted")
-
-    tests = ["",
-             "flags=ffffffff",
-             "bssid=02:03:04:05:06:07",
-             "freq=1234",
-             "beacon_int=102",
-             "caps=1234",
-             "qual=10",
-             "noise=10",
-             "level=10",
-             "tsf=1122334455667788",
-             "age=123",
-             "est_throughput=100",
-             "snr=10",
-             "parent_tsf=1122334455667788",
-             "tsf_bssid=02:03:04:05:06:07",
-             "ie=00",
-             "beacon_ie=00",
-             # Too long SSID
-             "bssid=02:ff:00:00:00:01 ie=0033" + 33*'FF',
-             # All parameters
-             "flags=ffffffff bssid=02:ff:00:00:00:02 freq=1234 beacon_int=102 caps=1234 qual=10 noise=10 level=10 tsf=1122334455667788 age=123456 est_throughput=100 snr=10 parent_tsf=1122334455667788 tsf_bssid=02:03:04:05:06:07 ie=000474657374 beacon_ie=000474657374",
-             # Beacon IEs truncated
-             "bssid=02:ff:00:00:00:03 ie=0000 beacon_ie=0003ffff",
-             # Probe Response IEs truncated
-             "bssid=02:ff:00:00:00:04 ie=00000101 beacon_ie=0000",
-             # DMG (invalid caps)
-             "bssid=02:ff:00:00:00:05 freq=58320 ie=0003646d67",
-             # DMG (IBSS)
-             "bssid=02:ff:00:00:00:06 freq=60480 caps=0001 ie=0003646d67",
-             # DMG (PBSS)
-             "bssid=02:ff:00:00:00:07 freq=62640 caps=0002 ie=0003646d67",
-             # DMG (AP)
-             "bssid=02:ff:00:00:00:08 freq=64800 caps=0003 ie=0003646d67",
-             # Test BSS for updates
-             "bssid=02:ff:00:00:00:09 freq=2412 caps=0011 level=1 ie=0003757064010182",
-             # Minimal BSS data
-             "bssid=02:ff:00:00:00:00 ie=0000"]
-    for t in tests:
-        if "OK" not in dev[0].request("DRIVER_EVENT SCAN_RES BSS " + t):
-            raise Exception("DRIVER_EVENT SCAN_RES BSS failed")
-
-    if "OK" not in dev[0].request("DRIVER_EVENT SCAN_RES END"):
-        raise Exception("DRIVER_EVENT SCAN_RES END failed")
-
-    res = dev[0].request("SCAN_RESULTS")
-    logger.info("SCAN_RESULTS:\n" + res)
-
-    bss = []
-    res = dev[0].request("BSS FIRST")
-    if "FAIL" in res:
-        raise Exception("BSS FIRST failed")
-    while "\nbssid=" in res:
-        logger.info("BSS output:\n" + res)
-        bssid = None
-        id = None
-        for val in res.splitlines():
-            if val.startswith("id="):
-                id = val.split('=')[1]
-            if val.startswith("bssid="):
-                bssid = val.split('=')[1]
-        if bssid is None or id is None:
-            raise Exception("Missing id or bssid line")
-        bss.append(bssid)
-        res = dev[0].request("BSS NEXT-" + id)
-
-    logger.info("Discovered BSSs: " + str(bss))
-    invalid_bss = ["02:03:04:05:06:07", "02:ff:00:00:00:01"]
-    valid_bss = ["02:ff:00:00:00:00", "02:ff:00:00:00:02",
-                 "02:ff:00:00:00:03", "02:ff:00:00:00:04",
-                 "02:ff:00:00:00:05", "02:ff:00:00:00:06",
-                 "02:ff:00:00:00:07", "02:ff:00:00:00:08",
-                 "02:ff:00:00:00:09"]
-    for bssid in invalid_bss:
-        if bssid in bss:
-            raise Exception("Invalid BSS included: " + bssid)
-    for bssid in valid_bss:
-        if bssid not in bss:
-            raise Exception("Valid BSS missing: " + bssid)
-
-    logger.info("Update BSS parameters")
-    if "OK" not in dev[0].request("DRIVER_EVENT SCAN_RES START"):
-        raise Exception("DRIVER_EVENT SCAN_RES START failed")
-    if "OK" not in dev[0].request("DRIVER_EVENT SCAN_RES BSS bssid=02:ff:00:00:00:09 freq=2412 caps=0002 level=2 ie=000375706401028204"):
-        raise Exception("DRIVER_EVENT SCAN_RES BSS failed")
-    if "OK" not in dev[0].request("DRIVER_EVENT SCAN_RES END"):
-        raise Exception("DRIVER_EVENT SCAN_RES END failed")
-    res = dev[0].request("BSS 02:ff:00:00:00:09")
-    logger.info("Updated BSS:\n" + res)
-
-def get_probe_req_ies(hapd):
-    for i in range(10):
-        msg = hapd.mgmt_rx()
-        if msg is None:
-            break
-        if msg['subtype'] != 4:
-            continue
-        return parse_ie(binascii.hexlify(msg['payload']).decode())
-
-    raise Exception("Probe Request not seen")
-
-def test_scan_specific_bssid(dev, apdev):
-    """Scan for a specific BSSID"""
-    dev[0].flush_scan_cache()
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan",
-                                     "beacon_int": "1000"})
-    bssid = hapd.own_addr()
-
-    time.sleep(0.1)
-    dev[0].request("SCAN TYPE=ONLY freq=2412 bssid=02:ff:ff:ff:ff:ff")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-    bss1 = dev[0].get_bss(bssid)
-
-    for i in range(10):
-        dev[0].request("SCAN TYPE=ONLY freq=2412 bssid=" + bssid)
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-        if ev is None:
-            raise Exception("Scan did not complete")
-        bss2 = dev[0].get_bss(bssid)
-        if bss2:
-            break
-
-    if not bss2:
-        raise Exception("Did not find BSS")
-    if bss1 and 'beacon_ie' in bss1 and 'ie' in bss1 and bss1['beacon_ie'] != bss1['ie']:
-        raise Exception("First scan for unknown BSSID returned unexpected response")
-    if bss2 and 'beacon_ie' in bss2 and 'ie' in bss2 and bss2['beacon_ie'] == bss2['ie']:
-        raise Exception("Second scan did find Probe Response frame")
-
-    hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    # With specific SSID in the Probe Request frame
-    dev[0].request("SCAN TYPE=ONLY freq=2412 bssid=" + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-    ie = get_probe_req_ies(hapd)
-    if ie[0] != b"test-scan":
-        raise Exception("Specific SSID not seen in Probe Request frame")
-
-    hapd.dump_monitor()
-
-    # Without specific SSID in the Probe Request frame
-    dev[0].request("SCAN TYPE=ONLY freq=2412 wildcard_ssid=1 bssid=" + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan did not complete")
-    ie = get_probe_req_ies(hapd)
-    if len(ie[0]) != 0:
-        raise Exception("Wildcard SSID not seen in Probe Request frame")
-
-def test_scan_probe_req_events(dev, apdev):
-    """Probe Request frame RX events from hostapd"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    hapd2 = hostapd.Hostapd(apdev[0]['ifname'])
-    if "OK" not in hapd2.mon.request("ATTACH probe_rx_events=1"):
-        raise Exception("Failed to register for events")
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-
-    ev = hapd2.wait_event(["RX-PROBE-REQUEST"], timeout=5)
-    if ev is None:
-        raise Exception("RX-PROBE-REQUEST not reported")
-    if "sa=" + dev[0].own_addr() not in ev:
-        raise Exception("Unexpected event parameters: " + ev)
-
-    ev = hapd.wait_event(["RX-PROBE-REQUEST"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected RX-PROBE-REQUEST")
-
-    if "OK" not in hapd2.mon.request("ATTACH probe_rx_events=0"):
-        raise Exception("Failed to update event registration")
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
-    ev = hapd2.wait_event(["RX-PROBE-REQUEST"], timeout=0.5)
-    if ev is not None:
-        raise Exception("Unexpected RX-PROBE-REQUEST")
-
-    tests = ["probe_rx_events", "probe_rx_events=-1", "probe_rx_events=2"]
-    for val in tests:
-        if "FAIL" not in hapd2.mon.request("ATTACH " + val):
-            raise Exception("Invalid ATTACH command accepted")
-
-def elem_capab(capab):
-    # Nontransmitted BSSID Capability element (83 = 0x53)
-    return struct.pack('<BBH', 83, 2, capab)
-
-def elem_ssid(ssid):
-    # SSID element
-    return struct.pack('BB', 0, len(ssid)) + ssid.encode()
-
-def elem_bssid_index(index):
-    # Multiple BSSID-index element (85 = 0x55)
-    return struct.pack('BBB', 85, 1, index)
-
-def elem_multibssid(profiles, max_bssid_indic):
-    # TODO: add support for fragmenting over multiple Multiple BSSID elements
-    if 1 + len(profiles) > 255:
-        raise Exception("Too long Multiple BSSID element")
-    elem = struct.pack('BBB', 71, 1 + len(profiles), max_bssid_indic) + profiles
-    return binascii.hexlify(elem).decode()
-
-def run_scans(dev, check):
-    for i in range(2):
-        dev.request("SCAN TYPE=ONLY freq=2412")
-        ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-        if ev is None:
-            raise Exception("Scan did not complete")
-
-    # TODO: Check IEs
-    for (bssid, ssid, capab) in check:
-        bss = dev.get_bss(bssid)
-        if bss is None:
-            raise Exception("AP " + bssid + " missing from scan results")
-        logger.info("AP " + bssid + ": " + str(bss))
-        if bss['ssid'] != ssid:
-            raise Exception("Unexpected AP " + bssid + " SSID")
-        if int(bss['capabilities'], 16) != capab:
-            raise Exception("Unexpected AP " + bssid + " capabilities")
-
-def check_multibss_sta_capa(dev):
-    res = dev.get_capability("multibss")
-    if res is None or 'MULTIBSS-STA' not in res:
-        raise HwsimSkip("Multi-BSS STA functionality not supported")
-
-def test_scan_multi_bssid(dev, apdev):
-    """Scan and Multiple BSSID element"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = {"ssid": "test-scan"}
-    # Max BSSID Indicator 0 (max 1 BSSID) and no subelements
-    params['vendor_elements'] = elem_multibssid(b'', 0)
-    hostapd.add_ap(apdev[0], params)
-
-    params = {"ssid": "test-scan"}
-    elems = elem_capab(0x0401) + elem_ssid("1") + elem_bssid_index(1)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-    params['vendor_elements'] = elem_multibssid(profile1, 1)
-    hostapd.add_ap(apdev[1], params)
-
-    bssid0 = apdev[0]['bssid']
-    bssid1 = apdev[1]['bssid']
-    check = [(bssid0, 'test-scan', 0x401),
-             (bssid1, 'test-scan', 0x401),
-             (bssid1[0:16] + '1', '1', 0x401)]
-    run_scans(dev[0], check)
-
-def test_scan_multi_bssid_2(dev, apdev):
-    """Scan and Multiple BSSID element (2)"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = {"ssid": "transmitted"}
-
-    # Duplicated entry for the transmitted BSS (not a normal use case)
-    elems = elem_capab(1) + elem_ssid("transmitted") + elem_bssid_index(0)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted") + elem_bssid_index(1)
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted_2") + elem_bssid_index(2)
-    profile3 = struct.pack('BB', 0, len(elems)) + elems
-
-    profiles = profile1 + profile2 + profile3
-    params['vendor_elements'] = elem_multibssid(profiles, 4)
-    hostapd.add_ap(apdev[0], params)
-
-    bssid = apdev[0]['bssid']
-    check = [(bssid, 'transmitted', 0x401),
-             (bssid[0:16] + '1', 'nontransmitted', 0x1),
-             (bssid[0:16] + '2', 'nontransmitted_2', 0x1)]
-    run_scans(dev[0], check)
-
-def test_scan_multi_bssid_3(dev, apdev):
-    """Scan and Multiple BSSID element (3)"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = {"ssid": "transmitted"}
-
-    # Duplicated nontransmitted BSS (not a normal use case)
-    elems = elem_capab(1) + elem_ssid("nontransmitted") + elem_bssid_index(1)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted") + elem_bssid_index(1)
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    profiles = profile1 + profile2
-    params['vendor_elements'] = elem_multibssid(profiles, 2)
-    hostapd.add_ap(apdev[0], params)
-
-    bssid = apdev[0]['bssid']
-    check = [(bssid, 'transmitted', 0x401),
-             (bssid[0:16] + '1', 'nontransmitted', 0x1)]
-    run_scans(dev[0], check)
-
-def test_scan_multi_bssid_4(dev, apdev):
-    """Scan and Multiple BSSID element (3)"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    # Transmitted BSSID is not the first one in the block
-    bssid = apdev[0]['bssid']
-    hapd = None
-    try:
-        params = {"ssid": "transmitted",
-                  "bssid": bssid[0:16] + '1'}
-
-        elems = elem_capab(1) + elem_ssid("1") + elem_bssid_index(1)
-        profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-        elems = elem_capab(1) + elem_ssid("2") + elem_bssid_index(2)
-        profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-        elems = elem_capab(1) + elem_ssid("3") + elem_bssid_index(3)
-        profile3 = struct.pack('BB', 0, len(elems)) + elems
-
-        profiles = profile1 + profile2 + profile3
-        params['vendor_elements'] = elem_multibssid(profiles, 2)
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        check = [(bssid[0:16] + '1', 'transmitted', 0x401),
-                 (bssid[0:16] + '2', '1', 0x1),
-                 (bssid[0:16] + '3', '2', 0x1),
-                 (bssid[0:16] + '0', '3', 0x1)]
-        run_scans(dev[0], check)
-    finally:
-        if hapd:
-            hapd.disable()
-            hapd.set('bssid', bssid)
-            hapd.enable()
-
-def test_scan_multi_bssid_check_ie(dev, apdev):
-    """Scan and check if nontransmitting BSS inherits IE from transmitting BSS"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = {"ssid": "transmitted"}
-
-    # Duplicated entry for the transmitted BSS (not a normal use case)
-    elems = elem_capab(1) + elem_ssid("transmitted") + elem_bssid_index(0)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted") + elem_bssid_index(1)
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    profiles = profile1 + profile2
-    params['vendor_elements'] = elem_multibssid(profiles, 2)
-    hostapd.add_ap(apdev[0], params)
-
-    bssid = apdev[0]['bssid']
-
-    for i in range(10):
-        dev[0].request("SCAN TYPE=ONLY freq=2412 passive=1")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=15)
-        if ev is None:
-            raise Exception("Scan did not complete")
-        if dev[0].get_bss(bssid):
-            break
-
-    for i in range(10):
-        dev[0].scan_for_bss(bssid, freq=2412, force_scan=True)
-        bss = dev[0].get_bss(bssid)
-        if 'beacon_ie' in bss:
-            break
-
-    trans_bss = dev[0].get_bss(bssid)
-    if trans_bss is None:
-        raise Exception("AP " + bssid + " missing from scan results")
-
-    if not trans_bss or 'beacon_ie' not in trans_bss:
-        raise Exception("beacon_ie not present in trans_bss")
-
-    beacon_ie = parse_ie(trans_bss['beacon_ie'])
-    logger.info("trans_bss beacon_ie: " + str(list(beacon_ie.keys())))
-
-    bssid = bssid[0:16] + '1'
-    nontrans_bss1 = dev[0].get_bss(bssid)
-    if nontrans_bss1 is None:
-        raise Exception("AP " + bssid + " missing from scan results")
-
-    if not trans_bss or 'beacon_ie' not in nontrans_bss1:
-        raise Exception("beacon_ie not present in nontrans_bss1")
-
-    nontx_beacon_ie = parse_ie(nontrans_bss1['beacon_ie'])
-    logger.info("nontrans_bss1 beacon_ie: " + str(list(nontx_beacon_ie.keys())))
-
-    if 71 in list(beacon_ie.keys()):
-        ie_list = list(beacon_ie.keys())
-        ie_list.remove(71)
-        nontx_ie_list = list(nontx_beacon_ie.keys())
-        try:
-            nontx_ie_list.remove(85)
-        except ValueError:
-            pass
-        if sorted(ie_list) != sorted(nontx_ie_list):
-            raise Exception("check IE failed")
-
-def elem_fms1():
-    # this FMS IE has 1 FMS counter
-    fms_counters = struct.pack('B', 0x39)
-    fms_ids = struct.pack('B', 0x01)
-    return struct.pack('BBB', 86, 3, 1) + fms_counters + fms_ids
-
-def elem_fms2():
-    # this FMS IE has 2 FMS counters
-    fms_counters = struct.pack('BB', 0x29, 0x32)
-    fms_ids = struct.pack('BB', 0x01, 0x02)
-    return struct.pack('BBB', 86, 5, 2) + fms_counters + fms_ids
-
-def test_scan_multi_bssid_fms(dev, apdev):
-    """Non-transmitting BSS has different FMS IE from transmitting BSS"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    params = {"ssid": "transmitted"}
-
-    # construct transmitting BSS Beacon with FMS IE
-    elems = elem_capab(1) + elem_ssid("transmitted") + elem_bssid_index(0) + elem_fms1()
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted") + elem_bssid_index(1) + elem_fms2()
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    profiles = profile1 + profile2
-    params['vendor_elements'] = elem_multibssid(profiles, 2) + binascii.hexlify(elem_fms1()).decode()
-    hostapd.add_ap(apdev[0], params)
-
-    bssid = apdev[0]['bssid']
-
-    for i in range(10):
-        dev[0].request("SCAN TYPE=ONLY freq=2412 passive=1")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=15)
-        if ev is None:
-            raise Exception("Scan did not complete")
-        if dev[0].get_bss(bssid):
-            break
-
-    for i in range(10):
-        dev[0].scan_for_bss(bssid, freq=2412, force_scan=True)
-        bss = dev[0].get_bss(bssid)
-        if 'beacon_ie' in bss:
-            break
-
-    trans_bss = dev[0].get_bss(bssid)
-    if trans_bss is None:
-        raise Exception("AP " + bssid + " missing from scan results")
-
-    if not trans_bss or 'beacon_ie' not in trans_bss:
-        raise Exception("beacon_ie not present in trans_bss")
-
-    beacon_ie = parse_ie(trans_bss['beacon_ie'])
-    trans_bss_fms = beacon_ie[86]
-    logger.info("trans_bss fms ie: " + binascii.hexlify(trans_bss_fms).decode())
-
-    bssid = bssid[0:16] + '1'
-    nontrans_bss1 = dev[0].get_bss(bssid)
-    if nontrans_bss1 is None:
-        raise Exception("AP " + bssid + " missing from scan results")
-
-    if not nontrans_bss1 or 'beacon_ie' not in nontrans_bss1:
-        raise Exception("beacon_ie not present in nontrans_bss1")
-
-    nontrans_beacon_ie = parse_ie(nontrans_bss1['beacon_ie'])
-    nontrans_bss_fms = nontrans_beacon_ie[86]
-    logger.info("nontrans_bss fms ie: " + binascii.hexlify(nontrans_bss_fms).decode())
-
-    if binascii.hexlify(trans_bss_fms) == binascii.hexlify(nontrans_bss_fms):
-        raise Exception("Nontrans BSS has the same FMS IE as trans BSS")
-
-def test_scan_multiple_mbssid_ie(dev, apdev):
-    """Transmitting BSS has 2 MBSSID IE"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    logger.info("bssid: " + bssid)
-    hapd = None
-
-    # construct 2 MBSSID IEs, each MBSSID IE contains 1 profile
-    params = {"ssid": "transmitted",
-              "bssid": bssid}
-
-    elems = elem_capab(1) + elem_ssid("1") + elem_bssid_index(1)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(2) + elem_ssid("2") + elem_bssid_index(2)
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    params['vendor_elements'] = elem_multibssid(profile1, 2) + elem_multibssid(profile2, 2)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    check = [(bssid, 'transmitted', 0x401),
-             (bssid[0:16] + '1', '1', 0x1),
-             (bssid[0:16] + '2', '2', 0x2)]
-    run_scans(dev[0], check)
-
-def test_scan_mbssid_hidden_ssid(dev, apdev):
-    """Non-transmitting BSS has hidden SSID"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    logger.info("bssid: " + bssid)
-    hapd = None
-
-    # construct 2 MBSSID IEs, each MBSSID IE contains 1 profile
-    params = {"ssid": "transmitted",
-              "bssid": bssid}
-
-    elems = elem_capab(1) + elem_ssid("") + elem_bssid_index(1)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(2) + elem_ssid("2") + elem_bssid_index(2)
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    profiles = profile1 + profile2
-    params['vendor_elements'] = elem_multibssid(profiles, 2)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    check = [(bssid, 'transmitted', 0x401),
-             (bssid[0:16] + '1', '', 0x1),
-             (bssid[0:16] + '2', '2', 0x2)]
-    run_scans(dev[0], check)
-
-def test_connect_mbssid_open_1(dev, apdev):
-    """Connect to transmitting and nontransmitting BSS in open mode"""
-    check_multibss_sta_capa(dev[0])
-    dev[0].flush_scan_cache()
-
-    bssid = apdev[0]['bssid']
-    params = {"ssid": "transmitted"}
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted") + elem_bssid_index(1)
-    profile1 = struct.pack('BB', 0, len(elems)) + elems
-
-    elems = elem_capab(1) + elem_ssid("nontransmitted_2") + elem_bssid_index(2)
-    profile2 = struct.pack('BB', 0, len(elems)) + elems
-
-    profiles = profile1 + profile2
-    params['vendor_elements'] = elem_multibssid(profiles, 4)
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("transmitted", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    dev[0].dump_monitor()
-
-    dev[0].connect("nontransmitted", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=10)
-    if ev is None:
-        raise Exception("Connection attempt to nontransmitted BSS not started")
-    if "02:00:00:00:03:01 (SSID='nontransmitted'" not in ev:
-        raise Exception("Unexpected authentication target")
-    # hostapd does not yet support Multiple-BSSID, so only verify that STA is
-    # able to start connection attempt.
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-    dev[0].connect("nontransmitted_2", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=10)
-    if ev is None:
-        raise Exception("Connection attempt to nontransmitted BSS not started")
-    if "02:00:00:00:03:02 (SSID='nontransmitted_2'" not in ev:
-        raise Exception("Unexpected authentication target")
-    # hostapd does not yet support Multiple-BSSID, so only verify that STA is
-    # able to start connection attempt.
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].dump_monitor()
-
-def test_scan_only_one(dev, apdev):
-    """Test that scanning with a single active AP only returns that one"""
-    dev[0].flush_scan_cache()
-    hostapd.add_ap(apdev[0], {"ssid": "test-scan"})
-    bssid = apdev[0]['bssid']
-
-    check_scan(dev[0], "use_id=1", test_busy=True)
-    dev[0].scan_for_bss(bssid, freq="2412")
-
-    status, stdout = hostapd.cmd_execute(dev[0], ['iw', dev[0].ifname, 'scan', 'dump'])
-    if status != 0:
-        raise Exception("iw scan dump failed with code %d" % status)
-    lines = stdout.split('\n')
-    entries = len(list(filter(lambda x: x.startswith('BSS '), lines)))
-    if entries != 1:
-        raise Exception("expected to find 1 BSS entry, got %d" % entries)
-
-def test_scan_ssid_list(dev, apdev):
-    """Scan using SSID List element"""
-    dev[0].flush_scan_cache()
-    ssid = "test-ssid-list"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid,
-                                     "ignore_broadcast_ssid": "1"})
-    bssid = apdev[0]['bssid']
-    found = False
-    try:
-        payload = struct.pack('BB', 0, len(ssid)) + ssid.encode()
-        ssid_list = struct.pack('BB', 84, len(payload)) + payload
-        cmd = "VENDOR_ELEM_ADD 14 " + binascii.hexlify(ssid_list).decode()
-        if "OK" not in dev[0].request(cmd):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        for i in range(10):
-            check_scan(dev[0], "freq=2412 use_id=1")
-            if ssid in dev[0].request("SCAN_RESULTS"):
-                found = True
-                break
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 14 *")
-        hapd.disable()
-        dev[0].flush_scan_cache(freq=2432)
-        dev[0].flush_scan_cache()
-
-    if not found:
-        raise Exception("AP not found in scan results")
-
-def test_scan_short_ssid_list(dev, apdev):
-    """Scan using Short SSID List element"""
-    dev[0].flush_scan_cache()
-    ssid = "test-short-ssid-list"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid,
-                                     "ignore_broadcast_ssid": "1"})
-    bssid = apdev[0]['bssid']
-    found = False
-    try:
-        payload = struct.pack('<L', binascii.crc32(ssid.encode()))
-        ssid_list = struct.pack('BBB', 255, 1 + len(payload), 58) + payload
-        cmd = "VENDOR_ELEM_ADD 14 " + binascii.hexlify(ssid_list).decode()
-        if "OK" not in dev[0].request(cmd):
-            raise Exception("VENDOR_ELEM_ADD failed")
-        for i in range(10):
-            check_scan(dev[0], "freq=2412 use_id=1")
-            if ssid in dev[0].request("SCAN_RESULTS"):
-                found = True
-                break
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 14 *")
-        hapd.disable()
-        dev[0].flush_scan_cache(freq=2432)
-        dev[0].flush_scan_cache()
-
-    if not found:
-        raise Exception("AP not found in scan results")
diff --git a/tests/hwsim/test_scs.py b/tests/hwsim/test_scs.py
deleted file mode 100644
index df63cbfdff47..000000000000
--- a/tests/hwsim/test_scs.py
+++ /dev/null
@@ -1,196 +0,0 @@
-# Test cases for SCS
-# Copyright (c) 2021, Jouni Malinen <j@w1.fi>
-# Copyright (c) 2021, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import struct
-import time
-
-import hostapd
-from utils import *
-
-def register_scs_req(hapd):
-    type = 0x00d0
-    match = "1300"
-    if "OK" not in hapd.request("REGISTER_FRAME %04x %s" % (type, match)):
-        raise Exception("Could not register frame reception for Robust AV Streaming")
-
-def handle_scs_req(hapd, wrong_dialog=False, status_code=0, twice=False,
-                   short=False, scsid=1):
-    msg = hapd.mgmt_rx()
-    if msg['subtype'] != 13:
-        logger.info("RX:" + str(msg))
-        raise Exception("Received unexpected Management frame")
-    categ, act, dialog_token = struct.unpack('BBB', msg['payload'][0:3])
-    if categ != 19 or act != 0:
-        logger.info("RX:" + str(msg))
-        raise Exception("Received unexpected Action frame")
-
-    if wrong_dialog:
-        dialog_token = (dialog_token + 1) % 256
-    msg['da'] = msg['sa']
-    msg['sa'] = hapd.own_addr()
-    count = 1
-    if short:
-        resp = struct.pack('BBB', 19, 1, dialog_token)
-    else:
-        resp = struct.pack('BBBB', 19, 1, dialog_token, count)
-        resp += struct.pack('<BH', scsid, status_code)
-    msg['payload'] = resp
-    hapd.mgmt_tx(msg)
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None or "stype=13 ok=1" not in ev:
-        raise Exception("No TX status reported")
-    if twice:
-        hapd.mgmt_tx(msg)
-        ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-        if ev is None or "stype=13 ok=1" not in ev:
-            raise Exception("No TX status reported")
-
-def wait_scs_result(dev, expect_status="0"):
-    ev = dev.wait_event(["CTRL-EVENT-SCS-RESULT"], timeout=2)
-    if ev is None:
-        raise Exception("No SCS result reported")
-    if "status_code=%s" % expect_status not in ev:
-        raise Exception("Unexpected SCS result: " + ev)
-
-def test_scs_invalid_params(dev, apdev):
-    """SCS command invalid parameters"""
-    tests = ["",
-             "scs_id=1",
-             "scs_id=1 foo",
-             "scs_id=1 add ",
-             "scs_id=1 add scs_up=8",
-             "scs_id=1 add scs_up=7",
-             "scs_id=1 add scs_up=7 classifier_type=1",
-             "scs_id=1 add scs_up=7 classifier_type=4",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv4",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv4 src_ip=q",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv4 dst_ip=q",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv4 src_port=q",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv4 dst_port=q",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv4 protocol=foo",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv6 protocol=foo",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv6 next_header=foo",
-             "scs_id=1 add scs_up=7 classifier_type=4 ip_version=ipv6 flow_label=ffffff",
-             "scs_id=1 add scs_up=7 classifier_type=10",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=qq",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffff",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=qqqqqqqq",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffffff",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=foo filter_value=11223344 filter_mask=ffffffff",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11 filter_mask=ee classifier_type=10 prot_instance=2 prot_number=udp filter_value=22 filter_mask=ff",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11 filter_mask=ee classifier_type=10 prot_instance=2 prot_number=udp filter_value=22 filter_mask=ff tclas_processing=2",
-             "scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11 filter_mask=ee classifier_type=10 prot_instance=2 prot_number=udp filter_value=22 filter_mask=ff tclas_processing=0",
-             "scs_id=1 add scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp scs_id=1 add scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=tcp"
-             "scs_id=1 remove",
-             "scs_id=1 change "]
-    for t in tests:
-        if "FAIL" not in dev[0].request("SCS " + t):
-            raise Exception("Invalid SCS parameters accepted: " + t)
-
-def test_scs_request(dev, apdev):
-    """SCS Request"""
-    params = {"ssid": "scs",
-              "ext_capa": 6*"00" + "40"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    register_scs_req(hapd)
-
-    dev[0].connect("scs", key_mgmt="NONE", scan_freq="2412")
-
-    hapd.dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    cmd = "SCS scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffffff"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS add failed")
-
-    handle_scs_req(hapd)
-    wait_scs_result(dev[0])
-
-    cmd = "SCS scs_id=2 add scs_up=5 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffffff"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS add failed")
-
-    handle_scs_req(hapd, wrong_dialog=True)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCS-RESULT"], timeout=2)
-    if ev is None:
-        raise Exception("No SCS result reported")
-    if "status_code=timedout" not in ev:
-        raise Exception("Timeout not reported: " + ev)
-
-    cmd = "SCS scs_id=1 add scs_up=5 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffffff"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("SCS add for already configured scs_id did not fail")
-
-    cmd = "SCS scs_id=1 remove"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS remove failed")
-    handle_scs_req(hapd)
-    wait_scs_result(dev[0])
-
-    tests = ["scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp",
-             "scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=tcp",
-             "scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=esp",
-             "scs_up=6 classifier_type=4 ip_version=ipv6 src_ip=::1 dst_ip=::1 src_port=12345 dst_port=23456 dscp=5 next_header=udp",
-             "scs_up=6 classifier_type=4 ip_version=ipv6 src_ip=::1 dst_ip=::1 src_port=12345 dst_port=23456 dscp=5 next_header=tcp",
-             "scs_up=6 classifier_type=4 ip_version=ipv6 src_ip=::1 dst_ip=::1 src_port=12345 dst_port=23456 dscp=5 next_header=esp flow_label=012345",
-             "scs_up=6 classifier_type=10 prot_instance=1 prot_number=tcp filter_value=11223344 filter_mask=ffffffff",
-             "scs_up=6 classifier_type=10 prot_instance=1 prot_number=esp filter_value=11223344 filter_mask=ffffffff",
-             "scs_up=6 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffffff",
-             "scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=tcp tclas_processing=1",
-             "scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp scs_id=10 add scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=tcp"]
-    for t in tests:
-        cmd = "SCS scs_id=1 change " + t
-        if "OK" not in dev[0].request(cmd):
-            raise Exception("SCS change failed: " + t)
-        handle_scs_req(hapd)
-        wait_scs_result(dev[0])
-        if "scs_id=" in t:
-            wait_scs_result(dev[0], expect_status="response_not_received")
-
-    cmd = "SCS scs_id=1 change scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS change failed: " + t)
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("SCS change failed: " + t)
-    handle_scs_req(hapd, twice=True)
-    wait_scs_result(dev[0])
-    ev = dev[0].wait_event(["CTRL-EVENT-SCS-RESULT"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected SCS result reported(1)")
-
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS change failed: " + t)
-    handle_scs_req(hapd, short=True)
-    ev = dev[0].wait_event(["CTRL-EVENT-SCS-RESULT"], timeout=3)
-    if ev is not None:
-        raise Exception("Unexpected SCS result reported(2)")
-
-    cmd = "SCS scs_id=123 add scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS add failed: " + t)
-    handle_scs_req(hapd, scsid=34)
-    wait_scs_result(dev[0], expect_status="response_not_received")
-
-    cmd = "SCS scs_id=33 add scs_up=6 classifier_type=4 ip_version=ipv4 src_ip=1.2.3.4 dst_ip=5.6.7.8 src_port=12345 dst_port=23456 dscp=5 protocol=udp"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("SCS add failed: " + t)
-    handle_scs_req(hapd, scsid=33, status_code=123)
-    wait_scs_result(dev[0], expect_status="123")
-
-def test_scs_request_without_ap_capa(dev, apdev):
-    """SCS Request without AP capability"""
-    params = {"ssid": "scs"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("scs", key_mgmt="NONE", scan_freq="2412")
-
-    cmd = "SCS scs_id=1 add scs_up=7 classifier_type=10 prot_instance=1 prot_number=udp filter_value=11223344 filter_mask=ffffffff"
-    if "FAIL" not in dev[0].request(cmd):
-        raise Exception("SCS add accepted")
diff --git a/tests/hwsim/test_sigma_dut.py b/tests/hwsim/test_sigma_dut.py
deleted file mode 100644
index 5450c337e6a3..000000000000
--- a/tests/hwsim/test_sigma_dut.py
+++ /dev/null
@@ -1,5264 +0,0 @@
-# Test cases for sigma_dut
-# Copyright (c) 2017, Qualcomm Atheros, Inc.
-# Copyright (c) 2018-2019, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import errno
-import fcntl
-import hashlib
-import logging
-logger = logging.getLogger()
-import os
-import socket
-import struct
-import subprocess
-import threading
-import time
-
-import hostapd
-from utils import *
-from hwsim import HWSimRadio
-import hwsim_utils
-from wlantest import Wlantest
-from tshark import run_tshark
-from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
-from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
-from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
-from test_ap_hs20 import hs20_ap_params
-from test_ap_pmf import check_mac80211_bigtk
-from test_ocv import check_ocv_failure
-
-def check_sigma_dut():
-    if not os.path.exists("./sigma_dut"):
-        raise HwsimSkip("sigma_dut not available")
-
-def to_hex(s):
-    return binascii.hexlify(s.encode()).decode()
-
-def from_hex(s):
-    return binascii.unhexlify(s).decode()
-
-def sigma_log_output(cmd):
-    try:
-        out = cmd.stdout.read()
-        if out:
-            logger.debug("sigma_dut stdout: " + str(out.decode()))
-    except IOError as e:
-        if e.errno != errno.EAGAIN:
-            raise
-    try:
-        out = cmd.stderr.read()
-        if out:
-            logger.debug("sigma_dut stderr: " + str(out.decode()))
-    except IOError as e:
-        if e.errno != errno.EAGAIN:
-            raise
-
-sigma_prog = None
-
-def sigma_dut_cmd(cmd, port=9000, timeout=2):
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
-                         socket.IPPROTO_TCP)
-    sock.settimeout(timeout)
-    addr = ('127.0.0.1', port)
-    sock.connect(addr)
-    sock.send(cmd.encode() + b"\r\n")
-    try:
-        res = sock.recv(1000).decode()
-        running = False
-        done = False
-        for line in res.splitlines():
-            if line.startswith("status,RUNNING"):
-                running = True
-            elif line.startswith("status,INVALID"):
-                done = True
-            elif line.startswith("status,ERROR"):
-                done = True
-            elif line.startswith("status,COMPLETE"):
-                done = True
-        if running and not done:
-            # Read the actual response
-            res = sock.recv(1000).decode()
-    except:
-        res = ''
-        pass
-    sock.close()
-    res = res.rstrip()
-    logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
-    global sigma_prog
-    if sigma_prog:
-        sigma_log_output(sigma_prog)
-    return res
-
-def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
-    res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
-    if "COMPLETE" not in res:
-        raise Exception("sigma_dut command failed: " + cmd)
-    return res
-
-def start_sigma_dut(ifname, hostapd_logdir=None, cert_path=None,
-                    bridge=None, sae_h2e=False, owe_ptk_workaround=False):
-    check_sigma_dut()
-    cmd = ['./sigma_dut',
-           '-d',
-           '-M', ifname,
-           '-S', ifname,
-           '-F', '../../hostapd/hostapd',
-           '-G',
-           '-w', '/var/run/wpa_supplicant/',
-           '-j', ifname]
-    if hostapd_logdir:
-        cmd += ['-H', hostapd_logdir]
-    if cert_path:
-        cmd += ['-C', cert_path]
-    if bridge:
-        cmd += ['-b', bridge]
-    if sae_h2e:
-        cmd += ['-2']
-    if owe_ptk_workaround:
-        cmd += ['-3']
-    sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
-                             stderr=subprocess.PIPE)
-    for stream in [sigma.stdout, sigma.stderr]:
-        fd = stream.fileno()
-        fl = fcntl.fcntl(fd, fcntl.F_GETFL)
-        fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
-
-    global sigma_prog
-    sigma_prog = sigma
-    res = None
-    for i in range(20):
-        try:
-            res = sigma_dut_cmd("HELLO")
-            break
-        except:
-            time.sleep(0.05)
-    if res is None or "errorCode,Unknown command" not in res:
-        raise Exception("Failed to start sigma_dut")
-    return {'cmd': sigma, 'ifname': ifname}
-
-def stop_sigma_dut(sigma):
-    global sigma_prog
-    sigma_prog = None
-    cmd = sigma['cmd']
-    sigma_log_output(cmd)
-    logger.debug("Terminating sigma_dut process")
-    cmd.terminate()
-    cmd.wait()
-    out, err = cmd.communicate()
-    logger.debug("sigma_dut stdout: " + str(out.decode()))
-    logger.debug("sigma_dut stderr: " + str(err.decode()))
-    subprocess.call(["ip", "addr", "del", "dev", sigma['ifname'],
-                     "127.0.0.11/24"],
-                    stderr=open('/dev/null', 'w'))
-
-def sigma_dut_wait_connected(ifname):
-    for i in range(50):
-        res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
-        if "connected,1" in res:
-            break
-        time.sleep(0.2)
-        if i == 49:
-            raise Exception("Connection did not complete")
-
-def test_sigma_dut_basic(dev, apdev):
-    """sigma_dut basic functionality"""
-    sigma = start_sigma_dut(dev[0].ifname)
-
-    tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
-             ("device_get_info", "status,COMPLETE,vendor"),
-             ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
-             ("device_list_interfaces,interfaceType,802.11",
-              "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
-    try:
-        res = sigma_dut_cmd("UNKNOWN")
-        if "status,INVALID,errorCode,Unknown command" not in res:
-            raise Exception("Unexpected sigma_dut response to unknown command")
-
-        for cmd, response in tests:
-            res = sigma_dut_cmd(cmd)
-            if response not in res:
-                raise Exception("Unexpected %s response: %s" % (cmd, res))
-    finally:
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_open(dev, apdev):
-    """sigma_dut controlled open network association"""
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_psk_pmf(dev, apdev):
-    """sigma_dut controlled PSK+PMF association"""
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-pmf-required"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-        params["ieee80211w"] = "2"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
-    """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
-    run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
-    """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
-    run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
-    """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
-    run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
-    """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
-    run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
-    """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
-    run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
-                                 failure=True)
-
-def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
-                                 failure=False):
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-pmf-required"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-        params["ieee80211w"] = "2"
-        params["group_mgmt_cipher"] = hostapd_cipher
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
-                            timeout=2 if failure else 10)
-        if failure:
-            ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
-                                    "CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("Network selection result not indicated")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection")
-            res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
-            if "connected,1" in res:
-                raise Exception("Connection reported")
-        else:
-            sigma_dut_wait_connected(ifname)
-            sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae(dev, apdev):
-    """sigma_dut controlled SAE association"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_groups'] = '19 20 21'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        if dev[0].get_status_field('sae_group') != '19':
-            raise Exception("Expected default SAE group not used")
-        res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
-        logger.info("Reported PMK: " + res)
-        if ",PMK," not in res:
-            raise Exception("PMK not reported");
-        if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
-            raise Exception("Mismatch in reported PMK")
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        if dev[0].get_status_field('sae_group') != '20':
-            raise Exception("Expected SAE group not used")
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_groups(dev, apdev):
-    """sigma_dut controlled SAE association with group negotiation"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_groups'] = '19'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        if dev[0].get_status_field('sae_group') != '19':
-            raise Exception("Expected default SAE group not used")
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_pmkid_include(dev, apdev):
-    """sigma_dut controlled SAE association with PMKID"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params["sae_confirm_immediate"] = "1"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_password(dev, apdev):
-    """sigma_dut controlled SAE association and long password"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid)
-        params['sae_password'] = 100*'B'
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_pw_id(dev, apdev):
-    """sigma_dut controlled SAE association with Password Identifier"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid)
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_password'] = 'secret|id=pw id'
-        params['sae_groups'] = '19'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_pw_id_pwe_loop(dev, apdev):
-    """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid)
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_password'] = 'secret|id=pw id'
-        params['sae_groups'] = '19'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname, "test-sae", "secret"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        for i in range(3):
-            ev = dev[0].wait_event(["SME: Trying to authenticate",
-                                    "CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("Network selection result not indicated")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection")
-        res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
-        if "connected,1" in res:
-            raise Exception("Connection reported")
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_sae_pw_id_ft(dev, apdev):
-    """sigma_dut controlled SAE association with Password Identifier and FT"""
-    run_sigma_dut_sae_pw_id_ft(dev, apdev)
-
-def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
-    """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
-    run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
-
-def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid)
-        params['wpa_key_mgmt'] = 'SAE FT-SAE'
-        params["ieee80211w"] = "2"
-        params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
-        params['mobility_domain'] = 'aabb'
-        params['ft_over_ds'] = '1' if over_ds else '0'
-        bssid = apdev[0]['bssid'].replace(':', '')
-        params['nas_identifier'] = bssid + '.nas.example.com'
-        params['r1_key_holder'] = bssid
-        params['pmk_r1_push'] = '0'
-        params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
-        params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        if over_ds:
-            sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-
-        bssid = apdev[1]['bssid'].replace(':', '')
-        params['nas_identifier'] = bssid + '.nas.example.com'
-        params['r1_key_holder'] = bssid
-        hapd2 = hostapd.add_ap(apdev[1], params)
-        bssid = hapd2.own_addr()
-        sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
-        dev[0].wait_connected()
-
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_sta_override_rsne(dev, apdev):
-    """sigma_dut and RSNE override on STA"""
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-psk"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-
-        tests = ["30120100000fac040100000fac040100000fac02",
-                 "30140100000fac040100000fac040100000fac02ffff"]
-        for test in tests:
-            sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
-            sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
-            sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
-                                timeout=10)
-            sigma_dut_wait_connected(ifname)
-            sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-            dev[0].dump_monitor()
-
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
-        sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
-                            timeout=10)
-
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
-        if ev is None:
-            raise Exception("Association rejection not reported")
-        if "status_code=40" not in ev:
-            raise Exception("Unexpected status code: " + ev)
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_psk(dev, apdev):
-    """sigma_dut controlled AP"""
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_pskhex(dev, apdev, params):
-    """sigma_dut controlled AP and PSKHEX"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_pskhex.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
-    """sigma_dut controlled AP PSK SHA256"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_psk_sha256.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
-                           psk="12345678", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
-    """sigma_dut controlled AP and deauth commands"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_psk_deauth.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
-                           psk="12345678", ieee80211w="2", scan_freq="2412")
-            addr = dev[0].own_addr()
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
-            ev = dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-            if "locally_generated=1" in ev:
-                raise Exception("Unexpected disconnection reason")
-            dev[0].wait_connected()
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
-            ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-            if ev and "locally_generated=1" not in ev:
-                raise Exception("Unexpected disconnection")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_eap_ttls(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS parameters"""
-    check_domain_match(dev[0])
-    logdir = params['logdir']
-
-    with open("auth_serv/ca.pem", "r") as f:
-        with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
-            f2.write(f.read())
-
-    src = "auth_serv/server.pem"
-    dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
-    hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
-    subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
-                           "-outform", "DER"],
-                          stderr=open('/dev/null', 'w'))
-    with open(dst, "rb") as f:
-        der = f.read()
-    hash = hashlib.sha256(der).digest()
-    with open(hashdst, "w") as f:
-        f.write(binascii.hexlify(hash).decode())
-
-    dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
-    with open(dst, "w") as f:
-        f.write(32*"00")
-
-    ssid = "test-wpa2-eap"
-    params = hostapd.wpa2_eap_params(ssid=ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
-
-    try:
-        tests = ["",
-                 ",Domain,server.w1.fi",
-                 ",DomainSuffix,w1.fi",
-                 ",DomainSuffix,server.w1.fi",
-                 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
-        for extra in tests:
-            sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-            sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-            sigma_dut_cmd_check(cmd + extra)
-            sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                                timeout=10)
-            sigma_dut_wait_connected(ifname)
-            sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-            sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-            sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-            dev[0].dump_monitor()
-
-        tests = [",Domain,w1.fi",
-                 ",DomainSuffix,example.com",
-                 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
-        for extra in tests:
-            sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-            sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-            sigma_dut_cmd_check(cmd + extra)
-            sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                                timeout=10)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-            if ev is None:
-                raise Exception("Server certificate error not reported")
-            res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
-            if "connected,1" in res:
-                raise Exception("Unexpected connection reported")
-            sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-            sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-            dev[0].dump_monitor()
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_suite_b(dev, apdev, params):
-    """sigma_dut controlled STA Suite B"""
-    check_suite_b_192_capa(dev)
-    logdir = params['logdir']
-
-    with open("auth_serv/ec2-ca.pem", "r") as f:
-        with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
-            f2.write(f.read())
-
-    with open("auth_serv/ec2-user.pem", "r") as f:
-        with open("auth_serv/ec2-user.key", "r") as f2:
-            with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
-                f3.write(f.read())
-                f3.write(f2.read())
-
-    dev[0].flush_scan_cache()
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/ec2-ca.pem'
-    params['server_cert'] = 'auth_serv/ec2-server.pem'
-    params['private_key'] = 'auth_serv/ec2-server.key'
-    params['openssl_ciphers'] = 'SUITEB192'
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "18129",
-              'auth_server_shared_secret': "radius",
-              'nas_identifier': "nas.w1.fi"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_suite_b_rsa(dev, apdev, params):
-    """sigma_dut controlled STA Suite B (RSA)"""
-    check_suite_b_192_capa(dev)
-    logdir = params['logdir']
-
-    with open("auth_serv/rsa3072-ca.pem", "r") as f:
-        with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
-            f2.write(f.read())
-
-    with open("auth_serv/rsa3072-user.pem", "r") as f:
-        with open("auth_serv/rsa3072-user.key", "r") as f2:
-            with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
-                f3.write(f.read())
-                f3.write(f2.read())
-
-    dev[0].flush_scan_cache()
-    params = suite_b_192_rsa_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
-
-    try:
-        tests = ["",
-                 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-                 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
-        for extra in tests:
-            sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
-            sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-            sigma_dut_cmd_check(cmd + extra)
-            sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
-                                timeout=10)
-            sigma_dut_wait_connected(ifname)
-            sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-            sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-            sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_suite_b(dev, apdev, params):
-    """sigma_dut controlled AP Suite B"""
-    check_suite_b_192_capa(dev)
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_suite_b.sigma-hostapd")
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/ec2-ca.pem'
-    params['server_cert'] = 'auth_serv/ec2-server.pem'
-    params['private_key'] = 'auth_serv/ec2-server.key'
-    params['openssl_ciphers'] = 'SUITEB192'
-    hostapd.add_ap(apdev[1], params)
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                           ieee80211w="2",
-                           openssl_ciphers="SUITEB192",
-                           eap="TLS", identity="tls user",
-                           ca_cert="auth_serv/ec2-ca.pem",
-                           client_cert="auth_serv/ec2-user.pem",
-                           private_key="auth_serv/ec2-user.key",
-                           pairwise="GCMP-256", group="GCMP-256",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
-    """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
-                            "GCMP")
-
-def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
-    """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
-                            "GCMP-256")
-
-def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
-    """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
-                            "CCMP")
-
-def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
-    """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
-                            "CCMP-256")
-
-def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
-    """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
-                            "BIP-GMAC-256", "CCMP")
-
-def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
-    """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
-                            "BIP-GMAC-256", "GCMP-256", "CCMP")
-
-def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
-    """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
-    run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
-                            "GCMP-256", "CCMP", "AES-CCMP-128")
-
-def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
-                            sta_cipher, sta_cipher_group=None, ap_group=None):
-    check_suite_b_192_capa(dev)
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_cipher.sigma-hostapd")
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/ec2-ca.pem'
-    params['server_cert'] = 'auth_serv/ec2-server.pem'
-    params['private_key'] = 'auth_serv/ec2-server.key'
-    params['openssl_ciphers'] = 'SUITEB192'
-    hostapd.add_ap(apdev[1], params)
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
-            cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
-            if ap_group:
-                cmd += ",GroupCipher,%s" % ap_group
-            sigma_dut_cmd_check(cmd)
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            if sta_cipher_group is None:
-                sta_cipher_group = sta_cipher
-            dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                           ieee80211w="2",
-                           openssl_ciphers="SUITEB192",
-                           eap="TLS", identity="tls user",
-                           ca_cert="auth_serv/ec2-ca.pem",
-                           client_cert="auth_serv/ec2-user.pem",
-                           private_key="auth_serv/ec2-user.key",
-                           pairwise=sta_cipher, group=sta_cipher_group,
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_override_rsne(dev, apdev):
-    """sigma_dut controlled AP overriding RSNE"""
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
-            sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae(dev, apdev, params):
-    """sigma_dut controlled AP with SAE"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            id = dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                                ieee80211w="2", scan_freq="2412")
-            if dev[0].get_status_field('sae_group') != '19':
-                raise Exception("Expected default SAE group not used")
-
-            res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
-            logger.info("Reported PMK: " + res)
-            if ",PMK," not in res:
-                raise Exception("PMK not reported");
-            if dev[0].get_pmk(id) != res.split(',')[3]:
-                raise Exception("Mismatch in reported PMK")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
-    """sigma_dut controlled AP with SAE Confirm immediate"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            if dev[0].get_status_field('sae_group') != '19':
-                raise Exception("Expected default SAE group not used")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_password(dev, apdev, params):
-    """sigma_dut controlled AP with SAE and long password"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_password.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
-                           ieee80211w="2", scan_freq="2412")
-            if dev[0].get_status_field('sae_group') != '19':
-                raise Exception("Expected default SAE group not used")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
-    """sigma_dut controlled AP with SAE Password Identifier"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_pw_id.sigma-hostapd")
-    conffile = os.path.join(params['logdir'],
-                            "sigma_dut_ap_sae_pw_id.sigma-conf")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].request("SET sae_groups ")
-            tests = [("pw1", "id1"),
-                     ("pw2", "id2"),
-                     ("pw3", None),
-                     ("pw4", "id4")]
-            for pw, pw_id in tests:
-                dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
-                               sae_password_id=pw_id,
-                               ieee80211w="2", scan_freq="2412")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected()
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev, apdev, params):
-    """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
-    conffile = os.path.join(params['logdir'],
-                            "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].set("sae_groups", "")
-            dev[0].connect("test-sae", key_mgmt="SAE", sae_password="12345678",
-                           sae_password_id="pwid",
-                           ieee80211w="2", scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
-                                    "CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("Network selection result not indicated")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection")
-            dev[0].request("REMOVE_NETWORK all")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
-    """sigma_dut controlled AP with SAE Password Identifier and FT"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
-    conffile = os.path.join(params['logdir'],
-                            "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].request("SET sae_groups ")
-            tests = [("pw1", "id1", "SAE"),
-                     ("pw2", "id2", "FT-SAE"),
-                     ("pw3", None, "FT-SAE"),
-                     ("pw4", "id4", "SAE")]
-            for pw, pw_id, key_mgmt in tests:
-                dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
-                               sae_password_id=pw_id,
-                               ieee80211w="2", scan_freq="2412")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected()
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_group(dev, apdev, params):
-    """sigma_dut controlled AP with SAE and specific group"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_group.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            if dev[0].get_status_field('sae_group') != '20':
-                raise Exception("Expected SAE group not used")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_psk_sae(dev, apdev, params):
-    """sigma_dut controlled AP with PSK+SAE"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_psk_sae.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[2].request("SET sae_groups ")
-            dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           scan_freq="2412", ieee80211w="0", wait_connect=False)
-            dev[0].request("SET sae_groups ")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           scan_freq="2412", ieee80211w="2")
-            dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
-
-            ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-            dev[2].request("DISCONNECT")
-            if ev is not None:
-                raise Exception("Unexpected connection without PMF")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
-    """sigma_dut controlled AP with PSK, SAE, FT"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
-    conffile = os.path.join(params['logdir'],
-                            "sigma_dut_ap_psk_sae_ft.sigma-conf")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].request("SET sae_groups ")
-            dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
-                           sae_password="12345678", scan_freq="2412")
-            dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
-                           psk="12345678", scan_freq="2412")
-            dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
-                           psk="12345678", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_owe(dev, apdev):
-    """sigma_dut controlled OWE station"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        params = {"ssid": "owe",
-                  "wpa": "2",
-                  "wpa_key_mgmt": "OWE",
-                  "ieee80211w": "2",
-                  "rsn_pairwise": "CCMP"}
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
-        logger.info("Reported PMK: " + res)
-        if ",PMK," not in res:
-            raise Exception("PMK not reported");
-        if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
-            raise Exception("Mismatch in reported PMK")
-
-        dev[0].dump_monitor()
-        sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
-        dev[0].wait_connected()
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
-                            timeout=10)
-        ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        if ev is None:
-            raise Exception("Association not rejected")
-        if "status_code=77" not in ev:
-            raise Exception("Unexpected rejection reason: " + ev)
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_owe_ptk_workaround(dev, apdev):
-    """sigma_dut controlled OWE station with PTK workaround"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-
-    params = {"ssid": "owe",
-              "wpa": "2",
-              "wpa_key_mgmt": "OWE",
-              "owe_ptk_workaround": "1",
-              "owe_groups": "20",
-              "ieee80211w": "2",
-              "rsn_pairwise": "CCMP"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, owe_ptk_workaround=True)
-
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_owe(dev, apdev, params):
-    """sigma_dut controlled AP with OWE"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_owe.sigma-hostapd")
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            id = dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                                scan_freq="2412")
-
-            res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
-            logger.info("Reported PMK: " + res)
-            if ",PMK," not in res:
-                raise Exception("PMK not reported");
-            if dev[0].get_pmk(id) != res.split(',')[3]:
-                raise Exception("Mismatch in reported PMK")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
-    """sigma_dut controlled AP with OWE and ECGroupID"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                           owe_group="20", scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-            dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                           owe_group="21", scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-            dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                           owe_group="19", scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-            dev[0].request("DISCONNECT")
-            if ev is None:
-                raise Exception("Association not rejected")
-            if "status_code=77" not in ev:
-                raise Exception("Unexpected rejection reason: " + ev)
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_owe_ptk_workaround(dev, apdev):
-    """sigma_dut controlled AP with OWE PTK workaround"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, owe_ptk_workaround=True)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                           owe_group="20", owe_ptk_workaround="1",
-                           scan_freq="2412")
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
-    """sigma_dut controlled AP with OWE and transition mode"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
-            res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
-
-            dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                           scan_freq="2412")
-            dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
-            if dev[0].get_status_field('bssid') not in res1:
-                raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
-            if dev[1].get_status_field('bssid') not in res2:
-                raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
-    """sigma_dut controlled AP with OWE and transition mode (2)"""
-    if "OWE" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("OWE not supported")
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
-            res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
-
-            dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
-                           scan_freq="2412")
-            dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
-            if dev[0].get_status_field('bssid') not in res2:
-                raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
-            if dev[1].get_status_field('bssid') not in res1:
-                raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def dpp_init_enrollee(dev, id1, enrollee_role):
-    logger.info("Starting DPP initiator/enrollee in a thread")
-    time.sleep(1)
-    cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
-    if enrollee_role == "Configurator":
-        cmd += " netrole=configurator"
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-    ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    logger.info("DPP initiator/enrollee done")
-
-def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 1)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
-
-def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 2)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
-
-def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 3)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
-
-def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 4)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
-
-def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 5)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
-
-def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 6)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
-
-def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 7)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
-
-def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 8)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
-
-def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 9)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
-
-def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
-    """sigma_dut DPP/QR responder (conf index 10)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
-
-def test_sigma_dut_dpp_qr_resp_11(dev, apdev, params):
-    """sigma_dut DPP/QR responder (conf index 11)"""
-    if not os.path.exists("./dpp-ca.py"):
-        raise HwsimSkip("dpp-ca.py not available")
-    logdir = params['logdir']
-    with open("auth_serv/ec-ca.pem", "rb") as f:
-        res = f.read()
-    with open(os.path.join(logdir, "dpp-ca.pem"), "wb") as f:
-        f.write(res)
-    with open("auth_serv/ec-ca.key", "rb") as f:
-        res = f.read()
-    with open(os.path.join(logdir, "dpp-ca.key"), "wb") as f:
-        f.write(res)
-    with open(os.path.join(logdir, "dpp-ca-csrattrs"), "wb") as f:
-        f.write(b'MAsGCSqGSIb3DQEJBw==')
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 11, cert_path=logdir)
-
-def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
-    """sigma_dut DPP/QR responder (channel list override)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
-                              listen_chan=2)
-
-def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
-    """sigma_dut DPP/QR responder status query"""
-    check_dpp_capab(dev[1])
-    params = hostapd.wpa2_params(ssid="DPPNET01",
-                                 passphrase="ThisIsDppPassphrase")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    try:
-        dev[1].set("dpp_config_processing", "2")
-        run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
-    finally:
-        dev[1].set("dpp_config_processing", "0", allow_fail=True)
-
-def test_sigma_dut_dpp_qr_resp_configurator(dev, apdev):
-    """sigma_dut DPP/QR responder (configurator provisioning)"""
-    run_sigma_dut_dpp_qr_resp(dev, apdev, -1, enrollee_role="Configurator")
-
-def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
-                              listen_chan=None, status_query=False,
-                              enrollee_role="STA", cert_path=None):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname, cert_path=cert_path)
-    try:
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        if chan_list:
-            cmd += ",DPPChannelList," + chan_list
-        res = sigma_dut_cmd(cmd)
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1,
-                                                             enrollee_role))
-        t.start()
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
-        if conf_idx is not None:
-            cmd += ",DPPConfIndex,%d" % conf_idx
-        if listen_chan:
-            cmd += ",DPPListenChannel," + str(listen_chan)
-        if status_query:
-            cmd += ",DPPStatusQuery,Yes"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        t.join()
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-        if status_query and "StatusResult,0" not in res:
-            raise Exception("Status query did not succeed: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
-csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
-ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
-ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
-
-def start_dpp_ap(apdev):
-    params = {"ssid": "DPPNET01",
-              "wpa": "2",
-              "ieee80211w": "2",
-              "wpa_key_mgmt": "DPP",
-              "rsn_pairwise": "CCMP",
-              "dpp_connector": ap_connector,
-              "dpp_csign": csign_pub,
-              "dpp_netaccesskey": ap_netaccesskey}
-    try:
-        hapd = hostapd.add_ap(apdev, params)
-    except:
-        raise HwsimSkip("DPP not supported")
-    return hapd
-
-def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
-    """sigma_dut DPP/QR initiator as Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev, apdev):
-    """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "DPP_CONFIGURATOR_ADD"
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        dev[1].set("dpp_configurator_params",
-                   " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
-    """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
-    run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
-
-def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
-    """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
-    run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
-                                                    extra="DPPAuthDirection,Mutual,")
-
-def test_sigma_dut_dpp_qr_mutual_init_enrollee_mud_url(dev, apdev):
-    """sigma_dut DPP/QR (mutual) initiator as Enrollee (MUD URL)"""
-    run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
-                                                    mud_url="https://example.com/mud")
-
-def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra='',
-                                                    mud_url=None):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-        cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
-        if mud_url:
-            cmd += ",MUDURL," + mud_url
-        res = sigma_dut_cmd_check(cmd, timeout=10)
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-
-        if mud_url:
-            ev = dev[1].wait_event(["DPP-MUD-URL"], timeout=1)
-            if ev is None:
-                raise Exception("DPP MUD URL not reported")
-            if ev.split(' ')[1] != mud_url:
-                raise Exception("Unexpected MUD URL value: " + ev)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
-    time.sleep(1)
-    logger.info("Starting DPP initiator/configurator in a thread")
-    cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
-    if own_id is not None:
-        cmd += " own=%d" % own_id
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-    ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    logger.info("DPP initiator/configurator done")
-
-def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
-    """sigma_dut DPP/QR (mutual) responder as Enrollee"""
-    run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
-
-def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
-    """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
-    run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
-
-def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        t = threading.Thread(target=dpp_init_conf_mutual,
-                             args=(dev[1], id1, conf_id, id0))
-        t.start()
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
-        if extra:
-            cmd += extra
-        res = sigma_dut_cmd(cmd, timeout=25)
-        t.join()
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def dpp_resp_conf_mutual(dev, conf_id, uri):
-    logger.info("Starting DPP responder/configurator in a thread")
-    dev.set("dpp_configurator_params",
-            " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
-                                                       conf_id))
-    cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP listen")
-    if uri:
-        ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
-        if ev is None:
-            raise Exception("QR Code scan for mutual authentication not requested")
-        dev.dpp_qr_code(uri)
-    ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    logger.info("DPP responder/configurator done")
-
-def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
-    """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
-    run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
-
-def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
-    """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
-    run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
-
-def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        if not resp_pending:
-            dev[1].dpp_qr_code(uri)
-            uri = None
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        t = threading.Thread(target=dpp_resp_conf_mutual,
-                             args=(dev[1], conf_id, uri))
-        t.start()
-
-        time.sleep(1)
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
-        res = sigma_dut_cmd(cmd, timeout=15)
-        t.join()
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
-    """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    params = hostapd.wpa2_params(ssid="DPPNET01",
-                                 passphrase="ThisIsDppPassphrase")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD"
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
-    """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    params = hostapd.wpa2_params(ssid="DPPNET01",
-                                 passphrase="ThisIsDppPassphrase")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-        dev[0].set("sae_groups", "")
-
-        cmd = "DPP_CONFIGURATOR_ADD"
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
-
-def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
-
-def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
-
-def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
-
-def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
-
-def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
-
-def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
-
-def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
-
-def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
-
-def test_sigma_dut_dpp_qr_init_configurator_mud_url(dev, apdev):
-    """sigma_dut DPP/QR initiator as Configurator (MUD URL)"""
-    run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1,
-                                           mud_url="https://example.com/mud")
-
-def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
-                                           prov_role="Configurator",
-                                           extra=None, mud_url=None):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        if mud_url:
-            dev[1].set("dpp_mud_url", mud_url)
-        cmd = "DPP_LISTEN 2437 role=enrollee"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
-        if extra:
-            cmd += "," + extra
-        res = sigma_dut_cmd(cmd)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-        if mud_url and ",MUDURL," + mud_url not in res:
-            raise Exception("Unexpected result (missing MUD URL): " + res)
-    finally:
-        dev[1].set("dpp_mud_url", "")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
-    """sigma_dut DPP roles incompatible (Initiator)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        cmd = "DPP_LISTEN 2437 role=enrollee"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
-        res = sigma_dut_cmd(cmd)
-        if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def dpp_init_enrollee_mutual(dev, id1, own_id):
-    logger.info("Starting DPP initiator/enrollee in a thread")
-    time.sleep(1)
-    cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-    ev = dev.wait_event(["DPP-CONF-RECEIVED",
-                         "DPP-NOT-COMPATIBLE"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    logger.info("DPP initiator/enrollee done")
-
-def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
-    """sigma_dut DPP roles incompatible (Responder)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        res = sigma_dut_cmd(cmd)
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
-        t.start()
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        t.join()
-        if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_qr_enrollee_chirp(dev, apdev):
-    """sigma_dut DPP/QR as chirping Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        res = sigma_dut_cmd_check(cmd)
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        conf_id = dev[1].dpp_configurator_add(key=csign)
-        idc = dev[1].dpp_qr_code(uri)
-        dev[1].dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id,
-                                 ssid="DPPNET01")
-        dev[1].dpp_listen(2437)
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,16,DPPWaitForConnect,Yes,DPPChirp,Enable", timeout=20)
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def dpp_enrollee_chirp(dev, id1):
-    logger.info("Starting chirping Enrollee in a thread")
-    time.sleep(0.1)
-    cmd = "DPP_CHIRP own=%d" % id1
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP chirping")
-    ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=15)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    logger.info("DPP enrollee done")
-
-def test_sigma_dut_dpp_qr_configurator_chirp(dev, apdev):
-    """sigma_dut DPP/QR as Configurator waiting for chirp"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-
-        id1 = dev[1].dpp_bootstrap_gen(chan="81/1")
-        uri = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        t = threading.Thread(target=dpp_enrollee_chirp, args=(dev[1], id1))
-        t.start()
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,16,DPPChirp,Enable,DPPChirpChannel,6", timeout=20)
-        t.join()
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_dpp_qr_enrollee_chirp(dev, apdev, params):
-    """sigma_dut DPP/QR AP as chirping Enrollee"""
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1])
-    logdir = params['prefix'] + ".sigma-hostapd"
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,program,DPP")
-            cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-            res = sigma_dut_cmd_check(cmd)
-            if "status,COMPLETE" not in res:
-                raise Exception("dev_exec_action did not succeed: " + res)
-            hex = res.split(',')[3]
-            uri = from_hex(hex)
-            logger.info("URI from sigma_dut: " + uri)
-
-            conf_id = dev[0].dpp_configurator_add(key=csign)
-            idc = dev[0].dpp_qr_code(uri)
-            dev[0].dpp_bootstrap_set(idc, conf="ap-dpp", configurator=conf_id,
-                                 ssid="DPPNET01")
-            dev[0].dpp_listen(2437)
-
-            res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,16,DPPChirp,Enable", timeout=20)
-            if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-                raise Exception("Unexpected result: " + res)
-
-            dev[1].set("dpp_config_processing", "2")
-            id = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-            uri = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-            dev[1].dpp_listen(2437)
-            dev[0].dpp_auth_init(uri=uri, conf="sta-dpp", ssid="DPPNET01",
-                                 configurator=conf_id)
-            dev[1].wait_connected(timeout=20)
-
-            sigma_dut_cmd_check("ap_reset_default,program,DPP")
-        finally:
-            dev[1].set("dpp_config_processing", "0", allow_fail=True)
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
-    """sigma_dut DPP/PKEX initiator as Configurator"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        id1 = dev[1].dpp_bootstrap_gen(type="pkex")
-        cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to set PKEX data (responder)")
-        cmd = "DPP_LISTEN 2437 role=enrollee"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def dpp_init_conf(dev, id1, conf, conf_id, extra):
-    logger.info("Starting DPP initiator/configurator in a thread")
-    cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-    ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    logger.info("DPP initiator/configurator done")
-
-def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
-    """sigma_dut controlled AP (DPP)"""
-    run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
-
-def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
-    """sigma_dut controlled AP (legacy)"""
-    run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
-                            extra="pass=%s" % to_hex("qwertyuiop"))
-
-def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
-    """sigma_dut controlled AP (legacy)"""
-    run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
-                            extra="psk=%s" % (32*"12"))
-
-def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
-    check_dpp_capab(dev[0])
-    logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,program,DPP")
-            res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-            if "status,COMPLETE" not in res:
-                raise Exception("dev_exec_action did not succeed: " + res)
-            hex = res.split(',')[3]
-            uri = from_hex(hex)
-            logger.info("URI from sigma_dut: " + uri)
-
-            cmd = "DPP_CONFIGURATOR_ADD"
-            res = dev[0].request(cmd)
-            if "FAIL" in res:
-                raise Exception("Failed to add configurator")
-            conf_id = int(res)
-
-            id1 = dev[0].dpp_qr_code(uri)
-
-            t = threading.Thread(target=dpp_init_conf,
-                                 args=(dev[0], id1, ap_conf, conf_id, extra))
-            t.start()
-            res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
-            t.join()
-            if "ConfResult,OK" not in res:
-                raise Exception("Unexpected result: " + res)
-
-            id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-            uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-            id0b = dev[0].dpp_qr_code(uri1)
-
-            dev[1].set("dpp_config_processing", "2")
-            cmd = "DPP_LISTEN 2412"
-            if "OK" not in dev[1].request(cmd):
-                raise Exception("Failed to start listen operation")
-            cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
-            if "OK" not in dev[0].request(cmd):
-                raise Exception("Failed to initiate DPP Authentication")
-            dev[1].wait_connected(timeout=20)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            dev[1].set("dpp_config_processing", "0")
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_dpp_offchannel(dev, apdev, params):
-    """sigma_dut controlled AP doing DPP on offchannel"""
-    check_dpp_capab(dev[0])
-    logdir = params['prefix'] + ".sigma-hostapd"
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,program,DPP")
-            sigma_dut_cmd_check("ap_preset_testparameters,Program,DPP,Oper_Chn,3")
-            res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-            hex = res.split(',')[3]
-            uri = from_hex(hex)
-            logger.info("URI from sigma_dut: " + uri)
-            if "C:81/3;" not in uri:
-                raise Exception("Unexpected channel in AP's URI: " + uri)
-
-            cmd = "DPP_CONFIGURATOR_ADD"
-            res = dev[0].request(cmd)
-            if "FAIL" in res:
-                raise Exception("Failed to add configurator")
-            conf_id = int(res)
-
-            id0 = dev[0].dpp_bootstrap_gen(chan="81/7", mac=True)
-            uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-            dev[0].set("dpp_configurator_params",
-                       "conf=ap-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-            dev[0].dpp_listen(2442)
-
-            res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-            if "status,COMPLETE" not in res:
-                raise Exception("dev_exec_action did not succeed: " + res)
-
-            res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
-            if "ConfResult,OK" not in res:
-                raise Exception("Unexpected result: " + res)
-
-            id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
-            uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
-
-            id0b = dev[0].dpp_qr_code(uri1)
-
-            dev[1].set("dpp_config_processing", "2")
-            cmd = "DPP_LISTEN 2412"
-            if "OK" not in dev[1].request(cmd):
-                raise Exception("Failed to start listen operation")
-            cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id0b, to_hex("DPPNET01"), conf_id)
-            if "OK" not in dev[0].request(cmd):
-                raise Exception("Failed to initiate DPP Authentication")
-            dev[1].wait_connected(timeout=20)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            dev[1].set("dpp_config_processing", "0")
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
-    """sigma_dut controlled AP as DPP PKEX responder"""
-    check_dpp_capab(dev[0])
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
-        finally:
-            stop_sigma_dut(sigma)
-
-def dpp_init_conf_pkex(dev, conf_id, check_config=True):
-    logger.info("Starting DPP PKEX initiator/configurator in a thread")
-    time.sleep(1.5)
-    id = dev.dpp_bootstrap_gen(type="pkex")
-    cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
-    res = dev.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to initiate DPP PKEX")
-    if not check_config:
-        return
-    ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    logger.info("DPP initiator/configurator done")
-
-def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
-    sigma_dut_cmd_check("ap_reset_default,program,DPP")
-
-    cmd = "DPP_CONFIGURATOR_ADD"
-    res = dev[0].request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to add configurator")
-    conf_id = int(res)
-
-    t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
-    t.start()
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
-    t.join()
-    if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-        raise Exception("Unexpected result: " + res)
-
-    sigma_dut_cmd_check("ap_reset_default")
-
-def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
-    """sigma_dut controlled STA as DPP PKEX responder and error case"""
-    check_dpp_capab(dev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
-    finally:
-        stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
-    cmd = "DPP_CONFIGURATOR_ADD"
-    res = dev[1].request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to add configurator")
-    conf_id = int(res)
-
-    dev[1].set("dpp_test", "44")
-
-    t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
-                                                          False))
-    t.start()
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
-    t.join()
-    if "BootstrapResult,Timeout" not in res:
-        raise Exception("Unexpected result: " + res)
-
-def dpp_proto_init(dev, id1):
-    time.sleep(1)
-    logger.info("Starting DPP initiator/configurator in a thread")
-    cmd = "DPP_CONFIGURATOR_ADD"
-    res = dev.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to add configurator")
-    conf_id = int(res)
-
-    cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-
-def test_sigma_dut_dpp_proto_initiator(dev, apdev):
-    """sigma_dut DPP protocol testing - Initiator"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              None),
-             ("InvalidValue", "AuthenticationConfirm", "WrappedData",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              None),
-             ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              "Missing or invalid I-capabilities"),
-             ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              "Mismatching Initiator Authenticating Tag"),
-             ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
-              "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
-              "Missing or invalid Enrollee Nonce attribute")]
-    for step, frame, attr, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
-                                              fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
-    id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    cmd = "DPP_LISTEN 2437 role=enrollee"
-    if "OK" not in dev[1].request(cmd):
-        raise Exception("Failed to start listen operation")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
-                        timeout=10)
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly: " + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_sigma_dut_dpp_proto_responder(dev, apdev):
-    """sigma_dut DPP protocol testing - Responder"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              "Missing or invalid required DPP Status attribute"),
-             ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
-              "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
-              "Missing or invalid Enrollee Nonce attribute")]
-    for step, frame, attr, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
-                                              fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-    hex = res.split(',')[3]
-    uri = from_hex(hex)
-    logger.info("URI from sigma_dut: " + uri)
-
-    id1 = dev[1].dpp_qr_code(uri)
-
-    t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
-    t.start()
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
-    t.join()
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly:" + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
-    """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("AuthenticationResponse",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              None),
-             ("ConfigurationRequest",
-              "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
-              None)]
-    for frame, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
-    id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    cmd = "DPP_LISTEN 2437 role=enrollee"
-    if "OK" not in dev[1].request(cmd):
-        raise Exception("Failed to start listen operation")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly: " + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
-    """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("AuthenticationConfirm",
-              "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
-              None)]
-    for frame, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
-                                                               result, fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
-                                                       fail):
-    id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    cmd = "DPP_LISTEN 2437 role=configurator"
-    if "OK" not in dev[1].request(cmd):
-        raise Exception("Failed to start listen operation")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly: " + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
-    """sigma_dut DPP protocol testing - Stop at RX on Responder"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("AuthenticationRequest",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              None),
-             ("AuthenticationConfirm",
-              "BootstrapResult,OK,AuthResult,Errorsent",
-              None)]
-    for frame, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-    hex = res.split(',')[3]
-    uri = from_hex(hex)
-    logger.info("URI from sigma_dut: " + uri)
-
-    id1 = dev[1].dpp_qr_code(uri)
-
-    t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
-    t.start()
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
-    t.join()
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly:" + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def dpp_proto_init_pkex(dev):
-    time.sleep(1)
-    logger.info("Starting DPP PKEX initiator/configurator in a thread")
-    cmd = "DPP_CONFIGURATOR_ADD"
-    res = dev.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to add configurator")
-    conf_id = int(res)
-
-    id = dev.dpp_bootstrap_gen(type="pkex")
-
-    cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
-    if "FAIL" in dev.request(cmd):
-        raise Exception("Failed to initiate DPP PKEX")
-
-def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
-    """sigma_dut DPP protocol testing - Initiator (PKEX)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
-              "BootstrapResult,Errorsent",
-              None),
-             ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
-              "BootstrapResult,Errorsent",
-              "Missing or invalid Finite Cyclic Group attribute"),
-             ("MissingAttribute", "PKEXCRRequest", "BSKey",
-              "BootstrapResult,Errorsent",
-              "No valid peer bootstrapping key found")]
-    for step, frame, attr, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
-                                                   result, fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
-    id1 = dev[1].dpp_bootstrap_gen(type="pkex")
-
-    cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
-    res = dev[1].request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to set PKEX data (responder)")
-
-    cmd = "DPP_LISTEN 2437 role=enrollee"
-    if "OK" not in dev[1].request(cmd):
-        raise Exception("Failed to start listen operation")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly: " + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
-    """sigma_dut DPP protocol testing - Responder (PKEX)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
-              "BootstrapResult,Errorsent",
-              None),
-             ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
-              "BootstrapResult,Errorsent",
-              "No DPP Status attribute"),
-             ("MissingAttribute", "PKEXCRResponse", "BSKey",
-              "BootstrapResult,Errorsent",
-              "No valid peer bootstrapping key found")]
-    for step, frame, attr, result, fail in tests:
-        dev[0].request("FLUSH")
-        dev[1].request("FLUSH")
-        sigma = start_sigma_dut(dev[0].ifname)
-        try:
-            run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
-                                                   result, fail)
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
-    t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
-    t.start()
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
-    t.join()
-    if result not in res:
-        raise Exception("Unexpected result: " + res)
-    if fail:
-        ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
-        if ev is None or fail not in ev:
-            raise Exception("Failure not reported correctly:" + str(ev))
-
-    dev[1].request("DPP_STOP_LISTEN")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    dev[0].set("dpp_config_processing", "2")
-
-    cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-    res = dev[1].request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to add configurator")
-    conf_id = int(res)
-
-    id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-    uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-    dev[1].set("dpp_configurator_params",
-               " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
-                                                          conf_id))
-    cmd = "DPP_LISTEN 2437 role=configurator"
-    if "OK" not in dev[1].request(cmd):
-        raise Exception("Failed to start listen operation")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-
-def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
-    """sigma_dut DPP protocol testing - Peer Discovery Request"""
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0", allow_fail=True)
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_self_config(dev, apdev):
-    """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
-    check_dpp_capab(dev[0])
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
-    check_dpp_capab(hapd)
-
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-        id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
-        uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-        update_hapd_config(hapd)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("dpp_config_processing", "0")
-
-def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
-    """sigma_dut DPP AP Configurator using self-configuration"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_dpp_self_config.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            run_sigma_dut_ap_dpp_self_config(dev, apdev)
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("dpp_config_processing", "0", allow_fail=True)
-
-def run_sigma_dut_ap_dpp_self_config(dev, apdev):
-    check_dpp_capab(dev[0])
-
-    sigma_dut_cmd_check("ap_reset_default,program,DPP")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
-    if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-
-    dev[0].set("dpp_config_processing", "2")
-
-    id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
-    uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
-    cmd = "DPP_LISTEN 2462 role=enrollee"
-    if "OK" not in dev[0].request(cmd):
-        raise Exception("Failed to start listen operation")
-
-    res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
-    if "status,COMPLETE" not in res:
-        raise Exception("dev_exec_action did not succeed: " + res)
-    cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
-    res = sigma_dut_cmd(cmd)
-    if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-        raise Exception("Unexpected result: " + res)
-    dev[0].wait_connected(timeout=20)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-    sigma_dut_cmd_check("ap_reset_default")
-
-
-def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
-    """sigma_dut DPP AP as Relay to Controller"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_dpp_relay.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            run_sigma_dut_ap_dpp_relay(dev, apdev)
-        finally:
-            stop_sigma_dut(sigma)
-            dev[1].request("DPP_CONTROLLER_STOP")
-
-def run_sigma_dut_ap_dpp_relay(dev, apdev):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-
-    # Controller
-    conf_id = dev[1].dpp_configurator_add()
-    dev[1].set("dpp_configurator_params",
-               " conf=sta-dpp configurator=%d" % conf_id)
-    id_c = dev[1].dpp_bootstrap_gen()
-    uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
-    pkhash = None
-    for line in res.splitlines():
-        name, value = line.split('=')
-        if name == "pkhash":
-            pkhash = value
-            break
-    if not pkhash:
-        raise Exception("Could not fetch public key hash from Controller")
-    if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
-        raise Exception("Failed to start Controller")
-
-    sigma_dut_cmd_check("ap_reset_default,program,DPP")
-    sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
-    res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
-
-    dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
-    wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
-
-    sigma_dut_cmd_check("ap_reset_default")
-
-def dpp_init_tcp_enrollee(dev, id1):
-    logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
-    time.sleep(1)
-    cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-    ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Enrollee)")
-    logger.info("DPP initiator/enrollee done")
-
-def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
-    """sigma_dut DPP TCP Configurator (Controller) as responder"""
-    run_sigma_dut_dpp_tcp_conf_resp(dev)
-
-def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        res = sigma_dut_cmd(cmd)
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
-        t.start()
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
-        if status_query:
-            cmd += ",DPPStatusQuery,Yes"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        t.join()
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-        if status_query and "StatusResult,0" not in res:
-            raise Exception("Status query did not succeed: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def dpp_init_tcp_configurator(dev, id1, conf_id):
-    logger.info("Starting DPP initiator/configurator (TCP) in a thread")
-    time.sleep(1)
-    cmd = "DPP_AUTH_INIT peer=%d role=configurator conf=sta-dpp configurator=%d tcp_addr=127.0.0.1" % (id1, conf_id)
-    if "OK" not in dev.request(cmd):
-        raise Exception("Failed to initiate DPP Authentication")
-    ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
-    if ev is None:
-        raise Exception("DPP configuration not completed (Configurator)")
-    logger.info("DPP initiator/configurator done")
-
-def test_sigma_dut_dpp_tcp_enrollee_resp(dev, apdev):
-    """sigma_dut DPP TCP Enrollee (Controller) as responder"""
-    run_sigma_dut_dpp_tcp_enrollee_resp(dev)
-
-def run_sigma_dut_dpp_tcp_enrollee_resp(dev, status_query=False):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        res = sigma_dut_cmd(cmd)
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-
-        cmd = "DPP_CONFIGURATOR_ADD"
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id1 = dev[1].dpp_qr_code(uri)
-
-        t = threading.Thread(target=dpp_init_tcp_configurator, args=(dev[1], id1, conf_id))
-        t.start()
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
-        if status_query:
-            cmd += ",DPPStatusQuery,Yes"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        t.join()
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-        if status_query and "StatusResult,0" not in res:
-            raise Exception("Status query did not succeed: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
-    """sigma_dut DPP TCP Enrollee as initiator"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        # Controller
-        conf_id = dev[1].dpp_configurator_add()
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp configurator=%d" % conf_id)
-        id_c = dev[1].dpp_bootstrap_gen()
-        uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-        if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
-            raise Exception("Failed to start Controller")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_sigma_dut_ap_dpp_tcp_enrollee_init(dev, apdev, params):
-    """sigma_dut DPP AP as TCP Enrollee/initiator"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            run_sigma_dut_ap_dpp_tcp_enrollee_init(dev, apdev)
-        finally:
-            stop_sigma_dut(sigma)
-            dev[1].request("DPP_CONTROLLER_STOP")
-
-def run_sigma_dut_ap_dpp_tcp_enrollee_init(dev, apdev):
-    check_dpp_capab(dev[1])
-    # Controller
-    conf_id = dev[1].dpp_configurator_add()
-    dev[1].set("dpp_configurator_params",
-               "conf=ap-dpp configurator=%d" % conf_id)
-    id_c = dev[1].dpp_bootstrap_gen()
-    uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-    if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
-        raise Exception("Failed to start Controller")
-
-    sigma_dut_cmd_check("ap_reset_default,program,DPP")
-    sigma_dut_cmd_check("ap_preset_testparameters,Program,DPP,NAME,AP,oper_chn,6")
-    sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
-
-    cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
-    res = sigma_dut_cmd(cmd, timeout=10)
-    if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-        raise Exception("Unexpected result: " + res)
-    sigma_dut_cmd_check("ap_reset_default")
-
-def test_sigma_dut_dpp_tcp_enrollee_init_mutual(dev, apdev):
-    """sigma_dut DPP TCP Enrollee as initiator with mutual authentication"""
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        # Controller
-        conf_id = dev[1].dpp_configurator_add()
-        dev[1].set("dpp_configurator_params",
-                   "conf=sta-dpp configurator=%d" % conf_id)
-        id_c = dev[1].dpp_bootstrap_gen()
-        uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-        if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
-            raise Exception("Failed to start Controller")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        res = sigma_dut_cmd_check(cmd)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-        id1 = dev[1].dpp_qr_code(uri)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_sigma_dut_dpp_tcp_configurator_init_mutual(dev, apdev):
-    """sigma_dut DPP TCP Configurator as initiator with mutual authentication"""
-    check_dpp_capab(dev[0], min_ver=2)
-    check_dpp_capab(dev[1], min_ver=2)
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        id_c = dev[1].dpp_bootstrap_gen()
-        uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
-        if "OK" not in dev[1].request("DPP_CONTROLLER_START role=enrollee"):
-            raise Exception("Failed to start Controller")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
-        res = sigma_dut_cmd_check(cmd)
-        hex = res.split(',')[3]
-        uri = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri)
-        id1 = dev[1].dpp_qr_code(uri)
-
-        cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
-        res = sigma_dut_cmd(cmd, timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[1].request("DPP_CONTROLLER_STOP")
-
-def test_sigma_dut_dpp_nfc_handover_requestor_enrollee(dev, apdev):
-    """sigma_dut DPP/NFC handover requestor as Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-
-        id_own = dev[1].dpp_bootstrap_gen(type="nfc-uri", chan="81/1,6,11",
-                                          mac=True)
-        uri_own = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_own)
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPBS,NFC")
-        hex = res.split(',')[3]
-        uri_peer = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri_peer)
-
-        sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,NFC" % to_hex(uri_own))
-
-        res = dev[1].request("DPP_NFC_HANDOVER_REQ own=%d uri=%s" % (id_own,
-                                                                     uri_peer))
-        if "FAIL" in res:
-            raise Exception("Failed to process NFC Handover Request")
-        info = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_own)
-        logger.info("Updated local bootstrapping info:\n" + info)
-        freq = None
-        for line in info.splitlines():
-            if line.startswith("use_freq="):
-                freq = int(line.split('=')[1])
-        if freq is None:
-            raise Exception("Selected channel not indicated")
-        uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_own)
-        logger.info("Updated URI[1]: " + uri1)
-        dev[1].dpp_listen(freq, role="configurator")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,NFC,DPPNFCHandover,Negotiated_Requestor,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_nfc_handover_selector_enrollee(dev, apdev):
-    """sigma_dut DPP/NFC handover selector as Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-
-        id_own = dev[1].dpp_bootstrap_gen(type="nfc-uri", chan="81/1,6,11",
-                                          mac=True)
-        uri_own = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_own)
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPBS,NFC")
-        hex = res.split(',')[3]
-        uri_peer = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri_peer)
-
-        sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,NFC" % to_hex(uri_own))
-
-        res = dev[1].request("DPP_NFC_HANDOVER_SEL own=%d uri=%s" % (id_own,
-                                                                     uri_peer))
-        if "FAIL" in res:
-            raise Exception("Failed to process NFC Handover Select")
-        peer = int(res)
-        dev[1].dpp_auth_init(peer=peer, own=id_own, configurator=conf_id,
-                             conf="sta-dpp", ssid="DPPNET01")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,NFC,DPPNFCHandover,Negotiated_Selector,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_nfc_static_read_enrollee(dev, apdev):
-    """sigma_dut DPP/NFC read tag as Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-
-        id_own = dev[1].dpp_bootstrap_gen(type="nfc-uri", chan="81/6", mac=True)
-        uri_own = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_own)
-
-        sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,NFC" % to_hex(uri_own))
-        dev[1].dpp_listen(2437, role="configurator")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,NFC,DPPNFCHandover,Static,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_nfc_static_write_enrollee(dev, apdev):
-    """sigma_dut DPP/NFC write tag as Enrollee"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[0].set("dpp_config_processing", "2")
-
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPBS,NFC")
-        hex = res.split(',')[3]
-        uri_peer = from_hex(hex)
-        logger.info("URI from sigma_dut: " + uri_peer)
-
-        dev[1].dpp_auth_init(nfc_uri=uri_peer, configurator=conf_id,
-                             conf="sta-dpp", ssid="DPPNET01")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,NFC,DPPNFCHandover,Static,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_reconfig_enrollee(dev, apdev):
-    """sigma_dut DPP reconfiguration (Enrollee)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    hapd = start_dpp_ap(apdev[0])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "DPP_CONFIGURATOR_ADD key=" + csign
-        res = dev[1].request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        conf_id = int(res)
-
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-
-        dev[1].set("dpp_configurator_params",
-                   " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        ifname = dev[0].ifname
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-
-        hapd.disable()
-        dev[0].dump_monitor()
-
-        ssid = "reconfig"
-        passphrase = "secret passphrase"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        dev[1].set("dpp_configurator_params",
-                   "conf=sta-psk ssid=%s pass=%s conn_status=1" % (binascii.hexlify(ssid.encode()).decode(), binascii.hexlify(passphrase.encode()).decode()))
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-        dev[1].dump_monitor()
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,DPPReconfigure,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
-        if "status,COMPLETE,ReconfigAuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected reconfiguration result: " + res)
-
-        ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=15)
-        if ev is None:
-            raise Exception("DPP Config Response (reconfig) not transmitted")
-
-        dev[0].wait_connected(timeout=20)
-        ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20)
-        if ev is None:
-            raise Exception("No connection status reported")
-        if "result=0" not in ev:
-            raise Exception("Connection status did not report success: " + ev)
-
-        time.sleep(1)
-        cmd = "DPP_LISTEN 2437 role=configurator"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,DPPReconfigure,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=30)
-        if "status,COMPLETE,ReconfigAuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
-            raise Exception("Unexpected reconfiguration [2] result: " + res)
-
-        ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
-        if ev is None:
-            raise Exception("DPP Config Response (reconfig) not transmitted [2]")
-
-        dev[0].wait_connected(timeout=20)
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_dpp_reconfig_configurator(dev, apdev):
-    """sigma_dut DPP reconfiguration (Configurator)"""
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        dev[1].set("dpp_config_processing", "1")
-        id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
-        uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
-        cmd = "DPP_LISTEN 2437"
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start listen operation")
-
-        ifname = dev[0].ifname
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,DPP" % ifname)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
-        if "status,COMPLETE" not in res:
-            raise Exception("dev_exec_action did not succeed: " + res)
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPConfIndex,1,DPPBS,QR,DPPTimeout,6", timeout=10)
-        if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected result: " + res)
-
-        dev[0].dump_monitor()
-
-        ev = dev[1].wait_event(["DPP-NETWORK-ID"], timeout=1)
-        if ev is None:
-            raise Exception("No network profile created")
-        id = int(ev.split(' ')[1])
-
-        ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
-        if ev is None:
-            raise Exception("Configuration Result not sent")
-        dev[1].dump_monitor()
-        cmd = "DPP_RECONFIG %d" % id
-        if "OK" not in dev[1].request(cmd):
-            raise Exception("Failed to start reconfiguration")
-
-        res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,DPPReconfigure,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPConfIndex,2,DPPListenChannel,6,DPPTimeout,6", timeout=10)
-        if "status,COMPLETE,ReconfigAuthResult,OK,ConfResult,OK" not in res:
-            raise Exception("Unexpected reconfiguration result: " + res)
-
-        ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=15)
-        if ev is None:
-            raise Exception("DPP Config Response (reconfig) not received")
-    finally:
-        dev[0].set("dpp_config_processing", "0")
-        dev[1].set("dpp_config_processing", "0")
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_preconfigured_profile(dev, apdev):
-    """sigma_dut controlled connection using preconfigured profile"""
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
-                       only_add_network=True)
-
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_wps_pbc(dev, apdev):
-    """sigma_dut and WPS PBC Enrollee"""
-    ssid = "test-wps-conf"
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wps", "eap_server": "1", "wps_state": "2",
-                           "wpa_passphrase": "12345678", "wpa": "2",
-                           "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
-    hapd.request("WPS_PBC")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        cmd = "start_wps_registration,interface,%s" % ifname
-        cmd += ",WpsRole,Enrollee"
-        cmd += ",WpsConfigMethod,PBC"
-        sigma_dut_cmd_check(cmd, timeout=15)
-
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        hapd.disable()
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-    dev[0].flush_scan_cache()
-
-def test_sigma_dut_sta_scan_bss(dev, apdev):
-    """sigma_dut sta_scan_bss"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
-                                                      hapd.own_addr())
-        res = sigma_dut_cmd(cmd, timeout=10)
-        if "ssid,test,bsschannel,1" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
-    """sigma_dut sta_scan GetParameter,SSID_BSSID"""
-    hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
-    hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
-        res = sigma_dut_cmd(cmd, timeout=10)
-        if "abcdef" not in res or "qwerty" not in res:
-            raise Exception("Unexpected result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sta_scan_short_ssid(dev, apdev):
-    """sigma_dut sta_scan ShortSSID"""
-    dev[0].flush_scan_cache()
-    ssid = "test-short-ssid-list"
-    hapd = hostapd.add_ap(apdev[0], {"ssid": ssid,
-                                     "ignore_broadcast_ssid": "1"})
-    bssid = apdev[0]['bssid']
-    payload = struct.pack('>L', binascii.crc32(ssid.encode()))
-    val = binascii.hexlify(payload).decode()
-    sigma = start_sigma_dut(dev[0].ifname)
-    found = False
-    try:
-        cmd = "sta_scan,Interface,%s,ChnlFreq,2412,ShortSSID,%s" % (dev[0].ifname, val)
-        for i in range(10):
-            sigma_dut_cmd_check(cmd, timeout=5)
-            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-            if ev is None:
-                raise Exception("Scan did not complete")
-            if bssid in dev[0].request("SCAN_RESULTS"):
-                found = True
-                break
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].request("VENDOR_ELEM_REMOVE 14 *")
-
-    if not found:
-        raise Exception("AP not found in scan results")
-
-def test_sigma_dut_sta_scan_wait_completion(dev, apdev):
-    """sigma_dut sta_scan WaitCompletion,1"""
-    sigma = start_sigma_dut(dev[0].ifname)
-    try:
-        cmd = "sta_scan,Interface,%s,ChnlFreq,2412,WaitCompletion,1" % dev[0].ifname
-        res = sigma_dut_cmd(cmd, timeout=10)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_osen(dev, apdev, params):
-    """sigma_dut controlled AP with OSEN"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_osen.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            # RSN-OSEN (for OSU)
-            dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
-                           pairwise="CCMP", group="GTK_NOT_USED",
-                           eap="WFA-UNAUTH-TLS", identity="osen@example.com",
-                           ca_cert="auth_serv/ca.pem", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_eap_osen(dev, apdev, params):
-    """sigma_dut controlled AP with EAP+OSEN"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_eap_osen.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
-            subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
-
-            # RSN-OSEN (for OSU)
-            dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
-                           pairwise="CCMP",
-                           eap="WFA-UNAUTH-TLS", identity="osen@example.com",
-                           ca_cert="auth_serv/ca.pem", ieee80211w='2',
-                           scan_freq="2412")
-            # RSN-EAP (for data connection)
-            dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
-                           identity="hs20-test", password="password",
-                           ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
-                           ieee80211w='2', scan_freq="2412")
-
-            hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
-                                          success_expected=False, timeout=1)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
-                            stderr=open('/dev/null', 'w'))
-            subprocess.call(['brctl', 'delbr', 'ap-br0'],
-                            stderr=open('/dev/null', 'w'))
-
-def test_sigma_dut_ap_eap(dev, apdev, params):
-    """sigma_dut controlled AP WPA2-Enterprise"""
-    logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                           identity="gpsk user",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
-    """sigma_dut controlled AP WPA2-Enterprise SHA256"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_eap_sha256.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
-                           identity="gpsk user",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_ft_eap(dev, apdev, params):
-    """sigma_dut controlled AP FT-EAP"""
-    logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
-                           identity="gpsk user",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_ft_psk(dev, apdev, params):
-    """sigma_dut controlled AP FT-PSK"""
-    logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
-    """sigma_dut controlled AP FT-PSK (over-DS)"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
-    conffile = os.path.join(params['logdir'],
-                            "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
-    """sigma_dut controlled AP WPA-EAP and FT-EAP"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
-                           identity="gpsk user",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           scan_freq="2412")
-            dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
-                           identity="gpsk user",
-                           password="abcdefghijklmnop0123456789abcdef",
-                           scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_venue_url(dev, apdev):
-    """sigma_dut controlled Venue URL fetch"""
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "venue"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-        params["ieee80211w"] = "2"
-
-        venue_group = 1
-        venue_type = 13
-        venue_info = struct.pack('BB', venue_group, venue_type)
-        lang1 = "eng"
-        name1 = "Example venue"
-        lang2 = "fin"
-        name2 = "Esimerkkipaikka"
-        venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
-        venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
-        venue_name = binascii.hexlify(venue_info + venue1 + venue2)
-
-        url1 = "http://example.com/venue"
-        url2 = "https://example.org/venue-info/"
-        params["venue_group"] = str(venue_group)
-        params["venue_type"] = str(venue_type)
-        params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
-        params["venue_url"] = ["1:" + url1, "2:" + url2]
-
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_hs20_assoc_24(dev, apdev):
-    """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
-    run_sigma_dut_hs20_assoc(dev, apdev, True)
-
-def test_sigma_dut_hs20_assoc_5(dev, apdev):
-    """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
-    run_sigma_dut_hs20_assoc(dev, apdev, False)
-
-def run_sigma_dut_hs20_assoc(dev, apdev, band24):
-    hapd0 = None
-    hapd1 = None
-    try:
-        bssid0 = apdev[0]['bssid']
-        params = hs20_ap_params()
-        params['hessid'] = bssid0
-        hapd0 = hostapd.add_ap(apdev[0], params)
-
-        bssid1 = apdev[1]['bssid']
-        params = hs20_ap_params()
-        params['hessid'] = bssid0
-        params["hw_mode"] = "a"
-        params["channel"] = "36"
-        params["country_code"] = "US"
-        hapd1 = hostapd.add_ap(apdev[1], params)
-
-        band = "2.4" if band24 else "5"
-        exp_bssid = bssid0 if band24 else bssid1
-        run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
-    finally:
-        dev[0].request("DISCONNECT")
-        if hapd0:
-            hapd0.request("DISABLE")
-        if hapd1:
-            hapd1.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].flush_scan_cache()
-
-def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
-    check_eap_capa(dev[0], "MSCHAPV2")
-    dev[0].flush_scan_cache()
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
-        res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
-                                  timeout=15)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-    if "BSSID," + expect_bssid not in res:
-        raise Exception("Unexpected BSSID: " + res)
-
-def test_sigma_dut_ap_hs20(dev, apdev, params):
-    """sigma_dut controlled AP with Hotspot 2.0 parameters"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_hs20.sigma-hostapd")
-    conffile = os.path.join(params['logdir'],
-                            "sigma_dut_ap_hs20.sigma-conf")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
-            sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS with UOSC"""
-    logdir = params['logdir']
-
-    with open("auth_serv/ca.pem", "r") as f:
-        with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
-                  "w") as f2:
-            f2.write(f.read())
-
-    src = "auth_serv/server.pem"
-    dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
-    hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
-    subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
-                           "-outform", "DER"],
-                          stderr=open('/dev/null', 'w'))
-    with open(dst, "rb") as f:
-        der = f.read()
-    hash = hashlib.sha256(der).digest()
-    with open(hashdst, "w") as f:
-        f.write(binascii.hexlify(hash).decode())
-
-    dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
-    with open(dst, "w") as f:
-        f.write(32*"00")
-
-    ssid = "test-wpa2-eap"
-    params = hostapd.wpa2_eap_params(ssid=ssid)
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    try:
-        cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check(cmd)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-        if ev is None:
-            raise Exception("Server certificate error not reported")
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
-        if "ServerCertTrustResult,Accepted" not in res:
-            raise Exception("Server certificate trust was not accepted")
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-        dev[0].dump_monitor()
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
-    run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
-
-def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
-    run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
-
-def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
-    check_tls_tod(dev[0])
-    logdir = params['logdir']
-
-    name = "sigma_dut_eap_ttls_uosc_tod"
-    if tofu:
-        name += "_tofu"
-    with open("auth_serv/ca.pem", "r") as f:
-        with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
-            f2.write(f.read())
-
-    if tofu:
-        src = "auth_serv/server-certpol2.pem"
-    else:
-        src = "auth_serv/server-certpol.pem"
-    dst = os.path.join(logdir, name + ".server.der")
-    hashdst = os.path.join(logdir, name + ".server.pem.sha256")
-    subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
-                           "-outform", "DER"],
-                          stderr=open('/dev/null', 'w'))
-    with open(dst, "rb") as f:
-        der = f.read()
-    hash = hashlib.sha256(der).digest()
-    with open(hashdst, "w") as f:
-        f.write(binascii.hexlify(hash).decode())
-
-    ssid = "test-wpa2-eap"
-    params = int_eap_server_params()
-    params["ssid"] = ssid
-    if tofu:
-        params["server_cert"] = "auth_serv/server-certpol2.pem"
-        params["private_key"] = "auth_serv/server-certpol2.key"
-    else:
-        params["server_cert"] = "auth_serv/server-certpol.pem"
-        params["private_key"] = "auth_serv/server-certpol.key"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    try:
-        cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check(cmd)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
-        dev[0].wait_disconnected()
-        dev[0].dump_monitor()
-
-        hapd.disable()
-        params = hostapd.wpa2_eap_params(ssid=ssid)
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-        if ev is None:
-            raise Exception("Server certificate error not reported")
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
-        if "ServerCertTrustResult,Accepted" in res:
-            raise Exception("Server certificate trust override was accepted unexpectedly")
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-        dev[0].dump_monitor()
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
-    run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
-
-def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
-    run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
-
-def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
-    check_tls_tod(dev[0])
-    logdir = params['logdir']
-    name = params['name']
-    with open("auth_serv/rsa3072-ca.pem", "r") as f:
-        with open(params['prefix'] + ".ca.pem", "w") as f2:
-            f2.write(f.read())
-
-    if tofu:
-        src = "auth_serv/server-certpol2.pem"
-    else:
-        src = "auth_serv/server-certpol.pem"
-    dst = params['prefix'] + ".server.der"
-    hashdst = params['prefix'] + ".server.pem.sha256"
-    subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
-                           "-outform", "DER"],
-                          stderr=open('/dev/null', 'w'))
-    with open(dst, "rb") as f:
-        der = f.read()
-    hash = hashlib.sha256(der).digest()
-    with open(hashdst, "w") as f:
-        f.write(binascii.hexlify(hash).decode())
-
-    ssid = "test-wpa2-eap"
-    params = int_eap_server_params()
-    params["ssid"] = ssid
-    if tofu:
-        params["server_cert"] = "auth_serv/server-certpol2.pem"
-        params["private_key"] = "auth_serv/server-certpol2.key"
-    else:
-        params["server_cert"] = "auth_serv/server-certpol.pem"
-        params["private_key"] = "auth_serv/server-certpol.key"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    try:
-        cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check(cmd)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
-        if ev is None:
-            raise Exception("Server certificate validation failure not reported")
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
-        if not tofu and "ServerCertTrustResult,Accepted" in res:
-            raise Exception("Server certificate trust override was accepted unexpectedly")
-        if tofu and "ServerCertTrustResult,Accepted" not in res:
-            raise Exception("Server certificate trust override was not accepted")
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-        dev[0].dump_monitor()
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
-    """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
-    check_domain_suffix_match(dev[0])
-    logdir = params['logdir']
-
-    with open("auth_serv/ca.pem", "r") as f:
-        with open(os.path.join(logdir,
-                               "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
-                  "w") as f2:
-            f2.write(f.read())
-
-    ssid = "test-wpa2-eap"
-    params = int_eap_server_params()
-    params["ssid"] = ssid
-    params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
-    params["server_cert"] = "auth_serv/rsa3072-server.pem"
-    params["private_key"] = "auth_serv/rsa3072-server.key"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, cert_path=logdir)
-
-    try:
-        cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check(cmd)
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-        if ev is None:
-            raise Exception("Server certificate error not reported")
-
-        res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
-        if "ServerCertTrustResult,Accepted" not in res:
-            raise Exception("Server certificate trust was not accepted")
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-        dev[0].dump_monitor()
-    finally:
-        stop_sigma_dut(sigma)
-
-def start_sae_pwe_ap(apdev, sae_pwe):
-    ssid = "test-sae"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    params['sae_groups'] = '19'
-    params['sae_pwe'] = str(sae_pwe)
-    return hostapd.add_ap(apdev, params)
-
-def connect_sae_pwe_sta(dev, ifname, extra=None):
-    dev.dump_monitor()
-    sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-    sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-    cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
-    if extra:
-        cmd += "," + extra
-    sigma_dut_cmd_check(cmd)
-    sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                        timeout=10)
-    sigma_dut_wait_connected(ifname)
-    sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-    dev.wait_disconnected()
-    sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    dev.dump_monitor()
-
-def no_connect_sae_pwe_sta(dev, ifname, extra=None):
-    dev.dump_monitor()
-    sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-    sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-    cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
-    if extra:
-        cmd += "," + extra
-    sigma_dut_cmd_check(cmd)
-    sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                        timeout=10)
-    ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
-                         "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-    if ev is None or "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection result")
-    sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    dev.dump_monitor()
-
-def test_sigma_dut_sae_h2e(dev, apdev):
-    """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    start_sae_pwe_ap(apdev[0], 2)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, sae_h2e=True)
-    try:
-        connect_sae_pwe_sta(dev[0], ifname)
-        connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
-        connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
-        res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
-        if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
-            raise Exception("Unexpected error result: " + res)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
-    """sigma_dut controlled SAE H2E association (AP using loop-only)"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    start_sae_pwe_ap(apdev[0], 0)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, sae_h2e=True)
-    try:
-        connect_sae_pwe_sta(dev[0], ifname)
-        connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
-        no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
-    """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    start_sae_pwe_ap(apdev[0], 1)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, sae_h2e=True)
-    try:
-        connect_sae_pwe_sta(dev[0], ifname)
-        no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
-        connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
-    """sigma_dut controlled AP with SAE H2E"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_h2e.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            for sae_pwe in [0, 1, 2]:
-                dev[0].request("SET sae_groups ")
-                dev[0].set("sae_pwe", str(sae_pwe))
-                dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                               ieee80211w="2", scan_freq="2412")
-                dev[0].request("REMOVE_NETWORK all")
-                dev[0].wait_disconnected()
-                dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
-    """sigma_dut controlled AP with SAE H2E-only"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_h2e.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            dev[0].set("sae_pwe", "1")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-            dev[0].set("sae_pwe", "0")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-            dev[0].request("DISCONNECT")
-            if ev is None or "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection result")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
-    """sigma_dut controlled AP with SAE looping-only"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_h2e.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            dev[0].set("sae_pwe", "0")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-            dev[0].set("sae_pwe", "1")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
-            dev[0].request("DISCONNECT")
-            if ev is None or "CTRL-EVENT-CONNECTED" in ev:
-                raise Exception("Unexpected connection result")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_sae_h2e_loop_forcing(dev, apdev):
-    """sigma_dut controlled SAE H2E misbehavior with looping forced"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ssid = "test-sae"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    params['sae_pwe'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
-        if ev is None:
-            raise Exception("No authentication attempt reported")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected connection reported")
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_h2e_enabled_group_rejected(dev, apdev):
-    """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ssid = "test-sae"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    params['sae_groups'] = "19 20"
-    params['sae_pwe'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, sae_h2e=True)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
-        if ev is None:
-            raise Exception("No authentication attempt reported")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected connection reported")
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev, apdev):
-    """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ssid = "test-sae"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params['wpa_key_mgmt'] = 'SAE'
-    params["ieee80211w"] = "2"
-    params['sae_groups'] = "19"
-    params['sae_pwe'] = '1'
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname, sae_h2e=True)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
-        if ev is None:
-            raise Exception("No authentication attempt reported")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected connection reported")
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev, apdev, params):
-    """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups ")
-            dev[0].set("sae_pwe", "1")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412", wait_connect=False)
-            ev = dev[0].wait_event(["Associated with"], timeout=10)
-            if ev is None:
-                raise Exception("No indication of association seen")
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-DISCONNECTED"], timeout=10)
-            dev[0].request("DISCONNECT")
-            if ev is None:
-                raise Exception("No disconnection seen")
-            if "CTRL-EVENT-DISCONNECTED" not in ev:
-                raise Exception("Unexpected connection")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_sae_h2e_group_rejection(dev, apdev, params):
-    """sigma_dut controlled AP with SAE H2E-only and group rejection"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].request("SET sae_groups 21 20 19")
-            dev[0].set("sae_pwe", "1")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            addr = dev[0].own_addr()
-            res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr)
-            if "DHGroupVerResult,21 20" not in res:
-                raise Exception("Unexpected dev_exec_action response: " + res)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_sae_h2e_anti_clogging(dev, apdev, params):
-    """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
-    logdir = os.path.join(params['logdir'],
-                          "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].set("sae_groups", "")
-            dev[0].set("sae_pwe", "2")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-            dev[0].set("sae_pwe", "0")
-
-def test_sigma_dut_ap_5ghz(dev, apdev, params):
-    """sigma_dut controlled AP on 5 GHz"""
-    run_sigma_dut_ap_channel(dev, apdev, params, 36, '11na', 5180,
-                             check_signal="WIDTH=20 MHz")
-
-def test_sigma_dut_ap_ht40plus(dev, apdev, params):
-    """sigma_dut controlled AP and HT40+"""
-    run_sigma_dut_ap_channel(dev, apdev, params, 36, '11na', 5180,
-                             extra="width,40", check_signal="WIDTH=40 MHz")
-
-def test_sigma_dut_ap_ht40minus(dev, apdev, params):
-    """sigma_dut controlled AP and HT40-"""
-    run_sigma_dut_ap_channel(dev, apdev, params, 40, '11na', 5200,
-                             extra="width,40", check_signal="WIDTH=40 MHz")
-
-def test_sigma_dut_ap_vht40(dev, apdev, params):
-    """sigma_dut controlled AP and VHT40"""
-    run_sigma_dut_ap_channel(dev, apdev, params, 36, '11ac', 5180,
-                             extra="width,40", check_signal="WIDTH=40 MHz",
-                             program="VHT")
-
-def test_sigma_dut_ap_vht80(dev, apdev, params):
-    """sigma_dut controlled AP and VHT80"""
-    run_sigma_dut_ap_channel(dev, apdev, params, 36, '11ac', 5180,
-                             extra="width,80", check_signal="WIDTH=80 MHz",
-                             program="VHT")
-
-def run_sigma_dut_ap_channel(dev, apdev, params, channel, mode, scan_freq,
-                             extra=None, check_signal=None, program=None):
-    logdir = params['prefix'] + ".sigma-hostapd"
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            subprocess.call(['iw', 'reg', 'set', 'US'])
-            cmd = "ap_reset_default"
-            if program:
-                cmd += ",program," + program
-            sigma_dut_cmd_check(cmd)
-            cmd = "ap_set_wireless,NAME,AP,CHANNEL,%d,SSID,test-psk,MODE,%s" % (channel, mode)
-            if extra:
-                cmd += "," + extra
-            sigma_dut_cmd_check(cmd)
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(params['prefix'] + ".sigma-conf", "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].connect("test-psk", psk="12345678", scan_freq=str(scan_freq))
-            sig = dev[0].request("SIGNAL_POLL")
-            logger.info("SIGNAL_POLL:\n" + sig.strip())
-            dev[0].request("DISCONNECT")
-            dev[0].wait_disconnected()
-
-            sigma_dut_cmd_check("ap_reset_default")
-
-            if check_signal and check_signal not in sig:
-                raise Exception("Unexpected SIGNAL_POLL data")
-        finally:
-            stop_sigma_dut(sigma)
-            subprocess.call(['iw', 'reg', 'set', '00'])
-            dev[0].flush_scan_cache()
-
-@reset_ignore_old_scan_res
-def test_sigma_dut_beacon_prot(dev, apdev):
-    """sigma_dut controlled STA and beacon protection"""
-    ssid = "test-pmf-required"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    params["beacon_prot"] = "1"
-    try:
-        hapd = hostapd.add_ap(apdev[0], params)
-    except Exception as e:
-        if "Failed to enable hostapd interface" in str(e):
-            raise HwsimSkip("Beacon protection not supported")
-        raise
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,BeaconProtection,1" % (ifname, "test-pmf-required", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-
-        time.sleep(1)
-        check_mac80211_bigtk(dev[0], hapd)
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_beacon_prot(dev, apdev, params):
-    """sigma_dut controlled AP and beacon protection"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-
-    Wlantest.setup(None)
-    wt = Wlantest()
-    wt.flush()
-    wt.add_passphrase("12345678")
-
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required,BeaconProtection,1")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-            bssid = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP")
-            bssid = bssid.split(',')[3]
-
-            dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
-                           psk="12345678", scan_freq="2412",
-                           ieee80211w="2", beacon_prot="1")
-            time.sleep(1)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-    valid_bip = wt.get_bss_counter('valid_bip_mmie', bssid)
-    invalid_bip = wt.get_bss_counter('invalid_bip_mmie', bssid)
-    missing_bip = wt.get_bss_counter('missing_bip_mmie', bssid)
-    logger.info("wlantest BIP counters: valid=%d invalid=%d missing=%d" % (valid_bip, invalid_bip, missing_bip))
-    if valid_bip < 0 or invalid_bip > 0 or missing_bip > 0:
-        raise Exception("Unexpected wlantest BIP counters: valid=%d invalid=%d missing=%d" % (valid_bip, invalid_bip, missing_bip))
-
-def test_sigma_dut_ap_transition_disable(dev, apdev, params):
-    """sigma_dut controlled AP and transition disabled indication"""
-    check_sae_capab(dev[0])
-    logdir = params['prefix'] + ".sigma-hostapd"
-
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,PMF,Required,Transition_Disable,1,Transition_Disable_Index,0")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].set("sae_groups", "")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-            if ev is None:
-                raise Exception("Transition disable not indicated")
-            if ev.split(' ')[1] != "01":
-                raise Exception("Unexpected transition disable bitmap: " + ev)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_transition_disable_change(dev, apdev, params):
-    """sigma_dut controlled AP and transition disabled indication change"""
-    check_sae_capab(dev[0])
-    logdir = params['prefix'] + ".sigma-hostapd"
-
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-            dev[0].set("sae_groups", "")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-            if ev is not None:
-                raise Exception("Unexpected transition disable indication")
-            dev[0].request("DISCONNECT")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_set_rfeature,NAME,AP,Transition_Disable,1,Transition_Disable_Index,0")
-            dev[0].request("RECONNECT")
-            dev[0].wait_connected()
-            ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
-            if ev is None:
-                raise Exception("Transition disable not indicated")
-            if ev.split(' ')[1] != "01":
-                raise Exception("Unexpected transition disable bitmap: " + ev)
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ft_rsnxe_used_mismatch(dev, apdev):
-    """sigma_dut controlled FT protocol with RSNXE Used mismatch"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid)
-        params['wpa_key_mgmt'] = 'SAE FT-SAE'
-        params["ieee80211w"] = "2"
-        params['sae_password'] = "hello"
-        params['sae_pwe'] = "2"
-        params['mobility_domain'] = 'aabb'
-        bssid = apdev[0]['bssid'].replace(':', '')
-        params['nas_identifier'] = bssid + '.nas.example.com'
-        params['r1_key_holder'] = bssid
-        params['pmk_r1_push'] = '0'
-        params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
-        params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
-        hapd = hostapd.add_ap(apdev[0], params)
-        bssid = hapd.own_addr()
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9" % (ifname, "test-sae", "hello"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        dev[0].dump_monitor()
-
-        bssid2 = apdev[1]['bssid'].replace(':', '')
-        params['nas_identifier'] = bssid2 + '.nas.example.com'
-        params['r1_key_holder'] = bssid2
-        hapd2 = hostapd.add_ap(apdev[1], params)
-        bssid2 = hapd2.own_addr()
-
-        sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid2))
-        count = 0
-        for i in range(5):
-            ev = dev[0].wait_event(["Trying to associate",
-                                    "CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("Connection timed out")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                break
-            count += 1
-        dev[0].dump_monitor()
-        if count != 1:
-            raise Exception("Unexpected number of association attempts for the first FT protocol exchange (expecting success)")
-
-        sigma_dut_cmd_check("sta_set_rfeature,interface,%s,prog,WPA3,ReassocReq_RSNXE_Used,1" % ifname)
-        sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
-        count = 0
-        for i in range(5):
-            ev = dev[0].wait_event(["Trying to associate",
-                                    "CTRL-EVENT-CONNECTED"], timeout=10)
-            if ev is None:
-                raise Exception("Connection timed out")
-            if "CTRL-EVENT-CONNECTED" in ev:
-                break
-            count += 1
-        dev[0].dump_monitor()
-        if count != 2:
-            raise Exception("Unexpected number of association attempts for the second FT protocol exchange (expecting failure)")
-
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_ft_rsnxe_used_mismatch(dev, apdev, params):
-    """sigma_dut controlled AP with FT and RSNXE Used mismatch"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    conffile = params['prefix'] + ".sigma-conf"
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,hello,PMF,Required")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].connect("test-sae", key_mgmt="FT-SAE", sae_password="hello",
-                           ieee80211w="2", scan_freq="2412")
-
-            sigma_dut_cmd_check("ap_set_rfeature,NAME,AP,type,WPA3,ReassocResp_RSNXE_Used,1")
-            # This would need to be followed by FT protocol roaming test, but
-            # that is not currently convenient to implement, so for now, this
-            # test is based on manual inspection of hostapd getting configured
-            # properly.
-
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ocv(dev, apdev):
-    """sigma_dut controlled STA using OCV"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_groups'] = '19'
-        params['ocv'] = '1'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_wireless,interface,%s,program,WPA3,ocvc,1" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_wireless,interface,%s,program,WPA3,ocvc,1" % ifname)
-        sigma_dut_cmd_check("sta_set_rfeature,interface,%s,prog,WPA3,OCIFrameType,eapolM2,OCIChannel,11" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
-        ev = hapd.wait_event(["OCV-FAILURE"], timeout=1)
-        if ev is None:
-            raise Exception("OCV failure for EAPOL-Key msg 2/4 not reported")
-        if "addr=" + dev[0].own_addr() not in ev:
-            raise Exception("Unexpected OCV failure addr: " + ev)
-        if "frame=eapol-key-m2" not in ev:
-            raise Exception("Unexpected OCV failure frame: " + ev)
-        if "error=primary channel mismatch" not in ev:
-            raise Exception("Unexpected OCV failure error: " + ev)
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_ocv(dev, apdev, params):
-    """sigma_dut controlled AP using OCV"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    conffile = params['prefix'] + ".sigma-conf"
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,ocvc,1")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-            bssid = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP")
-            bssid = bssid.split(',')[3]
-
-            with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-                with open(conffile, "wb") as f2:
-                    f2.write(f.read())
-
-            dev[0].set("sae_groups", "")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", ocv="1", scan_freq="2412")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_set_rfeature,NAME,AP,type,WPA3,OCIFrameType,eapolM3,OCIChannel,3")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", ocv="1", scan_freq="2412",
-                           wait_connect=False)
-            check_ocv_failure(dev[0], "EAPOL-Key msg 3/4", "eapol-key-m3",
-                              bssid)
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_gtk_rekey(dev, apdev):
-    """sigma_dut controlled STA requesting GTK rekeying"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_groups'] = '19'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_wireless,interface,%s,program,WPA3,ocvc,1" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-
-        dev[0].dump_monitor()
-        sigma_dut_cmd_check("dev_exec_action,interface,%s,program,WPA3,KeyRotation,1" % ifname)
-        ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=5)
-        if ev is None:
-            raise Exception("GTK rekeying not seen")
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_gtk_rekey(dev, apdev, params):
-    """sigma_dut controlled AP and requested GTK rekeying"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            sigma_dut_cmd_check("ap_reset_default")
-            sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
-            sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
-            sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-
-            dev[0].set("sae_groups", "")
-            dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
-                           ieee80211w="2", scan_freq="2412")
-            dev[0].dump_monitor()
-
-            sigma_dut_cmd_check("dev_exec_action,name,AP,interface,%s,program,WPA3,KeyRotation,1" % iface)
-
-            ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=5)
-            if ev is None:
-                raise Exception("GTK rekeying not seen")
-
-            sigma_dut_cmd_check("ap_reset_default")
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_sae_pk(dev, apdev):
-    """sigma_dut controlled STA using SAE-PK"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    ssid = "SAE-PK test"
-    pw = "hbbi-f4xq-b45g"
-    m = "d2e5fa27d1be8897f987f2d480d2af6b"
-    pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg=="
-
-    try:
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params['sae_groups'] = '19'
-        params['sae_password'] = ['%s|pk=%s:%s' % (pw, m, pk)]
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_wireless,interface,%s,program,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pk,1" % (ifname, ssid, pw))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        dev[0].dump_monitor()
-
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-
-def run_sigma_dut_ap_sae_pk(conffile, dev, ssid, pw, keypair, m, failure,
-                            status=None, omit=False, immediate=False, sig=None):
-    sigma_dut_cmd_check("ap_reset_default")
-    sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,%s,MODE,11ng" % ssid)
-    cmd = "ap_set_security,NAME,AP,AKMSuiteType,8,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128,GroupMgntCipher,BIP-CMAC-128,PMF,Required,PSK,%s,sae_pk,1,Transition_Disable,1,Transition_Disable_Index,0,SAE_PK_KeyPair,%s,SAE_PK_Modifier,%s" % (pw, keypair, m)
-    if status is not None:
-        cmd += ",SAE_Commit_StatusCode,%d" % status
-    if omit:
-        cmd += ",SAE_PK_Omit,1"
-    if immediate:
-        cmd += ",SAE_Confirm_Immediate,1"
-    if sig:
-        cmd += ",SAE_PK_KeyPairSigOverride," + sig
-    sigma_dut_cmd_check(cmd)
-    sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-    bssid = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP")
-    bssid = bssid.split(',')[3]
-
-    with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-        with open(conffile, "ab") as f2:
-            f2.write(f.read())
-            f2.write('\n'.encode())
-
-    dev.set("sae_groups", "")
-    dev.connect(ssid, key_mgmt="SAE", sae_password=pw, ieee80211w="2",
-                scan_freq="2412", wait_connect=False)
-
-    ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
-                         "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=15)
-    if ev is None:
-        raise Exception("No connection result reported")
-
-    bss = dev.get_bss(bssid)
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[SAE-H2E]" not in bss['flags'] or "[SAE-PK]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    if failure:
-        if "CTRL-EVENT-CONNECTED" in ev:
-            raise Exception("Unexpected connection")
-        dev.request("REMOVE_NETWORK all")
-    else:
-        if "CTRL-EVENT-CONNECTED" not in ev:
-            raise Exception("Connection failed")
-        dev.request("REMOVE_NETWORK all")
-        dev.wait_disconnected()
-    dev.dump_monitor()
-
-    sigma_dut_cmd_check("ap_reset_default")
-
-def test_sigma_dut_ap_sae_pk(dev, apdev, params):
-    """sigma_dut controlled AP using SAE-PK"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    conffile = params['prefix'] + ".sigma-conf"
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    tests = [("SAEPK-4.7.1.1", "ya3o-zvm2-r4so", "saepk1.pem",
-              "faa1ef5094bdb4cb2836332ca2c09839", False),
-             ("SAEPK-4.7.1.2", "xcc2-qwru-yg23", "saepk1.pem",
-              "b1b30107eb74de2f25afd079bb4196c1", False),
-             ("SAEPK-4.7.1.3", "skqz-6scq-zcqv", "saepk1.pem",
-              "4c0ff61465e0f298510254ff54916c71", False),
-             ("SAEPK-4.7.1.4", "r6em-rya4-tqfa", "saepkP384.pem",
-              "fb811655209e9edf347a675ddd3e9c82", False),
-             ("SAEPK-4.7.1.5", "6kjo-umvi-7x3w", "saepkP521.pem",
-              "cccb76bc0f113ab754826ba9538d66f5", False),
-             ("SAEPK-5.7.1.1", "sw4h-re63-wgqg", "saepk1.pem",
-              "0d126f302d85ac809a6a4229dbbe3c75", False),
-             ("SAEPK-5.7.1.2", "wewq-r4kg-4ioz-xb2p", "saepk1.pem",
-              "d6b1d8924b1a462677e67b3bbfe73977", False),
-             ("SAEPK-5.7.1.3", "vb3v-5skk-5eft-v4hu-w2c5", "saepk1.pem",
-              "41f8cfceb96ebc5c8af9677d22749fad", False),
-             ("SAEPK-5.7.1.4", "2qsw-6tgy-xnwa-s7lo-75tq-qggr", "saepk1.pem",
-              "089e8d4a3a79ec637c54dd7bd61972f2", False),
-             ("SAE-PK test", "hbbi-f4xq-b45g", "saepkP256.pem",
-              "d2e5fa27d1be8897f987f2d480d2af6b", False),
-             ("SAE-PK test", "hbbi-f4xq-b457-jje4", "saepkP256.pem",
-              "d2e5fa27d1be8897f987f2d480d2af6b", False),
-             ("SAE-PK test", "hbbi-f4xq-b457-jjew-muei", "saepkP256.pem",
-              "d2e5fa27d1be8897f987f2d480d2af6b", False),
-             ("SAE-PK test", "hbbi-f4xq-b457-jjew-muey-fod3", "saepkP256.pem",
-              "d2e5fa27d1be8897f987f2d480d2af6b", False),
-             ("SAEPK-5.7.1.1", "sw4h-re63-wgqg", "saepk1.pem",
-              "0d126f302d85ac809a6a4229dbbe3c75", False),
-             ("SAEPK-5.7.1.10", "tkor-7nb3-r7tv", "saepkP384.pem",
-              "af1a3df913fc0103f65f105ed1472277", False),
-             ("SAEPK-5.7.1.11", "yjl3-vfvu-w6r3", "saepkP521.pem",
-              "24dadf9d253c4169c9647a21cb54fc57", False),
-             ("SAEPK-5.7.2.1", "rntm-tkrp-xgke", "saepk1.pem",
-              "cd38ccce3baff627d09bee7b9530d6ce", False),
-             ("SAEPK-5.7.2.2", "7lt7-7dqt-6abk", "saepk1.pem",
-              "a22fc8489932597c9e83de62dec02b21", False),
-             ("SAEPK-5.7.2.3", "sw4h-re63-wgqg", "saepk2.pem",
-              "1f4a4c7d290d97e0b6ab0cbbbfa0726d", True),
-             ("SAEPK-5.7.2.4", "rmj3-ya7b-42k4", "saepk1.pem",
-              "5f65e2bc37f8494de7a605ff615c8b6a", False),
-             ("SAEPK-5.7.2.4", "rmj3-ya7b-42k4", "saepk2.pem",
-              "5f65e2bc37f8494de7a605ff615c8b6a", True),
-             ("SAEPK-5.7.3", "4322-ufus-4bhm", "saepk1.pem",
-              "21ede99abc46679646693cafe4677d4e", False)]
-
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            for ssid, pw, keypair, m, failure in tests:
-                run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
-                                        failure)
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_ap_sae_pk_misbehavior(dev, apdev, params):
-    """sigma_dut controlled AP using SAE-PK misbehavior"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    conffile = params['prefix'] + ".sigma-conf"
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "SAEPK-4.7.1.1"
-    pw = "rmj3-ya7b-42k4"
-    keypair = "saepk1.pem"
-    m = "faa1ef5094bdb4cb2836332ca2c09839"
-
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
-                                    True, status=126)
-            run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
-                                    True, omit=True)
-            run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
-                                    True, status=126, omit=True, immediate=True)
-            run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
-                                    True, sig="saepk2.pem")
-        finally:
-            stop_sigma_dut(sigma)
-
-def run_sigma_dut_ap_sae_pk_mixed(conffile, dev, ssid, pw, keypair, m, failure):
-    sigma_dut_cmd_check("ap_reset_default")
-    sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,%s,MODE,11ng" % ssid)
-    cmd = "ap_set_security,NAME,AP,AKMSuiteType,2;8,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128,GroupMgntCipher,BIP-CMAC-128,PMF,Required,PSK,%s,sae_pk,0,Transition_Disable,0" % (pw)
-    sigma_dut_cmd_check(cmd)
-    sigma_dut_cmd_check("ap_config_commit,NAME,AP")
-    bssid = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP")
-    bssid = bssid.split(',')[3]
-
-    with open("/tmp/sigma_dut-ap.conf", "rb") as f:
-        with open(conffile, "ab") as f2:
-            f2.write(f.read())
-            f2.write('\n'.encode())
-
-    sigma_dut_cmd_check("ap_set_rfeature,NAME,AP,type,WPA3,Transition_Disable,1,Transition_Disable_Index,0")
-
-    dev[0].set("sae_groups", "")
-    dev[0].connect(ssid, key_mgmt="SAE", sae_password=pw, ieee80211w="2",
-                   scan_freq="2412")
-    dev[1].connect(ssid, key_mgmt="WPA-PSK", psk=pw, ieee80211w="2",
-                   scan_freq="2412")
-
-    sigma_dut_cmd_check("ap_reset_default")
-
-def test_sigma_dut_ap_sae_pk_mixed(dev, apdev, params):
-    """sigma_dut controlled AP using SAE-PK(disabled) and PSK"""
-    logdir = params['prefix'] + ".sigma-hostapd"
-    conffile = params['prefix'] + ".sigma-conf"
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    ssid = "SAEPK-5.7.3"
-    pw = "4322-ufus-4bhm"
-    keypair = "saepk1.pem"
-    m = "21ede99abc46679646693cafe4677d4e"
-
-    with HWSimRadio() as (radio, iface):
-        sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
-        try:
-            run_sigma_dut_ap_sae_pk_mixed(conffile, dev, ssid, pw, keypair,
-                                          m, False)
-        finally:
-            stop_sigma_dut(sigma)
-
-def test_sigma_dut_client_privacy(dev, apdev, params):
-    """sigma_dut client privacy"""
-    logdir = params['logdir']
-
-    ssid = "test"
-    params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    ifname = dev[0].ifname
-    addr = dev[0].own_addr()
-    sigma = start_sigma_dut(ifname)
-    try:
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_wireless,interface,%s,program,WPA3,ClientPrivacy,1" % ifname)
-        cmd = "sta_scan,Interface,%s,ChnlFreq,2412,WaitCompletion,1" % dev[0].ifname
-        sigma_dut_cmd_check(cmd, timeout=10)
-        time.sleep(2)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, ssid, "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
-        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
-        dev[0].set("mac_addr", "0", allow_fail=True)
-        dev[0].set("rand_addr_lifetime", "60", allow_fail=True)
-        dev[0].request("MAC_RAND_SCAN enable=0 all")
-        dev[0].set("preassoc_mac_addr", "0", allow_fail=True)
-        dev[0].set("gas_rand_mac_addr", "0", allow_fail=True)
-        dev[0].set("gas_rand_addr_lifetime", "60", allow_fail=True)
-
-    out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"),
-                     "wlan.addr == " + addr,
-                     display=["wlan.ta"])
-    res = out.splitlines()
-    if len(res) > 0:
-        raise Exception("Permanent address used unexpectedly")
-
-def test_sigma_dut_wpa3_inject_frame(dev, apdev):
-    """sigma_dut and WPA3 frame inject"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-    ifname = dev[0].ifname
-    sigma = start_sigma_dut(ifname)
-
-    try:
-        ssid = "test-sae"
-        params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
-        params['wpa_key_mgmt'] = 'SAE'
-        params["ieee80211w"] = "2"
-        params["ocv"] = "1"
-        params['sae_groups'] = '19 20 21'
-        hapd = hostapd.add_ap(apdev[0], params)
-
-        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
-        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-        sigma_dut_cmd_check("sta_set_wireless,interface,%s,program,WPA3,ocvc,1" % ifname)
-        sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
-        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
-                            timeout=10)
-        sigma_dut_wait_connected(ifname)
-        sigma_dut_cmd("dev_send_frame,interface,%s,program,WPA3,framename,SAQueryReq,OCIChannel,2" % ifname)
-        sigma_dut_cmd("dev_send_frame,interface,%s,program,WPA3,framename,SAQueryReq,OCIChannel,1" % ifname)
-        sigma_dut_cmd("dev_send_frame,interface,%s,program,WPA3,framename,ReassocReq" % ifname)
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
-    finally:
-        stop_sigma_dut(sigma)
diff --git a/tests/hwsim/test_ssid.py b/tests/hwsim/test_ssid.py
deleted file mode 100644
index faee75d5ff77..000000000000
--- a/tests/hwsim/test_ssid.py
+++ /dev/null
@@ -1,127 +0,0 @@
-# -*- coding: utf-8 -*-
-# SSID contents and encoding tests
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-
-import hostapd
-
-@remote_compatible
-def test_ssid_hex_encoded(dev, apdev):
-    """SSID configuration using hex encoded version"""
-    hostapd.add_ap(apdev[0], {"ssid2": '68656c6c6f'})
-    dev[0].connect("hello", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect(ssid2="68656c6c6f", key_mgmt="NONE", scan_freq="2412")
-
-def test_ssid_printf_encoded(dev, apdev):
-    """SSID configuration using printf encoded version"""
-    hostapd.add_ap(apdev[0], {"ssid2": 'P"\\0hello\\nthere"'})
-    dev[0].connect(ssid2="0068656c6c6f0a7468657265", key_mgmt="NONE",
-                   scan_freq="2412")
-    dev[1].connect(ssid2='P"\\x00hello\\nthere"', key_mgmt="NONE",
-                   scan_freq="2412")
-    ssid = dev[0].get_status_field("ssid")
-    bss = dev[1].get_bss(apdev[0]['bssid'])
-    if ssid != bss['ssid']:
-        raise Exception("Unexpected difference in SSID")
-    dev[2].connect(ssid2='P"' + ssid + '"', key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ssid_1_octet(dev, apdev):
-    """SSID with one octet"""
-    hostapd.add_ap(apdev[0], {"ssid": '1'})
-    dev[0].connect("1", key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ssid_32_octets(dev, apdev):
-    """SSID with 32 octets"""
-    hostapd.add_ap(apdev[0],
-                   {"ssid": '1234567890abcdef1234567890ABCDEF'})
-    dev[0].connect("1234567890abcdef1234567890ABCDEF", key_mgmt="NONE",
-                   scan_freq="2412")
-
-def test_ssid_32_octets_nul_term(dev, apdev):
-    """SSID with 32 octets with nul at the end"""
-    ssid = 'P"1234567890abcdef1234567890ABCDE\\x00"'
-    hostapd.add_ap(apdev[0],
-                   {"ssid2": ssid})
-    dev[0].connect(ssid2=ssid, key_mgmt="NONE", scan_freq="2412")
-
-@remote_compatible
-def test_ssid_utf8(dev, apdev):
-    """SSID with UTF8 encoding"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": 'testi-åäöÅÄÖ-testi',
-                                     "utf8_ssid": "1"})
-    dev[0].connect("testi-åäöÅÄÖ-testi", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect(ssid2="74657374692dc3a5c3a4c3b6c385c384c3962d7465737469",
-                   key_mgmt="NONE", scan_freq="2412")
-    # verify ctrl_iface for coverage
-    addrs = [dev[0].p2p_interface_addr(), dev[1].p2p_interface_addr()]
-    sta = hapd.get_sta(None)
-    if sta['addr'] not in addrs:
-        raise Exception("Unexpected STA address")
-    sta2 = hapd.get_sta(sta['addr'], next=True)
-    if sta2['addr'] not in addrs:
-        raise Exception("Unexpected STA2 address")
-    sta3 = hapd.get_sta(sta2['addr'], next=True)
-    if len(sta3) != 0:
-        raise Exception("Unexpected STA iteration result (did not stop)")
-
-    if "[UTF-8]" not in dev[0].get_bss(hapd.own_addr())['flags']:
-        raise Exception("[UTF-8] flag not included in BSS")
-    if "[UTF-8]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("[UTF-8] flag not included in SCAN_RESULTS")
-
-def clear_scan_cache2(hapd, dev):
-    # clear BSS table to avoid issues in following test cases
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-    hapd.disable()
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-@remote_compatible
-def test_ssid_hidden(dev, apdev):
-    """Hidden SSID"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": 'secret',
-                                     "ignore_broadcast_ssid": "1"})
-    dev[1].connect("secret", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    dev[0].connect("secret", key_mgmt="NONE", scan_freq="2412", scan_ssid="1")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    clear_scan_cache2(hapd, dev)
-
-@remote_compatible
-def test_ssid_hidden2(dev, apdev):
-    """Hidden SSID using zero octets as payload"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": 'secret2',
-                                     "ignore_broadcast_ssid": "2"})
-    dev[1].connect("secret2", key_mgmt="NONE", scan_freq="2412",
-                   wait_connect=False)
-    dev[0].connect("secret2", key_mgmt="NONE", scan_freq="2412", scan_ssid="1")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    clear_scan_cache2(hapd, dev)
-
-@remote_compatible
-def test_ssid_hidden_wpa2(dev, apdev):
-    """Hidden SSID with WPA2-PSK"""
-    params = hostapd.wpa2_params(ssid="secret", passphrase="12345678")
-    params["ignore_broadcast_ssid"] = "1"
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[1].connect("secret", psk="12345678", scan_freq="2412",
-                   wait_connect=False)
-    dev[0].connect("secret", psk="12345678", scan_freq="2412", scan_ssid="1")
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection")
-    clear_scan_cache2(hapd, dev)
diff --git a/tests/hwsim/test_sta_dynamic.py b/tests/hwsim/test_sta_dynamic.py
deleted file mode 100644
index 357bc9583dab..000000000000
--- a/tests/hwsim/test_sta_dynamic.py
+++ /dev/null
@@ -1,329 +0,0 @@
-# Dynamic wpa_supplicant interface
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import subprocess
-import time
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-
-def test_sta_dynamic(dev, apdev):
-    """Dynamically added wpa_supplicant interface"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hostapd.add_ap(apdev[0], params)
-
-    logger.info("Create a dynamic wpa_supplicant interface and connect")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-
-    wpas.connect("sta-dynamic", psk="12345678", scan_freq="2412")
-
-def test_sta_ap_scan_0(dev, apdev):
-    """Dynamically added wpa_supplicant interface with AP_SCAN 0 connection"""
-    hostapd.add_ap(apdev[0], {"ssid": "test"})
-    bssid = apdev[0]['bssid']
-
-    logger.info("Create a dynamic wpa_supplicant interface and connect")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-
-    if "OK" not in wpas.request("AP_SCAN 0"):
-        raise Exception("Failed to set AP_SCAN 2")
-
-    id = wpas.connect("", key_mgmt="NONE", bssid=bssid,
-                      only_add_network=True)
-    wpas.request("ENABLE_NETWORK " + str(id) + " no-connect")
-    wpas.request("SCAN")
-    time.sleep(0.5)
-    subprocess.call(['iw', wpas.ifname, 'connect', 'test', '2412'])
-    wpas.wait_connected(timeout=10)
-    wpas.request("SCAN")
-    wpas.wait_connected(timeout=5)
-
-def test_sta_ap_scan_2(dev, apdev):
-    """Dynamically added wpa_supplicant interface with AP_SCAN 2 connection"""
-    hostapd.add_ap(apdev[0], {"ssid": "test"})
-    bssid = apdev[0]['bssid']
-
-    logger.info("Create a dynamic wpa_supplicant interface and connect")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-
-    if "FAIL" not in wpas.request("AP_SCAN -1"):
-        raise Exception("Invalid AP_SCAN -1 accepted")
-    if "FAIL" not in wpas.request("AP_SCAN 3"):
-        raise Exception("Invalid AP_SCAN 3 accepted")
-    if "OK" not in wpas.request("AP_SCAN 2"):
-        raise Exception("Failed to set AP_SCAN 2")
-
-    id = wpas.connect("", key_mgmt="NONE", bssid=bssid,
-                      only_add_network=True)
-    wpas.request("ENABLE_NETWORK " + str(id) + " no-connect")
-    subprocess.call(['iw', wpas.ifname, 'scan', 'trigger', 'freq', '2412'])
-    time.sleep(1)
-    subprocess.call(['iw', wpas.ifname, 'connect', 'test', '2412'])
-    wpas.wait_connected(timeout=10)
-
-    wpas.request("SET disallow_aps bssid " + bssid)
-    wpas.wait_disconnected(timeout=10)
-
-    subprocess.call(['iw', wpas.ifname, 'connect', 'test', '2412'])
-    ev = wpas.wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected connection reported")
-
-def test_sta_ap_scan_2b(dev, apdev):
-    """Dynamically added wpa_supplicant interface with AP_SCAN 2 operation"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
-    bssid = apdev[0]['bssid']
-
-    logger.info("Create a dynamic wpa_supplicant interface and connect")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-
-    if "OK" not in wpas.request("AP_SCAN 2"):
-        raise Exception("Failed to set AP_SCAN 2")
-
-    id = wpas.connect("test", key_mgmt="NONE", bssid=bssid)
-    wpas.request("DISCONNECT")
-    wpas.set_network(id, "disabled", "1")
-    id2 = wpas.add_network()
-    wpas.set_network_quoted(id2, "ssid", "test2")
-    wpas.set_network(id2, "key_mgmt", "NONE")
-    wpas.set_network(id2, "disabled", "0")
-    wpas.request("REASSOCIATE")
-    ev = wpas.wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=15)
-    if ev is None:
-        raise Exception("Association rejection not reported")
-    hapd.disable()
-    wpas.set_network(id, "disabled", "0")
-    wpas.set_network(id2, "disabled", "1")
-    for i in range(3):
-        ev = wpas.wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=15)
-        if ev is None:
-            raise Exception("Association rejection not reported")
-    wpas.request("DISCONNECT")
-
-def test_sta_dynamic_down_up(dev, apdev):
-    """Dynamically added wpa_supplicant interface down/up"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    logger.info("Create a dynamic wpa_supplicant interface and connect")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.connect("sta-dynamic", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(wpas, hapd)
-    subprocess.call(['ifconfig', wpas.ifname, 'down'])
-    wpas.wait_disconnected(timeout=10)
-    if wpas.get_status_field("wpa_state") != "INTERFACE_DISABLED":
-        raise Exception("Unexpected wpa_state")
-    subprocess.call(['ifconfig', wpas.ifname, 'up'])
-    wpas.wait_connected(timeout=15, error="Reconnection not reported")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(wpas, hapd)
-
-def test_sta_dynamic_ext_mac_addr_change(dev, apdev):
-    """Dynamically added wpa_supplicant interface with external MAC address change"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    logger.info("Create a dynamic wpa_supplicant interface and connect")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.connect("sta-dynamic", psk="12345678", scan_freq="2412")
-    hapd.wait_sta()
-    hwsim_utils.test_connectivity(wpas, hapd)
-    subprocess.call(['ifconfig', wpas.ifname, 'down'])
-    wpas.wait_disconnected(timeout=10)
-    if wpas.get_status_field("wpa_state") != "INTERFACE_DISABLED":
-        raise Exception("Unexpected wpa_state")
-    prev_addr = wpas.p2p_interface_addr()
-    new_addr = '02:11:22:33:44:55'
-    try:
-        subprocess.call(['ip', 'link', 'set', 'dev', wpas.ifname,
-                         'address', new_addr])
-        subprocess.call(['ifconfig', wpas.ifname, 'up'])
-        wpas.wait_connected(timeout=15, error="Reconnection not reported")
-        if wpas.get_driver_status_field('addr') != new_addr:
-            raise Exception("Address change not reported")
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(wpas, hapd)
-        sta = hapd.get_sta(new_addr)
-        if sta['addr'] != new_addr:
-            raise Exception("STA association with new address not found")
-    finally:
-        subprocess.call(['ifconfig', wpas.ifname, 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', wpas.ifname,
-                         'address', prev_addr])
-        subprocess.call(['ifconfig', wpas.ifname, 'up'])
-
-def test_sta_dynamic_ext_mac_addr_change_for_connection(dev, apdev):
-    """Dynamically added wpa_supplicant interface with external MAC address change for connection"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['ifname']
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.scan_for_bss(bssid, freq=2412)
-    subprocess.call(['ifconfig', wpas.ifname, 'down'])
-    if wpas.get_status_field("wpa_state") != "INTERFACE_DISABLED":
-        raise Exception("Unexpected wpa_state")
-    prev_addr = wpas.own_addr()
-    new_addr = '02:11:22:33:44:55'
-    try:
-        subprocess.call(['ip', 'link', 'set', 'dev', wpas.ifname,
-                         'address', new_addr])
-        subprocess.call(['ifconfig', wpas.ifname, 'up'])
-        wpas.connect("sta-dynamic", psk="12345678", scan_freq="2412",
-                     wait_connect=False)
-        ev = wpas.wait_event(["CTRL-EVENT-CONNECTED",
-                              "CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-        if "CTRL-EVENT-SCAN-RESULTS" in ev:
-            raise Exception("Unexpected scan after MAC address change")
-        hapd.wait_sta()
-        hwsim_utils.test_connectivity(wpas, hapd)
-        sta = hapd.get_sta(new_addr)
-        if sta['addr'] != new_addr:
-            raise Exception("STA association with new address not found")
-        wpas.request("DISCONNECT")
-        wpas.wait_disconnected()
-        wpas.dump_monitor()
-        subprocess.call(['ifconfig', wpas.ifname, 'down'])
-        time.sleep(0.1)
-        res = wpas.get_bss(bssid)
-        if res is None:
-            raise Exception("BSS entry not maintained after interface disabling")
-        ev = wpas.wait_event(["CTRL-EVENT-BSS-REMOVED"], timeout=5.5)
-        if ev is None:
-            raise Exception("BSS entry not removed after interface has been disabled for a while")
-        res2 = wpas.get_bss(bssid)
-        if res2 is not None:
-            raise Exception("Unexpected BSS entry found on a disabled interface")
-    finally:
-        subprocess.call(['ifconfig', wpas.ifname, 'down'])
-        subprocess.call(['ip', 'link', 'set', 'dev', wpas.ifname,
-                         'address', prev_addr])
-        subprocess.call(['ifconfig', wpas.ifname, 'up'])
-
-def test_sta_dynamic_random_mac_addr(dev, apdev):
-    """Dynamically added wpa_supplicant interface and random MAC address"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr0 = wpas.get_driver_status_field("addr")
-    wpas.request("SET preassoc_mac_addr 1")
-    wpas.request("SET rand_addr_lifetime 0")
-
-    id = wpas.connect("sta-dynamic", psk="12345678", mac_addr="1",
-                      scan_freq="2412")
-    addr1 = wpas.get_driver_status_field("addr")
-
-    if addr0 == addr1:
-        raise Exception("Random MAC address not used")
-
-    sta = hapd.get_sta(addr0)
-    if sta['addr'] != "FAIL":
-        raise Exception("Unexpected STA association with permanent address")
-    sta = hapd.get_sta(addr1)
-    if sta['addr'] != addr1:
-        raise Exception("STA association with random address not found")
-
-    wpas.request("DISCONNECT")
-    wpas.connect_network(id)
-    addr2 = wpas.get_driver_status_field("addr")
-    if addr1 != addr2:
-        raise Exception("Random MAC address changed unexpectedly")
-
-    wpas.remove_network(id)
-    id = wpas.connect("sta-dynamic", psk="12345678", mac_addr="1",
-                      scan_freq="2412")
-    addr2 = wpas.get_driver_status_field("addr")
-    if addr1 == addr2:
-        raise Exception("Random MAC address did not change")
-
-def test_sta_dynamic_random_mac_addr_keep_oui(dev, apdev):
-    """Dynamically added wpa_supplicant interface and random MAC address (keep OUI)"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr0 = wpas.get_driver_status_field("addr")
-    wpas.request("SET preassoc_mac_addr 2")
-    wpas.request("SET rand_addr_lifetime 0")
-
-    id = wpas.connect("sta-dynamic", psk="12345678", mac_addr="2",
-                      scan_freq="2412")
-    addr1 = wpas.get_driver_status_field("addr")
-
-    if addr0 == addr1:
-        raise Exception("Random MAC address not used")
-    if addr1[3:8] != addr0[3:8]:
-        raise Exception("OUI was not kept")
-
-    sta = hapd.get_sta(addr0)
-    if sta['addr'] != "FAIL":
-        raise Exception("Unexpected STA association with permanent address")
-    sta = hapd.get_sta(addr1)
-    if sta['addr'] != addr1:
-        raise Exception("STA association with random address not found")
-
-    wpas.request("DISCONNECT")
-    wpas.connect_network(id)
-    addr2 = wpas.get_driver_status_field("addr")
-    if addr1 != addr2:
-        raise Exception("Random MAC address changed unexpectedly")
-
-    wpas.remove_network(id)
-    id = wpas.connect("sta-dynamic", psk="12345678", mac_addr="2",
-                      scan_freq="2412")
-    addr2 = wpas.get_driver_status_field("addr")
-    if addr1 == addr2:
-        raise Exception("Random MAC address did not change")
-    if addr2[3:8] != addr0[3:8]:
-        raise Exception("OUI was not kept")
-
-def test_sta_dynamic_random_mac_addr_scan(dev, apdev):
-    """Dynamically added wpa_supplicant interface and random MAC address for scan"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr0 = wpas.get_driver_status_field("addr")
-    wpas.request("SET preassoc_mac_addr 1")
-    wpas.request("SET rand_addr_lifetime 0")
-
-    id = wpas.connect("sta-dynamic", psk="12345678", scan_freq="2412")
-    addr1 = wpas.get_driver_status_field("addr")
-
-    if addr0 != addr1:
-        raise Exception("Random MAC address used unexpectedly")
-
-def test_sta_dynamic_random_mac_addr_scan_keep_oui(dev, apdev):
-    """Dynamically added wpa_supplicant interface and random MAC address for scan (keep OUI)"""
-    params = hostapd.wpa2_params(ssid="sta-dynamic", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    addr0 = wpas.get_driver_status_field("addr")
-    wpas.request("SET preassoc_mac_addr 2")
-    wpas.request("SET rand_addr_lifetime 0")
-
-    id = wpas.connect("sta-dynamic", psk="12345678", scan_freq="2412")
-    addr1 = wpas.get_driver_status_field("addr")
-
-    if addr0 != addr1:
-        raise Exception("Random MAC address used unexpectedly")
diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py
deleted file mode 100644
index 7065b18bd65f..000000000000
--- a/tests/hwsim/test_suite_b.py
+++ /dev/null
@@ -1,739 +0,0 @@
-# Suite B tests
-# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import time
-import logging
-logger = logging.getLogger()
-
-import hostapd
-from utils import HwsimSkip, fail_test
-
-def check_suite_b_capa(dev):
-    if "GCMP" not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("GCMP not supported")
-    if "BIP-GMAC-128" not in dev[0].get_capability("group_mgmt"):
-        raise HwsimSkip("BIP-GMAC-128 not supported")
-    if "WPA-EAP-SUITE-B" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("WPA-EAP-SUITE-B not supported")
-    check_suite_b_tls_lib(dev, level128=True)
-
-def check_suite_b_tls_lib(dev, dhe=False, level128=False):
-    tls = dev[0].request("GET tls_library")
-    if tls.startswith("GnuTLS"):
-        return
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("TLS library not supported for Suite B: " + tls)
-    supported = False
-    for ver in ['1.0.2', '1.1.0', '1.1.1']:
-        if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
-            supported = True
-            break
-        if not dhe and not level128 and "build=OpenSSL " + ver in tls and "run=BoringSSL" in tls:
-            supported = True
-            break
-    if not supported:
-        raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
-
-def suite_b_ap_params():
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B",
-              "rsn_pairwise": "GCMP",
-              "group_mgmt_cipher": "BIP-GMAC-128",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              "openssl_ciphers": "SUITEB128",
-              #"dh_file": "auth_serv/dh.conf",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ec-ca.pem",
-              "server_cert": "auth_serv/ec-server.pem",
-              "private_key": "auth_serv/ec-server.key"}
-    return params
-
-def test_suite_b(dev, apdev):
-    """WPA2/GCMP connection at Suite B 128-bit level"""
-    check_suite_b_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
-                   openssl_ciphers="SUITEB128",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec-ca.pem",
-                   client_cert="auth_serv/ec-user.pem",
-                   private_key="auth_serv/ec-user.key",
-                   pairwise="GCMP", group="GCMP", scan_freq="2412")
-    hapd.wait_sta()
-    tls_cipher = dev[0].get_status_field("EAP TLS cipher")
-    if tls_cipher != "ECDHE-ECDSA-AES128-GCM-SHA256" and \
-       tls_cipher != "ECDHE-ECDSA-AES-128-GCM-AEAD":
-        raise Exception("Unexpected TLS cipher: " + tls_cipher)
-
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WPA2-EAP-SUITE-B-GCMP]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=20)
-    dev[0].dump_monitor()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    conf = hapd.get_config()
-    if conf['key_mgmt'] != 'WPA-EAP-SUITE-B':
-        raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
-
-    hapd.wait_sta()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=20)
-    dev[0].dump_monitor()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out (2)")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange (2)")
-
-def suite_b_as_params():
-    params = {}
-    params['ssid'] = 'as'
-    params['beacon_int'] = '2000'
-    params['radius_server_clients'] = 'auth_serv/radius_clients.conf'
-    params['radius_server_auth_port'] = '18129'
-    params['eap_server'] = '1'
-    params['eap_user_file'] = 'auth_serv/eap_user.conf'
-    params['ca_cert'] = 'auth_serv/ec-ca.pem'
-    params['server_cert'] = 'auth_serv/ec-server.pem'
-    params['private_key'] = 'auth_serv/ec-server.key'
-    params['openssl_ciphers'] = 'SUITEB128'
-    return params
-
-def test_suite_b_radius(dev, apdev):
-    """WPA2/GCMP (RADIUS) connection at Suite B 128-bit level"""
-    check_suite_b_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_as_params()
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B",
-              "rsn_pairwise": "GCMP",
-              "group_mgmt_cipher": "BIP-GMAC-128",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "18129",
-              'auth_server_shared_secret': "radius",
-              'nas_identifier': "nas.w1.fi"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
-                   openssl_ciphers="SUITEB128",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec-ca.pem",
-                   client_cert="auth_serv/ec-user.pem",
-                   private_key="auth_serv/ec-user.key",
-                   pairwise="GCMP", group="GCMP", scan_freq="2412")
-
-def check_suite_b_192_capa(dev, dhe=False):
-    if "GCMP-256" not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("GCMP-256 not supported")
-    if "BIP-GMAC-256" not in dev[0].get_capability("group_mgmt"):
-        raise HwsimSkip("BIP-GMAC-256 not supported")
-    if "WPA-EAP-SUITE-B-192" not in dev[0].get_capability("key_mgmt"):
-        raise HwsimSkip("WPA-EAP-SUITE-B-192 not supported")
-    check_suite_b_tls_lib(dev, dhe=dhe)
-
-def suite_b_192_ap_params():
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              "openssl_ciphers": "SUITEB192",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/ec2-ca.pem",
-              "server_cert": "auth_serv/ec2-server.pem",
-              "private_key": "auth_serv/ec2-server.key"}
-    return params
-
-def test_suite_b_192(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user.pem",
-                   private_key="auth_serv/ec2-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-    tls_cipher = dev[0].get_status_field("EAP TLS cipher")
-    if tls_cipher != "ECDHE-ECDSA-AES256-GCM-SHA384" and \
-       tls_cipher != "ECDHE-ECDSA-AES-256-GCM-AEAD":
-        raise Exception("Unexpected TLS cipher: " + tls_cipher)
-    cipher = dev[0].get_status_field("mgmt_group_cipher")
-    if cipher != "BIP-GMAC-256":
-        raise Exception("Unexpected mgmt_group_cipher: " + cipher)
-
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WPA2-EAP-SUITE-B-192-GCMP-256]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    hapd.wait_sta()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=20)
-    dev[0].dump_monitor()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    conf = hapd.get_config()
-    if conf['key_mgmt'] != 'WPA-EAP-SUITE-B-192':
-        raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
-
-    hapd.wait_sta()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=20)
-    dev[0].dump_monitor()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out (2)")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange (2)")
-
-def test_suite_b_192_radius(dev, apdev):
-    """WPA2/GCMP-256 (RADIUS) connection at Suite B 192-bit level"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/ec2-ca.pem'
-    params['server_cert'] = 'auth_serv/ec2-server.pem'
-    params['private_key'] = 'auth_serv/ec2-server.key'
-    params['openssl_ciphers'] = 'SUITEB192'
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "18129",
-              'auth_server_shared_secret': "radius",
-              'nas_identifier': "nas.w1.fi"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user.pem",
-                   private_key="auth_serv/ec2-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-
-def test_suite_b_192_radius_and_p256_cert(dev, apdev):
-    """Suite B 192-bit level and p256 client cert"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/ec2-ca.pem'
-    params['server_cert'] = 'auth_serv/ec2-server.pem'
-    params['private_key'] = 'auth_serv/ec2-server.key'
-    params['openssl_ciphers'] = 'SUITEB192'
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "18129",
-              'auth_server_shared_secret': "radius",
-              'nas_identifier': "nas.w1.fi"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   #openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user-p256.pem",
-                   private_key="auth_serv/ec2-user-p256.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    if "reason=23" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_suite_b_pmkid_failure(dev, apdev):
-    """WPA2/GCMP connection at Suite B 128-bit level and PMKID derivation failure"""
-    check_suite_b_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
-        dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
-                       ieee80211w="2",
-                       openssl_ciphers="SUITEB128",
-                       eap="TLS", identity="tls user",
-                       ca_cert="auth_serv/ec-ca.pem",
-                       client_cert="auth_serv/ec-user.pem",
-                       private_key="auth_serv/ec-user.key",
-                       pairwise="GCMP", group="GCMP", scan_freq="2412")
-
-def test_suite_b_192_pmkid_failure(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level and PMKID derivation failure"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
-        dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                       ieee80211w="2",
-                       openssl_ciphers="SUITEB192",
-                       eap="TLS", identity="tls user",
-                       ca_cert="auth_serv/ec2-ca.pem",
-                       client_cert="auth_serv/ec2-user.pem",
-                       private_key="auth_serv/ec2-user.key",
-                       pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-
-def test_suite_b_mic_failure(dev, apdev):
-    """WPA2/GCMP connection at Suite B 128-bit level and MIC derivation failure"""
-    check_suite_b_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
-        dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
-                       ieee80211w="2",
-                       openssl_ciphers="SUITEB128",
-                       eap="TLS", identity="tls user",
-                       ca_cert="auth_serv/ec-ca.pem",
-                       client_cert="auth_serv/ec-user.pem",
-                       private_key="auth_serv/ec-user.key",
-                       pairwise="GCMP", group="GCMP", scan_freq="2412",
-                       wait_connect=False)
-        dev[0].wait_disconnected()
-
-def test_suite_b_192_mic_failure(dev, apdev):
-    """WPA2/GCMP connection at Suite B 192-bit level and MIC derivation failure"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
-        dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                       ieee80211w="2",
-                       openssl_ciphers="SUITEB192",
-                       eap="TLS", identity="tls user",
-                       ca_cert="auth_serv/ec2-ca.pem",
-                       client_cert="auth_serv/ec2-user.pem",
-                       private_key="auth_serv/ec2-user.key",
-                       pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
-                       wait_connect=False)
-        dev[0].wait_disconnected()
-
-def suite_b_192_rsa_ap_params():
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              "tls_flags": "[SUITEB]",
-              "dh_file": "auth_serv/dh_param_3072.pem",
-              "eap_server": "1",
-              "eap_user_file": "auth_serv/eap_user.conf",
-              "ca_cert": "auth_serv/rsa3072-ca.pem",
-              "server_cert": "auth_serv/rsa3072-server.pem",
-              "private_key": "auth_serv/rsa3072-server.key"}
-    return params
-
-def test_suite_b_192_rsa(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA"""
-    run_suite_b_192_rsa(dev, apdev)
-
-def test_suite_b_192_rsa_ecdhe(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA (ECDHE)"""
-    run_suite_b_192_rsa(dev, apdev, no_dhe=True)
-
-def test_suite_b_192_rsa_dhe(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA (DHE)"""
-    run_suite_b_192_rsa(dev, apdev, no_ecdh=True)
-
-def run_suite_b_192_rsa(dev, apdev, no_ecdh=False, no_dhe=False):
-    check_suite_b_192_capa(dev, dhe=no_ecdh)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_rsa_ap_params()
-    if no_ecdh:
-        params["tls_flags"] = "[SUITEB-NO-ECDH]"
-    if no_dhe:
-        del params["dh_file"]
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   phase1="tls_suiteb=1",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/rsa3072-ca.pem",
-                   client_cert="auth_serv/rsa3072-user.pem",
-                   private_key="auth_serv/rsa3072-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-    tls_cipher = dev[0].get_status_field("EAP TLS cipher")
-    if tls_cipher != "ECDHE-RSA-AES256-GCM-SHA384" and \
-       tls_cipher != "DHE-RSA-AES256-GCM-SHA384" and \
-       tls_cipher != "ECDHE-RSA-AES-256-GCM-AEAD" and \
-       tls_cipher != "DHE-RSA-AES-256-GCM-AEAD":
-        raise Exception("Unexpected TLS cipher: " + tls_cipher)
-    cipher = dev[0].get_status_field("mgmt_group_cipher")
-    if cipher != "BIP-GMAC-256":
-        raise Exception("Unexpected mgmt_group_cipher: " + cipher)
-
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WPA2-EAP-SUITE-B-192-GCMP-256]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-    hapd.wait_sta()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected(timeout=20)
-    dev[0].dump_monitor()
-    dev[0].request("RECONNECT")
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-
-    conf = hapd.get_config()
-    if conf['key_mgmt'] != 'WPA-EAP-SUITE-B-192':
-        raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
-
-def test_suite_b_192_rsa_insufficient_key(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient key length"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_rsa_ap_params()
-    params["ca_cert"] = "auth_serv/ca.pem"
-    params["server_cert"] = "auth_serv/server.pem"
-    params["private_key"] = "auth_serv/server.key"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   phase1="tls_suiteb=1",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ca.pem",
-                   client_cert="auth_serv/user.pem",
-                   private_key="auth_serv/user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("Certificate error not reported")
-    if "reason=11" in ev and "err='Insufficient RSA modulus size'" in ev:
-        return
-    if "reason=7" in ev and "err='certificate uses insecure algorithm'" in ev:
-        return
-    raise Exception("Unexpected error reason: " + ev)
-
-def test_suite_b_192_rsa_insufficient_dh(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient DH key length"""
-    check_suite_b_192_capa(dev, dhe=True)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_rsa_ap_params()
-    params["tls_flags"] = "[SUITEB-NO-ECDH]"
-    params["dh_file"] = "auth_serv/dh.conf"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   phase1="tls_suiteb=1",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/rsa3072-ca.pem",
-                   client_cert="auth_serv/rsa3072-user.pem",
-                   private_key="auth_serv/rsa3072-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='local TLS alert'",
-                            "CTRL-EVENT-CONNECTED"],
-                           timeout=10)
-    dev[0].request("DISCONNECT")
-    if ev is None:
-        raise Exception("DH error not reported")
-    if "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection")
-    if "insufficient security" not in ev and "internal error" not in ev:
-        raise Exception("Unexpected error reason: " + ev)
-
-def test_suite_b_192_rsa_radius(dev, apdev):
-    """WPA2/GCMP-256 (RADIUS) connection at Suite B 192-bit level and RSA (ECDHE)"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/rsa3072-ca.pem'
-    params['server_cert'] = 'auth_serv/rsa3072-server.pem'
-    params['private_key'] = 'auth_serv/rsa3072-server.key'
-    del params['openssl_ciphers']
-    params["tls_flags"] = "[SUITEB]"
-
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "18129",
-              'auth_server_shared_secret': "radius",
-              'nas_identifier': "nas.w1.fi"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384",
-                   phase1="tls_suiteb=1",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/rsa3072-ca.pem",
-                   client_cert="auth_serv/rsa3072-user.pem",
-                   private_key="auth_serv/rsa3072-user.key",
-                   pairwise="GCMP-256", group="GCMP-256",
-                   group_mgmt="BIP-GMAC-256", scan_freq="2412")
-    tls_cipher = dev[0].get_status_field("EAP TLS cipher")
-    if tls_cipher != "ECDHE-RSA-AES256-GCM-SHA384" and \
-       tls_cipher != "ECDHE-RSA-AES-256-GCM-AEAD":
-        raise Exception("Unexpected TLS cipher: " + tls_cipher)
-
-def test_suite_b_192_rsa_ecdhe_radius_rsa2048_client(dev, apdev):
-    """Suite B 192-bit level and RSA (ECDHE) and RSA2048 client"""
-    run_suite_b_192_rsa_radius_rsa2048_client(dev, apdev, True)
-
-def test_suite_b_192_rsa_dhe_radius_rsa2048_client(dev, apdev):
-    """Suite B 192-bit level and RSA (DHE) and RSA2048 client"""
-    run_suite_b_192_rsa_radius_rsa2048_client(dev, apdev, False)
-
-def run_suite_b_192_rsa_radius_rsa2048_client(dev, apdev, ecdhe):
-    check_suite_b_192_capa(dev, dhe=not ecdhe)
-    dev[0].flush_scan_cache()
-    params = suite_b_as_params()
-    params['ca_cert'] = 'auth_serv/rsa3072-ca.pem'
-    params['server_cert'] = 'auth_serv/rsa3072-server.pem'
-    params['private_key'] = 'auth_serv/rsa3072-server.key'
-    del params['openssl_ciphers']
-    if ecdhe:
-        params["tls_flags"] = "[SUITEB]"
-        ciphers = "ECDHE-RSA-AES256-GCM-SHA384"
-    else:
-        params["tls_flags"] = "[SUITEB-NO-ECDH]"
-        params["dh_file"] = "auth_serv/dh_param_3072.pem"
-        ciphers = "DHE-RSA-AES256-GCM-SHA384"
-
-    hostapd.add_ap(apdev[1], params)
-
-    params = {"ssid": "test-suite-b",
-              "wpa": "2",
-              "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
-              "rsn_pairwise": "GCMP-256",
-              "group_mgmt_cipher": "BIP-GMAC-256",
-              "ieee80211w": "2",
-              "ieee8021x": "1",
-              'auth_server_addr': "127.0.0.1",
-              'auth_server_port': "18129",
-              'auth_server_shared_secret': "radius",
-              'nas_identifier': "nas.w1.fi"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   openssl_ciphers=ciphers,
-                   phase1="tls_suiteb=1",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/rsa3072-ca.pem",
-                   client_cert="auth_serv/rsa3072-user-rsa2048.pem",
-                   private_key="auth_serv/rsa3072-user-rsa2048.key",
-                   pairwise="GCMP-256", group="GCMP-256",
-                   group_mgmt="BIP-GMAC-256", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP-Failure not reported")
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("Disconnection not reported")
-    if "reason=23" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_openssl_ecdh_curves(dev, apdev):
-    """OpenSSL ECDH curve configuration"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_ap_params()
-    params['wpa_key_mgmt'] = "WPA-EAP"
-    del params['openssl_ciphers']
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP",
-                   ieee80211w="2",
-                   openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user.pem",
-                   private_key="auth_serv/ec2-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    hapd.disable()
-    hapd.set('openssl_ecdh_curves', 'foo')
-    if "FAIL" not in hapd.request("ENABLE"):
-        raise Exception("Invalid openssl_ecdh_curves value accepted")
-    hapd.set('openssl_ecdh_curves', 'P-384')
-    hapd.enable()
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP",
-                   ieee80211w="2",
-                   openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user.pem",
-                   private_key="auth_serv/ec2-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    # Check with server enforcing P-256 and client allowing only P-384
-    hapd.disable()
-    hapd.set('openssl_ecdh_curves', 'P-256')
-    hapd.enable()
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP",
-                   ieee80211w="2",
-                   openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user.pem",
-                   private_key="auth_serv/ec2-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
-                   wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
-    if ev is None:
-        raise Exception("EAP failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-def test_suite_b_192_pmksa_caching_roam(dev, apdev):
-    """WPA2/GCMP-256 connection at Suite B 192-bit level using PMKSA caching and roaming"""
-    check_suite_b_192_capa(dev)
-    dev[0].flush_scan_cache()
-    params = suite_b_192_ap_params()
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = hapd.own_addr()
-
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
-                   ieee80211w="2",
-                   openssl_ciphers="SUITEB192",
-                   eap="TLS", identity="tls user",
-                   ca_cert="auth_serv/ec2-ca.pem",
-                   client_cert="auth_serv/ec2-user.pem",
-                   private_key="auth_serv/ec2-user.key",
-                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
-    ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=5)
-    if ev is None:
-        raise Exception("PMKSA cache entry not added for AP1")
-    hapd.wait_sta()
-    dev[0].dump_monitor()
-
-    hapd2 = hostapd.add_ap(apdev[1], params)
-    bssid2 = hapd2.own_addr()
-    dev[0].scan_for_bss(bssid2, freq=2412)
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" not in ev:
-        raise Exception("EAP exchange not seen")
-    ev = dev[0].wait_connected()
-    if bssid2 not in ev:
-        raise Exception("Roam to AP2 connected back to AP1")
-    ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=5)
-    if ev is None:
-        raise Exception("PMKSA cache entry not added for AP2")
-    hapd2.wait_sta()
-    dev[0].dump_monitor()
-
-    dev[0].request("ROAM " + bssid)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if bssid not in ev:
-        raise Exception("Roam to AP1 connected back to AP2")
-    hapd.wait_sta()
-    dev[0].dump_monitor()
-
-    dev[0].request("ROAM " + bssid2)
-    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
-                            "CTRL-EVENT-CONNECTED"], timeout=20)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    if bssid2 not in ev:
-        raise Exception("Second roam to AP2 connected back to AP1")
-    hapd2.wait_sta()
-    dev[0].dump_monitor()
diff --git a/tests/hwsim/test_tnc.py b/tests/hwsim/test_tnc.py
deleted file mode 100644
index 0c444bb7ce5e..000000000000
--- a/tests/hwsim/test_tnc.py
+++ /dev/null
@@ -1,194 +0,0 @@
-# -*- coding: utf-8 -*-
-# TNC tests
-# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os.path
-
-import hostapd
-from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger
-from test_ap_eap import int_eap_server_params, check_eap_capa
-
-def test_tnc_peap_soh(dev, apdev):
-    """TNC PEAP-SoH"""
-    params = int_eap_server_params()
-    params["tnc"] = "1"
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PEAP", identity="user", password="password",
-                   ca_cert="auth_serv/ca.pem",
-                   phase1="peapver=0 tnc=soh cryptobinding=0",
-                   phase2="auth=MSCHAPV2",
-                   scan_freq="2412", wait_connect=False)
-    dev[0].wait_connected(timeout=10)
-
-    dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PEAP", identity="user", password="password",
-                   ca_cert="auth_serv/ca.pem",
-                   phase1="peapver=0 tnc=soh1 cryptobinding=1",
-                   phase2="auth=MSCHAPV2",
-                   scan_freq="2412", wait_connect=False)
-    dev[1].wait_connected(timeout=10)
-
-    dev[2].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="PEAP", identity="user", password="password",
-                   ca_cert="auth_serv/ca.pem",
-                   phase1="peapver=0 tnc=soh2 cryptobinding=2",
-                   phase2="auth=MSCHAPV2",
-                   scan_freq="2412", wait_connect=False)
-    dev[2].wait_connected(timeout=10)
-
-def test_tnc_peap_soh_errors(dev, apdev):
-    """TNC PEAP-SoH local error cases"""
-    params = int_eap_server_params()
-    params["tnc"] = "1"
-    hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "tncc_build_soh"),
-             (1, "eap_msg_alloc;=eap_peap_phase2_request")]
-    for count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           eap="PEAP", identity="user", password="password",
-                           ca_cert="auth_serv/ca.pem",
-                           phase1="peapver=0 tnc=soh cryptobinding=0",
-                           phase2="auth=MSCHAPV2",
-                           scan_freq="2412", wait_connect=False)
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-
-    with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"):
-        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                       eap="PEAP", identity="user", password="password",
-                       ca_cert="auth_serv/ca.pem",
-                       phase1="peapver=0 tnc=soh cryptobinding=0",
-                       phase2="auth=MSCHAPV2",
-                       scan_freq="2412", wait_connect=False)
-        wait_fail_trigger(dev[0], "GET_FAIL")
-        dev[0].request("REMOVE_NETWORK all")
-        dev[0].wait_disconnected()
-
-def test_tnc_ttls(dev, apdev):
-    """TNC TTLS"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_eap_server_params()
-    params["tnc"] = "1"
-    hostapd.add_ap(apdev[0], params)
-
-    if not os.path.exists("tnc/libhostap_imc.so"):
-        raise HwsimSkip("No IMC installed")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="TTLS", identity="DOMAIN\mschapv2 user",
-                   anonymous_identity="ttls", password="password",
-                   phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem",
-                   scan_freq="2412", wait_connect=False)
-    dev[0].wait_connected(timeout=10)
-
-def test_tnc_ttls_fragmentation(dev, apdev):
-    """TNC TTLS with fragmentation"""
-    check_eap_capa(dev[0], "MSCHAPV2")
-    params = int_eap_server_params()
-    params["tnc"] = "1"
-    params["fragment_size"] = "150"
-    hostapd.add_ap(apdev[0], params)
-
-    if not os.path.exists("tnc/libhostap_imc.so"):
-        raise HwsimSkip("No IMC installed")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="TTLS", identity="DOMAIN\mschapv2 user",
-                   anonymous_identity="ttls", password="password",
-                   phase2="auth=MSCHAPV2",
-                   ca_cert="auth_serv/ca.pem",
-                   fragment_size="150",
-                   scan_freq="2412", wait_connect=False)
-    dev[0].wait_connected(timeout=10)
-
-def test_tnc_ttls_errors(dev, apdev):
-    """TNC TTLS local error cases"""
-    if not os.path.exists("tnc/libhostap_imc.so"):
-        raise HwsimSkip("No IMC installed")
-    check_eap_capa(dev[0], "MSCHAPV2")
-
-    params = int_eap_server_params()
-    params["tnc"] = "1"
-    params["fragment_size"] = "150"
-    hostapd.add_ap(apdev[0], params)
-
-    tests = [(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
-              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
-             (1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
-              "mschap user", "auth=MSCHAP"),
-             (1, "=eap_tnc_init", "chap user", "auth=CHAP"),
-             (1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"),
-             (1, "eap_msg_alloc;eap_tnc_build_frag_ack",
-              "pap user", "auth=PAP"),
-             (1, "eap_msg_alloc;eap_tnc_build_msg",
-              "pap user", "auth=PAP"),
-             (1, "wpabuf_alloc;=eap_tnc_process_fragment",
-              "pap user", "auth=PAP"),
-             (1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
-             (1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
-             (1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"),
-             (1, "tncc_get_base64;tncc_process_if_tnccs",
-              "pap user", "auth=PAP"),
-             (1, "tncc_if_tnccs_start", "pap user", "auth=PAP"),
-             (1, "tncc_if_tnccs_end", "pap user", "auth=PAP"),
-             (1, "tncc_parse_imc", "pap user", "auth=PAP"),
-             (2, "tncc_parse_imc", "pap user", "auth=PAP"),
-             (3, "tncc_parse_imc", "pap user", "auth=PAP"),
-             (1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"),
-             (1, "tncc_init", "pap user", "auth=PAP"),
-             (1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"),
-             (1, "base64_gen_encode;?base64_encode;TNC_TNCC_SendMessage",
-              "pap user", "auth=PAP"),
-             (1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
-             (1, "tncc_get_base64;tncc_process_if_tnccs",
-              "pap user", "auth=PAP")]
-    for count, func, identity, phase2 in tests:
-        with alloc_fail(dev[0], count, func):
-            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                           scan_freq="2412",
-                           eap="TTLS", anonymous_identity="ttls",
-                           identity=identity, password="password",
-                           ca_cert="auth_serv/ca.pem", phase2=phase2,
-                           fragment_size="150", wait_connect=False)
-            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
-                                   timeout=15)
-            if ev is None:
-                raise Exception("Timeout on EAP start")
-            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL",
-                              note="Allocation failure not triggered for: %d:%s" % (count, func))
-            dev[0].request("REMOVE_NETWORK all")
-            dev[0].wait_disconnected()
-            dev[0].dump_monitor()
-
-def test_tnc_fast(dev, apdev):
-    """TNC FAST"""
-    check_eap_capa(dev[0], "FAST")
-    params = int_eap_server_params()
-    params["tnc"] = "1"
-    params["pac_opaque_encr_key"] = "000102030405060708090a0b0c0d0e00"
-    params["eap_fast_a_id"] = "101112131415161718191a1b1c1d1e00"
-    params["eap_fast_a_id_info"] = "test server2"
-
-    hostapd.add_ap(apdev[0], params)
-
-    if not os.path.exists("tnc/libhostap_imc.so"):
-        raise HwsimSkip("No IMC installed")
-
-    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
-                   eap="FAST", identity="user",
-                   anonymous_identity="FAST", password="password",
-                   phase2="auth=GTC",
-                   phase1="fast_provisioning=2",
-                   pac_file="blob://fast_pac_auth_tnc",
-                   ca_cert="auth_serv/ca.pem",
-                   scan_freq="2412", wait_connect=False)
-    dev[0].wait_connected(timeout=10)
diff --git a/tests/hwsim/test_wep.py b/tests/hwsim/test_wep.py
deleted file mode 100644
index 5c1fc9adb490..000000000000
--- a/tests/hwsim/test_wep.py
+++ /dev/null
@@ -1,172 +0,0 @@
-# WEP tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import subprocess
-
-from remotehost import remote_compatible
-import hostapd
-import hwsim_utils
-from utils import *
-
-@remote_compatible
-def test_wep_open_auth(dev, apdev):
-    """WEP Open System authentication"""
-    check_wep_capa(dev[0])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-open",
-                           "wep_key0": '"hello"'})
-    dev[0].flush_scan_cache()
-    dev[0].connect("wep-open", key_mgmt="NONE", wep_key0='"hello"',
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    if "[WEP]" not in dev[0].request("SCAN_RESULTS"):
-        raise Exception("WEP flag not indicated in scan results")
-
-    bss = dev[0].get_bss(apdev[0]['bssid'])
-    if 'flags' not in bss:
-        raise Exception("Could not get BSS flags from BSS table")
-    if "[WEP]" not in bss['flags']:
-        raise Exception("Unexpected BSS flags: " + bss['flags'])
-
-@remote_compatible
-def test_wep_shared_key_auth(dev, apdev):
-    """WEP Shared Key authentication"""
-    check_wep_capa(dev[0])
-    check_wep_capa(dev[1])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-shared-key",
-                           "wep_key0": '"hello12345678"',
-                           "auth_algs": "2"})
-    dev[0].connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                   wep_key0='"hello12345678"',
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[1].connect("wep-shared-key", key_mgmt="NONE", auth_alg="OPEN SHARED",
-                   wep_key0='"hello12345678"',
-                   scan_freq="2412")
-
-@remote_compatible
-def test_wep_shared_key_auth_not_allowed(dev, apdev):
-    """WEP Shared Key authentication not allowed"""
-    check_wep_capa(dev[0])
-    hostapd.add_ap(apdev[0],
-                   {"ssid": "wep-shared-key",
-                    "wep_key0": '"hello12345678"',
-                    "auth_algs": "1"})
-    dev[0].connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                   wep_key0='"hello12345678"',
-                   scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected association")
-
-def test_wep_shared_key_auth_multi_key(dev, apdev):
-    """WEP Shared Key authentication with multiple keys"""
-    check_wep_capa(dev[0])
-    check_wep_capa(dev[1])
-    check_wep_capa(dev[2])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-shared-key",
-                           "wep_key0": '"hello12345678"',
-                           "wep_key1": '"other12345678"',
-                           "auth_algs": "2"})
-    dev[0].connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                   wep_key0='"hello12345678"',
-                   scan_freq="2412")
-    dev[1].connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                   wep_key0='"hello12345678"',
-                   wep_key1='"other12345678"',
-                   wep_tx_keyidx="1",
-                   scan_freq="2412")
-    id = dev[2].connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                        wep_key0='"hello12345678"',
-                        wep_key1='"other12345678"',
-                        wep_tx_keyidx="0",
-                        scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    hwsim_utils.test_connectivity(dev[1], hapd)
-    hwsim_utils.test_connectivity(dev[2], hapd)
-
-    dev[2].set_network(id, "wep_tx_keyidx", "1")
-    dev[2].request("REASSOCIATE")
-    dev[2].wait_connected(timeout=10, error="Reassociation timed out")
-    hwsim_utils.test_connectivity(dev[2], hapd)
-
-def test_wep_ht_vht(dev, apdev):
-    """WEP and HT/VHT"""
-    check_wep_capa(dev[0])
-    dev[0].flush_scan_cache()
-    try:
-        hapd = None
-        params = {"ssid": "test-vht40-wep",
-                  "country_code": "SE",
-                  "hw_mode": "a",
-                  "channel": "36",
-                  "ieee80211n": "1",
-                  "ieee80211ac": "1",
-                  "ht_capab": "[HT40+]",
-                  "vht_capab": "",
-                  "vht_oper_chwidth": "0",
-                  "vht_oper_centr_freq_seg0_idx": "0",
-                  "wep_key0": '"hello"'}
-        hapd = hostapd.add_ap(apdev[0], params)
-        dev[0].connect("test-vht40-wep", scan_freq="5180", key_mgmt="NONE",
-                       wep_key0='"hello"')
-        hwsim_utils.test_connectivity(dev[0], hapd)
-        status = hapd.get_status()
-        logger.info("hostapd STATUS: " + str(status))
-        if status["ieee80211n"] != "0":
-            raise Exception("Unexpected STATUS ieee80211n value")
-        if status["ieee80211ac"] != "0":
-            raise Exception("Unexpected STATUS ieee80211ac value")
-        if status["secondary_channel"] != "0":
-            raise Exception("Unexpected STATUS secondary_channel value")
-    finally:
-        dev[0].request("DISCONNECT")
-        clear_regdom(hapd, dev)
-
-def test_wep_he(dev, apdev):
-    """WEP and HE"""
-    check_wep_capa(dev[0])
-    dev[0].flush_scan_cache()
-    params = {"ssid": "test-he-wep",
-              "ieee80211ax": "1",
-              "wep_key0": '"hello"'}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("test-he-wep", scan_freq="2412", key_mgmt="NONE",
-                   wep_key0='"hello"')
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    status = hapd.get_status()
-    logger.info("hostapd STATUS: " + str(status))
-    if status["ieee80211ax"] != "0":
-        raise Exception("Unexpected STATUS ieee80211ax value")
-
-def test_wep_ifdown(dev, apdev):
-    """AP with WEP and external ifconfig down"""
-    check_wep_capa(dev[0])
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-open",
-                           "wep_key0": '"hello"'})
-    dev[0].flush_scan_cache()
-    id = dev[0].connect("wep-open", key_mgmt="NONE", wep_key0='"hello"',
-                        scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
-    ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No INTERFACE-DISABLED event")
-    hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
-    ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
-    if ev is None:
-        raise Exception("No INTERFACE-ENABLED event")
-    dev[0].select_network(id, freq=2412)
-    dev[0].wait_connected()
-    hwsim_utils.test_connectivity(dev[0], hapd)
diff --git a/tests/hwsim/test_wext.py b/tests/hwsim/test_wext.py
deleted file mode 100644
index e14eecedeb1a..000000000000
--- a/tests/hwsim/test_wext.py
+++ /dev/null
@@ -1,254 +0,0 @@
-# Deprecated WEXT driver interface in wpa_supplicant
-# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os
-
-import hostapd
-import hwsim_utils
-from wpasupplicant import WpaSupplicant
-from utils import *
-from test_rfkill import get_rfkill
-
-def get_wext_interface():
-    if not os.path.exists("/proc/net/wireless"):
-        raise HwsimSkip("WEXT support not included in the kernel")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    try:
-        wpas.interface_add("wlan5", driver="wext")
-    except Exception as e:
-        wpas.close_ctrl()
-        raise HwsimSkip("WEXT driver support not included in wpa_supplicant")
-    return wpas
-
-def test_wext_open(dev, apdev):
-    """WEXT driver interface with open network"""
-    wpas = get_wext_interface()
-
-    params = {"ssid": "wext-open"}
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas.connect("wext-open", key_mgmt="NONE")
-    hwsim_utils.test_connectivity(wpas, hapd)
-
-def test_wext_wpa2_psk(dev, apdev):
-    """WEXT driver interface with WPA2-PSK"""
-    wpas = get_wext_interface()
-
-    params = hostapd.wpa2_params(ssid="wext-wpa2-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas.connect("wext-wpa2-psk", psk="12345678")
-    hwsim_utils.test_connectivity(wpas, hapd)
-    if "RSSI=" not in wpas.request("SIGNAL_POLL"):
-        raise Exception("Missing RSSI from SIGNAL_POLL")
-
-    wpas.dump_monitor()
-    hapd.request("DEAUTHENTICATE " + wpas.p2p_interface_addr())
-    wpas.wait_disconnected(timeout=15)
-
-def test_wext_wpa_psk(dev, apdev):
-    """WEXT driver interface with WPA-PSK"""
-    skip_with_fips(dev[0])
-    skip_without_tkip(dev[0])
-    wpas = get_wext_interface()
-
-    params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
-    if not os.path.exists(testfile):
-        wpas.close_ctrl()
-        raise HwsimSkip("tkip_mic_test not supported in mac80211")
-
-    wpas.connect("wext-wpa-psk", psk="12345678")
-    hwsim_utils.test_connectivity(wpas, hapd)
-
-    with open(testfile, "w") as f:
-        f.write(wpas.p2p_interface_addr())
-    ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected disconnection on first Michael MIC failure")
-
-    with open(testfile, "w") as f:
-        f.write("ff:ff:ff:ff:ff:ff")
-    ev = wpas.wait_disconnected(timeout=10,
-                                error="No disconnection after two Michael MIC failures")
-    if "reason=14 locally_generated=1" not in ev:
-        raise Exception("Unexpected disconnection reason: " + ev)
-
-def test_wext_pmksa_cache(dev, apdev):
-    """PMKSA caching with WEXT"""
-    wpas = get_wext_interface()
-
-    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
-    hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    wpas.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
-                   eap="GPSK", identity="gpsk user",
-                   password="abcdefghijklmnop0123456789abcdef",
-                   scan_freq="2412")
-    pmksa = wpas.get_pmksa(bssid)
-    if pmksa is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    hostapd.add_ap(apdev[1], params)
-    bssid2 = apdev[1]['bssid']
-
-    wpas.dump_monitor()
-    logger.info("Roam to AP2")
-    # It can take some time for the second AP to become ready to reply to Probe
-    # Request frames especially under heavy CPU load, so allow couple of rounds
-    # of scanning to avoid reporting errors incorrectly just because of scans
-    # not having seen the target AP.
-    for i in range(3):
-        wpas.scan()
-        if wpas.get_bss(bssid2) is not None:
-            break
-        logger.info("Scan again to find target AP")
-    wpas.request("ROAM " + bssid2)
-    ev = wpas.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
-    if ev is None:
-        raise Exception("EAP success timed out")
-    wpas.wait_connected(timeout=10, error="Roaming timed out")
-    pmksa2 = wpas.get_pmksa(bssid2)
-    if pmksa2 is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa2['opportunistic'] != '0':
-        raise Exception("Unexpected opportunistic PMKSA cache entry")
-
-    wpas.dump_monitor()
-    logger.info("Roam back to AP1")
-    wpas.scan()
-    wpas.request("ROAM " + bssid)
-    ev = wpas.wait_event(["CTRL-EVENT-EAP-STARTED",
-                          "CTRL-EVENT-CONNECTED"], timeout=15)
-    if ev is None:
-        raise Exception("Roaming with the AP timed out")
-    if "CTRL-EVENT-EAP-STARTED" in ev:
-        raise Exception("Unexpected EAP exchange")
-    pmksa1b = wpas.get_pmksa(bssid)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry found")
-    if pmksa['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("Unexpected PMKID change for AP1")
-
-    wpas.dump_monitor()
-    if "FAIL" in wpas.request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-    if wpas.get_pmksa(bssid) is not None or wpas.get_pmksa(bssid2) is not None:
-        raise Exception("PMKSA_FLUSH did not remove PMKSA entries")
-    wpas.wait_disconnected(timeout=5)
-    wpas.wait_connected(timeout=15, error="Reconnection timed out")
-
-def test_wext_wep_open_auth(dev, apdev):
-    """WEP Open System authentication"""
-    wpas = get_wext_interface()
-    check_wep_capa(wpas)
-
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-open",
-                           "wep_key0": '"hello"'})
-    wpas.connect("wep-open", key_mgmt="NONE", wep_key0='"hello"',
-                 scan_freq="2412")
-    hwsim_utils.test_connectivity(wpas, hapd)
-    if "[WEP]" not in wpas.request("SCAN_RESULTS"):
-        raise Exception("WEP flag not indicated in scan results")
-
-def test_wext_wep_shared_key_auth(dev, apdev):
-    """WEP Shared Key authentication"""
-    wpas = get_wext_interface()
-    check_wep_capa(wpas)
-
-    hapd = hostapd.add_ap(apdev[0],
-                          {"ssid": "wep-shared-key",
-                           "wep_key0": '"hello12345678"',
-                           "auth_algs": "2"})
-    wpas.connect("wep-shared-key", key_mgmt="NONE", auth_alg="SHARED",
-                 wep_key0='"hello12345678"', scan_freq="2412")
-    hwsim_utils.test_connectivity(wpas, hapd)
-    wpas.request("REMOVE_NETWORK all")
-    wpas.wait_disconnected(timeout=5)
-    wpas.connect("wep-shared-key", key_mgmt="NONE", auth_alg="OPEN SHARED",
-                 wep_key0='"hello12345678"', scan_freq="2412")
-
-def test_wext_pmf(dev, apdev):
-    """WEXT driver interface with WPA2-PSK and PMF"""
-    wpas = get_wext_interface()
-
-    params = hostapd.wpa2_params(ssid="wext-wpa2-psk", passphrase="12345678")
-    params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-    params["ieee80211w"] = "2"
-    hapd = hostapd.add_ap(apdev[0], params)
-
-    wpas.connect("wext-wpa2-psk", psk="12345678", ieee80211w="1",
-                 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
-                 scan_freq="2412")
-    hwsim_utils.test_connectivity(wpas, hapd)
-
-    addr = wpas.p2p_interface_addr()
-    hapd.request("DEAUTHENTICATE " + addr)
-    wpas.wait_disconnected(timeout=5)
-
-def test_wext_scan_hidden(dev, apdev):
-    """WEXT with hidden SSID"""
-    wpas = get_wext_interface()
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan",
-                                     "ignore_broadcast_ssid": "1"})
-    hapd2 = hostapd.add_ap(apdev[1], {"ssid": "test-scan2",
-                                      "ignore_broadcast_ssid": "1"})
-
-    id1 = wpas.connect("test-scan", key_mgmt="NONE", scan_ssid="1",
-                       only_add_network=True)
-
-    wpas.request("SCAN scan_id=%d" % id1)
-
-    ev = wpas.wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=15)
-    if ev is None:
-        raise Exception("Scan did not complete")
-
-    if "test-scan" not in wpas.request("SCAN_RESULTS"):
-        raise Exception("Did not find hidden SSID in scan")
-
-    id = wpas.connect("test-scan2", key_mgmt="NONE", scan_ssid="1",
-                      only_add_network=True)
-    wpas.connect_network(id, timeout=30)
-    wpas.request("DISCONNECT")
-    hapd2.disable()
-    hapd.disable()
-    wpas.interface_remove("wlan5")
-    wpas.interface_add("wlan5")
-    wpas.flush_scan_cache(freq=2412)
-    wpas.flush_scan_cache()
-
-def test_wext_rfkill(dev, apdev):
-    """WEXT and rfkill block/unblock"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    rfk = get_rfkill(wpas)
-    wpas.interface_remove("wlan5")
-
-    wpas = get_wext_interface()
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-    try:
-        logger.info("rfkill block")
-        rfk.block()
-        wpas.wait_disconnected(timeout=10,
-                               error="Missing disconnection event on rfkill block")
-
-        logger.info("rfkill unblock")
-        rfk.unblock()
-        wpas.wait_connected(timeout=20,
-                            error="Missing connection event on rfkill unblock")
-        hwsim_utils.test_connectivity(wpas, hapd)
-    finally:
-        rfk.unblock()
diff --git a/tests/hwsim/test_wmediumd.py b/tests/hwsim/test_wmediumd.py
deleted file mode 100644
index 8243e7ce37d7..000000000000
--- a/tests/hwsim/test_wmediumd.py
+++ /dev/null
@@ -1,480 +0,0 @@
-# wmediumd validity checks
-# Copyright (c) 2015, Intel Deutschland GmbH
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import tempfile, os, subprocess, errno, hwsim_utils, time
-from utils import HwsimSkip
-from wpasupplicant import WpaSupplicant
-from tshark import run_tshark
-from test_ap_open import _test_ap_open
-from test_scan import test_scan_only_one as _test_scan_only_one
-from test_wpas_mesh import check_mesh_support, check_mesh_group_added
-from test_wpas_mesh import check_mesh_peer_connected, add_open_mesh_network
-from test_wpas_mesh import check_mesh_group_removed
-
-class LocalVariables:
-    revs = []
-
-CFG = """
-ifaces :
-{
-    ids = ["%s", "%s"]
-    links = (
-        (0, 1, 30)
-    )
-}
-"""
-
-CFG2 = """
-ifaces :
-{
-    ids = ["%s", "%s", "%s"]
-}
-
-model:
-{
-    type = "prob"
-
-    links = (
-        (0, 1, 0.000000),
-        (0, 2, 0.000000),
-        (1, 2, 1.000000)
-    )
-}
-"""
-
-CFG3 = """
-ifaces :
-{
-    ids = ["%s", "%s", "%s", "%s", "%s"]
-}
-
-model:
-{
-    type = "prob"
-
-    default_prob = 1.0
-    links = (
-        (0, 1, 0.000000),
-        (1, 2, 0.000000),
-        (2, 3, 0.000000),
-        (3, 4, 0.000000)
-    )
-}
-"""
-
-def get_wmediumd_version():
-    if len(LocalVariables.revs) > 0:
-        return LocalVariables.revs
-
-    try:
-        verstr = subprocess.check_output(['wmediumd', '-V']).decode()
-    except OSError as e:
-        if e.errno == errno.ENOENT:
-            raise HwsimSkip('wmediumd not available')
-        raise
-
-    vernum = verstr.split(' ')[1][1:]
-    LocalVariables.revs = vernum.split('.')
-    for i in range(0, len(LocalVariables.revs)):
-        LocalVariables.revs[i] = int(LocalVariables.revs[i])
-    while len(LocalVariables.revs) < 3:
-        LocalVariables.revs += [0]
-
-    return LocalVariables.revs
-
-def require_wmediumd_version(major, minor, patch):
-    revs = get_wmediumd_version()
-    if revs[0] < major or revs[1] < minor or revs[2] < patch:
-        raise HwsimSkip('wmediumd v%s.%s.%s is too old for this test' %
-                        (revs[0], revs[1], revs[2]))
-
-def output_wmediumd_log(p, params, data):
-    log_file = open(os.path.abspath(os.path.join(params['logdir'],
-                                                 'wmediumd.log')), 'a')
-    log_file.write(data)
-    log_file.close()
-
-def start_wmediumd(fn, params):
-    try:
-        p = subprocess.Popen(['wmediumd', '-c', fn],
-                             stdout=subprocess.PIPE,
-                             stderr=subprocess.STDOUT)
-    except OSError as e:
-        if e.errno == errno.ENOENT:
-            raise HwsimSkip('wmediumd not available')
-        raise
-
-    logs = ''
-    while True:
-        line = p.stdout.readline().decode()
-        if not line:
-            output_wmediumd_log(p, params, logs)
-            raise Exception('wmediumd was terminated unexpectedly')
-        if line.find('REGISTER SENT!') > -1:
-            break
-        logs += line
-    return p
-
-def stop_wmediumd(p, params):
-    p.terminate()
-    p.wait()
-    stdoutdata, stderrdata = p.communicate()
-    output_wmediumd_log(p, params, stdoutdata.decode())
-
-def test_wmediumd_simple(dev, apdev, params):
-    """test a simple wmediumd configuration"""
-    fd, fn = tempfile.mkstemp()
-    try:
-        f = os.fdopen(fd, 'w')
-        f.write(CFG % (apdev[0]['bssid'], dev[0].own_addr()))
-        f.close()
-        p = start_wmediumd(fn, params)
-        try:
-            _test_ap_open(dev, apdev)
-        finally:
-            stop_wmediumd(p, params)
-        # test that releasing hwsim works correctly
-        _test_ap_open(dev, apdev)
-    finally:
-        os.unlink(fn)
-
-def test_wmediumd_path_simple(dev, apdev, params):
-    """test a mesh path"""
-    # 0 and 1 is connected
-    # 0 and 2 is connected
-    # 1 and 2 is not connected
-    # 1 --- 0 --- 2
-    # |           |
-    # +-----X-----+
-    # This tests if 1 and 2 can communicate each other via 0.
-    require_wmediumd_version(0, 3, 1)
-    fd, fn = tempfile.mkstemp()
-    try:
-        f = os.fdopen(fd, 'w')
-        f.write(CFG2 % (dev[0].own_addr(), dev[1].own_addr(),
-                        dev[2].own_addr()))
-        f.close()
-        p = start_wmediumd(fn, params)
-        try:
-            _test_wmediumd_path_simple(dev, apdev)
-        finally:
-            stop_wmediumd(p, params)
-    finally:
-        os.unlink(fn)
-
-def _test_wmediumd_path_simple(dev, apdev):
-    for i in range(0, 3):
-        check_mesh_support(dev[i])
-        add_open_mesh_network(dev[i], freq="2462", basic_rates="60 120 240")
-
-    # Check for mesh joined
-    for i in range(0, 3):
-        check_mesh_group_added(dev[i])
-
-        state = dev[i].get_status_field("wpa_state")
-        if state != "COMPLETED":
-            raise Exception("Unexpected wpa_state on dev" + str(i) + ": " + state)
-
-        mode = dev[i].get_status_field("mode")
-        if mode != "mesh":
-            raise Exception("Unexpected mode: " + mode)
-
-    # Check for peer connected
-    check_mesh_peer_connected(dev[0])
-    check_mesh_peer_connected(dev[0])
-    check_mesh_peer_connected(dev[1])
-    check_mesh_peer_connected(dev[2])
-
-    # Test connectivity 1->2 and 2->1
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-
-    # Check mpath table on 0
-    res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev0")
-    if data.find(dev[1].own_addr() + ' ' +  dev[1].own_addr()) == -1 or \
-       data.find(dev[2].own_addr() + ' ' +  dev[2].own_addr()) == -1:
-        raise Exception("mpath not found on dev0:\n" + data)
-    if data.find(dev[0].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev0:\n" + data)
-
-    # Check mpath table on 1
-    res, data = dev[1].cmd_execute(['iw', dev[1].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev1")
-    if data.find(dev[0].own_addr() + ' ' +  dev[0].own_addr()) == -1 or \
-       data.find(dev[2].own_addr() + ' ' +  dev[0].own_addr()) == -1:
-        raise Exception("mpath not found on dev1:\n" + data)
-    if data.find(dev[2].own_addr() + ' ' +  dev[2].own_addr()) > -1 or \
-       data.find(dev[1].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev1:\n" + data)
-
-    # Check mpath table on 2
-    res, data = dev[2].cmd_execute(['iw', dev[2].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev2")
-    if data.find(dev[0].own_addr() + ' ' +  dev[0].own_addr()) == -1 or \
-       data.find(dev[1].own_addr() + ' ' +  dev[0].own_addr()) == -1:
-        raise Exception("mpath not found on dev2:\n" + data)
-    if data.find(dev[1].own_addr() + ' ' +  dev[1].own_addr()) > -1 or \
-       data.find(dev[2].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev2:\n" + data)
-
-    # remove mesh groups
-    for i in range(0, 3):
-        dev[i].mesh_group_remove()
-        check_mesh_group_removed(dev[i])
-        dev[i].dump_monitor()
-
-def test_wmediumd_path_ttl(dev, apdev, params):
-    """Mesh path request TTL"""
-    # 0 --- 1 --- 2 --- 3 --- 4
-    # Test the TTL of mesh path request.
-    # If the TTL is shorter than path, the mesh path request should be dropped.
-    require_wmediumd_version(0, 3, 1)
-
-    local_dev = []
-    for i in range(0, 3):
-        local_dev.append(dev[i])
-
-    for i in range(5, 7):
-        wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas.interface_add("wlan" + str(i))
-        check_mesh_support(wpas)
-        temp_dev = wpas.request("MESH_INTERFACE_ADD ifname=mesh" + str(i))
-        if "FAIL" in temp_dev:
-            raise Exception("MESH_INTERFACE_ADD failed")
-        local_dev.append(WpaSupplicant(ifname=temp_dev))
-
-    fd, fn = tempfile.mkstemp()
-    try:
-        f = os.fdopen(fd, 'w')
-        f.write(CFG3 % (local_dev[0].own_addr(), local_dev[1].own_addr(),
-                        local_dev[2].own_addr(), local_dev[3].own_addr(),
-                        local_dev[4].own_addr()))
-        f.close()
-        p = start_wmediumd(fn, params)
-        try:
-            _test_wmediumd_path_ttl(local_dev, True)
-            _test_wmediumd_path_ttl(local_dev, False)
-        finally:
-            stop_wmediumd(p, params)
-    finally:
-        os.unlink(fn)
-        for i in range(5, 7):
-            wpas.interface_remove("wlan" + str(i))
-
-def _test_wmediumd_path_ttl(dev, ok):
-    for i in range(0, 5):
-        check_mesh_support(dev[i])
-        add_open_mesh_network(dev[i], freq="2462", basic_rates="60 120 240")
-
-    # Check for mesh joined
-    for i in range(0, 5):
-        check_mesh_group_added(dev[i])
-
-        state = dev[i].get_status_field("wpa_state")
-        if state != "COMPLETED":
-            raise Exception("Unexpected wpa_state on dev" + str(i) + ": " + state)
-
-        mode = dev[i].get_status_field("mode")
-        if mode != "mesh":
-            raise Exception("Unexpected mode: " + mode)
-
-    # set mesh path request ttl
-    subprocess.check_call(["iw", "dev", dev[0].ifname, "set", "mesh_param",
-                           "mesh_element_ttl=" + ("4" if ok else "3")])
-
-    # Check for peer connected
-    for i in range(0, 5):
-        check_mesh_peer_connected(dev[i])
-    for i in range(1, 4):
-        check_mesh_peer_connected(dev[i])
-
-    # Test connectivity 0->4 and 0->4
-    hwsim_utils.test_connectivity(dev[0], dev[4], success_expected=ok)
-
-    # Check mpath table on 0
-    res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev0")
-    if ok:
-        if data.find(dev[1].own_addr() + ' ' +  dev[1].own_addr()) == -1 or \
-           data.find(dev[4].own_addr() + ' ' +  dev[1].own_addr()) == -1:
-            raise Exception("mpath not found on dev0:\n" + data)
-    else:
-        if data.find(dev[1].own_addr() + ' ' +  dev[1].own_addr()) == -1 or \
-           data.find(dev[4].own_addr() + ' 00:00:00:00:00:00') == -1:
-            raise Exception("mpath not found on dev0:\n" + data)
-    if data.find(dev[0].own_addr()) > -1 or \
-       data.find(dev[2].own_addr()) > -1 or \
-       data.find(dev[3].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev0:\n" + data)
-
-    # remove mesh groups
-    for i in range(0, 3):
-        dev[i].mesh_group_remove()
-        check_mesh_group_removed(dev[i])
-        dev[i].dump_monitor()
-
-def test_wmediumd_path_rann(dev, apdev, params):
-    """Mesh path with RANN"""
-    # 0 and 1 is connected
-    # 0 and 2 is connected
-    # 1 and 2 is not connected
-    # 2 is mesh root and RANN enabled
-    # 1 --- 0 --- 2
-    # |           |
-    # +-----X-----+
-    # This tests if 1 and 2 can communicate each other via 0.
-    require_wmediumd_version(0, 3, 1)
-    fd, fn = tempfile.mkstemp()
-    try:
-        f = os.fdopen(fd, 'w')
-        f.write(CFG2 % (dev[0].own_addr(), dev[1].own_addr(),
-                        dev[2].own_addr()))
-        f.close()
-        p = start_wmediumd(fn, params)
-        try:
-            _test_wmediumd_path_rann(dev, apdev)
-        finally:
-            stop_wmediumd(p, params)
-    finally:
-        os.unlink(fn)
-
-    capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
-
-    # check Root STA address in root announcement element
-    filt = "wlan.fc.type_subtype == 0x000d && " + \
-           "wlan_mgt.fixed.mesh_action == 0x01 && " + \
-           "wlan_mgt.tag.number == 126"
-    out = run_tshark(capfile, filt, ["wlan.rann.root_sta"])
-    if out is None:
-        raise Exception("No captured data found\n")
-    if out.find(dev[2].own_addr()) == -1 or \
-       out.find(dev[0].own_addr()) > -1 or \
-       out.find(dev[1].own_addr()) > -1:
-        raise Exception("RANN should be sent by dev2 only:\n" + out)
-
-    # check RANN interval is in range
-    filt = "wlan.sa == 02:00:00:00:02:00 && " + \
-           "wlan.fc.type_subtype == 0x000d && " + \
-           "wlan_mgt.fixed.mesh_action == 0x01 && " + \
-           "wlan_mgt.tag.number == 126"
-    out = run_tshark(capfile, filt, ["frame.time_relative"])
-    if out is None:
-        raise Exception("No captured data found\n")
-    lines = out.splitlines()
-    prev = float(lines[len(lines) - 1])
-    for i in reversed(list(range(1, len(lines) - 1))):
-        now = float(lines[i])
-        if prev - now < 1.0 or 3.0 < prev - now:
-            raise Exception("RANN interval " + str(prev - now) +
-                            "(sec) should be close to 2.0(sec)\n")
-        prev = now
-
-    # check no one uses broadcast path request
-    filt = "wlan.da == ff:ff:ff:ff:ff:ff && " + \
-           "wlan.fc.type_subtype == 0x000d && " + \
-           "wlan_mgt.fixed.mesh_action == 0x01 && " + \
-           "wlan_mgt.tag.number == 130"
-    out = run_tshark(capfile, filt, ["wlan.sa", "wlan.da"])
-    if out is None:
-        raise Exception("No captured data found\n")
-    if len(out) > 0:
-        raise Exception("invalid broadcast path requests\n" + out)
-
-def _test_wmediumd_path_rann(dev, apdev):
-    for i in range(0, 3):
-        check_mesh_support(dev[i])
-        add_open_mesh_network(dev[i], freq="2462", basic_rates="60 120 240")
-
-    # Check for mesh joined
-    for i in range(0, 3):
-        check_mesh_group_added(dev[i])
-
-        state = dev[i].get_status_field("wpa_state")
-        if state != "COMPLETED":
-            raise Exception("Unexpected wpa_state on dev" + str(i) + ": " + state)
-
-        mode = dev[i].get_status_field("mode")
-        if mode != "mesh":
-            raise Exception("Unexpected mode: " + mode)
-
-    # set node 2 as RANN supported root
-    subprocess.check_call(["iw", "dev", dev[0].ifname, "set", "mesh_param",
-                          "mesh_hwmp_rootmode=0"])
-    subprocess.check_call(["iw", "dev", dev[1].ifname, "set", "mesh_param",
-                          "mesh_hwmp_rootmode=0"])
-    subprocess.check_call(["iw", "dev", dev[2].ifname, "set", "mesh_param",
-                          "mesh_hwmp_rootmode=4"])
-    subprocess.check_call(["iw", "dev", dev[2].ifname, "set", "mesh_param",
-                          "mesh_hwmp_rann_interval=2000"])
-
-    # Check for peer connected
-    check_mesh_peer_connected(dev[0])
-    check_mesh_peer_connected(dev[0])
-    check_mesh_peer_connected(dev[1])
-    check_mesh_peer_connected(dev[2])
-
-    # Wait for RANN frame
-    time.sleep(10)
-
-    # Test connectivity 1->2 and 2->1
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-
-    # Check mpath table on 0
-    res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev0")
-    if data.find(dev[1].own_addr() + ' ' +  dev[1].own_addr()) == -1 or \
-       data.find(dev[2].own_addr() + ' ' +  dev[2].own_addr()) == -1:
-        raise Exception("mpath not found on dev0:\n" + data)
-    if data.find(dev[0].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev0:\n" + data)
-
-    # Check mpath table on 1
-    res, data = dev[1].cmd_execute(['iw', dev[1].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev1")
-    if data.find(dev[0].own_addr() + ' ' +  dev[0].own_addr()) == -1 or \
-       data.find(dev[2].own_addr() + ' ' +  dev[0].own_addr()) == -1:
-        raise Exception("mpath not found on dev1:\n" + data)
-    if data.find(dev[2].own_addr() + ' ' +  dev[2].own_addr()) > -1 or \
-       data.find(dev[1].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev1:\n" + data)
-
-    # Check mpath table on 2
-    res, data = dev[2].cmd_execute(['iw', dev[2].ifname, 'mpath', 'dump'])
-    if res != 0:
-        raise Exception("iw command failed on dev2")
-    if data.find(dev[0].own_addr() + ' ' +  dev[0].own_addr()) == -1 or \
-       data.find(dev[1].own_addr() + ' ' +  dev[0].own_addr()) == -1:
-        raise Exception("mpath not found on dev2:\n" + data)
-    if data.find(dev[1].own_addr() + ' ' +  dev[1].own_addr()) > -1 or \
-       data.find(dev[2].own_addr()) > -1:
-        raise Exception("invalid mpath found on dev2:\n" + data)
-
-    # remove mesh groups
-    for i in range(0, 3):
-        dev[i].mesh_group_remove()
-        check_mesh_group_removed(dev[i])
-        dev[i].dump_monitor()
-
-def test_wmediumd_scan_only_one(dev, apdev, params):
-    """Test that scanning with a single active AP only returns that one (wmediund)"""
-    fd, fn = tempfile.mkstemp()
-    try:
-        f = os.fdopen(fd, 'w')
-        f.write(CFG % (apdev[0]['bssid'], dev[0].own_addr()))
-        f.close()
-        p = start_wmediumd(fn, params)
-        try:
-            _test_scan_only_one(dev, apdev)
-        finally:
-            stop_wmediumd(p, params)
-    finally:
-        os.unlink(fn)
diff --git a/tests/hwsim/test_wnm.py b/tests/hwsim/test_wnm.py
deleted file mode 100644
index 88cb0820b634..000000000000
--- a/tests/hwsim/test_wnm.py
+++ /dev/null
@@ -1,1984 +0,0 @@
-# WNM tests
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import binascii
-import struct
-import time
-import logging
-logger = logging.getLogger()
-import subprocess
-
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from wlantest import Wlantest
-from datetime import datetime
-
-def clear_regdom_state(dev, hapd, hapd2):
-        for i in range(0, 3):
-            ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-            if ev is None or "init=COUNTRY_IE" in ev:
-                break
-        if hapd:
-            hapd.request("DISABLE")
-        if hapd2:
-            hapd2.request("DISABLE")
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def start_wnm_ap(apdev, bss_transition=True, time_adv=False, ssid=None,
-                 wnm_sleep_mode=False, wnm_sleep_mode_no_keys=False, rsn=False,
-                 ocv=False, ap_max_inactivity=0, coloc_intf_reporting=False,
-                 hw_mode=None, channel=None, country_code=None, country3=None,
-                 pmf=True, passphrase=None, ht=True, vht=False, mbo=False,
-                 beacon_prot=False):
-    if rsn:
-        if not ssid:
-            ssid = "test-wnm-rsn"
-        if not passphrase:
-            passphrase = "12345678"
-        params = hostapd.wpa2_params(ssid, passphrase)
-        if pmf:
-            params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
-            params["ieee80211w"] = "2"
-            if beacon_prot:
-                params["beacon_prot"] = "1"
-    else:
-        params = {"ssid": "test-wnm"}
-    if bss_transition:
-        params["bss_transition"] = "1"
-    if time_adv:
-        params["time_advertisement"] = "2"
-        params["time_zone"] = "EST5"
-    if wnm_sleep_mode:
-        params["wnm_sleep_mode"] = "1"
-    if wnm_sleep_mode_no_keys:
-        params["wnm_sleep_mode_no_keys"] = "1"
-    if ocv:
-        params["ocv"] = "1"
-    if ap_max_inactivity:
-        params["ap_max_inactivity"] = str(ap_max_inactivity)
-    if coloc_intf_reporting:
-        params["coloc_intf_reporting"] = "1"
-    if hw_mode:
-        params["hw_mode"] = hw_mode
-    if channel:
-        params["channel"] = channel
-    if country_code:
-        params["country_code"] = country_code
-        params["ieee80211d"] = "1"
-    if country3:
-        params["country3"] = country3
-    if not ht:
-        params['ieee80211n'] = '0'
-    if vht:
-        params['ieee80211ac'] = "1"
-        params["vht_oper_chwidth"] = "0"
-        params["vht_oper_centr_freq_seg0_idx"] = "0"
-    if mbo:
-        params["mbo"] = "1"
-    try:
-        hapd = hostapd.add_ap(apdev, params)
-    except Exception as e:
-        if "Failed to set hostapd parameter ocv" in str(e):
-            raise HwsimSkip("OCV not supported")
-        raise
-    if rsn:
-        Wlantest.setup(hapd)
-        wt = Wlantest()
-        wt.flush()
-        wt.add_passphrase("12345678")
-    return hapd
-
-@remote_compatible
-def test_wnm_bss_transition_mgmt(dev, apdev):
-    """WNM BSS Transition Management"""
-    start_wnm_ap(apdev[0], time_adv=True, wnm_sleep_mode=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("WNM_BSS_QUERY 0")
-
-def test_wnm_bss_transition_mgmt_oom(dev, apdev):
-    """WNM BSS Transition Management OOM"""
-    hapd = start_wnm_ap(apdev[0])
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    with alloc_fail(hapd, 1, "ieee802_11_send_bss_trans_mgmt_request"):
-        dev[0].request("WNM_BSS_QUERY 0")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-@remote_compatible
-def test_wnm_disassoc_imminent(dev, apdev):
-    """WNM Disassociation Imminent"""
-    hapd = start_wnm_ap(apdev[0], time_adv=True, wnm_sleep_mode=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    hapd.request("DISASSOC_IMMINENT " + addr + " 10")
-    ev = dev[0].wait_event(["WNM: Disassociation Imminent"])
-    if ev is None:
-        raise Exception("Timeout while waiting for disassociation imminent")
-    if "Disassociation Timer 10" not in ev:
-        raise Exception("Unexpected disassociation imminent contents")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Timeout while waiting for re-connection scan")
-
-def test_wnm_disassoc_imminent_fail(dev, apdev):
-    """WNM Disassociation Imminent failure"""
-    hapd = start_wnm_ap(apdev[0])
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-    with fail_test(hapd, 1, "wnm_send_disassoc_imminent"):
-        if "FAIL" not in hapd.request("DISASSOC_IMMINENT " + addr + " 10"):
-            raise Exception("DISASSOC_IMMINENT succeeded during failure testing")
-
-@remote_compatible
-def test_wnm_ess_disassoc_imminent(dev, apdev):
-    """WNM ESS Disassociation Imminent"""
-    hapd = start_wnm_ap(apdev[0], time_adv=True, wnm_sleep_mode=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    hapd.request("ESS_DISASSOC " + addr + " 10 http://example.com/session-info")
-    ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"])
-    if ev is None:
-        raise Exception("Timeout while waiting for ESS disassociation imminent")
-    if "0 1024 http://example.com/session-info" not in ev:
-        raise Exception("Unexpected ESS disassociation imminent message contents")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Timeout while waiting for re-connection scan")
-
-def test_wnm_ess_disassoc_imminent_fail(dev, apdev):
-    """WNM ESS Disassociation Imminent failure"""
-    hapd = start_wnm_ap(apdev[0])
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-    if "FAIL" not in hapd.request("ESS_DISASSOC " + addr + " 10 http://" + 256*'a'):
-        raise Exception("Invalid ESS_DISASSOC URL accepted")
-    with fail_test(hapd, 1, "wnm_send_ess_disassoc_imminent"):
-        if "FAIL" not in hapd.request("ESS_DISASSOC " + addr + " 10 http://example.com/session-info"):
-            raise Exception("ESS_DISASSOC succeeded during failure testing")
-
-def test_wnm_ess_disassoc_imminent_reject(dev, apdev):
-    """WNM ESS Disassociation Imminent getting rejected"""
-    hapd = start_wnm_ap(apdev[0])
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-    if "OK" not in dev[0].request("SET reject_btm_req_reason 123"):
-        raise Exception("Failed to set reject_btm_req_reason")
-
-    hapd.request("ESS_DISASSOC " + addr + " 1 http://example.com/session-info")
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=10)
-    if ev is None:
-        raise Exception("BSS-TM-RESP not seen")
-    if "status_code=123" not in ev:
-        raise Exception("Unexpected response status: " + ev)
-    dev[0].wait_disconnected()
-    dev[0].request("DISCONNECT")
-
-@remote_compatible
-def test_wnm_ess_disassoc_imminent_pmf(dev, apdev):
-    """WNM ESS Disassociation Imminent"""
-    hapd = start_wnm_ap(apdev[0], rsn=True)
-    dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    addr = dev[0].p2p_interface_addr()
-    hapd.request("ESS_DISASSOC " + addr + " 10 http://example.com/session-info")
-    ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"])
-    if ev is None:
-        raise Exception("Timeout while waiting for ESS disassociation imminent")
-    if "1 1024 http://example.com/session-info" not in ev:
-        raise Exception("Unexpected ESS disassociation imminent message contents")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Timeout while waiting for re-connection scan")
-
-def check_wnm_sleep_mode_enter_exit(hapd, dev, interval=None, tfs_req=None,
-                                    rekey=False):
-    addr = dev.p2p_interface_addr()
-    sta = hapd.get_sta(addr)
-    if "[WNM_SLEEP_MODE]" in sta['flags']:
-        raise Exception("Station unexpectedly in WNM-Sleep Mode")
-
-    logger.info("Going to WNM Sleep Mode")
-    extra = ""
-    if interval is not None:
-        extra += " interval=" + str(interval)
-    if tfs_req:
-        extra += " tfs_req=" + tfs_req
-    if "OK" not in dev.request("WNM_SLEEP enter" + extra):
-        raise Exception("WNM_SLEEP failed")
-    ok = False
-    for i in range(20):
-        time.sleep(0.1)
-        sta = hapd.get_sta(addr)
-        if "[WNM_SLEEP_MODE]" in sta['flags']:
-            ok = True
-            break
-    if not ok:
-        raise Exception("Station failed to enter WNM-Sleep Mode")
-
-    if rekey:
-        time.sleep(0.1)
-        if "OK" not in hapd.request("REKEY_GTK"):
-            raise Exception("REKEY_GTK failed")
-        ev = dev.wait_event(["WPA: Group rekeying completed"], timeout=0.1)
-        if ev is not None:
-                raise Exception("Unexpected report of GTK rekey during WNM-Sleep Mode")
-
-    logger.info("Waking up from WNM Sleep Mode")
-    ok = False
-    dev.request("WNM_SLEEP exit")
-    for i in range(20):
-        time.sleep(0.1)
-        sta = hapd.get_sta(addr)
-        if "[WNM_SLEEP_MODE]" not in sta['flags']:
-            ok = True
-            break
-    if not ok:
-        raise Exception("Station failed to exit WNM-Sleep Mode")
-
-    if rekey:
-        time.sleep(0.1)
-        if "OK" not in hapd.request("REKEY_GTK"):
-            raise Exception("REKEY_GTK failed")
-        ev = dev.wait_event(["WPA: Group rekeying completed"], timeout=2)
-        if ev is None:
-                raise Exception("GTK rekey timed out")
-
-@remote_compatible
-def test_wnm_sleep_mode_open(dev, apdev):
-    """WNM Sleep Mode - open"""
-    hapd = start_wnm_ap(apdev[0], time_adv=True, wnm_sleep_mode=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0])
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0], interval=100)
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0], tfs_req="5b17010001130e110000071122334455661122334455661234")
-
-    cmds = ["foo",
-            "exit tfs_req=123 interval=10",
-            "enter tfs_req=qq interval=10"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("WNM_SLEEP " + cmd):
-            raise Exception("Invalid WNM_SLEEP accepted")
-
-def test_wnm_sleep_mode_open_fail(dev, apdev):
-    """WNM Sleep Mode - open (fail)"""
-    hapd = start_wnm_ap(apdev[0], wnm_sleep_mode=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    with fail_test(hapd, 1, "nl80211_send_frame_cmd;ieee802_11_send_wnmsleep_resp"):
-        dev[0].request("WNM_SLEEP enter")
-        wait_fail_trigger(hapd, "GET_FAIL")
-
-def test_wnm_sleep_mode_disabled_on_ap(dev, apdev):
-    """WNM Sleep Mode disabled on AP"""
-    hapd = start_wnm_ap(apdev[0], wnm_sleep_mode=False)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    # Ignore WNM-Sleep Mode Request from 02:00:00:00:00:00 since WNM-Sleep Mode is disabled
-    dev[0].request("WNM_SLEEP enter")
-    time.sleep(0.1)
-
-@remote_compatible
-def test_wnm_sleep_mode_rsn(dev, apdev):
-    """WNM Sleep Mode - RSN"""
-    hapd = start_wnm_ap(apdev[0], time_adv=True, wnm_sleep_mode=True, rsn=True,
-                        pmf=False)
-    dev[0].connect("test-wnm-rsn", psk="12345678", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0])
-
-@remote_compatible
-def test_wnm_sleep_mode_ap_oom(dev, apdev):
-    """WNM Sleep Mode - AP side OOM"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False, wnm_sleep_mode=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    with alloc_fail(hapd, 1, "ieee802_11_send_wnmsleep_resp"):
-        dev[0].request("WNM_SLEEP enter")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-    with alloc_fail(hapd, 2, "ieee802_11_send_wnmsleep_resp"):
-        dev[0].request("WNM_SLEEP exit")
-        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-@remote_compatible
-def test_wnm_sleep_mode_rsn_pmf(dev, apdev):
-    """WNM Sleep Mode - RSN with PMF"""
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True, time_adv=True)
-    dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0])
-
-def test_wnm_sleep_mode_rsn_beacon_prot(dev, apdev):
-    """WNM Sleep Mode - RSN with PMF and beacon protection"""
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True, time_adv=True,
-                        beacon_prot=True)
-    dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2",
-                   beacon_prot="1",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0])
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0], rekey=True)
-
-@remote_compatible
-def test_wnm_sleep_mode_rsn_ocv(dev, apdev):
-    """WNM Sleep Mode - RSN with OCV"""
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True,
-                        time_adv=True, ocv=True)
-
-    dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2", ocv="1",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0])
-
-    # Check if OCV succeeded or failed
-    ev = dev[0].wait_event(["OCV failed"], timeout=1)
-    if ev is not None:
-        raise Exception("OCI verification failed: " + ev)
-
-@remote_compatible
-def test_wnm_sleep_mode_rsn_badocv(dev, apdev):
-    """WNM Sleep Mode - RSN with OCV and bad OCI elements"""
-    ssid = "test-wnm-rsn"
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True, ocv=True)
-    bssid = apdev[0]['bssid']
-    dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK-SHA256", ocv="1",
-                   proto="WPA2", ieee80211w="2", scan_freq="2412")
-    dev[0].request("WNM_SLEEP enter")
-    time.sleep(0.1)
-
-    msg = {'fc': MGMT_SUBTYPE_ACTION << 4,
-           'da': bssid,
-           'sa': dev[0].own_addr(),
-           'bssid': bssid}
-
-    logger.debug("WNM Sleep Mode Request - Missing OCI element")
-    msg['payload'] = struct.pack("<BBBBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_REQ, 0,
-                                 WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT, 0, 0,
-                                 WLAN_EID_TFS_REQ, 0)
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq=2412 wait_time=200 no_cck=1 action={}".format(
-        msg['da'], msg['bssid'], binascii.hexlify(msg['payload']).decode()))
-    ev = hapd.wait_event(["OCV failed"], timeout=5)
-    if ev is None:
-        raise Exception("AP did not report missing OCI element")
-
-    logger.debug("WNM Sleep Mode Request - Bad OCI element")
-    msg['payload'] = struct.pack("<BBBBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_REQ, 0,
-                                 WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT, 0,
-                                 0,
-                                 WLAN_EID_TFS_REQ, 0)
-    oci_ie = struct.pack("<BBB", 81, 2, 0)
-    msg['payload'] += struct.pack("<BBB", WLAN_EID_EXTENSION, 1 + len(oci_ie),
-                                  WLAN_EID_EXT_OCV_OCI) + oci_ie
-    mgmt_tx(dev[0], "MGMT_TX {} {} freq=2412 wait_time=200 no_cck=1 action={}".format(
-        msg['da'], msg['bssid'], binascii.hexlify(msg['payload']).decode()))
-    ev = hapd.wait_event(["OCV failed"], timeout=5)
-    if ev is None:
-        raise Exception("AP did not report bad OCI element")
-
-    msg = {'fc': MGMT_SUBTYPE_ACTION << 4,
-           'da': dev[0].own_addr(),
-           'sa': bssid,
-           'bssid': bssid}
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    logger.debug("WNM Sleep Mode Response - Missing OCI element")
-    msg['payload'] = struct.pack("<BBBHBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0,
-                                 WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                 WNM_STATUS_SLEEP_ACCEPT, 0,
-                                 WLAN_EID_TFS_RESP, 0)
-    dev[0].request("WNM_SLEEP exit")
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-    ev = dev[0].wait_event(["OCV failed"], timeout=5)
-    if ev is None:
-        raise Exception("STA did not report missing OCI element")
-
-    logger.debug("WNM Sleep Mode Response - Bad OCI element")
-    msg['payload'] = struct.pack("<BBBHBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0,
-                                 WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                 WNM_STATUS_SLEEP_ACCEPT, 0,
-                                 WLAN_EID_TFS_RESP, 0)
-    oci_ie = struct.pack("<BBB", 81, 2, 0)
-    msg['payload'] += struct.pack("<BBB", WLAN_EID_EXTENSION, 1 + len(oci_ie),
-                                  WLAN_EID_EXT_OCV_OCI) + oci_ie
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-    ev = dev[0].wait_event(["OCV failed"], timeout=5)
-    if ev is None:
-        raise Exception("STA did not report bad OCI element")
-
-def test_wnm_sleep_mode_rsn_ocv_failure(dev, apdev):
-    """WNM Sleep Mode - RSN with OCV - local failure"""
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True,
-                        time_adv=True, ocv=True)
-
-    dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2", ocv="1",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    # Failed to allocate buffer for OCI element in WNM-Sleep Mode frame
-    with alloc_fail(hapd, 2, "ieee802_11_send_wnmsleep_resp"):
-            if "OK" not in dev[0].request("WNM_SLEEP enter"):
-                    raise Exception("WNM_SLEEP failed")
-            wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
-
-def test_wnm_sleep_mode_rsn_pmf_key_workaround(dev, apdev):
-    """WNM Sleep Mode - RSN with PMF and GTK/IGTK workaround"""
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True,
-                        wnm_sleep_mode_no_keys=True,
-                        time_adv=True, ocv=True)
-    dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2",
-                   key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-    ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
-    if ev is None:
-        raise Exception("No connection event received from hostapd")
-    check_wnm_sleep_mode_enter_exit(hapd, dev[0])
-
-def test_wnm_sleep_mode_proto(dev, apdev):
-    """WNM Sleep Mode - protocol testing"""
-    hapd = start_wnm_ap(apdev[0], wnm_sleep_mode=True, bss_transition=False)
-    bssid = hapd.own_addr()
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-    tests = ["0a10",
-             "0a1001",
-             "0a10015d00",
-             "0a10015d01",
-             "0a10015d0400000000",
-             "0a1001" + 7*("5bff" + 255*"00") + "5d00",
-             "0a1001ff00"]
-    for t in tests:
-        if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-MGMT_SUBTYPE_ACTION = 13
-ACTION_CATEG_WNM = 10
-WNM_ACT_BSS_TM_REQ = 7
-WNM_ACT_BSS_TM_RESP = 8
-WNM_ACT_SLEEP_MODE_REQ = 16
-WNM_ACT_SLEEP_MODE_RESP = 17
-WNM_ACT_NOTIFICATION_REQ = 26
-WNM_ACT_NOTIFICATION_RESP = 27
-WNM_NOTIF_TYPE_FW_UPGRADE = 0
-WNM_NOTIF_TYPE_WFA = 1
-WLAN_EID_TFS_REQ = 91
-WLAN_EID_TFS_RESP = 92
-WLAN_EID_WNMSLEEP = 93
-WLAN_EID_EXTENSION = 255
-WLAN_EID_EXT_OCV_OCI = 54
-WNM_SLEEP_MODE_ENTER = 0
-WNM_SLEEP_MODE_EXIT = 1
-WNM_STATUS_SLEEP_ACCEPT = 0
-WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE = 1
-WNM_STATUS_DENIED_ACTION = 2
-WNM_STATUS_DENIED_TMP = 3
-WNM_STATUS_DENIED_KEY = 4
-WNM_STATUS_DENIED_OTHER_WNM_SERVICE = 5
-WNM_SLEEP_SUBELEM_GTK = 0
-WNM_SLEEP_SUBELEM_IGTK = 1
-
-def bss_tm_req(dst, src, dialog_token=1, req_mode=0, disassoc_timer=0,
-               validity_interval=1):
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dst
-    msg['sa'] = src
-    msg['bssid'] = src
-    msg['payload'] = struct.pack("<BBBBHB",
-                                 ACTION_CATEG_WNM, WNM_ACT_BSS_TM_REQ,
-                                 dialog_token, req_mode, disassoc_timer,
-                                 validity_interval)
-    return msg
-
-def rx_bss_tm_resp(hapd, expect_dialog=None, expect_status=None):
-    for i in range(0, 100):
-        resp = hapd.mgmt_rx()
-        if resp is None:
-            raise Exception("No BSS TM Response received")
-        if resp['subtype'] == MGMT_SUBTYPE_ACTION:
-            break
-    if i == 99:
-        raise Exception("Not an Action frame")
-    payload = resp['payload']
-    if len(payload) < 2 + 3:
-        raise Exception("Too short payload")
-    (category, action) = struct.unpack('BB', payload[0:2])
-    if category != ACTION_CATEG_WNM or action != WNM_ACT_BSS_TM_RESP:
-        raise Exception("Not a BSS TM Response")
-    pos = payload[2:]
-    (dialog, status, bss_term_delay) = struct.unpack('BBB', pos[0:3])
-    resp['dialog'] = dialog
-    resp['status'] = status
-    resp['bss_term_delay'] = bss_term_delay
-    pos = pos[3:]
-    if len(pos) >= 6 and status == 0:
-        resp['target_bssid'] = binascii.hexlify(pos[0:6])
-        pos = pos[6:]
-    resp['candidates'] = pos
-    if expect_dialog is not None and dialog != expect_dialog:
-        raise Exception("Unexpected dialog token")
-    if expect_status is not None and status != expect_status:
-        raise Exception("Unexpected status code %d" % status)
-    return resp
-
-def expect_ack(hapd):
-    ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
-    if ev is None:
-        raise Exception("Missing TX status")
-    if "ok=1" not in ev:
-        raise Exception("Action frame not acknowledged")
-
-def mgmt_tx(dev, msg):
-    if "FAIL" in dev.request(msg):
-        raise Exception("Failed to send Action frame")
-    ev = dev.wait_event(["MGMT-TX-STATUS"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on MGMT-TX-STATUS")
-    if "result=SUCCESS" not in ev:
-        raise Exception("Peer did not ack Action frame")
-
-@remote_compatible
-def test_wnm_bss_tm_req(dev, apdev):
-    """BSS Transition Management Request"""
-    hapd = start_wnm_ap(apdev[0])
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    # truncated BSS TM Request
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x08)
-    req['payload'] = struct.pack("<BBBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_BSS_TM_REQ,
-                                 1, 0, 0)
-    hapd.mgmt_tx(req)
-    expect_ack(hapd)
-    dev[0].dump_monitor()
-
-    # no disassociation and no candidate list
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     dialog_token=2)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=2, expect_status=1)
-    dev[0].dump_monitor()
-
-    # truncated BSS Termination Duration
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x08)
-    hapd.mgmt_tx(req)
-    expect_ack(hapd)
-    dev[0].dump_monitor()
-
-    # BSS Termination Duration with TSF=0 and Duration=10
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x08, dialog_token=3)
-    req['payload'] += struct.pack("<BBQH", 4, 10, 0, 10)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=3, expect_status=1)
-    dev[0].dump_monitor()
-
-    # truncated Session Information URL
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x10)
-    hapd.mgmt_tx(req)
-    expect_ack(hapd)
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x10)
-    req['payload'] += struct.pack("<BBB", 3, 65, 66)
-    hapd.mgmt_tx(req)
-    expect_ack(hapd)
-    dev[0].dump_monitor()
-
-    # Session Information URL
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x10, dialog_token=4)
-    req['payload'] += struct.pack("<BBB", 2, 65, 66)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=4, expect_status=0)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List without any entries
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=5)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=5, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with a truncated entry
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01)
-    req['payload'] += struct.pack("<BB", 52, 1)
-    hapd.mgmt_tx(req)
-    expect_ack(hapd)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with a too short entry
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=6)
-    req['payload'] += struct.pack("<BB", 52, 0)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=6, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with a non-matching entry
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=6)
-    req['payload'] += struct.pack("<BB6BLBBB", 52, 13,
-                                  1, 2, 3, 4, 5, 6,
-                                  0, 81, 1, 7)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=6, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with a truncated subelement
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=7)
-    req['payload'] += struct.pack("<BB6BLBBBBB", 52, 13 + 2,
-                                  1, 2, 3, 4, 5, 6,
-                                  0, 81, 1, 7,
-                                  1, 1)
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=7, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with lots of invalid optional subelements
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=8)
-    subelems = struct.pack("<BBHB", 1, 3, 0, 100)
-    subelems += struct.pack("<BBB", 2, 1, 65)
-    subelems += struct.pack("<BB", 3, 0)
-    subelems += struct.pack("<BBQB", 4, 9, 0, 10)
-    subelems += struct.pack("<BBHLB", 5, 7, 0, 0, 0)
-    subelems += struct.pack("<BB", 66, 0)
-    subelems += struct.pack("<BBBBBB", 70, 4, 0, 0, 0, 0)
-    subelems += struct.pack("<BB", 71, 0)
-    req['payload'] += struct.pack("<BB6BLBBB", 52, 13 + len(subelems),
-                                  1, 2, 3, 4, 5, 6,
-                                  0, 81, 1, 7) + subelems
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=8, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with lots of valid optional subelements (twice)
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=8)
-    # TSF Information
-    subelems = struct.pack("<BBHH", 1, 4, 0, 100)
-    # Condensed Country String
-    subelems += struct.pack("<BBBB", 2, 2, 65, 66)
-    # BSS Transition Candidate Preference
-    subelems += struct.pack("<BBB", 3, 1, 100)
-    # BSS Termination Duration
-    subelems += struct.pack("<BBQH", 4, 10, 0, 10)
-    # Bearing
-    subelems += struct.pack("<BBHLH", 5, 8, 0, 0, 0)
-    # Measurement Pilot Transmission
-    subelems += struct.pack("<BBBBB", 66, 3, 0, 0, 0)
-    # RM Enabled Capabilities
-    subelems += struct.pack("<BBBBBBB", 70, 5, 0, 0, 0, 0, 0)
-    # Multiple BSSID
-    subelems += struct.pack("<BBBB", 71, 2, 0, 0)
-    req['payload'] += struct.pack("<BB6BLBBB", 52, 13 + len(subelems) * 2,
-                                  1, 2, 3, 4, 5, 6,
-                                  0, 81, 1, 7) + subelems + subelems
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=8, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List with truncated BSS Termination Duration
-    # WNM: Too short BSS termination duration
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=8)
-    # BSS Termination Duration (truncated)
-    subelems = struct.pack("<BBQB", 4, 9, 0, 10)
-    req['payload'] += struct.pack("<BB6BLBBB", 52, 13 + len(subelems),
-                                  1, 2, 3, 4, 5, 6,
-                                  0, 81, 1, 7) + subelems
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=8, expect_status=7)
-    dev[0].dump_monitor()
-
-    # Preferred Candidate List followed by vendor element
-    req = bss_tm_req(addr, apdev[0]['bssid'],
-                     req_mode=0x01, dialog_token=8)
-    subelems = b''
-    req['payload'] += struct.pack("<BB6BLBBB", 52, 13 + len(subelems),
-                                  1, 2, 3, 4, 5, 6,
-                                  0, 81, 1, 7) + subelems
-    req['payload'] += binascii.unhexlify("DD0411223344")
-    hapd.mgmt_tx(req)
-    resp = rx_bss_tm_resp(hapd, expect_dialog=8, expect_status=7)
-    dev[0].dump_monitor()
-
-@remote_compatible
-def test_wnm_bss_keep_alive(dev, apdev):
-    """WNM keep-alive"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False, ap_max_inactivity=1)
-    addr = dev[0].p2p_interface_addr()
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    start = hapd.get_sta(addr)
-    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=2)
-    if ev is not None:
-        raise Exception("Unexpected disconnection")
-    end = hapd.get_sta(addr)
-    if int(end['rx_packets']) <= int(start['rx_packets']):
-        raise Exception("No keep-alive packets received")
-    try:
-        # Disable client keep-alive so that hostapd will verify connection
-        # with client poll
-        dev[0].request("SET no_keep_alive 1")
-        for i in range(60):
-            sta = hapd.get_sta(addr)
-            logger.info("timeout_next=%s rx_packets=%s tx_packets=%s" % (sta['timeout_next'], sta['rx_packets'], sta['tx_packets']))
-            if i > 1 and sta['timeout_next'] != "NULLFUNC POLL" and int(sta['tx_packets']) > int(end['tx_packets']):
-                break
-            ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
-            if ev is not None:
-                raise Exception("Unexpected disconnection (client poll expected)")
-    finally:
-        dev[0].request("SET no_keep_alive 0")
-    if int(sta['tx_packets']) <= int(end['tx_packets']):
-        raise Exception("No client poll packet seen")
-
-def test_wnm_bss_tm(dev, apdev):
-    """WNM BSS Transition Management"""
-    try:
-        hapd = None
-        hapd2 = None
-        hapd = start_wnm_ap(apdev[0], country_code="FI")
-        id = dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-        dev[0].set_network(id, "scan_freq", "")
-
-        hapd2 = start_wnm_ap(apdev[1], country_code="FI", hw_mode="a",
-                             channel="36")
-
-        addr = dev[0].p2p_interface_addr()
-        dev[0].dump_monitor()
-
-        logger.info("No neighbor list entries")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if addr not in ev:
-            raise Exception("Unexpected BSS Transition Management Response address")
-        if "status_code=0" in ev:
-            raise Exception("BSS transition accepted unexpectedly")
-        dev[0].dump_monitor()
-
-        logger.info("Neighbor list entry, but not claimed as Preferred Candidate List")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " dialog_token=123 neighbor=11:22:33:44:55:66,0x0000,81,3,7"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" in ev:
-            raise Exception("BSS transition accepted unexpectedly")
-        dev[0].dump_monitor()
-
-        logger.info("Preferred Candidate List (no matching neighbor) without Disassociation Imminent")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 neighbor=11:22:33:44:55:66,0x0000,81,3,7,0301ff neighbor=22:33:44:55:66:77,0x0000,1,44,7 neighbor=00:11:22:33:44:55,0x0000,81,4,7,03010a"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" in ev:
-            raise Exception("BSS transition accepted unexpectedly")
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-        if ev is None:
-            raise Exception("No scan started")
-        dev[0].dump_monitor()
-
-        logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        if "target_bssid=" + apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected target BSS: " + ev)
-        dev[0].wait_connected(timeout=15, error="No reassociation seen")
-        if apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected reassociation target: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected scan started")
-        dev[0].dump_monitor()
-
-        logger.info("Preferred Candidate List with two matches, no roam needed")
-        if "OK" not in hapd2.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[0]['bssid'] + ",0x0000,81,1,7,030101 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd2.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        if "target_bssid=" + apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected target BSS: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected scan started")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected reassociation")
-
-        logger.info("Preferred Candidate List with two matches and extra frequency (160 MHz), no roam needed")
-        if "OK" not in hapd2.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[0]['bssid'] + ",0x0000,81,1,7,030101 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff" + ' neighbor=00:11:22:33:44:55,0x0000,129,36,7'):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd2.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        if "target_bssid=" + apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected target BSS: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected scan started")
-        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected reassociation")
-    finally:
-        clear_regdom_state(dev, hapd, hapd2)
-
-def test_wnm_bss_tm_steering_timeout(dev, apdev):
-    """WNM BSS Transition Management and steering timeout"""
-    hapd = start_wnm_ap(apdev[0])
-    id = dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    hapd2 = start_wnm_ap(apdev[1])
-    dev[0].scan_for_bss(apdev[1]['bssid'], 2412)
-    hapd2.disable()
-    addr = dev[0].own_addr()
-    if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000,81,1,7,0301ff"):
-        raise Exception("BSS_TM_REQ command failed")
-    ev = hapd.wait_event(['BSS-TM-RESP'], timeout=5)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response")
-    if "status_code=0" not in ev:
-        raise Exception("BSS transition request was not accepted: " + ev)
-    # Wait for the ap_sta_reset_steer_flag_timer timeout to occur
-    # "Reset steering flag for STA 02:00:00:00:00:00"
-    time.sleep(2.1)
-
-    ev = dev[0].wait_event(["Trying to authenticate"], timeout=5)
-    if ev is None:
-        raise Exception("No authentication attempt seen")
-    if hapd2.own_addr() not in ev:
-        raise Exception("Unexpected authentication target: " + ev)
-    # Wait for return back to the previous AP
-    dev[0].wait_connected()
-
-def test_wnm_bss_tm_errors(dev, apdev):
-    """WNM BSS Transition Management errors"""
-    hapd = start_wnm_ap(apdev[0])
-    id = dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    tests = ["BSS_TM_REQ q",
-             "BSS_TM_REQ 22:22:22:22:22:22",
-             "BSS_TM_REQ %s disassoc_timer=-1" % addr,
-             "BSS_TM_REQ %s disassoc_timer=65536" % addr,
-             "BSS_TM_REQ %s bss_term=foo" % addr,
-             "BSS_TM_REQ %s neighbor=q" % addr,
-             "BSS_TM_REQ %s neighbor=02:11:22:33:44:55" % addr,
-             "BSS_TM_REQ %s neighbor=02:11:22:33:44:55,0" % addr,
-             "BSS_TM_REQ %s neighbor=02:11:22:33:44:55,0,0" % addr,
-             "BSS_TM_REQ %s neighbor=02:11:22:33:44:55,0,0,0" % addr,
-             "BSS_TM_REQ %s neighbor=02:11:22:33:44:55,0,0,0,0,q" % addr,
-             "BSS_TM_REQ %s neighbor=02:11:22:33:44:55,0,0,0,0,0q" % addr,
-             "BSS_TM_REQ " + addr + " url=" + 256*'a',
-             "BSS_TM_REQ %s url=foo mbo=1:2" % addr,
-             "BSS_TM_REQ %s url=foo mbo=100000:0:0" % addr,
-             "BSS_TM_REQ %s url=foo mbo=0:0:254" % addr,
-             "BSS_TM_REQ %s url=foo mbo=0:100000:0" % addr]
-    for t in tests:
-        if "FAIL" not in hapd.request(t):
-            raise Exception("Invalid command accepted: %s" % t)
-
-    with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_bss_tm_req"):
-        if "FAIL" not in hapd.request("BSS_TM_REQ %s url=http://foo" % addr):
-            raise Exception("BSS_TM_REQ accepted during OOM")
-
-    with alloc_fail(hapd, 1, "=wnm_send_bss_tm_req"):
-        if "FAIL" not in hapd.request("BSS_TM_REQ %s url=http://foo" % addr):
-            raise Exception("BSS_TM_REQ accepted during OOM")
-
-    with fail_test(hapd, 1, "wnm_send_bss_tm_req"):
-        if "FAIL" not in hapd.request("BSS_TM_REQ %s url=http://foo" % addr):
-            raise Exception("BSS_TM_REQ accepted during failure testing")
-
-def test_wnm_bss_tm_termination(dev, apdev):
-    """WNM BSS Transition Management and BSS termination"""
-    hapd = start_wnm_ap(apdev[0])
-    id = dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    if "OK" not in hapd.request("BSS_TM_REQ %s bss_term=0,1" % addr):
-        raise Exception("BSS_TM_REQ failed")
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("No BSS-TM-RESP event seen")
-
-    if "OK" not in hapd.request("BSS_TM_REQ %s url=http://example.com/" % addr):
-        raise Exception("BSS_TM_REQ failed")
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("No BSS-TM-RESP event seen")
-
-def test_wnm_bss_tm_scan_not_needed(dev, apdev):
-    """WNM BSS Transition Management and scan not needed"""
-    run_wnm_bss_tm_scan_not_needed(dev, apdev)
-
-def test_wnm_bss_tm_nei_vht(dev, apdev):
-    """WNM BSS Transition Management and VHT neighbor"""
-    run_wnm_bss_tm_scan_not_needed(dev, apdev, vht=True, nei_info="115,36,9")
-
-def test_wnm_bss_tm_nei_11a(dev, apdev):
-    """WNM BSS Transition Management and 11a neighbor"""
-    run_wnm_bss_tm_scan_not_needed(dev, apdev, ht=False, nei_info="115,36,4")
-
-def test_wnm_bss_tm_nei_11g(dev, apdev):
-    """WNM BSS Transition Management and 11g neighbor"""
-    run_wnm_bss_tm_scan_not_needed(dev, apdev, ht=False, hwmode='g',
-                                   channel='2', freq=2417, nei_info="81,2,6")
-
-def test_wnm_bss_tm_nei_11b(dev, apdev):
-    """WNM BSS Transition Management and 11g neighbor"""
-    run_wnm_bss_tm_scan_not_needed(dev, apdev, ht=False, hwmode='b',
-                                   channel='3', freq=2422, nei_info="81,2,5")
-
-def run_wnm_bss_tm_scan_not_needed(dev, apdev, ht=True, vht=False, hwmode='a',
-                                   channel='36', freq=5180,
-                                   nei_info="115,36,7,0301ff"):
-    try:
-        hapd = None
-        hapd2 = None
-        hapd = start_wnm_ap(apdev[0], country_code="FI", hw_mode="g",
-                            channel="1")
-        hapd2 = start_wnm_ap(apdev[1], country_code="FI", hw_mode=hwmode,
-                             channel=channel, ht=ht, vht=vht)
-        dev[0].scan_for_bss(apdev[1]['bssid'], freq)
-
-        id = dev[0].connect("test-wnm", key_mgmt="NONE",
-                            bssid=apdev[0]['bssid'], scan_freq="2412")
-        dev[0].set_network(id, "scan_freq", "")
-        dev[0].set_network(id, "bssid", "")
-
-        addr = dev[0].own_addr()
-        dev[0].dump_monitor()
-
-        logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000," + nei_info):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        if "target_bssid=" + apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected target BSS: " + ev)
-        dev[0].wait_connected(timeout=15, error="No reassociation seen")
-        if apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected reassociation target: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected scan started")
-        dev[0].dump_monitor()
-    finally:
-        clear_regdom_state(dev, hapd, hapd2)
-
-def test_wnm_bss_tm_scan_needed(dev, apdev):
-    """WNM BSS Transition Management and scan needed"""
-    try:
-        hapd = None
-        hapd2 = None
-        hapd = start_wnm_ap(apdev[0], country_code="FI", hw_mode="g",
-                            channel="1")
-        hapd2 = start_wnm_ap(apdev[1], country_code="FI", hw_mode="a",
-                             channel="36")
-
-        dev[0].scan_for_bss(apdev[1]['bssid'], 5180)
-
-        id = dev[0].connect("test-wnm", key_mgmt="NONE",
-                            bssid=apdev[0]['bssid'], scan_freq="2412")
-        dev[0].set_network(id, "scan_freq", "")
-        dev[0].set_network(id, "bssid", "")
-
-        addr = dev[0].own_addr()
-        dev[0].dump_monitor()
-
-        logger.info("Wait 11 seconds for the last scan result to be too old, but still present in BSS table")
-        time.sleep(11)
-        logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        if "target_bssid=" + apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected target BSS: " + ev)
-        dev[0].wait_connected(timeout=15, error="No reassociation seen")
-        if apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected reassociation target: " + ev)
-        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("Unexpected scan started")
-        dev[0].dump_monitor()
-    finally:
-        clear_regdom_state(dev, hapd, hapd2)
-
-def test_wnm_bss_tm_scan_needed_e4(dev, apdev):
-    """WNM BSS Transition Management and scan needed (Table E-4)"""
-    try:
-        hapd = None
-        hapd2 = None
-        hapd = start_wnm_ap(apdev[0], country_code="FI", country3="0x04",
-                            hw_mode="g", channel="1")
-        hapd2 = start_wnm_ap(apdev[1], country_code="FI", country3="0x04",
-                             hw_mode="a", channel="36")
-        id = dev[0].connect("test-wnm", key_mgmt="NONE",
-                            bssid=apdev[0]['bssid'], scan_freq="2412")
-        dev[0].set_network(id, "scan_freq", "")
-        dev[0].set_network(id, "bssid", "")
-
-        addr = dev[0].own_addr()
-        dev[0].dump_monitor()
-
-        logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=4)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response seen quickly enough - did scan optimization fail?")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        dev[0].wait_connected(timeout=15, error="No reassociation seen")
-        # Wait for regdom change due to country IE to avoid issues with that
-        # processing happening only after the disconnection and cfg80211 ending
-        # up intersecting regdoms when we try to clear state back to world (00)
-        # regdom below.
-        while True:
-            ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-            if not ev or "COUNTRY_IE" in ev:
-                break
-        dev[0].dump_monitor()
-    finally:
-        clear_regdom_state(dev, hapd, hapd2)
-
-def start_wnm_tm(ap, country, dev, country3=None):
-    hapd = start_wnm_ap(ap, country_code=country, country3=country3)
-    id = dev.connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    wait_regdom_changes(dev)
-    dev.dump_monitor()
-    dev.set_network(id, "scan_freq", "")
-    return hapd, id
-
-def stop_wnm_tm(hapd, dev):
-    if hapd:
-        hapd.request("DISABLE")
-        time.sleep(0.1)
-    dev[0].disconnect_and_stop_scan()
-    subprocess.call(['iw', 'reg', 'set', '00'])
-    wait_regdom_changes(dev[0])
-    country = dev[0].get_driver_status_field("country")
-    logger.info("Country code at the end: " + country)
-    if country != "00":
-        clear_country(dev)
-
-    dev[0].flush_scan_cache()
-
-def wnm_bss_tm_check(hapd, dev, data):
-    addr = dev.p2p_interface_addr()
-    if "OK" not in hapd.request("BSS_TM_REQ " + addr + " " + data):
-        raise Exception("BSS_TM_REQ command failed")
-    ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
-    if ev is None:
-        raise Exception("No scan started")
-    ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"], 15)
-    if ev is None:
-        raise Exception("Scan did not complete")
-
-    ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response")
-    if "status_code=7" not in ev:
-        raise Exception("Unexpected response: " + ev)
-
-def test_wnm_bss_tm_country_us(dev, apdev):
-    """WNM BSS Transition Management (US)"""
-    try:
-        hapd = None
-        hapd, id = start_wnm_tm(apdev[0], "US", dev[0])
-
-        logger.info("Preferred Candidate List (no matching neighbor, known channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,12,3,7,0301ff neighbor=00:11:22:33:44:55,0x0000,2,52,7,03010a neighbor=00:11:22:33:44:57,0x0000,4,100,7 neighbor=00:11:22:33:44:59,0x0000,3,149,7 neighbor=00:11:22:33:44:5b,0x0000,34,1,7 neighbor=00:11:22:33:44:5d,0x0000,5,149,7")
-
-        # Make the test take less time by limiting full scans
-        dev[0].set_network(id, "scan_freq", "2412")
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,12,0,7,0301ff neighbor=22:33:44:55:66:77,0x0000,12,12,7 neighbor=00:11:22:33:44:55,0x0000,2,35,7,03010a neighbor=00:11:22:33:44:56,0x0000,2,65,7 neighbor=00:11:22:33:44:57,0x0000,4,99,7 neighbor=00:11:22:33:44:58,0x0000,4,145,7")
-
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels 2)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=00:11:22:33:44:59,0x0000,3,148,7 neighbor=00:11:22:33:44:5a,0x0000,3,162,7 neighbor=00:11:22:33:44:5b,0x0000,34,0,7 neighbor=00:11:22:33:44:5c,0x0000,34,4,7 neighbor=00:11:22:33:44:5d,0x0000,5,148,7 neighbor=00:11:22:33:44:5e,0x0000,5,166,7 neighbor=00:11:22:33:44:5f,0x0000,0,0,7")
-    finally:
-        stop_wnm_tm(hapd, dev)
-
-def test_wnm_bss_tm_country_fi(dev, apdev):
-    """WNM BSS Transition Management (FI)"""
-    addr = dev[0].p2p_interface_addr()
-    try:
-        hapd = None
-        hapd, id = start_wnm_tm(apdev[0], "FI", dev[0])
-
-        logger.info("Preferred Candidate List (no matching neighbor, known channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,4,3,7,0301ff neighbor=00:11:22:33:44:55,0x0000,1,36,7,03010a neighbor=00:11:22:33:44:57,0x0000,3,100,7 neighbor=00:11:22:33:44:59,0x0000,17,149,7 neighbor=00:11:22:33:44:5c,0x0000,18,1,7")
-
-        # Make the test take less time by limiting full scans
-        dev[0].set_network(id, "scan_freq", "2412")
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=00:11:22:33:44:00,0x0000,4,0,7 neighbor=00:11:22:33:44:01,0x0000,4,14,7 neighbor=00:11:22:33:44:02,0x0000,1,35,7 neighbor=00:11:22:33:44:03,0x0000,1,65,7 neighbor=00:11:22:33:44:04,0x0000,3,99,7 neighbor=00:11:22:33:44:05,0x0000,3,141,7 neighbor=00:11:22:33:44:06,0x0000,17,148,7 neighbor=00:11:22:33:44:07,0x0000,17,170,7 neighbor=00:11:22:33:44:08,0x0000,18,0,7 neighbor=00:11:22:33:44:09,0x0000,18,5,7")
-
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels 2)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=00:11:22:33:44:00,0x0000,0,0,7")
-    finally:
-        stop_wnm_tm(hapd, dev)
-
-def test_wnm_bss_tm_country_jp(dev, apdev):
-    """WNM BSS Transition Management (JP)"""
-    addr = dev[0].p2p_interface_addr()
-    try:
-        hapd = None
-        hapd, id = start_wnm_tm(apdev[0], "JP", dev[0])
-
-        logger.info("Preferred Candidate List (no matching neighbor, known channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,30,3,7,0301ff neighbor=00:11:22:33:44:55,0x0000,31,14,7,03010a neighbor=00:11:22:33:44:57,0x0000,1,36,7 neighbor=00:11:22:33:44:59,0x0000,34,100,7 neighbor=00:11:22:33:44:5c,0x0000,59,1,7")
-
-        # Make the test take less time by limiting full scans
-        dev[0].set_network(id, "scan_freq", "2412")
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,30,0,7,0301ff neighbor=22:33:44:55:66:77,0x0000,30,14,7 neighbor=00:11:22:33:44:56,0x0000,31,13,7 neighbor=00:11:22:33:44:57,0x0000,1,33,7 neighbor=00:11:22:33:44:58,0x0000,1,65,7 neighbor=00:11:22:33:44:5a,0x0000,34,99,7 neighbor=00:11:22:33:44:5b,0x0000,34,141,7 neighbor=00:11:22:33:44:5d,0x0000,59,0,7 neighbor=00:11:22:33:44:5e,0x0000,59,4,7 neighbor=00:11:22:33:44:5f,0x0000,0,0,7")
-    finally:
-        stop_wnm_tm(hapd, dev)
-
-def test_wnm_bss_tm_country_cn(dev, apdev):
-    """WNM BSS Transition Management (CN)"""
-    addr = dev[0].p2p_interface_addr()
-    try:
-        hapd = None
-        hapd, id = start_wnm_tm(apdev[0], "CN", dev[0])
-
-        logger.info("Preferred Candidate List (no matching neighbor, known channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,7,3,7,0301ff neighbor=00:11:22:33:44:55,0x0000,1,36,7,03010a neighbor=00:11:22:33:44:57,0x0000,3,149,7 neighbor=00:11:22:33:44:59,0x0000,6,149,7")
-
-        # Make the test take less time by limiting full scans
-        dev[0].set_network(id, "scan_freq", "2412")
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,7,0,7,0301ff neighbor=22:33:44:55:66:77,0x0000,7,14,7 neighbor=00:11:22:33:44:56,0x0000,1,35,7 neighbor=00:11:22:33:44:57,0x0000,1,65,7 neighbor=00:11:22:33:44:58,0x0000,3,148,7 neighbor=00:11:22:33:44:5a,0x0000,3,166,7 neighbor=00:11:22:33:44:5f,0x0000,0,0,7")
-    finally:
-        stop_wnm_tm(hapd, dev)
-
-def test_wnm_bss_tm_global(dev, apdev):
-    """WNM BSS Transition Management (global)"""
-    run_wnm_bss_tm_global(dev, apdev, "XX", None)
-
-def test_wnm_bss_tm_global4(dev, apdev):
-    """WNM BSS Transition Management (global; indicate table E-4)"""
-    run_wnm_bss_tm_global(dev, apdev, "FI", "0x04")
-
-def run_wnm_bss_tm_global(dev, apdev, country, country3):
-    addr = dev[0].p2p_interface_addr()
-    try:
-        hapd = None
-        hapd, id = start_wnm_tm(apdev[0], country, dev[0], country3=country3)
-
-        logger.info("Preferred Candidate List (no matching neighbor, known channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=11:22:33:44:55:66,0x0000,81,3,7,0301ff neighbor=00:11:22:33:44:55,0x0000,82,14,7,03010a neighbor=00:11:22:33:44:57,0x0000,83,1,7 neighbor=00:11:22:33:44:59,0x0000,115,36,7 neighbor=00:11:22:33:44:5a,0x0000,121,100,7 neighbor=00:11:22:33:44:5c,0x0000,124,149,7 neighbor=00:11:22:33:44:5d,0x0000,125,149,7 neighbor=00:11:22:33:44:5e,0x0000,128,42,7 neighbor=00:11:22:33:44:5f,0x0000,129,50,7 neighbor=00:11:22:33:44:60,0x0000,180,1,7")
-
-        # Make the test take less time by limiting full scans
-        dev[0].set_network(id, "scan_freq", "2412")
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=00:11:22:33:44:00,0x0000,81,0,7 neighbor=00:11:22:33:44:01,0x0000,81,14,7 neighbor=00:11:22:33:44:02,0x0000,82,13,7 neighbor=00:11:22:33:44:03,0x0000,83,0,7 neighbor=00:11:22:33:44:04,0x0000,83,14,7 neighbor=00:11:22:33:44:05,0x0000,115,35,7 neighbor=00:11:22:33:44:06,0x0000,115,65,7 neighbor=00:11:22:33:44:07,0x0000,121,99,7 neighbor=00:11:22:33:44:08,0x0000,121,141,7 neighbor=00:11:22:33:44:09,0x0000,124,148,7")
-
-        logger.info("Preferred Candidate List (no matching neighbor, unknown channels 2)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=00:11:22:33:44:00,0x0000,124,162,7 neighbor=00:11:22:33:44:01,0x0000,125,148,7 neighbor=00:11:22:33:44:02,0x0000,125,170,7 neighbor=00:11:22:33:44:03,0x0000,128,35,7 neighbor=00:11:22:33:44:04,0x0000,128,162,7 neighbor=00:11:22:33:44:05,0x0000,129,49,7 neighbor=00:11:22:33:44:06,0x0000,129,115,7 neighbor=00:11:22:33:44:07,0x0000,180,0,7 neighbor=00:11:22:33:44:08,0x0000,180,5,7 neighbor=00:11:22:33:44:09,0x0000,0,0,7")
-    finally:
-        stop_wnm_tm(hapd, dev)
-
-def test_wnm_bss_tm_op_class_0(dev, apdev):
-    """WNM BSS Transition Management with invalid operating class"""
-    try:
-        hapd = None
-        hapd, id = start_wnm_tm(apdev[0], "US", dev[0])
-
-        logger.info("Preferred Candidate List (no matching neighbor, invalid op class specified for channels)")
-        wnm_bss_tm_check(hapd, dev[0], "pref=1 neighbor=00:11:22:33:44:59,0x0000,0,149,7 neighbor=00:11:22:33:44:5b,0x0000,0,1,7")
-    finally:
-        stop_wnm_tm(hapd, dev)
-
-def test_wnm_bss_tm_rsn(dev, apdev):
-    """WNM BSS Transition Management with RSN"""
-    passphrase = "zxcvbnm,.-"
-    try:
-        hapd = None
-        hapd2 = None
-        hapd = start_wnm_ap(apdev[0], country_code="FI", hw_mode="g",
-                            channel="1",
-                            rsn=True, pmf=False, passphrase=passphrase)
-        hapd2 = start_wnm_ap(apdev[1], country_code="FI", hw_mode="a",
-                             channel="36",
-                             rsn=True, pmf=False, passphrase=passphrase)
-        dev[0].scan_for_bss(apdev[1]['bssid'], 5180)
-
-        id = dev[0].connect("test-wnm-rsn", psk=passphrase,
-                            bssid=apdev[0]['bssid'], scan_freq="2412")
-        dev[0].set_network(id, "scan_freq", "")
-        dev[0].set_network(id, "bssid", "")
-
-        addr = dev[0].own_addr()
-        dev[0].dump_monitor()
-
-        time.sleep(0.5)
-        logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000," + "115,36,7,0301ff"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if "status_code=0" not in ev:
-            raise Exception("BSS transition request was not accepted: " + ev)
-        if "target_bssid=" + apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected target BSS: " + ev)
-        dev[0].wait_connected(timeout=15, error="No reassociation seen")
-        if apdev[1]['bssid'] not in ev:
-            raise Exception("Unexpected reassociation target: " + ev)
-    finally:
-        clear_regdom_state(dev, hapd, hapd2)
-
-def test_wnm_action_proto(dev, apdev):
-    """WNM Action protocol testing"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False, wnm_sleep_mode=True)
-    bssid = apdev[0]['bssid']
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("WNM_SLEEP enter")
-    time.sleep(0.1)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dev[0].own_addr()
-    msg['sa'] = bssid
-    msg['bssid'] = bssid
-
-    dialog_token = 1
-
-    logger.debug("Unexpected WNM-Notification Response")
-    # Note: This is actually not registered for user space processing in
-    # driver_nl80211.c nl80211_mgmt_subscribe_non_ap() and as such, won't make
-    # it to wpa_supplicant.
-    msg['payload'] = struct.pack("<BBBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_RESP,
-                                 dialog_token, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("Truncated WNM-Notification Request (no Type field)")
-    msg['payload'] = struct.pack("<BBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated IE (min)")
-    msg['payload'] = struct.pack("<BBBBBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0, 1)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated IE (max)")
-    msg['payload'] = struct.pack("<BBBBBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0, 255)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with too short IE")
-    msg['payload'] = struct.pack("<BBBBBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated Sub Rem URL")
-    msg['payload'] = struct.pack(">BBBBBBLB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0xdd, 5,
-                                 0x506f9a00, 1)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated Sub Rem URL(2)")
-    msg['payload'] = struct.pack(">BBBBBBLBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0xdd, 6,
-                                 0x506f9a00, 1, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated Sub Rem URL(3)")
-    msg['payload'] = struct.pack(">BBBBBBLB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0xdd, 5,
-                                 0x506f9a00, 0xff)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated Deauth Imminent URL(min)")
-    msg['payload'] = struct.pack(">BBBBBBLBHB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0xdd, 8,
-                                 0x506f9a01, 0, 0, 1)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with truncated Deauth Imminent URL(max)")
-    msg['payload'] = struct.pack(">BBBBBBLBHB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0xdd, 8,
-                                 0x506f9a01, 0, 0, 0xff)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WFA WNM-Notification Request with unsupported IE")
-    msg['payload'] = struct.pack("<BBBBBBL",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_WFA, 0xdd, 4, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM-Notification Request with unknown WNM-Notification type 0")
-    msg['payload'] = struct.pack("<BBBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_NOTIFICATION_REQ,
-                                 dialog_token, WNM_NOTIF_TYPE_FW_UPGRADE)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("Truncated WNM Sleep Mode Response - no Dialog Token")
-    msg['payload'] = struct.pack("<BB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("Truncated WNM Sleep Mode Response - no Key Data Length")
-    msg['payload'] = struct.pack("<BBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("Truncated WNM Sleep Mode Response - truncated Key Data (min)")
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 1)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("Truncated WNM Sleep Mode Response - truncated Key Data (max)")
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0xffff)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - truncated IE header")
-    msg['payload'] = struct.pack("<BBBHB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - truncated IE")
-    msg['payload'] = struct.pack("<BBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, 0, 1)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - Empty TFS Response")
-    msg['payload'] = struct.pack("<BBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - EID 0 not recognized")
-    msg['payload'] = struct.pack("<BBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, 0, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - Empty WNM Sleep Mode element and TFS Response element")
-    msg['payload'] = struct.pack("<BBBHBBBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, WLAN_EID_WNMSLEEP, 0, WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - WNM Sleep Mode element and empty TFS Response element")
-    msg['payload'] = struct.pack("<BBBHBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_ENTER,
-                                 WNM_STATUS_SLEEP_ACCEPT, 0,
-                                 WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - WNM Sleep Mode element(exit, deny key) and empty TFS Response element")
-    msg['payload'] = struct.pack("<BBBHBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                 WNM_STATUS_DENIED_KEY, 0,
-                                 WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - WNM Sleep Mode element(enter, deny key) and empty TFS Response element")
-    msg['payload'] = struct.pack("<BBBHBBBBHBB",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 0, WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_ENTER,
-                                 WNM_STATUS_DENIED_KEY, 0,
-                                 WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-@remote_compatible
-def test_wnm_action_proto_pmf(dev, apdev):
-    """WNM Action protocol testing (PMF enabled)"""
-    ssid = "test-wnm-pmf"
-    hapd = start_wnm_ap(apdev[0], rsn=True, wnm_sleep_mode=True, ssid=ssid)
-    bssid = apdev[0]['bssid']
-    dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK-SHA256",
-                   proto="WPA2", ieee80211w="2", scan_freq="2412")
-    dev[0].request("WNM_SLEEP enter")
-    time.sleep(0.1)
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dev[0].own_addr()
-    msg['sa'] = bssid
-    msg['bssid'] = bssid
-
-    logger.debug("WNM Sleep Mode Response - Invalid Key Data element length")
-    keydata = struct.pack("<BB", 0, 1)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - Too short GTK subelem")
-    keydata = struct.pack("<BB", WNM_SLEEP_SUBELEM_GTK, 0)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - Invalid GTK subelem")
-    keydata = struct.pack("<BBHB2L4L", WNM_SLEEP_SUBELEM_GTK, 11 + 16,
-                          0, 17, 0, 0, 0, 0, 0, 0)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - Invalid GTK subelem (2)")
-    keydata = struct.pack("<BBHB2L4L", WNM_SLEEP_SUBELEM_GTK, 11 + 16,
-                          0, 0, 0, 0, 0, 0, 0, 0)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - GTK subelem and too short IGTK subelem")
-    keydata = struct.pack("<BBHB", WNM_SLEEP_SUBELEM_GTK, 11 + 16, 0, 16)
-    keydata += struct.pack(">2L4L", 0x01020304, 0x05060708,
-                           0x11223344, 0x55667788, 0x9900aabb, 0xccddeeff)
-    keydata += struct.pack("<BB", WNM_SLEEP_SUBELEM_IGTK, 0)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    logger.debug("WNM Sleep Mode Response - Unknown subelem")
-    keydata = struct.pack("<BB", 255, 0)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-@remote_compatible
-def test_wnm_action_proto_no_pmf(dev, apdev):
-    """WNM Action protocol testing (PMF disabled)"""
-    ssid = "test-wnm-no-pmf"
-    hapd = start_wnm_ap(apdev[0], rsn=True, pmf=False, bss_transition=False,
-                        wnm_sleep_mode=True, ssid=ssid)
-    bssid = apdev[0]['bssid']
-    dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK",
-                   proto="WPA2", ieee80211w="0", scan_freq="2412")
-    dev[0].request("WNM_SLEEP enter")
-    time.sleep(0.1)
-    hapd.set("ext_mgmt_frame_handling", "1")
-    hapd.dump_monitor()
-    dev[0].request("WNM_SLEEP exit")
-    ev = hapd.wait_event(['MGMT-RX'], timeout=5)
-    if ev is None:
-        raise Exception("WNM-Sleep Mode Request not seen")
-
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dev[0].own_addr()
-    msg['sa'] = bssid
-    msg['bssid'] = bssid
-
-    logger.debug("WNM Sleep Mode Response - GTK subelem and IGTK subelem")
-    keydata = struct.pack("<BBHB", WNM_SLEEP_SUBELEM_GTK, 11 + 16, 0, 16)
-    keydata += struct.pack(">2L4L", 0x01020304, 0x05060708,
-                           0x11223344, 0x55667788, 0x9900aabb, 0xccddeeff)
-    keydata += struct.pack("<BBHLH4L", WNM_SLEEP_SUBELEM_IGTK, 2 + 6 + 16, 0,
-                           0x10203040, 0x5060,
-                           0xf1f2f3f4, 0xf5f6f7f8, 0xf9f0fafb, 0xfcfdfeff)
-    msg['payload'] = struct.pack("<BBBH",
-                                 ACTION_CATEG_WNM, WNM_ACT_SLEEP_MODE_RESP, 0,
-                                 len(keydata))
-    msg['payload'] += keydata
-    msg['payload'] += struct.pack("<BBBBHBB",
-                                  WLAN_EID_WNMSLEEP, 4, WNM_SLEEP_MODE_EXIT,
-                                  WNM_STATUS_SLEEP_ACCEPT, 0,
-                                  WLAN_EID_TFS_RESP, 0)
-    hapd.mgmt_tx(msg)
-    expect_ack(hapd)
-
-    ev = dev[0].wait_event(["WNM: Ignore Key Data"], timeout=5)
-    if ev is None:
-        raise Exception("Key Data not ignored")
-
-def test_wnm_bss_tm_req_with_mbo_ie(dev, apdev):
-    """WNM BSS transition request with MBO IE and reassociation delay attribute"""
-    ssid = "test-wnm-mbo"
-    hapd = start_wnm_ap(apdev[0], rsn=True, pmf=False, ssid=ssid)
-    bssid = apdev[0]['bssid']
-    if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
-        raise Exception("Failed to set STA as cellular data capable")
-
-    dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK",
-                   proto="WPA2", ieee80211w="0", scan_freq="2412")
-
-    logger.debug("BTM request with MBO reassociation delay when disassoc imminent is not set")
-    if 'FAIL' not in hapd.request("BSS_TM_REQ " + dev[0].own_addr() + " mbo=3:2:1"):
-        raise Exception("BSS transition management succeeded unexpectedly")
-
-    logger.debug("BTM request with invalid MBO transition reason code")
-    if 'FAIL' not in hapd.request("BSS_TM_REQ " + dev[0].own_addr() + " mbo=10:2:1"):
-        raise Exception("BSS transition management succeeded unexpectedly")
-
-    logger.debug("BTM request with MBO reassociation retry delay of 5 seconds")
-    if 'OK' not in hapd.request("BSS_TM_REQ " + dev[0].own_addr() + " disassoc_imminent=1 disassoc_timer=3 mbo=3:5:1"):
-        raise Exception("BSS transition management command failed")
-
-    ev = dev[0].wait_event(['MBO-CELL-PREFERENCE'], 1)
-    if ev is None or "preference=1" not in ev:
-        raise Exception("Timeout waiting for MBO-CELL-PREFERENCE event")
-
-    ev = dev[0].wait_event(['MBO-TRANSITION-REASON'], 1)
-    if ev is None or "reason=3" not in ev:
-        raise Exception("Timeout waiting for MBO-TRANSITION-REASON event")
-
-    t0 = datetime.now()
-
-    ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response")
-    if dev[0].own_addr() not in ev:
-        raise Exception("Unexpected BSS Transition Management Response address")
-
-    ev = dev[0].wait_event(['CTRL-EVENT-DISCONNECTED'], 5)
-    if ev is None:
-        raise Exception("Station did not disconnect although disassoc imminent was set")
-
-    # Set the scan interval to make dev[0] look for connections
-    if 'OK' not in dev[0].request("SCAN_INTERVAL 1"):
-        raise Exception("Failed to set scan interval")
-
-    # Wait until connected
-    ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED'], 10)
-    if ev is None:
-        raise Exception("Station did not connect")
-
-    # Make sure no connection is made during the retry delay
-    time_diff = datetime.now() - t0
-    if time_diff.total_seconds() < 5:
-        raise Exception("Station connected before assoc retry delay was over")
-
-    if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
-        raise Exception("Failed to set STA as cellular data not-capable")
-
-@remote_compatible
-def test_wnm_bss_transition_mgmt_query(dev, apdev):
-    """WNM BSS Transition Management query"""
-    hapd = start_wnm_ap(apdev[0])
-    params = {"ssid": "another"}
-    hapd2 = hostapd.add_ap(apdev[1], params)
-
-    dev[0].scan_for_bss(apdev[1]['bssid'], 2412)
-    dev[0].scan_for_bss(apdev[0]['bssid'], 2412)
-
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("WNM_BSS_QUERY 0 list")
-
-    ev = dev[0].wait_event(["WNM: BSS Transition Management Request"],
-                           timeout=5)
-    if ev is None:
-        raise Exception("No BSS Transition Management Request frame seen")
-
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response frame seen")
-
-def test_wnm_bss_transition_mgmt_query_disabled_on_ap(dev, apdev):
-    """WNM BSS Transition Management query - TM disabled on AP"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    # Ignore BSS Transition Management Query from 02:00:00:00:00:00 since BSS Transition Management is disabled
-    dev[0].request("WNM_BSS_QUERY 0 list")
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected BSS TM Response reported")
-
-def test_wnm_bss_transition_mgmt_query_mbo(dev, apdev):
-    """WNM BSS Transition Management query - TM only due to MBO on AP"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False, mbo=True)
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("WNM_BSS_QUERY 0 list")
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("No BSS TM Response reported")
-
-@remote_compatible
-def test_wnm_bss_tm_security_mismatch(dev, apdev):
-    """WNM BSS Transition Management and security mismatch"""
-    hapd = start_wnm_ap(apdev[0], hw_mode="g", channel="1", ssid="test-wnm",
-                        rsn=True, pmf=False)
-    hapd2 = start_wnm_ap(apdev[1], hw_mode="g", channel="11")
-    dev[0].scan_for_bss(apdev[1]['bssid'], 2462)
-
-    id = dev[0].connect("test-wnm", psk="12345678",
-                        bssid=apdev[0]['bssid'], scan_freq="2412")
-    dev[0].set_network(id, "scan_freq", "")
-    dev[0].set_network(id, "bssid", "")
-
-    addr = dev[0].own_addr()
-    dev[0].dump_monitor()
-
-    logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-    if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff"):
-        raise Exception("BSS_TM_REQ command failed")
-    ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response")
-    if "status_code=7" not in ev:
-        raise Exception("Unexpected BSS transition request response: " + ev)
-
-def test_wnm_bss_tm_connect_cmd(dev, apdev):
-    """WNM BSS Transition Management and cfg80211 connect command"""
-    hapd = start_wnm_ap(apdev[0], hw_mode="g", channel="1")
-    hapd2 = start_wnm_ap(apdev[1], hw_mode="g", channel="11")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
-
-    wpas.scan_for_bss(apdev[1]['bssid'], 2462)
-
-    id = wpas.connect("test-wnm", key_mgmt="NONE",
-                      bssid=apdev[0]['bssid'], scan_freq="2412")
-    wpas.set_network(id, "scan_freq", "")
-    wpas.set_network(id, "bssid", "")
-
-    addr = wpas.own_addr()
-    wpas.dump_monitor()
-
-    logger.info("Preferred Candidate List (matching neighbor for another BSS) without Disassociation Imminent")
-    if "OK" not in hapd.request("BSS_TM_REQ " + addr + " pref=1 abridged=1 valid_int=255 neighbor=" + apdev[1]['bssid'] + ",0x0000,115,36,7,0301ff"):
-        raise Exception("BSS_TM_REQ command failed")
-    ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response")
-    if "status_code=0" not in ev:
-        raise Exception("BSS transition request was not accepted: " + ev)
-    if "target_bssid=" + apdev[1]['bssid'] not in ev:
-        raise Exception("Unexpected target BSS: " + ev)
-    ev = wpas.wait_event(["CTRL-EVENT-CONNECTED",
-                          "CTRL-EVENT-DISCONNECTED"], timeout=10)
-    if ev is None:
-        raise Exception("No reassociation seen")
-    if "CTRL-EVENT-DISCONNECTED" in ev:
-        raise Exception("Unexpected disconnection reported")
-    if apdev[1]['bssid'] not in ev:
-        raise Exception("Unexpected reassociation target: " + ev)
-
-def test_wnm_bss_tm_reject(dev, apdev):
-    """WNM BSS Transition Management request getting rejected"""
-    try:
-        hapd = None
-        hapd = start_wnm_ap(apdev[0], country_code="FI", hw_mode="g",
-                            channel="1")
-        id = dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-        addr = dev[0].own_addr()
-        dev[0].dump_monitor()
-
-        if "OK" not in dev[0].request("SET reject_btm_req_reason 123"):
-            raise Exception("Failed to set reject_btm_req_reason")
-
-        if "OK" not in hapd.request("BSS_TM_REQ " + addr + " disassoc_timer=1"):
-            raise Exception("BSS_TM_REQ command failed")
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=10)
-        if ev is None:
-            raise Exception("No BSS Transition Management Response")
-        if addr not in ev:
-            raise Exception("Unexpected BSS Transition Management Response address")
-        if "status_code=123" not in ev:
-            raise Exception("Unexpected BSS Transition Management Response status: " + ev)
-        dev[0].wait_disconnected()
-        dev[0].wait_connected()
-    finally:
-        if hapd:
-            hapd.request("DISABLE")
-        dev[0].disconnect_and_stop_scan()
-        subprocess.call(['iw', 'reg', 'set', '00'])
-        dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
-        dev[0].flush_scan_cache()
-
-def test_wnm_bss_tm_ap_proto(dev, apdev):
-    """WNM BSS TM - protocol testing for AP message parsing"""
-    hapd = start_wnm_ap(apdev[0])
-    bssid = hapd.own_addr()
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-    tests = ["0a",
-             "0a06",
-             "0a0601",
-             "0a060100",
-             "0a080000",
-             "0a08000000",
-             "0a080000001122334455",
-             "0a08000000112233445566",
-             "0a08000000112233445566112233445566778899",
-             "0a08ffffff",
-             "0a08ffffff112233445566778899",
-             "0a1a",
-             "0a1a00",
-             "0a1a0000",
-             "0a0c016015007f0f000000000000000000000000000000000000",
-             "0a0700",
-             "0aff00",
-             "0aff"]
-    for t in tests:
-        if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-def test_wnm_bss_transition_mgmt_query_with_unknown_candidates(dev, apdev):
-    """WNM BSS Transition Management query with unknown candidates"""
-    hapd = start_wnm_ap(apdev[0])
-    dev[0].scan_for_bss(apdev[0]['bssid'], 2412)
-
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    dev[0].request("WNM_BSS_QUERY 0 neighbor=00:11:22:33:44:55,0,81,1,4")
-
-    ev = dev[0].wait_event(["WNM: BSS Transition Management Request"],
-                           timeout=5)
-    if ev is None:
-        raise Exception("No BSS Transition Management Request frame seen")
-
-    ev = hapd.wait_event(["BSS-TM-RESP"], timeout=5)
-    if ev is None:
-        raise Exception("No BSS Transition Management Response frame seen")
-
-def test_wnm_time_adv_without_time_zone(dev, apdev):
-    """WNM Time Advertisement without time zone configuration"""
-    params = {"ssid": "test-wnm",
-              "time_advertisement": "2"}
-    hostapd.add_ap(apdev[0], params)
-
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-
-def test_wnm_coloc_intf_reporting(dev, apdev):
-    """WNM Collocated Interference Reporting"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False,
-                        coloc_intf_reporting=True)
-
-    no_intf = struct.pack("<BBBBBLLLLH", 96, 21, 0, 127, 0x0f, 0, 0, 0, 0, 0)
-
-    try:
-        dev[0].set("coloc_intf_reporting", "1")
-        dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-        addr = dev[0].own_addr()
-        if "OK" not in hapd.request("COLOC_INTF_REQ %s 1 5" % addr):
-            raise Exception("Could not send Collocated Interference Request")
-        ev = dev[0].wait_event(["COLOC-INTF-REQ"], timeout=2)
-        if ev is None:
-            raise Exception("No Collocated Interference Request frame seen")
-        vals = ev.split(' ')
-        if vals[2] != '1' or vals[3] != '5':
-            raise Exception("Unexpected request values: " + ev)
-        dev[0].set("coloc_intf_elems", binascii.hexlify(no_intf).decode())
-        ev = hapd.wait_event(["COLOC-INTF-REPORT"], timeout=1)
-        if ev is None:
-            raise Exception("No Collocated Interference Report frame seen")
-        if addr + " 1 " + binascii.hexlify(no_intf).decode() not in ev:
-            raise Exception("Unexpected report values: " + ev)
-
-        if "OK" not in hapd.request("COLOC_INTF_REQ %s 0 0" % addr):
-            raise Exception("Could not send Collocated Interference Request")
-        ev = dev[0].wait_event(["COLOC-INTF-REQ"], timeout=2)
-        if ev is None:
-            raise Exception("No Collocated Interference Request frame seen")
-        vals = ev.split(' ')
-        if vals[2] != '0' or vals[3] != '0':
-            raise Exception("Unexpected request values: " + ev)
-
-        res = dev[0].request("COLOC_INTF_REPORT " + binascii.hexlify(no_intf).decode())
-        if "OK" not in res:
-            raise Exception("Could not send unsolicited report")
-        ev = hapd.wait_event(["COLOC-INTF-REPORT"], timeout=1)
-        if ev is None:
-            raise Exception("No Collocated Interference Report frame seen")
-        if addr + " 0 " + binascii.hexlify(no_intf).decode() not in ev:
-            raise Exception("Unexpected report values: " + ev)
-
-        if "FAIL" not in hapd.request("COLOC_INTF_REQ foo 1 5"):
-            raise Exception("Invalid COLOC_INTF_REQ accepted")
-        if "FAIL" not in hapd.request("COLOC_INTF_REQ 02:ff:ff:ff:ff:ff 1 5"):
-            raise Exception("COLOC_INTF_REQ for unknown STA accepted")
-        if "FAIL" not in hapd.request("COLOC_INTF_REQ %s 1" % addr):
-            raise Exception("Invalid COLOC_INTF_REQ accepted")
-        if "FAIL" not in hapd.request("COLOC_INTF_REQ %s" % addr):
-            raise Exception("Invalid COLOC_INTF_REQ accepted")
-    finally:
-        dev[0].set("coloc_intf_reporting", "0")
-        dev[0].set("coloc_intf_elems", "")
-
-def test_wnm_coloc_intf_reporting_errors(dev, apdev):
-    """WNM Collocated Interference Reporting errors"""
-    hapd = start_wnm_ap(apdev[0], bss_transition=False,
-                        coloc_intf_reporting=True)
-    bssid = hapd.own_addr()
-    dev[0].set("coloc_intf_reporting", "1")
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-    if "FAIL" not in hapd.request("COLOC_INTF_REQ %s 4 5" % addr):
-        raise Exception("Invalid Collocated Interference Request accepted")
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-    tests = ["0a0c016015007f0f000000000000000000000000000000000000",
-             "0a0c"]
-    with alloc_fail(hapd, 1, "ieee802_11_rx_wnm_coloc_intf_report"):
-        for t in tests:
-            if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-                raise Exception("MGMT_RX_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-def test_wnm_bss_transition_mgmt_disabled(dev, apdev):
-    """WNM BSS Transition Management disabled"""
-    hapd = start_wnm_ap(apdev[0])
-    try:
-        dev[0].set("disable_btm", "1")
-        dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
-        addr = dev[0].own_addr()
-        hapd.request("BSS_TM_REQ " + addr)
-        ev = hapd.wait_event(['BSS-TM-RESP'], timeout=0.5)
-        if ev is not None:
-            raise Exception("Unexpected BSS Transition Management Response")
-    finally:
-        dev[0].set("disable_btm", "0")
-
-def test_wnm_time_adv_restart(dev, apdev):
-    """WNM time advertisement and interface restart"""
-    hapd = start_wnm_ap(apdev[0], time_adv=True)
-    hapd.disable()
-    hapd.enable()
-    dev[0].connect("test-wnm", key_mgmt="NONE", scan_freq="2412")
diff --git a/tests/hwsim/test_wpas_ap.py b/tests/hwsim/test_wpas_ap.py
deleted file mode 100644
index fb70cd3bb49f..000000000000
--- a/tests/hwsim/test_wpas_ap.py
+++ /dev/null
@@ -1,927 +0,0 @@
-# wpa_supplicant AP mode tests
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import hostapd
-from remotehost import remote_compatible
-import time
-import logging
-logger = logging.getLogger()
-
-import hwsim_utils
-from utils import *
-from wpasupplicant import WpaSupplicant
-from test_p2p_channel import set_country
-
-def wait_ap_ready(dev):
-    ev = dev.wait_event(["CTRL-EVENT-CONNECTED"])
-    if ev is None:
-        raise Exception("AP failed to start")
-
-def test_wpas_ap_open(dev):
-    """wpa_supplicant AP mode - open network"""
-    if "FAIL" not in dev[0].request("DEAUTHENTICATE 00:11:22:33:44:55"):
-        raise Exception("Unexpected DEAUTHENTICATE accepted")
-    if "FAIL" not in dev[0].request("DISASSOCIATE 00:11:22:33:44:55"):
-        raise Exception("Unexpected DISASSOCIATE accepted")
-    if "FAIL" not in dev[0].request("CHAN_SWITCH 0 2432"):
-        raise Exception("Unexpected CHAN_SWITCH accepted")
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    if "FAIL" not in dev[0].request("DEAUTHENTICATE foo"):
-        raise Exception("Invalid DEAUTHENTICATE accepted")
-    if "FAIL" not in dev[0].request("DISASSOCIATE foo"):
-        raise Exception("Invalid DISASSOCIATE accepted")
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    dev[2].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-
-    addr1 = dev[1].p2p_interface_addr()
-    addr2 = dev[2].p2p_interface_addr()
-    addrs = [addr1, addr2]
-    sta = dev[0].get_sta(None)
-    if sta['addr'] not in addrs:
-        raise Exception("Unexpected STA address")
-    sta1 = dev[0].get_sta(sta['addr'])
-    if sta1['addr'] not in addrs:
-        raise Exception("Unexpected STA address")
-    sta2 = dev[0].get_sta(sta['addr'], next=True)
-    if sta2['addr'] not in addrs:
-        raise Exception("Unexpected STA2 address")
-    sta3 = dev[0].get_sta(sta2['addr'], next=True)
-    if len(sta3) != 0:
-        raise Exception("Unexpected STA iteration result (did not stop)")
-
-    status = dev[0].get_status()
-    if status['mode'] != "AP":
-        raise Exception("Unexpected status mode")
-
-    dev[1].dump_monitor()
-    dev[2].dump_monitor()
-    dev[0].request("DEAUTHENTICATE " + addr1)
-    dev[0].request("DISASSOCIATE " + addr2)
-    dev[1].wait_disconnected(timeout=10)
-    dev[2].wait_disconnected(timeout=10)
-    dev[1].wait_connected(timeout=10, error="Reconnection timed out")
-    dev[2].wait_connected(timeout=10, error="Reconnection timed out")
-    dev[1].request("DISCONNECT")
-    dev[2].request("DISCONNECT")
-
-def test_wpas_ap_open_isolate(dev):
-    """wpa_supplicant AP mode - open network with client isolation"""
-    try:
-        dev[0].set("ap_isolate", "1")
-        id = dev[0].add_network()
-        dev[0].set_network(id, "mode", "2")
-        dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network(id, "frequency", "2412")
-        dev[0].set_network(id, "scan_freq", "2412")
-        dev[0].select_network(id)
-        wait_ap_ready(dev[0])
-
-        dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-        dev[2].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-        hwsim_utils.test_connectivity(dev[0], dev[2])
-        hwsim_utils.test_connectivity(dev[1], dev[2], success_expected=False,
-                                      timeout=1)
-    finally:
-        dev[0].set("ap_isolate", "0")
-
-@remote_compatible
-def test_wpas_ap_wep(dev):
-    """wpa_supplicant AP mode - WEP"""
-    check_wep_capa(dev[0])
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-wep")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network_quoted(id, "wep_key0", "hello")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].connect("wpas-ap-wep", key_mgmt="NONE", wep_key0='"hello"',
-                   scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    dev[1].request("DISCONNECT")
-
-@remote_compatible
-def test_wpas_ap_no_ssid(dev):
-    """wpa_supplicant AP mode - invalid network configuration"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected AP start")
-
-@remote_compatible
-def test_wpas_ap_default_frequency(dev):
-    """wpa_supplicant AP mode - default frequency"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2462")
-    dev[1].request("DISCONNECT")
-
-@remote_compatible
-def test_wpas_ap_invalid_frequency(dev):
-    """wpa_supplicant AP mode - invalid frequency configuration"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2413")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected AP start")
-
-def test_wpas_ap_wps(dev):
-    """wpa_supplicant AP mode - WPS operations"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
-    dev[0].set_network_quoted(id, "psk", "1234567890")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    bssid = dev[0].p2p_interface_addr()
-
-    logger.info("Test PBC mode start/stop")
-    if "FAIL" not in dev[0].request("WPS_CANCEL"):
-        raise Exception("Unexpected WPS_CANCEL success")
-    dev[0].request("WPS_PBC")
-    ev = dev[0].wait_event(["WPS-PBC-ACTIVE"])
-    if ev is None:
-        raise Exception("PBC mode start timeout")
-    if "OK" not in dev[0].request("WPS_CANCEL"):
-        raise Exception("Unexpected WPS_CANCEL failure")
-    ev = dev[0].wait_event(["WPS-TIMEOUT"])
-    if ev is None:
-        raise Exception("PBC mode disabling timeout")
-
-    logger.info("Test PBC protocol run")
-    dev[0].request("WPS_PBC")
-    ev = dev[0].wait_event(["WPS-PBC-ACTIVE"])
-    if ev is None:
-        raise Exception("PBC mode start timeout")
-    dev[1].request("WPS_PBC")
-    dev[1].wait_connected(timeout=30, error="WPS PBC operation timed out")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-    logger.info("Test AP PIN to learn configuration")
-    pin = dev[0].request("WPS_AP_PIN random")
-    if "FAIL" in pin:
-        raise Exception("Could not generate random AP PIN")
-    if pin not in dev[0].request("WPS_AP_PIN get"):
-        raise Exception("Could not fetch current AP PIN")
-    dev[2].wps_reg(bssid, pin)
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-
-    dev[1].request("REMOVE_NETWORK all")
-    dev[2].request("REMOVE_NETWORK all")
-
-    logger.info("Test AP PIN operations")
-    dev[0].request("WPS_AP_PIN disable")
-    dev[0].request("WPS_AP_PIN set " + pin + " 1")
-    time.sleep(1.1)
-    if "FAIL" not in dev[0].request("WPS_AP_PIN get"):
-        raise Exception("AP PIN unexpectedly still enabled")
-
-    pin = dev[1].wps_read_pin()
-    dev[0].request("WPS_PIN any " + pin)
-    dev[1].request("WPS_PIN any " + pin)
-    dev[1].wait_connected(timeout=30)
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].dump_monitor()
-
-    dev[0].request("WPS_PIN any " + pin + " 100")
-    dev[1].request("WPS_PIN any " + pin)
-    dev[1].wait_connected(timeout=30)
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].dump_monitor()
-
-    dev[0].request("WPS_AP_PIN set 12345670")
-    dev[0].dump_monitor()
-
-    runs = ("88887777", "12340000", "00000000", "12345670")
-    for pin in runs:
-        logger.info("Try AP PIN " + pin)
-        dev[2].dump_monitor()
-        dev[2].request("WPS_REG " + bssid + " " + pin)
-        ev = dev[2].wait_event(["WPS-SUCCESS", "WPS-FAIL msg"], timeout=15)
-        if ev is None:
-            raise Exception("WPS operation timed out")
-        if "WPS-SUCCESS" in ev:
-            raise Exception("WPS operation succeeded unexpectedly")
-        dev[2].wait_disconnected(timeout=10)
-        dev[2].request("WPS_CANCEL")
-        dev[2].request("REMOVE_NETWORK all")
-    ev = dev[0].wait_event(["WPS-AP-SETUP-LOCKED"])
-    if ev is None:
-        raise Exception("WPS AP PIN not locked")
-
-    dev[0].dump_monitor()
-    logger.info("Test random AP PIN timeout")
-    pin = dev[0].request("WPS_AP_PIN random 1")
-    if "FAIL" in pin:
-        raise Exception("Could not generate random AP PIN")
-    res = dev[0].request("WPS_AP_PIN get")
-    if pin not in res:
-        raise Exception("Could not fetch current AP PIN")
-    for i in range(10):
-        time.sleep(0.2)
-        res = dev[0].request("WPS_AP_PIN get")
-        if "FAIL" in res:
-            break
-    if "FAIL" not in res:
-        raise Exception("WPS_AP_PIN random timeout did not work")
-
-    if "FAIL" not in dev[0].request("WPS_AP_PIN foo"):
-        raise Exception("Invalid WPS_AP_PIN command not rejected")
-    if "FAIL" not in dev[0].request("WPS_AP_PIN set"):
-        raise Exception("Invalid WPS_AP_PIN command not rejected")
-
-def test_wpas_ap_wps_frag(dev):
-    """wpa_supplicant AP mode - WPS operations with fragmentation"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
-    dev[0].set_network_quoted(id, "psk", "1234567890")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "fragment_size", "300")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    bssid = dev[0].own_addr()
-
-    pin = dev[1].wps_read_pin()
-    dev[0].request("WPS_PIN any " + pin)
-    dev[1].scan_for_bss(bssid, freq="2412")
-    dev[1].request("WPS_PIN " + bssid + " " + pin)
-    dev[1].wait_connected(timeout=30)
-
-def test_wpas_ap_wps_pbc_overlap(dev):
-    """wpa_supplicant AP mode - WPS operations with PBC overlap"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
-    dev[0].set_network_quoted(id, "psk", "1234567890")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    bssid = dev[0].p2p_interface_addr()
-
-    dev[1].scan_for_bss(bssid, freq="2412")
-    dev[1].dump_monitor()
-    dev[2].scan_for_bss(bssid, freq="2412")
-    dev[2].dump_monitor()
-    dev[0].request("WPS_PBC")
-    dev[1].request("WPS_PBC " + bssid)
-    dev[2].request("WPS_PBC " + bssid)
-
-    ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
-    if ev is None:
-        raise Exception("PBC session overlap not detected (dev1)")
-    if "config_error=12" not in ev:
-        raise Exception("PBC session overlap not correctly reported (dev1)")
-
-    ev = dev[2].wait_event(["WPS-M2D"], timeout=15)
-    if ev is None:
-        raise Exception("PBC session overlap not detected (dev2)")
-    if "config_error=12" not in ev:
-        raise Exception("PBC session overlap not correctly reported (dev2)")
-
-    if "FAIL-PBC-OVERLAP" not in dev[0].request("WPS_PBC"):
-        raise Exception("WPS_PBC(AP) accepted during overlap")
-    if "FAIL-PBC-OVERLAP" not in dev[0].request("WPS_PBC any"):
-        raise Exception("WPS_PBC(AP) accepted during overlap")
-    dev[0].request("WPS_CANCEL")
-    dev[1].request("WPS_CANCEL")
-    dev[2].request("WPS_CANCEL")
-
-@remote_compatible
-def test_wpas_ap_wps_disabled(dev):
-    """wpa_supplicant AP mode - WPS disabled"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-no-wps")
-    dev[0].set_network_quoted(id, "psk", "12345678")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "wps_disabled", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].connect("wpas-ap-no-wps", psk="12345678", scan_freq="2412")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-
-def test_wpas_ap_dfs(dev):
-    """wpa_supplicant AP mode - DFS"""
-    if dev[0].get_mcc() > 1:
-        raise HwsimSkip("DFS is not supported with multi channel contexts")
-
-    try:
-        _test_wpas_ap_dfs(dev)
-    finally:
-        set_country("00")
-        dev[0].request("SET country 00")
-        dev[1].flush_scan_cache()
-
-def _test_wpas_ap_dfs(dev):
-    set_country("US")
-    dev[0].request("SET country US")
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-dfs")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "5260")
-    dev[0].set_network(id, "scan_freq", "5260")
-    dev[0].select_network(id)
-
-    ev = dev[0].wait_event(["DFS-CAC-START"])
-    if ev is None:
-        # For now, assume DFS is not supported by all kernel builds.
-        raise HwsimSkip("CAC did not start - assume not supported")
-
-    ev = dev[0].wait_event(["DFS-CAC-COMPLETED"], timeout=70)
-    if ev is None:
-        raise Exception("CAC did not complete")
-    if "success=1" not in ev:
-        raise Exception("CAC failed")
-    if "freq=5260" not in ev:
-        raise Exception("Unexpected DFS freq result")
-
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
-    if ev is None:
-        raise Exception("AP failed to start")
-
-    dev[1].connect("wpas-ap-dfs", key_mgmt="NONE")
-    dev[1].wait_regdom(country_ie=True)
-    dev[0].request("DISCONNECT")
-    dev[1].disconnect_and_stop_scan()
-
-@remote_compatible
-def test_wpas_ap_disable(dev):
-    """wpa_supplicant AP mode - DISABLE_NETWORK"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-
-    ev = dev[0].wait_event(["AP-ENABLED"])
-    if ev is None:
-        raise Exception("AP-ENABLED event not seen")
-    wait_ap_ready(dev[0])
-    dev[0].request("DISABLE_NETWORK %d" % id)
-    ev = dev[0].wait_event(["AP-DISABLED"])
-    if ev is None:
-        raise Exception("AP-DISABLED event not seen")
-    dev[0].wait_disconnected()
-
-def test_wpas_ap_acs(dev):
-    """wpa_supplicant AP mode - ACS"""
-    res = dev[0].get_capability("acs")
-    if res is None or "ACS" not in res:
-        raise HwsimSkip("ACS not supported")
-
-    # For now, make sure the last operating channel was on 2.4 GHz band to get
-    # sufficient survey data from mac80211_hwsim.
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2417")
-    dev[0].set_network(id, "scan_freq", "2417")
-    dev[0].set_network(id, "acs", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    # ACS prefers channels 1, 6, 11
-    freq = dev[0].get_status_field('freq')
-    if freq == "2417":
-        raise Exception("Unexpected operating channel selected")
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq=freq)
-
-@remote_compatible
-def test_wpas_ap_and_assoc_req_p2p_ie(dev):
-    """wpa_supplicant AP mode - unexpected P2P IE in Association Request"""
-    try:
-        _test_wpas_ap_and_assoc_req_p2p_ie(dev)
-    finally:
-        dev[1].request("VENDOR_ELEM_REMOVE 13 *")
-        dev[0].request("P2P_SET disabled 0")
-
-def _test_wpas_ap_and_assoc_req_p2p_ie(dev):
-    dev[0].request("P2P_SET disabled 1")
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].request("VENDOR_ELEM_ADD 13 dd04506f9a09")
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-@remote_compatible
-def test_wpas_ap_open_ht_disabled(dev):
-    """wpa_supplicant AP mode - open network and HT disabled"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "disable_ht", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-def test_wpas_ap_failures(dev):
-    """wpa_supplicant AP mode - failures"""
-    # No SSID configured for AP mode
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected connection event")
-    dev[0].request("REMOVE_NETWORK all")
-
-    # Invalid pbss value(2) for AP mode
-    dev[0].dump_monitor()
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "pbss", "2")
-    dev[0].select_network(id)
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                            "CTRL-EVENT-DISCONNECTED"], timeout=0.1)
-    if ev is not None and "CTRL-EVENT-CONNECTED" in ev:
-        raise Exception("Unexpected connection event(2)")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_wpas_ap_oom(dev):
-    """wpa_supplicant AP mode - OOM"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap")
-    dev[0].set_network_quoted(id, "psk", "1234567890")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
-        dev[0].select_network(id)
-        dev[0].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap")
-    dev[0].set_network(id, "psk", "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
-        dev[0].select_network(id)
-        dev[0].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-
-    if "WEP40" in dev[0].get_capability("group"):
-        id = dev[0].add_network()
-        dev[0].set_network(id, "mode", "2")
-        dev[0].set_network_quoted(id, "ssid", "wpas-ap")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network_quoted(id, "wep_key0", "hello")
-        dev[0].set_network(id, "frequency", "2412")
-        dev[0].set_network(id, "scan_freq", "2412")
-        with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
-            dev[0].select_network(id)
-            dev[0].wait_disconnected()
-        dev[0].request("REMOVE_NETWORK all")
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("SET manufacturer test")
-    wpas.request("SET model_name test")
-    wpas.request("SET model_number test")
-    wpas.request("SET serial_number test")
-    wpas.request("SET serial_number test")
-    wpas.request("SET serial_number test")
-    wpas.request("SET ap_vendor_elements dd0411223301")
-    id = wpas.add_network()
-    wpas.set_network(id, "mode", "2")
-    wpas.set_network_quoted(id, "ssid", "wpas-ap")
-    wpas.set_network(id, "key_mgmt", "NONE")
-    wpas.set_network(id, "frequency", "2412")
-    wpas.set_network(id, "scan_freq", "2412")
-
-    for i in range(5):
-        with alloc_fail(wpas, i, "=wpa_supplicant_conf_ap"):
-            wpas.select_network(id)
-            ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
-                                    "CTRL-EVENT-DISCONNECTED"], timeout=1)
-        wpas.request("DISCONNECT")
-        wpas.wait_disconnected()
-
-def test_wpas_ap_params(dev):
-    """wpa_supplicant AP mode - parameters"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.request("SET manufacturer test")
-    wpas.request("SET model_name test")
-    wpas.request("SET model_number test")
-    wpas.request("SET serial_number test")
-    wpas.request("SET serial_number test")
-    wpas.request("SET serial_number test")
-    wpas.request("SET ap_vendor_elements dd0411223301")
-    id = wpas.add_network()
-    wpas.set_network(id, "mode", "2")
-    wpas.set_network_quoted(id, "ssid", "wpas-ap")
-    wpas.set_network(id, "key_mgmt", "NONE")
-    wpas.set_network(id, "frequency", "2412")
-    wpas.set_network(id, "scan_freq", "2412")
-    wpas.select_network(id)
-    wpas.wait_connected()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-
-    wpas.request("SET beacon_int 200 3")
-    wpas.request("SET dtim_period 3")
-    wpas.select_network(id)
-    wpas.wait_connected()
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-
-    wpas.set_network(id, "beacon_int", "300")
-    wpas.set_network(id, "dtim_period", "2")
-    wpas.select_network(id)
-    wpas.wait_connected()
-    if "---- AP ----" not in wpas.request("PMKSA"):
-        raise Exception("AP section missing from PMKSA output")
-    if "OK" not in wpas.request("PMKSA_FLUSH"):
-        raise Exception("PMKSA_FLUSH failed")
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-
-def test_wpas_ap_global_sta(dev):
-    """wpa_supplicant AP mode - STA commands on global control interface"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-
-    addr1 = dev[1].own_addr()
-    res = dev[0].global_request("STA " + addr1)
-    if "UNKNOWN COMMAND" in res:
-        raise Exception("STA command not known on global control interface")
-    res = dev[0].global_request("STA-FIRST")
-    if "UNKNOWN COMMAND" in res:
-        raise Exception("STA-FIRST command not known on global control interface")
-    res = dev[0].global_request("STA-NEXT " + addr1)
-    if "UNKNOWN COMMAND" in res:
-        raise Exception("STA-NEXT command not known on global control interface")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[0].request("DISCONNECT")
-    dev[0].wait_disconnected()
-
-def test_wpas_ap_5ghz(dev):
-    """wpa_supplicant AP mode - 5 GHz"""
-    try:
-        _test_wpas_ap_5ghz(dev)
-    finally:
-        set_country("00")
-        dev[0].request("SET country 00")
-        dev[1].flush_scan_cache()
-
-def _test_wpas_ap_5ghz(dev):
-    set_country("US")
-    dev[0].request("SET country US")
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-5ghz")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "5180")
-    dev[0].set_network(id, "scan_freq", "5180")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].connect("wpas-ap-5ghz", key_mgmt="NONE", scan_freq="5180")
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-
-def test_wpas_ap_open_vht80(dev):
-    """wpa_supplicant AP mode - VHT 80 MHz"""
-    id = dev[0].add_network()
-    dev[0].set("country", "FI")
-    try:
-        dev[0].set_network(id, "mode", "2")
-        dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network(id, "frequency", "5180")
-        dev[0].set_network(id, "scan_freq", "5180")
-        dev[0].set_network(id, "vht", "1")
-        dev[0].set_network(id, "vht_center_freq1", "5210")
-        dev[0].set_network(id, "max_oper_chwidth", "1")
-        dev[0].set_network(id, "ht40", "1")
-        dev[0].select_network(id)
-        wait_ap_ready(dev[0])
-
-        dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="5180")
-        sig = dev[1].request("SIGNAL_POLL").splitlines()
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-        dev[1].request("DISCONNECT")
-        dev[1].wait_disconnected()
-        if "FREQUENCY=5180" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
-        if "WIDTH=80 MHz" not in sig:
-            raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    finally:
-        set_country("00")
-        dev[0].set("country", "00")
-        dev[1].flush_scan_cache()
-
-def test_wpas_ap_no_ht(dev):
-    """wpa_supplicant AP mode - HT disabled"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "ht", "0")
-    dev[0].set_network(id, "wps_disabled", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    sig = dev[1].request("SIGNAL_POLL").splitlines()
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "wps_disabled", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    dev[1].flush_scan_cache()
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    sig2 = dev[1].request("SIGNAL_POLL").splitlines()
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
-
-    if "WIDTH=20 MHz (no HT)" not in sig:
-        raise Exception("HT was not disabled: " + str(sig))
-    if "WIDTH=20 MHz" not in sig2:
-        raise Exception("HT was not enabled: " + str(sig2))
-
-def test_wpas_ap_async_fail(dev):
-    """wpa_supplicant AP mode - Async failure"""
-    id = dev[0].add_network()
-    dev[0].set("country", "FI")
-    try:
-        dev[0].set_network(id, "mode", "2")
-        dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-        dev[0].set_network(id, "key_mgmt", "NONE")
-        dev[0].set_network(id, "frequency", "5180")
-        dev[0].set_network(id, "scan_freq", "5180")
-        dev[0].set_network(id, "vht", "1")
-        dev[0].set_network(id, "vht_center_freq1", "5210")
-        dev[0].set_network(id, "max_oper_chwidth", "1")
-        dev[0].set_network(id, "ht40", "1")
-
-        with alloc_fail(dev[0], 1,
-                        "nl80211_get_scan_results;ieee80211n_check_scan"):
-            dev[0].select_network(id)
-            dev[0].wait_disconnected()
-    finally:
-        clear_regdom_dev(dev)
-
-def test_wpas_ap_sae(dev):
-    """wpa_supplicant AP mode - SAE using psk"""
-    run_wpas_ap_sae(dev, False)
-
-def test_wpas_ap_sae_password(dev):
-    """wpa_supplicant AP mode - SAE using sae_password"""
-    run_wpas_ap_sae(dev, True)
-
-def test_wpas_ap_sae_pwe_1(dev):
-    """wpa_supplicant AP mode - SAE using sae_password and sae_pwe=1"""
-    try:
-        dev[0].set("sae_pwe", "1")
-        dev[1].set("sae_pwe", "1")
-        run_wpas_ap_sae(dev, True, sae_password_id=True)
-    finally:
-        dev[0].set("sae_pwe", "0")
-        dev[1].set("sae_pwe", "0")
-
-def run_wpas_ap_sae(dev, sae_password, sae_password_id=False):
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    if "SAE" not in dev[1].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    dev[0].request("SET sae_groups ")
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-sae")
-    dev[0].set_network(id, "proto", "WPA2")
-    dev[0].set_network(id, "key_mgmt", "SAE")
-    dev[0].set_network(id, "pairwise", "CCMP")
-    dev[0].set_network(id, "group", "CCMP")
-    if sae_password:
-        dev[0].set_network_quoted(id, "sae_password", "12345678")
-    else:
-        dev[0].set_network_quoted(id, "psk", "12345678")
-    if sae_password_id:
-        pw_id = "pw id"
-        dev[0].set_network_quoted(id, "sae_password_id", pw_id)
-    else:
-        pw_id = None
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "wps_disabled", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].request("SET sae_groups ")
-    dev[1].connect("wpas-ap-sae", key_mgmt="SAE", sae_password="12345678",
-                   sae_password_id=pw_id, scan_freq="2412")
-
-def test_wpas_ap_scan(dev, apdev):
-    """wpa_supplicant AP mode and scanning"""
-    dev[0].flush_scan_cache()
-
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = hapd.own_addr()
-
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-    dev[0].dump_monitor()
-
-    if "OK" not in dev[0].request("SCAN freq=2412"):
-        raise Exception("SCAN command not accepted")
-    ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS",
-                            "CTRL-EVENT-SCAN-FAILED"], 15)
-    if ev is None:
-        raise Exception("Scan result timed out")
-    if "CTRL-EVENT-SCAN-FAILED ret=-95" in ev:
-        # Scanning in AP mode not supported
-        return
-    if "CTRL-EVENT-SCAN-FAILED" in ev:
-        raise Exception("Unexpected scan failure reason: " + ev)
-    if "CTRL-EVENT-SCAN-RESULTS" in ev:
-        bss = dev[0].get_bss(bssid)
-        if not bss:
-            raise Exception("AP not found in scan")
-
-def test_wpas_ap_sae(dev):
-    """wpa_supplicant AP mode - SAE using psk"""
-    run_wpas_ap_sae(dev, False)
-
-def test_wpas_ap_sae_and_psk_transition_disable(dev):
-    """wpa_supplicant AP mode - SAE+PSK transition disable indication"""
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    if "SAE" not in dev[1].get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-    dev[0].set("sae_groups", "")
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-sae")
-    dev[0].set_network(id, "proto", "WPA2")
-    dev[0].set_network(id, "key_mgmt", "SAE")
-    dev[0].set_network(id, "transition_disable", "1")
-    dev[0].set_network(id, "ieee80211w", "1")
-    dev[0].set_network(id, "pairwise", "CCMP")
-    dev[0].set_network(id, "group", "CCMP")
-    dev[0].set_network_quoted(id, "psk", "12345678")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].set_network(id, "wps_disabled", "1")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    dev[1].set("sae_groups", "")
-    dev[1].connect("wpas-ap-sae", key_mgmt="SAE WPA-PSK",
-                   psk="12345678", ieee80211w="1",
-                   scan_freq="2412")
-    ev = dev[1].wait_event(["TRANSITION-DISABLE"], timeout=1)
-    if ev is None:
-        raise Exception("Transition disable not indicated")
-    if ev.split(' ')[1] != "01":
-        raise Exception("Unexpected transition disable bitmap: " + ev)
-
-    val = dev[1].get_network(id, "ieee80211w")
-    if val != "2":
-        raise Exception("Unexpected ieee80211w value: " + val)
-    val = dev[1].get_network(id, "key_mgmt")
-    if val != "SAE":
-        raise Exception("Unexpected key_mgmt value: " + val)
-    val = dev[1].get_network(id, "group")
-    if val != "CCMP":
-        raise Exception("Unexpected group value: " + val)
-    val = dev[1].get_network(id, "proto")
-    if val != "RSN":
-        raise Exception("Unexpected proto value: " + val)
-
-    dev[1].request("DISCONNECT")
-    dev[1].wait_disconnected()
-    dev[1].request("RECONNECT")
-    dev[1].wait_connected()
-
-def test_wpas_ap_vendor_elems(dev):
-    """wpa_supplicant AP mode - vendor elements"""
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "2")
-    dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].set_network(id, "frequency", "2412")
-    dev[0].set_network(id, "scan_freq", "2412")
-    dev[0].select_network(id)
-    wait_ap_ready(dev[0])
-
-    beacon_elems = "dd0411223301"
-    dev[0].set("ap_vendor_elements", beacon_elems)
-    dev[0].set("ap_assocresp_elements", "dd0411223302")
-    if "OK" not in dev[0].request("UPDATE_BEACON"):
-        raise Exception("UPDATE_BEACON failed")
-
-    dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-    bss = dev[1].get_bss(dev[0].own_addr())
-    if beacon_elems not in bss['ie']:
-        raise Exception("Vendor element not visible in scan results")
diff --git a/tests/hwsim/test_wpas_config.py b/tests/hwsim/test_wpas_config.py
deleted file mode 100644
index 3cd7dfcf3bcf..000000000000
--- a/tests/hwsim/test_wpas_config.py
+++ /dev/null
@@ -1,663 +0,0 @@
-# wpa_supplicant config file
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os
-
-from wpasupplicant import WpaSupplicant
-import hostapd
-from utils import *
-
-config_checks = [("ap_scan", "0"),
-                 ("update_config", "1"),
-                 ("device_name", "name"),
-                 ("eapol_version", "2"),
-                 ("wps_priority", "5"),
-                 ("ip_addr_go", "192.168.1.1"),
-                 ("ip_addr_mask", "255.255.255.0"),
-                 ("ip_addr_start", "192.168.1.10"),
-                 ("ip_addr_end", "192.168.1.20"),
-                 ("disable_scan_offload", "1"),
-                 ("fast_reauth", "0"),
-                 ("uuid", "6aeae5e3-c1fc-4e76-8293-7346e1d1459d"),
-                 ("manufacturer", "MANUF"),
-                 ("model_name", "MODEL"),
-                 ("model_number", "MODEL NUM"),
-                 ("serial_number", "123qwerty"),
-                 ("device_type", "1234-0050F204-4321"),
-                 ("os_version", "01020304"),
-                 ("config_methods", "label push_button"),
-                 ("wps_cred_processing", "1"),
-                 ("wps_vendor_ext_m1", "000137100100020001"),
-                 ("p2p_listen_reg_class", "81"),
-                 ("p2p_listen_channel", "6"),
-                 ("p2p_oper_reg_class", "82"),
-                 ("p2p_oper_channel", "14"),
-                 ("p2p_go_intent", "14"),
-                 ("p2p_ssid_postfix", "foobar"),
-                 ("persistent_reconnect", "1"),
-                 ("p2p_intra_bss", "0"),
-                 ("p2p_group_idle", "2"),
-                 ("p2p_passphrase_len", "63"),
-                 ("p2p_pref_chan", "81:1,82:14,81:11"),
-                 ("p2p_no_go_freq", "2412-2432,2462,5000-6000"),
-                 ("p2p_add_cli_chan", "1"),
-                 ("p2p_optimize_listen_chan", "1"),
-                 ("p2p_go_ht40", "1"),
-                 ("p2p_go_vht", "1"),
-                 ("p2p_go_ctwindow", "1"),
-                 ("p2p_disabled", "1"),
-                 ("p2p_no_group_iface", "1"),
-                 ("p2p_ignore_shared_freq", "1"),
-                 ("p2p_cli_probe", "1"),
-                 ("p2p_go_freq_change_policy", "0"),
-                 ("country", "FI"),
-                 ("bss_max_count", "123"),
-                 ("bss_expiration_age", "45"),
-                 ("bss_expiration_scan_count", "17"),
-                 ("filter_ssids", "1"),
-                 ("filter_rssi", "-10"),
-                 ("max_num_sta", "3"),
-                 ("disassoc_low_ack", "1"),
-                 ("hs20", "1"),
-                 ("interworking", "1"),
-                 ("hessid", "02:03:04:05:06:07"),
-                 ("access_network_type", "7"),
-                 ("pbc_in_m1", "1"),
-                 ("wps_nfc_dev_pw_id", "12345"),
-                 ("wps_nfc_dh_pubkey", "1234567890ABCDEF"),
-                 ("wps_nfc_dh_privkey", "FF1234567890ABCDEFFF"),
-                 ("ext_password_backend", "test"),
-                 ("p2p_go_max_inactivity", "9"),
-                 ("auto_interworking", "1"),
-                 ("okc", "1"),
-                 ("pmf", "1"),
-                 ("dtim_period", "3"),
-                 ("beacon_int", "102"),
-                 ("sae_groups", "5 19"),
-                 ("ap_vendor_elements", "dd0411223301"),
-                 ("ignore_old_scan_res", "1"),
-                 ("freq_list", "2412 2437"),
-                 ("scan_cur_freq", "1"),
-                 ("sched_scan_interval", "13"),
-                 ("external_sim", "1"),
-                 ("tdls_external_control", "1"),
-                 ("wowlan_triggers", "any"),
-                 ("bgscan", '"simple:30:-45:300"'),
-                 ("p2p_search_delay", "123"),
-                 ("mac_addr", "2"),
-                 ("rand_addr_lifetime", "123456789"),
-                 ("preassoc_mac_addr", "1"),
-                 ("gas_rand_addr_lifetime", "567"),
-                 ("gas_rand_mac_addr", "2"),
-                 ("key_mgmt_offload", "0"),
-                 ("user_mpm", "0"),
-                 ("max_peer_links", "17"),
-                 ("cert_in_cb", "0"),
-                 ("mesh_max_inactivity", "31"),
-                 ("dot11RSNASAERetransPeriod", "19"),
-                 ("passive_scan", "1"),
-                 ("reassoc_same_bss_optim", "1"),
-                 ("wpa_rsc_relaxation", "0"),
-                 ("sched_scan_plans", "10:100 20:200 30"),
-                 ("non_pref_chan", "81:5:10:2 81:1:0:2 81:9:0:2"),
-                 ("mbo_cell_capa", "1"),
-                 ("gas_address3", "1"),
-                 ("ftm_responder", "1"),
-                 ("ftm_initiator", "1"),
-                 ("pcsc_reader", "foo"),
-                 ("pcsc_pin", "1234"),
-                 ("driver_param", "testing"),
-                 ("dot11RSNAConfigPMKLifetime", "43201"),
-                 ("dot11RSNAConfigPMKReauthThreshold", "71"),
-                 ("dot11RSNAConfigSATimeout", "61"),
-                 ("sec_device_type", "12345-0050F204-54321"),
-                 ("autoscan", "exponential:3:300"),
-                 ("osu_dir", "/tmp/osu"),
-                 ("fst_group_id", "bond0"),
-                 ("fst_priority", "5"),
-                 ("fst_llt", "7"),
-                 ("go_interworking", "1"),
-                 ("go_access_network_type", "2"),
-                 ("go_internet", "1"),
-                 ("go_venue_group", "3"),
-                 ("go_venue_type", "4"),
-                 ("p2p_device_random_mac_addr", "1"),
-                 ("p2p_device_persistent_mac_addr", "02:12:34:56:78:9a"),
-                 ("p2p_interface_random_mac_addr", "1"),
-                 ("openssl_ciphers", "DEFAULT")]
-
-def supported_param(capa, field):
-    mesh_params = ["user_mpm", "max_peer_links", "mesh_max_inactivity"]
-    if field in mesh_params and not capa['mesh']:
-        return False
-
-    sae_params = ["dot11RSNASAERetransPeriod"]
-    if field in sae_params and not capa['sae']:
-        return False
-
-    return True
-
-def check_config(capa, config):
-    with open(config, "r") as f:
-        data = f.read()
-    if "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=" not in data:
-        raise Exception("Missing ctrl_interface")
-    if "blob-base64-foo={" not in data:
-        raise Exception("Missing blob")
-    if "cred={" not in data:
-        raise Exception("Missing cred")
-    if "network={" not in data:
-        raise Exception("Missing network")
-    for field, value in config_checks:
-        if supported_param(capa, field):
-            if "\n" + field + "=" + value + "\n" not in data:
-                raise Exception("Missing value: " + field)
-    return data
-
-def test_wpas_config_file(dev, apdev, params):
-    """wpa_supplicant config file parsing/writing"""
-    config = os.path.join(params['logdir'], 'wpas_config_file.conf')
-    if os.path.exists(config):
-        try:
-            os.remove(config)
-        except:
-            pass
-        try:
-            os.rmdir(config)
-        except:
-            pass
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    try:
-        wpas.interface_add("wlan5", config=config)
-        initialized = True
-    except:
-        initialized = False
-    if initialized:
-        raise Exception("Missing config file did not result in an error")
-
-    try:
-        with open(config, "w") as f:
-            f.write("update_config=1 \t\r\n")
-            f.write("# foo\n")
-            f.write("\n")
-            f.write(" \t\reapol_version=2")
-            for i in range(0, 100):
-                f.write("                    ")
-            f.write("foo\n")
-            f.write("device_name=name#foo\n")
-            f.write("network={\n")
-            f.write("\tkey_mgmt=NONE\n")
-            f.write('\tssid="hello"\n')
-            f.write('\tgroup=GCMP # "foo"\n')
-            f.write("}\n")
-
-        wpas.interface_add("wlan5", config=config)
-        capa = {}
-        capa['mesh'] = "MESH" in wpas.get_capability("modes")
-        capa['sae'] = "SAE" in wpas.get_capability("auth_alg")
-
-        id = wpas.add_network()
-        wpas.set_network_quoted(id, "ssid", "foo")
-        wpas.set_network_quoted(id, "psk", "12345678")
-        wpas.set_network(id, "bssid", "00:11:22:33:44:55")
-        wpas.set_network(id, "proto", "RSN")
-        wpas.set_network(id, "key_mgmt", "WPA-PSK-SHA256")
-        wpas.set_network(id, "pairwise", "CCMP")
-        wpas.set_network(id, "group", "CCMP")
-        wpas.set_network(id, "auth_alg", "OPEN")
-
-        id = wpas.add_cred()
-        wpas.set_cred(id, "priority", "3")
-        wpas.set_cred(id, "sp_priority", "6")
-        wpas.set_cred(id, "update_identifier", "4")
-        wpas.set_cred(id, "ocsp", "1")
-        wpas.set_cred(id, "eap", "TTLS")
-        wpas.set_cred(id, "req_conn_capab", "6:1234")
-        wpas.set_cred_quoted(id, "realm", "example.com")
-        wpas.set_cred_quoted(id, "provisioning_sp", "example.com")
-        wpas.set_cred_quoted(id, "domain", "example.com")
-        wpas.set_cred_quoted(id, "domain_suffix_match", "example.com")
-        wpas.set_cred(id, "roaming_consortium", "112233")
-        wpas.set_cred(id, "required_roaming_consortium", "112233")
-        wpas.set_cred_quoted(id, "roaming_consortiums",
-                             "112233,aabbccddee,445566")
-        wpas.set_cred_quoted(id, "roaming_partner",
-                             "roaming.example.net,1,127,*")
-        wpas.set_cred_quoted(id, "ca_cert", "/tmp/ca.pem")
-        wpas.set_cred_quoted(id, "username", "user")
-        wpas.set_cred_quoted(id, "password", "secret")
-        ev = wpas.wait_event(["CRED-MODIFIED 0 password"])
-
-        wpas.request("SET blob foo 12345678")
-
-        for field, value in config_checks:
-            if supported_param(capa, field):
-                wpas.set(field, value)
-
-        if "OK" not in wpas.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-        if "OK" not in wpas.global_request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-
-        wpas.interface_remove("wlan5")
-        data1 = check_config(capa, config)
-        if "group=GCMP" not in data1:
-            raise Exception("Network block group parameter with a comment not present")
-
-        wpas.interface_add("wlan5", config=config)
-        if len(wpas.list_networks()) != 2:
-            raise Exception("Unexpected number of networks")
-        if len(wpas.request("LIST_CREDS").splitlines()) != 2:
-            raise Exception("Unexpected number of credentials")
-
-        val = wpas.get_cred(0, "roaming_consortiums")
-        if val != "112233,aabbccddee,445566":
-            raise Exception("Unexpected roaming_consortiums value: " + val)
-
-        if "OK" not in wpas.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-        data2 = check_config(capa, config)
-
-        if data1 != data2:
-            logger.debug(data1)
-            logger.debug(data2)
-            raise Exception("Unexpected configuration change")
-
-        wpas.request("SET update_config 0")
-        wpas.global_request("SET update_config 0")
-        if "OK" in wpas.request("SAVE_CONFIG"):
-            raise Exception("SAVE_CONFIG succeeded unexpectedly")
-        if "OK" in wpas.global_request("SAVE_CONFIG"):
-            raise Exception("SAVE_CONFIG (global) succeeded unexpectedly")
-
-        # replace the config file with a directory to break writing/renaming
-        os.remove(config)
-        os.mkdir(config)
-        wpas.request("SET update_config 1")
-        wpas.global_request("SET update_config 1")
-        if "OK" in wpas.request("SAVE_CONFIG"):
-            raise Exception("SAVE_CONFIG succeeded unexpectedly")
-        if "OK" in wpas.global_request("SAVE_CONFIG"):
-            raise Exception("SAVE_CONFIG (global) succeeded unexpectedly")
-
-    finally:
-        try:
-            os.rmdir(config)
-        except:
-            pass
-        if not wpas.ifname:
-            wpas.interface_add("wlan5")
-        wpas.dump_monitor()
-        wpas.request("SET country 00")
-        wpas.wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-
-def test_wpas_config_file_wps(dev, apdev):
-    """wpa_supplicant config file parsing/writing with WPS"""
-    config = "/tmp/test_wpas_config_file.conf"
-    if os.path.exists(config):
-        os.remove(config)
-
-    params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2",
-              "skip_cred_build": "1", "extra_cred": "wps-ctrl-cred"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    try:
-        with open(config, "w") as f:
-            f.write("update_config=1\n")
-
-        wpas.interface_add("wlan5", config=config)
-
-        hapd.request("WPS_PIN any 12345670")
-        wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
-        wpas.request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        ev = wpas.wait_event(["WPS-FAIL"], timeout=10)
-        if ev is None:
-            raise Exception("WPS-FAIL event timed out")
-
-        with open(config, "r") as f:
-            data = f.read()
-            logger.info("Configuration file contents: " + data)
-            if "network=" in data:
-                raise Exception("Unexpected network block in configuration data")
-
-    finally:
-        try:
-            os.remove(config)
-        except:
-            pass
-        try:
-            os.remove(config + ".tmp")
-        except:
-            pass
-        try:
-            os.rmdir(config)
-        except:
-            pass
-
-def test_wpas_config_file_wps2(dev, apdev):
-    """wpa_supplicant config file parsing/writing with WPS (2)"""
-    config = "/tmp/test_wpas_config_file.conf"
-    if os.path.exists(config):
-        os.remove(config)
-
-    params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2",
-              "skip_cred_build": "1", "extra_cred": "wps-ctrl-cred2"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    try:
-        with open(config, "w") as f:
-            f.write("update_config=1\n")
-
-        wpas.interface_add("wlan5", config=config)
-
-        hapd.request("WPS_PIN any 12345670")
-        wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
-        wpas.request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
-        ev = wpas.wait_event(["WPS-SUCCESS"], timeout=10)
-        if ev is None:
-            raise Exception("WPS-SUCCESS event timed out")
-
-        with open(config, "r") as f:
-            data = f.read()
-            logger.info("Configuration file contents: " + data)
-
-            with open(config, "r") as f:
-                data = f.read()
-                if "network=" not in data:
-                    raise Exception("Missing network block in configuration data")
-                if "ssid=410a420d430044" not in data:
-                    raise Exception("Unexpected ssid parameter value")
-
-    finally:
-        try:
-            os.remove(config)
-        except:
-            pass
-        try:
-            os.remove(config + ".tmp")
-        except:
-            pass
-        try:
-            os.rmdir(config)
-        except:
-            pass
-
-def test_wpas_config_file_set_psk(dev):
-    """wpa_supplicant config file parsing/writing with arbitrary PSK value"""
-    config = "/tmp/test_wpas_config_file.conf"
-    if os.path.exists(config):
-        os.remove(config)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    try:
-        with open(config, "w") as f:
-            f.write("update_config=1\n")
-
-        wpas.interface_add("wlan5", config=config)
-
-        id = wpas.add_network()
-        wpas.set_network_quoted(id, "ssid", "foo")
-        if "OK" in wpas.request('SET_NETWORK %d psk "12345678"\n}\nmodel_name=foobar\nnetwork={\n#\"' % id):
-            raise Exception("Invalid psk value accepted")
-
-        if "OK" not in wpas.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-
-        with open(config, "r") as f:
-            data = f.read()
-            logger.info("Configuration file contents: " + data)
-            if "model_name" in data:
-                raise Exception("Unexpected parameter added to configuration")
-
-        wpas.interface_remove("wlan5")
-        wpas.interface_add("wlan5", config=config)
-
-    finally:
-        try:
-            os.remove(config)
-        except:
-            pass
-        try:
-            os.remove(config + ".tmp")
-        except:
-            pass
-        try:
-            os.rmdir(config)
-        except:
-            pass
-
-def test_wpas_config_file_set_cred(dev):
-    """wpa_supplicant config file parsing/writing with arbitrary cred values"""
-    config = "/tmp/test_wpas_config_file.conf"
-    if os.path.exists(config):
-        os.remove(config)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    try:
-        with open(config, "w") as f:
-            f.write("update_config=1\n")
-
-        wpas.interface_add("wlan5", config=config)
-
-        id = wpas.add_cred()
-        wpas.set_cred_quoted(id, "username", "hello")
-        fields = ["username", "milenage", "imsi", "password", "realm",
-                  "phase1", "phase2", "provisioning_sp"]
-        for field in fields:
-            if "FAIL" not in wpas.request('SET_CRED %d %s "hello"\n}\nmodel_name=foobar\ncred={\n#\"' % (id, field)):
-                raise Exception("Invalid %s value accepted" % field)
-
-        if "OK" not in wpas.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-
-        with open(config, "r") as f:
-            data = f.read()
-            logger.info("Configuration file contents: " + data)
-            if "model_name" in data:
-                raise Exception("Unexpected parameter added to configuration")
-
-        wpas.interface_remove("wlan5")
-        wpas.interface_add("wlan5", config=config)
-
-    finally:
-        try:
-            os.remove(config)
-        except:
-            pass
-        try:
-            os.remove(config + ".tmp")
-        except:
-            pass
-        try:
-            os.rmdir(config)
-        except:
-            pass
-
-def test_wpas_config_file_set_global(dev):
-    """wpa_supplicant config file parsing/writing with arbitrary global values"""
-    config = "/tmp/test_wpas_config_file.conf"
-    if os.path.exists(config):
-        os.remove(config)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    try:
-        with open(config, "w") as f:
-            f.write("update_config=1\n")
-
-        wpas.interface_add("wlan5", config=config)
-
-        fields = ["model_name", "device_name", "ctrl_interface_group",
-                  "opensc_engine_path", "pkcs11_engine_path",
-                  "pkcs11_module_path", "openssl_ciphers", "pcsc_reader",
-                  "pcsc_pin", "driver_param", "manufacturer", "model_name",
-                  "model_number", "serial_number", "config_methods",
-                  "p2p_ssid_postfix", "autoscan", "ext_password_backend",
-                  "osu_dir", "wowlan_triggers", "fst_group_id",
-                  "sched_scan_plans", "non_pref_chan"]
-        for field in fields:
-            if "FAIL" not in wpas.request('SET %s hello\nmodel_name=foobar' % field):
-                raise Exception("Invalid %s value accepted" % field)
-
-        if "OK" not in wpas.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-
-        with open(config, "r") as f:
-            data = f.read()
-            logger.info("Configuration file contents: " + data)
-            if "model_name" in data:
-                raise Exception("Unexpected parameter added to configuration")
-
-        wpas.interface_remove("wlan5")
-        wpas.interface_add("wlan5", config=config)
-
-    finally:
-        try:
-            os.remove(config)
-        except:
-            pass
-        try:
-            os.remove(config + ".tmp")
-        except:
-            pass
-        try:
-            os.rmdir(config)
-        except:
-            pass
-
-def test_wpas_config_file_key_mgmt(dev, apdev, params):
-    """wpa_supplicant config file writing and key_mgmt values"""
-    config = os.path.join(params['logdir'],
-                          'wpas_config_file_key_mgmt.conf')
-    if os.path.exists(config):
-        os.remove(config)
-
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-
-    with open(config, "w") as f:
-        f.write("update_config=1\n")
-
-    wpas.interface_add("wlan5", config=config)
-
-    from test_dpp import params1_csign, params1_sta_connector, params1_sta_netaccesskey, check_dpp_capab
-
-    check_dpp_capab(wpas)
-
-    id = wpas.add_network()
-    wpas.set_network_quoted(id, "ssid", "foo")
-    wpas.set_network(id, "key_mgmt", "DPP")
-    wpas.set_network(id, "ieee80211w", "2")
-    wpas.set_network_quoted(id, "dpp_csign", params1_csign)
-    wpas.set_network_quoted(id, "dpp_connector", params1_sta_connector)
-    wpas.set_network_quoted(id, "dpp_netaccesskey", params1_sta_netaccesskey)
-    if "OK" not in wpas.request("SAVE_CONFIG"):
-        raise Exception("Failed to save configuration file")
-
-    with open(config, "r") as f:
-        data = f.read()
-        logger.info("Configuration file contents: " + data)
-        if "key_mgmt=DPP" not in data:
-            raise Exception("Missing key_mgmt")
-        if 'dpp_connector="' + params1_sta_connector + '"' not in data:
-            raise Exception("Missing dpp_connector")
-        if 'dpp_netaccesskey="' + params1_sta_netaccesskey + '"' not in data:
-            raise Exception("Missing dpp_netaccesskey")
-        if 'dpp_csign="' + params1_csign + '"' not in data:
-            raise Exception("Missing dpp_csign")
-
-    wpas.set_network(id, "dpp_csign", "NULL")
-    wpas.set_network(id, "dpp_connector", "NULL")
-    wpas.set_network(id, "dpp_netaccesskey", "NULL")
-    wpas.set_network_quoted(id, "psk", "12345678")
-    wpas.set_network(id, "ieee80211w", "0")
-
-    tests = ["WPA-PSK", "WPA-EAP", "IEEE8021X", "NONE", "WPA-NONE", "FT-PSK",
-             "FT-EAP", "FT-EAP-SHA384", "WPA-PSK-SHA256", "WPA-EAP-SHA256",
-             "SAE", "FT-SAE", "OSEN", "WPA-EAP-SUITE-B",
-             "WPA-EAP-SUITE-B-192", "FILS-SHA256", "FILS-SHA384",
-             "FT-FILS-SHA256", "FT-FILS-SHA384", "OWE", "DPP"]
-    supported_key_mgmts = dev[0].get_capability("key_mgmt")
-    for key_mgmt in tests:
-        if key_mgmt == "WPA-EAP-SUITE-B-192" and key_mgmt not in supported_key_mgmts:
-            logger.info("Skip unsupported " + key_mgmt)
-            continue
-        wpas.set_network(id, "key_mgmt", key_mgmt)
-        if "OK" not in wpas.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-        with open(config, "r") as f:
-            data = f.read()
-            logger.info("Configuration file contents: " + data)
-            if "key_mgmt=" + key_mgmt not in data:
-                raise Exception("Missing key_mgmt " + key_mgmt)
-
-    wpas.interface_remove("wlan5")
-    wpas.interface_add("wlan5", config=config)
-
-def check_network_config(config, network_expected, check=None):
-    with open(config, "r") as f:
-        data = f.read()
-        logger.info("Configuration file contents:\n" + data.rstrip())
-        if network_expected and "network=" not in data:
-            raise Exception("Missing network block in configuration data")
-        if not network_expected and "network=" in data:
-            raise Exception("Unexpected network block in configuration data")
-        if check and check not in data:
-            raise Exception("Missing " + check)
-
-def test_wpas_config_file_sae(dev, apdev, params):
-    """wpa_supplicant config file writing with SAE"""
-    config = os.path.join(params['logdir'], 'wpas_config_file_sae.conf')
-    with open(config, "w") as f:
-        f.write("update_config=1\n")
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5", config=config)
-    check_sae_capab(wpas)
-
-    # Valid SAE configuration with sae_password
-    wpas.connect("test-sae", sae_password="sae-password", key_mgmt="SAE",
-                 only_add_network=True)
-    wpas.save_config()
-    check_network_config(config, True, check="key_mgmt=SAE")
-
-    wpas.request("REMOVE_NETWORK all")
-    wpas.save_config()
-    check_network_config(config, False)
-
-    # Valid SAE configuration with psk
-    wpas.connect("test-sae", psk="sae-password", key_mgmt="SAE",
-                 only_add_network=True)
-    wpas.save_config()
-    check_network_config(config, True, check="key_mgmt=SAE")
-    wpas.request("REMOVE_NETWORK all")
-
-    # Invalid PSK configuration with sae_password
-    wpas.connect("test-psk", sae_password="sae-password", key_mgmt="WPA-PSK",
-                 only_add_network=True)
-    wpas.save_config()
-    check_network_config(config, False)
-
-    # Invalid SAE configuration with raw_psk
-    wpas.connect("test-sae", raw_psk=32*"00", key_mgmt="SAE",
-                 only_add_network=True)
-    wpas.save_config()
-    check_network_config(config, False)
-
-def test_wpas_config_update_without_file(dev, apdev):
-    """wpa_supplicant SAVE_CONFIG without config file"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    wpas.set("update_config", "1")
-    if "FAIL" not in wpas.request("SAVE_CONFIG"):
-        raise Exception("SAVE_CONFIG accepted unexpectedly")
diff --git a/tests/hwsim/test_wpas_ctrl.py b/tests/hwsim/test_wpas_ctrl.py
deleted file mode 100644
index 210c11907ee7..000000000000
--- a/tests/hwsim/test_wpas_ctrl.py
+++ /dev/null
@@ -1,2159 +0,0 @@
-# wpa_supplicant control interface
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import os
-import socket
-import subprocess
-import time
-import binascii
-
-import hostapd
-import hwsim_utils
-from hwsim import HWSimRadio
-from wpasupplicant import WpaSupplicant
-from utils import *
-from test_wpas_ap import wait_ap_ready
-
-@remote_compatible
-def test_wpas_ctrl_network(dev):
-    """wpa_supplicant ctrl_iface network set/get"""
-    skip_without_tkip(dev[0])
-    id = dev[0].add_network()
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id)):
-        raise Exception("Unexpected success for invalid SET_NETWORK")
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + " name"):
-        raise Exception("Unexpected success for invalid SET_NETWORK")
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id + 1) + " proto OPEN"):
-        raise Exception("Unexpected success for invalid network id")
-    if "FAIL" not in dev[0].request("GET_NETWORK " + str(id)):
-        raise Exception("Unexpected success for invalid GET_NETWORK")
-    if "FAIL" not in dev[0].request("GET_NETWORK " + str(id + 1) + " proto"):
-        raise Exception("Unexpected success for invalid network id")
-
-    if "OK" not in dev[0].request("SET_NETWORK " + str(id) + " proto  \t WPA2 "):
-        raise Exception("Unexpected failure for SET_NETWORK proto")
-    res = dev[0].request("GET_NETWORK " + str(id) + " proto")
-    if res != "RSN":
-        raise Exception("Unexpected SET_NETWORK/GET_NETWORK conversion for proto: " + res)
-
-    if "OK" not in dev[0].request("SET_NETWORK " + str(id) + " key_mgmt  \t WPA-PSK "):
-        raise Exception("Unexpected success for SET_NETWORK key_mgmt")
-    res = dev[0].request("GET_NETWORK " + str(id) + " key_mgmt")
-    if res != "WPA-PSK":
-        raise Exception("Unexpected SET_NETWORK/GET_NETWORK conversion for key_mgmt: " + res)
-
-    if "OK" not in dev[0].request("SET_NETWORK " + str(id) + " auth_alg  \t OPEN "):
-        raise Exception("Unexpected failure for SET_NETWORK auth_alg")
-    res = dev[0].request("GET_NETWORK " + str(id) + " auth_alg")
-    if res != "OPEN":
-        raise Exception("Unexpected SET_NETWORK/GET_NETWORK conversion for auth_alg: " + res)
-
-    if "OK" not in dev[0].request("SET_NETWORK " + str(id) + " eap  \t TLS "):
-        raise Exception("Unexpected failure for SET_NETWORK eap")
-    res = dev[0].request("GET_NETWORK " + str(id) + " eap")
-    if res != "TLS":
-        raise Exception("Unexpected SET_NETWORK/GET_NETWORK conversion for eap: " + res)
-
-    tests = ("bssid foo", "key_mgmt foo", "key_mgmt ", "group NONE")
-    for t in tests:
-        if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + " " + t):
-            raise Exception("Unexpected success for invalid SET_NETWORK: " + t)
-
-    tests = [("key_mgmt", "WPA-PSK WPA-EAP IEEE8021X NONE WPA-NONE FT-PSK FT-EAP WPA-PSK-SHA256 WPA-EAP-SHA256"),
-             ("pairwise", "CCMP-256 GCMP-256 CCMP GCMP TKIP"),
-             ("group", "CCMP-256 GCMP-256 CCMP GCMP TKIP"),
-             ("auth_alg", "OPEN SHARED LEAP"),
-             ("scan_freq", "1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"),
-             ("freq_list", "2412 2417"),
-             ("scan_ssid", "1"),
-             ("bssid", "00:11:22:33:44:55"),
-             ("proto", "WPA RSN OSEN"),
-             ("eap", "TLS"),
-             ("go_p2p_dev_addr", "22:33:44:55:66:aa"),
-             ("p2p_client_list", "22:33:44:55:66:bb 02:11:22:33:44:55")]
-    if "SAE" not in dev[0].get_capability("auth_alg"):
-        tests.append(("key_mgmt", "WPS OSEN"))
-    else:
-        tests.append(("key_mgmt", "WPS SAE FT-SAE OSEN"))
-
-    dev[0].set_network_quoted(id, "ssid", "test")
-    for field, value in tests:
-        dev[0].set_network(id, field, value)
-        res = dev[0].get_network(id, field)
-        if res != value:
-            raise Exception("Unexpected response for '" + field + "': '" + res + "'")
-
-    try:
-        value = "WPA-EAP-SUITE-B WPA-EAP-SUITE-B-192"
-        dev[0].set_network(id, "key_mgmt", value)
-        res = dev[0].get_network(id, "key_mgmt")
-        if res != value:
-            raise Exception("Unexpected response for key_mgmt")
-    except Exception as e:
-        if str(e).startswith("Unexpected"):
-            raise
-        else:
-            pass
-
-    q_tests = (("identity", "hello"),
-               ("anonymous_identity", "foo@nowhere.com"))
-    for field, value in q_tests:
-        dev[0].set_network_quoted(id, field, value)
-        res = dev[0].get_network(id, field)
-        if res != '"' + value + '"':
-            raise Exception("Unexpected quoted response for '" + field + "': '" + res + "'")
-
-    get_tests = (("foo", None), ("ssid", '"test"'))
-    for field, value in get_tests:
-        res = dev[0].get_network(id, field)
-        if res != value:
-            raise Exception("Unexpected response for '" + field + "': '" + res + "'")
-
-    if dev[0].get_network(id, "password"):
-        raise Exception("Unexpected response for 'password'")
-    dev[0].set_network_quoted(id, "password", "foo")
-    if dev[0].get_network(id, "password") != '*':
-        raise Exception("Unexpected response for 'password' (expected *)")
-    dev[0].set_network(id, "password", "hash:12345678901234567890123456789012")
-    if dev[0].get_network(id, "password") != '*':
-        raise Exception("Unexpected response for 'password' (expected *)")
-    dev[0].set_network(id, "password", "NULL")
-    if dev[0].get_network(id, "password"):
-        raise Exception("Unexpected response for 'password'")
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + " password hash:12"):
-        raise Exception("Unexpected success for invalid password hash")
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + " password hash:123456789012345678x0123456789012"):
-        raise Exception("Unexpected success for invalid password hash")
-
-    dev[0].set_network(id, "identity", "414243")
-    if dev[0].get_network(id, "identity") != '"ABC"':
-        raise Exception("Unexpected identity hex->text response")
-
-    dev[0].set_network(id, "identity", 'P"abc\ndef"')
-    if dev[0].get_network(id, "identity") != "6162630a646566":
-        raise Exception("Unexpected identity printf->hex response")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' identity P"foo'):
-        raise Exception("Unexpected success for invalid identity string")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' identity 12x3'):
-        raise Exception("Unexpected success for invalid identity string")
-
-    if "WEP40" in dev[0].get_capability("group"):
-        for i in range(0, 4):
-            if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' wep_key' + str(i) + ' aabbccddee'):
-                raise Exception("Unexpected wep_key set failure")
-            if dev[0].get_network(id, "wep_key" + str(i)) != '*':
-                raise Exception("Unexpected wep_key get failure")
-
-    if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:22:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'):
-        raise Exception("Unexpected failure for psk_list string")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' psk_list 00:11:x2:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'):
-        raise Exception("Unexpected success for invalid psk_list string")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:x2:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'):
-        raise Exception("Unexpected success for invalid psk_list string")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:22:33:44:55+0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'):
-        raise Exception("Unexpected success for invalid psk_list string")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:22:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde'):
-        raise Exception("Unexpected success for invalid psk_list string")
-
-    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:22:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdex'):
-        raise Exception("Unexpected success for invalid psk_list string")
-
-    if dev[0].get_network(id, "psk_list"):
-        raise Exception("Unexpected psk_list get response")
-
-    if dev[0].list_networks()[0]['ssid'] != "test":
-        raise Exception("Unexpected ssid in LIST_NETWORKS")
-    dev[0].set_network(id, "ssid", "NULL")
-    if dev[0].list_networks()[0]['ssid'] != "":
-        raise Exception("Unexpected ssid in LIST_NETWORKS after clearing it")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' ssid "0123456789abcdef0123456789abcdef0"'):
-        raise Exception("Too long SSID accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' scan_ssid qwerty'):
-        raise Exception("Invalid integer accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' scan_ssid 2'):
-        raise Exception("Too large integer accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' psk 12345678'):
-        raise Exception("Invalid PSK accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' psk "1234567"'):
-        raise Exception("Too short PSK accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' psk "1234567890123456789012345678901234567890123456789012345678901234"'):
-        raise Exception("Too long PSK accepted")
-    dev[0].set_network_quoted(id, "psk", "123456768")
-    dev[0].set_network_quoted(id, "psk", "123456789012345678901234567890123456789012345678901234567890123")
-    if dev[0].get_network(id, "psk") != '*':
-        raise Exception("Unexpected psk read result")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' eap UNKNOWN'):
-        raise Exception("Unknown EAP method accepted")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' password "foo'):
-        raise Exception("Invalid password accepted")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' wep_key0 "foo'):
-        raise Exception("Invalid WEP key accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' wep_key0 "12345678901234567"'):
-        raise Exception("Too long WEP key accepted")
-    if "WEP40" in dev[0].get_capability("group"):
-        # too short WEP key is ignored
-        dev[0].set_network_quoted(id, "wep_key0", "1234")
-        dev[0].set_network_quoted(id, "wep_key1", "12345")
-        dev[0].set_network_quoted(id, "wep_key2", "1234567890123")
-        dev[0].set_network_quoted(id, "wep_key3", "1234567890123456")
-
-    dev[0].set_network(id, "go_p2p_dev_addr", "any")
-    if dev[0].get_network(id, "go_p2p_dev_addr") is not None:
-        raise Exception("Unexpected go_p2p_dev_addr value")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' go_p2p_dev_addr 00:11:22:33:44'):
-        raise Exception("Invalid go_p2p_dev_addr accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' p2p_client_list 00:11:22:33:44'):
-        raise Exception("Invalid p2p_client_list accepted")
-    if "FAIL" in dev[0].request('SET_NETWORK ' + str(id) + ' p2p_client_list 00:11:22:33:44:55 00:1'):
-        raise Exception("p2p_client_list truncation workaround failed")
-    if dev[0].get_network(id, "p2p_client_list") != "00:11:22:33:44:55":
-        raise Exception("p2p_client_list truncation workaround did not work")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' auth_alg '):
-        raise Exception("Empty auth_alg accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' auth_alg FOO'):
-        raise Exception("Invalid auth_alg accepted")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' proto '):
-        raise Exception("Empty proto accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' proto FOO'):
-        raise Exception("Invalid proto accepted")
-
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' pairwise '):
-        raise Exception("Empty pairwise accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' pairwise FOO'):
-        raise Exception("Invalid pairwise accepted")
-    if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' pairwise WEP40'):
-        raise Exception("Invalid pairwise accepted")
-
-    if "OK" not in dev[0].request('BSSID ' + str(id) + ' 00:11:22:33:44:55'):
-        raise Exception("Unexpected BSSID failure")
-    if dev[0].request("GET_NETWORK 0 bssid") != '00:11:22:33:44:55':
-        raise Exception("BSSID command did not set network bssid")
-    if "OK" not in dev[0].request('BSSID ' + str(id) + ' 00:00:00:00:00:00'):
-        raise Exception("Unexpected BSSID failure")
-    if "FAIL" not in dev[0].request("GET_NETWORK 0 bssid"):
-        raise Exception("bssid claimed configured after clearing")
-    if "FAIL" not in dev[0].request('BSSID 123 00:11:22:33:44:55'):
-        raise Exception("Unexpected BSSID success")
-    if "FAIL" not in dev[0].request('BSSID ' + str(id) + ' 00:11:22:33:44'):
-        raise Exception("Unexpected BSSID success")
-    if "FAIL" not in dev[0].request('BSSID ' + str(id)):
-        raise Exception("Unexpected BSSID success")
-
-    tests = ["02:11:22:33:44:55",
-             "02:11:22:33:44:55 02:ae:be:ce:53:77",
-             "02:11:22:33:44:55/ff:00:ff:00:ff:00",
-             "02:11:22:33:44:55/ff:00:ff:00:ff:00 f2:99:88:77:66:55",
-             "f2:99:88:77:66:55 02:11:22:33:44:55/ff:00:ff:00:ff:00",
-             "f2:99:88:77:66:55 02:11:22:33:44:55/ff:00:ff:00:ff:00 12:34:56:78:90:ab",
-             "02:11:22:33:44:55/ff:ff:ff:00:00:00 02:ae:be:ce:53:77/00:00:00:00:00:ff"]
-    for val in tests:
-        dev[0].set_network(id, "bssid_ignore", val)
-        res = dev[0].get_network(id, "bssid_ignore")
-        if res != val:
-            raise Exception("Unexpected bssid_ignore value: %s != %s" % (res, val))
-        dev[0].set_network(id, "bssid_accept", val)
-        res = dev[0].get_network(id, "bssid_accept")
-        if res != val:
-            raise Exception("Unexpected bssid_accept value: %s != %s" % (res, val))
-
-    tests = ["foo",
-             "00:11:22:33:44:5",
-             "00:11:22:33:44:55q",
-             "00:11:22:33:44:55/",
-             "00:11:22:33:44:55/66:77:88:99:aa:b"]
-    for val in tests:
-        if "FAIL" not in dev[0].request("SET_NETWORK %d bssid_ignore %s" % (id, val)):
-            raise Exception("Invalid bssid_ignore value accepted")
-
-@remote_compatible
-def test_wpas_ctrl_network_oom(dev):
-    """wpa_supplicant ctrl_iface network OOM in string parsing"""
-    id = dev[0].add_network()
-
-    tests = [('"foo"', 1, 'dup_binstr;wpa_config_set'),
-             ('P"foo"', 1, 'dup_binstr;wpa_config_set'),
-             ('P"foo"', 2, 'wpa_config_set'),
-             ('112233', 1, 'wpa_config_set')]
-    for val, count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' ssid ' + val):
-                raise Exception("Unexpected success for SET_NETWORK during OOM")
-
-@remote_compatible
-def test_wpas_ctrl_many_networks(dev, apdev):
-    """wpa_supplicant ctrl_iface LIST_NETWORKS with huge number of networks"""
-    for i in range(1000):
-        id = dev[0].add_network()
-    res = dev[0].request("LIST_NETWORKS")
-    if str(id) in res:
-        raise Exception("Last added network was unexpectedly included")
-    res = dev[0].request("LIST_NETWORKS LAST_ID=%d" % (id - 2))
-    if str(id) not in res:
-        raise Exception("Last added network was not present when using LAST_ID")
-    # This command can take a very long time under valgrind testing on a low
-    # power CPU, so increase the command timeout significantly to avoid issues
-    # with the test case failing and following reset operation timing out.
-    dev[0].request("REMOVE_NETWORK all", timeout=60)
-
-@remote_compatible
-def test_wpas_ctrl_dup_network(dev, apdev):
-    """wpa_supplicant ctrl_iface DUP_NETWORK"""
-    ssid = "target"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hostapd.add_ap(apdev[0], params)
-
-    src = dev[0].connect("another", psk=passphrase, scan_freq="2412",
-                         only_add_network=True)
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", ssid)
-    for f in ["key_mgmt", "psk", "scan_freq"]:
-        res = dev[0].request("DUP_NETWORK {} {} {}".format(src, id, f))
-        if "OK" not in res:
-            raise Exception("DUP_NETWORK failed")
-    dev[0].connect_network(id)
-
-    if "FAIL" not in dev[0].request("DUP_NETWORK "):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].request("DUP_NETWORK %d " % id):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].request("DUP_NETWORK %d %d" % (id, id)):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].request("DUP_NETWORK 123456 1234567 "):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].request("DUP_NETWORK %d 123456 " % id):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].request("DUP_NETWORK %d %d foo" % (id, id)):
-        raise Exception("Unexpected DUP_NETWORK success")
-    dev[0].request("DISCONNECT")
-    if "OK" not in dev[0].request("DUP_NETWORK %d %d ssid" % (id, id)):
-        raise Exception("Unexpected DUP_NETWORK failure")
-
-@remote_compatible
-def test_wpas_ctrl_dup_network_global(dev, apdev):
-    """wpa_supplicant ctrl_iface DUP_NETWORK (global)"""
-    ssid = "target"
-    passphrase = 'qwertyuiop'
-    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
-    hostapd.add_ap(apdev[0], params)
-
-    src = dev[0].connect("another", psk=passphrase, scan_freq="2412",
-                         only_add_network=True)
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", ssid)
-    for f in ["key_mgmt", "psk", "scan_freq"]:
-        res = dev[0].global_request("DUP_NETWORK {} {} {} {} {}".format(dev[0].ifname, dev[0].ifname, src, id, f))
-        if "OK" not in res:
-            raise Exception("DUP_NETWORK failed")
-    dev[0].connect_network(id)
-
-    if "FAIL" not in dev[0].global_request("DUP_NETWORK "):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].global_request("DUP_NETWORK %s" % dev[0].ifname):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].global_request("DUP_NETWORK %s %s" % (dev[0].ifname, dev[0].ifname)):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].global_request("DUP_NETWORK %s %s %d" % (dev[0].ifname, dev[0].ifname, id)):
-        raise Exception("Unexpected DUP_NETWORK success")
-    if "FAIL" not in dev[0].global_request("DUP_NETWORK %s %s %d %d" % (dev[0].ifname, dev[0].ifname, id, id)):
-        raise Exception("Unexpected DUP_NETWORK success")
-    dev[0].request("DISCONNECT")
-    if "OK" not in dev[0].global_request("DUP_NETWORK %s %s %d %d ssid" % (dev[0].ifname, dev[0].ifname, id, id)):
-        raise Exception("Unexpected DUP_NETWORK failure")
-
-def add_cred(dev):
-    id = dev.add_cred()
-    ev = dev.wait_event(["CRED-ADDED"])
-    if ev is None:
-        raise Exception("Missing CRED-ADDED event")
-    if " " + str(id) not in ev:
-        raise Exception("CRED-ADDED event without matching id")
-    return id
-
-def set_cred(dev, id, field, value):
-    dev.set_cred(id, field, value)
-    ev = dev.wait_event(["CRED-MODIFIED"])
-    if ev is None:
-        raise Exception("Missing CRED-MODIFIED event")
-    if " " + str(id) + " " not in ev:
-        raise Exception("CRED-MODIFIED event without matching id")
-    if field not in ev:
-        raise Exception("CRED-MODIFIED event without matching field")
-
-def set_cred_quoted(dev, id, field, value):
-    dev.set_cred_quoted(id, field, value)
-    ev = dev.wait_event(["CRED-MODIFIED"])
-    if ev is None:
-        raise Exception("Missing CRED-MODIFIED event")
-    if " " + str(id) + " " not in ev:
-        raise Exception("CRED-MODIFIED event without matching id")
-    if field not in ev:
-        raise Exception("CRED-MODIFIED event without matching field")
-
-def remove_cred(dev, id):
-    dev.remove_cred(id)
-    ev = dev.wait_event(["CRED-REMOVED"])
-    if ev is None:
-        raise Exception("Missing CRED-REMOVED event")
-    if " " + str(id) not in ev:
-        raise Exception("CRED-REMOVED event without matching id")
-
-@remote_compatible
-def test_wpas_ctrl_cred(dev):
-    """wpa_supplicant ctrl_iface cred set"""
-    id1 = add_cred(dev[0])
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id1 + 1) + " temporary 1"):
-        raise Exception("SET_CRED succeeded unexpectedly on unknown cred id")
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id1)):
-        raise Exception("Invalid SET_CRED succeeded unexpectedly")
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id1) + " temporary"):
-        raise Exception("Invalid SET_CRED succeeded unexpectedly")
-    if "FAIL" not in dev[0].request("GET_CRED " + str(id1 + 1) + " temporary"):
-        raise Exception("GET_CRED succeeded unexpectedly on unknown cred id")
-    if "FAIL" not in dev[0].request("GET_CRED " + str(id1)):
-        raise Exception("Invalid GET_CRED succeeded unexpectedly")
-    if "FAIL" not in dev[0].request("GET_CRED " + str(id1) + " foo"):
-        raise Exception("Invalid GET_CRED succeeded unexpectedly")
-    id = add_cred(dev[0])
-    id2 = add_cred(dev[0])
-    set_cred(dev[0], id, "temporary", "1")
-    set_cred(dev[0], id, "priority", "1")
-    set_cred(dev[0], id, "pcsc", "1")
-    set_cred(dev[0], id, "sim_num", "0")
-    set_cred_quoted(dev[0], id, "private_key_passwd", "test")
-    set_cred_quoted(dev[0], id, "domain_suffix_match", "test")
-    set_cred_quoted(dev[0], id, "phase1", "test")
-    set_cred_quoted(dev[0], id, "phase2", "test")
-
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id) + " eap FOO"):
-        raise Exception("Unexpected success on unknown EAP method")
-
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id) + " username 12xa"):
-        raise Exception("Unexpected success on invalid string")
-
-    for i in ("11", "1122", "112233445566778899aabbccddeeff00"):
-        if "FAIL" not in dev[0].request("SET_CRED " + str(id) + " roaming_consortium " + i):
-            raise Exception("Unexpected success on invalid roaming_consortium")
-
-    dev[0].set_cred(id, "excluded_ssid", "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff")
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id) + " excluded_ssid 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"):
-        raise Exception("Unexpected success on invalid excluded_ssid")
-
-    if "FAIL" not in dev[0].request("SET_CRED " + str(id) + " foo 4142"):
-        raise Exception("Unexpected success on unknown field")
-
-    tests = ["sp_priority 256",
-             'roaming_partner "example.org"',
-             'roaming_partner "' + 200*'a' + '.example.org,"',
-             'roaming_partner "example.org,1"',
-             'roaming_partner "example.org,1,2"',
-             'roaming_partner "example.org,1,2,ABC"']
-    for t in tests:
-        if "FAIL" not in dev[0].request("SET_CRED " + str(id) + " " + t):
-            raise Exception("Unexpected success on invalid SET_CRED value: " + t)
-
-    id3 = add_cred(dev[0])
-    id4 = add_cred(dev[0])
-    if len(dev[0].request("LIST_CREDS").splitlines()) != 6:
-        raise Exception("Unexpected LIST_CREDS result(1)")
-
-    remove_cred(dev[0], id1)
-    remove_cred(dev[0], id3)
-    remove_cred(dev[0], id4)
-    remove_cred(dev[0], id2)
-    remove_cred(dev[0], id)
-    if "FAIL" not in dev[0].request("REMOVE_CRED 1"):
-        raise Exception("Unexpected success on invalid remove cred")
-    if len(dev[0].request("LIST_CREDS").splitlines()) != 1:
-        raise Exception("Unexpected LIST_CREDS result(2)")
-
-    id = add_cred(dev[0])
-    values = [("temporary", "1", False),
-              ("temporary", "0", False),
-              ("pcsc", "1", False),
-              ("realm", "example.com", True),
-              ("username", "user@example.com", True),
-              ("password", "foo", True, "*"),
-              ("ca_cert", "ca.pem", True),
-              ("client_cert", "user.pem", True),
-              ("private_key", "key.pem", True),
-              ("private_key_passwd", "foo", True, "*"),
-              ("imsi", "310026-000000000", True),
-              ("milenage", "foo", True, "*"),
-              ("domain_suffix_match", "example.com", True),
-              ("domain", "example.com", True),
-              ("domain", "example.org", True, "example.com\nexample.org"),
-              ("roaming_consortium", "0123456789", False),
-              ("required_roaming_consortium", "456789", False),
-              ("eap", "TTLS", False),
-              ("phase1", "foo=bar1", True),
-              ("phase2", "foo=bar2", True),
-              ("excluded_ssid", "test", True),
-              ("excluded_ssid", "foo", True, "test\nfoo"),
-              ("roaming_partner", "example.com,0,4,*", True),
-              ("roaming_partner", "example.org,1,2,US", True,
-               "example.com,0,4,*\nexample.org,1,2,US"),
-              ("update_identifier", "4", False),
-              ("provisioning_sp", "sp.example.com", True),
-              ("sp_priority", "7", False),
-              ("min_dl_bandwidth_home", "100", False),
-              ("min_ul_bandwidth_home", "101", False),
-              ("min_dl_bandwidth_roaming", "102", False),
-              ("min_ul_bandwidth_roaming", "103", False),
-              ("max_bss_load", "57", False),
-              ("req_conn_capab", "6:22,80,443", False),
-              ("req_conn_capab", "17:500", False, "6:22,80,443\n17:500"),
-              ("req_conn_capab", "50", False, "6:22,80,443\n17:500\n50"),
-              ("ocsp", "1", False)]
-    for v in values:
-        if v[2]:
-            set_cred_quoted(dev[0], id, v[0], v[1])
-        else:
-            set_cred(dev[0], id, v[0], v[1])
-        val = dev[0].get_cred(id, v[0])
-        if len(v) == 4:
-            expect = v[3]
-        else:
-            expect = v[1]
-        if val != expect:
-            raise Exception("Unexpected GET_CRED value for {}: {} != {}".format(v[0], val, expect))
-    creds = dev[0].request("LIST_CREDS").splitlines()
-    if len(creds) != 2:
-        raise Exception("Unexpected LIST_CREDS result(3)")
-    if creds[1] != "0\texample.com\tuser@example.com\texample.com\t310026-000000000":
-        raise Exception("Unexpected LIST_CREDS value")
-    remove_cred(dev[0], id)
-    if len(dev[0].request("LIST_CREDS").splitlines()) != 1:
-        raise Exception("Unexpected LIST_CREDS result(4)")
-
-    id = add_cred(dev[0])
-    set_cred_quoted(dev[0], id, "domain", "foo.example.com")
-    id = add_cred(dev[0])
-    set_cred_quoted(dev[0], id, "domain", "bar.example.com")
-    id = add_cred(dev[0])
-    set_cred_quoted(dev[0], id, "domain", "foo.example.com")
-    if "OK" not in dev[0].request("REMOVE_CRED sp_fqdn=foo.example.com"):
-        raise Exception("REMOVE_CRED failed")
-    creds = dev[0].request("LIST_CREDS")
-    if "foo.example.com" in creds:
-        raise Exception("REMOVE_CRED sp_fqdn did not remove cred")
-    if "bar.example.com" not in creds:
-        raise Exception("REMOVE_CRED sp_fqdn removed incorrect cred")
-    dev[0].request("REMOVE_CRED all")
-
-    id = add_cred(dev[0])
-    set_cred_quoted(dev[0], id, "domain", "foo.example.com")
-    set_cred_quoted(dev[0], id, "provisioning_sp", "sp.foo.example.com")
-    id = add_cred(dev[0])
-    set_cred_quoted(dev[0], id, "domain", "bar.example.com")
-    set_cred_quoted(dev[0], id, "provisioning_sp", "sp.bar.example.com")
-    id = add_cred(dev[0])
-    set_cred_quoted(dev[0], id, "domain", "foo.example.com")
-    set_cred_quoted(dev[0], id, "provisioning_sp", "sp.foo.example.com")
-    if "OK" not in dev[0].request("REMOVE_CRED provisioning_sp=sp.foo.example.com"):
-        raise Exception("REMOVE_CRED failed")
-    creds = dev[0].request("LIST_CREDS")
-    if "foo.example.com" in creds:
-        raise Exception("REMOVE_CRED provisioning_sp did not remove cred")
-    if "bar.example.com" not in creds:
-        raise Exception("REMOVE_CRED provisioning_sp removed incorrect cred")
-    dev[0].request("REMOVE_CRED all")
-
-    # Test large number of creds and LIST_CREDS truncation
-    dev[0].dump_monitor()
-    for i in range(0, 100):
-        id = add_cred(dev[0])
-        set_cred_quoted(dev[0], id, "realm", "relatively.long.realm.test%d.example.com" % i)
-        dev[0].dump_monitor()
-    creds = dev[0].request("LIST_CREDS")
-    for i in range(0, 100):
-        dev[0].remove_cred(i)
-        dev[0].dump_monitor()
-    if len(creds) < 3900 or len(creds) > 4100:
-        raise Exception("Unexpected LIST_CREDS length: %d" % len(creds))
-    if "test10.example.com" not in creds:
-        raise Exception("Missing credential")
-    if len(creds.splitlines()) > 95:
-        raise Exception("Too many LIST_CREDS entries in the buffer")
-
-def test_wpas_ctrl_pno(dev):
-    """wpa_supplicant ctrl_iface pno"""
-    if "FAIL" not in dev[0].request("SET pno 1"):
-        raise Exception("Unexpected success in enabling PNO without enabled network blocks")
-    id = dev[0].add_network()
-    dev[0].set_network_quoted(id, "ssid", "test")
-    dev[0].set_network(id, "key_mgmt", "NONE")
-    dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect")
-    #mac80211_hwsim does not yet support PNO, so this fails
-    if "FAIL" not in dev[0].request("SET pno 1"):
-        raise Exception("Unexpected success in enabling PNO")
-    if "FAIL" not in dev[0].request("SET pno 1 freq=2000-3000,5180"):
-        raise Exception("Unexpected success in enabling PNO")
-    if "FAIL" not in dev[0].request("SET pno 1 freq=0-6000"):
-        raise Exception("Unexpected success in enabling PNO")
-    if "FAIL" in dev[0].request("SET pno 0"):
-        raise Exception("Unexpected failure in disabling PNO")
-
-@remote_compatible
-def test_wpas_ctrl_get(dev):
-    """wpa_supplicant ctrl_iface get"""
-    if "FAIL" in dev[0].request("GET version"):
-        raise Exception("Unexpected get failure for version")
-    if "FAIL" in dev[0].request("GET wifi_display"):
-        raise Exception("Unexpected get failure for wifi_display")
-    if "FAIL" not in dev[0].request("GET foo"):
-        raise Exception("Unexpected success on get command")
-
-    dev[0].set("wifi_display", "0")
-    if dev[0].request("GET wifi_display") != '0':
-        raise Exception("Unexpected wifi_display value")
-    dev[0].set("wifi_display", "1")
-    if dev[0].request("GET wifi_display") != '1':
-        raise Exception("Unexpected wifi_display value")
-    dev[0].request("P2P_SET disabled 1")
-    if dev[0].request("GET wifi_display") != '0':
-        raise Exception("Unexpected wifi_display value (P2P disabled)")
-    dev[0].request("P2P_SET disabled 0")
-    if dev[0].request("GET wifi_display") != '1':
-        raise Exception("Unexpected wifi_display value (P2P re-enabled)")
-    dev[0].set("wifi_display", "0")
-    if dev[0].request("GET wifi_display") != '0':
-        raise Exception("Unexpected wifi_display value")
-
-@remote_compatible
-def test_wpas_ctrl_preauth(dev):
-    """wpa_supplicant ctrl_iface preauth"""
-    if "FAIL" not in dev[0].request("PREAUTH "):
-        raise Exception("Unexpected success on invalid PREAUTH")
-    if "FAIL" in dev[0].request("PREAUTH 00:11:22:33:44:55"):
-        raise Exception("Unexpected failure on PREAUTH")
-
-@remote_compatible
-def test_wpas_ctrl_tdls_discover(dev):
-    """wpa_supplicant ctrl_iface tdls_discover"""
-    if "FAIL" not in dev[0].request("TDLS_DISCOVER "):
-        raise Exception("Unexpected success on invalid TDLS_DISCOVER")
-    if "FAIL" not in dev[0].request("TDLS_DISCOVER 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on TDLS_DISCOVER")
-
-@remote_compatible
-def test_wpas_ctrl_tdls_chan_switch(dev):
-    """wpa_supplicant ctrl_iface tdls_chan_switch error cases"""
-    for args in ['', '00:11:22:33:44:55']:
-        if "FAIL" not in dev[0].request("TDLS_CANCEL_CHAN_SWITCH " + args):
-            raise Exception("Unexpected success on invalid TDLS_CANCEL_CHAN_SWITCH: " + args)
-
-    for args in ['', 'foo ', '00:11:22:33:44:55 ', '00:11:22:33:44:55 q',
-                 '00:11:22:33:44:55 81', '00:11:22:33:44:55 81 1234',
-                 '00:11:22:33:44:55 81 1234 center_freq1=234 center_freq2=345 bandwidth=456 sec_channel_offset=567 ht vht']:
-        if "FAIL" not in dev[0].request("TDLS_CHAN_SWITCH " + args):
-            raise Exception("Unexpected success on invalid TDLS_CHAN_SWITCH: " + args)
-
-@remote_compatible
-def test_wpas_ctrl_addr(dev):
-    """wpa_supplicant ctrl_iface invalid address"""
-    if "FAIL" not in dev[0].request("TDLS_SETUP "):
-        raise Exception("Unexpected success on invalid TDLS_SETUP")
-    if "FAIL" not in dev[0].request("TDLS_TEARDOWN "):
-        raise Exception("Unexpected success on invalid TDLS_TEARDOWN")
-    if "FAIL" not in dev[0].request("FT_DS "):
-        raise Exception("Unexpected success on invalid FT_DS")
-    if "FAIL" not in dev[0].request("WPS_PBC 00:11:22:33:44"):
-        raise Exception("Unexpected success on invalid WPS_PBC")
-    if "FAIL" not in dev[0].request("WPS_PIN 00:11:22:33:44"):
-        raise Exception("Unexpected success on invalid WPS_PIN")
-    if "FAIL" not in dev[0].request("WPS_NFC 00:11:22:33:44"):
-        raise Exception("Unexpected success on invalid WPS_NFC")
-    if "FAIL" not in dev[0].request("WPS_REG 00:11:22:33:44 12345670"):
-        raise Exception("Unexpected success on invalid WPS_REG")
-    if "FAIL" not in dev[0].request("IBSS_RSN 00:11:22:33:44"):
-        raise Exception("Unexpected success on invalid IBSS_RSN")
-    if "FAIL" not in dev[0].request("BSSID_IGNORE 00:11:22:33:44"):
-        raise Exception("Unexpected success on invalid BSSID_IGNORE")
-
-@remote_compatible
-def test_wpas_ctrl_wps_errors(dev):
-    """wpa_supplicant ctrl_iface WPS error cases"""
-    if "FAIL" not in dev[0].request("WPS_REG 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on invalid WPS_REG")
-    if "FAIL" not in dev[0].request("WPS_REG 00:11:22:33:44:55 12345670 2233"):
-        raise Exception("Unexpected success on invalid WPS_REG")
-    if "FAIL" not in dev[0].request("WPS_REG 00:11:22:33:44:55 12345670 2233 OPEN"):
-        raise Exception("Unexpected success on invalid WPS_REG")
-    if "FAIL" not in dev[0].request("WPS_REG 00:11:22:33:44:55 12345670 2233 OPEN NONE"):
-        raise Exception("Unexpected success on invalid WPS_REG")
-
-    if "FAIL" not in dev[0].request("WPS_AP_PIN random"):
-        raise Exception("Unexpected success on WPS_AP_PIN in non-AP mode")
-
-    if "FAIL" not in dev[0].request("WPS_ER_PIN any"):
-        raise Exception("Unexpected success on invalid WPS_ER_PIN")
-
-    if "FAIL" not in dev[0].request("WPS_ER_LEARN 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on invalid WPS_ER_LEARN")
-
-    if "FAIL" not in dev[0].request("WPS_ER_SET_CONFIG 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on invalid WPS_ER_SET_CONFIG")
-
-    if "FAIL" not in dev[0].request("WPS_ER_CONFIG 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on invalid WPS_ER_CONFIG")
-    if "FAIL" not in dev[0].request("WPS_ER_CONFIG 00:11:22:33:44:55 12345670"):
-        raise Exception("Unexpected success on invalid WPS_ER_CONFIG")
-    if "FAIL" not in dev[0].request("WPS_ER_CONFIG 00:11:22:33:44:55 12345670 2233"):
-        raise Exception("Unexpected success on invalid WPS_ER_CONFIG")
-    if "FAIL" not in dev[0].request("WPS_ER_CONFIG 00:11:22:33:44:55 12345670 2233 OPEN"):
-        raise Exception("Unexpected success on invalid WPS_ER_CONFIG")
-    if "FAIL" not in dev[0].request("WPS_ER_CONFIG 00:11:22:33:44:55 12345670 2233 OPEN NONE"):
-        raise Exception("Unexpected success on invalid WPS_ER_CONFIG")
-
-    if "FAIL" not in dev[0].request("WPS_ER_NFC_CONFIG_TOKEN WPS"):
-        raise Exception("Unexpected success on invalid WPS_ER_NFC_CONFIG_TOKEN")
-    if "FAIL" not in dev[0].request("WPS_ER_NFC_CONFIG_TOKEN FOO 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on invalid WPS_ER_NFC_CONFIG_TOKEN")
-    if "FAIL" not in dev[0].request("WPS_ER_NFC_CONFIG_TOKEN NDEF 00:11:22:33:44:55"):
-        raise Exception("Unexpected success on invalid WPS_ER_NFC_CONFIG_TOKEN")
-
-    if "FAIL" not in dev[0].request("WPS_NFC_CONFIG_TOKEN FOO"):
-        raise Exception("Unexpected success on invalid WPS_NFC_CONFIG_TOKEN")
-    if "FAIL" not in dev[0].request("WPS_NFC_CONFIG_TOKEN WPS FOO"):
-        raise Exception("Unexpected success on invalid WPS_NFC_CONFIG_TOKEN")
-    if "FAIL" not in dev[0].request("WPS_NFC_TOKEN FOO"):
-        raise Exception("Unexpected success on invalid WPS_NFC_TOKEN")
-
-@remote_compatible
-def test_wpas_ctrl_config_parser(dev):
-    """wpa_supplicant ctrl_iface SET config parser"""
-    if "FAIL" not in dev[0].request("SET pbc_in_m1 qwerty"):
-        raise Exception("Non-number accepted as integer")
-    if "FAIL" not in dev[0].request("SET eapol_version 0"):
-        raise Exception("Out-of-range value accepted")
-    if "FAIL" not in dev[0].request("SET eapol_version 10"):
-        raise Exception("Out-of-range value accepted")
-
-    if "FAIL" not in dev[0].request("SET serial_number 0123456789abcdef0123456789abcdef0"):
-        raise Exception("Too long string accepted")
-
-@remote_compatible
-def test_wpas_ctrl_mib(dev):
-    """wpa_supplicant ctrl_iface MIB"""
-    mib = dev[0].get_mib()
-    if "dot11RSNAOptionImplemented" not in mib:
-        raise Exception("Missing MIB entry")
-    if mib["dot11RSNAOptionImplemented"] != "TRUE":
-        raise Exception("Unexpected dot11RSNAOptionImplemented value")
-
-def test_wpas_ctrl_set_wps_params(dev):
-    """wpa_supplicant ctrl_iface SET config_methods"""
-    try:
-        _test_wpas_ctrl_set_wps_params(dev)
-    finally:
-        dev[2].request("SET config_methods ")
-
-def _test_wpas_ctrl_set_wps_params(dev):
-    ts = ["config_methods label virtual_display virtual_push_button keypad",
-          "device_type 1-0050F204-1",
-          "os_version 01020300",
-          "uuid 12345678-9abc-def0-1234-56789abcdef0"]
-    for t in ts:
-        if "OK" not in dev[2].request("SET " + t):
-            raise Exception("SET failed for: " + t)
-
-    ts = ["uuid 12345678+9abc-def0-1234-56789abcdef0",
-          "uuid 12345678-qabc-def0-1234-56789abcdef0",
-          "uuid 12345678-9abc+def0-1234-56789abcdef0",
-          "uuid 12345678-9abc-qef0-1234-56789abcdef0",
-          "uuid 12345678-9abc-def0+1234-56789abcdef0",
-          "uuid 12345678-9abc-def0-q234-56789abcdef0",
-          "uuid 12345678-9abc-def0-1234+56789abcdef0",
-          "uuid 12345678-9abc-def0-1234-q6789abcdef0",
-          "uuid qwerty"]
-    for t in ts:
-        if "FAIL" not in dev[2].request("SET " + t):
-            raise Exception("SET succeeded for: " + t)
-
-def test_wpas_ctrl_level(dev):
-    """wpa_supplicant ctrl_iface LEVEL"""
-    try:
-        if "FAIL" not in dev[2].request("LEVEL 3"):
-            raise Exception("Unexpected LEVEL success")
-        if "OK" not in dev[2].mon.request("LEVEL 2"):
-            raise Exception("Unexpected LEVEL failure")
-        dev[2].request("SCAN freq=2412")
-        ev = dev[2].wait_event(["State:"], timeout=5)
-        if ev is None:
-            raise Exception("No debug message received")
-        dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=5)
-    finally:
-        dev[2].mon.request("LEVEL 3")
-
-@remote_compatible
-def test_wpas_ctrl_bssid_filter(dev, apdev):
-    """wpa_supplicant bssid_filter"""
-    try:
-        if "OK" not in dev[2].request("SET bssid_filter " + apdev[0]['bssid']):
-            raise Exception("Failed to set bssid_filter")
-        params = {"ssid": "test"}
-        hostapd.add_ap(apdev[0], params)
-        hostapd.add_ap(apdev[1], params)
-        dev[2].scan_for_bss(apdev[0]['bssid'], freq="2412")
-        dev[2].scan(freq="2412")
-        bss = dev[2].get_bss(apdev[0]['bssid'])
-        if bss is None or len(bss) == 0:
-            raise Exception("Missing BSS data")
-        bss = dev[2].get_bss(apdev[1]['bssid'])
-        if bss and len(bss) != 0:
-            raise Exception("Unexpected BSS data")
-        dev[2].request("SET bssid_filter " + apdev[0]['bssid'] + " " + \
-                       apdev[1]['bssid'])
-        dev[2].scan(freq="2412")
-        bss = dev[2].get_bss(apdev[0]['bssid'])
-        if bss is None or len(bss) == 0:
-            raise Exception("Missing BSS data")
-        bss = dev[2].get_bss(apdev[1]['bssid'])
-        if bss is None or len(bss) == 0:
-            raise Exception("Missing BSS data(2)")
-        res = dev[2].request("SCAN_RESULTS").splitlines()
-        if "test" not in res[1] or "test" not in res[2]:
-            raise Exception("SSID missing from SCAN_RESULTS")
-        if apdev[0]['bssid'] not in res[1] and apdev[1]['bssid'] not in res[1]:
-            raise Exception("BSS1 missing from SCAN_RESULTS")
-        if apdev[0]['bssid'] not in res[2] and apdev[1]['bssid'] not in res[2]:
-            raise Exception("BSS1 missing from SCAN_RESULTS")
-
-        if "FAIL" not in dev[2].request("SET bssid_filter 00:11:22:33:44:55 00:11:22:33:44"):
-            raise Exception("Unexpected success for invalid SET bssid_filter")
-    finally:
-        dev[2].request("SET bssid_filter ")
-
-@remote_compatible
-def test_wpas_ctrl_disallow_aps(dev, apdev):
-    """wpa_supplicant ctrl_iface disallow_aps"""
-    params = {"ssid": "test"}
-    hostapd.add_ap(apdev[0], params)
-
-    if "FAIL" not in dev[0].request("SET disallow_aps bssid "):
-        raise Exception("Unexpected success on invalid disallow_aps")
-    if "FAIL" not in dev[0].request("SET disallow_aps bssid 00:11:22:33:44"):
-        raise Exception("Unexpected success on invalid disallow_aps")
-    if "FAIL" not in dev[0].request("SET disallow_aps ssid 0"):
-        raise Exception("Unexpected success on invalid disallow_aps")
-    if "FAIL" not in dev[0].request("SET disallow_aps ssid 4q"):
-        raise Exception("Unexpected success on invalid disallow_aps")
-    if "FAIL" not in dev[0].request("SET disallow_aps bssid 00:11:22:33:44:55 ssid 112233 ssid 123"):
-        raise Exception("Unexpected success on invalid disallow_aps")
-    if "FAIL" not in dev[0].request("SET disallow_aps ssid 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f00"):
-        raise Exception("Unexpected success on invalid disallow_aps")
-    if "FAIL" not in dev[0].request("SET disallow_aps foo 112233445566"):
-        raise Exception("Unexpected success on invalid disallow_aps")
-
-    dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    hostapd.add_ap(apdev[1], params)
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("SET disallow_aps bssid 00:11:22:33:44:55 bssid 00:22:33:44:55:66"):
-        raise Exception("Failed to set disallow_aps")
-    if "OK" not in dev[0].request("SET disallow_aps bssid " + apdev[0]['bssid']):
-        raise Exception("Failed to set disallow_aps")
-    ev = dev[0].wait_connected(timeout=30, error="Reassociation timed out")
-    if apdev[1]['bssid'] not in ev:
-        raise Exception("Unexpected BSSID")
-
-    dev[0].dump_monitor()
-    if "OK" not in dev[0].request("SET disallow_aps ssid " + binascii.hexlify(b"test").decode()):
-        raise Exception("Failed to set disallow_aps")
-    dev[0].wait_disconnected(timeout=5, error="Disconnection not seen")
-    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected reassociation")
-
-    dev[0].request("DISCONNECT")
-    dev[0].p2p_start_go(freq=2412)
-    if "OK" not in dev[0].request("SET disallow_aps "):
-        raise Exception("Failed to set disallow_aps")
-
-@remote_compatible
-def test_wpas_ctrl_blob(dev):
-    """wpa_supplicant ctrl_iface SET blob"""
-    if "FAIL" not in dev[0].request("SET blob foo"):
-        raise Exception("Unexpected SET success")
-    if "FAIL" not in dev[0].request("SET blob foo 0"):
-        raise Exception("Unexpected SET success")
-    if "FAIL" not in dev[0].request("SET blob foo 0q"):
-        raise Exception("Unexpected SET success")
-    if "OK" not in dev[0].request("SET blob foo 00"):
-        raise Exception("Unexpected SET failure")
-    if "OK" not in dev[0].request("SET blob foo 0011"):
-        raise Exception("Unexpected SET failure")
-
-@remote_compatible
-def test_wpas_ctrl_set_uapsd(dev):
-    """wpa_supplicant ctrl_iface SET uapsd"""
-    if "FAIL" not in dev[0].request("SET uapsd foo"):
-        raise Exception("Unexpected SET success")
-    if "FAIL" not in dev[0].request("SET uapsd 0,0,0"):
-        raise Exception("Unexpected SET success")
-    if "FAIL" not in dev[0].request("SET uapsd 0,0"):
-        raise Exception("Unexpected SET success")
-    if "FAIL" not in dev[0].request("SET uapsd 0"):
-        raise Exception("Unexpected SET success")
-    if "OK" not in dev[0].request("SET uapsd 1,1,1,1;1"):
-        raise Exception("Unexpected SET failure")
-    if "OK" not in dev[0].request("SET uapsd 0,0,0,0;0"):
-        raise Exception("Unexpected SET failure")
-    if "OK" not in dev[0].request("SET uapsd disable"):
-        raise Exception("Unexpected SET failure")
-
-def test_wpas_ctrl_set(dev):
-    """wpa_supplicant ctrl_iface SET"""
-    vals = ["foo",
-            "ampdu 0",
-            "radio_disable 0",
-            "ps 10",
-            "dot11RSNAConfigPMKLifetime 0",
-            "dot11RSNAConfigPMKReauthThreshold 101",
-            "dot11RSNAConfigSATimeout 0",
-            "wps_version_number -1",
-            "wps_version_number 256",
-            "fst_group_id ",
-            "fst_llt 0"]
-    for val in vals:
-        if "FAIL" not in dev[0].request("SET " + val):
-            raise Exception("Unexpected SET success for " + val)
-
-    vals = ["ps 1"]
-    for val in vals:
-        dev[0].request("SET " + val)
-
-    vals = ["EAPOL::heldPeriod 60",
-            "EAPOL::authPeriod 30",
-            "EAPOL::startPeriod 30",
-            "EAPOL::maxStart 3",
-            "dot11RSNAConfigSATimeout 60",
-            "ps -1",
-            "ps 0",
-            "no_keep_alive 0",
-            "tdls_disabled 1",
-            "tdls_disabled 0"]
-    for val in vals:
-        if "OK" not in dev[0].request("SET " + val):
-            raise Exception("Unexpected SET failure for " + val)
-
-    # This fails if wpa_supplicant is built with loadable EAP peer method
-    # support due to missing file and succeeds if no support for loadable
-    # methods is included, so don't check the return value for now.
-    dev[0].request("SET load_dynamic_eap /tmp/hwsim-eap-not-found.so")
-
-@remote_compatible
-def test_wpas_ctrl_get_capability(dev):
-    """wpa_supplicant ctrl_iface GET_CAPABILITY"""
-    if "FAIL" not in dev[0].request("GET_CAPABILITY 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"):
-        raise Exception("Unexpected success on invalid GET_CAPABILITY")
-    if "FAIL" not in dev[0].request("GET_CAPABILITY eap foo"):
-        raise Exception("Unexpected success on invalid GET_CAPABILITY")
-    if "AP" not in dev[0].request("GET_CAPABILITY modes strict"):
-        raise Exception("Unexpected GET_CAPABILITY response")
-    res = dev[0].get_capability("eap")
-    if "TTLS" not in res:
-        raise Exception("Unexpected GET_CAPABILITY eap response: " + str(res))
-
-    res = dev[0].get_capability("pairwise")
-    if "CCMP" not in res:
-        raise Exception("Unexpected GET_CAPABILITY pairwise response: " + str(res))
-
-    res = dev[0].get_capability("group")
-    if "CCMP" not in res:
-        raise Exception("Unexpected GET_CAPABILITY group response: " + str(res))
-
-    res = dev[0].get_capability("key_mgmt")
-    if "WPA-PSK" not in res or "WPA-EAP" not in res:
-        raise Exception("Unexpected GET_CAPABILITY key_mgmt response: " + str(res))
-
-    res = dev[0].get_capability("key_mgmt iftype=STATION")
-    if "WPA-PSK" not in res or "WPA-EAP" not in res:
-        raise Exception("Unexpected GET_CAPABILITY key_mgmt iftype=STATION response: " + str(res))
-
-    iftypes = [ "STATION", "AP_VLAN", "AP", "P2P_GO", "P2P_CLIENT",
-                "P2P_DEVICE", "MESH", "IBSS", "NAN", "UNKNOWN" ]
-    for i in iftypes:
-        res = dev[0].get_capability("key_mgmt iftype=" + i)
-        logger.info("GET_CAPABILITY key_mgmt iftype=%s: %s" % (i, res))
-
-    res = dev[0].get_capability("proto")
-    if "WPA" not in res or "RSN" not in res:
-        raise Exception("Unexpected GET_CAPABILITY proto response: " + str(res))
-
-    res = dev[0].get_capability("auth_alg")
-    if "OPEN" not in res or "SHARED" not in res:
-        raise Exception("Unexpected GET_CAPABILITY auth_alg response: " + str(res))
-
-    res = dev[0].get_capability("modes")
-    if "IBSS" not in res or "AP" not in res:
-        raise Exception("Unexpected GET_CAPABILITY modes response: " + str(res))
-
-    res = dev[0].get_capability("channels")
-    if "8" not in res or "36" not in res:
-        raise Exception("Unexpected GET_CAPABILITY channels response: " + str(res))
-
-    res = dev[0].get_capability("freq")
-    if "2457" not in res or "5180" not in res:
-        raise Exception("Unexpected GET_CAPABILITY freq response: " + str(res))
-
-    res = dev[0].get_capability("tdls")
-    if "EXTERNAL" not in res[0]:
-        raise Exception("Unexpected GET_CAPABILITY tdls response: " + str(res))
-
-    res = dev[0].get_capability("erp")
-    if res is None or "ERP" not in res[0]:
-        raise Exception("Unexpected GET_CAPABILITY erp response: " + str(res))
-
-    if dev[0].get_capability("foo") is not None:
-        raise Exception("Unexpected GET_CAPABILITY foo response: " + str(res))
-
-@remote_compatible
-def test_wpas_ctrl_nfc_report_handover(dev):
-    """wpa_supplicant ctrl_iface NFC_REPORT_HANDOVER"""
-    vals = ["FOO",
-            "ROLE freq=12345",
-            "ROLE TYPE",
-            "ROLE TYPE REQ",
-            "ROLE TYPE REQ SEL",
-            "ROLE TYPE 0Q SEL",
-            "ROLE TYPE 00 SEL",
-            "ROLE TYPE 00 0Q",
-            "ROLE TYPE 00 00"]
-    for v in vals:
-        if "FAIL" not in dev[0].request("NFC_REPORT_HANDOVER " + v):
-            raise Exception("Unexpected NFC_REPORT_HANDOVER success for " + v)
-
-@remote_compatible
-def test_wpas_ctrl_nfc_tag_read(dev):
-    """wpa_supplicant ctrl_iface WPS_NFC_TAG_READ"""
-    vals = ["FOO", "0Q", "00", "000000", "10000001", "10000000", "00000000",
-            "100e0000", "100e0001ff", "100e000411110000", "100e0004100e0001"]
-    for v in vals:
-        if "FAIL" not in dev[0].request("WPS_NFC_TAG_READ " + v):
-            raise Exception("Unexpected WPS_NFC_TAG_READ success for " + v)
-
-@remote_compatible
-def test_wpas_ctrl_nfc_get_handover(dev):
-    """wpa_supplicant ctrl_iface NFC_GET_HANDOVER"""
-    vals = ["FOO", "FOO BAR", "WPS WPS", "WPS WPS-CR", "WPS FOO", "NDEF P2P"]
-    for v in vals:
-        if "FAIL" not in dev[0].request("NFC_GET_HANDOVER_REQ " + v):
-            raise Exception("Unexpected NFC_GET_HANDOVER_REQ success for " + v)
-
-    vals = ["NDEF WPS", "NDEF P2P-CR", "WPS P2P-CR"]
-    for v in vals:
-        if "FAIL" in dev[0].request("NFC_GET_HANDOVER_REQ " + v):
-            raise Exception("Unexpected NFC_GET_HANDOVER_REQ failure for " + v)
-
-    vals = ["FOO", "FOO BAR", "WPS WPS", "WPS WPS-CR", "WPS FOO", "NDEF P2P",
-            "NDEF WPS", "NDEF WPS uuid"]
-    for v in vals:
-        if "FAIL" not in dev[0].request("NFC_GET_HANDOVER_SEL " + v):
-            raise Exception("Unexpected NFC_GET_HANDOVER_SEL success for " + v)
-
-    vals = ["NDEF P2P-CR", "WPS P2P-CR", "NDEF P2P-CR-TAG",
-            "WPS P2P-CR-TAG"]
-    for v in vals:
-        if "FAIL" in dev[0].request("NFC_GET_HANDOVER_SEL " + v):
-            raise Exception("Unexpected NFC_GET_HANDOVER_SEL failure for " + v)
-
-def get_bssid_ignore_list(dev):
-    return dev.request("BSSID_IGNORE").splitlines()
-
-@remote_compatible
-def test_wpas_ctrl_bssid_ignore(dev):
-    """wpa_supplicant ctrl_iface BSSID_IGNORE"""
-    if "OK" not in dev[0].request("BSSID_IGNORE clear"):
-        raise Exception("BSSID_IGNORE clear failed")
-    b = get_bssid_ignore_list(dev[0])
-    if len(b) != 0:
-        raise Exception("Unexpected BSSID ignore list contents: " + str(b))
-    if "OK" not in dev[0].request("BSSID_IGNORE 00:11:22:33:44:55"):
-        raise Exception("BSSID_IGNORE add failed")
-    b = get_bssid_ignore_list(dev[0])
-    if "00:11:22:33:44:55" not in b:
-        raise Exception("Unexpected BSSID ignore list contents: " + str(b))
-    if "OK" not in dev[0].request("BSSID_IGNORE 00:11:22:33:44:56"):
-        raise Exception("BSSID_IGNORE add failed")
-    b = get_bssid_ignore_list(dev[0])
-    if "00:11:22:33:44:55" not in b or "00:11:22:33:44:56" not in b:
-        raise Exception("Unexpected BSSID ignore list contents: " + str(b))
-    if "OK" not in dev[0].request("BSSID_IGNORE 00:11:22:33:44:56"):
-        raise Exception("BSSID_IGNORE add failed")
-    b = get_bssid_ignore_list(dev[0])
-    if "00:11:22:33:44:55" not in b or "00:11:22:33:44:56" not in b or len(b) != 2:
-        raise Exception("Unexpected BSSID ignore list contents: " + str(b))
-
-    if "OK" not in dev[0].request("BSSID_IGNORE clear"):
-        raise Exception("BSSID_IGNORE clear failed")
-    if dev[0].request("BSSID_IGNORE") != "":
-        raise Exception("Unexpected BSSID ignore list contents")
-
-@remote_compatible
-def test_wpas_ctrl_bssid_ignore_oom(dev):
-    """wpa_supplicant ctrl_iface BSSID_IGNORE and out-of-memory"""
-    with alloc_fail(dev[0], 1, "wpa_bssid_ignore_add"):
-        if "FAIL" not in dev[0].request("BSSID_IGNORE aa:bb:cc:dd:ee:ff"):
-            raise Exception("Unexpected success with allocation failure")
-
-def test_wpas_ctrl_log_level(dev):
-    """wpa_supplicant ctrl_iface LOG_LEVEL"""
-    level = dev[2].request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(1): " + level)
-    if "Timestamp: 1" not in level:
-        raise Exception("Unexpected timestamp(1): " + level)
-
-    if "OK" not in dev[2].request("LOG_LEVEL  MSGDUMP  0"):
-        raise Exception("LOG_LEVEL failed")
-    level = dev[2].request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(2): " + level)
-    if "Timestamp: 0" not in level:
-        raise Exception("Unexpected timestamp(2): " + level)
-
-    if "OK" not in dev[2].request("LOG_LEVEL  MSGDUMP  1"):
-        raise Exception("LOG_LEVEL failed")
-    level = dev[2].request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(3): " + level)
-    if "Timestamp: 1" not in level:
-        raise Exception("Unexpected timestamp(3): " + level)
-
-    if "FAIL" not in dev[2].request("LOG_LEVEL FOO"):
-        raise Exception("Invalid LOG_LEVEL accepted")
-
-    for lev in ["EXCESSIVE", "MSGDUMP", "DEBUG", "INFO", "WARNING", "ERROR"]:
-        if "OK" not in dev[2].request("LOG_LEVEL " + lev):
-            raise Exception("LOG_LEVEL failed for " + lev)
-        level = dev[2].request("LOG_LEVEL")
-        if "Current level: " + lev not in level:
-            raise Exception("Unexpected debug level: " + level)
-
-    if "OK" not in dev[2].request("LOG_LEVEL  MSGDUMP  1"):
-        raise Exception("LOG_LEVEL failed")
-    level = dev[2].request("LOG_LEVEL")
-    if "Current level: MSGDUMP" not in level:
-        raise Exception("Unexpected debug level(3): " + level)
-    if "Timestamp: 1" not in level:
-        raise Exception("Unexpected timestamp(3): " + level)
-
-@remote_compatible
-def test_wpas_ctrl_enable_disable_network(dev, apdev):
-    """wpa_supplicant ctrl_iface ENABLE/DISABLE_NETWORK"""
-    params = {"ssid": "test"}
-    hostapd.add_ap(apdev[0], params)
-
-    id = dev[0].connect("test", key_mgmt="NONE", scan_freq="2412",
-                        only_add_network=True)
-    if "OK" not in dev[0].request("DISABLE_NETWORK " + str(id)):
-        raise Exception("Failed to disable network")
-    if "OK" not in dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect"):
-        raise Exception("Failed to enable network")
-    if "OK" not in dev[0].request("DISABLE_NETWORK all"):
-        raise Exception("Failed to disable networks")
-    if "OK" not in dev[0].request("ENABLE_NETWORK " + str(id)):
-        raise Exception("Failed to enable network")
-    dev[0].wait_connected(timeout=10)
-    if "OK" not in dev[0].request("DISABLE_NETWORK " + str(id)):
-        raise Exception("Failed to disable network")
-    dev[0].wait_disconnected(timeout=10)
-    time.sleep(0.1)
-
-    if "OK" not in dev[0].request("ENABLE_NETWORK all"):
-        raise Exception("Failed to enable network")
-    dev[0].wait_connected(timeout=10)
-    if "OK" not in dev[0].request("DISABLE_NETWORK all"):
-        raise Exception("Failed to disable network")
-    dev[0].wait_disconnected(timeout=10)
-
-def test_wpas_ctrl_country(dev, apdev):
-    """wpa_supplicant SET/GET country code"""
-    try:
-        # work around issues with possible pending regdom event from the end of
-        # the previous test case
-        time.sleep(0.2)
-        dev[0].dump_monitor()
-
-        if "OK" not in dev[0].request("SET country FI"):
-            raise Exception("Failed to set country code")
-        if dev[0].request("GET country") != "FI":
-            raise Exception("Country code set failed")
-        ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"], 10)
-        if ev is None:
-            raise Exception("regdom change event not seen")
-        if "init=USER type=COUNTRY alpha2=FI" not in ev:
-            raise Exception("Unexpected event contents: " + ev)
-        dev[0].request("SET country 00")
-        if dev[0].request("GET country") != "00":
-            raise Exception("Country code set failed")
-        ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"], 10)
-        if ev is None:
-            raise Exception("regdom change event not seen")
-        # init=CORE was previously used due to invalid db.txt data for 00. For
-        # now, allow both it and the new init=USER after fixed db.txt.
-        if "init=CORE type=WORLD" not in ev and "init=USER type=WORLD" not in ev:
-            raise Exception("Unexpected event contents: " + ev)
-    finally:
-        subprocess.call(['iw', 'reg', 'set', '00'])
-
-def test_wpas_ctrl_suspend_resume(dev):
-    """wpa_supplicant SUSPEND/RESUME"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    if "OK" not in wpas.global_request("SUSPEND"):
-        raise Exception("SUSPEND failed")
-    time.sleep(1)
-    if "OK" not in wpas.global_request("RESUME"):
-        raise Exception("RESUME failed")
-    if "OK" not in wpas.request("SUSPEND"):
-        raise Exception("Per-interface SUSPEND failed")
-    if "OK" not in wpas.request("RESUME"):
-        raise Exception("Per-interface RESUME failed")
-    ev = wpas.wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
-    if ev is None:
-        raise Exception("Scan not completed")
-
-def test_wpas_ctrl_global(dev):
-    """wpa_supplicant global control interface"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-
-    if "PONG" not in wpas.global_request("PING"):
-        raise Exception("PING failed")
-    if "wlan5" not in wpas.global_request("INTERFACES"):
-        raise Exception("Interface not found")
-    if "UNKNOWN COMMAND" not in wpas.global_request("FOO"):
-        raise Exception("Unexpected response to unknown command")
-    if "PONG" not in wpas.global_request("IFNAME=wlan5 PING"):
-        raise Exception("Per-interface PING failed")
-    if "FAIL-NO-IFNAME-MATCH" not in wpas.global_request("IFNAME=notfound PING"):
-        raise Exception("Unknown interface not reported correctly")
-    if "FAIL" not in wpas.global_request("SAVE_CONFIG"):
-        raise Exception("SAVE_CONFIG succeeded unexpectedly")
-    if "OK" not in wpas.global_request("SET wifi_display 0"):
-        raise Exception("SET failed")
-    if "wifi_display=0" not in wpas.global_request("STATUS"):
-        raise Exception("wifi_display not disabled")
-    if "OK" not in wpas.global_request("SET wifi_display 1"):
-        raise Exception("SET failed")
-    if "wifi_display=1" not in wpas.global_request("STATUS"):
-        raise Exception("wifi_display not enabled")
-    if "FAIL" not in wpas.global_request("SET foo 1"):
-        raise Exception("SET succeeded unexpectedly")
-
-    if "p2p_state=IDLE" not in wpas.global_request("STATUS"):
-        raise Exception("P2P was disabled")
-    wpas.global_request("P2P_SET disabled 1")
-    if "p2p_state=DISABLED" not in wpas.global_request("STATUS"):
-        raise Exception("P2P was not disabled")
-    wpas.global_request("P2P_SET disabled 0")
-    if "p2p_state=IDLE" not in wpas.global_request("STATUS"):
-        raise Exception("P2P was not enabled")
-
-    # driver_nl80211.c does not support interface list, so do not fail because
-    # of that
-    logger.debug(wpas.global_request("INTERFACE_LIST"))
-
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD "):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf	driver"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf	driver	ctrliface"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf	driver	ctrliface	driverparam"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf	driver	ctrliface	driverparam	bridge"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf	driver	ctrliface	driverparam	bridge	foo"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO					"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-    if "FAIL" not in wpas.global_request("INTERFACE_ADD FOO	conf	driver	ctrliface	driverparam	bridge	create	abcd"):
-        raise Exception("INTERFACE_ADD succeeded unexpectedly")
-
-@remote_compatible
-def test_wpas_ctrl_roam(dev, apdev):
-    """wpa_supplicant ctrl_iface ROAM error cases"""
-    if "FAIL" not in dev[0].request("ROAM 00:11:22:33:44"):
-        raise Exception("Unexpected success")
-    if "FAIL" not in dev[0].request("ROAM 00:11:22:33:44:55"):
-        raise Exception("Unexpected success")
-    params = {"ssid": "test"}
-    hostapd.add_ap(apdev[0], params)
-    id = dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
-    if "FAIL" not in dev[0].request("ROAM 00:11:22:33:44:55"):
-        raise Exception("Unexpected success")
-
-@remote_compatible
-def test_wpas_ctrl_ipaddr(dev, apdev):
-    """wpa_supplicant IP address in STATUS"""
-    try:
-        dev[0].cmd_execute(['ip', 'addr', 'add', '10.174.65.207/32', 'dev',
-                            dev[0].ifname])
-        ipaddr = dev[0].get_status_field('ip_address')
-        if ipaddr != '10.174.65.207':
-            raise Exception("IP address not in STATUS output")
-    finally:
-        dev[0].cmd_execute(['ip', 'addr', 'del', '10.174.65.207/32', 'dev',
-                            dev[0].ifname])
-
-@remote_compatible
-def test_wpas_ctrl_rsp(dev, apdev):
-    """wpa_supplicant ctrl_iface CTRL-RSP-"""
-    if "FAIL" not in dev[0].request("CTRL-RSP-"):
-        raise Exception("Request succeeded unexpectedly")
-    if "FAIL" not in dev[0].request("CTRL-RSP-foo-"):
-        raise Exception("Request succeeded unexpectedly")
-    if "FAIL" not in dev[0].request("CTRL-RSP-foo-1234567"):
-        raise Exception("Request succeeded unexpectedly")
-    if "FAIL" not in dev[0].request("CTRL-RSP-foo-1234567:"):
-        raise Exception("Request succeeded unexpectedly")
-    id = dev[0].add_network()
-    if "FAIL" not in dev[0].request("CTRL-RSP-foo-%d:" % id):
-        raise Exception("Request succeeded unexpectedly")
-    for req in ["IDENTITY", "PASSWORD", "NEW_PASSWORD", "PIN", "OTP",
-                "PASSPHRASE", "SIM"]:
-        if "OK" not in dev[0].request("CTRL-RSP-%s-%d:" % (req, id)):
-            raise Exception("Request failed unexpectedly")
-        if "OK" not in dev[0].request("CTRL-RSP-%s-%d:" % (req, id)):
-            raise Exception("Request failed unexpectedly")
-
-def test_wpas_ctrl_vendor_test(dev, apdev):
-    """wpas_supplicant and VENDOR test command"""
-    OUI_QCA = 0x001374
-    QCA_NL80211_VENDOR_SUBCMD_TEST = 1
-    QCA_WLAN_VENDOR_ATTR_TEST = 8
-    attr = struct.pack("@HHI", 4 + 4, QCA_WLAN_VENDOR_ATTR_TEST, 123)
-    cmd = "VENDOR %x %d %s" % (OUI_QCA, QCA_NL80211_VENDOR_SUBCMD_TEST, binascii.hexlify(attr).decode())
-
-    res = dev[0].request(cmd)
-    if "FAIL" in res:
-        raise Exception("VENDOR command failed")
-    val, = struct.unpack("@I", binascii.unhexlify(res))
-    if val != 125:
-        raise Exception("Incorrect response value")
-
-    res = dev[0].request(cmd + " nested=1")
-    if "FAIL" in res:
-        raise Exception("VENDOR command failed")
-    val, = struct.unpack("@I", binascii.unhexlify(res))
-    if val != 125:
-        raise Exception("Incorrect response value")
-
-    res = dev[0].request(cmd + " nested=0")
-    if "FAIL" not in res:
-        raise Exception("VENDOR command with invalid (not nested) data accepted")
-
-@remote_compatible
-def test_wpas_ctrl_vendor(dev, apdev):
-    """wpa_supplicant ctrl_iface VENDOR"""
-    cmds = ["foo",
-            "1",
-            "1 foo",
-            "1 2foo",
-            "1 2 qq"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("VENDOR " + cmd):
-            raise Exception("Invalid VENDOR command accepted: " + cmd)
-
-@remote_compatible
-def test_wpas_ctrl_mgmt_tx(dev, apdev):
-    """wpa_supplicant ctrl_iface MGMT_TX"""
-    cmds = ["foo",
-            "00:11:22:33:44:55 foo",
-            "00:11:22:33:44:55 11:22:33:44:55:66",
-            "00:11:22:33:44:55 11:22:33:44:55:66 freq=0 no_cck=0 wait_time=0 action=123",
-            "00:11:22:33:44:55 11:22:33:44:55:66 action=12qq"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("MGMT_TX " + cmd):
-            raise Exception("Invalid MGMT_TX command accepted: " + cmd)
-
-    if "OK" not in dev[0].request("MGMT_TX_DONE"):
-        raise Exception("MGMT_TX_DONE failed")
-
-@remote_compatible
-def test_wpas_ctrl_driver_event(dev, apdev):
-    """wpa_supplicant ctrl_iface DRIVER_EVENT"""
-    if "FAIL" not in dev[0].request("DRIVER_EVENT foo"):
-        raise Exception("Invalid DRIVER_EVENT accepted")
-    if "OK" not in dev[0].request("DRIVER_EVENT ASSOC reassoc=1 req_ies=0000 resp_ies=0000 resp_frame=0000 beacon_ies=0000 freq=2412 wmm::info_bitmap=0 wmm::uapsd_queues=0 addr=02:02:02:02:02:02 authorized=0 key_replay_ctr=00 ptk_kck=00 ptk_kek=00 subnet_status=0 fils_erp_next_seq_num=0 fils_pmk=00 fils_pmkid=" + 16*"00"):
-        raise Exception("DRIVER_EVENT ASSOC did not succeed")
-
-@remote_compatible
-def test_wpas_ctrl_eapol_rx(dev, apdev):
-    """wpa_supplicant ctrl_iface EAPOL_RX"""
-    cmds = ["foo",
-            "00:11:22:33:44:55 123",
-            "00:11:22:33:44:55 12qq"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("EAPOL_RX " + cmd):
-            raise Exception("Invalid EAPOL_RX command accepted: " + cmd)
-
-@remote_compatible
-def test_wpas_ctrl_data_test(dev, apdev):
-    """wpa_supplicant ctrl_iface DATA_TEST"""
-    dev[0].request("DATA_TEST_CONFIG 0")
-    if "FAIL" not in dev[0].request("DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 0"):
-        raise Exception("DATA_TEST_TX accepted when not in test mode")
-
-    try:
-        if "OK" not in dev[0].request("DATA_TEST_CONFIG 1"):
-            raise Exception("DATA_TEST_CONFIG failed")
-        if "OK" not in dev[0].request("DATA_TEST_CONFIG 1"):
-            raise Exception("DATA_TEST_CONFIG failed")
-        cmds = ["foo",
-                "00:11:22:33:44:55 foo",
-                "00:11:22:33:44:55 00:11:22:33:44:55 -1",
-                "00:11:22:33:44:55 00:11:22:33:44:55 256"]
-        for cmd in cmds:
-            if "FAIL" not in dev[0].request("DATA_TEST_TX " + cmd):
-                raise Exception("Invalid DATA_TEST_TX command accepted: " + cmd)
-        if "OK" not in dev[0].request("DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 0"):
-            raise Exception("DATA_TEST_TX failed")
-    finally:
-        dev[0].request("DATA_TEST_CONFIG 0")
-
-    cmds = ["",
-            "00",
-            "00112233445566778899aabbccdde",
-            "00112233445566778899aabbccdq"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("DATA_TEST_FRAME " + cmd):
-            raise Exception("Invalid DATA_TEST_FRAME command accepted: " + cmd)
-
-    if "OK" not in dev[0].request("DATA_TEST_FRAME 00112233445566778899aabbccddee"):
-        raise Exception("DATA_TEST_FRAME failed")
-
-@remote_compatible
-def test_wpas_ctrl_vendor_elem(dev, apdev):
-    """wpa_supplicant ctrl_iface VENDOR_ELEM"""
-    if "OK" not in dev[0].request("VENDOR_ELEM_ADD 1 "):
-        raise Exception("VENDOR_ELEM_ADD failed")
-    cmds = ["-1 ",
-            "255 ",
-            "1",
-            "1 123",
-            "1 12qq34"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_ADD " + cmd):
-            raise Exception("Invalid VENDOR_ELEM_ADD command accepted: " + cmd)
-
-    cmds = ["-1 ",
-            "255 "]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_GET " + cmd):
-            raise Exception("Invalid VENDOR_ELEM_GET command accepted: " + cmd)
-
-    dev[0].request("VENDOR_ELEM_REMOVE 1 *")
-    cmds = ["-1 ",
-            "255 ",
-            "1",
-            "1",
-            "1 123",
-            "1 12qq34",
-            "1 12",
-            "1 0000"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_REMOVE " + cmd):
-            raise Exception("Invalid VENDOR_ELEM_REMOVE command accepted: " + cmd)
-
-    dev[0].request("VENDOR_ELEM_ADD 1 000100")
-    if "OK" not in dev[0].request("VENDOR_ELEM_REMOVE 1 "):
-        raise Exception("VENDOR_ELEM_REMOVE failed")
-    cmds = ["-1 ",
-            "255 ",
-            "1",
-            "1 123",
-            "1 12qq34",
-            "1 12",
-            "1 0000"]
-    for cmd in cmds:
-        if "FAIL" not in dev[0].request("VENDOR_ELEM_REMOVE " + cmd):
-            raise Exception("Invalid VENDOR_ELEM_REMOVE command accepted: " + cmd)
-    if "OK" not in dev[0].request("VENDOR_ELEM_REMOVE 1 000100"):
-        raise Exception("VENDOR_ELEM_REMOVE failed")
-
-def test_wpas_ctrl_misc(dev, apdev):
-    """wpa_supplicant ctrl_iface and miscellaneous commands"""
-    if "OK" not in dev[0].request("RELOG"):
-        raise Exception("RELOG failed")
-    if dev[0].request("IFNAME") != dev[0].ifname:
-        raise Exception("IFNAME returned unexpected response")
-    if "FAIL" not in dev[0].request("REATTACH"):
-        raise Exception("REATTACH accepted while disabled")
-    if "OK" not in dev[2].request("RECONFIGURE"):
-        raise Exception("RECONFIGURE failed")
-    if "FAIL" in dev[0].request("INTERFACE_LIST"):
-        raise Exception("INTERFACE_LIST failed")
-    if "UNKNOWN COMMAND" not in dev[0].request("FOO"):
-        raise Exception("Unknown command accepted")
-
-    if "FAIL" not in dev[0].global_request("INTERFACE_REMOVE foo"):
-        raise Exception("Invalid INTERFACE_REMOVE accepted")
-    if "FAIL" not in dev[0].global_request("SET foo"):
-        raise Exception("Invalid global SET accepted")
-
-@remote_compatible
-def test_wpas_ctrl_dump(dev, apdev):
-    """wpa_supplicant ctrl_iface and DUMP/GET global parameters"""
-    vals = dev[0].get_config()
-    logger.info("Config values from DUMP: " + str(vals))
-    for field in vals:
-        res = dev[0].request("GET " + field)
-        if res == 'FAIL\n':
-            res = "null"
-        if res != vals[field]:
-            print("'{}' != '{}'".format(res, vals[field]))
-            raise Exception("Mismatch in config field " + field)
-    if "beacon_int" not in vals:
-        raise Exception("Missing config field")
-
-def test_wpas_ctrl_interface_add(dev, apdev):
-    """wpa_supplicant INTERFACE_ADD/REMOVE with vif creation/removal"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    ifname = "test-" + dev[0].ifname
-    dev[0].interface_add(ifname, create=True)
-    wpas = WpaSupplicant(ifname=ifname)
-    wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(wpas, hapd)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].global_request("INTERFACE_REMOVE " + ifname)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_wpas_ctrl_interface_add_sta(dev, apdev):
-    """wpa_supplicant INTERFACE_ADD/REMOVE with STA vif creation/removal"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    ifname = "test-" + dev[0].ifname
-    dev[0].interface_add(ifname, create=True, if_type='sta')
-    wpas = WpaSupplicant(ifname=ifname)
-    wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-    wpas.request("DISCONNECT")
-    wpas.wait_disconnected()
-    dev[0].global_request("INTERFACE_REMOVE " + ifname)
-
-def test_wpas_ctrl_interface_add_ap(dev, apdev):
-    """wpa_supplicant INTERFACE_ADD/REMOVE AP interface"""
-    with HWSimRadio() as (radio, iface):
-        wpas0 = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-        wpas0.interface_add(iface)
-
-        ifname = "test-wpas-ap"
-        wpas0.interface_add(ifname, create=True, if_type='ap')
-        wpas = WpaSupplicant(ifname=ifname)
-
-        id = wpas.add_network()
-        wpas.set_network(id, "mode", "2")
-        wpas.set_network_quoted(id, "ssid", "wpas-ap-open")
-        wpas.set_network(id, "key_mgmt", "NONE")
-        wpas.set_network(id, "frequency", "2412")
-        wpas.set_network(id, "scan_freq", "2412")
-        wpas.select_network(id)
-        wait_ap_ready(wpas)
-
-        dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-        dev[2].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
-
-        hwsim_utils.test_connectivity(wpas, dev[1])
-        hwsim_utils.test_connectivity(dev[1], dev[2])
-
-        dev[1].request("DISCONNECT")
-        dev[2].request("DISCONNECT")
-        dev[1].wait_disconnected()
-        dev[2].wait_disconnected()
-        wpas0.global_request("INTERFACE_REMOVE " + ifname)
-
-def test_wpas_ctrl_interface_add_many(dev, apdev):
-    """wpa_supplicant INTERFACE_ADD/REMOVE with vif creation/removal (many)"""
-    try:
-        _test_wpas_ctrl_interface_add_many(dev, apdev)
-    finally:
-        for i in range(10):
-            ifname = "test%d-" % i + dev[0].ifname
-            dev[0].global_request("INTERFACE_REMOVE " + ifname)
-
-def _test_wpas_ctrl_interface_add_many(dev, apdev):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    dev[0].dump_monitor()
-
-    l = []
-    for i in range(10):
-        ifname = "test%d-" % i + dev[0].ifname
-        dev[0].interface_add(ifname, create=True)
-        wpas = WpaSupplicant(ifname=ifname)
-        wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-        wpas.dump_monitor()
-        l.append(wpas)
-        dev[0].dump_monitor()
-    for wpas in l:
-        wpas.dump_monitor()
-        hwsim_utils.test_connectivity(wpas, hapd)
-        wpas.dump_monitor()
-    dev[0].dump_monitor()
-
-def test_wpas_ctrl_interface_add2(dev, apdev):
-    """wpa_supplicant INTERFACE_ADD/REMOVE with vif without creation/removal"""
-    ifname = "test-ext-" + dev[0].ifname
-    try:
-        _test_wpas_ctrl_interface_add2(dev, apdev, ifname)
-    finally:
-        subprocess.call(['iw', 'dev', ifname, 'del'])
-
-def _test_wpas_ctrl_interface_add2(dev, apdev, ifname):
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-    subprocess.call(['iw', 'dev', dev[0].ifname, 'interface', 'add', ifname,
-                     'type', 'station'])
-    subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'address',
-                     '02:01:00:00:02:01'])
-    dev[0].interface_add(ifname, set_ifname=False, all_params=True)
-    wpas = WpaSupplicant(ifname=ifname)
-    wpas.connect("open", key_mgmt="NONE", scan_freq="2412")
-    hwsim_utils.test_connectivity(wpas, hapd)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    del wpas
-    dev[0].global_request("INTERFACE_REMOVE " + ifname)
-    hwsim_utils.test_connectivity(dev[0], hapd)
-
-def test_wpas_ctrl_wait(dev, apdev, test_params):
-    """wpa_supplicant control interface wait for client"""
-    logfile = os.path.join(test_params['logdir'], 'wpas_ctrl_wait.log-wpas')
-    pidfile = os.path.join(test_params['logdir'], 'wpas_ctrl_wait.pid-wpas')
-    conffile = os.path.join(test_params['logdir'], 'wpas_ctrl_wait.conf')
-    with open(conffile, 'w') as f:
-        f.write("ctrl_interface=DIR=/var/run/wpa_supplicant\n")
-
-    prg = os.path.join(test_params['logdir'],
-                       'alt-wpa_supplicant/wpa_supplicant/wpa_supplicant')
-    if not os.path.exists(prg):
-        prg = '../../wpa_supplicant/wpa_supplicant'
-    arg = [prg]
-    cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
-    out = cmd.communicate()[0].decode()
-    cmd.wait()
-    tracing = "Linux tracing" in out
-
-    with HWSimRadio() as (radio, iface):
-        arg = [prg, '-BdddW', '-P', pidfile, '-f', logfile,
-               '-Dnl80211', '-c', conffile, '-i', iface]
-        if tracing:
-            arg += ['-T']
-        logger.info("Start wpa_supplicant: " + str(arg))
-        subprocess.call(arg)
-        wpas = WpaSupplicant(ifname=iface)
-        if "PONG" not in wpas.request("PING"):
-            raise Exception("Could not PING wpa_supplicant")
-        if not os.path.exists(pidfile):
-            raise Exception("PID file not created")
-        if "OK" not in wpas.request("TERMINATE"):
-            raise Exception("Could not TERMINATE")
-        ev = wpas.wait_event(["CTRL-EVENT-TERMINATING"], timeout=2)
-        if ev is None:
-            raise Exception("No termination event received")
-        for i in range(20):
-            if not os.path.exists(pidfile):
-                break
-            time.sleep(0.1)
-        if os.path.exists(pidfile):
-            raise Exception("PID file not removed")
-
-@remote_compatible
-def test_wpas_ctrl_oom(dev):
-    """Various wpa_supplicant ctrl_iface OOM cases"""
-    try:
-        _test_wpas_ctrl_oom(dev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 1 *")
-        dev[0].request("VENDOR_ELEM_REMOVE 2 *")
-        dev[0].request("SET bssid_filter ")
-
-def _test_wpas_ctrl_oom(dev):
-    dev[0].request('VENDOR_ELEM_ADD 2 000100')
-    tests = [('DRIVER_EVENT AVOID_FREQUENCIES 2412', 'FAIL',
-              1, 'freq_range_list_parse'),
-             ('P2P_SET disallow_freq 2412', 'FAIL',
-              1, 'freq_range_list_parse'),
-             ('SCAN freq=2412', 'FAIL',
-              1, 'freq_range_list_parse'),
-             ('INTERWORKING_SELECT freq=2412', 'FAIL',
-              1, 'freq_range_list_parse'),
-             ('SCAN ssid 112233', 'FAIL',
-              1, 'wpas_ctrl_scan'),
-             ('MGMT_TX 00:00:00:00:00:00 00:00:00:00:00:00 action=00', 'FAIL',
-              1, 'wpas_ctrl_iface_mgmt_tx'),
-             ('EAPOL_RX 00:00:00:00:00:00 00', 'FAIL',
-              1, 'wpas_ctrl_iface_eapol_rx'),
-             ('DATA_TEST_FRAME 00112233445566778899aabbccddee', 'FAIL',
-              1, 'wpas_ctrl_iface_data_test_frame'),
-             ('DATA_TEST_FRAME 00112233445566778899aabbccddee', 'FAIL',
-              1, 'l2_packet_init;wpas_ctrl_iface_data_test_frame'),
-             ('VENDOR_ELEM_ADD 1 000100', 'FAIL',
-              1, 'wpas_ctrl_vendor_elem_add'),
-             ('VENDOR_ELEM_ADD 2 000100', 'FAIL',
-              2, 'wpas_ctrl_vendor_elem_add'),
-             ('VENDOR_ELEM_REMOVE 2 000100', 'FAIL',
-              1, 'wpas_ctrl_vendor_elem_remove'),
-             ('SET bssid_filter 00:11:22:33:44:55', 'FAIL',
-              1, 'set_bssid_filter'),
-             ('SET disallow_aps bssid 00:11:22:33:44:55', 'FAIL',
-              1, 'set_disallow_aps'),
-             ('SET disallow_aps ssid 11', 'FAIL',
-              1, 'set_disallow_aps'),
-             ('SET blob foo 0011', 'FAIL',
-              1, 'wpas_ctrl_set_blob'),
-             ('SET blob foo 0011', 'FAIL',
-              2, 'wpas_ctrl_set_blob'),
-             ('SET blob foo 0011', 'FAIL',
-              3, 'wpas_ctrl_set_blob'),
-             ('WPS_NFC_TAG_READ 00', 'FAIL',
-              1, 'wpa_supplicant_ctrl_iface_wps_nfc_tag_read'),
-             ('WPS_NFC_TOKEN NDEF', 'FAIL',
-              1, 'wpa_supplicant_ctrl_iface_wps_nfc_token'),
-             ('WPS_NFC_TOKEN NDEF', 'FAIL',
-              2, 'wpa_supplicant_ctrl_iface_wps_nfc_token'),
-             ('WPS_NFC_TOKEN NDEF', 'FAIL',
-              3, 'wpa_supplicant_ctrl_iface_wps_nfc_token'),
-             ('WPS_NFC_TOKEN NDEF', 'FAIL',
-              4, 'wpa_supplicant_ctrl_iface_wps_nfc_token'),
-             ('NFC_REPORT_HANDOVER ROLE TYPE 00 00', 'FAIL',
-              1, 'wpas_ctrl_nfc_report_handover'),
-             ('NFC_REPORT_HANDOVER ROLE TYPE 00 00', 'FAIL',
-              2, 'wpas_ctrl_nfc_report_handover'),
-             ('NFC_GET_HANDOVER_REQ NDEF WPS-CR', 'FAIL',
-              1, 'wps_build_nfc_handover_req'),
-             ('NFC_GET_HANDOVER_REQ NDEF WPS-CR', 'FAIL',
-              1, 'ndef_build_record'),
-             ('NFC_GET_HANDOVER_REQ NDEF P2P-CR', None,
-              1, 'wpas_p2p_nfc_handover'),
-             ('NFC_GET_HANDOVER_REQ NDEF P2P-CR', None,
-              1, 'wps_build_nfc_handover_req_p2p'),
-             ('NFC_GET_HANDOVER_REQ NDEF P2P-CR', 'FAIL',
-              1, 'ndef_build_record'),
-             ('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', None,
-              1, 'wpas_ctrl_nfc_get_handover_sel_p2p'),
-             ('NFC_GET_HANDOVER_SEL NDEF P2P-CR', None,
-              1, 'wpas_ctrl_nfc_get_handover_sel_p2p'),
-             ('P2P_ASP_PROVISION_RESP 00:11:22:33:44:55 id=1', 'FAIL',
-              1, 'p2p_parse_asp_provision_cmd'),
-             ('P2P_SERV_DISC_REQ 00:11:22:33:44:55 02000001', 'FAIL',
-              1, 'p2p_ctrl_serv_disc_req'),
-             ('P2P_SERV_DISC_RESP 2412 00:11:22:33:44:55 1 00', 'FAIL',
-              1, 'p2p_ctrl_serv_disc_resp'),
-             ('P2P_SERVICE_ADD bonjour 0b5f6166706f766572746370c00c000c01 074578616d706c65c027',
-              'FAIL',
-              1, 'p2p_ctrl_service_add_bonjour'),
-             ('P2P_SERVICE_ADD bonjour 0b5f6166706f766572746370c00c000c01 074578616d706c65c027',
-              'FAIL',
-              2, 'p2p_ctrl_service_add_bonjour'),
-             ('P2P_SERVICE_ADD bonjour 0b5f6166706f766572746370c00c000c01 074578616d706c65c027',
-              'FAIL',
-              3, 'p2p_ctrl_service_add_bonjour'),
-             ('P2P_SERVICE_DEL bonjour 0b5f6166706f766572746370c00c000c01',
-              'FAIL',
-              1, 'p2p_ctrl_service_del_bonjour'),
-             ('GAS_REQUEST 00:11:22:33:44:55 00', 'FAIL',
-              1, 'gas_request'),
-             ('GAS_REQUEST 00:11:22:33:44:55 00 11', 'FAIL',
-              2, 'gas_request'),
-             ('HS20_GET_NAI_HOME_REALM_LIST 00:11:22:33:44:55 realm=example.com',
-             'FAIL',
-             1, 'hs20_nai_home_realm_list'),
-             ('HS20_GET_NAI_HOME_REALM_LIST 00:11:22:33:44:55 00',
-             'FAIL',
-             1, 'hs20_get_nai_home_realm_list'),
-             ('WNM_SLEEP enter tfs_req=11', 'FAIL',
-              1, 'wpas_ctrl_iface_wnm_sleep'),
-             ('WNM_SLEEP enter tfs_req=11', 'FAIL',
-              2, 'wpas_ctrl_iface_wnm_sleep'),
-             ('WNM_SLEEP enter tfs_req=11', 'FAIL',
-              3, 'wpas_ctrl_iface_wnm_sleep'),
-             ('WNM_SLEEP enter tfs_req=11', 'FAIL',
-              4, 'wpas_ctrl_iface_wnm_sleep'),
-             ('WNM_SLEEP enter tfs_req=11', 'FAIL',
-              5, 'wpas_ctrl_iface_wnm_sleep'),
-             ('WNM_SLEEP enter', 'FAIL',
-              3, 'wpas_ctrl_iface_wnm_sleep'),
-             ('VENDOR 1 1 00', 'FAIL',
-              1, 'wpa_supplicant_vendor_cmd'),
-             ('VENDOR 1 1 00', 'FAIL',
-              2, 'wpa_supplicant_vendor_cmd'),
-             ('RADIO_WORK add test', 'FAIL',
-              1, 'wpas_ctrl_radio_work_add'),
-             ('RADIO_WORK add test', 'FAIL',
-              2, 'wpas_ctrl_radio_work_add'),
-             ('AUTOSCAN periodic:1', 'FAIL',
-              1, 'wpa_supplicant_ctrl_iface_autoscan'),
-             ('PING', None,
-              1, 'wpa_supplicant_ctrl_iface_process')]
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("internal"):
-        tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL',
-                      4, 'wpas_ctrl_nfc_get_handover_sel_p2p'))
-    for cmd, exp, count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            res = dev[0].request(cmd)
-            if exp and exp not in res:
-                raise Exception("Unexpected success for '%s' during OOM (%d:%s)" % (cmd, count, func))
-
-    tests = [('FOO', None,
-              1, 'wpa_supplicant_global_ctrl_iface_process'),
-             ('IFNAME=notfound PING', 'FAIL\n',
-              1, 'wpas_global_ctrl_iface_ifname')]
-    for cmd, exp, count, func in tests:
-        with alloc_fail(dev[0], count, func):
-            res = dev[0].global_request(cmd)
-            if exp and exp not in res:
-                raise Exception("Unexpected success for '%s' during OOM" % cmd)
-
-@remote_compatible
-def test_wpas_ctrl_error(dev):
-    """Various wpa_supplicant ctrl_iface error cases"""
-    tests = [('WPS_NFC_TOKEN NDEF', 'FAIL',
-              1, 'wpa_supplicant_ctrl_iface_wps_nfc_token'),
-             ('WPS_NFC_TOKEN NDEF', 'FAIL',
-              2, 'wpa_supplicant_ctrl_iface_wps_nfc_token'),
-             ('NFC_GET_HANDOVER_REQ NDEF P2P-CR', None,
-              1, 'wpas_p2p_nfc_handover'),
-             ('NFC_GET_HANDOVER_REQ NDEF P2P-CR', None,
-              1, 'wps_build_nfc_handover_req_p2p')]
-    for cmd, exp, count, func in tests:
-        with fail_test(dev[0], count, func):
-            res = dev[0].request(cmd)
-            if exp and exp not in res:
-                raise Exception("Unexpected success for '%s' during failure testing (%d:%s)" % (cmd, count, func))
-
-def test_wpas_ctrl_socket_full(dev, apdev, test_params):
-    """wpa_supplicant control socket and full send buffer"""
-    if not dev[0].ping():
-        raise Exception("Could not ping wpa_supplicant at the beginning of the test")
-    dev[0].get_status()
-
-    counter = 0
-
-    s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
-    local = "/tmp/wpa_ctrl_test_%d-%d" % (os.getpid(), counter)
-    counter += 1
-    s.bind(local)
-    s.connect("/var/run/wpa_supplicant/wlan0")
-    for i in range(20):
-        logger.debug("Command %d" % i)
-        try:
-            s.send(b"MIB")
-        except Exception as e:
-            logger.info("Could not send command %d: %s" % (i, str(e)))
-            break
-        # Close without receiving response
-        time.sleep(0.01)
-
-    if not dev[0].ping():
-        raise Exception("Could not ping wpa_supplicant in the middle of the test")
-    dev[0].get_status()
-
-    s2 = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
-    local2 = "/tmp/wpa_ctrl_test_%d-%d" % (os.getpid(), counter)
-    counter += 1
-    s2.bind(local2)
-    s2.connect("/var/run/wpa_supplicant/wlan0")
-    for i in range(10):
-        logger.debug("Command %d [2]" % i)
-        try:
-            s2.send(b"MIB")
-        except Exception as e:
-            logger.info("Could not send command %d [2]: %s" % (i, str(e)))
-            break
-        # Close without receiving response
-        time.sleep(0.01)
-
-    s.close()
-    os.unlink(local)
-
-    for i in range(10):
-        logger.debug("Command %d [3]" % i)
-        try:
-            s2.send(b"MIB")
-        except Exception as e:
-            logger.info("Could not send command %d [3]: %s" % (i, str(e)))
-            break
-        # Close without receiving response
-        time.sleep(0.01)
-
-    s2.close()
-    os.unlink(local2)
-
-    if not dev[0].ping():
-        raise Exception("Could not ping wpa_supplicant in the middle of the test [2]")
-    dev[0].get_status()
-
-    s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
-    local = "/tmp/wpa_ctrl_test_%d-%d" % (os.getpid(), counter)
-    counter += 1
-    s.bind(local)
-    s.connect("/var/run/wpa_supplicant/wlan0")
-    s.send(b"ATTACH")
-    res = s.recv(100).decode()
-    if "OK" not in res:
-        raise Exception("Could not attach a test socket")
-
-    for i in range(5):
-        dev[0].scan(freq=2412)
-
-    s.close()
-    os.unlink(local)
-
-    for i in range(5):
-        dev[0].scan(freq=2412)
-
-    if not dev[0].ping():
-        raise Exception("Could not ping wpa_supplicant at the end of the test")
-    dev[0].get_status()
-
-def test_wpas_ctrl_event_burst(dev, apdev):
-    """wpa_supplicant control socket and event burst"""
-    if "OK" not in dev[0].request("EVENT_TEST 1000"):
-        raise Exception("Could not request event messages")
-
-    total_i = 0
-    total_g = 0
-    for i in range(100):
-        (i, g) = dev[0].dump_monitor()
-        total_i += i
-        total_g += g
-        logger.info("Received i=%d g=%d" % (i, g))
-        if total_i >= 1000 and total_g >= 1000:
-            break
-        time.sleep(0.05)
-
-    if total_i < 1000:
-        raise Exception("Some per-interface events not seen: %d" % total_i)
-    if total_g < 1000:
-        raise Exception("Some global events not seen: %d" % total_g)
-
-    if not dev[0].ping():
-        raise Exception("Could not ping wpa_supplicant at the end of the test")
-
-@remote_compatible
-def test_wpas_ctrl_sched_scan_plans(dev, apdev):
-    """wpa_supplicant sched_scan_plans parsing"""
-    dev[0].request("SET sched_scan_plans foo")
-    dev[0].request("SET sched_scan_plans 10:100 20:200 30")
-    dev[0].request("SET sched_scan_plans 4294967295:0")
-    dev[0].request("SET sched_scan_plans 1 1")
-    dev[0].request("SET sched_scan_plans  ")
-    try:
-        with alloc_fail(dev[0], 1, "wpas_sched_scan_plans_set"):
-            dev[0].request("SET sched_scan_plans 10:100")
-    finally:
-        dev[0].request("SET sched_scan_plans ")
-
-def test_wpas_ctrl_signal_monitor(dev, apdev):
-    """wpa_supplicant SIGNAL_MONITOR command"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    dev[1].connect("open", key_mgmt="NONE", scan_freq="2412",
-                   bgscan="simple:1:-45:2")
-    dev[2].connect("open", key_mgmt="NONE", scan_freq="2412")
-
-    tests = [" THRESHOLD=-45", " THRESHOLD=-44 HYSTERESIS=5", ""]
-    try:
-        if "FAIL" in dev[2].request("SIGNAL_MONITOR THRESHOLD=-1 HYSTERESIS=5"):
-            raise Exception("SIGNAL_MONITOR command failed")
-        for t in tests:
-            if "OK" not in dev[0].request("SIGNAL_MONITOR" + t):
-                raise Exception("SIGNAL_MONITOR command failed: " + t)
-        if "FAIL" not in dev[1].request("SIGNAL_MONITOR THRESHOLD=-44 HYSTERESIS=5"):
-            raise Exception("SIGNAL_MONITOR command accepted while using bgscan")
-        ev = dev[2].wait_event(["CTRL-EVENT-SIGNAL-CHANGE"], timeout=10)
-        if ev is None:
-            raise Exception("No signal change event seen")
-        if "above=0" not in ev:
-            raise Exception("Unexpected signal change event contents: " + ev)
-    finally:
-        dev[0].request("SIGNAL_MONITOR")
-        dev[1].request("SIGNAL_MONITOR")
-        dev[2].request("SIGNAL_MONITOR")
-
-    dev[0].request("REMOVE_NETWORK all")
-    dev[1].request("REMOVE_NETWORK all")
-    dev[1].wait_disconnected()
-
-def test_wpas_ctrl_p2p_listen_offload(dev, apdev):
-    """wpa_supplicant P2P_LO_START and P2P_LO_STOP commands"""
-    dev[0].request("P2P_LO_STOP")
-    dev[0].request("P2P_LO_START ")
-    dev[0].request("P2P_LO_START 2412")
-    dev[0].request("P2P_LO_START 2412 100 200 3")
-    dev[0].request("P2P_LO_STOP")
-
-def test_wpas_ctrl_driver_flags(dev, apdev):
-    """DRIVER_FLAGS command"""
-    params = hostapd.wpa2_params(ssid="test", passphrase="12345678")
-    hapd = hostapd.add_ap(apdev[0], params)
-    hapd_flags = hapd.request("DRIVER_FLAGS")
-    wpas_flags = dev[0].request("DRIVER_FLAGS")
-    if "FAIL" in hapd_flags:
-        raise Exception("DRIVER_FLAGS failed")
-    if hapd_flags != wpas_flags:
-        raise Exception("Unexpected difference in hostapd vs. wpa_supplicant DRIVER_FLAGS output")
-    logger.info("DRIVER_FLAGS: " + hapd_flags)
-    flags = hapd_flags.split('\n')
-    if 'AP' not in flags:
-        raise Exception("AP flag missing from DRIVER_FLAGS")
-
-def test_wpas_ctrl_bss_current(dev, apdev):
-    """wpa_supplicant BSS CURRENT command"""
-    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
-    bssid = hapd.own_addr()
-    res = dev[0].request("BSS CURRENT")
-    if res != '':
-        raise Exception("Unexpected BSS CURRENT response in disconnected state")
-    dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
-    res = dev[0].request("BSS CURRENT")
-    if bssid not in res:
-        raise Exception("Unexpected BSS CURRENT response in connected state")
-
-def test_wpas_ctrl_set_lci_errors(dev):
-    """wpa_supplicant SET lci error cases"""
-    if "FAIL" not in dev[0].request("SET lci q"):
-        raise Exception("Invalid LCI value accepted")
-
-    with fail_test(dev[0], 1, "os_get_reltime;wpas_ctrl_iface_set_lci"):
-        if "FAIL" not in dev[0].request("SET lci 00"):
-            raise Exception("SET lci accepted with failing os_get_reltime")
-
-def test_wpas_ctrl_set_radio_disabled(dev):
-    """wpa_supplicant SET radio_disabled"""
-    # This is not currently supported with nl80211, but execute the commands
-    # without checking the result for some additional code coverage.
-    dev[0].request("SET radio_disabled 1")
-    dev[0].request("SET radio_disabled 0")
-
-def test_wpas_ctrl_set_tdls_trigger_control(dev):
-    """wpa_supplicant SET tdls_trigger_control"""
-    # This is not supported with upstream nl80211, but execute the commands
-    # without checking the result for some additional code coverage.
-    dev[0].request("SET tdls_trigger_control 1")
-    dev[0].request("SET tdls_trigger_control 0")
-
-def test_wpas_ctrl_set_sched_scan_relative_rssi(dev):
-    """wpa_supplicant SET relative RSSI"""
-    tests = ["relative_rssi -1",
-             "relative_rssi 101",
-             "relative_band_adjust 2G",
-             "relative_band_adjust 2G:-101",
-             "relative_band_adjust 2G:101",
-             "relative_band_adjust 3G:1"]
-    for t in tests:
-        if "FAIL" not in dev[0].request("SET " + t):
-            raise Exception("No failure reported for SET " + t)
-
-    tests = ["relative_rssi 0",
-             "relative_rssi 10",
-             "relative_rssi disable",
-             "relative_band_adjust 2G:-1",
-             "relative_band_adjust 2G:0",
-             "relative_band_adjust 2G:1",
-             "relative_band_adjust 5G:-1",
-             "relative_band_adjust 5G:1",
-             "relative_band_adjust 5G:0"]
-    for t in tests:
-        if "OK" not in dev[0].request("SET " + t):
-            raise Exception("Failed to SET " + t)
-
-def test_wpas_ctrl_get_pref_freq_list_override(dev):
-    """wpa_supplicant get_pref_freq_list_override"""
-    if dev[0].request("GET_PREF_FREQ_LIST ").strip() != "FAIL":
-        raise Exception("Invalid GET_PREF_FREQ_LIST accepted")
-
-    dev[0].set("get_pref_freq_list_override", "foo")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "FAIL":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "1234:1,2,3 0")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "FAIL":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "1234:1,2,3 0:")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "0":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "0:1,2")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "1,2":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "1:3,4 0:1,2 2:5,6")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "1,2":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "1:3,4 0:1 2:5,6")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "1":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "0:1000,1001 2:1002,1003 3:1004,1005 4:1006,1007 8:1010,1011 9:1008,1009")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    if res != "1000,1001":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-    res = dev[0].request("GET_PREF_FREQ_LIST AP").strip()
-    if res != "1002,1003":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-    res = dev[0].request("GET_PREF_FREQ_LIST P2P_GO").strip()
-    if res != "1004,1005":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-    res = dev[0].request("GET_PREF_FREQ_LIST P2P_CLIENT").strip()
-    if res != "1006,1007":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-    res = dev[0].request("GET_PREF_FREQ_LIST IBSS").strip()
-    if res != "1008,1009":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-    res = dev[0].request("GET_PREF_FREQ_LIST TDLS").strip()
-    if res != "1010,1011":
-        raise Exception("Unexpected GET_PREF_FREQ_LIST response: " + res)
-
-    dev[0].set("get_pref_freq_list_override", "")
-    res = dev[0].request("GET_PREF_FREQ_LIST STATION").strip()
-    logger.info("STATION (without override): " + res)
-
-def test_wpas_ctrl_interface_add_driver_init_failure(dev, apdev):
-    """wpa_supplicant INTERFACE_ADD and driver init failing"""
-    for i in range(1000):
-        res = dev[0].global_request("INTERFACE_ADD FOO")
-        if "FAIL" not in res:
-            raise Exception("Unexpected result: " + res)
-    dev[0].dump_monitor()
diff --git a/tests/hwsim/test_wpas_mesh.py b/tests/hwsim/test_wpas_mesh.py
deleted file mode 100644
index 0caed771edad..000000000000
--- a/tests/hwsim/test_wpas_mesh.py
+++ /dev/null
@@ -1,2546 +0,0 @@
-# wpa_supplicant mesh mode tests
-# Copyright (c) 2014, cozybit Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import logging
-logger = logging.getLogger()
-import os
-import struct
-import subprocess
-import time
-import json
-import binascii
-
-import hwsim_utils
-import hostapd
-from wpasupplicant import WpaSupplicant
-from utils import *
-from tshark import run_tshark, run_tshark_json
-from test_sae import build_sae_commit, sae_rx_commit_token_req
-from hwsim_utils import set_group_map
-
-def check_mesh_support(dev, secure=False):
-    if "MESH" not in dev.get_capability("modes"):
-        raise HwsimSkip("Driver does not support mesh")
-    if secure and "SAE" not in dev.get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-def check_mesh_scan(dev, params, other_started=False, beacon_int=0):
-    if not other_started:
-        dev.dump_monitor()
-    id = dev.request("SCAN " + params)
-    if "FAIL" in id:
-        raise Exception("Failed to start scan")
-    id = int(id)
-
-    if other_started:
-        ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"])
-        if ev is None:
-            raise Exception("Other scan did not start")
-        if "id=" + str(id) in ev:
-            raise Exception("Own scan id unexpectedly included in start event")
-
-        ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-        if ev is None:
-            raise Exception("Other scan did not complete")
-        if "id=" + str(id) in ev:
-            raise Exception(
-                "Own scan id unexpectedly included in completed event")
-
-    ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"])
-    if ev is None:
-        raise Exception("Scan did not start")
-    if "id=" + str(id) not in ev:
-        raise Exception("Scan id not included in start event")
-
-    ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"])
-    if ev is None:
-        raise Exception("Scan did not complete")
-    if "id=" + str(id) not in ev:
-        raise Exception("Scan id not included in completed event")
-
-    res = dev.request("SCAN_RESULTS")
-
-    if res.find("[MESH]") < 0:
-        raise Exception("Scan did not contain a MESH network")
-
-    bssid = res.splitlines()[1].split(' ')[0]
-    bss = dev.get_bss(bssid)
-    if bss is None:
-        raise Exception("Could not get BSS entry for mesh")
-    if 'mesh_capability' not in bss:
-        raise Exception("mesh_capability missing from BSS entry")
-    if beacon_int:
-        if 'beacon_int' not in bss:
-            raise Exception("beacon_int missing from BSS entry")
-        if str(beacon_int) != bss['beacon_int']:
-            raise Exception("Unexpected beacon_int in BSS entry: " + bss['beacon_int'])
-    if '[MESH]' not in bss['flags']:
-        raise Exception("BSS output did not include MESH flag")
-
-def check_dfs_started(dev, timeout=10):
-    ev = dev.wait_event(["DFS-CAC-START"], timeout=timeout)
-    if ev is None:
-        raise Exception("Test exception: CAC did not start")
-
-def check_dfs_finished(dev, timeout=70):
-    ev = dev.wait_event(["DFS-CAC-COMPLETED"], timeout=timeout)
-    if ev is None:
-        raise Exception("Test exception: CAC did not finish")
-
-def check_mesh_radar_handling_finished(dev, timeout=75):
-    ev = dev.wait_event(["CTRL-EVENT-CHANNEL-SWITCH", "MESH-GROUP-STARTED"],
-                        timeout=timeout)
-    if ev is None:
-        raise Exception("Test exception: Couldn't join mesh")
-
-def check_mesh_group_added(dev, timeout=10):
-    ev = dev.wait_event(["MESH-GROUP-STARTED"], timeout=timeout)
-    if ev is None:
-        raise Exception("Test exception: Couldn't join mesh")
-
-
-def check_mesh_group_removed(dev):
-    ev = dev.wait_event(["MESH-GROUP-REMOVED"])
-    if ev is None:
-        raise Exception("Test exception: Couldn't leave mesh")
-
-def check_regdom_change(dev, timeout=10):
-    ev = dev.wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=timeout)
-    if ev is None:
-        raise Exception("Test exception: No regdom change happened.")
-
-def check_mesh_peer_connected(dev, timeout=10):
-    ev = dev.wait_event(["MESH-PEER-CONNECTED"], timeout=timeout)
-    if ev is None:
-        raise Exception("Test exception: Remote peer did not connect.")
-
-
-def check_mesh_peer_disconnected(dev):
-    ev = dev.wait_event(["MESH-PEER-DISCONNECTED"])
-    if ev is None:
-        raise Exception("Test exception: Peer disconnect event not detected.")
-
-def check_mesh_joined2(dev):
-    check_mesh_group_added(dev[0])
-    check_mesh_group_added(dev[1])
-
-def check_mesh_connected2(dev, timeout0=10, connectivity=False):
-    check_mesh_peer_connected(dev[0], timeout=timeout0)
-    check_mesh_peer_connected(dev[1])
-    if connectivity:
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-
-def check_mesh_joined_connected(dev, connectivity=False, timeout0=10):
-    check_mesh_joined2(dev)
-    check_mesh_connected2(dev, timeout0=timeout0, connectivity=connectivity)
-
-def test_wpas_add_set_remove_support(dev):
-    """wpa_supplicant MESH add/set/remove network support"""
-    check_mesh_support(dev[0])
-    id = dev[0].add_network()
-    dev[0].set_network(id, "mode", "5")
-    dev[0].remove_network(id)
-
-def add_open_mesh_network(dev, freq="2412", start=True, beacon_int=0,
-                          basic_rates=None, chwidth=-1, disable_vht=False,
-                          disable_ht40=False):
-    id = dev.add_network()
-    dev.set_network(id, "mode", "5")
-    dev.set_network_quoted(id, "ssid", "wpas-mesh-open")
-    dev.set_network(id, "key_mgmt", "NONE")
-    if freq:
-        dev.set_network(id, "frequency", freq)
-    if chwidth > -1:
-        dev.set_network(id, "max_oper_chwidth", str(chwidth))
-    if beacon_int:
-        dev.set_network(id, "beacon_int", str(beacon_int))
-    if basic_rates:
-        dev.set_network(id, "mesh_basic_rates", basic_rates)
-    if disable_vht:
-        dev.set_network(id, "disable_vht", "1")
-    if disable_ht40:
-        dev.set_network(id, "disable_ht40", "1")
-    if start:
-        dev.mesh_group_add(id)
-    return id
-
-def test_wpas_mesh_group_added(dev):
-    """wpa_supplicant MESH group add"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-
-    # Check for MESH-GROUP-STARTED event
-    check_mesh_group_added(dev[0])
-
-
-def test_wpas_mesh_group_remove(dev):
-    """wpa_supplicant MESH group remove"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    # Check for MESH-GROUP-STARTED event
-    check_mesh_group_added(dev[0])
-    dev[0].mesh_group_remove()
-    # Check for MESH-GROUP-REMOVED event
-    check_mesh_group_removed(dev[0])
-    dev[0].mesh_group_remove()
-
-def dfs_simulate_radar(dev):
-    logger.info("Trigger a simulated radar event")
-    phyname = dev.get_driver_status_field("phyname")
-    radar_file = '/sys/kernel/debug/ieee80211/' + phyname + '/hwsim/dfs_simulate_radar'
-    with open(radar_file, 'w') as f:
-        f.write('1')
-
-@long_duration_test
-def test_mesh_peer_connected_dfs(dev):
-    """Mesh peer connected (DFS)"""
-    dev[0].set("country", "DE")
-    dev[1].set("country", "DE")
-
-    check_regdom_change(dev[0])
-    check_regdom_change(dev[1])
-
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0], freq="5500", beacon_int=160)
-    add_open_mesh_network(dev[1], freq="5500", beacon_int=160)
-    check_dfs_started(dev[0])
-    check_dfs_finished(dev[0])
-    check_mesh_joined_connected(dev, timeout0=10)
-
-    dfs_simulate_radar(dev[0])
-
-    check_mesh_radar_handling_finished(dev[0], timeout=75)
-
-    dev[0].set("country", "00")
-    dev[1].set("country", "00")
-
-    check_regdom_change(dev[0])
-    check_regdom_change(dev[1])
-
-def test_wpas_mesh_peer_connected(dev):
-    """wpa_supplicant MESH peer connected"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0], beacon_int=160)
-    add_open_mesh_network(dev[1], beacon_int=160)
-    check_mesh_joined_connected(dev)
-
-def test_wpas_mesh_peer_disconnected(dev):
-    """wpa_supplicant MESH peer disconnected"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    add_open_mesh_network(dev[1])
-    check_mesh_joined_connected(dev)
-
-    # Remove group on dev 1
-    dev[1].mesh_group_remove()
-    # Device 0 should get a disconnection event
-    check_mesh_peer_disconnected(dev[0])
-
-
-def test_wpas_mesh_mode_scan(dev):
-    """wpa_supplicant MESH scan support"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    add_open_mesh_network(dev[1], beacon_int=175)
-
-    check_mesh_joined2(dev)
-
-    # Check for Mesh scan
-    check_mesh_scan(dev[0], "use_id=1 freq=2412", beacon_int=175)
-
-def test_wpas_mesh_open(dev, apdev):
-    """wpa_supplicant open MESH network connectivity"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0], freq="2462", basic_rates="60 120 240")
-    add_open_mesh_network(dev[1], freq="2462", basic_rates="60 120 240")
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    state = dev[0].get_status_field("wpa_state")
-    if state != "COMPLETED":
-        raise Exception("Unexpected wpa_state on dev0: " + state)
-    state = dev[1].get_status_field("wpa_state")
-    if state != "COMPLETED":
-        raise Exception("Unexpected wpa_state on dev1: " + state)
-
-    mode = dev[0].get_status_field("mode")
-    if mode != "mesh":
-        raise Exception("Unexpected mode: " + mode)
-
-    peer = dev[1].own_addr()
-    sta1 = dev[0].get_sta(peer)
-
-    dev[0].scan(freq="2462")
-    bss = dev[0].get_bss(dev[1].own_addr())
-    if bss and 'ie' in bss and "ff0724" in bss['ie']:
-        sta = dev[0].request("STA " + dev[1].own_addr())
-        logger.info("STA info:\n" + sta.rstrip())
-        if "[HE]" not in sta:
-            raise Exception("Missing STA HE flag")
-        if "[VHT]" in sta:
-            raise Exception("Unexpected STA VHT flag")
-
-    time.sleep(1.1)
-    sta2 = dev[0].get_sta(peer)
-    if 'connected_time' not in sta1 or 'connected_time' not in sta2:
-        raise Exception("connected_time not reported for peer")
-    ct1 = int(sta1['connected_time'])
-    ct2 = int(sta2['connected_time'])
-    if ct2 <= ct1:
-        raise Exception("connected_time did not increment")
-
-def test_wpas_mesh_open_no_auto(dev, apdev):
-    """wpa_supplicant open MESH network connectivity"""
-    check_mesh_support(dev[0])
-    id = add_open_mesh_network(dev[0], start=False)
-    dev[0].set_network(id, "dot11MeshMaxRetries", "16")
-    dev[0].set_network(id, "dot11MeshRetryTimeout", "255")
-    dev[0].mesh_group_add(id)
-
-    id = add_open_mesh_network(dev[1], start=False)
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True, timeout0=30)
-
-def test_mesh_open_no_auto2(dev, apdev):
-    """Open mesh network connectivity, no_auto on both peers"""
-    check_mesh_support(dev[0])
-    id = add_open_mesh_network(dev[0], start=False)
-    dev[0].set_network(id, "no_auto_peer", "1")
-    dev[0].mesh_group_add(id)
-
-    id = add_open_mesh_network(dev[1], start=False)
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message")
-    addr1 = dev[1].own_addr()
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed")
-    if "FAIL" not in dev[0].request("MESH_PEER_ADD ff:ff:ff:ff:ff:ff"):
-        raise Exception("MESH_PEER_ADD with unknown STA succeeded")
-    check_mesh_connected2(dev, timeout0=30)
-    if "FAIL" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD succeeded for connected STA")
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-def test_mesh_open_rssi_threshold(dev, apdev):
-    """Open mesh network with RSSI threshold"""
-    check_mesh_support(dev[0])
-
-    _test_mesh_open_rssi_threshold(dev, apdev, -255, -255)
-    _test_mesh_open_rssi_threshold(dev, apdev, 0, 0)
-    _test_mesh_open_rssi_threshold(dev, apdev, 1, 0)
-
-def _test_mesh_open_rssi_threshold(dev, apdev, value, expected):
-    id = add_open_mesh_network(dev[0], start=False)
-    dev[0].set_network(id, "mesh_rssi_threshold", str(value))
-    dev[0].mesh_group_add(id)
-    check_mesh_group_added(dev[0])
-
-    cmd = subprocess.Popen(["iw", "dev", dev[0].ifname, "get", "mesh_param",
-                            "mesh_rssi_threshold"], stdout=subprocess.PIPE)
-    mesh_rssi_threshold = int(cmd.stdout.read().decode().split(" ")[0])
-
-    dev[0].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-
-    if mesh_rssi_threshold != expected:
-        raise Exception("mesh_rssi_threshold should be " + str(expected) +
-                        ": " + str(mesh_rssi_threshold))
-
-def add_mesh_secure_net(dev, psk=True, pmf=False, pairwise=None, group=None,
-                        group_mgmt=None,
-                        sae_password=False, sae_password_id=None, ocv=False):
-    id = dev.add_network()
-    dev.set_network(id, "mode", "5")
-    dev.set_network_quoted(id, "ssid", "wpas-mesh-sec")
-    dev.set_network(id, "key_mgmt", "SAE")
-    dev.set_network(id, "frequency", "2412")
-    if sae_password:
-        dev.set_network_quoted(id, "sae_password", "thisismypassphrase!")
-    if sae_password_id:
-        dev.set_network_quoted(id, "sae_password_id", sae_password_id)
-    if psk:
-        dev.set_network_quoted(id, "psk", "thisismypassphrase!")
-    if pmf:
-        dev.set_network(id, "ieee80211w", "2")
-    if pairwise:
-        dev.set_network(id, "pairwise", pairwise)
-    if group:
-        dev.set_network(id, "group", group)
-    if group_mgmt:
-        dev.set_network(id, "group_mgmt", group_mgmt)
-    if ocv:
-        try:
-            dev.set_network(id, "ocv", "1")
-        except Exception as e:
-            if "SET_NETWORK failed" in str(e):
-                raise HwsimSkip("OCV not supported")
-            raise
-    return id
-
-def test_wpas_mesh_secure(dev, apdev):
-    """wpa_supplicant secure MESH network connectivity"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    state = dev[0].get_status_field("wpa_state")
-    if state != "COMPLETED":
-        raise Exception("Unexpected wpa_state on dev0: " + state)
-    state = dev[1].get_status_field("wpa_state")
-    if state != "COMPLETED":
-        raise Exception("Unexpected wpa_state on dev1: " + state)
-
-def test_wpas_mesh_secure_sae_password(dev, apdev):
-    """wpa_supplicant secure mesh using sae_password"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], psk=False, sae_password=True)
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def test_mesh_secure_pmf(dev, apdev):
-    """Secure mesh network connectivity with PMF enabled"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pmf=True)
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pmf=True)
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def test_mesh_secure_ocv(dev, apdev):
-    """Secure mesh network connectivity with OCV enabled"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pmf=True, ocv=True)
-    dev[0].mesh_group_add(id)
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pmf=True, ocv=True)
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def test_mesh_secure_ocv_compat(dev, apdev):
-    """Secure mesh network where only one peer has OCV enabled"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pmf=True, ocv=True)
-    dev[0].mesh_group_add(id)
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pmf=True, ocv=False)
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def set_reg(dev, country):
-    subprocess.call(['iw', 'reg', 'set', country])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=" + country in ev:
-                break
-
-def clear_reg_setting(dev):
-    dev[0].request("MESH_GROUP_REMOVE " + dev[0].ifname)
-    dev[1].request("MESH_GROUP_REMOVE " + dev[1].ifname)
-    clear_regdom_dev(dev)
-    dev[0].flush_scan_cache()
-    dev[1].flush_scan_cache()
-
-def test_mesh_secure_ocv_mix_legacy(dev, apdev):
-    """Mesh network with a VHT STA and a legacy STA under OCV"""
-    try:
-        run_mesh_secure_ocv_mix_legacy(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def run_mesh_secure_ocv_mix_legacy(dev, apdev):
-    check_mesh_support(dev[0], secure=True)
-    set_reg(dev, 'AZ')
-
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pmf=True, ocv=True)
-    dev[0].set_network(id, "frequency", "5200")
-    dev[0].set_network(id, "max_oper_chwidth", "2")
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pmf=True, ocv=True)
-    dev[1].set_network(id, "frequency", "5200")
-    dev[1].set_network(id, "disable_vht", "1")
-    dev[1].set_network(id, "disable_ht40", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def test_mesh_secure_ocv_mix_ht(dev, apdev):
-    """Mesh network with a VHT STA and a HT STA under OCV"""
-    try:
-        run_mesh_secure_ocv_mix_ht(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def run_mesh_secure_ocv_mix_ht(dev, apdev):
-    check_mesh_support(dev[0], secure=True)
-    set_reg(dev, 'AZ')
-
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pmf=True, ocv=True)
-    dev[0].set_network(id, "frequency", "5200")
-    dev[0].set_network(id, "max_oper_chwidth", "2")
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pmf=True, ocv=True)
-    dev[1].set_network(id, "frequency", "5200")
-    dev[1].set_network(id, "disable_vht", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def run_mesh_secure(dev, cipher, pmf=False, group_mgmt=None):
-    if cipher not in dev[0].get_capability("pairwise"):
-        raise HwsimSkip("Cipher %s not supported" % cipher)
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pairwise=cipher, group=cipher, pmf=pmf,
-                             group_mgmt=group_mgmt)
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pairwise=cipher, group=cipher, pmf=pmf,
-                             group_mgmt=group_mgmt)
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def test_mesh_secure_ccmp(dev, apdev):
-    """Secure mesh with CCMP"""
-    run_mesh_secure(dev, "CCMP")
-
-def test_mesh_secure_gcmp(dev, apdev):
-    """Secure mesh with GCMP"""
-    run_mesh_secure(dev, "GCMP")
-
-def test_mesh_secure_gcmp_256(dev, apdev):
-    """Secure mesh with GCMP-256"""
-    run_mesh_secure(dev, "GCMP-256")
-
-def test_mesh_secure_ccmp_256(dev, apdev):
-    """Secure mesh with CCMP-256"""
-    run_mesh_secure(dev, "CCMP-256")
-
-def test_mesh_secure_ccmp_cmac(dev, apdev):
-    """Secure mesh with CCMP-128 and BIP-CMAC-128"""
-    run_mesh_secure(dev, "CCMP", pmf=True, group_mgmt="AES-128-CMAC")
-
-def test_mesh_secure_gcmp_gmac(dev, apdev):
-    """Secure mesh with GCMP-128 and BIP-GMAC-128"""
-    run_mesh_secure(dev, "GCMP", pmf=True, group_mgmt="BIP-GMAC-128")
-
-def test_mesh_secure_ccmp_256_cmac_256(dev, apdev):
-    """Secure mesh with CCMP-256 and BIP-CMAC-256"""
-    run_mesh_secure(dev, "CCMP-256", pmf=True, group_mgmt="BIP-CMAC-256")
-
-def test_mesh_secure_gcmp_256_gmac_256(dev, apdev):
-    """Secure mesh with GCMP-256 and BIP-GMAC-256"""
-    run_mesh_secure(dev, "GCMP-256", pmf=True, group_mgmt="BIP-GMAC-256")
-
-def test_mesh_secure_invalid_pairwise_cipher(dev, apdev):
-    """Secure mesh and invalid group cipher"""
-    check_mesh_support(dev[0], secure=True)
-    skip_without_tkip(dev[0])
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pairwise="TKIP", group="CCMP")
-    if dev[0].mesh_group_add(id) != None:
-        raise Exception("Unexpected group add success")
-    ev = dev[0].wait_event(["mesh: Invalid pairwise cipher"], timeout=1)
-    if ev is None:
-        raise Exception("Invalid pairwise cipher not reported")
-
-def test_mesh_secure_invalid_group_cipher(dev, apdev):
-    """Secure mesh and invalid group cipher"""
-    skip_without_tkip(dev[0])
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pairwise="CCMP", group="TKIP")
-    if dev[0].mesh_group_add(id) != None:
-        raise Exception("Unexpected group add success")
-    ev = dev[0].wait_event(["mesh: Invalid group cipher"], timeout=1)
-    if ev is None:
-        raise Exception("Invalid group cipher not reported")
-
-def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
-    """wpa_supplicant secure MESH and SAE group mismatch"""
-    check_mesh_support(dev[0], secure=True)
-    addr0 = dev[0].p2p_interface_addr()
-    addr1 = dev[1].p2p_interface_addr()
-    addr2 = dev[2].p2p_interface_addr()
-
-    dev[0].request("SET sae_groups 19 25")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups 19")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    dev[2].request("SET sae_groups 26")
-    id = add_mesh_secure_net(dev[2])
-    dev[2].mesh_group_add(id)
-
-    check_mesh_group_added(dev[0])
-    check_mesh_group_added(dev[1])
-    check_mesh_group_added(dev[2])
-
-    ev = dev[0].wait_event(["MESH-PEER-CONNECTED"])
-    if ev is None:
-        raise Exception("Remote peer did not connect")
-    if addr1 not in ev:
-        raise Exception("Unexpected peer connected: " + ev)
-
-    ev = dev[1].wait_event(["MESH-PEER-CONNECTED"])
-    if ev is None:
-        raise Exception("Remote peer did not connect")
-    if addr0 not in ev:
-        raise Exception("Unexpected peer connected: " + ev)
-
-    ev = dev[2].wait_event(["MESH-PEER-CONNECTED"], timeout=1)
-    if ev is not None:
-        raise Exception("Unexpected peer connection at dev[2]: " + ev)
-
-    ev = dev[0].wait_event(["MESH-PEER-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected peer connection: " + ev)
-
-    ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected peer connection: " + ev)
-
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-    dev[2].request("SET sae_groups ")
-
-def test_wpas_mesh_secure_sae_group_negotiation(dev, apdev):
-    """wpa_supplicant secure MESH and SAE group negotiation"""
-    check_mesh_support(dev[0], secure=True)
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-
-    #dev[0].request("SET sae_groups 21 20 25 26")
-    dev[0].request("SET sae_groups 26")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups 19 26")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev)
-
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-
-def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
-    """wpa_supplicant secure MESH and missing SAE password"""
-    check_mesh_support(dev[0], secure=True)
-    id = add_mesh_secure_net(dev[0], psk=False)
-    dev[0].set_network(id, "psk", "8f20b381f9b84371d61b5080ad85cac3c61ab3ca9525be5b2d0f4da3d979187a")
-    dev[0].mesh_group_add(id)
-    ev = dev[0].wait_event(["MESH-GROUP-STARTED", "Could not join mesh"],
-                           timeout=5)
-    if ev is None:
-        raise Exception("Timeout on mesh start event")
-    if "MESH-GROUP-STARTED" in ev:
-        raise Exception("Unexpected mesh group start")
-    ev = dev[0].wait_event(["MESH-GROUP-STARTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected mesh group start")
-
-def test_wpas_mesh_secure_no_auto(dev, apdev):
-    """wpa_supplicant secure MESH network connectivity"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups 19")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups 19")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-
-def test_wpas_mesh_secure_dropped_frame(dev, apdev):
-    """Secure mesh network connectivity when the first plink Open is dropped"""
-    check_mesh_support(dev[0], secure=True)
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    # Drop the first Action frame (plink Open) to test unexpected order of
-    # Confirm/Open messages.
-    count = 0
-    while True:
-        count += 1
-        if count > 10:
-            raise Exception("Did not see Action frames")
-        rx_msg = dev[0].mgmt_rx()
-        if rx_msg is None:
-            raise Exception("MGMT-RX timeout")
-        if rx_msg['subtype'] == 13:
-            logger.info("Drop the first Action frame")
-            break
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-            rx_msg['freq'], rx_msg['datarate'], rx_msg['ssi_signal'], binascii.hexlify(rx_msg['frame']).decode())):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("SET ext_mgmt_frame_handling 0")
-
-    check_mesh_connected2(dev, connectivity=True)
-
-def test_mesh_secure_fail(dev, apdev):
-    """Secure mesh network connectivity failure"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0], pmf=True)
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1], pmf=True)
-
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_sta_add;mesh_mpm_auth_peer"):
-        dev[1].mesh_group_add(id)
-
-        check_mesh_joined_connected(dev)
-
-def test_wpas_mesh_ctrl(dev):
-    """wpa_supplicant ctrl_iface mesh command error cases"""
-    check_mesh_support(dev[0])
-    if "FAIL" not in dev[0].request("MESH_GROUP_ADD 123"):
-        raise Exception("Unexpected MESH_GROUP_ADD success")
-    id = dev[0].add_network()
-    if "FAIL" not in dev[0].request("MESH_GROUP_ADD %d" % id):
-        raise Exception("Unexpected MESH_GROUP_ADD success")
-    dev[0].set_network(id, "mode", "5")
-    dev[0].set_network(id, "key_mgmt", "WPA-PSK")
-    if "FAIL" not in dev[0].request("MESH_GROUP_ADD %d" % id):
-        raise Exception("Unexpected MESH_GROUP_ADD success")
-
-    if "FAIL" not in dev[0].request("MESH_GROUP_REMOVE foo"):
-        raise Exception("Unexpected MESH_GROUP_REMOVE success")
-
-def test_wpas_mesh_dynamic_interface(dev):
-    """wpa_supplicant mesh with dynamic interface"""
-    check_mesh_support(dev[0])
-    mesh0 = None
-    mesh1 = None
-    try:
-        mesh0 = dev[0].request("MESH_INTERFACE_ADD ifname=mesh0")
-        if "FAIL" in mesh0:
-            raise Exception("MESH_INTERFACE_ADD failed")
-        mesh1 = dev[1].request("MESH_INTERFACE_ADD")
-        if "FAIL" in mesh1:
-            raise Exception("MESH_INTERFACE_ADD failed")
-
-        wpas0 = WpaSupplicant(ifname=mesh0)
-        wpas1 = WpaSupplicant(ifname=mesh1)
-        logger.info(mesh0 + " address " + wpas0.get_status_field("address"))
-        logger.info(mesh1 + " address " + wpas1.get_status_field("address"))
-
-        add_open_mesh_network(wpas0)
-        add_open_mesh_network(wpas1)
-        check_mesh_joined_connected([wpas0, wpas1], connectivity=True)
-
-        # Must not allow MESH_GROUP_REMOVE on dynamic interface
-        if "FAIL" not in wpas0.request("MESH_GROUP_REMOVE " + mesh0):
-            raise Exception("Invalid MESH_GROUP_REMOVE accepted")
-        if "FAIL" not in wpas1.request("MESH_GROUP_REMOVE " + mesh1):
-            raise Exception("Invalid MESH_GROUP_REMOVE accepted")
-
-        # Must not allow MESH_GROUP_REMOVE on another radio interface
-        if "FAIL" not in wpas0.request("MESH_GROUP_REMOVE " + mesh1):
-            raise Exception("Invalid MESH_GROUP_REMOVE accepted")
-        if "FAIL" not in wpas1.request("MESH_GROUP_REMOVE " + mesh0):
-            raise Exception("Invalid MESH_GROUP_REMOVE accepted")
-
-        wpas0.remove_ifname()
-        wpas1.remove_ifname()
-
-        if "OK" not in dev[0].request("MESH_GROUP_REMOVE " + mesh0):
-            raise Exception("MESH_GROUP_REMOVE failed")
-        if "OK" not in dev[1].request("MESH_GROUP_REMOVE " + mesh1):
-            raise Exception("MESH_GROUP_REMOVE failed")
-
-        if "FAIL" not in dev[0].request("MESH_GROUP_REMOVE " + mesh0):
-            raise Exception("Invalid MESH_GROUP_REMOVE accepted")
-        if "FAIL" not in dev[1].request("MESH_GROUP_REMOVE " + mesh1):
-            raise Exception("Invalid MESH_GROUP_REMOVE accepted")
-
-        logger.info("Make sure another dynamic group can be added")
-        mesh0 = dev[0].request("MESH_INTERFACE_ADD ifname=mesh0")
-        if "FAIL" in mesh0:
-            raise Exception("MESH_INTERFACE_ADD failed")
-        mesh1 = dev[1].request("MESH_INTERFACE_ADD")
-        if "FAIL" in mesh1:
-            raise Exception("MESH_INTERFACE_ADD failed")
-
-        wpas0 = WpaSupplicant(ifname=mesh0)
-        wpas1 = WpaSupplicant(ifname=mesh1)
-        logger.info(mesh0 + " address " + wpas0.get_status_field("address"))
-        logger.info(mesh1 + " address " + wpas1.get_status_field("address"))
-
-        add_open_mesh_network(wpas0)
-        add_open_mesh_network(wpas1)
-        check_mesh_joined_connected([wpas0, wpas1], connectivity=True)
-    finally:
-        if mesh0:
-            dev[0].request("MESH_GROUP_REMOVE " + mesh0)
-        if mesh1:
-            dev[1].request("MESH_GROUP_REMOVE " + mesh1)
-
-def test_wpas_mesh_dynamic_interface_remove(dev):
-    """wpa_supplicant mesh with dynamic interface and removal"""
-    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
-    wpas.interface_add("wlan5")
-    check_mesh_support(wpas)
-    mesh5 = wpas.request("MESH_INTERFACE_ADD ifname=mesh5")
-    if "FAIL" in mesh5:
-        raise Exception("MESH_INTERFACE_ADD failed")
-
-    wpas5 = WpaSupplicant(ifname=mesh5)
-    logger.info(mesh5 + " address " + wpas5.get_status_field("address"))
-    add_open_mesh_network(wpas5)
-    add_open_mesh_network(dev[0])
-    check_mesh_joined_connected([wpas5, dev[0]], connectivity=True)
-
-    # Remove the main interface while mesh interface is in use
-    wpas.interface_remove("wlan5")
-
-def test_wpas_mesh_max_peering(dev, apdev, params):
-    """Mesh max peering limit"""
-    check_mesh_support(dev[0])
-    try:
-        dev[0].request("SET max_peer_links 1")
-
-        # first, connect dev[0] and dev[1]
-        add_open_mesh_network(dev[0])
-        add_open_mesh_network(dev[1])
-        for i in range(2):
-            ev = dev[i].wait_event(["MESH-PEER-CONNECTED"])
-            if ev is None:
-                raise Exception("dev%d did not connect with any peer" % i)
-
-        # add dev[2] which will try to connect with both dev[0] and dev[1],
-        # but can complete connection only with dev[1]
-        add_open_mesh_network(dev[2])
-        for i in range(1, 3):
-            ev = dev[i].wait_event(["MESH-PEER-CONNECTED"])
-            if ev is None:
-                raise Exception("dev%d did not connect the second peer" % i)
-
-        ev = dev[0].wait_event(["MESH-PEER-CONNECTED"], timeout=1)
-        if ev is not None:
-            raise Exception("dev0 connection beyond max peering limit")
-
-        ev = dev[2].wait_event(["MESH-PEER-CONNECTED"], timeout=0.1)
-        if ev is not None:
-            raise Exception("dev2 reported unexpected peering: " + ev)
-
-        for i in range(3):
-            dev[i].mesh_group_remove()
-            check_mesh_group_removed(dev[i])
-    finally:
-        dev[0].request("SET max_peer_links 99")
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-
-    capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
-    filt = "wlan.fc.type_subtype == 8"
-    out = run_tshark(capfile, filt, ["wlan.sa", "wlan.mesh.config.cap"])
-    pkts = out.splitlines()
-    one = [0, 0, 0]
-    zero = [0, 0, 0]
-    all_cap_one = True
-    for pkt in pkts:
-        addr, cap = pkt.split('\t')
-        cap = int(cap, 16)
-        if cap != 1:
-            all_cap_one = False
-        if addr == addr0:
-            idx = 0
-        elif addr == addr1:
-            idx = 1
-        elif addr == addr2:
-            idx = 2
-        else:
-            continue
-        if cap & 0x01:
-            one[idx] += 1
-        else:
-            zero[idx] += 1
-    logger.info("one: " + str(one))
-    logger.info("zero: " + str(zero))
-    if all_cap_one:
-        # It looks like tshark parser was broken at some point for
-        # wlan.mesh.config.cap which is now (tshark 2.6.3) pointing to incorrect
-        # field (same as wlan.mesh.config.ps_protocol). This used to work with
-        # tshark 2.2.6.
-        #
-        # For now, assume the capability field ends up being the last octet of
-        # the frame.
-        one = [0, 0, 0]
-        zero = [0, 0, 0]
-        addrs = [addr0, addr1, addr2]
-        for idx in range(3):
-            addr = addrs[idx]
-            out = run_tshark_json(capfile, filt + " && wlan.sa == " + addr)
-            pkts = json.loads(out)
-            for pkt in pkts:
-                wlan = pkt["_source"]["layers"]["wlan"]
-                if "wlan.tagged.all" not in wlan:
-                    continue
-
-                tagged = wlan["wlan.tagged.all"]
-                if "wlan.tag" not in tagged:
-                    continue
-
-                wlan_tag = tagged["wlan.tag"]
-                if "wlan.mesh.config.ps_protocol_raw" not in wlan_tag:
-                    continue
-
-                frame = pkt["_source"]["layers"]["frame_raw"][0]
-                cap_offset = wlan_tag["wlan.mesh.config.ps_protocol_raw"][1] + 6
-                cap = int(frame[(cap_offset * 2):(cap_offset * 2 + 2)], 16)
-                if cap & 0x01:
-                    one[idx] += 1
-                else:
-                    zero[idx] += 1
-        logger.info("one: " + str(one))
-        logger.info("zero: " + str(zero))
-    if zero[0] == 0:
-        raise Exception("Accepting Additional Mesh Peerings not cleared")
-    if one[0] == 0:
-        raise Exception("Accepting Additional Mesh Peerings was not set in the first Beacon frame")
-    if zero[1] > 0 or zero[2] > 0 or one[1] == 0 or one[2] == 0:
-        raise Exception("Unexpected value in Accepting Additional Mesh Peerings from other STAs")
-
-def test_wpas_mesh_open_5ghz(dev, apdev):
-    """wpa_supplicant open MESH network on 5 GHz band"""
-    try:
-        _test_wpas_mesh_open_5ghz(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def _test_wpas_mesh_open_5ghz(dev, apdev):
-    check_mesh_support(dev[0])
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        add_open_mesh_network(dev[i], freq="5180")
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    dev[0].mesh_group_remove()
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-    check_mesh_group_removed(dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-
-def test_wpas_mesh_open_ht40(dev, apdev):
-    """Mesh and HT40 support difference"""
-    try:
-        _test_wpas_mesh_open_ht40(dev, apdev)
-    finally:
-        dev[0].request("MESH_GROUP_REMOVE " + dev[0].ifname)
-        dev[1].request("MESH_GROUP_REMOVE " + dev[1].ifname)
-        dev[2].request("MESH_GROUP_REMOVE " + dev[2].ifname)
-        clear_regdom_dev(dev)
-        dev[0].flush_scan_cache()
-        dev[1].flush_scan_cache()
-        dev[2].flush_scan_cache()
-
-def _test_wpas_mesh_open_ht40(dev, apdev):
-    check_mesh_support(dev[0])
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(3):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        add_open_mesh_network(dev[i], freq="5180", disable_vht=True,
-                              disable_ht40=(i == 2))
-
-    check_mesh_group_added(dev[0])
-    check_mesh_group_added(dev[1])
-    check_mesh_group_added(dev[2])
-
-    check_mesh_peer_connected(dev[0])
-    check_mesh_peer_connected(dev[1])
-    check_mesh_peer_connected(dev[2])
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    hwsim_utils.test_connectivity(dev[0], dev[2])
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-
-    dev[0].mesh_group_remove()
-    dev[1].mesh_group_remove()
-    dev[2].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-    check_mesh_group_removed(dev[1])
-    check_mesh_group_removed(dev[2])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[2].dump_monitor()
-
-def test_wpas_mesh_open_vht40(dev, apdev):
-    """wpa_supplicant open MESH network on VHT 40 MHz channel"""
-    try:
-        _test_wpas_mesh_open_vht40(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def _test_wpas_mesh_open_vht40(dev, apdev):
-    check_mesh_support(dev[0])
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        add_open_mesh_network(dev[i], freq="5180", chwidth=0)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=40 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    if "CENTER_FRQ1=5190" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-
-    sig = dev[1].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=40 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2b): " + str(sig))
-    if "CENTER_FRQ1=5190" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3b): " + str(sig))
-
-    dev[0].scan(freq="5180")
-    bss = dev[0].get_bss(dev[1].own_addr())
-    if bss and 'ie' in bss and "ff0724" in bss['ie']:
-        sta = dev[0].request("STA " + dev[1].own_addr())
-        logger.info("STA info:\n" + sta.rstrip())
-        if "[HT][VHT][HE]" not in sta:
-            raise Exception("Missing STA flags")
-
-    dev[0].mesh_group_remove()
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-    check_mesh_group_removed(dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_wpas_mesh_open_vht20(dev, apdev):
-    """wpa_supplicant open MESH network on VHT 20 MHz channel"""
-    try:
-        _test_wpas_mesh_open_vht20(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def _test_wpas_mesh_open_vht20(dev, apdev):
-    check_mesh_support(dev[0])
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        add_open_mesh_network(dev[i], freq="5180", chwidth=0, disable_ht40=True)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=20 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    if "CENTER_FRQ1=5180" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-
-    sig = dev[1].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=20 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2b): " + str(sig))
-    if "CENTER_FRQ1=5180" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3b): " + str(sig))
-
-    dev[0].mesh_group_remove()
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-    check_mesh_group_removed(dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_wpas_mesh_open_vht_80p80(dev, apdev):
-    """wpa_supplicant open MESH network on VHT 80+80 MHz channel"""
-    try:
-        _test_wpas_mesh_open_vht_80p80(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def _test_wpas_mesh_open_vht_80p80(dev, apdev):
-    check_mesh_support(dev[0])
-    subprocess.call(['iw', 'reg', 'set', 'US'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=US" in ev:
-                break
-        add_open_mesh_network(dev[i], freq="5180", chwidth=3)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=80+80 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    if "CENTER_FRQ1=5210" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-    if "CENTER_FRQ2=5775" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(4): " + str(sig))
-
-    sig = dev[1].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=80+80 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2b): " + str(sig))
-    if "CENTER_FRQ1=5210" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3b): " + str(sig))
-    if "CENTER_FRQ2=5775" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(4b): " + str(sig))
-
-    dev[0].mesh_group_remove()
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-    check_mesh_group_removed(dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_mesh_open_vht_160(dev, apdev):
-    """Open mesh network on VHT 160 MHz channel"""
-    try:
-        _test_mesh_open_vht_160(dev, apdev)
-    finally:
-        clear_reg_setting(dev)
-
-def _test_mesh_open_vht_160(dev, apdev):
-    check_mesh_support(dev[0])
-    subprocess.call(['iw', 'reg', 'set', 'ZA'])
-    for i in range(2):
-        for j in range(5):
-            ev = dev[i].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=5)
-            if ev is None:
-                raise Exception("No regdom change event")
-            if "alpha2=ZA" in ev:
-                break
-
-        cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-        reg = cmd.stdout.read()
-        found = False
-        for entry in reg.splitlines():
-            entry = entry.decode()
-            if "@ 160)" in entry and "DFS" not in entry:
-                found = True
-                break
-        if not found:
-            raise HwsimSkip("160 MHz channel without DFS not supported in regulatory information")
-
-        add_open_mesh_network(dev[i], freq="5520", chwidth=2)
-
-    check_mesh_joined_connected(dev, connectivity=True)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    sig = dev[0].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=160 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
-    if "FREQUENCY=5520" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3): " + str(sig))
-
-    sig = dev[1].request("SIGNAL_POLL").splitlines()
-    if "WIDTH=160 MHz" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(2b): " + str(sig))
-    if "FREQUENCY=5520" not in sig:
-        raise Exception("Unexpected SIGNAL_POLL value(3b): " + str(sig))
-
-    dev[0].mesh_group_remove()
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[0])
-    check_mesh_group_removed(dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-def test_wpas_mesh_password_mismatch(dev, apdev):
-    """Mesh network and one device with mismatching password"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    dev[2].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[2])
-    dev[2].set_network_quoted(id, "psk", "wrong password")
-    dev[2].mesh_group_add(id)
-
-    # The two peers with matching password need to be able to connect
-    check_mesh_joined_connected(dev)
-
-    ev = dev[2].wait_event(["MESH-SAE-AUTH-FAILURE"], timeout=20)
-    if ev is None:
-        raise Exception("dev2 did not report auth failure (1)")
-    ev = dev[2].wait_event(["MESH-SAE-AUTH-FAILURE"], timeout=20)
-    if ev is None:
-        raise Exception("dev2 did not report auth failure (2)")
-    dev[2].dump_monitor()
-
-    count = 0
-    ev = dev[0].wait_event(["MESH-SAE-AUTH-FAILURE"], timeout=5)
-    if ev is None:
-        logger.info("dev0 did not report auth failure")
-    else:
-        if "addr=" + dev[2].own_addr() not in ev:
-            raise Exception("Unexpected peer address in dev0 event: " + ev)
-        count += 1
-    dev[0].dump_monitor()
-
-    ev = dev[1].wait_event(["MESH-SAE-AUTH-FAILURE"], timeout=5)
-    if ev is None:
-        logger.info("dev1 did not report auth failure")
-    else:
-        if "addr=" + dev[2].own_addr() not in ev:
-            raise Exception("Unexpected peer address in dev1 event: " + ev)
-        count += 1
-    dev[1].dump_monitor()
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-    for i in range(2):
-        try:
-            hwsim_utils.test_connectivity(dev[i], dev[2], timeout=1)
-            raise Exception("Data connectivity test passed unexpectedly")
-        except Exception as e:
-            if "data delivery failed" not in str(e):
-                raise
-
-    if count == 0:
-        raise Exception("Neither dev0 nor dev1 reported auth failure")
-
-@long_duration_test
-def test_wpas_mesh_password_mismatch_retry(dev, apdev):
-    """Mesh password mismatch and retry"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].set_network_quoted(id, "psk", "wrong password")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    for i in range(4):
-        ev = dev[0].wait_event(["MESH-SAE-AUTH-FAILURE"], timeout=20)
-        if ev is None:
-            raise Exception("dev0 did not report auth failure (%d)" % i)
-        ev = dev[1].wait_event(["MESH-SAE-AUTH-FAILURE"], timeout=20)
-        if ev is None:
-            raise Exception("dev1 did not report auth failure (%d)" % i)
-
-    ev = dev[0].wait_event(["MESH-SAE-AUTH-BLOCKED"], timeout=10)
-    if ev is None:
-        raise Exception("dev0 did not report auth blocked")
-    ev = dev[1].wait_event(["MESH-SAE-AUTH-BLOCKED"], timeout=10)
-    if ev is None:
-        raise Exception("dev1 did not report auth blocked")
-
-def test_mesh_wpa_auth_init_oom(dev, apdev):
-    """Secure mesh network setup failing due to wpa_init() OOM"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    with alloc_fail(dev[0], 1, "wpa_init"):
-        id = add_mesh_secure_net(dev[0])
-        dev[0].mesh_group_add(id)
-        ev = dev[0].wait_event(["MESH-GROUP-STARTED"], timeout=0.2)
-        if ev is not None:
-            raise Exception("Unexpected mesh group start during OOM")
-
-def test_mesh_wpa_init_fail(dev, apdev):
-    """Secure mesh network setup local failure"""
-    check_mesh_support(dev[0], secure=True)
-    check_mesh_support(dev[1], secure=True)
-    check_mesh_support(dev[2], secure=True)
-    dev[0].request("SET sae_groups ")
-
-    with fail_test(dev[0], 1, "os_get_random;=__mesh_rsn_auth_init"):
-        id = add_mesh_secure_net(dev[0])
-        dev[0].mesh_group_add(id)
-        wait_fail_trigger(dev[0], "GET_FAIL")
-
-    dev[0].dump_monitor()
-    with alloc_fail(dev[0], 1, "mesh_rsn_auth_init"):
-        id = add_mesh_secure_net(dev[0])
-        dev[0].mesh_group_add(id)
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-    dev[0].dump_monitor()
-    with fail_test(dev[0], 1, "os_get_random;mesh_rsn_init_ampe_sta"):
-        id = add_mesh_secure_net(dev[0])
-        dev[0].mesh_group_add(id)
-        dev[1].request("SET sae_groups ")
-        id = add_mesh_secure_net(dev[1])
-        dev[1].mesh_group_add(id)
-        wait_fail_trigger(dev[0], "GET_FAIL")
-
-    with fail_test(dev[0], 2, "=omac1_aes_vector;aes_siv_encrypt"):
-        id = add_mesh_secure_net(dev[2])
-        dev[0].mesh_group_add(id)
-        dev[2].request("SET sae_groups ")
-        id = add_mesh_secure_net(dev[2])
-        dev[2].mesh_group_add(id)
-        wait_fail_trigger(dev[0], "GET_FAIL")
-
-def test_wpas_mesh_reconnect(dev, apdev):
-    """Secure mesh network plink counting during reconnection"""
-    check_mesh_support(dev[0])
-    try:
-        _test_wpas_mesh_reconnect(dev)
-    finally:
-        dev[0].request("SET max_peer_links 99")
-
-def _test_wpas_mesh_reconnect(dev):
-    dev[0].request("SET max_peer_links 2")
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].set_network(id, "beacon_int", "100")
-    dev[0].mesh_group_add(id)
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-    check_mesh_joined_connected(dev)
-
-    for i in range(3):
-        # Drop incoming management frames to avoid handling link close
-        dev[0].request("SET ext_mgmt_frame_handling 1")
-        dev[1].mesh_group_remove()
-        check_mesh_group_removed(dev[1])
-        dev[1].request("FLUSH")
-        dev[0].request("SET ext_mgmt_frame_handling 0")
-        id = add_mesh_secure_net(dev[1])
-        dev[1].mesh_group_add(id)
-        check_mesh_group_added(dev[1])
-        check_mesh_peer_connected(dev[1])
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-
-def test_wpas_mesh_gate_forwarding(dev, apdev, p):
-    """Mesh forwards traffic to unknown sta to mesh gates"""
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-    external_sta = '02:11:22:33:44:55'
-
-    # start 3 node connected mesh
-    check_mesh_support(dev[0])
-    for i in range(3):
-        add_open_mesh_network(dev[i])
-        check_mesh_group_added(dev[i])
-    for i in range(3):
-        check_mesh_peer_connected(dev[i])
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-    hwsim_utils.test_connectivity(dev[0], dev[2])
-
-    # dev0 and dev1 are mesh gates
-    subprocess.call(['iw', 'dev', dev[0].ifname, 'set', 'mesh_param',
-                     'mesh_gate_announcements=1'])
-    subprocess.call(['iw', 'dev', dev[1].ifname, 'set', 'mesh_param',
-                     'mesh_gate_announcements=1'])
-
-    # wait for gate announcement frames
-    time.sleep(1)
-
-    # data frame from dev2 -> external sta should be sent to both gates
-    dev[2].request("DATA_TEST_CONFIG 1")
-    dev[2].request("DATA_TEST_TX {} {} 0".format(external_sta, addr2))
-    dev[2].request("DATA_TEST_CONFIG 0")
-
-    capfile = os.path.join(p['logdir'], "hwsim0.pcapng")
-    filt = "wlan.sa==%s && wlan_mgt.fixed.mesh_addr5==%s" % (addr2,
-                                                             external_sta)
-    time.sleep(4)
-    for i in range(5):
-        da = run_tshark(capfile, filt, ["wlan.da"])
-        if addr0 in da and addr1 in da:
-            logger.debug("Frames seen in tshark iteration %d" % i)
-            break
-        time.sleep(0.5)
-
-    if addr0 not in da and addr1 not in da:
-        filt = "wlan.sa==%s" % addr2
-        mesh = run_tshark(capfile, filt, ["wlan.mesh.control_field"])
-        if "1" not in mesh:
-            # Wireshark regression in mesh control field parsing:
-            # https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15521
-            raise HwsimSkip("tshark bug 15521")
-    if addr0 not in da:
-        raise Exception("Frame to gate %s not observed" % addr0)
-    if addr1 not in da:
-        raise Exception("Frame to gate %s not observed" % addr1)
-
-def test_wpas_mesh_pmksa_caching(dev, apdev):
-    """Secure mesh network and PMKSA caching"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev)
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    pmksa0 = dev[0].get_pmksa(addr1)
-    pmksa1 = dev[1].get_pmksa(addr0)
-    if pmksa0 is None or pmksa1 is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa0['pmkid'] != pmksa1['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE " + addr1):
-        raise Exception("Failed to remove peer")
-    pmksa0b = dev[0].get_pmksa(addr1)
-    if pmksa0b is None:
-        raise Exception("PMKSA cache entry not maintained")
-    time.sleep(0.1)
-
-    if "FAIL" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD unexpectedly succeeded in no_auto_peer=0 case")
-
-def test_wpas_mesh_pmksa_caching2(dev, apdev):
-    """Secure mesh network and PMKSA caching with no_auto_peer=1"""
-    check_mesh_support(dev[0], secure=True)
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].set_network(id, "no_auto_peer", "1")
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    # Check for peer connected
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed")
-    check_mesh_connected2(dev)
-
-    pmksa0 = dev[0].get_pmksa(addr1)
-    pmksa1 = dev[1].get_pmksa(addr0)
-    if pmksa0 is None or pmksa1 is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa0['pmkid'] != pmksa1['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE " + addr1):
-        raise Exception("Failed to remove peer")
-    pmksa0b = dev[0].get_pmksa(addr1)
-    if pmksa0b is None:
-        raise Exception("PMKSA cache entry not maintained")
-
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message (2)")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed (2)")
-    check_mesh_connected2(dev)
-
-    pmksa0c = dev[0].get_pmksa(addr1)
-    pmksa1c = dev[1].get_pmksa(addr0)
-    if pmksa0c is None or pmksa1c is None:
-        raise Exception("No PMKSA cache entry created (2)")
-    if pmksa0c['pmkid'] != pmksa1c['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-    if pmksa0['pmkid'] != pmksa0c['pmkid']:
-        raise Exception("PMKID changed")
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-def test_wpas_mesh_pmksa_caching_no_match(dev, apdev):
-    """Secure mesh network and PMKSA caching with no PMKID match"""
-    check_mesh_support(dev[0], secure=True)
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].set_network(id, "no_auto_peer", "1")
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    # Check for peer connected
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed")
-    check_mesh_connected2(dev)
-
-    pmksa0 = dev[0].get_pmksa(addr1)
-    pmksa1 = dev[1].get_pmksa(addr0)
-    if pmksa0 is None or pmksa1 is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa0['pmkid'] != pmksa1['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE " + addr1):
-        raise Exception("Failed to remove peer")
-
-    if "OK" not in dev[1].request("PMKSA_FLUSH"):
-        raise Exception("Failed to flush PMKSA cache")
-
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message (2)")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed (2)")
-    check_mesh_connected2(dev)
-
-    pmksa0c = dev[0].get_pmksa(addr1)
-    pmksa1c = dev[1].get_pmksa(addr0)
-    if pmksa0c is None or pmksa1c is None:
-        raise Exception("No PMKSA cache entry created (2)")
-    if pmksa0c['pmkid'] != pmksa1c['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-    if pmksa0['pmkid'] == pmksa0c['pmkid']:
-        raise Exception("PMKID did not change")
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-def test_mesh_pmksa_caching_oom(dev, apdev):
-    """Secure mesh network and PMKSA caching failing due to OOM"""
-    check_mesh_support(dev[0], secure=True)
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].set_network(id, "no_auto_peer", "1")
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    # Check for peer connected
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed")
-    check_mesh_connected2(dev)
-
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE " + addr1):
-        raise Exception("Failed to remove peer")
-    pmksa0b = dev[0].get_pmksa(addr1)
-    if pmksa0b is None:
-        raise Exception("PMKSA cache entry not maintained")
-
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message (2)")
-
-    with alloc_fail(dev[0], 1, "wpa_auth_sta_init;mesh_rsn_auth_sae_sta"):
-        if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-            raise Exception("MESH_PEER_ADD failed (2)")
-        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-
-def test_wpas_mesh_pmksa_caching_ext(dev, apdev):
-    """Secure mesh network and PMKSA caching and external storage"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined_connected(dev)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    pmksa0 = dev[0].get_pmksa(addr1)
-    pmksa1 = dev[1].get_pmksa(addr0)
-    if pmksa0 is None or pmksa1 is None:
-        raise Exception("No PMKSA cache entry created")
-    if pmksa0['pmkid'] != pmksa1['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries")
-
-    res1 = dev[1].request("MESH_PMKSA_GET any")
-    res2 = dev[1].request("MESH_PMKSA_GET " + addr0)
-    logger.info("MESH_PMKSA_GET: " + res1)
-    if "UNKNOWN COMMAND" in res1:
-        raise HwsimSkip("MESH_PMKSA_GET not supported in the build")
-    logger.info("MESH_PMKSA_GET: " + res2)
-    if pmksa0['pmkid'] not in res1:
-        raise Exception("PMKID not included in PMKSA entry")
-    if res1 != res2:
-        raise Exception("Unexpected difference in MESH_PMKSA_GET output")
-
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[1])
-    check_mesh_peer_disconnected(dev[0])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    res = dev[1].get_pmksa(addr0)
-    if res is not None:
-        raise Exception("Unexpected PMKSA cache entry remaining")
-
-    time.sleep(0.1)
-    if "OK" not in dev[1].request("MESH_PMKSA_ADD " + res2):
-        raise Exception("MESH_PMKSA_ADD failed")
-    dev[1].mesh_group_add(id)
-    check_mesh_group_added(dev[1])
-    check_mesh_peer_connected(dev[1])
-    check_mesh_peer_connected(dev[0])
-    time.sleep(0.1)
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    pmksa1b = dev[1].get_pmksa(addr0)
-    if pmksa1b is None:
-        raise Exception("No PMKSA cache entry created after external storage restore")
-    if pmksa1['pmkid'] != pmksa1b['pmkid']:
-        raise Exception("PMKID mismatch in PMKSA cache entries after external storage restore")
-
-    hwsim_utils.test_connectivity(dev[0], dev[1])
-
-    res = dev[1].request("MESH_PMKSA_GET foo")
-    if "FAIL" not in res:
-        raise Exception("Invalid MESH_PMKSA_GET accepted")
-
-    dev[1].mesh_group_remove()
-    check_mesh_group_removed(dev[1])
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[1].request("REMOVE_NETWORK all")
-    res = dev[1].request("MESH_PMKSA_GET any")
-    if "FAIL" not in res:
-        raise Exception("MESH_PMKSA_GET accepted when not in mesh")
-
-    tests = ["foo",
-             "02:02:02:02:02:02",
-             "02:02:02:02:02:02 q",
-             "02:02:02:02:02:02 c3d51a7ccfca0c6d5287291a7169d79b",
-             "02:02:02:02:02:02 c3d51a7ccfca0c6d5287291a7169d79b q",
-             "02:02:02:02:02:02 c3d51a7ccfca0c6d5287291a7169d79b 1bed4fa22ece7997ca1bdc8b829019fe63acac91cba3405522c24c91f7cfb49f",
-             "02:02:02:02:02:02 c3d51a7ccfca0c6d5287291a7169d79b 1bed4fa22ece7997ca1bdc8b829019fe63acac91cba3405522c24c91f7cfb49f q"]
-    for t in tests:
-        if "FAIL" not in dev[1].request("MESH_PMKSA_ADD " + t):
-            raise Exception("Invalid MESH_PMKSA_ADD accepted")
-
-def test_mesh_oom(dev, apdev):
-    """Mesh network setup failing due to OOM"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-
-    with alloc_fail(dev[0], 1, "mesh_config_create"):
-        add_open_mesh_network(dev[0])
-        ev = dev[0].wait_event(["Failed to init mesh"])
-        if ev is None:
-            raise Exception("Init failure not reported")
-
-    with alloc_fail(dev[0], 2, "=wpa_supplicant_mesh_init"):
-        add_open_mesh_network(dev[0], basic_rates="60 120 240")
-        ev = dev[0].wait_event(["Failed to init mesh"])
-        if ev is None:
-            raise Exception("Init failure not reported")
-
-    for i in range(1, 66):
-        dev[0].dump_monitor()
-        logger.info("Test instance %d" % i)
-        try:
-            with alloc_fail(dev[0], i, "wpa_supplicant_mesh_init"):
-                add_open_mesh_network(dev[0])
-                wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
-                ev = dev[0].wait_event(["Failed to init mesh",
-                                        "MESH-GROUP-STARTED"])
-                if ev is None:
-                    raise Exception("Init failure not reported")
-        except Exception as e:
-            if i < 15:
-                raise
-            logger.info("Ignore no-oom for i=%d" % i)
-
-    with alloc_fail(dev[0], 2, "=wpa_supplicant_mesh_init"):
-        id = add_mesh_secure_net(dev[0])
-        dev[0].mesh_group_add(id)
-        ev = dev[0].wait_event(["Failed to init mesh"])
-        if ev is None:
-            raise Exception("Init failure not reported")
-
-def test_mesh_add_interface_oom(dev):
-    """wpa_supplicant mesh with dynamic interface addition failing"""
-    check_mesh_support(dev[0])
-    for i in range(1, 3):
-        mesh = None
-        try:
-            with alloc_fail(dev[0], i, "wpas_mesh_add_interface"):
-                mesh = dev[0].request("MESH_INTERFACE_ADD").strip()
-        finally:
-            if mesh and mesh != "FAIL":
-                dev[0].request("MESH_GROUP_REMOVE " + mesh)
-
-def test_mesh_scan_oom(dev):
-    """wpa_supplicant mesh scan results and OOM"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    check_mesh_group_added(dev[0])
-    for i in range(5):
-        dev[1].scan(freq="2412")
-        res = dev[1].request("SCAN_RESULTS")
-        if "[MESH]" in res:
-            break
-    for r in res.splitlines():
-        if "[MESH]" in r:
-            break
-    bssid = r.split('\t')[0]
-
-    bss = dev[1].get_bss(bssid)
-    if bss is None:
-        raise Exception("Could not get BSS entry for mesh")
-
-    for i in range(1, 3):
-        with alloc_fail(dev[1], i, "mesh_attr_text"):
-            bss = dev[1].get_bss(bssid)
-            if bss and "mesh_id" in bss:
-                raise Exception("Unexpected BSS result during OOM")
-
-def test_mesh_drv_fail(dev, apdev):
-    """Mesh network setup failing due to driver command failure"""
-    check_mesh_support(dev[0], secure=True)
-    dev[0].request("SET sae_groups ")
-
-    with fail_test(dev[0], 1, "nl80211_join_mesh"):
-        add_open_mesh_network(dev[0])
-        ev = dev[0].wait_event(["mesh join error"])
-        if ev is None:
-            raise Exception("Join failure not reported")
-
-    dev[0].dump_monitor()
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_if_add"):
-        if "FAIL" not in dev[0].request("MESH_INTERFACE_ADD").strip():
-            raise Exception("Interface added unexpectedly")
-
-    dev[0].dump_monitor()
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_init_mesh"):
-        add_open_mesh_network(dev[0])
-        ev = dev[0].wait_event(["Could not join mesh"])
-        if ev is None:
-            raise Exception("Join failure not reported")
-
-def test_mesh_sae_groups_invalid(dev, apdev):
-    """Mesh with invalid SAE group configuration"""
-    check_mesh_support(dev[0], secure=True)
-
-    dev[0].request("SET sae_groups 26")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups 123 122 121")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    ev = dev[0].wait_event(["new peer notification"], timeout=10)
-    if ev is None:
-        raise Exception("dev[0] did not see peer")
-    ev = dev[1].wait_event(["new peer notification"], timeout=10)
-    if ev is None:
-        raise Exception("dev[1] did not see peer")
-
-    ev = dev[0].wait_event(["MESH-PEER-CONNECTED"], timeout=0.1)
-    if ev is not None:
-        raise Exception("Unexpected connection(0)")
-
-    ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.01)
-    if ev is not None:
-        raise Exception("Unexpected connection(1)")
-
-    # Additional coverage in mesh_rsn_sae_group() with non-zero
-    # wpa_s->mesh_rsn->sae_group_index.
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[2].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[2])
-    dev[2].mesh_group_add(id)
-    check_mesh_group_added(dev[2])
-    check_mesh_peer_connected(dev[0])
-    check_mesh_peer_connected(dev[2])
-    ev = dev[1].wait_event(["new peer notification"], timeout=10)
-    if ev is None:
-        raise Exception("dev[1] did not see peer(2)")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[2].dump_monitor()
-
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-    dev[2].request("SET sae_groups ")
-
-def test_mesh_sae_failure(dev, apdev):
-    """Mesh and local SAE failures"""
-    check_mesh_support(dev[0], secure=True)
-
-    dev[0].request("SET sae_groups ")
-    dev[1].request("SET sae_groups ")
-
-    funcs = [(1, "=mesh_rsn_auth_sae_sta", True),
-             (1, "mesh_rsn_build_sae_commit;mesh_rsn_auth_sae_sta", False),
-             (1, "auth_sae_init_committed;mesh_rsn_auth_sae_sta", True),
-             (1, "=mesh_rsn_protect_frame", True),
-             (2, "=mesh_rsn_protect_frame", True),
-             (1, "aes_siv_encrypt;mesh_rsn_protect_frame", True),
-             (1, "=mesh_rsn_process_ampe", True),
-             (1, "aes_siv_decrypt;mesh_rsn_process_ampe", True)]
-    for count, func, success in funcs:
-        id = add_mesh_secure_net(dev[0])
-        dev[0].mesh_group_add(id)
-
-        with alloc_fail(dev[1], count, func):
-            id = add_mesh_secure_net(dev[1])
-            dev[1].mesh_group_add(id)
-            check_mesh_joined2(dev)
-            if success:
-                # retry is expected to work
-                check_mesh_connected2(dev)
-            else:
-                wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
-        dev[0].mesh_group_remove()
-        dev[1].mesh_group_remove()
-        check_mesh_group_removed(dev[0])
-        check_mesh_group_removed(dev[1])
-
-def test_mesh_failure(dev, apdev):
-    """Mesh and local failures"""
-    check_mesh_support(dev[0])
-
-    funcs = [(1, "ap_sta_add;mesh_mpm_add_peer", True),
-             (1, "wpabuf_alloc;mesh_mpm_send_plink_action", True)]
-    for count, func, success in funcs:
-        add_open_mesh_network(dev[0])
-
-        with alloc_fail(dev[1], count, func):
-            add_open_mesh_network(dev[1])
-            check_mesh_joined2(dev)
-            if success:
-                # retry is expected to work
-                check_mesh_connected2(dev)
-            else:
-                wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
-        dev[0].mesh_group_remove()
-        dev[1].mesh_group_remove()
-        check_mesh_group_removed(dev[0])
-        check_mesh_group_removed(dev[1])
-
-    funcs = [(1, "mesh_mpm_init_link", True)]
-    for count, func, success in funcs:
-        add_open_mesh_network(dev[0])
-
-        with fail_test(dev[1], count, func):
-            add_open_mesh_network(dev[1])
-            check_mesh_joined2(dev)
-            if success:
-                # retry is expected to work
-                check_mesh_connected2(dev)
-            else:
-                wait_fail_trigger(dev[1], "GET_FAIL")
-        dev[0].mesh_group_remove()
-        dev[1].mesh_group_remove()
-        check_mesh_group_removed(dev[0])
-        check_mesh_group_removed(dev[1])
-
-def test_mesh_invalid_frequency(dev, apdev):
-    """Mesh and invalid frequency configuration"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0], freq=None)
-    ev = dev[0].wait_event(["MESH-GROUP-STARTED",
-                            "Could not join mesh"])
-    if ev is None or "Could not join mesh" not in ev:
-        raise Exception("Mesh join failure not reported")
-    dev[0].request("REMOVE_NETWORK all")
-
-    add_open_mesh_network(dev[0], freq="2413")
-    ev = dev[0].wait_event(["MESH-GROUP-STARTED",
-                            "Could not join mesh"])
-    if ev is None or "Could not join mesh" not in ev:
-        raise Exception("Mesh join failure not reported")
-
-def test_mesh_default_beacon_int(dev, apdev):
-    """Mesh and default beacon interval"""
-    check_mesh_support(dev[0])
-    try:
-        dev[0].request("SET beacon_int 200")
-        add_open_mesh_network(dev[0])
-        check_mesh_group_added(dev[0])
-    finally:
-        dev[0].request("SET beacon_int 0")
-
-def test_mesh_scan_parse_error(dev, apdev):
-    """Mesh scan element parse error"""
-    check_mesh_support(dev[0])
-    params = {"ssid": "open",
-              "beacon_int": "2000"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    bssid = apdev[0]['bssid']
-    hapd.set('vendor_elements', 'dd0201')
-    for i in range(10):
-        dev[0].scan(freq=2412)
-        if bssid in dev[0].request("SCAN_RESULTS"):
-            break
-    # This will fail in IE parsing due to the truncated IE in the Probe
-    # Response frame.
-    bss = dev[0].request("BSS " + bssid)
-
-def test_mesh_missing_mic(dev, apdev):
-    """Secure mesh network and missing MIC"""
-    check_mesh_support(dev[0], secure=True)
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    count = 0
-    remove_mic = True
-    while True:
-        count += 1
-        if count > 15:
-            raise Exception("Did not see Action frames")
-        rx_msg = dev[0].mgmt_rx()
-        if rx_msg is None:
-            ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.01)
-            if ev:
-                break
-            raise Exception("MGMT-RX timeout")
-        if rx_msg['subtype'] == 13:
-            payload = rx_msg['payload']
-            frame = rx_msg['frame']
-            (categ, action) = struct.unpack('BB', payload[0:2])
-            if categ == 15 and action == 1 and remove_mic:
-                # Mesh Peering Open
-                pos = frame.find(b'\x8c\x10')
-                if not pos:
-                    raise Exception("Could not find MIC element")
-                logger.info("Found MIC at %d" % pos)
-                # Remove MIC
-                rx_msg['frame'] = frame[0:pos]
-                remove_mic = False
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-            rx_msg['freq'], rx_msg['datarate'], rx_msg['ssi_signal'], binascii.hexlify(rx_msg['frame']).decode())):
-            raise Exception("MGMT_RX_PROCESS failed")
-        ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.01)
-        if ev:
-            break
-
-def test_mesh_pmkid_mismatch(dev, apdev):
-    """Secure mesh network and PMKID mismatch"""
-    check_mesh_support(dev[0], secure=True)
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    dev[0].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].set_network(id, "no_auto_peer", "1")
-    dev[0].mesh_group_add(id)
-
-    dev[1].request("SET sae_groups ")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].set_network(id, "no_auto_peer", "1")
-    dev[1].mesh_group_add(id)
-
-    check_mesh_joined2(dev)
-
-    # Check for peer connected
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed")
-    check_mesh_connected2(dev)
-
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE " + addr1):
-        raise Exception("Failed to remove peer")
-
-    ev = dev[0].wait_event(["will not initiate new peer link"], timeout=10)
-    if ev is None:
-        raise Exception("Missing no-initiate message (2)")
-    dev[0].dump_monitor()
-    dev[1].dump_monitor()
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    if "OK" not in dev[0].request("MESH_PEER_ADD " + addr1):
-        raise Exception("MESH_PEER_ADD failed (2)")
-
-    count = 0
-    break_pmkid = True
-    while True:
-        count += 1
-        if count > 50:
-            raise Exception("Did not see Action frames")
-        rx_msg = dev[0].mgmt_rx()
-        if rx_msg is None:
-            ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.1)
-            if ev:
-                break
-            raise Exception("MGMT-RX timeout")
-        if rx_msg['subtype'] == 13:
-            payload = rx_msg['payload']
-            frame = rx_msg['frame']
-            (categ, action) = struct.unpack('BB', payload[0:2])
-            if categ == 15 and action == 1 and break_pmkid:
-                # Mesh Peering Open
-                pos = frame.find(b'\x75\x14')
-                if not pos:
-                    raise Exception("Could not find Mesh Peering Management element")
-                logger.info("Found Mesh Peering Management element at %d" % pos)
-                # Break PMKID to hit "Mesh RSN: Invalid PMKID (Chosen PMK did
-                # not match calculated PMKID)"
-                rx_msg['frame'] = frame[0:pos + 6] + b'\x00\x00\x00\x00' + frame[pos + 10:]
-                break_pmkid = False
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-            rx_msg['freq'], rx_msg['datarate'], rx_msg['ssi_signal'], binascii.hexlify(rx_msg['frame']).decode())):
-            raise Exception("MGMT_RX_PROCESS failed")
-        ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.01)
-        if ev:
-            break
-
-def test_mesh_peering_proto(dev, apdev):
-    """Mesh peering management protocol testing"""
-    check_mesh_support(dev[0])
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    add_open_mesh_network(dev[0], beacon_int=160)
-    add_open_mesh_network(dev[1], beacon_int=160)
-
-    count = 0
-    test = 1
-    while True:
-        count += 1
-        if count > 50:
-            raise Exception("Did not see Action frames")
-        rx_msg = dev[0].mgmt_rx()
-        if rx_msg is None:
-            ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.01)
-            if ev:
-                break
-            raise Exception("MGMT-RX timeout")
-        if rx_msg['subtype'] == 13:
-            payload = rx_msg['payload']
-            frame = rx_msg['frame']
-            (categ, action) = struct.unpack('BB', payload[0:2])
-            if categ == 15 and action == 1 and test == 1:
-                # Mesh Peering Open
-                pos = frame.find(b'\x75\x04')
-                if not pos:
-                    raise Exception("Could not find Mesh Peering Management element")
-                logger.info("Found Mesh Peering Management element at %d" % pos)
-                # Remove the element to hit
-                # "MPM: No Mesh Peering Management element"
-                rx_msg['frame'] = frame[0:pos]
-                test += 1
-            elif categ == 15 and action == 1 and test == 2:
-                # Mesh Peering Open
-                pos = frame.find(b'\x72\x0e')
-                if not pos:
-                    raise Exception("Could not find Mesh ID element")
-                logger.info("Found Mesh ID element at %d" % pos)
-                # Remove the element to hit
-                # "MPM: No Mesh ID or Mesh Configuration element"
-                rx_msg['frame'] = frame[0:pos] + frame[pos + 16:]
-                test += 1
-            elif categ == 15 and action == 1 and test == 3:
-                # Mesh Peering Open
-                pos = frame.find(b'\x72\x0e')
-                if not pos:
-                    raise Exception("Could not find Mesh ID element")
-                logger.info("Found Mesh ID element at %d" % pos)
-                # Replace Mesh ID to hit "MPM: Mesh ID or Mesh Configuration
-                # element do not match local MBSS"
-                rx_msg['frame'] = frame[0:pos] + b'\x72\x0etest-test-test' + frame[pos + 16:]
-                test += 1
-            elif categ == 15 and action == 1 and test == 4:
-                # Mesh Peering Open
-                # Remove IEs to hit
-                # "MPM: Ignore too short action frame 1 ie_len 0"
-                rx_msg['frame'] = frame[0:26]
-                test += 1
-            elif categ == 15 and action == 1 and test == 5:
-                # Mesh Peering Open
-                # Truncate IEs to hit
-                # "MPM: Failed to parse PLINK IEs"
-                rx_msg['frame'] = frame[0:30]
-                test += 1
-            elif categ == 15 and action == 1 and test == 6:
-                # Mesh Peering Open
-                pos = frame.find(b'\x75\x04')
-                if not pos:
-                    raise Exception("Could not find Mesh Peering Management element")
-                logger.info("Found Mesh Peering Management element at %d" % pos)
-                # Truncate the element to hit
-                # "MPM: Invalid peer mgmt ie" and
-                # "MPM: Mesh parsing rejected frame"
-                rx_msg['frame'] = frame[0:pos] + b'\x75\x00\x00\x00' + frame[pos + 6:]
-                test += 1
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-            rx_msg['freq'], rx_msg['datarate'], rx_msg['ssi_signal'], binascii.hexlify(rx_msg['frame']).decode())):
-            raise Exception("MGMT_RX_PROCESS failed")
-        ev = dev[1].wait_event(["MESH-PEER-CONNECTED"], timeout=0.01)
-        if ev:
-            break
-
-    if test != 7:
-        raise Exception("Not all test frames completed")
-
-def test_mesh_mpm_init_proto(dev, apdev):
-    """Mesh peering management protocol testing for peer addition"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    check_mesh_group_added(dev[0])
-    dev[0].dump_monitor()
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-
-    addr = "020000000100"
-    hdr = "d000ac00020000000000" + addr + addr + "1000"
-    fixed = "0f010000"
-    supp_rates = "010802040b168c129824"
-    ext_supp_rates = "3204b048606c"
-    mesh_id = "720e777061732d6d6573682d6f70656e"
-    mesh_conf = "710701010001000009"
-    mpm = "75040000079d"
-    ht_capab = "2d1a7c001bffff000000000000000000000100000000000000000000"
-    ht_oper = "3d160b000000000000000000000000000000000000000000"
-
-    dev[0].request("NOTE no supported rates")
-    frame = hdr + fixed + ext_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE Invalid supported rates element length 33+0")
-    long_supp_rates = "012100112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"
-    frame = hdr + fixed + long_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE Too short mesh config")
-    short_mesh_conf = "710401010001"
-    frame = hdr + fixed + supp_rates + mesh_id + short_mesh_conf + mpm + ht_capab + ht_oper
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE Add STA failure")
-    frame = hdr + fixed + supp_rates + ext_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    with fail_test(dev[0], 1, "wpa_driver_nl80211_sta_add"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE Send Action failure")
-    with fail_test(dev[0], 1, "driver_nl80211_send_action"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE Set STA failure")
-    addr = "020000000101"
-    hdr = "d000ac00020000000000" + addr + addr + "1000"
-    frame = hdr + fixed + supp_rates + ext_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    with fail_test(dev[0], 2, "wpa_driver_nl80211_sta_add"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE ap_sta_add OOM")
-    addr = "020000000102"
-    hdr = "d000ac00020000000000" + addr + addr + "1000"
-    frame = hdr + fixed + supp_rates + ext_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    with alloc_fail(dev[0], 1, "ap_sta_add"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    dev[0].request("NOTE hostapd_get_aid() failure")
-    addr = "020000000103"
-    hdr = "d000ac00020000000000" + addr + addr + "1000"
-    frame = hdr + fixed + supp_rates + ext_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    with fail_test(dev[0], 1, "hostapd_get_aid"):
-        if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE 02:00:00:00:01:00"):
-        raise Exception("Failed to remove peer")
-    if "FAIL" not in dev[0].request("MESH_PEER_REMOVE 02:00:00:00:01:02"):
-        raise Exception("Unexpected MESH_PEER_REMOVE success")
-    if "FAIL" not in dev[1].request("MESH_PEER_REMOVE 02:00:00:00:01:02"):
-        raise Exception("Unexpected MESH_PEER_REMOVE success(2)")
-    if "FAIL" not in dev[1].request("MESH_PEER_ADD 02:00:00:00:01:02"):
-        raise Exception("Unexpected MESH_PEER_ADD success")
-
-def test_mesh_holding(dev, apdev):
-    """Mesh MPM FSM and HOLDING state event OPN_ACPT"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    add_open_mesh_network(dev[1])
-    check_mesh_joined_connected(dev)
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    if "OK" not in dev[0].request("MESH_PEER_REMOVE " + addr1):
-        raise Exception("Failed to remove peer")
-
-    rx_msg = dev[0].mgmt_rx()
-    if rx_msg is None:
-        raise Exception("MGMT-RX timeout")
-    if rx_msg['subtype'] != 13:
-        raise Exception("Unexpected management frame")
-    payload = rx_msg['payload']
-    (categ, action) = struct.unpack('BB', payload[0:2])
-    if categ != 0x0f or action != 0x03:
-        raise Exception("Did not see Mesh Peering Close")
-
-    peer_lid = binascii.hexlify(payload[-6:-4]).decode()
-    my_lid = binascii.hexlify(payload[-4:-2]).decode()
-
-    # Drop Mesh Peering Close and instead, process an unexpected Mesh Peering
-    # Open to trigger transmission of another Mesh Peering Close in the HOLDING
-    # state based on an OPN_ACPT event.
-
-    dst = addr0.replace(':', '')
-    src = addr1.replace(':', '')
-    hdr = "d000ac00" + dst + src + src + "1000"
-    fixed = "0f010000"
-    supp_rates = "010802040b168c129824"
-    ext_supp_rates = "3204b048606c"
-    mesh_id = "720e777061732d6d6573682d6f70656e"
-    mesh_conf = "710701010001000009"
-    mpm = "7504" + my_lid + peer_lid
-    ht_capab = "2d1a7c001bffff000000000000000000000100000000000000000000"
-    ht_oper = "3d160b000000000000000000000000000000000000000000"
-
-    frame = hdr + fixed + supp_rates + ext_supp_rates + mesh_id + mesh_conf + mpm + ht_capab + ht_oper
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-    time.sleep(0.1)
-
-def test_mesh_cnf_rcvd_event_cls_acpt(dev, apdev):
-    """Mesh peering management protocol testing - CLS_ACPT event in CNF_RCVD"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    check_mesh_group_added(dev[0])
-    dev[0].dump_monitor()
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    add_open_mesh_network(dev[1])
-    check_mesh_group_added(dev[1])
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-
-    rx_msg = dev[0].mgmt_rx()
-    # Drop Mesh Peering Open
-
-    rx_msg = dev[0].mgmt_rx()
-    # Allow Mesh Peering Confirm to go through
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
-        rx_msg['freq'], rx_msg['datarate'], rx_msg['ssi_signal'], binascii.hexlify(rx_msg['frame']).decode())):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    payload = rx_msg['payload']
-    peer_lid = binascii.hexlify(payload[51:53]).decode()
-    my_lid = binascii.hexlify(payload[53:55]).decode()
-
-    dst = addr0.replace(':', '')
-    src = addr1.replace(':', '')
-    hdr = "d000ac00" + dst + src + src + "1000"
-    fixed = "0f03"
-    mesh_id = "720e777061732d6d6573682d6f70656e"
-    mpm = "75080000" + peer_lid + my_lid + "3700"
-    frame = hdr + fixed + mesh_id + mpm
-
-    # Inject Mesh Peering Close to hit "state CNF_RCVD event CLS_ACPT" to
-    # HOLDING transition.
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-def test_mesh_opn_snt_event_cls_acpt(dev, apdev):
-    """Mesh peering management protocol testing - CLS_ACPT event in OPN_SNT"""
-    check_mesh_support(dev[0])
-    add_open_mesh_network(dev[0])
-    check_mesh_group_added(dev[0])
-    dev[0].dump_monitor()
-
-    dev[0].request("SET ext_mgmt_frame_handling 1")
-    add_open_mesh_network(dev[1])
-    check_mesh_group_added(dev[1])
-
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-
-    rx_msg = dev[0].mgmt_rx()
-    # Drop Mesh Peering Open
-
-    rx_msg = dev[0].mgmt_rx()
-    # Drop Mesh Peering Confirm
-
-    payload = rx_msg['payload']
-    peer_lid = "0000"
-    my_lid = binascii.hexlify(payload[53:55]).decode()
-
-    dst = addr0.replace(':', '')
-    src = addr1.replace(':', '')
-    hdr = "d000ac00" + dst + src + src + "1000"
-    fixed = "0f03"
-    mesh_id = "720e777061732d6d6573682d6f70656e"
-    mpm = "75080000" + peer_lid + my_lid + "3700"
-    frame = hdr + fixed + mesh_id + mpm
-
-    # Inject Mesh Peering Close to hit "state OPN_SNTevent CLS_ACPT" to
-    # HOLDING transition.
-    if "OK" not in dev[0].request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + frame):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-def test_mesh_select_network(dev):
-    """Mesh network and SELECT_NETWORK"""
-    check_mesh_support(dev[0])
-    id0 = add_open_mesh_network(dev[0], start=False)
-    id1 = add_open_mesh_network(dev[1], start=False)
-    dev[0].select_network(id0)
-    dev[1].select_network(id1)
-    check_mesh_joined_connected(dev, connectivity=True)
-
-def test_mesh_forwarding(dev):
-    """Mesh with two stations that can't reach each other directly"""
-    try:
-        set_group_map(dev[0], 1)
-        set_group_map(dev[1], 3)
-        set_group_map(dev[2], 2)
-        check_mesh_support(dev[0])
-        for i in range(3):
-            add_open_mesh_network(dev[i])
-            check_mesh_group_added(dev[i])
-        for i in range(3):
-            check_mesh_peer_connected(dev[i])
-
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-        hwsim_utils.test_connectivity(dev[1], dev[2])
-        hwsim_utils.test_connectivity(dev[0], dev[2])
-    finally:
-        # reset groups
-        set_group_map(dev[0], 1)
-        set_group_map(dev[1], 1)
-        set_group_map(dev[2], 1)
-
-def test_mesh_forwarding_secure(dev):
-    """Mesh with two stations that can't reach each other directly (RSN)"""
-    check_mesh_support(dev[0], secure=True)
-    try:
-        set_group_map(dev[0], 1)
-        set_group_map(dev[1], 3)
-        set_group_map(dev[2], 2)
-        for i in range(3):
-            dev[i].request("SET sae_groups ")
-            id = add_mesh_secure_net(dev[i])
-            dev[i].mesh_group_add(id)
-            check_mesh_group_added(dev[i])
-        for i in range(3):
-            check_mesh_peer_connected(dev[i])
-
-        hwsim_utils.test_connectivity(dev[0], dev[1])
-        hwsim_utils.test_connectivity(dev[1], dev[2])
-        hwsim_utils.test_connectivity(dev[0], dev[2])
-    finally:
-        # reset groups
-        set_group_map(dev[0], 1)
-        set_group_map(dev[1], 1)
-        set_group_map(dev[2], 1)
-
-def test_mesh_sae_anti_clogging(dev, apdev):
-    """Mesh using SAE and anti-clogging"""
-    try:
-        run_mesh_sae_anti_clogging(dev, apdev)
-    finally:
-        stop_monitor(apdev[1]["ifname"])
-
-def run_mesh_sae_anti_clogging(dev, apdev):
-    check_mesh_support(dev[0], secure=True)
-    check_mesh_support(dev[1], secure=True)
-    check_mesh_support(dev[2], secure=True)
-
-    sock = start_monitor(apdev[1]["ifname"])
-    radiotap = radiotap_build()
-
-    dev[0].request("SET sae_groups 21")
-    id = add_mesh_secure_net(dev[0])
-    dev[0].mesh_group_add(id)
-    check_mesh_group_added(dev[0])
-
-    # This flood of SAE authentication frames is from not yet known mesh STAs,
-    # so the messages get dropped.
-    addr0 = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
-    for i in range(16):
-        addr = binascii.unhexlify("f2%010x" % i)
-        frame = build_sae_commit(addr0, addr)
-        sock.send(radiotap + frame)
-
-    dev[1].request("SET sae_groups 21")
-    id = add_mesh_secure_net(dev[1])
-    dev[1].mesh_group_add(id)
-    check_mesh_group_added(dev[1])
-    check_mesh_connected2(dev)
-
-    # Inject Beacon frames to make the sources of the second flood known to the
-    # target.
-    bcn1 = binascii.unhexlify("80000000" + "ffffffffffff")
-    bcn2 = binascii.unhexlify("0000dd20c44015840500e80310000000010882848b968c1298240301010504000200003204b048606c30140100000fac040100000fac040100000fac0800002d1afe131bffff0000000000000000000001000000000000000000003d16010000000000ffff0000000000000000000000000000720d777061732d6d6573682d736563710701010001010009")
-    for i in range(16):
-        addr = binascii.unhexlify("f4%010x" % i)
-        frame = bcn1 + addr + addr + bcn2
-        sock.send(radiotap + frame)
-
-    # This flood of SAE authentication frames is from known mesh STAs, so the
-    # target will need to process these.
-    for i in range(16):
-        addr = binascii.unhexlify("f4%010x" % i)
-        frame = build_sae_commit(addr0, addr)
-        sock.send(radiotap + frame)
-
-    dev[2].request("SET sae_groups 21")
-    id = add_mesh_secure_net(dev[2])
-    dev[2].mesh_group_add(id)
-    check_mesh_group_added(dev[2])
-    check_mesh_peer_connected(dev[2])
-    check_mesh_peer_connected(dev[0])
-
-def test_mesh_link_probe(dev, apdev, params):
-    """Mesh link probing"""
-    addr0 = dev[0].own_addr()
-    addr1 = dev[1].own_addr()
-    addr2 = dev[2].own_addr()
-
-    check_mesh_support(dev[0])
-    for i in range(3):
-        add_open_mesh_network(dev[i])
-        check_mesh_group_added(dev[i])
-    for i in range(3):
-        check_mesh_peer_connected(dev[i])
-
-    res = dev[0].request("MESH_LINK_PROBE " + addr1)
-    if "FAIL" in res:
-        raise HwsimSkip("MESH_LINK_PROBE kernel side support missing")
-    dev[0].request("MESH_LINK_PROBE " + addr2 + " payload=aabbccdd")
-    dev[1].request("MESH_LINK_PROBE " + addr0 + " payload=bbccddee")
-    dev[1].request("MESH_LINK_PROBE " + addr2 + " payload=ccddeeff")
-    dev[2].request("MESH_LINK_PROBE " + addr0 + " payload=aaaa")
-    dev[2].request("MESH_LINK_PROBE " + addr1 + " payload=000102030405060708090a0b0c0d0e0f")
-
-    capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
-    filt = "wlan.fc == 0x8803"
-    for i in range(10):
-        out = run_tshark(capfile, filt, ["wlan.sa", "wlan.da"])
-        if len(out.splitlines()) >= 6:
-            break
-        time.sleep(0.5)
-    for i in [addr0, addr1, addr2]:
-        for j in [addr0, addr1, addr2]:
-            if i == j:
-                continue
-            if i + "\t" + j not in out:
-                raise Exception("Did not see probe %s --> %s" % (i, j))
diff --git a/tests/hwsim/test_wpas_wmm_ac.py b/tests/hwsim/test_wpas_wmm_ac.py
deleted file mode 100644
index f9c40f33b2af..000000000000
--- a/tests/hwsim/test_wpas_wmm_ac.py
+++ /dev/null
@@ -1,400 +0,0 @@
-# Test cases for wpa_supplicant WMM-AC operations
-# Copyright (c) 2014, Intel Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from remotehost import remote_compatible
-import logging
-logger = logging.getLogger()
-import struct
-import sys
-
-import hwsim_utils
-import hostapd
-from utils import fail_test
-
-def add_wmm_ap(apdev, acm_list):
-    params = {"ssid": "wmm_ac",
-              "hw_mode": "g",
-              "channel": "11",
-              "wmm_enabled": "1"}
-
-    for ac in acm_list:
-        params["wmm_ac_%s_acm" % (ac.lower())] = "1"
-
-    return hostapd.add_ap(apdev, params)
-
-def test_tspec(dev, apdev):
-    """Basic addts/delts tests"""
-    # configure ap with VO and VI requiring admission-control
-    hapd = add_wmm_ap(apdev[0], ["VO", "VI"])
-    dev[0].connect("wmm_ac", key_mgmt="NONE", scan_freq="2462")
-    hwsim_utils.test_connectivity(dev[0], hapd)
-    status = dev[0].request("WMM_AC_STATUS")
-    if "WMM AC is Enabled" not in status:
-        raise Exception("WMM-AC not enabled")
-    if "TSID" in status:
-        raise Exception("Unexpected TSID info")
-    if "BK: acm=0 uapsd=0" not in status:
-        raise Exception("Unexpected BK info" + status)
-    if "BE: acm=0 uapsd=0" not in status:
-        raise Exception("Unexpected BE info" + status)
-    if "VI: acm=1 uapsd=0" not in status:
-        raise Exception("Unexpected VI info" + status)
-    if "VO: acm=1 uapsd=0" not in status:
-        raise Exception("Unexpected VO info" + status)
-
-    # no tsid --> tsid out of range
-    if "FAIL" not in dev[0].request("WMM_AC_ADDTS downlink"):
-        raise Exception("Invalid WMM_AC_ADDTS accepted")
-    # no direction
-    if "FAIL" not in dev[0].request("WMM_AC_ADDTS tsid=5"):
-        raise Exception("Invalid WMM_AC_ADDTS accepted")
-    # param out of range
-    if "FAIL" not in dev[0].request("WMM_AC_ADDTS tsid=5 downlink"):
-        raise Exception("Invalid WMM_AC_ADDTS accepted")
-
-    tsid = 5
-
-    # make sure we fail when the ac is not configured for acm
-    try:
-        dev[0].add_ts(tsid, 3)
-        raise Exception("ADDTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("ADDTS failed"):
-            raise
-    status = dev[0].request("WMM_AC_STATUS")
-    if "TSID" in status:
-        raise Exception("Unexpected TSID info")
-
-    # add tspec for UP=6
-    dev[0].add_ts(tsid, 6)
-    status = dev[0].request("WMM_AC_STATUS")
-    if "TSID" not in status:
-        raise Exception("Missing TSID info")
-
-    # using the same tsid for a different ac is invalid
-    try:
-        dev[0].add_ts(tsid, 5)
-        raise Exception("ADDTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("ADDTS failed"):
-            raise
-
-    # update the tspec for a different UP of the same ac
-    dev[0].add_ts(tsid, 7, extra="fixed_nominal_msdu")
-    dev[0].del_ts(tsid)
-    status = dev[0].request("WMM_AC_STATUS")
-    if "TSID" in status:
-        raise Exception("Unexpected TSID info")
-
-    # verify failure on uplink/bidi without driver support
-    tsid = 6
-    try:
-        dev[0].add_ts(tsid, 7, direction="uplink")
-        raise Exception("ADDTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("ADDTS failed"):
-            raise
-    try:
-        dev[0].add_ts(tsid, 7, direction="bidi")
-        raise Exception("ADDTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("ADDTS failed"):
-            raise
-
-    # attempt to delete non-existing tsid
-    try:
-        dev[0].del_ts(tsid)
-        raise Exception("DELTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("DELTS failed"):
-            raise
-
-    # "CTRL: Invalid WMM_AC_ADDTS parameter: 'foo'
-    if "FAIL" not in dev[0].request("WMM_AC_ADDTS foo"):
-        raise Exception("Invalid WMM_AC_ADDTS command accepted")
-
-def test_tspec_protocol(dev, apdev):
-    """Protocol tests for addts/delts"""
-    # configure ap with VO and VI requiring admission-control
-    hapd = add_wmm_ap(apdev[0], ["VO", "VI"])
-    dev[0].connect("wmm_ac", key_mgmt="NONE", scan_freq="2462")
-
-    dev[0].dump_monitor()
-    hapd.set("ext_mgmt_frame_handling", "1")
-
-    tsid = 6
-
-    # timeout on ADDTS response
-    dev[0].add_ts(tsid, 7, expect_failure=True)
-
-    hapd.dump_monitor()
-    req = "WMM_AC_ADDTS downlink tsid=6 up=7 nominal_msdu_size=1500 sba=9000 mean_data_rate=1500 min_phy_rate=6000000"
-    if "OK" not in dev[0].request(req):
-        raise Exception("WMM_AC_ADDTS failed")
-    # a new request while previous is still pending
-    if "FAIL" not in dev[0].request(req):
-        raise Exception("WMM_AC_ADDTS accepted while oen was still pending")
-    msg = hapd.mgmt_rx()
-    payload = msg['payload']
-    (categ, action, dialog, status) = struct.unpack('BBBB', payload[0:4])
-    if action != 0:
-        raise Exception("Unexpected Action code: %d" % action)
-
-    msg['da'] = msg['sa']
-    msg['sa'] = apdev[0]['bssid']
-
-    # unexpected dialog token
-    msg['payload'] = struct.pack('BBBB', 17, 1, (dialog + 1) & 0xff, 0) + payload[4:]
-    hapd.mgmt_tx(msg)
-
-    # valid response
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 0) + payload[4:]
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_event(["TSPEC-ADDED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on TSPEC-ADDED")
-    if "tsid=%d" % tsid not in ev:
-        raise Exception("Unexpected TSPEC-ADDED contents: " + ev)
-
-    # duplicated response
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 0) + payload[4:]
-    hapd.mgmt_tx(msg)
-
-    # too short ADDTS
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 0)
-    hapd.mgmt_tx(msg)
-
-    # invalid IE
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 0) + payload[4:] + struct.pack('BB', 0xdd, 100)
-    hapd.mgmt_tx(msg)
-
-    # too short WMM element
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 0) + payload[4:] + b'\xdd\x06\x00\x50\xf2\x02\x02\x01'
-    hapd.mgmt_tx(msg)
-
-    # DELTS
-    dev[0].dump_monitor()
-    msg['payload'] = struct.pack('BBBB', 17, 2, 0, 0) + payload[4:]
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_event(['TSPEC-REMOVED'], timeout=6)
-    if ev is None:
-        raise Exception("Timeout on TSPEC-REMOVED event")
-    if "tsid=%d" % tsid not in ev:
-        raise Exception("Unexpected TSPEC-REMOVED contents: " + ev)
-    # DELTS duplicated
-    msg['payload'] = struct.pack('BBBB', 17, 2, 0, 0) + payload[4:]
-    hapd.mgmt_tx(msg)
-
-    # start a new request
-    hapd.dump_monitor()
-    if "OK" not in dev[0].request(req):
-        raise Exception("WMM_AC_ADDTS failed")
-    msg = hapd.mgmt_rx()
-    payload = msg['payload']
-    (categ, action, dialog, status) = struct.unpack('BBBB', payload[0:4])
-    if action != 0:
-        raise Exception("Unexpected Action code: %d" % action)
-
-    msg['da'] = msg['sa']
-    msg['sa'] = apdev[0]['bssid']
-
-    # modified parameters
-    p12int = payload[12] if sys.version_info[0] > 2 else ord(payload[12])
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 1) + payload[4:12] + struct.pack('B', p12int & ~0x60) + payload[13:]
-    hapd.mgmt_tx(msg)
-
-    # reject request
-    msg['payload'] = struct.pack('BBBB', 17, 1, dialog, 1) + payload[4:]
-    hapd.mgmt_tx(msg)
-    ev = dev[0].wait_event(["TSPEC-REQ-FAILED"], timeout=10)
-    if ev is None:
-        raise Exception("Timeout on TSPEC-REQ-FAILED")
-    if "tsid=%d" % tsid not in ev:
-        raise Exception("Unexpected TSPEC-REQ-FAILED contents: " + ev)
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-@remote_compatible
-def test_tspec_not_enabled(dev, apdev):
-    """addts failing if AP does not support WMM"""
-    params = {"ssid": "wmm_no_ac",
-              "hw_mode": "g",
-              "channel": "11",
-              "wmm_enabled": "0"}
-    hapd = hostapd.add_ap(apdev[0], params)
-    dev[0].connect("wmm_no_ac", key_mgmt="NONE", scan_freq="2462")
-    status = dev[0].request("WMM_AC_STATUS")
-    if "Not associated to a WMM AP, WMM AC is Disabled" not in status:
-        raise Exception("Unexpected WMM_AC_STATUS: " + status)
-
-    try:
-        dev[0].add_ts(5, 6)
-        raise Exception("ADDTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("ADDTS failed"):
-            raise
-
-    # attempt to delete non-existing tsid
-    try:
-        dev[0].del_ts(5)
-        raise Exception("DELTS succeeded although it should have failed")
-    except Exception as e:
-        if not str(e).startswith("DELTS failed"):
-            raise
-
-    # unexpected Action frame when WMM is disabled
-    MGMT_SUBTYPE_ACTION = 13
-    msg = {}
-    msg['fc'] = MGMT_SUBTYPE_ACTION << 4
-    msg['da'] = dev[0].p2p_interface_addr()
-    msg['sa'] = apdev[0]['bssid']
-    msg['bssid'] = apdev[0]['bssid']
-    msg['payload'] = struct.pack('BBBB', 17, 2, 0, 0)
-    hapd.mgmt_tx(msg)
-
-@remote_compatible
-def test_tspec_ap_roam_open(dev, apdev):
-    """Roam between two open APs while having tspecs"""
-    hapd0 = add_wmm_ap(apdev[0], ["VO", "VI"])
-    dev[0].connect("wmm_ac", key_mgmt="NONE")
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    dev[0].add_ts(5, 6)
-
-    hapd1 = add_wmm_ap(apdev[1], ["VO", "VI"])
-    dev[0].scan_for_bss(apdev[1]['bssid'], freq=2462)
-    dev[0].roam(apdev[1]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd1)
-    if dev[0].tspecs():
-        raise Exception("TSPECs weren't deleted on roaming")
-
-    dev[0].scan_for_bss(apdev[0]['bssid'], freq=2462)
-    dev[0].roam(apdev[0]['bssid'])
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-
-@remote_compatible
-def test_tspec_reassoc(dev, apdev):
-    """Reassociation to same BSS while having tspecs"""
-    hapd0 = add_wmm_ap(apdev[0], ["VO", "VI"])
-    dev[0].connect("wmm_ac", key_mgmt="NONE")
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    dev[0].add_ts(5, 6)
-    last_tspecs = dev[0].tspecs()
-
-    dev[0].request("REASSOCIATE")
-    dev[0].wait_connected()
-
-    hwsim_utils.test_connectivity(dev[0], hapd0)
-    if dev[0].tspecs() != last_tspecs:
-        raise Exception("TSPECs weren't saved on reassociation")
-
-def test_wmm_element(dev, apdev):
-    """hostapd FTM range request timeout"""
-    try:
-        run_wmm_element(dev, apdev)
-    finally:
-        dev[0].request("VENDOR_ELEM_REMOVE 13 *")
-
-def run_wmm_element(dev, apdev):
-    params = {"ssid": "wmm"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-
-    # Too short WMM IE
-    dev[0].request("VENDOR_ELEM_ADD 13 dd060050f2020001")
-    dev[0].scan_for_bss(bssid, freq=2412)
-    dev[0].connect("wmm", key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("Association not rejected")
-    dev[0].request("REMOVE_NETWORK all")
-
-    # Unsupported WMM IE Subtype/Version
-    dev[0].request("VENDOR_ELEM_ADD 13 dd070050f202000000")
-    dev[0].connect("wmm", key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("Association not rejected")
-    dev[0].request("REMOVE_NETWORK all")
-
-    # Unsupported WMM IE Subtype/Version
-    dev[0].request("VENDOR_ELEM_ADD 13 dd070050f202010100")
-    dev[0].connect("wmm", key_mgmt="NONE", scan_freq="2412", wait_connect=False)
-    ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-    if ev is None:
-        raise Exception("Association not rejected")
-    dev[0].request("REMOVE_NETWORK all")
-
-def test_tspec_ap_fail(dev, apdev):
-    """AP failing to send tspec response"""
-    # configure ap with VO and VI requiring admission-control
-    hapd = add_wmm_ap(apdev[0], ["VO", "VI"])
-    dev[0].connect("wmm_ac", key_mgmt="NONE", scan_freq="2462")
-    tsid = 5
-
-    with fail_test(hapd, 1, "wmm_send_action"):
-        try:
-            # add tspec for UP=6
-            dev[0].add_ts(tsid, 6)
-        except:
-            pass
-
-def test_tspec_ap_parsing(dev, apdev):
-    """TSPEC AP parsing tests"""
-    # configure ap with VO and VI requiring admission-control
-    hapd = add_wmm_ap(apdev[0], ["VO", "VI"])
-    bssid = hapd.own_addr()
-    dev[0].connect("wmm_ac", key_mgmt="NONE", scan_freq="2462")
-    addr = dev[0].own_addr()
-
-    tests = ["WMM_AC_ADDTS downlink tsid=5 up=6 nominal_msdu_size=1500 sba=9000 mean_data_rate=1500 min_phy_rate=600000",
-             "WMM_AC_ADDTS downlink tsid=5 up=6 nominal_msdu_size=1500 sba=8192 mean_data_rate=1500 min_phy_rate=6000000",
-             "WMM_AC_ADDTS downlink tsid=5 up=6 nominal_msdu_size=32767 sba=65535 mean_data_rate=1500 min_phy_rate=1000000",
-             "WMM_AC_ADDTS downlink tsid=5 up=6 nominal_msdu_size=10000 sba=65535 mean_data_rate=2147483647 min_phy_rate=1000000"]
-    for t in tests:
-        if "OK" not in dev[0].request(t):
-            raise Exception("WMM_AC_ADDTS failed")
-        ev = dev[0].wait_event(["TSPEC-REQ-FAILED"], timeout=1)
-        if ev is None:
-            raise Exception("No response")
-
-    tests = []
-    # WMM: Invalid Nominal MSDU Size (0)
-    tests += ["11000400dd3d0050f2020201aa300000000000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000"]
-    # hostapd_wmm_action - missing or wrong length tspec
-    tests += ["11000400dd3e0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff000000"]
-    # hostapd_wmm_action - could not parse wmm action
-    tests += ["11000400dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff00"]
-    # valid form
-    tests += ["11000400dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000"]
-
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-    for t in tests:
-        if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
-            raise Exception("MGMT_RX_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
-
-def test_wmm_disabled(dev, apdev):
-    """WMM disabled and unexpected TSPEC"""
-    params = {"ssid": "no-wmm", "ieee80211n": "0", "wmm_enabled": "0"}
-    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    bssid = hapd.own_addr()
-    dev[0].connect("no-wmm", key_mgmt="NONE", scan_freq="2412")
-    addr = dev[0].own_addr()
-
-    # wmm action received is not from associated wmm station
-    hdr = "d0003a01" + bssid.replace(':', '') + addr.replace(':', '') + bssid.replace(':', '') + "1000"
-    hapd.set("ext_mgmt_frame_handling", "1")
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "11000400dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000"):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    # IEEE 802.11: Ignored Action frame (category=17) from unassociated STA
-    hdr = "d0003a01" + bssid.replace(':', '') + "112233445566" + bssid.replace(':', '') + "1000"
-    if "OK" not in hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + "11000400dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000"):
-        raise Exception("MGMT_RX_PROCESS failed")
-
-    hapd.set("ext_mgmt_frame_handling", "0")
diff --git a/tests/hwsim/tnc/.gitignore b/tests/hwsim/tnc/.gitignore
deleted file mode 100644
index 2f8896276f35..000000000000
--- a/tests/hwsim/tnc/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-libhostap2_imc.so
-libhostap2_imv.so
-libhostap_imc.so
-libhostap_imv.so
diff --git a/tests/hwsim/tnc/Makefile b/tests/hwsim/tnc/Makefile
deleted file mode 100644
index 64ba0cac6242..000000000000
--- a/tests/hwsim/tnc/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-CFLAGS += -I$(abspath ../../../src)
-CFLAGS += -I$(abspath ../../../src/utils)
-
-ALL=libhostap_imc.so libhostap_imv.so libhostap2_imc.so libhostap2_imv.so
-all: $(ALL)
-
-Q=@
-E=echo
-ifeq ($(V), 1)
-Q=
-E=true
-endif
-ifeq ($(QUIET), 1)
-Q=@
-E=true
-endif
-
-lib%.so: %.c
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $<
-	@$(E) "  CC " $@
-
-clean:
-	rm -f $(ALL)
diff --git a/tests/hwsim/tnc/hostap2_imc.c b/tests/hwsim/tnc/hostap2_imc.c
deleted file mode 100644
index 3818c17d994a..000000000000
--- a/tests/hwsim/tnc/hostap2_imc.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Example IMC for TNC testing
- * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/tnc.h"
-
-static int initialized = 0;
-static TNC_IMCID my_id = -1;
-static TNC_TNCC_SendMessagePointer send_message = NULL;
-static TNC_TNCC_ReportMessageTypesPointer report_message_types = NULL;
-static TNC_TNCC_RequestHandshakeRetryPointer request_retry = NULL;
-
-static TNC_MessageType message_types[] =
-{
-	(TNC_VENDORID_ANY << 8) | TNC_SUBTYPE_ANY
-};
-
-
-TNC_Result TNC_IMC_Initialize(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_Version minVersion,
-	/*in*/ TNC_Version maxVersion,
-	/*out*/ TNC_Version *pOutActualVersion)
-{
-	wpa_printf(MSG_INFO,
-		   "IMC(hostap2) %s(imcID=%u, minVersion=%u, maxVersion=%u)",
-		   __func__, (unsigned) imcID, (unsigned) minVersion,
-		   (unsigned) maxVersion);
-
-	if (initialized)
-		return TNC_RESULT_ALREADY_INITIALIZED;
-
-	if (minVersion < TNC_IFIMC_VERSION_1 ||
-	    maxVersion > TNC_IFIMC_VERSION_1)
-		return TNC_RESULT_NO_COMMON_VERSION;
-
-	if (!pOutActualVersion)
-		return TNC_RESULT_INVALID_PARAMETER;
-	*pOutActualVersion = TNC_IFIMC_VERSION_1;
-	my_id = imcID;
-
-	initialized = 1;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_BeginHandshake(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_ConnectionID connectionID)
-{
-	char *msg = "hello";
-	TNC_Result res;
-
-	wpa_printf(MSG_INFO, "IMC(hostap2) %s(imcID=%u, connectionID=%u)",
-		   __func__, (unsigned) imcID, (unsigned) connectionID);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imcID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	if (!send_message)
-		return TNC_RESULT_FATAL;
-
-	res = send_message(imcID, connectionID, msg, os_strlen(msg), 1);
-	if (res != TNC_RESULT_SUCCESS)
-		return res;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_ProvideBindFunction(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_TNCC_BindFunctionPointer bindFunction)
-{
-	TNC_Result res;
-
-	wpa_printf(MSG_INFO, "IMC(hostap2) %s(imcID=%u)",
-		   __func__, (unsigned) imcID);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imcID != my_id || !bindFunction)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	if (bindFunction(imcID, "TNC_TNCC_SendMessage",
-			 (void **) &send_message) != TNC_RESULT_SUCCESS ||
-	    !send_message)
-		return TNC_RESULT_FATAL;
-
-	if (bindFunction(imcID, "TNC_TNCC_ReportMessageTypes",
-			 (void **) &report_message_types) !=
-	    TNC_RESULT_SUCCESS ||
-	    !report_message_types)
-		return TNC_RESULT_FATAL;
-
-	if (bindFunction(imcID, "TNC_TNCC_RequestHandshakeRetry",
-			 (void **) &request_retry) != TNC_RESULT_SUCCESS ||
-	    !request_retry)
-		return TNC_RESULT_FATAL;
-
-	res = report_message_types(imcID, message_types,
-				   ARRAY_SIZE(message_types));
-	if (res != TNC_RESULT_SUCCESS)
-		return res;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_NotifyConnectionChange(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_ConnectionID connectionID,
-	/*in*/ TNC_ConnectionState newState)
-{
-	wpa_printf(MSG_INFO,
-		   "IMC(hostap2) %s(imcID=%u, connectionID=%u, newState=%u)",
-		   __func__, (unsigned) imcID, (unsigned) connectionID,
-		   (unsigned) newState);
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_ReceiveMessage(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_ConnectionID connectionID,
-	/*in*/ TNC_BufferReference message,
-	/*in*/ TNC_UInt32 messageLength,
-	/*in*/ TNC_MessageType messageType)
-{
-	TNC_Result res;
-
-	wpa_printf(MSG_INFO,
-		   "IMC(hostap2) %s(imcID=%u, connectionID=%u, messageType=%u)",
-		   __func__, (unsigned) imcID, (unsigned) connectionID,
-		   (unsigned) messageType);
-	wpa_hexdump_ascii(MSG_INFO, "IMC(hostap2) message",
-			  message, messageLength);
-
-	if (messageType == 1 && messageLength == 5 &&
-	    os_memcmp(message, "hello", 5) == 0) {
-		char *msg = "i'm fine";
-
-		res = send_message(imcID, connectionID, msg, os_strlen(msg), 1);
-		if (res != TNC_RESULT_SUCCESS)
-			return res;
-	}
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_BatchEnding(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_ConnectionID connectionID)
-{
-	wpa_printf(MSG_INFO, "IMC(hostap2) %s(imcID=%u, connectionID=%u)",
-		   __func__, (unsigned) imcID, (unsigned) connectionID);
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_Terminate(
-	/*in*/ TNC_IMCID imcID)
-{
-	wpa_printf(MSG_INFO, "IMC(hostap2) %s(imcID=%u)",
-		   __func__, (unsigned) imcID);
-
-	return TNC_RESULT_SUCCESS;
-}
diff --git a/tests/hwsim/tnc/hostap2_imv.c b/tests/hwsim/tnc/hostap2_imv.c
deleted file mode 100644
index 652888ab2865..000000000000
--- a/tests/hwsim/tnc/hostap2_imv.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Example IMV for TNC testing
- * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/tnc.h"
-
-static int initialized = 0;
-static TNC_IMVID my_id = -1;
-static TNC_TNCS_ReportMessageTypesPointer report_message_types = NULL;
-static TNC_TNCS_SendMessagePointer send_message = NULL;
-static TNC_TNCS_RequestHandshakeRetryPointer request_retry = NULL;
-TNC_TNCS_ProvideRecommendationPointer provide_recomm = NULL;
-
-static TNC_MessageType message_types[] =
-{
-	(TNC_VENDORID_ANY << 8) | TNC_SUBTYPE_ANY
-};
-
-
-TNC_Result TNC_IMV_Initialize(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_Version minVersion,
-	/*in*/ TNC_Version maxVersion,
-	/*out*/ TNC_Version *pOutActualVersion)
-{
-	wpa_printf(MSG_INFO,
-		   "IMV(hostap2) %s(imvID=%u, minVersion=%u, maxVersion=%u)",
-		   __func__, (unsigned) imvID, (unsigned) minVersion,
-		   (unsigned) maxVersion);
-
-	if (initialized)
-		return TNC_RESULT_ALREADY_INITIALIZED;
-
-	if (minVersion < TNC_IFIMV_VERSION_1 ||
-	    maxVersion > TNC_IFIMV_VERSION_1)
-		return TNC_RESULT_NO_COMMON_VERSION;
-
-	if (!pOutActualVersion)
-		return TNC_RESULT_INVALID_PARAMETER;
-	*pOutActualVersion = TNC_IFIMV_VERSION_1;
-
-	initialized = 1;
-	my_id = imvID;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_NotifyConnectionChange(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_ConnectionID connectionID,
-	/*in*/ TNC_ConnectionState newState)
-{
-	wpa_printf(MSG_INFO,
-		   "IMV(hostap2) %s(imvID=%u, connectionID=%u, newState=%u)",
-		   __func__, (unsigned) imvID, (unsigned) connectionID,
-		   (unsigned) newState);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imvID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	/* TODO: call TNC_TNCS_ProvideRecommendation */
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_ReceiveMessage(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_ConnectionID connectionID,
-	/*in*/ TNC_BufferReference message,
-	/*in*/ TNC_UInt32 messageLength,
-	/*in*/ TNC_MessageType messageType)
-{
-	TNC_Result res;
-
-	wpa_printf(MSG_INFO,
-		   "IMV(hostap2) %s(imvID=%u, connectionID=%u, messageType=%u)",
-		   __func__, (unsigned) imvID, (unsigned) connectionID,
-		   (unsigned) messageType);
-	wpa_hexdump_ascii(MSG_INFO, "IMV(hostap2) message",
-			  message, messageLength);
-
-	if (!send_message)
-		return TNC_RESULT_FATAL;
-
-	if (messageType == 1 && messageLength == 5 &&
-	    os_memcmp(message, "hello", 5) == 0) {
-		char *msg = "hello";
-
-		res = send_message(imvID, connectionID, msg, os_strlen(msg), 1);
-		if (res != TNC_RESULT_SUCCESS)
-			return res;
-	}
-
-	if (messageType == 1 && messageLength == 8 &&
-	    os_memcmp(message, "i'm fine", 8) == 0) {
-		if (!provide_recomm)
-			return TNC_RESULT_FATAL;
-		res = provide_recomm(imvID, connectionID,
-				     TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
-				     TNC_IMV_EVALUATION_RESULT_COMPLIANT);
-		if (res != TNC_RESULT_SUCCESS)
-			return res;
-	}
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_SolicitRecommendation(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_ConnectionID connectionID)
-{
-	wpa_printf(MSG_INFO, "IMV(hostap2) %s(imvID=%u, connectionID=%u)",
-		   __func__, (unsigned) imvID, (unsigned) connectionID);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imvID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	/* TODO: call TNC_TNCS_ProvideRecommendation */
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_BatchEnding(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_ConnectionID connectionID)
-{
-	wpa_printf(MSG_INFO, "IMV(hostap2) %s(imvID=%u, connectionID=%u)",
-		   __func__, (unsigned) imvID, (unsigned) connectionID);
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_Terminate(
-	/*in*/ TNC_IMVID imvID)
-{
-	wpa_printf(MSG_INFO, "IMV(hostap2) %s(imvID=%u)",
-		   __func__, (unsigned) imvID);
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_ProvideBindFunction(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_TNCS_BindFunctionPointer bindFunction)
-{
-	TNC_Result res;
-
-	wpa_printf(MSG_INFO, "IMV(hostap2) %s(imvID=%u)",
-		   __func__, (unsigned) imvID);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imvID != my_id || !bindFunction)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	if (bindFunction(imvID, "TNC_TNCS_ReportMessageTypes",
-			 (void **) &report_message_types) !=
-	    TNC_RESULT_SUCCESS ||
-	    !report_message_types)
-		return TNC_RESULT_FATAL;
-
-	if (bindFunction(imvID, "TNC_TNCS_SendMessage",
-			 (void **) &send_message) != TNC_RESULT_SUCCESS ||
-	    !send_message)
-		return TNC_RESULT_FATAL;
-
-	if (bindFunction(imvID, "TNC_TNCS_RequestHandshakeRetry",
-			 (void **) &request_retry) != TNC_RESULT_SUCCESS ||
-	    !request_retry)
-		return TNC_RESULT_FATAL;
-
-	if (bindFunction(imvID, "TNC_TNCS_ProvideRecommendation",
-			 (void **) &provide_recomm) != TNC_RESULT_SUCCESS ||
-	    !provide_recomm)
-		return TNC_RESULT_FATAL;
-
-	res = report_message_types(imvID, message_types,
-				   ARRAY_SIZE(message_types));
-	if (res != TNC_RESULT_SUCCESS)
-		return res;
-
-	return TNC_RESULT_SUCCESS;
-}
diff --git a/tests/hwsim/tnc/hostap_imc.c b/tests/hwsim/tnc/hostap_imc.c
deleted file mode 100644
index d28183a016f5..000000000000
--- a/tests/hwsim/tnc/hostap_imc.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Minimal example IMC for TNC testing
- * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/tnc.h"
-
-static int initialized = 0;
-static TNC_IMCID my_id = -1;
-
-TNC_Result TNC_IMC_Initialize(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_Version minVersion,
-	/*in*/ TNC_Version maxVersion,
-	/*out*/ TNC_Version *pOutActualVersion)
-{
-	wpa_printf(MSG_INFO, "IMC(hostap) %s", __func__);
-
-	if (initialized)
-		return TNC_RESULT_ALREADY_INITIALIZED;
-
-	if (minVersion < TNC_IFIMC_VERSION_1 ||
-	    maxVersion > TNC_IFIMC_VERSION_1)
-		return TNC_RESULT_NO_COMMON_VERSION;
-
-	if (!pOutActualVersion)
-		return TNC_RESULT_INVALID_PARAMETER;
-	*pOutActualVersion = TNC_IFIMC_VERSION_1;
-	my_id = imcID;
-
-	initialized = 1;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_BeginHandshake(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_ConnectionID connectionID)
-{
-	wpa_printf(MSG_INFO, "IMC(hostap) %s", __func__);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imcID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMC_ProvideBindFunction(
-	/*in*/ TNC_IMCID imcID,
-	/*in*/ TNC_TNCC_BindFunctionPointer bindFunction)
-{
-	wpa_printf(MSG_INFO, "IMC(hostap) %s", __func__);
-
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imcID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	return TNC_RESULT_SUCCESS;
-}
diff --git a/tests/hwsim/tnc/hostap_imv.c b/tests/hwsim/tnc/hostap_imv.c
deleted file mode 100644
index 0f4f9c8994c5..000000000000
--- a/tests/hwsim/tnc/hostap_imv.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Minimal example IMV for TNC testing
- * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/tnc.h"
-
-static int initialized = 0;
-static TNC_IMVID my_id = -1;
-
-TNC_Result TNC_IMV_Initialize(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_Version minVersion,
-	/*in*/ TNC_Version maxVersion,
-	/*out*/ TNC_Version *pOutActualVersion)
-{
-	if (initialized)
-		return TNC_RESULT_ALREADY_INITIALIZED;
-
-	if (minVersion < TNC_IFIMV_VERSION_1 ||
-	    maxVersion > TNC_IFIMV_VERSION_1)
-		return TNC_RESULT_NO_COMMON_VERSION;
-
-	if (!pOutActualVersion)
-		return TNC_RESULT_INVALID_PARAMETER;
-	*pOutActualVersion = TNC_IFIMV_VERSION_1;
-
-	initialized = 1;
-	my_id = imvID;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_SolicitRecommendation(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_ConnectionID connectionID)
-{
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imvID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	return TNC_RESULT_SUCCESS;
-}
-
-
-TNC_Result TNC_IMV_ProvideBindFunction(
-	/*in*/ TNC_IMVID imvID,
-	/*in*/ TNC_TNCS_BindFunctionPointer bindFunction)
-{
-	if (!initialized)
-		return TNC_RESULT_NOT_INITIALIZED;
-
-	if (imvID != my_id)
-		return TNC_RESULT_INVALID_PARAMETER;
-
-	return TNC_RESULT_SUCCESS;
-}
diff --git a/tests/hwsim/tnc/tnc_config b/tests/hwsim/tnc/tnc_config
deleted file mode 100644
index 613783a66f5d..000000000000
--- a/tests/hwsim/tnc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-IMC "hostap IMC" tnc/libhostap_imc.so
-IMV "hostap IMV" tnc/libhostap_imv.so
-IMC "hostap2 IMC" tnc/libhostap2_imc.so
-IMV "hostap2 IMV" tnc/libhostap2_imv.so
diff --git a/tests/hwsim/tshark.py b/tests/hwsim/tshark.py
deleted file mode 100644
index 32cdf4701ec3..000000000000
--- a/tests/hwsim/tshark.py
+++ /dev/null
@@ -1,124 +0,0 @@
-#
-# tshark module - refactored from test_scan.py
-#
-# Copyright (c) 2014, Qualcomm Atheros, Inc.
-# Copyright (c) 2015, Intel Mobile Communications GmbH
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import time
-import subprocess
-import logging
-logger = logging.getLogger()
-
-from utils import *
-
-class UnknownFieldsException(Exception):
-    def __init__(self, fields):
-        Exception.__init__(self, "unknown tshark fields %s" % ','.join(fields))
-        self.fields = fields
-
-_tshark_filter_arg = '-Y'
-
-def _run_tshark(filename, filter, display=None, wait=True):
-    global _tshark_filter_arg
-
-    if wait:
-        # wait a bit to make it more likely for wlantest sniffer to have
-        # captured and written the results into a file that we can process here
-        time.sleep(0.1)
-
-    try:
-        arg = ["tshark", "-r", filename,
-               _tshark_filter_arg, filter]
-        if display:
-            arg.append('-Tfields')
-            for d in display:
-                arg.append('-e')
-                arg.append(d)
-        else:
-            arg.append('-V')
-        cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
-                               stderr=subprocess.PIPE)
-    except Exception as e:
-        logger.info("Could run run tshark check: " + str(e))
-        if "No such file or directory: 'tshark'" in str(e):
-            raise HwsimSkip("No tshark available")
-        cmd = None
-        return None
-
-    output = cmd.communicate()
-    out = output[0].decode(errors='ignore')
-    out1 = output[1].decode()
-    res = cmd.wait()
-    if res == 1:
-        errmsg = "Some fields aren't valid"
-        if errmsg in out1:
-            errors = out1.split('\n')
-            fields = []
-            collect = False
-            for f in errors:
-                if collect:
-                    f = f.strip()
-                    if f:
-                        fields.append(f)
-                    continue
-                if errmsg in f:
-                    collect = True
-                    continue
-            raise UnknownFieldsException(fields)
-        # remember this for efficiency
-        _tshark_filter_arg = '-R'
-        arg[3] = '-R'
-        cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
-                               stderr=open('/dev/null', 'w'))
-        out = cmd.communicate()[0].decode()
-        cmd.wait()
-    if res == 2:
-        if "tshark: Neither" in out1 and "are field or protocol names" in out1:
-            errors = out1.split('\n')
-            fields = []
-            for f in errors:
-                if f.startswith("tshark: Neither "):
-                    f = f.split(' ')[2].strip('"')
-                    if f:
-                        fields.append(f)
-                    continue
-            raise UnknownFieldsException(fields)
-
-    return out
-
-def run_tshark(filename, filter, display=None, wait=True):
-    if display is None: display = []
-    try:
-        return _run_tshark(filename, filter.replace('wlan_mgt', 'wlan'),
-                           [x.replace('wlan_mgt', 'wlan') for x in display],
-                           wait)
-    except UnknownFieldsException as e:
-        all_wlan_mgt = True
-        for f in e.fields:
-            if not f.startswith('wlan_mgt.'):
-                all_wlan_mgt = False
-                break
-        if not all_wlan_mgt:
-            raise
-        return _run_tshark(filename, filter, display, wait)
-
-def run_tshark_json(filename, filter):
-    arg = ["tshark", "-r", filename,
-           _tshark_filter_arg, filter]
-    arg.append('-Tjson')
-    arg.append('-x')
-    try:
-        cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
-                               stderr=subprocess.PIPE)
-    except Exception as e:
-        logger.info("Could run run tshark: " + str(e))
-        if "No such file or directory: 'tshark'" in str(e):
-            raise HwsimSkip("No tshark available")
-        return None
-    output = cmd.communicate()
-    out = output[0].decode()
-    res = cmd.wait()
-    return out
diff --git a/tests/hwsim/utils.py b/tests/hwsim/utils.py
deleted file mode 100644
index 4e88626615d5..000000000000
--- a/tests/hwsim/utils.py
+++ /dev/null
@@ -1,314 +0,0 @@
-# Testing utilities
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import os
-import socket
-import struct
-import subprocess
-import time
-import remotehost
-import logging
-logger = logging.getLogger()
-import hostapd
-
-def get_ifnames():
-    ifnames = []
-    with open("/proc/net/dev", "r") as f:
-        lines = f.readlines()
-        for l in lines:
-            val = l.split(':', 1)
-            if len(val) == 2:
-                ifnames.append(val[0].strip(' '))
-    return ifnames
-
-class HwsimSkip(Exception):
-    def __init__(self, reason):
-        self.reason = reason
-    def __str__(self):
-        return self.reason
-
-def long_duration_test(func):
-    func.long_duration_test = True
-    return func
-
-class alloc_fail(object):
-    def __init__(self, dev, count, funcs):
-        self._dev = dev
-        self._count = count
-        self._funcs = funcs
-    def __enter__(self):
-        cmd = "TEST_ALLOC_FAIL %d:%s" % (self._count, self._funcs)
-        if "OK" not in self._dev.request(cmd):
-            raise HwsimSkip("TEST_ALLOC_FAIL not supported")
-    def __exit__(self, type, value, traceback):
-        if type is None:
-            if self._dev.request("GET_ALLOC_FAIL") != "0:%s" % self._funcs:
-                raise Exception("Allocation failure did not trigger")
-
-class fail_test(object):
-    def __init__(self, dev, count, funcs):
-        self._dev = dev
-        self._count = count
-        self._funcs = funcs
-    def __enter__(self):
-        cmd = "TEST_FAIL %d:%s" % (self._count, self._funcs)
-        if "OK" not in self._dev.request(cmd):
-            raise HwsimSkip("TEST_FAIL not supported")
-    def __exit__(self, type, value, traceback):
-        if type is None:
-            if self._dev.request("GET_FAIL") != "0:%s" % self._funcs:
-                raise Exception("Test failure did not trigger")
-
-def wait_fail_trigger(dev, cmd, note="Failure not triggered", max_iter=40,
-		      timeout=0.05):
-    for i in range(0, max_iter):
-        if dev.request(cmd).startswith("0:"):
-            break
-        if i == max_iter - 1:
-            raise Exception(note)
-        time.sleep(timeout)
-
-def require_under_vm():
-    with open('/proc/1/cmdline', 'r') as f:
-        cmd = f.read()
-        if "inside.sh" not in cmd:
-            raise HwsimSkip("Not running under VM")
-
-def iface_is_in_bridge(bridge, ifname):
-    fname = "/sys/class/net/"+ifname+"/brport/bridge"
-    if not os.path.exists(fname):
-        return False
-    if not os.path.islink(fname):
-        return False
-    truebridge = os.path.basename(os.readlink(fname))
-    if bridge == truebridge:
-        return True
-    return False
-
-def skip_with_fips(dev, reason="Not supported in FIPS mode"):
-    res = dev.get_capability("fips")
-    if res and 'FIPS' in res:
-        raise HwsimSkip(reason)
-
-def check_ext_key_id_capa(dev):
-    res = dev.get_driver_status_field('capa.flags')
-    if (int(res, 0) & 0x8000000000000000) == 0:
-        raise HwsimSkip("Extended Key ID not supported")
-
-def skip_without_tkip(dev):
-    res = dev.get_capability("fips")
-    if "TKIP" not in dev.get_capability("pairwise") or \
-       "TKIP" not in dev.get_capability("group"):
-        raise HwsimSkip("Cipher TKIP not supported")
-
-def check_wep_capa(dev):
-    if "WEP40" not in dev.get_capability("group"):
-        raise HwsimSkip("WEP not supported")
-
-def check_sae_capab(dev):
-    if "SAE" not in dev.get_capability("auth_alg"):
-        raise HwsimSkip("SAE not supported")
-
-def check_sae_pk_capab(dev):
-    capab = dev.get_capability("sae")
-    if capab is None or "PK" not in capab:
-        raise HwsimSkip("SAE-PK not supported")
-
-def check_erp_capa(dev):
-    capab = dev.get_capability("erp")
-    if not capab or 'ERP' not in capab:
-        raise HwsimSkip("ERP not supported in the build")
-
-def check_fils_capa(dev):
-    capa = dev.get_capability("fils")
-    if capa is None or "FILS" not in capa:
-        raise HwsimSkip("FILS not supported")
-
-def check_fils_sk_pfs_capa(dev):
-    capa = dev.get_capability("fils")
-    if capa is None or "FILS-SK-PFS" not in capa:
-        raise HwsimSkip("FILS-SK-PFS not supported")
-
-def check_tls_tod(dev):
-    tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("internal"):
-        raise HwsimSkip("TLS TOD-TOFU/STRICT not supported with this TLS library: " + tls)
-
-def vht_supported():
-    cmd = subprocess.Popen(["iw", "reg", "get"], stdout=subprocess.PIPE)
-    reg = cmd.stdout.read()
-    if "@ 80)" in reg or "@ 160)" in reg:
-        return True
-    return False
-
-# This function checks whether the provided dev, which may be either
-# WpaSupplicant or Hostapd supports CSA.
-def csa_supported(dev):
-    res = dev.get_driver_status()
-    if (int(res['capa.flags'], 0) & 0x80000000) == 0:
-        raise HwsimSkip("CSA not supported")
-
-def get_phy(ap, ifname=None):
-    phy = "phy3"
-    try:
-        hostname = ap['hostname']
-    except:
-        hostname = None
-    host = remotehost.Host(hostname)
-
-    if ifname == None:
-        ifname = ap['ifname']
-    status, buf = host.execute(["iw", "dev", ifname, "info"])
-    if status != 0:
-        raise Exception("iw " + ifname + " info failed")
-    lines = buf.split("\n")
-    for line in lines:
-        if "wiphy" in line:
-            words = line.split()
-            phy = "phy" + words[1]
-            break
-    return phy
-
-def parse_ie(buf):
-    ret = {}
-    data = binascii.unhexlify(buf)
-    while len(data) >= 2:
-        ie, elen = struct.unpack('BB', data[0:2])
-        data = data[2:]
-        if elen > len(data):
-            break
-        ret[ie] = data[0:elen]
-        data = data[elen:]
-    return ret
-
-def wait_regdom_changes(dev):
-    for i in range(10):
-        ev = dev.wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.1)
-        if ev is None:
-            break
-
-def clear_country(dev):
-    logger.info("Try to clear country")
-    id = dev[1].add_network()
-    dev[1].set_network(id, "mode", "2")
-    dev[1].set_network_quoted(id, "ssid", "country-clear")
-    dev[1].set_network(id, "key_mgmt", "NONE")
-    dev[1].set_network(id, "frequency", "2412")
-    dev[1].set_network(id, "scan_freq", "2412")
-    dev[1].select_network(id)
-    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"])
-    if ev:
-        dev[0].connect("country-clear", key_mgmt="NONE", scan_freq="2412")
-        dev[1].request("DISCONNECT")
-        dev[0].wait_disconnected()
-        dev[0].request("DISCONNECT")
-        dev[0].request("ABORT_SCAN")
-        time.sleep(1)
-        dev[0].dump_monitor()
-        dev[1].dump_monitor()
-
-def clear_regdom(hapd, dev, count=1):
-    disable_hapd(hapd)
-    clear_regdom_dev(dev, count)
-
-def disable_hapd(hapd):
-    if hapd:
-        hapd.request("DISABLE")
-        time.sleep(0.1)
-
-def clear_regdom_dev(dev, count=1):
-    for i in range(count):
-        dev[i].request("DISCONNECT")
-    for i in range(count):
-        dev[i].disconnect_and_stop_scan()
-    dev[0].cmd_execute(['iw', 'reg', 'set', '00'])
-    wait_regdom_changes(dev[0])
-    country = dev[0].get_driver_status_field("country")
-    logger.info("Country code at the end: " + country)
-    if country != "00":
-        clear_country(dev)
-    for i in range(count):
-        dev[i].flush_scan_cache()
-
-def radiotap_build():
-    radiotap_payload = struct.pack('BB', 0x08, 0)
-    radiotap_payload += struct.pack('BB', 0, 0)
-    radiotap_payload += struct.pack('BB', 0, 0)
-    radiotap_hdr = struct.pack('<BBHL', 0, 0, 8 + len(radiotap_payload),
-                               0xc002)
-    return radiotap_hdr + radiotap_payload
-
-def start_monitor(ifname, freq=2412):
-    subprocess.check_call(["iw", ifname, "set", "type", "monitor"])
-    subprocess.call(["ip", "link", "set", "dev", ifname, "up"])
-    subprocess.check_call(["iw", ifname, "set", "freq", str(freq)])
-
-    ETH_P_ALL = 3
-    sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
-                         socket.htons(ETH_P_ALL))
-    sock.bind((ifname, 0))
-    sock.settimeout(0.5)
-    return sock
-
-def stop_monitor(ifname):
-    subprocess.call(["ip", "link", "set", "dev", ifname, "down"])
-    subprocess.call(["iw", ifname, "set", "type", "managed"])
-
-def clear_scan_cache(apdev):
-    ifname = apdev['ifname']
-    hostapd.cmd_execute(apdev, ['ifconfig', ifname, 'up'])
-    hostapd.cmd_execute(apdev, ['iw', ifname, 'scan', 'trigger', 'freq', '2412',
-                                'flush'])
-    time.sleep(0.1)
-    hostapd.cmd_execute(apdev, ['ifconfig', ifname, 'down'])
-
-def set_world_reg(apdev0=None, apdev1=None, dev0=None):
-    if apdev0:
-        hostapd.cmd_execute(apdev0, ['iw', 'reg', 'set', '00'])
-    if apdev1:
-        hostapd.cmd_execute(apdev1, ['iw', 'reg', 'set', '00'])
-    if dev0:
-        dev0.cmd_execute(['iw', 'reg', 'set', '00'])
-    time.sleep(0.1)
-
-def sysctl_write(val):
-    subprocess.call(['sysctl', '-w', val], stdout=open('/dev/null', 'w'))
-
-def var_arg_call(fn, dev, apdev, params):
-    if fn.__code__.co_argcount > 2:
-        return fn(dev, apdev, params)
-    elif fn.__code__.co_argcount > 1:
-        return fn(dev, apdev)
-    return fn(dev)
-
-def cloned_wrapper(wrapper, fn):
-    # we need the name set right for selecting / printing etc.
-    wrapper.__name__ = fn.__name__
-    wrapper.__doc__ = fn.__doc__
-    # reparent to the right module for module filtering
-    wrapper.__module__ = fn.__module__
-    return wrapper
-
-def disable_ipv6(fn):
-    def wrapper(dev, apdev, params):
-        require_under_vm()
-        try:
-            sysctl_write('net.ipv6.conf.all.disable_ipv6=1')
-            sysctl_write('net.ipv6.conf.default.disable_ipv6=1')
-            var_arg_call(fn, dev, apdev, params)
-        finally:
-            sysctl_write('net.ipv6.conf.all.disable_ipv6=0')
-            sysctl_write('net.ipv6.conf.default.disable_ipv6=0')
-    return cloned_wrapper(wrapper, fn)
-
-def reset_ignore_old_scan_res(fn):
-    def wrapper(dev, apdev, params):
-        try:
-            var_arg_call(fn, dev, apdev, params)
-        finally:
-            dev[0].set("ignore_old_scan_res", "0")
-    return cloned_wrapper(wrapper, fn)
diff --git a/tests/hwsim/vm/.gitignore b/tests/hwsim/vm/.gitignore
deleted file mode 100644
index b1ce1b1050f5..000000000000
--- a/tests/hwsim/vm/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-vm-config
diff --git a/tests/hwsim/vm/README b/tests/hwsim/vm/README
deleted file mode 100644
index 224d65a26109..000000000000
--- a/tests/hwsim/vm/README
+++ /dev/null
@@ -1,80 +0,0 @@
-These scripts allow you to run the hwsim tests inside a KVM virtual machine or
-as a UML (User Mode Linux) program.
-
-To set it up, first compile a kernel with the kernel-config[.uml] file as the
-.config. You can adjust it as needed, the configuration is for a 64-bit x86
-system and should be close to minimal. The architecture must be the same as
-your host since the host's filesystem is used.
-
-To build the regular x86_64 kernel, simply issue
-
-yes "" | make -j <n_cpus>
-
-or to build UML:
-
-yes "" | ARCH=um make -j <n_cpus>
-
-Running a UML kernel is recommended as it can optimize out any sleep()s or
-kernel timers by taking advantage of UML time travel mode, greatly increasing
-test efficiency (~3200 tests can be run in under 5 minutes using parallel-vm.py
-on a 24 core CPU).
-
-Install the required tools: at least 'kvm', if you want tracing trace-cmd,
-valgrind if you want, etc.
-
-Compile the hwsim tests as per the instructions given, you may have to
-install some extra development packages (e.g. binutils-dev for libbfd).
-
-Create a vm-config file and put the KERNELDIR option into it (see the
-vm-run.sh script). If you want valgrind, also increase the memory size.
-
-Now you can run the vm-run.sh script and it will execute the tests using
-your system's root filesystem (read-only) inside the VM. The options you
-give it are passed through to run-all.sh, see there.
-
-To speed up testing, it is possible to run multiple VMs concurrently and
-split the test cases between all the VMs. If the host system has enough
-memory and CPU resources, this can significantly speed up the full test
-cycle. For example, a 4 core system with 4 GB of RAM can easily run 8
-parallel VMs (assuming valgrind is not used with its higher memory
-requirements). This can be run with:
-
-./parallel-vm.py <number of VMs> [arguments..]
-
-
---------------------------------------------------------------------------------
-
-Code Coverage Analysis for user space code
-
-Code coverage for wpa_supplicant and hostapd can be generated from the
-test run with following command line:
-
-./vm-run.sh --codecov [other arguments..]
-
-This builds a separate copies of wpa_supplicant and hostapd into a
-directory that is writable from the virtual machine to collect the gcov
-data. lcov is then used to prepare the reports at the end of the test
-run.
-
-
-Code Coverage Analysis for kernel code
-
-In order to do code coverage analysis, reconfigure the kernel to include
-
-CONFIG_GCOV_KERNEL=y
-CONFIG_GCOV_PROFILE_ALL=y
-
-Note that for gcc 4.7, kernel version 3.13-rc1 or higher is required.
-
-The scripts inside the VM will automatically copy the gcov data out of the
-VM into the logs directory. To post-process this data, you'll want to use
-lcov and run
-
-cd /tmp/hwsim-test-logs/<timestamp>
-lcov -b <path to kernel dir> -c -d gcov/ > gcov/data
-genhtml -o html/ gcov/data
-
-Then open html/index.html in your browser.
-
-Note that in this case you need to keep your build and source directories
-across the test run (otherwise, it's safe to only keep the kernel image.)
diff --git a/tests/hwsim/vm/bisect-run.sh b/tests/hwsim/vm/bisect-run.sh
deleted file mode 100755
index fa511073f0db..000000000000
--- a/tests/hwsim/vm/bisect-run.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-
-set -e
-
-path="$(dirname $0)"
-
-test="$1"
-makedir="$2"
-if [ -z $test ] ; then
-	echo "This script helps bisect test failures, given a test case."
-	echo ""
-	echo "Use it like this:"
-	echo "  git bisect start"
-	echo "  git bisect bad <commit>"
-	echo "  git bisect good <commit>"
-	echo "  git bisect run $0 <test name> [<compile directory>]"
-	echo ""
-	echo "(the compile directory is optional, use it if you want to"
-	echo "use an out-of-tree kernel build."
-	echo ""
-	echo "Note that, of course, you have to have a working vm-run setup."
-	exit 200 # exit git bisect run if called that way
-fi
-
-if [ -n "$makedir" ] ; then
-	cd "$makedir"
-fi
-
-yes '' | make oldconfig || exit 125
-make -j8 || exit 125
-
-output=$(mktemp)
-if [ $? -ne 0 ] ; then
-        exit 202
-fi
-finish() {
-        rm -f $output
-}
-trap finish EXIT
-
-"$path/vm-run.sh" $test 2>&1 | tee $output
-
-grep -q 'ALL-PASSED' $output && exit 0 || exit 1
diff --git a/tests/hwsim/vm/build-codecov.sh b/tests/hwsim/vm/build-codecov.sh
deleted file mode 100755
index e67ef2ea8e0e..000000000000
--- a/tests/hwsim/vm/build-codecov.sh
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/bash
-
-LOGDIR=$1
-DIR=$PWD
-TMPDIR=/tmp/logs
-
-if [ -e $TMPDIR ]; then
-	echo "$TMPDIR exists - cannot prepare build trees"
-	exit 1
-fi
-mkdir $TMPDIR
-echo "Preparing separate build trees for hostapd/wpa_supplicant"
-cd ../../..
-git archive --format=tar --prefix=hostap/ HEAD > $TMPDIR/hostap.tar
-cd $DIR
-cat ../../../wpa_supplicant/.config > $TMPDIR/wpa_supplicant.config
-echo "CONFIG_CODE_COVERAGE=y" >> $TMPDIR/wpa_supplicant.config
-cat ../../../hostapd/.config > $TMPDIR/hostapd.config
-echo "CONFIG_CODE_COVERAGE=y" >> $TMPDIR/hostapd.config
-
-cd $TMPDIR
-tar xf hostap.tar
-mv hostap alt-wpa_supplicant
-mv wpa_supplicant.config alt-wpa_supplicant/wpa_supplicant/.config
-tar xf hostap.tar
-mv hostap alt-hostapd
-cp hostapd.config alt-hostapd/hostapd/.config
-tar xf hostap.tar
-mv hostap alt-hostapd-as
-cp hostapd.config alt-hostapd-as/hostapd/.config
-tar xf hostap.tar
-mv hostap alt-hlr_auc_gw
-mv hostapd.config alt-hlr_auc_gw/hostapd/.config
-rm hostap.tar
-
-cd $TMPDIR/alt-wpa_supplicant/wpa_supplicant
-echo "Building wpa_supplicant"
-make -j8 > /dev/null
-
-cd $TMPDIR/alt-hostapd/hostapd
-echo "Building hostapd"
-make -j8 hostapd hostapd_cli > /dev/null
-
-cd $TMPDIR/alt-hostapd-as/hostapd
-echo "Building hostapd (AS)"
-make -j8 hostapd hostapd_cli > /dev/null
-
-cd $TMPDIR/alt-hlr_auc_gw/hostapd
-echo "Building hlr_auc_gw"
-make -j8 hlr_auc_gw > /dev/null
-
-cd $DIR
-
-mv $TMPDIR/alt-wpa_supplicant $LOGDIR
-mv $TMPDIR/alt-hostapd $LOGDIR
-mv $TMPDIR/alt-hostapd-as $LOGDIR
-mv $TMPDIR/alt-hlr_auc_gw $LOGDIR
diff --git a/tests/hwsim/vm/combine-codecov.sh b/tests/hwsim/vm/combine-codecov.sh
deleted file mode 100755
index 309125f22b7b..000000000000
--- a/tests/hwsim/vm/combine-codecov.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-
-LOGDIR=$1
-if [ -n "$2" ]; then
-    ODIR=$2
-else
-    ODIR=.
-fi
-TMPDIR=/tmp/logs
-
-mv $LOGDIR/alt-* $TMPDIR
-
-cd $TMPDIR
-args=""
-for i in lcov-*.info-*; do
-    args="$args -a $i"
-done
-
-lcov $args -o $LOGDIR/combined.info > $LOGDIR/combined-lcov.log 2>&1
-cat $LOGDIR/combined.info |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/bits\/byteswap.h$\)/\1/};/^SF:.*\/bits\/byteswap.h$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/openssl\/x509.h$\)/\1/};/^SF:.*\/openssl\/x509.h$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/openssl\/x509v3.h$\)/\1/};/^SF:.*\/openssl\/x509v3.h$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/common\/wpa_ctrl.c$\)/\1/};/^SF:.*\/common\/wpa_ctrl.c$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/common\/cli.c$\)/\1/};/^SF:.*\/common\/cli.c$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/utils\/edit.c$\)/\1/};/^SF:.*\/utils\/edit.c$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*_module_tests.c$\)/\1/};/^SF:.*_module_tests.c$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*\/hostapd\/hostapd_cli.c$\)/\1/};/^SF:.*\/hostapd\/hostapd_cli.c$/,/^end_of_record$/d" |
-    sed "/^TN:$/{N;s/TN:\n\(SF:.*wpa_supplicant\/wpa_cli.c$\)/\1/};/^SF:.*wpa_supplicant\/wpa_cli.c$/,/^end_of_record$/d" > $LOGDIR/combined.info.filtered
-
-cd $LOGDIR
-genhtml -t "wpa_supplicant/hostapd combined for hwsim test run $(date +%s)" combined.info.filtered --output-directory $ODIR > lcov.log 2>&1
-
-rm -r /tmp/logs/alt-wpa_supplicant
-rm -r /tmp/logs/alt-hostapd
-rm -r /tmp/logs/alt-hostapd-as
-rm -r /tmp/logs/alt-hlr_auc_gw
-rm /tmp/logs/lcov-*info-*
-rmdir /tmp/logs
diff --git a/tests/hwsim/vm/dbus.conf b/tests/hwsim/vm/dbus.conf
deleted file mode 100644
index 1f3b56353c88..000000000000
--- a/tests/hwsim/vm/dbus.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-  <type>system</type>
-  <user>messagebus</user>
-  <fork/>
-  <standard_system_servicedirs/>
-  <servicehelper>/usr/lib/dbus-1.0/dbus-daemon-launch-helper</servicehelper>
-  <pidfile>/var/run/dbus/pid</pidfile>
-  <auth>EXTERNAL</auth>
-  <listen>unix:path=/var/run/dbus/system_bus_socket</listen>
-  <policy context="default">
-    <allow user="*"/>
-    <deny own="*"/>
-    <deny send_type="method_call"/>
-    <allow send_type="signal"/>
-    <allow send_requested_reply="true" send_type="method_return"/>
-    <allow send_requested_reply="true" send_type="error"/>
-    <allow receive_type="method_call"/>
-    <allow receive_type="method_return"/>
-    <allow receive_type="error"/>
-    <allow receive_type="signal"/>
-    <allow send_destination="org.freedesktop.DBus"/>
-    <deny send_destination="org.freedesktop.DBus"
-          send_interface="org.freedesktop.DBus"
-          send_member="UpdateActivationEnvironment"/>
-  </policy>
-  <policy user="root">
-    <allow own="fi.w1.wpa_supplicant1"/>
-    <allow send_destination="fi.w1.wpa_supplicant1"/>
-    <allow send_interface="fi.w1.wpa_supplicant1"/>
-    <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
-  </policy>
-</busconfig>
diff --git a/tests/hwsim/vm/example-vm-setup.txt b/tests/hwsim/vm/example-vm-setup.txt
deleted file mode 100644
index 81e2dfdb9ffe..000000000000
--- a/tests/hwsim/vm/example-vm-setup.txt
+++ /dev/null
@@ -1,95 +0,0 @@
-Step-by-step guide for setting up hostapd/wpa_supplicant test framework (VM)
-----------------------------------------------------------------------------
-
-This document can be used as a quick guide for getting started with
-hostapd/wpa_supplicant test framework with mac80211_hwsim. While the
-example here uses Ubuntu 16.04.1 server to have a list of exact steps,
-there are no requirements for using that specific distribution in the
-testing setup.
-
-The steps here describe how to run a guest VM for testing on a Linux
-host system.
-
-
-Install Ubuntu Server 16.04.1 as the host system for VMs
-
-- download installation image, e.g.,
-  http://releases.ubuntu.com/16.04.1/ubuntu-16.04.1-server-amd64.iso
-- install the host system with default settings
-- boot to the installed system
-- update the installed packages:
-  sudo apt update
-  sudo apt upgrade
-
-
-Install the prerequisite packages that may not have been installed by default
-
-# kvm for running the VM guests
-sudo apt install qemu-kvm
-
-# build tools
-sudo apt install build-essential git libpcap-dev libsqlite3-dev binutils-dev \
-	bc pkg-config libssl-dev libiberty-dev libdbus-1-dev \
-	libnl-3-dev libnl-genl-3-dev libnl-route-3-dev
-
-# tools used be the test scripts
-sudo apt install python-minimal python-crypto python-pyrad python-netifaces \
-	python-dbus python-gobject python-openssl bridge-utils ebtables tshark
-
-
-Enable kvm use for the user
-
-sudo adduser $USER kvm
-
-
-Download a snapshot of the hostap.git repository and build the programs
-
-cd
-git clone git://w1.fi/hostap.git
-cd hostap/tests/hwsim
-./build.sh
-cd vm
-cat > vm-config <<EOF
-KERNELDIR=~/wireless-testing
-MEMORY=512
-KVMARGS="-cpu host"
-EOF
-
-
-Build a Linux kernel for testing
-
-cd
-git clone git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-testing.git
-cd wireless-testing
-cp ~/hostap/tests/hwsim/vm/kernel-config .config
-make oldconfig
-make -j8
-
-
-Setup is now ready for testing. You can run a quick test to confirm that
-things work as expected:
-
-cd ~/hostap/tests/hwsim/vm
-./vm-run ap_open
-
-This should print out following style results:
-
-Starting test run in a virtual machine
-./run-all.sh: passing the following args to run-tests.py: ap_open
-START ap_open 1/1
-PASS ap_open 0.924019 2017-01-28 20:20:12.137717
-passed all 1 test case(s)
-ALL-PASSED
-
-Test run completed
-Logfiles are at /tmp/hwsim-test-logs/1485634801
-
-(If that "PASS ap_open" line does not show up, something unexpected has
-happened and the setup is not in working condition.)
-
-
-To run all available test cases in 7 parallel VMs, you can run
-following:
-
-cd ~/hostap/tests/hwsim/vm
-./parallel-vm.py 7
diff --git a/tests/hwsim/vm/inside.sh b/tests/hwsim/vm/inside.sh
deleted file mode 100755
index bfcbda631e4f..000000000000
--- a/tests/hwsim/vm/inside.sh
+++ /dev/null
@@ -1,171 +0,0 @@
-#!/bin/sh
-
-# keep old /etc
-mount tmpfs -t tmpfs /tmp
-mkdir /tmp/etc
-mount --bind /etc /tmp/etc
-# mount all kinds of things
-mount tmpfs -t tmpfs /etc
-# we need our own /dev/rfkill, and don't want device access
-mount tmpfs -t tmpfs /dev
-# some sockets go into /var/run, and / is read-only
-mount tmpfs -t tmpfs /var/run
-mount proc -t proc /proc
-mount sysfs -t sysfs /sys
-# needed for tracing
-mount debugfs -t debugfs /sys/kernel/debug
-
-mkdir /tmp/wireshark-share
-mount --bind /usr/share/wireshark /tmp/wireshark-share
-mount tmpfs -t tmpfs /usr/share/wireshark
-
-# for inside telnet
-mkdir /dev/pts
-mount devpts -t devpts /dev/pts
-
-export PATH=/usr/sbin:$PATH
-export HOME=/tmp
-
-# reboot on any sort of crash
-sysctl kernel.panic_on_oops=1
-sysctl kernel.panic=1
-
-# get extra command line variables from /proc/cmdline
-TESTDIR=$(sed 's/.*testdir=\([^ ]*\) .*/\1/' /proc/cmdline)
-TIMEWARP=$(sed 's/.*timewarp=\([^ ]*\) .*/\1/' /proc/cmdline)
-EPATH=$(sed 's/.*EPATH=\([^ ]*\) .*/\1/' /proc/cmdline)
-TELNET=$(sed 's/.*TELNET=\([^ ]*\) .*/\1/' /proc/cmdline)
-ARGS=$(sed 's/.*ARGS=\([^ ]*\)\( \|$\).*/\1/' /proc/cmdline)
-LOGDIR=$(sed 's/.*LOGDIR=\([^ ]*\)\( \|$\).*/\1/' /proc/cmdline)
-
-mount --bind "$TESTDIR/vm/regdb/" /lib/firmware
-
-# create /dev entries we need
-mknod -m 660 /dev/ttyS0 c 4 64
-mknod -m 666 /dev/ptmx c 5 2
-mknod -m 660 /dev/random c 1 8
-mknod -m 660 /dev/urandom c 1 9
-mknod -m 666 /dev/null c 1 3
-mknod -m 666 /dev/kmsg c 1 11
-test -f /sys/class/misc/rfkill/dev && \
-	mknod -m 660 /dev/rfkill c $(cat /sys/class/misc/rfkill/dev | tr ':' ' ')
-ln -s /proc/self/fd/0 /dev/stdin
-ln -s /proc/self/fd/1 /dev/stdout
-ln -s /proc/self/fd/2 /dev/stderr
-
-echo "VM has started up" > /dev/ttyS0
-
-# create stub sudo - everything runs as uid 0
-mkdir /tmp/bin
-cat > /tmp/bin/sudo << EOF
-#!/bin/bash
-
-exec "\$@"
-EOF
-chmod +x /tmp/bin/sudo
-# and put it into $PATH, as well as our extra-$PATH
-export PATH=/tmp/bin:$EPATH:$PATH
-
-# some tests assume adm/admin group(s) exist(s)
-cat > /etc/group <<EOF
-adm:x:0:
-admin:x:0:
-messagebus:x:106:
-EOF
-# root should exist
-cat > /etc/passwd <<EOF
-root:x:0:0:root:/tmp:/bin/bash
-messagebus:x:102:106::/var/run/dbus:/bin/false
-EOF
-cat > /etc/ethertypes <<EOF
-IPv4	 	0800  	ip ip4
-ARP		0806	ether-arp
-IPv6		86DD	ip6
-EOF
-cat > /etc/protocols <<EOF
-ip      0       IP
-icmp    1       ICMP
-tcp     6       TCP
-udp     17      UDP
-ipv6-icmp 58	IPv6-ICMP
-EOF
-
-# we may need /etc/alternatives, at least on Debian-based systems
-ln -s /tmp/etc/alternatives /etc/
-
-# local network is needed for some tests
-ip link set lo up
-
-# create logs mountpoint and mount the logshare
-mkdir /tmp/logs
-if grep -q rootfstype=hostfs /proc/cmdline; then
-    mount -t hostfs none /tmp/logs -o $LOGDIR
-else
-    mount -t 9p -o trans=virtio,rw logshare /tmp/logs
-fi
-
-# allow access to any outside directory (e.g. /tmp) we also have
-mkdir /tmp/host
-mount --bind / /tmp/host
-
-if [ "$TIMEWARP" = "1" ] ; then
-    (
-        while sleep 1 ; do
-            date --set "@$(($(date +%s) + 19))"
-        done
-    ) &
-fi
-
-echo hwsimvm > /proc/sys/kernel/hostname
-echo 8 8 8 8 > /proc/sys/kernel/printk
-
-cat > /tmp/bin/login <<EOF
-#!/bin/sh
-
-export PS1='\h:\w\$ '
-exec bash
-EOF
-chmod +x /tmp/bin/login
-
-if [ "$TELNET" = "1" ] ; then
-  ip link set eth0 up
-  ip addr add 172.16.0.15/24 dev eth0
-  which in.telnetd >/dev/null && (
-    while true ; do
-      in.telnetd -debug 23 -L /tmp/bin/login
-    done
-  ) &
-fi
-
-# check if we're rebooting due to a kernel panic ...
-if grep -q 'Kernel panic' /tmp/logs/console ; then
-	echo "KERNEL CRASHED!" >/dev/ttyS0
-else
-	# finally run the tests
-	export USER=0
-	export LOGDIR=/tmp/logs
-	export DBFILE=$LOGDIR/results.db
-	export PREFILL_DB=y
-
-	# some tests need CRDA, install a simple uevent helper
-	# and preload the 00 domain it will have asked for already
-	echo $TESTDIR/vm/uevent.sh > /sys/kernel/uevent_helper
-	COUNTRY=00 crda
-
-	mkdir -p /var/run/dbus
-	touch /var/run/dbus/hwsim-test
-	chown messagebus.messagebus /var/run/dbus
-	dbus-daemon --config-file=$TESTDIR/vm/dbus.conf --fork
-
-	cd $TESTDIR
-	./run-all.sh --vm $(cat /tmp/host$ARGS) </dev/ttyS0 >/dev/ttyS0 2>&1
-	if test -d /sys/kernel/debug/gcov ; then
-		cp -ar /sys/kernel/debug/gcov /tmp/logs/
-		# these are broken as they're updated while being read ...
-		find /tmp/logs/gcov/ -wholename '*kernel/gcov/*' -print0 | xargs -0 rm
-	fi
-	#bash </dev/ttyS0 >/dev/ttyS0 2>&1
-fi
-
-# and shut down the machine again
-halt -f -p
diff --git a/tests/hwsim/vm/kernel-config b/tests/hwsim/vm/kernel-config
deleted file mode 100644
index 2aff20af49ad..000000000000
--- a/tests/hwsim/vm/kernel-config
+++ /dev/null
@@ -1,175 +0,0 @@
-# CONFIG_LOCALVERSION_AUTO is not set
-CONFIG_KERNEL_BZIP2=y
-# CONFIG_SWAP is not set
-CONFIG_SYSVIPC=y
-# CONFIG_CROSS_MEMORY_ATTACH is not set
-CONFIG_NO_HZ=y
-CONFIG_HIGH_RES_TIMERS=y
-CONFIG_PREEMPT=y
-CONFIG_BSD_PROCESS_ACCT=y
-CONFIG_TASKSTATS=y
-CONFIG_TASK_DELAY_ACCT=y
-CONFIG_TASK_XACCT=y
-CONFIG_TASK_IO_ACCOUNTING=y
-CONFIG_LOG_BUF_SHIFT=21
-CONFIG_NAMESPACES=y
-# CONFIG_FHANDLE is not set
-CONFIG_EMBEDDED=y
-# CONFIG_COMPAT_BRK is not set
-CONFIG_SMP=y
-# CONFIG_X86_EXTENDED_PLATFORM is not set
-CONFIG_HYPERVISOR_GUEST=y
-CONFIG_PARAVIRT=y
-CONFIG_PARAVIRT_SPINLOCKS=y
-CONFIG_MCORE2=y
-CONFIG_GART_IOMMU=y
-CONFIG_NR_CPUS=4
-# CONFIG_X86_MCE is not set
-CONFIG_MICROCODE_OLD_INTERFACE=y
-# CONFIG_MTRR_SANITIZER is not set
-# CONFIG_SECCOMP is not set
-CONFIG_HZ_100=y
-# CONFIG_RELOCATABLE is not set
-CONFIG_PHYSICAL_ALIGN=0x1000000
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
-# CONFIG_SUSPEND is not set
-# CONFIG_ACPI_AC is not set
-# CONFIG_ACPI_BATTERY is not set
-# CONFIG_ACPI_BUTTON is not set
-# CONFIG_ACPI_FAN is not set
-CONFIG_CPU_IDLE_GOV_LADDER=y
-# CONFIG_PCI_MMCONFIG is not set
-# CONFIG_ISA_DMA_API is not set
-# CONFIG_DMIID is not set
-# CONFIG_VIRTUALIZATION is not set
-CONFIG_JUMP_LABEL=y
-# CONFIG_BLK_DEV_BSG is not set
-CONFIG_PARTITION_ADVANCED=y
-CONFIG_MAC_PARTITION=y
-# CONFIG_COMPACTION is not set
-# CONFIG_BOUNCE is not set
-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
-CONFIG_NET=y
-CONFIG_PACKET=y
-CONFIG_UNIX=y
-CONFIG_INET=y
-CONFIG_IP_MULTICAST=y
-CONFIG_IP_ADVANCED_ROUTER=y
-CONFIG_IP_MULTIPLE_TABLES=y
-# CONFIG_INET_DIAG is not set
-CONFIG_NETFILTER=y
-CONFIG_BRIDGE_NETFILTER=y
-CONFIG_NF_TABLES=y
-CONFIG_NETFILTER_XTABLES=y
-CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
-CONFIG_NF_TABLES_BRIDGE=y
-CONFIG_BRIDGE_NF_EBTABLES=y
-CONFIG_BRIDGE_EBT_T_FILTER=y
-CONFIG_BRIDGE_EBT_ARP=y
-CONFIG_BRIDGE_EBT_IP=y
-CONFIG_BRIDGE_EBT_IP6=y
-CONFIG_BRIDGE_EBT_PKTTYPE=y
-CONFIG_BRIDGE_EBT_ARPREPLY=y
-CONFIG_BRIDGE=y
-CONFIG_VLAN_8021Q=y
-CONFIG_CFG80211=y
-CONFIG_CFG80211_DEVELOPER_WARNINGS=y
-CONFIG_CFG80211_DEBUGFS=y
-CONFIG_CFG80211_WEXT=y
-CONFIG_MAC80211=y
-CONFIG_MAC80211_MESH=y
-CONFIG_MAC80211_DEBUGFS=y
-CONFIG_MAC80211_MESSAGE_TRACING=y
-CONFIG_MAC80211_DEBUG_MENU=y
-CONFIG_MAC80211_NOINLINE=y
-CONFIG_MAC80211_VERBOSE_DEBUG=y
-CONFIG_MAC80211_MLME_DEBUG=y
-CONFIG_MAC80211_STA_DEBUG=y
-CONFIG_MAC80211_HT_DEBUG=y
-CONFIG_MAC80211_IBSS_DEBUG=y
-CONFIG_MAC80211_PS_DEBUG=y
-CONFIG_MAC80211_TDLS_DEBUG=y
-CONFIG_RFKILL=y
-CONFIG_NET_9P=y
-CONFIG_NET_9P_VIRTIO=y
-CONFIG_PCI=y
-CONFIG_UEVENT_HELPER=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_PNP_DEBUG_MESSAGES is not set
-# CONFIG_BLK_DEV is not set
-CONFIG_NETDEVICES=y
-CONFIG_DUMMY=y
-CONFIG_MACSEC=y
-CONFIG_VETH=y
-# CONFIG_ETHERNET is not set
-CONFIG_MAC80211_HWSIM=y
-# CONFIG_INPUT_KEYBOARD is not set
-# CONFIG_INPUT_MOUSE is not set
-# CONFIG_LEGACY_PTYS is not set
-CONFIG_SERIAL_8250=y
-# CONFIG_SERIAL_8250_PNP is not set
-CONFIG_SERIAL_8250_CONSOLE=y
-# CONFIG_SERIAL_8250_MID is not set
-# CONFIG_HW_RANDOM is not set
-CONFIG_POWER_SUPPLY=y
-# CONFIG_HWMON is not set
-CONFIG_FB=y
-CONFIG_FB_MODE_HELPERS=y
-CONFIG_FB_VESA=y
-CONFIG_VGACON_SOFT_SCROLLBACK=y
-CONFIG_FRAMEBUFFER_CONSOLE=y
-CONFIG_HIDRAW=y
-# CONFIG_USB_SUPPORT is not set
-CONFIG_VIRT_DRIVERS=y
-CONFIG_VIRTIO_PCI=y
-# CONFIG_X86_PLATFORM_DEVICES is not set
-# CONFIG_IOMMU_SUPPORT is not set
-# CONFIG_DNOTIFY is not set
-# CONFIG_INOTIFY_USER is not set
-CONFIG_ISO9660_FS=y
-CONFIG_PROC_KCORE=y
-CONFIG_TMPFS=y
-CONFIG_TMPFS_POSIX_ACL=y
-CONFIG_CONFIGFS_FS=y
-# CONFIG_MISC_FILESYSTEMS is not set
-CONFIG_9P_FS=y
-CONFIG_9P_FS_POSIX_ACL=y
-CONFIG_CRYPTO_ECHAINIV=y
-CONFIG_CRYPTO_CRCT10DIF=y
-CONFIG_CRYPTO_ARC4=y
-# CONFIG_CRYPTO_HW is not set
-CONFIG_PRINTK_TIME=y
-CONFIG_DYNAMIC_DEBUG=y
-CONFIG_DEBUG_INFO=y
-CONFIG_DEBUG_INFO_REDUCED=y
-CONFIG_FRAME_WARN=1024
-CONFIG_DEBUG_SECTION_MISMATCH=y
-CONFIG_MAGIC_SYSRQ=y
-CONFIG_PAGE_EXTENSION=y
-CONFIG_DEBUG_PAGEALLOC=y
-CONFIG_DEBUG_RODATA_TEST=y
-CONFIG_DEBUG_OBJECTS=y
-CONFIG_DEBUG_OBJECTS_SELFTEST=y
-CONFIG_DEBUG_OBJECTS_FREE=y
-CONFIG_DEBUG_OBJECTS_TIMERS=y
-CONFIG_DEBUG_OBJECTS_WORK=y
-CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
-CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
-CONFIG_SLUB_DEBUG_ON=y
-CONFIG_DEBUG_KMEMLEAK=y
-CONFIG_DEBUG_STACK_USAGE=y
-CONFIG_PANIC_ON_OOPS=y
-CONFIG_HARDLOCKUP_DETECTOR=y
-CONFIG_PROVE_LOCKING=y
-CONFIG_LOCK_STAT=y
-CONFIG_DEBUG_LOCKDEP=y
-CONFIG_DEBUG_ATOMIC_SLEEP=y
-CONFIG_DEBUG_KOBJECT=y
-CONFIG_DEBUG_LIST=y
-CONFIG_DEBUG_NOTIFIERS=y
-CONFIG_RCU_CPU_STALL_TIMEOUT=60
-# CONFIG_RCU_TRACE is not set
-CONFIG_LATENCYTOP=y
-CONFIG_FUNCTION_TRACER=y
-# CONFIG_STRICT_DEVMEM is not set
-# CONFIG_X86_VERBOSE_BOOTUP is not set
diff --git a/tests/hwsim/vm/kernel-config.uml b/tests/hwsim/vm/kernel-config.uml
deleted file mode 100644
index b0f2f65ac390..000000000000
--- a/tests/hwsim/vm/kernel-config.uml
+++ /dev/null
@@ -1,131 +0,0 @@
-CONFIG_SYSVIPC=y
-CONFIG_POSIX_MQUEUE=y
-CONFIG_NO_HZ=y
-CONFIG_HIGH_RES_TIMERS=y
-CONFIG_BSD_PROCESS_ACCT=y
-CONFIG_IKCONFIG=y
-CONFIG_IKCONFIG_PROC=y
-CONFIG_LOG_BUF_SHIFT=14
-CONFIG_CGROUPS=y
-CONFIG_BLK_CGROUP=y
-CONFIG_CGROUP_SCHED=y
-CONFIG_CGROUP_FREEZER=y
-CONFIG_CGROUP_DEVICE=y
-CONFIG_CGROUP_CPUACCT=y
-# CONFIG_PID_NS is not set
-CONFIG_SYSFS_DEPRECATED=y
-CONFIG_CC_OPTIMIZE_FOR_SIZE=y
-CONFIG_SLAB=y
-CONFIG_HOSTFS=y
-CONFIG_MAGIC_SYSRQ=y
-CONFIG_MMAPPER=y
-# CONFIG_SECCOMP is not set
-CONFIG_UML_TIME_TRAVEL_SUPPORT=y
-CONFIG_SSL=y
-CONFIG_NULL_CHAN=y
-CONFIG_PORT_CHAN=y
-CONFIG_PTY_CHAN=y
-CONFIG_TTY_CHAN=y
-CONFIG_XTERM_CHAN=y
-CONFIG_CON_CHAN="pts"
-CONFIG_SSL_CHAN="pts"
-CONFIG_UML_NET=y
-CONFIG_UML_NET_TUNTAP=y
-CONFIG_UML_NET_VECTOR=y
-# CONFIG_BLK_DEV_BSG is not set
-# CONFIG_MQ_IOSCHED_DEADLINE is not set
-# CONFIG_MQ_IOSCHED_KYBER is not set
-CONFIG_BINFMT_MISC=y
-# CONFIG_COMPACTION is not set
-CONFIG_NET=y
-CONFIG_PACKET=y
-CONFIG_UNIX=y
-CONFIG_INET=y
-CONFIG_IP_MULTICAST=y
-CONFIG_IP_ADVANCED_ROUTER=y
-CONFIG_IP_MULTIPLE_TABLES=y
-CONFIG_NETFILTER=y
-CONFIG_BRIDGE_NETFILTER=y
-CONFIG_NF_TABLES=y
-CONFIG_NETFILTER_XTABLES=y
-CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
-CONFIG_NF_TABLES_BRIDGE=y
-CONFIG_BRIDGE_NF_EBTABLES=y
-CONFIG_BRIDGE_EBT_T_FILTER=y
-CONFIG_BRIDGE_EBT_ARP=y
-CONFIG_BRIDGE_EBT_IP=y
-CONFIG_BRIDGE_EBT_IP6=y
-CONFIG_BRIDGE_EBT_PKTTYPE=y
-CONFIG_BRIDGE_EBT_ARPREPLY=y
-CONFIG_BRIDGE=y
-CONFIG_BRIDGE_VLAN_FILTERING=y
-CONFIG_VLAN_8021Q=y
-CONFIG_CFG80211=y
-CONFIG_CFG80211_DEBUGFS=y
-CONFIG_CFG80211_WEXT=y
-CONFIG_MAC80211=y
-CONFIG_MAC80211_MESH=y
-CONFIG_MAC80211_DEBUGFS=y
-CONFIG_MAC80211_MESSAGE_TRACING=y
-CONFIG_MAC80211_DEBUG_MENU=y
-CONFIG_MAC80211_VERBOSE_DEBUG=y
-CONFIG_MAC80211_MLME_DEBUG=y
-CONFIG_MAC80211_STA_DEBUG=y
-CONFIG_MAC80211_HT_DEBUG=y
-CONFIG_MAC80211_OCB_DEBUG=y
-CONFIG_MAC80211_IBSS_DEBUG=y
-CONFIG_MAC80211_PS_DEBUG=y
-CONFIG_MAC80211_TDLS_DEBUG=y
-CONFIG_MAC80211_DEBUG_COUNTERS=y
-CONFIG_RFKILL=y
-CONFIG_UEVENT_HELPER=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-CONFIG_DEVTMPFS=y
-CONFIG_DEVTMPFS_MOUNT=y
-CONFIG_BLK_DEV_UBD=y
-CONFIG_BLK_DEV_LOOP=y
-CONFIG_DUMMY=y
-CONFIG_MACSEC=y
-CONFIG_VETH=y
-# CONFIG_ETHERNET is not set
-# CONFIG_WLAN_VENDOR_ADMTEK is not set
-# CONFIG_WLAN_VENDOR_ATH is not set
-# CONFIG_WLAN_VENDOR_ATMEL is not set
-# CONFIG_WLAN_VENDOR_BROADCOM is not set
-# CONFIG_WLAN_VENDOR_CISCO is not set
-# CONFIG_WLAN_VENDOR_INTEL is not set
-# CONFIG_WLAN_VENDOR_INTERSIL is not set
-# CONFIG_WLAN_VENDOR_MARVELL is not set
-# CONFIG_WLAN_VENDOR_MEDIATEK is not set
-# CONFIG_WLAN_VENDOR_RALINK is not set
-# CONFIG_WLAN_VENDOR_REALTEK is not set
-# CONFIG_WLAN_VENDOR_RSI is not set
-# CONFIG_WLAN_VENDOR_ST is not set
-# CONFIG_WLAN_VENDOR_TI is not set
-# CONFIG_WLAN_VENDOR_ZYDAS is not set
-# CONFIG_WLAN_VENDOR_QUANTENNA is not set
-CONFIG_MAC80211_HWSIM=y
-CONFIG_LEGACY_PTY_COUNT=32
-# CONFIG_HW_RANDOM is not set
-CONFIG_UML_RANDOM=y
-# CONFIG_IOMMU_SUPPORT is not set
-# CONFIG_DNOTIFY is not set
-# CONFIG_INOTIFY_USER is not set
-CONFIG_PROC_KCORE=y
-CONFIG_TMPFS=y
-# CONFIG_MISC_FILESYSTEMS is not set
-# CONFIG_NETWORK_FILESYSTEMS is not set
-CONFIG_NLS=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
-CONFIG_CRYPTO_CRC32C=y
-CONFIG_CRYPTO_ARC4=y
-CONFIG_CRC16=y
-CONFIG_PRINTK_TIME=y
-CONFIG_DEBUG_INFO=y
-CONFIG_FRAME_WARN=1024
-CONFIG_DEBUG_FS=y
-CONFIG_DEBUG_KERNEL=y
-CONFIG_PANIC_ON_OOPS=y
-CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y
-CONFIG_PREEMPTIRQ_EVENTS=y
-# CONFIG_RUNTIME_TESTING_MENU is not set
diff --git a/tests/hwsim/vm/parallel-vm.py b/tests/hwsim/vm/parallel-vm.py
deleted file mode 100755
index 86565c677493..000000000000
--- a/tests/hwsim/vm/parallel-vm.py
+++ /dev/null
@@ -1,669 +0,0 @@
-#!/usr/bin/env python3
-#
-# Parallel VM test case executor
-# Copyright (c) 2014-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from __future__ import print_function
-import curses
-import fcntl
-import logging
-import multiprocessing
-import os
-import selectors
-import subprocess
-import sys
-import time
-import errno
-
-logger = logging.getLogger()
-
-# Test cases that take significantly longer time to execute than average.
-long_tests = ["ap_roam_open",
-              "wpas_mesh_password_mismatch_retry",
-              "wpas_mesh_password_mismatch",
-              "hostapd_oom_wpa2_psk_connect",
-              "ap_hs20_fetch_osu_stop",
-              "ap_roam_wpa2_psk",
-              "ibss_wpa_none_ccmp",
-              "nfc_wps_er_handover_pk_hash_mismatch_sta",
-              "go_neg_peers_force_diff_freq",
-              "p2p_cli_invite",
-              "sta_ap_scan_2b",
-              "ap_pmf_sta_unprot_deauth_burst",
-              "ap_bss_add_remove_during_ht_scan",
-              "wext_scan_hidden",
-              "autoscan_exponential",
-              "nfc_p2p_client",
-              "wnm_bss_keep_alive",
-              "ap_inactivity_disconnect",
-              "scan_bss_expiration_age",
-              "autoscan_periodic",
-              "discovery_group_client",
-              "concurrent_p2pcli",
-              "ap_bss_add_remove",
-              "wpas_ap_wps",
-              "wext_pmksa_cache",
-              "ibss_wpa_none",
-              "ap_ht_40mhz_intolerant_ap",
-              "ibss_rsn",
-              "discovery_pd_retries",
-              "ap_wps_setup_locked_timeout",
-              "ap_vht160",
-              'he160',
-              'he160b',
-              "dfs_radar",
-              "dfs",
-              "dfs_ht40_minus",
-              "dfs_etsi",
-              "dfs_radar_vht80_downgrade",
-              "ap_acs_dfs",
-              "grpform_cred_ready_timeout",
-              "hostapd_oom_wpa2_eap_connect",
-              "wpas_ap_dfs",
-              "autogo_many",
-              "hostapd_oom_wpa2_eap",
-              "ibss_open",
-              "proxyarp_open_ebtables",
-              "proxyarp_open_ebtables_ipv6",
-              "radius_failover",
-              "obss_scan_40_intolerant",
-              "dbus_connect_oom",
-              "proxyarp_open",
-              "proxyarp_open_ipv6",
-              "ap_wps_iteration",
-              "ap_wps_iteration_error",
-              "ap_wps_pbc_timeout",
-              "ap_wps_pbc_ap_timeout",
-              "ap_wps_pin_ap_timeout",
-              "ap_wps_http_timeout",
-              "p2p_go_move_reg_change",
-              "p2p_go_move_active",
-              "p2p_go_move_scm",
-              "p2p_go_move_scm_peer_supports",
-              "p2p_go_move_scm_peer_does_not_support",
-              "p2p_go_move_scm_multi"]
-
-def get_failed(vm):
-    failed = []
-    for i in range(num_servers):
-        failed += vm[i]['failed']
-    return failed
-
-def vm_read_stdout(vm, test_queue):
-    global total_started, total_passed, total_failed, total_skipped
-    global rerun_failures
-    global first_run_failures
-
-    ready = False
-    try:
-        out = vm['proc'].stdout.read()
-        if out == None:
-            return False
-        out = out.decode()
-    except IOError as e:
-        if e.errno == errno.EAGAIN:
-            return False
-        raise
-    logger.debug("VM[%d] stdout.read[%s]" % (vm['idx'], out.rstrip()))
-    pending = vm['pending'] + out
-    lines = []
-    while True:
-        pos = pending.find('\n')
-        if pos < 0:
-            break
-        line = pending[0:pos].rstrip()
-        pending = pending[(pos + 1):]
-        logger.debug("VM[%d] stdout full line[%s]" % (vm['idx'], line))
-        if line.startswith("READY"):
-            vm['starting'] = False
-            vm['started'] = True
-            ready = True
-        elif line.startswith("PASS"):
-            ready = True
-            total_passed += 1
-        elif line.startswith("FAIL"):
-            ready = True
-            total_failed += 1
-            vals = line.split(' ')
-            if len(vals) < 2:
-                logger.info("VM[%d] incomplete FAIL line: %s" % (vm['idx'],
-                                                                 line))
-                name = line
-            else:
-                name = vals[1]
-            logger.debug("VM[%d] test case failed: %s" % (vm['idx'], name))
-            vm['failed'].append(name)
-            if name != vm['current_name']:
-                logger.info("VM[%d] test result mismatch: %s (expected %s)" % (vm['idx'], name, vm['current_name']))
-            else:
-                count = vm['current_count']
-                if count == 0:
-                    first_run_failures.append(name)
-                if rerun_failures and count < 1:
-                    logger.debug("Requeue test case %s" % name)
-                    test_queue.append((name, vm['current_count'] + 1))
-        elif line.startswith("NOT-FOUND"):
-            ready = True
-            total_failed += 1
-            logger.info("VM[%d] test case not found" % vm['idx'])
-        elif line.startswith("SKIP"):
-            ready = True
-            total_skipped += 1
-        elif line.startswith("REASON"):
-            vm['skip_reason'].append(line[7:])
-        elif line.startswith("START"):
-            total_started += 1
-            if len(vm['failed']) == 0:
-                vals = line.split(' ')
-                if len(vals) >= 2:
-                    vm['fail_seq'].append(vals[1])
-        vm['out'] += line + '\n'
-        lines.append(line)
-    vm['pending'] = pending
-    return ready
-
-def start_vm(vm, sel):
-    logger.info("VM[%d] starting up" % (vm['idx'] + 1))
-    vm['starting'] = True
-    vm['proc'] = subprocess.Popen(vm['cmd'],
-                                  stdin=subprocess.PIPE,
-                                  stdout=subprocess.PIPE,
-                                  stderr=subprocess.PIPE)
-    vm['cmd'] = None
-    for stream in [vm['proc'].stdout, vm['proc'].stderr]:
-        fd = stream.fileno()
-        fl = fcntl.fcntl(fd, fcntl.F_GETFL)
-        fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
-        sel.register(stream, selectors.EVENT_READ, vm)
-
-def num_vm_starting():
-    count = 0
-    for i in range(num_servers):
-        if vm[i]['starting']:
-            count += 1
-    return count
-
-def vm_read_stderr(vm):
-    try:
-        err = vm['proc'].stderr.read()
-        if err != None:
-            err = err.decode()
-            if len(err) > 0:
-                vm['err'] += err
-                logger.info("VM[%d] stderr.read[%s]" % (vm['idx'], err))
-    except IOError as e:
-        if e.errno != errno.EAGAIN:
-            raise
-
-def vm_next_step(_vm, scr, test_queue):
-    scr.move(_vm['idx'] + 1, 10)
-    scr.clrtoeol()
-    if not test_queue:
-        _vm['proc'].stdin.write(b'\n')
-        _vm['proc'].stdin.flush()
-        scr.addstr("shutting down")
-        logger.info("VM[%d] shutting down" % _vm['idx'])
-        return
-    (name, count) = test_queue.pop(0)
-    _vm['current_name'] = name
-    _vm['current_count'] = count
-    _vm['proc'].stdin.write(name.encode() + b'\n')
-    _vm['proc'].stdin.flush()
-    scr.addstr(name)
-    logger.debug("VM[%d] start test %s" % (_vm['idx'], name))
-
-def check_vm_start(scr, sel, test_queue):
-    running = False
-    for i in range(num_servers):
-        if vm[i]['proc']:
-            running = True
-            continue
-
-        # Either not yet started or already stopped VM
-        max_start = multiprocessing.cpu_count()
-        if max_start > 4:
-            max_start /= 2
-        num_starting = num_vm_starting()
-        if vm[i]['cmd'] and len(test_queue) > num_starting and \
-           num_starting < max_start:
-            scr.move(i + 1, 10)
-            scr.clrtoeol()
-            scr.addstr(i + 1, 10, "starting VM")
-            start_vm(vm[i], sel)
-            return True, True
-
-    return running, False
-
-def vm_terminated(_vm, scr, sel, test_queue):
-    updated = False
-    for stream in [_vm['proc'].stdout, _vm['proc'].stderr]:
-        sel.unregister(stream)
-    _vm['proc'] = None
-    scr.move(_vm['idx'] + 1, 10)
-    scr.clrtoeol()
-    log = '{}/{}.srv.{}/console'.format(dir, timestamp, _vm['idx'] + 1)
-    with open(log, 'r') as f:
-        if "Kernel panic" in f.read():
-            scr.addstr("kernel panic")
-            logger.info("VM[%d] kernel panic" % _vm['idx'])
-            updated = True
-    if test_queue:
-        num_vm = 0
-        for i in range(num_servers):
-            if _vm['proc']:
-                num_vm += 1
-        if len(test_queue) > num_vm:
-            scr.addstr("unexpected exit")
-            logger.info("VM[%d] unexpected exit" % i)
-            updated = True
-    return updated
-
-def update_screen(scr, total_tests):
-    scr.move(num_servers + 1, 10)
-    scr.clrtoeol()
-    scr.addstr("{} %".format(int(100.0 * (total_passed + total_failed + total_skipped) / total_tests)))
-    scr.addstr(num_servers + 1, 20,
-               "TOTAL={} STARTED={} PASS={} FAIL={} SKIP={}".format(total_tests, total_started, total_passed, total_failed, total_skipped))
-    failed = get_failed(vm)
-    if len(failed) > 0:
-        scr.move(num_servers + 2, 0)
-        scr.clrtoeol()
-        scr.addstr("Failed test cases: ")
-        count = 0
-        for f in failed:
-            count += 1
-            if count > 30:
-                scr.addstr('...')
-                scr.clrtoeol()
-                break
-            scr.addstr(f)
-            scr.addstr(' ')
-    scr.refresh()
-
-def show_progress(scr):
-    global num_servers
-    global vm
-    global dir
-    global timestamp
-    global tests
-    global first_run_failures
-    global total_started, total_passed, total_failed, total_skipped
-    global rerun_failures
-
-    sel = selectors.DefaultSelector()
-    total_tests = len(tests)
-    logger.info("Total tests: %d" % total_tests)
-    test_queue = [(t, 0) for t in tests]
-    start_vm(vm[0], sel)
-
-    scr.leaveok(1)
-    scr.addstr(0, 0, "Parallel test execution status", curses.A_BOLD)
-    for i in range(0, num_servers):
-        scr.addstr(i + 1, 0, "VM %d:" % (i + 1), curses.A_BOLD)
-        status = "starting VM" if vm[i]['proc'] else "not yet started"
-        scr.addstr(i + 1, 10, status)
-    scr.addstr(num_servers + 1, 0, "Total:", curses.A_BOLD)
-    scr.addstr(num_servers + 1, 20, "TOTAL={} STARTED=0 PASS=0 FAIL=0 SKIP=0".format(total_tests))
-    scr.refresh()
-
-    while True:
-        updated = False
-        events = sel.select(timeout=1)
-        for key, mask in events:
-            _vm = key.data
-            if not _vm['proc']:
-                continue
-            vm_read_stderr(_vm)
-            if vm_read_stdout(_vm, test_queue):
-                vm_next_step(_vm, scr, test_queue)
-                updated = True
-            vm_read_stderr(_vm)
-            if _vm['proc'].poll() is not None:
-                if vm_terminated(_vm, scr, sel, test_queue):
-                    updated = True
-
-        running, run_update = check_vm_start(scr, sel, test_queue)
-        if updated or run_update:
-            update_screen(scr, total_tests)
-        if not running:
-            break
-    sel.close()
-
-    for i in range(num_servers):
-        if not vm[i]['proc']:
-            continue
-        vm[i]['proc'] = None
-        scr.move(i + 1, 10)
-        scr.clrtoeol()
-        scr.addstr("still running")
-        logger.info("VM[%d] still running" % i)
-
-    scr.refresh()
-    time.sleep(0.3)
-
-def known_output(tests, line):
-    if not line:
-        return True
-    if line in tests:
-        return True
-    known = ["START ", "PASS ", "FAIL ", "SKIP ", "REASON ", "ALL-PASSED",
-             "READY",
-             "  ", "Exception: ", "Traceback (most recent call last):",
-             "./run-all.sh: running",
-             "./run-all.sh: passing",
-             "Test run completed", "Logfiles are at", "Starting test run",
-             "passed all", "skipped ", "failed tests:"]
-    for k in known:
-        if line.startswith(k):
-            return True
-    return False
-
-def main():
-    import argparse
-    import os
-    global num_servers
-    global vm
-    global dir
-    global timestamp
-    global tests
-    global first_run_failures
-    global total_started, total_passed, total_failed, total_skipped
-    global rerun_failures
-
-    total_started = 0
-    total_passed = 0
-    total_failed = 0
-    total_skipped = 0
-
-    debug_level = logging.INFO
-    rerun_failures = True
-    timestamp = int(time.time())
-
-    scriptsdir = os.path.dirname(os.path.realpath(sys.argv[0]))
-
-    p = argparse.ArgumentParser(description='run multiple testing VMs in parallel')
-    p.add_argument('num_servers', metavar='number of VMs', type=int, choices=range(1, 100),
-                   help="number of VMs to start")
-    p.add_argument('-f', dest='testmodules', metavar='<test module>',
-                   help='execute only tests from these test modules',
-                   type=str, nargs='+')
-    p.add_argument('-1', dest='no_retry', action='store_const', const=True, default=False,
-                   help="don't retry failed tests automatically")
-    p.add_argument('--debug', dest='debug', action='store_const', const=True, default=False,
-                   help="enable debug logging")
-    p.add_argument('--codecov', dest='codecov', action='store_const', const=True, default=False,
-                   help="enable code coverage collection")
-    p.add_argument('--shuffle-tests', dest='shuffle', action='store_const', const=True, default=False,
-                   help="shuffle test cases to randomize order")
-    p.add_argument('--short', dest='short', action='store_const', const=True,
-                   default=False,
-                   help="only run short-duration test cases")
-    p.add_argument('--long', dest='long', action='store_const', const=True,
-                   default=False,
-                   help="include long-duration test cases")
-    p.add_argument('--valgrind', dest='valgrind', action='store_const',
-                   const=True, default=False,
-                   help="run tests under valgrind")
-    p.add_argument('--telnet', dest='telnet', metavar='<baseport>', type=int,
-                   help="enable telnet server inside VMs, specify the base port here")
-    p.add_argument('--nocurses', dest='nocurses', action='store_const',
-                   const=True, default=False, help="Don't use curses for output")
-    p.add_argument('params', nargs='*')
-    args = p.parse_args()
-
-    dir = os.environ.get('HWSIM_TEST_LOG_DIR', '/tmp/hwsim-test-logs')
-    try:
-        os.makedirs(dir)
-    except OSError as e:
-        if e.errno != errno.EEXIST:
-            raise
-
-    num_servers = args.num_servers
-    rerun_failures = not args.no_retry
-    if args.debug:
-        debug_level = logging.DEBUG
-    extra_args = []
-    if args.valgrind:
-        extra_args += ['--valgrind']
-    if args.long:
-        extra_args += ['--long']
-    if args.codecov:
-        print("Code coverage - build separate binaries")
-        logdir = os.path.join(dir, str(timestamp))
-        os.makedirs(logdir)
-        subprocess.check_call([os.path.join(scriptsdir, 'build-codecov.sh'),
-                               logdir])
-        codecov_args = ['--codecov_dir', logdir]
-        codecov = True
-    else:
-        codecov_args = []
-        codecov = False
-
-    first_run_failures = []
-    if args.params:
-        tests = args.params
-    else:
-        tests = []
-        cmd = [os.path.join(os.path.dirname(scriptsdir), 'run-tests.py'), '-L']
-        if args.testmodules:
-            cmd += ["-f"]
-            cmd += args.testmodules
-        lst = subprocess.Popen(cmd, stdout=subprocess.PIPE)
-        for l in lst.stdout.readlines():
-            name = l.decode().split(' ')[0]
-            tests.append(name)
-    if len(tests) == 0:
-        sys.exit("No test cases selected")
-
-    if args.shuffle:
-        from random import shuffle
-        shuffle(tests)
-    elif num_servers > 2 and len(tests) > 100:
-        # Move test cases with long duration to the beginning as an
-        # optimization to avoid last part of the test execution running a long
-        # duration test case on a single VM while all other VMs have already
-        # completed their work.
-        for l in long_tests:
-            if l in tests:
-                tests.remove(l)
-                tests.insert(0, l)
-    if args.short:
-        tests = [t for t in tests if t not in long_tests]
-
-    logger.setLevel(debug_level)
-    if not args.nocurses:
-        log_handler = logging.FileHandler('parallel-vm.log')
-    else:
-        log_handler = logging.StreamHandler(sys.stdout)
-    log_handler.setLevel(debug_level)
-    fmt = "%(asctime)s %(levelname)s %(message)s"
-    log_formatter = logging.Formatter(fmt)
-    log_handler.setFormatter(log_formatter)
-    logger.addHandler(log_handler)
-
-    vm = {}
-    for i in range(0, num_servers):
-        cmd = [os.path.join(scriptsdir, 'vm-run.sh'),
-               '--timestamp', str(timestamp),
-               '--ext', 'srv.%d' % (i + 1),
-               '-i'] + codecov_args + extra_args
-        if args.telnet:
-            cmd += ['--telnet', str(args.telnet + i)]
-        vm[i] = {}
-        vm[i]['idx'] = i
-        vm[i]['starting'] = False
-        vm[i]['started'] = False
-        vm[i]['cmd'] = cmd
-        vm[i]['proc'] = None
-        vm[i]['out'] = ""
-        vm[i]['pending'] = ""
-        vm[i]['err'] = ""
-        vm[i]['failed'] = []
-        vm[i]['fail_seq'] = []
-        vm[i]['skip_reason'] = []
-    print('')
-
-    if not args.nocurses:
-        curses.wrapper(show_progress)
-    else:
-        class FakeScreen:
-            def leaveok(self, n):
-                pass
-            def refresh(self):
-                pass
-            def addstr(self, *args, **kw):
-                pass
-            def move(self, x, y):
-                pass
-            def clrtoeol(self):
-                pass
-        show_progress(FakeScreen())
-
-    with open('{}/{}-parallel.log'.format(dir, timestamp), 'w') as f:
-        for i in range(0, num_servers):
-            f.write('VM {}\n{}\n{}\n'.format(i + 1, vm[i]['out'], vm[i]['err']))
-        first = True
-        for i in range(0, num_servers):
-            for line in vm[i]['out'].splitlines():
-                if line.startswith("FAIL "):
-                    if first:
-                        first = False
-                        print("Logs for failed test cases:")
-                        f.write("Logs for failed test cases:\n")
-                    fname = "%s/%d.srv.%d/%s.log" % (dir, timestamp, i + 1,
-                                                     line.split(' ')[1])
-                    print(fname)
-                    f.write("%s\n" % fname)
-
-    failed = get_failed(vm)
-
-    if first_run_failures:
-        print("To re-run same failure sequence(s):")
-        for i in range(0, num_servers):
-            if len(vm[i]['failed']) == 0:
-                continue
-            print("./vm-run.sh", end=' ')
-            if args.long:
-                print("--long", end=' ')
-            skip = len(vm[i]['fail_seq'])
-            skip -= min(skip, 30)
-            for t in vm[i]['fail_seq']:
-                if skip > 0:
-                    skip -= 1
-                    continue
-                print(t, end=' ')
-            print('')
-        print("Failed test cases:")
-        for f in first_run_failures:
-            print(f, end=' ')
-            logger.info("Failed: " + f)
-        print('')
-    double_failed = []
-    for name in failed:
-        double_failed.append(name)
-    for test in first_run_failures:
-        double_failed.remove(test)
-    if not rerun_failures:
-        pass
-    elif failed and not double_failed:
-        print("All failed cases passed on retry")
-        logger.info("All failed cases passed on retry")
-    elif double_failed:
-        print("Failed even on retry:")
-        for f in double_failed:
-            print(f, end=' ')
-            logger.info("Failed on retry: " + f)
-        print('')
-    res = "TOTAL={} PASS={} FAIL={} SKIP={}".format(total_started,
-                                                    total_passed,
-                                                    total_failed,
-                                                    total_skipped)
-    print(res)
-    logger.info(res)
-    print("Logs: " + dir + '/' + str(timestamp))
-    logger.info("Logs: " + dir + '/' + str(timestamp))
-
-    skip_reason = []
-    for i in range(num_servers):
-        if not vm[i]['started']:
-            continue
-        skip_reason += vm[i]['skip_reason']
-        if len(vm[i]['pending']) > 0:
-            logger.info("Unprocessed stdout from VM[%d]: '%s'" %
-                        (i, vm[i]['pending']))
-        log = '{}/{}.srv.{}/console'.format(dir, timestamp, i + 1)
-        with open(log, 'r') as f:
-            if "Kernel panic" in f.read():
-                print("Kernel panic in " + log)
-                logger.info("Kernel panic in " + log)
-    missing = {}
-    missing['OCV not supported'] = 'OCV'
-    missing['sigma_dut not available'] = 'sigma_dut'
-    missing['Skip test case with long duration due to --long not specified'] = 'long'
-    missing['TEST_ALLOC_FAIL not supported' ] = 'TEST_FAIL'
-    missing['TEST_ALLOC_FAIL not supported in the build'] = 'TEST_FAIL'
-    missing['TEST_FAIL not supported' ] = 'TEST_FAIL'
-    missing['veth not supported (kernel CONFIG_VETH)'] = 'KERNEL:CONFIG_VETH'
-    missing['WPA-EAP-SUITE-B-192 not supported'] = 'CONFIG_SUITEB192'
-    missing['WPA-EAP-SUITE-B not supported'] = 'CONFIG_SUITEB'
-    missing['wmediumd not available'] = 'wmediumd'
-    missing['DPP not supported'] = 'CONFIG_DPP'
-    missing['DPP version 2 not supported'] = 'CONFIG_DPP2'
-    missing['EAP method PWD not supported in the build'] = 'CONFIG_EAP_PWD'
-    missing['EAP method TEAP not supported in the build'] = 'CONFIG_EAP_TEAP'
-    missing['FILS not supported'] = 'CONFIG_FILS'
-    missing['FILS-SK-PFS not supported'] = 'CONFIG_FILS_SK_PFS'
-    missing['OWE not supported'] = 'CONFIG_OWE'
-    missing['SAE not supported'] = 'CONFIG_SAE'
-    missing['Not using OpenSSL'] = 'CONFIG_TLS=openssl'
-    missing['wpa_supplicant TLS library is not OpenSSL: internal'] = 'CONFIG_TLS=openssl'
-    missing_items = []
-    other_reasons = []
-    for reason in sorted(set(skip_reason)):
-        if reason in missing:
-            missing_items.append(missing[reason])
-        elif reason.startswith('OCSP-multi not supported with this TLS library'):
-            missing_items.append('OCSP-MULTI')
-        else:
-            other_reasons.append(reason)
-    if missing_items:
-        print("Missing items (SKIP):", missing_items)
-    if other_reasons:
-        print("Other skip reasons:", other_reasons)
-
-    for i in range(num_servers):
-        unknown = ""
-        for line in vm[i]['out'].splitlines():
-            if not known_output(tests, line):
-                unknown += line + "\n"
-        if unknown:
-            print("\nVM %d - unexpected stdout output:\n%s" % (i, unknown))
-        if vm[i]['err']:
-            print("\nVM %d - unexpected stderr output:\n%s\n" % (i, vm[i]['err']))
-
-    if codecov:
-        print("Code coverage - preparing report")
-        for i in range(num_servers):
-            subprocess.check_call([os.path.join(scriptsdir,
-                                                'process-codecov.sh'),
-                                   logdir + ".srv.%d" % (i + 1),
-                                   str(i)])
-        subprocess.check_call([os.path.join(scriptsdir, 'combine-codecov.sh'),
-                               logdir])
-        print("file://%s/index.html" % logdir)
-        logger.info("Code coverage report: file://%s/index.html" % logdir)
-
-    if double_failed or (failed and not rerun_failures):
-        logger.info("Test run complete - failures found")
-        sys.exit(2)
-    if failed:
-        logger.info("Test run complete - failures found on first run; passed on retry")
-        sys.exit(1)
-    logger.info("Test run complete - no failures")
-    sys.exit(0)
-
-if __name__ == "__main__":
-    main()
diff --git a/tests/hwsim/vm/process-codecov.sh b/tests/hwsim/vm/process-codecov.sh
deleted file mode 100755
index d932aa2d011e..000000000000
--- a/tests/hwsim/vm/process-codecov.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-
-LOGDIR=$1
-POSTFIX=$2
-RESTORE=$3
-
-DIR=$PWD
-TMPDIR=/tmp/logs
-
-mv $LOGDIR/alt-wpa_supplicant $TMPDIR
-mv $LOGDIR/alt-hostapd $TMPDIR
-mv $LOGDIR/alt-hostapd-as $TMPDIR
-mv $LOGDIR/alt-hlr_auc_gw $TMPDIR
-
-cd $TMPDIR/alt-wpa_supplicant/wpa_supplicant
-lcov -c -d .. 2> lcov.log | sed s%SF:/tmp/logs/alt-[^/]*/%SF:/tmp/logs/alt-wpa_supplicant/% > $TMPDIR/lcov-wpa_supplicant.info-$POSTFIX &
-
-cd $TMPDIR/alt-hostapd/hostapd
-lcov -c -d .. 2> lcov.log | sed s%SF:/tmp/logs/alt-[^/]*/%SF:/tmp/logs/alt-wpa_supplicant/% > $TMPDIR/lcov-hostapd.info-$POSTFIX &
-
-cd $TMPDIR/alt-hostapd-as/hostapd
-lcov -c -d .. 2> lcov.log | sed s%SF:/tmp/logs/alt-[^/]*/%SF:/tmp/logs/alt-wpa_supplicant/% > $TMPDIR/lcov-hostapd-as.info-$POSTFIX &
-
-cd $TMPDIR/alt-hlr_auc_gw/hostapd
-lcov -c -d .. 2> lcov.log | sed s%SF:/tmp/logs/alt-[^/]*/%SF:/tmp/logs/alt-wpa_supplicant/% > $TMPDIR/lcov-hlr_auc_gw.info-$POSTFIX &
-wait
-
-cd $DIR
-if [ "$RESTORE" == "restore" ]; then
-    mv $TMPDIR/alt-* $LOGDIR
-else
-    rm -r $TMPDIR/alt-wpa_supplicant
-    rm -r $TMPDIR/alt-hostapd
-    rm -r $TMPDIR/alt-hostapd-as
-    rm -r $TMPDIR/alt-hlr_auc_gw
-fi
diff --git a/tests/hwsim/vm/regdb/regulatory.db b/tests/hwsim/vm/regdb/regulatory.db
deleted file mode 100644
index e0db5f8be0f4..000000000000
--- a/tests/hwsim/vm/regdb/regulatory.db
+++ /dev/null
diff --git a/tests/hwsim/vm/regdb/regulatory.db.p7s b/tests/hwsim/vm/regdb/regulatory.db.p7s
deleted file mode 100644
index 730aef4f364c..000000000000
--- a/tests/hwsim/vm/regdb/regulatory.db.p7s
+++ /dev/null
diff --git a/tests/hwsim/vm/uevent.sh b/tests/hwsim/vm/uevent.sh
deleted file mode 100755
index 76e31e76d3be..000000000000
--- a/tests/hwsim/vm/uevent.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-EPATH=$(sed 's/.*EPATH=\([^ ]*\) .*/\1/' /proc/cmdline)
-PATH=/tmp/bin:$EPATH:$PATH
-
-# assume this was a call for CRDA,
-# if not then it won't find a COUNTRY
-# environment variable and exit
-exec crda
diff --git a/tests/hwsim/vm/vm-run.sh b/tests/hwsim/vm/vm-run.sh
deleted file mode 100755
index 06dee068960b..000000000000
--- a/tests/hwsim/vm/vm-run.sh
+++ /dev/null
@@ -1,202 +0,0 @@
-#!/bin/bash
-
-cd "$(dirname $0)"
-
-if [ -z "$TESTDIR" ] ; then
-	TESTDIR=$(pwd)/../
-fi
-
-if [ -n "$HWSIM_TEST_LOG_DIR" ] ; then
-	LOGS="$HWSIM_TEST_LOG_DIR"
-else
-	LOGS=/tmp/hwsim-test-logs
-fi
-
-# increase the memory size if you want to run with valgrind, 512 MB works
-MEMORY=256
-
-# Some ubuntu systems (notably 12.04) have issues with this - since the guest
-# mounts as read-only it should be safe to not specify ,readonly. Override in
-# vm-config if needed (see below)
-ROTAG=,readonly
-
-# set this to ttyS0 to see kvm messages (if something doesn't work)
-KVMOUT=ttyS1
-
-# you can set EPATH if you need anything extra in $PATH inside the VM
-#EPATH=/some/dir
-
-# extra KVM arguments, e.g., -s for gdbserver
-#KVMARGS=-s
-
-# number of channels each hwsim device supports
-CHANNELS=1
-
-test -f vm-config && . vm-config
-test -f ~/.wpas-vm-config && . ~/.wpas-vm-config
-
-if [ -z "$KERNEL" ] && [ -z "$KERNELDIR" ] ; then
-	echo "You need to set a KERNEL or KERNELDIR (in the environment or vm-config)"
-	exit 2
-fi
-if [ -z "$KERNEL" ] ; then
-	if [ -e $KERNELDIR/arch/x86_64/boot/bzImage ]; then
-		KERNEL=$KERNELDIR/arch/x86_64/boot/bzImage
-	elif [ -e $KERNELDIR/linux ]; then
-		KERNEL=$KERNELDIR/linux
-	else
-		echo "No suitable kernel image found from KERNELDIR"
-		exit 2
-	fi
-fi
-if [ ! -e $KERNEL ]; then
-	echo "Kernel image not found: $KERNEL"
-	exit 2
-fi
-
-
-CMD=$TESTDIR/vm/inside.sh
-
-unset RUN_TEST_ARGS
-TIMESTAMP=$(date +%s)
-DATE=$TIMESTAMP
-CODECOV=no
-TIMEWARP=0
-TELNET_QEMU=
-TELNET_ARG=0
-CODECOV_DIR=
-while [ "$1" != "" ]; do
-	case $1 in
-		--timestamp ) shift
-			TIMESTAMP=$1
-			shift
-			;;
-		--ext ) shift
-			DATE=$TIMESTAMP.$1
-			shift
-			;;
-		--codecov ) shift
-			CODECOV=yes
-			;;
-		--codecov_dir ) shift
-			CODECOV_DIR=$1
-			shift
-			;;
-		--timewrap ) shift
-			TIMEWARP=1
-			;;
-		--telnet ) shift
-			TELNET_ARG=1
-			TELNET_QEMU="-net nic,model=virtio -net user,id=telnet,restrict=on,net=172.16.0.0/24,hostfwd=tcp:127.0.0.1:$1-:23"
-			shift
-			;;
-		* )
-			RUN_TEST_ARGS="$RUN_TEST_ARGS$1 "
-			shift
-			;;
-	esac
-done
-
-LOGDIR=$LOGS/$DATE
-mkdir -p $LOGDIR
-rm -f $LOGS/latest
-ln -s $LOGDIR $LOGS/latest
-
-if [ -n "$CODECOV_DIR" ]; then
-    cp -a $CODECOV_DIR/alt-wpa_supplicant $LOGDIR
-    cp -a $CODECOV_DIR/alt-hostapd $LOGDIR
-    cp -a $CODECOV_DIR/alt-hostapd-as $LOGDIR
-    cp -a $CODECOV_DIR/alt-hlr_auc_gw $LOGDIR
-elif [ $CODECOV = "yes" ]; then
-    ./build-codecov.sh $LOGDIR || exit 1
-else
-    CODECOV=no
-fi
-
-echo "Starting test run in a virtual machine"
-
-if [ -x $KERNEL ]; then
-	unset KVM
-else
-	KVM=kvm
-	for kvmprog in kvm qemu-kvm; do
-		if $kvmprog --version &> /dev/null; then
-			KVM=$kvmprog
-			break
-		fi
-	done
-fi
-
-argsfile=$(mktemp)
-if [ $? -ne 0 ] ; then
-	exit 2
-fi
-function finish {
-	rm -f $argsfile
-}
-trap finish EXIT
-
-if [ -z $KVM ]; then
-	RUN_TEST_ARGS="--long $RUN_TEST_ARGS"
-fi
-echo "$RUN_TEST_ARGS" > $argsfile
-
-A="mac80211_hwsim.support_p2p_device=0 "
-A+="mac80211_hwsim.channels=$CHANNELS "
-A+="mac80211_hwsim.radios=7 "
-A+="cfg80211.dyndbg=+p "
-A+="mac80211.dyndbg=+p "
-A+="mac80211_hwsim.dyndbg=+p "
-A+="init=$CMD "
-A+="testdir=$TESTDIR "
-A+="timewarp=$TIMEWARP "
-A+="TELNET=$TELNET_ARG "
-A+="EPATH=$EPATH "
-A+="ARGS=$argsfile "
-A+="console=$KVMOUT "
-A+="ro"
-
-if [ -z $KVM ]; then
-	$KERNEL \
-	     mem=${MEMORY}M \
-	     LOGDIR=$LOGDIR \
-	     time-travel=inf-cpu \
-	     $A \
-	     root=none hostfs=/ rootfstype=hostfs rootflags=/ \
-	     ssl0=fd:0,fd:1 \
-	     ssl1=fd:100 \
-	     ssl-non-raw \
-	     100<>$LOGDIR/console 2>&1 | \
-	    sed -u '0,/VM has started up/d'
-else
-	$KVM \
-	    -kernel $KERNEL \
-	    -smp 4 \
-	    $KVMARGS \
-	    -m $MEMORY \
-	    -nographic \
-	    -fsdev local,security_model=none,id=fsdev-root,path=/$ROTAG \
-	    -device virtio-9p-pci,id=fs-root,fsdev=fsdev-root,mount_tag=/dev/root \
-	    -fsdev local,security_model=none,id=fsdev-logs,path="$LOGDIR",writeout=immediate \
-	    -device virtio-9p-pci,id=fs-logs,fsdev=fsdev-logs,mount_tag=logshare \
-	    -monitor null \
-	    -serial stdio \
-	    -serial file:$LOGDIR/console \
-	    $TELNET_QEMU \
-	    -append "$A root=/dev/root rootflags=trans=virtio,version=9p2000.u rootfstype=9p" | \
-	    sed -u '0,/VM has started up/d'
-fi
-
-if [ $CODECOV = "yes" ]; then
-    echo "Preparing code coverage reports"
-    ./process-codecov.sh $LOGDIR "" restore
-    ./combine-codecov.sh $LOGDIR lcov
-fi
-
-echo
-echo "Test run completed"
-echo "Logfiles are at $LOGDIR ($LOGS/latest)"
-if [ $CODECOV = "yes" ]; then
-    echo "Code coverage report:"
-    echo "file://$LOGDIR/lcov/index.html"
-fi
diff --git a/tests/hwsim/w1fi_logo.png b/tests/hwsim/w1fi_logo.png
deleted file mode 100644
index ac7c259fff2e..000000000000
--- a/tests/hwsim/w1fi_logo.png
+++ /dev/null
diff --git a/tests/hwsim/wlantest.py b/tests/hwsim/wlantest.py
deleted file mode 100644
index 16765d27a9de..000000000000
--- a/tests/hwsim/wlantest.py
+++ /dev/null
@@ -1,277 +0,0 @@
-# Python class for controlling wlantest
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import re
-import os
-import posixpath
-import time
-import subprocess
-import logging
-import wpaspy
-
-logger = logging.getLogger()
-
-class Wlantest:
-    remote_host = None
-    setup_params = None
-    exe_thread = None
-    exe_res = []
-    monitor_mod = None
-    setup_done = False
-
-    @classmethod
-    def stop_remote_wlantest(cls):
-        if cls.exe_thread is None:
-            # Local flow - no need for remote operations
-            return
-
-        cls.remote_host.execute(["killall", "-9", "wlantest"])
-        cls.remote_host.thread_wait(cls.exe_thread, 5)
-        cls.exe_thread = None
-        cls.exe_res = []
-
-    @classmethod
-    def reset_remote_wlantest(cls):
-        cls.stop_remote_wlantest()
-        cls.remote_host = None
-        cls.setup_params = None
-        cls.exe_thread = None
-        cls.exe_res = []
-        cls.monitor_mod = None
-        cls.setup_done = False
-
-    @classmethod
-    def start_remote_wlantest(cls):
-        if cls.remote_host is None:
-            # Local flow - no need for remote operations
-            return
-        if cls.exe_thread is not None:
-            raise Exception("Cannot start wlantest twice")
-
-        log_dir = cls.setup_params['log_dir']
-        ifaces = re.split('; | |, ', cls.remote_host.ifname)
-        ifname = ifaces[0]
-        exe = cls.setup_params["wlantest"]
-        tc_name = cls.setup_params["tc_name"]
-        base_log_name = tc_name + "_wlantest_" + \
-                        cls.remote_host.name + "_" + ifname
-        log_file = posixpath.join(log_dir, base_log_name + ".log")
-        pcap_file = posixpath.join(log_dir, base_log_name + ".pcapng")
-        cmd = "{} -i {} -n {} -c -dtN -L {}".format(exe, ifname,
-                                                    pcap_file, log_file)
-        cls.remote_host.add_log(log_file)
-        cls.remote_host.add_log(pcap_file)
-        cls.exe_thread = cls.remote_host.thread_run(cmd.split(), cls.exe_res)
-        # Give wlantest a chance to start working
-        time.sleep(1)
-
-    @classmethod
-    def register_remote_wlantest(cls, host, setup_params, monitor_mod):
-        if cls.remote_host is not None:
-            raise Exception("Cannot register remote wlantest twice")
-        cls.remote_host = host
-        cls.setup_params = setup_params
-        cls.monitor_mod = monitor_mod
-        status, buf = host.execute(["which", setup_params['wlantest']])
-        if status != 0:
-            raise Exception(host.name + " - wlantest: " + buf)
-        status, buf = host.execute(["which", setup_params['wlantest_cli']])
-        if status != 0:
-            raise Exception(host.name + " - wlantest_cli: " + buf)
-
-    @classmethod
-    def chan_from_wpa(cls, wpa, is_p2p=False):
-        if cls.monitor_mod is None:
-            return
-        m = cls.monitor_mod
-        return m.setup(cls.remote_host, [m.get_monitor_params(wpa, is_p2p)])
-
-    @classmethod
-    def setup(cls, wpa, is_p2p=False):
-        if wpa:
-            cls.chan_from_wpa(wpa, is_p2p)
-        cls.start_remote_wlantest()
-        cls.setup_done = True
-
-    def __init__(self):
-        if not self.setup_done:
-            raise Exception("Cannot create Wlantest instance before setup()")
-        if os.path.isfile('../../wlantest/wlantest_cli'):
-            self.wlantest_cli = '../../wlantest/wlantest_cli'
-        else:
-            self.wlantest_cli = 'wlantest_cli'
-
-    def cli_cmd(self, params):
-        if self.remote_host is not None:
-            exe = self.setup_params["wlantest_cli"]
-            ret = self.remote_host.execute([exe] + params)
-            if ret[0] != 0:
-                raise Exception("wlantest_cli failed")
-            return ret[1]
-        else:
-            return subprocess.check_output([self.wlantest_cli] + params).decode()
-
-    def flush(self):
-        res = self.cli_cmd(["flush"])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli flush failed")
-
-    def relog(self):
-        res = self.cli_cmd(["relog"])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli relog failed")
-
-    def add_passphrase(self, passphrase):
-        res = self.cli_cmd(["add_passphrase", passphrase])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli add_passphrase failed")
-
-    def add_wepkey(self, key):
-        res = self.cli_cmd(["add_wepkey", key])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli add_key failed")
-
-    def info_bss(self, field, bssid):
-        res = self.cli_cmd(["info_bss", field, bssid])
-        if "FAIL" in res:
-            raise Exception("Could not get BSS info from wlantest for " + bssid)
-        return res
-
-    def get_bss_counter(self, field, bssid):
-        try:
-            res = self.cli_cmd(["get_bss_counter", field, bssid])
-        except Exception as e:
-            return 0
-        if "FAIL" in res:
-            return 0
-        return int(res)
-
-    def clear_bss_counters(self, bssid):
-        self.cli_cmd(["clear_bss_counters", bssid])
-
-    def info_sta(self, field, bssid, addr):
-        res = self.cli_cmd(["info_sta", field, bssid, addr])
-        if "FAIL" in res:
-            raise Exception("Could not get STA info from wlantest for " + addr)
-        return res
-
-    def get_sta_counter(self, field, bssid, addr):
-        res = self.cli_cmd(["get_sta_counter", field, bssid, addr])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli command failed")
-        return int(res)
-
-    def clear_sta_counters(self, bssid, addr):
-        res = self.cli_cmd(["clear_sta_counters", bssid, addr])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli command failed")
-
-    def tdls_clear(self, bssid, addr1, addr2):
-        self.cli_cmd(["clear_tdls_counters", bssid, addr1, addr2])
-
-    def get_tdls_counter(self, field, bssid, addr1, addr2):
-        res = self.cli_cmd(["get_tdls_counter", field, bssid, addr1, addr2])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli command failed")
-        return int(res)
-
-    def require_ap_pmf_mandatory(self, bssid):
-        res = self.info_bss("rsn_capab", bssid)
-        if "MFPR" not in res:
-            raise Exception("AP did not require PMF")
-        if "MFPC" not in res:
-            raise Exception("AP did not enable PMF")
-        res = self.info_bss("key_mgmt", bssid)
-        if "PSK-SHA256" not in res:
-            raise Exception("AP did not enable SHA256-based AKM for PMF")
-
-    def require_ap_pmf_optional(self, bssid):
-        res = self.info_bss("rsn_capab", bssid)
-        if "MFPR" in res:
-            raise Exception("AP required PMF")
-        if "MFPC" not in res:
-            raise Exception("AP did not enable PMF")
-
-    def require_ap_no_pmf(self, bssid):
-        res = self.info_bss("rsn_capab", bssid)
-        if "MFPR" in res:
-            raise Exception("AP required PMF")
-        if "MFPC" in res:
-            raise Exception("AP enabled PMF")
-
-    def require_sta_pmf_mandatory(self, bssid, addr):
-        res = self.info_sta("rsn_capab", bssid, addr)
-        if "MFPR" not in res:
-            raise Exception("STA did not require PMF")
-        if "MFPC" not in res:
-            raise Exception("STA did not enable PMF")
-
-    def require_sta_pmf(self, bssid, addr):
-        res = self.info_sta("rsn_capab", bssid, addr)
-        if "MFPC" not in res:
-            raise Exception("STA did not enable PMF")
-
-    def require_sta_no_pmf(self, bssid, addr):
-        res = self.info_sta("rsn_capab", bssid, addr)
-        if "MFPC" in res:
-            raise Exception("STA enabled PMF")
-
-    def require_sta_key_mgmt(self, bssid, addr, key_mgmt):
-        res = self.info_sta("key_mgmt", bssid, addr)
-        if key_mgmt not in res:
-            raise Exception("Unexpected STA key_mgmt")
-
-    def get_tx_tid(self, bssid, addr, tid):
-        res = self.cli_cmd(["get_tx_tid", bssid, addr, str(tid)])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli command failed")
-        return int(res)
-
-    def get_rx_tid(self, bssid, addr, tid):
-        res = self.cli_cmd(["get_rx_tid", bssid, addr, str(tid)])
-        if "FAIL" in res:
-            raise Exception("wlantest_cli command failed")
-        return int(res)
-
-    def get_tid_counters(self, bssid, addr):
-        tx = {}
-        rx = {}
-        for tid in range(0, 17):
-            tx[tid] = self.get_tx_tid(bssid, addr, tid)
-            rx[tid] = self.get_rx_tid(bssid, addr, tid)
-        return [tx, rx]
-
-class WlantestCapture:
-    def __init__(self, ifname, output, netns=None):
-        self.cmd = None
-        self.ifname = ifname
-        if os.path.isfile('../../wlantest/wlantest'):
-            bin = '../../wlantest/wlantest'
-        else:
-            bin = 'wlantest'
-        logger.debug("wlantest[%s] starting" % ifname)
-        args = [bin, '-e', '-i', ifname, '-w', output]
-        if netns:
-            args = ['ip', 'netns', 'exec', netns] + args
-        self.cmd = subprocess.Popen(args,
-                                    stdout=subprocess.PIPE,
-                                    stderr=subprocess.PIPE)
-
-    def __del__(self):
-        if self.cmd:
-            self.close()
-
-    def close(self):
-        logger.debug("wlantest[%s] stopping" % self.ifname)
-        self.cmd.terminate()
-        res = self.cmd.communicate()
-        if len(res[0]) > 0:
-            logger.debug("wlantest[%s] stdout: %s" % (self.ifname,
-                                                      res[0].decode().strip()))
-        if len(res[1]) > 0:
-            logger.debug("wlantest[%s] stderr: %s" % (self.ifname,
-                                                      res[1].decode().strip()))
-        self.cmd = None
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
deleted file mode 100644
index 160aa3e2df88..000000000000
--- a/tests/hwsim/wpasupplicant.py
+++ /dev/null
@@ -1,1652 +0,0 @@
-# Python class for controlling wpa_supplicant
-# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import time
-import logging
-import binascii
-import re
-import struct
-import wpaspy
-import remotehost
-import subprocess
-
-logger = logging.getLogger()
-wpas_ctrl = '/var/run/wpa_supplicant'
-
-class WpaSupplicant:
-    def __init__(self, ifname=None, global_iface=None, hostname=None,
-                 port=9877, global_port=9878, monitor=True):
-        self.monitor = monitor
-        self.hostname = hostname
-        self.group_ifname = None
-        self.global_mon = None
-        self.global_ctrl = None
-        self.gctrl_mon = None
-        self.ctrl = None
-        self.mon = None
-        self.ifname = None
-        self.host = remotehost.Host(hostname, ifname)
-        self._group_dbg = None
-        if ifname:
-            self.set_ifname(ifname, hostname, port)
-            res = self.get_driver_status()
-            if 'capa.flags' in res and int(res['capa.flags'], 0) & 0x20000000:
-                self.p2p_dev_ifname = 'p2p-dev-' + self.ifname
-            else:
-                self.p2p_dev_ifname = ifname
-
-        self.global_iface = global_iface
-        if global_iface:
-            if hostname != None:
-                self.global_ctrl = wpaspy.Ctrl(hostname, global_port)
-                if self.monitor:
-                    self.global_mon = wpaspy.Ctrl(hostname, global_port)
-                self.global_dbg = hostname + "/" + str(global_port) + "/"
-            else:
-                self.global_ctrl = wpaspy.Ctrl(global_iface)
-                if self.monitor:
-                    self.global_mon = wpaspy.Ctrl(global_iface)
-                self.global_dbg = ""
-            if self.monitor:
-                self.global_mon.attach()
-
-    def __del__(self):
-        self.close_monitor()
-        self.close_control()
-
-    def close_control_ctrl(self):
-        if self.ctrl:
-            del self.ctrl
-            self.ctrl = None
-
-    def close_control_global(self):
-        if self.global_ctrl:
-            del self.global_ctrl
-            self.global_ctrl = None
-
-    def close_control(self):
-        self.close_control_ctrl()
-        self.close_control_global()
-
-    def close_monitor_mon(self):
-        if not self.mon:
-            return
-        try:
-            while self.mon.pending():
-                ev = self.mon.recv()
-                logger.debug(self.dbg + ": " + ev)
-        except:
-            pass
-        try:
-            self.mon.detach()
-        except ConnectionRefusedError:
-            pass
-        except Exception as e:
-            if str(e) == "DETACH failed":
-                pass
-            else:
-                raise
-        del self.mon
-        self.mon = None
-
-    def close_monitor_global(self):
-        if not self.global_mon:
-            return
-        try:
-            while self.global_mon.pending():
-                ev = self.global_mon.recv()
-                logger.debug(self.global_dbg + ": " + ev)
-        except:
-            pass
-        try:
-            self.global_mon.detach()
-        except ConnectionRefusedError:
-            pass
-        except Exception as e:
-            if str(e) == "DETACH failed":
-                pass
-            else:
-                raise
-        del self.global_mon
-        self.global_mon = None
-
-    def close_monitor_group(self):
-        if not self.gctrl_mon:
-            return
-        try:
-            while self.gctrl_mon.pending():
-                ev = self.gctrl_mon.recv()
-                logger.debug(self.dbg + ": " + ev)
-        except:
-            pass
-        try:
-            self.gctrl_mon.detach()
-        except:
-            pass
-        del self.gctrl_mon
-        self.gctrl_mon = None
-
-    def close_monitor(self):
-        self.close_monitor_mon()
-        self.close_monitor_global()
-        self.close_monitor_group()
-
-    def cmd_execute(self, cmd_array, shell=False):
-        if self.hostname is None:
-            if shell:
-                cmd = ' '.join(cmd_array)
-            else:
-                cmd = cmd_array
-            proc = subprocess.Popen(cmd, stderr=subprocess.STDOUT,
-                                    stdout=subprocess.PIPE, shell=shell)
-            out = proc.communicate()[0]
-            ret = proc.returncode
-            return ret, out.decode()
-        else:
-            return self.host.execute(cmd_array)
-
-    def terminate(self):
-        if self.global_mon:
-            self.close_monitor_global()
-            self.global_ctrl.terminate()
-            self.global_ctrl = None
-
-    def close_ctrl(self):
-        self.close_monitor_global()
-        self.close_control_global()
-        self.remove_ifname()
-
-    def set_ifname(self, ifname, hostname=None, port=9877):
-        self.remove_ifname()
-        self.ifname = ifname
-        if hostname != None:
-            self.ctrl = wpaspy.Ctrl(hostname, port)
-            if self.monitor:
-                self.mon = wpaspy.Ctrl(hostname, port)
-            self.host = remotehost.Host(hostname, ifname)
-            self.dbg = hostname + "/" + ifname
-        else:
-            self.ctrl = wpaspy.Ctrl(os.path.join(wpas_ctrl, ifname))
-            if self.monitor:
-                self.mon = wpaspy.Ctrl(os.path.join(wpas_ctrl, ifname))
-            self.dbg = ifname
-        if self.monitor:
-            self.mon.attach()
-
-    def remove_ifname(self):
-        self.close_monitor_mon()
-        self.close_control_ctrl()
-        self.ifname = None
-
-    def get_ctrl_iface_port(self, ifname):
-        if self.hostname is None:
-            return None
-
-        res = self.global_request("INTERFACES ctrl")
-        lines = res.splitlines()
-        found = False
-        for line in lines:
-            words = line.split()
-            if words[0] == ifname:
-                found = True
-                break
-        if not found:
-            raise Exception("Could not find UDP port for " + ifname)
-        res = line.find("ctrl_iface=udp:")
-        if res == -1:
-            raise Exception("Wrong ctrl_interface format")
-        words = line.split(":")
-        return int(words[1])
-
-    def interface_add(self, ifname, config="", driver="nl80211",
-                      drv_params=None, br_ifname=None, create=False,
-                      set_ifname=True, all_params=False, if_type=None):
-        status, groups = self.host.execute(["id"])
-        if status != 0:
-            group = "admin"
-        group = "admin" if "(admin)" in groups else "adm"
-        cmd = "INTERFACE_ADD " + ifname + "\t" + config + "\t" + driver + "\tDIR=/var/run/wpa_supplicant GROUP=" + group
-        if drv_params:
-            cmd = cmd + '\t' + drv_params
-        if br_ifname:
-            if not drv_params:
-                cmd += '\t'
-            cmd += '\t' + br_ifname
-        if create:
-            if not br_ifname:
-                cmd += '\t'
-                if not drv_params:
-                    cmd += '\t'
-            cmd += '\tcreate'
-            if if_type:
-                cmd += '\t' + if_type
-        if all_params and not create:
-            if not br_ifname:
-                cmd += '\t'
-                if not drv_params:
-                    cmd += '\t'
-            cmd += '\t'
-        if "FAIL" in self.global_request(cmd):
-            raise Exception("Failed to add a dynamic wpa_supplicant interface")
-        if not create and set_ifname:
-            port = self.get_ctrl_iface_port(ifname)
-            self.set_ifname(ifname, self.hostname, port)
-            res = self.get_driver_status()
-            if 'capa.flags' in res and int(res['capa.flags'], 0) & 0x20000000:
-                self.p2p_dev_ifname = 'p2p-dev-' + self.ifname
-            else:
-                self.p2p_dev_ifname = ifname
-
-    def interface_remove(self, ifname):
-        self.remove_ifname()
-        self.global_request("INTERFACE_REMOVE " + ifname)
-
-    def request(self, cmd, timeout=10):
-        logger.debug(self.dbg + ": CTRL: " + cmd)
-        return self.ctrl.request(cmd, timeout=timeout)
-
-    def global_request(self, cmd):
-        if self.global_iface is None:
-            return self.request(cmd)
-        else:
-            ifname = self.ifname or self.global_iface
-            logger.debug(self.global_dbg + ifname + ": CTRL(global): " + cmd)
-            return self.global_ctrl.request(cmd)
-
-    @property
-    def group_dbg(self):
-        if self._group_dbg is not None:
-            return self._group_dbg
-        if self.group_ifname is None:
-            raise Exception("Cannot have group_dbg without group_ifname")
-        if self.hostname is None:
-            self._group_dbg = self.group_ifname
-        else:
-            self._group_dbg = self.hostname + "/" + self.group_ifname
-        return self._group_dbg
-
-    def group_request(self, cmd):
-        if self.group_ifname and self.group_ifname != self.ifname:
-            if self.hostname is None:
-                gctrl = wpaspy.Ctrl(os.path.join(wpas_ctrl, self.group_ifname))
-            else:
-                port = self.get_ctrl_iface_port(self.group_ifname)
-                gctrl = wpaspy.Ctrl(self.hostname, port)
-            logger.debug(self.group_dbg + ": CTRL(group): " + cmd)
-            return gctrl.request(cmd)
-        return self.request(cmd)
-
-    def ping(self):
-        return "PONG" in self.request("PING")
-
-    def global_ping(self):
-        return "PONG" in self.global_request("PING")
-
-    def reset(self):
-        self.dump_monitor()
-        res = self.request("FLUSH")
-        if "OK" not in res:
-            logger.info("FLUSH to " + self.ifname + " failed: " + res)
-        self.global_request("REMOVE_NETWORK all")
-        self.global_request("SET p2p_no_group_iface 1")
-        self.global_request("P2P_FLUSH")
-        self.close_monitor_group()
-        self.group_ifname = None
-        self.dump_monitor()
-
-        iter = 0
-        while iter < 60:
-            state1 = self.get_driver_status_field("scan_state")
-            p2pdev = "p2p-dev-" + self.ifname
-            state2 = self.get_driver_status_field("scan_state", ifname=p2pdev)
-            states = str(state1) + " " + str(state2)
-            if "SCAN_STARTED" in states or "SCAN_REQUESTED" in states:
-                logger.info(self.ifname + ": Waiting for scan operation to complete before continuing")
-                time.sleep(1)
-            else:
-                break
-            iter = iter + 1
-        if iter == 60:
-            logger.error(self.ifname + ": Driver scan state did not clear")
-            print("Trying to clear cfg80211/mac80211 scan state")
-            status, buf = self.host.execute(["ifconfig", self.ifname, "down"])
-            if status != 0:
-                logger.info("ifconfig failed: " + buf)
-                logger.info(status)
-            status, buf = self.host.execute(["ifconfig", self.ifname, "up"])
-            if status != 0:
-                logger.info("ifconfig failed: " + buf)
-                logger.info(status)
-        if iter > 0:
-            # The ongoing scan could have discovered BSSes or P2P peers
-            logger.info("Run FLUSH again since scan was in progress")
-            self.request("FLUSH")
-            self.dump_monitor()
-
-        if not self.ping():
-            logger.info("No PING response from " + self.ifname + " after reset")
-
-    def set(self, field, value, allow_fail=False):
-        if "OK" not in self.request("SET " + field + " " + value):
-            if allow_fail:
-                return
-            raise Exception("Failed to set wpa_supplicant parameter " + field)
-
-    def add_network(self):
-        id = self.request("ADD_NETWORK")
-        if "FAIL" in id:
-            raise Exception("ADD_NETWORK failed")
-        return int(id)
-
-    def remove_network(self, id):
-        id = self.request("REMOVE_NETWORK " + str(id))
-        if "FAIL" in id:
-            raise Exception("REMOVE_NETWORK failed")
-        return None
-
-    def get_network(self, id, field):
-        res = self.request("GET_NETWORK " + str(id) + " " + field)
-        if res == "FAIL\n":
-            return None
-        return res
-
-    def set_network(self, id, field, value):
-        res = self.request("SET_NETWORK " + str(id) + " " + field + " " + value)
-        if "FAIL" in res:
-            raise Exception("SET_NETWORK failed")
-        return None
-
-    def set_network_quoted(self, id, field, value):
-        res = self.request("SET_NETWORK " + str(id) + " " + field + ' "' + value + '"')
-        if "FAIL" in res:
-            raise Exception("SET_NETWORK failed")
-        return None
-
-    def p2pdev_request(self, cmd):
-        return self.global_request("IFNAME=" + self.p2p_dev_ifname + " " + cmd)
-
-    def p2pdev_add_network(self):
-        id = self.p2pdev_request("ADD_NETWORK")
-        if "FAIL" in id:
-            raise Exception("p2pdev ADD_NETWORK failed")
-        return int(id)
-
-    def p2pdev_set_network(self, id, field, value):
-        res = self.p2pdev_request("SET_NETWORK " + str(id) + " " + field + " " + value)
-        if "FAIL" in res:
-            raise Exception("p2pdev SET_NETWORK failed")
-        return None
-
-    def p2pdev_set_network_quoted(self, id, field, value):
-        res = self.p2pdev_request("SET_NETWORK " + str(id) + " " + field + ' "' + value + '"')
-        if "FAIL" in res:
-            raise Exception("p2pdev SET_NETWORK failed")
-        return None
-
-    def list_networks(self, p2p=False):
-        if p2p:
-            res = self.global_request("LIST_NETWORKS")
-        else:
-            res = self.request("LIST_NETWORKS")
-        lines = res.splitlines()
-        networks = []
-        for l in lines:
-            if "network id" in l:
-                continue
-            [id, ssid, bssid, flags] = l.split('\t')
-            network = {}
-            network['id'] = id
-            network['ssid'] = ssid
-            network['bssid'] = bssid
-            network['flags'] = flags
-            networks.append(network)
-        return networks
-
-    def hs20_enable(self, auto_interworking=False):
-        self.request("SET interworking 1")
-        self.request("SET hs20 1")
-        if auto_interworking:
-            self.request("SET auto_interworking 1")
-        else:
-            self.request("SET auto_interworking 0")
-
-    def interworking_add_network(self, bssid):
-        id = self.request("INTERWORKING_ADD_NETWORK " + bssid)
-        if "FAIL" in id or "OK" in id:
-            raise Exception("INTERWORKING_ADD_NETWORK failed")
-        return int(id)
-
-    def add_cred(self):
-        id = self.request("ADD_CRED")
-        if "FAIL" in id:
-            raise Exception("ADD_CRED failed")
-        return int(id)
-
-    def remove_cred(self, id):
-        id = self.request("REMOVE_CRED " + str(id))
-        if "FAIL" in id:
-            raise Exception("REMOVE_CRED failed")
-        return None
-
-    def set_cred(self, id, field, value):
-        res = self.request("SET_CRED " + str(id) + " " + field + " " + value)
-        if "FAIL" in res:
-            raise Exception("SET_CRED failed")
-        return None
-
-    def set_cred_quoted(self, id, field, value):
-        res = self.request("SET_CRED " + str(id) + " " + field + ' "' + value + '"')
-        if "FAIL" in res:
-            raise Exception("SET_CRED failed")
-        return None
-
-    def get_cred(self, id, field):
-        return self.request("GET_CRED " + str(id) + " " + field)
-
-    def add_cred_values(self, params):
-        id = self.add_cred()
-
-        quoted = ["realm", "username", "password", "domain", "imsi",
-                  "excluded_ssid", "milenage", "ca_cert", "client_cert",
-                  "private_key", "domain_suffix_match", "provisioning_sp",
-                  "roaming_partner", "phase1", "phase2", "private_key_passwd",
-                  "roaming_consortiums"]
-        for field in quoted:
-            if field in params:
-                self.set_cred_quoted(id, field, params[field])
-
-        not_quoted = ["eap", "roaming_consortium", "priority",
-                      "required_roaming_consortium", "sp_priority",
-                      "max_bss_load", "update_identifier", "req_conn_capab",
-                      "min_dl_bandwidth_home", "min_ul_bandwidth_home",
-                      "min_dl_bandwidth_roaming", "min_ul_bandwidth_roaming"]
-        for field in not_quoted:
-            if field in params:
-                self.set_cred(id, field, params[field])
-
-        return id
-
-    def select_network(self, id, freq=None):
-        if freq:
-            extra = " freq=" + str(freq)
-        else:
-            extra = ""
-        id = self.request("SELECT_NETWORK " + str(id) + extra)
-        if "FAIL" in id:
-            raise Exception("SELECT_NETWORK failed")
-        return None
-
-    def mesh_group_add(self, id):
-        id = self.request("MESH_GROUP_ADD " + str(id))
-        if "FAIL" in id:
-            raise Exception("MESH_GROUP_ADD failed")
-        return None
-
-    def mesh_group_remove(self):
-        id = self.request("MESH_GROUP_REMOVE " + str(self.ifname))
-        if "FAIL" in id:
-            raise Exception("MESH_GROUP_REMOVE failed")
-        return None
-
-    def connect_network(self, id, timeout=None):
-        if timeout is None:
-            timeout = 10 if self.hostname is None else 60
-        self.dump_monitor()
-        self.select_network(id)
-        self.wait_connected(timeout=timeout)
-        self.dump_monitor()
-
-    def get_status(self, extra=None):
-        if extra:
-            extra = "-" + extra
-        else:
-            extra = ""
-        res = self.request("STATUS" + extra)
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            try:
-                [name, value] = l.split('=', 1)
-                vals[name] = value
-            except ValueError as e:
-                logger.info(self.ifname + ": Ignore unexpected STATUS line: " + l)
-        return vals
-
-    def get_status_field(self, field, extra=None):
-        vals = self.get_status(extra)
-        if field in vals:
-            return vals[field]
-        return None
-
-    def get_group_status(self, extra=None):
-        if extra:
-            extra = "-" + extra
-        else:
-            extra = ""
-        res = self.group_request("STATUS" + extra)
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            try:
-                [name, value] = l.split('=', 1)
-            except ValueError:
-                logger.info(self.ifname + ": Ignore unexpected status line: " + l)
-                continue
-            vals[name] = value
-        return vals
-
-    def get_group_status_field(self, field, extra=None):
-        vals = self.get_group_status(extra)
-        if field in vals:
-            return vals[field]
-        return None
-
-    def get_driver_status(self, ifname=None):
-        if ifname is None:
-            res = self.request("STATUS-DRIVER")
-        else:
-            res = self.global_request("IFNAME=%s STATUS-DRIVER" % ifname)
-            if res.startswith("FAIL"):
-                return dict()
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            try:
-                [name, value] = l.split('=', 1)
-            except ValueError:
-                logger.info(self.ifname + ": Ignore unexpected status-driver line: " + l)
-                continue
-            vals[name] = value
-        return vals
-
-    def get_driver_status_field(self, field, ifname=None):
-        vals = self.get_driver_status(ifname)
-        if field in vals:
-            return vals[field]
-        return None
-
-    def get_mcc(self):
-        mcc = int(self.get_driver_status_field('capa.num_multichan_concurrent'))
-        return 1 if mcc < 2 else mcc
-
-    def get_mib(self):
-        res = self.request("MIB")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            try:
-                [name, value] = l.split('=', 1)
-                vals[name] = value
-            except ValueError as e:
-                logger.info(self.ifname + ": Ignore unexpected MIB line: " + l)
-        return vals
-
-    def p2p_dev_addr(self):
-        return self.get_status_field("p2p_device_address")
-
-    def p2p_interface_addr(self):
-        return self.get_group_status_field("address")
-
-    def own_addr(self):
-        try:
-            res = self.p2p_interface_addr()
-        except:
-            res = self.p2p_dev_addr()
-        return res
-
-    def get_addr(self, group=False):
-        dev_addr = self.own_addr()
-        if not group:
-            addr = self.get_status_field('address')
-            if addr:
-                dev_addr = addr
-
-        return dev_addr
-
-    def p2p_listen(self):
-        return self.global_request("P2P_LISTEN")
-
-    def p2p_ext_listen(self, period, interval):
-        return self.global_request("P2P_EXT_LISTEN %d %d" % (period, interval))
-
-    def p2p_cancel_ext_listen(self):
-        return self.global_request("P2P_EXT_LISTEN")
-
-    def p2p_find(self, social=False, progressive=False, dev_id=None,
-                 dev_type=None, delay=None, freq=None):
-        cmd = "P2P_FIND"
-        if social:
-            cmd = cmd + " type=social"
-        elif progressive:
-            cmd = cmd + " type=progressive"
-        if dev_id:
-            cmd = cmd + " dev_id=" + dev_id
-        if dev_type:
-            cmd = cmd + " dev_type=" + dev_type
-        if delay:
-            cmd = cmd + " delay=" + str(delay)
-        if freq:
-            cmd = cmd + " freq=" + str(freq)
-        return self.global_request(cmd)
-
-    def p2p_stop_find(self):
-        return self.global_request("P2P_STOP_FIND")
-
-    def wps_read_pin(self):
-        self.pin = self.request("WPS_PIN get").rstrip("\n")
-        if "FAIL" in self.pin:
-            raise Exception("Could not generate PIN")
-        return self.pin
-
-    def peer_known(self, peer, full=True):
-        res = self.global_request("P2P_PEER " + peer)
-        if peer.lower() not in res.lower():
-            return False
-        if not full:
-            return True
-        return "[PROBE_REQ_ONLY]" not in res
-
-    def discover_peer(self, peer, full=True, timeout=15, social=True,
-                      force_find=False, freq=None):
-        logger.info(self.ifname + ": Trying to discover peer " + peer)
-        if not force_find and self.peer_known(peer, full):
-            return True
-        self.p2p_find(social, freq=freq)
-        count = 0
-        while count < timeout * 4:
-            time.sleep(0.25)
-            count = count + 1
-            if self.peer_known(peer, full):
-                return True
-        return False
-
-    def get_peer(self, peer):
-        res = self.global_request("P2P_PEER " + peer)
-        if peer.lower() not in res.lower():
-            raise Exception("Peer information not available")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            if '=' in l:
-                [name, value] = l.split('=', 1)
-                vals[name] = value
-        return vals
-
-    def group_form_result(self, ev, expect_failure=False, go_neg_res=None):
-        if expect_failure:
-            if "P2P-GROUP-STARTED" in ev:
-                raise Exception("Group formation succeeded when expecting failure")
-            exp = r'<.>(P2P-GO-NEG-FAILURE) status=([0-9]*)'
-            s = re.split(exp, ev)
-            if len(s) < 3:
-                return None
-            res = {}
-            res['result'] = 'go-neg-failed'
-            res['status'] = int(s[2])
-            return res
-
-        if "P2P-GROUP-STARTED" not in ev:
-            raise Exception("No P2P-GROUP-STARTED event seen")
-
-        exp = r'<.>(P2P-GROUP-STARTED) ([^ ]*) ([^ ]*) ssid="(.*)" freq=([0-9]*) ((?:psk=.*)|(?:passphrase=".*")) go_dev_addr=([0-9a-f:]*) ip_addr=([0-9.]*) ip_mask=([0-9.]*) go_ip_addr=([0-9.]*)'
-        s = re.split(exp, ev)
-        if len(s) < 11:
-            exp = r'<.>(P2P-GROUP-STARTED) ([^ ]*) ([^ ]*) ssid="(.*)" freq=([0-9]*) ((?:psk=.*)|(?:passphrase=".*")) go_dev_addr=([0-9a-f:]*)'
-            s = re.split(exp, ev)
-            if len(s) < 8:
-                raise Exception("Could not parse P2P-GROUP-STARTED")
-        res = {}
-        res['result'] = 'success'
-        res['ifname'] = s[2]
-        self.group_ifname = s[2]
-        try:
-            if self.hostname is None:
-                self.gctrl_mon = wpaspy.Ctrl(os.path.join(wpas_ctrl,
-                                                          self.group_ifname))
-            else:
-                port = self.get_ctrl_iface_port(self.group_ifname)
-                self.gctrl_mon = wpaspy.Ctrl(self.hostname, port)
-            if self.monitor:
-                self.gctrl_mon.attach()
-        except:
-            logger.debug("Could not open monitor socket for group interface")
-            self.gctrl_mon = None
-        res['role'] = s[3]
-        res['ssid'] = s[4]
-        res['freq'] = s[5]
-        if "[PERSISTENT]" in ev:
-            res['persistent'] = True
-        else:
-            res['persistent'] = False
-        p = re.match(r'psk=([0-9a-f]*)', s[6])
-        if p:
-            res['psk'] = p.group(1)
-        p = re.match(r'passphrase="(.*)"', s[6])
-        if p:
-            res['passphrase'] = p.group(1)
-        res['go_dev_addr'] = s[7]
-
-        if len(s) > 8 and len(s[8]) > 0 and "[PERSISTENT]" not in s[8]:
-            res['ip_addr'] = s[8]
-        if len(s) > 9:
-            res['ip_mask'] = s[9]
-        if len(s) > 10:
-            res['go_ip_addr'] = s[10]
-
-        if go_neg_res:
-            exp = r'<.>(P2P-GO-NEG-SUCCESS) role=(GO|client) freq=([0-9]*)'
-            s = re.split(exp, go_neg_res)
-            if len(s) < 4:
-                raise Exception("Could not parse P2P-GO-NEG-SUCCESS")
-            res['go_neg_role'] = s[2]
-            res['go_neg_freq'] = s[3]
-
-        return res
-
-    def p2p_go_neg_auth(self, peer, pin, method, go_intent=None,
-                        persistent=False, freq=None, freq2=None,
-                        max_oper_chwidth=None, ht40=False, vht=False):
-        if not self.discover_peer(peer):
-            raise Exception("Peer " + peer + " not found")
-        self.dump_monitor()
-        if pin:
-            cmd = "P2P_CONNECT " + peer + " " + pin + " " + method + " auth"
-        else:
-            cmd = "P2P_CONNECT " + peer + " " + method + " auth"
-        if go_intent:
-            cmd = cmd + ' go_intent=' + str(go_intent)
-        if freq:
-            cmd = cmd + ' freq=' + str(freq)
-        if freq2:
-            cmd = cmd + ' freq2=' + str(freq2)
-        if max_oper_chwidth:
-            cmd = cmd + ' max_oper_chwidth=' + str(max_oper_chwidth)
-        if ht40:
-            cmd = cmd + ' ht40'
-        if vht:
-            cmd = cmd + ' vht'
-        if persistent:
-            cmd = cmd + " persistent"
-        if "OK" in self.global_request(cmd):
-            return None
-        raise Exception("P2P_CONNECT (auth) failed")
-
-    def p2p_go_neg_auth_result(self, timeout=None, expect_failure=False):
-        if timeout is None:
-            timeout = 1 if expect_failure else 5
-        go_neg_res = None
-        ev = self.wait_global_event(["P2P-GO-NEG-SUCCESS",
-                                     "P2P-GO-NEG-FAILURE"], timeout)
-        if ev is None:
-            if expect_failure:
-                return None
-            raise Exception("Group formation timed out")
-        if "P2P-GO-NEG-SUCCESS" in ev:
-            go_neg_res = ev
-            ev = self.wait_global_event(["P2P-GROUP-STARTED"], timeout)
-            if ev is None:
-                if expect_failure:
-                    return None
-                raise Exception("Group formation timed out")
-        self.dump_monitor()
-        return self.group_form_result(ev, expect_failure, go_neg_res)
-
-    def p2p_go_neg_init(self, peer, pin, method, timeout=0, go_intent=None,
-                        expect_failure=False, persistent=False,
-                        persistent_id=None, freq=None, provdisc=False,
-                        wait_group=True, freq2=None, max_oper_chwidth=None,
-                        ht40=False, vht=False):
-        if not self.discover_peer(peer):
-            raise Exception("Peer " + peer + " not found")
-        self.dump_monitor()
-        if pin:
-            cmd = "P2P_CONNECT " + peer + " " + pin + " " + method
-        else:
-            cmd = "P2P_CONNECT " + peer + " " + method
-        if go_intent is not None:
-            cmd = cmd + ' go_intent=' + str(go_intent)
-        if freq:
-            cmd = cmd + ' freq=' + str(freq)
-        if freq2:
-            cmd = cmd + ' freq2=' + str(freq2)
-        if max_oper_chwidth:
-            cmd = cmd + ' max_oper_chwidth=' + str(max_oper_chwidth)
-        if ht40:
-            cmd = cmd + ' ht40'
-        if vht:
-            cmd = cmd + ' vht'
-        if persistent:
-            cmd = cmd + " persistent"
-        elif persistent_id:
-            cmd = cmd + " persistent=" + persistent_id
-        if provdisc:
-            cmd = cmd + " provdisc"
-        if "OK" in self.global_request(cmd):
-            if timeout == 0:
-                return None
-            go_neg_res = None
-            ev = self.wait_global_event(["P2P-GO-NEG-SUCCESS",
-                                         "P2P-GO-NEG-FAILURE"], timeout)
-            if ev is None:
-                if expect_failure:
-                    return None
-                raise Exception("Group formation timed out")
-            if "P2P-GO-NEG-SUCCESS" in ev:
-                if not wait_group:
-                    return ev
-                go_neg_res = ev
-                ev = self.wait_global_event(["P2P-GROUP-STARTED"], timeout)
-                if ev is None:
-                    if expect_failure:
-                        return None
-                    raise Exception("Group formation timed out")
-            self.dump_monitor()
-            return self.group_form_result(ev, expect_failure, go_neg_res)
-        raise Exception("P2P_CONNECT failed")
-
-    def _wait_event(self, mon, pfx, events, timeout):
-        if not isinstance(events, list):
-            raise Exception("WpaSupplicant._wait_event() called with incorrect events argument type")
-        start = os.times()[4]
-        while True:
-            while mon.pending():
-                ev = mon.recv()
-                logger.debug(self.dbg + pfx + ev)
-                for event in events:
-                    if event in ev:
-                        return ev
-            now = os.times()[4]
-            remaining = start + timeout - now
-            if remaining <= 0:
-                break
-            if not mon.pending(timeout=remaining):
-                break
-        return None
-
-    def wait_event(self, events, timeout=10):
-        return self._wait_event(self.mon, ": ", events, timeout)
-
-    def wait_global_event(self, events, timeout):
-        if self.global_iface is None:
-            return self.wait_event(events, timeout)
-        return self._wait_event(self.global_mon, "(global): ",
-                                events, timeout)
-
-    def wait_group_event(self, events, timeout=10):
-        if not isinstance(events, list):
-            raise Exception("WpaSupplicant.wait_group_event() called with incorrect events argument type")
-        if self.group_ifname and self.group_ifname != self.ifname:
-            if self.gctrl_mon is None:
-                return None
-            start = os.times()[4]
-            while True:
-                while self.gctrl_mon.pending():
-                    ev = self.gctrl_mon.recv()
-                    logger.debug(self.group_dbg + "(group): " + ev)
-                    for event in events:
-                        if event in ev:
-                            return ev
-                now = os.times()[4]
-                remaining = start + timeout - now
-                if remaining <= 0:
-                    break
-                if not self.gctrl_mon.pending(timeout=remaining):
-                    break
-            return None
-
-        return self.wait_event(events, timeout)
-
-    def wait_go_ending_session(self):
-        self.close_monitor_group()
-        timeout = 3 if self.hostname is None else 10
-        ev = self.wait_global_event(["P2P-GROUP-REMOVED"], timeout=timeout)
-        if ev is None:
-            raise Exception("Group removal event timed out")
-        if "reason=GO_ENDING_SESSION" not in ev:
-            raise Exception("Unexpected group removal reason")
-
-    def dump_monitor(self, mon=True, global_mon=True):
-        count_iface = 0
-        count_global = 0
-        while mon and self.monitor and self.mon.pending():
-            ev = self.mon.recv()
-            logger.debug(self.dbg + ": " + ev)
-            count_iface += 1
-        while global_mon and self.monitor and self.global_mon and self.global_mon.pending():
-            ev = self.global_mon.recv()
-            logger.debug(self.global_dbg + self.ifname + "(global): " + ev)
-            count_global += 1
-        return (count_iface, count_global)
-
-    def remove_group(self, ifname=None):
-        self.close_monitor_group()
-        if ifname is None:
-            ifname = self.group_ifname if self.group_ifname else self.ifname
-        if "OK" not in self.global_request("P2P_GROUP_REMOVE " + ifname):
-            raise Exception("Group could not be removed")
-        self.group_ifname = None
-
-    def p2p_start_go(self, persistent=None, freq=None, no_event_clear=False):
-        self.dump_monitor()
-        cmd = "P2P_GROUP_ADD"
-        if persistent is None:
-            pass
-        elif persistent is True:
-            cmd = cmd + " persistent"
-        else:
-            cmd = cmd + " persistent=" + str(persistent)
-        if freq:
-            cmd = cmd + " freq=" + str(freq)
-        if "OK" in self.global_request(cmd):
-            ev = self.wait_global_event(["P2P-GROUP-STARTED"], timeout=5)
-            if ev is None:
-                raise Exception("GO start up timed out")
-            if not no_event_clear:
-                self.dump_monitor()
-            return self.group_form_result(ev)
-        raise Exception("P2P_GROUP_ADD failed")
-
-    def p2p_go_authorize_client(self, pin):
-        cmd = "WPS_PIN any " + pin
-        if "FAIL" in self.group_request(cmd):
-            raise Exception("Failed to authorize client connection on GO")
-        return None
-
-    def p2p_go_authorize_client_pbc(self):
-        cmd = "WPS_PBC"
-        if "FAIL" in self.group_request(cmd):
-            raise Exception("Failed to authorize client connection on GO")
-        return None
-
-    def p2p_connect_group(self, go_addr, pin, timeout=0, social=False,
-                          freq=None):
-        self.dump_monitor()
-        if not self.discover_peer(go_addr, social=social, freq=freq):
-            if social or not self.discover_peer(go_addr, social=social):
-                raise Exception("GO " + go_addr + " not found")
-        self.p2p_stop_find()
-        self.dump_monitor()
-        cmd = "P2P_CONNECT " + go_addr + " " + pin + " join"
-        if freq:
-            cmd += " freq=" + str(freq)
-        if "OK" in self.global_request(cmd):
-            if timeout == 0:
-                self.dump_monitor()
-                return None
-            ev = self.wait_global_event(["P2P-GROUP-STARTED",
-                                         "P2P-GROUP-FORMATION-FAILURE"],
-                                        timeout)
-            if ev is None:
-                raise Exception("Joining the group timed out")
-            if "P2P-GROUP-STARTED" not in ev:
-                raise Exception("Failed to join the group")
-            self.dump_monitor()
-            return self.group_form_result(ev)
-        raise Exception("P2P_CONNECT(join) failed")
-
-    def tdls_setup(self, peer):
-        cmd = "TDLS_SETUP " + peer
-        if "FAIL" in self.group_request(cmd):
-            raise Exception("Failed to request TDLS setup")
-        return None
-
-    def tdls_teardown(self, peer):
-        cmd = "TDLS_TEARDOWN " + peer
-        if "FAIL" in self.group_request(cmd):
-            raise Exception("Failed to request TDLS teardown")
-        return None
-
-    def tdls_link_status(self, peer):
-        cmd = "TDLS_LINK_STATUS " + peer
-        ret = self.group_request(cmd)
-        if "FAIL" in ret:
-            raise Exception("Failed to request TDLS link status")
-        return ret
-
-    def tspecs(self):
-        """Return (tsid, up) tuples representing current tspecs"""
-        res = self.request("WMM_AC_STATUS")
-        tspecs = re.findall(r"TSID=(\d+) UP=(\d+)", res)
-        tspecs = [tuple(map(int, tspec)) for tspec in tspecs]
-
-        logger.debug("tspecs: " + str(tspecs))
-        return tspecs
-
-    def add_ts(self, tsid, up, direction="downlink", expect_failure=False,
-               extra=None):
-        params = {
-            "sba": 9000,
-            "nominal_msdu_size": 1500,
-            "min_phy_rate": 6000000,
-            "mean_data_rate": 1500,
-        }
-        cmd = "WMM_AC_ADDTS %s tsid=%d up=%d" % (direction, tsid, up)
-        for (key, value) in params.items():
-            cmd += " %s=%d" % (key, value)
-        if extra:
-            cmd += " " + extra
-
-        if self.request(cmd).strip() != "OK":
-            raise Exception("ADDTS failed (tsid=%d up=%d)" % (tsid, up))
-
-        if expect_failure:
-            ev = self.wait_event(["TSPEC-REQ-FAILED"], timeout=2)
-            if ev is None:
-                raise Exception("ADDTS failed (time out while waiting failure)")
-            if "tsid=%d" % (tsid) not in ev:
-                raise Exception("ADDTS failed (invalid tsid in TSPEC-REQ-FAILED")
-            return
-
-        ev = self.wait_event(["TSPEC-ADDED"], timeout=1)
-        if ev is None:
-            raise Exception("ADDTS failed (time out)")
-        if "tsid=%d" % (tsid) not in ev:
-            raise Exception("ADDTS failed (invalid tsid in TSPEC-ADDED)")
-
-        if (tsid, up) not in self.tspecs():
-            raise Exception("ADDTS failed (tsid not in tspec list)")
-
-    def del_ts(self, tsid):
-        if self.request("WMM_AC_DELTS %d" % (tsid)).strip() != "OK":
-            raise Exception("DELTS failed")
-
-        ev = self.wait_event(["TSPEC-REMOVED"], timeout=1)
-        if ev is None:
-            raise Exception("DELTS failed (time out)")
-        if "tsid=%d" % (tsid) not in ev:
-            raise Exception("DELTS failed (invalid tsid in TSPEC-REMOVED)")
-
-        tspecs = [(t, u) for (t, u) in self.tspecs() if t == tsid]
-        if tspecs:
-            raise Exception("DELTS failed (still in tspec list)")
-
-    def connect(self, ssid=None, ssid2=None, **kwargs):
-        logger.info("Connect STA " + self.ifname + " to AP")
-        id = self.add_network()
-        if ssid:
-            self.set_network_quoted(id, "ssid", ssid)
-        elif ssid2:
-            self.set_network(id, "ssid", ssid2)
-
-        quoted = ["psk", "identity", "anonymous_identity", "password",
-                  "machine_identity", "machine_password",
-                  "ca_cert", "client_cert", "private_key",
-                  "private_key_passwd", "ca_cert2", "client_cert2",
-                  "private_key2", "phase1", "phase2", "domain_suffix_match",
-                  "altsubject_match", "subject_match", "pac_file", "dh_file",
-                  "bgscan", "ht_mcs", "id_str", "openssl_ciphers",
-                  "domain_match", "dpp_connector", "sae_password",
-                  "sae_password_id", "check_cert_subject",
-                  "machine_ca_cert", "machine_client_cert",
-                  "machine_private_key", "machine_phase2"]
-        for field in quoted:
-            if field in kwargs and kwargs[field]:
-                self.set_network_quoted(id, field, kwargs[field])
-
-        not_quoted = ["proto", "key_mgmt", "ieee80211w", "pairwise",
-                      "group", "wep_key0", "wep_key1", "wep_key2", "wep_key3",
-                      "wep_tx_keyidx", "scan_freq", "freq_list", "eap",
-                      "eapol_flags", "fragment_size", "scan_ssid", "auth_alg",
-                      "wpa_ptk_rekey", "disable_ht", "disable_vht", "bssid",
-                      "disable_he",
-                      "disable_max_amsdu", "ampdu_factor", "ampdu_density",
-                      "disable_ht40", "disable_sgi", "disable_ldpc",
-                      "ht40_intolerant", "update_identifier", "mac_addr",
-                      "erp", "bg_scan_period", "bssid_ignore",
-                      "bssid_accept", "mem_only_psk", "eap_workaround",
-                      "engine", "fils_dh_group", "bssid_hint",
-                      "dpp_csign", "dpp_csign_expiry",
-                      "dpp_netaccesskey", "dpp_netaccesskey_expiry", "dpp_pfs",
-                      "group_mgmt", "owe_group", "owe_only",
-                      "owe_ptk_workaround",
-                      "transition_disable", "sae_pk",
-                      "roaming_consortium_selection", "ocv",
-                      "multi_ap_backhaul_sta", "rx_stbc", "tx_stbc",
-                      "ft_eap_pmksa_caching", "beacon_prot",
-                      "wpa_deny_ptk0_rekey"]
-        for field in not_quoted:
-            if field in kwargs and kwargs[field]:
-                self.set_network(id, field, kwargs[field])
-
-        known_args = {"raw_psk", "password_hex", "peerkey", "okc", "ocsp",
-                      "only_add_network", "wait_connect"}
-        unknown = set(kwargs.keys())
-        unknown -= set(quoted)
-        unknown -= set(not_quoted)
-        unknown -= known_args
-        if unknown:
-            raise Exception("Unknown WpaSupplicant::connect() arguments: " + str(unknown))
-
-        if "raw_psk" in kwargs and kwargs['raw_psk']:
-            self.set_network(id, "psk", kwargs['raw_psk'])
-        if "password_hex" in kwargs and kwargs['password_hex']:
-            self.set_network(id, "password", kwargs['password_hex'])
-        if "peerkey" in kwargs and kwargs['peerkey']:
-            self.set_network(id, "peerkey", "1")
-        if "okc" in kwargs and kwargs['okc']:
-            self.set_network(id, "proactive_key_caching", "1")
-        if "ocsp" in kwargs and kwargs['ocsp']:
-            self.set_network(id, "ocsp", str(kwargs['ocsp']))
-        if "only_add_network" in kwargs and kwargs['only_add_network']:
-            return id
-        if "wait_connect" not in kwargs or kwargs['wait_connect']:
-            if "eap" in kwargs:
-                self.connect_network(id, timeout=20)
-            else:
-                self.connect_network(id)
-        else:
-            self.dump_monitor()
-            self.select_network(id)
-        return id
-
-    def scan(self, type=None, freq=None, no_wait=False, only_new=False,
-             passive=False):
-        if not no_wait:
-            self.dump_monitor()
-        if type:
-            cmd = "SCAN TYPE=" + type
-        else:
-            cmd = "SCAN"
-        if freq:
-            cmd = cmd + " freq=" + str(freq)
-        if only_new:
-            cmd += " only_new=1"
-        if passive:
-            cmd += " passive=1"
-        if not no_wait:
-            self.dump_monitor()
-        res = self.request(cmd)
-        if "OK" not in res:
-            raise Exception("Failed to trigger scan: " + str(res))
-        if no_wait:
-            return
-        ev = self.wait_event(["CTRL-EVENT-SCAN-RESULTS",
-                              "CTRL-EVENT-SCAN-FAILED"], 15)
-        if ev is None:
-            raise Exception("Scan timed out")
-        if "CTRL-EVENT-SCAN-FAILED" in ev:
-            raise Exception("Scan failed: " + ev)
-
-    def scan_for_bss(self, bssid, freq=None, force_scan=False, only_new=False,
-                     passive=False):
-        if not force_scan and self.get_bss(bssid) is not None:
-            return
-        for i in range(0, 10):
-            self.scan(freq=freq, type="ONLY", only_new=only_new,
-                      passive=passive)
-            if self.get_bss(bssid) is not None:
-                return
-        raise Exception("Could not find BSS " + bssid + " in scan")
-
-    def flush_scan_cache(self, freq=2417):
-        self.request("BSS_FLUSH 0")
-        self.scan(freq=freq, only_new=True)
-        res = self.request("SCAN_RESULTS")
-        if len(res.splitlines()) > 1:
-            logger.debug("Scan results remaining after first attempt to flush the results:\n" + res)
-            self.request("BSS_FLUSH 0")
-            self.scan(freq=2422, only_new=True)
-            res = self.request("SCAN_RESULTS")
-            if len(res.splitlines()) > 1:
-                logger.info("flush_scan_cache: Could not clear all BSS entries. These remain:\n" + res)
-
-    def disconnect_and_stop_scan(self):
-        self.request("DISCONNECT")
-        res = self.request("ABORT_SCAN")
-        for i in range(2 if "OK" in res else 1):
-                self.wait_event(["CTRL-EVENT-DISCONNECTED",
-                                 "CTRL-EVENT-SCAN-RESULTS"], timeout=0.5)
-        self.dump_monitor()
-
-    def roam(self, bssid, fail_test=False, assoc_reject_ok=False,
-             check_bssid=True):
-        self.dump_monitor()
-        if "OK" not in self.request("ROAM " + bssid):
-            raise Exception("ROAM failed")
-        if fail_test:
-            if assoc_reject_ok:
-                ev = self.wait_event(["CTRL-EVENT-CONNECTED",
-                                      "CTRL-EVENT-DISCONNECTED",
-                                      "CTRL-EVENT-ASSOC-REJECT"], timeout=1)
-            else:
-                ev = self.wait_event(["CTRL-EVENT-CONNECTED",
-                                      "CTRL-EVENT-DISCONNECTED"], timeout=1)
-            if ev and "CTRL-EVENT-DISCONNECTED" in ev:
-                self.dump_monitor()
-                return
-            if ev is not None and "CTRL-EVENT-ASSOC-REJECT" not in ev:
-                raise Exception("Unexpected connection")
-            self.dump_monitor()
-            return
-        if assoc_reject_ok:
-            ev = self.wait_event(["CTRL-EVENT-CONNECTED",
-                                  "CTRL-EVENT-DISCONNECTED"], timeout=10)
-        else:
-            ev = self.wait_event(["CTRL-EVENT-CONNECTED",
-                                      "CTRL-EVENT-DISCONNECTED",
-                                  "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-        if ev is None:
-            raise Exception("Roaming with the AP timed out")
-        if "CTRL-EVENT-ASSOC-REJECT" in ev:
-            raise Exception("Roaming association rejected")
-        if "CTRL-EVENT-DISCONNECTED" in ev:
-            raise Exception("Unexpected disconnection when waiting for roam to complete")
-        self.dump_monitor()
-        if check_bssid and self.get_status_field('bssid') != bssid:
-            raise Exception("Did not roam to correct BSSID")
-
-    def roam_over_ds(self, bssid, fail_test=False):
-        self.dump_monitor()
-        if "OK" not in self.request("FT_DS " + bssid):
-            raise Exception("FT_DS failed")
-        if fail_test:
-            ev = self.wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
-            if ev is not None:
-                raise Exception("Unexpected connection")
-            self.dump_monitor()
-            return
-        ev = self.wait_event(["CTRL-EVENT-CONNECTED",
-                              "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
-        if ev is None:
-            raise Exception("Roaming with the AP timed out")
-        if "CTRL-EVENT-ASSOC-REJECT" in ev:
-            raise Exception("Roaming association rejected")
-        self.dump_monitor()
-
-    def wps_reg(self, bssid, pin, new_ssid=None, key_mgmt=None, cipher=None,
-                new_passphrase=None, no_wait=False):
-        self.dump_monitor()
-        if new_ssid:
-            self.request("WPS_REG " + bssid + " " + pin + " " +
-                         binascii.hexlify(new_ssid.encode()).decode() + " " +
-                         key_mgmt + " " + cipher + " " +
-                         binascii.hexlify(new_passphrase.encode()).decode())
-            if no_wait:
-                return
-            ev = self.wait_event(["WPS-SUCCESS"], timeout=15)
-        else:
-            self.request("WPS_REG " + bssid + " " + pin)
-            if no_wait:
-                return
-            ev = self.wait_event(["WPS-CRED-RECEIVED"], timeout=15)
-            if ev is None:
-                raise Exception("WPS cred timed out")
-            ev = self.wait_event(["WPS-FAIL"], timeout=15)
-        if ev is None:
-            raise Exception("WPS timed out")
-        self.wait_connected(timeout=15)
-
-    def relog(self):
-        self.global_request("RELOG")
-
-    def wait_completed(self, timeout=10):
-        for i in range(0, timeout * 2):
-            if self.get_status_field("wpa_state") == "COMPLETED":
-                return
-            time.sleep(0.5)
-        raise Exception("Timeout while waiting for COMPLETED state")
-
-    def get_capability(self, field):
-        res = self.request("GET_CAPABILITY " + field)
-        if "FAIL" in res:
-            return None
-        return res.split(' ')
-
-    def get_bss(self, bssid, ifname=None):
-        if not ifname or ifname == self.ifname:
-            res = self.request("BSS " + bssid)
-        elif ifname == self.group_ifname:
-            res = self.group_request("BSS " + bssid)
-        else:
-            return None
-
-        if "FAIL" in res:
-            return None
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            [name, value] = l.split('=', 1)
-            vals[name] = value
-        if len(vals) == 0:
-            return None
-        return vals
-
-    def get_pmksa(self, bssid):
-        res = self.request("PMKSA")
-        lines = res.splitlines()
-        for l in lines:
-            if bssid not in l:
-                continue
-            vals = dict()
-            try:
-                [index, aa, pmkid, expiration, opportunistic] = l.split(' ')
-                cache_id = None
-            except ValueError:
-                [index, aa, pmkid, expiration, opportunistic, cache_id] = l.split(' ')
-            vals['index'] = index
-            vals['pmkid'] = pmkid
-            vals['expiration'] = expiration
-            vals['opportunistic'] = opportunistic
-            if cache_id != None:
-                vals['cache_id'] = cache_id
-            return vals
-        return None
-
-    def get_pmk(self, network_id):
-        bssid = self.get_status_field('bssid')
-        res = self.request("PMKSA_GET %d" % network_id)
-        for val in res.splitlines():
-            if val.startswith(bssid):
-                return val.split(' ')[2]
-        return None
-
-    def get_sta(self, addr, info=None, next=False):
-        cmd = "STA-NEXT " if next else "STA "
-        if addr is None:
-            res = self.request("STA-FIRST")
-        elif info:
-            res = self.request(cmd + addr + " " + info)
-        else:
-            res = self.request(cmd + addr)
-        lines = res.splitlines()
-        vals = dict()
-        first = True
-        for l in lines:
-            if first:
-                vals['addr'] = l
-                first = False
-            else:
-                [name, value] = l.split('=', 1)
-                vals[name] = value
-        return vals
-
-    def mgmt_rx(self, timeout=5):
-        ev = self.wait_event(["MGMT-RX"], timeout=timeout)
-        if ev is None:
-            return None
-        msg = {}
-        items = ev.split(' ')
-        field, val = items[1].split('=')
-        if field != "freq":
-            raise Exception("Unexpected MGMT-RX event format: " + ev)
-        msg['freq'] = val
-
-        field, val = items[2].split('=')
-        if field != "datarate":
-            raise Exception("Unexpected MGMT-RX event format: " + ev)
-        msg['datarate'] = val
-
-        field, val = items[3].split('=')
-        if field != "ssi_signal":
-            raise Exception("Unexpected MGMT-RX event format: " + ev)
-        msg['ssi_signal'] = val
-
-        frame = binascii.unhexlify(items[4])
-        msg['frame'] = frame
-
-        hdr = struct.unpack('<HH6B6B6BH', frame[0:24])
-        msg['fc'] = hdr[0]
-        msg['subtype'] = (hdr[0] >> 4) & 0xf
-        hdr = hdr[1:]
-        msg['duration'] = hdr[0]
-        hdr = hdr[1:]
-        msg['da'] = "%02x:%02x:%02x:%02x:%02x:%02x" % hdr[0:6]
-        hdr = hdr[6:]
-        msg['sa'] = "%02x:%02x:%02x:%02x:%02x:%02x" % hdr[0:6]
-        hdr = hdr[6:]
-        msg['bssid'] = "%02x:%02x:%02x:%02x:%02x:%02x" % hdr[0:6]
-        hdr = hdr[6:]
-        msg['seq_ctrl'] = hdr[0]
-        msg['payload'] = frame[24:]
-
-        return msg
-
-    def wait_connected(self, timeout=10, error="Connection timed out"):
-        ev = self.wait_event(["CTRL-EVENT-CONNECTED"], timeout=timeout)
-        if ev is None:
-            raise Exception(error)
-        return ev
-
-    def wait_disconnected(self, timeout=None, error="Disconnection timed out"):
-        if timeout is None:
-            timeout = 10 if self.hostname is None else 30
-        ev = self.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=timeout)
-        if ev is None:
-            raise Exception(error)
-        return ev
-
-    def get_group_ifname(self):
-        return self.group_ifname if self.group_ifname else self.ifname
-
-    def get_config(self):
-        res = self.request("DUMP")
-        if res.startswith("FAIL"):
-            raise Exception("DUMP failed")
-        lines = res.splitlines()
-        vals = dict()
-        for l in lines:
-            [name, value] = l.split('=', 1)
-            vals[name] = value
-        return vals
-
-    def asp_provision(self, peer, adv_id, adv_mac, session_id, session_mac,
-                      method="1000", info="", status=None, cpt=None, role=None):
-        if status is None:
-            cmd = "P2P_ASP_PROVISION"
-            params = "info='%s' method=%s" % (info, method)
-        else:
-            cmd = "P2P_ASP_PROVISION_RESP"
-            params = "status=%d" % status
-
-        if role is not None:
-            params += " role=" + role
-        if cpt is not None:
-            params += " cpt=" + cpt
-
-        if "OK" not in self.global_request("%s %s adv_id=%s adv_mac=%s session=%d session_mac=%s %s" %
-                                           (cmd, peer, adv_id, adv_mac, session_id, session_mac, params)):
-            raise Exception("%s request failed" % cmd)
-
-    def note(self, txt):
-        self.request("NOTE " + txt)
-
-    def save_config(self):
-        if "OK" not in self.request("SAVE_CONFIG"):
-            raise Exception("Failed to save configuration file")
-
-    def wait_regdom(self, country_ie=False):
-        for i in range(5):
-            ev = self.wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
-            if ev is None:
-                break
-            if country_ie:
-                if "init=COUNTRY_IE" in ev:
-                    break
-            else:
-                break
-
-    def dpp_qr_code(self, uri):
-        res = self.request("DPP_QR_CODE " + uri)
-        if "FAIL" in res:
-            raise Exception("Failed to parse QR Code URI")
-        return int(res)
-
-    def dpp_nfc_uri(self, uri):
-        res = self.request("DPP_NFC_URI " + uri)
-        if "FAIL" in res:
-            raise Exception("Failed to parse NFC URI")
-        return int(res)
-
-    def dpp_bootstrap_gen(self, type="qrcode", chan=None, mac=None, info=None,
-                          curve=None, key=None):
-        cmd = "DPP_BOOTSTRAP_GEN type=" + type
-        if chan:
-            cmd += " chan=" + chan
-        if mac:
-            if mac is True:
-                mac = self.own_addr()
-            cmd += " mac=" + mac.replace(':', '')
-        if info:
-            cmd += " info=" + info
-        if curve:
-            cmd += " curve=" + curve
-        if key:
-            cmd += " key=" + key
-        res = self.request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to generate bootstrapping info")
-        return int(res)
-
-    def dpp_bootstrap_set(self, id, conf=None, configurator=None, ssid=None,
-                          extra=None):
-        cmd = "DPP_BOOTSTRAP_SET %d" % id
-        if ssid:
-            cmd += " ssid=" + binascii.hexlify(ssid.encode()).decode()
-        if extra:
-            cmd += " " + extra
-        if conf:
-            cmd += " conf=" + conf
-        if configurator is not None:
-            cmd += " configurator=%d" % configurator
-        if "OK" not in self.request(cmd):
-            raise Exception("Failed to set bootstrapping parameters")
-
-    def dpp_listen(self, freq, netrole=None, qr=None, role=None):
-        cmd = "DPP_LISTEN " + str(freq)
-        if netrole:
-            cmd += " netrole=" + netrole
-        if qr:
-            cmd += " qr=" + qr
-        if role:
-            cmd += " role=" + role
-        if "OK" not in self.request(cmd):
-            raise Exception("Failed to start listen operation")
-
-    def dpp_auth_init(self, peer=None, uri=None, conf=None, configurator=None,
-                      extra=None, own=None, role=None, neg_freq=None,
-                      ssid=None, passphrase=None, expect_fail=False,
-                      tcp_addr=None, tcp_port=None, conn_status=False,
-                      ssid_charset=None, nfc_uri=None, netrole=None,
-                      csrattrs=None):
-        cmd = "DPP_AUTH_INIT"
-        if peer is None:
-            if nfc_uri:
-                peer = self.dpp_nfc_uri(nfc_uri)
-            else:
-                peer = self.dpp_qr_code(uri)
-        cmd += " peer=%d" % peer
-        if own is not None:
-            cmd += " own=%d" % own
-        if role:
-            cmd += " role=" + role
-        if extra:
-            cmd += " " + extra
-        if conf:
-            cmd += " conf=" + conf
-        if configurator is not None:
-            cmd += " configurator=%d" % configurator
-        if neg_freq:
-            cmd += " neg_freq=%d" % neg_freq
-        if ssid:
-            cmd += " ssid=" + binascii.hexlify(ssid.encode()).decode()
-        if ssid_charset:
-            cmd += " ssid_charset=%d" % ssid_charset
-        if passphrase:
-            cmd += " pass=" + binascii.hexlify(passphrase.encode()).decode()
-        if tcp_addr:
-            cmd += " tcp_addr=" + tcp_addr
-        if tcp_port:
-            cmd += " tcp_port=" + tcp_port
-        if conn_status:
-            cmd += " conn_status=1"
-        if netrole:
-            cmd += " netrole=" + netrole
-        if csrattrs:
-            cmd += " csrattrs=" + csrattrs
-        res = self.request(cmd)
-        if expect_fail:
-            if "FAIL" not in res:
-                raise Exception("DPP authentication started unexpectedly")
-            return
-        if "OK" not in res:
-            raise Exception("Failed to initiate DPP Authentication")
-        return int(peer)
-
-    def dpp_pkex_init(self, identifier, code, role=None, key=None, curve=None,
-                      extra=None, use_id=None, allow_fail=False, v2=False):
-        if use_id is None:
-            id1 = self.dpp_bootstrap_gen(type="pkex", key=key, curve=curve)
-        else:
-            id1 = use_id
-        cmd = "own=%d " % id1
-        if identifier:
-            cmd += "identifier=%s " % identifier
-        if v2:
-            cmd += "init=2 "
-        else:
-            cmd += "init=1 "
-        if role:
-            cmd += "role=%s " % role
-        if extra:
-            cmd += extra + " "
-        cmd += "code=%s" % code
-        res = self.request("DPP_PKEX_ADD " + cmd)
-        if allow_fail:
-            return id1
-        if "FAIL" in res:
-            raise Exception("Failed to set PKEX data (initiator)")
-        return id1
-
-    def dpp_pkex_resp(self, freq, identifier, code, key=None, curve=None,
-                      listen_role=None, use_id=None):
-        if use_id is None:
-            id0 = self.dpp_bootstrap_gen(type="pkex", key=key, curve=curve)
-        else:
-            id0 = use_id
-        cmd = "own=%d " % id0
-        if identifier:
-            cmd += "identifier=%s " % identifier
-        cmd += "code=%s" % code
-        res = self.request("DPP_PKEX_ADD " + cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to set PKEX data (responder)")
-        self.dpp_listen(freq, role=listen_role)
-        return id0
-
-    def dpp_configurator_add(self, curve=None, key=None):
-        cmd = "DPP_CONFIGURATOR_ADD"
-        if curve:
-            cmd += " curve=" + curve
-        if key:
-            cmd += " key=" + key
-        res = self.request(cmd)
-        if "FAIL" in res:
-            raise Exception("Failed to add configurator")
-        return int(res)
-
-    def dpp_configurator_remove(self, conf_id):
-        res = self.request("DPP_CONFIGURATOR_REMOVE %d" % conf_id)
-        if "OK" not in res:
-            raise Exception("DPP_CONFIGURATOR_REMOVE failed")
-
-    def get_ptksa(self, bssid, cipher):
-        res = self.request("PTKSA_CACHE_LIST")
-        lines = res.splitlines()
-        for l in lines:
-            if bssid not in l or cipher not in l:
-                continue
-
-            vals = dict()
-            [index, addr, cipher, expiration, tk, kdk] = l.split(' ', 5)
-            vals['index'] = index
-            vals['addr'] = addr
-            vals['cipher'] = cipher
-            vals['expiration'] = expiration
-            vals['tk'] = tk
-            vals['kdk'] = kdk
-            return vals
-        return None
diff --git a/tests/hwsim/wps-ctrl-cred b/tests/hwsim/wps-ctrl-cred
deleted file mode 100644
index b02b783b8b58..000000000000
--- a/tests/hwsim/wps-ctrl-cred
+++ /dev/null
diff --git a/tests/hwsim/wps-ctrl-cred2 b/tests/hwsim/wps-ctrl-cred2
deleted file mode 100644
index 696a576f0012..000000000000
--- a/tests/hwsim/wps-ctrl-cred2
+++ /dev/null
diff --git a/tests/hwsim/wps-mixed-cred b/tests/hwsim/wps-mixed-cred
deleted file mode 100644
index fca2871fd210..000000000000
--- a/tests/hwsim/wps-mixed-cred
+++ /dev/null
diff --git a/tests/hwsim/wps-wep-cred b/tests/hwsim/wps-wep-cred
deleted file mode 100644
index 407cf4143ba1..000000000000
--- a/tests/hwsim/wps-wep-cred
+++ /dev/null
diff --git a/tests/remote/config.py b/tests/remote/config.py
deleted file mode 100644
index 1ac362ead3f3..000000000000
--- a/tests/remote/config.py
+++ /dev/null
@@ -1,87 +0,0 @@
-# Environment configuration
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-#
-# Currently static definition, in the future this could be a config file,
-# or even common database with host management.
-#
-
-import logging
-logger = logging.getLogger()
-
-#
-# You can put your settings in cfg.py file with setup_params, devices
-# definitions in the format as below. In other case HWSIM cfg will be used.
-#
-setup_params = {"setup_hw" : "./tests/setup_hw.sh",
-                "hostapd" : "./tests/hostapd-rt",
-                "wpa_supplicant" : "./tests/wpa_supplicant-rt",
-                "iperf" : "iperf",
-                "wlantest" : "./tests/wlantest",
-                "wlantest_cli" : "./tests/wlantest_cli",
-                "country" : "US",
-                "log_dir" : "/tmp/",
-                "ipv4_test_net" : "192.168.12.0",
-                "trace_start" : "./tests/trace_start.sh",
-                "trace_stop" : "./tests/trace_stop.sh",
-                "perf_start" : "./tests/perf_start.sh",
-                "perf_stop" : "./tests/perf_stop.sh"}
-
-#
-#devices = [{"hostname": "192.168.254.58", "ifname" : "wlan0", "port": "9877", "name" : "t2-ath9k", "flags" : "AP_HT40 STA_HT40"},
-#           {"hostname": "192.168.254.58", "ifname" : "wlan1", "port": "9877", "name" : "t2-ath10k", "flags" : "AP_VHT80"},
-#           {"hostname": "192.168.254.58", "ifname" : "wlan3", "port": "9877", "name" : "t2-intel7260", "flags" : "STA_VHT80"},
-#           {"hostname": "192.168.254.55", "ifname" : "wlan0, wlan1, wlan2", "port": "", "name" : "t3-monitor"},
-#           {"hostname": "192.168.254.50", "ifname" : "wlan0", "port": "9877", "name" : "t1-ath9k"},
-#           {"hostname": "192.168.254.50", "ifname" : "wlan1", "port": "9877", "name" : "t1-ath10k"}]
-
-#
-# HWSIM - ifaces available after modprobe mac80211_hwsim
-#
-devices = [{"hostname": "localhost", "ifname": "wlan0", "port": "9868", "name": "hwsim0", "flags": "AP_VHT80 STA_VHT80"},
-           {"hostname": "localhost", "ifname": "wlan1", "port": "9878", "name": "hwsim1", "flags": "AP_VHT80 STA_VHT80"},
-           {"hostname": "localhost", "ifname": "wlan2", "port": "9888", "name": "hwsim2", "flags": "AP_VHT80 STA_VHT80"},
-           {"hostname": "localhost", "ifname": "wlan3", "port": "9898", "name": "hwsim3", "flags": "AP_VHT80 STA_VHT80"},
-           {"hostname": "localhost", "ifname": "wlan4", "port": "9908", "name": "hwsim4", "flags": "AP_VHT80 STA_VHT80"}]
-
-
-def get_setup_params(filename="cfg.py"):
-    try:
-       mod = __import__(filename.split(".")[0])
-       return mod.setup_params
-    except:
-       logger.debug("__import__(" + filename + ") failed, using static settings")
-       pass
-    return setup_params
-
-def get_devices(filename="cfg.py"):
-    try:
-       mod = __import__(filename.split(".")[0])
-       return mod.devices
-    except:
-       logger.debug("__import__(" + filename + ") failed, using static settings")
-       pass
-    return devices
-
-def get_device(devices, name=None, flags=None, lock=False):
-    if name is None and flags is None:
-        raise Exception("Failed to get device")
-    word = name.split(":")
-    name = word[0]
-    for device in devices:
-        if device['name'] == name:
-            return device
-    for device in devices:
-        try:
-            device_flags = device['flags']
-            if device_flags.find(flags) != -1:
-                return device
-        except:
-            pass
-    raise Exception("Failed to get device " + name)
-
-def put_device(devices, name):
-    pass
diff --git a/tests/remote/hwsim_wrapper.py b/tests/remote/hwsim_wrapper.py
deleted file mode 100644
index 38f927f6e820..000000000000
--- a/tests/remote/hwsim_wrapper.py
+++ /dev/null
@@ -1,126 +0,0 @@
-# Hwsim wrapper
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import remotehost
-from wpasupplicant import WpaSupplicant
-import hostapd
-import config
-import rutils
-import monitor
-import traceback
-import wlantest
-
-import logging
-logger = logging.getLogger()
-
-def run_hwsim_test(devices, setup_params, refs, duts, monitors, hwsim_test):
-    try:
-        ref_hosts = []
-        dut_hosts = []
-        dev = []
-        apdev = []
-
-        # get hosts
-        for ref in refs:
-            ref_host = rutils.get_host(devices, ref)
-            ref_hosts.append(ref_host)
-        for dut in duts:
-            dut_host = rutils.get_host(devices, dut)
-            dut_hosts.append(dut_host)
-
-        # setup log dir
-        local_log_dir = setup_params['local_log_dir']
-
-        # setup hw before test
-        rutils.setup_hw(ref_hosts, setup_params)
-        rutils.setup_hw(dut_hosts, setup_params)
-
-        # run monitors if requested/possible
-        for ref_host in ref_hosts:
-            monitor.add(ref_host, monitors)
-            monitor.run(ref_host, setup_params)
-        for dut_host in dut_hosts:
-            monitor.add(dut_host, monitors)
-            monitor.run(dut_host, setup_params)
-
-        monitor_hosts = monitor.create(devices, setup_params, refs, duts,
-                                       monitors)
-        mon = None
-        if len(monitor_hosts) > 0:
-            mon = monitor_hosts[0]
-            wlantest.Wlantest.reset_remote_wlantest()
-            wlantest.Wlantest.register_remote_wlantest(mon, setup_params,
-                                                       monitor)
-
-        # run hostapd/wpa_supplicant
-        for ref_host in ref_hosts:
-            rutils.run_wpasupplicant(ref_host, setup_params)
-            wpas = WpaSupplicant(hostname=ref_host.host, global_iface="udp",
-                                 global_port=ref_host.port)
-            wpas.interface_add(ref_host.ifname)
-            dev.append(wpas)
-        for dut_host in dut_hosts:
-            rutils.run_hostapd(dut_host, setup_params)
-            dut_host.dev['bssid'] = rutils.get_mac_addr(dut_host)
-            apdev.append(dut_host.dev)
-
-        if hwsim_test.__code__.co_argcount == 1:
-            hwsim_test(dev)
-        elif hwsim_test.__code__.co_argcount == 2:
-            hwsim_test(dev, apdev)
-        else:
-            params = {}
-            params['long'] = 1
-            params['logdir'] = local_log_dir
-            hwsim_test(dev, apdev, params)
-
-       # hostapd/wpa_supplicant cleanup
-        for wpas in dev:
-            wpas.interface_remove(wpas.host.ifname)
-            wpas.terminate()
-        dev = []
-
-        # remove monitors
-        for ref_host in ref_hosts:
-            monitor.remove(ref_host)
-        for dut_host in dut_hosts:
-            monitor.remove(dut_host)
-
-        for ref_host in ref_hosts:
-            rutils.kill_wpasupplicant(ref_host, setup_params)
-            ref_host.get_logs(local_log_dir)
-        for dut_host in dut_hosts:
-            rutils.kill_hostapd(dut_host, setup_params)
-            dut_host.get_logs(local_log_dir)
-        if mon is not None:
-            wlantest.Wlantest.reset_remote_wlantest()
-            mon.get_logs(local_log_dir)
-
-        return ""
-    except:
-        logger.info(traceback.format_exc())
-        for wpas in dev:
-            try:
-                wpas.interface_remove(wpas.host.ifname)
-                wpas.terminate()
-            except:
-                pass
-
-        for ref_host in ref_hosts:
-            monitor.remove(ref_host)
-        for dut_host in dut_hosts:
-            monitor.remove(dut_host)
-
-        for ref_host in ref_hosts:
-            rutils.kill_wpasupplicant(ref_host, setup_params)
-            ref_host.get_logs(local_log_dir)
-        for dut_host in dut_hosts:
-            rutils.kill_hostapd(dut_host, setup_params)
-            dut_host.get_logs(local_log_dir)
-        if mon is not None:
-            wlantest.Wlantest.reset_remote_wlantest()
-            mon.get_logs(local_log_dir)
-        raise
diff --git a/tests/remote/monitor.py b/tests/remote/monitor.py
deleted file mode 100644
index 0f77d500bf30..000000000000
--- a/tests/remote/monitor.py
+++ /dev/null
@@ -1,193 +0,0 @@
-# Monitor support
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import time
-from remotehost import Host
-import config
-import rutils
-import re
-import traceback
-import logging
-logger = logging.getLogger()
-import hostapd
-
-# standalone monitor with multi iface support
-def create(devices, setup_params, refs, duts, monitors):
-    mons = []
-    mhosts = []
-    hosts = duts + refs
-
-    # choose only standalone monitors
-    for monitor in monitors:
-        if monitor not in hosts and monitor != "all":
-            mons.append(monitor)
-
-    for mon in mons:
-        word = mon.split(":")
-        dev = config.get_device(devices, word[0])
-        if dev is None:
-            continue
-
-        host = Host(host=dev['hostname'],
-                    ifname=dev['ifname'],
-                    port=dev['port'],
-                    name=dev['name'])
-
-        for iface_param in word[1:]:
-            params = iface_param.split(",")
-            if len(params) > 3:
-                monitor_param = { "freq" : rutils.c2f(params[0]),
-                                  "bw" : params[1],
-                                  "center_freq1" : rutils.c2f(params[2]),
-                                  "center_freq2" : rutils.c2f(params[3]) }
-                host.monitor_params.append(monitor_param)
-
-        try:
-            host.execute(["iw", "reg", "set", setup_params['country']])
-            rutils.setup_hw_host(host, setup_params, True)
-        except:
-            pass
-        mhosts.append(host)
-
-    return mhosts
-
-def destroy(devices, hosts):
-    for host in hosts:
-        stop(host)
-        for monitor in host.monitors:
-            host.execute(["ifconfig", monitor, "down"])
-        host.monitor_params = []
-
-def setup(host, monitor_params=None):
-    if host is None:
-        return
-
-    if monitor_params == None:
-        monitor_params = host.monitor_params
-
-    ifaces = re.split('; | |, ', host.ifname)
-    count = 0
-    for param in monitor_params:
-        try:
-            iface = ifaces[count]
-        except:
-            logger.debug(traceback.format_exc())
-            break
-        host.execute(["ifconfig", iface, " down"])
-        host.execute(["rfkill", "unblock", "wifi"])
-        host.execute(["iw", iface, "set type monitor"])
-        host.execute(["ifconfig", iface, "up"])
-        status, buf = host.execute(["iw", iface, "set", "freq", param['freq'],
-                                    param['bw'], param['center_freq1'],
-                                    param['center_freq2']])
-        if status != 0:
-            logger.debug("Could not setup monitor interface: " + buf)
-            continue
-        host.monitors.append(iface)
-        count = count + 1
-
-def run(host, setup_params):
-    monitor_res = []
-    log_monitor = ""
-    if host is None:
-        return None
-    if len(host.monitors) == 0:
-        return None
-    try:
-        log_dir = setup_params['log_dir']
-        tc_name = setup_params['tc_name']
-    except:
-        return None
-
-    tshark = "tshark"
-    for monitor in host.monitors:
-        host.execute(["ifconfig", monitor, "up"])
-        tshark = tshark + " -i " + monitor
-        log_monitor = log_monitor + "_" + monitor
-
-    log = log_dir + tc_name + "_" + host.name + log_monitor + ".pcap"
-    host.add_log(log)
-    thread = host.thread_run([tshark, "-w", log], monitor_res)
-    host.thread = thread
-
-
-def stop(host):
-    if host is None:
-        return
-    if len(host.monitors) == 0:
-        return
-    if host.thread is None:
-        return
-
-    host.thread_stop(host.thread)
-    host.thread = None
-
-# Add monitor to existing interface
-def add(host, monitors):
-    if host is None:
-        return
-
-    for monitor in monitors:
-        if monitor != "all" and monitor != host.name:
-            continue
-        mon = "mon_" + host.ifname
-        status, buf = host.execute(["iw", host.ifname, "interface", "add", mon,
-                                    "type", "monitor"])
-        if status == 0:
-            host.monitors.append(mon)
-            host.execute(["ifconfig", mon, "up"])
-        else:
-            logger.debug("Could not add monitor for " + host.name)
-
-def remove(host):
-    stop(host)
-    for monitor in host.monitors:
-        host.execute(["iw", monitor, "del"])
-        host.monitors.remove(monitor)
-
-
-# get monitor params from hostapd/wpa_supplicant
-def get_monitor_params(wpa, is_p2p=False):
-    if is_p2p:
-        get_status_field_f = wpa.get_group_status_field
-    else:
-        get_status_field_f = wpa.get_status_field
-    freq = get_status_field_f("freq")
-    bw = "20"
-    center_freq1 = ""
-    center_freq2 = ""
-
-    vht_oper_chwidth = get_status_field_f("vht_oper_chwidth")
-    secondary_channel = get_status_field_f("secondary_channel")
-    vht_oper_centr_freq_seg0_idx = get_status_field_f("vht_oper_centr_freq_seg0_idx")
-    vht_oper_centr_freq_seg1_idx = get_status_field_f("vht_oper_centr_freq_seg1_idx")
-    if vht_oper_chwidth == "0" or vht_oper_chwidth is None:
-        if secondary_channel == "1":
-            bw = "40"
-            center_freq1 = str(int(freq) + 10)
-        elif secondary_channel == "-1":
-            center_freq1 = str(int(freq) - 10)
-        else:
-            pass
-    elif vht_oper_chwidth == "1":
-        bw = "80"
-        center_freq1 = str(int(vht_oper_centr_freq_seg0_idx) * 5 + 5000)
-    elif vht_oper_chwidth == "2":
-        bw = "160"
-        center_freq1 = str(int(vht_oper_centr_freq_seg0_idx) * 5 + 5000)
-    elif vht_oper_chwidth == "3":
-        bw = "80+80"
-        center_freq1 = str(int(vht_oper_centr_freq_seg0_idx) * 5 + 5000)
-        center_freq2 = str(int(vht_oper_centr_freq_seg1_idx) * 5 + 5000)
-    else:
-        pass
-
-    monitor_params = {"freq" : freq,
-                      "bw" : bw,
-                      "center_freq1" : center_freq1,
-                      "center_freq2" : center_freq2}
-
-    return monitor_params
diff --git a/tests/remote/run-tests.py b/tests/remote/run-tests.py
deleted file mode 100755
index 67993a3c2a34..000000000000
--- a/tests/remote/run-tests.py
+++ /dev/null
@@ -1,408 +0,0 @@
-#!/usr/bin/env python3
-#
-# Remote test case executor
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import re
-import sys
-import time
-import traceback
-import getopt
-from datetime import datetime
-from random import shuffle
-
-import logging
-logger = logging.getLogger()
-
-scriptsdir = os.path.dirname(os.path.realpath(sys.modules[__name__].__file__))
-sys.path.append(os.path.join(scriptsdir, '..', '..', 'wpaspy'))
-sys.path.append(os.path.join(scriptsdir, '..', 'hwsim'))
-
-import wpaspy
-import config
-from test_devices import show_devices
-from test_devices import check_devices
-from rutils import TestSkip
-from utils import HwsimSkip
-from hwsim_wrapper import run_hwsim_test
-
-def usage():
-    print("USAGE: " + sys.argv[0] + " -t devices")
-    print("USAGE: " + sys.argv[0] + " -t check_devices")
-    print("USAGE: " + sys.argv[0] + " -d <dut_name> -t <all|sanity|tests_to_run> [-r <ref_name>] [-c <cfg_file.py>] [-m <all|monitor_name>] [-h hwsim_tests] [-f hwsim_modules][-R][-T][-P][-S][-v]")
-    print("USAGE: " + sys.argv[0])
-
-def get_devices(devices, duts, refs, monitors):
-    for dut in duts:
-        config.get_device(devices, dut, lock=True)
-    for ref in refs:
-        config.get_device(devices, ref, lock=True)
-    for monitor in monitors:
-        if monitor == "all":
-            continue
-        if monitor in duts:
-            continue
-        if monitor in refs:
-            continue
-        config.get_device(devices, monitor, lock=True)
-
-def put_devices(devices, duts, refs, monitors):
-    for dut in duts:
-        config.put_device(devices, dut)
-    for ref in refs:
-        config.put_device(devices, ref)
-    for monitor in monitors:
-        if monitor == "all":
-            continue
-        if monitor in duts:
-            continue
-        if monitor in refs:
-            continue
-        config.put_device(devices, monitor)
-
-def main():
-    duts = []
-    refs = []
-    monitors = []
-    filter_keys = []
-    requested_tests = ["help"]
-    requested_hwsim_tests = []
-    hwsim_tests = []
-    requested_modules = []
-    modules_tests = []
-    cfg_file = "cfg.py"
-    log_dir = "./logs/"
-    verbose = False
-    trace = False
-    restart = False
-    perf = False
-    shuffle_tests = False
-
-    # parse input parameters
-    try:
-        opts, args = getopt.getopt(sys.argv[1:], "d:f:r:t:l:k:c:m:h:vRPTS",
-                                   ["dut=", "modules=", "ref=", "tests=",
-                                    "log-dir=",
-                                    "cfg=", "key=", "monitor=", "hwsim="])
-    except getopt.GetoptError as err:
-        print(err)
-        usage()
-        sys.exit(2)
-
-    for option, argument in opts:
-        if option == "-v":
-            verbose = True
-        elif option == "-R":
-            restart = True
-        elif option == "-T":
-            trace = True
-        elif option == "-P":
-            perf = True
-        elif option == "-S":
-            shuffle_tests = True
-        elif option in ("-d", "--dut"):
-            duts.append(argument)
-        elif option in ("-r", "--ref"):
-            refs.append(argument)
-        elif option in ("-t", "--tests"):
-            requested_tests = re.split('; | |, ', argument)
-        elif option in ("-l", "--log-dir"):
-            log_dir = argument
-        elif option in ("-k", "--key"):
-            filter_keys.append(argument)
-        elif option in ("-m", "--monitor"):
-            monitors.append(argument)
-        elif option in ("-c", "--cfg"):
-            cfg_file = argument
-        elif option in ("-h", "--hwsim"):
-            requested_hwsim_tests = re.split('; | |, ', argument)
-        elif option in ("-f", "--modules"):
-            requested_modules = re.split('; | |, ', argument)
-        else:
-            assert False, "unhandled option"
-
-    # get env configuration
-    setup_params = config.get_setup_params(cfg_file)
-    devices = config.get_devices(cfg_file)
-
-    # put logs in log_dir
-    symlink = os.path.join(log_dir, "current");
-    if os.path.exists(symlink):
-        os.unlink(symlink)
-    log_dir = os.path.join(log_dir, time.strftime("%Y_%m_%d_%H_%M_%S"))
-    if not os.path.exists(log_dir):
-        os.makedirs(log_dir)
-    os.symlink(os.path.join("../", log_dir), symlink)
-
-    # setup restart/trace/perf request
-    setup_params['local_log_dir'] = log_dir
-    setup_params['restart_device'] = restart
-    setup_params['trace'] = trace
-    setup_params['perf'] = perf
-
-    # configure logger
-    logger.setLevel(logging.DEBUG)
-
-    stdout_handler = logging.StreamHandler()
-    stdout_handler.setLevel(logging.WARNING)
-    if verbose:
-        stdout_handler.setLevel(logging.DEBUG)
-    logger.addHandler(stdout_handler)
-
-    formatter = logging.Formatter('%(asctime)s - %(message)s')
-    file_name = os.path.join(log_dir, 'run-tests.log')
-    log_handler = logging.FileHandler(file_name)
-    log_handler.setLevel(logging.DEBUG)
-    log_handler.setFormatter(formatter)
-    logger.addHandler(log_handler)
-
-    # import available tests
-    tests = []
-    failed = []
-    test_modules = []
-    files = os.listdir(scriptsdir)
-    for t in files:
-        m = re.match(r'(test_.*)\.py$', t)
-        if m:
-            mod = __import__(m.group(1))
-            test_modules.append(mod.__name__.replace('test_', '', 1))
-            for key, val in mod.__dict__.items():
-                if key.startswith("test_"):
-                    tests.append(val)
-    test_names = list(set([t.__name__.replace('test_', '', 1) for t in tests]))
-
-    # import test_*
-    files = os.listdir("../hwsim/")
-    for t in files:
-        m = re.match(r'(test_.*)\.py$', t)
-        if m:
-            mod = __import__(m.group(1))
-            test_modules.append(mod.__name__.replace('test_', '', 1))
-            for key, val in mod.__dict__.items():
-                if key.startswith("test_"):
-                    hwsim_tests.append(val)
-
-    # setup hwsim tests
-    hwsim_tests_to_run = []
-    if len(requested_hwsim_tests) > 0:
-        # apply filters
-        for filter_key in filter_keys:
-            filtered_tests = []
-            for hwsim_test in hwsim_tests:
-                if re.search(filter_key, hwsim_test.__name__):
-                    filtered_tests.append(hwsim_test)
-            hwsim_tests = filtered_tests
-
-        # setup hwsim_test we should run
-        if requested_hwsim_tests[0] == "all":
-            hwsim_tests_to_run = hwsim_tests
-        elif requested_hwsim_tests[0] == "remote":
-            hwsim_tests_to_run = [t for t in hwsim_tests
-                                  if hasattr(t, "remote_compatible") and
-                                     t.remote_compatible]
-        else:
-            for test in requested_hwsim_tests:
-                t = None
-                for tt in hwsim_tests:
-                    name = tt.__name__.replace('test_', '', 1)
-                    if name == test:
-                        t = tt
-                        break
-                if not t:
-                    logger.warning("hwsim test case: " + test + " NOT-FOUND")
-                    continue
-                hwsim_tests_to_run.append(t)
-
-    # import test_* from modules
-    files = os.listdir("../hwsim/")
-    for t in files:
-        m = re.match(r'(test_.*)\.py$', t)
-        if m:
-            mod = __import__(m.group(1))
-            if mod.__name__.replace('test_', '', 1) not in requested_modules:
-                continue
-            for key, val in mod.__dict__.items():
-                if key.startswith("test_"):
-                    modules_tests.append(val)
-
-    if len(requested_modules) > 0:
-        requested_hwsim_tests = modules_tests
-        hwsim_tests_to_run = modules_tests
-
-    # sort the list
-    test_names.sort()
-    tests.sort(key=lambda t: t.__name__)
-
-    # print help
-    if requested_tests[0] == "help" and len(requested_hwsim_tests) == 0:
-        usage()
-        print("\nAvailable Devices:")
-        for device in devices:
-            print("\t", device['name'])
-        print("\nAvailable tests:")
-        for test in test_names:
-            print("\t", test)
-        print("\nAvailable hwsim tests:")
-        for hwsim_test in hwsim_tests:
-            print("\t", hwsim_test.__name__.replace('test_', '', 1))
-        return
-
-    # show/check devices
-    if requested_tests[0] == "devices":
-        show_devices(devices, setup_params)
-        return
-
-    # apply filters
-    for filter_key in filter_keys:
-        filtered_tests = []
-        for test in tests:
-            if re.search(filter_key, test.__name__):
-                filtered_tests.append(test)
-        tests = filtered_tests
-
-    # setup test we should run
-    tests_to_run = []
-    if requested_tests[0] == "all":
-        tests_to_run = tests
-    if requested_tests[0] == "help":
-        pass
-    elif requested_tests[0] == "sanity":
-        for test in tests:
-            if test.__name__.startswith("test_sanity_"):
-                tests_to_run.append(test)
-    else:
-        for test in requested_tests:
-            t = None
-            for tt in tests:
-                name = tt.__name__.replace('test_', '', 1)
-                if name == test:
-                    t = tt
-                    break
-            if not t:
-                logger.warning("test case: " + test + " NOT-FOUND")
-                continue
-            tests_to_run.append(t)
-
-    if shuffle_tests:
-        shuffle(tests_to_run)
-        shuffle(hwsim_tests_to_run)
-
-    # lock devices
-    try:
-        get_devices(devices, duts, refs, monitors)
-    except Exception as e:
-        logger.warning("get devices failed: " + str(e))
-        logger.info(traceback.format_exc())
-        put_devices(devices, duts, refs, monitors)
-        return
-    except:
-        logger.warning("get devices failed")
-        logger.info(traceback.format_exc())
-        put_devices(devices, duts, refs, monitors)
-        return
-
-    # now run test cases
-    for dut in duts:
-        if len(requested_hwsim_tests) > 0:
-            logger.warning("DUT (apdev): " + str(dut))
-        else:
-            logger.warning("DUT: " + str(dut))
-    for ref in refs:
-        if len(requested_hwsim_tests) > 0:
-            logger.warning("REF   (dev): " + str(ref))
-        else:
-            logger.warning("REF: " + str(ref))
-    for monitor in monitors:
-        logger.warning("MON: " + str(monitor))
-
-    # run check_devices at beginning
-    logger.warning("RUN check_devices")
-    try:
-        check_devices(devices, setup_params, refs, duts, monitors)
-    except Exception as e:
-        logger.warning("FAILED: " + str(e))
-        logger.info(traceback.format_exc())
-        put_devices(devices, duts, refs, monitors)
-        return
-    except:
-        logger.warning("FAILED")
-        logger.info(traceback.format_exc())
-        put_devices(devices, duts, refs, monitors)
-        return
-    logger.warning("PASS")
-
-    test_no = 1
-    for test in tests_to_run:
-        try:
-            start = datetime.now()
-            setup_params['tc_name'] = test.__name__.replace('test_', '', 1)
-            logger.warning("START - " + setup_params['tc_name'] + " (" + str(test_no) + "/" + str(len(tests_to_run)) + ")")
-            if test.__doc__:
-                logger.info("Test: " + test.__doc__)
-
-            # run tc
-            res = test(devices, setup_params, refs, duts, monitors)
-
-            end = datetime.now()
-            logger.warning("PASS (" + res + ") - " + str((end - start).total_seconds()) + "s")
-        except KeyboardInterrupt:
-            put_devices(devices, duts, refs, monitors)
-            raise
-        except TestSkip as e:
-            end = datetime.now()
-            logger.warning("SKIP (" + str(e) + ") - " + str((end - start).total_seconds()) + "s")
-        except Exception as e:
-            end = datetime.now()
-            logger.warning("FAILED (" + str(e) + ") - " + str((end - start).total_seconds()) + "s")
-            logger.info(traceback.format_exc())
-            failed.append(test.__name__.replace('test_', '', 1))
-        except:
-            end = datetime.now()
-            logger.warning("FAILED - " + str((end - start).total_seconds()) + "s")
-            logger.info(traceback.format_exc())
-            failed.append(test.__name__.replace('test_', '', 1))
-        test_no += 1
-
-    test_no = 1
-    for hwsim_test in hwsim_tests_to_run:
-        try:
-            start = datetime.now()
-            setup_params['tc_name'] = hwsim_test.__name__.replace('test_', '', 1)
-            logger.warning("START - " + setup_params['tc_name'] + " (" + str(test_no) + "/" + str(len(hwsim_tests_to_run)) + ")")
-            res = run_hwsim_test(devices, setup_params, refs, duts, monitors, hwsim_test)
-            end = datetime.now()
-            logger.warning("PASS (" + res + ") - " + str((end - start).total_seconds()) + "s")
-        except KeyboardInterrupt:
-            put_devices(devices, duts, refs, monitors)
-            raise
-        except HwsimSkip as e:
-            end = datetime.now()
-            logger.warning("SKIP (" + str(e) + ") - " + str((end - start).total_seconds()) + "s")
-            failed.append(hwsim_test.__name__.replace('test_', '', 1))
-        except Exception as e:
-            end = datetime.now()
-            logger.warning("FAILED (" + str(e) + ") - " + str((end - start).total_seconds()) + "s")
-            logger.info(traceback.format_exc())
-            failed.append(hwsim_test.__name__.replace('test_', '', 1))
-        except:
-            end = datetime.now()
-            logger.warning("FAILED - " + str((end - start).total_seconds()) + "s")
-            logger.info(traceback.format_exc())
-            failed.append(hwsim_test.__name__.replace('test_', '', 1))
-        test_no += 1
-
-    # unlock devices
-    put_devices(devices, duts, refs, monitors)
-
-    if len(failed) > 0:
-        logger.warning("Failed test cases:")
-        for test in failed:
-            logger.warning("\t" + test)
-
-
-if __name__ == "__main__":
-        main()
diff --git a/tests/remote/rutils.py b/tests/remote/rutils.py
deleted file mode 100644
index 6902991124c8..000000000000
--- a/tests/remote/rutils.py
+++ /dev/null
@@ -1,567 +0,0 @@
-# Utils
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import re
-import time
-from remotehost import Host
-import hostapd
-import config
-
-class TestSkip(Exception):
-    def __init__(self, reason):
-        self.reason = reason
-    def __str__(self):
-        return self.reason
-
-# get host based on name
-def get_host(devices, dev_name):
-    dev = config.get_device(devices, dev_name)
-    host = Host(host=dev['hostname'],
-                ifname=dev['ifname'],
-                port=dev['port'],
-                name=dev['name'])
-    host.dev = dev
-    return host
-
-# Run setup_hw - hardware specific
-def setup_hw_host_iface(host, iface, setup_params, force_restart=False):
-    try:
-        setup_hw = setup_params['setup_hw']
-        restart = ""
-        try:
-            if setup_params['restart_device'] == True:
-                restart = "-R"
-        except:
-            pass
-
-        if force_restart:
-            restart = "-R"
-
-        host.execute([setup_hw, "-I", iface, restart])
-    except:
-        pass
-
-def setup_hw_host(host, setup_params, force_restart=False):
-    ifaces = re.split('; | |, ', host.ifname)
-    for iface in ifaces:
-        setup_hw_host_iface(host, iface, setup_params, force_restart)
-
-def setup_hw(hosts, setup_params, force_restart=False):
-    for host in hosts:
-        setup_hw_host(host, setup_params, force_restart)
-
-# get traces - hw specific
-def trace_start(hosts, setup_params):
-    for host in hosts:
-        trace_start_stop(host, setup_params, start=True)
-
-def trace_stop(hosts, setup_params):
-    for host in hosts:
-        trace_start_stop(host, setup_params, start=False)
-
-def trace_start_stop(host, setup_params, start):
-    if setup_params['trace'] == False:
-        return
-    try:
-        start_trace = setup_params['trace_start']
-        stop_trace = setup_params['trace_stop']
-        if start:
-            cmd = start_trace
-        else:
-            cmd = stop_trace
-        trace_dir = setup_params['log_dir'] + host.ifname + "/remote_traces"
-        host.add_log(trace_dir + "/*")
-        host.execute([cmd, "-I", host.ifname, "-D", trace_dir])
-    except:
-        pass
-
-# get perf
-def perf_start(hosts, setup_params):
-    for host in hosts:
-        perf_start_stop(host, setup_params, start=True)
-
-def perf_stop(hosts, setup_params):
-    for host in hosts:
-        perf_start_stop(host, setup_params, start=False)
-
-def perf_start_stop(host, setup_params, start):
-    if setup_params['perf'] == False:
-        return
-    try:
-        perf_start = setup_params['perf_start']
-        perf_stop = setup_params['perf_stop']
-        if start:
-            cmd = perf_start
-        else:
-            cmd = perf_stop
-        perf_dir = setup_params['log_dir'] + host.ifname + "/remote_perf"
-        host.add_log(perf_dir + "/*")
-        host.execute([cmd, "-I", host.ifname, "-D", perf_dir])
-    except:
-        pass
-
-# hostapd/wpa_supplicant helpers
-def run_hostapd(host, setup_params):
-    log_file = None
-    try:
-        tc_name = setup_params['tc_name']
-        log_dir = setup_params['log_dir']
-        log_file = log_dir + tc_name + "_hostapd_" + host.name + "_" + host.ifname + ".log"
-        host.execute(["rm", log_file])
-        log = " -f " + log_file
-    except:
-        log = ""
-
-    if log_file:
-        host.add_log(log_file)
-    pidfile = setup_params['log_dir'] + "hostapd_" + host.ifname + "_" + setup_params['tc_name'] + ".pid"
-    status, buf = host.execute([setup_params['hostapd'], "-B", "-ddt", "-g", "udp:" + host.port, "-P", pidfile, log])
-    if status != 0:
-        raise Exception("Could not run hostapd: " + buf)
-
-def run_wpasupplicant(host, setup_params):
-    log_file = None
-    try:
-        tc_name = setup_params['tc_name']
-        log_dir = setup_params['log_dir']
-        log_file = log_dir + tc_name + "_wpa_supplicant_" + host.name + "_" + host.ifname + ".log"
-        host.execute(["rm", log_file])
-        log = " -f " + log_file
-    except:
-        log = ""
-
-    if log_file:
-        host.add_log(log_file)
-    pidfile = setup_params['log_dir'] + "wpa_supplicant_" + host.ifname + "_" + setup_params['tc_name'] + ".pid"
-    status, buf = host.execute([setup_params['wpa_supplicant'], "-B", "-ddt", "-g", "udp:" + host.port, "-P", pidfile, log])
-    if status != 0:
-        raise Exception("Could not run wpa_supplicant: " + buf)
-
-def kill_wpasupplicant(host, setup_params):
-    pidfile = setup_params['log_dir'] + "wpa_supplicant_" + host.ifname + "_" + setup_params['tc_name'] + ".pid"
-    host.execute(["kill `cat " + pidfile + "`"])
-
-def kill_hostapd(host, setup_params):
-    pidfile = setup_params['log_dir'] + "hostapd_" + host.ifname + "_" + setup_params['tc_name'] + ".pid"
-    host.execute(["kill `cat " + pidfile + "`"])
-
-def get_ap_params(channel="1", bw="HT20", country="US", security="open", ht_capab=None, vht_capab=None):
-    ssid = "test_" + channel + "_" + security + "_" + bw
-
-    if bw == "b_only":
-        params = hostapd.b_only_params(channel, ssid, country)
-    elif bw == "g_only":
-        params = hostapd.g_only_params(channel, ssid, country)
-    elif bw == "g_only_wmm":
-        params = hostapd.g_only_params(channel, ssid, country)
-        params['wmm_enabled'] = "1"
-    elif bw == "a_only":
-        params = hostapd.a_only_params(channel, ssid, country)
-    elif bw == "a_only_wmm":
-        params = hostapd.a_only_params(channel, ssid, country)
-        params['wmm_enabled'] = "1"
-    elif bw == "HT20":
-        params = hostapd.ht20_params(channel, ssid, country)
-        if ht_capab:
-            try:
-                params['ht_capab'] = params['ht_capab'] + ht_capab
-            except:
-                params['ht_capab'] = ht_capab
-    elif bw == "HT40+":
-        params = hostapd.ht40_plus_params(channel, ssid, country)
-        if ht_capab:
-            params['ht_capab'] = params['ht_capab'] + ht_capab
-    elif bw == "HT40-":
-        params = hostapd.ht40_minus_params(channel, ssid, country)
-        if ht_capab:
-            params['ht_capab'] = params['ht_capab'] + ht_capab
-    elif bw == "VHT80":
-        params = hostapd.ht40_plus_params(channel, ssid, country)
-        if ht_capab:
-            params['ht_capab'] = params['ht_capab'] + ht_capab
-        if vht_capab:
-            try:
-                params['vht_capab'] = params['vht_capab'] + vht_capab
-            except:
-                params['vht_capab'] = vht_capab
-        params['ieee80211ac'] = "1"
-        params['vht_oper_chwidth'] = "1"
-        params['vht_oper_centr_freq_seg0_idx'] = str(int(channel) + 6)
-    else:
-        params = {}
-
-    # now setup security params
-    if security == "tkip":
-        sec_params = hostapd.wpa_params(passphrase="testtest")
-    elif security == "ccmp":
-        sec_params = hostapd.wpa2_params(passphrase="testtest")
-    elif security == "mixed":
-        sec_params = hostapd.wpa_mixed_params(passphrase="testtest")
-    elif security == "wep":
-        sec_params = {"wep_key0" : "123456789a",
-                      "wep_default_key" : "0",
-                      "auth_algs" : "1"}
-    elif security == "wep_shared":
-        sec_params = {"wep_key0" : "123456789a",
-                      "wep_default_key" : "0",
-                      "auth_algs" : "2"}
-    else:
-        sec_params = {}
-
-    params.update(sec_params)
-
-    return params
-
-# ip helpers
-def get_ipv4(client, ifname=None):
-    if ifname is None:
-        ifname = client.ifname
-    status, buf = client.execute(["ifconfig", ifname])
-    lines = buf.splitlines()
-
-    for line in lines:
-        res = line.find("inet addr:")
-        if res != -1:
-            break
-
-    if res != -1:
-        words = line.split()
-        addr = words[1].split(":")
-        return addr[1]
-
-    return "unknown"
-
-def get_ipv6(client, ifname=None):
-    res = -1
-    if ifname is None:
-        ifname = client.ifname
-    status, buf = client.execute(["ifconfig", ifname])
-    lines = buf.splitlines()
-
-    for line in lines:
-        res = line.find("Scope:Link")
-        if res == -1:
-            res = line.find("<link>")
-        if res != -1:
-            break
-
-    if res != -1:
-        words = line.split()
-        if words[0] == "inet6" and words[1] == "addr:":
-            addr_mask = words[2]
-            addr = addr_mask.split("/")
-            return addr[0]
-        if words[0] == "inet6":
-            return words[1]
-
-    return "unknown"
-
-def get_ip(client, addr_type="ipv6", iface=None):
-    if addr_type == "ipv6":
-        return get_ipv6(client, iface)
-    elif addr_type == "ipv4":
-        return get_ipv4(client, iface)
-    else:
-        return "unknown addr_type: " + addr_type
-
-def get_ipv4_addr(setup_params, number):
-    try:
-        ipv4_base = setup_params['ipv4_test_net']
-    except:
-        ipv4_base = "172.16.12.0"
-
-    parts = ipv4_base.split('.')
-    ipv4 = parts[0] + "." + parts[1] + "." + parts[2] + "." + str(number)
-
-    return ipv4
-
-def get_mac_addr(host, iface=None):
-    if iface == None:
-        iface = host.ifname
-    status, buf = host.execute(["ifconfig", iface])
-    if status != 0:
-        raise Exception("ifconfig " + iface)
-    words = buf.split()
-    found = 0
-    for word in words:
-        if found == 1:
-            return word
-        if word == "HWaddr" or word == "ether":
-            found = 1
-    raise Exception("Could not find HWaddr")
-
-# connectivity/ping helpers
-def get_ping_packet_loss(ping_res):
-    loss_line = ""
-    lines = ping_res.splitlines()
-    for line in lines:
-        if line.find("packet loss") != -1:
-            loss_line = line
-            break;
-
-    if loss_line == "":
-        return "100%"
-
-    sections = loss_line.split(",")
-
-    for section in sections:
-        if section.find("packet loss") != -1:
-            words = section.split()
-            return words[0]
-
-    return "100%"
-
-def ac_to_ping_ac(qos):
-    if qos == "be":
-        qos_param = "0x00"
-    elif qos == "bk":
-        qos_param = "0x20"
-    elif qos == "vi":
-        qos_param = "0xA0"
-    elif qos == "vo":
-        qos_param = "0xE0"
-    else:
-        qos_param = "0x00"
-    return qos_param
-
-def ping_run(host, ip, result, ifname=None, addr_type="ipv4", deadline="5", qos=None):
-    if ifname is None:
-       ifname = host.ifname
-    if addr_type == "ipv6":
-        ping = ["ping6"]
-    else:
-        ping = ["ping"]
-
-    ping = ping + ["-w", deadline, "-I", ifname]
-    if qos:
-        ping = ping + ["-Q", ac_to_ping_ac(qos)]
-    ping = ping + [ip]
-
-    flush_arp_cache(host)
-
-    thread = host.thread_run(ping, result)
-    return thread
-
-def ping_wait(host, thread, timeout=None):
-    host.thread_wait(thread, timeout)
-    if thread.is_alive():
-        raise Exception("ping thread still alive")
-
-def flush_arp_cache(host):
-    host.execute(["ip", "-s", "-s", "neigh", "flush", "all"])
-
-def check_connectivity(a, b, addr_type="ipv4", deadline="5", qos=None):
-    addr_a = get_ip(a, addr_type)
-    addr_b = get_ip(b, addr_type)
-
-    if addr_type == "ipv4":
-        ping = ["ping"]
-    else:
-        ping = ["ping6"]
-
-    ping_a_b = ping + ["-w", deadline, "-I", a.ifname]
-    ping_b_a = ping + ["-w", deadline, "-I", b.ifname]
-    if qos:
-        ping_a_b = ping_a_b + ["-Q", ac_to_ping_ac(qos)]
-        ping_b_a = ping_b_a + ["-Q", ac_to_ping_ac(qos)]
-    ping_a_b = ping_a_b + [addr_b]
-    ping_b_a = ping_b_a + [addr_a]
-
-    # Clear arp cache
-    flush_arp_cache(a)
-    flush_arp_cache(b)
-
-    status, buf = a.execute(ping_a_b)
-    if status == 2 and ping == "ping6":
-        # tentative possible for a while, try again
-        time.sleep(3)
-        status, buf = a.execute(ping_a_b)
-    if status != 0:
-        raise Exception("ping " + a.name + "/" + a.ifname + " >> " + b.name + "/" + b.ifname)
-
-    a_b = get_ping_packet_loss(buf)
-
-    # Clear arp cache
-    flush_arp_cache(a)
-    flush_arp_cache(b)
-
-    status, buf = b.execute(ping_b_a)
-    if status != 0:
-        raise Exception("ping " + b.name + "/" + b.ifname + " >> " + a.name + "/" + a.ifname)
-
-    b_a = get_ping_packet_loss(buf)
-
-    if int(a_b[:-1]) > 40:
-        raise Exception("Too high packet lost: " + a_b)
-
-    if int(b_a[:-1]) > 40:
-        raise Exception("Too high packet lost: " + b_a)
-
-    return a_b, b_a
-
-
-# iperf helpers
-def get_iperf_speed(iperf_res, pattern="Mbits/sec"):
-    lines = iperf_res.splitlines()
-    sum_line = ""
-    last_line = ""
-    count = 0
-    res = -1
-
-    # first find last SUM line
-    for line in lines:
-        res = line.find("[SUM]")
-        if res != -1:
-            sum_line = line
-
-    # next check SUM status
-    if sum_line != "":
-        words = sum_line.split()
-        for word in words:
-            res = word.find(pattern)
-            if res != -1:
-                return words[count - 1] + " " + pattern
-            count = count + 1
-
-    # no SUM - one thread - find last line
-    for line in lines:
-        res = line.find(pattern)
-        if res != -1:
-            last_line = line
-
-    if last_line == "":
-        return "0 " + pattern
-
-    count = 0
-    words = last_line.split()
-    for word in words:
-        res = word.find(pattern)
-        if res != -1:
-            return words[count - 1] + " " + pattern
-            break;
-        count = count + 1
-    return "0 " + pattern
-
-def ac_to_iperf_ac(qos):
-    if qos == "be":
-        qos_param = "0x00"
-    elif qos == "bk":
-        qos_param = "0x20"
-    elif qos == "vi":
-        qos_param = "0xA0"
-    elif qos == "vo":
-        qos_param = "0xE0"
-    else:
-        qos_param = "0x00"
-    return qos_param
-
-def iperf_run(server, client, server_ip, client_res, server_res,
-              l4="udp", bw="30M", test_time="30", parallel="5",
-              qos="be", param=" -i 5 ", ifname=None, l3="ipv4",
-              port="5001", iperf="iperf"):
-    if ifname == None:
-        ifname = client.ifname
-
-    if iperf == "iperf":
-        iperf_server = [iperf]
-    elif iperf == "iperf3":
-        iperf_server = [iperf, "-1"]
-
-    if l3 == "ipv4":
-        iperf_client = [iperf, "-c", server_ip, "-p", port]
-        iperf_server = iperf_server + ["-p", port]
-    elif l3 == "ipv6":
-        iperf_client = [iperf, "-V", "-c", server_ip  + "%" + ifname, "-p", port]
-        iperf_server = iperf_server + ["-V", "-p", port]
-    else:
-        return -1, -1
-
-    iperf_server = iperf_server + ["-s", "-f", "m", param]
-    iperf_client = iperf_client + ["-f", "m", "-t", test_time]
-
-    if parallel != "1":
-        iperf_client = iperf_client + ["-P", parallel]
-
-    if l4 == "udp":
-        if iperf != "iperf3":
-            iperf_server = iperf_server + ["-u"]
-        iperf_client = iperf_client + ["-u", "-b", bw]
-
-    if qos:
-        iperf_client = iperf_client + ["-Q", ac_to_iperf_ac(qos)]
-
-    flush_arp_cache(server)
-    flush_arp_cache(client)
-
-    server_thread = server.thread_run(iperf_server, server_res)
-    time.sleep(1)
-    client_thread = client.thread_run(iperf_client, client_res)
-
-    return server_thread, client_thread
-
-def iperf_wait(server, client, server_thread, client_thread, timeout=None, iperf="iperf"):
-    client.thread_wait(client_thread, timeout)
-    if client_thread.is_alive():
-        raise Exception("iperf client thread still alive")
-
-    server.thread_wait(server_thread, 5)
-    if server_thread.is_alive():
-        server.execute(["killall", "-s", "INT", iperf])
-        time.sleep(1)
-
-    server.thread_wait(server_thread, 5)
-    if server_thread.is_alive():
-        raise Exception("iperf server thread still alive")
-
-    return
-
-def run_tp_test(server, client, l3="ipv4", iperf="iperf", l4="tcp", test_time="10", parallel="5",
-                qos="be", bw="30M", ifname=None, port="5001"):
-    client_res = []
-    server_res = []
-
-    server_ip = get_ip(server, l3)
-    time.sleep(1)
-    server_thread, client_thread = iperf_run(server, client, server_ip, client_res, server_res,
-                                             l3=l3, iperf=iperf, l4=l4, test_time=test_time,
-                                             parallel=parallel, qos=qos, bw=bw, ifname=ifname,
-                                             port=port)
-    iperf_wait(server, client, server_thread, client_thread, iperf=iperf, timeout=int(test_time) + 10)
-
-    if client_res[0] != 0:
-        raise Exception(iperf + " client: " + client_res[1])
-    if server_res[0] != 0:
-        raise Exception(iperf + " server: " + server_res[1])
-    if client_res[1] is None:
-        raise Exception(iperf + " client result issue")
-    if server_res[1] is None:
-        raise Exception(iperf + " server result issue")
-
-    if iperf == "iperf":
-          result = server_res[1]
-    if iperf == "iperf3":
-          result = client_res[1]
-
-    speed = get_iperf_speed(result)
-    return speed
-
-def get_iperf_bw(bw, parallel, spacial_streams=2):
-    if bw == "b_only":
-        max_tp = 11
-    elif bw == "g_only" or bw == "g_only_wmm" or bw == "a_only" or bw == "a_only_wmm":
-        max_tp = 54
-    elif bw == "HT20":
-        max_tp = 72 * spacial_streams
-    elif bw == "HT40+" or bw == "HT40-":
-        max_tp = 150 * spacial_streams
-    elif bw == "VHT80":
-        max_tp = 433 * spacial_streams
-    else:
-        max_tp = 150
-
-    max_tp = 1.2 * max_tp
-
-    return str(int(max_tp/int(parallel))) + "M"
diff --git a/tests/remote/test_devices.py b/tests/remote/test_devices.py
deleted file mode 100644
index ccd9984a25f4..000000000000
--- a/tests/remote/test_devices.py
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/usr/bin/env python2
-#
-# Show/check devices
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import time
-import traceback
-import config
-import os
-import sys
-import getopt
-import re
-
-import logging
-logger = logging.getLogger()
-
-import rutils
-from remotehost import Host
-from wpasupplicant import WpaSupplicant
-import hostapd
-
-def show_devices(devices, setup_params):
-    """Show/check available devices"""
-    print("Devices:")
-    for device in devices:
-        host = rutils.get_host(devices, device['name'])
-        # simple check if authorized_keys works correctly
-        status, buf = host.execute(["id"])
-        if status != 0:
-            print("[" + host.name + "] - ssh communication:  FAILED")
-            continue
-        else:
-            print("[" + host.name + "] - ssh communication: OK")
-        # check setup_hw works correctly
-        rutils.setup_hw_host(host, setup_params)
-
-        # show uname
-        status, buf = host.execute(["uname", "-s", "-n", "-r", "-m", "-o"])
-        print("\t" + buf)
-        # show ifconfig
-        ifaces = re.split('; | |, ', host.ifname)
-        for iface in ifaces:
-            status, buf = host.execute(["ifconfig", iface])
-            if status != 0:
-                print("\t" + iface + " failed\n")
-                continue
-            lines = buf.splitlines()
-            for line in lines:
-                print("\t" + line)
-        # check hostapd, wpa_supplicant, iperf exist
-        status, buf = host.execute([setup_params['wpa_supplicant'], "-v"])
-        if status != 0:
-            print("\t" + setup_params['wpa_supplicant'] + " not find\n")
-            continue
-        lines = buf.splitlines()
-        for line in lines:
-            print("\t" + line)
-        print("")
-        status, buf = host.execute([setup_params['hostapd'], "-v"])
-        if status != 1:
-            print("\t" + setup_params['hostapd'] + " not find\n")
-            continue
-        lines = buf.splitlines()
-        for line in lines:
-            print("\t" + line)
-        print("")
-        status, buf = host.execute([setup_params['iperf'], "-v"])
-        if status != 0 and status != 1:
-            print("\t" + setup_params['iperf'] + " not find\n")
-            continue
-        lines = buf.splitlines()
-        for line in lines:
-            print("\t" + line)
-        print("")
-
-def check_device(devices, setup_params, dev_name, monitor=False):
-    host = rutils.get_host(devices, dev_name)
-    # simple check if authorized_keys works correctly
-    status, buf = host.execute(["id"])
-    if status != 0:
-        raise Exception(dev_name + " - ssh communication FAILED: " + buf)
-
-    rutils.setup_hw_host(host, setup_params)
-
-    ifaces = re.split('; | |, ', host.ifname)
-    # check interfaces (multi for monitor)
-    for iface in ifaces:
-        status, buf = host.execute(["ifconfig", iface])
-        if status != 0:
-            raise Exception(dev_name + " ifconfig " + iface + " failed: " + buf)
-
-    # monitor doesn't need wpa_supplicant/hostapd ...
-    if monitor == True:
-        return
-
-    status, buf = host.execute(["ls", "-l", setup_params['wpa_supplicant']])
-    if status != 0:
-        raise Exception(dev_name + " - wpa_supplicant: " + buf)
-
-    status, buf = host.execute(["ls", "-l", setup_params['hostapd']])
-    if status != 0:
-        raise Exception(dev_name + " - hostapd: " + buf)
-
-    status, buf = host.execute(["which", setup_params['iperf']])
-    if status != 0:
-        raise Exception(dev_name + " - iperf: " + buf)
-
-    status, buf = host.execute(["which", "tshark"])
-    if status != 0:
-        logger.debug(dev_name + " - tshark: " + buf)
-
-def check_devices(devices, setup_params, refs, duts, monitors):
-    """Check duts/refs/monitors devices"""
-    for dut in duts:
-        check_device(devices, setup_params, dut)
-    for ref in refs:
-        check_device(devices, setup_params, ref)
-    for monitor in monitors:
-        if monitor == "all":
-            continue
-        check_device(devices, setup_params, monitor, monitor=True)
diff --git a/tests/remote/test_example.py b/tests/remote/test_example.py
deleted file mode 100644
index 1550665c30c4..000000000000
--- a/tests/remote/test_example.py
+++ /dev/null
@@ -1,141 +0,0 @@
-# Example test case
-# Copyright (c) 2016, Tieto Corporation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import remotehost
-from wpasupplicant import WpaSupplicant
-import hostapd
-import config
-import rutils
-import monitor
-
-import logging
-logger = logging.getLogger()
-
-def test_example(devices, setup_params, refs, duts, monitors):
-    """TC example - simple connect and ping test"""
-    try:
-        sta = None
-        ap = None
-        hapd = None
-        wpas = None
-        mon = None
-
-        # get hosts based on name
-        sta = rutils.get_host(devices, duts[0])
-        ap = rutils.get_host(devices, refs[0])
-
-        # setup log dir
-        local_log_dir = setup_params['local_log_dir']
-
-        # setup hw before test
-        rutils.setup_hw([sta, ap], setup_params)
-
-        # run traces if requested
-        rutils.trace_start([sta], setup_params)
-
-        # run perf if requested
-        rutils.perf_start([sta], setup_params)
-
-        # run hostapd/wpa_supplicant
-        rutils.run_wpasupplicant(sta, setup_params)
-        rutils.run_hostapd(ap, setup_params)
-
-        # get ap_params
-        ap_params = rutils.get_ap_params(channel="1", bw="HT20", country="US",
-                                         security="open")
-
-        # Add monitors if requested
-        monitor_hosts = monitor.create(devices, setup_params, refs, duts,
-                                       monitors)
-        if len(monitor_hosts) > 0:
-            mon = monitor_hosts[0]
-        monitor.add(sta, monitors)
-        monitor.add(ap, monitors)
-
-        # connect to hostapd/wpa_supplicant UDP CTRL iface
-        hapd = hostapd.add_ap(ap.dev, ap_params)
-        freq = hapd.get_status_field("freq")
-        wpas = WpaSupplicant(hostname=sta.host, global_iface="udp",
-                             global_port=sta.port)
-        wpas.interface_add(sta.ifname)
-
-        # setup standalone monitor based on hapd; could be multi interface
-        # monitor
-        monitor_param = monitor.get_monitor_params(hapd)
-        monitor.setup(mon, [monitor_param])
-
-        # run monitors
-        monitor.run(sta, setup_params)
-        monitor.run(ap, setup_params)
-        monitor.run(mon, setup_params)
-
-        # connect wpa_supplicant to hostapd
-        wpas.connect(ap_params['ssid'], key_mgmt="NONE", scan_freq=freq)
-
-        # run ping test
-        ap_sta, sta_ap = rutils.check_connectivity(ap, sta, "ipv6")
-
-        # remove/destroy monitors
-        monitor.remove(sta)
-        monitor.remove(ap)
-        monitor.destroy(devices, monitor_hosts)
-
-        # hostapd/wpa_supplicant cleanup
-        wpas.interface_remove(sta.ifname)
-        wpas.terminate()
-
-        hapd.close_ctrl()
-        hostapd.remove_bss(ap.dev)
-        hostapd.terminate(ap.dev)
-
-        # stop perf
-        rutils.perf_stop([sta], setup_params)
-
-        # stop traces
-        rutils.trace_stop([sta], setup_params)
-
-        # get wpa_supplicant/hostapd/tshark logs
-        sta.get_logs(local_log_dir)
-        ap.get_logs(local_log_dir)
-        if mon:
-            mon.get_logs(local_log_dir)
-
-        return "packet_loss: " + ap_sta + ", " + sta_ap
-    except:
-        rutils.perf_stop([sta], setup_params)
-        rutils.trace_stop([sta], setup_params)
-        if wpas:
-            try:
-                wpas.interface_remove(sta.ifname)
-                wpas.terminate()
-            except:
-                pass
-        if hapd:
-            try:
-                hapd.close_ctrl()
-                hostapd.remove_bss(ap.dev)
-                hostapd.terminate(ap.dev)
-            except:
-                pass
-        if mon:
-            monitor.destroy(devices, monitor_hosts)
-            mon.get_logs(local_log_dir)
-
-        if sta:
-            monitor.remove(sta)
-            dmesg = setup_params['log_dir'] + setup_params['tc_name'] + "_" + sta.name + "_" + sta.ifname + ".dmesg"
-            sta.execute(["dmesg", "-c", ">", dmesg])
-            sta.add_log(dmesg)
-            sta.get_logs(local_log_dir)
-            sta.execute(["ifconfig", sta.ifname, "down"])
-        if ap:
-            monitor.remove(ap)
-            dmesg = setup_params['log_dir'] + setup_params['tc_name'] + "_" + ap.name + "_" + ap.ifname + ".dmesg"
-            ap.execute(["dmesg", "-c", ">", dmesg])
-            ap.add_log(dmesg)
-            ap.get_logs(local_log_dir)
-            ap.execute(["ifconfig", ap.ifname, " down"])
-        raise
diff --git a/tests/remote/test_monitor.py b/tests/remote/test_monitor.py
deleted file mode 100644
index c8b88d4bec43..000000000000
--- a/tests/remote/test_monitor.py
+++ /dev/null
@@ -1,52 +0,0 @@
-# Monitor support
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import remotehost
-import config
-import rutils
-import monitor
-import time
-import os
-
-import logging
-logger = logging.getLogger()
-
-def run_monitor(devices, setup_params, refs, duts, monitors, seconds=None):
-    try:
-        air_monitor = []
-        output = "\n\tPCAP files:\n"
-        # setup log dir
-        local_log_dir = setup_params['local_log_dir']
-
-        # add/run monitors if requested
-        air_monitors = monitor.create(devices, setup_params, refs, duts,
-                                      monitors)
-        for air_monitor in air_monitors:
-            monitor.setup(air_monitor)
-            monitor.run(air_monitor, setup_params)
-            logger.warning(air_monitor.name + " - monitor started ...")
-
-        if seconds != None:
-            time.sleep(int(seconds))
-        else:
-            input("\tPress Enter to end capturing...")
-
-        # destroy monitor / get pcap
-        monitor.destroy(devices, air_monitors)
-        for air_monitor in air_monitors:
-            for log in air_monitor.logs:
-                head, tail = os.path.split(log)
-                output = output + "\t" + local_log_dir + "/" + tail + "\n"
-            air_monitor.get_logs(local_log_dir)
-        return output
-    except:
-        for air_monitor in air_monitors:
-            monitor.destroy(devices, air_monitors)
-            air_monitor.get_logs(local_log_dir)
-        raise
-
-def test_run_monitor(devices, setup_params, refs, duts, monitors):
-    """TC run standalone monitor"""
-    return run_monitor(devices, setup_params, refs, duts, monitors)
diff --git a/tests/test-aes.c b/tests/test-aes.c
deleted file mode 100644
index 9d76c07b56e6..000000000000
--- a/tests/test-aes.c
+++ /dev/null
@@ -1,624 +0,0 @@
-/*
- * Test program for AES
- * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/crypto.h"
-#include "crypto/aes_wrap.h"
-
-#define BLOCK_SIZE 16
-
-static void test_aes_perf(void)
-{
-#if 0 /* this did not seem to work with new compiler?! */
-#ifdef __i386__
-#define rdtscll(val) \
-     __asm__ __volatile__("rdtsc" : "=A" (val))
-	const int num_iters = 10;
-	int i;
-	unsigned int start, end;
-	u8 key[16], pt[16], ct[16];
-	void *ctx;
-
-	printf("keySetupEnc:");
-	for (i = 0; i < num_iters; i++) {
-		rdtscll(start);
-		ctx = aes_encrypt_init(key, 16);
-		rdtscll(end);
-		aes_encrypt_deinit(ctx);
-		printf(" %d", end - start);
-	}
-	printf("\n");
-
-	printf("Encrypt:");
-	ctx = aes_encrypt_init(key, 16);
-	for (i = 0; i < num_iters; i++) {
-		rdtscll(start);
-		aes_encrypt(ctx, pt, ct);
-		rdtscll(end);
-		printf(" %d", end - start);
-	}
-	aes_encrypt_deinit(ctx);
-	printf("\n");
-#endif /* __i386__ */
-#endif
-}
-
-
-/*
- * GCM test vectors from
- * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
- */
-struct gcm_test_vector {
-	char *k;
-	char *p;
-	char *aad;
-	char *iv;
-	char *c;
-	char *t;
-};
-
-static const struct gcm_test_vector gcm_tests[] = {
-	{
-		/* Test Case 1 */
-		"00000000000000000000000000000000",
-		"",
-		"",
-		"000000000000000000000000",
-		"",
-		"58e2fccefa7e3061367f1d57a4e7455a"
-	},
-	{
-		/* Test Case 2 */
-		"00000000000000000000000000000000",
-		"00000000000000000000000000000000",
-		"",
-		"000000000000000000000000",
-		"0388dace60b6a392f328c2b971b2fe78",
-		"ab6e47d42cec13bdf53a67b21257bddf"
-	},
-	{
-		/* Test Case 3 */
-		"feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
-		"",
-		"cafebabefacedbaddecaf888",
-		"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
-		"4d5c2af327cd64a62cf35abd2ba6fab4"
-	},
-	{
-		/* Test Case 4 */
-		"feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"cafebabefacedbaddecaf888",
-		"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
-		"5bc94fbc3221a5db94fae95ae7121a47"
-	},
-	{
-		/* Test Case 5 */
-		"feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"cafebabefacedbad",
-		"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
-		"3612d2e79e3b0785561be14aaca2fccb"
-	},
-	{
-		/* Test Case 6 */
-		"feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
-		"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
-		"619cc5aefffe0bfa462af43c1699d050"
-	},
-	{
-		/* Test Case 7 */
-		"000000000000000000000000000000000000000000000000",
-		"",
-		"",
-		"000000000000000000000000",
-		"",
-		"cd33b28ac773f74ba00ed1f312572435"
-	},
-	{
-		/* Test Case 8 */
-		"000000000000000000000000000000000000000000000000",
-		"00000000000000000000000000000000",
-		"",
-		"000000000000000000000000",
-		"98e7247c07f0fe411c267e4384b0f600",
-		"2ff58d80033927ab8ef4d4587514f0fb"
-	},
-	{
-		/* Test Case 9 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
-		"",
-		"cafebabefacedbaddecaf888",
-		"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
-		"9924a7c8587336bfb118024db8674a14"
-	},
-	{
-		/* Test Case 10 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"cafebabefacedbaddecaf888",
-		"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
-		"2519498e80f1478f37ba55bd6d27618c"
-	},
-	{
-		/* Test Case 11 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"cafebabefacedbad",
-		"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
-		"65dcc57fcf623a24094fcca40d3533f8"
-	},
-	{
-		/* Test Case 12 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
-		"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
-		"dcf566ff291c25bbb8568fc3d376a6d9"
-	},
-	{
-		/* Test Case 13 */
-		"0000000000000000000000000000000000000000000000000000000000000000",
-		"",
-		"",
-		"000000000000000000000000",
-		"",
-		"530f8afbc74536b9a963b4f1c4cb738b"
-	},
-	{
-		/* Test Case 14 */
-		"0000000000000000000000000000000000000000000000000000000000000000",
-		"00000000000000000000000000000000",
-		"",
-		"000000000000000000000000",
-		"cea7403d4d606b6e074ec5d3baf39d18",
-		"d0d1c8a799996bf0265b98b5d48ab919"
-	},
-	{
-		/* Test Case 15 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
-		"",
-		"cafebabefacedbaddecaf888",
-		"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
-		"b094dac5d93471bdec1a502270e3cc6c"
-	},
-	{
-		/* Test Case 16 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"cafebabefacedbaddecaf888",
-		"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
-		"76fc6ece0f4e1768cddf8853bb2d551b"
-	},
-	{
-		/* Test Case 17 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"cafebabefacedbad",
-		"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
-		"3a337dbf46a792c45e454913fe2ea8f2"
-	},
-	{
-		/* Test Case 18 */
-		"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-		"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-		"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-		"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
-		"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
-		"a44a8266ee1c8eb0c8b5d4cf5ae9f19a"
-	}
-};
-
-
-static int test_gcm(void)
-{
-	int ret = 0;
-	int i;
-	u8 k[32], aad[32], iv[64], t[16], tag[16];
-	u8 p[64], c[64], tmp[64];
-	size_t k_len, p_len, aad_len, iv_len;
-
-	for (i = 0; i < ARRAY_SIZE(gcm_tests); i++) {
-		const struct gcm_test_vector *tc = &gcm_tests[i];
-
-		k_len = os_strlen(tc->k) / 2;
-		if (hexstr2bin(tc->k, k, k_len)) {
-			printf("Invalid GCM test vector %d (k)\n", i);
-			ret++;
-			continue;
-		}
-
-		p_len = os_strlen(tc->p) / 2;
-		if (hexstr2bin(tc->p, p, p_len)) {
-			printf("Invalid GCM test vector %d (p)\n", i);
-			ret++;
-			continue;
-		}
-
-		aad_len = os_strlen(tc->aad) / 2;
-		if (hexstr2bin(tc->aad, aad, aad_len)) {
-			printf("Invalid GCM test vector %d (aad)\n", i);
-			ret++;
-			continue;
-		}
-
-		iv_len = os_strlen(tc->iv) / 2;
-		if (hexstr2bin(tc->iv, iv, iv_len)) {
-			printf("Invalid GCM test vector %d (iv)\n", i);
-			ret++;
-			continue;
-		}
-
-		if (hexstr2bin(tc->c, c, p_len)) {
-			printf("Invalid GCM test vector %d (c)\n", i);
-			ret++;
-			continue;
-		}
-
-		if (hexstr2bin(tc->t, t, sizeof(t))) {
-			printf("Invalid GCM test vector %d (t)\n", i);
-			ret++;
-			continue;
-		}
-
-		if (aes_gcm_ae(k, k_len, iv, iv_len, p, p_len, aad, aad_len,
-			       tmp, tag) < 0) {
-			printf("GCM-AE failed (test case %d)\n", i);
-			ret++;
-			continue;
-		}
-
-		if (os_memcmp(c, tmp, p_len) != 0) {
-			printf("GCM-AE mismatch (test case %d)\n", i);
-			ret++;
-		}
-
-		if (os_memcmp(tag, t, sizeof(tag)) != 0) {
-			printf("GCM-AE tag mismatch (test case %d)\n", i);
-			ret++;
-		}
-
-		if (p_len == 0) {
-			if (aes_gmac(k, k_len, iv, iv_len, aad, aad_len, tag) <
-			    0) {
-				printf("GMAC failed (test case %d)\n", i);
-				ret++;
-				continue;
-			}
-
-			if (os_memcmp(tag, t, sizeof(tag)) != 0) {
-				printf("GMAC tag mismatch (test case %d)\n", i);
-				ret++;
-			}
-		}
-
-		if (aes_gcm_ad(k, k_len, iv, iv_len, c, p_len, aad, aad_len,
-			       t, tmp) < 0) {
-			printf("GCM-AD failed (test case %d)\n", i);
-			ret++;
-			continue;
-		}
-
-		if (os_memcmp(p, tmp, p_len) != 0) {
-			printf("GCM-AD mismatch (test case %d)\n", i);
-			ret++;
-		}
-	}
-
-	return ret;
-}
-
-
-static int test_nist_key_wrap_ae(const char *fname)
-{
-	FILE *f;
-	int ret = 0;
-	char buf[15000], *pos, *pos2;
-	u8 bin[2000], k[32], p[1024], c[1024 + 8], result[1024 + 8];
-	size_t bin_len, k_len = 0, p_len = 0, c_len = 0;
-	int ok = 0;
-
-	printf("NIST KW AE tests from %s\n", fname);
-
-	f = fopen(fname, "r");
-	if (f == NULL) {
-		printf("%s does not exist - cannot validate test vectors\n",
-		       fname);
-		return 1;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		if (buf[0] == '#')
-			continue;
-		pos = os_strchr(buf, '=');
-		if (pos == NULL)
-			continue;
-		pos2 = pos - 1;
-		while (pos2 >= buf && *pos2 == ' ')
-			*pos2-- = '\0';
-		*pos++ = '\0';
-		while (*pos == ' ')
-			*pos++ = '\0';
-		pos2 = os_strchr(pos, '\r');
-		if (!pos2)
-			pos2 = os_strchr(pos, '\n');
-		if (pos2)
-			*pos2 = '\0';
-		else
-			pos2 = pos + os_strlen(pos);
-
-		if (buf[0] == '[') {
-			printf("%s = %s\n", buf, pos);
-			continue;
-		}
-
-		if (os_strcmp(buf, "COUNT") == 0) {
-			printf("Test %s - ", pos);
-			continue;
-		}
-
-		bin_len = os_strlen(pos);
-		if (bin_len > sizeof(bin) * 2) {
-			printf("Too long binary data (%s)\n", buf);
-			return 1;
-		}
-		if (bin_len & 0x01) {
-			printf("Odd number of hexstring values (%s)\n",
-				buf);
-			return 1;
-		}
-		bin_len /= 2;
-		if (hexstr2bin(pos, bin, bin_len) < 0) {
-			printf("Invalid hex string '%s' (%s)\n", pos, buf);
-			return 1;
-		}
-
-		if (os_strcmp(buf, "K") == 0) {
-			if (bin_len > sizeof(k)) {
-				printf("Too long K (%u)\n", (unsigned) bin_len);
-				return 1;
-			}
-			os_memcpy(k, bin, bin_len);
-			k_len = bin_len;
-			continue;
-		}
-
-		if (os_strcmp(buf, "P") == 0) {
-			if (bin_len > sizeof(p)) {
-				printf("Too long P (%u)\n", (unsigned) bin_len);
-				return 1;
-			}
-			os_memcpy(p, bin, bin_len);
-			p_len = bin_len;
-			continue;
-		}
-
-		if (os_strcmp(buf, "C") != 0) {
-			printf("Unexpected field '%s'\n", buf);
-			continue;
-		}
-
-		if (bin_len > sizeof(c)) {
-			printf("Too long C (%u)\n", (unsigned) bin_len);
-			return 1;
-		}
-		os_memcpy(c, bin, bin_len);
-		c_len = bin_len;
-
-		if (p_len % 8 != 0 || c_len % 8 != 0 || c_len - p_len != 8) {
-			printf("invalid parameter length (p_len=%u c_len=%u)\n",
-			       (unsigned) p_len, (unsigned) c_len);
-			continue;
-		}
-
-		if (aes_wrap(k, k_len, p_len / 8, p, result)) {
-			printf("aes_wrap() failed\n");
-			ret++;
-			continue;
-		}
-
-		if (os_memcmp(c, result, c_len) == 0) {
-			printf("OK\n");
-			ok++;
-		} else {
-			printf("FAIL\n");
-			ret++;
-		}
-	}
-
-	fclose(f);
-
-	if (ret)
-		printf("Test case failed\n");
-	else
-		printf("%d test vectors OK\n", ok);
-
-	return ret;
-}
-
-
-static int test_nist_key_wrap_ad(const char *fname)
-{
-	FILE *f;
-	int ret = 0;
-	char buf[15000], *pos, *pos2;
-	u8 bin[2000], k[32], p[1024], c[1024 + 8], result[1024 + 8];
-	size_t bin_len, k_len = 0, p_len = 0, c_len = 0;
-	int ok = 0;
-	int fail;
-
-	printf("NIST KW AD tests from %s\n", fname);
-
-	f = fopen(fname, "r");
-	if (f == NULL) {
-		printf("%s does not exist - cannot validate test vectors\n",
-		       fname);
-		return 1;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		if (buf[0] == '#')
-			continue;
-		fail = 0;
-		pos = os_strchr(buf, '=');
-		if (pos == NULL) {
-			if (os_strncmp(buf, "FAIL", 4) == 0) {
-				fail = 1;
-				goto skip_val_parse;
-			}
-			continue;
-		}
-		pos2 = pos - 1;
-		while (pos2 >= buf && *pos2 == ' ')
-			*pos2-- = '\0';
-		*pos++ = '\0';
-		while (*pos == ' ')
-			*pos++ = '\0';
-		pos2 = os_strchr(pos, '\r');
-		if (!pos2)
-			pos2 = os_strchr(pos, '\n');
-		if (pos2)
-			*pos2 = '\0';
-		else
-			pos2 = pos + os_strlen(pos);
-
-		if (buf[0] == '[') {
-			printf("%s = %s\n", buf, pos);
-			continue;
-		}
-
-		if (os_strcmp(buf, "COUNT") == 0) {
-			printf("Test %s - ", pos);
-			continue;
-		}
-
-		bin_len = os_strlen(pos);
-		if (bin_len > sizeof(bin) * 2) {
-			printf("Too long binary data (%s)\n", buf);
-			return 1;
-		}
-		if (bin_len & 0x01) {
-			printf("Odd number of hexstring values (%s)\n",
-				buf);
-			return 1;
-		}
-		bin_len /= 2;
-		if (hexstr2bin(pos, bin, bin_len) < 0) {
-			printf("Invalid hex string '%s' (%s)\n", pos, buf);
-			return 1;
-		}
-
-		if (os_strcmp(buf, "K") == 0) {
-			if (bin_len > sizeof(k)) {
-				printf("Too long K (%u)\n", (unsigned) bin_len);
-				return 1;
-			}
-			os_memcpy(k, bin, bin_len);
-			k_len = bin_len;
-			continue;
-		}
-
-		if (os_strcmp(buf, "C") == 0) {
-			if (bin_len > sizeof(c)) {
-				printf("Too long C (%u)\n", (unsigned) bin_len);
-				return 1;
-			}
-			os_memcpy(c, bin, bin_len);
-			c_len = bin_len;
-			continue;
-		}
-
-	skip_val_parse:
-		if (!fail) {
-			if (os_strcmp(buf, "P") != 0) {
-				printf("Unexpected field '%s'\n", buf);
-				continue;
-			}
-
-			if (bin_len > sizeof(p)) {
-				printf("Too long P (%u)\n", (unsigned) bin_len);
-				return 1;
-			}
-			os_memcpy(p, bin, bin_len);
-			p_len = bin_len;
-
-			if (p_len % 8 != 0 || c_len % 8 != 0 ||
-			    c_len - p_len != 8) {
-				printf("invalid parameter length (p_len=%u c_len=%u)\n",
-				       (unsigned) p_len, (unsigned) c_len);
-				continue;
-			}
-		}
-
-		if (aes_unwrap(k, k_len, (c_len / 8) - 1, c, result)) {
-			if (fail) {
-				printf("OK (fail reported)\n");
-				ok++;
-				continue;
-			}
-			printf("aes_unwrap() failed\n");
-			ret++;
-			continue;
-		}
-
-		if (fail) {
-			printf("FAIL (mismatch not reported)\n");
-			ret++;
-		} else if (os_memcmp(p, result, p_len) == 0) {
-			printf("OK\n");
-			ok++;
-		} else {
-			printf("FAIL\n");
-			ret++;
-		}
-	}
-
-	fclose(f);
-
-	if (ret)
-		printf("Test case failed\n");
-	else
-		printf("%d test vectors OK\n", ok);
-
-	return ret;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int ret = 0;
-
-	if (argc >= 3 && os_strcmp(argv[1], "NIST-KW-AE") == 0)
-		ret += test_nist_key_wrap_ae(argv[2]);
-	else if (argc >= 3 && os_strcmp(argv[1], "NIST-KW-AD") == 0)
-		ret += test_nist_key_wrap_ad(argv[2]);
-
-	test_aes_perf();
-
-	ret += test_gcm();
-
-	if (ret)
-		printf("FAILED!\n");
-
-	return ret;
-}
diff --git a/tests/test-base64.c b/tests/test-base64.c
deleted file mode 100644
index 99943f0db3cf..000000000000
--- a/tests/test-base64.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Base64 encoding/decoding (RFC1341) - test program
- * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include "utils/os.h"
-#include "utils/base64.h"
-
-int main(int argc, char *argv[])
-{
-	FILE *f;
-	size_t len, elen;
-	unsigned char *buf, *e;
-
-	if (argc != 4) {
-		printf("Usage: base64 <encode|decode> <in file> <out file>\n");
-		return -1;
-	}
-
-	buf = (unsigned char *) os_readfile(argv[2], &len);
-	if (buf == NULL)
-		return -1;
-
-	if (strcmp(argv[1], "encode") == 0)
-		e = (unsigned char *) base64_encode(buf, len, &elen);
-	else
-		e = base64_decode((const char *) buf, len, &elen);
-	if (e == NULL)
-		return -2;
-	f = fopen(argv[3], "w");
-	if (f == NULL)
-		return -3;
-	fwrite(e, 1, elen, f);
-	fclose(f);
-	free(e);
-
-	return 0;
-}
diff --git a/tests/test-https.c b/tests/test-https.c
deleted file mode 100644
index a72e56f9d21c..000000000000
--- a/tests/test-https.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Testing tool for TLSv1 client routines using HTTPS
- * Copyright (c) 2011, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <netdb.h>
-
-#include "common.h"
-#include "crypto/tls.h"
-
-
-static void https_tls_event_cb(void *ctx, enum tls_event ev,
-			       union tls_event_data *data)
-{
-	wpa_printf(MSG_DEBUG, "HTTPS: TLS event %d", ev);
-}
-
-
-static struct wpabuf * https_recv(int s)
-{
-	struct wpabuf *in;
-	int len, ret;
-	fd_set rfds;
-	struct timeval tv;
-
-	in = wpabuf_alloc(20000);
-	if (in == NULL)
-		return NULL;
-
-	FD_ZERO(&rfds);
-	FD_SET(s, &rfds);
-	tv.tv_sec = 5;
-	tv.tv_usec = 0;
-
-	wpa_printf(MSG_DEBUG, "Waiting for more data");
-	ret = select(s + 1, &rfds, NULL, NULL, &tv);
-	if (ret < 0) {
-		wpa_printf(MSG_ERROR, "select: %s", strerror(errno));
-		wpabuf_free(in);
-		return NULL;
-	}
-	if (ret == 0) {
-		/* timeout */
-		wpa_printf(MSG_INFO, "Timeout on waiting for data");
-		wpabuf_free(in);
-		return NULL;
-	}
-
-	len = recv(s, wpabuf_put(in, 0), wpabuf_tailroom(in), 0);
-	if (len < 0) {
-		wpa_printf(MSG_ERROR, "recv: %s", strerror(errno));
-		wpabuf_free(in);
-		return NULL;
-	}
-	if (len == 0) {
-		wpa_printf(MSG_DEBUG, "No more data available");
-		wpabuf_free(in);
-		return NULL;
-	}
-	wpa_printf(MSG_DEBUG, "Received %d bytes", len);
-	wpabuf_put(in, len);
-
-	return in;
-}
-
-
-static int https_client(int s, const char *path)
-{
-	struct tls_config conf;
-	void *tls;
-	struct tls_connection *conn;
-	struct wpabuf *in, *out, *appl;
-	int res = -1;
-	int need_more_data;
-
-	os_memset(&conf, 0, sizeof(conf));
-	conf.event_cb = https_tls_event_cb;
-	tls = tls_init(&conf);
-	if (tls == NULL)
-		return -1;
-
-	conn = tls_connection_init(tls);
-	if (conn == NULL) {
-		tls_deinit(tls);
-		return -1;
-	}
-
-	in = NULL;
-
-	for (;;) {
-		appl = NULL;
-		out = tls_connection_handshake2(tls, conn, in, &appl,
-						&need_more_data);
-		wpabuf_free(in);
-		in = NULL;
-		if (out == NULL) {
-			if (need_more_data)
-				goto read_more;
-			goto done;
-		}
-		if (tls_connection_get_failed(tls, conn)) {
-			wpa_printf(MSG_ERROR, "TLS handshake failed");
-			goto done;
-		}
-		if (tls_connection_established(tls, conn))
-			break;
-		wpa_printf(MSG_DEBUG, "Sending %d bytes",
-			   (int) wpabuf_len(out));
-		if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) {
-			wpa_printf(MSG_ERROR, "send: %s", strerror(errno));
-			goto done;
-		}
-		wpabuf_free(out);
-		out = NULL;
-
-	read_more:
-		in = https_recv(s);
-		if (in == NULL)
-			goto done;
-	}
-	wpabuf_free(out);
-	out = NULL;
-
-	wpa_printf(MSG_INFO, "TLS connection established");
-	if (appl)
-		wpa_hexdump_buf(MSG_DEBUG, "Received application data", appl);
-
-	in = wpabuf_alloc(100 + os_strlen(path));
-	if (in == NULL)
-		goto done;
-	wpabuf_put_str(in, "GET ");
-	wpabuf_put_str(in, path);
-	wpabuf_put_str(in, " HTTP/1.0\r\n\r\n");
-	out = tls_connection_encrypt(tls, conn, in);
-	wpabuf_free(in);
-	in = NULL;
-	if (out == NULL)
-		goto done;
-
-	wpa_printf(MSG_INFO, "Sending HTTP request: %d bytes",
-		   (int) wpabuf_len(out));
-	if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) {
-		wpa_printf(MSG_ERROR, "send: %s", strerror(errno));
-		goto done;
-	}
-	wpabuf_free(out);
-	out = NULL;
-
-	wpa_printf(MSG_INFO, "Reading HTTP response");
-	for (;;) {
-		int need_more_data;
-		in = https_recv(s);
-		if (in == NULL)
-			goto done;
-		out = tls_connection_decrypt2(tls, conn, in, &need_more_data);
-		if (need_more_data)
-			wpa_printf(MSG_DEBUG, "HTTP: Need more data");
-		wpabuf_free(in);
-		in = NULL;
-		if (out == NULL)
-			goto done;
-		wpa_hexdump_ascii(MSG_INFO, "Response", wpabuf_head(out),
-				  wpabuf_len(out));
-		wpabuf_free(out);
-		out = NULL;
-	}
-
-	res = 0;
-done:
-	wpabuf_free(out);
-	wpabuf_free(in);
-	wpabuf_free(appl);
-	tls_connection_deinit(tls, conn);
-	tls_deinit(tls);
-
-	return res;
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct addrinfo hints, *result, *rp;
-	int res, s;
-
-	wpa_debug_level = 0;
-	wpa_debug_show_keys = 1;
-
-	if (argc < 4) {
-		wpa_printf(MSG_INFO, "usage: test-https server port path");
-		return -1;
-	}
-
-	os_memset(&hints, 0, sizeof(hints));
-	hints.ai_family = AF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	res = getaddrinfo(argv[1], argv[2], &hints, &result);
-	if (res) {
-		wpa_printf(MSG_ERROR, "getaddrinfo: %s", gai_strerror(res));
-		return -1;
-	}
-
-	for (rp = result; rp; rp = rp->ai_next) {
-		s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
-		if (s < 0)
-			continue;
-		if (connect(s, rp->ai_addr, rp->ai_addrlen) == 0)
-			break;
-		close(s);
-	}
-	freeaddrinfo(result);
-
-	if (rp == NULL) {
-		wpa_printf(MSG_ERROR, "Could not connect");
-		return -1;
-	}
-
-	https_client(s, argv[3]);
-	close(s);
-
-	return 0;
-}
diff --git a/tests/test-https_server.c b/tests/test-https_server.c
deleted file mode 100644
index 33b448682478..000000000000
--- a/tests/test-https_server.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * Testing tool for TLSv1 server routines using HTTPS
- * Copyright (c) 2011-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/tls.h"
-
-
-static void https_tls_event_cb(void *ctx, enum tls_event ev,
-			       union tls_event_data *data)
-{
-	wpa_printf(MSG_DEBUG, "HTTPS: TLS event %d", ev);
-}
-
-
-static struct wpabuf * https_recv(int s, int timeout_ms)
-{
-	struct wpabuf *in;
-	int len, ret;
-	fd_set rfds;
-	struct timeval tv;
-
-	in = wpabuf_alloc(20000);
-	if (in == NULL)
-		return NULL;
-
-	FD_ZERO(&rfds);
-	FD_SET(s, &rfds);
-	tv.tv_sec = timeout_ms / 1000;
-	tv.tv_usec = timeout_ms % 1000;
-
-	wpa_printf(MSG_DEBUG, "Waiting for more data");
-	ret = select(s + 1, &rfds, NULL, NULL, &tv);
-	if (ret < 0) {
-		wpa_printf(MSG_ERROR, "select: %s", strerror(errno));
-		wpabuf_free(in);
-		return NULL;
-	}
-	if (ret == 0) {
-		/* timeout */
-		wpa_printf(MSG_INFO, "Timeout on waiting for data");
-		wpabuf_free(in);
-		return NULL;
-	}
-
-	len = recv(s, wpabuf_put(in, 0), wpabuf_tailroom(in), 0);
-	if (len < 0) {
-		wpa_printf(MSG_ERROR, "recv: %s", strerror(errno));
-		wpabuf_free(in);
-		return NULL;
-	}
-	if (len == 0) {
-		wpa_printf(MSG_DEBUG, "No more data available");
-		wpabuf_free(in);
-		return NULL;
-	}
-	wpa_printf(MSG_DEBUG, "Received %d bytes", len);
-	wpabuf_put(in, len);
-
-	return in;
-}
-
-
-static void https_tls_log_cb(void *ctx, const char *msg)
-{
-	wpa_printf(MSG_DEBUG, "TLS: %s", msg);
-}
-
-
-static int https_server(int s)
-{
-	struct tls_config conf;
-	void *tls;
-	struct tls_connection_params params;
-	struct tls_connection *conn;
-	struct wpabuf *in, *out, *appl;
-	int res = -1;
-
-	os_memset(&conf, 0, sizeof(conf));
-	conf.event_cb = https_tls_event_cb;
-	tls = tls_init(&conf);
-	if (!tls)
-		return -1;
-
-	os_memset(&params, 0, sizeof(params));
-	params.ca_cert = "hwsim/auth_serv/ca.pem";
-	params.client_cert = "hwsim/auth_serv/server.pem";
-	params.private_key = "hwsim/auth_serv/server.key";
-	params.dh_file = "hwsim/auth_serv/dh.conf";
-
-	if (tls_global_set_params(tls, &params)) {
-		wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
-		tls_deinit(tls);
-		return -1;
-	}
-
-	conn = tls_connection_init(tls);
-	if (!conn) {
-		tls_deinit(tls);
-		return -1;
-	}
-
-	tls_connection_set_log_cb(conn, https_tls_log_cb, NULL);
-
-	for (;;) {
-		in = https_recv(s, 5000);
-		if (!in)
-			goto done;
-
-		appl = NULL;
-		out = tls_connection_server_handshake(tls, conn, in, &appl);
-		wpabuf_free(in);
-		in = NULL;
-		if (!out) {
-			if (!tls_connection_get_failed(tls, conn) &&
-			    !tls_connection_established(tls, conn))
-				continue;
-			goto done;
-		}
-		wpa_printf(MSG_DEBUG, "Sending %d bytes",
-			   (int) wpabuf_len(out));
-		if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) {
-			wpa_printf(MSG_ERROR, "send: %s", strerror(errno));
-			goto done;
-		}
-		wpabuf_free(out);
-		out = NULL;
-		if (tls_connection_get_failed(tls, conn)) {
-			wpa_printf(MSG_ERROR, "TLS handshake failed");
-			goto done;
-		}
-		if (tls_connection_established(tls, conn))
-			break;
-	}
-	wpabuf_free(out);
-	out = NULL;
-
-	wpa_printf(MSG_INFO, "TLS connection established");
-	if (appl)
-		wpa_hexdump_buf(MSG_DEBUG, "Received application data", appl);
-
-	wpa_printf(MSG_INFO, "Reading HTTP request");
-	for (;;) {
-		int need_more_data;
-
-		in = https_recv(s, 5000);
-		if (!in)
-			goto done;
-		out = tls_connection_decrypt2(tls, conn, in, &need_more_data);
-		wpabuf_free(in);
-		in = NULL;
-		if (need_more_data) {
-			wpa_printf(MSG_DEBUG, "HTTP: Need more data");
-			continue;
-		}
-		if (!out)
-			goto done;
-		wpa_hexdump_ascii(MSG_INFO, "Request",
-				  wpabuf_head(out), wpabuf_len(out));
-		wpabuf_free(out);
-		out = NULL;
-		break;
-	}
-
-	in = wpabuf_alloc(1000);
-	if (!in)
-		goto done;
-	wpabuf_put_str(in, "HTTP/1.1 200 OK\r\n"
-		       "Server: test-https_server\r\n"
-		       "\r\n"
-		       "<HTML><BODY>HELLO</BODY></HTML>\n");
-	wpa_hexdump_ascii(MSG_DEBUG, "Response",
-			  wpabuf_head(in), wpabuf_len(in));
-	out = tls_connection_encrypt(tls, conn, in);
-	wpabuf_free(in);
-	in = NULL;
-	wpa_hexdump_buf(MSG_DEBUG, "Encrypted response", out);
-	if (!out)
-		goto done;
-
-	wpa_printf(MSG_INFO, "Sending HTTP response: %d bytes",
-		   (int) wpabuf_len(out));
-	if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) {
-		wpa_printf(MSG_ERROR, "send: %s", strerror(errno));
-		goto done;
-	}
-	wpabuf_free(out);
-	out = NULL;
-
-	res = 0;
-done:
-	wpabuf_free(out);
-	wpabuf_free(in);
-	wpabuf_free(appl);
-	tls_connection_deinit(tls, conn);
-	tls_deinit(tls);
-	close(s);
-
-	return res;
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct sockaddr_in sin;
-	int port, s, conn;
-	int on = 1;
-
-	wpa_debug_level = 0;
-	wpa_debug_show_keys = 1;
-
-	if (argc < 2) {
-		wpa_printf(MSG_INFO, "usage: test-https_server port");
-		return -1;
-	}
-
-	port = atoi(argv[1]);
-
-	s = socket(AF_INET, SOCK_STREAM, 0);
-	if (s < 0) {
-		perror("socket");
-		return -1;
-	}
-
-	if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "HTTP: setsockopt(SO_REUSEADDR) failed: %s",
-			   strerror(errno));
-		/* try to continue anyway */
-	}
-
-	os_memset(&sin, 0, sizeof(sin));
-	sin.sin_family = AF_INET;
-	sin.sin_port = htons(port);
-	if (bind(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
-		perror("bind");
-		close(s);
-		return -1;
-	}
-
-	if (listen(s, 10) < 0) {
-		perror("listen");
-		close(s);
-		return -1;
-	}
-
-	for (;;) {
-		struct sockaddr_in addr;
-		socklen_t addr_len = sizeof(addr);
-
-		conn = accept(s, (struct sockaddr *) &addr, &addr_len);
-		if (conn < 0) {
-			perror("accept");
-			break;
-		}
-
-		wpa_printf(MSG_DEBUG, "-------------------------------------");
-		wpa_printf(MSG_DEBUG, "Connection from %s:%d",
-			   inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
-
-		https_server(conn);
-		wpa_printf(MSG_DEBUG, "Done with the connection");
-		wpa_printf(MSG_DEBUG, "-------------------------------------");
-	}
-
-	close(s);
-
-	return 0;
-}
diff --git a/tests/test-list.c b/tests/test-list.c
deleted file mode 100644
index 01bcbf640940..000000000000
--- a/tests/test-list.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Doubly-linked list - test program
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include "utils/os.h"
-#include "utils/list.h"
-
-struct test {
-	struct dl_list list;
-	int value;
-};
-
-static void dump_list(struct dl_list *head)
-{
-	struct test *t;
-	printf("dump:");
-	dl_list_for_each(t, head, struct test, list)
-		printf(" %d", t->value);
-	printf(" (len=%d%s)\n", dl_list_len(head),
-	       dl_list_empty(head) ? " empty" : "");
-}
-
-int main(int argc, char *argv[])
-{
-	struct dl_list head;
-	struct test *t, *tmp;
-	int i;
-
-	dl_list_init(&head);
-	dump_list(&head);
-
-	for (i = 0; i < 5; i++) {
-		t = os_zalloc(sizeof(*t));
-		if (t == NULL)
-			return -1;
-		t->value = i;
-		dl_list_add(&head, &t->list);
-		dump_list(&head);
-	}
-
-	for (i = 10; i > 5; i--) {
-		t = os_zalloc(sizeof(*t));
-		if (t == NULL)
-			return -1;
-		t->value = i;
-		dl_list_add_tail(&head, &t->list);
-		dump_list(&head);
-	}
-
-	i = 0;
-	dl_list_for_each(t, &head, struct test, list)
-		if (++i == 5)
-			break;
-	printf("move: %d\n", t->value);
-	dl_list_del(&t->list);
-	dl_list_add(&head, &t->list);
-	dump_list(&head);
-
-	dl_list_for_each_safe(t, tmp, &head, struct test, list) {
-		printf("delete: %d\n", t->value);
-		dl_list_del(&t->list);
-		os_free(t);
-		dump_list(&head);
-	}
-
-	return 0;
-}
diff --git a/tests/test-md4.c b/tests/test-md4.c
deleted file mode 100644
index e3e63edf14a2..000000000000
--- a/tests/test-md4.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Test program for MD4 (test vectors from RFC 1320)
- * Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/crypto.h"
-
-int main(int argc, char *argv[])
-{
-	struct {
-		char *data;
-		char *hash;
-	} tests[] = {
-		{
-			"",
-			"\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31"
-			"\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0"
-		},
-		{
-			"a",
-			"\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46"
-			"\x24\x5e\x05\xfb\xdb\xd6\xfb\x24"
-		},
-		{
-			"abc",
-			"\xa4\x48\x01\x7a\xaf\x21\xd8\x52"
-			"\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d"
-		},
-		{
-			"message digest",
-			"\xd9\x13\x0a\x81\x64\x54\x9f\xe8"
-			"\x18\x87\x48\x06\xe1\xc7\x01\x4b"
-		},
-		{
-			"abcdefghijklmnopqrstuvwxyz",
-			"\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd"
-			"\xee\xa8\xed\x63\xdf\x41\x2d\xa9"
-		},
-		{
-			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-			"0123456789",
-			"\x04\x3f\x85\x82\xf2\x41\xdb\x35"
-			"\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4"
-		},
-		{
-			"12345678901234567890123456789012345678901234567890"
-			"123456789012345678901234567890",
-			"\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19"
-			"\x9c\x3e\x7b\x16\x4f\xcc\x05\x36"
-		}
-	};
-	unsigned int i;
-	u8 hash[16];
-	const u8 *addr[2];
-	size_t len[2];
-	int errors = 0;
-
-	for (i = 0; i < ARRAY_SIZE(tests); i++) {
-		printf("MD4 test case %d:", i);
-
-		addr[0] = (u8 *) tests[i].data;
-		len[0] = strlen(tests[i].data);
-		md4_vector(1, addr, len, hash);
-		if (memcmp(hash, tests[i].hash, 16) != 0) {
-			printf(" FAIL");
-			errors++;
-		} else
-			printf(" OK");
-
-		if (len[0]) {
-			addr[0] = (u8 *) tests[i].data;
-			len[0] = strlen(tests[i].data);
-			addr[1] = (u8 *) tests[i].data + 1;
-			len[1] = strlen(tests[i].data) - 1;
-			md4_vector(1, addr, len, hash);
-			if (memcmp(hash, tests[i].hash, 16) != 0) {
-				printf(" FAIL");
-				errors++;
-			} else
-				printf(" OK");
-		}
-
-		printf("\n");
-	}
-
-	return errors;
-}
diff --git a/tests/test-milenage.c b/tests/test-milenage.c
deleted file mode 100644
index 7c4be09020a1..000000000000
--- a/tests/test-milenage.c
+++ /dev/null
@@ -1,814 +0,0 @@
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/aes_wrap.h"
-#include "crypto/milenage.h"
-
-
-/**
- * milenage_opc - Determine OPc from OP and K
- * @op: OP = 128-bit operator variant algorithm configuration field
- * @k: K = 128-bit subscriber key
- * @opc: Buffer for OPc = 128-bit value derived from OP and K
- */
-static int milenage_opc(const u8 *op, const u8 *k, u8 *opc)
-{
-	int i;
-	/* OP_C = OP XOR E_K(OP) */
-	if (aes_128_encrypt_block(k, op, opc) < 0)
-		return -1;
-	for (i = 0; i < 16; i++)
-		opc[i] ^= op[i];
-	return 0;
-}
-
-
-struct gsm_milenage_test_set {
-	u8 ki[16];
-	u8 rand[16];
-	u8 opc[16];
-	u8 sres1[4];
-	u8 sres2[4];
-	u8 kc[8];
-};
-
-static const struct gsm_milenage_test_set gsm_test_sets[] =
-{
-	{
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 1 */
-		{ 0x46, 0x5b, 0x5c, 0xe8, 0xb1, 0x99, 0xb4, 0x9f,
-		  0xaa, 0x5f, 0x0a, 0x2e, 0xe2, 0x38, 0xa6, 0xbc },
-		{ 0x23, 0x55, 0x3c, 0xbe, 0x96, 0x37, 0xa8, 0x9d,
-		  0x21, 0x8a, 0xe6, 0x4d, 0xae, 0x47, 0xbf, 0x35 },
-		{ 0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e,
-		  0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf },
-		{ 0x46, 0xf8, 0x41, 0x6a },
-		{ 0xa5, 0x42, 0x11, 0xd5 },
-		{ 0xea, 0xe4, 0xbe, 0x82, 0x3a, 0xf9, 0xa0, 0x8b }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 2 */
-		{ 0xfe, 0xc8, 0x6b, 0xa6, 0xeb, 0x70, 0x7e, 0xd0,
-		  0x89, 0x05, 0x75, 0x7b, 0x1b, 0xb4, 0x4b, 0x8f },
-		{ 0x9f, 0x7c, 0x8d, 0x02, 0x1a, 0xcc, 0xf4, 0xdb,
-		  0x21, 0x3c, 0xcf, 0xf0, 0xc7, 0xf7, 0x1a, 0x6a },
-		{ 0x10, 0x06, 0x02, 0x0f, 0x0a, 0x47, 0x8b, 0xf6,
-		  0xb6, 0x99, 0xf1, 0x5c, 0x06, 0x2e, 0x42, 0xb3 },
-		{ 0x8c, 0x30, 0x8a, 0x5e },
-		{ 0x80, 0x11, 0xc4, 0x8c },
-		{ 0xaa, 0x01, 0x73, 0x9b, 0x8c, 0xaa, 0x97, 0x6d }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 3 */
-		{ 0x9e, 0x59, 0x44, 0xae, 0xa9, 0x4b, 0x81, 0x16,
-		  0x5c, 0x82, 0xfb, 0xf9, 0xf3, 0x2d, 0xb7, 0x51 },
-		{ 0xce, 0x83, 0xdb, 0xc5, 0x4a, 0xc0, 0x27, 0x4a,
-		  0x15, 0x7c, 0x17, 0xf8, 0x0d, 0x01, 0x7b, 0xd6 },
-		{ 0xa6, 0x4a, 0x50, 0x7a, 0xe1, 0xa2, 0xa9, 0x8b,
-		  0xb8, 0x8e, 0xb4, 0x21, 0x01, 0x35, 0xdc, 0x87 },
-		{ 0xcf, 0xbc, 0xe3, 0xfe },
-		{ 0xf3, 0x65, 0xcd, 0x68 },
-		{ 0x9a, 0x8e, 0xc9, 0x5f, 0x40, 0x8c, 0xc5, 0x07 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 4 */
-		{ 0x4a, 0xb1, 0xde, 0xb0, 0x5c, 0xa6, 0xce, 0xb0,
-		  0x51, 0xfc, 0x98, 0xe7, 0x7d, 0x02, 0x6a, 0x84 },
-		{ 0x74, 0xb0, 0xcd, 0x60, 0x31, 0xa1, 0xc8, 0x33,
-		  0x9b, 0x2b, 0x6c, 0xe2, 0xb8, 0xc4, 0xa1, 0x86 },
-		{ 0xdc, 0xf0, 0x7c, 0xbd, 0x51, 0x85, 0x52, 0x90,
-		  0xb9, 0x2a, 0x07, 0xa9, 0x89, 0x1e, 0x52, 0x3e },
-		{ 0x96, 0x55, 0xe2, 0x65 },
-		{ 0x58, 0x60, 0xfc, 0x1b },
-		{ 0xcd, 0xc1, 0xdc, 0x08, 0x41, 0xb8, 0x1a, 0x22 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 5 */
-		{ 0x6c, 0x38, 0xa1, 0x16, 0xac, 0x28, 0x0c, 0x45,
-		  0x4f, 0x59, 0x33, 0x2e, 0xe3, 0x5c, 0x8c, 0x4f },
-		{ 0xee, 0x64, 0x66, 0xbc, 0x96, 0x20, 0x2c, 0x5a,
-		  0x55, 0x7a, 0xbb, 0xef, 0xf8, 0xba, 0xbf, 0x63 },
-		{ 0x38, 0x03, 0xef, 0x53, 0x63, 0xb9, 0x47, 0xc6,
-		  0xaa, 0xa2, 0x25, 0xe5, 0x8f, 0xae, 0x39, 0x34 },
-		{ 0x13, 0x68, 0x8f, 0x17 },
-		{ 0x16, 0xc8, 0x23, 0x3f },
-		{ 0xdf, 0x75, 0xbc, 0x5e, 0xa8, 0x99, 0x87, 0x9f }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 6 */
-		{ 0x2d, 0x60, 0x9d, 0x4d, 0xb0, 0xac, 0x5b, 0xf0,
-		  0xd2, 0xc0, 0xde, 0x26, 0x70, 0x14, 0xde, 0x0d },
-		{ 0x19, 0x4a, 0xa7, 0x56, 0x01, 0x38, 0x96, 0xb7,
-		  0x4b, 0x4a, 0x2a, 0x3b, 0x0a, 0xf4, 0x53, 0x9e },
-		{ 0xc3, 0x5a, 0x0a, 0xb0, 0xbc, 0xbf, 0xc9, 0x25,
-		  0x2c, 0xaf, 0xf1, 0x5f, 0x24, 0xef, 0xbd, 0xe0 },
-		{ 0x55, 0x3d, 0x00, 0xb3 },
-		{ 0x8c, 0x25, 0xa1, 0x6c },
-		{ 0x84, 0xb4, 0x17, 0xae, 0x3a, 0xea, 0xb4, 0xf3 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 7 */
-		{ 0xa5, 0x30, 0xa7, 0xfe, 0x42, 0x8f, 0xad, 0x10,
-		  0x82, 0xc4, 0x5e, 0xdd, 0xfc, 0xe1, 0x38, 0x84 },
-		{ 0x3a, 0x4c, 0x2b, 0x32, 0x45, 0xc5, 0x0e, 0xb5,
-		  0xc7, 0x1d, 0x08, 0x63, 0x93, 0x95, 0x76, 0x4d },
-		{ 0x27, 0x95, 0x3e, 0x49, 0xbc, 0x8a, 0xf6, 0xdc,
-		  0xc6, 0xe7, 0x30, 0xeb, 0x80, 0x28, 0x6b, 0xe3 },
-		{ 0x59, 0xf1, 0xa4, 0x4a },
-		{ 0xa6, 0x32, 0x41, 0xe1 },
-		{ 0x3b, 0x4e, 0x24, 0x4c, 0xdc, 0x60, 0xce, 0x03 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 8 */
-		{ 0xd9, 0x15, 0x1c, 0xf0, 0x48, 0x96, 0xe2, 0x58,
-		  0x30, 0xbf, 0x2e, 0x08, 0x26, 0x7b, 0x83, 0x60 },
-		{ 0xf7, 0x61, 0xe5, 0xe9, 0x3d, 0x60, 0x3f, 0xeb,
-		  0x73, 0x0e, 0x27, 0x55, 0x6c, 0xb8, 0xa2, 0xca },
-		{ 0xc4, 0xc9, 0x3e, 0xff, 0xe8, 0xa0, 0x81, 0x38,
-		  0xc2, 0x03, 0xd4, 0xc2, 0x7c, 0xe4, 0xe3, 0xd9 },
-		{ 0x50, 0x58, 0x88, 0x61 },
-		{ 0x4a, 0x90, 0xb2, 0x17 },
-		{ 0x8d, 0x4e, 0xc0, 0x1d, 0xe5, 0x97, 0xac, 0xfe }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 9 */
-		{ 0xa0, 0xe2, 0x97, 0x1b, 0x68, 0x22, 0xe8, 0xd3,
-		  0x54, 0xa1, 0x8c, 0xc2, 0x35, 0x62, 0x4e, 0xcb },
-		{ 0x08, 0xef, 0xf8, 0x28, 0xb1, 0x3f, 0xdb, 0x56,
-		  0x27, 0x22, 0xc6, 0x5c, 0x7f, 0x30, 0xa9, 0xb2 },
-		{ 0x82, 0xa2, 0x6f, 0x22, 0xbb, 0xa9, 0xe9, 0x48,
-		  0x8f, 0x94, 0x9a, 0x10, 0xd9, 0x8e, 0x9c, 0xc4 },
-		{ 0xcd, 0xe6, 0xb0, 0x27 },
-		{ 0x4b, 0xc2, 0x21, 0x2d },
-		{ 0xd8, 0xde, 0xbc, 0x4f, 0xfb, 0xcd, 0x60, 0xaa }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 10 */
-		{ 0x0d, 0xa6, 0xf7, 0xba, 0x86, 0xd5, 0xea, 0xc8,
-		  0xa1, 0x9c, 0xf5, 0x63, 0xac, 0x58, 0x64, 0x2d },
-		{ 0x67, 0x9a, 0xc4, 0xdb, 0xac, 0xd7, 0xd2, 0x33,
-		  0xff, 0x9d, 0x68, 0x06, 0xf4, 0x14, 0x9c, 0xe3 },
-		{ 0x0d, 0xb1, 0x07, 0x1f, 0x87, 0x67, 0x56, 0x2c,
-		  0xa4, 0x3a, 0x0a, 0x64, 0xc4, 0x1e, 0x8d, 0x08 },
-		{ 0x02, 0xd1, 0x3a, 0xcd },
-		{ 0x6f, 0xc3, 0x0f, 0xee },
-		{ 0xf0, 0xea, 0xa5, 0x0a, 0x1e, 0xdc, 0xeb, 0xb7 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 11 */
-		{ 0x77, 0xb4, 0x58, 0x43, 0xc8, 0x8e, 0x58, 0xc1,
-		  0x0d, 0x20, 0x26, 0x84, 0x51, 0x5e, 0xd4, 0x30 },
-		{ 0x4c, 0x47, 0xeb, 0x30, 0x76, 0xdc, 0x55, 0xfe,
-		  0x51, 0x06, 0xcb, 0x20, 0x34, 0xb8, 0xcd, 0x78 },
-		{ 0xd4, 0x83, 0xaf, 0xae, 0x56, 0x24, 0x09, 0xa3,
-		  0x26, 0xb5, 0xbb, 0x0b, 0x20, 0xc4, 0xd7, 0x62 },
-		{ 0x44, 0x38, 0x9d, 0x01 },
-		{ 0xae, 0xfa, 0x35, 0x7b },
-		{ 0x82, 0xdb, 0xab, 0x7f, 0x83, 0xf0, 0x63, 0xda }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 12 */
-		{ 0x72, 0x9b, 0x17, 0x72, 0x92, 0x70, 0xdd, 0x87,
-		  0xcc, 0xdf, 0x1b, 0xfe, 0x29, 0xb4, 0xe9, 0xbb },
-		{ 0x31, 0x1c, 0x4c, 0x92, 0x97, 0x44, 0xd6, 0x75,
-		  0xb7, 0x20, 0xf3, 0xb7, 0xe9, 0xb1, 0xcb, 0xd0 },
-		{ 0x22, 0x8c, 0x2f, 0x2f, 0x06, 0xac, 0x32, 0x68,
-		  0xa9, 0xe6, 0x16, 0xee, 0x16, 0xdb, 0x4b, 0xa1 },
-		{ 0x03, 0xe0, 0xfd, 0x84 },
-		{ 0x98, 0xdb, 0xbd, 0x09 },
-		{ 0x3c, 0x66, 0xcb, 0x98, 0xca, 0xb2, 0xd3, 0x3d }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 13 */
-		{ 0xd3, 0x2d, 0xd2, 0x3e, 0x89, 0xdc, 0x66, 0x23,
-		  0x54, 0xca, 0x12, 0xeb, 0x79, 0xdd, 0x32, 0xfa },
-		{ 0xcf, 0x7d, 0x0a, 0xb1, 0xd9, 0x43, 0x06, 0x95,
-		  0x0b, 0xf1, 0x20, 0x18, 0xfb, 0xd4, 0x68, 0x87 },
-		{ 0xd2, 0x2a, 0x4b, 0x41, 0x80, 0xa5, 0x32, 0x57,
-		  0x08, 0xa5, 0xff, 0x70, 0xd9, 0xf6, 0x7e, 0xc7 },
-		{ 0xbe, 0x73, 0xb3, 0xdc },
-		{ 0xaf, 0x4a, 0x41, 0x1e },
-		{ 0x96, 0x12, 0xb5, 0xd8, 0x8a, 0x41, 0x30, 0xbb }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 14 */
-		{ 0xaf, 0x7c, 0x65, 0xe1, 0x92, 0x72, 0x21, 0xde,
-		  0x59, 0x11, 0x87, 0xa2, 0xc5, 0x98, 0x7a, 0x53 },
-		{ 0x1f, 0x0f, 0x85, 0x78, 0x46, 0x4f, 0xd5, 0x9b,
-		  0x64, 0xbe, 0xd2, 0xd0, 0x94, 0x36, 0xb5, 0x7a },
-		{ 0xa4, 0xcf, 0x5c, 0x81, 0x55, 0xc0, 0x8a, 0x7e,
-		  0xff, 0x41, 0x8e, 0x54, 0x43, 0xb9, 0x8e, 0x55 },
-		{ 0x8f, 0xe0, 0x19, 0xc7 },
-		{ 0x7b, 0xff, 0xa5, 0xc2 },
-		{ 0x75, 0xa1, 0x50, 0xdf, 0x3c, 0x6a, 0xed, 0x08 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 15 */
-		{ 0x5b, 0xd7, 0xec, 0xd3, 0xd3, 0x12, 0x7a, 0x41,
-		  0xd1, 0x25, 0x39, 0xbe, 0xd4, 0xe7, 0xcf, 0x71 },
-		{ 0x59, 0xb7, 0x5f, 0x14, 0x25, 0x1c, 0x75, 0x03,
-		  0x1d, 0x0b, 0xcb, 0xac, 0x1c, 0x2c, 0x04, 0xc7 },
-		{ 0x76, 0x08, 0x9d, 0x3c, 0x0f, 0xf3, 0xef, 0xdc,
-		  0x6e, 0x36, 0x72, 0x1d, 0x4f, 0xce, 0xb7, 0x47 },
-		{ 0x27, 0x20, 0x2b, 0x82 },
-		{ 0x7e, 0x3f, 0x44, 0xc7 },
-		{ 0xb7, 0xf9, 0x2e, 0x42, 0x6a, 0x36, 0xfe, 0xc5 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 16 */
-		{ 0x6c, 0xd1, 0xc6, 0xce, 0xb1, 0xe0, 0x1e, 0x14,
-		  0xf1, 0xb8, 0x23, 0x16, 0xa9, 0x0b, 0x7f, 0x3d },
-		{ 0xf6, 0x9b, 0x78, 0xf3, 0x00, 0xa0, 0x56, 0x8b,
-		  0xce, 0x9f, 0x0c, 0xb9, 0x3c, 0x4b, 0xe4, 0xc9 },
-		{ 0xa2, 0x19, 0xdc, 0x37, 0xf1, 0xdc, 0x7d, 0x66,
-		  0x73, 0x8b, 0x58, 0x43, 0xc7, 0x99, 0xf2, 0x06 },
-		{ 0xdd, 0xd7, 0xef, 0xe6 },
-		{ 0x70, 0xf6, 0xbd, 0xb9 },
-		{ 0x88, 0xd9, 0xde, 0x10, 0xa2, 0x20, 0x04, 0xc5 }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 17 */
-		{ 0xb7, 0x3a, 0x90, 0xcb, 0xcf, 0x3a, 0xfb, 0x62,
-		  0x2d, 0xba, 0x83, 0xc5, 0x8a, 0x84, 0x15, 0xdf },
-		{ 0xb1, 0x20, 0xf1, 0xc1, 0xa0, 0x10, 0x2a, 0x2f,
-		  0x50, 0x7d, 0xd5, 0x43, 0xde, 0x68, 0x28, 0x1f },
-		{ 0xdf, 0x0c, 0x67, 0x86, 0x8f, 0xa2, 0x5f, 0x74,
-		  0x8b, 0x70, 0x44, 0xc6, 0xe7, 0xc2, 0x45, 0xb8 },
-		{ 0x67, 0xe4, 0xff, 0x3f },
-		{ 0x47, 0x9d, 0xd2, 0x5c },
-		{ 0xa8, 0x19, 0xe5, 0x77, 0xa8, 0xd6, 0x17, 0x5b }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 18 */
-		{ 0x51, 0x22, 0x25, 0x02, 0x14, 0xc3, 0x3e, 0x72,
-		  0x3a, 0x5d, 0xd5, 0x23, 0xfc, 0x14, 0x5f, 0xc0 },
-		{ 0x81, 0xe9, 0x2b, 0x6c, 0x0e, 0xe0, 0xe1, 0x2e,
-		  0xbc, 0xeb, 0xa8, 0xd9, 0x2a, 0x99, 0xdf, 0xa5 },
-		{ 0x98, 0x1d, 0x46, 0x4c, 0x7c, 0x52, 0xeb, 0x6e,
-		  0x50, 0x36, 0x23, 0x49, 0x84, 0xad, 0x0b, 0xcf },
-		{ 0x8a, 0x3b, 0x8d, 0x17 },
-		{ 0x28, 0xd7, 0xb0, 0xf2 },
-		{ 0x9a, 0x8d, 0x0e, 0x88, 0x3f, 0xf0, 0x88, 0x7a }
-	}, {
-		/* 3GPP TS 55.205 v6.0.0 - Test Set 19 */
-		{ 0x90, 0xdc, 0xa4, 0xed, 0xa4, 0x5b, 0x53, 0xcf,
-		  0x0f, 0x12, 0xd7, 0xc9, 0xc3, 0xbc, 0x6a, 0x89 },
-		{ 0x9f, 0xdd, 0xc7, 0x20, 0x92, 0xc6, 0xad, 0x03,
-		  0x6b, 0x6e, 0x46, 0x47, 0x89, 0x31, 0x5b, 0x78 },
-		{ 0xcb, 0x9c, 0xcc, 0xc4, 0xb9, 0x25, 0x8e, 0x6d,
-		  0xca, 0x47, 0x60, 0x37, 0x9f, 0xb8, 0x25, 0x81 },
-		{ 0xdf, 0x58, 0x52, 0x2f },
-		{ 0xa9, 0x51, 0x00, 0xe2 },
-		{ 0xed, 0x29, 0xb2, 0xf1, 0xc2, 0x7f, 0x9f, 0x34 }
-	}
-};
-
-#define NUM_GSM_TESTS ARRAY_SIZE(gsm_test_sets)
-
-
-struct milenage_test_set {
-	u8 k[16];
-	u8 rand[16];
-	u8 sqn[6];
-	u8 amf[2];
-	u8 op[16];
-	u8 opc[16];
-	u8 f1[8];
-	u8 f1star[8];
-	u8 f2[8];
-	u8 f3[16];
-	u8 f4[16];
-	u8 f5[6];
-	u8 f5star[6];
-};
-
-static const struct milenage_test_set test_sets[] =
-{
-	{
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.1 Test Set 1 */
-		{ 0x46, 0x5b, 0x5c, 0xe8, 0xb1, 0x99, 0xb4, 0x9f,
-		  0xaa, 0x5f, 0x0a, 0x2e, 0xe2, 0x38, 0xa6, 0xbc },
-		{ 0x23, 0x55, 0x3c, 0xbe, 0x96, 0x37, 0xa8, 0x9d,
-		  0x21, 0x8a, 0xe6, 0x4d, 0xae, 0x47, 0xbf, 0x35 },
-		{ 0xff, 0x9b, 0xb4, 0xd0, 0xb6, 0x07 },
-		{ 0xb9, 0xb9 },
-		{ 0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6,
-		  0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18 },
-		{ 0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e,
-		  0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf },
-		{ 0x4a, 0x9f, 0xfa, 0xc3, 0x54, 0xdf, 0xaf, 0xb3 },
-		{ 0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9 },
-		{ 0xa5, 0x42, 0x11, 0xd5, 0xe3, 0xba, 0x50, 0xbf },
-		{ 0xb4, 0x0b, 0xa9, 0xa3, 0xc5, 0x8b, 0x2a, 0x05,
-		  0xbb, 0xf0, 0xd9, 0x87, 0xb2, 0x1b, 0xf8, 0xcb },
-		{ 0xf7, 0x69, 0xbc, 0xd7, 0x51, 0x04, 0x46, 0x04,
-		  0x12, 0x76, 0x72, 0x71, 0x1c, 0x6d, 0x34, 0x41 },
-		{ 0xaa, 0x68, 0x9c, 0x64, 0x83, 0x70 },
-		{ 0x45, 0x1e, 0x8b, 0xec, 0xa4, 0x3b }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.2 Test Set 2 */
-		{ 0x46, 0x5b, 0x5c, 0xe8, 0xb1, 0x99, 0xb4, 0x9f,
-		  0xaa, 0x5f, 0x0a, 0x2e, 0xe2, 0x38, 0xa6, 0xbc },
-		{ 0x23, 0x55, 0x3c, 0xbe, 0x96, 0x37, 0xa8, 0x9d,
-		  0x21, 0x8a, 0xe6, 0x4d, 0xae, 0x47, 0xbf, 0x35 },
-		{ 0xff, 0x9b, 0xb4, 0xd0, 0xb6, 0x07 },
-		{ 0xb9, 0xb9 },
-		{ 0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6,
-		  0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18 },
-		{ 0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e,
-		  0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf },
-		{ 0x4a, 0x9f, 0xfa, 0xc3, 0x54, 0xdf, 0xaf, 0xb3 },
-		{ 0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9 },
-		{ 0xa5, 0x42, 0x11, 0xd5, 0xe3, 0xba, 0x50, 0xbf },
-		{ 0xb4, 0x0b, 0xa9, 0xa3, 0xc5, 0x8b, 0x2a, 0x05,
-		  0xbb, 0xf0, 0xd9, 0x87, 0xb2, 0x1b, 0xf8, 0xcb },
-		{ 0xf7, 0x69, 0xbc, 0xd7, 0x51, 0x04, 0x46, 0x04,
-		  0x12, 0x76, 0x72, 0x71, 0x1c, 0x6d, 0x34, 0x41 },
-		{ 0xaa, 0x68, 0x9c, 0x64, 0x83, 0x70 },
-		{ 0x45, 0x1e, 0x8b, 0xec, 0xa4, 0x3b }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.3 Test Set 3 */
-		{ 0xfe, 0xc8, 0x6b, 0xa6, 0xeb, 0x70, 0x7e, 0xd0,
-		  0x89, 0x05, 0x75, 0x7b, 0x1b, 0xb4, 0x4b, 0x8f },
-		{ 0x9f, 0x7c, 0x8d, 0x02, 0x1a, 0xcc, 0xf4, 0xdb,
-		  0x21, 0x3c, 0xcf, 0xf0, 0xc7, 0xf7, 0x1a, 0x6a },
-		{ 0x9d, 0x02, 0x77, 0x59, 0x5f, 0xfc },
-		{ 0x72, 0x5c },
-		{ 0xdb, 0xc5, 0x9a, 0xdc, 0xb6, 0xf9, 0xa0, 0xef,
-		  0x73, 0x54, 0x77, 0xb7, 0xfa, 0xdf, 0x83, 0x74 },
-		{ 0x10, 0x06, 0x02, 0x0f, 0x0a, 0x47, 0x8b, 0xf6,
-		  0xb6, 0x99, 0xf1, 0x5c, 0x06, 0x2e, 0x42, 0xb3 },
-		{ 0x9c, 0xab, 0xc3, 0xe9, 0x9b, 0xaf, 0x72, 0x81 },
-		{ 0x95, 0x81, 0x4b, 0xa2, 0xb3, 0x04, 0x43, 0x24 },
-		{ 0x80, 0x11, 0xc4, 0x8c, 0x0c, 0x21, 0x4e, 0xd2 },
-		{ 0x5d, 0xbd, 0xbb, 0x29, 0x54, 0xe8, 0xf3, 0xcd,
-		  0xe6, 0x65, 0xb0, 0x46, 0x17, 0x9a, 0x50, 0x98 },
-		{ 0x59, 0xa9, 0x2d, 0x3b, 0x47, 0x6a, 0x04, 0x43,
-		  0x48, 0x70, 0x55, 0xcf, 0x88, 0xb2, 0x30, 0x7b },
-		{ 0x33, 0x48, 0x4d, 0xc2, 0x13, 0x6b },
-		{ 0xde, 0xac, 0xdd, 0x84, 0x8c, 0xc6 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.4 Test Set 4 */
-		{ 0x9e, 0x59, 0x44, 0xae, 0xa9, 0x4b, 0x81, 0x16,
-		  0x5c, 0x82, 0xfb, 0xf9, 0xf3, 0x2d, 0xb7, 0x51 },
-		{ 0xce, 0x83, 0xdb, 0xc5, 0x4a, 0xc0, 0x27, 0x4a,
-		  0x15, 0x7c, 0x17, 0xf8, 0x0d, 0x01, 0x7b, 0xd6 },
-		{ 0x0b, 0x60, 0x4a, 0x81, 0xec, 0xa8 },
-		{ 0x9e, 0x09 },
-		{ 0x22, 0x30, 0x14, 0xc5, 0x80, 0x66, 0x94, 0xc0,
-		  0x07, 0xca, 0x1e, 0xee, 0xf5, 0x7f, 0x00, 0x4f },
-		{ 0xa6, 0x4a, 0x50, 0x7a, 0xe1, 0xa2, 0xa9, 0x8b,
-		  0xb8, 0x8e, 0xb4, 0x21, 0x01, 0x35, 0xdc, 0x87 },
-		{ 0x74, 0xa5, 0x82, 0x20, 0xcb, 0xa8, 0x4c, 0x49 },
-		{ 0xac, 0x2c, 0xc7, 0x4a, 0x96, 0x87, 0x18, 0x37 },
-		{ 0xf3, 0x65, 0xcd, 0x68, 0x3c, 0xd9, 0x2e, 0x96 },
-		{ 0xe2, 0x03, 0xed, 0xb3, 0x97, 0x15, 0x74, 0xf5,
-		  0xa9, 0x4b, 0x0d, 0x61, 0xb8, 0x16, 0x34, 0x5d },
-		{ 0x0c, 0x45, 0x24, 0xad, 0xea, 0xc0, 0x41, 0xc4,
-		  0xdd, 0x83, 0x0d, 0x20, 0x85, 0x4f, 0xc4, 0x6b },
-		{ 0xf0, 0xb9, 0xc0, 0x8a, 0xd0, 0x2e },
-		{ 0x60, 0x85, 0xa8, 0x6c, 0x6f, 0x63 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.5 Test Set 5 */
-		{ 0x4a, 0xb1, 0xde, 0xb0, 0x5c, 0xa6, 0xce, 0xb0,
-		  0x51, 0xfc, 0x98, 0xe7, 0x7d, 0x02, 0x6a, 0x84 },
-		{ 0x74, 0xb0, 0xcd, 0x60, 0x31, 0xa1, 0xc8, 0x33,
-		  0x9b, 0x2b, 0x6c, 0xe2, 0xb8, 0xc4, 0xa1, 0x86 },
-		{ 0xe8, 0x80, 0xa1, 0xb5, 0x80, 0xb6 },
-		{ 0x9f, 0x07 },
-		{ 0x2d, 0x16, 0xc5, 0xcd, 0x1f, 0xdf, 0x6b, 0x22,
-		  0x38, 0x35, 0x84, 0xe3, 0xbe, 0xf2, 0xa8, 0xd8 },
-		{ 0xdc, 0xf0, 0x7c, 0xbd, 0x51, 0x85, 0x52, 0x90,
-		  0xb9, 0x2a, 0x07, 0xa9, 0x89, 0x1e, 0x52, 0x3e },
-		{ 0x49, 0xe7, 0x85, 0xdd, 0x12, 0x62, 0x6e, 0xf2 },
-		{ 0x9e, 0x85, 0x79, 0x03, 0x36, 0xbb, 0x3f, 0xa2 },
-		{ 0x58, 0x60, 0xfc, 0x1b, 0xce, 0x35, 0x1e, 0x7e },
-		{ 0x76, 0x57, 0x76, 0x6b, 0x37, 0x3d, 0x1c, 0x21,
-		  0x38, 0xf3, 0x07, 0xe3, 0xde, 0x92, 0x42, 0xf9 },
-		{ 0x1c, 0x42, 0xe9, 0x60, 0xd8, 0x9b, 0x8f, 0xa9,
-		  0x9f, 0x27, 0x44, 0xe0, 0x70, 0x8c, 0xcb, 0x53 },
-		{ 0x31, 0xe1, 0x1a, 0x60, 0x91, 0x18 },
-		{ 0xfe, 0x25, 0x55, 0xe5, 0x4a, 0xa9 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.6 Test Set 6 */
-		{ 0x6c, 0x38, 0xa1, 0x16, 0xac, 0x28, 0x0c, 0x45,
-		  0x4f, 0x59, 0x33, 0x2e, 0xe3, 0x5c, 0x8c, 0x4f },
-		{ 0xee, 0x64, 0x66, 0xbc, 0x96, 0x20, 0x2c, 0x5a,
-		  0x55, 0x7a, 0xbb, 0xef, 0xf8, 0xba, 0xbf, 0x63 },
-		{ 0x41, 0x4b, 0x98, 0x22, 0x21, 0x81 },
-		{ 0x44, 0x64 },
-		{ 0x1b, 0xa0, 0x0a, 0x1a, 0x7c, 0x67, 0x00, 0xac,
-		  0x8c, 0x3f, 0xf3, 0xe9, 0x6a, 0xd0, 0x87, 0x25 },
-		{ 0x38, 0x03, 0xef, 0x53, 0x63, 0xb9, 0x47, 0xc6,
-		  0xaa, 0xa2, 0x25, 0xe5, 0x8f, 0xae, 0x39, 0x34 },
-		{ 0x07, 0x8a, 0xdf, 0xb4, 0x88, 0x24, 0x1a, 0x57 },
-		{ 0x80, 0x24, 0x6b, 0x8d, 0x01, 0x86, 0xbc, 0xf1 },
-		{ 0x16, 0xc8, 0x23, 0x3f, 0x05, 0xa0, 0xac, 0x28 },
-		{ 0x3f, 0x8c, 0x75, 0x87, 0xfe, 0x8e, 0x4b, 0x23,
-		  0x3a, 0xf6, 0x76, 0xae, 0xde, 0x30, 0xba, 0x3b },
-		{ 0xa7, 0x46, 0x6c, 0xc1, 0xe6, 0xb2, 0xa1, 0x33,
-		  0x7d, 0x49, 0xd3, 0xb6, 0x6e, 0x95, 0xd7, 0xb4 },
-		{ 0x45, 0xb0, 0xf6, 0x9a, 0xb0, 0x6c },
-		{ 0x1f, 0x53, 0xcd, 0x2b, 0x11, 0x13 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.7 Test Set 7 */
-		{ 0x2d, 0x60, 0x9d, 0x4d, 0xb0, 0xac, 0x5b, 0xf0,
-		  0xd2, 0xc0, 0xde, 0x26, 0x70, 0x14, 0xde, 0x0d },
-		{ 0x19, 0x4a, 0xa7, 0x56, 0x01, 0x38, 0x96, 0xb7,
-		  0x4b, 0x4a, 0x2a, 0x3b, 0x0a, 0xf4, 0x53, 0x9e },
-		{ 0x6b, 0xf6, 0x94, 0x38, 0xc2, 0xe4 },
-		{ 0x5f, 0x67 },
-		{ 0x46, 0x0a, 0x48, 0x38, 0x54, 0x27, 0xaa, 0x39,
-		  0x26, 0x4a, 0xac, 0x8e, 0xfc, 0x9e, 0x73, 0xe8 },
-		{ 0xc3, 0x5a, 0x0a, 0xb0, 0xbc, 0xbf, 0xc9, 0x25,
-		  0x2c, 0xaf, 0xf1, 0x5f, 0x24, 0xef, 0xbd, 0xe0 },
-		{ 0xbd, 0x07, 0xd3, 0x00, 0x3b, 0x9e, 0x5c, 0xc3 },
-		{ 0xbc, 0xb6, 0xc2, 0xfc, 0xad, 0x15, 0x22, 0x50 },
-		{ 0x8c, 0x25, 0xa1, 0x6c, 0xd9, 0x18, 0xa1, 0xdf },
-		{ 0x4c, 0xd0, 0x84, 0x60, 0x20, 0xf8, 0xfa, 0x07,
-		  0x31, 0xdd, 0x47, 0xcb, 0xdc, 0x6b, 0xe4, 0x11 },
-		{ 0x88, 0xab, 0x80, 0xa4, 0x15, 0xf1, 0x5c, 0x73,
-		  0x71, 0x12, 0x54, 0xa1, 0xd3, 0x88, 0xf6, 0x96 },
-		{ 0x7e, 0x64, 0x55, 0xf3, 0x4c, 0xf3 },
-		{ 0xdc, 0x6d, 0xd0, 0x1e, 0x8f, 0x15 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.8 Test Set 8 */
-		{ 0xa5, 0x30, 0xa7, 0xfe, 0x42, 0x8f, 0xad, 0x10,
-		  0x82, 0xc4, 0x5e, 0xdd, 0xfc, 0xe1, 0x38, 0x84 },
-		{ 0x3a, 0x4c, 0x2b, 0x32, 0x45, 0xc5, 0x0e, 0xb5,
-		  0xc7, 0x1d, 0x08, 0x63, 0x93, 0x95, 0x76, 0x4d },
-		{ 0xf6, 0x3f, 0x5d, 0x76, 0x87, 0x84 },
-		{ 0xb9, 0x0e },
-		{ 0x51, 0x1c, 0x6c, 0x4e, 0x83, 0xe3, 0x8c, 0x89,
-		  0xb1, 0xc5, 0xd8, 0xdd, 0xe6, 0x24, 0x26, 0xfa },
-		{ 0x27, 0x95, 0x3e, 0x49, 0xbc, 0x8a, 0xf6, 0xdc,
-		  0xc6, 0xe7, 0x30, 0xeb, 0x80, 0x28, 0x6b, 0xe3 },
-		{ 0x53, 0x76, 0x1f, 0xbd, 0x67, 0x9b, 0x0b, 0xad },
-		{ 0x21, 0xad, 0xfd, 0x33, 0x4a, 0x10, 0xe7, 0xce },
-		{ 0xa6, 0x32, 0x41, 0xe1, 0xff, 0xc3, 0xe5, 0xab },
-		{ 0x10, 0xf0, 0x5b, 0xab, 0x75, 0xa9, 0x9a, 0x5f,
-		  0xbb, 0x98, 0xa9, 0xc2, 0x87, 0x67, 0x9c, 0x3b },
-		{ 0xf9, 0xec, 0x08, 0x65, 0xeb, 0x32, 0xf2, 0x23,
-		  0x69, 0xca, 0xde, 0x40, 0xc5, 0x9c, 0x3a, 0x44 },
-		{ 0x88, 0x19, 0x6c, 0x47, 0x98, 0x6f },
-		{ 0xc9, 0x87, 0xa3, 0xd2, 0x31, 0x15 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.9 Test Set 9 */
-		{ 0xd9, 0x15, 0x1c, 0xf0, 0x48, 0x96, 0xe2, 0x58,
-		  0x30, 0xbf, 0x2e, 0x08, 0x26, 0x7b, 0x83, 0x60 },
-		{ 0xf7, 0x61, 0xe5, 0xe9, 0x3d, 0x60, 0x3f, 0xeb,
-		  0x73, 0x0e, 0x27, 0x55, 0x6c, 0xb8, 0xa2, 0xca },
-		{ 0x47, 0xee, 0x01, 0x99, 0x82, 0x0a },
-		{ 0x91, 0x13 },
-		{ 0x75, 0xfc, 0x22, 0x33, 0xa4, 0x42, 0x94, 0xee,
-		  0x8e, 0x6d, 0xe2, 0x5c, 0x43, 0x53, 0xd2, 0x6b },
-		{ 0xc4, 0xc9, 0x3e, 0xff, 0xe8, 0xa0, 0x81, 0x38,
-		  0xc2, 0x03, 0xd4, 0xc2, 0x7c, 0xe4, 0xe3, 0xd9 },
-		{ 0x66, 0xcc, 0x4b, 0xe4, 0x48, 0x62, 0xaf, 0x1f },
-		{ 0x7a, 0x4b, 0x8d, 0x7a, 0x87, 0x53, 0xf2, 0x46 },
-		{ 0x4a, 0x90, 0xb2, 0x17, 0x1a, 0xc8, 0x3a, 0x76 },
-		{ 0x71, 0x23, 0x6b, 0x71, 0x29, 0xf9, 0xb2, 0x2a,
-		  0xb7, 0x7e, 0xa7, 0xa5, 0x4c, 0x96, 0xda, 0x22 },
-		{ 0x90, 0x52, 0x7e, 0xba, 0xa5, 0x58, 0x89, 0x68,
-		  0xdb, 0x41, 0x72, 0x73, 0x25, 0xa0, 0x4d, 0x9e },
-		{ 0x82, 0xa0, 0xf5, 0x28, 0x7a, 0x71 },
-		{ 0x52, 0x7d, 0xbf, 0x41, 0xf3, 0x5f }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.10 Test Set 10 */
-		{ 0xa0, 0xe2, 0x97, 0x1b, 0x68, 0x22, 0xe8, 0xd3,
-		  0x54, 0xa1, 0x8c, 0xc2, 0x35, 0x62, 0x4e, 0xcb },
-		{ 0x08, 0xef, 0xf8, 0x28, 0xb1, 0x3f, 0xdb, 0x56,
-		  0x27, 0x22, 0xc6, 0x5c, 0x7f, 0x30, 0xa9, 0xb2 },
-		{ 0xdb, 0x5c, 0x06, 0x64, 0x81, 0xe0 },
-		{ 0x71, 0x6b },
-		{ 0x32, 0x37, 0x92, 0xfa, 0xca, 0x21, 0xfb, 0x4d,
-		  0x5d, 0x6f, 0x13, 0xc1, 0x45, 0xa9, 0xd2, 0xc1 },
-		{ 0x82, 0xa2, 0x6f, 0x22, 0xbb, 0xa9, 0xe9, 0x48,
-		  0x8f, 0x94, 0x9a, 0x10, 0xd9, 0x8e, 0x9c, 0xc4 },
-		{ 0x94, 0x85, 0xfe, 0x24, 0x62, 0x1c, 0xb9, 0xf6 },
-		{ 0xbc, 0xe3, 0x25, 0xce, 0x03, 0xe2, 0xe9, 0xb9 },
-		{ 0x4b, 0xc2, 0x21, 0x2d, 0x86, 0x24, 0x91, 0x0a },
-		{ 0x08, 0xce, 0xf6, 0xd0, 0x04, 0xec, 0x61, 0x47,
-		  0x1a, 0x3c, 0x3c, 0xda, 0x04, 0x81, 0x37, 0xfa },
-		{ 0xed, 0x03, 0x18, 0xca, 0x5d, 0xeb, 0x92, 0x06,
-		  0x27, 0x2f, 0x6e, 0x8f, 0xa6, 0x4b, 0xa4, 0x11 },
-		{ 0xa2, 0xf8, 0x58, 0xaa, 0x9e, 0x5d },
-		{ 0x74, 0xe7, 0x6f, 0xbb, 0xec, 0x38 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.11 Test Set 11 */
-		{ 0x0d, 0xa6, 0xf7, 0xba, 0x86, 0xd5, 0xea, 0xc8,
-		  0xa1, 0x9c, 0xf5, 0x63, 0xac, 0x58, 0x64, 0x2d },
-		{ 0x67, 0x9a, 0xc4, 0xdb, 0xac, 0xd7, 0xd2, 0x33,
-		  0xff, 0x9d, 0x68, 0x06, 0xf4, 0x14, 0x9c, 0xe3 },
-		{ 0x6e, 0x23, 0x31, 0xd6, 0x92, 0xad },
-		{ 0x22, 0x4a },
-		{ 0x4b, 0x9a, 0x26, 0xfa, 0x45, 0x9e, 0x3a, 0xcb,
-		  0xff, 0x36, 0xf4, 0x01, 0x5d, 0xe3, 0xbd, 0xc1 },
-		{ 0x0d, 0xb1, 0x07, 0x1f, 0x87, 0x67, 0x56, 0x2c,
-		  0xa4, 0x3a, 0x0a, 0x64, 0xc4, 0x1e, 0x8d, 0x08 },
-		{ 0x28, 0x31, 0xd7, 0xae, 0x90, 0x88, 0xe4, 0x92 },
-		{ 0x9b, 0x2e, 0x16, 0x95, 0x11, 0x35, 0xd5, 0x23 },
-		{ 0x6f, 0xc3, 0x0f, 0xee, 0x6d, 0x12, 0x35, 0x23 },
-		{ 0x69, 0xb1, 0xca, 0xe7, 0xc7, 0x42, 0x9d, 0x97,
-		  0x5e, 0x24, 0x5c, 0xac, 0xb0, 0x5a, 0x51, 0x7c },
-		{ 0x74, 0xf2, 0x4e, 0x8c, 0x26, 0xdf, 0x58, 0xe1,
-		  0xb3, 0x8d, 0x7d, 0xcd, 0x4f, 0x1b, 0x7f, 0xbd },
-		{ 0x4c, 0x53, 0x9a, 0x26, 0xe1, 0xfa },
-		{ 0x07, 0x86, 0x1e, 0x12, 0x69, 0x28 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.12 Test Set 12 */
-		{ 0x77, 0xb4, 0x58, 0x43, 0xc8, 0x8e, 0x58, 0xc1,
-		  0x0d, 0x20, 0x26, 0x84, 0x51, 0x5e, 0xd4, 0x30 },
-		{ 0x4c, 0x47, 0xeb, 0x30, 0x76, 0xdc, 0x55, 0xfe,
-		  0x51, 0x06, 0xcb, 0x20, 0x34, 0xb8, 0xcd, 0x78 },
-		{ 0xfe, 0x1a, 0x87, 0x31, 0x00, 0x5d },
-		{ 0xad, 0x25 },
-		{ 0xbf, 0x32, 0x86, 0xc7, 0xa5, 0x14, 0x09, 0xce,
-		  0x95, 0x72, 0x4d, 0x50, 0x3b, 0xfe, 0x6e, 0x70 },
-		{ 0xd4, 0x83, 0xaf, 0xae, 0x56, 0x24, 0x09, 0xa3,
-		  0x26, 0xb5, 0xbb, 0x0b, 0x20, 0xc4, 0xd7, 0x62 },
-		{ 0x08, 0x33, 0x2d, 0x7e, 0x9f, 0x48, 0x45, 0x70 },
-		{ 0xed, 0x41, 0xb7, 0x34, 0x48, 0x9d, 0x52, 0x07 },
-		{ 0xae, 0xfa, 0x35, 0x7b, 0xea, 0xc2, 0xa8, 0x7a },
-		{ 0x90, 0x8c, 0x43, 0xf0, 0x56, 0x9c, 0xb8, 0xf7,
-		  0x4b, 0xc9, 0x71, 0xe7, 0x06, 0xc3, 0x6c, 0x5f },
-		{ 0xc2, 0x51, 0xdf, 0x0d, 0x88, 0x8d, 0xd9, 0x32,
-		  0x9b, 0xcf, 0x46, 0x65, 0x5b, 0x22, 0x6e, 0x40 },
-		{ 0x30, 0xff, 0x25, 0xcd, 0xad, 0xf6 },
-		{ 0xe8, 0x4e, 0xd0, 0xd4, 0x67, 0x7e }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.13 Test Set 13 */
-		{ 0x72, 0x9b, 0x17, 0x72, 0x92, 0x70, 0xdd, 0x87,
-		  0xcc, 0xdf, 0x1b, 0xfe, 0x29, 0xb4, 0xe9, 0xbb },
-		{ 0x31, 0x1c, 0x4c, 0x92, 0x97, 0x44, 0xd6, 0x75,
-		  0xb7, 0x20, 0xf3, 0xb7, 0xe9, 0xb1, 0xcb, 0xd0 },
-		{ 0xc8, 0x5c, 0x4c, 0xf6, 0x59, 0x16 },
-		{ 0x5b, 0xb2 },
-		{ 0xd0, 0x4c, 0x9c, 0x35, 0xbd, 0x22, 0x62, 0xfa,
-		  0x81, 0x0d, 0x29, 0x24, 0xd0, 0x36, 0xfd, 0x13 },
-		{ 0x22, 0x8c, 0x2f, 0x2f, 0x06, 0xac, 0x32, 0x68,
-		  0xa9, 0xe6, 0x16, 0xee, 0x16, 0xdb, 0x4b, 0xa1 },
-		{ 0xff, 0x79, 0x4f, 0xe2, 0xf8, 0x27, 0xeb, 0xf8 },
-		{ 0x24, 0xfe, 0x4d, 0xc6, 0x1e, 0x87, 0x4b, 0x52 },
-		{ 0x98, 0xdb, 0xbd, 0x09, 0x9b, 0x3b, 0x40, 0x8d },
-		{ 0x44, 0xc0, 0xf2, 0x3c, 0x54, 0x93, 0xcf, 0xd2,
-		  0x41, 0xe4, 0x8f, 0x19, 0x7e, 0x1d, 0x10, 0x12 },
-		{ 0x0c, 0x9f, 0xb8, 0x16, 0x13, 0x88, 0x4c, 0x25,
-		  0x35, 0xdd, 0x0e, 0xab, 0xf3, 0xb4, 0x40, 0xd8 },
-		{ 0x53, 0x80, 0xd1, 0x58, 0xcf, 0xe3 },
-		{ 0x87, 0xac, 0x3b, 0x55, 0x9f, 0xb6 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.14 Test Set 14 */
-		{ 0xd3, 0x2d, 0xd2, 0x3e, 0x89, 0xdc, 0x66, 0x23,
-		  0x54, 0xca, 0x12, 0xeb, 0x79, 0xdd, 0x32, 0xfa },
-		{ 0xcf, 0x7d, 0x0a, 0xb1, 0xd9, 0x43, 0x06, 0x95,
-		  0x0b, 0xf1, 0x20, 0x18, 0xfb, 0xd4, 0x68, 0x87 },
-		{ 0x48, 0x41, 0x07, 0xe5, 0x6a, 0x43 },
-		{ 0xb5, 0xe6 },
-		{ 0xfe, 0x75, 0x90, 0x5b, 0x9d, 0xa4, 0x7d, 0x35,
-		  0x62, 0x36, 0xd0, 0x31, 0x4e, 0x09, 0xc3, 0x2e },
-		{ 0xd2, 0x2a, 0x4b, 0x41, 0x80, 0xa5, 0x32, 0x57,
-		  0x08, 0xa5, 0xff, 0x70, 0xd9, 0xf6, 0x7e, 0xc7 },
-		{ 0xcf, 0x19, 0xd6, 0x2b, 0x6a, 0x80, 0x98, 0x66 },
-		{ 0x5d, 0x26, 0x95, 0x37, 0xe4, 0x5e, 0x2c, 0xe6 },
-		{ 0xaf, 0x4a, 0x41, 0x1e, 0x11, 0x39, 0xf2, 0xc2 },
-		{ 0x5a, 0xf8, 0x6b, 0x80, 0xed, 0xb7, 0x0d, 0xf5,
-		  0x29, 0x2c, 0xc1, 0x12, 0x1c, 0xba, 0xd5, 0x0c },
-		{ 0x7f, 0x4d, 0x6a, 0xe7, 0x44, 0x0e, 0x18, 0x78,
-		  0x9a, 0x8b, 0x75, 0xad, 0x3f, 0x42, 0xf0, 0x3a },
-		{ 0x21, 0x7a, 0xf4, 0x92, 0x72, 0xad },
-		{ 0x90, 0x0e, 0x10, 0x1c, 0x67, 0x7e }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.15 Test Set 15 */
-		{ 0xaf, 0x7c, 0x65, 0xe1, 0x92, 0x72, 0x21, 0xde,
-		  0x59, 0x11, 0x87, 0xa2, 0xc5, 0x98, 0x7a, 0x53 },
-		{ 0x1f, 0x0f, 0x85, 0x78, 0x46, 0x4f, 0xd5, 0x9b,
-		  0x64, 0xbe, 0xd2, 0xd0, 0x94, 0x36, 0xb5, 0x7a },
-		{ 0x3d, 0x62, 0x7b, 0x01, 0x41, 0x8d },
-		{ 0x84, 0xf6 },
-		{ 0x0c, 0x7a, 0xcb, 0x8d, 0x95, 0xb7, 0xd4, 0xa3,
-		  0x1c, 0x5a, 0xca, 0x6d, 0x26, 0x34, 0x5a, 0x88 },
-		{ 0xa4, 0xcf, 0x5c, 0x81, 0x55, 0xc0, 0x8a, 0x7e,
-		  0xff, 0x41, 0x8e, 0x54, 0x43, 0xb9, 0x8e, 0x55 },
-		{ 0xc3, 0x7c, 0xae, 0x78, 0x05, 0x64, 0x20, 0x32 },
-		{ 0x68, 0xcd, 0x09, 0xa4, 0x52, 0xd8, 0xdb, 0x7c },
-		{ 0x7b, 0xff, 0xa5, 0xc2, 0xf4, 0x1f, 0xbc, 0x05 },
-		{ 0x3f, 0x8c, 0x3f, 0x3c, 0xcf, 0x76, 0x25, 0xbf,
-		  0x77, 0xfc, 0x94, 0xbc, 0xfd, 0x22, 0xfd, 0x26 },
-		{ 0xab, 0xcb, 0xae, 0x8f, 0xd4, 0x61, 0x15, 0xe9,
-		  0x96, 0x1a, 0x55, 0xd0, 0xda, 0x5f, 0x20, 0x78 },
-		{ 0x83, 0x7f, 0xd7, 0xb7, 0x44, 0x19 },
-		{ 0x56, 0xe9, 0x7a, 0x60, 0x90, 0xb1 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.16 Test Set 16 */
-		{ 0x5b, 0xd7, 0xec, 0xd3, 0xd3, 0x12, 0x7a, 0x41,
-		  0xd1, 0x25, 0x39, 0xbe, 0xd4, 0xe7, 0xcf, 0x71 },
-		{ 0x59, 0xb7, 0x5f, 0x14, 0x25, 0x1c, 0x75, 0x03,
-		  0x1d, 0x0b, 0xcb, 0xac, 0x1c, 0x2c, 0x04, 0xc7 },
-		{ 0xa2, 0x98, 0xae, 0x89, 0x29, 0xdc },
-		{ 0xd0, 0x56 },
-		{ 0xf9, 0x67, 0xf7, 0x60, 0x38, 0xb9, 0x20, 0xa9,
-		  0xcd, 0x25, 0xe1, 0x0c, 0x08, 0xb4, 0x99, 0x24 },
-		{ 0x76, 0x08, 0x9d, 0x3c, 0x0f, 0xf3, 0xef, 0xdc,
-		  0x6e, 0x36, 0x72, 0x1d, 0x4f, 0xce, 0xb7, 0x47 },
-		{ 0xc3, 0xf2, 0x5c, 0xd9, 0x43, 0x09, 0x10, 0x7e },
-		{ 0xb0, 0xc8, 0xba, 0x34, 0x36, 0x65, 0xaf, 0xcc },
-		{ 0x7e, 0x3f, 0x44, 0xc7, 0x59, 0x1f, 0x6f, 0x45 },
-		{ 0xd4, 0x2b, 0x2d, 0x61, 0x5e, 0x49, 0xa0, 0x3a,
-		  0xc2, 0x75, 0xa5, 0xae, 0xf9, 0x7a, 0xf8, 0x92 },
-		{ 0x0b, 0x3f, 0x8d, 0x02, 0x4f, 0xe6, 0xbf, 0xaf,
-		  0xaa, 0x98, 0x2b, 0x8f, 0x82, 0xe3, 0x19, 0xc2 },
-		{ 0x5b, 0xe1, 0x14, 0x95, 0x52, 0x5d },
-		{ 0x4d, 0x6a, 0x34, 0xa1, 0xe4, 0xeb }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.17 Test Set 17 */
-		{ 0x6c, 0xd1, 0xc6, 0xce, 0xb1, 0xe0, 0x1e, 0x14,
-		  0xf1, 0xb8, 0x23, 0x16, 0xa9, 0x0b, 0x7f, 0x3d },
-		{ 0xf6, 0x9b, 0x78, 0xf3, 0x00, 0xa0, 0x56, 0x8b,
-		  0xce, 0x9f, 0x0c, 0xb9, 0x3c, 0x4b, 0xe4, 0xc9 },
-		{ 0xb4, 0xfc, 0xe5, 0xfe, 0xb0, 0x59 },
-		{ 0xe4, 0xbb },
-		{ 0x07, 0x8b, 0xfc, 0xa9, 0x56, 0x46, 0x59, 0xec,
-		  0xd8, 0x85, 0x1e, 0x84, 0xe6, 0xc5, 0x9b, 0x48 },
-		{ 0xa2, 0x19, 0xdc, 0x37, 0xf1, 0xdc, 0x7d, 0x66,
-		  0x73, 0x8b, 0x58, 0x43, 0xc7, 0x99, 0xf2, 0x06 },
-		{ 0x69, 0xa9, 0x08, 0x69, 0xc2, 0x68, 0xcb, 0x7b },
-		{ 0x2e, 0x0f, 0xdc, 0xf9, 0xfd, 0x1c, 0xfa, 0x6a },
-		{ 0x70, 0xf6, 0xbd, 0xb9, 0xad, 0x21, 0x52, 0x5f },
-		{ 0x6e, 0xda, 0xf9, 0x9e, 0x5b, 0xd9, 0xf8, 0x5d,
-		  0x5f, 0x36, 0xd9, 0x1c, 0x12, 0x72, 0xfb, 0x4b },
-		{ 0xd6, 0x1c, 0x85, 0x3c, 0x28, 0x0d, 0xd9, 0xc4,
-		  0x6f, 0x29, 0x7b, 0xae, 0xc3, 0x86, 0xde, 0x17 },
-		{ 0x1c, 0x40, 0x8a, 0x85, 0x8b, 0x3e },
-		{ 0xaa, 0x4a, 0xe5, 0x2d, 0xaa, 0x30 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.18 Test Set 18 */
-		{ 0xb7, 0x3a, 0x90, 0xcb, 0xcf, 0x3a, 0xfb, 0x62,
-		  0x2d, 0xba, 0x83, 0xc5, 0x8a, 0x84, 0x15, 0xdf },
-		{ 0xb1, 0x20, 0xf1, 0xc1, 0xa0, 0x10, 0x2a, 0x2f,
-		  0x50, 0x7d, 0xd5, 0x43, 0xde, 0x68, 0x28, 0x1f },
-		{ 0xf1, 0xe8, 0xa5, 0x23, 0xa3, 0x6d },
-		{ 0x47, 0x1b },
-		{ 0xb6, 0x72, 0x04, 0x7e, 0x00, 0x3b, 0xb9, 0x52,
-		  0xdc, 0xa6, 0xcb, 0x8a, 0xf0, 0xe5, 0xb7, 0x79 },
-		{ 0xdf, 0x0c, 0x67, 0x86, 0x8f, 0xa2, 0x5f, 0x74,
-		  0x8b, 0x70, 0x44, 0xc6, 0xe7, 0xc2, 0x45, 0xb8 },
-		{ 0xeb, 0xd7, 0x03, 0x41, 0xbc, 0xd4, 0x15, 0xb0 },
-		{ 0x12, 0x35, 0x9f, 0x5d, 0x82, 0x22, 0x0c, 0x14 },
-		{ 0x47, 0x9d, 0xd2, 0x5c, 0x20, 0x79, 0x2d, 0x63 },
-		{ 0x66, 0x19, 0x5d, 0xbe, 0xd0, 0x31, 0x32, 0x74,
-		  0xc5, 0xca, 0x77, 0x66, 0x61, 0x5f, 0xa2, 0x5e },
-		{ 0x66, 0xbe, 0xc7, 0x07, 0xeb, 0x2a, 0xfc, 0x47,
-		  0x6d, 0x74, 0x08, 0xa8, 0xf2, 0x92, 0x7b, 0x36 },
-		{ 0xae, 0xfd, 0xaa, 0x5d, 0xdd, 0x99 },
-		{ 0x12, 0xec, 0x2b, 0x87, 0xfb, 0xb1 }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.19 Test Set 19 */
-		{ 0x51, 0x22, 0x25, 0x02, 0x14, 0xc3, 0x3e, 0x72,
-		  0x3a, 0x5d, 0xd5, 0x23, 0xfc, 0x14, 0x5f, 0xc0 },
-		{ 0x81, 0xe9, 0x2b, 0x6c, 0x0e, 0xe0, 0xe1, 0x2e,
-		  0xbc, 0xeb, 0xa8, 0xd9, 0x2a, 0x99, 0xdf, 0xa5 },
-		{ 0x16, 0xf3, 0xb3, 0xf7, 0x0f, 0xc2 },
-		{ 0xc3, 0xab },
-		{ 0xc9, 0xe8, 0x76, 0x32, 0x86, 0xb5, 0xb9, 0xff,
-		  0xbd, 0xf5, 0x6e, 0x12, 0x97, 0xd0, 0x88, 0x7b },
-		{ 0x98, 0x1d, 0x46, 0x4c, 0x7c, 0x52, 0xeb, 0x6e,
-		  0x50, 0x36, 0x23, 0x49, 0x84, 0xad, 0x0b, 0xcf },
-		{ 0x2a, 0x5c, 0x23, 0xd1, 0x5e, 0xe3, 0x51, 0xd5 },
-		{ 0x62, 0xda, 0xe3, 0x85, 0x3f, 0x3a, 0xf9, 0xd2 },
-		{ 0x28, 0xd7, 0xb0, 0xf2, 0xa2, 0xec, 0x3d, 0xe5 },
-		{ 0x53, 0x49, 0xfb, 0xe0, 0x98, 0x64, 0x9f, 0x94,
-		  0x8f, 0x5d, 0x2e, 0x97, 0x3a, 0x81, 0xc0, 0x0f },
-		{ 0x97, 0x44, 0x87, 0x1a, 0xd3, 0x2b, 0xf9, 0xbb,
-		  0xd1, 0xdd, 0x5c, 0xe5, 0x4e, 0x3e, 0x2e, 0x5a },
-		{ 0xad, 0xa1, 0x5a, 0xeb, 0x7b, 0xb8 },
-		{ 0xd4, 0x61, 0xbc, 0x15, 0x47, 0x5d }
-	}, {
-		/* 3GPP TS 35.208 v6.0.0 - 4.3.20 Test Set 20 */
-		{ 0x90, 0xdc, 0xa4, 0xed, 0xa4, 0x5b, 0x53, 0xcf,
-		  0x0f, 0x12, 0xd7, 0xc9, 0xc3, 0xbc, 0x6a, 0x89 },
-		{ 0x9f, 0xdd, 0xc7, 0x20, 0x92, 0xc6, 0xad, 0x03,
-		  0x6b, 0x6e, 0x46, 0x47, 0x89, 0x31, 0x5b, 0x78 },
-		{ 0x20, 0xf8, 0x13, 0xbd, 0x41, 0x41 },
-		{ 0x61, 0xdf },
-		{ 0x3f, 0xfc, 0xfe, 0x5b, 0x7b, 0x11, 0x11, 0x58,
-		  0x99, 0x20, 0xd3, 0x52, 0x8e, 0x84, 0xe6, 0x55 },
-		{ 0xcb, 0x9c, 0xcc, 0xc4, 0xb9, 0x25, 0x8e, 0x6d,
-		  0xca, 0x47, 0x60, 0x37, 0x9f, 0xb8, 0x25, 0x81 },
-		{ 0x09, 0xdb, 0x94, 0xea, 0xb4, 0xf8, 0x14, 0x9e },
-		{ 0xa2, 0x94, 0x68, 0xaa, 0x97, 0x75, 0xb5, 0x27 },
-		{ 0xa9, 0x51, 0x00, 0xe2, 0x76, 0x09, 0x52, 0xcd },
-		{ 0xb5, 0xf2, 0xda, 0x03, 0x88, 0x3b, 0x69, 0xf9,
-		  0x6b, 0xf5, 0x2e, 0x02, 0x9e, 0xd9, 0xac, 0x45 },
-		{ 0xb4, 0x72, 0x13, 0x68, 0xbc, 0x16, 0xea, 0x67,
-		  0x87, 0x5c, 0x55, 0x98, 0x68, 0x8b, 0xb0, 0xef },
-		{ 0x83, 0xcf, 0xd5, 0x4d, 0xb9, 0x13 },
-		{ 0x4f, 0x20, 0x39, 0x39, 0x2d, 0xdc }
-	}
-};
-
-#define NUM_TESTS ARRAY_SIZE(test_sets)
-
-
-int main(int argc, char *argv[])
-{
-	u8 buf[16], buf2[16], buf3[16], buf4[16], buf5[16], opc[16];
-	u8 auts[14], sqn[6], _rand[16];
-	int ret = 0, res, i;
-	const struct milenage_test_set *t;
-	size_t res_len;
-
-	wpa_debug_level = 0;
-
-	printf("Milenage test sets\n");
-	for (i = 0; i < NUM_TESTS; i++) {
-		t = &test_sets[i];
-		printf("Test Set %d\n", i + 1);
-
-		milenage_opc(t->op, t->k, opc);
-		if (memcmp(opc, t->opc, 16) != 0) {
-			printf("- milenage_opc failed\n");
-			ret++;
-		}
-
-		if (milenage_f1(opc, t->k, t->rand, t->sqn, t->amf, buf, buf2)
-		    ||  memcmp(buf, t->f1, 8) != 0) {
-			printf("- milenage_f1 failed\n");
-			ret++;
-		}
-		if (memcmp(buf2, t->f1star, 8) != 0) {
-			printf("- milenage_f1* failed\n");
-			ret++;
-		}
-
-		if (milenage_f2345(opc, t->k, t->rand, buf, buf2, buf3, buf4,
-				   buf5) ||
-		    memcmp(buf, t->f2, 8) != 0) {
-			printf("- milenage_f2 failed\n");
-			ret++;
-		}
-		if (memcmp(buf2, t->f3, 16) != 0) {
-			printf("- milenage_f3 failed\n");
-			ret++;
-		}
-		if (memcmp(buf3, t->f4, 16) != 0) {
-			printf("- milenage_f4 failed\n");
-			ret++;
-		}
-		if (memcmp(buf4, t->f5, 6) != 0) {
-			printf("- milenage_f5 failed\n");
-			ret++;
-		}
-		if (memcmp(buf5, t->f5star, 6) != 0) {
-			printf("- milenage_f5* failed\n");
-			ret++;
-		}
-	}
-
-	printf("milenage_auts test:\n");
-	os_memcpy(auts, "\x4f\x20\x39\x39\x2d\xdd", 6);
-	os_memcpy(auts + 6, "\x4b\xb4\x31\x6e\xd4\xa1\x46\x88", 8);
-	res = milenage_auts(t->opc, t->k, t->rand, auts, buf);
-	printf("AUTS for test set %d: %d / SQN=%02x%02x%02x%02x%02x%02x\n",
-	       i, res, buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
-	if (res)
-		ret++;
-
-	os_memset(_rand, 0xaa, sizeof(_rand));
-	os_memcpy(auts,
-		  "\x43\x68\x1a\xd3\xda\xf0\x06\xbc\xde\x40\x5a\x20\x72\x67",
-		  14);
-	res = milenage_auts(t->opc, t->k, _rand, auts, buf);
-	printf("AUTS from a test USIM: %d / SQN=%02x%02x%02x%02x%02x%02x\n",
-	       res, buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
-	if (res)
-		ret++;
-
-	printf("milenage_generate test:\n");
-	os_memcpy(sqn, "\x00\x00\x00\x00\x40\x44", 6);
-	os_memcpy(_rand, "\x12\x69\xb8\x23\x41\x39\x35\x66\xfb\x99\x41\xe9\x84"
-		  "\x4f\xe6\x2f", 16);
-	res_len = 8;
-	milenage_generate(t->opc, t->amf, t->k, sqn, _rand, buf, buf2, buf3,
-			  buf4, &res_len);
-	wpa_hexdump(MSG_DEBUG, "SQN", sqn, 6);
-	wpa_hexdump(MSG_DEBUG, "RAND", _rand, 16);
-	wpa_hexdump(MSG_DEBUG, "AUTN", buf, 16);
-	wpa_hexdump(MSG_DEBUG, "IK", buf2, 16);
-	wpa_hexdump(MSG_DEBUG, "CK", buf3, 16);
-	wpa_hexdump(MSG_DEBUG, "RES", buf4, res_len);
-
-	printf("GSM-Milenage test sets\n");
-	for (i = 0; i < NUM_GSM_TESTS; i++) {
-		const struct gsm_milenage_test_set *g;
-		u8 sres[4], kc[8];
-		g = &gsm_test_sets[i];
-		printf("Test Set %d\n", i + 1);
-		gsm_milenage(g->opc, g->ki, g->rand, sres, kc);
-		if (memcmp(g->kc, kc, 8) != 0) {
-			printf("- gsm_milenage Kc failed\n");
-			ret++;
-		}
-#ifdef GSM_MILENAGE_ALT_SRES
-		if (memcmp(g->sres2, sres, 4) != 0) {
-			printf("- gsm_milenage SRES#2 failed\n");
-			ret++;
-		}
-#else /* GSM_MILENAGE_ALT_SRES */
-		if (memcmp(g->sres1, sres, 4) != 0) {
-			printf("- gsm_milenage SRES#1 failed\n");
-			ret++;
-		}
-#endif /* GSM_MILENAGE_ALT_SRES */
-	}
-
-	if (ret)
-		printf("Something failed\n");
-	else
-		printf("OK\n");
-
-	return ret;
-}
diff --git a/tests/test-rc4.c b/tests/test-rc4.c
deleted file mode 100644
index 99f559274a06..000000000000
--- a/tests/test-rc4.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/*
- * Test program for RC4
- * Copyright (c) 2011, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/crypto.h"
-
-
-struct rc4_test_vector {
-	size_t key_len;
-	const u8 *key;
-	const u8 *stream0;
-	const u8 *stream240;
-	const u8 *stream496;
-	const u8 *stream752;
-	const u8 *stream1008;
-	const u8 *stream1520;
-	const u8 *stream2032;
-	const u8 *stream3056;
-	const u8 *stream4080;
-};
-
-/* RFC 6229 test vectors */
-static const struct rc4_test_vector tests[] = {
-	{
-		5, (u8 *) "\x01\x02\x03\x04\x05",
-		(u8 *) "\xb2\x39\x63\x05\xf0\x3d\xc0\x27\xcc\xc3\x52\x4a\x0a\x11\x18\xa8\x69\x82\x94\x4f\x18\xfc\x82\xd5\x89\xc4\x03\xa4\x7a\x0d\x09\x19",
-		(u8 *) "\x28\xcb\x11\x32\xc9\x6c\xe2\x86\x42\x1d\xca\xad\xb8\xb6\x9e\xae\x1c\xfc\xf6\x2b\x03\xed\xdb\x64\x1d\x77\xdf\xcf\x7f\x8d\x8c\x93",
-		(u8 *) "\x42\xb7\xd0\xcd\xd9\x18\xa8\xa3\x3d\xd5\x17\x81\xc8\x1f\x40\x41\x64\x59\x84\x44\x32\xa7\xda\x92\x3c\xfb\x3e\xb4\x98\x06\x61\xf6",
-		(u8 *) "\xec\x10\x32\x7b\xde\x2b\xee\xfd\x18\xf9\x27\x76\x80\x45\x7e\x22\xeb\x62\x63\x8d\x4f\x0b\xa1\xfe\x9f\xca\x20\xe0\x5b\xf8\xff\x2b",
-		(u8 *) "\x45\x12\x90\x48\xe6\xa0\xed\x0b\x56\xb4\x90\x33\x8f\x07\x8d\xa5\x30\xab\xbc\xc7\xc2\x0b\x01\x60\x9f\x23\xee\x2d\x5f\x6b\xb7\xdf",
-		(u8 *) "\x32\x94\xf7\x44\xd8\xf9\x79\x05\x07\xe7\x0f\x62\xe5\xbb\xce\xea\xd8\x72\x9d\xb4\x18\x82\x25\x9b\xee\x4f\x82\x53\x25\xf5\xa1\x30",
-		(u8 *) "\x1e\xb1\x4a\x0c\x13\xb3\xbf\x47\xfa\x2a\x0b\xa9\x3a\xd4\x5b\x8b\xcc\x58\x2f\x8b\xa9\xf2\x65\xe2\xb1\xbe\x91\x12\xe9\x75\xd2\xd7",
-		(u8 *) "\xf2\xe3\x0f\x9b\xd1\x02\xec\xbf\x75\xaa\xad\xe9\xbc\x35\xc4\x3c\xec\x0e\x11\xc4\x79\xdc\x32\x9d\xc8\xda\x79\x68\xfe\x96\x56\x81",
-		(u8 *) "\x06\x83\x26\xa2\x11\x84\x16\xd2\x1f\x9d\x04\xb2\xcd\x1c\xa0\x50\xff\x25\xb5\x89\x95\x99\x67\x07\xe5\x1f\xbd\xf0\x8b\x34\xd8\x75"
-	},
-	{
-		7, (u8 *) "\x01\x02\x03\x04\x05\x06\x07",
-		(u8 *) "\x29\x3f\x02\xd4\x7f\x37\xc9\xb6\x33\xf2\xaf\x52\x85\xfe\xb4\x6b\xe6\x20\xf1\x39\x0d\x19\xbd\x84\xe2\xe0\xfd\x75\x20\x31\xaf\xc1",
-		(u8 *) "\x91\x4f\x02\x53\x1c\x92\x18\x81\x0d\xf6\x0f\x67\xe3\x38\x15\x4c\xd0\xfd\xb5\x83\x07\x3c\xe8\x5a\xb8\x39\x17\x74\x0e\xc0\x11\xd5",
-		(u8 *) "\x75\xf8\x14\x11\xe8\x71\xcf\xfa\x70\xb9\x0c\x74\xc5\x92\xe4\x54\x0b\xb8\x72\x02\x93\x8d\xad\x60\x9e\x87\xa5\xa1\xb0\x79\xe5\xe4",
-		(u8 *) "\xc2\x91\x12\x46\xb6\x12\xe7\xe7\xb9\x03\xdf\xed\xa1\xda\xd8\x66\x32\x82\x8f\x91\x50\x2b\x62\x91\x36\x8d\xe8\x08\x1d\xe3\x6f\xc2",
-		(u8 *) "\xf3\xb9\xa7\xe3\xb2\x97\xbf\x9a\xd8\x04\x51\x2f\x90\x63\xef\xf1\x8e\xcb\x67\xa9\xba\x1f\x55\xa5\xa0\x67\xe2\xb0\x26\xa3\x67\x6f",
-		(u8 *) "\xd2\xaa\x90\x2b\xd4\x2d\x0d\x7c\xfd\x34\x0c\xd4\x58\x10\x52\x9f\x78\xb2\x72\xc9\x6e\x42\xea\xb4\xc6\x0b\xd9\x14\xe3\x9d\x06\xe3",
-		(u8 *) "\xf4\x33\x2f\xd3\x1a\x07\x93\x96\xee\x3c\xee\x3f\x2a\x4f\xf0\x49\x05\x45\x97\x81\xd4\x1f\xda\x7f\x30\xc1\xbe\x7e\x12\x46\xc6\x23",
-		(u8 *) "\xad\xfd\x38\x68\xb8\xe5\x14\x85\xd5\xe6\x10\x01\x7e\x3d\xd6\x09\xad\x26\x58\x1c\x0c\x5b\xe4\x5f\x4c\xea\x01\xdb\x2f\x38\x05\xd5",
-		(u8 *) "\xf3\x17\x2c\xef\xfc\x3b\x3d\x99\x7c\x85\xcc\xd5\xaf\x1a\x95\x0c\xe7\x4b\x0b\x97\x31\x22\x7f\xd3\x7c\x0e\xc0\x8a\x47\xdd\xd8\xb8"
-	},
-	{
-		8, (u8 *) "\x01\x02\x03\x04\x05\x06\x07\x08",
-		(u8 *) "\x97\xab\x8a\x1b\xf0\xaf\xb9\x61\x32\xf2\xf6\x72\x58\xda\x15\xa8\x82\x63\xef\xdb\x45\xc4\xa1\x86\x84\xef\x87\xe6\xb1\x9e\x5b\x09",
-		(u8 *) "\x96\x36\xeb\xc9\x84\x19\x26\xf4\xf7\xd1\xf3\x62\xbd\xdf\x6e\x18\xd0\xa9\x90\xff\x2c\x05\xfe\xf5\xb9\x03\x73\xc9\xff\x4b\x87\x0a",
-		(u8 *) "\x73\x23\x9f\x1d\xb7\xf4\x1d\x80\xb6\x43\xc0\xc5\x25\x18\xec\x63\x16\x3b\x31\x99\x23\xa6\xbd\xb4\x52\x7c\x62\x61\x26\x70\x3c\x0f",
-		(u8 *) "\x49\xd6\xc8\xaf\x0f\x97\x14\x4a\x87\xdf\x21\xd9\x14\x72\xf9\x66\x44\x17\x3a\x10\x3b\x66\x16\xc5\xd5\xad\x1c\xee\x40\xc8\x63\xd0",
-		(u8 *) "\x27\x3c\x9c\x4b\x27\xf3\x22\xe4\xe7\x16\xef\x53\xa4\x7d\xe7\xa4\xc6\xd0\xe7\xb2\x26\x25\x9f\xa9\x02\x34\x90\xb2\x61\x67\xad\x1d",
-		(u8 *) "\x1f\xe8\x98\x67\x13\xf0\x7c\x3d\x9a\xe1\xc1\x63\xff\x8c\xf9\xd3\x83\x69\xe1\xa9\x65\x61\x0b\xe8\x87\xfb\xd0\xc7\x91\x62\xaa\xfb",
-		(u8 *) "\x0a\x01\x27\xab\xb4\x44\x84\xb9\xfb\xef\x5a\xbc\xae\x1b\x57\x9f\xc2\xcd\xad\xc6\x40\x2e\x8e\xe8\x66\xe1\xf3\x7b\xdb\x47\xe4\x2c",
-		(u8 *) "\x26\xb5\x1e\xa3\x7d\xf8\xe1\xd6\xf7\x6f\xc3\xb6\x6a\x74\x29\xb3\xbc\x76\x83\x20\x5d\x4f\x44\x3d\xc1\xf2\x9d\xda\x33\x15\xc8\x7b",
-		(u8 *) "\xd5\xfa\x5a\x34\x69\xd2\x9a\xaa\xf8\x3d\x23\x58\x9d\xb8\xc8\x5b\x3f\xb4\x6e\x2c\x8f\x0f\x06\x8e\xdc\xe8\xcd\xcd\x7d\xfc\x58\x62"
-	},
-	{
-		10, (u8 *) "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a",
-		(u8 *) "\xed\xe3\xb0\x46\x43\xe5\x86\xcc\x90\x7d\xc2\x18\x51\x70\x99\x02\x03\x51\x6b\xa7\x8f\x41\x3b\xeb\x22\x3a\xa5\xd4\xd2\xdf\x67\x11",
-		(u8 *) "\x3c\xfd\x6c\xb5\x8e\xe0\xfd\xde\x64\x01\x76\xad\x00\x00\x04\x4d\x48\x53\x2b\x21\xfb\x60\x79\xc9\x11\x4c\x0f\xfd\x9c\x04\xa1\xad",
-		(u8 *) "\x3e\x8c\xea\x98\x01\x71\x09\x97\x90\x84\xb1\xef\x92\xf9\x9d\x86\xe2\x0f\xb4\x9b\xdb\x33\x7e\xe4\x8b\x8d\x8d\xc0\xf4\xaf\xef\xfe",
-		(u8 *) "\x5c\x25\x21\xea\xcd\x79\x66\xf1\x5e\x05\x65\x44\xbe\xa0\xd3\x15\xe0\x67\xa7\x03\x19\x31\xa2\x46\xa6\xc3\x87\x5d\x2f\x67\x8a\xcb",
-		(u8 *) "\xa6\x4f\x70\xaf\x88\xae\x56\xb6\xf8\x75\x81\xc0\xe2\x3e\x6b\x08\xf4\x49\x03\x1d\xe3\x12\x81\x4e\xc6\xf3\x19\x29\x1f\x4a\x05\x16",
-		(u8 *) "\xbd\xae\x85\x92\x4b\x3c\xb1\xd0\xa2\xe3\x3a\x30\xc6\xd7\x95\x99\x8a\x0f\xed\xdb\xac\x86\x5a\x09\xbc\xd1\x27\xfb\x56\x2e\xd6\x0a",
-		(u8 *) "\xb5\x5a\x0a\x5b\x51\xa1\x2a\x8b\xe3\x48\x99\xc3\xe0\x47\x51\x1a\xd9\xa0\x9c\xea\x3c\xe7\x5f\xe3\x96\x98\x07\x03\x17\xa7\x13\x39",
-		(u8 *) "\x55\x22\x25\xed\x11\x77\xf4\x45\x84\xac\x8c\xfa\x6c\x4e\xb5\xfc\x7e\x82\xcb\xab\xfc\x95\x38\x1b\x08\x09\x98\x44\x21\x29\xc2\xf8",
-		(u8 *) "\x1f\x13\x5e\xd1\x4c\xe6\x0a\x91\x36\x9d\x23\x22\xbe\xf2\x5e\x3c\x08\xb6\xbe\x45\x12\x4a\x43\xe2\xeb\x77\x95\x3f\x84\xdc\x85\x53"
-	},
-	{
-		16, (u8 *) "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10",
-		(u8 *) "\x9a\xc7\xcc\x9a\x60\x9d\x1e\xf7\xb2\x93\x28\x99\xcd\xe4\x1b\x97\x52\x48\xc4\x95\x90\x14\x12\x6a\x6e\x8a\x84\xf1\x1d\x1a\x9e\x1c",
-		(u8 *) "\x06\x59\x02\xe4\xb6\x20\xf6\xcc\x36\xc8\x58\x9f\x66\x43\x2f\x2b\xd3\x9d\x56\x6b\xc6\xbc\xe3\x01\x07\x68\x15\x15\x49\xf3\x87\x3f",
-		(u8 *) "\xb6\xd1\xe6\xc4\xa5\xe4\x77\x1c\xad\x79\x53\x8d\xf2\x95\xfb\x11\xc6\x8c\x1d\x5c\x55\x9a\x97\x41\x23\xdf\x1d\xbc\x52\xa4\x3b\x89",
-		(u8 *) "\xc5\xec\xf8\x8d\xe8\x97\xfd\x57\xfe\xd3\x01\x70\x1b\x82\xa2\x59\xec\xcb\xe1\x3d\xe1\xfc\xc9\x1c\x11\xa0\xb2\x6c\x0b\xc8\xfa\x4d",
-		(u8 *) "\xe7\xa7\x25\x74\xf8\x78\x2a\xe2\x6a\xab\xcf\x9e\xbc\xd6\x60\x65\xbd\xf0\x32\x4e\x60\x83\xdc\xc6\xd3\xce\xdd\x3c\xa8\xc5\x3c\x16",
-		(u8 *) "\xb4\x01\x10\xc4\x19\x0b\x56\x22\xa9\x61\x16\xb0\x01\x7e\xd2\x97\xff\xa0\xb5\x14\x64\x7e\xc0\x4f\x63\x06\xb8\x92\xae\x66\x11\x81",
-		(u8 *) "\xd0\x3d\x1b\xc0\x3c\xd3\x3d\x70\xdf\xf9\xfa\x5d\x71\x96\x3e\xbd\x8a\x44\x12\x64\x11\xea\xa7\x8b\xd5\x1e\x8d\x87\xa8\x87\x9b\xf5",
-		(u8 *) "\xfa\xbe\xb7\x60\x28\xad\xe2\xd0\xe4\x87\x22\xe4\x6c\x46\x15\xa3\xc0\x5d\x88\xab\xd5\x03\x57\xf9\x35\xa6\x3c\x59\xee\x53\x76\x23",
-		(u8 *) "\xff\x38\x26\x5c\x16\x42\xc1\xab\xe8\xd3\xc2\xfe\x5e\x57\x2b\xf8\xa3\x6a\x4c\x30\x1a\xe8\xac\x13\x61\x0c\xcb\xc1\x22\x56\xca\xcc"
-	},
-	{
-		24, (u8 *) "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18",
-		(u8 *) "\x05\x95\xe5\x7f\xe5\xf0\xbb\x3c\x70\x6e\xda\xc8\xa4\xb2\xdb\x11\xdf\xde\x31\x34\x4a\x1a\xf7\x69\xc7\x4f\x07\x0a\xee\x9e\x23\x26",
-		(u8 *) "\xb0\x6b\x9b\x1e\x19\x5d\x13\xd8\xf4\xa7\x99\x5c\x45\x53\xac\x05\x6b\xd2\x37\x8e\xc3\x41\xc9\xa4\x2f\x37\xba\x79\xf8\x8a\x32\xff",
-		(u8 *) "\xe7\x0b\xce\x1d\xf7\x64\x5a\xdb\x5d\x2c\x41\x30\x21\x5c\x35\x22\x9a\x57\x30\xc7\xfc\xb4\xc9\xaf\x51\xff\xda\x89\xc7\xf1\xad\x22",
-		(u8 *) "\x04\x85\x05\x5f\xd4\xf6\xf0\xd9\x63\xef\x5a\xb9\xa5\x47\x69\x82\x59\x1f\xc6\x6b\xcd\xa1\x0e\x45\x2b\x03\xd4\x55\x1f\x6b\x62\xac",
-		(u8 *) "\x27\x53\xcc\x83\x98\x8a\xfa\x3e\x16\x88\xa1\xd3\xb4\x2c\x9a\x02\x93\x61\x0d\x52\x3d\x1d\x3f\x00\x62\xb3\xc2\xa3\xbb\xc7\xc7\xf0",
-		(u8 *) "\x96\xc2\x48\x61\x0a\xad\xed\xfe\xaf\x89\x78\xc0\x3d\xe8\x20\x5a\x0e\x31\x7b\x3d\x1c\x73\xb9\xe9\xa4\x68\x8f\x29\x6d\x13\x3a\x19",
-		(u8 *) "\xbd\xf0\xe6\xc3\xcc\xa5\xb5\xb9\xd5\x33\xb6\x9c\x56\xad\xa1\x20\x88\xa2\x18\xb6\xe2\xec\xe1\xe6\x24\x6d\x44\xc7\x59\xd1\x9b\x10",
-		(u8 *) "\x68\x66\x39\x7e\x95\xc1\x40\x53\x4f\x94\x26\x34\x21\x00\x6e\x40\x32\xcb\x0a\x1e\x95\x42\xc6\xb3\xb8\xb3\x98\xab\xc3\xb0\xf1\xd5",
-		(u8 *) "\x29\xa0\xb8\xae\xd5\x4a\x13\x23\x24\xc6\x2e\x42\x3f\x54\xb4\xc8\x3c\xb0\xf3\xb5\x02\x0a\x98\xb8\x2a\xf9\xfe\x15\x44\x84\xa1\x68"
-	},
-	{
-		32, (u8 *) "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
-		(u8 *) "\xea\xa6\xbd\x25\x88\x0b\xf9\x3d\x3f\x5d\x1e\x4c\xa2\x61\x1d\x91\xcf\xa4\x5c\x9f\x7e\x71\x4b\x54\xbd\xfa\x80\x02\x7c\xb1\x43\x80",
-		(u8 *) "\x11\x4a\xe3\x44\xde\xd7\x1b\x35\xf2\xe6\x0f\xeb\xad\x72\x7f\xd8\x02\xe1\xe7\x05\x6b\x0f\x62\x39\x00\x49\x64\x22\x94\x3e\x97\xb6",
-		(u8 *) "\x91\xcb\x93\xc7\x87\x96\x4e\x10\xd9\x52\x7d\x99\x9c\x6f\x93\x6b\x49\xb1\x8b\x42\xf8\xe8\x36\x7c\xbe\xb5\xef\x10\x4b\xa1\xc7\xcd",
-		(u8 *) "\x87\x08\x4b\x3b\xa7\x00\xba\xde\x95\x56\x10\x67\x27\x45\xb3\x74\xe7\xa7\xb9\xe9\xec\x54\x0d\x5f\xf4\x3b\xdb\x12\x79\x2d\x1b\x35",
-		(u8 *) "\xc7\x99\xb5\x96\x73\x8f\x6b\x01\x8c\x76\xc7\x4b\x17\x59\xbd\x90\x7f\xec\x5b\xfd\x9f\x9b\x89\xce\x65\x48\x30\x90\x92\xd7\xe9\x58",
-		(u8 *) "\x40\xf2\x50\xb2\x6d\x1f\x09\x6a\x4a\xfd\x4c\x34\x0a\x58\x88\x15\x3e\x34\x13\x5c\x79\xdb\x01\x02\x00\x76\x76\x51\xcf\x26\x30\x73",
-		(u8 *) "\xf6\x56\xab\xcc\xf8\x8d\xd8\x27\x02\x7b\x2c\xe9\x17\xd4\x64\xec\x18\xb6\x25\x03\xbf\xbc\x07\x7f\xba\xbb\x98\xf2\x0d\x98\xab\x34",
-		(u8 *) "\x8a\xed\x95\xee\x5b\x0d\xcb\xfb\xef\x4e\xb2\x1d\x3a\x3f\x52\xf9\x62\x5a\x1a\xb0\x0e\xe3\x9a\x53\x27\x34\x6b\xdd\xb0\x1a\x9c\x18",
-		(u8 *) "\xa1\x3a\x7c\x79\xc7\xe1\x19\xb5\xab\x02\x96\xab\x28\xc3\x00\xb9\xf3\xe4\xc0\xa2\xe0\x2d\x1d\x01\xf7\xf0\xa7\x46\x18\xaf\x2b\x48"
-	},
-	{
-		5, (u8 *) "\x83\x32\x22\x77\x2a",
-		(u8 *) "\x80\xad\x97\xbd\xc9\x73\xdf\x8a\x2e\x87\x9e\x92\xa4\x97\xef\xda\x20\xf0\x60\xc2\xf2\xe5\x12\x65\x01\xd3\xd4\xfe\xa1\x0d\x5f\xc0",
-		(u8 *) "\xfa\xa1\x48\xe9\x90\x46\x18\x1f\xec\x6b\x20\x85\xf3\xb2\x0e\xd9\xf0\xda\xf5\xba\xb3\xd5\x96\x83\x98\x57\x84\x6f\x73\xfb\xfe\x5a",
-		(u8 *) "\x1c\x7e\x2f\xc4\x63\x92\x32\xfe\x29\x75\x84\xb2\x96\x99\x6b\xc8\x3d\xb9\xb2\x49\x40\x6c\xc8\xed\xff\xac\x55\xcc\xd3\x22\xba\x12",
-		(u8 *) "\xe4\xf9\xf7\xe0\x06\x61\x54\xbb\xd1\x25\xb7\x45\x56\x9b\xc8\x97\x75\xd5\xef\x26\x2b\x44\xc4\x1a\x9c\xf6\x3a\xe1\x45\x68\xe1\xb9",
-		(u8 *) "\x6d\xa4\x53\xdb\xf8\x1e\x82\x33\x4a\x3d\x88\x66\xcb\x50\xa1\xe3\x78\x28\xd0\x74\x11\x9c\xab\x5c\x22\xb2\x94\xd7\xa9\xbf\xa0\xbb",
-		(u8 *) "\xad\xb8\x9c\xea\x9a\x15\xfb\xe6\x17\x29\x5b\xd0\x4b\x8c\xa0\x5c\x62\x51\xd8\x7f\xd4\xaa\xae\x9a\x7e\x4a\xd5\xc2\x17\xd3\xf3\x00",
-		(u8 *) "\xe7\x11\x9b\xd6\xdd\x9b\x22\xaf\xe8\xf8\x95\x85\x43\x28\x81\xe2\x78\x5b\x60\xfd\x7e\xc4\xe9\xfc\xb6\x54\x5f\x35\x0d\x66\x0f\xab",
-		(u8 *) "\xaf\xec\xc0\x37\xfd\xb7\xb0\x83\x8e\xb3\xd7\x0b\xcd\x26\x83\x82\xdb\xc1\xa7\xb4\x9d\x57\x35\x8c\xc9\xfa\x6d\x61\xd7\x3b\x7c\xf0",
-		(u8 *) "\x63\x49\xd1\x26\xa3\x7a\xfc\xba\x89\x79\x4f\x98\x04\x91\x4f\xdc\xbf\x42\xc3\x01\x8c\x2f\x7c\x66\xbf\xde\x52\x49\x75\x76\x81\x15"
-	},
-	{
-		7, (u8 *) "\x19\x10\x83\x32\x22\x77\x2a",
-		(u8 *) "\xbc\x92\x22\xdb\xd3\x27\x4d\x8f\xc6\x6d\x14\xcc\xbd\xa6\x69\x0b\x7a\xe6\x27\x41\x0c\x9a\x2b\xe6\x93\xdf\x5b\xb7\x48\x5a\x63\xe3",
-		(u8 *) "\x3f\x09\x31\xaa\x03\xde\xfb\x30\x0f\x06\x01\x03\x82\x6f\x2a\x64\xbe\xaa\x9e\xc8\xd5\x9b\xb6\x81\x29\xf3\x02\x7c\x96\x36\x11\x81",
-		(u8 *) "\x74\xe0\x4d\xb4\x6d\x28\x64\x8d\x7d\xee\x8a\x00\x64\xb0\x6c\xfe\x9b\x5e\x81\xc6\x2f\xe0\x23\xc5\x5b\xe4\x2f\x87\xbb\xf9\x32\xb8",
-		(u8 *) "\xce\x17\x8f\xc1\x82\x6e\xfe\xcb\xc1\x82\xf5\x79\x99\xa4\x61\x40\x8b\xdf\x55\xcd\x55\x06\x1c\x06\xdb\xa6\xbe\x11\xde\x4a\x57\x8a",
-		(u8 *) "\x62\x6f\x5f\x4d\xce\x65\x25\x01\xf3\x08\x7d\x39\xc9\x2c\xc3\x49\x42\xda\xac\x6a\x8f\x9a\xb9\xa7\xfd\x13\x7c\x60\x37\x82\x56\x82",
-		(u8 *) "\xcc\x03\xfd\xb7\x91\x92\xa2\x07\x31\x2f\x53\xf5\xd4\xdc\x33\xd9\xf7\x0f\x14\x12\x2a\x1c\x98\xa3\x15\x5d\x28\xb8\xa0\xa8\xa4\x1d",
-		(u8 *) "\x2a\x3a\x30\x7a\xb2\x70\x8a\x9c\x00\xfe\x0b\x42\xf9\xc2\xd6\xa1\x86\x26\x17\x62\x7d\x22\x61\xea\xb0\xb1\x24\x65\x97\xca\x0a\xe9",
-		(u8 *) "\x55\xf8\x77\xce\x4f\x2e\x1d\xdb\xbf\x8e\x13\xe2\xcd\xe0\xfd\xc8\x1b\x15\x56\xcb\x93\x5f\x17\x33\x37\x70\x5f\xbb\x5d\x50\x1f\xc1",
-		(u8 *) "\xec\xd0\xe9\x66\x02\xbe\x7f\x8d\x50\x92\x81\x6c\xcc\xf2\xc2\xe9\x02\x78\x81\xfa\xb4\x99\x3a\x1c\x26\x20\x24\xa9\x4f\xff\x3f\x61"
-	},
-	{
-		8, (u8 *) "\x64\x19\x10\x83\x32\x22\x77\x2a",
-		(u8 *) "\xbb\xf6\x09\xde\x94\x13\x17\x2d\x07\x66\x0c\xb6\x80\x71\x69\x26\x46\x10\x1a\x6d\xab\x43\x11\x5d\x6c\x52\x2b\x4f\xe9\x36\x04\xa9",
-		(u8 *) "\xcb\xe1\xff\xf2\x1c\x96\xf3\xee\xf6\x1e\x8f\xe0\x54\x2c\xbd\xf0\x34\x79\x38\xbf\xfa\x40\x09\xc5\x12\xcf\xb4\x03\x4b\x0d\xd1\xa7",
-		(u8 *) "\x78\x67\xa7\x86\xd0\x0a\x71\x47\x90\x4d\x76\xdd\xf1\xe5\x20\xe3\x8d\x3e\x9e\x1c\xae\xfc\xcc\xb3\xfb\xf8\xd1\x8f\x64\x12\x0b\x32",
-		(u8 *) "\x94\x23\x37\xf8\xfd\x76\xf0\xfa\xe8\xc5\x2d\x79\x54\x81\x06\x72\xb8\x54\x8c\x10\xf5\x16\x67\xf6\xe6\x0e\x18\x2f\xa1\x9b\x30\xf7",
-		(u8 *) "\x02\x11\xc7\xc6\x19\x0c\x9e\xfd\x12\x37\xc3\x4c\x8f\x2e\x06\xc4\xbd\xa6\x4f\x65\x27\x6d\x2a\xac\xb8\xf9\x02\x12\x20\x3a\x80\x8e",
-		(u8 *) "\xbd\x38\x20\xf7\x32\xff\xb5\x3e\xc1\x93\xe7\x9d\x33\xe2\x7c\x73\xd0\x16\x86\x16\x86\x19\x07\xd4\x82\xe3\x6c\xda\xc8\xcf\x57\x49",
-		(u8 *) "\x97\xb0\xf0\xf2\x24\xb2\xd2\x31\x71\x14\x80\x8f\xb0\x3a\xf7\xa0\xe5\x96\x16\xe4\x69\x78\x79\x39\xa0\x63\xce\xea\x9a\xf9\x56\xd1",
-		(u8 *) "\xc4\x7e\x0d\xc1\x66\x09\x19\xc1\x11\x01\x20\x8f\x9e\x69\xaa\x1f\x5a\xe4\xf1\x28\x96\xb8\x37\x9a\x2a\xad\x89\xb5\xb5\x53\xd6\xb0",
-		(u8 *) "\x6b\x6b\x09\x8d\x0c\x29\x3b\xc2\x99\x3d\x80\xbf\x05\x18\xb6\xd9\x81\x70\xcc\x3c\xcd\x92\xa6\x98\x62\x1b\x93\x9d\xd3\x8f\xe7\xb9"
-	},
-	{
-		10, (u8 *) "\x8b\x37\x64\x19\x10\x83\x32\x22\x77\x2a",
-		(u8 *) "\xab\x65\xc2\x6e\xdd\xb2\x87\x60\x0d\xb2\xfd\xa1\x0d\x1e\x60\x5c\xbb\x75\x90\x10\xc2\x96\x58\xf2\xc7\x2d\x93\xa2\xd1\x6d\x29\x30",
-		(u8 *) "\xb9\x01\xe8\x03\x6e\xd1\xc3\x83\xcd\x3c\x4c\x4d\xd0\xa6\xab\x05\x3d\x25\xce\x49\x22\x92\x4c\x55\xf0\x64\x94\x33\x53\xd7\x8a\x6c",
-		(u8 *) "\x12\xc1\xaa\x44\xbb\xf8\x7e\x75\xe6\x11\xf6\x9b\x2c\x38\xf4\x9b\x28\xf2\xb3\x43\x4b\x65\xc0\x98\x77\x47\x00\x44\xc6\xea\x17\x0d",
-		(u8 *) "\xbd\x9e\xf8\x22\xde\x52\x88\x19\x61\x34\xcf\x8a\xf7\x83\x93\x04\x67\x55\x9c\x23\xf0\x52\x15\x84\x70\xa2\x96\xf7\x25\x73\x5a\x32",
-		(u8 *) "\x8b\xab\x26\xfb\xc2\xc1\x2b\x0f\x13\xe2\xab\x18\x5e\xab\xf2\x41\x31\x18\x5a\x6d\x69\x6f\x0c\xfa\x9b\x42\x80\x8b\x38\xe1\x32\xa2",
-		(u8 *) "\x56\x4d\x3d\xae\x18\x3c\x52\x34\xc8\xaf\x1e\x51\x06\x1c\x44\xb5\x3c\x07\x78\xa7\xb5\xf7\x2d\x3c\x23\xa3\x13\x5c\x7d\x67\xb9\xf4",
-		(u8 *) "\xf3\x43\x69\x89\x0f\xcf\x16\xfb\x51\x7d\xca\xae\x44\x63\xb2\xdd\x02\xf3\x1c\x81\xe8\x20\x07\x31\xb8\x99\xb0\x28\xe7\x91\xbf\xa7",
-		(u8 *) "\x72\xda\x64\x62\x83\x22\x8c\x14\x30\x08\x53\x70\x17\x95\x61\x6f\x4e\x0a\x8c\x6f\x79\x34\xa7\x88\xe2\x26\x5e\x81\xd6\xd0\xc8\xf4",
-		(u8 *) "\x43\x8d\xd5\xea\xfe\xa0\x11\x1b\x6f\x36\xb4\xb9\x38\xda\x2a\x68\x5f\x6b\xfc\x73\x81\x58\x74\xd9\x71\x00\xf0\x86\x97\x93\x57\xd8"
-	},
-	{
-		16, (u8 *) "\xeb\xb4\x62\x27\xc6\xcc\x8b\x37\x64\x19\x10\x83\x32\x22\x77\x2a",
-		(u8 *) "\x72\x0c\x94\xb6\x3e\xdf\x44\xe1\x31\xd9\x50\xca\x21\x1a\x5a\x30\xc3\x66\xfd\xea\xcf\x9c\xa8\x04\x36\xbe\x7c\x35\x84\x24\xd2\x0b",
-		(u8 *) "\xb3\x39\x4a\x40\xaa\xbf\x75\xcb\xa4\x22\x82\xef\x25\xa0\x05\x9f\x48\x47\xd8\x1d\xa4\x94\x2d\xbc\x24\x9d\xef\xc4\x8c\x92\x2b\x9f",
-		(u8 *) "\x08\x12\x8c\x46\x9f\x27\x53\x42\xad\xda\x20\x2b\x2b\x58\xda\x95\x97\x0d\xac\xef\x40\xad\x98\x72\x3b\xac\x5d\x69\x55\xb8\x17\x61",
-		(u8 *) "\x3c\xb8\x99\x93\xb0\x7b\x0c\xed\x93\xde\x13\xd2\xa1\x10\x13\xac\xef\x2d\x67\x6f\x15\x45\xc2\xc1\x3d\xc6\x80\xa0\x2f\x4a\xdb\xfe",
-		(u8 *) "\xb6\x05\x95\x51\x4f\x24\xbc\x9f\xe5\x22\xa6\xca\xd7\x39\x36\x44\xb5\x15\xa8\xc5\x01\x17\x54\xf5\x90\x03\x05\x8b\xdb\x81\x51\x4e",
-		(u8 *) "\x3c\x70\x04\x7e\x8c\xbc\x03\x8e\x3b\x98\x20\xdb\x60\x1d\xa4\x95\x11\x75\xda\x6e\xe7\x56\xde\x46\xa5\x3e\x2b\x07\x56\x60\xb7\x70",
-		(u8 *) "\x00\xa5\x42\xbb\xa0\x21\x11\xcc\x2c\x65\xb3\x8e\xbd\xba\x58\x7e\x58\x65\xfd\xbb\x5b\x48\x06\x41\x04\xe8\x30\xb3\x80\xf2\xae\xde",
-		(u8 *) "\x34\xb2\x1a\xd2\xad\x44\xe9\x99\xdb\x2d\x7f\x08\x63\xf0\xd9\xb6\x84\xa9\x21\x8f\xc3\x6e\x8a\x5f\x2c\xcf\xbe\xae\x53\xa2\x7d\x25",
-		(u8 *) "\xa2\x22\x1a\x11\xb8\x33\xcc\xb4\x98\xa5\x95\x40\xf0\x54\x5f\x4a\x5b\xbe\xb4\x78\x7d\x59\xe5\x37\x3f\xdb\xea\x6c\x6f\x75\xc2\x9b"
-	},
-	{
-		24, (u8 *) "\xc1\x09\x16\x39\x08\xeb\xe5\x1d\xeb\xb4\x62\x27\xc6\xcc\x8b\x37\x64\x19\x10\x83\x32\x22\x77\x2a",
-		(u8 *) "\x54\xb6\x4e\x6b\x5a\x20\xb5\xe2\xec\x84\x59\x3d\xc7\x98\x9d\xa7\xc1\x35\xee\xe2\x37\xa8\x54\x65\xff\x97\xdc\x03\x92\x4f\x45\xce",
-		(u8 *) "\xcf\xcc\x92\x2f\xb4\xa1\x4a\xb4\x5d\x61\x75\xaa\xbb\xf2\xd2\x01\x83\x7b\x87\xe2\xa4\x46\xad\x0e\xf7\x98\xac\xd0\x2b\x94\x12\x4f",
-		(u8 *) "\x17\xa6\xdb\xd6\x64\x92\x6a\x06\x36\xb3\xf4\xc3\x7a\x4f\x46\x94\x4a\x5f\x9f\x26\xae\xee\xd4\xd4\xa2\x5f\x63\x2d\x30\x52\x33\xd9",
-		(u8 *) "\x80\xa3\xd0\x1e\xf0\x0c\x8e\x9a\x42\x09\xc1\x7f\x4e\xeb\x35\x8c\xd1\x5e\x7d\x5f\xfa\xaa\xbc\x02\x07\xbf\x20\x0a\x11\x77\x93\xa2",
-		(u8 *) "\x34\x96\x82\xbf\x58\x8e\xaa\x52\xd0\xaa\x15\x60\x34\x6a\xea\xfa\xf5\x85\x4c\xdb\x76\xc8\x89\xe3\xad\x63\x35\x4e\x5f\x72\x75\xe3",
-		(u8 *) "\x53\x2c\x7c\xec\xcb\x39\xdf\x32\x36\x31\x84\x05\xa4\xb1\x27\x9c\xba\xef\xe6\xd9\xce\xb6\x51\x84\x22\x60\xe0\xd1\xe0\x5e\x3b\x90",
-		(u8 *) "\xe8\x2d\x8c\x6d\xb5\x4e\x3c\x63\x3f\x58\x1c\x95\x2b\xa0\x42\x07\x4b\x16\xe5\x0a\xbd\x38\x1b\xd7\x09\x00\xa9\xcd\x9a\x62\xcb\x23",
-		(u8 *) "\x36\x82\xee\x33\xbd\x14\x8b\xd9\xf5\x86\x56\xcd\x8f\x30\xd9\xfb\x1e\x5a\x0b\x84\x75\x04\x5d\x9b\x20\xb2\x62\x86\x24\xed\xfd\x9e",
-		(u8 *) "\x63\xed\xd6\x84\xfb\x82\x62\x82\xfe\x52\x8f\x9c\x0e\x92\x37\xbc\xe4\xdd\x2e\x98\xd6\x96\x0f\xae\x0b\x43\x54\x54\x56\x74\x33\x91"
-	},
-	{
-		32, (u8 *) "\x1a\xda\x31\xd5\xcf\x68\x82\x21\xc1\x09\x16\x39\x08\xeb\xe5\x1d\xeb\xb4\x62\x27\xc6\xcc\x8b\x37\x64\x19\x10\x83\x32\x22\x77\x2a",
-		(u8 *) "\xdd\x5b\xcb\x00\x18\xe9\x22\xd4\x94\x75\x9d\x7c\x39\x5d\x02\xd3\xc8\x44\x6f\x8f\x77\xab\xf7\x37\x68\x53\x53\xeb\x89\xa1\xc9\xeb",
-		(u8 *) "\xaf\x3e\x30\xf9\xc0\x95\x04\x59\x38\x15\x15\x75\xc3\xfb\x90\x98\xf8\xcb\x62\x74\xdb\x99\xb8\x0b\x1d\x20\x12\xa9\x8e\xd4\x8f\x0e",
-		(u8 *) "\x25\xc3\x00\x5a\x1c\xb8\x5d\xe0\x76\x25\x98\x39\xab\x71\x98\xab\x9d\xcb\xc1\x83\xe8\xcb\x99\x4b\x72\x7b\x75\xbe\x31\x80\x76\x9c",
-		(u8 *) "\xa1\xd3\x07\x8d\xfa\x91\x69\x50\x3e\xd9\xd4\x49\x1d\xee\x4e\xb2\x85\x14\xa5\x49\x58\x58\x09\x6f\x59\x6e\x4b\xcd\x66\xb1\x06\x65",
-		(u8 *) "\x5f\x40\xd5\x9e\xc1\xb0\x3b\x33\x73\x8e\xfa\x60\xb2\x25\x5d\x31\x34\x77\xc7\xf7\x64\xa4\x1b\xac\xef\xf9\x0b\xf1\x4f\x92\xb7\xcc",
-		(u8 *) "\xac\x4e\x95\x36\x8d\x99\xb9\xeb\x78\xb8\xda\x8f\x81\xff\xa7\x95\x8c\x3c\x13\xf8\xc2\x38\x8b\xb7\x3f\x38\x57\x6e\x65\xb7\xc4\x46",
-		(u8 *) "\x13\xc4\xb9\xc1\xdf\xb6\x65\x79\xed\xdd\x8a\x28\x0b\x9f\x73\x16\xdd\xd2\x78\x20\x55\x01\x26\x69\x8e\xfa\xad\xc6\x4b\x64\xf6\x6e",
-		(u8 *) "\xf0\x8f\x2e\x66\xd2\x8e\xd1\x43\xf3\xa2\x37\xcf\x9d\xe7\x35\x59\x9e\xa3\x6c\x52\x55\x31\xb8\x80\xba\x12\x43\x34\xf5\x7b\x0b\x70",
-		(u8 *) "\xd5\xa3\x9e\x3d\xfc\xc5\x02\x80\xba\xc4\xa6\xb5\xaa\x0d\xca\x7d\x37\x0b\x1c\x1f\xe6\x55\x91\x6d\x97\xfd\x0d\x47\xca\x1d\x72\xb8"
-	}
-};
-
-#define NUM_TESTS ARRAY_SIZE(tests)
-
-
-static int run_test(unsigned int i, const u8 *key, size_t key_len,
-		    const u8 *stream, int offset)
-{
-	u8 res[32];
-	os_memset(res, 0, sizeof(res));
-	if (rc4_skip(key, key_len, offset, res, sizeof(res)) < 0 ||
-	    os_memcmp(res, stream, 32) != 0) {
-		printf("RC4 test case %d (offset %d) - FAILED!\n",
-		       i + 1, offset);
-		return 1;
-	}
-	return 0;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int ret = 0;
-	unsigned int i;
-
-	for (i = 0; i < NUM_TESTS; i++) {
-		const struct rc4_test_vector *test = &tests[i];
-		ret += run_test(i, test->key, test->key_len,
-				test->stream0, 0);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream240, 240);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream496, 496);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream752, 752);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream1008, 1008);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream1520, 1520);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream2032, 2032);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream3056, 3056);
-		ret += run_test(i, test->key, test->key_len,
-				test->stream4080, 4080);
-	}
-
-	if (ret == 0)
-		printf("All RC4 test cases passed\n");
-
-	return ret;
-}
diff --git a/tests/test-rsa-sig-ver.c b/tests/test-rsa-sig-ver.c
deleted file mode 100644
index 0cb398af15a8..000000000000
--- a/tests/test-rsa-sig-ver.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Testing tool for RSA PKCS #1 v1.5 signature verification
- * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "crypto/crypto.h"
-#include "tls/rsa.h"
-#include "tls/asn1.h"
-#include "tls/pkcs1.h"
-
-
-static int cavp_rsa_sig_ver(const char *fname)
-{
-	FILE *f;
-	int ret = 0;
-	char buf[15000], *pos, *pos2;
-	u8 msg[200], n[512], s[512], em[512], e[512];
-	size_t msg_len = 0, n_len = 0, s_len = 0, em_len, e_len = 0;
-	size_t tmp_len;
-	char sha_alg[20];
-	int ok = 0;
-
-	printf("CAVP RSA SigVer test vectors from %s\n", fname);
-
-	f = fopen(fname, "r");
-	if (f == NULL) {
-		printf("%s does not exist - cannot validate CAVP RSA SigVer test vectors\n",
-			fname);
-		return 0;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		pos = os_strchr(buf, '=');
-		if (pos == NULL)
-			continue;
-		pos2 = pos - 1;
-		while (pos2 >= buf && *pos2 == ' ')
-			*pos2-- = '\0';
-		*pos++ = '\0';
-		while (*pos == ' ')
-			*pos++ = '\0';
-		pos2 = os_strchr(pos, '\r');
-		if (!pos2)
-			pos2 = os_strchr(pos, '\n');
-		if (pos2)
-			*pos2 = '\0';
-		else
-			pos2 = pos + os_strlen(pos);
-
-		if (os_strcmp(buf, "SHAAlg") == 0) {
-			os_strlcpy(sha_alg, pos, sizeof(sha_alg));
-		} else if (os_strcmp(buf, "Msg") == 0) {
-			tmp_len = os_strlen(pos);
-			if (tmp_len > sizeof(msg) * 2) {
-				printf("Too long Msg\n");
-				fclose(f);
-				return -1;
-			}
-			msg_len = tmp_len / 2;
-			if (hexstr2bin(pos, msg, msg_len) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strcmp(buf, "n") == 0) {
-			tmp_len = os_strlen(pos);
-			if (tmp_len > sizeof(n) * 2) {
-				printf("Too long n\n");
-				fclose(f);
-				return -1;
-			}
-			n_len = tmp_len / 2;
-			if (hexstr2bin(pos, n, n_len) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strcmp(buf, "e") == 0) {
-			tmp_len = os_strlen(pos);
-			if (tmp_len > sizeof(e) * 2) {
-				printf("Too long e\n");
-				fclose(f);
-				return -1;
-			}
-			e_len = tmp_len / 2;
-			if (hexstr2bin(pos, e, e_len) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strcmp(buf, "S") == 0) {
-			tmp_len = os_strlen(pos);
-			if (tmp_len > sizeof(s) * 2) {
-				printf("Too long S\n");
-				fclose(f);
-				return -1;
-			}
-			s_len = tmp_len / 2;
-			if (hexstr2bin(pos, s, s_len) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strncmp(buf, "EM", 2) == 0) {
-			tmp_len = os_strlen(pos);
-			if (tmp_len > sizeof(em) * 2) {
-				fclose(f);
-				return -1;
-			}
-			em_len = tmp_len / 2;
-			if (hexstr2bin(pos, em, em_len) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strcmp(buf, "Result") == 0) {
-			const u8 *addr[1];
-			size_t len[1];
-			struct crypto_public_key *pk;
-			int res;
-			u8 hash[32];
-			size_t hash_len;
-			const struct asn1_oid *alg;
-
-			addr[0] = msg;
-			len[0] = msg_len;
-			if (os_strcmp(sha_alg, "SHA1") == 0) {
-				if (sha1_vector(1, addr, len, hash) < 0) {
-					fclose(f);
-					return -1;
-				}
-				hash_len = 20;
-				alg = &asn1_sha1_oid;
-			} else if (os_strcmp(sha_alg, "SHA256") == 0) {
-				if (sha256_vector(1, addr, len, hash) < 0) {
-					fclose(f);
-					return -1;
-				}
-				hash_len = 32;
-				alg = &asn1_sha256_oid;
-			} else {
-				continue;
-			}
-
-			printf("\nExpected result: %s\n", pos);
-			wpa_hexdump(MSG_INFO, "Hash(Msg)", hash, hash_len);
-
-			pk = crypto_public_key_import_parts(n, n_len,
-							    e, e_len);
-			if (pk == NULL) {
-				printf("Failed to import public key\n");
-				ret++;
-				continue;
-			}
-
-			res = pkcs1_v15_sig_ver(pk, s, s_len, alg,
-						hash, hash_len);
-			crypto_public_key_free(pk);
-			if ((*pos == 'F' && !res) || (*pos != 'F' && res)) {
-				printf("FAIL\n");
-				ret++;
-				continue;
-			}
-
-			printf("PASS\n");
-			ok++;
-		}
-	}
-
-	fclose(f);
-
-	if (ret)
-		printf("Test case failed\n");
-	else
-		printf("%d test vectors OK\n", ok);
-
-	return ret;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int ret = 0;
-	int i;
-
-	wpa_debug_level = 0;
-	wpa_debug_show_keys = 1;
-
-	for (i = 1; i < argc; i++) {
-		if (cavp_rsa_sig_ver(argv[i]))
-			ret++;
-	}
-
-	if (argc < 2 && cavp_rsa_sig_ver("CAVP/SigVer15_186-3.rsp"))
-		ret++;
-	if (argc < 2 && cavp_rsa_sig_ver("CAVP/SigVer15EMTest.txt"))
-		ret++;
-
-	return ret;
-}
diff --git a/tests/test-sha1.c b/tests/test-sha1.c
deleted file mode 100644
index 3269d4d6097e..000000000000
--- a/tests/test-sha1.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Test program for SHA1 and MD5
- * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/crypto.h"
-
-
-static int cavp_shavs(const char *fname)
-{
-	FILE *f;
-	int ret = 0;
-	char buf[15000], *pos, *pos2;
-	u8 msg[6400];
-	int msg_len = 0, tmp_len;
-	u8 md[20], hash[20];
-	int ok = 0;
-
-	printf("CAVP SHAVS test vectors from %s\n", fname);
-
-	f = fopen(fname, "r");
-	if (f == NULL) {
-		printf("%s does not exist - cannot validate CAVP SHAVS test vectors\n",
-			fname);
-		return 0;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		pos = os_strchr(buf, '=');
-		if (pos == NULL)
-			continue;
-		pos2 = pos - 1;
-		while (pos2 >= buf && *pos2 == ' ')
-			*pos2-- = '\0';
-		*pos++ = '\0';
-		while (*pos == ' ')
-			*pos++ = '\0';
-		pos2 = os_strchr(pos, '\r');
-		if (!pos2)
-			pos2 = os_strchr(pos, '\n');
-		if (pos2)
-			*pos2 = '\0';
-		else
-			pos2 = pos + os_strlen(pos);
-
-		if (os_strcmp(buf, "Len") == 0) {
-			msg_len = atoi(pos);
-		} else if (os_strcmp(buf, "Msg") == 0) {
-			tmp_len = os_strlen(pos);
-			if (msg_len == 0 && tmp_len == 2)
-				tmp_len = 0;
-			if (msg_len != tmp_len * 4) {
-				printf("Unexpected Msg length (msg_len=%u tmp_len=%u, Msg='%s'\n",
-				       msg_len, tmp_len, pos);
-				ret++;
-				break;
-			}
-
-			if (hexstr2bin(pos, msg, msg_len / 8) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strcmp(buf, "MD") == 0) {
-			const u8 *addr[1];
-			size_t len[1];
-
-			tmp_len = os_strlen(pos);
-			if (tmp_len != 2 * 20) {
-				printf("Unexpected MD length (MD='%s'\n",
-				       pos);
-				ret++;
-				break;
-			}
-
-			if (hexstr2bin(pos, md, 20) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-
-			addr[0] = msg;
-			len[0] = msg_len / 8;
-			if (sha1_vector(1, addr, len, hash) < 0 ||
-			    os_memcmp(hash, md, 20) != 0)
-				ret++;
-			else
-				ok++;
-		}
-	}
-
-	fclose(f);
-
-	if (ret)
-		printf("Test case failed\n");
-	else
-		printf("%d test vectors OK\n", ok);
-
-	return ret;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int ret = 0;
-
-	if (cavp_shavs("CAVP/SHA1ShortMsg.rsp"))
-		ret++;
-	if (cavp_shavs("CAVP/SHA1LongMsg.rsp"))
-		ret++;
-
-	return ret;
-}
diff --git a/tests/test-sha256.c b/tests/test-sha256.c
deleted file mode 100644
index 741351aa0f7f..000000000000
--- a/tests/test-sha256.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Test program for SHA256
- * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/crypto.h"
-
-
-static int cavp_shavs(const char *fname)
-{
-	FILE *f;
-	int ret = 0;
-	char buf[15000], *pos, *pos2;
-	u8 msg[6400];
-	int msg_len = 0, tmp_len;
-	u8 md[32], hash[32];
-	int ok = 0;
-
-	printf("CAVP SHAVS test vectors from %s\n", fname);
-
-	f = fopen(fname, "r");
-	if (f == NULL) {
-		printf("%s does not exist - cannot validate CAVP SHAVS test vectors\n",
-			fname);
-		return 0;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		pos = os_strchr(buf, '=');
-		if (pos == NULL)
-			continue;
-		pos2 = pos - 1;
-		while (pos2 >= buf && *pos2 == ' ')
-			*pos2-- = '\0';
-		*pos++ = '\0';
-		while (*pos == ' ')
-			*pos++ = '\0';
-		pos2 = os_strchr(pos, '\r');
-		if (!pos2)
-			pos2 = os_strchr(pos, '\n');
-		if (pos2)
-			*pos2 = '\0';
-		else
-			pos2 = pos + os_strlen(pos);
-
-		if (os_strcmp(buf, "Len") == 0) {
-			msg_len = atoi(pos);
-		} else if (os_strcmp(buf, "Msg") == 0) {
-			tmp_len = os_strlen(pos);
-			if (msg_len == 0 && tmp_len == 2)
-				tmp_len = 0;
-			if (msg_len != tmp_len * 4) {
-				printf("Unexpected Msg length (msg_len=%u tmp_len=%u, Msg='%s'\n",
-				       msg_len, tmp_len, pos);
-				ret++;
-				break;
-			}
-
-			if (hexstr2bin(pos, msg, msg_len / 8) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-		} else if (os_strcmp(buf, "MD") == 0) {
-			const u8 *addr[1];
-			size_t len[1];
-
-			tmp_len = os_strlen(pos);
-			if (tmp_len != 2 * 32) {
-				printf("Unexpected MD length (MD='%s'\n",
-				       pos);
-				ret++;
-				break;
-			}
-
-			if (hexstr2bin(pos, md, 32) < 0) {
-				printf("Invalid hex string '%s'\n", pos);
-				ret++;
-				break;
-			}
-
-			addr[0] = msg;
-			len[0] = msg_len / 8;
-			if (sha256_vector(1, addr, len, hash) < 0 ||
-			    os_memcmp(hash, md, 32) != 0)
-				ret++;
-			else
-				ok++;
-		}
-	}
-
-	fclose(f);
-
-	if (ret)
-		printf("Test case failed\n");
-	else
-		printf("%d test vectors OK\n", ok);
-
-	return ret;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int errors = 0;
-
-	if (cavp_shavs("CAVP/SHA256ShortMsg.rsp"))
-		errors++;
-	if (cavp_shavs("CAVP/SHA256LongMsg.rsp"))
-		errors++;
-
-	return errors;
-}
diff --git a/tests/test-x509v3.c b/tests/test-x509v3.c
deleted file mode 100644
index 06cd6eaab3e4..000000000000
--- a/tests/test-x509v3.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Testing tool for X.509v3 routines
- * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "tls/asn1.h"
-#include "tls/x509v3.h"
-
-
-int main(int argc, char *argv[])
-{
-	char *buf;
-	size_t len;
-	struct x509_certificate *certs = NULL, *last = NULL, *cert;
-	int i, reason;
-
-	wpa_debug_level = 0;
-	wpa_debug_show_keys = 1;
-
-	if (argc < 3 || strcmp(argv[1], "-v") != 0) {
-		printf("usage: test_x509v3 -v <cert1.der> <cert2.der> ..\n");
-		return -1;
-	}
-
-	for (i = 2; i < argc; i++) {
-		printf("Reading: %s\n", argv[i]);
-		buf = os_readfile(argv[i], &len);
-		if (buf == NULL) {
-			printf("Failed to read '%s'\n", argv[i]);
-			return -1;
-		}
-
-		cert = x509_certificate_parse((u8 *) buf, len);
-		if (cert == NULL) {
-			printf("Failed to parse X.509 certificate\n");
-			return -1;
-		}
-
-		free(buf);
-
-		if (certs == NULL)
-			certs = cert;
-		else
-			last->next = cert;
-		last = cert;
-	}
-
-	printf("\n\nValidating certificate chain\n");
-	if (x509_certificate_chain_validate(last, certs, &reason, 0) < 0) {
-		printf("\nCertificate chain validation failed: %d\n", reason);
-		return -1;
-	}
-	printf("\nCertificate chain is valid\n");
-
-	return 0;
-}
diff --git a/tests/test_x509v3_nist.sh b/tests/test_x509v3_nist.sh
deleted file mode 100755
index d3f94bb3a7b2..000000000000
--- a/tests/test_x509v3_nist.sh
+++ /dev/null
@@ -1,144 +0,0 @@
-#!/bin/bash
-
-# X.509 Path Validation Test Suite, Version 1.07
-# http://csrc.nist.gov/pki/testing/x509paths_old.html
-# http://csrc.nist.gov/pki/testing/x509tests.tgz
-
-if [ -z "$1" ]; then
-    echo "usage: $0 <path to X509tests directory>"
-    exit 1
-fi
-
-TESTS=$1
-
-if [ ! -d $TESTS ]; then
-    echo "Not a directory: $TESTS"
-    exit 1
-fi
-
-X509TEST="./test-x509v3 -v"
-TMPOUT=test_x509v3_nist.out
-
-# TODO: add support for validating CRLs
-
-END="End Certificate "
-ROOT="Trust Anchor "
-ICA="Intermediate Certificate "
-
-SUCCESS=""
-FAILURE=""
-
-function run_test
-{
-    NUM=$1
-    RES=$2
-    shift 2
-    $X509TEST "$@" > $TMPOUT.$NUM
-    VALRES=$?
-    OK=0
-    if [ $RES -eq 0 ]; then
-	# expecting success
-	if [ $VALRES -eq 0 ]; then
-	    OK=1
-	else
-	    echo "test$NUM failed - expected validation success"
-	    OK=0
-	fi
-    else
-	# expecting failure
-	if [ $VALRES -eq 0 ]; then
-	    echo "test$NUM failed - expected validation failure"
-	    OK=0
-	else
-	    REASON=`grep "Certificate chain validation failed: " $TMPOUT.$NUM`
-	    if [ $? -eq 0 ]; then
-		REASONNUM=`echo "$REASON" | colrm 1 37`
-		if [ $REASONNUM -eq $RES ]; then
-		    OK=1
-		else
-		    echo "test$NUM failed - expected validation result $RES; result was $REASONNUM"
-		    OK=0
-		fi
-	    else
-		echo "test$NUM failed - expected validation failure; other type of error detected"
-		OK=0
-	    fi
-	fi
-    fi
-    if [ $OK -eq 1 ]; then
-	rm $TMPOUT.$NUM
-	SUCCESS="$SUCCESS $NUM"
-    else
-	FAILURE="$FAILURE $NUM"
-    fi
-}
-
-P=$TESTS/test
-
-run_test 1 0 "${P}1/${END}CP.01.01.crt" "${P}1/${ROOT}CP.01.01.crt"
-run_test 2 1 "${P}2/${END}CP.01.02.crt" "${P}2/${ICA}CP.01.02.crt" "${P}2/${ROOT}CP.01.01.crt"
-run_test 3 1 "${P}3/${END}CP.01.03.crt" "${P}3/${ICA}CP.01.03.crt" "${P}3/${ROOT}CP.01.01.crt"
-run_test 4 0 "${P}4/${END}CP.02.01.crt" "${P}4/${ICA}2 CP.02.01.crt" "${P}4/${ICA}1 CP.02.01.crt" "${P}4/${ROOT}CP.01.01.crt"
-run_test 5 4 "${P}5/${END}CP.02.02.crt" "${P}5/${ICA}CP.02.02.crt" "${P}5/${ROOT}CP.01.01.crt"
-run_test 6 4 "${P}6/${END}CP.02.03.crt" "${P}6/${ICA}CP.02.03.crt" "${P}6/${ROOT}CP.01.01.crt"
-run_test 7 0 "${P}7/${END}CP.02.04.crt" "${P}7/${ICA}CP.02.04.crt" "${P}7/${ROOT}CP.01.01.crt"
-run_test 8 4 "${P}8/${END}CP.02.05.crt" "${P}8/${ICA}CP.02.05.crt" "${P}8/${ROOT}CP.01.01.crt"
-run_test 9 4 "${P}9/${END}CP.03.01.crt" "${P}9/${ICA}CP.03.01.crt" "${P}9/${ROOT}CP.01.01.crt"
-run_test 10 4 "${P}10/${END}CP.03.02.crt" "${P}10/${ICA}CP.03.02.crt" "${P}10/${ROOT}CP.01.01.crt"
-run_test 11 4 "${P}11/${END}CP.03.03.crt" "${P}11/${ICA}CP.03.03.crt" "${P}11/${ROOT}CP.01.01.crt"
-run_test 12 0 "${P}12/${END}CP.03.04.crt" "${P}12/${ICA}CP.03.04.crt" "${P}12/${ROOT}CP.01.01.crt"
-run_test 13 5 "${P}13/${END}CP.04.01.crt" "${P}13/${ICA}CP.04.01.crt" "${P}13/${ROOT}CP.01.01.crt"
-run_test 14 5 "${P}14/${END}CP.04.02.crt" "${P}14/${ICA}CP.04.02.crt" "${P}14/${ROOT}CP.01.01.crt"
-run_test 15 0 "${P}15/${END}CP.04.03.crt" "${P}15/${ICA}CP.04.03.crt" "${P}15/${ROOT}CP.01.01.crt"
-run_test 16 0 "${P}16/${END}CP.04.04.crt" "${P}16/${ICA}CP.04.04.crt" "${P}16/${ROOT}CP.01.01.crt"
-run_test 17 0 "${P}17/${END}CP.04.05.crt" "${P}17/${ICA}CP.04.05.crt" "${P}17/${ROOT}CP.01.01.crt"
-run_test 18 0 "${P}18/${END}CP.04.06.crt" "${P}18/${ICA}CP.04.06.crt" "${P}18/${ROOT}CP.01.01.crt"
-run_test 19 1 "${P}19/${END}CP.05.01.crt" "${P}19/${ICA}CP.05.01.crt" "${P}19/${ROOT}CP.01.01.crt"
-run_test 20 3 "${P}20/${END}CP.06.01.crt" "${P}20/${ICA}CP.06.01.crt" "${P}20/${ROOT}CP.01.01.crt"
-run_test 21 3 "${P}21/${END}CP.06.02.crt" "${P}21/${ICA}CP.06.02.crt" "${P}21/${ROOT}CP.01.01.crt"
-run_test 22 1 "${P}22/${END}IC.01.01.crt" "${P}22/${ICA}IC.01.01.crt" "${P}22/${ROOT}CP.01.01.crt"
-run_test 23 1 "${P}23/${END}IC.02.01.crt" "${P}23/${ICA}IC.02.01.crt" "${P}23/${ROOT}CP.01.01.crt"
-run_test 24 0 "${P}24/${END}IC.02.02.crt" "${P}24/${ICA}IC.02.02.crt" "${P}24/${ROOT}CP.01.01.crt"
-run_test 25 1 "${P}25/${END}IC.02.03.crt" "${P}25/${ICA}IC.02.03.crt" "${P}25/${ROOT}CP.01.01.crt"
-run_test 26 0 "${P}26/${END}IC.02.04.crt" "${P}26/${ICA}IC.02.04.crt" "${P}26/${ROOT}CP.01.01.crt"
-run_test 27 0 "${P}27/${END}IC.04.01.crt" "${P}27/${ICA}IC.04.01.crt" "${P}27/${ROOT}CP.01.01.crt"
-run_test 28 1 "${P}28/${END}IC.05.01.crt" "${P}28/${ICA}IC.05.01.crt" "${P}28/${ROOT}CP.01.01.crt"
-run_test 29 1 "${P}29/${END}IC.05.02.crt" "${P}29/${ICA}IC.05.02.crt" "${P}29/${ROOT}CP.01.01.crt"
-run_test 30 0 "${P}30/${END}IC.05.03.crt" "${P}30/${ICA}IC.05.03.crt" "${P}30/${ROOT}CP.01.01.crt"
-run_test 31 1 "${P}31/${END}IC.06.01.crt" "${P}31/${ICA}IC.06.01.crt" "${P}31/${ROOT}CP.01.01.crt"
-run_test 32 1 "${P}32/${END}IC.06.02.crt" "${P}32/${ICA}IC.06.02.crt" "${P}32/${ROOT}CP.01.01.crt"
-run_test 33 0 "${P}33/${END}IC.06.03.crt" "${P}33/${ICA}IC.06.03.crt" "${P}33/${ROOT}CP.01.01.crt"
-run_test 34 0 "${P}34/${END}PP.01.01.crt" "${P}34/${ICA}PP.01.01.crt" "${P}34/${ROOT}CP.01.01.crt"
-run_test 35 0 "${P}35/${END}PP.01.02.crt" "${P}35/${ICA}PP.01.02.crt" "${P}35/${ROOT}CP.01.01.crt"
-run_test 36 0 "${P}36/${END}PP.01.03.crt" "${P}36/${ICA}2 PP.01.03.crt" "${P}36/${ICA}1 PP.01.03.crt" "${P}36/${ROOT}CP.01.01.crt"
-run_test 37 0 "${P}37/${END}PP.01.04.crt" "${P}37/${ICA}2 PP.01.04.crt" "${P}37/${ICA}1 PP.01.04.crt" "${P}37/${ROOT}CP.01.01.crt"
-run_test 38 0 "${P}38/${END}PP.01.05.crt" "${P}38/${ICA}2 PP.01.05.crt" "${P}38/${ICA}1 PP.01.05.crt" "${P}38/${ROOT}CP.01.01.crt"
-run_test 39 0 "${P}39/${END}PP.01.06.crt" "${P}39/${ICA}3 PP.01.06.crt" "${P}39/${ICA}2 PP.01.06.crt" "${P}39/${ICA}1 PP.01.06.crt" "${P}39/${ROOT}CP.01.01.crt"
-run_test 40 0 "${P}40/${END}PP.01.07.crt" "${P}40/${ICA}3 PP.01.07.crt" "${P}40/${ICA}2 PP.01.07.crt" "${P}40/${ICA}1 PP.01.07.crt" "${P}40/${ROOT}CP.01.01.crt"
-run_test 41 0 "${P}41/${END}PP.01.08.crt" "${P}41/${ICA}3 PP.01.08.crt" "${P}41/${ICA}2 PP.01.08.crt" "${P}41/${ICA}1 PP.01.08.crt" "${P}41/${ROOT}CP.01.01.crt"
-run_test 42 0 "${P}42/${END}PP.01.09.crt" "${P}42/${ICA}4 PP.01.09.crt" "${P}42/${ICA}3 PP.01.09.crt" "${P}42/${ICA}2 PP.01.09.crt" "${P}42/${ICA}1 PP.01.09.crt" "${P}42/${ROOT}CP.01.01.crt"
-run_test 43 0 "${P}43/${END}PP.06.01.crt" "${P}43/${ICA}4 PP.06.01.crt" "${P}43/${ICA}3 PP.06.01.crt" "${P}43/${ICA}2 PP.06.01.crt" "${P}43/${ICA}1 PP.06.01.crt" "${P}43/${ROOT}CP.01.01.crt"
-run_test 44 0 "${P}44/${END}PP.06.02.crt" "${P}44/${ICA}4 PP.06.02.crt" "${P}44/${ICA}3 PP.06.02.crt" "${P}44/${ICA}2 PP.06.02.crt" "${P}44/${ICA}1 PP.06.02.crt" "${P}44/${ROOT}CP.01.01.crt"
-run_test 45 0 "${P}45/${END}PP.06.03.crt" "${P}45/${ICA}4 PP.06.03.crt" "${P}45/${ICA}3 PP.06.03.crt" "${P}45/${ICA}2 PP.06.03.crt" "${P}45/${ICA}1 PP.06.03.crt" "${P}45/${ROOT}CP.01.01.crt"
-run_test 46 0 "${P}46/${END}PP.06.04.crt" "${P}46/${ICA}4 PP.06.04.crt" "${P}46/${ICA}3 PP.06.04.crt" "${P}46/${ICA}2 PP.06.04.crt" "${P}46/${ICA}1 PP.06.04.crt" "${P}46/${ROOT}CP.01.01.crt"
-run_test 47 0 "${P}47/${END}PP.06.05.crt" "${P}47/${ICA}4 PP.06.05.crt" "${P}47/${ICA}3 PP.06.05.crt" "${P}47/${ICA}2 PP.06.05.crt" "${P}47/${ICA}1 PP.06.05.crt" "${P}47/${ROOT}CP.01.01.crt"
-run_test 48 0 "${P}48/${END}PP.08.01.crt" "${P}48/${ICA}PP.08.01.crt" "${P}48/${ROOT}CP.01.01.crt"
-run_test 49 0 "${P}49/${END}PP.08.02.crt" "${P}49/${ICA}PP.08.02.crt" "${P}49/${ROOT}CP.01.01.crt"
-run_test 50 0 "${P}50/${END}PP.08.03.crt" "${P}50/${ICA}PP.08.03.crt" "${P}50/${ROOT}CP.01.01.crt"
-run_test 51 0 "${P}51/${END}PP.08.04.crt" "${P}51/${ICA}PP.08.04.crt" "${P}51/${ROOT}CP.01.01.crt"
-run_test 52 0 "${P}52/${END}PP.08.05.crt" "${P}52/${ICA}PP.08.05.crt" "${P}52/${ROOT}CP.01.01.crt"
-run_test 53 0 "${P}53/${END}PP.08.06.crt" "${P}53/${ICA}PP.08.06.crt" "${P}53/${ROOT}CP.01.01.crt"
-run_test 54 1 "${P}54/${END}PL.01.01.crt" "${P}54/${ICA}2 PL.01.01.crt" "${P}54/${ICA}1 PL.01.01.crt" "${P}54/${ROOT}CP.01.01.crt"
-run_test 55 1 "${P}55/${END}PL.01.02.crt" "${P}55/${ICA}2 PL.01.02.crt" "${P}55/${ICA}1 PL.01.02.crt" "${P}55/${ROOT}CP.01.01.crt"
-run_test 56 0 "${P}56/${END}PL.01.03.crt" "${P}56/${ICA}PL.01.03.crt" "${P}56/${ROOT}CP.01.01.crt"
-run_test 57 0 "${P}57/${END}PL.01.04.crt" "${P}57/${ICA}PL.01.04.crt" "${P}57/${ROOT}CP.01.01.crt"
-run_test 58 1 "${P}58/${END}PL.01.05.crt" "${P}58/${ICA}3 PL.01.05.crt" "${P}58/${ICA}2 PL.01.05.crt" "${P}58/${ICA}1 PL.01.05.crt" "${P}58/${ROOT}CP.01.01.crt"
-run_test 59 1 "${P}59/${END}PL.01.06.crt" "${P}59/${ICA}3 PL.01.06.crt" "${P}59/${ICA}2 PL.01.06.crt" "${P}59/${ICA}1 PL.01.06.crt" "${P}59/${ROOT}CP.01.01.crt"
-run_test 60 1 "${P}60/${END}PL.01.07.crt" "${P}60/${ICA}4 PL.01.07.crt" "${P}60/${ICA}3 PL.01.07.crt" "${P}60/${ICA}2 PL.01.07.crt" "${P}60/${ICA}1 PL.01.07.crt" "${P}60/${ROOT}CP.01.01.crt"
-run_test 61 1 "${P}61/${END}PL.01.08.crt" "${P}61/${ICA}4 PL.01.08.crt" "${P}61/${ICA}3 PL.01.08.crt" "${P}61/${ICA}2 PL.01.08.crt" "${P}61/${ICA}1 PL.01.08.crt" "${P}61/${ROOT}CP.01.01.crt"
-run_test 62 0 "${P}62/${END}PL.01.09.crt" "${P}62/${ICA}4 PL.01.09.crt" "${P}62/${ICA}3 PL.01.09.crt" "${P}62/${ICA}2 PL.01.09.crt" "${P}62/${ICA}1 PL.01.09.crt" "${P}62/${ROOT}CP.01.01.crt"
-run_test 63 0 "${P}63/${END}PL.01.10.crt" "${P}63/${ICA}4 PL.01.10.crt" "${P}63/${ICA}3 PL.01.10.crt" "${P}63/${ICA}2 PL.01.10.crt" "${P}63/${ICA}1 PL.01.10.crt" "${P}63/${ROOT}CP.01.01.crt"
-
-
-echo "Successful tests:$SUCCESS"
-echo "Failed tests:$FAILURE"
diff --git a/tests/test_x509v3_nist2.sh b/tests/test_x509v3_nist2.sh
deleted file mode 100755
index ec34a8b37a2a..000000000000
--- a/tests/test_x509v3_nist2.sh
+++ /dev/null
@@ -1,177 +0,0 @@
-#!/bin/bash
-
-# Public Key Interoperability Test Suite (PKITS)
-# http://csrc.nist.gov/pki/testing/x509paths.html
-# http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKITS_data.zip
-
-if [ -z "$1" ]; then
-    echo "usage: $0 <path to root test directory>"
-    exit 1
-fi
-
-TESTS=$1
-
-if [ ! -d $TESTS ]; then
-    echo "Not a directory: $TESTS"
-    exit 1
-fi
-
-X509TEST="$PWD/test-x509v3 -v"
-TMPOUT="$PWD/test_x509v3_nist2.out"
-
-# TODO: add support for validating CRLs
-
-SUCCESS=""
-FAILURE=""
-
-function run_test
-{
-    NUM=$1
-    RES=$2
-    shift 2
-    $X509TEST "$@" TrustAnchorRootCertificate.crt > $TMPOUT.$NUM
-    VALRES=$?
-    OK=0
-    if [ $RES -eq 0 ]; then
-	# expecting success
-	if [ $VALRES -eq 0 ]; then
-	    OK=1
-	else
-	    echo "$NUM failed - expected validation success"
-	    OK=0
-	fi
-    else
-	# expecting failure
-	if [ $VALRES -eq 0 ]; then
-	    echo "$NUM failed - expected validation failure"
-	    OK=0
-	else
-	    REASON=`grep "Certificate chain validation failed: " $TMPOUT.$NUM`
-	    if [ $? -eq 0 ]; then
-		REASONNUM=`echo "$REASON" | colrm 1 37`
-		if [ $REASONNUM -eq $RES ]; then
-		    OK=1
-		else
-		    echo "$NUM failed - expected validation result $RES; result was $REASONNUM"
-		    OK=0
-		fi
-	    else
-		if [ $RES -eq -1 ]; then
-		    if grep -q "Failed to parse X.509 certificate" $TMPOUT.$NUM; then
-			OK=1
-		    else
-			echo "$NUM failed - expected parsing failure; other type of error detected"
-			OK=0
-		    fi
-		else
-		    echo "$NUM failed - expected validation failure; other type of error detected"
-		    OK=0
-		fi
-	    fi
-	fi
-    fi
-    if [ $OK -eq 1 ]; then
-	rm $TMPOUT.$NUM
-	SUCCESS="$SUCCESS $NUM"
-    else
-	FAILURE="$FAILURE $NUM"
-    fi
-}
-
-pushd $TESTS/certs
-
-run_test 4.1.1 0 ValidCertificatePathTest1EE.crt GoodCACert.crt
-run_test 4.1.2 1 InvalidCASignatureTest2EE.crt BadSignedCACert.crt
-run_test 4.1.3 1 InvalidEESignatureTest3EE.crt GoodCACert.crt
-
-run_test 4.2.1 4 InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt
-run_test 4.2.2 4 InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt
-run_test 4.2.3 0 Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt
-run_test 4.2.4 0 ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt
-run_test 4.2.5 4 InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt
-run_test 4.2.6 4 InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt
-run_test 4.2.7 4 Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt
-run_test 4.2.8 0 ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt
-
-run_test 4.3.1 5 InvalidNameChainingTest1EE.crt GoodCACert.crt
-run_test 4.3.2 5 InvalidNameChainingOrderTest2EE.crt NameOrderingCACert.crt
-run_test 4.3.3 0 ValidNameChainingWhitespaceTest3EE.crt GoodCACert.crt
-run_test 4.3.4 0 ValidNameChainingWhitespaceTest4EE.crt GoodCACert.crt
-run_test 4.3.5 0 ValidNameChainingCapitalizationTest5EE.crt GoodCACert.crt
-run_test 4.3.6 0 ValidNameUIDsTest6EE.crt UIDCACert.crt
-run_test 4.3.7 0 ValidRFC3280MandatoryAttributeTypesTest7EE.crt RFC3280MandatoryAttributeTypesCACert.crt
-run_test 4.3.8 0 ValidRFC3280OptionalAttributeTypesTest8EE.crt RFC3280OptionalAttributeTypesCACert.crt
-run_test 4.3.9 0 ValidUTF8StringEncodedNamesTest9EE.crt UTF8StringEncodedNamesCACert.crt
-run_test 4.3.10 0 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt RolloverfromPrintableStringtoUTF8StringCACert.crt
-run_test 4.3.11 0 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt UTF8StringCaseInsensitiveMatchCACert.crt
-
-run_test 4.4.1 1 InvalidMissingCRLTest1EE.crt NoCRLCACert.crt
-# skip rest of 4.4.x tests since CRLs are not yet supported
-
-run_test 4.5.1 0 ValidBasicSelfIssuedOldWithNewTest1EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt
-run_test 4.5.2 3 InvalidBasicSelfIssuedOldWithNewTest2EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt
-run_test 4.5.3 0 ValidBasicSelfIssuedNewWithOldTest3EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt
-run_test 4.5.4 0 ValidBasicSelfIssuedNewWithOldTest4EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt
-run_test 4.5.5 3 InvalidBasicSelfIssuedNewWithOldTest5EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt
-run_test 4.5.6 0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt
-run_test 4.5.7 3 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt
-run_test 4.5.8 1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt
-
-run_test 4.6.1 1 InvalidMissingbasicConstraintsTest1EE.crt MissingbasicConstraintsCACert.crt
-run_test 4.6.2 1 InvalidcAFalseTest2EE.crt basicConstraintsCriticalcAFalseCACert.crt
-run_test 4.6.3 1 InvalidcAFalseTest3EE.crt basicConstraintsNotCriticalcAFalseCACert.crt
-run_test 4.6.4 0 ValidbasicConstraintsNotCriticalTest4EE.crt basicConstraintsNotCriticalCACert.crt
-run_test 4.6.5 1 InvalidpathLenConstraintTest5EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt
-run_test 4.6.6 1 InvalidpathLenConstraintTest6EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt
-run_test 4.6.7 0 ValidpathLenConstraintTest7EE.crt pathLenConstraint0CACert.crt
-run_test 4.6.8 0 ValidpathLenConstraintTest8EE.crt pathLenConstraint0CACert.crt
-run_test 4.6.9 1 InvalidpathLenConstraintTest9EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt
-run_test 4.6.10 1 InvalidpathLenConstraintTest10EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt
-run_test 4.6.11 1 InvalidpathLenConstraintTest11EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt
-run_test 4.6.12 1 InvalidpathLenConstraintTest12EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt
-run_test 4.6.13 0 ValidpathLenConstraintTest13EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt
-run_test 4.6.14 0 ValidpathLenConstraintTest14EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt
-run_test 4.6.15 0 ValidSelfIssuedpathLenConstraintTest15EE.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt
-run_test 4.6.16 1 InvalidSelfIssuedpathLenConstraintTest16EE.crt pathLenConstraint0subCA2Cert.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt
-run_test 4.6.17 0 ValidSelfIssuedpathLenConstraintTest17EE.crt pathLenConstraint1SelfIssuedsubCACert.crt pathLenConstraint1subCACert.crt pathLenConstraint1SelfIssuedCACert.crt pathLenConstraint1CACert.crt
-
-run_test 4.7.1 1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt keyUsageCriticalkeyCertSignFalseCACert.crt
-run_test 4.7.2 1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt keyUsageNotCriticalkeyCertSignFalseCACert.crt
-run_test 4.7.3 0 ValidkeyUsageNotCriticalTest3EE.crt keyUsageNotCriticalCACert.crt
-run_test 4.7.4 1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt keyUsageCriticalcRLSignFalseCACert.crt
-run_test 4.7.5 1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt keyUsageNotCriticalcRLSignFalseCACert.crt
-
-run_test 4.8.1 0 ValidCertificatePathTest1EE.crt GoodCACert.crt
-run_test 4.8.2 0 AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt
-run_test 4.8.3 0 DifferentPoliciesTest3EE.crt PoliciesP2subCACert.crt GoodCACert.crt
-run_test 4.8.4 0 DifferentPoliciesTest4EE.crt GoodsubCACert.crt GoodCACert.crt
-run_test 4.8.5 0 DifferentPoliciesTest5EE.crt PoliciesP2subCA2Cert.crt GoodCACert.crt
-run_test 4.8.6 0 OverlappingPoliciesTest6EE.crt PoliciesP1234subsubCAP123P12Cert.crt PoliciesP1234subCAP123Cert.crt PoliciesP1234CACert.crt
-run_test 4.8.7 0 DifferentPoliciesTest7EE.crt PoliciesP123subsubCAP12P1Cert.crt PoliciesP123subCAP12Cert.crt PoliciesP123CACert.crt
-run_test 4.8.8 0 DifferentPoliciesTest8EE.crt PoliciesP12subsubCAP1P2Cert.crt PoliciesP12subCAP1Cert.crt PoliciesP12CACert.crt
-run_test 4.8.9 0 DifferentPoliciesTest9EE.crt PoliciesP123subsubsubCAP12P2P1Cert.crt PoliciesP123subsubCAP12P2Cert.crt PoliciesP123subCAP12Cert.crt PoliciesP123CACert.crt
-run_test 4.8.10 0 AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt
-run_test 4.8.11 0 AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt
-run_test 4.8.12 0 DifferentPoliciesTest12EE.crt PoliciesP3CACert.crt
-run_test 4.8.13 0 AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt
-run_test 4.8.14 0 AnyPolicyTest14EE.crt anyPolicyCACert.crt
-run_test 4.8.15 0 UserNoticeQualifierTest15EE.crt
-run_test 4.8.16 0 UserNoticeQualifierTest16EE.crt GoodCACert.crt
-run_test 4.8.17 0 UserNoticeQualifierTest17EE.crt GoodCACert.crt
-run_test 4.8.18 0 UserNoticeQualifierTest18EE.crt PoliciesP12CACert.crt
-run_test 4.8.19 0 UserNoticeQualifierTest19EE.crt TrustAnchorRootCertificate.crt
-run_test 4.8.20 0 CPSPointerQualifierTest20EE.crt GoodCACert.crt
-
-run_test 4.16.1 0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
-run_test 4.16.2 -1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
-
-if false; then
-# DSA tests
-run_test 4.1.4 0 ValidDSASignaturesTest4EE.crt DSACACert.crt
-fi
-
-popd
-
-
-echo "Successful tests:$SUCCESS"
-echo "Failed tests:$FAILURE"
diff --git a/wlantest/.gitignore b/wlantest/.gitignore
deleted file mode 100644
index 7ffabe601bb8..000000000000
--- a/wlantest/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-libwlantest.a
-test_vectors
-wlantest
-wlantest_cli
diff --git a/wlantest/Makefile b/wlantest/Makefile
deleted file mode 100644
index 1eba3cec9fd5..000000000000
--- a/wlantest/Makefile
+++ /dev/null
@@ -1,88 +0,0 @@
-ALL=wlantest wlantest_cli test_vectors
-
-include ../src/build.rules
-
-UNAME := $(shell uname -s)
-
-CFLAGS += -I.
-CFLAGS += -I../src
-CFLAGS += -I../src/utils
-
-ifneq ($(UNAME),Darwin)
-# glibc < 2.17 needs -lrt for clock_gettime()
-LIBS += -lrt
-endif
-
-OWN_LIBS += ../src/utils/libutils.a
-OWN_LIBS += ../src/crypto/libcrypto.a
-
-CFLAGS += -DCONFIG_OCV
-CFLAGS += -DCONFIG_IEEE80211R
-CFLAGS += -DCONFIG_HS20
-CFLAGS += -DCONFIG_DEBUG_FILE
-CFLAGS += -DCONFIG_FILS
-CFLAGS += -DCONFIG_SAE
-CFLAGS += -DCONFIG_OWE
-CFLAGS += -DCONFIG_DPP
-CFLAGS += -DCONFIG_SHA384
-CFLAGS += -DCONFIG_PASN
-
-OBJS += ../src/common/ieee802_11_common.o
-OBJS += ../src/common/wpa_common.o
-OBJS += ../src/radius/radius.o
-OBJS += ../src/rsn_supp/wpa_ie.o
-
-OBJS += wlantest.o
-OBJS += readpcap.o
-OBJS += writepcap.o
-OBJS += monitor.o
-OBJS += process.o
-OBJS += wired.o
-OBJS += rx_mgmt.o
-OBJS += rx_data.o
-OBJS += rx_eapol.o
-OBJS += rx_ip.o
-OBJS += rx_tdls.o
-OBJS += bss.o
-OBJS += sta.o
-OBJS += ccmp.o
-OBJS += tkip.o
-OBJS += ctrl.o
-OBJS += inject.o
-OBJS += wep.o
-OBJS += bip.o
-OBJS += gcmp.o
-
-LIBS += -lpcap
-
-TOBJS += test_vectors.o
-TOBJS += ccmp.o
-TOBJS += tkip.o
-TOBJS += wep.o
-TOBJS += bip.o
-TOBJS += gcmp.o
-
-
-OBJS_cli = wlantest_cli.o
-OBJS_cli += ../src/common/cli.o
-
-_OBJS_VAR := OBJS
-include ../src/objs.mk
-_OBJS_VAR := TOBJS
-include ../src/objs.mk
-_OBJS_VAR := OBJS_cli
-include ../src/objs.mk
-_OBJS_VAR := OWN_LIBS
-include ../src/objs.mk
-
-wlantest: $(OBJS) $(OWN_LIBS)
-	$(LDO) $(LDFLAGS) -o wlantest $(OBJS) $(OWN_LIBS) $(LIBS)
-
-wlantest_cli: $(OBJS_cli) $(OWN_LIBS)
-	$(LDO) $(LDFLAGS) -o wlantest_cli $(OBJS_cli) $(OWN_LIBS) $(LIBS)
-
-test_vectors: $(TOBJS) $(OWN_LIBS)
-	$(LDO) $(LDFLAGS) -o test_vectors $(TOBJS) $(OWN_LIBS) $(LIBS)
-
-clean: common-clean
-	rm -f core *~
diff --git a/wlantest/bip.c b/wlantest/bip.c
deleted file mode 100644
index c73a15c98aab..000000000000
--- a/wlantest/bip.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * BIP
- * Copyright (c) 2010-2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/ieee802_11_defs.h"
-#include "crypto/aes_wrap.h"
-#include "wlantest.h"
-
-
-u8 * bip_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len,
-		 u8 *ipn, int keyid, size_t *prot_len)
-{
-	u8 *prot, *pos, *buf;
-	u8 mic[16];
-	u16 fc;
-	struct ieee80211_hdr *hdr;
-	size_t plen;
-
-	plen = len + (igtk_len == 32 ? 26 : 18);
-	prot = os_malloc(plen);
-	if (prot == NULL)
-		return NULL;
-	os_memcpy(prot, frame, len);
-	pos = prot + len;
-	*pos++ = WLAN_EID_MMIE;
-	*pos++ = igtk_len == 32 ? 24 : 16;
-	WPA_PUT_LE16(pos, keyid);
-	pos += 2;
-	os_memcpy(pos, ipn, 6);
-	pos += 6;
-	os_memset(pos, 0, igtk_len == 32 ? 16 : 8); /* MIC */
-
-	buf = os_malloc(plen + 20 - 24);
-	if (buf == NULL) {
-		os_free(prot);
-		return NULL;
-	}
-
-	/* BIP AAD: FC(masked) A1 A2 A3 */
-	hdr = (struct ieee80211_hdr *) frame;
-	fc = le_to_host16(hdr->frame_control);
-	fc &= ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT | WLAN_FC_MOREDATA);
-	WPA_PUT_LE16(buf, fc);
-	os_memcpy(buf + 2, hdr->addr1, 3 * ETH_ALEN);
-	os_memcpy(buf + 20, prot + 24, plen - 24);
-	wpa_hexdump(MSG_MSGDUMP, "BIP: AAD|Body(masked)", buf, plen + 20 - 24);
-	/* MIC = L(AES-128-CMAC(AAD || Frame Body(masked)), 0, 64) */
-	if (omac1_aes_128(igtk, buf, plen + 20 - 24, mic) < 0) {
-		os_free(prot);
-		os_free(buf);
-		return NULL;
-	}
-	os_free(buf);
-
-	os_memcpy(pos, mic, igtk_len == 32 ? 16 : 8);
-	wpa_hexdump(MSG_DEBUG, "BIP MMIE MIC", pos, igtk_len == 32 ? 16 : 8);
-
-	*prot_len = plen;
-	return prot;
-}
-
-
-u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len,
-		      u8 *ipn, int keyid, size_t *prot_len)
-{
-	u8 *prot, *pos, *buf;
-	u16 fc;
-	struct ieee80211_hdr *hdr;
-	size_t plen;
-	u8 nonce[12], *npos;
-
-	plen = len + 26;
-	prot = os_malloc(plen);
-	if (prot == NULL)
-		return NULL;
-	os_memcpy(prot, frame, len);
-	pos = prot + len;
-	*pos++ = WLAN_EID_MMIE;
-	*pos++ = 24;
-	WPA_PUT_LE16(pos, keyid);
-	pos += 2;
-	os_memcpy(pos, ipn, 6);
-	pos += 6;
-	os_memset(pos, 0, 16); /* MIC */
-
-	buf = os_malloc(plen + 20 - 24);
-	if (buf == NULL) {
-		os_free(prot);
-		return NULL;
-	}
-
-	/* BIP AAD: FC(masked) A1 A2 A3 */
-	hdr = (struct ieee80211_hdr *) frame;
-	fc = le_to_host16(hdr->frame_control);
-	fc &= ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT | WLAN_FC_MOREDATA);
-	WPA_PUT_LE16(buf, fc);
-	os_memcpy(buf + 2, hdr->addr1, 3 * ETH_ALEN);
-	os_memcpy(buf + 20, prot + 24, plen - 24);
-	wpa_hexdump(MSG_MSGDUMP, "BIP-GMAC: AAD|Body(masked)",
-		    buf, plen + 20 - 24);
-
-	/* Nonce: A2 | IPN */
-	os_memcpy(nonce, hdr->addr2, ETH_ALEN);
-	npos = nonce + ETH_ALEN;
-	*npos++ = ipn[5];
-	*npos++ = ipn[4];
-	*npos++ = ipn[3];
-	*npos++ = ipn[2];
-	*npos++ = ipn[1];
-	*npos++ = ipn[0];
-	wpa_hexdump(MSG_EXCESSIVE, "BIP-GMAC: Nonce", nonce, sizeof(nonce));
-
-	/* MIC = AES-GMAC(AAD || Frame Body(masked)) */
-	if (aes_gmac(igtk, igtk_len, nonce, sizeof(nonce),
-		     buf, plen + 20 - 24, pos) < 0) {
-		os_free(prot);
-		os_free(buf);
-		return NULL;
-	}
-	os_free(buf);
-
-	wpa_hexdump(MSG_DEBUG, "BIP-GMAC MMIE MIC", pos, 16);
-
-	*prot_len = plen;
-	return prot;
-}
diff --git a/wlantest/bss.c b/wlantest/bss.c
deleted file mode 100644
index 4fc0b17a7bdd..000000000000
--- a/wlantest/bss.c
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
- * BSS list
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/defs.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "crypto/sha1.h"
-#include "wlantest.h"
-
-
-struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid)
-{
-	struct wlantest_bss *bss;
-
-	dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
-		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
-			return bss;
-	}
-
-	return NULL;
-}
-
-
-struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid)
-{
-	struct wlantest_bss *bss;
-
-	if (bssid[0] & 0x01)
-		return NULL; /* Skip group addressed frames */
-
-	bss = bss_find(wt, bssid);
-	if (bss)
-		return bss;
-
-	bss = os_zalloc(sizeof(*bss));
-	if (bss == NULL)
-		return NULL;
-	dl_list_init(&bss->sta);
-	dl_list_init(&bss->pmk);
-	dl_list_init(&bss->tdls);
-	os_memcpy(bss->bssid, bssid, ETH_ALEN);
-	dl_list_add(&wt->bss, &bss->list);
-	wpa_printf(MSG_DEBUG, "Discovered new BSS - " MACSTR,
-		   MAC2STR(bss->bssid));
-	return bss;
-}
-
-
-void pmk_deinit(struct wlantest_pmk *pmk)
-{
-	dl_list_del(&pmk->list);
-	os_free(pmk);
-}
-
-
-void tdls_deinit(struct wlantest_tdls *tdls)
-{
-	dl_list_del(&tdls->list);
-	os_free(tdls);
-}
-
-
-void bss_deinit(struct wlantest_bss *bss)
-{
-	struct wlantest_sta *sta, *n;
-	struct wlantest_pmk *pmk, *np;
-	struct wlantest_tdls *tdls, *nt;
-	dl_list_for_each_safe(sta, n, &bss->sta, struct wlantest_sta, list)
-		sta_deinit(sta);
-	dl_list_for_each_safe(pmk, np, &bss->pmk, struct wlantest_pmk, list)
-		pmk_deinit(pmk);
-	dl_list_for_each_safe(tdls, nt, &bss->tdls, struct wlantest_tdls, list)
-		tdls_deinit(tdls);
-	dl_list_del(&bss->list);
-	os_free(bss);
-}
-
-
-int bss_add_pmk_from_passphrase(struct wlantest_bss *bss,
-				const char *passphrase)
-{
-	struct wlantest_pmk *pmk;
-
-	pmk = os_zalloc(sizeof(*pmk));
-	if (pmk == NULL)
-		return -1;
-	if (pbkdf2_sha1(passphrase, bss->ssid, bss->ssid_len, 4096,
-			pmk->pmk, PMK_LEN) < 0) {
-		os_free(pmk);
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "Add possible PMK for BSSID " MACSTR
-		   " based on passphrase '%s'",
-		   MAC2STR(bss->bssid), passphrase);
-	wpa_hexdump(MSG_DEBUG, "Possible PMK", pmk->pmk, PMK_LEN);
-	pmk->pmk_len = PMK_LEN;
-	dl_list_add(&bss->pmk, &pmk->list);
-
-	return 0;
-}
-
-
-static void bss_add_pmk(struct wlantest *wt, struct wlantest_bss *bss)
-{
-	struct wlantest_passphrase *p;
-
-	dl_list_for_each(p, &wt->passphrase, struct wlantest_passphrase, list)
-	{
-		if (!is_zero_ether_addr(p->bssid) &&
-		    os_memcmp(p->bssid, bss->bssid, ETH_ALEN) != 0)
-			continue;
-		if (p->ssid_len &&
-		    (p->ssid_len != bss->ssid_len ||
-		     os_memcmp(p->ssid, bss->ssid, p->ssid_len) != 0))
-			continue;
-
-		if (bss_add_pmk_from_passphrase(bss, p->passphrase) < 0)
-			break;
-	}
-}
-
-
-void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
-		struct ieee802_11_elems *elems, int beacon)
-{
-	struct wpa_ie_data data;
-	int update = 0;
-
-	if (bss->capab_info != bss->prev_capab_info)
-		update = 1;
-
-	if (beacon && (!elems->ssid || elems->ssid_len > 32)) {
-		wpa_printf(MSG_INFO,
-			   "Invalid or missing SSID in a %s frame for " MACSTR,
-			   beacon == 1 ? "Beacon" : "Probe Response",
-			   MAC2STR(bss->bssid));
-		bss->parse_error_reported = 1;
-		return;
-	}
-
-	if (beacon &&
-	    (bss->ssid_len != elems->ssid_len ||
-	     os_memcmp(bss->ssid, elems->ssid, bss->ssid_len) != 0)) {
-		wpa_printf(MSG_DEBUG, "Store SSID '%s' for BSSID " MACSTR,
-			   wpa_ssid_txt(elems->ssid, elems->ssid_len),
-			   MAC2STR(bss->bssid));
-		os_memcpy(bss->ssid, elems->ssid, elems->ssid_len);
-		bss->ssid_len = elems->ssid_len;
-		bss_add_pmk(wt, bss);
-	}
-
-	if (elems->osen == NULL) {
-		if (bss->osenie[0]) {
-			add_note(wt, MSG_INFO, "BSS " MACSTR
-				 " - OSEN IE removed", MAC2STR(bss->bssid));
-			bss->rsnie[0] = 0;
-			update = 1;
-		}
-	} else {
-		if (bss->osenie[0] == 0 ||
-		    os_memcmp(bss->osenie, elems->osen - 2,
-			      elems->osen_len + 2) != 0) {
-			wpa_printf(MSG_INFO, "BSS " MACSTR " - OSEN IE "
-				   "stored", MAC2STR(bss->bssid));
-			wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
-				    elems->osen_len + 2);
-			update = 1;
-		}
-		os_memcpy(bss->osenie, elems->osen - 2,
-			  elems->osen_len + 2);
-	}
-
-	/* S1G does not include RSNE in beacon, so only clear it from
-	 * Probe Response frames. Note this assumes short beacons were dropped
-	 * due to missing SSID above.
-	 */
-	if (!elems->rsn_ie && (!elems->s1g_capab || beacon != 1)) {
-		if (bss->rsnie[0]) {
-			add_note(wt, MSG_INFO, "BSS " MACSTR
-				 " - RSN IE removed", MAC2STR(bss->bssid));
-			bss->rsnie[0] = 0;
-			update = 1;
-		}
-	} else if (elems->rsn_ie) {
-		if (bss->rsnie[0] == 0 ||
-		    os_memcmp(bss->rsnie, elems->rsn_ie - 2,
-			      elems->rsn_ie_len + 2) != 0) {
-			wpa_printf(MSG_INFO, "BSS " MACSTR " - RSN IE "
-				   "stored", MAC2STR(bss->bssid));
-			wpa_hexdump(MSG_DEBUG, "RSN IE", elems->rsn_ie - 2,
-				    elems->rsn_ie_len + 2);
-			update = 1;
-		}
-		os_memcpy(bss->rsnie, elems->rsn_ie - 2,
-			  elems->rsn_ie_len + 2);
-	}
-
-	if (elems->wpa_ie == NULL) {
-		if (bss->wpaie[0]) {
-			add_note(wt, MSG_INFO, "BSS " MACSTR
-				 " - WPA IE removed", MAC2STR(bss->bssid));
-			bss->wpaie[0] = 0;
-			update = 1;
-		}
-	} else {
-		if (bss->wpaie[0] == 0 ||
-		    os_memcmp(bss->wpaie, elems->wpa_ie - 2,
-			      elems->wpa_ie_len + 2) != 0) {
-			wpa_printf(MSG_INFO, "BSS " MACSTR " - WPA IE "
-				   "stored", MAC2STR(bss->bssid));
-			wpa_hexdump(MSG_DEBUG, "WPA IE", elems->wpa_ie - 2,
-				    elems->wpa_ie_len + 2);
-			update = 1;
-		}
-		os_memcpy(bss->wpaie, elems->wpa_ie - 2,
-			  elems->wpa_ie_len + 2);
-	}
-
-	if (elems->mdie)
-		os_memcpy(bss->mdid, elems->mdie, 2);
-
-	bss->mesh = elems->mesh_id != NULL;
-
-	if (!update)
-		return;
-
-	if (beacon == 1)
-		bss->beacon_seen = 1;
-	else if (beacon == 2)
-		bss->proberesp_seen = 1;
-	bss->ies_set = 1;
-	bss->prev_capab_info = bss->capab_info;
-	bss->proto = 0;
-	bss->pairwise_cipher = 0;
-	bss->group_cipher = 0;
-	bss->key_mgmt = 0;
-	bss->rsn_capab = 0;
-	bss->mgmt_group_cipher = 0;
-
-	if (bss->wpaie[0]) {
-		if (wpa_parse_wpa_ie_wpa(bss->wpaie, 2 + bss->wpaie[1], &data)
-		    < 0) {
-			add_note(wt, MSG_INFO, "Failed to parse WPA IE from "
-				 MACSTR, MAC2STR(bss->bssid));
-		} else {
-			bss->proto |= data.proto;
-			bss->pairwise_cipher |= data.pairwise_cipher;
-			bss->group_cipher |= data.group_cipher;
-			bss->key_mgmt |= data.key_mgmt;
-			bss->rsn_capab = data.capabilities;
-			bss->mgmt_group_cipher |= data.mgmt_group_cipher;
-		}
-	}
-
-	if (bss->rsnie[0]) {
-		if (wpa_parse_wpa_ie_rsn(bss->rsnie, 2 + bss->rsnie[1], &data)
-		    < 0) {
-			add_note(wt, MSG_INFO, "Failed to parse RSN IE from "
-				 MACSTR, MAC2STR(bss->bssid));
-		} else {
-			bss->proto |= data.proto;
-			bss->pairwise_cipher |= data.pairwise_cipher;
-			bss->group_cipher |= data.group_cipher;
-			bss->key_mgmt |= data.key_mgmt;
-			bss->rsn_capab = data.capabilities;
-			bss->mgmt_group_cipher |= data.mgmt_group_cipher;
-		}
-	}
-
-	if (bss->osenie[0]) {
-		bss->proto |= WPA_PROTO_OSEN;
-		bss->pairwise_cipher |= WPA_CIPHER_CCMP;
-		bss->group_cipher |= WPA_CIPHER_CCMP;
-		bss->key_mgmt |= WPA_KEY_MGMT_OSEN;
-	}
-
-	if (!(bss->proto & WPA_PROTO_RSN) ||
-	    !(bss->rsn_capab & WPA_CAPABILITY_MFPC))
-		bss->mgmt_group_cipher = 0;
-
-	if (!bss->wpaie[0] && !bss->rsnie[0] && !bss->osenie[0] &&
-	    (bss->capab_info & WLAN_CAPABILITY_PRIVACY))
-		bss->group_cipher = WPA_CIPHER_WEP40;
-
-	wpa_printf(MSG_INFO, "BSS " MACSTR
-		   " proto=%s%s%s%s"
-		   "pairwise=%s%s%s%s%s%s%s"
-		   "group=%s%s%s%s%s%s%s%s%s"
-		   "mgmt_group_cipher=%s%s%s%s%s"
-		   "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
-		   "rsn_capab=%s%s%s%s%s%s%s%s%s%s",
-		   MAC2STR(bss->bssid),
-		   bss->proto == 0 ? "OPEN " : "",
-		   bss->proto & WPA_PROTO_WPA ? "WPA " : "",
-		   bss->proto & WPA_PROTO_RSN ? "WPA2 " : "",
-		   bss->proto & WPA_PROTO_OSEN ? "OSEN " : "",
-		   bss->pairwise_cipher == 0 ? "N/A " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_CCMP ? "CCMP " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_CCMP_256 ? "CCMP-256 " :
-		   "",
-		   bss->pairwise_cipher & WPA_CIPHER_GCMP ? "GCMP " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_GCMP_256 ? "GCMP-256 " :
-		   "",
-		   bss->group_cipher == 0 ? "N/A " : "",
-		   bss->group_cipher & WPA_CIPHER_NONE ? "NONE " : "",
-		   bss->group_cipher & WPA_CIPHER_WEP40 ? "WEP40 " : "",
-		   bss->group_cipher & WPA_CIPHER_WEP104 ? "WEP104 " : "",
-		   bss->group_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
-		   bss->group_cipher & WPA_CIPHER_CCMP ? "CCMP " : "",
-		   bss->group_cipher & WPA_CIPHER_CCMP_256 ? "CCMP-256 " : "",
-		   bss->group_cipher & WPA_CIPHER_GCMP ? "GCMP " : "",
-		   bss->group_cipher & WPA_CIPHER_GCMP_256 ? "GCMP-256 " : "",
-		   bss->mgmt_group_cipher == 0 ? "N/A " : "",
-		   bss->mgmt_group_cipher & WPA_CIPHER_AES_128_CMAC ?
-		   "BIP " : "",
-		   bss->mgmt_group_cipher & WPA_CIPHER_BIP_GMAC_128 ?
-		   "BIP-GMAC-128 " : "",
-		   bss->mgmt_group_cipher & WPA_CIPHER_BIP_GMAC_256 ?
-		   "BIP-GMAC-256 " : "",
-		   bss->mgmt_group_cipher & WPA_CIPHER_BIP_CMAC_256 ?
-		   "BIP-CMAC-256 " : "",
-		   bss->key_mgmt == 0 ? "N/A " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X ? "EAP " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_PSK ? "PSK " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_WPA_NONE ? "WPA-NONE " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X ? "FT-EAP " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_FT_PSK ? "FT-PSK " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256 ?
-		   "EAP-SHA256 " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
-		   "PSK-SHA256 " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_OWE ? "OWE " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_PASN ? "PASN " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_DPP ? "DPP " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B ?
-		   "EAP-SUITE-B " : "",
-		   bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ?
-		   "EAP-SUITE-B-192 " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
-		   "NO_PAIRWISE " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_MFPR ? "MFPR " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_MFPC ? "MFPC " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_PEERKEY_ENABLED ?
-		   "PEERKEY " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_SPP_A_MSDU_CAPABLE ?
-		   "SPP-A-MSDU-CAPAB " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_SPP_A_MSDU_REQUIRED ?
-		   "SPP-A-MSDU-REQUIRED " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_PBAC ? "PBAC " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_OCVC ? "OCVC " : "",
-		   bss->rsn_capab & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST ?
-		   "ExtKeyID " : "");
-}
-
-
-void bss_flush(struct wlantest *wt)
-{
-	struct wlantest_bss *bss, *n;
-	dl_list_for_each_safe(bss, n, &wt->bss, struct wlantest_bss, list)
-		bss_deinit(bss);
-}
diff --git a/wlantest/ccmp.c b/wlantest/ccmp.c
deleted file mode 100644
index 5d393d43dd24..000000000000
--- a/wlantest/ccmp.c
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- * CTR with CBC-MAC Protocol (CCMP)
- * Copyright (c) 2010-2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/ieee802_11_defs.h"
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
-#include "wlantest.h"
-
-
-static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
-			   u8 *aad, size_t *aad_len, u8 *nonce)
-{
-	u16 fc, stype, seq;
-	int qos = 0, addr4 = 0;
-	u8 *pos;
-
-	nonce[0] = 0;
-
-	fc = le_to_host16(hdr->frame_control);
-	stype = WLAN_FC_GET_STYPE(fc);
-	if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-	    (WLAN_FC_TODS | WLAN_FC_FROMDS))
-		addr4 = 1;
-
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) {
-		fc &= ~0x0070; /* Mask subtype bits */
-		if (stype & 0x08) {
-			const u8 *qc;
-			qos = 1;
-			fc &= ~WLAN_FC_HTC;
-			qc = (const u8 *) (hdr + 1);
-			if (addr4)
-				qc += ETH_ALEN;
-			nonce[0] = qc[0] & 0x0f;
-		}
-	} else if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
-		nonce[0] |= 0x10; /* Management */
-
-	fc &= ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT | WLAN_FC_MOREDATA);
-	fc |= WLAN_FC_ISWEP;
-	WPA_PUT_LE16(aad, fc);
-	pos = aad + 2;
-	os_memcpy(pos, hdr->addr1, 3 * ETH_ALEN);
-	pos += 3 * ETH_ALEN;
-	seq = le_to_host16(hdr->seq_ctrl);
-	seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */
-	WPA_PUT_LE16(pos, seq);
-	pos += 2;
-
-	os_memcpy(pos, hdr + 1, addr4 * ETH_ALEN + qos * 2);
-	pos += addr4 * ETH_ALEN;
-	if (qos) {
-		pos[0] &= ~0x70;
-		if (1 /* FIX: either device has SPP A-MSDU Capab = 0 */)
-			pos[0] &= ~0x80;
-		pos++;
-		*pos++ = 0x00;
-	}
-
-	*aad_len = pos - aad;
-
-	os_memcpy(nonce + 1, hdr->addr2, ETH_ALEN);
-	nonce[7] = data[7]; /* PN5 */
-	nonce[8] = data[6]; /* PN4 */
-	nonce[9] = data[5]; /* PN3 */
-	nonce[10] = data[4]; /* PN2 */
-	nonce[11] = data[1]; /* PN1 */
-	nonce[12] = data[0]; /* PN0 */
-}
-
-
-static void ccmp_aad_nonce_pv1(const u8 *hdr, const u8 *a1, const u8 *a2,
-			       const u8 *a3, const u8 *pn,
-			       u8 *aad, size_t *aad_len, u8 *nonce)
-{
-	u16 fc, type;
-	u8 *pos;
-
-	nonce[0] = BIT(5); /* PV1 */
-	/* TODO: Priority for QMF; 0 is used for Data frames */
-
-	fc = WPA_GET_LE16(hdr);
-	type = (fc & (BIT(2) | BIT(3) | BIT(4))) >> 2;
-
-	if (type == 1)
-		nonce[0] |= 0x10; /* Management */
-
-	fc &= ~(BIT(10) | BIT(11) | BIT(13) | BIT(14) | BIT(15));
-	fc |= BIT(12);
-	WPA_PUT_LE16(aad, fc);
-	pos = aad + 2;
-	if (type == 0 || type == 3) {
-		const u8 *sc;
-
-		os_memcpy(pos, a1, ETH_ALEN);
-		pos += ETH_ALEN;
-		os_memcpy(pos, a2, ETH_ALEN);
-		pos += ETH_ALEN;
-
-		if (type == 0) {
-			/* Either A1 or A2 contains SID */
-			sc = hdr + 2 + 2 + ETH_ALEN;
-		} else {
-			/* Both A1 and A2 contain full addresses */
-			sc = hdr + 2 + 2 * ETH_ALEN;
-		}
-		/* SC with Sequence Number subfield (bits 4-15 of the Sequence
-		 * Control field) masked to 0. */
-		*pos++ = *sc & 0x0f;
-		*pos++ = 0;
-
-		if (a3) {
-			os_memcpy(pos, a3, ETH_ALEN);
-			pos += ETH_ALEN;
-		}
-	}
-
-	*aad_len = pos - aad;
-
-	os_memcpy(nonce + 1, a2, ETH_ALEN);
-	nonce[7] = pn[5]; /* PN5 */
-	nonce[8] = pn[4]; /* PN4 */
-	nonce[9] = pn[3]; /* PN3 */
-	nonce[10] = pn[2]; /* PN2 */
-	nonce[11] = pn[1]; /* PN1 */
-	nonce[12] = pn[0]; /* PN0 */
-}
-
-
-u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
-		  const u8 *data, size_t data_len, size_t *decrypted_len)
-{
-	u8 aad[30], nonce[13];
-	size_t aad_len;
-	size_t mlen;
-	u8 *plain;
-
-	if (data_len < 8 + 8)
-		return NULL;
-
-	plain = os_malloc(data_len + AES_BLOCK_SIZE);
-	if (plain == NULL)
-		return NULL;
-
-	mlen = data_len - 8 - 8;
-
-	os_memset(aad, 0, sizeof(aad));
-	ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
-
-	if (aes_ccm_ad(tk, 16, nonce, 8, data + 8, mlen, aad, aad_len,
-		       data + 8 + mlen, plain) < 0) {
-		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR
-			   " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3),
-			   WLAN_GET_SEQ_SEQ(seq_ctrl),
-			   WLAN_GET_SEQ_FRAG(seq_ctrl));
-		os_free(plain);
-		return NULL;
-	}
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen);
-
-	*decrypted_len = mlen;
-	return plain;
-}
-
-
-void ccmp_get_pn(u8 *pn, const u8 *data)
-{
-	pn[0] = data[7]; /* PN5 */
-	pn[1] = data[6]; /* PN4 */
-	pn[2] = data[5]; /* PN3 */
-	pn[3] = data[4]; /* PN2 */
-	pn[4] = data[1]; /* PN1 */
-	pn[5] = data[0]; /* PN0 */
-}
-
-
-u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos,
-		  u8 *pn, int keyid, size_t *encrypted_len)
-{
-	u8 aad[30], nonce[13];
-	size_t aad_len, plen;
-	u8 *crypt, *pos;
-	struct ieee80211_hdr *hdr;
-
-	if (len < hdrlen || hdrlen < 24)
-		return NULL;
-	plen = len - hdrlen;
-
-	crypt = os_malloc(hdrlen + 8 + plen + 8 + AES_BLOCK_SIZE);
-	if (crypt == NULL)
-		return NULL;
-
-	os_memcpy(crypt, frame, hdrlen);
-	hdr = (struct ieee80211_hdr *) crypt;
-	hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
-	pos = crypt + hdrlen;
-	*pos++ = pn[5]; /* PN0 */
-	*pos++ = pn[4]; /* PN1 */
-	*pos++ = 0x00; /* Rsvd */
-	*pos++ = 0x20 | (keyid << 6);
-	*pos++ = pn[3]; /* PN2 */
-	*pos++ = pn[2]; /* PN3 */
-	*pos++ = pn[1]; /* PN4 */
-	*pos++ = pn[0]; /* PN5 */
-
-	os_memset(aad, 0, sizeof(aad));
-	ccmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
-
-	if (aes_ccm_ae(tk, 16, nonce, 8, frame + hdrlen, plen, aad, aad_len,
-		       pos, pos + plen) < 0) {
-		os_free(crypt);
-		return NULL;
-	}
-
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP encrypted", crypt + hdrlen + 8, plen);
-
-	*encrypted_len = hdrlen + 8 + plen + 8;
-
-	return crypt;
-}
-
-
-u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3,
-		      const u8 *frame, size_t len,
-		      size_t hdrlen, const u8 *pn, int keyid,
-		      size_t *encrypted_len)
-{
-	u8 aad[24], nonce[13];
-	size_t aad_len, plen;
-	u8 *crypt, *pos;
-	struct ieee80211_hdr *hdr;
-
-	if (len < hdrlen || hdrlen < 12)
-		return NULL;
-	plen = len - hdrlen;
-
-	crypt = os_malloc(hdrlen + plen + 8 + AES_BLOCK_SIZE);
-	if (crypt == NULL)
-		return NULL;
-
-	os_memcpy(crypt, frame, hdrlen);
-	hdr = (struct ieee80211_hdr *) crypt;
-	hdr->frame_control |= host_to_le16(BIT(12)); /* Protected Frame */
-	pos = crypt + hdrlen;
-
-	os_memset(aad, 0, sizeof(aad));
-	ccmp_aad_nonce_pv1(crypt, a1, a2, a3, pn, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, sizeof(nonce));
-
-	if (aes_ccm_ae(tk, 16, nonce, 8, frame + hdrlen, plen, aad, aad_len,
-		       pos, pos + plen) < 0) {
-		os_free(crypt);
-		return NULL;
-	}
-
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP encrypted", crypt + hdrlen, plen);
-
-	*encrypted_len = hdrlen + plen + 8;
-
-	return crypt;
-}
-
-
-u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
-		      const u8 *data, size_t data_len, size_t *decrypted_len)
-{
-	u8 aad[30], nonce[13];
-	size_t aad_len;
-	size_t mlen;
-	u8 *plain;
-
-	if (data_len < 8 + 16)
-		return NULL;
-
-	plain = os_malloc(data_len + AES_BLOCK_SIZE);
-	if (plain == NULL)
-		return NULL;
-
-	mlen = data_len - 8 - 16;
-
-	os_memset(aad, 0, sizeof(aad));
-	ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13);
-
-	if (aes_ccm_ad(tk, 32, nonce, 16, data + 8, mlen, aad, aad_len,
-		       data + 8 + mlen, plain) < 0) {
-		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		wpa_printf(MSG_INFO, "Invalid CCMP-256 MIC in frame: A1=" MACSTR
-			   " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3),
-			   WLAN_GET_SEQ_SEQ(seq_ctrl),
-			   WLAN_GET_SEQ_FRAG(seq_ctrl));
-		os_free(plain);
-		return NULL;
-	}
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 decrypted", plain, mlen);
-
-	*decrypted_len = mlen;
-	return plain;
-}
-
-
-u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
-		      u8 *qos, u8 *pn, int keyid, size_t *encrypted_len)
-{
-	u8 aad[30], nonce[13];
-	size_t aad_len, plen;
-	u8 *crypt, *pos;
-	struct ieee80211_hdr *hdr;
-
-	if (len < hdrlen || hdrlen < 24)
-		return NULL;
-	plen = len - hdrlen;
-
-	crypt = os_malloc(hdrlen + 8 + plen + 16 + AES_BLOCK_SIZE);
-	if (crypt == NULL)
-		return NULL;
-
-	os_memcpy(crypt, frame, hdrlen);
-	hdr = (struct ieee80211_hdr *) crypt;
-	hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
-	pos = crypt + hdrlen;
-	*pos++ = pn[5]; /* PN0 */
-	*pos++ = pn[4]; /* PN1 */
-	*pos++ = 0x00; /* Rsvd */
-	*pos++ = 0x20 | (keyid << 6);
-	*pos++ = pn[3]; /* PN2 */
-	*pos++ = pn[2]; /* PN3 */
-	*pos++ = pn[1]; /* PN4 */
-	*pos++ = pn[0]; /* PN5 */
-
-	os_memset(aad, 0, sizeof(aad));
-	ccmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13);
-
-	if (aes_ccm_ae(tk, 32, nonce, 16, frame + hdrlen, plen, aad, aad_len,
-		       pos, pos + plen) < 0) {
-		os_free(crypt);
-		return NULL;
-	}
-
-	wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 encrypted", crypt + hdrlen + 8,
-		    plen);
-
-	*encrypted_len = hdrlen + 8 + plen + 16;
-
-	return crypt;
-}
diff --git a/wlantest/ctrl.c b/wlantest/ctrl.c
deleted file mode 100644
index 587a0d3e1dfa..000000000000
--- a/wlantest/ctrl.c
+++ /dev/null
@@ -1,1471 +0,0 @@
-/*
- * wlantest control interface
- * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <sys/un.h>
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/defs.h"
-#include "common/version.h"
-#include "common/ieee802_11_defs.h"
-#include "wlantest.h"
-#include "wlantest_ctrl.h"
-
-
-static u8 * attr_get(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr,
-		     size_t *len)
-{
-	u8 *pos = buf;
-
-	while (pos + 8 <= buf + buflen) {
-		enum wlantest_ctrl_attr a;
-		size_t alen;
-		a = WPA_GET_BE32(pos);
-		pos += 4;
-		alen = WPA_GET_BE32(pos);
-		pos += 4;
-		if (pos + alen > buf + buflen) {
-			wpa_printf(MSG_DEBUG, "Invalid control message "
-				   "attribute");
-			return NULL;
-		}
-		if (a == attr) {
-			*len = alen;
-			return pos;
-		}
-		pos += alen;
-	}
-
-	return NULL;
-}
-
-
-static u8 * attr_get_macaddr(u8 *buf, size_t buflen,
-			     enum wlantest_ctrl_attr attr)
-{
-	u8 *addr;
-	size_t addr_len;
-	addr = attr_get(buf, buflen, attr, &addr_len);
-	if (addr && addr_len != ETH_ALEN)
-		addr = NULL;
-	return addr;
-}
-
-
-static int attr_get_int(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr)
-{
-	u8 *pos;
-	size_t len;
-	pos = attr_get(buf, buflen, attr, &len);
-	if (pos == NULL || len != 4)
-		return -1;
-	return WPA_GET_BE32(pos);
-}
-
-
-static u8 * attr_add_str(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
-			 const char *str)
-{
-	size_t len = os_strlen(str);
-
-	if (pos == NULL || end - pos < 8 + len)
-		return NULL;
-	WPA_PUT_BE32(pos, attr);
-	pos += 4;
-	WPA_PUT_BE32(pos, len);
-	pos += 4;
-	os_memcpy(pos, str, len);
-	pos += len;
-	return pos;
-}
-
-
-static u8 * attr_add_be32(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
-			  u32 val)
-{
-	if (pos == NULL || end - pos < 12)
-		return NULL;
-	WPA_PUT_BE32(pos, attr);
-	pos += 4;
-	WPA_PUT_BE32(pos, 4);
-	pos += 4;
-	WPA_PUT_BE32(pos, val);
-	pos += 4;
-	return pos;
-}
-
-
-static void ctrl_disconnect(struct wlantest *wt, int sock)
-{
-	int i;
-	wpa_printf(MSG_DEBUG, "Disconnect control interface connection %d",
-		   sock);
-	for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
-		if (wt->ctrl_socks[i] == sock) {
-			close(wt->ctrl_socks[i]);
-			eloop_unregister_read_sock(wt->ctrl_socks[i]);
-			wt->ctrl_socks[i] = -1;
-			break;
-		}
-	}
-}
-
-
-static void ctrl_send(struct wlantest *wt, int sock, const u8 *buf,
-		      size_t len)
-{
-	if (send(sock, buf, len, 0) < 0) {
-		wpa_printf(MSG_INFO, "send(ctrl): %s", strerror(errno));
-		ctrl_disconnect(wt, sock);
-	}
-}
-
-
-static void ctrl_send_simple(struct wlantest *wt, int sock,
-			     enum wlantest_ctrl_cmd cmd)
-{
-	u8 buf[4];
-	WPA_PUT_BE32(buf, cmd);
-	ctrl_send(wt, sock, buf, sizeof(buf));
-}
-
-
-static struct wlantest_bss * ctrl_get_bss(struct wlantest *wt, int sock,
-					  u8 *cmd, size_t clen)
-{
-	struct wlantest_bss *bss;
-	u8 *pos;
-	size_t len;
-
-	pos = attr_get(cmd, clen, WLANTEST_ATTR_BSSID, &len);
-	if (pos == NULL || len != ETH_ALEN) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return NULL;
-	}
-
-	bss = bss_find(wt, pos);
-	if (bss == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return NULL;
-	}
-
-	return bss;
-}
-
-
-static struct wlantest_sta * ctrl_get_sta(struct wlantest *wt, int sock,
-					  u8 *cmd, size_t clen,
-					  struct wlantest_bss *bss)
-{
-	struct wlantest_sta *sta;
-	u8 *pos;
-	size_t len;
-
-	if (bss == NULL)
-		return NULL;
-
-	pos = attr_get(cmd, clen, WLANTEST_ATTR_STA_ADDR, &len);
-	if (pos == NULL || len != ETH_ALEN) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return NULL;
-	}
-
-	sta = sta_find(bss, pos);
-	if (sta == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return NULL;
-	}
-
-	return sta;
-}
-
-
-static struct wlantest_sta * ctrl_get_sta2(struct wlantest *wt, int sock,
-					   u8 *cmd, size_t clen,
-					   struct wlantest_bss *bss)
-{
-	struct wlantest_sta *sta;
-	u8 *pos;
-	size_t len;
-
-	if (bss == NULL)
-		return NULL;
-
-	pos = attr_get(cmd, clen, WLANTEST_ATTR_STA2_ADDR, &len);
-	if (pos == NULL || len != ETH_ALEN) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return NULL;
-	}
-
-	sta = sta_find(bss, pos);
-	if (sta == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return NULL;
-	}
-
-	return sta;
-}
-
-
-static void ctrl_list_bss(struct wlantest *wt, int sock)
-{
-	u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos, *len;
-	struct wlantest_bss *bss;
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
-	pos += 4;
-	len = pos; /* to be filled */
-	pos += 4;
-
-	dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
-		if (pos + ETH_ALEN > buf + WLANTEST_CTRL_MAX_RESP_LEN)
-			break;
-		os_memcpy(pos, bss->bssid, ETH_ALEN);
-		pos += ETH_ALEN;
-	}
-
-	WPA_PUT_BE32(len, pos - len - 4);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_list_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos, *len;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	if (bss == NULL)
-		return;
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_STA_ADDR);
-	pos += 4;
-	len = pos; /* to be filled */
-	pos += 4;
-
-	dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
-		if (pos + ETH_ALEN > buf + WLANTEST_CTRL_MAX_RESP_LEN)
-			break;
-		os_memcpy(pos, sta->addr, ETH_ALEN);
-		pos += ETH_ALEN;
-	}
-
-	WPA_PUT_BE32(len, pos - len - 4);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_flush(struct wlantest *wt, int sock)
-{
-	wpa_printf(MSG_DEBUG, "Drop all collected BSS data");
-	bss_flush(wt);
-	ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-}
-
-
-static void ctrl_clear_sta_counters(struct wlantest *wt, int sock, u8 *cmd,
-				    size_t clen)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	if (sta == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	os_memset(sta->counters, 0, sizeof(sta->counters));
-	os_memset(sta->tx_tid, 0, sizeof(sta->tx_tid));
-	os_memset(sta->rx_tid, 0, sizeof(sta->rx_tid));
-	ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-}
-
-
-static void ctrl_clear_bss_counters(struct wlantest *wt, int sock, u8 *cmd,
-				    size_t clen)
-{
-	struct wlantest_bss *bss;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	if (bss == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	os_memset(bss->counters, 0, sizeof(bss->counters));
-	ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-}
-
-
-static void ctrl_clear_tdls_counters(struct wlantest *wt, int sock, u8 *cmd,
-				     size_t clen)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	struct wlantest_sta *sta2;
-	struct wlantest_tdls *tdls;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	sta2 = ctrl_get_sta2(wt, sock, cmd, clen, bss);
-	if (sta == NULL || sta2 == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if ((tdls->init == sta && tdls->resp == sta2) ||
-		    (tdls->init == sta2 && tdls->resp == sta))
-			os_memset(tdls->counters, 0, sizeof(tdls->counters));
-	}
-	ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-}
-
-
-static void ctrl_get_sta_counter(struct wlantest *wt, int sock, u8 *cmd,
-				 size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u32 counter;
-	u8 buf[4 + 12], *end, *pos;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	if (sta == NULL)
-		return;
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_COUNTER, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	counter = WPA_GET_BE32(addr);
-	if (counter >= NUM_WLANTEST_STA_COUNTER) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
-			    sta->counters[counter]);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_get_bss_counter(struct wlantest *wt, int sock, u8 *cmd,
-				 size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	u32 counter;
-	u8 buf[4 + 12], *end, *pos;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	if (bss == NULL)
-		return;
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_COUNTER, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	counter = WPA_GET_BE32(addr);
-	if (counter >= NUM_WLANTEST_BSS_COUNTER) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
-			    bss->counters[counter]);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_get_tdls_counter(struct wlantest *wt, int sock, u8 *cmd,
-				  size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	struct wlantest_sta *sta2;
-	struct wlantest_tdls *tdls;
-	u32 counter;
-	u8 buf[4 + 12], *end, *pos;
-	int found = 0;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	sta2 = ctrl_get_sta2(wt, sock, cmd, clen, bss);
-	if (sta == NULL || sta2 == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_TDLS_COUNTER, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	counter = WPA_GET_BE32(addr);
-	if (counter >= NUM_WLANTEST_TDLS_COUNTER) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if (tdls->init == sta && tdls->resp == sta2) {
-			found = 1;
-			break;
-		}
-	}
-
-	if (!found) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
-			    tdls->counters[counter]);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void build_mgmt_hdr(struct ieee80211_mgmt *mgmt,
-			   struct wlantest_bss *bss, struct wlantest_sta *sta,
-			   int sender_ap, int stype)
-{
-	os_memset(mgmt, 0, 24);
-	mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, stype);
-	if (sender_ap) {
-		if (sta)
-			os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
-		else
-			os_memset(mgmt->da, 0xff, ETH_ALEN);
-		os_memcpy(mgmt->sa, bss->bssid, ETH_ALEN);
-	} else {
-		os_memcpy(mgmt->da, bss->bssid, ETH_ALEN);
-		os_memcpy(mgmt->sa, sta->addr, ETH_ALEN);
-	}
-	os_memcpy(mgmt->bssid, bss->bssid, ETH_ALEN);
-}
-
-
-static int ctrl_inject_auth(struct wlantest *wt, struct wlantest_bss *bss,
-			    struct wlantest_sta *sta, int sender_ap,
-			    enum wlantest_inject_protection prot)
-{
-	struct ieee80211_mgmt mgmt;
-
-	if (prot != WLANTEST_INJECT_NORMAL &&
-	    prot != WLANTEST_INJECT_UNPROTECTED)
-		return -1; /* Authentication frame is never protected */
-	if (sta == NULL)
-		return -1; /* No broadcast Authentication frames */
-
-	if (sender_ap)
-		wpa_printf(MSG_INFO, "INJECT: Auth " MACSTR " -> " MACSTR,
-			   MAC2STR(bss->bssid), MAC2STR(sta->addr));
-	else
-		wpa_printf(MSG_INFO, "INJECT: Auth " MACSTR " -> " MACSTR,
-			   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_AUTH);
-
-	mgmt.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
-	mgmt.u.auth.auth_transaction = host_to_le16(1);
-	mgmt.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS);
-
-	return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 6,
-			       WLANTEST_INJECT_UNPROTECTED);
-}
-
-
-static int ctrl_inject_assocreq(struct wlantest *wt, struct wlantest_bss *bss,
-				struct wlantest_sta *sta, int sender_ap,
-				enum wlantest_inject_protection prot)
-{
-	u8 *buf;
-	struct ieee80211_mgmt *mgmt;
-	int ret;
-
-	if (prot != WLANTEST_INJECT_NORMAL &&
-	    prot != WLANTEST_INJECT_UNPROTECTED)
-		return -1; /* Association Request frame is never protected */
-	if (sta == NULL)
-		return -1; /* No broadcast Association Request frames */
-	if (sender_ap)
-		return -1; /* No Association Request frame sent by AP */
-	if (sta->assocreq_ies == NULL) {
-		wpa_printf(MSG_INFO, "INJECT: No previous (Re)Association "
-			   "Request available for " MACSTR,
-			   MAC2STR(sta->addr));
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "INJECT: AssocReq " MACSTR " -> " MACSTR,
-		   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	buf = os_malloc(sizeof(*mgmt) + sta->assocreq_ies_len);
-	if (buf == NULL)
-		return -1;
-	mgmt = (struct ieee80211_mgmt *) buf;
-
-	build_mgmt_hdr(mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_ASSOC_REQ);
-
-	mgmt->u.assoc_req.capab_info = host_to_le16(sta->assocreq_capab_info);
-	mgmt->u.assoc_req.listen_interval =
-		host_to_le16(sta->assocreq_listen_int);
-	os_memcpy(mgmt->u.assoc_req.variable, sta->assocreq_ies,
-		  sta->assocreq_ies_len);
-
-	ret = wlantest_inject(wt, bss, sta, buf,
-			      24 + 4 + sta->assocreq_ies_len,
-			      WLANTEST_INJECT_UNPROTECTED);
-	os_free(buf);
-	return ret;
-}
-
-
-static int ctrl_inject_reassocreq(struct wlantest *wt,
-				  struct wlantest_bss *bss,
-				  struct wlantest_sta *sta, int sender_ap,
-				  enum wlantest_inject_protection prot)
-{
-	u8 *buf;
-	struct ieee80211_mgmt *mgmt;
-	int ret;
-
-	if (prot != WLANTEST_INJECT_NORMAL &&
-	    prot != WLANTEST_INJECT_UNPROTECTED)
-		return -1; /* Reassociation Request frame is never protected */
-	if (sta == NULL)
-		return -1; /* No broadcast Reassociation Request frames */
-	if (sender_ap)
-		return -1; /* No Reassociation Request frame sent by AP */
-	if (sta->assocreq_ies == NULL) {
-		wpa_printf(MSG_INFO, "INJECT: No previous (Re)Association "
-			   "Request available for " MACSTR,
-			   MAC2STR(sta->addr));
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "INJECT: ReassocReq " MACSTR " -> " MACSTR,
-		   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	buf = os_malloc(sizeof(*mgmt) + sta->assocreq_ies_len);
-	if (buf == NULL)
-		return -1;
-	mgmt = (struct ieee80211_mgmt *) buf;
-
-	build_mgmt_hdr(mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_REASSOC_REQ);
-
-	mgmt->u.reassoc_req.capab_info =
-		host_to_le16(sta->assocreq_capab_info);
-	mgmt->u.reassoc_req.listen_interval =
-		host_to_le16(sta->assocreq_listen_int);
-	os_memcpy(mgmt->u.reassoc_req.current_ap, bss->bssid, ETH_ALEN);
-	os_memcpy(mgmt->u.reassoc_req.variable, sta->assocreq_ies,
-		  sta->assocreq_ies_len);
-
-	ret = wlantest_inject(wt, bss, sta, buf,
-			      24 + 10 + sta->assocreq_ies_len,
-			      WLANTEST_INJECT_UNPROTECTED);
-	os_free(buf);
-	return ret;
-}
-
-
-static int ctrl_inject_deauth(struct wlantest *wt, struct wlantest_bss *bss,
-			      struct wlantest_sta *sta, int sender_ap,
-			      enum wlantest_inject_protection prot)
-{
-	struct ieee80211_mgmt mgmt;
-
-	if (sender_ap) {
-		if (sta)
-			wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR " -> "
-				   MACSTR,
-				   MAC2STR(bss->bssid), MAC2STR(sta->addr));
-		else
-			wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR
-				   " -> broadcast", MAC2STR(bss->bssid));
-	} else
-		wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR " -> " MACSTR,
-			   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_DEAUTH);
-
-	mgmt.u.deauth.reason_code = host_to_le16(WLAN_REASON_UNSPECIFIED);
-
-	return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 2, prot);
-}
-
-
-static int ctrl_inject_disassoc(struct wlantest *wt, struct wlantest_bss *bss,
-				struct wlantest_sta *sta, int sender_ap,
-				enum wlantest_inject_protection prot)
-{
-	struct ieee80211_mgmt mgmt;
-
-	if (sender_ap) {
-		if (sta)
-			wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR " -> "
-				   MACSTR,
-				   MAC2STR(bss->bssid), MAC2STR(sta->addr));
-		else
-			wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR
-				   " -> broadcast", MAC2STR(bss->bssid));
-	} else
-		wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR " -> " MACSTR,
-			   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_DISASSOC);
-
-	mgmt.u.disassoc.reason_code = host_to_le16(WLAN_REASON_UNSPECIFIED);
-
-	return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 2, prot);
-}
-
-
-static int ctrl_inject_saqueryreq(struct wlantest *wt,
-				  struct wlantest_bss *bss,
-				  struct wlantest_sta *sta, int sender_ap,
-				  enum wlantest_inject_protection prot)
-{
-	struct ieee80211_mgmt mgmt;
-
-	if (sta == NULL)
-		return -1; /* No broadcast SA Query frames */
-
-	if (sender_ap)
-		wpa_printf(MSG_INFO, "INJECT: SA Query Request " MACSTR " -> "
-			   MACSTR, MAC2STR(bss->bssid), MAC2STR(sta->addr));
-	else
-		wpa_printf(MSG_INFO, "INJECT: SA Query Request " MACSTR " -> "
-			   MACSTR, MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_ACTION);
-
-	mgmt.u.action.category = WLAN_ACTION_SA_QUERY;
-	mgmt.u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
-	mgmt.u.action.u.sa_query_req.trans_id[0] = 0x12;
-	mgmt.u.action.u.sa_query_req.trans_id[1] = 0x34;
-	os_memcpy(sender_ap ? sta->ap_sa_query_tr : sta->sta_sa_query_tr,
-		  mgmt.u.action.u.sa_query_req.trans_id,
-		  WLAN_SA_QUERY_TR_ID_LEN);
-	return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 4, prot);
-}
-
-
-static void ctrl_inject(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	u8 *bssid, *sta_addr;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	int frame, sender_ap, prot;
-	int ret = 0;
-
-	bssid = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_BSSID);
-	sta_addr = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_STA_ADDR);
-	frame = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_FRAME);
-	sender_ap = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_SENDER_AP);
-	if (sender_ap < 0)
-		sender_ap = 0;
-	prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
-	if (bssid == NULL || sta_addr == NULL || frame < 0 || prot < 0) {
-		wpa_printf(MSG_INFO, "Invalid inject command parameters");
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	bss = bss_find(wt, bssid);
-	if (bss == NULL) {
-		wpa_printf(MSG_INFO, "BSS not found for inject command");
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	if (is_broadcast_ether_addr(sta_addr)) {
-		if (!sender_ap) {
-			wpa_printf(MSG_INFO, "Invalid broadcast inject "
-				   "command without sender_ap set");
-			ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-			return;
-		} sta = NULL;
-	} else {
-		sta = sta_find(bss, sta_addr);
-		if (sta == NULL) {
-			wpa_printf(MSG_INFO, "Station not found for inject "
-				   "command");
-			ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-			return;
-		}
-	}
-
-	switch (frame) {
-	case WLANTEST_FRAME_AUTH:
-		ret = ctrl_inject_auth(wt, bss, sta, sender_ap, prot);
-		break;
-	case WLANTEST_FRAME_ASSOCREQ:
-		ret = ctrl_inject_assocreq(wt, bss, sta, sender_ap, prot);
-		break;
-	case WLANTEST_FRAME_REASSOCREQ:
-		ret = ctrl_inject_reassocreq(wt, bss, sta, sender_ap, prot);
-		break;
-	case WLANTEST_FRAME_DEAUTH:
-		ret = ctrl_inject_deauth(wt, bss, sta, sender_ap, prot);
-		break;
-	case WLANTEST_FRAME_DISASSOC:
-		ret = ctrl_inject_disassoc(wt, bss, sta, sender_ap, prot);
-		break;
-	case WLANTEST_FRAME_SAQUERYREQ:
-		ret = ctrl_inject_saqueryreq(wt, bss, sta, sender_ap, prot);
-		break;
-	default:
-		wpa_printf(MSG_INFO, "Unsupported inject command frame %d",
-			   frame);
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	if (ret)
-		wpa_printf(MSG_INFO, "Failed to inject frame");
-	else
-		wpa_printf(MSG_INFO, "Frame injected successfully");
-	ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
-			 WLANTEST_CTRL_FAILURE);
-}
-
-
-static void ctrl_version(struct wlantest *wt, int sock)
-{
-	u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos;
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_str(pos, buf + sizeof(buf), WLANTEST_ATTR_VERSION,
-			   VERSION_STR);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_add_passphrase(struct wlantest *wt, int sock, u8 *cmd,
-				size_t clen)
-{
-	u8 *passphrase;
-	size_t len;
-	struct wlantest_passphrase *p, *pa;
-	u8 *bssid;
-
-	passphrase = attr_get(cmd, clen, WLANTEST_ATTR_PASSPHRASE, &len);
-	if (passphrase == NULL) {
-		u8 *wepkey;
-		char *key;
-		enum wlantest_ctrl_cmd res;
-
-		wepkey = attr_get(cmd, clen, WLANTEST_ATTR_WEPKEY, &len);
-		if (wepkey == NULL) {
-			ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-			return;
-		}
-		key = os_zalloc(len + 1);
-		if (key == NULL) {
-			ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-			return;
-		}
-		os_memcpy(key, wepkey, len);
-		if (add_wep(wt, key) < 0)
-			res = WLANTEST_CTRL_FAILURE;
-		else
-			res = WLANTEST_CTRL_SUCCESS;
-		os_free(key);
-		ctrl_send_simple(wt, sock, res);
-		return;
-	}
-
-	if (len < 8 || len > 63) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	p = os_zalloc(sizeof(*p));
-	if (p == NULL) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-	os_memcpy(p->passphrase, passphrase, len);
-	wpa_printf(MSG_INFO, "Add passphrase '%s'", p->passphrase);
-
-	bssid = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_BSSID);
-	if (bssid) {
-		os_memcpy(p->bssid, bssid, ETH_ALEN);
-		wpa_printf(MSG_INFO, "Limit passphrase for BSSID " MACSTR,
-			   MAC2STR(p->bssid));
-	}
-
-	dl_list_for_each(pa, &wt->passphrase, struct wlantest_passphrase, list)
-	{
-		if (os_strcmp(p->passphrase, pa->passphrase) == 0 &&
-		    os_memcmp(p->bssid, pa->bssid, ETH_ALEN) == 0) {
-			wpa_printf(MSG_INFO, "Passphrase was already known");
-			os_free(p);
-			p = NULL;
-			break;
-		}
-	}
-
-	if (p) {
-		struct wlantest_bss *bss;
-		dl_list_add(&wt->passphrase, &p->list);
-		dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
-			if (bssid &&
-			    os_memcmp(p->bssid, bss->bssid, ETH_ALEN) != 0)
-				continue;
-			bss_add_pmk_from_passphrase(bss, p->passphrase);
-		}
-	}
-
-	ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-}
-
-
-static void info_print_proto(char *buf, size_t len, int proto)
-{
-	char *pos, *end;
-
-	if (proto == 0) {
-		os_snprintf(buf, len, "OPEN");
-		return;
-	}
-
-	pos = buf;
-	end = buf + len;
-
-	if (proto & WPA_PROTO_WPA)
-		pos += os_snprintf(pos, end - pos, "%sWPA",
-				   pos == buf ? "" : " ");
-	if (proto & WPA_PROTO_RSN)
-		pos += os_snprintf(pos, end - pos, "%sWPA2",
-				   pos == buf ? "" : " ");
-}
-
-
-static void info_print_cipher(char *buf, size_t len, int cipher)
-{
-	char *pos, *end;
-
-	if (cipher == 0) {
-		os_snprintf(buf, len, "N/A");
-		return;
-	}
-
-	pos = buf;
-	end = buf + len;
-
-	if (cipher & WPA_CIPHER_NONE)
-		pos += os_snprintf(pos, end - pos, "%sNONE",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_WEP40)
-		pos += os_snprintf(pos, end - pos, "%sWEP40",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_WEP104)
-		pos += os_snprintf(pos, end - pos, "%sWEP104",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_TKIP)
-		pos += os_snprintf(pos, end - pos, "%sTKIP",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_CCMP)
-		pos += os_snprintf(pos, end - pos, "%sCCMP",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_AES_128_CMAC)
-		pos += os_snprintf(pos, end - pos, "%sBIP",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_BIP_GMAC_128)
-		pos += os_snprintf(pos, end - pos, "%sBIP-GMAC-128",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_BIP_GMAC_256)
-		pos += os_snprintf(pos, end - pos, "%sBIP-GMAC-256",
-				   pos == buf ? "" : " ");
-	if (cipher & WPA_CIPHER_BIP_CMAC_256)
-		pos += os_snprintf(pos, end - pos, "%sBIP-CMAC-256",
-				   pos == buf ? "" : " ");
-}
-
-
-static void info_print_key_mgmt(char *buf, size_t len, int key_mgmt)
-{
-	char *pos, *end;
-
-	if (key_mgmt == 0) {
-		os_snprintf(buf, len, "N/A");
-		return;
-	}
-
-	pos = buf;
-	end = buf + len;
-
-	if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
-		pos += os_snprintf(pos, end - pos, "%sEAP",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_PSK)
-		pos += os_snprintf(pos, end - pos, "%sPSK",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_WPA_NONE)
-		pos += os_snprintf(pos, end - pos, "%sWPA-NONE",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
-		pos += os_snprintf(pos, end - pos, "%sFT-EAP",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
-		pos += os_snprintf(pos, end - pos, "%sFT-PSK",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
-		pos += os_snprintf(pos, end - pos, "%sEAP-SHA256",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
-		pos += os_snprintf(pos, end - pos, "%sPSK-SHA256",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
-		pos += os_snprintf(pos, end - pos, "%sEAP-SUITE-B",
-				   pos == buf ? "" : " ");
-	if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
-		pos += os_snprintf(pos, end - pos, "%sEAP-SUITE-B-192",
-				   pos == buf ? "" : " ");
-}
-
-
-static void info_print_rsn_capab(char *buf, size_t len, int capab)
-{
-	char *pos, *end;
-
-	pos = buf;
-	end = buf + len;
-
-	if (capab & WPA_CAPABILITY_PREAUTH)
-		pos += os_snprintf(pos, end - pos, "%sPREAUTH",
-				   pos == buf ? "" : " ");
-	if (capab & WPA_CAPABILITY_NO_PAIRWISE)
-		pos += os_snprintf(pos, end - pos, "%sNO_PAIRWISE",
-				   pos == buf ? "" : " ");
-	if (capab & WPA_CAPABILITY_MFPR)
-		pos += os_snprintf(pos, end - pos, "%sMFPR",
-				   pos == buf ? "" : " ");
-	if (capab & WPA_CAPABILITY_MFPC)
-		pos += os_snprintf(pos, end - pos, "%sMFPC",
-				   pos == buf ? "" : " ");
-	if (capab & WPA_CAPABILITY_PEERKEY_ENABLED)
-		pos += os_snprintf(pos, end - pos, "%sPEERKEY",
-				   pos == buf ? "" : " ");
-	if (capab & WPA_CAPABILITY_OCVC)
-		pos += os_snprintf(pos, end - pos, "%sOCVC",
-				   pos == buf ? "" : " ");
-}
-
-
-static void info_print_state(char *buf, size_t len, int state)
-{
-	switch (state) {
-	case STATE1:
-		os_strlcpy(buf, "NOT-AUTH", len);
-		break;
-	case STATE2:
-		os_strlcpy(buf, "AUTH", len);
-		break;
-	case STATE3:
-		os_strlcpy(buf, "AUTH+ASSOC", len);
-		break;
-	}
-}
-
-
-static void info_print_gtk(char *buf, size_t len, struct wlantest_sta *sta)
-{
-	size_t pos;
-
-	pos = os_snprintf(buf, len, "IDX=%d,GTK=", sta->gtk_idx);
-	wpa_snprintf_hex(buf + pos, len - pos, sta->gtk, sta->gtk_len);
-}
-
-
-static void ctrl_info_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	enum wlantest_sta_info info;
-	u8 buf[4 + 108], *end, *pos;
-	char resp[100];
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	if (sta == NULL)
-		return;
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_INFO, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	info = WPA_GET_BE32(addr);
-
-	resp[0] = '\0';
-	switch (info) {
-	case WLANTEST_STA_INFO_PROTO:
-		info_print_proto(resp, sizeof(resp), sta->proto);
-		break;
-	case WLANTEST_STA_INFO_PAIRWISE:
-		info_print_cipher(resp, sizeof(resp), sta->pairwise_cipher);
-		break;
-	case WLANTEST_STA_INFO_KEY_MGMT:
-		info_print_key_mgmt(resp, sizeof(resp), sta->key_mgmt);
-		break;
-	case WLANTEST_STA_INFO_RSN_CAPAB:
-		info_print_rsn_capab(resp, sizeof(resp), sta->rsn_capab);
-		break;
-	case WLANTEST_STA_INFO_STATE:
-		info_print_state(resp, sizeof(resp), sta->state);
-		break;
-	case WLANTEST_STA_INFO_GTK:
-		info_print_gtk(resp, sizeof(resp), sta);
-		break;
-	default:
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_info_bss(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	enum wlantest_bss_info info;
-	u8 buf[4 + 108], *end, *pos;
-	char resp[100];
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	if (bss == NULL)
-		return;
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_INFO, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	info = WPA_GET_BE32(addr);
-
-	resp[0] = '\0';
-	switch (info) {
-	case WLANTEST_BSS_INFO_PROTO:
-		info_print_proto(resp, sizeof(resp), bss->proto);
-		break;
-	case WLANTEST_BSS_INFO_PAIRWISE:
-		info_print_cipher(resp, sizeof(resp), bss->pairwise_cipher);
-		break;
-	case WLANTEST_BSS_INFO_GROUP:
-		info_print_cipher(resp, sizeof(resp), bss->group_cipher);
-		break;
-	case WLANTEST_BSS_INFO_GROUP_MGMT:
-		info_print_cipher(resp, sizeof(resp), bss->mgmt_group_cipher);
-		break;
-	case WLANTEST_BSS_INFO_KEY_MGMT:
-		info_print_key_mgmt(resp, sizeof(resp), bss->key_mgmt);
-		break;
-	case WLANTEST_BSS_INFO_RSN_CAPAB:
-		info_print_rsn_capab(resp, sizeof(resp), bss->rsn_capab);
-		break;
-	default:
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_send_(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u8 *bssid, *sta_addr;
-	int prot;
-	u8 *frame;
-	size_t frame_len;
-	int ret = 0;
-	struct ieee80211_hdr *hdr;
-	u16 fc;
-
-	frame = attr_get(cmd, clen, WLANTEST_ATTR_FRAME, &frame_len);
-	prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
-	if (frame == NULL || frame_len < 24 || prot < 0) {
-		wpa_printf(MSG_INFO, "Invalid send command parameters");
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	hdr = (struct ieee80211_hdr *) frame;
-	fc = le_to_host16(hdr->frame_control);
-	switch (WLAN_FC_GET_TYPE(fc)) {
-	case WLAN_FC_TYPE_MGMT:
-		bssid = hdr->addr3;
-		if (os_memcmp(hdr->addr2, hdr->addr3, ETH_ALEN) == 0)
-			sta_addr = hdr->addr1;
-		else
-			sta_addr = hdr->addr2;
-		break;
-	case WLAN_FC_TYPE_DATA:
-		switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
-		case 0:
-			bssid = hdr->addr3;
-			sta_addr = hdr->addr2;
-			break;
-		case WLAN_FC_TODS:
-			bssid = hdr->addr1;
-			sta_addr = hdr->addr2;
-			break;
-		case WLAN_FC_FROMDS:
-			bssid = hdr->addr2;
-			sta_addr = hdr->addr1;
-			break;
-		default:
-			wpa_printf(MSG_INFO, "Unsupported inject frame");
-			ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-			return;
-		}
-		break;
-	default:
-		wpa_printf(MSG_INFO, "Unsupported inject frame");
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	bss = bss_find(wt, bssid);
-	if (bss == NULL && prot != WLANTEST_INJECT_UNPROTECTED) {
-		wpa_printf(MSG_INFO, "Unknown BSSID");
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	if (bss)
-		sta = sta_find(bss, sta_addr);
-	else
-		sta = NULL;
-	if (sta == NULL && prot != WLANTEST_INJECT_UNPROTECTED) {
-		wpa_printf(MSG_INFO, "Unknown STA address");
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
-		return;
-	}
-
-	ret = wlantest_inject(wt, bss, sta, frame, frame_len, prot);
-
-	if (ret)
-		wpa_printf(MSG_INFO, "Failed to inject frame");
-	else
-		wpa_printf(MSG_INFO, "Frame injected successfully");
-	ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
-			 WLANTEST_CTRL_FAILURE);
-}
-
-
-static void ctrl_relog(struct wlantest *wt, int sock)
-{
-	int res = wlantest_relog(wt);
-	ctrl_send_simple(wt, sock, res ? WLANTEST_CTRL_FAILURE :
-			 WLANTEST_CTRL_SUCCESS);
-}
-
-
-static void ctrl_get_tx_tid(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u32 counter;
-	u8 buf[4 + 12], *end, *pos;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	if (sta == NULL)
-		return;
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_TID, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	counter = WPA_GET_BE32(addr);
-	if (counter >= 16 + 1) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
-			    sta->tx_tid[counter]);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_get_rx_tid(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
-{
-	u8 *addr;
-	size_t addr_len;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u32 counter;
-	u8 buf[4 + 12], *end, *pos;
-
-	bss = ctrl_get_bss(wt, sock, cmd, clen);
-	sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
-	if (sta == NULL)
-		return;
-
-	addr = attr_get(cmd, clen, WLANTEST_ATTR_TID, &addr_len);
-	if (addr == NULL || addr_len != 4) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-	counter = WPA_GET_BE32(addr);
-	if (counter >= 16 + 1) {
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
-		return;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
-	pos += 4;
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
-			    sta->rx_tid[counter]);
-	ctrl_send(wt, sock, buf, pos - buf);
-}
-
-
-static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wlantest *wt = eloop_ctx;
-	u8 buf[WLANTEST_CTRL_MAX_CMD_LEN];
-	int len;
-	enum wlantest_ctrl_cmd cmd;
-
-	wpa_printf(MSG_EXCESSIVE, "New control interface message from %d",
-		   sock);
-	len = recv(sock, buf, sizeof(buf), 0);
-	if (len < 0) {
-		wpa_printf(MSG_INFO, "recv(ctrl): %s", strerror(errno));
-		ctrl_disconnect(wt, sock);
-		return;
-	}
-	if (len == 0) {
-		ctrl_disconnect(wt, sock);
-		return;
-	}
-
-	if (len < 4) {
-		wpa_printf(MSG_INFO, "Too short control interface command "
-			   "from %d", sock);
-		ctrl_disconnect(wt, sock);
-		return;
-	}
-	cmd = WPA_GET_BE32(buf);
-	wpa_printf(MSG_EXCESSIVE, "Control interface command %d from %d",
-		   cmd, sock);
-
-	switch (cmd) {
-	case WLANTEST_CTRL_PING:
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-		break;
-	case WLANTEST_CTRL_TERMINATE:
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
-		eloop_terminate();
-		break;
-	case WLANTEST_CTRL_LIST_BSS:
-		ctrl_list_bss(wt, sock);
-		break;
-	case WLANTEST_CTRL_LIST_STA:
-		ctrl_list_sta(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_FLUSH:
-		ctrl_flush(wt, sock);
-		break;
-	case WLANTEST_CTRL_CLEAR_STA_COUNTERS:
-		ctrl_clear_sta_counters(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_CLEAR_BSS_COUNTERS:
-		ctrl_clear_bss_counters(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_CLEAR_TDLS_COUNTERS:
-		ctrl_clear_tdls_counters(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_GET_STA_COUNTER:
-		ctrl_get_sta_counter(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_GET_BSS_COUNTER:
-		ctrl_get_bss_counter(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_GET_TDLS_COUNTER:
-		ctrl_get_tdls_counter(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_INJECT:
-		ctrl_inject(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_VERSION:
-		ctrl_version(wt, sock);
-		break;
-	case WLANTEST_CTRL_ADD_PASSPHRASE:
-		ctrl_add_passphrase(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_INFO_STA:
-		ctrl_info_sta(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_INFO_BSS:
-		ctrl_info_bss(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_SEND:
-		ctrl_send_(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_RELOG:
-		ctrl_relog(wt, sock);
-		break;
-	case WLANTEST_CTRL_GET_TX_TID:
-		ctrl_get_tx_tid(wt, sock, buf + 4, len - 4);
-		break;
-	case WLANTEST_CTRL_GET_RX_TID:
-		ctrl_get_rx_tid(wt, sock, buf + 4, len - 4);
-		break;
-	default:
-		ctrl_send_simple(wt, sock, WLANTEST_CTRL_UNKNOWN_CMD);
-		break;
-	}
-}
-
-
-static void ctrl_connect(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wlantest *wt = eloop_ctx;
-	int conn, i;
-
-	conn = accept(sock, NULL, NULL);
-	if (conn < 0) {
-		wpa_printf(MSG_INFO, "accept(ctrl): %s", strerror(errno));
-		return;
-	}
-	wpa_printf(MSG_MSGDUMP, "New control interface connection %d", conn);
-
-	for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
-		if (wt->ctrl_socks[i] < 0)
-			break;
-	}
-
-	if (i == MAX_CTRL_CONNECTIONS) {
-		wpa_printf(MSG_INFO, "No room for new control connection");
-		close(conn);
-		return;
-	}
-
-	wt->ctrl_socks[i] = conn;
-	eloop_register_read_sock(conn, ctrl_read, wt, NULL);
-}
-
-
-int ctrl_init(struct wlantest *wt)
-{
-	struct sockaddr_un addr;
-
-	wt->ctrl_sock = socket(AF_UNIX, SOCK_SEQPACKET, 0);
-	if (wt->ctrl_sock < 0) {
-		wpa_printf(MSG_ERROR, "socket: %s", strerror(errno));
-		return -1;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	os_strlcpy(addr.sun_path + 1, WLANTEST_SOCK_NAME,
-		   sizeof(addr.sun_path) - 1);
-	if (bind(wt->ctrl_sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		wpa_printf(MSG_ERROR, "bind: %s", strerror(errno));
-		close(wt->ctrl_sock);
-		wt->ctrl_sock = -1;
-		return -1;
-	}
-
-	if (listen(wt->ctrl_sock, 5) < 0) {
-		wpa_printf(MSG_ERROR, "listen: %s", strerror(errno));
-		close(wt->ctrl_sock);
-		wt->ctrl_sock = -1;
-		return -1;
-	}
-
-	if (eloop_register_read_sock(wt->ctrl_sock, ctrl_connect, wt, NULL)) {
-		close(wt->ctrl_sock);
-		wt->ctrl_sock = -1;
-		return -1;
-	}
-
-	return 0;
-}
-
-
-void ctrl_deinit(struct wlantest *wt)
-{
-	int i;
-
-	if (wt->ctrl_sock < 0)
-		return;
-
-	for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
-		if (wt->ctrl_socks[i] >= 0) {
-			close(wt->ctrl_socks[i]);
-			eloop_unregister_read_sock(wt->ctrl_socks[i]);
-			wt->ctrl_socks[i] = -1;
-		}
-	}
-
-	eloop_unregister_read_sock(wt->ctrl_sock);
-	close(wt->ctrl_sock);
-	wt->ctrl_sock = -1;
-}
diff --git a/wlantest/gcmp.c b/wlantest/gcmp.c
deleted file mode 100644
index f9f95b23db31..000000000000
--- a/wlantest/gcmp.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * GCM with GMAC Protocol (GCMP)
- * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/ieee802_11_defs.h"
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
-#include "wlantest.h"
-
-
-static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
-			   u8 *aad, size_t *aad_len, u8 *nonce)
-{
-	u16 fc, stype, seq;
-	int qos = 0, addr4 = 0;
-	u8 *pos;
-
-	fc = le_to_host16(hdr->frame_control);
-	stype = WLAN_FC_GET_STYPE(fc);
-	if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-	    (WLAN_FC_TODS | WLAN_FC_FROMDS))
-		addr4 = 1;
-
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) {
-		fc &= ~0x0070; /* Mask subtype bits */
-		if (stype & 0x08) {
-			const u8 *qc;
-			qos = 1;
-			fc &= ~WLAN_FC_HTC;
-			qc = (const u8 *) (hdr + 1);
-			if (addr4)
-				qc += ETH_ALEN;
-		}
-	}
-
-	fc &= ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT | WLAN_FC_MOREDATA);
-	WPA_PUT_LE16(aad, fc);
-	pos = aad + 2;
-	os_memcpy(pos, hdr->addr1, 3 * ETH_ALEN);
-	pos += 3 * ETH_ALEN;
-	seq = le_to_host16(hdr->seq_ctrl);
-	seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */
-	WPA_PUT_LE16(pos, seq);
-	pos += 2;
-
-	os_memcpy(pos, hdr + 1, addr4 * ETH_ALEN + qos * 2);
-	pos += addr4 * ETH_ALEN;
-	if (qos) {
-		pos[0] &= ~0x70;
-		if (1 /* FIX: either device has SPP A-MSDU Capab = 0 */)
-			pos[0] &= ~0x80;
-		pos++;
-		*pos++ = 0x00;
-	}
-
-	*aad_len = pos - aad;
-
-	os_memcpy(nonce, hdr->addr2, ETH_ALEN);
-	nonce[6] = data[7]; /* PN5 */
-	nonce[7] = data[6]; /* PN4 */
-	nonce[8] = data[5]; /* PN3 */
-	nonce[9] = data[4]; /* PN2 */
-	nonce[10] = data[1]; /* PN1 */
-	nonce[11] = data[0]; /* PN0 */
-}
-
-
-u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
-		  const u8 *data, size_t data_len, size_t *decrypted_len)
-{
-	u8 aad[30], nonce[12], *plain;
-	size_t aad_len, mlen;
-	const u8 *m;
-
-	if (data_len < 8 + 16)
-		return NULL;
-
-	plain = os_malloc(data_len + AES_BLOCK_SIZE);
-	if (plain == NULL)
-		return NULL;
-
-	m = data + 8;
-	mlen = data_len - 8 - 16;
-
-	os_memset(aad, 0, sizeof(aad));
-	gcmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
-
-	if (aes_gcm_ad(tk, tk_len, nonce, sizeof(nonce), m, mlen, aad, aad_len,
-		       m + mlen, plain) < 0) {
-		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		wpa_printf(MSG_INFO, "Invalid GCMP frame: A1=" MACSTR
-			   " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3),
-			   WLAN_GET_SEQ_SEQ(seq_ctrl),
-			   WLAN_GET_SEQ_FRAG(seq_ctrl));
-		os_free(plain);
-		return NULL;
-	}
-
-	*decrypted_len = mlen;
-	return plain;
-}
-
-
-u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len,
-		  size_t hdrlen, const u8 *qos,
-		  const u8 *pn, int keyid, size_t *encrypted_len)
-{
-	u8 aad[30], nonce[12], *crypt, *pos;
-	size_t aad_len, plen;
-	struct ieee80211_hdr *hdr;
-
-	if (len < hdrlen || hdrlen < 24)
-		return NULL;
-	plen = len - hdrlen;
-
-	crypt = os_malloc(hdrlen + 8 + plen + 16 + AES_BLOCK_SIZE);
-	if (crypt == NULL)
-		return NULL;
-
-	os_memcpy(crypt, frame, hdrlen);
-	hdr = (struct ieee80211_hdr *) crypt;
-	pos = crypt + hdrlen;
-	*pos++ = pn[5]; /* PN0 */
-	*pos++ = pn[4]; /* PN1 */
-	*pos++ = 0x00; /* Rsvd */
-	*pos++ = 0x20 | (keyid << 6);
-	*pos++ = pn[3]; /* PN2 */
-	*pos++ = pn[2]; /* PN3 */
-	*pos++ = pn[1]; /* PN4 */
-	*pos++ = pn[0]; /* PN5 */
-
-	os_memset(aad, 0, sizeof(aad));
-	gcmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
-	wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
-	wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
-
-	if (aes_gcm_ae(tk, tk_len, nonce, sizeof(nonce), frame + hdrlen, plen,
-		       aad, aad_len, pos, pos + plen) < 0) {
-		os_free(crypt);
-		return NULL;
-	}
-
-	wpa_hexdump(MSG_EXCESSIVE, "GCMP MIC", pos + plen, 16);
-	wpa_hexdump(MSG_EXCESSIVE, "GCMP encrypted", pos, plen);
-
-	*encrypted_len = hdrlen + 8 + plen + 16;
-
-	return crypt;
-}
diff --git a/wlantest/inject.c b/wlantest/inject.c
deleted file mode 100644
index b177bcfd9301..000000000000
--- a/wlantest/inject.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * wlantest frame injection
- * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/defs.h"
-#include "common/ieee802_11_defs.h"
-#include "crypto/aes_wrap.h"
-#include "wlantest.h"
-
-
-static int inject_frame(int s, const void *data, size_t len)
-{
-#define	IEEE80211_RADIOTAP_F_FRAG	0x08
-	unsigned char rtap_hdr[] = {
-		0x00, 0x00, /* radiotap version */
-		0x0e, 0x00, /* radiotap length */
-		0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
-		IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
-		0x00,       /* padding */
-		0x00, 0x00, /* RX and TX flags to indicate that */
-		0x00, 0x00, /* this is the injected frame directly */
-	};
-	struct iovec iov[2] = {
-		{
-			.iov_base = &rtap_hdr,
-			.iov_len = sizeof(rtap_hdr),
-		},
-		{
-			.iov_base = (void *) data,
-			.iov_len = len,
-		}
-	};
-	struct msghdr msg = {
-		.msg_name = NULL,
-		.msg_namelen = 0,
-		.msg_iov = iov,
-		.msg_iovlen = 2,
-		.msg_control = NULL,
-		.msg_controllen = 0,
-		.msg_flags = 0,
-	};
-	int ret;
-
-	ret = sendmsg(s, &msg, 0);
-	if (ret < 0)
-		wpa_printf(MSG_ERROR, "sendmsg: %s", strerror(errno));
-	return ret;
-}
-
-
-static int is_robust_mgmt(u8 *frame, size_t len)
-{
-	struct ieee80211_mgmt *mgmt;
-	u16 fc, stype;
-	if (len < 24)
-		return 0;
-	mgmt = (struct ieee80211_mgmt *) frame;
-	fc = le_to_host16(mgmt->frame_control);
-	if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT)
-		return 0;
-	stype = WLAN_FC_GET_STYPE(fc);
-	if (stype == WLAN_FC_STYPE_DEAUTH || stype == WLAN_FC_STYPE_DISASSOC)
-		return 1;
-	if (stype == WLAN_FC_STYPE_ACTION ||
-	    stype == WLAN_FC_STYPE_ACTION_NO_ACK) {
-		if (len < 25)
-			return 0;
-		if (mgmt->u.action.category != WLAN_ACTION_PUBLIC)
-			return 1;
-	}
-	return 0;
-}
-
-
-static int wlantest_inject_bip(struct wlantest *wt, struct wlantest_bss *bss,
-			       u8 *frame, size_t len, int incorrect_key)
-{
-	u8 *prot;
-	u8 stub[32];
-	int ret;
-	size_t plen;
-
-	if (!bss->igtk_len[bss->igtk_idx])
-		return -1;
-
-	os_memset(stub, 0x11, sizeof(stub));
-	inc_byte_array(bss->ipn[bss->igtk_idx], 6);
-
-	prot = bip_protect(incorrect_key ? stub : bss->igtk[bss->igtk_idx],
-			   bss->igtk_len[bss->igtk_idx],
-			   frame, len, bss->ipn[bss->igtk_idx],
-			   bss->igtk_idx, &plen);
-	if (prot == NULL)
-		return -1;
-
-
-	ret = inject_frame(wt->monitor_sock, prot, plen);
-	os_free(prot);
-
-	return (ret < 0) ? -1 : 0;
-}
-
-
-static int wlantest_inject_prot_bc(struct wlantest *wt,
-				   struct wlantest_bss *bss,
-				   u8 *frame, size_t len, int incorrect_key)
-{
-	u8 *crypt;
-	size_t crypt_len;
-	int ret;
-	u8 stub[64];
-	u8 *pn;
-	struct ieee80211_hdr *hdr;
-	u16 fc;
-	int hdrlen;
-
-	hdr = (struct ieee80211_hdr *) frame;
-	hdrlen = 24;
-	fc = le_to_host16(hdr->frame_control);
-
-	if (!bss->gtk_len[bss->gtk_idx])
-		return -1;
-
-	if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-	    (WLAN_FC_TODS | WLAN_FC_FROMDS))
-		hdrlen += ETH_ALEN;
-	pn = bss->rsc[bss->gtk_idx];
-	inc_byte_array(pn, 6);
-
-	os_memset(stub, 0x11, sizeof(stub));
-	if (bss->group_cipher == WPA_CIPHER_TKIP)
-		crypt = tkip_encrypt(incorrect_key ? stub :
-				     bss->gtk[bss->gtk_idx],
-				     frame, len, hdrlen, NULL, pn,
-				     bss->gtk_idx, &crypt_len);
-	else
-		crypt = ccmp_encrypt(incorrect_key ? stub :
-				     bss->gtk[bss->gtk_idx],
-				     frame, len, hdrlen, NULL, pn,
-				     bss->gtk_idx, &crypt_len);
-
-	if (crypt == NULL)
-		return -1;
-
-	ret = inject_frame(wt->monitor_sock, crypt, crypt_len);
-	os_free(crypt);
-
-	return (ret < 0) ? -1 : 0;
-}
-
-
-static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
-				struct wlantest_sta *sta, u8 *frame,
-				size_t len, int incorrect_key)
-{
-	u8 *crypt;
-	size_t crypt_len;
-	int ret;
-	u8 stub[64];
-	u8 *pn;
-	struct ieee80211_hdr *hdr;
-	u16 fc;
-	int tid = 0;
-	u8 *qos = NULL;
-	int hdrlen;
-	struct wlantest_tdls *tdls = NULL;
-	const u8 *tk = NULL;
-
-	hdr = (struct ieee80211_hdr *) frame;
-	hdrlen = 24;
-	fc = le_to_host16(hdr->frame_control);
-
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA &&
-	    (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) == 0) {
-		struct wlantest_sta *sta2;
-		bss = bss_get(wt, hdr->addr3);
-		if (bss == NULL) {
-			wpa_printf(MSG_DEBUG, "No BSS found for TDLS "
-				   "injection");
-			return -1;
-		}
-		sta = sta_find(bss, hdr->addr2);
-		sta2 = sta_find(bss, hdr->addr1);
-		if (sta == NULL || sta2 == NULL) {
-			wpa_printf(MSG_DEBUG, "No stations found for TDLS "
-				   "injection");
-			return -1;
-		}
-		dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list)
-		{
-			if ((tdls->init == sta && tdls->resp == sta2) ||
-			    (tdls->init == sta2 && tdls->resp == sta)) {
-				if (!tdls->link_up)
-					wpa_printf(MSG_DEBUG, "TDLS: Link not "
-						   "up, but injecting Data "
-						   "frame on direct link");
-				tk = tdls->tpk.tk;
-				break;
-			}
-		}
-	}
-
-	if (tk == NULL && sta == NULL) {
-		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
-			return wlantest_inject_bip(wt, bss, frame, len,
-						   incorrect_key);
-		return wlantest_inject_prot_bc(wt, bss, frame, len,
-					       incorrect_key);
-	}
-
-	if (tk == NULL && !sta->ptk_set) {
-		wpa_printf(MSG_DEBUG, "No key known for injection");
-		return -1;
-	}
-
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
-		tid = 16;
-	else if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) {
-		if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-		    (WLAN_FC_TODS | WLAN_FC_FROMDS))
-			hdrlen += ETH_ALEN;
-		if (WLAN_FC_GET_STYPE(fc) & 0x08) {
-			qos = frame + hdrlen;
-			hdrlen += 2;
-			tid = qos[0] & 0x0f;
-		}
-	}
-	if (tk) {
-		if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0)
-			pn = tdls->rsc_init[tid];
-		else
-			pn = tdls->rsc_resp[tid];
-	} else if (os_memcmp(hdr->addr2, bss->bssid, ETH_ALEN) == 0)
-		pn = sta->rsc_fromds[tid];
-	else
-		pn = sta->rsc_tods[tid];
-	inc_byte_array(pn, 6);
-
-	os_memset(stub, 0x11, sizeof(stub));
-	if (tk)
-		crypt = ccmp_encrypt(incorrect_key ? stub : tk,
-				     frame, len, hdrlen, qos, pn, 0,
-				     &crypt_len);
-	else if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
-		crypt = tkip_encrypt(incorrect_key ? stub : sta->ptk.tk,
-				     frame, len, hdrlen, qos, pn, 0,
-				     &crypt_len);
-	else
-		crypt = ccmp_encrypt(incorrect_key ? stub : sta->ptk.tk,
-				     frame, len, hdrlen, qos, pn, 0,
-				     &crypt_len);
-
-	if (crypt == NULL) {
-		wpa_printf(MSG_DEBUG, "Frame encryption failed");
-		return -1;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "Inject frame (encrypted)", crypt, crypt_len);
-	ret = inject_frame(wt->monitor_sock, crypt, crypt_len);
-	os_free(crypt);
-	wpa_printf(MSG_DEBUG, "inject_frame for protected frame: %d", ret);
-
-	return (ret < 0) ? -1 : 0;
-}
-
-
-int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss,
-		    struct wlantest_sta *sta, u8 *frame, size_t len,
-		    enum wlantest_inject_protection prot)
-{
-	int ret;
-	struct ieee80211_hdr *hdr;
-	u16 fc;
-	int protectable, protect = 0;
-
-	wpa_hexdump(MSG_DEBUG, "Inject frame", frame, len);
-	if (wt->monitor_sock < 0) {
-		wpa_printf(MSG_INFO, "Cannot inject frames when monitor "
-			   "interface is not in use");
-		return -1;
-	}
-
-	if (prot != WLANTEST_INJECT_UNPROTECTED && bss == NULL) {
-		wpa_printf(MSG_INFO, "No BSS information to inject "
-			   "protected frames");
-		return -1;
-	}
-
-	hdr = (struct ieee80211_hdr *) frame;
-	fc = le_to_host16(hdr->frame_control);
-	protectable = WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA ||
-		is_robust_mgmt(frame, len);
-
-	if ((prot == WLANTEST_INJECT_PROTECTED ||
-	     prot == WLANTEST_INJECT_INCORRECT_KEY) && bss) {
-		if (!sta &&
-		    ((WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
-		      !bss->igtk_len[bss->igtk_idx]) ||
-		     (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA &&
-		      !bss->gtk_len[bss->gtk_idx]))) {
-			wpa_printf(MSG_INFO, "No GTK/IGTK known for "
-				   MACSTR " to protect the injected "
-				   "frame", MAC2STR(bss->bssid));
-			return -1;
-		}
-		if (sta && !sta->ptk_set) {
-			wpa_printf(MSG_INFO, "No PTK known for the STA " MACSTR
-				   " to encrypt the injected frame",
-				   MAC2STR(sta->addr));
-			return -1;
-		}
-		protect = 1;
-	} else if (protectable && prot != WLANTEST_INJECT_UNPROTECTED && bss) {
-		if (sta && sta->ptk_set)
-			protect = 1;
-		else if (!sta) {
-			if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA &&
-			    bss->gtk_len[bss->gtk_idx])
-				protect = 1;
-			if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
-			    bss->igtk_len[bss->igtk_idx])
-				protect = 1;
-		}
-	}
-
-	if (protect && bss)
-		return wlantest_inject_prot(
-			wt, bss, sta, frame, len,
-			prot == WLANTEST_INJECT_INCORRECT_KEY);
-
-	ret = inject_frame(wt->monitor_sock, frame, len);
-	wpa_printf(MSG_DEBUG, "inject_frame for unprotected frame: %d", ret);
-	return (ret < 0) ? -1 : 0;
-}
diff --git a/wlantest/monitor.c b/wlantest/monitor.c
deleted file mode 100644
index f28708689ed9..000000000000
--- a/wlantest/monitor.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Linux packet socket monitor
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#ifndef __APPLE__
-#include <net/if.h>
-#include <netpacket/packet.h>
-#endif /* __APPLE__ */
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "wlantest.h"
-
-
-#ifdef __APPLE__
-
-int monitor_init(struct wlantest *wt, const char *ifname)
-{
-	return -1;
-}
-
-
-int monitor_init_wired(struct wlantest *wt, const char *ifname)
-{
-	return -1;
-}
-
-
-void monitor_deinit(struct wlantest *wt)
-{
-}
-
-#else /* __APPLE__ */
-
-static void monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wlantest *wt = eloop_ctx;
-	u8 buf[3000];
-	int len;
-
-	len = recv(sock, buf, sizeof(buf), 0);
-	if (len < 0) {
-		wpa_printf(MSG_INFO, "recv(PACKET): %s", strerror(errno));
-		return;
-	}
-
-	clear_notes(wt);
-	os_free(wt->decrypted);
-	wt->decrypted = NULL;
-	write_pcap_captured(wt, buf, len);
-	wlantest_process(wt, buf, len);
-	write_pcapng_captured(wt, buf, len);
-}
-
-
-static void monitor_read_wired(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wlantest *wt = eloop_ctx;
-	u8 buf[3000];
-	int len;
-
-	len = recv(sock, buf, sizeof(buf), 0);
-	if (len < 0) {
-		wpa_printf(MSG_INFO, "recv(PACKET): %s", strerror(errno));
-		return;
-	}
-
-	wlantest_process_wired(wt, buf, len);
-}
-
-
-int monitor_init(struct wlantest *wt, const char *ifname)
-{
-	struct sockaddr_ll ll;
-
-	os_memset(&ll, 0, sizeof(ll));
-	ll.sll_family = AF_PACKET;
-	ll.sll_ifindex = if_nametoindex(ifname);
-	if (ll.sll_ifindex == 0) {
-		wpa_printf(MSG_ERROR, "Monitor interface '%s' does not exist",
-			   ifname);
-		return -1;
-	}
-
-	wt->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
-	if (wt->monitor_sock < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_PACKET,SOCK_RAW): %s",
-			   strerror(errno));
-		return -1;
-	}
-
-	if (bind(wt->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
-		wpa_printf(MSG_ERROR, "bind(PACKET): %s", strerror(errno));
-		close(wt->monitor_sock);
-		wt->monitor_sock = -1;
-		return -1;
-	}
-
-	if (eloop_register_read_sock(wt->monitor_sock, monitor_read, wt, NULL))
-	{
-		wpa_printf(MSG_ERROR, "Could not register monitor read "
-			   "socket");
-		close(wt->monitor_sock);
-		wt->monitor_sock = -1;
-		return -1;
-	}
-
-	return 0;
-}
-
-
-int monitor_init_wired(struct wlantest *wt, const char *ifname)
-{
-	struct sockaddr_ll ll;
-
-	os_memset(&ll, 0, sizeof(ll));
-	ll.sll_family = AF_PACKET;
-	ll.sll_ifindex = if_nametoindex(ifname);
-	if (ll.sll_ifindex == 0) {
-		wpa_printf(MSG_ERROR, "Monitor interface '%s' does not exist",
-			   ifname);
-		return -1;
-	}
-
-	wt->monitor_wired = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
-	if (wt->monitor_wired < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_PACKET,SOCK_RAW): %s",
-			   strerror(errno));
-		return -1;
-	}
-
-	if (bind(wt->monitor_wired, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
-		wpa_printf(MSG_ERROR, "bind(PACKET): %s", strerror(errno));
-		close(wt->monitor_wired);
-		wt->monitor_wired = -1;
-		return -1;
-	}
-
-	if (eloop_register_read_sock(wt->monitor_wired, monitor_read_wired,
-				     wt, NULL)) {
-		wpa_printf(MSG_ERROR, "Could not register monitor read "
-			   "socket");
-		close(wt->monitor_wired);
-		wt->monitor_wired = -1;
-		return -1;
-	}
-
-	return 0;
-}
-
-
-void monitor_deinit(struct wlantest *wt)
-{
-	if (wt->monitor_sock >= 0) {
-		eloop_unregister_read_sock(wt->monitor_sock);
-		close(wt->monitor_sock);
-		wt->monitor_sock = -1;
-	}
-
-	if (wt->monitor_wired >= 0) {
-		eloop_unregister_read_sock(wt->monitor_wired);
-		close(wt->monitor_wired);
-		wt->monitor_wired = -1;
-	}
-}
-
-#endif /* __APPLE__ */
diff --git a/wlantest/process.c b/wlantest/process.c
deleted file mode 100644
index 4d174bada947..000000000000
--- a/wlantest/process.c
+++ /dev/null
@@ -1,409 +0,0 @@
-/*
- * Received frame processing
- * Copyright (c) 2010-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/crc32.h"
-#include "utils/radiotap.h"
-#include "utils/radiotap_iter.h"
-#include "common/ieee802_11_defs.h"
-#include "common/qca-vendor.h"
-#include "wlantest.h"
-
-
-static struct wlantest_sta * rx_get_sta(struct wlantest *wt,
-					const struct ieee80211_hdr *hdr,
-					size_t len, int *to_ap)
-{
-	u16 fc;
-	const u8 *sta_addr, *bssid;
-	struct wlantest_bss *bss;
-
-	*to_ap = 0;
-	if (hdr->addr1[0] & 0x01)
-		return NULL; /* Ignore group addressed frames */
-
-	fc = le_to_host16(hdr->frame_control);
-	switch (WLAN_FC_GET_TYPE(fc)) {
-	case WLAN_FC_TYPE_MGMT:
-		if (len < 24)
-			return NULL;
-		bssid = hdr->addr3;
-		if (os_memcmp(bssid, hdr->addr2, ETH_ALEN) == 0) {
-			sta_addr = hdr->addr1;
-			*to_ap = 0;
-		} else {
-			if (os_memcmp(bssid, hdr->addr1, ETH_ALEN) != 0)
-				return NULL; /* Unsupported STA-to-STA frame */
-			sta_addr = hdr->addr2;
-			*to_ap = 1;
-		}
-		break;
-	case WLAN_FC_TYPE_DATA:
-		if (len < 24)
-			return NULL;
-		switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
-		case 0:
-			return NULL; /* IBSS not supported */
-		case WLAN_FC_FROMDS:
-			sta_addr = hdr->addr1;
-			bssid = hdr->addr2;
-			*to_ap = 0;
-			break;
-		case WLAN_FC_TODS:
-			sta_addr = hdr->addr2;
-			bssid = hdr->addr1;
-			*to_ap = 1;
-			break;
-		case WLAN_FC_TODS | WLAN_FC_FROMDS:
-			return NULL; /* WDS not supported */
-		default:
-			return NULL;
-		}
-		break;
-	case WLAN_FC_TYPE_CTRL:
-		if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PSPOLL &&
-		    len >= 16) {
-			sta_addr = hdr->addr2;
-			bssid = hdr->addr1;
-			*to_ap = 1;
-		} else
-			return NULL;
-		break;
-	default:
-		return NULL;
-	}
-
-	bss = bss_find(wt, bssid);
-	if (bss == NULL)
-		return NULL;
-	return sta_find(bss, sta_addr);
-}
-
-
-static void rx_update_ps(struct wlantest *wt, const struct ieee80211_hdr *hdr,
-			 size_t len, struct wlantest_sta *sta, int to_ap)
-{
-	u16 fc, type, stype;
-
-	if (sta == NULL)
-		return;
-
-	fc = le_to_host16(hdr->frame_control);
-	type = WLAN_FC_GET_TYPE(fc);
-	stype = WLAN_FC_GET_STYPE(fc);
-
-	if (!to_ap) {
-		if (sta->pwrmgt && !sta->pspoll) {
-			u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-			add_note(wt, MSG_DEBUG, "AP " MACSTR " sent a frame "
-				 "(%u:%u) to a sleeping STA " MACSTR
-				 " (seq=%u)",
-				 MAC2STR(sta->bss->bssid),
-				 type, stype, MAC2STR(sta->addr),
-				 WLAN_GET_SEQ_SEQ(seq_ctrl));
-		} else
-			sta->pspoll = 0;
-		return;
-	}
-
-	sta->pspoll = 0;
-
-	if (type == WLAN_FC_TYPE_DATA || type == WLAN_FC_TYPE_MGMT ||
-	    (type == WLAN_FC_TYPE_CTRL && stype == WLAN_FC_STYPE_PSPOLL)) {
-		/*
-		 * In theory, the PS state changes only at the end of the frame
-		 * exchange that is ACKed by the AP. However, most cases are
-		 * handled with this simpler implementation that does not
-		 * maintain state through the frame exchange.
-		 */
-		if (sta->pwrmgt && !(fc & WLAN_FC_PWRMGT)) {
-			add_note(wt, MSG_DEBUG, "STA " MACSTR " woke up from "
-				 "sleep", MAC2STR(sta->addr));
-			sta->pwrmgt = 0;
-		} else if (!sta->pwrmgt && (fc & WLAN_FC_PWRMGT)) {
-			add_note(wt, MSG_DEBUG, "STA " MACSTR " went to sleep",
-				 MAC2STR(sta->addr));
-			sta->pwrmgt = 1;
-		}
-	}
-
-	if (type == WLAN_FC_TYPE_CTRL && stype == WLAN_FC_STYPE_PSPOLL)
-		sta->pspoll = 1;
-}
-
-
-static int rx_duplicate(struct wlantest *wt, const struct ieee80211_hdr *hdr,
-			size_t len, struct wlantest_sta *sta, int to_ap)
-{
-	u16 fc;
-	int tid = 16;
-	le16 *seq_ctrl;
-
-	if (sta == NULL)
-		return 0;
-
-	fc = le_to_host16(hdr->frame_control);
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA &&
-	    (WLAN_FC_GET_STYPE(fc) & 0x08) && len >= 26) {
-		const u8 *qos = ((const u8 *) hdr) + 24;
-		tid = qos[0] & 0x0f;
-	}
-
-	if (to_ap)
-		seq_ctrl = &sta->seq_ctrl_to_ap[tid];
-	else
-		seq_ctrl = &sta->seq_ctrl_to_sta[tid];
-
-	if ((fc & WLAN_FC_RETRY) && hdr->seq_ctrl == *seq_ctrl &&
-	    !sta->allow_duplicate) {
-		u16 s = le_to_host16(hdr->seq_ctrl);
-		add_note(wt, MSG_MSGDUMP, "Ignore duplicated frame (seq=%u "
-			 "frag=%u A1=" MACSTR " A2=" MACSTR ")",
-			 WLAN_GET_SEQ_SEQ(s), WLAN_GET_SEQ_FRAG(s),
-			 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2));
-		return 1;
-	}
-
-	*seq_ctrl = hdr->seq_ctrl;
-	sta->allow_duplicate = 0;
-
-	return 0;
-}
-
-
-static void rx_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr)
-{
-	struct ieee80211_hdr *last = (struct ieee80211_hdr *) wt->last_hdr;
-	u16 fc;
-
-	if (wt->last_len < 24 || (last->addr1[0] & 0x01) ||
-	    os_memcmp(hdr->addr1, last->addr2, ETH_ALEN) != 0) {
-		add_note(wt, MSG_MSGDUMP, "Unknown Ack frame (previous frame "
-			 "not seen)");
-		return;
-	}
-
-	/* Ack to the previous frame */
-	fc = le_to_host16(last->frame_control);
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
-		rx_mgmt_ack(wt, last);
-}
-
-
-static void rx_frame(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_hdr *hdr;
-	u16 fc;
-	struct wlantest_sta *sta;
-	int to_ap;
-
-	wpa_hexdump(MSG_EXCESSIVE, "RX frame", data, len);
-	if (len < 2)
-		return;
-
-	hdr = (const struct ieee80211_hdr *) data;
-	fc = le_to_host16(hdr->frame_control);
-	if (fc & WLAN_FC_PVER) {
-		wpa_printf(MSG_DEBUG, "Drop RX frame with unexpected pver=%d",
-			   fc & WLAN_FC_PVER);
-		return;
-	}
-
-	sta = rx_get_sta(wt, hdr, len, &to_ap);
-
-	switch (WLAN_FC_GET_TYPE(fc)) {
-	case WLAN_FC_TYPE_MGMT:
-		if (len < 24)
-			break;
-		if (rx_duplicate(wt, hdr, len, sta, to_ap))
-			break;
-		rx_update_ps(wt, hdr, len, sta, to_ap);
-		rx_mgmt(wt, data, len);
-		break;
-	case WLAN_FC_TYPE_CTRL:
-		if (len < 10)
-			break;
-		wt->rx_ctrl++;
-		rx_update_ps(wt, hdr, len, sta, to_ap);
-		if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACK)
-			rx_ack(wt, hdr);
-		break;
-	case WLAN_FC_TYPE_DATA:
-		if (len < 24)
-			break;
-		if (rx_duplicate(wt, hdr, len, sta, to_ap))
-			break;
-		rx_update_ps(wt, hdr, len, sta, to_ap);
-		rx_data(wt, data, len);
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "Drop RX frame with unexpected type %d",
-			   WLAN_FC_GET_TYPE(fc));
-		break;
-	}
-
-	os_memcpy(wt->last_hdr, data, len > sizeof(wt->last_hdr) ?
-		  sizeof(wt->last_hdr) : len);
-	wt->last_len = len;
-}
-
-
-static void tx_status(struct wlantest *wt, const u8 *data, size_t len, int ack)
-{
-	wpa_printf(MSG_DEBUG, "TX status: ack=%d", ack);
-	wpa_hexdump(MSG_EXCESSIVE, "TX status frame", data, len);
-}
-
-
-static int check_fcs(const u8 *frame, size_t frame_len, const u8 *fcs)
-{
-	if (WPA_GET_LE32(fcs) != crc32(frame, frame_len))
-		return -1;
-	return 0;
-}
-
-
-void wlantest_process(struct wlantest *wt, const u8 *data, size_t len)
-{
-	struct ieee80211_radiotap_iterator iter;
-	int ret;
-	int rxflags = 0, txflags = 0, failed = 0, fcs = 0;
-	const u8 *frame, *fcspos;
-	size_t frame_len;
-
-	if (wt->ethernet)
-		return;
-
-	wpa_hexdump(MSG_EXCESSIVE, "Process data", data, len);
-
-	if (ieee80211_radiotap_iterator_init(&iter, (void *) data, len, NULL)) {
-		add_note(wt, MSG_INFO, "Invalid radiotap frame");
-		return;
-	}
-
-	for (;;) {
-		ret = ieee80211_radiotap_iterator_next(&iter);
-		wpa_printf(MSG_EXCESSIVE, "radiotap iter: %d "
-			   "this_arg_index=%d", ret, iter.this_arg_index);
-		if (ret == -ENOENT)
-			break;
-		if (ret) {
-			add_note(wt, MSG_INFO, "Invalid radiotap header: %d",
-				 ret);
-			return;
-		}
-		switch (iter.this_arg_index) {
-		case IEEE80211_RADIOTAP_FLAGS:
-			if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
-				fcs = 1;
-			break;
-		case IEEE80211_RADIOTAP_RX_FLAGS:
-			rxflags = 1;
-			break;
-		case IEEE80211_RADIOTAP_TX_FLAGS:
-			txflags = 1;
-			failed = le_to_host16((*(u16 *) iter.this_arg)) &
-				IEEE80211_RADIOTAP_F_TX_FAIL;
-			break;
-		case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
-			if (WPA_GET_BE24(iter.this_arg) == OUI_QCA &&
-			    iter.this_arg[3] == QCA_RADIOTAP_VID_WLANTEST) {
-				add_note(wt, MSG_DEBUG,
-					 "Skip frame inserted by wlantest");
-				return;
-			}
-		}
-	}
-
-	frame = data + iter._max_length;
-	frame_len = len - iter._max_length;
-
-	if (fcs && frame_len >= 4) {
-		frame_len -= 4;
-		fcspos = frame + frame_len;
-		if (check_fcs(frame, frame_len, fcspos) < 0) {
-			add_note(wt, MSG_EXCESSIVE, "Drop RX frame with "
-				 "invalid FCS");
-			wt->fcs_error++;
-			return;
-		}
-	}
-
-	if (rxflags && txflags)
-		return;
-	if (!txflags)
-		rx_frame(wt, frame, frame_len);
-	else {
-		add_note(wt, MSG_EXCESSIVE, "TX status - process as RX of "
-			 "local frame");
-		tx_status(wt, frame, frame_len, !failed);
-		/* Process as RX frame to support local monitor interface */
-		rx_frame(wt, frame, frame_len);
-	}
-}
-
-
-void wlantest_process_prism(struct wlantest *wt, const u8 *data, size_t len)
-{
-	int fcs = 0;
-	const u8 *frame, *fcspos;
-	size_t frame_len;
-	u32 hdrlen;
-
-	wpa_hexdump(MSG_EXCESSIVE, "Process data", data, len);
-
-	if (len < 8)
-		return;
-	hdrlen = WPA_GET_LE32(data + 4);
-
-	if (len < hdrlen) {
-		wpa_printf(MSG_INFO, "Too short frame to include prism "
-			   "header");
-		return;
-	}
-
-	frame = data + hdrlen;
-	frame_len = len - hdrlen;
-	fcs = 1;
-
-	if (fcs && frame_len >= 4) {
-		frame_len -= 4;
-		fcspos = frame + frame_len;
-		if (check_fcs(frame, frame_len, fcspos) < 0) {
-			add_note(wt, MSG_EXCESSIVE, "Drop RX frame with "
-				 "invalid FCS");
-			wt->fcs_error++;
-			return;
-		}
-	}
-
-	rx_frame(wt, frame, frame_len);
-}
-
-
-void wlantest_process_80211(struct wlantest *wt, const u8 *data, size_t len)
-{
-	wpa_hexdump(MSG_EXCESSIVE, "Process data", data, len);
-
-	if (wt->assume_fcs && len >= 4) {
-		const u8 *fcspos;
-
-		len -= 4;
-		fcspos = data + len;
-		if (check_fcs(data, len, fcspos) < 0) {
-			add_note(wt, MSG_EXCESSIVE, "Drop RX frame with "
-				 "invalid FCS");
-			wt->fcs_error++;
-			return;
-		}
-	}
-
-	rx_frame(wt, data, len);
-}
diff --git a/wlantest/readpcap.c b/wlantest/readpcap.c
deleted file mode 100644
index 1e7e66260c30..000000000000
--- a/wlantest/readpcap.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * PCAP capture file reader
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <pcap.h>
-
-#include "utils/common.h"
-#include "wlantest.h"
-
-
-static void write_pcap_with_radiotap(struct wlantest *wt,
-				     const u8 *data, size_t data_len)
-{
-	struct pcap_pkthdr h;
-	u8 rtap[] = {
-		0x00 /* rev */,
-		0x00 /* pad */,
-		0x0a, 0x00, /* header len */
-		0x02, 0x00, 0x00, 0x00, /* present flags */
-		0x00, /* flags */
-		0x00 /* pad */
-	};
-	u8 *buf;
-	size_t len;
-
-	if (wt->assume_fcs)
-		rtap[8] |= 0x10;
-
-	os_memset(&h, 0, sizeof(h));
-	h.ts = wt->write_pcap_time;
-	len = sizeof(rtap) + data_len;
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return;
-	os_memcpy(buf, rtap, sizeof(rtap));
-	os_memcpy(buf + sizeof(rtap), data, data_len);
-	h.caplen = len;
-	h.len = len;
-	pcap_dump(wt->write_pcap_dumper, &h, buf);
-	os_free(buf);
-}
-
-
-int read_cap_file(struct wlantest *wt, const char *fname)
-{
-	char errbuf[PCAP_ERRBUF_SIZE];
-	pcap_t *pcap;
-	unsigned int count = 0;
-	struct pcap_pkthdr *hdr;
-	const u_char *data;
-	int res;
-	int dlt;
-
-	pcap = pcap_open_offline(fname, errbuf);
-	if (pcap == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to read pcap file '%s': %s",
-			   fname, errbuf);
-		return -1;
-	}
-	dlt = pcap_datalink(pcap);
-	if (dlt != DLT_IEEE802_11_RADIO && dlt != DLT_PRISM_HEADER &&
-	    dlt != DLT_IEEE802_11) {
-		wpa_printf(MSG_ERROR, "Unsupported pcap datalink type: %d",
-			   dlt);
-		pcap_close(pcap);
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "pcap datalink type: %d", dlt);
-
-	for (;;) {
-		clear_notes(wt);
-		os_free(wt->decrypted);
-		wt->decrypted = NULL;
-
-		res = pcap_next_ex(pcap, &hdr, &data);
-		if (res == -2)
-			break; /* No more packets */
-		if (res == -1) {
-			wpa_printf(MSG_INFO, "pcap_next_ex failure: %s",
-				   pcap_geterr(pcap));
-			break;
-		}
-		if (res != 1) {
-			wpa_printf(MSG_INFO, "Unexpected pcap_next_ex return "
-				   "value %d", res);
-			break;
-		}
-
-		/* Packet was read without problems */
-		wt->frame_num++;
-		wpa_printf(MSG_EXCESSIVE, "pcap hdr: ts=%d.%06d "
-			   "len=%u/%u",
-			   (int) hdr->ts.tv_sec, (int) hdr->ts.tv_usec,
-			   hdr->caplen, hdr->len);
-		if (wt->write_pcap_dumper) {
-			wt->write_pcap_time = hdr->ts;
-			if (dlt == DLT_IEEE802_11)
-				write_pcap_with_radiotap(wt, data, hdr->caplen);
-			else
-				pcap_dump(wt->write_pcap_dumper, hdr, data);
-			if (wt->pcap_no_buffer)
-				pcap_dump_flush(wt->write_pcap_dumper);
-		}
-		if (hdr->caplen < hdr->len) {
-			add_note(wt, MSG_DEBUG, "pcap: Dropped incomplete "
-				 "frame (%u/%u captured)",
-				 hdr->caplen, hdr->len);
-			write_pcapng_write_read(wt, dlt, hdr, data);
-			continue;
-		}
-		count++;
-		switch (dlt) {
-		case DLT_IEEE802_11_RADIO:
-			wlantest_process(wt, data, hdr->caplen);
-			break;
-		case DLT_PRISM_HEADER:
-			wlantest_process_prism(wt, data, hdr->caplen);
-			break;
-		case DLT_IEEE802_11:
-			wlantest_process_80211(wt, data, hdr->caplen);
-			break;
-		}
-		write_pcapng_write_read(wt, dlt, hdr, data);
-	}
-
-	pcap_close(pcap);
-
-	wpa_printf(MSG_DEBUG, "Read %s: %u packets", fname, count);
-
-	return 0;
-}
-
-
-int read_wired_cap_file(struct wlantest *wt, const char *fname)
-{
-	char errbuf[PCAP_ERRBUF_SIZE];
-	pcap_t *pcap;
-	unsigned int count = 0;
-	struct pcap_pkthdr *hdr;
-	const u_char *data;
-	int res;
-
-	pcap = pcap_open_offline(fname, errbuf);
-	if (pcap == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to read pcap file '%s': %s",
-			   fname, errbuf);
-		return -1;
-	}
-
-	for (;;) {
-		res = pcap_next_ex(pcap, &hdr, &data);
-		if (res == -2)
-			break; /* No more packets */
-		if (res == -1) {
-			wpa_printf(MSG_INFO, "pcap_next_ex failure: %s",
-				   pcap_geterr(pcap));
-			break;
-		}
-		if (res != 1) {
-			wpa_printf(MSG_INFO, "Unexpected pcap_next_ex return "
-				   "value %d", res);
-			break;
-		}
-
-		/* Packet was read without problems */
-		wpa_printf(MSG_EXCESSIVE, "pcap hdr: ts=%d.%06d "
-			   "len=%u/%u",
-			   (int) hdr->ts.tv_sec, (int) hdr->ts.tv_usec,
-			   hdr->caplen, hdr->len);
-		if (hdr->caplen < hdr->len) {
-			wpa_printf(MSG_DEBUG, "pcap: Dropped incomplete frame "
-				   "(%u/%u captured)",
-				   hdr->caplen, hdr->len);
-			continue;
-		}
-		count++;
-		wlantest_process_wired(wt, data, hdr->caplen);
-	}
-
-	pcap_close(pcap);
-
-	wpa_printf(MSG_DEBUG, "Read %s: %u packets", fname, count);
-
-	return 0;
-}
diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c
deleted file mode 100644
index 16e0f53bc22f..000000000000
--- a/wlantest/rx_data.c
+++ /dev/null
@@ -1,927 +0,0 @@
-/*
- * Received Data frame processing
- * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/defs.h"
-#include "common/ieee802_11_defs.h"
-#include "wlantest.h"
-
-
-static const char * data_stype(u16 stype)
-{
-	switch (stype) {
-	case WLAN_FC_STYPE_DATA:
-		return "DATA";
-	case WLAN_FC_STYPE_DATA_CFACK:
-		return "DATA-CFACK";
-	case WLAN_FC_STYPE_DATA_CFPOLL:
-		return "DATA-CFPOLL";
-	case WLAN_FC_STYPE_DATA_CFACKPOLL:
-		return "DATA-CFACKPOLL";
-	case WLAN_FC_STYPE_NULLFUNC:
-		return "NULLFUNC";
-	case WLAN_FC_STYPE_CFACK:
-		return "CFACK";
-	case WLAN_FC_STYPE_CFPOLL:
-		return "CFPOLL";
-	case WLAN_FC_STYPE_CFACKPOLL:
-		return "CFACKPOLL";
-	case WLAN_FC_STYPE_QOS_DATA:
-		return "QOSDATA";
-	case WLAN_FC_STYPE_QOS_DATA_CFACK:
-		return "QOSDATA-CFACK";
-	case WLAN_FC_STYPE_QOS_DATA_CFPOLL:
-		return "QOSDATA-CFPOLL";
-	case WLAN_FC_STYPE_QOS_DATA_CFACKPOLL:
-		return "QOSDATA-CFACKPOLL";
-	case WLAN_FC_STYPE_QOS_NULL:
-		return "QOS-NULL";
-	case WLAN_FC_STYPE_QOS_CFPOLL:
-		return "QOS-CFPOLL";
-	case WLAN_FC_STYPE_QOS_CFACKPOLL:
-		return "QOS-CFACKPOLL";
-	}
-	return "??";
-}
-
-
-static void rx_data_eth(struct wlantest *wt, const u8 *bssid,
-			const u8 *sta_addr, const u8 *dst, const u8 *src,
-			u16 ethertype, const u8 *data, size_t len, int prot,
-			const u8 *peer_addr);
-
-static void rx_data_vlan(struct wlantest *wt, const u8 *bssid,
-			 const u8 *sta_addr, const u8 *dst, const u8 *src,
-			 const u8 *data, size_t len, int prot,
-			 const u8 *peer_addr)
-{
-	u16 tag;
-
-	if (len < 4)
-		return;
-	tag = WPA_GET_BE16(data);
-	wpa_printf(MSG_MSGDUMP, "VLAN tag: Priority=%u ID=%u",
-		   tag >> 12, tag & 0x0ffff);
-	/* ignore VLAN information and process the original frame */
-	rx_data_eth(wt, bssid, sta_addr, dst, src, WPA_GET_BE16(data + 2),
-		    data + 4, len - 4, prot, peer_addr);
-}
-
-
-static void rx_data_eth(struct wlantest *wt, const u8 *bssid,
-			const u8 *sta_addr, const u8 *dst, const u8 *src,
-			u16 ethertype, const u8 *data, size_t len, int prot,
-			const u8 *peer_addr)
-{
-	switch (ethertype) {
-	case ETH_P_PAE:
-		rx_data_eapol(wt, bssid, sta_addr, dst, src, data, len, prot);
-		break;
-	case ETH_P_IP:
-		rx_data_ip(wt, bssid, sta_addr, dst, src, data, len,
-			   peer_addr);
-		break;
-	case 0x890d:
-		rx_data_80211_encap(wt, bssid, sta_addr, dst, src, data, len);
-		break;
-	case ETH_P_8021Q:
-		rx_data_vlan(wt, bssid, sta_addr, dst, src, data, len, prot,
-			     peer_addr);
-		break;
-	}
-}
-
-
-static void rx_data_process(struct wlantest *wt, struct wlantest_bss *bss,
-			    const u8 *bssid,
-			    const u8 *sta_addr,
-			    const u8 *dst, const u8 *src,
-			    const u8 *data, size_t len, int prot,
-			    const u8 *peer_addr, const u8 *qos)
-{
-	if (len == 0)
-		return;
-
-	if (bss && bss->mesh && qos && !(qos[0] & BIT(7)) &&
-	    (qos[1] & BIT(0))) {
-		u8 addr_ext_mode;
-		size_t mesh_control_len = 6;
-
-		/* Skip Mesh Control field if this is not an A-MSDU */
-		if (len < mesh_control_len) {
-			wpa_printf(MSG_DEBUG,
-				   "Not enough room for Mesh Control field");
-			return;
-		}
-
-		addr_ext_mode = data[0] & 0x03;
-		if (addr_ext_mode == 3) {
-			wpa_printf(MSG_DEBUG,
-				   "Reserved Mesh Control :: Address Extension Mode");
-			return;
-		}
-
-		mesh_control_len += addr_ext_mode * ETH_ALEN;
-		if (len < mesh_control_len) {
-			wpa_printf(MSG_DEBUG,
-				   "Not enough room for Mesh Address Extension");
-			return;
-		}
-
-		len -= mesh_control_len;
-		data += mesh_control_len;
-	}
-
-	if (len >= 8 && os_memcmp(data, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) {
-		rx_data_eth(wt, bssid, sta_addr, dst, src,
-			    WPA_GET_BE16(data + 6), data + 8, len - 8, prot,
-			    peer_addr);
-		return;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "Unrecognized LLC", data, len > 8 ? 8 : len);
-}
-
-
-static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher,
-		    struct wpa_ptk *ptk, const struct ieee80211_hdr *hdr,
-		    const u8 *data, size_t data_len, size_t *decrypted_len)
-{
-	u8 *decrypted;
-	unsigned int tk_len = ptk->tk_len;
-
-	decrypted = NULL;
-	if ((pairwise_cipher == WPA_CIPHER_CCMP ||
-	     pairwise_cipher == 0) && tk_len == 16) {
-		decrypted = ccmp_decrypt(ptk->tk, hdr, data,
-					 data_len, decrypted_len);
-	} else if ((pairwise_cipher == WPA_CIPHER_CCMP_256 ||
-		    pairwise_cipher == 0) && tk_len == 32) {
-		decrypted = ccmp_256_decrypt(ptk->tk, hdr, data,
-					     data_len, decrypted_len);
-	} else if ((pairwise_cipher == WPA_CIPHER_GCMP ||
-		    pairwise_cipher == WPA_CIPHER_GCMP_256 ||
-		    pairwise_cipher == 0) &&
-		   (tk_len == 16 || tk_len == 32)) {
-		decrypted = gcmp_decrypt(ptk->tk, tk_len, hdr,
-					 data, data_len, decrypted_len);
-	} else if ((pairwise_cipher == WPA_CIPHER_TKIP ||
-		    pairwise_cipher == 0) && tk_len == 32) {
-		enum michael_mic_result mic_res;
-
-		decrypted = tkip_decrypt(ptk->tk, hdr, data, data_len,
-					 decrypted_len, &mic_res,
-					 &wt->tkip_frag);
-		if (decrypted && mic_res == MICHAEL_MIC_INCORRECT)
-			add_note(wt, MSG_INFO, "Invalid Michael MIC");
-		else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED)
-			add_note(wt, MSG_DEBUG, "Michael MIC not verified");
-	}
-
-	return decrypted;
-}
-
-
-static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
-			const struct ieee80211_hdr *hdr, int keyid,
-			const u8 *data, size_t data_len, size_t *decrypted_len)
-{
-	struct wlantest_ptk *ptk;
-	u8 *decrypted;
-	int prev_level = wpa_debug_level;
-
-	wpa_debug_level = MSG_WARNING;
-	dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
-		decrypted = try_ptk(wt, pairwise_cipher, &ptk->ptk, hdr,
-				    data, data_len, decrypted_len);
-		if (decrypted) {
-			wpa_debug_level = prev_level;
-			add_note(wt, MSG_DEBUG,
-				 "Found PTK match from list of all known PTKs");
-			write_decrypted_note(wt, decrypted, ptk->ptk.tk,
-					     ptk->ptk.tk_len, keyid);
-			return decrypted;
-		}
-	}
-	wpa_debug_level = prev_level;
-
-	return NULL;
-}
-
-
-static void check_plaintext_prot(struct wlantest *wt,
-				 const struct ieee80211_hdr *hdr,
-				 const u8 *data, size_t len)
-{
-	if (len < 8 + 3 || data[8] != 0xaa || data[9] != 0xaa ||
-	    data[10] != 0x03)
-		return;
-
-	add_note(wt, MSG_DEBUG,
-		 "Plaintext payload in protected frame");
-	wpa_printf(MSG_INFO, "Plaintext payload in protected frame #%u: A2="
-		   MACSTR " seq=%u",
-		   wt->frame_num, MAC2STR(hdr->addr2),
-		   WLAN_GET_SEQ_SEQ(le_to_host16(hdr->seq_ctrl)));
-}
-
-
-static void rx_data_bss_prot_group(struct wlantest *wt,
-				   const struct ieee80211_hdr *hdr,
-				   size_t hdrlen,
-				   const u8 *qos, const u8 *dst, const u8 *src,
-				   const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	int keyid;
-	u8 *decrypted = NULL;
-	size_t dlen;
-	u8 pn[6];
-	int replay = 0;
-
-	bss = bss_get(wt, hdr->addr2);
-	if (bss == NULL)
-		return;
-	if (len < 4) {
-		add_note(wt, MSG_INFO, "Too short group addressed data frame");
-		return;
-	}
-
-	if (bss->group_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) &&
-	    !(data[3] & 0x20)) {
-		add_note(wt, MSG_INFO, "Expected TKIP/CCMP frame from "
-			 MACSTR " did not have ExtIV bit set to 1",
-			 MAC2STR(bss->bssid));
-		return;
-	}
-
-	if (bss->group_cipher == WPA_CIPHER_TKIP) {
-		if (data[3] & 0x1f) {
-			add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
-				 " used non-zero reserved bit",
-				 MAC2STR(bss->bssid));
-		}
-		if (data[1] != ((data[0] | 0x20) & 0x7f)) {
-			add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
-				 " used incorrect WEPSeed[1] (was 0x%x, "
-				 "expected 0x%x)",
-				 MAC2STR(bss->bssid), data[1],
-				 (data[0] | 0x20) & 0x7f);
-		}
-	} else if (bss->group_cipher == WPA_CIPHER_CCMP) {
-		if (data[2] != 0 || (data[3] & 0x1f) != 0) {
-			add_note(wt, MSG_INFO, "CCMP frame from " MACSTR
-				 " used non-zero reserved bit",
-				 MAC2STR(bss->bssid));
-		}
-	}
-
-	check_plaintext_prot(wt, hdr, data, len);
-	keyid = data[3] >> 6;
-	if (bss->gtk_len[keyid] == 0 &&
-	    (bss->group_cipher != WPA_CIPHER_WEP40 ||
-	     dl_list_empty(&wt->wep))) {
-		decrypted = try_all_ptk(wt, bss->group_cipher, hdr, keyid,
-					data, len, &dlen);
-		if (decrypted)
-			goto process;
-		add_note(wt, MSG_MSGDUMP,
-			 "No GTK known to decrypt the frame (A2=" MACSTR
-			 " KeyID=%d)",
-			 MAC2STR(hdr->addr2), keyid);
-		return;
-	}
-
-	if (bss->group_cipher == WPA_CIPHER_TKIP)
-		tkip_get_pn(pn, data);
-	else if (bss->group_cipher == WPA_CIPHER_WEP40)
-		goto skip_replay_det;
-	else
-		ccmp_get_pn(pn, data);
-	if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) {
-		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1];
-
-		wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6);
-		wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), bss->rsc[keyid], 6);
-		add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR
-			 " A2=" MACSTR " A3=" MACSTR
-			 " seq=%u frag=%u%s keyid=%d #%u %s<=%s",
-			 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			 MAC2STR(hdr->addr3),
-			 WLAN_GET_SEQ_SEQ(seq_ctrl),
-			 WLAN_GET_SEQ_FRAG(seq_ctrl),
-			 (le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ?
-			 " Retry" : "",
-			 keyid, wt->frame_num, pn_hex, rsc_hex);
-		replay = 1;
-	}
-
-skip_replay_det:
-	if (bss->group_cipher == WPA_CIPHER_TKIP) {
-		enum michael_mic_result mic_res;
-
-		decrypted = tkip_decrypt(bss->gtk[keyid], hdr, data, len,
-					 &dlen, &mic_res, &wt->tkip_frag);
-		if (decrypted && mic_res == MICHAEL_MIC_INCORRECT)
-			add_note(wt, MSG_INFO, "Invalid Michael MIC");
-		else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED)
-			add_note(wt, MSG_DEBUG, "Michael MIC not verified");
-	} else if (bss->group_cipher == WPA_CIPHER_WEP40) {
-		decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
-	} else if (bss->group_cipher == WPA_CIPHER_CCMP) {
-		decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len,
-					 &dlen);
-	} else if (bss->group_cipher == WPA_CIPHER_CCMP_256) {
-		decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr, data, len,
-					     &dlen);
-	} else if (bss->group_cipher == WPA_CIPHER_GCMP ||
-		   bss->group_cipher == WPA_CIPHER_GCMP_256) {
-		decrypted = gcmp_decrypt(bss->gtk[keyid], bss->gtk_len[keyid],
-					 hdr, data, len, &dlen);
-	}
-
-	if (decrypted) {
-		char gtk[65];
-
-		wpa_snprintf_hex(gtk, sizeof(gtk), bss->gtk[keyid],
-				 bss->gtk_len[keyid]);
-		add_note(wt, MSG_EXCESSIVE, "GTK[%d] %s", keyid, gtk);
-	process:
-		rx_data_process(wt, bss, bss->bssid, NULL, dst, src, decrypted,
-				dlen, 1, NULL, qos);
-		if (!replay)
-			os_memcpy(bss->rsc[keyid], pn, 6);
-		write_pcap_decrypted(wt, (const u8 *) hdr, hdrlen,
-				     decrypted, dlen);
-	} else {
-		wpa_printf(MSG_DEBUG, "Failed to decrypt frame (group) #%u A2="
-			   MACSTR " seq=%u",
-			   wt->frame_num, MAC2STR(hdr->addr2),
-			   WLAN_GET_SEQ_SEQ(le_to_host16(hdr->seq_ctrl)));
-		add_note(wt, MSG_DEBUG, "Failed to decrypt frame (group)");
-	}
-	os_free(decrypted);
-}
-
-
-static u8 * try_ptk_decrypt(struct wlantest *wt, struct wlantest_sta *sta,
-			    const struct ieee80211_hdr *hdr, int keyid,
-			    const u8 *data, size_t len,
-			    const u8 *tk, size_t tk_len, size_t *dlen)
-{
-	u8 *decrypted = NULL;
-
-	if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256)
-		decrypted = ccmp_256_decrypt(tk, hdr, data, len, dlen);
-	else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
-		 sta->pairwise_cipher == WPA_CIPHER_GCMP_256)
-		decrypted = gcmp_decrypt(tk, tk_len, hdr, data, len, dlen);
-	else
-		decrypted = ccmp_decrypt(tk, hdr, data, len, dlen);
-	write_decrypted_note(wt, decrypted, tk, tk_len, keyid);
-
-	return decrypted;
-}
-
-
-static void rx_data_bss_prot(struct wlantest *wt,
-			     const struct ieee80211_hdr *hdr, size_t hdrlen,
-			     const u8 *qos, const u8 *dst, const u8 *src,
-			     const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss, *bss2;
-	struct wlantest_sta *sta, *sta2;
-	int keyid;
-	u16 fc = le_to_host16(hdr->frame_control);
-	u8 *decrypted = NULL;
-	size_t dlen;
-	int tid;
-	u8 pn[6], *rsc = NULL;
-	struct wlantest_tdls *tdls = NULL, *found;
-	const u8 *tk = NULL;
-	int ptk_iter_done = 0;
-	int try_ptk_iter = 0;
-	int replay = 0;
-	int only_zero_tk = 0;
-	u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-
-	if (hdr->addr1[0] & 0x01) {
-		rx_data_bss_prot_group(wt, hdr, hdrlen, qos, dst, src,
-				       data, len);
-		return;
-	}
-
-	if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-	    (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
-		bss = bss_find(wt, hdr->addr1);
-		if (bss) {
-			sta = sta_find(bss, hdr->addr2);
-			if (sta) {
-				sta->counters[
-					WLANTEST_STA_COUNTER_PROT_DATA_TX]++;
-			}
-			if (!sta || !sta->ptk_set) {
-				bss2 = bss_find(wt, hdr->addr2);
-				if (bss2) {
-					sta2 = sta_find(bss2, hdr->addr1);
-					if (sta2 && (!sta || sta2->ptk_set)) {
-						bss = bss2;
-						sta = sta2;
-					}
-				}
-			}
-		} else {
-			bss = bss_find(wt, hdr->addr2);
-			if (!bss)
-				return;
-			sta = sta_find(bss, hdr->addr1);
-		}
-	} else if (fc & WLAN_FC_TODS) {
-		bss = bss_get(wt, hdr->addr1);
-		if (bss == NULL)
-			return;
-		sta = sta_get(bss, hdr->addr2);
-		if (sta)
-			sta->counters[WLANTEST_STA_COUNTER_PROT_DATA_TX]++;
-	} else if (fc & WLAN_FC_FROMDS) {
-		bss = bss_get(wt, hdr->addr2);
-		if (bss == NULL)
-			return;
-		sta = sta_get(bss, hdr->addr1);
-	} else {
-		bss = bss_get(wt, hdr->addr3);
-		if (bss == NULL)
-			return;
-		sta = sta_find(bss, hdr->addr2);
-		sta2 = sta_find(bss, hdr->addr1);
-		if (sta == NULL || sta2 == NULL)
-			return;
-		found = NULL;
-		dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list)
-		{
-			if ((tdls->init == sta && tdls->resp == sta2) ||
-			    (tdls->init == sta2 && tdls->resp == sta)) {
-				found = tdls;
-				if (tdls->link_up)
-					break;
-			}
-		}
-		if (found) {
-			if (!found->link_up)
-				add_note(wt, MSG_DEBUG,
-					 "TDLS: Link not up, but Data "
-					 "frame seen");
-			tk = found->tpk.tk;
-			tdls = found;
-		}
-	}
-	check_plaintext_prot(wt, hdr, data, len);
-	if ((sta == NULL ||
-	     (!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
-	    tk == NULL) {
-		add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame");
-		if (dl_list_empty(&wt->ptk)) {
-			if (len >= 4 && sta) {
-				keyid = data[3] >> 6;
-				only_zero_tk = 1;
-				goto check_zero_tk;
-			}
-			return;
-		}
-
-		try_ptk_iter = 1;
-	}
-
-	if (len < 4) {
-		add_note(wt, MSG_INFO, "Too short encrypted data frame");
-		return;
-	}
-
-	if (sta == NULL)
-		return;
-	if (sta->pairwise_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) &&
-	    !(data[3] & 0x20)) {
-		add_note(wt, MSG_INFO, "Expected TKIP/CCMP frame from "
-			 MACSTR " did not have ExtIV bit set to 1",
-			 MAC2STR(src));
-		return;
-	}
-
-	if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP) {
-		if (data[3] & 0x1f) {
-			add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
-				 " used non-zero reserved bit",
-				 MAC2STR(hdr->addr2));
-		}
-		if (data[1] != ((data[0] | 0x20) & 0x7f)) {
-			add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
-				 " used incorrect WEPSeed[1] (was 0x%x, "
-				 "expected 0x%x)",
-				 MAC2STR(hdr->addr2), data[1],
-				 (data[0] | 0x20) & 0x7f);
-		}
-	} else if (tk || sta->pairwise_cipher == WPA_CIPHER_CCMP) {
-		if (data[2] != 0 || (data[3] & 0x1f) != 0) {
-			add_note(wt, MSG_INFO, "CCMP frame from " MACSTR
-				 " used non-zero reserved bit",
-				 MAC2STR(hdr->addr2));
-		}
-	}
-
-	keyid = data[3] >> 6;
-	if (keyid != 0 &&
-	    (!(sta->rsn_capab & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST) ||
-	     !(bss->rsn_capab & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST) ||
-	     keyid != 1)) {
-		add_note(wt, MSG_INFO,
-			 "Unexpected KeyID %d in individually addressed Data frame from "
-			 MACSTR,
-			 keyid, MAC2STR(hdr->addr2));
-	}
-
-	if (qos) {
-		tid = qos[0] & 0x0f;
-		if (fc & WLAN_FC_TODS)
-			sta->tx_tid[tid]++;
-		else
-			sta->rx_tid[tid]++;
-	} else {
-		tid = 0;
-		if (fc & WLAN_FC_TODS)
-			sta->tx_tid[16]++;
-		else
-			sta->rx_tid[16]++;
-	}
-	if (tk) {
-		if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0)
-			rsc = tdls->rsc_init[tid];
-		else
-			rsc = tdls->rsc_resp[tid];
-	} else if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-		   (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
-		if (os_memcmp(sta->addr, hdr->addr2, ETH_ALEN) == 0)
-			rsc = sta->rsc_tods[tid];
-		else
-			rsc = sta->rsc_fromds[tid];
-	} else if (fc & WLAN_FC_TODS)
-		rsc = sta->rsc_tods[tid];
-	else
-		rsc = sta->rsc_fromds[tid];
-
-
-	if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP)
-		tkip_get_pn(pn, data);
-	else if (sta->pairwise_cipher == WPA_CIPHER_WEP40)
-		goto skip_replay_det;
-	else
-		ccmp_get_pn(pn, data);
-	if (os_memcmp(pn, rsc, 6) <= 0) {
-		char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1];
-
-		wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6);
-		wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), rsc, 6);
-		add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR
-			 " A2=" MACSTR " A3=" MACSTR
-			 " seq=%u frag=%u%s keyid=%d tid=%d #%u %s<=%s",
-			 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			 MAC2STR(hdr->addr3),
-			 WLAN_GET_SEQ_SEQ(seq_ctrl),
-			 WLAN_GET_SEQ_FRAG(seq_ctrl),
-			 (le_to_host16(hdr->frame_control) &  WLAN_FC_RETRY) ?
-			 " Retry" : "",
-			 keyid, tid, wt->frame_num, pn_hex, rsc_hex);
-		replay = 1;
-	}
-
-skip_replay_det:
-	if (tk) {
-		if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) {
-			decrypted = ccmp_256_decrypt(tk, hdr, data, len, &dlen);
-			write_decrypted_note(wt, decrypted, tk, 32, keyid);
-		} else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
-			   sta->pairwise_cipher == WPA_CIPHER_GCMP_256) {
-			decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr, data,
-						 len, &dlen);
-			write_decrypted_note(wt, decrypted, tk, sta->ptk.tk_len,
-					     keyid);
-		} else {
-			decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen);
-			write_decrypted_note(wt, decrypted, tk, 16, keyid);
-		}
-	} else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
-		enum michael_mic_result mic_res;
-
-		decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen,
-					 &mic_res, &wt->tkip_frag);
-		if (decrypted && mic_res == MICHAEL_MIC_INCORRECT)
-			add_note(wt, MSG_INFO, "Invalid Michael MIC");
-		else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED)
-			add_note(wt, MSG_DEBUG, "Michael MIC not verified");
-		write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid);
-	} else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) {
-		decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
-	} else if (sta->ptk_set) {
-		decrypted = try_ptk_decrypt(wt, sta, hdr, keyid, data, len,
-					    sta->ptk.tk, sta->ptk.tk_len,
-					    &dlen);
-	} else {
-		decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid,
-					data, len, &dlen);
-		ptk_iter_done = 1;
-	}
-	if (!decrypted && !ptk_iter_done) {
-		decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid,
-					data, len, &dlen);
-		if (decrypted) {
-			add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
-		}
-	}
-check_zero_tk:
-	if (!decrypted) {
-		struct wpa_ptk zero_ptk;
-		int old_debug_level = wpa_debug_level;
-
-		os_memset(&zero_ptk, 0, sizeof(zero_ptk));
-		zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
-		wpa_debug_level = MSG_ERROR;
-		decrypted = try_ptk(wt, sta->pairwise_cipher, &zero_ptk, hdr,
-				    data, len, &dlen);
-		wpa_debug_level = old_debug_level;
-		if (decrypted) {
-			add_note(wt, MSG_DEBUG,
-				 "Frame was encrypted with zero TK");
-			wpa_printf(MSG_INFO, "Zero TK used in frame #%u: A2="
-				   MACSTR " seq=%u",
-				   wt->frame_num, MAC2STR(hdr->addr2),
-				   WLAN_GET_SEQ_SEQ(
-					   le_to_host16(hdr->seq_ctrl)));
-			write_decrypted_note(wt, decrypted, zero_ptk.tk,
-					     zero_ptk.tk_len, keyid);
-		}
-	}
-	if (decrypted) {
-		u16 fc = le_to_host16(hdr->frame_control);
-		const u8 *peer_addr = NULL;
-		if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)))
-			peer_addr = hdr->addr1;
-		if (!replay && rsc)
-			os_memcpy(rsc, pn, 6);
-		rx_data_process(wt, bss, bss->bssid, sta->addr, dst, src,
-				decrypted, dlen, 1, peer_addr, qos);
-		write_pcap_decrypted(wt, (const u8 *) hdr, hdrlen,
-				     decrypted, dlen);
-	} else if (sta->tptk_set) {
-		/* Check whether TPTK has a matching TK that could be used to
-		 * decrypt the frame. That could happen if EAPOL-Key msg 4/4
-		 * was missing in the capture and this was PTK rekeying. */
-		decrypted = try_ptk_decrypt(wt, sta, hdr, keyid, data, len,
-					    sta->tptk.tk, sta->tptk.tk_len,
-					    &dlen);
-		if (decrypted) {
-			add_note(wt, MSG_DEBUG,
-				 "Update PTK (rekeying; no valid EAPOL-Key msg 4/4 seen)");
-			os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk));
-			sta->ptk_set = 1;
-			sta->tptk_set = 0;
-			os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
-			os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
-		}
-	} else {
-		if (!try_ptk_iter && !only_zero_tk) {
-			wpa_printf(MSG_DEBUG,
-				   "Failed to decrypt frame #%u A2=" MACSTR
-				   " seq=%u",
-				   wt->frame_num, MAC2STR(hdr->addr2),
-				   WLAN_GET_SEQ_SEQ(seq_ctrl));
-			add_note(wt, MSG_DEBUG, "Failed to decrypt frame");
-		}
-
-		/* Assume the frame was corrupted and there was no FCS to check.
-		 * Allow retry of this particular frame to be processed so that
-		 * it could end up getting decrypted if it was received without
-		 * corruption. */
-		sta->allow_duplicate = 1;
-	}
-	os_free(decrypted);
-}
-
-
-static void rx_data_bss(struct wlantest *wt, const struct ieee80211_hdr *hdr,
-			size_t hdrlen, const u8 *qos, const u8 *dst,
-			const u8 *src, const u8 *data, size_t len)
-{
-	u16 fc = le_to_host16(hdr->frame_control);
-	int prot = !!(fc & WLAN_FC_ISWEP);
-
-	if (qos) {
-		u8 ack = (qos[0] & 0x60) >> 5;
-		wpa_printf(MSG_MSGDUMP, "BSS DATA: " MACSTR " -> " MACSTR
-			   " len=%u%s tid=%u%s%s",
-			   MAC2STR(src), MAC2STR(dst), (unsigned int) len,
-			   prot ? " Prot" : "", qos[0] & 0x0f,
-			   (qos[0] & 0x10) ? " EOSP" : "",
-			   ack == 0 ? "" :
-			   (ack == 1 ? " NoAck" :
-			    (ack == 2 ? " NoExpAck" : " BA")));
-	} else {
-		wpa_printf(MSG_MSGDUMP, "BSS DATA: " MACSTR " -> " MACSTR
-			   " len=%u%s",
-			   MAC2STR(src), MAC2STR(dst), (unsigned int) len,
-			   prot ? " Prot" : "");
-	}
-
-	if (prot)
-		rx_data_bss_prot(wt, hdr, hdrlen, qos, dst, src, data, len);
-	else {
-		const u8 *bssid, *sta_addr, *peer_addr;
-		struct wlantest_bss *bss;
-
-		if (fc & WLAN_FC_TODS) {
-			bssid = hdr->addr1;
-			sta_addr = hdr->addr2;
-			peer_addr = NULL;
-		} else if (fc & WLAN_FC_FROMDS) {
-			bssid = hdr->addr2;
-			sta_addr = hdr->addr1;
-			peer_addr = NULL;
-		} else {
-			bssid = hdr->addr3;
-			sta_addr = hdr->addr2;
-			peer_addr = hdr->addr1;
-		}
-
-		bss = bss_get(wt, bssid);
-		if (bss) {
-			struct wlantest_sta *sta = sta_get(bss, sta_addr);
-
-			if (sta) {
-				if (qos) {
-					int tid = qos[0] & 0x0f;
-					if (fc & WLAN_FC_TODS)
-						sta->tx_tid[tid]++;
-					else
-						sta->rx_tid[tid]++;
-				} else {
-					if (fc & WLAN_FC_TODS)
-						sta->tx_tid[16]++;
-					else
-						sta->rx_tid[16]++;
-				}
-			}
-		}
-
-		rx_data_process(wt, bss, bssid, sta_addr, dst, src, data, len,
-				0, peer_addr, qos);
-	}
-}
-
-
-static struct wlantest_tdls * get_tdls(struct wlantest *wt, const u8 *bssid,
-				       const u8 *sta1_addr,
-				       const u8 *sta2_addr)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta1, *sta2;
-	struct wlantest_tdls *tdls, *found = NULL;
-
-	bss = bss_find(wt, bssid);
-	if (bss == NULL)
-		return NULL;
-	sta1 = sta_find(bss, sta1_addr);
-	if (sta1 == NULL)
-		return NULL;
-	sta2 = sta_find(bss, sta2_addr);
-	if (sta2 == NULL)
-		return NULL;
-
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if ((tdls->init == sta1 && tdls->resp == sta2) ||
-		    (tdls->init == sta2 && tdls->resp == sta1)) {
-			found = tdls;
-			if (tdls->link_up)
-				break;
-		}
-	}
-
-	return found;
-}
-
-
-static void add_direct_link(struct wlantest *wt, const u8 *bssid,
-			    const u8 *sta1_addr, const u8 *sta2_addr)
-{
-	struct wlantest_tdls *tdls;
-
-	tdls = get_tdls(wt, bssid, sta1_addr, sta2_addr);
-	if (tdls == NULL)
-		return;
-
-	if (tdls->link_up)
-		tdls->counters[WLANTEST_TDLS_COUNTER_VALID_DIRECT_LINK]++;
-	else
-		tdls->counters[WLANTEST_TDLS_COUNTER_INVALID_DIRECT_LINK]++;
-}
-
-
-static void add_ap_path(struct wlantest *wt, const u8 *bssid,
-			const u8 *sta1_addr, const u8 *sta2_addr)
-{
-	struct wlantest_tdls *tdls;
-
-	tdls = get_tdls(wt, bssid, sta1_addr, sta2_addr);
-	if (tdls == NULL)
-		return;
-
-	if (tdls->link_up)
-		tdls->counters[WLANTEST_TDLS_COUNTER_INVALID_AP_PATH]++;
-	else
-		tdls->counters[WLANTEST_TDLS_COUNTER_VALID_AP_PATH]++;
-}
-
-
-void rx_data(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_hdr *hdr;
-	u16 fc, stype;
-	size_t hdrlen;
-	const u8 *qos = NULL;
-
-	if (len < 24)
-		return;
-
-	hdr = (const struct ieee80211_hdr *) data;
-	fc = le_to_host16(hdr->frame_control);
-	stype = WLAN_FC_GET_STYPE(fc);
-	hdrlen = 24;
-	if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
-	    (WLAN_FC_TODS | WLAN_FC_FROMDS))
-		hdrlen += ETH_ALEN;
-	if (stype & 0x08) {
-		qos = data + hdrlen;
-		hdrlen += 2;
-	}
-	if ((fc & WLAN_FC_HTC) && (stype & 0x08))
-		hdrlen += 4; /* HT Control field */
-	if (len < hdrlen)
-		return;
-	wt->rx_data++;
-
-	switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
-	case 0:
-		wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s IBSS DA=" MACSTR " SA="
-			   MACSTR " BSSID=" MACSTR,
-			   data_stype(WLAN_FC_GET_STYPE(fc)),
-			   fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
-			   fc & WLAN_FC_ISWEP ? " Prot" : "",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3));
-		add_direct_link(wt, hdr->addr3, hdr->addr1, hdr->addr2);
-		rx_data_bss(wt, hdr, hdrlen, qos, hdr->addr1, hdr->addr2,
-			    data + hdrlen, len - hdrlen);
-		break;
-	case WLAN_FC_FROMDS:
-		wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s FromDS DA=" MACSTR
-			   " BSSID=" MACSTR " SA=" MACSTR,
-			   data_stype(WLAN_FC_GET_STYPE(fc)),
-			   fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
-			   fc & WLAN_FC_ISWEP ? " Prot" : "",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3));
-		add_ap_path(wt, hdr->addr2, hdr->addr1, hdr->addr3);
-		rx_data_bss(wt, hdr, hdrlen, qos, hdr->addr1, hdr->addr3,
-			    data + hdrlen, len - hdrlen);
-		break;
-	case WLAN_FC_TODS:
-		wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s ToDS BSSID=" MACSTR
-			   " SA=" MACSTR " DA=" MACSTR,
-			   data_stype(WLAN_FC_GET_STYPE(fc)),
-			   fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
-			   fc & WLAN_FC_ISWEP ? " Prot" : "",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3));
-		add_ap_path(wt, hdr->addr1, hdr->addr3, hdr->addr2);
-		rx_data_bss(wt, hdr, hdrlen, qos, hdr->addr3, hdr->addr2,
-			    data + hdrlen, len - hdrlen);
-		break;
-	case WLAN_FC_TODS | WLAN_FC_FROMDS:
-		wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s WDS RA=" MACSTR " TA="
-			   MACSTR " DA=" MACSTR " SA=" MACSTR,
-			   data_stype(WLAN_FC_GET_STYPE(fc)),
-			   fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
-			   fc & WLAN_FC_ISWEP ? " Prot" : "",
-			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			   MAC2STR(hdr->addr3),
-			   MAC2STR((const u8 *) (hdr + 1)));
-		rx_data_bss(wt, hdr, hdrlen, qos, hdr->addr1, hdr->addr2,
-			    data + hdrlen, len - hdrlen);
-		break;
-	}
-}
diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
deleted file mode 100644
index 967d52199561..000000000000
--- a/wlantest/rx_eapol.c
+++ /dev/null
@@ -1,1317 +0,0 @@
-/*
- * Received Data frame processing for EAPOL messages
- * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "crypto/aes_wrap.h"
-#include "crypto/crypto.h"
-#include "common/defs.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/eapol_common.h"
-#include "common/wpa_common.h"
-#include "rsn_supp/wpa_ie.h"
-#include "wlantest.h"
-
-
-static int is_zero(const u8 *buf, size_t len)
-{
-	size_t i;
-	for (i = 0; i < len; i++) {
-		if (buf[i])
-			return 0;
-	}
-	return 1;
-}
-
-
-static int check_mic(const u8 *kck, size_t kck_len, int akmp, int ver,
-		     const u8 *data, size_t len)
-{
-	u8 *buf;
-	int ret = -1;
-	struct ieee802_1x_hdr *hdr;
-	struct wpa_eapol_key *key;
-	u8 rx_mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
-	size_t mic_len = wpa_mic_len(akmp, PMK_LEN);
-
-	buf = os_memdup(data, len);
-	if (buf == NULL)
-		return -1;
-	hdr = (struct ieee802_1x_hdr *) buf;
-	key = (struct wpa_eapol_key *) (hdr + 1);
-
-	os_memcpy(rx_mic, key + 1, mic_len);
-	os_memset(key + 1, 0, mic_len);
-
-	if (wpa_eapol_key_mic(kck, kck_len, akmp, ver, buf, len,
-			      (u8 *) (key + 1)) == 0 &&
-	    os_memcmp(rx_mic, key + 1, mic_len) == 0)
-		ret = 0;
-
-	os_free(buf);
-
-	return ret;
-}
-
-
-static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
-				     const u8 *src, const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-
-	wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR,
-		   MAC2STR(src), MAC2STR(dst));
-	bss = bss_get(wt, src);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, dst);
-	if (sta == NULL)
-		return;
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-	if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
-			 " used zero nonce", MAC2STR(src));
-	}
-	if (!is_zero(hdr->key_rsc, 8)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
-			 " used non-zero Key RSC", MAC2STR(src));
-	}
-	os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
-}
-
-
-static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
-		   struct wlantest_sta *sta, u16 ver,
-		   const u8 *data, size_t len,
-		   struct wlantest_pmk *pmk)
-{
-	struct wpa_ptk ptk;
-
-	if (wpa_key_mgmt_ft(sta->key_mgmt)) {
-		u8 ptk_name[WPA_PMK_NAME_LEN];
-		int use_sha384 = wpa_key_mgmt_sha384(sta->key_mgmt);
-
-		if (wpa_derive_pmk_r0(pmk->pmk, pmk->pmk_len,
-				      bss->ssid, bss->ssid_len, bss->mdid,
-				      bss->r0kh_id, bss->r0kh_id_len,
-				      sta->addr, sta->pmk_r0, sta->pmk_r0_name,
-				      use_sha384) < 0)
-			return -1;
-		sta->pmk_r0_len = use_sha384 ? PMK_LEN_SUITE_B_192 : PMK_LEN;
-		if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len,
-				      sta->pmk_r0_name,
-				      bss->r1kh_id, sta->addr,
-				      sta->pmk_r1, sta->pmk_r1_name) < 0)
-			return -1;
-		sta->pmk_r1_len = sta->pmk_r0_len;
-		if (wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len,
-				      sta->snonce, sta->anonce, sta->addr,
-				      bss->bssid, sta->pmk_r1_name,
-				      &ptk, ptk_name, sta->key_mgmt,
-				      sta->pairwise_cipher, 0) < 0 ||
-		    check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
-			      len) < 0)
-			return -1;
-	} else if (wpa_pmk_to_ptk(pmk->pmk, pmk->pmk_len,
-				  "Pairwise key expansion",
-				  bss->bssid, sta->addr, sta->anonce,
-				  sta->snonce, &ptk, sta->key_mgmt,
-				  sta->pairwise_cipher, NULL, 0, 0) < 0 ||
-		   check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
-			     len) < 0) {
-		return -1;
-	}
-
-	wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR,
-		   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++;
-	if (sta->ptk_set) {
-		/*
-		 * Rekeying - use new PTK for EAPOL-Key frames, but continue
-		 * using the old PTK for frame decryption.
-		 */
-		add_note(wt, MSG_DEBUG, "Derived PTK during rekeying");
-		os_memcpy(&sta->tptk, &ptk, sizeof(ptk));
-		wpa_hexdump(MSG_DEBUG, "TPTK:KCK",
-			    sta->tptk.kck, sta->tptk.kck_len);
-		wpa_hexdump(MSG_DEBUG, "TPTK:KEK",
-			    sta->tptk.kek, sta->tptk.kek_len);
-		wpa_hexdump(MSG_DEBUG, "TPTK:TK",
-			    sta->tptk.tk, sta->tptk.tk_len);
-		sta->tptk_set = 1;
-		return 0;
-	}
-	add_note(wt, MSG_DEBUG, "Derived new PTK");
-	os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
-	wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, sta->ptk.kck_len);
-	wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, sta->ptk.kek_len);
-	wpa_hexdump(MSG_DEBUG, "PTK:TK", sta->ptk.tk, sta->ptk.tk_len);
-	sta->ptk_set = 1;
-	os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
-	os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
-	return 0;
-}
-
-
-static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
-		       struct wlantest_sta *sta, u16 ver,
-		       const u8 *data, size_t len)
-{
-	struct wlantest_pmk *pmk;
-
-	wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)",
-		   MAC2STR(sta->addr), ver);
-	dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
-		wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
-		if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
-			return;
-	}
-
-	dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) {
-		wpa_printf(MSG_DEBUG, "Try global PMK");
-		if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
-			return;
-	}
-
-	if (!sta->ptk_set) {
-		struct wlantest_ptk *ptk;
-		int prev_level = wpa_debug_level;
-
-		wpa_debug_level = MSG_WARNING;
-		dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
-			if (check_mic(ptk->ptk.kck, ptk->ptk.kck_len,
-				      sta->key_mgmt, ver, data, len) < 0)
-				continue;
-			wpa_printf(MSG_INFO, "Pre-set PTK matches for STA "
-				   MACSTR " BSSID " MACSTR,
-				   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-			add_note(wt, MSG_DEBUG, "Using pre-set PTK");
-			ptk->ptk_len = 32 +
-				wpa_cipher_key_len(sta->pairwise_cipher);
-			os_memcpy(&sta->ptk, &ptk->ptk, sizeof(ptk->ptk));
-			wpa_hexdump(MSG_DEBUG, "PTK:KCK",
-				    sta->ptk.kck, sta->ptk.kck_len);
-			wpa_hexdump(MSG_DEBUG, "PTK:KEK",
-				    sta->ptk.kek, sta->ptk.kek_len);
-			wpa_hexdump(MSG_DEBUG, "PTK:TK",
-				    sta->ptk.tk, sta->ptk.tk_len);
-			sta->ptk_set = 1;
-			os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
-			os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
-		}
-		wpa_debug_level = prev_level;
-	}
-
-	add_note(wt, MSG_DEBUG, "No matching PMK found to derive PTK");
-}
-
-
-static void elems_from_eapol_ie(struct ieee802_11_elems *elems,
-				struct wpa_eapol_ie_parse *ie)
-{
-	os_memset(elems, 0, sizeof(*elems));
-	if (ie->wpa_ie) {
-		elems->wpa_ie = ie->wpa_ie + 2;
-		elems->wpa_ie_len = ie->wpa_ie_len - 2;
-	}
-	if (ie->rsn_ie) {
-		elems->rsn_ie = ie->rsn_ie + 2;
-		elems->rsn_ie_len = ie->rsn_ie_len - 2;
-	}
-	if (ie->osen) {
-		elems->osen = ie->osen + 2;
-		elems->osen_len = ie->osen_len - 2;
-	}
-}
-
-
-static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
-				     const u8 *src, const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-	const u8 *key_data, *kck, *mic;
-	size_t kck_len, mic_len;
-	u16 key_info, key_data_len;
-	struct wpa_eapol_ie_parse ie;
-
-	wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR,
-		   MAC2STR(src), MAC2STR(dst));
-	bss = bss_get(wt, dst);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, src);
-	if (sta == NULL)
-		return;
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-	mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
-	mic = (const u8 *) (hdr + 1);
-	if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
-			 " used zero nonce", MAC2STR(src));
-	}
-	if (!is_zero(hdr->key_rsc, 8)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
-			 " used non-zero Key RSC", MAC2STR(src));
-	}
-	os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
-	key_info = WPA_GET_BE16(hdr->key_info);
-	key_data = mic + mic_len + 2;
-	key_data_len = WPA_GET_BE16(mic + mic_len);
-
-	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
-		add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
-		return;
-	}
-
-	if (!sta->assocreq_seen) {
-		struct ieee802_11_elems elems;
-
-		elems_from_eapol_ie(&elems, &ie);
-		wpa_printf(MSG_DEBUG,
-			   "Update STA data based on IEs in EAPOL-Key 2/4");
-		sta_update_assoc(sta, &elems);
-	}
-
-	derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
-
-	if (!sta->ptk_set && !sta->tptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "No PTK known to process EAPOL-Key 2/4");
-		return;
-	}
-
-	kck = sta->ptk.kck;
-	kck_len = sta->ptk.kck_len;
-	if (sta->tptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "Use TPTK for validation EAPOL-Key MIC");
-		kck = sta->tptk.kck;
-		kck_len = sta->tptk.kck_len;
-	}
-	if (check_mic(kck, kck_len, sta->key_mgmt,
-		      key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
-		add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC");
-		return;
-	}
-	add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4");
-
-	if (ie.wpa_ie) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
-			    ie.wpa_ie, ie.wpa_ie_len);
-		if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) {
-			add_note(wt, MSG_INFO,
-				 "Mismatch in WPA IE between EAPOL-Key 2/4 "
-				 "and (Re)Association Request from " MACSTR,
-				 MAC2STR(sta->addr));
-			wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
-				    ie.wpa_ie, ie.wpa_ie_len);
-			wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association "
-				    "Request",
-				    sta->rsnie,
-				    sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
-		}
-	}
-
-	if (ie.rsn_ie) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
-			    ie.rsn_ie, ie.rsn_ie_len);
-		if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) {
-			add_note(wt, MSG_INFO,
-				 "Mismatch in RSN IE between EAPOL-Key 2/4 "
-				 "and (Re)Association Request from " MACSTR,
-				 MAC2STR(sta->addr));
-			wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
-				    ie.rsn_ie, ie.rsn_ie_len);
-			wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
-				    "Request",
-				    sta->rsnie,
-				    sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
-		}
-	}
-}
-
-
-static u8 * decrypt_eapol_key_data_rc4(struct wlantest *wt, const u8 *kek,
-				       const struct wpa_eapol_key *hdr,
-				       const u8 *keydata, u16 keydatalen,
-				       size_t *len)
-{
-	u8 ek[32], *buf;
-
-	buf = os_memdup(keydata, keydatalen);
-	if (buf == NULL)
-		return NULL;
-
-	os_memcpy(ek, hdr->key_iv, 16);
-	os_memcpy(ek + 16, kek, 16);
-	if (rc4_skip(ek, 32, 256, buf, keydatalen)) {
-		add_note(wt, MSG_INFO, "RC4 failed");
-		os_free(buf);
-		return NULL;
-	}
-
-	*len = keydatalen;
-	return buf;
-}
-
-
-static u8 * decrypt_eapol_key_data_aes(struct wlantest *wt, const u8 *kek,
-				       const struct wpa_eapol_key *hdr,
-				       const u8 *keydata, u16 keydatalen,
-				       size_t *len)
-{
-	u8 *buf;
-
-	if (keydatalen % 8) {
-		add_note(wt, MSG_INFO, "Unsupported AES-WRAP len %d",
-			 keydatalen);
-		return NULL;
-	}
-	keydatalen -= 8; /* AES-WRAP adds 8 bytes */
-	buf = os_malloc(keydatalen);
-	if (buf == NULL)
-		return NULL;
-	if (aes_unwrap(kek, 16, keydatalen / 8, keydata, buf)) {
-		os_free(buf);
-		add_note(wt, MSG_INFO,
-			 "AES unwrap failed - could not decrypt EAPOL-Key "
-			 "key data");
-		return NULL;
-	}
-
-	*len = keydatalen;
-	return buf;
-}
-
-
-static u8 * decrypt_eapol_key_data(struct wlantest *wt, int akmp, const u8 *kek,
-				   size_t kek_len, u16 ver,
-				   const struct wpa_eapol_key *hdr,
-				   size_t *len)
-{
-	size_t mic_len;
-	u16 keydatalen;
-	const u8 *mic, *keydata;
-
-	if (kek_len != 16)
-		return NULL;
-
-	mic = (const u8 *) (hdr + 1);
-	mic_len = wpa_mic_len(akmp, PMK_LEN);
-	keydata = mic + mic_len + 2;
-	keydatalen = WPA_GET_BE16(mic + mic_len);
-
-	switch (ver) {
-	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
-		return decrypt_eapol_key_data_rc4(wt, kek, hdr, keydata,
-						  keydatalen, len);
-	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
-	case WPA_KEY_INFO_TYPE_AES_128_CMAC:
-		return decrypt_eapol_key_data_aes(wt, kek, hdr, keydata,
-						  keydatalen, len);
-	case WPA_KEY_INFO_TYPE_AKM_DEFINED:
-		/* For now, assume this is OSEN */
-		return decrypt_eapol_key_data_aes(wt, kek, hdr, keydata,
-						  keydatalen, len);
-	default:
-		add_note(wt, MSG_INFO,
-			 "Unsupported EAPOL-Key Key Descriptor Version %u",
-			 ver);
-		return NULL;
-	}
-}
-
-
-static void learn_kde_keys(struct wlantest *wt, struct wlantest_bss *bss,
-			   struct wlantest_sta *sta,
-			   const u8 *buf, size_t len, const u8 *rsc)
-{
-	struct wpa_eapol_ie_parse ie;
-
-	if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) {
-		add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
-		return;
-	}
-
-	if (ie.wpa_ie) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
-			    ie.wpa_ie, ie.wpa_ie_len);
-	}
-
-	if (ie.rsn_ie) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
-			    ie.rsn_ie, ie.rsn_ie_len);
-	}
-
-	if (ie.key_id)
-		add_note(wt, MSG_DEBUG, "KeyID %u", ie.key_id[0]);
-
-	if (ie.gtk) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE",
-			    ie.gtk, ie.gtk_len);
-		if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) {
-			int id;
-			id = ie.gtk[0] & 0x03;
-			add_note(wt, MSG_DEBUG, "GTK KeyID=%u tx=%u",
-				 id, !!(ie.gtk[0] & 0x04));
-			if ((ie.gtk[0] & 0xf8) || ie.gtk[1]) {
-				add_note(wt, MSG_INFO,
-					 "GTK KDE: Reserved field set: "
-					 "%02x %02x", ie.gtk[0], ie.gtk[1]);
-			}
-			wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2,
-				    ie.gtk_len - 2);
-			bss->gtk_len[id] = ie.gtk_len - 2;
-			sta->gtk_len = ie.gtk_len - 2;
-			os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2);
-			os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2);
-			bss->rsc[id][0] = rsc[5];
-			bss->rsc[id][1] = rsc[4];
-			bss->rsc[id][2] = rsc[3];
-			bss->rsc[id][3] = rsc[2];
-			bss->rsc[id][4] = rsc[1];
-			bss->rsc[id][5] = rsc[0];
-			bss->gtk_idx = id;
-			sta->gtk_idx = id;
-			wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
-		} else {
-			add_note(wt, MSG_INFO, "Invalid GTK KDE length %u",
-				 (unsigned) ie.gtk_len);
-		}
-	}
-
-	if (ie.igtk) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE",
-			    ie.igtk, ie.igtk_len);
-		if (ie.igtk_len == 24) {
-			u16 id;
-			id = WPA_GET_LE16(ie.igtk);
-			if (id > 5) {
-				add_note(wt, MSG_INFO,
-					 "Unexpected IGTK KeyID %u", id);
-			} else {
-				const u8 *ipn;
-				add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id);
-				wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
-				wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
-					    16);
-				os_memcpy(bss->igtk[id], ie.igtk + 8, 16);
-				bss->igtk_len[id] = 16;
-				ipn = ie.igtk + 2;
-				bss->ipn[id][0] = ipn[5];
-				bss->ipn[id][1] = ipn[4];
-				bss->ipn[id][2] = ipn[3];
-				bss->ipn[id][3] = ipn[2];
-				bss->ipn[id][4] = ipn[1];
-				bss->ipn[id][5] = ipn[0];
-				bss->igtk_idx = id;
-			}
-		} else if (ie.igtk_len == 40) {
-			u16 id;
-			id = WPA_GET_LE16(ie.igtk);
-			if (id > 5) {
-				add_note(wt, MSG_INFO,
-					 "Unexpected IGTK KeyID %u", id);
-			} else {
-				const u8 *ipn;
-				add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id);
-				wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
-				wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
-					    32);
-				os_memcpy(bss->igtk[id], ie.igtk + 8, 32);
-				bss->igtk_len[id] = 32;
-				ipn = ie.igtk + 2;
-				bss->ipn[id][0] = ipn[5];
-				bss->ipn[id][1] = ipn[4];
-				bss->ipn[id][2] = ipn[3];
-				bss->ipn[id][3] = ipn[2];
-				bss->ipn[id][4] = ipn[1];
-				bss->ipn[id][5] = ipn[0];
-				bss->igtk_idx = id;
-			}
-		} else {
-			add_note(wt, MSG_INFO, "Invalid IGTK KDE length %u",
-				 (unsigned) ie.igtk_len);
-		}
-	}
-
-	if (ie.bigtk) {
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - BIGTK KDE",
-			    ie.bigtk, ie.bigtk_len);
-		if (ie.bigtk_len == 24) {
-			u16 id;
-
-			id = WPA_GET_LE16(ie.bigtk);
-			if (id < 6 || id > 7) {
-				add_note(wt, MSG_INFO,
-					 "Unexpected BIGTK KeyID %u", id);
-			} else {
-				const u8 *ipn;
-
-				add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", id);
-				wpa_hexdump(MSG_DEBUG, "BIPN", ie.bigtk + 2, 6);
-				wpa_hexdump(MSG_DEBUG, "BIGTK", ie.bigtk + 8,
-					    16);
-				os_memcpy(bss->igtk[id], ie.bigtk + 8, 16);
-				bss->igtk_len[id] = 16;
-				ipn = ie.bigtk + 2;
-				bss->ipn[id][0] = ipn[5];
-				bss->ipn[id][1] = ipn[4];
-				bss->ipn[id][2] = ipn[3];
-				bss->ipn[id][3] = ipn[2];
-				bss->ipn[id][4] = ipn[1];
-				bss->ipn[id][5] = ipn[0];
-				bss->bigtk_idx = id;
-			}
-		} else if (ie.bigtk_len == 40) {
-			u16 id;
-
-			id = WPA_GET_LE16(ie.bigtk);
-			if (id < 6 || id > 7) {
-				add_note(wt, MSG_INFO,
-					 "Unexpected BIGTK KeyID %u", id);
-			} else {
-				const u8 *ipn;
-
-				add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", id);
-				wpa_hexdump(MSG_DEBUG, "BIPN", ie.bigtk + 2, 6);
-				wpa_hexdump(MSG_DEBUG, "BIGTK", ie.bigtk + 8,
-					    32);
-				os_memcpy(bss->igtk[id], ie.bigtk + 8, 32);
-				bss->igtk_len[id] = 32;
-				ipn = ie.bigtk + 2;
-				bss->ipn[id][0] = ipn[5];
-				bss->ipn[id][1] = ipn[4];
-				bss->ipn[id][2] = ipn[3];
-				bss->ipn[id][3] = ipn[2];
-				bss->ipn[id][4] = ipn[1];
-				bss->ipn[id][5] = ipn[0];
-				bss->bigtk_idx = id;
-			}
-		} else {
-			add_note(wt, MSG_INFO, "Invalid BIGTK KDE length %u",
-				 (unsigned) ie.bigtk_len);
-		}
-	}
-}
-
-
-static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
-				     const u8 *src, const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-	const u8 *key_data, *kck, *kek, *mic;
-	size_t kck_len, kek_len, mic_len;
-	int recalc = 0;
-	u16 key_info, ver;
-	u8 *decrypted_buf = NULL;
-	const u8 *decrypted;
-	size_t decrypted_len = 0;
-	struct wpa_eapol_ie_parse ie;
-	struct wpa_ie_data rsn;
-
-	wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
-		   MAC2STR(src), MAC2STR(dst));
-	bss = bss_get(wt, src);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, dst);
-	if (sta == NULL)
-		return;
-	mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-	mic = (const u8 *) (hdr + 1);
-	key_info = WPA_GET_BE16(hdr->key_info);
-
-	if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) {
-		add_note(wt, MSG_INFO,
-			 "EAPOL-Key ANonce mismatch between 1/4 and 3/4");
-		recalc = 1;
-	}
-	os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
-	if (recalc) {
-		derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK,
-			   data, len);
-	}
-
-	if (!sta->ptk_set && !sta->tptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "No PTK known to process EAPOL-Key 3/4");
-		return;
-	}
-
-	kek = sta->ptk.kek;
-	kek_len = sta->ptk.kek_len;
-	kck = sta->ptk.kck;
-	kck_len = sta->ptk.kck_len;
-	if (sta->tptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "Use TPTK for validation EAPOL-Key MIC");
-		kck = sta->tptk.kck;
-		kck_len = sta->tptk.kck_len;
-		kek = sta->tptk.kek;
-		kek_len = sta->tptk.kek_len;
-	}
-	if (check_mic(kck, kck_len, sta->key_mgmt,
-		      key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
-		add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC");
-		return;
-	}
-	add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4");
-
-	key_data = mic + mic_len + 2;
-	if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-		if (sta->proto & WPA_PROTO_RSN)
-			add_note(wt, MSG_INFO,
-				 "EAPOL-Key 3/4 without EncrKeyData bit");
-		decrypted = key_data;
-		decrypted_len = WPA_GET_BE16(mic + mic_len);
-	} else {
-		ver = key_info & WPA_KEY_INFO_TYPE_MASK;
-		decrypted_buf = decrypt_eapol_key_data(wt, sta->key_mgmt,
-						       kek, kek_len, ver,
-						       hdr, &decrypted_len);
-		if (decrypted_buf == NULL) {
-			add_note(wt, MSG_INFO,
-				 "Failed to decrypt EAPOL-Key Key Data");
-			return;
-		}
-		decrypted = decrypted_buf;
-		wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
-			    decrypted, decrypted_len);
-	}
-	if ((wt->write_pcap_dumper || wt->pcapng) && decrypted != key_data) {
-		/* Fill in a stub Data frame header */
-		u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64];
-		struct ieee80211_hdr *h;
-		struct wpa_eapol_key *k;
-		const u8 *p;
-		u8 *pos;
-		size_t plain_len;
-
-		plain_len = decrypted_len;
-		p = decrypted;
-		while (p + 1 < decrypted + decrypted_len) {
-			if (p[0] == 0xdd && p[1] == 0x00) {
-				/* Remove padding */
-				plain_len = p - decrypted;
-				p = NULL;
-				break;
-			}
-			p += 2 + p[1];
-		}
-		if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
-		    *p == 0xdd) {
-			/* Remove padding */
-			plain_len = p - decrypted;
-		}
-
-		os_memset(buf, 0, sizeof(buf));
-		h = (struct ieee80211_hdr *) buf;
-		h->frame_control = host_to_le16(0x0208);
-		os_memcpy(h->addr1, dst, ETH_ALEN);
-		os_memcpy(h->addr2, src, ETH_ALEN);
-		os_memcpy(h->addr3, src, ETH_ALEN);
-		pos = (u8 *) (h + 1);
-		os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
-		pos += 8;
-		os_memcpy(pos, eapol, sizeof(*eapol));
-		pos += sizeof(*eapol);
-		os_memcpy(pos, hdr, sizeof(*hdr) + mic_len);
-		k = (struct wpa_eapol_key *) pos;
-		pos += sizeof(struct wpa_eapol_key) + mic_len;
-		WPA_PUT_BE16(k->key_info,
-			     key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
-		WPA_PUT_BE16(pos, plain_len);
-		write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) +
-				     sizeof(*hdr) + mic_len + 2,
-				     decrypted, plain_len);
-	}
-
-	if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) {
-		add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
-		os_free(decrypted_buf);
-		return;
-	}
-
-	if (!bss->ies_set) {
-		struct ieee802_11_elems elems;
-
-		elems_from_eapol_ie(&elems, &ie);
-		wpa_printf(MSG_DEBUG,
-			   "Update BSS data based on IEs in EAPOL-Key 3/4");
-		bss_update(wt, bss, &elems, 0);
-	}
-
-	if ((ie.wpa_ie &&
-	     os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) ||
-	    (ie.wpa_ie == NULL && bss->wpaie[0])) {
-		add_note(wt, MSG_INFO,
-			 "Mismatch in WPA IE between EAPOL-Key 3/4 and "
-			 "Beacon/Probe Response from " MACSTR,
-			 MAC2STR(bss->bssid));
-		wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
-			    ie.wpa_ie, ie.wpa_ie_len);
-		wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe "
-			    "Response",
-			    bss->wpaie,
-			    bss->wpaie[0] ? 2 + bss->wpaie[1] : 0);
-	}
-
-	if ((ie.rsn_ie &&
-	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sta->key_mgmt),
-				ie.rsn_ie, ie.rsn_ie_len,
-				bss->rsnie, 2 + bss->rsnie[1])) ||
-	    (ie.rsn_ie == NULL && bss->rsnie[0])) {
-		add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key "
-			 "3/4 and Beacon/Probe Response from " MACSTR,
-			 MAC2STR(bss->bssid));
-		wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
-			    ie.rsn_ie, ie.rsn_ie_len);
-		wpa_hexdump(MSG_INFO, "RSN IE in Beacon/Probe Response",
-			    bss->rsnie,
-			    bss->rsnie[0] ? 2 + bss->rsnie[1] : 0);
-	}
-
-	if (wpa_key_mgmt_ft(sta->key_mgmt) &&
-	    (wpa_parse_wpa_ie_rsn(ie.rsn_ie, ie.rsn_ie_len, &rsn) < 0 ||
-	     rsn.num_pmkid != 1 || !rsn.pmkid ||
-	     os_memcmp_const(rsn.pmkid, sta->pmk_r1_name,
-			     WPA_PMK_NAME_LEN) != 0))
-		add_note(wt, MSG_INFO,
-			 "FT: No matching PMKR1Name in FT 4-way handshake message 3/4");
-
-	/* TODO: validate MDE and FTE match */
-
-	learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, hdr->key_rsc);
-	os_free(decrypted_buf);
-}
-
-
-static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
-				     const u8 *src, const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-	u16 key_info;
-	const u8 *kck;
-	size_t kck_len;
-
-	wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR,
-		   MAC2STR(src), MAC2STR(dst));
-	bss = bss_get(wt, dst);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, src);
-	if (sta == NULL)
-		return;
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-	if (!is_zero(hdr->key_rsc, 8)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used "
-			 "non-zero Key RSC", MAC2STR(src));
-	}
-	key_info = WPA_GET_BE16(hdr->key_info);
-
-	if (!sta->ptk_set && !sta->tptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "No PTK known to process EAPOL-Key 4/4");
-		return;
-	}
-
-	kck = sta->ptk.kck;
-	kck_len = sta->ptk.kck_len;
-	if (sta->tptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "Use TPTK for validation EAPOL-Key MIC");
-		kck = sta->tptk.kck;
-		kck_len = sta->tptk.kck_len;
-	}
-	if (check_mic(kck, kck_len, sta->key_mgmt,
-		      key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
-		add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC");
-		return;
-	}
-	add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4");
-	if (sta->tptk_set) {
-		add_note(wt, MSG_DEBUG, "Update PTK (rekeying)");
-		os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk));
-		sta->ptk_set = 1;
-		sta->tptk_set = 0;
-		os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
-		os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
-	}
-}
-
-
-static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst,
-				     const u8 *src, const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-	u16 key_info, ver;
-	u8 *decrypted;
-	size_t decrypted_len = 0;
-	size_t mic_len;
-
-	wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR,
-		   MAC2STR(src), MAC2STR(dst));
-	bss = bss_get(wt, src);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, dst);
-	if (sta == NULL)
-		return;
-	mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-	key_info = WPA_GET_BE16(hdr->key_info);
-
-	if (!sta->ptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "No PTK known to process EAPOL-Key 1/2");
-		return;
-	}
-
-	if (sta->ptk_set &&
-	    check_mic(sta->ptk.kck, sta->ptk.kck_len, sta->key_mgmt,
-		      key_info & WPA_KEY_INFO_TYPE_MASK,
-		      data, len) < 0) {
-		add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC");
-		return;
-	}
-	add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2");
-
-	if (sta->proto & WPA_PROTO_RSN &&
-	    !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit");
-		return;
-	}
-	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
-	decrypted = decrypt_eapol_key_data(wt, sta->key_mgmt,
-					   sta->ptk.kek, sta->ptk.kek_len,
-					   ver, hdr, &decrypted_len);
-	if (decrypted == NULL) {
-		add_note(wt, MSG_INFO, "Failed to decrypt EAPOL-Key Key Data");
-		return;
-	}
-	wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
-		    decrypted, decrypted_len);
-	if (wt->write_pcap_dumper || wt->pcapng) {
-		/* Fill in a stub Data frame header */
-		u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64];
-		struct ieee80211_hdr *h;
-		struct wpa_eapol_key *k;
-		u8 *pos;
-		size_t plain_len;
-
-		plain_len = decrypted_len;
-		pos = decrypted;
-		while (pos + 1 < decrypted + decrypted_len) {
-			if (pos[0] == 0xdd && pos[1] == 0x00) {
-				/* Remove padding */
-				plain_len = pos - decrypted;
-				break;
-			}
-			pos += 2 + pos[1];
-		}
-
-		os_memset(buf, 0, sizeof(buf));
-		h = (struct ieee80211_hdr *) buf;
-		h->frame_control = host_to_le16(0x0208);
-		os_memcpy(h->addr1, dst, ETH_ALEN);
-		os_memcpy(h->addr2, src, ETH_ALEN);
-		os_memcpy(h->addr3, src, ETH_ALEN);
-		pos = (u8 *) (h + 1);
-		os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
-		pos += 8;
-		os_memcpy(pos, eapol, sizeof(*eapol));
-		pos += sizeof(*eapol);
-		os_memcpy(pos, hdr, sizeof(*hdr) + mic_len);
-		k = (struct wpa_eapol_key *) pos;
-		pos += sizeof(struct wpa_eapol_key) + mic_len;
-		WPA_PUT_BE16(k->key_info,
-			     key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
-		WPA_PUT_BE16(pos, plain_len);
-		write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) +
-				     sizeof(*hdr) + mic_len + 2,
-				     decrypted, plain_len);
-	}
-	if (sta->proto & WPA_PROTO_RSN)
-		learn_kde_keys(wt, bss, sta, decrypted, decrypted_len,
-			       hdr->key_rsc);
-	else {
-		int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16;
-		if (decrypted_len == klen) {
-			const u8 *rsc = hdr->key_rsc;
-			int id;
-			id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
-				WPA_KEY_INFO_KEY_INDEX_SHIFT;
-			add_note(wt, MSG_DEBUG, "GTK key index %d", id);
-			wpa_hexdump(MSG_DEBUG, "GTK", decrypted,
-				    decrypted_len);
-			bss->gtk_len[id] = decrypted_len;
-			os_memcpy(bss->gtk[id], decrypted, decrypted_len);
-			bss->rsc[id][0] = rsc[5];
-			bss->rsc[id][1] = rsc[4];
-			bss->rsc[id][2] = rsc[3];
-			bss->rsc[id][3] = rsc[2];
-			bss->rsc[id][4] = rsc[1];
-			bss->rsc[id][5] = rsc[0];
-			wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
-		} else {
-			add_note(wt, MSG_INFO, "Unexpected WPA Key Data length "
-				 "in Group Key msg 1/2 from " MACSTR,
-				 MAC2STR(src));
-		}
-	}
-	os_free(decrypted);
-}
-
-
-static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst,
-				     const u8 *src, const u8 *data, size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-	u16 key_info;
-
-	wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR,
-		   MAC2STR(src), MAC2STR(dst));
-	bss = bss_get(wt, dst);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, src);
-	if (sta == NULL)
-		return;
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-	if (!is_zero(hdr->key_rsc, 8)) {
-		add_note(wt, MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used "
-			 "non-zero Key RSC", MAC2STR(src));
-	}
-	key_info = WPA_GET_BE16(hdr->key_info);
-
-	if (!sta->ptk_set) {
-		add_note(wt, MSG_DEBUG,
-			 "No PTK known to process EAPOL-Key 2/2");
-		return;
-	}
-
-	if (sta->ptk_set &&
-	    check_mic(sta->ptk.kck, sta->ptk.kck_len, sta->key_mgmt,
-		      key_info & WPA_KEY_INFO_TYPE_MASK,
-		      data, len) < 0) {
-		add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC");
-		return;
-	}
-	add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2");
-}
-
-
-static void rx_data_eapol_key(struct wlantest *wt, const u8 *bssid,
-			      const u8 *sta_addr, const u8 *dst,
-			      const u8 *src, const u8 *data, size_t len,
-			      int prot)
-{
-	const struct ieee802_1x_hdr *eapol;
-	const struct wpa_eapol_key *hdr;
-	const u8 *key_data;
-	u16 key_info, key_length, ver, key_data_length;
-	size_t mic_len = 16;
-	const u8 *mic;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	bss = bss_get(wt, bssid);
-	if (bss) {
-		if (sta_addr)
-			sta = sta_get(bss, sta_addr);
-		else
-			sta = NULL;
-		if (sta)
-			mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
-	}
-
-	eapol = (const struct ieee802_1x_hdr *) data;
-	hdr = (const struct wpa_eapol_key *) (eapol + 1);
-
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key",
-		    (const u8 *) hdr, len - sizeof(*eapol));
-	if (len < sizeof(*hdr) + mic_len + 2) {
-		add_note(wt, MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
-			 MAC2STR(src));
-		return;
-	}
-	mic = (const u8 *) (hdr + 1);
-
-	if (hdr->type == EAPOL_KEY_TYPE_RC4) {
-		/* TODO: EAPOL-Key RC4 for WEP */
-		wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from "
-			   MACSTR, MAC2STR(src));
-		return;
-	}
-
-	if (hdr->type != EAPOL_KEY_TYPE_RSN &&
-	    hdr->type != EAPOL_KEY_TYPE_WPA) {
-		wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type "
-			   "%u from " MACSTR, hdr->type, MAC2STR(src));
-		return;
-	}
-
-	key_info = WPA_GET_BE16(hdr->key_info);
-	key_length = WPA_GET_BE16(hdr->key_length);
-	key_data_length = WPA_GET_BE16(mic + mic_len);
-	key_data = mic + mic_len + 2;
-	if (key_data + key_data_length > data + len) {
-		add_note(wt, MSG_INFO, "Truncated EAPOL-Key from " MACSTR,
-			 MAC2STR(src));
-		return;
-	}
-	if (key_data + key_data_length < data + len) {
-		wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data "
-			    "field", key_data + key_data_length,
-			data + len - key_data - key_data_length);
-	}
-
-
-	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
-	wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s "
-		   "datalen=%u",
-		   ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G',
-		   (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
-		   WPA_KEY_INFO_KEY_INDEX_SHIFT,
-		   (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "",
-		   (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "",
-		   (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "",
-		   (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "",
-		   (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "",
-		   (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "",
-		   (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "",
-		   (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "",
-		   key_data_length);
-
-	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
-	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
-	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
-	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
-		wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
-			   "Version %u from " MACSTR, ver, MAC2STR(src));
-		return;
-	}
-
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter",
-		    hdr->replay_counter, WPA_REPLAY_COUNTER_LEN);
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce",
-		    hdr->key_nonce, WPA_NONCE_LEN);
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV",
-		    hdr->key_iv, 16);
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC",
-		    hdr->key_rsc, WPA_KEY_RSC_LEN);
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC",
-		    mic, mic_len);
-	wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data",
-		    key_data, key_data_length);
-
-	if (hdr->type == EAPOL_KEY_TYPE_RSN &&
-	    (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) !=
-	    0) {
-		wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved "
-			   "Key Info bits 0x%x from " MACSTR,
-			   key_info, MAC2STR(src));
-	}
-
-	if (hdr->type == EAPOL_KEY_TYPE_WPA &&
-	    (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA |
-			 WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) {
-		wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved "
-			   "Key Info bits 0x%x from " MACSTR,
-			   key_info, MAC2STR(src));
-	}
-
-	if (key_length > 32) {
-		wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d "
-			   "from " MACSTR, key_length, MAC2STR(src));
-	}
-
-	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
-	    !is_zero(hdr->key_iv, 16)) {
-		wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV "
-			   "(reserved with ver=%d) field from " MACSTR,
-			   ver, MAC2STR(src));
-		wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)",
-			    hdr->key_iv, 16);
-	}
-
-	if (!is_zero(hdr->key_id, 8)) {
-		wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID "
-			   "(reserved) field from " MACSTR, MAC2STR(src));
-		wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)",
-			    hdr->key_id, 8);
-	}
-
-	if (hdr->key_rsc[6] || hdr->key_rsc[7]) {
-		wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets "
-			   "(last two are unused)" MACSTR, MAC2STR(src));
-	}
-
-	if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST))
-		return;
-
-	if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
-		return;
-
-	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
-		/* 4-Way Handshake */
-		switch (key_info & (WPA_KEY_INFO_SECURE |
-				    WPA_KEY_INFO_MIC |
-				    WPA_KEY_INFO_ACK |
-				    WPA_KEY_INFO_INSTALL)) {
-		case WPA_KEY_INFO_ACK:
-			rx_data_eapol_key_1_of_4(wt, dst, src, data, len);
-			break;
-		case WPA_KEY_INFO_MIC:
-			if (key_data_length == 0)
-				rx_data_eapol_key_4_of_4(wt, dst, src, data,
-							 len);
-			else
-				rx_data_eapol_key_2_of_4(wt, dst, src, data,
-							 len);
-			break;
-		case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK |
-			WPA_KEY_INFO_INSTALL:
-			/* WPA does not include Secure bit in 3/4 */
-			rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
-			break;
-		case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
-			WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
-		case WPA_KEY_INFO_SECURE |
-			WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
-			rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
-			break;
-		case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
-		case WPA_KEY_INFO_SECURE:
-			if (key_data_length == 0)
-				rx_data_eapol_key_4_of_4(wt, dst, src, data,
-							 len);
-			else
-				rx_data_eapol_key_2_of_4(wt, dst, src, data,
-							 len);
-			break;
-		default:
-			wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
-			break;
-		}
-	} else {
-		/* Group Key Handshake */
-		switch (key_info & (WPA_KEY_INFO_SECURE |
-				    WPA_KEY_INFO_MIC |
-				    WPA_KEY_INFO_ACK)) {
-		case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
-			WPA_KEY_INFO_ACK:
-		case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ACK:
-			rx_data_eapol_key_1_of_2(wt, dst, src, data, len);
-			break;
-		case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
-		case WPA_KEY_INFO_SECURE:
-			rx_data_eapol_key_2_of_2(wt, dst, src, data, len);
-			break;
-		default:
-			wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
-			break;
-		}
-	}
-}
-
-
-void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
-		   const u8 *dst, const u8 *src,
-		   const u8 *data, size_t len, int prot)
-{
-	const struct ieee802_1x_hdr *hdr;
-	u16 length;
-	const u8 *p;
-
-	wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len);
-	if (len < sizeof(*hdr)) {
-		wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR,
-			   MAC2STR(src));
-		return;
-	}
-
-	hdr = (const struct ieee802_1x_hdr *) data;
-	length = be_to_host16(hdr->length);
-	wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u "
-		   "type=%u len=%u",
-		   MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "",
-		   hdr->version, hdr->type, length);
-	if (hdr->version < 1 || hdr->version > 3) {
-		wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from "
-			   MACSTR, hdr->version, MAC2STR(src));
-	}
-	if (sizeof(*hdr) + length > len) {
-		wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR,
-			   MAC2STR(src));
-		return;
-	}
-
-	if (sizeof(*hdr) + length < len) {
-		wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes",
-			   (int) (len - sizeof(*hdr) - length));
-	}
-	p = (const u8 *) (hdr + 1);
-
-	switch (hdr->type) {
-	case IEEE802_1X_TYPE_EAP_PACKET:
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length);
-		break;
-	case IEEE802_1X_TYPE_EAPOL_START:
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length);
-		break;
-	case IEEE802_1X_TYPE_EAPOL_LOGOFF:
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
-		break;
-	case IEEE802_1X_TYPE_EAPOL_KEY:
-		rx_data_eapol_key(wt, bssid, sta_addr, dst, src, data,
-				  sizeof(*hdr) + length, prot);
-		break;
-	case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
-		wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
-			    p, length);
-		break;
-	default:
-		wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length);
-		break;
-	}
-}
diff --git a/wlantest/rx_ip.c b/wlantest/rx_ip.c
deleted file mode 100644
index b0fdd2068c96..000000000000
--- a/wlantest/rx_ip.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Received Data frame processing for IPv4 packets
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-
-#include "utils/common.h"
-#include "wlantest.h"
-
-
-#ifndef __APPLE__
-
-static void ping_update(struct wlantest *wt, struct wlantest_sta *sta, int req,
-			u32 src, u32 dst, u16 id, u16 seq)
-{
-	if (req) {
-		sta->icmp_echo_req_src = src;
-		sta->icmp_echo_req_dst = dst;
-		sta->icmp_echo_req_id = id;
-		sta->icmp_echo_req_seq = seq;
-		return;
-	}
-
-	if (sta->icmp_echo_req_src == dst &&
-	    sta->icmp_echo_req_dst == src &&
-	    sta->icmp_echo_req_id == id &&
-	    sta->icmp_echo_req_seq == seq) {
-		sta->counters[WLANTEST_STA_COUNTER_PING_OK]++;
-		if (sta->counters[WLANTEST_STA_COUNTER_ASSOCREQ_TX] == 0 &&
-		    sta->counters[WLANTEST_STA_COUNTER_REASSOCREQ_TX] == 0)
-			sta->counters[
-				WLANTEST_STA_COUNTER_PING_OK_FIRST_ASSOC]++;
-		add_note(wt, MSG_DEBUG, "ICMP echo (ping) match for STA "
-			 MACSTR, MAC2STR(sta->addr));
-	}
-}
-
-
-static void rx_data_icmp(struct wlantest *wt, const u8 *bssid,
-			 const u8 *sta_addr, u32 dst, u32 src,
-			 const u8 *data, size_t len, const u8 *peer_addr)
-{
-	struct in_addr addr;
-	char buf[20];
-	const struct icmphdr *hdr;
-	u16 id, seq;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	hdr = (const struct icmphdr *) data;
-	if (len < 4)
-		return;
-
-	/* TODO: check hdr->checksum */
-
-	if (hdr->type != ICMP_ECHOREPLY && hdr->type != ICMP_ECHO)
-		return;
-	if (len < 8)
-		return;
-
-	id = ntohs(hdr->un.echo.id);
-	seq = ntohs(hdr->un.echo.sequence);
-
-	addr.s_addr = dst;
-	snprintf(buf, sizeof(buf), "%s", inet_ntoa(addr));
-	addr.s_addr = src;
-	add_note(wt, MSG_DEBUG, "ICMP echo %s %s -> %s id=%04x seq=%u len=%u%s",
-		 hdr->type == ICMP_ECHO ? "request" : "response",
-		 inet_ntoa(addr), buf, id, seq, (unsigned) len - 8,
-		 peer_addr ? " [DL]" : "");
-
-	bss = bss_find(wt, bssid);
-	if (bss == NULL) {
-		add_note(wt, MSG_INFO, "No BSS " MACSTR
-			 " known for ICMP packet", MAC2STR(bssid));
-		return;
-	}
-
-	if (sta_addr == NULL)
-		return; /* FromDS broadcast ping */
-
-	sta = sta_find(bss, sta_addr);
-	if (sta == NULL) {
-		add_note(wt, MSG_INFO, "No STA " MACSTR
-			 " known for ICMP packet", MAC2STR(sta_addr));
-		return;
-	}
-
-	ping_update(wt, sta, hdr->type == ICMP_ECHO, src, dst, id, seq);
-	if (peer_addr && (sta = sta_find(bss, peer_addr)))
-		ping_update(wt, sta, hdr->type == ICMP_ECHO, src, dst, id, seq);
-}
-
-#endif /* __APPLE__ */
-
-
-static int hwsim_test_packet(const u8 *data, size_t len)
-{
-	size_t i;
-
-	if (len != 1500 - 14)
-		return 0;
-
-	for (i = 0; i < len; i++) {
-		if (data[i] != (i & 0xff))
-			return 0;
-	}
-
-	return 1;
-}
-
-
-void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
-		const u8 *dst, const u8 *src, const u8 *data, size_t len,
-		const u8 *peer_addr)
-{
-	struct ip ip;
-	const u8 *payload;
-	size_t plen;
-	uint16_t frag_off, ip_len;
-
-	if (len < sizeof(ip))
-		return;
-	os_memcpy(&ip, data, sizeof(ip));
-
-	if (ip.ip_v != 4) {
-		if (hwsim_test_packet(data, len)) {
-			add_note(wt, MSG_INFO, "hwsim_test package");
-			return;
-		}
-		add_note(wt, MSG_DEBUG, "Unexpected IP protocol version %u in "
-			 "IPv4 packet (bssid=" MACSTR " str=" MACSTR
-			 " dst=" MACSTR ")", ip.ip_v, MAC2STR(bssid),
-			 MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-	if (ip.ip_hl * 4 < sizeof(ip)) {
-		add_note(wt, MSG_DEBUG, "Unexpected IP header length %u in "
-			 "IPv4 packet (bssid=" MACSTR " str=" MACSTR
-			 " dst=" MACSTR ")", ip.ip_hl, MAC2STR(bssid),
-			 MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-	if (ip.ip_hl * 4 > len) {
-		add_note(wt, MSG_DEBUG, "Truncated IP header (ihl=%u len=%u) "
-			 "in IPv4 packet (bssid=" MACSTR " str=" MACSTR
-			 " dst=" MACSTR ")", ip.ip_hl, (unsigned) len,
-			 MAC2STR(bssid), MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-
-	/* TODO: check header checksum in ip.ip_sum */
-
-	frag_off = be_to_host16(ip.ip_off);
-	if (frag_off & 0x1fff) {
-		wpa_printf(MSG_EXCESSIVE, "IP fragment reassembly not yet "
-			   "supported");
-		return;
-	}
-
-	ip_len = be_to_host16(ip.ip_len);
-	if (ip_len > len)
-		return;
-	if (ip_len < len)
-		len = ip_len;
-
-	payload = data + 4 * ip.ip_hl;
-	plen = len - 4 * ip.ip_hl;
-
-	switch (ip.ip_p) {
-#ifndef __APPLE__
-	case IPPROTO_ICMP:
-		rx_data_icmp(wt, bssid, sta_addr, ip.ip_dst.s_addr,
-			     ip.ip_src.s_addr, payload, plen, peer_addr);
-		break;
-#endif /* __APPLE__ */
-	}
-}
diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c
deleted file mode 100644
index f7690e07f910..000000000000
--- a/wlantest/rx_mgmt.c
+++ /dev/null
@@ -1,2642 +0,0 @@
-/*
- * Received Management frame processing
- * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/defs.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/wpa_common.h"
-#include "crypto/aes.h"
-#include "crypto/aes_siv.h"
-#include "crypto/aes_wrap.h"
-#include "wlantest.h"
-
-
-static int check_mmie_mic(unsigned int mgmt_group_cipher,
-			  const u8 *igtk, size_t igtk_len,
-			  const u8 *data, size_t len);
-
-
-static const char * mgmt_stype(u16 stype)
-{
-	switch (stype) {
-	case WLAN_FC_STYPE_ASSOC_REQ:
-		return "ASSOC-REQ";
-	case WLAN_FC_STYPE_ASSOC_RESP:
-		return "ASSOC-RESP";
-	case WLAN_FC_STYPE_REASSOC_REQ:
-		return "REASSOC-REQ";
-	case WLAN_FC_STYPE_REASSOC_RESP:
-		return "REASSOC-RESP";
-	case WLAN_FC_STYPE_PROBE_REQ:
-		return "PROBE-REQ";
-	case WLAN_FC_STYPE_PROBE_RESP:
-		return "PROBE-RESP";
-	case WLAN_FC_STYPE_BEACON:
-		return "BEACON";
-	case WLAN_FC_STYPE_ATIM:
-		return "ATIM";
-	case WLAN_FC_STYPE_DISASSOC:
-		return "DISASSOC";
-	case WLAN_FC_STYPE_AUTH:
-		return "AUTH";
-	case WLAN_FC_STYPE_DEAUTH:
-		return "DEAUTH";
-	case WLAN_FC_STYPE_ACTION:
-		return "ACTION";
-	case WLAN_FC_STYPE_ACTION_NO_ACK:
-		return "ACTION-NO-ACK";
-	}
-	return "??";
-}
-
-
-static void rx_mgmt_beacon(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct ieee802_11_elems elems;
-	size_t offset;
-	const u8 *mme;
-	size_t mic_len;
-	u16 keyid;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	offset = mgmt->u.beacon.variable - data;
-	if (len < offset)
-		return;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (bss->proberesp_seen)
-		return; /* do not override with Beacon data */
-	bss->capab_info = le_to_host16(mgmt->u.beacon.capab_info);
-	if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - offset,
-				   &elems, 0) == ParseFailed) {
-		if (bss->parse_error_reported)
-			return;
-		add_note(wt, MSG_INFO, "Invalid IEs in a Beacon frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		bss->parse_error_reported = 1;
-		return;
-	}
-
-	bss_update(wt, bss, &elems, 1);
-
-	mme = get_ie(mgmt->u.beacon.variable, len - offset, WLAN_EID_MMIE);
-	if (!mme) {
-		if (bss->bigtk_idx) {
-			add_note(wt, MSG_INFO,
-				 "Unexpected unprotected Beacon frame from "
-				 MACSTR, MAC2STR(mgmt->sa));
-			bss->counters[WLANTEST_BSS_COUNTER_MISSING_BIP_MMIE]++;
-		}
-		return;
-	}
-
-	mic_len = bss->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC ? 8 : 16;
-	if (len < 24 + 10 + mic_len ||
-	    data[len - (10 + mic_len)] != WLAN_EID_MMIE ||
-	    data[len - (10 + mic_len - 1)] != 8 + mic_len) {
-		add_note(wt, MSG_INFO, "Invalid MME in a Beacon frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	mme += 2;
-	keyid = WPA_GET_LE16(mme);
-	if (keyid < 6 || keyid > 7) {
-		add_note(wt, MSG_INFO, "Unexpected MME KeyID %u from " MACSTR,
-			 keyid, MAC2STR(mgmt->sa));
-		bss->counters[WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE]++;
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "Beacon frame MME KeyID %u", keyid);
-	wpa_hexdump(MSG_MSGDUMP, "MME IPN", mme + 2, 6);
-	wpa_hexdump(MSG_MSGDUMP, "MME MIC", mme + 8, mic_len);
-
-	if (!bss->igtk_len[keyid]) {
-		add_note(wt, MSG_DEBUG, "No BIGTK known to validate BIP frame");
-		return;
-	}
-
-	if (os_memcmp(mme + 2, bss->ipn[keyid], 6) <= 0) {
-		add_note(wt, MSG_INFO, "BIP replay detected: SA=" MACSTR,
-			 MAC2STR(mgmt->sa));
-		wpa_hexdump(MSG_INFO, "RX IPN", mme + 2, 6);
-		wpa_hexdump(MSG_INFO, "Last RX IPN", bss->ipn[keyid], 6);
-	}
-
-	if (check_mmie_mic(bss->mgmt_group_cipher, bss->igtk[keyid],
-			   bss->igtk_len[keyid], data, len) < 0) {
-		add_note(wt, MSG_INFO, "Invalid MME MIC in a Beacon frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		bss->counters[WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE]++;
-		return;
-	}
-
-	add_note(wt, MSG_DEBUG, "Valid MME MIC in Beacon frame");
-	os_memcpy(bss->ipn[keyid], mme + 2, 6);
-}
-
-
-static void rx_mgmt_probe_resp(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct ieee802_11_elems elems;
-	size_t offset;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	offset = mgmt->u.probe_resp.variable - data;
-	if (len < offset)
-		return;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-
-	bss->counters[WLANTEST_BSS_COUNTER_PROBE_RESPONSE]++;
-	bss->capab_info = le_to_host16(mgmt->u.probe_resp.capab_info);
-	if (ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - offset,
-				   &elems, 0) == ParseFailed) {
-		if (bss->parse_error_reported)
-			return;
-		add_note(wt, MSG_INFO, "Invalid IEs in a Probe Response frame "
-			 "from " MACSTR, MAC2STR(mgmt->sa));
-		bss->parse_error_reported = 1;
-		return;
-	}
-
-	bss_update(wt, bss, &elems, 2);
-}
-
-
-static void process_fils_auth(struct wlantest *wt, struct wlantest_bss *bss,
-			      struct wlantest_sta *sta,
-			      const struct ieee80211_mgmt *mgmt, size_t len)
-{
-	struct ieee802_11_elems elems;
-	u16 trans;
-	struct wpa_ie_data data;
-
-	if (sta->auth_alg != WLAN_AUTH_FILS_SK ||
-	    len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth))
-		return;
-
-	trans = le_to_host16(mgmt->u.auth.auth_transaction);
-
-	if (ieee802_11_parse_elems(mgmt->u.auth.variable,
-				   len - IEEE80211_HDRLEN -
-				   sizeof(mgmt->u.auth), &elems, 0) ==
-	    ParseFailed)
-		return;
-
-	if (trans == 1) {
-		if (!elems.rsn_ie) {
-			add_note(wt, MSG_INFO,
-				 "FILS Authentication frame missing RSNE");
-			return;
-		}
-		if (wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2,
-					 elems.rsn_ie_len + 2, &data) < 0) {
-			add_note(wt, MSG_INFO,
-				 "Invalid RSNE in FILS Authentication frame");
-			return;
-		}
-		sta->key_mgmt = data.key_mgmt;
-		sta->pairwise_cipher = data.pairwise_cipher;
-	}
-
-	if (!elems.fils_nonce) {
-		add_note(wt, MSG_INFO,
-			 "FILS Authentication frame missing nonce");
-		return;
-	}
-
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		os_memcpy(sta->anonce, elems.fils_nonce, FILS_NONCE_LEN);
-	else
-		os_memcpy(sta->snonce, elems.fils_nonce, FILS_NONCE_LEN);
-}
-
-
-static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss,
-			    struct wlantest_sta *sta,
-			    const struct ieee80211_mgmt *mgmt, size_t len)
-{
-	u16 trans;
-	struct wpa_ft_ies parse;
-	struct wpa_ptk ptk;
-	u8 ptk_name[WPA_PMK_NAME_LEN];
-	struct wlantest_bss *old_bss;
-	struct wlantest_sta *old_sta = NULL;
-
-	if (sta->auth_alg != WLAN_AUTH_FT ||
-	    len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth))
-		return;
-
-	trans = le_to_host16(mgmt->u.auth.auth_transaction);
-
-	if (wpa_ft_parse_ies(mgmt->u.auth.variable,
-			     len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
-			     &parse, -1)) {
-		add_note(wt, MSG_INFO,
-			 "Could not parse FT Authentication Response frame");
-		return;
-	}
-
-	if (trans == 1) {
-		sta->key_mgmt = parse.key_mgmt;
-		sta->pairwise_cipher = parse.pairwise_cipher;
-		return;
-	}
-
-	if (trans != 2)
-		return;
-
-	/* TODO: Should find the latest updated PMK-R0 value here instead
-	 * copying the one from the first found matching old STA entry. */
-	dl_list_for_each(old_bss, &wt->bss, struct wlantest_bss, list) {
-		if (old_bss == bss)
-			continue;
-		old_sta = sta_find(old_bss, sta->addr);
-		if (old_sta)
-			break;
-	}
-	if (!old_sta)
-		return;
-
-	os_memcpy(sta->pmk_r0, old_sta->pmk_r0, old_sta->pmk_r0_len);
-	sta->pmk_r0_len = old_sta->pmk_r0_len;
-	os_memcpy(sta->pmk_r0_name, old_sta->pmk_r0_name,
-		  sizeof(sta->pmk_r0_name));
-
-	if (parse.r1kh_id)
-		os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
-
-	if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len, sta->pmk_r0_name,
-			      bss->r1kh_id, sta->addr, sta->pmk_r1,
-			      sta->pmk_r1_name) < 0)
-		return;
-	sta->pmk_r1_len = sta->pmk_r0_len;
-
-	if (!parse.fte_anonce || !parse.fte_snonce ||
-	    wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len, parse.fte_snonce,
-			      parse.fte_anonce, sta->addr, bss->bssid,
-			      sta->pmk_r1_name, &ptk, ptk_name, sta->key_mgmt,
-			      sta->pairwise_cipher, 0) < 0)
-		return;
-
-	add_note(wt, MSG_DEBUG, "Derived new PTK");
-	os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
-	sta->ptk_set = 1;
-	os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
-	os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
-}
-
-
-static void rx_mgmt_auth(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u16 alg, trans, status;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->da);
-	else
-		sta = sta_get(bss, mgmt->sa);
-	if (sta == NULL)
-		return;
-
-	if (len < 24 + 6) {
-		add_note(wt, MSG_INFO, "Too short Authentication frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	alg = le_to_host16(mgmt->u.auth.auth_alg);
-	sta->auth_alg = alg;
-	trans = le_to_host16(mgmt->u.auth.auth_transaction);
-	status = le_to_host16(mgmt->u.auth.status_code);
-
-	wpa_printf(MSG_DEBUG, "AUTH " MACSTR " -> " MACSTR
-		   " (alg=%u trans=%u status=%u)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), alg, trans, status);
-
-	if (alg == 0 && trans == 2 && status == 0) {
-		if (sta->state == STATE1) {
-			add_note(wt, MSG_DEBUG, "STA " MACSTR
-				 " moved to State 2 with " MACSTR,
-				 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-			sta->state = STATE2;
-		}
-	}
-
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta->counters[WLANTEST_STA_COUNTER_AUTH_RX]++;
-	else
-		sta->counters[WLANTEST_STA_COUNTER_AUTH_TX]++;
-
-	process_fils_auth(wt, bss, sta, mgmt, len);
-	process_ft_auth(wt, bss, sta, mgmt, len);
-}
-
-
-static void deauth_all_stas(struct wlantest *wt, struct wlantest_bss *bss)
-{
-	struct wlantest_sta *sta;
-	dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
-		if (sta->state == STATE1)
-			continue;
-		add_note(wt, MSG_DEBUG, "STA " MACSTR
-			 " moved to State 1 with " MACSTR,
-			 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-		sta->state = STATE1;
-	}
-}
-
-
-static void tdls_link_down(struct wlantest *wt, struct wlantest_bss *bss,
-			   struct wlantest_sta *sta)
-{
-	struct wlantest_tdls *tdls;
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if ((tdls->init == sta || tdls->resp == sta) && tdls->link_up)
-		{
-			add_note(wt, MSG_DEBUG, "TDLS: Set link down based on "
-				 "STA deauth/disassoc");
-			tdls->link_up = 0;
-		}
-	}
-}
-
-
-static void rx_mgmt_deauth(struct wlantest *wt, const u8 *data, size_t len,
-			   int valid)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u16 fc, reason;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->da);
-	else
-		sta = sta_get(bss, mgmt->sa);
-
-	if (len < 24 + 2) {
-		add_note(wt, MSG_INFO, "Too short Deauthentication frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	reason = le_to_host16(mgmt->u.deauth.reason_code);
-	wpa_printf(MSG_DEBUG, "DEAUTH " MACSTR " -> " MACSTR
-		   " (reason=%u) (valid=%d)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
-		   reason, valid);
-	wpa_hexdump(MSG_MSGDUMP, "DEAUTH payload", data + 24, len - 24);
-
-	if (sta == NULL) {
-		if (valid && mgmt->da[0] == 0xff)
-			deauth_all_stas(wt, bss);
-		return;
-	}
-
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
-		sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DEAUTH_RX :
-			      WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX]++;
-		if (sta->pwrmgt && !sta->pspoll)
-			sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_ASLEEP]++;
-		else
-			sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_AWAKE]++;
-
-		fc = le_to_host16(mgmt->frame_control);
-		if (!(fc & WLAN_FC_ISWEP) && reason == 6)
-			sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_RC6]++;
-		else if (!(fc & WLAN_FC_ISWEP) && reason == 7)
-			sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_RC7]++;
-	} else
-		sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DEAUTH_TX :
-			      WLANTEST_STA_COUNTER_INVALID_DEAUTH_TX]++;
-
-	if (!valid) {
-		add_note(wt, MSG_INFO, "Do not change STA " MACSTR " State "
-			 "since Disassociation frame was not protected "
-			 "correctly", MAC2STR(sta->addr));
-		return;
-	}
-
-	if (sta->state != STATE1) {
-		add_note(wt, MSG_DEBUG, "STA " MACSTR
-			 " moved to State 1 with " MACSTR,
-			 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-		sta->state = STATE1;
-	}
-	tdls_link_down(wt, bss, sta);
-}
-
-
-static const u8 * get_fils_session(const u8 *ies, size_t ies_len)
-{
-	const u8 *ie, *end;
-
-	ie = ies;
-	end = ((const u8 *) ie) + ies_len;
-	while (ie + 1 < end) {
-		if (ie + 2 + ie[1] > end)
-			break;
-		if (ie[0] == WLAN_EID_EXTENSION &&
-		    ie[1] >= 1 + FILS_SESSION_LEN &&
-		    ie[2] == WLAN_EID_EXT_FILS_SESSION)
-			return ie;
-		ie += 2 + ie[1];
-	}
-	return NULL;
-}
-
-
-static int try_rmsk(struct wlantest *wt, struct wlantest_bss *bss,
-		    struct wlantest_sta *sta, struct wlantest_pmk *pmk,
-		    const u8 *frame_start, const u8 *frame_ad,
-		    const u8 *frame_ad_end, const u8 *encr_end)
-{
-	size_t pmk_len = 0;
-	u8 pmk_buf[PMK_LEN_MAX];
-	struct wpa_ptk ptk;
-	u8 ick[FILS_ICK_MAX_LEN];
-	size_t ick_len;
-	const u8 *aad[5];
-	size_t aad_len[5];
-	u8 buf[2000];
-
-	if (fils_rmsk_to_pmk(sta->key_mgmt, pmk->pmk, pmk->pmk_len,
-			     sta->snonce, sta->anonce, NULL, 0,
-			     pmk_buf, &pmk_len) < 0)
-		return -1;
-
-	if (fils_pmk_to_ptk(pmk_buf, pmk_len, sta->addr, bss->bssid,
-			    sta->snonce, sta->anonce, NULL, 0,
-			    &ptk, ick, &ick_len,
-			    sta->key_mgmt, sta->pairwise_cipher,
-			    NULL, NULL, 0) < 0)
-		return -1;
-
-	/* Check AES-SIV decryption with the derived key */
-
-	/* AES-SIV AAD vectors */
-
-	/* The STA's MAC address */
-	aad[0] = sta->addr;
-	aad_len[0] = ETH_ALEN;
-	/* The AP's BSSID */
-	aad[1] = bss->bssid;
-	aad_len[1] = ETH_ALEN;
-	/* The STA's nonce */
-	aad[2] = sta->snonce;
-	aad_len[2] = FILS_NONCE_LEN;
-	/* The AP's nonce */
-	aad[3] = sta->anonce;
-	aad_len[3] = FILS_NONCE_LEN;
-	/*
-	 * The (Re)Association Request frame from the Capability Information
-	 * field to the FILS Session element (both inclusive).
-	 */
-	aad[4] = frame_ad;
-	aad_len[4] = frame_ad_end - frame_ad;
-
-	if (encr_end - frame_ad_end < AES_BLOCK_SIZE ||
-	    encr_end - frame_ad_end > sizeof(buf))
-		return -1;
-	if (aes_siv_decrypt(ptk.kek, ptk.kek_len,
-			    frame_ad_end, encr_end - frame_ad_end,
-			    5, aad, aad_len, buf) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "FILS: Derived PTK did not match AES-SIV data");
-		return -1;
-	}
-
-	add_note(wt, MSG_DEBUG, "Derived FILS PTK");
-	os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
-	sta->ptk_set = 1;
-	sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++;
-	wpa_hexdump(MSG_DEBUG, "FILS: Decrypted Association Request elements",
-		    buf, encr_end - frame_ad_end - AES_BLOCK_SIZE);
-
-	if (wt->write_pcap_dumper || wt->pcapng) {
-		write_pcap_decrypted(wt, frame_start,
-				     frame_ad_end - frame_start,
-				     buf,
-				     encr_end - frame_ad_end - AES_BLOCK_SIZE);
-	}
-
-	return 0;
-}
-
-
-static void derive_fils_keys(struct wlantest *wt, struct wlantest_bss *bss,
-			     struct wlantest_sta *sta, const u8 *frame_start,
-			     const u8 *frame_ad, const u8 *frame_ad_end,
-			     const u8 *encr_end)
-{
-	struct wlantest_pmk *pmk;
-
-	wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR
-		   " from FILS rMSK", MAC2STR(sta->addr));
-
-	dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk,
-			 list) {
-		wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
-		if (try_rmsk(wt, bss, sta, pmk, frame_start, frame_ad,
-			     frame_ad_end, encr_end) == 0)
-			return;
-	}
-
-	dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) {
-		wpa_printf(MSG_DEBUG, "Try global PMK");
-		if (try_rmsk(wt, bss, sta, pmk, frame_start, frame_ad,
-			     frame_ad_end, encr_end) == 0)
-			return;
-	}
-}
-
-
-static void rx_mgmt_assoc_req(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	struct ieee802_11_elems elems;
-	const u8 *ie;
-	size_t ie_len;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, mgmt->sa);
-	if (sta == NULL)
-		return;
-
-	if (len < 24 + 4) {
-		add_note(wt, MSG_INFO, "Too short Association Request frame "
-			 "from " MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "ASSOCREQ " MACSTR " -> " MACSTR
-		   " (capab=0x%x listen_int=%u)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
-		   le_to_host16(mgmt->u.assoc_req.capab_info),
-		   le_to_host16(mgmt->u.assoc_req.listen_interval));
-
-	sta->counters[WLANTEST_STA_COUNTER_ASSOCREQ_TX]++;
-
-	ie = mgmt->u.assoc_req.variable;
-	ie_len = len - (mgmt->u.assoc_req.variable - data);
-
-	if (sta->auth_alg == WLAN_AUTH_FILS_SK) {
-		const u8 *session, *frame_ad, *frame_ad_end, *encr_end;
-
-		session = get_fils_session(ie, ie_len);
-		if (session) {
-			frame_ad = (const u8 *) &mgmt->u.assoc_req.capab_info;
-			frame_ad_end = session + 2 + session[1];
-			encr_end = data + len;
-			derive_fils_keys(wt, bss, sta, data, frame_ad,
-					 frame_ad_end, encr_end);
-			ie_len = session - ie;
-		}
-	}
-
-	if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
-		add_note(wt, MSG_INFO, "Invalid IEs in Association Request "
-			 "frame from " MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	sta->assocreq_capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
-	sta->assocreq_listen_int =
-		le_to_host16(mgmt->u.assoc_req.listen_interval);
-	os_free(sta->assocreq_ies);
-	sta->assocreq_ies_len = len - (mgmt->u.assoc_req.variable - data);
-	sta->assocreq_ies = os_malloc(sta->assocreq_ies_len);
-	if (sta->assocreq_ies)
-		os_memcpy(sta->assocreq_ies, mgmt->u.assoc_req.variable,
-			  sta->assocreq_ies_len);
-
-	sta->assocreq_seen = 1;
-	sta_update_assoc(sta, &elems);
-}
-
-
-static void decrypt_fils_assoc_resp(struct wlantest *wt,
-				    struct wlantest_bss *bss,
-				    struct wlantest_sta *sta,
-				    const u8 *frame_start, const u8 *frame_ad,
-				    const u8 *frame_ad_end, const u8 *encr_end)
-{
-	const u8 *aad[5];
-	size_t aad_len[5];
-	u8 buf[2000];
-
-	if (!sta->ptk_set)
-		return;
-
-	/* Check AES-SIV decryption with the derived key */
-
-	/* AES-SIV AAD vectors */
-
-	/* The AP's BSSID */
-	aad[0] = bss->bssid;
-	aad_len[0] = ETH_ALEN;
-	/* The STA's MAC address */
-	aad[1] = sta->addr;
-	aad_len[1] = ETH_ALEN;
-	/* The AP's nonce */
-	aad[2] = sta->anonce;
-	aad_len[2] = FILS_NONCE_LEN;
-	/* The STA's nonce */
-	aad[3] = sta->snonce;
-	aad_len[3] = FILS_NONCE_LEN;
-	/*
-	 * The (Re)Association Response frame from the Capability Information
-	 * field to the FILS Session element (both inclusive).
-	 */
-	aad[4] = frame_ad;
-	aad_len[4] = frame_ad_end - frame_ad;
-
-	if (encr_end - frame_ad_end < AES_BLOCK_SIZE ||
-	    encr_end - frame_ad_end > sizeof(buf))
-		return;
-	if (aes_siv_decrypt(sta->ptk.kek, sta->ptk.kek_len,
-			    frame_ad_end, encr_end - frame_ad_end,
-			    5, aad, aad_len, buf) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "FILS: Derived PTK did not match AES-SIV data");
-		return;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "FILS: Decrypted Association Response elements",
-		    buf, encr_end - frame_ad_end - AES_BLOCK_SIZE);
-
-	if (wt->write_pcap_dumper || wt->pcapng) {
-		write_pcap_decrypted(wt, frame_start,
-				     frame_ad_end - frame_start,
-				     buf,
-				     encr_end - frame_ad_end - AES_BLOCK_SIZE);
-	}
-}
-
-
-static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u16 capab, status, aid;
-	const u8 *ies;
-	size_t ies_len;
-	struct wpa_ft_ies parse;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, mgmt->da);
-	if (sta == NULL)
-		return;
-
-	if (len < 24 + 6) {
-		add_note(wt, MSG_INFO, "Too short Association Response frame "
-			 "from " MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	ies = mgmt->u.assoc_resp.variable;
-	ies_len = len - (mgmt->u.assoc_resp.variable - data);
-
-	capab = le_to_host16(mgmt->u.assoc_resp.capab_info);
-	status = le_to_host16(mgmt->u.assoc_resp.status_code);
-	aid = le_to_host16(mgmt->u.assoc_resp.aid);
-
-	wpa_printf(MSG_DEBUG, "ASSOCRESP " MACSTR " -> " MACSTR
-		   " (capab=0x%x status=%u aid=%u)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), capab, status,
-		   aid & 0x3fff);
-
-	if (sta->auth_alg == WLAN_AUTH_FILS_SK) {
-		const u8 *session, *frame_ad, *frame_ad_end, *encr_end;
-
-		session = get_fils_session(ies, ies_len);
-		if (session) {
-			frame_ad = (const u8 *) &mgmt->u.assoc_resp.capab_info;
-			frame_ad_end = session + 2 + session[1];
-			encr_end = data + len;
-			decrypt_fils_assoc_resp(wt, bss, sta, data, frame_ad,
-						frame_ad_end, encr_end);
-			ies_len = session - ies;
-		}
-	}
-
-	if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
-		struct ieee802_11_elems elems;
-		if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
-		    ParseFailed) {
-			add_note(wt, MSG_INFO, "Failed to parse IEs in "
-				 "AssocResp from " MACSTR,
-				 MAC2STR(mgmt->sa));
-		} else if (elems.timeout_int == NULL ||
-			   elems.timeout_int[0] !=
-			   WLAN_TIMEOUT_ASSOC_COMEBACK) {
-			add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
-				 "with Assoc Comeback time in AssocResp "
-				 "(status=30) from " MACSTR,
-				 MAC2STR(mgmt->sa));
-		} else {
-			sta->counters[
-				WLANTEST_STA_COUNTER_ASSOCRESP_COMEBACK]++;
-		}
-	}
-
-	if (status)
-		return;
-
-	if ((aid & 0xc000) != 0xc000) {
-		add_note(wt, MSG_DEBUG, "Two MSBs of the AID were not set to 1 "
-			 "in Association Response from " MACSTR,
-			 MAC2STR(mgmt->sa));
-	}
-	sta->aid = aid & 0xc000;
-
-	if (sta->state < STATE2) {
-		add_note(wt, MSG_DEBUG,
-			 "STA " MACSTR " was not in State 2 when "
-			 "getting associated", MAC2STR(sta->addr));
-	}
-
-	if (sta->state < STATE3) {
-		add_note(wt, MSG_DEBUG, "STA " MACSTR
-			 " moved to State 3 with " MACSTR,
-			 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-		sta->state = STATE3;
-	}
-
-	if (wpa_ft_parse_ies(ies, ies_len, &parse, 0) == 0) {
-		if (parse.r0kh_id) {
-			os_memcpy(bss->r0kh_id, parse.r0kh_id,
-				  parse.r0kh_id_len);
-			bss->r0kh_id_len = parse.r0kh_id_len;
-		}
-		if (parse.r1kh_id)
-			os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
-	}
-}
-
-
-static void rx_mgmt_reassoc_req(struct wlantest *wt, const u8 *data,
-				size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	struct ieee802_11_elems elems;
-	const u8 *ie;
-	size_t ie_len;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, mgmt->sa);
-	if (sta == NULL)
-		return;
-
-	if (len < 24 + 4 + ETH_ALEN) {
-		add_note(wt, MSG_INFO, "Too short Reassociation Request frame "
-			 "from " MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "REASSOCREQ " MACSTR " -> " MACSTR
-		   " (capab=0x%x listen_int=%u current_ap=" MACSTR ")",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
-		   le_to_host16(mgmt->u.reassoc_req.capab_info),
-		   le_to_host16(mgmt->u.reassoc_req.listen_interval),
-		   MAC2STR(mgmt->u.reassoc_req.current_ap));
-
-	sta->counters[WLANTEST_STA_COUNTER_REASSOCREQ_TX]++;
-
-	ie = mgmt->u.reassoc_req.variable;
-	ie_len = len - (mgmt->u.reassoc_req.variable - data);
-
-	if (sta->auth_alg == WLAN_AUTH_FILS_SK) {
-		const u8 *session, *frame_ad, *frame_ad_end, *encr_end;
-
-		session = get_fils_session(ie, ie_len);
-		if (session) {
-			frame_ad = (const u8 *) &mgmt->u.reassoc_req.capab_info;
-			frame_ad_end = session + 2 + session[1];
-			encr_end = data + len;
-			derive_fils_keys(wt, bss, sta, data, frame_ad,
-					 frame_ad_end, encr_end);
-			ie_len = session - ie;
-		}
-	}
-
-	if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
-		add_note(wt, MSG_INFO, "Invalid IEs in Reassociation Request "
-			 "frame from " MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	sta->assocreq_capab_info =
-		le_to_host16(mgmt->u.reassoc_req.capab_info);
-	sta->assocreq_listen_int =
-		le_to_host16(mgmt->u.reassoc_req.listen_interval);
-	os_free(sta->assocreq_ies);
-	sta->assocreq_ies_len = len - (mgmt->u.reassoc_req.variable - data);
-	sta->assocreq_ies = os_malloc(sta->assocreq_ies_len);
-	if (sta->assocreq_ies)
-		os_memcpy(sta->assocreq_ies, mgmt->u.reassoc_req.variable,
-			  sta->assocreq_ies_len);
-
-	sta->assocreq_seen = 1;
-	sta_update_assoc(sta, &elems);
-
-	if (elems.ftie) {
-		struct wpa_ft_ies parse;
-		int use_sha384;
-		struct rsn_mdie *mde;
-		const u8 *anonce, *snonce, *fte_mic;
-		u8 fte_elem_count;
-		unsigned int count;
-		u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
-		size_t mic_len = 16;
-		const u8 *kck;
-		size_t kck_len;
-
-		use_sha384 = wpa_key_mgmt_sha384(sta->key_mgmt);
-
-		if (wpa_ft_parse_ies(ie, ie_len, &parse, use_sha384) < 0) {
-			add_note(wt, MSG_INFO, "FT: Failed to parse FT IEs");
-			return;
-		}
-
-		if (!parse.rsn) {
-			add_note(wt, MSG_INFO, "FT: No RSNE in Reassoc Req");
-			return;
-		}
-
-		if (!parse.rsn_pmkid) {
-			add_note(wt, MSG_INFO, "FT: No PMKID in RSNE");
-			return;
-		}
-
-		if (os_memcmp_const(parse.rsn_pmkid, sta->pmk_r1_name,
-				    WPA_PMK_NAME_LEN) != 0) {
-			add_note(wt, MSG_INFO,
-				 "FT: PMKID in Reassoc Req did not match PMKR1Name");
-			wpa_hexdump(MSG_DEBUG,
-				    "FT: Received RSNE[PMKR1Name]",
-				    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
-			wpa_hexdump(MSG_DEBUG,
-				    "FT: Previously derived PMKR1Name",
-				    sta->pmk_r1_name, WPA_PMK_NAME_LEN);
-			return;
-		}
-
-		mde = (struct rsn_mdie *) parse.mdie;
-		if (!mde || parse.mdie_len < sizeof(*mde) ||
-		    os_memcmp(mde->mobility_domain, bss->mdid,
-			      MOBILITY_DOMAIN_ID_LEN) != 0) {
-			add_note(wt, MSG_INFO, "FT: Invalid MDE");
-		}
-
-		if (use_sha384) {
-			struct rsn_ftie_sha384 *fte;
-
-			fte = (struct rsn_ftie_sha384 *) parse.ftie;
-			if (!fte || parse.ftie_len < sizeof(*fte)) {
-				add_note(wt, MSG_INFO, "FT: Invalid FTE");
-				return;
-			}
-
-			anonce = fte->anonce;
-			snonce = fte->snonce;
-			fte_elem_count = fte->mic_control[1];
-			fte_mic = fte->mic;
-		} else {
-			struct rsn_ftie *fte;
-
-			fte = (struct rsn_ftie *) parse.ftie;
-			if (!fte || parse.ftie_len < sizeof(*fte)) {
-				add_note(wt, MSG_INFO, "FT: Invalid FTIE");
-				return;
-			}
-
-			anonce = fte->anonce;
-			snonce = fte->snonce;
-			fte_elem_count = fte->mic_control[1];
-			fte_mic = fte->mic;
-		}
-
-		if (os_memcmp(snonce, sta->snonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "FT: SNonce mismatch in FTIE");
-			wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
-				    snonce, WPA_NONCE_LEN);
-			wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
-				    sta->snonce, WPA_NONCE_LEN);
-			return;
-		}
-
-		if (os_memcmp(anonce, sta->anonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "FT: ANonce mismatch in FTIE");
-			wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
-				    anonce, WPA_NONCE_LEN);
-			wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
-				    sta->anonce, WPA_NONCE_LEN);
-			return;
-		}
-
-		if (!parse.r0kh_id) {
-			add_note(wt, MSG_INFO, "FT: No R0KH-ID subelem in FTE");
-			return;
-		}
-		os_memcpy(bss->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
-		bss->r0kh_id_len = parse.r0kh_id_len;
-
-		if (!parse.r1kh_id) {
-			add_note(wt, MSG_INFO, "FT: No R1KH-ID subelem in FTE");
-			return;
-		}
-
-		os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
-
-		if (!parse.rsn_pmkid ||
-		    os_memcmp_const(parse.rsn_pmkid, sta->pmk_r1_name,
-				    WPA_PMK_NAME_LEN)) {
-			add_note(wt, MSG_INFO,
-				 "FT: No matching PMKR1Name (PMKID) in RSNE (pmkid=%d)",
-				 !!parse.rsn_pmkid);
-			return;
-		}
-
-		count = 3;
-		if (parse.ric)
-			count += ieee802_11_ie_count(parse.ric, parse.ric_len);
-		if (parse.rsnxe)
-			count++;
-		if (fte_elem_count != count) {
-			add_note(wt, MSG_INFO,
-				 "FT: Unexpected IE count in MIC Control: received %u expected %u",
-				 fte_elem_count, count);
-			return;
-		}
-
-		if (wpa_key_mgmt_fils(sta->key_mgmt)) {
-			kck = sta->ptk.kck2;
-			kck_len = sta->ptk.kck2_len;
-		} else {
-			kck = sta->ptk.kck;
-			kck_len = sta->ptk.kck_len;
-		}
-		if (wpa_ft_mic(kck, kck_len, sta->addr, bss->bssid, 5,
-			       parse.mdie - 2, parse.mdie_len + 2,
-			       parse.ftie - 2, parse.ftie_len + 2,
-			       parse.rsn - 2, parse.rsn_len + 2,
-			       parse.ric, parse.ric_len,
-			       parse.rsnxe ? parse.rsnxe - 2 : NULL,
-			       parse.rsnxe ? parse.rsnxe_len + 2 : 0,
-			       mic) < 0) {
-			add_note(wt, MSG_INFO, "FT: Failed to calculate MIC");
-			return;
-		}
-
-		if (os_memcmp_const(mic, fte_mic, mic_len) != 0) {
-			add_note(wt, MSG_INFO, "FT: Invalid MIC in FTE");
-			wpa_printf(MSG_DEBUG,
-				   "FT: addr=" MACSTR " auth_addr=" MACSTR,
-				   MAC2STR(sta->addr),
-				   MAC2STR(bss->bssid));
-			wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
-				    fte_mic, mic_len);
-			wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC",
-				    mic, mic_len);
-			wpa_hexdump(MSG_MSGDUMP, "FT: MDE",
-				    parse.mdie - 2, parse.mdie_len + 2);
-			wpa_hexdump(MSG_MSGDUMP, "FT: FTE",
-				    parse.ftie - 2, parse.ftie_len + 2);
-			wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
-				    parse.rsn - 2, parse.rsn_len + 2);
-			wpa_hexdump(MSG_MSGDUMP, "FT: RSNXE",
-				    parse.rsnxe ? parse.rsnxe - 2 : NULL,
-				    parse.rsnxe ? parse.rsnxe_len + 2 : 0);
-			return;
-		}
-
-		add_note(wt, MSG_INFO, "FT: Valid FTE MIC");
-	}
-}
-
-
-static void process_gtk_subelem(struct wlantest *wt, struct wlantest_bss *bss,
-				struct wlantest_sta *sta,
-				const u8 *kek, size_t kek_len,
-				const u8 *gtk_elem,
-				size_t gtk_elem_len)
-{
-	u8 gtk[32];
-	int keyidx;
-	enum wpa_alg alg;
-	size_t gtk_len, keylen;
-	const u8 *rsc;
-
-	if (!gtk_elem) {
-		add_note(wt, MSG_INFO, "FT: No GTK included in FTE");
-		return;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "FT: Received GTK in Reassoc Resp",
-		    gtk_elem, gtk_elem_len);
-
-	if (gtk_elem_len < 11 + 24 || (gtk_elem_len - 11) % 8 ||
-	    gtk_elem_len - 19 > sizeof(gtk)) {
-		add_note(wt, MSG_INFO, "FT: Invalid GTK sub-elem length %zu",
-			 gtk_elem_len);
-		return;
-	}
-	gtk_len = gtk_elem_len - 19;
-	if (aes_unwrap(kek, kek_len, gtk_len / 8, gtk_elem + 11, gtk)) {
-		add_note(wt, MSG_INFO,
-			 "FT: AES unwrap failed - could not decrypt GTK");
-		return;
-	}
-
-	keylen = wpa_cipher_key_len(bss->group_cipher);
-	alg = wpa_cipher_to_alg(bss->group_cipher);
-	if (alg == WPA_ALG_NONE) {
-		add_note(wt, MSG_INFO, "FT: Unsupported Group Cipher %d",
-			 bss->group_cipher);
-		return;
-	}
-
-	if (gtk_len < keylen) {
-		add_note(wt, MSG_INFO, "FT: Too short GTK in FTE");
-		return;
-	}
-
-	/* Key Info[2] | Key Length[1] | RSC[8] | Key[5..32]. */
-
-	keyidx = WPA_GET_LE16(gtk_elem) & 0x03;
-
-	if (gtk_elem[2] != keylen) {
-		add_note(wt, MSG_INFO,
-			 "FT: GTK length mismatch: received %u negotiated %zu",
-			 gtk_elem[2], keylen);
-		return;
-	}
-
-	add_note(wt, MSG_DEBUG, "GTK KeyID=%u", keyidx);
-	wpa_hexdump(MSG_DEBUG, "FT: GTK from Reassoc Resp", gtk, keylen);
-	if (bss->group_cipher == WPA_CIPHER_TKIP) {
-		/* Swap Tx/Rx keys for Michael MIC */
-		u8 tmp[8];
-
-		os_memcpy(tmp, gtk + 16, 8);
-		os_memcpy(gtk + 16, gtk + 24, 8);
-		os_memcpy(gtk + 24, tmp, 8);
-	}
-
-	bss->gtk_len[keyidx] = gtk_len;
-	sta->gtk_len = gtk_len;
-	os_memcpy(bss->gtk[keyidx], gtk, gtk_len);
-	os_memcpy(sta->gtk, gtk, gtk_len);
-	rsc = gtk_elem + 2;
-	bss->rsc[keyidx][0] = rsc[5];
-	bss->rsc[keyidx][1] = rsc[4];
-	bss->rsc[keyidx][2] = rsc[3];
-	bss->rsc[keyidx][3] = rsc[2];
-	bss->rsc[keyidx][4] = rsc[1];
-	bss->rsc[keyidx][5] = rsc[0];
-	bss->gtk_idx = keyidx;
-	sta->gtk_idx = keyidx;
-	wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[keyidx], 6);
-}
-
-
-static void process_igtk_subelem(struct wlantest *wt, struct wlantest_bss *bss,
-				 struct wlantest_sta *sta,
-				 const u8 *kek, size_t kek_len,
-				 const u8 *igtk_elem, size_t igtk_elem_len)
-{
-	u8 igtk[WPA_IGTK_MAX_LEN];
-	size_t igtk_len;
-	u16 keyidx;
-	const u8 *ipn;
-
-	if (bss->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC &&
-	    bss->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 &&
-	    bss->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 &&
-	    bss->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256)
-		return;
-
-	if (!igtk_elem) {
-		add_note(wt, MSG_INFO, "FT: No IGTK included in FTE");
-		return;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "FT: Received IGTK in Reassoc Resp",
-		    igtk_elem, igtk_elem_len);
-
-	igtk_len = wpa_cipher_key_len(bss->mgmt_group_cipher);
-	if (igtk_elem_len != 2 + 6 + 1 + igtk_len + 8) {
-		add_note(wt, MSG_INFO, "FT: Invalid IGTK sub-elem length %zu",
-			 igtk_elem_len);
-		return;
-	}
-	if (igtk_elem[8] != igtk_len) {
-		add_note(wt, MSG_INFO,
-			 "FT: Invalid IGTK sub-elem Key Length %d",
-			 igtk_elem[8]);
-		return;
-	}
-
-	if (aes_unwrap(kek, kek_len, igtk_len / 8, igtk_elem + 9, igtk)) {
-		add_note(wt, MSG_INFO,
-			 "FT: AES unwrap failed - could not decrypt IGTK");
-		return;
-	}
-
-	/* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
-
-	keyidx = WPA_GET_LE16(igtk_elem);
-
-	wpa_hexdump(MSG_DEBUG, "FT: IGTK from Reassoc Resp", igtk, igtk_len);
-
-	if (keyidx < 4 || keyidx > 5) {
-		add_note(wt, MSG_INFO, "Unexpected IGTK KeyID %u", keyidx);
-		return;
-	}
-
-	add_note(wt, MSG_DEBUG, "IGTK KeyID %u", keyidx);
-	wpa_hexdump(MSG_DEBUG, "IPN", igtk_elem + 2, 6);
-	wpa_hexdump(MSG_DEBUG, "IGTK", igtk, igtk_len);
-	os_memcpy(bss->igtk[keyidx], igtk, igtk_len);
-	bss->igtk_len[keyidx] = igtk_len;
-	ipn = igtk_elem + 2;
-	bss->ipn[keyidx][0] = ipn[5];
-	bss->ipn[keyidx][1] = ipn[4];
-	bss->ipn[keyidx][2] = ipn[3];
-	bss->ipn[keyidx][3] = ipn[2];
-	bss->ipn[keyidx][4] = ipn[1];
-	bss->ipn[keyidx][5] = ipn[0];
-	bss->igtk_idx = keyidx;
-}
-
-
-static void process_bigtk_subelem(struct wlantest *wt, struct wlantest_bss *bss,
-				  struct wlantest_sta *sta,
-				  const u8 *kek, size_t kek_len,
-				  const u8 *bigtk_elem, size_t bigtk_elem_len)
-{
-	u8 bigtk[WPA_BIGTK_MAX_LEN];
-	size_t bigtk_len;
-	u16 keyidx;
-	const u8 *ipn;
-
-	if (!bigtk_elem ||
-	    (bss->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC &&
-	     bss->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 &&
-	     bss->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 &&
-	     bss->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256))
-	    return;
-
-	wpa_hexdump_key(MSG_DEBUG, "FT: Received BIGTK in Reassoc Resp",
-			bigtk_elem, bigtk_elem_len);
-
-	bigtk_len = wpa_cipher_key_len(bss->mgmt_group_cipher);
-	if (bigtk_elem_len != 2 + 6 + 1 + bigtk_len + 8) {
-		add_note(wt, MSG_INFO,
-			 "FT: Invalid BIGTK sub-elem length %zu",
-			 bigtk_elem_len);
-		return;
-	}
-	if (bigtk_elem[8] != bigtk_len) {
-		add_note(wt, MSG_INFO,
-			 "FT: Invalid BIGTK sub-elem Key Length %d",
-			 bigtk_elem[8]);
-		return;
-	}
-
-	if (aes_unwrap(kek, kek_len, bigtk_len / 8, bigtk_elem + 9, bigtk)) {
-		add_note(wt, MSG_INFO,
-			 "FT: AES unwrap failed - could not decrypt BIGTK");
-		return;
-	}
-
-	/* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
-
-	keyidx = WPA_GET_LE16(bigtk_elem);
-
-	wpa_hexdump(MSG_DEBUG, "FT: BIGTK from Reassoc Resp", bigtk, bigtk_len);
-
-	if (keyidx < 6 || keyidx > 7) {
-		add_note(wt, MSG_INFO, "Unexpected BIGTK KeyID %u", keyidx);
-		return;
-	}
-
-	add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", keyidx);
-	wpa_hexdump(MSG_DEBUG, "BIPN", bigtk_elem + 2, 6);
-	wpa_hexdump(MSG_DEBUG, "BIGTK", bigtk, bigtk_len);
-	os_memcpy(bss->igtk[keyidx], bigtk, bigtk_len);
-	bss->igtk_len[keyidx] = bigtk_len;
-	ipn = bigtk_elem + 2;
-	bss->ipn[keyidx][0] = ipn[5];
-	bss->ipn[keyidx][1] = ipn[4];
-	bss->ipn[keyidx][2] = ipn[3];
-	bss->ipn[keyidx][3] = ipn[2];
-	bss->ipn[keyidx][4] = ipn[1];
-	bss->ipn[keyidx][5] = ipn[0];
-	bss->bigtk_idx = keyidx;
-}
-
-
-static void rx_mgmt_reassoc_resp(struct wlantest *wt, const u8 *data,
-				 size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u16 capab, status, aid;
-	const u8 *ies;
-	size_t ies_len;
-	struct ieee802_11_elems elems;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	sta = sta_get(bss, mgmt->da);
-	if (sta == NULL)
-		return;
-
-	if (len < 24 + 6) {
-		add_note(wt, MSG_INFO, "Too short Reassociation Response frame "
-			 "from " MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	ies = mgmt->u.reassoc_resp.variable;
-	ies_len = len - (mgmt->u.reassoc_resp.variable - data);
-
-	capab = le_to_host16(mgmt->u.reassoc_resp.capab_info);
-	status = le_to_host16(mgmt->u.reassoc_resp.status_code);
-	aid = le_to_host16(mgmt->u.reassoc_resp.aid);
-
-	wpa_printf(MSG_DEBUG, "REASSOCRESP " MACSTR " -> " MACSTR
-		   " (capab=0x%x status=%u aid=%u)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), capab, status,
-		   aid & 0x3fff);
-
-	if (sta->auth_alg == WLAN_AUTH_FILS_SK) {
-		const u8 *session, *frame_ad, *frame_ad_end, *encr_end;
-
-		session = get_fils_session(ies, ies_len);
-		if (session) {
-			frame_ad = (const u8 *)
-				&mgmt->u.reassoc_resp.capab_info;
-			frame_ad_end = session + 2 + session[1];
-			encr_end = data + len;
-			decrypt_fils_assoc_resp(wt, bss, sta, data, frame_ad,
-						frame_ad_end, encr_end);
-			ies_len = session - ies;
-		}
-	}
-
-	if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) == ParseFailed) {
-		add_note(wt, MSG_INFO,
-			 "Failed to parse IEs in ReassocResp from " MACSTR,
-			 MAC2STR(mgmt->sa));
-	}
-
-	if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
-		if (!elems.timeout_int ||
-		    elems.timeout_int[0] != WLAN_TIMEOUT_ASSOC_COMEBACK) {
-			add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
-				 "with Assoc Comeback time in ReassocResp "
-				 "(status=30) from " MACSTR,
-				 MAC2STR(mgmt->sa));
-		} else {
-			sta->counters[
-				WLANTEST_STA_COUNTER_REASSOCRESP_COMEBACK]++;
-		}
-	}
-
-	if (status)
-		return;
-
-	if ((aid & 0xc000) != 0xc000) {
-		add_note(wt, MSG_DEBUG, "Two MSBs of the AID were not set to 1 "
-			 "in Reassociation Response from " MACSTR,
-			 MAC2STR(mgmt->sa));
-	}
-	sta->aid = aid & 0xc000;
-
-	if (sta->state < STATE2 && !sta->ft_over_ds) {
-		add_note(wt, MSG_DEBUG,
-			 "STA " MACSTR " was not in State 2 when "
-			 "getting associated", MAC2STR(sta->addr));
-	}
-
-	if (sta->state < STATE3) {
-		add_note(wt, MSG_DEBUG, "STA " MACSTR
-			 " moved to State 3 with " MACSTR,
-			 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-		sta->state = STATE3;
-	}
-
-	if (elems.ftie) {
-		struct wpa_ft_ies parse;
-		int use_sha384;
-		struct rsn_mdie *mde;
-		const u8 *anonce, *snonce, *fte_mic;
-		u8 fte_elem_count;
-		unsigned int count;
-		u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
-		size_t mic_len = 16;
-		const u8 *kck, *kek;
-		size_t kck_len, kek_len;
-
-		use_sha384 = wpa_key_mgmt_sha384(sta->key_mgmt);
-
-		if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) {
-			add_note(wt, MSG_INFO, "FT: Failed to parse FT IEs");
-			return;
-		}
-
-		if (!parse.rsn) {
-			add_note(wt, MSG_INFO, "FT: No RSNE in Reassoc Resp");
-			return;
-		}
-
-		if (!parse.rsn_pmkid) {
-			add_note(wt, MSG_INFO, "FT: No PMKID in RSNE");
-			return;
-		}
-
-		if (os_memcmp_const(parse.rsn_pmkid, sta->pmk_r1_name,
-				    WPA_PMK_NAME_LEN) != 0) {
-			add_note(wt, MSG_INFO,
-				 "FT: PMKID in Reassoc Resp did not match PMKR1Name");
-			wpa_hexdump(MSG_DEBUG,
-				    "FT: Received RSNE[PMKR1Name]",
-				    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
-			wpa_hexdump(MSG_DEBUG,
-				    "FT: Previously derived PMKR1Name",
-				    sta->pmk_r1_name, WPA_PMK_NAME_LEN);
-			return;
-		}
-
-		mde = (struct rsn_mdie *) parse.mdie;
-		if (!mde || parse.mdie_len < sizeof(*mde) ||
-		    os_memcmp(mde->mobility_domain, bss->mdid,
-			      MOBILITY_DOMAIN_ID_LEN) != 0) {
-			add_note(wt, MSG_INFO, "FT: Invalid MDE");
-		}
-
-		if (use_sha384) {
-			struct rsn_ftie_sha384 *fte;
-
-			fte = (struct rsn_ftie_sha384 *) parse.ftie;
-			if (!fte || parse.ftie_len < sizeof(*fte)) {
-				add_note(wt, MSG_INFO, "FT: Invalid FTE");
-				return;
-			}
-
-			anonce = fte->anonce;
-			snonce = fte->snonce;
-			fte_elem_count = fte->mic_control[1];
-			fte_mic = fte->mic;
-		} else {
-			struct rsn_ftie *fte;
-
-			fte = (struct rsn_ftie *) parse.ftie;
-			if (!fte || parse.ftie_len < sizeof(*fte)) {
-				add_note(wt, MSG_INFO, "FT: Invalid FTIE");
-				return;
-			}
-
-			anonce = fte->anonce;
-			snonce = fte->snonce;
-			fte_elem_count = fte->mic_control[1];
-			fte_mic = fte->mic;
-		}
-
-		if (os_memcmp(snonce, sta->snonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "FT: SNonce mismatch in FTIE");
-			wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
-				    snonce, WPA_NONCE_LEN);
-			wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
-				    sta->snonce, WPA_NONCE_LEN);
-			return;
-		}
-
-		if (os_memcmp(anonce, sta->anonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "FT: ANonce mismatch in FTIE");
-			wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
-				    anonce, WPA_NONCE_LEN);
-			wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
-				    sta->anonce, WPA_NONCE_LEN);
-			return;
-		}
-
-		if (!parse.r0kh_id) {
-			add_note(wt, MSG_INFO, "FT: No R0KH-ID subelem in FTE");
-			return;
-		}
-
-		if (parse.r0kh_id_len != bss->r0kh_id_len ||
-		    os_memcmp_const(parse.r0kh_id, bss->r0kh_id,
-				    parse.r0kh_id_len) != 0) {
-			add_note(wt, MSG_INFO,
-				 "FT: R0KH-ID in FTE did not match the current R0KH-ID");
-			wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
-				    parse.r0kh_id, parse.r0kh_id_len);
-			wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
-				    bss->r0kh_id, bss->r0kh_id_len);
-			os_memcpy(bss->r0kh_id, parse.r0kh_id,
-				  parse.r0kh_id_len);
-			bss->r0kh_id_len = parse.r0kh_id_len;
-		}
-
-		if (!parse.r1kh_id) {
-			add_note(wt, MSG_INFO, "FT: No R1KH-ID subelem in FTE");
-			return;
-		}
-
-		if (os_memcmp_const(parse.r1kh_id, bss->r1kh_id,
-				    FT_R1KH_ID_LEN) != 0) {
-			add_note(wt, MSG_INFO,
-				 "FT: Unknown R1KH-ID used in ReassocResp");
-			os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
-		}
-
-		count = 3;
-		if (parse.ric)
-			count += ieee802_11_ie_count(parse.ric, parse.ric_len);
-		if (parse.rsnxe)
-			count++;
-		if (fte_elem_count != count) {
-			add_note(wt, MSG_INFO,
-				 "FT: Unexpected IE count in MIC Control: received %u expected %u",
-				 fte_elem_count, count);
-			return;
-		}
-
-		if (wpa_key_mgmt_fils(sta->key_mgmt)) {
-			kck = sta->ptk.kck2;
-			kck_len = sta->ptk.kck2_len;
-			kek = sta->ptk.kek2;
-			kek_len = sta->ptk.kek2_len;
-		} else {
-			kck = sta->ptk.kck;
-			kck_len = sta->ptk.kck_len;
-			kek = sta->ptk.kek;
-			kek_len = sta->ptk.kek_len;
-		}
-		if (wpa_ft_mic(kck, kck_len, sta->addr, bss->bssid, 6,
-			       parse.mdie - 2, parse.mdie_len + 2,
-			       parse.ftie - 2, parse.ftie_len + 2,
-			       parse.rsn - 2, parse.rsn_len + 2,
-			       parse.ric, parse.ric_len,
-			       parse.rsnxe ? parse.rsnxe - 2 : NULL,
-			       parse.rsnxe ? parse.rsnxe_len + 2 : 0,
-			       mic) < 0) {
-			add_note(wt, MSG_INFO, "FT: Failed to calculate MIC");
-			return;
-		}
-
-		if (os_memcmp_const(mic, fte_mic, mic_len) != 0) {
-			add_note(wt, MSG_INFO, "FT: Invalid MIC in FTE");
-			wpa_printf(MSG_DEBUG,
-				   "FT: addr=" MACSTR " auth_addr=" MACSTR,
-				   MAC2STR(sta->addr),
-				   MAC2STR(bss->bssid));
-			wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
-				    fte_mic, mic_len);
-			wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC",
-				    mic, mic_len);
-			wpa_hexdump(MSG_MSGDUMP, "FT: MDE",
-				    parse.mdie - 2, parse.mdie_len + 2);
-			wpa_hexdump(MSG_MSGDUMP, "FT: FTE",
-				    parse.ftie - 2, parse.ftie_len + 2);
-			wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
-				    parse.rsn - 2, parse.rsn_len + 2);
-			wpa_hexdump(MSG_MSGDUMP, "FT: RSNXE",
-				    parse.rsnxe ? parse.rsnxe - 2 : NULL,
-				    parse.rsnxe ? parse.rsnxe_len + 2 : 0);
-			return;
-		}
-
-		add_note(wt, MSG_INFO, "FT: Valid FTE MIC");
-
-		if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sta->key_mgmt),
-				       bss->rsnie, 2 + bss->rsnie[1],
-				       parse.rsn - 2, parse.rsn_len + 2)) {
-			add_note(wt, MSG_INFO,
-				 "FT: RSNE mismatch between Beacon/ProbeResp and FT protocol Reassociation Response frame");
-			wpa_hexdump(MSG_INFO, "RSNE in Beacon/ProbeResp",
-				    &bss->rsnie[2], bss->rsnie[1]);
-			wpa_hexdump(MSG_INFO,
-				    "RSNE in FT protocol Reassociation Response frame",
-				    parse.rsn ? parse.rsn - 2 : NULL,
-				    parse.rsn ? parse.rsn_len + 2 : 0);
-		}
-
-		process_gtk_subelem(wt, bss, sta, kek, kek_len,
-				    parse.gtk, parse.gtk_len);
-		process_igtk_subelem(wt, bss, sta, kek, kek_len,
-				     parse.igtk, parse.igtk_len);
-		process_bigtk_subelem(wt, bss, sta, kek, kek_len,
-				      parse.bigtk, parse.bigtk_len);
-	}
-}
-
-
-static void disassoc_all_stas(struct wlantest *wt, struct wlantest_bss *bss)
-{
-	struct wlantest_sta *sta;
-	dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
-		if (sta->state <= STATE2)
-			continue;
-		add_note(wt, MSG_DEBUG, "STA " MACSTR
-			 " moved to State 2 with " MACSTR,
-			 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-		sta->state = STATE2;
-	}
-}
-
-
-static void rx_mgmt_disassoc(struct wlantest *wt, const u8 *data, size_t len,
-			     int valid)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	u16 fc, reason;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->da);
-	else
-		sta = sta_get(bss, mgmt->sa);
-
-	if (len < 24 + 2) {
-		add_note(wt, MSG_INFO, "Too short Disassociation frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	reason = le_to_host16(mgmt->u.disassoc.reason_code);
-	wpa_printf(MSG_DEBUG, "DISASSOC " MACSTR " -> " MACSTR
-		   " (reason=%u) (valid=%d)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
-		   reason, valid);
-	wpa_hexdump(MSG_MSGDUMP, "DISASSOC payload", data + 24, len - 24);
-
-	if (sta == NULL) {
-		if (valid && mgmt->da[0] == 0xff)
-			disassoc_all_stas(wt, bss);
-		return;
-	}
-
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
-		sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DISASSOC_RX :
-			      WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX]++;
-		if (sta->pwrmgt && !sta->pspoll)
-			sta->counters[
-				WLANTEST_STA_COUNTER_DISASSOC_RX_ASLEEP]++;
-		else
-			sta->counters[
-				WLANTEST_STA_COUNTER_DISASSOC_RX_AWAKE]++;
-
-		fc = le_to_host16(mgmt->frame_control);
-		if (!(fc & WLAN_FC_ISWEP) && reason == 6)
-			sta->counters[WLANTEST_STA_COUNTER_DISASSOC_RX_RC6]++;
-		else if (!(fc & WLAN_FC_ISWEP) && reason == 7)
-			sta->counters[WLANTEST_STA_COUNTER_DISASSOC_RX_RC7]++;
-	} else
-		sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DISASSOC_TX :
-			      WLANTEST_STA_COUNTER_INVALID_DISASSOC_TX]++;
-
-	if (!valid) {
-		add_note(wt, MSG_INFO, "Do not change STA " MACSTR " State "
-			 "since Disassociation frame was not protected "
-			 "correctly", MAC2STR(sta->addr));
-		return;
-	}
-
-	if (sta->state < STATE2) {
-		add_note(wt, MSG_DEBUG,
-			 "STA " MACSTR " was not in State 2 or 3 "
-			 "when getting disassociated", MAC2STR(sta->addr));
-	}
-
-	if (sta->state > STATE2) {
-		add_note(wt, MSG_DEBUG, "STA " MACSTR
-			 " moved to State 2 with " MACSTR,
-			 MAC2STR(sta->addr), MAC2STR(bss->bssid));
-		sta->state = STATE2;
-	}
-	tdls_link_down(wt, bss, sta);
-}
-
-
-static void rx_mgmt_action_ft_request(struct wlantest *wt,
-				      const struct ieee80211_mgmt *mgmt,
-				      size_t len)
-{
-	const u8 *ies;
-	size_t ies_len;
-	struct wpa_ft_ies parse;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	if (len < 24 + 2 + 2 * ETH_ALEN) {
-		add_note(wt, MSG_INFO, "Too short FT Request frame");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "FT Request: STA Address: " MACSTR
-		   " Target AP Address: " MACSTR,
-		   MAC2STR(mgmt->u.action.u.ft_action_req.sta_addr),
-		   MAC2STR(mgmt->u.action.u.ft_action_req.target_ap_addr));
-	ies = mgmt->u.action.u.ft_action_req.variable;
-	ies_len = len - (24 + 2 + 2 * ETH_ALEN);
-	wpa_hexdump(MSG_DEBUG, "FT Request frame body", ies, ies_len);
-
-	if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) {
-		add_note(wt, MSG_INFO, "Could not parse FT Request frame body");
-		return;
-	}
-
-	bss = bss_get(wt, mgmt->u.action.u.ft_action_resp.target_ap_addr);
-	if (!bss) {
-		add_note(wt, MSG_INFO, "No BSS entry for Target AP");
-		return;
-	}
-
-	sta = sta_get(bss, mgmt->sa);
-	if (!sta)
-		return;
-
-	sta->ft_over_ds = true;
-	sta->key_mgmt = parse.key_mgmt;
-	sta->pairwise_cipher = parse.pairwise_cipher;
-}
-
-
-static void rx_mgmt_action_ft_response(struct wlantest *wt,
-				       struct wlantest_sta *sta,
-				       const struct ieee80211_mgmt *mgmt,
-				       size_t len)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *new_sta;
-	const u8 *ies;
-	size_t ies_len;
-	struct wpa_ft_ies parse;
-	struct wpa_ptk ptk;
-	u8 ptk_name[WPA_PMK_NAME_LEN];
-
-	if (len < 24 + 2 + 2 * ETH_ALEN + 2) {
-		add_note(wt, MSG_INFO, "Too short FT Response frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "FT Response: STA Address: " MACSTR
-		   " Target AP Address: " MACSTR " Status Code: %u",
-		   MAC2STR(mgmt->u.action.u.ft_action_resp.sta_addr),
-		   MAC2STR(mgmt->u.action.u.ft_action_resp.target_ap_addr),
-		   le_to_host16(mgmt->u.action.u.ft_action_resp.status_code));
-	ies = mgmt->u.action.u.ft_action_req.variable;
-	ies_len = len - (24 + 2 + 2 * ETH_ALEN);
-	wpa_hexdump(MSG_DEBUG, "FT Response frame body", ies, ies_len);
-
-	if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) {
-		add_note(wt, MSG_INFO,
-			 "Could not parse FT Response frame body");
-		return;
-	}
-
-	bss = bss_get(wt, mgmt->u.action.u.ft_action_resp.target_ap_addr);
-	if (!bss) {
-		add_note(wt, MSG_INFO, "No BSS entry for Target AP");
-		return;
-	}
-
-	if (parse.r1kh_id)
-		os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
-
-	if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len, sta->pmk_r0_name,
-			      bss->r1kh_id, sta->addr, sta->pmk_r1,
-			      sta->pmk_r1_name) < 0)
-		return;
-	sta->pmk_r1_len = sta->pmk_r0_len;
-
-	new_sta = sta_get(bss, sta->addr);
-	if (!new_sta)
-		return;
-	os_memcpy(new_sta->pmk_r0, sta->pmk_r0, sta->pmk_r0_len);
-	new_sta->pmk_r0_len = sta->pmk_r0_len;
-	os_memcpy(new_sta->pmk_r0_name, sta->pmk_r0_name,
-		  sizeof(sta->pmk_r0_name));
-	os_memcpy(new_sta->pmk_r1, sta->pmk_r1, sta->pmk_r1_len);
-	new_sta->pmk_r1_len = sta->pmk_r1_len;
-	os_memcpy(new_sta->pmk_r1_name, sta->pmk_r1_name,
-		  sizeof(sta->pmk_r1_name));
-	if (!parse.fte_anonce || !parse.fte_snonce ||
-	    wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len, parse.fte_snonce,
-			      parse.fte_anonce, new_sta->addr, bss->bssid,
-			      sta->pmk_r1_name, &ptk, ptk_name,
-			      new_sta->key_mgmt, new_sta->pairwise_cipher,
-			      0) < 0)
-		return;
-
-	add_note(wt, MSG_DEBUG, "Derived new PTK");
-	os_memcpy(&new_sta->ptk, &ptk, sizeof(ptk));
-	new_sta->ptk_set = 1;
-	os_memset(new_sta->rsc_tods, 0, sizeof(new_sta->rsc_tods));
-	os_memset(new_sta->rsc_fromds, 0, sizeof(new_sta->rsc_fromds));
-	os_memcpy(new_sta->snonce, parse.fte_snonce, WPA_NONCE_LEN);
-	os_memcpy(new_sta->anonce, parse.fte_anonce, WPA_NONCE_LEN);
-}
-
-
-static void rx_mgmt_action_ft(struct wlantest *wt, struct wlantest_sta *sta,
-			      const struct ieee80211_mgmt *mgmt,
-			      size_t len, int valid)
-{
-	if (len < 24 + 2) {
-		add_note(wt, MSG_INFO, "Too short FT Action frame from " MACSTR,
-			 MAC2STR(mgmt->sa));
-		return;
-	}
-
-	switch (mgmt->u.action.u.ft_action_req.action) {
-	case 1:
-		rx_mgmt_action_ft_request(wt, mgmt, len);
-		break;
-	case 2:
-		rx_mgmt_action_ft_response(wt, sta, mgmt, len);
-		break;
-	default:
-		add_note(wt, MSG_INFO, "Unsupported FT action value %u from "
-			 MACSTR, mgmt->u.action.u.ft_action_req.action,
-			 MAC2STR(mgmt->sa));
-	}
-}
-
-
-static void rx_mgmt_action_sa_query_req(struct wlantest *wt,
-					struct wlantest_sta *sta,
-					const struct ieee80211_mgmt *mgmt,
-					size_t len, int valid)
-{
-	const u8 *rx_id;
-	u8 *id;
-
-	rx_id = (const u8 *) mgmt->u.action.u.sa_query_req.trans_id;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		id = sta->ap_sa_query_tr;
-	else
-		id = sta->sta_sa_query_tr;
-	add_note(wt, MSG_INFO, "SA Query Request " MACSTR " -> " MACSTR
-		 " (trans_id=%02x%02x)%s",
-		 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), rx_id[0], rx_id[1],
-		 valid ? "" : " (invalid protection)");
-	os_memcpy(id, mgmt->u.action.u.sa_query_req.trans_id, 2);
-	if (os_memcmp(mgmt->sa, sta->addr, ETH_ALEN) == 0)
-		sta->counters[valid ?
-			      WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_TX :
-			      WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_TX]++;
-	else
-		sta->counters[valid ?
-			      WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_RX :
-			      WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_RX]++;
-}
-
-
-static void rx_mgmt_action_sa_query_resp(struct wlantest *wt,
-					 struct wlantest_sta *sta,
-					 const struct ieee80211_mgmt *mgmt,
-					 size_t len, int valid)
-{
-	const u8 *rx_id;
-	u8 *id;
-	int match;
-
-	rx_id = (const u8 *) mgmt->u.action.u.sa_query_resp.trans_id;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		id = sta->sta_sa_query_tr;
-	else
-		id = sta->ap_sa_query_tr;
-	match = os_memcmp(rx_id, id, 2) == 0;
-	add_note(wt, MSG_INFO, "SA Query Response " MACSTR " -> " MACSTR
-		 " (trans_id=%02x%02x; %s)%s",
-		 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), rx_id[0], rx_id[1],
-		 match ? "match" : "mismatch",
-		 valid ? "" : " (invalid protection)");
-	if (os_memcmp(mgmt->sa, sta->addr, ETH_ALEN) == 0)
-		sta->counters[(valid && match) ?
-			      WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_TX :
-			      WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_TX]++;
-	else
-		sta->counters[(valid && match) ?
-			      WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_RX :
-			      WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_RX]++;
-}
-
-
-static void rx_mgmt_action_sa_query(struct wlantest *wt,
-				    struct wlantest_sta *sta,
-				    const struct ieee80211_mgmt *mgmt,
-				    size_t len, int valid)
-{
-	if (len < 24 + 2 + WLAN_SA_QUERY_TR_ID_LEN) {
-		add_note(wt, MSG_INFO, "Too short SA Query frame from " MACSTR,
-			 MAC2STR(mgmt->sa));
-		return;
-	}
-
-	if (len > 24 + 2 + WLAN_SA_QUERY_TR_ID_LEN) {
-		size_t elen = len - (24 + 2 + WLAN_SA_QUERY_TR_ID_LEN);
-		add_note(wt, MSG_INFO, "Unexpected %u octets of extra data at "
-			 "the end of SA Query frame from " MACSTR,
-			 (unsigned) elen, MAC2STR(mgmt->sa));
-		wpa_hexdump(MSG_INFO, "SA Query extra data",
-			    ((const u8 *) mgmt) + len - elen, elen);
-	}
-
-	switch (mgmt->u.action.u.sa_query_req.action) {
-	case WLAN_SA_QUERY_REQUEST:
-		rx_mgmt_action_sa_query_req(wt, sta, mgmt, len, valid);
-		break;
-	case WLAN_SA_QUERY_RESPONSE:
-		rx_mgmt_action_sa_query_resp(wt, sta, mgmt, len, valid);
-		break;
-	default:
-		add_note(wt, MSG_INFO, "Unexpected SA Query action value %u "
-			 "from " MACSTR,
-			 mgmt->u.action.u.sa_query_req.action,
-			 MAC2STR(mgmt->sa));
-	}
-}
-
-
-static void
-rx_mgmt_location_measurement_report(struct wlantest *wt,
-				    const struct ieee80211_mgmt *mgmt,
-				    size_t len, bool no_ack)
-{
-	const u8 *pos = mgmt->u.action.u.public_action.variable;
-	const u8 *end = ((const u8 *) mgmt) + len;
-
-	if (end - pos < 1) {
-		add_note(wt, MSG_INFO,
-			 "Too short Location Measurement Report frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "Location Measurement Report " MACSTR " --> "
-		   MACSTR " (dialog token %u)",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), *pos);
-	pos++;
-
-	if (!no_ack)
-		add_note(wt, MSG_INFO,
-			 "Protected Fine Timing Measurement Report incorrectly as an Action frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-
-	wpa_hexdump(MSG_MSGDUMP, "Location Measurement Report contents",
-		    pos, end - pos);
-}
-
-
-static void rx_mgmt_action_no_bss_public(struct wlantest *wt,
-					 const struct ieee80211_mgmt *mgmt,
-					 size_t len, bool no_ack)
-{
-	switch (mgmt->u.action.u.public_action.action) {
-	case WLAN_PA_LOCATION_MEASUREMENT_REPORT:
-		rx_mgmt_location_measurement_report(wt, mgmt, len, no_ack);
-		break;
-	}
-}
-
-
-static void rx_mgmt_prot_ftm_request(struct wlantest *wt,
-				     const struct ieee80211_mgmt *mgmt,
-				     size_t len, bool no_ack)
-{
-	wpa_printf(MSG_DEBUG, "Protected Fine Timing Measurement Request "
-		   MACSTR " --> " MACSTR,
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
-	if (no_ack)
-		add_note(wt, MSG_INFO,
-			 "Protected Fine Timing Measurement Request incorrectly as an Action No Ack frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-}
-
-
-static void rx_mgmt_prot_ftm(struct wlantest *wt,
-			     const struct ieee80211_mgmt *mgmt,
-			     size_t len, bool no_ack)
-{
-	wpa_printf(MSG_DEBUG, "Protected Fine Timing Measurement "
-		   MACSTR " --> " MACSTR,
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
-	if (no_ack)
-		add_note(wt, MSG_INFO,
-			 "Protected Fine Timing Measurement incorrectly as an Action No Ack frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-}
-
-
-static void rx_mgmt_prot_ftm_report(struct wlantest *wt,
-				     const struct ieee80211_mgmt *mgmt,
-				     size_t len, bool no_ack)
-{
-	wpa_printf(MSG_DEBUG, "Protected Fine Timing Measurement Report "
-		   MACSTR " --> " MACSTR,
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
-	if (!no_ack)
-		add_note(wt, MSG_INFO,
-			 "Protected Fine Timing Measurement Report incorrectly as an Action frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-}
-
-
-static void
-rx_mgmt_action_no_bss_protected_ftm(struct wlantest *wt,
-				    const struct ieee80211_mgmt *mgmt,
-				    size_t len, bool no_ack)
-{
-	switch (mgmt->u.action.u.public_action.action) {
-	case WLAN_PROT_FTM_REQUEST:
-		rx_mgmt_prot_ftm_request(wt, mgmt, len, no_ack);
-		break;
-	case WLAN_PROT_FTM:
-		rx_mgmt_prot_ftm(wt, mgmt, len, no_ack);
-		break;
-	case WLAN_PROT_FTM_REPORT:
-		rx_mgmt_prot_ftm_report(wt, mgmt, len, no_ack);
-		break;
-	}
-}
-
-
-static void rx_mgmt_action_no_bss(struct wlantest *wt,
-				  const struct ieee80211_mgmt *mgmt, size_t len,
-				  bool no_ack)
-{
-	switch (mgmt->u.action.category) {
-	case WLAN_ACTION_PUBLIC:
-		rx_mgmt_action_no_bss_public(wt, mgmt, len, no_ack);
-		break;
-	case WLAN_ACTION_PROTECTED_FTM:
-		rx_mgmt_action_no_bss_protected_ftm(wt, mgmt, len, no_ack);
-		break;
-	}
-}
-
-
-static void rx_mgmt_action(struct wlantest *wt, const u8 *data, size_t len,
-			   int valid, bool no_ack)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	if (mgmt->da[0] & 0x01) {
-		add_note(wt, MSG_DEBUG, "Group addressed Action frame: DA="
-			 MACSTR " SA=" MACSTR " BSSID=" MACSTR
-			 " category=%u",
-			 MAC2STR(mgmt->da), MAC2STR(mgmt->sa),
-			 MAC2STR(mgmt->bssid), mgmt->u.action.category);
-		return; /* Ignore group addressed Action frames for now */
-	}
-
-	if (len < 24 + 2) {
-		add_note(wt, MSG_INFO, "Too short Action frame from " MACSTR,
-			 MAC2STR(mgmt->sa));
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "ACTION%s " MACSTR " -> " MACSTR
-		   " BSSID=" MACSTR " (category=%u) (valid=%d)",
-		   no_ack ? "-NO-ACK" : "",
-		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), MAC2STR(mgmt->bssid),
-		   mgmt->u.action.category, valid);
-	wpa_hexdump(MSG_MSGDUMP, "ACTION payload", data + 24, len - 24);
-
-	if (is_broadcast_ether_addr(mgmt->bssid)) {
-		rx_mgmt_action_no_bss(wt, mgmt, len, no_ack);
-		return;
-	}
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->da);
-	else
-		sta = sta_get(bss, mgmt->sa);
-	if (sta == NULL)
-		return;
-
-	if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
-	    sta->state < STATE3) {
-		add_note(wt, MSG_INFO, "Action frame sent when STA is not in "
-			 "State 3 (SA=" MACSTR " DATA=" MACSTR ")",
-			 MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
-	}
-
-	switch (mgmt->u.action.category) {
-	case WLAN_ACTION_FT:
-		rx_mgmt_action_ft(wt, sta, mgmt, len, valid);
-		break;
-	case WLAN_ACTION_SA_QUERY:
-		rx_mgmt_action_sa_query(wt, sta, mgmt, len, valid);
-		break;
-	}
-}
-
-
-static int check_mmie_mic(unsigned int mgmt_group_cipher,
-			  const u8 *igtk, size_t igtk_len,
-			  const u8 *data, size_t len)
-{
-	u8 *buf;
-	u8 mic[16];
-	u16 fc;
-	const struct ieee80211_hdr *hdr;
-	int ret, mic_len;
-
-	if (!mgmt_group_cipher || igtk_len < 16)
-		return -1;
-	mic_len = mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC ? 8 : 16;
-
-	if (len < 24 || len - 24 < mic_len)
-		return -1;
-
-	buf = os_malloc(len + 20 - 24);
-	if (buf == NULL)
-		return -1;
-
-	/* BIP AAD: FC(masked) A1 A2 A3 */
-	hdr = (const struct ieee80211_hdr *) data;
-	fc = le_to_host16(hdr->frame_control);
-	fc &= ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT | WLAN_FC_MOREDATA);
-	WPA_PUT_LE16(buf, fc);
-	os_memcpy(buf + 2, hdr->addr1, 3 * ETH_ALEN);
-
-	/* Frame body with MMIE MIC masked to zero */
-	os_memcpy(buf + 20, data + 24, len - 24 - mic_len);
-	os_memset(buf + 20 + len - 24 - mic_len, 0, mic_len);
-
-	if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) {
-		/* Timestamp field masked to zero */
-		os_memset(buf + 20, 0, 8);
-	}
-
-	wpa_hexdump(MSG_MSGDUMP, "BIP: AAD|Body(masked)", buf, len + 20 - 24);
-	/* MIC = L(AES-128-CMAC(AAD || Frame Body(masked)), 0, 64) */
-	if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
-		ret = omac1_aes_128(igtk, buf, len + 20 - 24, mic);
-	} else if (mgmt_group_cipher == WPA_CIPHER_BIP_CMAC_256) {
-		ret = omac1_aes_256(igtk, buf, len + 20 - 24, mic);
-	} else if (mgmt_group_cipher == WPA_CIPHER_BIP_GMAC_128 ||
-		 mgmt_group_cipher == WPA_CIPHER_BIP_GMAC_256) {
-		u8 nonce[12], *npos;
-		const u8 *ipn;
-
-		ipn = data + len - mic_len - 6;
-
-		/* Nonce: A2 | IPN */
-		os_memcpy(nonce, hdr->addr2, ETH_ALEN);
-		npos = nonce + ETH_ALEN;
-		*npos++ = ipn[5];
-		*npos++ = ipn[4];
-		*npos++ = ipn[3];
-		*npos++ = ipn[2];
-		*npos++ = ipn[1];
-		*npos++ = ipn[0];
-
-		ret = aes_gmac(igtk, igtk_len, nonce, sizeof(nonce),
-			       buf, len + 20 - 24, mic);
-	} else {
-		ret = -1;
-	}
-	if (ret < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	os_free(buf);
-
-	if (os_memcmp(data + len - mic_len, mic, mic_len) != 0)
-		return -1;
-
-	return 0;
-}
-
-
-static int check_bip(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	u16 fc, stype;
-	const u8 *mmie;
-	u16 keyid;
-	struct wlantest_bss *bss;
-	size_t mic_len;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	fc = le_to_host16(mgmt->frame_control);
-	stype = WLAN_FC_GET_STYPE(fc);
-
-	if (stype == WLAN_FC_STYPE_ACTION ||
-	    stype == WLAN_FC_STYPE_ACTION_NO_ACK) {
-		if (len < 24 + 1)
-			return 0;
-		if (mgmt->u.action.category == WLAN_ACTION_PUBLIC)
-			return 0; /* Not a robust management frame */
-	}
-
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return 0; /* No key known yet */
-
-	mic_len = bss->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC ? 8 : 16;
-
-	if (len < 24 + 10 + mic_len ||
-	    data[len - (10 + mic_len)] != WLAN_EID_MMIE ||
-	    data[len - (10 + mic_len - 1)] != 8 + mic_len) {
-		/* No MMIE */
-		if (bss->rsn_capab & WPA_CAPABILITY_MFPC) {
-			add_note(wt, MSG_INFO, "Robust group-addressed "
-				 "management frame sent without BIP by "
-				 MACSTR, MAC2STR(mgmt->sa));
-			bss->counters[WLANTEST_BSS_COUNTER_MISSING_BIP_MMIE]++;
-			return -1;
-		}
-		return 0;
-	}
-
-	mmie = data + len - (8 + mic_len);
-	keyid = WPA_GET_LE16(mmie);
-	if (keyid & 0xf000) {
-		add_note(wt, MSG_INFO, "MMIE KeyID reserved bits not zero "
-			 "(%04x) from " MACSTR, keyid, MAC2STR(mgmt->sa));
-		keyid &= 0x0fff;
-	}
-	if (keyid < 4 || keyid > 5) {
-		add_note(wt, MSG_INFO, "Unexpected MMIE KeyID %u from " MACSTR,
-			 keyid, MAC2STR(mgmt->sa));
-		bss->counters[WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE]++;
-		return 0;
-	}
-	wpa_printf(MSG_DEBUG, "MMIE KeyID %u", keyid);
-	wpa_hexdump(MSG_MSGDUMP, "MMIE IPN", mmie + 2, 6);
-	wpa_hexdump(MSG_MSGDUMP, "MMIE MIC", mmie + 8, mic_len);
-
-	if (!bss->igtk_len[keyid]) {
-		add_note(wt, MSG_DEBUG, "No IGTK known to validate BIP frame");
-		return 0;
-	}
-
-	if (os_memcmp(mmie + 2, bss->ipn[keyid], 6) <= 0) {
-		add_note(wt, MSG_INFO, "BIP replay detected: SA=" MACSTR,
-			 MAC2STR(mgmt->sa));
-		wpa_hexdump(MSG_INFO, "RX IPN", mmie + 2, 6);
-		wpa_hexdump(MSG_INFO, "Last RX IPN", bss->ipn[keyid], 6);
-	}
-
-	if (check_mmie_mic(bss->mgmt_group_cipher, bss->igtk[keyid],
-			   bss->igtk_len[keyid], data, len) < 0) {
-		add_note(wt, MSG_INFO, "Invalid MMIE MIC in a frame from "
-			 MACSTR, MAC2STR(mgmt->sa));
-		bss->counters[WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE]++;
-		return -1;
-	}
-
-	add_note(wt, MSG_DEBUG, "Valid MMIE MIC");
-	os_memcpy(bss->ipn[keyid], mmie + 2, 6);
-	bss->counters[WLANTEST_BSS_COUNTER_VALID_BIP_MMIE]++;
-
-	if (stype == WLAN_FC_STYPE_DEAUTH)
-		bss->counters[WLANTEST_BSS_COUNTER_BIP_DEAUTH]++;
-	else if (stype == WLAN_FC_STYPE_DISASSOC)
-		bss->counters[WLANTEST_BSS_COUNTER_BIP_DISASSOC]++;
-
-	return 0;
-}
-
-
-static u8 * try_tk(struct wpa_ptk *ptk, const u8 *data, size_t len,
-		   size_t *dlen)
-{
-	const struct ieee80211_hdr *hdr;
-	u8 *decrypted, *frame;
-
-	hdr = (const struct ieee80211_hdr *) data;
-	decrypted = ccmp_decrypt(ptk->tk, hdr, data + 24, len - 24, dlen);
-	if (!decrypted)
-		return NULL;
-
-	frame = os_malloc(24 + *dlen);
-	if (frame) {
-		os_memcpy(frame, data, 24);
-		os_memcpy(frame + 24, decrypted, *dlen);
-		*dlen += 24;
-	}
-	os_free(decrypted);
-	return frame;
-}
-
-
-static u8 * mgmt_ccmp_decrypt_tk(struct wlantest *wt, const u8 *data,
-				 size_t len, size_t *dlen)
-{
-	struct wlantest_ptk *ptk;
-	u8 *decrypted;
-	int prev_level = wpa_debug_level;
-	int keyid;
-
-	keyid = data[24 + 3] >> 6;
-
-	wpa_debug_level = MSG_WARNING;
-	dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
-		decrypted = try_tk(&ptk->ptk, data, len, dlen);
-		if (decrypted) {
-			wpa_debug_level = prev_level;
-			add_note(wt, MSG_DEBUG,
-				 "Found TK match from the list of all known TKs");
-			write_decrypted_note(wt, decrypted, ptk->ptk.tk,
-					     ptk->ptk.tk_len, keyid);
-			return decrypted;
-		}
-	}
-	wpa_debug_level = prev_level;
-
-	return NULL;
-}
-
-
-static u8 * mgmt_ccmp_decrypt(struct wlantest *wt, const u8 *data, size_t len,
-			      size_t *dlen)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-	const struct ieee80211_hdr *hdr;
-	int keyid;
-	u8 *decrypted, *frame = NULL;
-	u8 pn[6], *rsc;
-	u16 fc;
-	u8 mask;
-
-	hdr = (const struct ieee80211_hdr *) data;
-	fc = le_to_host16(hdr->frame_control);
-
-	if (len < 24 + 4)
-		return NULL;
-
-	if (!(data[24 + 3] & 0x20)) {
-		add_note(wt, MSG_INFO, "Expected CCMP frame from " MACSTR
-			 " did not have ExtIV bit set to 1",
-			 MAC2STR(hdr->addr2));
-		return NULL;
-	}
-
-	mask = 0x1f;
-	if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION ||
-	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION_NO_ACK)
-		mask &= ~0x10; /* FTM */
-	if (data[24 + 2] != 0 || (data[24 + 3] & mask) != 0) {
-		add_note(wt, MSG_INFO, "CCMP mgmt frame from " MACSTR " used "
-			 "non-zero reserved bit", MAC2STR(hdr->addr2));
-	}
-
-	keyid = data[24 + 3] >> 6;
-	if (keyid != 0) {
-		add_note(wt, MSG_INFO, "Unexpected non-zero KeyID %d in "
-			 "individually addressed Management frame from "
-			 MACSTR, keyid, MAC2STR(hdr->addr2));
-	}
-
-	bss = bss_get(wt, hdr->addr3);
-	if (bss == NULL)
-		return mgmt_ccmp_decrypt_tk(wt, data, len, dlen);
-	if (os_memcmp(hdr->addr1, hdr->addr3, ETH_ALEN) == 0)
-		sta = sta_get(bss, hdr->addr2);
-	else
-		sta = sta_get(bss, hdr->addr1);
-	if (sta == NULL || !sta->ptk_set) {
-		decrypted = mgmt_ccmp_decrypt_tk(wt, data, len, dlen);
-		if (!decrypted)
-			add_note(wt, MSG_MSGDUMP,
-				 "No PTK known to decrypt the frame");
-		return decrypted;
-	}
-
-	if (os_memcmp(hdr->addr1, hdr->addr3, ETH_ALEN) == 0)
-		rsc = sta->rsc_tods[16];
-	else
-		rsc = sta->rsc_fromds[16];
-
-	ccmp_get_pn(pn, data + 24);
-	if (os_memcmp(pn, rsc, 6) <= 0) {
-		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
-			 " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s",
-			 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-			 MAC2STR(hdr->addr3),
-			 WLAN_GET_SEQ_SEQ(seq_ctrl),
-			 WLAN_GET_SEQ_FRAG(seq_ctrl),
-			 (le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ?
-			 " Retry" : "");
-		wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
-		wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
-	}
-
-	decrypted = ccmp_decrypt(sta->ptk.tk, hdr, data + 24, len - 24, dlen);
-	if (decrypted) {
-		os_memcpy(rsc, pn, 6);
-		frame = os_malloc(24 + *dlen);
-		if (frame) {
-			os_memcpy(frame, data, 24);
-			os_memcpy(frame + 24, decrypted, *dlen);
-			*dlen += 24;
-		}
-	} else {
-		/* Assume the frame was corrupted and there was no FCS to check.
-		 * Allow retry of this particular frame to be processed so that
-		 * it could end up getting decrypted if it was received without
-		 * corruption. */
-		sta->allow_duplicate = 1;
-	}
-
-	os_free(decrypted);
-
-	return frame;
-}
-
-
-static int check_mgmt_ccmp(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt;
-	u16 fc;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	mgmt = (const struct ieee80211_mgmt *) data;
-	fc = le_to_host16(mgmt->frame_control);
-
-	if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION ||
-	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION_NO_ACK) {
-		if (len > 24 &&
-		    mgmt->u.action.category == WLAN_ACTION_PUBLIC)
-			return 0; /* Not a robust management frame */
-	}
-
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return 0;
-	if (os_memcmp(mgmt->da, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->sa);
-	else
-		sta = sta_get(bss, mgmt->da);
-	if (sta == NULL)
-		return 0;
-
-	if ((bss->rsn_capab & WPA_CAPABILITY_MFPC) &&
-	    (sta->rsn_capab & WPA_CAPABILITY_MFPC) &&
-	    (sta->state == STATE3 ||
-	     WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION ||
-	     WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION_NO_ACK)) {
-		add_note(wt, MSG_INFO, "Robust individually-addressed "
-			 "management frame sent without CCMP by "
-			 MACSTR, MAC2STR(mgmt->sa));
-		return -1;
-	}
-
-	return 0;
-}
-
-
-void rx_mgmt(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ieee80211_hdr *hdr;
-	u16 fc, stype;
-	int valid = 1;
-	u8 *decrypted = NULL;
-	size_t dlen;
-
-	if (len < 24)
-		return;
-
-	hdr = (const struct ieee80211_hdr *) data;
-	fc = le_to_host16(hdr->frame_control);
-	wt->rx_mgmt++;
-	stype = WLAN_FC_GET_STYPE(fc);
-
-	if ((hdr->addr1[0] & 0x01) &&
-	    (stype == WLAN_FC_STYPE_DEAUTH ||
-	     stype == WLAN_FC_STYPE_DISASSOC ||
-	     stype == WLAN_FC_STYPE_ACTION ||
-	     stype == WLAN_FC_STYPE_ACTION_NO_ACK)) {
-		if (check_bip(wt, data, len) < 0)
-			valid = 0;
-	}
-
-	wpa_printf((stype == WLAN_FC_STYPE_BEACON ||
-		    stype == WLAN_FC_STYPE_PROBE_RESP ||
-		    stype == WLAN_FC_STYPE_PROBE_REQ) ?
-		   MSG_EXCESSIVE : MSG_MSGDUMP,
-		   "MGMT %s%s%s DA=" MACSTR " SA=" MACSTR " BSSID=" MACSTR,
-		   mgmt_stype(stype),
-		   fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
-		   fc & WLAN_FC_ISWEP ? " Prot" : "",
-		   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-		   MAC2STR(hdr->addr3));
-
-	if ((fc & WLAN_FC_ISWEP) &&
-	    !(hdr->addr1[0] & 0x01) &&
-	    (stype == WLAN_FC_STYPE_DEAUTH ||
-	     stype == WLAN_FC_STYPE_DISASSOC ||
-	     stype == WLAN_FC_STYPE_ACTION ||
-	     stype == WLAN_FC_STYPE_ACTION_NO_ACK)) {
-		decrypted = mgmt_ccmp_decrypt(wt, data, len, &dlen);
-		if (decrypted) {
-			write_pcap_decrypted(wt, decrypted, dlen, NULL, 0);
-			data = decrypted;
-			len = dlen;
-		} else
-			valid = 0;
-	}
-
-	if (!(fc & WLAN_FC_ISWEP) &&
-	    !(hdr->addr1[0] & 0x01) &&
-	    (stype == WLAN_FC_STYPE_DEAUTH ||
-	     stype == WLAN_FC_STYPE_DISASSOC ||
-	     stype == WLAN_FC_STYPE_ACTION ||
-	     stype == WLAN_FC_STYPE_ACTION_NO_ACK)) {
-		if (check_mgmt_ccmp(wt, data, len) < 0)
-			valid = 0;
-	}
-
-	switch (stype) {
-	case WLAN_FC_STYPE_BEACON:
-		rx_mgmt_beacon(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_PROBE_RESP:
-		rx_mgmt_probe_resp(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_AUTH:
-		rx_mgmt_auth(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_DEAUTH:
-		rx_mgmt_deauth(wt, data, len, valid);
-		break;
-	case WLAN_FC_STYPE_ASSOC_REQ:
-		rx_mgmt_assoc_req(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_ASSOC_RESP:
-		rx_mgmt_assoc_resp(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_REASSOC_REQ:
-		rx_mgmt_reassoc_req(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_REASSOC_RESP:
-		rx_mgmt_reassoc_resp(wt, data, len);
-		break;
-	case WLAN_FC_STYPE_DISASSOC:
-		rx_mgmt_disassoc(wt, data, len, valid);
-		break;
-	case WLAN_FC_STYPE_ACTION:
-		rx_mgmt_action(wt, data, len, valid, false);
-		break;
-	case WLAN_FC_STYPE_ACTION_NO_ACK:
-		rx_mgmt_action(wt, data, len, valid, true);
-		break;
-	}
-
-	os_free(decrypted);
-
-	wt->last_mgmt_valid = valid;
-}
-
-
-static void rx_mgmt_deauth_ack(struct wlantest *wt,
-			       const struct ieee80211_hdr *hdr)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	mgmt = (const struct ieee80211_mgmt *) hdr;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->da);
-	else
-		sta = sta_get(bss, mgmt->sa);
-	if (sta == NULL)
-		return;
-
-	add_note(wt, MSG_DEBUG, "DEAUTH from " MACSTR " acknowledged by "
-		 MACSTR, MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
-		int c;
-		c = wt->last_mgmt_valid ?
-			WLANTEST_STA_COUNTER_VALID_DEAUTH_RX_ACK :
-			WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX_ACK;
-		sta->counters[c]++;
-	}
-}
-
-
-static void rx_mgmt_disassoc_ack(struct wlantest *wt,
-				 const struct ieee80211_hdr *hdr)
-{
-	const struct ieee80211_mgmt *mgmt;
-	struct wlantest_bss *bss;
-	struct wlantest_sta *sta;
-
-	mgmt = (const struct ieee80211_mgmt *) hdr;
-	bss = bss_get(wt, mgmt->bssid);
-	if (bss == NULL)
-		return;
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
-		sta = sta_get(bss, mgmt->da);
-	else
-		sta = sta_get(bss, mgmt->sa);
-	if (sta == NULL)
-		return;
-
-	add_note(wt, MSG_DEBUG, "DISASSOC from " MACSTR " acknowledged by "
-		 MACSTR, MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
-	if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
-		int c;
-		c = wt->last_mgmt_valid ?
-			WLANTEST_STA_COUNTER_VALID_DISASSOC_RX_ACK :
-			WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX_ACK;
-		sta->counters[c]++;
-	}
-}
-
-
-void rx_mgmt_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr)
-{
-	u16 fc, stype;
-	fc = le_to_host16(hdr->frame_control);
-	stype = WLAN_FC_GET_STYPE(fc);
-
-	wpa_printf(MSG_MSGDUMP, "MGMT ACK: stype=%u a1=" MACSTR " a2=" MACSTR
-		   " a3=" MACSTR,
-		   stype, MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
-		   MAC2STR(hdr->addr3));
-
-	switch (stype) {
-	case WLAN_FC_STYPE_DEAUTH:
-		rx_mgmt_deauth_ack(wt, hdr);
-		break;
-	case WLAN_FC_STYPE_DISASSOC:
-		rx_mgmt_disassoc_ack(wt, hdr);
-		break;
-	}
-}
diff --git a/wlantest/rx_tdls.c b/wlantest/rx_tdls.c
deleted file mode 100644
index 0c012a931822..000000000000
--- a/wlantest/rx_tdls.c
+++ /dev/null
@@ -1,618 +0,0 @@
-/*
- * Received Data frame processing for TDLS packets
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "crypto/sha256.h"
-#include "crypto/crypto.h"
-#include "crypto/aes_wrap.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "wlantest.h"
-
-
-static struct wlantest_tdls * get_tdls(struct wlantest *wt, const u8 *linkid,
-				       int create_new, const u8 *bssid)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_sta *init, *resp;
-	struct wlantest_tdls *tdls;
-
-	bss = bss_find(wt, linkid);
-	if (bss == NULL && bssid) {
-		bss = bss_find(wt, bssid);
-		if (bss)
-			add_note(wt, MSG_INFO, "TDLS: Incorrect BSSID " MACSTR
-				 " in LinkId?! (init=" MACSTR " resp="
-				 MACSTR ")",
-				 MAC2STR(linkid), MAC2STR(linkid + ETH_ALEN),
-				 MAC2STR(linkid + 2 * ETH_ALEN));
-	}
-	if (bss == NULL)
-		return NULL;
-
-	init = sta_find(bss, linkid + ETH_ALEN);
-	if (init == NULL)
-		return NULL;
-
-	resp = sta_find(bss, linkid + 2 * ETH_ALEN);
-	if (resp == NULL)
-		return NULL;
-
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if (tdls->init == init && tdls->resp == resp)
-			return tdls;
-	}
-
-	if (!create_new)
-		return NULL;
-
-	add_note(wt, MSG_DEBUG, "Add new TDLS link context: initiator " MACSTR
-		 " responder " MACSTR " BSSID " MACSTR,
-		 MAC2STR(linkid + ETH_ALEN),
-		 MAC2STR(linkid + 2 * ETH_ALEN),
-		 MAC2STR(bssid));
-
-	tdls = os_zalloc(sizeof(*tdls));
-	if (tdls == NULL)
-		return NULL;
-	tdls->init = init;
-	tdls->resp = resp;
-	dl_list_add(&bss->tdls, &tdls->list);
-	return tdls;
-}
-
-
-static int tdls_derive_tpk(struct wlantest_tdls *tdls, const u8 *bssid,
-			   const u8 *ftie, u8 ftie_len)
-{
-	const struct rsn_ftie *f;
-	u8 key_input[SHA256_MAC_LEN];
-	const u8 *nonce[2];
-	size_t len[2];
-	u8 data[3 * ETH_ALEN];
-
-	if (ftie == NULL || ftie_len < sizeof(struct rsn_ftie))
-		return 0;
-
-	f = (const struct rsn_ftie *) ftie;
-	wpa_hexdump(MSG_DEBUG, "TDLS ANonce", f->anonce, WPA_NONCE_LEN);
-	wpa_hexdump(MSG_DEBUG, "TDLS SNonce", f->snonce, WPA_NONCE_LEN);
-
-	/*
-	 * IEEE Std 802.11z-2010 8.5.9.1:
-	 * TPK-Key-Input = SHA-256(min(SNonce, ANonce) || max(SNonce, ANonce))
-	 */
-	len[0] = WPA_NONCE_LEN;
-	len[1] = WPA_NONCE_LEN;
-	if (os_memcmp(f->anonce, f->snonce, WPA_NONCE_LEN) < 0) {
-		nonce[0] = f->anonce;
-		nonce[1] = f->snonce;
-	} else {
-		nonce[0] = f->snonce;
-		nonce[1] = f->anonce;
-	}
-	sha256_vector(2, nonce, len, key_input);
-	wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-Key-Input",
-			key_input, SHA256_MAC_LEN);
-
-	/*
-	 * TPK-Key-Data = KDF-N_KEY(TPK-Key-Input, "TDLS PMK",
-	 *	min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID || N_KEY)
-	 * TODO: is N_KEY really included in KDF Context and if so, in which
-	 * presentation format (little endian 16-bit?) is it used? It gets
-	 * added by the KDF anyway..
-	 */
-
-	if (os_memcmp(tdls->init->addr, tdls->resp->addr, ETH_ALEN) < 0) {
-		os_memcpy(data, tdls->init->addr, ETH_ALEN);
-		os_memcpy(data + ETH_ALEN, tdls->resp->addr, ETH_ALEN);
-	} else {
-		os_memcpy(data, tdls->resp->addr, ETH_ALEN);
-		os_memcpy(data + ETH_ALEN, tdls->init->addr, ETH_ALEN);
-	}
-	os_memcpy(data + 2 * ETH_ALEN, bssid, ETH_ALEN);
-	wpa_hexdump(MSG_DEBUG, "TDLS: KDF Context", data, sizeof(data));
-
-	sha256_prf(key_input, SHA256_MAC_LEN, "TDLS PMK", data, sizeof(data),
-		   (u8 *) &tdls->tpk, sizeof(tdls->tpk));
-	wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-KCK",
-			tdls->tpk.kck, sizeof(tdls->tpk.kck));
-	wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-TK",
-			tdls->tpk.tk, sizeof(tdls->tpk.tk));
-
-	return 1;
-}
-
-
-static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
-			   u8 trans_seq, struct ieee802_11_elems *elems)
-{
-	u8 *buf, *pos;
-	int len;
-	u8 mic[16];
-	int ret;
-	const struct rsn_ftie *rx_ftie;
-	struct rsn_ftie *tmp_ftie;
-
-	if (elems->link_id == NULL || elems->rsn_ie == NULL ||
-	    elems->timeout_int == NULL || elems->ftie == NULL ||
-	    elems->ftie_len < sizeof(struct rsn_ftie))
-		return -1;
-
-	len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
-		2 + 5 + 2 + elems->ftie_len;
-
-	buf = os_zalloc(len);
-	if (buf == NULL)
-		return -1;
-
-	pos = buf;
-	/* 1) TDLS initiator STA MAC address */
-	os_memcpy(pos, elems->link_id + ETH_ALEN, ETH_ALEN);
-	pos += ETH_ALEN;
-	/* 2) TDLS responder STA MAC address */
-	os_memcpy(pos, elems->link_id + 2 * ETH_ALEN, ETH_ALEN);
-	pos += ETH_ALEN;
-	/* 3) Transaction Sequence number */
-	*pos++ = trans_seq;
-	/* 4) Link Identifier IE */
-	os_memcpy(pos, elems->link_id - 2, 2 + 18);
-	pos += 2 + 18;
-	/* 5) RSN IE */
-	os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
-	pos += 2 + elems->rsn_ie_len;
-	/* 6) Timeout Interval IE */
-	os_memcpy(pos, elems->timeout_int - 2, 2 + 5);
-	pos += 2 + 5;
-	/* 7) FTIE, with the MIC field of the FTIE set to 0 */
-	os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
-	pos += 2;
-	tmp_ftie = (struct rsn_ftie *) pos;
-	os_memset(tmp_ftie->mic, 0, 16);
-	pos += elems->ftie_len;
-
-	wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
-	wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", tdls->tpk.kck, 16);
-	ret = omac1_aes_128(tdls->tpk.kck, buf, pos - buf, mic);
-	os_free(buf);
-	if (ret)
-		return -1;
-	wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
-	rx_ftie = (const struct rsn_ftie *) elems->ftie;
-
-	if (os_memcmp(mic, rx_ftie->mic, 16) == 0) {
-		add_note(wt, MSG_DEBUG, "TDLS: Valid MIC");
-		return 0;
-	}
-	add_note(wt, MSG_DEBUG, "TDLS: Invalid MIC");
-	return -1;
-}
-
-
-static void rx_data_tdls_setup_request(struct wlantest *wt, const u8 *bssid,
-				       const u8 *sta_addr, const u8 *dst,
-				       const u8 *src,
-				       const u8 *data, size_t len)
-{
-	struct ieee802_11_elems elems;
-	struct wlantest_tdls *tdls;
-	u8 linkid[3 * ETH_ALEN];
-
-	if (len < 3) {
-		add_note(wt, MSG_INFO, "Too short TDLS Setup Request " MACSTR
-			 " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "TDLS Setup Request " MACSTR " -> "
-		   MACSTR, MAC2STR(src), MAC2STR(dst));
-
-	if (ieee802_11_parse_elems(data + 3, len - 3, &elems, 1) ==
-	    ParseFailed || elems.link_id == NULL)
-		return;
-	wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
-		   " initiator STA " MACSTR " responder STA " MACSTR,
-		   MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
-		   MAC2STR(elems.link_id + 2 * ETH_ALEN));
-	tdls = get_tdls(wt, elems.link_id, 1, bssid);
-	if (tdls) {
-		tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_REQ]++;
-		tdls->dialog_token = data[0];
-		if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) {
-			const struct rsn_ftie *f;
-			f = (const struct rsn_ftie *) elems.ftie;
-			os_memcpy(tdls->inonce, f->snonce, WPA_NONCE_LEN);
-		}
-	}
-
-	/* Check whether reverse direction context exists already */
-	os_memcpy(linkid, bssid, ETH_ALEN);
-	os_memcpy(linkid + ETH_ALEN, dst, ETH_ALEN);
-	os_memcpy(linkid + 2 * ETH_ALEN, src, ETH_ALEN);
-	tdls = get_tdls(wt, linkid, 0, bssid);
-	if (tdls)
-		add_note(wt, MSG_INFO, "Reverse direction TDLS context exists");
-}
-
-
-static void rx_data_tdls_setup_response_failure(struct wlantest *wt,
-						const u8 *bssid,
-						const u8 *sta_addr,
-						u8 dialog_token, u16 status)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_tdls *tdls;
-	struct wlantest_sta *sta;
-
-	if (status == WLAN_STATUS_SUCCESS) {
-		add_note(wt, MSG_INFO, "TDLS: Invalid TDLS Setup Response from "
-			 MACSTR, MAC2STR(sta_addr));
-		return;
-	}
-
-	bss = bss_find(wt, bssid);
-	if (!bss)
-		return;
-	sta = sta_find(bss, sta_addr);
-	if (!sta)
-		return;
-
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if (tdls->resp == sta) {
-			if (dialog_token != tdls->dialog_token) {
-				add_note(wt, MSG_DEBUG, "TDLS: Dialog token "
-					 "mismatch in TDLS Setup Response "
-					 "(failure)");
-				break;
-			}
-			add_note(wt, MSG_DEBUG, "TDLS: Found matching TDLS "
-				 "setup session based on dialog token");
-			tdls->counters[
-				WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL]++;
-			break;
-		}
-	}
-}
-
-
-static void rx_data_tdls_setup_response(struct wlantest *wt, const u8 *bssid,
-					const u8 *sta_addr, const u8 *dst,
-					const u8 *src,
-					const u8 *data, size_t len)
-{
-	u16 status;
-	struct ieee802_11_elems elems;
-	struct wlantest_tdls *tdls;
-
-	if (len < 3) {
-		add_note(wt, MSG_INFO, "Too short TDLS Setup Response " MACSTR
-			 " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-	status = WPA_GET_LE16(data);
-	wpa_printf(MSG_DEBUG, "TDLS Setup Response " MACSTR " -> "
-		   MACSTR " (status %d)",
-		   MAC2STR(src), MAC2STR(dst), status);
-	if (len < 5 && status == 0) {
-		add_note(wt, MSG_INFO, "Too short TDLS Setup Response " MACSTR
-			 " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-
-	if (len < 5 ||
-	    ieee802_11_parse_elems(data + 5, len - 5, &elems, 1) ==
-	    ParseFailed || elems.link_id == NULL) {
-		/* Need to match TDLS link based on Dialog Token */
-		rx_data_tdls_setup_response_failure(wt, bssid, sta_addr,
-						    data[2], status);
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
-		   " initiator STA " MACSTR " responder STA " MACSTR,
-		   MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
-		   MAC2STR(elems.link_id + 2 * ETH_ALEN));
-
-	tdls = get_tdls(wt, elems.link_id, 1, bssid);
-	if (!tdls) {
-		add_note(wt, MSG_INFO, "No match TDLS context found");
-		return;
-	}
-	if (status)
-		tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL]++;
-	else
-		tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_RESP_OK]++;
-
-	if (status != WLAN_STATUS_SUCCESS)
-		return;
-
-	if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) {
-		const struct rsn_ftie *f;
-		f = (const struct rsn_ftie *) elems.ftie;
-		if (os_memcmp(tdls->inonce, f->snonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "Mismatch in TDLS initiator "
-				 "nonce");
-		}
-		os_memcpy(tdls->rnonce, f->anonce, WPA_NONCE_LEN);
-	}
-
-	if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1)
-		return;
-	if (tdls_verify_mic(wt, tdls, 2, &elems) == 0) {
-		tdls->dialog_token = data[2];
-		add_note(wt, MSG_DEBUG, "TDLS: Dialog Token for the link: %u",
-			 tdls->dialog_token);
-	}
-}
-
-
-static void rx_data_tdls_setup_confirm_failure(struct wlantest *wt,
-					       const u8 *bssid,
-					       const u8 *src,
-					       u8 dialog_token, u16 status)
-{
-	struct wlantest_bss *bss;
-	struct wlantest_tdls *tdls;
-	struct wlantest_sta *sta;
-
-	if (status == WLAN_STATUS_SUCCESS) {
-		add_note(wt, MSG_INFO, "TDLS: Invalid TDLS Setup Confirm from "
-			 MACSTR, MAC2STR(src));
-		return;
-	}
-
-	bss = bss_find(wt, bssid);
-	if (!bss)
-		return;
-	sta = sta_find(bss, src);
-	if (!sta)
-		return;
-
-	dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
-		if (tdls->init == sta) {
-			if (dialog_token != tdls->dialog_token) {
-				add_note(wt, MSG_DEBUG, "TDLS: Dialog token "
-					 "mismatch in TDLS Setup Confirm "
-					 "(failure)");
-				break;
-			}
-			add_note(wt, MSG_DEBUG, "TDLS: Found matching TDLS "
-				 "setup session based on dialog token");
-			tdls->counters[
-				WLANTEST_TDLS_COUNTER_SETUP_CONF_FAIL]++;
-			break;
-		}
-	}
-}
-
-
-static void rx_data_tdls_setup_confirm(struct wlantest *wt, const u8 *bssid,
-				       const u8 *sta_addr, const u8 *dst,
-				       const u8 *src,
-				       const u8 *data, size_t len)
-{
-	u16 status;
-	struct ieee802_11_elems elems;
-	struct wlantest_tdls *tdls;
-	u8 link_id[3 * ETH_ALEN];
-
-	if (len < 3) {
-		add_note(wt, MSG_INFO, "Too short TDLS Setup Confirm " MACSTR
-			 " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
-		return;
-	}
-	status = WPA_GET_LE16(data);
-	wpa_printf(MSG_DEBUG, "TDLS Setup Confirm " MACSTR " -> "
-		   MACSTR " (status %d)",
-		   MAC2STR(src), MAC2STR(dst), status);
-
-	if (ieee802_11_parse_elems(data + 3, len - 3, &elems, 1) ==
-	    ParseFailed || elems.link_id == NULL) {
-		/* Need to match TDLS link based on Dialog Token */
-		rx_data_tdls_setup_confirm_failure(wt, bssid, src,
-						   data[2], status);
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
-		   " initiator STA " MACSTR " responder STA " MACSTR,
-		   MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
-		   MAC2STR(elems.link_id + 2 * ETH_ALEN));
-
-	tdls = get_tdls(wt, elems.link_id, 1, bssid);
-	if (tdls == NULL)
-		return;
-	if (status)
-		tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_CONF_FAIL]++;
-	else
-		tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_CONF_OK]++;
-
-	if (status != WLAN_STATUS_SUCCESS)
-		return;
-
-	if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) {
-		const struct rsn_ftie *f;
-		f = (const struct rsn_ftie *) elems.ftie;
-		if (os_memcmp(tdls->inonce, f->snonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "Mismatch in TDLS initiator "
-				 "nonce");
-		}
-		if (os_memcmp(tdls->rnonce, f->anonce, WPA_NONCE_LEN) != 0) {
-			add_note(wt, MSG_INFO, "Mismatch in TDLS responder "
-				 "nonce");
-		}
-	}
-
-	tdls->link_up = 1;
-	if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1) {
-		if (elems.ftie == NULL)
-			goto remove_reverse;
-		return;
-	}
-	if (tdls_verify_mic(wt, tdls, 3, &elems) == 0) {
-		tdls->dialog_token = data[2];
-		add_note(wt, MSG_DEBUG, "TDLS: Link up - Dialog Token: %u",
-			 tdls->dialog_token);
-	}
-
-remove_reverse:
-	/*
-	 * The TDLS link itself is bidirectional, but there is explicit
-	 * initiator/responder roles. Remove the other direction of the link
-	 * (if it exists) to make sure that the link counters are stored for
-	 * the current TDLS entery.
-	 */
-	os_memcpy(link_id, elems.link_id, ETH_ALEN);
-	os_memcpy(link_id + ETH_ALEN, elems.link_id + 2 * ETH_ALEN, ETH_ALEN);
-	os_memcpy(link_id + 2 * ETH_ALEN, elems.link_id + ETH_ALEN, ETH_ALEN);
-	tdls = get_tdls(wt, link_id, 0, bssid);
-	if (tdls) {
-		add_note(wt, MSG_DEBUG, "TDLS: Remove reverse link entry");
-		tdls_deinit(tdls);
-	}
-}
-
-
-static int tdls_verify_mic_teardown(struct wlantest *wt,
-				    struct wlantest_tdls *tdls, u8 trans_seq,
-				    const u8 *reason_code,
-				    struct ieee802_11_elems *elems)
-{
-	u8 *buf, *pos;
-	int len;
-	u8 mic[16];
-	int ret;
-	const struct rsn_ftie *rx_ftie;
-	struct rsn_ftie *tmp_ftie;
-
-	if (elems->link_id == NULL || elems->ftie == NULL ||
-	    elems->ftie_len < sizeof(struct rsn_ftie))
-		return -1;
-
-	len = 2 + 18 + 2 + 1 + 1 + 2 + elems->ftie_len;
-
-	buf = os_zalloc(len);
-	if (buf == NULL)
-		return -1;
-
-	pos = buf;
-	/* 1) Link Identifier IE */
-	os_memcpy(pos, elems->link_id - 2, 2 + 18);
-	pos += 2 + 18;
-	/* 2) Reason Code */
-	os_memcpy(pos, reason_code, 2);
-	pos += 2;
-	/* 3) Dialog token */
-	*pos++ = tdls->dialog_token;
-	/* 4) Transaction Sequence number */
-	*pos++ = trans_seq;
-	/* 5) FTIE, with the MIC field of the FTIE set to 0 */
-	os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
-	pos += 2;
-	tmp_ftie = (struct rsn_ftie *) pos;
-	os_memset(tmp_ftie->mic, 0, 16);
-	pos += elems->ftie_len;
-
-	wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
-	wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", tdls->tpk.kck, 16);
-	ret = omac1_aes_128(tdls->tpk.kck, buf, pos - buf, mic);
-	os_free(buf);
-	if (ret)
-		return -1;
-	wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
-	rx_ftie = (const struct rsn_ftie *) elems->ftie;
-
-	if (os_memcmp(mic, rx_ftie->mic, 16) == 0) {
-		add_note(wt, MSG_DEBUG, "TDLS: Valid MIC");
-		return 0;
-	}
-	add_note(wt, MSG_DEBUG, "TDLS: Invalid MIC");
-	return -1;
-}
-
-
-static void rx_data_tdls_teardown(struct wlantest *wt, const u8 *bssid,
-				  const u8 *sta_addr, const u8 *dst,
-				  const u8 *src,
-				  const u8 *data, size_t len)
-{
-	u16 reason;
-	struct ieee802_11_elems elems;
-	struct wlantest_tdls *tdls;
-
-	if (len < 2)
-		return;
-	reason = WPA_GET_LE16(data);
-	wpa_printf(MSG_DEBUG, "TDLS Teardown " MACSTR " -> "
-		   MACSTR " (reason %d)",
-		   MAC2STR(src), MAC2STR(dst), reason);
-
-	if (ieee802_11_parse_elems(data + 2, len - 2, &elems, 1) ==
-	    ParseFailed || elems.link_id == NULL)
-		return;
-	wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
-		   " initiator STA " MACSTR " responder STA " MACSTR,
-		   MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
-		   MAC2STR(elems.link_id + 2 * ETH_ALEN));
-
-	tdls = get_tdls(wt, elems.link_id, 1, bssid);
-	if (tdls) {
-		if (tdls->link_up)
-			add_note(wt, MSG_DEBUG, "TDLS: Link down");
-		tdls->link_up = 0;
-		tdls->counters[WLANTEST_TDLS_COUNTER_TEARDOWN]++;
-		tdls_verify_mic_teardown(wt, tdls, 4, data, &elems);
-	}
-}
-
-
-static void rx_data_tdls(struct wlantest *wt, const u8 *bssid,
-			 const u8 *sta_addr, const u8 *dst, const u8 *src,
-			 const u8 *data, size_t len)
-{
-	/* data contains the payload of a TDLS Action frame */
-	if (len < 2 || data[0] != WLAN_ACTION_TDLS) {
-		wpa_hexdump(MSG_DEBUG, "Unrecognized encapsulated TDLS frame",
-			    data, len);
-		return;
-	}
-
-	switch (data[1]) {
-	case WLAN_TDLS_SETUP_REQUEST:
-		rx_data_tdls_setup_request(wt, bssid, sta_addr, dst, src,
-					   data + 2, len - 2);
-		break;
-	case WLAN_TDLS_SETUP_RESPONSE:
-		rx_data_tdls_setup_response(wt, bssid, sta_addr, dst, src,
-					    data + 2, len - 2);
-		break;
-	case WLAN_TDLS_SETUP_CONFIRM:
-		rx_data_tdls_setup_confirm(wt, bssid, sta_addr, dst, src,
-					   data + 2, len - 2);
-		break;
-	case WLAN_TDLS_TEARDOWN:
-		rx_data_tdls_teardown(wt, bssid, sta_addr, dst, src, data + 2,
-				      len - 2);
-		break;
-	case WLAN_TDLS_DISCOVERY_REQUEST:
-		wpa_printf(MSG_DEBUG, "TDLS Discovery Request " MACSTR " -> "
-			   MACSTR, MAC2STR(src), MAC2STR(dst));
-		break;
-	}
-}
-
-
-void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid,
-			 const u8 *sta_addr, const u8 *dst, const u8 *src,
-			 const u8 *data, size_t len)
-{
-	wpa_hexdump(MSG_EXCESSIVE, "802.11 data encap frame", data, len);
-	if (len < 1)
-		return;
-	if (data[0] == 0x02)
-		rx_data_tdls(wt, bssid, sta_addr, dst, src, data + 1, len - 1);
-}
diff --git a/wlantest/sta.c b/wlantest/sta.c
deleted file mode 100644
index 02ecb78c3322..000000000000
--- a/wlantest/sta.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * STA list
- * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/defs.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "wlantest.h"
-
-
-struct wlantest_sta * sta_find(struct wlantest_bss *bss, const u8 *addr)
-{
-	struct wlantest_sta *sta;
-
-	dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
-		if (os_memcmp(sta->addr, addr, ETH_ALEN) == 0)
-			return sta;
-	}
-
-	return NULL;
-}
-
-
-struct wlantest_sta * sta_get(struct wlantest_bss *bss, const u8 *addr)
-{
-	struct wlantest_sta *sta;
-
-	if (addr[0] & 0x01)
-		return NULL; /* Skip group addressed frames */
-
-	sta = sta_find(bss, addr);
-	if (sta)
-		return sta;
-
-	sta = os_zalloc(sizeof(*sta));
-	if (sta == NULL)
-		return NULL;
-	os_memset(sta->seq_ctrl_to_sta, 0xff, sizeof(sta->seq_ctrl_to_sta));
-	os_memset(sta->seq_ctrl_to_ap, 0xff, sizeof(sta->seq_ctrl_to_ap));
-	sta->bss = bss;
-	os_memcpy(sta->addr, addr, ETH_ALEN);
-	dl_list_add(&bss->sta, &sta->list);
-	wpa_printf(MSG_DEBUG, "Discovered new STA " MACSTR " in BSS " MACSTR,
-		   MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	return sta;
-}
-
-
-void sta_deinit(struct wlantest_sta *sta)
-{
-	dl_list_del(&sta->list);
-	os_free(sta->assocreq_ies);
-	os_free(sta);
-}
-
-
-void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
-{
-	struct wpa_ie_data data;
-	struct wlantest_bss *bss = sta->bss;
-
-	if (elems->wpa_ie && !bss->wpaie[0] &&
-	    (bss->beacon_seen || bss->proberesp_seen)) {
-		wpa_printf(MSG_INFO, "WPA IE included in Association Request "
-			   "frame from " MACSTR " even though BSS does not "
-			   "use WPA - ignore IE",
-			   MAC2STR(sta->addr));
-		elems->wpa_ie = NULL;
-	}
-
-	if (elems->rsn_ie && !bss->rsnie[0] &&
-	    (bss->beacon_seen || bss->proberesp_seen)) {
-		wpa_printf(MSG_INFO, "RSN IE included in Association Request "
-			   "frame from " MACSTR " even though BSS does not "
-			   "use RSN - ignore IE",
-			   MAC2STR(sta->addr));
-		elems->rsn_ie = NULL;
-	}
-
-	if (elems->osen && !bss->osenie[0] &&
-	    (bss->beacon_seen || bss->proberesp_seen)) {
-		wpa_printf(MSG_INFO, "OSEN IE included in Association Request "
-			   "frame from " MACSTR " even though BSS does not "
-			   "use OSEN - ignore IE",
-			   MAC2STR(sta->addr));
-		elems->osen = NULL;
-	}
-
-	if (elems->wpa_ie && elems->rsn_ie) {
-		wpa_printf(MSG_INFO, "Both WPA IE and RSN IE included in "
-			   "Association Request frame from " MACSTR,
-			   MAC2STR(sta->addr));
-	}
-
-	if (elems->rsn_ie) {
-		wpa_hexdump(MSG_DEBUG, "RSN IE", elems->rsn_ie - 2,
-			    elems->rsn_ie_len + 2);
-		os_memcpy(sta->rsnie, elems->rsn_ie - 2,
-			  elems->rsn_ie_len + 2);
-		if (wpa_parse_wpa_ie_rsn(sta->rsnie, 2 + sta->rsnie[1], &data)
-		    < 0) {
-			wpa_printf(MSG_INFO, "Failed to parse RSN IE from "
-				   MACSTR, MAC2STR(sta->addr));
-		}
-	} else if (elems->wpa_ie) {
-		wpa_hexdump(MSG_DEBUG, "WPA IE", elems->wpa_ie - 2,
-			    elems->wpa_ie_len + 2);
-		os_memcpy(sta->rsnie, elems->wpa_ie - 2,
-			  elems->wpa_ie_len + 2);
-		if (wpa_parse_wpa_ie_wpa(sta->rsnie, 2 + sta->rsnie[1], &data)
-		    < 0) {
-			wpa_printf(MSG_INFO, "Failed to parse WPA IE from "
-				   MACSTR, MAC2STR(sta->addr));
-		}
-	} else if (elems->osen) {
-		wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
-			    elems->osen_len + 2);
-		os_memcpy(sta->osenie, elems->osen - 2, elems->osen_len + 2);
-		sta->proto = WPA_PROTO_OSEN;
-		sta->pairwise_cipher = WPA_CIPHER_CCMP;
-		sta->key_mgmt = WPA_KEY_MGMT_OSEN;
-		sta->rsn_capab = 0;
-		goto skip_rsn_wpa;
-	} else {
-		sta->rsnie[0] = 0;
-		sta->proto = 0;
-		sta->pairwise_cipher = 0;
-		sta->key_mgmt = 0;
-		sta->rsn_capab = 0;
-		if (sta->assocreq_capab_info & WLAN_CAPABILITY_PRIVACY)
-			sta->pairwise_cipher = WPA_CIPHER_WEP40;
-		goto skip_rsn_wpa;
-	}
-
-	sta->proto = data.proto;
-	sta->pairwise_cipher = data.pairwise_cipher;
-	sta->key_mgmt = data.key_mgmt;
-	sta->rsn_capab = data.capabilities;
-	if (bss->proto && (sta->proto & bss->proto) == 0) {
-		wpa_printf(MSG_INFO, "Mismatch in WPA/WPA2 proto: STA "
-			   MACSTR " 0x%x  BSS " MACSTR " 0x%x",
-			   MAC2STR(sta->addr), sta->proto,
-			   MAC2STR(bss->bssid), bss->proto);
-	}
-	if (bss->pairwise_cipher &&
-	    (sta->pairwise_cipher & bss->pairwise_cipher) == 0) {
-		wpa_printf(MSG_INFO, "Mismatch in pairwise cipher: STA "
-			   MACSTR " 0x%x  BSS " MACSTR " 0x%x",
-			   MAC2STR(sta->addr), sta->pairwise_cipher,
-			   MAC2STR(bss->bssid), bss->pairwise_cipher);
-	}
-	if (sta->proto && data.group_cipher != bss->group_cipher &&
-	    bss->ies_set) {
-		wpa_printf(MSG_INFO, "Mismatch in group cipher: STA "
-			   MACSTR " 0x%x != BSS " MACSTR " 0x%x",
-			   MAC2STR(sta->addr), data.group_cipher,
-			   MAC2STR(bss->bssid), bss->group_cipher);
-	}
-	if ((bss->rsn_capab & WPA_CAPABILITY_MFPR) &&
-	    !(sta->rsn_capab & WPA_CAPABILITY_MFPC)) {
-		wpa_printf(MSG_INFO, "STA " MACSTR " tries to associate "
-			   "without MFP to BSS " MACSTR " that advertises "
-			   "MFPR", MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	}
-	if ((sta->rsn_capab & WPA_CAPABILITY_OCVC) &&
-	    !(sta->rsn_capab & WPA_CAPABILITY_MFPC)) {
-		wpa_printf(MSG_INFO, "STA " MACSTR " tries to associate "
-			   "without MFP to BSS " MACSTR " while supporting "
-			   "OCV", MAC2STR(sta->addr), MAC2STR(bss->bssid));
-	}
-
-skip_rsn_wpa:
-	wpa_printf(MSG_INFO, "STA " MACSTR
-		   " proto=%s%s%s%s"
-		   "pairwise=%s%s%s%s%s%s%s"
-		   "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
-		   "rsn_capab=%s%s%s%s%s%s%s%s%s%s",
-		   MAC2STR(sta->addr),
-		   sta->proto == 0 ? "OPEN " : "",
-		   sta->proto & WPA_PROTO_WPA ? "WPA " : "",
-		   sta->proto & WPA_PROTO_RSN ? "WPA2 " : "",
-		   sta->proto & WPA_PROTO_OSEN ? "OSEN " : "",
-		   sta->pairwise_cipher == 0 ? "N/A " : "",
-		   sta->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
-		   sta->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
-		   sta->pairwise_cipher & WPA_CIPHER_CCMP ? "CCMP " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_CCMP_256 ? "CCMP-256 " :
-		   "",
-		   bss->pairwise_cipher & WPA_CIPHER_GCMP ? "GCMP " : "",
-		   bss->pairwise_cipher & WPA_CIPHER_GCMP_256 ? "GCMP-256 " :
-		   "",
-		   sta->key_mgmt == 0 ? "N/A " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X ? "EAP " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_PSK ? "PSK " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_WPA_NONE ? "WPA-NONE " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X ? "FT-EAP " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_FT_PSK ? "FT-PSK " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256 ?
-		   "EAP-SHA256 " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
-		   "PSK-SHA256 " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_OWE ? "OWE " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_PASN ? "PASN " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_DPP ? "DPP " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B ?
-		   "EAP-SUITE-B " : "",
-		   sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ?
-		   "EAP-SUITE-B-192 " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
-		   "NO_PAIRWISE " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_MFPR ? "MFPR " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_MFPC ? "MFPC " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_PEERKEY_ENABLED ?
-		   "PEERKEY " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_SPP_A_MSDU_CAPABLE ?
-		   "SPP-A-MSDU-CAPAB " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_SPP_A_MSDU_REQUIRED ?
-		   "SPP-A-MSDU-REQUIRED " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_PBAC ? "PBAC " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_OCVC ? "OCVC " : "",
-		   sta->rsn_capab & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST ?
-		   "ExtKeyID " : "");
-}
diff --git a/wlantest/test_vectors.c b/wlantest/test_vectors.c
deleted file mode 100644
index 7f39c426433b..000000000000
--- a/wlantest/test_vectors.c
+++ /dev/null
@@ -1,937 +0,0 @@
-/*
- * test_vectors - IEEE 802.11 test vector generator
- * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/crc32.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "wlantest.h"
-
-
-static void test_vector_tkip(void)
-{
-	u8 tk[] = {
-		0x12, 0x34, 0x56, 0x78, 0x90, 0x12, 0x34, 0x56,
-		0x78, 0x90, 0x12, 0x34, 0x56, 0x78, 0x90, 0x12,
-		0x34, 0x56, 0x78, 0x90, 0x12, 0x34, 0x56, 0x78,
-		0x90, 0x12, 0x34, 0x56, 0x78, 0x90, 0x12, 0x34
-	};
-	u8 pn[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
-	u8 frame[] = {
-		0x08, 0x42, 0x2c, 0x00, 0x02, 0x03, 0x04, 0x05,
-		0x06, 0x08, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-		0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xd0, 0x02,
-		/* 0x00, 0x20, 0x01, 0x20, 0x00, 0x00, 0x00, 0x00, */
-		0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x08, 0x00,
-		0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
-		0x40, 0x01, 0xa5, 0x55, 0xc0, 0xa8, 0x0a, 0x02,
-		0xc0, 0xa8, 0x0a, 0x01, 0x08, 0x00, 0x3a, 0xb0,
-		0x00, 0x00, 0x00, 0x00, 0xcd, 0x4c, 0x05, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x08, 0x09, 0x0a, 0x0b,
-		0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
-		0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
-		0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
-		0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
-		0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
-		0x34, 0x35, 0x36, 0x37,
-		/* 0x68, 0x81, 0xa3, 0xf3, 0xd6, 0x48, 0xd0, 0x3c */
-	};
-	u8 *enc, *plain;
-	size_t enc_len, plain_len;
-
-	wpa_printf(MSG_INFO, "\nIEEE Std 802.11-2012, M.6.3 TKIP test "
-		   "vector\n");
-
-	wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
-	wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
-	wpa_hexdump(MSG_INFO, "Plaintext MPDU", frame, sizeof(frame));
-
-	enc = tkip_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt TKIP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
-
-	wpa_debug_level = MSG_INFO;
-	plain = tkip_decrypt(tk, (const struct ieee80211_hdr *) enc,
-			     enc + 24, enc_len - 24, &plain_len, NULL, NULL);
-	wpa_debug_level = MSG_EXCESSIVE;
-	os_free(enc);
-
-	if (plain == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to decrypt TKIP frame");
-		return;
-	}
-
-	if (plain_len != sizeof(frame) - 24 ||
-	    os_memcmp(plain, frame + 24, plain_len) != 0) {
-		wpa_hexdump(MSG_ERROR, "Decryption result did not match",
-			    plain, plain_len);
-	}
-
-	os_free(plain);
-}
-
-
-static void test_vector_ccmp(void)
-{
-	u8 tk[] = { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
-		    0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f };
-	u8 pn[] = { 0xB5, 0x03, 0x97, 0x76, 0xE7, 0x0C };
-	u8 frame[] = {
-		0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,
-		0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
-		0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
-		0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
-		0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
-		0x7e, 0x78, 0xa0, 0x50
-	};
-	u8 *enc, *plain;
-	size_t enc_len, plain_len;
-	u8 fcs[4];
-
-	wpa_printf(MSG_INFO, "\nIEEE Std 802.11-2012, M.6.4 CCMP test "
-		   "vector\n");
-
-	wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
-	wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
-	wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
-	wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
-
-	enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "FCS", fcs, sizeof(fcs));
-
-	wpa_debug_level = MSG_INFO;
-	plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc,
-			     enc + 24, enc_len - 24, &plain_len);
-	wpa_debug_level = MSG_EXCESSIVE;
-	os_free(enc);
-
-	if (plain == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to decrypt CCMP frame");
-		return;
-	}
-
-	if (plain_len != sizeof(frame) - 24 ||
-	    os_memcmp(plain, frame + 24, plain_len) != 0) {
-		wpa_hexdump(MSG_ERROR, "Decryption result did not match",
-			    plain, plain_len);
-	}
-
-	os_free(plain);
-}
-
-
-static void test_vector_ccmp_pv1(void)
-{
-	u8 tk[] = { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
-		    0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f };
-	u8 pn[8];
-	u8 frame1[] = {
-		0x61, 0x00, 0xa2, 0xae, 0xa5, 0xb8, 0xfc, 0xba,
-		0x07, 0x00, 0x80, 0x33,
-		0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
-		0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
-		0x7e, 0x78, 0xa0, 0x50
-	};
-	u8 frame2[] = {
-		0x61, 0x00, 0xa2, 0xae, 0xa5, 0xb8, 0xfc, 0xba,
-		0x07, 0x20, 0x80, 0x33, 0x02, 0xd2, 0xe1, 0x28,
-		0xa5, 0x7c,
-		0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
-		0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
-		0x7e, 0x78, 0xa0, 0x50
-	};
-	u8 frame3[] = {
-		0x6d, 0x00, 0xa2, 0xae, 0xa5, 0xb8, 0xfc, 0xba,
-		0x52, 0x30, 0xf1, 0x84, 0x44, 0x08, 0x80, 0x33,
-		0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
-		0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
-		0x7e, 0x78, 0xa0, 0x50
-	};
-	u8 *enc;
-	size_t enc_len;
-	u8 fcs[4];
-	u8 bssid[ETH_ALEN] = { 0xa2, 0xae, 0xa5, 0xb8, 0xfc, 0xba };
-	u8 da[ETH_ALEN] = { 0x02, 0xd2, 0xe1, 0x28, 0xa5, 0x7c };
-	u8 sa[ETH_ALEN] = { 0x52, 0x30, 0xf1, 0x84, 0x44, 0x08 };
-	u16 aid = 7;
-	u32 bpn = 123;
-	u16 sc = 0x3380;
-	int key_id = 0;
-	u16 fc;
-	int tid = 3;
-	u16 sid;
-
-	wpa_printf(MSG_INFO,
-		   "\nIEEE P802.11ah/D10.0, J.6.4 CCMP PV1 test vectors\n");
-
-	wpa_printf(MSG_INFO, "BSSID: " MACSTR, MAC2STR(bssid));
-	wpa_printf(MSG_INFO, "DA: " MACSTR, MAC2STR(da));
-	wpa_printf(MSG_INFO, "SA: " MACSTR, MAC2STR(sa));
-	wpa_printf(MSG_INFO, "Association ID: %u", aid);
-	wpa_printf(MSG_INFO, "Base PN: %u (0x%08x)", bpn, bpn);
-	wpa_printf(MSG_INFO, "SC = 0x%04x (FragNum=%u SeqNum=%u)",
-		   sc, WLAN_GET_SEQ_FRAG(sc), WLAN_GET_SEQ_SEQ(sc));
-	wpa_printf(MSG_INFO, "TID = %u", tid);
-	wpa_printf(MSG_INFO, "Key ID: %u", key_id);
-	wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
-	wpa_printf(MSG_INFO, "PN = SC||BPN");
-	WPA_PUT_LE16(&pn[0], sc);
-	WPA_PUT_LE32(&pn[2], bpn);
-	wpa_hexdump(MSG_INFO, "PN (PN0..PN5)", pn, sizeof(pn));
-
-	wpa_printf(MSG_INFO,
-		   "\nPV1 test vector #1:\nHeader compression used and A3 was previously stored at the receiver\n");
-	fc = WPA_GET_LE16(frame1);
-	wpa_printf(MSG_INFO,
-		   "FC=0x%04x (PV=%u Type=%u PTID/Subtype=%u From_DS=%u More_Fragments=%u Power_Management=%u More_Data=%u Protected_Frame=%u End_of_SP=%u Relayed_Frame=%u Ack_Policy=%u)",
-		   fc,
-		   fc & WLAN_FC_PVER,
-		   (fc & (BIT(2) | BIT(3) | BIT(4))) >> 2,
-		   (fc & (BIT(5) | BIT(6) | BIT(7))) >> 5,
-		   !!(fc & BIT(8)),
-		   !!(fc & BIT(9)),
-		   !!(fc & BIT(10)),
-		   !!(fc & BIT(11)),
-		   !!(fc & BIT(12)),
-		   !!(fc & BIT(13)),
-		   !!(fc & BIT(14)),
-		   !!(fc & BIT(15)));
-	wpa_printf(MSG_INFO, "A1=" MACSTR, MAC2STR(&frame1[2]));
-	sid = WPA_GET_LE16(&frame1[8]);
-	wpa_printf(MSG_INFO,
-		   "A2=%02x %02x (SID: AID=%u A3_Present=%u A4_Present=%u A-MSDU=%u); corresponds to 52:30:f1:84:44:08 in uncompressed header",
-		   frame1[8], frame1[9],
-		   sid & ~(BIT(13) | BIT(14) | BIT(15)),
-		   !!(sid & BIT(13)),
-		   !!(sid & BIT(14)),
-		   !!(sid & BIT(15)));
-	sc = WPA_GET_LE16(&frame1[10]);
-	wpa_printf(MSG_INFO, "Sequence Control: %02x %02x (FN=%u SN=%u)",
-		   frame1[10], frame1[11],
-		   WLAN_GET_SEQ_FRAG(sc), WLAN_GET_SEQ_SEQ(sc));
-	wpa_printf(MSG_INFO, "A3 not present; corresponds to 02:d2:e1:28:a5:7c in uncompressed header");
-	wpa_printf(MSG_INFO, "A4 not present");
-	wpa_hexdump(MSG_INFO, "Plaintext Frame Header", frame1, 12);
-	wpa_hexdump(MSG_INFO, "Plaintext Frame Body",
-		    frame1 + 12, sizeof(frame1) - 12);
-
-	enc = ccmp_encrypt_pv1(tk, &frame1[2], sa, da, frame1, sizeof(frame1),
-			       12, pn, key_id, &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted Frame Header", enc, 12);
-	wpa_hexdump(MSG_INFO, "Encrypted Frame Frame Body",
-		    enc + 12, enc_len - 12);
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "Encrypted Frame FCS", fcs, sizeof(fcs));
-
-	wpa_printf(MSG_INFO,
-		   "\nPV1 test vector #2:\nHeader compression used and A3 was not previously stored at the receiver\n");
-	fc = WPA_GET_LE16(frame2);
-	wpa_printf(MSG_INFO,
-		   "FC=0x%04x (PV=%u Type=%u PTID/Subtype=%u From_DS=%u More_Fragments=%u Power_Management=%u More_Data=%u Protected_Frame=%u End_of_SP=%u Relayed_Frame=%u Ack_Policy=%u)",
-		   fc,
-		   fc & WLAN_FC_PVER,
-		   (fc & (BIT(2) | BIT(3) | BIT(4))) >> 2,
-		   (fc & (BIT(5) | BIT(6) | BIT(7))) >> 5,
-		   !!(fc & BIT(8)),
-		   !!(fc & BIT(9)),
-		   !!(fc & BIT(10)),
-		   !!(fc & BIT(11)),
-		   !!(fc & BIT(12)),
-		   !!(fc & BIT(13)),
-		   !!(fc & BIT(14)),
-		   !!(fc & BIT(15)));
-	wpa_printf(MSG_INFO, "A1=" MACSTR, MAC2STR(&frame2[2]));
-	sid = WPA_GET_LE16(&frame2[8]);
-	wpa_printf(MSG_INFO,
-		   "A2=%02x %02x (SID: AID=%u A3_Present=%u A4_Present=%u A-MSDU=%u); corresponds to 52:30:f1:84:44:08 in uncompressed header",
-		   frame2[8], frame2[9],
-		   sid & ~(BIT(13) | BIT(14) | BIT(15)),
-		   !!(sid & BIT(13)),
-		   !!(sid & BIT(14)),
-		   !!(sid & BIT(15)));
-	sc = WPA_GET_LE16(&frame2[10]);
-	wpa_printf(MSG_INFO, "Sequence Control: %02x %02x (FN=%u SN=%u)",
-		   frame2[10], frame2[11],
-		   WLAN_GET_SEQ_FRAG(sc), WLAN_GET_SEQ_SEQ(sc));
-	wpa_printf(MSG_INFO, "A3=" MACSTR, MAC2STR(&frame2[12]));
-	wpa_printf(MSG_INFO, "A4 not present");
-	wpa_hexdump(MSG_INFO, "Plaintext Frame Header", frame2, 18);
-	wpa_hexdump(MSG_INFO, "Plaintext Frame Body",
-		    frame2 + 18, sizeof(frame2) - 18);
-
-	enc = ccmp_encrypt_pv1(tk, &frame2[2], sa, &frame2[12],
-			       frame2, sizeof(frame2), 18, pn, key_id,
-			       &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted Frame Header", enc, 18);
-	wpa_hexdump(MSG_INFO, "Encrypted Frame Frame Body",
-		    enc + 18, enc_len - 18);
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "Encrypted Frame FCS", fcs, sizeof(fcs));
-
-	wpa_printf(MSG_INFO,
-		   "\nPV1 test vector #3:\nType 3 frame from SA to DA(=BSSID) (i.e., no separate DA in this example)\n");
-	fc = WPA_GET_LE16(frame3);
-	wpa_printf(MSG_INFO,
-		   "FC=0x%04x (PV=%u Type=%u PTID/Subtype=%u From_DS=%u More_Fragments=%u Power_Management=%u More_Data=%u Protected_Frame=%u End_of_SP=%u Relayed_Frame=%u Ack_Policy=%u)",
-		   fc,
-		   fc & WLAN_FC_PVER,
-		   (fc & (BIT(2) | BIT(3) | BIT(4))) >> 2,
-		   (fc & (BIT(5) | BIT(6) | BIT(7))) >> 5,
-		   !!(fc & BIT(8)),
-		   !!(fc & BIT(9)),
-		   !!(fc & BIT(10)),
-		   !!(fc & BIT(11)),
-		   !!(fc & BIT(12)),
-		   !!(fc & BIT(13)),
-		   !!(fc & BIT(14)),
-		   !!(fc & BIT(15)));
-	wpa_printf(MSG_INFO, "A1=" MACSTR, MAC2STR(&frame3[2]));
-	wpa_printf(MSG_INFO, "A2=" MACSTR, MAC2STR(&frame3[8]));
-	sc = WPA_GET_LE16(&frame3[14]);
-	wpa_printf(MSG_INFO, "Sequence Control: %02x %02x (FN=%u SN=%u)",
-		   frame3[14], frame3[15],
-		   WLAN_GET_SEQ_FRAG(sc), WLAN_GET_SEQ_SEQ(sc));
-	wpa_printf(MSG_INFO,
-		   "A3 not present; corresponds to 02:d2:e1:28:a5:7c in uncompressed header");
-	wpa_printf(MSG_INFO, "A4 not present");
-	wpa_hexdump(MSG_INFO, "Plaintext Frame Header", frame3, 16);
-	wpa_hexdump(MSG_INFO, "Plaintext Frame Body",
-		    frame3 + 16, sizeof(frame3) - 16);
-
-	enc = ccmp_encrypt_pv1(tk, &frame3[2], &frame3[8], da,
-			       frame3, sizeof(frame3), 16, pn, key_id,
-			       &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted Frame Header", enc, 16);
-	wpa_hexdump(MSG_INFO, "Encrypted Frame Frame Body",
-		    enc + 16, enc_len - 16);
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "Encrypted Frame FCS", fcs, sizeof(fcs));
-
-	wpa_debug_level = MSG_INFO;
-}
-
-
-static void test_vector_bip(void)
-{
-	u8 igtk[] = {
-		0x4e, 0xa9, 0x54, 0x3e, 0x09, 0xcf, 0x2b, 0x1e,
-		0xca, 0x66, 0xff, 0xc5, 0x8b, 0xde, 0xcb, 0xcf
-	};
-	u8 ipn[] = { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00 };
-	u8 frame[] = {
-		0xc0, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
-		0xff, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
-		0x02, 0x00
-	};
-	u8 *prot;
-	size_t prot_len;
-
-	wpa_printf(MSG_INFO, "\nIEEE Std 802.11-2012, M.9.1 BIP with broadcast "
-		   "Deauthentication frame\n");
-
-	wpa_hexdump(MSG_INFO, "IGTK", igtk, sizeof(igtk));
-	wpa_hexdump(MSG_INFO, "IPN", ipn, sizeof(ipn));
-	wpa_hexdump(MSG_INFO, "Plaintext frame", frame, sizeof(frame));
-
-	prot = bip_protect(igtk, sizeof(igtk), frame, sizeof(frame),
-			   ipn, 4, &prot_len);
-	if (prot == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to protect BIP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Protected MPDU (without FCS)", prot, prot_len);
-	os_free(prot);
-}
-
-
-static void test_vector_ccmp_mgmt(void)
-{
-	u8 tk[] = { 0x66, 0xed, 0x21, 0x04, 0x2f, 0x9f, 0x26, 0xd7,
-		    0x11, 0x57, 0x06, 0xe4, 0x04, 0x14, 0xcf, 0x2e };
-	u8 pn[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
-	u8 frame[] = {
-		0xc0, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
-		0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00,
-		0x02, 0x00
-	};
-	u8 *enc, *plain;
-	size_t enc_len, plain_len;
-
-	wpa_printf(MSG_INFO, "\nIEEE Std 802.11-2012, M.9.2 CCMP with unicast "
-		   "Deauthentication frame\n");
-
-	wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
-	wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
-	wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
-	wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
-
-	enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
-		return;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
-
-	wpa_debug_level = MSG_INFO;
-	plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc,
-			     enc + 24, enc_len - 24, &plain_len);
-	wpa_debug_level = MSG_EXCESSIVE;
-	os_free(enc);
-
-	if (plain == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to decrypt CCMP frame");
-		return;
-	}
-
-	if (plain_len != sizeof(frame) - 24 ||
-	    os_memcmp(plain, frame + 24, plain_len) != 0) {
-		wpa_hexdump(MSG_ERROR, "Decryption result did not match",
-			    plain, plain_len);
-	}
-
-	os_free(plain);
-}
-
-
-struct gcmp_test {
-	u8 tk[16];
-	u8 pn[6];
-	u8 frame[300];
-	size_t hdr_len;
-	size_t payload_len;
-	u8 mic[16];
-	u8 encr[300];
-};
-
-static const struct gcmp_test gcmp_vectors[] =
-{
-	{
-		.tk = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa },
-		.pn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
-		.frame = {
-			0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
-
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		},
-		.hdr_len = 24,
-		.payload_len = 256,
-		.mic = {
-			0x80, 0xCB, 0x06, 0x62, 0xEA, 0x71, 0xAB, 0xFD,
-			0x9F, 0x04, 0xC7, 0xF8, 0x72, 0xF5, 0x80, 0x90 },
-		.encr = {
-			0x5F, 0x55, 0x78, 0xC1, 0x8F, 0x13, 0x7A, 0xD2,
-			0x79, 0xBF, 0x3F, 0x2B, 0x24, 0xC7, 0xBD, 0x8F,
-			0x27, 0x7A, 0x1B, 0xE6, 0x77, 0x0D, 0xA1, 0xD9,
-			0x8B, 0x70, 0xC6, 0xD2, 0x8A, 0xE0, 0x1C, 0x55,
-			0x9E, 0xCB, 0xA6, 0xA0, 0x1D, 0xB0, 0x67, 0xC5,
-			0xA2, 0x7E, 0x4D, 0xB0, 0x8C, 0xDA, 0xDC, 0x77,
-			0x52, 0xAD, 0x63, 0x7E, 0xAF, 0x0A, 0x18, 0xED,
-			0x13, 0xFB, 0xAA, 0x14, 0x3B, 0xAF, 0xEF, 0x18,
-			0xF8, 0xFB, 0xCE, 0x4C, 0x65, 0xE8, 0x6B, 0xD0,
-			0x2A, 0x87, 0xB6, 0x01, 0xB7, 0xEA, 0xB9, 0x3F,
-			0x2B, 0xBC, 0x87, 0x4C, 0x8A, 0x71, 0x05, 0x80,
-			0xF5, 0x02, 0x34, 0x1A, 0x6A, 0x53, 0x39, 0x31,
-			0x43, 0xDE, 0x4C, 0x9E, 0xC6, 0xA2, 0x86, 0xF1,
-			0x25, 0x71, 0x83, 0x78, 0xAE, 0xDC, 0x84, 0xEB,
-			0xA2, 0xB3, 0x0F, 0x5C, 0x28, 0xBB, 0x5D, 0x75,
-			0xC6, 0xB0, 0x25, 0x46, 0x6D, 0x06, 0x51, 0xC7,
-			0x22, 0xDC, 0x71, 0x15, 0x1F, 0x21, 0x2D, 0x68,
-			0x87, 0x82, 0x8A, 0x03, 0x82, 0xE9, 0x28, 0x8A,
-			0x7F, 0x43, 0xD5, 0x2B, 0x7D, 0x25, 0x08, 0x61,
-			0x57, 0x64, 0x69, 0x54, 0xBB, 0x43, 0xB5, 0x7E,
-			0xA5, 0x87, 0xA0, 0x25, 0xF4, 0x0C, 0xE7, 0x45,
-			0x11, 0xE4, 0xDD, 0x22, 0x85, 0xB4, 0x0B, 0xA3,
-			0xF3, 0xB9, 0x62, 0x62, 0xCB, 0xC2, 0x8C, 0x6A,
-			0xA7, 0xBE, 0x44, 0x3E, 0x7B, 0x41, 0xE1, 0xEB,
-			0xFF, 0x52, 0x48, 0x57, 0xA6, 0x81, 0x68, 0x97,
-			0x75, 0x01, 0x15, 0xB0, 0x23, 0x1A, 0xB7, 0xC2,
-			0x84, 0x72, 0xC0, 0x6D, 0xD0, 0xB4, 0x9B, 0xE9,
-			0xF3, 0x69, 0xA8, 0xC3, 0x9C, 0xCD, 0x0D, 0xB7,
-			0x98, 0x35, 0x10, 0xE1, 0xAE, 0x8F, 0x05, 0xD7,
-			0x75, 0x45, 0xE0, 0x23, 0x5C, 0xDB, 0xD6, 0x12,
-			0xF3, 0x15, 0x07, 0x54, 0xCE, 0xE5, 0xCE, 0x6A,
-			0x12, 0x25, 0xD9, 0x95, 0x25, 0x02, 0x6F, 0x74
-		}
-	},
-	{
-		.tk = { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
-			0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f },
-		.pn = { 0x00, 0x89, 0x5F, 0x5F, 0x2B, 0x08 },
-		.frame = {
-			0x88, 0x48, 0x0b, 0x00, 0x0f, 0xd2, 0xe1, 0x28,
-			0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
-			0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0x80, 0x33,
-			0x03, 0x00,
-
-			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
-		},
-		.hdr_len = 26,
-		.payload_len = 40,
-		.mic = {
-			0xde, 0xf6, 0x19, 0xc2, 0xa3, 0x74, 0xb6, 0xdf,
-			0x66, 0xff, 0xa5, 0x3b, 0x6c, 0x69, 0xd7, 0x9e },
-		.encr = {
-			0x60, 0xe9, 0x70, 0x0c, 0xc4, 0xd4, 0x0a, 0xc6,
-			0xd2, 0x88, 0xb2, 0x01, 0xc3, 0x8f, 0x5b, 0xf0,
-			0x8b, 0x80, 0x74, 0x42, 0x64, 0x0a, 0x15, 0x96,
-			0xe5, 0xdb, 0xda, 0xd4, 0x1d, 0x1f, 0x36, 0x23,
-			0xf4, 0x5d, 0x7a, 0x12, 0xdb, 0x7a, 0xfb, 0x23
-		}
-	}
-};
-
-
-static int run_gcmp(int idx, const struct gcmp_test *vector)
-{
-	u8 *enc, *plain;
-	size_t enc_len, plain_len;
-	u8 fcs[4];
-	int err = 0;
-
-	wpa_printf(MSG_INFO,
-		   "\nIEEE Std 802.11ad-2012, M.11.1 GCMP test mpdu #%d\n",
-		   idx);
-
-	wpa_hexdump(MSG_INFO, "TK", vector->tk, sizeof(vector->tk));
-	wpa_hexdump(MSG_INFO, "PN", vector->pn, sizeof(vector->pn));
-	wpa_hexdump(MSG_INFO, "802.11 Header", vector->frame, vector->hdr_len);
-	wpa_hexdump(MSG_INFO, "Plaintext Data",
-		    vector->frame + vector->hdr_len,
-		    vector->payload_len);
-
-	enc = gcmp_encrypt(vector->tk, sizeof(vector->tk),
-			   vector->frame,
-			   vector->hdr_len + vector->payload_len,
-			   vector->hdr_len,
-			   vector->hdr_len == 26 ?
-			   vector->frame + vector->hdr_len - 2 : NULL,
-			   vector->pn, 0, &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt GCMP frame");
-		return 1;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
-	if (os_memcmp(vector->encr, enc + vector->hdr_len + 8,
-		      vector->payload_len) != 0) {
-		wpa_printf(MSG_ERROR, "GCMP test mpdu #%d enctypted data mismatch",
-			   idx);
-		err++;
-	}
-	if (os_memcmp(vector->mic, enc + enc_len - sizeof(vector->mic),
-		      sizeof(vector->mic)) != 0) {
-		wpa_printf(MSG_ERROR, "GCMP test mpdu #%d MIC mismatch", idx);
-		err++;
-	}
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "FCS", fcs, sizeof(fcs));
-
-	wpa_debug_level = MSG_INFO;
-	plain = gcmp_decrypt(vector->tk, sizeof(vector->tk),
-			     (const struct ieee80211_hdr *) enc,
-			     enc + vector->hdr_len,
-			     enc_len - vector->hdr_len, &plain_len);
-	wpa_debug_level = MSG_EXCESSIVE;
-	os_free(enc);
-
-	if (plain == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to decrypt GCMP frame");
-		return 1;
-	}
-
-	if (plain_len != vector->payload_len ||
-	    os_memcmp(plain, vector->frame + vector->hdr_len, plain_len) != 0) {
-		wpa_hexdump(MSG_ERROR, "Decryption result did not match",
-			    plain, plain_len);
-		err++;
-	}
-
-	os_free(plain);
-
-	return err;
-}
-
-
-static int test_vector_gcmp(void)
-{
-	int err = 0;
-	int i;
-
-	for (i = 0; i < ARRAY_SIZE(gcmp_vectors); i++) {
-		if (run_gcmp(i + 1, &gcmp_vectors[i]))
-			err++;
-
-	}
-
-	return err;
-}
-
-
-static int test_vector_gcmp_256(void)
-{
-	u8 tk[] = { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
-		    0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f,
-		    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-		    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
-	u8 pn[] = {
-		0x00, 0x89, 0x5F, 0x5F, 0x2B, 0x08
-	};
-	u8 frame[] = {
-		0x88, 0x48, 0x0b, 0x00, 0x0f, 0xd2, 0xe1, 0x28,
-		0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
-		0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0x80, 0x33,
-		0x03, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
-		0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
-		0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
-		0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d,
-		0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
-		0x26, 0x27
-	};
-	u8 encr[] = {
-		0x88, 0x48, 0x0b, 0x00, 0x0f, 0xd2, 0xe1, 0x28,
-		0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
-		0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0x80, 0x33,
-		0x03, 0x00, 0x08, 0x2b, 0x00, 0x20, 0x5f, 0x5f,
-		0x89, 0x00, 0x65, 0x83, 0x43, 0xc8, 0xb1, 0x44,
-		0x47, 0xd9, 0x21, 0x1d, 0xef, 0xd4, 0x6a, 0xd8,
-		0x9c, 0x71, 0x0c, 0x6f, 0xc3, 0x33, 0x33, 0x23,
-		0x6e, 0x39, 0x97, 0xb9, 0x17, 0x6a, 0x5a, 0x8b,
-		0xe7, 0x79, 0xb2, 0x12, 0x66, 0x55, 0x5e, 0x70,
-		0xad, 0x79, 0x11, 0x43, 0x16, 0x85, 0x90, 0x95,
-		0x47, 0x3d, 0x5b, 0x1b, 0xd5, 0x96, 0xb3, 0xde,
-		0xa3, 0xbf
-	};
-	u8 *enc, *plain;
-	size_t enc_len, plain_len;
-	u8 fcs[4];
-	int err = 0;
-
-	wpa_printf(MSG_INFO, "\nIEEE P802.11ac/D7.0, M.11.1 GCMP-256 test vector\n");
-
-	wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
-	wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
-	wpa_hexdump(MSG_INFO, "802.11 Header", frame, 26);
-	wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 26, sizeof(frame) - 26);
-
-	enc = gcmp_encrypt(tk, sizeof(tk), frame, sizeof(frame), 26, frame + 24,
-			   pn, 0, &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt GCMP frame");
-		return 1;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
-	if (enc_len != sizeof(encr) || os_memcmp(enc, encr, enc_len) != 0) {
-		wpa_printf(MSG_ERROR, "GCMP-256 test vector mismatch");
-		err++;
-	}
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "FCS", fcs, sizeof(fcs));
-
-	wpa_debug_level = MSG_INFO;
-	plain = gcmp_decrypt(tk, sizeof(tk), (const struct ieee80211_hdr *) enc,
-			     enc + 26, enc_len - 26, &plain_len);
-	wpa_debug_level = MSG_EXCESSIVE;
-	os_free(enc);
-
-	if (plain == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to decrypt GCMP frame");
-		return 1;
-	}
-
-	if (plain_len != sizeof(frame) - 26 ||
-	    os_memcmp(plain, frame + 26, plain_len) != 0) {
-		wpa_hexdump(MSG_ERROR, "Decryption result did not match",
-			    plain, plain_len);
-		err++;
-	}
-
-	os_free(plain);
-
-	return err;
-}
-
-
-static int test_vector_ccmp_256(void)
-{
-	u8 tk[] = { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
-		    0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f,
-		    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-		    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
-	u8 pn[] = { 0xB5, 0x03, 0x97, 0x76, 0xE7, 0x0C };
-	u8 frame[] = {
-		0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,
-		0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
-		0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
-		0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
-		0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
-		0x7e, 0x78, 0xa0, 0x50
-	};
-	u8 encr[] = {
-		0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,
-		0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
-		0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
-		0x0c, 0xe7, 0x00, 0x20, 0x76, 0x97, 0x03, 0xb5,
-		0x6d, 0x15, 0x5d, 0x88, 0x32, 0x66, 0x82, 0x56,
-		0xd6, 0xa9, 0x2b, 0x78, 0xe1, 0x1d, 0x8e, 0x54,
-		0x49, 0x5d, 0xd1, 0x74, 0x80, 0xaa, 0x56, 0xc9,
-		0x49, 0x2e, 0x88, 0x2b, 0x97, 0x64, 0x2f, 0x80,
-		0xd5, 0x0f, 0xe9, 0x7b
-
-	};
-	u8 *enc, *plain;
-	size_t enc_len, plain_len;
-	u8 fcs[4];
-	int err = 0;
-
-	wpa_printf(MSG_INFO, "\nIEEE P802.11ac/D7.0, M.6.4 CCMP-256 test vector\n");
-
-	wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
-	wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
-	wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
-	wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
-
-	enc = ccmp_256_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0,
-			       &enc_len);
-	if (enc == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
-		return 1;
-	}
-
-	wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
-	if (enc_len != sizeof(encr) || os_memcmp(enc, encr, enc_len) != 0) {
-		wpa_printf(MSG_ERROR, "CCMP-256 test vector mismatch");
-		err++;
-	}
-	WPA_PUT_LE32(fcs, crc32(enc, enc_len));
-	wpa_hexdump(MSG_INFO, "FCS", fcs, sizeof(fcs));
-
-	wpa_debug_level = MSG_INFO;
-	plain = ccmp_256_decrypt(tk, (const struct ieee80211_hdr *) enc,
-				 enc + 24, enc_len - 24, &plain_len);
-	wpa_debug_level = MSG_EXCESSIVE;
-	os_free(enc);
-
-	if (plain == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to decrypt CCMP-256 frame");
-		return 1;
-	}
-
-	if (plain_len != sizeof(frame) - 24 ||
-	    os_memcmp(plain, frame + 24, plain_len) != 0) {
-		wpa_hexdump(MSG_ERROR, "Decryption result did not match",
-			    plain, plain_len);
-		err++;
-	}
-
-	os_free(plain);
-
-	return err;
-}
-
-
-static int test_vector_bip_gmac_128(void)
-{
-	u8 igtk[] = {
-		0x4e, 0xa9, 0x54, 0x3e, 0x09, 0xcf, 0x2b, 0x1e,
-		0xca, 0x66, 0xff, 0xc5, 0x8b, 0xde, 0xcb, 0xcf
-	};
-	u8 ipn[] = { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00 };
-	u8 frame[] = {
-		0xc0, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
-		0xff, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
-		0x02, 0x00
-	};
-	u8 res[] = {
-		0xc0, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
-		0xff, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
-		0x02, 0x00, 0x4c, 0x18, 0x04, 0x00, 0x04, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x3e, 0xd8, 0x62, 0xfb,
-		0x0f, 0x33, 0x38, 0xdd, 0x33, 0x86, 0xc8, 0x97,
-		0xe2, 0xed, 0x05, 0x3d
-	};
-	u8 *prot;
-	size_t prot_len;
-	int err = 0;
-
-	wpa_printf(MSG_INFO, "\nIEEE P802.11ac/D7.0, M.9.1 BIP-GMAC-128 with broadcast "
-		   "Deauthentication frame\n");
-
-	wpa_hexdump(MSG_INFO, "IGTK", igtk, sizeof(igtk));
-	wpa_hexdump(MSG_INFO, "IPN", ipn, sizeof(ipn));
-	wpa_hexdump(MSG_INFO, "Plaintext frame", frame, sizeof(frame));
-
-	prot = bip_gmac_protect(igtk, sizeof(igtk), frame, sizeof(frame),
-				ipn, 4, &prot_len);
-	if (prot == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to protect BIP-GMAC-128 frame");
-		return 1;
-	}
-
-	wpa_hexdump(MSG_INFO, "Protected MPDU (without FCS)", prot, prot_len);
-	if (prot_len != sizeof(res) || os_memcmp(res, prot, prot_len) != 0) {
-		wpa_printf(MSG_ERROR, "BIP-GMAC-128 test vector mismatch");
-		err++;
-	}
-	os_free(prot);
-
-	return err;
-}
-
-
-static int test_vector_bip_gmac_256(void)
-{
-	u8 igtk[] = {
-		0x4e, 0xa9, 0x54, 0x3e, 0x09, 0xcf, 0x2b, 0x1e,
-		0xca, 0x66, 0xff, 0xc5, 0x8b, 0xde, 0xcb, 0xcf,
-		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-	};
-	u8 ipn[] = { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00 };
-	u8 frame[] = {
-		0xc0, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
-		0xff, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
-		0x02, 0x00
-	};
-	u8 res[] = {
-		0xc0, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
-		0xff, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
-		0x02, 0x00, 0x4c, 0x18, 0x04, 0x00, 0x04, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x23, 0xbe, 0x59, 0xdc,
-		0xc7, 0x02, 0x2e, 0xe3, 0x83, 0x62, 0x7e, 0xbb,
-		0x10, 0x17, 0xdd, 0xfc
-	};
-	u8 *prot;
-	size_t prot_len;
-	int err = 0;
-
-	wpa_printf(MSG_INFO, "\nIEEE P802.11ac/D7.0, M.9.1 BIP-GMAC-256 with broadcast Deauthentication frame\n");
-
-	wpa_hexdump(MSG_INFO, "IGTK", igtk, sizeof(igtk));
-	wpa_hexdump(MSG_INFO, "IPN", ipn, sizeof(ipn));
-	wpa_hexdump(MSG_INFO, "Plaintext frame", frame, sizeof(frame));
-
-	prot = bip_gmac_protect(igtk, sizeof(igtk), frame, sizeof(frame),
-				ipn, 4, &prot_len);
-	if (prot == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to protect BIP-GMAC-256 frame");
-		return 1;
-	}
-
-	wpa_hexdump(MSG_INFO, "Protected MPDU (without FCS)", prot, prot_len);
-	if (prot_len != sizeof(res) || os_memcmp(res, prot, prot_len) != 0) {
-		wpa_printf(MSG_ERROR, "BIP-GMAC-128 test vector mismatch");
-		err++;
-	}
-	os_free(prot);
-
-	return err;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int errors = 0;
-
-	wpa_debug_level = MSG_EXCESSIVE;
-	wpa_debug_show_keys = 1;
-
-	if (os_program_init())
-		return -1;
-
-	test_vector_tkip();
-	test_vector_ccmp();
-	test_vector_ccmp_pv1();
-	test_vector_bip();
-	test_vector_ccmp_mgmt();
-	errors += test_vector_gcmp();
-	errors += test_vector_gcmp_256();
-	errors += test_vector_ccmp_256();
-	errors += test_vector_bip_gmac_128();
-	errors += test_vector_bip_gmac_256();
-
-	if (errors)
-		wpa_printf(MSG_INFO, "One or more test vectors failed");
-	os_program_deinit();
-
-	return errors ? -1 : 0;
-}
diff --git a/wlantest/tkip.c b/wlantest/tkip.c
deleted file mode 100644
index 843f6518a382..000000000000
--- a/wlantest/tkip.c
+++ /dev/null
@@ -1,490 +0,0 @@
-/*
- * Temporal Key Integrity Protocol (TKIP)
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/crc32.h"
-#include "common/ieee802_11_defs.h"
-#include "wlantest.h"
-
-
-void wep_crypt(u8 *key, u8 *buf, size_t plen);
-
-
-static inline u16 RotR1(u16 val)
-{
-	return (val >> 1) | (val << 15);
-}
-
-
-static inline u8 Lo8(u16 val)
-{
-	return val & 0xff;
-}
-
-
-static inline u8 Hi8(u16 val)
-{
-	return val >> 8;
-}
-
-
-static inline u16 Lo16(u32 val)
-{
-	return val & 0xffff;
-}
-
-
-static inline u16 Hi16(u32 val)
-{
-	return val >> 16;
-}
-
-
-static inline u16 Mk16(u8 hi, u8 lo)
-{
-	return lo | (((u16) hi) << 8);
-}
-
-
-static inline u16 Mk16_le(u16 *v)
-{
-	return le_to_host16(*v);
-}
-
-
-static const u16 Sbox[256] =
-{
-	0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
-	0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
-	0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
-	0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
-	0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
-	0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
-	0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
-	0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
-	0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
-	0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
-	0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
-	0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
-	0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
-	0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
-	0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
-	0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
-	0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
-	0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
-	0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
-	0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
-	0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
-	0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
-	0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
-	0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
-	0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
-	0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
-	0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
-	0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
-	0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
-	0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
-	0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
-	0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
-};
-
-
-static inline u16 _S_(u16 v)
-{
-	u16 t = Sbox[Hi8(v)];
-	return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
-}
-
-
-#define PHASE1_LOOP_COUNT 8
-
-static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
-{
-	int i, j;
-
-	/* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
-	TTAK[0] = Lo16(IV32);
-	TTAK[1] = Hi16(IV32);
-	TTAK[2] = Mk16(TA[1], TA[0]);
-	TTAK[3] = Mk16(TA[3], TA[2]);
-	TTAK[4] = Mk16(TA[5], TA[4]);
-
-	for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
-		j = 2 * (i & 1);
-		TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
-		TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
-		TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
-		TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
-		TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
-	}
-}
-
-
-static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
-			       u16 IV16)
-{
-	u16 PPK[6];
-
-	/* Step 1 - make copy of TTAK and bring in TSC */
-	PPK[0] = TTAK[0];
-	PPK[1] = TTAK[1];
-	PPK[2] = TTAK[2];
-	PPK[3] = TTAK[3];
-	PPK[4] = TTAK[4];
-	PPK[5] = TTAK[4] + IV16;
-
-	/* Step 2 - 96-bit bijective mixing using S-box */
-	PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
-	PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
-	PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
-	PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
-	PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
-	PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
-
-	PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
-	PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
-	PPK[2] += RotR1(PPK[1]);
-	PPK[3] += RotR1(PPK[2]);
-	PPK[4] += RotR1(PPK[3]);
-	PPK[5] += RotR1(PPK[4]);
-
-	/* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
-	 * WEPSeed[0..2] is transmitted as WEP IV */
-	WEPSeed[0] = Hi8(IV16);
-	WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
-	WEPSeed[2] = Lo8(IV16);
-	WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
-	WPA_PUT_LE16(&WEPSeed[4], PPK[0]);
-	WPA_PUT_LE16(&WEPSeed[6], PPK[1]);
-	WPA_PUT_LE16(&WEPSeed[8], PPK[2]);
-	WPA_PUT_LE16(&WEPSeed[10], PPK[3]);
-	WPA_PUT_LE16(&WEPSeed[12], PPK[4]);
-	WPA_PUT_LE16(&WEPSeed[14], PPK[5]);
-}
-
-
-static inline u32 rotl(u32 val, int bits)
-{
-	return (val << bits) | (val >> (32 - bits));
-}
-
-
-static inline u32 rotr(u32 val, int bits)
-{
-	return (val >> bits) | (val << (32 - bits));
-}
-
-
-static inline u32 xswap(u32 val)
-{
-	return ((val & 0x00ff00ff) << 8) | ((val & 0xff00ff00) >> 8);
-}
-
-
-#define michael_block(l, r)	\
-do {				\
-	r ^= rotl(l, 17);	\
-	l += r;			\
-	r ^= xswap(l);		\
-	l += r;			\
-	r ^= rotl(l, 3);	\
-	l += r;			\
-	r ^= rotr(l, 2);	\
-	l += r;			\
-} while (0)
-
-
-static void michael_mic(const u8 *key, const u8 *hdr, const u8 *data,
-			size_t data_len, u8 *mic)
-{
-	u32 l, r;
-	int i, blocks, last;
-
-	l = WPA_GET_LE32(key);
-	r = WPA_GET_LE32(key + 4);
-
-	/* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
-	l ^= WPA_GET_LE32(hdr);
-	michael_block(l, r);
-	l ^= WPA_GET_LE32(&hdr[4]);
-	michael_block(l, r);
-	l ^= WPA_GET_LE32(&hdr[8]);
-	michael_block(l, r);
-	l ^= WPA_GET_LE32(&hdr[12]);
-	michael_block(l, r);
-
-	/* 32-bit blocks of data */
-	blocks = data_len / 4;
-	last = data_len % 4;
-	for (i = 0; i < blocks; i++) {
-		l ^= WPA_GET_LE32(&data[4 * i]);
-		michael_block(l, r);
-	}
-
-	/* Last block and padding (0x5a, 4..7 x 0) */
-	switch (last) {
-	case 0:
-		l ^= 0x5a;
-		break;
-	case 1:
-		l ^= data[4 * i] | 0x5a00;
-		break;
-	case 2:
-		l ^= data[4 * i] | (data[4 * i + 1] << 8) | 0x5a0000;
-		break;
-	case 3:
-		l ^= data[4 * i] | (data[4 * i + 1] << 8) |
-			(data[4 * i + 2] << 16) | 0x5a000000;
-		break;
-	}
-	michael_block(l, r);
-	/* l ^= 0; */
-	michael_block(l, r);
-
-	WPA_PUT_LE32(mic, l);
-	WPA_PUT_LE32(mic + 4, r);
-}
-
-
-static void michael_mic_hdr(const struct ieee80211_hdr *hdr11, u8 *hdr)
-{
-	int hdrlen = 24;
-	u16 fc = le_to_host16(hdr11->frame_control);
-
-	switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
-	case WLAN_FC_TODS:
-		os_memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
-		os_memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
-		break;
-	case WLAN_FC_FROMDS:
-		os_memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
-		os_memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
-		break;
-	case WLAN_FC_FROMDS | WLAN_FC_TODS:
-		os_memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
-		os_memcpy(hdr + ETH_ALEN, hdr11 + 1, ETH_ALEN); /* SA */
-		hdrlen += ETH_ALEN;
-		break;
-	case 0:
-		os_memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
-		os_memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
-		break;
-	}
-
-	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA &&
-	    (WLAN_FC_GET_STYPE(fc) & 0x08)) {
-		const u8 *qos = ((const u8 *) hdr11) + hdrlen;
-		hdr[12] = qos[0] & 0x0f; /* priority */
-	} else
-		hdr[12] = 0; /* priority */
-
-	hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
-}
-
-
-u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
-		  const u8 *data, size_t data_len, size_t *decrypted_len,
-		  enum michael_mic_result *mic_res, struct tkip_frag *frag)
-{
-	u16 iv16;
-	u32 iv32;
-	u16 ttak[5];
-	u8 rc4key[16];
-	u8 *plain;
-	size_t plain_len;
-	u32 icv, rx_icv;
-	const u8 *mic_key;
-	u8 michael_hdr[16];
-	u8 mic[8];
-	u16 fc = le_to_host16(hdr->frame_control);
-	const u8 *full_payload;
-	size_t full_payload_len;
-	u16 sc = le_to_host16(hdr->seq_ctrl);
-	u16 sn;
-	u8 fn;
-
-	if (data_len < 8 + 4)
-		return NULL;
-
-	iv16 = (data[0] << 8) | data[2];
-	iv32 = WPA_GET_LE32(&data[4]);
-	wpa_printf(MSG_EXCESSIVE, "TKIP decrypt: iv32=%08x iv16=%04x",
-		   iv32, iv16);
-
-	tkip_mixing_phase1(ttak, tk, hdr->addr2, iv32);
-	wpa_hexdump(MSG_EXCESSIVE, "TKIP TTAK", (u8 *) ttak, sizeof(ttak));
-	tkip_mixing_phase2(rc4key, tk, ttak, iv16);
-	wpa_hexdump(MSG_EXCESSIVE, "TKIP RC4KEY", rc4key, sizeof(rc4key));
-
-	plain_len = data_len - 8;
-	plain = os_memdup(data + 8, plain_len);
-	if (plain == NULL)
-		return NULL;
-	wep_crypt(rc4key, plain, plain_len);
-
-	icv = crc32(plain, plain_len - 4);
-	rx_icv = WPA_GET_LE32(plain + plain_len - 4);
-	if (icv != rx_icv) {
-		wpa_printf(MSG_INFO, "TKIP ICV mismatch in frame from " MACSTR,
-			   MAC2STR(hdr->addr2));
-		wpa_printf(MSG_DEBUG, "TKIP calculated ICV %08x  received ICV "
-			   "%08x", icv, rx_icv);
-		os_free(plain);
-		return NULL;
-	}
-	plain_len -= 4;
-
-	full_payload = plain;
-	full_payload_len = plain_len;
-
-	sn = WLAN_GET_SEQ_SEQ(sc);
-	fn = WLAN_GET_SEQ_FRAG(sc);
-
-	if (frag) {
-		/* MSDU reassembly for Michael MIC validation */
-		if (fn == 0 && (fc & WLAN_FC_MOREFRAG)) {
-			/* Start of a new fragmented MSDU */
-			wpabuf_free(frag->buf);
-			frag->buf = NULL;
-			frag->buf = wpabuf_alloc_copy(plain, plain_len);
-			os_memcpy(frag->ra, hdr->addr1, ETH_ALEN);
-			os_memcpy(frag->ta, hdr->addr2, ETH_ALEN);
-			frag->sn = sn;
-			frag->fn = 0;
-		}
-
-		if (frag->buf && (fn || (fc & WLAN_FC_MOREFRAG)) &&
-		    sn == frag->sn && fn == frag->fn + 1 &&
-		    os_memcmp(frag->ra, hdr->addr1, ETH_ALEN) == 0 &&
-		    os_memcmp(frag->ta, hdr->addr2, ETH_ALEN) == 0) {
-			/* Add the next fragment */
-			if (wpabuf_resize(&frag->buf, plain_len) == 0) {
-				wpabuf_put_data(frag->buf, plain, plain_len);
-				frag->fn = fn;
-				if (!(fc & WLAN_FC_MOREFRAG)) {
-					full_payload = wpabuf_head(frag->buf);
-					full_payload_len =
-						wpabuf_len(frag->buf);
-					wpa_hexdump(MSG_MSGDUMP,
-						    "TKIP reassembled full payload",
-						    full_payload,
-						    full_payload_len);
-				}
-			}
-		}
-	}
-
-	if ((fc & WLAN_FC_MOREFRAG) || (fn > 0 && full_payload == plain)) {
-		/* Return the decrypted fragment and do not check the
-		 * Michael MIC value since no reassembled frame is available. */
-		*decrypted_len = plain_len;
-		if (mic_res) {
-			*mic_res = MICHAEL_MIC_NOT_VERIFIED;
-			return plain;
-		}
-	}
-
-	if (full_payload_len < 8) {
-		wpa_printf(MSG_INFO, "TKIP: Not enough room for Michael MIC "
-			   "in a frame from " MACSTR, MAC2STR(hdr->addr2));
-		os_free(plain);
-		return NULL;
-	}
-
-	michael_mic_hdr(hdr, michael_hdr);
-	mic_key = tk + ((fc & WLAN_FC_FROMDS) ? 16 : 24);
-	michael_mic(mic_key, michael_hdr, full_payload, full_payload_len - 8,
-		    mic);
-	if (os_memcmp(mic, full_payload + full_payload_len - 8, 8) != 0) {
-		wpa_printf(MSG_INFO, "TKIP: Michael MIC mismatch in a frame "
-			   "from " MACSTR, MAC2STR(hdr->addr2));
-		wpa_hexdump(MSG_DEBUG, "TKIP: Calculated MIC", mic, 8);
-		wpa_hexdump(MSG_DEBUG, "TKIP: Received MIC",
-			    full_payload + full_payload_len - 8, 8);
-		if (mic_res) {
-			*decrypted_len = plain_len - 8;
-			*mic_res = MICHAEL_MIC_INCORRECT;
-			return plain;
-		}
-		os_free(plain);
-		return NULL;
-	} else if (mic_res) {
-		*mic_res = MICHAEL_MIC_OK;
-	}
-
-	*decrypted_len = plain_len - 8;
-	return plain;
-}
-
-
-void tkip_get_pn(u8 *pn, const u8 *data)
-{
-	pn[0] = data[7]; /* PN5 */
-	pn[1] = data[6]; /* PN4 */
-	pn[2] = data[5]; /* PN3 */
-	pn[3] = data[4]; /* PN2 */
-	pn[4] = data[0]; /* PN1 */
-	pn[5] = data[2]; /* PN0 */
-}
-
-
-u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos,
-		  u8 *pn, int keyid, size_t *encrypted_len)
-{
-	u8 michael_hdr[16];
-	u8 mic[8];
-	struct ieee80211_hdr *hdr;
-	u16 fc;
-	const u8 *mic_key;
-	u8 *crypt, *pos;
-	u16 iv16;
-	u32 iv32;
-	u16 ttak[5];
-	u8 rc4key[16];
-
-	if (len < sizeof(*hdr) || len < hdrlen)
-		return NULL;
-	hdr = (struct ieee80211_hdr *) frame;
-	fc = le_to_host16(hdr->frame_control);
-
-	michael_mic_hdr(hdr, michael_hdr);
-	mic_key = tk + ((fc & WLAN_FC_FROMDS) ? 16 : 24);
-	michael_mic(mic_key, michael_hdr, frame + hdrlen, len - hdrlen, mic);
-	wpa_hexdump(MSG_EXCESSIVE, "TKIP: MIC", mic, sizeof(mic));
-
-	iv32 = WPA_GET_BE32(pn);
-	iv16 = WPA_GET_BE16(pn + 4);
-	tkip_mixing_phase1(ttak, tk, hdr->addr2, iv32);
-	wpa_hexdump(MSG_EXCESSIVE, "TKIP TTAK", (u8 *) ttak, sizeof(ttak));
-	tkip_mixing_phase2(rc4key, tk, ttak, iv16);
-	wpa_hexdump(MSG_EXCESSIVE, "TKIP RC4KEY", rc4key, sizeof(rc4key));
-
-	crypt = os_malloc(len + 8 + sizeof(mic) + 4);
-	if (crypt == NULL)
-		return NULL;
-	os_memcpy(crypt, frame, hdrlen);
-	pos = crypt + hdrlen;
-	os_memcpy(pos, rc4key, 3);
-	pos += 3;
-	*pos++ = keyid << 6 | BIT(5);
-	*pos++ = pn[3];
-	*pos++ = pn[2];
-	*pos++ = pn[1];
-	*pos++ = pn[0];
-
-	os_memcpy(pos, frame + hdrlen, len - hdrlen);
-	os_memcpy(pos + len - hdrlen, mic, sizeof(mic));
-	WPA_PUT_LE32(pos + len - hdrlen + sizeof(mic),
-		     crc32(pos, len - hdrlen + sizeof(mic)));
-	wep_crypt(rc4key, pos, len - hdrlen + sizeof(mic) + 4);
-
-	*encrypted_len = len + 8 + sizeof(mic) + 4;
-	return crypt;
-}
diff --git a/wlantest/wep.c b/wlantest/wep.c
deleted file mode 100644
index 50e371fc5103..000000000000
--- a/wlantest/wep.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Wired Equivalent Privacy (WEP)
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/crc32.h"
-#include "common/ieee802_11_defs.h"
-#include "wlantest.h"
-
-
-void wep_crypt(u8 *key, u8 *buf, size_t plen)
-{
-	u32 i, j, k;
-	u8 S[256];
-#define S_SWAP(a,b) do { u8 t = S[a]; S[a] = S[b]; S[b] = t; } while(0)
-	u8 *pos;
-
-	/* Setup RC4 state */
-	for (i = 0; i < 256; i++)
-		S[i] = i;
-	j = 0;
-	for (i = 0; i < 256; i++) {
-		j = (j + S[i] + key[i & 0x0f]) & 0xff;
-		S_SWAP(i, j);
-	}
-
-	/* Apply RC4 to data */
-	pos = buf;
-	i = j = 0;
-	for (k = 0; k < plen; k++) {
-		i = (i + 1) & 0xff;
-		j = (j + S[i]) & 0xff;
-		S_SWAP(i, j);
-		*pos ^= S[(S[i] + S[j]) & 0xff];
-		pos++;
-	}
-}
-
-
-static int try_wep(const u8 *key, size_t key_len, const u8 *data,
-		   size_t data_len, u8 *plain)
-{
-	u32 icv, rx_icv;
-	u8 k[16];
-	int i, j;
-
-	for (i = 0, j = 0; i < sizeof(k); i++) {
-		k[i] = key[j];
-		j++;
-		if (j >= key_len)
-			j = 0;
-	}
-
-	os_memcpy(plain, data, data_len);
-	wep_crypt(k, plain, data_len);
-	icv = crc32(plain, data_len - 4);
-	rx_icv = WPA_GET_LE32(plain + data_len - 4);
-	if (icv != rx_icv)
-		return -1;
-
-	return 0;
-}
-
-
-u8 * wep_decrypt(struct wlantest *wt, const struct ieee80211_hdr *hdr,
-		 const u8 *data, size_t data_len, size_t *decrypted_len)
-{
-	u8 *plain;
-	struct wlantest_wep *w;
-	int found = 0;
-	u8 key[16];
-
-	if (dl_list_empty(&wt->wep))
-		return NULL;
-
-	if (data_len < 4 + 4)
-		return NULL;
-	plain = os_malloc(data_len - 4);
-	if (plain == NULL)
-		return NULL;
-
-	dl_list_for_each(w, &wt->wep, struct wlantest_wep, list) {
-		os_memcpy(key, data, 3);
-		os_memcpy(key + 3, w->key, w->key_len);
-		if (try_wep(key, 3 + w->key_len, data + 4, data_len - 4, plain)
-		    == 0) {
-			found = 1;
-			break;
-		}
-	}
-	if (!found) {
-		os_free(plain);
-		return NULL;
-	}
-
-	*decrypted_len = data_len - 4 - 4;
-	return plain;
-}
diff --git a/wlantest/wired.c b/wlantest/wired.c
deleted file mode 100644
index 67ae8a9afa9b..000000000000
--- a/wlantest/wired.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Received frame processing for wired interface
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <net/ethernet.h>
-#include <netinet/ip.h>
-#include <netinet/udp.h>
-
-#include "utils/common.h"
-#include "radius/radius.h"
-#include "wlantest.h"
-
-
-static struct wlantest_radius * radius_get(struct wlantest *wt, u32 srv,
-					   u32 cli)
-{
-	struct wlantest_radius *r;
-
-	dl_list_for_each(r, &wt->radius, struct wlantest_radius, list) {
-		if (r->srv == srv && r->cli == cli)
-			return r;
-	}
-
-	r = os_zalloc(sizeof(*r));
-	if (r == NULL)
-		return NULL;
-
-	r->srv = srv;
-	r->cli = cli;
-	dl_list_add(&wt->radius, &r->list);
-
-	return r;
-}
-
-
-static const char * radius_code_string(u8 code)
-{
-	switch (code) {
-	case RADIUS_CODE_ACCESS_REQUEST:
-		return "Access-Request";
-	case RADIUS_CODE_ACCESS_ACCEPT:
-		return "Access-Accept";
-	case RADIUS_CODE_ACCESS_REJECT:
-		return "Access-Reject";
-	case RADIUS_CODE_ACCOUNTING_REQUEST:
-		return "Accounting-Request";
-	case RADIUS_CODE_ACCOUNTING_RESPONSE:
-		return "Accounting-Response";
-	case RADIUS_CODE_ACCESS_CHALLENGE:
-		return "Access-Challenge";
-	case RADIUS_CODE_STATUS_SERVER:
-		return "Status-Server";
-	case RADIUS_CODE_STATUS_CLIENT:
-		return "Status-Client";
-	case RADIUS_CODE_RESERVED:
-		return "Reserved";
-	default:
-		return "?Unknown?";
-	}
-}
-
-
-static void process_radius_access_request(struct wlantest *wt, u32 dst,
-					  u32 src, const u8 *data, size_t len)
-{
-	struct radius_msg *msg;
-	struct wlantest_radius *r;
-
-	msg = radius_msg_parse(data, len);
-	if (msg == NULL) {
-		wpa_printf(MSG_DEBUG, "Failed to parse RADIUS Access-Request");
-		return;
-	}
-
-	r = radius_get(wt, dst, src);
-	if (r) {
-		radius_msg_free(r->last_req);
-		r->last_req = msg;
-		return;
-	}
-	radius_msg_free(msg);
-}
-
-
-static void wlantest_add_pmk(struct wlantest *wt, const u8 *pmk, size_t pmk_len)
-{
-	struct wlantest_pmk *p;
-
-	p = os_zalloc(sizeof(*p));
-	if (p == NULL)
-		return;
-	os_memcpy(p->pmk, pmk, pmk_len);
-	p->pmk_len = pmk_len;
-	dl_list_add(&wt->pmk, &p->list);
-	wpa_hexdump(MSG_INFO, "Add PMK", pmk, pmk_len);
-}
-
-
-static void process_radius_access_accept(struct wlantest *wt, u32 dst, u32 src,
-					 const u8 *data, size_t len)
-{
-	struct radius_msg *msg;
-	struct wlantest_radius *r;
-	struct radius_ms_mppe_keys *keys;
-	struct wlantest_radius_secret *s;
-
-	r = radius_get(wt, src, dst);
-	if (r == NULL || r->last_req == NULL) {
-		wpa_printf(MSG_DEBUG, "No RADIUS Access-Challenge found for "
-			   "decrypting Access-Accept keys");
-		return;
-	}
-
-	msg = radius_msg_parse(data, len);
-	if (msg == NULL) {
-		wpa_printf(MSG_DEBUG, "Failed to parse RADIUS Access-Accept");
-		return;
-	}
-
-	dl_list_for_each(s, &wt->secret, struct wlantest_radius_secret, list) {
-		int found = 0;
-		keys = radius_msg_get_ms_keys(msg, r->last_req,
-					      (u8 *) s->secret,
-					      os_strlen(s->secret));
-		if (keys && keys->send && keys->recv) {
-			u8 pmk[PMK_LEN_MAX];
-			size_t pmk_len, len2;
-
-			wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Send-Key",
-					keys->send, keys->send_len);
-			wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Recv-Key",
-					keys->recv, keys->recv_len);
-			pmk_len = keys->recv_len;
-			if (pmk_len > PMK_LEN_MAX)
-				pmk_len = PMK_LEN_MAX;
-			os_memcpy(pmk, keys->recv, pmk_len);
-			if (pmk_len < PMK_LEN_MAX) {
-				len2 = keys->send_len;
-				if (pmk_len + len2 > PMK_LEN_MAX)
-					len2 = PMK_LEN_MAX - pmk_len;
-				os_memcpy(pmk + pmk_len, keys->send, len2);
-				pmk_len += len2;
-			}
-			wlantest_add_pmk(wt, pmk, pmk_len);
-			found = 1;
-		}
-
-		if (keys) {
-			os_free(keys->send);
-			os_free(keys->recv);
-			os_free(keys);
-		}
-
-		if (found)
-			break;
-	}
-
-	radius_msg_free(msg);
-}
-
-
-static void process_radius(struct wlantest *wt, u32 dst, u16 dport, u32 src,
-			   u16 sport, const u8 *data, size_t len)
-{
-	struct in_addr addr;
-	char buf[20];
-	const struct radius_hdr *hdr;
-	u16 rlen;
-
-	if (len < sizeof(*hdr))
-		return;
-	hdr = (const struct radius_hdr *) data;
-	rlen = be_to_host16(hdr->length);
-	if (len < rlen)
-		return;
-	if (len > rlen)
-		len = rlen;
-
-	addr.s_addr = dst;
-	snprintf(buf, sizeof(buf), "%s", inet_ntoa(addr));
-
-	addr.s_addr = src;
-	wpa_printf(MSG_DEBUG, "RADIUS %s:%u -> %s:%u id=%u %s",
-		   inet_ntoa(addr), sport, buf, dport, hdr->identifier,
-		   radius_code_string(hdr->code));
-
-	switch (hdr->code) {
-	case RADIUS_CODE_ACCESS_REQUEST:
-		process_radius_access_request(wt, dst, src, data, len);
-		break;
-	case RADIUS_CODE_ACCESS_ACCEPT:
-		process_radius_access_accept(wt, dst, src, data, len);
-		break;
-	}
-}
-
-
-static void process_udp(struct wlantest *wt, u32 dst, u32 src,
-			const u8 *data, size_t len)
-{
-	const struct udphdr *udp;
-	u16 sport, dport, ulen;
-	const u8 *payload;
-	size_t plen;
-
-	if (len < sizeof(*udp))
-		return;
-	udp = (const struct udphdr *) data;
-	/* TODO: check UDP checksum */
-	sport = be_to_host16(udp->uh_sport);
-	dport = be_to_host16(udp->uh_dport);
-	ulen = be_to_host16(udp->uh_ulen);
-
-	if (ulen > len)
-		return;
-	if (len < ulen)
-		len = ulen;
-
-	payload = (const u8 *) (udp + 1);
-	plen = len - sizeof(*udp);
-
-	if (sport == 1812 || dport == 1812)
-		process_radius(wt, dst, dport, src, sport, payload, plen);
-}
-
-
-static void process_ipv4(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ip *ip;
-	const u8 *payload;
-	size_t plen;
-	uint16_t frag_off, ip_len;
-
-	if (len < sizeof(*ip))
-		return;
-
-	ip = (const struct ip *) data;
-	if (ip->ip_v != 4)
-		return;
-	if (ip->ip_hl < 5)
-		return;
-
-	/* TODO: check header checksum in ip->check */
-
-	frag_off = be_to_host16(ip->ip_off);
-	if (frag_off & 0x1fff) {
-		wpa_printf(MSG_EXCESSIVE, "IP fragment reassembly not yet "
-			   "supported");
-		return;
-	}
-
-	ip_len = be_to_host16(ip->ip_len);
-	if (ip_len > len)
-		return;
-	if (ip_len < len)
-		len = ip_len;
-
-	payload = data + 4 * ip->ip_hl;
-	plen = len - 4 * ip->ip_hl;
-	if (payload + plen > data + len)
-		return;
-
-	switch (ip->ip_p) {
-	case IPPROTO_UDP:
-		process_udp(wt, ip->ip_dst.s_addr, ip->ip_src.s_addr,
-			    payload, plen);
-		break;
-	}
-}
-
-
-void wlantest_process_wired(struct wlantest *wt, const u8 *data, size_t len)
-{
-	const struct ether_header *eth;
-	u16 ethertype;
-
-	wpa_hexdump(MSG_EXCESSIVE, "Process wired frame", data, len);
-
-	if (len < sizeof(*eth))
-		return;
-
-	eth = (const struct ether_header *) data;
-	ethertype = be_to_host16(eth->ether_type);
-
-	switch (ethertype) {
-	case ETHERTYPE_IP:
-		process_ipv4(wt, data + sizeof(*eth), len - sizeof(*eth));
-		break;
-	}
-}
diff --git a/wlantest/wlantest.c b/wlantest/wlantest.c
deleted file mode 100644
index fd6dc2024655..000000000000
--- a/wlantest/wlantest.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * wlantest - IEEE 802.11 protocol monitoring and testing tool
- * Copyright (c) 2010-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "wlantest.h"
-
-
-static void wlantest_terminate(int sig, void *signal_ctx)
-{
-	eloop_terminate();
-}
-
-
-static void usage(void)
-{
-	printf("wlantest [-cddehqqFNt] [-i<ifname>] [-r<pcap file>] "
-	       "[-p<passphrase>]\n"
-	       "         [-I<wired ifname>] [-R<wired pcap file>] "
-	       "[-P<RADIUS shared secret>]\n"
-	       "         [-n<write pcapng file>]\n"
-	       "         [-w<write pcap file>] [-f<MSK/PMK file>]\n"
-	       "         [-L<log file>] [-T<PTK file>] [-W<WEP key>]\n");
-}
-
-
-static void passphrase_deinit(struct wlantest_passphrase *p)
-{
-	dl_list_del(&p->list);
-	os_free(p);
-}
-
-
-static void secret_deinit(struct wlantest_radius_secret *r)
-{
-	dl_list_del(&r->list);
-	os_free(r);
-}
-
-
-static void wlantest_init(struct wlantest *wt)
-{
-	int i;
-	os_memset(wt, 0, sizeof(*wt));
-	wt->monitor_sock = -1;
-	wt->ctrl_sock = -1;
-	for (i = 0; i < MAX_CTRL_CONNECTIONS; i++)
-		wt->ctrl_socks[i] = -1;
-	dl_list_init(&wt->passphrase);
-	dl_list_init(&wt->bss);
-	dl_list_init(&wt->secret);
-	dl_list_init(&wt->radius);
-	dl_list_init(&wt->pmk);
-	dl_list_init(&wt->ptk);
-	dl_list_init(&wt->wep);
-}
-
-
-void radius_deinit(struct wlantest_radius *r)
-{
-	dl_list_del(&r->list);
-	os_free(r);
-}
-
-
-static void ptk_deinit(struct wlantest_ptk *ptk)
-{
-	dl_list_del(&ptk->list);
-	os_free(ptk);
-}
-
-
-static void wep_deinit(struct wlantest_wep *wep)
-{
-	dl_list_del(&wep->list);
-	os_free(wep);
-}
-
-
-static void wlantest_deinit(struct wlantest *wt)
-{
-	struct wlantest_passphrase *p, *pn;
-	struct wlantest_radius_secret *s, *sn;
-	struct wlantest_radius *r, *rn;
-	struct wlantest_pmk *pmk, *np;
-	struct wlantest_ptk *ptk, *npt;
-	struct wlantest_wep *wep, *nw;
-
-	if (wt->ctrl_sock >= 0)
-		ctrl_deinit(wt);
-	if (wt->monitor_sock >= 0)
-		monitor_deinit(wt);
-	bss_flush(wt);
-	dl_list_for_each_safe(p, pn, &wt->passphrase,
-			      struct wlantest_passphrase, list)
-		passphrase_deinit(p);
-	dl_list_for_each_safe(s, sn, &wt->secret,
-			      struct wlantest_radius_secret, list)
-		secret_deinit(s);
-	dl_list_for_each_safe(r, rn, &wt->radius, struct wlantest_radius, list)
-		radius_deinit(r);
-	dl_list_for_each_safe(pmk, np, &wt->pmk, struct wlantest_pmk, list)
-		pmk_deinit(pmk);
-	dl_list_for_each_safe(ptk, npt, &wt->ptk, struct wlantest_ptk, list)
-		ptk_deinit(ptk);
-	dl_list_for_each_safe(wep, nw, &wt->wep, struct wlantest_wep, list)
-		wep_deinit(wep);
-	write_pcap_deinit(wt);
-	write_pcapng_deinit(wt);
-	clear_notes(wt);
-	os_free(wt->decrypted);
-	wt->decrypted = NULL;
-	wpabuf_free(wt->tkip_frag.buf);
-	wt->tkip_frag.buf = NULL;
-}
-
-
-static void add_passphrase(struct wlantest *wt, const char *passphrase)
-{
-	struct wlantest_passphrase *p;
-	size_t len = os_strlen(passphrase);
-
-	if (len < 8 || len > 63)
-		return;
-	p = os_zalloc(sizeof(*p));
-	if (p == NULL)
-		return;
-	os_memcpy(p->passphrase, passphrase, len);
-	dl_list_add(&wt->passphrase, &p->list);
-}
-
-
-static void add_secret(struct wlantest *wt, const char *secret)
-{
-	struct wlantest_radius_secret *s;
-	size_t len = os_strlen(secret);
-
-	if (len >= MAX_RADIUS_SECRET_LEN)
-		return;
-	s = os_zalloc(sizeof(*s));
-	if (s == NULL)
-		return;
-	os_memcpy(s->secret, secret, len);
-	dl_list_add(&wt->secret, &s->list);
-}
-
-
-static int add_pmk_file(struct wlantest *wt, const char *pmk_file)
-{
-	FILE *f;
-	u8 pmk[PMK_LEN_MAX];
-	size_t pmk_len;
-	char buf[300], *pos;
-	struct wlantest_pmk *p;
-
-	f = fopen(pmk_file, "r");
-	if (f == NULL) {
-		wpa_printf(MSG_ERROR, "Could not open '%s'", pmk_file);
-		return -1;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		pos = buf;
-		while (*pos && *pos != '\r' && *pos != '\n')
-			pos++;
-		*pos = '\0';
-		if (pos - buf < 2 * 32)
-			continue;
-		pmk_len = (pos - buf) / 2;
-		if (pmk_len > PMK_LEN_MAX)
-			pmk_len = PMK_LEN_MAX;
-		if (hexstr2bin(buf, pmk, pmk_len) < 0)
-			continue;
-		p = os_zalloc(sizeof(*p));
-		if (p == NULL)
-			break;
-		os_memcpy(p->pmk, pmk, pmk_len);
-		p->pmk_len = pmk_len;
-		dl_list_add(&wt->pmk, &p->list);
-		wpa_hexdump(MSG_DEBUG, "Added PMK from file", pmk, pmk_len);
-
-		/* For FT, the send half of MSK is used */
-		if (hexstr2bin(&buf[2 * PMK_LEN], pmk, PMK_LEN) < 0)
-			continue;
-		p = os_zalloc(sizeof(*p));
-		if (p == NULL)
-			break;
-		os_memcpy(p->pmk, pmk, PMK_LEN);
-		p->pmk_len = PMK_LEN;
-		dl_list_add(&wt->pmk, &p->list);
-		wpa_hexdump(MSG_DEBUG, "Added PMK from file (2nd half of MSK)",
-			    pmk, PMK_LEN);
-	}
-
-	fclose(f);
-	return 0;
-}
-
-
-static int add_ptk_file(struct wlantest *wt, const char *ptk_file)
-{
-	FILE *f;
-	u8 ptk[64];
-	size_t ptk_len;
-	char buf[300], *pos;
-	struct wlantest_ptk *p;
-
-	f = fopen(ptk_file, "r");
-	if (f == NULL) {
-		wpa_printf(MSG_ERROR, "Could not open '%s'", ptk_file);
-		return -1;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		pos = buf;
-		while (*pos && *pos != '\r' && *pos != '\n')
-			pos++;
-		*pos = '\0';
-		ptk_len = pos - buf;
-		if (ptk_len & 1)
-			continue;
-		ptk_len /= 2;
-		if (ptk_len != 16 && ptk_len != 32 &&
-		    ptk_len != 48 && ptk_len != 64)
-			continue;
-		if (hexstr2bin(buf, ptk, ptk_len) < 0)
-			continue;
-		p = os_zalloc(sizeof(*p));
-		if (p == NULL)
-			break;
-		if (ptk_len < 48) {
-			os_memcpy(p->ptk.tk, ptk, ptk_len);
-			p->ptk.tk_len = ptk_len;
-			p->ptk_len = 32 + ptk_len;
-		} else {
-			os_memcpy(p->ptk.kck, ptk, 16);
-			p->ptk.kck_len = 16;
-			os_memcpy(p->ptk.kek, ptk + 16, 16);
-			p->ptk.kek_len = 16;
-			os_memcpy(p->ptk.tk, ptk + 32, ptk_len - 32);
-			p->ptk.tk_len = ptk_len - 32;
-			p->ptk_len = ptk_len;
-		}
-		dl_list_add(&wt->ptk, &p->list);
-		wpa_hexdump(MSG_DEBUG, "Added PTK from file", ptk, ptk_len);
-	}
-
-	fclose(f);
-	return 0;
-}
-
-
-int add_wep(struct wlantest *wt, const char *key)
-{
-	struct wlantest_wep *w;
-	size_t len = os_strlen(key);
-
-	if (len != 2 * 5 && len != 2 * 13) {
-		wpa_printf(MSG_INFO, "Invalid WEP key '%s'", key);
-		return -1;
-	}
-	w = os_zalloc(sizeof(*w));
-	if (w == NULL)
-		return -1;
-	if (hexstr2bin(key, w->key, len / 2) < 0) {
-		os_free(w);
-		wpa_printf(MSG_INFO, "Invalid WEP key '%s'", key);
-		return -1;
-	}
-	w->key_len = len / 2;
-	dl_list_add(&wt->wep, &w->list);
-	return 0;
-}
-
-
-void add_note(struct wlantest *wt, int level, const char *fmt, ...)
-{
-	va_list ap;
-	size_t len = 1000;
-	int wlen;
-
-	if (wt->num_notes == MAX_NOTES)
-		return;
-
-	wt->notes[wt->num_notes] = os_malloc(len);
-	if (wt->notes[wt->num_notes] == NULL)
-		return;
-	va_start(ap, fmt);
-	wlen = vsnprintf(wt->notes[wt->num_notes], len, fmt, ap);
-	va_end(ap);
-	if (wlen < 0) {
-		os_free(wt->notes[wt->num_notes]);
-		wt->notes[wt->num_notes] = NULL;
-		return;
-	}
-	if (wlen >= len)
-		wt->notes[wt->num_notes][len - 1] = '\0';
-	wpa_printf(level, "%s", wt->notes[wt->num_notes]);
-	wt->num_notes++;
-}
-
-
-void clear_notes(struct wlantest *wt)
-{
-	size_t i;
-
-	for (i = 0; i < wt->num_notes; i++) {
-		os_free(wt->notes[i]);
-		wt->notes[i] = NULL;
-	}
-
-	wt->num_notes = 0;
-}
-
-
-size_t notes_len(struct wlantest *wt, size_t hdrlen)
-{
-	size_t i;
-	size_t len = wt->num_notes * hdrlen;
-
-	for (i = 0; i < wt->num_notes; i++)
-		len += os_strlen(wt->notes[i]);
-
-	return len;
-}
-
-
-void write_decrypted_note(struct wlantest *wt, const u8 *decrypted,
-			  const u8 *tk, size_t tk_len, int keyid)
-{
-	char tk_hex[65];
-
-	if (!decrypted)
-		return;
-
-	wpa_snprintf_hex(tk_hex, sizeof(tk_hex), tk, tk_len);
-	add_note(wt, MSG_EXCESSIVE, "TK[%d] %s", keyid, tk_hex);
-}
-
-
-int wlantest_relog(struct wlantest *wt)
-{
-	int ret = 0;
-
-	wpa_printf(MSG_INFO, "Re-open log/capture files");
-	if (wpa_debug_reopen_file())
-		ret = -1;
-
-	if (wt->write_file) {
-		write_pcap_deinit(wt);
-		if (write_pcap_init(wt, wt->write_file) < 0)
-			ret = -1;
-	}
-
-	if (wt->pcapng_file) {
-		write_pcapng_deinit(wt);
-		if (write_pcapng_init(wt, wt->pcapng_file) < 0)
-			ret = -1;
-	}
-
-	return ret;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int c, ret = 0;
-	const char *read_file = NULL;
-	const char *read_wired_file = NULL;
-	const char *ifname = NULL;
-	const char *ifname_wired = NULL;
-	const char *logfile = NULL;
-	struct wlantest wt;
-	int ctrl_iface = 0;
-	bool eloop_init_done = false;
-
-	wpa_debug_level = MSG_INFO;
-	wpa_debug_show_keys = 1;
-
-	if (os_program_init())
-		return -1;
-
-	wlantest_init(&wt);
-
-	for (;;) {
-		c = getopt(argc, argv, "cdef:Fhi:I:L:n:Np:P:qr:R:tT:w:W:");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'c':
-			ctrl_iface = 1;
-			break;
-		case 'd':
-			if (wpa_debug_level > 0)
-				wpa_debug_level--;
-			break;
-		case 'e':
-			wt.ethernet = 1;
-			break;
-		case 'f':
-			if (add_pmk_file(&wt, optarg) < 0) {
-				ret = -1;
-				goto deinit;
-			}
-			break;
-		case 'F':
-			wt.assume_fcs = 1;
-			break;
-		case 'h':
-			usage();
-			ret = 0;
-			goto deinit;
-		case 'i':
-			ifname = optarg;
-			break;
-		case 'I':
-			ifname_wired = optarg;
-			break;
-		case 'L':
-			logfile = optarg;
-			break;
-		case 'n':
-			wt.pcapng_file = optarg;
-			break;
-		case 'N':
-			wt.pcap_no_buffer = 1;
-			break;
-		case 'p':
-			add_passphrase(&wt, optarg);
-			break;
-		case 'P':
-			add_secret(&wt, optarg);
-			break;
-		case 'q':
-			wpa_debug_level++;
-			break;
-		case 'r':
-			read_file = optarg;
-			break;
-		case 'R':
-			read_wired_file = optarg;
-			break;
-		case 't':
-			wpa_debug_timestamp = 1;
-			break;
-		case 'T':
-			if (add_ptk_file(&wt, optarg) < 0) {
-				ret = -1;
-				goto deinit;
-			}
-			break;
-		case 'w':
-			wt.write_file = optarg;
-			break;
-		case 'W':
-			if (add_wep(&wt, optarg) < 0) {
-				ret = -1;
-				goto deinit;
-			}
-			break;
-		default:
-			usage();
-			ret = -1;
-			goto deinit;
-		}
-	}
-
-	if (ifname == NULL && ifname_wired == NULL &&
-	    read_file == NULL && read_wired_file == NULL) {
-		usage();
-		ret = 0;
-		goto deinit;
-	}
-
-	if (eloop_init()) {
-		ret = -1;
-		goto deinit;
-	}
-	eloop_init_done = true;
-
-	if (logfile)
-		wpa_debug_open_file(logfile);
-
-	if ((wt.write_file && write_pcap_init(&wt, wt.write_file) < 0) ||
-	    (wt.pcapng_file && write_pcapng_init(&wt, wt.pcapng_file) < 0) ||
-	    (read_wired_file &&
-	     read_wired_cap_file(&wt, read_wired_file) < 0) ||
-	    (read_file && read_cap_file(&wt, read_file) < 0) ||
-	    (ifname && monitor_init(&wt, ifname) < 0) ||
-	    (ifname_wired && monitor_init_wired(&wt, ifname_wired) < 0) ||
-	    (ctrl_iface && ctrl_init(&wt) < 0)) {
-		ret = -1;
-		goto deinit;
-	}
-
-	eloop_register_signal_terminate(wlantest_terminate, &wt);
-
-	eloop_run();
-
-	wpa_printf(MSG_INFO, "Processed: rx_mgmt=%u rx_ctrl=%u rx_data=%u "
-		   "fcs_error=%u",
-		   wt.rx_mgmt, wt.rx_ctrl, wt.rx_data, wt.fcs_error);
-
-deinit:
-	wlantest_deinit(&wt);
-
-	wpa_debug_close_file();
-	if (eloop_init_done)
-		eloop_destroy();
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
deleted file mode 100644
index 33ab42229a54..000000000000
--- a/wlantest/wlantest.h
+++ /dev/null
@@ -1,352 +0,0 @@
-/*
- * wlantest - IEEE 802.11 protocol monitoring and testing tool
- * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WLANTEST_H
-#define WLANTEST_H
-
-#include "utils/list.h"
-#include "common/wpa_common.h"
-#include "wlantest_ctrl.h"
-
-struct ieee802_11_elems;
-struct radius_msg;
-struct ieee80211_hdr;
-struct wlantest_bss;
-
-#define MAX_RADIUS_SECRET_LEN 128
-
-struct wlantest_radius_secret {
-	struct dl_list list;
-	char secret[MAX_RADIUS_SECRET_LEN];
-};
-
-struct wlantest_passphrase {
-	struct dl_list list;
-	char passphrase[64];
-	u8 ssid[32];
-	size_t ssid_len;
-	u8 bssid[ETH_ALEN];
-};
-
-struct wlantest_pmk {
-	struct dl_list list;
-	u8 pmk[PMK_LEN_MAX];
-	size_t pmk_len;
-};
-
-struct wlantest_ptk {
-	struct dl_list list;
-	struct wpa_ptk ptk;
-	size_t ptk_len;
-};
-
-struct wlantest_wep {
-	struct dl_list list;
-	size_t key_len;
-	u8 key[13];
-};
-
-struct wlantest_sta {
-	struct dl_list list;
-	struct wlantest_bss *bss;
-	u8 addr[ETH_ALEN];
-	enum {
-		STATE1 /* not authenticated */,
-		STATE2 /* authenticated */,
-		STATE3 /* associated */
-	} state;
-	u16 auth_alg;
-	bool ft_over_ds;
-	u16 aid;
-	u8 rsnie[257]; /* WPA/RSN IE */
-	u8 osenie[257]; /* OSEN IE */
-	int proto;
-	int pairwise_cipher;
-	int group_cipher;
-	int key_mgmt;
-	int rsn_capab;
-	/* ANonce from the previous EAPOL-Key msg 1/4 or 3/4 */
-	u8 anonce[WPA_NONCE_LEN];
-	/* SNonce from the previous EAPOL-Key msg 2/4 */
-	u8 snonce[WPA_NONCE_LEN];
-	u8 pmk_r0[PMK_LEN_MAX];
-	size_t pmk_r0_len;
-	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
-	u8 pmk_r1[PMK_LEN_MAX];
-	size_t pmk_r1_len;
-	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
-	struct wpa_ptk ptk; /* Derived PTK */
-	int ptk_set;
-	struct wpa_ptk tptk; /* Derived PTK during rekeying */
-	int tptk_set;
-	u8 rsc_tods[16 + 1][6];
-	u8 rsc_fromds[16 + 1][6];
-	u8 ap_sa_query_tr[2];
-	u8 sta_sa_query_tr[2];
-	u32 counters[NUM_WLANTEST_STA_COUNTER];
-	int assocreq_seen;
-	u16 assocreq_capab_info;
-	u16 assocreq_listen_int;
-	u8 *assocreq_ies;
-	size_t assocreq_ies_len;
-
-	/* Last ICMP Echo request information */
-	u32 icmp_echo_req_src;
-	u32 icmp_echo_req_dst;
-	u16 icmp_echo_req_id;
-	u16 icmp_echo_req_seq;
-
-	le16 seq_ctrl_to_sta[17];
-	le16 seq_ctrl_to_ap[17];
-	int allow_duplicate;
-
-	int pwrmgt;
-	int pspoll;
-
-	u8 gtk[32];
-	size_t gtk_len;
-	int gtk_idx;
-
-	u32 tx_tid[16 + 1];
-	u32 rx_tid[16 + 1];
-};
-
-struct wlantest_tdls {
-	struct dl_list list;
-	struct wlantest_sta *init;
-	struct wlantest_sta *resp;
-	struct tpk {
-		u8 kck[16];
-		u8 tk[16];
-	} tpk;
-	int link_up;
-	u8 dialog_token;
-	u8 rsc_init[16 + 1][6];
-	u8 rsc_resp[16 + 1][6];
-	u32 counters[NUM_WLANTEST_TDLS_COUNTER];
-	u8 inonce[32];
-	u8 rnonce[32];
-};
-
-struct wlantest_bss {
-	struct dl_list list;
-	u8 bssid[ETH_ALEN];
-	u16 capab_info;
-	u16 prev_capab_info;
-	u8 ssid[32];
-	size_t ssid_len;
-	int beacon_seen;
-	int proberesp_seen;
-	int ies_set;
-	int parse_error_reported;
-	u8 wpaie[257];
-	u8 rsnie[257];
-	u8 osenie[257];
-	int proto;
-	int pairwise_cipher;
-	int group_cipher;
-	int mgmt_group_cipher;
-	int key_mgmt;
-	int rsn_capab;
-	struct dl_list sta; /* struct wlantest_sta */
-	struct dl_list pmk; /* struct wlantest_pmk */
-	u8 gtk[4][32];
-	size_t gtk_len[4];
-	int gtk_idx;
-	u8 rsc[4][6];
-	u8 igtk[8][32];
-	size_t igtk_len[8];
-	int igtk_idx;
-	u8 ipn[8][6];
-	int bigtk_idx;
-	u32 counters[NUM_WLANTEST_BSS_COUNTER];
-	struct dl_list tdls; /* struct wlantest_tdls */
-	u8 mdid[MOBILITY_DOMAIN_ID_LEN];
-	u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
-	size_t r0kh_id_len;
-	u8 r1kh_id[FT_R1KH_ID_LEN];
-	bool mesh;
-};
-
-struct wlantest_radius {
-	struct dl_list list;
-	u32 srv;
-	u32 cli;
-	struct radius_msg *last_req;
-};
-
-
-#define MAX_CTRL_CONNECTIONS 10
-#define MAX_NOTES 10
-
-struct tkip_frag {
-	struct wpabuf *buf;
-	u8 ra[ETH_ALEN];
-	u8 ta[ETH_ALEN];
-	u16 sn;
-	u8 fn;
-};
-
-struct wlantest {
-	int monitor_sock;
-	int monitor_wired;
-
-	int ctrl_sock;
-	int ctrl_socks[MAX_CTRL_CONNECTIONS];
-
-	struct dl_list passphrase; /* struct wlantest_passphrase */
-	struct dl_list bss; /* struct wlantest_bss */
-	struct dl_list secret; /* struct wlantest_radius_secret */
-	struct dl_list radius; /* struct wlantest_radius */
-	struct dl_list pmk; /* struct wlantest_pmk */
-	struct dl_list ptk; /* struct wlantest_ptk */
-	struct dl_list wep; /* struct wlantest_wep */
-
-	unsigned int rx_mgmt;
-	unsigned int rx_ctrl;
-	unsigned int rx_data;
-	unsigned int fcs_error;
-	unsigned int frame_num;
-
-	void *write_pcap; /* pcap_t* */
-	void *write_pcap_dumper; /* pcpa_dumper_t */
-	struct timeval write_pcap_time;
-	u8 *decrypted;
-	size_t decrypted_len;
-	FILE *pcapng;
-	u32 write_pcapng_time_high;
-	u32 write_pcapng_time_low;
-
-	u8 last_hdr[30];
-	size_t last_len;
-	int last_mgmt_valid;
-
-	unsigned int assume_fcs:1;
-	unsigned int pcap_no_buffer:1;
-	unsigned int ethernet:1;
-
-	char *notes[MAX_NOTES];
-	size_t num_notes;
-
-	const char *write_file;
-	const char *pcapng_file;
-
-	struct tkip_frag tkip_frag;
-};
-
-void add_note(struct wlantest *wt, int level, const char *fmt, ...)
-PRINTF_FORMAT(3, 4);
-void clear_notes(struct wlantest *wt);
-size_t notes_len(struct wlantest *wt, size_t hdrlen);
-void write_decrypted_note(struct wlantest *wt, const u8 *decrypted,
-			  const u8 *tk, size_t tk_len, int keyid);
-
-int add_wep(struct wlantest *wt, const char *key);
-int read_cap_file(struct wlantest *wt, const char *fname);
-int read_wired_cap_file(struct wlantest *wt, const char *fname);
-
-int write_pcap_init(struct wlantest *wt, const char *fname);
-void write_pcap_deinit(struct wlantest *wt);
-void write_pcap_captured(struct wlantest *wt, const u8 *buf, size_t len);
-void write_pcap_decrypted(struct wlantest *wt, const u8 *buf1, size_t len1,
-			  const u8 *buf2, size_t len2);
-
-int write_pcapng_init(struct wlantest *wt, const char *fname);
-void write_pcapng_deinit(struct wlantest *wt);
-struct pcap_pkthdr;
-void write_pcapng_write_read(struct wlantest *wt, int dlt,
-			     struct pcap_pkthdr *hdr, const u8 *data);
-void write_pcapng_captured(struct wlantest *wt, const u8 *buf, size_t len);
-
-void wlantest_process(struct wlantest *wt, const u8 *data, size_t len);
-void wlantest_process_prism(struct wlantest *wt, const u8 *data, size_t len);
-void wlantest_process_80211(struct wlantest *wt, const u8 *data, size_t len);
-void wlantest_process_wired(struct wlantest *wt, const u8 *data, size_t len);
-int monitor_init(struct wlantest *wt, const char *ifname);
-int monitor_init_wired(struct wlantest *wt, const char *ifname);
-void monitor_deinit(struct wlantest *wt);
-void rx_mgmt(struct wlantest *wt, const u8 *data, size_t len);
-void rx_mgmt_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr);
-void rx_data(struct wlantest *wt, const u8 *data, size_t len);
-void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
-		   const u8 *dst, const u8 *src,
-		   const u8 *data, size_t len, int prot);
-void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
-		const u8 *dst, const u8 *src, const u8 *data, size_t len,
-		const u8 *peer_addr);
-void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid,
-			 const u8 *sta_addr, const u8 *dst, const u8 *src,
-			 const u8 *data, size_t len);
-
-struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid);
-struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid);
-void bss_deinit(struct wlantest_bss *bss);
-void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
-		struct ieee802_11_elems *elems, int beacon);
-void bss_flush(struct wlantest *wt);
-int bss_add_pmk_from_passphrase(struct wlantest_bss *bss,
-				const char *passphrase);
-void pmk_deinit(struct wlantest_pmk *pmk);
-void tdls_deinit(struct wlantest_tdls *tdls);
-
-struct wlantest_sta * sta_find(struct wlantest_bss *bss, const u8 *addr);
-struct wlantest_sta * sta_get(struct wlantest_bss *bss, const u8 *addr);
-void sta_deinit(struct wlantest_sta *sta);
-void sta_update_assoc(struct wlantest_sta *sta,
-		      struct ieee802_11_elems *elems);
-
-u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
-		  const u8 *data, size_t data_len, size_t *decrypted_len);
-u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos,
-		  u8 *pn, int keyid, size_t *encrypted_len);
-u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3,
-		      const u8 *frame, size_t len,
-		      size_t hdrlen, const u8 *pn, int keyid,
-		      size_t *encrypted_len);
-void ccmp_get_pn(u8 *pn, const u8 *data);
-u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
-		      const u8 *data, size_t data_len, size_t *decrypted_len);
-u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
-		      u8 *qos, u8 *pn, int keyid, size_t *encrypted_len);
-
-enum michael_mic_result {
-	MICHAEL_MIC_OK,
-	MICHAEL_MIC_INCORRECT,
-	MICHAEL_MIC_NOT_VERIFIED
-};
-u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
-		  const u8 *data, size_t data_len, size_t *decrypted_len,
-		  enum michael_mic_result *mic_res, struct tkip_frag *frag);
-u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos,
-		  u8 *pn, int keyid, size_t *encrypted_len);
-void tkip_get_pn(u8 *pn, const u8 *data);
-
-u8 * wep_decrypt(struct wlantest *wt, const struct ieee80211_hdr *hdr,
-		 const u8 *data, size_t data_len, size_t *decrypted_len);
-
-u8 * bip_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len,
-		 u8 *ipn, int keyid, size_t *prot_len);
-u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len,
-		      u8 *ipn, int keyid, size_t *prot_len);
-
-u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
-		  const u8 *data, size_t data_len, size_t *decrypted_len);
-u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len,
-		  size_t hdrlen, const u8 *qos,
-		  const u8 *pn, int keyid, size_t *encrypted_len);
-
-int ctrl_init(struct wlantest *wt);
-void ctrl_deinit(struct wlantest *wt);
-
-int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss,
-		    struct wlantest_sta *sta, u8 *frame, size_t len,
-		    enum wlantest_inject_protection prot);
-
-int wlantest_relog(struct wlantest *wt);
-
-#endif /* WLANTEST_H */
diff --git a/wlantest/wlantest_cli.c b/wlantest/wlantest_cli.c
deleted file mode 100644
index 0a1384ed9e2a..000000000000
--- a/wlantest/wlantest_cli.c
+++ /dev/null
@@ -1,1876 +0,0 @@
-/*
- * wlantest controller
- * Copyright (c) 2010-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <sys/un.h>
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/edit.h"
-#include "common/cli.h"
-#include "wlantest_ctrl.h"
-
-static void print_help(FILE *stream, const char *cmd);
-static char ** wlantest_cli_cmd_list(void);
-
-
-static int get_prev_arg_pos(const char *str, int pos)
-{
-	while (pos > 0 && str[pos - 1] != ' ')
-		pos--;
-	while (pos > 0 && str[pos - 1] == ' ')
-		pos--;
-	while (pos > 0 && str[pos - 1] != ' ')
-		pos--;
-	return pos;
-}
-
-
-static u8 * attr_get(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr,
-		     size_t *len)
-{
-	u8 *pos = buf;
-
-	while (pos + 8 <= buf + buflen) {
-		enum wlantest_ctrl_attr a;
-		size_t alen;
-		a = WPA_GET_BE32(pos);
-		pos += 4;
-		alen = WPA_GET_BE32(pos);
-		pos += 4;
-		if (pos + alen > buf + buflen) {
-			printf("Invalid control message attribute\n");
-			return NULL;
-		}
-		if (a == attr) {
-			*len = alen;
-			return pos;
-		}
-		pos += alen;
-	}
-
-	return NULL;
-}
-
-
-static u8 * attr_hdr_add(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
-			 size_t len)
-{
-	if (pos == NULL || end - pos < 8 + len)
-		return NULL;
-	WPA_PUT_BE32(pos, attr);
-	pos += 4;
-	WPA_PUT_BE32(pos, len);
-	pos += 4;
-	return pos;
-}
-
-
-static u8 * attr_add_str(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
-			 const char *str)
-{
-	size_t len = os_strlen(str);
-
-	if (pos == NULL || end - pos < 8 + len)
-		return NULL;
-	WPA_PUT_BE32(pos, attr);
-	pos += 4;
-	WPA_PUT_BE32(pos, len);
-	pos += 4;
-	os_memcpy(pos, str, len);
-	pos += len;
-	return pos;
-}
-
-
-static u8 * attr_add_be32(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
-			  u32 val)
-{
-	if (pos == NULL || end - pos < 12)
-		return NULL;
-	WPA_PUT_BE32(pos, attr);
-	pos += 4;
-	WPA_PUT_BE32(pos, 4);
-	pos += 4;
-	WPA_PUT_BE32(pos, val);
-	pos += 4;
-	return pos;
-}
-
-
-static int cmd_send_and_recv(int s, const u8 *cmd, size_t cmd_len,
-			     u8 *resp, size_t max_resp_len)
-{
-	int res;
-	enum wlantest_ctrl_cmd cmd_resp;
-
-	if (send(s, cmd, cmd_len, 0) < 0)
-		return -1;
-	res = recv(s, resp, max_resp_len, 0);
-	if (res < 4)
-		return -1;
-
-	cmd_resp = WPA_GET_BE32(resp);
-	if (cmd_resp == WLANTEST_CTRL_SUCCESS)
-		return res;
-
-	if (cmd_resp == WLANTEST_CTRL_UNKNOWN_CMD)
-		printf("Unknown command\n");
-	else if (cmd_resp == WLANTEST_CTRL_INVALID_CMD)
-		printf("Invalid command\n");
-
-	return -1;
-}
-
-
-static int cmd_simple(int s, enum wlantest_ctrl_cmd cmd)
-{
-	u8 buf[4];
-	int res;
-	WPA_PUT_BE32(buf, cmd);
-	res = cmd_send_and_recv(s, buf, sizeof(buf), buf, sizeof(buf));
-	return res < 0 ? -1 : 0;
-}
-
-
-static char ** get_bssid_list(int s)
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[4];
-	u8 *bssid;
-	size_t len;
-	int rlen, i;
-	char **res;
-
-	WPA_PUT_BE32(buf, WLANTEST_CTRL_LIST_BSS);
-	rlen = cmd_send_and_recv(s, buf, sizeof(buf), resp, sizeof(resp));
-	if (rlen < 0)
-		return NULL;
-
-	bssid = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_BSSID, &len);
-	if (bssid == NULL)
-		return NULL;
-
-	res = os_calloc(len / ETH_ALEN + 1, sizeof(char *));
-	if (res == NULL)
-		return NULL;
-	for (i = 0; i < len / ETH_ALEN; i++) {
-		res[i] = os_zalloc(18);
-		if (res[i] == NULL)
-			break;
-		os_snprintf(res[i], 18, MACSTR, MAC2STR(bssid + ETH_ALEN * i));
-	}
-
-	return res;
-}
-
-
-static char ** get_sta_list(int s, const u8 *bssid, int add_bcast)
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos, *end;
-	u8 *addr;
-	size_t len;
-	int rlen, i;
-	char **res;
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_LIST_STA);
-	pos += 4;
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	os_memcpy(pos, bssid, ETH_ALEN);
-	pos += ETH_ALEN;
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return NULL;
-
-	addr = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_STA_ADDR, &len);
-	if (addr == NULL)
-		return NULL;
-
-	res = os_calloc(len / ETH_ALEN + 1 + add_bcast, sizeof(char *));
-	if (res == NULL)
-		return NULL;
-	for (i = 0; i < len / ETH_ALEN; i++) {
-		res[i] = os_zalloc(18);
-		if (res[i] == NULL)
-			break;
-		os_snprintf(res[i], 18, MACSTR, MAC2STR(addr + ETH_ALEN * i));
-	}
-	if (add_bcast)
-		res[i] = os_strdup("ff:ff:ff:ff:ff:ff");
-
-	return res;
-}
-
-
-static int cmd_ping(int s, int argc, char *argv[])
-{
-	int res = cmd_simple(s, WLANTEST_CTRL_PING);
-	if (res == 0)
-		printf("PONG\n");
-	return res == 0;
-}
-
-
-static int cmd_terminate(int s, int argc, char *argv[])
-{
-	return cmd_simple(s, WLANTEST_CTRL_TERMINATE);
-}
-
-
-static int cmd_list_bss(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[4];
-	u8 *bssid;
-	size_t len;
-	int rlen, i;
-
-	WPA_PUT_BE32(buf, WLANTEST_CTRL_LIST_BSS);
-	rlen = cmd_send_and_recv(s, buf, sizeof(buf), resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	bssid = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_BSSID, &len);
-	if (bssid == NULL)
-		return -1;
-
-	for (i = 0; i < len / ETH_ALEN; i++)
-		printf(MACSTR " ", MAC2STR(bssid + ETH_ALEN * i));
-	printf("\n");
-
-	return 0;
-}
-
-
-static int cmd_list_sta(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos;
-	u8 *addr;
-	size_t len;
-	int rlen, i;
-
-	if (argc < 1) {
-		printf("list_sta needs one argument: BSSID\n");
-		return -1;
-	}
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_LIST_STA);
-	pos += 4;
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[0], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[0]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	addr = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_STA_ADDR, &len);
-	if (addr == NULL)
-		return -1;
-
-	for (i = 0; i < len / ETH_ALEN; i++)
-		printf(MACSTR " ", MAC2STR(addr + ETH_ALEN * i));
-	printf("\n");
-
-	return 0;
-}
-
-
-static char ** complete_list_sta(int s, const char *str, int pos)
-{
-	if (get_cmd_arg_num(str, pos) == 1)
-		return get_bssid_list(s);
-	return NULL;
-}
-
-
-static int cmd_flush(int s, int argc, char *argv[])
-{
-	return cmd_simple(s, WLANTEST_CTRL_FLUSH);
-}
-
-
-static int cmd_clear_sta_counters(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos;
-	int rlen;
-
-	if (argc < 2) {
-		printf("clear_sta_counters needs two arguments: BSSID and "
-		       "STA address\n");
-		return -1;
-	}
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_CLEAR_STA_COUNTERS);
-	pos += 4;
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[0], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[0]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_STA_ADDR);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid STA address '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	printf("OK\n");
-	return 0;
-}
-
-
-static char ** complete_clear_sta_counters(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		res = get_bssid_list(s);
-		break;
-	case 2:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 0);
-		break;
-	}
-
-	return res;
-}
-
-
-static int cmd_clear_bss_counters(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos;
-	int rlen;
-
-	if (argc < 1) {
-		printf("clear_bss_counters needs one argument: BSSID\n");
-		return -1;
-	}
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_CLEAR_BSS_COUNTERS);
-	pos += 4;
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[0], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[0]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	printf("OK\n");
-	return 0;
-}
-
-
-static char ** complete_clear_bss_counters(int s, const char *str, int pos)
-{
-	if (get_cmd_arg_num(str, pos) == 1)
-		return get_bssid_list(s);
-	return NULL;
-}
-
-
-static int cmd_clear_tdls_counters(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos;
-	int rlen;
-
-	if (argc < 3) {
-		printf("clear_tdls_counters needs three arguments: BSSID, "
-		       "STA1 address, STA2 address\n");
-		return -1;
-	}
-
-	pos = buf;
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_CLEAR_TDLS_COUNTERS);
-	pos += 4;
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[0], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[0]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_STA_ADDR);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid STA1 address '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_STA2_ADDR);
-	pos += 4;
-	WPA_PUT_BE32(pos, ETH_ALEN);
-	pos += 4;
-	if (hwaddr_aton(argv[2], pos) < 0) {
-		printf("Invalid STA2 address '%s'\n", argv[2]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	printf("OK\n");
-	return 0;
-}
-
-
-static char ** complete_clear_tdls_counters(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		res = get_bssid_list(s);
-		break;
-	case 2:
-	case 3:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 0);
-		break;
-	}
-
-	return res;
-}
-
-
-struct sta_counters {
-	const char *name;
-	enum wlantest_sta_counter num;
-};
-
-static const struct sta_counters sta_counters[] = {
-	{ "auth_tx", WLANTEST_STA_COUNTER_AUTH_TX },
-	{ "auth_rx", WLANTEST_STA_COUNTER_AUTH_RX },
-	{ "assocreq_tx", WLANTEST_STA_COUNTER_ASSOCREQ_TX },
-	{ "reassocreq_tx", WLANTEST_STA_COUNTER_REASSOCREQ_TX },
-	{ "ptk_learned", WLANTEST_STA_COUNTER_PTK_LEARNED },
-	{ "valid_deauth_tx", WLANTEST_STA_COUNTER_VALID_DEAUTH_TX },
-	{ "valid_deauth_rx", WLANTEST_STA_COUNTER_VALID_DEAUTH_RX },
-	{ "invalid_deauth_tx", WLANTEST_STA_COUNTER_INVALID_DEAUTH_TX },
-	{ "invalid_deauth_rx", WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX },
-	{ "valid_disassoc_tx", WLANTEST_STA_COUNTER_VALID_DISASSOC_TX },
-	{ "valid_disassoc_rx", WLANTEST_STA_COUNTER_VALID_DISASSOC_RX },
-	{ "invalid_disassoc_tx", WLANTEST_STA_COUNTER_INVALID_DISASSOC_TX },
-	{ "invalid_disassoc_rx", WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX },
-	{ "valid_saqueryreq_tx", WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_TX },
-	{ "valid_saqueryreq_rx", WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_RX },
-	{ "invalid_saqueryreq_tx",
-	  WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_TX },
-	{ "invalid_saqueryreq_rx",
-	  WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_RX },
-	{ "valid_saqueryresp_tx", WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_TX },
-	{ "valid_saqueryresp_rx", WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_RX },
-	{ "invalid_saqueryresp_tx",
-	  WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_TX },
-	{ "invalid_saqueryresp_rx",
-	  WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_RX },
-	{ "ping_ok", WLANTEST_STA_COUNTER_PING_OK },
-	{ "assocresp_comeback", WLANTEST_STA_COUNTER_ASSOCRESP_COMEBACK },
-	{ "reassocresp_comeback", WLANTEST_STA_COUNTER_REASSOCRESP_COMEBACK },
-	{ "ping_ok_first_assoc", WLANTEST_STA_COUNTER_PING_OK_FIRST_ASSOC },
-	{ "valid_deauth_rx_ack", WLANTEST_STA_COUNTER_VALID_DEAUTH_RX_ACK },
-	{ "valid_disassoc_rx_ack",
-	  WLANTEST_STA_COUNTER_VALID_DISASSOC_RX_ACK },
-	{ "invalid_deauth_rx_ack",
-	  WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX_ACK },
-	{ "invalid_disassoc_rx_ack",
-	  WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX_ACK },
-	{ "deauth_rx_asleep", WLANTEST_STA_COUNTER_DEAUTH_RX_ASLEEP },
-	{ "deauth_rx_awake", WLANTEST_STA_COUNTER_DEAUTH_RX_AWAKE },
-	{ "disassoc_rx_asleep", WLANTEST_STA_COUNTER_DISASSOC_RX_ASLEEP },
-	{ "disassoc_rx_awake", WLANTEST_STA_COUNTER_DISASSOC_RX_AWAKE },
-	{ "prot_data_tx", WLANTEST_STA_COUNTER_PROT_DATA_TX },
-	{ "deauth_rx_rc6", WLANTEST_STA_COUNTER_DEAUTH_RX_RC6 },
-	{ "deauth_rx_rc7", WLANTEST_STA_COUNTER_DEAUTH_RX_RC7 },
-	{ "disassoc_rx_rc6", WLANTEST_STA_COUNTER_DISASSOC_RX_RC6 },
-	{ "disassoc_rx_rc7", WLANTEST_STA_COUNTER_DISASSOC_RX_RC7 },
-	{ NULL, 0 }
-};
-
-static int cmd_get_sta_counter(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen, i;
-	size_t len;
-
-	if (argc != 3) {
-		printf("get_sta_counter needs at three arguments: "
-		       "counter name, BSSID, and STA address\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_GET_STA_COUNTER);
-	pos += 4;
-
-	for (i = 0; sta_counters[i].name; i++) {
-		if (os_strcasecmp(sta_counters[i].name, argv[0]) == 0)
-			break;
-	}
-	if (sta_counters[i].name == NULL) {
-		printf("Unknown STA counter '%s'\n", argv[0]);
-		printf("Counters:");
-		for (i = 0; sta_counters[i].name; i++)
-			printf(" %s", sta_counters[i].name);
-		printf("\n");
-		return -1;
-	}
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_STA_COUNTER,
-			    sta_counters[i].num);
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[2], pos) < 0) {
-		printf("Invalid STA address '%s'\n", argv[2]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_COUNTER, &len);
-	if (pos == NULL || len != 4)
-		return -1;
-	printf("%u\n", WPA_GET_BE32(pos));
-	return 0;
-}
-
-
-static char ** complete_get_sta_counter(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	int i, count;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		/* counter list */
-		count = ARRAY_SIZE(sta_counters);
-		res = os_calloc(count, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; sta_counters[i].name; i++) {
-			res[i] = os_strdup(sta_counters[i].name);
-			if (res[i] == NULL)
-				break;
-		}
-		break;
-	case 2:
-		res = get_bssid_list(s);
-		break;
-	case 3:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 0);
-		break;
-	}
-
-	return res;
-}
-
-
-struct bss_counters {
-	const char *name;
-	enum wlantest_bss_counter num;
-};
-
-static const struct bss_counters bss_counters[] = {
-	{ "valid_bip_mmie", WLANTEST_BSS_COUNTER_VALID_BIP_MMIE },
-	{ "invalid_bip_mmie", WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE },
-	{ "missing_bip_mmie", WLANTEST_BSS_COUNTER_MISSING_BIP_MMIE },
-	{ "bip_deauth", WLANTEST_BSS_COUNTER_BIP_DEAUTH },
-	{ "bip_disassoc", WLANTEST_BSS_COUNTER_BIP_DISASSOC },
-	{ "probe_response", WLANTEST_BSS_COUNTER_PROBE_RESPONSE },
-	{ NULL, 0 }
-};
-
-static int cmd_get_bss_counter(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen, i;
-	size_t len;
-
-	if (argc != 2) {
-		printf("get_bss_counter needs at two arguments: "
-		       "counter name and BSSID\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_GET_BSS_COUNTER);
-	pos += 4;
-
-	for (i = 0; bss_counters[i].name; i++) {
-		if (os_strcasecmp(bss_counters[i].name, argv[0]) == 0)
-			break;
-	}
-	if (bss_counters[i].name == NULL) {
-		printf("Unknown BSS counter '%s'\n", argv[0]);
-		printf("Counters:");
-		for (i = 0; bss_counters[i].name; i++)
-			printf(" %s", bss_counters[i].name);
-		printf("\n");
-		return -1;
-	}
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_BSS_COUNTER,
-			    bss_counters[i].num);
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_COUNTER, &len);
-	if (pos == NULL || len != 4)
-		return -1;
-	printf("%u\n", WPA_GET_BE32(pos));
-	return 0;
-}
-
-
-static char ** complete_get_bss_counter(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	int i, count;
-
-	switch (arg) {
-	case 1:
-		/* counter list */
-		count = ARRAY_SIZE(bss_counters);
-		res = os_calloc(count, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; bss_counters[i].name; i++) {
-			res[i] = os_strdup(bss_counters[i].name);
-			if (res[i] == NULL)
-				break;
-		}
-		break;
-	case 2:
-		res = get_bssid_list(s);
-		break;
-	}
-
-	return res;
-}
-
-
-static int cmd_relog(int s, int argc, char *argv[])
-{
-	return cmd_simple(s, WLANTEST_CTRL_RELOG);
-}
-
-
-struct tdls_counters {
-	const char *name;
-	enum wlantest_tdls_counter num;
-};
-
-static const struct tdls_counters tdls_counters[] = {
-	{ "valid_direct_link", WLANTEST_TDLS_COUNTER_VALID_DIRECT_LINK },
-	{ "invalid_direct_link", WLANTEST_TDLS_COUNTER_INVALID_DIRECT_LINK },
-	{ "valid_ap_path", WLANTEST_TDLS_COUNTER_VALID_AP_PATH },
-	{ "invalid_ap_path", WLANTEST_TDLS_COUNTER_INVALID_AP_PATH },
-	{ "setup_req", WLANTEST_TDLS_COUNTER_SETUP_REQ },
-	{ "setup_resp_ok", WLANTEST_TDLS_COUNTER_SETUP_RESP_OK },
-	{ "setup_resp_fail", WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL },
-	{ "setup_conf_ok", WLANTEST_TDLS_COUNTER_SETUP_CONF_OK },
-	{ "setup_conf_fail", WLANTEST_TDLS_COUNTER_SETUP_CONF_FAIL },
-	{ "teardown", WLANTEST_TDLS_COUNTER_TEARDOWN },
-	{ NULL, 0 }
-};
-
-static int cmd_get_tdls_counter(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen, i;
-	size_t len;
-
-	if (argc != 4) {
-		printf("get_tdls_counter needs four arguments: "
-		       "counter name, BSSID, STA1 address, STA2 address\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_GET_TDLS_COUNTER);
-	pos += 4;
-
-	for (i = 0; tdls_counters[i].name; i++) {
-		if (os_strcasecmp(tdls_counters[i].name, argv[0]) == 0)
-			break;
-	}
-	if (tdls_counters[i].name == NULL) {
-		printf("Unknown TDLS counter '%s'\n", argv[0]);
-		printf("Counters:");
-		for (i = 0; tdls_counters[i].name; i++)
-			printf(" %s", tdls_counters[i].name);
-		printf("\n");
-		return -1;
-	}
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_TDLS_COUNTER,
-			    tdls_counters[i].num);
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[2], pos) < 0) {
-		printf("Invalid STA1 address '%s'\n", argv[2]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA2_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[3], pos) < 0) {
-		printf("Invalid STA2 address '%s'\n", argv[3]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_COUNTER, &len);
-	if (pos == NULL || len != 4)
-		return -1;
-	printf("%u\n", WPA_GET_BE32(pos));
-	return 0;
-}
-
-
-static char ** complete_get_tdls_counter(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	int i, count;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		/* counter list */
-		count = ARRAY_SIZE(tdls_counters);
-		res = os_calloc(count, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; tdls_counters[i].name; i++) {
-			res[i] = os_strdup(tdls_counters[i].name);
-			if (res[i] == NULL)
-				break;
-		}
-		break;
-	case 2:
-		res = get_bssid_list(s);
-		break;
-	case 3:
-	case 4:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 0);
-		break;
-	}
-
-	return res;
-}
-
-
-struct inject_frames {
-	const char *name;
-	enum wlantest_inject_frame frame;
-};
-
-static const struct inject_frames inject_frames[] = {
-	{ "auth", WLANTEST_FRAME_AUTH },
-	{ "assocreq", WLANTEST_FRAME_ASSOCREQ },
-	{ "reassocreq", WLANTEST_FRAME_REASSOCREQ },
-	{ "deauth", WLANTEST_FRAME_DEAUTH },
-	{ "disassoc", WLANTEST_FRAME_DISASSOC },
-	{ "saqueryreq", WLANTEST_FRAME_SAQUERYREQ },
-	{ NULL, 0 }
-};
-
-static int cmd_inject(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen, i;
-	enum wlantest_inject_protection prot;
-
-	/* <frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff> */
-
-	if (argc < 5) {
-		printf("inject needs five arguments: frame, protection, "
-		       "sender, BSSID, STA/ff:ff:ff:ff:ff:ff\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_INJECT);
-	pos += 4;
-
-	for (i = 0; inject_frames[i].name; i++) {
-		if (os_strcasecmp(inject_frames[i].name, argv[0]) == 0)
-			break;
-	}
-	if (inject_frames[i].name == NULL) {
-		printf("Unknown inject frame '%s'\n", argv[0]);
-		printf("Frames:");
-		for (i = 0; inject_frames[i].name; i++)
-			printf(" %s", inject_frames[i].name);
-		printf("\n");
-		return -1;
-	}
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_FRAME,
-			    inject_frames[i].frame);
-
-	if (os_strcasecmp(argv[1], "normal") == 0)
-		prot = WLANTEST_INJECT_NORMAL;
-	else if (os_strcasecmp(argv[1], "protected") == 0)
-		prot = WLANTEST_INJECT_PROTECTED;
-	else if (os_strcasecmp(argv[1], "unprotected") == 0)
-		prot = WLANTEST_INJECT_UNPROTECTED;
-	else if (os_strcasecmp(argv[1], "incorrect") == 0)
-		prot = WLANTEST_INJECT_INCORRECT_KEY;
-	else {
-		printf("Unknown protection type '%s'\n", argv[1]);
-		printf("Protection types: normal protected unprotected "
-		       "incorrect\n");
-		return -1;
-	}
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_PROTECTION, prot);
-
-	if (os_strcasecmp(argv[2], "ap") == 0) {
-		pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_SENDER_AP,
-				    1);
-	} else if (os_strcasecmp(argv[2], "sta") == 0) {
-		pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_SENDER_AP,
-				    0);
-	} else {
-		printf("Unknown sender '%s'\n", argv[2]);
-		printf("Sender types: ap sta\n");
-		return -1;
-	}
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[3], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[3]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[4], pos) < 0) {
-		printf("Invalid STA '%s'\n", argv[4]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	printf("OK\n");
-	return 0;
-}
-
-
-static char ** complete_inject(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	int i, count;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		/* frame list */
-		count = ARRAY_SIZE(inject_frames);
-		res = os_calloc(count, sizeof(char *));
-		if (res == NULL)
-			break;
-		for (i = 0; inject_frames[i].name; i++) {
-			res[i] = os_strdup(inject_frames[i].name);
-			if (res[i] == NULL)
-				break;
-		}
-		break;
-	case 2:
-		res = os_calloc(5, sizeof(char *));
-		if (res == NULL)
-			break;
-		res[0] = os_strdup("normal");
-		if (res[0] == NULL)
-			break;
-		res[1] = os_strdup("protected");
-		if (res[1] == NULL)
-			break;
-		res[2] = os_strdup("unprotected");
-		if (res[2] == NULL)
-			break;
-		res[3] = os_strdup("incorrect");
-		if (res[3] == NULL)
-			break;
-		break;
-	case 3:
-		res = os_calloc(3, sizeof(char *));
-		if (res == NULL)
-			break;
-		res[0] = os_strdup("ap");
-		if (res[0] == NULL)
-			break;
-		res[1] = os_strdup("sta");
-		if (res[1] == NULL)
-			break;
-		break;
-	case 4:
-		res = get_bssid_list(s);
-		break;
-	case 5:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 1);
-		break;
-	}
-
-	return res;
-}
-
-
-static u8 * add_hex(u8 *pos, u8 *end, const char *str)
-{
-	const char *s;
-	int val;
-
-	s = str;
-	while (*s) {
-		while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n' ||
-		       *s == ':')
-			s++;
-		if (*s == '\0')
-			break;
-		if (*s == '#') {
-			while (*s != '\0' && *s != '\r' && *s != '\n')
-				s++;
-			continue;
-		}
-
-		val = hex2byte(s);
-		if (val < 0) {
-			printf("Invalid hex encoding '%s'\n", s);
-			return NULL;
-		}
-		if (pos == end) {
-			printf("Too long frame\n");
-			return NULL;
-		}
-		*pos++ = val;
-		s += 2;
-	}
-
-	return pos;
-}
-
-
-static int cmd_send(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[WLANTEST_CTRL_MAX_CMD_LEN], *end, *pos, *len_pos;
-	int rlen;
-	enum wlantest_inject_protection prot;
-	int arg;
-
-	/* <prot> <raw frame as hex dump> */
-
-	if (argc < 2) {
-		printf("send needs two arguments: protected/unprotected, "
-		       "raw frame as hex dump\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_SEND);
-	pos += 4;
-
-	if (os_strcasecmp(argv[0], "normal") == 0)
-		prot = WLANTEST_INJECT_NORMAL;
-	else if (os_strcasecmp(argv[0], "protected") == 0)
-		prot = WLANTEST_INJECT_PROTECTED;
-	else if (os_strcasecmp(argv[0], "unprotected") == 0)
-		prot = WLANTEST_INJECT_UNPROTECTED;
-	else if (os_strcasecmp(argv[0], "incorrect") == 0)
-		prot = WLANTEST_INJECT_INCORRECT_KEY;
-	else {
-		printf("Unknown protection type '%s'\n", argv[1]);
-		printf("Protection types: normal protected unprotected "
-		       "incorrect\n");
-		return -1;
-	}
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_PROTECTION, prot);
-
-	WPA_PUT_BE32(pos, WLANTEST_ATTR_FRAME);
-	pos += 4;
-	len_pos = pos;
-	pos += 4;
-
-	for (arg = 1; pos && arg < argc; arg++)
-		pos = add_hex(pos, end, argv[arg]);
-	if (pos == NULL)
-		return -1;
-
-	WPA_PUT_BE32(len_pos, pos - len_pos - 4);
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	printf("OK\n");
-	return 0;
-}
-
-
-static char ** complete_send(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = os_calloc(5, sizeof(char *));
-		if (res == NULL)
-			break;
-		res[0] = os_strdup("normal");
-		if (res[0] == NULL)
-			break;
-		res[1] = os_strdup("protected");
-		if (res[1] == NULL)
-			break;
-		res[2] = os_strdup("unprotected");
-		if (res[2] == NULL)
-			break;
-		res[3] = os_strdup("incorrect");
-		if (res[3] == NULL)
-			break;
-		break;
-	}
-
-	return res;
-}
-
-
-static int cmd_version(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[4];
-	char *version;
-	size_t len;
-	int rlen, i;
-
-	WPA_PUT_BE32(buf, WLANTEST_CTRL_VERSION);
-	rlen = cmd_send_and_recv(s, buf, sizeof(buf), resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	version = (char *) attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_VERSION,
-				    &len);
-	if (version == NULL)
-		return -1;
-
-	for (i = 0; i < len; i++)
-		putchar(version[i]);
-	printf("\n");
-
-	return 0;
-}
-
-
-static int cmd_add_passphrase(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos, *end;
-	size_t len;
-	int rlen;
-
-	if (argc < 1) {
-		printf("add_passphrase needs one argument: passphrase\n");
-		return -1;
-	}
-
-	len = os_strlen(argv[0]);
-	if (len < 8 || len > 63) {
-		printf("Invalid passphrase '%s'\n", argv[0]);
-		return -1;
-	}
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_ADD_PASSPHRASE);
-	pos += 4;
-	pos = attr_add_str(pos, end, WLANTEST_ATTR_PASSPHRASE,
-			   argv[0]);
-	if (argc > 1) {
-		pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-		if (hwaddr_aton(argv[1], pos) < 0) {
-			printf("Invalid BSSID '%s'\n", argv[3]);
-			return -1;
-		}
-		pos += ETH_ALEN;
-	}
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	return 0;
-}
-
-
-static int cmd_add_wepkey(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *pos, *end;
-	int rlen;
-
-	if (argc < 1) {
-		printf("add_wepkey needs one argument: WEP key\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_ADD_PASSPHRASE);
-	pos += 4;
-	pos = attr_add_str(pos, end, WLANTEST_ATTR_WEPKEY, argv[0]);
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-	return 0;
-}
-
-
-struct sta_infos {
-	const char *name;
-	enum wlantest_sta_info num;
-};
-
-static const struct sta_infos sta_infos[] = {
-	{ "proto", WLANTEST_STA_INFO_PROTO },
-	{ "pairwise", WLANTEST_STA_INFO_PAIRWISE },
-	{ "key_mgmt", WLANTEST_STA_INFO_KEY_MGMT },
-	{ "rsn_capab", WLANTEST_STA_INFO_RSN_CAPAB },
-	{ "state", WLANTEST_STA_INFO_STATE },
-	{ "gtk", WLANTEST_STA_INFO_GTK },
-	{ NULL, 0 }
-};
-
-static int cmd_info_sta(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen, i;
-	size_t len;
-	char info[100];
-
-	if (argc != 3) {
-		printf("sta_info needs at three arguments: "
-		       "counter name, BSSID, and STA address\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_INFO_STA);
-	pos += 4;
-
-	for (i = 0; sta_infos[i].name; i++) {
-		if (os_strcasecmp(sta_infos[i].name, argv[0]) == 0)
-			break;
-	}
-	if (sta_infos[i].name == NULL) {
-		printf("Unknown STA info '%s'\n", argv[0]);
-		printf("Info fields:");
-		for (i = 0; sta_infos[i].name; i++)
-			printf(" %s", sta_infos[i].name);
-		printf("\n");
-		return -1;
-	}
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_STA_INFO,
-			    sta_infos[i].num);
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[2], pos) < 0) {
-		printf("Invalid STA address '%s'\n", argv[2]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_INFO, &len);
-	if (pos == NULL)
-		return -1;
-	if (len >= sizeof(info))
-		len = sizeof(info) - 1;
-	os_memcpy(info, pos, len);
-	info[len] = '\0';
-	printf("%s\n", info);
-	return 0;
-}
-
-
-static char ** complete_info_sta(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	int i, count;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		/* counter list */
-		count = ARRAY_SIZE(sta_infos);
-		res = os_calloc(count, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; sta_infos[i].name; i++) {
-			res[i] = os_strdup(sta_infos[i].name);
-			if (res[i] == NULL)
-				break;
-		}
-		break;
-	case 2:
-		res = get_bssid_list(s);
-		break;
-	case 3:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 0);
-		break;
-	}
-
-	return res;
-}
-
-
-struct bss_infos {
-	const char *name;
-	enum wlantest_bss_info num;
-};
-
-static const struct bss_infos bss_infos[] = {
-	{ "proto", WLANTEST_BSS_INFO_PROTO },
-	{ "pairwise", WLANTEST_BSS_INFO_PAIRWISE },
-	{ "group", WLANTEST_BSS_INFO_GROUP },
-	{ "group_mgmt", WLANTEST_BSS_INFO_GROUP_MGMT },
-	{ "key_mgmt", WLANTEST_BSS_INFO_KEY_MGMT },
-	{ "rsn_capab", WLANTEST_BSS_INFO_RSN_CAPAB },
-	{ NULL, 0 }
-};
-
-static int cmd_info_bss(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen, i;
-	size_t len;
-	char info[100];
-
-	if (argc != 2) {
-		printf("bss_info needs at two arguments: "
-		       "field name and BSSID\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_INFO_BSS);
-	pos += 4;
-
-	for (i = 0; bss_infos[i].name; i++) {
-		if (os_strcasecmp(bss_infos[i].name, argv[0]) == 0)
-			break;
-	}
-	if (bss_infos[i].name == NULL) {
-		printf("Unknown BSS info '%s'\n", argv[0]);
-		printf("Info fields:");
-		for (i = 0; bss_infos[i].name; i++)
-			printf(" %s", bss_infos[i].name);
-		printf("\n");
-		return -1;
-	}
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_BSS_INFO,
-			    bss_infos[i].num);
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_INFO, &len);
-	if (pos == NULL)
-		return -1;
-	if (len >= sizeof(info))
-		len = sizeof(info) - 1;
-	os_memcpy(info, pos, len);
-	info[len] = '\0';
-	printf("%s\n", info);
-	return 0;
-}
-
-
-static char ** complete_info_bss(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	int i, count;
-
-	switch (arg) {
-	case 1:
-		/* counter list */
-		count = ARRAY_SIZE(bss_infos);
-		res = os_calloc(count, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; bss_infos[i].name; i++) {
-			res[i] = os_strdup(bss_infos[i].name);
-			if (res[i] == NULL)
-				break;
-		}
-		break;
-	case 2:
-		res = get_bssid_list(s);
-		break;
-	}
-
-	return res;
-}
-
-
-static int cmd_get_tx_tid(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen;
-	size_t len;
-
-	if (argc != 3) {
-		printf("get_tx_tid needs three arguments: "
-		       "BSSID, STA address, and TID\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_GET_TX_TID);
-	pos += 4;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[0], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[0]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid STA address '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_TID, atoi(argv[2]));
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_COUNTER, &len);
-	if (pos == NULL || len != 4)
-		return -1;
-	printf("%u\n", WPA_GET_BE32(pos));
-	return 0;
-}
-
-
-static int cmd_get_rx_tid(int s, int argc, char *argv[])
-{
-	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
-	u8 buf[100], *end, *pos;
-	int rlen;
-	size_t len;
-
-	if (argc != 3) {
-		printf("get_tx_tid needs three arguments: "
-		       "BSSID, STA address, and TID\n");
-		return -1;
-	}
-
-	pos = buf;
-	end = buf + sizeof(buf);
-	WPA_PUT_BE32(pos, WLANTEST_CTRL_GET_RX_TID);
-	pos += 4;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN);
-	if (hwaddr_aton(argv[0], pos) < 0) {
-		printf("Invalid BSSID '%s'\n", argv[0]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN);
-	if (hwaddr_aton(argv[1], pos) < 0) {
-		printf("Invalid STA address '%s'\n", argv[1]);
-		return -1;
-	}
-	pos += ETH_ALEN;
-
-	pos = attr_add_be32(pos, end, WLANTEST_ATTR_TID, atoi(argv[2]));
-
-	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
-	if (rlen < 0)
-		return -1;
-
-	pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_COUNTER, &len);
-	if (pos == NULL || len != 4)
-		return -1;
-	printf("%u\n", WPA_GET_BE32(pos));
-	return 0;
-}
-
-
-static char ** complete_get_tid(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-	u8 addr[ETH_ALEN];
-
-	switch (arg) {
-	case 1:
-		res = get_bssid_list(s);
-		break;
-	case 2:
-		if (hwaddr_aton(&str[get_prev_arg_pos(str, pos)], addr) < 0)
-			break;
-		res = get_sta_list(s, addr, 0);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wlantest_cli_cmd_help(int s, int argc, char *argv[])
-{
-	print_help(stdout, argc > 0 ? argv[0] : NULL);
-	return 0;
-}
-
-
-static char ** wlantest_cli_complete_help(int s, const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = wlantest_cli_cmd_list();
-		break;
-	}
-
-	return res;
-}
-
-
-struct wlantest_cli_cmd {
-	const char *cmd;
-	int (*handler)(int s, int argc, char *argv[]);
-	const char *usage;
-	char ** (*complete)(int s, const char *str, int pos);
-};
-
-static const struct wlantest_cli_cmd wlantest_cli_commands[] = {
-	{ "ping", cmd_ping, "= test connection to wlantest", NULL },
-	{ "terminate", cmd_terminate, "= terminate wlantest", NULL },
-	{ "list_bss", cmd_list_bss, "= get BSS list", NULL },
-	{ "list_sta", cmd_list_sta, "<BSSID> = get STA list",
-	  complete_list_sta },
-	{ "flush", cmd_flush, "= drop all collected BSS data", NULL },
-	{ "clear_sta_counters", cmd_clear_sta_counters,
-	  "<BSSID> <STA> = clear STA counters", complete_clear_sta_counters },
-	{ "clear_bss_counters", cmd_clear_bss_counters,
-	  "<BSSID> = clear BSS counters", complete_clear_bss_counters },
-	{ "get_sta_counter", cmd_get_sta_counter,
-	  "<counter> <BSSID> <STA> = get STA counter value",
-	  complete_get_sta_counter },
-	{ "get_bss_counter", cmd_get_bss_counter,
-	  "<counter> <BSSID> = get BSS counter value",
-	  complete_get_bss_counter },
-	{ "inject", cmd_inject,
-	  "<frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff>",
-	  complete_inject },
-	{ "send", cmd_send,
-	  "<prot> <raw frame as hex dump>",
-	  complete_send },
-	{ "version", cmd_version, "= get wlantest version", NULL },
-	{ "add_passphrase", cmd_add_passphrase,
-	  "<passphrase> = add a known passphrase", NULL },
-	{ "add_wepkey", cmd_add_wepkey,
-	  "<WEP key> = add a known WEP key", NULL },
-	{ "info_sta", cmd_info_sta,
-	  "<field> <BSSID> <STA> = get STA information",
-	  complete_info_sta },
-	{ "info_bss", cmd_info_bss,
-	  "<field> <BSSID> = get BSS information",
-	  complete_info_bss },
-	{ "clear_tdls_counters", cmd_clear_tdls_counters,
-	  "<BSSID> <STA1> <STA2> = clear TDLS counters",
-	  complete_clear_tdls_counters },
-	{ "get_tdls_counter", cmd_get_tdls_counter,
-	  "<counter> <BSSID> <STA1> <STA2> = get TDLS counter value",
-	  complete_get_tdls_counter },
-	{ "get_bss_counter", cmd_get_bss_counter,
-	  "<counter> <BSSID> = get BSS counter value",
-	  complete_get_bss_counter },
-	{ "relog", cmd_relog, "= re-open log-file (allow rolling logs)", NULL },
-	{ "get_tx_tid", cmd_get_tx_tid,
-	  "<BSSID> <STA> <TID> = get STA TX TID counter value",
-	  complete_get_tid },
-	{ "get_rx_tid", cmd_get_rx_tid,
-	  "<BSSID> <STA> <TID> = get STA RX TID counter value",
-	  complete_get_tid },
-	{ "help", wlantest_cli_cmd_help,
-	  "= show this usage help", wlantest_cli_complete_help },
-	{ NULL, NULL, NULL, NULL }
-};
-
-
-/*
- * Prints command usage, lines are padded with the specified string.
- */
-static void print_cmd_help(FILE *stream, const struct wlantest_cli_cmd *cmd,
-			   const char *pad)
-{
-	char c;
-	size_t n;
-
-	if (!cmd->usage)
-		return;
-	fprintf(stream, "%s%s ", pad, cmd->cmd);
-	for (n = 0; (c = cmd->usage[n]); n++) {
-		fprintf(stream, "%c", c);
-		if (c == '\n')
-			fprintf(stream, "%s", pad);
-	}
-	fprintf(stream, "\n");
-}
-
-
-static void print_help(FILE *stream, const char *cmd)
-{
-	int n;
-
-	fprintf(stream, "commands:\n");
-	for (n = 0; wlantest_cli_commands[n].cmd; n++) {
-		if (!cmd || str_starts(wlantest_cli_commands[n].cmd, cmd))
-			print_cmd_help(stream, &wlantest_cli_commands[n], "  ");
-	}
-}
-
-
-static int ctrl_command(int s, int argc, char *argv[])
-{
-	const struct wlantest_cli_cmd *cmd, *match = NULL;
-	int count = 0;
-	int ret = 0;
-
-	for (cmd = wlantest_cli_commands; cmd->cmd; cmd++) {
-		if (os_strncasecmp(cmd->cmd, argv[0], os_strlen(argv[0])) == 0)
-		{
-			match = cmd;
-			if (os_strcasecmp(cmd->cmd, argv[0]) == 0) {
-				/* exact match */
-				count = 1;
-				break;
-			}
-			count++;
-		}
-	}
-
-	if (count > 1) {
-		printf("Ambiguous command '%s'; possible commands:", argv[0]);
-		for (cmd = wlantest_cli_commands; cmd->cmd; cmd++) {
-			if (os_strncasecmp(cmd->cmd, argv[0],
-					   os_strlen(argv[0])) == 0) {
-				printf(" %s", cmd->cmd);
-			}
-		}
-		printf("\n");
-		ret = 1;
-	} else if (count == 0) {
-		printf("Unknown command '%s'\n", argv[0]);
-		ret = 1;
-	} else {
-		ret = match->handler(s, argc - 1, &argv[1]);
-	}
-
-	return ret;
-}
-
-
-struct wlantest_cli {
-	int s;
-};
-
-
-static void wlantest_cli_edit_cmd_cb(void *ctx, char *cmd)
-{
-	struct wlantest_cli *cli = ctx;
-	char *argv[max_args];
-	int argc;
-	argc = tokenize_cmd(cmd, argv);
-	if (argc) {
-		int ret = ctrl_command(cli->s, argc, argv);
-		if (ret < 0)
-			printf("FAIL\n");
-	}
-}
-
-
-static void wlantest_cli_eloop_terminate(int sig, void *signal_ctx)
-{
-	eloop_terminate();
-}
-
-
-static void wlantest_cli_edit_eof_cb(void *ctx)
-{
-	eloop_terminate();
-}
-
-
-static char ** wlantest_cli_cmd_list(void)
-{
-	char **res;
-	int i;
-
-	res = os_calloc(ARRAY_SIZE(wlantest_cli_commands), sizeof(char *));
-	if (res == NULL)
-		return NULL;
-
-	for (i = 0; wlantest_cli_commands[i].cmd; i++) {
-		res[i] = os_strdup(wlantest_cli_commands[i].cmd);
-		if (res[i] == NULL)
-			break;
-	}
-
-	return res;
-}
-
-
-static char ** wlantest_cli_cmd_completion(struct wlantest_cli *cli,
-					   const char *cmd, const char *str,
-					   int pos)
-{
-	int i;
-
-	for (i = 0; wlantest_cli_commands[i].cmd; i++) {
-		const struct wlantest_cli_cmd *c = &wlantest_cli_commands[i];
-		if (os_strcasecmp(c->cmd, cmd) == 0) {
-			edit_clear_line();
-			printf("\r%s\n", c->usage);
-			edit_redraw();
-			if (c->complete)
-				return c->complete(cli->s, str, pos);
-			break;
-		}
-	}
-
-	return NULL;
-}
-
-
-static char ** wlantest_cli_edit_completion_cb(void *ctx, const char *str,
-					       int pos)
-{
-	struct wlantest_cli *cli = ctx;
-	char **res;
-	const char *end;
-	char *cmd;
-
-	end = os_strchr(str, ' ');
-	if (end == NULL || str + pos < end)
-		return wlantest_cli_cmd_list();
-
-	cmd = os_malloc(pos + 1);
-	if (cmd == NULL)
-		return NULL;
-	os_memcpy(cmd, str, pos);
-	cmd[end - str] = '\0';
-	res = wlantest_cli_cmd_completion(cli, cmd, str, pos);
-	os_free(cmd);
-	return res;
-}
-
-
-static void wlantest_cli_interactive(int s)
-{
-	struct wlantest_cli cli;
-	char *home, *hfile = NULL;
-
-	if (eloop_init())
-		return;
-
-	home = getenv("HOME");
-	if (home) {
-		const char *fname = ".wlantest_cli_history";
-		int hfile_len = os_strlen(home) + 1 + os_strlen(fname) + 1;
-		hfile = os_malloc(hfile_len);
-		if (hfile)
-			os_snprintf(hfile, hfile_len, "%s/%s", home, fname);
-	}
-
-	cli.s = s;
-	eloop_register_signal_terminate(wlantest_cli_eloop_terminate, &cli);
-	edit_init(wlantest_cli_edit_cmd_cb, wlantest_cli_edit_eof_cb,
-		  wlantest_cli_edit_completion_cb, &cli, hfile, NULL);
-
-	eloop_run();
-
-	edit_deinit(hfile, NULL);
-	os_free(hfile);
-	eloop_destroy();
-}
-
-
-int main(int argc, char *argv[])
-{
-	int s;
-	struct sockaddr_un addr;
-	int ret = 0;
-
-	if (os_program_init())
-		return -1;
-
-	s = socket(AF_UNIX, SOCK_SEQPACKET, 0);
-	if (s < 0) {
-		perror("socket");
-		return -1;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	os_strlcpy(addr.sun_path + 1, WLANTEST_SOCK_NAME,
-		   sizeof(addr.sun_path) - 1);
-	if (connect(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		perror("connect");
-		close(s);
-		return -1;
-	}
-
-	if (argc > 1) {
-		ret = ctrl_command(s, argc - 1, &argv[1]);
-		if (ret < 0)
-			printf("FAIL\n");
-	} else {
-		wlantest_cli_interactive(s);
-	}
-
-	close(s);
-
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/wlantest/wlantest_ctrl.h b/wlantest/wlantest_ctrl.h
deleted file mode 100644
index 1af6838d07e6..000000000000
--- a/wlantest/wlantest_ctrl.h
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * wlantest control interface
- * Copyright (c) 2010-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WLANTEST_CTRL_H
-#define WLANTEST_CTRL_H
-
-#define WLANTEST_SOCK_NAME "w1.fi.wlantest"
-#define WLANTEST_CTRL_MAX_CMD_LEN 1000
-#define WLANTEST_CTRL_MAX_RESP_LEN 1000
-
-enum wlantest_ctrl_cmd {
-	WLANTEST_CTRL_SUCCESS,
-	WLANTEST_CTRL_FAILURE,
-	WLANTEST_CTRL_INVALID_CMD,
-	WLANTEST_CTRL_UNKNOWN_CMD,
-	WLANTEST_CTRL_PING,
-	WLANTEST_CTRL_TERMINATE,
-	WLANTEST_CTRL_LIST_BSS,
-	WLANTEST_CTRL_LIST_STA,
-	WLANTEST_CTRL_FLUSH,
-	WLANTEST_CTRL_CLEAR_STA_COUNTERS,
-	WLANTEST_CTRL_CLEAR_BSS_COUNTERS,
-	WLANTEST_CTRL_GET_STA_COUNTER,
-	WLANTEST_CTRL_GET_BSS_COUNTER,
-	WLANTEST_CTRL_INJECT,
-	WLANTEST_CTRL_VERSION,
-	WLANTEST_CTRL_ADD_PASSPHRASE,
-	WLANTEST_CTRL_INFO_STA,
-	WLANTEST_CTRL_INFO_BSS,
-	WLANTEST_CTRL_SEND,
-	WLANTEST_CTRL_CLEAR_TDLS_COUNTERS,
-	WLANTEST_CTRL_GET_TDLS_COUNTER,
-	WLANTEST_CTRL_RELOG,
-	WLANTEST_CTRL_GET_TX_TID,
-	WLANTEST_CTRL_GET_RX_TID,
-};
-
-enum wlantest_ctrl_attr {
-	WLANTEST_ATTR_BSSID,
-	WLANTEST_ATTR_STA_ADDR,
-	WLANTEST_ATTR_STA_COUNTER,
-	WLANTEST_ATTR_BSS_COUNTER,
-	WLANTEST_ATTR_COUNTER,
-	WLANTEST_ATTR_INJECT_FRAME,
-	WLANTEST_ATTR_INJECT_SENDER_AP,
-	WLANTEST_ATTR_INJECT_PROTECTION,
-	WLANTEST_ATTR_VERSION,
-	WLANTEST_ATTR_PASSPHRASE,
-	WLANTEST_ATTR_STA_INFO,
-	WLANTEST_ATTR_BSS_INFO,
-	WLANTEST_ATTR_INFO,
-	WLANTEST_ATTR_FRAME,
-	WLANTEST_ATTR_TDLS_COUNTER,
-	WLANTEST_ATTR_STA2_ADDR,
-	WLANTEST_ATTR_WEPKEY,
-	WLANTEST_ATTR_TID,
-};
-
-enum wlantest_bss_counter {
-	WLANTEST_BSS_COUNTER_VALID_BIP_MMIE,
-	WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE,
-	WLANTEST_BSS_COUNTER_MISSING_BIP_MMIE,
-	WLANTEST_BSS_COUNTER_BIP_DEAUTH,
-	WLANTEST_BSS_COUNTER_BIP_DISASSOC,
-	WLANTEST_BSS_COUNTER_PROBE_RESPONSE,
-	NUM_WLANTEST_BSS_COUNTER
-};
-
-enum wlantest_sta_counter {
-	WLANTEST_STA_COUNTER_AUTH_TX,
-	WLANTEST_STA_COUNTER_AUTH_RX,
-	WLANTEST_STA_COUNTER_ASSOCREQ_TX,
-	WLANTEST_STA_COUNTER_REASSOCREQ_TX,
-	WLANTEST_STA_COUNTER_PTK_LEARNED,
-	WLANTEST_STA_COUNTER_VALID_DEAUTH_TX,
-	WLANTEST_STA_COUNTER_VALID_DEAUTH_RX,
-	WLANTEST_STA_COUNTER_INVALID_DEAUTH_TX,
-	WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX,
-	WLANTEST_STA_COUNTER_VALID_DISASSOC_TX,
-	WLANTEST_STA_COUNTER_VALID_DISASSOC_RX,
-	WLANTEST_STA_COUNTER_INVALID_DISASSOC_TX,
-	WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX,
-	WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_TX,
-	WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_RX,
-	WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_TX,
-	WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_RX,
-	WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_TX,
-	WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_RX,
-	WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_TX,
-	WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_RX,
-	WLANTEST_STA_COUNTER_PING_OK,
-	WLANTEST_STA_COUNTER_ASSOCRESP_COMEBACK,
-	WLANTEST_STA_COUNTER_REASSOCRESP_COMEBACK,
-	WLANTEST_STA_COUNTER_PING_OK_FIRST_ASSOC,
-	WLANTEST_STA_COUNTER_VALID_DEAUTH_RX_ACK,
-	WLANTEST_STA_COUNTER_VALID_DISASSOC_RX_ACK,
-	WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX_ACK,
-	WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX_ACK,
-	WLANTEST_STA_COUNTER_DEAUTH_RX_ASLEEP,
-	WLANTEST_STA_COUNTER_DEAUTH_RX_AWAKE,
-	WLANTEST_STA_COUNTER_DISASSOC_RX_ASLEEP,
-	WLANTEST_STA_COUNTER_DISASSOC_RX_AWAKE,
-	WLANTEST_STA_COUNTER_PROT_DATA_TX,
-	WLANTEST_STA_COUNTER_DEAUTH_RX_RC6,
-	WLANTEST_STA_COUNTER_DEAUTH_RX_RC7,
-	WLANTEST_STA_COUNTER_DISASSOC_RX_RC6,
-	WLANTEST_STA_COUNTER_DISASSOC_RX_RC7,
-	NUM_WLANTEST_STA_COUNTER
-};
-
-enum wlantest_tdls_counter {
-	WLANTEST_TDLS_COUNTER_VALID_DIRECT_LINK,
-	WLANTEST_TDLS_COUNTER_INVALID_DIRECT_LINK,
-	WLANTEST_TDLS_COUNTER_VALID_AP_PATH,
-	WLANTEST_TDLS_COUNTER_INVALID_AP_PATH,
-	WLANTEST_TDLS_COUNTER_SETUP_REQ,
-	WLANTEST_TDLS_COUNTER_SETUP_RESP_OK,
-	WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL,
-	WLANTEST_TDLS_COUNTER_SETUP_CONF_OK,
-	WLANTEST_TDLS_COUNTER_SETUP_CONF_FAIL,
-	WLANTEST_TDLS_COUNTER_TEARDOWN,
-	NUM_WLANTEST_TDLS_COUNTER
-};
-
-enum wlantest_inject_frame {
-	WLANTEST_FRAME_AUTH,
-	WLANTEST_FRAME_ASSOCREQ,
-	WLANTEST_FRAME_REASSOCREQ,
-	WLANTEST_FRAME_DEAUTH,
-	WLANTEST_FRAME_DISASSOC,
-	WLANTEST_FRAME_SAQUERYREQ,
-};
-
-/**
- * enum wlantest_inject_protection - WLANTEST_CTRL_INJECT protection
- * @WLANTEST_INJECT_NORMAL: Use normal rules (protect if key is set)
- * @WLANTEST_INJECT_PROTECTED: Force protection (fail if not possible)
- * @WLANTEST_INJECT_UNPROTECTED: Force unprotected
- * @WLANTEST_INJECT_INCORRECT_KEY: Force protection with incorrect key
- */
-enum wlantest_inject_protection {
-	WLANTEST_INJECT_NORMAL,
-	WLANTEST_INJECT_PROTECTED,
-	WLANTEST_INJECT_UNPROTECTED,
-	WLANTEST_INJECT_INCORRECT_KEY,
-};
-
-enum wlantest_sta_info {
-	WLANTEST_STA_INFO_PROTO,
-	WLANTEST_STA_INFO_PAIRWISE,
-	WLANTEST_STA_INFO_KEY_MGMT,
-	WLANTEST_STA_INFO_RSN_CAPAB,
-	WLANTEST_STA_INFO_STATE,
-	WLANTEST_STA_INFO_GTK,
-};
-
-enum wlantest_bss_info {
-	WLANTEST_BSS_INFO_PROTO,
-	WLANTEST_BSS_INFO_PAIRWISE,
-	WLANTEST_BSS_INFO_GROUP,
-	WLANTEST_BSS_INFO_GROUP_MGMT,
-	WLANTEST_BSS_INFO_KEY_MGMT,
-	WLANTEST_BSS_INFO_RSN_CAPAB,
-};
-
-#endif /* WLANTEST_CTRL_H */
diff --git a/wlantest/writepcap.c b/wlantest/writepcap.c
deleted file mode 100644
index fee2c40dc478..000000000000
--- a/wlantest/writepcap.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- * PCAP capture file writer
- * Copyright (c) 2010-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <pcap.h>
-#include <pcap-bpf.h>
-
-#include "utils/common.h"
-#include "wlantest.h"
-#include "common/qca-vendor.h"
-
-
-int write_pcap_init(struct wlantest *wt, const char *fname)
-{
-	int linktype = wt->ethernet ? DLT_EN10MB : DLT_IEEE802_11_RADIO;
-
-	wt->write_pcap = pcap_open_dead(linktype, 4000);
-	if (wt->write_pcap == NULL)
-		return -1;
-	wt->write_pcap_dumper = pcap_dump_open(wt->write_pcap, fname);
-	if (wt->write_pcap_dumper == NULL) {
-		pcap_close(wt->write_pcap);
-		wt->write_pcap = NULL;
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "Writing PCAP dump to '%s'", fname);
-
-	return 0;
-}
-
-
-void write_pcap_deinit(struct wlantest *wt)
-{
-	if (wt->write_pcap_dumper) {
-		pcap_dump_close(wt->write_pcap_dumper);
-		wt->write_pcap_dumper = NULL;
-	}
-	if (wt->write_pcap) {
-		pcap_close(wt->write_pcap);
-		wt->write_pcap = NULL;
-	}
-}
-
-
-void write_pcap_captured(struct wlantest *wt, const u8 *buf, size_t len)
-{
-	struct pcap_pkthdr h;
-
-	if (!wt->write_pcap_dumper)
-		return;
-
-	os_memset(&h, 0, sizeof(h));
-	gettimeofday(&wt->write_pcap_time, NULL);
-	h.ts = wt->write_pcap_time;
-	h.caplen = len;
-	h.len = len;
-	pcap_dump(wt->write_pcap_dumper, &h, buf);
-	if (wt->pcap_no_buffer)
-		pcap_dump_flush(wt->write_pcap_dumper);
-}
-
-
-void write_pcap_decrypted(struct wlantest *wt, const u8 *buf1, size_t len1,
-			  const u8 *buf2, size_t len2)
-{
-	struct pcap_pkthdr h;
-	u8 rtap[] = {
-		0x00 /* rev */,
-		0x00 /* pad */,
-		0x0e, 0x00, /* header len */
-		0x00, 0x00, 0x00, 0x40, /* present flags */
-		0x00, 0x13, 0x74, QCA_RADIOTAP_VID_WLANTEST,
-		0x00, 0x00
-	};
-	u8 *buf;
-	size_t len;
-
-	if (!wt->write_pcap_dumper && !wt->pcapng)
-		return;
-
-	os_free(wt->decrypted);
-	len = sizeof(rtap) + len1 + len2;
-	wt->decrypted = buf = os_malloc(len);
-	if (buf == NULL)
-		return;
-	wt->decrypted_len = len;
-	os_memcpy(buf, rtap, sizeof(rtap));
-	if (buf1) {
-		os_memcpy(buf + sizeof(rtap), buf1, len1);
-		buf[sizeof(rtap) + 1] &= ~0x40; /* Clear Protected flag */
-	}
-	if (buf2)
-		os_memcpy(buf + sizeof(rtap) + len1, buf2, len2);
-
-	if (!wt->write_pcap_dumper)
-		return;
-
-	os_memset(&h, 0, sizeof(h));
-	h.ts = wt->write_pcap_time;
-	h.caplen = len;
-	h.len = len;
-	pcap_dump(wt->write_pcap_dumper, &h, buf);
-	if (wt->pcap_no_buffer)
-		pcap_dump_flush(wt->write_pcap_dumper);
-}
-
-
-struct pcapng_section_header {
-	u32 block_type; /* 0x0a0d0d0a */
-	u32 block_total_len;
-	u32 byte_order_magic;
-	u16 major_version;
-	u16 minor_version;
-	u64 section_len;
-	u32 block_total_len2;
-} STRUCT_PACKED;
-
-struct pcapng_interface_description {
-	u32 block_type; /* 0x00000001 */
-	u32 block_total_len;
-	u16 link_type;
-	u16 reserved;
-	u32 snap_len;
-	u32 block_total_len2;
-} STRUCT_PACKED;
-
-struct pcapng_enhanced_packet {
-	u32 block_type; /* 0x00000006 */
-	u32 block_total_len;
-	u32 interface_id;
-	u32 timestamp_high;
-	u32 timestamp_low;
-	u32 captured_len;
-	u32 packet_len;
-	/* Packet data - aligned to 32 bits */
-	/* Options (variable) */
-	/* Block Total Length copy */
-} STRUCT_PACKED;
-
-#define PCAPNG_BYTE_ORDER_MAGIC 0x1a2b3c4d
-#define PCAPNG_BLOCK_IFACE_DESC 0x00000001
-#define PCAPNG_BLOCK_PACKET 0x00000002
-#define PCAPNG_BLOCK_SIMPLE_PACKET 0x00000003
-#define PCAPNG_BLOCK_NAME_RESOLUTION 0x00000004
-#define PCAPNG_BLOCK_INTERFACE_STATISTICS 0x00000005
-#define PCAPNG_BLOCK_ENHANCED_PACKET 0x00000006
-#define PCAPNG_BLOCK_SECTION_HEADER 0x0a0d0d0a
-
-#define LINKTYPE_IEEE802_11 105
-#define LINKTYPE_IEEE802_11_RADIO 127
-
-#define PAD32(a) ((4 - ((a) & 3)) & 3)
-#define ALIGN32(a) ((a) + PAD32((a)))
-
-
-int write_pcapng_init(struct wlantest *wt, const char *fname)
-{
-	struct pcapng_section_header hdr;
-	struct pcapng_interface_description desc;
-
-	wt->pcapng = fopen(fname, "wb");
-	if (wt->pcapng == NULL)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "Writing PCAPNG dump to '%s'", fname);
-
-	os_memset(&hdr, 0, sizeof(hdr));
-	hdr.block_type = PCAPNG_BLOCK_SECTION_HEADER;
-	hdr.block_total_len = sizeof(hdr);
-	hdr.byte_order_magic = PCAPNG_BYTE_ORDER_MAGIC;
-	hdr.major_version = 1;
-	hdr.minor_version = 0;
-	hdr.section_len = -1;
-	hdr.block_total_len2 = hdr.block_total_len;
-	fwrite(&hdr, sizeof(hdr), 1, wt->pcapng);
-
-	os_memset(&desc, 0, sizeof(desc));
-	desc.block_type = PCAPNG_BLOCK_IFACE_DESC;
-	desc.block_total_len = sizeof(desc);
-	desc.block_total_len2 = desc.block_total_len;
-	desc.link_type = wt->ethernet ? DLT_EN10MB : LINKTYPE_IEEE802_11_RADIO;
-	desc.snap_len = 65535;
-	fwrite(&desc, sizeof(desc), 1, wt->pcapng);
-	if (wt->pcap_no_buffer)
-		fflush(wt->pcapng);
-
-	return 0;
-}
-
-
-void write_pcapng_deinit(struct wlantest *wt)
-{
-	if (wt->pcapng) {
-		fclose(wt->pcapng);
-		wt->pcapng = NULL;
-	}
-}
-
-
-static u8 * pcapng_add_comments(struct wlantest *wt, u8 *pos)
-{
-	size_t i;
-	u16 *len;
-
-	if (!wt->num_notes)
-		return pos;
-
-	*((u16 *) pos) = 1 /* opt_comment */;
-	pos += 2;
-	len = (u16 *) pos /* length to be filled in */;
-	pos += 2;
-
-	for (i = 0; i < wt->num_notes; i++) {
-		size_t nlen = os_strlen(wt->notes[i]);
-		if (i > 0)
-			*pos++ = '\n';
-		os_memcpy(pos, wt->notes[i], nlen);
-		pos += nlen;
-	}
-	*len = pos - (u8 *) len - 2;
-	pos += PAD32(*len);
-
-	*((u16 *) pos) = 0 /* opt_endofopt */;
-	pos += 2;
-	*((u16 *) pos) = 0;
-	pos += 2;
-
-	return pos;
-}
-
-
-static void write_pcapng_decrypted(struct wlantest *wt)
-{
-	size_t len;
-	struct pcapng_enhanced_packet *pkt;
-	u8 *pos;
-	u32 *block_len;
-
-	if (!wt->pcapng || wt->decrypted == NULL)
-		return;
-
-	add_note(wt, MSG_EXCESSIVE, "decrypted version of the previous frame");
-
-	len = sizeof(*pkt) + wt->decrypted_len + 100 + notes_len(wt, 32);
-	pkt = os_zalloc(len);
-	if (pkt == NULL)
-		return;
-
-	pkt->block_type = PCAPNG_BLOCK_ENHANCED_PACKET;
-	pkt->interface_id = 0;
-	pkt->timestamp_high = wt->write_pcapng_time_high;
-	pkt->timestamp_low = wt->write_pcapng_time_low;
-	pkt->captured_len = wt->decrypted_len;
-	pkt->packet_len = wt->decrypted_len;
-
-	pos = (u8 *) (pkt + 1);
-
-	os_memcpy(pos, wt->decrypted, wt->decrypted_len);
-	pos += ALIGN32(wt->decrypted_len);
-
-	pos = pcapng_add_comments(wt, pos);
-
-	block_len = (u32 *) pos;
-	pos += 4;
-	*block_len = pkt->block_total_len = pos - (u8 *) pkt;
-
-	fwrite(pkt, pos - (u8 *) pkt, 1, wt->pcapng);
-	if (wt->pcap_no_buffer)
-		fflush(wt->pcapng);
-
-	os_free(pkt);
-}
-
-
-void write_pcapng_write_read(struct wlantest *wt, int dlt,
-			     struct pcap_pkthdr *hdr, const u8 *data)
-{
-	struct pcapng_enhanced_packet *pkt;
-	u8 *pos;
-	u32 *block_len;
-	u64 timestamp;
-	size_t len, datalen = hdr->caplen;
-	u8 rtap[] = {
-		0x00 /* rev */,
-		0x00 /* pad */,
-		0x0a, 0x00, /* header len */
-		0x02, 0x00, 0x00, 0x00, /* present flags */
-		0x00, /* flags */
-		0x00 /* pad */
-	};
-
-	if (wt->assume_fcs)
-		rtap[8] |= 0x10;
-
-	if (!wt->pcapng)
-		return;
-
-	len = sizeof(*pkt) + hdr->len + 100 + notes_len(wt, 32) + sizeof(rtap);
-	pkt = os_zalloc(len);
-	if (pkt == NULL)
-		return;
-
-	pkt->block_type = PCAPNG_BLOCK_ENHANCED_PACKET;
-	pkt->interface_id = 0;
-	timestamp = 1000000 * hdr->ts.tv_sec + hdr->ts.tv_usec;
-	pkt->timestamp_high = timestamp >> 32;
-	pkt->timestamp_low = timestamp & 0xffffffff;
-	wt->write_pcapng_time_high = pkt->timestamp_high;
-	wt->write_pcapng_time_low = pkt->timestamp_low;
-	pkt->captured_len = hdr->caplen;
-	pkt->packet_len = hdr->len;
-
-	pos = (u8 *) (pkt + 1);
-
-	switch (dlt) {
-	case DLT_EN10MB:
-	case DLT_IEEE802_11_RADIO:
-		break;
-	case DLT_PRISM_HEADER:
-		/* remove prism header (could be kept ... lazy) */
-		pkt->captured_len -= WPA_GET_LE32(data + 4);
-		pkt->packet_len -= WPA_GET_LE32(data + 4);
-		datalen -= WPA_GET_LE32(data + 4);
-		data += WPA_GET_LE32(data + 4);
-		/* fall through */
-	case DLT_IEEE802_11:
-		pkt->captured_len += sizeof(rtap);
-		pkt->packet_len += sizeof(rtap);
-		os_memcpy(pos, &rtap, sizeof(rtap));
-		pos += sizeof(rtap);
-		break;
-	default:
-		return;
-	}
-
-	os_memcpy(pos, data, datalen);
-	pos += datalen + PAD32(pkt->captured_len);
-	pos = pcapng_add_comments(wt, pos);
-
-	block_len = (u32 *) pos;
-	pos += 4;
-	*block_len = pkt->block_total_len = pos - (u8 *) pkt;
-
-	fwrite(pkt, pos - (u8 *) pkt, 1, wt->pcapng);
-	if (wt->pcap_no_buffer)
-		fflush(wt->pcapng);
-
-	os_free(pkt);
-
-	write_pcapng_decrypted(wt);
-}
-
-
-void write_pcapng_captured(struct wlantest *wt, const u8 *buf, size_t len)
-{
-	struct pcap_pkthdr h;
-
-	if (!wt->pcapng)
-		return;
-
-	os_memset(&h, 0, sizeof(h));
-	gettimeofday(&h.ts, NULL);
-	h.caplen = len;
-	h.len = len;
-	write_pcapng_write_read(wt, wt->ethernet ? DLT_EN10MB :
-				DLT_IEEE802_11_RADIO, &h, buf);
-}
diff --git a/wpa_supplicant/.gitignore b/wpa_supplicant/.gitignore
deleted file mode 100644
index ff741201e6dd..000000000000
--- a/wpa_supplicant/.gitignore
+++ /dev/null
@@ -1,15 +0,0 @@
-.config
-*.service
-eapol_test
-nfc_pw_token
-preauth_test
-wpa_cli
-wpa_passphrase
-wpa_supplicant
-wpa_priv
-wpa_gui/Makefile
-wpa_gui/wpa_gui
-wpa_gui-qt4/Makefile
-wpa_gui-qt4/wpa_gui
-libwpa_test1
-libwpa_test2
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
deleted file mode 100644
index 7e597f396a07..000000000000
--- a/wpa_supplicant/Android.mk
+++ /dev/null
@@ -1,1827 +0,0 @@
-#
-# Copyright (C) 2008 The Android Open Source Project
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-#
-
-LOCAL_PATH := $(call my-dir)
-PKG_CONFIG ?= pkg-config
-
-ifneq ($(BOARD_WPA_SUPPLICANT_DRIVER),)
-  CONFIG_DRIVER_$(BOARD_WPA_SUPPLICANT_DRIVER) := y
-endif
-
-include $(LOCAL_PATH)/android.config
-
-# To ignore possible wrong network configurations
-L_CFLAGS = -DWPA_IGNORE_CONFIG_ERRORS
-
-L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
-
-# Set Android log name
-L_CFLAGS += -DANDROID_LOG_NAME=\"wpa_supplicant\"
-
-# Disable unused parameter warnings
-L_CFLAGS += -Wno-unused-parameter
-
-# Set Android extended P2P functionality
-L_CFLAGS += -DANDROID_P2P
-
-ifeq ($(BOARD_WPA_SUPPLICANT_PRIVATE_LIB),)
-L_CFLAGS += -DANDROID_LIB_STUB
-endif
-
-ifneq ($(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT),)
-L_CFLAGS += -DANDROID_LIB_EVENT
-endif
-
-# Disable roaming in wpa_supplicant
-ifdef CONFIG_NO_ROAMING
-L_CFLAGS += -DCONFIG_NO_ROAMING
-endif
-
-# Use Android specific directory for control interface sockets
-L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
-L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/misc/wifi/sockets\"
-
-# Use Android specific directory for wpa_cli command completion history
-L_CFLAGS += -DCONFIG_WPA_CLI_HISTORY_DIR=\"/data/misc/wifi\"
-
-# To force sizeof(enum) = 4
-ifeq ($(TARGET_ARCH),arm)
-L_CFLAGS += -mabi=aapcs-linux
-endif
-
-# C++ flags for binder interface
-L_CPPFLAGS := -std=c++11 -Wall -Werror
-# TODO: Remove these allowed warnings later.
-L_CPPFLAGS += -Wno-unused-variable -Wno-unused-parameter
-L_CPPFLAGS += -Wno-unused-private-field
-
-INCLUDES = $(LOCAL_PATH)
-INCLUDES += $(LOCAL_PATH)/src
-INCLUDES += $(LOCAL_PATH)/src/common
-# INCLUDES += $(LOCAL_PATH)/src/crypto # To force proper includes
-INCLUDES += $(LOCAL_PATH)/src/drivers
-INCLUDES += $(LOCAL_PATH)/src/eap_common
-INCLUDES += $(LOCAL_PATH)/src/eapol_supp
-INCLUDES += $(LOCAL_PATH)/src/eap_peer
-INCLUDES += $(LOCAL_PATH)/src/eap_server
-INCLUDES += $(LOCAL_PATH)/src/hlr_auc_gw
-INCLUDES += $(LOCAL_PATH)/src/l2_packet
-INCLUDES += $(LOCAL_PATH)/src/radius
-INCLUDES += $(LOCAL_PATH)/src/rsn_supp
-INCLUDES += $(LOCAL_PATH)/src/tls
-INCLUDES += $(LOCAL_PATH)/src/utils
-INCLUDES += $(LOCAL_PATH)/src/wps
-INCLUDES += system/security/keystore/include
-ifdef CONFIG_DRIVER_NL80211
-ifneq ($(wildcard external/libnl),)
-INCLUDES += external/libnl/include
-else
-INCLUDES += external/libnl-headers
-endif
-endif
-
-ifdef CONFIG_FIPS
-CONFIG_NO_RANDOM_POOL=
-CONFIG_OPENSSL_CMAC=y
-endif
-
-OBJS = config.c
-OBJS += notify.c
-OBJS += bss.c
-OBJS += eap_register.c
-OBJS += src/utils/common.c
-OBJS += src/utils/config.c
-OBJS += src/utils/wpa_debug.c
-OBJS += src/utils/wpabuf.c
-OBJS += src/utils/bitfield.c
-OBJS += src/utils/ip_addr.c
-OBJS += src/utils/crc32.c
-OBJS += wmm_ac.c
-OBJS += op_classes.c
-OBJS += rrm.c
-OBJS += twt.c
-OBJS += robust_av.c
-OBJS_p = wpa_passphrase.c
-OBJS_p += src/utils/common.c
-OBJS_p += src/utils/wpa_debug.c
-OBJS_p += src/utils/wpabuf.c
-OBJS_c = wpa_cli.c src/common/wpa_ctrl.c
-OBJS_c += src/utils/wpa_debug.c
-OBJS_c += src/utils/common.c
-OBJS_c += src/common/cli.c
-OBJS_d =
-OBJS_priv =
-
-ifndef CONFIG_OS
-ifdef CONFIG_NATIVE_WINDOWS
-CONFIG_OS=win32
-else
-CONFIG_OS=unix
-endif
-endif
-
-ifeq ($(CONFIG_OS), internal)
-L_CFLAGS += -DOS_NO_C_LIB_DEFINES
-endif
-
-OBJS += src/utils/os_$(CONFIG_OS).c
-OBJS_p += src/utils/os_$(CONFIG_OS).c
-OBJS_c += src/utils/os_$(CONFIG_OS).c
-
-ifdef CONFIG_WPA_TRACE
-L_CFLAGS += -DWPA_TRACE
-OBJS += src/utils/trace.c
-OBJS_p += src/utils/trace.c
-OBJS_c += src/utils/trace.c
-LDFLAGS += -rdynamic
-L_CFLAGS += -funwind-tables
-ifdef CONFIG_WPA_TRACE_BFD
-L_CFLAGS += -DWPA_TRACE_BFD
-LIBS += -lbfd
-LIBS_p += -lbfd
-LIBS_c += -lbfd
-endif
-endif
-
-ifndef CONFIG_ELOOP
-CONFIG_ELOOP=eloop
-endif
-OBJS += src/utils/$(CONFIG_ELOOP).c
-OBJS_c += src/utils/$(CONFIG_ELOOP).c
-
-ifdef CONFIG_ELOOP_POLL
-L_CFLAGS += -DCONFIG_ELOOP_POLL
-endif
-
-ifdef CONFIG_ELOOP_EPOLL
-L_CFLAGS += -DCONFIG_ELOOP_EPOLL
-endif
-
-ifdef CONFIG_EAPOL_TEST
-L_CFLAGS += -Werror -DEAPOL_TEST
-endif
-
-ifdef CONFIG_HT_OVERRIDES
-L_CFLAGS += -DCONFIG_HT_OVERRIDES
-endif
-
-ifdef CONFIG_VHT_OVERRIDES
-L_CFLAGS += -DCONFIG_VHT_OVERRIDES
-endif
-
-ifdef CONFIG_HE_OVERRIDES
-L_CFLAGS += -DCONFIG_HE_OVERRIDES
-endif
-
-ifndef CONFIG_BACKEND
-CONFIG_BACKEND=file
-endif
-
-ifeq ($(CONFIG_BACKEND), file)
-OBJS += config_file.c
-ifndef CONFIG_NO_CONFIG_BLOBS
-NEED_BASE64=y
-endif
-L_CFLAGS += -DCONFIG_BACKEND_FILE
-endif
-
-ifeq ($(CONFIG_BACKEND), winreg)
-OBJS += config_winreg.c
-endif
-
-ifeq ($(CONFIG_BACKEND), none)
-OBJS += config_none.c
-endif
-
-ifdef CONFIG_NO_CONFIG_WRITE
-L_CFLAGS += -DCONFIG_NO_CONFIG_WRITE
-endif
-
-ifdef CONFIG_NO_CONFIG_BLOBS
-L_CFLAGS += -DCONFIG_NO_CONFIG_BLOBS
-endif
-
-ifdef CONFIG_NO_SCAN_PROCESSING
-L_CFLAGS += -DCONFIG_NO_SCAN_PROCESSING
-endif
-
-ifdef CONFIG_SUITEB
-L_CFLAGS += -DCONFIG_SUITEB
-endif
-
-ifdef CONFIG_SUITEB192
-L_CFLAGS += -DCONFIG_SUITEB192
-NEED_SHA384=y
-endif
-
-ifdef CONFIG_OCV
-L_CFLAGS += -DCONFIG_OCV
-OBJS += src/common/ocv.c
-endif
-
-ifdef CONFIG_IEEE80211R
-L_CFLAGS += -DCONFIG_IEEE80211R
-OBJS += src/rsn_supp/wpa_ft.c
-endif
-
-ifdef CONFIG_MESH
-NEED_80211_COMMON=y
-NEED_AES_SIV=y
-CONFIG_SAE=y
-CONFIG_AP=y
-L_CFLAGS += -DCONFIG_MESH
-OBJS += mesh.c
-OBJS += mesh_mpm.c
-OBJS += mesh_rsn.c
-endif
-
-ifdef CONFIG_SAE
-L_CFLAGS += -DCONFIG_SAE
-OBJS += src/common/sae.c
-ifdef CONFIG_SAE_PK
-L_CFLAGS += -DCONFIG_SAE_PK
-OBJS += src/common/sae_pk.c
-endif
-NEED_ECC=y
-NEED_DH_GROUPS=y
-NEED_HMAC_SHA256_KDF=y
-NEED_DRAGONFLY=y
-ifdef CONFIG_TESTING_OPTIONS
-NEED_DH_GROUPS_ALL=y
-endif
-endif
-
-ifdef CONFIG_DPP
-L_CFLAGS += -DCONFIG_DPP
-OBJS += src/common/dpp.c
-OBJS += src/common/dpp_auth.c
-OBJS += src/common/dpp_backup.c
-OBJS += src/common/dpp_crypto.c
-OBJS += src/common/dpp_pkex.c
-OBJS += src/common/dpp_reconfig.c
-OBJS += src/common/dpp_tcp.c
-OBJS += dpp_supplicant.c
-NEED_AES_SIV=y
-NEED_HMAC_SHA256_KDF=y
-NEED_HMAC_SHA384_KDF=y
-NEED_HMAC_SHA512_KDF=y
-NEED_SHA384=y
-NEED_SHA512=y
-NEED_ECC=y
-NEED_JSON=y
-NEED_GAS_SERVER=y
-NEED_BASE64=y
-NEED_ASN1=y
-ifdef CONFIG_DPP2
-L_CFLAGS += -DCONFIG_DPP2
-endif
-ifdef CONFIG_DPP3
-L_CFLAGS += -DCONFIG_DPP3
-endif
-endif
-
-ifdef CONFIG_OWE
-L_CFLAGS += -DCONFIG_OWE
-NEED_ECC=y
-NEED_HMAC_SHA256_KDF=y
-NEED_HMAC_SHA384_KDF=y
-NEED_HMAC_SHA512_KDF=y
-NEED_SHA384=y
-NEED_SHA512=y
-endif
-
-ifdef CONFIG_FILS
-L_CFLAGS += -DCONFIG_FILS
-NEED_SHA384=y
-NEED_AES_SIV=y
-ifdef CONFIG_FILS_SK_PFS
-L_CFLAGS += -DCONFIG_FILS_SK_PFS
-NEED_ECC=y
-endif
-endif
-
-ifdef CONFIG_MBO
-CONFIG_WNM=y
-endif
-
-ifdef CONFIG_WNM
-L_CFLAGS += -DCONFIG_WNM
-OBJS += wnm_sta.c
-endif
-
-ifdef CONFIG_TDLS
-L_CFLAGS += -DCONFIG_TDLS
-OBJS += src/rsn_supp/tdls.c
-endif
-
-ifdef CONFIG_TDLS_TESTING
-L_CFLAGS += -DCONFIG_TDLS_TESTING
-endif
-
-ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-L_CFLAGS += -DCONFIG_PMKSA_CACHE_EXTERNAL
-endif
-
-ifndef CONFIG_NO_WPA
-OBJS += src/rsn_supp/wpa.c
-OBJS += src/rsn_supp/preauth.c
-OBJS += src/rsn_supp/pmksa_cache.c
-OBJS += src/rsn_supp/wpa_ie.c
-OBJS += src/common/wpa_common.c
-NEED_AES=y
-NEED_SHA1=y
-NEED_MD5=y
-NEED_RC4=y
-else
-L_CFLAGS += -DCONFIG_NO_WPA
-endif
-
-ifdef CONFIG_IBSS_RSN
-NEED_RSN_AUTHENTICATOR=y
-L_CFLAGS += -DCONFIG_IBSS_RSN
-L_CFLAGS += -DCONFIG_NO_VLAN
-OBJS += ibss_rsn.c
-endif
-
-ifdef CONFIG_P2P
-OBJS += p2p_supplicant.c
-OBJS += p2p_supplicant_sd.c
-OBJS += src/p2p/p2p.c
-OBJS += src/p2p/p2p_utils.c
-OBJS += src/p2p/p2p_parse.c
-OBJS += src/p2p/p2p_build.c
-OBJS += src/p2p/p2p_go_neg.c
-OBJS += src/p2p/p2p_sd.c
-OBJS += src/p2p/p2p_pd.c
-OBJS += src/p2p/p2p_invitation.c
-OBJS += src/p2p/p2p_dev_disc.c
-OBJS += src/p2p/p2p_group.c
-OBJS += src/ap/p2p_hostapd.c
-L_CFLAGS += -DCONFIG_P2P
-NEED_GAS=y
-NEED_OFFCHANNEL=y
-CONFIG_WPS=y
-CONFIG_AP=y
-ifdef CONFIG_P2P_STRICT
-L_CFLAGS += -DCONFIG_P2P_STRICT
-endif
-ifdef CONFIG_WIFI_DISPLAY
-L_CFLAGS += -DCONFIG_WIFI_DISPLAY
-OBJS += wifi_display.c
-endif
-endif
-
-ifdef CONFIG_PASN
-L_CFLAGS += -DCONFIG_PASN
-L_CFLAGS += -DCONFIG_PTKSA_CACHE
-NEED_HMAC_SHA256_KDF=y
-NEED_HMAC_SHA384_KDF=y
-NEED_SHA256=y
-NEED_SHA384=y
-OBJS += src/common/ptksa_cache.c
-OBJS += pasn_supplicant.c
-endif
-
-ifdef CONFIG_HS20
-OBJS += hs20_supplicant.c
-L_CFLAGS += -DCONFIG_HS20
-CONFIG_INTERWORKING=y
-endif
-
-ifdef CONFIG_INTERWORKING
-OBJS += interworking.c
-L_CFLAGS += -DCONFIG_INTERWORKING
-NEED_GAS=y
-endif
-
-ifdef CONFIG_FST
-L_CFLAGS += -DCONFIG_FST
-OBJS += src/fst/fst.c
-OBJS += src/fst/fst_session.c
-OBJS += src/fst/fst_iface.c
-OBJS += src/fst/fst_group.c
-OBJS += src/fst/fst_ctrl_aux.c
-ifdef CONFIG_FST_TEST
-L_CFLAGS += -DCONFIG_FST_TEST
-endif
-ifdef CONFIG_CTRL_IFACE
-OBJS += src/fst/fst_ctrl_iface.c
-endif
-endif
-
-ifdef CONFIG_WEP
-L_CFLAGS += -DCONFIG_WEP
-endif
-
-ifdef CONFIG_NO_TKIP
-L_CFLAGS += -DCONFIG_NO_TKIP
-endif
-
-
-include $(LOCAL_PATH)/src/drivers/drivers.mk
-
-ifdef CONFIG_AP
-OBJS_d += $(DRV_BOTH_OBJS)
-L_CFLAGS += $(DRV_BOTH_CFLAGS)
-LDFLAGS += $(DRV_BOTH_LDFLAGS)
-LIBS += $(DRV_BOTH_LIBS)
-else
-NEED_AP_MLME=
-OBJS_d += $(DRV_WPA_OBJS)
-L_CFLAGS += $(DRV_WPA_CFLAGS)
-LDFLAGS += $(DRV_WPA_LDFLAGS)
-LIBS += $(DRV_WPA_LIBS)
-endif
-
-ifndef CONFIG_L2_PACKET
-CONFIG_L2_PACKET=linux
-endif
-
-OBJS_l2 += src/l2_packet/l2_packet_$(CONFIG_L2_PACKET).c
-
-ifeq ($(CONFIG_L2_PACKET), pcap)
-ifdef CONFIG_WINPCAP
-L_CFLAGS += -DCONFIG_WINPCAP
-LIBS += -lwpcap -lpacket
-LIBS_w += -lwpcap
-else
-LIBS += -ldnet -lpcap
-endif
-endif
-
-ifeq ($(CONFIG_L2_PACKET), winpcap)
-LIBS += -lwpcap -lpacket
-LIBS_w += -lwpcap
-endif
-
-ifeq ($(CONFIG_L2_PACKET), freebsd)
-LIBS += -lpcap
-endif
-
-ifdef CONFIG_ERP
-L_CFLAGS += -DCONFIG_ERP
-NEED_HMAC_SHA256_KDF=y
-endif
-
-ifdef CONFIG_EAP_TLS
-# EAP-TLS
-ifeq ($(CONFIG_EAP_TLS), dyn)
-L_CFLAGS += -DEAP_TLS_DYNAMIC
-EAPDYN += src/eap_peer/eap_tls.so
-else
-L_CFLAGS += -DEAP_TLS
-OBJS += src/eap_peer/eap_tls.c
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_UNAUTH_TLS
-# EAP-UNAUTH-TLS
-L_CFLAGS += -DEAP_UNAUTH_TLS
-ifndef CONFIG_EAP_TLS
-OBJS += src/eap_peer/eap_tls.c
-TLS_FUNCS=y
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_PEAP
-# EAP-PEAP
-ifeq ($(CONFIG_EAP_PEAP), dyn)
-L_CFLAGS += -DEAP_PEAP_DYNAMIC
-EAPDYN += src/eap_peer/eap_peap.so
-else
-L_CFLAGS += -DEAP_PEAP
-OBJS += src/eap_peer/eap_peap.c
-OBJS += src/eap_common/eap_peap_common.c
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_TTLS
-# EAP-TTLS
-ifeq ($(CONFIG_EAP_TTLS), dyn)
-L_CFLAGS += -DEAP_TTLS_DYNAMIC
-EAPDYN += src/eap_peer/eap_ttls.so
-else
-L_CFLAGS += -DEAP_TTLS
-OBJS += src/eap_peer/eap_ttls.c
-endif
-TLS_FUNCS=y
-ifndef CONFIG_FIPS
-MS_FUNCS=y
-CHAP=y
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_MD5
-# EAP-MD5
-ifeq ($(CONFIG_EAP_MD5), dyn)
-L_CFLAGS += -DEAP_MD5_DYNAMIC
-EAPDYN += src/eap_peer/eap_md5.so
-else
-L_CFLAGS += -DEAP_MD5
-OBJS += src/eap_peer/eap_md5.c
-endif
-CHAP=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-# backwards compatibility for old spelling
-ifdef CONFIG_MSCHAPV2
-ifndef CONFIG_EAP_MSCHAPV2
-CONFIG_EAP_MSCHAPV2=y
-endif
-endif
-
-ifdef CONFIG_EAP_MSCHAPV2
-# EAP-MSCHAPv2
-ifeq ($(CONFIG_EAP_MSCHAPV2), dyn)
-L_CFLAGS += -DEAP_MSCHAPv2_DYNAMIC
-EAPDYN += src/eap_peer/eap_mschapv2.so
-EAPDYN += src/eap_peer/mschapv2.so
-else
-L_CFLAGS += -DEAP_MSCHAPv2
-OBJS += src/eap_peer/eap_mschapv2.c
-OBJS += src/eap_peer/mschapv2.c
-endif
-MS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_GTC
-# EAP-GTC
-ifeq ($(CONFIG_EAP_GTC), dyn)
-L_CFLAGS += -DEAP_GTC_DYNAMIC
-EAPDYN += src/eap_peer/eap_gtc.so
-else
-L_CFLAGS += -DEAP_GTC
-OBJS += src/eap_peer/eap_gtc.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_OTP
-# EAP-OTP
-ifeq ($(CONFIG_EAP_OTP), dyn)
-L_CFLAGS += -DEAP_OTP_DYNAMIC
-EAPDYN += src/eap_peer/eap_otp.so
-else
-L_CFLAGS += -DEAP_OTP
-OBJS += src/eap_peer/eap_otp.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_SIM
-# EAP-SIM
-ifeq ($(CONFIG_EAP_SIM), dyn)
-L_CFLAGS += -DEAP_SIM_DYNAMIC
-EAPDYN += src/eap_peer/eap_sim.so
-else
-L_CFLAGS += -DEAP_SIM
-OBJS += src/eap_peer/eap_sim.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_EAP_SIM_COMMON=y
-NEED_AES_CBC=y
-endif
-
-ifdef CONFIG_EAP_LEAP
-# EAP-LEAP
-ifeq ($(CONFIG_EAP_LEAP), dyn)
-L_CFLAGS += -DEAP_LEAP_DYNAMIC
-EAPDYN += src/eap_peer/eap_leap.so
-else
-L_CFLAGS += -DEAP_LEAP
-OBJS += src/eap_peer/eap_leap.c
-endif
-MS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_PSK
-# EAP-PSK
-ifeq ($(CONFIG_EAP_PSK), dyn)
-L_CFLAGS += -DEAP_PSK_DYNAMIC
-EAPDYN += src/eap_peer/eap_psk.so
-else
-L_CFLAGS += -DEAP_PSK
-OBJS += src/eap_peer/eap_psk.c src/eap_common/eap_psk_common.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-NEED_AES=y
-NEED_AES_ENCBLOCK=y
-NEED_AES_EAX=y
-endif
-
-ifdef CONFIG_EAP_AKA
-# EAP-AKA
-ifeq ($(CONFIG_EAP_AKA), dyn)
-L_CFLAGS += -DEAP_AKA_DYNAMIC
-EAPDYN += src/eap_peer/eap_aka.so
-else
-L_CFLAGS += -DEAP_AKA
-OBJS += src/eap_peer/eap_aka.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_EAP_SIM_COMMON=y
-NEED_AES_CBC=y
-endif
-
-ifdef CONFIG_EAP_PROXY
-L_CFLAGS += -DCONFIG_EAP_PROXY
-OBJS += src/eap_peer/eap_proxy_$(CONFIG_EAP_PROXY).c
-include $(LOCAL_PATH)/eap_proxy_$(CONFIG_EAP_PROXY).mk
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_AKA_PRIME
-# EAP-AKA'
-ifeq ($(CONFIG_EAP_AKA_PRIME), dyn)
-L_CFLAGS += -DEAP_AKA_PRIME_DYNAMIC
-else
-L_CFLAGS += -DEAP_AKA_PRIME
-endif
-endif
-
-ifdef CONFIG_EAP_SIM_COMMON
-OBJS += src/eap_common/eap_sim_common.c
-NEED_AES=y
-NEED_FIPS186_2_PRF=y
-endif
-
-ifdef CONFIG_EAP_FAST
-# EAP-FAST
-ifeq ($(CONFIG_EAP_FAST), dyn)
-L_CFLAGS += -DEAP_FAST_DYNAMIC
-EAPDYN += src/eap_peer/eap_fast.so
-EAPDYN += src/eap_common/eap_fast_common.c
-else
-L_CFLAGS += -DEAP_FAST
-OBJS += src/eap_peer/eap_fast.c src/eap_peer/eap_fast_pac.c
-OBJS += src/eap_common/eap_fast_common.c
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-NEED_T_PRF=y
-endif
-
-ifdef CONFIG_EAP_TEAP
-# EAP-TEAP
-ifeq ($(CONFIG_EAP_TEAP), dyn)
-L_CFLAGS += -DEAP_YEAP_DYNAMIC
-EAPDYN += src/eap_peer/eap_teap.so
-EAPDYN += src/eap_common/eap_teap_common.c
-else
-L_CFLAGS += -DEAP_TEAP
-OBJS += src/eap_peer/eap_teap.c src/eap_peer/eap_teap_pac.c
-OBJS += src/eap_common/eap_teap_common.c
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-NEED_T_PRF=y
-NEED_SHA384=y
-NEED_TLS_PRF_SHA256=y
-NEED_TLS_PRF_SHA384=y
-endif
-
-ifdef CONFIG_EAP_PAX
-# EAP-PAX
-ifeq ($(CONFIG_EAP_PAX), dyn)
-L_CFLAGS += -DEAP_PAX_DYNAMIC
-EAPDYN += src/eap_peer/eap_pax.so
-else
-L_CFLAGS += -DEAP_PAX
-OBJS += src/eap_peer/eap_pax.c src/eap_common/eap_pax_common.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_SAKE
-# EAP-SAKE
-ifeq ($(CONFIG_EAP_SAKE), dyn)
-L_CFLAGS += -DEAP_SAKE_DYNAMIC
-EAPDYN += src/eap_peer/eap_sake.so
-else
-L_CFLAGS += -DEAP_SAKE
-OBJS += src/eap_peer/eap_sake.c src/eap_common/eap_sake_common.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_GPSK
-# EAP-GPSK
-ifeq ($(CONFIG_EAP_GPSK), dyn)
-L_CFLAGS += -DEAP_GPSK_DYNAMIC
-EAPDYN += src/eap_peer/eap_gpsk.so
-else
-L_CFLAGS += -DEAP_GPSK
-OBJS += src/eap_peer/eap_gpsk.c src/eap_common/eap_gpsk_common.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-ifdef CONFIG_EAP_GPSK_SHA256
-L_CFLAGS += -DEAP_GPSK_SHA256
-endif
-endif
-
-ifdef CONFIG_EAP_PWD
-L_CFLAGS += -DEAP_PWD
-OBJS += src/eap_peer/eap_pwd.c src/eap_common/eap_pwd_common.c
-CONFIG_IEEE8021X_EAPOL=y
-NEED_ECC=y
-NEED_DRAGONFLY=y
-endif
-
-ifdef CONFIG_EAP_EKE
-# EAP-EKE
-ifeq ($(CONFIG_EAP_EKE), dyn)
-L_CFLAGS += -DEAP_EKE_DYNAMIC
-EAPDYN += src/eap_peer/eap_eke.so
-else
-L_CFLAGS += -DEAP_EKE
-OBJS += src/eap_peer/eap_eke.c src/eap_common/eap_eke_common.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-NEED_DH_GROUPS=y
-NEED_DH_GROUPS_ALL=y
-NEED_AES_CBC=y
-endif
-
-ifdef CONFIG_WPS
-# EAP-WSC
-L_CFLAGS += -DCONFIG_WPS -DEAP_WSC
-OBJS += wps_supplicant.c
-OBJS += src/utils/uuid.c
-OBJS += src/eap_peer/eap_wsc.c src/eap_common/eap_wsc_common.c
-OBJS += src/wps/wps.c
-OBJS += src/wps/wps_common.c
-OBJS += src/wps/wps_attr_parse.c
-OBJS += src/wps/wps_attr_build.c
-OBJS += src/wps/wps_attr_process.c
-OBJS += src/wps/wps_dev_attr.c
-OBJS += src/wps/wps_enrollee.c
-OBJS += src/wps/wps_registrar.c
-CONFIG_IEEE8021X_EAPOL=y
-NEED_DH_GROUPS=y
-NEED_BASE64=y
-NEED_AES_CBC=y
-NEED_MODEXP=y
-
-ifdef CONFIG_WPS_NFC
-L_CFLAGS += -DCONFIG_WPS_NFC
-OBJS += src/wps/ndef.c
-NEED_WPS_OOB=y
-endif
-
-ifdef NEED_WPS_OOB
-L_CFLAGS += -DCONFIG_WPS_OOB
-endif
-
-ifdef CONFIG_WPS_ER
-CONFIG_WPS_UPNP=y
-L_CFLAGS += -DCONFIG_WPS_ER
-OBJS += src/wps/wps_er.c
-OBJS += src/wps/wps_er_ssdp.c
-endif
-
-ifdef CONFIG_WPS_UPNP
-L_CFLAGS += -DCONFIG_WPS_UPNP
-OBJS += src/wps/wps_upnp.c
-OBJS += src/wps/wps_upnp_ssdp.c
-OBJS += src/wps/wps_upnp_web.c
-OBJS += src/wps/wps_upnp_event.c
-OBJS += src/wps/wps_upnp_ap.c
-OBJS += src/wps/upnp_xml.c
-OBJS += src/wps/httpread.c
-OBJS += src/wps/http_client.c
-OBJS += src/wps/http_server.c
-endif
-
-ifdef CONFIG_WPS_STRICT
-L_CFLAGS += -DCONFIG_WPS_STRICT
-OBJS += src/wps/wps_validate.c
-endif
-
-ifdef CONFIG_WPS_TESTING
-L_CFLAGS += -DCONFIG_WPS_TESTING
-endif
-
-ifdef CONFIG_WPS_REG_DISABLE_OPEN
-L_CFLAGS += -DCONFIG_WPS_REG_DISABLE_OPEN
-endif
-
-endif
-
-ifdef CONFIG_EAP_IKEV2
-# EAP-IKEv2
-ifeq ($(CONFIG_EAP_IKEV2), dyn)
-L_CFLAGS += -DEAP_IKEV2_DYNAMIC
-EAPDYN += src/eap_peer/eap_ikev2.so src/eap_peer/ikev2.c
-EAPDYN += src/eap_common/eap_ikev2_common.c src/eap_common/ikev2_common.c
-else
-L_CFLAGS += -DEAP_IKEV2
-OBJS += src/eap_peer/eap_ikev2.c src/eap_peer/ikev2.c
-OBJS += src/eap_common/eap_ikev2_common.c src/eap_common/ikev2_common.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-NEED_DH_GROUPS=y
-NEED_DH_GROUPS_ALL=y
-NEED_MODEXP=y
-NEED_CIPHER=y
-endif
-
-ifdef CONFIG_EAP_VENDOR_TEST
-ifeq ($(CONFIG_EAP_VENDOR_TEST), dyn)
-L_CFLAGS += -DEAP_VENDOR_TEST_DYNAMIC
-EAPDYN += src/eap_peer/eap_vendor_test.so
-else
-L_CFLAGS += -DEAP_VENDOR_TEST
-OBJS += src/eap_peer/eap_vendor_test.c
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_TNC
-# EAP-TNC
-L_CFLAGS += -DEAP_TNC
-OBJS += src/eap_peer/eap_tnc.c
-OBJS += src/eap_peer/tncc.c
-NEED_BASE64=y
-ifndef CONFIG_NATIVE_WINDOWS
-ifndef CONFIG_DRIVER_BSD
-LIBS += -ldl
-endif
-endif
-endif
-
-ifdef CONFIG_IEEE8021X_EAPOL
-# IEEE 802.1X/EAPOL state machines (e.g., for RADIUS authentication)
-L_CFLAGS += -DIEEE8021X_EAPOL
-OBJS += src/eapol_supp/eapol_supp_sm.c
-OBJS += src/eap_peer/eap.c src/eap_peer/eap_methods.c
-NEED_EAP_COMMON=y
-ifdef CONFIG_DYNAMIC_EAP_METHODS
-L_CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
-LIBS += -ldl -rdynamic
-endif
-endif
-
-ifdef CONFIG_AP
-NEED_EAP_COMMON=y
-NEED_RSN_AUTHENTICATOR=y
-L_CFLAGS += -DCONFIG_AP
-OBJS += ap.c
-L_CFLAGS += -DCONFIG_NO_RADIUS
-L_CFLAGS += -DCONFIG_NO_ACCOUNTING
-L_CFLAGS += -DCONFIG_NO_VLAN
-OBJS += src/ap/hostapd.c
-OBJS += src/ap/wpa_auth_glue.c
-OBJS += src/ap/utils.c
-OBJS += src/ap/authsrv.c
-OBJS += src/ap/ap_config.c
-OBJS += src/ap/sta_info.c
-OBJS += src/ap/tkip_countermeasures.c
-OBJS += src/ap/ap_mlme.c
-OBJS += src/ap/ieee802_1x.c
-OBJS += src/eapol_auth/eapol_auth_sm.c
-OBJS += src/ap/ieee802_11_auth.c
-OBJS += src/ap/ieee802_11_shared.c
-OBJS += src/ap/drv_callbacks.c
-OBJS += src/ap/ap_drv_ops.c
-OBJS += src/ap/beacon.c
-OBJS += src/ap/bss_load.c
-OBJS += src/ap/eap_user_db.c
-OBJS += src/ap/neighbor_db.c
-OBJS += src/ap/rrm.c
-OBJS += src/ap/ieee802_11_ht.c
-ifdef CONFIG_IEEE80211AC
-OBJS += src/ap/ieee802_11_vht.c
-endif
-ifdef CONFIG_IEEE80211AX
-OBJS += src/ap/ieee802_11_he.c
-endif
-ifdef CONFIG_WNM_AP
-L_CFLAGS += -DCONFIG_WNM_AP
-OBJS += src/ap/wnm_ap.c
-endif
-ifdef CONFIG_MBO
-OBJS += src/ap/mbo_ap.c
-endif
-ifdef CONFIG_FILS
-OBJS += src/ap/fils_hlp.c
-endif
-ifdef CONFIG_CTRL_IFACE
-OBJS += src/ap/ctrl_iface_ap.c
-endif
-
-L_CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
-OBJS += src/eap_server/eap_server.c
-OBJS += src/eap_server/eap_server_identity.c
-OBJS += src/eap_server/eap_server_methods.c
-
-ifdef CONFIG_IEEE80211AC
-L_CFLAGS += -DCONFIG_IEEE80211AC
-endif
-ifdef CONFIG_IEEE80211AX
-L_CFLAGS += -DCONFIG_IEEE80211AX
-endif
-
-ifdef NEED_AP_MLME
-OBJS += src/ap/wmm.c
-OBJS += src/ap/ap_list.c
-OBJS += src/ap/ieee802_11.c
-OBJS += src/ap/hw_features.c
-OBJS += src/ap/dfs.c
-L_CFLAGS += -DNEED_AP_MLME
-endif
-ifdef CONFIG_WPS
-L_CFLAGS += -DEAP_SERVER_WSC
-OBJS += src/ap/wps_hostapd.c
-OBJS += src/eap_server/eap_server_wsc.c
-endif
-ifdef CONFIG_DPP
-OBJS += src/ap/dpp_hostapd.c
-OBJS += src/ap/gas_query_ap.c
-NEED_AP_GAS_SERV=y
-endif
-ifdef CONFIG_INTERWORKING
-NEED_AP_GAS_SERV=y
-endif
-ifdef NEED_AP_GAS_SERV
-OBJS += src/ap/gas_serv.c
-endif
-ifdef CONFIG_HS20
-OBJS += src/ap/hs20.c
-endif
-endif
-
-ifdef CONFIG_MBO
-OBJS += mbo.c
-L_CFLAGS += -DCONFIG_MBO
-endif
-
-ifdef CONFIG_TESTING_OPTIONS
-L_CFLAGS += -DCONFIG_TESTING_OPTIONS
-endif
-
-ifdef NEED_RSN_AUTHENTICATOR
-L_CFLAGS += -DCONFIG_NO_RADIUS
-NEED_AES_WRAP=y
-OBJS += src/ap/wpa_auth.c
-OBJS += src/ap/wpa_auth_ie.c
-OBJS += src/ap/pmksa_cache_auth.c
-endif
-
-ifdef CONFIG_ACS
-L_CFLAGS += -DCONFIG_ACS
-OBJS += src/ap/acs.c
-LIBS += -lm
-endif
-
-ifdef CONFIG_PCSC
-# PC/SC interface for smartcards (USIM, GSM SIM)
-L_CFLAGS += -DPCSC_FUNCS -I/usr/include/PCSC
-OBJS += src/utils/pcsc_funcs.c
-# -lpthread may not be needed depending on how pcsc-lite was configured
-ifdef CONFIG_NATIVE_WINDOWS
-#Once MinGW gets support for WinScard, -lwinscard could be used instead of the
-#dynamic symbol loading that is now used in pcsc_funcs.c
-#LIBS += -lwinscard
-else
-LIBS += -lpcsclite -lpthread
-endif
-endif
-
-ifdef CONFIG_SIM_SIMULATOR
-L_CFLAGS += -DCONFIG_SIM_SIMULATOR
-NEED_MILENAGE=y
-endif
-
-ifdef CONFIG_USIM_SIMULATOR
-L_CFLAGS += -DCONFIG_USIM_SIMULATOR
-NEED_MILENAGE=y
-endif
-
-ifdef NEED_MILENAGE
-OBJS += src/crypto/milenage.c
-NEED_AES_ENCBLOCK=y
-endif
-
-ifdef CONFIG_PKCS12
-L_CFLAGS += -DPKCS12_FUNCS
-endif
-
-ifdef CONFIG_SMARTCARD
-L_CFLAGS += -DCONFIG_SMARTCARD
-endif
-
-ifdef NEED_DRAGONFLY
-OBJS += src/common/dragonfly.c
-endif
-
-ifdef MS_FUNCS
-OBJS += src/crypto/ms_funcs.c
-NEED_DES=y
-NEED_MD4=y
-endif
-
-ifdef CHAP
-OBJS += src/eap_common/chap.c
-endif
-
-ifdef TLS_FUNCS
-NEED_DES=y
-# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, and EAP_FAST)
-OBJS += src/eap_peer/eap_tls_common.c
-ifndef CONFIG_FIPS
-NEED_TLS_PRF=y
-NEED_SHA1=y
-NEED_MD5=y
-endif
-endif
-
-ifndef CONFIG_TLS
-CONFIG_TLS=openssl
-endif
-
-ifdef CONFIG_TLSV11
-L_CFLAGS += -DCONFIG_TLSV11
-endif
-
-ifdef CONFIG_TLSV12
-L_CFLAGS += -DCONFIG_TLSV12
-endif
-
-ifeq ($(CONFIG_TLS), openssl)
-ifdef TLS_FUNCS
-L_CFLAGS += -DEAP_TLS_OPENSSL
-OBJS += src/crypto/tls_openssl.c
-OBJS += src/crypto/tls_openssl_ocsp.c
-LIBS += -lssl
-endif
-OBJS += src/crypto/crypto_openssl.c
-OBJS_p += src/crypto/crypto_openssl.c
-ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_openssl.c
-endif
-NEED_TLS_PRF_SHA256=y
-LIBS += -lcrypto
-LIBS_p += -lcrypto
-ifdef CONFIG_TLS_ADD_DL
-LIBS += -ldl
-LIBS_p += -ldl
-endif
-ifndef CONFIG_TLS_DEFAULT_CIPHERS
-CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW"
-endif
-L_CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
-endif
-
-ifeq ($(CONFIG_TLS), gnutls)
-ifndef CONFIG_CRYPTO
-# default to libgcrypt
-CONFIG_CRYPTO=gnutls
-endif
-ifdef TLS_FUNCS
-OBJS += src/crypto/tls_gnutls.c
-LIBS += -lgnutls -lgpg-error
-endif
-OBJS += src/crypto/crypto_$(CONFIG_CRYPTO).c
-OBJS_p += src/crypto/crypto_$(CONFIG_CRYPTO).c
-ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_internal.c
-OBJS += src/crypto/sha1-internal.c
-endif
-ifeq ($(CONFIG_CRYPTO), gnutls)
-LIBS += -lgcrypt
-LIBS_p += -lgcrypt
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-ifeq ($(CONFIG_CRYPTO), nettle)
-LIBS += -lnettle -lgmp
-LIBS_p += -lnettle -lgmp
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-endif
-
-ifeq ($(CONFIG_TLS), internal)
-ifndef CONFIG_CRYPTO
-CONFIG_CRYPTO=internal
-endif
-ifdef TLS_FUNCS
-OBJS += src/crypto/crypto_internal-rsa.c
-OBJS += src/crypto/tls_internal.c
-OBJS += src/tls/tlsv1_common.c
-OBJS += src/tls/tlsv1_record.c
-OBJS += src/tls/tlsv1_cred.c
-OBJS += src/tls/tlsv1_client.c
-OBJS += src/tls/tlsv1_client_write.c
-OBJS += src/tls/tlsv1_client_read.c
-OBJS += src/tls/tlsv1_client_ocsp.c
-NEED_ASN1=y
-OBJS += src/tls/rsa.c
-OBJS += src/tls/x509v3.c
-OBJS += src/tls/pkcs1.c
-OBJS += src/tls/pkcs5.c
-OBJS += src/tls/pkcs8.c
-NEED_BASE64=y
-NEED_TLS_PRF=y
-ifdef CONFIG_TLSV12
-NEED_TLS_PRF_SHA256=y
-endif
-NEED_MODEXP=y
-NEED_CIPHER=y
-L_CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
-endif
-ifdef NEED_CIPHER
-NEED_DES=y
-OBJS += src/crypto/crypto_internal-cipher.c
-endif
-ifdef NEED_MODEXP
-OBJS += src/crypto/crypto_internal-modexp.c
-OBJS += src/tls/bignum.c
-endif
-ifeq ($(CONFIG_CRYPTO), libtomcrypt)
-OBJS += src/crypto/crypto_libtomcrypt.c
-OBJS_p += src/crypto/crypto_libtomcrypt.c
-LIBS += -ltomcrypt -ltfm
-LIBS_p += -ltomcrypt -ltfm
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-ifeq ($(CONFIG_CRYPTO), internal)
-OBJS += src/crypto/crypto_internal.c
-OBJS_p += src/crypto/crypto_internal.c
-NEED_AES_ENC=y
-L_CFLAGS += -DCONFIG_CRYPTO_INTERNAL
-ifdef CONFIG_INTERNAL_LIBTOMMATH
-L_CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
-ifdef CONFIG_INTERNAL_LIBTOMMATH_FAST
-L_CFLAGS += -DLTM_FAST
-endif
-else
-LIBS += -ltommath
-LIBS_p += -ltommath
-endif
-CONFIG_INTERNAL_AES=y
-CONFIG_INTERNAL_DES=y
-CONFIG_INTERNAL_SHA1=y
-CONFIG_INTERNAL_MD4=y
-CONFIG_INTERNAL_MD5=y
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_SHA384=y
-CONFIG_INTERNAL_SHA512=y
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-ifeq ($(CONFIG_CRYPTO), cryptoapi)
-OBJS += src/crypto/crypto_cryptoapi.c
-OBJS_p += src/crypto/crypto_cryptoapi.c
-L_CFLAGS += -DCONFIG_CRYPTO_CRYPTOAPI
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_RC4=y
-endif
-endif
-
-ifeq ($(CONFIG_TLS), none)
-ifdef TLS_FUNCS
-OBJS += src/crypto/tls_none.c
-L_CFLAGS += -DEAP_TLS_NONE
-CONFIG_INTERNAL_AES=y
-CONFIG_INTERNAL_SHA1=y
-CONFIG_INTERNAL_MD5=y
-endif
-OBJS += src/crypto/crypto_none.c
-OBJS_p += src/crypto/crypto_none.c
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_RC4=y
-endif
-
-ifdef TLS_FUNCS
-ifdef CONFIG_SMARTCARD
-ifndef CONFIG_NATIVE_WINDOWS
-ifneq ($(CONFIG_L2_PACKET), freebsd)
-LIBS += -ldl
-endif
-endif
-endif
-endif
-
-ifndef TLS_FUNCS
-OBJS += src/crypto/tls_none.c
-ifeq ($(CONFIG_TLS), internal)
-CONFIG_INTERNAL_AES=y
-CONFIG_INTERNAL_SHA1=y
-CONFIG_INTERNAL_MD5=y
-CONFIG_INTERNAL_RC4=y
-endif
-endif
-
-AESOBJS = # none so far (see below)
-ifdef CONFIG_INTERNAL_AES
-AESOBJS += src/crypto/aes-internal.c src/crypto/aes-internal-dec.c
-endif
-
-ifneq ($(CONFIG_TLS), openssl)
-NEED_INTERNAL_AES_WRAP=y
-endif
-ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
-# Seems to be needed at least with BoringSSL
-NEED_INTERNAL_AES_WRAP=y
-L_CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
-endif
-ifdef CONFIG_FIPS
-# Have to use internal AES key wrap routines to use OpenSSL EVP since the
-# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.
-NEED_INTERNAL_AES_WRAP=y
-endif
-
-ifdef NEED_INTERNAL_AES_WRAP
-AESOBJS += src/crypto/aes-unwrap.c
-endif
-ifdef NEED_AES_EAX
-AESOBJS += src/crypto/aes-eax.c
-NEED_AES_CTR=y
-endif
-ifdef NEED_AES_SIV
-AESOBJS += src/crypto/aes-siv.c
-NEED_AES_CTR=y
-endif
-ifdef NEED_AES_CTR
-AESOBJS += src/crypto/aes-ctr.c
-endif
-ifdef NEED_AES_ENCBLOCK
-AESOBJS += src/crypto/aes-encblock.c
-endif
-NEED_AES_ENC=y
-ifdef CONFIG_OPENSSL_CMAC
-L_CFLAGS += -DCONFIG_OPENSSL_CMAC
-else
-AESOBJS += src/crypto/aes-omac1.c
-endif
-ifdef NEED_AES_WRAP
-NEED_AES_ENC=y
-ifdef NEED_INTERNAL_AES_WRAP
-AESOBJS += src/crypto/aes-wrap.c
-endif
-endif
-ifdef NEED_AES_CBC
-NEED_AES_ENC=y
-ifneq ($(CONFIG_TLS), openssl)
-AESOBJS += src/crypto/aes-cbc.c
-endif
-endif
-ifdef NEED_AES_ENC
-ifdef CONFIG_INTERNAL_AES
-AESOBJS += src/crypto/aes-internal-enc.c
-endif
-endif
-ifdef NEED_AES
-OBJS += $(AESOBJS)
-endif
-
-SHA1OBJS =
-ifdef NEED_SHA1
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), gnutls)
-SHA1OBJS += src/crypto/sha1.c
-endif
-endif
-SHA1OBJS += src/crypto/sha1-prf.c
-ifdef CONFIG_INTERNAL_SHA1
-SHA1OBJS += src/crypto/sha1-internal.c
-ifdef NEED_FIPS186_2_PRF
-SHA1OBJS += src/crypto/fips_prf_internal.c
-endif
-endif
-ifdef CONFIG_NO_WPA_PASSPHRASE
-L_CFLAGS += -DCONFIG_NO_PBKDF2
-else
-ifneq ($(CONFIG_TLS), openssl)
-SHA1OBJS += src/crypto/sha1-pbkdf2.c
-endif
-endif
-ifdef NEED_T_PRF
-SHA1OBJS += src/crypto/sha1-tprf.c
-endif
-ifdef NEED_TLS_PRF
-SHA1OBJS += src/crypto/sha1-tlsprf.c
-endif
-endif
-
-MD5OBJS =
-ifndef CONFIG_FIPS
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), gnutls)
-MD5OBJS += src/crypto/md5.c
-endif
-endif
-endif
-ifdef NEED_MD5
-ifdef CONFIG_INTERNAL_MD5
-MD5OBJS += src/crypto/md5-internal.c
-endif
-OBJS += $(MD5OBJS)
-OBJS_p += $(MD5OBJS)
-endif
-
-ifdef NEED_MD4
-ifdef CONFIG_INTERNAL_MD4
-OBJS += src/crypto/md4-internal.c
-endif
-endif
-
-DESOBJS = # none needed when not internal
-ifdef NEED_DES
-ifdef CONFIG_INTERNAL_DES
-DESOBJS += src/crypto/des-internal.c
-endif
-endif
-
-ifdef CONFIG_NO_RC4
-L_CFLAGS += -DCONFIG_NO_RC4
-endif
-
-ifdef NEED_RC4
-ifdef CONFIG_INTERNAL_RC4
-ifndef CONFIG_NO_RC4
-OBJS += src/crypto/rc4.c
-endif
-endif
-endif
-
-SHA256OBJS = # none by default
-L_CFLAGS += -DCONFIG_SHA256
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), gnutls)
-SHA256OBJS += src/crypto/sha256.c
-endif
-endif
-SHA256OBJS += src/crypto/sha256-prf.c
-ifdef CONFIG_INTERNAL_SHA256
-SHA256OBJS += src/crypto/sha256-internal.c
-endif
-ifdef CONFIG_INTERNAL_SHA384
-L_CFLAGS += -DCONFIG_INTERNAL_SHA384
-SHA256OBJS += src/crypto/sha384-internal.c
-endif
-ifdef CONFIG_INTERNAL_SHA512
-L_CFLAGS += -DCONFIG_INTERNAL_SHA512
-SHA256OBJS += src/crypto/sha512-internal.c
-endif
-ifdef NEED_TLS_PRF_SHA256
-SHA256OBJS += src/crypto/sha256-tlsprf.c
-endif
-ifdef NEED_TLS_PRF_SHA384
-SHA256OBJS += src/crypto/sha384-tlsprf.c
-endif
-ifdef NEED_HMAC_SHA256_KDF
-L_CFLAGS += -DCONFIG_HMAC_SHA256_KDF
-SHA256OBJS += src/crypto/sha256-kdf.c
-endif
-ifdef NEED_HMAC_SHA384_KDF
-L_CFLAGS += -DCONFIG_HMAC_SHA384_KDF
-SHA256OBJS += src/crypto/sha384-kdf.c
-endif
-ifdef NEED_HMAC_SHA512_KDF
-L_CFLAGS += -DCONFIG_HMAC_SHA512_KDF
-SHA256OBJS += src/crypto/sha512-kdf.c
-endif
-OBJS += $(SHA256OBJS)
-ifdef NEED_SHA384
-L_CFLAGS += -DCONFIG_SHA384
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), gnutls)
-OBJS += src/crypto/sha384.c
-endif
-endif
-OBJS += src/crypto/sha384-prf.c
-endif
-ifdef NEED_SHA512
-L_CFLAGS += -DCONFIG_SHA512
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), gnutls)
-OBJS += src/crypto/sha512.c
-endif
-endif
-OBJS += src/crypto/sha512-prf.c
-endif
-
-ifdef NEED_ASN1
-OBJS += src/tls/asn1.c
-endif
-
-ifdef NEED_DH_GROUPS
-OBJS += src/crypto/dh_groups.c
-endif
-ifdef NEED_DH_GROUPS_ALL
-L_CFLAGS += -DALL_DH_GROUPS
-endif
-ifdef CONFIG_INTERNAL_DH_GROUP5
-ifdef NEED_DH_GROUPS
-OBJS += src/crypto/dh_group5.c
-endif
-endif
-
-ifdef NEED_ECC
-L_CFLAGS += -DCONFIG_ECC
-endif
-
-ifdef CONFIG_NO_RANDOM_POOL
-L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
-else
-OBJS += src/crypto/random.c
-endif
-
-ifdef CONFIG_CTRL_IFACE
-ifeq ($(CONFIG_CTRL_IFACE), y)
-ifdef CONFIG_NATIVE_WINDOWS
-CONFIG_CTRL_IFACE=named_pipe
-else
-CONFIG_CTRL_IFACE=unix
-endif
-endif
-L_CFLAGS += -DCONFIG_CTRL_IFACE
-ifeq ($(CONFIG_CTRL_IFACE), unix)
-L_CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
-OBJS += src/common/ctrl_iface_common.c
-endif
-ifeq ($(CONFIG_CTRL_IFACE), udp)
-L_CFLAGS += -DCONFIG_CTRL_IFACE_UDP
-endif
-ifeq ($(CONFIG_CTRL_IFACE), named_pipe)
-L_CFLAGS += -DCONFIG_CTRL_IFACE_NAMED_PIPE
-endif
-ifeq ($(CONFIG_CTRL_IFACE), udp-remote)
-CONFIG_CTRL_IFACE=udp
-L_CFLAGS += -DCONFIG_CTRL_IFACE_UDP
-L_CFLAGS += -DCONFIG_CTRL_IFACE_UDP_REMOTE
-endif
-OBJS += ctrl_iface.c ctrl_iface_$(CONFIG_CTRL_IFACE).c
-endif
-
-ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-L_CFLAGS += -DCONFIG_CTRL_IFACE_DBUS_NEW
-OBJS += dbus/dbus_dict_helpers.c
-OBJS += dbus/dbus_new_helpers.c
-OBJS += dbus/dbus_new.c dbus/dbus_new_handlers.c
-OBJS += dbus/dbus_common.c
-ifdef CONFIG_WPS
-OBJS += dbus/dbus_new_handlers_wps.c
-endif
-ifdef CONFIG_P2P
-OBJS += dbus/dbus_new_handlers_p2p.c
-endif
-ifdef CONFIG_CTRL_IFACE_DBUS_INTRO
-OBJS += dbus/dbus_new_introspect.c
-L_CFLAGS += -DCONFIG_CTRL_IFACE_DBUS_INTRO
-endif
-L_CFLAGS += $(DBUS_INCLUDE)
-endif
-
-ifdef CONFIG_CTRL_IFACE_BINDER
-WPA_SUPPLICANT_USE_BINDER=y
-L_CFLAGS += -DCONFIG_BINDER -DCONFIG_CTRL_IFACE_BINDER
-endif
-
-ifdef CONFIG_READLINE
-OBJS_c += src/utils/edit_readline.c
-LIBS_c += -lncurses -lreadline
-else
-ifdef CONFIG_WPA_CLI_EDIT
-OBJS_c += src/utils/edit.c
-else
-OBJS_c += src/utils/edit_simple.c
-endif
-endif
-
-ifdef CONFIG_NATIVE_WINDOWS
-L_CFLAGS += -DCONFIG_NATIVE_WINDOWS
-LIBS += -lws2_32 -lgdi32 -lcrypt32
-LIBS_c += -lws2_32
-LIBS_p += -lws2_32 -lgdi32
-ifeq ($(CONFIG_CRYPTO), cryptoapi)
-LIBS_p += -lcrypt32
-endif
-endif
-
-ifdef CONFIG_NO_STDOUT_DEBUG
-L_CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
-ifndef CONFIG_CTRL_IFACE
-L_CFLAGS += -DCONFIG_NO_WPA_MSG
-endif
-endif
-
-ifdef CONFIG_ANDROID_LOG
-L_CFLAGS += -DCONFIG_ANDROID_LOG
-endif
-
-ifdef CONFIG_IPV6
-# for eapol_test only
-L_CFLAGS += -DCONFIG_IPV6
-endif
-
-ifdef NEED_BASE64
-OBJS += src/utils/base64.c
-endif
-
-ifdef NEED_SME
-OBJS += sme.c
-L_CFLAGS += -DCONFIG_SME
-endif
-
-OBJS += src/common/ieee802_11_common.c
-OBJS += src/common/hw_features_common.c
-
-ifdef NEED_EAP_COMMON
-OBJS += src/eap_common/eap_common.c
-endif
-
-ifndef CONFIG_MAIN
-CONFIG_MAIN=main
-endif
-
-ifdef CONFIG_DEBUG_SYSLOG
-L_CFLAGS += -DCONFIG_DEBUG_SYSLOG
-ifdef CONFIG_DEBUG_SYSLOG_FACILITY
-L_CFLAGS += -DLOG_HOSTAPD="$(CONFIG_DEBUG_SYSLOG_FACILITY)"
-endif
-endif
-
-ifdef CONFIG_DEBUG_LINUX_TRACING
-L_CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
-endif
-
-ifdef CONFIG_DEBUG_FILE
-L_CFLAGS += -DCONFIG_DEBUG_FILE
-endif
-
-ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
-L_CFLAGS += -DCONFIG_DELAYED_MIC_ERROR_REPORT
-endif
-
-ifdef CONFIG_FIPS
-L_CFLAGS += -DCONFIG_FIPS
-endif
-
-OBJS += $(SHA1OBJS) $(DESOBJS)
-
-OBJS_p += $(SHA1OBJS)
-OBJS_p += $(SHA256OBJS)
-
-ifdef CONFIG_BGSCAN_SIMPLE
-L_CFLAGS += -DCONFIG_BGSCAN_SIMPLE
-OBJS += bgscan_simple.c
-NEED_BGSCAN=y
-endif
-
-ifdef CONFIG_BGSCAN_LEARN
-L_CFLAGS += -DCONFIG_BGSCAN_LEARN
-OBJS += bgscan_learn.c
-NEED_BGSCAN=y
-endif
-
-ifdef NEED_BGSCAN
-L_CFLAGS += -DCONFIG_BGSCAN
-OBJS += bgscan.c
-endif
-
-ifdef CONFIG_AUTOSCAN_EXPONENTIAL
-L_CFLAGS += -DCONFIG_AUTOSCAN_EXPONENTIAL
-OBJS += autoscan_exponential.c
-NEED_AUTOSCAN=y
-endif
-
-ifdef CONFIG_AUTOSCAN_PERIODIC
-L_CFLAGS += -DCONFIG_AUTOSCAN_PERIODIC
-OBJS += autoscan_periodic.c
-NEED_AUTOSCAN=y
-endif
-
-ifdef NEED_AUTOSCAN
-L_CFLAGS += -DCONFIG_AUTOSCAN
-OBJS += autoscan.c
-endif
-
-ifdef CONFIG_EXT_PASSWORD_TEST
-OBJS += src/utils/ext_password_test.c
-L_CFLAGS += -DCONFIG_EXT_PASSWORD_TEST
-NEED_EXT_PASSWORD=y
-endif
-
-ifdef CONFIG_EXT_PASSWORD_FILE
-OBJS += src/utils/ext_password_file.c
-L_CFLAGS += -DCONFIG_EXT_PASSWORD_FILE
-NEED_EXT_PASSWORD=y
-endif
-
-ifdef NEED_EXT_PASSWORD
-OBJS += src/utils/ext_password.c
-L_CFLAGS += -DCONFIG_EXT_PASSWORD
-endif
-
-ifdef NEED_GAS_SERVER
-OBJS += src/common/gas_server.c
-L_CFLAGS += -DCONFIG_GAS_SERVER
-NEED_GAS=y
-endif
-
-ifdef NEED_GAS
-OBJS += src/common/gas.c
-OBJS += gas_query.c
-L_CFLAGS += -DCONFIG_GAS
-NEED_OFFCHANNEL=y
-endif
-
-ifdef NEED_OFFCHANNEL
-OBJS += offchannel.c
-L_CFLAGS += -DCONFIG_OFFCHANNEL
-endif
-
-ifdef NEED_JSON
-OBJS += src/utils/json.c
-L_CFLAGS += -DCONFIG_JSON
-endif
-
-OBJS += src/drivers/driver_common.c
-
-OBJS += wpa_supplicant.c events.c bssid_ignore.c wpas_glue.c scan.c
-OBJS_t := $(OBJS) $(OBJS_l2) eapol_test.c
-OBJS_t += src/radius/radius_client.c
-OBJS_t += src/radius/radius.c
-OBJS_t2 := $(OBJS) $(OBJS_l2) preauth_test.c
-OBJS += $(CONFIG_MAIN).c
-
-ifdef CONFIG_PRIVSEP
-OBJS_priv += $(OBJS_d) src/drivers/drivers.c
-OBJS_priv += $(OBJS_l2)
-OBJS_priv += src/utils/os_$(CONFIG_OS).c
-OBJS_priv += src/utils/$(CONFIG_ELOOP).c
-OBJS_priv += src/utils/common.c
-OBJS_priv += src/utils/wpa_debug.c
-OBJS_priv += src/utils/wpabuf.c
-OBJS_priv += wpa_priv.c
-ifdef CONFIG_DRIVER_NL80211
-OBJS_priv += src/common/ieee802_11_common.c
-endif
-OBJS += src/l2_packet/l2_packet_privsep.c
-OBJS += src/drivers/driver_privsep.c
-EXTRA_progs += wpa_priv
-else
-OBJS += $(OBJS_d) src/drivers/drivers.c
-OBJS += $(OBJS_l2)
-endif
-
-ifdef CONFIG_NDIS_EVENTS_INTEGRATED
-L_CFLAGS += -DCONFIG_NDIS_EVENTS_INTEGRATED
-OBJS += src/drivers/ndis_events.c
-EXTRALIBS += -loleaut32 -lole32 -luuid
-ifdef PLATFORMSDKLIB
-EXTRALIBS += $(PLATFORMSDKLIB)/WbemUuid.Lib
-else
-EXTRALIBS += WbemUuid.Lib
-endif
-endif
-
-ifndef LDO
-LDO=$(CC)
-endif
-
-########################
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := wpa_cli
-LOCAL_MODULE_TAGS := debug
-LOCAL_SHARED_LIBRARIES := libc libcutils liblog
-LOCAL_CFLAGS := $(L_CFLAGS)
-LOCAL_SRC_FILES := $(OBJS_c)
-LOCAL_C_INCLUDES := $(INCLUDES)
-include $(BUILD_EXECUTABLE)
-
-########################
-include $(CLEAR_VARS)
-LOCAL_MODULE := wpa_supplicant
-ifdef CONFIG_DRIVER_CUSTOM
-LOCAL_STATIC_LIBRARIES := libCustomWifi
-endif
-ifneq ($(BOARD_WPA_SUPPLICANT_PRIVATE_LIB),)
-LOCAL_STATIC_LIBRARIES += $(BOARD_WPA_SUPPLICANT_PRIVATE_LIB)
-endif
-LOCAL_SHARED_LIBRARIES := libc libcutils liblog
-ifdef CONFIG_EAP_PROXY
-LOCAL_STATIC_LIBRARIES += $(LIB_STATIC_EAP_PROXY)
-LOCAL_SHARED_LIBRARIES += $(LIB_SHARED_EAP_PROXY)
-endif
-ifeq ($(CONFIG_TLS), openssl)
-LOCAL_SHARED_LIBRARIES += libcrypto libssl libkeystore_binder
-endif
-
-# With BoringSSL we need libkeystore-engine in order to provide access to
-# keystore keys.
-LOCAL_SHARED_LIBRARIES += libkeystore-engine
-
-ifdef CONFIG_DRIVER_NL80211
-ifneq ($(wildcard external/libnl),)
-LOCAL_SHARED_LIBRARIES += libnl
-else
-LOCAL_STATIC_LIBRARIES += libnl_2
-endif
-endif
-LOCAL_CFLAGS := $(L_CFLAGS)
-LOCAL_SRC_FILES := $(OBJS)
-LOCAL_C_INCLUDES := $(INCLUDES)
-ifeq ($(DBUS), y)
-LOCAL_SHARED_LIBRARIES += libdbus
-endif
-ifeq ($(WPA_SUPPLICANT_USE_BINDER), y)
-LOCAL_SHARED_LIBRARIES += libbinder libutils
-LOCAL_STATIC_LIBRARIES += libwpa_binder libwpa_binder_interface
-endif
-include $(BUILD_EXECUTABLE)
-
-########################
-#
-#include $(CLEAR_VARS)
-#LOCAL_MODULE := eapol_test
-#ifdef CONFIG_DRIVER_CUSTOM
-#LOCAL_STATIC_LIBRARIES := libCustomWifi
-#endif
-#LOCAL_SHARED_LIBRARIES := libc libcrypto libssl
-#LOCAL_CFLAGS := $(L_CFLAGS)
-#LOCAL_SRC_FILES := $(OBJS_t)
-#LOCAL_C_INCLUDES := $(INCLUDES)
-#include $(BUILD_EXECUTABLE)
-#
-########################
-#
-#local_target_dir := $(TARGET_OUT)/etc/wifi
-#
-#include $(CLEAR_VARS)
-#LOCAL_MODULE := wpa_supplicant.conf
-#LOCAL_MODULE_CLASS := ETC
-#LOCAL_MODULE_PATH := $(local_target_dir)
-#LOCAL_SRC_FILES := $(LOCAL_MODULE)
-#include $(BUILD_PREBUILT)
-#
-########################
-
-include $(CLEAR_VARS)
-LOCAL_MODULE = libwpa_client
-LOCAL_CFLAGS = $(L_CFLAGS)
-LOCAL_SRC_FILES = src/common/wpa_ctrl.c src/utils/os_$(CONFIG_OS).c
-LOCAL_C_INCLUDES = $(INCLUDES)
-LOCAL_SHARED_LIBRARIES := libcutils liblog
-LOCAL_COPY_HEADERS_TO := libwpa_client
-LOCAL_COPY_HEADERS := src/common/wpa_ctrl.h
-LOCAL_COPY_HEADERS += src/common/qca-vendor.h
-include $(BUILD_SHARED_LIBRARY)
-
-ifeq ($(WPA_SUPPLICANT_USE_BINDER), y)
-### Binder interface library ###
-########################
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := libwpa_binder_interface
-LOCAL_AIDL_INCLUDES := \
-    $(LOCAL_PATH)/binder \
-    frameworks/native/aidl/binder
-LOCAL_EXPORT_C_INCLUDE_DIRS := \
-    $(LOCAL_PATH)/binder
-LOCAL_CPPFLAGS := $(L_CPPFLAGS)
-LOCAL_SRC_FILES := \
-    binder/binder_constants.cpp \
-    binder/fi/w1/wpa_supplicant/ISupplicant.aidl \
-    binder/fi/w1/wpa_supplicant/ISupplicantCallbacks.aidl \
-    binder/fi/w1/wpa_supplicant/IIface.aidl
-LOCAL_SHARED_LIBRARIES := libbinder
-include $(BUILD_STATIC_LIBRARY)
-
-### Binder service library ###
-########################
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := libwpa_binder
-LOCAL_CPPFLAGS := $(L_CPPFLAGS)
-LOCAL_CFLAGS := $(L_CFLAGS)
-LOCAL_C_INCLUDES := $(INCLUDES)
-LOCAL_SRC_FILES := \
-    binder/binder.cpp binder/binder_manager.cpp \
-    binder/supplicant.cpp binder/iface.cpp
-LOCAL_SHARED_LIBRARIES := \
-    libbinder \
-    libutils
-LOCAL_STATIC_LIBRARIES := libwpa_binder_interface
-include $(BUILD_STATIC_LIBRARY)
-
-endif # BINDER == y
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
deleted file mode 100644
index 5ca82457ad1b..000000000000
--- a/wpa_supplicant/ChangeLog
+++ /dev/null
@@ -1,2447 +0,0 @@
-ChangeLog for wpa_supplicant
-
-2019-08-07 - v2.9
-	* SAE changes
-	  - disable use of groups using Brainpool curves
-	  - improved protection against side channel attacks
-	  [https://w1.fi/security/2019-6/]
-	* EAP-pwd changes
-	  - disable use of groups using Brainpool curves
-	  - allow the set of groups to be configured (eap_pwd_groups)
-	  - improved protection against side channel attacks
-	  [https://w1.fi/security/2019-6/]
-	* fixed FT-EAP initial mobility domain association using PMKSA caching
-	  (disabled by default for backwards compatibility; can be enabled
-	  with ft_eap_pmksa_caching=1)
-	* fixed a regression in OpenSSL 1.1+ engine loading
-	* added validation of RSNE in (Re)Association Response frames
-	* fixed DPP bootstrapping URI parser of channel list
-	* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
-	* extended ca_cert_blob to support PEM format
-	* improved robustness of P2P Action frame scheduling
-	* added support for EAP-SIM/AKA using anonymous@realm identity
-	* fixed Hotspot 2.0 credential selection based on roaming consortium
-	  to ignore credentials without a specific EAP method
-	* added experimental support for EAP-TEAP peer (RFC 7170)
-	* added experimental support for EAP-TLS peer with TLS v1.3
-	* fixed a regression in WMM parameter configuration for a TDLS peer
-	* fixed a regression in operation with drivers that offload 802.1X
-	  4-way handshake
-	* fixed an ECDH operation corner case with OpenSSL
-
-2019-04-21 - v2.8
-	* SAE changes
-	  - added support for SAE Password Identifier
-	  - changed default configuration to enable only groups 19, 20, 21
-	    (i.e., disable groups 25 and 26) and disable all unsuitable groups
-	    completely based on REVmd changes
-	  - do not regenerate PWE unnecessarily when the AP uses the
-	    anti-clogging token mechanisms
-	  - fixed some association cases where both SAE and FT-SAE were enabled
-	    on both the station and the selected AP
-	  - started to prefer FT-SAE over SAE AKM if both are enabled
-	  - started to prefer FT-SAE over FT-PSK if both are enabled
-	  - fixed FT-SAE when SAE PMKSA caching is used
-	  - reject use of unsuitable groups based on new implementation guidance
-	    in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
-	    groups with prime >= 256)
-	  - minimize timing and memory use differences in PWE derivation
-	    [https://w1.fi/security/2019-1/] (CVE-2019-9494)
-	* EAP-pwd changes
-	  - minimize timing and memory use differences in PWE derivation
-	    [https://w1.fi/security/2019-2/] (CVE-2019-9495)
-	  - verify server scalar/element
-	    [https://w1.fi/security/2019-4/] (CVE-2019-9499)
-	  - fix message reassembly issue with unexpected fragment
-	    [https://w1.fi/security/2019-5/]
-	  - enforce rand,mask generation rules more strictly
-	  - fix a memory leak in PWE derivation
-	  - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
-	    27)
-	* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
-	* Hotspot 2.0 changes
-	  - do not indicate release number that is higher than the one
-	    AP supports
-	  - added support for release number 3
-	  - enable PMF automatically for network profiles created from
-	    credentials
-	* fixed OWE network profile saving
-	* fixed DPP network profile saving
-	* added support for RSN operating channel validation
-	  (CONFIG_OCV=y and network profile parameter ocv=1)
-	* added Multi-AP backhaul STA support
-	* fixed build with LibreSSL
-	* number of MKA/MACsec fixes and extensions
-	* extended domain_match and domain_suffix_match to allow list of values
-	* fixed dNSName matching in domain_match and domain_suffix_match when
-	  using wolfSSL
-	* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
-	  are enabled
-	* extended nl80211 Connect and external authentication to support
-	  SAE, FT-SAE, FT-EAP-SHA384
-	* fixed KEK2 derivation for FILS+FT
-	* extended client_cert file to allow loading of a chain of PEM
-	  encoded certificates
-	* extended beacon reporting functionality
-	* extended D-Bus interface with number of new properties
-	* fixed a regression in FT-over-DS with mac80211-based drivers
-	* OpenSSL: allow systemwide policies to be overridden
-	* extended driver flags indication for separate 802.1X and PSK
-	  4-way handshake offload capability
-	* added support for random P2P Device/Interface Address use
-	* extended PEAP to derive EMSK to enable use with ERP/FILS
-	* extended WPS to allow SAE configuration to be added automatically
-	  for PSK (wps_cred_add_sae=1)
-	* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
-	* extended domain_match and domain_suffix_match to allow list of values
-	* added a RSN workaround for misbehaving PMF APs that advertise
-	  IGTK/BIP KeyID using incorrect byte order
-	* fixed PTK rekeying with FILS and FT
-
-2018-12-02 - v2.7
-	* fixed WPA packet number reuse with replayed messages and key
-	  reinstallation
-	  [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
-	  CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
-	  CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
-	* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
-	  [https://w1.fi/security/2018-1/] (CVE-2018-14526)
-	* added support for FILS (IEEE 802.11ai) shared key authentication
-	* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
-	  and transition mode defined by WFA)
-	* added support for DPP (Wi-Fi Device Provisioning Protocol)
-	* added support for RSA 3k key case with Suite B 192-bit level
-	* fixed Suite B PMKSA caching not to update PMKID during each 4-way
-	  handshake
-	* fixed EAP-pwd pre-processing with PasswordHashHash
-	* added EAP-pwd client support for salted passwords
-	* fixed a regression in TDLS prohibited bit validation
-	* started to use estimated throughput to avoid undesired signal
-	  strength based roaming decision
-	* MACsec/MKA:
-	  - new macsec_linux driver interface support for the Linux
-	    kernel macsec module
-	  - number of fixes and extensions
-	* added support for external persistent storage of PMKSA cache
-	  (PMKSA_GET/PMKSA_ADD control interface commands; and
-	   MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
-	* fixed mesh channel configuration pri/sec switch case
-	* added support for beacon report
-	* large number of other fixes, cleanup, and extensions
-	* added support for randomizing local address for GAS queries
-	  (gas_rand_mac_addr parameter)
-	* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
-	* added option for using random WPS UUID (auto_uuid=1)
-	* added SHA256-hash support for OCSP certificate matching
-	* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
-	* fixed a regression in RSN pre-authentication candidate selection
-	* added option to configure allowed group management cipher suites
-	  (group_mgmt network profile parameter)
-	* removed all PeerKey functionality
-	* fixed nl80211 AP and mesh mode configuration regression with
-	  Linux 4.15 and newer
-	* added ap_isolate configuration option for AP mode
-	* added support for nl80211 to offload 4-way handshake into the driver
-	* added support for using wolfSSL cryptographic library
-	* SAE
-	  - added support for configuring SAE password separately of the
-	    WPA2 PSK/passphrase
-	  - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
-	    for SAE;
-	    note: this is not backwards compatible, i.e., both the AP and
-	    station side implementations will need to be update at the same
-	    time to maintain interoperability
-	  - added support for Password Identifier
-	  - fixed FT-SAE PMKID matching
-	* Hotspot 2.0
-	  - added support for fetching of Operator Icon Metadata ANQP-element
-	  - added support for Roaming Consortium Selection element
-	  - added support for Terms and Conditions
-	  - added support for OSEN connection in a shared RSN BSS
-	  - added support for fetching Venue URL information
-	* added support for using OpenSSL 1.1.1
-	* FT
-	  - disabled PMKSA caching with FT since it is not fully functional
-	  - added support for SHA384 based AKM
-	  - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
-	    BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
-	  - fixed additional IE inclusion in Reassociation Request frame when
-	    using FT protocol
-
-2016-10-02 - v2.6
-	* fixed WNM Sleep Mode processing when PMF is not enabled
-	  [http://w1.fi/security/2015-6/] (CVE-2015-5310)
-	* fixed EAP-pwd last fragment validation
-	  [http://w1.fi/security/2015-7/] (CVE-2015-5315)
-	* fixed EAP-pwd unexpected Confirm message processing
-	  [http://w1.fi/security/2015-8/] (CVE-2015-5316)
-	* fixed WPS configuration update vulnerability with malformed passphrase
-	  [http://w1.fi/security/2016-1/] (CVE-2016-4476)
-	* fixed configuration update vulnerability with malformed parameters set
-	  over the local control interface
-	  [http://w1.fi/security/2016-1/] (CVE-2016-4477)
-	* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
-	* extended channel switch support for P2P GO
-	* started to throttle control interface event message bursts to avoid
-	  issues with monitor sockets running out of buffer space
-	* mesh mode fixes/improvements
-	  - generate proper AID for peer
-	  - enable WMM by default
-	  - add VHT support
-	  - fix PMKID derivation
-	  - improve robustness on various exchanges
-	  - fix peer link counting in reconnect case
-	  - improve mesh joining behavior
-	  - allow DTIM period to be configured
-	  - allow HT to be disabled (disable_ht=1)
-	  - add MESH_PEER_ADD and MESH_PEER_REMOVE commands
-	  - add support for PMKSA caching
-	  - add minimal support for SAE group negotiation
-	  - allow pairwise/group cipher to be configured in the network profile
-	  - use ieee80211w profile parameter to enable/disable PMF and derive
-	    a separate TX IGTK if PMF is enabled instead of using MGTK
-	    incorrectly
-	  - fix AEK and MTK derivation
-	  - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
-	  - note: these changes are not fully backwards compatible for secure
-	    (RSN) mesh network
-	* fixed PMKID derivation with SAE
-	* added support for requesting and fetching arbitrary ANQP-elements
-	  without internal support in wpa_supplicant for the specific element
-	  (anqp[265]=<hexdump> in "BSS <BSSID>" command output)
-	* P2P
-	  - filter control characters in group client device names to be
-	    consistent with other P2P peer cases
-	  - support VHT 80+80 MHz and 160 MHz
-	  - indicate group completion in P2P Client role after data association
-	    instead of already after the WPS provisioning step
-	  - improve group-join operation to use SSID, if known, to filter BSS
-	    entries
-	  - added optional ssid=<hexdump> argument to P2P_CONNECT for join case
-	  - added P2P_GROUP_MEMBER command to fetch client interface address
-	* P2PS
-	  - fix follow-on PD Response behavior
-	  - fix PD Response generation for unknown peer
-	  - fix persistent group reporting
-	  - add channel policy to PD Request
-	  - add group SSID to the P2PS-PROV-DONE event
-	  - allow "P2P_CONNECT <addr> p2ps" to be used without specifying the
-	    default PIN
-	* BoringSSL
-	  - support for OCSP stapling
-	  - support building of h20-osu-client
-	* D-Bus
-	  - add ExpectDisconnect()
-	  - add global config parameters as properties
-	  - add SaveConfig()
-	  - add VendorElemAdd(), VendorElemGet(), VendorElemRem()
-	* fixed Suite B 192-bit AKM to use proper PMK length
-	  (note: this makes old releases incompatible with the fixed behavior)
-	* improved PMF behavior for cases where the AP and STA has different
-	  configuration by not trying to connect in some corner cases where the
-	  connection cannot succeed
-	* added option to reopen debug log (e.g., to rotate the file) upon
-	  receipt of SIGHUP signal
-	* EAP-pwd: added support for Brainpool Elliptic Curves
-	  (with OpenSSL 1.0.2 and newer)
-	* fixed EAPOL reauthentication after FT protocol run
-	* fixed FTIE generation for 4-way handshake after FT protocol run
-	* extended INTERFACE_ADD command to allow certain type (sta/ap)
-	  interface to be created
-	* fixed and improved various FST operations
-	* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
-	* fixed SIGNAL_POLL in IBSS and mesh cases
-	* added an option to abort an ongoing scan (used to speed up connection
-	  and can also be done with the new ABORT_SCAN command)
-	* TLS client
-	  - do not verify CA certificates when ca_cert is not specified
-	  - support validating server certificate hash
-	  - support SHA384 and SHA512 hashes
-	  - add signature_algorithms extension into ClientHello
-	  - support TLS v1.2 signature algorithm with SHA384 and SHA512
-	  - support server certificate probing
-	  - allow specific TLS versions to be disabled with phase2 parameter
-	  - support extKeyUsage
-	  - support PKCS #5 v2.0 PBES2
-	  - support PKCS #5 with PKCS #12 style key decryption
-	  - minimal support for PKCS #12
-	  - support OCSP stapling (including ocsp_multi)
-	* OpenSSL
-	  - support OpenSSL 1.1 API changes
-	  - drop support for OpenSSL 0.9.8
-	  - drop support for OpenSSL 1.0.0
-	* added support for multiple schedule scan plans (sched_scan_plans)
-	* added support for external server certificate chain validation
-	  (tls_ext_cert_check=1 in the network profile phase1 parameter)
-	* made phase2 parser more strict about correct use of auth=<val> and
-	  autheap=<val> values
-	* improved GAS offchannel operations with comeback request
-	* added SIGNAL_MONITOR command to request signal strength monitoring
-	  events
-	* added command for retrieving HS 2.0 icons with in-memory storage
-	  (REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
-	  RX-HS20-ICON event)
-	* enabled ACS support for AP mode operations with wpa_supplicant
-	* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
-	  ("Invalid Compound_MAC in cryptobinding TLV")
-	* EAP-TTLS: fixed success after fragmented final Phase 2 message
-	* VHT: added interoperability workaround for 80+80 and 160 MHz channels
-	* WNM: workaround for broken AP operating class behavior
-	* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
-	* nl80211:
-	  - add support for full station state operations
-	  - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
-	  - add NL80211_ATTR_PREV_BSSID with Connect command
-	  - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
-	    unencrypted EAPOL frames
-	* added initial MBO support; number of extensions to WNM BSS Transition
-	  Management
-	* added support for PBSS/PCP and P2P on 60 GHz
-	* Interworking: add credential realm to EAP-TLS identity
-	* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
-	* HS 2.0: add support for configuring frame filters
-	* added POLL_STA command to check connectivity in AP mode
-	* added initial functionality for location related operations
-	* started to ignore pmf=1/2 parameter for non-RSN networks
-	* added wps_disabled=1 network profile parameter to allow AP mode to
-	  be started without enabling WPS
-	* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
-	  events
-	* improved Public Action frame addressing
-	  - add gas_address3 configuration parameter to control Address 3
-	    behavior
-	* number of small fixes
-
-2015-09-27 - v2.5
-	* fixed P2P validation of SSID element length before copying it
-	  [http://w1.fi/security/2015-1/] (CVE-2015-1863)
-	* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
-	  [http://w1.fi/security/2015-2/] (CVE-2015-4141)
-	* fixed WMM Action frame parser (AP mode)
-	  [http://w1.fi/security/2015-3/] (CVE-2015-4142)
-	* fixed EAP-pwd peer missing payload length validation
-	  [http://w1.fi/security/2015-4/]
-	  (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
-	* fixed validation of WPS and P2P NFC NDEF record payload length
-	  [http://w1.fi/security/2015-5/]
-	* nl80211:
-	  - added VHT configuration for IBSS
-	  - fixed vendor command handling to check OUI properly
-	  - allow driver-based roaming to change ESS
-	* added AVG_BEACON_RSSI to SIGNAL_POLL output
-	* wpa_cli: added tab completion for number of commands
-	* removed unmaintained and not yet completed SChannel/CryptoAPI support
-	* modified Extended Capabilities element use in Probe Request frames to
-	  include all cases if any of the values are non-zero
-	* added support for dynamically creating/removing a virtual interface
-	  with interface_add/interface_remove
-	* added support for hashed password (NtHash) in EAP-pwd peer
-	* added support for memory-only PSK/passphrase (mem_only_psk=1 and
-	  CTRL-REQ/RSP-PSK_PASSPHRASE)
-	* P2P
-	  - optimize scan frequencies list when re-joining a persistent group
-	  - fixed number of sequences with nl80211 P2P Device interface
-	  - added operating class 125 for P2P use cases (this allows 5 GHz
-	    channels 161 and 169 to be used if they are enabled in the current
-	    regulatory domain)
-	  - number of fixes to P2PS functionality
-	  - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
-	  - extended support for preferred channel listing
-	* D-Bus:
-	  - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
-	  - fixed PresenceRequest to use group interface
-	  - added new signals: FindStopped, WPS pbc-overlap,
-	    GroupFormationFailure, WPS timeout, InvitationReceived
-	  - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
-	  - added manufacturer info
-	* added EAP-EKE peer support for deriving Session-Id
-	* added wps_priority configuration parameter to set the default priority
-	  for all network profiles added by WPS
-	* added support to request a scan with specific SSIDs with the SCAN
-	  command (optional "ssid <hexdump>" arguments)
-	* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
-	* fixed SAE group selection in an error case
-	* modified SAE routines to be more robust and PWE generation to be
-	  stronger against timing attacks
-	* added support for Brainpool Elliptic Curves with SAE
-	* added support for CCMP-256 and GCMP-256 as group ciphers with FT
-	* fixed BSS selection based on estimated throughput
-	* added option to disable TLSv1.0 with OpenSSL
-	  (phase1="tls_disable_tlsv1_0=1")
-	* added Fast Session Transfer (FST) module
-	* fixed OpenSSL PKCS#12 extra certificate handling
-	* fixed key derivation for Suite B 192-bit AKM (this breaks
-	  compatibility with the earlier version)
-	* added RSN IE to Mesh Peering Open/Confirm frames
-	* number of small fixes
-
-2015-03-15 - v2.4
-	* allow OpenSSL cipher configuration to be set for internal EAP server
-	  (openssl_ciphers parameter)
-	* fixed number of small issues based on hwsim test case failures and
-	  static analyzer reports
-	* P2P:
-	  - add new=<0/1> flag to P2P-DEVICE-FOUND events
-	  - add passive channels in invitation response from P2P Client
-	  - enable nl80211 P2P_DEVICE support by default
-	  - fix regresssion in disallow_freq preventing search on social
-	    channels
-	  - fix regressions in P2P SD query processing
-	  - try to re-invite with social operating channel if no common channels
-	    in invitation
-	  - allow cross connection on parent interface (this fixes number of
-	    use cases with nl80211)
-	  - add support for P2P services (P2PS)
-	  - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
-	    be configured
-	* increase postponing of EAPOL-Start by one second with AP/GO that
-	  supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
-	  of identity frames)
-	* add support for PMKSA caching with SAE
-	* add support for control mesh BSS (IEEE 802.11s) operations
-	* fixed number of issues with D-Bus P2P commands
-	* fixed regression in ap_scan=2 special case for WPS
-	* fixed macsec_validate configuration
-	* add a workaround for incorrectly behaving APs that try to use
-	  EAPOL-Key descriptor version 3 when the station supports PMF even if
-	  PMF is not enabled on the AP
-	* allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
-	  of disabling these can be configured to work around issues with broken
-	  servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
-	* add support for Suite B (128-bit and 192-bit level) key management and
-	  cipher suites
-	* add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
-	* improved BSS Transition Management processing
-	* add support for neighbor report
-	* add support for link measurement
-	* fixed expiration of BSS entry with all-zeros BSSID
-	* add optional LAST_ID=x argument to LIST_NETWORK to allow all
-	  configured networks to be listed even with huge number of network
-	  profiles
-	* add support for EAP Re-Authentication Protocol (ERP)
-	* fixed EAP-IKEv2 fragmentation reassembly
-	* improved PKCS#11 configuration for OpenSSL
-	* set stdout to be line-buffered
-	* add TDLS channel switch configuration
-	* add support for MAC address randomization in scans with nl80211
-	* enable HT for IBSS if supported by the driver
-	* add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
-	* add support for domain_suffix_match with GnuTLS
-	* add OCSP stapling client support with GnuTLS
-	* include peer certificate in EAP events even without a separate probe
-	  operation; old behavior can be restored with cert_in_cb=0
-	* add peer ceritficate alt subject name to EAP events
-	  (CTRL-EVENT-EAP-PEER-ALT)
-	* add domain_match network profile parameter (similar to
-	  domain_suffix_match, but full match is required)
-	* enable AP/GO mode HT Tx STBC automatically based on driver support
-	* add ANQP-QUERY-DONE event to provide information on ANQP parsing
-	  status
-	* allow passive scanning to be forced with passive_scan=1
-	* add a workaround for Linux packet socket behavior when interface is in
-	  bridge
-	* increase 5 GHz band preference in BSS selection (estimate SNR, if info
-	  not available from driver; estimate maximum throughput based on common
-	  HT/VHT/specific TX rate support)
-	* add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
-	  implement Interworking network selection behavior in upper layers
-	  software components
-	* add optional reassoc_same_bss_optim=1 (disabled by default)
-	  optimization to avoid unnecessary Authentication frame exchange
-	* extend TDLS frame padding workaround to cover all packets
-	* allow wpa_supplicant to recover nl80211 functionality if the cfg80211
-	  module gets removed and reloaded without restarting wpa_supplicant
-	* allow hostapd DFS implementation to be used in wpa_supplicant AP mode
-
-2014-10-09 - v2.3
-	* fixed number of minor issues identified in static analyzer warnings
-	* fixed wfd_dev_info to be more careful and not read beyond the buffer
-	  when parsing invalid information for P2P-DEVICE-FOUND
-	* extended P2P and GAS query operations to support drivers that have
-	  maximum remain-on-channel time below 1000 ms (500 ms is the current
-	  minimum supported value)
-	* added p2p_search_delay parameter to make the default p2p_find delay
-	  configurable
-	* improved P2P operating channel selection for various multi-channel
-	  concurrency cases
-	* fixed some TDLS failure cases to clean up driver state
-	* fixed dynamic interface addition cases with nl80211 to avoid adding
-	  ifindex values to incorrect interface to skip foreign interface events
-	  properly
-	* added TDLS workaround for some APs that may add extra data to the
-	  end of a short frame
-	* fixed EAP-AKA' message parser with multiple AT_KDF attributes
-	* added configuration option (p2p_passphrase_len) to allow longer
-	  passphrases to be generated for P2P groups
-	* fixed IBSS channel configuration in some corner cases
-	* improved HT/VHT/QoS parameter setup for TDLS
-	* modified D-Bus interface for P2P peers/groups
-	* started to use constant time comparison for various password and hash
-	  values to reduce possibility of any externally measurable timing
-	  differences
-	* extended explicit clearing of freed memory and expired keys to avoid
-	  keeping private data in memory longer than necessary
-	* added optional scan_id parameter to the SCAN command to allow manual
-	  scan requests for active scans for specific configured SSIDs
-	* fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
-	* added option to set Hotspot 2.0 Rel 2 update_identifier in network
-	  configuration to support external configuration
-	* modified Android PNO functionality to send Probe Request frames only
-	  for hidden SSIDs (based on scan_ssid=1)
-	* added generic mechanism for adding vendor elements into frames at
-	  runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
-	* added fields to show unrecognized vendor elements in P2P_PEER
-	* removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
-	  MS-CHAP2-Success is required to be present regardless of
-	  eap_workaround configuration
-	* modified EAP fast session resumption to allow results to be used only
-	  with the same network block that generated them
-	* extended freq_list configuration to apply for sched_scan as well as
-	  normal scan
-	* modified WPS to merge mixed-WPA/WPA2 credentials from a single session
-	* fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
-	  removed from a bridge
-	* fixed number of small P2P issues to make negotiations more robust in
-	  corner cases
-	* added experimental support for using temporary, random local MAC
-	  address (mac_addr and preassoc_mac_addr parameters); this is disabled
-	  by default (i.e., previous behavior of using permanent address is
-	  maintained if configuration is not changed)
-	* added D-Bus interface for setting/clearing WFD IEs
-	* fixed TDLS AID configuration for VHT
-	* modified -m<conf> configuration file to be used only for the P2P
-	  non-netdev management device and do not load this for the default
-	  station interface or load the station interface configuration for
-	  the P2P management interface
-	* fixed external MAC address changes while wpa_supplicant is running
-	* started to enable HT (if supported by the driver) for IBSS
-	* fixed wpa_cli action script execution to use more robust mechanism
-	  (CVE-2014-3686)
-
-2014-06-04 - v2.2
-	* added DFS indicator to get_capability freq
-	* added/fixed nl80211 functionality
-	  - BSSID/frequency hint for driver-based BSS selection
-	  - fix tearing down WDS STA interfaces
-	  - support vendor specific driver command
-	    (VENDOR <vendor id> <sub command id> [<hex formatted data>])
-	  - GO interface teardown optimization
-	  - allow beacon interval to be configured for IBSS
-	  - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands
-	* removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control
-	  interface commands (the more generic NFC_REPORT_HANDOVER is now used)
-	* fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
-	  this fixes password with include UTF-8 characters that use
-	  three-byte encoding EAP methods that use NtPasswordHash
-	* fixed couple of sequences where radio work items could get stuck,
-	  e.g., when rfkill blocking happens during scanning or when
-	  scan-for-auth workaround is used
-	* P2P enhancements/fixes
-	  - enable enable U-APSD on GO automatically if the driver indicates
-	    support for this
-	  - fixed some service discovery cases with broadcast queries not being
-	    sent to all stations
-	  - fixed Probe Request frame triggering invitation to trigger only a
-	    single invitation instance even if multiple Probe Request frames are
-	    received
-	  - fixed a potential NULL pointer dereference crash when processing an
-	    invalid Invitation Request frame
-	  - add optional configuration file for the P2P_DEVICE parameters
-	  - optimize scan for GO during persistent group invocation
-	  - fix possible segmentation fault when PBC overlap is detected while
-	    using a separate P2P group interface
-	  - improve GO Negotiation robustness by allowing GO Negotiation
-	    Confirmation to be retransmitted
-	  - do use freed memory on device found event when P2P NFC
-	* added phase1 network parameter options for disabling TLS v1.1 and v1.2
-	  to allow workarounds with misbehaving AAA servers
-	  (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1)
-	* added support for OCSP stapling to validate AAA server certificate
-	  during TLS exchange
-	* Interworking/Hotspot 2.0 enhancements
-	  - prefer the last added network in Interworking connection to make the
-	    behavior more consistent with likely user expectation
-	  - roaming partner configuration (roaming_partner within a cred block)
-	  - support Hotspot 2.0 Release 2
-	    * "hs20_anqp_get <BSSID> 8" to request OSU Providers list
-	    * "hs20_icon_request <BSSID> <icon filename>" to request icon files
-	    * "fetch_osu" and "cancel_osu_fetch" to start/stop full OSU provider
-	      search (all suitable APs in scan results)
-	    * OSEN network for online signup connection
-	    * min_{dl,ul}_bandwidth_{home,roaming} cred parameters
-	    * max_bss_load cred parameter
-	    * req_conn_capab cred parameter
-	    * sp_priority cred parameter
-	    * ocsp cred parameter
-	    * slow down automatic connection attempts on EAP failure to meet
-	      required behavior (no more than 10 retries within a 10-minute
-	      interval)
-	    * sample implementation of online signup client (both SPP and
-	      OMA-DM protocols) (hs20/client/*)
-	  - fixed GAS indication for additional comeback delay with status
-	    code 95
-	  - extend ANQP_GET to accept Hotspot 2.0 subtypes
-	    ANQP_GET <addr> <info id>[,<info id>]...
-	    [,hs20:<subtype>][...,hs20:<subtype>]
-	  - add control interface events CRED-ADDED <id>,
-	    CRED-MODIFIED <id> <field>, CRED-REMOVED <id>
-	  - add "GET_CRED <id> <field>" command
-	  - enable FT for the connection automatically if the AP advertises
-	    support for this
-	  - fix a case where auto_interworking=1 could end up stopping scanning
-	* fixed TDLS interoperability issues with supported operating class in
-	  some deployed stations
-	* internal TLS implementation enhancements/fixes
-	  - add SHA256-based cipher suites
-	  - add DHE-RSA cipher suites
-	  - fix X.509 validation of PKCS#1 signature to check for extra data
-	* fixed PTK derivation for CCMP-256 and GCMP-256
-	* added "reattach" command for fast reassociate-back-to-same-BSS
-	* allow PMF to be enabled for AP mode operation with the ieee80211w
-	  parameter
-	* added "get_capability tdls" command
-	* added option to set config blobs through control interface with
-	  "SET blob <name> <hexdump>"
-	* D-Bus interface extensions/fixes
-	  - make p2p_no_group_iface configurable
-	  - declare ServiceDiscoveryRequest method properly
-	  - export peer's device address as a property
-	  - make reassociate command behave like the control interface one,
-	    i.e., to allow connection from disconnected state
-	* added optional "freq=<channel ranges>" parameter to SET pno
-	* added optional "freq=<channel ranges>" parameter to SELECT_NETWORK
-	* fixed OBSS scan result processing for 20/40 MHz co-ex report
-	* remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
-	  whenever CONFIG_WPS=y is set
-	* fixed regression in parsing of WNM Sleep Mode exit key data
-	* fixed potential segmentation fault and memory leaks in WNM neighbor
-	  report processing
-	* EAP-pwd fixes
-	  - fragmentation of PWD-Confirm-Resp
-	  - fix memory leak when fragmentation is used
-	  - fix possible segmentation fault on EAP method deinit if an invalid
-	    group is negotiated
-	* added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently
-	  available only with the macsec_qca driver wrapper)
-	* fixed EAP-SIM counter-too-small message
-	* added 'dup_network <id_s> <id_d> <name>' command; this can be used to
-	  clone the psk field without having toextract it from wpa_supplicant
-	* fixed GSM authentication on USIM
-	* added support for using epoll in eloop (CONFIG_ELOOP_EPOLL=y)
-	* fixed some concurrent virtual interface cases with dedicated P2P
-	  management interface to not catch events from removed interface (this
-	  could result in the management interface getting disabled)
-	* fixed a memory leak in SAE random number generation
-	* fixed off-by-one bounds checking in printf_encode()
-	  - this could result in some control interface ATTACH command cases
-	    terminating wpa_supplicant
-	* fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM
-	* various bug fixes
-
-2014-02-04 - v2.1
-	* added support for simultaneous authentication of equals (SAE) for
-	  stronger password-based authentication with WPA2-Personal
-	* improved P2P negotiation and group formation robustness
-	  - avoid unnecessary Dialog Token value changes during retries
-	  - avoid more concurrent scanning cases during full group formation
-	    sequence
-	  - do not use potentially obsolete scan result data from driver
-	    cache for peer discovery/updates
-	  - avoid undesired re-starting of GO negotiation based on Probe
-	    Request frames
-	  - increase GO Negotiation and Invitation timeouts to address busy
-	    environments and peers that take long time to react to messages,
-	    e.g., due to power saving
-	  - P2P Device interface type
-	* improved P2P channel selection (use more peer information and allow
-	  more local options)
-	* added support for optional per-device PSK assignment by P2P GO
-	  (wpa_cli p2p_set per_sta_psk <0/1>)
-	* added P2P_REMOVE_CLIENT for removing a client from P2P groups
-	  (including persistent groups); this can be used to securely remove
-	  a client from a group if per-device PSKs are used
-	* added more configuration flexibility for allowed P2P GO/client
-	  channels (p2p_no_go_freq list and p2p_add_cli_chan=0/1)
-	* added nl80211 functionality
-	  - VHT configuration for nl80211
-	  - MFP (IEEE 802.11w) information for nl80211 command API
-	  - support split wiphy dump
-	  - FT (IEEE 802.11r) with driver-based SME
-	  - use advertised number of supported concurrent channels
-	  - QoS Mapping configuration
-	* improved TDLS negotiation robustness
-	* added more TDLS peer parameters to be configured to the driver
-	* optimized connection time by allowing recently received scan results
-	  to be used instead of having to run through a new scan
-	* fixed ctrl_iface BSS command iteration with RANGE argument and no
-	  exact matches; also fixed argument parsing for some cases with
-	  multiple arguments
-	* added 'SCAN TYPE=ONLY' ctrl_iface command to request manual scan
-	  without executing roaming/network re-selection on scan results
-	* added Session-Id derivation for EAP peer methods
-	* added fully automated regression testing with mac80211_hwsim
-	* changed configuration parser to reject invalid integer values
-	* allow AP/Enrollee to be specified with BSSID instead of UUID for
-	  WPS ER operations
-	* disable network block temporarily on repeated connection failures
-	* changed the default driver interface from wext to nl80211 if both are
-	  included in the build
-	* remove duplicate networks if WPS provisioning is run multiple times
-	* remove duplicate networks when Interworking network selection uses the
-	  same network
-	* added global freq_list configuration to allow scan frequencies to be
-	  limited for all cases instead of just for a specific network block
-	* added support for BSS Transition Management
-	* added option to use "IFNAME=<ifname> " prefix to use the global
-	  control interface connection to perform per-interface commands;
-	  similarly, allow global control interface to be used as a monitor
-	  interface to receive events from all interfaces
-	* fixed OKC-based PMKSA cache entry clearing
-	* fixed TKIP group key configuration with FT
-	* added support for using OCSP stapling to validate server certificate
-	  (ocsp=1 as optional and ocsp=2 as mandatory)
-	* added EAP-EKE peer
-	* added peer restart detection for IBSS RSN
-	* added domain_suffix_match (and domain_suffix_match2 for Phase 2
-	  EAP-TLS) to specify additional constraint for the server certificate
-	  domain name
-	* added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
-	  and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
-	  interface)
-	* added global bgscan configuration option as a default for all network
-	  blocks that do not specify their own bgscan parameters
-	* added D-Bus methods for TDLS
-	* added more control to scan requests
-	  - "SCAN freq=<freq list>" can be used to specify which channels are
-	    scanned (comma-separated frequency ranges in MHz)
-	  - "SCAN passive=1" can be used to request a passive scan (no Probe
-	    Request frames are sent)
-	  - "SCAN use_id" can be used to request a scan id to be returned and
-	    included in event messages related to this specific scan operation
-	  - "SCAN only_new=1" can be used to request the driver/cfg80211 to
-	    report only BSS entries that have been updated during this scan
-	    round
-	  - these optional arguments to the SCAN command can be combined with
-	    each other
-	* modified behavior on externally triggered scans
-	  - avoid concurrent operations requiring full control of the radio when
-	    an externally triggered scan is detected
-	  - do not use results for internal roaming decision
-	* added a new cred block parameter 'temporary' to allow credential
-	  blocks to be stored separately even if wpa_supplicant configuration
-	  file is used to maintain other network information
-	* added "radio work" framework to schedule exclusive radio operations
-	  for off-channel functionality
-	  - reduce issues with concurrent operations that try to control which
-	    channel is used
-	  - allow external programs to request exclusive radio control in a way
-	    that avoids conflicts with wpa_supplicant
-	* added support for using Protected Dual of Public Action frames for
-	  GAS/ANQP exchanges when associated with PMF
-	* added support for WPS+NFC updates and P2P+NFC
-	  - improved protocol for WPS
-	  - P2P group formation/join based on NFC connection handover
-	  - new IPv4 address assignment for P2P groups (ip_addr_* configuration
-	    parameters on the GO) to replace DHCP
-	  - option to fetch and report alternative carrier records for external
-	    NFC operations
-	* various bug fixes
-
-2013-01-12 - v2.0
-	* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
-	* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
-	  hostap, madwifi (hostap and madwifi remain available for hostapd;
-	  their wpa_supplicant functionality is obsoleted by wext)
-	* improved debug logging (human readable event names, interface name
-	  included in more entries)
-	* changed AP mode behavior to enable WPS only for open and
-	  WPA/WPA2-Personal configuration
-	* improved P2P concurrency operations
-	  - better coordination of concurrent scan and P2P search operations
-	  - avoid concurrent remain-on-channel operation requests by canceling
-	    previous operations prior to starting a new one
-	  - reject operations that would require multi-channel concurrency if
-	    the driver does not support it
-	  - add parameter to select whether STA or P2P connection is preferred
-	    if the driver cannot support both at the same time
-	  - allow driver to indicate channel changes
-	  - added optional delay=<search delay in milliseconds> parameter for
-	    p2p_find to avoid taking all radio resources
-	  - use 500 ms p2p_find search delay by default during concurrent
-	    operations
-	  - allow all channels in GO Negotiation if the driver supports
-	    multi-channel concurrency
-	* added number of small changes to make it easier for static analyzers
-	  to understand the implementation
-	* fixed number of small bugs (see git logs for more details)
-	* nl80211: number of updates to use new cfg80211/nl80211 functionality
-	  - replace monitor interface with nl80211 commands for AP mode
-	  - additional information for driver-based AP SME
-	  - STA entry authorization in RSN IBSS
-	* EAP-pwd:
-	  - fixed KDF for group 21 and zero-padding
-	  - added support for fragmentation
-	  - increased maximum number of hunting-and-pecking iterations
-	* avoid excessive Probe Response retries for broadcast Probe Request
-	  frames (only with drivers using wpa_supplicant AP mode SME/MLME)
-	* added "GET country" ctrl_iface command
-	* do not save an invalid network block in wpa_supplicant.conf to avoid
-	  problems reading the file on next start
-	* send STA connected/disconnected ctrl_iface events to both the P2P
-	  group and parent interfaces
-	* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
-	* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
-	  network offload with sched_scan driver command
-	* merged in number of changes from Android repository for P2P, nl80211,
-	  and build parameters
-	* changed P2P GO mode configuration to use driver capabilities to
-	  automatically enable HT operations when supported
-	* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
-	  for WPS use cases in AP mode
-	* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
-	  behavior
-	* improved reassociation behavior in cases where association is rejected
-	  or when an AP disconnects us to handle common load balancing
-	  mechanisms
-	  - try to avoid extra scans when the needed information is available
-	* added optional "join" argument for p2p_prov_disc ctrl_iface command
-	* added group ifname to P2P-PROV-DISC-* events
-	* added P2P Device Address to AP-STA-DISCONNECTED event and use
-	  p2p_dev_addr parameter name with AP-STA-CONNECTED
-	* added workarounds for WPS PBC overlap detection for some P2P use cases
-	  where deployed stations work incorrectly
-	* optimize WPS connection speed by disconnecting prior to WPS scan and
-	  by using single channel scans when AP channel is known
-	* PCSC and SIM/USIM improvements:
-	  - accept 0x67 (Wrong length) as a response to READ RECORD to fix
-	    issues with some USIM cards
-	  - try to read MNC length from SIM/USIM
-	  - build realm according to 3GPP TS 23.003 with identity from the SIM
-	  - allow T1 protocol to be enabled
-	* added more WPS and P2P information available through D-Bus
-	* improve P2P negotiation robustness
-	  - extra waits to get ACK frames through
-	  - longer timeouts for cases where deployed devices have been
-	    identified have issues meeting the specification requirements
-	  - more retries for some P2P frames
-	  - handle race conditions in GO Negotiation start by both devices
-	  - ignore unexpected GO Negotiation Response frame
-	* added support for libnl 3.2 and newer
-	* added P2P persistent group info to P2P_PEER data
-	* maintain a list of P2P Clients for persistent group on GO
-	* AP: increased initial group key handshake retransmit timeout to 500 ms
-	* added optional dev_id parameter for p2p_find
-	* added P2P-FIND-STOPPED ctrl_iface event
-	* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
-	  and driver-based BSS selection
-	* do not expire P2P peer entries while connected with the peer in a
-	  group
-	* fixed WSC element inclusion in cases where P2P is disabled
-	* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
-	* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
-	* EAP-SIM/AKA: append realm to pseudonym identity
-	* EAP-SIM/AKA: store pseudonym identity in network configuration to
-	  allow it to persist over multiple EAP sessions and wpa_supplicant
-	  restarts
-	* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
-	  breaks interoperability with older versions
-	* added support for WFA Hotspot 2.0
-	  - GAS/ANQP to fetch network information
-	  - credential configuration and automatic network selections based on
-	    credential match with ANQP information
-	* limited PMKSA cache entries to be used only with the network context
-	  that was used to create them
-	* improved PMKSA cache expiration to avoid unnecessary disconnections
-	* adjusted bgscan_simple fast-scan backoff to avoid too frequent
-	  background scans
-	* removed ctrl_iface event on P2P PD Response in join-group case
-	* added option to fetch BSS table entry based on P2P Device Address
-	  ("BSS p2p_dev_addr=<P2P Device Address>")
-	* added BSS entry age to ctrl_iface BSS command output
-	* added optional MASK=0xH option for ctrl_iface BSS command to select
-	  which fields are included in the response
-	* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
-	  fetch information about several BSSes in one call
-	* simplified licensing terms by selecting the BSD license as the only
-	  alternative
-	* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
-	  disable channels from P2P use
-	* added p2p_pref_chan configuration parameter to allow preferred P2P
-	  channels to be specified
-	* added support for advertising immediate availability of a WPS
-	  credential for P2P use cases
-	* optimized scan operations for P2P use cases (use single channel scan
-	  for a specific SSID when possible)
-	* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
-	* SME: do not use reassociation after explicit disconnection request
-	  (local or a notification from an AP)
-	* added support for sending debug info to Linux tracing (-T on command
-	  line)
-	* added support for using Deauthentication reason code 3 as an
-	  indication of P2P group termination
-	* added wps_vendor_ext_m1 configuration parameter to allow vendor
-	  specific attributes to be added to WPS M1
-	* started using separate TLS library context for tunneled TLS
-	  (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
-	  certificate configuration between Phase 1 and Phase 2
-	* added optional "auto" parameter for p2p_connect to request automatic
-	  GO Negotiation vs. join-a-group selection
-	* added disabled_scan_offload parameter to disable automatic scan
-	  offloading (sched_scan)
-	* added optional persistent=<network id> parameter for p2p_connect to
-	  allow forcing of a specific SSID/passphrase for GO Negotiation
-	* added support for OBSS scan requests and 20/40 BSS coexistence reports
-	* reject PD Request for unknown group
-	* removed scripts and notes related to Windows binary releases (which
-	  have not been used starting from 1.x)
-	* added initial support for WNM operations
-	  - Keep-alive based on BSS max idle period
-	  - WNM-Sleep Mode
-	  - minimal BSS Transition Management processing
-	* added autoscan module to control scanning behavior while not connected
-	  - autoscan_periodic and autoscan_exponential modules
-	* added new WPS NFC ctrl_iface mechanism
-	  - added initial support NFC connection handover
-	  - removed obsoleted WPS_OOB command (including support for deprecated
-	    UFD config_method)
-	* added optional framework for external password storage ("ext:<name>")
-	* wpa_cli: added optional support for controlling wpa_supplicant
-	  remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
-	* wpa_cli: extended tab completion to more commands
-	* changed SSID output to use printf-escaped strings instead of masking
-	  of non-ASCII characters
-	  - SSID can now be configured in the same format: ssid=P"abc\x00test"
-	* removed default ACM=1 from AC_VO and AC_VI
-	* added optional "ht40" argument for P2P ctrl_iface commands to allow
-	  40 MHz channels to be requested on the 5 GHz band
-	* added optional parameters for p2p_invite command to specify channel
-	  when reinvoking a persistent group as the GO
-	* improved FIPS mode builds with OpenSSL
-	  - "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
-	    OpenSSL FIPS object module
-	  - replace low level OpenSSL AES API calls to use EVP
-	  - use OpenSSL keying material exporter when possible
-	  - do not export TLS keys in FIPS mode
-	  - remove MD5 from CONFIG_FIPS=y builds
-	  - use OpenSSL function for PKBDF2 passphrase-to-PSK
-	  - use OpenSSL HMAC implementation
-	  - mix RAND_bytes() output into random_get_bytes() to force OpenSSL
-	    DRBG to be used in FIPS mode
-	  - use OpenSSL CMAC implementation
-	* added mechanism to disable TLS Session Ticket extension
-	  - a workaround for servers that do not support TLS extensions that
-	    was enabled by default in recent OpenSSL versions
-	  - tls_disable_session_ticket=1
-	  - automatically disable TLS Session Ticket extension by default when
-	    using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
-	* changed VENDOR-TEST EAP method to use proper private enterprise number
-	  (this will not interoperate with older versions)
-	* disable network block temporarily on authentication failures
-	* improved WPS AP selection during WPS PIN iteration
-	* added support for configuring GCMP cipher for IEEE 802.11ad
-	* added support for Wi-Fi Display extensions
-	  - WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
-	  - SET wifi_display <0/1> to disable/enable WFD support
-	  - WFD service discovery
-	  - an external program is needed to manage the audio/video streaming
-	    and codecs
-	* optimized scan result use for network selection
-	  - use the internal BSS table instead of raw scan results
-	  - allow unnecessary scans to be skipped if fresh information is
-	    available (e.g., after GAS/ANQP round for Interworking)
-	* added support for 256-bit AES with internal TLS implementation
-	* allow peer to propose channel in P2P invitation process for a
-	  persistent group
-	* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
-	  from network selection
-	* re-enable the networks disabled during WPS operations
-	* allow P2P functionality to be disabled per interface (p2p_disabled=1)
-	* added secondary device types into P2P_PEER output
-	* added an option to disable use of a separate P2P group interface
-	  (p2p_no_group_iface=1)
-	* fixed P2P Bonjour SD to match entries with both compressed and not
-	  compressed domain name format and support multiple Bonjour PTR matches
-	  for the same key
-	* use deauthentication instead of disassociation for all disconnection
-	  operations; this removes the now unused disassociate() wpa_driver_ops
-	  callback
-	* optimized PSK generation on P2P GO by caching results to avoid
-	  multiple PBKDF2 operations
-	* added okc=1 global configuration parameter to allow OKC to be enabled
-	  by default for all network blocks
-	* added a workaround for WPS PBC session overlap detection to avoid
-	  interop issues with deployed station implementations that do not
-	  remove active PBC indication from Probe Request frames properly
-	* added basic support for 60 GHz band
-	* extend EAPOL frames processing workaround for roaming cases
-	  (postpone processing of unexpected EAPOL frame until association
-	  event to handle reordered events)
-
-2012-05-10 - v1.0
-	* bsd: Add support for setting HT values in IFM_MMASK.
-	* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
-	  This allows the driver to use PS buffering of Deauthentication and
-	  Disassociation frames when the STA is in power save sleep. Only
-	  available with drivers that provide TX status events for Deauth/
-	  Disassoc frames (nl80211).
-	* Drop oldest unknown BSS table entries first. This makes it less
-	  likely to hit connection issues in environments with huge number
-	  of visible APs.
-	* Add systemd support.
-	* Add support for setting the syslog facility from the config file
-	  at build time.
-	* atheros: Add support for IEEE 802.11w configuration.
-	* AP mode: Allow enable HT20 if driver supports it, by setting the
-	  config parameter ieee80211n.
-	* Allow AP mode to disconnect STAs based on low ACK condition (when
-	  the data connection is not working properly, e.g., due to the STA
-	  going outside the range of the AP). Disabled by default, enable by
-	  config option disassoc_low_ack.
-	* nl80211:
-	  - Support GTK rekey offload.
-	  - Support PMKSA candidate events. This adds support for RSN
-	    pre-authentication with nl80211 interface and drivers that handle
-	    roaming internally.
-	* dbus:
-	  - Add a DBus signal for EAP SM requests, emitted on the Interface
-	    object.
-	  - Export max scan ssids supported by the driver as MaxScanSSID.
-	  - Add signal Certification for information about server certification.
-	  - Add BSSExpireAge and BSSExpireCount interface properties and
-	    support set/get, which allows for setting BSS cache expiration age
-	    and expiration scan count.
-	  - Add ConfigFile to AddInterface properties.
-	  - Add Interface.Country property and support to get/set the value.
-	  - Add DBus property CurrentAuthMode.
-	  - P2P DBus API added.
-	  - Emit property changed events (for property BSSs) when adding/
-	    removing BSSs.
-	  - Treat '' in SSIDs of Interface.Scan as a request for broadcast
-	    scan, instead of ignoring it.
-	  - Add DBus getter/setter for FastReauth.
-	  - Raise PropertiesChanged on org.freedesktop.DBus.Properties.
-	* wpa_cli:
-	  - Send AP-STA-DISCONNECTED event when an AP disconnects a station
-	    due to inactivity.
-	  - Make second argument to set command optional. This can be used to
-	    indicate a zero length value.
-	  - Add signal_poll command.
-	  - Add bss_expire_age and bss_expire_count commands to set/get BSS
-	    cache expiration age and expiration scan count.
-	  - Add ability to set scan interval (the time in seconds wpa_s waits
-	    before requesting a new scan after failing to find a suitable
-	    network in scan results) using scan_interval command.
-	  - Add event CTRL-EVENT-ASSOC-REJECT for association rejected.
-	  - Add command get version, that returns wpa_supplicant version string.
-	  - Add command sta_autoconnect for disabling automatic reconnection
-	    on receiving disconnection event.
-	  - Setting bssid parameter to an empty string "" or any can now be
-	    used to clear the bssid_set flag in a network block, i.e., to remove
-	    bssid filtering.
-	  - Add tdls_testing command to add a special testing feature for
-	    changing TDLS behavior. Build param CONFIG_TDLS_TESTING must be
-	    enabled as well.
-	  - For interworking, add wpa_cli commands interworking_select,
-	    interworking_connect, anqp_get, fetch_anqp, and stop_fetch_anqp.
-	  - Many P2P commands were added. See README-P2P.
-	  - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
-	  - Allow set command to change global config parameters.
-	  - Add log_level command, which can be used to display the current
-	    debugging level and to change the log level during run time.
-	  - Add note command, which can be used to insert notes to the debug
-	    log.
-	  - Add internal line edit implementation. CONFIG_WPA_CLI_EDIT=y
-	    can now be used to build wpa_cli with internal implementation of
-	    line editing and history support. This can be used as a replacement
-	    for CONFIG_READLINE=y.
-	* AP mode: Add max_num_sta config option, which can be used to limit
-	  the number of stations allowed to connect to the AP.
-	* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
-	  config file.
-	* wext: Increase scan timeout from 5 to 10 seconds.
-	* Add blacklist command, allowing an external program to
-	  manage the BSS blacklist and display its current contents.
-	* WPS:
-	  - Add wpa_cli wps_pin get command for generating random PINs. This can
-	    be used in a UI to generate a PIN without starting WPS (or P2P)
-	    operation.
-	  - Set RF bands based on driver capabilities, instead of hardcoding
-	    them.
-	  - Add mechanism for indicating non-standard WPS errors.
-	  - Add CONFIG_WPS_REG_DISABLE_OPEN=y option to disable open networks
-	    by default.
-	  - Add wps_ap_pin cli command for wpa_supplicant AP mode.
-	  - Add wps_check_pin cli command for processing PIN from user input.
-	    UIs can use this command to process a PIN entered by a user and to
-	    validate the checksum digit (if present).
-	  - Cancel WPS operation on PBC session overlap detection.
-	  - New wps_cancel command in wpa_cli will cancel a pending WPS
-	    operation.
-	  - wpa_cli action: Add WPS_EVENT_SUCCESS and WPS_EVENT_FAIL handlers.
-	  - Trigger WPS config update on Manufacturer, Model Name, Model
-	    Number, and Serial Number changes.
-	  - Fragment size is now configurable for EAP-WSC peer. Use
-	    wpa_cli set wps_fragment_size <val>.
-	  - Disable AP PIN after 10 consecutive failures. Slow down attacks on
-	    failures up to 10.
-	  - Allow AP to start in Enrollee mode without AP PIN for probing, to
-	    be compatible with Windows 7.
-	  - Add Config Error into WPS-FAIL events to provide more info to the
-	    user on how to resolve the issue.
-	  - Label and Display config methods are not allowed to be enabled
-	    at the same time, since it is unclear which PIN to use if both
-	    methods are advertised.
-	  - When controlling multiple interfaces:
-	     - apply WPS commands to all interfaces configured to use WPS
-	     - apply WPS config changes to all interfaces that use WPS
-	     - when an attack is detected on any interface, disable AP PIN on
-	       all interfaces
-	* WPS ER:
-	  - Add special AP Setup Locked mode to allow read only ER.
-	    ap_setup_locked=2 can now be used to enable a special mode where
-	    WPS ER can learn the current AP settings, but cannot change them.
-	  - Show SetSelectedRegistrar events as ctrl_iface events
-	  - Add wps_er_set_config to enroll a network based on a local
-	    network configuration block instead of having to (re-)learn the
-	    current AP settings with wps_er_learn.
-	  - Allow AP filtering based on IP address, add ctrl_iface event for
-	    learned AP settings, add wps_er_config command to configure an AP.
-	* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
-	  - Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
-	    for testing protocol extensibility.
-	  - Add build option CONFIG_WPS_STRICT to allow disabling of WPS
-	    workarounds.
-	  - Add support for AuthorizedMACs attribute.
-	* TDLS:
-	  - Propagate TDLS related nl80211 capability flags from kernel and
-	    add them as driver capability flags. If the driver doesn't support
-	    capabilities, assume TDLS is supported internally. When TDLS is
-	    explicitly not supported, disable all user facing TDLS operations.
-	  - Allow TDLS to be disabled at runtime (mostly for testing).
-	    Use set tdls_disabled.
-	  - Honor AP TDLS settings that prohibit/allow TDLS.
-	  - Add a special testing feature for changing TDLS behavior. Use
-	    CONFIG_TDLS_TESTING build param to enable. Configure at runtime
-	    with tdls_testing cli command.
-	  - Add support for TDLS 802.11z.
-	* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
-	  wlantest can be used to capture frames from a monitor interface
-	  for realtime capturing or from pcap files for offline analysis.
-	* Interworking: Support added for 802.11u. Enable in .config with
-	  CONFIG_INTERWORKING. See wpa_supplicant.conf for config parameters
-	  for interworking. wpa_cli commands added to support this are
-	  interworking_select, interworking_connect, anqp_get, fetch_anqp,
-	  and stop_fetch_anqp.
-	* Android: Add build and runtime support for Android wpa_supplicant.
-	* bgscan learn: Add new bgscan that learns BSS information based on
-	  previous scans, and uses that information to dynamically generate
-	  the list of channels for background scans.
-	* Add a new debug message level for excessive information. Use
-	  -ddd to enable.
-	* TLS: Add support for tls_disable_time_checks=1 in client mode.
-	* Internal TLS:
-	  - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
-	    CONFIG_TLSV11.
-	  - Add domainComponent parser for X.509 names.
-	* Linux: Add RFKill support by adding an interface state "disabled".
-	* Reorder some IEs to get closer to IEEE 802.11 standard. Move
-	  WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
-	  Move HT IEs to be later in (Re)Assoc Resp.
-	* Solaris: Add support for wired 802.1X client.
-	* Wi-Fi Direct support. See README-P2P for more information.
-	* Many bugfixes.
-
-2010-04-18 - v0.7.2
-	* nl80211: fixed number of issues with roaming
-	* avoid unnecessary roaming if multiple APs with similar signal
-	  strength are present in scan results
-	* add TLS client events and server probing to ease design of
-	  automatic detection of EAP parameters
-	* add option for server certificate matching (SHA256 hash of the
-	  certificate) instead of trusted CA certificate configuration
-	* bsd: Cleaned up driver wrapper and added various low-level
-	  configuration options
-	* wpa_gui-qt4: do not show too frequent WPS AP available events as
-	  tray messages
-	* TNC: fixed issues with fragmentation
-	* EAP-TNC: add Flags field into fragment acknowledgement (needed to
-	  interoperate with other implementations; may potentially breaks
-	  compatibility with older wpa_supplicant/hostapd versions)
-	* wpa_cli: added option for using a separate process to receive event
-	  messages to reduce latency in showing these
-	  (CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
-	* maximum BSS table size can now be configured (bss_max_count)
-	* BSSes to be included in the BSS table can be filtered based on
-	  configured SSIDs to save memory (filter_ssids)
-	* fix number of issues with IEEE 802.11r/FT; this version is not
-	  backwards compatible with old versions
-	* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
-	  and over-the-DS)
-	* add freq_list network configuration parameter to allow the AP
-	  selection to filter out entries based on the operating channel
-	* add signal strength change events for bgscan; this allows more
-	  dynamic changes to background scanning interval based on changes in
-	  the signal strength with the current AP; this improves roaming within
-	  ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
-	  configuration block to request background scans less frequently when
-	  signal strength remains good and to automatically trigger background
-	  scans whenever signal strength drops noticeably
-	  (this is currently only available with nl80211)
-	* add BSSID and reason code (if available) to disconnect event messages
-	* wpa_gui-qt4: more complete support for translating the GUI with
-	  linguist and add German translation
-	* fix DH padding with internal crypto code (mainly, for WPS)
-	* do not trigger initial scan automatically anymore if there are no
-	  enabled networks
-
-2010-01-16 - v0.7.1
-	* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
-	  is not fully backwards compatible, so out-of-tree driver wrappers
-	  will need modifications
-	* cleaned up various module interfaces
-	* merge hostapd and wpa_supplicant developers' documentation into a
-	  single document
-	* nl80211: use explicit deauthentication to clear cfg80211 state to
-	  avoid issues when roaming between APs
-	* dbus: major design changes in the new D-Bus API
-	  (fi.w1.wpa_supplicant1)
-	* nl80211: added support for IBSS networks
-	* added internal debugging mechanism with backtrace support and memory
-	  allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
-	* added WPS ER unsubscription command to more cleanly unregister from
-	  receiving UPnP events when ER is terminated
-	* cleaned up AP mode operations to avoid need for virtual driver_ops
-	  wrapper
-	* added BSS table to maintain more complete scan result information
-	  over multiple scans (that may include only partial results)
-	* wpa_gui-qt4: update Peers dialog information more dynamically while
-	  the dialog is kept open
-	* fixed PKCS#12 use with OpenSSL 1.0.0
-	* driver_wext: Added cfg80211-specific optimization to avoid some
-	  unnecessary scans and to speed up association
-
-2009-11-21 - v0.7.0
-	* increased wpa_cli ping interval to 5 seconds and made this
-	  configurable with a new command line options (-G<seconds>)
-	* fixed scan buffer processing with WEXT to handle up to 65535
-	  byte result buffer (previously, limited to 32768 bytes)
-	* allow multiple driver wrappers to be specified on command line
-	  (e.g., -Dnl80211,wext); the first one that is able to initialize the
-	  interface will be used
-	* added support for multiple SSIDs per scan request to optimize
-	  scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
-	  SSIDs); this requires driver support and can currently be used only
-	  with nl80211
-	* added support for WPS USBA out-of-band mechanism with USB Flash
-	  Drives (UFD) (CONFIG_WPS_UFD=y)
-	* driver_ndis: add PAE group address to the multicast address list to
-	  fix wired IEEE 802.1X authentication
-	* fixed IEEE 802.11r key derivation function to match with the standard
-	  (note: this breaks interoperability with previous version) [Bug 303]
-	* added better support for drivers that allow separate authentication
-	  and association commands (e.g., mac80211-based Linux drivers with
-	  nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
-	  to be used (IEEE 802.11r)
-	* fixed SHA-256 based key derivation function to match with the
-	  standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
-	  (note: this breaks interoperability with previous version) [Bug 307]
-	* use shared driver wrapper files with hostapd
-	* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
-	  block; this can be used for open and WPA2-Personal networks
-	  (optionally, with WPS); this links in parts of hostapd functionality
-	  into wpa_supplicant
-	* wpa_gui-qt4: added new Peers dialog to show information about peers
-	  (other devices, including APs and stations, etc. in the neighborhood)
-	* added support for WPS External Registrar functionality (configure APs
-	  and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
-	  and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
-	  wps_er_pbc, wps_er_learn
-	  (this can also be used with a new 'none' driver wrapper if no
-	  wireless device or IEEE 802.1X on wired is needed)
-	* driver_nl80211: multiple updates to provide support for new Linux
-	  nl80211/mac80211 functionality
-	* updated management frame protection to use IEEE Std 802.11w-2009
-	* fixed number of small WPS issues and added workarounds to
-	  interoperate with common deployed broken implementations
-	* added support for NFC out-of-band mechanism with WPS
-	* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
-	  address frames
-	* added preliminary support for IEEE 802.11r RIC processing
-	* added support for specifying subset of enabled frequencies to scan
-	  (scan_freq option in the network configuration block); this can speed
-	  up scanning process considerably if it is known that only a small
-	  subset of channels is actually used in the network (this is currently
-	  supported only with -Dnl80211)
-	* added a workaround for race condition between receiving the
-	  association event and the following EAPOL-Key
-	* added background scan and roaming infrastructure to allow
-	  network-specific optimizations to be used to improve roaming within
-	  an ESS (same SSID)
-	* added new DBus interface (fi.w1.wpa_supplicant1)
-
-2009-01-06 - v0.6.7
-	* added support for Wi-Fi Protected Setup (WPS)
-	  (wpa_supplicant can now be configured to act as a WPS Enrollee to
-	  enroll credentials for a network using PIN and PBC methods; in
-	  addition, wpa_supplicant can act as a wireless WPS Registrar to
-	  configure an AP); WPS support can be enabled by adding CONFIG_WPS=y
-	  into .config and setting the runtime configuration variables in
-	  wpa_supplicant.conf (see WPS section in the example configuration
-	  file); new wpa_cli commands wps_pin, wps_pbc, and wps_reg are used to
-	  manage WPS negotiation; see README-WPS for more details
-	* added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
-	* added support for using driver_test over UDP socket
-	* fixed PEAPv0 Cryptobinding interoperability issue with Windows Server
-	  2008 NPS; optional cryptobinding is now enabled (again) by default
-	* fixed PSK editing in wpa_gui
-	* changed EAP-GPSK to use the IANA assigned EAP method type 51
-	* added a Windows installer that includes WinPcap and all the needed
-	  DLLs; in addition, it set up the registry automatically so that user
-	  will only need start wpa_gui to get prompted to start the wpasvc
-	  servide and add a new interface if needed through wpa_gui dialog
-	* updated management frame protection to use IEEE 802.11w/D7.0
-
-2008-11-23 - v0.6.6
-	* added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
-	  (can be used to simulate test SIM/USIM card with a known private key;
-	  enable with CONFIG_SIM_SIMULATOR=y/CONFIG_USIM_SIMULATOR=y in .config
-	  and password="Ki:OPc"/password="Ki:OPc:SQN" in network configuration)
-	* added a new network configuration option, wpa_ptk_rekey, that can be
-	  used to enforce frequent PTK rekeying, e.g., to mitigate some attacks
-	  against TKIP deficiencies
-	* added an optional mitigation mechanism for certain attacks against
-	  TKIP by delaying Michael MIC error reports by a random amount of time
-	  between 0 and 60 seconds; this can be enabled with a build option
-	  CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config
-	* fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
-	  not bytes
-	* updated OpenSSL code for EAP-FAST to use an updated version of the
-	  session ticket overriding API that was included into the upstream
-	  OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
-	  needed with that version anymore)
-	* updated userspace MLME instructions to match with the current Linux
-	  mac80211 implementation; please also note that this can only be used
-	  with driver_nl80211.c (the old code from driver_wext.c was removed)
-	* added support (Linux only) for RoboSwitch chipsets (often found in
-	  consumer grade routers); driver interface 'roboswitch'
-	* fixed canceling of PMKSA caching when using drivers that generate
-	  RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know
-	  about
-
-2008-11-01 - v0.6.5
-	* added support for SHA-256 as X.509 certificate digest when using the
-	  internal X.509/TLSv1 implementation
-	* updated management frame protection to use IEEE 802.11w/D6.0
-	* added support for using SHA256-based stronger key derivation for WPA2
-	  (IEEE 802.11w)
-	* fixed FT (IEEE 802.11r) authentication after a failed association to
-	  use correct FTIE
-	* added support for configuring Phase 2 (inner/tunneled) authentication
-	  method with wpa_gui-qt4
-
-2008-08-10 - v0.6.4
-	* added support for EAP Sequences in EAP-FAST Phase 2
-	* added support for using TNC with EAP-FAST
-	* added driver_ps3 for the PS3 Linux wireless driver
-	* added support for optional cryptobinding with PEAPv0
-	* fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
-	  allow fallback to full handshake if server rejects PAC-Opaque
-	* added fragmentation support for EAP-TNC
-	* added support for parsing PKCS #8 formatted private keys into the
-	  internal TLS implementation (both PKCS #1 RSA key and PKCS #8
-	  encapsulated RSA key can now be used)
-	* added option of using faster, but larger, routines in the internal
-	  LibTomMath (for internal TLS implementation) to speed up DH and RSA
-	  calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y)
-	* fixed race condition between disassociation event and group key
-	  handshake to avoid getting stuck in incorrect state [Bug 261]
-	* fixed opportunistic key caching (proactive_key_caching)
-
-2008-02-22 - v0.6.3
-	* removed 'nai' and 'eappsk' network configuration variables that were
-	  previously used for configuring user identity and key for EAP-PSK,
-	  EAP-PAX, EAP-SAKE, and EAP-GPSK. 'identity' field is now used as the
-	  replacement for 'nai' (if old configuration used a separate
-	  'identity' value, that would now be configured as
-	  'anonymous_identity'). 'password' field is now used as the
-	  replacement for 'eappsk' (it can also be set using hexstring to
-	  present random binary data)
-	* removed '-w' command line parameter (wait for interface to be added,
-	  if needed); cleaner way of handling this functionality is to use an
-	  external mechanism (e.g., hotplug scripts) that start wpa_supplicant
-	  when an interface is added
-	* updated FT support to use the latest draft, IEEE 802.11r/D9.0
-	* added ctrl_iface monitor event (CTRL-EVENT-SCAN-RESULTS) for
-	  indicating when new scan results become available
-	* added new ctrl_iface command, BSS, to allow scan results to be
-	  fetched without hitting the message size limits (this command
-	  can be used to iterate through the scan results one BSS at the time)
-	* fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
-	  attributes in EAP-SIM Start/Response when using fast reauthentication
-	* fixed EAPOL not to end up in infinite loop when processing dynamic
-	  WEP keys with IEEE 802.1X
-	* fixed problems in getting NDIS events from WMI on Windows 2000
-
-2008-01-01 - v0.6.2
-	* added support for Makefile builds to include debug-log-to-a-file
-	  functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
-	* fixed EAP-SIM and EAP-AKA message parser to validate attribute
-	  lengths properly to avoid potential crash caused by invalid messages
-	* added data structure for storing allocated buffers (struct wpabuf);
-	  this does not affect wpa_supplicant usage, but many of the APIs
-	  changed and various interfaces (e.g., EAP) is not compatible with old
-	  versions
-	* added support for protecting EAP-AKA/Identity messages with
-	  AT_CHECKCODE (optional feature in RFC 4187)
-	* added support for protected result indication with AT_RESULT_IND for
-	  EAP-SIM and EAP-AKA (phase1="result_ind=1")
-	* added driver_wext workaround for race condition between scanning and
-	  association with drivers that take very long time to scan all
-	  channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
-	  using a longer hardcoded timeout for the scan if the driver supports
-	  notifications for scan completion (SIOCGIWSCAN event); this helps,
-	  e.g., in cases where wpa_supplicant and madwifi driver ended up in
-	  loop where the driver did not even try to associate
-	* stop EAPOL timer tick when no timers are in use in order to reduce
-	  power consumption (no need to wake up the process once per second)
-	  [Bug 237]
-	* added support for privilege separation (run only minimal part of
-	  wpa_supplicant functionality as root and rest as unprivileged,
-	  non-root process); see 'Privilege separation' in README for details;
-	  this is disabled by default and can be enabled with CONFIG_PRIVSEP=y
-	  in .config
-	* changed scan results data structure to include all information
-	  elements to make it easier to support new IEs; old get_scan_result()
-	  driver_ops is still supported for backwards compatibility (results
-	  are converted internally to the new format), but all drivers should
-	  start using the new get_scan_results2() to make them more likely to
-	  work with new features
-	* Qt4 version of wpa_gui (wpa_gui-qt4 subdirectory) is now native Qt4
-	  application, i.e., it does not require Qt3Support anymore; Windows
-	  binary of wpa_gui.exe is now from this directory and only requires
-	  QtCore4.dll and QtGui4.dll libraries
-	* updated Windows binary build to use Qt 4.3.3 and made Qt DLLs
-	  available as a separate package to make wpa_gui installation easier:
-	  http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip
-	* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
-	  only shared key/password authentication is supported in this version
-
-2007-11-24 - v0.6.1
-	* added support for configuring password as NtPasswordHash
-	  (16-byte MD4 hash of password) in hash:<32 hex digits> format
-	* added support for fallback from abbreviated TLS handshake to
-	  full handshake when using EAP-FAST (e.g., due to an expired
-	  PAC-Opaque)
-	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-	  draft (draft-ietf-emu-eap-gpsk-07.txt)
-	* added support for drivers that take care of RSN 4-way handshake
-	  internally (WPA_DRIVER_FLAGS_4WAY_HANDSHAKE in get_capa flags and
-	  WPA_ALG_PMK in set_key)
-	* added an experimental port for Mac OS X (CONFIG_DRIVER_OSX=y in
-	  .config); this version supports only ap_scan=2 mode and allow the
-	  driver to take care of the 4-way handshake
-	* fixed a buffer overflow in parsing TSF from scan results when using
-	  driver_wext.c with a driver that includes the TSF (e.g., iwl4965)
-	  [Bug 232]
-	* updated FT support to use the latest draft, IEEE 802.11r/D8.0
-	* fixed an integer overflow issue in the ASN.1 parser used by the
-	  (experimental) internal TLS implementation to avoid a potential
-	  buffer read overflow
-	* fixed a race condition with -W option (wait for a control interface
-	  monitor before starting) that could have caused the first messages to
-	  be lost
-	* added support for processing TNCC-TNCS-Messages to report
-	  recommendation (allow/none/isolate) when using TNC [Bug 243]
-
-2007-05-28 - v0.6.0
-	* added network configuration parameter 'frequency' for setting
-	  initial channel for IBSS (adhoc) networks
-	* added experimental IEEE 802.11r/D6.0 support
-	* updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
-	* updated EAP-PSK to use the IANA-allocated EAP type 47
-	* fixed EAP-PAX key derivation
-	* fixed EAP-PSK bit ordering of the Flags field
-	* fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
-	  tunnelled identity request (previously, the identifier from the outer
-	  method was used, not the tunnelled identifier which could be
-	  different)
-	* added support for fragmentation of outer TLS packets during Phase 2
-	  of EAP-PEAP/TTLS/FAST
-	* fixed EAP-TTLS AVP parser processing for too short AVP lengths
-	* added support for EAP-FAST authentication with inner methods that
-	  generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported
-	  for PAC provisioning)
-	* added support for authenticated EAP-FAST provisioning
-	* added support for configuring maximum number of EAP-FAST PACs to
-	  store in a PAC list (fast_max_pac_list_len=<max> in phase1 string)
-	* added support for storing EAP-FAST PACs in binary format
-	  (fast_pac_format=binary in phase1 string)
-	* fixed dbus ctrl_iface to validate message interface before
-	  dispatching to avoid a possible segfault [Bug 190]
-	* fixed PeerKey key derivation to use the correct PRF label
-	* updated Windows binary build to link against OpenSSL 0.9.8d and
-	  added support for EAP-FAST
-	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-	  draft (draft-ietf-emu-eap-gpsk-04.txt)
-	* fixed EAP-AKA Notification processing to allow Notification to be
-	  processed after AKA Challenge response has been sent
-	* updated to use IEEE 802.11w/D2.0 for management frame protection
-	  (still experimental)
-	* fixed EAP-TTLS implementation not to crash on use of freed memory
-	  if TLS library initialization fails
-	* added support for EAP-TNC (Trusted Network Connect)
-	  (this version implements the EAP-TNC method and EAP-TTLS changes
-	  needed to run two methods in sequence (IF-T) and the IF-IMC and
-	  IF-TNCCS interfaces from TNCC)
-
-2006-11-24 - v0.5.6
-	* added experimental, integrated TLSv1 client implementation with the
-	  needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
-	  setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
-	  .config); this can be useful, e.g., if the target system does not
-	  have a suitable TLS library and a minimal code size is required
-	  (total size of this internal TLS/crypto code is bit under 50 kB on
-	  x86 and the crypto code is shared by rest of the supplicant so some
-	  of it was already required; TLSv1/X.509/ASN.1/RSA added about 25 kB)
-	* removed STAKey handshake since PeerKey handshake has replaced it in
-	  IEEE 802.11ma and there are no known deployments of STAKey
-	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-	  draft (draft-ietf-emu-eap-gpsk-01.txt)
-	* added preliminary implementation of IEEE 802.11w/D1.0 (management
-	  frame protection)
-	  (Note: this requires driver support to work properly.)
-	  (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
-	* fixed Windows named pipes ctrl_iface to not stop listening for
-	  commands if client program opens a named pipe and closes it
-	  immediately without sending a command
-	* fixed USIM PIN status determination for the case that PIN is not
-	  needed (this allows EAP-AKA to be used with USIM cards that do not
-	  use PIN)
-	* added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
-	  be used with cards that do not support file selection based on
-	  partial AID
-	* added support for matching the subjectAltName of the authentication
-	  server certificate against multiple name components (e.g.,
-	  altsubject_match="DNS:server.example.com;DNS:server2.example.com")
-	* fixed EAP-SIM/AKA key derivation for re-authentication case (only
-	  affects IEEE 802.1X with dynamic WEP keys)
-	* changed ctrl_iface network configuration 'get' operations to not
-	  return password/key material; if these fields are requested, "*"
-	  will be returned if the password/key is set, but the value of the
-	  parameter is not exposed
-
-2006-08-27 - v0.5.5
-	* added support for building Windows version with UNICODE defined
-	  (wide-char functions)
-	* driver_ndis: fixed static WEP configuration to avoid race condition
-	  issues with some NDIS drivers between association and setting WEP
-	  keys
-	* driver_ndis: added validation for IELength value in scan results to
-	  avoid crashes when using buggy NDIS drivers [Bug 165]
-	* fixed Release|Win32 target in the Visual Studio project files
-	  (previously, only Debug|Win32 target was set properly)
-	* changed control interface API call wpa_ctrl_pending() to allow it to
-	  return -1 on error (e.g., connection lost); control interface clients
-	  will need to make sure that they verify that the value is indeed >0
-	  when determining whether there are pending messages
-	* added an alternative control interface backend for Windows targets:
-	  Named Pipe (CONFIG_CTRL_IFACE=named_pipe); this is now the default
-	  control interface mechanism for Windows builds (previously, UDP to
-	  localhost was used)
-	* changed ctrl_interface configuration for UNIX domain sockets:
-	  - deprecated ctrl_interface_group variable (it may be removed in
-	    future versions)
-	  - allow both directory and group be configured with ctrl_interface
-	    in following format: DIR=/var/run/wpa_supplicant GROUP=wheel
-	  - ctrl_interface=/var/run/wpa_supplicant is still supported for the
-	    case when group is not changed
-	* added support for controlling more than one interface per process in
-	  Windows version
-	* added a workaround for a case where the AP is using unknown address
-	  (e.g., MAC address of the wired interface) as the source address for
-	  EAPOL-Key frames; previously, that source address was used as the
-	  destination for EAPOL-Key frames and in key derivation; now, BSSID is
-	  used even if the source address does not match with it
-	  (this resolves an interoperability issue with Thomson SpeedTouch 580)
-	* added a workaround for UDP-based control interface (which was used in
-	  Windows builds before this release) to prevent packets with forged
-	  addresses from being accepted as local control requests
-	* removed ndis_events.cpp and possibility of using external
-	  ndis_events.exe; C version (ndis_events.c) is fully functional and
-	  there is no desire to maintain two separate versions of this
-	  implementation
-	* ndis_events: Changed NDIS event notification design to use WMI to
-	  learn the adapter description through Win32_PnPEntity class; this
-	  should fix some cases where the adapter name was not recognized
-	  correctly (e.g., with some USB WLAN adapters, e.g., Ralink RT2500
-	  USB) [Bug 113]
-	* fixed selection of the first network in ap_scan=2 mode; previously,
-	  wpa_supplicant could get stuck in SCANNING state when only the first
-	  network for enabled (e.g., after 'wpa_cli select_network 0')
-	* winsvc: added support for configuring ctrl_interface parameters in
-	  registry (ctrl_interface string value in
-	  HKLM\SOFTWARE\wpa_supplicant\interfaces\0000 key); this new value is
-	  required to enable control interface (previously, this was hardcoded
-	  to be enabled)
-	* allow wpa_gui subdirectory to be built with both Qt3 and Qt4
-	* converted wpa_gui-qt4 subdirectory to use Qt4 specific project format
-
-2006-06-20 - v0.5.4
-	* fixed build with CONFIG_STAKEY=y [Bug 143]
-	* added support for doing MLME (IEEE 802.11 management frame
-	  processing) in wpa_supplicant when using Devicescape IEEE 802.11
-	  stack (wireless-dev.git tree)
-	* added a new network block configuration option, fragment_size, to
-	  configure the maximum EAP fragment size
-	* driver_ndis: Disable WZC automatically for the selected interface to
-	  avoid conflicts with two programs trying to control the radio; WZC
-	  will be re-enabled (if it was enabled originally) when wpa_supplicant
-	  is terminated
-	* added an experimental TLSv1 client implementation
-	  (CONFIG_TLS=internal) that can be used instead of an external TLS
-	  library, e.g., to reduce total size requirement on systems that do
-	  not include any TLS library by default (this is not yet complete;
-	  basic functionality is there, but certificate validation is not yet
-	  included)
-	* added PeerKey handshake implementation for IEEE 802.11e
-	  direct link setup (DLS) to replace STAKey handshake
-	* fixed WPA PSK update through ctrl_iface for the case where the old
-	  PSK was derived from an ASCII passphrase and the new PSK is set as
-	  a raw PSK (hex string)
-	* added new configuration option for identifying which network block
-	  was used (id_str in wpa_supplicant.conf; included on
-	  WPA_EVENT_CONNECT monitor event and as WPA_ID_STR environmental
-	  variable in wpa_cli action scripts; in addition WPA_ID variable is
-	  set to the current unique identifier that wpa_supplicant assigned
-	  automatically for the network and that can be used with
-	  GET_NETWORK/SET_NETWORK ctrl_iface commands)
-	* wpa_cli action script is now called only when the connect/disconnect
-	  status changes or when associating with a different network
-	* fixed configuration parser not to remove CCMP from group cipher list
-	  if WPA-None (adhoc) is used (pairwise=NONE in that case)
-	* fixed integrated NDIS events processing not to hang the process due
-	  to a missed change in eloop_win.c API in v0.5.3 [Bug 155]
-	* added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
-	  draft-clancy-emu-eap-shared-secret-00.txt)
-	* added Microsoft Visual Studio 2005 solution and project files for
-	  build wpa_supplicant for Windows (see vs2005 subdirectory)
-	* eloop_win: fixed unregistration of Windows events
-	* l2_packet_winpcap: fixed a deadlock in deinitializing l2_packet
-	  at the end of RSN pre-authentication and added unregistration of
-	  a Windows event to avoid getting eloop_win stuck with an invalid
-	  handle
-	* driver_ndis: added support for selecting AP based on BSSID
-	* added new environmental variable for wpa_cli action scripts:
-	  WPA_CTRL_DIR is the current control interface directory
-	* driver_ndis: added support for using NDISUIO instead of WinPcap for
-	  OID set/query operations (CONFIG_USE_NDISUIO=y in .config); with new
-	  l2_packet_ndis (CONFIG_L2_PACKET=ndis), this can be used to build
-	  wpa_supplicant without requiring WinPcap; note that using NDISUIO
-	  requires that WZC is disabled (net stop wzcsvc) since NDISUIO allows
-	  only one application to open the device
-	* changed NDIS driver naming to only include device GUID, e.g.,
-	  {7EE3EFE5-C165-472F-986D-F6FBEDFE8C8D}, instead of including WinPcap
-	  specific \Device\NPF_ prefix before the GUID; the prefix is still
-	  allowed for backwards compatibility, but it is not required anymore
-	  when specifying the interface
-	* driver_ndis: re-initialize driver interface is the adapter is removed
-	  and re-inserted [Bug 159]
-	* driver_madwifi: fixed TKIP and CCMP sequence number configuration on
-	  big endian hosts [Bug 146]
-
-2006-04-27 - v0.5.3
-	* fixed EAP-GTC response to include correct user identity when run as
-	  phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2)
-	* driver_ndis: Fixed encryption mode configuration for unencrypted
-	  networks (some NDIS drivers ignored this, but others, e.g., Broadcom,
-	  refused to associate with open networks) [Bug 106]
-	* driver_ndis: use BSSID OID polling to detect when IBSS network is
-	  formed even when ndis_events code is included since some NDIS drivers
-	  do not generate media connect events in IBSS mode
-	* config_winreg: allow global ctrl_interface parameter to be configured
-	  in Windows registry
-	* config_winreg: added support for saving configuration data into
-	  Windows registry
-	* added support for controlling network device operational state
-	  (dormant/up) for Linux 2.6.17 to improve DHCP processing (see
-	  http://www.flamewarmaster.de/software/dhcpclient/ for a DHCP client
-	  that can use this information)
-	* driver_wext: added support for WE-21 change to SSID configuration
-	* driver_wext: fixed privacy configuration for static WEP keys mode
-	  [Bug 140]
-	* added an optional driver_ops callback for MLME-SETPROTECTION.request
-	  primitive
-	* added support for EAP-SAKE (no EAP method number allocated yet, so
-	  this is using the same experimental type 255 as EAP-PSK)
-	* added support for dynamically loading EAP methods (.so files) instead
-	  of requiring them to be statically linked in; this is disabled by
-	  default (see CONFIG_DYNAMIC_EAP_METHODS in defconfig for information
-	  on how to use this)
-
-2006-03-19 - v0.5.2
-	* do not try to use USIM APDUs when initializing PC/SC for SIM card
-	  access for a network that has not enabled EAP-AKA
-	* fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
-	  v0.5.1 due to the new support for expanded EAP types)
-	* added support for generating EAP Expanded Nak
-	* try to fetch scan results once before requesting new scan when
-	  starting up in ap_scan=1 mode (this can speed up initial association
-	  a lot with, e.g., madwifi-ng driver)
-	* added support for receiving EAPOL frames from a Linux bridge
-	  interface (-bbr0 on command line)
-	* fixed EAPOL re-authentication for sessions that used PMKSA caching
-	* changed EAP method registration to use a dynamic list of methods
-	  instead of a static list generated at build time
-	* fixed PMKSA cache deinitialization not to use freed memory when
-	  removing PMKSA entries
-	* fixed a memory leak in EAP-TTLS re-authentication
-	* reject WPA/WPA2 message 3/4 if it does not include any valid
-	  WPA/RSN IE
-	* driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg
-	  if the driver does not support SIOCSIWAUTH
-
-2006-01-29 - v0.5.1
-	* driver_test: added better support for multiple APs and STAs by using
-	  a directory with sockets that include MAC address for each device in
-	  the name (driver_param=test_dir=/tmp/test)
-	* added support for EAP expanded type (vendor specific EAP methods)
-	* added AP_SCAN command into ctrl_iface so that ap_scan configuration
-	  option can be changed if needed
-	* wpa_cli/wpa_gui: skip non-socket files in control directory when
-	  using UNIX domain sockets; this avoids selecting an incorrect
-	  interface (e.g., a PID file could be in this directory, even though
-	  use of this directory for something else than socket files is not
-	  recommended)
-	* fixed TLS library deinitialization after RSN pre-authentication not
-	  to disable TLS library for normal authentication
-	* driver_wext: Remove null-termination from SSID length if the driver
-	  used it; some Linux drivers do this and they were causing problems in
-	  wpa_supplicant not finding matching configuration block. This change
-	  would break a case where the SSID actually ends in '\0', but that is
-	  not likely to happen in real use.
-	* fixed PMKSA cache processing not to trigger deauthentication if the
-	  current PMKSA cache entry is replaced with a valid new entry
-	* fixed PC/SC initialization for ap_scan != 1 modes (this fixes
-	  EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
-	  ap_scan=2)
-
-2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
-	* added experimental STAKey handshake implementation for IEEE 802.11e
-	  direct link setup (DLS); note: this is disabled by default in both
-	  build and runtime configuration (can be enabled with CONFIG_STAKEY=y
-	  and stakey=1)
-	* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
-	  decrypt AT_ENCR_DATA attributes correctly
-	* fixed EAP-AKA to allow resynchronization within the same session
-	* made code closer to ANSI C89 standard to make it easier to port to
-	  other C libraries and compilers
-	* started moving operating system or C library specific functions into
-	  wrapper functions defined in os.h and implemented in os_*.c to make
-	  code more portable
-	* wpa_supplicant can now be built with Microsoft Visual C++
-	  (e.g., with the freely available Toolkit 2003 version or Visual
-	  C++ 2005 Express Edition and Platform SDK); see nmake.mak for an
-	  example makefile for nmake
-	* added support for using Windows registry for command line parameters
-	  (CONFIG_MAIN=main_winsvc) and configuration data
-	  (CONFIG_BACKEND=winreg); see win_example.reg for an example registry
-	  contents; this version can be run both as a Windows service and as a
-	  normal application; 'wpasvc.exe app' to start as applicant,
-	  'wpasvc.exe reg <full path to wpasvc.exe>' to register a service,
-	  'net start wpasvc' to start the service, 'wpasvc.exe unreg' to
-	  unregister a service
-	* made it possible to link ndis_events.exe functionality into
-	  wpa_supplicant.exe by defining CONFIG_NDIS_EVENTS_INTEGRATED
-	* added better support for multiple control interface backends
-	  (CONFIG_CTRL_IFACE option); currently, 'unix' and 'udp' are supported
-	* fixed PC/SC code to use correct length for GSM AUTH command buffer
-	  and to not use pioRecvPci with SCardTransmit() calls; these were not
-	  causing visible problems with pcsc-lite, but Windows Winscard.dll
-	  refused the previously used parameters; this fixes EAP-SIM and
-	  EAP-AKA authentication using SIM/USIM card under Windows
-	* added new event loop implementation for Windows using
-	  WaitForMultipleObject() instead of select() in order to allow waiting
-	  for non-socket objects; this can be selected with
-	  CONFIG_ELOOP=eloop_win in .config
-	* added support for selecting l2_packet implementation in .config
-	  (CONFIG_L2_PACKET; following options are available now: linux, pcap,
-	  winpcap, freebsd, none)
-	* added new l2_packet implementation for WinPcap
-	  (CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to
-	  reduce latency in EAPOL receive processing from about 100 ms to about
-	  3 ms
-	* added support for EAP-FAST key derivation using other ciphers than
-	  RC4-128-SHA for authentication and AES128-SHA for provisioning
-	* added support for configuring CA certificate as DER file and as a
-	  configuration blob
-	* fixed private key configuration as configuration blob and added
-	  support for using PKCS#12 as a blob
-	* tls_gnutls: added support for using PKCS#12 files; added support for
-	  session resumption
-	* added support for loading trusted CA certificates from Windows
-	  certificate store: ca_cert="cert_store://<name>", where <name> is
-	  likely CA (Intermediate CA certificates) or ROOT (root certificates)
-	* added C version of ndis_events.cpp and made it possible to build this
-	  with MinGW so that CONFIG_NDIS_EVENTS_INTEGRATED can be used more
-	  easily on cross-compilation builds
-	* added wpasvc.exe into Windows binary release; this is an alternative
-	  version of wpa_supplicant.exe with configuration backend using
-	  Windows registry and with the entry point designed to run as a
-	  Windows service
-	* integrated ndis_events.exe functionality into wpa_supplicant.exe and
-	  wpasvc.exe and removed this additional tool from the Windows binary
-	  release since it is not needed anymore
-	* load winscard.dll functions dynamically when building with MinGW
-	  since MinGW does not yet include winscard library
-
-2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
-	* l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap
-	  and WinPcap to receive frames sent to PAE group address
-	* disable EAP state machine when IEEE 802.1X authentication is not used
-	  in order to get rid of bogus "EAP failed" messages
-	* fixed OpenSSL error reporting to go through all pending errors to
-	  avoid confusing reports of old errors being reported at later point
-	  during handshake
-	* fixed configuration file updating to not write empty variables
-	  (e.g., proto or key_mgmt) that the file parser would not accept
-	* fixed ADD_NETWORK ctrl_iface command to use the same default values
-	  for variables as empty network definitions read from config file
-	  would get
-	* fixed EAP state machine to not discard EAP-Failure messages in many
-	  cases (e.g., during TLS handshake)
-	* fixed a infinite loop in private key reading if the configured file
-	  cannot be parsed successfully
-	* driver_madwifi: added support for madwifi-ng
-	* wpa_gui: do not display password/PSK field contents
-	* wpa_gui: added CA certificate configuration
-	* driver_ndis: fixed scan request in ap_scan=2 mode not to change SSID
-	* driver_ndis: include Beacon IEs in AssocInfo in order to notice if
-	  the new AP is using different WPA/RSN IE
-	* use longer timeout for IEEE 802.11 association to avoid problems with
-	  drivers that may take more than five second to associate
-
-2005-10-27 - v0.4.6
-	* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in
-	  RSN IE, but WPA IE would match with wpa_supplicant configuration
-	* added support for named configuration blobs in order to avoid having
-	  to use file system for external files (e.g., certificates);
-	  variables can be set to "blob://<blob name>" instead of file path to
-	  use a named blob; supported fields: pac_file, client_cert,
-	  private_key
-	* fixed RSN pre-authentication (it was broken in the clean up of WPA
-	  state machine interface in v0.4.5)
-	* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
-	  sure the driver configures broadcast decryption correctly
-	* added ca_path (and ca_path2) configuration variables that can be used
-	  to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
-	  system-wide trusted CA list
-	* added support for starting wpa_supplicant without a configuration
-	  file (-C argument must be used to set ctrl_interface parameter for
-	  this case; in addition, -p argument can be used to provide
-	  driver_param; these new arguments can also be used with a
-	  configuration to override the values from the configuration)
-	* added global control interface that can be optionally used for adding
-	  and removing network interfaces dynamically (-g command line argument
-	  for both wpa_supplicant and wpa_cli) without having to restart
-	  wpa_supplicant process
-	* wpa_gui:
-	  - try to save configuration whenever something is modified
-	  - added WEP key configuration
-	  - added possibility to edit the current network configuration
-	* driver_ndis: fixed driver polling not to increase frequency on each
-	  received EAPOL frame due to incorrectly cancelled timeout
-	* added simple configuration file examples (in examples subdirectory)
-	* fixed driver_wext.c to filter wireless events based on ifindex to
-	  avoid interfaces receiving events from other interfaces
-	* delay sending initial EAPOL-Start couple of seconds to speed up
-	  authentication for the most common case of Authenticator starting
-	  EAP authentication immediately after association
-
-2005-09-25 - v0.4.5
-	* added a workaround for clearing keys with ndiswrapper to allow
-	  roaming from WPA enabled AP to plaintext one
-	* added docbook documentation (doc/docbook) that can be used to
-	  generate, e.g., man pages
-	* l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for
-	  PF_PACKET in order to prepare for network devices that do not use
-	  Ethernet headers (e.g., network stack that includes IEEE 802.11
-	  header in the frames)
-	* use receipt of EAPOL-Key frame as a lower layer success indication
-	  for EAP state machine to allow recovery from dropped EAP-Success
-	  frame
-	* cleaned up internal EAPOL frame processing by not including link
-	  layer (Ethernet) header during WPA and EAPOL/EAP processing; this
-	  header is added only when transmitted the frame; this makes it easier
-	  to use wpa_supplicant on link layers that use different header than
-	  Ethernet
-	* updated EAP-PSK to use draft 9 by default since this can now be
-	  tested with hostapd; removed support for draft 3, including
-	  server_nai configuration option from network blocks
-	* driver_wired: add PAE address to the multicast address list in order
-	  to be able to receive EAPOL frames with drivers that do not include
-	  these multicast addresses by default
-	* driver_wext: add support for WE-19
-	* added support for multiple configuration backends (CONFIG_BACKEND
-	  option); currently, only 'file' is supported (i.e., the format used
-	  in wpa_supplicant.conf)
-	* added support for updating configuration ('wpa_cli save_config');
-	  this is disabled by default and can be enabled with global
-	  update_config=1 variable in wpa_supplicant.conf; this allows wpa_cli
-	  and wpa_gui to store the configuration changes in a permanent store
-	* added GET_NETWORK ctrl_iface command
-	  (e.g., 'wpa_cli get_network 0 ssid')
-
-2005-08-21 - v0.4.4
-	* replaced OpenSSL patch for EAP-FAST support
-	  (openssl-tls-extensions.patch) with a more generic and correct
-	  patch (the new patch is not compatible with the previous one, so the
-	  OpenSSL library will need to be patched with the new patch in order
-	  to be able to build wpa_supplicant with EAP-FAST support)
-	* added support for using Windows certificate store (through CryptoAPI)
-	  for client certificate and private key operations (EAP-TLS)
-	  (see wpa_supplicant.conf for more information on how to configure
-	  this with private_key)
-	* ported wpa_gui to Windows
-	* added Qt4 version of wpa_gui (wpa_gui-qt4 directory); this can be
-	  built with the open source version of the Qt4 for Windows
-	* allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be used
-	  with drivers that do not support WPA
-	* ndis_events: fixed Windows 2000 support
-	* added support for enabling/disabling networks from the list of all
-	  configured networks ('wpa_cli enable_network <network id>' and
-	  'wpa_cli disable_network <network id>')
-	* added support for adding and removing network from the current
-	  configuration ('wpa_cli add_network' and 'wpa_cli remove_network
-	  <network id>'); added networks are disabled by default and they can
-	  be enabled with enable_network command once the configuration is done
-	  for the new network; note: configuration file is not yet updated, so
-	  these new networks are lost when wpa_supplicant is restarted
-	* added support for setting network configuration parameters through
-	  the control interface, for example:
-	  wpa_cli set_network 0 ssid "\"my network\""
-	* fixed parsing of strings that include both " and # within double
-	  quoted area (e.g., "start"#end")
-	* added EAP workaround for PEAP session resumption: allow outer,
-	  i.e., not tunneled, EAP-Success to terminate session since; this can
-	  be disabled with eap_workaround=0
-	  (this was allowed for PEAPv1 before, but now it is also allowed for
-	  PEAPv0 since at least one RADIUS authentication server seems to be
-	  doing this for PEAPv0, too)
-	* wpa_gui: added preliminary support for adding new networks to the
-	  wpa_supplicant configuration (double click on the scan results to
-	  open network configuration)
-
-2005-06-26 - v0.4.3
-	* removed interface for external EAPOL/EAP supplicant (e.g.,
-	  Xsupplicant), (CONFIG_XSUPPLICANT_IFACE) since it is not required
-	  anymore and is unlikely to be used by anyone
-	* driver_ndis: fixed WinPcap 3.0 support
-	* fixed build with CONFIG_DNET_PCAP=y on Linux
-	* l2_packet: moved different implementations into separate files
-	  (l2_packet_*.c)
-
-2005-06-12 - v0.4.2
-	* driver_ipw: updated driver structures to match with ipw2200-1.0.4
-	  (note: ipw2100-1.1.0 is likely to require an update to work with
-	  this)
-	* added support for using ap_scan=2 mode with multiple network blocks;
-	  wpa_supplicant will go through the networks one by one until the
-	  driver reports a successful association; this uses the same order for
-	  networks as scan_ssid=1 scans, i.e., the priority field is ignored
-	  and the network block order in the file is used instead
-	* fixed a potential issue in RSN pre-authentication ending up using
-	  freed memory if pre-authentication times out
-	* added support for matching alternative subject name extensions of the
-	  authentication server certificate; new configuration variables
-	  altsubject_match and altsubject_match2
-	* driver_ndis: added support for IEEE 802.1X authentication with wired
-	  NDIS drivers
-	* added support for querying private key password (EAP-TLS) through the
-	  control interface (wpa_cli/wpa_gui) if one is not included in the
-	  configuration file
-	* driver_broadcom: fixed couple of memory leaks in scan result
-	  processing
-	* EAP-PAX is now registered as EAP type 46
-	* fixed EAP-PAX MAC calculation
-	* fixed EAP-PAX CK and ICK key derivation
-	* added support for using password with EAP-PAX (as an alternative to
-	  entering key with eappsk); SHA-1 hash of the password will be used as
-	  the key in this case
-	* added support for arbitrary driver interface parameters through the
-	  configuration file with a new driver_param field; this adds a new
-	  driver_ops function set_param()
-	* added possibility to override l2_packet module with driver interface
-	  API (new send_eapol handler); this can be used to implement driver
-	  specific TX/RX functions for EAPOL frames
-	* fixed ctrl_interface_group processing for the case where gid is
-	  entered as a number, not group name
-	* driver_test: added support for testing hostapd with wpa_supplicant
-	  by using test driver interface without any kernel drivers or network
-	  cards
-
-2005-05-22 - v0.4.1
-	* driver_madwifi: fixed WPA/WPA2 mode configuration to allow EAPOL
-	  packets to be encrypted; this was apparently broken by the changed
-	  ioctl order in v0.4.0
-	* driver_madwifi: added preliminary support for compiling against 'BSD'
-	  branch of madwifi CVS tree
-	* added support for EAP-MSCHAPv2 password retries within the same EAP
-	  authentication session
-	* added support for password changes with EAP-MSCHAPv2 (used when the
-	  password has expired)
-	* added support for reading additional certificates from PKCS#12 files
-	  and adding them to the certificate chain
-	* fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
-	  were used
-	* fixed a possible double free in EAP-TTLS fast-reauthentication when
-	  identity or password is entered through control interface
-	* display EAP Notification messages to user through control interface
-	  with "CTRL-EVENT-EAP-NOTIFICATION" prefix
-	* added GUI version of wpa_cli, wpa_gui; this is not build
-	  automatically with 'make'; use 'make wpa_gui' to build (this requires
-	  Qt development tools)
-	* added 'disconnect' command to control interface for setting
-	  wpa_supplicant in state where it will not associate before
-	  'reassociate' command has been used
-	* added support for selecting a network from the list of all configured
-	  networks ('wpa_cli select_network <network id>'; this disabled all
-	  other networks; to re-enable, 'wpa_cli select_network any')
-	* added support for getting scan results through control interface
-	* added EAP workaround for PEAPv1 session resumption: allow outer,
-	  i.e., not tunneled, EAP-Success to terminate session since; this can
-	  be disabled with eap_workaround=0
-
-2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
-	* added a new build time option, CONFIG_NO_STDOUT_DEBUG, that can be
-	  used to reduce the size of the wpa_supplicant considerably if
-	  debugging code is not needed
-	* fixed EAPOL-Key validation to drop packets with invalid Key Data
-	  Length; such frames could have crashed wpa_supplicant due to buffer
-	  overflow
-	* added support for wired authentication (IEEE 802.1X on wired
-	  Ethernet); driver interface 'wired'
-	* obsoleted set_wpa() handler in the driver interface API (it can be
-	  replaced by moving enable/disable functionality into init()/deinit())
-	  (calls to set_wpa() are still present for backwards compatibility,
-	  but they may be removed in the future)
-	* driver_madwifi: fixed association in plaintext mode
-	* modified the EAP workaround that accepts EAP-Success with incorrect
-	  Identifier to be even less strict about verification in order to
-	  interoperate with some authentication servers
-	* added support for sending TLS alerts
-	* added support for 'any' SSID wildcard; if ssid is not configured or
-	  is set to an empty string, any SSID will be accepted for non-WPA AP
-	* added support for asking PIN (for SIM) from frontends (e.g.,
-	  wpa_cli); if a PIN is needed, but not included in the configuration
-	  file, a control interface request is sent and EAP processing is
-	  delayed until the PIN is available
-	* added support for using external devices (e.g., a smartcard) for
-	  private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
-	  new wpa_supplicant.conf variables:
-	  - global: opensc_engine_path, pkcs11_engine_path, pkcs11_module_path
-	  - network: engine, engine_id, key_id
-	* added experimental support for EAP-PAX
-	* added monitor mode for wpa_cli (-a<path to a program to run>) that
-	  allows external commands (e.g., shell scripts) to be run based on
-	  wpa_supplicant events, e.g., when authentication has been completed
-	  and data connection is ready; other related wpa_cli arguments:
-	  -B (run in background), -P (write PID file); wpa_supplicant has a new
-	  command line argument (-W) that can be used to make it wait until a
-	  control interface command is received in order to avoid missing
-	  events
-	* added support for opportunistic WPA2 PMKSA key caching (disabled by
-	  default, can be enabled with proactive_key_caching=1)
-	* fixed RSN IE in 4-Way Handshake message 2/4 for the case where
-	  Authenticator rejects PMKSA caching attempt and the driver is not
-	  using assoc_info events
-	* added -P<pid file> argument for wpa_supplicant to write the current
-	  process id into a file
-
-2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
-	* added new phase1 option parameter, include_tls_length=1, to force
-	  wpa_supplicant to add TLS Message Length field to all TLS messages
-	  even if the packet is not fragmented; this may be needed with some
-	  authentication servers
-	* fixed WPA/RSN IE verification in message 3 of 4-Way Handshake when
-	  using drivers that take care of AP selection (e.g., when using
-	  ap_scan=2)
-	* fixed reprocessing of pending request after ctrl_iface requests for
-	  identity/password/otp
-	* fixed ctrl_iface requests for identity/password/otp in Phase 2 of
-	  EAP-PEAP and EAP-TTLS
-	* all drivers using driver_wext: set interface up and select Managed
-	  mode when starting wpa_supplicant; set interface down when exiting
-	* renamed driver_ipw2100.c to driver_ipw.c since it now supports both
-	  ipw2100 and ipw2200; please note that this also changed the
-	  configuration variable in .config to CONFIG_DRIVER_IPW
-
-2005-01-24 - v0.3.6
-	* fixed a busy loop introduced in v0.3.5 for scan result processing
-	  when no matching AP is found
-
-2005-01-23 - v0.3.5
-	* added a workaround for an interoperability issue with a Cisco AP
-	  when using WPA2-PSK
-	* fixed non-WPA IEEE 802.1X to use the same authentication timeout as
-	  WPA with IEEE 802.1X (i.e., timeout 10 -> 70 sec to allow
-	  retransmission of dropped frames)
-	* fixed issues with 64-bit CPUs and SHA1 cleanup in previous version
-	  (e.g., segfault when processing EAPOL-Key frames)
-	* fixed EAP workaround and fast reauthentication configuration for
-	  RSN pre-authentication; previously these were disabled and
-	  pre-authentication would fail if the used authentication server
-	  requires EAP workarounds
-	* added support for blacklisting APs that fail or timeout
-	  authentication in ap_scan=1 mode so that all APs are tried in cases
-	  where the ones with strongest signal level are failing authentication
-	* fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
-	  authentication attempt
-	* allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
-	  in the previous authentication (previously, only Phase 1 success was
-	  verified)
-
-2005-01-09 - v0.3.4
-	* added preliminary support for IBSS (ad-hoc) mode configuration
-	  (mode=1 in network block); this included a new key_mgmt mode
-	  WPA-NONE, i.e., TKIP or CCMP with a fixed key (based on psk) and no
-	  key management; see wpa_supplicant.conf for more details and an
-	  example on how to configure this (note: this is currently implemented
-	  only for driver_hostapd.c, but the changes should be trivial to add
-	  in associate() handler for other drivers, too (assuming the driver
-	  supports WPA-None)
-	* added preliminary port for native Windows (i.e., no cygwin) using
-	  mingw
-
-2005-01-02 - v0.3.3
-	* added optional support for GNU Readline and History Libraries for
-	  wpa_cli (CONFIG_READLINE)
-	* cleaned up EAP state machine <-> method interface and number of
-	  small problems with error case processing not terminating on
-	  EAP-Failure but waiting for timeout
-	* added couple of workarounds for interoperability issues with a
-	  Cisco AP when using WPA2
-	* added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
-	  Note: This requires a patch for openssl to add support for TLS
-	  extensions and number of workarounds for operations without
-	  certificates. Proof of concept type of experimental patch is
-	  included in openssl-tls-extensions.patch.
-
-2004-12-19 - v0.3.2
-	* fixed private key loading for cases where passphrase is not set
-	* fixed Windows/cygwin L2 packet handler freeing; previous version
-	  could cause a segfault when RSN pre-authentication was completed
-	* added support for PMKSA caching with drivers that generate RSN IEs
-	  (e.g., NDIS); currently, this is only implemented in driver_ndis.c,
-	  but similar code can be easily added to driver_ndiswrapper.c once
-	  ndiswrapper gets full support for RSN PMKSA caching
-	* improved recovery from PMKID mismatches by requesting full EAP
-	  authentication in case of failed PMKSA caching attempt
-	* driver_ndis: added support for NDIS NdisMIncidateStatus() events
-	  (this requires that ndis_events is ran while wpa_supplicant is
-	  running)
-	* driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
-	* added support for driver interfaces to replace the interface name
-	  based on driver/OS specific mapping, e.g., in case of driver_ndis,
-	  this allows the beginning of the adapter description to be used as
-	  the interface name
-	* added support for CR+LF (Windows-style) line ends in configuration
-	  file
-	* driver_ndis: enable radio before starting scanning, disable radio
-	  when exiting
-	* modified association event handler to set portEnabled = FALSE before
-	  clearing port Valid in order to reset EAP state machine and avoid
-	  problems with new authentication getting ignored because of state
-	  machines ending up in AUTHENTICATED/SUCCESS state based on old
-	  information
-	* added support for driver events to add PMKID candidates in order to
-	  allow drivers to give priority to most likely roaming candidates
-	* driver_hostap: moved PrivacyInvoked configuration to associate()
-	  function so that this will not be set for plaintext connections
-	* added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that driver
-	  interface can distinguish plaintext and IEEE 802.1X (no WPA)
-	  authentication
-	* fixed static WEP key configuration to use broadcast/default type for
-	  all keys (previously, the default TX key was configured as pairwise/
-	  unicast key)
-	* driver_ndis: added legacy WPA capability detection for non-WPA2
-	  drivers
-	* added support for setting static WEP keys for IEEE 802.1X without
-	  dynamic WEP keying (eapol_flags=0)
-
-2004-12-12 - v0.3.1
-	* added support for reading PKCS#12 (PFX) files (as a replacement for
-	  PEM/DER) to get certificate and private key (CONFIG_PKCS12)
-	* fixed compilation with CONFIG_PCSC=y
-	* added new ap_scan mode, ap_scan=2, for drivers that take care of
-	  association, but need to be configured with security policy and SSID,
-	  e.g., ndiswrapper and NDIS driver; this mode should allow such
-	  drivers to work with hidden SSIDs and optimized roaming; when
-	  ap_scan=2 is used, only the first network block in the configuration
-	  file is used and this configuration should have explicit security
-	  policy (i.e., only one option in the lists) for key_mgmt, pairwise,
-	  group, proto variables
-	* added experimental port of wpa_supplicant for Windows
-	  - driver_ndis.c driver interface (NDIS OIDs)
-	  - currently, this requires cygwin and WinPcap
-	  - small utility, win_if_list, can be used to get interface name
-	* control interface can now be removed at build time; add
-	  CONFIG_CTRL_IFACE=y to .config to maintain old functionality
-	* optional Xsupplicant interface can now be removed at build time;
-	  (CONFIG_XSUPPLICANT_IFACE=y in .config to bring it back)
-	* added auth_alg to driver interface associate() parameters to make it
-	  easier for drivers to configure authentication algorithm as part of
-	  the association
-
-2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
-	* driver_broadcom: added new driver interface for Broadcom wl.o driver
-	  (a generic driver for Broadcom IEEE 802.11a/g cards)
-	* wpa_cli: fixed parsing of -p <path> command line argument
-	* PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
-	  ACK, not tunneled EAP-Success (of which only the first byte was
-	  actually send due to a bug in previous code); this seems to
-	  interoperate with most RADIUS servers that implements PEAPv1
-	* PEAPv1: added support for terminating PEAP authentication on tunneled
-	  EAP-Success message; this can be configured by adding
-	  peap_outer_success=0 on phase1 parameters in wpa_supplicant.conf
-	  (some RADIUS servers require this whereas others require a tunneled
-	  reply
-	* PEAPv1: changed phase1 option peaplabel to use default to 0, i.e., to
-	  the old label for key derivation; previously, the default was 1,
-	  but it looks like most existing PEAPv1 implementations use the old
-	  label which is thus more suitable default option
-	* added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
-	* fixed parsing of wep_tx_keyidx
-	* added support for configuring list of allowed Phase 2 EAP types
-	  (for both EAP-PEAP and EAP-TTLS) instead of only one type
-	* added support for configuring IEEE 802.11 authentication algorithm
-	  (auth_alg; mainly for using Shared Key authentication with static
-	  WEP keys)
-	* added support for EAP-AKA (with UMTS SIM)
-	* fixed couple of errors in PCSC handling that could have caused
-	  random-looking errors for EAP-SIM
-	* added support for EAP-SIM pseudonyms and fast re-authentication
-	* added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
-	  session resumption)
-	* added support for EAP-SIM with two challenges
-	  (phase1="sim_min_num_chal=3" can be used to require three challenges)
-	* added support for configuring DH/DSA parameters for an ephemeral DH
-	  key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters
-	  dh_file and dh_file2 (phase 2); this adds support for using DSA keys
-	  and optional DH key exchange to achieve forward secracy with RSA keys
-	* added support for matching subject of the authentication server
-	  certificate with a substring when using EAP-TLS/PEAP/TTLS; new
-	  configuration variables subject_match and subject_match2
-	* changed SSID configuration in driver_wext.c (used by many driver
-	  interfaces) to use ssid_len+1 as the length for SSID since some Linux
-	  drivers expect this
-	* fixed couple of unaligned reads in scan result parsing to fix WPA
-	  connection on some platforms (e.g., ARM)
-	* added driver interface for Intel ipw2100 driver
-	* added support for LEAP with WPA
-	* added support for larger scan results report (old limit was 4 kB of
-	  data, i.e., about 35 or so APs) when using Linux wireless extensions
-	  v17 or newer
-	* fixed a bug in PMKSA cache processing: skip sending of EAPOL-Start
-	  only if there is a PMKSA cache entry for the current AP
-	* fixed error handling for case where reading of scan results fails:
-	  must schedule a new scan or wpa_supplicant will remain waiting
-	  forever
-	* changed debug output to remove shared password/key material by
-	  default; all key information can be included with -K command line
-	  argument to match the previous behavior
-	* added support for timestamping debug log messages (disabled by
-	  default, can be enabled with -t command line argument)
-	* set pairwise/group cipher suite for non-WPA IEEE 802.1X to WEP-104
-	  if keys are not configured to be used; this fixes IEEE 802.1X mode
-	  with drivers that use this information to configure whether Privacy
-	  bit can be in Beacon frames (e.g., ndiswrapper)
-	* avoid clearing driver keys if no keys have been configured since last
-	  key clear request; this seems to improve reliability of group key
-	  handshake for ndiswrapper & NDIS driver which seems to be suffering
-	  of some kind of timing issue when the keys are cleared again after
-	  association
-	* changed driver interface API:
-	  - WPA_SUPPLICANT_DRIVER_VERSION define can be used to determine which
-	    version is being used (now, this is set to 2; previously, it was
-	    not defined)
-	  - pass pointer to private data structure to all calls
-	  - the new API is not backwards compatible; all in-tree driver
-	    interfaces has been converted to the new API
-	* added support for controlling multiple interfaces (radios) per
-	  wpa_supplicant process; each interface needs to be listed on the
-	  command line (-c, -i, -D arguments) with -N as a separator
-	  (-cwpa1.conf -iwlan0 -Dhostap -N -cwpa2.conf -iath0 -Dmadwifi)
-	* added a workaround for EAP servers that incorrectly use same Id for
-	  sequential EAP packets
-	* changed libpcap/libdnet configuration to use .config variable,
-	  CONFIG_DNET_PCAP, instead of requiring Makefile modification
-	* improved downgrade attack detection in IE verification of msg 3/4:
-	  verify both WPA and RSN IEs, if present, not only the selected one;
-	  reject the AP if an RSN IE is found in msg 3/4, but not in Beacon or
-	  Probe Response frame, and RSN is enabled in wpa_supplicant
-	  configuration
-	* fixed WPA msg 3/4 processing to allow Key Data field contain other
-	  IEs than just one WPA IE
-	* added support for FreeBSD and driver interface for the BSD net80211
-	  layer (CONFIG_DRIVER_BSD=y in .config); please note that some of the
-	  required kernel mods have not yet been committed
-	* made EAP workarounds configurable; enabled by default, can be
-	  disabled with network block option eap_workaround=0
-
-2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
-	* resolved couple of interoperability issues with EAP-PEAPv1 and
-	  Phase 2 (inner EAP) fragment reassembly
-	* driver_madwifi: fixed WEP key configuration for IEEE 802.1X when the
-	  AP is using non-zero key index for the unicast key and key index zero
-	  for the broadcast key
-	* driver_hostap: fixed IEEE 802.1X WEP key updates and
-	  re-authentication by allowing unencrypted EAPOL frames when not using
-	  WPA
-	* added a new driver interface, 'wext', which uses only standard,
-	  driver independent functionality in Linux wireless extensions;
-	  currently, this can be used only for non-WPA IEEE 802.1X mode, but
-	  eventually, this is to be extended to support full WPA/WPA2 once
-	  Linux wireless extensions get support for this
-	* added support for mode in which the driver is responsible for AP
-	  scanning and selection; this is disabled by default and can be
-	  enabled with global ap_scan=0 variable in wpa_supplicant.conf;
-	  this mode can be used, e.g., with generic 'wext' driver interface to
-	  use wpa_supplicant as IEEE 802.1X Supplicant with any Linux driver
-	  supporting wireless extensions.
-	* driver_madwifi: fixed WPA2 configuration and scan_ssid=1 (e.g.,
-	  operation with an AP that does not include SSID in the Beacon frames)
-	* added support for new EAP authentication methods:
-	  EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
-	* added support for asking one-time-passwords from frontends (e.g.,
-	  wpa_cli); this 'otp' command works otherwise like 'password' command,
-	  but the password is used only once and the frontend will be asked for
-	  a new password whenever a request from authenticator requires a
-	  password; this can be used with both EAP-OTP and EAP-GTC
-	* changed wpa_cli to automatically re-establish connection so that it
-	  does not need to be re-started when wpa_supplicant is terminated and
-	  started again
-	* improved user data (identity/password/otp) requests through
-	  frontends: process pending EAPOL packets after getting new
-	  information so that full authentication does not need to be
-	  restarted; in addition, send pending requests again whenever a new
-	  frontend is attached
-	* changed control frontends to use a new directory for socket files to
-	  make it easier for wpa_cli to automatically select between interfaces
-	  and to provide access control for the control interface;
-	  wpa_supplicant.conf: ctrl_interface is now a path
-	  (/var/run/wpa_supplicant is the recommended path) and
-	  ctrl_interface_group can be used to select which group gets access to
-	  the control interface;
-	  wpa_cli: by default, try to connect to the first interface available
-	  in /var/run/wpa_supplicant; this path can be overridden with -p option
-	  and an interface can be selected with -i option (i.e., in most common
-	  cases, wpa_cli does not need to get any arguments)
-	* added support for LEAP
-	* added driver interface for Linux ndiswrapper
-	* added priority option for network blocks in the configuration file;
-	  this allows networks to be grouped based on priority (the scan
-	  results are searched for matches with network blocks in this order)
-
-2004-06-20 - v0.2.3
-	* sort scan results to improve AP selection
-	* fixed control interface socket removal for some error cases
-	* improved scan requesting and authentication timeout
-	* small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
-	  TLS processing
-	* PEAP version can now be forced with phase1="peapver=<ver>"
-	  (mostly for testing; by default, the highest version supported by
-	  both the Supplicant and Authentication Server is selected
-	  automatically)
-	* added support for madwifi driver (Atheros ar521x)
-	* added a workaround for cases where AP sets Install Tx/Rx bit for
-	  WPA Group Key messages when pairwise keys are used (without this,
-	  the Group Key would be used for Tx and the AP would drop frames
-	  from the station)
-	* added GSM SIM/USIM interface for GSM authentication algorithm for
-	  EAP-SIM; this requires pcsc-lite
-	* added support for ATMEL AT76C5XXx driver
-	* fixed IEEE 802.1X WEP key derivation in the case where Authenticator
-	  does not include key data in the EAPOL-Key frame (i.e., part of
-	  EAP keying material is used as data encryption key)
-	* added support for using plaintext and static WEP networks
-	  (key_mgmt=NONE)
-
-2004-05-31 - v0.2.2
-	* added support for new EAP authentication methods:
-	  EAP-TTLS/EAP-MD5-Challenge
-	  EAP-TTLS/EAP-GTC
-	  EAP-TTLS/EAP-MSCHAPv2
-	  EAP-TTLS/EAP-TLS
-	  EAP-TTLS/MSCHAPv2
-	  EAP-TTLS/MSCHAP
-	  EAP-TTLS/PAP
-	  EAP-TTLS/CHAP
-	  EAP-PEAP/TLS
-	  EAP-PEAP/GTC
-	  EAP-PEAP/MD5-Challenge
-	  EAP-GTC
-	  EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
-	* added support for anonymous identity (to be used when identity is
-	  sent in plaintext; real identity will be used within TLS protected
-	  tunnel (e.g., with EAP-TTLS)
-	* added event messages from wpa_supplicant to frontends, e.g., wpa_cli
-	* added support for requesting identity and password information using
-	  control interface; in other words, the password for EAP-PEAP or
-	  EAP-TTLS does not need to be included in the configuration file since
-	  a frontand (e.g., wpa_cli) can ask it from the user
-	* improved RSN pre-authentication to use a candidate list and process
-	  all candidates from each scan; not only one per scan
-	* fixed RSN IE and WPA IE capabilities field parsing
-	* ignore Tx bit in GTK IE when Pairwise keys are used
-	* avoid making new scan requests during IEEE 802.1X negotiation
-	* use openssl/libcrypto for MD5 and SHA-1 when compiling wpa_supplicant
-	  with TLS support (this replaces the included implementation with
-	  library code to save about 8 kB since the library code is needed
-	  anyway for TLS)
-	* fixed WPA-PSK only mode when compiled without IEEE 802.1X support
-	  (i.e., without CONFIG_IEEE8021X_EAPOL=y in .config)
-
-2004-05-06 - v0.2.1
-	* added support for internal IEEE 802.1X (actually, IEEE 802.1aa/D6.1)
-	  Supplicant
-	  - EAPOL state machines for Supplicant [IEEE 802.1aa/D6.1]
-	  - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
-	  - EAP-MD5 (cannot be used with WPA-RADIUS)
-	    [draft-ietf-eap-rfc2284bis-09.txt]
-	  - EAP-TLS [RFC 2716]
-	  - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
-	  - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
-	    [draft-kamath-pppext-eap-mschapv2-00.txt]
-	    (PEAP version 0, 1, and parts of 2; only 0 and 1 are enabled by
-	    default; tested with FreeRADIUS, Microsoft IAS, and Funk Odyssey)
-	  - new configuration file options: eap, identity, password, ca_cert,
-	    client_cert, privatekey, private_key_passwd
-	  - Xsupplicant is not required anymore, but it can be used by
-	    disabling the internal IEEE 802.1X Supplicant with -e command line
-	    option
-	  - this code is not included in the default build; Makefile need to
-	    be edited for this (uncomment lines for selected functionality)
-	  - EAP-TLS and EAP-PEAP require openssl libraries
-	* use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
-	* added support for non-WPA IEEE 802.1X mode with dynamic WEP keys
-	  (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
-	   EAPOL-Key frames instead of WPA key handshakes)
-	* added support for IEEE 802.11i/RSN (WPA2)
-	  - improved PTK Key Handshake
-	  - PMKSA caching, pre-authentication
-	* fixed wpa_supplicant to ignore possible extra data after WPA
-	  EAPOL-Key packets (this fixes 'Invalid EAPOL-Key MIC when using
-	  TPTK' error from message 3 of 4-Way Handshake in case the AP
-	  includes extra data after the EAPOL-Key)
-	* added interface for external programs (frontends) to control
-	  wpa_supplicant
-	  - CLI example (wpa_cli) with interactive mode and command line
-	    mode
-	  - replaced SIGUSR1 status/statistics with the new control interface
-	* made some feature compile time configurable
-	  - .config file for make
-	  - driver interfaces (hostap, hermes, ..)
-	  - EAPOL/EAP functions
-
-2004-02-15 - v0.2.0
-	* Initial version of wpa_supplicant
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
deleted file mode 100644
index cb66defac7c8..000000000000
--- a/wpa_supplicant/Makefile
+++ /dev/null
@@ -1,2074 +0,0 @@
-BINALL=wpa_supplicant wpa_cli
-
-ifndef CONFIG_NO_WPA_PASSPHRASE
-BINALL += wpa_passphrase
-endif
-
-ALL = $(BINALL)
-ALL += systemd/wpa_supplicant.service
-ALL += systemd/wpa_supplicant@.service
-ALL += systemd/wpa_supplicant-nl80211@.service
-ALL += systemd/wpa_supplicant-wired@.service
-ALL += dbus/fi.w1.wpa_supplicant1.service
-ifdef CONFIG_BUILD_WPA_CLIENT_SO
-ALL += libwpa_client.so
-endif
-
-EXTRA_TARGETS=dynamic_eap_methods
-
-CONFIG_FILE=.config
-include ../src/build.rules
-
-ifdef LIBS
-# If LIBS is set with some global build system defaults, clone those for
-# LIBS_c and LIBS_p to cover wpa_passphrase and wpa_cli as well.
-ifndef LIBS_c
-LIBS_c := $(LIBS)
-endif
-ifndef LIBS_p
-LIBS_p := $(LIBS)
-endif
-endif
-
-export LIBDIR ?= /usr/local/lib
-export INCDIR ?= /usr/local/include
-export BINDIR ?= /usr/local/sbin
-PKG_CONFIG ?= pkg-config
-
-CFLAGS += $(EXTRA_CFLAGS)
-CFLAGS += -I$(abspath ../src)
-CFLAGS += -I$(abspath ../src/utils)
-
-ifndef CONFIG_NO_GITVER
-# Add VERSION_STR postfix for builds from a git repository
-ifeq ($(wildcard ../.git),../.git)
-GITVER := $(shell git describe --dirty=+)
-ifneq ($(GITVER),)
-CFLAGS += -DGIT_VERSION_STR_POSTFIX=\"-$(GITVER)\"
-endif
-endif
-endif
-
-ifdef CONFIG_TESTING_OPTIONS
-CFLAGS += -DCONFIG_TESTING_OPTIONS
-CONFIG_WPS_TESTING=y
-CONFIG_TDLS_TESTING=y
-endif
-
-mkconfig:
-	@if [ -f .config ]; then \
-		echo '.config exists - did not replace it'; \
-		exit 1; \
-	fi
-	echo CONFIG_DRIVER_HOSTAP=y >> .config
-	echo CONFIG_DRIVER_WEXT=y >> .config
-
-$(DESTDIR)$(BINDIR)/%: %
-	install -D $(<) $(@)
-
-install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
-	$(MAKE) -C ../src install
-ifdef CONFIG_BUILD_WPA_CLIENT_SO
-	install -m 0644 -D libwpa_client.so $(DESTDIR)/$(LIBDIR)/libwpa_client.so
-	install -m 0644 -D ../src/common/wpa_ctrl.h $(DESTDIR)/$(INCDIR)/wpa_ctrl.h
-endif
-	if ls eap_*.so >/dev/null 2>&1; then \
-		install -d $(DESTDIR)$(LIBDIR)/wpa_supplicant && \
-		cp *.so $(DESTDIR)$(LIBDIR)/wpa_supplicant \
-	; fi
-
-ifdef CONFIG_FIPS
-CONFIG_NO_RANDOM_POOL=
-CONFIG_OPENSSL_CMAC=y
-endif
-
-OBJS = config.o
-OBJS += notify.o
-OBJS += bss.o
-OBJS += eap_register.o
-OBJS += ../src/utils/common.o
-OBJS += ../src/utils/config.o
-OBJS += ../src/utils/wpa_debug.o
-OBJS += ../src/utils/wpabuf.o
-OBJS += ../src/utils/bitfield.o
-OBJS += ../src/utils/ip_addr.o
-OBJS += ../src/utils/crc32.o
-OBJS += op_classes.o
-OBJS += rrm.o
-OBJS += twt.o
-OBJS += robust_av.o
-OBJS_p = wpa_passphrase.o
-OBJS_p += ../src/utils/common.o
-OBJS_p += ../src/utils/wpa_debug.o
-OBJS_p += ../src/utils/wpabuf.o
-OBJS_c = wpa_cli.o ../src/common/wpa_ctrl.o
-OBJS_c += ../src/utils/wpa_debug.o
-OBJS_c += ../src/utils/common.o
-OBJS_c += ../src/common/cli.o
-OBJS += wmm_ac.o
-
-ifndef CONFIG_OS
-ifdef CONFIG_NATIVE_WINDOWS
-CONFIG_OS=win32
-else
-CONFIG_OS=unix
-endif
-endif
-
-ifeq ($(CONFIG_OS), internal)
-CFLAGS += -DOS_NO_C_LIB_DEFINES
-endif
-
-OBJS += ../src/utils/os_$(CONFIG_OS).o
-OBJS_p += ../src/utils/os_$(CONFIG_OS).o
-OBJS_c += ../src/utils/os_$(CONFIG_OS).o
-
-ifdef CONFIG_WPA_TRACE
-CFLAGS += -DWPA_TRACE
-OBJS += ../src/utils/trace.o
-OBJS_p += ../src/utils/trace.o
-OBJS_c += ../src/utils/trace.o
-OBJS_priv += ../src/utils/trace.o
-LIBCTRL += ../src/utils/trace.o
-LIBCTRLSO += ../src/utils/trace.c
-LDFLAGS += -rdynamic
-CFLAGS += -funwind-tables
-ifdef CONFIG_WPA_TRACE_BFD
-CFLAGS += -DPACKAGE="wpa_supplicant" -DWPA_TRACE_BFD
-LIBS += -lbfd -ldl -liberty -lz
-LIBS_p += -lbfd -ldl -liberty -lz
-LIBS_c += -lbfd -ldl -liberty -lz
-endif
-endif
-
-ifndef CONFIG_ELOOP
-CONFIG_ELOOP=eloop
-endif
-OBJS += ../src/utils/$(CONFIG_ELOOP).o
-OBJS_c += ../src/utils/$(CONFIG_ELOOP).o
-
-ifndef CONFIG_OSX
-ifeq ($(CONFIG_ELOOP), eloop)
-# Using glibc < 2.17 requires -lrt for clock_gettime()
-# OS X has an alternate implementation
-LIBS += -lrt
-LIBS_c += -lrt
-LIBS_p += -lrt
-endif
-endif
-
-ifdef CONFIG_ELOOP_POLL
-CFLAGS += -DCONFIG_ELOOP_POLL
-endif
-
-ifdef CONFIG_ELOOP_EPOLL
-CFLAGS += -DCONFIG_ELOOP_EPOLL
-endif
-
-ifdef CONFIG_ELOOP_KQUEUE
-CFLAGS += -DCONFIG_ELOOP_KQUEUE
-endif
-
-ifdef CONFIG_EAPOL_TEST
-CFLAGS += -Werror -DEAPOL_TEST
-endif
-
-ifdef CONFIG_CODE_COVERAGE
-CFLAGS += -O0 -fprofile-arcs -ftest-coverage
-LIBS += -lgcov
-LIBS_c += -lgcov
-LIBS_p += -lgcov
-endif
-
-ifdef CONFIG_HT_OVERRIDES
-CFLAGS += -DCONFIG_HT_OVERRIDES
-endif
-
-ifdef CONFIG_VHT_OVERRIDES
-CFLAGS += -DCONFIG_VHT_OVERRIDES
-endif
-
-ifdef CONFIG_HE_OVERRIDES
-CFLAGS += -DCONFIG_HE_OVERRIDES
-endif
-
-ifndef CONFIG_BACKEND
-CONFIG_BACKEND=file
-endif
-
-ifeq ($(CONFIG_BACKEND), file)
-OBJS += config_file.o
-ifndef CONFIG_NO_CONFIG_BLOBS
-NEED_BASE64=y
-endif
-CFLAGS += -DCONFIG_BACKEND_FILE
-endif
-
-ifeq ($(CONFIG_BACKEND), winreg)
-OBJS += config_winreg.o
-endif
-
-ifeq ($(CONFIG_BACKEND), none)
-OBJS += config_none.o
-endif
-
-ifdef CONFIG_NO_CONFIG_WRITE
-CFLAGS += -DCONFIG_NO_CONFIG_WRITE
-endif
-
-ifdef CONFIG_NO_CONFIG_BLOBS
-CFLAGS += -DCONFIG_NO_CONFIG_BLOBS
-endif
-
-ifdef CONFIG_NO_SCAN_PROCESSING
-CFLAGS += -DCONFIG_NO_SCAN_PROCESSING
-endif
-
-ifdef CONFIG_SUITEB
-CFLAGS += -DCONFIG_SUITEB
-endif
-
-ifdef CONFIG_SUITEB192
-CFLAGS += -DCONFIG_SUITEB192
-NEED_SHA384=y
-endif
-
-ifdef CONFIG_OCV
-CFLAGS += -DCONFIG_OCV
-OBJS += ../src/common/ocv.o
-endif
-
-ifdef CONFIG_IEEE80211R
-CFLAGS += -DCONFIG_IEEE80211R
-OBJS += ../src/rsn_supp/wpa_ft.o
-endif
-
-ifdef CONFIG_MESH
-NEED_80211_COMMON=y
-NEED_AES_SIV=y
-CONFIG_SAE=y
-CONFIG_AP=y
-CFLAGS += -DCONFIG_MESH
-OBJS += mesh.o
-OBJS += mesh_mpm.o
-OBJS += mesh_rsn.o
-endif
-
-ifdef CONFIG_SAE
-CFLAGS += -DCONFIG_SAE
-OBJS += ../src/common/sae.o
-ifdef CONFIG_SAE_PK
-CFLAGS += -DCONFIG_SAE_PK
-OBJS += ../src/common/sae_pk.o
-endif
-NEED_ECC=y
-NEED_DH_GROUPS=y
-NEED_HMAC_SHA256_KDF=y
-NEED_DRAGONFLY=y
-ifdef CONFIG_TESTING_OPTIONS
-NEED_DH_GROUPS_ALL=y
-endif
-endif
-
-ifdef CONFIG_DPP
-CFLAGS += -DCONFIG_DPP
-OBJS += ../src/common/dpp.o
-OBJS += ../src/common/dpp_auth.o
-OBJS += ../src/common/dpp_backup.o
-OBJS += ../src/common/dpp_crypto.o
-OBJS += ../src/common/dpp_pkex.o
-OBJS += ../src/common/dpp_reconfig.o
-OBJS += ../src/common/dpp_tcp.o
-OBJS += dpp_supplicant.o
-NEED_AES_SIV=y
-NEED_HMAC_SHA256_KDF=y
-NEED_HMAC_SHA384_KDF=y
-NEED_HMAC_SHA512_KDF=y
-NEED_SHA384=y
-NEED_SHA512=y
-NEED_ECC=y
-NEED_JSON=y
-NEED_GAS_SERVER=y
-NEED_BASE64=y
-NEED_ASN1=y
-ifdef CONFIG_DPP2
-CFLAGS += -DCONFIG_DPP2
-endif
-ifdef CONFIG_DPP3
-CFLAGS += -DCONFIG_DPP3
-endif
-endif
-
-ifdef CONFIG_OWE
-CFLAGS += -DCONFIG_OWE
-NEED_ECC=y
-NEED_HMAC_SHA256_KDF=y
-NEED_HMAC_SHA384_KDF=y
-NEED_HMAC_SHA512_KDF=y
-NEED_SHA384=y
-NEED_SHA512=y
-endif
-
-ifdef CONFIG_FILS
-CFLAGS += -DCONFIG_FILS
-NEED_SHA384=y
-NEED_AES_SIV=y
-ifdef CONFIG_FILS_SK_PFS
-CFLAGS += -DCONFIG_FILS_SK_PFS
-NEED_ECC=y
-endif
-endif
-
-ifdef CONFIG_MBO
-CONFIG_WNM=y
-endif
-
-ifdef CONFIG_WNM
-CFLAGS += -DCONFIG_WNM
-OBJS += wnm_sta.o
-endif
-
-ifdef CONFIG_TDLS
-CFLAGS += -DCONFIG_TDLS
-OBJS += ../src/rsn_supp/tdls.o
-endif
-
-ifdef CONFIG_TDLS_TESTING
-CFLAGS += -DCONFIG_TDLS_TESTING
-endif
-
-ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-CFLAGS += -DCONFIG_PMKSA_CACHE_EXTERNAL
-endif
-
-ifndef CONFIG_NO_WPA
-OBJS += ../src/rsn_supp/wpa.o
-OBJS += ../src/rsn_supp/preauth.o
-OBJS += ../src/rsn_supp/pmksa_cache.o
-OBJS += ../src/rsn_supp/wpa_ie.o
-OBJS += ../src/common/wpa_common.o
-NEED_AES=y
-NEED_SHA1=y
-NEED_MD5=y
-NEED_RC4=y
-else
-CFLAGS += -DCONFIG_NO_WPA
-ifeq ($(CONFIG_TLS), internal)
-NEED_SHA1=y
-NEED_MD5=y
-endif
-endif
-
-ifdef CONFIG_IBSS_RSN
-NEED_RSN_AUTHENTICATOR=y
-CFLAGS += -DCONFIG_IBSS_RSN
-CFLAGS += -DCONFIG_NO_VLAN
-OBJS += ibss_rsn.o
-endif
-
-ifdef CONFIG_MATCH_IFACE
-CFLAGS += -DCONFIG_MATCH_IFACE
-endif
-
-ifdef CONFIG_P2P
-OBJS += p2p_supplicant.o
-OBJS += p2p_supplicant_sd.o
-OBJS += ../src/p2p/p2p.o
-OBJS += ../src/p2p/p2p_utils.o
-OBJS += ../src/p2p/p2p_parse.o
-OBJS += ../src/p2p/p2p_build.o
-OBJS += ../src/p2p/p2p_go_neg.o
-OBJS += ../src/p2p/p2p_sd.o
-OBJS += ../src/p2p/p2p_pd.o
-OBJS += ../src/p2p/p2p_invitation.o
-OBJS += ../src/p2p/p2p_dev_disc.o
-OBJS += ../src/p2p/p2p_group.o
-OBJS += ../src/ap/p2p_hostapd.o
-CFLAGS += -DCONFIG_P2P
-NEED_GAS=y
-NEED_OFFCHANNEL=y
-CONFIG_WPS=y
-CONFIG_AP=y
-ifdef CONFIG_P2P_STRICT
-CFLAGS += -DCONFIG_P2P_STRICT
-endif
-ifdef CONFIG_WIFI_DISPLAY
-CFLAGS += -DCONFIG_WIFI_DISPLAY
-OBJS += wifi_display.o
-endif
-endif
-
-ifdef CONFIG_PASN
-CFLAGS += -DCONFIG_PASN
-CFLAGS += -DCONFIG_PTKSA_CACHE
-NEED_HMAC_SHA256_KDF=y
-NEED_HMAC_SHA384_KDF=y
-NEED_SHA256=y
-NEED_SHA384=y
-OBJS += ../src/common/ptksa_cache.o
-OBJS += pasn_supplicant.o
-endif
-
-ifdef CONFIG_HS20
-OBJS += hs20_supplicant.o
-CFLAGS += -DCONFIG_HS20
-CONFIG_INTERWORKING=y
-endif
-
-ifdef CONFIG_INTERWORKING
-OBJS += interworking.o
-CFLAGS += -DCONFIG_INTERWORKING
-NEED_GAS=y
-endif
-
-ifdef CONFIG_NO_ROAMING
-CFLAGS += -DCONFIG_NO_ROAMING
-endif
-
-include ../src/drivers/drivers.mak
-ifdef CONFIG_AP
-OBJS_d += $(DRV_BOTH_OBJS)
-CFLAGS += $(DRV_BOTH_CFLAGS)
-LDFLAGS += $(DRV_BOTH_LDFLAGS)
-LIBS += $(DRV_BOTH_LIBS)
-else
-NEED_AP_MLME=
-OBJS_d += $(DRV_WPA_OBJS)
-CFLAGS += $(DRV_WPA_CFLAGS)
-LDFLAGS += $(DRV_WPA_LDFLAGS)
-LIBS += $(DRV_WPA_LIBS)
-endif
-
-ifndef CONFIG_L2_PACKET
-CONFIG_L2_PACKET=linux
-endif
-
-OBJS_l2 += ../src/l2_packet/l2_packet_$(CONFIG_L2_PACKET).o
-
-ifeq ($(CONFIG_L2_PACKET), pcap)
-ifdef CONFIG_WINPCAP
-CFLAGS += -DCONFIG_WINPCAP
-LIBS += -lwpcap -lpacket
-LIBS_w += -lwpcap
-else
-LIBS += -ldnet -lpcap
-endif
-endif
-
-ifeq ($(CONFIG_L2_PACKET), winpcap)
-LIBS += -lwpcap -lpacket
-LIBS_w += -lwpcap
-endif
-
-ifeq ($(CONFIG_L2_PACKET), freebsd)
-LIBS += -lpcap
-endif
-
-ifdef CONFIG_ERP
-CFLAGS += -DCONFIG_ERP
-NEED_HMAC_SHA256_KDF=y
-endif
-
-ifdef CONFIG_EAP_TLS
-# EAP-TLS
-ifeq ($(CONFIG_EAP_TLS), dyn)
-CFLAGS += -DEAP_TLS_DYNAMIC
-EAPDYN += eap_tls.so
-else
-CFLAGS += -DEAP_TLS
-OBJS += ../src/eap_peer/eap_tls.o
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_UNAUTH_TLS
-# EAP-UNAUTH-TLS
-CFLAGS += -DEAP_UNAUTH_TLS
-ifndef CONFIG_EAP_TLS
-OBJS += ../src/eap_peer/eap_tls.o
-TLS_FUNCS=y
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_PEAP
-# EAP-PEAP
-SRC_EAP_PEAP = ../src/eap_peer/eap_peap.c ../src/eap_common/eap_peap_common.c
-ifeq ($(CONFIG_EAP_PEAP), dyn)
-CFLAGS += -DEAP_PEAP_DYNAMIC
-EAPDYN += eap_peap.so
-else
-CFLAGS += -DEAP_PEAP
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_PEAP))
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_TTLS
-# EAP-TTLS
-ifeq ($(CONFIG_EAP_TTLS), dyn)
-CFLAGS += -DEAP_TTLS_DYNAMIC
-EAPDYN += eap_ttls.so
-else
-CFLAGS += -DEAP_TTLS
-OBJS += ../src/eap_peer/eap_ttls.o
-endif
-TLS_FUNCS=y
-ifndef CONFIG_FIPS
-MS_FUNCS=y
-CHAP=y
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_MD5
-# EAP-MD5
-ifeq ($(CONFIG_EAP_MD5), dyn)
-CFLAGS += -DEAP_MD5_DYNAMIC
-EAPDYN += eap_md5.so
-else
-CFLAGS += -DEAP_MD5
-OBJS += ../src/eap_peer/eap_md5.o
-endif
-CHAP=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-# backwards compatibility for old spelling
-ifdef CONFIG_MSCHAPV2
-ifndef CONFIG_EAP_MSCHAPV2
-CONFIG_EAP_MSCHAPV2=y
-endif
-endif
-
-ifdef CONFIG_EAP_MSCHAPV2
-# EAP-MSCHAPv2
-SRC_EAP_MSCHAPV2 = ../src/eap_peer/eap_mschapv2.c ../src/eap_peer/mschapv2.c
-ifeq ($(CONFIG_EAP_MSCHAPV2), dyn)
-CFLAGS += -DEAP_MSCHAPv2_DYNAMIC
-EAPDYN += eap_mschapv2.so
-else
-CFLAGS += -DEAP_MSCHAPv2
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_MSCHAPV2))
-endif
-MS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_GTC
-# EAP-GTC
-ifeq ($(CONFIG_EAP_GTC), dyn)
-CFLAGS += -DEAP_GTC_DYNAMIC
-EAPDYN += eap_gtc.so
-else
-CFLAGS += -DEAP_GTC
-OBJS += ../src/eap_peer/eap_gtc.o
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_OTP
-# EAP-OTP
-ifeq ($(CONFIG_EAP_OTP), dyn)
-CFLAGS += -DEAP_OTP_DYNAMIC
-EAPDYN += eap_otp.so
-else
-CFLAGS += -DEAP_OTP
-OBJS += ../src/eap_peer/eap_otp.o
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_SIM
-# EAP-SIM
-ifeq ($(CONFIG_EAP_SIM), dyn)
-CFLAGS += -DEAP_SIM_DYNAMIC
-EAPDYN += eap_sim.so
-else
-CFLAGS += -DEAP_SIM
-OBJS += ../src/eap_peer/eap_sim.o
-endif
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_EAP_SIM_COMMON=y
-NEED_AES_CBC=y
-endif
-
-ifdef CONFIG_EAP_LEAP
-# EAP-LEAP
-ifeq ($(CONFIG_EAP_LEAP), dyn)
-CFLAGS += -DEAP_LEAP_DYNAMIC
-EAPDYN += eap_leap.so
-else
-CFLAGS += -DEAP_LEAP
-OBJS += ../src/eap_peer/eap_leap.o
-endif
-MS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_PSK
-# EAP-PSK
-SRC_EAP_PSK = ../src/eap_peer/eap_psk.c ../src/eap_common/eap_psk_common.c
-ifeq ($(CONFIG_EAP_PSK), dyn)
-CFLAGS += -DEAP_PSK_DYNAMIC
-EAPDYN += eap_psk.so
-else
-CFLAGS += -DEAP_PSK
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_PSK))
-endif
-CONFIG_IEEE8021X_EAPOL=y
-NEED_AES=y
-NEED_AES_ENCBLOCK=y
-NEED_AES_EAX=y
-endif
-
-ifdef CONFIG_EAP_AKA
-# EAP-AKA
-ifeq ($(CONFIG_EAP_AKA), dyn)
-CFLAGS += -DEAP_AKA_DYNAMIC
-EAPDYN += eap_aka.so
-else
-CFLAGS += -DEAP_AKA
-OBJS += ../src/eap_peer/eap_aka.o
-endif
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_EAP_SIM_COMMON=y
-NEED_AES_CBC=y
-endif
-
-ifdef CONFIG_EAP_PROXY
-CFLAGS += -DCONFIG_EAP_PROXY
-OBJS += ../src/eap_peer/eap_proxy_$(CONFIG_EAP_PROXY).o
-include eap_proxy_$(CONFIG_EAP_PROXY).mak
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_AKA_PRIME
-# EAP-AKA'
-ifeq ($(CONFIG_EAP_AKA_PRIME), dyn)
-CFLAGS += -DEAP_AKA_PRIME_DYNAMIC
-else
-CFLAGS += -DEAP_AKA_PRIME
-endif
-endif
-
-ifdef CONFIG_EAP_SIM_COMMON
-OBJS += ../src/eap_common/eap_sim_common.o
-NEED_AES=y
-NEED_FIPS186_2_PRF=y
-endif
-
-ifdef CONFIG_EAP_FAST
-# EAP-FAST
-SRC_EAP_FAST = ../src/eap_peer/eap_fast.c ../src/eap_peer/eap_fast_pac.c
-SRC_EAP_FAST += ../src/eap_common/eap_fast_common.c
-ifeq ($(CONFIG_EAP_FAST), dyn)
-CFLAGS += -DEAP_FAST_DYNAMIC
-EAPDYN += eap_fast.so
-else
-CFLAGS += -DEAP_FAST
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_FAST))
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-NEED_T_PRF=y
-endif
-
-ifdef CONFIG_EAP_TEAP
-# EAP-TEAP
-SRC_EAP_TEAP = ../src/eap_peer/eap_teap.c ../src/eap_peer/eap_teap_pac.c
-SRC_EAP_TEAP += ../src/eap_common/eap_teap_common.c
-ifeq ($(CONFIG_EAP_TEAP), dyn)
-CFLAGS += -DEAP_TEAP_DYNAMIC
-EAPDYN += eap_teap.so
-else
-CFLAGS += -DEAP_TEAP
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_TEAP))
-endif
-TLS_FUNCS=y
-CONFIG_IEEE8021X_EAPOL=y
-NEED_T_PRF=y
-NEED_SHA384=y
-NEED_TLS_PRF_SHA256=y
-NEED_TLS_PRF_SHA384=y
-endif
-
-ifdef CONFIG_EAP_PAX
-# EAP-PAX
-SRC_EAP_PAX = ../src/eap_peer/eap_pax.c ../src/eap_common/eap_pax_common.c
-ifeq ($(CONFIG_EAP_PAX), dyn)
-CFLAGS += -DEAP_PAX_DYNAMIC
-EAPDYN += eap_pax.so
-else
-CFLAGS += -DEAP_PAX
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_PAX))
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_SAKE
-# EAP-SAKE
-SRC_EAP_SAKE = ../src/eap_peer/eap_sake.c ../src/eap_common/eap_sake_common.c
-ifeq ($(CONFIG_EAP_SAKE), dyn)
-CFLAGS += -DEAP_SAKE_DYNAMIC
-EAPDYN += eap_sake.so
-else
-CFLAGS += -DEAP_SAKE
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_SAKE))
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_GPSK
-# EAP-GPSK
-SRC_EAP_GPSK = ../src/eap_peer/eap_gpsk.c ../src/eap_common/eap_gpsk_common.c
-ifeq ($(CONFIG_EAP_GPSK), dyn)
-CFLAGS += -DEAP_GPSK_DYNAMIC
-EAPDYN += eap_gpsk.so
-else
-CFLAGS += -DEAP_GPSK
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_GPSK))
-endif
-CONFIG_IEEE8021X_EAPOL=y
-ifdef CONFIG_EAP_GPSK_SHA256
-CFLAGS += -DEAP_GPSK_SHA256
-endif
-endif
-
-ifdef CONFIG_EAP_PWD
-CFLAGS += -DEAP_PWD
-ifeq ($(CONFIG_TLS), wolfssl)
-CFLAGS += -DCONFIG_ECC
-endif
-OBJS += ../src/eap_peer/eap_pwd.o ../src/eap_common/eap_pwd_common.o
-CONFIG_IEEE8021X_EAPOL=y
-NEED_ECC=y
-NEED_DRAGONFLY=y
-endif
-
-ifdef CONFIG_EAP_EKE
-# EAP-EKE
-SRC_EAP_EKE = ../src/eap_peer/eap_eke.c ../src/eap_common/eap_eke_common.c
-ifeq ($(CONFIG_EAP_EKE), dyn)
-CFLAGS += -DEAP_EKE_DYNAMIC
-EAPDYN += eap_eke.so
-else
-CFLAGS += -DEAP_EKE
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_EKE))
-endif
-CONFIG_IEEE8021X_EAPOL=y
-NEED_DH_GROUPS=y
-NEED_DH_GROUPS_ALL=y
-NEED_AES_CBC=y
-endif
-
-ifdef CONFIG_WPS
-# EAP-WSC
-CFLAGS += -DCONFIG_WPS -DEAP_WSC
-OBJS += wps_supplicant.o
-OBJS += ../src/utils/uuid.o
-OBJS += ../src/eap_peer/eap_wsc.o ../src/eap_common/eap_wsc_common.o
-OBJS += ../src/wps/wps.o
-OBJS += ../src/wps/wps_common.o
-OBJS += ../src/wps/wps_attr_parse.o
-OBJS += ../src/wps/wps_attr_build.o
-OBJS += ../src/wps/wps_attr_process.o
-OBJS += ../src/wps/wps_dev_attr.o
-OBJS += ../src/wps/wps_enrollee.o
-OBJS += ../src/wps/wps_registrar.o
-CONFIG_IEEE8021X_EAPOL=y
-NEED_DH_GROUPS=y
-NEED_BASE64=y
-NEED_AES_CBC=y
-NEED_MODEXP=y
-
-ifdef CONFIG_WPS_NFC
-CFLAGS += -DCONFIG_WPS_NFC
-OBJS += ../src/wps/ndef.o
-NEED_WPS_OOB=y
-endif
-
-ifdef NEED_WPS_OOB
-CFLAGS += -DCONFIG_WPS_OOB
-endif
-
-ifdef CONFIG_WPS_ER
-CONFIG_WPS_UPNP=y
-CFLAGS += -DCONFIG_WPS_ER
-OBJS += ../src/wps/wps_er.o
-OBJS += ../src/wps/wps_er_ssdp.o
-endif
-
-ifdef CONFIG_WPS_UPNP
-CFLAGS += -DCONFIG_WPS_UPNP
-OBJS += ../src/wps/wps_upnp.o
-OBJS += ../src/wps/wps_upnp_ssdp.o
-OBJS += ../src/wps/wps_upnp_web.o
-OBJS += ../src/wps/wps_upnp_event.o
-OBJS += ../src/wps/wps_upnp_ap.o
-OBJS += ../src/wps/upnp_xml.o
-OBJS += ../src/wps/httpread.o
-OBJS += ../src/wps/http_client.o
-OBJS += ../src/wps/http_server.o
-endif
-
-ifdef CONFIG_WPS_STRICT
-CFLAGS += -DCONFIG_WPS_STRICT
-OBJS += ../src/wps/wps_validate.o
-endif
-
-ifdef CONFIG_WPS_TESTING
-CFLAGS += -DCONFIG_WPS_TESTING
-endif
-
-ifdef CONFIG_WPS_REG_DISABLE_OPEN
-CFLAGS += -DCONFIG_WPS_REG_DISABLE_OPEN
-endif
-
-endif
-
-ifdef CONFIG_EAP_IKEV2
-# EAP-IKEv2
-SRC_EAP_IKEV2 = ../src/eap_peer/eap_ikev2.c
-SRC_EAP_IKEV2 += ../src/eap_peer/ikev2.c
-SRC_EAP_IKEV2 += ../src/eap_common/eap_ikev2_common.c
-SRC_EAP_IKEV2 += ../src/eap_common/ikev2_common.c
-ifeq ($(CONFIG_EAP_IKEV2), dyn)
-CFLAGS += -DEAP_IKEV2_DYNAMIC
-EAPDYN += eap_ikev2.so
-else
-CFLAGS += -DEAP_IKEV2
-OBJS += $(patsubst %.c, %.o, $(SRC_EAP_IKEV2))
-endif
-CONFIG_IEEE8021X_EAPOL=y
-NEED_DH_GROUPS=y
-NEED_DH_GROUPS_ALL=y
-NEED_MODEXP=y
-NEED_CIPHER=y
-endif
-
-ifdef CONFIG_EAP_VENDOR_TEST
-ifeq ($(CONFIG_EAP_VENDOR_TEST), dyn)
-CFLAGS += -DEAP_VENDOR_TEST_DYNAMIC
-EAPDYN += eap_vendor_test.so
-else
-CFLAGS += -DEAP_VENDOR_TEST
-OBJS += ../src/eap_peer/eap_vendor_test.o
-endif
-CONFIG_IEEE8021X_EAPOL=y
-endif
-
-ifdef CONFIG_EAP_TNC
-# EAP-TNC
-CFLAGS += -DEAP_TNC
-OBJS += ../src/eap_peer/eap_tnc.o
-OBJS += ../src/eap_peer/tncc.o
-NEED_BASE64=y
-ifndef CONFIG_NATIVE_WINDOWS
-ifndef CONFIG_DRIVER_BSD
-LIBS += -ldl
-endif
-endif
-endif
-
-ifdef CONFIG_MACSEC
-CFLAGS += -DCONFIG_MACSEC
-CONFIG_IEEE8021X_EAPOL=y
-NEED_AES_ENCBLOCK=y
-NEED_AES_UNWRAP=y
-NEED_AES_WRAP=y
-OBJS += wpas_kay.o
-OBJS += ../src/pae/ieee802_1x_cp.o
-OBJS += ../src/pae/ieee802_1x_kay.o
-OBJS += ../src/pae/ieee802_1x_key.o
-OBJS += ../src/pae/ieee802_1x_secy_ops.o
-ifdef CONFIG_AP
-OBJS += ../src/ap/wpa_auth_kay.o
-endif
-endif
-
-ifdef CONFIG_IEEE8021X_EAPOL
-# IEEE 802.1X/EAPOL state machines (e.g., for RADIUS authentication)
-CFLAGS += -DIEEE8021X_EAPOL
-OBJS += ../src/eapol_supp/eapol_supp_sm.o
-OBJS += ../src/eap_peer/eap.o ../src/eap_peer/eap_methods.o
-NEED_EAP_COMMON=y
-ifdef CONFIG_DYNAMIC_EAP_METHODS
-CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
-LIBS += -ldl -rdynamic
-endif
-endif
-
-ifdef CONFIG_AP
-NEED_EAP_COMMON=y
-NEED_RSN_AUTHENTICATOR=y
-CFLAGS += -DCONFIG_AP
-OBJS += ap.o
-CFLAGS += -DCONFIG_NO_RADIUS
-CFLAGS += -DCONFIG_NO_ACCOUNTING
-CFLAGS += -DCONFIG_NO_VLAN
-OBJS += ../src/ap/hostapd.o
-OBJS += ../src/ap/wpa_auth_glue.o
-OBJS += ../src/ap/utils.o
-OBJS += ../src/ap/authsrv.o
-OBJS += ../src/ap/ap_config.o
-OBJS += ../src/ap/sta_info.o
-OBJS += ../src/ap/tkip_countermeasures.o
-OBJS += ../src/ap/ap_mlme.o
-OBJS += ../src/ap/ieee802_1x.o
-OBJS += ../src/eapol_auth/eapol_auth_sm.o
-OBJS += ../src/ap/ieee802_11_auth.o
-OBJS += ../src/ap/ieee802_11_shared.o
-OBJS += ../src/ap/drv_callbacks.o
-OBJS += ../src/ap/ap_drv_ops.o
-OBJS += ../src/ap/beacon.o
-OBJS += ../src/ap/bss_load.o
-OBJS += ../src/ap/eap_user_db.o
-OBJS += ../src/ap/neighbor_db.o
-OBJS += ../src/ap/rrm.o
-OBJS += ../src/ap/ieee802_11_ht.o
-ifdef CONFIG_IEEE80211AC
-OBJS += ../src/ap/ieee802_11_vht.o
-endif
-ifdef CONFIG_IEEE80211AX
-OBJS += ../src/ap/ieee802_11_he.o
-endif
-ifdef CONFIG_WNM_AP
-CFLAGS += -DCONFIG_WNM_AP
-OBJS += ../src/ap/wnm_ap.o
-endif
-ifdef CONFIG_MBO
-OBJS += ../src/ap/mbo_ap.o
-endif
-ifdef CONFIG_FILS
-OBJS += ../src/ap/fils_hlp.o
-endif
-ifdef CONFIG_CTRL_IFACE
-OBJS += ../src/ap/ctrl_iface_ap.o
-endif
-
-CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
-OBJS += ../src/eap_server/eap_server.o
-OBJS += ../src/eap_server/eap_server_identity.o
-OBJS += ../src/eap_server/eap_server_methods.o
-
-ifdef CONFIG_IEEE80211AC
-CFLAGS += -DCONFIG_IEEE80211AC
-endif
-ifdef CONFIG_IEEE80211AX
-CFLAGS += -DCONFIG_IEEE80211AX
-endif
-
-ifdef NEED_AP_MLME
-OBJS += ../src/ap/wmm.o
-OBJS += ../src/ap/ap_list.o
-OBJS += ../src/ap/ieee802_11.o
-OBJS += ../src/ap/hw_features.o
-OBJS += ../src/ap/dfs.o
-CFLAGS += -DNEED_AP_MLME
-endif
-ifdef CONFIG_WPS
-CFLAGS += -DEAP_SERVER_WSC
-OBJS += ../src/ap/wps_hostapd.o
-OBJS += ../src/eap_server/eap_server_wsc.o
-endif
-ifdef CONFIG_DPP
-OBJS += ../src/ap/dpp_hostapd.o
-OBJS += ../src/ap/gas_query_ap.o
-NEED_AP_GAS_SERV=y
-endif
-ifdef CONFIG_INTERWORKING
-NEED_AP_GAS_SERV=y
-endif
-ifdef NEED_AP_GAS_SERV
-OBJS += ../src/ap/gas_serv.o
-endif
-ifdef CONFIG_HS20
-OBJS += ../src/ap/hs20.o
-endif
-endif
-
-ifdef CONFIG_MBO
-OBJS += mbo.o
-CFLAGS += -DCONFIG_MBO
-endif
-
-ifdef NEED_RSN_AUTHENTICATOR
-CFLAGS += -DCONFIG_NO_RADIUS
-NEED_AES_WRAP=y
-OBJS += ../src/ap/wpa_auth.o
-OBJS += ../src/ap/wpa_auth_ie.o
-OBJS += ../src/ap/pmksa_cache_auth.o
-endif
-
-ifdef CONFIG_ACS
-CFLAGS += -DCONFIG_ACS
-OBJS += ../src/ap/acs.o
-LIBS += -lm
-endif
-
-ifdef CONFIG_PCSC
-# PC/SC interface for smartcards (USIM, GSM SIM)
-CFLAGS += -DPCSC_FUNCS -I/usr/include/PCSC
-OBJS += ../src/utils/pcsc_funcs.o
-ifdef CONFIG_NATIVE_WINDOWS
-#Once MinGW gets support for WinScard, -lwinscard could be used instead of the
-#dynamic symbol loading that is now used in pcsc_funcs.c
-#LIBS += -lwinscard
-else
-ifdef CONFIG_OSX
-LIBS += -framework PCSC
-else
-LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite)
-endif
-endif
-endif
-
-ifdef CONFIG_SIM_SIMULATOR
-CFLAGS += -DCONFIG_SIM_SIMULATOR
-NEED_MILENAGE=y
-endif
-
-ifdef CONFIG_USIM_SIMULATOR
-CFLAGS += -DCONFIG_USIM_SIMULATOR
-NEED_MILENAGE=y
-endif
-
-ifdef NEED_MILENAGE
-OBJS += ../src/crypto/milenage.o
-NEED_AES_ENCBLOCK=y
-endif
-
-ifdef CONFIG_PKCS12
-CFLAGS += -DPKCS12_FUNCS
-endif
-
-ifdef CONFIG_SMARTCARD
-CFLAGS += -DCONFIG_SMARTCARD
-endif
-
-ifdef NEED_DRAGONFLY
-OBJS += ../src/common/dragonfly.o
-endif
-
-ifdef MS_FUNCS
-OBJS += ../src/crypto/ms_funcs.o
-NEED_DES=y
-NEED_MD4=y
-endif
-
-ifdef CHAP
-OBJS += ../src/eap_common/chap.o
-endif
-
-ifdef TLS_FUNCS
-NEED_DES=y
-# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, EAP_FAST, and
-# EAP_TEAP)
-OBJS += ../src/eap_peer/eap_tls_common.o
-ifndef CONFIG_FIPS
-NEED_TLS_PRF=y
-NEED_SHA1=y
-NEED_MD5=y
-endif
-endif
-
-ifndef CONFIG_TLS
-CONFIG_TLS=openssl
-endif
-
-ifdef CONFIG_TLSV11
-CFLAGS += -DCONFIG_TLSV11
-endif
-
-ifdef CONFIG_TLSV12
-CFLAGS += -DCONFIG_TLSV12
-endif
-
-ifeq ($(CONFIG_TLS), wolfssl)
-ifdef TLS_FUNCS
-CFLAGS += -DWOLFSSL_DER_LOAD
-OBJS += ../src/crypto/tls_wolfssl.o
-endif
-OBJS += ../src/crypto/crypto_wolfssl.o
-OBJS_p += ../src/crypto/crypto_wolfssl.o
-ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_wolfssl.o
-endif
-NEED_TLS_PRF_SHA256=y
-LIBS += -lwolfssl -lm
-LIBS_p += -lwolfssl -lm
-endif
-
-ifeq ($(CONFIG_TLS), openssl)
-ifdef TLS_FUNCS
-CFLAGS += -DEAP_TLS_OPENSSL
-OBJS += ../src/crypto/tls_openssl.o
-OBJS += ../src/crypto/tls_openssl_ocsp.o
-LIBS += -lssl
-endif
-OBJS += ../src/crypto/crypto_openssl.o
-OBJS_p += ../src/crypto/crypto_openssl.o
-OBJS_priv += ../src/crypto/crypto_openssl.o
-ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_openssl.o
-endif
-NEED_TLS_PRF_SHA256=y
-LIBS += -lcrypto
-LIBS_p += -lcrypto
-ifdef CONFIG_TLS_ADD_DL
-LIBS += -ldl
-LIBS_p += -ldl
-endif
-ifndef CONFIG_TLS_DEFAULT_CIPHERS
-CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW"
-endif
-CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
-endif
-
-ifeq ($(CONFIG_TLS), gnutls)
-ifndef CONFIG_CRYPTO
-# default to libgcrypt
-CONFIG_CRYPTO=gnutls
-endif
-ifdef TLS_FUNCS
-OBJS += ../src/crypto/tls_gnutls.o
-LIBS += -lgnutls -lgpg-error
-endif
-OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
-OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
-OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
-ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_internal.o
-SHA1OBJS += ../src/crypto/sha1-internal.o
-endif
-ifeq ($(CONFIG_CRYPTO), gnutls)
-LIBS += -lgcrypt
-LIBS_p += -lgcrypt
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-ifeq ($(CONFIG_CRYPTO), nettle)
-LIBS += -lnettle -lgmp
-LIBS_p += -lnettle -lgmp
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-endif
-
-ifeq ($(CONFIG_TLS), internal)
-ifndef CONFIG_CRYPTO
-CONFIG_CRYPTO=internal
-endif
-ifdef TLS_FUNCS
-OBJS += ../src/crypto/crypto_internal-rsa.o
-OBJS += ../src/crypto/tls_internal.o
-OBJS += ../src/tls/tlsv1_common.o
-OBJS += ../src/tls/tlsv1_record.o
-OBJS += ../src/tls/tlsv1_cred.o
-OBJS += ../src/tls/tlsv1_client.o
-OBJS += ../src/tls/tlsv1_client_write.o
-OBJS += ../src/tls/tlsv1_client_read.o
-OBJS += ../src/tls/tlsv1_client_ocsp.o
-OBJS += ../src/tls/rsa.o
-OBJS += ../src/tls/x509v3.o
-OBJS += ../src/tls/pkcs1.o
-OBJS += ../src/tls/pkcs5.o
-OBJS += ../src/tls/pkcs8.o
-NEED_ASN1=y
-NEED_BASE64=y
-NEED_TLS_PRF=y
-ifdef CONFIG_TLSV12
-NEED_TLS_PRF_SHA256=y
-endif
-NEED_MODEXP=y
-NEED_CIPHER=y
-CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
-endif
-ifdef NEED_CIPHER
-NEED_DES=y
-OBJS += ../src/crypto/crypto_internal-cipher.o
-endif
-ifdef NEED_MODEXP
-OBJS += ../src/crypto/crypto_internal-modexp.o
-OBJS += ../src/tls/bignum.o
-endif
-ifeq ($(CONFIG_CRYPTO), libtomcrypt)
-OBJS += ../src/crypto/crypto_libtomcrypt.o
-OBJS_p += ../src/crypto/crypto_libtomcrypt.o
-LIBS += -ltomcrypt -ltfm
-LIBS_p += -ltomcrypt -ltfm
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-ifeq ($(CONFIG_CRYPTO), internal)
-OBJS += ../src/crypto/crypto_internal.o
-OBJS_p += ../src/crypto/crypto_internal.o
-NEED_AES_ENC=y
-CFLAGS += -DCONFIG_CRYPTO_INTERNAL
-ifdef CONFIG_INTERNAL_LIBTOMMATH
-CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
-ifdef CONFIG_INTERNAL_LIBTOMMATH_FAST
-CFLAGS += -DLTM_FAST
-endif
-else
-LIBS += -ltommath
-LIBS_p += -ltommath
-endif
-CONFIG_INTERNAL_AES=y
-CONFIG_INTERNAL_DES=y
-CONFIG_INTERNAL_SHA1=y
-CONFIG_INTERNAL_MD4=y
-CONFIG_INTERNAL_MD5=y
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_SHA384=y
-CONFIG_INTERNAL_SHA512=y
-CONFIG_INTERNAL_RC4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-ifeq ($(CONFIG_CRYPTO), cryptoapi)
-OBJS += ../src/crypto/crypto_cryptoapi.o
-OBJS_p += ../src/crypto/crypto_cryptoapi.o
-CFLAGS += -DCONFIG_CRYPTO_CRYPTOAPI
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_RC4=y
-endif
-endif
-
-ifeq ($(CONFIG_TLS), linux)
-OBJS += ../src/crypto/crypto_linux.o
-OBJS_p += ../src/crypto/crypto_linux.o
-ifdef TLS_FUNCS
-OBJS += ../src/crypto/crypto_internal-rsa.o
-OBJS += ../src/crypto/tls_internal.o
-OBJS += ../src/tls/tlsv1_common.o
-OBJS += ../src/tls/tlsv1_record.o
-OBJS += ../src/tls/tlsv1_cred.o
-OBJS += ../src/tls/tlsv1_client.o
-OBJS += ../src/tls/tlsv1_client_write.o
-OBJS += ../src/tls/tlsv1_client_read.o
-OBJS += ../src/tls/tlsv1_client_ocsp.o
-OBJS += ../src/tls/rsa.o
-OBJS += ../src/tls/x509v3.o
-OBJS += ../src/tls/pkcs1.o
-OBJS += ../src/tls/pkcs5.o
-OBJS += ../src/tls/pkcs8.o
-NEED_ASN1=y
-NEED_BASE64=y
-NEED_TLS_PRF=y
-ifdef CONFIG_TLSV12
-NEED_TLS_PRF_SHA256=y
-endif
-NEED_MODEXP=y
-NEED_CIPHER=y
-CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
-endif
-ifdef NEED_MODEXP
-OBJS += ../src/crypto/crypto_internal-modexp.o
-OBJS += ../src/tls/bignum.o
-CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
-CFLAGS += -DLTM_FAST
-endif
-CONFIG_INTERNAL_DH_GROUP5=y
-ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_internal.o
-OBJS += ../src/crypto/sha1-internal.o
-endif
-endif
-
-ifeq ($(CONFIG_TLS), none)
-ifdef TLS_FUNCS
-OBJS += ../src/crypto/tls_none.o
-CFLAGS += -DEAP_TLS_NONE
-CONFIG_INTERNAL_AES=y
-CONFIG_INTERNAL_SHA1=y
-CONFIG_INTERNAL_MD5=y
-endif
-OBJS += ../src/crypto/crypto_none.o
-OBJS_p += ../src/crypto/crypto_none.o
-CONFIG_INTERNAL_SHA256=y
-CONFIG_INTERNAL_RC4=y
-endif
-
-ifdef TLS_FUNCS
-ifdef CONFIG_SMARTCARD
-ifndef CONFIG_NATIVE_WINDOWS
-ifneq ($(CONFIG_L2_PACKET), freebsd)
-LIBS += -ldl
-endif
-endif
-endif
-endif
-
-ifndef TLS_FUNCS
-OBJS += ../src/crypto/tls_none.o
-ifeq ($(CONFIG_TLS), internal)
-CONFIG_INTERNAL_AES=y
-CONFIG_INTERNAL_SHA1=y
-CONFIG_INTERNAL_MD5=y
-CONFIG_INTERNAL_RC4=y
-endif
-endif
-
-AESOBJS = # none so far (see below)
-ifdef CONFIG_INTERNAL_AES
-AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-dec.o
-endif
-
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), wolfssl)
-NEED_INTERNAL_AES_WRAP=y
-endif
-endif
-ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
-# Seems to be needed at least with BoringSSL
-NEED_INTERNAL_AES_WRAP=y
-CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
-endif
-ifdef CONFIG_FIPS
-# Have to use internal AES key wrap routines to use OpenSSL EVP since the
-# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.
-NEED_INTERNAL_AES_WRAP=y
-endif
-
-ifdef NEED_INTERNAL_AES_WRAP
-ifneq ($(CONFIG_TLS), linux)
-AESOBJS += ../src/crypto/aes-unwrap.o
-endif
-endif
-ifdef NEED_AES_EAX
-AESOBJS += ../src/crypto/aes-eax.o
-NEED_AES_CTR=y
-endif
-ifdef NEED_AES_SIV
-AESOBJS += ../src/crypto/aes-siv.o
-NEED_AES_CTR=y
-endif
-ifdef NEED_AES_CTR
-AESOBJS += ../src/crypto/aes-ctr.o
-endif
-ifdef NEED_AES_ENCBLOCK
-AESOBJS += ../src/crypto/aes-encblock.o
-endif
-NEED_AES_ENC=y
-ifdef CONFIG_OPENSSL_CMAC
-CFLAGS += -DCONFIG_OPENSSL_CMAC
-else
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), wolfssl)
-AESOBJS += ../src/crypto/aes-omac1.o
-endif
-endif
-endif
-ifdef NEED_AES_WRAP
-NEED_AES_ENC=y
-ifdef NEED_INTERNAL_AES_WRAP
-AESOBJS += ../src/crypto/aes-wrap.o
-endif
-endif
-ifdef NEED_AES_CBC
-NEED_AES_ENC=y
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), wolfssl)
-AESOBJS += ../src/crypto/aes-cbc.o
-endif
-endif
-endif
-endif
-ifdef NEED_AES_ENC
-ifdef CONFIG_INTERNAL_AES
-AESOBJS += ../src/crypto/aes-internal-enc.o
-endif
-endif
-ifdef NEED_AES
-OBJS += $(AESOBJS)
-endif
-
-ifdef NEED_SHA1
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), gnutls)
-ifneq ($(CONFIG_TLS), wolfssl)
-SHA1OBJS += ../src/crypto/sha1.o
-endif
-endif
-endif
-endif
-SHA1OBJS += ../src/crypto/sha1-prf.o
-ifdef CONFIG_INTERNAL_SHA1
-SHA1OBJS += ../src/crypto/sha1-internal.o
-ifdef NEED_FIPS186_2_PRF
-SHA1OBJS += ../src/crypto/fips_prf_internal.o
-endif
-endif
-ifdef CONFIG_NO_WPA_PASSPHRASE
-CFLAGS += -DCONFIG_NO_PBKDF2
-else
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), wolfssl)
-SHA1OBJS += ../src/crypto/sha1-pbkdf2.o
-endif
-endif
-endif
-ifdef NEED_T_PRF
-SHA1OBJS += ../src/crypto/sha1-tprf.o
-endif
-ifdef NEED_TLS_PRF
-SHA1OBJS += ../src/crypto/sha1-tlsprf.o
-endif
-endif
-
-ifndef CONFIG_FIPS
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), gnutls)
-ifneq ($(CONFIG_TLS), wolfssl)
-MD5OBJS += ../src/crypto/md5.o
-endif
-endif
-endif
-endif
-endif
-ifdef NEED_MD5
-ifdef CONFIG_INTERNAL_MD5
-MD5OBJS += ../src/crypto/md5-internal.o
-endif
-OBJS += $(MD5OBJS)
-OBJS_p += $(MD5OBJS)
-OBJS_priv += $(MD5OBJS)
-endif
-
-ifdef NEED_MD4
-ifdef CONFIG_INTERNAL_MD4
-OBJS += ../src/crypto/md4-internal.o
-endif
-endif
-
-DESOBJS = # none needed when not internal
-ifdef NEED_DES
-ifndef CONFIG_FIPS
-CFLAGS += -DCONFIG_DES
-endif
-ifdef CONFIG_INTERNAL_DES
-DESOBJS += ../src/crypto/des-internal.o
-endif
-endif
-
-ifdef CONFIG_NO_RC4
-CFLAGS += -DCONFIG_NO_RC4
-endif
-
-ifdef NEED_RC4
-ifdef CONFIG_INTERNAL_RC4
-ifndef CONFIG_NO_RC4
-OBJS += ../src/crypto/rc4.o
-endif
-endif
-endif
-
-SHA256OBJS = # none by default
-CFLAGS += -DCONFIG_SHA256
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), gnutls)
-ifneq ($(CONFIG_TLS), wolfssl)
-SHA256OBJS += ../src/crypto/sha256.o
-endif
-endif
-endif
-endif
-SHA256OBJS += ../src/crypto/sha256-prf.o
-ifdef CONFIG_INTERNAL_SHA256
-SHA256OBJS += ../src/crypto/sha256-internal.o
-endif
-ifdef CONFIG_INTERNAL_SHA384
-CFLAGS += -DCONFIG_INTERNAL_SHA384
-SHA256OBJS += ../src/crypto/sha384-internal.o
-endif
-ifdef CONFIG_INTERNAL_SHA512
-CFLAGS += -DCONFIG_INTERNAL_SHA512
-SHA256OBJS += ../src/crypto/sha512-internal.o
-endif
-ifdef NEED_TLS_PRF_SHA256
-SHA256OBJS += ../src/crypto/sha256-tlsprf.o
-endif
-ifdef NEED_TLS_PRF_SHA384
-SHA256OBJS += ../src/crypto/sha384-tlsprf.o
-endif
-ifdef NEED_HMAC_SHA256_KDF
-CFLAGS += -DCONFIG_HMAC_SHA256_KDF
-OBJS += ../src/crypto/sha256-kdf.o
-endif
-ifdef NEED_HMAC_SHA384_KDF
-CFLAGS += -DCONFIG_HMAC_SHA384_KDF
-OBJS += ../src/crypto/sha384-kdf.o
-endif
-ifdef NEED_HMAC_SHA512_KDF
-CFLAGS += -DCONFIG_HMAC_SHA512_KDF
-OBJS += ../src/crypto/sha512-kdf.o
-endif
-OBJS += $(SHA256OBJS)
-ifdef NEED_SHA384
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), gnutls)
-ifneq ($(CONFIG_TLS), wolfssl)
-OBJS += ../src/crypto/sha384.o
-endif
-endif
-endif
-endif
-CFLAGS += -DCONFIG_SHA384
-OBJS += ../src/crypto/sha384-prf.o
-endif
-ifdef NEED_SHA512
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), linux)
-ifneq ($(CONFIG_TLS), gnutls)
-ifneq ($(CONFIG_TLS), wolfssl)
-OBJS += ../src/crypto/sha512.o
-endif
-endif
-endif
-endif
-CFLAGS += -DCONFIG_SHA512
-OBJS += ../src/crypto/sha512-prf.o
-endif
-
-ifdef NEED_ASN1
-OBJS += ../src/tls/asn1.o
-endif
-
-ifdef NEED_DH_GROUPS
-OBJS += ../src/crypto/dh_groups.o
-endif
-ifdef NEED_DH_GROUPS_ALL
-CFLAGS += -DALL_DH_GROUPS
-endif
-ifdef CONFIG_INTERNAL_DH_GROUP5
-ifdef NEED_DH_GROUPS
-OBJS += ../src/crypto/dh_group5.o
-endif
-endif
-
-ifdef NEED_ECC
-CFLAGS += -DCONFIG_ECC
-endif
-
-ifdef CONFIG_NO_RANDOM_POOL
-CFLAGS += -DCONFIG_NO_RANDOM_POOL
-else
-ifdef CONFIG_GETRANDOM
-CFLAGS += -DCONFIG_GETRANDOM
-endif
-OBJS += ../src/crypto/random.o
-endif
-
-ifdef CONFIG_CTRL_IFACE
-ifeq ($(CONFIG_CTRL_IFACE), y)
-ifdef CONFIG_NATIVE_WINDOWS
-CONFIG_CTRL_IFACE=named_pipe
-else
-CONFIG_CTRL_IFACE=unix
-endif
-endif
-CFLAGS += -DCONFIG_CTRL_IFACE
-ifeq ($(CONFIG_CTRL_IFACE), unix)
-CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
-OBJS += ../src/common/ctrl_iface_common.o
-endif
-ifeq ($(CONFIG_CTRL_IFACE), udp)
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP
-endif
-ifeq ($(CONFIG_CTRL_IFACE), udp6)
-CONFIG_CTRL_IFACE=udp
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP_IPV6
-endif
-ifeq ($(CONFIG_CTRL_IFACE), named_pipe)
-CFLAGS += -DCONFIG_CTRL_IFACE_NAMED_PIPE
-endif
-ifeq ($(CONFIG_CTRL_IFACE), udp-remote)
-CONFIG_CTRL_IFACE=udp
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP_REMOTE
-endif
-ifeq ($(CONFIG_CTRL_IFACE), udp6-remote)
-CONFIG_CTRL_IFACE=udp
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP_REMOTE
-CFLAGS += -DCONFIG_CTRL_IFACE_UDP_IPV6
-endif
-OBJS += ctrl_iface.o ctrl_iface_$(CONFIG_CTRL_IFACE).o
-endif
-
-ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-CFLAGS += -DCONFIG_CTRL_IFACE_DBUS_NEW
-OBJS += dbus/dbus_dict_helpers.o
-OBJS += dbus/dbus_new_helpers.o
-OBJS += dbus/dbus_new.o dbus/dbus_new_handlers.o
-OBJS += dbus/dbus_common.o
-ifdef CONFIG_WPS
-OBJS += dbus/dbus_new_handlers_wps.o
-endif
-ifdef CONFIG_P2P
-OBJS += dbus/dbus_new_handlers_p2p.o
-endif
-ifndef DBUS_LIBS
-DBUS_LIBS := $(shell $(PKG_CONFIG) --libs dbus-1)
-endif
-ifndef DBUS_INCLUDE
-DBUS_INCLUDE := $(shell $(PKG_CONFIG) --cflags dbus-1)
-endif
-ifdef CONFIG_CTRL_IFACE_DBUS_INTRO
-OBJS += dbus/dbus_new_introspect.o
-CFLAGS += -DCONFIG_CTRL_IFACE_DBUS_INTRO
-endif
-CFLAGS += $(DBUS_INCLUDE)
-LIBS += $(DBUS_LIBS)
-endif
-
-ifdef CONFIG_READLINE
-OBJS_c += ../src/utils/edit_readline.o
-LIBS_c += -lreadline -lncurses
-else
-ifdef CONFIG_WPA_CLI_EDIT
-OBJS_c += ../src/utils/edit.o
-else
-OBJS_c += ../src/utils/edit_simple.o
-endif
-endif
-
-ifdef CONFIG_NATIVE_WINDOWS
-CFLAGS += -DCONFIG_NATIVE_WINDOWS
-LIBS += -lws2_32 -lgdi32 -lcrypt32
-LIBS_c += -lws2_32
-LIBS_p += -lws2_32 -lgdi32
-ifeq ($(CONFIG_CRYPTO), cryptoapi)
-LIBS_p += -lcrypt32
-endif
-endif
-
-ifdef CONFIG_NO_STDOUT_DEBUG
-CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
-ifndef CONFIG_CTRL_IFACE
-CFLAGS += -DCONFIG_NO_WPA_MSG
-endif
-endif
-
-ifdef CONFIG_IPV6
-# for eapol_test only
-CFLAGS += -DCONFIG_IPV6
-endif
-
-ifdef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
-CFLAGS += -DCONFIG_NO_LINUX_PACKET_SOCKET_WAR
-endif
-
-ifdef NEED_BASE64
-OBJS += ../src/utils/base64.o
-endif
-
-ifdef NEED_SME
-OBJS += sme.o
-CFLAGS += -DCONFIG_SME
-endif
-
-OBJS += ../src/common/ieee802_11_common.o
-OBJS += ../src/common/hw_features_common.o
-
-ifdef NEED_EAP_COMMON
-OBJS += ../src/eap_common/eap_common.o
-endif
-
-ifndef CONFIG_MAIN
-CONFIG_MAIN=main
-endif
-
-ifdef CONFIG_DEBUG_SYSLOG
-CFLAGS += -DCONFIG_DEBUG_SYSLOG
-ifdef CONFIG_DEBUG_SYSLOG_FACILITY
-CFLAGS += -DLOG_HOSTAPD="$(CONFIG_DEBUG_SYSLOG_FACILITY)"
-endif
-endif
-
-ifdef CONFIG_DEBUG_LINUX_TRACING
-CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
-endif
-
-ifdef CONFIG_DEBUG_FILE
-CFLAGS += -DCONFIG_DEBUG_FILE
-endif
-
-ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
-CFLAGS += -DCONFIG_DELAYED_MIC_ERROR_REPORT
-endif
-
-ifdef CONFIG_FIPS
-CFLAGS += -DCONFIG_FIPS
-ifneq ($(CONFIG_TLS), openssl)
-ifneq ($(CONFIG_TLS), wolfssl)
-$(error CONFIG_FIPS=y requires CONFIG_TLS=openssl)
-endif
-endif
-endif
-
-OBJS += $(SHA1OBJS) $(DESOBJS)
-
-OBJS_p += $(SHA1OBJS)
-OBJS_p += $(SHA256OBJS)
-OBJS_priv += $(SHA1OBJS)
-
-ifdef CONFIG_BGSCAN_SIMPLE
-CFLAGS += -DCONFIG_BGSCAN_SIMPLE
-OBJS += bgscan_simple.o
-NEED_BGSCAN=y
-endif
-
-ifdef CONFIG_BGSCAN_LEARN
-CFLAGS += -DCONFIG_BGSCAN_LEARN
-OBJS += bgscan_learn.o
-NEED_BGSCAN=y
-endif
-
-ifdef NEED_BGSCAN
-CFLAGS += -DCONFIG_BGSCAN
-OBJS += bgscan.o
-endif
-
-ifdef CONFIG_AUTOSCAN_EXPONENTIAL
-CFLAGS += -DCONFIG_AUTOSCAN_EXPONENTIAL
-OBJS += autoscan_exponential.o
-NEED_AUTOSCAN=y
-endif
-
-ifdef CONFIG_AUTOSCAN_PERIODIC
-CFLAGS += -DCONFIG_AUTOSCAN_PERIODIC
-OBJS += autoscan_periodic.o
-NEED_AUTOSCAN=y
-endif
-
-ifdef NEED_AUTOSCAN
-CFLAGS += -DCONFIG_AUTOSCAN
-OBJS += autoscan.o
-endif
-
-ifdef CONFIG_EXT_PASSWORD_TEST
-OBJS += ../src/utils/ext_password_test.o
-CFLAGS += -DCONFIG_EXT_PASSWORD_TEST
-NEED_EXT_PASSWORD=y
-endif
-
-ifdef CONFIG_EXT_PASSWORD_FILE
-OBJS += ../src/utils/ext_password_file.o
-CFLAGS += -DCONFIG_EXT_PASSWORD_FILE
-NEED_EXT_PASSWORD=y
-endif
-
-ifdef NEED_EXT_PASSWORD
-OBJS += ../src/utils/ext_password.o
-CFLAGS += -DCONFIG_EXT_PASSWORD
-endif
-
-ifdef NEED_GAS_SERVER
-OBJS += ../src/common/gas_server.o
-CFLAGS += -DCONFIG_GAS_SERVER
-NEED_GAS=y
-endif
-
-ifdef NEED_GAS
-OBJS += ../src/common/gas.o
-OBJS += gas_query.o
-CFLAGS += -DCONFIG_GAS
-NEED_OFFCHANNEL=y
-endif
-
-ifdef NEED_OFFCHANNEL
-OBJS += offchannel.o
-CFLAGS += -DCONFIG_OFFCHANNEL
-endif
-
-ifdef NEED_JSON
-OBJS += ../src/utils/json.o
-CFLAGS += -DCONFIG_JSON
-endif
-
-ifdef CONFIG_MODULE_TESTS
-CFLAGS += -DCONFIG_MODULE_TESTS
-OBJS += wpas_module_tests.o
-OBJS += ../src/utils/utils_module_tests.o
-OBJS += ../src/common/common_module_tests.o
-OBJS += ../src/crypto/crypto_module_tests.o
-ifdef CONFIG_WPS
-OBJS += ../src/wps/wps_module_tests.o
-endif
-endif
-
-OBJS += ../src/drivers/driver_common.o
-OBJS_priv += ../src/drivers/driver_common.o
-
-OBJS += wpa_supplicant.o events.o bssid_ignore.o wpas_glue.o scan.o
-OBJS_t := $(OBJS) $(OBJS_l2) eapol_test.o
-OBJS_t += ../src/radius/radius_client.o
-OBJS_t += ../src/radius/radius.o
-OBJS_t2 := $(OBJS) $(OBJS_l2) preauth_test.o
-
-OBJS_nfc := $(OBJS) $(OBJS_l2) nfc_pw_token.o
-OBJS_nfc += $(OBJS_d) ../src/drivers/drivers.o
-
-OBJS += $(CONFIG_MAIN).o
-
-ifdef CONFIG_PRIVSEP
-OBJS_priv += $(OBJS_d) ../src/drivers/drivers.o
-OBJS_priv += $(OBJS_l2)
-OBJS_priv += ../src/utils/os_$(CONFIG_OS).o
-OBJS_priv += ../src/utils/$(CONFIG_ELOOP).o
-OBJS_priv += ../src/utils/common.o
-OBJS_priv += ../src/utils/wpa_debug.o
-OBJS_priv += ../src/utils/wpabuf.o
-OBJS_priv += wpa_priv.o
-ifdef CONFIG_DRIVER_NL80211
-OBJS_priv += ../src/common/ieee802_11_common.o
-endif
-OBJS += ../src/l2_packet/l2_packet_privsep.o
-OBJS += ../src/drivers/driver_privsep.o
-EXTRA_progs += wpa_priv
-else
-OBJS += $(OBJS_d) ../src/drivers/drivers.o
-OBJS += $(OBJS_l2)
-endif
-
-ifdef CONFIG_NDIS_EVENTS_INTEGRATED
-CFLAGS += -DCONFIG_NDIS_EVENTS_INTEGRATED
-OBJS += ../src/drivers/ndis_events.o
-EXTRALIBS += -loleaut32 -lole32 -luuid
-ifdef PLATFORMSDKLIB
-EXTRALIBS += $(PLATFORMSDKLIB)/WbemUuid.Lib
-else
-EXTRALIBS += WbemUuid.Lib
-endif
-endif
-
-ifdef CONFIG_FST
-CFLAGS += -DCONFIG_FST
-ifdef CONFIG_FST_TEST
-CFLAGS += -DCONFIG_FST_TEST
-endif
-FST_OBJS += ../src/fst/fst.o
-FST_OBJS += ../src/fst/fst_session.o
-FST_OBJS += ../src/fst/fst_iface.o
-FST_OBJS += ../src/fst/fst_group.o
-FST_OBJS += ../src/fst/fst_ctrl_aux.o
-ifdef CONFIG_CTRL_IFACE
-FST_OBJS += ../src/fst/fst_ctrl_iface.o
-endif
-OBJS += $(FST_OBJS)
-OBJS_t += $(FST_OBJS)
-OBJS_t2 += $(FST_OBJS)
-OBJS_nfc += $(FST_OBJS)
-endif
-
-ifdef CONFIG_WEP
-CFLAGS += -DCONFIG_WEP
-endif
-
-ifdef CONFIG_NO_TKIP
-CFLAGS += -DCONFIG_NO_TKIP
-endif
-
-dynamic_eap_methods: $(EAPDYN)
-
-_OBJS_VAR := OBJS_priv
-include ../src/objs.mk
-wpa_priv: $(BCHECK) $(OBJS_priv)
-	$(Q)$(LDO) $(LDFLAGS) -o wpa_priv $(OBJS_priv) $(LIBS)
-	@$(E) "  LD " $@
-
-_OBJS_VAR := OBJS
-include ../src/objs.mk
-wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
-	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
-	@$(E) "  LD " $@
-
-_OBJS_VAR := OBJS_t
-include ../src/objs.mk
-eapol_test: $(OBJS_t)
-	$(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
-	@$(E) "  LD " $@
-
-_OBJS_VAR := OBJS_t2
-include ../src/objs.mk
-preauth_test: $(OBJS_t2)
-	$(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
-	@$(E) "  LD " $@
-
-_OBJS_VAR := OBJS_p
-include ../src/objs.mk
-wpa_passphrase: $(OBJS_p)
-	$(Q)$(LDO) $(LDFLAGS) -o wpa_passphrase $(OBJS_p) $(LIBS_p) $(LIBS)
-	@$(E) "  LD " $@
-
-_OBJS_VAR := OBJS_c
-include ../src/objs.mk
-wpa_cli: $(OBJS_c)
-	$(Q)$(LDO) $(LDFLAGS) -o wpa_cli $(OBJS_c) $(LIBS_c)
-	@$(E) "  LD " $@
-
-LIBCTRL += ../src/common/wpa_ctrl.o
-LIBCTRL += ../src/utils/os_$(CONFIG_OS).o
-LIBCTRL += ../src/utils/common.o
-LIBCTRL += ../src/utils/wpa_debug.o
-LIBCTRLSO += ../src/common/wpa_ctrl.c
-LIBCTRLSO += ../src/utils/os_$(CONFIG_OS).c
-LIBCTRLSO += ../src/utils/common.c
-LIBCTRLSO += ../src/utils/wpa_debug.c
-
-_OBJS_VAR := LIBCTRL
-include ../src/objs.mk
-libwpa_client.a: $(LIBCTRL)
-	$(Q)rm -f $@
-	$(Q)$(AR) crs $@ $?
-	@$(E) "  AR " $@
-
-libwpa_client.so: $(LIBCTRLSO)
-	@$(E) "  CC  $@ ($^)"
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -fPIC $^
-
-OBJS_wpatest := libwpa_test.o
-_OBJS_VAR := OBJS_wpatest
-include ../src/objs.mk
-libwpa_test1: $(OBJS_wpatest) libwpa_client.a
-	$(Q)$(LDO) $(LDFLAGS) -o libwpa_test1 $(OBJS_wpatest) libwpa_client.a $(LIBS_c)
-	@$(E) "  LD " $@
-
-libwpa_test2: $(OBJS_wpatest) libwpa_client.so
-	$(Q)$(LDO) $(LDFLAGS) -o libwpa_test2 $(OBJS_wpatest) -L. -lwpa_client $(LIBS_c)
-	@$(E) "  LD " $@
-
-_OBJS_VAR := OBJS_nfc
-include ../src/objs.mk
-nfc_pw_token: $(OBJS_nfc)
-	$(Q)$(LDO) $(LDFLAGS) -o nfc_pw_token $(OBJS_nfc) $(LIBS)
-	@$(E) "  LD " $@
-
-win_if_list: win_if_list.c
-	$(Q)$(LDO) $(LDFLAGS) -o $@ win_if_list.c $(CFLAGS) $(LIBS_w)
-	@$(E) "  LD " $@
-
-eap_psk.so: $(SRC_EAP_PSK)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-Deap_peer_psk_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_pax.so: $(SRC_EAP_PAX)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_peap.so: $(SRC_EAP_PEAP)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_sake.so: $(SRC_EAP_SAKE)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_ikev2.so: $(SRC_EAP_IKEV2)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_eke.so: $(SRC_EAP_EKE)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_mschapv2.so: $(SRC_EAP_MSCHAPV2)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_fast.so: $(SRC_EAP_FAST)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_teap.so: $(SRC_EAP_TEAP)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-eap_gpsk.so: $(SRC_EAP_GPSK)
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $^ \
-		-D$(@F:eap_%.so=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-%.so: ../src/eap_peer/%.c
-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $< \
-		-D$(*F:eap_%=eap_peer_%)_register=eap_peer_method_dynamic_init
-	@$(E) "  CC/LD " $@
-
-%.service: %.service.in
-	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
-	@$(E) "  sed" $<
-
-%@.service: %.service.arg.in
-	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
-	@$(E) "  sed" $<
-
-wpa_supplicant.exe: wpa_supplicant
-	mv -f $< $@
-wpa_cli.exe: wpa_cli
-	mv -f $< $@
-wpa_passphrase.exe: wpa_passphrase
-	mv -f $< $@
-win_if_list.exe: win_if_list
-	mv -f $< $@
-eapol_test.exe: eapol_test
-	mv -f $< $@
-
-WINALL=wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe win_if_list.exe
-
-windows-bin: $(WINALL)
-	$(STRIP) $(WINALL)
-
-wpa_gui:
-	@echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
-
-wpa_gui-qt4/Makefile:
-	qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
-
-wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts
-	lrelease wpa_gui-qt4/wpa_gui.pro
-
-wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
-	$(MAKE) -C wpa_gui-qt4
-
-FIPSDIR=/usr/local/ssl/fips-2.0
-FIPSLD=$(FIPSDIR)/bin/fipsld
-fips:
-	$(MAKE) CC=$(FIPSLD) FIPSLD_CC="$(CC)"
-
-.PHONY: lcov-html
-lcov-html: $(call BUILDOBJ,wpa_supplicant.gcda)
-	lcov -c -d $(BUILDDIR) > lcov.info
-	genhtml lcov.info --output-directory lcov-html
-
-clean: common-clean
-	$(MAKE) -C ../src clean
-	$(MAKE) -C dbus clean
-	rm -f core *~ *.o *.d *.gcno *.gcda *.gcov
-	rm -f eap_*.so $(WINALL) eapol_test preauth_test
-	rm -f wpa_priv
-	rm -f nfc_pw_token
-	rm -f lcov.info
-	rm -rf lcov-html
-	rm -f libwpa_client.a
-	rm -f libwpa_client.so
-	rm -f libwpa_test1 libwpa_test2
diff --git a/wpa_supplicant/README b/wpa_supplicant/README
deleted file mode 100644
index 05f15ff46bda..000000000000
--- a/wpa_supplicant/README
+++ /dev/null
@@ -1,1163 +0,0 @@
-wpa_supplicant
-==============
-
-Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors
-All Rights Reserved.
-
-This program is licensed under the BSD license (the one with
-advertisement clause removed).
-
-If you are submitting changes to the project, please see CONTRIBUTIONS
-file for more instructions.
-
-
-
-License
--------
-
-This software may be distributed, used, and modified under the terms of
-BSD license:
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name(s) of the above-listed copyright holder(s) nor the
-   names of its contributors may be used to endorse or promote products
-   derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-
-Features
---------
-
-Supported WPA/IEEE 802.11i features:
-- WPA-PSK ("WPA-Personal")
-- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
-  Following authentication methods are supported with an integrate IEEE 802.1X
-  Supplicant:
-  * EAP-TLS
-  * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
-  * EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
-  * EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
-  * EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
-  * EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
-  * EAP-TTLS/EAP-MD5-Challenge
-  * EAP-TTLS/EAP-GTC
-  * EAP-TTLS/EAP-OTP
-  * EAP-TTLS/EAP-MSCHAPv2
-  * EAP-TTLS/EAP-TLS
-  * EAP-TTLS/MSCHAPv2
-  * EAP-TTLS/MSCHAP
-  * EAP-TTLS/PAP
-  * EAP-TTLS/CHAP
-  * EAP-SIM
-  * EAP-AKA
-  * EAP-AKA'
-  * EAP-PSK
-  * EAP-PAX
-  * EAP-SAKE
-  * EAP-IKEv2
-  * EAP-GPSK
-  * EAP-pwd
-  * LEAP (note: requires special support from the driver for IEEE 802.11
-	  authentication)
-  (following methods are supported, but since they do not generate keying
-   material, they cannot be used with WPA or IEEE 802.1X WEP keying)
-  * EAP-MD5-Challenge
-  * EAP-MSCHAPv2
-  * EAP-GTC
-  * EAP-OTP
-- key management for CCMP, TKIP, WEP104, WEP40
-- RSN/WPA2 (IEEE 802.11i)
-  * pre-authentication
-  * PMKSA caching
-
-Supported TLS/crypto libraries:
-- OpenSSL (default)
-- GnuTLS
-
-Internal TLS/crypto implementation (optional):
-- can be used in place of an external TLS/crypto library
-- TLSv1
-- X.509 certificate processing
-- PKCS #1
-- ASN.1
-- RSA
-- bignum
-- minimal size (ca. 50 kB binary, parts of which are already needed for WPA;
-  TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86)
-
-
-Requirements
-------------
-
-Current hardware/software requirements:
-- Linux kernel 2.4.x or 2.6.x with Linux Wireless Extensions v15 or newer
-- FreeBSD 6-CURRENT
-- NetBSD-current
-- Microsoft Windows with WinPcap (at least WinXP, may work with other versions)
-- drivers:
-	Linux drivers that support cfg80211/nl80211. Even though there are
-	number of driver specific interface included in wpa_supplicant, please
-	note that Linux drivers are moving to use generic wireless configuration
-	interface driver_nl80211 (-Dnl80211 on wpa_supplicant command line)
-	should be the default option to start with before falling back to driver
-	specific interface.
-
-	Linux drivers that support WPA/WPA2 configuration with the generic
-	Linux wireless extensions (WE-18 or newer). Obsoleted by nl80211.
-
-	In theory, any driver that supports Linux wireless extensions can be
-	used with IEEE 802.1X (i.e., not WPA) when using ap_scan=0 option in
-	configuration file.
-
-	Wired Ethernet drivers (with ap_scan=0)
-
-	BSD net80211 layer (e.g., Atheros driver)
-	At the moment, this is for FreeBSD 6-CURRENT branch and NetBSD-current.
-
-	Windows NDIS
-	The current Windows port requires WinPcap (http://winpcap.polito.it/).
-	See README-Windows.txt for more information.
-
-wpa_supplicant was designed to be portable for different drivers and
-operating systems. Hopefully, support for more wlan cards and OSes will be
-added in the future. See developer's documentation
-(http://hostap.epitest.fi/wpa_supplicant/devel/) for more information about the
-design of wpa_supplicant and porting to other drivers. One main goal
-is to add full WPA/WPA2 support to Linux wireless extensions to allow
-new drivers to be supported without having to implement new
-driver-specific interface code in wpa_supplicant.
-
-Optional libraries for layer2 packet processing:
-- libpcap (tested with 0.7.2, most relatively recent versions assumed to work,
-	this is likely to be available with most distributions,
-	http://tcpdump.org/)
-- libdnet (tested with v1.4, most versions assumed to work,
-	http://libdnet.sourceforge.net/)
-
-These libraries are _not_ used in the default Linux build. Instead,
-internal Linux specific implementation is used. libpcap/libdnet are
-more portable and they can be used by adding CONFIG_L2_PACKET=pcap into
-.config. They may also be selected automatically for other operating
-systems. In case of Windows builds, WinPcap is used by default
-(CONFIG_L2_PACKET=winpcap).
-
-
-Optional libraries for EAP-TLS, EAP-PEAP, and EAP-TTLS:
-- OpenSSL (tested with 1.0.1 and 1.0.2 versions; assumed to
-  work with most relatively recent versions; this is likely to be
-  available with most distributions, http://www.openssl.org/)
-- GnuTLS
-- internal TLSv1 implementation
-
-One of these libraries is needed when EAP-TLS, EAP-PEAP, EAP-TTLS, or
-EAP-FAST support is enabled. WPA-PSK mode does not require this or EAPOL/EAP
-implementation. A configuration file, .config, for compilation is
-needed to enable IEEE 802.1X/EAPOL and EAP methods. Note that EAP-MD5,
-EAP-GTC, EAP-OTP, and EAP-MSCHAPV2 cannot be used alone with WPA, so
-they should only be enabled if testing the EAPOL/EAP state
-machines. However, there can be used as inner authentication
-algorithms with EAP-PEAP and EAP-TTLS.
-
-See Building and installing section below for more detailed
-information about the wpa_supplicant build time configuration.
-
-
-
-WPA
----
-
-The original security mechanism of IEEE 802.11 standard was not
-designed to be strong and has proven to be insufficient for most
-networks that require some kind of security. Task group I (Security)
-of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
-to address the flaws of the base standard and has in practice
-completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
-802.11 standard was approved in June 2004 and published in July 2004.
-
-Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
-IEEE 802.11i work (draft 3.0) to define a subset of the security
-enhancements that can be implemented with existing wlan hardware. This
-is called Wi-Fi Protected Access<TM> (WPA). This has now become a
-mandatory component of interoperability testing and certification done
-by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
-site (http://www.wi-fi.org/OpenSection/protected_access.asp).
-
-IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
-for protecting wireless networks. WEP uses RC4 with 40-bit keys,
-24-bit initialization vector (IV), and CRC32 to protect against packet
-forgery. All these choices have proven to be insufficient: key space is
-too small against current attacks, RC4 key scheduling is insufficient
-(beginning of the pseudorandom stream should be skipped), IV space is
-too small and IV reuse makes attacks easier, there is no replay
-protection, and non-keyed authentication does not protect against bit
-flipping packet data.
-
-WPA is an intermediate solution for the security issues. It uses
-Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
-compromise on strong security and possibility to use existing
-hardware. It still uses RC4 for the encryption like WEP, but with
-per-packet RC4 keys. In addition, it implements replay protection,
-keyed packet authentication mechanism (Michael MIC).
-
-Keys can be managed using two different mechanisms. WPA can either use
-an external authentication server (e.g., RADIUS) and EAP just like
-IEEE 802.1X is using or pre-shared keys without need for additional
-servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
-respectively. Both mechanisms will generate a master session key for
-the Authenticator (AP) and Supplicant (client station).
-
-WPA implements a new key handshake (4-Way Handshake and Group Key
-Handshake) for generating and exchanging data encryption keys between
-the Authenticator and Supplicant. This handshake is also used to
-verify that both Authenticator and Supplicant know the master session
-key. These handshakes are identical regardless of the selected key
-management mechanism (only the method for generating master session
-key changes).
-
-
-
-IEEE 802.11i / WPA2
--------------------
-
-The design for parts of IEEE 802.11i that were not included in WPA has
-finished (May 2004) and this amendment to IEEE 802.11 was approved in
-June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
-version of WPA called WPA2. This includes, e.g., support for more
-robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
-to replace TKIP and optimizations for handoff (reduced number of
-messages in initial key handshake, pre-authentication, and PMKSA caching).
-
-
-
-wpa_supplicant
---------------
-
-wpa_supplicant is an implementation of the WPA Supplicant component,
-i.e., the part that runs in the client stations. It implements WPA key
-negotiation with a WPA Authenticator and EAP authentication with
-Authentication Server. In addition, it controls the roaming and IEEE
-802.11 authentication/association of the wlan driver.
-
-wpa_supplicant is designed to be a "daemon" program that runs in the
-background and acts as the backend component controlling the wireless
-connection. wpa_supplicant supports separate frontend programs and an
-example text-based frontend, wpa_cli, is included with wpa_supplicant.
-
-Following steps are used when associating with an AP using WPA:
-
-- wpa_supplicant requests the kernel driver to scan neighboring BSSes
-- wpa_supplicant selects a BSS based on its configuration
-- wpa_supplicant requests the kernel driver to associate with the chosen
-  BSS
-- If WPA-EAP: integrated IEEE 802.1X Supplicant completes EAP
-  authentication with the authentication server (proxied by the
-  Authenticator in the AP)
-- If WPA-EAP: master key is received from the IEEE 802.1X Supplicant
-- If WPA-PSK: wpa_supplicant uses PSK as the master session key
-- wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake
-  with the Authenticator (AP)
-- wpa_supplicant configures encryption keys for unicast and broadcast
-- normal data packets can be transmitted and received
-
-
-
-Building and installing
------------------------
-
-In order to be able to build wpa_supplicant, you will first need to
-select which parts of it will be included. This is done by creating a
-build time configuration file, .config, in the wpa_supplicant root
-directory. Configuration options are text lines using following
-format: CONFIG_<option>=y. Lines starting with # are considered
-comments and are ignored. See defconfig file for an example configuration
-and a list of available options and additional notes.
-
-The build time configuration can be used to select only the needed
-features and limit the binary size and requirements for external
-libraries. The main configuration parts are the selection of which
-driver interfaces (e.g., nl80211, wext, ..) and which authentication
-methods (e.g., EAP-TLS, EAP-PEAP, ..) are included.
-
-Following build time configuration options are used to control IEEE
-802.1X/EAPOL and EAP state machines and all EAP methods. Including
-TLS, PEAP, or TTLS will require linking wpa_supplicant with OpenSSL
-library for TLS implementation. Alternatively, GnuTLS or the internal
-TLSv1 implementation can be used for TLS functionality.
-
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_EAP_MD5=y
-CONFIG_EAP_MSCHAPV2=y
-CONFIG_EAP_TLS=y
-CONFIG_EAP_PEAP=y
-CONFIG_EAP_TTLS=y
-CONFIG_EAP_GTC=y
-CONFIG_EAP_OTP=y
-CONFIG_EAP_SIM=y
-CONFIG_EAP_AKA=y
-CONFIG_EAP_AKA_PRIME=y
-CONFIG_EAP_PSK=y
-CONFIG_EAP_SAKE=y
-CONFIG_EAP_GPSK=y
-CONFIG_EAP_PAX=y
-CONFIG_EAP_LEAP=y
-CONFIG_EAP_IKEV2=y
-CONFIG_EAP_PWD=y
-
-Following option can be used to include GSM SIM/USIM interface for GSM/UMTS
-authentication algorithm (for EAP-SIM/EAP-AKA/EAP-AKA'). This requires pcsc-lite
-(http://www.linuxnet.com/) for smart card access.
-
-CONFIG_PCSC=y
-
-Following options can be added to .config to select which driver
-interfaces are included.
-
-CONFIG_DRIVER_NL80211=y
-CONFIG_DRIVER_WEXT=y
-CONFIG_DRIVER_BSD=y
-CONFIG_DRIVER_NDIS=y
-
-Following example includes some more features and driver interfaces that
-are included in the wpa_supplicant package:
-
-CONFIG_DRIVER_NL80211=y
-CONFIG_DRIVER_WEXT=y
-CONFIG_DRIVER_BSD=y
-CONFIG_DRIVER_NDIS=y
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_EAP_MD5=y
-CONFIG_EAP_MSCHAPV2=y
-CONFIG_EAP_TLS=y
-CONFIG_EAP_PEAP=y
-CONFIG_EAP_TTLS=y
-CONFIG_EAP_GTC=y
-CONFIG_EAP_OTP=y
-CONFIG_EAP_SIM=y
-CONFIG_EAP_AKA=y
-CONFIG_EAP_PSK=y
-CONFIG_EAP_SAKE=y
-CONFIG_EAP_GPSK=y
-CONFIG_EAP_PAX=y
-CONFIG_EAP_LEAP=y
-CONFIG_EAP_IKEV2=y
-CONFIG_PCSC=y
-
-EAP-PEAP and EAP-TTLS will automatically include configured EAP
-methods (MD5, OTP, GTC, MSCHAPV2) for inner authentication selection.
-
-
-After you have created a configuration file, you can build
-wpa_supplicant and wpa_cli with 'make' command. You may then install
-the binaries to a suitable system directory, e.g., /usr/local/bin.
-
-Example commands:
-
-# build wpa_supplicant and wpa_cli
-make
-# install binaries (this may need root privileges)
-cp wpa_cli wpa_supplicant /usr/local/bin
-
-
-You will need to make a configuration file, e.g.,
-/etc/wpa_supplicant.conf, with network configuration for the networks
-you are going to use. Configuration file section below includes
-explanation of the configuration file format and includes various
-examples. Once the configuration is ready, you can test whether the
-configuration work by first running wpa_supplicant with following
-command to start it on foreground with debugging enabled:
-
-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
-
-Assuming everything goes fine, you can start using following command
-to start wpa_supplicant on background without debugging:
-
-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
-
-Please note that if you included more than one driver interface in the
-build time configuration (.config), you may need to specify which
-interface to use by including -D<driver name> option on the command
-line. See following section for more details on command line options
-for wpa_supplicant.
-
-
-
-Command line options
---------------------
-
-usage:
-  wpa_supplicant [-BddfhKLqqtuvW] [-P<pid file>] [-g<global ctrl>] \
-        [-G<group>] \
-        -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-p<driver_param>] \
-        [-b<br_ifname> [-MN -i<ifname> -c<conf> [-C<ctrl>] [-D<driver>] \
-        [-p<driver_param>] [-b<br_ifname>] [-m<P2P Device config file>] ...
-
-options:
-  -b = optional bridge interface name
-  -B = run daemon in the background
-  -c = Configuration file
-  -C = ctrl_interface parameter (only used if -c is not)
-  -i = interface name
-  -d = increase debugging verbosity (-dd even more)
-  -D = driver name (can be multiple drivers: nl80211,wext)
-  -f = Log output to default log location (normally /tmp)
-  -g = global ctrl_interface
-  -G = global ctrl_interface group
-  -K = include keys (passwords, etc.) in debug output
-  -t = include timestamp in debug messages
-  -h = show this help text
-  -L = show license (BSD)
-  -p = driver parameters
-  -P = PID file
-  -q = decrease debugging verbosity (-qq even less)
-  -u = enable DBus control interface
-  -v = show version
-  -W = wait for a control interface monitor before starting
-  -M = start describing matching interface
-  -N = start describing new interface
-  -m = Configuration file for the P2P Device
-
-drivers:
-  nl80211 = Linux nl80211/cfg80211
-  wext = Linux wireless extensions (generic)
-  wired = wpa_supplicant wired Ethernet driver
-  roboswitch = wpa_supplicant Broadcom switch driver
-  bsd = BSD 802.11 support (Atheros, etc.)
-  ndis = Windows NDIS driver
-
-In most common cases, wpa_supplicant is started with
-
-wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
-
-This makes the process fork into background.
-
-The easiest way to debug problems, and to get debug log for bug
-reports, is to start wpa_supplicant on foreground with debugging
-enabled:
-
-wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
-
-If the specific driver wrapper is not known beforehand, it is possible
-to specify multiple comma separated driver wrappers on the command
-line. wpa_supplicant will use the first driver wrapper that is able to
-initialize the interface.
-
-wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0
-
-
-wpa_supplicant can control multiple interfaces (radios) either by
-running one process for each interface separately or by running just
-one process and list of options at command line. Each interface is
-separated with -N argument. As an example, following command would
-start wpa_supplicant for two interfaces:
-
-wpa_supplicant \
-	-c wpa1.conf -i wlan0 -D nl80211 -N \
-	-c wpa2.conf -i wlan1 -D wext
-
-
-If the interfaces on which wpa_supplicant is to run are not known or do
-not exist, wpa_supplicant can match an interface when it arrives. Each
-matched interface is separated with -M argument and the -i argument now
-allows for pattern matching.
-
-As an example, the following command would start wpa_supplicant for a
-specific wired interface called lan0, any interface starting with wlan
-and lastly any other interface. Each match has its own configuration
-file, and for the wired interface a specific driver has also been given.
-
-wpa_supplicant \
-	-M -c wpa_wired.conf -ilan0 -D wired \
-	-M -c wpa1.conf -iwlan* \
-	-M -c wpa2.conf
-
-
-If the interface is added in a Linux bridge (e.g., br0), the bridge
-interface needs to be configured to wpa_supplicant in addition to the
-main interface:
-
-wpa_supplicant -cw.conf -Dnl80211 -iwlan0 -bbr0
-
-
-Configuration file
-------------------
-
-wpa_supplicant is configured using a text file that lists all accepted
-networks and security policies, including pre-shared keys. See
-example configuration file, wpa_supplicant.conf, for detailed
-information about the configuration format and supported fields.
-
-Changes to configuration file can be reloaded be sending SIGHUP signal
-to wpa_supplicant ('killall -HUP wpa_supplicant'). Similarly,
-reloading can be triggered with 'wpa_cli reconfigure' command.
-
-Configuration file can include one or more network blocks, e.g., one
-for each used SSID. wpa_supplicant will automatically select the best
-network based on the order of network blocks in the configuration
-file, network security level (WPA/WPA2 is preferred), and signal
-strength.
-
-Example configuration files for some common configurations:
-
-1) WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work
-   network
-
-# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
-ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
-#
-# home network; allow all valid ciphers
-network={
-	ssid="home"
-	scan_ssid=1
-	key_mgmt=WPA-PSK
-	psk="very secret passphrase"
-}
-#
-# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
-network={
-	ssid="work"
-	scan_ssid=1
-	key_mgmt=WPA-EAP
-	pairwise=CCMP TKIP
-	group=CCMP TKIP
-	eap=TLS
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-}
-
-
-2) WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel
-   (e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series)
-
-ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP
-	eap=PEAP
-	identity="user@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	phase1="peaplabel=0"
-	phase2="auth=MSCHAPV2"
-}
-
-
-3) EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
-   unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
-
-ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP
-	eap=TTLS
-	identity="user@example.com"
-	anonymous_identity="anonymous@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	phase2="auth=MD5"
-}
-
-
-4) IEEE 802.1X (i.e., no WPA) with dynamic WEP keys (require both unicast and
-   broadcast); use EAP-TLS for authentication
-
-ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
-network={
-	ssid="1x-test"
-	scan_ssid=1
-	key_mgmt=IEEE8021X
-	eap=TLS
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	eapol_flags=3
-}
-
-
-5) Catch all example that allows more or less all configuration modes. The
-   configuration options are used based on what security policy is used in the
-   selected SSID. This is mostly for testing and is not recommended for normal
-   use.
-
-ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
-	pairwise=CCMP TKIP
-	group=CCMP TKIP WEP104 WEP40
-	psk="very secret passphrase"
-	eap=TTLS PEAP TLS
-	identity="user@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	phase1="peaplabel=0"
-	ca_cert2="/etc/cert/ca2.pem"
-	client_cert2="/etc/cer/user.pem"
-	private_key2="/etc/cer/user.prv"
-	private_key2_passwd="password"
-}
-
-
-6) Authentication for wired Ethernet. This can be used with 'wired' or
-   'roboswitch' interface (-Dwired or -Droboswitch on command line).
-
-ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
-ap_scan=0
-network={
-	key_mgmt=IEEE8021X
-	eap=MD5
-	identity="user"
-	password="password"
-	eapol_flags=0
-}
-
-
-
-Certificates
-------------
-
-Some EAP authentication methods require use of certificates. EAP-TLS
-uses both server side and client certificates whereas EAP-PEAP and
-EAP-TTLS only require the server side certificate. When client
-certificate is used, a matching private key file has to also be
-included in configuration. If the private key uses a passphrase, this
-has to be configured in wpa_supplicant.conf ("private_key_passwd").
-
-wpa_supplicant supports X.509 certificates in PEM and DER
-formats. User certificate and private key can be included in the same
-file.
-
-If the user certificate and private key is received in PKCS#12/PFX
-format, they need to be converted to suitable PEM/DER format for
-wpa_supplicant. This can be done, e.g., with following commands:
-
-# convert client certificate and private key to PEM format
-openssl pkcs12 -in example.pfx -out user.pem -clcerts
-# convert CA certificate (if included in PFX file) to PEM format
-openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
-
-
-
-wpa_cli
--------
-
-wpa_cli is a text-based frontend program for interacting with
-wpa_supplicant. It is used to query current status, change
-configuration, trigger events, and request interactive user input.
-
-wpa_cli can show the current authentication status, selected security
-mode, dot11 and dot1x MIBs, etc. In addition, it can configure some
-variables like EAPOL state machine parameters and trigger events like
-reassociation and IEEE 802.1X logoff/logon. wpa_cli provides a user
-interface to request authentication information, like username and
-password, if these are not included in the configuration. This can be
-used to implement, e.g., one-time-passwords or generic token card
-authentication where the authentication is based on a
-challenge-response that uses an external device for generating the
-response.
-
-The control interface of wpa_supplicant can be configured to allow
-non-root user access (ctrl_interface_group in the configuration
-file). This makes it possible to run wpa_cli with a normal user
-account.
-
-wpa_cli supports two modes: interactive and command line. Both modes
-share the same command set and the main difference is in interactive
-mode providing access to unsolicited messages (event messages,
-username/password requests).
-
-Interactive mode is started when wpa_cli is executed without including
-the command as a command line parameter. Commands are then entered on
-the wpa_cli prompt. In command line mode, the same commands are
-entered as command line arguments for wpa_cli.
-
-
-Interactive authentication parameters request
-
-When wpa_supplicant need authentication parameters, like username and
-password, which are not present in the configuration file, it sends a
-request message to all attached frontend programs, e.g., wpa_cli in
-interactive mode. wpa_cli shows these requests with
-"CTRL-REQ-<type>-<id>:<text>" prefix. <type> is IDENTITY, PASSWORD, or
-OTP (one-time-password). <id> is a unique identifier for the current
-network. <text> is description of the request. In case of OTP request,
-it includes the challenge from the authentication server.
-
-The reply to these requests can be given with 'identity', 'password',
-and 'otp' commands. <id> needs to be copied from the the matching
-request. 'password' and 'otp' commands can be used regardless of
-whether the request was for PASSWORD or OTP. The main difference
-between these two commands is that values given with 'password' are
-remembered as long as wpa_supplicant is running whereas values given
-with 'otp' are used only once and then forgotten, i.e., wpa_supplicant
-will ask frontend for a new value for every use. This can be used to
-implement one-time-password lists and generic token card -based
-authentication.
-
-Example request for password and a matching reply:
-
-CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
-> password 1 mysecretpassword
-
-Example request for generic token card challenge-response:
-
-CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
-> otp 2 9876
-
-
-wpa_cli commands
-
-  status = get current WPA/EAPOL/EAP status
-  mib = get MIB variables (dot1x, dot11)
-  help = show this usage help
-  interface [ifname] = show interfaces/select interface
-  level <debug level> = change debug level
-  license = show full wpa_cli license
-  logoff = IEEE 802.1X EAPOL state machine logoff
-  logon = IEEE 802.1X EAPOL state machine logon
-  set = set variables (shows list of variables when run without arguments)
-  pmksa = show PMKSA cache
-  reassociate = force reassociation
-  reconfigure = force wpa_supplicant to re-read its configuration file
-  preauthenticate <BSSID> = force preauthentication
-  identity <network id> <identity> = configure identity for an SSID
-  password <network id> <password> = configure password for an SSID
-  pin <network id> <pin> = configure pin for an SSID
-  otp <network id> <password> = configure one-time-password for an SSID
-  passphrase <network id> <passphrase> = configure private key passphrase
-    for an SSID
-  bssid <network id> <BSSID> = set preferred BSSID for an SSID
-  list_networks = list configured networks
-  select_network <network id> = select a network (disable others)
-  enable_network <network id> = enable a network
-  disable_network <network id> = disable a network
-  add_network = add a network
-  remove_network <network id> = remove a network
-  set_network <network id> <variable> <value> = set network variables (shows
-    list of variables when run without arguments)
-  get_network <network id> <variable> = get network variables
-  save_config = save the current configuration
-  disconnect = disconnect and wait for reassociate command before connecting
-  scan = request new BSS scan
-  scan_results = get latest scan results
-  get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = get capabilities
-  terminate = terminate wpa_supplicant
-  quit = exit wpa_cli
-
-
-wpa_cli command line options
-
-wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] [-a<action file>] \
-        [-P<pid file>] [-g<global ctrl>]  [command..]
-  -h = help (show this usage text)
-  -v = shown version information
-  -a = run in daemon mode executing the action file based on events from
-       wpa_supplicant
-  -B = run a daemon in the background
-  default path: /var/run/wpa_supplicant
-  default interface: first interface found in socket path
-
-
-Using wpa_cli to run external program on connect/disconnect
------------------------------------------------------------
-
-wpa_cli can used to run external programs whenever wpa_supplicant
-connects or disconnects from a network. This can be used, e.g., to
-update network configuration and/or trigget DHCP client to update IP
-addresses, etc.
-
-One wpa_cli process in "action" mode needs to be started for each
-interface. For example, the following command starts wpa_cli for the
-default interface (-i can be used to select the interface in case of
-more than one interface being used at the same time):
-
-wpa_cli -a/sbin/wpa_action.sh -B
-
-The action file (-a option, /sbin/wpa_action.sh in this example) will
-be executed whenever wpa_supplicant completes authentication (connect
-event) or detects disconnection). The action script will be called
-with two command line arguments: interface name and event (CONNECTED
-or DISCONNECTED). If the action script needs to get more information
-about the current network, it can use 'wpa_cli status' to query
-wpa_supplicant for more information.
-
-Following example can be used as a simple template for an action
-script:
-
-#!/bin/sh
-
-IFNAME=$1
-CMD=$2
-
-if [ "$CMD" = "CONNECTED" ]; then
-    SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
-    # configure network, signal DHCP client, etc.
-fi
-
-if [ "$CMD" = "DISCONNECTED" ]; then
-    # remove network configuration, if needed
-    SSID=
-fi
-
-
-
-Integrating with pcmcia-cs/cardmgr scripts
-------------------------------------------
-
-wpa_supplicant needs to be running when using a wireless network with
-WPA. It can be started either from system startup scripts or from
-pcmcia-cs/cardmgr scripts (when using PC Cards). WPA handshake must be
-completed before data frames can be exchanged, so wpa_supplicant
-should be started before DHCP client.
-
-For example, following small changes to pcmcia-cs scripts can be used
-to enable WPA support:
-
-Add MODE="Managed" and WPA="y" to the network scheme in
-/etc/pcmcia/wireless.opts.
-
-Add the following block to the end of 'start' action handler in
-/etc/pcmcia/wireless:
-
-    if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
-	/usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf \
-		-i$DEVICE
-    fi
-
-Add the following block to the end of 'stop' action handler (may need
-to be separated from other actions) in /etc/pcmcia/wireless:
-
-    if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
-	killall wpa_supplicant
-    fi
-
-This will make cardmgr start wpa_supplicant when the card is plugged
-in.
-
-
-
-Dynamic interface add and operation without configuration files
----------------------------------------------------------------
-
-wpa_supplicant can be started without any configuration files or
-network interfaces. When used in this way, a global (i.e., per
-wpa_supplicant process) control interface is used to add and remove
-network interfaces. Each network interface can then be configured
-through a per-network interface control interface. For example,
-following commands show how to start wpa_supplicant without any
-network interfaces and then add a network interface and configure a
-network (SSID):
-
-# Start wpa_supplicant in the background
-wpa_supplicant -g/var/run/wpa_supplicant-global -B
-
-# Add a new interface (wlan0, no configuration file, driver=nl80211, and
-# enable control interface)
-wpa_cli -g/var/run/wpa_supplicant-global interface_add wlan0 \
-	"" nl80211 /var/run/wpa_supplicant
-
-# Configure a network using the newly added network interface:
-wpa_cli -iwlan0 add_network
-wpa_cli -iwlan0 set_network 0 ssid '"test"'
-wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
-wpa_cli -iwlan0 set_network 0 psk '"12345678"'
-wpa_cli -iwlan0 set_network 0 pairwise TKIP
-wpa_cli -iwlan0 set_network 0 group TKIP
-wpa_cli -iwlan0 set_network 0 proto WPA
-wpa_cli -iwlan0 enable_network 0
-
-# At this point, the new network interface should start trying to associate
-# with the WPA-PSK network using SSID test.
-
-# Remove network interface
-wpa_cli -g/var/run/wpa_supplicant-global interface_remove wlan0
-
-
-Privilege separation
---------------------
-
-To minimize the size of code that needs to be run with root privileges
-(e.g., to control wireless interface operation), wpa_supplicant
-supports optional privilege separation. If enabled, this separates the
-privileged operations into a separate process (wpa_priv) while leaving
-rest of the code (e.g., EAP authentication and WPA handshakes) into an
-unprivileged process (wpa_supplicant) that can be run as non-root
-user. Privilege separation restricts the effects of potential software
-errors by containing the majority of the code in an unprivileged
-process to avoid full system compromise.
-
-Privilege separation is not enabled by default and it can be enabled
-by adding CONFIG_PRIVSEP=y to the build configuration (.config). When
-enabled, the privileged operations (driver wrapper and l2_packet) are
-linked into a separate daemon program, wpa_priv. The unprivileged
-program, wpa_supplicant, will be built with a special driver/l2_packet
-wrappers that communicate with the privileged wpa_priv process to
-perform the needed operations. wpa_priv can control what privileged
-are allowed.
-
-wpa_priv needs to be run with network admin privileges (usually, root
-user). It opens a UNIX domain socket for each interface that is
-included on the command line; any other interface will be off limits
-for wpa_supplicant in this kind of configuration. After this,
-wpa_supplicant can be run as a non-root user (e.g., all standard users
-on a laptop or as a special non-privileged user account created just
-for this purpose to limit access to user files even further).
-
-
-Example configuration:
-- create user group for users that are allowed to use wpa_supplicant
-  ('wpapriv' in this example) and assign users that should be able to
-  use wpa_supplicant into that group
-- create /var/run/wpa_priv directory for UNIX domain sockets and control
-  user access by setting it accessible only for the wpapriv group:
-  mkdir /var/run/wpa_priv
-  chown root:wpapriv /var/run/wpa_priv
-  chmod 0750 /var/run/wpa_priv
-- start wpa_priv as root (e.g., from system startup scripts) with the
-  enabled interfaces configured on the command line:
-  wpa_priv -B -P /var/run/wpa_priv.pid nl80211:wlan0
-- run wpa_supplicant as non-root with a user that is in wpapriv group:
-  wpa_supplicant -i ath0 -c wpa_supplicant.conf
-
-wpa_priv does not use the network interface before wpa_supplicant is
-started, so it is fine to include network interfaces that are not
-available at the time wpa_priv is started. As an alternative, wpa_priv
-can be started when an interface is added (hotplug/udev/etc. scripts).
-wpa_priv can control multiple interface with one process, but it is
-also possible to run multiple wpa_priv processes at the same time, if
-desired.
-
-It should be noted that the interface used between wpa_supplicant and
-wpa_priv does not include all the capabilities of the wpa_supplicant
-driver interface and at times, this interface lacks update especially
-for recent addition. Consequently, use of wpa_priv does come with the
-price of somewhat reduced available functionality. The next section
-describing how wpa_supplicant can be used with reduced privileges
-without having to handle the complexity of separate wpa_priv. While that
-approve does not provide separation for network admin capabilities, it
-does allow other root privileges to be dropped without the drawbacks of
-the wpa_priv process.
-
-
-Linux capabilities instead of privileged process
-------------------------------------------------
-
-wpa_supplicant performs operations that need special permissions, e.g.,
-to control the network connection. Traditionally this has been achieved
-by running wpa_supplicant as a privileged process with effective user id
-0 (root). Linux capabilities can be used to provide restricted set of
-capabilities to match the functions needed by wpa_supplicant. The
-minimum set of capabilities needed for the operations is CAP_NET_ADMIN
-and CAP_NET_RAW.
-
-setcap(8) can be used to set file capabilities. For example:
-
-sudo setcap cap_net_raw,cap_net_admin+ep wpa_supplicant
-
-Please note that this would give anyone being able to run that
-wpa_supplicant binary access to the additional capabilities. This can
-further be limited by file owner/group and mode bits. For example:
-
-sudo chown wpas wpa_supplicant
-sudo chmod 0100 wpa_supplicant
-
-This combination of setcap, chown, and chmod commands would allow wpas
-user to execute wpa_supplicant with additional network admin/raw
-capabilities.
-
-Common way style of creating a control interface socket in
-/var/run/wpa_supplicant could not be done by this user, but this
-directory could be created before starting the wpa_supplicant and set to
-suitable mode to allow wpa_supplicant to create sockets
-there. Alternatively, other directory or abstract socket namespace could
-be used for the control interface.
-
-
-External requests for radio control
------------------------------------
-
-External programs can request wpa_supplicant to not start offchannel
-operations during other tasks that may need exclusive control of the
-radio. The RADIO_WORK control interface command can be used for this.
-
-"RADIO_WORK add <name> [freq=<MHz>] [timeout=<seconds>]" command can be
-used to reserve a slot for radio access. If freq is specified, other
-radio work items on the same channel may be completed in
-parallel. Otherwise, all other radio work items are blocked during
-execution. Timeout is set to 10 seconds by default to avoid blocking
-wpa_supplicant operations for excessive time. If a longer (or shorter)
-safety timeout is needed, that can be specified with the optional
-timeout parameter. This command returns an identifier for the radio work
-item.
-
-Once the radio work item has been started, "EXT-RADIO-WORK-START <id>"
-event message is indicated that the external processing can start. Once
-the operation has been completed, "RADIO_WORK done <id>" is used to
-indicate that to wpa_supplicant. This allows other radio works to be
-performed. If this command is forgotten (e.g., due to the external
-program terminating), wpa_supplicant will time out the radio work item
-and send "EXT-RADIO-WORK-TIMEOUT <id>" event to indicate that this has
-happened. "RADIO_WORK done <id>" can also be used to cancel items that
-have not yet been started.
-
-For example, in wpa_cli interactive mode:
-
-> radio_work add test
-1
-<3>EXT-RADIO-WORK-START 1
-> radio_work show
-ext:test@wlan0:0:1:2.487797
-> radio_work done 1
-OK
-> radio_work show
-
-
-> radio_work done 3
-OK
-> radio_work show
-ext:test freq=2412 timeout=30@wlan0:2412:1:28.583483
-<3>EXT-RADIO-WORK-TIMEOUT 2
-
-
-> radio_work add test2 freq=2412 timeout=60
-5
-<3>EXT-RADIO-WORK-START 5
-> radio_work add test3
-6
-> radio_work add test4
-7
-> radio_work show
-ext:test2 freq=2412 timeout=60@wlan0:2412:1:9.751844
-ext:test3@wlan0:0:0:5.071812
-ext:test4@wlan0:0:0:3.143870
-> radio_work done 6
-OK
-> radio_work show
-ext:test2 freq=2412 timeout=60@wlan0:2412:1:16.287869
-ext:test4@wlan0:0:0:9.679895
-> radio_work done 5
-OK
-<3>EXT-RADIO-WORK-START 7
-<3>EXT-RADIO-WORK-TIMEOUT 7
-
-
-DSCP policy procedures
-----------------------
-
-DSCP policy procedures defined in WFA QoS Management-R2 program
-facilitates AP devices to configure DSCP settings for specific uplink
-data streams.
-
-An AP may transmit a DSCP Policy Request frame containing zero or more
-QoS Management IEs to an associated STA which supports DSCP policy
-procedures. Each QoS Management element in a DSCP Policy Request frame
-represents one DSCP policy, and shall include one DSCP Policy attribute
-including a DSCP Policy ID, Request type, and a DSCP value.
-
-wpa_supplicant sends control interface event messages consisting details
-of DSCP policies requested by the AP through a DSCP Policy Request frame
-to external programs. The format of the control interface event messages
-is as shown below:
-
-- Control interface event message format to indicate DSCP request start
-
-  <3>CTRL-EVENT-DSCP-POLICY request_start [clear_all] [more]
-
-  clear_all - AP requested to clear all DSCP policies configured earlier
-  more      - AP may request to configure more DSCP policies with new DSCP
-              request
-
-- Control interface event message format to add new policy
-
-  <3>CTRL-EVENT-DSCP-POLICY add <policy_id> <dscp_value> <ip_version=0|4|6>
-  [protocol] [source ip] [destination_ip]/[domain name] [source port]
-  [[<start_port> <end_port>]/destination port]
-
-  ip_version = 0: Both IPv4 and IPv6
-             = 4: IPv4
-             = 6: IPv6
-  protocol: Internet Protocol Numbers as per IETF RFCs
-	 = 6: TCP
-	 = 17: UDP
-	 = 50: ESP
-
-- Control interface event message format to remove a particular policy,
-  identified by the policy_id attribute.
-
-  <3>CTRL-EVENT-DSCP-POLICY remove <policy_id>
-
-- DSCP policy may get rejected due to invalid policy parameters. Ccontrol
-  interface event message format for rejected policy.
-
-  <3>CTRL-EVENT-DSCP-POLICY reject <policy_id>
-
-- Control interface event message format to indicate end of DSCP request.
-
-  <3>CTRL-EVENT-DSCP-POLICY request_end
-
-- External applications shall clear active DSCP policies upon receiving
-  "CTRL-EVENT-DISCONNECTED" or "CTRL-EVENT-DSCP-POLICY clear_all" events.
-
-- Control interface event message format to indicate wpa_supplicant started
-  a timer to wait until the unsolicited DSCP request from the AP.
-
-  <3>CTRL-EVENT-DSCP-POLICY request_wait start
-
-- Control interface event message format to indicate timeout to receive the
-  unsolicited DSCP request. This event is expected only when an unsolicited
-  DSCP request is not received from the AP before timeout.
-
-  <3>CTRL-EVENT-DSCP-POLICY request_wait end
-
-DSCP Response:
-A QoS Management STA that enables DSCP Policy capability shall respond
-with DSCP response on receipt of a successful DSCP request from its
-associated AP.  wpa_supplicant sends DSCP policy response based on the
-control interface command received from the user is as below:
-
-DSCP_RESP <[reset]>/<[solicited] [policy_id=1 status=0...]> [more]
-
-DSCP Query:
-DSCP Policy Query enables a STA to query its associated AP for DSCP
-policies applicable to the STA. Currently, this includes support to send
-a wildcard DSCP query or a DSCP query with a single domain name
-attribute. The command format for the DSCP query command is as follows:
-DSCP_QUERY <wildcard>/<domain_name=<string>>
diff --git a/wpa_supplicant/README-DPP b/wpa_supplicant/README-DPP
deleted file mode 100644
index d378245cd6de..000000000000
--- a/wpa_supplicant/README-DPP
+++ /dev/null
@@ -1,204 +0,0 @@
-Device Provisioning Protocol (DPP)
-==================================
-
-This document describes how the Device Provisioning Protocol (DPP)
-implementation in wpa_supplicant and hostapd can be configured and how
-the STA device and AP can be configured to connect each other using DPP
-Connector mechanism.
-
-Introduction to DPP
--------------------
-
-Device Provisioning Protocol (also known as Wi-Fi Easy Connect) allows
-enrolling of interface-less devices in a secure Wi-Fi network using many
-methods like QR code based authentication (detailed below), PKEX based
-authentication (password with in-band provisioning), etc. In DPP a
-Configurator is used to provide network credentials to the devices. The
-three phases of DPP connection are authentication, configuration and
-network introduction.
-
-More information about Wi-Fi Easy Connect is available from this Wi-Fi
-Alliance web page:
-https://www.wi-fi.org/discover-wi-fi/wi-fi-easy-connect
-
-Build config setup
-------------------
-
-The following parameters must be included in the config file used to
-compile hostapd and wpa_supplicant.
-
-wpa_supplicant build config
----------------------------
-
-Enable DPP in wpa_supplicant build config file
-
-CONFIG_DPP=y
-
-hostapd build config
---------------------
-
-Enable DPP in hostapd build config file
-
-CONFIG_DPP=y
-
-Configurator build config
--------------------------
-
-Any STA or AP device can act as a Configurator. Enable DPP in build
-config. For an AP to act as a Configurator, Interworking needs to be
-enabled for GAS. For wpa_supplicant it is not required.
-
-CONFIG_INTERWORKING=y
-
-
-Sample supplicant config file before provisioning
--------------------------------------------------
-
-ctrl_interface=DIR=/var/run/wpa_supplicant
-ctrl_interface_group=0
-update_config=1
-pmf=2
-dpp_config_processing=2
-
-Sample hostapd config file before provisioning
-----------------------------------------------
-
-interface=wlan0
-driver=nl80211
-ctrl_interface=/var/run/hostapd
-ssid=test
-channel=1
-wpa=2
-wpa_key_mgmt=DPP
-ieee80211w=1
-wpa_pairwise=CCMP
-rsn_pairwise=CCMP
-
-
-Pre-requisites
---------------
-
-It is assumed that an AP and client station are up by running hostapd
-and wpa_supplicant using respective config files.
-
-
-Creating Configurator
----------------------
-
-Add a Configurator over the control interface (wpa_cli/hostapd_cli)
-
-> dpp_configurator_add
-(returns id)
-
-To get key of Configurator
-> dpp_configurator_get_key <id>
-
-
-How to configure an Enrollee using Configurator
------------------------------------------------
-
-On Enrollee side:
-
-Generate QR code for the device. Store the QR code id returned by the
-command.
-
-> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-class/channel> key=<key of the device>
-(Returns bootstrapping info id. If the key parameter is not included, a new key
-is generated automatically. The MAC address is specified without octet
-separating colons. The channel list includes the possible channels on which the
-device is waiting. This uses global operating classes; e.g., 81/1 is the 2.4
-GHz channel 1 on 2412 MHz.)
-
-Get URI for the QR Code of device using the bootstrap info id.
-> dpp_bootstrap_get_uri <bootstrap-id>
-
-Make device listen to DPP request. The central frequency of the 2.4 GHz
-band channel 1 is 2412 MHz) in case the Enrollee is a client device. An
-AP as an Enrollee is listening on its operating channel.
-
-> dpp_listen <frequency>
-
-On Configurator side:
-
-Enter the QR Code in the Configurator.
-> dpp_qr_code "<URI-from-QR-Code-read-from-enrollee>"
-
-On successfully adding QR Code, a bootstrapping info id is returned.
-
-Send provisioning request to Enrollee. (conf is ap-dpp if Enrollee is an
-AP. conf is sta-dpp if Enrollee is a client)
-> dpp_auth_init peer=<qr-code-id> conf=<ap-dpp|sta-dpp> ssid=<SSID hexdump> configurator=<configurator-id>
-or for legacy (PSK/SAE) provisioning for a station Enrollee:
-> dpp_auth_init peer=<qr-code-id> conf=sta-psk ssid=<SSID hexdump> pass=<passphrase hexdump>
-
-The DPP values will be printed in the console. Save these values into the
-config file. If the Enrollee is an AP, we need to manually write these
-values to the hostapd config file. If the Enrollee is a client device,
-these details can be automatically saved to config file using the
-following command.
-
-> save_config
-
-To set values in runtime for AP enrollees
-
-> set dpp_connector <Connector-value-printed-on-console>
-> set dpp_csign <csign-value-on-console>
-> set dpp_netaccesskey <netaccess-value-on-console>
-
-To set values in runtime for client enrollees, set dpp_config_processing
-to 2 in wpa_supplicant conf file.
-
-Once the values are set in run-time (if not set in run-time, but saved
-in config files, they are taken up in next restart), the client device
-will automatically connect to the already provisioned AP and connection
-will be established.
-
-
-Self-configuring a device
--------------------------
-
-It is possible for a device to configure itself if it is the
-Configurator for the network.
-
-Create a Configurator in the device and use the dpp_configurator_sign
-command to get DPP credentials.
-
-> dpp_configurator_add
-(returns configurator id)
-> dpp_configurator_sign conf=<ap-dpp|sta-dpp> configurator=<configurator-id> ssid=<SSID hexdump>
-
-
-Sample AP configuration files after provisioning
-------------------------------------------------
-
-interface=wlan0
-driver=nl80211
-ctrl_interface=/var/run/hostapd
-ssid=test
-channel=1
-wpa=2
-wpa_key_mgmt=DPP
-ieee80211w=1
-wpa_pairwise=CCMP
-rsn_pairwise=CCMP
-dpp_connector=<Connector value provided by Configurator>
-dpp_csign=<C-Sign-Key value provided by Configurator>
-dpp_netaccesskey=<Net access key provided by Configurator>
-
-
-Sample station configuration file after provisioning
-----------------------------------------------------
-
-ctrl_interface=DIR=/var/run/wpa_supplicant
-ctrl_interface_group=0
-update_config=1
-pmf=2
-dpp_config_processing=2
-network={
-	ssid="test"
-	key_mgmt=DPP
-	ieee80211w=2
-	dpp_connector="<Connector value provided by Configurator>"
-	dpp_netaccesskey=<Net access key provided by Configurator>
-	dpp_csign=<C-sign-key value provided by Configurator>
-}
diff --git a/wpa_supplicant/README-HS20 b/wpa_supplicant/README-HS20
deleted file mode 100644
index b076621db527..000000000000
--- a/wpa_supplicant/README-HS20
+++ /dev/null
@@ -1,654 +0,0 @@
-wpa_supplicant and Hotspot 2.0
-==============================
-
-This document describe how the IEEE 802.11u Interworking and Wi-Fi
-Hotspot 2.0 (Release 1) implementation in wpa_supplicant can be
-configured and how an external component on the client e.g., management
-GUI or Wi-Fi framework) is used to manage this functionality.
-
-
-Introduction to Wi-Fi Hotspot 2.0
----------------------------------
-
-Hotspot 2.0 is the name of the Wi-Fi Alliance specification that is used
-in the Wi-Fi CERTIFIED Passpoint<TM> program. More information about
-this is available in this white paper:
-
-http://www.wi-fi.org/knowledge-center/white-papers/wi-fi-certified-passpoint%E2%84%A2-new-program-wi-fi-alliance%C2%AE-enable-seamless
-
-The Hotspot 2.0 specification is also available from WFA:
-https://www.wi-fi.org/knowledge-center/published-specifications
-
-The core Interworking functionality (network selection, GAS/ANQP) were
-standardized in IEEE Std 802.11u-2011 which is now part of the IEEE Std
-802.11-2012.
-
-
-wpa_supplicant network selection
---------------------------------
-
-Interworking support added option for configuring credentials that can
-work with multiple networks as an alternative to configuration of
-network blocks (e.g., per-SSID parameters). When requested to perform
-network selection, wpa_supplicant picks the highest priority enabled
-network block or credential. If a credential is picked (based on ANQP
-information from APs), a temporary network block is created
-automatically for the matching network. This temporary network block is
-used similarly to the network blocks that can be configured by the user,
-but it is not stored into the configuration file and is meant to be used
-only for temporary period of time since a new one can be created
-whenever needed based on ANQP information and the credential.
-
-By default, wpa_supplicant is not using automatic network selection
-unless requested explicitly with the interworking_select command. This
-can be changed with the auto_interworking=1 parameter to perform network
-selection automatically whenever trying to find a network for connection
-and none of the enabled network blocks match with the scan results. This
-case works similarly to "interworking_select auto", i.e., wpa_supplicant
-will internally determine which network or credential is going to be
-used based on configured priorities, scan results, and ANQP information.
-
-
-wpa_supplicant configuration
-----------------------------
-
-Interworking and Hotspot 2.0 functionality are optional components that
-need to be enabled in the wpa_supplicant build configuration
-(.config). This is done by adding following parameters into that file:
-
-CONFIG_INTERWORKING=y
-CONFIG_HS20=y
-
-It should be noted that this functionality requires a driver that
-supports GAS/ANQP operations. This uses the same design as P2P, i.e.,
-Action frame processing and building in user space within
-wpa_supplicant. The Linux nl80211 driver interface provides the needed
-functionality for this.
-
-
-There are number of run-time configuration parameters (e.g., in
-wpa_supplicant.conf when using the configuration file) that can be used
-to control Hotspot 2.0 operations.
-
-# Enable Interworking
-interworking=1
-
-# Enable Hotspot 2.0
-hs20=1
-
-# Parameters for controlling scanning
-
-# Homogeneous ESS identifier
-# If this is set, scans will be used to request response only from BSSes
-# belonging to the specified Homogeneous ESS. This is used only if interworking
-# is enabled.
-#hessid=00:11:22:33:44:55
-
-# Access Network Type
-# When Interworking is enabled, scans can be limited to APs that advertise the
-# specified Access Network Type (0..15; with 15 indicating wildcard match).
-# This value controls the Access Network Type value in Probe Request frames.
-#access_network_type=15
-
-# Automatic network selection behavior
-# 0 = do not automatically go through Interworking network selection
-#     (i.e., require explicit interworking_select command for this; default)
-# 1 = perform Interworking network selection if one or more
-#     credentials have been configured and scan did not find a
-#     matching network block
-#auto_interworking=0
-
-
-Credentials can be pre-configured for automatic network selection:
-
-# credential block
-#
-# Each credential used for automatic network selection is configured as a set
-# of parameters that are compared to the information advertised by the APs when
-# interworking_select and interworking_connect commands are used.
-#
-# credential fields:
-#
-# temporary: Whether this credential is temporary and not to be saved
-#
-# priority: Priority group
-#	By default, all networks and credentials get the same priority group
-#	(0). This field can be used to give higher priority for credentials
-#	(and similarly in struct wpa_ssid for network blocks) to change the
-#	Interworking automatic networking selection behavior. The matching
-#	network (based on either an enabled network block or a credential)
-#	with the highest priority value will be selected.
-#
-# pcsc: Use PC/SC and SIM/USIM card
-#
-# realm: Home Realm for Interworking
-#
-# username: Username for Interworking network selection
-#
-# password: Password for Interworking network selection
-#
-# ca_cert: CA certificate for Interworking network selection
-#
-# client_cert: File path to client certificate file (PEM/DER)
-#	This field is used with Interworking networking selection for a case
-#	where client certificate/private key is used for authentication
-#	(EAP-TLS). Full path to the file should be used since working
-#	directory may change when wpa_supplicant is run in the background.
-#
-#	Alternatively, a named configuration blob can be used by setting
-#	this to blob://blob_name.
-#
-# private_key: File path to client private key file (PEM/DER/PFX)
-#	When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
-#	commented out. Both the private key and certificate will be read
-#	from the PKCS#12 file in this case. Full path to the file should be
-#	used since working directory may change when wpa_supplicant is run
-#	in the background.
-#
-#	Windows certificate store can be used by leaving client_cert out and
-#	configuring private_key in one of the following formats:
-#
-#	cert://substring_to_match
-#
-#	hash://certificate_thumbprint_in_hex
-#
-#	For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
-#
-#	Note that when running wpa_supplicant as an application, the user
-#	certificate store (My user account) is used, whereas computer store
-#	(Computer account) is used when running wpasvc as a service.
-#
-#	Alternatively, a named configuration blob can be used by setting
-#	this to blob://blob_name.
-#
-# private_key_passwd: Password for private key file
-#
-# imsi: IMSI in <MCC> | <MNC> | '-' | <MSIN> format
-#
-# milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN>
-#	format
-#
-# domain_suffix_match: Constraint for server domain name
-#	If set, this FQDN is used as a suffix match requirement for the AAA
-#	server certificate in SubjectAltName dNSName element(s). If a
-#	matching dNSName is found, this constraint is met. If no dNSName
-#	values are present, this constraint is matched against SubjectName CN
-#	using same suffix match comparison. Suffix match here means that the
-#	host/domain name is compared one label at a time starting from the
-#	top-level domain and all the labels in @domain_suffix_match shall be
-#	included in the certificate. The certificate may include additional
-#	sub-level labels in addition to the required labels.
-#
-#	For example, domain_suffix_match=example.com would match
-#	test.example.com but would not match test-example.com.
-#
-# domain: Home service provider FQDN(s)
-#	This is used to compare against the Domain Name List to figure out
-#	whether the AP is operated by the Home SP. Multiple domain entries can
-#	be used to configure alternative FQDNs that will be considered home
-#	networks.
-#
-# roaming_consortium: Roaming Consortium OI
-#	If roaming_consortium_len is non-zero, this field contains the
-#	Roaming Consortium OI that can be used to determine which access
-#	points support authentication with this credential. This is an
-#	alternative to the use of the realm parameter. When using Roaming
-#	Consortium to match the network, the EAP parameters need to be
-#	pre-configured with the credential since the NAI Realm information
-#	may not be available or fetched.
-#
-# required_roaming_consortium: Required Roaming Consortium OI
-#	If required_roaming_consortium_len is non-zero, this field contains the
-#	Roaming Consortium OI that is required to be advertised by the AP for
-#	the credential to be considered matching.
-#
-# roaming_consortiums: Roaming Consortium OI(s) memberships
-#	This string field contains one or more comma delimited OIs (hexdump)
-#	identifying the roaming consortiums of which the provider is a member.
-#	The list is sorted from the most preferred one to the least preferred
-#	one. A match between the Roaming Consortium OIs advertised by an AP and
-#	the OIs in this list indicates that successful authentication is
-#	possible.
-#	(Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI)
-#
-# eap: Pre-configured EAP method
-#	This optional field can be used to specify which EAP method will be
-#	used with this credential. If not set, the EAP method is selected
-#	automatically based on ANQP information (e.g., NAI Realm).
-#
-# phase1: Pre-configure Phase 1 (outer authentication) parameters
-#	This optional field is used with like the 'eap' parameter.
-#
-# phase2: Pre-configure Phase 2 (inner authentication) parameters
-#	This optional field is used with like the 'eap' parameter.
-#
-# excluded_ssid: Excluded SSID
-#	This optional field can be used to excluded specific SSID(s) from
-#	matching with the network. Multiple entries can be used to specify more
-#	than one SSID.
-#
-# roaming_partner: Roaming partner information
-#	This optional field can be used to configure preferences between roaming
-#	partners. The field is a string in following format:
-#	<FQDN>,<0/1 exact match>,<priority>,<* or country code>
-#	(non-exact match means any subdomain matches the entry; priority is in
-#	0..255 range with 0 being the highest priority)
-#
-# update_identifier: PPS MO ID
-#	(Hotspot 2.0 PerProviderSubscription/UpdateIdentifier)
-#
-# provisioning_sp: FQDN of the SP that provisioned the credential
-#	This optional field can be used to keep track of the SP that provisioned
-#	the credential to find the PPS MO (./Wi-Fi/<provisioning_sp>).
-#
-# sp_priority: Credential priority within a provisioning SP
-#	This is the priority of the credential among all credentials
-#	provisioned by the same SP (i.e., for entries that have identical
-#	provisioning_sp value). The range of this priority is 0-255 with 0
-#	being the highest and 255 the lower priority.
-#
-# Minimum backhaul threshold (PPS/<X+>/Policy/MinBackhauldThreshold/*)
-#	These fields can be used to specify minimum download/upload backhaul
-#	bandwidth that is preferred for the credential. This constraint is
-#	ignored if the AP does not advertise WAN Metrics information or if the
-#	limit would prevent any connection. Values are in kilobits per second.
-# min_dl_bandwidth_home
-# min_ul_bandwidth_home
-# min_dl_bandwidth_roaming
-# min_ul_bandwidth_roaming
-#
-# max_bss_load: Maximum BSS Load Channel Utilization (1..255)
-#	(PPS/<X+>/Policy/MaximumBSSLoadValue)
-#	This value is used as the maximum channel utilization for network
-#	selection purposes for home networks. If the AP does not advertise
-#	BSS Load or if the limit would prevent any connection, this constraint
-#	will be ignored.
-#
-# req_conn_capab: Required connection capability
-#	(PPS/<X+>/Policy/RequiredProtoPortTuple)
-#	This value is used to configure set of required protocol/port pairs that
-#	a roaming network shall support (include explicitly in Connection
-#	Capability ANQP element). This constraint is ignored if the AP does not
-#	advertise Connection Capability or if this constraint would prevent any
-#	network connection. This policy is not used in home networks.
-#	Format: <protocol>[:<comma-separated list of ports]
-#	Multiple entries can be used to list multiple requirements.
-#	For example, number of common TCP protocols:
-#	req_conn_capab=6:22,80,443
-#	For example, IPSec/IKE:
-#	req_conn_capab=17:500
-#	req_conn_capab=50
-#
-# ocsp: Whether to use/require OCSP to check server certificate
-#	0 = do not use OCSP stapling (TLS certificate status extension)
-#	1 = try to use OCSP stapling, but not require response
-#	2 = require valid OCSP stapling response
-#
-# sim_num: Identifier for which SIM to use in multi-SIM devices
-#
-# engine: Whether to use an engine for private key operations (0/1)
-# engine_id: String identifying the engine to use
-# ca_cert_id: The CA certificate identifier when using an engine
-# cert_id: The certificate identifier when using an engine
-# key_id: The private key identifier when using an engine
-#
-# for example:
-#
-#cred={
-#	realm="example.com"
-#	username="user@example.com"
-#	password="password"
-#	ca_cert="/etc/wpa_supplicant/ca.pem"
-#	domain="example.com"
-#	domain_suffix_match="example.com"
-#}
-#
-#cred={
-#	imsi="310026-000000000"
-#	milenage="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82"
-#}
-#
-#cred={
-#	realm="example.com"
-#	username="user"
-#	password="password"
-#	ca_cert="/etc/wpa_supplicant/ca.pem"
-#	domain="example.com"
-#	roaming_consortium=223344
-#	roaming_consortiums="112233,4455667788,aabbcc"
-#	eap=TTLS
-#	phase2="auth=MSCHAPV2"
-#}
-
-
-Control interface
------------------
-
-wpa_supplicant provides a control interface that can be used from
-external programs to manage various operations. The included command
-line tool, wpa_cli, can be used for manual testing with this interface.
-
-Following wpa_cli interactive mode commands show some examples of manual
-operations related to Hotspot 2.0:
-
-Remove configured networks and credentials:
-
-> remove_network all
-OK
-> remove_cred all
-OK
-
-
-Add a username/password credential:
-
-> add_cred
-0
-> set_cred 0 realm "mail.example.com"
-OK
-> set_cred 0 username "username"
-OK
-> set_cred 0 password "password"
-OK
-> set_cred 0 priority 1
-OK
-> set_cred 0 temporary 1
-OK
-
-Add a SIM credential using a simulated SIM/USIM card for testing:
-
-> add_cred
-1
-> set_cred 1 imsi "23456-0000000000"
-OK
-> set_cred 1 milenage "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123"
-OK
-> set_cred 1 priority 1
-OK
-
-Note: the return value of add_cred is used as the first argument to
-the following set_cred commands.
-
-Add a SIM credential using a external SIM/USIM processing:
-
-> set external_sim 1
-OK
-> add_cred
-1
-> set_cred 1 imsi "23456-0000000000"
-OK
-> set_cred 1 eap SIM
-OK
-
-
-Add a WPA2-Enterprise network:
-
-> add_network
-0
-> set_network 0 key_mgmt WPA-EAP
-OK
-> set_network 0 ssid "enterprise"
-OK
-> set_network 0 eap TTLS
-OK
-> set_network 0 anonymous_identity "anonymous"
-OK
-> set_network 0 identity "user"
-OK
-> set_network 0 password "password"
-OK
-> set_network 0 priority 0
-OK
-> enable_network 0 no-connect
-OK
-
-
-Add an open network:
-
-> add_network
-3
-> set_network 3 key_mgmt NONE
-OK
-> set_network 3 ssid "coffee-shop"
-OK
-> select_network 3
-OK
-
-Note: the return value of add_network is used as the first argument to
-the following set_network commands.
-
-The preferred credentials/networks can be indicated with the priority
-parameter (1 is higher priority than 0).
-
-
-Interworking network selection can be started with interworking_select
-command. This instructs wpa_supplicant to run a network scan and iterate
-through the discovered APs to request ANQP information from the APs that
-advertise support for Interworking/Hotspot 2.0:
-
-> interworking_select
-OK
-<3>Starting ANQP fetch for 02:00:00:00:01:00
-<3>RX-ANQP 02:00:00:00:01:00 ANQP Capability list
-<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
-<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
-<3>ANQP fetch completed
-<3>INTERWORKING-AP 02:00:00:00:01:00 type=unknown
-
-
-INTERWORKING-AP event messages indicate the APs that support network
-selection and for which there is a matching
-credential. interworking_connect command can be used to select a network
-to connect with:
-
-
-> interworking_connect 02:00:00:00:01:00
-OK
-<3>CTRL-EVENT-SCAN-RESULTS
-<3>SME: Trying to authenticate with 02:00:00:00:01:00 (SSID='Example Network' freq=2412 MHz)
-<3>Trying to associate with 02:00:00:00:01:00 (SSID='Example Network' freq=2412 MHz)
-<3>Associated with 02:00:00:00:01:00
-<3>CTRL-EVENT-EAP-STARTED EAP authentication started
-<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
-<3>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
-<3>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
-<3>WPA: Key negotiation completed with 02:00:00:00:01:00 [PTK=CCMP GTK=CCMP]
-<3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:01:00 completed (auth) [id=0 id_str=]
-
-
-wpa_supplicant creates a temporary network block for the selected
-network based on the configured credential and ANQP information from the
-AP:
-
-> list_networks
-network id / ssid / bssid / flags
-0	Example Network	any	[CURRENT]
-> get_network 0 key_mgmt
-WPA-EAP
-> get_network 0 eap
-TTLS
-
-
-Alternatively to using an external program to select the network,
-"interworking_select auto" command can be used to request wpa_supplicant
-to select which network to use based on configured priorities:
-
-
-> remove_network all
-OK
-<3>CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:01:00 reason=1 locally_generated=1
-> interworking_select auto
-OK
-<3>Starting ANQP fetch for 02:00:00:00:01:00
-<3>RX-ANQP 02:00:00:00:01:00 ANQP Capability list
-<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
-<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
-<3>ANQP fetch completed
-<3>INTERWORKING-AP 02:00:00:00:01:00 type=unknown
-<3>CTRL-EVENT-SCAN-RESULTS
-<3>SME: Trying to authenticate with 02:00:00:00:01:00 (SSID='Example Network' freq=2412 MHz)
-<3>Trying to associate with 02:00:00:00:01:00 (SSID='Example Network' freq=2412 MHz)
-<3>Associated with 02:00:00:00:01:00
-<3>CTRL-EVENT-EAP-STARTED EAP authentication started
-<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
-<3>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
-<3>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
-<3>WPA: Key negotiation completed with 02:00:00:00:01:00 [PTK=CCMP GTK=CCMP]
-<3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:01:00 completed (reauth) [id=0 id_str=]
-
-
-The connection status can be shown with the status command:
-
-> status
-bssid=02:00:00:00:01:00
-ssid=Example Network
-id=0
-mode=station
-pairwise_cipher=CCMP       <--- link layer security indication
-group_cipher=CCMP
-key_mgmt=WPA2/IEEE 802.1X/EAP
-wpa_state=COMPLETED
-p2p_device_address=02:00:00:00:00:00
-address=02:00:00:00:00:00
-hs20=1      <--- HS 2.0 indication
-Supplicant PAE state=AUTHENTICATED
-suppPortStatus=Authorized
-EAP state=SUCCESS
-selectedMethod=21 (EAP-TTLS)
-EAP TLS cipher=AES-128-SHA
-EAP-TTLSv0 Phase2 method=PAP
-
-
-> status
-bssid=02:00:00:00:02:00
-ssid=coffee-shop
-id=3
-mode=station
-pairwise_cipher=NONE
-group_cipher=NONE
-key_mgmt=NONE
-wpa_state=COMPLETED
-p2p_device_address=02:00:00:00:00:00
-address=02:00:00:00:00:00
-
-
-Note: The Hotspot 2.0 indication is shown as "hs20=1" in the status
-command output. Link layer security is indicated with the
-pairwise_cipher (CCMP = secure, NONE = no encryption used).
-
-
-Also the scan results include the Hotspot 2.0 indication:
-
-> scan_results
-bssid / frequency / signal level / flags / ssid
-02:00:00:00:01:00	2412	-30	[WPA2-EAP-CCMP][ESS][HS20]	Example Network
-
-
-ANQP information for the BSS can be fetched using the BSS command:
-
-> bss 02:00:00:00:01:00
-id=1
-bssid=02:00:00:00:01:00
-freq=2412
-beacon_int=100
-capabilities=0x0411
-qual=0
-noise=-92
-level=-30
-tsf=1345573286517276
-age=105
-ie=000f4578616d706c65204e6574776f726b010882848b960c1218240301012a010432043048606c30140100000fac040100000fac040100000fac0100007f04000000806b091e07010203040506076c027f006f1001531122331020304050010203040506dd05506f9a1000
-flags=[WPA2-EAP-CCMP][ESS][HS20]
-ssid=Example Network
-anqp_roaming_consortium=031122330510203040500601020304050603fedcba
-
-
-ANQP queries can also be requested with the anqp_get and hs20_anqp_get
-commands:
-
-> anqp_get 02:00:00:00:01:00 261
-OK
-<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
-> hs20_anqp_get 02:00:00:00:01:00 2
-OK
-<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
-
-In addition, fetch_anqp command can be used to request similar set of
-ANQP queries to be done as is run as part of interworking_select:
-
-> scan
-OK
-<3>CTRL-EVENT-SCAN-RESULTS
-> fetch_anqp
-OK
-<3>Starting ANQP fetch for 02:00:00:00:01:00
-<3>RX-ANQP 02:00:00:00:01:00 ANQP Capability list
-<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
-<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
-<3>ANQP fetch completed
-
-
-Hotspot 2.0 Rel 2 online signup and OSEN
-----------------------------------------
-
-Following parameters can be used to create a network profile for
-link-layer protected Hotspot 2.0 online signup connection with
-OSEN. Note that ssid and identify (NAI) values need to be set based on
-the information for the selected provider in the OSU Providers list
-ANQP-element.
-
-network={
-    ssid="HS 2.0 OSU"
-    proto=OSEN
-    key_mgmt=OSEN
-    pairwise=CCMP
-    group=GTK_NOT_USED
-    eap=WFA-UNAUTH-TLS
-    identity="anonymous@example.com"
-    ca_cert="osu-ca.pem"
-    ocsp=2
-}
-
-
-Hotspot 2.0 connection with external network selection
-------------------------------------------------------
-
-When a component controlling wpa_supplicant takes care of Interworking
-network selection, following configuration and network profile
-parameters can be used to configure a temporary network profile for a
-Hotspot 2.0 connection (e.g., with SET, ADD_NETWORK, SET_NETWORK, and
-SELECT_NETWORK control interface commands):
-
-interworking=1
-hs20=1
-auto_interworking=0
-
-network={
-    ssid="test-hs20"
-    proto=RSN
-    key_mgmt=WPA-EAP
-    pairwise=CCMP
-    anonymous_identity="anonymous@example.com"
-    identity="hs20-test@example.com"
-    password="password"
-    ca_cert="ca.pem"
-    eap=TTLS
-    phase2="auth=MSCHAPV2"
-    update_identifier=54321
-    roaming_consortium_selection=112233
-    #ocsp=2
-}
-
-
-These parameters are set based on the PPS MO credential and/or NAI Realm
-list ANQP-element:
-
-anonymous_identity: Credential/UsernamePassword/Username with username part
-		    replaced with "anonymous"
-identity: Credential/UsernamePassword/Username
-password: Credential/UsernamePassword/Password
-update_identifier: PPS/UpdateIdentifier
-ca_cert: from the downloaded trust root based on PPS information
-eap: Credential/UsernamePassword/EAPMethod or NAI Realm list
-phase2: Credential/UsernamePassword/EAPMethod or NAI Realm list
-roaming_consortium_selection: Matching OI from HomeSP/RoamingConsortiumOI
-ocsp: Credential/CheckAAAServerCertStatus
diff --git a/wpa_supplicant/README-P2P b/wpa_supplicant/README-P2P
deleted file mode 100644
index 55a60a296ad7..000000000000
--- a/wpa_supplicant/README-P2P
+++ /dev/null
@@ -1,856 +0,0 @@
-wpa_supplicant and Wi-Fi P2P
-============================
-
-This document describes how the Wi-Fi P2P implementation in
-wpa_supplicant can be configured and how an external component on the
-client (e.g., management GUI) is used to enable WPS enrollment and
-registrar registration.
-
-
-Introduction to Wi-Fi P2P
--------------------------
-
-TODO
-
-More information about Wi-Fi P2P is available from Wi-Fi Alliance:
-http://www.wi-fi.org/Wi-Fi_Direct.php
-
-
-wpa_supplicant implementation
------------------------------
-
-TODO
-
-
-wpa_supplicant configuration
-----------------------------
-
-Wi-Fi P2P is an optional component that needs to be enabled in the
-wpa_supplicant build configuration (.config). Here is an example
-configuration that includes Wi-Fi P2P support and Linux nl80211
--based driver interface:
-
-CONFIG_DRIVER_NL80211=y
-CONFIG_CTRL_IFACE=y
-CONFIG_P2P=y
-CONFIG_AP=y
-CONFIG_WPS=y
-
-
-In run-time configuration file (wpa_supplicant.conf), some parameters
-for P2P may be set. In order to make the devices easier to recognize,
-device_name and device_type should be specified. For example,
-something like this should be included:
-
-ctrl_interface=/var/run/wpa_supplicant
-device_name=My P2P Device
-device_type=1-0050F204-1
-
-
-wpa_cli
--------
-
-Actual Wi-Fi P2P operations are requested during runtime. These can be
-done for example using wpa_cli (which is described below) or a GUI
-like wpa_gui-qt4.
-
-
-wpa_cli starts in interactive mode if no command string is included on
-the command line. By default, it will select the first network interface
-that it can find (and that wpa_supplicant controls). If more than one
-interface is in use, it may be necessary to select one of the explicitly
-by adding -i argument on the command line (e.g., 'wpa_cli -i wlan1').
-
-Most of the P2P operations are done on the main interface (e.g., the
-interface that is automatically added when the driver is loaded, e.g.,
-wlan0). When using a separate virtual interface for group operations
-(e.g., wlan1), the control interface for that group interface may need
-to be used for some operations (mainly WPS activation in GO). This may
-change in the future so that all the needed operations could be done
-over the main control interface.
-
-Device Discovery
-
-p2p_find [timeout in seconds] [type=<social|progressive>] \
-	[dev_id=<addr>] [dev_type=<device type>] \
-	[delay=<search delay in ms>] [seek=<service name>] [freq=<MHz>]
-
-The default behavior is to run a single full scan in the beginning and
-then scan only social channels. type=social will scan only social
-channels, i.e., it skips the initial full scan. type=progressive is
-like the default behavior, but it will scan through all the channels
-progressively one channel at the time in the Search state rounds. This
-will help in finding new groups or groups missed during the initial
-full scan. When the type parameter is not included (i.e., full scan), the
-optional freq parameter can be used to override the first scan to use only
-the specified channel after which only social channels are scanned.
-
-The optional dev_id option can be used to specify a single P2P peer to
-search for. The optional delay parameter can be used to request an extra
-delay to be used between search iterations (e.g., to free up radio
-resources for concurrent operations).
-
-The optional dev_type option can be used to specify a single device type
-(primary or secondary) to search for, e.g.,
-"p2p_find dev_type=1-0050F204-1".
-
-
-With one or more seek arguments, the command sends Probe Request frames
-for a P2PS service. For example,
-p2p_find 5 dev_id=11:22:33:44:55:66 seek=alt.example.chat seek=alt.example.video
-
-Parameters description:
-    Timeout - Optional ASCII base-10-encoded u16. If missing, request will not
-	time out and must be canceled manually
-    dev_id - Optional to request responses from a single known remote device
-    Service Name - Mandatory UTF-8 string for ASP seeks
-	Service name must match the remote service being advertised exactly
-	(no prefix matching).
-	Service name may be empty, in which case all ASP services will be
-	returned, and may be filtered with p2p_serv_disc_req settings, and
-	p2p_serv_asp_resp results.
-	Multiple service names may be requested, but if it exceeds internal
-	limit, it will automatically revert to requesting all ASP services.
-
-p2p_listen [timeout in seconds]
-
-Start Listen-only state (become discoverable without searching for
-other devices). Optional parameter can be used to specify the duration
-for the Listen operation in seconds. This command may not be of that
-much use during normal operations and is mainly designed for
-testing. It can also be used to keep the device discoverable without
-having to maintain a group.
-
-p2p_stop_find
-
-Stop ongoing P2P device discovery or other operation (connect, listen
-mode).
-
-p2p_flush
-
-Flush P2P peer table and state.
-
-Group Formation
-
-p2p_prov_disc <peer device address> <display|keypad|pbc> [join|auto]
-
-Send P2P provision discovery request to the specified peer. The
-parameters for this command are the P2P device address of the peer and
-the desired configuration method. For example, "p2p_prov_disc
-02:01:02:03:04:05 display" would request the peer to display a PIN for
-us and "p2p_prov_disc 02:01:02:03:04:05 keypad" would request the peer
-to enter a PIN that we display.
-
-The optional "join" parameter can be used to indicate that this command
-is requesting an already running GO to prepare for a new client. This is
-mainly used with "display" to request it to display a PIN. The "auto"
-parameter can be used to request wpa_supplicant to automatically figure
-out whether the peer device is operating as a GO and if so, use
-join-a-group style PD instead of GO Negotiation style PD.
-
-p2p_connect <peer device address> <pbc|pin|PIN#|p2ps> [display|keypad|p2ps]
-	[persistent|persistent=<network id>] [join|auth]
-	[go_intent=<0..15>] [freq=<in MHz>] [ht40] [vht] [he] [provdisc] [auto]
-	[ssid=<hexdump>]
-
-Start P2P group formation with a discovered P2P peer. This includes
-optional group owner negotiation, group interface setup, provisioning,
-and establishing data connection.
-
-The <pbc|pin|PIN#> parameter specifies the WPS provisioning
-method. "pbc" string starts pushbutton method, "pin" string start PIN
-method using an automatically generated PIN (which will be returned as
-the command return code), PIN# means that a pre-selected PIN can be
-used (e.g., 12345670). [display|keypad] is used with PIN method
-to specify which PIN is used (display=dynamically generated random PIN
-from local display, keypad=PIN entered from peer display). "persistent"
-parameter can be used to request a persistent group to be formed. The
-"persistent=<network id>" alternative can be used to pre-populate
-SSID/passphrase configuration based on a previously used persistent
-group where this device was the GO. The previously used parameters will
-then be used if the local end becomes the GO in GO Negotiation (which
-can be forced with go_intent=15).
-
-"join" indicates that this is a command to join an existing group as a
-client. It skips the GO Negotiation part. This will send a Provision
-Discovery Request message to the target GO before associating for WPS
-provisioning.
-
-"auth" indicates that the WPS parameters are authorized for the peer
-device without actually starting GO Negotiation (i.e., the peer is
-expected to initiate GO Negotiation). This is mainly for testing
-purposes.
-
-"go_intent" can be used to override the default GO Intent for this GO
-Negotiation.
-
-"freq" can be used to set a forced operating channel (e.g., freq=2412
-to select 2.4 GHz channel 1).
-
-"provdisc" can be used to request a Provision Discovery exchange to be
-used prior to starting GO Negotiation as a workaround with some deployed
-P2P implementations that require this to allow the user to accept the
-connection.
-
-"auto" can be used to request wpa_supplicant to automatically figure
-out whether the peer device is operating as a GO and if so, use
-join-a-group operation rather than GO Negotiation.
-
-"ssid=<hexdump>" can be used to specify the Group SSID for join
-operations. This allows the P2P Client interface to filter scan results
-based on SSID to avoid selecting an incorrect BSS entry in case the same
-P2P Device or Interface address have been used in multiple groups
-recently.
-
-P2PS attribute changes to p2p_connect command:
-
-P2PS supports two WPS provisioning methods namely PIN method and P2PS default.
-The remaining parameters hold same role as in legacy P2P. In case of P2PS
-default config method "p2ps" keyword is added in p2p_connect command.
-
-For example:
-p2p_connect 02:0a:f5:85:11:00 12345670 p2ps persistent join
-	(WPS Method = P2PS default)
-
-p2p_connect 02:0a:f5:85:11:00 45629034 keypad persistent
-	(WPS Method = PIN)
-
-p2p_asp_provision <peer MAC address> <adv_id=peer adv id>
-	<adv_mac=peer MAC address> [role=2|4|1] <session=session id>
-	<session_mac=initiator mac address>
-	[info='service info'] <method=Default|keypad|Display>
-
-This command starts provision discovery with the P2PS enabled peer device.
-
-For example,
-p2p_asp_provision 00:11:22:33:44:55 adv_id=4d6fc7 adv_mac=00:55:44:33:22:11 role=1 session=12ab34 session_mac=00:11:22:33:44:55 info='name=john' method=1000
-
-Parameter description:
-    MAC address - Mandatory
-    adv_id - Mandatory remote Advertising ID of service connection is being
-	established for
-    adv_mac - Mandatory MAC address that owns/registered the service
-    role - Optional
-	2 (group client only) or 4 (group owner only)
-	if not present (or 1) role is negotiated by the two peers.
-    session - Mandatory Session ID of the first session to be established
-    session_mac - Mandatory MAC address that owns/initiated the session
-    method - Optional method to request for provisioning (1000 - P2PS Default,
-	100 - Keypad(PIN), 8 - Display(PIN))
-    info - Optional UTF-8 string. Hint for service to indicate possible usage
-	parameters - Escape single quote & backslash:
-	with a backslash 0x27 == ' == \', and 0x5c == \ == \\
-
-p2p_asp_provision_resp <peer mac address> <adv_id= local adv id>
-	<adv_mac=local MAC address> <role=1|2|4> <status=0>
-	<session=session id> <session_mac=peer MAC address>
-
-This command sends a provision discovery response from responder side.
-
-For example,
-p2p_asp_provision_resp 00:55:44:33:22:11 adv_id=4d6fc7 adv_mac=00:55:44:33:22:11 role=1 status=0 session=12ab34 session_mac=00:11:22:33:44:55
-
-Parameters definition:
-    MAC address - Mandatory
-    adv_id - Mandatory local Advertising ID of service connection is being
-	established for
-    adv_mac - Mandatory MAC address that owns/registered the service
-    role -  Optional 2 (group client only) or 4 (group owner only)
-	if not present (or 1) role is negotiated by the two peers.
-    status - Mandatory Acceptance/Rejection code of Provisioning
-    session - Mandatory Session ID of the first session to be established
-    session_mac - Mandatory MAC address that owns/initiated the session
-
-p2p_group_add [persistent|persistent=<network id>] [freq=<freq in MHz>]
-	[ht40] [vht] [he]
-
-Set up a P2P group owner manually (i.e., without group owner
-negotiation with a specific peer). This is also known as autonomous
-GO. Optional persistent=<network id> can be used to specify restart of
-a persistent group. Optional freq=<freq in MHz> can be used to force
-the GO to be started on a specific frequency. Special freq=2 or freq=5
-options can be used to request the best 2.4 GHz or 5 GHz band channel
-to be selected automatically.
-
-p2p_reject <peer device address>
-
-Reject connection attempt from a peer (specified with a device
-address). This is a mechanism to reject a pending GO Negotiation with
-a peer and request to automatically block any further connection or
-discovery of the peer.
-
-p2p_group_remove <group interface>
-
-Terminate a P2P group. If a new virtual network interface was used for
-the group, it will also be removed. The network interface name of the
-group interface is used as a parameter for this command.
-
-p2p_cancel
-
-Cancel an ongoing P2P group formation and joining-a-group related
-operation. This operation unauthorizes the specific peer device (if any
-had been authorized to start group formation), stops P2P find (if in
-progress), stops pending operations for join-a-group, and removes the
-P2P group interface (if one was used) that is in the WPS provisioning
-step. If the WPS provisioning step has been completed, the group is not
-terminated.
-
-p2p_remove_client <peer's P2P Device Address|iface=<interface address>>
-
-This command can be used to remove the specified client from all groups
-(operating and persistent) from the local GO. Note that the peer device
-can rejoin the group if it is in possession of a valid key. See p2p_set
-per_sta_psk command below for more details on how the peer can be
-removed securely.
-
-Service Discovery
-
-p2p_service_add asp <auto accept> <adv id> <status 0/1> <Config Methods>
-	<Service name> [Service Information] [Response Info]
-
-This command can be used to search for a P2PS service which includes
-Play, Send, Display, and Print service. The parameters for this command
-are "asp" to identify the command as P2PS one, auto accept value,
-advertisement id which uniquely identifies the service requests, state
-of the service whether the service is available or not, config methods
-which can be either P2PS method or PIN method, service name followed by
-two optional parameters service information, and response info.
-
-For example,
-p2p_service_add asp 1 4d6fc7 0 1108 alt.example.chat svc_info='name=john' rsp_info='enter PIN 1234'
-
-Parameters definition:
-    asp - Mandatory for ASP service registration
-    auto accept - Mandatory ASCII hex-encoded boolean (0 == no auto-accept,
-	1 == auto-accept ANY role, 2 == auto-accept CLIENT role,
-	4 == auto-accept GO role)
-    Advertisement ID - Mandatory non-zero ASCII hex-encoded u32
-	(Must be unique/not yet exist in svc db)
-    State - Mandatory ASCII hex-encoded u8 (0 -- Svc not available,
-	1 -- Svc available, 2-0xff  Application defined)
-    Config Methods - Mandatory ASCII hex-encoded u16 (bitmask of WSC config
-	methods)
-    Service Name - Mandatory UTF-8 string
-    Service Information - Optional UTF-8 string
-	Escape single quote & backslash with a backslash:
-	0x27 == ' == \', and 0x5c == \ == \\
-    Session response information -  Optional (used only if auto accept is TRUE)
-	UTF-8 string
-	Escape single quote & backslash with a backslash:
-	0x27 == ' == \', and 0x5c == \ == \\
-
-p2p_service_rep asp <auto accept> <adv id> <status 0/1> <Config Methods>
-	<Service name> [Service Information] [Response Info]
-
-This command can be used to replace the existing service request
-attributes from the initiator side. The replacement is only allowed if
-the advertisement id issued in the command matches with any one entry in
-the list of existing SD queries. If advertisement id doesn't match the
-command returns a failure.
-
-For example,
-p2p_service_rep asp 1 4d6fc7 1 1108 alt.example.chat svc_info='name=john' rsp_info='enter PIN 1234'
-
-Parameters definition:
-    asp - Mandatory for ASP service registration
-    auto accept - Mandatory ASCII hex-encoded boolean (1 == true, 0 == false)
-    Advertisement ID - Mandatory non-zero ASCII hex-encoded u32
-	(Must already exist in svc db)
-    State - Mandatory ASCII hex-encoded u8 (can be used to indicate svc
-	available or not available for instance)
-    Config Methods - Mandatory ASCII hex-encoded u16 (bitmask of WSC config
-	methods)
-    Service Name - Mandatory UTF-8 string (Must match existing string in svc db)
-    Service Information - Optional UTF-8 string
-	Escape single quote & backslash with a backslash:
-	0x27 == ' == \', and 0x5c == \ == \\
-    Session response information -  Optional (used only if auto accept is TRUE)
-	UTF-8 string
-	Escape single quote & backslash with a backslash:
-	0x27 == ' == \', and 0x5c == \ == \\
-
-p2p_serv_disc_req
-
-Schedule a P2P service discovery request. The parameters for this
-command are the device address of the peer device (or 00:00:00:00:00:00
-for wildcard query that is sent to every discovered P2P peer that
-supports service discovery) and P2P Service Query TLV(s) as hexdump. For
-example,
-
-p2p_serv_disc_req 00:00:00:00:00:00 02000001
-
-schedules a request for listing all available services of all service
-discovery protocols and requests this to be sent to all discovered
-peers (note: this can result in long response frames). The pending
-requests are sent during device discovery (see p2p_find).
-
-There can be multiple pending peer device specific queries (each will be
-sent in sequence whenever the peer is found).
-
-This command returns an identifier for the pending query (e.g.,
-"1f77628") that can be used to cancel the request. Directed requests
-will be automatically removed when the specified peer has replied to
-it.
-
-Service Query TLV has following format:
-Length (2 octets, little endian) - length of following data
-Service Protocol Type (1 octet) - see the table below
-Service Transaction ID (1 octet) - nonzero identifier for the TLV
-Query Data (Length - 2 octets of data) - service protocol specific data
-
-Service Protocol Types:
-0 = All service protocols
-1 = Bonjour
-2 = UPnP
-3 = WS-Discovery
-4 = Wi-Fi Display
-
-For UPnP, an alternative command format can be used to specify a
-single query TLV (i.e., a service discovery for a specific UPnP
-service):
-
-p2p_serv_disc_req 00:00:00:00:00:00 upnp <version hex> <ST: from M-SEARCH>
-
-For example:
-
-p2p_serv_disc_req 00:00:00:00:00:00 upnp 10 urn:schemas-upnp-org:device:InternetGatewayDevice:1
-
-Additional examples for queries:
-
-# list of all Bonjour services
-p2p_serv_disc_req 00:00:00:00:00:00 02000101
-
-# list of all UPnP services
-p2p_serv_disc_req 00:00:00:00:00:00 02000201
-
-# list of all WS-Discovery services
-p2p_serv_disc_req 00:00:00:00:00:00 02000301
-
-# list of all Bonjour and UPnP services
-p2p_serv_disc_req 00:00:00:00:00:00 0200010102000202
-
-# Apple File Sharing over TCP
-p2p_serv_disc_req 00:00:00:00:00:00 130001010b5f6166706f766572746370c00c000c01
-
-# Bonjour SSTH (supported service type hash)
-p2p_serv_disc_req 00:00:00:00:00:00 05000101000000
-
-# UPnP examples
-p2p_serv_disc_req 00:00:00:00:00:00 upnp 10 ssdp:all
-p2p_serv_disc_req 00:00:00:00:00:00 upnp 10 upnp:rootdevice
-p2p_serv_disc_req 00:00:00:00:00:00 upnp 10 urn:schemas-upnp-org:service:ContentDirectory:2
-p2p_serv_disc_req 00:00:00:00:00:00 upnp 10 uuid:6859dede-8574-59ab-9332-123456789012
-p2p_serv_disc_req 00:00:00:00:00:00 upnp 10 urn:schemas-upnp-org:device:InternetGatewayDevice:1
-
-# Wi-Fi Display examples
-# format: wifi-display <list of roles> <list of subelements>
-p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
-p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
-p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
-p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
-p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5
-
-p2p_serv_disc_req <Unicast|Broadcast mac address> asp <Transaction ID>
-	<Service Name> [Service Information]
-
-The command can be used for service discovery for P2PS enabled devices.
-
-For example: p2p_serv_disc_req 00:00:00:00:00:00 asp a1 alt.example 'john'
-
-Parameters definition:
-    MAC address - Mandatory Existing
-    asp - Mandatory for ASP queries
-    Transaction ID - Mandatory non-zero ASCII hex-encoded u8 for GAS
-    Service Name Prefix - Mandatory UTF-8 string.
-	Will match from beginning of remote Service Name
-    Service Information Substring - Optional UTF-8 string
-	If Service Information Substring is not included, all services matching
-	Service Name Prefix will be returned.
-	If Service Information Substring is included, both the Substring and the
-	Service Name Prefix must match for service to be returned.
-	If remote service has no Service Information, all Substring searches
-	will fail.
-
-p2p_serv_disc_cancel_req <query identifier>
-
-Cancel a pending P2P service discovery request. This command takes a
-single parameter: identifier for the pending query (the value returned
-by p2p_serv_disc_req, e.g., "p2p_serv_disc_cancel_req 1f77628".
-
-p2p_serv_disc_resp
-
-Reply to a service discovery query. This command takes following
-parameters: frequency in MHz, destination address, dialog token,
-response TLV(s). The first three parameters are copied from the
-request event. For example, "p2p_serv_disc_resp 2437 02:40:61:c2:f3:b7
-1 0300000101". This command is used only if external program is used
-to process the request (see p2p_serv_disc_external).
-
-p2p_service_update
-
-Indicate that local services have changed. This is used to increment
-the P2P service indicator value so that peers know when previously
-cached information may have changed. This is only needed when external
-service discovery processing is enabled since the commands to
-pre-configure services for internal processing will increment the
-indicator automatically.
-
-p2p_serv_disc_external <0|1>
-
-Configure external processing of P2P service requests: 0 (default) =
-no external processing of requests (i.e., internal code will process
-each request based on pre-configured services), 1 = external
-processing of requests (external program is responsible for replying
-to service discovery requests with p2p_serv_disc_resp). Please note
-that there is quite strict limit on how quickly the response needs to
-be transmitted, so use of the internal processing is strongly
-recommended.
-
-p2p_service_add bonjour <query hexdump> <RDATA hexdump>
-
-Add a local Bonjour service for internal SD query processing.
-
-Examples:
-
-# AFP Over TCP (PTR)
-p2p_service_add bonjour 0b5f6166706f766572746370c00c000c01 074578616d706c65c027
-# AFP Over TCP (TXT) (RDATA=null)
-p2p_service_add bonjour 076578616d706c650b5f6166706f766572746370c00c001001 00
-
-# IP Printing over TCP (PTR) (RDATA=MyPrinter._ipp._tcp.local.)
-p2p_service_add bonjour 045f697070c00c000c01 094d795072696e746572c027
-# IP Printing over TCP (TXT) (RDATA=txtvers=1,pdl=application/postscript)
-p2p_service_add bonjour 096d797072696e746572045f697070c00c001001 09747874766572733d311a70646c3d6170706c69636174696f6e2f706f7374736372797074
-
-# Supported Service Type Hash (SSTH)
-p2p_service_add bonjour 000000 <32-byte bitfield as hexdump>
-(note: see P2P spec Annex E.4 for information on how to construct the bitfield)
-
-p2p_service_del bonjour <query hexdump>
-
-Remove a local Bonjour service from internal SD query processing.
-
-p2p_service_add upnp <version hex> <service>
-
-Add a local UPnP service for internal SD query processing.
-
-Examples:
-
-p2p_service_add upnp 10 uuid:6859dede-8574-59ab-9332-123456789012::upnp:rootdevice
-p2p_service_add upnp 10 uuid:5566d33e-9774-09ab-4822-333456785632::upnp:rootdevice
-p2p_service_add upnp 10 uuid:1122de4e-8574-59ab-9322-333456789044::urn:schemas-upnp-org:service:ContentDirectory:2
-p2p_service_add upnp 10 uuid:5566d33e-9774-09ab-4822-333456785632::urn:schemas-upnp-org:service:ContentDirectory:2
-p2p_service_add upnp 10 uuid:6859dede-8574-59ab-9332-123456789012::urn:schemas-upnp-org:device:InternetGatewayDevice:1
-
-p2p_service_del upnp <version hex> <service>
-
-Remove a local UPnP service from internal SD query processing.
-
-p2p_service_del asp <adv id>
-
-Removes the local asp service from internal SD query list.
-For example: p2p_service_del asp 4d6fc7
-
-p2p_service_flush
-
-Remove all local services from internal SD query processing.
-
-Invitation
-
-p2p_invite [persistent=<network id>|group=<group ifname>] [peer=address]
-	[go_dev_addr=address] [freq=<freq in MHz>] [ht40] [vht] [he]
-	[pref=<MHz>]
-
-Invite a peer to join a group (e.g., group=wlan1) or to reinvoke a
-persistent group (e.g., persistent=4). If the peer device is the GO of
-the persistent group, the peer parameter is not needed. Otherwise it is
-used to specify which device to invite. go_dev_addr parameter can be
-used to override the GO device address for Invitation Request should
-it be not known for some reason (this should not be needed in most
-cases). When reinvoking a persistent group, the GO device can specify
-the frequency for the group with the freq parameter. When reinvoking a
-persistent group, the P2P client device can use freq parameter to force
-a specific operating channel (or invitation failure if GO rejects that)
-or pref parameter to request a specific channel (while allowing GO to
-select to use another channel, if needed).
-
-Group Operations
-
-(These are used on the group interface.)
-
-wps_pin <any|address> <PIN>
-
-Start WPS PIN method. This allows a single WPS Enrollee to connect to
-the AP/GO. This is used on the GO when a P2P client joins an existing
-group. The second parameter is the address of the Enrollee or a string
-"any" to allow any station to use the entered PIN (which will restrict
-the PIN for one-time-use). PIN is the Enrollee PIN read either from a
-label or display on the P2P Client/WPS Enrollee.
-
-wps_pbc
-
-Start WPS PBC method (i.e., push the button). This allows a single WPS
-Enrollee to connect to the AP/GO. This is used on the GO when a P2P
-client joins an existing group.
-
-p2p_get_passphrase
-
-Get the passphrase for a group (only available when acting as a GO).
-
-p2p_presence_req [<duration> <interval>] [<duration> <interval>]
-
-Send a P2P Presence Request to the GO (this is only available when
-acting as a P2P client). If no duration/interval pairs are given, the
-request indicates that this client has no special needs for GO
-presence. The first parameter pair gives the preferred duration and
-interval values in microseconds. If the second pair is included, that
-indicates which value would be acceptable. This command returns OK
-immediately and the response from the GO is indicated in a
-P2P-PRESENCE-RESPONSE event message.
-
-Parameters
-
-p2p_ext_listen [<period> <interval>]
-
-Configure Extended Listen Timing. If the parameters are omitted, this
-feature is disabled. If the parameters are included, Listen State will
-be entered every interval msec for at least period msec. Both values
-have acceptable range of 1-65535 (with interval obviously having to be
-larger than or equal to duration). If the P2P module is not idle at
-the time the Extended Listen Timing timeout occurs, the Listen State
-operation will be skipped.
-
-The configured values will also be advertised to other P2P Devices. The
-received values are available in the p2p_peer command output:
-
-ext_listen_period=100 ext_listen_interval=5000
-
-p2p_set <field> <value>
-
-Change dynamic P2P parameters
-
-p2p_set discoverability <0/1>
-
-Disable/enable advertisement of client discoverability. This is
-enabled by default and this parameter is mainly used to allow testing
-of device discoverability.
-
-p2p_set managed <0/1>
-
-Disable/enable managed P2P Device operations. This is disabled by
-default.
-
-p2p_set listen_channel <channel> [<op_class>]
-
-Set P2P Listen channel. This is mainly meant for testing purposes and
-changing the Listen channel during normal operations can result in
-protocol failures.
-
-When specifying a social channel on the 2.4 GHz band (1/6/11) there is
-no need to specify the operating class since it defaults to 81.  When
-specifying a social channel on the 60 GHz band (2), specify the 60 GHz
-operating class (180).
-
-p2p_set ssid_postfix <postfix>
-
-Set postfix string to be added to the automatically generated P2P SSID
-(DIRECT-<two random characters>). For example, postfix of "-testing"
-could result in the SSID becoming DIRECT-ab-testing.
-
-p2p_set per_sta_psk <0/1>
-
-Disabled(default)/enables use of per-client PSK in the P2P groups. This
-can be used to request GO to assign a unique PSK for each client during
-WPS provisioning. When enabled, this allow clients to be removed from
-the group securely with p2p_remove_client command since that client's
-PSK is removed at the same time to prevent it from connecting back using
-the old PSK. When per-client PSK is not used, the client can still be
-disconnected, but it will be able to re-join the group since the PSK it
-learned previously is still valid. It should be noted that the default
-passphrase on the GO that is normally used to allow legacy stations to
-connect through manual configuration does not change here, so if that is
-shared, devices with knowledge of that passphrase can still connect.
-
-set <field> <value>
-
-Set global configuration parameters which may also affect P2P
-operations. The format on these parameters is same as is used in
-wpa_supplicant.conf. Only the parameters listen here should be
-changed. Modifying other parameters may result in incorrect behavior
-since not all existing users of the parameters are updated.
-
-set uuid <UUID>
-
-Set WPS UUID (by default, this is generated based on the MAC address).
-
-set device_name <device name>
-
-Set WPS Device Name (also included in some P2P messages).
-
-set manufacturer <manufacturer>
-
-Set WPS Manufacturer.
-
-set model_name <model name>
-
-Set WPS Model Name.
-
-set model_number <model number>
-
-Set WPS Model Number.
-
-set serial_number <serial number>
-
-Set WPS Serial Number.
-
-set device_type <device type>
-
-Set WPS Device Type.
-
-set os_version <OS version>
-
-Set WPS OS Version.
-
-set config_methods <config methods>
-
-Set WPS Configuration Methods.
-
-set sec_device_type <device type>
-
-Add a new Secondary Device Type.
-
-set p2p_go_intent <GO intent>
-
-Set the default P2P GO Intent. Note: This value can be overridden in
-p2p_connect command and as such, there should be no need to change the
-default value here during normal operations.
-
-set p2p_ssid_postfix <P2P SSID postfix>
-
-Set P2P SSID postfix.
-
-set persistent_reconnect <0/1>
-
-Disable/enabled persistent reconnect for reinvocation of persistent
-groups. If enabled, invitations to reinvoke a persistent group will be
-accepted without separate authorization (e.g., user interaction).
-
-set country <two character country code>
-
-Set country code (this is included in some P2P messages).
-
-set p2p_search_delay <delay>
-
-Set p2p_search_delay which adds extra delay in milliseconds between
-concurrent search iterations to make p2p_find friendlier to concurrent
-operations by avoiding it from taking 100% of radio resources. The
-default value is 500 ms.
-
-Status
-
-p2p_peers [discovered]
-
-List P2P Device Addresses of all the P2P peers we know. The optional
-"discovered" parameter filters out the peers that we have not fully
-discovered, i.e., which we have only seen in a received Probe Request
-frame.
-
-p2p_peer <P2P Device Address>
-
-Fetch information about a known P2P peer.
-
-Group Status
-
-(These are used on the group interface.)
-
-status
-
-Show status information (connection state, role, use encryption
-parameters, IP address, etc.).
-
-sta
-
-Show information about an associated station (when acting in AP/GO role).
-
-all_sta
-
-Lists the currently associated stations.
-
-Configuration data
-
-list_networks
-
-Lists the configured networks, including stored information for
-persistent groups. The identifier in this list is used with
-p2p_group_add and p2p_invite to indicate which persistent group is to
-be reinvoked.
-
-remove_network <network id>
-
-Remove a network entry from configuration. 
-
-
-P2PS Events/Responses:
-
-P2PS-PROV-START: This events gets triggered when provisioning is issued for
-either seeker or advertiser.
-
-For example,
-P2PS-PROV-START 00:55:44:33:22:11 adv_id=111 adv_mac=00:55:44:33:22:11 conncap=1 session=1234567 session_mac=00:11:22:33:44:55 info='xxxx'
-
-Parameters definition:
-    MAC address - always
-    adv_id - always ASCII hex-encoded u32
-    adv_mac - always MAC address that owns/registered the service
-    conncap - always mask of 0x01 (new), 0x02 (group client), 0x04 (group owner)
-	bits
-    session - always Session ID of the first session to be established
-    session_mac - always MAC address that owns/initiated the session
-    info - if available, UTF-8 string
-	Escaped single quote & backslash with a backslash:
-	\' == 0x27 == ', and \\ == 0x5c == \
-
-P2PS-PROV-DONE: When provisioning is completed then this event gets triggered.
-
-For example,
-P2PS-PROV-DONE 00:11:22:33:44:55 status=0 adv_id=111 adv_mac=00:55:44:33:22:11 conncap=1 session=1234567 session_mac=00:11:22:33:44:55 [dev_passwd_id=8 | go=p2p-wlan0-0 | join=11:22:33:44:55:66 | persist=0]
-
-Parameters definition:
-    MAC address - always main device address of peer. May be different from MAC
-	ultimately connected to.
-    status - always ascii hex-encoded u8 (0 == success, 12 == deferred success)
-    adv_id - always ascii hex-encoded u32
-    adv_mac - always MAC address that owns/registered the service
-    conncap - always One of: 1 (new), 2 (group client), 4 (group owner) bits
-    session - always Session ID of the first session to be established
-    session_mac - always MAC address that owns/initiated the session
-    dev_passwd_id - only if conncap value == 1 (New GO negotiation)
-	8 - "p2ps" password must be passed in p2p_connect command
-	1 - "display" password must be passed in p2p_connect command
-	5 - "keypad" password must be passed in p2p_connect command
-    join only - if conncap value == 2 (Client Only). Display password and "join"
-	must be passed in p2p_connect and address must be the MAC specified
-    go only - if conncap value == 4 (GO Only). Interface name must be set with a
-	password
-    persist - only if previous persistent group existed between peers and shall
-	be re-used. Group is restarted by sending "p2p_group_add persistent=0"
-	where value is taken from P2P-PROV-DONE
-
-Extended Events/Response
-
-P2P-DEVICE-FOUND 00:11:22:33:44:55 p2p_dev_addr=00:11:22:33:44:55 pri_dev_type=0-00000000-0 name='' config_methods=0x108 dev_capab=0x21 group_capab=0x0 adv_id=111 asp_svc=alt.example.chat
-
-Parameters definition:
-    adv_id - if ASP ASCII hex-encoded u32. If it is reporting the
-	"wildcard service", this value will be 0
-    asp_svc - if ASP this is the service string. If it is reporting the
-	"wildcard service", this value will be org.wi-fi.wfds
-
-
-wpa_cli action script
----------------------
-
-See examples/p2p-action.sh
-
-TODO: describe DHCP/DNS setup
-TODO: cross-connection
diff --git a/wpa_supplicant/README-WPS b/wpa_supplicant/README-WPS
deleted file mode 100644
index b884f67a2435..000000000000
--- a/wpa_supplicant/README-WPS
+++ /dev/null
@@ -1,399 +0,0 @@
-wpa_supplicant and Wi-Fi Protected Setup (WPS)
-==============================================
-
-This document describes how the WPS implementation in wpa_supplicant
-can be configured and how an external component on the client (e.g.,
-management GUI) is used to enable WPS enrollment and registrar
-registration.
-
-
-Introduction to WPS
--------------------
-
-Wi-Fi Protected Setup (WPS) is a mechanism for easy configuration of a
-wireless network. It allows automated generation of random keys (WPA
-passphrase/PSK) and configuration of an access point and client
-devices. WPS includes number of methods for setting up connections
-with PIN method and push-button configuration (PBC) being the most
-commonly deployed options.
-
-While WPS can enable more home networks to use encryption in the
-wireless network, it should be noted that the use of the PIN and
-especially PBC mechanisms for authenticating the initial key setup is
-not very secure. As such, use of WPS may not be suitable for
-environments that require secure network access without chance for
-allowing outsiders to gain access during the setup phase.
-
-WPS uses following terms to describe the entities participating in the
-network setup:
-- access point: the WLAN access point
-- Registrar: a device that control a network and can authorize
-  addition of new devices); this may be either in the AP ("internal
-  Registrar") or in an external device, e.g., a laptop, ("external
-  Registrar")
-- Enrollee: a device that is being authorized to use the network
-
-It should also be noted that the AP and a client device may change
-roles (i.e., AP acts as an Enrollee and client device as a Registrar)
-when WPS is used to configure the access point.
-
-
-More information about WPS is available from Wi-Fi Alliance:
-http://www.wi-fi.org/wifi-protected-setup
-
-
-wpa_supplicant implementation
------------------------------
-
-wpa_supplicant includes an optional WPS component that can be used as
-an Enrollee to enroll new network credential or as a Registrar to
-configure an AP.
-
-
-wpa_supplicant configuration
-----------------------------
-
-WPS is an optional component that needs to be enabled in
-wpa_supplicant build configuration (.config). Here is an example
-configuration that includes WPS support and Linux nl80211 -based
-driver interface:
-
-CONFIG_DRIVER_NL80211=y
-CONFIG_WPS=y
-
-If you want to enable WPS external registrar (ER) functionality, you
-will also need to add following line:
-
-CONFIG_WPS_ER=y
-
-Following parameter can be used to enable support for NFC config method:
-
-CONFIG_WPS_NFC=y
-
-
-WPS needs the Universally Unique IDentifier (UUID; see RFC 4122) for
-the device. This is configured in the runtime configuration for
-wpa_supplicant (if not set, UUID will be generated based on local MAC
-address):
-
-# example UUID for WPS
-uuid=12345678-9abc-def0-1234-56789abcdef0
-
-The network configuration blocks needed for WPS are added
-automatically based on control interface commands, so they do not need
-to be added explicitly in the configuration file.
-
-WPS registration will generate new network blocks for the acquired
-credentials. If these are to be stored for future use (after
-restarting wpa_supplicant), wpa_supplicant will need to be configured
-to allow configuration file updates:
-
-update_config=1
-
-
-
-External operations
--------------------
-
-WPS requires either a device PIN code (usually, 8-digit number) or a
-pushbutton event (for PBC) to allow a new WPS Enrollee to join the
-network. wpa_supplicant uses the control interface as an input channel
-for these events.
-
-The PIN value used in the commands must be processed by an UI to
-remove non-digit characters and potentially, to verify the checksum
-digit. "wpa_cli wps_check_pin <PIN>" can be used to do such processing.
-It returns FAIL if the PIN is invalid, or FAIL-CHECKSUM if the checksum
-digit is incorrect, or the processed PIN (non-digit characters removed)
-if the PIN is valid.
-
-If the client device has a display, a random PIN has to be generated
-for each WPS registration session. wpa_supplicant can do this with a
-control interface request, e.g., by calling wpa_cli:
-
-wpa_cli wps_pin any
-
-This will return the generated 8-digit PIN which will then need to be
-entered at the Registrar to complete WPS registration. At that point,
-the client will be enrolled with credentials needed to connect to the
-AP to access the network.
-
-
-If the client device does not have a display that could show the
-random PIN, a hardcoded PIN that is printed on a label can be
-used. wpa_supplicant is notified this with a control interface
-request, e.g., by calling wpa_cli:
-
-wpa_cli wps_pin any 12345670
-
-This starts the WPS negotiation in the same way as above with the
-generated PIN.
-
-When the wps_pin command is issued for an AP (including P2P GO) mode
-interface, an optional timeout parameter can be used to specify
-expiration timeout for the PIN in seconds. For example:
-
-wpa_cli wps_pin any 12345670 300
-
-
-If a random PIN is needed for a user interface, "wpa_cli wps_pin get"
-can be used to generate a new PIN without starting WPS negotiation.
-This random PIN can then be passed as an argument to another wps_pin
-call when the actual operation should be started.
-
-If the client design wants to support optional WPS PBC mode, this can
-be enabled by either a physical button in the client device or a
-virtual button in the user interface. The PBC operation requires that
-a button is also pressed at the AP/Registrar at about the same time (2
-minute window). wpa_supplicant is notified of the local button event
-over the control interface, e.g., by calling wpa_cli:
-
-wpa_cli wps_pbc
-
-At this point, the AP/Registrar has two minutes to complete WPS
-negotiation which will generate a new WPA PSK in the same way as the
-PIN method described above.
-
-
-If the client wants to operate in the Registrar role to learn the
-current AP configuration and optionally, to configure an AP,
-wpa_supplicant is notified over the control interface, e.g., with
-wpa_cli:
-
-wpa_cli wps_reg <AP BSSID> <AP PIN>
-(example: wpa_cli wps_reg 02:34:56:78:9a:bc 12345670)
-
-This is used to fetch the current AP settings instead of actually
-changing them. The main difference with the wps_pin command is that
-wps_reg uses the AP PIN (e.g., from a label on the AP) instead of a
-PIN generated at the client.
-
-In order to change the AP configuration, the new configuration
-parameters are given to the wps_reg command:
-
-wpa_cli wps_reg <AP BSSID> <AP PIN> <new SSID> <auth> <encr> <new key>
-examples:
-  wpa_cli wps_reg 02:34:56:78:9a:bc 12345670 testing WPA2PSK CCMP 12345678
-  wpa_cli wps_reg 02:34:56:78:9a:bc 12345670 clear OPEN NONE ""
-
-<auth> must be one of the following: OPEN WPAPSK WPA2PSK
-<encr> must be one of the following: NONE WEP TKIP CCMP
-
-
-Scanning
---------
-
-Scan results ('wpa_cli scan_results' or 'wpa_cli bss <idx>') include a
-flags field that is used to indicate whether the BSS support WPS. If
-the AP support WPS, but has not recently activated a Registrar, [WPS]
-flag will be included. If PIN method has been recently selected,
-[WPS-PIN] is shown instead. Similarly, [WPS-PBC] is shown if PBC mode
-is in progress. GUI programs can use these as triggers for suggesting
-a guided WPS configuration to the user. In addition, control interface
-monitor events WPS-AP-AVAILABLE{,-PBC,-PIN} can be used to find out if
-there are WPS enabled APs in scan results without having to go through
-all the details in the GUI. These notification could be used, e.g., to
-suggest possible WPS connection to the user.
-
-
-wpa_gui
--------
-
-wpa_gui-qt4 directory contains a sample GUI that shows an example of
-how WPS support can be integrated into the GUI. Its main window has a
-WPS tab that guides user through WPS registration with automatic AP
-selection. In addition, it shows how WPS can be started manually by
-selecting an AP from scan results.
-
-
-Credential processing
----------------------
-
-By default, wpa_supplicant processes received credentials and updates
-its configuration internally. However, it is possible to
-control these operations from external programs, if desired.
-
-This internal processing can be disabled with wps_cred_processing=1
-option. When this is used, an external program is responsible for
-processing the credential attributes and updating wpa_supplicant
-configuration based on them.
-
-Following control interface messages are sent out for external programs:
-
-WPS-CRED-RECEIVED  <hexdump of Credential attribute(s)>
-For example:
-<2>WPS-CRED-RECEIVED 100e006f10260001011045000c6a6b6d2d7770732d74657374100300020020100f000200081027004030653462303435366332363666653064333961643135353461316634626637313234333761636664623766333939653534663166316230323061643434386235102000060266a0ee1727
-
-
-wpa_supplicant as WPS External Registrar (ER)
----------------------------------------------
-
-wpa_supplicant can be used as a WPS ER to configure an AP or enroll
-new Enrollee to join the network. This functionality uses UPnP and
-requires that a working IP connectivity is available with the AP (this
-can be either over a wired or wireless connection).
-
-Separate wpa_supplicant process can be started for WPS ER
-operations. A special "none" driver can be used in such a case to
-indicate that no local network interface is actually controlled. For
-example, following command could be used to start the ER:
-
-wpa_supplicant -Dnone -c er.conf -ieth0
-
-Sample er.conf:
-
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=admin
-device_name=WPS External Registrar
-
-
-wpa_cli commands for ER functionality:
-
-wps_er_start [IP address]
-- start WPS ER functionality
-- the optional IP address parameter can be used to filter operations only
-  to include a single AP
-- if run again while ER is active, the stored information (discovered APs
-  and Enrollees) are shown again
-
-wps_er_stop
-- stop WPS ER functionality
-
-wps_er_learn <UUID|BSSID> <AP PIN>
-- learn AP configuration
-
-wps_er_set_config <UUID|BSSID> <network id>
-- use AP configuration from a locally configured network (e.g., from
-  wps_reg command); this does not change the AP's configuration, but
-  only prepares a configuration to be used when enrolling a new device
-  to the AP
-
-wps_er_config <UUID|BSSID> <AP PIN> <new SSID> <auth> <encr> <new key>
-- examples:
-  wps_er_config 87654321-9abc-def0-1234-56789abc0002 12345670 testing WPA2PSK CCMP 12345678
-  wpa_er_config 87654321-9abc-def0-1234-56789abc0002 12345670 clear OPEN NONE ""
-
-<auth> must be one of the following: OPEN WPAPSK WPA2PSK
-<encr> must be one of the following: NONE WEP TKIP CCMP
-
-
-wps_er_pbc <Enrollee UUID|MAC address>
-- accept an Enrollee PBC using External Registrar
-
-wps_er_pin <Enrollee UUID|"any"|MAC address> <PIN> [Enrollee MAC address]
-- add an Enrollee PIN to External Registrar
-- if Enrollee UUID is not known, "any" can be used to add a wildcard PIN
-- if the MAC address of the enrollee is known, it should be configured
-  to allow the AP to advertise list of authorized enrollees
-
-
-WPS ER events:
-
-WPS_EVENT_ER_AP_ADD
-- WPS ER discovered an AP
-
-WPS-ER-AP-ADD 87654321-9abc-def0-1234-56789abc0002 02:11:22:33:44:55 pri_dev_type=6-0050F204-1 wps_state=1 |Very friendly name|Company|Long description of the model|WAP|http://w1.fi/|http://w1.fi/hostapd/
-
-WPS_EVENT_ER_AP_REMOVE
-- WPS ER removed an AP entry
-
-WPS-ER-AP-REMOVE 87654321-9abc-def0-1234-56789abc0002
-
-WPS_EVENT_ER_ENROLLEE_ADD
-- WPS ER discovered a new Enrollee
-
-WPS-ER-ENROLLEE-ADD 2b7093f1-d6fb-5108-adbb-bea66bb87333 02:66:a0:ee:17:27 M1=1 config_methods=0x14d dev_passwd_id=0 pri_dev_type=1-0050F204-1 |Wireless Client|Company|cmodel|123|12345|
-
-WPS_EVENT_ER_ENROLLEE_REMOVE
-- WPS ER removed an Enrollee entry
-
-WPS-ER-ENROLLEE-REMOVE 2b7093f1-d6fb-5108-adbb-bea66bb87333 02:66:a0:ee:17:27
-
-WPS-ER-AP-SETTINGS
-- WPS ER learned AP settings
-
-WPS-ER-AP-SETTINGS uuid=fd91b4ec-e3fa-5891-a57d-8c59efeed1d2 ssid=test-wps auth_type=0x0020 encr_type=0x0008 key=12345678
-
-
-WPS with NFC
-------------
-
-WPS can be used with NFC-based configuration method. An NFC tag
-containing a password token from the Enrollee can be used to
-authenticate the connection instead of the PIN. In addition, an NFC tag
-with a configuration token can be used to transfer AP settings without
-going through the WPS protocol.
-
-When the station acts as an Enrollee, a local NFC tag with a password
-token can be used by touching the NFC interface of a Registrar.
-
-"wps_nfc [BSSID]" command starts WPS protocol run with the local end as
-the Enrollee using the NFC password token that is either pre-configured
-in the configuration file (wps_nfc_dev_pw_id, wps_nfc_dh_pubkey,
-wps_nfc_dh_privkey, wps_nfc_dev_pw) or generated dynamically with
-"wps_nfc_token <WPS|NDEF>" command. The included nfc_pw_token tool
-(build with "make nfc_pw_token") can be used to generate NFC password
-tokens during manufacturing (each station needs to have its own random
-keys).
-
-The "wps_nfc_config_token <WPS/NDEF>" command can be used to build an
-NFC configuration token when wpa_supplicant is controlling an AP
-interface (AP or P2P GO). The output value from this command is a
-hexdump of the current AP configuration (WPS parameter requests this to
-include only the WPS attributes; NDEF parameter requests additional NDEF
-encapsulation to be included). This data needs to be written to an NFC
-tag with an external program. Once written, the NFC configuration token
-can be used to touch an NFC interface on a station to provision the
-credentials needed to access the network.
-
-The "wps_nfc_config_token <WPS/NDEF> <network id>" command can be used
-to build an NFC configuration token based on a locally configured
-network.
-
-If the station includes NFC interface and reads an NFC tag with a MIME
-media type "application/vnd.wfa.wsc", the NDEF message payload (with or
-without NDEF encapsulation) can be delivered to wpa_supplicant using the
-following wpa_cli command:
-
-wps_nfc_tag_read <hexdump of payload>
-
-If the NFC tag contains a configuration token, the network is added to
-wpa_supplicant configuration. If the NFC tag contains a password token,
-the token is added to the WPS Registrar component. This information can
-then be used with wps_reg command (when the NFC password token was from
-an AP) using a special value "nfc-pw" in place of the PIN parameter. If
-the ER functionality has been started (wps_er_start), the NFC password
-token is used to enable enrollment of a new station (that was the source
-of the NFC password token).
-
-"nfc_get_handover_req <NDEF> <WPS-CR>" command can be used to build the
-WPS carrier record for a Handover Request Message for connection
-handover. The first argument selects the format of the output data and
-the second argument selects which type of connection handover is
-requested (WPS-CR = Wi-Fi handover as specified in WSC 2.0).
-
-"nfc_get_handover_sel <NDEF> <WPS> [UUID|BSSID]" command can be used to
-build the contents of a Handover Select Message for connection handover
-when this does not depend on the contents of the Handover Request
-Message. The first argument selects the format of the output data and
-the second argument selects which type of connection handover is
-requested (WPS = Wi-Fi handover as specified in WSC 2.0). If the options
-UUID|BSSID argument is included, this is a request to build the handover
-message for the specified AP when wpa_supplicant is operating as a WPS
-ER.
-
-"nfc_report_handover <INIT/RESP> WPS <carrier from handover request>
-<carrier from handover select>" can be used as an alternative way for
-reporting completed NFC connection handover. The first parameter
-indicates whether the local device initiated or responded to the
-connection handover and the carrier records are the selected carrier
-from the handover request and select messages as a hexdump.
-
-The "wps_er_nfc_config_token <WPS/NDEF> <UUID|BSSID>" command can be
-used to build an NFC configuration token for the specified AP when
-wpa_supplicant is operating as a WPS ER. The output value from this
-command is a hexdump of the selected AP configuration (WPS parameter
-requests this to include only the WPS attributes; NDEF parameter
-requests additional NDEF encapsulation to be included). This data needs
-to be written to an NFC tag with an external program. Once written, the
-NFC configuration token can be used to touch an NFC interface on a
-station to provision the credentials needed to access the network.
diff --git a/wpa_supplicant/README-Windows.txt b/wpa_supplicant/README-Windows.txt
deleted file mode 100644
index 7288abd9a161..000000000000
--- a/wpa_supplicant/README-Windows.txt
+++ /dev/null
@@ -1,299 +0,0 @@
-wpa_supplicant for Windows
-==========================
-
-Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi> and contributors
-All Rights Reserved.
-
-This program is licensed under the BSD license (the one with
-advertisement clause removed).
-
-
-wpa_supplicant has support for being used as a WPA/WPA2/IEEE 802.1X
-Supplicant on Windows. The current port requires that WinPcap
-(http://winpcap.polito.it/) is installed for accessing packets and the
-driver interface. Both release versions 3.0 and 3.1 are supported.
-
-The current port is still somewhat experimental. It has been tested
-mainly on Windows XP (SP2) with limited set of NDIS drivers. In
-addition, the current version has been reported to work with Windows
-2000.
-
-All security modes have been verified to work (at least complete
-authentication and successfully ping a wired host):
-- plaintext
-- static WEP / open system authentication
-- static WEP / shared key authentication
-- IEEE 802.1X with dynamic WEP keys
-- WPA-PSK, TKIP, CCMP, TKIP+CCMP
-- WPA-EAP, TKIP, CCMP, TKIP+CCMP
-- WPA2-PSK, TKIP, CCMP, TKIP+CCMP
-- WPA2-EAP, TKIP, CCMP, TKIP+CCMP
-
-
-Building wpa_supplicant with mingw
-----------------------------------
-
-The default build setup for wpa_supplicant is to use MinGW and
-cross-compiling from Linux to MinGW/Windows. It should also be
-possible to build this under Windows using the MinGW tools, but that
-is not tested nor supported and is likely to require some changes to
-the Makefile unless cygwin is used.
-
-
-Building wpa_supplicant with MSVC
----------------------------------
-
-wpa_supplicant can be built with Microsoft Visual C++ compiler. This
-has been tested with Microsoft Visual C++ Toolkit 2003 and Visual
-Studio 2005 using the included nmake.mak as a Makefile for nmake. IDE
-can also be used by creating a project that includes the files and
-defines mentioned in nmake.mak. Example VS2005 solution and project
-files are included in vs2005 subdirectory. This can be used as a
-starting point for building the programs with VS2005 IDE. Visual Studio
-2008 Express Edition is also able to use these project files.
-
-WinPcap development package is needed for the build and this can be
-downloaded from http://www.winpcap.org/install/bin/WpdPack_4_0_2.zip. The
-default nmake.mak expects this to be unpacked into C:\dev\WpdPack so
-that Include and Lib directories are in this directory. The files can be
-stored elsewhere as long as the WINPCAPDIR in nmake.mak is updated to
-match with the selected directory. In case a project file in the IDE is
-used, these Include and Lib directories need to be added to project
-properties as additional include/library directories.
-
-OpenSSL source package can be downloaded from
-http://www.openssl.org/source/openssl-0.9.8i.tar.gz and built and
-installed following instructions in INSTALL.W32. Note that if EAP-FAST
-support will be included in the wpa_supplicant, OpenSSL needs to be
-patched to# support it openssl-0.9.8i-tls-extensions.patch. The example
-nmake.mak file expects OpenSSL to be installed into C:\dev\openssl, but
-this directory can be modified by changing OPENSSLDIR variable in
-nmake.mak.
-
-If you do not need EAP-FAST support, you may also be able to use Win32
-binary installation package of OpenSSL from
-http://www.slproweb.com/products/Win32OpenSSL.html instead of building
-the library yourself. In this case, you will need to copy Include and
-Lib directories in suitable directory, e.g., C:\dev\openssl for the
-default nmake.mak. Copy {Win32OpenSSLRoot}\include into
-C:\dev\openssl\include and make C:\dev\openssl\lib subdirectory with
-files from {Win32OpenSSLRoot}\VC (i.e., libeay*.lib and ssleay*.lib).
-This will end up using dynamically linked OpenSSL (i.e., .dll files are
-needed) for it. Alternative, you can copy files from
-{Win32OpenSSLRoot}\VC\static to create a static build (no OpenSSL .dll
-files needed).
-
-
-Building wpa_supplicant for cygwin
-----------------------------------
-
-wpa_supplicant can be built for cygwin by installing the needed
-development packages for cygwin. This includes things like compiler,
-make, openssl development package, etc. In addition, developer's pack
-for WinPcap (WPdpack.zip) from
-http://winpcap.polito.it/install/default.htm is needed.
-
-.config file should enable only one driver interface,
-CONFIG_DRIVER_NDIS. In addition, include directories may need to be
-added to match the system. An example configuration is available in
-defconfig. The library and include files for WinPcap will either need
-to be installed in compiler/linker default directories or their
-location will need to be adding to .config when building
-wpa_supplicant.
-
-Othen than this, the build should be more or less identical to Linux
-version, i.e., just run make after having created .config file. An
-additional tool, win_if_list.exe, can be built by running "make
-win_if_list".
-
-
-Building wpa_gui
-----------------
-
-wpa_gui uses Qt application framework from Trolltech. It can be built
-with the open source version of Qt4 and MinGW. Following commands can
-be used to build the binary in the Qt 4 Command Prompt:
-
-# go to the root directory of wpa_supplicant source code
-cd wpa_gui-qt4
-qmake -o Makefile wpa_gui.pro
-make
-# the wpa_gui.exe binary is created into 'release' subdirectory
-
-
-Using wpa_supplicant for Windows
---------------------------------
-
-wpa_supplicant, wpa_cli, and wpa_gui behave more or less identically to
-Linux version, so instructions in README and example wpa_supplicant.conf
-should be applicable for most parts. In addition, there is another
-version of wpa_supplicant, wpasvc.exe, which can be used as a Windows
-service and which reads its configuration from registry instead of
-text file.
-
-When using access points in "hidden SSID" mode, ap_scan=2 mode need to
-be used (see wpa_supplicant.conf for more information).
-
-Windows NDIS/WinPcap uses quite long interface names, so some care
-will be needed when starting wpa_supplicant. Alternatively, the
-adapter description can be used as the interface name which may be
-easier since it is usually in more human-readable
-format. win_if_list.exe can be used to find out the proper interface
-name.
-
-Example steps in starting up wpa_supplicant:
-
-# win_if_list.exe
-ifname: \Device\NPF_GenericNdisWanAdapter
-description: Generic NdisWan adapter
-
-ifname: \Device\NPF_{769E012B-FD17-4935-A5E3-8090C38E25D2}
-description: Atheros Wireless Network Adapter (Microsoft's Packet Scheduler)
-
-ifname: \Device\NPF_{732546E7-E26C-48E3-9871-7537B020A211}
-description: Intel 8255x-based Integrated Fast Ethernet (Microsoft's Packet Scheduler)
-
-
-Since the example configuration used Atheros WLAN card, the middle one
-is the correct interface in this case. The interface name for -i
-command line option is the full string following "ifname:" (the
-"\Device\NPF_" prefix can be removed). In other words, wpa_supplicant
-would be started with the following command:
-
-# wpa_supplicant.exe -i'{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
-
--d optional enables some more debugging (use -dd for even more, if
-needed). It can be left out if debugging information is not needed.
-
-With the alternative mechanism for selecting the interface, this
-command has identical results in this case:
-
-# wpa_supplicant.exe -iAtheros -c wpa_supplicant.conf -d
-
-
-Simple configuration example for WPA-PSK:
-
-#ap_scan=2
-ctrl_interface=
-network={
-	ssid="test"
-	key_mgmt=WPA-PSK
-	proto=WPA
-	pairwise=TKIP
-	psk="secret passphrase"
-}
-
-(remove '#' from the comment out ap_scan line to enable mode in which
-wpa_supplicant tries to associate with the SSID without doing
-scanning; this allows APs with hidden SSIDs to be used)
-
-
-wpa_cli.exe and wpa_gui.exe can be used to interact with the
-wpa_supplicant.exe program in the same way as with Linux. Note that
-ctrl_interface is using UNIX domain sockets when built for cygwin, but
-the native build for Windows uses named pipes and the contents of the
-ctrl_interface configuration item is used to control access to the
-interface. Anyway, this variable has to be included in the configuration
-to enable the control interface.
-
-
-Example SDDL string formats:
-
-(local admins group has permission, but nobody else):
-
-ctrl_interface=SDDL=D:(A;;GA;;;BA)
-
-("A" == "access allowed", "GA" == GENERIC_ALL == all permissions, and
-"BA" == "builtin administrators" == the local admins.  The empty fields
-are for flags and object GUIDs, none of which should be required in this
-case.)
-
-(local admins and the local "power users" group have permissions,
-but nobody else):
-
-ctrl_interface=SDDL=D:(A;;GA;;;BA)(A;;GA;;;PU)
-
-(One ACCESS_ALLOWED ACE for GENERIC_ALL for builtin administrators, and
-one ACCESS_ALLOWED ACE for GENERIC_ALL for power users.)
-
-(close to wide open, but you have to be a valid user on
-the machine):
-
-ctrl_interface=SDDL=D:(A;;GA;;;AU)
-
-(One ACCESS_ALLOWED ACE for GENERIC_ALL for the "authenticated users"
-group.)
-
-This one would allow absolutely everyone (including anonymous
-users) -- this is *not* recommended, since named pipes can be attached
-to from anywhere on the network (i.e. there's no "this machine only"
-like there is with 127.0.0.1 sockets):
-
-ctrl_interface=SDDL=D:(A;;GA;;;BU)(A;;GA;;;AN)
-
-(BU == "builtin users", "AN" == "anonymous")
-
-See also [1] for the format of ACEs, and [2] for the possible strings
-that can be used for principal names.
-
-[1]
-http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp
-[2]
-http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/sid_strings.asp
-
-
-Starting wpa_supplicant as a Windows service (wpasvc.exe)
----------------------------------------------------------
-
-wpa_supplicant can be started as a Windows service by using wpasvc.exe
-program that is alternative build of wpa_supplicant.exe. Most of the
-core functionality of wpasvc.exe is identical to wpa_supplicant.exe,
-but it is using Windows registry for configuration information instead
-of a text file and command line parameters. In addition, it can be
-registered as a service that can be started automatically or manually
-like any other Windows service.
-
-The root of wpa_supplicant configuration in registry is
-HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
-parameters and a 'interfaces' subkey with all the interface configuration
-(adapter to confname mapping). Each such mapping is a subkey that has
-'adapter', 'config', and 'ctrl_interface' values.
-
-This program can be run either as a normal command line application,
-e.g., for debugging, with 'wpasvc.exe app' or as a Windows service.
-Service need to be registered with 'wpasvc.exe reg <full path to
-wpasvc.exe>'. Alternatively, 'wpasvc.exe reg' can be used to register
-the service with the current location of wpasvc.exe. After this, wpasvc
-can be started like any other Windows service (e.g., 'net start wpasvc')
-or it can be configured to start automatically through the Services tool
-in administrative tasks. The service can be unregistered with
-'wpasvc.exe unreg'.
-
-If the service is set to start during system bootup to make the
-network connection available before any user has logged in, there may
-be a long (half a minute or so) delay in starting up wpa_supplicant
-due to WinPcap needing a driver called "Network Monitor Driver" which
-is started by default on demand.
-
-To speed up wpa_supplicant start during system bootup, "Network
-Monitor Driver" can be configured to be started sooner by setting its
-startup type to System instead of the default Demand. To do this, open
-up Device Manager, select Show Hidden Devices, expand the "Non
-Plug-and-Play devices" branch, double click "Network Monitor Driver",
-go to the Driver tab, and change the Demand setting to System instead.
-
-Configuration data is in HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs
-key. Each configuration profile has its own key under this. In terms of text
-files, each profile would map to a separate text file with possibly multiple
-networks. Under each profile, there is a networks key that lists all
-networks as a subkey. Each network has set of values in the same way as
-network block in the configuration file. In addition, blobs subkey has
-possible blobs as values.
-
-HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
-   ssid="example"
-   key_mgmt=WPA-PSK
-
-See win_example.reg for an example on how to setup wpasvc.exe
-parameters in registry. It can also be imported to registry as a
-starting point for the configuration.
diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config
deleted file mode 100644
index 283f8eb0a995..000000000000
--- a/wpa_supplicant/android.config
+++ /dev/null
@@ -1,545 +0,0 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-#CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-#CONFIG_DRIVER_NL80211=y
-CONFIG_LIBNL20=y
-
-# QCA vendor extensions to nl80211
-CONFIG_DRIVER_NL80211_QCA=y
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
-#CONFIG_DRIVER_WIRED=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
-# included)
-CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-#CONFIG_EAP_FAST=y
-
-# EAP-GTC
-CONFIG_EAP_GTC=y
-
-# EAP-OTP
-CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-CONFIG_EAP_SIM=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-CONFIG_EAP_PWD=y
-
-# EAP-PAX
-#CONFIG_EAP_PAX=y
-
-# LEAP
-CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable WPS external registrar functionality
-CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-#CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-#CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-#	path is given on command line, not here; this option is just used to
-#	select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-#CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-#CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# Support Operating Channel Validation
-#CONFIG_OCV=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# none = Empty template
-#CONFIG_TLS=openssl
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for Binder control interface
-# Only applicable for Android platforms.
-#CONFIG_CTRL_IFACE_BINDER=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-#CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-
-# Wpa_supplicant's random pool is not necessary on Android. Randomness is
-# already provided by the entropymixer service which ensures sufficient
-# entropy is maintained across reboots. Commit b410eb1913 'Initialize
-# /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before
-# either wpa_supplicant or hostapd are run.
-CONFIG_NO_RANDOM_POOL=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-#CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-CONFIG_P2P=y
-
-# Enable TDLS support
-CONFIG_TDLS=y
-
-# Wi-Fi Display
-# This can be used to enable Wi-Fi Display extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
-CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-#CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-#CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Wired equivalent privacy (WEP)
-# WEP is an obsolete cryptographic data confidentiality algorithm that is not
-# considered secure. It should not be used for anything anymore. The
-# functionality needed to use WEP is available in the current wpa_supplicant
-# release under this optional build parameter. This functionality is subject to
-# be completely removed in a future release.
-CONFIG_WEP=y
-
-include $(wildcard $(LOCAL_PATH)/android_config_*.inc)
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
deleted file mode 100644
index 6a0a69e68ee6..000000000000
--- a/wpa_supplicant/ap.c
+++ /dev/null
@@ -1,1945 +0,0 @@
-/*
- * WPA Supplicant - Basic AP mode support routines
- * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2009, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/uuid.h"
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_ctrl.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "crypto/dh_group5.h"
-#include "ap/hostapd.h"
-#include "ap/ap_config.h"
-#include "ap/ap_drv_ops.h"
-#ifdef NEED_AP_MLME
-#include "ap/ieee802_11.h"
-#endif /* NEED_AP_MLME */
-#include "ap/beacon.h"
-#include "ap/ieee802_1x.h"
-#include "ap/wps_hostapd.h"
-#include "ap/ctrl_iface_ap.h"
-#include "ap/dfs.h"
-#include "wps/wps.h"
-#include "common/ieee802_11_defs.h"
-#include "config_ssid.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "p2p_supplicant.h"
-#include "ap.h"
-#include "ap/sta_info.h"
-#include "notify.h"
-
-
-#ifdef CONFIG_WPS
-static void wpas_wps_ap_pin_timeout(void *eloop_data, void *user_ctx);
-#endif /* CONFIG_WPS */
-
-
-#ifdef CONFIG_P2P
-static bool is_chanwidth160_supported(struct hostapd_hw_modes *mode,
-				      struct hostapd_config *conf)
-{
-#ifdef CONFIG_IEEE80211AX
-	if (conf->ieee80211ax) {
-		struct he_capabilities *he_cap;
-
-		he_cap = &mode->he_capab[IEEE80211_MODE_AP];
-		if (he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
-		    (HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G |
-		     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G))
-			return true;
-	}
-#endif /* CONFIG_IEEE80211AX */
-	if (mode->vht_capab & (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
-			       VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))
-		return true;
-	return false;
-}
-#endif /* CONFIG_P2P */
-
-
-static void wpas_conf_ap_vht(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid,
-			     struct hostapd_config *conf,
-			     struct hostapd_hw_modes *mode)
-{
-#ifdef CONFIG_P2P
-	u8 center_chan = 0;
-	u8 channel = conf->channel;
-#endif /* CONFIG_P2P */
-	u8 freq_seg_idx;
-
-	if (!conf->secondary_channel)
-		goto no_vht;
-
-	/* Use the maximum oper channel width if it's given. */
-	if (ssid->max_oper_chwidth)
-		hostapd_set_oper_chwidth(conf, ssid->max_oper_chwidth);
-	if (hostapd_get_oper_chwidth(conf))
-		ieee80211_freq_to_channel_ext(ssid->frequency, 0,
-					      hostapd_get_oper_chwidth(conf),
-					      &conf->op_class,
-					      &conf->channel);
-
-	if (hostapd_get_oper_chwidth(conf) == CHANWIDTH_80P80MHZ) {
-		ieee80211_freq_to_chan(ssid->vht_center_freq2,
-				       &freq_seg_idx);
-		hostapd_set_oper_centr_freq_seg1_idx(conf, freq_seg_idx);
-	}
-
-	if (!ssid->p2p_group) {
-		if (!ssid->vht_center_freq1)
-			goto no_vht;
-		ieee80211_freq_to_chan(ssid->vht_center_freq1,
-				       &freq_seg_idx);
-		hostapd_set_oper_centr_freq_seg0_idx(conf, freq_seg_idx);
-
-		wpa_printf(MSG_DEBUG,
-			   "VHT seg0 index %d and seg1 index %d for AP",
-			   hostapd_get_oper_centr_freq_seg0_idx(conf),
-			   hostapd_get_oper_centr_freq_seg1_idx(conf));
-		return;
-	}
-
-#ifdef CONFIG_P2P
-	switch (hostapd_get_oper_chwidth(conf)) {
-	case CHANWIDTH_80MHZ:
-	case CHANWIDTH_80P80MHZ:
-		center_chan = wpas_p2p_get_vht80_center(wpa_s, mode, channel,
-							conf->op_class);
-		wpa_printf(MSG_DEBUG,
-			   "VHT center channel %u for 80 or 80+80 MHz bandwidth",
-			   center_chan);
-		break;
-	case CHANWIDTH_160MHZ:
-		center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel,
-							 conf->op_class);
-		wpa_printf(MSG_DEBUG,
-			   "VHT center channel %u for 160 MHz bandwidth",
-			   center_chan);
-		break;
-	default:
-		/*
-		 * conf->vht_oper_chwidth might not be set for non-P2P GO cases,
-		 * try oper_cwidth 160 MHz first then VHT 80 MHz, if 160 MHz is
-		 * not supported.
-		 */
-		hostapd_set_oper_chwidth(conf, CHANWIDTH_160MHZ);
-		ieee80211_freq_to_channel_ext(ssid->frequency, 0,
-					      conf->vht_oper_chwidth,
-					      &conf->op_class,
-					      &conf->channel);
-		center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel,
-							 conf->op_class);
-		if (center_chan && is_chanwidth160_supported(mode, conf)) {
-			wpa_printf(MSG_DEBUG,
-				   "VHT center channel %u for auto-selected 160 MHz bandwidth",
-				   center_chan);
-		} else {
-			hostapd_set_oper_chwidth(conf, CHANWIDTH_80MHZ);
-			ieee80211_freq_to_channel_ext(ssid->frequency, 0,
-						      conf->vht_oper_chwidth,
-						      &conf->op_class,
-						      &conf->channel);
-			center_chan = wpas_p2p_get_vht80_center(wpa_s, mode,
-								channel,
-								conf->op_class);
-			wpa_printf(MSG_DEBUG,
-				   "VHT center channel %u for auto-selected 80 MHz bandwidth",
-				   center_chan);
-		}
-		break;
-	}
-	if (!center_chan)
-		goto no_vht;
-
-	hostapd_set_oper_centr_freq_seg0_idx(conf, center_chan);
-	wpa_printf(MSG_DEBUG, "VHT seg0 index %d for P2P GO",
-		   hostapd_get_oper_centr_freq_seg0_idx(conf));
-	return;
-#endif /* CONFIG_P2P */
-
-no_vht:
-	wpa_printf(MSG_DEBUG,
-		   "No VHT higher bandwidth support for the selected channel %d",
-		   conf->channel);
-	hostapd_set_oper_centr_freq_seg0_idx(
-		conf, conf->channel + conf->secondary_channel * 2);
-	hostapd_set_oper_chwidth(conf, CHANWIDTH_USE_HT);
-}
-
-
-static struct hostapd_hw_modes *
-wpa_supplicant_find_hw_mode(struct wpa_supplicant *wpa_s,
-			    enum hostapd_hw_mode hw_mode)
-{
-	struct hostapd_hw_modes *mode = NULL;
-	int i;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		if (wpa_s->hw.modes[i].mode == hw_mode) {
-			mode = &wpa_s->hw.modes[i];
-			break;
-		}
-	}
-
-	return mode;
-}
-
-
-#ifdef CONFIG_P2P
-
-static int get_max_oper_chwidth_6ghz(int chwidth)
-{
-	switch (chwidth) {
-	case CHANWIDTH_USE_HT:
-		return 20;
-	case CHANWIDTH_40MHZ_6GHZ:
-		return 40;
-	case CHANWIDTH_80MHZ:
-		return 80;
-	case CHANWIDTH_80P80MHZ:
-	case CHANWIDTH_160MHZ:
-		return 160;
-	default:
-		return 0;
-	}
-}
-
-
-static void wpas_conf_ap_he_6ghz(struct wpa_supplicant *wpa_s,
-				 struct hostapd_hw_modes *mode,
-				 struct wpa_ssid *ssid,
-				 struct hostapd_config *conf)
-{
-	bool is_chanwidth_40_80, is_chanwidth_160;
-	int he_chanwidth;
-
-	he_chanwidth =
-		mode->he_capab[wpas_mode_to_ieee80211_mode(
-			ssid->mode)].phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX];
-	is_chanwidth_40_80 = he_chanwidth &
-		HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G;
-	is_chanwidth_160 = he_chanwidth &
-		HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
-
-	wpa_printf(MSG_DEBUG,
-		   "Enable HE support (p2p_group=%d he_chwidth_cap=%d)",
-		   ssid->p2p_group, he_chanwidth);
-
-	if (mode->he_capab[wpas_mode_to_ieee80211_mode(
-			    ssid->mode)].he_supported &&
-	    ssid->he)
-		conf->ieee80211ax = 1;
-
-	if (is_chanwidth_40_80 && ssid->p2p_group &&
-	    get_max_oper_chwidth_6ghz(ssid->max_oper_chwidth) >= 40) {
-		conf->secondary_channel =
-			wpas_p2p_get_sec_channel_offset_40mhz(
-				wpa_s, mode, conf->channel);
-		wpa_printf(MSG_DEBUG,
-			   "Secondary channel offset %d for P2P group",
-			   conf->secondary_channel);
-		if (ssid->max_oper_chwidth == CHANWIDTH_40MHZ_6GHZ)
-			ssid->max_oper_chwidth = CHANWIDTH_USE_HT;
-	}
-
-	if ((is_chanwidth_40_80 || is_chanwidth_160) && ssid->p2p_group &&
-	    get_max_oper_chwidth_6ghz(ssid->max_oper_chwidth) >= 80)
-		wpas_conf_ap_vht(wpa_s, ssid, conf, mode);
-}
-
-#endif /* CONFIG_P2P */
-
-
-int wpa_supplicant_conf_ap_ht(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid,
-			      struct hostapd_config *conf)
-{
-	conf->hw_mode = ieee80211_freq_to_channel_ext(ssid->frequency, 0,
-						      CHANWIDTH_USE_HT,
-						      &conf->op_class,
-						      &conf->channel);
-	if (conf->hw_mode == NUM_HOSTAPD_MODES) {
-		wpa_printf(MSG_ERROR, "Unsupported AP mode frequency: %d MHz",
-			   ssid->frequency);
-		return -1;
-	}
-
-	/*
-	 * Enable HT20 if the driver supports it, by setting conf->ieee80211n
-	 * and a mask of allowed capabilities within conf->ht_capab.
-	 * Using default config settings for: conf->ht_op_mode_fixed,
-	 * conf->secondary_channel, conf->require_ht
-	 */
-	if (wpa_s->hw.modes) {
-		struct hostapd_hw_modes *mode = NULL;
-		int no_ht = 0;
-
-		wpa_printf(MSG_DEBUG,
-			   "Determining HT/VHT options based on driver capabilities (freq=%u chan=%u)",
-			   ssid->frequency, conf->channel);
-
-		mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-				conf->hw_mode, is_6ghz_freq(ssid->frequency));
-
-		/* May drop to IEEE 802.11b if the driver does not support IEEE
-		 * 802.11g */
-		if (!mode && conf->hw_mode == HOSTAPD_MODE_IEEE80211G) {
-			conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
-			wpa_printf(MSG_INFO,
-				   "Try downgrade to IEEE 802.11b as 802.11g is not supported by the current hardware");
-			mode = wpa_supplicant_find_hw_mode(wpa_s,
-							   conf->hw_mode);
-		}
-
-		if (!mode) {
-			wpa_printf(MSG_ERROR,
-				   "No match between requested and supported hw modes found");
-			return -1;
-		}
-
-#ifdef CONFIG_HT_OVERRIDES
-		if (ssid->disable_ht)
-			ssid->ht = 0;
-#endif /* CONFIG_HT_OVERRIDES */
-
-		if (!ssid->ht) {
-			wpa_printf(MSG_DEBUG,
-				   "HT not enabled in network profile");
-			conf->ieee80211n = 0;
-			conf->ht_capab = 0;
-			no_ht = 1;
-		}
-
-		if (mode && is_6ghz_freq(ssid->frequency) &&
-		    conf->hw_mode == HOSTAPD_MODE_IEEE80211A) {
-#ifdef CONFIG_P2P
-			wpas_conf_ap_he_6ghz(wpa_s, mode, ssid, conf);
-#endif /* CONFIG_P2P */
-		} else if (!no_ht && mode && mode->ht_capab) {
-			wpa_printf(MSG_DEBUG,
-				   "Enable HT support (p2p_group=%d 11a=%d ht40_hw_capab=%d ssid->ht40=%d)",
-				   ssid->p2p_group,
-				   conf->hw_mode == HOSTAPD_MODE_IEEE80211A,
-				   !!(mode->ht_capab &
-				      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET),
-				   ssid->ht40);
-			conf->ieee80211n = 1;
-
-			if (ssid->ht40 &&
-			    (mode->ht_capab &
-			     HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
-				conf->secondary_channel = ssid->ht40;
-			else
-				conf->secondary_channel = 0;
-
-#ifdef CONFIG_P2P
-			if (ssid->p2p_group &&
-			    conf->hw_mode == HOSTAPD_MODE_IEEE80211A &&
-			    (mode->ht_capab &
-			     HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET) &&
-			    ssid->ht40) {
-				conf->secondary_channel =
-					wpas_p2p_get_sec_channel_offset_40mhz(
-						wpa_s, mode, conf->channel);
-				wpa_printf(MSG_DEBUG,
-					   "HT secondary channel offset %d for P2P group",
-					   conf->secondary_channel);
-			} else if (ssid->p2p_group && conf->secondary_channel &&
-				   conf->hw_mode != HOSTAPD_MODE_IEEE80211A) {
-				/* This ended up trying to configure invalid
-				 * 2.4 GHz channels (e.g., HT40+ on channel 11)
-				 * in some cases, so clear the secondary channel
-				 * configuration now to avoid such cases that
-				 * would lead to group formation failures. */
-				wpa_printf(MSG_DEBUG,
-					   "Disable HT secondary channel for P2P group on 2.4 GHz");
-				conf->secondary_channel = 0;
-			}
-#endif /* CONFIG_P2P */
-
-			if (!ssid->p2p_group &&
-			    (mode->ht_capab &
-			     HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
-				conf->secondary_channel = ssid->ht40;
-				wpa_printf(MSG_DEBUG,
-					   "HT secondary channel offset %d for AP",
-					   conf->secondary_channel);
-			}
-
-			if (conf->secondary_channel)
-				conf->ht_capab |=
-					HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
-
-			/*
-			 * white-list capabilities that won't cause issues
-			 * to connecting stations, while leaving the current
-			 * capabilities intact (currently disabled SMPS).
-			 */
-			conf->ht_capab |= mode->ht_capab &
-				(HT_CAP_INFO_GREEN_FIELD |
-				 HT_CAP_INFO_SHORT_GI20MHZ |
-				 HT_CAP_INFO_SHORT_GI40MHZ |
-				 HT_CAP_INFO_RX_STBC_MASK |
-				 HT_CAP_INFO_TX_STBC |
-				 HT_CAP_INFO_MAX_AMSDU_SIZE);
-
-			/* check this before VHT, because setting oper chan
-			 * width and friends is the same call for HE and VHT
-			 * and checks if conf->ieee8021ax == 1 */
-			if (mode->he_capab[wpas_mode_to_ieee80211_mode(
-					    ssid->mode)].he_supported &&
-			    ssid->he)
-				conf->ieee80211ax = 1;
-
-			if (mode->vht_capab && ssid->vht) {
-				conf->ieee80211ac = 1;
-				conf->vht_capab |= mode->vht_capab;
-				wpas_conf_ap_vht(wpa_s, ssid, conf, mode);
-			}
-		}
-	}
-
-	if (conf->secondary_channel) {
-		struct wpa_supplicant *iface;
-
-		for (iface = wpa_s->global->ifaces; iface; iface = iface->next)
-		{
-			if (iface == wpa_s ||
-			    iface->wpa_state < WPA_AUTHENTICATING ||
-			    (int) iface->assoc_freq != ssid->frequency)
-				continue;
-
-			/*
-			 * Do not allow 40 MHz co-ex PRI/SEC switch to force us
-			 * to change our PRI channel since we have an existing,
-			 * concurrent connection on that channel and doing
-			 * multi-channel concurrency is likely to cause more
-			 * harm than using different PRI/SEC selection in
-			 * environment with multiple BSSes on these two channels
-			 * with mixed 20 MHz or PRI channel selection.
-			 */
-			conf->no_pri_sec_switch = 1;
-		}
-	}
-
-	return 0;
-}
-
-
-static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid,
-				  struct hostapd_config *conf)
-{
-	struct hostapd_bss_config *bss = conf->bss[0];
-
-	conf->driver = wpa_s->driver;
-
-	os_strlcpy(bss->iface, wpa_s->ifname, sizeof(bss->iface));
-
-	if (wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf))
-		return -1;
-
-	if (ssid->pbss > 1) {
-		wpa_printf(MSG_ERROR, "Invalid pbss value(%d) for AP mode",
-			   ssid->pbss);
-		return -1;
-	}
-	bss->pbss = ssid->pbss;
-
-#ifdef CONFIG_ACS
-	if (ssid->acs) {
-		/* Setting channel to 0 in order to enable ACS */
-		conf->channel = 0;
-		wpa_printf(MSG_DEBUG, "Use automatic channel selection");
-	}
-#endif /* CONFIG_ACS */
-
-	if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
-			     wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
-		conf->ieee80211h = 1;
-		conf->ieee80211d = 1;
-		conf->country[0] = wpa_s->conf->country[0];
-		conf->country[1] = wpa_s->conf->country[1];
-		conf->country[2] = ' ';
-	}
-
-#ifdef CONFIG_P2P
-	if (conf->hw_mode == HOSTAPD_MODE_IEEE80211G &&
-	    (ssid->mode == WPAS_MODE_P2P_GO ||
-	     ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)) {
-		/* Remove 802.11b rates from supported and basic rate sets */
-		int *list = os_malloc(4 * sizeof(int));
-		if (list) {
-			list[0] = 60;
-			list[1] = 120;
-			list[2] = 240;
-			list[3] = -1;
-		}
-		conf->basic_rates = list;
-
-		list = os_malloc(9 * sizeof(int));
-		if (list) {
-			list[0] = 60;
-			list[1] = 90;
-			list[2] = 120;
-			list[3] = 180;
-			list[4] = 240;
-			list[5] = 360;
-			list[6] = 480;
-			list[7] = 540;
-			list[8] = -1;
-		}
-		conf->supported_rates = list;
-	}
-
-#ifdef CONFIG_IEEE80211AX
-	if (ssid->mode == WPAS_MODE_P2P_GO ||
-	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
-		conf->ieee80211ax = ssid->he;
-#endif /* CONFIG_IEEE80211AX */
-
-	bss->isolate = !wpa_s->conf->p2p_intra_bss;
-	bss->extended_key_id = wpa_s->conf->extended_key_id;
-	bss->force_per_enrollee_psk = wpa_s->global->p2p_per_sta_psk;
-	bss->wpa_deny_ptk0_rekey = ssid->wpa_deny_ptk0_rekey;
-
-	if (ssid->p2p_group) {
-		os_memcpy(bss->ip_addr_go, wpa_s->p2pdev->conf->ip_addr_go, 4);
-		os_memcpy(bss->ip_addr_mask, wpa_s->p2pdev->conf->ip_addr_mask,
-			  4);
-		os_memcpy(bss->ip_addr_start,
-			  wpa_s->p2pdev->conf->ip_addr_start, 4);
-		os_memcpy(bss->ip_addr_end, wpa_s->p2pdev->conf->ip_addr_end,
-			  4);
-	}
-#endif /* CONFIG_P2P */
-
-	if (ssid->ssid_len == 0) {
-		wpa_printf(MSG_ERROR, "No SSID configured for AP mode");
-		return -1;
-	}
-	os_memcpy(bss->ssid.ssid, ssid->ssid, ssid->ssid_len);
-	bss->ssid.ssid_len = ssid->ssid_len;
-	bss->ssid.ssid_set = 1;
-
-	bss->ignore_broadcast_ssid = ssid->ignore_broadcast_ssid;
-
-	if (ssid->auth_alg)
-		bss->auth_algs = ssid->auth_alg;
-
-	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt))
-		bss->wpa = ssid->proto;
-	if (ssid->key_mgmt == DEFAULT_KEY_MGMT)
-		bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
-	else
-		bss->wpa_key_mgmt = ssid->key_mgmt;
-	bss->wpa_pairwise = ssid->pairwise_cipher;
-	if (wpa_key_mgmt_sae(bss->wpa_key_mgmt) && ssid->passphrase) {
-		bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase);
-	} else if (ssid->psk_set) {
-		bin_clear_free(bss->ssid.wpa_psk, sizeof(*bss->ssid.wpa_psk));
-		bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
-		if (bss->ssid.wpa_psk == NULL)
-			return -1;
-		os_memcpy(bss->ssid.wpa_psk->psk, ssid->psk, PMK_LEN);
-		bss->ssid.wpa_psk->group = 1;
-		bss->ssid.wpa_psk_set = 1;
-	} else if (ssid->passphrase) {
-		bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase);
-#ifdef CONFIG_WEP
-	} else if (ssid->wep_key_len[0] || ssid->wep_key_len[1] ||
-		   ssid->wep_key_len[2] || ssid->wep_key_len[3]) {
-		struct hostapd_wep_keys *wep = &bss->ssid.wep;
-		int i;
-		for (i = 0; i < NUM_WEP_KEYS; i++) {
-			if (ssid->wep_key_len[i] == 0)
-				continue;
-			wep->key[i] = os_memdup(ssid->wep_key[i],
-						ssid->wep_key_len[i]);
-			if (wep->key[i] == NULL)
-				return -1;
-			wep->len[i] = ssid->wep_key_len[i];
-		}
-		wep->idx = ssid->wep_tx_keyidx;
-		wep->keys_set = 1;
-#endif /* CONFIG_WEP */
-	}
-#ifdef CONFIG_SAE
-	if (ssid->sae_password) {
-		struct sae_password_entry *pw;
-
-		pw = os_zalloc(sizeof(*pw));
-		if (!pw)
-			return -1;
-		os_memset(pw->peer_addr, 0xff, ETH_ALEN);
-		pw->password = os_strdup(ssid->sae_password);
-		if (!pw->password) {
-			os_free(pw);
-			return -1;
-		}
-		if (ssid->sae_password_id) {
-			pw->identifier = os_strdup(ssid->sae_password_id);
-			if (!pw->identifier) {
-				str_clear_free(pw->password);
-				os_free(pw);
-				return -1;
-			}
-		}
-
-		pw->next = bss->sae_passwords;
-		bss->sae_passwords = pw;
-	}
-
-	if (ssid->sae_pwe != DEFAULT_SAE_PWE)
-		bss->sae_pwe = ssid->sae_pwe;
-	else
-		bss->sae_pwe = wpa_s->conf->sae_pwe;
-#endif /* CONFIG_SAE */
-
-	if (wpa_s->conf->go_interworking) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Enable Interworking with access_network_type: %d",
-			   wpa_s->conf->go_access_network_type);
-		bss->interworking = wpa_s->conf->go_interworking;
-		bss->access_network_type = wpa_s->conf->go_access_network_type;
-		bss->internet = wpa_s->conf->go_internet;
-		if (wpa_s->conf->go_venue_group) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Venue group: %d  Venue type: %d",
-				   wpa_s->conf->go_venue_group,
-				   wpa_s->conf->go_venue_type);
-			bss->venue_group = wpa_s->conf->go_venue_group;
-			bss->venue_type = wpa_s->conf->go_venue_type;
-			bss->venue_info_set = 1;
-		}
-	}
-
-	if (ssid->ap_max_inactivity)
-		bss->ap_max_inactivity = ssid->ap_max_inactivity;
-
-	if (ssid->dtim_period)
-		bss->dtim_period = ssid->dtim_period;
-	else if (wpa_s->conf->dtim_period)
-		bss->dtim_period = wpa_s->conf->dtim_period;
-
-	if (ssid->beacon_int)
-		conf->beacon_int = ssid->beacon_int;
-	else if (wpa_s->conf->beacon_int)
-		conf->beacon_int = wpa_s->conf->beacon_int;
-
-#ifdef CONFIG_P2P
-	if (ssid->mode == WPAS_MODE_P2P_GO ||
-	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
-		if (wpa_s->conf->p2p_go_ctwindow > conf->beacon_int) {
-			wpa_printf(MSG_INFO,
-				   "CTWindow (%d) is bigger than beacon interval (%d) - avoid configuring it",
-				   wpa_s->conf->p2p_go_ctwindow,
-				   conf->beacon_int);
-			conf->p2p_go_ctwindow = 0;
-		} else {
-			conf->p2p_go_ctwindow = wpa_s->conf->p2p_go_ctwindow;
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
-		bss->rsn_pairwise = bss->wpa_pairwise;
-	bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
-						    bss->rsn_pairwise);
-
-	if (bss->wpa && bss->ieee802_1x) {
-		bss->ssid.security_policy = SECURITY_WPA;
-	} else if (bss->wpa) {
-		bss->ssid.security_policy = SECURITY_WPA_PSK;
-#ifdef CONFIG_WEP
-	} else if (bss->ieee802_1x) {
-		int cipher = WPA_CIPHER_NONE;
-		bss->ssid.security_policy = SECURITY_IEEE_802_1X;
-		bss->ssid.wep.default_len = bss->default_wep_key_len;
-		if (bss->default_wep_key_len)
-			cipher = bss->default_wep_key_len >= 13 ?
-				WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
-		bss->wpa_group = cipher;
-		bss->wpa_pairwise = cipher;
-		bss->rsn_pairwise = cipher;
-	} else if (bss->ssid.wep.keys_set) {
-		int cipher = WPA_CIPHER_WEP40;
-		if (bss->ssid.wep.len[0] >= 13)
-			cipher = WPA_CIPHER_WEP104;
-		bss->ssid.security_policy = SECURITY_STATIC_WEP;
-		bss->wpa_group = cipher;
-		bss->wpa_pairwise = cipher;
-		bss->rsn_pairwise = cipher;
-#endif /* CONFIG_WEP */
-	} else {
-		bss->ssid.security_policy = SECURITY_PLAINTEXT;
-		bss->wpa_group = WPA_CIPHER_NONE;
-		bss->wpa_pairwise = WPA_CIPHER_NONE;
-		bss->rsn_pairwise = WPA_CIPHER_NONE;
-	}
-
-	if (bss->wpa_group_rekey < 86400 && (bss->wpa & 2) &&
-	    (bss->wpa_group == WPA_CIPHER_CCMP ||
-	     bss->wpa_group == WPA_CIPHER_GCMP ||
-	     bss->wpa_group == WPA_CIPHER_CCMP_256 ||
-	     bss->wpa_group == WPA_CIPHER_GCMP_256)) {
-		/*
-		 * Strong ciphers do not need frequent rekeying, so increase
-		 * the default GTK rekeying period to 24 hours.
-		 */
-		bss->wpa_group_rekey = 86400;
-	}
-
-	if (ssid->ieee80211w != MGMT_FRAME_PROTECTION_DEFAULT)
-		bss->ieee80211w = ssid->ieee80211w;
-
-#ifdef CONFIG_OCV
-	bss->ocv = ssid->ocv;
-#endif /* CONFIG_OCV */
-
-#ifdef CONFIG_WPS
-	/*
-	 * Enable WPS by default for open and WPA/WPA2-Personal network, but
-	 * require user interaction to actually use it. Only the internal
-	 * Registrar is supported.
-	 */
-	if (bss->ssid.security_policy != SECURITY_WPA_PSK &&
-	    bss->ssid.security_policy != SECURITY_PLAINTEXT)
-		goto no_wps;
-	if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
-	    (!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ||
-	     !(bss->wpa & 2)))
-		goto no_wps; /* WPS2 does not allow WPA/TKIP-only
-			      * configuration */
-	if (ssid->wps_disabled)
-		goto no_wps;
-	bss->eap_server = 1;
-
-	if (!ssid->ignore_broadcast_ssid)
-		bss->wps_state = 2;
-
-	bss->ap_setup_locked = 2;
-	if (wpa_s->conf->config_methods)
-		bss->config_methods = os_strdup(wpa_s->conf->config_methods);
-	os_memcpy(bss->device_type, wpa_s->conf->device_type,
-		  WPS_DEV_TYPE_LEN);
-	if (wpa_s->conf->device_name) {
-		bss->device_name = os_strdup(wpa_s->conf->device_name);
-		bss->friendly_name = os_strdup(wpa_s->conf->device_name);
-	}
-	if (wpa_s->conf->manufacturer)
-		bss->manufacturer = os_strdup(wpa_s->conf->manufacturer);
-	if (wpa_s->conf->model_name)
-		bss->model_name = os_strdup(wpa_s->conf->model_name);
-	if (wpa_s->conf->model_number)
-		bss->model_number = os_strdup(wpa_s->conf->model_number);
-	if (wpa_s->conf->serial_number)
-		bss->serial_number = os_strdup(wpa_s->conf->serial_number);
-	if (is_nil_uuid(wpa_s->conf->uuid))
-		os_memcpy(bss->uuid, wpa_s->wps->uuid, WPS_UUID_LEN);
-	else
-		os_memcpy(bss->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
-	os_memcpy(bss->os_version, wpa_s->conf->os_version, 4);
-	bss->pbc_in_m1 = wpa_s->conf->pbc_in_m1;
-	if (ssid->eap.fragment_size != DEFAULT_FRAGMENT_SIZE)
-		bss->fragment_size = ssid->eap.fragment_size;
-no_wps:
-#endif /* CONFIG_WPS */
-
-	if (wpa_s->max_stations &&
-	    wpa_s->max_stations < wpa_s->conf->max_num_sta)
-		bss->max_num_sta = wpa_s->max_stations;
-	else
-		bss->max_num_sta = wpa_s->conf->max_num_sta;
-
-	if (!bss->isolate)
-		bss->isolate = wpa_s->conf->ap_isolate;
-
-	bss->disassoc_low_ack = wpa_s->conf->disassoc_low_ack;
-
-	if (wpa_s->conf->ap_vendor_elements) {
-		bss->vendor_elements =
-			wpabuf_dup(wpa_s->conf->ap_vendor_elements);
-	}
-	if (wpa_s->conf->ap_assocresp_elements) {
-		bss->assocresp_elements =
-			wpabuf_dup(wpa_s->conf->ap_assocresp_elements);
-	}
-
-	bss->ftm_responder = wpa_s->conf->ftm_responder;
-	bss->ftm_initiator = wpa_s->conf->ftm_initiator;
-
-	bss->transition_disable = ssid->transition_disable;
-
-	return 0;
-}
-
-
-static void ap_public_action_rx(void *ctx, const u8 *buf, size_t len, int freq)
-{
-#ifdef CONFIG_P2P
-	struct wpa_supplicant *wpa_s = ctx;
-	const struct ieee80211_mgmt *mgmt;
-
-	mgmt = (const struct ieee80211_mgmt *) buf;
-	if (len < IEEE80211_HDRLEN + 1)
-		return;
-	if (mgmt->u.action.category != WLAN_ACTION_PUBLIC)
-		return;
-	wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
-			   mgmt->u.action.category,
-			   buf + IEEE80211_HDRLEN + 1,
-			   len - IEEE80211_HDRLEN - 1, freq);
-#endif /* CONFIG_P2P */
-}
-
-
-static void ap_wps_event_cb(void *ctx, enum wps_event event,
-			    union wps_event_data *data)
-{
-#ifdef CONFIG_P2P
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (event == WPS_EV_FAIL) {
-		struct wps_event_fail *fail = &data->fail;
-
-		if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s &&
-		    wpa_s == wpa_s->global->p2p_group_formation) {
-			/*
-			 * src/ap/wps_hostapd.c has already sent this on the
-			 * main interface, so only send on the parent interface
-			 * here if needed.
-			 */
-			wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
-				"msg=%d config_error=%d",
-				fail->msg, fail->config_error);
-		}
-		wpas_p2p_wps_failed(wpa_s, fail);
-	}
-#endif /* CONFIG_P2P */
-}
-
-
-static void ap_sta_authorized_cb(void *ctx, const u8 *mac_addr,
-				 int authorized, const u8 *p2p_dev_addr)
-{
-	wpas_notify_sta_authorized(ctx, mac_addr, authorized, p2p_dev_addr);
-}
-
-
-#ifdef CONFIG_P2P
-static void ap_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *p2p_dev_addr,
-			  const u8 *psk, size_t psk_len)
-{
-
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s->ap_iface == NULL || wpa_s->current_ssid == NULL)
-		return;
-	wpas_p2p_new_psk_cb(wpa_s, mac_addr, p2p_dev_addr, psk, psk_len);
-}
-#endif /* CONFIG_P2P */
-
-
-static int ap_vendor_action_rx(void *ctx, const u8 *buf, size_t len, int freq)
-{
-#ifdef CONFIG_P2P
-	struct wpa_supplicant *wpa_s = ctx;
-	const struct ieee80211_mgmt *mgmt;
-
-	mgmt = (const struct ieee80211_mgmt *) buf;
-	if (len < IEEE80211_HDRLEN + 1)
-		return -1;
-	wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
-			   mgmt->u.action.category,
-			   buf + IEEE80211_HDRLEN + 1,
-			   len - IEEE80211_HDRLEN - 1, freq);
-#endif /* CONFIG_P2P */
-	return 0;
-}
-
-
-static int ap_probe_req_rx(void *ctx, const u8 *sa, const u8 *da,
-			   const u8 *bssid, const u8 *ie, size_t ie_len,
-			   int ssi_signal)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	unsigned int freq = 0;
-
-	if (wpa_s->ap_iface)
-		freq = wpa_s->ap_iface->freq;
-
-	return wpas_p2p_probe_req_rx(wpa_s, sa, da, bssid, ie, ie_len,
-				     freq, ssi_signal);
-}
-
-
-static void ap_wps_reg_success_cb(void *ctx, const u8 *mac_addr,
-				  const u8 *uuid_e)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpas_p2p_wps_success(wpa_s, mac_addr, 1);
-}
-
-
-static void wpas_ap_configured_cb(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_printf(MSG_DEBUG, "AP interface setup completed - state %s",
-		   hostapd_state_text(wpa_s->ap_iface->state));
-	if (wpa_s->ap_iface->state == HAPD_IFACE_DISABLED) {
-		wpa_supplicant_ap_deinit(wpa_s);
-		return;
-	}
-
-#ifdef CONFIG_ACS
-	if (wpa_s->current_ssid && wpa_s->current_ssid->acs) {
-		wpa_s->assoc_freq = wpa_s->ap_iface->freq;
-		wpa_s->current_ssid->frequency = wpa_s->ap_iface->freq;
-	}
-#endif /* CONFIG_ACS */
-
-	wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-
-	if (wpa_s->ap_configured_cb)
-		wpa_s->ap_configured_cb(wpa_s->ap_configured_cb_ctx,
-					wpa_s->ap_configured_cb_data);
-}
-
-
-int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid)
-{
-	struct wpa_driver_associate_params params;
-	struct hostapd_iface *hapd_iface;
-	struct hostapd_config *conf;
-	size_t i;
-
-	if (ssid->ssid == NULL || ssid->ssid_len == 0) {
-		wpa_printf(MSG_ERROR, "No SSID configured for AP mode");
-		return -1;
-	}
-
-	wpa_supplicant_ap_deinit(wpa_s);
-
-	wpa_printf(MSG_DEBUG, "Setting up AP (SSID='%s')",
-		   wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-
-	os_memset(&params, 0, sizeof(params));
-	params.ssid = ssid->ssid;
-	params.ssid_len = ssid->ssid_len;
-	switch (ssid->mode) {
-	case WPAS_MODE_AP:
-	case WPAS_MODE_P2P_GO:
-	case WPAS_MODE_P2P_GROUP_FORMATION:
-		params.mode = IEEE80211_MODE_AP;
-		break;
-	default:
-		return -1;
-	}
-	if (ssid->frequency == 0)
-		ssid->frequency = 2462; /* default channel 11 */
-	params.freq.freq = ssid->frequency;
-
-	if ((ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO) &&
-	    ssid->enable_edmg) {
-		u8 primary_channel;
-
-		if (ieee80211_freq_to_chan(ssid->frequency, &primary_channel) ==
-		    NUM_HOSTAPD_MODES) {
-			wpa_printf(MSG_WARNING,
-				   "EDMG: Failed to get the primary channel");
-			return -1;
-		}
-
-		hostapd_encode_edmg_chan(ssid->enable_edmg, ssid->edmg_channel,
-					 primary_channel, &params.freq.edmg);
-	}
-
-	params.wpa_proto = ssid->proto;
-	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
-		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
-	else if (ssid->key_mgmt & WPA_KEY_MGMT_SAE)
-		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
-	else
-		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
-	params.key_mgmt_suite = wpa_s->key_mgmt;
-
-	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher,
-							  1);
-	if (wpa_s->pairwise_cipher < 0) {
-		wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
-			   "cipher.");
-		return -1;
-	}
-	params.pairwise_suite = wpa_s->pairwise_cipher;
-	params.group_suite = params.pairwise_suite;
-
-#ifdef CONFIG_P2P
-	if (ssid->mode == WPAS_MODE_P2P_GO ||
-	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
-		params.p2p = 1;
-#endif /* CONFIG_P2P */
-
-	if (wpa_s->p2pdev->set_ap_uapsd)
-		params.uapsd = wpa_s->p2pdev->ap_uapsd;
-	else if (params.p2p && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
-		params.uapsd = 1; /* mandatory for P2P GO */
-	else
-		params.uapsd = -1;
-
-	if (ieee80211_is_dfs(params.freq.freq, wpa_s->hw.modes,
-			     wpa_s->hw.num_modes))
-		params.freq.freq = 0; /* set channel after CAC */
-
-	if (params.p2p)
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_GO);
-	else
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_AP_BSS);
-
-	if (wpa_drv_associate(wpa_s, &params) < 0) {
-		wpa_msg(wpa_s, MSG_INFO, "Failed to start AP functionality");
-		return -1;
-	}
-
-	wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface();
-	if (hapd_iface == NULL)
-		return -1;
-	hapd_iface->owner = wpa_s;
-	hapd_iface->drv_flags = wpa_s->drv_flags;
-	hapd_iface->probe_resp_offloads = wpa_s->probe_resp_offloads;
-	hapd_iface->extended_capa = wpa_s->extended_capa;
-	hapd_iface->extended_capa_mask = wpa_s->extended_capa_mask;
-	hapd_iface->extended_capa_len = wpa_s->extended_capa_len;
-
-	wpa_s->ap_iface->conf = conf = hostapd_config_defaults();
-	if (conf == NULL) {
-		wpa_supplicant_ap_deinit(wpa_s);
-		return -1;
-	}
-
-	os_memcpy(wpa_s->ap_iface->conf->wmm_ac_params,
-		  wpa_s->conf->wmm_ac_params,
-		  sizeof(wpa_s->conf->wmm_ac_params));
-
-	os_memcpy(wpa_s->ap_iface->conf->tx_queue, wpa_s->conf->tx_queue,
-		  sizeof(wpa_s->conf->tx_queue));
-
-	if (params.uapsd > 0) {
-		conf->bss[0]->wmm_enabled = 1;
-		conf->bss[0]->wmm_uapsd = 1;
-	}
-
-	if (wpa_supplicant_conf_ap(wpa_s, ssid, conf)) {
-		wpa_printf(MSG_ERROR, "Failed to create AP configuration");
-		wpa_supplicant_ap_deinit(wpa_s);
-		return -1;
-	}
-
-#ifdef CONFIG_P2P
-	if (ssid->mode == WPAS_MODE_P2P_GO)
-		conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER;
-	else if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
-		conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER |
-			P2P_GROUP_FORMATION;
-#endif /* CONFIG_P2P */
-
-	hapd_iface->num_bss = conf->num_bss;
-	hapd_iface->bss = os_calloc(conf->num_bss,
-				    sizeof(struct hostapd_data *));
-	if (hapd_iface->bss == NULL) {
-		wpa_supplicant_ap_deinit(wpa_s);
-		return -1;
-	}
-
-	for (i = 0; i < conf->num_bss; i++) {
-		hapd_iface->bss[i] =
-			hostapd_alloc_bss_data(hapd_iface, conf,
-					       conf->bss[i]);
-		if (hapd_iface->bss[i] == NULL) {
-			wpa_supplicant_ap_deinit(wpa_s);
-			return -1;
-		}
-
-		hapd_iface->bss[i]->msg_ctx = wpa_s;
-		hapd_iface->bss[i]->msg_ctx_parent = wpa_s->p2pdev;
-		hapd_iface->bss[i]->public_action_cb = ap_public_action_rx;
-		hapd_iface->bss[i]->public_action_cb_ctx = wpa_s;
-		hapd_iface->bss[i]->vendor_action_cb = ap_vendor_action_rx;
-		hapd_iface->bss[i]->vendor_action_cb_ctx = wpa_s;
-		hostapd_register_probereq_cb(hapd_iface->bss[i],
-					     ap_probe_req_rx, wpa_s);
-		hapd_iface->bss[i]->wps_reg_success_cb = ap_wps_reg_success_cb;
-		hapd_iface->bss[i]->wps_reg_success_cb_ctx = wpa_s;
-		hapd_iface->bss[i]->wps_event_cb = ap_wps_event_cb;
-		hapd_iface->bss[i]->wps_event_cb_ctx = wpa_s;
-		hapd_iface->bss[i]->sta_authorized_cb = ap_sta_authorized_cb;
-		hapd_iface->bss[i]->sta_authorized_cb_ctx = wpa_s;
-#ifdef CONFIG_P2P
-		hapd_iface->bss[i]->new_psk_cb = ap_new_psk_cb;
-		hapd_iface->bss[i]->new_psk_cb_ctx = wpa_s;
-		hapd_iface->bss[i]->p2p = wpa_s->global->p2p;
-		hapd_iface->bss[i]->p2p_group = wpas_p2p_group_init(wpa_s,
-								    ssid);
-#endif /* CONFIG_P2P */
-		hapd_iface->bss[i]->setup_complete_cb = wpas_ap_configured_cb;
-		hapd_iface->bss[i]->setup_complete_cb_ctx = wpa_s;
-#ifdef CONFIG_TESTING_OPTIONS
-		hapd_iface->bss[i]->ext_eapol_frame_io =
-			wpa_s->ext_eapol_frame_io;
-#endif /* CONFIG_TESTING_OPTIONS */
-	}
-
-	os_memcpy(hapd_iface->bss[0]->own_addr, wpa_s->own_addr, ETH_ALEN);
-	hapd_iface->bss[0]->driver = wpa_s->driver;
-	hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv;
-
-	wpa_s->current_ssid = ssid;
-	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-	os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN);
-	wpa_s->assoc_freq = ssid->frequency;
-	wpa_s->ap_iface->conf->enable_edmg = ssid->enable_edmg;
-	wpa_s->ap_iface->conf->edmg_channel = ssid->edmg_channel;
-
-#if defined(CONFIG_P2P) && defined(CONFIG_ACS)
-	if (wpa_s->p2p_go_do_acs) {
-		wpa_s->ap_iface->conf->channel = 0;
-		wpa_s->ap_iface->conf->hw_mode = wpa_s->p2p_go_acs_band;
-		ssid->acs = 1;
-	}
-#endif /* CONFIG_P2P && CONFIG_ACS */
-
-	if (hostapd_setup_interface(wpa_s->ap_iface)) {
-		wpa_printf(MSG_ERROR, "Failed to initialize AP interface");
-		wpa_supplicant_ap_deinit(wpa_s);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_WPS
-	eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL);
-#endif /* CONFIG_WPS */
-
-	if (wpa_s->ap_iface == NULL)
-		return;
-
-	wpa_s->current_ssid = NULL;
-	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-	wpa_s->assoc_freq = 0;
-	wpas_p2p_ap_deinit(wpa_s);
-	wpa_s->ap_iface->driver_ap_teardown =
-		!!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT);
-
-	hostapd_interface_deinit(wpa_s->ap_iface);
-	hostapd_interface_free(wpa_s->ap_iface);
-	wpa_s->ap_iface = NULL;
-	wpa_drv_deinit_ap(wpa_s);
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
-		" reason=%d locally_generated=1",
-		MAC2STR(wpa_s->own_addr), WLAN_REASON_DEAUTH_LEAVING);
-}
-
-
-void ap_tx_status(void *ctx, const u8 *addr,
-		  const u8 *buf, size_t len, int ack)
-{
-#ifdef NEED_AP_MLME
-	struct wpa_supplicant *wpa_s = ctx;
-	hostapd_tx_status(wpa_s->ap_iface->bss[0], addr, buf, len, ack);
-#endif /* NEED_AP_MLME */
-}
-
-
-void ap_eapol_tx_status(void *ctx, const u8 *dst,
-			const u8 *data, size_t len, int ack)
-{
-#ifdef NEED_AP_MLME
-	struct wpa_supplicant *wpa_s = ctx;
-	if (!wpa_s->ap_iface)
-		return;
-	hostapd_tx_status(wpa_s->ap_iface->bss[0], dst, data, len, ack);
-#endif /* NEED_AP_MLME */
-}
-
-
-void ap_client_poll_ok(void *ctx, const u8 *addr)
-{
-#ifdef NEED_AP_MLME
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s->ap_iface)
-		hostapd_client_poll_ok(wpa_s->ap_iface->bss[0], addr);
-#endif /* NEED_AP_MLME */
-}
-
-
-void ap_rx_from_unknown_sta(void *ctx, const u8 *addr, int wds)
-{
-#ifdef NEED_AP_MLME
-	struct wpa_supplicant *wpa_s = ctx;
-	ieee802_11_rx_from_unknown(wpa_s->ap_iface->bss[0], addr, wds);
-#endif /* NEED_AP_MLME */
-}
-
-
-void ap_mgmt_rx(void *ctx, struct rx_mgmt *rx_mgmt)
-{
-#ifdef NEED_AP_MLME
-	struct wpa_supplicant *wpa_s = ctx;
-	struct hostapd_frame_info fi;
-	os_memset(&fi, 0, sizeof(fi));
-	fi.datarate = rx_mgmt->datarate;
-	fi.ssi_signal = rx_mgmt->ssi_signal;
-	ieee802_11_mgmt(wpa_s->ap_iface->bss[0], rx_mgmt->frame,
-			rx_mgmt->frame_len, &fi);
-#endif /* NEED_AP_MLME */
-}
-
-
-void ap_mgmt_tx_cb(void *ctx, const u8 *buf, size_t len, u16 stype, int ok)
-{
-#ifdef NEED_AP_MLME
-	struct wpa_supplicant *wpa_s = ctx;
-	ieee802_11_mgmt_cb(wpa_s->ap_iface->bss[0], buf, len, stype, ok);
-#endif /* NEED_AP_MLME */
-}
-
-
-void wpa_supplicant_ap_rx_eapol(struct wpa_supplicant *wpa_s,
-				const u8 *src_addr, const u8 *buf, size_t len)
-{
-	ieee802_1x_receive(wpa_s->ap_iface->bss[0], src_addr, buf, len);
-}
-
-
-#ifdef CONFIG_WPS
-
-int wpa_supplicant_ap_wps_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			      const u8 *p2p_dev_addr)
-{
-	if (!wpa_s->ap_iface)
-		return -1;
-	return hostapd_wps_button_pushed(wpa_s->ap_iface->bss[0],
-					 p2p_dev_addr);
-}
-
-
-int wpa_supplicant_ap_wps_cancel(struct wpa_supplicant *wpa_s)
-{
-	struct wps_registrar *reg;
-	int reg_sel = 0, wps_sta = 0;
-
-	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]->wps)
-		return -1;
-
-	reg = wpa_s->ap_iface->bss[0]->wps->registrar;
-	reg_sel = wps_registrar_wps_cancel(reg);
-	wps_sta = ap_for_each_sta(wpa_s->ap_iface->bss[0],
-				  ap_sta_wps_cancel, NULL);
-
-	if (!reg_sel && !wps_sta) {
-		wpa_printf(MSG_DEBUG, "No WPS operation in progress at this "
-			   "time");
-		return -1;
-	}
-
-	/*
-	 * There are 2 cases to return wps cancel as success:
-	 * 1. When wps cancel was initiated but no connection has been
-	 *    established with client yet.
-	 * 2. Client is in the middle of exchanging WPS messages.
-	 */
-
-	return 0;
-}
-
-
-int wpa_supplicant_ap_wps_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			      const char *pin, char *buf, size_t buflen,
-			      int timeout)
-{
-	int ret, ret_len = 0;
-
-	if (!wpa_s->ap_iface)
-		return -1;
-
-	if (pin == NULL) {
-		unsigned int rpin;
-
-		if (wps_generate_pin(&rpin) < 0)
-			return -1;
-		ret_len = os_snprintf(buf, buflen, "%08d", rpin);
-		if (os_snprintf_error(buflen, ret_len))
-			return -1;
-		pin = buf;
-	} else if (buf) {
-		ret_len = os_snprintf(buf, buflen, "%s", pin);
-		if (os_snprintf_error(buflen, ret_len))
-			return -1;
-	}
-
-	ret = hostapd_wps_add_pin(wpa_s->ap_iface->bss[0], bssid, "any", pin,
-				  timeout);
-	if (ret)
-		return -1;
-	return ret_len;
-}
-
-
-static void wpas_wps_ap_pin_timeout(void *eloop_data, void *user_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_data;
-	wpa_printf(MSG_DEBUG, "WPS: AP PIN timed out");
-	wpas_wps_ap_pin_disable(wpa_s);
-}
-
-
-static void wpas_wps_ap_pin_enable(struct wpa_supplicant *wpa_s, int timeout)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface == NULL)
-		return;
-	hapd = wpa_s->ap_iface->bss[0];
-	wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout);
-	hapd->ap_pin_failures = 0;
-	eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL);
-	if (timeout > 0)
-		eloop_register_timeout(timeout, 0,
-				       wpas_wps_ap_pin_timeout, wpa_s, NULL);
-}
-
-
-void wpas_wps_ap_pin_disable(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface == NULL)
-		return;
-	wpa_printf(MSG_DEBUG, "WPS: Disabling AP PIN");
-	hapd = wpa_s->ap_iface->bss[0];
-	os_free(hapd->conf->ap_pin);
-	hapd->conf->ap_pin = NULL;
-	eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL);
-}
-
-
-const char * wpas_wps_ap_pin_random(struct wpa_supplicant *wpa_s, int timeout)
-{
-	struct hostapd_data *hapd;
-	unsigned int pin;
-	char pin_txt[9];
-
-	if (wpa_s->ap_iface == NULL)
-		return NULL;
-	hapd = wpa_s->ap_iface->bss[0];
-	if (wps_generate_pin(&pin) < 0)
-		return NULL;
-	os_snprintf(pin_txt, sizeof(pin_txt), "%08u", pin);
-	os_free(hapd->conf->ap_pin);
-	hapd->conf->ap_pin = os_strdup(pin_txt);
-	if (hapd->conf->ap_pin == NULL)
-		return NULL;
-	wpas_wps_ap_pin_enable(wpa_s, timeout);
-
-	return hapd->conf->ap_pin;
-}
-
-
-const char * wpas_wps_ap_pin_get(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_data *hapd;
-	if (wpa_s->ap_iface == NULL)
-		return NULL;
-	hapd = wpa_s->ap_iface->bss[0];
-	return hapd->conf->ap_pin;
-}
-
-
-int wpas_wps_ap_pin_set(struct wpa_supplicant *wpa_s, const char *pin,
-			int timeout)
-{
-	struct hostapd_data *hapd;
-	char pin_txt[9];
-	int ret;
-
-	if (wpa_s->ap_iface == NULL)
-		return -1;
-	hapd = wpa_s->ap_iface->bss[0];
-	ret = os_snprintf(pin_txt, sizeof(pin_txt), "%s", pin);
-	if (os_snprintf_error(sizeof(pin_txt), ret))
-		return -1;
-	os_free(hapd->conf->ap_pin);
-	hapd->conf->ap_pin = os_strdup(pin_txt);
-	if (hapd->conf->ap_pin == NULL)
-		return -1;
-	wpas_wps_ap_pin_enable(wpa_s, timeout);
-
-	return 0;
-}
-
-
-void wpa_supplicant_ap_pwd_auth_fail(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface == NULL)
-		return;
-	hapd = wpa_s->ap_iface->bss[0];
-
-	/*
-	 * Registrar failed to prove its knowledge of the AP PIN. Disable AP
-	 * PIN if this happens multiple times to slow down brute force attacks.
-	 */
-	hapd->ap_pin_failures++;
-	wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u",
-		   hapd->ap_pin_failures);
-	if (hapd->ap_pin_failures < 3)
-		return;
-
-	wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN");
-	hapd->ap_pin_failures = 0;
-	os_free(hapd->conf->ap_pin);
-	hapd->conf->ap_pin = NULL;
-}
-
-
-#ifdef CONFIG_WPS_NFC
-
-struct wpabuf * wpas_ap_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
-					     int ndef)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface == NULL)
-		return NULL;
-	hapd = wpa_s->ap_iface->bss[0];
-	return hostapd_wps_nfc_config_token(hapd, ndef);
-}
-
-
-struct wpabuf * wpas_ap_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-					     int ndef)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface == NULL)
-		return NULL;
-	hapd = wpa_s->ap_iface->bss[0];
-	return hostapd_wps_nfc_hs_cr(hapd, ndef);
-}
-
-
-int wpas_ap_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
-				    const struct wpabuf *req,
-				    const struct wpabuf *sel)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface == NULL)
-		return -1;
-	hapd = wpa_s->ap_iface->bss[0];
-	return hostapd_wps_nfc_report_handover(hapd, req, sel);
-}
-
-#endif /* CONFIG_WPS_NFC */
-
-#endif /* CONFIG_WPS */
-
-
-#ifdef CONFIG_CTRL_IFACE
-
-int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s,
-			    char *buf, size_t buflen)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface)
-		hapd = wpa_s->ap_iface->bss[0];
-	else if (wpa_s->ifmsh)
-		hapd = wpa_s->ifmsh->bss[0];
-	else
-		return -1;
-	return hostapd_ctrl_iface_sta_first(hapd, buf, buflen);
-}
-
-
-int ap_ctrl_iface_sta(struct wpa_supplicant *wpa_s, const char *txtaddr,
-		      char *buf, size_t buflen)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface)
-		hapd = wpa_s->ap_iface->bss[0];
-	else if (wpa_s->ifmsh)
-		hapd = wpa_s->ifmsh->bss[0];
-	else
-		return -1;
-	return hostapd_ctrl_iface_sta(hapd, txtaddr, buf, buflen);
-}
-
-
-int ap_ctrl_iface_sta_next(struct wpa_supplicant *wpa_s, const char *txtaddr,
-			   char *buf, size_t buflen)
-{
-	struct hostapd_data *hapd;
-
-	if (wpa_s->ap_iface)
-		hapd = wpa_s->ap_iface->bss[0];
-	else if (wpa_s->ifmsh)
-		hapd = wpa_s->ifmsh->bss[0];
-	else
-		return -1;
-	return hostapd_ctrl_iface_sta_next(hapd, txtaddr, buf, buflen);
-}
-
-
-int ap_ctrl_iface_sta_disassociate(struct wpa_supplicant *wpa_s,
-				   const char *txtaddr)
-{
-	if (wpa_s->ap_iface == NULL)
-		return -1;
-	return hostapd_ctrl_iface_disassociate(wpa_s->ap_iface->bss[0],
-					       txtaddr);
-}
-
-
-int ap_ctrl_iface_sta_deauthenticate(struct wpa_supplicant *wpa_s,
-				     const char *txtaddr)
-{
-	if (wpa_s->ap_iface == NULL)
-		return -1;
-	return hostapd_ctrl_iface_deauthenticate(wpa_s->ap_iface->bss[0],
-						 txtaddr);
-}
-
-
-int ap_ctrl_iface_wpa_get_status(struct wpa_supplicant *wpa_s, char *buf,
-				 size_t buflen, int verbose)
-{
-	char *pos = buf, *end = buf + buflen;
-	int ret;
-	struct hostapd_bss_config *conf;
-
-	if (wpa_s->ap_iface == NULL)
-		return -1;
-
-	conf = wpa_s->ap_iface->bss[0]->conf;
-	if (conf->wpa == 0)
-		return 0;
-
-	ret = os_snprintf(pos, end - pos,
-			  "pairwise_cipher=%s\n"
-			  "group_cipher=%s\n"
-			  "key_mgmt=%s\n",
-			  wpa_cipher_txt(conf->rsn_pairwise),
-			  wpa_cipher_txt(conf->wpa_group),
-			  wpa_key_mgmt_txt(conf->wpa_key_mgmt,
-					   conf->wpa));
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-	return pos - buf;
-}
-
-#endif /* CONFIG_CTRL_IFACE */
-
-
-int wpa_supplicant_ap_update_beacon(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct hostapd_data *hapd;
-
-	if (ssid == NULL || wpa_s->ap_iface == NULL ||
-	    ssid->mode == WPAS_MODE_INFRA ||
-	    ssid->mode == WPAS_MODE_IBSS)
-		return -1;
-
-#ifdef CONFIG_P2P
-	if (ssid->mode == WPAS_MODE_P2P_GO)
-		iface->conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER;
-	else if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
-		iface->conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER |
-			P2P_GROUP_FORMATION;
-#endif /* CONFIG_P2P */
-
-	hapd = iface->bss[0];
-	if (hapd->drv_priv == NULL)
-		return -1;
-	ieee802_11_set_beacons(iface);
-	hostapd_set_ap_wps_ie(hapd);
-
-	return 0;
-}
-
-
-int ap_switch_channel(struct wpa_supplicant *wpa_s,
-		      struct csa_settings *settings)
-{
-#ifdef NEED_AP_MLME
-	struct hostapd_iface *iface = NULL;
-
-	if (wpa_s->ap_iface)
-		iface = wpa_s->ap_iface;
-	else if (wpa_s->ifmsh)
-		iface = wpa_s->ifmsh;
-
-	if (!iface || !iface->bss[0])
-		return -1;
-
-	return hostapd_switch_channel(iface->bss[0], settings);
-#else /* NEED_AP_MLME */
-	return -1;
-#endif /* NEED_AP_MLME */
-}
-
-
-#ifdef CONFIG_CTRL_IFACE
-int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos)
-{
-	struct csa_settings settings;
-	int ret = hostapd_parse_csa_settings(pos, &settings);
-
-	if (ret)
-		return ret;
-
-	return ap_switch_channel(wpa_s, &settings);
-}
-#endif /* CONFIG_CTRL_IFACE */
-
-
-void wpas_ap_ch_switch(struct wpa_supplicant *wpa_s, int freq, int ht,
-		       int offset, int width, int cf1, int cf2, int finished)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-
-	if (!iface)
-		iface = wpa_s->ifmsh;
-	if (!iface)
-		return;
-	wpa_s->assoc_freq = freq;
-	if (wpa_s->current_ssid)
-		wpa_s->current_ssid->frequency = freq;
-	hostapd_event_ch_switch(iface->bss[0], freq, ht,
-				offset, width, cf1, cf2, finished);
-}
-
-
-int wpa_supplicant_ap_mac_addr_filter(struct wpa_supplicant *wpa_s,
-				      const u8 *addr)
-{
-	struct hostapd_data *hapd;
-	struct hostapd_bss_config *conf;
-
-	if (!wpa_s->ap_iface)
-		return -1;
-
-	if (addr)
-		wpa_printf(MSG_DEBUG, "AP: Set MAC address filter: " MACSTR,
-			   MAC2STR(addr));
-	else
-		wpa_printf(MSG_DEBUG, "AP: Clear MAC address filter");
-
-	hapd = wpa_s->ap_iface->bss[0];
-	conf = hapd->conf;
-
-	os_free(conf->accept_mac);
-	conf->accept_mac = NULL;
-	conf->num_accept_mac = 0;
-	os_free(conf->deny_mac);
-	conf->deny_mac = NULL;
-	conf->num_deny_mac = 0;
-
-	if (addr == NULL) {
-		conf->macaddr_acl = ACCEPT_UNLESS_DENIED;
-		return 0;
-	}
-
-	conf->macaddr_acl = DENY_UNLESS_ACCEPTED;
-	conf->accept_mac = os_zalloc(sizeof(struct mac_acl_entry));
-	if (conf->accept_mac == NULL)
-		return -1;
-	os_memcpy(conf->accept_mac[0].addr, addr, ETH_ALEN);
-	conf->num_accept_mac = 1;
-
-	return 0;
-}
-
-
-#ifdef CONFIG_WPS_NFC
-int wpas_ap_wps_add_nfc_pw(struct wpa_supplicant *wpa_s, u16 pw_id,
-			   const struct wpabuf *pw, const u8 *pubkey_hash)
-{
-	struct hostapd_data *hapd;
-	struct wps_context *wps;
-
-	if (!wpa_s->ap_iface)
-		return -1;
-	hapd = wpa_s->ap_iface->bss[0];
-	wps = hapd->wps;
-
-	if (wpa_s->p2pdev->conf->wps_nfc_dh_pubkey == NULL ||
-	    wpa_s->p2pdev->conf->wps_nfc_dh_privkey == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: No NFC DH key known");
-		return -1;
-	}
-
-	dh5_free(wps->dh_ctx);
-	wpabuf_free(wps->dh_pubkey);
-	wpabuf_free(wps->dh_privkey);
-	wps->dh_privkey = wpabuf_dup(
-		wpa_s->p2pdev->conf->wps_nfc_dh_privkey);
-	wps->dh_pubkey = wpabuf_dup(
-		wpa_s->p2pdev->conf->wps_nfc_dh_pubkey);
-	if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) {
-		wps->dh_ctx = NULL;
-		wpabuf_free(wps->dh_pubkey);
-		wps->dh_pubkey = NULL;
-		wpabuf_free(wps->dh_privkey);
-		wps->dh_privkey = NULL;
-		return -1;
-	}
-	wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey);
-	if (wps->dh_ctx == NULL)
-		return -1;
-
-	return wps_registrar_add_nfc_pw_token(hapd->wps->registrar, pubkey_hash,
-					      pw_id,
-					      pw ? wpabuf_head(pw) : NULL,
-					      pw ? wpabuf_len(pw) : 0, 1);
-}
-#endif /* CONFIG_WPS_NFC */
-
-
-#ifdef CONFIG_CTRL_IFACE
-int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_data *hapd;
-
-	if (!wpa_s->ap_iface)
-		return -1;
-	hapd = wpa_s->ap_iface->bss[0];
-	return hostapd_ctrl_iface_stop_ap(hapd);
-}
-
-
-int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf,
-			     size_t len)
-{
-	size_t reply_len = 0, i;
-	char ap_delimiter[] = "---- AP ----\n";
-	char mesh_delimiter[] = "---- mesh ----\n";
-	size_t dlen;
-
-	if (wpa_s->ap_iface) {
-		dlen = os_strlen(ap_delimiter);
-		if (dlen > len - reply_len)
-			return reply_len;
-		os_memcpy(&buf[reply_len], ap_delimiter, dlen);
-		reply_len += dlen;
-
-		for (i = 0; i < wpa_s->ap_iface->num_bss; i++) {
-			reply_len += hostapd_ctrl_iface_pmksa_list(
-				wpa_s->ap_iface->bss[i],
-				&buf[reply_len], len - reply_len);
-		}
-	}
-
-	if (wpa_s->ifmsh) {
-		dlen = os_strlen(mesh_delimiter);
-		if (dlen > len - reply_len)
-			return reply_len;
-		os_memcpy(&buf[reply_len], mesh_delimiter, dlen);
-		reply_len += dlen;
-
-		reply_len += hostapd_ctrl_iface_pmksa_list(
-			wpa_s->ifmsh->bss[0], &buf[reply_len],
-			len - reply_len);
-	}
-
-	return reply_len;
-}
-
-
-void wpas_ap_pmksa_cache_flush(struct wpa_supplicant *wpa_s)
-{
-	size_t i;
-
-	if (wpa_s->ap_iface) {
-		for (i = 0; i < wpa_s->ap_iface->num_bss; i++)
-			hostapd_ctrl_iface_pmksa_flush(wpa_s->ap_iface->bss[i]);
-	}
-
-	if (wpa_s->ifmsh)
-		hostapd_ctrl_iface_pmksa_flush(wpa_s->ifmsh->bss[0]);
-}
-
-
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-#ifdef CONFIG_MESH
-
-int wpas_ap_pmksa_cache_list_mesh(struct wpa_supplicant *wpa_s, const u8 *addr,
-				  char *buf, size_t len)
-{
-	return hostapd_ctrl_iface_pmksa_list_mesh(wpa_s->ifmsh->bss[0], addr,
-						  &buf[0], len);
-}
-
-
-int wpas_ap_pmksa_cache_add_external(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	struct external_pmksa_cache *entry;
-	void *pmksa_cache;
-
-	pmksa_cache = hostapd_ctrl_iface_pmksa_create_entry(wpa_s->own_addr,
-							    cmd);
-	if (!pmksa_cache)
-		return -1;
-
-	entry = os_zalloc(sizeof(struct external_pmksa_cache));
-	if (!entry)
-		return -1;
-
-	entry->pmksa_cache = pmksa_cache;
-
-	dl_list_add(&wpa_s->mesh_external_pmksa_cache, &entry->list);
-
-	return 0;
-}
-
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-
-int wpas_ap_update_beacon(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_data *hapd;
-
-	if (!wpa_s->ap_iface)
-		return -1;
-	hapd = wpa_s->ap_iface->bss[0];
-
-	wpabuf_free(hapd->conf->assocresp_elements);
-	hapd->conf->assocresp_elements = NULL;
-	if (wpa_s->conf->ap_assocresp_elements) {
-		hapd->conf->assocresp_elements =
-			wpabuf_dup(wpa_s->conf->ap_assocresp_elements);
-	}
-
-	wpabuf_free(hapd->conf->vendor_elements);
-	hapd->conf->vendor_elements = NULL;
-	if (wpa_s->conf->ap_vendor_elements) {
-		hapd->conf->vendor_elements =
-			wpabuf_dup(wpa_s->conf->ap_vendor_elements);
-	}
-
-	return ieee802_11_set_beacon(hapd);
-}
-
-#endif /* CONFIG_CTRL_IFACE */
-
-
-#ifdef NEED_AP_MLME
-void wpas_ap_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
-				      struct dfs_event *radar)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-
-	if (!iface)
-		iface = wpa_s->ifmsh;
-	if (!iface || !iface->bss[0])
-		return;
-	wpa_printf(MSG_DEBUG, "DFS radar detected on %d MHz", radar->freq);
-	hostapd_dfs_radar_detected(iface, radar->freq,
-				   radar->ht_enabled, radar->chan_offset,
-				   radar->chan_width,
-				   radar->cf1, radar->cf2);
-}
-
-
-void wpas_ap_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
-				   struct dfs_event *radar)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-
-	if (!iface)
-		iface = wpa_s->ifmsh;
-	if (!iface || !iface->bss[0])
-		return;
-	wpa_printf(MSG_DEBUG, "DFS CAC started on %d MHz", radar->freq);
-	hostapd_dfs_start_cac(iface, radar->freq,
-			      radar->ht_enabled, radar->chan_offset,
-			      radar->chan_width, radar->cf1, radar->cf2);
-}
-
-
-void wpas_ap_event_dfs_cac_finished(struct wpa_supplicant *wpa_s,
-				    struct dfs_event *radar)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-
-	if (!iface)
-		iface = wpa_s->ifmsh;
-	if (!iface || !iface->bss[0])
-		return;
-	wpa_printf(MSG_DEBUG, "DFS CAC finished on %d MHz", radar->freq);
-	hostapd_dfs_complete_cac(iface, 1, radar->freq,
-				 radar->ht_enabled, radar->chan_offset,
-				 radar->chan_width, radar->cf1, radar->cf2);
-}
-
-
-void wpas_ap_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s,
-				   struct dfs_event *radar)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-
-	if (!iface)
-		iface = wpa_s->ifmsh;
-	if (!iface || !iface->bss[0])
-		return;
-	wpa_printf(MSG_DEBUG, "DFS CAC aborted on %d MHz", radar->freq);
-	hostapd_dfs_complete_cac(iface, 0, radar->freq,
-				 radar->ht_enabled, radar->chan_offset,
-				 radar->chan_width, radar->cf1, radar->cf2);
-}
-
-
-void wpas_ap_event_dfs_cac_nop_finished(struct wpa_supplicant *wpa_s,
-					struct dfs_event *radar)
-{
-	struct hostapd_iface *iface = wpa_s->ap_iface;
-
-	if (!iface)
-		iface = wpa_s->ifmsh;
-	if (!iface || !iface->bss[0])
-		return;
-	wpa_printf(MSG_DEBUG, "DFS NOP finished on %d MHz", radar->freq);
-	hostapd_dfs_nop_finished(iface, radar->freq,
-				 radar->ht_enabled, radar->chan_offset,
-				 radar->chan_width, radar->cf1, radar->cf2);
-}
-#endif /* NEED_AP_MLME */
-
-
-void ap_periodic(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->ap_iface)
-		hostapd_periodic_iface(wpa_s->ap_iface);
-}
diff --git a/wpa_supplicant/ap.h b/wpa_supplicant/ap.h
deleted file mode 100644
index 7bc1b781e3ac..000000000000
--- a/wpa_supplicant/ap.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * WPA Supplicant - Basic AP mode support routines
- * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2009, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef AP_H
-#define AP_H
-
-int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid);
-void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_ap_rx_eapol(struct wpa_supplicant *wpa_s,
-				const u8 *src_addr, const u8 *buf, size_t len);
-int wpa_supplicant_ap_wps_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			      const u8 *p2p_dev_addr);
-int wpa_supplicant_ap_wps_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			      const char *pin, char *buf, size_t buflen,
-			      int timeout);
-int wpa_supplicant_ap_wps_cancel(struct wpa_supplicant *wpa_s);
-void wpas_wps_ap_pin_disable(struct wpa_supplicant *wpa_s);
-const char * wpas_wps_ap_pin_random(struct wpa_supplicant *wpa_s, int timeout);
-const char * wpas_wps_ap_pin_get(struct wpa_supplicant *wpa_s);
-int wpas_wps_ap_pin_set(struct wpa_supplicant *wpa_s, const char *pin,
-			int timeout);
-int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s,
-			    char *buf, size_t buflen);
-int ap_ctrl_iface_sta(struct wpa_supplicant *wpa_s, const char *txtaddr,
-		      char *buf, size_t buflen);
-int ap_ctrl_iface_sta_next(struct wpa_supplicant *wpa_s, const char *txtaddr,
-			   char *buf, size_t buflen);
-int ap_ctrl_iface_sta_deauthenticate(struct wpa_supplicant *wpa_s,
-				     const char *txtaddr);
-int ap_ctrl_iface_sta_disassociate(struct wpa_supplicant *wpa_s,
-				   const char *txtaddr);
-int ap_ctrl_iface_wpa_get_status(struct wpa_supplicant *wpa_s, char *buf,
-				 size_t buflen, int verbose);
-void ap_tx_status(void *ctx, const u8 *addr,
-		  const u8 *buf, size_t len, int ack);
-void ap_eapol_tx_status(void *ctx, const u8 *dst,
-			const u8 *data, size_t len, int ack);
-void ap_client_poll_ok(void *ctx, const u8 *addr);
-void ap_rx_from_unknown_sta(void *ctx, const u8 *addr, int wds);
-void ap_mgmt_rx(void *ctx, struct rx_mgmt *rx_mgmt);
-void ap_mgmt_tx_cb(void *ctx, const u8 *buf, size_t len, u16 stype, int ok);
-int wpa_supplicant_ap_update_beacon(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_ap_mac_addr_filter(struct wpa_supplicant *wpa_s,
-				      const u8 *addr);
-void wpa_supplicant_ap_pwd_auth_fail(struct wpa_supplicant *wpa_s);
-int ap_switch_channel(struct wpa_supplicant *wpa_s,
-		      struct csa_settings *settings);
-int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *txtaddr);
-void wpas_ap_ch_switch(struct wpa_supplicant *wpa_s, int freq, int ht,
-		       int offset, int width, int cf1, int cf2, int finished);
-struct wpabuf * wpas_ap_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
-					     int ndef);
-#ifdef CONFIG_AP
-struct wpabuf * wpas_ap_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-					     int ndef);
-#else /* CONFIG_AP */
-static inline struct wpabuf *
-wpas_ap_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-			     int ndef)
-{
-	return NULL;
-}
-#endif /* CONFIG_AP */
-
-int wpas_ap_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
-				    const struct wpabuf *req,
-				    const struct wpabuf *sel);
-int wpas_ap_wps_add_nfc_pw(struct wpa_supplicant *wpa_s, u16 pw_id,
-			   const struct wpabuf *pw, const u8 *pubkey_hash);
-
-struct hostapd_config;
-int wpa_supplicant_conf_ap_ht(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid,
-			      struct hostapd_config *conf);
-
-int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s);
-
-int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf,
-			     size_t len);
-void wpas_ap_pmksa_cache_flush(struct wpa_supplicant *wpa_s);
-int wpas_ap_pmksa_cache_list_mesh(struct wpa_supplicant *wpa_s, const u8 *addr,
-				  char *buf, size_t len);
-int wpas_ap_pmksa_cache_add_external(struct wpa_supplicant *wpa_s, char *cmd);
-int wpas_ap_update_beacon(struct wpa_supplicant *wpa_s);
-
-void wpas_ap_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
-				      struct dfs_event *radar);
-void wpas_ap_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
-				   struct dfs_event *radar);
-void wpas_ap_event_dfs_cac_finished(struct wpa_supplicant *wpa_s,
-				    struct dfs_event *radar);
-void wpas_ap_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s,
-				   struct dfs_event *radar);
-void wpas_ap_event_dfs_cac_nop_finished(struct wpa_supplicant *wpa_s,
-					struct dfs_event *radar);
-
-void ap_periodic(struct wpa_supplicant *wpa_s);
-
-#endif /* AP_H */
diff --git a/wpa_supplicant/autoscan.c b/wpa_supplicant/autoscan.c
deleted file mode 100644
index 5056a9300a87..000000000000
--- a/wpa_supplicant/autoscan.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * WPA Supplicant - auto scan
- * Copyright (c) 2012, Intel Corporation. All rights reserved.
- * Copyright 2015	Intel Deutschland GmbH
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "bss.h"
-#include "scan.h"
-#include "autoscan.h"
-
-
-static const struct autoscan_ops * autoscan_modules[] = {
-#ifdef CONFIG_AUTOSCAN_EXPONENTIAL
-	&autoscan_exponential_ops,
-#endif /* CONFIG_AUTOSCAN_EXPONENTIAL */
-#ifdef CONFIG_AUTOSCAN_PERIODIC
-	&autoscan_periodic_ops,
-#endif /* CONFIG_AUTOSCAN_PERIODIC */
-	NULL
-};
-
-
-static void request_scan(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->scan_req = MANUAL_SCAN_REQ;
-
-	if (wpa_supplicant_req_sched_scan(wpa_s))
-		wpa_supplicant_req_scan(wpa_s, wpa_s->scan_interval, 0);
-}
-
-
-int autoscan_init(struct wpa_supplicant *wpa_s, int req_scan)
-{
-	const char *name = wpa_s->conf->autoscan;
-	const char *params;
-	size_t nlen;
-	int i;
-	const struct autoscan_ops *ops = NULL;
-	struct sched_scan_plan *scan_plans;
-
-	/* Give preference to scheduled scan plans if supported/configured */
-	if (wpa_s->sched_scan_plans) {
-		wpa_printf(MSG_DEBUG,
-			   "autoscan: sched_scan_plans set - use it instead");
-		return 0;
-	}
-
-	if (wpa_s->autoscan && wpa_s->autoscan_priv) {
-		wpa_printf(MSG_DEBUG, "autoscan: Already initialized");
-		return 0;
-	}
-
-	if (name == NULL)
-		return 0;
-
-	params = os_strchr(name, ':');
-	if (params == NULL) {
-		params = "";
-		nlen = os_strlen(name);
-	} else {
-		nlen = params - name;
-		params++;
-	}
-
-	for (i = 0; autoscan_modules[i]; i++) {
-		if (os_strncmp(name, autoscan_modules[i]->name, nlen) == 0) {
-			ops = autoscan_modules[i];
-			break;
-		}
-	}
-
-	if (ops == NULL) {
-		wpa_printf(MSG_ERROR, "autoscan: Could not find module "
-			   "matching the parameter '%s'", name);
-		return -1;
-	}
-
-	scan_plans = os_malloc(sizeof(*wpa_s->sched_scan_plans));
-	if (!scan_plans)
-		return -1;
-
-	wpa_s->autoscan_params = NULL;
-
-	wpa_s->autoscan_priv = ops->init(wpa_s, params);
-	if (!wpa_s->autoscan_priv) {
-		os_free(scan_plans);
-		return -1;
-	}
-
-	scan_plans[0].interval = 5;
-	scan_plans[0].iterations = 0;
-	os_free(wpa_s->sched_scan_plans);
-	wpa_s->sched_scan_plans = scan_plans;
-	wpa_s->sched_scan_plans_num = 1;
-	wpa_s->autoscan = ops;
-
-	wpa_printf(MSG_DEBUG, "autoscan: Initialized module '%s' with "
-		   "parameters '%s'", ops->name, params);
-	if (!req_scan)
-		return 0;
-
-	/*
-	 * Cancelling existing scan requests, if any.
-	 */
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_cancel_scan(wpa_s);
-
-	/*
-	 * Firing first scan, which will lead to call autoscan_notify_scan.
-	 */
-	request_scan(wpa_s);
-
-	return 0;
-}
-
-
-void autoscan_deinit(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->autoscan && wpa_s->autoscan_priv) {
-		wpa_printf(MSG_DEBUG, "autoscan: Deinitializing module '%s'",
-			   wpa_s->autoscan->name);
-		wpa_s->autoscan->deinit(wpa_s->autoscan_priv);
-		wpa_s->autoscan = NULL;
-		wpa_s->autoscan_priv = NULL;
-
-		wpa_s->scan_interval = 5;
-
-		os_free(wpa_s->sched_scan_plans);
-		wpa_s->sched_scan_plans = NULL;
-		wpa_s->sched_scan_plans_num = 0;
-	}
-}
-
-
-int autoscan_notify_scan(struct wpa_supplicant *wpa_s,
-			 struct wpa_scan_results *scan_res)
-{
-	int interval;
-
-	if (wpa_s->autoscan && wpa_s->autoscan_priv) {
-		interval = wpa_s->autoscan->notify_scan(wpa_s->autoscan_priv,
-							scan_res);
-
-		if (interval <= 0)
-			return -1;
-
-		wpa_s->scan_interval = interval;
-		wpa_s->sched_scan_plans[0].interval = interval;
-
-		request_scan(wpa_s);
-	}
-
-	return 0;
-}
diff --git a/wpa_supplicant/autoscan.h b/wpa_supplicant/autoscan.h
deleted file mode 100644
index 560684fcbf77..000000000000
--- a/wpa_supplicant/autoscan.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * WPA Supplicant - auto scan
- * Copyright (c) 2012, Intel Corporation. All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef AUTOSCAN_H
-#define AUTOSCAN_H
-
-struct wpa_supplicant;
-
-struct autoscan_ops {
-	const char *name;
-
-	void * (*init)(struct wpa_supplicant *wpa_s, const char *params);
-	void (*deinit)(void *priv);
-
-	int (*notify_scan)(void *priv, struct wpa_scan_results *scan_res);
-};
-
-#ifdef CONFIG_AUTOSCAN
-
-int autoscan_init(struct wpa_supplicant *wpa_s, int req_scan);
-void autoscan_deinit(struct wpa_supplicant *wpa_s);
-int autoscan_notify_scan(struct wpa_supplicant *wpa_s,
-			 struct wpa_scan_results *scan_res);
-
-/* Available autoscan modules */
-
-#ifdef CONFIG_AUTOSCAN_EXPONENTIAL
-extern const struct autoscan_ops autoscan_exponential_ops;
-#endif /* CONFIG_AUTOSCAN_EXPONENTIAL */
-
-#ifdef CONFIG_AUTOSCAN_PERIODIC
-extern const struct autoscan_ops autoscan_periodic_ops;
-#endif /* CONFIG_AUTOSCAN_PERIODIC */
-
-#else /* CONFIG_AUTOSCAN */
-
-static inline int autoscan_init(struct wpa_supplicant *wpa_s, int req_scan)
-{
-	return 0;
-}
-
-static inline void autoscan_deinit(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int autoscan_notify_scan(struct wpa_supplicant *wpa_s,
-				       struct wpa_scan_results *scan_res)
-{
-	return 0;
-}
-
-#endif /* CONFIG_AUTOSCAN */
-
-#endif /* AUTOSCAN_H */
diff --git a/wpa_supplicant/autoscan_exponential.c b/wpa_supplicant/autoscan_exponential.c
deleted file mode 100644
index 424477be8d43..000000000000
--- a/wpa_supplicant/autoscan_exponential.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * WPA Supplicant - auto scan exponential module
- * Copyright (c) 2012, Intel Corporation. All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-#include "autoscan.h"
-
-struct autoscan_exponential_data {
-	struct wpa_supplicant *wpa_s;
-	int base;
-	int limit;
-	int interval;
-};
-
-
-static int
-autoscan_exponential_get_params(struct autoscan_exponential_data *data,
-				const char *params)
-{
-	const char *pos;
-
-	if (params == NULL)
-		return -1;
-
-	data->base = atoi(params);
-
-	pos = os_strchr(params, ':');
-	if (pos == NULL)
-		return -1;
-
-	pos++;
-	data->limit = atoi(pos);
-
-	return 0;
-}
-
-
-static void * autoscan_exponential_init(struct wpa_supplicant *wpa_s,
-					const char *params)
-{
-	struct autoscan_exponential_data *data;
-
-	data = os_zalloc(sizeof(struct autoscan_exponential_data));
-	if (data == NULL)
-		return NULL;
-
-	if (autoscan_exponential_get_params(data, params) < 0) {
-		os_free(data);
-		return NULL;
-	}
-
-	wpa_printf(MSG_DEBUG, "autoscan exponential: base exponential is %d "
-		   "and limit is %d", data->base, data->limit);
-
-	data->wpa_s = wpa_s;
-
-	return data;
-}
-
-
-static void autoscan_exponential_deinit(void *priv)
-{
-	struct autoscan_exponential_data *data = priv;
-
-	os_free(data);
-}
-
-
-static int autoscan_exponential_notify_scan(void *priv,
-					    struct wpa_scan_results *scan_res)
-{
-	struct autoscan_exponential_data *data = priv;
-
-	wpa_printf(MSG_DEBUG, "autoscan exponential: scan result "
-		   "notification");
-
-	if (data->interval >= data->limit)
-		return data->limit;
-
-	if (data->interval <= 0)
-		data->interval = data->base;
-	else {
-		data->interval = data->interval * data->base;
-		if (data->interval > data->limit)
-			return data->limit;
-	}
-
-	return data->interval;
-}
-
-
-const struct autoscan_ops autoscan_exponential_ops = {
-	.name = "exponential",
-	.init = autoscan_exponential_init,
-	.deinit = autoscan_exponential_deinit,
-	.notify_scan = autoscan_exponential_notify_scan,
-};
diff --git a/wpa_supplicant/autoscan_periodic.c b/wpa_supplicant/autoscan_periodic.c
deleted file mode 100644
index 102d7234d35d..000000000000
--- a/wpa_supplicant/autoscan_periodic.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * WPA Supplicant - auto scan periodic module
- * Copyright (c) 2012, Intel Corporation. All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-#include "autoscan.h"
-
-
-struct autoscan_periodic_data {
-	int periodic_interval;
-};
-
-
-static int autoscan_periodic_get_params(struct autoscan_periodic_data *data,
-					const char *params)
-{
-	int interval;
-
-	if (params == NULL)
-		return -1;
-
-	interval = atoi(params);
-
-	if (interval < 0)
-		return -1;
-
-	data->periodic_interval = interval;
-
-	return 0;
-}
-
-
-static void * autoscan_periodic_init(struct wpa_supplicant *wpa_s,
-				     const char *params)
-{
-	struct autoscan_periodic_data *data;
-
-	data = os_zalloc(sizeof(struct autoscan_periodic_data));
-	if (data == NULL)
-		return NULL;
-
-	if (autoscan_periodic_get_params(data, params) < 0) {
-		os_free(data);
-		return NULL;
-	}
-
-	wpa_printf(MSG_DEBUG, "autoscan periodic: interval is %d",
-		   data->periodic_interval);
-
-	return data;
-}
-
-
-static void autoscan_periodic_deinit(void *priv)
-{
-	struct autoscan_periodic_data *data = priv;
-
-	os_free(data);
-}
-
-
-static int autoscan_periodic_notify_scan(void *priv,
-					 struct wpa_scan_results *scan_res)
-{
-	struct autoscan_periodic_data *data = priv;
-
-	wpa_printf(MSG_DEBUG, "autoscan periodic: scan result notification");
-
-	return data->periodic_interval;
-}
-
-
-const struct autoscan_ops autoscan_periodic_ops = {
-	.name = "periodic",
-	.init = autoscan_periodic_init,
-	.deinit = autoscan_periodic_deinit,
-	.notify_scan = autoscan_periodic_notify_scan,
-};
diff --git a/wpa_supplicant/bgscan.c b/wpa_supplicant/bgscan.c
deleted file mode 100644
index 1ea640114c8e..000000000000
--- a/wpa_supplicant/bgscan.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * WPA Supplicant - background scan and roaming interface
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-#include "config_ssid.h"
-#include "bgscan.h"
-
-
-static const struct bgscan_ops * bgscan_modules[] = {
-#ifdef CONFIG_BGSCAN_SIMPLE
-	&bgscan_simple_ops,
-#endif /* CONFIG_BGSCAN_SIMPLE */
-#ifdef CONFIG_BGSCAN_LEARN
-	&bgscan_learn_ops,
-#endif /* CONFIG_BGSCAN_LEARN */
-	NULL
-};
-
-
-int bgscan_init(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-		const char *name)
-{
-	const char *params;
-	size_t nlen;
-	int i;
-	const struct bgscan_ops *ops = NULL;
-
-	bgscan_deinit(wpa_s);
-
-	params = os_strchr(name, ':');
-	if (params == NULL) {
-		params = "";
-		nlen = os_strlen(name);
-	} else {
-		nlen = params - name;
-		params++;
-	}
-
-	for (i = 0; bgscan_modules[i]; i++) {
-		if (os_strncmp(name, bgscan_modules[i]->name, nlen) == 0) {
-			ops = bgscan_modules[i];
-			break;
-		}
-	}
-
-	if (ops == NULL) {
-		wpa_printf(MSG_ERROR, "bgscan: Could not find module "
-			   "matching the parameter '%s'", name);
-		return -1;
-	}
-
-	wpa_s->bgscan_priv = ops->init(wpa_s, params, ssid);
-	if (wpa_s->bgscan_priv == NULL)
-		return -1;
-	wpa_s->bgscan = ops;
-	wpa_printf(MSG_DEBUG, "bgscan: Initialized module '%s' with "
-		   "parameters '%s'", ops->name, params);
-
-	return 0;
-}
-
-
-void bgscan_deinit(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->bgscan && wpa_s->bgscan_priv) {
-		wpa_printf(MSG_DEBUG, "bgscan: Deinitializing module '%s'",
-			   wpa_s->bgscan->name);
-		wpa_s->bgscan->deinit(wpa_s->bgscan_priv);
-		wpa_s->bgscan = NULL;
-		wpa_s->bgscan_priv = NULL;
-	}
-}
-
-
-int bgscan_notify_scan(struct wpa_supplicant *wpa_s,
-		       struct wpa_scan_results *scan_res)
-{
-	if (wpa_s->bgscan && wpa_s->bgscan_priv)
-		return wpa_s->bgscan->notify_scan(wpa_s->bgscan_priv,
-						  scan_res);
-	return 0;
-}
-
-
-void bgscan_notify_beacon_loss(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->bgscan && wpa_s->bgscan_priv)
-		wpa_s->bgscan->notify_beacon_loss(wpa_s->bgscan_priv);
-}
-
-
-void bgscan_notify_signal_change(struct wpa_supplicant *wpa_s, int above,
-				 int current_signal, int current_noise,
-				 int current_txrate)
-{
-	if (wpa_s->bgscan && wpa_s->bgscan_priv)
-		wpa_s->bgscan->notify_signal_change(wpa_s->bgscan_priv, above,
-						    current_signal,
-						    current_noise,
-						    current_txrate);
-}
diff --git a/wpa_supplicant/bgscan.h b/wpa_supplicant/bgscan.h
deleted file mode 100644
index 3df1550a97dd..000000000000
--- a/wpa_supplicant/bgscan.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * WPA Supplicant - background scan and roaming interface
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef BGSCAN_H
-#define BGSCAN_H
-
-struct wpa_supplicant;
-struct wpa_ssid;
-
-struct bgscan_ops {
-	const char *name;
-
-	void * (*init)(struct wpa_supplicant *wpa_s, const char *params,
-		       const struct wpa_ssid *ssid);
-	void (*deinit)(void *priv);
-
-	int (*notify_scan)(void *priv, struct wpa_scan_results *scan_res);
-	void (*notify_beacon_loss)(void *priv);
-	void (*notify_signal_change)(void *priv, int above,
-				     int current_signal,
-				     int current_noise,
-				     int current_txrate);
-};
-
-#ifdef CONFIG_BGSCAN
-
-int bgscan_init(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-		const char *name);
-void bgscan_deinit(struct wpa_supplicant *wpa_s);
-int bgscan_notify_scan(struct wpa_supplicant *wpa_s,
-		       struct wpa_scan_results *scan_res);
-void bgscan_notify_beacon_loss(struct wpa_supplicant *wpa_s);
-void bgscan_notify_signal_change(struct wpa_supplicant *wpa_s, int above,
-				 int current_signal, int current_noise,
-				 int current_txrate);
-
-/* Available bgscan modules */
-
-#ifdef CONFIG_BGSCAN_SIMPLE
-extern const struct bgscan_ops bgscan_simple_ops;
-#endif /* CONFIG_BGSCAN_SIMPLE */
-#ifdef CONFIG_BGSCAN_LEARN
-extern const struct bgscan_ops bgscan_learn_ops;
-#endif /* CONFIG_BGSCAN_LEARN */
-
-#else /* CONFIG_BGSCAN */
-
-static inline int bgscan_init(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid, const char name)
-{
-	return 0;
-}
-
-static inline void bgscan_deinit(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int bgscan_notify_scan(struct wpa_supplicant *wpa_s,
-				     struct wpa_scan_results *scan_res)
-{
-	return 0;
-}
-
-static inline void bgscan_notify_beacon_loss(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void bgscan_notify_signal_change(struct wpa_supplicant *wpa_s,
-					       int above, int current_signal,
-					       int current_noise,
-					       int current_txrate)
-{
-}
-
-#endif /* CONFIG_BGSCAN */
-
-#endif /* BGSCAN_H */
diff --git a/wpa_supplicant/bgscan_learn.c b/wpa_supplicant/bgscan_learn.c
deleted file mode 100644
index cb732f709b9e..000000000000
--- a/wpa_supplicant/bgscan_learn.c
+++ /dev/null
@@ -1,614 +0,0 @@
-/*
- * WPA Supplicant - background scan and roaming module: learn
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "list.h"
-#include "common/ieee802_11_defs.h"
-#include "drivers/driver.h"
-#include "config_ssid.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "scan.h"
-#include "bgscan.h"
-
-struct bgscan_learn_bss {
-	struct dl_list list;
-	u8 bssid[ETH_ALEN];
-	int freq;
-	u8 *neigh; /* num_neigh * ETH_ALEN buffer */
-	size_t num_neigh;
-};
-
-struct bgscan_learn_data {
-	struct wpa_supplicant *wpa_s;
-	const struct wpa_ssid *ssid;
-	int scan_interval;
-	int signal_threshold;
-	int short_interval; /* use if signal < threshold */
-	int long_interval; /* use if signal > threshold */
-	struct os_reltime last_bgscan;
-	char *fname;
-	struct dl_list bss;
-	int *supp_freqs;
-	int probe_idx;
-};
-
-
-static void bss_free(struct bgscan_learn_bss *bss)
-{
-	os_free(bss->neigh);
-	os_free(bss);
-}
-
-
-static int bssid_in_array(u8 *array, size_t array_len, const u8 *bssid)
-{
-	size_t i;
-
-	if (array == NULL || array_len == 0)
-		return 0;
-
-	for (i = 0; i < array_len; i++) {
-		if (os_memcmp(array + i * ETH_ALEN, bssid, ETH_ALEN) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static void bgscan_learn_add_neighbor(struct bgscan_learn_bss *bss,
-				      const u8 *bssid)
-{
-	u8 *n;
-
-	if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
-		return;
-	if (bssid_in_array(bss->neigh, bss->num_neigh, bssid))
-		return;
-
-	n = os_realloc_array(bss->neigh, bss->num_neigh + 1, ETH_ALEN);
-	if (n == NULL)
-		return;
-
-	os_memcpy(n + bss->num_neigh * ETH_ALEN, bssid, ETH_ALEN);
-	bss->neigh = n;
-	bss->num_neigh++;
-}
-
-
-static struct bgscan_learn_bss * bgscan_learn_get_bss(
-	struct bgscan_learn_data *data, const u8 *bssid)
-{
-	struct bgscan_learn_bss *bss;
-
-	dl_list_for_each(bss, &data->bss, struct bgscan_learn_bss, list) {
-		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
-			return bss;
-	}
-	return NULL;
-}
-
-
-static int bgscan_learn_load(struct bgscan_learn_data *data)
-{
-	FILE *f;
-	char buf[128];
-	struct bgscan_learn_bss *bss;
-
-	if (data->fname == NULL)
-		return 0;
-
-	f = fopen(data->fname, "r");
-	if (f == NULL)
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "bgscan learn: Loading data from %s",
-		   data->fname);
-
-	if (fgets(buf, sizeof(buf), f) == NULL ||
-	    os_strncmp(buf, "wpa_supplicant-bgscan-learn\n", 28) != 0) {
-		wpa_printf(MSG_INFO, "bgscan learn: Invalid data file %s",
-			   data->fname);
-		fclose(f);
-		return -1;
-	}
-
-	while (fgets(buf, sizeof(buf), f)) {
-		if (os_strncmp(buf, "BSS ", 4) == 0) {
-			bss = os_zalloc(sizeof(*bss));
-			if (!bss)
-				continue;
-			if (hwaddr_aton(buf + 4, bss->bssid) < 0) {
-				bss_free(bss);
-				continue;
-			}
-			bss->freq = atoi(buf + 4 + 18);
-			dl_list_add(&data->bss, &bss->list);
-			wpa_printf(MSG_DEBUG, "bgscan learn: Loaded BSS "
-				   "entry: " MACSTR " freq=%d",
-				   MAC2STR(bss->bssid), bss->freq);
-		}
-
-		if (os_strncmp(buf, "NEIGHBOR ", 9) == 0) {
-			u8 addr[ETH_ALEN];
-
-			if (hwaddr_aton(buf + 9, addr) < 0)
-				continue;
-			bss = bgscan_learn_get_bss(data, addr);
-			if (bss == NULL)
-				continue;
-			if (hwaddr_aton(buf + 9 + 18, addr) < 0)
-				continue;
-
-			bgscan_learn_add_neighbor(bss, addr);
-		}
-	}
-
-	fclose(f);
-	return 0;
-}
-
-
-static void bgscan_learn_save(struct bgscan_learn_data *data)
-{
-	FILE *f;
-	struct bgscan_learn_bss *bss;
-
-	if (data->fname == NULL)
-		return;
-
-	wpa_printf(MSG_DEBUG, "bgscan learn: Saving data to %s",
-		   data->fname);
-
-	f = fopen(data->fname, "w");
-	if (f == NULL)
-		return;
-	fprintf(f, "wpa_supplicant-bgscan-learn\n");
-
-	dl_list_for_each(bss, &data->bss, struct bgscan_learn_bss, list) {
-		fprintf(f, "BSS " MACSTR " %d\n",
-			MAC2STR(bss->bssid), bss->freq);
-	}
-
-	dl_list_for_each(bss, &data->bss, struct bgscan_learn_bss, list) {
-		size_t i;
-		for (i = 0; i < bss->num_neigh; i++) {
-			fprintf(f, "NEIGHBOR " MACSTR " " MACSTR "\n",
-				MAC2STR(bss->bssid),
-				MAC2STR(bss->neigh + i * ETH_ALEN));
-		}
-	}
-
-	fclose(f);
-}
-
-
-static int in_array(int *array, int val)
-{
-	int i;
-
-	if (array == NULL)
-		return 0;
-
-	for (i = 0; array[i]; i++) {
-		if (array[i] == val)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int * bgscan_learn_get_freqs(struct bgscan_learn_data *data,
-				    size_t *count)
-{
-	struct bgscan_learn_bss *bss;
-	int *freqs = NULL, *n;
-
-	*count = 0;
-
-	dl_list_for_each(bss, &data->bss, struct bgscan_learn_bss, list) {
-		if (in_array(freqs, bss->freq))
-			continue;
-		n = os_realloc_array(freqs, *count + 2, sizeof(int));
-		if (n == NULL)
-			return freqs;
-		freqs = n;
-		freqs[*count] = bss->freq;
-		(*count)++;
-		freqs[*count] = 0;
-	}
-
-	return freqs;
-}
-
-
-static int * bgscan_learn_get_probe_freq(struct bgscan_learn_data *data,
-					 int *freqs, size_t count)
-{
-	int idx, *n;
-
-	if (data->supp_freqs == NULL)
-		return freqs;
-
-	idx = data->probe_idx;
-	do {
-		if (!in_array(freqs, data->supp_freqs[idx])) {
-			wpa_printf(MSG_DEBUG, "bgscan learn: Probe new freq "
-				   "%u", data->supp_freqs[idx]);
-			data->probe_idx = idx + 1;
-			if (data->supp_freqs[data->probe_idx] == 0)
-				data->probe_idx = 0;
-			n = os_realloc_array(freqs, count + 2, sizeof(int));
-			if (n == NULL)
-				return freqs;
-			freqs = n;
-			freqs[count] = data->supp_freqs[idx];
-			count++;
-			freqs[count] = 0;
-			break;
-		}
-
-		idx++;
-		if (data->supp_freqs[idx] == 0)
-			idx = 0;
-	} while (idx != data->probe_idx);
-
-	return freqs;
-}
-
-
-static void bgscan_learn_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct bgscan_learn_data *data = eloop_ctx;
-	struct wpa_supplicant *wpa_s = data->wpa_s;
-	struct wpa_driver_scan_params params;
-	int *freqs = NULL;
-	size_t count, i;
-	char msg[100], *pos;
-
-	os_memset(&params, 0, sizeof(params));
-	params.num_ssids = 1;
-	params.ssids[0].ssid = data->ssid->ssid;
-	params.ssids[0].ssid_len = data->ssid->ssid_len;
-	if (data->ssid->scan_freq)
-		params.freqs = data->ssid->scan_freq;
-	else {
-		freqs = bgscan_learn_get_freqs(data, &count);
-		wpa_printf(MSG_DEBUG, "bgscan learn: BSSes in this ESS have "
-			   "been seen on %u channels", (unsigned int) count);
-		freqs = bgscan_learn_get_probe_freq(data, freqs, count);
-
-		msg[0] = '\0';
-		pos = msg;
-		for (i = 0; freqs && freqs[i]; i++) {
-			int ret;
-			ret = os_snprintf(pos, msg + sizeof(msg) - pos, " %d",
-					  freqs[i]);
-			if (os_snprintf_error(msg + sizeof(msg) - pos, ret))
-				break;
-			pos += ret;
-		}
-		pos[0] = '\0';
-		wpa_printf(MSG_DEBUG, "bgscan learn: Scanning frequencies:%s",
-			   msg);
-		params.freqs = freqs;
-	}
-
-	wpa_printf(MSG_DEBUG, "bgscan learn: Request a background scan");
-	if (wpa_supplicant_trigger_scan(wpa_s, &params)) {
-		wpa_printf(MSG_DEBUG, "bgscan learn: Failed to trigger scan");
-		eloop_register_timeout(data->scan_interval, 0,
-				       bgscan_learn_timeout, data, NULL);
-	} else
-		os_get_reltime(&data->last_bgscan);
-	os_free(freqs);
-}
-
-
-static int bgscan_learn_get_params(struct bgscan_learn_data *data,
-				   const char *params)
-{
-	const char *pos;
-
-	data->short_interval = atoi(params);
-
-	pos = os_strchr(params, ':');
-	if (pos == NULL)
-		return 0;
-	pos++;
-	data->signal_threshold = atoi(pos);
-	pos = os_strchr(pos, ':');
-	if (pos == NULL) {
-		wpa_printf(MSG_ERROR, "bgscan learn: Missing scan interval "
-			   "for high signal");
-		return -1;
-	}
-	pos++;
-	data->long_interval = atoi(pos);
-	pos = os_strchr(pos, ':');
-	if (pos) {
-		pos++;
-		data->fname = os_strdup(pos);
-	}
-
-	return 0;
-}
-
-
-static int * bgscan_learn_get_supp_freqs(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_hw_modes *modes;
-	int i, j, *freqs = NULL, *n;
-	size_t count = 0;
-
-	modes = wpa_s->hw.modes;
-	if (modes == NULL)
-		return NULL;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		for (j = 0; j < modes[i].num_channels; j++) {
-			if (modes[i].channels[j].flag & HOSTAPD_CHAN_DISABLED)
-				continue;
-			/* some hw modes (e.g. 11b & 11g) contain same freqs */
-			if (in_array(freqs, modes[i].channels[j].freq))
-				continue;
-			n = os_realloc_array(freqs, count + 2, sizeof(int));
-			if (n == NULL)
-				continue;
-
-			freqs = n;
-			freqs[count] = modes[i].channels[j].freq;
-			count++;
-			freqs[count] = 0;
-		}
-	}
-
-	return freqs;
-}
-
-
-static void * bgscan_learn_init(struct wpa_supplicant *wpa_s,
-				const char *params,
-				const struct wpa_ssid *ssid)
-{
-	struct bgscan_learn_data *data;
-
-	data = os_zalloc(sizeof(*data));
-	if (data == NULL)
-		return NULL;
-	dl_list_init(&data->bss);
-	data->wpa_s = wpa_s;
-	data->ssid = ssid;
-	if (bgscan_learn_get_params(data, params) < 0) {
-		os_free(data->fname);
-		os_free(data);
-		return NULL;
-	}
-	if (data->short_interval <= 0)
-		data->short_interval = 30;
-	if (data->long_interval <= 0)
-		data->long_interval = 30;
-
-	if (bgscan_learn_load(data) < 0) {
-		os_free(data->fname);
-		os_free(data);
-		return NULL;
-	}
-
-	wpa_printf(MSG_DEBUG, "bgscan learn: Signal strength threshold %d  "
-		   "Short bgscan interval %d  Long bgscan interval %d",
-		   data->signal_threshold, data->short_interval,
-		   data->long_interval);
-
-	if (data->signal_threshold &&
-	    wpa_drv_signal_monitor(wpa_s, data->signal_threshold, 4) < 0) {
-		wpa_printf(MSG_ERROR, "bgscan learn: Failed to enable "
-			   "signal strength monitoring");
-	}
-
-	data->supp_freqs = bgscan_learn_get_supp_freqs(wpa_s);
-	data->scan_interval = data->short_interval;
-	if (data->signal_threshold) {
-		/* Poll for signal info to set initial scan interval */
-		struct wpa_signal_info siginfo;
-		if (wpa_drv_signal_poll(wpa_s, &siginfo) == 0 &&
-		    siginfo.current_signal >= data->signal_threshold)
-			data->scan_interval = data->long_interval;
-	}
-
-	eloop_register_timeout(data->scan_interval, 0, bgscan_learn_timeout,
-			       data, NULL);
-
-	/*
-	 * This function is called immediately after an association, so it is
-	 * reasonable to assume that a scan was completed recently. This makes
-	 * us skip an immediate new scan in cases where the current signal
-	 * level is below the bgscan threshold.
-	 */
-	os_get_reltime(&data->last_bgscan);
-
-	return data;
-}
-
-
-static void bgscan_learn_deinit(void *priv)
-{
-	struct bgscan_learn_data *data = priv;
-	struct bgscan_learn_bss *bss, *n;
-
-	bgscan_learn_save(data);
-	eloop_cancel_timeout(bgscan_learn_timeout, data, NULL);
-	if (data->signal_threshold)
-		wpa_drv_signal_monitor(data->wpa_s, 0, 0);
-	os_free(data->fname);
-	dl_list_for_each_safe(bss, n, &data->bss, struct bgscan_learn_bss,
-			      list) {
-		dl_list_del(&bss->list);
-		bss_free(bss);
-	}
-	os_free(data->supp_freqs);
-	os_free(data);
-}
-
-
-static int bgscan_learn_bss_match(struct bgscan_learn_data *data,
-				  struct wpa_scan_res *bss)
-{
-	const u8 *ie;
-
-	ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
-	if (ie == NULL)
-		return 0;
-
-	if (data->ssid->ssid_len != ie[1] ||
-	    os_memcmp(data->ssid->ssid, ie + 2, ie[1]) != 0)
-		return 0; /* SSID mismatch */
-
-	return 1;
-}
-
-
-static int bgscan_learn_notify_scan(void *priv,
-				    struct wpa_scan_results *scan_res)
-{
-	struct bgscan_learn_data *data = priv;
-	size_t i, j;
-#define MAX_BSS 50
-	u8 bssid[MAX_BSS * ETH_ALEN];
-	size_t num_bssid = 0;
-
-	wpa_printf(MSG_DEBUG, "bgscan learn: scan result notification");
-
-	eloop_cancel_timeout(bgscan_learn_timeout, data, NULL);
-	eloop_register_timeout(data->scan_interval, 0, bgscan_learn_timeout,
-			       data, NULL);
-
-	for (i = 0; i < scan_res->num; i++) {
-		struct wpa_scan_res *res = scan_res->res[i];
-		if (!bgscan_learn_bss_match(data, res))
-			continue;
-
-		if (num_bssid < MAX_BSS) {
-			os_memcpy(bssid + num_bssid * ETH_ALEN, res->bssid,
-				  ETH_ALEN);
-			num_bssid++;
-		}
-	}
-	wpa_printf(MSG_DEBUG, "bgscan learn: %u matching BSSes in scan "
-		   "results", (unsigned int) num_bssid);
-
-	for (i = 0; i < scan_res->num; i++) {
-		struct wpa_scan_res *res = scan_res->res[i];
-		struct bgscan_learn_bss *bss;
-
-		if (!bgscan_learn_bss_match(data, res))
-			continue;
-
-		bss = bgscan_learn_get_bss(data, res->bssid);
-		if (bss && bss->freq != res->freq) {
-			wpa_printf(MSG_DEBUG, "bgscan learn: Update BSS "
-			   MACSTR " freq %d -> %d",
-				   MAC2STR(res->bssid), bss->freq, res->freq);
-			bss->freq = res->freq;
-		} else if (!bss) {
-			wpa_printf(MSG_DEBUG, "bgscan learn: Add BSS " MACSTR
-				   " freq=%d", MAC2STR(res->bssid), res->freq);
-			bss = os_zalloc(sizeof(*bss));
-			if (!bss)
-				continue;
-			os_memcpy(bss->bssid, res->bssid, ETH_ALEN);
-			bss->freq = res->freq;
-			dl_list_add(&data->bss, &bss->list);
-		}
-
-		for (j = 0; j < num_bssid; j++) {
-			u8 *addr = bssid + j * ETH_ALEN;
-			bgscan_learn_add_neighbor(bss, addr);
-		}
-	}
-
-	/*
-	 * A more advanced bgscan could process scan results internally, select
-	 * the BSS and request roam if needed. This sample uses the existing
-	 * BSS/ESS selection routine. Change this to return 1 if selection is
-	 * done inside the bgscan module.
-	 */
-
-	return 0;
-}
-
-
-static void bgscan_learn_notify_beacon_loss(void *priv)
-{
-	wpa_printf(MSG_DEBUG, "bgscan learn: beacon loss");
-	/* TODO: speed up background scanning */
-}
-
-
-static void bgscan_learn_notify_signal_change(void *priv, int above,
-					      int current_signal,
-					      int current_noise,
-					      int current_txrate)
-{
-	struct bgscan_learn_data *data = priv;
-	int scan = 0;
-	struct os_reltime now;
-
-	if (data->short_interval == data->long_interval ||
-	    data->signal_threshold == 0)
-		return;
-
-	wpa_printf(MSG_DEBUG, "bgscan learn: signal level changed "
-		   "(above=%d current_signal=%d current_noise=%d "
-		   "current_txrate=%d)", above, current_signal,
-		   current_noise, current_txrate);
-	if (data->scan_interval == data->long_interval && !above) {
-		wpa_printf(MSG_DEBUG, "bgscan learn: Start using short bgscan "
-			   "interval");
-		data->scan_interval = data->short_interval;
-		os_get_reltime(&now);
-		if (now.sec > data->last_bgscan.sec + 1)
-			scan = 1;
-	} else if (data->scan_interval == data->short_interval && above) {
-		wpa_printf(MSG_DEBUG, "bgscan learn: Start using long bgscan "
-			   "interval");
-		data->scan_interval = data->long_interval;
-		eloop_cancel_timeout(bgscan_learn_timeout, data, NULL);
-		eloop_register_timeout(data->scan_interval, 0,
-				       bgscan_learn_timeout, data, NULL);
-	} else if (!above) {
-		/*
-		 * Signal dropped further 4 dB. Request a new scan if we have
-		 * not yet scanned in a while.
-		 */
-		os_get_reltime(&now);
-		if (now.sec > data->last_bgscan.sec + 10)
-			scan = 1;
-	}
-
-	if (scan) {
-		wpa_printf(MSG_DEBUG, "bgscan learn: Trigger immediate scan");
-		eloop_cancel_timeout(bgscan_learn_timeout, data, NULL);
-		eloop_register_timeout(0, 0, bgscan_learn_timeout, data, NULL);
-	}
-}
-
-
-const struct bgscan_ops bgscan_learn_ops = {
-	.name = "learn",
-	.init = bgscan_learn_init,
-	.deinit = bgscan_learn_deinit,
-	.notify_scan = bgscan_learn_notify_scan,
-	.notify_beacon_loss = bgscan_learn_notify_beacon_loss,
-	.notify_signal_change = bgscan_learn_notify_signal_change,
-};
diff --git a/wpa_supplicant/bgscan_simple.c b/wpa_supplicant/bgscan_simple.c
deleted file mode 100644
index 41a26df0d635..000000000000
--- a/wpa_supplicant/bgscan_simple.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * WPA Supplicant - background scan and roaming module: simple
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "drivers/driver.h"
-#include "config_ssid.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "scan.h"
-#include "bgscan.h"
-
-struct bgscan_simple_data {
-	struct wpa_supplicant *wpa_s;
-	const struct wpa_ssid *ssid;
-	int scan_interval;
-	int signal_threshold;
-	int short_scan_count; /* counter for scans using short scan interval */
-	int max_short_scans; /* maximum times we short-scan before back-off */
-	int short_interval; /* use if signal < threshold */
-	int long_interval; /* use if signal > threshold */
-	struct os_reltime last_bgscan;
-};
-
-
-static void bgscan_simple_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct bgscan_simple_data *data = eloop_ctx;
-	struct wpa_supplicant *wpa_s = data->wpa_s;
-	struct wpa_driver_scan_params params;
-
-	os_memset(&params, 0, sizeof(params));
-	params.num_ssids = 1;
-	params.ssids[0].ssid = data->ssid->ssid;
-	params.ssids[0].ssid_len = data->ssid->ssid_len;
-	params.freqs = data->ssid->scan_freq;
-
-	/*
-	 * A more advanced bgscan module would learn about most like channels
-	 * over time and request scans only for some channels (probing others
-	 * every now and then) to reduce effect on the data connection.
-	 */
-
-	wpa_printf(MSG_DEBUG, "bgscan simple: Request a background scan");
-	if (wpa_supplicant_trigger_scan(wpa_s, &params)) {
-		wpa_printf(MSG_DEBUG, "bgscan simple: Failed to trigger scan");
-		eloop_register_timeout(data->scan_interval, 0,
-				       bgscan_simple_timeout, data, NULL);
-	} else {
-		if (data->scan_interval == data->short_interval) {
-			data->short_scan_count++;
-			if (data->short_scan_count >= data->max_short_scans) {
-				data->scan_interval = data->long_interval;
-				wpa_printf(MSG_DEBUG, "bgscan simple: Backing "
-					   "off to long scan interval");
-			}
-		} else if (data->short_scan_count > 0) {
-			/*
-			 * If we lasted a long scan interval without any
-			 * CQM triggers, decrease the short-scan count,
-			 * which allows 1 more short-scan interval to
-			 * occur in the future when CQM triggers.
-			 */
-			data->short_scan_count--;
-		}
-		os_get_reltime(&data->last_bgscan);
-	}
-}
-
-
-static int bgscan_simple_get_params(struct bgscan_simple_data *data,
-				    const char *params)
-{
-	const char *pos;
-
-	data->short_interval = atoi(params);
-
-	pos = os_strchr(params, ':');
-	if (pos == NULL)
-		return 0;
-	pos++;
-	data->signal_threshold = atoi(pos);
-	pos = os_strchr(pos, ':');
-	if (pos == NULL) {
-		wpa_printf(MSG_ERROR, "bgscan simple: Missing scan interval "
-			   "for high signal");
-		return -1;
-	}
-	pos++;
-	data->long_interval = atoi(pos);
-
-	return 0;
-}
-
-
-static void * bgscan_simple_init(struct wpa_supplicant *wpa_s,
-				 const char *params,
-				 const struct wpa_ssid *ssid)
-{
-	struct bgscan_simple_data *data;
-
-	data = os_zalloc(sizeof(*data));
-	if (data == NULL)
-		return NULL;
-	data->wpa_s = wpa_s;
-	data->ssid = ssid;
-	if (bgscan_simple_get_params(data, params) < 0) {
-		os_free(data);
-		return NULL;
-	}
-	if (data->short_interval <= 0)
-		data->short_interval = 30;
-	if (data->long_interval <= 0)
-		data->long_interval = 30;
-
-	wpa_printf(MSG_DEBUG, "bgscan simple: Signal strength threshold %d  "
-		   "Short bgscan interval %d  Long bgscan interval %d",
-		   data->signal_threshold, data->short_interval,
-		   data->long_interval);
-
-	if (data->signal_threshold &&
-	    wpa_drv_signal_monitor(wpa_s, data->signal_threshold, 4) < 0) {
-		wpa_printf(MSG_ERROR, "bgscan simple: Failed to enable "
-			   "signal strength monitoring");
-	}
-
-	data->scan_interval = data->short_interval;
-	data->max_short_scans = data->long_interval / data->short_interval + 1;
-	if (data->signal_threshold) {
-		/* Poll for signal info to set initial scan interval */
-		struct wpa_signal_info siginfo;
-		if (wpa_drv_signal_poll(wpa_s, &siginfo) == 0 &&
-		    siginfo.current_signal >= data->signal_threshold)
-			data->scan_interval = data->long_interval;
-	}
-	wpa_printf(MSG_DEBUG, "bgscan simple: Init scan interval: %d",
-		   data->scan_interval);
-	eloop_register_timeout(data->scan_interval, 0, bgscan_simple_timeout,
-			       data, NULL);
-
-	/*
-	 * This function is called immediately after an association, so it is
-	 * reasonable to assume that a scan was completed recently. This makes
-	 * us skip an immediate new scan in cases where the current signal
-	 * level is below the bgscan threshold.
-	 */
-	os_get_reltime(&data->last_bgscan);
-
-	return data;
-}
-
-
-static void bgscan_simple_deinit(void *priv)
-{
-	struct bgscan_simple_data *data = priv;
-	eloop_cancel_timeout(bgscan_simple_timeout, data, NULL);
-	if (data->signal_threshold)
-		wpa_drv_signal_monitor(data->wpa_s, 0, 0);
-	os_free(data);
-}
-
-
-static int bgscan_simple_notify_scan(void *priv,
-				     struct wpa_scan_results *scan_res)
-{
-	struct bgscan_simple_data *data = priv;
-
-	wpa_printf(MSG_DEBUG, "bgscan simple: scan result notification");
-
-	eloop_cancel_timeout(bgscan_simple_timeout, data, NULL);
-	eloop_register_timeout(data->scan_interval, 0, bgscan_simple_timeout,
-			       data, NULL);
-
-	/*
-	 * A more advanced bgscan could process scan results internally, select
-	 * the BSS and request roam if needed. This sample uses the existing
-	 * BSS/ESS selection routine. Change this to return 1 if selection is
-	 * done inside the bgscan module.
-	 */
-
-	return 0;
-}
-
-
-static void bgscan_simple_notify_beacon_loss(void *priv)
-{
-	wpa_printf(MSG_DEBUG, "bgscan simple: beacon loss");
-	/* TODO: speed up background scanning */
-}
-
-
-static void bgscan_simple_notify_signal_change(void *priv, int above,
-					       int current_signal,
-					       int current_noise,
-					       int current_txrate)
-{
-	struct bgscan_simple_data *data = priv;
-	int scan = 0;
-	struct os_reltime now;
-
-	if (data->short_interval == data->long_interval ||
-	    data->signal_threshold == 0)
-		return;
-
-	wpa_printf(MSG_DEBUG, "bgscan simple: signal level changed "
-		   "(above=%d current_signal=%d current_noise=%d "
-		   "current_txrate=%d))", above, current_signal,
-		   current_noise, current_txrate);
-	if (data->scan_interval == data->long_interval && !above) {
-		wpa_printf(MSG_DEBUG, "bgscan simple: Start using short "
-			   "bgscan interval");
-		data->scan_interval = data->short_interval;
-		os_get_reltime(&now);
-		if (now.sec > data->last_bgscan.sec + 1 &&
-		    data->short_scan_count <= data->max_short_scans)
-			/*
-			 * If we haven't just previously (<1 second ago)
-			 * performed a scan, and we haven't depleted our
-			 * budget for short-scans, perform a scan
-			 * immediately.
-			 */
-			scan = 1;
-		else if (data->last_bgscan.sec + data->long_interval >
-			 now.sec + data->scan_interval) {
-			/*
-			 * Restart scan interval timer if currently scheduled
-			 * scan is too far in the future.
-			 */
-			eloop_cancel_timeout(bgscan_simple_timeout, data,
-					     NULL);
-			eloop_register_timeout(data->scan_interval, 0,
-					       bgscan_simple_timeout, data,
-					       NULL);
-		}
-	} else if (data->scan_interval == data->short_interval && above) {
-		wpa_printf(MSG_DEBUG, "bgscan simple: Start using long bgscan "
-			   "interval");
-		data->scan_interval = data->long_interval;
-		eloop_cancel_timeout(bgscan_simple_timeout, data, NULL);
-		eloop_register_timeout(data->scan_interval, 0,
-				       bgscan_simple_timeout, data, NULL);
-	} else if (!above) {
-		/*
-		 * Signal dropped further 4 dB. Request a new scan if we have
-		 * not yet scanned in a while.
-		 */
-		os_get_reltime(&now);
-		if (now.sec > data->last_bgscan.sec + 10)
-			scan = 1;
-	}
-
-	if (scan) {
-		wpa_printf(MSG_DEBUG, "bgscan simple: Trigger immediate scan");
-		eloop_cancel_timeout(bgscan_simple_timeout, data, NULL);
-		eloop_register_timeout(0, 0, bgscan_simple_timeout, data,
-				       NULL);
-	}
-}
-
-
-const struct bgscan_ops bgscan_simple_ops = {
-	.name = "simple",
-	.init = bgscan_simple_init,
-	.deinit = bgscan_simple_deinit,
-	.notify_scan = bgscan_simple_notify_scan,
-	.notify_beacon_loss = bgscan_simple_notify_beacon_loss,
-	.notify_signal_change = bgscan_simple_notify_signal_change,
-};
diff --git a/wpa_supplicant/binder/.clang-format b/wpa_supplicant/binder/.clang-format
deleted file mode 100644
index dbfdabfc07fd..000000000000
--- a/wpa_supplicant/binder/.clang-format
+++ /dev/null
@@ -1,9 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Mozilla
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AccessModifierOffset: -8
-AlignAfterOpenBracket: AlwaysBreak
-SortIncludes: false
diff --git a/wpa_supplicant/binder/binder.cpp b/wpa_supplicant/binder/binder.cpp
deleted file mode 100644
index 750e87818b20..000000000000
--- a/wpa_supplicant/binder/binder.cpp
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <binder/IPCThreadState.h>
-#include <binder/IServiceManager.h>
-#include <binder/ProcessState.h>
-
-#include "binder_manager.h"
-
-extern "C" {
-#include "binder.h"
-#include "binder_i.h"
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/includes.h"
-}
-
-void wpas_binder_sock_handler(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_global *global = (wpa_global *)eloop_ctx;
-	struct wpas_binder_priv *priv = (wpas_binder_priv *)sock_ctx;
-
-	wpa_printf(
-	    MSG_DEBUG, "Processing binder events on FD %d", priv->binder_fd);
-	android::IPCThreadState::self()->handlePolledCommands();
-}
-
-struct wpas_binder_priv *wpas_binder_init(struct wpa_global *global)
-{
-	struct wpas_binder_priv *priv;
-	wpa_supplicant_binder::BinderManager *binder_manager;
-
-	priv = (wpas_binder_priv *)os_zalloc(sizeof(*priv));
-	if (!priv)
-		return NULL;
-	priv->global = global;
-
-	android::ProcessState::self()->setThreadPoolMaxThreadCount(0);
-	android::IPCThreadState::self()->disableBackgroundScheduling(true);
-	android::IPCThreadState::self()->setupPolling(&priv->binder_fd);
-	wpa_printf(MSG_INFO, "Process binder events on FD %d", priv->binder_fd);
-	if (priv->binder_fd < 0)
-		goto err;
-	/* Look for read events from the binder socket in the eloop. */
-	if (eloop_register_read_sock(
-		priv->binder_fd, wpas_binder_sock_handler, global, priv) < 0)
-		goto err;
-
-	binder_manager = wpa_supplicant_binder::BinderManager::getInstance();
-	if (!binder_manager)
-		goto err;
-	binder_manager->registerBinderService(global);
-	/* We may not need to store this binder manager reference in the
-	 * global data strucure because we've made it a singleton class. */
-	priv->binder_manager = (void *)binder_manager;
-
-	return priv;
-
-err:
-	wpas_binder_deinit(priv);
-	return NULL;
-}
-
-void wpas_binder_deinit(struct wpas_binder_priv *priv)
-{
-	if (!priv)
-		return;
-
-	wpa_supplicant_binder::BinderManager::destroyInstance();
-	eloop_unregister_read_sock(priv->binder_fd);
-	android::IPCThreadState::shutdown();
-}
-
-int wpas_binder_register_interface(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->global->binder)
-		return 1;
-
-	wpa_supplicant_binder::BinderManager *binder_manager =
-	    wpa_supplicant_binder::BinderManager::getInstance();
-	if (!binder_manager)
-		return 1;
-
-	return binder_manager->registerInterface(wpa_s);
-}
-
-int wpas_binder_unregister_interface(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->global->binder)
-		return 1;
-
-	wpa_supplicant_binder::BinderManager *binder_manager =
-	    wpa_supplicant_binder::BinderManager::getInstance();
-	if (!binder_manager)
-		return 1;
-
-	return binder_manager->unregisterInterface(wpa_s);
-}
diff --git a/wpa_supplicant/binder/binder.h b/wpa_supplicant/binder/binder.h
deleted file mode 100644
index 6d7abb134894..000000000000
--- a/wpa_supplicant/binder/binder.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_SUPPLICANT_BINDER_BINDER_H
-#define WPA_SUPPLICANT_BINDER_BINDER_H
-
-#ifdef _cplusplus
-extern "C" {
-#endif /* _cplusplus */
-
-/**
- * This is the binder RPC interface entry point to the wpa_supplicant core.
- * This initializes the binder driver & BinderManager instance and then forwards
- * all the notifications from the supplicant core to the BinderManager.
- */
-struct wpas_binder_priv;
-struct wpa_global;
-
-struct wpas_binder_priv *wpas_binder_init(struct wpa_global *global);
-void wpas_binder_deinit(struct wpas_binder_priv *priv);
-
-#ifdef CONFIG_CTRL_IFACE_BINDER
-int wpas_binder_register_interface(struct wpa_supplicant *wpa_s);
-int wpas_binder_unregister_interface(struct wpa_supplicant *wpa_s);
-#else  /* CONFIG_CTRL_IFACE_BINDER */
-static inline int wpas_binder_register_interface(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-static inline int wpas_binder_unregister_interface(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-#endif /* CONFIG_CTRL_IFACE_BINDER */
-
-#ifdef _cplusplus
-}
-#endif /* _cplusplus */
-
-#endif /* WPA_SUPPLICANT_BINDER_BINDER_H */
diff --git a/wpa_supplicant/binder/binder_constants.cpp b/wpa_supplicant/binder/binder_constants.cpp
deleted file mode 100644
index 0d452b11baec..000000000000
--- a/wpa_supplicant/binder/binder_constants.cpp
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "binder_constants.h"
-
-namespace wpa_supplicant_binder {
-namespace binder_constants {
-
-const char kServiceName[] = "wpa_supplicant";
-
-} /* namespace binder_constants */
-} /* namespace wpa_supplicant_binder */
diff --git a/wpa_supplicant/binder/binder_constants.h b/wpa_supplicant/binder/binder_constants.h
deleted file mode 100644
index a4d9b558edc0..000000000000
--- a/wpa_supplicant/binder/binder_constants.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_SUPPLICANT_BINDER_BINDER_CONSTANTS_H
-#define WPA_SUPPLICANT_BINDER_BINDER_CONSTANTS_H
-
-namespace wpa_supplicant_binder {
-namespace binder_constants {
-
-extern const char kServiceName[];
-
-} /* namespace binder_constants */
-} /* namespace wpa_supplicant_binder */
-
-#endif /* WPA_SUPPLICANT_BINDER_BINDER_CONSTANTS_H */
diff --git a/wpa_supplicant/binder/binder_i.h b/wpa_supplicant/binder/binder_i.h
deleted file mode 100644
index 5140d6d6c01d..000000000000
--- a/wpa_supplicant/binder/binder_i.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef BINDER_I_H
-#define BINDER_I_H
-
-#ifdef _cplusplus
-extern "C" {
-#endif // _cplusplus
-
-struct wpas_binder_priv
-{
-	int binder_fd;
-	struct wpa_global *global;
-	void *binder_manager;
-};
-
-#ifdef _cplusplus
-}
-#endif /* _cplusplus */
-
-#endif /* BINDER_I_H */
diff --git a/wpa_supplicant/binder/binder_manager.cpp b/wpa_supplicant/binder/binder_manager.cpp
deleted file mode 100644
index 27e8dedca44a..000000000000
--- a/wpa_supplicant/binder/binder_manager.cpp
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <binder/IServiceManager.h>
-
-#include "binder_constants.h"
-#include "binder_manager.h"
-
-extern "C" {
-#include "utils/common.h"
-#include "utils/includes.h"
-}
-
-namespace wpa_supplicant_binder {
-
-BinderManager *BinderManager::instance_ = NULL;
-
-BinderManager *BinderManager::getInstance()
-{
-	if (!instance_)
-		instance_ = new BinderManager();
-	return instance_;
-}
-
-void BinderManager::destroyInstance()
-{
-	if (instance_)
-		delete instance_;
-	instance_ = NULL;
-}
-
-int BinderManager::registerBinderService(struct wpa_global *global)
-{
-	/* Create the main binder service object and register with
-	 * system service manager. */
-	supplicant_object_ = new Supplicant(global);
-	android::String16 service_name(binder_constants::kServiceName);
-	android::defaultServiceManager()->addService(
-	    service_name, android::IInterface::asBinder(supplicant_object_));
-	return 0;
-}
-
-int BinderManager::registerInterface(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s)
-		return 1;
-
-	/* Using the corresponding wpa_supplicant pointer as key to our
-	 * object map. */
-	const void *iface_key = wpa_s;
-
-	/* Return failure if we already have an object for that iface_key. */
-	if (iface_object_map_.find(iface_key) != iface_object_map_.end())
-		return 1;
-
-	iface_object_map_[iface_key] = new Iface(wpa_s);
-	if (!iface_object_map_[iface_key].get())
-		return 1;
-
-	wpa_s->binder_object_key = iface_key;
-
-	return 0;
-}
-
-int BinderManager::unregisterInterface(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s || !wpa_s->binder_object_key)
-		return 1;
-
-	const void *iface_key = wpa_s;
-	if (iface_object_map_.find(iface_key) == iface_object_map_.end())
-		return 1;
-
-	/* Delete the corresponding iface object from our map. */
-	iface_object_map_.erase(iface_key);
-	wpa_s->binder_object_key = NULL;
-	return 0;
-}
-
-int BinderManager::getIfaceBinderObjectByKey(
-    const void *iface_object_key,
-    android::sp<fi::w1::wpa_supplicant::IIface> *iface_object)
-{
-	if (!iface_object_key || !iface_object)
-		return 1;
-
-	if (iface_object_map_.find(iface_object_key) == iface_object_map_.end())
-		return 1;
-
-	*iface_object = iface_object_map_[iface_object_key];
-	return 0;
-}
-
-} /* namespace wpa_supplicant_binder */
diff --git a/wpa_supplicant/binder/binder_manager.h b/wpa_supplicant/binder/binder_manager.h
deleted file mode 100644
index d8b7dd0f8726..000000000000
--- a/wpa_supplicant/binder/binder_manager.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_SUPPLICANT_BINDER_BINDER_MANAGER_H
-#define WPA_SUPPLICANT_BINDER_BINDER_MANAGER_H
-
-#include <map>
-#include <string>
-
-#include "iface.h"
-#include "supplicant.h"
-
-struct wpa_global;
-struct wpa_supplicant;
-
-namespace wpa_supplicant_binder {
-
-/**
- * BinderManager is responsible for managing the lifetime of all
- * binder objects created by wpa_supplicant. This is a singleton
- * class which is created by the supplicant core and can be used
- * to get references to the binder objects.
- */
-class BinderManager
-{
-public:
-	static BinderManager *getInstance();
-	static void destroyInstance();
-	int registerBinderService(struct wpa_global *global);
-	int registerInterface(struct wpa_supplicant *wpa_s);
-	int unregisterInterface(struct wpa_supplicant *wpa_s);
-	int getIfaceBinderObjectByKey(
-	    const void *iface_object_key,
-	    android::sp<fi::w1::wpa_supplicant::IIface> *iface_object);
-
-private:
-	BinderManager() = default;
-	~BinderManager() = default;
-
-	/* Singleton instance of this class. */
-	static BinderManager *instance_;
-	/* The main binder service object. */
-	android::sp<Supplicant> supplicant_object_;
-	/* Map of all the interface specific binder objects controlled by
-	 * wpa_supplicant. This map is keyed in by the corresponding
-	 * wpa_supplicant structure pointer. */
-	std::map<const void *, android::sp<Iface>> iface_object_map_;
-};
-
-} /* namespace wpa_supplicant_binder */
-
-#endif /* WPA_SUPPLICANT_BINDER_BINDER_MANAGER_H */
diff --git a/wpa_supplicant/binder/fi/w1/wpa_supplicant/IIface.aidl b/wpa_supplicant/binder/fi/w1/wpa_supplicant/IIface.aidl
deleted file mode 100644
index ea11d426df1f..000000000000
--- a/wpa_supplicant/binder/fi/w1/wpa_supplicant/IIface.aidl
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package fi.w1.wpa_supplicant;
-
-/**
- * Interface exposed by wpa_supplicant for each network interface it controls.
- */
-interface IIface {
-}
diff --git a/wpa_supplicant/binder/fi/w1/wpa_supplicant/ISupplicant.aidl b/wpa_supplicant/binder/fi/w1/wpa_supplicant/ISupplicant.aidl
deleted file mode 100644
index 1cbee20a620f..000000000000
--- a/wpa_supplicant/binder/fi/w1/wpa_supplicant/ISupplicant.aidl
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * WPA Supplicant - binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package fi.w1.wpa_supplicant;
-
-import android.os.PersistableBundle;
-import fi.w1.wpa_supplicant.IIface;
-
-/**
- * Interface exposed by the wpa_supplicant binder service registered
- * with the service manager with name: fi.w1.wpa_supplicant.
- */
-interface ISupplicant {
-	/* Error values returned by the service to RPC method calls. */
-	const int ERROR_INVALID_ARGS = 1;
-	const int ERROR_UNKNOWN = 2;
-	const int ERROR_IFACE_EXISTS = 3;
-	const int ERROR_IFACE_UNKNOWN = 4;
-
-	/**
-	 * Registers a wireless interface in wpa_supplicant.
-	 *
-	 * @param args A dictionary with arguments used to add the interface to
-	 *             wpa_supplicant.
-	 * The dictionary may contain the following entries:
-	 *   Ifname(String) Name of the network interface to control, e.g.,
-	 *   wlan0.
-	 *   BridgeIfname(String) Name of the bridge interface to control, e.g.,
-	 *   br0.
-	 *   Driver(String) Driver name which the interface uses, e.g., nl80211.
-	 *   ConfigFile(String) Configuration file path.
-	 *
-	 * @return Binder object representing the interface.
-	 */
-	IIface CreateInterface(in PersistableBundle args);
-
-	/**
-	 * Deregisters a wireless interface from wpa_supplicant.
-	 *
-	 * @param ifname Name of the network interface, e.g., wlan0
-	 */
-	void RemoveInterface(in @utf8InCpp String ifname);
-
-	/**
-	 * Gets a binder object for the interface corresponding to ifname
-	 * which wpa_supplicant already controls.
-	 *
-	 * @param ifname Name of the network interface, e.g., wlan0
-	 *
-	 * @return Binder object representing the interface.
-	 */
-	IIface GetInterface(in @utf8InCpp String ifname);
-}
diff --git a/wpa_supplicant/binder/fi/w1/wpa_supplicant/ISupplicantCallbacks.aidl b/wpa_supplicant/binder/fi/w1/wpa_supplicant/ISupplicantCallbacks.aidl
deleted file mode 100644
index d624d9133603..000000000000
--- a/wpa_supplicant/binder/fi/w1/wpa_supplicant/ISupplicantCallbacks.aidl
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package fi.w1.wpa_supplicant;
-
-import android.os.PersistableBundle;
-
-/**
- * Callback Interface exposed by the wpa_supplicant service. Clients need
- * to host an instance of this binder object and pass a reference of the object
- * to wpa_supplicant via the registerCallbacksObject method.
- */
-interface ISupplicantCallbacks {
-}
diff --git a/wpa_supplicant/binder/iface.cpp b/wpa_supplicant/binder/iface.cpp
deleted file mode 100644
index c61b3b006427..000000000000
--- a/wpa_supplicant/binder/iface.cpp
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "iface.h"
-
-namespace wpa_supplicant_binder {
-
-Iface::Iface(struct wpa_supplicant *wpa_s) : wpa_s_(wpa_s) {}
-
-} /* namespace wpa_supplicant_binder */
diff --git a/wpa_supplicant/binder/iface.h b/wpa_supplicant/binder/iface.h
deleted file mode 100644
index c0ee12c65fa5..000000000000
--- a/wpa_supplicant/binder/iface.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_SUPPLICANT_BINDER_IFACE_H
-#define WPA_SUPPLICANT_BINDER_IFACE_H
-
-#include "fi/w1/wpa_supplicant/BnIface.h"
-
-extern "C" {
-#include "utils/common.h"
-#include "utils/includes.h"
-#include "../wpa_supplicant_i.h"
-}
-
-namespace wpa_supplicant_binder {
-
-/**
- * Implementation of Iface binder object. Each unique binder
- * object is used for control operations on a specific interface
- * controlled by wpa_supplicant.
- */
-class Iface : public fi::w1::wpa_supplicant::BnIface
-{
-public:
-	Iface(struct wpa_supplicant *wpa_s);
-	virtual ~Iface() = default;
-
-private:
-	/* Raw pointer to the structure maintained by the core for this
-	 * interface. */
-	struct wpa_supplicant *wpa_s_;
-};
-
-} /* namespace wpa_supplicant_binder */
-
-#endif /* WPA_SUPPLICANT_BINDER_IFACE_H */
diff --git a/wpa_supplicant/binder/supplicant.cpp b/wpa_supplicant/binder/supplicant.cpp
deleted file mode 100644
index 76569b1471fb..000000000000
--- a/wpa_supplicant/binder/supplicant.cpp
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "supplicant.h"
-#include "binder_manager.h"
-
-namespace wpa_supplicant_binder {
-
-Supplicant::Supplicant(struct wpa_global *global) : wpa_global_(global) {}
-
-android::binder::Status Supplicant::CreateInterface(
-    const android::os::PersistableBundle &params,
-    android::sp<fi::w1::wpa_supplicant::IIface> *aidl_return)
-{
-	android::String16 driver, ifname, confname, bridge_ifname;
-
-	/* Check if required Ifname argument is missing */
-	if (!params.getString(android::String16("Ifname"), &ifname))
-		return android::binder::Status::fromServiceSpecificError(
-		    ERROR_INVALID_ARGS,
-		    android::String8("Ifname missing in params."));
-	/* Retrieve the remaining params from the dictionary */
-	params.getString(android::String16("Driver"), &driver);
-	params.getString(android::String16("ConfigFile"), &confname);
-	params.getString(android::String16("BridgeIfname"), &bridge_ifname);
-
-	/*
-	 * Try to get the wpa_supplicant record for this iface, return
-	 * an error if we already control it.
-	 */
-	if (wpa_supplicant_get_iface(
-		wpa_global_, android::String8(ifname).string()) != NULL)
-		return android::binder::Status::fromServiceSpecificError(
-		    ERROR_IFACE_EXISTS,
-		    android::String8("wpa_supplicant already controls this "
-				     "interface."));
-
-	android::binder::Status status;
-	struct wpa_supplicant *wpa_s = NULL;
-	struct wpa_interface iface;
-
-	os_memset(&iface, 0, sizeof(iface));
-	iface.driver = os_strdup(android::String8(driver).string());
-	iface.ifname = os_strdup(android::String8(ifname).string());
-	iface.confname = os_strdup(android::String8(confname).string());
-	iface.bridge_ifname =
-	    os_strdup(android::String8(bridge_ifname).string());
-	/* Otherwise, have wpa_supplicant attach to it. */
-	wpa_s = wpa_supplicant_add_iface(wpa_global_, &iface, NULL);
-	/* The supplicant core creates a corresponding binder object via
-	 * BinderManager when |wpa_supplicant_add_iface| is called. */
-	if (!wpa_s || !wpa_s->binder_object_key) {
-		status = android::binder::Status::fromServiceSpecificError(
-		    ERROR_UNKNOWN,
-		    android::String8(
-			"wpa_supplicant couldn't grab this interface."));
-	} else {
-		BinderManager *binder_manager = BinderManager::getInstance();
-
-		if (!binder_manager ||
-		    binder_manager->getIfaceBinderObjectByKey(
-			wpa_s->binder_object_key, aidl_return))
-			status =
-			    android::binder::Status::fromServiceSpecificError(
-				ERROR_UNKNOWN,
-				android::String8("wpa_supplicant encountered a "
-						 "binder error."));
-		else
-			status = android::binder::Status::ok();
-	}
-	os_free((void *)iface.driver);
-	os_free((void *)iface.ifname);
-	os_free((void *)iface.confname);
-	os_free((void *)iface.bridge_ifname);
-	return status;
-}
-
-android::binder::Status Supplicant::RemoveInterface(const std::string &ifname)
-{
-	struct wpa_supplicant *wpa_s;
-
-	wpa_s = wpa_supplicant_get_iface(wpa_global_, ifname.c_str());
-	if (!wpa_s || !wpa_s->binder_object_key)
-		return android::binder::Status::fromServiceSpecificError(
-		    ERROR_IFACE_UNKNOWN,
-		    android::String8("wpa_supplicant does not control this "
-				     "interface."));
-	if (wpa_supplicant_remove_iface(wpa_global_, wpa_s, 0))
-		return android::binder::Status::fromServiceSpecificError(
-		    ERROR_UNKNOWN,
-		    android::String8(
-			"wpa_supplicant couldn't remove this interface."));
-	return android::binder::Status::ok();
-}
-
-android::binder::Status Supplicant::GetInterface(
-    const std::string &ifname,
-    android::sp<fi::w1::wpa_supplicant::IIface> *aidl_return)
-{
-	struct wpa_supplicant *wpa_s;
-
-	wpa_s = wpa_supplicant_get_iface(wpa_global_, ifname.c_str());
-	if (!wpa_s || !wpa_s->binder_object_key)
-		return android::binder::Status::fromServiceSpecificError(
-		    ERROR_IFACE_UNKNOWN,
-		    android::String8(
-			"wpa_supplicant does not control this interface."));
-
-	BinderManager *binder_manager = BinderManager::getInstance();
-	if (!binder_manager ||
-	    binder_manager->getIfaceBinderObjectByKey(
-		wpa_s->binder_object_key, aidl_return))
-		return android::binder::Status::fromServiceSpecificError(
-		    ERROR_UNKNOWN,
-		    android::String8(
-			"wpa_supplicant encountered a binder error."));
-
-	return android::binder::Status::ok();
-}
-
-} /* namespace wpa_supplicant_binder */
diff --git a/wpa_supplicant/binder/supplicant.h b/wpa_supplicant/binder/supplicant.h
deleted file mode 100644
index 136b99b14327..000000000000
--- a/wpa_supplicant/binder/supplicant.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * binder interface for wpa_supplicant daemon
- * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
- * Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_SUPPLICANT_BINDER_SUPPLICANT_H
-#define WPA_SUPPLICANT_BINDER_SUPPLICANT_H
-
-#include "fi/w1/wpa_supplicant/BnSupplicant.h"
-#include "fi/w1/wpa_supplicant/IIface.h"
-#include "fi/w1/wpa_supplicant/ISupplicantCallbacks.h"
-
-extern "C" {
-#include "utils/common.h"
-#include "utils/includes.h"
-#include "../wpa_supplicant_i.h"
-}
-
-namespace wpa_supplicant_binder {
-
-/**
- * Implementation of the supplicant binder object. This binder
- * object is used core for global control operations on
- * wpa_supplicant.
- */
-class Supplicant : public fi::w1::wpa_supplicant::BnSupplicant
-{
-public:
-	Supplicant(struct wpa_global *global);
-	virtual ~Supplicant() = default;
-
-	android::binder::Status CreateInterface(
-	    const android::os::PersistableBundle &params,
-	    android::sp<fi::w1::wpa_supplicant::IIface> *aidl_return) override;
-	android::binder::Status
-	RemoveInterface(const std::string &ifname) override;
-	android::binder::Status GetInterface(
-	    const std::string &ifname,
-	    android::sp<fi::w1::wpa_supplicant::IIface> *aidl_return) override;
-
-private:
-	/* Raw pointer to the global structure maintained by the core. */
-	struct wpa_global *wpa_global_;
-	/* All the callback objects registered by the clients. */
-	std::vector<android::sp<fi::w1::wpa_supplicant::ISupplicantCallbacks>>
-	    callbacks_;
-};
-
-} /* namespace wpa_supplicant_binder */
-
-#endif /* WPA_SUPPLICANT_BINDER_SUPPLICANT_H */
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
deleted file mode 100644
index e13783ce1995..000000000000
--- a/wpa_supplicant/bss.c
+++ /dev/null
@@ -1,1385 +0,0 @@
-/*
- * BSS table
- * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "drivers/driver.h"
-#include "eap_peer/eap.h"
-#include "wpa_supplicant_i.h"
-#include "config.h"
-#include "notify.h"
-#include "scan.h"
-#include "bss.h"
-
-static void wpa_bss_set_hessid(struct wpa_bss *bss)
-{
-#ifdef CONFIG_INTERWORKING
-	const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
-	if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
-		os_memset(bss->hessid, 0, ETH_ALEN);
-		return;
-	}
-	if (ie[1] == 7)
-		os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
-	else
-		os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
-#endif /* CONFIG_INTERWORKING */
-}
-
-
-/**
- * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
- * Returns: Allocated ANQP data structure or %NULL on failure
- *
- * The allocated ANQP data structure has its users count set to 1. It may be
- * shared by multiple BSS entries and each shared entry is freed with
- * wpa_bss_anqp_free().
- */
-struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
-{
-	struct wpa_bss_anqp *anqp;
-	anqp = os_zalloc(sizeof(*anqp));
-	if (anqp == NULL)
-		return NULL;
-#ifdef CONFIG_INTERWORKING
-	dl_list_init(&anqp->anqp_elems);
-#endif /* CONFIG_INTERWORKING */
-	anqp->users = 1;
-	return anqp;
-}
-
-
-/**
- * wpa_bss_anqp_clone - Clone an ANQP data structure
- * @anqp: ANQP data structure from wpa_bss_anqp_alloc()
- * Returns: Cloned ANQP data structure or %NULL on failure
- */
-static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
-{
-	struct wpa_bss_anqp *n;
-
-	n = os_zalloc(sizeof(*n));
-	if (n == NULL)
-		return NULL;
-
-#define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
-#ifdef CONFIG_INTERWORKING
-	dl_list_init(&n->anqp_elems);
-	ANQP_DUP(capability_list);
-	ANQP_DUP(venue_name);
-	ANQP_DUP(network_auth_type);
-	ANQP_DUP(roaming_consortium);
-	ANQP_DUP(ip_addr_type_availability);
-	ANQP_DUP(nai_realm);
-	ANQP_DUP(anqp_3gpp);
-	ANQP_DUP(domain_name);
-	ANQP_DUP(fils_realm_info);
-#endif /* CONFIG_INTERWORKING */
-#ifdef CONFIG_HS20
-	ANQP_DUP(hs20_capability_list);
-	ANQP_DUP(hs20_operator_friendly_name);
-	ANQP_DUP(hs20_wan_metrics);
-	ANQP_DUP(hs20_connection_capability);
-	ANQP_DUP(hs20_operating_class);
-	ANQP_DUP(hs20_osu_providers_list);
-	ANQP_DUP(hs20_operator_icon_metadata);
-	ANQP_DUP(hs20_osu_providers_nai_list);
-#endif /* CONFIG_HS20 */
-#undef ANQP_DUP
-
-	return n;
-}
-
-
-/**
- * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
- * @bss: BSS entry
- * Returns: 0 on success, -1 on failure
- *
- * This function ensures the specific BSS entry has an ANQP data structure that
- * is not shared with any other BSS entry.
- */
-int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
-{
-	struct wpa_bss_anqp *anqp;
-
-	if (bss->anqp && bss->anqp->users > 1) {
-		/* allocated, but shared - clone an unshared copy */
-		anqp = wpa_bss_anqp_clone(bss->anqp);
-		if (anqp == NULL)
-			return -1;
-		anqp->users = 1;
-		bss->anqp->users--;
-		bss->anqp = anqp;
-		return 0;
-	}
-
-	if (bss->anqp)
-		return 0; /* already allocated and not shared */
-
-	/* not allocated - allocate a new storage area */
-	bss->anqp = wpa_bss_anqp_alloc();
-	return bss->anqp ? 0 : -1;
-}
-
-
-/**
- * wpa_bss_anqp_free - Free an ANQP data structure
- * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
- */
-static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
-{
-#ifdef CONFIG_INTERWORKING
-	struct wpa_bss_anqp_elem *elem;
-#endif /* CONFIG_INTERWORKING */
-
-	if (anqp == NULL)
-		return;
-
-	anqp->users--;
-	if (anqp->users > 0) {
-		/* Another BSS entry holds a pointer to this ANQP info */
-		return;
-	}
-
-#ifdef CONFIG_INTERWORKING
-	wpabuf_free(anqp->capability_list);
-	wpabuf_free(anqp->venue_name);
-	wpabuf_free(anqp->network_auth_type);
-	wpabuf_free(anqp->roaming_consortium);
-	wpabuf_free(anqp->ip_addr_type_availability);
-	wpabuf_free(anqp->nai_realm);
-	wpabuf_free(anqp->anqp_3gpp);
-	wpabuf_free(anqp->domain_name);
-	wpabuf_free(anqp->fils_realm_info);
-
-	while ((elem = dl_list_first(&anqp->anqp_elems,
-				     struct wpa_bss_anqp_elem, list))) {
-		dl_list_del(&elem->list);
-		wpabuf_free(elem->payload);
-		os_free(elem);
-	}
-#endif /* CONFIG_INTERWORKING */
-#ifdef CONFIG_HS20
-	wpabuf_free(anqp->hs20_capability_list);
-	wpabuf_free(anqp->hs20_operator_friendly_name);
-	wpabuf_free(anqp->hs20_wan_metrics);
-	wpabuf_free(anqp->hs20_connection_capability);
-	wpabuf_free(anqp->hs20_operating_class);
-	wpabuf_free(anqp->hs20_osu_providers_list);
-	wpabuf_free(anqp->hs20_operator_icon_metadata);
-	wpabuf_free(anqp->hs20_osu_providers_nai_list);
-#endif /* CONFIG_HS20 */
-
-	os_free(anqp);
-}
-
-
-static void wpa_bss_update_pending_connect(struct wpa_supplicant *wpa_s,
-					   struct wpa_bss *old_bss,
-					   struct wpa_bss *new_bss)
-{
-	struct wpa_radio_work *work;
-	struct wpa_connect_work *cwork;
-
-	work = radio_work_pending(wpa_s, "sme-connect");
-	if (!work)
-		work = radio_work_pending(wpa_s, "connect");
-	if (!work)
-		return;
-
-	cwork = work->ctx;
-	if (cwork->bss != old_bss)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "Update BSS pointer for the pending connect radio work");
-	cwork->bss = new_bss;
-	if (!new_bss)
-		cwork->bss_removed = 1;
-}
-
-
-void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-		    const char *reason)
-{
-	if (wpa_s->last_scan_res) {
-		unsigned int i;
-		for (i = 0; i < wpa_s->last_scan_res_used; i++) {
-			if (wpa_s->last_scan_res[i] == bss) {
-				os_memmove(&wpa_s->last_scan_res[i],
-					   &wpa_s->last_scan_res[i + 1],
-					   (wpa_s->last_scan_res_used - i - 1)
-					   * sizeof(struct wpa_bss *));
-				wpa_s->last_scan_res_used--;
-				break;
-			}
-		}
-	}
-	wpa_bss_update_pending_connect(wpa_s, bss, NULL);
-	dl_list_del(&bss->list);
-	dl_list_del(&bss->list_id);
-	wpa_s->num_bss--;
-	wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
-		" SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
-		wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
-	wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
-	wpa_bss_anqp_free(bss->anqp);
-	os_free(bss);
-}
-
-
-/**
- * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID
- * @ssid: SSID
- * @ssid_len: Length of @ssid
- * Returns: Pointer to the BSS entry or %NULL if not found
- */
-struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			     const u8 *ssid, size_t ssid_len)
-{
-	struct wpa_bss *bss;
-	if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
-		return NULL;
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
-		    bss->ssid_len == ssid_len &&
-		    os_memcmp(bss->ssid, ssid, ssid_len) == 0)
-			return bss;
-	}
-	return NULL;
-}
-
-
-void calculate_update_time(const struct os_reltime *fetch_time,
-			   unsigned int age_ms,
-			   struct os_reltime *update_time)
-{
-	os_time_t usec;
-
-	update_time->sec = fetch_time->sec;
-	update_time->usec = fetch_time->usec;
-	update_time->sec -= age_ms / 1000;
-	usec = (age_ms % 1000) * 1000;
-	if (update_time->usec < usec) {
-		update_time->sec--;
-		update_time->usec += 1000000;
-	}
-	update_time->usec -= usec;
-}
-
-
-static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
-			     struct os_reltime *fetch_time)
-{
-	dst->flags = src->flags;
-	os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
-	dst->freq = src->freq;
-	dst->beacon_int = src->beacon_int;
-	dst->caps = src->caps;
-	dst->qual = src->qual;
-	dst->noise = src->noise;
-	dst->level = src->level;
-	dst->tsf = src->tsf;
-	dst->est_throughput = src->est_throughput;
-	dst->snr = src->snr;
-
-	calculate_update_time(fetch_time, src->age, &dst->last_update);
-}
-
-
-static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s,
-				    struct wpa_bss *bss)
-{
-#ifdef CONFIG_WPS
-	struct wpa_ssid *ssid;
-	struct wpabuf *wps_ie;
-	int pbc = 0, ret;
-
-	wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
-	if (!wps_ie)
-		return 0;
-
-	if (wps_is_selected_pbc_registrar(wps_ie)) {
-		pbc = 1;
-	} else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
-		wpabuf_free(wps_ie);
-		return 0;
-	}
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
-			continue;
-		if (ssid->ssid_len &&
-		    (ssid->ssid_len != bss->ssid_len ||
-		     os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0))
-			continue;
-
-		if (pbc)
-			ret = eap_is_wps_pbc_enrollee(&ssid->eap);
-		else
-			ret = eap_is_wps_pin_enrollee(&ssid->eap);
-		wpabuf_free(wps_ie);
-		return ret;
-	}
-	wpabuf_free(wps_ie);
-#endif /* CONFIG_WPS */
-
-	return 0;
-}
-
-
-static bool is_p2p_pending_bss(struct wpa_supplicant *wpa_s,
-			       struct wpa_bss *bss)
-{
-#ifdef CONFIG_P2P
-	u8 addr[ETH_ALEN];
-
-	if (os_memcmp(bss->bssid, wpa_s->pending_join_iface_addr,
-		      ETH_ALEN) == 0)
-		return true;
-	if (!is_zero_ether_addr(wpa_s->pending_join_dev_addr) &&
-	    p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, addr) == 0 &&
-	    os_memcmp(addr, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0)
-		return true;
-#endif /* CONFIG_P2P */
-	return false;
-}
-
-
-static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
-{
-	struct wpa_ssid *ssid;
-
-	if (is_p2p_pending_bss(wpa_s, bss))
-		return 1;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid->ssid == NULL || ssid->ssid_len == 0)
-			continue;
-		if (ssid->ssid_len == bss->ssid_len &&
-		    os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
-{
-	if (bss == wpa_s->current_bss)
-		return 1;
-
-	if (wpa_s->current_bss &&
-	    (bss->ssid_len != wpa_s->current_bss->ssid_len ||
-	     os_memcmp(bss->ssid, wpa_s->current_bss->ssid,
-		       bss->ssid_len) != 0))
-		return 0; /* SSID has changed */
-
-	return !is_zero_ether_addr(bss->bssid) &&
-		(os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
-		 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0);
-}
-
-
-static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (!wpa_bss_known(wpa_s, bss) &&
-		    !wpa_bss_is_wps_candidate(wpa_s, bss)) {
-			wpa_bss_remove(wpa_s, bss, __func__);
-			return 0;
-		}
-	}
-
-	return -1;
-}
-
-
-static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-
-	/*
-	 * Remove the oldest entry that does not match with any configured
-	 * network.
-	 */
-	if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
-		return 0;
-
-	/*
-	 * Remove the oldest entry that isn't currently in use.
-	 */
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (!wpa_bss_in_use(wpa_s, bss)) {
-			wpa_bss_remove(wpa_s, bss, __func__);
-			return 0;
-		}
-	}
-
-	return -1;
-}
-
-
-static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
-				    const u8 *ssid, size_t ssid_len,
-				    struct wpa_scan_res *res,
-				    struct os_reltime *fetch_time)
-{
-	struct wpa_bss *bss;
-	char extra[50];
-
-	bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
-	if (bss == NULL)
-		return NULL;
-	bss->id = wpa_s->bss_next_id++;
-	bss->last_update_idx = wpa_s->bss_update_idx;
-	wpa_bss_copy_res(bss, res, fetch_time);
-	os_memcpy(bss->ssid, ssid, ssid_len);
-	bss->ssid_len = ssid_len;
-	bss->ie_len = res->ie_len;
-	bss->beacon_ie_len = res->beacon_ie_len;
-	os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
-	wpa_bss_set_hessid(bss);
-
-	if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
-	    wpa_bss_remove_oldest(wpa_s) != 0) {
-		wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
-			   "because all BSSes are in use. We should normally "
-			   "not get here!", (int) wpa_s->num_bss + 1);
-		wpa_s->conf->bss_max_count = wpa_s->num_bss + 1;
-	}
-
-	dl_list_add_tail(&wpa_s->bss, &bss->list);
-	dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
-	wpa_s->num_bss++;
-	if (!is_zero_ether_addr(bss->hessid))
-		os_snprintf(extra, sizeof(extra), " HESSID " MACSTR,
-			    MAC2STR(bss->hessid));
-	else
-		extra[0] = '\0';
-	wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
-		" SSID '%s' freq %d%s",
-		bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
-		bss->freq, extra);
-	wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
-	return bss;
-}
-
-
-static int are_ies_equal(const struct wpa_bss *old,
-			 const struct wpa_scan_res *new_res, u32 ie)
-{
-	const u8 *old_ie, *new_ie;
-	struct wpabuf *old_ie_buff = NULL;
-	struct wpabuf *new_ie_buff = NULL;
-	int new_ie_len, old_ie_len, ret, is_multi;
-
-	switch (ie) {
-	case WPA_IE_VENDOR_TYPE:
-		old_ie = wpa_bss_get_vendor_ie(old, ie);
-		new_ie = wpa_scan_get_vendor_ie(new_res, ie);
-		is_multi = 0;
-		break;
-	case WPS_IE_VENDOR_TYPE:
-		old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
-		new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie);
-		is_multi = 1;
-		break;
-	case WLAN_EID_RSN:
-	case WLAN_EID_SUPP_RATES:
-	case WLAN_EID_EXT_SUPP_RATES:
-		old_ie = wpa_bss_get_ie(old, ie);
-		new_ie = wpa_scan_get_ie(new_res, ie);
-		is_multi = 0;
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
-		return 0;
-	}
-
-	if (is_multi) {
-		/* in case of multiple IEs stored in buffer */
-		old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
-		new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
-		old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
-		new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
-	} else {
-		/* in case of single IE */
-		old_ie_len = old_ie ? old_ie[1] + 2 : 0;
-		new_ie_len = new_ie ? new_ie[1] + 2 : 0;
-	}
-
-	if (!old_ie || !new_ie)
-		ret = !old_ie && !new_ie;
-	else
-		ret = (old_ie_len == new_ie_len &&
-		       os_memcmp(old_ie, new_ie, old_ie_len) == 0);
-
-	wpabuf_free(old_ie_buff);
-	wpabuf_free(new_ie_buff);
-
-	return ret;
-}
-
-
-static u32 wpa_bss_compare_res(const struct wpa_bss *old,
-			       const struct wpa_scan_res *new_res)
-{
-	u32 changes = 0;
-	int caps_diff = old->caps ^ new_res->caps;
-
-	if (old->freq != new_res->freq)
-		changes |= WPA_BSS_FREQ_CHANGED_FLAG;
-
-	if (old->level != new_res->level)
-		changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
-
-	if (caps_diff & IEEE80211_CAP_PRIVACY)
-		changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
-
-	if (caps_diff & IEEE80211_CAP_IBSS)
-		changes |= WPA_BSS_MODE_CHANGED_FLAG;
-
-	if (old->ie_len == new_res->ie_len &&
-	    os_memcmp(wpa_bss_ie_ptr(old), new_res + 1, old->ie_len) == 0)
-		return changes;
-	changes |= WPA_BSS_IES_CHANGED_FLAG;
-
-	if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE))
-		changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
-
-	if (!are_ies_equal(old, new_res, WLAN_EID_RSN))
-		changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
-
-	if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE))
-		changes |= WPA_BSS_WPS_CHANGED_FLAG;
-
-	if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) ||
-	    !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES))
-		changes |= WPA_BSS_RATES_CHANGED_FLAG;
-
-	return changes;
-}
-
-
-void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
-			const struct wpa_bss *bss)
-{
-	if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
-		wpas_notify_bss_freq_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
-		wpas_notify_bss_signal_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
-		wpas_notify_bss_privacy_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_MODE_CHANGED_FLAG)
-		wpas_notify_bss_mode_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
-		wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
-		wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_WPS_CHANGED_FLAG)
-		wpas_notify_bss_wps_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_IES_CHANGED_FLAG)
-		wpas_notify_bss_ies_changed(wpa_s, bss->id);
-
-	if (changes & WPA_BSS_RATES_CHANGED_FLAG)
-		wpas_notify_bss_rates_changed(wpa_s, bss->id);
-
-	wpas_notify_bss_seen(wpa_s, bss->id);
-}
-
-
-static struct wpa_bss *
-wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-	       struct wpa_scan_res *res, struct os_reltime *fetch_time)
-{
-	u32 changes;
-
-	if (bss->last_update_idx == wpa_s->bss_update_idx) {
-		struct os_reltime update_time;
-
-		/*
-		 * Some drivers (e.g., cfg80211) include multiple BSS entries
-		 * for the same BSS if that BSS's channel changes. The BSS list
-		 * implementation in wpa_supplicant does not do that and we need
-		 * to filter out the obsolete results here to make sure only the
-		 * most current BSS information remains in the table.
-		 */
-		wpa_printf(MSG_DEBUG, "BSS: " MACSTR
-			   " has multiple entries in the scan results - select the most current one",
-			   MAC2STR(bss->bssid));
-		calculate_update_time(fetch_time, res->age, &update_time);
-		wpa_printf(MSG_DEBUG,
-			   "Previous last_update: %u.%06u (freq %d%s)",
-			   (unsigned int) bss->last_update.sec,
-			   (unsigned int) bss->last_update.usec,
-			   bss->freq,
-			   (bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : "");
-		wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)",
-			   (unsigned int) update_time.sec,
-			   (unsigned int) update_time.usec,
-			   res->freq,
-			   (res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : "");
-		if ((bss->flags & WPA_BSS_ASSOCIATED) ||
-		    (!(res->flags & WPA_SCAN_ASSOCIATED) &&
-		     !os_reltime_before(&bss->last_update, &update_time))) {
-			wpa_printf(MSG_DEBUG,
-				   "Ignore this BSS entry since the previous update looks more current");
-			return bss;
-		}
-		wpa_printf(MSG_DEBUG,
-			   "Accept this BSS entry since it looks more current than the previous update");
-	}
-
-	changes = wpa_bss_compare_res(bss, res);
-	if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
-		wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d",
-			   MAC2STR(bss->bssid), bss->freq, res->freq);
-	bss->scan_miss_count = 0;
-	bss->last_update_idx = wpa_s->bss_update_idx;
-	wpa_bss_copy_res(bss, res, fetch_time);
-	/* Move the entry to the end of the list */
-	dl_list_del(&bss->list);
-#ifdef CONFIG_P2P
-	if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
-	    !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) {
-		/*
-		 * This can happen when non-P2P station interface runs a scan
-		 * without P2P IE in the Probe Request frame. P2P GO would reply
-		 * to that with a Probe Response that does not include P2P IE.
-		 * Do not update the IEs in this BSS entry to avoid such loss of
-		 * information that may be needed for P2P operations to
-		 * determine group information.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for "
-			MACSTR " since that would remove P2P IE information",
-			MAC2STR(bss->bssid));
-	} else
-#endif /* CONFIG_P2P */
-	if (bss->ie_len + bss->beacon_ie_len >=
-	    res->ie_len + res->beacon_ie_len) {
-		os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
-		bss->ie_len = res->ie_len;
-		bss->beacon_ie_len = res->beacon_ie_len;
-	} else {
-		struct wpa_bss *nbss;
-		struct dl_list *prev = bss->list_id.prev;
-		dl_list_del(&bss->list_id);
-		nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
-				  res->beacon_ie_len);
-		if (nbss) {
-			unsigned int i;
-			for (i = 0; i < wpa_s->last_scan_res_used; i++) {
-				if (wpa_s->last_scan_res[i] == bss) {
-					wpa_s->last_scan_res[i] = nbss;
-					break;
-				}
-			}
-			if (wpa_s->current_bss == bss)
-				wpa_s->current_bss = nbss;
-			wpa_bss_update_pending_connect(wpa_s, bss, nbss);
-			bss = nbss;
-			os_memcpy(bss->ies, res + 1,
-				  res->ie_len + res->beacon_ie_len);
-			bss->ie_len = res->ie_len;
-			bss->beacon_ie_len = res->beacon_ie_len;
-		}
-		dl_list_add(prev, &bss->list_id);
-	}
-	if (changes & WPA_BSS_IES_CHANGED_FLAG)
-		wpa_bss_set_hessid(bss);
-	dl_list_add_tail(&wpa_s->bss, &bss->list);
-
-	notify_bss_changes(wpa_s, changes, bss);
-
-	return bss;
-}
-
-
-/**
- * wpa_bss_update_start - Start a BSS table update from scan results
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is called at the start of each BSS table update round for new
- * scan results. The actual scan result entries are indicated with calls to
- * wpa_bss_update_scan_res() and the update round is finished with a call to
- * wpa_bss_update_end().
- */
-void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->bss_update_idx++;
-	wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
-		wpa_s->bss_update_idx);
-	wpa_s->last_scan_res_used = 0;
-}
-
-
-/**
- * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
- * @wpa_s: Pointer to wpa_supplicant data
- * @res: Scan result
- * @fetch_time: Time when the result was fetched from the driver
- *
- * This function updates a BSS table entry (or adds one) based on a scan result.
- * This is called separately for each scan result between the calls to
- * wpa_bss_update_start() and wpa_bss_update_end().
- */
-void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
-			     struct wpa_scan_res *res,
-			     struct os_reltime *fetch_time)
-{
-	const u8 *ssid, *p2p, *mesh;
-	struct wpa_bss *bss;
-
-	if (wpa_s->conf->ignore_old_scan_res) {
-		struct os_reltime update;
-		calculate_update_time(fetch_time, res->age, &update);
-		if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) {
-			struct os_reltime age;
-			os_reltime_sub(&wpa_s->scan_trigger_time, &update,
-				       &age);
-			wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
-				"table entry that is %u.%06u seconds older "
-				"than our scan trigger",
-				(unsigned int) age.sec,
-				(unsigned int) age.usec);
-			return;
-		}
-	}
-
-	ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
-	if (ssid == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
-			MACSTR, MAC2STR(res->bssid));
-		return;
-	}
-	if (ssid[1] > SSID_MAX_LEN) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
-			MACSTR, MAC2STR(res->bssid));
-		return;
-	}
-
-	p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
-#ifdef CONFIG_P2P
-	if (p2p == NULL &&
-	    wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
-		/*
-		 * If it's a P2P specific interface, then don't update
-		 * the scan result without a P2P IE.
-		 */
-		wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
-			   " update for P2P interface", MAC2STR(res->bssid));
-		return;
-	}
-#endif /* CONFIG_P2P */
-	if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
-	    os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
-		return; /* Skip P2P listen discovery results here */
-
-	/* TODO: add option for ignoring BSSes we are not interested in
-	 * (to save memory) */
-
-	mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID);
-	if (mesh && mesh[1] <= SSID_MAX_LEN)
-		ssid = mesh;
-
-	bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
-	if (bss == NULL)
-		bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
-	else {
-		bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
-		if (wpa_s->last_scan_res) {
-			unsigned int i;
-			for (i = 0; i < wpa_s->last_scan_res_used; i++) {
-				if (bss == wpa_s->last_scan_res[i]) {
-					/* Already in the list */
-					return;
-				}
-			}
-		}
-	}
-
-	if (bss == NULL)
-		return;
-	if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
-		struct wpa_bss **n;
-		unsigned int siz;
-		if (wpa_s->last_scan_res_size == 0)
-			siz = 32;
-		else
-			siz = wpa_s->last_scan_res_size * 2;
-		n = os_realloc_array(wpa_s->last_scan_res, siz,
-				     sizeof(struct wpa_bss *));
-		if (n == NULL)
-			return;
-		wpa_s->last_scan_res = n;
-		wpa_s->last_scan_res_size = siz;
-	}
-
-	if (wpa_s->last_scan_res)
-		wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
-}
-
-
-static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
-				    const struct scan_info *info)
-{
-	int found;
-	size_t i;
-
-	if (info == NULL)
-		return 1;
-
-	if (info->num_freqs) {
-		found = 0;
-		for (i = 0; i < info->num_freqs; i++) {
-			if (bss->freq == info->freqs[i]) {
-				found = 1;
-				break;
-			}
-		}
-		if (!found)
-			return 0;
-	}
-
-	if (info->num_ssids) {
-		found = 0;
-		for (i = 0; i < info->num_ssids; i++) {
-			const struct wpa_driver_scan_ssid *s = &info->ssids[i];
-			if ((s->ssid == NULL || s->ssid_len == 0) ||
-			    (s->ssid_len == bss->ssid_len &&
-			     os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
-			     0)) {
-				found = 1;
-				break;
-			}
-		}
-		if (!found)
-			return 0;
-	}
-
-	return 1;
-}
-
-
-/**
- * wpa_bss_update_end - End a BSS table update from scan results
- * @wpa_s: Pointer to wpa_supplicant data
- * @info: Information about scan parameters
- * @new_scan: Whether this update round was based on a new scan
- *
- * This function is called at the end of each BSS table update round for new
- * scan results. The start of the update was indicated with a call to
- * wpa_bss_update_start().
- */
-void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
-			int new_scan)
-{
-	struct wpa_bss *bss, *n;
-
-	os_get_reltime(&wpa_s->last_scan);
-	if ((info && info->aborted) || !new_scan)
-		return; /* do not expire entries without new scan */
-
-	dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
-		if (wpa_bss_in_use(wpa_s, bss))
-			continue;
-		if (!wpa_bss_included_in_scan(bss, info))
-			continue; /* expire only BSSes that were scanned */
-		if (bss->last_update_idx < wpa_s->bss_update_idx)
-			bss->scan_miss_count++;
-		if (bss->scan_miss_count >=
-		    wpa_s->conf->bss_expiration_scan_count) {
-			wpa_bss_remove(wpa_s, bss, "no match in scan");
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%zu/%zu",
-		   wpa_s->last_scan_res_used, wpa_s->last_scan_res_size);
-}
-
-
-/**
- * wpa_bss_flush_by_age - Flush old BSS entries
- * @wpa_s: Pointer to wpa_supplicant data
- * @age: Maximum entry age in seconds
- *
- * Remove BSS entries that have not been updated during the last @age seconds.
- */
-void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
-{
-	struct wpa_bss *bss, *n;
-	struct os_reltime t;
-
-	if (dl_list_empty(&wpa_s->bss))
-		return;
-
-	os_get_reltime(&t);
-	t.sec -= age;
-
-	dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
-		if (wpa_bss_in_use(wpa_s, bss))
-			continue;
-
-		if (os_reltime_before(&bss->last_update, &t)) {
-			wpa_bss_remove(wpa_s, bss, __func__);
-		} else
-			break;
-	}
-}
-
-
-/**
- * wpa_bss_init - Initialize BSS table
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 on success, -1 on failure
- *
- * This prepares BSS table lists and timer for periodic updates. The BSS table
- * is deinitialized with wpa_bss_deinit() once not needed anymore.
- */
-int wpa_bss_init(struct wpa_supplicant *wpa_s)
-{
-	dl_list_init(&wpa_s->bss);
-	dl_list_init(&wpa_s->bss_id);
-	return 0;
-}
-
-
-/**
- * wpa_bss_flush - Flush all unused BSS entries
- * @wpa_s: Pointer to wpa_supplicant data
- */
-void wpa_bss_flush(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss, *n;
-
-	wpa_s->clear_driver_scan_cache = 1;
-
-	if (wpa_s->bss.next == NULL)
-		return; /* BSS table not yet initialized */
-
-	dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
-		if (wpa_bss_in_use(wpa_s, bss))
-			continue;
-		wpa_bss_remove(wpa_s, bss, __func__);
-	}
-}
-
-
-/**
- * wpa_bss_deinit - Deinitialize BSS table
- * @wpa_s: Pointer to wpa_supplicant data
- */
-void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
-{
-	wpa_bss_flush(wpa_s);
-}
-
-
-/**
- * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID
- * Returns: Pointer to the BSS entry or %NULL if not found
- */
-struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
-				   const u8 *bssid)
-{
-	struct wpa_bss *bss;
-	if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
-		return NULL;
-	dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
-			return bss;
-	}
-	return NULL;
-}
-
-
-/**
- * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID
- * Returns: Pointer to the BSS entry or %NULL if not found
- *
- * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
- * find the entry that has the most recent update. This can help in finding the
- * correct entry in cases where the SSID of the AP may have changed recently
- * (e.g., in WPS reconfiguration cases).
- */
-struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
-					  const u8 *bssid)
-{
-	struct wpa_bss *bss, *found = NULL;
-	if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
-		return NULL;
-	dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
-			continue;
-		if (found == NULL ||
-		    os_reltime_before(&found->last_update, &bss->last_update))
-			found = bss;
-	}
-	return found;
-}
-
-
-#ifdef CONFIG_P2P
-/**
- * wpa_bss_get_p2p_dev_addr - Fetch the latest BSS table entry based on P2P Device Addr
- * @wpa_s: Pointer to wpa_supplicant data
- * @dev_addr: P2P Device Address of the GO
- * Returns: Pointer to the BSS entry or %NULL if not found
- *
- * This function tries to find the entry that has the most recent update. This
- * can help in finding the correct entry in cases where the SSID of the P2P
- * Device may have changed recently.
- */
-struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
-					  const u8 *dev_addr)
-{
-	struct wpa_bss *bss, *found = NULL;
-	dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
-		u8 addr[ETH_ALEN];
-		if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len,
-				       addr) != 0 ||
-		    os_memcmp(addr, dev_addr, ETH_ALEN) != 0)
-			continue;
-		if (!found ||
-		    os_reltime_before(&found->last_update, &bss->last_update))
-			found = bss;
-	}
-	return found;
-}
-#endif /* CONFIG_P2P */
-
-
-/**
- * wpa_bss_get_id - Fetch a BSS table entry based on identifier
- * @wpa_s: Pointer to wpa_supplicant data
- * @id: Unique identifier (struct wpa_bss::id) assigned for the entry
- * Returns: Pointer to the BSS entry or %NULL if not found
- */
-struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
-{
-	struct wpa_bss *bss;
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (bss->id == id)
-			return bss;
-	}
-	return NULL;
-}
-
-
-/**
- * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
- * @wpa_s: Pointer to wpa_supplicant data
- * @idf: Smallest allowed identifier assigned for the entry
- * @idf: Largest allowed identifier assigned for the entry
- * Returns: Pointer to the BSS entry or %NULL if not found
- *
- * This function is similar to wpa_bss_get_id() but allows a BSS entry with the
- * smallest id value to be fetched within the specified range without the
- * caller having to know the exact id.
- */
-struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
-				      unsigned int idf, unsigned int idl)
-{
-	struct wpa_bss *bss;
-	dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
-		if (bss->id >= idf && bss->id <= idl)
-			return bss;
-	}
-	return NULL;
-}
-
-
-/**
- * wpa_bss_get_ie - Fetch a specified information element from a BSS entry
- * @bss: BSS table entry
- * @ie: Information element identitifier (WLAN_EID_*)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the BSS
- * entry.
- */
-const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
-{
-	return get_ie(wpa_bss_ie_ptr(bss), bss->ie_len, ie);
-}
-
-
-/**
- * wpa_bss_get_ie_ext - Fetch a specified extended IE from a BSS entry
- * @bss: BSS table entry
- * @ext: Information element extension identifier (WLAN_EID_EXT_*)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the BSS
- * entry.
- */
-const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext)
-{
-	return get_ie_ext(wpa_bss_ie_ptr(bss), bss->ie_len, ext);
-}
-
-
-/**
- * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
- * @bss: BSS table entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the BSS
- * entry.
- */
-const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
-{
-	const u8 *ies;
-	const struct element *elem;
-
-	ies = wpa_bss_ie_ptr(bss);
-
-	for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, bss->ie_len) {
-		if (elem->datalen >= 4 &&
-		    vendor_type == WPA_GET_BE32(elem->data))
-			return &elem->id;
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
- * @bss: BSS table entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the BSS
- * entry.
- *
- * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only
- * from Beacon frames instead of either Beacon or Probe Response frames.
- */
-const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
-					u32 vendor_type)
-{
-	const u8 *ies;
-	const struct element *elem;
-
-	if (bss->beacon_ie_len == 0)
-		return NULL;
-
-	ies = wpa_bss_ie_ptr(bss);
-	ies += bss->ie_len;
-
-	for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies,
-			    bss->beacon_ie_len) {
-		if (elem->datalen >= 4 &&
-		    vendor_type == WPA_GET_BE32(elem->data))
-			return &elem->id;
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
- * @bss: BSS table entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element payload or %NULL if not found
- *
- * This function returns concatenated payload of possibly fragmented vendor
- * specific information elements in the BSS entry. The caller is responsible for
- * freeing the returned buffer.
- */
-struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
-					    u32 vendor_type)
-{
-	struct wpabuf *buf;
-	const u8 *end, *pos;
-
-	buf = wpabuf_alloc(bss->ie_len);
-	if (buf == NULL)
-		return NULL;
-
-	pos = wpa_bss_ie_ptr(bss);
-	end = pos + bss->ie_len;
-
-	while (end - pos > 1) {
-		u8 ie, len;
-
-		ie = pos[0];
-		len = pos[1];
-		if (len > end - pos - 2)
-			break;
-		pos += 2;
-		if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
-		    vendor_type == WPA_GET_BE32(pos))
-			wpabuf_put_data(buf, pos + 4, len - 4);
-		pos += len;
-	}
-
-	if (wpabuf_len(buf) == 0) {
-		wpabuf_free(buf);
-		buf = NULL;
-	}
-
-	return buf;
-}
-
-
-/**
- * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
- * @bss: BSS table entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element payload or %NULL if not found
- *
- * This function returns concatenated payload of possibly fragmented vendor
- * specific information elements in the BSS entry. The caller is responsible for
- * freeing the returned buffer.
- *
- * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
- * from Beacon frames instead of either Beacon or Probe Response frames.
- */
-struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
-						   u32 vendor_type)
-{
-	struct wpabuf *buf;
-	const u8 *end, *pos;
-
-	buf = wpabuf_alloc(bss->beacon_ie_len);
-	if (buf == NULL)
-		return NULL;
-
-	pos = wpa_bss_ie_ptr(bss);
-	pos += bss->ie_len;
-	end = pos + bss->beacon_ie_len;
-
-	while (end - pos > 1) {
-		if (2 + pos[1] > end - pos)
-			break;
-		if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
-		    vendor_type == WPA_GET_BE32(&pos[2]))
-			wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
-		pos += 2 + pos[1];
-	}
-
-	if (wpabuf_len(buf) == 0) {
-		wpabuf_free(buf);
-		buf = NULL;
-	}
-
-	return buf;
-}
-
-
-/**
- * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
- * @bss: BSS table entry
- * Returns: Maximum legacy rate in units of 500 kbps
- */
-int wpa_bss_get_max_rate(const struct wpa_bss *bss)
-{
-	int rate = 0;
-	const u8 *ie;
-	int i;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
-	for (i = 0; ie && i < ie[1]; i++) {
-		if ((ie[i + 2] & 0x7f) > rate)
-			rate = ie[i + 2] & 0x7f;
-	}
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
-	for (i = 0; ie && i < ie[1]; i++) {
-		if ((ie[i + 2] & 0x7f) > rate)
-			rate = ie[i + 2] & 0x7f;
-	}
-
-	return rate;
-}
-
-
-/**
- * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
- * @bss: BSS table entry
- * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
- * Returns: number of legacy TX rates or -1 on failure
- *
- * The caller is responsible for freeing the returned buffer with os_free() in
- * case of success.
- */
-int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
-{
-	const u8 *ie, *ie2;
-	int i, j;
-	unsigned int len;
-	u8 *r;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
-	ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
-
-	len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
-
-	r = os_malloc(len);
-	if (!r)
-		return -1;
-
-	for (i = 0; ie && i < ie[1]; i++)
-		r[i] = ie[i + 2] & 0x7f;
-
-	for (j = 0; ie2 && j < ie2[1]; j++)
-		r[i + j] = ie2[j + 2] & 0x7f;
-
-	*rates = r;
-	return len;
-}
-
-
-#ifdef CONFIG_FILS
-const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss)
-{
-	const u8 *ie;
-
-	if (bss) {
-		ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
-		if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7))
-			return ie + 4;
-	}
-
-	return NULL;
-}
-#endif /* CONFIG_FILS */
-
-
-int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab)
-{
-	if (!bss)
-		return 0;
-	return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB),
-				    capab);
-}
diff --git a/wpa_supplicant/bss.h b/wpa_supplicant/bss.h
deleted file mode 100644
index 4078b9b9d0a4..000000000000
--- a/wpa_supplicant/bss.h
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * BSS table
- * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef BSS_H
-#define BSS_H
-
-struct wpa_scan_res;
-
-#define WPA_BSS_QUAL_INVALID		BIT(0)
-#define WPA_BSS_NOISE_INVALID		BIT(1)
-#define WPA_BSS_LEVEL_INVALID		BIT(2)
-#define WPA_BSS_LEVEL_DBM		BIT(3)
-#define WPA_BSS_AUTHENTICATED		BIT(4)
-#define WPA_BSS_ASSOCIATED		BIT(5)
-#define WPA_BSS_ANQP_FETCH_TRIED	BIT(6)
-#define WPA_BSS_OWE_TRANSITION		BIT(7)
-
-#define WPA_BSS_FREQ_CHANGED_FLAG	BIT(0)
-#define WPA_BSS_SIGNAL_CHANGED_FLAG	BIT(1)
-#define WPA_BSS_PRIVACY_CHANGED_FLAG	BIT(2)
-#define WPA_BSS_MODE_CHANGED_FLAG	BIT(3)
-#define WPA_BSS_WPAIE_CHANGED_FLAG	BIT(4)
-#define WPA_BSS_RSNIE_CHANGED_FLAG	BIT(5)
-#define WPA_BSS_WPS_CHANGED_FLAG	BIT(6)
-#define WPA_BSS_RATES_CHANGED_FLAG	BIT(7)
-#define WPA_BSS_IES_CHANGED_FLAG	BIT(8)
-
-struct wpa_bss_anqp_elem {
-	struct dl_list list;
-	u16 infoid;
-	bool protected_response; /* received in a protected GAS response */
-	struct wpabuf *payload;
-};
-
-/**
- * struct wpa_bss_anqp - ANQP data for a BSS entry (struct wpa_bss)
- */
-struct wpa_bss_anqp {
-	/** Number of BSS entries referring to this ANQP data instance */
-	unsigned int users;
-#ifdef CONFIG_INTERWORKING
-	struct wpabuf *capability_list;
-	struct wpabuf *venue_name;
-	struct wpabuf *network_auth_type;
-	struct wpabuf *roaming_consortium;
-	struct wpabuf *ip_addr_type_availability;
-	struct wpabuf *nai_realm;
-	struct wpabuf *anqp_3gpp;
-	struct wpabuf *domain_name;
-	struct wpabuf *fils_realm_info;
-	struct dl_list anqp_elems; /* list of struct wpa_bss_anqp_elem */
-#endif /* CONFIG_INTERWORKING */
-#ifdef CONFIG_HS20
-	struct wpabuf *hs20_capability_list;
-	struct wpabuf *hs20_operator_friendly_name;
-	struct wpabuf *hs20_wan_metrics;
-	struct wpabuf *hs20_connection_capability;
-	struct wpabuf *hs20_operating_class;
-	struct wpabuf *hs20_osu_providers_list;
-	struct wpabuf *hs20_operator_icon_metadata;
-	struct wpabuf *hs20_osu_providers_nai_list;
-#endif /* CONFIG_HS20 */
-};
-
-/**
- * struct wpa_bss - BSS table
- *
- * This structure is used to store information about neighboring BSSes in
- * generic format. It is mainly updated based on scan results from the driver.
- */
-struct wpa_bss {
-	/** List entry for struct wpa_supplicant::bss */
-	struct dl_list list;
-	/** List entry for struct wpa_supplicant::bss_id */
-	struct dl_list list_id;
-	/** Unique identifier for this BSS entry */
-	unsigned int id;
-	/** Number of counts without seeing this BSS */
-	unsigned int scan_miss_count;
-	/** Index of the last scan update */
-	unsigned int last_update_idx;
-	/** Information flags about the BSS/IBSS (WPA_BSS_*) */
-	unsigned int flags;
-	/** BSSID */
-	u8 bssid[ETH_ALEN];
-	/** HESSID */
-	u8 hessid[ETH_ALEN];
-	/** SSID */
-	u8 ssid[SSID_MAX_LEN];
-	/** Length of SSID */
-	size_t ssid_len;
-	/** Frequency of the channel in MHz (e.g., 2412 = channel 1) */
-	int freq;
-	/** Beacon interval in TUs (host byte order) */
-	u16 beacon_int;
-	/** Capability information field in host byte order */
-	u16 caps;
-	/** Signal quality */
-	int qual;
-	/** Noise level */
-	int noise;
-	/** Signal level */
-	int level;
-	/** Timestamp of last Beacon/Probe Response frame */
-	u64 tsf;
-	/** Time of the last update (i.e., Beacon or Probe Response RX) */
-	struct os_reltime last_update;
-	/** Estimated throughput in kbps */
-	unsigned int est_throughput;
-	/** Signal-to-noise ratio in dB */
-	int snr;
-	/** ANQP data */
-	struct wpa_bss_anqp *anqp;
-	/** Length of the following IE field in octets (from Probe Response) */
-	size_t ie_len;
-	/** Length of the following Beacon IE field in octets */
-	size_t beacon_ie_len;
-	/* followed by ie_len octets of IEs */
-	/* followed by beacon_ie_len octets of IEs */
-	u8 ies[];
-};
-
-static inline const u8 * wpa_bss_ie_ptr(const struct wpa_bss *bss)
-{
-	return bss->ies;
-}
-
-void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
-			const struct wpa_bss *bss);
-void wpa_bss_update_start(struct wpa_supplicant *wpa_s);
-void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
-			     struct wpa_scan_res *res,
-			     struct os_reltime *fetch_time);
-void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-		    const char *reason);
-void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
-			int new_scan);
-int wpa_bss_init(struct wpa_supplicant *wpa_s);
-void wpa_bss_deinit(struct wpa_supplicant *wpa_s);
-void wpa_bss_flush(struct wpa_supplicant *wpa_s);
-void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age);
-struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			     const u8 *ssid, size_t ssid_len);
-struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
-				   const u8 *bssid);
-struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
-					  const u8 *bssid);
-struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
-					  const u8 *dev_addr);
-struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id);
-struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
-				      unsigned int idf, unsigned int idl);
-const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie);
-const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext);
-const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type);
-const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
-					u32 vendor_type);
-struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
-					    u32 vendor_type);
-struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
-						   u32 vendor_type);
-int wpa_bss_get_max_rate(const struct wpa_bss *bss);
-int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates);
-struct wpa_bss_anqp * wpa_bss_anqp_alloc(void);
-int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss);
-const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss);
-int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab);
-
-static inline int bss_is_dmg(const struct wpa_bss *bss)
-{
-	return bss->freq > 45000;
-}
-
-/**
- * Test whether a BSS is a PBSS.
- * This checks whether a BSS is a DMG-band PBSS. PBSS is used for P2P DMG
- * network.
- */
-static inline int bss_is_pbss(struct wpa_bss *bss)
-{
-	return bss_is_dmg(bss) &&
-		(bss->caps & IEEE80211_CAP_DMG_MASK) == IEEE80211_CAP_DMG_PBSS;
-}
-
-static inline void wpa_bss_update_level(struct wpa_bss *bss, int new_level)
-{
-	if (bss != NULL && new_level > -WPA_INVALID_NOISE && new_level < 0)
-		bss->level = new_level;
-}
-
-void calculate_update_time(const struct os_reltime *fetch_time,
-			   unsigned int age_ms,
-			   struct os_reltime *update_time);
-
-#endif /* BSS_H */
diff --git a/wpa_supplicant/bssid_ignore.c b/wpa_supplicant/bssid_ignore.c
deleted file mode 100644
index e37857798a02..000000000000
--- a/wpa_supplicant/bssid_ignore.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * wpa_supplicant - List of temporarily ignored BSSIDs
- * Copyright (c) 2003-2021, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-#include "bssid_ignore.h"
-
-/**
- * wpa_bssid_ignore_get - Get the ignore list entry for a BSSID
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID
- * Returns: Matching entry for the BSSID or %NULL if not found
- */
-struct wpa_bssid_ignore * wpa_bssid_ignore_get(struct wpa_supplicant *wpa_s,
-					       const u8 *bssid)
-{
-	struct wpa_bssid_ignore *e;
-
-	if (wpa_s == NULL || bssid == NULL)
-		return NULL;
-
-	if (wpa_s->current_ssid &&
-	    wpa_s->current_ssid->was_recently_reconfigured) {
-		wpa_bssid_ignore_clear(wpa_s);
-		wpa_s->current_ssid->was_recently_reconfigured = false;
-		return NULL;
-	}
-
-	wpa_bssid_ignore_update(wpa_s);
-
-	e = wpa_s->bssid_ignore;
-	while (e) {
-		if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
-			return e;
-		e = e->next;
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_bssid_ignore_add - Add an BSSID to the ignore list
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID to be added to the ignore list
- * Returns: Current ignore list count on success, -1 on failure
- *
- * This function adds the specified BSSID to the ignore list or increases the
- * ignore count if the BSSID was already listed. It should be called when
- * an association attempt fails either due to the selected BSS rejecting
- * association or due to timeout.
- *
- * This ignore list is used to force %wpa_supplicant to go through all available
- * BSSes before retrying to associate with an BSS that rejected or timed out
- * association. It does not prevent the listed BSS from being used; it only
- * changes the order in which they are tried.
- */
-int wpa_bssid_ignore_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	struct wpa_bssid_ignore *e;
-	struct os_reltime now;
-
-	if (wpa_s == NULL || bssid == NULL)
-		return -1;
-
-	e = wpa_bssid_ignore_get(wpa_s, bssid);
-	os_get_reltime(&now);
-	if (e) {
-		e->start = now;
-		e->count++;
-		if (e->count > 5)
-			e->timeout_secs = 1800;
-		else if (e->count == 5)
-			e->timeout_secs = 600;
-		else if (e->count == 4)
-			e->timeout_secs = 120;
-		else if (e->count == 3)
-			e->timeout_secs = 60;
-		else
-			e->timeout_secs = 10;
-		wpa_printf(MSG_INFO, "BSSID " MACSTR
-			   " ignore list count incremented to %d, ignoring for %d seconds",
-			   MAC2STR(bssid), e->count, e->timeout_secs);
-		return e->count;
-	}
-
-	e = os_zalloc(sizeof(*e));
-	if (e == NULL)
-		return -1;
-	os_memcpy(e->bssid, bssid, ETH_ALEN);
-	e->count = 1;
-	e->timeout_secs = 10;
-	e->start = now;
-	e->next = wpa_s->bssid_ignore;
-	wpa_s->bssid_ignore = e;
-	wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR
-		   " into ignore list, ignoring for %d seconds",
-		   MAC2STR(bssid), e->timeout_secs);
-
-	return e->count;
-}
-
-
-/**
- * wpa_bssid_ignore_del - Remove an BSSID from the ignore list
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID to be removed from the ignore list
- * Returns: 0 on success, -1 on failure
- */
-int wpa_bssid_ignore_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	struct wpa_bssid_ignore *e, *prev = NULL;
-
-	if (wpa_s == NULL || bssid == NULL)
-		return -1;
-
-	e = wpa_s->bssid_ignore;
-	while (e) {
-		if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
-			if (prev == NULL) {
-				wpa_s->bssid_ignore = e->next;
-			} else {
-				prev->next = e->next;
-			}
-			wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR
-				   " from ignore list", MAC2STR(bssid));
-			os_free(e);
-			return 0;
-		}
-		prev = e;
-		e = e->next;
-	}
-	return -1;
-}
-
-
-/**
- * wpa_bssid_ignore_is_listed - Check whether a BSSID is ignored temporarily
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID to be checked
- * Returns: count if BSS is currently considered to be ignored, 0 otherwise
- */
-int wpa_bssid_ignore_is_listed(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	struct wpa_bssid_ignore *e;
-	struct os_reltime now;
-
-	e = wpa_bssid_ignore_get(wpa_s, bssid);
-	if (!e)
-		return 0;
-	os_get_reltime(&now);
-	if (os_reltime_expired(&now, &e->start, e->timeout_secs))
-		return 0;
-	return e->count;
-}
-
-
-/**
- * wpa_bssid_ignore_clear - Clear the ignore list of all entries
- * @wpa_s: Pointer to wpa_supplicant data
- */
-void wpa_bssid_ignore_clear(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bssid_ignore *e, *prev;
-
-	e = wpa_s->bssid_ignore;
-	wpa_s->bssid_ignore = NULL;
-	while (e) {
-		prev = e;
-		e = e->next;
-		wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR
-			   " from ignore list (clear)", MAC2STR(prev->bssid));
-		os_free(prev);
-	}
-}
-
-
-/**
- * wpa_bssid_ignore_update - Update the entries in the ignore list,
- * deleting entries that have been expired for over an hour.
- * @wpa_s: Pointer to wpa_supplicant data
- */
-void wpa_bssid_ignore_update(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bssid_ignore *e, *prev = NULL;
-	struct os_reltime now;
-
-	if (!wpa_s)
-		return;
-
-	e = wpa_s->bssid_ignore;
-	os_get_reltime(&now);
-	while (e) {
-		if (os_reltime_expired(&now, &e->start,
-				       e->timeout_secs + 3600)) {
-			struct wpa_bssid_ignore *to_delete = e;
-
-			if (prev) {
-				prev->next = e->next;
-				e = prev->next;
-			} else {
-				wpa_s->bssid_ignore = e->next;
-				e = wpa_s->bssid_ignore;
-			}
-			wpa_printf(MSG_INFO, "Removed BSSID " MACSTR
-				   " from ignore list (expired)",
-				   MAC2STR(to_delete->bssid));
-			os_free(to_delete);
-		} else {
-			prev = e;
-			e = e->next;
-		}
-	}
-}
diff --git a/wpa_supplicant/bssid_ignore.h b/wpa_supplicant/bssid_ignore.h
deleted file mode 100644
index 721b0e12665f..000000000000
--- a/wpa_supplicant/bssid_ignore.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * wpa_supplicant - List of temporarily ignored BSSIDs
- * Copyright (c) 2003-2021, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef BSSID_IGNORE_H
-#define BSSID_IGNORE_H
-
-struct wpa_bssid_ignore {
-	struct wpa_bssid_ignore *next;
-	u8 bssid[ETH_ALEN];
-	int count;
-	/* Time of the most recent trigger to ignore this BSSID. */
-	struct os_reltime start;
-	/*
-	 * Number of seconds after start that the entey will be considered
-	 * valid.
-	 */
-	int timeout_secs;
-};
-
-struct wpa_bssid_ignore * wpa_bssid_ignore_get(struct wpa_supplicant *wpa_s,
-					 const u8 *bssid);
-int wpa_bssid_ignore_add(struct wpa_supplicant *wpa_s, const u8 *bssid);
-int wpa_bssid_ignore_del(struct wpa_supplicant *wpa_s, const u8 *bssid);
-int wpa_bssid_ignore_is_listed(struct wpa_supplicant *wpa_s, const u8 *bssid);
-void wpa_bssid_ignore_clear(struct wpa_supplicant *wpa_s);
-void wpa_bssid_ignore_update(struct wpa_supplicant *wpa_s);
-
-#endif /* BSSID_IGNORE_H */
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
deleted file mode 100644
index bf062b0792b7..000000000000
--- a/wpa_supplicant/config.c
+++ /dev/null
@@ -1,5429 +0,0 @@
-/*
- * WPA Supplicant / Configuration parser and common functions
- * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "utils/uuid.h"
-#include "utils/ip_addr.h"
-#include "common/ieee802_1x_defs.h"
-#include "common/sae.h"
-#include "crypto/sha1.h"
-#include "rsn_supp/wpa.h"
-#include "eap_peer/eap.h"
-#include "p2p/p2p.h"
-#include "fst/fst.h"
-#include "config.h"
-
-
-#if !defined(CONFIG_CTRL_IFACE) && defined(CONFIG_NO_CONFIG_WRITE)
-#define NO_CONFIG_WRITE
-#endif
-
-/*
- * Structure for network configuration parsing. This data is used to implement
- * a generic parser for each network block variable. The table of configuration
- * variables is defined below in this file (ssid_fields[]).
- */
-struct parse_data {
-	/* Configuration variable name */
-	char *name;
-
-	/* Parser function for this variable. The parser functions return 0 or 1
-	 * to indicate success. Value 0 indicates that the parameter value may
-	 * have changed while value 1 means that the value did not change.
-	 * Error cases (failure to parse the string) are indicated by returning
-	 * -1. */
-	int (*parser)(const struct parse_data *data, struct wpa_ssid *ssid,
-		      int line, const char *value);
-
-#ifndef NO_CONFIG_WRITE
-	/* Writer function (i.e., to get the variable in text format from
-	 * internal presentation). */
-	char * (*writer)(const struct parse_data *data, struct wpa_ssid *ssid);
-#endif /* NO_CONFIG_WRITE */
-
-	/* Variable specific parameters for the parser. */
-	void *param1, *param2, *param3, *param4;
-
-	/* 0 = this variable can be included in debug output and ctrl_iface
-	 * 1 = this variable contains key/private data and it must not be
-	 *     included in debug output unless explicitly requested. In
-	 *     addition, this variable will not be readable through the
-	 *     ctrl_iface.
-	 */
-	int key_data;
-};
-
-
-static int wpa_config_parse_str(const struct parse_data *data,
-				struct wpa_ssid *ssid,
-				int line, const char *value)
-{
-	size_t res_len, *dst_len, prev_len;
-	char **dst, *tmp;
-
-	if (os_strcmp(value, "NULL") == 0) {
-		wpa_printf(MSG_DEBUG, "Unset configuration string '%s'",
-			   data->name);
-		tmp = NULL;
-		res_len = 0;
-		goto set;
-	}
-
-	tmp = wpa_config_parse_string(value, &res_len);
-	if (tmp == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: failed to parse %s '%s'.",
-			   line, data->name,
-			   data->key_data ? "[KEY DATA REMOVED]" : value);
-		return -1;
-	}
-
-	if (data->key_data) {
-		wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
-				      (u8 *) tmp, res_len);
-	} else {
-		wpa_hexdump_ascii(MSG_MSGDUMP, data->name,
-				  (u8 *) tmp, res_len);
-	}
-
-	if (data->param3 && res_len < (size_t) data->param3) {
-		wpa_printf(MSG_ERROR, "Line %d: too short %s (len=%lu "
-			   "min_len=%ld)", line, data->name,
-			   (unsigned long) res_len, (long) data->param3);
-		os_free(tmp);
-		return -1;
-	}
-
-	if (data->param4 && res_len > (size_t) data->param4) {
-		wpa_printf(MSG_ERROR, "Line %d: too long %s (len=%lu "
-			   "max_len=%ld)", line, data->name,
-			   (unsigned long) res_len, (long) data->param4);
-		os_free(tmp);
-		return -1;
-	}
-
-set:
-	dst = (char **) (((u8 *) ssid) + (long) data->param1);
-	dst_len = (size_t *) (((u8 *) ssid) + (long) data->param2);
-
-	if (data->param2)
-		prev_len = *dst_len;
-	else if (*dst)
-		prev_len = os_strlen(*dst);
-	else
-		prev_len = 0;
-	if ((*dst == NULL && tmp == NULL) ||
-	    (*dst && tmp && prev_len == res_len &&
-	     os_memcmp(*dst, tmp, res_len) == 0)) {
-		/* No change to the previously configured value */
-		os_free(tmp);
-		return 1;
-	}
-
-	os_free(*dst);
-	*dst = tmp;
-	if (data->param2)
-		*dst_len = res_len;
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_string_ascii(const u8 *value, size_t len)
-{
-	char *buf;
-
-	buf = os_malloc(len + 3);
-	if (buf == NULL)
-		return NULL;
-	buf[0] = '"';
-	os_memcpy(buf + 1, value, len);
-	buf[len + 1] = '"';
-	buf[len + 2] = '\0';
-
-	return buf;
-}
-
-
-static char * wpa_config_write_string_hex(const u8 *value, size_t len)
-{
-	char *buf;
-
-	buf = os_zalloc(2 * len + 1);
-	if (buf == NULL)
-		return NULL;
-	wpa_snprintf_hex(buf, 2 * len + 1, value, len);
-
-	return buf;
-}
-
-
-static char * wpa_config_write_string(const u8 *value, size_t len)
-{
-	if (value == NULL)
-		return NULL;
-
-	if (is_hex(value, len))
-		return wpa_config_write_string_hex(value, len);
-	else
-		return wpa_config_write_string_ascii(value, len);
-}
-
-
-static char * wpa_config_write_str(const struct parse_data *data,
-				   struct wpa_ssid *ssid)
-{
-	size_t len;
-	char **src;
-
-	src = (char **) (((u8 *) ssid) + (long) data->param1);
-	if (*src == NULL)
-		return NULL;
-
-	if (data->param2)
-		len = *((size_t *) (((u8 *) ssid) + (long) data->param2));
-	else
-		len = os_strlen(*src);
-
-	return wpa_config_write_string((const u8 *) *src, len);
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_int(const struct parse_data *data,
-				struct wpa_ssid *ssid,
-				int line, const char *value)
-{
-	int val, *dst;
-	char *end;
-
-	dst = (int *) (((u8 *) ssid) + (long) data->param1);
-	val = strtol(value, &end, 0);
-	if (*end) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid number \"%s\"",
-			   line, value);
-		return -1;
-	}
-
-	if (*dst == val)
-		return 1;
-	*dst = val;
-	wpa_printf(MSG_MSGDUMP, "%s=%d (0x%x)", data->name, *dst, *dst);
-
-	if (data->param3 && *dst < (long) data->param3) {
-		wpa_printf(MSG_ERROR, "Line %d: too small %s (value=%d "
-			   "min_value=%ld)", line, data->name, *dst,
-			   (long) data->param3);
-		*dst = (long) data->param3;
-		return -1;
-	}
-
-	if (data->param4 && *dst > (long) data->param4) {
-		wpa_printf(MSG_ERROR, "Line %d: too large %s (value=%d "
-			   "max_value=%ld)", line, data->name, *dst,
-			   (long) data->param4);
-		*dst = (long) data->param4;
-		return -1;
-	}
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_int(const struct parse_data *data,
-				   struct wpa_ssid *ssid)
-{
-	int *src, res;
-	char *value;
-
-	src = (int *) (((u8 *) ssid) + (long) data->param1);
-
-	value = os_malloc(20);
-	if (value == NULL)
-		return NULL;
-	res = os_snprintf(value, 20, "%d", *src);
-	if (os_snprintf_error(20, res)) {
-		os_free(value);
-		return NULL;
-	}
-	value[20 - 1] = '\0';
-	return value;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_addr_list(const struct parse_data *data,
-				      int line, const char *value,
-				      u8 **list, size_t *num, char *name,
-				      u8 abort_on_error, u8 masked)
-{
-	const char *pos;
-	u8 *buf, *n, addr[2 * ETH_ALEN];
-	size_t count;
-
-	buf = NULL;
-	count = 0;
-
-	pos = value;
-	while (pos && *pos) {
-		while (*pos == ' ')
-			pos++;
-
-		if (hwaddr_masked_aton(pos, addr, &addr[ETH_ALEN], masked)) {
-			if (abort_on_error || count == 0) {
-				wpa_printf(MSG_ERROR,
-					   "Line %d: Invalid %s address '%s'",
-					   line, name, value);
-				os_free(buf);
-				return -1;
-			}
-			/* continue anyway since this could have been from a
-			 * truncated configuration file line */
-			wpa_printf(MSG_INFO,
-				   "Line %d: Ignore likely truncated %s address '%s'",
-				   line, name, pos);
-		} else {
-			n = os_realloc_array(buf, count + 1, 2 * ETH_ALEN);
-			if (n == NULL) {
-				os_free(buf);
-				return -1;
-			}
-			buf = n;
-			os_memmove(buf + 2 * ETH_ALEN, buf,
-				   count * 2 * ETH_ALEN);
-			os_memcpy(buf, addr, 2 * ETH_ALEN);
-			count++;
-			wpa_printf(MSG_MSGDUMP,
-				   "%s: addr=" MACSTR " mask=" MACSTR,
-				   name, MAC2STR(addr),
-				   MAC2STR(&addr[ETH_ALEN]));
-		}
-
-		pos = os_strchr(pos, ' ');
-	}
-
-	os_free(*list);
-	*list = buf;
-	*num = count;
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_addr_list(const struct parse_data *data,
-					 const u8 *list, size_t num, char *name)
-{
-	char *value, *end, *pos;
-	int res;
-	size_t i;
-
-	if (list == NULL || num == 0)
-		return NULL;
-
-	value = os_malloc(2 * 20 * num);
-	if (value == NULL)
-		return NULL;
-	pos = value;
-	end = value + 2 * 20 * num;
-
-	for (i = num; i > 0; i--) {
-		const u8 *a = list + (i - 1) * 2 * ETH_ALEN;
-		const u8 *m = a + ETH_ALEN;
-
-		if (i < num)
-			*pos++ = ' ';
-		res = hwaddr_mask_txt(pos, end - pos, a, m);
-		if (res < 0) {
-			os_free(value);
-			return NULL;
-		}
-		pos += res;
-	}
-
-	return value;
-}
-#endif /* NO_CONFIG_WRITE */
-
-static int wpa_config_parse_bssid(const struct parse_data *data,
-				  struct wpa_ssid *ssid, int line,
-				  const char *value)
-{
-	if (value[0] == '\0' || os_strcmp(value, "\"\"") == 0 ||
-	    os_strcmp(value, "any") == 0) {
-		ssid->bssid_set = 0;
-		wpa_printf(MSG_MSGDUMP, "BSSID any");
-		return 0;
-	}
-	if (hwaddr_aton(value, ssid->bssid)) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid BSSID '%s'.",
-			   line, value);
-		return -1;
-	}
-	ssid->bssid_set = 1;
-	wpa_hexdump(MSG_MSGDUMP, "BSSID", ssid->bssid, ETH_ALEN);
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_bssid(const struct parse_data *data,
-				     struct wpa_ssid *ssid)
-{
-	char *value;
-	int res;
-
-	if (!ssid->bssid_set)
-		return NULL;
-
-	value = os_malloc(20);
-	if (value == NULL)
-		return NULL;
-	res = os_snprintf(value, 20, MACSTR, MAC2STR(ssid->bssid));
-	if (os_snprintf_error(20, res)) {
-		os_free(value);
-		return NULL;
-	}
-	value[20 - 1] = '\0';
-	return value;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_bssid_hint(const struct parse_data *data,
-				       struct wpa_ssid *ssid, int line,
-				       const char *value)
-{
-	if (value[0] == '\0' || os_strcmp(value, "\"\"") == 0 ||
-	    os_strcmp(value, "any") == 0) {
-		ssid->bssid_hint_set = 0;
-		wpa_printf(MSG_MSGDUMP, "BSSID hint any");
-		return 0;
-	}
-	if (hwaddr_aton(value, ssid->bssid_hint)) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid BSSID hint '%s'.",
-			   line, value);
-		return -1;
-	}
-	ssid->bssid_hint_set = 1;
-	wpa_hexdump(MSG_MSGDUMP, "BSSID hint", ssid->bssid_hint, ETH_ALEN);
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_bssid_hint(const struct parse_data *data,
-					  struct wpa_ssid *ssid)
-{
-	char *value;
-	int res;
-
-	if (!ssid->bssid_hint_set)
-		return NULL;
-
-	value = os_malloc(20);
-	if (!value)
-		return NULL;
-	res = os_snprintf(value, 20, MACSTR, MAC2STR(ssid->bssid_hint));
-	if (os_snprintf_error(20, res)) {
-		os_free(value);
-		return NULL;
-	}
-	return value;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_bssid_ignore(const struct parse_data *data,
-					 struct wpa_ssid *ssid, int line,
-					 const char *value)
-{
-	return wpa_config_parse_addr_list(data, line, value,
-					  &ssid->bssid_ignore,
-					  &ssid->num_bssid_ignore,
-					  "bssid_ignore", 1, 1);
-}
-
-
-/* deprecated alias for bssid_ignore for backwards compatibility */
-static int wpa_config_parse_bssid_blacklist(const struct parse_data *data,
-					    struct wpa_ssid *ssid, int line,
-					    const char *value)
-{
-	return wpa_config_parse_addr_list(data, line, value,
-					  &ssid->bssid_ignore,
-					  &ssid->num_bssid_ignore,
-					  "bssid_ignore", 1, 1);
-}
-
-
-#ifndef NO_CONFIG_WRITE
-
-static char * wpa_config_write_bssid_ignore(const struct parse_data *data,
-					    struct wpa_ssid *ssid)
-{
-	return wpa_config_write_addr_list(data, ssid->bssid_ignore,
-					  ssid->num_bssid_ignore,
-					  "bssid_ignore");
-}
-
-
-/* deprecated alias for bssid_ignore for backwards compatibility */
-static char * wpa_config_write_bssid_blacklist(const struct parse_data *data,
-					       struct wpa_ssid *ssid)
-{
-	return wpa_config_write_addr_list(data, ssid->bssid_ignore,
-					  ssid->num_bssid_ignore,
-					  "bssid_ignore");
-}
-
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_bssid_accept(const struct parse_data *data,
-					 struct wpa_ssid *ssid, int line,
-					 const char *value)
-{
-	return wpa_config_parse_addr_list(data, line, value,
-					  &ssid->bssid_accept,
-					  &ssid->num_bssid_accept,
-					  "bssid_accept", 1, 1);
-}
-
-
-/* deprecated alias for bssid_accept for backwards compatibility */
-static int wpa_config_parse_bssid_whitelist(const struct parse_data *data,
-					    struct wpa_ssid *ssid, int line,
-					    const char *value)
-{
-	return wpa_config_parse_addr_list(data, line, value,
-					  &ssid->bssid_accept,
-					  &ssid->num_bssid_accept,
-					  "bssid_accept", 1, 1);
-}
-
-
-#ifndef NO_CONFIG_WRITE
-
-static char * wpa_config_write_bssid_accept(const struct parse_data *data,
-					    struct wpa_ssid *ssid)
-{
-	return wpa_config_write_addr_list(data, ssid->bssid_accept,
-					  ssid->num_bssid_accept,
-					  "bssid_accept");
-}
-
-
-/* deprecated alias for bssid_accept for backwards compatibility */
-static char * wpa_config_write_bssid_whitelist(const struct parse_data *data,
-					       struct wpa_ssid *ssid)
-{
-	return wpa_config_write_addr_list(data, ssid->bssid_accept,
-					  ssid->num_bssid_accept,
-					  "bssid_accept");
-}
-
-#endif /* NO_CONFIG_WRITE */
-
-
-#ifndef NO_CONFIG_WRITE
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_psk(const struct parse_data *data,
-				struct wpa_ssid *ssid, int line,
-				const char *value)
-{
-#ifdef CONFIG_EXT_PASSWORD
-	if (os_strncmp(value, "ext:", 4) == 0) {
-		str_clear_free(ssid->passphrase);
-		ssid->passphrase = NULL;
-		ssid->psk_set = 0;
-		os_free(ssid->ext_psk);
-		ssid->ext_psk = os_strdup(value + 4);
-		if (ssid->ext_psk == NULL)
-			return -1;
-		wpa_printf(MSG_DEBUG, "PSK: External password '%s'",
-			   ssid->ext_psk);
-		return 0;
-	}
-#endif /* CONFIG_EXT_PASSWORD */
-
-	if (*value == '"') {
-#ifndef CONFIG_NO_PBKDF2
-		const char *pos;
-		size_t len;
-
-		value++;
-		pos = os_strrchr(value, '"');
-		if (pos)
-			len = pos - value;
-		else
-			len = os_strlen(value);
-		if (len < 8 || len > 63) {
-			wpa_printf(MSG_ERROR, "Line %d: Invalid passphrase "
-				   "length %lu (expected: 8..63) '%s'.",
-				   line, (unsigned long) len, value);
-			return -1;
-		}
-		wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
-				      (u8 *) value, len);
-		if (has_ctrl_char((u8 *) value, len)) {
-			wpa_printf(MSG_ERROR,
-				   "Line %d: Invalid passphrase character",
-				   line);
-			return -1;
-		}
-		if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
-		    os_memcmp(ssid->passphrase, value, len) == 0) {
-			/* No change to the previously configured value */
-			return 1;
-		}
-		ssid->psk_set = 0;
-		str_clear_free(ssid->passphrase);
-		ssid->passphrase = dup_binstr(value, len);
-		if (ssid->passphrase == NULL)
-			return -1;
-		return 0;
-#else /* CONFIG_NO_PBKDF2 */
-		wpa_printf(MSG_ERROR, "Line %d: ASCII passphrase not "
-			   "supported.", line);
-		return -1;
-#endif /* CONFIG_NO_PBKDF2 */
-	}
-
-	if (hexstr2bin(value, ssid->psk, PMK_LEN) ||
-	    value[PMK_LEN * 2] != '\0') {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
-			   line, value);
-		return -1;
-	}
-
-	str_clear_free(ssid->passphrase);
-	ssid->passphrase = NULL;
-
-	ssid->psk_set = 1;
-	wpa_hexdump_key(MSG_MSGDUMP, "PSK", ssid->psk, PMK_LEN);
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_psk(const struct parse_data *data,
-				   struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_EXT_PASSWORD
-	if (ssid->ext_psk) {
-		size_t len = 4 + os_strlen(ssid->ext_psk) + 1;
-		char *buf = os_malloc(len);
-		int res;
-
-		if (buf == NULL)
-			return NULL;
-		res = os_snprintf(buf, len, "ext:%s", ssid->ext_psk);
-		if (os_snprintf_error(len, res)) {
-			os_free(buf);
-			buf = NULL;
-		}
-		return buf;
-	}
-#endif /* CONFIG_EXT_PASSWORD */
-
-	if (ssid->passphrase)
-		return wpa_config_write_string_ascii(
-			(const u8 *) ssid->passphrase,
-			os_strlen(ssid->passphrase));
-
-	if (ssid->psk_set)
-		return wpa_config_write_string_hex(ssid->psk, PMK_LEN);
-
-	return NULL;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_proto(const struct parse_data *data,
-				  struct wpa_ssid *ssid, int line,
-				  const char *value)
-{
-	int val = 0, last, errors = 0;
-	char *start, *end, *buf;
-
-	buf = os_strdup(value);
-	if (buf == NULL)
-		return -1;
-	start = buf;
-
-	while (*start != '\0') {
-		while (*start == ' ' || *start == '\t')
-			start++;
-		if (*start == '\0')
-			break;
-		end = start;
-		while (*end != ' ' && *end != '\t' && *end != '\0')
-			end++;
-		last = *end == '\0';
-		*end = '\0';
-		if (os_strcmp(start, "WPA") == 0)
-			val |= WPA_PROTO_WPA;
-		else if (os_strcmp(start, "RSN") == 0 ||
-			 os_strcmp(start, "WPA2") == 0)
-			val |= WPA_PROTO_RSN;
-		else if (os_strcmp(start, "OSEN") == 0)
-			val |= WPA_PROTO_OSEN;
-		else {
-			wpa_printf(MSG_ERROR, "Line %d: invalid proto '%s'",
-				   line, start);
-			errors++;
-		}
-
-		if (last)
-			break;
-		start = end + 1;
-	}
-	os_free(buf);
-
-	if (val == 0) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: no proto values configured.", line);
-		errors++;
-	}
-
-	if (!errors && ssid->proto == val)
-		return 1;
-	wpa_printf(MSG_MSGDUMP, "proto: 0x%x", val);
-	ssid->proto = val;
-	return errors ? -1 : 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_proto(const struct parse_data *data,
-				     struct wpa_ssid *ssid)
-{
-	int ret;
-	char *buf, *pos, *end;
-
-	pos = buf = os_zalloc(20);
-	if (buf == NULL)
-		return NULL;
-	end = buf + 20;
-
-	if (ssid->proto & WPA_PROTO_WPA) {
-		ret = os_snprintf(pos, end - pos, "%sWPA",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return buf;
-		pos += ret;
-	}
-
-	if (ssid->proto & WPA_PROTO_RSN) {
-		ret = os_snprintf(pos, end - pos, "%sRSN",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return buf;
-		pos += ret;
-	}
-
-	if (ssid->proto & WPA_PROTO_OSEN) {
-		ret = os_snprintf(pos, end - pos, "%sOSEN",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return buf;
-		pos += ret;
-	}
-
-	if (pos == buf) {
-		os_free(buf);
-		buf = NULL;
-	}
-
-	return buf;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_key_mgmt(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	int val = 0, last, errors = 0;
-	char *start, *end, *buf;
-
-	buf = os_strdup(value);
-	if (buf == NULL)
-		return -1;
-	start = buf;
-
-	while (*start != '\0') {
-		while (*start == ' ' || *start == '\t')
-			start++;
-		if (*start == '\0')
-			break;
-		end = start;
-		while (*end != ' ' && *end != '\t' && *end != '\0')
-			end++;
-		last = *end == '\0';
-		*end = '\0';
-		if (os_strcmp(start, "WPA-PSK") == 0)
-			val |= WPA_KEY_MGMT_PSK;
-		else if (os_strcmp(start, "WPA-EAP") == 0)
-			val |= WPA_KEY_MGMT_IEEE8021X;
-		else if (os_strcmp(start, "IEEE8021X") == 0)
-			val |= WPA_KEY_MGMT_IEEE8021X_NO_WPA;
-		else if (os_strcmp(start, "NONE") == 0)
-			val |= WPA_KEY_MGMT_NONE;
-		else if (os_strcmp(start, "WPA-NONE") == 0)
-			val |= WPA_KEY_MGMT_WPA_NONE;
-#ifdef CONFIG_IEEE80211R
-		else if (os_strcmp(start, "FT-PSK") == 0)
-			val |= WPA_KEY_MGMT_FT_PSK;
-		else if (os_strcmp(start, "FT-EAP") == 0)
-			val |= WPA_KEY_MGMT_FT_IEEE8021X;
-#ifdef CONFIG_SHA384
-		else if (os_strcmp(start, "FT-EAP-SHA384") == 0)
-			val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
-#endif /* CONFIG_SHA384 */
-#endif /* CONFIG_IEEE80211R */
-		else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
-			val |= WPA_KEY_MGMT_PSK_SHA256;
-		else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
-			val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
-#ifdef CONFIG_WPS
-		else if (os_strcmp(start, "WPS") == 0)
-			val |= WPA_KEY_MGMT_WPS;
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_SAE
-		else if (os_strcmp(start, "SAE") == 0)
-			val |= WPA_KEY_MGMT_SAE;
-		else if (os_strcmp(start, "FT-SAE") == 0)
-			val |= WPA_KEY_MGMT_FT_SAE;
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_HS20
-		else if (os_strcmp(start, "OSEN") == 0)
-			val |= WPA_KEY_MGMT_OSEN;
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_SUITEB
-		else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
-			val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
-#endif /* CONFIG_SUITEB */
-#ifdef CONFIG_SUITEB192
-		else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
-			val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
-#endif /* CONFIG_SUITEB192 */
-#ifdef CONFIG_FILS
-		else if (os_strcmp(start, "FILS-SHA256") == 0)
-			val |= WPA_KEY_MGMT_FILS_SHA256;
-		else if (os_strcmp(start, "FILS-SHA384") == 0)
-			val |= WPA_KEY_MGMT_FILS_SHA384;
-#ifdef CONFIG_IEEE80211R
-		else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
-			val |= WPA_KEY_MGMT_FT_FILS_SHA256;
-		else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
-			val |= WPA_KEY_MGMT_FT_FILS_SHA384;
-#endif /* CONFIG_IEEE80211R */
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_OWE
-		else if (os_strcmp(start, "OWE") == 0)
-			val |= WPA_KEY_MGMT_OWE;
-#endif /* CONFIG_OWE */
-#ifdef CONFIG_DPP
-		else if (os_strcmp(start, "DPP") == 0)
-			val |= WPA_KEY_MGMT_DPP;
-#endif /* CONFIG_DPP */
-		else {
-			wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
-				   line, start);
-			errors++;
-		}
-
-		if (last)
-			break;
-		start = end + 1;
-	}
-	os_free(buf);
-
-	if (val == 0) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: no key_mgmt values configured.", line);
-		errors++;
-	}
-
-	if (!errors && ssid->key_mgmt == val)
-		return 1;
-	wpa_printf(MSG_MSGDUMP, "key_mgmt: 0x%x", val);
-	ssid->key_mgmt = val;
-	return errors ? -1 : 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_key_mgmt(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	char *buf, *pos, *end;
-	int ret;
-
-	pos = buf = os_zalloc(100);
-	if (buf == NULL)
-		return NULL;
-	end = buf + 100;
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-PSK",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-EAP",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		ret = os_snprintf(pos, end - pos, "%sIEEE8021X",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_NONE) {
-		ret = os_snprintf(pos, end - pos, "%sNONE",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-NONE",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-#ifdef CONFIG_IEEE80211R
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FT_PSK) {
-		ret = os_snprintf(pos, end - pos, "%sFT-PSK",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
-		ret = os_snprintf(pos, end - pos, "%sFT-EAP",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-#ifdef CONFIG_SHA384
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFT-EAP-SHA384",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_SHA384 */
-#endif /* CONFIG_IEEE80211R */
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-PSK-SHA256",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SHA256",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-#ifdef CONFIG_WPS
-	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
-		ret = os_snprintf(pos, end - pos, "%sWPS",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_SAE
-	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
-		ret = os_snprintf(pos, end - pos, "%sSAE",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FT_SAE) {
-		ret = os_snprintf(pos, end - pos, "%sFT-SAE",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_HS20
-	if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN) {
-		ret = os_snprintf(pos, end - pos, "%sOSEN",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_HS20 */
-
-#ifdef CONFIG_SUITEB
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_SUITEB */
-
-#ifdef CONFIG_SUITEB192
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
-		ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B-192",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_SUITEB192 */
-
-#ifdef CONFIG_FILS
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sFILS-SHA256",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFILS-SHA384",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#ifdef CONFIG_IEEE80211R
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA256",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-	if (ssid->key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA384",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_IEEE80211R */
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_DPP
-	if (ssid->key_mgmt & WPA_KEY_MGMT_DPP) {
-		ret = os_snprintf(pos, end - pos, "%sDPP",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_OWE
-	if (ssid->key_mgmt & WPA_KEY_MGMT_OWE) {
-		ret = os_snprintf(pos, end - pos, "%sOWE",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-#endif /* CONFIG_OWE */
-
-	if (pos == buf) {
-		os_free(buf);
-		buf = NULL;
-	}
-
-	return buf;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_cipher(int line, const char *value)
-{
-#ifdef CONFIG_NO_WPA
-	return -1;
-#else /* CONFIG_NO_WPA */
-	int val = wpa_parse_cipher(value);
-	if (val < 0) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
-			   line, value);
-		return -1;
-	}
-	if (val == 0) {
-		wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
-			   line);
-		return -1;
-	}
-	return val;
-#endif /* CONFIG_NO_WPA */
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_cipher(int cipher)
-{
-#ifdef CONFIG_NO_WPA
-	return NULL;
-#else /* CONFIG_NO_WPA */
-	char *buf = os_zalloc(50);
-	if (buf == NULL)
-		return NULL;
-
-	if (wpa_write_ciphers(buf, buf + 50, cipher, " ") < 0) {
-		os_free(buf);
-		return NULL;
-	}
-
-	return buf;
-#endif /* CONFIG_NO_WPA */
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_pairwise(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	int val;
-	val = wpa_config_parse_cipher(line, value);
-	if (val == -1)
-		return -1;
-	if (val & ~WPA_ALLOWED_PAIRWISE_CIPHERS) {
-		wpa_printf(MSG_ERROR, "Line %d: not allowed pairwise cipher "
-			   "(0x%x).", line, val);
-		return -1;
-	}
-
-	if (ssid->pairwise_cipher == val)
-		return 1;
-	wpa_printf(MSG_MSGDUMP, "pairwise: 0x%x", val);
-	ssid->pairwise_cipher = val;
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_pairwise(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	return wpa_config_write_cipher(ssid->pairwise_cipher);
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_group(const struct parse_data *data,
-				  struct wpa_ssid *ssid, int line,
-				  const char *value)
-{
-	int val;
-	val = wpa_config_parse_cipher(line, value);
-	if (val == -1)
-		return -1;
-
-	/*
-	 * Backwards compatibility - filter out WEP ciphers that were previously
-	 * allowed.
-	 */
-	val &= ~(WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40);
-
-	if (val & ~WPA_ALLOWED_GROUP_CIPHERS) {
-		wpa_printf(MSG_ERROR, "Line %d: not allowed group cipher "
-			   "(0x%x).", line, val);
-		return -1;
-	}
-
-	if (ssid->group_cipher == val)
-		return 1;
-	wpa_printf(MSG_MSGDUMP, "group: 0x%x", val);
-	ssid->group_cipher = val;
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_group(const struct parse_data *data,
-				     struct wpa_ssid *ssid)
-{
-	return wpa_config_write_cipher(ssid->group_cipher);
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_group_mgmt(const struct parse_data *data,
-				       struct wpa_ssid *ssid, int line,
-				       const char *value)
-{
-	int val;
-
-	val = wpa_config_parse_cipher(line, value);
-	if (val == -1)
-		return -1;
-
-	if (val & ~WPA_ALLOWED_GROUP_MGMT_CIPHERS) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: not allowed group management cipher (0x%x).",
-			   line, val);
-		return -1;
-	}
-
-	if (ssid->group_mgmt_cipher == val)
-		return 1;
-	wpa_printf(MSG_MSGDUMP, "group_mgmt: 0x%x", val);
-	ssid->group_mgmt_cipher = val;
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_group_mgmt(const struct parse_data *data,
-					  struct wpa_ssid *ssid)
-{
-	return wpa_config_write_cipher(ssid->group_mgmt_cipher);
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_auth_alg(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	int val = 0, last, errors = 0;
-	char *start, *end, *buf;
-
-	buf = os_strdup(value);
-	if (buf == NULL)
-		return -1;
-	start = buf;
-
-	while (*start != '\0') {
-		while (*start == ' ' || *start == '\t')
-			start++;
-		if (*start == '\0')
-			break;
-		end = start;
-		while (*end != ' ' && *end != '\t' && *end != '\0')
-			end++;
-		last = *end == '\0';
-		*end = '\0';
-		if (os_strcmp(start, "OPEN") == 0)
-			val |= WPA_AUTH_ALG_OPEN;
-		else if (os_strcmp(start, "SHARED") == 0)
-			val |= WPA_AUTH_ALG_SHARED;
-		else if (os_strcmp(start, "LEAP") == 0)
-			val |= WPA_AUTH_ALG_LEAP;
-		else {
-			wpa_printf(MSG_ERROR, "Line %d: invalid auth_alg '%s'",
-				   line, start);
-			errors++;
-		}
-
-		if (last)
-			break;
-		start = end + 1;
-	}
-	os_free(buf);
-
-	if (val == 0) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: no auth_alg values configured.", line);
-		errors++;
-	}
-
-	if (!errors && ssid->auth_alg == val)
-		return 1;
-	wpa_printf(MSG_MSGDUMP, "auth_alg: 0x%x", val);
-	ssid->auth_alg = val;
-	return errors ? -1 : 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_auth_alg(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	char *buf, *pos, *end;
-	int ret;
-
-	pos = buf = os_zalloc(30);
-	if (buf == NULL)
-		return NULL;
-	end = buf + 30;
-
-	if (ssid->auth_alg & WPA_AUTH_ALG_OPEN) {
-		ret = os_snprintf(pos, end - pos, "%sOPEN",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->auth_alg & WPA_AUTH_ALG_SHARED) {
-		ret = os_snprintf(pos, end - pos, "%sSHARED",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (ssid->auth_alg & WPA_AUTH_ALG_LEAP) {
-		ret = os_snprintf(pos, end - pos, "%sLEAP",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	if (pos == buf) {
-		os_free(buf);
-		buf = NULL;
-	}
-
-	return buf;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int * wpa_config_parse_int_array(const char *value)
-{
-	int *freqs;
-	size_t used, len;
-	const char *pos;
-
-	used = 0;
-	len = 10;
-	freqs = os_calloc(len + 1, sizeof(int));
-	if (freqs == NULL)
-		return NULL;
-
-	pos = value;
-	while (pos) {
-		while (*pos == ' ')
-			pos++;
-		if (used == len) {
-			int *n;
-			size_t i;
-			n = os_realloc_array(freqs, len * 2 + 1, sizeof(int));
-			if (n == NULL) {
-				os_free(freqs);
-				return NULL;
-			}
-			for (i = len; i <= len * 2; i++)
-				n[i] = 0;
-			freqs = n;
-			len *= 2;
-		}
-
-		freqs[used] = atoi(pos);
-		if (freqs[used] == 0)
-			break;
-		used++;
-		pos = os_strchr(pos + 1, ' ');
-	}
-
-	return freqs;
-}
-
-
-static int wpa_config_parse_scan_freq(const struct parse_data *data,
-				      struct wpa_ssid *ssid, int line,
-				      const char *value)
-{
-	int *freqs;
-
-	freqs = wpa_config_parse_int_array(value);
-	if (freqs == NULL)
-		return -1;
-	if (freqs[0] == 0) {
-		os_free(freqs);
-		freqs = NULL;
-	}
-	os_free(ssid->scan_freq);
-	ssid->scan_freq = freqs;
-
-	return 0;
-}
-
-
-static int wpa_config_parse_freq_list(const struct parse_data *data,
-				      struct wpa_ssid *ssid, int line,
-				      const char *value)
-{
-	int *freqs;
-
-	freqs = wpa_config_parse_int_array(value);
-	if (freqs == NULL)
-		return -1;
-	if (freqs[0] == 0) {
-		os_free(freqs);
-		freqs = NULL;
-	}
-	os_free(ssid->freq_list);
-	ssid->freq_list = freqs;
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_freqs(const struct parse_data *data,
-				     const int *freqs)
-{
-	char *buf, *pos, *end;
-	int i, ret;
-	size_t count;
-
-	if (freqs == NULL)
-		return NULL;
-
-	count = 0;
-	for (i = 0; freqs[i]; i++)
-		count++;
-
-	pos = buf = os_zalloc(10 * count + 1);
-	if (buf == NULL)
-		return NULL;
-	end = buf + 10 * count + 1;
-
-	for (i = 0; freqs[i]; i++) {
-		ret = os_snprintf(pos, end - pos, "%s%u",
-				  i == 0 ? "" : " ", freqs[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			end[-1] = '\0';
-			return buf;
-		}
-		pos += ret;
-	}
-
-	return buf;
-}
-
-
-static char * wpa_config_write_scan_freq(const struct parse_data *data,
-					 struct wpa_ssid *ssid)
-{
-	return wpa_config_write_freqs(data, ssid->scan_freq);
-}
-
-
-static char * wpa_config_write_freq_list(const struct parse_data *data,
-					 struct wpa_ssid *ssid)
-{
-	return wpa_config_write_freqs(data, ssid->freq_list);
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-#ifdef IEEE8021X_EAPOL
-static int wpa_config_parse_eap(const struct parse_data *data,
-				struct wpa_ssid *ssid, int line,
-				const char *value)
-{
-	int last, errors = 0;
-	char *start, *end, *buf;
-	struct eap_method_type *methods = NULL, *tmp;
-	size_t num_methods = 0;
-
-	buf = os_strdup(value);
-	if (buf == NULL)
-		return -1;
-	start = buf;
-
-	while (*start != '\0') {
-		while (*start == ' ' || *start == '\t')
-			start++;
-		if (*start == '\0')
-			break;
-		end = start;
-		while (*end != ' ' && *end != '\t' && *end != '\0')
-			end++;
-		last = *end == '\0';
-		*end = '\0';
-		tmp = methods;
-		methods = os_realloc_array(methods, num_methods + 1,
-					   sizeof(*methods));
-		if (methods == NULL) {
-			os_free(tmp);
-			os_free(buf);
-			return -1;
-		}
-		methods[num_methods].method = eap_peer_get_type(
-			start, &methods[num_methods].vendor);
-		if (methods[num_methods].vendor == EAP_VENDOR_IETF &&
-		    methods[num_methods].method == EAP_TYPE_NONE) {
-			wpa_printf(MSG_ERROR, "Line %d: unknown EAP method "
-				   "'%s'", line, start);
-			wpa_printf(MSG_ERROR, "You may need to add support for"
-				   " this EAP method during wpa_supplicant\n"
-				   "build time configuration.\n"
-				   "See README for more information.");
-			errors++;
-		} else if (methods[num_methods].vendor == EAP_VENDOR_IETF &&
-			   methods[num_methods].method == EAP_TYPE_LEAP)
-			ssid->leap++;
-		else
-			ssid->non_leap++;
-		num_methods++;
-		if (last)
-			break;
-		start = end + 1;
-	}
-	os_free(buf);
-
-	tmp = methods;
-	methods = os_realloc_array(methods, num_methods + 1, sizeof(*methods));
-	if (methods == NULL) {
-		os_free(tmp);
-		return -1;
-	}
-	methods[num_methods].vendor = EAP_VENDOR_IETF;
-	methods[num_methods].method = EAP_TYPE_NONE;
-	num_methods++;
-
-	if (!errors && ssid->eap.eap_methods) {
-		struct eap_method_type *prev_m;
-		size_t i, j, prev_methods, match = 0;
-
-		prev_m = ssid->eap.eap_methods;
-		for (i = 0; prev_m[i].vendor != EAP_VENDOR_IETF ||
-			     prev_m[i].method != EAP_TYPE_NONE; i++) {
-			/* Count the methods */
-		}
-		prev_methods = i + 1;
-
-		for (i = 0; prev_methods == num_methods && i < prev_methods;
-		     i++) {
-			for (j = 0; j < num_methods; j++) {
-				if (prev_m[i].vendor == methods[j].vendor &&
-				    prev_m[i].method == methods[j].method) {
-					match++;
-					break;
-				}
-			}
-		}
-		if (match == num_methods) {
-			os_free(methods);
-			return 1;
-		}
-	}
-	wpa_hexdump(MSG_MSGDUMP, "eap methods",
-		    (u8 *) methods, num_methods * sizeof(*methods));
-	os_free(ssid->eap.eap_methods);
-	ssid->eap.eap_methods = methods;
-	return errors ? -1 : 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_eap(const struct parse_data *data,
-				   struct wpa_ssid *ssid)
-{
-	int i, ret;
-	char *buf, *pos, *end;
-	const struct eap_method_type *eap_methods = ssid->eap.eap_methods;
-	const char *name;
-
-	if (eap_methods == NULL)
-		return NULL;
-
-	pos = buf = os_zalloc(100);
-	if (buf == NULL)
-		return NULL;
-	end = buf + 100;
-
-	for (i = 0; eap_methods[i].vendor != EAP_VENDOR_IETF ||
-		     eap_methods[i].method != EAP_TYPE_NONE; i++) {
-		name = eap_get_name(eap_methods[i].vendor,
-				    eap_methods[i].method);
-		if (name) {
-			ret = os_snprintf(pos, end - pos, "%s%s",
-					  pos == buf ? "" : " ", name);
-			if (os_snprintf_error(end - pos, ret))
-				break;
-			pos += ret;
-		}
-	}
-
-	end[-1] = '\0';
-
-	return buf;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_password(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	u8 *hash;
-
-	if (os_strcmp(value, "NULL") == 0) {
-		if (!ssid->eap.password)
-			return 1; /* Already unset */
-		wpa_printf(MSG_DEBUG, "Unset configuration string 'password'");
-		bin_clear_free(ssid->eap.password, ssid->eap.password_len);
-		ssid->eap.password = NULL;
-		ssid->eap.password_len = 0;
-		return 0;
-	}
-
-#ifdef CONFIG_EXT_PASSWORD
-	if (os_strncmp(value, "ext:", 4) == 0) {
-		char *name = os_strdup(value + 4);
-		if (!name)
-			return -1;
-		bin_clear_free(ssid->eap.password, ssid->eap.password_len);
-		ssid->eap.password = (u8 *) name;
-		ssid->eap.password_len = os_strlen(name);
-		ssid->eap.flags &= ~EAP_CONFIG_FLAGS_PASSWORD_NTHASH;
-		ssid->eap.flags |= EAP_CONFIG_FLAGS_EXT_PASSWORD;
-		return 0;
-	}
-#endif /* CONFIG_EXT_PASSWORD */
-
-	if (os_strncmp(value, "hash:", 5) != 0) {
-		char *tmp;
-		size_t res_len;
-
-		tmp = wpa_config_parse_string(value, &res_len);
-		if (!tmp) {
-			wpa_printf(MSG_ERROR,
-				   "Line %d: failed to parse password.", line);
-			return -1;
-		}
-		wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
-				      (u8 *) tmp, res_len);
-
-		bin_clear_free(ssid->eap.password, ssid->eap.password_len);
-		ssid->eap.password = (u8 *) tmp;
-		ssid->eap.password_len = res_len;
-		ssid->eap.flags &= ~EAP_CONFIG_FLAGS_PASSWORD_NTHASH;
-		ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_PASSWORD;
-
-		return 0;
-	}
-
-
-	/* NtPasswordHash: hash:<32 hex digits> */
-	if (os_strlen(value + 5) != 2 * 16) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: Invalid password hash length (expected 32 hex digits)",
-			   line);
-		return -1;
-	}
-
-	hash = os_malloc(16);
-	if (!hash)
-		return -1;
-
-	if (hexstr2bin(value + 5, hash, 16)) {
-		os_free(hash);
-		wpa_printf(MSG_ERROR, "Line %d: Invalid password hash", line);
-		return -1;
-	}
-
-	wpa_hexdump_key(MSG_MSGDUMP, data->name, hash, 16);
-
-	if (ssid->eap.password && ssid->eap.password_len == 16 &&
-	    os_memcmp(ssid->eap.password, hash, 16) == 0 &&
-	    (ssid->eap.flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH)) {
-		bin_clear_free(hash, 16);
-		return 1;
-	}
-	bin_clear_free(ssid->eap.password, ssid->eap.password_len);
-	ssid->eap.password = hash;
-	ssid->eap.password_len = 16;
-	ssid->eap.flags |= EAP_CONFIG_FLAGS_PASSWORD_NTHASH;
-	ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_PASSWORD;
-
-	return 0;
-}
-
-
-static int wpa_config_parse_machine_password(const struct parse_data *data,
-					     struct wpa_ssid *ssid, int line,
-					     const char *value)
-{
-	u8 *hash;
-
-	if (os_strcmp(value, "NULL") == 0) {
-		if (!ssid->eap.machine_password)
-			return 1; /* Already unset */
-		wpa_printf(MSG_DEBUG,
-			   "Unset configuration string 'machine_password'");
-		bin_clear_free(ssid->eap.machine_password,
-			       ssid->eap.machine_password_len);
-		ssid->eap.machine_password = NULL;
-		ssid->eap.machine_password_len = 0;
-		return 0;
-	}
-
-#ifdef CONFIG_EXT_PASSWORD
-	if (os_strncmp(value, "ext:", 4) == 0) {
-		char *name = os_strdup(value + 4);
-
-		if (!name)
-			return -1;
-		bin_clear_free(ssid->eap.machine_password,
-			       ssid->eap.machine_password_len);
-		ssid->eap.machine_password = (u8 *) name;
-		ssid->eap.machine_password_len = os_strlen(name);
-		ssid->eap.flags &= ~EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH;
-		ssid->eap.flags |= EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD;
-		return 0;
-	}
-#endif /* CONFIG_EXT_PASSWORD */
-
-	if (os_strncmp(value, "hash:", 5) != 0) {
-		char *tmp;
-		size_t res_len;
-
-		tmp = wpa_config_parse_string(value, &res_len);
-		if (!tmp) {
-			wpa_printf(MSG_ERROR,
-				   "Line %d: failed to parse machine_password.",
-				   line);
-			return -1;
-		}
-		wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
-				      (u8 *) tmp, res_len);
-
-		bin_clear_free(ssid->eap.machine_password,
-			       ssid->eap.machine_password_len);
-		ssid->eap.machine_password = (u8 *) tmp;
-		ssid->eap.machine_password_len = res_len;
-		ssid->eap.flags &= ~EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH;
-		ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD;
-
-		return 0;
-	}
-
-
-	/* NtPasswordHash: hash:<32 hex digits> */
-	if (os_strlen(value + 5) != 2 * 16) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: Invalid machine_password hash length (expected 32 hex digits)",
-			   line);
-		return -1;
-	}
-
-	hash = os_malloc(16);
-	if (!hash)
-		return -1;
-
-	if (hexstr2bin(value + 5, hash, 16)) {
-		os_free(hash);
-		wpa_printf(MSG_ERROR, "Line %d: Invalid machine_password hash",
-			   line);
-		return -1;
-	}
-
-	wpa_hexdump_key(MSG_MSGDUMP, data->name, hash, 16);
-
-	if (ssid->eap.machine_password &&
-	    ssid->eap.machine_password_len == 16 &&
-	    os_memcmp(ssid->eap.machine_password, hash, 16) == 0 &&
-	    (ssid->eap.flags & EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH)) {
-		bin_clear_free(hash, 16);
-		return 1;
-	}
-	bin_clear_free(ssid->eap.machine_password,
-		       ssid->eap.machine_password_len);
-	ssid->eap.machine_password = hash;
-	ssid->eap.machine_password_len = 16;
-	ssid->eap.flags |= EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH;
-	ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD;
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-
-static char * wpa_config_write_password(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	char *buf;
-
-	if (!ssid->eap.password)
-		return NULL;
-
-#ifdef CONFIG_EXT_PASSWORD
-	if (ssid->eap.flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) {
-		buf = os_zalloc(4 + ssid->eap.password_len + 1);
-		if (!buf)
-			return NULL;
-		os_memcpy(buf, "ext:", 4);
-		os_memcpy(buf + 4, ssid->eap.password, ssid->eap.password_len);
-		return buf;
-	}
-#endif /* CONFIG_EXT_PASSWORD */
-
-	if (!(ssid->eap.flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH)) {
-		return wpa_config_write_string(
-			ssid->eap.password, ssid->eap.password_len);
-	}
-
-	buf = os_malloc(5 + 32 + 1);
-	if (!buf)
-		return NULL;
-
-	os_memcpy(buf, "hash:", 5);
-	wpa_snprintf_hex(buf + 5, 32 + 1, ssid->eap.password, 16);
-
-	return buf;
-}
-
-
-static char * wpa_config_write_machine_password(const struct parse_data *data,
-						struct wpa_ssid *ssid)
-{
-	char *buf;
-
-	if (!ssid->eap.machine_password)
-		return NULL;
-
-#ifdef CONFIG_EXT_PASSWORD
-	if (ssid->eap.flags & EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD) {
-		buf = os_zalloc(4 + ssid->eap.machine_password_len + 1);
-		if (!buf)
-			return NULL;
-		os_memcpy(buf, "ext:", 4);
-		os_memcpy(buf + 4, ssid->eap.machine_password,
-			  ssid->eap.machine_password_len);
-		return buf;
-	}
-#endif /* CONFIG_EXT_PASSWORD */
-
-	if (!(ssid->eap.flags & EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH)) {
-		return wpa_config_write_string(
-			ssid->eap.machine_password,
-			ssid->eap.machine_password_len);
-	}
-
-	buf = os_malloc(5 + 32 + 1);
-	if (!buf)
-		return NULL;
-
-	os_memcpy(buf, "hash:", 5);
-	wpa_snprintf_hex(buf + 5, 32 + 1, ssid->eap.machine_password, 16);
-
-	return buf;
-}
-
-#endif /* NO_CONFIG_WRITE */
-#endif /* IEEE8021X_EAPOL */
-
-
-#ifdef CONFIG_WEP
-
-static int wpa_config_parse_wep_key(u8 *key, size_t *len, int line,
-				    const char *value, int idx)
-{
-	char *buf, title[20];
-	int res;
-
-	buf = wpa_config_parse_string(value, len);
-	if (buf == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid WEP key %d '%s'.",
-			   line, idx, value);
-		return -1;
-	}
-	if (*len > MAX_WEP_KEY_LEN) {
-		wpa_printf(MSG_ERROR, "Line %d: Too long WEP key %d '%s'.",
-			   line, idx, value);
-		os_free(buf);
-		return -1;
-	}
-	if (*len && *len != 5 && *len != 13 && *len != 16) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid WEP key length %u - "
-			   "this network block will be ignored",
-			   line, (unsigned int) *len);
-	}
-	os_memcpy(key, buf, *len);
-	str_clear_free(buf);
-	res = os_snprintf(title, sizeof(title), "wep_key%d", idx);
-	if (!os_snprintf_error(sizeof(title), res))
-		wpa_hexdump_key(MSG_MSGDUMP, title, key, *len);
-	return 0;
-}
-
-
-static int wpa_config_parse_wep_key0(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	return wpa_config_parse_wep_key(ssid->wep_key[0],
-					&ssid->wep_key_len[0], line,
-					value, 0);
-}
-
-
-static int wpa_config_parse_wep_key1(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	return wpa_config_parse_wep_key(ssid->wep_key[1],
-					&ssid->wep_key_len[1], line,
-					value, 1);
-}
-
-
-static int wpa_config_parse_wep_key2(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	return wpa_config_parse_wep_key(ssid->wep_key[2],
-					&ssid->wep_key_len[2], line,
-					value, 2);
-}
-
-
-static int wpa_config_parse_wep_key3(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	return wpa_config_parse_wep_key(ssid->wep_key[3],
-					&ssid->wep_key_len[3], line,
-					value, 3);
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_wep_key(struct wpa_ssid *ssid, int idx)
-{
-	if (ssid->wep_key_len[idx] == 0)
-		return NULL;
-	return wpa_config_write_string(ssid->wep_key[idx],
-				       ssid->wep_key_len[idx]);
-}
-
-
-static char * wpa_config_write_wep_key0(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	return wpa_config_write_wep_key(ssid, 0);
-}
-
-
-static char * wpa_config_write_wep_key1(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	return wpa_config_write_wep_key(ssid, 1);
-}
-
-
-static char * wpa_config_write_wep_key2(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	return wpa_config_write_wep_key(ssid, 2);
-}
-
-
-static char * wpa_config_write_wep_key3(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	return wpa_config_write_wep_key(ssid, 3);
-}
-#endif /* NO_CONFIG_WRITE */
-
-#endif /* CONFIG_WEP */
-
-
-#ifdef CONFIG_P2P
-
-static int wpa_config_parse_go_p2p_dev_addr(const struct parse_data *data,
-					    struct wpa_ssid *ssid, int line,
-					    const char *value)
-{
-	if (value[0] == '\0' || os_strcmp(value, "\"\"") == 0 ||
-	    os_strcmp(value, "any") == 0) {
-		os_memset(ssid->go_p2p_dev_addr, 0, ETH_ALEN);
-		wpa_printf(MSG_MSGDUMP, "GO P2P Device Address any");
-		return 0;
-	}
-	if (hwaddr_aton(value, ssid->go_p2p_dev_addr)) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid GO P2P Device Address '%s'.",
-			   line, value);
-		return -1;
-	}
-	ssid->bssid_set = 1;
-	wpa_printf(MSG_MSGDUMP, "GO P2P Device Address " MACSTR,
-		   MAC2STR(ssid->go_p2p_dev_addr));
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_go_p2p_dev_addr(const struct parse_data *data,
-					       struct wpa_ssid *ssid)
-{
-	char *value;
-	int res;
-
-	if (is_zero_ether_addr(ssid->go_p2p_dev_addr))
-		return NULL;
-
-	value = os_malloc(20);
-	if (value == NULL)
-		return NULL;
-	res = os_snprintf(value, 20, MACSTR, MAC2STR(ssid->go_p2p_dev_addr));
-	if (os_snprintf_error(20, res)) {
-		os_free(value);
-		return NULL;
-	}
-	value[20 - 1] = '\0';
-	return value;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_p2p_client_list(const struct parse_data *data,
-					    struct wpa_ssid *ssid, int line,
-					    const char *value)
-{
-	return wpa_config_parse_addr_list(data, line, value,
-					  &ssid->p2p_client_list,
-					  &ssid->num_p2p_clients,
-					  "p2p_client_list", 0, 0);
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_p2p_client_list(const struct parse_data *data,
-					       struct wpa_ssid *ssid)
-{
-	return wpa_config_write_addr_list(data, ssid->p2p_client_list,
-					  ssid->num_p2p_clients,
-					  "p2p_client_list");
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-static int wpa_config_parse_psk_list(const struct parse_data *data,
-				     struct wpa_ssid *ssid, int line,
-				     const char *value)
-{
-	struct psk_list_entry *p;
-	const char *pos;
-
-	p = os_zalloc(sizeof(*p));
-	if (p == NULL)
-		return -1;
-
-	pos = value;
-	if (os_strncmp(pos, "P2P-", 4) == 0) {
-		p->p2p = 1;
-		pos += 4;
-	}
-
-	if (hwaddr_aton(pos, p->addr)) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid psk_list address '%s'",
-			   line, pos);
-		os_free(p);
-		return -1;
-	}
-	pos += 17;
-	if (*pos != '-') {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid psk_list '%s'",
-			   line, pos);
-		os_free(p);
-		return -1;
-	}
-	pos++;
-
-	if (hexstr2bin(pos, p->psk, PMK_LEN) || pos[PMK_LEN * 2] != '\0') {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid psk_list PSK '%s'",
-			   line, pos);
-		os_free(p);
-		return -1;
-	}
-
-	dl_list_add(&ssid->psk_list, &p->list);
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_psk_list(const struct parse_data *data,
-					struct wpa_ssid *ssid)
-{
-	return NULL;
-}
-#endif /* NO_CONFIG_WRITE */
-
-#endif /* CONFIG_P2P */
-
-
-#ifdef CONFIG_MESH
-
-static int wpa_config_parse_mesh_basic_rates(const struct parse_data *data,
-					     struct wpa_ssid *ssid, int line,
-					     const char *value)
-{
-	int *rates = wpa_config_parse_int_array(value);
-
-	if (rates == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid mesh_basic_rates '%s'",
-			   line, value);
-		return -1;
-	}
-	if (rates[0] == 0) {
-		os_free(rates);
-		rates = NULL;
-	}
-
-	os_free(ssid->mesh_basic_rates);
-	ssid->mesh_basic_rates = rates;
-
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-
-static char * wpa_config_write_mesh_basic_rates(const struct parse_data *data,
-						struct wpa_ssid *ssid)
-{
-	return wpa_config_write_freqs(data, ssid->mesh_basic_rates);
-}
-
-#endif /* NO_CONFIG_WRITE */
-
-#endif /* CONFIG_MESH */
-
-
-#ifdef CONFIG_MACSEC
-
-static int wpa_config_parse_mka_cak(const struct parse_data *data,
-				    struct wpa_ssid *ssid, int line,
-				    const char *value)
-{
-	size_t len;
-
-	len = os_strlen(value);
-	if (len > 2 * MACSEC_CAK_MAX_LEN ||
-	    (len != 2 * 16 && len != 2 * 32) ||
-	    hexstr2bin(value, ssid->mka_cak, len / 2)) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CAK '%s'.",
-			   line, value);
-		return -1;
-	}
-	ssid->mka_cak_len = len / 2;
-	ssid->mka_psk_set |= MKA_PSK_SET_CAK;
-
-	wpa_hexdump_key(MSG_MSGDUMP, "MKA-CAK", ssid->mka_cak,
-			ssid->mka_cak_len);
-	return 0;
-}
-
-
-static int wpa_config_parse_mka_ckn(const struct parse_data *data,
-				    struct wpa_ssid *ssid, int line,
-				    const char *value)
-{
-	size_t len;
-
-	len = os_strlen(value);
-	if (len > 2 * MACSEC_CKN_MAX_LEN || /* too long */
-	    len < 2 || /* too short */
-	    len % 2 != 0 /* not an integral number of bytes */) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
-			   line, value);
-		return -1;
-	}
-	ssid->mka_ckn_len = len / 2;
-	if (hexstr2bin(value, ssid->mka_ckn, ssid->mka_ckn_len)) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
-			   line, value);
-		return -1;
-	}
-
-	ssid->mka_psk_set |= MKA_PSK_SET_CKN;
-
-	wpa_hexdump_key(MSG_MSGDUMP, "MKA-CKN", ssid->mka_ckn,
-			ssid->mka_ckn_len);
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-
-static char * wpa_config_write_mka_cak(const struct parse_data *data,
-				       struct wpa_ssid *ssid)
-{
-	if (!(ssid->mka_psk_set & MKA_PSK_SET_CAK))
-		return NULL;
-
-	return wpa_config_write_string_hex(ssid->mka_cak, ssid->mka_cak_len);
-}
-
-
-static char * wpa_config_write_mka_ckn(const struct parse_data *data,
-				       struct wpa_ssid *ssid)
-{
-	if (!(ssid->mka_psk_set & MKA_PSK_SET_CKN))
-		return NULL;
-	return wpa_config_write_string_hex(ssid->mka_ckn, ssid->mka_ckn_len);
-}
-
-#endif /* NO_CONFIG_WRITE */
-
-#endif /* CONFIG_MACSEC */
-
-
-#ifdef CONFIG_OCV
-
-static int wpa_config_parse_ocv(const struct parse_data *data,
-				struct wpa_ssid *ssid, int line,
-				const char *value)
-{
-	char *end;
-
-	ssid->ocv = strtol(value, &end, 0);
-	if (*end || ssid->ocv < 0 || ssid->ocv > 1) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid ocv value '%s'.",
-			   line, value);
-		return -1;
-	}
-	if (ssid->ocv && ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION)
-		ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_ocv(const struct parse_data *data,
-				   struct wpa_ssid *ssid)
-{
-	char *value = os_malloc(20);
-
-	if (!value)
-		return NULL;
-	os_snprintf(value, 20, "%d", ssid->ocv);
-	value[20 - 1] = '\0';
-	return value;
-}
-#endif /* NO_CONFIG_WRITE */
-
-#endif /* CONFIG_OCV */
-
-
-static int wpa_config_parse_peerkey(const struct parse_data *data,
-				    struct wpa_ssid *ssid, int line,
-				    const char *value)
-{
-	wpa_printf(MSG_INFO, "NOTE: Obsolete peerkey parameter ignored");
-	return 0;
-}
-
-
-#ifndef NO_CONFIG_WRITE
-static char * wpa_config_write_peerkey(const struct parse_data *data,
-				       struct wpa_ssid *ssid)
-{
-	return NULL;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-/* Helper macros for network block parser */
-
-#ifdef OFFSET
-#undef OFFSET
-#endif /* OFFSET */
-/* OFFSET: Get offset of a variable within the wpa_ssid structure */
-#define OFFSET(v) ((void *) &((struct wpa_ssid *) 0)->v)
-
-/* STR: Define a string variable for an ASCII string; f = field name */
-#ifdef NO_CONFIG_WRITE
-#define _STR(f) #f, wpa_config_parse_str, OFFSET(f)
-#define _STRe(f, m) #f, wpa_config_parse_str, OFFSET(eap.m)
-#else /* NO_CONFIG_WRITE */
-#define _STR(f) #f, wpa_config_parse_str, wpa_config_write_str, OFFSET(f)
-#define _STRe(f, m) #f, wpa_config_parse_str, wpa_config_write_str, \
-		OFFSET(eap.m)
-#endif /* NO_CONFIG_WRITE */
-#define STR(f) _STR(f), NULL, NULL, NULL, 0
-#define STRe(f, m) _STRe(f, m), NULL, NULL, NULL, 0
-#define STR_KEY(f) _STR(f), NULL, NULL, NULL, 1
-#define STR_KEYe(f, m) _STRe(f, m), NULL, NULL, NULL, 1
-
-/* STR_LEN: Define a string variable with a separate variable for storing the
- * data length. Unlike STR(), this can be used to store arbitrary binary data
- * (i.e., even nul termination character). */
-#define _STR_LEN(f) _STR(f), OFFSET(f ## _len)
-#define _STR_LENe(f, m) _STRe(f, m), OFFSET(eap.m ## _len)
-#define STR_LEN(f) _STR_LEN(f), NULL, NULL, 0
-#define STR_LENe(f, m) _STR_LENe(f, m), NULL, NULL, 0
-#define STR_LEN_KEY(f) _STR_LEN(f), NULL, NULL, 1
-
-/* STR_RANGE: Like STR_LEN(), but with minimum and maximum allowed length
- * explicitly specified. */
-#define _STR_RANGE(f, min, max) _STR_LEN(f), (void *) (min), (void *) (max)
-#define STR_RANGE(f, min, max) _STR_RANGE(f, min, max), 0
-#define STR_RANGE_KEY(f, min, max) _STR_RANGE(f, min, max), 1
-
-#ifdef NO_CONFIG_WRITE
-#define _INT(f) #f, wpa_config_parse_int, OFFSET(f), (void *) 0
-#define _INTe(f, m) #f, wpa_config_parse_int, OFFSET(eap.m), (void *) 0
-#else /* NO_CONFIG_WRITE */
-#define _INT(f) #f, wpa_config_parse_int, wpa_config_write_int, \
-	OFFSET(f), (void *) 0
-#define _INTe(f, m) #f, wpa_config_parse_int, wpa_config_write_int,	\
-	OFFSET(eap.m), (void *) 0
-#endif /* NO_CONFIG_WRITE */
-
-/* INT: Define an integer variable */
-#define INT(f) _INT(f), NULL, NULL, 0
-#define INTe(f, m) _INTe(f, m), NULL, NULL, 0
-
-/* INT_RANGE: Define an integer variable with allowed value range */
-#define INT_RANGE(f, min, max) _INT(f), (void *) (min), (void *) (max), 0
-
-/* FUNC: Define a configuration variable that uses a custom function for
- * parsing and writing the value. */
-#ifdef NO_CONFIG_WRITE
-#define _FUNC(f) #f, wpa_config_parse_ ## f, NULL, NULL, NULL, NULL
-#else /* NO_CONFIG_WRITE */
-#define _FUNC(f) #f, wpa_config_parse_ ## f, wpa_config_write_ ## f, \
-	NULL, NULL, NULL, NULL
-#endif /* NO_CONFIG_WRITE */
-#define FUNC(f) _FUNC(f), 0
-#define FUNC_KEY(f) _FUNC(f), 1
-
-/*
- * Table of network configuration variables. This table is used to parse each
- * network configuration variable, e.g., each line in wpa_supplicant.conf file
- * that is inside a network block.
- *
- * This table is generated using the helper macros defined above and with
- * generous help from the C pre-processor. The field name is stored as a string
- * into .name and for STR and INT types, the offset of the target buffer within
- * struct wpa_ssid is stored in .param1. .param2 (if not NULL) is similar
- * offset to the field containing the length of the configuration variable.
- * .param3 and .param4 can be used to mark the allowed range (length for STR
- * and value for INT).
- *
- * For each configuration line in wpa_supplicant.conf, the parser goes through
- * this table and select the entry that matches with the field name. The parser
- * function (.parser) is then called to parse the actual value of the field.
- *
- * This kind of mechanism makes it easy to add new configuration parameters,
- * since only one line needs to be added into this table and into the
- * struct wpa_ssid definition if the new variable is either a string or
- * integer. More complex types will need to use their own parser and writer
- * functions.
- */
-static const struct parse_data ssid_fields[] = {
-	{ STR_RANGE(ssid, 0, SSID_MAX_LEN) },
-	{ INT_RANGE(scan_ssid, 0, 1) },
-	{ FUNC(bssid) },
-	{ FUNC(bssid_hint) },
-	{ FUNC(bssid_ignore) },
-	{ FUNC(bssid_accept) },
-	{ FUNC(bssid_blacklist) }, /* deprecated alias for bssid_ignore */
-	{ FUNC(bssid_whitelist) }, /* deprecated alias for bssid_accept */
-	{ FUNC_KEY(psk) },
-	{ INT(mem_only_psk) },
-	{ STR_KEY(sae_password) },
-	{ STR(sae_password_id) },
-	{ FUNC(proto) },
-	{ FUNC(key_mgmt) },
-	{ INT(bg_scan_period) },
-	{ FUNC(pairwise) },
-	{ FUNC(group) },
-	{ FUNC(group_mgmt) },
-	{ FUNC(auth_alg) },
-	{ FUNC(scan_freq) },
-	{ FUNC(freq_list) },
-	{ INT_RANGE(ht, 0, 1) },
-	{ INT_RANGE(vht, 0, 1) },
-	{ INT_RANGE(ht40, -1, 1) },
-	{ INT_RANGE(max_oper_chwidth, CHANWIDTH_USE_HT,
-		    CHANWIDTH_80P80MHZ) },
-	{ INT(vht_center_freq1) },
-	{ INT(vht_center_freq2) },
-#ifdef IEEE8021X_EAPOL
-	{ FUNC(eap) },
-	{ STR_LENe(identity, identity) },
-	{ STR_LENe(anonymous_identity, anonymous_identity) },
-	{ STR_LENe(imsi_identity, imsi_identity) },
-	{ STR_LENe(machine_identity, machine_identity) },
-	{ FUNC_KEY(password) },
-	{ FUNC_KEY(machine_password) },
-	{ STRe(ca_cert, cert.ca_cert) },
-	{ STRe(ca_path, cert.ca_path) },
-	{ STRe(client_cert, cert.client_cert) },
-	{ STRe(private_key, cert.private_key) },
-	{ STR_KEYe(private_key_passwd, cert.private_key_passwd) },
-	{ STRe(dh_file, cert.dh_file) },
-	{ STRe(subject_match, cert.subject_match) },
-	{ STRe(check_cert_subject, cert.check_cert_subject) },
-	{ STRe(altsubject_match, cert.altsubject_match) },
-	{ STRe(domain_suffix_match, cert.domain_suffix_match) },
-	{ STRe(domain_match, cert.domain_match) },
-	{ STRe(ca_cert2, phase2_cert.ca_cert) },
-	{ STRe(ca_path2, phase2_cert.ca_path) },
-	{ STRe(client_cert2, phase2_cert.client_cert) },
-	{ STRe(private_key2, phase2_cert.private_key) },
-	{ STR_KEYe(private_key2_passwd, phase2_cert.private_key_passwd) },
-	{ STRe(dh_file2, phase2_cert.dh_file) },
-	{ STRe(subject_match2, phase2_cert.subject_match) },
-	{ STRe(check_cert_subject2, phase2_cert.check_cert_subject) },
-	{ STRe(altsubject_match2, phase2_cert.altsubject_match) },
-	{ STRe(domain_suffix_match2, phase2_cert.domain_suffix_match) },
-	{ STRe(domain_match2, phase2_cert.domain_match) },
-	{ STRe(phase1, phase1) },
-	{ STRe(phase2, phase2) },
-	{ STRe(machine_phase2, machine_phase2) },
-	{ STRe(pcsc, pcsc) },
-	{ STR_KEYe(pin, cert.pin) },
-	{ STRe(engine_id, cert.engine_id) },
-	{ STRe(key_id, cert.key_id) },
-	{ STRe(cert_id, cert.cert_id) },
-	{ STRe(ca_cert_id, cert.ca_cert_id) },
-	{ STR_KEYe(pin2, phase2_cert.pin) },
-	{ STRe(engine_id2, phase2_cert.engine_id) },
-	{ STRe(key_id2, phase2_cert.key_id) },
-	{ STRe(cert_id2, phase2_cert.cert_id) },
-	{ STRe(ca_cert_id2, phase2_cert.ca_cert_id) },
-	{ INTe(engine, cert.engine) },
-	{ INTe(engine2, phase2_cert.engine) },
-	{ STRe(machine_ca_cert, machine_cert.ca_cert) },
-	{ STRe(machine_ca_path, machine_cert.ca_path) },
-	{ STRe(machine_client_cert, machine_cert.client_cert) },
-	{ STRe(machine_private_key, machine_cert.private_key) },
-	{ STR_KEYe(machine_private_key_passwd,
-		   machine_cert.private_key_passwd) },
-	{ STRe(machine_dh_file, machine_cert.dh_file) },
-	{ STRe(machine_subject_match, machine_cert.subject_match) },
-	{ STRe(machine_check_cert_subject, machine_cert.check_cert_subject) },
-	{ STRe(machine_altsubject_match, machine_cert.altsubject_match) },
-	{ STRe(machine_domain_suffix_match,
-	       machine_cert.domain_suffix_match) },
-	{ STRe(machine_domain_match, machine_cert.domain_match) },
-	{ STR_KEYe(machine_pin, machine_cert.pin) },
-	{ STRe(machine_engine_id, machine_cert.engine_id) },
-	{ STRe(machine_key_id, machine_cert.key_id) },
-	{ STRe(machine_cert_id, machine_cert.cert_id) },
-	{ STRe(machine_ca_cert_id, machine_cert.ca_cert_id) },
-	{ INTe(machine_engine, machine_cert.engine) },
-	{ INTe(machine_ocsp, machine_cert.ocsp) },
-	{ INT(eapol_flags) },
-	{ INTe(sim_num, sim_num) },
-	{ STRe(openssl_ciphers, openssl_ciphers) },
-	{ INTe(erp, erp) },
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_WEP
-	{ FUNC_KEY(wep_key0) },
-	{ FUNC_KEY(wep_key1) },
-	{ FUNC_KEY(wep_key2) },
-	{ FUNC_KEY(wep_key3) },
-	{ INT(wep_tx_keyidx) },
-#endif /* CONFIG_WEP */
-	{ INT(priority) },
-#ifdef IEEE8021X_EAPOL
-	{ INT(eap_workaround) },
-	{ STRe(pac_file, pac_file) },
-	{ INTe(fragment_size, fragment_size) },
-	{ INTe(ocsp, cert.ocsp) },
-	{ INTe(ocsp2, phase2_cert.ocsp) },
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_MESH
-	{ INT_RANGE(mode, 0, 5) },
-	{ INT_RANGE(no_auto_peer, 0, 1) },
-	{ INT_RANGE(mesh_fwding, 0, 1) },
-	{ INT_RANGE(mesh_rssi_threshold, -255, 1) },
-#else /* CONFIG_MESH */
-	{ INT_RANGE(mode, 0, 4) },
-#endif /* CONFIG_MESH */
-	{ INT_RANGE(proactive_key_caching, 0, 1) },
-	{ INT_RANGE(disabled, 0, 2) },
-	{ STR(id_str) },
-	{ INT_RANGE(ieee80211w, 0, 2) },
-#ifdef CONFIG_OCV
-	{ FUNC(ocv) },
-#endif /* CONFIG_OCV */
-	{ FUNC(peerkey) /* obsolete - removed */ },
-	{ INT_RANGE(mixed_cell, 0, 1) },
-	{ INT_RANGE(frequency, 0, 70200) },
-	{ INT_RANGE(fixed_freq, 0, 1) },
-	{ INT_RANGE(enable_edmg, 0, 1) },
-	{ INT_RANGE(edmg_channel, 9, 13) },
-#ifdef CONFIG_ACS
-	{ INT_RANGE(acs, 0, 1) },
-#endif /* CONFIG_ACS */
-#ifdef CONFIG_MESH
-	{ FUNC(mesh_basic_rates) },
-	{ INT(dot11MeshMaxRetries) },
-	{ INT(dot11MeshRetryTimeout) },
-	{ INT(dot11MeshConfirmTimeout) },
-	{ INT(dot11MeshHoldingTimeout) },
-#endif /* CONFIG_MESH */
-	{ INT(wpa_ptk_rekey) },
-	{ INT_RANGE(wpa_deny_ptk0_rekey, 0, 2) },
-	{ INT(group_rekey) },
-	{ STR(bgscan) },
-	{ INT_RANGE(ignore_broadcast_ssid, 0, 2) },
-#ifdef CONFIG_P2P
-	{ FUNC(go_p2p_dev_addr) },
-	{ FUNC(p2p_client_list) },
-	{ FUNC(psk_list) },
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_HT_OVERRIDES
-	{ INT_RANGE(disable_ht, 0, 1) },
-	{ INT_RANGE(disable_ht40, -1, 1) },
-	{ INT_RANGE(disable_sgi, 0, 1) },
-	{ INT_RANGE(disable_ldpc, 0, 1) },
-	{ INT_RANGE(ht40_intolerant, 0, 1) },
-	{ INT_RANGE(tx_stbc, -1, 1) },
-	{ INT_RANGE(rx_stbc, -1, 3) },
-	{ INT_RANGE(disable_max_amsdu, -1, 1) },
-	{ INT_RANGE(ampdu_factor, -1, 3) },
-	{ INT_RANGE(ampdu_density, -1, 7) },
-	{ STR(ht_mcs) },
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	{ INT_RANGE(disable_vht, 0, 1) },
-	{ INT(vht_capa) },
-	{ INT(vht_capa_mask) },
-	{ INT_RANGE(vht_rx_mcs_nss_1, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_2, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_3, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_4, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_5, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_6, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_7, -1, 3) },
-	{ INT_RANGE(vht_rx_mcs_nss_8, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_1, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_2, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_3, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_4, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_5, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_6, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_7, -1, 3) },
-	{ INT_RANGE(vht_tx_mcs_nss_8, -1, 3) },
-#endif /* CONFIG_VHT_OVERRIDES */
-#ifdef CONFIG_HE_OVERRIDES
-	{ INT_RANGE(disable_he, 0, 1)},
-#endif /* CONFIG_HE_OVERRIDES */
-	{ INT(ap_max_inactivity) },
-	{ INT(dtim_period) },
-	{ INT(beacon_int) },
-#ifdef CONFIG_MACSEC
-	{ INT_RANGE(macsec_policy, 0, 1) },
-	{ INT_RANGE(macsec_integ_only, 0, 1) },
-	{ INT_RANGE(macsec_replay_protect, 0, 1) },
-	{ INT(macsec_replay_window) },
-	{ INT_RANGE(macsec_port, 1, 65534) },
-	{ INT_RANGE(mka_priority, 0, 255) },
-	{ FUNC_KEY(mka_cak) },
-	{ FUNC_KEY(mka_ckn) },
-#endif /* CONFIG_MACSEC */
-#ifdef CONFIG_HS20
-	{ INT(update_identifier) },
-	{ STR_RANGE(roaming_consortium_selection, 0, MAX_ROAMING_CONS_OI_LEN) },
-#endif /* CONFIG_HS20 */
-	{ INT_RANGE(mac_addr, 0, 2) },
-	{ INT_RANGE(pbss, 0, 2) },
-	{ INT_RANGE(wps_disabled, 0, 1) },
-	{ INT_RANGE(fils_dh_group, 0, 65535) },
-#ifdef CONFIG_DPP
-	{ STR(dpp_connector) },
-	{ STR_LEN(dpp_netaccesskey) },
-	{ INT(dpp_netaccesskey_expiry) },
-	{ STR_LEN(dpp_csign) },
-	{ STR_LEN(dpp_pp_key) },
-	{ INT_RANGE(dpp_pfs, 0, 2) },
-#endif /* CONFIG_DPP */
-	{ INT_RANGE(owe_group, 0, 65535) },
-	{ INT_RANGE(owe_only, 0, 1) },
-	{ INT_RANGE(owe_ptk_workaround, 0, 1) },
-	{ INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
-	{ INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
-	{ INT_RANGE(beacon_prot, 0, 1) },
-	{ INT_RANGE(transition_disable, 0, 255) },
-	{ INT_RANGE(sae_pk, 0, 2) },
-};
-
-#undef OFFSET
-#undef _STR
-#undef STR
-#undef STR_KEY
-#undef _STR_LEN
-#undef STR_LEN
-#undef STR_LEN_KEY
-#undef _STR_RANGE
-#undef STR_RANGE
-#undef STR_RANGE_KEY
-#undef _INT
-#undef INT
-#undef INT_RANGE
-#undef _FUNC
-#undef FUNC
-#undef FUNC_KEY
-#define NUM_SSID_FIELDS ARRAY_SIZE(ssid_fields)
-
-
-/**
- * wpa_config_add_prio_network - Add a network to priority lists
- * @config: Configuration data from wpa_config_read()
- * @ssid: Pointer to the network configuration to be added to the list
- * Returns: 0 on success, -1 on failure
- *
- * This function is used to add a network block to the priority list of
- * networks. This must be called for each network when reading in the full
- * configuration. In addition, this can be used indirectly when updating
- * priorities by calling wpa_config_update_prio_list().
- */
-int wpa_config_add_prio_network(struct wpa_config *config,
-				struct wpa_ssid *ssid)
-{
-	size_t prio;
-	struct wpa_ssid *prev, **nlist;
-
-	/*
-	 * Add to an existing priority list if one is available for the
-	 * configured priority level for this network.
-	 */
-	for (prio = 0; prio < config->num_prio; prio++) {
-		prev = config->pssid[prio];
-		if (prev->priority == ssid->priority) {
-			while (prev->pnext)
-				prev = prev->pnext;
-			prev->pnext = ssid;
-			return 0;
-		}
-	}
-
-	/* First network for this priority - add a new priority list */
-	nlist = os_realloc_array(config->pssid, config->num_prio + 1,
-				 sizeof(struct wpa_ssid *));
-	if (nlist == NULL)
-		return -1;
-
-	for (prio = 0; prio < config->num_prio; prio++) {
-		if (nlist[prio]->priority < ssid->priority) {
-			os_memmove(&nlist[prio + 1], &nlist[prio],
-				   (config->num_prio - prio) *
-				   sizeof(struct wpa_ssid *));
-			break;
-		}
-	}
-
-	nlist[prio] = ssid;
-	config->num_prio++;
-	config->pssid = nlist;
-
-	return 0;
-}
-
-
-/**
- * wpa_config_update_prio_list - Update network priority list
- * @config: Configuration data from wpa_config_read()
- * Returns: 0 on success, -1 on failure
- *
- * This function is called to update the priority list of networks in the
- * configuration when a network is being added or removed. This is also called
- * if a priority for a network is changed.
- */
-int wpa_config_update_prio_list(struct wpa_config *config)
-{
-	struct wpa_ssid *ssid;
-	int ret = 0;
-
-	os_free(config->pssid);
-	config->pssid = NULL;
-	config->num_prio = 0;
-
-	ssid = config->ssid;
-	while (ssid) {
-		ssid->pnext = NULL;
-		if (wpa_config_add_prio_network(config, ssid) < 0)
-			ret = -1;
-		ssid = ssid->next;
-	}
-
-	return ret;
-}
-
-
-#ifdef IEEE8021X_EAPOL
-
-static void eap_peer_config_free_cert(struct eap_peer_cert_config *cert)
-{
-	os_free(cert->ca_cert);
-	os_free(cert->ca_path);
-	os_free(cert->client_cert);
-	os_free(cert->private_key);
-	str_clear_free(cert->private_key_passwd);
-	os_free(cert->dh_file);
-	os_free(cert->subject_match);
-	os_free(cert->check_cert_subject);
-	os_free(cert->altsubject_match);
-	os_free(cert->domain_suffix_match);
-	os_free(cert->domain_match);
-	str_clear_free(cert->pin);
-	os_free(cert->engine_id);
-	os_free(cert->key_id);
-	os_free(cert->cert_id);
-	os_free(cert->ca_cert_id);
-}
-
-
-static void eap_peer_config_free(struct eap_peer_config *eap)
-{
-	os_free(eap->eap_methods);
-	bin_clear_free(eap->identity, eap->identity_len);
-	os_free(eap->anonymous_identity);
-	os_free(eap->imsi_identity);
-	os_free(eap->machine_identity);
-	bin_clear_free(eap->password, eap->password_len);
-	bin_clear_free(eap->machine_password, eap->machine_password_len);
-	eap_peer_config_free_cert(&eap->cert);
-	eap_peer_config_free_cert(&eap->phase2_cert);
-	eap_peer_config_free_cert(&eap->machine_cert);
-	os_free(eap->phase1);
-	os_free(eap->phase2);
-	os_free(eap->machine_phase2);
-	os_free(eap->pcsc);
-	os_free(eap->otp);
-	os_free(eap->pending_req_otp);
-	os_free(eap->pac_file);
-	bin_clear_free(eap->new_password, eap->new_password_len);
-	str_clear_free(eap->external_sim_resp);
-	os_free(eap->openssl_ciphers);
-}
-
-#endif /* IEEE8021X_EAPOL */
-
-
-/**
- * wpa_config_free_ssid - Free network/ssid configuration data
- * @ssid: Configuration data for the network
- *
- * This function frees all resources allocated for the network configuration
- * data.
- */
-void wpa_config_free_ssid(struct wpa_ssid *ssid)
-{
-	struct psk_list_entry *psk;
-
-	os_free(ssid->ssid);
-	str_clear_free(ssid->passphrase);
-	os_free(ssid->ext_psk);
-	str_clear_free(ssid->sae_password);
-	os_free(ssid->sae_password_id);
-#ifdef IEEE8021X_EAPOL
-	eap_peer_config_free(&ssid->eap);
-#endif /* IEEE8021X_EAPOL */
-	os_free(ssid->id_str);
-	os_free(ssid->scan_freq);
-	os_free(ssid->freq_list);
-	os_free(ssid->bgscan);
-	os_free(ssid->p2p_client_list);
-	os_free(ssid->bssid_ignore);
-	os_free(ssid->bssid_accept);
-#ifdef CONFIG_HT_OVERRIDES
-	os_free(ssid->ht_mcs);
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_MESH
-	os_free(ssid->mesh_basic_rates);
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_HS20
-	os_free(ssid->roaming_consortium_selection);
-#endif /* CONFIG_HS20 */
-	os_free(ssid->dpp_connector);
-	bin_clear_free(ssid->dpp_netaccesskey, ssid->dpp_netaccesskey_len);
-	os_free(ssid->dpp_csign);
-	os_free(ssid->dpp_pp_key);
-	while ((psk = dl_list_first(&ssid->psk_list, struct psk_list_entry,
-				    list))) {
-		dl_list_del(&psk->list);
-		bin_clear_free(psk, sizeof(*psk));
-	}
-#ifdef CONFIG_SAE
-	sae_deinit_pt(ssid->pt);
-#endif /* CONFIG_SAE */
-	bin_clear_free(ssid, sizeof(*ssid));
-}
-
-
-void wpa_config_free_cred(struct wpa_cred *cred)
-{
-	size_t i;
-
-	os_free(cred->realm);
-	str_clear_free(cred->username);
-	str_clear_free(cred->password);
-	os_free(cred->ca_cert);
-	os_free(cred->client_cert);
-	os_free(cred->private_key);
-	str_clear_free(cred->private_key_passwd);
-	os_free(cred->engine_id);
-	os_free(cred->ca_cert_id);
-	os_free(cred->cert_id);
-	os_free(cred->key_id);
-	os_free(cred->imsi);
-	str_clear_free(cred->milenage);
-	for (i = 0; i < cred->num_domain; i++)
-		os_free(cred->domain[i]);
-	os_free(cred->domain);
-	os_free(cred->domain_suffix_match);
-	os_free(cred->eap_method);
-	os_free(cred->phase1);
-	os_free(cred->phase2);
-	os_free(cred->excluded_ssid);
-	os_free(cred->roaming_partner);
-	os_free(cred->provisioning_sp);
-	for (i = 0; i < cred->num_req_conn_capab; i++)
-		os_free(cred->req_conn_capab_port[i]);
-	os_free(cred->req_conn_capab_port);
-	os_free(cred->req_conn_capab_proto);
-	os_free(cred);
-}
-
-
-void wpa_config_flush_blobs(struct wpa_config *config)
-{
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	struct wpa_config_blob *blob, *prev;
-
-	blob = config->blobs;
-	config->blobs = NULL;
-	while (blob) {
-		prev = blob;
-		blob = blob->next;
-		wpa_config_free_blob(prev);
-	}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-}
-
-
-/**
- * wpa_config_free - Free configuration data
- * @config: Configuration data from wpa_config_read()
- *
- * This function frees all resources allocated for the configuration data by
- * wpa_config_read().
- */
-void wpa_config_free(struct wpa_config *config)
-{
-	struct wpa_ssid *ssid, *prev = NULL;
-	struct wpa_cred *cred, *cprev;
-	int i;
-
-	ssid = config->ssid;
-	while (ssid) {
-		prev = ssid;
-		ssid = ssid->next;
-		wpa_config_free_ssid(prev);
-	}
-
-	cred = config->cred;
-	while (cred) {
-		cprev = cred;
-		cred = cred->next;
-		wpa_config_free_cred(cprev);
-	}
-
-	wpa_config_flush_blobs(config);
-
-	wpabuf_free(config->wps_vendor_ext_m1);
-	for (i = 0; i < MAX_WPS_VENDOR_EXT; i++)
-		wpabuf_free(config->wps_vendor_ext[i]);
-	os_free(config->ctrl_interface);
-	os_free(config->ctrl_interface_group);
-	os_free(config->opensc_engine_path);
-	os_free(config->pkcs11_engine_path);
-	os_free(config->pkcs11_module_path);
-	os_free(config->openssl_ciphers);
-	os_free(config->pcsc_reader);
-	str_clear_free(config->pcsc_pin);
-	os_free(config->driver_param);
-	os_free(config->device_name);
-	os_free(config->manufacturer);
-	os_free(config->model_name);
-	os_free(config->model_number);
-	os_free(config->serial_number);
-	os_free(config->config_methods);
-	os_free(config->p2p_ssid_postfix);
-	os_free(config->pssid);
-	os_free(config->p2p_pref_chan);
-	os_free(config->p2p_no_go_freq.range);
-	os_free(config->autoscan);
-	os_free(config->freq_list);
-	os_free(config->initial_freq_list);
-	wpabuf_free(config->wps_nfc_dh_pubkey);
-	wpabuf_free(config->wps_nfc_dh_privkey);
-	wpabuf_free(config->wps_nfc_dev_pw);
-	os_free(config->ext_password_backend);
-	os_free(config->sae_groups);
-	wpabuf_free(config->ap_vendor_elements);
-	wpabuf_free(config->ap_assocresp_elements);
-	os_free(config->osu_dir);
-	os_free(config->bgscan);
-	os_free(config->wowlan_triggers);
-	os_free(config->fst_group_id);
-	os_free(config->sched_scan_plans);
-#ifdef CONFIG_MBO
-	os_free(config->non_pref_chan);
-#endif /* CONFIG_MBO */
-	os_free(config->dpp_name);
-	os_free(config->dpp_mud_url);
-
-	os_free(config);
-}
-
-
-/**
- * wpa_config_foreach_network - Iterate over each configured network
- * @config: Configuration data from wpa_config_read()
- * @func: Callback function to process each network
- * @arg: Opaque argument to pass to callback function
- *
- * Iterate over the set of configured networks calling the specified
- * function for each item. We guard against callbacks removing the
- * supplied network.
- */
-void wpa_config_foreach_network(struct wpa_config *config,
-				void (*func)(void *, struct wpa_ssid *),
-				void *arg)
-{
-	struct wpa_ssid *ssid, *next;
-
-	ssid = config->ssid;
-	while (ssid) {
-		next = ssid->next;
-		func(arg, ssid);
-		ssid = next;
-	}
-}
-
-
-/**
- * wpa_config_get_network - Get configured network based on id
- * @config: Configuration data from wpa_config_read()
- * @id: Unique network id to search for
- * Returns: Network configuration or %NULL if not found
- */
-struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id)
-{
-	struct wpa_ssid *ssid;
-
-	ssid = config->ssid;
-	while (ssid) {
-		if (id == ssid->id)
-			break;
-		ssid = ssid->next;
-	}
-
-	return ssid;
-}
-
-
-/**
- * wpa_config_add_network - Add a new network with empty configuration
- * @config: Configuration data from wpa_config_read()
- * Returns: The new network configuration or %NULL if operation failed
- */
-struct wpa_ssid * wpa_config_add_network(struct wpa_config *config)
-{
-	int id;
-	struct wpa_ssid *ssid, *last = NULL;
-
-	id = -1;
-	ssid = config->ssid;
-	while (ssid) {
-		if (ssid->id > id)
-			id = ssid->id;
-		last = ssid;
-		ssid = ssid->next;
-	}
-	id++;
-
-	ssid = os_zalloc(sizeof(*ssid));
-	if (ssid == NULL)
-		return NULL;
-	ssid->id = id;
-	dl_list_init(&ssid->psk_list);
-	if (last)
-		last->next = ssid;
-	else
-		config->ssid = ssid;
-
-	wpa_config_update_prio_list(config);
-
-	return ssid;
-}
-
-
-/**
- * wpa_config_remove_network - Remove a configured network based on id
- * @config: Configuration data from wpa_config_read()
- * @id: Unique network id to search for
- * Returns: 0 on success, or -1 if the network was not found
- */
-int wpa_config_remove_network(struct wpa_config *config, int id)
-{
-	struct wpa_ssid *ssid, *prev = NULL;
-
-	ssid = config->ssid;
-	while (ssid) {
-		if (id == ssid->id)
-			break;
-		prev = ssid;
-		ssid = ssid->next;
-	}
-
-	if (ssid == NULL)
-		return -1;
-
-	if (prev)
-		prev->next = ssid->next;
-	else
-		config->ssid = ssid->next;
-
-	wpa_config_update_prio_list(config);
-	wpa_config_free_ssid(ssid);
-	return 0;
-}
-
-
-/**
- * wpa_config_set_network_defaults - Set network default values
- * @ssid: Pointer to network configuration data
- */
-void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
-{
-	ssid->proto = DEFAULT_PROTO;
-	ssid->pairwise_cipher = DEFAULT_PAIRWISE;
-	ssid->group_cipher = DEFAULT_GROUP;
-	ssid->key_mgmt = DEFAULT_KEY_MGMT;
-	ssid->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
-	ssid->bg_scan_period = DEFAULT_BG_SCAN_PERIOD;
-	ssid->ht = 1;
-	ssid->vht = 1;
-	ssid->he = 1;
-#ifdef IEEE8021X_EAPOL
-	ssid->eapol_flags = DEFAULT_EAPOL_FLAGS;
-	ssid->eap_workaround = DEFAULT_EAP_WORKAROUND;
-	ssid->eap.fragment_size = DEFAULT_FRAGMENT_SIZE;
-	ssid->eap.sim_num = DEFAULT_USER_SELECTED_SIM;
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_MESH
-	ssid->dot11MeshMaxRetries = DEFAULT_MESH_MAX_RETRIES;
-	ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT;
-	ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT;
-	ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT;
-	ssid->mesh_fwding = DEFAULT_MESH_FWDING;
-	ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD;
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_HT_OVERRIDES
-	ssid->disable_ht = DEFAULT_DISABLE_HT;
-	ssid->disable_ht40 = DEFAULT_DISABLE_HT40;
-	ssid->disable_sgi = DEFAULT_DISABLE_SGI;
-	ssid->disable_ldpc = DEFAULT_DISABLE_LDPC;
-	ssid->tx_stbc = DEFAULT_TX_STBC;
-	ssid->rx_stbc = DEFAULT_RX_STBC;
-	ssid->disable_max_amsdu = DEFAULT_DISABLE_MAX_AMSDU;
-	ssid->ampdu_factor = DEFAULT_AMPDU_FACTOR;
-	ssid->ampdu_density = DEFAULT_AMPDU_DENSITY;
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	ssid->vht_rx_mcs_nss_1 = -1;
-	ssid->vht_rx_mcs_nss_2 = -1;
-	ssid->vht_rx_mcs_nss_3 = -1;
-	ssid->vht_rx_mcs_nss_4 = -1;
-	ssid->vht_rx_mcs_nss_5 = -1;
-	ssid->vht_rx_mcs_nss_6 = -1;
-	ssid->vht_rx_mcs_nss_7 = -1;
-	ssid->vht_rx_mcs_nss_8 = -1;
-	ssid->vht_tx_mcs_nss_1 = -1;
-	ssid->vht_tx_mcs_nss_2 = -1;
-	ssid->vht_tx_mcs_nss_3 = -1;
-	ssid->vht_tx_mcs_nss_4 = -1;
-	ssid->vht_tx_mcs_nss_5 = -1;
-	ssid->vht_tx_mcs_nss_6 = -1;
-	ssid->vht_tx_mcs_nss_7 = -1;
-	ssid->vht_tx_mcs_nss_8 = -1;
-#endif /* CONFIG_VHT_OVERRIDES */
-	ssid->proactive_key_caching = -1;
-	ssid->ieee80211w = MGMT_FRAME_PROTECTION_DEFAULT;
-	ssid->sae_pwe = DEFAULT_SAE_PWE;
-#ifdef CONFIG_MACSEC
-	ssid->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
-#endif /* CONFIG_MACSEC */
-	ssid->mac_addr = -1;
-	ssid->max_oper_chwidth = DEFAULT_MAX_OPER_CHWIDTH;
-}
-
-
-/**
- * wpa_config_set - Set a variable in network configuration
- * @ssid: Pointer to network configuration data
- * @var: Variable name, e.g., "ssid"
- * @value: Variable value
- * @line: Line number in configuration file or 0 if not used
- * Returns: 0 on success with possible change in the value, 1 on success with
- * no change to previously configured value, or -1 on failure
- *
- * This function can be used to set network configuration variables based on
- * both the configuration file and management interface input. The value
- * parameter must be in the same format as the text-based configuration file is
- * using. For example, strings are using double quotation marks.
- */
-int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
-		   int line)
-{
-	size_t i;
-	int ret = 0;
-
-	if (ssid == NULL || var == NULL || value == NULL)
-		return -1;
-
-	for (i = 0; i < NUM_SSID_FIELDS; i++) {
-		const struct parse_data *field = &ssid_fields[i];
-		if (os_strcmp(var, field->name) != 0)
-			continue;
-
-		ret = field->parser(field, ssid, line, value);
-		if (ret < 0) {
-			if (line) {
-				wpa_printf(MSG_ERROR, "Line %d: failed to "
-					   "parse %s '%s'.", line, var, value);
-			}
-			ret = -1;
-		}
-#ifdef CONFIG_SAE
-		if (os_strcmp(var, "ssid") == 0 ||
-		    os_strcmp(var, "psk") == 0 ||
-		    os_strcmp(var, "sae_password") == 0 ||
-		    os_strcmp(var, "sae_password_id") == 0) {
-			sae_deinit_pt(ssid->pt);
-			ssid->pt = NULL;
-		}
-#endif /* CONFIG_SAE */
-		break;
-	}
-	if (i == NUM_SSID_FIELDS) {
-		if (line) {
-			wpa_printf(MSG_ERROR, "Line %d: unknown network field "
-				   "'%s'.", line, var);
-		}
-		ret = -1;
-	}
-	ssid->was_recently_reconfigured = true;
-
-	return ret;
-}
-
-
-int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var,
-			  const char *value)
-{
-	size_t len;
-	char *buf;
-	int ret;
-
-	len = os_strlen(value);
-	buf = os_malloc(len + 3);
-	if (buf == NULL)
-		return -1;
-	buf[0] = '"';
-	os_memcpy(buf + 1, value, len);
-	buf[len + 1] = '"';
-	buf[len + 2] = '\0';
-	ret = wpa_config_set(ssid, var, buf, 0);
-	os_free(buf);
-	return ret;
-}
-
-
-/**
- * wpa_config_get_all - Get all options from network configuration
- * @ssid: Pointer to network configuration data
- * @get_keys: Determines if keys/passwords will be included in returned list
- *	(if they may be exported)
- * Returns: %NULL terminated list of all set keys and their values in the form
- * of [key1, val1, key2, val2, ... , NULL]
- *
- * This function can be used to get list of all configured network properties.
- * The caller is responsible for freeing the returned list and all its
- * elements.
- */
-char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys)
-{
-#ifdef NO_CONFIG_WRITE
-	return NULL;
-#else /* NO_CONFIG_WRITE */
-	const struct parse_data *field;
-	char *key, *value;
-	size_t i;
-	char **props;
-	int fields_num;
-
-	get_keys = get_keys && ssid->export_keys;
-
-	props = os_calloc(2 * NUM_SSID_FIELDS + 1, sizeof(char *));
-	if (!props)
-		return NULL;
-
-	fields_num = 0;
-	for (i = 0; i < NUM_SSID_FIELDS; i++) {
-		field = &ssid_fields[i];
-		if (field->key_data && !get_keys)
-			continue;
-		value = field->writer(field, ssid);
-		if (value == NULL)
-			continue;
-		if (os_strlen(value) == 0) {
-			os_free(value);
-			continue;
-		}
-
-		key = os_strdup(field->name);
-		if (key == NULL) {
-			os_free(value);
-			goto err;
-		}
-
-		props[fields_num * 2] = key;
-		props[fields_num * 2 + 1] = value;
-
-		fields_num++;
-	}
-
-	return props;
-
-err:
-	for (i = 0; props[i]; i++)
-		os_free(props[i]);
-	os_free(props);
-	return NULL;
-#endif /* NO_CONFIG_WRITE */
-}
-
-
-#ifndef NO_CONFIG_WRITE
-/**
- * wpa_config_get - Get a variable in network configuration
- * @ssid: Pointer to network configuration data
- * @var: Variable name, e.g., "ssid"
- * Returns: Value of the variable or %NULL on failure
- *
- * This function can be used to get network configuration variables. The
- * returned value is a copy of the configuration variable in text format, i.e,.
- * the same format that the text-based configuration file and wpa_config_set()
- * are using for the value. The caller is responsible for freeing the returned
- * value.
- */
-char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
-{
-	size_t i;
-
-	if (ssid == NULL || var == NULL)
-		return NULL;
-
-	for (i = 0; i < NUM_SSID_FIELDS; i++) {
-		const struct parse_data *field = &ssid_fields[i];
-		if (os_strcmp(var, field->name) == 0) {
-			char *ret = field->writer(field, ssid);
-
-			if (ret && has_newline(ret)) {
-				wpa_printf(MSG_ERROR,
-					   "Found newline in value for %s; not returning it",
-					   var);
-				os_free(ret);
-				ret = NULL;
-			}
-
-			return ret;
-		}
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_config_get_no_key - Get a variable in network configuration (no keys)
- * @ssid: Pointer to network configuration data
- * @var: Variable name, e.g., "ssid"
- * Returns: Value of the variable or %NULL on failure
- *
- * This function can be used to get network configuration variable like
- * wpa_config_get(). The only difference is that this functions does not expose
- * key/password material from the configuration. In case a key/password field
- * is requested, the returned value is an empty string or %NULL if the variable
- * is not set or "*" if the variable is set (regardless of its value). The
- * returned value is a copy of the configuration variable in text format, i.e,.
- * the same format that the text-based configuration file and wpa_config_set()
- * are using for the value. The caller is responsible for freeing the returned
- * value.
- */
-char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var)
-{
-	size_t i;
-
-	if (ssid == NULL || var == NULL)
-		return NULL;
-
-	for (i = 0; i < NUM_SSID_FIELDS; i++) {
-		const struct parse_data *field = &ssid_fields[i];
-		if (os_strcmp(var, field->name) == 0) {
-			char *res = field->writer(field, ssid);
-			if (field->key_data) {
-				if (res && res[0]) {
-					wpa_printf(MSG_DEBUG, "Do not allow "
-						   "key_data field to be "
-						   "exposed");
-					str_clear_free(res);
-					return os_strdup("*");
-				}
-
-				os_free(res);
-				return NULL;
-			}
-			return res;
-		}
-	}
-
-	return NULL;
-}
-#endif /* NO_CONFIG_WRITE */
-
-
-/**
- * wpa_config_update_psk - Update WPA PSK based on passphrase and SSID
- * @ssid: Pointer to network configuration data
- *
- * This function must be called to update WPA PSK when either SSID or the
- * passphrase has changed for the network configuration.
- */
-void wpa_config_update_psk(struct wpa_ssid *ssid)
-{
-#ifndef CONFIG_NO_PBKDF2
-	pbkdf2_sha1(ssid->passphrase, ssid->ssid, ssid->ssid_len, 4096,
-		    ssid->psk, PMK_LEN);
-	wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
-			ssid->psk, PMK_LEN);
-	ssid->psk_set = 1;
-#endif /* CONFIG_NO_PBKDF2 */
-}
-
-
-static int wpa_config_set_cred_req_conn_capab(struct wpa_cred *cred,
-					      const char *value)
-{
-	u8 *proto;
-	int **port;
-	int *ports, *nports;
-	const char *pos;
-	unsigned int num_ports;
-
-	proto = os_realloc_array(cred->req_conn_capab_proto,
-				 cred->num_req_conn_capab + 1, sizeof(u8));
-	if (proto == NULL)
-		return -1;
-	cred->req_conn_capab_proto = proto;
-
-	port = os_realloc_array(cred->req_conn_capab_port,
-				cred->num_req_conn_capab + 1, sizeof(int *));
-	if (port == NULL)
-		return -1;
-	cred->req_conn_capab_port = port;
-
-	proto[cred->num_req_conn_capab] = atoi(value);
-
-	pos = os_strchr(value, ':');
-	if (pos == NULL) {
-		port[cred->num_req_conn_capab] = NULL;
-		cred->num_req_conn_capab++;
-		return 0;
-	}
-	pos++;
-
-	ports = NULL;
-	num_ports = 0;
-
-	while (*pos) {
-		nports = os_realloc_array(ports, num_ports + 1, sizeof(int));
-		if (nports == NULL) {
-			os_free(ports);
-			return -1;
-		}
-		ports = nports;
-		ports[num_ports++] = atoi(pos);
-
-		pos = os_strchr(pos, ',');
-		if (pos == NULL)
-			break;
-		pos++;
-	}
-
-	nports = os_realloc_array(ports, num_ports + 1, sizeof(int));
-	if (nports == NULL) {
-		os_free(ports);
-		return -1;
-	}
-	ports = nports;
-	ports[num_ports] = -1;
-
-	port[cred->num_req_conn_capab] = ports;
-	cred->num_req_conn_capab++;
-	return 0;
-}
-
-
-static int wpa_config_set_cred_roaming_consortiums(struct wpa_cred *cred,
-						   const char *value)
-{
-	u8 roaming_consortiums[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN];
-	size_t roaming_consortiums_len[MAX_ROAMING_CONS];
-	unsigned int num_roaming_consortiums = 0;
-	const char *pos, *end;
-	size_t len;
-
-	os_memset(roaming_consortiums, 0, sizeof(roaming_consortiums));
-	os_memset(roaming_consortiums_len, 0, sizeof(roaming_consortiums_len));
-
-	for (pos = value;;) {
-		end = os_strchr(pos, ',');
-		len = end ? (size_t) (end - pos) : os_strlen(pos);
-		if (!end && len == 0)
-			break;
-		if (len == 0 || (len & 1) != 0 ||
-		    len / 2 > MAX_ROAMING_CONS_OI_LEN ||
-		    hexstr2bin(pos,
-			       roaming_consortiums[num_roaming_consortiums],
-			       len / 2) < 0) {
-			wpa_printf(MSG_INFO,
-				   "Invalid roaming_consortiums entry: %s",
-				   pos);
-			return -1;
-		}
-		roaming_consortiums_len[num_roaming_consortiums] = len / 2;
-		num_roaming_consortiums++;
-
-		if (!end)
-			break;
-
-		if (num_roaming_consortiums >= MAX_ROAMING_CONS) {
-			wpa_printf(MSG_INFO,
-				   "Too many roaming_consortiums OIs");
-			return -1;
-		}
-
-		pos = end + 1;
-	}
-
-	os_memcpy(cred->roaming_consortiums, roaming_consortiums,
-		  sizeof(roaming_consortiums));
-	os_memcpy(cred->roaming_consortiums_len, roaming_consortiums_len,
-		  sizeof(roaming_consortiums_len));
-	cred->num_roaming_consortiums = num_roaming_consortiums;
-
-	return 0;
-}
-
-
-int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
-			const char *value, int line)
-{
-	char *val;
-	size_t len;
-	int res;
-
-	if (os_strcmp(var, "temporary") == 0) {
-		cred->temporary = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "priority") == 0) {
-		cred->priority = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "sp_priority") == 0) {
-		int prio = atoi(value);
-		if (prio < 0 || prio > 255)
-			return -1;
-		cred->sp_priority = prio;
-		return 0;
-	}
-
-	if (os_strcmp(var, "pcsc") == 0) {
-		cred->pcsc = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "eap") == 0) {
-		struct eap_method_type method;
-		method.method = eap_peer_get_type(value, &method.vendor);
-		if (method.vendor == EAP_VENDOR_IETF &&
-		    method.method == EAP_TYPE_NONE) {
-			wpa_printf(MSG_ERROR, "Line %d: unknown EAP type '%s' "
-				   "for a credential", line, value);
-			return -1;
-		}
-		os_free(cred->eap_method);
-		cred->eap_method = os_malloc(sizeof(*cred->eap_method));
-		if (cred->eap_method == NULL)
-			return -1;
-		os_memcpy(cred->eap_method, &method, sizeof(method));
-		return 0;
-	}
-
-	if (os_strcmp(var, "password") == 0 &&
-	    os_strncmp(value, "ext:", 4) == 0) {
-		if (has_newline(value))
-			return -1;
-		str_clear_free(cred->password);
-		cred->password = os_strdup(value);
-		cred->ext_password = 1;
-		return 0;
-	}
-
-	if (os_strcmp(var, "update_identifier") == 0) {
-		cred->update_identifier = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "min_dl_bandwidth_home") == 0) {
-		cred->min_dl_bandwidth_home = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "min_ul_bandwidth_home") == 0) {
-		cred->min_ul_bandwidth_home = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "min_dl_bandwidth_roaming") == 0) {
-		cred->min_dl_bandwidth_roaming = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "min_ul_bandwidth_roaming") == 0) {
-		cred->min_ul_bandwidth_roaming = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "max_bss_load") == 0) {
-		cred->max_bss_load = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "req_conn_capab") == 0)
-		return wpa_config_set_cred_req_conn_capab(cred, value);
-
-	if (os_strcmp(var, "ocsp") == 0) {
-		cred->ocsp = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "sim_num") == 0) {
-		cred->sim_num = atoi(value);
-		return 0;
-	}
-
-	if (os_strcmp(var, "engine") == 0) {
-		cred->engine = atoi(value);
-		return 0;
-	}
-
-	val = wpa_config_parse_string(value, &len);
-	if (val == NULL ||
-	    (os_strcmp(var, "excluded_ssid") != 0 &&
-	     os_strcmp(var, "roaming_consortium") != 0 &&
-	     os_strcmp(var, "required_roaming_consortium") != 0 &&
-	     has_newline(val))) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
-			   "value '%s'.", line, var, value);
-		os_free(val);
-		return -1;
-	}
-
-	if (os_strcmp(var, "realm") == 0) {
-		os_free(cred->realm);
-		cred->realm = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "username") == 0) {
-		str_clear_free(cred->username);
-		cred->username = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "password") == 0) {
-		str_clear_free(cred->password);
-		cred->password = val;
-		cred->ext_password = 0;
-		return 0;
-	}
-
-	if (os_strcmp(var, "ca_cert") == 0) {
-		os_free(cred->ca_cert);
-		cred->ca_cert = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "client_cert") == 0) {
-		os_free(cred->client_cert);
-		cred->client_cert = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "private_key") == 0) {
-		os_free(cred->private_key);
-		cred->private_key = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "private_key_passwd") == 0) {
-		str_clear_free(cred->private_key_passwd);
-		cred->private_key_passwd = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "engine_id") == 0) {
-		os_free(cred->engine_id);
-		cred->engine_id = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "ca_cert_id") == 0) {
-		os_free(cred->ca_cert_id);
-		cred->ca_cert_id = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "cert_id") == 0) {
-		os_free(cred->cert_id);
-		cred->cert_id = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "key_id") == 0) {
-		os_free(cred->key_id);
-		cred->key_id = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "imsi") == 0) {
-		os_free(cred->imsi);
-		cred->imsi = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "milenage") == 0) {
-		str_clear_free(cred->milenage);
-		cred->milenage = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "domain_suffix_match") == 0) {
-		os_free(cred->domain_suffix_match);
-		cred->domain_suffix_match = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "domain") == 0) {
-		char **new_domain;
-		new_domain = os_realloc_array(cred->domain,
-					      cred->num_domain + 1,
-					      sizeof(char *));
-		if (new_domain == NULL) {
-			os_free(val);
-			return -1;
-		}
-		new_domain[cred->num_domain++] = val;
-		cred->domain = new_domain;
-		return 0;
-	}
-
-	if (os_strcmp(var, "phase1") == 0) {
-		os_free(cred->phase1);
-		cred->phase1 = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "phase2") == 0) {
-		os_free(cred->phase2);
-		cred->phase2 = val;
-		return 0;
-	}
-
-	if (os_strcmp(var, "roaming_consortium") == 0) {
-		if (len < 3 || len > sizeof(cred->roaming_consortium)) {
-			wpa_printf(MSG_ERROR, "Line %d: invalid "
-				   "roaming_consortium length %d (3..15 "
-				   "expected)", line, (int) len);
-			os_free(val);
-			return -1;
-		}
-		os_memcpy(cred->roaming_consortium, val, len);
-		cred->roaming_consortium_len = len;
-		os_free(val);
-		return 0;
-	}
-
-	if (os_strcmp(var, "required_roaming_consortium") == 0) {
-		if (len < 3 || len > sizeof(cred->required_roaming_consortium))
-		{
-			wpa_printf(MSG_ERROR, "Line %d: invalid "
-				   "required_roaming_consortium length %d "
-				   "(3..15 expected)", line, (int) len);
-			os_free(val);
-			return -1;
-		}
-		os_memcpy(cred->required_roaming_consortium, val, len);
-		cred->required_roaming_consortium_len = len;
-		os_free(val);
-		return 0;
-	}
-
-	if (os_strcmp(var, "roaming_consortiums") == 0) {
-		res = wpa_config_set_cred_roaming_consortiums(cred, val);
-		if (res < 0)
-			wpa_printf(MSG_ERROR,
-				   "Line %d: invalid roaming_consortiums",
-				   line);
-		os_free(val);
-		return res;
-	}
-
-	if (os_strcmp(var, "excluded_ssid") == 0) {
-		struct excluded_ssid *e;
-
-		if (len > SSID_MAX_LEN) {
-			wpa_printf(MSG_ERROR, "Line %d: invalid "
-				   "excluded_ssid length %d", line, (int) len);
-			os_free(val);
-			return -1;
-		}
-
-		e = os_realloc_array(cred->excluded_ssid,
-				     cred->num_excluded_ssid + 1,
-				     sizeof(struct excluded_ssid));
-		if (e == NULL) {
-			os_free(val);
-			return -1;
-		}
-		cred->excluded_ssid = e;
-
-		e = &cred->excluded_ssid[cred->num_excluded_ssid++];
-		os_memcpy(e->ssid, val, len);
-		e->ssid_len = len;
-
-		os_free(val);
-
-		return 0;
-	}
-
-	if (os_strcmp(var, "roaming_partner") == 0) {
-		struct roaming_partner *p;
-		char *pos;
-
-		p = os_realloc_array(cred->roaming_partner,
-				     cred->num_roaming_partner + 1,
-				     sizeof(struct roaming_partner));
-		if (p == NULL) {
-			os_free(val);
-			return -1;
-		}
-		cred->roaming_partner = p;
-
-		p = &cred->roaming_partner[cred->num_roaming_partner];
-
-		pos = os_strchr(val, ',');
-		if (pos == NULL) {
-			os_free(val);
-			return -1;
-		}
-		*pos++ = '\0';
-		if (pos - val - 1 >= (int) sizeof(p->fqdn)) {
-			os_free(val);
-			return -1;
-		}
-		os_memcpy(p->fqdn, val, pos - val);
-
-		p->exact_match = atoi(pos);
-
-		pos = os_strchr(pos, ',');
-		if (pos == NULL) {
-			os_free(val);
-			return -1;
-		}
-		*pos++ = '\0';
-
-		p->priority = atoi(pos);
-
-		pos = os_strchr(pos, ',');
-		if (pos == NULL) {
-			os_free(val);
-			return -1;
-		}
-		*pos++ = '\0';
-
-		if (os_strlen(pos) >= sizeof(p->country)) {
-			os_free(val);
-			return -1;
-		}
-		os_memcpy(p->country, pos, os_strlen(pos) + 1);
-
-		cred->num_roaming_partner++;
-		os_free(val);
-
-		return 0;
-	}
-
-	if (os_strcmp(var, "provisioning_sp") == 0) {
-		os_free(cred->provisioning_sp);
-		cred->provisioning_sp = val;
-		return 0;
-	}
-
-	if (line) {
-		wpa_printf(MSG_ERROR, "Line %d: unknown cred field '%s'.",
-			   line, var);
-	}
-
-	os_free(val);
-
-	return -1;
-}
-
-
-static char * alloc_int_str(int val)
-{
-	const unsigned int bufsize = 20;
-	char *buf;
-	int res;
-
-	buf = os_malloc(bufsize);
-	if (buf == NULL)
-		return NULL;
-	res = os_snprintf(buf, bufsize, "%d", val);
-	if (os_snprintf_error(bufsize, res)) {
-		os_free(buf);
-		buf = NULL;
-	}
-	return buf;
-}
-
-
-static char * alloc_strdup(const char *str)
-{
-	if (str == NULL)
-		return NULL;
-	return os_strdup(str);
-}
-
-
-char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var)
-{
-	if (os_strcmp(var, "temporary") == 0)
-		return alloc_int_str(cred->temporary);
-
-	if (os_strcmp(var, "priority") == 0)
-		return alloc_int_str(cred->priority);
-
-	if (os_strcmp(var, "sp_priority") == 0)
-		return alloc_int_str(cred->sp_priority);
-
-	if (os_strcmp(var, "pcsc") == 0)
-		return alloc_int_str(cred->pcsc);
-
-	if (os_strcmp(var, "eap") == 0) {
-		if (!cred->eap_method)
-			return NULL;
-		return alloc_strdup(eap_get_name(cred->eap_method[0].vendor,
-						 cred->eap_method[0].method));
-	}
-
-	if (os_strcmp(var, "update_identifier") == 0)
-		return alloc_int_str(cred->update_identifier);
-
-	if (os_strcmp(var, "min_dl_bandwidth_home") == 0)
-		return alloc_int_str(cred->min_dl_bandwidth_home);
-
-	if (os_strcmp(var, "min_ul_bandwidth_home") == 0)
-		return alloc_int_str(cred->min_ul_bandwidth_home);
-
-	if (os_strcmp(var, "min_dl_bandwidth_roaming") == 0)
-		return alloc_int_str(cred->min_dl_bandwidth_roaming);
-
-	if (os_strcmp(var, "min_ul_bandwidth_roaming") == 0)
-		return alloc_int_str(cred->min_ul_bandwidth_roaming);
-
-	if (os_strcmp(var, "max_bss_load") == 0)
-		return alloc_int_str(cred->max_bss_load);
-
-	if (os_strcmp(var, "req_conn_capab") == 0) {
-		unsigned int i;
-		char *buf, *end, *pos;
-		int ret;
-
-		if (!cred->num_req_conn_capab)
-			return NULL;
-
-		buf = os_malloc(4000);
-		if (buf == NULL)
-			return NULL;
-		pos = buf;
-		end = pos + 4000;
-		for (i = 0; i < cred->num_req_conn_capab; i++) {
-			int *ports;
-
-			ret = os_snprintf(pos, end - pos, "%s%u",
-					  i > 0 ? "\n" : "",
-					  cred->req_conn_capab_proto[i]);
-			if (os_snprintf_error(end - pos, ret))
-				return buf;
-			pos += ret;
-
-			ports = cred->req_conn_capab_port[i];
-			if (ports) {
-				int j;
-				for (j = 0; ports[j] != -1; j++) {
-					ret = os_snprintf(pos, end - pos,
-							  "%s%d",
-							  j > 0 ? "," : ":",
-							  ports[j]);
-					if (os_snprintf_error(end - pos, ret))
-						return buf;
-					pos += ret;
-				}
-			}
-		}
-
-		return buf;
-	}
-
-	if (os_strcmp(var, "ocsp") == 0)
-		return alloc_int_str(cred->ocsp);
-
-	if (os_strcmp(var, "realm") == 0)
-		return alloc_strdup(cred->realm);
-
-	if (os_strcmp(var, "username") == 0)
-		return alloc_strdup(cred->username);
-
-	if (os_strcmp(var, "password") == 0) {
-		if (!cred->password)
-			return NULL;
-		return alloc_strdup("*");
-	}
-
-	if (os_strcmp(var, "ca_cert") == 0)
-		return alloc_strdup(cred->ca_cert);
-
-	if (os_strcmp(var, "client_cert") == 0)
-		return alloc_strdup(cred->client_cert);
-
-	if (os_strcmp(var, "private_key") == 0)
-		return alloc_strdup(cred->private_key);
-
-	if (os_strcmp(var, "private_key_passwd") == 0) {
-		if (!cred->private_key_passwd)
-			return NULL;
-		return alloc_strdup("*");
-	}
-
-	if (os_strcmp(var, "imsi") == 0)
-		return alloc_strdup(cred->imsi);
-
-	if (os_strcmp(var, "milenage") == 0) {
-		if (!(cred->milenage))
-			return NULL;
-		return alloc_strdup("*");
-	}
-
-	if (os_strcmp(var, "domain_suffix_match") == 0)
-		return alloc_strdup(cred->domain_suffix_match);
-
-	if (os_strcmp(var, "domain") == 0) {
-		unsigned int i;
-		char *buf, *end, *pos;
-		int ret;
-
-		if (!cred->num_domain)
-			return NULL;
-
-		buf = os_malloc(4000);
-		if (buf == NULL)
-			return NULL;
-		pos = buf;
-		end = pos + 4000;
-
-		for (i = 0; i < cred->num_domain; i++) {
-			ret = os_snprintf(pos, end - pos, "%s%s",
-					  i > 0 ? "\n" : "", cred->domain[i]);
-			if (os_snprintf_error(end - pos, ret))
-				return buf;
-			pos += ret;
-		}
-
-		return buf;
-	}
-
-	if (os_strcmp(var, "phase1") == 0)
-		return alloc_strdup(cred->phase1);
-
-	if (os_strcmp(var, "phase2") == 0)
-		return alloc_strdup(cred->phase2);
-
-	if (os_strcmp(var, "roaming_consortium") == 0) {
-		size_t buflen;
-		char *buf;
-
-		if (!cred->roaming_consortium_len)
-			return NULL;
-		buflen = cred->roaming_consortium_len * 2 + 1;
-		buf = os_malloc(buflen);
-		if (buf == NULL)
-			return NULL;
-		wpa_snprintf_hex(buf, buflen, cred->roaming_consortium,
-				 cred->roaming_consortium_len);
-		return buf;
-	}
-
-	if (os_strcmp(var, "required_roaming_consortium") == 0) {
-		size_t buflen;
-		char *buf;
-
-		if (!cred->required_roaming_consortium_len)
-			return NULL;
-		buflen = cred->required_roaming_consortium_len * 2 + 1;
-		buf = os_malloc(buflen);
-		if (buf == NULL)
-			return NULL;
-		wpa_snprintf_hex(buf, buflen, cred->required_roaming_consortium,
-				 cred->required_roaming_consortium_len);
-		return buf;
-	}
-
-	if (os_strcmp(var, "roaming_consortiums") == 0) {
-		size_t buflen;
-		char *buf, *pos;
-		size_t i;
-
-		if (!cred->num_roaming_consortiums)
-			return NULL;
-		buflen = cred->num_roaming_consortiums *
-			MAX_ROAMING_CONS_OI_LEN * 2 + 1;
-		buf = os_malloc(buflen);
-		if (!buf)
-			return NULL;
-		pos = buf;
-		for (i = 0; i < cred->num_roaming_consortiums; i++) {
-			if (i > 0)
-				*pos++ = ',';
-			pos += wpa_snprintf_hex(
-				pos, buf + buflen - pos,
-				cred->roaming_consortiums[i],
-				cred->roaming_consortiums_len[i]);
-		}
-		*pos = '\0';
-		return buf;
-	}
-
-	if (os_strcmp(var, "excluded_ssid") == 0) {
-		unsigned int i;
-		char *buf, *end, *pos;
-
-		if (!cred->num_excluded_ssid)
-			return NULL;
-
-		buf = os_malloc(4000);
-		if (buf == NULL)
-			return NULL;
-		pos = buf;
-		end = pos + 4000;
-
-		for (i = 0; i < cred->num_excluded_ssid; i++) {
-			struct excluded_ssid *e;
-			int ret;
-
-			e = &cred->excluded_ssid[i];
-			ret = os_snprintf(pos, end - pos, "%s%s",
-					  i > 0 ? "\n" : "",
-					  wpa_ssid_txt(e->ssid, e->ssid_len));
-			if (os_snprintf_error(end - pos, ret))
-				return buf;
-			pos += ret;
-		}
-
-		return buf;
-	}
-
-	if (os_strcmp(var, "roaming_partner") == 0) {
-		unsigned int i;
-		char *buf, *end, *pos;
-
-		if (!cred->num_roaming_partner)
-			return NULL;
-
-		buf = os_malloc(4000);
-		if (buf == NULL)
-			return NULL;
-		pos = buf;
-		end = pos + 4000;
-
-		for (i = 0; i < cred->num_roaming_partner; i++) {
-			struct roaming_partner *p;
-			int ret;
-
-			p = &cred->roaming_partner[i];
-			ret = os_snprintf(pos, end - pos, "%s%s,%d,%u,%s",
-					  i > 0 ? "\n" : "",
-					  p->fqdn, p->exact_match, p->priority,
-					  p->country);
-			if (os_snprintf_error(end - pos, ret))
-				return buf;
-			pos += ret;
-		}
-
-		return buf;
-	}
-
-	if (os_strcmp(var, "provisioning_sp") == 0)
-		return alloc_strdup(cred->provisioning_sp);
-
-	return NULL;
-}
-
-
-struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id)
-{
-	struct wpa_cred *cred;
-
-	cred = config->cred;
-	while (cred) {
-		if (id == cred->id)
-			break;
-		cred = cred->next;
-	}
-
-	return cred;
-}
-
-
-struct wpa_cred * wpa_config_add_cred(struct wpa_config *config)
-{
-	int id;
-	struct wpa_cred *cred, *last = NULL;
-
-	id = -1;
-	cred = config->cred;
-	while (cred) {
-		if (cred->id > id)
-			id = cred->id;
-		last = cred;
-		cred = cred->next;
-	}
-	id++;
-
-	cred = os_zalloc(sizeof(*cred));
-	if (cred == NULL)
-		return NULL;
-	cred->id = id;
-	cred->sim_num = DEFAULT_USER_SELECTED_SIM;
-	if (last)
-		last->next = cred;
-	else
-		config->cred = cred;
-
-	return cred;
-}
-
-
-int wpa_config_remove_cred(struct wpa_config *config, int id)
-{
-	struct wpa_cred *cred, *prev = NULL;
-
-	cred = config->cred;
-	while (cred) {
-		if (id == cred->id)
-			break;
-		prev = cred;
-		cred = cred->next;
-	}
-
-	if (cred == NULL)
-		return -1;
-
-	if (prev)
-		prev->next = cred->next;
-	else
-		config->cred = cred->next;
-
-	wpa_config_free_cred(cred);
-	return 0;
-}
-
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-/**
- * wpa_config_get_blob - Get a named configuration blob
- * @config: Configuration data from wpa_config_read()
- * @name: Name of the blob
- * Returns: Pointer to blob data or %NULL if not found
- */
-const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config,
-						   const char *name)
-{
-	struct wpa_config_blob *blob = config->blobs;
-
-	while (blob) {
-		if (os_strcmp(blob->name, name) == 0)
-			return blob;
-		blob = blob->next;
-	}
-	return NULL;
-}
-
-
-/**
- * wpa_config_set_blob - Set or add a named configuration blob
- * @config: Configuration data from wpa_config_read()
- * @blob: New value for the blob
- *
- * Adds a new configuration blob or replaces the current value of an existing
- * blob.
- */
-void wpa_config_set_blob(struct wpa_config *config,
-			 struct wpa_config_blob *blob)
-{
-	wpa_config_remove_blob(config, blob->name);
-	blob->next = config->blobs;
-	config->blobs = blob;
-}
-
-
-/**
- * wpa_config_free_blob - Free blob data
- * @blob: Pointer to blob to be freed
- */
-void wpa_config_free_blob(struct wpa_config_blob *blob)
-{
-	if (blob) {
-		os_free(blob->name);
-		bin_clear_free(blob->data, blob->len);
-		os_free(blob);
-	}
-}
-
-
-/**
- * wpa_config_remove_blob - Remove a named configuration blob
- * @config: Configuration data from wpa_config_read()
- * @name: Name of the blob to remove
- * Returns: 0 if blob was removed or -1 if blob was not found
- */
-int wpa_config_remove_blob(struct wpa_config *config, const char *name)
-{
-	struct wpa_config_blob *pos = config->blobs, *prev = NULL;
-
-	while (pos) {
-		if (os_strcmp(pos->name, name) == 0) {
-			if (prev)
-				prev->next = pos->next;
-			else
-				config->blobs = pos->next;
-			wpa_config_free_blob(pos);
-			return 0;
-		}
-		prev = pos;
-		pos = pos->next;
-	}
-
-	return -1;
-}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-
-/**
- * wpa_config_alloc_empty - Allocate an empty configuration
- * @ctrl_interface: Control interface parameters, e.g., path to UNIX domain
- * socket
- * @driver_param: Driver parameters
- * Returns: Pointer to allocated configuration data or %NULL on failure
- */
-struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface,
-					   const char *driver_param)
-{
-#define ecw2cw(ecw) ((1 << (ecw)) - 1)
-
-	struct wpa_config *config;
-	const int aCWmin = 4, aCWmax = 10;
-	const struct hostapd_wmm_ac_params ac_bk =
-		{ aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
-	const struct hostapd_wmm_ac_params ac_be =
-		{ aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
-	const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
-		{ aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
-	const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
-		{ aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
-	const struct hostapd_tx_queue_params txq_bk =
-		{ 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
-	const struct hostapd_tx_queue_params txq_be =
-		{ 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0 };
-	const struct hostapd_tx_queue_params txq_vi =
-		{ 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30 };
-	const struct hostapd_tx_queue_params txq_vo =
-		{ 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
-		  (ecw2cw(aCWmin) + 1) / 2 - 1, 15 };
-
-#undef ecw2cw
-
-	config = os_zalloc(sizeof(*config));
-	if (config == NULL)
-		return NULL;
-	config->eapol_version = DEFAULT_EAPOL_VERSION;
-	config->ap_scan = DEFAULT_AP_SCAN;
-	config->user_mpm = DEFAULT_USER_MPM;
-	config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
-	config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
-	config->mesh_fwding = DEFAULT_MESH_FWDING;
-	config->dot11RSNASAERetransPeriod =
-		DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD;
-	config->fast_reauth = DEFAULT_FAST_REAUTH;
-	config->p2p_go_intent = DEFAULT_P2P_GO_INTENT;
-	config->p2p_intra_bss = DEFAULT_P2P_INTRA_BSS;
-	config->p2p_go_freq_change_policy = DEFAULT_P2P_GO_FREQ_MOVE;
-	config->p2p_go_max_inactivity = DEFAULT_P2P_GO_MAX_INACTIVITY;
-	config->p2p_optimize_listen_chan = DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN;
-	config->p2p_go_ctwindow = DEFAULT_P2P_GO_CTWINDOW;
-	config->bss_max_count = DEFAULT_BSS_MAX_COUNT;
-	config->bss_expiration_age = DEFAULT_BSS_EXPIRATION_AGE;
-	config->bss_expiration_scan_count = DEFAULT_BSS_EXPIRATION_SCAN_COUNT;
-	config->max_num_sta = DEFAULT_MAX_NUM_STA;
-	config->ap_isolate = DEFAULT_AP_ISOLATE;
-	config->access_network_type = DEFAULT_ACCESS_NETWORK_TYPE;
-	config->scan_cur_freq = DEFAULT_SCAN_CUR_FREQ;
-	config->scan_res_valid_for_connect = DEFAULT_SCAN_RES_VALID_FOR_CONNECT;
-	config->wmm_ac_params[0] = ac_be;
-	config->wmm_ac_params[1] = ac_bk;
-	config->wmm_ac_params[2] = ac_vi;
-	config->wmm_ac_params[3] = ac_vo;
-	config->tx_queue[0] = txq_vo;
-	config->tx_queue[1] = txq_vi;
-	config->tx_queue[2] = txq_be;
-	config->tx_queue[3] = txq_bk;
-	config->p2p_search_delay = DEFAULT_P2P_SEARCH_DELAY;
-	config->rand_addr_lifetime = DEFAULT_RAND_ADDR_LIFETIME;
-	config->key_mgmt_offload = DEFAULT_KEY_MGMT_OFFLOAD;
-	config->cert_in_cb = DEFAULT_CERT_IN_CB;
-	config->wpa_rsc_relaxation = DEFAULT_WPA_RSC_RELAXATION;
-	config->extended_key_id = DEFAULT_EXTENDED_KEY_ID;
-
-#ifdef CONFIG_MBO
-	config->mbo_cell_capa = DEFAULT_MBO_CELL_CAPA;
-	config->disassoc_imminent_rssi_threshold =
-		DEFAULT_DISASSOC_IMMINENT_RSSI_THRESHOLD;
-	config->oce = DEFAULT_OCE_SUPPORT;
-#endif /* CONFIG_MBO */
-
-	if (ctrl_interface)
-		config->ctrl_interface = os_strdup(ctrl_interface);
-	if (driver_param)
-		config->driver_param = os_strdup(driver_param);
-	config->gas_rand_addr_lifetime = DEFAULT_RAND_ADDR_LIFETIME;
-
-	return config;
-}
-
-
-#ifndef CONFIG_NO_STDOUT_DEBUG
-/**
- * wpa_config_debug_dump_networks - Debug dump of configured networks
- * @config: Configuration data from wpa_config_read()
- */
-void wpa_config_debug_dump_networks(struct wpa_config *config)
-{
-	size_t prio;
-	struct wpa_ssid *ssid;
-
-	for (prio = 0; prio < config->num_prio; prio++) {
-		ssid = config->pssid[prio];
-		wpa_printf(MSG_DEBUG, "Priority group %d",
-			   ssid->priority);
-		while (ssid) {
-			wpa_printf(MSG_DEBUG, "   id=%d ssid='%s'",
-				   ssid->id,
-				   wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-			ssid = ssid->pnext;
-		}
-	}
-}
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-
-/**
- * Structure for global configuration parsing. This data is used to implement a
- * generic parser for the global interface configuration. The table of variables
- * is defined below in this file (global_fields[]).
- */
-struct global_parse_data {
-	/* Configuration variable name */
-	char *name;
-
-	/* Parser function for this variable. The parser functions return 0 or 1
-	 * to indicate success. Value 0 indicates that the parameter value may
-	 * have changed while value 1 means that the value did not change.
-	 * Error cases (failure to parse the string) are indicated by returning
-	 * -1. */
-	int (*parser)(const struct global_parse_data *data,
-		      struct wpa_config *config, int line, const char *value);
-
-	/* Getter function to print the variable in text format to buf. */
-	int (*get)(const char *name, struct wpa_config *config, long offset,
-		   char *buf, size_t buflen, int pretty_print);
-
-	/* Variable specific parameters for the parser. */
-	void *param1, *param2, *param3;
-
-	/* Indicates which configuration variable has changed. */
-	unsigned int changed_flag;
-};
-
-
-static int wpa_global_config_parse_int(const struct global_parse_data *data,
-				       struct wpa_config *config, int line,
-				       const char *pos)
-{
-	int val, *dst;
-	char *end;
-	bool same;
-
-	dst = (int *) (((u8 *) config) + (long) data->param1);
-	val = strtol(pos, &end, 0);
-	if (*end) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid number \"%s\"",
-			   line, pos);
-		return -1;
-	}
-	same = *dst == val;
-	*dst = val;
-
-	wpa_printf(MSG_DEBUG, "%s=%d", data->name, *dst);
-
-	if (data->param2 && *dst < (long) data->param2) {
-		wpa_printf(MSG_ERROR, "Line %d: too small %s (value=%d "
-			   "min_value=%ld)", line, data->name, *dst,
-			   (long) data->param2);
-		*dst = (long) data->param2;
-		return -1;
-	}
-
-	if (data->param3 && *dst > (long) data->param3) {
-		wpa_printf(MSG_ERROR, "Line %d: too large %s (value=%d "
-			   "max_value=%ld)", line, data->name, *dst,
-			   (long) data->param3);
-		*dst = (long) data->param3;
-		return -1;
-	}
-
-	return same;
-}
-
-
-static int wpa_global_config_parse_str(const struct global_parse_data *data,
-				       struct wpa_config *config, int line,
-				       const char *pos)
-{
-	size_t len, prev_len;
-	char **dst, *tmp;
-
-	len = os_strlen(pos);
-	if (data->param2 && len < (size_t) data->param2) {
-		wpa_printf(MSG_ERROR, "Line %d: too short %s (len=%lu "
-			   "min_len=%ld)", line, data->name,
-			   (unsigned long) len, (long) data->param2);
-		return -1;
-	}
-
-	if (data->param3 && len > (size_t) data->param3) {
-		wpa_printf(MSG_ERROR, "Line %d: too long %s (len=%lu "
-			   "max_len=%ld)", line, data->name,
-			   (unsigned long) len, (long) data->param3);
-		return -1;
-	}
-
-	if (has_newline(pos)) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
-			   line, data->name);
-		return -1;
-	}
-
-	dst = (char **) (((u8 *) config) + (long) data->param1);
-	if (*dst)
-		prev_len = os_strlen(*dst);
-	else
-		prev_len = 0;
-
-	/* No change to the previously configured value */
-	if (*dst && prev_len == len && os_memcmp(*dst, pos, len) == 0)
-		return 1;
-
-	tmp = os_strdup(pos);
-	if (tmp == NULL)
-		return -1;
-
-	os_free(*dst);
-	*dst = tmp;
-	wpa_printf(MSG_DEBUG, "%s='%s'", data->name, *dst);
-
-	return 0;
-}
-
-
-static int wpa_config_process_bgscan(const struct global_parse_data *data,
-				     struct wpa_config *config, int line,
-				     const char *pos)
-{
-	size_t len;
-	char *tmp;
-	int res;
-
-	tmp = wpa_config_parse_string(pos, &len);
-	if (tmp == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: failed to parse %s",
-			   line, data->name);
-		return -1;
-	}
-
-	res = wpa_global_config_parse_str(data, config, line, tmp);
-	os_free(tmp);
-	return res;
-}
-
-
-static int wpa_global_config_parse_bin(const struct global_parse_data *data,
-				       struct wpa_config *config, int line,
-				       const char *pos)
-{
-	struct wpabuf **dst, *tmp;
-
-	tmp = wpabuf_parse_bin(pos);
-	if (!tmp)
-		return -1;
-
-	dst = (struct wpabuf **) (((u8 *) config) + (long) data->param1);
-	if (wpabuf_cmp(*dst, tmp) == 0) {
-		wpabuf_free(tmp);
-		return 1;
-	}
-	wpabuf_free(*dst);
-	*dst = tmp;
-	wpa_printf(MSG_DEBUG, "%s", data->name);
-
-	return 0;
-}
-
-
-static int wpa_config_process_freq_list(const struct global_parse_data *data,
-					struct wpa_config *config, int line,
-					const char *value)
-{
-	int *freqs;
-
-	freqs = wpa_config_parse_int_array(value);
-	if (freqs == NULL)
-		return -1;
-	if (freqs[0] == 0) {
-		os_free(freqs);
-		freqs = NULL;
-	}
-	os_free(config->freq_list);
-	config->freq_list = freqs;
-	return 0;
-}
-
-
-static int
-wpa_config_process_initial_freq_list(const struct global_parse_data *data,
-				     struct wpa_config *config, int line,
-				     const char *value)
-{
-	int *freqs;
-
-	freqs = wpa_config_parse_int_array(value);
-	if (!freqs)
-		return -1;
-	if (freqs[0] == 0) {
-		os_free(freqs);
-		freqs = NULL;
-	}
-	os_free(config->initial_freq_list);
-	config->initial_freq_list = freqs;
-	return 0;
-}
-
-
-#ifdef CONFIG_P2P
-static int wpa_global_config_parse_ipv4(const struct global_parse_data *data,
-					struct wpa_config *config, int line,
-					const char *pos)
-{
-	u32 *dst;
-	struct hostapd_ip_addr addr;
-
-	if (hostapd_parse_ip_addr(pos, &addr) < 0)
-		return -1;
-	if (addr.af != AF_INET)
-		return -1;
-
-	dst = (u32 *) (((u8 *) config) + (long) data->param1);
-	if (os_memcmp(dst, &addr.u.v4.s_addr, 4) == 0)
-		return 1;
-	os_memcpy(dst, &addr.u.v4.s_addr, 4);
-	wpa_printf(MSG_DEBUG, "%s = 0x%x", data->name,
-		   WPA_GET_BE32((u8 *) dst));
-
-	return 0;
-}
-#endif /* CONFIG_P2P */
-
-
-static int wpa_config_process_country(const struct global_parse_data *data,
-				      struct wpa_config *config, int line,
-				      const char *pos)
-{
-	if (!pos[0] || !pos[1]) {
-		wpa_printf(MSG_DEBUG, "Invalid country set");
-		return -1;
-	}
-	if (pos[0] == config->country[0] && pos[1] == config->country[1])
-		return 1;
-	config->country[0] = pos[0];
-	config->country[1] = pos[1];
-	wpa_printf(MSG_DEBUG, "country='%c%c'",
-		   config->country[0], config->country[1]);
-	return 0;
-}
-
-
-static int wpa_config_process_load_dynamic_eap(
-	const struct global_parse_data *data, struct wpa_config *config,
-	int line, const char *so)
-{
-	int ret;
-	wpa_printf(MSG_DEBUG, "load_dynamic_eap=%s", so);
-	ret = eap_peer_method_load(so);
-	if (ret == -2) {
-		wpa_printf(MSG_DEBUG, "This EAP type was already loaded - not "
-			   "reloading.");
-	} else if (ret) {
-		wpa_printf(MSG_ERROR, "Line %d: Failed to load dynamic EAP "
-			   "method '%s'.", line, so);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-#ifdef CONFIG_WPS
-
-static int wpa_config_process_uuid(const struct global_parse_data *data,
-				   struct wpa_config *config, int line,
-				   const char *pos)
-{
-	char buf[40];
-	if (uuid_str2bin(pos, config->uuid)) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid UUID", line);
-		return -1;
-	}
-	uuid_bin2str(config->uuid, buf, sizeof(buf));
-	wpa_printf(MSG_DEBUG, "uuid=%s", buf);
-	return 0;
-}
-
-
-static int wpa_config_process_device_type(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	return wps_dev_type_str2bin(pos, config->device_type);
-}
-
-
-static int wpa_config_process_os_version(const struct global_parse_data *data,
-					 struct wpa_config *config, int line,
-					 const char *pos)
-{
-	if (hexstr2bin(pos, config->os_version, 4)) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid os_version", line);
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "os_version=%08x",
-		   WPA_GET_BE32(config->os_version));
-	return 0;
-}
-
-
-static int wpa_config_process_wps_vendor_ext_m1(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	struct wpabuf *tmp;
-	int len = os_strlen(pos) / 2;
-	u8 *p;
-
-	if (!len) {
-		wpa_printf(MSG_ERROR, "Line %d: "
-			   "invalid wps_vendor_ext_m1", line);
-		return -1;
-	}
-
-	tmp = wpabuf_alloc(len);
-	if (tmp) {
-		p = wpabuf_put(tmp, len);
-
-		if (hexstr2bin(pos, p, len)) {
-			wpa_printf(MSG_ERROR, "Line %d: "
-				   "invalid wps_vendor_ext_m1", line);
-			wpabuf_free(tmp);
-			return -1;
-		}
-
-		wpabuf_free(config->wps_vendor_ext_m1);
-		config->wps_vendor_ext_m1 = tmp;
-	} else {
-		wpa_printf(MSG_ERROR, "Can not allocate "
-			   "memory for wps_vendor_ext_m1");
-		return -1;
-	}
-
-	return 0;
-}
-
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_P2P
-static int wpa_config_process_sec_device_type(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	int idx;
-
-	if (config->num_sec_device_types >= MAX_SEC_DEVICE_TYPES) {
-		wpa_printf(MSG_ERROR, "Line %d: too many sec_device_type "
-			   "items", line);
-		return -1;
-	}
-
-	idx = config->num_sec_device_types;
-
-	if (wps_dev_type_str2bin(pos, config->sec_device_type[idx]))
-		return -1;
-
-	config->num_sec_device_types++;
-	return 0;
-}
-
-
-static int wpa_config_process_p2p_pref_chan(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	struct p2p_channel *pref = NULL, *n;
-	size_t num = 0;
-	const char *pos2;
-	u8 op_class, chan;
-
-	/* format: class:chan,class:chan,... */
-
-	while (*pos) {
-		op_class = atoi(pos);
-		pos2 = os_strchr(pos, ':');
-		if (pos2 == NULL)
-			goto fail;
-		pos2++;
-		chan = atoi(pos2);
-
-		n = os_realloc_array(pref, num + 1,
-				     sizeof(struct p2p_channel));
-		if (n == NULL)
-			goto fail;
-		pref = n;
-		pref[num].op_class = op_class;
-		pref[num].chan = chan;
-		num++;
-
-		pos = os_strchr(pos2, ',');
-		if (pos == NULL)
-			break;
-		pos++;
-	}
-
-	os_free(config->p2p_pref_chan);
-	config->p2p_pref_chan = pref;
-	config->num_p2p_pref_chan = num;
-	wpa_hexdump(MSG_DEBUG, "P2P: Preferred class/channel pairs",
-		    (u8 *) config->p2p_pref_chan,
-		    config->num_p2p_pref_chan * sizeof(struct p2p_channel));
-
-	return 0;
-
-fail:
-	os_free(pref);
-	wpa_printf(MSG_ERROR, "Line %d: Invalid p2p_pref_chan list", line);
-	return -1;
-}
-
-
-static int wpa_config_process_p2p_no_go_freq(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	int ret;
-
-	ret = freq_range_list_parse(&config->p2p_no_go_freq, pos);
-	if (ret < 0) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid p2p_no_go_freq", line);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: p2p_no_go_freq with %u items",
-		   config->p2p_no_go_freq.num);
-
-	return 0;
-}
-
-
-static int wpa_config_process_p2p_device_persistent_mac_addr(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	if (hwaddr_aton2(pos, config->p2p_device_persistent_mac_addr) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: Invalid p2p_device_persistent_mac_addr '%s'",
-			   line, pos);
-		return -1;
-	}
-
-	return 0;
-}
-
-#endif /* CONFIG_P2P */
-
-
-static int wpa_config_process_hessid(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	if (hwaddr_aton2(pos, config->hessid) < 0) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid hessid '%s'",
-			   line, pos);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpa_config_process_sae_groups(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	int *groups = wpa_config_parse_int_array(pos);
-	if (groups == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: Invalid sae_groups '%s'",
-			   line, pos);
-		return -1;
-	}
-
-	os_free(config->sae_groups);
-	config->sae_groups = groups;
-
-	return 0;
-}
-
-
-static int wpa_config_process_ap_vendor_elements(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	struct wpabuf *tmp;
-
-	if (!*pos) {
-		wpabuf_free(config->ap_vendor_elements);
-		config->ap_vendor_elements = NULL;
-		return 0;
-	}
-
-	tmp = wpabuf_parse_bin(pos);
-	if (!tmp) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid ap_vendor_elements",
-			   line);
-		return -1;
-	}
-	wpabuf_free(config->ap_vendor_elements);
-	config->ap_vendor_elements = tmp;
-
-	return 0;
-}
-
-
-static int wpa_config_process_ap_assocresp_elements(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	struct wpabuf *tmp;
-
-	if (!*pos) {
-		wpabuf_free(config->ap_assocresp_elements);
-		config->ap_assocresp_elements = NULL;
-		return 0;
-	}
-
-	tmp = wpabuf_parse_bin(pos);
-	if (!tmp) {
-		wpa_printf(MSG_ERROR, "Line %d: invalid ap_assocresp_elements",
-			   line);
-		return -1;
-	}
-	wpabuf_free(config->ap_assocresp_elements);
-	config->ap_assocresp_elements = tmp;
-
-	return 0;
-}
-
-
-#ifdef CONFIG_CTRL_IFACE
-static int wpa_config_process_no_ctrl_interface(
-	const struct global_parse_data *data,
-	struct wpa_config *config, int line, const char *pos)
-{
-	wpa_printf(MSG_DEBUG, "no_ctrl_interface -> ctrl_interface=NULL");
-	os_free(config->ctrl_interface);
-	config->ctrl_interface = NULL;
-	return 0;
-}
-#endif /* CONFIG_CTRL_IFACE */
-
-
-static int wpa_config_get_int(const char *name, struct wpa_config *config,
-			      long offset, char *buf, size_t buflen,
-			      int pretty_print)
-{
-	int *val = (int *) (((u8 *) config) + (long) offset);
-
-	if (pretty_print)
-		return os_snprintf(buf, buflen, "%s=%d\n", name, *val);
-	return os_snprintf(buf, buflen, "%d", *val);
-}
-
-
-static int wpa_config_get_str(const char *name, struct wpa_config *config,
-			      long offset, char *buf, size_t buflen,
-			      int pretty_print)
-{
-	char **val = (char **) (((u8 *) config) + (long) offset);
-	int res;
-
-	if (pretty_print)
-		res = os_snprintf(buf, buflen, "%s=%s\n", name,
-				  *val ? *val : "null");
-	else if (!*val)
-		return -1;
-	else
-		res = os_snprintf(buf, buflen, "%s", *val);
-	if (os_snprintf_error(buflen, res))
-		res = -1;
-
-	return res;
-}
-
-
-#ifdef CONFIG_P2P
-static int wpa_config_get_ipv4(const char *name, struct wpa_config *config,
-			       long offset, char *buf, size_t buflen,
-			       int pretty_print)
-{
-	void *val = ((u8 *) config) + (long) offset;
-	int res;
-	char addr[INET_ADDRSTRLEN];
-
-	if (!val || !inet_ntop(AF_INET, val, addr, sizeof(addr)))
-		return -1;
-
-	if (pretty_print)
-		res = os_snprintf(buf, buflen, "%s=%s\n", name, addr);
-	else
-		res = os_snprintf(buf, buflen, "%s", addr);
-
-	if (os_snprintf_error(buflen, res))
-		res = -1;
-
-	return res;
-}
-#endif /* CONFIG_P2P */
-
-
-#ifdef OFFSET
-#undef OFFSET
-#endif /* OFFSET */
-/* OFFSET: Get offset of a variable within the wpa_config structure */
-#define OFFSET(v) ((void *) &((struct wpa_config *) 0)->v)
-
-#define FUNC(f) #f, wpa_config_process_ ## f, NULL, OFFSET(f), NULL, NULL
-#define FUNC_NO_VAR(f) #f, wpa_config_process_ ## f, NULL, NULL, NULL, NULL
-#define _INT(f) #f, wpa_global_config_parse_int, wpa_config_get_int, OFFSET(f)
-#define INT(f) _INT(f), NULL, NULL
-#define INT_RANGE(f, min, max) _INT(f), (void *) min, (void *) max
-#define _STR(f) #f, wpa_global_config_parse_str, wpa_config_get_str, OFFSET(f)
-#define STR(f) _STR(f), NULL, NULL
-#define STR_RANGE(f, min, max) _STR(f), (void *) min, (void *) max
-#define BIN(f) #f, wpa_global_config_parse_bin, NULL, OFFSET(f), NULL, NULL
-#define IPV4(f) #f, wpa_global_config_parse_ipv4, wpa_config_get_ipv4,  \
-	OFFSET(f), NULL, NULL
-
-static const struct global_parse_data global_fields[] = {
-#ifdef CONFIG_CTRL_IFACE
-	{ STR(ctrl_interface), 0 },
-	{ FUNC_NO_VAR(no_ctrl_interface), 0 },
-	{ STR(ctrl_interface_group), 0 } /* deprecated */,
-#endif /* CONFIG_CTRL_IFACE */
-#ifdef CONFIG_MACSEC
-	{ INT_RANGE(eapol_version, 1, 3), 0 },
-#else /* CONFIG_MACSEC */
-	{ INT_RANGE(eapol_version, 1, 2), 0 },
-#endif /* CONFIG_MACSEC */
-	{ INT(ap_scan), 0 },
-	{ FUNC(bgscan), CFG_CHANGED_BGSCAN },
-#ifdef CONFIG_MESH
-	{ INT(user_mpm), 0 },
-	{ INT_RANGE(max_peer_links, 0, 255), 0 },
-	{ INT(mesh_max_inactivity), 0 },
-	{ INT_RANGE(mesh_fwding, 0, 1), 0 },
-	{ INT(dot11RSNASAERetransPeriod), 0 },
-#endif /* CONFIG_MESH */
-	{ INT(disable_scan_offload), 0 },
-	{ INT(fast_reauth), 0 },
-	{ STR(opensc_engine_path), 0 },
-	{ STR(pkcs11_engine_path), 0 },
-	{ STR(pkcs11_module_path), 0 },
-	{ STR(openssl_ciphers), 0 },
-	{ STR(pcsc_reader), 0 },
-	{ STR(pcsc_pin), 0 },
-	{ INT(external_sim), 0 },
-	{ STR(driver_param), 0 },
-	{ INT(dot11RSNAConfigPMKLifetime), 0 },
-	{ INT(dot11RSNAConfigPMKReauthThreshold), 0 },
-	{ INT(dot11RSNAConfigSATimeout), 0 },
-#ifndef CONFIG_NO_CONFIG_WRITE
-	{ INT(update_config), 0 },
-#endif /* CONFIG_NO_CONFIG_WRITE */
-	{ FUNC_NO_VAR(load_dynamic_eap), 0 },
-#ifdef CONFIG_WPS
-	{ FUNC(uuid), CFG_CHANGED_UUID },
-	{ INT_RANGE(auto_uuid, 0, 1), 0 },
-	{ STR_RANGE(device_name, 0, WPS_DEV_NAME_MAX_LEN),
-	  CFG_CHANGED_DEVICE_NAME },
-	{ STR_RANGE(manufacturer, 0, 64), CFG_CHANGED_WPS_STRING },
-	{ STR_RANGE(model_name, 0, 32), CFG_CHANGED_WPS_STRING },
-	{ STR_RANGE(model_number, 0, 32), CFG_CHANGED_WPS_STRING },
-	{ STR_RANGE(serial_number, 0, 32), CFG_CHANGED_WPS_STRING },
-	{ FUNC(device_type), CFG_CHANGED_DEVICE_TYPE },
-	{ FUNC(os_version), CFG_CHANGED_OS_VERSION },
-	{ STR(config_methods), CFG_CHANGED_CONFIG_METHODS },
-	{ INT_RANGE(wps_cred_processing, 0, 2), 0 },
-	{ INT_RANGE(wps_cred_add_sae, 0, 1), 0 },
-	{ FUNC(wps_vendor_ext_m1), CFG_CHANGED_VENDOR_EXTENSION },
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	{ FUNC(sec_device_type), CFG_CHANGED_SEC_DEVICE_TYPE },
-	{ INT(p2p_listen_reg_class), CFG_CHANGED_P2P_LISTEN_CHANNEL },
-	{ INT(p2p_listen_channel), CFG_CHANGED_P2P_LISTEN_CHANNEL },
-	{ INT(p2p_oper_reg_class), CFG_CHANGED_P2P_OPER_CHANNEL },
-	{ INT(p2p_oper_channel), CFG_CHANGED_P2P_OPER_CHANNEL },
-	{ INT_RANGE(p2p_go_intent, 0, 15), 0 },
-	{ STR(p2p_ssid_postfix), CFG_CHANGED_P2P_SSID_POSTFIX },
-	{ INT_RANGE(persistent_reconnect, 0, 1), 0 },
-	{ INT_RANGE(p2p_intra_bss, 0, 1), CFG_CHANGED_P2P_INTRA_BSS },
-	{ INT(p2p_group_idle), 0 },
-	{ INT_RANGE(p2p_go_freq_change_policy, 0, P2P_GO_FREQ_MOVE_MAX), 0 },
-	{ INT_RANGE(p2p_passphrase_len, 8, 63),
-	  CFG_CHANGED_P2P_PASSPHRASE_LEN },
-	{ FUNC(p2p_pref_chan), CFG_CHANGED_P2P_PREF_CHAN },
-	{ FUNC(p2p_no_go_freq), CFG_CHANGED_P2P_PREF_CHAN },
-	{ INT_RANGE(p2p_add_cli_chan, 0, 1), 0 },
-	{ INT_RANGE(p2p_optimize_listen_chan, 0, 1), 0 },
-	{ INT(p2p_go_ht40), 0 },
-	{ INT(p2p_go_vht), 0 },
-	{ INT(p2p_go_he), 0 },
-	{ INT(p2p_go_edmg), 0 },
-	{ INT(p2p_disabled), 0 },
-	{ INT_RANGE(p2p_go_ctwindow, 0, 127), 0 },
-	{ INT(p2p_no_group_iface), 0 },
-	{ INT_RANGE(p2p_ignore_shared_freq, 0, 1), 0 },
-	{ IPV4(ip_addr_go), 0 },
-	{ IPV4(ip_addr_mask), 0 },
-	{ IPV4(ip_addr_start), 0 },
-	{ IPV4(ip_addr_end), 0 },
-	{ INT_RANGE(p2p_cli_probe, 0, 1), 0 },
-	{ INT(p2p_device_random_mac_addr), 0 },
-	{ FUNC(p2p_device_persistent_mac_addr), 0 },
-	{ INT(p2p_interface_random_mac_addr), 0 },
-	{ INT(p2p_6ghz_disable), 0 },
-#endif /* CONFIG_P2P */
-	{ FUNC(country), CFG_CHANGED_COUNTRY },
-	{ INT(bss_max_count), 0 },
-	{ INT(bss_expiration_age), 0 },
-	{ INT(bss_expiration_scan_count), 0 },
-	{ INT_RANGE(filter_ssids, 0, 1), 0 },
-	{ INT_RANGE(filter_rssi, -100, 0), 0 },
-	{ INT(max_num_sta), 0 },
-	{ INT_RANGE(ap_isolate, 0, 1), 0 },
-	{ INT_RANGE(disassoc_low_ack, 0, 1), 0 },
-#ifdef CONFIG_HS20
-	{ INT_RANGE(hs20, 0, 1), 0 },
-#endif /* CONFIG_HS20 */
-	{ INT_RANGE(interworking, 0, 1), 0 },
-	{ FUNC(hessid), 0 },
-	{ INT_RANGE(access_network_type, 0, 15), 0 },
-	{ INT_RANGE(go_interworking, 0, 1), 0 },
-	{ INT_RANGE(go_access_network_type, 0, 15), 0 },
-	{ INT_RANGE(go_internet, 0, 1), 0 },
-	{ INT_RANGE(go_venue_group, 0, 255), 0 },
-	{ INT_RANGE(go_venue_type, 0, 255), 0 },
-	{ INT_RANGE(pbc_in_m1, 0, 1), 0 },
-	{ STR(autoscan), 0 },
-	{ INT_RANGE(wps_nfc_dev_pw_id, 0x10, 0xffff),
-	  CFG_CHANGED_NFC_PASSWORD_TOKEN },
-	{ BIN(wps_nfc_dh_pubkey), CFG_CHANGED_NFC_PASSWORD_TOKEN },
-	{ BIN(wps_nfc_dh_privkey), CFG_CHANGED_NFC_PASSWORD_TOKEN },
-	{ BIN(wps_nfc_dev_pw), CFG_CHANGED_NFC_PASSWORD_TOKEN },
-	{ STR(ext_password_backend), CFG_CHANGED_EXT_PW_BACKEND },
-	{ INT(p2p_go_max_inactivity), 0 },
-	{ INT_RANGE(auto_interworking, 0, 1), 0 },
-	{ INT(okc), 0 },
-	{ INT(pmf), 0 },
-	{ FUNC(sae_groups), 0 },
-	{ INT_RANGE(sae_pwe, 0, 3), 0 },
-	{ INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 },
-	{ INT(dtim_period), 0 },
-	{ INT(beacon_int), 0 },
-	{ FUNC(ap_assocresp_elements), 0 },
-	{ FUNC(ap_vendor_elements), 0 },
-	{ INT_RANGE(ignore_old_scan_res, 0, 1), 0 },
-	{ FUNC(freq_list), 0 },
-	{ FUNC(initial_freq_list), 0},
-	{ INT(scan_cur_freq), 0 },
-	{ INT(scan_res_valid_for_connect), 0},
-	{ INT(sched_scan_interval), 0 },
-	{ INT(sched_scan_start_delay), 0 },
-	{ INT(tdls_external_control), 0},
-	{ STR(osu_dir), 0 },
-	{ STR(wowlan_triggers), CFG_CHANGED_WOWLAN_TRIGGERS },
-	{ INT(p2p_search_delay), 0},
-	{ INT(mac_addr), 0 },
-	{ INT(rand_addr_lifetime), 0 },
-	{ INT(preassoc_mac_addr), 0 },
-	{ INT(key_mgmt_offload), 0},
-	{ INT(passive_scan), 0 },
-	{ INT(reassoc_same_bss_optim), 0 },
-	{ INT(wps_priority), 0},
-#ifdef CONFIG_FST
-	{ STR_RANGE(fst_group_id, 1, FST_MAX_GROUP_ID_LEN), 0 },
-	{ INT_RANGE(fst_priority, 1, FST_MAX_PRIO_VALUE), 0 },
-	{ INT_RANGE(fst_llt, 1, FST_MAX_LLT_MS), 0 },
-#endif /* CONFIG_FST */
-	{ INT_RANGE(cert_in_cb, 0, 1), 0 },
-	{ INT_RANGE(wpa_rsc_relaxation, 0, 1), 0 },
-	{ STR(sched_scan_plans), CFG_CHANGED_SCHED_SCAN_PLANS },
-#ifdef CONFIG_MBO
-	{ STR(non_pref_chan), 0 },
-	{ INT_RANGE(mbo_cell_capa, MBO_CELL_CAPA_AVAILABLE,
-		    MBO_CELL_CAPA_NOT_SUPPORTED), 0 },
-	{ INT_RANGE(disassoc_imminent_rssi_threshold, -120, 0), 0 },
-	{ INT_RANGE(oce, 0, 3), 0 },
-#endif /* CONFIG_MBO */
-	{ INT(gas_address3), 0 },
-	{ INT_RANGE(ftm_responder, 0, 1), 0 },
-	{ INT_RANGE(ftm_initiator, 0, 1), 0 },
-	{ INT(gas_rand_addr_lifetime), 0 },
-	{ INT_RANGE(gas_rand_mac_addr, 0, 2), 0 },
-#ifdef CONFIG_DPP
-	{ INT_RANGE(dpp_config_processing, 0, 2), 0 },
-	{ STR(dpp_name), 0 },
-	{ STR(dpp_mud_url), 0 },
-#endif /* CONFIG_DPP */
-	{ INT_RANGE(coloc_intf_reporting, 0, 1), 0 },
-#ifdef CONFIG_WNM
-	{ INT_RANGE(disable_btm, 0, 1), CFG_CHANGED_DISABLE_BTM },
-	{ INT_RANGE(extended_key_id, 0, 1), 0 },
-#endif /* CONFIG_WNM */
-	{ INT_RANGE(wowlan_disconnect_on_deinit, 0, 1), 0},
-#ifdef CONFIG_PASN
-#ifdef CONFIG_TESTING_OPTIONS
-	{ INT_RANGE(force_kdk_derivation, 0, 1), 0 },
-	{ INT_RANGE(pasn_corrupt_mic, 0, 1), 0 },
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_PASN */
-};
-
-#undef FUNC
-#undef _INT
-#undef INT
-#undef INT_RANGE
-#undef _STR
-#undef STR
-#undef STR_RANGE
-#undef BIN
-#undef IPV4
-#define NUM_GLOBAL_FIELDS ARRAY_SIZE(global_fields)
-
-
-int wpa_config_dump_values(struct wpa_config *config, char *buf, size_t buflen)
-{
-	int result = 0;
-	size_t i;
-
-	for (i = 0; i < NUM_GLOBAL_FIELDS; i++) {
-		const struct global_parse_data *field = &global_fields[i];
-		int tmp;
-
-		if (!field->get)
-			continue;
-
-		tmp = field->get(field->name, config, (long) field->param1,
-				 buf, buflen, 1);
-		if (tmp < 0)
-			return -1;
-		buf += tmp;
-		buflen -= tmp;
-		result += tmp;
-	}
-	return result;
-}
-
-
-int wpa_config_get_value(const char *name, struct wpa_config *config,
-			 char *buf, size_t buflen)
-{
-	size_t i;
-
-	for (i = 0; i < NUM_GLOBAL_FIELDS; i++) {
-		const struct global_parse_data *field = &global_fields[i];
-
-		if (os_strcmp(name, field->name) != 0)
-			continue;
-		if (!field->get)
-			break;
-		return field->get(name, config, (long) field->param1,
-				  buf, buflen, 0);
-	}
-
-	return -1;
-}
-
-
-int wpa_config_get_num_global_field_names(void)
-{
-	return NUM_GLOBAL_FIELDS;
-}
-
-
-const char * wpa_config_get_global_field_name(unsigned int i, int *no_var)
-{
-	if (i >= NUM_GLOBAL_FIELDS)
-		return NULL;
-
-	if (no_var)
-		*no_var = !global_fields[i].param1;
-	return global_fields[i].name;
-}
-
-
-/**
- * wpa_config_process_global - Set a variable in global configuration
- * @config: Pointer to global configuration data
- * @pos: Name and value in the format "{name}={value}"
- * @line: Line number in configuration file or 0 if not used
- * Returns: 0 on success with a possible change in value, 1 on success with no
- * change to previously configured value, or -1 on failure
- *
- * This function can be used to set global configuration variables based on
- * both the configuration file and management interface input. The value
- * parameter must be in the same format as the text-based configuration file is
- * using. For example, strings are using double quotation marks.
- */
-int wpa_config_process_global(struct wpa_config *config, char *pos, int line)
-{
-	size_t i;
-	int ret = 0;
-
-	for (i = 0; i < NUM_GLOBAL_FIELDS; i++) {
-		const struct global_parse_data *field = &global_fields[i];
-		size_t flen = os_strlen(field->name);
-		if (os_strncmp(pos, field->name, flen) != 0 ||
-		    pos[flen] != '=')
-			continue;
-
-		ret = field->parser(field, config, line, pos + flen + 1);
-		if (ret < 0) {
-			wpa_printf(MSG_ERROR, "Line %d: failed to "
-				   "parse '%s'.", line, pos);
-			ret = -1;
-		}
-		if (ret == 1)
-			break;
-		if (field->changed_flag == CFG_CHANGED_NFC_PASSWORD_TOKEN)
-			config->wps_nfc_pw_from_config = 1;
-		config->changed_parameters |= field->changed_flag;
-		break;
-	}
-	if (i == NUM_GLOBAL_FIELDS) {
-#ifdef CONFIG_AP
-		if (os_strncmp(pos, "tx_queue_", 9) == 0) {
-			char *tmp = os_strchr(pos, '=');
-
-			if (!tmp) {
-				if (line < 0)
-					wpa_printf(MSG_ERROR,
-						   "Line %d: invalid line %s",
-						   line, pos);
-				return -1;
-			}
-			*tmp++ = '\0';
-			if (hostapd_config_tx_queue(config->tx_queue, pos,
-						    tmp)) {
-				wpa_printf(MSG_ERROR,
-					   "Line %d: invalid TX queue item",
-					   line);
-				return -1;
-			}
-		}
-
-		if (os_strncmp(pos, "wmm_ac_", 7) == 0) {
-			char *tmp = os_strchr(pos, '=');
-			if (tmp == NULL) {
-				if (line < 0)
-					return -1;
-				wpa_printf(MSG_ERROR, "Line %d: invalid line "
-					   "'%s'", line, pos);
-				return -1;
-			}
-			*tmp++ = '\0';
-			if (hostapd_config_wmm_ac(config->wmm_ac_params, pos,
-						  tmp)) {
-				wpa_printf(MSG_ERROR, "Line %d: invalid WMM "
-					   "AC item", line);
-				return -1;
-			}
-			return ret;
-		}
-#endif /* CONFIG_AP */
-		if (line < 0)
-			return -1;
-		wpa_printf(MSG_ERROR, "Line %d: unknown global field '%s'.",
-			   line, pos);
-		ret = -1;
-	}
-
-	return ret;
-}
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
deleted file mode 100644
index d22ef05fb8ba..000000000000
--- a/wpa_supplicant/config.h
+++ /dev/null
@@ -1,1797 +0,0 @@
-/*
- * WPA Supplicant / Configuration file structures
- * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef CONFIG_H
-#define CONFIG_H
-
-#define DEFAULT_EAPOL_VERSION 1
-#ifdef CONFIG_NO_SCAN_PROCESSING
-#define DEFAULT_AP_SCAN 2
-#else /* CONFIG_NO_SCAN_PROCESSING */
-#define DEFAULT_AP_SCAN 1
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-#define DEFAULT_USER_MPM 1
-#define DEFAULT_MAX_PEER_LINKS 99
-#define DEFAULT_MESH_MAX_INACTIVITY 300
-#define DEFAULT_MESH_FWDING 1
-/*
- * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard,
- * but use 1000 ms in practice to avoid issues on low power CPUs.
- */
-#define DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD 1000
-#define DEFAULT_FAST_REAUTH 1
-#define DEFAULT_P2P_GO_INTENT 7
-#define DEFAULT_P2P_INTRA_BSS 1
-#define DEFAULT_P2P_GO_MAX_INACTIVITY (5 * 60)
-#define DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN 0
-#define DEFAULT_BSS_MAX_COUNT 200
-#define DEFAULT_BSS_EXPIRATION_AGE 180
-#define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2
-#define DEFAULT_MAX_NUM_STA 128
-#define DEFAULT_AP_ISOLATE 0
-#define DEFAULT_ACCESS_NETWORK_TYPE 15
-#define DEFAULT_SCAN_CUR_FREQ 0
-#define DEFAULT_P2P_SEARCH_DELAY 500
-#define DEFAULT_RAND_ADDR_LIFETIME 60
-#define DEFAULT_KEY_MGMT_OFFLOAD 1
-#define DEFAULT_CERT_IN_CB 1
-#define DEFAULT_P2P_GO_CTWINDOW 0
-#define DEFAULT_WPA_RSC_RELAXATION 1
-#define DEFAULT_MBO_CELL_CAPA MBO_CELL_CAPA_NOT_SUPPORTED
-#define DEFAULT_DISASSOC_IMMINENT_RSSI_THRESHOLD -75
-#define DEFAULT_OCE_SUPPORT OCE_STA
-#define DEFAULT_EXTENDED_KEY_ID 0
-#define DEFAULT_SCAN_RES_VALID_FOR_CONNECT 5
-
-#include "config_ssid.h"
-#include "wps/wps.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-
-
-#define MAX_ROAMING_CONS 36
-#define MAX_ROAMING_CONS_OI_LEN 15
-
-struct wpa_cred {
-	/**
-	 * next - Next credential in the list
-	 *
-	 * This pointer can be used to iterate over all credentials. The head
-	 * of this list is stored in the cred field of struct wpa_config.
-	 */
-	struct wpa_cred *next;
-
-	/**
-	 * id - Unique id for the credential
-	 *
-	 * This identifier is used as a unique identifier for each credential
-	 * block when using the control interface. Each credential is allocated
-	 * an id when it is being created, either when reading the
-	 * configuration file or when a new credential is added through the
-	 * control interface.
-	 */
-	int id;
-
-	/**
-	 * temporary - Whether this credential is temporary and not to be saved
-	 */
-	int temporary;
-
-	/**
-	 * priority - Priority group
-	 *
-	 * By default, all networks and credentials get the same priority group
-	 * (0). This field can be used to give higher priority for credentials
-	 * (and similarly in struct wpa_ssid for network blocks) to change the
-	 * Interworking automatic networking selection behavior. The matching
-	 * network (based on either an enabled network block or a credential)
-	 * with the highest priority value will be selected.
-	 */
-	int priority;
-
-	/**
-	 * pcsc - Use PC/SC and SIM/USIM card
-	 */
-	int pcsc;
-
-	/**
-	 * realm - Home Realm for Interworking
-	 */
-	char *realm;
-
-	/**
-	 * username - Username for Interworking network selection
-	 */
-	char *username;
-
-	/**
-	 * password - Password for Interworking network selection
-	 */
-	char *password;
-
-	/**
-	 * ext_password - Whether password is a name for external storage
-	 */
-	int ext_password;
-
-	/**
-	 * ca_cert - CA certificate for Interworking network selection
-	 */
-	char *ca_cert;
-
-	/**
-	 * client_cert - File path to client certificate file (PEM/DER)
-	 *
-	 * This field is used with Interworking networking selection for a case
-	 * where client certificate/private key is used for authentication
-	 * (EAP-TLS). Full path to the file should be used since working
-	 * directory may change when wpa_supplicant is run in the background.
-	 *
-	 * Alternatively, a named configuration blob can be used by setting
-	 * this to blob://blob_name.
-	 */
-	char *client_cert;
-
-	/**
-	 * private_key - File path to client private key file (PEM/DER/PFX)
-	 *
-	 * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
-	 * commented out. Both the private key and certificate will be read
-	 * from the PKCS#12 file in this case. Full path to the file should be
-	 * used since working directory may change when wpa_supplicant is run
-	 * in the background.
-	 *
-	 * Windows certificate store can be used by leaving client_cert out and
-	 * configuring private_key in one of the following formats:
-	 *
-	 * cert://substring_to_match
-	 *
-	 * hash://certificate_thumbprint_in_hex
-	 *
-	 * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
-	 *
-	 * Note that when running wpa_supplicant as an application, the user
-	 * certificate store (My user account) is used, whereas computer store
-	 * (Computer account) is used when running wpasvc as a service.
-	 *
-	 * Alternatively, a named configuration blob can be used by setting
-	 * this to blob://blob_name.
-	 */
-	char *private_key;
-
-	/**
-	 * private_key_passwd - Password for private key file
-	 */
-	char *private_key_passwd;
-
-	/**
-	 * imsi - IMSI in <MCC> | <MNC> | '-' | <MSIN> format
-	 */
-	char *imsi;
-
-	/**
-	 * milenage - Milenage parameters for SIM/USIM simulator in
-	 *	<Ki>:<OPc>:<SQN> format
-	 */
-	char *milenage;
-
-	/**
-	 * engine - Use an engine for private key operations
-	 */
-	int engine;
-
-	/**
-	 * engine_id - String identifying the engine to use
-	 */
-	char *engine_id;
-
-	/**
-	 * ca_cert_id - The CA certificate identifier when using an engine
-	 */
-	char *ca_cert_id;
-
-	/**
-	 * cert_id - The certificate identifier when using an engine
-	 */
-	char *cert_id;
-
-	/**
-	 * key_id - The private key identifier when using an engine
-	 */
-	char *key_id;
-
-	/**
-	 * domain_suffix_match - Constraint for server domain name
-	 *
-	 * If set, this FQDN is used as a suffix match requirement for the AAA
-	 * server certificate in SubjectAltName dNSName element(s). If a
-	 * matching dNSName is found, this constraint is met. If no dNSName
-	 * values are present, this constraint is matched against SubjectName CN
-	 * using same suffix match comparison. Suffix match here means that the
-	 * host/domain name is compared one label at a time starting from the
-	 * top-level domain and all the labels in @domain_suffix_match shall be
-	 * included in the certificate. The certificate may include additional
-	 * sub-level labels in addition to the required labels.
-	 *
-	 * For example, domain_suffix_match=example.com would match
-	 * test.example.com but would not match test-example.com.
-	 */
-	char *domain_suffix_match;
-
-	/**
-	 * domain - Home service provider FQDN(s)
-	 *
-	 * This is used to compare against the Domain Name List to figure out
-	 * whether the AP is operated by the Home SP. Multiple domain entries
-	 * can be used to configure alternative FQDNs that will be considered
-	 * home networks.
-	 */
-	char **domain;
-
-	/**
-	 * num_domain - Number of FQDNs in the domain array
-	 */
-	size_t num_domain;
-
-	/**
-	 * roaming_consortium - Roaming Consortium OI
-	 *
-	 * If roaming_consortium_len is non-zero, this field contains the
-	 * Roaming Consortium OI that can be used to determine which access
-	 * points support authentication with this credential. This is an
-	 * alternative to the use of the realm parameter. When using Roaming
-	 * Consortium to match the network, the EAP parameters need to be
-	 * pre-configured with the credential since the NAI Realm information
-	 * may not be available or fetched.
-	 */
-	u8 roaming_consortium[15];
-
-	/**
-	 * roaming_consortium_len - Length of roaming_consortium
-	 */
-	size_t roaming_consortium_len;
-
-	/**
-	 * required_roaming_consortium - Required Roaming Consortium OI
-	 *
-	 * If required_roaming_consortium_len is non-zero, this field contains
-	 * the Roaming Consortium OI that is required to be advertised by the AP
-	 * for the credential to be considered matching.
-	 */
-	u8 required_roaming_consortium[15];
-
-	/**
-	 * required_roaming_consortium_len - Length of required_roaming_consortium
-	 */
-	size_t required_roaming_consortium_len;
-
-	/**
-	 * roaming_consortiums - Roaming Consortium OI(s) memberships
-	 *
-	 * This field contains one or more OIs identifying the roaming
-	 * consortiums of which the provider is a member. The list is sorted
-	 * from the most preferred one to the least preferred one. A match
-	 * between the Roaming Consortium OIs advertised by an AP and the OIs
-	 * in this list indicates that successful authentication is possible.
-	 * (Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI)
-	 */
-	u8 roaming_consortiums[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN];
-
-	/**
-	 * roaming_consortiums_len - Length on roaming_consortiums[i]
-	 */
-	size_t roaming_consortiums_len[MAX_ROAMING_CONS];
-
-	/**
-	 * num_roaming_consortiums - Number of entries in roaming_consortiums
-	 */
-	unsigned int num_roaming_consortiums;
-
-	/**
-	 * eap_method - EAP method to use
-	 *
-	 * Pre-configured EAP method to use with this credential or %NULL to
-	 * indicate no EAP method is selected, i.e., the method will be
-	 * selected automatically based on ANQP information.
-	 */
-	struct eap_method_type *eap_method;
-
-	/**
-	 * phase1 - Phase 1 (outer authentication) parameters
-	 *
-	 * Pre-configured EAP parameters or %NULL.
-	 */
-	char *phase1;
-
-	/**
-	 * phase2 - Phase 2 (inner authentication) parameters
-	 *
-	 * Pre-configured EAP parameters or %NULL.
-	 */
-	char *phase2;
-
-	struct excluded_ssid {
-		u8 ssid[SSID_MAX_LEN];
-		size_t ssid_len;
-	} *excluded_ssid;
-	size_t num_excluded_ssid;
-
-	struct roaming_partner {
-		char fqdn[128];
-		int exact_match;
-		u8 priority;
-		char country[3];
-	} *roaming_partner;
-	size_t num_roaming_partner;
-
-	int update_identifier;
-
-	/**
-	 * provisioning_sp - FQDN of the SP that provisioned the credential
-	 */
-	char *provisioning_sp;
-
-	/**
-	 * sp_priority - Credential priority within a provisioning SP
-	 *
-	 * This is the priority of the credential among all credentials
-	 * provisionined by the same SP (i.e., for entries that have identical
-	 * provisioning_sp value). The range of this priority is 0-255 with 0
-	 * being the highest and 255 the lower priority.
-	 */
-	int sp_priority;
-
-	unsigned int min_dl_bandwidth_home;
-	unsigned int min_ul_bandwidth_home;
-	unsigned int min_dl_bandwidth_roaming;
-	unsigned int min_ul_bandwidth_roaming;
-
-	/**
-	 * max_bss_load - Maximum BSS Load Channel Utilization (1..255)
-	 * This value is used as the maximum channel utilization for network
-	 * selection purposes for home networks. If the AP does not advertise
-	 * BSS Load or if the limit would prevent any connection, this
-	 * constraint will be ignored.
-	 */
-	unsigned int max_bss_load;
-
-	size_t num_req_conn_capab;
-	u8 *req_conn_capab_proto;
-	int **req_conn_capab_port;
-
-	/**
-	 * ocsp - Whether to use/require OCSP to check server certificate
-	 *
-	 * 0 = do not use OCSP stapling (TLS certificate status extension)
-	 * 1 = try to use OCSP stapling, but not require response
-	 * 2 = require valid OCSP stapling response
-	 */
-	int ocsp;
-
-	/**
-	 * sim_num - User selected SIM identifier
-	 *
-	 * This variable is used for identifying which SIM is used if the system
-	 * has more than one.
-	 */
-	int sim_num;
-};
-
-
-#define CFG_CHANGED_DEVICE_NAME BIT(0)
-#define CFG_CHANGED_CONFIG_METHODS BIT(1)
-#define CFG_CHANGED_DEVICE_TYPE BIT(2)
-#define CFG_CHANGED_OS_VERSION BIT(3)
-#define CFG_CHANGED_UUID BIT(4)
-#define CFG_CHANGED_COUNTRY BIT(5)
-#define CFG_CHANGED_SEC_DEVICE_TYPE BIT(6)
-#define CFG_CHANGED_P2P_SSID_POSTFIX BIT(7)
-#define CFG_CHANGED_WPS_STRING BIT(8)
-#define CFG_CHANGED_P2P_INTRA_BSS BIT(9)
-#define CFG_CHANGED_VENDOR_EXTENSION BIT(10)
-#define CFG_CHANGED_P2P_LISTEN_CHANNEL BIT(11)
-#define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12)
-#define CFG_CHANGED_P2P_PREF_CHAN BIT(13)
-#define CFG_CHANGED_EXT_PW_BACKEND BIT(14)
-#define CFG_CHANGED_NFC_PASSWORD_TOKEN BIT(15)
-#define CFG_CHANGED_P2P_PASSPHRASE_LEN BIT(16)
-#define CFG_CHANGED_SCHED_SCAN_PLANS BIT(17)
-#define CFG_CHANGED_WOWLAN_TRIGGERS BIT(18)
-#define CFG_CHANGED_DISABLE_BTM BIT(19)
-#define CFG_CHANGED_BGSCAN BIT(20)
-
-/**
- * struct wpa_config - wpa_supplicant configuration data
- *
- * This data structure is presents the per-interface (radio) configuration
- * data. In many cases, there is only one struct wpa_config instance, but if
- * more than one network interface is being controlled, one instance is used
- * for each.
- */
-struct wpa_config {
-	/**
-	 * ssid - Head of the global network list
-	 *
-	 * This is the head for the list of all the configured networks.
-	 */
-	struct wpa_ssid *ssid;
-
-	/**
-	 * pssid - Per-priority network lists (in priority order)
-	 */
-	struct wpa_ssid **pssid;
-
-	/**
-	 * num_prio - Number of different priorities used in the pssid lists
-	 *
-	 * This indicates how many per-priority network lists are included in
-	 * pssid.
-	 */
-	size_t num_prio;
-
-	/**
-	 * cred - Head of the credential list
-	 *
-	 * This is the head for the list of all the configured credentials.
-	 */
-	struct wpa_cred *cred;
-
-	/**
-	 * eapol_version - IEEE 802.1X/EAPOL version number
-	 *
-	 * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which
-	 * defines EAPOL version 2. However, there are many APs that do not
-	 * handle the new version number correctly (they seem to drop the
-	 * frames completely). In order to make wpa_supplicant interoperate
-	 * with these APs, the version number is set to 1 by default. This
-	 * configuration value can be used to set it to the new version (2).
-	 */
-	int eapol_version;
-
-	/**
-	 * ap_scan - AP scanning/selection
-	 *
-	 * By default, wpa_supplicant requests driver to perform AP
-	 * scanning and then uses the scan results to select a
-	 * suitable AP. Another alternative is to allow the driver to
-	 * take care of AP scanning and selection and use
-	 * wpa_supplicant just to process EAPOL frames based on IEEE
-	 * 802.11 association information from the driver.
-	 *
-	 * 1: wpa_supplicant initiates scanning and AP selection (default).
-	 *
-	 * 0: Driver takes care of scanning, AP selection, and IEEE 802.11
-	 * association parameters (e.g., WPA IE generation); this mode can
-	 * also be used with non-WPA drivers when using IEEE 802.1X mode;
-	 * do not try to associate with APs (i.e., external program needs
-	 * to control association). This mode must also be used when using
-	 * wired Ethernet drivers.
-	 *
-	 * 2: like 0, but associate with APs using security policy and SSID
-	 * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS
-	 * drivers to enable operation with hidden SSIDs and optimized roaming;
-	 * in this mode, the network blocks in the configuration are tried
-	 * one by one until the driver reports successful association; each
-	 * network block should have explicit security policy (i.e., only one
-	 * option in the lists) for key_mgmt, pairwise, group, proto variables.
-	 *
-	 * Note: ap_scan=2 should not be used with the nl80211 driver interface
-	 * (the current Linux interface). ap_scan=1 is optimized work working
-	 * with nl80211. For finding networks using hidden SSID, scan_ssid=1 in
-	 * the network block can be used with nl80211.
-	 */
-	int ap_scan;
-
-	/**
-	 * bgscan - Background scan and roaming parameters or %NULL if none
-	 *
-	 * This is an optional set of parameters for background scanning and
-	 * roaming within a network (ESS). For more detailed information see
-	 * ssid block documentation.
-	 *
-	 * The variable defines default bgscan behavior for all BSS station
-	 * networks except for those which have their own bgscan configuration.
-	 */
-	 char *bgscan;
-
-	/**
-	 * disable_scan_offload - Disable automatic offloading of scan requests
-	 *
-	 * By default, %wpa_supplicant tries to offload scanning if the driver
-	 * indicates support for this (sched_scan). This configuration
-	 * parameter can be used to disable this offloading mechanism.
-	 */
-	int disable_scan_offload;
-
-	/**
-	 * ctrl_interface - Parameters for the control interface
-	 *
-	 * If this is specified, %wpa_supplicant will open a control interface
-	 * that is available for external programs to manage %wpa_supplicant.
-	 * The meaning of this string depends on which control interface
-	 * mechanism is used. For all cases, the existence of this parameter
-	 * in configuration is used to determine whether the control interface
-	 * is enabled.
-	 *
-	 * For UNIX domain sockets (default on Linux and BSD): This is a
-	 * directory that will be created for UNIX domain sockets for listening
-	 * to requests from external programs (CLI/GUI, etc.) for status
-	 * information and configuration. The socket file will be named based
-	 * on the interface name, so multiple %wpa_supplicant processes can be
-	 * run at the same time if more than one interface is used.
-	 * /var/run/wpa_supplicant is the recommended directory for sockets and
-	 * by default, wpa_cli will use it when trying to connect with
-	 * %wpa_supplicant.
-	 *
-	 * Access control for the control interface can be configured
-	 * by setting the directory to allow only members of a group
-	 * to use sockets. This way, it is possible to run
-	 * %wpa_supplicant as root (since it needs to change network
-	 * configuration and open raw sockets) and still allow GUI/CLI
-	 * components to be run as non-root users. However, since the
-	 * control interface can be used to change the network
-	 * configuration, this access needs to be protected in many
-	 * cases. By default, %wpa_supplicant is configured to use gid
-	 * 0 (root). If you want to allow non-root users to use the
-	 * control interface, add a new group and change this value to
-	 * match with that group. Add users that should have control
-	 * interface access to this group.
-	 *
-	 * When configuring both the directory and group, use following format:
-	 * DIR=/var/run/wpa_supplicant GROUP=wheel
-	 * DIR=/var/run/wpa_supplicant GROUP=0
-	 * (group can be either group name or gid)
-	 *
-	 * For UDP connections (default on Windows): The value will be ignored.
-	 * This variable is just used to select that the control interface is
-	 * to be created. The value can be set to, e.g., udp
-	 * (ctrl_interface=udp).
-	 *
-	 * For Windows Named Pipe: This value can be used to set the security
-	 * descriptor for controlling access to the control interface. Security
-	 * descriptor can be set using Security Descriptor String Format (see
-	 * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp).
-	 * The descriptor string needs to be prefixed with SDDL=. For example,
-	 * ctrl_interface=SDDL=D: would set an empty DACL (which will reject
-	 * all connections).
-	 */
-	char *ctrl_interface;
-
-	/**
-	 * ctrl_interface_group - Control interface group (DEPRECATED)
-	 *
-	 * This variable is only used for backwards compatibility. Group for
-	 * UNIX domain sockets should now be specified using GROUP=group in
-	 * ctrl_interface variable.
-	 */
-	char *ctrl_interface_group;
-
-	/**
-	 * fast_reauth - EAP fast re-authentication (session resumption)
-	 *
-	 * By default, fast re-authentication is enabled for all EAP methods
-	 * that support it. This variable can be used to disable fast
-	 * re-authentication (by setting fast_reauth=0). Normally, there is no
-	 * need to disable fast re-authentication.
-	 */
-	int fast_reauth;
-
-	/**
-	 * opensc_engine_path - Path to the OpenSSL engine for opensc
-	 *
-	 * This is an OpenSSL specific configuration option for loading OpenSC
-	 * engine (engine_opensc.so); if %NULL, this engine is not loaded.
-	 */
-	char *opensc_engine_path;
-
-	/**
-	 * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11
-	 *
-	 * This is an OpenSSL specific configuration option for loading PKCS#11
-	 * engine (engine_pkcs11.so); if %NULL, this engine is not loaded.
-	 */
-	char *pkcs11_engine_path;
-
-	/**
-	 * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module
-	 *
-	 * This is an OpenSSL specific configuration option for configuring
-	 * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this
-	 * module is not loaded.
-	 */
-	char *pkcs11_module_path;
-
-	/**
-	 * openssl_ciphers - OpenSSL cipher string
-	 *
-	 * This is an OpenSSL specific configuration option for configuring the
-	 * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the
-	 * default.
-	 */
-	char *openssl_ciphers;
-
-	/**
-	 * pcsc_reader - PC/SC reader name prefix
-	 *
-	 * If not %NULL, PC/SC reader with a name that matches this prefix is
-	 * initialized for SIM/USIM access. Empty string can be used to match
-	 * the first available reader.
-	 */
-	char *pcsc_reader;
-
-	/**
-	 * pcsc_pin - PIN for USIM, GSM SIM, and smartcards
-	 *
-	 * This field is used to configure PIN for SIM/USIM for EAP-SIM and
-	 * EAP-AKA. If left out, this will be asked through control interface.
-	 */
-	char *pcsc_pin;
-
-	/**
-	 * external_sim - Use external processing for SIM/USIM operations
-	 */
-	int external_sim;
-
-	/**
-	 * driver_param - Driver interface parameters
-	 *
-	 * This text string is passed to the selected driver interface with the
-	 * optional struct wpa_driver_ops::set_param() handler. This can be
-	 * used to configure driver specific options without having to add new
-	 * driver interface functionality.
-	 */
-	char *driver_param;
-
-	/**
-	 * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK
-	 *
-	 * dot11 MIB variable for the maximum lifetime of a PMK in the PMK
-	 * cache (unit: seconds).
-	 */
-	unsigned int dot11RSNAConfigPMKLifetime;
-
-	/**
-	 * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold
-	 *
-	 * dot11 MIB variable for the percentage of the PMK lifetime
-	 * that should expire before an IEEE 802.1X reauthentication occurs.
-	 */
-	unsigned int dot11RSNAConfigPMKReauthThreshold;
-
-	/**
-	 * dot11RSNAConfigSATimeout - Security association timeout
-	 *
-	 * dot11 MIB variable for the maximum time a security association
-	 * shall take to set up (unit: seconds).
-	 */
-	unsigned int dot11RSNAConfigSATimeout;
-
-	/**
-	 * update_config - Is wpa_supplicant allowed to update configuration
-	 *
-	 * This variable control whether wpa_supplicant is allow to re-write
-	 * its configuration with wpa_config_write(). If this is zero,
-	 * configuration data is only changed in memory and the external data
-	 * is not overridden. If this is non-zero, wpa_supplicant will update
-	 * the configuration data (e.g., a file) whenever configuration is
-	 * changed. This update may replace the old configuration which can
-	 * remove comments from it in case of a text file configuration.
-	 */
-	int update_config;
-
-	/**
-	 * blobs - Configuration blobs
-	 */
-	struct wpa_config_blob *blobs;
-
-	/**
-	 * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS
-	 */
-	u8 uuid[16];
-
-	/**
-	 * auto_uuid - Automatic UUID behavior
-	 * 0 = generate static value based on the local MAC address (default)
-	 * 1 = generate a random UUID every time wpa_supplicant starts
-	 */
-	int auto_uuid;
-
-	/**
-	 * device_name - Device Name (WPS)
-	 * User-friendly description of device; up to 32 octets encoded in
-	 * UTF-8
-	 */
-	char *device_name;
-
-	/**
-	 * manufacturer - Manufacturer (WPS)
-	 * The manufacturer of the device (up to 64 ASCII characters)
-	 */
-	char *manufacturer;
-
-	/**
-	 * model_name - Model Name (WPS)
-	 * Model of the device (up to 32 ASCII characters)
-	 */
-	char *model_name;
-
-	/**
-	 * model_number - Model Number (WPS)
-	 * Additional device description (up to 32 ASCII characters)
-	 */
-	char *model_number;
-
-	/**
-	 * serial_number - Serial Number (WPS)
-	 * Serial number of the device (up to 32 characters)
-	 */
-	char *serial_number;
-
-	/**
-	 * device_type - Primary Device Type (WPS)
-	 */
-	u8 device_type[WPS_DEV_TYPE_LEN];
-
-	/**
-	 * config_methods - Config Methods
-	 *
-	 * This is a space-separated list of supported WPS configuration
-	 * methods. For example, "label virtual_display virtual_push_button
-	 * keypad".
-	 * Available methods: usba ethernet label display ext_nfc_token
-	 * int_nfc_token nfc_interface push_button keypad
-	 * virtual_display physical_display
-	 * virtual_push_button physical_push_button.
-	 */
-	char *config_methods;
-
-	/**
-	 * os_version - OS Version (WPS)
-	 * 4-octet operating system version number
-	 */
-	u8 os_version[4];
-
-	/**
-	 * country - Country code
-	 *
-	 * This is the ISO/IEC alpha2 country code for which we are operating
-	 * in
-	 */
-	char country[2];
-
-	/**
-	 * wps_cred_processing - Credential processing
-	 *
-	 *   0 = process received credentials internally
-	 *   1 = do not process received credentials; just pass them over
-	 *	ctrl_iface to external program(s)
-	 *   2 = process received credentials internally and pass them over
-	 *	ctrl_iface to external program(s)
-	 */
-	int wps_cred_processing;
-
-	/**
-	 * wps_cred_add_sae - Whether to enable SAE automatically for WPS
-	 *
-	 * 0 = only add the explicitly listed WPA2-PSK configuration
-	 * 1 = add both the WPA2-PSK and SAE configuration and enable PMF so
-	 *     that the station gets configured in WPA3-Personal transition mode
-	 *     (supports both WPA2-Personal (PSK) and WPA3-Personal (SAE) APs).
-	 */
-	int wps_cred_add_sae;
-
-#define MAX_SEC_DEVICE_TYPES 5
-	/**
-	 * sec_device_types - Secondary Device Types (P2P)
-	 */
-	u8 sec_device_type[MAX_SEC_DEVICE_TYPES][WPS_DEV_TYPE_LEN];
-	int num_sec_device_types;
-
-	int p2p_listen_reg_class;
-	int p2p_listen_channel;
-	int p2p_oper_reg_class;
-	int p2p_oper_channel;
-	int p2p_go_intent;
-	char *p2p_ssid_postfix;
-	int persistent_reconnect;
-	int p2p_intra_bss;
-	unsigned int num_p2p_pref_chan;
-	struct p2p_channel *p2p_pref_chan;
-	struct wpa_freq_range_list p2p_no_go_freq;
-	int p2p_add_cli_chan;
-	int p2p_ignore_shared_freq;
-	int p2p_optimize_listen_chan;
-
-	int p2p_6ghz_disable;
-
-	struct wpabuf *wps_vendor_ext_m1;
-
-#define MAX_WPS_VENDOR_EXT 10
-	/**
-	 * wps_vendor_ext - Vendor extension attributes in WPS
-	 */
-	struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXT];
-
-	/**
-	 * p2p_group_idle - Maximum idle time in seconds for P2P group
-	 *
-	 * This value controls how long a P2P group is maintained after there
-	 * is no other members in the group. As a GO, this means no associated
-	 * stations in the group. As a P2P client, this means no GO seen in
-	 * scan results. The maximum idle time is specified in seconds with 0
-	 * indicating no time limit, i.e., the P2P group remains in active
-	 * state indefinitely until explicitly removed. As a P2P client, the
-	 * maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e.,
-	 * this parameter is mainly meant for GO use and for P2P client, it can
-	 * only be used to reduce the default timeout to smaller value. A
-	 * special value -1 can be used to configure immediate removal of the
-	 * group for P2P client role on any disconnection after the data
-	 * connection has been established.
-	 */
-	int p2p_group_idle;
-
-	/**
-	 * p2p_go_freq_change_policy - The GO frequency change policy
-	 *
-	 * This controls the behavior of the GO when there is a change in the
-	 * map of the currently used frequencies in case more than one channel
-	 * is supported.
-	 *
-	 * @P2P_GO_FREQ_MOVE_SCM: Prefer working in a single channel mode if
-	 * possible. In case the GO is the only interface using its frequency
-	 * and there are other station interfaces on other frequencies, the GO
-	 * will migrate to one of these frequencies.
-	 *
-	 * @P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS: Same as P2P_GO_FREQ_MOVE_SCM,
-	 * but a transition is possible only in case one of the other used
-	 * frequencies is one of the frequencies in the intersection of the
-	 * frequency list of the local device and the peer device.
-	 *
-	 * @P2P_GO_FREQ_MOVE_STAY: Prefer to stay on the current frequency.
-	 *
-	 * @P2P_GO_FREQ_MOVE_SCM_ECSA: Same as
-	 * P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS but a transition is possible only
-	 * if all the group members advertise eCSA support.
-	 */
-	enum {
-		P2P_GO_FREQ_MOVE_SCM = 0,
-		P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS = 1,
-		P2P_GO_FREQ_MOVE_STAY = 2,
-		P2P_GO_FREQ_MOVE_SCM_ECSA = 3,
-		P2P_GO_FREQ_MOVE_MAX = P2P_GO_FREQ_MOVE_SCM_ECSA,
-	} p2p_go_freq_change_policy;
-
-#define DEFAULT_P2P_GO_FREQ_MOVE P2P_GO_FREQ_MOVE_STAY
-
-	/**
-	 * p2p_passphrase_len - Passphrase length (8..63) for P2P GO
-	 *
-	 * This parameter controls the length of the random passphrase that is
-	 * generated at the GO.
-	 */
-	unsigned int p2p_passphrase_len;
-
-	/**
-	 * bss_max_count - Maximum number of BSS entries to keep in memory
-	 */
-	unsigned int bss_max_count;
-
-	/**
-	 * bss_expiration_age - BSS entry age after which it can be expired
-	 *
-	 * This value controls the time in seconds after which a BSS entry
-	 * gets removed if it has not been updated or is not in use.
-	 */
-	unsigned int bss_expiration_age;
-
-	/**
-	 * bss_expiration_scan_count - Expire BSS after number of scans
-	 *
-	 * If the BSS entry has not been seen in this many scans, it will be
-	 * removed. A value of 1 means that entry is removed after the first
-	 * scan in which the BSSID is not seen. Larger values can be used
-	 * to avoid BSS entries disappearing if they are not visible in
-	 * every scan (e.g., low signal quality or interference).
-	 */
-	unsigned int bss_expiration_scan_count;
-
-	/**
-	 * filter_ssids - SSID-based scan result filtering
-	 *
-	 *   0 = do not filter scan results
-	 *   1 = only include configured SSIDs in scan results/BSS table
-	 */
-	int filter_ssids;
-
-	/**
-	 * filter_rssi - RSSI-based scan result filtering
-	 *
-	 * 0 = do not filter scan results
-	 * -n = filter scan results below -n dBm
-	 */
-	int filter_rssi;
-
-	/**
-	 * max_num_sta - Maximum number of STAs in an AP/P2P GO
-	 */
-	unsigned int max_num_sta;
-
-	/**
-	 * ap_isolate - Whether to use client isolation feature
-	 *
-	 * Client isolation can be used to prevent low-level bridging of
-	 * frames between associated stations in the BSS. By default,
-	 * this bridging is allowed (ap_isolate=0); except in P2P GO case,
-	 * where p2p_intra_bss parameter is used to determine whether to allow
-	 * intra-BSS forwarding (ap_isolate = !p2p_intra_bss).
-	 *
-	 * 0 = do not enable AP isolation
-	 * 1 = enable AP isolation
-	 */
-	int ap_isolate;
-
-	/**
-	 * freq_list - Array of allowed scan frequencies or %NULL for all
-	 *
-	 * This is an optional zero-terminated array of frequencies in
-	 * megahertz (MHz) to allow for narrowing scanning range.
-	 */
-	int *freq_list;
-
-	/**
-	 * initial_freq_list - like freq_list but for initial scan
-	 *
-	 * This is an optional zero-terminated array of frequencies in
-	 * megahertz (MHz) to allow for narrowing scanning range when
-	 * the application is started.
-	 *
-	 * This can be used to speed up initial connection time if the
-	 * channel is known ahead of time, without limiting the scanned
-	 * frequencies during normal use.
-	 */
-	int *initial_freq_list;
-
-	/**
-	 * scan_cur_freq - Whether to scan only the current channel
-	 *
-	 * If true, attempt to scan only the current channel if any other
-	 * VIFs on this radio are already associated on a particular channel.
-	 */
-	int scan_cur_freq;
-
-	/**
-	 * scan_res_valid_for_connect - Seconds scans are valid for association
-	 *
-	 * This configures the number of seconds old scan results are considered
-	 * valid for association. When scan results are older than this value
-	 * a new scan is triggered prior to the association.
-	 */
-	int scan_res_valid_for_connect;
-
-	/**
-	 * changed_parameters - Bitmap of changed parameters since last update
-	 */
-	unsigned int changed_parameters;
-
-	/**
-	 * disassoc_low_ack - Disassociate stations with massive packet loss
-	 */
-	int disassoc_low_ack;
-
-	/**
-	 * interworking - Whether Interworking (IEEE 802.11u) is enabled
-	 */
-	int interworking;
-
-	/**
-	 * access_network_type - Access Network Type
-	 *
-	 * When Interworking is enabled, scans will be limited to APs that
-	 * advertise the specified Access Network Type (0..15; with 15
-	 * indicating wildcard match).
-	 */
-	int access_network_type;
-
-	 /**
-	  * go_interworking - Whether Interworking for P2P GO is enabled
-	  */
-	int go_interworking;
-
-	/**
-	 * go_access_network_type - P2P GO Access Network Type
-	 *
-	 * This indicates which access network type to advertise if Interworking
-	 * is enabled for P2P GO.
-	 */
-	int go_access_network_type;
-
-	/**
-	 * go_internet - Interworking: Internet connectivity (0 or 1)
-	 */
-	int go_internet;
-
-	/**
-	 * go_venue_group - Interworking: Venue group
-	 */
-	int go_venue_group;
-
-	/**
-	 * go_venue_type: Interworking: Venue type
-	 */
-	int go_venue_type;
-
-	/**
-	 * hessid - Homogeneous ESS identifier
-	 *
-	 * If this is set (any octet is non-zero), scans will be used to
-	 * request response only from BSSes belonging to the specified
-	 * Homogeneous ESS. This is used only if interworking is enabled.
-	 */
-	u8 hessid[ETH_ALEN];
-
-	/**
-	 * hs20 - Hotspot 2.0
-	 */
-	int hs20;
-
-	/**
-	 * pbc_in_m1 - AP mode WPS probing workaround for PBC with Windows 7
-	 *
-	 * Windows 7 uses incorrect way of figuring out AP's WPS capabilities
-	 * by acting as a Registrar and using M1 from the AP. The config
-	 * methods attribute in that message is supposed to indicate only the
-	 * configuration method supported by the AP in Enrollee role, i.e., to
-	 * add an external Registrar. For that case, PBC shall not be used and
-	 * as such, the PushButton config method is removed from M1 by default.
-	 * If pbc_in_m1=1 is included in the configuration file, the PushButton
-	 * config method is left in M1 (if included in config_methods
-	 * parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from
-	 * a label in the AP).
-	 */
-	int pbc_in_m1;
-
-	/**
-	 * autoscan - Automatic scan parameters or %NULL if none
-	 *
-	 * This is an optional set of parameters for automatic scanning
-	 * within an interface in following format:
-	 * <autoscan module name>:<module parameters>
-	 */
-	char *autoscan;
-
-	/**
-	 * wps_nfc_pw_from_config - NFC Device Password was read from config
-	 *
-	 * This parameter can be determined whether the NFC Device Password was
-	 * included in the configuration (1) or generated dynamically (0). Only
-	 * the former case is re-written back to the configuration file.
-	 */
-	int wps_nfc_pw_from_config;
-
-	/**
-	 * wps_nfc_dev_pw_id - NFC Device Password ID for password token
-	 */
-	int wps_nfc_dev_pw_id;
-
-	/**
-	 * wps_nfc_dh_pubkey - NFC DH Public Key for password token
-	 */
-	struct wpabuf *wps_nfc_dh_pubkey;
-
-	/**
-	 * wps_nfc_dh_privkey - NFC DH Private Key for password token
-	 */
-	struct wpabuf *wps_nfc_dh_privkey;
-
-	/**
-	 * wps_nfc_dev_pw - NFC Device Password for password token
-	 */
-	struct wpabuf *wps_nfc_dev_pw;
-
-	/**
-	 * ext_password_backend - External password backend or %NULL if none
-	 *
-	 * format: <backend name>[:<optional backend parameters>]
-	 */
-	char *ext_password_backend;
-
-	/*
-	 * p2p_go_max_inactivity - Timeout in seconds to detect STA inactivity
-	 *
-	 * This timeout value is used in P2P GO mode to clean up
-	 * inactive stations.
-	 * By default: 300 seconds.
-	 */
-	int p2p_go_max_inactivity;
-
-	struct hostapd_wmm_ac_params wmm_ac_params[4];
-	struct hostapd_tx_queue_params tx_queue[4];
-
-	/**
-	 * auto_interworking - Whether to use network selection automatically
-	 *
-	 * 0 = do not automatically go through Interworking network selection
-	 *     (i.e., require explicit interworking_select command for this)
-	 * 1 = perform Interworking network selection if one or more
-	 *     credentials have been configured and scan did not find a
-	 *     matching network block
-	 */
-	int auto_interworking;
-
-	/**
-	 * p2p_go_ht40 - Default mode for HT40 enable when operating as GO.
-	 *
-	 * This will take effect for p2p_group_add, p2p_connect, and p2p_invite.
-	 * Note that regulatory constraints and driver capabilities are
-	 * consulted anyway, so setting it to 1 can't do real harm.
-	 * By default: 0 (disabled)
-	 */
-	int p2p_go_ht40;
-
-	/**
-	 * p2p_go_vht - Default mode for VHT enable when operating as GO
-	 *
-	 * This will take effect for p2p_group_add, p2p_connect, and p2p_invite.
-	 * Note that regulatory constraints and driver capabilities are
-	 * consulted anyway, so setting it to 1 can't do real harm.
-	 * By default: 0 (disabled)
-	 */
-	int p2p_go_vht;
-
-	/**
-	 * p2p_go_edmg - Default mode for EDMG enable when operating as GO
-	 *
-	 * This will take effect for p2p_group_add, p2p_connect, and p2p_invite.
-	 * Note that regulatory constraints and driver capabilities are
-	 * consulted anyway, so setting it to 1 can't do real harm.
-	 * By default: 0 (disabled)
-	 */
-	int p2p_go_edmg;
-
-	/**
-	 * p2p_go_he - Default mode for 11ax HE enable when operating as GO
-	 *
-	 * This will take effect for p2p_group_add, p2p_connect, and p2p_invite.
-	 * Note that regulatory constraints and driver capabilities are
-	 * consulted anyway, so setting it to 1 can't do real harm.
-	 * By default: 0 (disabled)
-	 */
-	int p2p_go_he;
-
-	/**
-	 * p2p_go_ctwindow - CTWindow to use when operating as GO
-	 *
-	 * By default: 0 (no CTWindow). Values 0-127 can be used to indicate
-	 * the length of the CTWindow in TUs.
-	 */
-	int p2p_go_ctwindow;
-
-	/**
-	 * p2p_disabled - Whether P2P operations are disabled for this interface
-	 */
-	int p2p_disabled;
-
-	/**
-	 * p2p_no_group_iface - Whether group interfaces can be used
-	 *
-	 * By default, wpa_supplicant will create a separate interface for P2P
-	 * group operations if the driver supports this. This functionality can
-	 * be disabled by setting this parameter to 1. In that case, the same
-	 * interface that was used for the P2P management operations is used
-	 * also for the group operation.
-	 */
-	int p2p_no_group_iface;
-
-	/**
-	 * p2p_cli_probe - Enable/disable P2P CLI probe request handling
-	 *
-	 * If this parameter is set to 1, a connected P2P Client will receive
-	 * and handle Probe Request frames. Setting this parameter to 0
-	 * disables this option. Default value: 0.
-	 *
-	 * Note: Setting this property at run time takes effect on the following
-	 * interface state transition to/from the WPA_COMPLETED state.
-	 */
-	int p2p_cli_probe;
-
-	/**
-	 * okc - Whether to enable opportunistic key caching by default
-	 *
-	 * By default, OKC is disabled unless enabled by the per-network
-	 * proactive_key_caching=1 parameter. okc=1 can be used to change this
-	 * default behavior.
-	 */
-	int okc;
-
-	/**
-	 * pmf - Whether to enable/require PMF by default
-	 *
-	 * By default, PMF is disabled unless enabled by the per-network
-	 * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
-	 * this default behavior for RSN network (this is not applicable for
-	 * non-RSN cases).
-	 */
-	enum mfp_options pmf;
-
-	/**
-	 * sae_groups - Preference list of enabled groups for SAE
-	 *
-	 * By default (if this parameter is not set), the mandatory group 19
-	 * (ECC group defined over a 256-bit prime order field) is preferred,
-	 * but other groups are also enabled. If this parameter is set, the
-	 * groups will be tried in the indicated order.
-	 */
-	int *sae_groups;
-
-	/**
-	 * sae_pwe - SAE mechanism for PWE derivation
-	 * 0 = hunting-and-pecking loop only
-	 * 1 = hash-to-element only
-	 * 2 = both hunting-and-pecking loop and hash-to-element enabled
-	 */
-	int sae_pwe;
-
-	/**
-	 * sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req
-	 */
-	int sae_pmkid_in_assoc;
-
-	/**
-	 * dtim_period - Default DTIM period in Beacon intervals
-	 *
-	 * This parameter can be used to set the default value for network
-	 * blocks that do not specify dtim_period.
-	 */
-	int dtim_period;
-
-	/**
-	 * beacon_int - Default Beacon interval in TU
-	 *
-	 * This parameter can be used to set the default value for network
-	 * blocks that do not specify beacon_int.
-	 */
-	int beacon_int;
-
-	/**
-	 * ap_vendor_elements: Vendor specific elements for Beacon/ProbeResp
-	 *
-	 * This parameter can be used to define additional vendor specific
-	 * elements for Beacon and Probe Response frames in AP/P2P GO mode. The
-	 * format for these element(s) is a hexdump of the raw information
-	 * elements (id+len+payload for one or more elements).
-	 */
-	struct wpabuf *ap_vendor_elements;
-
-	/**
-	 * ap_assocresp_elements: Vendor specific elements for (Re)Association
-	 * Response frames
-	 *
-	 * This parameter can be used to define additional vendor specific
-	 * elements for (Re)Association Response frames in AP/P2P GO mode. The
-	 * format for these element(s) is a hexdump of the raw information
-	 * elements (id+len+payload for one or more elements).
-	 */
-	struct wpabuf *ap_assocresp_elements;
-
-	/**
-	 * ignore_old_scan_res - Ignore scan results older than request
-	 *
-	 * The driver may have a cache of scan results that makes it return
-	 * information that is older than our scan trigger. This parameter can
-	 * be used to configure such old information to be ignored instead of
-	 * allowing it to update the internal BSS table.
-	 */
-	int ignore_old_scan_res;
-
-	/**
-	 * sched_scan_interval -  schedule scan interval
-	 */
-	unsigned int sched_scan_interval;
-
-	/**
-	 * sched_scan_start_delay - Schedule scan start delay before first scan
-	 *
-	 * Delay (in seconds) before scheduling first scan plan cycle. The
-	 * driver may ignore this parameter and start immediately (or at any
-	 * other time), if this feature is not supported.
-	 */
-	unsigned int sched_scan_start_delay;
-
-	/**
-	 * tdls_external_control - External control for TDLS setup requests
-	 *
-	 * Enable TDLS mode where external programs are given the control
-	 * to specify the TDLS link to get established to the driver. The
-	 * driver requests the TDLS setup to the supplicant only for the
-	 * specified TDLS peers.
-	 */
-	int tdls_external_control;
-
-	u8 ip_addr_go[4];
-	u8 ip_addr_mask[4];
-	u8 ip_addr_start[4];
-	u8 ip_addr_end[4];
-
-	/**
-	 * osu_dir - OSU provider information directory
-	 *
-	 * If set, allow FETCH_OSU control interface command to be used to fetch
-	 * OSU provider information into all APs and store the results in this
-	 * directory.
-	 */
-	char *osu_dir;
-
-	/**
-	 * wowlan_triggers - Wake-on-WLAN triggers
-	 *
-	 * If set, these wowlan triggers will be configured.
-	 */
-	char *wowlan_triggers;
-
-	/**
-	 * p2p_search_delay - Extra delay between concurrent search iterations
-	 *
-	 * Add extra delay (in milliseconds) between search iterations when
-	 * there is a concurrent operation to make p2p_find friendlier to
-	 * concurrent operations by avoiding it from taking 100% of radio
-	 * resources.
-	 */
-	unsigned int p2p_search_delay;
-
-	/**
-	 * mac_addr - MAC address policy default
-	 *
-	 * 0 = use permanent MAC address
-	 * 1 = use random MAC address for each ESS connection
-	 * 2 = like 1, but maintain OUI (with local admin bit set)
-	 *
-	 * By default, permanent MAC address is used unless policy is changed by
-	 * the per-network mac_addr parameter. Global mac_addr=1 can be used to
-	 * change this default behavior.
-	 */
-	int mac_addr;
-
-	/**
-	 * rand_addr_lifetime - Lifetime of random MAC address in seconds
-	 */
-	unsigned int rand_addr_lifetime;
-
-	/**
-	 * preassoc_mac_addr - Pre-association MAC address policy
-	 *
-	 * 0 = use permanent MAC address
-	 * 1 = use random MAC address
-	 * 2 = like 1, but maintain OUI (with local admin bit set)
-	 */
-	int preassoc_mac_addr;
-
-	/**
-	 * key_mgmt_offload - Use key management offload
-	 *
-	 * Key management offload should be used if the device supports it.
-	 * Key management offload is the capability of a device operating as
-	 * a station to do the exchange necessary to establish temporal keys
-	 * during initial RSN connection, after roaming, or during a PTK
-	 * rekeying operation.
-	 */
-	int key_mgmt_offload;
-
-	/**
-	 * user_mpm - MPM residency
-	 *
-	 * 0: MPM lives in driver.
-	 * 1: wpa_supplicant handles peering and station allocation.
-	 *
-	 * If AMPE or SAE is enabled, the MPM is always in userspace.
-	 */
-	int user_mpm;
-
-	/**
-	 * max_peer_links - Maximum number of peer links
-	 *
-	 * Maximum number of mesh peering currently maintained by the STA.
-	 */
-	int max_peer_links;
-
-	/**
-	 * cert_in_cb - Whether to include a peer certificate dump in events
-	 *
-	 * This controls whether peer certificates for authentication server and
-	 * its certificate chain are included in EAP peer certificate events.
-	 */
-	int cert_in_cb;
-
-	/**
-	 * mesh_max_inactivity - Timeout in seconds to detect STA inactivity
-	 *
-	 * This timeout value is used in mesh STA to clean up inactive stations.
-	 * By default: 300 seconds.
-	 */
-	int mesh_max_inactivity;
-
-	/**
-	 * mesh_fwding - Mesh network layer-2 forwarding (dot11MeshForwarding)
-	 *
-	 * This controls whether to enable layer-2 forwarding.
-	 * By default: 1: enabled
-	 */
-	int mesh_fwding;
-
-	/**
-	 * dot11RSNASAERetransPeriod - Timeout to retransmit SAE Auth frame
-	 *
-	 * This timeout value is used in mesh STA to retransmit
-	 * SAE Authentication frame.
-	 * By default: 1000 milliseconds.
-	 */
-	int dot11RSNASAERetransPeriod;
-
-	/**
-	 * passive_scan - Whether to force passive scan for network connection
-	 *
-	 * This parameter can be used to force only passive scanning to be used
-	 * for network connection cases. It should be noted that this will slow
-	 * down scan operations and reduce likelihood of finding the AP. In
-	 * addition, some use cases will override this due to functional
-	 * requirements, e.g., for finding an AP that uses hidden SSID
-	 * (scan_ssid=1) or P2P device discovery.
-	 */
-	int passive_scan;
-
-	/**
-	 * reassoc_same_bss_optim - Whether to optimize reassoc-to-same-BSS
-	 */
-	int reassoc_same_bss_optim;
-
-	/**
-	 * wps_priority - Priority for the networks added through WPS
-	 *
-	 * This priority value will be set to each network profile that is added
-	 * by executing the WPS protocol.
-	 */
-	int wps_priority;
-
-	/**
-	 * fst_group_id - FST group ID
-	 */
-	char *fst_group_id;
-
-	/**
-	 * fst_priority - priority of the interface within the FST group
-	 */
-	int fst_priority;
-
-	/**
-	 * fst_llt - default FST LLT (Link-Lost Timeout) to be used for the
-	 * interface.
-	 */
-	int fst_llt;
-
-	 /**
-	  * wpa_rsc_relaxation - RSC relaxation on GTK installation
-	  *
-	  * Values:
-	  * 0 - use the EAPOL-Key RSC value on GTK installation
-	  * 1 - use the null RSC if a bogus RSC value is detected in message 3
-	  * of 4-Way Handshake or message 1 of Group Key Handshake.
-	  */
-	 int wpa_rsc_relaxation;
-
-	/**
-	 * sched_scan_plans - Scan plans for scheduled scan
-	 *
-	 * Each scan plan specifies the interval between scans and the number of
-	 * iterations. The last scan plan only specifies the scan interval and
-	 * will be run infinitely.
-	 *
-	 * format: <interval:iterations> <interval2:iterations2> ... <interval>
-	 */
-	 char *sched_scan_plans;
-
-#ifdef CONFIG_MBO
-	/**
-	 * non_pref_chan - Non-preferred channels list, separated by spaces.
-	 *
-	 * format: op_class:chan:preference:reason<:detail>
-	 * Detail is optional.
-	 */
-	char *non_pref_chan;
-
-	/**
-	 * mbo_cell_capa - Cellular capabilities for MBO
-	 */
-	enum mbo_cellular_capa mbo_cell_capa;
-
-	/**
-	 * disassoc_imminent_rssi_threshold - RSSI threshold of candidate AP
-	 * when disassociation imminent is set.
-	 */
-	int disassoc_imminent_rssi_threshold;
-
-	/**
-	 * oce - Enable OCE in STA and/or STA-CFON mode
-	 *  - Set BIT(0) to enable OCE in non-AP STA mode
-	 *  - Set BIT(1) to enable OCE in STA-CFON mode
-	 */
-	unsigned int oce;
-#endif /* CONFIG_MBO */
-
-	/**
-	 * gas_address3 - GAS Address3 field behavior
-	 *
-	 * Values:
-	 * 0 - P2P specification (Address3 = AP BSSID)
-	 * 1 = IEEE 802.11 standard compliant (Address3 = Wildcard BSSID when
-	 *	sent to not-associated AP; if associated, AP BSSID)
-	 */
-	int gas_address3;
-
-	/**
-	 * ftm_responder - Publish FTM (fine timing measurement)
-	 * responder functionality
-	 *
-	 * Values:
-	 * 0 - do not publish FTM responder functionality (Default)
-	 * 1 - publish FTM responder functionality in
-	 *	bit 70 of Extended Capabilities element
-	 * Note, actual FTM responder operation is managed outside
-	 * wpa_supplicant.
-	 */
-	int ftm_responder;
-
-	/**
-	 * ftm_initiator - Publish FTM (fine timing measurement)
-	 * initiator functionality
-	 *
-	 * Values:
-	 * 0 - do not publish FTM initiator functionality (Default)
-	 * 1 - publish FTM initiator functionality in
-	 *	bit 71 of Extended Capabilities element
-	 * Note, actual FTM initiator operation is managed outside
-	 * wpa_supplicant.
-	 */
-	int ftm_initiator;
-
-	/**
-	 * gas_rand_addr_lifetime - Lifetime of random MAC address for ANQP in
-	 *	seconds
-	 */
-	unsigned int gas_rand_addr_lifetime;
-
-	/**
-	 * gas_rand_mac_addr - GAS MAC address policy
-	 *
-	 * 0 = use permanent MAC address
-	 * 1 = use random MAC address
-	 * 2 = like 1, but maintain OUI (with local admin bit set)
-	 */
-	int gas_rand_mac_addr;
-
-	/**
-	 * dpp_config_processing - How to process DPP configuration
-	 *
-	 * 0 = report received configuration to an external program for
-	 *	processing; do not generate any network profile internally
-	 * 1 = report received configuration to an external program and generate
-	 *	a network profile internally, but do not automatically connect
-	 *	to the created (disabled) profile; the network profile id is
-	 *	reported to external programs
-	 * 2 = report received configuration to an external program, generate
-	 *	a network profile internally, try to connect to the created
-	 *	profile automatically
-	 */
-	int dpp_config_processing;
-
-	/**
-	 * dpp_name - Name for Enrollee's DPP Configuration Request
-	 */
-	char *dpp_name;
-
-	/**
-	 * dpp_mud_url - MUD URL for Enrollee's DPP Configuration Request
-	 */
-	char *dpp_mud_url;
-
-	/**
-	 * coloc_intf_reporting - Colocated interference reporting
-	 *
-	 * dot11CoLocIntfReportingActivated
-	 * 0 = disabled (false)
-	 * 1 = enabled (true)
-	 */
-	int coloc_intf_reporting;
-
-	/**
-	 * p2p_device_random_mac_addr - P2P Device MAC address policy default
-	 *
-	 * 0 = use permanent MAC address (the one set by default by the device
-	 *     driver). Notice that, if the device driver is configured to
-	 *     always use random MAC addresses, this flag breaks reinvoking a
-	 *     persistent group, so flags 1 or 2 should be used instead with
-	 *     such drivers if persistent groups are used.
-	 * 1 = use random MAC address on creating the interface if there is no
-	 *     persistent group. Besides, if a persistent group is created,
-	 *     p2p_device_persistent_mac_addr is set to the MAC address of the
-	 *     P2P Device interface, so that this address will be subsequently
-	 *     used to change the MAC address of the P2P Device interface. With
-	 *     no persistent group, the random MAC address is created by
-	 *     wpa_supplicant, changing the one set by the device driver.
-	 *     The device driver shall support SIOCGIFFLAGS/SIOCSIFFLAGS ioctl
-	 *     interface control operations.
-	 * 2 = this flag should be used when the device driver uses random MAC
-	 *     addresses by default when a P2P Device interface is created.
-	 *     If p2p_device_persistent_mac_addr is set, use this MAC address
-	 *     on creating the P2P Device interface. If not set, use the
-	 *     default method adopted by the device driver (e.g., random MAC
-	 *     address). Besides, if a persistent group is created,
-	 *     p2p_device_persistent_mac_addr is set to the MAC address of the
-	 *     P2P Device interface, so that this address will be subsequently
-	 *     used in place of the default address set by the device driver.
-	 *     (This option does not need support of SIOCGIFFLAGS/SIOCSIFFLAGS
-	 *     ioctl interface control operations and uses NL80211_ATTR_MAC).
-	 *
-	 * By default, permanent MAC address is used.
-	 */
-	int p2p_device_random_mac_addr;
-
-	/**
-	 * p2p_device_persistent_mac_addr - Record last used MAC address
-	 *
-	 * If there are saved persistent groups, P2P cannot generate another
-	 * random MAC address, and need to restore to last used MAC address.
-	 */
-	u8 p2p_device_persistent_mac_addr[ETH_ALEN];
-
-	/**
-	 * p2p_interface_random_mac_addr - P2P Interface MAC address policy default
-	 *
-	 * 0 = use permanent MAC address
-	 * 1 = use random MAC address on creating the interface.
-	 *
-	 * By default, permanent MAC address is used.
-	 */
-	int p2p_interface_random_mac_addr;
-
-	/**
-	 * disable_btm - Disable BSS transition management in STA
-	 * - Set to 0 to enable BSS transition management
-	 * - Set to 1 to disable BSS transition management
-	 *
-	 * By default BSS transition management is enabled
-	 */
-	int disable_btm;
-
-	/**
-	 * extended_key_id - Extended Key ID support
-	 *
-	 * IEEE Std 802.11-2016 optionally allows to use Key ID 0 and 1 for PTK
-	 * keys with Extended Key ID.
-	 *
-	 * 0 = don't use Extended Key ID
-	 * 1 = use Extended Key ID when possible
-	 */
-	int extended_key_id;
-
-	/**
-	 * wowlan_disconnect_on_deinit - Trigger disconnect on wpa_supplicant
-	 * interface deinit even if the driver has enabled WoWLAN.
-	 *
-	 * 0 = Do not disconnect
-	 * 1 = Trigger disconnection
-	 */
-	int wowlan_disconnect_on_deinit;
-
-#ifdef CONFIG_PASN
-#ifdef CONFIG_TESTING_OPTIONS
-	/*
-	 * Normally, KDK should be derived if and only if both sides support
-	 * secure LTF. Allow forcing KDK derivation for testing purposes.
-	 */
-	int force_kdk_derivation;
-
-	/* If set, corrupt the MIC in the 3rd Authentication frame of PASN */
-	int pasn_corrupt_mic;
-
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_PASN*/
-};
-
-
-/* Prototypes for common functions from config.c */
-
-void wpa_config_free(struct wpa_config *ssid);
-void wpa_config_free_ssid(struct wpa_ssid *ssid);
-void wpa_config_foreach_network(struct wpa_config *config,
-				void (*func)(void *, struct wpa_ssid *),
-				void *arg);
-struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id);
-struct wpa_ssid * wpa_config_add_network(struct wpa_config *config);
-int wpa_config_remove_network(struct wpa_config *config, int id);
-void wpa_config_set_network_defaults(struct wpa_ssid *ssid);
-int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
-		   int line);
-int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var,
-			  const char *value);
-int wpa_config_dump_values(struct wpa_config *config, char *buf,
-			   size_t buflen);
-int wpa_config_get_value(const char *name, struct wpa_config *config,
-			 char *buf, size_t buflen);
-
-char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys);
-char * wpa_config_get(struct wpa_ssid *ssid, const char *var);
-char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var);
-void wpa_config_update_psk(struct wpa_ssid *ssid);
-int wpa_config_add_prio_network(struct wpa_config *config,
-				struct wpa_ssid *ssid);
-int wpa_config_update_prio_list(struct wpa_config *config);
-const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config,
-						   const char *name);
-void wpa_config_set_blob(struct wpa_config *config,
-			 struct wpa_config_blob *blob);
-void wpa_config_free_blob(struct wpa_config_blob *blob);
-int wpa_config_remove_blob(struct wpa_config *config, const char *name);
-void wpa_config_flush_blobs(struct wpa_config *config);
-
-struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id);
-struct wpa_cred * wpa_config_add_cred(struct wpa_config *config);
-int wpa_config_remove_cred(struct wpa_config *config, int id);
-void wpa_config_free_cred(struct wpa_cred *cred);
-int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
-			const char *value, int line);
-char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var);
-
-struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface,
-					   const char *driver_param);
-#ifndef CONFIG_NO_STDOUT_DEBUG
-void wpa_config_debug_dump_networks(struct wpa_config *config);
-#else /* CONFIG_NO_STDOUT_DEBUG */
-#define wpa_config_debug_dump_networks(c) do { } while (0)
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-
-/* Prototypes for common functions from config.c */
-int wpa_config_process_global(struct wpa_config *config, char *pos, int line);
-
-int wpa_config_get_num_global_field_names(void);
-
-const char * wpa_config_get_global_field_name(unsigned int i, int *no_var);
-
-/* Prototypes for backend specific functions from the selected config_*.c */
-
-/**
- * wpa_config_read - Read and parse configuration database
- * @name: Name of the configuration (e.g., path and file name for the
- * configuration file)
- * @cfgp: Pointer to previously allocated configuration data or %NULL if none
- * Returns: Pointer to allocated configuration data or %NULL on failure
- *
- * This function reads configuration data, parses its contents, and allocates
- * data structures needed for storing configuration information. The allocated
- * data can be freed with wpa_config_free().
- *
- * Each configuration backend needs to implement this function.
- */
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp);
-
-/**
- * wpa_config_write - Write or update configuration data
- * @name: Name of the configuration (e.g., path and file name for the
- * configuration file)
- * @config: Configuration data from wpa_config_read()
- * Returns: 0 on success, -1 on failure
- *
- * This function write all configuration data into an external database (e.g.,
- * a text file) in a format that can be read with wpa_config_read(). This can
- * be used to allow wpa_supplicant to update its configuration, e.g., when a
- * new network is added or a password is changed.
- *
- * Each configuration backend needs to implement this function.
- */
-int wpa_config_write(const char *name, struct wpa_config *config);
-
-#endif /* CONFIG_H */
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
deleted file mode 100644
index 6db5010db3a7..000000000000
--- a/wpa_supplicant/config_file.c
+++ /dev/null
@@ -1,1656 +0,0 @@
-/*
- * WPA Supplicant / Configuration backend: text file
- * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * This file implements a configuration backend for text files. All the
- * configuration information is stored in a text file that uses a format
- * described in the sample configuration file, wpa_supplicant.conf.
- */
-
-#include "includes.h"
-#ifdef ANDROID
-#include <sys/stat.h>
-#endif /* ANDROID */
-
-#include "common.h"
-#include "config.h"
-#include "base64.h"
-#include "uuid.h"
-#include "common/ieee802_1x_defs.h"
-#include "p2p/p2p.h"
-#include "eap_peer/eap_methods.h"
-#include "eap_peer/eap.h"
-#include "utils/config.h"
-
-
-static int wpa_config_validate_network(struct wpa_ssid *ssid, int line)
-{
-	int errors = 0;
-
-	if (ssid->passphrase) {
-		if (ssid->psk_set) {
-			wpa_printf(MSG_ERROR, "Line %d: both PSK and "
-				   "passphrase configured.", line);
-			errors++;
-		}
-		wpa_config_update_psk(ssid);
-	}
-
-	if (ssid->disabled == 2)
-		ssid->p2p_persistent_group = 1;
-
-	if ((ssid->group_cipher & WPA_CIPHER_CCMP) &&
-	    !(ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
-				       WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256 |
-				       WPA_CIPHER_NONE))) {
-		/* Group cipher cannot be stronger than the pairwise cipher. */
-		wpa_printf(MSG_DEBUG, "Line %d: removed CCMP from group cipher"
-			   " list since it was not allowed for pairwise "
-			   "cipher", line);
-		ssid->group_cipher &= ~WPA_CIPHER_CCMP;
-	}
-
-	if (ssid->mode == WPAS_MODE_MESH &&
-	    (ssid->key_mgmt != WPA_KEY_MGMT_NONE &&
-	    ssid->key_mgmt != WPA_KEY_MGMT_SAE)) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: key_mgmt for mesh network should be open or SAE",
-			   line);
-		errors++;
-	}
-
-#ifdef CONFIG_OCV
-	if (ssid->ocv && ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
-		wpa_printf(MSG_ERROR,
-			   "Line %d: PMF needs to be enabled whenever using OCV",
-			   line);
-		errors++;
-	}
-#endif /* CONFIG_OCV */
-
-	return errors;
-}
-
-
-static struct wpa_ssid * wpa_config_read_network(FILE *f, int *line, int id)
-{
-	struct wpa_ssid *ssid;
-	int errors = 0, end = 0;
-	char buf[2000], *pos, *pos2;
-
-	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new network block",
-		   *line);
-	ssid = os_zalloc(sizeof(*ssid));
-	if (ssid == NULL)
-		return NULL;
-	dl_list_init(&ssid->psk_list);
-	ssid->id = id;
-
-	wpa_config_set_network_defaults(ssid);
-
-	while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
-		if (os_strcmp(pos, "}") == 0) {
-			end = 1;
-			break;
-		}
-
-		pos2 = os_strchr(pos, '=');
-		if (pos2 == NULL) {
-			wpa_printf(MSG_ERROR, "Line %d: Invalid SSID line "
-				   "'%s'.", *line, pos);
-			errors++;
-			continue;
-		}
-
-		*pos2++ = '\0';
-		if (*pos2 == '"') {
-			if (os_strchr(pos2 + 1, '"') == NULL) {
-				wpa_printf(MSG_ERROR, "Line %d: invalid "
-					   "quotation '%s'.", *line, pos2);
-				errors++;
-				continue;
-			}
-		}
-
-		if (wpa_config_set(ssid, pos, pos2, *line) < 0) {
-#ifndef CONFIG_WEP
-			if (os_strcmp(pos, "wep_key0") == 0 ||
-			    os_strcmp(pos, "wep_key1") == 0 ||
-			    os_strcmp(pos, "wep_key2") == 0 ||
-			    os_strcmp(pos, "wep_key3") == 0 ||
-			    os_strcmp(pos, "wep_tx_keyidx") == 0) {
-				wpa_printf(MSG_ERROR,
-					   "Line %d: unsupported WEP parameter",
-					   *line);
-				ssid->disabled = 1;
-				continue;
-			}
-#endif /* CONFIG_WEP */
-			errors++;
-		}
-	}
-
-	if (!end) {
-		wpa_printf(MSG_ERROR, "Line %d: network block was not "
-			   "terminated properly.", *line);
-		errors++;
-	}
-
-	errors += wpa_config_validate_network(ssid, *line);
-
-	if (errors) {
-		wpa_config_free_ssid(ssid);
-		ssid = NULL;
-	}
-
-	return ssid;
-}
-
-
-static struct wpa_cred * wpa_config_read_cred(FILE *f, int *line, int id)
-{
-	struct wpa_cred *cred;
-	int errors = 0, end = 0;
-	char buf[256], *pos, *pos2;
-
-	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new cred block", *line);
-	cred = os_zalloc(sizeof(*cred));
-	if (cred == NULL)
-		return NULL;
-	cred->id = id;
-	cred->sim_num = DEFAULT_USER_SELECTED_SIM;
-
-	while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
-		if (os_strcmp(pos, "}") == 0) {
-			end = 1;
-			break;
-		}
-
-		pos2 = os_strchr(pos, '=');
-		if (pos2 == NULL) {
-			wpa_printf(MSG_ERROR, "Line %d: Invalid cred line "
-				   "'%s'.", *line, pos);
-			errors++;
-			continue;
-		}
-
-		*pos2++ = '\0';
-		if (*pos2 == '"') {
-			if (os_strchr(pos2 + 1, '"') == NULL) {
-				wpa_printf(MSG_ERROR, "Line %d: invalid "
-					   "quotation '%s'.", *line, pos2);
-				errors++;
-				continue;
-			}
-		}
-
-		if (wpa_config_set_cred(cred, pos, pos2, *line) < 0)
-			errors++;
-	}
-
-	if (!end) {
-		wpa_printf(MSG_ERROR, "Line %d: cred block was not "
-			   "terminated properly.", *line);
-		errors++;
-	}
-
-	if (errors) {
-		wpa_config_free_cred(cred);
-		cred = NULL;
-	}
-
-	return cred;
-}
-
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-static struct wpa_config_blob * wpa_config_read_blob(FILE *f, int *line,
-						     const char *name)
-{
-	struct wpa_config_blob *blob;
-	char buf[256], *pos;
-	char *encoded = NULL, *nencoded;
-	int end = 0;
-	size_t encoded_len = 0, len;
-
-	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new named blob '%s'",
-		   *line, name);
-
-	while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
-		if (os_strcmp(pos, "}") == 0) {
-			end = 1;
-			break;
-		}
-
-		len = os_strlen(pos);
-		nencoded = os_realloc(encoded, encoded_len + len);
-		if (nencoded == NULL) {
-			wpa_printf(MSG_ERROR, "Line %d: not enough memory for "
-				   "blob", *line);
-			os_free(encoded);
-			return NULL;
-		}
-		encoded = nencoded;
-		os_memcpy(encoded + encoded_len, pos, len);
-		encoded_len += len;
-	}
-
-	if (!end || !encoded) {
-		wpa_printf(MSG_ERROR, "Line %d: blob was not terminated "
-			   "properly", *line);
-		os_free(encoded);
-		return NULL;
-	}
-
-	blob = os_zalloc(sizeof(*blob));
-	if (blob == NULL) {
-		os_free(encoded);
-		return NULL;
-	}
-	blob->name = os_strdup(name);
-	blob->data = base64_decode(encoded, encoded_len, &blob->len);
-	os_free(encoded);
-
-	if (blob->name == NULL || blob->data == NULL) {
-		wpa_config_free_blob(blob);
-		return NULL;
-	}
-
-	return blob;
-}
-
-
-static int wpa_config_process_blob(struct wpa_config *config, FILE *f,
-				   int *line, char *bname)
-{
-	char *name_end;
-	struct wpa_config_blob *blob;
-
-	name_end = os_strchr(bname, '=');
-	if (name_end == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: no blob name terminator",
-			   *line);
-		return -1;
-	}
-	*name_end = '\0';
-
-	blob = wpa_config_read_blob(f, line, bname);
-	if (blob == NULL) {
-		wpa_printf(MSG_ERROR, "Line %d: failed to read blob %s",
-			   *line, bname);
-		return -1;
-	}
-	wpa_config_set_blob(config, blob);
-	return 0;
-}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
-{
-	FILE *f;
-	char buf[512], *pos;
-	int errors = 0, line = 0;
-	struct wpa_ssid *ssid, *tail, *head;
-	struct wpa_cred *cred, *cred_tail, *cred_head;
-	struct wpa_config *config;
-	int id = 0;
-	int cred_id = 0;
-
-	if (name == NULL)
-		return NULL;
-	if (cfgp)
-		config = cfgp;
-	else
-		config = wpa_config_alloc_empty(NULL, NULL);
-	if (config == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to allocate config file "
-			   "structure");
-		return NULL;
-	}
-	tail = head = config->ssid;
-	while (tail && tail->next)
-		tail = tail->next;
-	cred_tail = cred_head = config->cred;
-	while (cred_tail && cred_tail->next)
-		cred_tail = cred_tail->next;
-
-	wpa_printf(MSG_DEBUG, "Reading configuration file '%s'", name);
-	f = fopen(name, "r");
-	if (f == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to open config file '%s', "
-			   "error: %s", name, strerror(errno));
-		if (config != cfgp)
-			os_free(config);
-		return NULL;
-	}
-
-	while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
-		if (os_strcmp(pos, "network={") == 0) {
-			ssid = wpa_config_read_network(f, &line, id++);
-			if (ssid == NULL) {
-				wpa_printf(MSG_ERROR, "Line %d: failed to "
-					   "parse network block.", line);
-				errors++;
-				continue;
-			}
-			if (head == NULL) {
-				head = tail = ssid;
-			} else {
-				tail->next = ssid;
-				tail = ssid;
-			}
-			if (wpa_config_add_prio_network(config, ssid)) {
-				wpa_printf(MSG_ERROR, "Line %d: failed to add "
-					   "network block to priority list.",
-					   line);
-				errors++;
-				continue;
-			}
-		} else if (os_strcmp(pos, "cred={") == 0) {
-			cred = wpa_config_read_cred(f, &line, cred_id++);
-			if (cred == NULL) {
-				wpa_printf(MSG_ERROR, "Line %d: failed to "
-					   "parse cred block.", line);
-				errors++;
-				continue;
-			}
-			if (cred_head == NULL) {
-				cred_head = cred_tail = cred;
-			} else {
-				cred_tail->next = cred;
-				cred_tail = cred;
-			}
-#ifndef CONFIG_NO_CONFIG_BLOBS
-		} else if (os_strncmp(pos, "blob-base64-", 12) == 0) {
-			if (wpa_config_process_blob(config, f, &line, pos + 12)
-			    < 0) {
-				wpa_printf(MSG_ERROR, "Line %d: failed to "
-					   "process blob.", line);
-				errors++;
-				continue;
-			}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-		} else if (wpa_config_process_global(config, pos, line) < 0) {
-			wpa_printf(MSG_ERROR, "Line %d: Invalid configuration "
-				   "line '%s'.", line, pos);
-			errors++;
-			continue;
-		}
-	}
-
-	fclose(f);
-
-	config->ssid = head;
-	wpa_config_debug_dump_networks(config);
-	config->cred = cred_head;
-
-#ifndef WPA_IGNORE_CONFIG_ERRORS
-	if (errors) {
-		if (config != cfgp)
-			wpa_config_free(config);
-		config = NULL;
-		head = NULL;
-	}
-#endif /* WPA_IGNORE_CONFIG_ERRORS */
-
-	return config;
-}
-
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-
-static void write_str(FILE *f, const char *field, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, field);
-	if (value == NULL)
-		return;
-	fprintf(f, "\t%s=%s\n", field, value);
-	str_clear_free(value);
-}
-
-
-static void write_int(FILE *f, const char *field, int value, int def)
-{
-	if (value == def)
-		return;
-	fprintf(f, "\t%s=%d\n", field, value);
-}
-
-
-static void write_bssid(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, "bssid");
-	if (value == NULL)
-		return;
-	fprintf(f, "\tbssid=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_bssid_hint(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, "bssid_hint");
-
-	if (!value)
-		return;
-	fprintf(f, "\tbssid_hint=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_psk(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->mem_only_psk)
-		return;
-
-	value = wpa_config_get(ssid, "psk");
-	if (value == NULL)
-		return;
-	fprintf(f, "\tpsk=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_proto(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->proto == DEFAULT_PROTO)
-		return;
-
-	value = wpa_config_get(ssid, "proto");
-	if (value == NULL)
-		return;
-	if (value[0])
-		fprintf(f, "\tproto=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_key_mgmt(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->key_mgmt == DEFAULT_KEY_MGMT)
-		return;
-
-	value = wpa_config_get(ssid, "key_mgmt");
-	if (value == NULL)
-		return;
-	if (value[0])
-		fprintf(f, "\tkey_mgmt=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_pairwise(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->pairwise_cipher == DEFAULT_PAIRWISE)
-		return;
-
-	value = wpa_config_get(ssid, "pairwise");
-	if (value == NULL)
-		return;
-	if (value[0])
-		fprintf(f, "\tpairwise=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_group(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->group_cipher == DEFAULT_GROUP)
-		return;
-
-	value = wpa_config_get(ssid, "group");
-	if (value == NULL)
-		return;
-	if (value[0])
-		fprintf(f, "\tgroup=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_group_mgmt(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (!ssid->group_mgmt_cipher)
-		return;
-
-	value = wpa_config_get(ssid, "group_mgmt");
-	if (!value)
-		return;
-	if (value[0])
-		fprintf(f, "\tgroup_mgmt=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_auth_alg(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->auth_alg == 0)
-		return;
-
-	value = wpa_config_get(ssid, "auth_alg");
-	if (value == NULL)
-		return;
-	if (value[0])
-		fprintf(f, "\tauth_alg=%s\n", value);
-	os_free(value);
-}
-
-
-#ifdef IEEE8021X_EAPOL
-static void write_eap(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	value = wpa_config_get(ssid, "eap");
-	if (value == NULL)
-		return;
-
-	if (value[0])
-		fprintf(f, "\teap=%s\n", value);
-	os_free(value);
-}
-#endif /* IEEE8021X_EAPOL */
-
-
-#ifdef CONFIG_WEP
-static void write_wep_key(FILE *f, int idx, struct wpa_ssid *ssid)
-{
-	char field[20], *value;
-	int res;
-
-	res = os_snprintf(field, sizeof(field), "wep_key%d", idx);
-	if (os_snprintf_error(sizeof(field), res))
-		return;
-	value = wpa_config_get(ssid, field);
-	if (value) {
-		fprintf(f, "\t%s=%s\n", field, value);
-		os_free(value);
-	}
-}
-#endif /* CONFIG_WEP */
-
-
-#ifdef CONFIG_P2P
-
-static void write_go_p2p_dev_addr(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, "go_p2p_dev_addr");
-	if (value == NULL)
-		return;
-	fprintf(f, "\tgo_p2p_dev_addr=%s\n", value);
-	os_free(value);
-}
-
-static void write_p2p_client_list(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, "p2p_client_list");
-	if (value == NULL)
-		return;
-	fprintf(f, "\tp2p_client_list=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_psk_list(FILE *f, struct wpa_ssid *ssid)
-{
-	struct psk_list_entry *psk;
-	char hex[32 * 2 + 1];
-
-	dl_list_for_each(psk, &ssid->psk_list, struct psk_list_entry, list) {
-		wpa_snprintf_hex(hex, sizeof(hex), psk->psk, sizeof(psk->psk));
-		fprintf(f, "\tpsk_list=%s" MACSTR "-%s\n",
-			psk->p2p ? "P2P-" : "", MAC2STR(psk->addr), hex);
-	}
-}
-
-#endif /* CONFIG_P2P */
-
-
-#ifdef CONFIG_MACSEC
-
-static void write_mka_cak(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (!(ssid->mka_psk_set & MKA_PSK_SET_CAK))
-		return;
-
-	value = wpa_config_get(ssid, "mka_cak");
-	if (!value)
-		return;
-	fprintf(f, "\tmka_cak=%s\n", value);
-	os_free(value);
-}
-
-
-static void write_mka_ckn(FILE *f, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (!(ssid->mka_psk_set & MKA_PSK_SET_CKN))
-		return;
-
-	value = wpa_config_get(ssid, "mka_ckn");
-	if (!value)
-		return;
-	fprintf(f, "\tmka_ckn=%s\n", value);
-	os_free(value);
-}
-
-#endif /* CONFIG_MACSEC */
-
-
-static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
-{
-#define STR(t) write_str(f, #t, ssid)
-#define INT(t) write_int(f, #t, ssid->t, 0)
-#define INTe(t, m) write_int(f, #t, ssid->eap.m, 0)
-#define INT_DEF(t, def) write_int(f, #t, ssid->t, def)
-#define INT_DEFe(t, m, def) write_int(f, #t, ssid->eap.m, def)
-
-	STR(ssid);
-	INT(scan_ssid);
-	write_bssid(f, ssid);
-	write_bssid_hint(f, ssid);
-	write_str(f, "bssid_ignore", ssid);
-	write_str(f, "bssid_accept", ssid);
-	write_psk(f, ssid);
-	INT(mem_only_psk);
-	STR(sae_password);
-	STR(sae_password_id);
-	write_int(f, "sae_pwe", ssid->sae_pwe, DEFAULT_SAE_PWE);
-	write_proto(f, ssid);
-	write_key_mgmt(f, ssid);
-	INT_DEF(bg_scan_period, DEFAULT_BG_SCAN_PERIOD);
-	write_pairwise(f, ssid);
-	write_group(f, ssid);
-	write_group_mgmt(f, ssid);
-	write_auth_alg(f, ssid);
-	STR(bgscan);
-	STR(autoscan);
-	STR(scan_freq);
-#ifdef IEEE8021X_EAPOL
-	write_eap(f, ssid);
-	STR(identity);
-	STR(anonymous_identity);
-	STR(imsi_identity);
-	STR(machine_identity);
-	STR(password);
-	STR(machine_password);
-	STR(ca_cert);
-	STR(ca_path);
-	STR(client_cert);
-	STR(private_key);
-	STR(private_key_passwd);
-	STR(dh_file);
-	STR(subject_match);
-	STR(check_cert_subject);
-	STR(altsubject_match);
-	STR(domain_suffix_match);
-	STR(domain_match);
-	STR(ca_cert2);
-	STR(ca_path2);
-	STR(client_cert2);
-	STR(private_key2);
-	STR(private_key2_passwd);
-	STR(dh_file2);
-	STR(subject_match2);
-	STR(check_cert_subject2);
-	STR(altsubject_match2);
-	STR(domain_suffix_match2);
-	STR(domain_match2);
-	STR(machine_ca_cert);
-	STR(machine_ca_path);
-	STR(machine_client_cert);
-	STR(machine_private_key);
-	STR(machine_private_key_passwd);
-	STR(machine_dh_file);
-	STR(machine_subject_match);
-	STR(machine_check_cert_subject);
-	STR(machine_altsubject_match);
-	STR(machine_domain_suffix_match);
-	STR(machine_domain_match);
-	STR(phase1);
-	STR(phase2);
-	STR(machine_phase2);
-	STR(pcsc);
-	STR(pin);
-	STR(engine_id);
-	STR(key_id);
-	STR(cert_id);
-	STR(ca_cert_id);
-	STR(key2_id);
-	STR(pin2);
-	STR(engine2_id);
-	STR(cert2_id);
-	STR(ca_cert2_id);
-	INTe(engine, cert.engine);
-	INTe(engine2, phase2_cert.engine);
-	INTe(machine_engine, machine_cert.engine);
-	INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
-	STR(openssl_ciphers);
-	INTe(erp, erp);
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_WEP
-	{
-		int i;
-
-		for (i = 0; i < 4; i++)
-			write_wep_key(f, i, ssid);
-		INT(wep_tx_keyidx);
-	}
-#endif /* CONFIG_WEP */
-	INT(priority);
-#ifdef IEEE8021X_EAPOL
-	INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
-	STR(pac_file);
-	INT_DEFe(fragment_size, fragment_size, DEFAULT_FRAGMENT_SIZE);
-	INTe(ocsp, cert.ocsp);
-	INTe(ocsp2, phase2_cert.ocsp);
-	INTe(machine_ocsp, machine_cert.ocsp);
-	INT_DEFe(sim_num, sim_num, DEFAULT_USER_SELECTED_SIM);
-#endif /* IEEE8021X_EAPOL */
-	INT(mode);
-	INT(no_auto_peer);
-	INT(mesh_fwding);
-	INT(frequency);
-	INT(enable_edmg);
-	INT(edmg_channel);
-	INT(fixed_freq);
-#ifdef CONFIG_ACS
-	INT(acs);
-#endif /* CONFIG_ACS */
-	write_int(f, "proactive_key_caching", ssid->proactive_key_caching, -1);
-	INT(disabled);
-	INT(mixed_cell);
-	INT_DEF(vht, 1);
-	INT_DEF(ht, 1);
-	INT(ht40);
-	INT_DEF(he, 1);
-	INT_DEF(max_oper_chwidth, DEFAULT_MAX_OPER_CHWIDTH);
-	INT(vht_center_freq1);
-	INT(vht_center_freq2);
-	INT(pbss);
-	INT(wps_disabled);
-	INT(fils_dh_group);
-	write_int(f, "ieee80211w", ssid->ieee80211w,
-		  MGMT_FRAME_PROTECTION_DEFAULT);
-	STR(id_str);
-#ifdef CONFIG_P2P
-	write_go_p2p_dev_addr(f, ssid);
-	write_p2p_client_list(f, ssid);
-	write_psk_list(f, ssid);
-#endif /* CONFIG_P2P */
-	INT(ap_max_inactivity);
-	INT(dtim_period);
-	INT(beacon_int);
-#ifdef CONFIG_MACSEC
-	INT(macsec_policy);
-	write_mka_cak(f, ssid);
-	write_mka_ckn(f, ssid);
-	INT(macsec_integ_only);
-	INT(macsec_replay_protect);
-	INT(macsec_replay_window);
-	INT(macsec_port);
-	INT_DEF(mka_priority, DEFAULT_PRIO_NOT_KEY_SERVER);
-#endif /* CONFIG_MACSEC */
-#ifdef CONFIG_HS20
-	INT(update_identifier);
-	STR(roaming_consortium_selection);
-#endif /* CONFIG_HS20 */
-	write_int(f, "mac_addr", ssid->mac_addr, -1);
-#ifdef CONFIG_MESH
-	STR(mesh_basic_rates);
-	INT_DEF(dot11MeshMaxRetries, DEFAULT_MESH_MAX_RETRIES);
-	INT_DEF(dot11MeshRetryTimeout, DEFAULT_MESH_RETRY_TIMEOUT);
-	INT_DEF(dot11MeshConfirmTimeout, DEFAULT_MESH_CONFIRM_TIMEOUT);
-	INT_DEF(dot11MeshHoldingTimeout, DEFAULT_MESH_HOLDING_TIMEOUT);
-	INT_DEF(mesh_rssi_threshold, DEFAULT_MESH_RSSI_THRESHOLD);
-#endif /* CONFIG_MESH */
-	INT(wpa_ptk_rekey);
-	INT(wpa_deny_ptk0_rekey);
-	INT(group_rekey);
-	INT(ignore_broadcast_ssid);
-#ifdef CONFIG_DPP
-	STR(dpp_connector);
-	STR(dpp_netaccesskey);
-	INT(dpp_netaccesskey_expiry);
-	STR(dpp_csign);
-	STR(dpp_pp_key);
-	INT(dpp_pfs);
-#endif /* CONFIG_DPP */
-	INT(owe_group);
-	INT(owe_only);
-	INT(owe_ptk_workaround);
-	INT(multi_ap_backhaul_sta);
-	INT(ft_eap_pmksa_caching);
-	INT(beacon_prot);
-	INT(transition_disable);
-	INT(sae_pk);
-#ifdef CONFIG_HT_OVERRIDES
-	INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
-	INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
-	INT_DEF(disable_sgi, DEFAULT_DISABLE_SGI);
-	INT_DEF(disable_ldpc, DEFAULT_DISABLE_LDPC);
-	INT(ht40_intolerant);
-	INT_DEF(tx_stbc, DEFAULT_TX_STBC);
-	INT_DEF(rx_stbc, DEFAULT_RX_STBC);
-	INT_DEF(disable_max_amsdu, DEFAULT_DISABLE_MAX_AMSDU);
-	INT_DEF(ampdu_factor, DEFAULT_AMPDU_FACTOR);
-	INT_DEF(ampdu_density, DEFAULT_AMPDU_DENSITY);
-	STR(ht_mcs);
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	INT(disable_vht);
-	INT(vht_capa);
-	INT(vht_capa_mask);
-	INT_DEF(vht_rx_mcs_nss_1, -1);
-	INT_DEF(vht_rx_mcs_nss_2, -1);
-	INT_DEF(vht_rx_mcs_nss_3, -1);
-	INT_DEF(vht_rx_mcs_nss_4, -1);
-	INT_DEF(vht_rx_mcs_nss_5, -1);
-	INT_DEF(vht_rx_mcs_nss_6, -1);
-	INT_DEF(vht_rx_mcs_nss_7, -1);
-	INT_DEF(vht_rx_mcs_nss_8, -1);
-	INT_DEF(vht_tx_mcs_nss_1, -1);
-	INT_DEF(vht_tx_mcs_nss_2, -1);
-	INT_DEF(vht_tx_mcs_nss_3, -1);
-	INT_DEF(vht_tx_mcs_nss_4, -1);
-	INT_DEF(vht_tx_mcs_nss_5, -1);
-	INT_DEF(vht_tx_mcs_nss_6, -1);
-	INT_DEF(vht_tx_mcs_nss_7, -1);
-	INT_DEF(vht_tx_mcs_nss_8, -1);
-#endif /* CONFIG_VHT_OVERRIDES */
-#ifdef CONFIG_HE_OVERRIDES
-	INT(disable_he);
-#endif /* CONFIG_HE_OVERRIDES */
-
-#undef STR
-#undef INT
-#undef INT_DEF
-}
-
-
-static void wpa_config_write_cred(FILE *f, struct wpa_cred *cred)
-{
-	size_t i;
-
-	if (cred->priority)
-		fprintf(f, "\tpriority=%d\n", cred->priority);
-	if (cred->pcsc)
-		fprintf(f, "\tpcsc=%d\n", cred->pcsc);
-	if (cred->realm)
-		fprintf(f, "\trealm=\"%s\"\n", cred->realm);
-	if (cred->username)
-		fprintf(f, "\tusername=\"%s\"\n", cred->username);
-	if (cred->password && cred->ext_password)
-		fprintf(f, "\tpassword=ext:%s\n", cred->password);
-	else if (cred->password)
-		fprintf(f, "\tpassword=\"%s\"\n", cred->password);
-	if (cred->ca_cert)
-		fprintf(f, "\tca_cert=\"%s\"\n", cred->ca_cert);
-	if (cred->client_cert)
-		fprintf(f, "\tclient_cert=\"%s\"\n", cred->client_cert);
-	if (cred->private_key)
-		fprintf(f, "\tprivate_key=\"%s\"\n", cred->private_key);
-	if (cred->private_key_passwd)
-		fprintf(f, "\tprivate_key_passwd=\"%s\"\n",
-			cred->private_key_passwd);
-	if (cred->imsi)
-		fprintf(f, "\timsi=\"%s\"\n", cred->imsi);
-	if (cred->milenage)
-		fprintf(f, "\tmilenage=\"%s\"\n", cred->milenage);
-	for (i = 0; i < cred->num_domain; i++)
-		fprintf(f, "\tdomain=\"%s\"\n", cred->domain[i]);
-	if (cred->domain_suffix_match)
-		fprintf(f, "\tdomain_suffix_match=\"%s\"\n",
-			cred->domain_suffix_match);
-	if (cred->roaming_consortium_len) {
-		fprintf(f, "\troaming_consortium=");
-		for (i = 0; i < cred->roaming_consortium_len; i++)
-			fprintf(f, "%02x", cred->roaming_consortium[i]);
-		fprintf(f, "\n");
-	}
-	if (cred->eap_method) {
-		const char *name;
-		name = eap_get_name(cred->eap_method[0].vendor,
-				    cred->eap_method[0].method);
-		if (name)
-			fprintf(f, "\teap=%s\n", name);
-	}
-	if (cred->phase1)
-		fprintf(f, "\tphase1=\"%s\"\n", cred->phase1);
-	if (cred->phase2)
-		fprintf(f, "\tphase2=\"%s\"\n", cred->phase2);
-	if (cred->excluded_ssid) {
-		size_t j;
-		for (i = 0; i < cred->num_excluded_ssid; i++) {
-			struct excluded_ssid *e = &cred->excluded_ssid[i];
-			fprintf(f, "\texcluded_ssid=");
-			for (j = 0; j < e->ssid_len; j++)
-				fprintf(f, "%02x", e->ssid[j]);
-			fprintf(f, "\n");
-		}
-	}
-	if (cred->roaming_partner) {
-		for (i = 0; i < cred->num_roaming_partner; i++) {
-			struct roaming_partner *p = &cred->roaming_partner[i];
-			fprintf(f, "\troaming_partner=\"%s,%d,%u,%s\"\n",
-				p->fqdn, p->exact_match, p->priority,
-				p->country);
-		}
-	}
-	if (cred->update_identifier)
-		fprintf(f, "\tupdate_identifier=%d\n", cred->update_identifier);
-
-	if (cred->provisioning_sp)
-		fprintf(f, "\tprovisioning_sp=\"%s\"\n", cred->provisioning_sp);
-	if (cred->sp_priority)
-		fprintf(f, "\tsp_priority=%d\n", cred->sp_priority);
-
-	if (cred->min_dl_bandwidth_home)
-		fprintf(f, "\tmin_dl_bandwidth_home=%u\n",
-			cred->min_dl_bandwidth_home);
-	if (cred->min_ul_bandwidth_home)
-		fprintf(f, "\tmin_ul_bandwidth_home=%u\n",
-			cred->min_ul_bandwidth_home);
-	if (cred->min_dl_bandwidth_roaming)
-		fprintf(f, "\tmin_dl_bandwidth_roaming=%u\n",
-			cred->min_dl_bandwidth_roaming);
-	if (cred->min_ul_bandwidth_roaming)
-		fprintf(f, "\tmin_ul_bandwidth_roaming=%u\n",
-			cred->min_ul_bandwidth_roaming);
-
-	if (cred->max_bss_load)
-		fprintf(f, "\tmax_bss_load=%u\n",
-			cred->max_bss_load);
-
-	if (cred->ocsp)
-		fprintf(f, "\tocsp=%d\n", cred->ocsp);
-
-	if (cred->num_req_conn_capab) {
-		for (i = 0; i < cred->num_req_conn_capab; i++) {
-			int *ports;
-
-			fprintf(f, "\treq_conn_capab=%u",
-				cred->req_conn_capab_proto[i]);
-			ports = cred->req_conn_capab_port[i];
-			if (ports) {
-				int j;
-				for (j = 0; ports[j] != -1; j++) {
-					fprintf(f, "%s%d", j > 0 ? "," : ":",
-						ports[j]);
-				}
-			}
-			fprintf(f, "\n");
-		}
-	}
-
-	if (cred->required_roaming_consortium_len) {
-		fprintf(f, "\trequired_roaming_consortium=");
-		for (i = 0; i < cred->required_roaming_consortium_len; i++)
-			fprintf(f, "%02x",
-				cred->required_roaming_consortium[i]);
-		fprintf(f, "\n");
-	}
-
-	if (cred->num_roaming_consortiums) {
-		size_t j;
-
-		fprintf(f, "\troaming_consortiums=\"");
-		for (i = 0; i < cred->num_roaming_consortiums; i++) {
-			if (i > 0)
-				fprintf(f, ",");
-			for (j = 0; j < cred->roaming_consortiums_len[i]; j++)
-				fprintf(f, "%02x",
-					cred->roaming_consortiums[i][j]);
-		}
-		fprintf(f, "\"\n");
-	}
-
-	if (cred->sim_num != DEFAULT_USER_SELECTED_SIM)
-		fprintf(f, "\tsim_num=%d\n", cred->sim_num);
-
-	if (cred->engine)
-		fprintf(f, "\tengine=%d\n", cred->engine);
-	if (cred->engine_id)
-		fprintf(f, "\tengine_id=\"%s\"\n", cred->engine_id);
-	if (cred->key_id)
-		fprintf(f, "\tkey_id=\"%s\"\n", cred->key_id);
-	if (cred->cert_id)
-		fprintf(f, "\tcert_id=\"%s\"\n", cred->cert_id);
-	if (cred->ca_cert_id)
-		fprintf(f, "\tca_cert_id=\"%s\"\n", cred->ca_cert_id);
-}
-
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-static int wpa_config_write_blob(FILE *f, struct wpa_config_blob *blob)
-{
-	char *encoded;
-
-	encoded = base64_encode(blob->data, blob->len, NULL);
-	if (encoded == NULL)
-		return -1;
-
-	fprintf(f, "\nblob-base64-%s={\n%s}\n", blob->name, encoded);
-	os_free(encoded);
-	return 0;
-}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-
-static void write_global_bin(FILE *f, const char *field,
-			     const struct wpabuf *val)
-{
-	size_t i;
-	const u8 *pos;
-
-	if (val == NULL)
-		return;
-
-	fprintf(f, "%s=", field);
-	pos = wpabuf_head(val);
-	for (i = 0; i < wpabuf_len(val); i++)
-		fprintf(f, "%02X", *pos++);
-	fprintf(f, "\n");
-}
-
-
-static void wpa_config_write_global(FILE *f, struct wpa_config *config)
-{
-#ifdef CONFIG_CTRL_IFACE
-	if (config->ctrl_interface)
-		fprintf(f, "ctrl_interface=%s\n", config->ctrl_interface);
-	if (config->ctrl_interface_group)
-		fprintf(f, "ctrl_interface_group=%s\n",
-			config->ctrl_interface_group);
-#endif /* CONFIG_CTRL_IFACE */
-	if (config->eapol_version != DEFAULT_EAPOL_VERSION)
-		fprintf(f, "eapol_version=%d\n", config->eapol_version);
-	if (config->ap_scan != DEFAULT_AP_SCAN)
-		fprintf(f, "ap_scan=%d\n", config->ap_scan);
-	if (config->disable_scan_offload)
-		fprintf(f, "disable_scan_offload=%d\n",
-			config->disable_scan_offload);
-	if (config->fast_reauth != DEFAULT_FAST_REAUTH)
-		fprintf(f, "fast_reauth=%d\n", config->fast_reauth);
-	if (config->opensc_engine_path)
-		fprintf(f, "opensc_engine_path=%s\n",
-			config->opensc_engine_path);
-	if (config->pkcs11_engine_path)
-		fprintf(f, "pkcs11_engine_path=%s\n",
-			config->pkcs11_engine_path);
-	if (config->pkcs11_module_path)
-		fprintf(f, "pkcs11_module_path=%s\n",
-			config->pkcs11_module_path);
-	if (config->openssl_ciphers)
-		fprintf(f, "openssl_ciphers=%s\n", config->openssl_ciphers);
-	if (config->pcsc_reader)
-		fprintf(f, "pcsc_reader=%s\n", config->pcsc_reader);
-	if (config->pcsc_pin)
-		fprintf(f, "pcsc_pin=%s\n", config->pcsc_pin);
-	if (config->driver_param)
-		fprintf(f, "driver_param=%s\n", config->driver_param);
-	if (config->dot11RSNAConfigPMKLifetime)
-		fprintf(f, "dot11RSNAConfigPMKLifetime=%u\n",
-			config->dot11RSNAConfigPMKLifetime);
-	if (config->dot11RSNAConfigPMKReauthThreshold)
-		fprintf(f, "dot11RSNAConfigPMKReauthThreshold=%u\n",
-			config->dot11RSNAConfigPMKReauthThreshold);
-	if (config->dot11RSNAConfigSATimeout)
-		fprintf(f, "dot11RSNAConfigSATimeout=%u\n",
-			config->dot11RSNAConfigSATimeout);
-	if (config->update_config)
-		fprintf(f, "update_config=%d\n", config->update_config);
-#ifdef CONFIG_WPS
-	if (!is_nil_uuid(config->uuid)) {
-		char buf[40];
-		uuid_bin2str(config->uuid, buf, sizeof(buf));
-		fprintf(f, "uuid=%s\n", buf);
-	}
-	if (config->auto_uuid)
-		fprintf(f, "auto_uuid=%d\n", config->auto_uuid);
-	if (config->device_name)
-		fprintf(f, "device_name=%s\n", config->device_name);
-	if (config->manufacturer)
-		fprintf(f, "manufacturer=%s\n", config->manufacturer);
-	if (config->model_name)
-		fprintf(f, "model_name=%s\n", config->model_name);
-	if (config->model_number)
-		fprintf(f, "model_number=%s\n", config->model_number);
-	if (config->serial_number)
-		fprintf(f, "serial_number=%s\n", config->serial_number);
-	{
-		char _buf[WPS_DEV_TYPE_BUFSIZE], *buf;
-		buf = wps_dev_type_bin2str(config->device_type,
-					   _buf, sizeof(_buf));
-		if (os_strcmp(buf, "0-00000000-0") != 0)
-			fprintf(f, "device_type=%s\n", buf);
-	}
-	if (WPA_GET_BE32(config->os_version))
-		fprintf(f, "os_version=%08x\n",
-			WPA_GET_BE32(config->os_version));
-	if (config->config_methods)
-		fprintf(f, "config_methods=%s\n", config->config_methods);
-	if (config->wps_cred_processing)
-		fprintf(f, "wps_cred_processing=%d\n",
-			config->wps_cred_processing);
-	if (config->wps_cred_add_sae)
-		fprintf(f, "wps_cred_add_sae=%d\n",
-			config->wps_cred_add_sae);
-	if (config->wps_vendor_ext_m1) {
-		int i, len = wpabuf_len(config->wps_vendor_ext_m1);
-		const u8 *p = wpabuf_head_u8(config->wps_vendor_ext_m1);
-		if (len > 0) {
-			fprintf(f, "wps_vendor_ext_m1=");
-			for (i = 0; i < len; i++)
-				fprintf(f, "%02x", *p++);
-			fprintf(f, "\n");
-		}
-	}
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	{
-		int i;
-		char _buf[WPS_DEV_TYPE_BUFSIZE], *buf;
-
-		for (i = 0; i < config->num_sec_device_types; i++) {
-			buf = wps_dev_type_bin2str(config->sec_device_type[i],
-						   _buf, sizeof(_buf));
-			if (buf)
-				fprintf(f, "sec_device_type=%s\n", buf);
-		}
-	}
-	if (config->p2p_listen_reg_class)
-		fprintf(f, "p2p_listen_reg_class=%d\n",
-			config->p2p_listen_reg_class);
-	if (config->p2p_listen_channel)
-		fprintf(f, "p2p_listen_channel=%d\n",
-			config->p2p_listen_channel);
-	if (config->p2p_oper_reg_class)
-		fprintf(f, "p2p_oper_reg_class=%d\n",
-			config->p2p_oper_reg_class);
-	if (config->p2p_oper_channel)
-		fprintf(f, "p2p_oper_channel=%d\n", config->p2p_oper_channel);
-	if (config->p2p_go_intent != DEFAULT_P2P_GO_INTENT)
-		fprintf(f, "p2p_go_intent=%d\n", config->p2p_go_intent);
-	if (config->p2p_ssid_postfix)
-		fprintf(f, "p2p_ssid_postfix=%s\n", config->p2p_ssid_postfix);
-	if (config->persistent_reconnect)
-		fprintf(f, "persistent_reconnect=%d\n",
-			config->persistent_reconnect);
-	if (config->p2p_intra_bss != DEFAULT_P2P_INTRA_BSS)
-		fprintf(f, "p2p_intra_bss=%d\n", config->p2p_intra_bss);
-	if (config->p2p_group_idle)
-		fprintf(f, "p2p_group_idle=%d\n", config->p2p_group_idle);
-	if (config->p2p_passphrase_len)
-		fprintf(f, "p2p_passphrase_len=%u\n",
-			config->p2p_passphrase_len);
-	if (config->p2p_pref_chan) {
-		unsigned int i;
-		fprintf(f, "p2p_pref_chan=");
-		for (i = 0; i < config->num_p2p_pref_chan; i++) {
-			fprintf(f, "%s%u:%u", i > 0 ? "," : "",
-				config->p2p_pref_chan[i].op_class,
-				config->p2p_pref_chan[i].chan);
-		}
-		fprintf(f, "\n");
-	}
-	if (config->p2p_no_go_freq.num) {
-		char *val = freq_range_list_str(&config->p2p_no_go_freq);
-		if (val) {
-			fprintf(f, "p2p_no_go_freq=%s\n", val);
-			os_free(val);
-		}
-	}
-	if (config->p2p_add_cli_chan)
-		fprintf(f, "p2p_add_cli_chan=%d\n", config->p2p_add_cli_chan);
-	if (config->p2p_optimize_listen_chan !=
-	    DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN)
-		fprintf(f, "p2p_optimize_listen_chan=%d\n",
-			config->p2p_optimize_listen_chan);
-	if (config->p2p_go_ht40)
-		fprintf(f, "p2p_go_ht40=%d\n", config->p2p_go_ht40);
-	if (config->p2p_go_vht)
-		fprintf(f, "p2p_go_vht=%d\n", config->p2p_go_vht);
-	if (config->p2p_go_he)
-		fprintf(f, "p2p_go_he=%d\n", config->p2p_go_he);
-	if (config->p2p_go_edmg)
-		fprintf(f, "p2p_go_edmg=%d\n", config->p2p_go_edmg);
-	if (config->p2p_go_ctwindow != DEFAULT_P2P_GO_CTWINDOW)
-		fprintf(f, "p2p_go_ctwindow=%d\n", config->p2p_go_ctwindow);
-	if (config->p2p_disabled)
-		fprintf(f, "p2p_disabled=%d\n", config->p2p_disabled);
-	if (config->p2p_no_group_iface)
-		fprintf(f, "p2p_no_group_iface=%d\n",
-			config->p2p_no_group_iface);
-	if (config->p2p_ignore_shared_freq)
-		fprintf(f, "p2p_ignore_shared_freq=%d\n",
-			config->p2p_ignore_shared_freq);
-	if (config->p2p_cli_probe)
-		fprintf(f, "p2p_cli_probe=%d\n", config->p2p_cli_probe);
-	if (config->p2p_go_freq_change_policy != DEFAULT_P2P_GO_FREQ_MOVE)
-		fprintf(f, "p2p_go_freq_change_policy=%u\n",
-			config->p2p_go_freq_change_policy);
-
-	if (config->p2p_6ghz_disable)
-		fprintf(f, "p2p_6ghz_disable=%d\n", config->p2p_6ghz_disable);
-
-	if (WPA_GET_BE32(config->ip_addr_go))
-		fprintf(f, "ip_addr_go=%u.%u.%u.%u\n",
-			config->ip_addr_go[0], config->ip_addr_go[1],
-			config->ip_addr_go[2], config->ip_addr_go[3]);
-	if (WPA_GET_BE32(config->ip_addr_mask))
-		fprintf(f, "ip_addr_mask=%u.%u.%u.%u\n",
-			config->ip_addr_mask[0], config->ip_addr_mask[1],
-			config->ip_addr_mask[2], config->ip_addr_mask[3]);
-	if (WPA_GET_BE32(config->ip_addr_start))
-		fprintf(f, "ip_addr_start=%u.%u.%u.%u\n",
-			config->ip_addr_start[0], config->ip_addr_start[1],
-			config->ip_addr_start[2], config->ip_addr_start[3]);
-	if (WPA_GET_BE32(config->ip_addr_end))
-		fprintf(f, "ip_addr_end=%u.%u.%u.%u\n",
-			config->ip_addr_end[0], config->ip_addr_end[1],
-			config->ip_addr_end[2], config->ip_addr_end[3]);
-#endif /* CONFIG_P2P */
-	if (config->country[0] && config->country[1]) {
-		fprintf(f, "country=%c%c\n",
-			config->country[0], config->country[1]);
-	}
-	if (config->bss_max_count != DEFAULT_BSS_MAX_COUNT)
-		fprintf(f, "bss_max_count=%u\n", config->bss_max_count);
-	if (config->bss_expiration_age != DEFAULT_BSS_EXPIRATION_AGE)
-		fprintf(f, "bss_expiration_age=%u\n",
-			config->bss_expiration_age);
-	if (config->bss_expiration_scan_count !=
-	    DEFAULT_BSS_EXPIRATION_SCAN_COUNT)
-		fprintf(f, "bss_expiration_scan_count=%u\n",
-			config->bss_expiration_scan_count);
-	if (config->filter_ssids)
-		fprintf(f, "filter_ssids=%d\n", config->filter_ssids);
-	if (config->filter_rssi)
-		fprintf(f, "filter_rssi=%d\n", config->filter_rssi);
-	if (config->max_num_sta != DEFAULT_MAX_NUM_STA)
-		fprintf(f, "max_num_sta=%u\n", config->max_num_sta);
-	if (config->ap_isolate != DEFAULT_AP_ISOLATE)
-		fprintf(f, "ap_isolate=%u\n", config->ap_isolate);
-	if (config->disassoc_low_ack)
-		fprintf(f, "disassoc_low_ack=%d\n", config->disassoc_low_ack);
-#ifdef CONFIG_HS20
-	if (config->hs20)
-		fprintf(f, "hs20=1\n");
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_INTERWORKING
-	if (config->interworking)
-		fprintf(f, "interworking=%d\n", config->interworking);
-	if (!is_zero_ether_addr(config->hessid))
-		fprintf(f, "hessid=" MACSTR "\n", MAC2STR(config->hessid));
-	if (config->access_network_type != DEFAULT_ACCESS_NETWORK_TYPE)
-		fprintf(f, "access_network_type=%d\n",
-			config->access_network_type);
-	if (config->go_interworking)
-		fprintf(f, "go_interworking=%d\n", config->go_interworking);
-	if (config->go_access_network_type)
-		fprintf(f, "go_access_network_type=%d\n",
-			config->go_access_network_type);
-	if (config->go_internet)
-		fprintf(f, "go_internet=%d\n", config->go_internet);
-	if (config->go_venue_group)
-		fprintf(f, "go_venue_group=%d\n", config->go_venue_group);
-	if (config->go_venue_type)
-		fprintf(f, "go_venue_type=%d\n", config->go_venue_type);
-#endif /* CONFIG_INTERWORKING */
-	if (config->pbc_in_m1)
-		fprintf(f, "pbc_in_m1=%d\n", config->pbc_in_m1);
-	if (config->wps_nfc_pw_from_config) {
-		if (config->wps_nfc_dev_pw_id)
-			fprintf(f, "wps_nfc_dev_pw_id=%d\n",
-				config->wps_nfc_dev_pw_id);
-		write_global_bin(f, "wps_nfc_dh_pubkey",
-				 config->wps_nfc_dh_pubkey);
-		write_global_bin(f, "wps_nfc_dh_privkey",
-				 config->wps_nfc_dh_privkey);
-		write_global_bin(f, "wps_nfc_dev_pw", config->wps_nfc_dev_pw);
-	}
-
-	if (config->ext_password_backend)
-		fprintf(f, "ext_password_backend=%s\n",
-			config->ext_password_backend);
-	if (config->p2p_go_max_inactivity != DEFAULT_P2P_GO_MAX_INACTIVITY)
-		fprintf(f, "p2p_go_max_inactivity=%d\n",
-			config->p2p_go_max_inactivity);
-	if (config->auto_interworking)
-		fprintf(f, "auto_interworking=%d\n",
-			config->auto_interworking);
-	if (config->okc)
-		fprintf(f, "okc=%d\n", config->okc);
-	if (config->pmf)
-		fprintf(f, "pmf=%d\n", config->pmf);
-	if (config->dtim_period)
-		fprintf(f, "dtim_period=%d\n", config->dtim_period);
-	if (config->beacon_int)
-		fprintf(f, "beacon_int=%d\n", config->beacon_int);
-
-	if (config->sae_groups) {
-		int i;
-		fprintf(f, "sae_groups=");
-		for (i = 0; config->sae_groups[i] > 0; i++) {
-			fprintf(f, "%s%d", i > 0 ? " " : "",
-				config->sae_groups[i]);
-		}
-		fprintf(f, "\n");
-	}
-
-	if (config->sae_pwe)
-		fprintf(f, "sae_pwe=%d\n", config->sae_pwe);
-
-	if (config->sae_pmkid_in_assoc)
-		fprintf(f, "sae_pmkid_in_assoc=%d\n",
-			config->sae_pmkid_in_assoc);
-
-	if (config->ap_vendor_elements) {
-		int i, len = wpabuf_len(config->ap_vendor_elements);
-		const u8 *p = wpabuf_head_u8(config->ap_vendor_elements);
-		if (len > 0) {
-			fprintf(f, "ap_vendor_elements=");
-			for (i = 0; i < len; i++)
-				fprintf(f, "%02x", *p++);
-			fprintf(f, "\n");
-		}
-	}
-
-	if (config->ap_assocresp_elements) {
-		int i, len = wpabuf_len(config->ap_assocresp_elements);
-		const u8 *p = wpabuf_head_u8(config->ap_assocresp_elements);
-
-		if (len > 0) {
-			fprintf(f, "ap_assocresp_elements=");
-			for (i = 0; i < len; i++)
-				fprintf(f, "%02x", *p++);
-			fprintf(f, "\n");
-		}
-	}
-
-	if (config->ignore_old_scan_res)
-		fprintf(f, "ignore_old_scan_res=%d\n",
-			config->ignore_old_scan_res);
-
-	if (config->freq_list && config->freq_list[0]) {
-		int i;
-		fprintf(f, "freq_list=");
-		for (i = 0; config->freq_list[i]; i++) {
-			fprintf(f, "%s%d", i > 0 ? " " : "",
-				config->freq_list[i]);
-		}
-		fprintf(f, "\n");
-	}
-	if (config->initial_freq_list && config->initial_freq_list[0]) {
-		int i;
-		fprintf(f, "initial_freq_list=");
-		for (i = 0; config->initial_freq_list[i]; i++) {
-			fprintf(f, "%s%d", i > 0 ? " " : "",
-				config->initial_freq_list[i]);
-		}
-		fprintf(f, "\n");
-	}
-	if (config->scan_cur_freq != DEFAULT_SCAN_CUR_FREQ)
-		fprintf(f, "scan_cur_freq=%d\n", config->scan_cur_freq);
-
-	if (config->scan_res_valid_for_connect !=
-	    DEFAULT_SCAN_RES_VALID_FOR_CONNECT)
-		fprintf(f, "scan_res_valid_for_connect=%d\n",
-			config->scan_res_valid_for_connect);
-
-	if (config->sched_scan_interval)
-		fprintf(f, "sched_scan_interval=%u\n",
-			config->sched_scan_interval);
-
-	if (config->sched_scan_start_delay)
-		fprintf(f, "sched_scan_start_delay=%u\n",
-			config->sched_scan_start_delay);
-
-	if (config->external_sim)
-		fprintf(f, "external_sim=%d\n", config->external_sim);
-
-	if (config->tdls_external_control)
-		fprintf(f, "tdls_external_control=%d\n",
-			config->tdls_external_control);
-
-	if (config->wowlan_triggers)
-		fprintf(f, "wowlan_triggers=%s\n",
-			config->wowlan_triggers);
-
-	if (config->bgscan)
-		fprintf(f, "bgscan=\"%s\"\n", config->bgscan);
-
-	if (config->autoscan)
-		fprintf(f, "autoscan=%s\n", config->autoscan);
-
-	if (config->p2p_search_delay != DEFAULT_P2P_SEARCH_DELAY)
-		fprintf(f, "p2p_search_delay=%u\n",
-			config->p2p_search_delay);
-
-	if (config->mac_addr)
-		fprintf(f, "mac_addr=%d\n", config->mac_addr);
-
-	if (config->rand_addr_lifetime != DEFAULT_RAND_ADDR_LIFETIME)
-		fprintf(f, "rand_addr_lifetime=%u\n",
-			config->rand_addr_lifetime);
-
-	if (config->preassoc_mac_addr)
-		fprintf(f, "preassoc_mac_addr=%d\n", config->preassoc_mac_addr);
-
-	if (config->key_mgmt_offload != DEFAULT_KEY_MGMT_OFFLOAD)
-		fprintf(f, "key_mgmt_offload=%d\n", config->key_mgmt_offload);
-
-	if (config->user_mpm != DEFAULT_USER_MPM)
-		fprintf(f, "user_mpm=%d\n", config->user_mpm);
-
-	if (config->max_peer_links != DEFAULT_MAX_PEER_LINKS)
-		fprintf(f, "max_peer_links=%d\n", config->max_peer_links);
-
-	if (config->cert_in_cb != DEFAULT_CERT_IN_CB)
-		fprintf(f, "cert_in_cb=%d\n", config->cert_in_cb);
-
-	if (config->mesh_max_inactivity != DEFAULT_MESH_MAX_INACTIVITY)
-		fprintf(f, "mesh_max_inactivity=%d\n",
-			config->mesh_max_inactivity);
-
-	if (config->mesh_fwding != DEFAULT_MESH_FWDING)
-		fprintf(f, "mesh_fwding=%d\n", config->mesh_fwding);
-
-	if (config->dot11RSNASAERetransPeriod !=
-	    DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD)
-		fprintf(f, "dot11RSNASAERetransPeriod=%d\n",
-			config->dot11RSNASAERetransPeriod);
-
-	if (config->passive_scan)
-		fprintf(f, "passive_scan=%d\n", config->passive_scan);
-
-	if (config->reassoc_same_bss_optim)
-		fprintf(f, "reassoc_same_bss_optim=%d\n",
-			config->reassoc_same_bss_optim);
-
-	if (config->wps_priority)
-		fprintf(f, "wps_priority=%d\n", config->wps_priority);
-
-	if (config->wpa_rsc_relaxation != DEFAULT_WPA_RSC_RELAXATION)
-		fprintf(f, "wpa_rsc_relaxation=%d\n",
-			config->wpa_rsc_relaxation);
-
-	if (config->sched_scan_plans)
-		fprintf(f, "sched_scan_plans=%s\n", config->sched_scan_plans);
-
-#ifdef CONFIG_MBO
-	if (config->non_pref_chan)
-		fprintf(f, "non_pref_chan=%s\n", config->non_pref_chan);
-	if (config->mbo_cell_capa != DEFAULT_MBO_CELL_CAPA)
-		fprintf(f, "mbo_cell_capa=%u\n", config->mbo_cell_capa);
-	if (config->disassoc_imminent_rssi_threshold !=
-	    DEFAULT_DISASSOC_IMMINENT_RSSI_THRESHOLD)
-		fprintf(f, "disassoc_imminent_rssi_threshold=%d\n",
-			config->disassoc_imminent_rssi_threshold);
-	if (config->oce != DEFAULT_OCE_SUPPORT)
-		fprintf(f, "oce=%u\n", config->oce);
-#endif /* CONFIG_MBO */
-
-	if (config->gas_address3)
-		fprintf(f, "gas_address3=%d\n", config->gas_address3);
-
-	if (config->ftm_responder)
-		fprintf(f, "ftm_responder=%d\n", config->ftm_responder);
-	if (config->ftm_initiator)
-		fprintf(f, "ftm_initiator=%d\n", config->ftm_initiator);
-
-	if (config->osu_dir)
-		fprintf(f, "osu_dir=%s\n", config->osu_dir);
-
-	if (config->fst_group_id)
-		fprintf(f, "fst_group_id=%s\n", config->fst_group_id);
-	if (config->fst_priority)
-		fprintf(f, "fst_priority=%d\n", config->fst_priority);
-	if (config->fst_llt)
-		fprintf(f, "fst_llt=%d\n", config->fst_llt);
-
-	if (config->gas_rand_addr_lifetime != DEFAULT_RAND_ADDR_LIFETIME)
-		fprintf(f, "gas_rand_addr_lifetime=%u\n",
-			config->gas_rand_addr_lifetime);
-	if (config->gas_rand_mac_addr)
-		fprintf(f, "gas_rand_mac_addr=%d\n", config->gas_rand_mac_addr);
-	if (config->dpp_config_processing)
-		fprintf(f, "dpp_config_processing=%d\n",
-			config->dpp_config_processing);
-	if (config->coloc_intf_reporting)
-		fprintf(f, "coloc_intf_reporting=%d\n",
-			config->coloc_intf_reporting);
-	if (config->p2p_device_random_mac_addr)
-		fprintf(f, "p2p_device_random_mac_addr=%d\n",
-			config->p2p_device_random_mac_addr);
-	if (!is_zero_ether_addr(config->p2p_device_persistent_mac_addr))
-		fprintf(f, "p2p_device_persistent_mac_addr=" MACSTR "\n",
-			MAC2STR(config->p2p_device_persistent_mac_addr));
-	if (config->p2p_interface_random_mac_addr)
-		fprintf(f, "p2p_interface_random_mac_addr=%d\n",
-			config->p2p_interface_random_mac_addr);
-	if (config->disable_btm)
-		fprintf(f, "disable_btm=1\n");
-	if (config->extended_key_id != DEFAULT_EXTENDED_KEY_ID)
-		fprintf(f, "extended_key_id=%d\n",
-			config->extended_key_id);
-	if (config->wowlan_disconnect_on_deinit)
-		fprintf(f, "wowlan_disconnect_on_deinit=%d\n",
-			config->wowlan_disconnect_on_deinit);
-}
-
-#endif /* CONFIG_NO_CONFIG_WRITE */
-
-
-int wpa_config_write(const char *name, struct wpa_config *config)
-{
-#ifndef CONFIG_NO_CONFIG_WRITE
-	FILE *f;
-	struct wpa_ssid *ssid;
-	struct wpa_cred *cred;
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	struct wpa_config_blob *blob;
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-	int ret = 0;
-	const char *orig_name = name;
-	int tmp_len;
-	char *tmp_name;
-
-	if (!name) {
-		wpa_printf(MSG_ERROR, "No configuration file for writing");
-		return -1;
-	}
-
-	tmp_len = os_strlen(name) + 5; /* allow space for .tmp suffix */
-	tmp_name = os_malloc(tmp_len);
-	if (tmp_name) {
-		os_snprintf(tmp_name, tmp_len, "%s.tmp", name);
-		name = tmp_name;
-	}
-
-	wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
-
-	f = fopen(name, "w");
-	if (f == NULL) {
-		wpa_printf(MSG_DEBUG, "Failed to open '%s' for writing", name);
-		os_free(tmp_name);
-		return -1;
-	}
-
-	wpa_config_write_global(f, config);
-
-	for (cred = config->cred; cred; cred = cred->next) {
-		if (cred->temporary)
-			continue;
-		fprintf(f, "\ncred={\n");
-		wpa_config_write_cred(f, cred);
-		fprintf(f, "}\n");
-	}
-
-	for (ssid = config->ssid; ssid; ssid = ssid->next) {
-		if (ssid->key_mgmt == WPA_KEY_MGMT_WPS || ssid->temporary)
-			continue; /* do not save temporary networks */
-		if (wpa_key_mgmt_wpa_psk_no_sae(ssid->key_mgmt) &&
-		    !ssid->psk_set && !ssid->passphrase)
-			continue; /* do not save invalid network */
-		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
-		    !ssid->passphrase && !ssid->sae_password)
-			continue; /* do not save invalid network */
-		fprintf(f, "\nnetwork={\n");
-		wpa_config_write_network(f, ssid);
-		fprintf(f, "}\n");
-	}
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	for (blob = config->blobs; blob; blob = blob->next) {
-		ret = wpa_config_write_blob(f, blob);
-		if (ret)
-			break;
-	}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-	os_fdatasync(f);
-
-	fclose(f);
-
-	if (tmp_name) {
-		int chmod_ret = 0;
-
-#ifdef ANDROID
-		chmod_ret = chmod(tmp_name,
-				  S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
-#endif /* ANDROID */
-		if (chmod_ret != 0 || rename(tmp_name, orig_name) != 0)
-			ret = -1;
-
-		os_free(tmp_name);
-	}
-
-	wpa_printf(MSG_DEBUG, "Configuration file '%s' written %ssuccessfully",
-		   orig_name, ret ? "un" : "");
-	return ret;
-#else /* CONFIG_NO_CONFIG_WRITE */
-	return -1;
-#endif /* CONFIG_NO_CONFIG_WRITE */
-}
diff --git a/wpa_supplicant/config_none.c b/wpa_supplicant/config_none.c
deleted file mode 100644
index 0bc977e3961b..000000000000
--- a/wpa_supplicant/config_none.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * WPA Supplicant / Configuration backend: empty starting point
- * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * This file implements stub example of a configuration backend. None of the
- * functions are actually implemented so this can be used as a simple
- * compilation test or a starting point for a new configuration backend.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "config.h"
-#include "base64.h"
-
-
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
-{
-	struct wpa_config *config;
-
-	if (name == NULL)
-		return NULL;
-	if (cfgp)
-		config = cfgp;
-	else
-		config = wpa_config_alloc_empty(NULL, NULL);
-	if (config == NULL)
-		return NULL;
-	/* TODO: fill in configuration data */
-	return config;
-}
-
-
-int wpa_config_write(const char *name, struct wpa_config *config)
-{
-	struct wpa_ssid *ssid;
-	struct wpa_config_blob *blob;
-
-	wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
-
-	/* TODO: write global config parameters */
-
-
-	for (ssid = config->ssid; ssid; ssid = ssid->next) {
-		/* TODO: write networks */
-	}
-
-	for (blob = config->blobs; blob; blob = blob->next) {
-		/* TODO: write blobs */
-	}
-
-	return 0;
-}
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
deleted file mode 100644
index 724534dd0123..000000000000
--- a/wpa_supplicant/config_ssid.h
+++ /dev/null
@@ -1,1182 +0,0 @@
-/*
- * WPA Supplicant / Network configuration structures
- * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef CONFIG_SSID_H
-#define CONFIG_SSID_H
-
-#include "common/defs.h"
-#include "utils/list.h"
-#include "eap_peer/eap_config.h"
-
-
-#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
-#define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \
-			     EAPOL_FLAG_REQUIRE_KEY_BROADCAST)
-#define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN)
-#define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X)
-#ifdef CONFIG_NO_TKIP
-#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP)
-#define DEFAULT_GROUP (WPA_CIPHER_CCMP)
-#else /* CONFIG_NO_TKIP */
-#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
-#define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
-#endif /* CONFIG_NO_TKIP */
-#define DEFAULT_FRAGMENT_SIZE 1398
-
-#define DEFAULT_BG_SCAN_PERIOD -1
-#define DEFAULT_MESH_MAX_RETRIES 2
-#define DEFAULT_MESH_RETRY_TIMEOUT 40
-#define DEFAULT_MESH_CONFIRM_TIMEOUT 40
-#define DEFAULT_MESH_HOLDING_TIMEOUT 40
-#define DEFAULT_MESH_RSSI_THRESHOLD 1 /* no change */
-#define DEFAULT_DISABLE_HT 0
-#define DEFAULT_DISABLE_HT40 0
-#define DEFAULT_DISABLE_SGI 0
-#define DEFAULT_DISABLE_LDPC 0
-#define DEFAULT_TX_STBC -1 /* no change */
-#define DEFAULT_RX_STBC -1 /* no change */
-#define DEFAULT_DISABLE_MAX_AMSDU -1 /* no change */
-#define DEFAULT_AMPDU_FACTOR -1 /* no change */
-#define DEFAULT_AMPDU_DENSITY -1 /* no change */
-#define DEFAULT_USER_SELECTED_SIM 1
-#define DEFAULT_MAX_OPER_CHWIDTH -1
-
-/* Consider global sae_pwe for SAE mechanism for PWE derivation */
-#define DEFAULT_SAE_PWE 4
-
-struct psk_list_entry {
-	struct dl_list list;
-	u8 addr[ETH_ALEN];
-	u8 psk[32];
-	u8 p2p;
-};
-
-enum wpas_mode {
-	WPAS_MODE_INFRA = 0,
-	WPAS_MODE_IBSS = 1,
-	WPAS_MODE_AP = 2,
-	WPAS_MODE_P2P_GO = 3,
-	WPAS_MODE_P2P_GROUP_FORMATION = 4,
-	WPAS_MODE_MESH = 5,
-};
-
-enum sae_pk_mode {
-	SAE_PK_MODE_AUTOMATIC = 0,
-	SAE_PK_MODE_ONLY = 1,
-	SAE_PK_MODE_DISABLED = 2,
-};
-
-/**
- * struct wpa_ssid - Network configuration data
- *
- * This structure includes all the configuration variables for a network. This
- * data is included in the per-interface configuration data as an element of
- * the network list, struct wpa_config::ssid. Each network block in the
- * configuration is mapped to a struct wpa_ssid instance.
- */
-struct wpa_ssid {
-	/**
-	 * next - Next network in global list
-	 *
-	 * This pointer can be used to iterate over all networks. The head of
-	 * this list is stored in the ssid field of struct wpa_config.
-	 */
-	struct wpa_ssid *next;
-
-	/**
-	 * pnext - Next network in per-priority list
-	 *
-	 * This pointer can be used to iterate over all networks in the same
-	 * priority class. The heads of these list are stored in the pssid
-	 * fields of struct wpa_config.
-	 */
-	struct wpa_ssid *pnext;
-
-	/**
-	 * id - Unique id for the network
-	 *
-	 * This identifier is used as a unique identifier for each network
-	 * block when using the control interface. Each network is allocated an
-	 * id when it is being created, either when reading the configuration
-	 * file or when a new network is added through the control interface.
-	 */
-	int id;
-
-	/**
-	 * priority - Priority group
-	 *
-	 * By default, all networks will get same priority group (0). If some
-	 * of the networks are more desirable, this field can be used to change
-	 * the order in which wpa_supplicant goes through the networks when
-	 * selecting a BSS. The priority groups will be iterated in decreasing
-	 * priority (i.e., the larger the priority value, the sooner the
-	 * network is matched against the scan results). Within each priority
-	 * group, networks will be selected based on security policy, signal
-	 * strength, etc.
-	 *
-	 * Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are
-	 * not using this priority to select the order for scanning. Instead,
-	 * they try the networks in the order that used in the configuration
-	 * file.
-	 */
-	int priority;
-
-	/**
-	 * ssid - Service set identifier (network name)
-	 *
-	 * This is the SSID for the network. For wireless interfaces, this is
-	 * used to select which network will be used. If set to %NULL (or
-	 * ssid_len=0), any SSID can be used. For wired interfaces, this must
-	 * be set to %NULL. Note: SSID may contain any characters, even nul
-	 * (ASCII 0) and as such, this should not be assumed to be a nul
-	 * terminated string. ssid_len defines how many characters are valid
-	 * and the ssid field is not guaranteed to be nul terminated.
-	 */
-	u8 *ssid;
-
-	/**
-	 * ssid_len - Length of the SSID
-	 */
-	size_t ssid_len;
-
-	/**
-	 * bssid - BSSID
-	 *
-	 * If set, this network block is used only when associating with the AP
-	 * using the configured BSSID
-	 *
-	 * If this is a persistent P2P group (disabled == 2), this is the GO
-	 * Device Address.
-	 */
-	u8 bssid[ETH_ALEN];
-
-	/**
-	 * bssid_ignore - List of inacceptable BSSIDs
-	 */
-	u8 *bssid_ignore;
-	size_t num_bssid_ignore;
-
-	/**
-	 * bssid_accept - List of acceptable BSSIDs
-	 */
-	u8 *bssid_accept;
-	size_t num_bssid_accept;
-
-	/**
-	 * bssid_set - Whether BSSID is configured for this network
-	 */
-	int bssid_set;
-
-	/**
-	 * bssid_hint - BSSID hint
-	 *
-	 * If set, this is configured to the driver as a preferred initial BSSID
-	 * while connecting to this network.
-	 */
-	u8 bssid_hint[ETH_ALEN];
-
-	/**
-	 * bssid_hint_set - Whether BSSID hint is configured for this network
-	 */
-	int bssid_hint_set;
-
-	/**
-	 * go_p2p_dev_addr - GO's P2P Device Address or all zeros if not set
-	 */
-	u8 go_p2p_dev_addr[ETH_ALEN];
-
-	/**
-	 * psk - WPA pre-shared key (256 bits)
-	 */
-	u8 psk[32];
-
-	/**
-	 * psk_set - Whether PSK field is configured
-	 */
-	int psk_set;
-
-	/**
-	 * passphrase - WPA ASCII passphrase
-	 *
-	 * If this is set, psk will be generated using the SSID and passphrase
-	 * configured for the network. ASCII passphrase must be between 8 and
-	 * 63 characters (inclusive).
-	 */
-	char *passphrase;
-
-	/**
-	 * sae_password - SAE password
-	 *
-	 * This parameter can be used to set a password for SAE. By default, the
-	 * passphrase value is used if this separate parameter is not used, but
-	 * passphrase follows the WPA-PSK constraints (8..63 characters) even
-	 * though SAE passwords do not have such constraints.
-	 */
-	char *sae_password;
-
-	/**
-	 * sae_password_id - SAE password identifier
-	 *
-	 * This parameter can be used to identify a specific SAE password. If
-	 * not included, the default SAE password is used instead.
-	 */
-	char *sae_password_id;
-
-	struct sae_pt *pt;
-
-	/**
-	 * ext_psk - PSK/passphrase name in external storage
-	 *
-	 * If this is set, PSK/passphrase will be fetched from external storage
-	 * when requesting association with the network.
-	 */
-	char *ext_psk;
-
-	/**
-	 * mem_only_psk - Whether to keep PSK/passphrase only in memory
-	 *
-	 * 0 = allow psk/passphrase to be stored to the configuration file
-	 * 1 = do not store psk/passphrase to the configuration file
-	 */
-	int mem_only_psk;
-
-	/**
-	 * pairwise_cipher - Bitfield of allowed pairwise ciphers, WPA_CIPHER_*
-	 */
-	int pairwise_cipher;
-
-	/**
-	 * group_cipher - Bitfield of allowed group ciphers, WPA_CIPHER_*
-	 */
-	int group_cipher;
-
-	/**
-	 * group_mgmt_cipher - Bitfield of allowed group management ciphers
-	 *
-	 * This is a bitfield of WPA_CIPHER_AES_128_CMAC and WPA_CIPHER_BIP_*
-	 * values. If 0, no constraint is used for the cipher, i.e., whatever
-	 * the AP uses is accepted.
-	 */
-	int group_mgmt_cipher;
-
-	/**
-	 * key_mgmt - Bitfield of allowed key management protocols
-	 *
-	 * WPA_KEY_MGMT_*
-	 */
-	int key_mgmt;
-
-	/**
-	 * bg_scan_period - Background scan period in seconds, 0 to disable, or
-	 * -1 to indicate no change to default driver configuration
-	 */
-	int bg_scan_period;
-
-	/**
-	 * proto - Bitfield of allowed protocols, WPA_PROTO_*
-	 */
-	int proto;
-
-	/**
-	 * auth_alg -  Bitfield of allowed authentication algorithms
-	 *
-	 * WPA_AUTH_ALG_*
-	 */
-	int auth_alg;
-
-	/**
-	 * scan_ssid - Scan this SSID with Probe Requests
-	 *
-	 * scan_ssid can be used to scan for APs using hidden SSIDs.
-	 * Note: Many drivers do not support this. ap_mode=2 can be used with
-	 * such drivers to use hidden SSIDs. Note2: Most nl80211-based drivers
-	 * do support scan_ssid=1 and that should be used with them instead of
-	 * ap_scan=2.
-	 */
-	int scan_ssid;
-
-#ifdef IEEE8021X_EAPOL
-#define EAPOL_FLAG_REQUIRE_KEY_UNICAST BIT(0)
-#define EAPOL_FLAG_REQUIRE_KEY_BROADCAST BIT(1)
-	/**
-	 * eapol_flags - Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*)
-	 */
-	int eapol_flags;
-
-	/**
-	 * eap - EAP peer configuration for this network
-	 */
-	struct eap_peer_config eap;
-#endif /* IEEE8021X_EAPOL */
-
-#ifdef CONFIG_WEP
-#define NUM_WEP_KEYS 4
-#define MAX_WEP_KEY_LEN 16
-	/**
-	 * wep_key - WEP keys
-	 */
-	u8 wep_key[NUM_WEP_KEYS][MAX_WEP_KEY_LEN];
-
-	/**
-	 * wep_key_len - WEP key lengths
-	 */
-	size_t wep_key_len[NUM_WEP_KEYS];
-
-	/**
-	 * wep_tx_keyidx - Default key index for TX frames using WEP
-	 */
-	int wep_tx_keyidx;
-#endif /* CONFIG_WEP */
-
-	/**
-	 * proactive_key_caching - Enable proactive key caching
-	 *
-	 * This field can be used to enable proactive key caching which is also
-	 * known as opportunistic PMKSA caching for WPA2. This is disabled (0)
-	 * by default unless default value is changed with the global okc=1
-	 * parameter. Enable by setting this to 1.
-	 *
-	 * Proactive key caching is used to make supplicant assume that the APs
-	 * are using the same PMK and generate PMKSA cache entries without
-	 * doing RSN pre-authentication. This requires support from the AP side
-	 * and is normally used with wireless switches that co-locate the
-	 * authenticator.
-	 *
-	 * Internally, special value -1 is used to indicate that the parameter
-	 * was not specified in the configuration (i.e., default behavior is
-	 * followed).
-	 */
-	int proactive_key_caching;
-
-	/**
-	 * mixed_cell - Whether mixed cells are allowed
-	 *
-	 * This option can be used to configure whether so called mixed cells,
-	 * i.e., networks that use both plaintext and encryption in the same
-	 * SSID, are allowed. This is disabled (0) by default. Enable by
-	 * setting this to 1.
-	 */
-	int mixed_cell;
-
-#ifdef IEEE8021X_EAPOL
-
-	/**
-	 * leap - Number of EAP methods using LEAP
-	 *
-	 * This field should be set to 1 if LEAP is enabled. This is used to
-	 * select IEEE 802.11 authentication algorithm.
-	 */
-	int leap;
-
-	/**
-	 * non_leap - Number of EAP methods not using LEAP
-	 *
-	 * This field should be set to >0 if any EAP method other than LEAP is
-	 * enabled. This is used to select IEEE 802.11 authentication
-	 * algorithm.
-	 */
-	int non_leap;
-
-	/**
-	 * eap_workaround - EAP workarounds enabled
-	 *
-	 * wpa_supplicant supports number of "EAP workarounds" to work around
-	 * interoperability issues with incorrectly behaving authentication
-	 * servers. This is recommended to be enabled by default because some
-	 * of the issues are present in large number of authentication servers.
-	 *
-	 * Strict EAP conformance mode can be configured by disabling
-	 * workarounds with eap_workaround = 0.
-	 */
-	unsigned int eap_workaround;
-
-#endif /* IEEE8021X_EAPOL */
-
-	/**
-	 * mode - IEEE 802.11 operation mode (Infrastucture/IBSS)
-	 *
-	 * 0 = infrastructure (Managed) mode, i.e., associate with an AP.
-	 *
-	 * 1 = IBSS (ad-hoc, peer-to-peer)
-	 *
-	 * 2 = AP (access point)
-	 *
-	 * 3 = P2P Group Owner (can be set in the configuration file)
-	 *
-	 * 4 = P2P Group Formation (used internally; not in configuration
-	 * files)
-	 *
-	 * 5 = Mesh
-	 *
-	 * Note: IBSS can only be used with key_mgmt NONE (plaintext and static
-	 * WEP) and WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE
-	 * (fixed group key TKIP/CCMP) is available for backwards compatibility,
-	 * but its use is deprecated. WPA-None requires following network block
-	 * options: proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or
-	 * CCMP, but not both), and psk must also be set (either directly or
-	 * using ASCII passphrase).
-	 */
-	enum wpas_mode mode;
-
-	/**
-	 * pbss - Whether to use PBSS. Relevant to DMG networks only.
-	 * 0 = do not use PBSS
-	 * 1 = use PBSS
-	 * 2 = don't care (not allowed in AP mode)
-	 * Used together with mode configuration. When mode is AP, it
-	 * means to start a PCP instead of a regular AP. When mode is INFRA it
-	 * means connect to a PCP instead of AP. In this mode you can also
-	 * specify 2 (don't care) meaning connect to either AP or PCP.
-	 * P2P_GO and P2P_GROUP_FORMATION modes must use PBSS in DMG network.
-	 */
-	int pbss;
-
-	/**
-	 * disabled - Whether this network is currently disabled
-	 *
-	 * 0 = this network can be used (default).
-	 * 1 = this network block is disabled (can be enabled through
-	 * ctrl_iface, e.g., with wpa_cli or wpa_gui).
-	 * 2 = this network block includes parameters for a persistent P2P
-	 * group (can be used with P2P ctrl_iface commands)
-	 */
-	int disabled;
-
-	/**
-	 * disabled_for_connect - Whether this network was temporarily disabled
-	 *
-	 * This flag is used to reenable all the temporarily disabled networks
-	 * after either the success or failure of a WPS connection.
-	 */
-	int disabled_for_connect;
-
-	/**
-	 * id_str - Network identifier string for external scripts
-	 *
-	 * This value is passed to external ctrl_iface monitors in
-	 * WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR
-	 * environment variable for action scripts.
-	 */
-	char *id_str;
-
-	/**
-	 * ieee80211w - Whether management frame protection is enabled
-	 *
-	 * This value is used to configure policy for management frame
-	 * protection (IEEE 802.11w). 0 = disabled, 1 = optional, 2 = required.
-	 * This is disabled by default unless the default value has been changed
-	 * with the global pmf=1/2 parameter.
-	 *
-	 * Internally, special value 3 is used to indicate that the parameter
-	 * was not specified in the configuration (i.e., default behavior is
-	 * followed).
-	 */
-	enum mfp_options ieee80211w;
-
-#ifdef CONFIG_OCV
-	/**
-	 * ocv - Enable/disable operating channel validation
-	 *
-	 * If this parameter is set to 1, stations will exchange OCI element
-	 * to cryptographically verify the operating channel. Setting this
-	 * parameter to 0 disables this option. Default value: 0.
-	 */
-	int ocv;
-#endif /* CONFIG_OCV */
-
-	/**
-	 * frequency - Channel frequency in megahertz (MHz) for IBSS
-	 *
-	 * This value is used to configure the initial channel for IBSS (adhoc)
-	 * networks, e.g., 2412 = IEEE 802.11b/g channel 1. It is ignored in
-	 * the infrastructure mode. In addition, this value is only used by the
-	 * station that creates the IBSS. If an IBSS network with the
-	 * configured SSID is already present, the frequency of the network
-	 * will be used instead of this configured value.
-	 */
-	int frequency;
-
-	/**
-	 * enable_edmg - Enable EDMG feature in STA/AP mode
-	 *
-	 * This flag is used for enabling the EDMG capability in STA/AP mode.
-	 */
-	int enable_edmg;
-
-	/**
-	 * edmg_channel - EDMG channel number
-	 *
-	 * This value is used to configure the EDMG channel bonding feature.
-	 * In AP mode it defines the EDMG channel to start the AP on.
-	 * in STA mode it defines the EDMG channel to use for connection
-	 * (if supported by AP).
-	 */
-	u8 edmg_channel;
-
-	/**
-	 * fixed_freq - Use fixed frequency for IBSS
-	 */
-	int fixed_freq;
-
-#ifdef CONFIG_ACS
-	/**
-	 * ACS - Automatic Channel Selection for AP mode
-	 *
-	 * If present, it will be handled together with frequency.
-	 * frequency will be used to determine hardware mode only, when it is
-	 * used for both hardware mode and channel when used alone. This will
-	 * force the channel to be set to 0, thus enabling ACS.
-	 */
-	int acs;
-#endif /* CONFIG_ACS */
-
-	/**
-	 * mesh_basic_rates - BSS Basic rate set for mesh network
-	 *
-	 */
-	int *mesh_basic_rates;
-
-	/**
-	 * Mesh network plink parameters
-	 */
-	int dot11MeshMaxRetries;
-	int dot11MeshRetryTimeout; /* msec */
-	int dot11MeshConfirmTimeout; /* msec */
-	int dot11MeshHoldingTimeout; /* msec */
-
-	/**
-	 * Mesh network layer-2 forwarding (dot11MeshForwarding)
-	 */
-	int mesh_fwding;
-
-	int ht;
-	int ht40;
-
-	int vht;
-
-	int he;
-
-	int max_oper_chwidth;
-
-	unsigned int vht_center_freq1;
-	unsigned int vht_center_freq2;
-
-	/**
-	 * wpa_ptk_rekey - Maximum lifetime for PTK in seconds
-	 *
-	 * This value can be used to enforce rekeying of PTK to mitigate some
-	 * attacks against TKIP deficiencies.
-	 */
-	int wpa_ptk_rekey;
-
-	/** wpa_deny_ptk0_rekey - Control PTK0 rekeying
-	 *
-	 * Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many
-	 * broken implementations and should be avoided when using or
-	 * interacting with one.
-	 *
-	 * 0 = always rekey when configured/instructed
-	 * 1 = only rekey when the local driver is explicitly indicating it can
-	 *	perform this operation without issues
-	 * 2 = never allow PTK0 rekeys
-	 */
-	enum ptk0_rekey_handling wpa_deny_ptk0_rekey;
-
-	/**
-	 * group_rekey - Group rekeying time in seconds
-	 *
-	 * This value, if non-zero, is used as the dot11RSNAConfigGroupRekeyTime
-	 * parameter when operating in Authenticator role in IBSS.
-	 */
-	int group_rekey;
-
-	/**
-	 * scan_freq - Array of frequencies to scan or %NULL for all
-	 *
-	 * This is an optional zero-terminated array of frequencies in
-	 * megahertz (MHz) to include in scan requests when searching for this
-	 * network. This can be used to speed up scanning when the network is
-	 * known to not use all possible channels.
-	 */
-	int *scan_freq;
-
-	/**
-	 * bgscan - Background scan and roaming parameters or %NULL if none
-	 *
-	 * This is an optional set of parameters for background scanning and
-	 * roaming within a network (ESS) in following format:
-	 * <bgscan module name>:<module parameters>
-	 */
-	char *bgscan;
-
-	/**
-	 * ignore_broadcast_ssid - Hide SSID in AP mode
-	 *
-	 * Send empty SSID in beacons and ignore probe request frames that do
-	 * not specify full SSID, i.e., require stations to know SSID.
-	 * default: disabled (0)
-	 * 1 = send empty (length=0) SSID in beacon and ignore probe request
-	 * for broadcast SSID
-	 * 2 = clear SSID (ASCII 0), but keep the original length (this may be
-	 * required with some clients that do not support empty SSID) and
-	 * ignore probe requests for broadcast SSID
-	 */
-	int ignore_broadcast_ssid;
-
-	/**
-	 * freq_list - Array of allowed frequencies or %NULL for all
-	 *
-	 * This is an optional zero-terminated array of frequencies in
-	 * megahertz (MHz) to allow for selecting the BSS. If set, scan results
-	 * that do not match any of the specified frequencies are not
-	 * considered when selecting a BSS.
-	 */
-	int *freq_list;
-
-	/**
-	 * p2p_client_list - List of P2P Clients in a persistent group (GO)
-	 *
-	 * This is a list of P2P Clients (P2P Device Address) that have joined
-	 * the persistent group. This is maintained on the GO for persistent
-	 * group entries (disabled == 2).
-	 */
-	u8 *p2p_client_list;
-
-	/**
-	 * num_p2p_clients - Number of entries in p2p_client_list
-	 */
-	size_t num_p2p_clients;
-
-#ifndef P2P_MAX_STORED_CLIENTS
-#define P2P_MAX_STORED_CLIENTS 100
-#endif /* P2P_MAX_STORED_CLIENTS */
-
-	/**
-	 * psk_list - Per-client PSKs (struct psk_list_entry)
-	 */
-	struct dl_list psk_list;
-
-	/**
-	 * p2p_group - Network generated as a P2P group (used internally)
-	 */
-	int p2p_group;
-
-	/**
-	 * p2p_persistent_group - Whether this is a persistent group
-	 */
-	int p2p_persistent_group;
-
-	/**
-	 * temporary - Whether this network is temporary and not to be saved
-	 */
-	int temporary;
-
-	/**
-	 * export_keys - Whether keys may be exported
-	 *
-	 * This attribute will be set when keys are determined through
-	 * WPS or similar so that they may be exported.
-	 */
-	int export_keys;
-
-#ifdef CONFIG_HT_OVERRIDES
-	/**
-	 * disable_ht - Disable HT (IEEE 802.11n) for this network
-	 *
-	 * By default, use it if it is available, but this can be configured
-	 * to 1 to have it disabled.
-	 */
-	int disable_ht;
-
-	/**
-	 * disable_ht40 - Disable HT40 for this network
-	 *
-	 * By default, use it if it is available, but this can be configured
-	 * to 1 to have it disabled.
-	 */
-	int disable_ht40;
-
-	/**
-	 * disable_sgi - Disable SGI (Short Guard Interval) for this network
-	 *
-	 * By default, use it if it is available, but this can be configured
-	 * to 1 to have it disabled.
-	 */
-	int disable_sgi;
-
-	/**
-	 * disable_ldpc - Disable LDPC for this network
-	 *
-	 * By default, use it if it is available, but this can be configured
-	 * to 1 to have it disabled.
-	 */
-	int disable_ldpc;
-
-	/**
-	 * ht40_intolerant - Indicate 40 MHz intolerant for this network
-	 */
-	int ht40_intolerant;
-
-	/**
-	 * disable_max_amsdu - Disable MAX A-MSDU
-	 *
-	 * A-MDSU will be 3839 bytes when disabled, or 7935
-	 * when enabled (assuming it is otherwise supported)
-	 * -1 (default) means do not apply any settings to the kernel.
-	 */
-	int disable_max_amsdu;
-
-	/**
-	 * ampdu_factor - Maximum A-MPDU Length Exponent
-	 *
-	 * Value: 0-3, see 7.3.2.56.3 in IEEE Std 802.11n-2009.
-	 */
-	int ampdu_factor;
-
-	/**
-	 * ampdu_density - Minimum A-MPDU Start Spacing
-	 *
-	 * Value: 0-7, see 7.3.2.56.3 in IEEE Std 802.11n-2009.
-	 */
-	int ampdu_density;
-
-	/**
-	 * ht_mcs - Allowed HT-MCS rates, in ASCII hex: ffff0000...
-	 *
-	 * By default (empty string): Use whatever the OS has configured.
-	 */
-	char *ht_mcs;
-
-	/**
-	 * tx_stbc - Indicate STBC support for TX streams
-	 *
-	 * Value: -1..1, by default (-1): use whatever the OS or card has
-	 * configured. See IEEE Std 802.11-2016, 9.4.2.56.2.
-	 */
-	int tx_stbc;
-
-	/**
-	 * rx_stbc - Indicate STBC support for RX streams
-	 *
-	 * Value: -1..3, by default (-1): use whatever the OS or card has
-	 * configured. See IEEE Std 802.11-2016, 9.4.2.56.2.
-	 */
-	int rx_stbc;
-#endif /* CONFIG_HT_OVERRIDES */
-
-#ifdef CONFIG_VHT_OVERRIDES
-	/**
-	 * disable_vht - Disable VHT (IEEE 802.11ac) for this network
-	 *
-	 * By default, use it if it is available, but this can be configured
-	 * to 1 to have it disabled.
-	 */
-	int disable_vht;
-
-	/**
-	 * vht_capa - VHT capabilities to use
-	 */
-	unsigned int vht_capa;
-
-	/**
-	 * vht_capa_mask - mask for VHT capabilities
-	 */
-	unsigned int vht_capa_mask;
-
-	int vht_rx_mcs_nss_1, vht_rx_mcs_nss_2,
-	    vht_rx_mcs_nss_3, vht_rx_mcs_nss_4,
-	    vht_rx_mcs_nss_5, vht_rx_mcs_nss_6,
-	    vht_rx_mcs_nss_7, vht_rx_mcs_nss_8;
-	int vht_tx_mcs_nss_1, vht_tx_mcs_nss_2,
-	    vht_tx_mcs_nss_3, vht_tx_mcs_nss_4,
-	    vht_tx_mcs_nss_5, vht_tx_mcs_nss_6,
-	    vht_tx_mcs_nss_7, vht_tx_mcs_nss_8;
-#endif /* CONFIG_VHT_OVERRIDES */
-
-#ifdef CONFIG_HE_OVERRIDES
-	/**
-	 * disable_he - Disable HE (IEEE 802.11ax) for this network
-	 *
-	 * By default, use it if it is available, but this can be configured
-	 * to 1 to have it disabled.
-	 */
-	int disable_he;
-#endif /* CONFIG_HE_OVERRIDES */
-
-	/**
-	 * ap_max_inactivity - Timeout in seconds to detect STA's inactivity
-	 *
-	 * This timeout value is used in AP mode to clean up inactive stations.
-	 * By default: 300 seconds.
-	 */
-	int ap_max_inactivity;
-
-	/**
-	 * dtim_period - DTIM period in Beacon intervals
-	 * By default: 2
-	 */
-	int dtim_period;
-
-	/**
-	 * beacon_int - Beacon interval (default: 100 TU)
-	 */
-	int beacon_int;
-
-	/**
-	 * auth_failures - Number of consecutive authentication failures
-	 */
-	unsigned int auth_failures;
-
-	/**
-	 * disabled_until - Network block disabled until this time if non-zero
-	 */
-	struct os_reltime disabled_until;
-
-	/**
-	 * parent_cred - Pointer to parent wpa_cred entry
-	 *
-	 * This pointer can be used to delete temporary networks when a wpa_cred
-	 * that was used to create them is removed. This pointer should not be
-	 * dereferences since it may not be updated in all cases.
-	 */
-	void *parent_cred;
-
-#ifdef CONFIG_MACSEC
-	/**
-	 * macsec_policy - Determines the policy for MACsec secure session
-	 *
-	 * 0: MACsec not in use (default)
-	 * 1: MACsec enabled - Should secure, accept key server's advice to
-	 *    determine whether to use a secure session or not.
-	 */
-	int macsec_policy;
-
-	/**
-	 * macsec_integ_only - Determines how MACsec are transmitted
-	 *
-	 * This setting applies only when MACsec is in use, i.e.,
-	 *  - macsec_policy is enabled
-	 *  - the key server has decided to enable MACsec
-	 *
-	 * 0: Encrypt traffic (default)
-	 * 1: Integrity only
-	 */
-	int macsec_integ_only;
-
-	/**
-	 * macsec_replay_protect - Enable MACsec replay protection
-	 *
-	 * This setting applies only when MACsec is in use, i.e.,
-	 *  - macsec_policy is enabled
-	 *  - the key server has decided to enable MACsec
-	 *
-	 * 0: Replay protection disabled (default)
-	 * 1: Replay protection enabled
-	 */
-	int macsec_replay_protect;
-
-	/**
-	 * macsec_replay_window - MACsec replay protection window
-	 *
-	 * A window in which replay is tolerated, to allow receipt of frames
-	 * that have been misordered by the network.
-	 *
-	 * This setting applies only when MACsec replay protection active, i.e.,
-	 *  - macsec_replay_protect is enabled
-	 *  - the key server has decided to enable MACsec
-	 *
-	 * 0: No replay window, strict check (default)
-	 * 1..2^32-1: number of packets that could be misordered
-	 */
-	u32 macsec_replay_window;
-
-	/**
-	 * macsec_port - MACsec port (in SCI)
-	 *
-	 * Port component of the SCI.
-	 *
-	 * Range: 1-65534 (default: 1)
-	 */
-	int macsec_port;
-
-	/**
-	 * mka_priority - Priority of MKA Actor
-	 *
-	 * Range: 0-255 (default: 255)
-	 */
-	int mka_priority;
-
-	/**
-	 * mka_ckn - MKA pre-shared CKN
-	 */
-#define MACSEC_CKN_MAX_LEN 32
-	size_t mka_ckn_len;
-	u8 mka_ckn[MACSEC_CKN_MAX_LEN];
-
-	/**
-	 * mka_cak - MKA pre-shared CAK
-	 */
-#define MACSEC_CAK_MAX_LEN 32
-	size_t mka_cak_len;
-	u8 mka_cak[MACSEC_CAK_MAX_LEN];
-
-#define MKA_PSK_SET_CKN BIT(0)
-#define MKA_PSK_SET_CAK BIT(1)
-#define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK)
-	/**
-	 * mka_psk_set - Whether mka_ckn and mka_cak are set
-	 */
-	u8 mka_psk_set;
-#endif /* CONFIG_MACSEC */
-
-#ifdef CONFIG_HS20
-	int update_identifier;
-
-	/**
-	 * roaming_consortium_selection - Roaming Consortium Selection
-	 *
-	 * The matching Roaming Consortium OI that was used to generate this
-	 * network profile.
-	 */
-	u8 *roaming_consortium_selection;
-
-	/**
-	 * roaming_consortium_selection_len - roaming_consortium_selection len
-	 */
-	size_t roaming_consortium_selection_len;
-#endif /* CONFIG_HS20 */
-
-	unsigned int wps_run;
-
-	/**
-	 * mac_addr - MAC address policy
-	 *
-	 * 0 = use permanent MAC address
-	 * 1 = use random MAC address for each ESS connection
-	 * 2 = like 1, but maintain OUI (with local admin bit set)
-	 *
-	 * Internally, special value -1 is used to indicate that the parameter
-	 * was not specified in the configuration (i.e., default behavior is
-	 * followed).
-	 */
-	int mac_addr;
-
-	/**
-	 * no_auto_peer - Do not automatically peer with compatible mesh peers
-	 *
-	 * When unset, the reception of a beacon from a another mesh peer in
-	 * this MBSS will trigger a peering attempt.
-	 */
-	int no_auto_peer;
-
-	/**
-	 * mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm)
-	 *
-	 * -255..-1 = threshold value in dBm
-	 * 0 = not using RSSI threshold
-	 * 1 = do not change driver default
-	 */
-	int mesh_rssi_threshold;
-
-	/**
-	 * wps_disabled - WPS disabled in AP mode
-	 *
-	 * 0 = WPS enabled and configured (default)
-	 * 1 = WPS disabled
-	 */
-	int wps_disabled;
-
-	/**
-	 * fils_dh_group - FILS DH Group
-	 *
-	 * 0 = PFS disabled with FILS shared key authentication
-	 * 1-65535 DH Group to use for FILS PFS
-	 */
-	int fils_dh_group;
-
-	/**
-	 * dpp_connector - DPP Connector (signedConnector as string)
-	 */
-	char *dpp_connector;
-
-	/**
-	 * dpp_netaccesskey - DPP netAccessKey (own private key)
-	 */
-	u8 *dpp_netaccesskey;
-
-	/**
-	 * dpp_netaccesskey_len - DPP netAccessKey length in octets
-	 */
-	size_t dpp_netaccesskey_len;
-
-	/**
-	 * net_access_key_expiry - DPP netAccessKey expiry in UNIX time stamp
-	 *
-	 * 0 indicates no expiration.
-	 */
-	unsigned int dpp_netaccesskey_expiry;
-
-	/**
-	 * dpp_csign - C-sign-key (Configurator public key)
-	 */
-	u8 *dpp_csign;
-
-	/**
-	 * dpp_csign_len - C-sign-key length in octets
-	 */
-	size_t dpp_csign_len;
-
-	/**
-	 * dpp_pp_key - ppKey (Configurator privacy protection public key)
-	 */
-	u8 *dpp_pp_key;
-
-	/**
-	 * dpp_pp_key_len - ppKey length in octets
-	 */
-	size_t dpp_pp_key_len;
-
-	/**
-	 * dpp_pfs - DPP PFS
-	 * 0: allow PFS to be used or not used
-	 * 1: require PFS to be used (note: not compatible with DPP R1)
-	 * 2: do not allow PFS to be used
-	 */
-	int dpp_pfs;
-
-	/**
-	 * dpp_pfs_fallback - DPP PFS fallback selection
-	 *
-	 * This is an internally used variable (i.e., not used in external
-	 * configuration) to track state of the DPP PFS fallback mechanism.
-	 */
-	int dpp_pfs_fallback;
-
-	/**
-	 * owe_group - OWE DH Group
-	 *
-	 * 0 = use default (19) first and then try all supported groups one by
-	 *	one if AP rejects the selected group
-	 * 1-65535 DH Group to use for OWE
-	 *
-	 * Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are
-	 * currently supported.
-	 */
-	int owe_group;
-
-	/**
-	 * owe_only - OWE-only mode (disable transition mode)
-	 *
-	 * 0 = enable transition mode (allow connection to either OWE or open
-	 *	BSS)
-	 * 1 = disable transition mode (allow connection only with OWE)
-	 */
-	int owe_only;
-
-	/**
-	 * owe_ptk_workaround - OWE PTK derivation workaround
-	 *
-	 * Initial OWE implementation used SHA256 when deriving the PTK for all
-	 * OWE groups. This was supposed to change to SHA384 for group 20 and
-	 * SHA512 for group 21. This parameter can be used to enable older
-	 * behavior mainly for testing purposes. There is no impact to group 19
-	 * behavior, but if enabled, this will make group 20 and 21 cases use
-	 * SHA256-based PTK derivation which will not work with the updated
-	 * OWE implementation on the AP side.
-	 */
-	int owe_ptk_workaround;
-
-	/**
-	 * owe_transition_bss_select_count - OWE transition BSS select count
-	 *
-	 * This is an internally used variable (i.e., not used in external
-	 * configuration) to track the number of selection attempts done for
-	 * OWE BSS in transition mode. This allows fallback to an open BSS if
-	 * the selection attempts for OWE BSS exceed the configured threshold.
-	 */
-	int owe_transition_bss_select_count;
-
-	/**
-	 * multi_ap_backhaul_sta - Multi-AP backhaul STA
-	 * 0 = normal (non-Multi-AP) station
-	 * 1 = Multi-AP backhaul station
-	 */
-	int multi_ap_backhaul_sta;
-
-	/**
-	 * ft_eap_pmksa_caching - Whether FT-EAP PMKSA caching is allowed
-	 * 0 = do not try to use PMKSA caching with FT-EAP
-	 * 1 = try to use PMKSA caching with FT-EAP
-	 *
-	 * This controls whether to try to use PMKSA caching with FT-EAP for the
-	 * FT initial mobility domain association.
-	 */
-	int ft_eap_pmksa_caching;
-
-	/**
-	 * beacon_prot - Whether Beacon protection is enabled
-	 *
-	 * This depends on management frame protection (ieee80211w) being
-	 * enabled.
-	 */
-	int beacon_prot;
-
-	/**
-	 * transition_disable - Transition Disable indication
-	 * The AP can notify authenticated stations to disable transition mode
-	 * in their network profiles when the network has completed transition
-	 * steps, i.e., once sufficiently large number of APs in the ESS have
-	 * been updated to support the more secure alternative. When this
-	 * indication is used, the stations are expected to automatically
-	 * disable transition mode and less secure security options. This
-	 * includes use of WEP, TKIP (including use of TKIP as the group
-	 * cipher), and connections without PMF.
-	 * Bitmap bits:
-	 * bit 0 (0x01): WPA3-Personal (i.e., disable WPA2-Personal = WPA-PSK
-	 *	and only allow SAE to be used)
-	 * bit 1 (0x02): SAE-PK (disable SAE without use of SAE-PK)
-	 * bit 2 (0x04): WPA3-Enterprise (move to requiring PMF)
-	 * bit 3 (0x08): Enhanced Open (disable use of open network; require
-	 *	OWE)
-	 */
-	u8 transition_disable;
-
-	/**
-	 * sae_pk - SAE-PK mode
-	 * 0 = automatic SAE/SAE-PK selection based on password; enable
-	 * transition mode (allow SAE authentication without SAE-PK)
-	 * 1 = SAE-PK only (disable transition mode; allow SAE authentication
-	 * only with SAE-PK)
-	 * 2 = disable SAE-PK (allow SAE authentication only without SAE-PK)
-	 */
-	enum sae_pk_mode sae_pk;
-
-	/**
-	 * was_recently_reconfigured - Whether this SSID config has been changed
-	 * recently
-	 *
-	 * This is an internally used variable, i.e., not used in external
-	 * configuration.
-	 */
-	bool was_recently_reconfigured;
-
-	/**
-	 * sae_pwe - SAE mechanism for PWE derivation
-	 *
-	 * Internally, special value 4 (DEFAULT_SAE_PWE) is used to indicate
-	 * that the parameter is not set and the global sae_pwe value needs to
-	 * be considered.
-	 *
-	 * 0 = hunting-and-pecking loop only
-	 * 1 = hash-to-element only
-	 * 2 = both hunting-and-pecking loop and hash-to-element enabled
-	 */
-	int sae_pwe;
-};
-
-#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/config_winreg.c b/wpa_supplicant/config_winreg.c
deleted file mode 100644
index 1b7f96ed2fb1..000000000000
--- a/wpa_supplicant/config_winreg.c
+++ /dev/null
@@ -1,1061 +0,0 @@
-/*
- * WPA Supplicant / Configuration backend: Windows registry
- * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * This file implements a configuration backend for Windows registry. All the
- * configuration information is stored in the registry and the format for
- * network configuration fields is same as described in the sample
- * configuration file, wpa_supplicant.conf.
- *
- * Configuration data is in
- * \a HKEY_LOCAL_MACHINE\\SOFTWARE\\%wpa_supplicant\\configs
- * key. Each configuration profile has its own key under this. In terms of text
- * files, each profile would map to a separate text file with possibly multiple
- * networks. Under each profile, there is a networks key that lists all
- * networks as a subkey. Each network has set of values in the same way as
- * network block in the configuration file. In addition, blobs subkey has
- * possible blobs as values.
- *
- * Example network configuration block:
- * \verbatim
-HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
-   ssid="example"
-   key_mgmt=WPA-PSK
-\endverbatim
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "uuid.h"
-#include "config.h"
-
-#ifndef WPA_KEY_ROOT
-#define WPA_KEY_ROOT HKEY_LOCAL_MACHINE
-#endif
-#ifndef WPA_KEY_PREFIX
-#define WPA_KEY_PREFIX TEXT("SOFTWARE\\wpa_supplicant")
-#endif
-
-#ifdef UNICODE
-#define TSTR "%S"
-#else /* UNICODE */
-#define TSTR "%s"
-#endif /* UNICODE */
-
-
-static int wpa_config_read_blobs(struct wpa_config *config, HKEY hk)
-{
-	struct wpa_config_blob *blob;
-	int errors = 0;
-	HKEY bhk;
-	LONG ret;
-	DWORD i;
-
-	ret = RegOpenKeyEx(hk, TEXT("blobs"), 0, KEY_QUERY_VALUE, &bhk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "Could not open wpa_supplicant config "
-			   "blobs key");
-		return 0; /* assume no blobs */
-	}
-
-	for (i = 0; ; i++) {
-#define TNAMELEN 255
-		TCHAR name[TNAMELEN];
-		char data[4096];
-		DWORD namelen, datalen, type;
-
-		namelen = TNAMELEN;
-		datalen = sizeof(data);
-		ret = RegEnumValue(bhk, i, name, &namelen, NULL, &type,
-				   (LPBYTE) data, &datalen);
-
-		if (ret == ERROR_NO_MORE_ITEMS)
-			break;
-
-		if (ret != ERROR_SUCCESS) {
-			wpa_printf(MSG_DEBUG, "RegEnumValue failed: 0x%x",
-				   (unsigned int) ret);
-			break;
-		}
-
-		if (namelen >= TNAMELEN)
-			namelen = TNAMELEN - 1;
-		name[namelen] = TEXT('\0');
-		wpa_unicode2ascii_inplace(name);
-
-		if (datalen >= sizeof(data))
-			datalen = sizeof(data) - 1;
-
-		wpa_printf(MSG_MSGDUMP, "blob %d: field='%s' len %d",
-			   (int) i, name, (int) datalen);
-
-		blob = os_zalloc(sizeof(*blob));
-		if (blob == NULL) {
-			errors++;
-			break;
-		}
-		blob->name = os_strdup((char *) name);
-		blob->data = os_memdup(data, datalen);
-		if (blob->name == NULL || blob->data == NULL) {
-			wpa_config_free_blob(blob);
-			errors++;
-			break;
-		}
-		blob->len = datalen;
-
-		wpa_config_set_blob(config, blob);
-	}
-
-	RegCloseKey(bhk);
-
-	return errors ? -1 : 0;
-}
-
-
-static int wpa_config_read_reg_dword(HKEY hk, const TCHAR *name, int *_val)
-{
-	DWORD val, buflen;
-	LONG ret;
-
-	buflen = sizeof(val);
-	ret = RegQueryValueEx(hk, name, NULL, NULL, (LPBYTE) &val, &buflen);
-	if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
-		wpa_printf(MSG_DEBUG, TSTR "=%d", name, (int) val);
-		*_val = val;
-		return 0;
-	}
-
-	return -1;
-}
-
-
-static char * wpa_config_read_reg_string(HKEY hk, const TCHAR *name)
-{
-	DWORD buflen;
-	LONG ret;
-	TCHAR *val;
-
-	buflen = 0;
-	ret = RegQueryValueEx(hk, name, NULL, NULL, NULL, &buflen);
-	if (ret != ERROR_SUCCESS)
-		return NULL;
-	val = os_malloc(buflen);
-	if (val == NULL)
-		return NULL;
-
-	ret = RegQueryValueEx(hk, name, NULL, NULL, (LPBYTE) val, &buflen);
-	if (ret != ERROR_SUCCESS) {
-		os_free(val);
-		return NULL;
-	}
-
-	wpa_unicode2ascii_inplace(val);
-	wpa_printf(MSG_DEBUG, TSTR "=%s", name, (char *) val);
-	return (char *) val;
-}
-
-
-#ifdef CONFIG_WPS
-static int wpa_config_read_global_uuid(struct wpa_config *config, HKEY hk)
-{
-	char *str;
-	int ret = 0;
-
-	str = wpa_config_read_reg_string(hk, TEXT("uuid"));
-	if (str == NULL)
-		return 0;
-
-	if (uuid_str2bin(str, config->uuid))
-		ret = -1;
-
-	os_free(str);
-
-	return ret;
-}
-
-
-static int wpa_config_read_global_os_version(struct wpa_config *config,
-					     HKEY hk)
-{
-	char *str;
-	int ret = 0;
-
-	str = wpa_config_read_reg_string(hk, TEXT("os_version"));
-	if (str == NULL)
-		return 0;
-
-	if (hexstr2bin(str, config->os_version, 4))
-		ret = -1;
-
-	os_free(str);
-
-	return ret;
-}
-#endif /* CONFIG_WPS */
-
-
-static int wpa_config_read_global(struct wpa_config *config, HKEY hk)
-{
-	int errors = 0;
-	int val;
-
-	wpa_config_read_reg_dword(hk, TEXT("ap_scan"), &config->ap_scan);
-	wpa_config_read_reg_dword(hk, TEXT("fast_reauth"),
-				  &config->fast_reauth);
-	wpa_config_read_reg_dword(hk, TEXT("dot11RSNAConfigPMKLifetime"),
-				  (int *) &config->dot11RSNAConfigPMKLifetime);
-	wpa_config_read_reg_dword(hk,
-				  TEXT("dot11RSNAConfigPMKReauthThreshold"),
-				  (int *)
-				  &config->dot11RSNAConfigPMKReauthThreshold);
-	wpa_config_read_reg_dword(hk, TEXT("dot11RSNAConfigSATimeout"),
-				  (int *) &config->dot11RSNAConfigSATimeout);
-	wpa_config_read_reg_dword(hk, TEXT("update_config"),
-				  &config->update_config);
-
-	if (wpa_config_read_reg_dword(hk, TEXT("eapol_version"),
-				      &config->eapol_version) == 0) {
-		if (config->eapol_version < 1 ||
-		    config->eapol_version > 2) {
-			wpa_printf(MSG_ERROR, "Invalid EAPOL version (%d)",
-				   config->eapol_version);
-			errors++;
-		}
-	}
-
-	config->ctrl_interface = wpa_config_read_reg_string(
-		hk, TEXT("ctrl_interface"));
-
-#ifdef CONFIG_WPS
-	if (wpa_config_read_global_uuid(config, hk))
-		errors++;
-	wpa_config_read_reg_dword(hk, TEXT("auto_uuid"), &config->auto_uuid);
-	config->device_name = wpa_config_read_reg_string(
-		hk, TEXT("device_name"));
-	config->manufacturer = wpa_config_read_reg_string(
-		hk, TEXT("manufacturer"));
-	config->model_name = wpa_config_read_reg_string(
-		hk, TEXT("model_name"));
-	config->serial_number = wpa_config_read_reg_string(
-		hk, TEXT("serial_number"));
-	{
-		char *t = wpa_config_read_reg_string(
-			hk, TEXT("device_type"));
-		if (t && wps_dev_type_str2bin(t, config->device_type))
-			errors++;
-		os_free(t);
-	}
-	config->config_methods = wpa_config_read_reg_string(
-		hk, TEXT("config_methods"));
-	if (wpa_config_read_global_os_version(config, hk))
-		errors++;
-	wpa_config_read_reg_dword(hk, TEXT("wps_cred_processing"),
-				  &config->wps_cred_processing);
-	wpa_config_read_reg_dword(hk, TEXT("wps_cred_add_sae"),
-				  &config->wps_cred_add_sae);
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	config->p2p_ssid_postfix = wpa_config_read_reg_string(
-		hk, TEXT("p2p_ssid_postfix"));
-	wpa_config_read_reg_dword(hk, TEXT("p2p_group_idle"),
-				  (int *) &config->p2p_group_idle);
-#endif /* CONFIG_P2P */
-
-	wpa_config_read_reg_dword(hk, TEXT("bss_max_count"),
-				  (int *) &config->bss_max_count);
-	wpa_config_read_reg_dword(hk, TEXT("filter_ssids"),
-				  &config->filter_ssids);
-	wpa_config_read_reg_dword(hk, TEXT("max_num_sta"),
-				  (int *) &config->max_num_sta);
-	wpa_config_read_reg_dword(hk, TEXT("disassoc_low_ack"),
-				  (int *) &config->disassoc_low_ack);
-
-	wpa_config_read_reg_dword(hk, TEXT("okc"), &config->okc);
-	wpa_config_read_reg_dword(hk, TEXT("pmf"), &val);
-	config->pmf = val;
-	if (wpa_config_read_reg_dword(hk, TEXT("extended_key_id"),
-				      &val) == 0) {
-		if (val < 0 || val > 1) {
-			wpa_printf(MSG_ERROR,
-				   "Invalid Extended Key ID setting (%d)", val);
-			errors++;
-		}
-		config->extended_key_id = val;
-	}
-
-	return errors ? -1 : 0;
-}
-
-
-static struct wpa_ssid * wpa_config_read_network(HKEY hk, const TCHAR *netw,
-						 int id)
-{
-	HKEY nhk;
-	LONG ret;
-	DWORD i;
-	struct wpa_ssid *ssid;
-	int errors = 0;
-
-	ret = RegOpenKeyEx(hk, netw, 0, KEY_QUERY_VALUE, &nhk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "Could not open wpa_supplicant config "
-			   "network '" TSTR "'", netw);
-		return NULL;
-	}
-
-	wpa_printf(MSG_MSGDUMP, "Start of a new network '" TSTR "'", netw);
-	ssid = os_zalloc(sizeof(*ssid));
-	if (ssid == NULL) {
-		RegCloseKey(nhk);
-		return NULL;
-	}
-	dl_list_init(&ssid->psk_list);
-	ssid->id = id;
-
-	wpa_config_set_network_defaults(ssid);
-
-	for (i = 0; ; i++) {
-		TCHAR name[255], data[1024];
-		DWORD namelen, datalen, type;
-
-		namelen = 255;
-		datalen = sizeof(data);
-		ret = RegEnumValue(nhk, i, name, &namelen, NULL, &type,
-				   (LPBYTE) data, &datalen);
-
-		if (ret == ERROR_NO_MORE_ITEMS)
-			break;
-
-		if (ret != ERROR_SUCCESS) {
-			wpa_printf(MSG_ERROR, "RegEnumValue failed: 0x%x",
-				   (unsigned int) ret);
-			break;
-		}
-
-		if (namelen >= 255)
-			namelen = 255 - 1;
-		name[namelen] = TEXT('\0');
-
-		if (datalen >= 1024)
-			datalen = 1024 - 1;
-		data[datalen] = TEXT('\0');
-
-		wpa_unicode2ascii_inplace(name);
-		wpa_unicode2ascii_inplace(data);
-		if (wpa_config_set(ssid, (char *) name, (char *) data, 0) < 0)
-			errors++;
-	}
-
-	RegCloseKey(nhk);
-
-	if (ssid->passphrase) {
-		if (ssid->psk_set) {
-			wpa_printf(MSG_ERROR, "Both PSK and passphrase "
-				   "configured for network '" TSTR "'.", netw);
-			errors++;
-		}
-		wpa_config_update_psk(ssid);
-	}
-
-	if ((ssid->group_cipher & WPA_CIPHER_CCMP) &&
-	    !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
-	    !(ssid->pairwise_cipher & WPA_CIPHER_NONE)) {
-		/* Group cipher cannot be stronger than the pairwise cipher. */
-		wpa_printf(MSG_DEBUG, "Removed CCMP from group cipher "
-			   "list since it was not allowed for pairwise "
-			   "cipher for network '" TSTR "'.", netw);
-		ssid->group_cipher &= ~WPA_CIPHER_CCMP;
-	}
-
-	if (errors) {
-		wpa_config_free_ssid(ssid);
-		ssid = NULL;
-	}
-
-	return ssid;
-}
-
-
-static int wpa_config_read_networks(struct wpa_config *config, HKEY hk)
-{
-	HKEY nhk;
-	struct wpa_ssid *ssid, *tail = NULL, *head = NULL;
-	int errors = 0;
-	LONG ret;
-	DWORD i;
-
-	ret = RegOpenKeyEx(hk, TEXT("networks"), 0, KEY_ENUMERATE_SUB_KEYS,
-			   &nhk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_ERROR, "Could not open wpa_supplicant networks "
-			   "registry key");
-		return -1;
-	}
-
-	for (i = 0; ; i++) {
-		TCHAR name[255];
-		DWORD namelen;
-
-		namelen = 255;
-		ret = RegEnumKeyEx(nhk, i, name, &namelen, NULL, NULL, NULL,
-				   NULL);
-
-		if (ret == ERROR_NO_MORE_ITEMS)
-			break;
-
-		if (ret != ERROR_SUCCESS) {
-			wpa_printf(MSG_DEBUG, "RegEnumKeyEx failed: 0x%x",
-				   (unsigned int) ret);
-			break;
-		}
-
-		if (namelen >= 255)
-			namelen = 255 - 1;
-		name[namelen] = '\0';
-
-		ssid = wpa_config_read_network(nhk, name, i);
-		if (ssid == NULL) {
-			wpa_printf(MSG_ERROR, "Failed to parse network "
-				   "profile '%s'.", name);
-			errors++;
-			continue;
-		}
-		if (head == NULL) {
-			head = tail = ssid;
-		} else {
-			tail->next = ssid;
-			tail = ssid;
-		}
-		if (wpa_config_add_prio_network(config, ssid)) {
-			wpa_printf(MSG_ERROR, "Failed to add network profile "
-				   "'%s' to priority list.", name);
-			errors++;
-			continue;
-		}
-	}
-
-	RegCloseKey(nhk);
-
-	config->ssid = head;
-
-	return errors ? -1 : 0;
-}
-
-
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
-{
-	TCHAR buf[256];
-	int errors = 0;
-	struct wpa_config *config;
-	HKEY hk;
-	LONG ret;
-
-	if (name == NULL)
-		return NULL;
-	if (cfgp)
-		config = cfgp;
-	else
-		config = wpa_config_alloc_empty(NULL, NULL);
-	if (config == NULL)
-		return NULL;
-	wpa_printf(MSG_DEBUG, "Reading configuration profile '%s'", name);
-
-#ifdef UNICODE
-	_snwprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%S"), name);
-#else /* UNICODE */
-	os_snprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%s"), name);
-#endif /* UNICODE */
-
-	ret = RegOpenKeyEx(WPA_KEY_ROOT, buf, 0, KEY_QUERY_VALUE, &hk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_ERROR, "Could not open wpa_supplicant "
-			   "configuration registry HKLM\\" TSTR, buf);
-		os_free(config);
-		return NULL;
-	}
-
-	if (wpa_config_read_global(config, hk))
-		errors++;
-
-	if (wpa_config_read_networks(config, hk))
-		errors++;
-
-	if (wpa_config_read_blobs(config, hk))
-		errors++;
-
-	wpa_config_debug_dump_networks(config);
-
-	RegCloseKey(hk);
-
-	if (errors) {
-		wpa_config_free(config);
-		config = NULL;
-	}
-
-	return config;
-}
-
-
-static int wpa_config_write_reg_dword(HKEY hk, const TCHAR *name, int val,
-				      int def)
-{
-	LONG ret;
-	DWORD _val = val;
-
-	if (val == def) {
-		RegDeleteValue(hk, name);
-		return 0;
-	}
-
-	ret = RegSetValueEx(hk, name, 0, REG_DWORD, (LPBYTE) &_val,
-			    sizeof(_val));
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_ERROR, "WINREG: Failed to set %s=%d: error %d",
-			   name, val, (int) GetLastError());
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpa_config_write_reg_string(HKEY hk, const char *name,
-				       const char *val)
-{
-	LONG ret;
-	TCHAR *_name, *_val;
-
-	_name = wpa_strdup_tchar(name);
-	if (_name == NULL)
-		return -1;
-
-	if (val == NULL) {
-		RegDeleteValue(hk, _name);
-		os_free(_name);
-		return 0;
-	}
-
-	_val = wpa_strdup_tchar(val);
-	if (_val == NULL) {
-		os_free(_name);
-		return -1;
-	}
-	ret = RegSetValueEx(hk, _name, 0, REG_SZ, (BYTE *) _val,
-			    (os_strlen(val) + 1) * sizeof(TCHAR));
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_ERROR, "WINREG: Failed to set %s='%s': "
-			   "error %d", name, val, (int) GetLastError());
-		os_free(_name);
-		os_free(_val);
-		return -1;
-	}
-
-	os_free(_name);
-	os_free(_val);
-	return 0;
-}
-
-
-static int wpa_config_write_global(struct wpa_config *config, HKEY hk)
-{
-#ifdef CONFIG_CTRL_IFACE
-	wpa_config_write_reg_string(hk, "ctrl_interface",
-				    config->ctrl_interface);
-#endif /* CONFIG_CTRL_IFACE */
-
-	wpa_config_write_reg_dword(hk, TEXT("eapol_version"),
-				   config->eapol_version,
-				   DEFAULT_EAPOL_VERSION);
-	wpa_config_write_reg_dword(hk, TEXT("ap_scan"), config->ap_scan,
-				   DEFAULT_AP_SCAN);
-	wpa_config_write_reg_dword(hk, TEXT("fast_reauth"),
-				   config->fast_reauth, DEFAULT_FAST_REAUTH);
-	wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigPMKLifetime"),
-				   config->dot11RSNAConfigPMKLifetime, 0);
-	wpa_config_write_reg_dword(hk,
-				   TEXT("dot11RSNAConfigPMKReauthThreshold"),
-				   config->dot11RSNAConfigPMKReauthThreshold,
-				   0);
-	wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigSATimeout"),
-				   config->dot11RSNAConfigSATimeout, 0);
-	wpa_config_write_reg_dword(hk, TEXT("update_config"),
-				   config->update_config,
-				   0);
-#ifdef CONFIG_WPS
-	if (!is_nil_uuid(config->uuid)) {
-		char buf[40];
-		uuid_bin2str(config->uuid, buf, sizeof(buf));
-		wpa_config_write_reg_string(hk, "uuid", buf);
-	}
-	wpa_config_write_reg_dword(hk, TEXT("auto_uuid"), config->auto_uuid,
-				   0);
-	wpa_config_write_reg_string(hk, "device_name", config->device_name);
-	wpa_config_write_reg_string(hk, "manufacturer", config->manufacturer);
-	wpa_config_write_reg_string(hk, "model_name", config->model_name);
-	wpa_config_write_reg_string(hk, "model_number", config->model_number);
-	wpa_config_write_reg_string(hk, "serial_number",
-				    config->serial_number);
-	{
-		char _buf[WPS_DEV_TYPE_BUFSIZE], *buf;
-		buf = wps_dev_type_bin2str(config->device_type,
-					   _buf, sizeof(_buf));
-		wpa_config_write_reg_string(hk, "device_type", buf);
-	}
-	wpa_config_write_reg_string(hk, "config_methods",
-				    config->config_methods);
-	if (WPA_GET_BE32(config->os_version)) {
-		char vbuf[10];
-		os_snprintf(vbuf, sizeof(vbuf), "%08x",
-			    WPA_GET_BE32(config->os_version));
-		wpa_config_write_reg_string(hk, "os_version", vbuf);
-	}
-	wpa_config_write_reg_dword(hk, TEXT("wps_cred_processing"),
-				   config->wps_cred_processing, 0);
-	wpa_config_write_reg_dword(hk, TEXT("wps_cred_add_sae"),
-				   config->wps_cred_add_sae, 0);
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	wpa_config_write_reg_string(hk, "p2p_ssid_postfix",
-				    config->p2p_ssid_postfix);
-	wpa_config_write_reg_dword(hk, TEXT("p2p_group_idle"),
-				   config->p2p_group_idle, 0);
-#endif /* CONFIG_P2P */
-
-	wpa_config_write_reg_dword(hk, TEXT("bss_max_count"),
-				   config->bss_max_count,
-				   DEFAULT_BSS_MAX_COUNT);
-	wpa_config_write_reg_dword(hk, TEXT("filter_ssids"),
-				   config->filter_ssids, 0);
-	wpa_config_write_reg_dword(hk, TEXT("max_num_sta"),
-				   config->max_num_sta, DEFAULT_MAX_NUM_STA);
-	wpa_config_write_reg_dword(hk, TEXT("ap_isolate"),
-				   config->ap_isolate, DEFAULT_AP_ISOLATE);
-	wpa_config_write_reg_dword(hk, TEXT("disassoc_low_ack"),
-				   config->disassoc_low_ack, 0);
-
-	wpa_config_write_reg_dword(hk, TEXT("okc"), config->okc, 0);
-	wpa_config_write_reg_dword(hk, TEXT("pmf"), config->pmf, 0);
-
-	wpa_config_write_reg_dword(hk, TEXT("external_sim"),
-				   config->external_sim, 0);
-
-	return 0;
-}
-
-
-static int wpa_config_delete_subkeys(HKEY hk, const TCHAR *key)
-{
-	HKEY nhk;
-	int i, errors = 0;
-	LONG ret;
-
-	ret = RegOpenKeyEx(hk, key, 0, KEY_ENUMERATE_SUB_KEYS | DELETE, &nhk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "WINREG: Could not open key '" TSTR
-			   "' for subkey deletion: error 0x%x (%d)", key,
-			   (unsigned int) ret, (int) GetLastError());
-		return 0;
-	}
-
-	for (i = 0; ; i++) {
-		TCHAR name[255];
-		DWORD namelen;
-
-		namelen = 255;
-		ret = RegEnumKeyEx(nhk, i, name, &namelen, NULL, NULL, NULL,
-				   NULL);
-
-		if (ret == ERROR_NO_MORE_ITEMS)
-			break;
-
-		if (ret != ERROR_SUCCESS) {
-			wpa_printf(MSG_DEBUG, "RegEnumKeyEx failed: 0x%x (%d)",
-				   (unsigned int) ret, (int) GetLastError());
-			break;
-		}
-
-		if (namelen >= 255)
-			namelen = 255 - 1;
-		name[namelen] = TEXT('\0');
-
-		ret = RegDeleteKey(nhk, name);
-		if (ret != ERROR_SUCCESS) {
-			wpa_printf(MSG_DEBUG, "RegDeleteKey failed: 0x%x (%d)",
-				   (unsigned int) ret, (int) GetLastError());
-			errors++;
-		}
-	}
-
-	RegCloseKey(nhk);
-
-	return errors ? -1 : 0;
-}
-
-
-static void write_str(HKEY hk, const char *field, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, field);
-	if (value == NULL)
-		return;
-	wpa_config_write_reg_string(hk, field, value);
-	os_free(value);
-}
-
-
-static void write_int(HKEY hk, const char *field, int value, int def)
-{
-	char val[20];
-	if (value == def)
-		return;
-	os_snprintf(val, sizeof(val), "%d", value);
-	wpa_config_write_reg_string(hk, field, val);
-}
-
-
-static void write_bssid(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, "bssid");
-	if (value == NULL)
-		return;
-	wpa_config_write_reg_string(hk, "bssid", value);
-	os_free(value);
-}
-
-
-static void write_psk(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value = wpa_config_get(ssid, "psk");
-	if (value == NULL)
-		return;
-	wpa_config_write_reg_string(hk, "psk", value);
-	os_free(value);
-}
-
-
-static void write_proto(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->proto == DEFAULT_PROTO)
-		return;
-
-	value = wpa_config_get(ssid, "proto");
-	if (value == NULL)
-		return;
-	if (value[0])
-		wpa_config_write_reg_string(hk, "proto", value);
-	os_free(value);
-}
-
-
-static void write_key_mgmt(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->key_mgmt == DEFAULT_KEY_MGMT)
-		return;
-
-	value = wpa_config_get(ssid, "key_mgmt");
-	if (value == NULL)
-		return;
-	if (value[0])
-		wpa_config_write_reg_string(hk, "key_mgmt", value);
-	os_free(value);
-}
-
-
-static void write_pairwise(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->pairwise_cipher == DEFAULT_PAIRWISE)
-		return;
-
-	value = wpa_config_get(ssid, "pairwise");
-	if (value == NULL)
-		return;
-	if (value[0])
-		wpa_config_write_reg_string(hk, "pairwise", value);
-	os_free(value);
-}
-
-
-static void write_group(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->group_cipher == DEFAULT_GROUP)
-		return;
-
-	value = wpa_config_get(ssid, "group");
-	if (value == NULL)
-		return;
-	if (value[0])
-		wpa_config_write_reg_string(hk, "group", value);
-	os_free(value);
-}
-
-
-static void write_auth_alg(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	if (ssid->auth_alg == 0)
-		return;
-
-	value = wpa_config_get(ssid, "auth_alg");
-	if (value == NULL)
-		return;
-	if (value[0])
-		wpa_config_write_reg_string(hk, "auth_alg", value);
-	os_free(value);
-}
-
-
-#ifdef IEEE8021X_EAPOL
-static void write_eap(HKEY hk, struct wpa_ssid *ssid)
-{
-	char *value;
-
-	value = wpa_config_get(ssid, "eap");
-	if (value == NULL)
-		return;
-
-	if (value[0])
-		wpa_config_write_reg_string(hk, "eap", value);
-	os_free(value);
-}
-#endif /* IEEE8021X_EAPOL */
-
-
-#ifdef CONFIG_WEP
-static void write_wep_key(HKEY hk, int idx, struct wpa_ssid *ssid)
-{
-	char field[20], *value;
-
-	os_snprintf(field, sizeof(field), "wep_key%d", idx);
-	value = wpa_config_get(ssid, field);
-	if (value) {
-		wpa_config_write_reg_string(hk, field, value);
-		os_free(value);
-	}
-}
-#endif /* CONFIG_WEP */
-
-
-static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
-{
-	int errors = 0;
-	HKEY nhk, netw;
-	LONG ret;
-	TCHAR name[5];
-
-	ret = RegOpenKeyEx(hk, TEXT("networks"), 0, KEY_CREATE_SUB_KEY, &nhk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "WINREG: Could not open networks key "
-			   "for subkey addition: error 0x%x (%d)",
-			   (unsigned int) ret, (int) GetLastError());
-		return 0;
-	}
-
-#ifdef UNICODE
-	wsprintf(name, L"%04d", id);
-#else /* UNICODE */
-	os_snprintf(name, sizeof(name), "%04d", id);
-#endif /* UNICODE */
-	ret = RegCreateKeyEx(nhk, name, 0, NULL, 0, KEY_WRITE, NULL, &netw,
-			     NULL);
-	RegCloseKey(nhk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "WINREG: Could not add network key '%s':"
-			   " error 0x%x (%d)",
-			   name, (unsigned int) ret, (int) GetLastError());
-		return -1;
-	}
-
-#define STR(t) write_str(netw, #t, ssid)
-#define INT(t) write_int(netw, #t, ssid->t, 0)
-#define INTe(t, m) write_int(netw, #t, ssid->eap.m, 0)
-#define INT_DEF(t, def) write_int(netw, #t, ssid->t, def)
-#define INT_DEFe(t, m, def) write_int(netw, #t, ssid->eap.m, def)
-
-	STR(ssid);
-	INT(scan_ssid);
-	write_bssid(netw, ssid);
-	write_psk(netw, ssid);
-	STR(sae_password);
-	STR(sae_password_id);
-	write_proto(netw, ssid);
-	write_key_mgmt(netw, ssid);
-	write_pairwise(netw, ssid);
-	write_group(netw, ssid);
-	write_auth_alg(netw, ssid);
-#ifdef IEEE8021X_EAPOL
-	write_eap(netw, ssid);
-	STR(identity);
-	STR(anonymous_identity);
-	STR(imsi_identity);
-	STR(password);
-	STR(ca_cert);
-	STR(ca_path);
-	STR(client_cert);
-	STR(private_key);
-	STR(private_key_passwd);
-	STR(dh_file);
-	STR(subject_match);
-	STR(check_cert_subject);
-	STR(altsubject_match);
-	STR(ca_cert2);
-	STR(ca_path2);
-	STR(client_cert2);
-	STR(private_key2);
-	STR(private_key2_passwd);
-	STR(dh_file2);
-	STR(subject_match2);
-	STR(check_cert_subject2);
-	STR(altsubject_match2);
-	STR(phase1);
-	STR(phase2);
-	STR(pcsc);
-	STR(pin);
-	STR(engine_id);
-	STR(key_id);
-	STR(cert_id);
-	STR(ca_cert_id);
-	STR(key2_id);
-	STR(pin2);
-	STR(engine2_id);
-	STR(cert2_id);
-	STR(ca_cert2_id);
-	INTe(engine, cert.engine);
-	INTe(engine2, phase2_cert.engine);
-	INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_WEP
-	{
-		int i;
-
-		for (i = 0; i < 4; i++)
-			write_wep_key(netw, i, ssid);
-		INT(wep_tx_keyidx);
-	}
-#endif /* CONFIG_WEP */
-	INT(priority);
-#ifdef IEEE8021X_EAPOL
-	INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
-	STR(pac_file);
-	INT_DEFe(fragment_size, fragment_size, DEFAULT_FRAGMENT_SIZE);
-#endif /* IEEE8021X_EAPOL */
-	INT(mode);
-	write_int(netw, "proactive_key_caching", ssid->proactive_key_caching,
-		  -1);
-	INT(disabled);
-	write_int(netw, "ieee80211w", ssid->ieee80211w,
-		  MGMT_FRAME_PROTECTION_DEFAULT);
-	STR(id_str);
-#ifdef CONFIG_HS20
-	INT(update_identifier);
-#endif /* CONFIG_HS20 */
-	INT(group_rekey);
-	INT(ft_eap_pmksa_caching);
-
-#undef STR
-#undef INT
-#undef INT_DEF
-
-	RegCloseKey(netw);
-
-	return errors ? -1 : 0;
-}
-
-
-static int wpa_config_write_blob(HKEY hk, struct wpa_config_blob *blob)
-{
-	HKEY bhk;
-	LONG ret;
-	TCHAR *name;
-
-	ret = RegCreateKeyEx(hk, TEXT("blobs"), 0, NULL, 0, KEY_WRITE, NULL,
-			     &bhk, NULL);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "WINREG: Could not add blobs key: "
-			   "error 0x%x (%d)",
-			   (unsigned int) ret, (int) GetLastError());
-		return -1;
-	}
-
-	name = wpa_strdup_tchar(blob->name);
-	ret = RegSetValueEx(bhk, name, 0, REG_BINARY, blob->data,
-			    blob->len);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_ERROR, "WINREG: Failed to set blob %s': "
-			   "error 0x%x (%d)", blob->name, (unsigned int) ret,
-			   (int) GetLastError());
-		RegCloseKey(bhk);
-		os_free(name);
-		return -1;
-	}
-	os_free(name);
-
-	RegCloseKey(bhk);
-
-	return 0;
-}
-
-
-int wpa_config_write(const char *name, struct wpa_config *config)
-{
-	TCHAR buf[256];
-	HKEY hk;
-	LONG ret;
-	int errors = 0;
-	struct wpa_ssid *ssid;
-	struct wpa_config_blob *blob;
-	int id;
-
-	wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
-
-#ifdef UNICODE
-	_snwprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%S"), name);
-#else /* UNICODE */
-	os_snprintf(buf, 256, WPA_KEY_PREFIX TEXT("\\configs\\%s"), name);
-#endif /* UNICODE */
-
-	ret = RegOpenKeyEx(WPA_KEY_ROOT, buf, 0, KEY_SET_VALUE | DELETE, &hk);
-	if (ret != ERROR_SUCCESS) {
-		wpa_printf(MSG_ERROR, "Could not open wpa_supplicant "
-			   "configuration registry %s: error %d", buf,
-			   (int) GetLastError());
-		return -1;
-	}
-
-	if (wpa_config_write_global(config, hk)) {
-		wpa_printf(MSG_ERROR, "Failed to write global configuration "
-			   "data");
-		errors++;
-	}
-
-	wpa_config_delete_subkeys(hk, TEXT("networks"));
-	for (ssid = config->ssid, id = 0; ssid; ssid = ssid->next, id++) {
-		if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
-			continue; /* do not save temporary WPS networks */
-		if (wpa_config_write_network(hk, ssid, id))
-			errors++;
-	}
-
-	RegDeleteKey(hk, TEXT("blobs"));
-	for (blob = config->blobs; blob; blob = blob->next) {
-		if (wpa_config_write_blob(hk, blob))
-			errors++;
-	}
-
-	RegCloseKey(hk);
-
-	wpa_printf(MSG_DEBUG, "Configuration '%s' written %ssuccessfully",
-		   name, errors ? "un" : "");
-	return errors ? -1 : 0;
-}
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
deleted file mode 100644
index bcd67fca3e12..000000000000
--- a/wpa_supplicant/ctrl_iface.c
+++ /dev/null
@@ -1,13103 +0,0 @@
-/*
- * WPA Supplicant / Control interface (shared code for all backends)
- * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#ifdef CONFIG_TESTING_OPTIONS
-#include <netinet/ip.h>
-#endif /* CONFIG_TESTING_OPTIONS */
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/uuid.h"
-#include "utils/module_tests.h"
-#include "common/version.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/wpa_ctrl.h"
-#ifdef CONFIG_DPP
-#include "common/dpp.h"
-#endif /* CONFIG_DPP */
-#include "common/ptksa_cache.h"
-#include "crypto/tls.h"
-#include "ap/hostapd.h"
-#include "eap_peer/eap.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/preauth.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "l2_packet/l2_packet.h"
-#include "wps/wps.h"
-#include "fst/fst.h"
-#include "fst/fst_ctrl_iface.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "wps_supplicant.h"
-#include "ibss_rsn.h"
-#include "wpas_glue.h"
-#include "ap.h"
-#include "p2p_supplicant.h"
-#include "p2p/p2p.h"
-#include "hs20_supplicant.h"
-#include "wifi_display.h"
-#include "notify.h"
-#include "bss.h"
-#include "scan.h"
-#include "ctrl_iface.h"
-#include "interworking.h"
-#include "bssid_ignore.h"
-#include "autoscan.h"
-#include "wnm_sta.h"
-#include "offchannel.h"
-#include "drivers/driver.h"
-#include "mesh.h"
-#include "dpp_supplicant.h"
-#include "sme.h"
-
-#ifdef __NetBSD__
-#include <net/if_ether.h>
-#elif !defined(__CYGWIN__) && !defined(CONFIG_NATIVE_WINDOWS)
-#include <net/ethernet.h>
-#endif
-
-static int wpa_supplicant_global_iface_list(struct wpa_global *global,
-					    char *buf, int len);
-static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
-						  const char *input,
-						  char *buf, int len);
-static int * freq_range_to_channel_list(struct wpa_supplicant *wpa_s,
-					char *val);
-
-
-static int set_bssid_filter(struct wpa_supplicant *wpa_s, char *val)
-{
-	char *pos;
-	u8 addr[ETH_ALEN], *filter = NULL, *n;
-	size_t count = 0;
-
-	pos = val;
-	while (pos) {
-		if (*pos == '\0')
-			break;
-		if (hwaddr_aton(pos, addr)) {
-			os_free(filter);
-			return -1;
-		}
-		n = os_realloc_array(filter, count + 1, ETH_ALEN);
-		if (n == NULL) {
-			os_free(filter);
-			return -1;
-		}
-		filter = n;
-		os_memcpy(filter + count * ETH_ALEN, addr, ETH_ALEN);
-		count++;
-
-		pos = os_strchr(pos, ' ');
-		if (pos)
-			pos++;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "bssid_filter", filter, count * ETH_ALEN);
-	os_free(wpa_s->bssid_filter);
-	wpa_s->bssid_filter = filter;
-	wpa_s->bssid_filter_count = count;
-
-	return 0;
-}
-
-
-static int set_disallow_aps(struct wpa_supplicant *wpa_s, char *val)
-{
-	char *pos;
-	u8 addr[ETH_ALEN], *bssid = NULL, *n;
-	struct wpa_ssid_value *ssid = NULL, *ns;
-	size_t count = 0, ssid_count = 0;
-	struct wpa_ssid *c;
-
-	/*
-	 * disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | ""
-	 * SSID_SPEC ::= ssid <SSID_HEX>
-	 * BSSID_SPEC ::= bssid <BSSID_HEX>
-	 */
-
-	pos = val;
-	while (pos) {
-		if (*pos == '\0')
-			break;
-		if (os_strncmp(pos, "bssid ", 6) == 0) {
-			int res;
-			pos += 6;
-			res = hwaddr_aton2(pos, addr);
-			if (res < 0) {
-				os_free(ssid);
-				os_free(bssid);
-				wpa_printf(MSG_DEBUG, "Invalid disallow_aps "
-					   "BSSID value '%s'", pos);
-				return -1;
-			}
-			pos += res;
-			n = os_realloc_array(bssid, count + 1, ETH_ALEN);
-			if (n == NULL) {
-				os_free(ssid);
-				os_free(bssid);
-				return -1;
-			}
-			bssid = n;
-			os_memcpy(bssid + count * ETH_ALEN, addr, ETH_ALEN);
-			count++;
-		} else if (os_strncmp(pos, "ssid ", 5) == 0) {
-			char *end;
-			pos += 5;
-
-			end = pos;
-			while (*end) {
-				if (*end == '\0' || *end == ' ')
-					break;
-				end++;
-			}
-
-			ns = os_realloc_array(ssid, ssid_count + 1,
-					      sizeof(struct wpa_ssid_value));
-			if (ns == NULL) {
-				os_free(ssid);
-				os_free(bssid);
-				return -1;
-			}
-			ssid = ns;
-
-			if ((end - pos) & 0x01 ||
-			    end - pos > 2 * SSID_MAX_LEN ||
-			    hexstr2bin(pos, ssid[ssid_count].ssid,
-				       (end - pos) / 2) < 0) {
-				os_free(ssid);
-				os_free(bssid);
-				wpa_printf(MSG_DEBUG, "Invalid disallow_aps "
-					   "SSID value '%s'", pos);
-				return -1;
-			}
-			ssid[ssid_count].ssid_len = (end - pos) / 2;
-			wpa_hexdump_ascii(MSG_DEBUG, "disallow_aps SSID",
-					  ssid[ssid_count].ssid,
-					  ssid[ssid_count].ssid_len);
-			ssid_count++;
-			pos = end;
-		} else {
-			wpa_printf(MSG_DEBUG, "Unexpected disallow_aps value "
-				   "'%s'", pos);
-			os_free(ssid);
-			os_free(bssid);
-			return -1;
-		}
-
-		pos = os_strchr(pos, ' ');
-		if (pos)
-			pos++;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "disallow_aps_bssid", bssid, count * ETH_ALEN);
-	os_free(wpa_s->disallow_aps_bssid);
-	wpa_s->disallow_aps_bssid = bssid;
-	wpa_s->disallow_aps_bssid_count = count;
-
-	wpa_printf(MSG_DEBUG, "disallow_aps_ssid_count %d", (int) ssid_count);
-	os_free(wpa_s->disallow_aps_ssid);
-	wpa_s->disallow_aps_ssid = ssid;
-	wpa_s->disallow_aps_ssid_count = ssid_count;
-
-	if (!wpa_s->current_ssid || wpa_s->wpa_state < WPA_AUTHENTICATING)
-		return 0;
-
-	c = wpa_s->current_ssid;
-	if (c->mode != WPAS_MODE_INFRA && c->mode != WPAS_MODE_IBSS)
-		return 0;
-
-	if (!disallowed_bssid(wpa_s, wpa_s->bssid) &&
-	    !disallowed_ssid(wpa_s, c->ssid, c->ssid_len))
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "Disconnect and try to find another network "
-		   "because current AP was marked disallowed");
-
-#ifdef CONFIG_SME
-	wpa_s->sme.prev_bssid_set = 0;
-#endif /* CONFIG_SME */
-	wpa_s->reassociate = 1;
-	wpa_s->own_disconnect_req = 1;
-	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-
-	return 0;
-}
-
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-static int wpas_ctrl_set_blob(struct wpa_supplicant *wpa_s, char *pos)
-{
-	char *name = pos;
-	struct wpa_config_blob *blob;
-	size_t len;
-
-	pos = os_strchr(pos, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-	len = os_strlen(pos);
-	if (len & 1)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "CTRL: Set blob '%s'", name);
-	blob = os_zalloc(sizeof(*blob));
-	if (blob == NULL)
-		return -1;
-	blob->name = os_strdup(name);
-	blob->data = os_malloc(len / 2);
-	if (blob->name == NULL || blob->data == NULL) {
-		wpa_config_free_blob(blob);
-		return -1;
-	}
-
-	if (hexstr2bin(pos, blob->data, len / 2) < 0) {
-		wpa_printf(MSG_DEBUG, "CTRL: Invalid blob hex data");
-		wpa_config_free_blob(blob);
-		return -1;
-	}
-	blob->len = len / 2;
-
-	wpa_config_set_blob(wpa_s->conf, blob);
-
-	return 0;
-}
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-
-static int wpas_ctrl_pno(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *params;
-	char *pos;
-	int *freqs = NULL;
-	int ret;
-
-	if (atoi(cmd)) {
-		params = os_strchr(cmd, ' ');
-		os_free(wpa_s->manual_sched_scan_freqs);
-		if (params) {
-			params++;
-			pos = os_strstr(params, "freq=");
-			if (pos)
-				freqs = freq_range_to_channel_list(wpa_s,
-								   pos + 5);
-		}
-		wpa_s->manual_sched_scan_freqs = freqs;
-		ret = wpas_start_pno(wpa_s);
-	} else {
-		ret = wpas_stop_pno(wpa_s);
-	}
-	return ret;
-}
-
-
-static int wpas_ctrl_set_band(struct wpa_supplicant *wpa_s, char *bands)
-{
-	union wpa_event_data event;
-	u32 setband_mask = WPA_SETBAND_AUTO;
-
-	/*
-	 * For example:
-	 *  SET setband 2G,6G
-	 *  SET setband 5G
-	 *  SET setband AUTO
-	 */
-	if (!os_strstr(bands, "AUTO")) {
-		if (os_strstr(bands, "5G"))
-			setband_mask |= WPA_SETBAND_5G;
-		if (os_strstr(bands, "6G"))
-			setband_mask |= WPA_SETBAND_6G;
-		if (os_strstr(bands, "2G"))
-			setband_mask |= WPA_SETBAND_2G;
-		if (setband_mask == WPA_SETBAND_AUTO)
-			return -1;
-	}
-
-	wpa_s->setband_mask = setband_mask;
-	if (wpa_drv_setband(wpa_s, wpa_s->setband_mask) == 0) {
-		os_memset(&event, 0, sizeof(event));
-		event.channel_list_changed.initiator = REGDOM_SET_BY_USER;
-		event.channel_list_changed.type = REGDOM_TYPE_UNKNOWN;
-		wpa_supplicant_event(wpa_s, EVENT_CHANNEL_LIST_CHANGED, &event);
-	}
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_set_lci(struct wpa_supplicant *wpa_s,
-				   const char *cmd)
-{
-	struct wpabuf *lci;
-
-	if (*cmd == '\0' || os_strcmp(cmd, "\"\"") == 0) {
-		wpabuf_free(wpa_s->lci);
-		wpa_s->lci = NULL;
-		return 0;
-	}
-
-	lci = wpabuf_parse_bin(cmd);
-	if (!lci)
-		return -1;
-
-	if (os_get_reltime(&wpa_s->lci_time)) {
-		wpabuf_free(lci);
-		return -1;
-	}
-
-	wpabuf_free(wpa_s->lci);
-	wpa_s->lci = lci;
-
-	return 0;
-}
-
-
-static int
-wpas_ctrl_set_relative_rssi(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	int relative_rssi;
-
-	if (os_strcmp(cmd, "disable") == 0) {
-		wpa_s->srp.relative_rssi_set = 0;
-		return 0;
-	}
-
-	relative_rssi = atoi(cmd);
-	if (relative_rssi < 0 || relative_rssi > 100)
-		return -1;
-	wpa_s->srp.relative_rssi = relative_rssi;
-	wpa_s->srp.relative_rssi_set = 1;
-	return 0;
-}
-
-
-static int wpas_ctrl_set_relative_band_adjust(struct wpa_supplicant *wpa_s,
-					      const char *cmd)
-{
-	char *pos;
-	int adjust_rssi;
-
-	/* <band>:adjust_value */
-	pos = os_strchr(cmd, ':');
-	if (!pos)
-		return -1;
-	pos++;
-	adjust_rssi = atoi(pos);
-	if (adjust_rssi < -100 || adjust_rssi > 100)
-		return -1;
-
-	if (os_strncmp(cmd, "2G", 2) == 0)
-		wpa_s->srp.relative_adjust_band = WPA_SETBAND_2G;
-	else if (os_strncmp(cmd, "5G", 2) == 0)
-		wpa_s->srp.relative_adjust_band = WPA_SETBAND_5G;
-	else
-		return -1;
-
-	wpa_s->srp.relative_adjust_rssi = adjust_rssi;
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_set_ric_ies(struct wpa_supplicant *wpa_s,
-				   const char *cmd)
-{
-	struct wpabuf *ric_ies;
-
-	if (*cmd == '\0' || os_strcmp(cmd, "\"\"") == 0) {
-		wpabuf_free(wpa_s->ric_ies);
-		wpa_s->ric_ies = NULL;
-		return 0;
-	}
-
-	ric_ies = wpabuf_parse_bin(cmd);
-	if (!ric_ies)
-		return -1;
-
-	wpabuf_free(wpa_s->ric_ies);
-	wpa_s->ric_ies = ric_ies;
-
-	return 0;
-}
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-static int wpas_ctrl_iface_set_dso(struct wpa_supplicant *wpa_s,
-				   const char *val)
-{
-	u8 bssid[ETH_ALEN];
-	const char *pos = val;
-	struct driver_signal_override *dso = NULL, *tmp, parsed;
-
-	if (hwaddr_aton(pos, bssid))
-		return -1;
-	pos = os_strchr(pos, ' ');
-
-	dl_list_for_each(tmp, &wpa_s->drv_signal_override,
-			 struct driver_signal_override, list) {
-		if (os_memcmp(bssid, tmp->bssid, ETH_ALEN) == 0) {
-			dso = tmp;
-			break;
-		}
-	}
-
-	if (!pos) {
-		/* Remove existing entry */
-		if (dso) {
-			dl_list_del(&dso->list);
-			os_free(dso);
-		}
-		return 0;
-	}
-	pos++;
-
-	/* Update an existing entry or add a new one */
-	os_memset(&parsed, 0, sizeof(parsed));
-	if (sscanf(pos, "%d %d %d %d %d",
-		   &parsed.si_current_signal,
-		   &parsed.si_avg_signal,
-		   &parsed.si_avg_beacon_signal,
-		   &parsed.si_current_noise,
-		   &parsed.scan_level) != 5)
-		return -1;
-
-	if (!dso) {
-		dso = os_zalloc(sizeof(*dso));
-		if (!dso)
-			return -1;
-		os_memcpy(dso->bssid, bssid, ETH_ALEN);
-		dl_list_add(&wpa_s->drv_signal_override, &dso->list);
-	}
-	dso->si_current_signal = parsed.si_current_signal;
-	dso->si_avg_signal = parsed.si_avg_signal;
-	dso->si_avg_beacon_signal = parsed.si_avg_beacon_signal;
-	dso->si_current_noise = parsed.si_current_noise;
-	dso->scan_level = parsed.scan_level;
-
-	return 0;
-}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-
-static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
-					 char *cmd)
-{
-	char *value;
-	int ret = 0;
-
-	value = os_strchr(cmd, ' ');
-	if (value == NULL)
-		return -1;
-	*value++ = '\0';
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE SET '%s'='%s'", cmd, value);
-	if (os_strcasecmp(cmd, "EAPOL::heldPeriod") == 0) {
-		eapol_sm_configure(wpa_s->eapol,
-				   atoi(value), -1, -1, -1);
-	} else if (os_strcasecmp(cmd, "EAPOL::authPeriod") == 0) {
-		eapol_sm_configure(wpa_s->eapol,
-				   -1, atoi(value), -1, -1);
-	} else if (os_strcasecmp(cmd, "EAPOL::startPeriod") == 0) {
-		eapol_sm_configure(wpa_s->eapol,
-				   -1, -1, atoi(value), -1);
-	} else if (os_strcasecmp(cmd, "EAPOL::maxStart") == 0) {
-		eapol_sm_configure(wpa_s->eapol,
-				   -1, -1, -1, atoi(value));
-#ifdef CONFIG_TESTING_OPTIONS
-	} else if (os_strcasecmp(cmd, "EAPOL::portControl") == 0) {
-		if (os_strcmp(value, "Auto") == 0)
-			eapol_sm_notify_portControl(wpa_s->eapol, Auto);
-		else if (os_strcmp(value, "ForceUnauthorized") == 0)
-			eapol_sm_notify_portControl(wpa_s->eapol,
-						    ForceUnauthorized);
-		else if (os_strcmp(value, "ForceAuthorized") == 0)
-			eapol_sm_notify_portControl(wpa_s->eapol,
-						    ForceAuthorized);
-		else
-			ret = -1;
-#endif /* CONFIG_TESTING_OPTIONS */
-	} else if (os_strcasecmp(cmd, "dot11RSNAConfigPMKLifetime") == 0) {
-		if (wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
-				     atoi(value))) {
-			ret = -1;
-		} else {
-			value[-1] = '=';
-			wpa_config_process_global(wpa_s->conf, cmd, -1);
-		}
-	} else if (os_strcasecmp(cmd, "dot11RSNAConfigPMKReauthThreshold") ==
-		   0) {
-		if (wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
-				     atoi(value))) {
-			ret = -1;
-		} else {
-			value[-1] = '=';
-			wpa_config_process_global(wpa_s->conf, cmd, -1);
-		}
-	} else if (os_strcasecmp(cmd, "dot11RSNAConfigSATimeout") == 0) {
-		if (wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
-				     atoi(value))) {
-			ret = -1;
-		} else {
-			value[-1] = '=';
-			wpa_config_process_global(wpa_s->conf, cmd, -1);
-		}
-	} else if (os_strcasecmp(cmd, "wps_fragment_size") == 0) {
-		wpa_s->wps_fragment_size = atoi(value);
-#ifdef CONFIG_WPS_TESTING
-	} else if (os_strcasecmp(cmd, "wps_version_number") == 0) {
-		long int val;
-		val = strtol(value, NULL, 0);
-		if (val < 0 || val > 0xff) {
-			ret = -1;
-			wpa_printf(MSG_DEBUG, "WPS: Invalid "
-				   "wps_version_number %ld", val);
-		} else {
-			wps_version_number = val;
-			wpa_printf(MSG_DEBUG, "WPS: Testing - force WPS "
-				   "version %u.%u",
-				   (wps_version_number & 0xf0) >> 4,
-				   wps_version_number & 0x0f);
-		}
-	} else if (os_strcasecmp(cmd, "wps_testing_stub_cred") == 0) {
-		wps_testing_stub_cred = atoi(value);
-		wpa_printf(MSG_DEBUG, "WPS: Testing - stub_cred=%d",
-			   wps_testing_stub_cred);
-	} else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) {
-		wps_corrupt_pkhash = atoi(value);
-		wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
-			   wps_corrupt_pkhash);
-	} else if (os_strcasecmp(cmd, "wps_force_auth_types") == 0) {
-		if (value[0] == '\0') {
-			wps_force_auth_types_in_use = 0;
-		} else {
-			wps_force_auth_types = strtol(value, NULL, 0);
-			wps_force_auth_types_in_use = 1;
-		}
-	} else if (os_strcasecmp(cmd, "wps_force_encr_types") == 0) {
-		if (value[0] == '\0') {
-			wps_force_encr_types_in_use = 0;
-		} else {
-			wps_force_encr_types = strtol(value, NULL, 0);
-			wps_force_encr_types_in_use = 1;
-		}
-#endif /* CONFIG_WPS_TESTING */
-	} else if (os_strcasecmp(cmd, "ampdu") == 0) {
-		if (wpa_drv_ampdu(wpa_s, atoi(value)) < 0)
-			ret = -1;
-#ifdef CONFIG_TDLS
-#ifdef CONFIG_TDLS_TESTING
-	} else if (os_strcasecmp(cmd, "tdls_testing") == 0) {
-		tdls_testing = strtol(value, NULL, 0);
-		wpa_printf(MSG_DEBUG, "TDLS: tdls_testing=0x%x", tdls_testing);
-#endif /* CONFIG_TDLS_TESTING */
-	} else if (os_strcasecmp(cmd, "tdls_disabled") == 0) {
-		int disabled = atoi(value);
-		wpa_printf(MSG_DEBUG, "TDLS: tdls_disabled=%d", disabled);
-		if (disabled) {
-			if (wpa_drv_tdls_oper(wpa_s, TDLS_DISABLE, NULL) < 0)
-				ret = -1;
-		} else if (wpa_drv_tdls_oper(wpa_s, TDLS_ENABLE, NULL) < 0)
-			ret = -1;
-		wpa_tdls_enable(wpa_s->wpa, !disabled);
-#endif /* CONFIG_TDLS */
-	} else if (os_strcasecmp(cmd, "pno") == 0) {
-		ret = wpas_ctrl_pno(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "radio_disabled") == 0) {
-		int disabled = atoi(value);
-		if (wpa_drv_radio_disable(wpa_s, disabled) < 0)
-			ret = -1;
-		else if (disabled)
-			wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
-	} else if (os_strcasecmp(cmd, "uapsd") == 0) {
-		if (os_strcmp(value, "disable") == 0)
-			wpa_s->set_sta_uapsd = 0;
-		else {
-			int be, bk, vi, vo;
-			char *pos;
-			/* format: BE,BK,VI,VO;max SP Length */
-			be = atoi(value);
-			pos = os_strchr(value, ',');
-			if (pos == NULL)
-				return -1;
-			pos++;
-			bk = atoi(pos);
-			pos = os_strchr(pos, ',');
-			if (pos == NULL)
-				return -1;
-			pos++;
-			vi = atoi(pos);
-			pos = os_strchr(pos, ',');
-			if (pos == NULL)
-				return -1;
-			pos++;
-			vo = atoi(pos);
-			/* ignore max SP Length for now */
-
-			wpa_s->set_sta_uapsd = 1;
-			wpa_s->sta_uapsd = 0;
-			if (be)
-				wpa_s->sta_uapsd |= BIT(0);
-			if (bk)
-				wpa_s->sta_uapsd |= BIT(1);
-			if (vi)
-				wpa_s->sta_uapsd |= BIT(2);
-			if (vo)
-				wpa_s->sta_uapsd |= BIT(3);
-		}
-	} else if (os_strcasecmp(cmd, "ps") == 0) {
-		ret = wpa_drv_set_p2p_powersave(wpa_s, atoi(value), -1, -1);
-#ifdef CONFIG_WIFI_DISPLAY
-	} else if (os_strcasecmp(cmd, "wifi_display") == 0) {
-		int enabled = !!atoi(value);
-		if (enabled && !wpa_s->global->p2p)
-			ret = -1;
-		else
-			wifi_display_enable(wpa_s->global, enabled);
-#endif /* CONFIG_WIFI_DISPLAY */
-	} else if (os_strcasecmp(cmd, "bssid_filter") == 0) {
-		ret = set_bssid_filter(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "disallow_aps") == 0) {
-		ret = set_disallow_aps(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "no_keep_alive") == 0) {
-		wpa_s->no_keep_alive = !!atoi(value);
-#ifdef CONFIG_DPP
-	} else if (os_strcasecmp(cmd, "dpp_configurator_params") == 0) {
-		os_free(wpa_s->dpp_configurator_params);
-		wpa_s->dpp_configurator_params = os_strdup(value);
-	} else if (os_strcasecmp(cmd, "dpp_init_max_tries") == 0) {
-		wpa_s->dpp_init_max_tries = atoi(value);
-	} else if (os_strcasecmp(cmd, "dpp_init_retry_time") == 0) {
-		wpa_s->dpp_init_retry_time = atoi(value);
-	} else if (os_strcasecmp(cmd, "dpp_resp_wait_time") == 0) {
-		wpa_s->dpp_resp_wait_time = atoi(value);
-	} else if (os_strcasecmp(cmd, "dpp_resp_max_tries") == 0) {
-		wpa_s->dpp_resp_max_tries = atoi(value);
-	} else if (os_strcasecmp(cmd, "dpp_resp_retry_time") == 0) {
-		wpa_s->dpp_resp_retry_time = atoi(value);
-#ifdef CONFIG_TESTING_OPTIONS
-	} else if (os_strcasecmp(cmd, "dpp_pkex_own_mac_override") == 0) {
-		if (hwaddr_aton(value, dpp_pkex_own_mac_override))
-			ret = -1;
-	} else if (os_strcasecmp(cmd, "dpp_pkex_peer_mac_override") == 0) {
-		if (hwaddr_aton(value, dpp_pkex_peer_mac_override))
-			ret = -1;
-	} else if (os_strcasecmp(cmd, "dpp_pkex_ephemeral_key_override") == 0) {
-		size_t hex_len = os_strlen(value);
-
-		if (hex_len >
-		    2 * sizeof(dpp_pkex_ephemeral_key_override))
-			ret = -1;
-		else if (hexstr2bin(value, dpp_pkex_ephemeral_key_override,
-				    hex_len / 2))
-			ret = -1;
-		else
-			dpp_pkex_ephemeral_key_override_len = hex_len / 2;
-	} else if (os_strcasecmp(cmd, "dpp_protocol_key_override") == 0) {
-		size_t hex_len = os_strlen(value);
-
-		if (hex_len > 2 * sizeof(dpp_protocol_key_override))
-			ret = -1;
-		else if (hexstr2bin(value, dpp_protocol_key_override,
-				    hex_len / 2))
-			ret = -1;
-		else
-			dpp_protocol_key_override_len = hex_len / 2;
-	} else if (os_strcasecmp(cmd, "dpp_nonce_override") == 0) {
-		size_t hex_len = os_strlen(value);
-
-		if (hex_len > 2 * sizeof(dpp_nonce_override))
-			ret = -1;
-		else if (hexstr2bin(value, dpp_nonce_override, hex_len / 2))
-			ret = -1;
-		else
-			dpp_nonce_override_len = hex_len / 2;
-	} else if (os_strcasecmp(cmd, "dpp_version_override") == 0) {
-		dpp_version_override = atoi(value);
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_DPP */
-#ifdef CONFIG_TESTING_OPTIONS
-	} else if (os_strcasecmp(cmd, "ext_mgmt_frame_handling") == 0) {
-		wpa_s->ext_mgmt_frame_handling = !!atoi(value);
-	} else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) {
-		wpa_s->ext_eapol_frame_io = !!atoi(value);
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface) {
-			wpa_s->ap_iface->bss[0]->ext_eapol_frame_io =
-				wpa_s->ext_eapol_frame_io;
-		}
-#endif /* CONFIG_AP */
-	} else if (os_strcasecmp(cmd, "extra_roc_dur") == 0) {
-		wpa_s->extra_roc_dur = atoi(value);
-	} else if (os_strcasecmp(cmd, "test_failure") == 0) {
-		wpa_s->test_failure = atoi(value);
-	} else if (os_strcasecmp(cmd, "p2p_go_csa_on_inv") == 0) {
-		wpa_s->p2p_go_csa_on_inv = !!atoi(value);
-	} else if (os_strcasecmp(cmd, "ignore_auth_resp") == 0) {
-		wpa_s->ignore_auth_resp = !!atoi(value);
-	} else if (os_strcasecmp(cmd, "ignore_assoc_disallow") == 0) {
-		wpa_s->ignore_assoc_disallow = !!atoi(value);
-		wpa_drv_ignore_assoc_disallow(wpa_s,
-					      wpa_s->ignore_assoc_disallow);
-	} else if (os_strcasecmp(cmd, "disable_sa_query") == 0) {
-		wpa_s->disable_sa_query = !!atoi(value);
-	} else if (os_strcasecmp(cmd, "ignore_sae_h2e_only") == 0) {
-		wpa_s->ignore_sae_h2e_only = !!atoi(value);
-	} else if (os_strcasecmp(cmd, "extra_sae_rejected_groups") == 0) {
-		char *pos;
-
-		os_free(wpa_s->extra_sae_rejected_groups);
-		wpa_s->extra_sae_rejected_groups = NULL;
-		pos = value;
-		while (pos && pos[0]) {
-			int group;
-
-			group = atoi(pos);
-			wpa_printf(MSG_DEBUG,
-				   "TESTING: Extra rejection of SAE group %d",
-				   group);
-			if (group)
-				int_array_add_unique(
-					&wpa_s->extra_sae_rejected_groups,
-					group);
-			pos = os_strchr(pos, ' ');
-			if (!pos)
-				break;
-			pos++;
-		}
-	} else if (os_strcasecmp(cmd, "ft_rsnxe_used") == 0) {
-		wpa_s->ft_rsnxe_used = atoi(value);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_eapol") == 0) {
-		wpa_s->oci_freq_override_eapol = atoi(value);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_saquery_req") == 0) {
-		wpa_s->oci_freq_override_saquery_req = atoi(value);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_saquery_resp") == 0) {
-		wpa_s->oci_freq_override_saquery_resp = atoi(value);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_eapol_g2") == 0) {
-		wpa_s->oci_freq_override_eapol_g2 = atoi(value);
-		/* Populate value to wpa_sm if already associated. */
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
-				 wpa_s->oci_freq_override_eapol_g2);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_ft_assoc") == 0) {
-		wpa_s->oci_freq_override_ft_assoc = atoi(value);
-		/* Populate value to wpa_sm if already associated. */
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
-				 wpa_s->oci_freq_override_ft_assoc);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_fils_assoc") == 0) {
-		wpa_s->oci_freq_override_fils_assoc = atoi(value);
-	} else if (os_strcasecmp(cmd, "oci_freq_override_wnm_sleep") == 0) {
-		wpa_s->oci_freq_override_wnm_sleep = atoi(value);
-	} else if (os_strcasecmp(cmd, "rsne_override_eapol") == 0) {
-		wpabuf_free(wpa_s->rsne_override_eapol);
-		if (os_strcmp(value, "NULL") == 0)
-			wpa_s->rsne_override_eapol = NULL;
-		else
-			wpa_s->rsne_override_eapol = wpabuf_parse_bin(value);
-	} else if (os_strcasecmp(cmd, "rsnxe_override_assoc") == 0) {
-		wpabuf_free(wpa_s->rsnxe_override_assoc);
-		if (os_strcmp(value, "NULL") == 0)
-			wpa_s->rsnxe_override_assoc = NULL;
-		else
-			wpa_s->rsnxe_override_assoc = wpabuf_parse_bin(value);
-	} else if (os_strcasecmp(cmd, "rsnxe_override_eapol") == 0) {
-		wpabuf_free(wpa_s->rsnxe_override_eapol);
-		if (os_strcmp(value, "NULL") == 0)
-			wpa_s->rsnxe_override_eapol = NULL;
-		else
-			wpa_s->rsnxe_override_eapol = wpabuf_parse_bin(value);
-	} else if (os_strcasecmp(cmd, "reject_btm_req_reason") == 0) {
-		wpa_s->reject_btm_req_reason = atoi(value);
-	} else if (os_strcasecmp(cmd, "get_pref_freq_list_override") == 0) {
-		os_free(wpa_s->get_pref_freq_list_override);
-		if (!value[0])
-			wpa_s->get_pref_freq_list_override = NULL;
-		else
-			wpa_s->get_pref_freq_list_override = os_strdup(value);
-	} else if (os_strcasecmp(cmd, "sae_commit_override") == 0) {
-		wpabuf_free(wpa_s->sae_commit_override);
-		if (value[0] == '\0')
-			wpa_s->sae_commit_override = NULL;
-		else
-			wpa_s->sae_commit_override = wpabuf_parse_bin(value);
-	} else if (os_strcasecmp(cmd, "driver_signal_override") == 0) {
-		ret = wpas_ctrl_iface_set_dso(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "disable_scs_support") == 0) {
-		wpa_s->disable_scs_support = !!atoi(value);
-	} else if (os_strcasecmp(cmd, "disable_mscs_support") == 0) {
-		wpa_s->disable_mscs_support = !!atoi(value);
-#ifdef CONFIG_DPP
-	} else if (os_strcasecmp(cmd, "dpp_config_obj_override") == 0) {
-		os_free(wpa_s->dpp_config_obj_override);
-		if (value[0] == '\0')
-			wpa_s->dpp_config_obj_override = NULL;
-		else
-			wpa_s->dpp_config_obj_override = os_strdup(value);
-	} else if (os_strcasecmp(cmd, "dpp_discovery_override") == 0) {
-		os_free(wpa_s->dpp_discovery_override);
-		if (value[0] == '\0')
-			wpa_s->dpp_discovery_override = NULL;
-		else
-			wpa_s->dpp_discovery_override = os_strdup(value);
-	} else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
-		os_free(wpa_s->dpp_groups_override);
-		if (value[0] == '\0')
-			wpa_s->dpp_groups_override = NULL;
-		else
-			wpa_s->dpp_groups_override = os_strdup(value);
-	} else if (os_strcasecmp(cmd,
-				 "dpp_ignore_netaccesskey_mismatch") == 0) {
-		wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value);
-	} else if (os_strcasecmp(cmd, "dpp_test") == 0) {
-		dpp_test = atoi(value);
-#endif /* CONFIG_DPP */
-#endif /* CONFIG_TESTING_OPTIONS */
-#ifdef CONFIG_FILS
-	} else if (os_strcasecmp(cmd, "disable_fils") == 0) {
-		wpa_s->disable_fils = !!atoi(value);
-		wpa_drv_disable_fils(wpa_s, wpa_s->disable_fils);
-		wpa_supplicant_set_default_scan_ies(wpa_s);
-#endif /* CONFIG_FILS */
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	} else if (os_strcmp(cmd, "blob") == 0) {
-		ret = wpas_ctrl_set_blob(wpa_s, value);
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-	} else if (os_strcasecmp(cmd, "setband") == 0) {
-		ret = wpas_ctrl_set_band(wpa_s, value);
-#ifdef CONFIG_MBO
-	} else if (os_strcasecmp(cmd, "non_pref_chan") == 0) {
-		ret = wpas_mbo_update_non_pref_chan(wpa_s, value);
-		if (ret == 0) {
-			value[-1] = '=';
-			wpa_config_process_global(wpa_s->conf, cmd, -1);
-		}
-	} else if (os_strcasecmp(cmd, "mbo_cell_capa") == 0) {
-		wpas_mbo_update_cell_capa(wpa_s, atoi(value));
-	} else if (os_strcasecmp(cmd, "oce") == 0) {
-		wpa_s->conf->oce = atoi(value);
-		if (wpa_s->conf->oce) {
-			if ((wpa_s->conf->oce & OCE_STA) &&
-			    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
-				wpa_s->enable_oce = OCE_STA;
-
-			if ((wpa_s->conf->oce & OCE_STA_CFON) &&
-			    (wpa_s->drv_flags &
-			     WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
-				/* TODO: Need to add STA-CFON support */
-				wpa_printf(MSG_ERROR,
-					   "OCE STA-CFON feature is not yet supported");
-				return -1;
-			}
-		} else {
-			wpa_s->enable_oce = 0;
-		}
-		wpa_supplicant_set_default_scan_ies(wpa_s);
-#endif /* CONFIG_MBO */
-	} else if (os_strcasecmp(cmd, "lci") == 0) {
-		ret = wpas_ctrl_iface_set_lci(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "tdls_trigger_control") == 0) {
-		ret = wpa_drv_set_tdls_mode(wpa_s, atoi(value));
-	} else if (os_strcasecmp(cmd, "relative_rssi") == 0) {
-		ret = wpas_ctrl_set_relative_rssi(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "relative_band_adjust") == 0) {
-		ret = wpas_ctrl_set_relative_band_adjust(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "ric_ies") == 0) {
-		ret = wpas_ctrl_iface_set_ric_ies(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "roaming") == 0) {
-		ret = wpa_drv_roaming(wpa_s, atoi(value), NULL);
-#ifdef CONFIG_WNM
-	} else if (os_strcasecmp(cmd, "coloc_intf_elems") == 0) {
-		struct wpabuf *elems;
-
-		elems = wpabuf_parse_bin(value);
-		if (!elems)
-			return -1;
-		wnm_set_coloc_intf_elems(wpa_s, elems);
-#endif /* CONFIG_WNM */
-	} else if (os_strcasecmp(cmd, "enable_dscp_policy_capa") == 0) {
-		wpa_s->enable_dscp_policy_capa = !!atoi(value);
-	} else {
-		value[-1] = '=';
-		ret = wpa_config_process_global(wpa_s->conf, cmd, -1);
-		if (ret == 0)
-			wpa_supplicant_update_config(wpa_s);
-		else if (ret == 1)
-			ret = 0;
-	}
-
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_get(struct wpa_supplicant *wpa_s,
-					 char *cmd, char *buf, size_t buflen)
-{
-	int res = -1;
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE GET '%s'", cmd);
-
-	if (os_strcmp(cmd, "version") == 0) {
-		res = os_snprintf(buf, buflen, "%s", VERSION_STR);
-	} else if (os_strcasecmp(cmd, "max_command_len") == 0) {
-		res = os_snprintf(buf, buflen, "%u", CTRL_IFACE_MAX_LEN);
-	} else if (os_strcasecmp(cmd, "country") == 0) {
-		if (wpa_s->conf->country[0] && wpa_s->conf->country[1])
-			res = os_snprintf(buf, buflen, "%c%c",
-					  wpa_s->conf->country[0],
-					  wpa_s->conf->country[1]);
-#ifdef CONFIG_WIFI_DISPLAY
-	} else if (os_strcasecmp(cmd, "wifi_display") == 0) {
-		int enabled;
-		if (wpa_s->global->p2p == NULL ||
-		    wpa_s->global->p2p_disabled)
-			enabled = 0;
-		else
-			enabled = wpa_s->global->wifi_display;
-		res = os_snprintf(buf, buflen, "%d", enabled);
-#endif /* CONFIG_WIFI_DISPLAY */
-#ifdef CONFIG_TESTING_GET_GTK
-	} else if (os_strcmp(cmd, "gtk") == 0) {
-		if (wpa_s->last_gtk_len == 0)
-			return -1;
-		res = wpa_snprintf_hex(buf, buflen, wpa_s->last_gtk,
-				       wpa_s->last_gtk_len);
-		return res;
-#endif /* CONFIG_TESTING_GET_GTK */
-	} else if (os_strcmp(cmd, "tls_library") == 0) {
-		res = tls_get_library_version(buf, buflen);
-#ifdef CONFIG_TESTING_OPTIONS
-	} else if (os_strcmp(cmd, "anonce") == 0) {
-		return wpa_snprintf_hex(buf, buflen,
-					wpa_sm_get_anonce(wpa_s->wpa),
-					WPA_NONCE_LEN);
-	} else if (os_strcasecmp(cmd, "last_tk_key_idx") == 0) {
-		res = os_snprintf(buf, buflen, "%d", wpa_s->last_tk_key_idx);
-#endif /* CONFIG_TESTING_OPTIONS */
-	} else {
-		res = wpa_config_get_value(cmd, wpa_s->conf, buf, buflen);
-	}
-
-	if (os_snprintf_error(buflen, res))
-		return -1;
-	return res;
-}
-
-
-#ifdef IEEE8021X_EAPOL
-static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
-					     char *addr)
-{
-	u8 bssid[ETH_ALEN];
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (hwaddr_aton(addr, bssid)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE PREAUTH: invalid address "
-			   "'%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE PREAUTH " MACSTR, MAC2STR(bssid));
-	rsn_preauth_deinit(wpa_s->wpa);
-	if (rsn_preauth_init(wpa_s->wpa, bssid, ssid ? &ssid->eap : NULL))
-		return -1;
-
-	return 0;
-}
-#endif /* IEEE8021X_EAPOL */
-
-
-#ifdef CONFIG_TDLS
-
-static int wpa_supplicant_ctrl_iface_tdls_discover(
-	struct wpa_supplicant *wpa_s, char *addr)
-{
-	u8 peer[ETH_ALEN];
-	int ret;
-
-	if (hwaddr_aton(addr, peer)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_DISCOVER: invalid "
-			   "address '%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_DISCOVER " MACSTR,
-		   MAC2STR(peer));
-
-	if (wpa_tdls_is_external_setup(wpa_s->wpa))
-		ret = wpa_tdls_send_discovery_request(wpa_s->wpa, peer);
-	else
-		ret = wpa_drv_tdls_oper(wpa_s, TDLS_DISCOVERY_REQ, peer);
-
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_tdls_setup(
-	struct wpa_supplicant *wpa_s, char *addr)
-{
-	u8 peer[ETH_ALEN];
-	int ret;
-
-	if (hwaddr_aton(addr, peer)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_SETUP: invalid "
-			   "address '%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_SETUP " MACSTR,
-		   MAC2STR(peer));
-
-	if ((wpa_s->conf->tdls_external_control) &&
-	    wpa_tdls_is_external_setup(wpa_s->wpa))
-		return wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
-
-	wpa_tdls_remove(wpa_s->wpa, peer);
-
-	if (wpa_tdls_is_external_setup(wpa_s->wpa))
-		ret = wpa_tdls_start(wpa_s->wpa, peer);
-	else
-		ret = wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
-
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_tdls_teardown(
-	struct wpa_supplicant *wpa_s, char *addr)
-{
-	u8 peer[ETH_ALEN];
-	int ret;
-
-	if (os_strcmp(addr, "*") == 0) {
-		/* remove everyone */
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN *");
-		wpa_tdls_teardown_peers(wpa_s->wpa);
-		return 0;
-	}
-
-	if (hwaddr_aton(addr, peer)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN: invalid "
-			   "address '%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN " MACSTR,
-		   MAC2STR(peer));
-
-	if ((wpa_s->conf->tdls_external_control) &&
-	    wpa_tdls_is_external_setup(wpa_s->wpa))
-		return wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, peer);
-
-	if (wpa_tdls_is_external_setup(wpa_s->wpa))
-		ret = wpa_tdls_teardown_link(
-			wpa_s->wpa, peer,
-			WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
-	else
-		ret = wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, peer);
-
-	return ret;
-}
-
-
-static int ctrl_iface_get_capability_tdls(
-	struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
-{
-	int ret;
-
-	ret = os_snprintf(buf, buflen, "%s\n",
-			  wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT ?
-			  (wpa_s->drv_flags &
-			   WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP ?
-			   "EXTERNAL" : "INTERNAL") : "UNSUPPORTED");
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_tdls_chan_switch(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 peer[ETH_ALEN];
-	struct hostapd_freq_params freq_params;
-	u8 oper_class;
-	char *pos, *end;
-
-	if (!wpa_tdls_is_external_setup(wpa_s->wpa)) {
-		wpa_printf(MSG_INFO,
-			   "tdls_chanswitch: Only supported with external setup");
-		return -1;
-	}
-
-	os_memset(&freq_params, 0, sizeof(freq_params));
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	oper_class = strtol(pos, &end, 10);
-	if (pos == end) {
-		wpa_printf(MSG_INFO,
-			   "tdls_chanswitch: Invalid op class provided");
-		return -1;
-	}
-
-	pos = end;
-	freq_params.freq = atoi(pos);
-	if (freq_params.freq == 0) {
-		wpa_printf(MSG_INFO, "tdls_chanswitch: Invalid freq provided");
-		return -1;
-	}
-
-#define SET_FREQ_SETTING(str) \
-	do { \
-		const char *pos2 = os_strstr(pos, " " #str "="); \
-		if (pos2) { \
-			pos2 += sizeof(" " #str "=") - 1; \
-			freq_params.str = atoi(pos2); \
-		} \
-	} while (0)
-
-	SET_FREQ_SETTING(center_freq1);
-	SET_FREQ_SETTING(center_freq2);
-	SET_FREQ_SETTING(bandwidth);
-	SET_FREQ_SETTING(sec_channel_offset);
-#undef SET_FREQ_SETTING
-
-	freq_params.ht_enabled = !!os_strstr(pos, " ht");
-	freq_params.vht_enabled = !!os_strstr(pos, " vht");
-
-	if (hwaddr_aton(cmd, peer)) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL_IFACE TDLS_CHAN_SWITCH: Invalid address '%s'",
-			   cmd);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_CHAN_SWITCH " MACSTR
-		   " OP CLASS %d FREQ %d CENTER1 %d CENTER2 %d BW %d SEC_OFFSET %d%s%s",
-		   MAC2STR(peer), oper_class, freq_params.freq,
-		   freq_params.center_freq1, freq_params.center_freq2,
-		   freq_params.bandwidth, freq_params.sec_channel_offset,
-		   freq_params.ht_enabled ? " HT" : "",
-		   freq_params.vht_enabled ? " VHT" : "");
-
-	return wpa_tdls_enable_chan_switch(wpa_s->wpa, peer, oper_class,
-					   &freq_params);
-}
-
-
-static int wpa_supplicant_ctrl_iface_tdls_cancel_chan_switch(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 peer[ETH_ALEN];
-
-	if (!wpa_tdls_is_external_setup(wpa_s->wpa)) {
-		wpa_printf(MSG_INFO,
-			   "tdls_chanswitch: Only supported with external setup");
-		return -1;
-	}
-
-	if (hwaddr_aton(cmd, peer)) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL_IFACE TDLS_CANCEL_CHAN_SWITCH: Invalid address '%s'",
-			   cmd);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_CANCEL_CHAN_SWITCH " MACSTR,
-		   MAC2STR(peer));
-
-	return wpa_tdls_disable_chan_switch(wpa_s->wpa, peer);
-}
-
-
-static int wpa_supplicant_ctrl_iface_tdls_link_status(
-	struct wpa_supplicant *wpa_s, const char *addr,
-	char *buf, size_t buflen)
-{
-	u8 peer[ETH_ALEN];
-	const char *tdls_status;
-	int ret;
-
-	if (hwaddr_aton(addr, peer)) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL_IFACE TDLS_LINK_STATUS: Invalid address '%s'",
-			   addr);
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_LINK_STATUS " MACSTR,
-		   MAC2STR(peer));
-
-	tdls_status = wpa_tdls_get_link_status(wpa_s->wpa, peer);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_LINK_STATUS: %s", tdls_status);
-	ret = os_snprintf(buf, buflen, "TDLS link status: %s\n", tdls_status);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-
-	return ret;
-}
-
-#endif /* CONFIG_TDLS */
-
-
-static int wmm_ac_ctrl_addts(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *token, *context = NULL;
-	struct wmm_ac_ts_setup_params params = {
-		.tsid = 0xff,
-		.direction = 0xff,
-	};
-
-	while ((token = str_token(cmd, " ", &context))) {
-		if (sscanf(token, "tsid=%i", &params.tsid) == 1 ||
-		    sscanf(token, "up=%i", &params.user_priority) == 1 ||
-		    sscanf(token, "nominal_msdu_size=%i",
-			   &params.nominal_msdu_size) == 1 ||
-		    sscanf(token, "mean_data_rate=%i",
-			   &params.mean_data_rate) == 1 ||
-		    sscanf(token, "min_phy_rate=%i",
-			   &params.minimum_phy_rate) == 1 ||
-		    sscanf(token, "sba=%i",
-			   &params.surplus_bandwidth_allowance) == 1)
-			continue;
-
-		if (os_strcasecmp(token, "downlink") == 0) {
-			params.direction = WMM_TSPEC_DIRECTION_DOWNLINK;
-		} else if (os_strcasecmp(token, "uplink") == 0) {
-			params.direction = WMM_TSPEC_DIRECTION_UPLINK;
-		} else if (os_strcasecmp(token, "bidi") == 0) {
-			params.direction = WMM_TSPEC_DIRECTION_BI_DIRECTIONAL;
-		} else if (os_strcasecmp(token, "fixed_nominal_msdu") == 0) {
-			params.fixed_nominal_msdu = 1;
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "CTRL: Invalid WMM_AC_ADDTS parameter: '%s'",
-				   token);
-			return -1;
-		}
-
-	}
-
-	return wpas_wmm_ac_addts(wpa_s, &params);
-}
-
-
-static int wmm_ac_ctrl_delts(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 tsid = atoi(cmd);
-
-	return wpas_wmm_ac_delts(wpa_s, tsid);
-}
-
-
-#ifdef CONFIG_IEEE80211R
-static int wpa_supplicant_ctrl_iface_ft_ds(
-	struct wpa_supplicant *wpa_s, char *addr)
-{
-	u8 target_ap[ETH_ALEN];
-	struct wpa_bss *bss;
-	const u8 *mdie;
-
-	if (hwaddr_aton(addr, target_ap)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE FT_DS: invalid "
-			   "address '%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE FT_DS " MACSTR, MAC2STR(target_ap));
-
-	bss = wpa_bss_get_bssid(wpa_s, target_ap);
-	if (bss)
-		mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
-	else
-		mdie = NULL;
-
-	return wpa_ft_start_over_ds(wpa_s->wpa, target_ap, mdie);
-}
-#endif /* CONFIG_IEEE80211R */
-
-
-#ifdef CONFIG_WPS
-static int wpa_supplicant_ctrl_iface_wps_pbc(struct wpa_supplicant *wpa_s,
-					     char *cmd)
-{
-	u8 bssid[ETH_ALEN], *_bssid = bssid;
-#ifdef CONFIG_P2P
-	u8 p2p_dev_addr[ETH_ALEN];
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_AP
-	u8 *_p2p_dev_addr = NULL;
-#endif /* CONFIG_AP */
-	char *pos;
-	int multi_ap = 0;
-
-	if (!cmd || os_strcmp(cmd, "any") == 0 ||
-	    os_strncmp(cmd, "any ", 4) == 0) {
-		_bssid = NULL;
-#ifdef CONFIG_P2P
-	} else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
-		if (hwaddr_aton(cmd + 13, p2p_dev_addr)) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PBC: invalid "
-				   "P2P Device Address '%s'",
-				   cmd + 13);
-			return -1;
-		}
-		_p2p_dev_addr = p2p_dev_addr;
-#endif /* CONFIG_P2P */
-	} else if (os_strncmp(cmd, "multi_ap=", 9) == 0) {
-		_bssid = NULL;
-		multi_ap = atoi(cmd + 9);
-	} else if (hwaddr_aton(cmd, bssid)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PBC: invalid BSSID '%s'",
-			   cmd);
-		return -1;
-	}
-
-	if (cmd) {
-		pos = os_strstr(cmd, " multi_ap=");
-		if (pos) {
-			pos += 10;
-			multi_ap = atoi(pos);
-		}
-	}
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface)
-		return wpa_supplicant_ap_wps_pbc(wpa_s, _bssid, _p2p_dev_addr);
-#endif /* CONFIG_AP */
-
-	return wpas_wps_start_pbc(wpa_s, _bssid, 0, multi_ap);
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
-					     char *cmd, char *buf,
-					     size_t buflen)
-{
-	u8 bssid[ETH_ALEN], *_bssid = bssid;
-	char *pin;
-	int ret;
-
-	pin = os_strchr(cmd, ' ');
-	if (pin)
-		*pin++ = '\0';
-
-	if (os_strcmp(cmd, "any") == 0)
-		_bssid = NULL;
-	else if (os_strcmp(cmd, "get") == 0) {
-		if (wps_generate_pin((unsigned int *) &ret) < 0)
-			return -1;
-		goto done;
-	} else if (hwaddr_aton(cmd, bssid)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PIN: invalid BSSID '%s'",
-			   cmd);
-		return -1;
-	}
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		int timeout = 0;
-		char *pos;
-
-		if (pin) {
-			pos = os_strchr(pin, ' ');
-			if (pos) {
-				*pos++ = '\0';
-				timeout = atoi(pos);
-			}
-		}
-
-		return wpa_supplicant_ap_wps_pin(wpa_s, _bssid, pin,
-						 buf, buflen, timeout);
-	}
-#endif /* CONFIG_AP */
-
-	if (pin) {
-		ret = wpas_wps_start_pin(wpa_s, _bssid, pin, 0,
-					 DEV_PW_DEFAULT);
-		if (ret < 0)
-			return -1;
-		ret = os_snprintf(buf, buflen, "%s", pin);
-		if (os_snprintf_error(buflen, ret))
-			return -1;
-		return ret;
-	}
-
-	ret = wpas_wps_start_pin(wpa_s, _bssid, NULL, 0, DEV_PW_DEFAULT);
-	if (ret < 0)
-		return -1;
-
-done:
-	/* Return the generated PIN */
-	ret = os_snprintf(buf, buflen, "%08d", ret);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_check_pin(
-	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
-{
-	char pin[9];
-	size_t len;
-	char *pos;
-	int ret;
-
-	wpa_hexdump_ascii_key(MSG_DEBUG, "WPS_CHECK_PIN",
-			      (u8 *) cmd, os_strlen(cmd));
-	for (pos = cmd, len = 0; *pos != '\0'; pos++) {
-		if (*pos < '0' || *pos > '9')
-			continue;
-		pin[len++] = *pos;
-		if (len == 9) {
-			wpa_printf(MSG_DEBUG, "WPS: Too long PIN");
-			return -1;
-		}
-	}
-	if (len != 4 && len != 8) {
-		wpa_printf(MSG_DEBUG, "WPS: Invalid PIN length %d", (int) len);
-		return -1;
-	}
-	pin[len] = '\0';
-
-	if (len == 8) {
-		unsigned int pin_val;
-		pin_val = atoi(pin);
-		if (!wps_pin_valid(pin_val)) {
-			wpa_printf(MSG_DEBUG, "WPS: Invalid checksum digit");
-			ret = os_snprintf(buf, buflen, "FAIL-CHECKSUM\n");
-			if (os_snprintf_error(buflen, ret))
-				return -1;
-			return ret;
-		}
-	}
-
-	ret = os_snprintf(buf, buflen, "%s", pin);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-
-	return ret;
-}
-
-
-#ifdef CONFIG_WPS_NFC
-
-static int wpa_supplicant_ctrl_iface_wps_nfc(struct wpa_supplicant *wpa_s,
-					     char *cmd)
-{
-	u8 bssid[ETH_ALEN], *_bssid = bssid;
-
-	if (cmd == NULL || cmd[0] == '\0')
-		_bssid = NULL;
-	else if (hwaddr_aton(cmd, bssid))
-		return -1;
-
-	return wpas_wps_start_nfc(wpa_s, NULL, _bssid, NULL, 0, 0, NULL, NULL,
-				  0, 0);
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_nfc_config_token(
-	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
-{
-	int ndef;
-	struct wpabuf *buf;
-	int res;
-	char *pos;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos)
-		*pos++ = '\0';
-	if (os_strcmp(cmd, "WPS") == 0)
-		ndef = 0;
-	else if (os_strcmp(cmd, "NDEF") == 0)
-		ndef = 1;
-	else
-		return -1;
-
-	buf = wpas_wps_nfc_config_token(wpa_s, ndef, pos);
-	if (buf == NULL)
-		return -1;
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_nfc_token(
-	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
-{
-	int ndef;
-	struct wpabuf *buf;
-	int res;
-
-	if (os_strcmp(cmd, "WPS") == 0)
-		ndef = 0;
-	else if (os_strcmp(cmd, "NDEF") == 0)
-		ndef = 1;
-	else
-		return -1;
-
-	buf = wpas_wps_nfc_token(wpa_s, ndef);
-	if (buf == NULL)
-		return -1;
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_nfc_tag_read(
-	struct wpa_supplicant *wpa_s, char *pos)
-{
-	size_t len;
-	struct wpabuf *buf;
-	int ret;
-	char *freq;
-	int forced_freq = 0;
-
-	freq = strstr(pos, " freq=");
-	if (freq) {
-		*freq = '\0';
-		freq += 6;
-		forced_freq = atoi(freq);
-	}
-
-	len = os_strlen(pos);
-	if (len & 0x01)
-		return -1;
-	len /= 2;
-
-	buf = wpabuf_alloc(len);
-	if (buf == NULL)
-		return -1;
-	if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) {
-		wpabuf_free(buf);
-		return -1;
-	}
-
-	ret = wpas_wps_nfc_tag_read(wpa_s, buf, forced_freq);
-	wpabuf_free(buf);
-
-	return ret;
-}
-
-
-static int wpas_ctrl_nfc_get_handover_req_wps(struct wpa_supplicant *wpa_s,
-					      char *reply, size_t max_len,
-					      int ndef)
-{
-	struct wpabuf *buf;
-	int res;
-
-	buf = wpas_wps_nfc_handover_req(wpa_s, ndef);
-	if (buf == NULL)
-		return -1;
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-
-
-#ifdef CONFIG_P2P
-static int wpas_ctrl_nfc_get_handover_req_p2p(struct wpa_supplicant *wpa_s,
-					      char *reply, size_t max_len,
-					      int ndef)
-{
-	struct wpabuf *buf;
-	int res;
-
-	buf = wpas_p2p_nfc_handover_req(wpa_s, ndef);
-	if (buf == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Could not generate NFC handover request");
-		return -1;
-	}
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-#endif /* CONFIG_P2P */
-
-
-static int wpas_ctrl_nfc_get_handover_req(struct wpa_supplicant *wpa_s,
-					  char *cmd, char *reply,
-					  size_t max_len)
-{
-	char *pos;
-	int ndef;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (os_strcmp(cmd, "WPS") == 0)
-		ndef = 0;
-	else if (os_strcmp(cmd, "NDEF") == 0)
-		ndef = 1;
-	else
-		return -1;
-
-	if (os_strcmp(pos, "WPS") == 0 || os_strcmp(pos, "WPS-CR") == 0) {
-		if (!ndef)
-			return -1;
-		return wpas_ctrl_nfc_get_handover_req_wps(
-			wpa_s, reply, max_len, ndef);
-	}
-
-#ifdef CONFIG_P2P
-	if (os_strcmp(pos, "P2P-CR") == 0) {
-		return wpas_ctrl_nfc_get_handover_req_p2p(
-			wpa_s, reply, max_len, ndef);
-	}
-#endif /* CONFIG_P2P */
-
-	return -1;
-}
-
-
-static int wpas_ctrl_nfc_get_handover_sel_wps(struct wpa_supplicant *wpa_s,
-					      char *reply, size_t max_len,
-					      int ndef, int cr, char *uuid)
-{
-	struct wpabuf *buf;
-	int res;
-
-	buf = wpas_wps_nfc_handover_sel(wpa_s, ndef, cr, uuid);
-	if (buf == NULL)
-		return -1;
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-
-
-#ifdef CONFIG_P2P
-static int wpas_ctrl_nfc_get_handover_sel_p2p(struct wpa_supplicant *wpa_s,
-					      char *reply, size_t max_len,
-					      int ndef, int tag)
-{
-	struct wpabuf *buf;
-	int res;
-
-	buf = wpas_p2p_nfc_handover_sel(wpa_s, ndef, tag);
-	if (buf == NULL)
-		return -1;
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-#endif /* CONFIG_P2P */
-
-
-static int wpas_ctrl_nfc_get_handover_sel(struct wpa_supplicant *wpa_s,
-					  char *cmd, char *reply,
-					  size_t max_len)
-{
-	char *pos, *pos2;
-	int ndef;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (os_strcmp(cmd, "WPS") == 0)
-		ndef = 0;
-	else if (os_strcmp(cmd, "NDEF") == 0)
-		ndef = 1;
-	else
-		return -1;
-
-	pos2 = os_strchr(pos, ' ');
-	if (pos2)
-		*pos2++ = '\0';
-	if (os_strcmp(pos, "WPS") == 0 || os_strcmp(pos, "WPS-CR") == 0) {
-		if (!ndef)
-			return -1;
-		return wpas_ctrl_nfc_get_handover_sel_wps(
-			wpa_s, reply, max_len, ndef,
-			os_strcmp(pos, "WPS-CR") == 0, pos2);
-	}
-
-#ifdef CONFIG_P2P
-	if (os_strcmp(pos, "P2P-CR") == 0) {
-		return wpas_ctrl_nfc_get_handover_sel_p2p(
-			wpa_s, reply, max_len, ndef, 0);
-	}
-
-	if (os_strcmp(pos, "P2P-CR-TAG") == 0) {
-		return wpas_ctrl_nfc_get_handover_sel_p2p(
-			wpa_s, reply, max_len, ndef, 1);
-	}
-#endif /* CONFIG_P2P */
-
-	return -1;
-}
-
-
-static int wpas_ctrl_nfc_report_handover(struct wpa_supplicant *wpa_s,
-					 char *cmd)
-{
-	size_t len;
-	struct wpabuf *req, *sel;
-	int ret;
-	char *pos, *role, *type, *pos2;
-#ifdef CONFIG_P2P
-	char *freq;
-	int forced_freq = 0;
-
-	freq = strstr(cmd, " freq=");
-	if (freq) {
-		*freq = '\0';
-		freq += 6;
-		forced_freq = atoi(freq);
-	}
-#endif /* CONFIG_P2P */
-
-	role = cmd;
-	pos = os_strchr(role, ' ');
-	if (pos == NULL) {
-		wpa_printf(MSG_DEBUG, "NFC: Missing type in handover report");
-		return -1;
-	}
-	*pos++ = '\0';
-
-	type = pos;
-	pos = os_strchr(type, ' ');
-	if (pos == NULL) {
-		wpa_printf(MSG_DEBUG, "NFC: Missing request message in handover report");
-		return -1;
-	}
-	*pos++ = '\0';
-
-	pos2 = os_strchr(pos, ' ');
-	if (pos2 == NULL) {
-		wpa_printf(MSG_DEBUG, "NFC: Missing select message in handover report");
-		return -1;
-	}
-	*pos2++ = '\0';
-
-	len = os_strlen(pos);
-	if (len & 0x01) {
-		wpa_printf(MSG_DEBUG, "NFC: Invalid request message length in handover report");
-		return -1;
-	}
-	len /= 2;
-
-	req = wpabuf_alloc(len);
-	if (req == NULL) {
-		wpa_printf(MSG_DEBUG, "NFC: Failed to allocate memory for request message");
-		return -1;
-	}
-	if (hexstr2bin(pos, wpabuf_put(req, len), len) < 0) {
-		wpa_printf(MSG_DEBUG, "NFC: Invalid request message hexdump in handover report");
-		wpabuf_free(req);
-		return -1;
-	}
-
-	len = os_strlen(pos2);
-	if (len & 0x01) {
-		wpa_printf(MSG_DEBUG, "NFC: Invalid select message length in handover report");
-		wpabuf_free(req);
-		return -1;
-	}
-	len /= 2;
-
-	sel = wpabuf_alloc(len);
-	if (sel == NULL) {
-		wpa_printf(MSG_DEBUG, "NFC: Failed to allocate memory for select message");
-		wpabuf_free(req);
-		return -1;
-	}
-	if (hexstr2bin(pos2, wpabuf_put(sel, len), len) < 0) {
-		wpa_printf(MSG_DEBUG, "NFC: Invalid select message hexdump in handover report");
-		wpabuf_free(req);
-		wpabuf_free(sel);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "NFC: Connection handover reported - role=%s type=%s req_len=%d sel_len=%d",
-		   role, type, (int) wpabuf_len(req), (int) wpabuf_len(sel));
-
-	if (os_strcmp(role, "INIT") == 0 && os_strcmp(type, "WPS") == 0) {
-		ret = wpas_wps_nfc_report_handover(wpa_s, req, sel);
-#ifdef CONFIG_AP
-	} else if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "WPS") == 0)
-	{
-		ret = wpas_ap_wps_nfc_report_handover(wpa_s, req, sel);
-		if (ret < 0)
-			ret = wpas_er_wps_nfc_report_handover(wpa_s, req, sel);
-#endif /* CONFIG_AP */
-#ifdef CONFIG_P2P
-	} else if (os_strcmp(role, "INIT") == 0 && os_strcmp(type, "P2P") == 0)
-	{
-		ret = wpas_p2p_nfc_report_handover(wpa_s, 1, req, sel, 0);
-	} else if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "P2P") == 0)
-	{
-		ret = wpas_p2p_nfc_report_handover(wpa_s, 0, req, sel,
-						   forced_freq);
-#endif /* CONFIG_P2P */
-	} else {
-		wpa_printf(MSG_DEBUG, "NFC: Unsupported connection handover "
-			   "reported: role=%s type=%s", role, type);
-		ret = -1;
-	}
-	wpabuf_free(req);
-	wpabuf_free(sel);
-
-	if (ret)
-		wpa_printf(MSG_DEBUG, "NFC: Failed to process reported handover messages");
-
-	return ret;
-}
-
-#endif /* CONFIG_WPS_NFC */
-
-
-static int wpa_supplicant_ctrl_iface_wps_reg(struct wpa_supplicant *wpa_s,
-					     char *cmd)
-{
-	u8 bssid[ETH_ALEN];
-	char *pin;
-	char *new_ssid;
-	char *new_auth;
-	char *new_encr;
-	char *new_key;
-	struct wps_new_ap_settings ap;
-
-	pin = os_strchr(cmd, ' ');
-	if (pin == NULL)
-		return -1;
-	*pin++ = '\0';
-
-	if (hwaddr_aton(cmd, bssid)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_REG: invalid BSSID '%s'",
-			   cmd);
-		return -1;
-	}
-
-	new_ssid = os_strchr(pin, ' ');
-	if (new_ssid == NULL)
-		return wpas_wps_start_reg(wpa_s, bssid, pin, NULL);
-	*new_ssid++ = '\0';
-
-	new_auth = os_strchr(new_ssid, ' ');
-	if (new_auth == NULL)
-		return -1;
-	*new_auth++ = '\0';
-
-	new_encr = os_strchr(new_auth, ' ');
-	if (new_encr == NULL)
-		return -1;
-	*new_encr++ = '\0';
-
-	new_key = os_strchr(new_encr, ' ');
-	if (new_key == NULL)
-		return -1;
-	*new_key++ = '\0';
-
-	os_memset(&ap, 0, sizeof(ap));
-	ap.ssid_hex = new_ssid;
-	ap.auth = new_auth;
-	ap.encr = new_encr;
-	ap.key_hex = new_key;
-	return wpas_wps_start_reg(wpa_s, bssid, pin, &ap);
-}
-
-
-#ifdef CONFIG_AP
-static int wpa_supplicant_ctrl_iface_wps_ap_pin(struct wpa_supplicant *wpa_s,
-						char *cmd, char *buf,
-						size_t buflen)
-{
-	int timeout = 300;
-	char *pos;
-	const char *pin_txt;
-
-	if (!wpa_s->ap_iface)
-		return -1;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos)
-		*pos++ = '\0';
-
-	if (os_strcmp(cmd, "disable") == 0) {
-		wpas_wps_ap_pin_disable(wpa_s);
-		return os_snprintf(buf, buflen, "OK\n");
-	}
-
-	if (os_strcmp(cmd, "random") == 0) {
-		if (pos)
-			timeout = atoi(pos);
-		pin_txt = wpas_wps_ap_pin_random(wpa_s, timeout);
-		if (pin_txt == NULL)
-			return -1;
-		return os_snprintf(buf, buflen, "%s", pin_txt);
-	}
-
-	if (os_strcmp(cmd, "get") == 0) {
-		pin_txt = wpas_wps_ap_pin_get(wpa_s);
-		if (pin_txt == NULL)
-			return -1;
-		return os_snprintf(buf, buflen, "%s", pin_txt);
-	}
-
-	if (os_strcmp(cmd, "set") == 0) {
-		char *pin;
-		if (pos == NULL)
-			return -1;
-		pin = pos;
-		pos = os_strchr(pos, ' ');
-		if (pos) {
-			*pos++ = '\0';
-			timeout = atoi(pos);
-		}
-		if (os_strlen(pin) > buflen)
-			return -1;
-		if (wpas_wps_ap_pin_set(wpa_s, pin, timeout) < 0)
-			return -1;
-		return os_snprintf(buf, buflen, "%s", pin);
-	}
-
-	return -1;
-}
-#endif /* CONFIG_AP */
-
-
-#ifdef CONFIG_WPS_ER
-static int wpa_supplicant_ctrl_iface_wps_er_pin(struct wpa_supplicant *wpa_s,
-						char *cmd)
-{
-	char *uuid = cmd, *pin, *pos;
-	u8 addr_buf[ETH_ALEN], *addr = NULL;
-	pin = os_strchr(uuid, ' ');
-	if (pin == NULL)
-		return -1;
-	*pin++ = '\0';
-	pos = os_strchr(pin, ' ');
-	if (pos) {
-		*pos++ = '\0';
-		if (hwaddr_aton(pos, addr_buf) == 0)
-			addr = addr_buf;
-	}
-	return wpas_wps_er_add_pin(wpa_s, addr, uuid, pin);
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_er_learn(struct wpa_supplicant *wpa_s,
-						  char *cmd)
-{
-	char *uuid = cmd, *pin;
-	pin = os_strchr(uuid, ' ');
-	if (pin == NULL)
-		return -1;
-	*pin++ = '\0';
-	return wpas_wps_er_learn(wpa_s, uuid, pin);
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_er_set_config(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *uuid = cmd, *id;
-	id = os_strchr(uuid, ' ');
-	if (id == NULL)
-		return -1;
-	*id++ = '\0';
-	return wpas_wps_er_set_config(wpa_s, uuid, atoi(id));
-}
-
-
-static int wpa_supplicant_ctrl_iface_wps_er_config(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pin;
-	char *new_ssid;
-	char *new_auth;
-	char *new_encr;
-	char *new_key;
-	struct wps_new_ap_settings ap;
-
-	pin = os_strchr(cmd, ' ');
-	if (pin == NULL)
-		return -1;
-	*pin++ = '\0';
-
-	new_ssid = os_strchr(pin, ' ');
-	if (new_ssid == NULL)
-		return -1;
-	*new_ssid++ = '\0';
-
-	new_auth = os_strchr(new_ssid, ' ');
-	if (new_auth == NULL)
-		return -1;
-	*new_auth++ = '\0';
-
-	new_encr = os_strchr(new_auth, ' ');
-	if (new_encr == NULL)
-		return -1;
-	*new_encr++ = '\0';
-
-	new_key = os_strchr(new_encr, ' ');
-	if (new_key == NULL)
-		return -1;
-	*new_key++ = '\0';
-
-	os_memset(&ap, 0, sizeof(ap));
-	ap.ssid_hex = new_ssid;
-	ap.auth = new_auth;
-	ap.encr = new_encr;
-	ap.key_hex = new_key;
-	return wpas_wps_er_config(wpa_s, cmd, pin, &ap);
-}
-
-
-#ifdef CONFIG_WPS_NFC
-static int wpa_supplicant_ctrl_iface_wps_er_nfc_config_token(
-	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
-{
-	int ndef;
-	struct wpabuf *buf;
-	int res;
-	char *uuid;
-
-	uuid = os_strchr(cmd, ' ');
-	if (uuid == NULL)
-		return -1;
-	*uuid++ = '\0';
-
-	if (os_strcmp(cmd, "WPS") == 0)
-		ndef = 0;
-	else if (os_strcmp(cmd, "NDEF") == 0)
-		ndef = 1;
-	else
-		return -1;
-
-	buf = wpas_wps_er_nfc_config_token(wpa_s, ndef, uuid);
-	if (buf == NULL)
-		return -1;
-
-	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
-					 wpabuf_len(buf));
-	reply[res++] = '\n';
-	reply[res] = '\0';
-
-	wpabuf_free(buf);
-
-	return res;
-}
-#endif /* CONFIG_WPS_NFC */
-#endif /* CONFIG_WPS_ER */
-
-#endif /* CONFIG_WPS */
-
-
-#ifdef CONFIG_IBSS_RSN
-static int wpa_supplicant_ctrl_iface_ibss_rsn(
-	struct wpa_supplicant *wpa_s, char *addr)
-{
-	u8 peer[ETH_ALEN];
-
-	if (hwaddr_aton(addr, peer)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE IBSS_RSN: invalid "
-			   "address '%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE IBSS_RSN " MACSTR,
-		   MAC2STR(peer));
-
-	return ibss_rsn_start(wpa_s->ibss_rsn, peer);
-}
-#endif /* CONFIG_IBSS_RSN */
-
-
-static int wpa_supplicant_ctrl_iface_ctrl_rsp(struct wpa_supplicant *wpa_s,
-					      char *rsp)
-{
-#ifdef IEEE8021X_EAPOL
-	char *pos, *id_pos;
-	int id;
-	struct wpa_ssid *ssid;
-
-	pos = os_strchr(rsp, '-');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-	id_pos = pos;
-	pos = os_strchr(pos, ':');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-	id = atoi(id_pos);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: field=%s id=%d", rsp, id);
-	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
-			      (u8 *) pos, os_strlen(pos));
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
-			   "to update", id);
-		return -1;
-	}
-
-	return wpa_supplicant_ctrl_iface_ctrl_rsp_handle(wpa_s, ssid, rsp,
-							 pos);
-#else /* IEEE8021X_EAPOL */
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: 802.1X not included");
-	return -1;
-#endif /* IEEE8021X_EAPOL */
-}
-
-
-static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
-					    const char *params,
-					    char *buf, size_t buflen)
-{
-	char *pos, *end, tmp[30];
-	int res, verbose, wps, ret;
-#ifdef CONFIG_HS20
-	const u8 *hs20;
-#endif /* CONFIG_HS20 */
-	const u8 *sess_id;
-	size_t sess_id_len;
-
-	if (os_strcmp(params, "-DRIVER") == 0)
-		return wpa_drv_status(wpa_s, buf, buflen);
-	verbose = os_strcmp(params, "-VERBOSE") == 0;
-	wps = os_strcmp(params, "-WPS") == 0;
-	pos = buf;
-	end = buf + buflen;
-	if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
-		struct wpa_ssid *ssid = wpa_s->current_ssid;
-		ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n",
-				  MAC2STR(wpa_s->bssid));
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-		ret = os_snprintf(pos, end - pos, "freq=%u\n",
-				  wpa_s->assoc_freq);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-		if (ssid) {
-			u8 *_ssid = ssid->ssid;
-			size_t ssid_len = ssid->ssid_len;
-			u8 ssid_buf[SSID_MAX_LEN];
-			if (ssid_len == 0) {
-				int _res = wpa_drv_get_ssid(wpa_s, ssid_buf);
-				if (_res < 0)
-					ssid_len = 0;
-				else
-					ssid_len = _res;
-				_ssid = ssid_buf;
-			}
-			ret = os_snprintf(pos, end - pos, "ssid=%s\nid=%d\n",
-					  wpa_ssid_txt(_ssid, ssid_len),
-					  ssid->id);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-
-			if (wps && ssid->passphrase &&
-			    wpa_key_mgmt_wpa_psk(ssid->key_mgmt) &&
-			    (ssid->mode == WPAS_MODE_AP ||
-			     ssid->mode == WPAS_MODE_P2P_GO)) {
-				ret = os_snprintf(pos, end - pos,
-						  "passphrase=%s\n",
-						  ssid->passphrase);
-				if (os_snprintf_error(end - pos, ret))
-					return pos - buf;
-				pos += ret;
-			}
-			if (ssid->id_str) {
-				ret = os_snprintf(pos, end - pos,
-						  "id_str=%s\n",
-						  ssid->id_str);
-				if (os_snprintf_error(end - pos, ret))
-					return pos - buf;
-				pos += ret;
-			}
-
-			switch (ssid->mode) {
-			case WPAS_MODE_INFRA:
-				ret = os_snprintf(pos, end - pos,
-						  "mode=station\n");
-				break;
-			case WPAS_MODE_IBSS:
-				ret = os_snprintf(pos, end - pos,
-						  "mode=IBSS\n");
-				break;
-			case WPAS_MODE_AP:
-				ret = os_snprintf(pos, end - pos,
-						  "mode=AP\n");
-				break;
-			case WPAS_MODE_P2P_GO:
-				ret = os_snprintf(pos, end - pos,
-						  "mode=P2P GO\n");
-				break;
-			case WPAS_MODE_P2P_GROUP_FORMATION:
-				ret = os_snprintf(pos, end - pos,
-						  "mode=P2P GO - group "
-						  "formation\n");
-				break;
-			case WPAS_MODE_MESH:
-				ret = os_snprintf(pos, end - pos,
-						  "mode=mesh\n");
-				break;
-			default:
-				ret = 0;
-				break;
-			}
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-
-		if (wpa_s->connection_set &&
-		    (wpa_s->connection_ht || wpa_s->connection_vht ||
-		     wpa_s->connection_he)) {
-			ret = os_snprintf(pos, end - pos,
-					  "wifi_generation=%u\n",
-					  wpa_s->connection_he ? 6 :
-					  (wpa_s->connection_vht ? 5 : 4));
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface) {
-			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
-							    end - pos,
-							    verbose);
-		} else
-#endif /* CONFIG_AP */
-		pos += wpa_sm_get_status(wpa_s->wpa, pos, end - pos, verbose);
-	}
-#ifdef CONFIG_SME
-#ifdef CONFIG_SAE
-	if (wpa_s->wpa_state >= WPA_ASSOCIATED &&
-#ifdef CONFIG_AP
-	    !wpa_s->ap_iface &&
-#endif /* CONFIG_AP */
-	    wpa_s->sme.sae.state == SAE_ACCEPTED) {
-		ret = os_snprintf(pos, end - pos, "sae_group=%d\n"
-				  "sae_h2e=%d\n"
-				  "sae_pk=%d\n",
-				  wpa_s->sme.sae.group,
-				  wpa_s->sme.sae.h2e,
-				  wpa_s->sme.sae.pk);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SAE */
-#endif /* CONFIG_SME */
-	ret = os_snprintf(pos, end - pos, "wpa_state=%s\n",
-			  wpa_supplicant_state_txt(wpa_s->wpa_state));
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-	if (wpa_s->l2 &&
-	    l2_packet_get_ip_addr(wpa_s->l2, tmp, sizeof(tmp)) >= 0) {
-		ret = os_snprintf(pos, end - pos, "ip_address=%s\n", tmp);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-#ifdef CONFIG_P2P
-	if (wpa_s->global->p2p) {
-		ret = os_snprintf(pos, end - pos, "p2p_device_address=" MACSTR
-				  "\n", MAC2STR(wpa_s->global->p2p_dev_addr));
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_P2P */
-
-	ret = os_snprintf(pos, end - pos, "address=" MACSTR "\n",
-			  MAC2STR(wpa_s->own_addr));
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-#ifdef CONFIG_HS20
-	if (wpa_s->current_bss &&
-	    (hs20 = wpa_bss_get_vendor_ie(wpa_s->current_bss,
-					  HS20_IE_VENDOR_TYPE)) &&
-	    wpa_s->wpa_proto == WPA_PROTO_RSN &&
-	    wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
-		int release = 1;
-		if (hs20[1] >= 5) {
-			u8 rel_num = (hs20[6] & 0xf0) >> 4;
-			release = rel_num + 1;
-		}
-		ret = os_snprintf(pos, end - pos, "hs20=%d\n", release);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (wpa_s->current_ssid) {
-		struct wpa_cred *cred;
-		char *type;
-
-		for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-			size_t i;
-
-			if (wpa_s->current_ssid->parent_cred != cred)
-				continue;
-
-			if (cred->provisioning_sp) {
-				ret = os_snprintf(pos, end - pos,
-						  "provisioning_sp=%s\n",
-						  cred->provisioning_sp);
-				if (os_snprintf_error(end - pos, ret))
-					return pos - buf;
-				pos += ret;
-			}
-
-			if (!cred->domain)
-				goto no_domain;
-
-			i = 0;
-			if (wpa_s->current_bss && wpa_s->current_bss->anqp) {
-				struct wpabuf *names =
-					wpa_s->current_bss->anqp->domain_name;
-				for (i = 0; names && i < cred->num_domain; i++)
-				{
-					if (domain_name_list_contains(
-						    names, cred->domain[i], 1))
-						break;
-				}
-				if (i == cred->num_domain)
-					i = 0; /* show first entry by default */
-			}
-			ret = os_snprintf(pos, end - pos, "home_sp=%s\n",
-					  cred->domain[i]);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-
-		no_domain:
-			if (wpa_s->current_bss == NULL ||
-			    wpa_s->current_bss->anqp == NULL)
-				res = -1;
-			else
-				res = interworking_home_sp_cred(
-					wpa_s, cred,
-					wpa_s->current_bss->anqp->domain_name);
-			if (res > 0)
-				type = "home";
-			else if (res == 0)
-				type = "roaming";
-			else
-				type = "unknown";
-
-			ret = os_snprintf(pos, end - pos, "sp_type=%s\n", type);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-
-			break;
-		}
-	}
-#endif /* CONFIG_HS20 */
-
-	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		res = eapol_sm_get_status(wpa_s->eapol, pos, end - pos,
-					  verbose);
-		if (res >= 0)
-			pos += res;
-	}
-
-#ifdef CONFIG_MACSEC
-	res = ieee802_1x_kay_get_status(wpa_s->kay, pos, end - pos);
-	if (res > 0)
-		pos += res;
-#endif /* CONFIG_MACSEC */
-
-	sess_id = eapol_sm_get_session_id(wpa_s->eapol, &sess_id_len);
-	if (sess_id) {
-		char *start = pos;
-
-		ret = os_snprintf(pos, end - pos, "eap_session_id=");
-		if (os_snprintf_error(end - pos, ret))
-			return start - buf;
-		pos += ret;
-		ret = wpa_snprintf_hex(pos, end - pos, sess_id, sess_id_len);
-		if (ret <= 0)
-			return start - buf;
-		pos += ret;
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return start - buf;
-		pos += ret;
-	}
-
-	res = rsn_preauth_get_status(wpa_s->wpa, pos, end - pos, verbose);
-	if (res >= 0)
-		pos += res;
-
-#ifdef CONFIG_WPS
-	{
-		char uuid_str[100];
-		uuid_bin2str(wpa_s->wps->uuid, uuid_str, sizeof(uuid_str));
-		ret = os_snprintf(pos, end - pos, "uuid=%s\n", uuid_str);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_WPS */
-
-	if (wpa_s->ieee80211ac) {
-		ret = os_snprintf(pos, end - pos, "ieee80211ac=1\n");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-#ifdef ANDROID
-	/*
-	 * Allow using the STATUS command with default behavior, say for debug,
-	 * i.e., don't generate a "fake" CONNECTION and SUPPLICANT_STATE_CHANGE
-	 * events with STATUS-NO_EVENTS.
-	 */
-	if (os_strcmp(params, "-NO_EVENTS")) {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_STATE_CHANGE
-			     "id=%d state=%d BSSID=" MACSTR " SSID=%s",
-			     wpa_s->current_ssid ? wpa_s->current_ssid->id : -1,
-			     wpa_s->wpa_state,
-			     MAC2STR(wpa_s->bssid),
-			     wpa_s->current_ssid && wpa_s->current_ssid->ssid ?
-			     wpa_ssid_txt(wpa_s->current_ssid->ssid,
-					  wpa_s->current_ssid->ssid_len) : "");
-		if (wpa_s->wpa_state == WPA_COMPLETED) {
-			struct wpa_ssid *ssid = wpa_s->current_ssid;
-			wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED
-				     "- connection to " MACSTR
-				     " completed %s [id=%d id_str=%s]",
-				     MAC2STR(wpa_s->bssid), "(auth)",
-				     ssid ? ssid->id : -1,
-				     ssid && ssid->id_str ? ssid->id_str : "");
-		}
-	}
-#endif /* ANDROID */
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_ctrl_iface_bssid(struct wpa_supplicant *wpa_s,
-					   char *cmd)
-{
-	char *pos;
-	int id;
-	struct wpa_ssid *ssid;
-	u8 bssid[ETH_ALEN];
-
-	/* cmd: "<network id> <BSSID>" */
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: id=%d bssid='%s'", id, pos);
-	if (hwaddr_aton(pos, bssid)) {
-		wpa_printf(MSG_DEBUG ,"CTRL_IFACE: invalid BSSID '%s'", pos);
-		return -1;
-	}
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
-			   "to update", id);
-		return -1;
-	}
-
-	os_memcpy(ssid->bssid, bssid, ETH_ALEN);
-	ssid->bssid_set = !is_zero_ether_addr(bssid);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_bssid_ignore(struct wpa_supplicant *wpa_s,
-						  char *cmd, char *buf,
-						  size_t buflen)
-{
-	u8 bssid[ETH_ALEN];
-	struct wpa_bssid_ignore *e;
-	char *pos, *end;
-	int ret;
-
-	/* cmd: "BSSID_IGNORE [<BSSID>]" */
-	if (*cmd == '\0') {
-		pos = buf;
-		end = buf + buflen;
-		e = wpa_s->bssid_ignore;
-		while (e) {
-			ret = os_snprintf(pos, end - pos, MACSTR "\n",
-					  MAC2STR(e->bssid));
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-			e = e->next;
-		}
-		return pos - buf;
-	}
-
-	cmd++;
-	if (os_strncmp(cmd, "clear", 5) == 0) {
-		wpa_bssid_ignore_clear(wpa_s);
-		os_memcpy(buf, "OK\n", 3);
-		return 3;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: BSSID_IGNORE bssid='%s'", cmd);
-	if (hwaddr_aton(cmd, bssid)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: invalid BSSID '%s'", cmd);
-		return -1;
-	}
-
-	/*
-	 * Add the BSSID twice, so its count will be 2, causing it to be
-	 * skipped when processing scan results.
-	 */
-	ret = wpa_bssid_ignore_add(wpa_s, bssid);
-	if (ret < 0)
-		return -1;
-	ret = wpa_bssid_ignore_add(wpa_s, bssid);
-	if (ret < 0)
-		return -1;
-	os_memcpy(buf, "OK\n", 3);
-	return 3;
-}
-
-
-static int wpa_supplicant_ctrl_iface_log_level(struct wpa_supplicant *wpa_s,
-					       char *cmd, char *buf,
-					       size_t buflen)
-{
-	char *pos, *end, *stamp;
-	int ret;
-
-	/* cmd: "LOG_LEVEL [<level>]" */
-	if (*cmd == '\0') {
-		pos = buf;
-		end = buf + buflen;
-		ret = os_snprintf(pos, end - pos, "Current level: %s\n"
-				  "Timestamp: %d\n",
-				  debug_level_str(wpa_debug_level),
-				  wpa_debug_timestamp);
-		if (os_snprintf_error(end - pos, ret))
-			ret = 0;
-
-		return ret;
-	}
-
-	while (*cmd == ' ')
-		cmd++;
-
-	stamp = os_strchr(cmd, ' ');
-	if (stamp) {
-		*stamp++ = '\0';
-		while (*stamp == ' ') {
-			stamp++;
-		}
-	}
-
-	if (os_strlen(cmd)) {
-		int level = str_to_debug_level(cmd);
-		if (level < 0)
-			return -1;
-		wpa_debug_level = level;
-	}
-
-	if (stamp && os_strlen(stamp))
-		wpa_debug_timestamp = atoi(stamp);
-
-	os_memcpy(buf, "OK\n", 3);
-	return 3;
-}
-
-
-static int wpa_supplicant_ctrl_iface_list_networks(
-	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
-{
-	char *pos, *end, *prev;
-	struct wpa_ssid *ssid;
-	int ret;
-
-	pos = buf;
-	end = buf + buflen;
-	ret = os_snprintf(pos, end - pos,
-			  "network id / ssid / bssid / flags\n");
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-	ssid = wpa_s->conf->ssid;
-
-	/* skip over ssids until we find next one */
-	if (cmd != NULL && os_strncmp(cmd, "LAST_ID=", 8) == 0) {
-		int last_id = atoi(cmd + 8);
-		if (last_id != -1) {
-			while (ssid != NULL && ssid->id <= last_id) {
-				ssid = ssid->next;
-			}
-		}
-	}
-
-	while (ssid) {
-		prev = pos;
-		ret = os_snprintf(pos, end - pos, "%d\t%s",
-				  ssid->id,
-				  wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-		if (os_snprintf_error(end - pos, ret))
-			return prev - buf;
-		pos += ret;
-		if (ssid->bssid_set) {
-			ret = os_snprintf(pos, end - pos, "\t" MACSTR,
-					  MAC2STR(ssid->bssid));
-		} else {
-			ret = os_snprintf(pos, end - pos, "\tany");
-		}
-		if (os_snprintf_error(end - pos, ret))
-			return prev - buf;
-		pos += ret;
-		ret = os_snprintf(pos, end - pos, "\t%s%s%s%s",
-				  ssid == wpa_s->current_ssid ?
-				  "[CURRENT]" : "",
-				  ssid->disabled ? "[DISABLED]" : "",
-				  ssid->disabled_until.sec ?
-				  "[TEMP-DISABLED]" : "",
-				  ssid->disabled == 2 ? "[P2P-PERSISTENT]" :
-				  "");
-		if (os_snprintf_error(end - pos, ret))
-			return prev - buf;
-		pos += ret;
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return prev - buf;
-		pos += ret;
-
-		ssid = ssid->next;
-	}
-
-	return pos - buf;
-}
-
-
-static char * wpa_supplicant_cipher_txt(char *pos, char *end, int cipher)
-{
-	int ret;
-	ret = os_snprintf(pos, end - pos, "-");
-	if (os_snprintf_error(end - pos, ret))
-		return pos;
-	pos += ret;
-	ret = wpa_write_ciphers(pos, end, cipher, "+");
-	if (ret < 0)
-		return pos;
-	pos += ret;
-	return pos;
-}
-
-
-static char * wpa_supplicant_ie_txt(char *pos, char *end, const char *proto,
-				    const u8 *ie, size_t ie_len)
-{
-	struct wpa_ie_data data;
-	char *start;
-	int ret;
-
-	ret = os_snprintf(pos, end - pos, "[%s-", proto);
-	if (os_snprintf_error(end - pos, ret))
-		return pos;
-	pos += ret;
-
-	if (wpa_parse_wpa_ie(ie, ie_len, &data) < 0) {
-		ret = os_snprintf(pos, end - pos, "?]");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-		return pos;
-	}
-
-	start = pos;
-	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
-		ret = os_snprintf(pos, end - pos, "%sEAP",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_PSK) {
-		ret = os_snprintf(pos, end - pos, "%sPSK",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
-		ret = os_snprintf(pos, end - pos, "%sNone",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_SAE) {
-		ret = os_snprintf(pos, end - pos, "%sSAE",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#ifdef CONFIG_IEEE80211R
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
-		ret = os_snprintf(pos, end - pos, "%sFT/EAP",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) {
-		ret = os_snprintf(pos, end - pos, "%sFT/PSK",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE) {
-		ret = os_snprintf(pos, end - pos, "%sFT/SAE",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_IEEE80211R */
-	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sEAP-SHA256",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sPSK-SHA256",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-
-#ifdef CONFIG_SUITEB
-	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
-		ret = os_snprintf(pos, end - pos, "%sEAP-SUITE-B",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_SUITEB */
-
-#ifdef CONFIG_SUITEB192
-	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
-		ret = os_snprintf(pos, end - pos, "%sEAP-SUITE-B-192",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_SUITEB192 */
-
-#ifdef CONFIG_FILS
-	if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sFILS-SHA256",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFILS-SHA384",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#ifdef CONFIG_IEEE80211R
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA256",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA384",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_IEEE80211R */
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_OWE
-	if (data.key_mgmt & WPA_KEY_MGMT_OWE) {
-		ret = os_snprintf(pos, end - pos, "%sOWE",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_OWE */
-
-#ifdef CONFIG_DPP
-	if (data.key_mgmt & WPA_KEY_MGMT_DPP) {
-		ret = os_snprintf(pos, end - pos, "%sDPP",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_DPP */
-
-	if (data.key_mgmt & WPA_KEY_MGMT_OSEN) {
-		ret = os_snprintf(pos, end - pos, "%sOSEN",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-
-	pos = wpa_supplicant_cipher_txt(pos, end, data.pairwise_cipher);
-
-	if (data.capabilities & WPA_CAPABILITY_PREAUTH) {
-		ret = os_snprintf(pos, end - pos, "-preauth");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-
-	ret = os_snprintf(pos, end - pos, "]");
-	if (os_snprintf_error(end - pos, ret))
-		return pos;
-	pos += ret;
-
-	return pos;
-}
-
-
-#ifdef CONFIG_WPS
-static char * wpa_supplicant_wps_ie_txt_buf(struct wpa_supplicant *wpa_s,
-					    char *pos, char *end,
-					    struct wpabuf *wps_ie)
-{
-	int ret;
-	const char *txt;
-
-	if (wps_ie == NULL)
-		return pos;
-	if (wps_is_selected_pbc_registrar(wps_ie))
-		txt = "[WPS-PBC]";
-	else if (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 0))
-		txt = "[WPS-AUTH]";
-	else if (wps_is_selected_pin_registrar(wps_ie))
-		txt = "[WPS-PIN]";
-	else
-		txt = "[WPS]";
-
-	ret = os_snprintf(pos, end - pos, "%s", txt);
-	if (!os_snprintf_error(end - pos, ret))
-		pos += ret;
-	wpabuf_free(wps_ie);
-	return pos;
-}
-#endif /* CONFIG_WPS */
-
-
-static char * wpa_supplicant_wps_ie_txt(struct wpa_supplicant *wpa_s,
-					char *pos, char *end,
-					const struct wpa_bss *bss)
-{
-#ifdef CONFIG_WPS
-	struct wpabuf *wps_ie;
-	wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
-	return wpa_supplicant_wps_ie_txt_buf(wpa_s, pos, end, wps_ie);
-#else /* CONFIG_WPS */
-	return pos;
-#endif /* CONFIG_WPS */
-}
-
-
-/* Format one result on one text line into a buffer. */
-static int wpa_supplicant_ctrl_iface_scan_result(
-	struct wpa_supplicant *wpa_s,
-	const struct wpa_bss *bss, char *buf, size_t buflen)
-{
-	char *pos, *end;
-	int ret;
-	const u8 *ie, *ie2, *osen_ie, *p2p, *mesh, *owe, *rsnxe;
-
-	mesh = wpa_bss_get_ie(bss, WLAN_EID_MESH_ID);
-	p2p = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE);
-	if (!p2p)
-		p2p = wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE);
-	if (p2p && bss->ssid_len == P2P_WILDCARD_SSID_LEN &&
-	    os_memcmp(bss->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) ==
-	    0)
-		return 0; /* Do not show P2P listen discovery results here */
-
-	pos = buf;
-	end = buf + buflen;
-
-	ret = os_snprintf(pos, end - pos, MACSTR "\t%d\t%d\t",
-			  MAC2STR(bss->bssid), bss->freq, bss->level);
-	if (os_snprintf_error(end - pos, ret))
-		return -1;
-	pos += ret;
-	ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-	if (ie)
-		pos = wpa_supplicant_ie_txt(pos, end, "WPA", ie, 2 + ie[1]);
-	ie2 = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	if (ie2) {
-		pos = wpa_supplicant_ie_txt(pos, end, mesh ? "RSN" : "WPA2",
-					    ie2, 2 + ie2[1]);
-	}
-	rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-	if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_H2E)) {
-		ret = os_snprintf(pos, end - pos, "[SAE-H2E]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-	if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_PK)) {
-		ret = os_snprintf(pos, end - pos, "[SAE-PK]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-	osen_ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-	if (osen_ie)
-		pos = wpa_supplicant_ie_txt(pos, end, "OSEN",
-					    osen_ie, 2 + osen_ie[1]);
-	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
-	if (owe) {
-		ret = os_snprintf(pos, end - pos,
-				  ie2 ? "[OWE-TRANS]" : "[OWE-TRANS-OPEN]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-	pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
-	if (!ie && !ie2 && !osen_ie && (bss->caps & IEEE80211_CAP_PRIVACY)) {
-		ret = os_snprintf(pos, end - pos, "[WEP]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-	if (mesh) {
-		ret = os_snprintf(pos, end - pos, "[MESH]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-	if (bss_is_dmg(bss)) {
-		const char *s;
-
-		if (wpa_bss_get_ie_ext(bss, WLAN_EID_EXT_EDMG_OPERATION)) {
-			ret = os_snprintf(pos, end - pos, "[EDMG]");
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-
-		ret = os_snprintf(pos, end - pos, "[DMG]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-		switch (bss->caps & IEEE80211_CAP_DMG_MASK) {
-		case IEEE80211_CAP_DMG_IBSS:
-			s = "[IBSS]";
-			break;
-		case IEEE80211_CAP_DMG_AP:
-			s = "[ESS]";
-			break;
-		case IEEE80211_CAP_DMG_PBSS:
-			s = "[PBSS]";
-			break;
-		default:
-			s = "";
-			break;
-		}
-		ret = os_snprintf(pos, end - pos, "%s", s);
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	} else {
-		if (bss->caps & IEEE80211_CAP_IBSS) {
-			ret = os_snprintf(pos, end - pos, "[IBSS]");
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-		if (bss->caps & IEEE80211_CAP_ESS) {
-			ret = os_snprintf(pos, end - pos, "[ESS]");
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-	}
-	if (p2p) {
-		ret = os_snprintf(pos, end - pos, "[P2P]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-#ifdef CONFIG_HS20
-	if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE) && ie2) {
-		ret = os_snprintf(pos, end - pos, "[HS20]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_FILS
-	if (wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION)) {
-		ret = os_snprintf(pos, end - pos, "[FILS]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_FST
-	if (wpa_bss_get_ie(bss, WLAN_EID_MULTI_BAND)) {
-		ret = os_snprintf(pos, end - pos, "[FST]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-#endif /* CONFIG_FST */
-	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_UTF_8_SSID)) {
-		ret = os_snprintf(pos, end - pos, "[UTF-8]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	ret = os_snprintf(pos, end - pos, "\t%s",
-			  wpa_ssid_txt(bss->ssid, bss->ssid_len));
-	if (os_snprintf_error(end - pos, ret))
-		return -1;
-	pos += ret;
-
-	ret = os_snprintf(pos, end - pos, "\n");
-	if (os_snprintf_error(end - pos, ret))
-		return -1;
-	pos += ret;
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_ctrl_iface_scan_results(
-	struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
-{
-	char *pos, *end;
-	struct wpa_bss *bss;
-	int ret;
-
-	pos = buf;
-	end = buf + buflen;
-	ret = os_snprintf(pos, end - pos, "bssid / frequency / signal level / "
-			  "flags / ssid\n");
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-	dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
-		ret = wpa_supplicant_ctrl_iface_scan_result(wpa_s, bss, pos,
-							    end - pos);
-		if (ret < 0 || ret >= end - pos)
-			return pos - buf;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-#ifdef CONFIG_MESH
-
-static int wpa_supplicant_ctrl_iface_mesh_interface_add(
-	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
-{
-	char *pos, ifname[IFNAMSIZ + 1];
-
-	ifname[0] = '\0';
-
-	pos = os_strstr(cmd, "ifname=");
-	if (pos) {
-		pos += 7;
-		os_strlcpy(ifname, pos, sizeof(ifname));
-	}
-
-	if (wpas_mesh_add_interface(wpa_s, ifname, sizeof(ifname)) < 0)
-		return -1;
-
-	os_strlcpy(reply, ifname, max_len);
-	return os_strlen(ifname);
-}
-
-
-static int wpa_supplicant_ctrl_iface_mesh_group_add(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int id;
-	struct wpa_ssid *ssid;
-
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: MESH_GROUP_ADD id=%d", id);
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL_IFACE: Could not find network id=%d", id);
-		return -1;
-	}
-	if (ssid->mode != WPAS_MODE_MESH) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL_IFACE: Cannot use MESH_GROUP_ADD on a non mesh network");
-		return -1;
-	}
-	if (ssid->key_mgmt != WPA_KEY_MGMT_NONE &&
-	    ssid->key_mgmt != WPA_KEY_MGMT_SAE) {
-		wpa_printf(MSG_ERROR,
-			   "CTRL_IFACE: key_mgmt for mesh network should be open or SAE");
-		return -1;
-	}
-
-	/*
-	 * TODO: If necessary write our own group_add function,
-	 * for now we can reuse select_network
-	 */
-	wpa_supplicant_select_network(wpa_s, ssid);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_mesh_group_remove(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	struct wpa_supplicant *orig;
-	struct wpa_global *global;
-	int found = 0;
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: MESH_GROUP_REMOVE ifname=%s", cmd);
-
-	global = wpa_s->global;
-	orig = wpa_s;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (os_strcmp(wpa_s->ifname, cmd) == 0) {
-			found = 1;
-			break;
-		}
-	}
-	if (!found) {
-		wpa_printf(MSG_ERROR,
-			   "CTRL_IFACE: MESH_GROUP_REMOVE ifname=%s not found",
-			   cmd);
-		return -1;
-	}
-	if (wpa_s->mesh_if_created && wpa_s == orig) {
-		wpa_printf(MSG_ERROR,
-			   "CTRL_IFACE: MESH_GROUP_REMOVE can't remove itself");
-		return -1;
-	}
-
-	wpa_s->reassociate = 0;
-	wpa_s->disconnected = 1;
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_cancel_scan(wpa_s);
-
-	/*
-	 * TODO: If necessary write our own group_remove function,
-	 * for now we can reuse deauthenticate
-	 */
-	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-
-	if (wpa_s->mesh_if_created)
-		wpa_supplicant_remove_iface(global, wpa_s, 0);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_mesh_peer_remove(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 addr[ETH_ALEN];
-
-	if (hwaddr_aton(cmd, addr) < 0)
-		return -1;
-
-	return wpas_mesh_peer_remove(wpa_s, addr);
-}
-
-
-static int wpa_supplicant_ctrl_iface_mesh_peer_add(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 addr[ETH_ALEN];
-	int duration;
-	char *pos;
-
-	pos = os_strstr(cmd, " duration=");
-	if (pos) {
-		*pos = '\0';
-		duration = atoi(pos + 10);
-	} else {
-		duration = -1;
-	}
-
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	return wpas_mesh_peer_add(wpa_s, addr, duration);
-}
-
-
-static int wpa_supplicant_ctrl_iface_mesh_link_probe(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	struct ether_header *eth;
-	u8 addr[ETH_ALEN];
-	u8 *buf;
-	char *pos;
-	size_t payload_len = 0, len;
-	int ret = -1;
-
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	pos = os_strstr(cmd, " payload=");
-	if (pos) {
-		pos = pos + 9;
-		payload_len = os_strlen(pos);
-		if (payload_len & 1)
-			return -1;
-
-		payload_len /= 2;
-	}
-
-	len = ETH_HLEN + payload_len;
-	buf = os_malloc(len);
-	if (!buf)
-		return -1;
-
-	eth = (struct ether_header *) buf;
-	os_memcpy(eth->ether_dhost, addr, ETH_ALEN);
-	os_memcpy(eth->ether_shost, wpa_s->own_addr, ETH_ALEN);
-	eth->ether_type = htons(ETH_P_802_3);
-
-	if (payload_len && hexstr2bin(pos, buf + ETH_HLEN, payload_len) < 0)
-		goto fail;
-
-	ret = wpa_drv_mesh_link_probe(wpa_s, addr, buf, len);
-fail:
-	os_free(buf);
-	return -ret;
-}
-
-#endif /* CONFIG_MESH */
-
-
-static int wpa_supplicant_ctrl_iface_select_network(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int id;
-	struct wpa_ssid *ssid;
-	char *pos;
-
-	/* cmd: "<network id>" or "any" */
-	if (os_strncmp(cmd, "any", 3) == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SELECT_NETWORK any");
-		ssid = NULL;
-	} else {
-		id = atoi(cmd);
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SELECT_NETWORK id=%d", id);
-
-		ssid = wpa_config_get_network(wpa_s->conf, id);
-		if (ssid == NULL) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
-				   "network id=%d", id);
-			return -1;
-		}
-		if (ssid->disabled == 2) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Cannot use "
-				   "SELECT_NETWORK with persistent P2P group");
-			return -1;
-		}
-	}
-
-	pos = os_strstr(cmd, " freq=");
-	if (pos) {
-		int *freqs = freq_range_to_channel_list(wpa_s, pos + 6);
-		if (freqs) {
-			os_free(wpa_s->select_network_scan_freqs);
-			wpa_s->select_network_scan_freqs = freqs;
-		}
-	}
-
-	wpa_s->scan_min_time.sec = 0;
-	wpa_s->scan_min_time.usec = 0;
-	wpa_supplicant_select_network(wpa_s, ssid);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_enable_network(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int id;
-	struct wpa_ssid *ssid;
-
-	/* cmd: "<network id>" or "all" */
-	if (os_strcmp(cmd, "all") == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: ENABLE_NETWORK all");
-		ssid = NULL;
-	} else {
-		id = atoi(cmd);
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: ENABLE_NETWORK id=%d", id);
-
-		ssid = wpa_config_get_network(wpa_s->conf, id);
-		if (ssid == NULL) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
-				   "network id=%d", id);
-			return -1;
-		}
-		if (ssid->disabled == 2) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Cannot use "
-				   "ENABLE_NETWORK with persistent P2P group");
-			return -1;
-		}
-
-		if (os_strstr(cmd, " no-connect")) {
-			ssid->disabled = 0;
-			return 0;
-		}
-	}
-	wpa_s->scan_min_time.sec = 0;
-	wpa_s->scan_min_time.usec = 0;
-	wpa_supplicant_enable_network(wpa_s, ssid);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_disable_network(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int id;
-	struct wpa_ssid *ssid;
-
-	/* cmd: "<network id>" or "all" */
-	if (os_strcmp(cmd, "all") == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: DISABLE_NETWORK all");
-		ssid = NULL;
-	} else {
-		id = atoi(cmd);
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: DISABLE_NETWORK id=%d", id);
-
-		ssid = wpa_config_get_network(wpa_s->conf, id);
-		if (ssid == NULL) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
-				   "network id=%d", id);
-			return -1;
-		}
-		if (ssid->disabled == 2) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Cannot use "
-				   "DISABLE_NETWORK with persistent P2P "
-				   "group");
-			return -1;
-		}
-	}
-	wpa_supplicant_disable_network(wpa_s, ssid);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_add_network(
-	struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
-{
-	struct wpa_ssid *ssid;
-	int ret;
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: ADD_NETWORK");
-
-	ssid = wpa_supplicant_add_network(wpa_s);
-	if (ssid == NULL)
-		return -1;
-
-	ret = os_snprintf(buf, buflen, "%d\n", ssid->id);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_remove_network(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int id;
-	int result;
-
-	/* cmd: "<network id>" or "all" */
-	if (os_strcmp(cmd, "all") == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK all");
-		return wpa_supplicant_remove_all_networks(wpa_s);
-	}
-
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK id=%d", id);
-
-	result = wpa_supplicant_remove_network(wpa_s, id);
-	if (result == -1) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
-			   "id=%d", id);
-		return -1;
-	}
-	if (result == -2) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Not able to remove the "
-			   "network id=%d", id);
-		return -1;
-	}
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_update_network(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	char *name, char *value)
-{
-	int ret;
-
-	ret = wpa_config_set(ssid, name, value, 0);
-	if (ret < 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to set network "
-			   "variable '%s'", name);
-		return -1;
-	}
-	if (ret == 1)
-		return 0; /* No change to the previously configured value */
-
-#ifdef CONFIG_BGSCAN
-	if (os_strcmp(name, "bgscan") == 0) {
-		/*
-		 * Reset the bgscan parameters for the current network and
-		 * return. There's no need to flush caches for bgscan parameter
-		 * changes.
-		 */
-		if (wpa_s->current_ssid == ssid &&
-		    wpa_s->wpa_state == WPA_COMPLETED)
-			wpa_supplicant_reset_bgscan(wpa_s);
-		return 0;
-	}
-#endif /* CONFIG_BGSCAN */
-
-	if (os_strcmp(name, "bssid") != 0 &&
-	    os_strcmp(name, "bssid_hint") != 0 &&
-	    os_strcmp(name, "priority") != 0) {
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-
-		if (wpa_s->current_ssid == ssid ||
-		    wpa_s->current_ssid == NULL) {
-			/*
-			 * Invalidate the EAP session cache if anything in the
-			 * current or previously used configuration changes.
-			 */
-			eapol_sm_invalidate_cached_session(wpa_s->eapol);
-		}
-	}
-
-	if ((os_strcmp(name, "psk") == 0 &&
-	     value[0] == '"' && ssid->ssid_len) ||
-	    (os_strcmp(name, "ssid") == 0 && ssid->passphrase))
-		wpa_config_update_psk(ssid);
-	else if (os_strcmp(name, "priority") == 0)
-		wpa_config_update_prio_list(wpa_s->conf);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_set_network(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int id, ret, prev_bssid_set, prev_disabled;
-	struct wpa_ssid *ssid;
-	char *name, *value;
-	u8 prev_bssid[ETH_ALEN];
-
-	/* cmd: "<network id> <variable name> <value>" */
-	name = os_strchr(cmd, ' ');
-	if (name == NULL)
-		return -1;
-	*name++ = '\0';
-
-	value = os_strchr(name, ' ');
-	if (value == NULL)
-		return -1;
-	*value++ = '\0';
-
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: SET_NETWORK id=%d name='%s'",
-		   id, name);
-	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
-			      (u8 *) value, os_strlen(value));
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
-			   "id=%d", id);
-		return -1;
-	}
-
-	prev_bssid_set = ssid->bssid_set;
-	prev_disabled = ssid->disabled;
-	os_memcpy(prev_bssid, ssid->bssid, ETH_ALEN);
-	ret = wpa_supplicant_ctrl_iface_update_network(wpa_s, ssid, name,
-						       value);
-	if (ret == 0 &&
-	    (ssid->bssid_set != prev_bssid_set ||
-	     os_memcmp(ssid->bssid, prev_bssid, ETH_ALEN) != 0))
-		wpas_notify_network_bssid_set_changed(wpa_s, ssid);
-
-	if (prev_disabled != ssid->disabled &&
-	    (prev_disabled == 2 || ssid->disabled == 2))
-		wpas_notify_network_type_changed(wpa_s, ssid);
-
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_get_network(
-	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
-{
-	int id;
-	size_t res;
-	struct wpa_ssid *ssid;
-	char *name, *value;
-
-	/* cmd: "<network id> <variable name>" */
-	name = os_strchr(cmd, ' ');
-	if (name == NULL || buflen == 0)
-		return -1;
-	*name++ = '\0';
-
-	id = atoi(cmd);
-	wpa_printf(MSG_EXCESSIVE, "CTRL_IFACE: GET_NETWORK id=%d name='%s'",
-		   id, name);
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		wpa_printf(MSG_EXCESSIVE, "CTRL_IFACE: Could not find network "
-			   "id=%d", id);
-		return -1;
-	}
-
-	value = wpa_config_get_no_key(ssid, name);
-	if (value == NULL) {
-		wpa_printf(MSG_EXCESSIVE, "CTRL_IFACE: Failed to get network "
-			   "variable '%s'", name);
-		return -1;
-	}
-
-	res = os_strlcpy(buf, value, buflen);
-	if (res >= buflen) {
-		os_free(value);
-		return -1;
-	}
-
-	os_free(value);
-
-	return res;
-}
-
-
-static int wpa_supplicant_ctrl_iface_dup_network(
-	struct wpa_supplicant *wpa_s, char *cmd,
-	struct wpa_supplicant *dst_wpa_s)
-{
-	struct wpa_ssid *ssid_s, *ssid_d;
-	char *name, *id, *value;
-	int id_s, id_d, ret;
-
-	/* cmd: "<src network id> <dst network id> <variable name>" */
-	id = os_strchr(cmd, ' ');
-	if (id == NULL)
-		return -1;
-	*id++ = '\0';
-
-	name = os_strchr(id, ' ');
-	if (name == NULL)
-		return -1;
-	*name++ = '\0';
-
-	id_s = atoi(cmd);
-	id_d = atoi(id);
-
-	wpa_printf(MSG_DEBUG,
-		   "CTRL_IFACE: DUP_NETWORK ifname=%s->%s id=%d->%d name='%s'",
-		   wpa_s->ifname, dst_wpa_s->ifname, id_s, id_d, name);
-
-	ssid_s = wpa_config_get_network(wpa_s->conf, id_s);
-	if (ssid_s == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
-			   "network id=%d", id_s);
-		return -1;
-	}
-
-	ssid_d = wpa_config_get_network(dst_wpa_s->conf, id_d);
-	if (ssid_d == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
-			   "network id=%d", id_d);
-		return -1;
-	}
-
-	value = wpa_config_get(ssid_s, name);
-	if (value == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to get network "
-			   "variable '%s'", name);
-		return -1;
-	}
-
-	ret = wpa_supplicant_ctrl_iface_update_network(dst_wpa_s, ssid_d, name,
-						       value);
-
-	os_free(value);
-
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_list_creds(struct wpa_supplicant *wpa_s,
-						char *buf, size_t buflen)
-{
-	char *pos, *end;
-	struct wpa_cred *cred;
-	int ret;
-
-	pos = buf;
-	end = buf + buflen;
-	ret = os_snprintf(pos, end - pos,
-			  "cred id / realm / username / domain / imsi\n");
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-	cred = wpa_s->conf->cred;
-	while (cred) {
-		ret = os_snprintf(pos, end - pos, "%d\t%s\t%s\t%s\t%s\n",
-				  cred->id, cred->realm ? cred->realm : "",
-				  cred->username ? cred->username : "",
-				  cred->domain ? cred->domain[0] : "",
-				  cred->imsi ? cred->imsi : "");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-
-		cred = cred->next;
-	}
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_ctrl_iface_add_cred(struct wpa_supplicant *wpa_s,
-					      char *buf, size_t buflen)
-{
-	struct wpa_cred *cred;
-	int ret;
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: ADD_CRED");
-
-	cred = wpa_config_add_cred(wpa_s->conf);
-	if (cred == NULL)
-		return -1;
-
-	wpa_msg(wpa_s, MSG_INFO, CRED_ADDED "%d", cred->id);
-
-	ret = os_snprintf(buf, buflen, "%d\n", cred->id);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s,
-						 char *cmd)
-{
-	int id;
-	struct wpa_cred *cred, *prev;
-
-	/* cmd: "<cred id>", "all", "sp_fqdn=<FQDN>", or
-	 * "provisioning_sp=<FQDN> */
-	if (os_strcmp(cmd, "all") == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED all");
-		return wpas_remove_all_creds(wpa_s);
-	}
-
-	if (os_strncmp(cmd, "sp_fqdn=", 8) == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED SP FQDN '%s'",
-			   cmd + 8);
-		cred = wpa_s->conf->cred;
-		while (cred) {
-			prev = cred;
-			cred = cred->next;
-			if (prev->domain) {
-				size_t i;
-				for (i = 0; i < prev->num_domain; i++) {
-					if (os_strcmp(prev->domain[i], cmd + 8)
-					    != 0)
-						continue;
-					wpas_remove_cred(wpa_s, prev);
-					break;
-				}
-			}
-		}
-		return 0;
-	}
-
-	if (os_strncmp(cmd, "provisioning_sp=", 16) == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED provisioning SP FQDN '%s'",
-			   cmd + 16);
-		cred = wpa_s->conf->cred;
-		while (cred) {
-			prev = cred;
-			cred = cred->next;
-			if (prev->provisioning_sp &&
-			    os_strcmp(prev->provisioning_sp, cmd + 16) == 0)
-				wpas_remove_cred(wpa_s, prev);
-		}
-		return 0;
-	}
-
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED id=%d", id);
-
-	cred = wpa_config_get_cred(wpa_s->conf, id);
-	return wpas_remove_cred(wpa_s, cred);
-}
-
-
-static int wpa_supplicant_ctrl_iface_set_cred(struct wpa_supplicant *wpa_s,
-					      char *cmd)
-{
-	int id;
-	struct wpa_cred *cred;
-	char *name, *value;
-
-	/* cmd: "<cred id> <variable name> <value>" */
-	name = os_strchr(cmd, ' ');
-	if (name == NULL)
-		return -1;
-	*name++ = '\0';
-
-	value = os_strchr(name, ' ');
-	if (value == NULL)
-		return -1;
-	*value++ = '\0';
-
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: SET_CRED id=%d name='%s'",
-		   id, name);
-	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
-			      (u8 *) value, os_strlen(value));
-
-	cred = wpa_config_get_cred(wpa_s->conf, id);
-	if (cred == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred id=%d",
-			   id);
-		return -1;
-	}
-
-	if (wpa_config_set_cred(cred, name, value, 0) < 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to set cred "
-			   "variable '%s'", name);
-		return -1;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, CRED_MODIFIED "%d %s", cred->id, name);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_get_cred(struct wpa_supplicant *wpa_s,
-					      char *cmd, char *buf,
-					      size_t buflen)
-{
-	int id;
-	size_t res;
-	struct wpa_cred *cred;
-	char *name, *value;
-
-	/* cmd: "<cred id> <variable name>" */
-	name = os_strchr(cmd, ' ');
-	if (name == NULL)
-		return -1;
-	*name++ = '\0';
-
-	id = atoi(cmd);
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CRED id=%d name='%s'",
-		   id, name);
-
-	cred = wpa_config_get_cred(wpa_s->conf, id);
-	if (cred == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred id=%d",
-			   id);
-		return -1;
-	}
-
-	value = wpa_config_get_cred_no_key(cred, name);
-	if (value == NULL) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to get cred variable '%s'",
-			   name);
-		return -1;
-	}
-
-	res = os_strlcpy(buf, value, buflen);
-	if (res >= buflen) {
-		os_free(value);
-		return -1;
-	}
-
-	os_free(value);
-
-	return res;
-}
-
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-static int wpa_supplicant_ctrl_iface_save_config(struct wpa_supplicant *wpa_s)
-{
-	int ret;
-
-	if (!wpa_s->conf->update_config) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Not allowed "
-			   "to update configuration (update_config=0)");
-		return -1;
-	}
-
-	ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Failed to "
-			   "update configuration");
-	} else {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Configuration"
-			   " updated");
-	}
-
-	return ret;
-}
-#endif /* CONFIG_NO_CONFIG_WRITE */
-
-
-struct cipher_info {
-	unsigned int capa;
-	const char *name;
-	int group_only;
-};
-
-static const struct cipher_info ciphers[] = {
-	{ WPA_DRIVER_CAPA_ENC_CCMP_256, "CCMP-256", 0 },
-	{ WPA_DRIVER_CAPA_ENC_GCMP_256, "GCMP-256", 0 },
-	{ WPA_DRIVER_CAPA_ENC_CCMP, "CCMP", 0 },
-	{ WPA_DRIVER_CAPA_ENC_GCMP, "GCMP", 0 },
-#ifndef CONFIG_NO_TKIP
-	{ WPA_DRIVER_CAPA_ENC_TKIP, "TKIP", 0 },
-#endif /* CONFIG_NO_TKIP */
-	{ WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE, "NONE", 0 },
-#ifdef CONFIG_WEP
-	{ WPA_DRIVER_CAPA_ENC_WEP104, "WEP104", 1 },
-	{ WPA_DRIVER_CAPA_ENC_WEP40, "WEP40", 1 }
-#endif /* CONFIG_WEP */
-};
-
-static const struct cipher_info ciphers_group_mgmt[] = {
-	{ WPA_DRIVER_CAPA_ENC_BIP, "AES-128-CMAC", 1 },
-	{ WPA_DRIVER_CAPA_ENC_BIP_GMAC_128, "BIP-GMAC-128", 1 },
-	{ WPA_DRIVER_CAPA_ENC_BIP_GMAC_256, "BIP-GMAC-256", 1 },
-	{ WPA_DRIVER_CAPA_ENC_BIP_CMAC_256, "BIP-CMAC-256", 1 },
-};
-
-
-static int ctrl_iface_get_capability_pairwise(int res, bool strict,
-					      struct wpa_driver_capa *capa,
-					      char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *end;
-	size_t len;
-	unsigned int i;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0) {
-		if (strict)
-			return 0;
-#ifdef CONFIG_NO_TKIP
-		len = os_strlcpy(buf, "CCMP NONE", buflen);
-#else /* CONFIG_NO_TKIP */
-		len = os_strlcpy(buf, "CCMP TKIP NONE", buflen);
-#endif /* CONFIG_NO_TKIP */
-		if (len >= buflen)
-			return -1;
-		return len;
-	}
-
-	for (i = 0; i < ARRAY_SIZE(ciphers); i++) {
-		if (!ciphers[i].group_only && capa->enc & ciphers[i].capa) {
-			ret = os_snprintf(pos, end - pos, "%s%s",
-					  pos == buf ? "" : " ",
-					  ciphers[i].name);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-	}
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_group(int res, bool strict,
-					   struct wpa_driver_capa *capa,
-					   char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *end;
-	size_t len;
-	unsigned int i;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0) {
-		if (strict)
-			return 0;
-#ifdef CONFIG_WEP
-#ifdef CONFIG_NO_TKIP
-		len = os_strlcpy(buf, "CCMP WEP104 WEP40", buflen);
-#else /* CONFIG_NO_TKIP */
-		len = os_strlcpy(buf, "CCMP TKIP WEP104 WEP40", buflen);
-#endif /* CONFIG_NO_TKIP */
-#else /* CONFIG_WEP */
-#ifdef CONFIG_NO_TKIP
-		len = os_strlcpy(buf, "CCMP", buflen);
-#else /* CONFIG_NO_TKIP */
-		len = os_strlcpy(buf, "CCMP TKIP", buflen);
-#endif /* CONFIG_NO_TKIP */
-#endif /* CONFIG_WEP */
-		if (len >= buflen)
-			return -1;
-		return len;
-	}
-
-	for (i = 0; i < ARRAY_SIZE(ciphers); i++) {
-		if (capa->enc & ciphers[i].capa) {
-			ret = os_snprintf(pos, end - pos, "%s%s",
-					  pos == buf ? "" : " ",
-					  ciphers[i].name);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-	}
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_group_mgmt(int res, bool strict,
-						struct wpa_driver_capa *capa,
-						char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *end;
-	unsigned int i;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0)
-		return 0;
-
-	for (i = 0; i < ARRAY_SIZE(ciphers_group_mgmt); i++) {
-		if (capa->enc & ciphers_group_mgmt[i].capa) {
-			ret = os_snprintf(pos, end - pos, "%s%s",
-					  pos == buf ? "" : " ",
-					  ciphers_group_mgmt[i].name);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-	}
-
-	return pos - buf;
-}
-
-
-static int iftype_str_to_index(const char *iftype_str)
-{
-	if (!iftype_str)
-		return WPA_IF_MAX;
-
-	if (os_strcmp(iftype_str, "STATION") == 0)
-		return WPA_IF_STATION;
-
-	if (os_strcmp(iftype_str, "AP_VLAN") == 0)
-		return WPA_IF_AP_VLAN;
-
-	if (os_strcmp(iftype_str, "AP") == 0)
-		return WPA_IF_AP_BSS;
-
-	if (os_strcmp(iftype_str, "P2P_GO") == 0)
-		return WPA_IF_P2P_GO;
-
-	if (os_strcmp(iftype_str, "P2P_CLIENT") == 0)
-		return WPA_IF_P2P_CLIENT;
-
-	if (os_strcmp(iftype_str, "P2P_DEVICE") == 0)
-		return WPA_IF_P2P_DEVICE;
-
-	if (os_strcmp(iftype_str, "MESH") == 0)
-		return WPA_IF_MESH;
-
-	if (os_strcmp(iftype_str, "IBSS") == 0)
-		return WPA_IF_IBSS;
-
-	if (os_strcmp(iftype_str, "NAN") == 0)
-		return WPA_IF_NAN;
-
-	return WPA_IF_MAX;
-}
-
-
-static int ctrl_iface_get_capability_key_mgmt(int res, bool strict,
-					      struct wpa_driver_capa *capa,
-					      const char *iftype_str,
-					      char *buf, size_t buflen)
-{
-	int ret;
-	unsigned int key_mgmt;
-	char *pos, *end;
-	size_t len;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0) {
-		if (strict)
-			return 0;
-		len = os_strlcpy(buf, "WPA-PSK WPA-EAP IEEE8021X WPA-NONE "
-				 "NONE", buflen);
-		if (len >= buflen)
-			return -1;
-		return len;
-	}
-
-	if (iftype_str) {
-		enum wpa_driver_if_type iftype;
-
-		iftype = iftype_str_to_index(iftype_str);
-		if (iftype == WPA_IF_MAX)
-			return -1;
-		key_mgmt = capa->key_mgmt_iftype[iftype];
-	} else {
-		key_mgmt = capa->key_mgmt;
-	}
-
-	ret = os_snprintf(pos, end - pos, "NONE IEEE8021X");
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-	if (key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
-			WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
-		ret = os_snprintf(pos, end - pos, " WPA-EAP");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
-			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
-		ret = os_snprintf(pos, end - pos, " WPA-PSK");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) {
-		ret = os_snprintf(pos, end - pos, " WPA-NONE");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WAPI_PSK) {
-		ret = os_snprintf(pos, end - pos, " WAPI-PSK");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_TPK_HANDSHAKE) {
-		ret = os_snprintf(pos, end - pos, " TPK-HANDSHAKE");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_CCKM) {
-		ret = os_snprintf(pos, end - pos, " CCKM");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-#ifdef CONFIG_SUITEB
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B) {
-		ret = os_snprintf(pos, end - pos, " WPA-EAP-SUITE-B");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SUITEB */
-#ifdef CONFIG_SUITEB192
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192) {
-		ret = os_snprintf(pos, end - pos, " WPA-EAP-SUITE-B-192");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SUITEB192 */
-#ifdef CONFIG_OWE
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OWE) {
-		ret = os_snprintf(pos, end - pos, " OWE");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_OWE */
-#ifdef CONFIG_DPP
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_DPP) {
-		ret = os_snprintf(pos, end - pos, " DPP");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_DPP */
-#ifdef CONFIG_FILS
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, " FILS-SHA256");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, " FILS-SHA384");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#ifdef CONFIG_IEEE80211R
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, " FT-FILS-SHA256");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, " FT-FILS-SHA384");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_IEEE80211R */
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_IEEE80211R
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK) {
-		ret = os_snprintf(pos, end - pos, " FT-PSK");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT) {
-		ret = os_snprintf(pos, end - pos, " FT-EAP");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#ifdef CONFIG_SAE
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_SAE) {
-		ret = os_snprintf(pos, end - pos, " FT-SAE");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_SHA384
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_802_1X_SHA384) {
-		ret = os_snprintf(pos, end - pos, " FT-EAP-SHA384");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SHA384 */
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_SAE
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) {
-		ret = os_snprintf(pos, end - pos, " SAE");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_SHA256
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_802_1X_SHA256) {
-		ret = os_snprintf(pos, end - pos, " WPA-EAP-SHA256");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_PSK_SHA256) {
-		ret = os_snprintf(pos, end - pos, " WPA-PSK-SHA256");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SHA256 */
-#ifdef CONFIG_HS20
-	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OSEN) {
-		ret = os_snprintf(pos, end - pos, " OSEN");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_HS20 */
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_proto(int res, bool strict,
-					   struct wpa_driver_capa *capa,
-					   char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *end;
-	size_t len;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0) {
-		if (strict)
-			return 0;
-		len = os_strlcpy(buf, "RSN WPA", buflen);
-		if (len >= buflen)
-			return -1;
-		return len;
-	}
-
-	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
-			      WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
-		ret = os_snprintf(pos, end - pos, "%sRSN",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
-			      WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK)) {
-		ret = os_snprintf(pos, end - pos, "%sWPA",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_auth_alg(struct wpa_supplicant *wpa_s,
-					      int res, bool strict,
-					      struct wpa_driver_capa *capa,
-					      char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *end;
-	size_t len;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0) {
-		if (strict)
-			return 0;
-		len = os_strlcpy(buf, "OPEN SHARED LEAP", buflen);
-		if (len >= buflen)
-			return -1;
-		return len;
-	}
-
-	if (capa->auth & (WPA_DRIVER_AUTH_OPEN)) {
-		ret = os_snprintf(pos, end - pos, "%sOPEN",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (capa->auth & (WPA_DRIVER_AUTH_SHARED)) {
-		ret = os_snprintf(pos, end - pos, "%sSHARED",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (capa->auth & (WPA_DRIVER_AUTH_LEAP)) {
-		ret = os_snprintf(pos, end - pos, "%sLEAP",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-#ifdef CONFIG_SAE
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) {
-		ret = os_snprintf(pos, end - pos, "%sSAE",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_FILS
-	if (wpa_is_fils_supported(wpa_s)) {
-		ret = os_snprintf(pos, end - pos, "%sFILS_SK_WITHOUT_PFS",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-#ifdef CONFIG_FILS_SK_PFS
-	if (wpa_is_fils_sk_pfs_supported(wpa_s)) {
-		ret = os_snprintf(pos, end - pos, "%sFILS_SK_WITH_PFS",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_FILS_SK_PFS */
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_PASN
-	ret = os_snprintf(pos, end - pos, "%sPASN",
-			  pos == buf ? "" : " ");
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-#endif /* CONFIG_PASN */
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_modes(int res, bool strict,
-					   struct wpa_driver_capa *capa,
-					   char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *end;
-	size_t len;
-
-	pos = buf;
-	end = pos + buflen;
-
-	if (res < 0) {
-		if (strict)
-			return 0;
-		len = os_strlcpy(buf, "IBSS AP", buflen);
-		if (len >= buflen)
-			return -1;
-		return len;
-	}
-
-	if (capa->flags & WPA_DRIVER_FLAGS_IBSS) {
-		ret = os_snprintf(pos, end - pos, "%sIBSS",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	if (capa->flags & WPA_DRIVER_FLAGS_AP) {
-		ret = os_snprintf(pos, end - pos, "%sAP",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-#ifdef CONFIG_MESH
-	if (capa->flags & WPA_DRIVER_FLAGS_MESH) {
-		ret = os_snprintf(pos, end - pos, "%sMESH",
-				  pos == buf ? "" : " ");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_MESH */
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_channels(struct wpa_supplicant *wpa_s,
-					      char *buf, size_t buflen)
-{
-	struct hostapd_channel_data *chnl;
-	int ret, i, j;
-	char *pos, *end, *hmode;
-
-	pos = buf;
-	end = pos + buflen;
-
-	for (j = 0; j < wpa_s->hw.num_modes; j++) {
-		switch (wpa_s->hw.modes[j].mode) {
-		case HOSTAPD_MODE_IEEE80211B:
-			hmode = "B";
-			break;
-		case HOSTAPD_MODE_IEEE80211G:
-			hmode = "G";
-			break;
-		case HOSTAPD_MODE_IEEE80211A:
-			hmode = "A";
-			break;
-		case HOSTAPD_MODE_IEEE80211AD:
-			hmode = "AD";
-			break;
-		default:
-			continue;
-		}
-		ret = os_snprintf(pos, end - pos, "Mode[%s] Channels:", hmode);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-		chnl = wpa_s->hw.modes[j].channels;
-		for (i = 0; i < wpa_s->hw.modes[j].num_channels; i++) {
-			if (chnl[i].flag & HOSTAPD_CHAN_DISABLED)
-				continue;
-			ret = os_snprintf(pos, end - pos, " %d", chnl[i].chan);
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static int ctrl_iface_get_capability_freq(struct wpa_supplicant *wpa_s,
-					  char *buf, size_t buflen)
-{
-	struct hostapd_channel_data *chnl;
-	int ret, i, j;
-	char *pos, *end, *hmode;
-
-	pos = buf;
-	end = pos + buflen;
-
-	for (j = 0; j < wpa_s->hw.num_modes; j++) {
-		switch (wpa_s->hw.modes[j].mode) {
-		case HOSTAPD_MODE_IEEE80211B:
-			hmode = "B";
-			break;
-		case HOSTAPD_MODE_IEEE80211G:
-			hmode = "G";
-			break;
-		case HOSTAPD_MODE_IEEE80211A:
-			hmode = "A";
-			break;
-		case HOSTAPD_MODE_IEEE80211AD:
-			hmode = "AD";
-			break;
-		default:
-			continue;
-		}
-		ret = os_snprintf(pos, end - pos, "Mode[%s] Channels:\n",
-				  hmode);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-		chnl = wpa_s->hw.modes[j].channels;
-		for (i = 0; i < wpa_s->hw.modes[j].num_channels; i++) {
-			if (chnl[i].flag & HOSTAPD_CHAN_DISABLED)
-				continue;
-			ret = os_snprintf(pos, end - pos, " %d = %d MHz%s%s\n",
-					  chnl[i].chan, chnl[i].freq,
-					  chnl[i].flag & HOSTAPD_CHAN_NO_IR ?
-					  " (NO_IR)" : "",
-					  chnl[i].flag & HOSTAPD_CHAN_RADAR ?
-					  " (DFS)" : "");
-
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_ctrl_iface_get_capability(
-	struct wpa_supplicant *wpa_s, const char *_field, char *buf,
-	size_t buflen)
-{
-	struct wpa_driver_capa capa;
-	int res;
-	char *next_param, *curr_param, *iftype = NULL;
-	bool strict = false;
-	char field[50];
-	size_t len;
-
-	/* Determine whether or not strict checking was requested */
-	len = os_strlcpy(field, _field, sizeof(field));
-	if (len >= sizeof(field))
-		return -1;
-
-	next_param = os_strchr(field, ' ');
-	while (next_param) {
-		*next_param++ = '\0';
-		curr_param = next_param;
-		next_param = os_strchr(next_param, ' ');
-
-		if (next_param)
-			*next_param = '\0';
-
-		if (os_strcmp(curr_param, "strict") == 0)
-			strict = true;
-		else if (os_strncmp(curr_param, "iftype=", 7) == 0)
-			iftype = curr_param + 7;
-		else
-			return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CAPABILITY '%s'%s%s%s",
-		   field, iftype ? " iftype=" : "", iftype ? iftype : "",
-		   strict ? " strict" : "");
-
-	if (os_strcmp(field, "eap") == 0) {
-		return eap_get_names(buf, buflen);
-	}
-
-	res = wpa_drv_get_capa(wpa_s, &capa);
-
-	if (os_strcmp(field, "pairwise") == 0)
-		return ctrl_iface_get_capability_pairwise(res, strict, &capa,
-							  buf, buflen);
-
-	if (os_strcmp(field, "group") == 0)
-		return ctrl_iface_get_capability_group(res, strict, &capa,
-						       buf, buflen);
-
-	if (os_strcmp(field, "group_mgmt") == 0)
-		return ctrl_iface_get_capability_group_mgmt(res, strict, &capa,
-							    buf, buflen);
-
-	if (os_strcmp(field, "key_mgmt") == 0)
-		return ctrl_iface_get_capability_key_mgmt(res, strict, &capa,
-							  iftype, buf, buflen);
-
-	if (os_strcmp(field, "proto") == 0)
-		return ctrl_iface_get_capability_proto(res, strict, &capa,
-						       buf, buflen);
-
-	if (os_strcmp(field, "auth_alg") == 0)
-		return ctrl_iface_get_capability_auth_alg(wpa_s, res, strict,
-							  &capa, buf, buflen);
-
-	if (os_strcmp(field, "modes") == 0)
-		return ctrl_iface_get_capability_modes(res, strict, &capa,
-						       buf, buflen);
-
-	if (os_strcmp(field, "channels") == 0)
-		return ctrl_iface_get_capability_channels(wpa_s, buf, buflen);
-
-	if (os_strcmp(field, "freq") == 0)
-		return ctrl_iface_get_capability_freq(wpa_s, buf, buflen);
-
-#ifdef CONFIG_TDLS
-	if (os_strcmp(field, "tdls") == 0)
-		return ctrl_iface_get_capability_tdls(wpa_s, buf, buflen);
-#endif /* CONFIG_TDLS */
-
-#ifdef CONFIG_ERP
-	if (os_strcmp(field, "erp") == 0) {
-		res = os_snprintf(buf, buflen, "ERP");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_EPR */
-
-#ifdef CONFIG_FIPS
-	if (os_strcmp(field, "fips") == 0) {
-		res = os_snprintf(buf, buflen, "FIPS");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_FIPS */
-
-#ifdef CONFIG_ACS
-	if (os_strcmp(field, "acs") == 0) {
-		res = os_snprintf(buf, buflen, "ACS");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_ACS */
-
-#ifdef CONFIG_FILS
-	if (os_strcmp(field, "fils") == 0) {
-#ifdef CONFIG_FILS_SK_PFS
-		if (wpa_is_fils_supported(wpa_s) &&
-		    wpa_is_fils_sk_pfs_supported(wpa_s)) {
-			res = os_snprintf(buf, buflen, "FILS FILS-SK-PFS");
-			if (os_snprintf_error(buflen, res))
-				return -1;
-			return res;
-		}
-#endif /* CONFIG_FILS_SK_PFS */
-
-		if (wpa_is_fils_supported(wpa_s)) {
-			res = os_snprintf(buf, buflen, "FILS");
-			if (os_snprintf_error(buflen, res))
-				return -1;
-			return res;
-		}
-	}
-#endif /* CONFIG_FILS */
-
-	if (os_strcmp(field, "multibss") == 0 && wpa_s->multi_bss_support) {
-		res = os_snprintf(buf, buflen, "MULTIBSS-STA");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-
-#ifdef CONFIG_DPP
-	if (os_strcmp(field, "dpp") == 0) {
-#ifdef CONFIG_DPP3
-		res = os_snprintf(buf, buflen, "DPP=3");
-#elif defined(CONFIG_DPP2)
-		res = os_snprintf(buf, buflen, "DPP=2");
-#else /* CONFIG_DPP2 */
-		res = os_snprintf(buf, buflen, "DPP=1");
-#endif /* CONFIG_DPP2 */
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_SAE
-	if (os_strcmp(field, "sae") == 0 &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
-#ifdef CONFIG_SAE_PK
-		res = os_snprintf(buf, buflen, "H2E PK");
-#else /* CONFIG_SAE_PK */
-		res = os_snprintf(buf, buflen, "H2E");
-#endif /* CONFIG_SAE_PK */
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_OCV
-	if (os_strcmp(field, "ocv") == 0) {
-		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
-		    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
-			res = os_snprintf(buf, buflen, "supported");
-		else
-			res = os_snprintf(buf, buflen, "not supported");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_OCV */
-
-	if (os_strcmp(field, "beacon_prot") == 0) {
-		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) ||
-		    (wpa_s->drv_flags2 &
-		     WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT))
-			res = os_snprintf(buf, buflen, "supported");
-		else
-			res = os_snprintf(buf, buflen, "not supported");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
-		   field);
-
-	return -1;
-}
-
-
-#ifdef CONFIG_INTERWORKING
-static char * anqp_add_hex(char *pos, char *end, const char *title,
-			   struct wpabuf *data)
-{
-	char *start = pos;
-	size_t i;
-	int ret;
-	const u8 *d;
-
-	if (data == NULL)
-		return start;
-
-	ret = os_snprintf(pos, end - pos, "%s=", title);
-	if (os_snprintf_error(end - pos, ret))
-		return start;
-	pos += ret;
-
-	d = wpabuf_head_u8(data);
-	for (i = 0; i < wpabuf_len(data); i++) {
-		ret = os_snprintf(pos, end - pos, "%02x", *d++);
-		if (os_snprintf_error(end - pos, ret))
-			return start;
-		pos += ret;
-	}
-
-	ret = os_snprintf(pos, end - pos, "\n");
-	if (os_snprintf_error(end - pos, ret))
-		return start;
-	pos += ret;
-
-	return pos;
-}
-#endif /* CONFIG_INTERWORKING */
-
-
-#ifdef CONFIG_FILS
-static int print_fils_indication(struct wpa_bss *bss, char *pos, char *end)
-{
-	char *start = pos;
-	const u8 *ie, *ie_end;
-	u16 info, realms;
-	int ret;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
-	if (!ie)
-		return 0;
-	ie_end = ie + 2 + ie[1];
-	ie += 2;
-	if (ie_end - ie < 2)
-		return -1;
-
-	info = WPA_GET_LE16(ie);
-	ie += 2;
-	ret = os_snprintf(pos, end - pos, "fils_info=%04x\n", info);
-	if (os_snprintf_error(end - pos, ret))
-		return 0;
-	pos += ret;
-
-	if (info & BIT(7)) {
-		/* Cache Identifier Included */
-		if (ie_end - ie < 2)
-			return -1;
-		ret = os_snprintf(pos, end - pos, "fils_cache_id=%02x%02x\n",
-				  ie[0], ie[1]);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-		ie += 2;
-	}
-
-	if (info & BIT(8)) {
-		/* HESSID Included */
-		if (ie_end - ie < ETH_ALEN)
-			return -1;
-		ret = os_snprintf(pos, end - pos, "fils_hessid=" MACSTR "\n",
-				  MAC2STR(ie));
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-		ie += ETH_ALEN;
-	}
-
-	realms = (info & (BIT(3) | BIT(4) | BIT(5))) >> 3;
-	if (realms) {
-		if (ie_end - ie < realms * 2)
-			return -1;
-		ret = os_snprintf(pos, end - pos, "fils_realms=");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-
-		ret = wpa_snprintf_hex(pos, end - pos, ie, realms * 2);
-		if (ret <= 0)
-			return 0;
-		pos += ret;
-		ie += realms * 2;
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	return pos - start;
-}
-#endif /* CONFIG_FILS */
-
-
-static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			  unsigned long mask, char *buf, size_t buflen)
-{
-	size_t i;
-	int ret;
-	char *pos, *end;
-	const u8 *ie, *ie2, *osen_ie, *mesh, *owe, *rsnxe;
-
-	pos = buf;
-	end = buf + buflen;
-
-	if (mask & WPA_BSS_MASK_ID) {
-		ret = os_snprintf(pos, end - pos, "id=%u\n", bss->id);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_BSSID) {
-		ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n",
-				  MAC2STR(bss->bssid));
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_FREQ) {
-		ret = os_snprintf(pos, end - pos, "freq=%d\n", bss->freq);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_BEACON_INT) {
-		ret = os_snprintf(pos, end - pos, "beacon_int=%d\n",
-				  bss->beacon_int);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_CAPABILITIES) {
-		ret = os_snprintf(pos, end - pos, "capabilities=0x%04x\n",
-				  bss->caps);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_QUAL) {
-		ret = os_snprintf(pos, end - pos, "qual=%d\n", bss->qual);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_NOISE) {
-		ret = os_snprintf(pos, end - pos, "noise=%d\n", bss->noise);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_LEVEL) {
-		ret = os_snprintf(pos, end - pos, "level=%d\n", bss->level);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_TSF) {
-		ret = os_snprintf(pos, end - pos, "tsf=%016llu\n",
-				  (unsigned long long) bss->tsf);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_AGE) {
-		struct os_reltime now;
-
-		os_get_reltime(&now);
-		ret = os_snprintf(pos, end - pos, "age=%d\n",
-				  (int) (now.sec - bss->last_update.sec));
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_IE) {
-		ret = os_snprintf(pos, end - pos, "ie=");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-
-		ie = wpa_bss_ie_ptr(bss);
-		for (i = 0; i < bss->ie_len; i++) {
-			ret = os_snprintf(pos, end - pos, "%02x", *ie++);
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_FLAGS) {
-		ret = os_snprintf(pos, end - pos, "flags=");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-
-		mesh = wpa_bss_get_ie(bss, WLAN_EID_MESH_ID);
-
-		ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-		if (ie)
-			pos = wpa_supplicant_ie_txt(pos, end, "WPA", ie,
-						    2 + ie[1]);
-		ie2 = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		if (ie2)
-			pos = wpa_supplicant_ie_txt(pos, end,
-						    mesh ? "RSN" : "WPA2", ie2,
-						    2 + ie2[1]);
-		rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-		if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_H2E)) {
-			ret = os_snprintf(pos, end - pos, "[SAE-H2E]");
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-		if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_PK)) {
-			ret = os_snprintf(pos, end - pos, "[SAE-PK]");
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-		osen_ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-		if (osen_ie)
-			pos = wpa_supplicant_ie_txt(pos, end, "OSEN",
-						    osen_ie, 2 + osen_ie[1]);
-		owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
-		if (owe) {
-			ret = os_snprintf(
-				pos, end - pos,
-				ie2 ? "[OWE-TRANS]" : "[OWE-TRANS-OPEN]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-		pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
-		if (!ie && !ie2 && !osen_ie &&
-		    (bss->caps & IEEE80211_CAP_PRIVACY)) {
-			ret = os_snprintf(pos, end - pos, "[WEP]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-
-		if (mesh) {
-			ret = os_snprintf(pos, end - pos, "[MESH]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-
-		if (bss_is_dmg(bss)) {
-			const char *s;
-			ret = os_snprintf(pos, end - pos, "[DMG]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-			switch (bss->caps & IEEE80211_CAP_DMG_MASK) {
-			case IEEE80211_CAP_DMG_IBSS:
-				s = "[IBSS]";
-				break;
-			case IEEE80211_CAP_DMG_AP:
-				s = "[ESS]";
-				break;
-			case IEEE80211_CAP_DMG_PBSS:
-				s = "[PBSS]";
-				break;
-			default:
-				s = "";
-				break;
-			}
-			ret = os_snprintf(pos, end - pos, "%s", s);
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		} else {
-			if (bss->caps & IEEE80211_CAP_IBSS) {
-				ret = os_snprintf(pos, end - pos, "[IBSS]");
-				if (os_snprintf_error(end - pos, ret))
-					return 0;
-				pos += ret;
-			}
-			if (bss->caps & IEEE80211_CAP_ESS) {
-				ret = os_snprintf(pos, end - pos, "[ESS]");
-				if (os_snprintf_error(end - pos, ret))
-					return 0;
-				pos += ret;
-			}
-		}
-		if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) ||
-		    wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) {
-			ret = os_snprintf(pos, end - pos, "[P2P]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-#ifdef CONFIG_HS20
-		if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
-			ret = os_snprintf(pos, end - pos, "[HS20]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_FILS
-		if (wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION)) {
-			ret = os_snprintf(pos, end - pos, "[FILS]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_FST
-		if (wpa_bss_get_ie(bss, WLAN_EID_MULTI_BAND)) {
-			ret = os_snprintf(pos, end - pos, "[FST]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-#endif /* CONFIG_FST */
-		if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_UTF_8_SSID)) {
-			ret = os_snprintf(pos, end - pos, "[UTF-8]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_SSID) {
-		ret = os_snprintf(pos, end - pos, "ssid=%s\n",
-				  wpa_ssid_txt(bss->ssid, bss->ssid_len));
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-#ifdef CONFIG_WPS
-	if (mask & WPA_BSS_MASK_WPS_SCAN) {
-		ie = wpa_bss_ie_ptr(bss);
-		ret = wpas_wps_scan_result_text(ie, bss->ie_len, pos, end);
-		if (ret >= end - pos)
-			return 0;
-		if (ret > 0)
-			pos += ret;
-	}
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_P2P
-	if (mask & WPA_BSS_MASK_P2P_SCAN) {
-		ie = wpa_bss_ie_ptr(bss);
-		ret = wpas_p2p_scan_result_text(ie, bss->ie_len, pos, end);
-		if (ret >= end - pos)
-			return 0;
-		if (ret > 0)
-			pos += ret;
-	}
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_WIFI_DISPLAY
-	if (mask & WPA_BSS_MASK_WIFI_DISPLAY) {
-		struct wpabuf *wfd;
-
-		ie = wpa_bss_ie_ptr(bss);
-		wfd = ieee802_11_vendor_ie_concat(ie, bss->ie_len,
-						  WFD_IE_VENDOR_TYPE);
-		if (wfd) {
-			ret = os_snprintf(pos, end - pos, "wfd_subelems=");
-			if (os_snprintf_error(end - pos, ret)) {
-				wpabuf_free(wfd);
-				return 0;
-			}
-			pos += ret;
-
-			pos += wpa_snprintf_hex(pos, end - pos,
-						wpabuf_head(wfd),
-						wpabuf_len(wfd));
-			wpabuf_free(wfd);
-
-			ret = os_snprintf(pos, end - pos, "\n");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-	}
-#endif /* CONFIG_WIFI_DISPLAY */
-
-#ifdef CONFIG_INTERWORKING
-	if ((mask & WPA_BSS_MASK_INTERNETW) && bss->anqp) {
-		struct wpa_bss_anqp *anqp = bss->anqp;
-		struct wpa_bss_anqp_elem *elem;
-
-		pos = anqp_add_hex(pos, end, "anqp_capability_list",
-				   anqp->capability_list);
-		pos = anqp_add_hex(pos, end, "anqp_venue_name",
-				   anqp->venue_name);
-		pos = anqp_add_hex(pos, end, "anqp_network_auth_type",
-				   anqp->network_auth_type);
-		pos = anqp_add_hex(pos, end, "anqp_roaming_consortium",
-				   anqp->roaming_consortium);
-		pos = anqp_add_hex(pos, end, "anqp_ip_addr_type_availability",
-				   anqp->ip_addr_type_availability);
-		pos = anqp_add_hex(pos, end, "anqp_nai_realm",
-				   anqp->nai_realm);
-		pos = anqp_add_hex(pos, end, "anqp_3gpp", anqp->anqp_3gpp);
-		pos = anqp_add_hex(pos, end, "anqp_domain_name",
-				   anqp->domain_name);
-		pos = anqp_add_hex(pos, end, "anqp_fils_realm_info",
-				   anqp->fils_realm_info);
-#ifdef CONFIG_HS20
-		pos = anqp_add_hex(pos, end, "hs20_capability_list",
-				   anqp->hs20_capability_list);
-		pos = anqp_add_hex(pos, end, "hs20_operator_friendly_name",
-				   anqp->hs20_operator_friendly_name);
-		pos = anqp_add_hex(pos, end, "hs20_wan_metrics",
-				   anqp->hs20_wan_metrics);
-		pos = anqp_add_hex(pos, end, "hs20_connection_capability",
-				   anqp->hs20_connection_capability);
-		pos = anqp_add_hex(pos, end, "hs20_operating_class",
-				   anqp->hs20_operating_class);
-		pos = anqp_add_hex(pos, end, "hs20_osu_providers_list",
-				   anqp->hs20_osu_providers_list);
-		pos = anqp_add_hex(pos, end, "hs20_operator_icon_metadata",
-				   anqp->hs20_operator_icon_metadata);
-		pos = anqp_add_hex(pos, end, "hs20_osu_providers_nai_list",
-				   anqp->hs20_osu_providers_nai_list);
-#endif /* CONFIG_HS20 */
-
-		dl_list_for_each(elem, &anqp->anqp_elems,
-				 struct wpa_bss_anqp_elem, list) {
-			char title[20];
-
-			os_snprintf(title, sizeof(title), "anqp[%u]",
-				    elem->infoid);
-			pos = anqp_add_hex(pos, end, title, elem->payload);
-			if (elem->protected_response) {
-				ret = os_snprintf(pos, end - pos,
-						  "protected-anqp-info[%u]=1\n",
-						  elem->infoid);
-				if (os_snprintf_error(end - pos, ret))
-					return 0;
-				pos += ret;
-			}
-		}
-	}
-#endif /* CONFIG_INTERWORKING */
-
-#ifdef CONFIG_MESH
-	if (mask & WPA_BSS_MASK_MESH_SCAN) {
-		ie = wpa_bss_ie_ptr(bss);
-		ret = wpas_mesh_scan_result_text(ie, bss->ie_len, pos, end);
-		if (ret >= end - pos)
-			return 0;
-		if (ret > 0)
-			pos += ret;
-	}
-#endif /* CONFIG_MESH */
-
-	if (mask & WPA_BSS_MASK_SNR) {
-		ret = os_snprintf(pos, end - pos, "snr=%d\n", bss->snr);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if (mask & WPA_BSS_MASK_EST_THROUGHPUT) {
-		ret = os_snprintf(pos, end - pos, "est_throughput=%d\n",
-				  bss->est_throughput);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-#ifdef CONFIG_FST
-	if (mask & WPA_BSS_MASK_FST) {
-		ret = fst_ctrl_iface_mb_info(bss->bssid, pos, end - pos);
-		if (ret < 0 || ret >= end - pos)
-			return 0;
-		pos += ret;
-	}
-#endif /* CONFIG_FST */
-
-	if (mask & WPA_BSS_MASK_UPDATE_IDX) {
-		ret = os_snprintf(pos, end - pos, "update_idx=%u\n",
-				  bss->last_update_idx);
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	if ((mask & WPA_BSS_MASK_BEACON_IE) && bss->beacon_ie_len) {
-		ret = os_snprintf(pos, end - pos, "beacon_ie=");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-
-		ie = wpa_bss_ie_ptr(bss);
-		ie += bss->ie_len;
-		for (i = 0; i < bss->beacon_ie_len; i++) {
-			ret = os_snprintf(pos, end - pos, "%02x", *ie++);
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-#ifdef CONFIG_FILS
-	if (mask & WPA_BSS_MASK_FILS_INDICATION) {
-		ret = print_fils_indication(bss, pos, end);
-		if (ret < 0)
-			return 0;
-		pos += ret;
-	}
-#endif /* CONFIG_FILS */
-
-	if (mask & WPA_BSS_MASK_DELIM) {
-		ret = os_snprintf(pos, end - pos, "====\n");
-		if (os_snprintf_error(end - pos, ret))
-			return 0;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_ctrl_iface_bss(struct wpa_supplicant *wpa_s,
-					 const char *cmd, char *buf,
-					 size_t buflen)
-{
-	u8 bssid[ETH_ALEN];
-	size_t i;
-	struct wpa_bss *bss;
-	struct wpa_bss *bsslast = NULL;
-	struct dl_list *next;
-	int ret = 0;
-	int len;
-	char *ctmp, *end = buf + buflen;
-	unsigned long mask = WPA_BSS_MASK_ALL;
-
-	if (os_strncmp(cmd, "RANGE=", 6) == 0) {
-		if (os_strncmp(cmd + 6, "ALL", 3) == 0) {
-			bss = dl_list_first(&wpa_s->bss_id, struct wpa_bss,
-					    list_id);
-			bsslast = dl_list_last(&wpa_s->bss_id, struct wpa_bss,
-					       list_id);
-		} else { /* N1-N2 */
-			unsigned int id1, id2;
-
-			if ((ctmp = os_strchr(cmd + 6, '-')) == NULL) {
-				wpa_printf(MSG_INFO, "Wrong BSS range "
-					   "format");
-				return 0;
-			}
-
-			if (*(cmd + 6) == '-')
-				id1 = 0;
-			else
-				id1 = atoi(cmd + 6);
-			ctmp++;
-			if (*ctmp >= '0' && *ctmp <= '9')
-				id2 = atoi(ctmp);
-			else
-				id2 = (unsigned int) -1;
-			bss = wpa_bss_get_id_range(wpa_s, id1, id2);
-			if (id2 == (unsigned int) -1)
-				bsslast = dl_list_last(&wpa_s->bss_id,
-						       struct wpa_bss,
-						       list_id);
-			else {
-				bsslast = wpa_bss_get_id(wpa_s, id2);
-				if (bsslast == NULL && bss && id2 > id1) {
-					struct wpa_bss *tmp = bss;
-					for (;;) {
-						next = tmp->list_id.next;
-						if (next == &wpa_s->bss_id)
-							break;
-						tmp = dl_list_entry(
-							next, struct wpa_bss,
-							list_id);
-						if (tmp->id > id2)
-							break;
-						bsslast = tmp;
-					}
-				}
-			}
-		}
-	} else if (os_strncmp(cmd, "FIRST", 5) == 0)
-		bss = dl_list_first(&wpa_s->bss_id, struct wpa_bss, list_id);
-	else if (os_strncmp(cmd, "LAST", 4) == 0)
-		bss = dl_list_last(&wpa_s->bss_id, struct wpa_bss, list_id);
-	else if (os_strncmp(cmd, "ID-", 3) == 0) {
-		i = atoi(cmd + 3);
-		bss = wpa_bss_get_id(wpa_s, i);
-	} else if (os_strncmp(cmd, "NEXT-", 5) == 0) {
-		i = atoi(cmd + 5);
-		bss = wpa_bss_get_id(wpa_s, i);
-		if (bss) {
-			next = bss->list_id.next;
-			if (next == &wpa_s->bss_id)
-				bss = NULL;
-			else
-				bss = dl_list_entry(next, struct wpa_bss,
-						    list_id);
-		}
-	} else if (os_strncmp(cmd, "CURRENT", 7) == 0) {
-		bss = wpa_s->current_bss;
-#ifdef CONFIG_P2P
-	} else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
-		if (hwaddr_aton(cmd + 13, bssid) == 0)
-			bss = wpa_bss_get_p2p_dev_addr(wpa_s, bssid);
-		else
-			bss = NULL;
-#endif /* CONFIG_P2P */
-	} else if (hwaddr_aton(cmd, bssid) == 0)
-		bss = wpa_bss_get_bssid(wpa_s, bssid);
-	else {
-		struct wpa_bss *tmp;
-		i = atoi(cmd);
-		bss = NULL;
-		dl_list_for_each(tmp, &wpa_s->bss_id, struct wpa_bss, list_id)
-		{
-			if (i == 0) {
-				bss = tmp;
-				break;
-			}
-			i--;
-		}
-	}
-
-	if ((ctmp = os_strstr(cmd, "MASK=")) != NULL) {
-		mask = strtoul(ctmp + 5, NULL, 0x10);
-		if (mask == 0)
-			mask = WPA_BSS_MASK_ALL;
-	}
-
-	if (bss == NULL)
-		return 0;
-
-	if (bsslast == NULL)
-		bsslast = bss;
-	do {
-		len = print_bss_info(wpa_s, bss, mask, buf, buflen);
-		ret += len;
-		buf += len;
-		buflen -= len;
-		if (bss == bsslast) {
-			if ((mask & WPA_BSS_MASK_DELIM) && len &&
-			    (bss == dl_list_last(&wpa_s->bss_id,
-						 struct wpa_bss, list_id))) {
-				int res;
-
-				res = os_snprintf(buf - 5, end - buf + 5,
-						  "####\n");
-				if (os_snprintf_error(end - buf + 5, res)) {
-					wpa_printf(MSG_DEBUG,
-						   "Could not add end delim");
-				}
-			}
-			break;
-		}
-		next = bss->list_id.next;
-		if (next == &wpa_s->bss_id)
-			break;
-		bss = dl_list_entry(next, struct wpa_bss, list_id);
-	} while (bss && len);
-
-	return ret;
-}
-
-
-static int wpa_supplicant_ctrl_iface_ap_scan(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int ap_scan = atoi(cmd);
-	return wpa_supplicant_set_ap_scan(wpa_s, ap_scan);
-}
-
-
-static int wpa_supplicant_ctrl_iface_scan_interval(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int scan_int = atoi(cmd);
-	return wpa_supplicant_set_scan_interval(wpa_s, scan_int);
-}
-
-
-static int wpa_supplicant_ctrl_iface_bss_expire_age(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int expire_age = atoi(cmd);
-	return wpa_supplicant_set_bss_expiration_age(wpa_s, expire_age);
-}
-
-
-static int wpa_supplicant_ctrl_iface_bss_expire_count(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int expire_count = atoi(cmd);
-	return wpa_supplicant_set_bss_expiration_count(wpa_s, expire_count);
-}
-
-
-static void wpa_supplicant_ctrl_iface_bss_flush(
-	struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int flush_age = atoi(cmd);
-
-	if (flush_age == 0)
-		wpa_bss_flush(wpa_s);
-	else
-		wpa_bss_flush_by_age(wpa_s, flush_age);
-}
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-static void wpa_supplicant_ctrl_iface_drop_sa(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "Dropping SA without deauthentication");
-	/* MLME-DELETEKEYS.request */
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL,
-			0, KEY_FLAG_GROUP);
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL,
-			0, KEY_FLAG_GROUP);
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL,
-			0, KEY_FLAG_GROUP);
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL,
-			0, KEY_FLAG_GROUP);
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL,
-			0, KEY_FLAG_GROUP);
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL,
-			0, KEY_FLAG_GROUP);
-
-	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, wpa_s->bssid, 0, 0, NULL, 0, NULL,
-			0, KEY_FLAG_PAIRWISE);
-	if (wpa_sm_ext_key_id(wpa_s->wpa))
-		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, wpa_s->bssid, 1, 0,
-				NULL, 0, NULL, 0, KEY_FLAG_PAIRWISE);
-	/* MLME-SETPROTECTION.request(None) */
-	wpa_drv_mlme_setprotection(wpa_s, wpa_s->bssid,
-				   MLME_SETPROTECTION_PROTECT_TYPE_NONE,
-				   MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
-	wpa_sm_drop_sa(wpa_s->wpa);
-}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-
-static int wpa_supplicant_ctrl_iface_roam(struct wpa_supplicant *wpa_s,
-					  char *addr)
-{
-#ifdef CONFIG_NO_SCAN_PROCESSING
-	return -1;
-#else /* CONFIG_NO_SCAN_PROCESSING */
-	u8 bssid[ETH_ALEN];
-	struct wpa_bss *bss;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct wpa_radio_work *already_connecting;
-
-	if (hwaddr_aton(addr, bssid)) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: invalid "
-			   "address '%s'", addr);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM " MACSTR, MAC2STR(bssid));
-
-	if (!ssid) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: No network "
-			   "configuration known for the target AP");
-		return -1;
-	}
-
-	bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: Target AP not found "
-			   "from BSS table");
-		return -1;
-	}
-
-	/*
-	 * TODO: Find best network configuration block from configuration to
-	 * allow roaming to other networks
-	 */
-
-	already_connecting = radio_work_pending(wpa_s, "sme-connect");
-	wpa_s->reassociate = 1;
-	wpa_supplicant_connect(wpa_s, bss, ssid);
-
-	/*
-	 * Indicate that an explicitly requested roam is in progress so scan
-	 * results that come in before the 'sme-connect' radio work gets
-	 * executed do not override the original connection attempt.
-	 */
-	if (!already_connecting && radio_work_pending(wpa_s, "sme-connect"))
-		wpa_s->roam_in_progress = true;
-
-	return 0;
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-}
-
-
-#ifdef CONFIG_P2P
-static int p2p_ctrl_find(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	unsigned int timeout = atoi(cmd);
-	enum p2p_discovery_type type = P2P_FIND_START_WITH_FULL;
-	u8 dev_id[ETH_ALEN], *_dev_id = NULL;
-	u8 dev_type[WPS_DEV_TYPE_LEN], *_dev_type = NULL;
-	char *pos;
-	unsigned int search_delay;
-	const char *_seek[P2P_MAX_QUERY_HASH + 1], **seek = NULL;
-	u8 seek_count = 0;
-	int freq = 0;
-	bool include_6ghz = false;
-
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-		wpa_dbg(wpa_s, MSG_INFO,
-			"Reject P2P_FIND since interface is disabled");
-		return -1;
-	}
-
-	if (os_strstr(cmd, " include_6ghz"))
-		include_6ghz = true;
-	if (os_strstr(cmd, "type=social"))
-		type = P2P_FIND_ONLY_SOCIAL;
-	else if (os_strstr(cmd, "type=progressive"))
-		type = P2P_FIND_PROGRESSIVE;
-
-	pos = os_strstr(cmd, "dev_id=");
-	if (pos) {
-		pos += 7;
-		if (hwaddr_aton(pos, dev_id))
-			return -1;
-		_dev_id = dev_id;
-	}
-
-	pos = os_strstr(cmd, "dev_type=");
-	if (pos) {
-		pos += 9;
-		if (wps_dev_type_str2bin(pos, dev_type) < 0)
-			return -1;
-		_dev_type = dev_type;
-	}
-
-	pos = os_strstr(cmd, "delay=");
-	if (pos) {
-		pos += 6;
-		search_delay = atoi(pos);
-	} else
-		search_delay = wpas_p2p_search_delay(wpa_s);
-
-	pos = os_strstr(cmd, "freq=");
-	if (pos) {
-		pos += 5;
-		freq = atoi(pos);
-		if (freq <= 0)
-			return -1;
-	}
-
-	/* Must be searched for last, because it adds nul termination */
-	pos = os_strstr(cmd, " seek=");
-	if (pos)
-		pos += 6;
-	while (pos && seek_count < P2P_MAX_QUERY_HASH + 1) {
-		char *term;
-
-		_seek[seek_count++] = pos;
-		seek = _seek;
-		term = os_strchr(pos, ' ');
-		if (!term)
-			break;
-		*term = '\0';
-		pos = os_strstr(term + 1, "seek=");
-		if (pos)
-			pos += 5;
-	}
-	if (seek_count > P2P_MAX_QUERY_HASH) {
-		seek[0] = NULL;
-		seek_count = 1;
-	}
-
-	return wpas_p2p_find(wpa_s, timeout, type, _dev_type != NULL, _dev_type,
-			     _dev_id, search_delay, seek_count, seek, freq,
-			     include_6ghz);
-}
-
-
-static int p2ps_ctrl_parse_cpt_priority(const char *pos, u8 *cpt)
-{
-	const char *last = NULL;
-	const char *token;
-	long int token_len;
-	unsigned int i;
-
-	/* Expected predefined CPT names delimited by ':' */
-	for (i = 0; (token = cstr_token(pos, ": \t", &last)); i++) {
-		if (i >= P2PS_FEATURE_CAPAB_CPT_MAX) {
-			wpa_printf(MSG_ERROR,
-				   "P2PS: CPT name list is too long, expected up to %d names",
-				   P2PS_FEATURE_CAPAB_CPT_MAX);
-			cpt[0] = 0;
-			return -1;
-		}
-
-		token_len = last - token;
-
-		if (token_len  == 3 &&
-		    os_memcmp(token, "UDP", token_len) == 0) {
-			cpt[i] = P2PS_FEATURE_CAPAB_UDP_TRANSPORT;
-		} else if (token_len == 3 &&
-			   os_memcmp(token, "MAC", token_len) == 0) {
-			cpt[i] = P2PS_FEATURE_CAPAB_MAC_TRANSPORT;
-		} else {
-			wpa_printf(MSG_ERROR,
-				   "P2PS: Unsupported CPT name '%s'", token);
-			cpt[0] = 0;
-			return -1;
-		}
-
-		if (isblank((unsigned char) *last)) {
-			i++;
-			break;
-		}
-	}
-	cpt[i] = 0;
-	return 0;
-}
-
-
-static struct p2ps_provision * p2p_parse_asp_provision_cmd(const char *cmd)
-{
-	struct p2ps_provision *p2ps_prov;
-	char *pos;
-	size_t info_len = 0;
-	char *info = NULL;
-	u8 role = P2PS_SETUP_NONE;
-	long long unsigned val;
-	int i;
-
-	pos = os_strstr(cmd, "info=");
-	if (pos) {
-		pos += 5;
-		info_len = os_strlen(pos);
-
-		if (info_len) {
-			info = os_malloc(info_len + 1);
-			if (info) {
-				info_len = utf8_unescape(pos, info_len,
-							 info, info_len + 1);
-			} else
-				info_len = 0;
-		}
-	}
-
-	p2ps_prov = os_zalloc(sizeof(struct p2ps_provision) + info_len + 1);
-	if (p2ps_prov == NULL) {
-		os_free(info);
-		return NULL;
-	}
-
-	if (info) {
-		os_memcpy(p2ps_prov->info, info, info_len);
-		p2ps_prov->info[info_len] = '\0';
-		os_free(info);
-	}
-
-	pos = os_strstr(cmd, "status=");
-	if (pos)
-		p2ps_prov->status = atoi(pos + 7);
-	else
-		p2ps_prov->status = -1;
-
-	pos = os_strstr(cmd, "adv_id=");
-	if (!pos || sscanf(pos + 7, "%llx", &val) != 1 || val > 0xffffffffULL)
-		goto invalid_args;
-	p2ps_prov->adv_id = val;
-
-	pos = os_strstr(cmd, "method=");
-	if (pos)
-		p2ps_prov->method = strtol(pos + 7, NULL, 16);
-	else
-		p2ps_prov->method = 0;
-
-	pos = os_strstr(cmd, "session=");
-	if (!pos || sscanf(pos + 8, "%llx", &val) != 1 || val > 0xffffffffULL)
-		goto invalid_args;
-	p2ps_prov->session_id = val;
-
-	pos = os_strstr(cmd, "adv_mac=");
-	if (!pos || hwaddr_aton(pos + 8, p2ps_prov->adv_mac))
-		goto invalid_args;
-
-	pos = os_strstr(cmd, "session_mac=");
-	if (!pos || hwaddr_aton(pos + 12, p2ps_prov->session_mac))
-		goto invalid_args;
-
-	pos = os_strstr(cmd, "cpt=");
-	if (pos) {
-		if (p2ps_ctrl_parse_cpt_priority(pos + 4,
-						 p2ps_prov->cpt_priority))
-			goto invalid_args;
-	} else {
-		p2ps_prov->cpt_priority[0] = P2PS_FEATURE_CAPAB_UDP_TRANSPORT;
-	}
-
-	for (i = 0; p2ps_prov->cpt_priority[i]; i++)
-		p2ps_prov->cpt_mask |= p2ps_prov->cpt_priority[i];
-
-	/* force conncap with tstCap (no validity checks) */
-	pos = os_strstr(cmd, "tstCap=");
-	if (pos) {
-		role = strtol(pos + 7, NULL, 16);
-	} else {
-		pos = os_strstr(cmd, "role=");
-		if (pos) {
-			role = strtol(pos + 5, NULL, 16);
-			if (role != P2PS_SETUP_CLIENT &&
-			    role != P2PS_SETUP_GROUP_OWNER)
-				role = P2PS_SETUP_NONE;
-		}
-	}
-	p2ps_prov->role = role;
-
-	return p2ps_prov;
-
-invalid_args:
-	os_free(p2ps_prov);
-	return NULL;
-}
-
-
-static int p2p_ctrl_asp_provision_resp(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 addr[ETH_ALEN];
-	struct p2ps_provision *p2ps_prov;
-	char *pos;
-
-	/* <addr> id=<adv_id> [role=<conncap>] [info=<infodata>] */
-
-	wpa_printf(MSG_DEBUG, "%s: %s", __func__, cmd);
-
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	pos = cmd + 17;
-	if (*pos != ' ')
-		return -1;
-
-	p2ps_prov = p2p_parse_asp_provision_cmd(pos);
-	if (!p2ps_prov)
-		return -1;
-
-	if (p2ps_prov->status < 0) {
-		os_free(p2ps_prov);
-		return -1;
-	}
-
-	return wpas_p2p_prov_disc(wpa_s, addr, NULL, WPAS_P2P_PD_FOR_ASP,
-				  p2ps_prov);
-}
-
-
-static int p2p_ctrl_asp_provision(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 addr[ETH_ALEN];
-	struct p2ps_provision *p2ps_prov;
-	char *pos;
-
-	/* <addr> id=<adv_id> adv_mac=<adv_mac> conncap=<conncap>
-	 *        session=<ses_id> mac=<ses_mac> [info=<infodata>]
-	 */
-
-	wpa_printf(MSG_DEBUG, "%s: %s", __func__, cmd);
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	pos = cmd + 17;
-	if (*pos != ' ')
-		return -1;
-
-	p2ps_prov = p2p_parse_asp_provision_cmd(pos);
-	if (!p2ps_prov)
-		return -1;
-
-	p2ps_prov->pd_seeker = 1;
-
-	return wpas_p2p_prov_disc(wpa_s, addr, NULL, WPAS_P2P_PD_FOR_ASP,
-				  p2ps_prov);
-}
-
-
-static int parse_freq(int chwidth, int freq2)
-{
-	if (freq2 < 0)
-		return -1;
-	if (freq2)
-		return CHANWIDTH_80P80MHZ;
-
-	switch (chwidth) {
-	case 0:
-	case 20:
-	case 40:
-		return CHANWIDTH_USE_HT;
-	case 80:
-		return CHANWIDTH_80MHZ;
-	case 160:
-		return CHANWIDTH_160MHZ;
-	default:
-		wpa_printf(MSG_DEBUG, "Unknown max oper bandwidth: %d",
-			   chwidth);
-		return -1;
-	}
-}
-
-
-static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd,
-			    char *buf, size_t buflen)
-{
-	u8 addr[ETH_ALEN];
-	char *pos, *pos2;
-	char *pin = NULL;
-	enum p2p_wps_method wps_method;
-	int new_pin;
-	int ret;
-	int persistent_group, persistent_id = -1;
-	int join;
-	int auth;
-	int automatic;
-	int go_intent = -1;
-	int freq = 0;
-	int pd;
-	int ht40, vht, max_oper_chwidth, chwidth = 0, freq2 = 0;
-	int edmg;
-	u8 _group_ssid[SSID_MAX_LEN], *group_ssid = NULL;
-	size_t group_ssid_len = 0;
-	int he;
-	bool allow_6ghz;
-
-	if (!wpa_s->global->p2p_init_wpa_s)
-		return -1;
-	if (wpa_s->global->p2p_init_wpa_s != wpa_s) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Direct P2P_CONNECT command to %s",
-			wpa_s->global->p2p_init_wpa_s->ifname);
-		wpa_s = wpa_s->global->p2p_init_wpa_s;
-	}
-
-	/* <addr> <"pbc" | "pin" | PIN> [label|display|keypad|p2ps]
-	 * [persistent|persistent=<network id>]
-	 * [join] [auth] [go_intent=<0..15>] [freq=<in MHz>] [provdisc]
-	 * [ht40] [vht] [he] [edmg] [auto] [ssid=<hexdump>] */
-
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	pos = cmd + 17;
-	if (*pos != ' ')
-		return -1;
-	pos++;
-
-	persistent_group = os_strstr(pos, " persistent") != NULL;
-	pos2 = os_strstr(pos, " persistent=");
-	if (pos2) {
-		struct wpa_ssid *ssid;
-		persistent_id = atoi(pos2 + 12);
-		ssid = wpa_config_get_network(wpa_s->conf, persistent_id);
-		if (ssid == NULL || ssid->disabled != 2 ||
-		    ssid->mode != WPAS_MODE_P2P_GO) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
-				   "SSID id=%d for persistent P2P group (GO)",
-				   persistent_id);
-			return -1;
-		}
-	}
-	join = os_strstr(pos, " join") != NULL;
-	allow_6ghz = os_strstr(pos, " allow_6ghz") != NULL;
-	auth = os_strstr(pos, " auth") != NULL;
-	automatic = os_strstr(pos, " auto") != NULL;
-	pd = os_strstr(pos, " provdisc") != NULL;
-	vht = (os_strstr(cmd, " vht") != NULL) || wpa_s->conf->p2p_go_vht;
-	ht40 = (os_strstr(cmd, " ht40") != NULL) || wpa_s->conf->p2p_go_ht40 ||
-		vht;
-	he = (os_strstr(cmd, " he") != NULL) || wpa_s->conf->p2p_go_he;
-	edmg = (os_strstr(cmd, " edmg") != NULL) || wpa_s->conf->p2p_go_edmg;
-
-	pos2 = os_strstr(pos, " go_intent=");
-	if (pos2) {
-		pos2 += 11;
-		go_intent = atoi(pos2);
-		if (go_intent < 0 || go_intent > 15)
-			return -1;
-	}
-
-	pos2 = os_strstr(pos, " freq=");
-	if (pos2) {
-		pos2 += 6;
-		freq = atoi(pos2);
-		if (freq <= 0)
-			return -1;
-	}
-
-	pos2 = os_strstr(pos, " freq2=");
-	if (pos2)
-		freq2 = atoi(pos2 + 7);
-
-	pos2 = os_strstr(pos, " max_oper_chwidth=");
-	if (pos2)
-		chwidth = atoi(pos2 + 18);
-
-	max_oper_chwidth = parse_freq(chwidth, freq2);
-	if (max_oper_chwidth < 0)
-		return -1;
-
-	if (allow_6ghz && chwidth == 40)
-		max_oper_chwidth = CHANWIDTH_40MHZ_6GHZ;
-
-	pos2 = os_strstr(pos, " ssid=");
-	if (pos2) {
-		char *end;
-
-		pos2 += 6;
-		end = os_strchr(pos2, ' ');
-		if (!end)
-			group_ssid_len = os_strlen(pos2) / 2;
-		else
-			group_ssid_len = (end - pos2) / 2;
-		if (group_ssid_len == 0 || group_ssid_len > SSID_MAX_LEN ||
-		    hexstr2bin(pos2, _group_ssid, group_ssid_len) < 0)
-			return -1;
-		group_ssid = _group_ssid;
-	}
-
-	if (os_strncmp(pos, "pin", 3) == 0) {
-		/* Request random PIN (to be displayed) and enable the PIN */
-		wps_method = WPS_PIN_DISPLAY;
-	} else if (os_strncmp(pos, "pbc", 3) == 0) {
-		wps_method = WPS_PBC;
-	} else if (os_strstr(pos, "p2ps") != NULL) {
-		wps_method = WPS_P2PS;
-	} else {
-		pin = pos;
-		pos = os_strchr(pin, ' ');
-		wps_method = WPS_PIN_KEYPAD;
-		if (pos) {
-			*pos++ = '\0';
-			if (os_strncmp(pos, "display", 7) == 0)
-				wps_method = WPS_PIN_DISPLAY;
-		}
-		if (!wps_pin_str_valid(pin)) {
-			os_memcpy(buf, "FAIL-INVALID-PIN\n", 17);
-			return 17;
-		}
-	}
-
-	new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method,
-				   persistent_group, automatic, join,
-				   auth, go_intent, freq, freq2, persistent_id,
-				   pd, ht40, vht, max_oper_chwidth, he, edmg,
-				   group_ssid, group_ssid_len, allow_6ghz);
-	if (new_pin == -2) {
-		os_memcpy(buf, "FAIL-CHANNEL-UNAVAILABLE\n", 25);
-		return 25;
-	}
-	if (new_pin == -3) {
-		os_memcpy(buf, "FAIL-CHANNEL-UNSUPPORTED\n", 25);
-		return 25;
-	}
-	if (new_pin < 0)
-		return -1;
-	if (wps_method == WPS_PIN_DISPLAY && pin == NULL) {
-		ret = os_snprintf(buf, buflen, "%08d", new_pin);
-		if (os_snprintf_error(buflen, ret))
-			return -1;
-		return ret;
-	}
-
-	os_memcpy(buf, "OK\n", 3);
-	return 3;
-}
-
-
-static int p2p_ctrl_listen(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	unsigned int timeout = atoi(cmd);
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-		wpa_dbg(wpa_s, MSG_INFO,
-			"Reject P2P_LISTEN since interface is disabled");
-		return -1;
-	}
-	return wpas_p2p_listen(wpa_s, timeout);
-}
-
-
-static int p2p_ctrl_prov_disc(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 addr[ETH_ALEN];
-	char *pos;
-	enum wpas_p2p_prov_disc_use use = WPAS_P2P_PD_FOR_GO_NEG;
-
-	/* <addr> <config method> [join|auto] */
-
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	pos = cmd + 17;
-	if (*pos != ' ')
-		return -1;
-	pos++;
-
-	if (os_strstr(pos, " join") != NULL)
-		use = WPAS_P2P_PD_FOR_JOIN;
-	else if (os_strstr(pos, " auto") != NULL)
-		use = WPAS_P2P_PD_AUTO;
-
-	return wpas_p2p_prov_disc(wpa_s, addr, pos, use, NULL);
-}
-
-
-static int p2p_get_passphrase(struct wpa_supplicant *wpa_s, char *buf,
-			      size_t buflen)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GO ||
-	    ssid->passphrase == NULL)
-		return -1;
-
-	os_strlcpy(buf, ssid->passphrase, buflen);
-	return os_strlen(buf);
-}
-
-
-static int p2p_ctrl_serv_disc_req(struct wpa_supplicant *wpa_s, char *cmd,
-				  char *buf, size_t buflen)
-{
-	u64 ref;
-	int res;
-	u8 dst_buf[ETH_ALEN], *dst;
-	struct wpabuf *tlvs;
-	char *pos;
-	size_t len;
-
-	if (hwaddr_aton(cmd, dst_buf))
-		return -1;
-	dst = dst_buf;
-	if (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 &&
-	    dst[3] == 0 && dst[4] == 0 && dst[5] == 0)
-		dst = NULL;
-	pos = cmd + 17;
-	if (*pos != ' ')
-		return -1;
-	pos++;
-
-	if (os_strncmp(pos, "upnp ", 5) == 0) {
-		u8 version;
-		pos += 5;
-		if (hexstr2bin(pos, &version, 1) < 0)
-			return -1;
-		pos += 2;
-		if (*pos != ' ')
-			return -1;
-		pos++;
-		ref = wpas_p2p_sd_request_upnp(wpa_s, dst, version, pos);
-#ifdef CONFIG_WIFI_DISPLAY
-	} else if (os_strncmp(pos, "wifi-display ", 13) == 0) {
-		ref = wpas_p2p_sd_request_wifi_display(wpa_s, dst, pos + 13);
-#endif /* CONFIG_WIFI_DISPLAY */
-	} else if (os_strncmp(pos, "asp ", 4) == 0) {
-		char *svc_str;
-		char *svc_info = NULL;
-		u32 id;
-
-		pos += 4;
-		if (sscanf(pos, "%x", &id) != 1 || id > 0xff)
-			return -1;
-
-		pos = os_strchr(pos, ' ');
-		if (pos == NULL || pos[1] == '\0' || pos[1] == ' ')
-			return -1;
-
-		svc_str = pos + 1;
-
-		pos = os_strchr(svc_str, ' ');
-
-		if (pos)
-			*pos++ = '\0';
-
-		/* All remaining data is the svc_info string */
-		if (pos && pos[0] && pos[0] != ' ') {
-			len = os_strlen(pos);
-
-			/* Unescape in place */
-			len = utf8_unescape(pos, len, pos, len);
-			if (len > 0xff)
-				return -1;
-
-			svc_info = pos;
-		}
-
-		ref = wpas_p2p_sd_request_asp(wpa_s, dst, (u8) id,
-					      svc_str, svc_info);
-	} else {
-		len = os_strlen(pos);
-		if (len & 1)
-			return -1;
-		len /= 2;
-		tlvs = wpabuf_alloc(len);
-		if (tlvs == NULL)
-			return -1;
-		if (hexstr2bin(pos, wpabuf_put(tlvs, len), len) < 0) {
-			wpabuf_free(tlvs);
-			return -1;
-		}
-
-		ref = wpas_p2p_sd_request(wpa_s, dst, tlvs);
-		wpabuf_free(tlvs);
-	}
-	if (ref == 0)
-		return -1;
-	res = os_snprintf(buf, buflen, "%llx", (long long unsigned) ref);
-	if (os_snprintf_error(buflen, res))
-		return -1;
-	return res;
-}
-
-
-static int p2p_ctrl_serv_disc_cancel_req(struct wpa_supplicant *wpa_s,
-					 char *cmd)
-{
-	long long unsigned val;
-	u64 req;
-	if (sscanf(cmd, "%llx", &val) != 1)
-		return -1;
-	req = val;
-	return wpas_p2p_sd_cancel_request(wpa_s, req);
-}
-
-
-static int p2p_ctrl_serv_disc_resp(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int freq;
-	u8 dst[ETH_ALEN];
-	u8 dialog_token;
-	struct wpabuf *resp_tlvs;
-	char *pos, *pos2;
-	size_t len;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-	freq = atoi(cmd);
-	if (freq == 0)
-		return -1;
-
-	if (hwaddr_aton(pos, dst))
-		return -1;
-	pos += 17;
-	if (*pos != ' ')
-		return -1;
-	pos++;
-
-	pos2 = os_strchr(pos, ' ');
-	if (pos2 == NULL)
-		return -1;
-	*pos2++ = '\0';
-	dialog_token = atoi(pos);
-
-	len = os_strlen(pos2);
-	if (len & 1)
-		return -1;
-	len /= 2;
-	resp_tlvs = wpabuf_alloc(len);
-	if (resp_tlvs == NULL)
-		return -1;
-	if (hexstr2bin(pos2, wpabuf_put(resp_tlvs, len), len) < 0) {
-		wpabuf_free(resp_tlvs);
-		return -1;
-	}
-
-	wpas_p2p_sd_response(wpa_s, freq, dst, dialog_token, resp_tlvs);
-	wpabuf_free(resp_tlvs);
-	return 0;
-}
-
-
-static int p2p_ctrl_serv_disc_external(struct wpa_supplicant *wpa_s,
-				       char *cmd)
-{
-	if (os_strcmp(cmd, "0") && os_strcmp(cmd, "1"))
-		return -1;
-	wpa_s->p2p_sd_over_ctrl_iface = atoi(cmd);
-	return 0;
-}
-
-
-static int p2p_ctrl_service_add_bonjour(struct wpa_supplicant *wpa_s,
-					char *cmd)
-{
-	char *pos;
-	size_t len;
-	struct wpabuf *query, *resp;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	len = os_strlen(cmd);
-	if (len & 1)
-		return -1;
-	len /= 2;
-	query = wpabuf_alloc(len);
-	if (query == NULL)
-		return -1;
-	if (hexstr2bin(cmd, wpabuf_put(query, len), len) < 0) {
-		wpabuf_free(query);
-		return -1;
-	}
-
-	len = os_strlen(pos);
-	if (len & 1) {
-		wpabuf_free(query);
-		return -1;
-	}
-	len /= 2;
-	resp = wpabuf_alloc(len);
-	if (resp == NULL) {
-		wpabuf_free(query);
-		return -1;
-	}
-	if (hexstr2bin(pos, wpabuf_put(resp, len), len) < 0) {
-		wpabuf_free(query);
-		wpabuf_free(resp);
-		return -1;
-	}
-
-	if (wpas_p2p_service_add_bonjour(wpa_s, query, resp) < 0) {
-		wpabuf_free(query);
-		wpabuf_free(resp);
-		return -1;
-	}
-	return 0;
-}
-
-
-static int p2p_ctrl_service_add_upnp(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	u8 version;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (hexstr2bin(cmd, &version, 1) < 0)
-		return -1;
-
-	return wpas_p2p_service_add_upnp(wpa_s, version, pos);
-}
-
-
-static int p2p_ctrl_service_add_asp(struct wpa_supplicant *wpa_s,
-				    u8 replace, char *cmd)
-{
-	char *pos;
-	char *adv_str;
-	u32 auto_accept, adv_id, svc_state, config_methods;
-	char *svc_info = NULL;
-	char *cpt_prio_str;
-	u8 cpt_prio[P2PS_FEATURE_CAPAB_CPT_MAX + 1];
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	/* Auto-Accept value is mandatory, and must be one of the
-	 * single values (0, 1, 2, 4) */
-	auto_accept = atoi(cmd);
-	switch (auto_accept) {
-	case P2PS_SETUP_NONE: /* No auto-accept */
-	case P2PS_SETUP_NEW:
-	case P2PS_SETUP_CLIENT:
-	case P2PS_SETUP_GROUP_OWNER:
-		break;
-	default:
-		return -1;
-	}
-
-	/* Advertisement ID is mandatory */
-	cmd = pos;
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	/* Handle Adv_ID == 0 (wildcard "org.wi-fi.wfds") internally. */
-	if (sscanf(cmd, "%x", &adv_id) != 1 || adv_id == 0)
-		return -1;
-
-	/* Only allow replacements if exist, and adds if not */
-	if (wpas_p2p_service_p2ps_id_exists(wpa_s, adv_id)) {
-		if (!replace)
-			return -1;
-	} else {
-		if (replace)
-			return -1;
-	}
-
-	/* svc_state between 0 - 0xff is mandatory */
-	if (sscanf(pos, "%x", &svc_state) != 1 || svc_state > 0xff)
-		return -1;
-
-	pos = os_strchr(pos, ' ');
-	if (pos == NULL)
-		return -1;
-
-	/* config_methods is mandatory */
-	pos++;
-	if (sscanf(pos, "%x", &config_methods) != 1)
-		return -1;
-
-	if (!(config_methods &
-	      (WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD | WPS_CONFIG_P2PS)))
-		return -1;
-
-	pos = os_strchr(pos, ' ');
-	if (pos == NULL)
-		return -1;
-
-	pos++;
-	adv_str = pos;
-
-	/* Advertisement string is mandatory */
-	if (!pos[0] || pos[0] == ' ')
-		return -1;
-
-	/* Terminate svc string */
-	pos = os_strchr(pos, ' ');
-	if (pos != NULL)
-		*pos++ = '\0';
-
-	cpt_prio_str = (pos && pos[0]) ? os_strstr(pos, "cpt=") : NULL;
-	if (cpt_prio_str) {
-		pos = os_strchr(pos, ' ');
-		if (pos != NULL)
-			*pos++ = '\0';
-
-		if (p2ps_ctrl_parse_cpt_priority(cpt_prio_str + 4, cpt_prio))
-			return -1;
-	} else {
-		cpt_prio[0] = P2PS_FEATURE_CAPAB_UDP_TRANSPORT;
-		cpt_prio[1] = 0;
-	}
-
-	/* Service and Response Information are optional */
-	if (pos && pos[0]) {
-		size_t len;
-
-		/* Note the bare ' included, which cannot exist legally
-		 * in unescaped string. */
-		svc_info = os_strstr(pos, "svc_info='");
-
-		if (svc_info) {
-			svc_info += 9;
-			len = os_strlen(svc_info);
-			utf8_unescape(svc_info, len, svc_info, len);
-		}
-	}
-
-	return wpas_p2p_service_add_asp(wpa_s, auto_accept, adv_id, adv_str,
-					(u8) svc_state, (u16) config_methods,
-					svc_info, cpt_prio);
-}
-
-
-static int p2p_ctrl_service_add(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (os_strcmp(cmd, "bonjour") == 0)
-		return p2p_ctrl_service_add_bonjour(wpa_s, pos);
-	if (os_strcmp(cmd, "upnp") == 0)
-		return p2p_ctrl_service_add_upnp(wpa_s, pos);
-	if (os_strcmp(cmd, "asp") == 0)
-		return p2p_ctrl_service_add_asp(wpa_s, 0, pos);
-	wpa_printf(MSG_DEBUG, "Unknown service '%s'", cmd);
-	return -1;
-}
-
-
-static int p2p_ctrl_service_del_bonjour(struct wpa_supplicant *wpa_s,
-					char *cmd)
-{
-	size_t len;
-	struct wpabuf *query;
-	int ret;
-
-	len = os_strlen(cmd);
-	if (len & 1)
-		return -1;
-	len /= 2;
-	query = wpabuf_alloc(len);
-	if (query == NULL)
-		return -1;
-	if (hexstr2bin(cmd, wpabuf_put(query, len), len) < 0) {
-		wpabuf_free(query);
-		return -1;
-	}
-
-	ret = wpas_p2p_service_del_bonjour(wpa_s, query);
-	wpabuf_free(query);
-	return ret;
-}
-
-
-static int p2p_ctrl_service_del_upnp(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	u8 version;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (hexstr2bin(cmd, &version, 1) < 0)
-		return -1;
-
-	return wpas_p2p_service_del_upnp(wpa_s, version, pos);
-}
-
-
-static int p2p_ctrl_service_del_asp(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u32 adv_id;
-
-	if (os_strcmp(cmd, "all") == 0) {
-		wpas_p2p_service_flush_asp(wpa_s);
-		return 0;
-	}
-
-	if (sscanf(cmd, "%x", &adv_id) != 1)
-		return -1;
-
-	return wpas_p2p_service_del_asp(wpa_s, adv_id);
-}
-
-
-static int p2p_ctrl_service_del(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (os_strcmp(cmd, "bonjour") == 0)
-		return p2p_ctrl_service_del_bonjour(wpa_s, pos);
-	if (os_strcmp(cmd, "upnp") == 0)
-		return p2p_ctrl_service_del_upnp(wpa_s, pos);
-	if (os_strcmp(cmd, "asp") == 0)
-		return p2p_ctrl_service_del_asp(wpa_s, pos);
-	wpa_printf(MSG_DEBUG, "Unknown service '%s'", cmd);
-	return -1;
-}
-
-
-static int p2p_ctrl_service_replace(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	if (os_strcmp(cmd, "asp") == 0)
-		return p2p_ctrl_service_add_asp(wpa_s, 1, pos);
-
-	wpa_printf(MSG_DEBUG, "Unknown service '%s'", cmd);
-	return -1;
-}
-
-
-static int p2p_ctrl_reject(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 addr[ETH_ALEN];
-
-	/* <addr> */
-
-	if (hwaddr_aton(cmd, addr))
-		return -1;
-
-	return wpas_p2p_reject(wpa_s, addr);
-}
-
-
-static int p2p_ctrl_invite_persistent(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	int id;
-	struct wpa_ssid *ssid;
-	u8 *_peer = NULL, peer[ETH_ALEN];
-	int freq = 0, pref_freq = 0;
-	int ht40, vht, he, max_oper_chwidth, chwidth = 0, freq2 = 0;
-	int edmg;
-	bool allow_6ghz;
-
-	id = atoi(cmd);
-	pos = os_strstr(cmd, " peer=");
-	if (pos) {
-		pos += 6;
-		if (hwaddr_aton(pos, peer))
-			return -1;
-		_peer = peer;
-	}
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL || ssid->disabled != 2) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
-			   "for persistent P2P group",
-			   id);
-		return -1;
-	}
-
-	pos = os_strstr(cmd, " freq=");
-	if (pos) {
-		pos += 6;
-		freq = atoi(pos);
-		if (freq <= 0)
-			return -1;
-	}
-
-	pos = os_strstr(cmd, " pref=");
-	if (pos) {
-		pos += 6;
-		pref_freq = atoi(pos);
-		if (pref_freq <= 0)
-			return -1;
-	}
-
-	vht = (os_strstr(cmd, " vht") != NULL) || wpa_s->conf->p2p_go_vht;
-	ht40 = (os_strstr(cmd, " ht40") != NULL) || wpa_s->conf->p2p_go_ht40 ||
-		vht;
-	he = (os_strstr(cmd, " he") != NULL) || wpa_s->conf->p2p_go_he;
-	edmg = (os_strstr(cmd, " edmg") != NULL) || wpa_s->conf->p2p_go_edmg;
-
-	pos = os_strstr(cmd, "freq2=");
-	if (pos)
-		freq2 = atoi(pos + 6);
-
-	pos = os_strstr(cmd, " max_oper_chwidth=");
-	if (pos)
-		chwidth = atoi(pos + 18);
-
-	max_oper_chwidth = parse_freq(chwidth, freq2);
-	if (max_oper_chwidth < 0)
-		return -1;
-
-	allow_6ghz = os_strstr(cmd, " allow_6ghz") != NULL;
-
-	if (allow_6ghz && chwidth == 40)
-		max_oper_chwidth = CHANWIDTH_40MHZ_6GHZ;
-
-	return wpas_p2p_invite(wpa_s, _peer, ssid, NULL, freq, freq2, ht40, vht,
-			       max_oper_chwidth, pref_freq, he, edmg,
-			       allow_6ghz);
-}
-
-
-static int p2p_ctrl_invite_group(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	u8 peer[ETH_ALEN], go_dev_addr[ETH_ALEN], *go_dev = NULL;
-	bool allow_6ghz;
-
-	pos = os_strstr(cmd, " peer=");
-	if (!pos)
-		return -1;
-
-	*pos = '\0';
-	pos += 6;
-	if (hwaddr_aton(pos, peer)) {
-		wpa_printf(MSG_DEBUG, "P2P: Invalid MAC address '%s'", pos);
-		return -1;
-	}
-
-	allow_6ghz = os_strstr(pos, " allow_6ghz") != NULL;
-
-	pos = os_strstr(pos, " go_dev_addr=");
-	if (pos) {
-		pos += 13;
-		if (hwaddr_aton(pos, go_dev_addr)) {
-			wpa_printf(MSG_DEBUG, "P2P: Invalid MAC address '%s'",
-				   pos);
-			return -1;
-		}
-		go_dev = go_dev_addr;
-	}
-
-	return wpas_p2p_invite_group(wpa_s, cmd, peer, go_dev, allow_6ghz);
-}
-
-
-static int p2p_ctrl_invite(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	if (os_strncmp(cmd, "persistent=", 11) == 0)
-		return p2p_ctrl_invite_persistent(wpa_s, cmd + 11);
-	if (os_strncmp(cmd, "group=", 6) == 0)
-		return p2p_ctrl_invite_group(wpa_s, cmd + 6);
-
-	return -1;
-}
-
-
-static int p2p_ctrl_group_add_persistent(struct wpa_supplicant *wpa_s,
-					 int id, int freq, int vht_center_freq2,
-					 int ht40, int vht, int vht_chwidth,
-					 int he, int edmg, bool allow_6ghz)
-{
-	struct wpa_ssid *ssid;
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL || ssid->disabled != 2) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
-			   "for persistent P2P group",
-			   id);
-		return -1;
-	}
-
-	return wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq,
-					     vht_center_freq2, 0, ht40, vht,
-					     vht_chwidth, he, edmg,
-					     NULL, 0, 0, allow_6ghz);
-}
-
-
-static int p2p_ctrl_group_add(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int freq = 0, persistent = 0, group_id = -1;
-	bool allow_6ghz = false;
-	int vht = wpa_s->conf->p2p_go_vht;
-	int ht40 = wpa_s->conf->p2p_go_ht40 || vht;
-	int he = wpa_s->conf->p2p_go_he;
-	int edmg = wpa_s->conf->p2p_go_edmg;
-	int max_oper_chwidth, chwidth = 0, freq2 = 0;
-	char *token, *context = NULL;
-#ifdef CONFIG_ACS
-	int acs = 0;
-#endif /* CONFIG_ACS */
-
-	while ((token = str_token(cmd, " ", &context))) {
-		if (sscanf(token, "freq2=%d", &freq2) == 1 ||
-		    sscanf(token, "persistent=%d", &group_id) == 1 ||
-		    sscanf(token, "max_oper_chwidth=%d", &chwidth) == 1) {
-			continue;
-#ifdef CONFIG_ACS
-		} else if (os_strcmp(token, "freq=acs") == 0) {
-			acs = 1;
-#endif /* CONFIG_ACS */
-		} else if (sscanf(token, "freq=%d", &freq) == 1) {
-			continue;
-		} else if (os_strcmp(token, "ht40") == 0) {
-			ht40 = 1;
-		} else if (os_strcmp(token, "vht") == 0) {
-			vht = 1;
-			ht40 = 1;
-		} else if (os_strcmp(token, "he") == 0) {
-			he = 1;
-		} else if (os_strcmp(token, "edmg") == 0) {
-			edmg = 1;
-		} else if (os_strcmp(token, "persistent") == 0) {
-			persistent = 1;
-		} else if (os_strcmp(token, "allow_6ghz") == 0) {
-			allow_6ghz = true;
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "CTRL: Invalid P2P_GROUP_ADD parameter: '%s'",
-				   token);
-			return -1;
-		}
-	}
-
-#ifdef CONFIG_ACS
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_ACS_OFFLOAD) &&
-	    (acs || freq == 2 || freq == 5)) {
-		if (freq == 2 && wpa_s->best_24_freq <= 0) {
-			wpa_s->p2p_go_acs_band = HOSTAPD_MODE_IEEE80211G;
-			wpa_s->p2p_go_do_acs = 1;
-			freq = 0;
-		} else if (freq == 5 && wpa_s->best_5_freq <= 0) {
-			wpa_s->p2p_go_acs_band = HOSTAPD_MODE_IEEE80211A;
-			wpa_s->p2p_go_do_acs = 1;
-			freq = 0;
-		} else {
-			wpa_s->p2p_go_acs_band = HOSTAPD_MODE_IEEE80211ANY;
-			wpa_s->p2p_go_do_acs = 1;
-		}
-	} else {
-		wpa_s->p2p_go_do_acs = 0;
-	}
-#endif /* CONFIG_ACS */
-
-	max_oper_chwidth = parse_freq(chwidth, freq2);
-	if (max_oper_chwidth < 0)
-		return -1;
-
-	if (allow_6ghz && chwidth == 40)
-		max_oper_chwidth = CHANWIDTH_40MHZ_6GHZ;
-
-	/* Allow DFS to be used for Autonomous GO */
-	wpa_s->p2p_go_allow_dfs = !!(wpa_s->drv_flags &
-				     WPA_DRIVER_FLAGS_DFS_OFFLOAD);
-
-	if (group_id >= 0)
-		return p2p_ctrl_group_add_persistent(wpa_s, group_id,
-						     freq, freq2, ht40, vht,
-						     max_oper_chwidth, he,
-						     edmg, allow_6ghz);
-
-	return wpas_p2p_group_add(wpa_s, persistent, freq, freq2, ht40, vht,
-				  max_oper_chwidth, he, edmg, allow_6ghz);
-}
-
-
-static int p2p_ctrl_group_member(struct wpa_supplicant *wpa_s, const char *cmd,
-				 char *buf, size_t buflen)
-{
-	u8 dev_addr[ETH_ALEN];
-	struct wpa_ssid *ssid;
-	int res;
-	const u8 *iaddr;
-
-	ssid = wpa_s->current_ssid;
-	if (!wpa_s->global->p2p || !ssid || ssid->mode != WPAS_MODE_P2P_GO ||
-	    hwaddr_aton(cmd, dev_addr))
-		return -1;
-
-	iaddr = p2p_group_get_client_interface_addr(wpa_s->p2p_group, dev_addr);
-	if (!iaddr)
-		return -1;
-	res = os_snprintf(buf, buflen, MACSTR, MAC2STR(iaddr));
-	if (os_snprintf_error(buflen, res))
-		return -1;
-	return res;
-}
-
-
-static int wpas_find_p2p_dev_addr_bss(struct wpa_global *global,
-				      const u8 *p2p_dev_addr)
-{
-	struct wpa_supplicant *wpa_s;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_bss_get_p2p_dev_addr(wpa_s, p2p_dev_addr))
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int p2p_ctrl_peer(struct wpa_supplicant *wpa_s, char *cmd,
-			 char *buf, size_t buflen)
-{
-	u8 addr[ETH_ALEN], *addr_ptr, group_capab;
-	int next, res;
-	const struct p2p_peer_info *info;
-	char *pos, *end;
-	char devtype[WPS_DEV_TYPE_BUFSIZE];
-	struct wpa_ssid *ssid;
-	size_t i;
-
-	if (!wpa_s->global->p2p)
-		return -1;
-
-	if (os_strcmp(cmd, "FIRST") == 0) {
-		addr_ptr = NULL;
-		next = 0;
-	} else if (os_strncmp(cmd, "NEXT-", 5) == 0) {
-		if (hwaddr_aton(cmd + 5, addr) < 0)
-			return -1;
-		addr_ptr = addr;
-		next = 1;
-	} else {
-		if (hwaddr_aton(cmd, addr) < 0)
-			return -1;
-		addr_ptr = addr;
-		next = 0;
-	}
-
-	info = p2p_get_peer_info(wpa_s->global->p2p, addr_ptr, next);
-	if (info == NULL)
-		return -1;
-	group_capab = info->group_capab;
-
-	if (group_capab &&
-	    !wpas_find_p2p_dev_addr_bss(wpa_s->global, info->p2p_device_addr)) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Could not find any BSS with p2p_dev_addr "
-			   MACSTR ", hence override group_capab from 0x%x to 0",
-			   MAC2STR(info->p2p_device_addr), group_capab);
-		group_capab = 0;
-	}
-
-	pos = buf;
-	end = buf + buflen;
-
-	res = os_snprintf(pos, end - pos, MACSTR "\n"
-			  "pri_dev_type=%s\n"
-			  "device_name=%s\n"
-			  "manufacturer=%s\n"
-			  "model_name=%s\n"
-			  "model_number=%s\n"
-			  "serial_number=%s\n"
-			  "config_methods=0x%x\n"
-			  "dev_capab=0x%x\n"
-			  "group_capab=0x%x\n"
-			  "level=%d\n",
-			  MAC2STR(info->p2p_device_addr),
-			  wps_dev_type_bin2str(info->pri_dev_type,
-					       devtype, sizeof(devtype)),
-			  info->device_name,
-			  info->manufacturer,
-			  info->model_name,
-			  info->model_number,
-			  info->serial_number,
-			  info->config_methods,
-			  info->dev_capab,
-			  group_capab,
-			  info->level);
-	if (os_snprintf_error(end - pos, res))
-		return pos - buf;
-	pos += res;
-
-	for (i = 0; i < info->wps_sec_dev_type_list_len / WPS_DEV_TYPE_LEN; i++)
-	{
-		const u8 *t;
-		t = &info->wps_sec_dev_type_list[i * WPS_DEV_TYPE_LEN];
-		res = os_snprintf(pos, end - pos, "sec_dev_type=%s\n",
-				  wps_dev_type_bin2str(t, devtype,
-						       sizeof(devtype)));
-		if (os_snprintf_error(end - pos, res))
-			return pos - buf;
-		pos += res;
-	}
-
-	ssid = wpas_p2p_get_persistent(wpa_s, info->p2p_device_addr, NULL, 0);
-	if (ssid) {
-		res = os_snprintf(pos, end - pos, "persistent=%d\n", ssid->id);
-		if (os_snprintf_error(end - pos, res))
-			return pos - buf;
-		pos += res;
-	}
-
-	res = p2p_get_peer_info_txt(info, pos, end - pos);
-	if (res < 0)
-		return pos - buf;
-	pos += res;
-
-	if (info->vendor_elems) {
-		res = os_snprintf(pos, end - pos, "vendor_elems=");
-		if (os_snprintf_error(end - pos, res))
-			return pos - buf;
-		pos += res;
-
-		pos += wpa_snprintf_hex(pos, end - pos,
-					wpabuf_head(info->vendor_elems),
-					wpabuf_len(info->vendor_elems));
-
-		res = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, res))
-			return pos - buf;
-		pos += res;
-	}
-
-	return pos - buf;
-}
-
-
-static int p2p_ctrl_disallow_freq(struct wpa_supplicant *wpa_s,
-				  const char *param)
-{
-	unsigned int i;
-
-	if (wpa_s->global->p2p == NULL)
-		return -1;
-
-	if (freq_range_list_parse(&wpa_s->global->p2p_disallow_freq, param) < 0)
-		return -1;
-
-	for (i = 0; i < wpa_s->global->p2p_disallow_freq.num; i++) {
-		struct wpa_freq_range *freq;
-		freq = &wpa_s->global->p2p_disallow_freq.range[i];
-		wpa_printf(MSG_DEBUG, "P2P: Disallowed frequency range %u-%u",
-			   freq->min, freq->max);
-	}
-
-	wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DISALLOW);
-	return 0;
-}
-
-
-static int p2p_ctrl_set(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *param;
-
-	if (wpa_s->global->p2p == NULL)
-		return -1;
-
-	param = os_strchr(cmd, ' ');
-	if (param == NULL)
-		return -1;
-	*param++ = '\0';
-
-	if (os_strcmp(cmd, "discoverability") == 0) {
-		p2p_set_client_discoverability(wpa_s->global->p2p,
-					       atoi(param));
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "managed") == 0) {
-		p2p_set_managed_oper(wpa_s->global->p2p, atoi(param));
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "listen_channel") == 0) {
-		char *pos;
-		u8 channel, op_class;
-
-		channel = atoi(param);
-		pos = os_strchr(param, ' ');
-		op_class = pos ? atoi(pos) : 81;
-
-		return p2p_set_listen_channel(wpa_s->global->p2p, op_class,
-					      channel, 1);
-	}
-
-	if (os_strcmp(cmd, "ssid_postfix") == 0) {
-		return p2p_set_ssid_postfix(wpa_s->global->p2p, (u8 *) param,
-					    os_strlen(param));
-	}
-
-	if (os_strcmp(cmd, "noa") == 0) {
-		char *pos;
-		int count, start, duration;
-		/* GO NoA parameters: count,start_offset(ms),duration(ms) */
-		count = atoi(param);
-		pos = os_strchr(param, ',');
-		if (pos == NULL)
-			return -1;
-		pos++;
-		start = atoi(pos);
-		pos = os_strchr(pos, ',');
-		if (pos == NULL)
-			return -1;
-		pos++;
-		duration = atoi(pos);
-		if (count < 0 || count > 255 || start < 0 || duration < 0)
-			return -1;
-		if (count == 0 && duration > 0)
-			return -1;
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: P2P_SET GO NoA: count=%d "
-			   "start=%d duration=%d", count, start, duration);
-		return wpas_p2p_set_noa(wpa_s, count, start, duration);
-	}
-
-	if (os_strcmp(cmd, "ps") == 0)
-		return wpa_drv_set_p2p_powersave(wpa_s, atoi(param), -1, -1);
-
-	if (os_strcmp(cmd, "oppps") == 0)
-		return wpa_drv_set_p2p_powersave(wpa_s, -1, atoi(param), -1);
-
-	if (os_strcmp(cmd, "ctwindow") == 0)
-		return wpa_drv_set_p2p_powersave(wpa_s, -1, -1, atoi(param));
-
-	if (os_strcmp(cmd, "disabled") == 0) {
-		wpa_s->global->p2p_disabled = atoi(param);
-		wpa_printf(MSG_DEBUG, "P2P functionality %s",
-			   wpa_s->global->p2p_disabled ?
-			   "disabled" : "enabled");
-		if (wpa_s->global->p2p_disabled) {
-			wpas_p2p_stop_find(wpa_s);
-			os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
-			p2p_flush(wpa_s->global->p2p);
-		}
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "conc_pref") == 0) {
-		if (os_strcmp(param, "sta") == 0)
-			wpa_s->global->conc_pref = WPA_CONC_PREF_STA;
-		else if (os_strcmp(param, "p2p") == 0)
-			wpa_s->global->conc_pref = WPA_CONC_PREF_P2P;
-		else {
-			wpa_printf(MSG_INFO, "Invalid conc_pref value");
-			return -1;
-		}
-		wpa_printf(MSG_DEBUG, "Single channel concurrency preference: "
-			   "%s", param);
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "force_long_sd") == 0) {
-		wpa_s->force_long_sd = atoi(param);
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "peer_filter") == 0) {
-		u8 addr[ETH_ALEN];
-		if (hwaddr_aton(param, addr))
-			return -1;
-		p2p_set_peer_filter(wpa_s->global->p2p, addr);
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "cross_connect") == 0)
-		return wpas_p2p_set_cross_connect(wpa_s, atoi(param));
-
-	if (os_strcmp(cmd, "go_apsd") == 0) {
-		if (os_strcmp(param, "disable") == 0)
-			wpa_s->set_ap_uapsd = 0;
-		else {
-			wpa_s->set_ap_uapsd = 1;
-			wpa_s->ap_uapsd = atoi(param);
-		}
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "client_apsd") == 0) {
-		if (os_strcmp(param, "disable") == 0)
-			wpa_s->set_sta_uapsd = 0;
-		else {
-			int be, bk, vi, vo;
-			char *pos;
-			/* format: BE,BK,VI,VO;max SP Length */
-			be = atoi(param);
-			pos = os_strchr(param, ',');
-			if (pos == NULL)
-				return -1;
-			pos++;
-			bk = atoi(pos);
-			pos = os_strchr(pos, ',');
-			if (pos == NULL)
-				return -1;
-			pos++;
-			vi = atoi(pos);
-			pos = os_strchr(pos, ',');
-			if (pos == NULL)
-				return -1;
-			pos++;
-			vo = atoi(pos);
-			/* ignore max SP Length for now */
-
-			wpa_s->set_sta_uapsd = 1;
-			wpa_s->sta_uapsd = 0;
-			if (be)
-				wpa_s->sta_uapsd |= BIT(0);
-			if (bk)
-				wpa_s->sta_uapsd |= BIT(1);
-			if (vi)
-				wpa_s->sta_uapsd |= BIT(2);
-			if (vo)
-				wpa_s->sta_uapsd |= BIT(3);
-		}
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "disallow_freq") == 0)
-		return p2p_ctrl_disallow_freq(wpa_s, param);
-
-	if (os_strcmp(cmd, "disc_int") == 0) {
-		int min_disc_int, max_disc_int, max_disc_tu;
-		char *pos;
-
-		pos = param;
-
-		min_disc_int = atoi(pos);
-		pos = os_strchr(pos, ' ');
-		if (pos == NULL)
-			return -1;
-		*pos++ = '\0';
-
-		max_disc_int = atoi(pos);
-		pos = os_strchr(pos, ' ');
-		if (pos == NULL)
-			return -1;
-		*pos++ = '\0';
-
-		max_disc_tu = atoi(pos);
-
-		return p2p_set_disc_int(wpa_s->global->p2p, min_disc_int,
-					max_disc_int, max_disc_tu);
-	}
-
-	if (os_strcmp(cmd, "per_sta_psk") == 0) {
-		wpa_s->global->p2p_per_sta_psk = !!atoi(param);
-		return 0;
-	}
-
-#ifdef CONFIG_WPS_NFC
-	if (os_strcmp(cmd, "nfc_tag") == 0)
-		return wpas_p2p_nfc_tag_enabled(wpa_s, !!atoi(param));
-#endif /* CONFIG_WPS_NFC */
-
-	if (os_strcmp(cmd, "disable_ip_addr_req") == 0) {
-		wpa_s->p2p_disable_ip_addr_req = !!atoi(param);
-		return 0;
-	}
-
-	if (os_strcmp(cmd, "override_pref_op_chan") == 0) {
-		int op_class, chan;
-
-		op_class = atoi(param);
-		param = os_strchr(param, ':');
-		if (!param)
-			return -1;
-		param++;
-		chan = atoi(param);
-		p2p_set_override_pref_op_chan(wpa_s->global->p2p, op_class,
-					      chan);
-		return 0;
-	}
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown P2P_SET field value '%s'",
-		   cmd);
-
-	return -1;
-}
-
-
-static void p2p_ctrl_flush(struct wpa_supplicant *wpa_s)
-{
-	os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
-	wpa_s->force_long_sd = 0;
-
-#ifdef CONFIG_TESTING_OPTIONS
-	os_free(wpa_s->get_pref_freq_list_override);
-	wpa_s->get_pref_freq_list_override = NULL;
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	wpas_p2p_stop_find(wpa_s);
-	wpa_s->parent->p2ps_method_config_any = 0;
-	if (wpa_s->global->p2p)
-		p2p_flush(wpa_s->global->p2p);
-}
-
-
-static int p2p_ctrl_presence_req(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos, *pos2;
-	unsigned int dur1 = 0, int1 = 0, dur2 = 0, int2 = 0;
-
-	if (cmd[0]) {
-		pos = os_strchr(cmd, ' ');
-		if (pos == NULL)
-			return -1;
-		*pos++ = '\0';
-		dur1 = atoi(cmd);
-
-		pos2 = os_strchr(pos, ' ');
-		if (pos2)
-			*pos2++ = '\0';
-		int1 = atoi(pos);
-	} else
-		pos2 = NULL;
-
-	if (pos2) {
-		pos = os_strchr(pos2, ' ');
-		if (pos == NULL)
-			return -1;
-		*pos++ = '\0';
-		dur2 = atoi(pos2);
-		int2 = atoi(pos);
-	}
-
-	return wpas_p2p_presence_req(wpa_s, dur1, int1, dur2, int2);
-}
-
-
-static int p2p_ctrl_ext_listen(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	unsigned int period = 0, interval = 0;
-
-	if (cmd[0]) {
-		pos = os_strchr(cmd, ' ');
-		if (pos == NULL)
-			return -1;
-		*pos++ = '\0';
-		period = atoi(cmd);
-		interval = atoi(pos);
-	}
-
-	return wpas_p2p_ext_listen(wpa_s, period, interval);
-}
-
-
-static int p2p_ctrl_remove_client(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	const char *pos;
-	u8 peer[ETH_ALEN];
-	int iface_addr = 0;
-
-	pos = cmd;
-	if (os_strncmp(pos, "iface=", 6) == 0) {
-		iface_addr = 1;
-		pos += 6;
-	}
-	if (hwaddr_aton(pos, peer))
-		return -1;
-
-	wpas_p2p_remove_client(wpa_s, peer, iface_addr);
-	return 0;
-}
-
-
-static int p2p_ctrl_iface_p2p_lo_start(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int freq = 0, period = 0, interval = 0, count = 0;
-
-	if (sscanf(cmd, "%d %d %d %d", &freq, &period, &interval, &count) != 4)
-	{
-		wpa_printf(MSG_DEBUG,
-			   "CTRL: Invalid P2P LO Start parameter: '%s'", cmd);
-		return -1;
-	}
-
-	return wpas_p2p_lo_start(wpa_s, freq, period, interval, count);
-}
-
-#endif /* CONFIG_P2P */
-
-
-static int * freq_range_to_channel_list(struct wpa_supplicant *wpa_s, char *val)
-{
-	struct wpa_freq_range_list ranges;
-	int *freqs = NULL;
-	struct hostapd_hw_modes *mode;
-	u16 i;
-
-	if (wpa_s->hw.modes == NULL)
-		return NULL;
-
-	os_memset(&ranges, 0, sizeof(ranges));
-	if (freq_range_list_parse(&ranges, val) < 0)
-		return NULL;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		int j;
-
-		mode = &wpa_s->hw.modes[i];
-		for (j = 0; j < mode->num_channels; j++) {
-			unsigned int freq;
-
-			if (mode->channels[j].flag & HOSTAPD_CHAN_DISABLED)
-				continue;
-
-			freq = mode->channels[j].freq;
-			if (!freq_range_list_includes(&ranges, freq))
-				continue;
-
-			int_array_add_unique(&freqs, freq);
-		}
-	}
-
-	os_free(ranges.range);
-	return freqs;
-}
-
-
-#ifdef CONFIG_INTERWORKING
-
-static int ctrl_interworking_select(struct wpa_supplicant *wpa_s, char *param)
-{
-	int auto_sel = 0;
-	int *freqs = NULL;
-
-	if (param) {
-		char *pos;
-
-		auto_sel = os_strstr(param, "auto") != NULL;
-
-		pos = os_strstr(param, "freq=");
-		if (pos) {
-			freqs = freq_range_to_channel_list(wpa_s, pos + 5);
-			if (freqs == NULL)
-				return -1;
-		}
-
-	}
-
-	return interworking_select(wpa_s, auto_sel, freqs);
-}
-
-
-static int ctrl_interworking_connect(struct wpa_supplicant *wpa_s, char *dst,
-				     int only_add)
-{
-	u8 bssid[ETH_ALEN];
-	struct wpa_bss *bss;
-
-	if (hwaddr_aton(dst, bssid)) {
-		wpa_printf(MSG_DEBUG, "Invalid BSSID '%s'", dst);
-		return -1;
-	}
-
-	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-	if (bss == NULL) {
-		wpa_printf(MSG_DEBUG, "Could not find BSS " MACSTR,
-			   MAC2STR(bssid));
-		return -1;
-	}
-
-	if (bss->ssid_len == 0) {
-		int found = 0;
-
-		wpa_printf(MSG_DEBUG, "Selected BSS entry for " MACSTR
-			   " does not have SSID information", MAC2STR(bssid));
-
-		dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss,
-					 list) {
-			if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
-			    bss->ssid_len > 0) {
-				found = 1;
-				break;
-			}
-		}
-
-		if (!found)
-			return -1;
-		wpa_printf(MSG_DEBUG,
-			   "Found another matching BSS entry with SSID");
-	}
-
-	return interworking_connect(wpa_s, bss, only_add);
-}
-
-
-static int get_anqp(struct wpa_supplicant *wpa_s, char *dst)
-{
-	u8 dst_addr[ETH_ALEN];
-	int used, freq = 0;
-	char *pos;
-#define MAX_ANQP_INFO_ID 100
-	u16 id[MAX_ANQP_INFO_ID];
-	size_t num_id = 0;
-	u32 subtypes = 0;
-	u32 mbo_subtypes = 0;
-
-	used = hwaddr_aton2(dst, dst_addr);
-	if (used < 0)
-		return -1;
-	pos = dst + used;
-	if (*pos == ' ')
-		pos++;
-
-	if (os_strncmp(pos, "freq=", 5) == 0) {
-		freq = atoi(pos + 5);
-		pos = os_strchr(pos, ' ');
-		if (!pos)
-			return -1;
-		pos++;
-	}
-
-	while (num_id < MAX_ANQP_INFO_ID) {
-		if (os_strncmp(pos, "hs20:", 5) == 0) {
-#ifdef CONFIG_HS20
-			int num = atoi(pos + 5);
-			if (num <= 0 || num > 31)
-				return -1;
-			subtypes |= BIT(num);
-#else /* CONFIG_HS20 */
-			return -1;
-#endif /* CONFIG_HS20 */
-		} else if (os_strncmp(pos, "mbo:", 4) == 0) {
-#ifdef CONFIG_MBO
-			int num = atoi(pos + 4);
-
-			if (num <= 0 || num > MAX_MBO_ANQP_SUBTYPE)
-				return -1;
-			mbo_subtypes |= BIT(num);
-#else /* CONFIG_MBO */
-			return -1;
-#endif /* CONFIG_MBO */
-		} else {
-			id[num_id] = atoi(pos);
-			if (id[num_id])
-				num_id++;
-		}
-		pos = os_strchr(pos + 1, ',');
-		if (pos == NULL)
-			break;
-		pos++;
-	}
-
-	if (num_id == 0 && !subtypes && !mbo_subtypes)
-		return -1;
-
-	return anqp_send_req(wpa_s, dst_addr, freq, id, num_id, subtypes,
-			     mbo_subtypes);
-}
-
-
-static int gas_request(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 dst_addr[ETH_ALEN];
-	struct wpabuf *advproto, *query = NULL;
-	int used, ret = -1;
-	char *pos, *end;
-	size_t len;
-
-	used = hwaddr_aton2(cmd, dst_addr);
-	if (used < 0)
-		return -1;
-
-	pos = cmd + used;
-	while (*pos == ' ')
-		pos++;
-
-	/* Advertisement Protocol ID */
-	end = os_strchr(pos, ' ');
-	if (end)
-		len = end - pos;
-	else
-		len = os_strlen(pos);
-	if (len & 0x01)
-		return -1;
-	len /= 2;
-	if (len == 0)
-		return -1;
-	advproto = wpabuf_alloc(len);
-	if (advproto == NULL)
-		return -1;
-	if (hexstr2bin(pos, wpabuf_put(advproto, len), len) < 0)
-		goto fail;
-
-	if (end) {
-		/* Optional Query Request */
-		pos = end + 1;
-		while (*pos == ' ')
-			pos++;
-
-		len = os_strlen(pos);
-		if (len) {
-			if (len & 0x01)
-				goto fail;
-			len /= 2;
-			if (len == 0)
-				goto fail;
-			query = wpabuf_alloc(len);
-			if (query == NULL)
-				goto fail;
-			if (hexstr2bin(pos, wpabuf_put(query, len), len) < 0)
-				goto fail;
-		}
-	}
-
-	ret = gas_send_request(wpa_s, dst_addr, advproto, query);
-
-fail:
-	wpabuf_free(advproto);
-	wpabuf_free(query);
-
-	return ret;
-}
-
-
-static int gas_response_get(struct wpa_supplicant *wpa_s, char *cmd, char *buf,
-			    size_t buflen)
-{
-	u8 addr[ETH_ALEN];
-	int dialog_token;
-	int used;
-	char *pos;
-	size_t resp_len, start, requested_len;
-	struct wpabuf *resp;
-	int ret;
-
-	used = hwaddr_aton2(cmd, addr);
-	if (used < 0)
-		return -1;
-
-	pos = cmd + used;
-	while (*pos == ' ')
-		pos++;
-	dialog_token = atoi(pos);
-
-	if (wpa_s->last_gas_resp &&
-	    os_memcmp(addr, wpa_s->last_gas_addr, ETH_ALEN) == 0 &&
-	    dialog_token == wpa_s->last_gas_dialog_token)
-		resp = wpa_s->last_gas_resp;
-	else if (wpa_s->prev_gas_resp &&
-		 os_memcmp(addr, wpa_s->prev_gas_addr, ETH_ALEN) == 0 &&
-		 dialog_token == wpa_s->prev_gas_dialog_token)
-		resp = wpa_s->prev_gas_resp;
-	else
-		return -1;
-
-	resp_len = wpabuf_len(resp);
-	start = 0;
-	requested_len = resp_len;
-
-	pos = os_strchr(pos, ' ');
-	if (pos) {
-		start = atoi(pos);
-		if (start > resp_len)
-			return os_snprintf(buf, buflen, "FAIL-Invalid range");
-		pos = os_strchr(pos, ',');
-		if (pos == NULL)
-			return -1;
-		pos++;
-		requested_len = atoi(pos);
-		if (start + requested_len > resp_len)
-			return os_snprintf(buf, buflen, "FAIL-Invalid range");
-	}
-
-	if (requested_len * 2 + 1 > buflen)
-		return os_snprintf(buf, buflen, "FAIL-Too long response");
-
-	ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(resp) + start,
-			       requested_len);
-
-	if (start + requested_len == resp_len) {
-		/*
-		 * Free memory by dropping the response after it has been
-		 * fetched.
-		 */
-		if (resp == wpa_s->prev_gas_resp) {
-			wpabuf_free(wpa_s->prev_gas_resp);
-			wpa_s->prev_gas_resp = NULL;
-		} else {
-			wpabuf_free(wpa_s->last_gas_resp);
-			wpa_s->last_gas_resp = NULL;
-		}
-	}
-
-	return ret;
-}
-#endif /* CONFIG_INTERWORKING */
-
-
-#ifdef CONFIG_HS20
-
-static int get_hs20_anqp(struct wpa_supplicant *wpa_s, char *dst)
-{
-	u8 dst_addr[ETH_ALEN];
-	int used;
-	char *pos;
-	u32 subtypes = 0;
-
-	used = hwaddr_aton2(dst, dst_addr);
-	if (used < 0)
-		return -1;
-	pos = dst + used;
-	if (*pos == ' ')
-		pos++;
-	for (;;) {
-		int num = atoi(pos);
-		if (num <= 0 || num > 31)
-			return -1;
-		subtypes |= BIT(num);
-		pos = os_strchr(pos + 1, ',');
-		if (pos == NULL)
-			break;
-		pos++;
-	}
-
-	if (subtypes == 0)
-		return -1;
-
-	return hs20_anqp_send_req(wpa_s, dst_addr, subtypes, NULL, 0, 0);
-}
-
-
-static int hs20_nai_home_realm_list(struct wpa_supplicant *wpa_s,
-				    const u8 *addr, const char *realm)
-{
-	u8 *buf;
-	size_t rlen, len;
-	int ret;
-
-	rlen = os_strlen(realm);
-	len = 3 + rlen;
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-	buf[0] = 1; /* NAI Home Realm Count */
-	buf[1] = 0; /* Formatted in accordance with RFC 4282 */
-	buf[2] = rlen;
-	os_memcpy(buf + 3, realm, rlen);
-
-	ret = hs20_anqp_send_req(wpa_s, addr,
-				 BIT(HS20_STYPE_NAI_HOME_REALM_QUERY),
-				 buf, len, 0);
-
-	os_free(buf);
-
-	return ret;
-}
-
-
-static int hs20_get_nai_home_realm_list(struct wpa_supplicant *wpa_s,
-					char *dst)
-{
-	struct wpa_cred *cred = wpa_s->conf->cred;
-	u8 dst_addr[ETH_ALEN];
-	int used;
-	u8 *buf;
-	size_t len;
-	int ret;
-
-	used = hwaddr_aton2(dst, dst_addr);
-	if (used < 0)
-		return -1;
-
-	while (dst[used] == ' ')
-		used++;
-	if (os_strncmp(dst + used, "realm=", 6) == 0)
-		return hs20_nai_home_realm_list(wpa_s, dst_addr,
-						dst + used + 6);
-
-	len = os_strlen(dst + used);
-
-	if (len == 0 && cred && cred->realm)
-		return hs20_nai_home_realm_list(wpa_s, dst_addr, cred->realm);
-
-	if (len & 1)
-		return -1;
-	len /= 2;
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-	if (hexstr2bin(dst + used, buf, len) < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	ret = hs20_anqp_send_req(wpa_s, dst_addr,
-				 BIT(HS20_STYPE_NAI_HOME_REALM_QUERY),
-				 buf, len, 0);
-	os_free(buf);
-
-	return ret;
-}
-
-
-static int get_hs20_icon(struct wpa_supplicant *wpa_s, char *cmd, char *reply,
-			 int buflen)
-{
-	u8 dst_addr[ETH_ALEN];
-	int used;
-	char *ctx = NULL, *icon, *poffset, *psize;
-
-	used = hwaddr_aton2(cmd, dst_addr);
-	if (used < 0)
-		return -1;
-	cmd += used;
-
-	icon = str_token(cmd, " ", &ctx);
-	poffset = str_token(cmd, " ", &ctx);
-	psize = str_token(cmd, " ", &ctx);
-	if (!icon || !poffset || !psize)
-		return -1;
-
-	wpa_s->fetch_osu_icon_in_progress = 0;
-	return hs20_get_icon(wpa_s, dst_addr, icon, atoi(poffset), atoi(psize),
-			     reply, buflen);
-}
-
-
-static int del_hs20_icon(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 dst_addr[ETH_ALEN];
-	int used;
-	char *icon;
-
-	if (!cmd[0])
-		return hs20_del_icon(wpa_s, NULL, NULL);
-
-	used = hwaddr_aton2(cmd, dst_addr);
-	if (used < 0)
-		return -1;
-
-	while (cmd[used] == ' ')
-		used++;
-	icon = cmd[used] ? &cmd[used] : NULL;
-
-	return hs20_del_icon(wpa_s, dst_addr, icon);
-}
-
-
-static int hs20_icon_request(struct wpa_supplicant *wpa_s, char *cmd, int inmem)
-{
-	u8 dst_addr[ETH_ALEN];
-	int used;
-	char *icon;
-
-	used = hwaddr_aton2(cmd, dst_addr);
-	if (used < 0)
-		return -1;
-
-	while (cmd[used] == ' ')
-		used++;
-	icon = &cmd[used];
-
-	wpa_s->fetch_osu_icon_in_progress = 0;
-	return hs20_anqp_send_req(wpa_s, dst_addr, BIT(HS20_STYPE_ICON_REQUEST),
-				  (u8 *) icon, os_strlen(icon), inmem);
-}
-
-#endif /* CONFIG_HS20 */
-
-
-#ifdef CONFIG_AUTOSCAN
-
-static int wpa_supplicant_ctrl_iface_autoscan(struct wpa_supplicant *wpa_s,
-					      char *cmd)
-{
-	enum wpa_states state = wpa_s->wpa_state;
-	char *new_params = NULL;
-
-	if (os_strlen(cmd) > 0) {
-		new_params = os_strdup(cmd);
-		if (new_params == NULL)
-			return -1;
-	}
-
-	os_free(wpa_s->conf->autoscan);
-	wpa_s->conf->autoscan = new_params;
-
-	if (wpa_s->conf->autoscan == NULL)
-		autoscan_deinit(wpa_s);
-	else if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
-		autoscan_init(wpa_s, 1);
-	else if (state == WPA_SCANNING)
-		wpa_supplicant_reinit_autoscan(wpa_s);
-	else
-		wpa_printf(MSG_DEBUG, "No autoscan update in state %s",
-			   wpa_supplicant_state_txt(state));
-
-	return 0;
-}
-
-#endif /* CONFIG_AUTOSCAN */
-
-
-#ifdef CONFIG_WNM
-
-static int wpas_ctrl_iface_wnm_sleep(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int enter;
-	int intval = 0;
-	char *pos;
-	int ret;
-	struct wpabuf *tfs_req = NULL;
-
-	if (os_strncmp(cmd, "enter", 5) == 0)
-		enter = 1;
-	else if (os_strncmp(cmd, "exit", 4) == 0)
-		enter = 0;
-	else
-		return -1;
-
-	pos = os_strstr(cmd, " interval=");
-	if (pos)
-		intval = atoi(pos + 10);
-
-	pos = os_strstr(cmd, " tfs_req=");
-	if (pos) {
-		char *end;
-		size_t len;
-		pos += 9;
-		end = os_strchr(pos, ' ');
-		if (end)
-			len = end - pos;
-		else
-			len = os_strlen(pos);
-		if (len & 1)
-			return -1;
-		len /= 2;
-		tfs_req = wpabuf_alloc(len);
-		if (tfs_req == NULL)
-			return -1;
-		if (hexstr2bin(pos, wpabuf_put(tfs_req, len), len) < 0) {
-			wpabuf_free(tfs_req);
-			return -1;
-		}
-	}
-
-	ret = ieee802_11_send_wnmsleep_req(wpa_s, enter ? WNM_SLEEP_MODE_ENTER :
-					   WNM_SLEEP_MODE_EXIT, intval,
-					   tfs_req);
-	wpabuf_free(tfs_req);
-
-	return ret;
-}
-
-
-static int wpas_ctrl_iface_wnm_bss_query(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	int query_reason, list = 0;
-	char *btm_candidates = NULL;
-
-	query_reason = atoi(cmd);
-
-	cmd = os_strchr(cmd, ' ');
-	if (cmd) {
-		if (os_strncmp(cmd, " list", 5) == 0)
-			list = 1;
-		else
-			btm_candidates = cmd;
-	}
-
-	wpa_printf(MSG_DEBUG,
-		   "CTRL_IFACE: WNM_BSS_QUERY query_reason=%d%s",
-		   query_reason, list ? " candidate list" : "");
-
-	return wnm_send_bss_transition_mgmt_query(wpa_s, query_reason,
-						  btm_candidates,
-						  list);
-}
-
-
-static int wpas_ctrl_iface_coloc_intf_report(struct wpa_supplicant *wpa_s,
-					     char *cmd)
-{
-	struct wpabuf *elems;
-	int ret;
-
-	elems = wpabuf_parse_bin(cmd);
-	if (!elems)
-		return -1;
-
-	ret = wnm_send_coloc_intf_report(wpa_s, 0, elems);
-	wpabuf_free(elems);
-	return ret;
-}
-
-#endif /* CONFIG_WNM */
-
-
-static int wpa_supplicant_signal_poll(struct wpa_supplicant *wpa_s, char *buf,
-				      size_t buflen)
-{
-	struct wpa_signal_info si;
-	int ret;
-	char *pos, *end;
-
-	ret = wpa_drv_signal_poll(wpa_s, &si);
-	if (ret)
-		return -1;
-
-	pos = buf;
-	end = buf + buflen;
-
-	ret = os_snprintf(pos, end - pos, "RSSI=%d\nLINKSPEED=%d\n"
-			  "NOISE=%d\nFREQUENCY=%u\n",
-			  si.current_signal, si.current_txrate / 1000,
-			  si.current_noise, si.frequency);
-	if (os_snprintf_error(end - pos, ret))
-		return -1;
-	pos += ret;
-
-	if (si.chanwidth != CHAN_WIDTH_UNKNOWN) {
-		ret = os_snprintf(pos, end - pos, "WIDTH=%s\n",
-				  channel_width_to_string(si.chanwidth));
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	if (si.center_frq1 > 0) {
-		ret = os_snprintf(pos, end - pos, "CENTER_FRQ1=%d\n",
-				  si.center_frq1);
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	if (si.center_frq2 > 0) {
-		ret = os_snprintf(pos, end - pos, "CENTER_FRQ2=%d\n",
-				  si.center_frq2);
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	if (si.avg_signal) {
-		ret = os_snprintf(pos, end - pos,
-				  "AVG_RSSI=%d\n", si.avg_signal);
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	if (si.avg_beacon_signal) {
-		ret = os_snprintf(pos, end - pos,
-				  "AVG_BEACON_RSSI=%d\n", si.avg_beacon_signal);
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static int wpas_ctrl_iface_signal_monitor(struct wpa_supplicant *wpa_s,
-					  const char *cmd)
-{
-	const char *pos;
-	int threshold = 0;
-	int hysteresis = 0;
-
-	if (wpa_s->bgscan && wpa_s->bgscan_priv) {
-		wpa_printf(MSG_DEBUG,
-			   "Reject SIGNAL_MONITOR command - bgscan is active");
-		return -1;
-	}
-	pos = os_strstr(cmd, "THRESHOLD=");
-	if (pos)
-		threshold = atoi(pos + 10);
-	pos = os_strstr(cmd, "HYSTERESIS=");
-	if (pos)
-		hysteresis = atoi(pos + 11);
-	return wpa_drv_signal_monitor(wpa_s, threshold, hysteresis);
-}
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-int wpas_ctrl_iface_get_pref_freq_list_override(struct wpa_supplicant *wpa_s,
-						enum wpa_driver_if_type if_type,
-						unsigned int *num,
-						unsigned int *freq_list)
-{
-	char *pos = wpa_s->get_pref_freq_list_override;
-	char *end;
-	unsigned int count = 0;
-
-	/* Override string format:
-	 *  <if_type1>:<freq1>,<freq2>,... <if_type2>:... */
-
-	while (pos) {
-		if (atoi(pos) == (int) if_type)
-			break;
-		pos = os_strchr(pos, ' ');
-		if (pos)
-			pos++;
-	}
-	if (!pos)
-		return -1;
-	pos = os_strchr(pos, ':');
-	if (!pos)
-		return -1;
-	pos++;
-	end = os_strchr(pos, ' ');
-	while (pos && (!end || pos < end) && count < *num) {
-		freq_list[count++] = atoi(pos);
-		pos = os_strchr(pos, ',');
-		if (pos)
-			pos++;
-	}
-
-	*num = count;
-	return 0;
-}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-
-static int wpas_ctrl_iface_get_pref_freq_list(
-	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
-{
-	unsigned int freq_list[100], num = 100, i;
-	int ret;
-	enum wpa_driver_if_type iface_type;
-	char *pos, *end;
-
-	pos = buf;
-	end = buf + buflen;
-
-	/* buf: "<interface_type>" */
-	if (os_strcmp(cmd, "STATION") == 0)
-		iface_type = WPA_IF_STATION;
-	else if (os_strcmp(cmd, "AP") == 0)
-		iface_type = WPA_IF_AP_BSS;
-	else if (os_strcmp(cmd, "P2P_GO") == 0)
-		iface_type = WPA_IF_P2P_GO;
-	else if (os_strcmp(cmd, "P2P_CLIENT") == 0)
-		iface_type = WPA_IF_P2P_CLIENT;
-	else if (os_strcmp(cmd, "IBSS") == 0)
-		iface_type = WPA_IF_IBSS;
-	else if (os_strcmp(cmd, "TDLS") == 0)
-		iface_type = WPA_IF_TDLS;
-	else
-		return -1;
-
-	wpa_printf(MSG_DEBUG,
-		   "CTRL_IFACE: GET_PREF_FREQ_LIST iface_type=%d (%s)",
-		   iface_type, cmd);
-
-	ret = wpa_drv_get_pref_freq_list(wpa_s, iface_type, &num, freq_list);
-	if (ret)
-		return -1;
-
-	for (i = 0; i < num; i++) {
-		ret = os_snprintf(pos, end - pos, "%s%u",
-				  i > 0 ? "," : "", freq_list[i]);
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static int wpas_ctrl_iface_driver_flags(struct wpa_supplicant *wpa_s,
-					char *buf, size_t buflen)
-{
-	int ret, i;
-	char *pos, *end;
-
-	ret = os_snprintf(buf, buflen, "%016llX:\n",
-			  (long long unsigned) wpa_s->drv_flags);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-
-	pos = buf + ret;
-	end = buf + buflen;
-
-	for (i = 0; i < 64; i++) {
-		if (wpa_s->drv_flags & (1LLU << i)) {
-			ret = os_snprintf(pos, end - pos, "%s\n",
-					  driver_flag_to_string(1LLU << i));
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-	}
-
-	return pos - buf;
-}
-
-
-static int wpas_ctrl_iface_driver_flags2(struct wpa_supplicant *wpa_s,
-					 char *buf, size_t buflen)
-{
-	int ret, i;
-	char *pos, *end;
-
-	ret = os_snprintf(buf, buflen, "%016llX:\n",
-			  (long long unsigned) wpa_s->drv_flags2);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-
-	pos = buf + ret;
-	end = buf + buflen;
-
-	for (i = 0; i < 64; i++) {
-		if (wpa_s->drv_flags2 & (1LLU << i)) {
-			ret = os_snprintf(pos, end - pos, "%s\n",
-					  driver_flag2_to_string(1LLU << i));
-			if (os_snprintf_error(end - pos, ret))
-				return -1;
-			pos += ret;
-		}
-	}
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_pktcnt_poll(struct wpa_supplicant *wpa_s, char *buf,
-				      size_t buflen)
-{
-	struct hostap_sta_driver_data sta;
-	int ret;
-
-	ret = wpa_drv_pktcnt_poll(wpa_s, &sta);
-	if (ret)
-		return -1;
-
-	ret = os_snprintf(buf, buflen, "TXGOOD=%lu\nTXBAD=%lu\nRXGOOD=%lu\n",
-			  sta.tx_packets, sta.tx_retry_failed, sta.rx_packets);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-	return ret;
-}
-
-
-#ifdef ANDROID
-static int wpa_supplicant_driver_cmd(struct wpa_supplicant *wpa_s, char *cmd,
-				     char *buf, size_t buflen)
-{
-	int ret;
-
-	ret = wpa_drv_driver_cmd(wpa_s, cmd, buf, buflen);
-	if (ret == 0) {
-		if (os_strncasecmp(cmd, "COUNTRY", 7) == 0) {
-			struct p2p_data *p2p = wpa_s->global->p2p;
-			if (p2p) {
-				char country[3];
-				country[0] = cmd[8];
-				country[1] = cmd[9];
-				country[2] = 0x04;
-				p2p_set_country(p2p, country);
-			}
-		}
-		ret = os_snprintf(buf, buflen, "%s\n", "OK");
-		if (os_snprintf_error(buflen, ret))
-			ret = -1;
-	}
-	return ret;
-}
-#endif /* ANDROID */
-
-
-static int wpa_supplicant_vendor_cmd(struct wpa_supplicant *wpa_s, char *cmd,
-				     char *buf, size_t buflen)
-{
-	int ret;
-	char *pos, *temp = NULL;
-	u8 *data = NULL;
-	unsigned int vendor_id, subcmd;
-	enum nested_attr nested_attr_flag = NESTED_ATTR_UNSPECIFIED;
-	struct wpabuf *reply;
-	size_t data_len = 0;
-
-	/**
-	 * cmd: <vendor id> <subcommand id> [<hex formatted data>]
-	 * [nested=<0|1>]
-	 */
-	vendor_id = strtoul(cmd, &pos, 16);
-	if (!isblank((unsigned char) *pos))
-		return -EINVAL;
-
-	subcmd = strtoul(pos, &pos, 10);
-
-	if (*pos != '\0') {
-		if (!isblank((unsigned char) *pos++))
-			return -EINVAL;
-
-		temp = os_strchr(pos, ' ');
-		data_len = temp ? (size_t) (temp - pos) : os_strlen(pos);
-	}
-
-	if (data_len) {
-		data_len /= 2;
-		data = os_malloc(data_len);
-		if (!data)
-			return -1;
-
-		if (hexstr2bin(pos, data, data_len)) {
-			wpa_printf(MSG_DEBUG,
-				   "Vendor command: wrong parameter format");
-			os_free(data);
-			return -EINVAL;
-		}
-	}
-
-	pos = os_strstr(cmd, "nested=");
-	if (pos)
-		nested_attr_flag = atoi(pos + 7) ? NESTED_ATTR_USED :
-			NESTED_ATTR_NOT_USED;
-
-	reply = wpabuf_alloc((buflen - 1) / 2);
-	if (!reply) {
-		os_free(data);
-		return -1;
-	}
-
-	ret = wpa_drv_vendor_cmd(wpa_s, vendor_id, subcmd, data, data_len,
-				 nested_attr_flag, reply);
-
-	if (ret == 0)
-		ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(reply),
-				       wpabuf_len(reply));
-
-	wpabuf_free(reply);
-	os_free(data);
-
-	return ret;
-}
-
-
-static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_P2P
-	struct wpa_supplicant *p2p_wpa_s = wpa_s->global->p2p_init_wpa_s ?
-		wpa_s->global->p2p_init_wpa_s : wpa_s;
-#endif /* CONFIG_P2P */
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Flush all wpa_supplicant state");
-
-	if (wpas_abort_ongoing_scan(wpa_s) == 0)
-		wpa_s->ignore_post_flush_scan_res = 1;
-
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-		/*
-		 * Avoid possible auto connect re-connection on getting
-		 * disconnected due to state flush.
-		 */
-		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-	}
-
-#ifdef CONFIG_P2P
-	wpas_p2p_group_remove(p2p_wpa_s, "*");
-	wpas_p2p_cancel(p2p_wpa_s);
-	p2p_ctrl_flush(p2p_wpa_s);
-	wpas_p2p_service_flush(p2p_wpa_s);
-	p2p_wpa_s->global->p2p_disabled = 0;
-	p2p_wpa_s->global->p2p_per_sta_psk = 0;
-	p2p_wpa_s->conf->num_sec_device_types = 0;
-	p2p_wpa_s->p2p_disable_ip_addr_req = 0;
-	os_free(p2p_wpa_s->global->p2p_go_avoid_freq.range);
-	p2p_wpa_s->global->p2p_go_avoid_freq.range = NULL;
-	p2p_wpa_s->global->p2p_go_avoid_freq.num = 0;
-	p2p_wpa_s->global->pending_p2ps_group = 0;
-	p2p_wpa_s->global->pending_p2ps_group_freq = 0;
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_WPS_TESTING
-	wps_version_number = 0x20;
-	wps_testing_stub_cred = 0;
-	wps_corrupt_pkhash = 0;
-	wps_force_auth_types_in_use = 0;
-	wps_force_encr_types_in_use = 0;
-#endif /* CONFIG_WPS_TESTING */
-#ifdef CONFIG_WPS
-	wpa_s->wps_fragment_size = 0;
-	wpas_wps_cancel(wpa_s);
-	wps_registrar_flush(wpa_s->wps->registrar);
-#endif /* CONFIG_WPS */
-	wpa_s->after_wps = 0;
-	wpa_s->known_wps_freq = 0;
-
-#ifdef CONFIG_DPP
-	wpas_dpp_deinit(wpa_s);
-	wpa_s->dpp_init_max_tries = 0;
-	wpa_s->dpp_init_retry_time = 0;
-	wpa_s->dpp_resp_wait_time = 0;
-	wpa_s->dpp_resp_max_tries = 0;
-	wpa_s->dpp_resp_retry_time = 0;
-#ifdef CONFIG_DPP2
-	wpas_dpp_chirp_stop(wpa_s);
-	wpa_s->dpp_pfs_fallback = 0;
-#endif /* CONFIG_DPP2 */
-#ifdef CONFIG_TESTING_OPTIONS
-	os_memset(dpp_pkex_own_mac_override, 0, ETH_ALEN);
-	os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN);
-	dpp_pkex_ephemeral_key_override_len = 0;
-	dpp_protocol_key_override_len = 0;
-	dpp_nonce_override_len = 0;
-#ifdef CONFIG_DPP3
-	dpp_version_override = 3;
-#elif defined(CONFIG_DPP2)
-	dpp_version_override = 2;
-#else /* CONFIG_DPP2 */
-	dpp_version_override = 1;
-#endif /* CONFIG_DPP2 */
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_TDLS
-#ifdef CONFIG_TDLS_TESTING
-	tdls_testing = 0;
-#endif /* CONFIG_TDLS_TESTING */
-	wpa_drv_tdls_oper(wpa_s, TDLS_ENABLE, NULL);
-	wpa_tdls_enable(wpa_s->wpa, 1);
-#endif /* CONFIG_TDLS */
-
-	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
-	wpa_supplicant_stop_countermeasures(wpa_s, NULL);
-	wpa_s->last_michael_mic_error.sec = 0;
-
-	wpa_s->no_keep_alive = 0;
-	wpa_s->own_disconnect_req = 0;
-	wpa_s->own_reconnect_req = 0;
-	wpa_s->deny_ptk0_rekey = 0;
-
-	os_free(wpa_s->disallow_aps_bssid);
-	wpa_s->disallow_aps_bssid = NULL;
-	wpa_s->disallow_aps_bssid_count = 0;
-	os_free(wpa_s->disallow_aps_ssid);
-	wpa_s->disallow_aps_ssid = NULL;
-	wpa_s->disallow_aps_ssid_count = 0;
-
-	wpa_s->set_sta_uapsd = 0;
-	wpa_s->sta_uapsd = 0;
-
-	wpa_s->consecutive_conn_failures = 0;
-
-	wpa_drv_radio_disable(wpa_s, 0);
-	wpa_bssid_ignore_clear(wpa_s);
-	wpa_supplicant_ctrl_iface_remove_network(wpa_s, "all");
-	wpa_supplicant_ctrl_iface_remove_cred(wpa_s, "all");
-	wpa_config_flush_blobs(wpa_s->conf);
-	wpa_s->conf->auto_interworking = 0;
-	wpa_s->conf->okc = 0;
-
-	ptksa_cache_flush(wpa_s->ptksa, NULL, WPA_CIPHER_NONE);
-	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
-	rsn_preauth_deinit(wpa_s->wpa);
-
-	wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME, 43200);
-	wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD, 70);
-	wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT, 60);
-	eapol_sm_notify_logoff(wpa_s->eapol, false);
-
-	radio_remove_works(wpa_s, NULL, 1);
-	wpa_s->ext_work_in_progress = 0;
-
-	wpa_s->next_ssid = NULL;
-
-#ifdef CONFIG_INTERWORKING
-#ifdef CONFIG_HS20
-	hs20_cancel_fetch_osu(wpa_s);
-	hs20_del_icon(wpa_s, NULL, NULL);
-#endif /* CONFIG_HS20 */
-#endif /* CONFIG_INTERWORKING */
-
-	wpa_s->ext_mgmt_frame_handling = 0;
-	wpa_s->ext_eapol_frame_io = 0;
-#ifdef CONFIG_TESTING_OPTIONS
-	wpa_s->extra_roc_dur = 0;
-	wpa_s->test_failure = WPAS_TEST_FAILURE_NONE;
-	wpa_s->p2p_go_csa_on_inv = 0;
-	wpa_s->ignore_auth_resp = 0;
-	wpa_s->ignore_assoc_disallow = 0;
-	wpa_s->disable_sa_query = 0;
-	wpa_s->testing_resend_assoc = 0;
-	wpa_s->ignore_sae_h2e_only = 0;
-	wpa_s->ft_rsnxe_used = 0;
-	wpa_s->reject_btm_req_reason = 0;
-	wpa_sm_set_test_assoc_ie(wpa_s->wpa, NULL);
-	os_free(wpa_s->get_pref_freq_list_override);
-	wpa_s->get_pref_freq_list_override = NULL;
-	wpabuf_free(wpa_s->sae_commit_override);
-	wpa_s->sae_commit_override = NULL;
-	os_free(wpa_s->extra_sae_rejected_groups);
-	wpa_s->extra_sae_rejected_groups = NULL;
-	wpabuf_free(wpa_s->rsne_override_eapol);
-	wpa_s->rsne_override_eapol = NULL;
-	wpabuf_free(wpa_s->rsnxe_override_assoc);
-	wpa_s->rsnxe_override_assoc = NULL;
-	wpabuf_free(wpa_s->rsnxe_override_eapol);
-	wpa_s->rsnxe_override_eapol = NULL;
-	wpas_clear_driver_signal_override(wpa_s);
-	wpa_s->disable_scs_support = 0;
-	wpa_s->disable_mscs_support = 0;
-	wpa_s->enable_dscp_policy_capa = 0;
-	wpa_s->oci_freq_override_eapol = 0;
-	wpa_s->oci_freq_override_saquery_req = 0;
-	wpa_s->oci_freq_override_saquery_resp = 0;
-	wpa_s->oci_freq_override_eapol_g2 = 0;
-	wpa_s->oci_freq_override_ft_assoc = 0;
-	wpa_s->oci_freq_override_fils_assoc = 0;
-	wpa_s->oci_freq_override_wnm_sleep = 0;
-#ifdef CONFIG_DPP
-	os_free(wpa_s->dpp_config_obj_override);
-	wpa_s->dpp_config_obj_override = NULL;
-	os_free(wpa_s->dpp_discovery_override);
-	wpa_s->dpp_discovery_override = NULL;
-	os_free(wpa_s->dpp_groups_override);
-	wpa_s->dpp_groups_override = NULL;
-	dpp_test = DPP_TEST_DISABLED;
-#endif /* CONFIG_DPP */
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	wpa_s->disconnected = 0;
-	os_free(wpa_s->next_scan_freqs);
-	wpa_s->next_scan_freqs = NULL;
-	os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN);
-	wpa_s->next_scan_bssid_wildcard_ssid = 0;
-	os_free(wpa_s->select_network_scan_freqs);
-	wpa_s->select_network_scan_freqs = NULL;
-	os_memset(&wpa_s->robust_av, 0, sizeof(struct robust_av_data));
-
-	wpa_bss_flush(wpa_s);
-	if (!dl_list_empty(&wpa_s->bss)) {
-		wpa_printf(MSG_DEBUG,
-			   "BSS table not empty after flush: %u entries, current_bss=%p bssid="
-			   MACSTR " pending_bssid=" MACSTR,
-			   dl_list_len(&wpa_s->bss), wpa_s->current_bss,
-			   MAC2STR(wpa_s->bssid),
-			   MAC2STR(wpa_s->pending_bssid));
-	}
-
-	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
-	wpa_s->wnmsleep_used = 0;
-
-#ifdef CONFIG_SME
-	wpa_s->sme.last_unprot_disconnect.sec = 0;
-	wpa_s->sme.auth_alg = 0;
-#endif /* CONFIG_SME */
-
-	wpabuf_free(wpa_s->ric_ies);
-	wpa_s->ric_ies = NULL;
-
-	wpa_supplicant_update_channel_list(wpa_s, NULL);
-
-	free_bss_tmp_disallowed(wpa_s);
-
-	os_memset(&wpa_s->robust_av, 0, sizeof(struct robust_av_data));
-
-#ifdef CONFIG_PASN
-	wpas_pasn_auth_stop(wpa_s);
-#endif /* CONFIG_PASN */
-
-	if (wpa_s->mac_addr_changed && wpa_s->conf->mac_addr == 0)
-		wpas_restore_permanent_mac_addr(wpa_s);
-}
-
-
-static int wpas_ctrl_radio_work_show(struct wpa_supplicant *wpa_s,
-				     char *buf, size_t buflen)
-{
-	struct wpa_radio_work *work;
-	char *pos, *end;
-	struct os_reltime now, diff;
-
-	pos = buf;
-	end = buf + buflen;
-
-	os_get_reltime(&now);
-
-	dl_list_for_each(work, &wpa_s->radio->work, struct wpa_radio_work, list)
-	{
-		int ret;
-
-		os_reltime_sub(&now, &work->time, &diff);
-		ret = os_snprintf(pos, end - pos, "%s@%s:%u:%u:%ld.%06ld\n",
-				  work->type, work->wpa_s->ifname, work->freq,
-				  work->started, diff.sec, diff.usec);
-		if (os_snprintf_error(end - pos, ret))
-			break;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-static void wpas_ctrl_radio_work_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_radio_work *work = eloop_ctx;
-	struct wpa_external_work *ework = work->ctx;
-
-	wpa_dbg(work->wpa_s, MSG_DEBUG,
-		"Timing out external radio work %u (%s)",
-		ework->id, work->type);
-	wpa_msg(work->wpa_s, MSG_INFO, EXT_RADIO_WORK_TIMEOUT "%u", ework->id);
-	work->wpa_s->ext_work_in_progress = 0;
-	radio_work_done(work);
-	os_free(ework);
-}
-
-
-static void wpas_ctrl_radio_work_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_external_work *ework = work->ctx;
-
-	if (deinit) {
-		if (work->started)
-			eloop_cancel_timeout(wpas_ctrl_radio_work_timeout,
-					     work, NULL);
-
-		/*
-		 * work->type points to a buffer in ework, so need to replace
-		 * that here with a fixed string to avoid use of freed memory
-		 * in debug prints.
-		 */
-		work->type = "freed-ext-work";
-		work->ctx = NULL;
-		os_free(ework);
-		return;
-	}
-
-	wpa_dbg(work->wpa_s, MSG_DEBUG, "Starting external radio work %u (%s)",
-		ework->id, ework->type);
-	wpa_msg(work->wpa_s, MSG_INFO, EXT_RADIO_WORK_START "%u", ework->id);
-	work->wpa_s->ext_work_in_progress = 1;
-	if (!ework->timeout)
-		ework->timeout = 10;
-	eloop_register_timeout(ework->timeout, 0, wpas_ctrl_radio_work_timeout,
-			       work, NULL);
-}
-
-
-static int wpas_ctrl_radio_work_add(struct wpa_supplicant *wpa_s, char *cmd,
-				    char *buf, size_t buflen)
-{
-	struct wpa_external_work *ework;
-	char *pos, *pos2;
-	size_t type_len;
-	int ret;
-	unsigned int freq = 0;
-
-	/* format: <name> [freq=<MHz>] [timeout=<seconds>] */
-
-	ework = os_zalloc(sizeof(*ework));
-	if (ework == NULL)
-		return -1;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos) {
-		type_len = pos - cmd;
-		pos++;
-
-		pos2 = os_strstr(pos, "freq=");
-		if (pos2)
-			freq = atoi(pos2 + 5);
-
-		pos2 = os_strstr(pos, "timeout=");
-		if (pos2)
-			ework->timeout = atoi(pos2 + 8);
-	} else {
-		type_len = os_strlen(cmd);
-	}
-	if (4 + type_len >= sizeof(ework->type))
-		type_len = sizeof(ework->type) - 4 - 1;
-	os_strlcpy(ework->type, "ext:", sizeof(ework->type));
-	os_memcpy(ework->type + 4, cmd, type_len);
-	ework->type[4 + type_len] = '\0';
-
-	wpa_s->ext_work_id++;
-	if (wpa_s->ext_work_id == 0)
-		wpa_s->ext_work_id++;
-	ework->id = wpa_s->ext_work_id;
-
-	if (radio_add_work(wpa_s, freq, ework->type, 0, wpas_ctrl_radio_work_cb,
-			   ework) < 0) {
-		os_free(ework);
-		return -1;
-	}
-
-	ret = os_snprintf(buf, buflen, "%u", ework->id);
-	if (os_snprintf_error(buflen, ret))
-		return -1;
-	return ret;
-}
-
-
-static int wpas_ctrl_radio_work_done(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	struct wpa_radio_work *work;
-	unsigned int id = atoi(cmd);
-
-	dl_list_for_each(work, &wpa_s->radio->work, struct wpa_radio_work, list)
-	{
-		struct wpa_external_work *ework;
-
-		if (os_strncmp(work->type, "ext:", 4) != 0)
-			continue;
-		ework = work->ctx;
-		if (id && ework->id != id)
-			continue;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Completed external radio work %u (%s)",
-			ework->id, ework->type);
-		eloop_cancel_timeout(wpas_ctrl_radio_work_timeout, work, NULL);
-		wpa_s->ext_work_in_progress = 0;
-		radio_work_done(work);
-		os_free(ework);
-		return 3; /* "OK\n" */
-	}
-
-	return -1;
-}
-
-
-static int wpas_ctrl_radio_work(struct wpa_supplicant *wpa_s, char *cmd,
-				char *buf, size_t buflen)
-{
-	if (os_strcmp(cmd, "show") == 0)
-		return wpas_ctrl_radio_work_show(wpa_s, buf, buflen);
-	if (os_strncmp(cmd, "add ", 4) == 0)
-		return wpas_ctrl_radio_work_add(wpa_s, cmd + 4, buf, buflen);
-	if (os_strncmp(cmd, "done ", 5) == 0)
-		return wpas_ctrl_radio_work_done(wpa_s, cmd + 4);
-	return -1;
-}
-
-
-void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_radio_work *work, *tmp;
-
-	if (!wpa_s || !wpa_s->radio)
-		return;
-
-	dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
-			      struct wpa_radio_work, list) {
-		struct wpa_external_work *ework;
-
-		if (os_strncmp(work->type, "ext:", 4) != 0)
-			continue;
-		ework = work->ctx;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Flushing%s external radio work %u (%s)",
-			work->started ? " started" : "", ework->id,
-			ework->type);
-		if (work->started)
-			eloop_cancel_timeout(wpas_ctrl_radio_work_timeout,
-					     work, NULL);
-		radio_work_done(work);
-		os_free(ework);
-	}
-}
-
-
-static void wpas_ctrl_eapol_response(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	eapol_sm_notify_ctrl_response(wpa_s->eapol);
-}
-
-
-static int scan_id_list_parse(struct wpa_supplicant *wpa_s, const char *value,
-			      unsigned int *scan_id_count, int scan_id[])
-{
-	const char *pos = value;
-
-	while (pos) {
-		if (*pos == ' ' || *pos == '\0')
-			break;
-		if (*scan_id_count == MAX_SCAN_ID)
-			return -1;
-		scan_id[(*scan_id_count)++] = atoi(pos);
-		pos = os_strchr(pos, ',');
-		if (pos)
-			pos++;
-	}
-
-	return 0;
-}
-
-
-static void wpas_ctrl_scan(struct wpa_supplicant *wpa_s, char *params,
-			   char *reply, int reply_size, int *reply_len)
-{
-	char *pos;
-	unsigned int manual_scan_passive = 0;
-	unsigned int manual_scan_use_id = 0;
-	unsigned int manual_scan_only_new = 0;
-	unsigned int scan_only = 0;
-	unsigned int scan_id_count = 0;
-	int scan_id[MAX_SCAN_ID];
-	void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
-				 struct wpa_scan_results *scan_res);
-	int *manual_scan_freqs = NULL;
-	struct wpa_ssid_value *ssid = NULL, *ns;
-	unsigned int ssid_count = 0;
-
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-		*reply_len = -1;
-		return;
-	}
-
-	if (radio_work_pending(wpa_s, "scan")) {
-		wpa_printf(MSG_DEBUG,
-			   "Pending scan scheduled - reject new request");
-		*reply_len = os_snprintf(reply, reply_size, "FAIL-BUSY\n");
-		return;
-	}
-
-#ifdef CONFIG_INTERWORKING
-	if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
-		wpa_printf(MSG_DEBUG,
-			   "Interworking select in progress - reject new scan");
-		*reply_len = os_snprintf(reply, reply_size, "FAIL-BUSY\n");
-		return;
-	}
-#endif /* CONFIG_INTERWORKING */
-
-	if (params) {
-		if (os_strncasecmp(params, "TYPE=ONLY", 9) == 0)
-			scan_only = 1;
-
-		pos = os_strstr(params, "freq=");
-		if (pos) {
-			manual_scan_freqs = freq_range_to_channel_list(wpa_s,
-								       pos + 5);
-			if (manual_scan_freqs == NULL) {
-				*reply_len = -1;
-				goto done;
-			}
-		}
-
-		pos = os_strstr(params, "passive=");
-		if (pos)
-			manual_scan_passive = !!atoi(pos + 8);
-
-		pos = os_strstr(params, "use_id=");
-		if (pos)
-			manual_scan_use_id = atoi(pos + 7);
-
-		pos = os_strstr(params, "only_new=1");
-		if (pos)
-			manual_scan_only_new = 1;
-
-		pos = os_strstr(params, "scan_id=");
-		if (pos && scan_id_list_parse(wpa_s, pos + 8, &scan_id_count,
-					      scan_id) < 0) {
-			*reply_len = -1;
-			goto done;
-		}
-
-		pos = os_strstr(params, "bssid=");
-		if (pos) {
-			u8 bssid[ETH_ALEN];
-
-			pos += 6;
-			if (hwaddr_aton(pos, bssid)) {
-				wpa_printf(MSG_ERROR, "Invalid BSSID %s", pos);
-				*reply_len = -1;
-				goto done;
-			}
-			os_memcpy(wpa_s->next_scan_bssid, bssid, ETH_ALEN);
-
-			wpa_s->next_scan_bssid_wildcard_ssid =
-				os_strstr(params, "wildcard_ssid=1") != NULL;
-		}
-
-		pos = params;
-		while (pos && *pos != '\0') {
-			if (os_strncmp(pos, "ssid ", 5) == 0) {
-				char *end;
-
-				pos += 5;
-				end = pos;
-				while (*end) {
-					if (*end == '\0' || *end == ' ')
-						break;
-					end++;
-				}
-
-				ns = os_realloc_array(
-					ssid, ssid_count + 1,
-					sizeof(struct wpa_ssid_value));
-				if (ns == NULL) {
-					*reply_len = -1;
-					goto done;
-				}
-				ssid = ns;
-
-				if ((end - pos) & 0x01 ||
-				    end - pos > 2 * SSID_MAX_LEN ||
-				    hexstr2bin(pos, ssid[ssid_count].ssid,
-					       (end - pos) / 2) < 0) {
-					wpa_printf(MSG_DEBUG,
-						   "Invalid SSID value '%s'",
-						   pos);
-					*reply_len = -1;
-					goto done;
-				}
-				ssid[ssid_count].ssid_len = (end - pos) / 2;
-				wpa_hexdump_ascii(MSG_DEBUG, "scan SSID",
-						  ssid[ssid_count].ssid,
-						  ssid[ssid_count].ssid_len);
-				ssid_count++;
-				pos = end;
-			}
-
-			pos = os_strchr(pos, ' ');
-			if (pos)
-				pos++;
-		}
-	}
-
-	wpa_s->num_ssids_from_scan_req = ssid_count;
-	os_free(wpa_s->ssids_from_scan_req);
-	if (ssid_count) {
-		wpa_s->ssids_from_scan_req = ssid;
-		ssid = NULL;
-	} else {
-		wpa_s->ssids_from_scan_req = NULL;
-	}
-
-	if (scan_only)
-		scan_res_handler = scan_only_handler;
-	else if (wpa_s->scan_res_handler == scan_only_handler)
-		scan_res_handler = NULL;
-	else
-		scan_res_handler = wpa_s->scan_res_handler;
-
-	if (!wpa_s->sched_scanning && !wpa_s->scanning &&
-	    ((wpa_s->wpa_state <= WPA_SCANNING) ||
-	     (wpa_s->wpa_state == WPA_COMPLETED))) {
-		wpa_s->manual_scan_passive = manual_scan_passive;
-		wpa_s->manual_scan_use_id = manual_scan_use_id;
-		wpa_s->manual_scan_only_new = manual_scan_only_new;
-		wpa_s->scan_id_count = scan_id_count;
-		os_memcpy(wpa_s->scan_id, scan_id, scan_id_count * sizeof(int));
-		wpa_s->scan_res_handler = scan_res_handler;
-		os_free(wpa_s->manual_scan_freqs);
-		wpa_s->manual_scan_freqs = manual_scan_freqs;
-		manual_scan_freqs = NULL;
-
-		wpa_s->normal_scans = 0;
-		wpa_s->scan_req = MANUAL_SCAN_REQ;
-		wpa_s->after_wps = 0;
-		wpa_s->known_wps_freq = 0;
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-		if (wpa_s->manual_scan_use_id) {
-			wpa_s->manual_scan_id++;
-			wpa_dbg(wpa_s, MSG_DEBUG, "Assigned scan id %u",
-				wpa_s->manual_scan_id);
-			*reply_len = os_snprintf(reply, reply_size, "%u\n",
-						 wpa_s->manual_scan_id);
-		}
-	} else if (wpa_s->sched_scanning) {
-		wpa_s->manual_scan_passive = manual_scan_passive;
-		wpa_s->manual_scan_use_id = manual_scan_use_id;
-		wpa_s->manual_scan_only_new = manual_scan_only_new;
-		wpa_s->scan_id_count = scan_id_count;
-		os_memcpy(wpa_s->scan_id, scan_id, scan_id_count * sizeof(int));
-		wpa_s->scan_res_handler = scan_res_handler;
-		os_free(wpa_s->manual_scan_freqs);
-		wpa_s->manual_scan_freqs = manual_scan_freqs;
-		manual_scan_freqs = NULL;
-
-		wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to allow requested full scan to proceed");
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-		wpa_s->scan_req = MANUAL_SCAN_REQ;
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-		if (wpa_s->manual_scan_use_id) {
-			wpa_s->manual_scan_id++;
-			*reply_len = os_snprintf(reply, reply_size, "%u\n",
-						 wpa_s->manual_scan_id);
-			wpa_dbg(wpa_s, MSG_DEBUG, "Assigned scan id %u",
-				wpa_s->manual_scan_id);
-		}
-	} else {
-		wpa_printf(MSG_DEBUG, "Ongoing scan action - reject new request");
-		*reply_len = os_snprintf(reply, reply_size, "FAIL-BUSY\n");
-	}
-
-done:
-	os_free(manual_scan_freqs);
-	os_free(ssid);
-}
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-
-static void wpas_ctrl_iface_mgmt_tx_cb(struct wpa_supplicant *wpa_s,
-				       unsigned int freq, const u8 *dst,
-				       const u8 *src, const u8 *bssid,
-				       const u8 *data, size_t data_len,
-				       enum offchannel_send_action_result
-				       result)
-{
-	wpa_msg(wpa_s, MSG_INFO, "MGMT-TX-STATUS freq=%u dst=" MACSTR
-		" src=" MACSTR " bssid=" MACSTR " result=%s",
-		freq, MAC2STR(dst), MAC2STR(src), MAC2STR(bssid),
-		result == OFFCHANNEL_SEND_ACTION_SUCCESS ?
-		"SUCCESS" : (result == OFFCHANNEL_SEND_ACTION_NO_ACK ?
-			     "NO_ACK" : "FAILED"));
-}
-
-
-static int wpas_ctrl_iface_mgmt_tx(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos, *param;
-	size_t len;
-	u8 *buf, da[ETH_ALEN], bssid[ETH_ALEN];
-	int res, used;
-	int freq = 0, no_cck = 0, wait_time = 0;
-
-	/* <DA> <BSSID> [freq=<MHz>] [wait_time=<ms>] [no_cck=1]
-	 *    <action=Action frame payload> */
-
-	wpa_printf(MSG_DEBUG, "External MGMT TX: %s", cmd);
-
-	pos = cmd;
-	used = hwaddr_aton2(pos, da);
-	if (used < 0)
-		return -1;
-	pos += used;
-	while (*pos == ' ')
-		pos++;
-	used = hwaddr_aton2(pos, bssid);
-	if (used < 0)
-		return -1;
-	pos += used;
-
-	param = os_strstr(pos, " freq=");
-	if (param) {
-		param += 6;
-		freq = atoi(param);
-	}
-
-	param = os_strstr(pos, " no_cck=");
-	if (param) {
-		param += 8;
-		no_cck = atoi(param);
-	}
-
-	param = os_strstr(pos, " wait_time=");
-	if (param) {
-		param += 11;
-		wait_time = atoi(param);
-	}
-
-	param = os_strstr(pos, " action=");
-	if (param == NULL)
-		return -1;
-	param += 8;
-
-	len = os_strlen(param);
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (hexstr2bin(param, buf, len) < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	res = offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, bssid,
-				     buf, len, wait_time,
-				     wpas_ctrl_iface_mgmt_tx_cb, no_cck);
-	os_free(buf);
-	return res;
-}
-
-
-static void wpas_ctrl_iface_mgmt_tx_done(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "External MGMT TX - done waiting");
-	offchannel_send_action_done(wpa_s);
-}
-
-
-static int wpas_ctrl_iface_mgmt_rx_process(struct wpa_supplicant *wpa_s,
-					   char *cmd)
-{
-	char *pos, *param;
-	size_t len;
-	u8 *buf;
-	int freq = 0, datarate = 0, ssi_signal = 0;
-	union wpa_event_data event;
-
-	if (!wpa_s->ext_mgmt_frame_handling)
-		return -1;
-
-	/* freq=<MHz> datarate=<val> ssi_signal=<val> frame=<frame hexdump> */
-
-	wpa_printf(MSG_DEBUG, "External MGMT RX process: %s", cmd);
-
-	pos = cmd;
-	param = os_strstr(pos, "freq=");
-	if (param) {
-		param += 5;
-		freq = atoi(param);
-	}
-
-	param = os_strstr(pos, " datarate=");
-	if (param) {
-		param += 10;
-		datarate = atoi(param);
-	}
-
-	param = os_strstr(pos, " ssi_signal=");
-	if (param) {
-		param += 12;
-		ssi_signal = atoi(param);
-	}
-
-	param = os_strstr(pos, " frame=");
-	if (param == NULL)
-		return -1;
-	param += 7;
-
-	len = os_strlen(param);
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (hexstr2bin(param, buf, len) < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	os_memset(&event, 0, sizeof(event));
-	event.rx_mgmt.freq = freq;
-	event.rx_mgmt.frame = buf;
-	event.rx_mgmt.frame_len = len;
-	event.rx_mgmt.ssi_signal = ssi_signal;
-	event.rx_mgmt.datarate = datarate;
-	wpa_s->ext_mgmt_frame_handling = 0;
-	wpa_supplicant_event(wpa_s, EVENT_RX_MGMT, &event);
-	wpa_s->ext_mgmt_frame_handling = 1;
-
-	os_free(buf);
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_driver_scan_res(struct wpa_supplicant *wpa_s,
-					   char *param)
-{
-	struct wpa_scan_res *res;
-	struct os_reltime now;
-	char *pos, *end;
-	int ret = -1;
-
-	if (!param)
-		return -1;
-
-	if (os_strcmp(param, "START") == 0) {
-		wpa_bss_update_start(wpa_s);
-		return 0;
-	}
-
-	if (os_strcmp(param, "END") == 0) {
-		wpa_bss_update_end(wpa_s, NULL, 1);
-		return 0;
-	}
-
-	if (os_strncmp(param, "BSS ", 4) != 0)
-		return -1;
-	param += 3;
-
-	res = os_zalloc(sizeof(*res) + os_strlen(param) / 2);
-	if (!res)
-		return -1;
-
-	pos = os_strstr(param, " flags=");
-	if (pos)
-		res->flags = strtol(pos + 7, NULL, 16);
-
-	pos = os_strstr(param, " bssid=");
-	if (pos && hwaddr_aton(pos + 7, res->bssid))
-		goto fail;
-
-	pos = os_strstr(param, " freq=");
-	if (pos)
-		res->freq = atoi(pos + 6);
-
-	pos = os_strstr(param, " beacon_int=");
-	if (pos)
-		res->beacon_int = atoi(pos + 12);
-
-	pos = os_strstr(param, " caps=");
-	if (pos)
-		res->caps = strtol(pos + 6, NULL, 16);
-
-	pos = os_strstr(param, " qual=");
-	if (pos)
-		res->qual = atoi(pos + 6);
-
-	pos = os_strstr(param, " noise=");
-	if (pos)
-		res->noise = atoi(pos + 7);
-
-	pos = os_strstr(param, " level=");
-	if (pos)
-		res->level = atoi(pos + 7);
-
-	pos = os_strstr(param, " tsf=");
-	if (pos)
-		res->tsf = strtoll(pos + 5, NULL, 16);
-
-	pos = os_strstr(param, " age=");
-	if (pos)
-		res->age = atoi(pos + 5);
-
-	pos = os_strstr(param, " est_throughput=");
-	if (pos)
-		res->est_throughput = atoi(pos + 16);
-
-	pos = os_strstr(param, " snr=");
-	if (pos)
-		res->snr = atoi(pos + 5);
-
-	pos = os_strstr(param, " parent_tsf=");
-	if (pos)
-		res->parent_tsf = strtoll(pos + 7, NULL, 16);
-
-	pos = os_strstr(param, " tsf_bssid=");
-	if (pos && hwaddr_aton(pos + 11, res->tsf_bssid))
-		goto fail;
-
-	pos = os_strstr(param, " ie=");
-	if (pos) {
-		pos += 4;
-		end = os_strchr(pos, ' ');
-		if (!end)
-			end = pos + os_strlen(pos);
-		res->ie_len = (end - pos) / 2;
-		if (hexstr2bin(pos, (u8 *) (res + 1), res->ie_len))
-			goto fail;
-	}
-
-	pos = os_strstr(param, " beacon_ie=");
-	if (pos) {
-		pos += 11;
-		end = os_strchr(pos, ' ');
-		if (!end)
-			end = pos + os_strlen(pos);
-		res->beacon_ie_len = (end - pos) / 2;
-		if (hexstr2bin(pos, ((u8 *) (res + 1)) + res->ie_len,
-			       res->beacon_ie_len))
-			goto fail;
-	}
-
-	os_get_reltime(&now);
-	wpa_bss_update_scan_res(wpa_s, res, &now);
-	ret = 0;
-fail:
-	os_free(res);
-
-	return ret;
-}
-
-
-static int wpas_ctrl_iface_driver_event_assoc(struct wpa_supplicant *wpa_s,
-					      char *param)
-{
-	union wpa_event_data event;
-	struct assoc_info *ai;
-	char *ctx = NULL;
-	int ret = -1;
-	struct wpabuf *req_ies = NULL;
-	struct wpabuf *resp_ies = NULL;
-	struct wpabuf *resp_frame = NULL;
-	struct wpabuf *beacon_ies = NULL;
-	struct wpabuf *key_replay_ctr = NULL;
-	struct wpabuf *ptk_kck = NULL;
-	struct wpabuf *ptk_kek = NULL;
-	struct wpabuf *fils_pmk = NULL;
-	char *str, *pos;
-	u8 addr[ETH_ALEN];
-	u8 fils_pmkid[PMKID_LEN];
-
-	os_memset(&event, 0, sizeof(event));
-	ai = &event.assoc_info;
-
-	while ((str = str_token(param, " ", &ctx))) {
-		pos = os_strchr(str, '=');
-		if (!pos)
-			goto fail;
-		*pos++ = '\0';
-
-		if (os_strcmp(str, "reassoc") == 0) {
-			ai->reassoc = atoi(pos);
-		} else if (os_strcmp(str, "req_ies") == 0) {
-			wpabuf_free(req_ies);
-			req_ies = wpabuf_parse_bin(pos);
-			if (!req_ies)
-				goto fail;
-			ai->req_ies = wpabuf_head(req_ies);
-			ai->req_ies_len = wpabuf_len(req_ies);
-		} else if (os_strcmp(str, "resp_ies") == 0) {
-			wpabuf_free(resp_ies);
-			resp_ies = wpabuf_parse_bin(pos);
-			if (!resp_ies)
-				goto fail;
-			ai->resp_ies = wpabuf_head(resp_ies);
-			ai->resp_ies_len = wpabuf_len(resp_ies);
-		} else if (os_strcmp(str, "resp_frame") == 0) {
-			wpabuf_free(resp_frame);
-			resp_frame = wpabuf_parse_bin(pos);
-			if (!resp_frame)
-				goto fail;
-			ai->resp_frame = wpabuf_head(resp_frame);
-			ai->resp_frame_len = wpabuf_len(resp_frame);
-		} else if (os_strcmp(str, "beacon_ies") == 0) {
-			wpabuf_free(beacon_ies);
-			beacon_ies = wpabuf_parse_bin(pos);
-			if (!beacon_ies)
-				goto fail;
-			ai->beacon_ies = wpabuf_head(beacon_ies);
-			ai->beacon_ies_len = wpabuf_len(beacon_ies);
-		} else if (os_strcmp(str, "freq") == 0) {
-			ai->freq = atoi(pos);
-		} else if (os_strcmp(str, "wmm::info_bitmap") == 0) {
-			ai->wmm_params.info_bitmap = atoi(pos);
-		} else if (os_strcmp(str, "wmm::uapsd_queues") == 0) {
-			ai->wmm_params.uapsd_queues = atoi(pos);
-		} else if (os_strcmp(str, "addr") == 0) {
-			if (hwaddr_aton(pos, addr))
-				goto fail;
-			ai->addr = addr;
-		} else if (os_strcmp(str, "authorized") == 0) {
-			ai->authorized = atoi(pos);
-		} else if (os_strcmp(str, "key_replay_ctr") == 0) {
-			wpabuf_free(key_replay_ctr);
-			key_replay_ctr = wpabuf_parse_bin(pos);
-			if (!key_replay_ctr)
-				goto fail;
-			ai->key_replay_ctr = wpabuf_head(key_replay_ctr);
-			ai->key_replay_ctr_len = wpabuf_len(key_replay_ctr);
-		} else if (os_strcmp(str, "ptk_kck") == 0) {
-			wpabuf_free(ptk_kck);
-			ptk_kck = wpabuf_parse_bin(pos);
-			if (!ptk_kck)
-				goto fail;
-			ai->ptk_kck = wpabuf_head(ptk_kck);
-			ai->ptk_kck_len = wpabuf_len(ptk_kck);
-		} else if (os_strcmp(str, "ptk_kek") == 0) {
-			wpabuf_free(ptk_kek);
-			ptk_kek = wpabuf_parse_bin(pos);
-			if (!ptk_kek)
-				goto fail;
-			ai->ptk_kek = wpabuf_head(ptk_kek);
-			ai->ptk_kek_len = wpabuf_len(ptk_kek);
-		} else if (os_strcmp(str, "subnet_status") == 0) {
-			ai->subnet_status = atoi(pos);
-		} else if (os_strcmp(str, "fils_erp_next_seq_num") == 0) {
-			ai->fils_erp_next_seq_num = atoi(pos);
-		} else if (os_strcmp(str, "fils_pmk") == 0) {
-			wpabuf_free(fils_pmk);
-			fils_pmk = wpabuf_parse_bin(pos);
-			if (!fils_pmk)
-				goto fail;
-			ai->fils_pmk = wpabuf_head(fils_pmk);
-			ai->fils_pmk_len = wpabuf_len(fils_pmk);
-		} else if (os_strcmp(str, "fils_pmkid") == 0) {
-			if (hexstr2bin(pos, fils_pmkid, PMKID_LEN) < 0)
-				goto fail;
-			ai->fils_pmkid = fils_pmkid;
-		} else {
-			goto fail;
-		}
-	}
-
-	wpa_supplicant_event(wpa_s, EVENT_ASSOC, &event);
-	ret = 0;
-fail:
-	wpabuf_free(req_ies);
-	wpabuf_free(resp_ies);
-	wpabuf_free(resp_frame);
-	wpabuf_free(beacon_ies);
-	wpabuf_free(key_replay_ctr);
-	wpabuf_free(ptk_kck);
-	wpabuf_free(ptk_kek);
-	wpabuf_free(fils_pmk);
-	return ret;
-}
-
-
-static int wpas_ctrl_iface_driver_event(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos, *param;
-	union wpa_event_data event;
-	enum wpa_event_type ev;
-
-	/* <event name> [parameters..] */
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Testing - external driver event: %s", cmd);
-
-	pos = cmd;
-	param = os_strchr(pos, ' ');
-	if (param)
-		*param++ = '\0';
-
-	os_memset(&event, 0, sizeof(event));
-
-	if (os_strcmp(cmd, "INTERFACE_ENABLED") == 0) {
-		ev = EVENT_INTERFACE_ENABLED;
-	} else if (os_strcmp(cmd, "INTERFACE_DISABLED") == 0) {
-		ev = EVENT_INTERFACE_DISABLED;
-	} else if (os_strcmp(cmd, "AVOID_FREQUENCIES") == 0) {
-		ev = EVENT_AVOID_FREQUENCIES;
-		if (param == NULL)
-			param = "";
-		if (freq_range_list_parse(&event.freq_range, param) < 0)
-			return -1;
-		wpa_supplicant_event(wpa_s, ev, &event);
-		os_free(event.freq_range.range);
-		return 0;
-	} else if (os_strcmp(cmd, "SCAN_RES") == 0) {
-		return wpas_ctrl_iface_driver_scan_res(wpa_s, param);
-	} else if (os_strcmp(cmd, "ASSOC") == 0) {
-		return wpas_ctrl_iface_driver_event_assoc(wpa_s, param);
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Testing - unknown driver event: %s",
-			cmd);
-		return -1;
-	}
-
-	wpa_supplicant_event(wpa_s, ev, &event);
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_eapol_rx(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	u8 src[ETH_ALEN], *buf;
-	int used;
-	size_t len;
-
-	wpa_printf(MSG_DEBUG, "External EAPOL RX: %s", cmd);
-
-	pos = cmd;
-	used = hwaddr_aton2(pos, src);
-	if (used < 0)
-		return -1;
-	pos += used;
-	while (*pos == ' ')
-		pos++;
-
-	len = os_strlen(pos);
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (hexstr2bin(pos, buf, len) < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	wpa_supplicant_rx_eapol(wpa_s, src, buf, len);
-	os_free(buf);
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_eapol_tx(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos;
-	u8 dst[ETH_ALEN], *buf;
-	int used, ret;
-	size_t len;
-	unsigned int prev;
-
-	wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd);
-
-	pos = cmd;
-	used = hwaddr_aton2(pos, dst);
-	if (used < 0)
-		return -1;
-	pos += used;
-	while (*pos == ' ')
-		pos++;
-
-	len = os_strlen(pos);
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	buf = os_malloc(len);
-	if (!buf || hexstr2bin(pos, buf, len) < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	prev = wpa_s->ext_eapol_frame_io;
-	wpa_s->ext_eapol_frame_io = 0;
-	ret = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, buf, len);
-	wpa_s->ext_eapol_frame_io = prev;
-	os_free(buf);
-
-	return ret;
-}
-
-
-static u16 ipv4_hdr_checksum(const void *buf, size_t len)
-{
-	size_t i;
-	u32 sum = 0;
-	const u16 *pos = buf;
-
-	for (i = 0; i < len / 2; i++)
-		sum += *pos++;
-
-	while (sum >> 16)
-		sum = (sum & 0xffff) + (sum >> 16);
-
-	return sum ^ 0xffff;
-}
-
-
-#define HWSIM_PACKETLEN 1500
-#define HWSIM_IP_LEN (HWSIM_PACKETLEN - sizeof(struct ether_header))
-
-static void wpas_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
-			      size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const struct ether_header *eth;
-	struct ip ip;
-	const u8 *pos;
-	unsigned int i;
-	char extra[30];
-
-	if (len < sizeof(*eth) + sizeof(ip) || len > HWSIM_PACKETLEN) {
-		wpa_printf(MSG_DEBUG,
-			   "test data: RX - ignore unexpected length %d",
-			   (int) len);
-		return;
-	}
-
-	eth = (const struct ether_header *) buf;
-	os_memcpy(&ip, eth + 1, sizeof(ip));
-	pos = &buf[sizeof(*eth) + sizeof(ip)];
-
-	if (ip.ip_hl != 5 || ip.ip_v != 4 || ntohs(ip.ip_len) > HWSIM_IP_LEN) {
-		wpa_printf(MSG_DEBUG,
-			   "test data: RX - ignore unexpected IP header");
-		return;
-	}
-
-	for (i = 0; i < ntohs(ip.ip_len) - sizeof(ip); i++) {
-		if (*pos != (u8) i) {
-			wpa_printf(MSG_DEBUG,
-				   "test data: RX - ignore mismatching payload");
-			return;
-		}
-		pos++;
-	}
-	extra[0] = '\0';
-	if (ntohs(ip.ip_len) != HWSIM_IP_LEN)
-		os_snprintf(extra, sizeof(extra), " len=%d", ntohs(ip.ip_len));
-	wpa_msg(wpa_s, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR "%s",
-		MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost), extra);
-}
-
-
-static int wpas_ctrl_iface_data_test_config(struct wpa_supplicant *wpa_s,
-					    char *cmd)
-{
-	int enabled = atoi(cmd);
-	char *pos;
-	const char *ifname;
-
-	if (!enabled) {
-		if (wpa_s->l2_test) {
-			l2_packet_deinit(wpa_s->l2_test);
-			wpa_s->l2_test = NULL;
-			wpa_dbg(wpa_s, MSG_DEBUG, "test data: Disabled");
-		}
-		return 0;
-	}
-
-	if (wpa_s->l2_test)
-		return 0;
-
-	pos = os_strstr(cmd, " ifname=");
-	if (pos)
-		ifname = pos + 8;
-	else
-		ifname = wpa_s->ifname;
-
-	wpa_s->l2_test = l2_packet_init(ifname, wpa_s->own_addr,
-					ETHERTYPE_IP, wpas_data_test_rx,
-					wpa_s, 1);
-	if (wpa_s->l2_test == NULL)
-		return -1;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "test data: Enabled");
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	u8 dst[ETH_ALEN], src[ETH_ALEN];
-	char *pos, *pos2;
-	int used;
-	long int val;
-	u8 tos;
-	u8 buf[2 + HWSIM_PACKETLEN];
-	struct ether_header *eth;
-	struct ip *ip;
-	u8 *dpos;
-	unsigned int i;
-	size_t send_len = HWSIM_IP_LEN;
-
-	if (wpa_s->l2_test == NULL)
-		return -1;
-
-	/* format: <dst> <src> <tos> [len=<length>] */
-
-	pos = cmd;
-	used = hwaddr_aton2(pos, dst);
-	if (used < 0)
-		return -1;
-	pos += used;
-	while (*pos == ' ')
-		pos++;
-	used = hwaddr_aton2(pos, src);
-	if (used < 0)
-		return -1;
-	pos += used;
-
-	val = strtol(pos, &pos2, 0);
-	if (val < 0 || val > 0xff)
-		return -1;
-	tos = val;
-
-	pos = os_strstr(pos2, " len=");
-	if (pos) {
-		i = atoi(pos + 5);
-		if (i < sizeof(*ip) || i > HWSIM_IP_LEN)
-			return -1;
-		send_len = i;
-	}
-
-	eth = (struct ether_header *) &buf[2];
-	os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
-	os_memcpy(eth->ether_shost, src, ETH_ALEN);
-	eth->ether_type = htons(ETHERTYPE_IP);
-	ip = (struct ip *) (eth + 1);
-	os_memset(ip, 0, sizeof(*ip));
-	ip->ip_hl = 5;
-	ip->ip_v = 4;
-	ip->ip_ttl = 64;
-	ip->ip_tos = tos;
-	ip->ip_len = htons(send_len);
-	ip->ip_p = 1;
-	ip->ip_src.s_addr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1);
-	ip->ip_dst.s_addr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2);
-	ip->ip_sum = ipv4_hdr_checksum(ip, sizeof(*ip));
-	dpos = (u8 *) (ip + 1);
-	for (i = 0; i < send_len - sizeof(*ip); i++)
-		*dpos++ = i;
-
-	if (l2_packet_send(wpa_s->l2_test, dst, ETHERTYPE_IP, &buf[2],
-			   sizeof(struct ether_header) + send_len) < 0)
-		return -1;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "test data: TX dst=" MACSTR " src=" MACSTR
-		" tos=0x%x", MAC2STR(dst), MAC2STR(src), tos);
-
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_data_test_frame(struct wpa_supplicant *wpa_s,
-					   char *cmd)
-{
-	u8 *buf;
-	struct ether_header *eth;
-	struct l2_packet_data *l2 = NULL;
-	size_t len;
-	u16 ethertype;
-	int res = -1;
-
-	len = os_strlen(cmd);
-	if (len & 1 || len < ETH_HLEN * 2)
-		return -1;
-	len /= 2;
-
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (hexstr2bin(cmd, buf, len) < 0)
-		goto done;
-
-	eth = (struct ether_header *) buf;
-	ethertype = ntohs(eth->ether_type);
-
-	l2 = l2_packet_init(wpa_s->ifname, wpa_s->own_addr, ethertype,
-			    wpas_data_test_rx, wpa_s, 1);
-	if (l2 == NULL)
-		goto done;
-
-	res = l2_packet_send(l2, eth->ether_dhost, ethertype, buf, len);
-	wpa_dbg(wpa_s, MSG_DEBUG, "test data: TX frame res=%d", res);
-done:
-	if (l2)
-		l2_packet_deinit(l2);
-	os_free(buf);
-
-	return res < 0 ? -1 : 0;
-}
-
-
-static int wpas_ctrl_test_alloc_fail(struct wpa_supplicant *wpa_s, char *cmd)
-{
-#ifdef WPA_TRACE_BFD
-	char *pos;
-
-	wpa_trace_fail_after = atoi(cmd);
-	pos = os_strchr(cmd, ':');
-	if (pos) {
-		pos++;
-		os_strlcpy(wpa_trace_fail_func, pos,
-			   sizeof(wpa_trace_fail_func));
-	} else {
-		wpa_trace_fail_after = 0;
-	}
-	return 0;
-#else /* WPA_TRACE_BFD */
-	return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static int wpas_ctrl_get_alloc_fail(struct wpa_supplicant *wpa_s,
-				    char *buf, size_t buflen)
-{
-#ifdef WPA_TRACE_BFD
-	return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after,
-			   wpa_trace_fail_func);
-#else /* WPA_TRACE_BFD */
-	return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static int wpas_ctrl_test_fail(struct wpa_supplicant *wpa_s, char *cmd)
-{
-#ifdef WPA_TRACE_BFD
-	char *pos;
-
-	wpa_trace_test_fail_after = atoi(cmd);
-	pos = os_strchr(cmd, ':');
-	if (pos) {
-		pos++;
-		os_strlcpy(wpa_trace_test_fail_func, pos,
-			   sizeof(wpa_trace_test_fail_func));
-	} else {
-		wpa_trace_test_fail_after = 0;
-	}
-	return 0;
-#else /* WPA_TRACE_BFD */
-	return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static int wpas_ctrl_get_fail(struct wpa_supplicant *wpa_s,
-				    char *buf, size_t buflen)
-{
-#ifdef WPA_TRACE_BFD
-	return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after,
-			   wpa_trace_test_fail_func);
-#else /* WPA_TRACE_BFD */
-	return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static void wpas_ctrl_event_test_cb(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	int i, count = (intptr_t) timeout_ctx;
-
-	wpa_printf(MSG_DEBUG, "TEST: Send %d control interface event messages",
-		   count);
-	for (i = 0; i < count; i++) {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, "TEST-EVENT-MESSAGE %d/%d",
-			     i + 1, count);
-	}
-}
-
-
-static int wpas_ctrl_event_test(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	int count;
-
-	count = atoi(cmd);
-	if (count <= 0)
-		return -1;
-
-	return eloop_register_timeout(0, 0, wpas_ctrl_event_test_cb, wpa_s,
-				      (void *) (intptr_t) count);
-}
-
-
-static int wpas_ctrl_test_assoc_ie(struct wpa_supplicant *wpa_s,
-				   const char *cmd)
-{
-	struct wpabuf *buf;
-	size_t len;
-
-	len = os_strlen(cmd);
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	if (len == 0) {
-		buf = NULL;
-	} else {
-		buf = wpabuf_alloc(len);
-		if (buf == NULL)
-			return -1;
-
-		if (hexstr2bin(cmd, wpabuf_put(buf, len), len) < 0) {
-			wpabuf_free(buf);
-			return -1;
-		}
-	}
-
-	wpa_sm_set_test_assoc_ie(wpa_s->wpa, buf);
-	return 0;
-}
-
-
-static int wpas_ctrl_reset_pn(struct wpa_supplicant *wpa_s)
-{
-	u8 zero[WPA_TK_MAX_LEN];
-
-	if (wpa_s->last_tk_alg == WPA_ALG_NONE)
-		return -1;
-
-	wpa_printf(MSG_INFO, "TESTING: Reset PN");
-	os_memset(zero, 0, sizeof(zero));
-
-	/* First, use a zero key to avoid any possible duplicate key avoidance
-	 * in the driver. */
-	if (wpa_drv_set_key(wpa_s, wpa_s->last_tk_alg, wpa_s->last_tk_addr,
-			    wpa_s->last_tk_key_idx, 1, zero, 6,
-			    zero, wpa_s->last_tk_len,
-			    KEY_FLAG_PAIRWISE_RX_TX) < 0)
-		return -1;
-
-	/* Set the previously configured key to reset its TSC/RSC */
-	return wpa_drv_set_key(wpa_s, wpa_s->last_tk_alg, wpa_s->last_tk_addr,
-			       wpa_s->last_tk_key_idx, 1, zero, 6,
-			       wpa_s->last_tk, wpa_s->last_tk_len,
-			       KEY_FLAG_PAIRWISE_RX_TX);
-}
-
-
-static int wpas_ctrl_key_request(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	const char *pos = cmd;
-	int error, pairwise;
-
-	error = atoi(pos);
-	pos = os_strchr(pos, ' ');
-	if (!pos)
-		return -1;
-	pairwise = atoi(pos);
-	wpa_sm_key_request(wpa_s->wpa, error, pairwise);
-	return 0;
-}
-
-
-static int wpas_ctrl_resend_assoc(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_SME
-	struct wpa_driver_associate_params params;
-	int ret;
-
-	os_memset(&params, 0, sizeof(params));
-	params.bssid = wpa_s->bssid;
-	params.ssid = wpa_s->sme.ssid;
-	params.ssid_len = wpa_s->sme.ssid_len;
-	params.freq.freq = wpa_s->sme.freq;
-	if (wpa_s->last_assoc_req_wpa_ie) {
-		params.wpa_ie = wpabuf_head(wpa_s->last_assoc_req_wpa_ie);
-		params.wpa_ie_len = wpabuf_len(wpa_s->last_assoc_req_wpa_ie);
-	}
-	params.pairwise_suite = wpa_s->pairwise_cipher;
-	params.group_suite = wpa_s->group_cipher;
-	params.mgmt_group_suite = wpa_s->mgmt_group_cipher;
-	params.key_mgmt_suite = wpa_s->key_mgmt;
-	params.wpa_proto = wpa_s->wpa_proto;
-	params.mgmt_frame_protection = wpa_s->sme.mfp;
-	params.rrm_used = wpa_s->rrm.rrm_used;
-	if (wpa_s->sme.prev_bssid_set)
-		params.prev_bssid = wpa_s->sme.prev_bssid;
-	wpa_printf(MSG_INFO, "TESTING: Resend association request");
-	ret = wpa_drv_associate(wpa_s, &params);
-	wpa_s->testing_resend_assoc = 1;
-	return ret;
-#else /* CONFIG_SME */
-	return -1;
-#endif /* CONFIG_SME */
-}
-
-
-static int wpas_ctrl_iface_send_twt_setup(struct wpa_supplicant *wpa_s,
-					  const char *cmd)
-{
-	u8 dtok = 1;
-	int exponent = 10;
-	int mantissa = 8192;
-	u8 min_twt = 255;
-	unsigned long long twt = 0;
-	bool requestor = true;
-	int setup_cmd = 0;
-	bool trigger = true;
-	bool implicit = true;
-	bool flow_type = true;
-	int flow_id = 0;
-	bool protection = false;
-	u8 twt_channel = 0;
-	u8 control = BIT(4); /* Control field (IEEE P802.11ax/D8.0 Figure
-			      * 9-687): B4 = TWT Information Frame Disabled */
-	const char *tok_s;
-
-	tok_s = os_strstr(cmd, " dialog=");
-	if (tok_s)
-		dtok = atoi(tok_s + os_strlen(" dialog="));
-
-	tok_s = os_strstr(cmd, " exponent=");
-	if (tok_s)
-		exponent = atoi(tok_s + os_strlen(" exponent="));
-
-	tok_s = os_strstr(cmd, " mantissa=");
-	if (tok_s)
-		mantissa = atoi(tok_s + os_strlen(" mantissa="));
-
-	tok_s = os_strstr(cmd, " min_twt=");
-	if (tok_s)
-		min_twt = atoi(tok_s + os_strlen(" min_twt="));
-
-	tok_s = os_strstr(cmd, " setup_cmd=");
-	if (tok_s)
-		setup_cmd = atoi(tok_s + os_strlen(" setup_cmd="));
-
-	tok_s = os_strstr(cmd, " twt=");
-	if (tok_s)
-		sscanf(tok_s + os_strlen(" twt="), "%llu", &twt);
-
-	tok_s = os_strstr(cmd, " requestor=");
-	if (tok_s)
-		requestor = atoi(tok_s + os_strlen(" requestor="));
-
-	tok_s = os_strstr(cmd, " trigger=");
-	if (tok_s)
-		trigger = atoi(tok_s + os_strlen(" trigger="));
-
-	tok_s = os_strstr(cmd, " implicit=");
-	if (tok_s)
-		implicit = atoi(tok_s + os_strlen(" implicit="));
-
-	tok_s = os_strstr(cmd, " flow_type=");
-	if (tok_s)
-		flow_type = atoi(tok_s + os_strlen(" flow_type="));
-
-	tok_s = os_strstr(cmd, " flow_id=");
-	if (tok_s)
-		flow_id = atoi(tok_s + os_strlen(" flow_id="));
-
-	tok_s = os_strstr(cmd, " protection=");
-	if (tok_s)
-		protection = atoi(tok_s + os_strlen(" protection="));
-
-	tok_s = os_strstr(cmd, " twt_channel=");
-	if (tok_s)
-		twt_channel = atoi(tok_s + os_strlen(" twt_channel="));
-
-	tok_s = os_strstr(cmd, " control=");
-	if (tok_s)
-		control = atoi(tok_s + os_strlen(" control="));
-
-	return wpas_twt_send_setup(wpa_s, dtok, exponent, mantissa, min_twt,
-				   setup_cmd, twt, requestor, trigger, implicit,
-				   flow_type, flow_id, protection, twt_channel,
-				   control);
-}
-
-
-static int wpas_ctrl_iface_send_twt_teardown(struct wpa_supplicant *wpa_s,
-					     const char *cmd)
-{
-	u8 flags = 0x1;
-	const char *tok_s;
-
-	tok_s = os_strstr(cmd, " flags=");
-	if (tok_s)
-		flags = atoi(tok_s + os_strlen(" flags="));
-
-	return wpas_twt_send_teardown(wpa_s, flags);
-}
-
-#endif /* CONFIG_TESTING_OPTIONS */
-
-
-static int wpas_ctrl_vendor_elem_add(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos = cmd;
-	int frame;
-	size_t len;
-	struct wpabuf *buf;
-	struct ieee802_11_elems elems;
-
-	frame = atoi(pos);
-	if (frame < 0 || frame >= NUM_VENDOR_ELEM_FRAMES)
-		return -1;
-	wpa_s = wpas_vendor_elem(wpa_s, frame);
-
-	pos = os_strchr(pos, ' ');
-	if (pos == NULL)
-		return -1;
-	pos++;
-
-	len = os_strlen(pos);
-	if (len == 0)
-		return 0;
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	buf = wpabuf_alloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) {
-		wpabuf_free(buf);
-		return -1;
-	}
-
-	if (ieee802_11_parse_elems(wpabuf_head_u8(buf), len, &elems, 0) ==
-	    ParseFailed) {
-		wpabuf_free(buf);
-		return -1;
-	}
-
-	if (wpa_s->vendor_elem[frame] == NULL) {
-		wpa_s->vendor_elem[frame] = buf;
-		goto update_ies;
-	}
-
-	if (wpabuf_resize(&wpa_s->vendor_elem[frame], len) < 0) {
-		wpabuf_free(buf);
-		return -1;
-	}
-
-	wpabuf_put_buf(wpa_s->vendor_elem[frame], buf);
-	wpabuf_free(buf);
-
-update_ies:
-	wpas_vendor_elem_update(wpa_s);
-
-	if (frame == VENDOR_ELEM_PROBE_REQ ||
-	    frame == VENDOR_ELEM_PROBE_REQ_P2P)
-		wpa_supplicant_set_default_scan_ies(wpa_s);
-
-	return 0;
-}
-
-
-static int wpas_ctrl_vendor_elem_get(struct wpa_supplicant *wpa_s, char *cmd,
-				     char *buf, size_t buflen)
-{
-	int frame = atoi(cmd);
-
-	if (frame < 0 || frame >= NUM_VENDOR_ELEM_FRAMES)
-		return -1;
-	wpa_s = wpas_vendor_elem(wpa_s, frame);
-
-	if (wpa_s->vendor_elem[frame] == NULL)
-		return 0;
-
-	return wpa_snprintf_hex(buf, buflen,
-				wpabuf_head_u8(wpa_s->vendor_elem[frame]),
-				wpabuf_len(wpa_s->vendor_elem[frame]));
-}
-
-
-static int wpas_ctrl_vendor_elem_remove(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *pos = cmd;
-	int frame;
-	size_t len;
-	u8 *buf;
-	struct ieee802_11_elems elems;
-	int res;
-
-	frame = atoi(pos);
-	if (frame < 0 || frame >= NUM_VENDOR_ELEM_FRAMES)
-		return -1;
-	wpa_s = wpas_vendor_elem(wpa_s, frame);
-
-	pos = os_strchr(pos, ' ');
-	if (pos == NULL)
-		return -1;
-	pos++;
-
-	if (*pos == '*') {
-		wpabuf_free(wpa_s->vendor_elem[frame]);
-		wpa_s->vendor_elem[frame] = NULL;
-		wpas_vendor_elem_update(wpa_s);
-		return 0;
-	}
-
-	if (wpa_s->vendor_elem[frame] == NULL)
-		return -1;
-
-	len = os_strlen(pos);
-	if (len == 0)
-		return 0;
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (hexstr2bin(pos, buf, len) < 0) {
-		os_free(buf);
-		return -1;
-	}
-
-	if (ieee802_11_parse_elems(buf, len, &elems, 0) == ParseFailed) {
-		os_free(buf);
-		return -1;
-	}
-
-	res = wpas_vendor_elem_remove(wpa_s, frame, buf, len);
-	os_free(buf);
-	return res;
-}
-
-
-static void wpas_ctrl_neighbor_rep_cb(void *ctx, struct wpabuf *neighbor_rep)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	size_t len;
-	const u8 *data;
-
-	/*
-	 * Neighbor Report element (IEEE P802.11-REVmc/D5.0)
-	 * BSSID[6]
-	 * BSSID Information[4]
-	 * Operating Class[1]
-	 * Channel Number[1]
-	 * PHY Type[1]
-	 * Optional Subelements[variable]
-	 */
-#define NR_IE_MIN_LEN (ETH_ALEN + 4 + 1 + 1 + 1)
-
-	if (!neighbor_rep || wpabuf_len(neighbor_rep) == 0) {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_FAILED);
-		goto out;
-	}
-
-	data = wpabuf_head_u8(neighbor_rep);
-	len = wpabuf_len(neighbor_rep);
-
-	while (len >= 2 + NR_IE_MIN_LEN) {
-		const u8 *nr;
-		char lci[256 * 2 + 1];
-		char civic[256 * 2 + 1];
-		u8 nr_len = data[1];
-		const u8 *pos = data, *end;
-
-		if (pos[0] != WLAN_EID_NEIGHBOR_REPORT ||
-		    nr_len < NR_IE_MIN_LEN) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"CTRL: Invalid Neighbor Report element: id=%u len=%u",
-				data[0], nr_len);
-			goto out;
-		}
-
-		if (2U + nr_len > len) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"CTRL: Invalid Neighbor Report element: id=%u len=%zu nr_len=%u",
-				data[0], len, nr_len);
-			goto out;
-		}
-		pos += 2;
-		end = pos + nr_len;
-
-		nr = pos;
-		pos += NR_IE_MIN_LEN;
-
-		lci[0] = '\0';
-		civic[0] = '\0';
-		while (end - pos > 2) {
-			u8 s_id, s_len;
-
-			s_id = *pos++;
-			s_len = *pos++;
-			if (s_len > end - pos)
-				goto out;
-			if (s_id == WLAN_EID_MEASURE_REPORT && s_len > 3) {
-				/* Measurement Token[1] */
-				/* Measurement Report Mode[1] */
-				/* Measurement Type[1] */
-				/* Measurement Report[variable] */
-				switch (pos[2]) {
-				case MEASURE_TYPE_LCI:
-					if (lci[0])
-						break;
-					wpa_snprintf_hex(lci, sizeof(lci),
-							 pos, s_len);
-					break;
-				case MEASURE_TYPE_LOCATION_CIVIC:
-					if (civic[0])
-						break;
-					wpa_snprintf_hex(civic, sizeof(civic),
-							 pos, s_len);
-					break;
-				}
-			}
-
-			pos += s_len;
-		}
-
-		wpa_msg(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_RXED
-			"bssid=" MACSTR
-			" info=0x%x op_class=%u chan=%u phy_type=%u%s%s%s%s",
-			MAC2STR(nr), WPA_GET_LE32(nr + ETH_ALEN),
-			nr[ETH_ALEN + 4], nr[ETH_ALEN + 5],
-			nr[ETH_ALEN + 6],
-			lci[0] ? " lci=" : "", lci,
-			civic[0] ? " civic=" : "", civic);
-
-		data = end;
-		len -= 2 + nr_len;
-	}
-
-out:
-	wpabuf_free(neighbor_rep);
-}
-
-
-static int wpas_ctrl_iface_send_neighbor_rep(struct wpa_supplicant *wpa_s,
-					     char *cmd)
-{
-	struct wpa_ssid_value ssid, *ssid_p = NULL;
-	int ret, lci = 0, civic = 0;
-	char *ssid_s;
-
-	ssid_s = os_strstr(cmd, "ssid=");
-	if (ssid_s) {
-		if (ssid_parse(ssid_s + 5, &ssid)) {
-			wpa_msg(wpa_s, MSG_INFO,
-				"CTRL: Send Neighbor Report: bad SSID");
-			return -1;
-		}
-
-		ssid_p = &ssid;
-
-		/*
-		 * Move cmd after the SSID text that may include "lci" or
-		 * "civic".
-		 */
-		cmd = os_strchr(ssid_s + 6, ssid_s[5] == '"' ? '"' : ' ');
-		if (cmd)
-			cmd++;
-
-	}
-
-	if (cmd && os_strstr(cmd, "lci"))
-		lci = 1;
-
-	if (cmd && os_strstr(cmd, "civic"))
-		civic = 1;
-
-	ret = wpas_rrm_send_neighbor_rep_request(wpa_s, ssid_p, lci, civic,
-						 wpas_ctrl_neighbor_rep_cb,
-						 wpa_s);
-
-	return ret;
-}
-
-
-static int wpas_ctrl_iface_erp_flush(struct wpa_supplicant *wpa_s)
-{
-	eapol_sm_erp_flush(wpa_s->eapol);
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_mac_rand_scan(struct wpa_supplicant *wpa_s,
-					 char *cmd)
-{
-	char *token, *context = NULL;
-	unsigned int enable = ~0, type = 0;
-	u8 _addr[ETH_ALEN], _mask[ETH_ALEN];
-	u8 *addr = NULL, *mask = NULL;
-
-	while ((token = str_token(cmd, " ", &context))) {
-		if (os_strcasecmp(token, "scan") == 0) {
-			type |= MAC_ADDR_RAND_SCAN;
-		} else if (os_strcasecmp(token, "sched") == 0) {
-			type |= MAC_ADDR_RAND_SCHED_SCAN;
-		} else if (os_strcasecmp(token, "pno") == 0) {
-			type |= MAC_ADDR_RAND_PNO;
-		} else if (os_strcasecmp(token, "all") == 0) {
-			type = wpa_s->mac_addr_rand_supported;
-		} else if (os_strncasecmp(token, "enable=", 7) == 0) {
-			enable = atoi(token + 7);
-		} else if (os_strncasecmp(token, "addr=", 5) == 0) {
-			addr = _addr;
-			if (hwaddr_aton(token + 5, addr)) {
-				wpa_printf(MSG_INFO,
-					   "CTRL: Invalid MAC address: %s",
-					   token);
-				return -1;
-			}
-		} else if (os_strncasecmp(token, "mask=", 5) == 0) {
-			mask = _mask;
-			if (hwaddr_aton(token + 5, mask)) {
-				wpa_printf(MSG_INFO,
-					   "CTRL: Invalid MAC address mask: %s",
-					   token);
-				return -1;
-			}
-		} else {
-			wpa_printf(MSG_INFO,
-				   "CTRL: Invalid MAC_RAND_SCAN parameter: %s",
-				   token);
-			return -1;
-		}
-	}
-
-	if (!type) {
-		wpa_printf(MSG_INFO, "CTRL: MAC_RAND_SCAN no type specified");
-		return -1;
-	}
-
-	if (enable > 1) {
-		wpa_printf(MSG_INFO,
-			   "CTRL: MAC_RAND_SCAN enable=<0/1> not specified");
-		return -1;
-	}
-
-	if (!enable)
-		return wpas_disable_mac_addr_randomization(wpa_s, type);
-
-	return wpas_enable_mac_addr_randomization(wpa_s, type, addr, mask);
-}
-
-
-static int wpas_ctrl_iface_pmksa(struct wpa_supplicant *wpa_s,
-				 char *buf, size_t buflen)
-{
-	size_t reply_len;
-
-	reply_len = wpa_sm_pmksa_cache_list(wpa_s->wpa, buf, buflen);
-#ifdef CONFIG_AP
-	reply_len += wpas_ap_pmksa_cache_list(wpa_s, &buf[reply_len],
-					      buflen - reply_len);
-#endif /* CONFIG_AP */
-	return reply_len;
-}
-
-
-static void wpas_ctrl_iface_pmksa_flush(struct wpa_supplicant *wpa_s)
-{
-	ptksa_cache_flush(wpa_s->ptksa, NULL, WPA_CIPHER_NONE);
-	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
-#ifdef CONFIG_AP
-	wpas_ap_pmksa_cache_flush(wpa_s);
-#endif /* CONFIG_AP */
-}
-
-
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-
-static int wpas_ctrl_iface_pmksa_get(struct wpa_supplicant *wpa_s,
-				     const char *cmd, char *buf, size_t buflen)
-{
-	struct rsn_pmksa_cache_entry *entry;
-	struct wpa_ssid *ssid;
-	char *pos, *pos2, *end;
-	int ret;
-	struct os_reltime now;
-
-	ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
-	if (!ssid)
-		return -1;
-
-	pos = buf;
-	end = buf + buflen;
-
-	os_get_reltime(&now);
-
-	/*
-	 * Entry format:
-	 * <BSSID> <PMKID> <PMK> <reauth_time in seconds>
-	 * <expiration in seconds> <akmp> <opportunistic>
-	 * [FILS Cache Identifier]
-	 */
-
-	for (entry = wpa_sm_pmksa_cache_head(wpa_s->wpa); entry;
-	     entry = entry->next) {
-		if (entry->network_ctx != ssid)
-			continue;
-
-		pos2 = pos;
-		ret = os_snprintf(pos2, end - pos2, MACSTR " ",
-				  MAC2STR(entry->aa));
-		if (os_snprintf_error(end - pos2, ret))
-			break;
-		pos2 += ret;
-
-		pos2 += wpa_snprintf_hex(pos2, end - pos2, entry->pmkid,
-					 PMKID_LEN);
-
-		ret = os_snprintf(pos2, end - pos2, " ");
-		if (os_snprintf_error(end - pos2, ret))
-			break;
-		pos2 += ret;
-
-		pos2 += wpa_snprintf_hex(pos2, end - pos2, entry->pmk,
-					 entry->pmk_len);
-
-		ret = os_snprintf(pos2, end - pos2, " %d %d %d %d",
-				  (int) (entry->reauth_time - now.sec),
-				  (int) (entry->expiration - now.sec),
-				  entry->akmp,
-				  entry->opportunistic);
-		if (os_snprintf_error(end - pos2, ret))
-			break;
-		pos2 += ret;
-
-		if (entry->fils_cache_id_set) {
-			ret = os_snprintf(pos2, end - pos2, " %02x%02x",
-					  entry->fils_cache_id[0],
-					  entry->fils_cache_id[1]);
-			if (os_snprintf_error(end - pos2, ret))
-				break;
-			pos2 += ret;
-		}
-
-		ret = os_snprintf(pos2, end - pos2, "\n");
-		if (os_snprintf_error(end - pos2, ret))
-			break;
-		pos2 += ret;
-
-		pos = pos2;
-	}
-
-	return pos - buf;
-}
-
-
-static int wpas_ctrl_iface_pmksa_add(struct wpa_supplicant *wpa_s,
-				     char *cmd)
-{
-	struct rsn_pmksa_cache_entry *entry;
-	struct wpa_ssid *ssid;
-	char *pos, *pos2;
-	int ret = -1;
-	struct os_reltime now;
-	int reauth_time = 0, expiration = 0, i;
-
-	/*
-	 * Entry format:
-	 * <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds>
-	 * <expiration in seconds> <akmp> <opportunistic>
-	 * [FILS Cache Identifier]
-	 */
-
-	ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
-	if (!ssid)
-		return -1;
-
-	pos = os_strchr(cmd, ' ');
-	if (!pos)
-		return -1;
-	pos++;
-
-	entry = os_zalloc(sizeof(*entry));
-	if (!entry)
-		return -1;
-
-	if (hwaddr_aton(pos, entry->aa))
-		goto fail;
-
-	pos = os_strchr(pos, ' ');
-	if (!pos)
-		goto fail;
-	pos++;
-
-	if (hexstr2bin(pos, entry->pmkid, PMKID_LEN) < 0)
-		goto fail;
-
-	pos = os_strchr(pos, ' ');
-	if (!pos)
-		goto fail;
-	pos++;
-
-	pos2 = os_strchr(pos, ' ');
-	if (!pos2)
-		goto fail;
-	entry->pmk_len = (pos2 - pos) / 2;
-	if (entry->pmk_len < PMK_LEN || entry->pmk_len > PMK_LEN_MAX ||
-	    hexstr2bin(pos, entry->pmk, entry->pmk_len) < 0)
-		goto fail;
-
-	pos = os_strchr(pos, ' ');
-	if (!pos)
-		goto fail;
-	pos++;
-
-	if (sscanf(pos, "%d %d %d %d", &reauth_time, &expiration,
-		   &entry->akmp, &entry->opportunistic) != 4)
-		goto fail;
-	if (reauth_time > expiration)
-		goto fail;
-	for (i = 0; i < 4; i++) {
-		pos = os_strchr(pos, ' ');
-		if (!pos) {
-			if (i < 3)
-				goto fail;
-			break;
-		}
-		pos++;
-	}
-	if (pos) {
-		if (hexstr2bin(pos, entry->fils_cache_id,
-			       FILS_CACHE_ID_LEN) < 0)
-			goto fail;
-		entry->fils_cache_id_set = 1;
-	}
-	os_get_reltime(&now);
-	entry->expiration = now.sec + expiration;
-	entry->reauth_time = now.sec + reauth_time;
-
-	entry->network_ctx = ssid;
-
-	entry->external = true;
-
-	wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
-	entry = NULL;
-	ret = 0;
-fail:
-	os_free(entry);
-	return ret;
-}
-
-
-#ifdef CONFIG_MESH
-
-static int wpas_ctrl_iface_mesh_pmksa_get(struct wpa_supplicant *wpa_s,
-					  const char *cmd, char *buf,
-					  size_t buflen)
-{
-	u8 spa[ETH_ALEN];
-
-	if (!wpa_s->ifmsh)
-		return -1;
-
-	if (os_strcasecmp(cmd, "any") == 0)
-		return wpas_ap_pmksa_cache_list_mesh(wpa_s, NULL, buf, buflen);
-
-	if (hwaddr_aton(cmd, spa))
-		return -1;
-
-	return wpas_ap_pmksa_cache_list_mesh(wpa_s, spa, buf, buflen);
-}
-
-
-static int wpas_ctrl_iface_mesh_pmksa_add(struct wpa_supplicant *wpa_s,
-					  char *cmd)
-{
-	/*
-	 * We do not check mesh interface existence because PMKSA should be
-	 * stored before wpa_s->ifmsh creation to suppress commit message
-	 * creation.
-	 */
-	return wpas_ap_pmksa_cache_add_external(wpa_s, cmd);
-}
-
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-
-#ifdef CONFIG_FILS
-static int wpas_ctrl_iface_fils_hlp_req_add(struct wpa_supplicant *wpa_s,
-					    const char *cmd)
-{
-	struct fils_hlp_req *req;
-	const char *pos;
-
-	/* format: <dst> <packet starting from ethertype> */
-
-	req = os_zalloc(sizeof(*req));
-	if (!req)
-		return -1;
-
-	if (hwaddr_aton(cmd, req->dst))
-		goto fail;
-
-	pos = os_strchr(cmd, ' ');
-	if (!pos)
-		goto fail;
-	pos++;
-	req->pkt = wpabuf_parse_bin(pos);
-	if (!req->pkt)
-		goto fail;
-
-	dl_list_add_tail(&wpa_s->fils_hlp_req, &req->list);
-	return 0;
-fail:
-	wpabuf_free(req->pkt);
-	os_free(req);
-	return -1;
-}
-#endif /* CONFIG_FILS */
-
-
-static int wpas_ctrl_cmd_debug_level(const char *cmd)
-{
-	if (os_strcmp(cmd, "PING") == 0 ||
-	    os_strncmp(cmd, "BSS ", 4) == 0 ||
-	    os_strncmp(cmd, "GET_NETWORK ", 12) == 0 ||
-	    os_strncmp(cmd, "STATUS", 6) == 0 ||
-	    os_strncmp(cmd, "STA ", 4) == 0 ||
-	    os_strncmp(cmd, "STA-", 4) == 0)
-		return MSG_EXCESSIVE;
-	return MSG_DEBUG;
-}
-
-
-static int wpas_ctrl_iface_configure_mscs(struct wpa_supplicant *wpa_s,
-					  const char *cmd)
-{
-	size_t frame_classifier_len;
-	const char *pos, *end;
-	struct robust_av_data *robust_av = &wpa_s->robust_av;
-	int val;
-
-	/*
-	 * format:
-	 * <add|remove|change> [up_bitmap=<hex byte>] [up_limit=<integer>]
-	 * [stream_timeout=<in TUs>] [frame_classifier=<hex bytes>]
-	 */
-	os_memset(robust_av, 0, sizeof(struct robust_av_data));
-	if (os_strncmp(cmd, "add ", 4) == 0) {
-		robust_av->request_type = SCS_REQ_ADD;
-	} else if (os_strcmp(cmd, "remove") == 0) {
-		robust_av->request_type = SCS_REQ_REMOVE;
-		robust_av->valid_config = false;
-		return wpas_send_mscs_req(wpa_s);
-	} else if (os_strncmp(cmd, "change ", 7) == 0) {
-		robust_av->request_type = SCS_REQ_CHANGE;
-	} else {
-		return -1;
-	}
-
-	pos = os_strstr(cmd, "up_bitmap=");
-	if (!pos)
-		return -1;
-
-	val = hex2byte(pos + 10);
-	if (val < 0)
-		return -1;
-	robust_av->up_bitmap = val;
-
-	pos = os_strstr(cmd, "up_limit=");
-	if (!pos)
-		return -1;
-
-	robust_av->up_limit = atoi(pos + 9);
-
-	pos = os_strstr(cmd, "stream_timeout=");
-	if (!pos)
-		return -1;
-
-	robust_av->stream_timeout = atoi(pos + 15);
-	if (robust_av->stream_timeout == 0)
-		return -1;
-
-	pos = os_strstr(cmd, "frame_classifier=");
-	if (!pos)
-		return -1;
-
-	pos += 17;
-	end = os_strchr(pos, ' ');
-	if (!end)
-		end = pos + os_strlen(pos);
-
-	frame_classifier_len = (end - pos) / 2;
-	if (frame_classifier_len > sizeof(robust_av->frame_classifier) ||
-	    hexstr2bin(pos, robust_av->frame_classifier, frame_classifier_len))
-		return -1;
-
-	robust_av->frame_classifier_len = frame_classifier_len;
-	robust_av->valid_config = true;
-
-	return wpas_send_mscs_req(wpa_s);
-}
-
-
-#ifdef CONFIG_PASN
-static int wpas_ctrl_iface_pasn_start(struct wpa_supplicant *wpa_s, char *cmd)
-{
-	char *token, *context = NULL;
-	u8 bssid[ETH_ALEN];
-	int akmp = -1, cipher = -1, got_bssid = 0;
-	u16 group = 0xFFFF;
-	u8 *comeback = NULL;
-	size_t comeback_len = 0;
-	int id = 0, ret = -1;
-
-	/*
-	 * Entry format: bssid=<BSSID> akmp=<AKMP> cipher=<CIPHER> group=<group>
-	 *    [comeback=<hexdump>]
-	 */
-	while ((token = str_token(cmd, " ", &context))) {
-		if (os_strncmp(token, "bssid=", 6) == 0) {
-			if (hwaddr_aton(token + 6, bssid))
-				goto out;
-			got_bssid = 1;
-		} else if (os_strcmp(token, "akmp=PASN") == 0) {
-			akmp = WPA_KEY_MGMT_PASN;
-#ifdef CONFIG_IEEE80211R
-		} else if (os_strcmp(token, "akmp=FT-PSK") == 0) {
-			akmp = WPA_KEY_MGMT_FT_PSK;
-		} else if (os_strcmp(token, "akmp=FT-EAP-SHA384") == 0) {
-			akmp = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
-		} else if (os_strcmp(token, "akmp=FT-EAP") == 0) {
-			akmp = WPA_KEY_MGMT_FT_IEEE8021X;
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_SAE
-		} else if (os_strcmp(token, "akmp=SAE") == 0) {
-			akmp = WPA_KEY_MGMT_SAE;
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_FILS
-		} else if (os_strcmp(token, "akmp=FILS-SHA256") == 0) {
-			akmp = WPA_KEY_MGMT_FILS_SHA256;
-		} else if (os_strcmp(token, "akmp=FILS-SHA384") == 0) {
-			akmp = WPA_KEY_MGMT_FILS_SHA384;
-#endif /* CONFIG_FILS */
-		} else if (os_strcmp(token, "cipher=CCMP-256") == 0) {
-			cipher = WPA_CIPHER_CCMP_256;
-		} else if (os_strcmp(token, "cipher=GCMP-256") == 0) {
-			cipher = WPA_CIPHER_GCMP_256;
-		} else if (os_strcmp(token, "cipher=CCMP") == 0) {
-			cipher = WPA_CIPHER_CCMP;
-		} else if (os_strcmp(token, "cipher=GCMP") == 0) {
-			cipher = WPA_CIPHER_GCMP;
-		} else if (os_strncmp(token, "group=", 6) == 0) {
-			group = atoi(token + 6);
-		} else if (os_strncmp(token, "nid=", 4) == 0) {
-			id = atoi(token + 4);
-		} else if (os_strncmp(token, "comeback=", 9) == 0) {
-			comeback_len = os_strlen(token + 9);
-			if (comeback || !comeback_len || comeback_len % 2)
-				goto out;
-
-			comeback_len /= 2;
-			comeback = os_malloc(comeback_len);
-			if (!comeback ||
-			    hexstr2bin(token + 9, comeback, comeback_len))
-				goto out;
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "CTRL: PASN Invalid parameter: '%s'",
-				   token);
-			goto out;
-		}
-	}
-
-	if (!got_bssid || akmp == -1 || cipher == -1 || group == 0xFFFF) {
-		wpa_printf(MSG_DEBUG,"CTRL: PASN missing parameter");
-		goto out;
-	}
-
-	ret = wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group, id,
-				   comeback, comeback_len);
-out:
-	os_free(comeback);
-	return ret;
-}
-
-
-static int wpas_ctrl_iface_pasn_deauthenticate(struct wpa_supplicant *wpa_s,
-					       const char *cmd)
-{
-	u8 bssid[ETH_ALEN];
-
-	if (os_strncmp(cmd, "bssid=", 6) != 0 || hwaddr_aton(cmd + 6, bssid)) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL: PASN_DEAUTH without valid BSSID");
-		return -1;
-	}
-
-	return wpas_pasn_deauthenticate(wpa_s, bssid);
-}
-
-#endif /* CONFIG_PASN */
-
-
-static int set_type4_frame_classifier(const char *cmd,
-				      struct type4_params *param)
-{
-	const char *pos, *end;
-	u8 classifier_mask = 0;
-	int ret;
-	char addr[INET6_ADDRSTRLEN];
-	size_t alen;
-
-	if (os_strstr(cmd, "ip_version=ipv4")) {
-		param->ip_version = IPV4;
-	} else if (os_strstr(cmd, "ip_version=ipv6")) {
-		param->ip_version = IPV6;
-	} else {
-		wpa_printf(MSG_ERROR, "IP version missing/invalid");
-		return -1;
-	}
-
-	classifier_mask |= BIT(0);
-
-	pos = os_strstr(cmd, "src_ip=");
-	if (pos) {
-		pos += 7;
-		end = os_strchr(pos, ' ');
-		if (!end)
-			end = pos + os_strlen(pos);
-
-		alen = end - pos;
-		if (alen >= INET6_ADDRSTRLEN)
-			return -1;
-		os_memcpy(addr, pos, alen);
-		addr[alen] = '\0';
-		if (param->ip_version == IPV4)
-			ret = inet_pton(AF_INET, addr,
-					&param->ip_params.v4.src_ip);
-		else
-			ret = inet_pton(AF_INET6, addr,
-					&param->ip_params.v6.src_ip);
-
-		if (ret != 1) {
-			wpa_printf(MSG_ERROR,
-				   "Error converting src IP address to binary ret=%d",
-				   ret);
-			return -1;
-		}
-
-		classifier_mask |= BIT(1);
-	}
-
-	pos = os_strstr(cmd, "dst_ip=");
-	if (pos) {
-		pos += 7;
-		end = os_strchr(pos, ' ');
-		if (!end)
-			end = pos + os_strlen(pos);
-
-		alen = end - pos;
-		if (alen >= INET6_ADDRSTRLEN)
-			return -1;
-		os_memcpy(addr, pos, alen);
-		addr[alen] = '\0';
-		if (param->ip_version == IPV4)
-			ret = inet_pton(AF_INET, addr,
-					&param->ip_params.v4.dst_ip);
-		else
-			ret = inet_pton(AF_INET6, addr,
-					&param->ip_params.v6.dst_ip);
-
-		if (ret != 1) {
-			wpa_printf(MSG_ERROR,
-				   "Error converting dst IP address to binary ret=%d",
-				   ret);
-			return -1;
-		}
-
-		classifier_mask |= BIT(2);
-	}
-
-	pos = os_strstr(cmd, "src_port=");
-	if (pos && atoi(pos + 9) > 0) {
-		if (param->ip_version == IPV4)
-			param->ip_params.v4.src_port = atoi(pos + 9);
-		else
-			param->ip_params.v6.src_port = atoi(pos + 9);
-		classifier_mask |= BIT(3);
-	}
-
-	pos = os_strstr(cmd, "dst_port=");
-	if (pos && atoi(pos + 9) > 0) {
-		if (param->ip_version == IPV4)
-			param->ip_params.v4.dst_port = atoi(pos + 9);
-		else
-			param->ip_params.v6.dst_port = atoi(pos + 9);
-		classifier_mask |= BIT(4);
-	}
-
-	pos = os_strstr(cmd, "dscp=");
-	if (pos && atoi(pos + 5) > 0) {
-		if (param->ip_version == IPV4)
-			param->ip_params.v4.dscp = atoi(pos + 5);
-		else
-			param->ip_params.v6.dscp = atoi(pos + 5);
-		classifier_mask |= BIT(5);
-	}
-
-	if (param->ip_version == IPV4) {
-		pos = os_strstr(cmd, "protocol=");
-		if (pos) {
-			if (os_strstr(pos, "udp")) {
-				param->ip_params.v4.protocol = 17;
-			} else if (os_strstr(pos, "tcp")) {
-				param->ip_params.v4.protocol = 6;
-			} else if (os_strstr(pos, "esp")) {
-				param->ip_params.v4.protocol = 50;
-			} else {
-				wpa_printf(MSG_ERROR, "Invalid protocol");
-				return -1;
-			}
-			classifier_mask |= BIT(6);
-		}
-	} else {
-		pos = os_strstr(cmd, "next_header=");
-		if (pos) {
-			if (os_strstr(pos, "udp")) {
-				param->ip_params.v6.next_header = 17;
-			} else if (os_strstr(pos, "tcp")) {
-				param->ip_params.v6.next_header = 6;
-			} else if (os_strstr(pos, "esp")) {
-				param->ip_params.v6.next_header = 50;
-			} else {
-				wpa_printf(MSG_ERROR, "Invalid next header");
-				return -1;
-			}
-
-			classifier_mask |= BIT(6);
-		}
-
-		pos = os_strstr(cmd, "flow_label=");
-		if (pos) {
-			pos += 11;
-			end = os_strchr(pos, ' ');
-			if (!end)
-				end = pos + os_strlen(pos);
-
-			if (end - pos != 6 ||
-			    hexstr2bin(pos, param->ip_params.v6.flow_label,
-				       3) ||
-			    param->ip_params.v6.flow_label[0] > 0x0F) {
-				wpa_printf(MSG_ERROR, "Invalid flow label");
-				return -1;
-			}
-
-			classifier_mask |= BIT(7);
-		}
-	}
-
-	param->classifier_mask = classifier_mask;
-	return 0;
-}
-
-
-static int set_type10_frame_classifier(const char *cmd,
-				       struct type10_params *param)
-{
-	const char *pos, *end;
-	size_t filter_len;
-
-	pos = os_strstr(cmd, "prot_instance=");
-	if (!pos) {
-		wpa_printf(MSG_ERROR, "Protocol instance missing");
-		return -1;
-	}
-	param->prot_instance = atoi(pos + 14);
-
-	pos = os_strstr(cmd, "prot_number=");
-	if (!pos) {
-		wpa_printf(MSG_ERROR, "Protocol number missing");
-		return -1;
-	}
-	if (os_strstr(pos, "udp")) {
-		param->prot_number = 17;
-	} else if (os_strstr(pos, "tcp")) {
-		param->prot_number = 6;
-	} else if (os_strstr(pos, "esp")) {
-		param->prot_number = 50;
-	} else {
-		wpa_printf(MSG_ERROR, "Invalid protocol number");
-		return -1;
-	}
-
-	pos = os_strstr(cmd, "filter_value=");
-	if (!pos) {
-		wpa_printf(MSG_ERROR,
-			   "Classifier parameter filter_value missing");
-		return -1;
-	}
-
-	pos += 13;
-	end = os_strchr(pos, ' ');
-	if (!end)
-		end = pos + os_strlen(pos);
-
-	filter_len = (end - pos) / 2;
-	param->filter_value = os_malloc(filter_len);
-	if (!param->filter_value)
-		return -1;
-
-	if (hexstr2bin(pos, param->filter_value, filter_len)) {
-		wpa_printf(MSG_ERROR, "Invalid filter_value %s", pos);
-		goto free;
-	}
-
-	pos = os_strstr(cmd, "filter_mask=");
-	if (!pos) {
-		wpa_printf(MSG_ERROR,
-			   "Classifier parameter filter_mask missing");
-		goto free;
-	}
-
-	pos += 12;
-	end = os_strchr(pos, ' ');
-	if (!end)
-		end = pos + os_strlen(pos);
-
-	if (filter_len != (size_t) (end - pos) / 2) {
-		wpa_printf(MSG_ERROR,
-			   "Filter mask length mismatch expected=%zu received=%zu",
-			   filter_len, (size_t) (end - pos) / 2);
-		goto free;
-	}
-
-	param->filter_mask = os_malloc(filter_len);
-	if (!param->filter_mask)
-		goto free;
-
-	if (hexstr2bin(pos, param->filter_mask, filter_len)) {
-		wpa_printf(MSG_ERROR, "Invalid filter mask %s", pos);
-		os_free(param->filter_mask);
-		param->filter_mask = NULL;
-		goto free;
-	}
-
-	param->filter_len = filter_len;
-	return 0;
-free:
-	os_free(param->filter_value);
-	param->filter_value = NULL;
-	return -1;
-}
-
-
-static int scs_parse_type4(struct tclas_element *elem, const char *pos)
-{
-	struct type4_params type4_param = { 0 };
-
-	if (set_type4_frame_classifier(pos, &type4_param) == -1) {
-		wpa_printf(MSG_ERROR, "Failed to set frame_classifier 4");
-		return -1;
-	}
-
-	os_memcpy(&elem->frame_classifier.type4_param,
-		  &type4_param, sizeof(struct type4_params));
-	return 0;
-}
-
-
-static int scs_parse_type10(struct tclas_element *elem, const char *pos)
-{
-	struct type10_params type10_param = { 0 };
-
-	if (set_type10_frame_classifier(pos, &type10_param) == -1) {
-		wpa_printf(MSG_ERROR, "Failed to set frame_classifier 10");
-		return -1;
-	}
-
-	os_memcpy(&elem->frame_classifier.type10_param,
-		  &type10_param, sizeof(struct type10_params));
-	return 0;
-}
-
-
-static int wpas_ctrl_iface_configure_scs(struct wpa_supplicant *wpa_s,
-					 char *cmd)
-{
-	char *pos1, *pos;
-	struct scs_robust_av_data *scs_data = &wpa_s->scs_robust_av_req;
-	struct scs_desc_elem desc_elem = { 0 };
-	int val;
-	unsigned int num_scs_desc = 0;
-
-	if (wpa_s->ongoing_scs_req) {
-		wpa_printf(MSG_ERROR, "%s: SCS Request already in queue",
-			   __func__);
-		return -1;
-	}
-
-	/**
-	 * format:
-	 * [scs_id=<decimal number>] <add|remove|change> [scs_up=<0-7>]
-	 * [classifier_type=<4|10>]
-	 * [classifier params based on classifier type]
-	 * [tclas_processing=<0|1>] [scs_id=<decimal number>] ...
-	 */
-	pos1 = os_strstr(cmd, "scs_id=");
-	if (!pos1) {
-		wpa_printf(MSG_ERROR, "SCSID not present");
-		return -1;
-	}
-
-	free_up_scs_desc(scs_data);
-
-	while (pos1) {
-		struct scs_desc_elem *n1;
-		struct active_scs_elem *active_scs_desc;
-		char *next_scs_desc;
-		unsigned int num_tclas_elem = 0;
-		bool scsid_active = false;
-
-		desc_elem.scs_id = atoi(pos1 + 7);
-		pos1 += 7;
-
-		next_scs_desc = os_strstr(pos1, "scs_id=");
-		if (next_scs_desc) {
-			char temp[20];
-
-			os_snprintf(temp, sizeof(temp), "scs_id=%d ",
-				    desc_elem.scs_id);
-			if (os_strstr(next_scs_desc, temp)) {
-				wpa_printf(MSG_ERROR,
-					   "Multiple SCS descriptors configured with same SCSID(=%d)",
-					   desc_elem.scs_id);
-				goto free_scs_desc;
-			}
-			pos1[next_scs_desc - pos1 - 1] = '\0';
-		}
-
-		dl_list_for_each(active_scs_desc, &wpa_s->active_scs_ids,
-				 struct active_scs_elem, list) {
-			if (desc_elem.scs_id == active_scs_desc->scs_id) {
-				scsid_active = true;
-				break;
-			}
-		}
-
-		if (os_strstr(pos1, "add ")) {
-			desc_elem.request_type = SCS_REQ_ADD;
-			if (scsid_active) {
-				wpa_printf(MSG_ERROR, "SCSID %d already active",
-					   desc_elem.scs_id);
-				return -1;
-			}
-		} else if (os_strstr(pos1, "remove")) {
-			desc_elem.request_type = SCS_REQ_REMOVE;
-			if (!scsid_active) {
-				wpa_printf(MSG_ERROR, "SCSID %d not active",
-					   desc_elem.scs_id);
-				return -1;
-			}
-			goto scs_desc_end;
-		} else if (os_strstr(pos1, "change ")) {
-			desc_elem.request_type = SCS_REQ_CHANGE;
-			if (!scsid_active) {
-				wpa_printf(MSG_ERROR, "SCSID %d not active",
-					   desc_elem.scs_id);
-				return -1;
-			}
-		} else {
-			wpa_printf(MSG_ERROR, "SCS Request type invalid");
-			goto free_scs_desc;
-		}
-
-		pos1 = os_strstr(pos1, "scs_up=");
-		if (!pos1) {
-			wpa_printf(MSG_ERROR,
-				   "Intra-Access user priority not present");
-			goto free_scs_desc;
-		}
-
-		val = atoi(pos1 + 7);
-		if (val < 0 || val > 7) {
-			wpa_printf(MSG_ERROR,
-				   "Intra-Access user priority invalid %d",
-				   val);
-			goto free_scs_desc;
-		}
-
-		desc_elem.intra_access_priority = val;
-		desc_elem.scs_up_avail = true;
-
-		pos = os_strstr(pos1, "classifier_type=");
-		if (!pos) {
-			wpa_printf(MSG_ERROR, "classifier type empty");
-			goto free_scs_desc;
-		}
-
-		while (pos) {
-			struct tclas_element elem = { 0 }, *n;
-			char *next_tclas_elem;
-
-			val = atoi(pos + 16);
-			if (val != 4 && val != 10) {
-				wpa_printf(MSG_ERROR,
-					   "classifier type invalid %d", val);
-				goto free_scs_desc;
-			}
-
-			elem.classifier_type = val;
-			pos += 16;
-
-			next_tclas_elem = os_strstr(pos, "classifier_type=");
-			if (next_tclas_elem) {
-				pos1 = next_tclas_elem;
-				pos[next_tclas_elem - pos - 1] = '\0';
-			}
-
-			switch (val) {
-			case 4:
-				if (scs_parse_type4(&elem, pos) < 0)
-					goto free_scs_desc;
-				break;
-			case 10:
-				if (scs_parse_type10(&elem, pos) < 0)
-					goto free_scs_desc;
-				break;
-			}
-
-			n = os_realloc(desc_elem.tclas_elems,
-				       (num_tclas_elem + 1) * sizeof(elem));
-			if (!n)
-				goto free_scs_desc;
-
-			desc_elem.tclas_elems = n;
-			os_memcpy((u8 *) desc_elem.tclas_elems +
-				  num_tclas_elem * sizeof(elem),
-				  &elem, sizeof(elem));
-			num_tclas_elem++;
-			desc_elem.num_tclas_elem = num_tclas_elem;
-			pos = next_tclas_elem;
-		}
-
-		if (desc_elem.num_tclas_elem > 1) {
-			pos1 = os_strstr(pos1, "tclas_processing=");
-			if (!pos1) {
-				wpa_printf(MSG_ERROR, "tclas_processing empty");
-				goto free_scs_desc;
-			}
-
-			val = atoi(pos1 + 17);
-			if (val != 0 && val != 1) {
-				wpa_printf(MSG_ERROR,
-					   "tclas_processing invalid");
-				goto free_scs_desc;
-			}
-
-			desc_elem.tclas_processing = val;
-		}
-
-scs_desc_end:
-		n1 = os_realloc(scs_data->scs_desc_elems, (num_scs_desc + 1) *
-				sizeof(struct scs_desc_elem));
-		if (!n1)
-			goto free_scs_desc;
-
-		scs_data->scs_desc_elems = n1;
-		os_memcpy((u8 *) scs_data->scs_desc_elems + num_scs_desc *
-			  sizeof(desc_elem), &desc_elem, sizeof(desc_elem));
-		num_scs_desc++;
-		scs_data->num_scs_desc = num_scs_desc;
-		pos1 = next_scs_desc;
-		os_memset(&desc_elem, 0, sizeof(desc_elem));
-	}
-
-	return wpas_send_scs_req(wpa_s);
-
-free_scs_desc:
-	free_up_tclas_elem(&desc_elem);
-	free_up_scs_desc(scs_data);
-	return -1;
-}
-
-
-static int wpas_ctrl_iface_send_dscp_resp(struct wpa_supplicant *wpa_s,
-					  const char *cmd)
-{
-	char *pos;
-	struct dscp_policy_status *policy = NULL, *n;
-	int num_policies = 0, ret = -1;
-	struct dscp_resp_data resp_data;
-
-	/*
-	 * format:
-	 * <[reset]>/<[solicited] [policy_id=1 status=0...]> [more]
-	 */
-
-	os_memset(&resp_data, 0, sizeof(resp_data));
-
-	resp_data.more = os_strstr(cmd, "more") != NULL;
-
-	if (os_strstr(cmd, "reset")) {
-		resp_data.reset = true;
-		resp_data.solicited = false;
-		goto send_resp;
-	}
-
-	resp_data.solicited = os_strstr(cmd, "solicited") != NULL;
-
-	pos = os_strstr(cmd, "policy_id=");
-	while (pos) {
-		n = os_realloc(policy, (num_policies + 1) * sizeof(*policy));
-		if (!n)
-			goto fail;
-
-		policy = n;
-		pos += 10;
-		policy[num_policies].id = atoi(pos);
-		if (policy[num_policies].id == 0) {
-			wpa_printf(MSG_ERROR, "DSCP: Invalid policy id");
-			goto fail;
-		}
-
-		pos = os_strstr(pos, "status=");
-		if (!pos) {
-			wpa_printf(MSG_ERROR,
-				   "DSCP: Status is not found for a policy");
-			goto fail;
-		}
-
-		pos += 7;
-		policy[num_policies].status = atoi(pos);
-		num_policies++;
-
-		pos = os_strstr(pos, "policy_id");
-	}
-
-	resp_data.policy = policy;
-	resp_data.num_policies = num_policies;
-send_resp:
-	ret = wpas_send_dscp_response(wpa_s, &resp_data);
-	if (ret)
-		wpa_printf(MSG_ERROR, "DSCP: Failed to send DSCP response");
-fail:
-	os_free(policy);
-	return ret;
-}
-
-
-static int wpas_ctrl_iface_send_dscp_query(struct wpa_supplicant *wpa_s,
-					   const char *cmd)
-{
-	char *pos;
-
-	/*
-	 * format:
-	 * Wildcard DSCP query
-	 * <wildcard>
-	 *
-	 * DSCP query with a domain name attribute:
-	 * [domain_name=<string>]
-	 */
-
-	if (os_strstr(cmd, "wildcard")) {
-		wpa_printf(MSG_DEBUG, "QM: Send wildcard DSCP policy query");
-		return wpas_send_dscp_query(wpa_s, NULL, 0);
-	}
-
-	pos = os_strstr(cmd, "domain_name=");
-	if (!pos || !os_strlen(pos + 12)) {
-		wpa_printf(MSG_ERROR, "QM: Domain name not preset");
-		return -1;
-	}
-
-	return wpas_send_dscp_query(wpa_s, pos + 12, os_strlen(pos + 12));
-}
-
-
-char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
-					 char *buf, size_t *resp_len)
-{
-	char *reply;
-	const int reply_size = 4096;
-	int reply_len;
-
-	if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 ||
-	    os_strncmp(buf, "SET_NETWORK ", 12) == 0 ||
-	    os_strncmp(buf, "PMKSA_ADD ", 10) == 0 ||
-	    os_strncmp(buf, "MESH_PMKSA_ADD ", 15) == 0) {
-		if (wpa_debug_show_keys)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Control interface command '%s'", buf);
-		else
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Control interface command '%s [REMOVED]'",
-				os_strncmp(buf, WPA_CTRL_RSP,
-					   os_strlen(WPA_CTRL_RSP)) == 0 ?
-				WPA_CTRL_RSP :
-				(os_strncmp(buf, "SET_NETWORK ", 12) == 0 ?
-				 "SET_NETWORK" : "key-add"));
-	} else if (os_strncmp(buf, "WPS_NFC_TAG_READ", 16) == 0 ||
-		   os_strncmp(buf, "NFC_REPORT_HANDOVER", 19) == 0) {
-		wpa_hexdump_ascii_key(MSG_DEBUG, "RX ctrl_iface",
-				      (const u8 *) buf, os_strlen(buf));
-	} else {
-		int level = wpas_ctrl_cmd_debug_level(buf);
-		wpa_dbg(wpa_s, level, "Control interface command '%s'", buf);
-	}
-
-	reply = os_malloc(reply_size);
-	if (reply == NULL) {
-		*resp_len = 1;
-		return NULL;
-	}
-
-	os_memcpy(reply, "OK\n", 3);
-	reply_len = 3;
-
-	if (os_strcmp(buf, "PING") == 0) {
-		os_memcpy(reply, "PONG\n", 5);
-		reply_len = 5;
-	} else if (os_strcmp(buf, "IFNAME") == 0) {
-		reply_len = os_strlen(wpa_s->ifname);
-		os_memcpy(reply, wpa_s->ifname, reply_len);
-	} else if (os_strncmp(buf, "RELOG", 5) == 0) {
-		if (wpa_debug_reopen_file() < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
-		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
-	} else if (os_strcmp(buf, "MIB") == 0) {
-		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
-		if (reply_len >= 0) {
-			reply_len += eapol_sm_get_mib(wpa_s->eapol,
-						      reply + reply_len,
-						      reply_size - reply_len);
-#ifdef CONFIG_MACSEC
-			reply_len += ieee802_1x_kay_get_mib(
-				wpa_s->kay, reply + reply_len,
-				reply_size - reply_len);
-#endif /* CONFIG_MACSEC */
-		}
-	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_status(
-			wpa_s, buf + 6, reply, reply_size);
-	} else if (os_strcmp(buf, "PMKSA") == 0) {
-		reply_len = wpas_ctrl_iface_pmksa(wpa_s, reply, reply_size);
-	} else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
-		wpas_ctrl_iface_pmksa_flush(wpa_s);
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-	} else if (os_strncmp(buf, "PMKSA_GET ", 10) == 0) {
-		reply_len = wpas_ctrl_iface_pmksa_get(wpa_s, buf + 10,
-						      reply, reply_size);
-	} else if (os_strncmp(buf, "PMKSA_ADD ", 10) == 0) {
-		if (wpas_ctrl_iface_pmksa_add(wpa_s, buf + 10) < 0)
-			reply_len = -1;
-#ifdef CONFIG_MESH
-	} else if (os_strncmp(buf, "MESH_PMKSA_GET ", 15) == 0) {
-		reply_len = wpas_ctrl_iface_mesh_pmksa_get(wpa_s, buf + 15,
-							   reply, reply_size);
-	} else if (os_strncmp(buf, "MESH_PMKSA_ADD ", 15) == 0) {
-		if (wpas_ctrl_iface_mesh_pmksa_add(wpa_s, buf + 15) < 0)
-			reply_len = -1;
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-	} else if (os_strncmp(buf, "SET ", 4) == 0) {
-		if (wpa_supplicant_ctrl_iface_set(wpa_s, buf + 4))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DUMP", 4) == 0) {
-		reply_len = wpa_config_dump_values(wpa_s->conf,
-						   reply, reply_size);
-	} else if (os_strncmp(buf, "GET ", 4) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_get(wpa_s, buf + 4,
-							  reply, reply_size);
-	} else if (os_strcmp(buf, "LOGON") == 0) {
-		eapol_sm_notify_logoff(wpa_s->eapol, false);
-	} else if (os_strcmp(buf, "LOGOFF") == 0) {
-		eapol_sm_notify_logoff(wpa_s->eapol, true);
-	} else if (os_strcmp(buf, "REASSOCIATE") == 0) {
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
-			reply_len = -1;
-		else
-			wpas_request_connection(wpa_s);
-	} else if (os_strcmp(buf, "REATTACH") == 0) {
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED ||
-		    !wpa_s->current_ssid)
-			reply_len = -1;
-		else {
-			wpa_s->reattach = 1;
-			wpas_request_connection(wpa_s);
-		}
-	} else if (os_strcmp(buf, "RECONNECT") == 0) {
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
-			reply_len = -1;
-		else if (wpa_s->disconnected)
-			wpas_request_connection(wpa_s);
-#ifdef IEEE8021X_EAPOL
-	} else if (os_strncmp(buf, "PREAUTH ", 8) == 0) {
-		if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
-			reply_len = -1;
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_IEEE80211R
-	} else if (os_strncmp(buf, "FT_DS ", 6) == 0) {
-		if (wpa_supplicant_ctrl_iface_ft_ds(wpa_s, buf + 6))
-			reply_len = -1;
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_WPS
-	} else if (os_strcmp(buf, "WPS_PBC") == 0) {
-		int res = wpa_supplicant_ctrl_iface_wps_pbc(wpa_s, NULL);
-		if (res == -2) {
-			os_memcpy(reply, "FAIL-PBC-OVERLAP\n", 17);
-			reply_len = 17;
-		} else if (res)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_PBC ", 8) == 0) {
-		int res = wpa_supplicant_ctrl_iface_wps_pbc(wpa_s, buf + 8);
-		if (res == -2) {
-			os_memcpy(reply, "FAIL-PBC-OVERLAP\n", 17);
-			reply_len = 17;
-		} else if (res)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_PIN ", 8) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_wps_pin(wpa_s, buf + 8,
-							      reply,
-							      reply_size);
-	} else if (os_strncmp(buf, "WPS_CHECK_PIN ", 14) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_wps_check_pin(
-			wpa_s, buf + 14, reply, reply_size);
-	} else if (os_strcmp(buf, "WPS_CANCEL") == 0) {
-		if (wpas_wps_cancel(wpa_s))
-			reply_len = -1;
-#ifdef CONFIG_WPS_NFC
-	} else if (os_strcmp(buf, "WPS_NFC") == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_nfc(wpa_s, NULL))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_NFC ", 8) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_nfc(wpa_s, buf + 8))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_NFC_CONFIG_TOKEN ", 21) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_wps_nfc_config_token(
-			wpa_s, buf + 21, reply, reply_size);
-	} else if (os_strncmp(buf, "WPS_NFC_TOKEN ", 14) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_wps_nfc_token(
-			wpa_s, buf + 14, reply, reply_size);
-	} else if (os_strncmp(buf, "WPS_NFC_TAG_READ ", 17) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_nfc_tag_read(wpa_s,
-							       buf + 17))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "NFC_GET_HANDOVER_REQ ", 21) == 0) {
-		reply_len = wpas_ctrl_nfc_get_handover_req(
-			wpa_s, buf + 21, reply, reply_size);
-	} else if (os_strncmp(buf, "NFC_GET_HANDOVER_SEL ", 21) == 0) {
-		reply_len = wpas_ctrl_nfc_get_handover_sel(
-			wpa_s, buf + 21, reply, reply_size);
-	} else if (os_strncmp(buf, "NFC_REPORT_HANDOVER ", 20) == 0) {
-		if (wpas_ctrl_nfc_report_handover(wpa_s, buf + 20))
-			reply_len = -1;
-#endif /* CONFIG_WPS_NFC */
-	} else if (os_strncmp(buf, "WPS_REG ", 8) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_reg(wpa_s, buf + 8))
-			reply_len = -1;
-#ifdef CONFIG_AP
-	} else if (os_strncmp(buf, "WPS_AP_PIN ", 11) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_wps_ap_pin(
-			wpa_s, buf + 11, reply, reply_size);
-#endif /* CONFIG_AP */
-#ifdef CONFIG_WPS_ER
-	} else if (os_strcmp(buf, "WPS_ER_START") == 0) {
-		if (wpas_wps_er_start(wpa_s, NULL))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_ER_START ", 13) == 0) {
-		if (wpas_wps_er_start(wpa_s, buf + 13))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "WPS_ER_STOP") == 0) {
-		wpas_wps_er_stop(wpa_s);
-	} else if (os_strncmp(buf, "WPS_ER_PIN ", 11) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_er_pin(wpa_s, buf + 11))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_ER_PBC ", 11) == 0) {
-		int ret = wpas_wps_er_pbc(wpa_s, buf + 11);
-		if (ret == -2) {
-			os_memcpy(reply, "FAIL-PBC-OVERLAP\n", 17);
-			reply_len = 17;
-		} else if (ret == -3) {
-			os_memcpy(reply, "FAIL-UNKNOWN-UUID\n", 18);
-			reply_len = 18;
-		} else if (ret == -4) {
-			os_memcpy(reply, "FAIL-NO-AP-SETTINGS\n", 20);
-			reply_len = 20;
-		} else if (ret)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_ER_LEARN ", 13) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_er_learn(wpa_s, buf + 13))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_ER_SET_CONFIG ", 18) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_er_set_config(wpa_s,
-								buf + 18))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WPS_ER_CONFIG ", 14) == 0) {
-		if (wpa_supplicant_ctrl_iface_wps_er_config(wpa_s, buf + 14))
-			reply_len = -1;
-#ifdef CONFIG_WPS_NFC
-	} else if (os_strncmp(buf, "WPS_ER_NFC_CONFIG_TOKEN ", 24) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_wps_er_nfc_config_token(
-			wpa_s, buf + 24, reply, reply_size);
-#endif /* CONFIG_WPS_NFC */
-#endif /* CONFIG_WPS_ER */
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_IBSS_RSN
-	} else if (os_strncmp(buf, "IBSS_RSN ", 9) == 0) {
-		if (wpa_supplicant_ctrl_iface_ibss_rsn(wpa_s, buf + 9))
-			reply_len = -1;
-#endif /* CONFIG_IBSS_RSN */
-#ifdef CONFIG_MESH
-	} else if (os_strncmp(buf, "MESH_INTERFACE_ADD ", 19) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_mesh_interface_add(
-			wpa_s, buf + 19, reply, reply_size);
-	} else if (os_strcmp(buf, "MESH_INTERFACE_ADD") == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_mesh_interface_add(
-			wpa_s, "", reply, reply_size);
-	} else if (os_strncmp(buf, "MESH_GROUP_ADD ", 15) == 0) {
-		if (wpa_supplicant_ctrl_iface_mesh_group_add(wpa_s, buf + 15))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "MESH_GROUP_REMOVE ", 18) == 0) {
-		if (wpa_supplicant_ctrl_iface_mesh_group_remove(wpa_s,
-								buf + 18))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "MESH_PEER_REMOVE ", 17) == 0) {
-		if (wpa_supplicant_ctrl_iface_mesh_peer_remove(wpa_s, buf + 17))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "MESH_PEER_ADD ", 14) == 0) {
-		if (wpa_supplicant_ctrl_iface_mesh_peer_add(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "MESH_LINK_PROBE ", 16) == 0) {
-		if (wpa_supplicant_ctrl_iface_mesh_link_probe(wpa_s, buf + 16))
-			reply_len = -1;
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_P2P
-	} else if (os_strncmp(buf, "P2P_FIND ", 9) == 0) {
-		if (p2p_ctrl_find(wpa_s, buf + 8))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_FIND") == 0) {
-		if (p2p_ctrl_find(wpa_s, ""))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_STOP_FIND") == 0) {
-		wpas_p2p_stop_find(wpa_s);
-	} else if (os_strncmp(buf, "P2P_ASP_PROVISION ", 18) == 0) {
-		if (p2p_ctrl_asp_provision(wpa_s, buf + 18))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_ASP_PROVISION_RESP ", 23) == 0) {
-		if (p2p_ctrl_asp_provision_resp(wpa_s, buf + 23))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_CONNECT ", 12) == 0) {
-		reply_len = p2p_ctrl_connect(wpa_s, buf + 12, reply,
-					     reply_size);
-	} else if (os_strncmp(buf, "P2P_LISTEN ", 11) == 0) {
-		if (p2p_ctrl_listen(wpa_s, buf + 11))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_LISTEN") == 0) {
-		if (p2p_ctrl_listen(wpa_s, ""))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_GROUP_REMOVE ", 17) == 0) {
-		if (wpas_p2p_group_remove(wpa_s, buf + 17))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_GROUP_ADD") == 0) {
-		if (p2p_ctrl_group_add(wpa_s, ""))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_GROUP_ADD ", 14) == 0) {
-		if (p2p_ctrl_group_add(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_GROUP_MEMBER ", 17) == 0) {
-		reply_len = p2p_ctrl_group_member(wpa_s, buf + 17, reply,
-						  reply_size);
-	} else if (os_strncmp(buf, "P2P_PROV_DISC ", 14) == 0) {
-		if (p2p_ctrl_prov_disc(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_GET_PASSPHRASE") == 0) {
-		reply_len = p2p_get_passphrase(wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "P2P_SERV_DISC_REQ ", 18) == 0) {
-		reply_len = p2p_ctrl_serv_disc_req(wpa_s, buf + 18, reply,
-						   reply_size);
-	} else if (os_strncmp(buf, "P2P_SERV_DISC_CANCEL_REQ ", 25) == 0) {
-		if (p2p_ctrl_serv_disc_cancel_req(wpa_s, buf + 25) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_SERV_DISC_RESP ", 19) == 0) {
-		if (p2p_ctrl_serv_disc_resp(wpa_s, buf + 19) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_SERVICE_UPDATE") == 0) {
-		wpas_p2p_sd_service_update(wpa_s);
-	} else if (os_strncmp(buf, "P2P_SERV_DISC_EXTERNAL ", 23) == 0) {
-		if (p2p_ctrl_serv_disc_external(wpa_s, buf + 23) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_SERVICE_FLUSH") == 0) {
-		wpas_p2p_service_flush(wpa_s);
-	} else if (os_strncmp(buf, "P2P_SERVICE_ADD ", 16) == 0) {
-		if (p2p_ctrl_service_add(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_SERVICE_DEL ", 16) == 0) {
-		if (p2p_ctrl_service_del(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_SERVICE_REP ", 16) == 0) {
-		if (p2p_ctrl_service_replace(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_REJECT ", 11) == 0) {
-		if (p2p_ctrl_reject(wpa_s, buf + 11) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_INVITE ", 11) == 0) {
-		if (p2p_ctrl_invite(wpa_s, buf + 11) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_PEER ", 9) == 0) {
-		reply_len = p2p_ctrl_peer(wpa_s, buf + 9, reply,
-					      reply_size);
-	} else if (os_strncmp(buf, "P2P_SET ", 8) == 0) {
-		if (p2p_ctrl_set(wpa_s, buf + 8) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_FLUSH") == 0) {
-		p2p_ctrl_flush(wpa_s);
-	} else if (os_strncmp(buf, "P2P_UNAUTHORIZE ", 16) == 0) {
-		if (wpas_p2p_unauthorize(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_CANCEL") == 0) {
-		if (wpas_p2p_cancel(wpa_s))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_PRESENCE_REQ ", 17) == 0) {
-		if (p2p_ctrl_presence_req(wpa_s, buf + 17) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_PRESENCE_REQ") == 0) {
-		if (p2p_ctrl_presence_req(wpa_s, "") < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_EXT_LISTEN ", 15) == 0) {
-		if (p2p_ctrl_ext_listen(wpa_s, buf + 15) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_EXT_LISTEN") == 0) {
-		if (p2p_ctrl_ext_listen(wpa_s, "") < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_REMOVE_CLIENT ", 18) == 0) {
-		if (p2p_ctrl_remove_client(wpa_s, buf + 18) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "P2P_LO_START ", 13) == 0) {
-		if (p2p_ctrl_iface_p2p_lo_start(wpa_s, buf + 13))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "P2P_LO_STOP") == 0) {
-		if (wpas_p2p_lo_stop(wpa_s))
-			reply_len = -1;
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_WIFI_DISPLAY
-	} else if (os_strncmp(buf, "WFD_SUBELEM_SET ", 16) == 0) {
-		if (wifi_display_subelem_set(wpa_s->global, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WFD_SUBELEM_GET ", 16) == 0) {
-		reply_len = wifi_display_subelem_get(wpa_s->global, buf + 16,
-						     reply, reply_size);
-#endif /* CONFIG_WIFI_DISPLAY */
-#ifdef CONFIG_INTERWORKING
-	} else if (os_strcmp(buf, "FETCH_ANQP") == 0) {
-		if (interworking_fetch_anqp(wpa_s) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "STOP_FETCH_ANQP") == 0) {
-		interworking_stop_fetch_anqp(wpa_s);
-	} else if (os_strcmp(buf, "INTERWORKING_SELECT") == 0) {
-		if (ctrl_interworking_select(wpa_s, NULL) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "INTERWORKING_SELECT ", 20) == 0) {
-		if (ctrl_interworking_select(wpa_s, buf + 20) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "INTERWORKING_CONNECT ", 21) == 0) {
-		if (ctrl_interworking_connect(wpa_s, buf + 21, 0) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "INTERWORKING_ADD_NETWORK ", 25) == 0) {
-		int id;
-
-		id = ctrl_interworking_connect(wpa_s, buf + 25, 1);
-		if (id < 0)
-			reply_len = -1;
-		else {
-			reply_len = os_snprintf(reply, reply_size, "%d\n", id);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "ANQP_GET ", 9) == 0) {
-		if (get_anqp(wpa_s, buf + 9) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "GAS_REQUEST ", 12) == 0) {
-		if (gas_request(wpa_s, buf + 12) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "GAS_RESPONSE_GET ", 17) == 0) {
-		reply_len = gas_response_get(wpa_s, buf + 17, reply,
-					     reply_size);
-#endif /* CONFIG_INTERWORKING */
-#ifdef CONFIG_HS20
-	} else if (os_strncmp(buf, "HS20_ANQP_GET ", 14) == 0) {
-		if (get_hs20_anqp(wpa_s, buf + 14) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "HS20_GET_NAI_HOME_REALM_LIST ", 29) == 0) {
-		if (hs20_get_nai_home_realm_list(wpa_s, buf + 29) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "HS20_ICON_REQUEST ", 18) == 0) {
-		if (hs20_icon_request(wpa_s, buf + 18, 0) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "REQ_HS20_ICON ", 14) == 0) {
-		if (hs20_icon_request(wpa_s, buf + 14, 1) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "GET_HS20_ICON ", 14) == 0) {
-		reply_len = get_hs20_icon(wpa_s, buf + 14, reply, reply_size);
-	} else if (os_strncmp(buf, "DEL_HS20_ICON ", 14) == 0) {
-		if (del_hs20_icon(wpa_s, buf + 14) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "FETCH_OSU") == 0) {
-		if (hs20_fetch_osu(wpa_s, 0) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "FETCH_OSU no-scan") == 0) {
-		if (hs20_fetch_osu(wpa_s, 1) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "CANCEL_FETCH_OSU") == 0) {
-		hs20_cancel_fetch_osu(wpa_s);
-#endif /* CONFIG_HS20 */
-	} else if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0)
-	{
-		if (wpa_supplicant_ctrl_iface_ctrl_rsp(
-			    wpa_s, buf + os_strlen(WPA_CTRL_RSP)))
-			reply_len = -1;
-		else {
-			/*
-			 * Notify response from timeout to allow the control
-			 * interface response to be sent first.
-			 */
-			eloop_register_timeout(0, 0, wpas_ctrl_eapol_response,
-					       wpa_s, NULL);
-		}
-	} else if (os_strcmp(buf, "RECONFIGURE") == 0) {
-		if (wpa_supplicant_reload_configuration(wpa_s))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "TERMINATE") == 0) {
-		wpa_supplicant_terminate_proc(wpa_s->global);
-	} else if (os_strncmp(buf, "BSSID ", 6) == 0) {
-		if (wpa_supplicant_ctrl_iface_bssid(wpa_s, buf + 6))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "BSSID_IGNORE", 12) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_bssid_ignore(
-			wpa_s, buf + 12, reply, reply_size);
-	} else if (os_strncmp(buf, "BLACKLIST", 9) == 0) {
-		/* deprecated backwards compatibility alias for BSSID_IGNORE */
-		reply_len = wpa_supplicant_ctrl_iface_bssid_ignore(
-			wpa_s, buf + 9, reply, reply_size);
-	} else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_log_level(
-			wpa_s, buf + 9, reply, reply_size);
-	} else if (os_strncmp(buf, "LIST_NETWORKS ", 14) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_list_networks(
-			wpa_s, buf + 14, reply, reply_size);
-	} else if (os_strcmp(buf, "LIST_NETWORKS") == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_list_networks(
-			wpa_s, NULL, reply, reply_size);
-	} else if (os_strcmp(buf, "DISCONNECT") == 0) {
-		wpas_request_disconnection(wpa_s);
-	} else if (os_strcmp(buf, "SCAN") == 0) {
-		wpas_ctrl_scan(wpa_s, NULL, reply, reply_size, &reply_len);
-	} else if (os_strncmp(buf, "SCAN ", 5) == 0) {
-		wpas_ctrl_scan(wpa_s, buf + 5, reply, reply_size, &reply_len);
-	} else if (os_strcmp(buf, "SCAN_RESULTS") == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_scan_results(
-			wpa_s, reply, reply_size);
-	} else if (os_strcmp(buf, "ABORT_SCAN") == 0) {
-		if (wpas_abort_ongoing_scan(wpa_s) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "SELECT_NETWORK ", 15) == 0) {
-		if (wpa_supplicant_ctrl_iface_select_network(wpa_s, buf + 15))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "ENABLE_NETWORK ", 15) == 0) {
-		if (wpa_supplicant_ctrl_iface_enable_network(wpa_s, buf + 15))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DISABLE_NETWORK ", 16) == 0) {
-		if (wpa_supplicant_ctrl_iface_disable_network(wpa_s, buf + 16))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "ADD_NETWORK") == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_add_network(
-			wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "REMOVE_NETWORK ", 15) == 0) {
-		if (wpa_supplicant_ctrl_iface_remove_network(wpa_s, buf + 15))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "SET_NETWORK ", 12) == 0) {
-		if (wpa_supplicant_ctrl_iface_set_network(wpa_s, buf + 12))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "GET_NETWORK ", 12) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_get_network(
-			wpa_s, buf + 12, reply, reply_size);
-	} else if (os_strncmp(buf, "DUP_NETWORK ", 12) == 0) {
-		if (wpa_supplicant_ctrl_iface_dup_network(wpa_s, buf + 12,
-							  wpa_s))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "LIST_CREDS") == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_list_creds(
-			wpa_s, reply, reply_size);
-	} else if (os_strcmp(buf, "ADD_CRED") == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_add_cred(
-			wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "REMOVE_CRED ", 12) == 0) {
-		if (wpa_supplicant_ctrl_iface_remove_cred(wpa_s, buf + 12))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "SET_CRED ", 9) == 0) {
-		if (wpa_supplicant_ctrl_iface_set_cred(wpa_s, buf + 9))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "GET_CRED ", 9) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_get_cred(wpa_s, buf + 9,
-							       reply,
-							       reply_size);
-#ifndef CONFIG_NO_CONFIG_WRITE
-	} else if (os_strcmp(buf, "SAVE_CONFIG") == 0) {
-		if (wpa_supplicant_ctrl_iface_save_config(wpa_s))
-			reply_len = -1;
-#endif /* CONFIG_NO_CONFIG_WRITE */
-	} else if (os_strncmp(buf, "GET_CAPABILITY ", 15) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_get_capability(
-			wpa_s, buf + 15, reply, reply_size);
-	} else if (os_strncmp(buf, "AP_SCAN ", 8) == 0) {
-		if (wpa_supplicant_ctrl_iface_ap_scan(wpa_s, buf + 8))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "SCAN_INTERVAL ", 14) == 0) {
-		if (wpa_supplicant_ctrl_iface_scan_interval(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "INTERFACE_LIST") == 0) {
-		reply_len = wpa_supplicant_global_iface_list(
-			wpa_s->global, reply, reply_size);
-	} else if (os_strncmp(buf, "INTERFACES", 10) == 0) {
-		reply_len = wpa_supplicant_global_iface_interfaces(
-			wpa_s->global, buf + 10, reply, reply_size);
-	} else if (os_strncmp(buf, "BSS ", 4) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_bss(
-			wpa_s, buf + 4, reply, reply_size);
-#ifdef CONFIG_AP
-	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
-		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "STA ", 4) == 0) {
-		reply_len = ap_ctrl_iface_sta(wpa_s, buf + 4, reply,
-					      reply_size);
-	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
-		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
-						   reply_size);
-	} else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
-		if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
-		if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
-		if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "STOP_AP") == 0) {
-		if (wpas_ap_stop_ap(wpa_s))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "UPDATE_BEACON") == 0) {
-		if (wpas_ap_update_beacon(wpa_s))
-			reply_len = -1;
-#endif /* CONFIG_AP */
-	} else if (os_strcmp(buf, "SUSPEND") == 0) {
-		wpas_notify_suspend(wpa_s->global);
-	} else if (os_strcmp(buf, "RESUME") == 0) {
-		wpas_notify_resume(wpa_s->global);
-#ifdef CONFIG_TESTING_OPTIONS
-	} else if (os_strcmp(buf, "DROP_SA") == 0) {
-		wpa_supplicant_ctrl_iface_drop_sa(wpa_s);
-#endif /* CONFIG_TESTING_OPTIONS */
-	} else if (os_strncmp(buf, "ROAM ", 5) == 0) {
-		if (wpa_supplicant_ctrl_iface_roam(wpa_s, buf + 5))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "STA_AUTOCONNECT ", 16) == 0) {
-		wpa_s->auto_reconnect_disabled = atoi(buf + 16) == 0;
-	} else if (os_strncmp(buf, "BSS_EXPIRE_AGE ", 15) == 0) {
-		if (wpa_supplicant_ctrl_iface_bss_expire_age(wpa_s, buf + 15))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "BSS_EXPIRE_COUNT ", 17) == 0) {
-		if (wpa_supplicant_ctrl_iface_bss_expire_count(wpa_s,
-							       buf + 17))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "BSS_FLUSH ", 10) == 0) {
-		wpa_supplicant_ctrl_iface_bss_flush(wpa_s, buf + 10);
-#ifdef CONFIG_TDLS
-	} else if (os_strncmp(buf, "TDLS_DISCOVER ", 14) == 0) {
-		if (wpa_supplicant_ctrl_iface_tdls_discover(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TDLS_SETUP ", 11) == 0) {
-		if (wpa_supplicant_ctrl_iface_tdls_setup(wpa_s, buf + 11))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TDLS_TEARDOWN ", 14) == 0) {
-		if (wpa_supplicant_ctrl_iface_tdls_teardown(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TDLS_CHAN_SWITCH ", 17) == 0) {
-		if (wpa_supplicant_ctrl_iface_tdls_chan_switch(wpa_s,
-							       buf + 17))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TDLS_CANCEL_CHAN_SWITCH ", 24) == 0) {
-		if (wpa_supplicant_ctrl_iface_tdls_cancel_chan_switch(wpa_s,
-								      buf + 24))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TDLS_LINK_STATUS ", 17) == 0) {
-		reply_len = wpa_supplicant_ctrl_iface_tdls_link_status(
-			wpa_s, buf + 17, reply, reply_size);
-#endif /* CONFIG_TDLS */
-	} else if (os_strcmp(buf, "WMM_AC_STATUS") == 0) {
-		reply_len = wpas_wmm_ac_status(wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "WMM_AC_ADDTS ", 13) == 0) {
-		if (wmm_ac_ctrl_addts(wpa_s, buf + 13))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WMM_AC_DELTS ", 13) == 0) {
-		if (wmm_ac_ctrl_delts(wpa_s, buf + 13))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "SIGNAL_POLL", 11) == 0) {
-		reply_len = wpa_supplicant_signal_poll(wpa_s, reply,
-						       reply_size);
-	} else if (os_strncmp(buf, "SIGNAL_MONITOR", 14) == 0) {
-		if (wpas_ctrl_iface_signal_monitor(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "PKTCNT_POLL", 11) == 0) {
-		reply_len = wpa_supplicant_pktcnt_poll(wpa_s, reply,
-						       reply_size);
-#ifdef CONFIG_AUTOSCAN
-	} else if (os_strncmp(buf, "AUTOSCAN ", 9) == 0) {
-		if (wpa_supplicant_ctrl_iface_autoscan(wpa_s, buf + 9))
-			reply_len = -1;
-#endif /* CONFIG_AUTOSCAN */
-	} else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) {
-		reply_len = wpas_ctrl_iface_driver_flags(wpa_s, reply,
-							 reply_size);
-	} else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) {
-		reply_len = wpas_ctrl_iface_driver_flags2(wpa_s, reply,
-							  reply_size);
-#ifdef ANDROID
-	} else if (os_strncmp(buf, "DRIVER ", 7) == 0) {
-		reply_len = wpa_supplicant_driver_cmd(wpa_s, buf + 7, reply,
-						      reply_size);
-#endif /* ANDROID */
-	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
-		reply_len = wpa_supplicant_vendor_cmd(wpa_s, buf + 7, reply,
-						      reply_size);
-	} else if (os_strcmp(buf, "REAUTHENTICATE") == 0) {
-		pmksa_cache_clear_current(wpa_s->wpa);
-		eapol_sm_request_reauth(wpa_s->eapol);
-#ifdef CONFIG_WNM
-	} else if (os_strncmp(buf, "WNM_SLEEP ", 10) == 0) {
-		if (wpas_ctrl_iface_wnm_sleep(wpa_s, buf + 10))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "WNM_BSS_QUERY ", 14) == 0) {
-		if (wpas_ctrl_iface_wnm_bss_query(wpa_s, buf + 14))
-				reply_len = -1;
-	} else if (os_strncmp(buf, "COLOC_INTF_REPORT ", 18) == 0) {
-		if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
-			reply_len = -1;
-#endif /* CONFIG_WNM */
-	} else if (os_strcmp(buf, "FLUSH") == 0) {
-		wpa_supplicant_ctrl_iface_flush(wpa_s);
-	} else if (os_strncmp(buf, "RADIO_WORK ", 11) == 0) {
-		reply_len = wpas_ctrl_radio_work(wpa_s, buf + 11, reply,
-						 reply_size);
-#ifdef CONFIG_TESTING_OPTIONS
-	} else if (os_strncmp(buf, "MGMT_TX ", 8) == 0) {
-		if (wpas_ctrl_iface_mgmt_tx(wpa_s, buf + 8) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "MGMT_TX_DONE") == 0) {
-		wpas_ctrl_iface_mgmt_tx_done(wpa_s);
-	} else if (os_strncmp(buf, "MGMT_RX_PROCESS ", 16) == 0) {
-		if (wpas_ctrl_iface_mgmt_rx_process(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DRIVER_EVENT ", 13) == 0) {
-		if (wpas_ctrl_iface_driver_event(wpa_s, buf + 13) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) {
-		if (wpas_ctrl_iface_eapol_rx(wpa_s, buf + 9) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) {
-		if (wpas_ctrl_iface_eapol_tx(wpa_s, buf + 9) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) {
-		if (wpas_ctrl_iface_data_test_config(wpa_s, buf + 17) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DATA_TEST_TX ", 13) == 0) {
-		if (wpas_ctrl_iface_data_test_tx(wpa_s, buf + 13) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DATA_TEST_FRAME ", 16) == 0) {
-		if (wpas_ctrl_iface_data_test_frame(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TEST_ALLOC_FAIL ", 16) == 0) {
-		if (wpas_ctrl_test_alloc_fail(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) {
-		reply_len = wpas_ctrl_get_alloc_fail(wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "TEST_FAIL ", 10) == 0) {
-		if (wpas_ctrl_test_fail(wpa_s, buf + 10) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "GET_FAIL") == 0) {
-		reply_len = wpas_ctrl_get_fail(wpa_s, reply, reply_size);
-	} else if (os_strncmp(buf, "EVENT_TEST ", 11) == 0) {
-		if (wpas_ctrl_event_test(wpa_s, buf + 11) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TEST_ASSOC_IE ", 14) == 0) {
-		if (wpas_ctrl_test_assoc_ie(wpa_s, buf + 14) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "RESET_PN") == 0) {
-		if (wpas_ctrl_reset_pn(wpa_s) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "KEY_REQUEST ", 12) == 0) {
-		if (wpas_ctrl_key_request(wpa_s, buf + 12) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "RESEND_ASSOC") == 0) {
-		if (wpas_ctrl_resend_assoc(wpa_s) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "UNPROT_DEAUTH") == 0) {
-		sme_event_unprot_disconnect(
-			wpa_s, wpa_s->bssid, NULL,
-			WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
-	} else if (os_strncmp(buf, "TWT_SETUP ", 10) == 0) {
-		if (wpas_ctrl_iface_send_twt_setup(wpa_s, buf + 9))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "TWT_SETUP") == 0) {
-		if (wpas_ctrl_iface_send_twt_setup(wpa_s, ""))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "TWT_TEARDOWN ", 13) == 0) {
-		if (wpas_ctrl_iface_send_twt_teardown(wpa_s, buf + 12))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "TWT_TEARDOWN") == 0) {
-		if (wpas_ctrl_iface_send_twt_teardown(wpa_s, ""))
-			reply_len = -1;
-#endif /* CONFIG_TESTING_OPTIONS */
-	} else if (os_strncmp(buf, "VENDOR_ELEM_ADD ", 16) == 0) {
-		if (wpas_ctrl_vendor_elem_add(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "VENDOR_ELEM_GET ", 16) == 0) {
-		reply_len = wpas_ctrl_vendor_elem_get(wpa_s, buf + 16, reply,
-						      reply_size);
-	} else if (os_strncmp(buf, "VENDOR_ELEM_REMOVE ", 19) == 0) {
-		if (wpas_ctrl_vendor_elem_remove(wpa_s, buf + 19) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "NEIGHBOR_REP_REQUEST", 20) == 0) {
-		if (wpas_ctrl_iface_send_neighbor_rep(wpa_s, buf + 20))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
-		wpas_ctrl_iface_erp_flush(wpa_s);
-	} else if (os_strncmp(buf, "MAC_RAND_SCAN ", 14) == 0) {
-		if (wpas_ctrl_iface_mac_rand_scan(wpa_s, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "GET_PREF_FREQ_LIST ", 19) == 0) {
-		reply_len = wpas_ctrl_iface_get_pref_freq_list(
-			wpa_s, buf + 19, reply, reply_size);
-#ifdef CONFIG_FILS
-	} else if (os_strncmp(buf, "FILS_HLP_REQ_ADD ", 17) == 0) {
-		if (wpas_ctrl_iface_fils_hlp_req_add(wpa_s, buf + 17))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "FILS_HLP_REQ_FLUSH") == 0) {
-		wpas_flush_fils_hlp_req(wpa_s);
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_DPP
-	} else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) {
-		int res;
-
-		res = wpas_dpp_qr_code(wpa_s, buf + 12);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_NFC_URI ", 12) == 0) {
-		int res;
-
-		res = wpas_dpp_nfc_uri(wpa_s, buf + 12);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_NFC_HANDOVER_REQ ", 21) == 0) {
-		int res;
-
-		res = wpas_dpp_nfc_handover_req(wpa_s, buf + 20);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_NFC_HANDOVER_SEL ", 21) == 0) {
-		int res;
-
-		res = wpas_dpp_nfc_handover_sel(wpa_s, buf + 20);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_GEN ", 18) == 0) {
-		int res;
-
-		res = dpp_bootstrap_gen(wpa_s->dpp, buf + 18);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_REMOVE ", 21) == 0) {
-		if (dpp_bootstrap_remove(wpa_s->dpp, buf + 21) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_GET_URI ", 22) == 0) {
-		const char *uri;
-
-		uri = dpp_bootstrap_get_uri(wpa_s->dpp, atoi(buf + 22));
-		if (!uri) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%s", uri);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_INFO ", 19) == 0) {
-		reply_len = dpp_bootstrap_info(wpa_s->dpp, atoi(buf + 19),
-					       reply, reply_size);
-	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_SET ", 18) == 0) {
-		if (dpp_bootstrap_set(wpa_s->dpp, atoi(buf + 18),
-				      os_strchr(buf + 18, ' ')) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DPP_AUTH_INIT ", 14) == 0) {
-		if (wpas_dpp_auth_init(wpa_s, buf + 13) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DPP_LISTEN ", 11) == 0) {
-		if (wpas_dpp_listen(wpa_s, buf + 11) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "DPP_STOP_LISTEN") == 0) {
-		wpas_dpp_stop(wpa_s);
-		wpas_dpp_listen_stop(wpa_s);
-	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_ADD", 20) == 0) {
-		int res;
-
-		res = dpp_configurator_add(wpa_s->dpp, buf + 20);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_REMOVE ", 24) == 0) {
-		if (dpp_configurator_remove(wpa_s->dpp, buf + 24) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_SIGN ", 22) == 0) {
-		if (wpas_dpp_configurator_sign(wpa_s, buf + 21) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_GET_KEY ", 25) == 0) {
-		reply_len = dpp_configurator_get_key_id(wpa_s->dpp,
-							atoi(buf + 25),
-							reply, reply_size);
-	} else if (os_strncmp(buf, "DPP_PKEX_ADD ", 13) == 0) {
-		int res;
-
-		res = wpas_dpp_pkex_add(wpa_s, buf + 12);
-		if (res < 0) {
-			reply_len = -1;
-		} else {
-			reply_len = os_snprintf(reply, reply_size, "%d", res);
-			if (os_snprintf_error(reply_size, reply_len))
-				reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DPP_PKEX_REMOVE ", 16) == 0) {
-		if (wpas_dpp_pkex_remove(wpa_s, buf + 16) < 0)
-			reply_len = -1;
-#ifdef CONFIG_DPP2
-	} else if (os_strncmp(buf, "DPP_CONTROLLER_START ", 21) == 0) {
-		if (wpas_dpp_controller_start(wpa_s, buf + 20) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "DPP_CONTROLLER_START") == 0) {
-		if (wpas_dpp_controller_start(wpa_s, NULL) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "DPP_CONTROLLER_STOP") == 0) {
-		dpp_controller_stop(wpa_s->dpp);
-	} else if (os_strncmp(buf, "DPP_CHIRP ", 10) == 0) {
-		if (wpas_dpp_chirp(wpa_s, buf + 9) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "DPP_STOP_CHIRP") == 0) {
-		wpas_dpp_chirp_stop(wpa_s);
-	} else if (os_strncmp(buf, "DPP_RECONFIG ", 13) == 0) {
-		if (wpas_dpp_reconfig(wpa_s, buf + 13) < 0)
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DPP_CA_SET ", 11) == 0) {
-		if (wpas_dpp_ca_set(wpa_s, buf + 10) < 0)
-			reply_len = -1;
-#endif /* CONFIG_DPP2 */
-#endif /* CONFIG_DPP */
-	} else if (os_strncmp(buf, "MSCS ", 5) == 0) {
-		if (wpas_ctrl_iface_configure_mscs(wpa_s, buf + 5))
-			reply_len = -1;
-#ifdef CONFIG_PASN
-	} else if (os_strncmp(buf, "PASN_START ", 11) == 0) {
-		if (wpas_ctrl_iface_pasn_start(wpa_s, buf + 11) < 0)
-			reply_len = -1;
-	} else if (os_strcmp(buf, "PASN_STOP") == 0) {
-		wpas_pasn_auth_stop(wpa_s);
-	} else if (os_strcmp(buf, "PTKSA_CACHE_LIST") == 0) {
-		reply_len = ptksa_cache_list(wpa_s->ptksa, reply, reply_size);
-	} else if (os_strncmp(buf, "PASN_DEAUTH ", 12) == 0) {
-		if (wpas_ctrl_iface_pasn_deauthenticate(wpa_s, buf + 12) < 0)
-			reply_len = -1;
-#endif /* CONFIG_PASN */
-	} else if (os_strncmp(buf, "SCS ", 4) == 0) {
-		if (wpas_ctrl_iface_configure_scs(wpa_s, buf + 4))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DSCP_RESP ", 10) == 0) {
-		if (wpas_ctrl_iface_send_dscp_resp(wpa_s, buf + 10))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "DSCP_QUERY ", 11) == 0) {
-		if (wpas_ctrl_iface_send_dscp_query(wpa_s, buf + 11))
-			reply_len = -1;
-	} else {
-		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
-		reply_len = 16;
-	}
-
-	if (reply_len < 0) {
-		os_memcpy(reply, "FAIL\n", 5);
-		reply_len = 5;
-	}
-
-	*resp_len = reply_len;
-	return reply;
-}
-
-
-static int wpa_supplicant_global_iface_add(struct wpa_global *global,
-					   char *cmd)
-{
-	struct wpa_interface iface;
-	char *pos, *extra;
-	struct wpa_supplicant *wpa_s;
-	unsigned int create_iface = 0;
-	u8 mac_addr[ETH_ALEN];
-	enum wpa_driver_if_type type = WPA_IF_STATION;
-
-	/*
-	 * <ifname>TAB<confname>TAB<driver>TAB<ctrl_interface>TAB<driver_param>
-	 * TAB<bridge_ifname>[TAB<create>[TAB<interface_type>]]
-	 */
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE GLOBAL INTERFACE_ADD '%s'", cmd);
-
-	os_memset(&iface, 0, sizeof(iface));
-
-	do {
-		iface.ifname = pos = cmd;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (iface.ifname[0] == '\0')
-			return -1;
-		if (pos == NULL)
-			break;
-
-		iface.confname = pos;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (iface.confname[0] == '\0')
-			iface.confname = NULL;
-		if (pos == NULL)
-			break;
-
-		iface.driver = pos;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (iface.driver[0] == '\0')
-			iface.driver = NULL;
-		if (pos == NULL)
-			break;
-
-		iface.ctrl_interface = pos;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (iface.ctrl_interface[0] == '\0')
-			iface.ctrl_interface = NULL;
-		if (pos == NULL)
-			break;
-
-		iface.driver_param = pos;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (iface.driver_param[0] == '\0')
-			iface.driver_param = NULL;
-		if (pos == NULL)
-			break;
-
-		iface.bridge_ifname = pos;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (iface.bridge_ifname[0] == '\0')
-			iface.bridge_ifname = NULL;
-		if (pos == NULL)
-			break;
-
-		extra = pos;
-		pos = os_strchr(pos, '\t');
-		if (pos)
-			*pos++ = '\0';
-		if (!extra[0])
-			break;
-
-		if (os_strcmp(extra, "create") == 0) {
-			create_iface = 1;
-			if (!pos)
-				break;
-
-			if (os_strcmp(pos, "sta") == 0) {
-				type = WPA_IF_STATION;
-			} else if (os_strcmp(pos, "ap") == 0) {
-				type = WPA_IF_AP_BSS;
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "INTERFACE_ADD unsupported interface type: '%s'",
-					   pos);
-				return -1;
-			}
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "INTERFACE_ADD unsupported extra parameter: '%s'",
-				   extra);
-			return -1;
-		}
-	} while (0);
-
-	if (create_iface) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE creating interface '%s'",
-			   iface.ifname);
-		if (!global->ifaces)
-			return -1;
-		if (wpa_drv_if_add(global->ifaces, type, iface.ifname,
-				   NULL, NULL, NULL, mac_addr, NULL) < 0) {
-			wpa_printf(MSG_ERROR,
-				   "CTRL_IFACE interface creation failed");
-			return -1;
-		}
-
-		wpa_printf(MSG_DEBUG,
-			   "CTRL_IFACE interface '%s' created with MAC addr: "
-			   MACSTR, iface.ifname, MAC2STR(mac_addr));
-	}
-
-	if (wpa_supplicant_get_iface(global, iface.ifname))
-		goto fail;
-
-	wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
-	if (!wpa_s)
-		goto fail;
-	wpa_s->added_vif = create_iface;
-	return 0;
-
-fail:
-	if (create_iface)
-		wpa_drv_if_remove(global->ifaces, WPA_IF_STATION, iface.ifname);
-	return -1;
-}
-
-
-static int wpa_supplicant_global_iface_remove(struct wpa_global *global,
-					      char *cmd)
-{
-	struct wpa_supplicant *wpa_s;
-	int ret;
-	unsigned int delete_iface;
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE GLOBAL INTERFACE_REMOVE '%s'", cmd);
-
-	wpa_s = wpa_supplicant_get_iface(global, cmd);
-	if (wpa_s == NULL)
-		return -1;
-	delete_iface = wpa_s->added_vif;
-	ret = wpa_supplicant_remove_iface(global, wpa_s, 0);
-	if (!ret && delete_iface) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE deleting the interface '%s'",
-			   cmd);
-		ret = wpa_drv_if_remove(global->ifaces, WPA_IF_STATION, cmd);
-	}
-	return ret;
-}
-
-
-static void wpa_free_iface_info(struct wpa_interface_info *iface)
-{
-	struct wpa_interface_info *prev;
-
-	while (iface) {
-		prev = iface;
-		iface = iface->next;
-
-		os_free(prev->ifname);
-		os_free(prev->desc);
-		os_free(prev);
-	}
-}
-
-
-static int wpa_supplicant_global_iface_list(struct wpa_global *global,
-					    char *buf, int len)
-{
-	int i, res;
-	struct wpa_interface_info *iface = NULL, *last = NULL, *tmp;
-	char *pos, *end;
-
-	for (i = 0; wpa_drivers[i]; i++) {
-		const struct wpa_driver_ops *drv = wpa_drivers[i];
-		if (drv->get_interfaces == NULL)
-			continue;
-		tmp = drv->get_interfaces(global->drv_priv[i]);
-		if (tmp == NULL)
-			continue;
-
-		if (last == NULL)
-			iface = last = tmp;
-		else
-			last->next = tmp;
-		while (last->next)
-			last = last->next;
-	}
-
-	pos = buf;
-	end = buf + len;
-	for (tmp = iface; tmp; tmp = tmp->next) {
-		res = os_snprintf(pos, end - pos, "%s\t%s\t%s\n",
-				  tmp->drv_name, tmp->ifname,
-				  tmp->desc ? tmp->desc : "");
-		if (os_snprintf_error(end - pos, res)) {
-			*pos = '\0';
-			break;
-		}
-		pos += res;
-	}
-
-	wpa_free_iface_info(iface);
-
-	return pos - buf;
-}
-
-
-static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
-						  const char *input,
-						  char *buf, int len)
-{
-	int res;
-	char *pos, *end;
-	struct wpa_supplicant *wpa_s;
-	int show_ctrl = 0;
-
-	if (input)
-		show_ctrl = !!os_strstr(input, "ctrl");
-
-	wpa_s = global->ifaces;
-	pos = buf;
-	end = buf + len;
-
-	while (wpa_s) {
-		if (show_ctrl)
-			res = os_snprintf(pos, end - pos, "%s ctrl_iface=%s\n",
-					  wpa_s->ifname,
-					  wpa_s->conf->ctrl_interface ?
-					  wpa_s->conf->ctrl_interface : "N/A");
-		else
-			res = os_snprintf(pos, end - pos, "%s\n",
-					  wpa_s->ifname);
-
-		if (os_snprintf_error(end - pos, res)) {
-			*pos = '\0';
-			break;
-		}
-		pos += res;
-		wpa_s = wpa_s->next;
-	}
-	return pos - buf;
-}
-
-
-static char * wpas_global_ctrl_iface_ifname(struct wpa_global *global,
-					    const char *ifname,
-					    char *cmd, size_t *resp_len)
-{
-	struct wpa_supplicant *wpa_s;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (os_strcmp(ifname, wpa_s->ifname) == 0)
-			break;
-	}
-
-	if (wpa_s == NULL) {
-		char *resp = os_strdup("FAIL-NO-IFNAME-MATCH\n");
-		if (resp)
-			*resp_len = os_strlen(resp);
-		else
-			*resp_len = 1;
-		return resp;
-	}
-
-	return wpa_supplicant_ctrl_iface_process(wpa_s, cmd, resp_len);
-}
-
-
-static char * wpas_global_ctrl_iface_redir_p2p(struct wpa_global *global,
-					       char *buf, size_t *resp_len)
-{
-#ifdef CONFIG_P2P
-	static const char * cmd[] = {
-		"LIST_NETWORKS",
-		"P2P_FIND",
-		"P2P_STOP_FIND",
-		"P2P_LISTEN",
-		"P2P_GROUP_ADD",
-		"P2P_GET_PASSPHRASE",
-		"P2P_SERVICE_UPDATE",
-		"P2P_SERVICE_FLUSH",
-		"P2P_FLUSH",
-		"P2P_CANCEL",
-		"P2P_PRESENCE_REQ",
-		"P2P_EXT_LISTEN",
-#ifdef CONFIG_AP
-		"STA-FIRST",
-#endif /* CONFIG_AP */
-		NULL
-	};
-	static const char * prefix[] = {
-#ifdef ANDROID
-		"DRIVER ",
-#endif /* ANDROID */
-		"GET_CAPABILITY ",
-		"GET_NETWORK ",
-		"REMOVE_NETWORK ",
-		"P2P_FIND ",
-		"P2P_CONNECT ",
-		"P2P_LISTEN ",
-		"P2P_GROUP_REMOVE ",
-		"P2P_GROUP_ADD ",
-		"P2P_GROUP_MEMBER ",
-		"P2P_PROV_DISC ",
-		"P2P_SERV_DISC_REQ ",
-		"P2P_SERV_DISC_CANCEL_REQ ",
-		"P2P_SERV_DISC_RESP ",
-		"P2P_SERV_DISC_EXTERNAL ",
-		"P2P_SERVICE_ADD ",
-		"P2P_SERVICE_DEL ",
-		"P2P_SERVICE_REP ",
-		"P2P_REJECT ",
-		"P2P_INVITE ",
-		"P2P_PEER ",
-		"P2P_SET ",
-		"P2P_UNAUTHORIZE ",
-		"P2P_PRESENCE_REQ ",
-		"P2P_EXT_LISTEN ",
-		"P2P_REMOVE_CLIENT ",
-		"WPS_NFC_TOKEN ",
-		"WPS_NFC_TAG_READ ",
-		"NFC_GET_HANDOVER_SEL ",
-		"NFC_GET_HANDOVER_REQ ",
-		"NFC_REPORT_HANDOVER ",
-		"P2P_ASP_PROVISION ",
-		"P2P_ASP_PROVISION_RESP ",
-#ifdef CONFIG_AP
-		"STA ",
-		"STA-NEXT ",
-#endif /* CONFIG_AP */
-		NULL
-	};
-	int found = 0;
-	int i;
-
-	if (global->p2p_init_wpa_s == NULL)
-		return NULL;
-
-	for (i = 0; !found && cmd[i]; i++) {
-		if (os_strcmp(buf, cmd[i]) == 0)
-			found = 1;
-	}
-
-	for (i = 0; !found && prefix[i]; i++) {
-		if (os_strncmp(buf, prefix[i], os_strlen(prefix[i])) == 0)
-			found = 1;
-	}
-
-	if (found)
-		return wpa_supplicant_ctrl_iface_process(global->p2p_init_wpa_s,
-							 buf, resp_len);
-#endif /* CONFIG_P2P */
-	return NULL;
-}
-
-
-static char * wpas_global_ctrl_iface_redir_wfd(struct wpa_global *global,
-					       char *buf, size_t *resp_len)
-{
-#ifdef CONFIG_WIFI_DISPLAY
-	if (global->p2p_init_wpa_s == NULL)
-		return NULL;
-	if (os_strncmp(buf, "WFD_SUBELEM_SET ", 16) == 0 ||
-	    os_strncmp(buf, "WFD_SUBELEM_GET ", 16) == 0)
-		return wpa_supplicant_ctrl_iface_process(global->p2p_init_wpa_s,
-							 buf, resp_len);
-#endif /* CONFIG_WIFI_DISPLAY */
-	return NULL;
-}
-
-
-static char * wpas_global_ctrl_iface_redir(struct wpa_global *global,
-					   char *buf, size_t *resp_len)
-{
-	char *ret;
-
-	ret = wpas_global_ctrl_iface_redir_p2p(global, buf, resp_len);
-	if (ret)
-		return ret;
-
-	ret = wpas_global_ctrl_iface_redir_wfd(global, buf, resp_len);
-	if (ret)
-		return ret;
-
-	return NULL;
-}
-
-
-static int wpas_global_ctrl_iface_set(struct wpa_global *global, char *cmd)
-{
-	char *value;
-
-	value = os_strchr(cmd, ' ');
-	if (value == NULL)
-		return -1;
-	*value++ = '\0';
-
-	wpa_printf(MSG_DEBUG, "GLOBAL_CTRL_IFACE SET '%s'='%s'", cmd, value);
-
-#ifdef CONFIG_WIFI_DISPLAY
-	if (os_strcasecmp(cmd, "wifi_display") == 0) {
-		wifi_display_enable(global, !!atoi(value));
-		return 0;
-	}
-#endif /* CONFIG_WIFI_DISPLAY */
-
-	/* Restore cmd to its original value to allow redirection */
-	value[-1] = ' ';
-
-	return -1;
-}
-
-
-static int wpas_global_ctrl_iface_dup_network(struct wpa_global *global,
-					      char *cmd)
-{
-	struct wpa_supplicant *wpa_s[2]; /* src, dst */
-	char *p;
-	unsigned int i;
-
-	/* cmd: "<src ifname> <dst ifname> <src network id> <dst network id>
-	 * <variable name> */
-
-	for (i = 0; i < ARRAY_SIZE(wpa_s) ; i++) {
-		p = os_strchr(cmd, ' ');
-		if (p == NULL)
-			return -1;
-		*p = '\0';
-
-		wpa_s[i] = global->ifaces;
-		for (; wpa_s[i]; wpa_s[i] = wpa_s[i]->next) {
-			if (os_strcmp(cmd, wpa_s[i]->ifname) == 0)
-				break;
-		}
-
-		if (!wpa_s[i]) {
-			wpa_printf(MSG_DEBUG,
-				   "CTRL_IFACE: Could not find iface=%s", cmd);
-			return -1;
-		}
-
-		cmd = p + 1;
-	}
-
-	return wpa_supplicant_ctrl_iface_dup_network(wpa_s[0], cmd, wpa_s[1]);
-}
-
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-static int wpas_global_ctrl_iface_save_config(struct wpa_global *global)
-{
-	int ret = 0, saved = 0;
-	struct wpa_supplicant *wpa_s;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (!wpa_s->conf->update_config) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Not allowed to update configuration (update_config=0)");
-			continue;
-		}
-
-		if (wpa_config_write(wpa_s->confname, wpa_s->conf)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Failed to update configuration");
-			ret = 1;
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Configuration updated");
-			saved++;
-		}
-	}
-
-	if (!saved && !ret) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"CTRL_IFACE: SAVE_CONFIG - No configuration files could be updated");
-		ret = 1;
-	}
-
-	return ret;
-}
-#endif /* CONFIG_NO_CONFIG_WRITE */
-
-
-static int wpas_global_ctrl_iface_status(struct wpa_global *global,
-					 char *buf, size_t buflen)
-{
-	char *pos, *end;
-	int ret;
-	struct wpa_supplicant *wpa_s;
-
-	pos = buf;
-	end = buf + buflen;
-
-#ifdef CONFIG_P2P
-	if (global->p2p && !global->p2p_disabled) {
-		ret = os_snprintf(pos, end - pos, "p2p_device_address=" MACSTR
-				  "\n"
-				  "p2p_state=%s\n",
-				  MAC2STR(global->p2p_dev_addr),
-				  p2p_get_state_txt(global->p2p));
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	} else if (global->p2p) {
-		ret = os_snprintf(pos, end - pos, "p2p_state=DISABLED\n");
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_WIFI_DISPLAY
-	ret = os_snprintf(pos, end - pos, "wifi_display=%d\n",
-			  !!global->wifi_display);
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-#endif /* CONFIG_WIFI_DISPLAY */
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		ret = os_snprintf(pos, end - pos, "ifname=%s\n"
-				  "address=" MACSTR "\n",
-				  wpa_s->ifname, MAC2STR(wpa_s->own_addr));
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	return pos - buf;
-}
-
-
-#ifdef CONFIG_FST
-
-static int wpas_global_ctrl_iface_fst_attach(struct wpa_global *global,
-					     char *cmd, char *buf,
-					     size_t reply_size)
-{
-	char ifname[IFNAMSIZ + 1];
-	struct fst_iface_cfg cfg;
-	struct wpa_supplicant *wpa_s;
-	struct fst_wpa_obj iface_obj;
-
-	if (!fst_parse_attach_command(cmd, ifname, sizeof(ifname), &cfg)) {
-		wpa_s = wpa_supplicant_get_iface(global, ifname);
-		if (wpa_s) {
-			if (wpa_s->fst) {
-				wpa_printf(MSG_INFO, "FST: Already attached");
-				return -1;
-			}
-			fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
-			wpa_s->fst = fst_attach(ifname, wpa_s->own_addr,
-						&iface_obj, &cfg);
-			if (wpa_s->fst)
-				return os_snprintf(buf, reply_size, "OK\n");
-		}
-	}
-
-	return -1;
-}
-
-
-static int wpas_global_ctrl_iface_fst_detach(struct wpa_global *global,
-					     char *cmd, char *buf,
-					     size_t reply_size)
-{
-	char ifname[IFNAMSIZ + 1];
-	struct wpa_supplicant *wpa_s;
-
-	if (!fst_parse_detach_command(cmd, ifname, sizeof(ifname))) {
-		wpa_s = wpa_supplicant_get_iface(global, ifname);
-		if (wpa_s) {
-			if (!fst_iface_detach(ifname)) {
-				wpa_s->fst = NULL;
-				return os_snprintf(buf, reply_size, "OK\n");
-			}
-		}
-	}
-
-	return -1;
-}
-
-#endif /* CONFIG_FST */
-
-
-char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
-						char *buf, size_t *resp_len)
-{
-	char *reply;
-	const int reply_size = 2048;
-	int reply_len;
-	int level = MSG_DEBUG;
-
-	if (os_strncmp(buf, "IFNAME=", 7) == 0) {
-		char *pos = os_strchr(buf + 7, ' ');
-		if (pos) {
-			*pos++ = '\0';
-			return wpas_global_ctrl_iface_ifname(global,
-							     buf + 7, pos,
-							     resp_len);
-		}
-	}
-
-	reply = wpas_global_ctrl_iface_redir(global, buf, resp_len);
-	if (reply)
-		return reply;
-
-	if (os_strcmp(buf, "PING") == 0)
-		level = MSG_EXCESSIVE;
-	wpa_hexdump_ascii(level, "RX global ctrl_iface",
-			  (const u8 *) buf, os_strlen(buf));
-
-	reply = os_malloc(reply_size);
-	if (reply == NULL) {
-		*resp_len = 1;
-		return NULL;
-	}
-
-	os_memcpy(reply, "OK\n", 3);
-	reply_len = 3;
-
-	if (os_strcmp(buf, "PING") == 0) {
-		os_memcpy(reply, "PONG\n", 5);
-		reply_len = 5;
-	} else if (os_strncmp(buf, "INTERFACE_ADD ", 14) == 0) {
-		if (wpa_supplicant_global_iface_add(global, buf + 14))
-			reply_len = -1;
-	} else if (os_strncmp(buf, "INTERFACE_REMOVE ", 17) == 0) {
-		if (wpa_supplicant_global_iface_remove(global, buf + 17))
-			reply_len = -1;
-	} else if (os_strcmp(buf, "INTERFACE_LIST") == 0) {
-		reply_len = wpa_supplicant_global_iface_list(
-			global, reply, reply_size);
-	} else if (os_strncmp(buf, "INTERFACES", 10) == 0) {
-		reply_len = wpa_supplicant_global_iface_interfaces(
-			global, buf + 10, reply, reply_size);
-#ifdef CONFIG_FST
-	} else if (os_strncmp(buf, "FST-ATTACH ", 11) == 0) {
-		reply_len = wpas_global_ctrl_iface_fst_attach(global, buf + 11,
-							      reply,
-							      reply_size);
-	} else if (os_strncmp(buf, "FST-DETACH ", 11) == 0) {
-		reply_len = wpas_global_ctrl_iface_fst_detach(global, buf + 11,
-							      reply,
-							      reply_size);
-	} else if (os_strncmp(buf, "FST-MANAGER ", 12) == 0) {
-		reply_len = fst_ctrl_iface_receive(buf + 12, reply, reply_size);
-#endif /* CONFIG_FST */
-	} else if (os_strcmp(buf, "TERMINATE") == 0) {
-		wpa_supplicant_terminate_proc(global);
-	} else if (os_strcmp(buf, "SUSPEND") == 0) {
-		wpas_notify_suspend(global);
-	} else if (os_strcmp(buf, "RESUME") == 0) {
-		wpas_notify_resume(global);
-	} else if (os_strncmp(buf, "SET ", 4) == 0) {
-		if (wpas_global_ctrl_iface_set(global, buf + 4)) {
-#ifdef CONFIG_P2P
-			if (global->p2p_init_wpa_s) {
-				os_free(reply);
-				/* Check if P2P redirection would work for this
-				 * command. */
-				return wpa_supplicant_ctrl_iface_process(
-					global->p2p_init_wpa_s,
-					buf, resp_len);
-			}
-#endif /* CONFIG_P2P */
-			reply_len = -1;
-		}
-	} else if (os_strncmp(buf, "DUP_NETWORK ", 12) == 0) {
-		if (wpas_global_ctrl_iface_dup_network(global, buf + 12))
-			reply_len = -1;
-#ifndef CONFIG_NO_CONFIG_WRITE
-	} else if (os_strcmp(buf, "SAVE_CONFIG") == 0) {
-		if (wpas_global_ctrl_iface_save_config(global))
-			reply_len = -1;
-#endif /* CONFIG_NO_CONFIG_WRITE */
-	} else if (os_strcmp(buf, "STATUS") == 0) {
-		reply_len = wpas_global_ctrl_iface_status(global, reply,
-							  reply_size);
-#ifdef CONFIG_MODULE_TESTS
-	} else if (os_strcmp(buf, "MODULE_TESTS") == 0) {
-		if (wpas_module_tests() < 0)
-			reply_len = -1;
-#endif /* CONFIG_MODULE_TESTS */
-	} else if (os_strncmp(buf, "RELOG", 5) == 0) {
-		if (wpa_debug_reopen_file() < 0)
-			reply_len = -1;
-	} else {
-		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
-		reply_len = 16;
-	}
-
-	if (reply_len < 0) {
-		os_memcpy(reply, "FAIL\n", 5);
-		reply_len = 5;
-	}
-
-	*resp_len = reply_len;
-	return reply;
-}
diff --git a/wpa_supplicant/ctrl_iface.h b/wpa_supplicant/ctrl_iface.h
deleted file mode 100644
index dfbd25a03b1b..000000000000
--- a/wpa_supplicant/ctrl_iface.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * WPA Supplicant / UNIX domain socket -based control interface
- * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef CTRL_IFACE_H
-#define CTRL_IFACE_H
-
-#ifdef CONFIG_CTRL_IFACE
-
-#ifndef CTRL_IFACE_MAX_LEN
-#define CTRL_IFACE_MAX_LEN 8192
-#endif /* CTRL_IFACE_MAX_LEN */
-
-/* Shared functions from ctrl_iface.c; to be called by ctrl_iface backends */
-
-/**
- * wpa_supplicant_ctrl_iface_process - Process ctrl_iface command
- * @wpa_s: Pointer to wpa_supplicant data
- * @buf: Received command buffer (nul terminated string)
- * @resp_len: Variable to be set to the response length
- * Returns: Response (*resp_len bytes) or %NULL on failure
- *
- * Control interface backends call this function when receiving a message that
- * they do not process internally, i.e., anything else than ATTACH, DETACH,
- * and LEVEL. The return response value is then sent to the external program
- * that sent the command. Caller is responsible for freeing the buffer after
- * this. If %NULL is returned, *resp_len can be set to two special values:
- * 1 = send "FAIL\n" response, 2 = send "OK\n" response. If *resp_len has any
- * other value, no response is sent.
- */
-char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
-					 char *buf, size_t *resp_len);
-
-/**
- * wpa_supplicant_global_ctrl_iface_process - Process global ctrl_iface command
- * @global: Pointer to global data from wpa_supplicant_init()
- * @buf: Received command buffer (nul terminated string)
- * @resp_len: Variable to be set to the response length
- * Returns: Response (*resp_len bytes) or %NULL on failure
- *
- * Control interface backends call this function when receiving a message from
- * the global ctrl_iface connection. The return response value is then sent to
- * the external program that sent the command. Caller is responsible for
- * freeing the buffer after this. If %NULL is returned, *resp_len can be set to
- * two special values: 1 = send "FAIL\n" response, 2 = send "OK\n" response. If
- * *resp_len has any other value, no response is sent.
- */
-char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
-						char *buf, size_t *resp_len);
-
-
-/* Functions that each ctrl_iface backend must implement */
-
-/**
- * wpa_supplicant_ctrl_iface_init - Initialize control interface
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: Pointer to private data on success, %NULL on failure
- *
- * Initialize the control interface and start receiving commands from external
- * programs.
- *
- * Required to be implemented in each control interface backend.
- */
-struct ctrl_iface_priv *
-wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s);
-
-/**
- * wpa_supplicant_ctrl_iface_deinit - Deinitialize control interface
- * @wpa_s: Pointer to wpa_supplicant data
- * @priv: Pointer to private data from wpa_supplicant_ctrl_iface_init()
- *
- * Deinitialize the control interface that was initialized with
- * wpa_supplicant_ctrl_iface_init() and any data related to the wpa_s instance.
- * @priv may be %NULL if the control interface has not yet been initialized.
- *
- * Required to be implemented in each control interface backend.
- */
-void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
-				      struct ctrl_iface_priv *priv);
-
-/**
- * wpa_supplicant_ctrl_iface_wait - Wait for ctrl_iface monitor
- * @priv: Pointer to private data from wpa_supplicant_ctrl_iface_init()
- *
- * Wait until the first message from an external program using the control
- * interface is received. This function can be used to delay normal startup
- * processing to allow control interface programs to attach with
- * %wpa_supplicant before normal operations are started.
- *
- * Required to be implemented in each control interface backend.
- */
-void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv);
-
-/**
- * wpa_supplicant_global_ctrl_iface_init - Initialize global control interface
- * @global: Pointer to global data from wpa_supplicant_init()
- * Returns: Pointer to private data on success, %NULL on failure
- *
- * Initialize the global control interface and start receiving commands from
- * external programs.
- *
- * Required to be implemented in each control interface backend.
- */
-struct ctrl_iface_global_priv *
-wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global);
-
-/**
- * wpa_supplicant_global_ctrl_iface_deinit - Deinitialize global ctrl interface
- * @priv: Pointer to private data from wpa_supplicant_global_ctrl_iface_init()
- *
- * Deinitialize the global control interface that was initialized with
- * wpa_supplicant_global_ctrl_iface_init().
- *
- * Required to be implemented in each control interface backend.
- */
-void wpa_supplicant_global_ctrl_iface_deinit(
-	struct ctrl_iface_global_priv *priv);
-
-void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s);
-
-#else /* CONFIG_CTRL_IFACE */
-
-static inline struct ctrl_iface_priv *
-wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
-{
-	return (void *) -1;
-}
-
-static inline void
-wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
-				 struct ctrl_iface_priv *priv)
-{
-}
-
-static inline void
-wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv, int level,
-			       char *buf, size_t len)
-{
-}
-
-static inline void
-wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
-{
-}
-
-static inline struct ctrl_iface_global_priv *
-wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
-{
-	return (void *) 1;
-}
-
-static inline void
-wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
-{
-}
-
-static inline void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
-{
-}
-
-#endif /* CONFIG_CTRL_IFACE */
-
-#endif /* CTRL_IFACE_H */
diff --git a/wpa_supplicant/ctrl_iface_named_pipe.c b/wpa_supplicant/ctrl_iface_named_pipe.c
deleted file mode 100644
index bddc0414245e..000000000000
--- a/wpa_supplicant/ctrl_iface_named_pipe.c
+++ /dev/null
@@ -1,831 +0,0 @@
-/*
- * WPA Supplicant / Windows Named Pipe -based control interface
- * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "config.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "wpa_supplicant_i.h"
-#include "ctrl_iface.h"
-#include "common/wpa_ctrl.h"
-
-#ifdef __MINGW32_VERSION
-/* mingw-w32api v3.1 does not yet include sddl.h, so define needed parts here
- */
-#define SDDL_REVISION_1 1
-BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
-	LPCSTR, DWORD, PSECURITY_DESCRIPTOR *, PULONG);
-BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
-	LPCWSTR, DWORD, PSECURITY_DESCRIPTOR *, PULONG);
-#ifdef UNICODE
-#define ConvertStringSecurityDescriptorToSecurityDescriptor \
-ConvertStringSecurityDescriptorToSecurityDescriptorW
-#else
-#define ConvertStringSecurityDescriptorToSecurityDescriptor \
-ConvertStringSecurityDescriptorToSecurityDescriptorA
-#endif
-#else /* __MINGW32_VERSION */
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0500
-#endif
-#include <sddl.h>
-#endif /* __MINGW32_VERSION */
-
-#ifndef WPA_SUPPLICANT_NAMED_PIPE
-#define WPA_SUPPLICANT_NAMED_PIPE "WpaSupplicant"
-#endif
-#define NAMED_PIPE_PREFIX TEXT("\\\\.\\pipe\\") TEXT(WPA_SUPPLICANT_NAMED_PIPE)
-
-/* Per-interface ctrl_iface */
-
-#define REQUEST_BUFSIZE CTRL_IFACE_MAX_LEN
-#define REPLY_BUFSIZE 4096
-
-struct ctrl_iface_priv;
-
-/**
- * struct wpa_ctrl_dst - Internal data structure of control interface clients
- *
- * This structure is used to store information about registered control
- * interface monitors into struct wpa_supplicant. This data is private to
- * ctrl_iface_named_pipe.c and should not be touched directly from other files.
- */
-struct wpa_ctrl_dst {
-	/* Note: OVERLAPPED must be the first member of struct wpa_ctrl_dst */
-	OVERLAPPED overlap;
-	struct wpa_ctrl_dst *next, *prev;
-	struct ctrl_iface_priv *priv;
-	HANDLE pipe;
-	int attached;
-	int debug_level;
-	int errors;
-	char req_buf[REQUEST_BUFSIZE];
-	char *rsp_buf;
-	int used;
-};
-
-
-struct ctrl_iface_priv {
-	struct wpa_supplicant *wpa_s;
-	struct wpa_ctrl_dst *ctrl_dst;
-	SECURITY_ATTRIBUTES attr;
-	int sec_attr_set;
-};
-
-
-static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
-					   int level, const char *buf,
-					   size_t len);
-
-static void ctrl_close_pipe(struct wpa_ctrl_dst *dst);
-static void wpa_supplicant_ctrl_iface_receive(void *, void *);
-static VOID WINAPI ctrl_iface_read_completed(DWORD err, DWORD bytes,
-					     LPOVERLAPPED overlap);
-
-struct wpa_global_dst;
-static void global_close_pipe(struct wpa_global_dst *dst);
-static void wpa_supplicant_global_iface_receive(void *eloop_data,
-						void *user_ctx);
-static VOID WINAPI global_iface_read_completed(DWORD err, DWORD bytes,
-					       LPOVERLAPPED overlap);
-
-
-static int ctrl_broken_pipe(HANDLE pipe, int used)
-{
-	DWORD err;
-
-	if (PeekNamedPipe(pipe, NULL, 0, NULL, NULL, NULL))
-		return 0;
-
-	err = GetLastError();
-	if (err == ERROR_BROKEN_PIPE || (err == ERROR_BAD_PIPE && used))
-		return 1;
-	return 0;
-}
-
-
-static void ctrl_flush_broken_pipes(struct ctrl_iface_priv *priv)
-{
-	struct wpa_ctrl_dst *dst, *next;
-
-	dst = priv->ctrl_dst;
-
-	while (dst) {
-		next = dst->next;
-		if (ctrl_broken_pipe(dst->pipe, dst->used)) {
-			wpa_printf(MSG_DEBUG, "CTRL: closing broken pipe %p",
-				   dst);
-			ctrl_close_pipe(dst);
-		}
-		dst = next;
-	}
-}
-
-
-static int ctrl_open_pipe(struct ctrl_iface_priv *priv)
-{
-	struct wpa_ctrl_dst *dst;
-	DWORD err;
-	TCHAR name[256];
-
-	dst = os_zalloc(sizeof(*dst));
-	if (dst == NULL)
-		return -1;
-	wpa_printf(MSG_DEBUG, "CTRL: Open pipe %p", dst);
-
-	dst->priv = priv;
-	dst->debug_level = MSG_INFO;
-	dst->pipe = INVALID_HANDLE_VALUE;
-
-	dst->overlap.hEvent = CreateEvent(NULL, TRUE, TRUE, NULL);
-	if (dst->overlap.hEvent == NULL) {
-		wpa_printf(MSG_ERROR, "CTRL: CreateEvent failed: %d",
-			   (int) GetLastError());
-		goto fail;
-	}
-
-	eloop_register_event(dst->overlap.hEvent,
-			     sizeof(dst->overlap.hEvent),
-			     wpa_supplicant_ctrl_iface_receive, dst, NULL);
-
-#ifdef UNICODE
-	_snwprintf(name, 256, NAMED_PIPE_PREFIX TEXT("-%S"),
-		   priv->wpa_s->ifname);
-#else /* UNICODE */
-	os_snprintf(name, 256, NAMED_PIPE_PREFIX "-%s",
-		    priv->wpa_s->ifname);
-#endif /* UNICODE */
-
-	/* TODO: add support for configuring access list for the pipe */
-	dst->pipe = CreateNamedPipe(name,
-				    PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
-				    PIPE_TYPE_MESSAGE |
-				    PIPE_READMODE_MESSAGE |
-				    PIPE_WAIT,
-				    15, REPLY_BUFSIZE, REQUEST_BUFSIZE,
-				    1000,
-				    priv->sec_attr_set ? &priv->attr : NULL);
-	if (dst->pipe == INVALID_HANDLE_VALUE) {
-		wpa_printf(MSG_ERROR, "CTRL: CreateNamedPipe failed: %d",
-			   (int) GetLastError());
-		goto fail;
-	}
-
-	if (ConnectNamedPipe(dst->pipe, &dst->overlap)) {
-		wpa_printf(MSG_ERROR, "CTRL: ConnectNamedPipe failed: %d",
-			   (int) GetLastError());
-		CloseHandle(dst->pipe);
-		os_free(dst);
-		return -1;
-	}
-
-	err = GetLastError();
-	switch (err) {
-	case ERROR_IO_PENDING:
-		wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: connection in "
-			   "progress");
-		break;
-	case ERROR_PIPE_CONNECTED:
-		wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: already "
-			   "connected");
-		if (SetEvent(dst->overlap.hEvent))
-			break;
-		/* fall through */
-	default:
-		wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe error: %d",
-			   (int) err);
-		CloseHandle(dst->pipe);
-		os_free(dst);
-		return -1;
-	}
-
-	dst->next = priv->ctrl_dst;
-	if (dst->next)
-		dst->next->prev = dst;
-	priv->ctrl_dst = dst;
-
-	return 0;
-
-fail:
-	ctrl_close_pipe(dst);
-	return -1;
-}
-
-
-static void ctrl_close_pipe(struct wpa_ctrl_dst *dst)
-{
-	wpa_printf(MSG_DEBUG, "CTRL: close pipe %p", dst);
-
-	if (dst->overlap.hEvent) {
-		eloop_unregister_event(dst->overlap.hEvent,
-				       sizeof(dst->overlap.hEvent));
-		CloseHandle(dst->overlap.hEvent);
-	}
-
-	if (dst->pipe != INVALID_HANDLE_VALUE) {
-		/*
-		 * Could use FlushFileBuffers() here to guarantee that all data
-		 * gets delivered to the client, but that can block, so let's
-		 * not do this for now.
-		 * FlushFileBuffers(dst->pipe);
-		 */
-		CloseHandle(dst->pipe);
-	}
-
-	if (dst->prev)
-		dst->prev->next = dst->next;
-	else
-		dst->priv->ctrl_dst = dst->next;
-	if (dst->next)
-		dst->next->prev = dst->prev;
-
-	os_free(dst->rsp_buf);
-	os_free(dst);
-}
-
-
-static VOID WINAPI ctrl_iface_write_completed(DWORD err, DWORD bytes,
-					      LPOVERLAPPED overlap)
-{
-	struct wpa_ctrl_dst *dst = (struct wpa_ctrl_dst *) overlap;
-	wpa_printf(MSG_DEBUG, "CTRL: Overlapped write completed: dst=%p "
-		   "err=%d bytes=%d", dst, (int) err, (int) bytes);
-	if (err) {
-		ctrl_close_pipe(dst);
-		return;
-	}
-
-	os_free(dst->rsp_buf);
-	dst->rsp_buf = NULL;
-
-	if (!ReadFileEx(dst->pipe, dst->req_buf, sizeof(dst->req_buf),
-			&dst->overlap, ctrl_iface_read_completed)) {
-		wpa_printf(MSG_DEBUG, "CTRL: ReadFileEx failed: %d",
-			   (int) GetLastError());
-		ctrl_close_pipe(dst);
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "CTRL: Overlapped read started for %p", dst);
-}
-
-
-static void wpa_supplicant_ctrl_iface_rx(struct wpa_ctrl_dst *dst, size_t len)
-{
-	struct wpa_supplicant *wpa_s = dst->priv->wpa_s;
-	char *reply = NULL, *send_buf;
-	size_t reply_len = 0, send_len;
-	int new_attached = 0;
-	char *buf = dst->req_buf;
-
-	dst->used = 1;
-	if (len >= REQUEST_BUFSIZE)
-		len = REQUEST_BUFSIZE - 1;
-	buf[len] = '\0';
-
-	if (os_strcmp(buf, "ATTACH") == 0) {
-		dst->attached = 1;
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached");
-		new_attached = 1;
-		reply_len = 2;
-	} else if (os_strcmp(buf, "DETACH") == 0) {
-		dst->attached = 0;
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached");
-		reply_len = 2;
-	} else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", buf + 6);
-		dst->debug_level = atoi(buf + 6);
-		reply_len = 2;
-	} else {
-		reply = wpa_supplicant_ctrl_iface_process(wpa_s, buf,
-							  &reply_len);
-	}
-
-	if (reply) {
-		send_buf = reply;
-		send_len = reply_len;
-	} else if (reply_len == 2) {
-		send_buf = "OK\n";
-		send_len = 3;
-	} else {
-		send_buf = "FAIL\n";
-		send_len = 5;
-	}
-
-	os_free(dst->rsp_buf);
-	dst->rsp_buf = os_memdup(send_buf, send_len);
-	if (dst->rsp_buf == NULL) {
-		ctrl_close_pipe(dst);
-		os_free(reply);
-		return;
-	}
-	os_free(reply);
-
-	if (!WriteFileEx(dst->pipe, dst->rsp_buf, send_len, &dst->overlap,
-			 ctrl_iface_write_completed)) {
-		wpa_printf(MSG_DEBUG, "CTRL: WriteFileEx failed: %d",
-			   (int) GetLastError());
-		ctrl_close_pipe(dst);
-	} else {
-		wpa_printf(MSG_DEBUG, "CTRL: Overlapped write started for %p",
-			   dst);
-	}
-
-	if (new_attached)
-		eapol_sm_notify_ctrl_attached(wpa_s->eapol);
-}
-
-
-static VOID WINAPI ctrl_iface_read_completed(DWORD err, DWORD bytes,
-					     LPOVERLAPPED overlap)
-{
-	struct wpa_ctrl_dst *dst = (struct wpa_ctrl_dst *) overlap;
-	wpa_printf(MSG_DEBUG, "CTRL: Overlapped read completed: dst=%p err=%d "
-		   "bytes=%d", dst, (int) err, (int) bytes);
-	if (err == 0 && bytes > 0)
-		wpa_supplicant_ctrl_iface_rx(dst, bytes);
-}
-
-
-static void wpa_supplicant_ctrl_iface_receive(void *eloop_data, void *user_ctx)
-{
-	struct wpa_ctrl_dst *dst = eloop_data;
-	struct ctrl_iface_priv *priv = dst->priv;
-	DWORD bytes;
-
-	wpa_printf(MSG_DEBUG, "CTRL: wpa_supplicant_ctrl_iface_receive");
-	ResetEvent(dst->overlap.hEvent);
-
-	if (!GetOverlappedResult(dst->pipe, &dst->overlap, &bytes, FALSE)) {
-		wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult failed: %d",
-			   (int) GetLastError());
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult: New client "
-		   "connected");
-
-	/* Open a new named pipe for the next client. */
-	ctrl_open_pipe(priv);
-
-	/* Use write completion function to start reading a command */
-	ctrl_iface_write_completed(0, 0, &dst->overlap);
-
-	ctrl_flush_broken_pipes(priv);
-}
-
-
-static int ctrl_iface_parse(struct ctrl_iface_priv *priv, const char *params)
-{
-	const char *sddl = NULL;
-	TCHAR *t_sddl;
-
-	if (os_strncmp(params, "SDDL=", 5) == 0)
-		sddl = params + 5;
-	if (!sddl) {
-		sddl = os_strstr(params, " SDDL=");
-		if (sddl)
-			sddl += 6;
-	}
-
-	if (!sddl)
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "CTRL: SDDL='%s'", sddl);
-	os_memset(&priv->attr, 0, sizeof(priv->attr));
-	priv->attr.nLength = sizeof(priv->attr);
-	priv->attr.bInheritHandle = FALSE;
-	t_sddl = wpa_strdup_tchar(sddl);
-	if (t_sddl == NULL)
-		return -1;
-	if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
-		    t_sddl, SDDL_REVISION_1,
-		    (PSECURITY_DESCRIPTOR *) (void *)
-		    &priv->attr.lpSecurityDescriptor,
-		    NULL)) {
-		os_free(t_sddl);
-		wpa_printf(MSG_ERROR, "CTRL: SDDL='%s' - could not convert to "
-			   "security descriptor: %d",
-			   sddl, (int) GetLastError());
-		return -1;
-	}
-	os_free(t_sddl);
-
-	priv->sec_attr_set = 1;
-
-	return 0;
-}
-
-
-static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
-					     enum wpa_msg_type type,
-					     const char *txt, size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
-		return;
-	wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
-}
-
-
-struct ctrl_iface_priv *
-wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
-{
-	struct ctrl_iface_priv *priv;
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	priv->wpa_s = wpa_s;
-
-	if (wpa_s->conf->ctrl_interface == NULL)
-		return priv;
-
-	if (ctrl_iface_parse(priv, wpa_s->conf->ctrl_interface) < 0) {
-		os_free(priv);
-		return NULL;
-	}
-
-	if (ctrl_open_pipe(priv) < 0) {
-		os_free(priv);
-		return NULL;
-	}
-
-	wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
-
-	return priv;
-}
-
-
-void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
-				      struct ctrl_iface_priv *priv)
-{
-	if (!priv)
-		return;
-	while (priv->ctrl_dst)
-		ctrl_close_pipe(priv->ctrl_dst);
-	if (priv->sec_attr_set)
-		LocalFree(priv->attr.lpSecurityDescriptor);
-	os_free(priv);
-}
-
-
-static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
-					   int level, const char *buf,
-					   size_t len)
-{
-	struct wpa_ctrl_dst *dst, *next;
-	char levelstr[10];
-	int idx;
-	char *sbuf;
-	int llen;
-	DWORD written;
-
-	dst = priv->ctrl_dst;
-	if (dst == NULL)
-		return;
-
-	os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
-
-	llen = os_strlen(levelstr);
-	sbuf = os_malloc(llen + len);
-	if (sbuf == NULL)
-		return;
-
-	os_memcpy(sbuf, levelstr, llen);
-	os_memcpy(sbuf + llen, buf, len);
-
-	idx = 0;
-	while (dst) {
-		next = dst->next;
-		if (dst->attached && level >= dst->debug_level) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %p",
-				   dst);
-			if (!WriteFile(dst->pipe, sbuf, llen + len, &written,
-				       NULL)) {
-				wpa_printf(MSG_DEBUG, "CTRL: WriteFile to dst "
-					   "%p failed: %d",
-					   dst, (int) GetLastError());
-				dst->errors++;
-				if (dst->errors > 10)
-					ctrl_close_pipe(dst);
-			} else
-				dst->errors = 0;
-		}
-		idx++;
-		dst = next;
-	}
-	os_free(sbuf);
-}
-
-
-void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
-{
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
-		   priv->wpa_s->ifname);
-	if (priv->ctrl_dst == NULL)
-		return;
-	WaitForSingleObject(priv->ctrl_dst->pipe, INFINITE);
-}
-
-
-/* Global ctrl_iface */
-
-struct ctrl_iface_global_priv;
-
-struct wpa_global_dst {
-	/* Note: OVERLAPPED must be the first member of struct wpa_global_dst
-	 */
-	OVERLAPPED overlap;
-	struct wpa_global_dst *next, *prev;
-	struct ctrl_iface_global_priv *priv;
-	HANDLE pipe;
-	char req_buf[REQUEST_BUFSIZE];
-	char *rsp_buf;
-	int used;
-};
-
-struct ctrl_iface_global_priv {
-	struct wpa_global *global;
-	struct wpa_global_dst *ctrl_dst;
-};
-
-
-static void global_flush_broken_pipes(struct ctrl_iface_global_priv *priv)
-{
-	struct wpa_global_dst *dst, *next;
-
-	dst = priv->ctrl_dst;
-
-	while (dst) {
-		next = dst->next;
-		if (ctrl_broken_pipe(dst->pipe, dst->used)) {
-			wpa_printf(MSG_DEBUG, "CTRL: closing broken pipe %p",
-				   dst);
-			global_close_pipe(dst);
-		}
-		dst = next;
-	}
-}
-
-
-static int global_open_pipe(struct ctrl_iface_global_priv *priv)
-{
-	struct wpa_global_dst *dst;
-	DWORD err;
-
-	dst = os_zalloc(sizeof(*dst));
-	if (dst == NULL)
-		return -1;
-	wpa_printf(MSG_DEBUG, "CTRL: Open pipe %p", dst);
-
-	dst->priv = priv;
-	dst->pipe = INVALID_HANDLE_VALUE;
-
-	dst->overlap.hEvent = CreateEvent(NULL, TRUE, TRUE, NULL);
-	if (dst->overlap.hEvent == NULL) {
-		wpa_printf(MSG_ERROR, "CTRL: CreateEvent failed: %d",
-			   (int) GetLastError());
-		goto fail;
-	}
-
-	eloop_register_event(dst->overlap.hEvent,
-			     sizeof(dst->overlap.hEvent),
-			     wpa_supplicant_global_iface_receive, dst, NULL);
-
-	/* TODO: add support for configuring access list for the pipe */
-	dst->pipe = CreateNamedPipe(NAMED_PIPE_PREFIX,
-				    PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
-				    PIPE_TYPE_MESSAGE |
-				    PIPE_READMODE_MESSAGE |
-				    PIPE_WAIT,
-				    10, REPLY_BUFSIZE, REQUEST_BUFSIZE,
-				    1000, NULL);
-	if (dst->pipe == INVALID_HANDLE_VALUE) {
-		wpa_printf(MSG_ERROR, "CTRL: CreateNamedPipe failed: %d",
-			   (int) GetLastError());
-		goto fail;
-	}
-
-	if (ConnectNamedPipe(dst->pipe, &dst->overlap)) {
-		wpa_printf(MSG_ERROR, "CTRL: ConnectNamedPipe failed: %d",
-			   (int) GetLastError());
-		CloseHandle(dst->pipe);
-		os_free(dst);
-		return -1;
-	}
-
-	err = GetLastError();
-	switch (err) {
-	case ERROR_IO_PENDING:
-		wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: connection in "
-			   "progress");
-		break;
-	case ERROR_PIPE_CONNECTED:
-		wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe: already "
-			   "connected");
-		if (SetEvent(dst->overlap.hEvent))
-			break;
-		/* fall through */
-	default:
-		wpa_printf(MSG_DEBUG, "CTRL: ConnectNamedPipe error: %d",
-			   (int) err);
-		CloseHandle(dst->pipe);
-		os_free(dst);
-		return -1;
-	}
-
-	dst->next = priv->ctrl_dst;
-	if (dst->next)
-		dst->next->prev = dst;
-	priv->ctrl_dst = dst;
-
-	return 0;
-
-fail:
-	global_close_pipe(dst);
-	return -1;
-}
-
-
-static void global_close_pipe(struct wpa_global_dst *dst)
-{
-	wpa_printf(MSG_DEBUG, "CTRL: close pipe %p", dst);
-
-	if (dst->overlap.hEvent) {
-		eloop_unregister_event(dst->overlap.hEvent,
-				       sizeof(dst->overlap.hEvent));
-		CloseHandle(dst->overlap.hEvent);
-	}
-
-	if (dst->pipe != INVALID_HANDLE_VALUE) {
-		/*
-		 * Could use FlushFileBuffers() here to guarantee that all data
-		 * gets delivered to the client, but that can block, so let's
-		 * not do this for now.
-		 * FlushFileBuffers(dst->pipe);
-		 */
-		CloseHandle(dst->pipe);
-	}
-
-	if (dst->prev)
-		dst->prev->next = dst->next;
-	else
-		dst->priv->ctrl_dst = dst->next;
-	if (dst->next)
-		dst->next->prev = dst->prev;
-
-	os_free(dst->rsp_buf);
-	os_free(dst);
-}
-
-
-static VOID WINAPI global_iface_write_completed(DWORD err, DWORD bytes,
-						LPOVERLAPPED overlap)
-{
-	struct wpa_global_dst *dst = (struct wpa_global_dst *) overlap;
-	wpa_printf(MSG_DEBUG, "CTRL: Overlapped write completed: dst=%p "
-		   "err=%d bytes=%d", dst, (int) err, (int) bytes);
-	if (err) {
-		global_close_pipe(dst);
-		return;
-	}
-
-	os_free(dst->rsp_buf);
-	dst->rsp_buf = NULL;
-
-	if (!ReadFileEx(dst->pipe, dst->req_buf, sizeof(dst->req_buf),
-			&dst->overlap, global_iface_read_completed)) {
-		wpa_printf(MSG_DEBUG, "CTRL: ReadFileEx failed: %d",
-			   (int) GetLastError());
-		global_close_pipe(dst);
-		/* FIX: if this was the pipe waiting for new global
-		 * connections, at this point there are no open global pipes..
-		 * Should try to open a new pipe.. */
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "CTRL: Overlapped read started for %p", dst);
-}
-
-
-static void wpa_supplicant_global_iface_rx(struct wpa_global_dst *dst,
-					   size_t len)
-{
-	struct wpa_global *global = dst->priv->global;
-	char *reply = NULL, *send_buf;
-	size_t reply_len = 0, send_len;
-	char *buf = dst->req_buf;
-
-	dst->used = 1;
-	if (len >= REQUEST_BUFSIZE)
-		len = REQUEST_BUFSIZE - 1;
-	buf[len] = '\0';
-
-	reply = wpa_supplicant_global_ctrl_iface_process(global, buf,
-							 &reply_len);
-	if (reply) {
-		send_buf = reply;
-		send_len = reply_len;
-	} else if (reply_len) {
-		send_buf = "FAIL\n";
-		send_len = 5;
-	} else {
-		os_free(dst->rsp_buf);
-		dst->rsp_buf = NULL;
-		return;
-	}
-
-	os_free(dst->rsp_buf);
-	dst->rsp_buf = os_memdup(send_buf, send_len);
-	if (dst->rsp_buf == NULL) {
-		global_close_pipe(dst);
-		os_free(reply);
-		return;
-	}
-	os_free(reply);
-
-	if (!WriteFileEx(dst->pipe, dst->rsp_buf, send_len, &dst->overlap,
-			 global_iface_write_completed)) {
-		wpa_printf(MSG_DEBUG, "CTRL: WriteFileEx failed: %d",
-			   (int) GetLastError());
-		global_close_pipe(dst);
-	} else {
-		wpa_printf(MSG_DEBUG, "CTRL: Overlapped write started for %p",
-			   dst);
-	}
-}
-
-
-static VOID WINAPI global_iface_read_completed(DWORD err, DWORD bytes,
-					       LPOVERLAPPED overlap)
-{
-	struct wpa_global_dst *dst = (struct wpa_global_dst *) overlap;
-	wpa_printf(MSG_DEBUG, "CTRL: Overlapped read completed: dst=%p err=%d "
-		   "bytes=%d", dst, (int) err, (int) bytes);
-	if (err == 0 && bytes > 0)
-		wpa_supplicant_global_iface_rx(dst, bytes);
-}
-
-
-static void wpa_supplicant_global_iface_receive(void *eloop_data,
-						void *user_ctx)
-{
-	struct wpa_global_dst *dst = eloop_data;
-	struct ctrl_iface_global_priv *priv = dst->priv;
-	DWORD bytes;
-
-	wpa_printf(MSG_DEBUG, "CTRL: wpa_supplicant_global_iface_receive");
-	ResetEvent(dst->overlap.hEvent);
-
-	if (!GetOverlappedResult(dst->pipe, &dst->overlap, &bytes, FALSE)) {
-		wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult failed: %d",
-			   (int) GetLastError());
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "CTRL: GetOverlappedResult: New client "
-		   "connected");
-
-	/* Open a new named pipe for the next client. */
-	if (global_open_pipe(priv) < 0) {
-		wpa_printf(MSG_DEBUG, "CTRL: global_open_pipe failed");
-		return;
-	}
-
-	/* Use write completion function to start reading a command */
-	global_iface_write_completed(0, 0, &dst->overlap);
-
-	global_flush_broken_pipes(priv);
-}
-
-
-struct ctrl_iface_global_priv *
-wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
-{
-	struct ctrl_iface_global_priv *priv;
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	priv->global = global;
-
-	if (global_open_pipe(priv) < 0) {
-		os_free(priv);
-		return NULL;
-	}
-
-	return priv;
-}
-
-
-void
-wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
-{
-	while (priv->ctrl_dst)
-		global_close_pipe(priv->ctrl_dst);
-	os_free(priv);
-}
diff --git a/wpa_supplicant/ctrl_iface_udp.c b/wpa_supplicant/ctrl_iface_udp.c
deleted file mode 100644
index 1cbf7fa28d3f..000000000000
--- a/wpa_supplicant/ctrl_iface_udp.c
+++ /dev/null
@@ -1,831 +0,0 @@
-/*
- * WPA Supplicant / UDP socket -based control interface
- * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "config.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "wpa_supplicant_i.h"
-#include "ctrl_iface.h"
-#include "common/wpa_ctrl.h"
-
-
-#define COOKIE_LEN 8
-
-/* Per-interface ctrl_iface */
-
-/**
- * struct wpa_ctrl_dst - Internal data structure of control interface monitors
- *
- * This structure is used to store information about registered control
- * interface monitors into struct wpa_supplicant. This data is private to
- * ctrl_iface_udp.c and should not be touched directly from other files.
- */
-struct wpa_ctrl_dst {
-	struct wpa_ctrl_dst *next;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	struct sockaddr_in6 addr;
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	struct sockaddr_in addr;
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	socklen_t addrlen;
-	int debug_level;
-	int errors;
-};
-
-
-struct ctrl_iface_priv {
-	struct wpa_supplicant *wpa_s;
-	int sock;
-	struct wpa_ctrl_dst *ctrl_dst;
-	u8 cookie[COOKIE_LEN];
-};
-
-struct ctrl_iface_global_priv {
-	int sock;
-	struct wpa_ctrl_dst *ctrl_dst;
-	u8 cookie[COOKIE_LEN];
-};
-
-
-static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
-					   const char *ifname, int sock,
-					   struct wpa_ctrl_dst **head,
-					   int level, const char *buf,
-					   size_t len);
-
-
-static void wpas_ctrl_iface_free_dst(struct wpa_ctrl_dst *dst)
-{
-	struct wpa_ctrl_dst *prev;
-
-	while (dst) {
-		prev = dst;
-		dst = dst->next;
-		os_free(prev);
-	}
-}
-
-
-static int wpa_supplicant_ctrl_iface_attach(struct wpa_ctrl_dst **head,
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-					    struct sockaddr_in6 *from,
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-					    struct sockaddr_in *from,
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-					    socklen_t fromlen)
-{
-	struct wpa_ctrl_dst *dst;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	char addr[INET6_ADDRSTRLEN];
-#endif /* CONFIG_UDP_IPV6 */
-
-	dst = os_zalloc(sizeof(*dst));
-	if (dst == NULL)
-		return -1;
-	os_memcpy(&dst->addr, from, sizeof(*from));
-	dst->addrlen = fromlen;
-	dst->debug_level = MSG_INFO;
-	dst->next = *head;
-	*head = dst;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
-		   inet_ntop(AF_INET6, &from->sin6_addr, addr, sizeof(*from)),
-		   ntohs(from->sin6_port));
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
-		   inet_ntoa(from->sin_addr), ntohs(from->sin_port));
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	return 0;
-}
-
-
-static int wpa_supplicant_ctrl_iface_detach(struct wpa_ctrl_dst **head,
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-					    struct sockaddr_in6 *from,
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-					    struct sockaddr_in *from,
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-					    socklen_t fromlen)
-{
-	struct wpa_ctrl_dst *dst, *prev = NULL;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	char addr[INET6_ADDRSTRLEN];
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-
-	dst = *head;
-	while (dst) {
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-		if (from->sin6_port == dst->addr.sin6_port &&
-		    !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
-			       sizeof(from->sin6_addr))) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s:%d",
-				   inet_ntop(AF_INET6, &from->sin6_addr, addr,
-					     sizeof(*from)),
-				   ntohs(from->sin6_port));
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-		if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
-		    from->sin_port == dst->addr.sin_port) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
-				   "%s:%d", inet_ntoa(from->sin_addr),
-				   ntohs(from->sin_port));
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-			if (prev == NULL)
-				*head = dst->next;
-			else
-				prev->next = dst->next;
-			os_free(dst);
-			return 0;
-		}
-		prev = dst;
-		dst = dst->next;
-	}
-	return -1;
-}
-
-
-static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-					   struct sockaddr_in6 *from,
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-					   struct sockaddr_in *from,
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-					   socklen_t fromlen,
-					   char *level)
-{
-	struct wpa_ctrl_dst *dst;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	char addr[INET6_ADDRSTRLEN];
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
-
-	dst = priv->ctrl_dst;
-	while (dst) {
-#if CONFIG_CTRL_IFACE_UDP_IPV6
-		if (from->sin6_port == dst->addr.sin6_port &&
-		    !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
-			       sizeof(from->sin6_addr))) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level %s:%d",
-				   inet_ntop(AF_INET6, &from->sin6_addr, addr,
-					     sizeof(*from)),
-				   ntohs(from->sin6_port));
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-		if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
-		    from->sin_port == dst->addr.sin_port) {
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
-				   "level %s:%d", inet_ntoa(from->sin_addr),
-				   ntohs(from->sin_port));
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-			dst->debug_level = atoi(level);
-			return 0;
-		}
-		dst = dst->next;
-	}
-
-	return -1;
-}
-
-
-static char *
-wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
-				     size_t *reply_len)
-{
-	char *reply;
-	reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
-	if (reply == NULL) {
-		*reply_len = 1;
-		return NULL;
-	}
-
-	os_memcpy(reply, "COOKIE=", 7);
-	wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
-			 priv->cookie, COOKIE_LEN);
-
-	*reply_len = 7 + 2 * COOKIE_LEN;
-	return reply;
-}
-
-
-static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
-					      void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct ctrl_iface_priv *priv = sock_ctx;
-	char *buf, *pos;
-	int res;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	struct sockaddr_in6 from;
-#ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
-	char addr[INET6_ADDRSTRLEN];
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	struct sockaddr_in from;
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	socklen_t fromlen = sizeof(from);
-	char *reply = NULL;
-	size_t reply_len = 0;
-	int new_attached = 0;
-	u8 cookie[COOKIE_LEN];
-
-	buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
-	if (!buf)
-		return;
-	res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
-		       (struct sockaddr *) &from, &fromlen);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
-			   strerror(errno));
-		os_free(buf);
-		return;
-	}
-
-#ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
-	if (os_strcmp(addr, "::1")) {
-		wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
-			   addr);
-		os_free(buf);
-		return;
-	}
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
-		/*
-		 * The OS networking stack is expected to drop this kind of
-		 * frames since the socket is bound to only localhost address.
-		 * Just in case, drop the frame if it is coming from any other
-		 * address.
-		 */
-		wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
-			   "source %s", inet_ntoa(from.sin_addr));
-		os_free(buf);
-		return;
-	}
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-
-	if ((size_t) res > CTRL_IFACE_MAX_LEN) {
-		wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
-		os_free(buf);
-		return;
-	}
-	buf[res] = '\0';
-
-	if (os_strcmp(buf, "GET_COOKIE") == 0) {
-		reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
-		goto done;
-	}
-
-	/*
-	 * Require that the client includes a prefix with the 'cookie' value
-	 * fetched with GET_COOKIE command. This is used to verify that the
-	 * client has access to a bidirectional link over UDP in order to
-	 * avoid attacks using forged localhost IP address even if the OS does
-	 * not block such frames from remote destinations.
-	 */
-	if (os_strncmp(buf, "COOKIE=", 7) != 0) {
-		wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
-			   "drop request");
-		os_free(buf);
-		return;
-	}
-
-	if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
-		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
-			   "request - drop request");
-		os_free(buf);
-		return;
-	}
-
-	if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
-		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
-			   "drop request");
-		os_free(buf);
-		return;
-	}
-
-	pos = buf + 7 + 2 * COOKIE_LEN;
-	while (*pos == ' ')
-		pos++;
-
-	if (os_strcmp(pos, "ATTACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
-						     &from, fromlen))
-			reply_len = 1;
-		else {
-			new_attached = 1;
-			reply_len = 2;
-		}
-	} else if (os_strcmp(pos, "DETACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
-						     &from, fromlen))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
-		if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
-						    pos + 6))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else {
-		reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
-							  &reply_len);
-	}
-
- done:
-	if (reply) {
-		sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
-		       fromlen);
-		os_free(reply);
-	} else if (reply_len == 1) {
-		sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
-		       fromlen);
-	} else if (reply_len == 2) {
-		sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
-		       fromlen);
-	}
-
-	os_free(buf);
-
-	if (new_attached)
-		eapol_sm_notify_ctrl_attached(wpa_s->eapol);
-}
-
-
-static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
-					     enum wpa_msg_type type,
-					     const char *txt, size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (!wpa_s)
-		return;
-
-	if (type != WPA_MSG_NO_GLOBAL && wpa_s->global->ctrl_iface) {
-		struct ctrl_iface_global_priv *priv = wpa_s->global->ctrl_iface;
-
-		if (priv->ctrl_dst) {
-			wpa_supplicant_ctrl_iface_send(
-				wpa_s,
-				type != WPA_MSG_PER_INTERFACE ?
-				NULL : wpa_s->ifname,
-				priv->sock, &priv->ctrl_dst, level, txt, len);
-		}
-	}
-
-	if (type == WPA_MSG_ONLY_GLOBAL || !wpa_s->ctrl_iface)
-		return;
-
-	wpa_supplicant_ctrl_iface_send(wpa_s, NULL, wpa_s->ctrl_iface->sock,
-				       &wpa_s->ctrl_iface->ctrl_dst,
-				       level, txt, len);
-}
-
-
-struct ctrl_iface_priv *
-wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
-{
-	struct ctrl_iface_priv *priv;
-	char port_str[40];
-	int port = WPA_CTRL_IFACE_PORT;
-	char *pos;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	struct sockaddr_in6 addr;
-	int domain = PF_INET6;
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	struct sockaddr_in addr;
-	int domain = PF_INET;
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	priv->wpa_s = wpa_s;
-	priv->sock = -1;
-	os_get_random(priv->cookie, COOKIE_LEN);
-
-	if (wpa_s->conf->ctrl_interface == NULL)
-		return priv;
-
-	pos = os_strstr(wpa_s->conf->ctrl_interface, "udp:");
-	if (pos) {
-		pos += 4;
-		port = atoi(pos);
-		if (port <= 0) {
-			wpa_printf(MSG_ERROR, "Invalid ctrl_iface UDP port: %s",
-				   wpa_s->conf->ctrl_interface);
-			goto fail;
-		}
-	}
-
-	priv->sock = socket(domain, SOCK_DGRAM, 0);
-	if (priv->sock < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
-		goto fail;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	addr.sin6_family = AF_INET6;
-#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
-	addr.sin6_addr = in6addr_any;
-#else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-	inet_pton(AF_INET6, "::1", &addr.sin6_addr);
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	addr.sin_family = AF_INET;
-#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
-	addr.sin_addr.s_addr = INADDR_ANY;
-#else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-	addr.sin_addr.s_addr = htonl((127 << 24) | 1);
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-try_again:
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	addr.sin6_port = htons(port);
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	addr.sin_port = htons(port);
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		port--;
-		if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT)
-			goto try_again;
-		wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
-		goto fail;
-	}
-
-	/* Update the ctrl_interface value to match the selected port */
-	os_snprintf(port_str, sizeof(port_str), "udp:%d", port);
-	os_free(wpa_s->conf->ctrl_interface);
-	wpa_s->conf->ctrl_interface = os_strdup(port_str);
-	if (!wpa_s->conf->ctrl_interface) {
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to malloc ctrl_interface");
-		goto fail;
-	}
-
-#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
-	wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-
-	eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
-				 wpa_s, priv);
-	wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
-
-	return priv;
-
-fail:
-	if (priv->sock >= 0)
-		close(priv->sock);
-	os_free(priv);
-	return NULL;
-}
-
-
-void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
-				      struct ctrl_iface_priv *priv)
-{
-	if (!priv)
-		return;
-
-	if (priv->sock > -1) {
-		eloop_unregister_read_sock(priv->sock);
-		if (priv->ctrl_dst) {
-			/*
-			 * Wait before closing the control socket if
-			 * there are any attached monitors in order to allow
-			 * them to receive any pending messages.
-			 */
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
-				   "monitors to receive messages");
-			os_sleep(0, 100000);
-		}
-		close(priv->sock);
-		priv->sock = -1;
-	}
-
-	wpas_ctrl_iface_free_dst(priv->ctrl_dst);
-	os_free(priv);
-}
-
-
-static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
-					   const char *ifname, int sock,
-					   struct wpa_ctrl_dst **head,
-					   int level, const char *buf,
-					   size_t len)
-{
-	struct wpa_ctrl_dst *dst, *next;
-	char levelstr[64];
-	int idx;
-	char *sbuf;
-	int llen;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	char addr[INET6_ADDRSTRLEN];
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-
-	dst = *head;
-	if (sock < 0 || dst == NULL)
-		return;
-
-	if (ifname)
-		os_snprintf(levelstr, sizeof(levelstr), "IFNAME=%s <%d>",
-			    ifname, level);
-	else
-		os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
-
-	llen = os_strlen(levelstr);
-	sbuf = os_malloc(llen + len);
-	if (sbuf == NULL)
-		return;
-
-	os_memcpy(sbuf, levelstr, llen);
-	os_memcpy(sbuf + llen, buf, len);
-
-	idx = 0;
-	while (dst) {
-		next = dst->next;
-		if (level >= dst->debug_level) {
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
-				   inet_ntop(AF_INET6, &dst->addr.sin6_addr,
-					     addr, sizeof(dst->addr)),
-				   ntohs(dst->addr.sin6_port));
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
-				   inet_ntoa(dst->addr.sin_addr),
-				   ntohs(dst->addr.sin_port));
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-			if (sendto(sock, sbuf, llen + len, 0,
-				   (struct sockaddr *) &dst->addr,
-				   sizeof(dst->addr)) < 0) {
-				wpa_printf(MSG_ERROR,
-					   "sendto(CTRL_IFACE monitor): %s",
-					   strerror(errno));
-				dst->errors++;
-				if (dst->errors > 10) {
-					wpa_supplicant_ctrl_iface_detach(
-						head, &dst->addr,
-						dst->addrlen);
-				}
-			} else
-				dst->errors = 0;
-		}
-		idx++;
-		dst = next;
-	}
-	os_free(sbuf);
-}
-
-
-void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
-{
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
-		   priv->wpa_s->ifname);
-	eloop_wait_for_read_sock(priv->sock);
-}
-
-
-/* Global ctrl_iface */
-
-static char *
-wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
-				 size_t *reply_len)
-{
-	char *reply;
-	reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
-	if (reply == NULL) {
-		*reply_len = 1;
-		return NULL;
-	}
-
-	os_memcpy(reply, "COOKIE=", 7);
-	wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
-			 priv->cookie, COOKIE_LEN);
-
-	*reply_len = 7 + 2 * COOKIE_LEN;
-	return reply;
-}
-
-
-static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
-						     void *sock_ctx)
-{
-	struct wpa_global *global = eloop_ctx;
-	struct ctrl_iface_global_priv *priv = sock_ctx;
-	char *buf, *pos;
-	int res;
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	struct sockaddr_in6 from;
-#ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
-	char addr[INET6_ADDRSTRLEN];
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	struct sockaddr_in from;
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	socklen_t fromlen = sizeof(from);
-	char *reply = NULL;
-	size_t reply_len;
-	u8 cookie[COOKIE_LEN];
-
-	buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
-	if (!buf)
-		return;
-	res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
-		       (struct sockaddr *) &from, &fromlen);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
-			   strerror(errno));
-		os_free(buf);
-		return;
-	}
-
-#ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
-#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
-	inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
-	if (os_strcmp(addr, "::1")) {
-		wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
-			   addr);
-		os_free(buf);
-		return;
-	}
-#else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-	if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
-		/*
-		 * The OS networking stack is expected to drop this kind of
-		 * frames since the socket is bound to only localhost address.
-		 * Just in case, drop the frame if it is coming from any other
-		 * address.
-		 */
-		wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
-			   "source %s", inet_ntoa(from.sin_addr));
-		os_free(buf);
-		return;
-	}
-#endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-
-	if ((size_t) res > CTRL_IFACE_MAX_LEN) {
-		wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
-		os_free(buf);
-		return;
-	}
-	buf[res] = '\0';
-
-	if (os_strcmp(buf, "GET_COOKIE") == 0) {
-		reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
-		goto done;
-	}
-
-	if (os_strncmp(buf, "COOKIE=", 7) != 0) {
-		wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
-			   "drop request");
-		os_free(buf);
-		return;
-	}
-
-	if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
-		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
-			   "request - drop request");
-		os_free(buf);
-		return;
-	}
-
-	if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
-		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
-			   "drop request");
-		os_free(buf);
-		return;
-	}
-
-	pos = buf + 7 + 2 * COOKIE_LEN;
-	while (*pos == ' ')
-		pos++;
-
-	if (os_strcmp(pos, "ATTACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
-						     &from, fromlen))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else if (os_strcmp(pos, "DETACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
-						     &from, fromlen))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else {
-		reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
-								 &reply_len);
-	}
-
- done:
-	if (reply) {
-		sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
-		       fromlen);
-		os_free(reply);
-	} else if (reply_len == 1) {
-		sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
-		       fromlen);
-	} else if (reply_len == 2) {
-		sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
-		       fromlen);
-	}
-
-	os_free(buf);
-}
-
-
-struct ctrl_iface_global_priv *
-wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
-{
-	struct ctrl_iface_global_priv *priv;
-	struct sockaddr_in addr;
-	char *pos;
-	int port = WPA_GLOBAL_CTRL_IFACE_PORT;
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	priv->sock = -1;
-	os_get_random(priv->cookie, COOKIE_LEN);
-
-	if (global->params.ctrl_interface == NULL)
-		return priv;
-
-	wpa_printf(MSG_DEBUG, "Global control interface '%s'",
-		   global->params.ctrl_interface);
-
-	pos = os_strstr(global->params.ctrl_interface, "udp:");
-	if (pos) {
-		pos += 4;
-		port = atoi(pos);
-		if (port <= 0) {
-			wpa_printf(MSG_ERROR, "Invalid global ctrl UDP port %s",
-				   global->params.ctrl_interface);
-			goto fail;
-		}
-	}
-
-	priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
-	if (priv->sock < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
-		goto fail;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-	addr.sin_family = AF_INET;
-#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
-	addr.sin_addr.s_addr = INADDR_ANY;
-#else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-	addr.sin_addr.s_addr = htonl((127 << 24) | 1);
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-try_again:
-	addr.sin_port = htons(port);
-	if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		port++;
-		if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
-		    WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT && !pos)
-			goto try_again;
-		wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
-		goto fail;
-	}
-
-#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
-	wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-
-	eloop_register_read_sock(priv->sock,
-				 wpa_supplicant_global_ctrl_iface_receive,
-				 global, priv);
-	wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
-
-	return priv;
-
-fail:
-	if (priv->sock >= 0)
-		close(priv->sock);
-	os_free(priv);
-	return NULL;
-}
-
-
-void
-wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
-{
-	if (priv->sock >= 0) {
-		eloop_unregister_read_sock(priv->sock);
-		close(priv->sock);
-	}
-
-	wpas_ctrl_iface_free_dst(priv->ctrl_dst);
-	os_free(priv);
-}
diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
deleted file mode 100644
index 639573dae75e..000000000000
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ /dev/null
@@ -1,1431 +0,0 @@
-/*
- * WPA Supplicant / UNIX domain socket -based control interface
- * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <sys/un.h>
-#include <sys/stat.h>
-#include <grp.h>
-#include <stddef.h>
-#include <unistd.h>
-#include <fcntl.h>
-#ifdef __linux__
-#include <sys/ioctl.h>
-#endif /* __linux__ */
-#ifdef ANDROID
-#include <cutils/sockets.h>
-#endif /* ANDROID */
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/list.h"
-#include "common/ctrl_iface_common.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "ctrl_iface.h"
-
-/* Per-interface ctrl_iface */
-
-struct ctrl_iface_priv {
-	struct wpa_supplicant *wpa_s;
-	int sock;
-	struct dl_list ctrl_dst;
-	int android_control_socket;
-	struct dl_list msg_queue;
-	unsigned int throttle_count;
-};
-
-
-struct ctrl_iface_global_priv {
-	struct wpa_global *global;
-	int sock;
-	struct dl_list ctrl_dst;
-	int android_control_socket;
-	struct dl_list msg_queue;
-	unsigned int throttle_count;
-};
-
-struct ctrl_iface_msg {
-	struct dl_list list;
-	struct wpa_supplicant *wpa_s;
-	int level;
-	enum wpa_msg_type type;
-	const char *txt;
-	size_t len;
-};
-
-
-static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
-					   const char *ifname, int sock,
-					   struct dl_list *ctrl_dst,
-					   int level, const char *buf,
-					   size_t len,
-					   struct ctrl_iface_priv *priv,
-					   struct ctrl_iface_global_priv *gp);
-static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
-				  struct ctrl_iface_priv *priv);
-static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
-					 struct ctrl_iface_global_priv *priv);
-
-
-static void wpas_ctrl_sock_debug(const char *title, int sock, const char *buf,
-				 size_t len)
-{
-#ifdef __linux__
-	socklen_t optlen;
-	int sndbuf, outq;
-	int level = MSG_MSGDUMP;
-
-	if (len >= 5 && os_strncmp(buf, "PONG\n", 5) == 0)
-		level = MSG_EXCESSIVE;
-
-	optlen = sizeof(sndbuf);
-	sndbuf = 0;
-	if (getsockopt(sock, SOL_SOCKET, SO_SNDBUF, &sndbuf, &optlen) < 0)
-		sndbuf = -1;
-
-	if (ioctl(sock, TIOCOUTQ, &outq) < 0)
-		outq = -1;
-
-	wpa_printf(level,
-		   "CTRL-DEBUG: %s: sock=%d sndbuf=%d outq=%d send_len=%d",
-		   title, sock, sndbuf, outq, (int) len);
-#endif /* __linux__ */
-}
-
-
-static int wpa_supplicant_ctrl_iface_attach(struct dl_list *ctrl_dst,
-					    struct sockaddr_storage *from,
-					    socklen_t fromlen, int global)
-{
-	return ctrl_iface_attach(ctrl_dst, from, fromlen, NULL);
-}
-
-
-static int wpa_supplicant_ctrl_iface_detach(struct dl_list *ctrl_dst,
-					    struct sockaddr_storage *from,
-					    socklen_t fromlen)
-{
-	return ctrl_iface_detach(ctrl_dst, from, fromlen);
-}
-
-
-static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
-					   struct sockaddr_storage *from,
-					   socklen_t fromlen,
-					   char *level)
-{
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
-
-	return ctrl_iface_level(&priv->ctrl_dst, from, fromlen, level);
-}
-
-
-static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
-					      void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct ctrl_iface_priv *priv = sock_ctx;
-	char *buf;
-	int res;
-	struct sockaddr_storage from;
-	socklen_t fromlen = sizeof(from);
-	char *reply = NULL, *reply_buf = NULL;
-	size_t reply_len = 0;
-	int new_attached = 0;
-
-	buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
-	if (!buf)
-		return;
-	res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
-		       (struct sockaddr *) &from, &fromlen);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
-			   strerror(errno));
-		os_free(buf);
-		return;
-	}
-	if ((size_t) res > CTRL_IFACE_MAX_LEN) {
-		wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
-		os_free(buf);
-		return;
-	}
-	buf[res] = '\0';
-
-	if (os_strcmp(buf, "ATTACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
-						     fromlen, 0))
-			reply_len = 1;
-		else {
-			new_attached = 1;
-			reply_len = 2;
-		}
-	} else if (os_strcmp(buf, "DETACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from,
-						     fromlen))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
-		if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
-						    buf + 6))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else {
-		reply_buf = wpa_supplicant_ctrl_iface_process(wpa_s, buf,
-							      &reply_len);
-		reply = reply_buf;
-
-		/*
-		 * There could be some password/key material in the command, so
-		 * clear the buffer explicitly now that it is not needed
-		 * anymore.
-		 */
-		os_memset(buf, 0, res);
-	}
-
-	if (!reply && reply_len == 1) {
-		reply = "FAIL\n";
-		reply_len = 5;
-	} else if (!reply && reply_len == 2) {
-		reply = "OK\n";
-		reply_len = 3;
-	}
-
-	if (reply) {
-		wpas_ctrl_sock_debug("ctrl_sock-sendto", sock, reply,
-				     reply_len);
-		if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
-			   fromlen) < 0) {
-			int _errno = errno;
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"ctrl_iface sendto failed: %d - %s",
-				_errno, strerror(_errno));
-			if (_errno == ENOBUFS || _errno == EAGAIN) {
-				/*
-				 * The socket send buffer could be full. This
-				 * may happen if client programs are not
-				 * receiving their pending messages. Close and
-				 * reopen the socket as a workaround to avoid
-				 * getting stuck being unable to send any new
-				 * responses.
-				 */
-				sock = wpas_ctrl_iface_reinit(wpa_s, priv);
-				if (sock < 0) {
-					wpa_dbg(wpa_s, MSG_DEBUG, "Failed to reinitialize ctrl_iface socket");
-				}
-			}
-			if (new_attached) {
-				wpa_dbg(wpa_s, MSG_DEBUG, "Failed to send response to ATTACH - detaching");
-				new_attached = 0;
-				wpa_supplicant_ctrl_iface_detach(
-					&priv->ctrl_dst, &from, fromlen);
-			}
-		}
-	}
-	os_free(reply_buf);
-	os_free(buf);
-
-	if (new_attached)
-		eapol_sm_notify_ctrl_attached(wpa_s->eapol);
-}
-
-
-static char * wpa_supplicant_ctrl_iface_path(struct wpa_supplicant *wpa_s)
-{
-	char *buf;
-	size_t len;
-	char *pbuf, *dir = NULL;
-	int res;
-
-	if (wpa_s->conf->ctrl_interface == NULL)
-		return NULL;
-
-	pbuf = os_strdup(wpa_s->conf->ctrl_interface);
-	if (pbuf == NULL)
-		return NULL;
-	if (os_strncmp(pbuf, "DIR=", 4) == 0) {
-		char *gid_str;
-		dir = pbuf + 4;
-		gid_str = os_strstr(dir, " GROUP=");
-		if (gid_str)
-			*gid_str = '\0';
-	} else
-		dir = pbuf;
-
-	len = os_strlen(dir) + os_strlen(wpa_s->ifname) + 2;
-	buf = os_malloc(len);
-	if (buf == NULL) {
-		os_free(pbuf);
-		return NULL;
-	}
-
-	res = os_snprintf(buf, len, "%s/%s", dir, wpa_s->ifname);
-	if (os_snprintf_error(len, res)) {
-		os_free(pbuf);
-		os_free(buf);
-		return NULL;
-	}
-#ifdef __CYGWIN__
-	{
-		/* Windows/WinPcap uses interface names that are not suitable
-		 * as a file name - convert invalid chars to underscores */
-		char *pos = buf;
-		while (*pos) {
-			if (*pos == '\\')
-				*pos = '_';
-			pos++;
-		}
-	}
-#endif /* __CYGWIN__ */
-	os_free(pbuf);
-	return buf;
-}
-
-
-static int wpas_ctrl_iface_throttle(int sock)
-{
-#ifdef __linux__
-	socklen_t optlen;
-	int sndbuf, outq;
-
-	optlen = sizeof(sndbuf);
-	sndbuf = 0;
-	if (getsockopt(sock, SOL_SOCKET, SO_SNDBUF, &sndbuf, &optlen) < 0 ||
-	    ioctl(sock, TIOCOUTQ, &outq) < 0 ||
-	    sndbuf <= 0 || outq < 0)
-		return 0;
-	return outq > sndbuf / 2;
-#else /* __linux__ */
-	return 0;
-#endif /* __linux__ */
-}
-
-
-static void wpas_ctrl_msg_send_pending_global(struct wpa_global *global)
-{
-	struct ctrl_iface_global_priv *gpriv;
-	struct ctrl_iface_msg *msg;
-
-	gpriv = global->ctrl_iface;
-	while (gpriv && !dl_list_empty(&gpriv->msg_queue) &&
-	       !wpas_ctrl_iface_throttle(gpriv->sock)) {
-		msg = dl_list_first(&gpriv->msg_queue, struct ctrl_iface_msg,
-				    list);
-		if (!msg)
-			break;
-		dl_list_del(&msg->list);
-		wpa_supplicant_ctrl_iface_send(
-			msg->wpa_s,
-			msg->type != WPA_MSG_PER_INTERFACE ?
-			NULL : msg->wpa_s->ifname,
-			gpriv->sock, &gpriv->ctrl_dst, msg->level,
-			msg->txt, msg->len, NULL, gpriv);
-		os_free(msg);
-	}
-}
-
-
-static void wpas_ctrl_msg_send_pending_iface(struct wpa_supplicant *wpa_s)
-{
-	struct ctrl_iface_priv *priv;
-	struct ctrl_iface_msg *msg;
-
-	priv = wpa_s->ctrl_iface;
-	while (priv && !dl_list_empty(&priv->msg_queue) &&
-	       !wpas_ctrl_iface_throttle(priv->sock)) {
-		msg = dl_list_first(&priv->msg_queue, struct ctrl_iface_msg,
-				    list);
-		if (!msg)
-			break;
-		dl_list_del(&msg->list);
-		wpa_supplicant_ctrl_iface_send(wpa_s, NULL, priv->sock,
-					       &priv->ctrl_dst, msg->level,
-					       msg->txt, msg->len, priv, NULL);
-		os_free(msg);
-	}
-}
-
-
-static void wpas_ctrl_msg_queue_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct ctrl_iface_priv *priv;
-	struct ctrl_iface_global_priv *gpriv;
-	int sock = -1, gsock = -1;
-
-	wpas_ctrl_msg_send_pending_global(wpa_s->global);
-	wpas_ctrl_msg_send_pending_iface(wpa_s);
-
-	priv = wpa_s->ctrl_iface;
-	if (priv && !dl_list_empty(&priv->msg_queue))
-		sock = priv->sock;
-
-	gpriv = wpa_s->global->ctrl_iface;
-	if (gpriv && !dl_list_empty(&gpriv->msg_queue))
-		gsock = gpriv->sock;
-
-	if (sock > -1 || gsock > -1) {
-		/* Continue pending message transmission from a timeout */
-		wpa_printf(MSG_MSGDUMP,
-			   "CTRL: Had to throttle pending event message transmission for (sock %d gsock %d)",
-			   sock, gsock);
-		eloop_register_timeout(0, 20000, wpas_ctrl_msg_queue_timeout,
-				       wpa_s, NULL);
-	}
-}
-
-
-static void wpas_ctrl_msg_queue(struct dl_list *queue,
-				struct wpa_supplicant *wpa_s, int level,
-				enum wpa_msg_type type,
-				const char *txt, size_t len)
-{
-	struct ctrl_iface_msg *msg;
-
-	msg = os_zalloc(sizeof(*msg) + len);
-	if (!msg)
-		return;
-
-	msg->wpa_s = wpa_s;
-	msg->level = level;
-	msg->type = type;
-	os_memcpy(msg + 1, txt, len);
-	msg->txt = (const char *) (msg + 1);
-	msg->len = len;
-	dl_list_add_tail(queue, &msg->list);
-	eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
-	eloop_register_timeout(0, 0, wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
-}
-
-
-static void wpas_ctrl_msg_queue_limit(unsigned int throttle_count,
-				      struct dl_list *queue)
-{
-	struct ctrl_iface_msg *msg;
-
-	if (throttle_count < 2000)
-		return;
-
-	msg = dl_list_first(queue, struct ctrl_iface_msg, list);
-	if (msg) {
-		wpa_printf(MSG_DEBUG, "CTRL: Dropped oldest pending message");
-		dl_list_del(&msg->list);
-		os_free(msg);
-	}
-}
-
-
-static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
-					     enum wpa_msg_type type,
-					     const char *txt, size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct ctrl_iface_priv *priv;
-	struct ctrl_iface_global_priv *gpriv;
-
-	if (wpa_s == NULL)
-		return;
-
-	gpriv = wpa_s->global->ctrl_iface;
-
-	if (type != WPA_MSG_NO_GLOBAL && gpriv &&
-	    !dl_list_empty(&gpriv->ctrl_dst)) {
-		if (!dl_list_empty(&gpriv->msg_queue) ||
-		    wpas_ctrl_iface_throttle(gpriv->sock)) {
-			if (gpriv->throttle_count == 0) {
-				wpa_printf(MSG_MSGDUMP,
-					   "CTRL: Had to throttle global event message for sock %d",
-					   gpriv->sock);
-			}
-			gpriv->throttle_count++;
-			wpas_ctrl_msg_queue_limit(gpriv->throttle_count,
-						  &gpriv->msg_queue);
-			wpas_ctrl_msg_queue(&gpriv->msg_queue, wpa_s, level,
-					    type, txt, len);
-		} else {
-			if (gpriv->throttle_count) {
-				wpa_printf(MSG_MSGDUMP,
-					   "CTRL: Had to throttle %u global event message(s) for sock %d",
-					   gpriv->throttle_count, gpriv->sock);
-			}
-			gpriv->throttle_count = 0;
-			wpa_supplicant_ctrl_iface_send(
-				wpa_s,
-				type != WPA_MSG_PER_INTERFACE ?
-				NULL : wpa_s->ifname,
-				gpriv->sock, &gpriv->ctrl_dst, level,
-				txt, len, NULL, gpriv);
-		}
-	}
-
-	priv = wpa_s->ctrl_iface;
-
-	if (type != WPA_MSG_ONLY_GLOBAL && priv) {
-		if (!dl_list_empty(&priv->msg_queue) ||
-		    wpas_ctrl_iface_throttle(priv->sock)) {
-			if (priv->throttle_count == 0) {
-				wpa_printf(MSG_MSGDUMP,
-					   "CTRL: Had to throttle event message for sock %d",
-					   priv->sock);
-			}
-			priv->throttle_count++;
-			wpas_ctrl_msg_queue_limit(priv->throttle_count,
-						  &priv->msg_queue);
-			wpas_ctrl_msg_queue(&priv->msg_queue, wpa_s, level,
-					    type, txt, len);
-		} else {
-			if (priv->throttle_count) {
-				wpa_printf(MSG_MSGDUMP,
-					   "CTRL: Had to throttle %u event message(s) for sock %d",
-					   priv->throttle_count, priv->sock);
-			}
-			priv->throttle_count = 0;
-			wpa_supplicant_ctrl_iface_send(wpa_s, NULL, priv->sock,
-						       &priv->ctrl_dst, level,
-						       txt, len, priv, NULL);
-		}
-	}
-}
-
-
-static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
-				     struct ctrl_iface_priv *priv)
-{
-	struct sockaddr_un addr;
-	char *fname = NULL;
-	gid_t gid = 0;
-	int gid_set = 0;
-	char *buf, *dir = NULL, *gid_str = NULL;
-	struct group *grp;
-	char *endp;
-	int flags;
-
-	buf = os_strdup(wpa_s->conf->ctrl_interface);
-	if (buf == NULL)
-		goto fail;
-#ifdef ANDROID
-	os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s",
-		    wpa_s->conf->ctrl_interface);
-	priv->sock = android_get_control_socket(addr.sun_path);
-	if (priv->sock >= 0) {
-		priv->android_control_socket = 1;
-		goto havesock;
-	}
-#endif /* ANDROID */
-	if (os_strncmp(buf, "DIR=", 4) == 0) {
-		dir = buf + 4;
-		gid_str = os_strstr(dir, " GROUP=");
-		if (gid_str) {
-			*gid_str = '\0';
-			gid_str += 7;
-		}
-	} else {
-		dir = buf;
-		gid_str = wpa_s->conf->ctrl_interface_group;
-	}
-
-	if (mkdir(dir, S_IRWXU | S_IRWXG) < 0) {
-		if (errno == EEXIST) {
-			wpa_printf(MSG_DEBUG, "Using existing control "
-				   "interface directory.");
-		} else {
-			wpa_printf(MSG_ERROR, "mkdir[ctrl_interface=%s]: %s",
-				   dir, strerror(errno));
-			goto fail;
-		}
-	}
-
-#ifdef ANDROID
-	/*
-	 * wpa_supplicant is started from /init.*.rc on Android and that seems
-	 * to be using umask 0077 which would leave the control interface
-	 * directory without group access. This breaks things since Wi-Fi
-	 * framework assumes that this directory can be accessed by other
-	 * applications in the wifi group. Fix this by adding group access even
-	 * if umask value would prevent this.
-	 */
-	if (chmod(dir, S_IRWXU | S_IRWXG) < 0) {
-		wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s",
-			   strerror(errno));
-		/* Try to continue anyway */
-	}
-#endif /* ANDROID */
-
-	if (gid_str) {
-		grp = getgrnam(gid_str);
-		if (grp) {
-			gid = grp->gr_gid;
-			gid_set = 1;
-			wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
-				   " (from group name '%s')",
-				   (int) gid, gid_str);
-		} else {
-			/* Group name not found - try to parse this as gid */
-			gid = strtol(gid_str, &endp, 10);
-			if (*gid_str == '\0' || *endp != '\0') {
-				wpa_printf(MSG_ERROR, "CTRL: Invalid group "
-					   "'%s'", gid_str);
-				goto fail;
-			}
-			gid_set = 1;
-			wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
-				   (int) gid);
-		}
-	}
-
-	if (gid_set && lchown(dir, -1, gid) < 0) {
-		wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
-			   dir, (int) gid, strerror(errno));
-		goto fail;
-	}
-
-	/* Make sure the group can enter and read the directory */
-	if (gid_set &&
-	    chmod(dir, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP) < 0) {
-		wpa_printf(MSG_ERROR, "CTRL: chmod[ctrl_interface]: %s",
-			   strerror(errno));
-		goto fail;
-	}
-
-	if (os_strlen(dir) + 1 + os_strlen(wpa_s->ifname) >=
-	    sizeof(addr.sun_path)) {
-		wpa_printf(MSG_ERROR, "ctrl_iface path limit exceeded");
-		goto fail;
-	}
-
-	priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
-	if (priv->sock < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
-		goto fail;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
-	addr.sun_len = sizeof(addr);
-#endif /* __FreeBSD__ */
-	addr.sun_family = AF_UNIX;
-	fname = wpa_supplicant_ctrl_iface_path(wpa_s);
-	if (fname == NULL)
-		goto fail;
-	os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path));
-	if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s",
-			   strerror(errno));
-		if (connect(priv->sock, (struct sockaddr *) &addr,
-			    sizeof(addr)) < 0) {
-			wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
-				   " allow connections - assuming it was left"
-				   "over from forced program termination");
-			if (unlink(fname) < 0) {
-				wpa_printf(MSG_ERROR,
-					   "Could not unlink existing ctrl_iface socket '%s': %s",
-					   fname, strerror(errno));
-				goto fail;
-			}
-			if (bind(priv->sock, (struct sockaddr *) &addr,
-				 sizeof(addr)) < 0) {
-				wpa_printf(MSG_ERROR, "supp-ctrl-iface-init: bind(PF_UNIX): %s",
-					   strerror(errno));
-				goto fail;
-			}
-			wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
-				   "ctrl_iface socket '%s'", fname);
-		} else {
-			wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
-				   "be in use - cannot override it");
-			wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
-				   "not used anymore", fname);
-			os_free(fname);
-			fname = NULL;
-			goto fail;
-		}
-	}
-
-	if (gid_set && lchown(fname, -1, gid) < 0) {
-		wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
-			   fname, (int) gid, strerror(errno));
-		goto fail;
-	}
-
-	if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
-		wpa_printf(MSG_ERROR, "chmod[ctrl_interface=%s]: %s",
-			   fname, strerror(errno));
-		goto fail;
-	}
-	os_free(fname);
-
-#ifdef ANDROID
-havesock:
-#endif /* ANDROID */
-
-	/*
-	 * Make socket non-blocking so that we don't hang forever if
-	 * target dies unexpectedly.
-	 */
-	flags = fcntl(priv->sock, F_GETFL);
-	if (flags >= 0) {
-		flags |= O_NONBLOCK;
-		if (fcntl(priv->sock, F_SETFL, flags) < 0) {
-			wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s",
-				   strerror(errno));
-			/* Not fatal, continue on.*/
-		}
-	}
-
-	eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
-				 wpa_s, priv);
-	wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
-
-	os_free(buf);
-	return 0;
-
-fail:
-	if (priv->sock >= 0) {
-		close(priv->sock);
-		priv->sock = -1;
-	}
-	if (fname) {
-		unlink(fname);
-		os_free(fname);
-	}
-	os_free(buf);
-	return -1;
-}
-
-
-struct ctrl_iface_priv *
-wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
-{
-	struct ctrl_iface_priv *priv;
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	dl_list_init(&priv->ctrl_dst);
-	dl_list_init(&priv->msg_queue);
-	priv->wpa_s = wpa_s;
-	priv->sock = -1;
-
-	if (wpa_s->conf->ctrl_interface == NULL)
-		return priv;
-
-#ifdef ANDROID
-	if (wpa_s->global->params.ctrl_interface) {
-		int same = 0;
-
-		if (wpa_s->global->params.ctrl_interface[0] == '/') {
-			if (os_strcmp(wpa_s->global->params.ctrl_interface,
-				      wpa_s->conf->ctrl_interface) == 0)
-				same = 1;
-		} else if (os_strncmp(wpa_s->global->params.ctrl_interface,
-				      "@android:", 9) == 0 ||
-			   os_strncmp(wpa_s->global->params.ctrl_interface,
-				      "@abstract:", 10) == 0) {
-			char *pos;
-
-			/*
-			 * Currently, Android uses @android:wpa_* as the naming
-			 * convention for the global ctrl interface. This logic
-			 * needs to be revisited if the above naming convention
-			 * is modified.
-			 */
-			pos = os_strchr(wpa_s->global->params.ctrl_interface,
-					'_');
-			if (pos &&
-			    os_strcmp(pos + 1,
-				      wpa_s->conf->ctrl_interface) == 0)
-				same = 1;
-		}
-
-		if (same) {
-			/*
-			 * The invalid configuration combination might be
-			 * possible to hit in an Android OTA upgrade case, so
-			 * instead of refusing to start the wpa_supplicant
-			 * process, do not open the per-interface ctrl_iface
-			 * and continue with the global control interface that
-			 * was set from the command line since the Wi-Fi
-			 * framework will use it for operations.
-			 */
-			wpa_printf(MSG_ERROR,
-				   "global ctrl interface %s matches ctrl interface %s - do not open per-interface ctrl interface",
-				   wpa_s->global->params.ctrl_interface,
-				   wpa_s->conf->ctrl_interface);
-			return priv;
-		}
-	}
-#endif /* ANDROID */
-
-	if (wpas_ctrl_iface_open_sock(wpa_s, priv) < 0) {
-		os_free(priv);
-		return NULL;
-	}
-
-	return priv;
-}
-
-
-static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
-				  struct ctrl_iface_priv *priv)
-{
-	int res;
-
-	if (priv->sock <= 0)
-		return -1;
-
-	/*
-	 * On Android, the control socket being used may be the socket
-	 * that is created when wpa_supplicant is started as a /init.*.rc
-	 * service. Such a socket is maintained as a key-value pair in
-	 * Android's environment. Closing this control socket would leave us
-	 * in a bad state with an invalid socket descriptor.
-	 */
-	if (priv->android_control_socket)
-		return priv->sock;
-
-	eloop_unregister_read_sock(priv->sock);
-	close(priv->sock);
-	priv->sock = -1;
-	res = wpas_ctrl_iface_open_sock(wpa_s, priv);
-	if (res < 0)
-		return -1;
-	return priv->sock;
-}
-
-
-static void
-wpas_global_ctrl_iface_flush_queued_msg(struct wpa_global *global,
-					struct wpa_supplicant *wpa_s)
-{
-	struct ctrl_iface_global_priv *gpriv;
-	struct ctrl_iface_msg *msg, *prev_msg;
-	unsigned int count = 0;
-
-	if (!global || !global->ctrl_iface)
-		return;
-
-	gpriv = global->ctrl_iface;
-	dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue,
-			      struct ctrl_iface_msg, list) {
-		if (msg->wpa_s == wpa_s) {
-			count++;
-			dl_list_del(&msg->list);
-			os_free(msg);
-		}
-	}
-
-	if (count) {
-		wpa_printf(MSG_DEBUG,
-			   "CTRL: Dropped %u pending message(s) for interface that is being removed",
-			count);
-	}
-}
-
-
-void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
-				      struct ctrl_iface_priv *priv)
-{
-	struct wpa_ctrl_dst *dst, *prev;
-	struct ctrl_iface_msg *msg, *prev_msg;
-	struct ctrl_iface_global_priv *gpriv;
-
-	if (!priv) {
-		/* Control interface has not yet been initialized, so there is
-		 * nothing to deinitialize here. However, there might be a
-		 * pending message for this interface, so get rid of any such
-		 * entry before completing interface removal. */
-		wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s);
-		eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
-		return;
-	}
-
-	if (priv->sock > -1) {
-		char *fname;
-		char *buf, *dir = NULL;
-		eloop_unregister_read_sock(priv->sock);
-		if (!dl_list_empty(&priv->ctrl_dst)) {
-			/*
-			 * Wait before closing the control socket if
-			 * there are any attached monitors in order to allow
-			 * them to receive any pending messages.
-			 */
-			wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
-				   "monitors to receive messages");
-			os_sleep(0, 100000);
-		}
-		close(priv->sock);
-		priv->sock = -1;
-		fname = wpa_supplicant_ctrl_iface_path(priv->wpa_s);
-		if (fname) {
-			unlink(fname);
-			os_free(fname);
-		}
-
-		if (priv->wpa_s->conf->ctrl_interface == NULL)
-			goto free_dst;
-		buf = os_strdup(priv->wpa_s->conf->ctrl_interface);
-		if (buf == NULL)
-			goto free_dst;
-		if (os_strncmp(buf, "DIR=", 4) == 0) {
-			char *gid_str;
-			dir = buf + 4;
-			gid_str = os_strstr(dir, " GROUP=");
-			if (gid_str)
-				*gid_str = '\0';
-		} else
-			dir = buf;
-
-		if (rmdir(dir) < 0) {
-			if (errno == ENOTEMPTY) {
-				wpa_printf(MSG_DEBUG, "Control interface "
-					   "directory not empty - leaving it "
-					   "behind");
-			} else {
-				wpa_printf(MSG_ERROR,
-					   "rmdir[ctrl_interface=%s]: %s",
-					   dir, strerror(errno));
-			}
-		}
-		os_free(buf);
-	}
-
-free_dst:
-	dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst,
-			      list) {
-		dl_list_del(&dst->list);
-		os_free(dst);
-	}
-	dl_list_for_each_safe(msg, prev_msg, &priv->msg_queue,
-			      struct ctrl_iface_msg, list) {
-		dl_list_del(&msg->list);
-		os_free(msg);
-	}
-	gpriv = priv->wpa_s->global->ctrl_iface;
-	if (gpriv) {
-		dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue,
-				      struct ctrl_iface_msg, list) {
-			if (msg->wpa_s == priv->wpa_s) {
-				dl_list_del(&msg->list);
-				os_free(msg);
-			}
-		}
-	}
-	wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s);
-	eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, priv->wpa_s, NULL);
-	os_free(priv);
-}
-
-
-/**
- * wpa_supplicant_ctrl_iface_send - Send a control interface packet to monitors
- * @ifname: Interface name for global control socket or %NULL
- * @sock: Local socket fd
- * @ctrl_dst: List of attached listeners
- * @level: Priority level of the message
- * @buf: Message data
- * @len: Message length
- *
- * Send a packet to all monitor programs attached to the control interface.
- */
-static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
-					   const char *ifname, int sock,
-					   struct dl_list *ctrl_dst,
-					   int level, const char *buf,
-					   size_t len,
-					   struct ctrl_iface_priv *priv,
-					   struct ctrl_iface_global_priv *gp)
-{
-	struct wpa_ctrl_dst *dst, *next;
-	char levelstr[10];
-	int idx, res;
-	struct msghdr msg;
-	struct iovec io[5];
-
-	if (sock < 0 || dl_list_empty(ctrl_dst))
-		return;
-
-	res = os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
-	if (os_snprintf_error(sizeof(levelstr), res))
-		return;
-	idx = 0;
-	if (ifname) {
-		io[idx].iov_base = "IFNAME=";
-		io[idx].iov_len = 7;
-		idx++;
-		io[idx].iov_base = (char *) ifname;
-		io[idx].iov_len = os_strlen(ifname);
-		idx++;
-		io[idx].iov_base = " ";
-		io[idx].iov_len = 1;
-		idx++;
-	}
-	io[idx].iov_base = levelstr;
-	io[idx].iov_len = os_strlen(levelstr);
-	idx++;
-	io[idx].iov_base = (char *) buf;
-	io[idx].iov_len = len;
-	idx++;
-	os_memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = io;
-	msg.msg_iovlen = idx;
-
-	dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) {
-		int _errno;
-		char txt[200];
-
-		if (level < dst->debug_level)
-			continue;
-
-		msg.msg_name = (void *) &dst->addr;
-		msg.msg_namelen = dst->addrlen;
-		wpas_ctrl_sock_debug("ctrl_sock-sendmsg", sock, buf, len);
-		if (sendmsg(sock, &msg, MSG_DONTWAIT) >= 0) {
-			sockaddr_print(MSG_MSGDUMP,
-				       "CTRL_IFACE monitor sent successfully to",
-				       &dst->addr, dst->addrlen);
-			dst->errors = 0;
-			continue;
-		}
-
-		_errno = errno;
-		os_snprintf(txt, sizeof(txt), "CTRL_IFACE monitor: %d (%s) for",
-			    _errno, strerror(_errno));
-		sockaddr_print(MSG_DEBUG, txt, &dst->addr, dst->addrlen);
-		dst->errors++;
-
-		if (dst->errors > 10 || _errno == ENOENT || _errno == EPERM) {
-			sockaddr_print(MSG_INFO, "CTRL_IFACE: Detach monitor that cannot receive messages:",
-				       &dst->addr, dst->addrlen);
-			wpa_supplicant_ctrl_iface_detach(ctrl_dst, &dst->addr,
-							 dst->addrlen);
-		}
-
-		if (_errno == ENOBUFS || _errno == EAGAIN) {
-			/*
-			 * The socket send buffer could be full. This may happen
-			 * if client programs are not receiving their pending
-			 * messages. Close and reopen the socket as a workaround
-			 * to avoid getting stuck being unable to send any new
-			 * responses.
-			 */
-			if (priv)
-				sock = wpas_ctrl_iface_reinit(wpa_s, priv);
-			else if (gp)
-				sock = wpas_ctrl_iface_global_reinit(
-					wpa_s->global, gp);
-			else
-				break;
-			if (sock < 0) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"Failed to reinitialize ctrl_iface socket");
-				break;
-			}
-		}
-	}
-}
-
-
-void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
-{
-	char buf[256];
-	int res;
-	struct sockaddr_storage from;
-	socklen_t fromlen = sizeof(from);
-
-	if (priv->sock == -1)
-		return;
-
-	for (;;) {
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor to "
-			   "attach", priv->wpa_s->ifname);
-		eloop_wait_for_read_sock(priv->sock);
-
-		res = recvfrom(priv->sock, buf, sizeof(buf) - 1, 0,
-			       (struct sockaddr *) &from, &fromlen);
-		if (res < 0) {
-			wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
-				   strerror(errno));
-			continue;
-		}
-		buf[res] = '\0';
-
-		if (os_strcmp(buf, "ATTACH") == 0) {
-			/* handle ATTACH signal of first monitor interface */
-			if (!wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
-							      &from, fromlen,
-							      0)) {
-				if (sendto(priv->sock, "OK\n", 3, 0,
-					   (struct sockaddr *) &from, fromlen) <
-				    0) {
-					wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
-						   strerror(errno));
-				}
-				/* OK to continue */
-				return;
-			} else {
-				if (sendto(priv->sock, "FAIL\n", 5, 0,
-					   (struct sockaddr *) &from, fromlen) <
-				    0) {
-					wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
-						   strerror(errno));
-				}
-			}
-		} else {
-			/* return FAIL for all other signals */
-			if (sendto(priv->sock, "FAIL\n", 5, 0,
-				   (struct sockaddr *) &from, fromlen) < 0) {
-				wpa_printf(MSG_DEBUG,
-					   "ctrl_iface sendto failed: %s",
-					   strerror(errno));
-			}
-		}
-	}
-}
-
-
-/* Global ctrl_iface */
-
-static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
-						     void *sock_ctx)
-{
-	struct wpa_global *global = eloop_ctx;
-	struct ctrl_iface_global_priv *priv = sock_ctx;
-	char *buf;
-	int res;
-	struct sockaddr_storage from;
-	socklen_t fromlen = sizeof(from);
-	char *reply = NULL, *reply_buf = NULL;
-	size_t reply_len;
-
-	buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
-	if (!buf)
-		return;
-	res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
-		       (struct sockaddr *) &from, &fromlen);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
-			   strerror(errno));
-		os_free(buf);
-		return;
-	}
-	if ((size_t) res > CTRL_IFACE_MAX_LEN) {
-		wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
-		os_free(buf);
-		return;
-	}
-	buf[res] = '\0';
-
-	if (os_strcmp(buf, "ATTACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
-						     fromlen, 1))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else if (os_strcmp(buf, "DETACH") == 0) {
-		if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from,
-						     fromlen))
-			reply_len = 1;
-		else
-			reply_len = 2;
-	} else {
-		reply_buf = wpa_supplicant_global_ctrl_iface_process(
-			global, buf, &reply_len);
-		reply = reply_buf;
-
-		/*
-		 * There could be some password/key material in the command, so
-		 * clear the buffer explicitly now that it is not needed
-		 * anymore.
-		 */
-		os_memset(buf, 0, res);
-	}
-
-	if (!reply && reply_len == 1) {
-		reply = "FAIL\n";
-		reply_len = 5;
-	} else if (!reply && reply_len == 2) {
-		reply = "OK\n";
-		reply_len = 3;
-	}
-
-	if (reply) {
-		wpas_ctrl_sock_debug("global_ctrl_sock-sendto",
-				     sock, reply, reply_len);
-		if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
-			   fromlen) < 0) {
-			wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
-				strerror(errno));
-		}
-	}
-	os_free(reply_buf);
-	os_free(buf);
-}
-
-
-static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
-					    struct ctrl_iface_global_priv *priv)
-{
-	struct sockaddr_un addr;
-	const char *ctrl = global->params.ctrl_interface;
-	int flags;
-
-	wpa_printf(MSG_DEBUG, "Global control interface '%s'", ctrl);
-
-#ifdef ANDROID
-	if (os_strncmp(ctrl, "@android:", 9) == 0) {
-		priv->sock = android_get_control_socket(ctrl + 9);
-		if (priv->sock < 0) {
-			wpa_printf(MSG_ERROR, "Failed to open Android control "
-				   "socket '%s'", ctrl + 9);
-			goto fail;
-		}
-		wpa_printf(MSG_DEBUG, "Using Android control socket '%s'",
-			   ctrl + 9);
-		priv->android_control_socket = 1;
-		goto havesock;
-	}
-
-	if (os_strncmp(ctrl, "@abstract:", 10) != 0) {
-		/*
-		 * Backwards compatibility - try to open an Android control
-		 * socket and if that fails, assume this was a UNIX domain
-		 * socket instead.
-		 */
-		priv->sock = android_get_control_socket(ctrl);
-		if (priv->sock >= 0) {
-			wpa_printf(MSG_DEBUG,
-				   "Using Android control socket '%s'",
-				   ctrl);
-			priv->android_control_socket = 1;
-			goto havesock;
-		}
-	}
-#endif /* ANDROID */
-
-	priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
-	if (priv->sock < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
-		goto fail;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
-	addr.sun_len = sizeof(addr);
-#endif /* __FreeBSD__ */
-	addr.sun_family = AF_UNIX;
-
-	if (os_strncmp(ctrl, "@abstract:", 10) == 0) {
-		addr.sun_path[0] = '\0';
-		os_strlcpy(addr.sun_path + 1, ctrl + 10,
-			   sizeof(addr.sun_path) - 1);
-		if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) <
-		    0) {
-			wpa_printf(MSG_ERROR, "supp-global-ctrl-iface-init: "
-				   "bind(PF_UNIX;%s) failed: %s",
-				   ctrl, strerror(errno));
-			goto fail;
-		}
-		wpa_printf(MSG_DEBUG, "Using Abstract control socket '%s'",
-			   ctrl + 10);
-		goto havesock;
-	}
-
-	os_strlcpy(addr.sun_path, ctrl, sizeof(addr.sun_path));
-	if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s",
-			   ctrl, strerror(errno));
-		if (connect(priv->sock, (struct sockaddr *) &addr,
-			    sizeof(addr)) < 0) {
-			wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
-				   " allow connections - assuming it was left"
-				   "over from forced program termination");
-			if (unlink(ctrl) < 0) {
-				wpa_printf(MSG_ERROR,
-					   "Could not unlink existing ctrl_iface socket '%s': %s",
-					   ctrl, strerror(errno));
-				goto fail;
-			}
-			if (bind(priv->sock, (struct sockaddr *) &addr,
-				 sizeof(addr)) < 0) {
-				wpa_printf(MSG_ERROR, "supp-glb-iface-init: bind(PF_UNIX;%s): %s",
-					   ctrl, strerror(errno));
-				goto fail;
-			}
-			wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
-				   "ctrl_iface socket '%s'",
-				   ctrl);
-		} else {
-			wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
-				   "be in use - cannot override it");
-			wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
-				   "not used anymore",
-				   ctrl);
-			goto fail;
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "Using UNIX control socket '%s'", ctrl);
-
-	if (global->params.ctrl_interface_group) {
-		char *gid_str = global->params.ctrl_interface_group;
-		gid_t gid = 0;
-		struct group *grp;
-		char *endp;
-
-		grp = getgrnam(gid_str);
-		if (grp) {
-			gid = grp->gr_gid;
-			wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
-				   " (from group name '%s')",
-				   (int) gid, gid_str);
-		} else {
-			/* Group name not found - try to parse this as gid */
-			gid = strtol(gid_str, &endp, 10);
-			if (*gid_str == '\0' || *endp != '\0') {
-				wpa_printf(MSG_ERROR, "CTRL: Invalid group "
-					   "'%s'", gid_str);
-				goto fail;
-			}
-			wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
-				   (int) gid);
-		}
-		if (lchown(ctrl, -1, gid) < 0) {
-			wpa_printf(MSG_ERROR,
-				   "lchown[global_ctrl_interface=%s,gid=%d]: %s",
-				   ctrl, (int) gid, strerror(errno));
-			goto fail;
-		}
-
-		if (chmod(ctrl, S_IRWXU | S_IRWXG) < 0) {
-			wpa_printf(MSG_ERROR,
-				   "chmod[global_ctrl_interface=%s]: %s",
-				   ctrl, strerror(errno));
-			goto fail;
-		}
-	} else {
-		if (chmod(ctrl, S_IRWXU) < 0) {
-			wpa_printf(MSG_DEBUG,
-				   "chmod[global_ctrl_interface=%s](S_IRWXU): %s",
-				   ctrl, strerror(errno));
-			/* continue anyway since group change was not required
-			 */
-		}
-	}
-
-havesock:
-
-	/*
-	 * Make socket non-blocking so that we don't hang forever if
-	 * target dies unexpectedly.
-	 */
-	flags = fcntl(priv->sock, F_GETFL);
-	if (flags >= 0) {
-		flags |= O_NONBLOCK;
-		if (fcntl(priv->sock, F_SETFL, flags) < 0) {
-			wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s",
-				   strerror(errno));
-			/* Not fatal, continue on.*/
-		}
-	}
-
-	eloop_register_read_sock(priv->sock,
-				 wpa_supplicant_global_ctrl_iface_receive,
-				 global, priv);
-
-	return 0;
-
-fail:
-	if (priv->sock >= 0) {
-		close(priv->sock);
-		priv->sock = -1;
-	}
-	return -1;
-}
-
-
-struct ctrl_iface_global_priv *
-wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
-{
-	struct ctrl_iface_global_priv *priv;
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	dl_list_init(&priv->ctrl_dst);
-	dl_list_init(&priv->msg_queue);
-	priv->global = global;
-	priv->sock = -1;
-
-	if (global->params.ctrl_interface == NULL)
-		return priv;
-
-	if (wpas_global_ctrl_iface_open_sock(global, priv) < 0) {
-		os_free(priv);
-		return NULL;
-	}
-
-	wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
-
-	return priv;
-}
-
-
-static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
-					 struct ctrl_iface_global_priv *priv)
-{
-	int res;
-
-	if (priv->sock <= 0)
-		return -1;
-
-	/*
-	 * On Android, the control socket being used may be the socket
-	 * that is created when wpa_supplicant is started as a /init.*.rc
-	 * service. Such a socket is maintained as a key-value pair in
-	 * Android's environment. Closing this control socket would leave us
-	 * in a bad state with an invalid socket descriptor.
-	 */
-	if (priv->android_control_socket)
-		return priv->sock;
-
-	eloop_unregister_read_sock(priv->sock);
-	close(priv->sock);
-	priv->sock = -1;
-	res = wpas_global_ctrl_iface_open_sock(global, priv);
-	if (res < 0)
-		return -1;
-	return priv->sock;
-}
-
-
-void
-wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
-{
-	struct wpa_ctrl_dst *dst, *prev;
-	struct ctrl_iface_msg *msg, *prev_msg;
-
-	if (priv->sock >= 0) {
-		eloop_unregister_read_sock(priv->sock);
-		close(priv->sock);
-	}
-	if (priv->global->params.ctrl_interface)
-		unlink(priv->global->params.ctrl_interface);
-	dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst,
-			      list) {
-		dl_list_del(&dst->list);
-		os_free(dst);
-	}
-	dl_list_for_each_safe(msg, prev_msg, &priv->msg_queue,
-			      struct ctrl_iface_msg, list) {
-		dl_list_del(&msg->list);
-		os_free(msg);
-	}
-	os_free(priv);
-}
diff --git a/wpa_supplicant/dbus/.gitignore b/wpa_supplicant/dbus/.gitignore
deleted file mode 100644
index 6db2468ff2d3..000000000000
--- a/wpa_supplicant/dbus/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-libwpadbus.a
diff --git a/wpa_supplicant/dbus/Makefile b/wpa_supplicant/dbus/Makefile
deleted file mode 100644
index 4d8700428dcb..000000000000
--- a/wpa_supplicant/dbus/Makefile
+++ /dev/null
@@ -1,69 +0,0 @@
-all: libwpadbus.a
-
-clean:
-	rm -f *~ *.o *.d *.gcno *.gcda *.gcov
-	rm -f libwpadbus.a
-
-install:
-	@echo Nothing to be made.
-
-ifndef CC
-CC=gcc
-endif
-
-ifndef CFLAGS
-CFLAGS = -MMD -O2 -Wall -g
-endif
-
-PKG_CONFIG ?= pkg-config
-CFLAGS += -I../../src -I../../src/utils
-
-
-Q=@
-E=echo
-ifeq ($(V), 1)
-Q=
-E=true
-endif
-
-%.o: %.c
-	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
-	@$(E) "  CC " $<
-
-
-ifdef CONFIG_WPS
-CFLAGS += -DCONFIG_WPS
-endif
-
-CFLAGS += -DCONFIG_CTRL_IFACE_DBUS_NEW
-
-ifndef DBUS_LIBS
-DBUS_LIBS := $(shell $(PKG_CONFIG) --libs dbus-1)
-endif
-ifndef DBUS_INCLUDE
-DBUS_INCLUDE := $(shell $(PKG_CONFIG) --cflags dbus-1)
-endif
-ifdef CONFIG_CTRL_IFACE_DBUS_INTRO
-CFLAGS += -DCONFIG_CTRL_IFACE_DBUS_INTRO
-DBUS_INCLUDE += $(shell xml2-config --cflags)
-DBUS_LIBS += $(shell xml2-config --libs)
-endif
-
-CFLAGS += $(DBUS_INCLUDE)
-
-LIB_OBJS= \
-	dbus_common.o \
-	dbus_new.o \
-	dbus_new_handlers.o \
-	dbus_new_helpers.o \
-	dbus_new_introspect.o \
-	dbus_dict_helpers.o
-
-ifdef CONFIG_WPS
-LIB_OBJS += dbus_new_handlers_wps.o
-endif
-
-libwpadbus.a: $(LIB_OBJS)
-	$(AR) crT $@ $?
-
--include $(OBJS:%.o=%.d)
diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
deleted file mode 100644
index e81b495f4b99..000000000000
--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-<!DOCTYPE busconfig PUBLIC
- "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-        <policy user="root">
-                <allow own="fi.w1.wpa_supplicant1"/>
-
-                <allow send_destination="fi.w1.wpa_supplicant1"/>
-                <allow send_interface="fi.w1.wpa_supplicant1"/>
-                <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
-        </policy>
-        <policy context="default">
-                <deny own="fi.w1.wpa_supplicant1"/>
-                <deny send_destination="fi.w1.wpa_supplicant1"/>
-                <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
-        </policy>
-</busconfig>
diff --git a/wpa_supplicant/dbus/dbus_common.c b/wpa_supplicant/dbus/dbus_common.c
deleted file mode 100644
index a727217fd6f9..000000000000
--- a/wpa_supplicant/dbus/dbus_common.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- * wpa_supplicant D-Bus control interface - common functionality
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <dbus/dbus.h>
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "dbus_common.h"
-#include "dbus_common_i.h"
-#include "dbus_new.h"
-#include "../wpa_supplicant_i.h"
-
-
-#ifndef SIGPOLL
-#ifdef SIGIO
-/*
- * If we do not have SIGPOLL, try to use SIGIO instead. This is needed for
- * FreeBSD.
- */
-#define SIGPOLL SIGIO
-#endif
-#endif
-
-
-static void dispatch_data(DBusConnection *con)
-{
-	while (dbus_connection_get_dispatch_status(con) ==
-	       DBUS_DISPATCH_DATA_REMAINS)
-		dbus_connection_dispatch(con);
-}
-
-
-/**
- * dispatch_initial_dbus_messages - Dispatch initial dbus messages after
- *     claiming bus name
- * @eloop_ctx: the DBusConnection to dispatch on
- * @timeout_ctx: unused
- *
- * If clients are quick to notice that service claimed its bus name,
- * there may have been messages that came in before initialization was
- * all finished.  Dispatch those here.
- */
-static void dispatch_initial_dbus_messages(void *eloop_ctx, void *timeout_ctx)
-{
-	DBusConnection *con = eloop_ctx;
-	dispatch_data(con);
-}
-
-
-static void process_watch(struct wpas_dbus_priv *priv,
-			  DBusWatch *watch, eloop_event_type type)
-{
-	dbus_connection_ref(priv->con);
-
-	priv->should_dispatch = 0;
-
-	if (type == EVENT_TYPE_READ)
-		dbus_watch_handle(watch, DBUS_WATCH_READABLE);
-	else if (type == EVENT_TYPE_WRITE)
-		dbus_watch_handle(watch, DBUS_WATCH_WRITABLE);
-	else if (type == EVENT_TYPE_EXCEPTION)
-		dbus_watch_handle(watch, DBUS_WATCH_ERROR);
-
-	if (priv->should_dispatch) {
-		dispatch_data(priv->con);
-		priv->should_dispatch = 0;
-	}
-
-	dbus_connection_unref(priv->con);
-}
-
-
-static void process_watch_exception(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	process_watch(eloop_ctx, sock_ctx, EVENT_TYPE_EXCEPTION);
-}
-
-
-static void process_watch_read(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	process_watch(eloop_ctx, sock_ctx, EVENT_TYPE_READ);
-}
-
-
-static void process_watch_write(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	process_watch(eloop_ctx, sock_ctx, EVENT_TYPE_WRITE);
-}
-
-
-static dbus_bool_t add_watch(DBusWatch *watch, void *data)
-{
-	struct wpas_dbus_priv *priv = data;
-	unsigned int flags;
-	int fd;
-
-	if (!dbus_watch_get_enabled(watch))
-		return TRUE;
-
-	flags = dbus_watch_get_flags(watch);
-	fd = dbus_watch_get_unix_fd(watch);
-
-	if (eloop_register_sock(fd, EVENT_TYPE_EXCEPTION,
-				process_watch_exception, priv, watch) < 0)
-		return FALSE;
-
-	if ((flags & DBUS_WATCH_READABLE) &&
-	    eloop_register_sock(fd, EVENT_TYPE_READ, process_watch_read,
-				priv, watch) < 0)
-		return FALSE;
-	if ((flags & DBUS_WATCH_WRITABLE) &&
-	    eloop_register_sock(fd, EVENT_TYPE_WRITE, process_watch_write,
-				priv, watch) < 0)
-		return FALSE;
-
-	dbus_watch_set_data(watch, priv, NULL);
-
-	return TRUE;
-}
-
-
-static void remove_watch(DBusWatch *watch, void *data)
-{
-	unsigned int flags;
-	int fd;
-
-	flags = dbus_watch_get_flags(watch);
-	fd = dbus_watch_get_unix_fd(watch);
-
-	eloop_unregister_sock(fd, EVENT_TYPE_EXCEPTION);
-
-	if (flags & DBUS_WATCH_READABLE)
-		eloop_unregister_sock(fd, EVENT_TYPE_READ);
-	if (flags & DBUS_WATCH_WRITABLE)
-		eloop_unregister_sock(fd, EVENT_TYPE_WRITE);
-
-	dbus_watch_set_data(watch, NULL, NULL);
-}
-
-
-static void watch_toggled(DBusWatch *watch, void *data)
-{
-	if (dbus_watch_get_enabled(watch))
-		add_watch(watch, data);
-	else
-		remove_watch(watch, data);
-}
-
-
-static void process_timeout(void *eloop_ctx, void *sock_ctx)
-{
-	DBusTimeout *timeout = sock_ctx;
-	dbus_timeout_handle(timeout);
-}
-
-
-static dbus_bool_t add_timeout(DBusTimeout *timeout, void *data)
-{
-	struct wpas_dbus_priv *priv = data;
-
-	if (!dbus_timeout_get_enabled(timeout))
-		return TRUE;
-
-	eloop_register_timeout(0, dbus_timeout_get_interval(timeout) * 1000,
-			       process_timeout, priv, timeout);
-
-	dbus_timeout_set_data(timeout, priv, NULL);
-
-	return TRUE;
-}
-
-
-static void remove_timeout(DBusTimeout *timeout, void *data)
-{
-	struct wpas_dbus_priv *priv = data;
-
-	eloop_cancel_timeout(process_timeout, priv, timeout);
-	dbus_timeout_set_data(timeout, NULL, NULL);
-}
-
-
-static void timeout_toggled(DBusTimeout *timeout, void *data)
-{
-	if (dbus_timeout_get_enabled(timeout))
-		add_timeout(timeout, data);
-	else
-		remove_timeout(timeout, data);
-}
-
-
-static void process_wakeup_main(int sig, void *signal_ctx)
-{
-	struct wpas_dbus_priv *priv = signal_ctx;
-
-	if (sig != SIGPOLL || !priv->con)
-		return;
-
-	if (dbus_connection_get_dispatch_status(priv->con) !=
-	    DBUS_DISPATCH_DATA_REMAINS)
-		return;
-
-	/* Only dispatch once - we do not want to starve other events */
-	dbus_connection_ref(priv->con);
-	dbus_connection_dispatch(priv->con);
-	dbus_connection_unref(priv->con);
-}
-
-
-/**
- * wakeup_main - Attempt to wake our mainloop up
- * @data: dbus control interface private data
- *
- * Try to wake up the main eloop so it will process
- * dbus events that may have happened.
- */
-static void wakeup_main(void *data)
-{
-	struct wpas_dbus_priv *priv = data;
-
-	/* Use SIGPOLL to break out of the eloop select() */
-	raise(SIGPOLL);
-	priv->should_dispatch = 1;
-}
-
-
-/**
- * integrate_with_eloop - Register our mainloop integration with dbus
- * @connection: connection to the system message bus
- * @priv: a dbus control interface data structure
- * Returns: 0 on success, -1 on failure
- */
-static int integrate_with_eloop(struct wpas_dbus_priv *priv)
-{
-	if (!dbus_connection_set_watch_functions(priv->con, add_watch,
-						 remove_watch, watch_toggled,
-						 priv, NULL) ||
-	    !dbus_connection_set_timeout_functions(priv->con, add_timeout,
-						   remove_timeout,
-						   timeout_toggled, priv,
-						   NULL)) {
-		wpa_printf(MSG_ERROR, "dbus: Failed to set callback functions");
-		return -1;
-	}
-
-	if (eloop_register_signal(SIGPOLL, process_wakeup_main, priv))
-		return -1;
-	dbus_connection_set_wakeup_main_function(priv->con, wakeup_main,
-						 priv, NULL);
-
-	return 0;
-}
-
-
-static DBusHandlerResult disconnect_filter(DBusConnection *conn,
-					   DBusMessage *message, void *data)
-{
-	struct wpas_dbus_priv *priv = data;
-
-	if (dbus_message_is_signal(message, DBUS_INTERFACE_LOCAL,
-				   "Disconnected")) {
-		wpa_printf(MSG_DEBUG, "dbus: bus disconnected, terminating");
-		dbus_connection_set_exit_on_disconnect(conn, FALSE);
-		wpa_supplicant_terminate_proc(priv->global);
-		return DBUS_HANDLER_RESULT_HANDLED;
-	} else
-		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-}
-
-
-static int wpas_dbus_init_common(struct wpas_dbus_priv *priv)
-{
-	DBusError error;
-	int ret = 0;
-
-	/* Get a reference to the system bus */
-	dbus_error_init(&error);
-	priv->con = dbus_bus_get(DBUS_BUS_SYSTEM, &error);
-	if (priv->con) {
-		dbus_connection_add_filter(priv->con, disconnect_filter, priv,
-					   NULL);
-	} else {
-		wpa_printf(MSG_ERROR,
-			   "dbus: Could not acquire the system bus: %s - %s",
-			   error.name, error.message);
-		ret = -1;
-	}
-	dbus_error_free(&error);
-
-	return ret;
-}
-
-
-static int wpas_dbus_init_common_finish(struct wpas_dbus_priv *priv)
-{
-	/* Tell dbus about our mainloop integration functions */
-	integrate_with_eloop(priv);
-
-	/*
-	 * Dispatch initial DBus messages that may have come in since the bus
-	 * name was claimed above. Happens when clients are quick to notice the
-	 * service.
-	 *
-	 * FIXME: is there a better solution to this problem?
-	 */
-	eloop_register_timeout(0, 50, dispatch_initial_dbus_messages,
-			       priv->con, NULL);
-
-	return 0;
-}
-
-
-static void wpas_dbus_deinit_common(struct wpas_dbus_priv *priv)
-{
-	if (priv->con) {
-		eloop_cancel_timeout(dispatch_initial_dbus_messages,
-				     priv->con, NULL);
-		eloop_cancel_timeout(process_timeout, priv, ELOOP_ALL_CTX);
-
-		dbus_connection_set_watch_functions(priv->con, NULL, NULL,
-						    NULL, NULL, NULL);
-		dbus_connection_set_timeout_functions(priv->con, NULL, NULL,
-						      NULL, NULL, NULL);
-		dbus_connection_remove_filter(priv->con, disconnect_filter,
-					      priv);
-
-		dbus_connection_unref(priv->con);
-	}
-
-	os_free(priv);
-}
-
-
-struct wpas_dbus_priv * wpas_dbus_init(struct wpa_global *global)
-{
-	struct wpas_dbus_priv *priv;
-
-	priv = os_zalloc(sizeof(*priv));
-	if (priv == NULL)
-		return NULL;
-	priv->global = global;
-
-	if (wpas_dbus_init_common(priv) < 0 ||
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	    wpas_dbus_ctrl_iface_init(priv) < 0 ||
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-	    wpas_dbus_init_common_finish(priv) < 0) {
-		wpas_dbus_deinit(priv);
-		return NULL;
-	}
-
-	return priv;
-}
-
-
-void wpas_dbus_deinit(struct wpas_dbus_priv *priv)
-{
-	if (priv == NULL)
-		return;
-
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	wpas_dbus_ctrl_iface_deinit(priv);
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-
-	wpas_dbus_deinit_common(priv);
-}
diff --git a/wpa_supplicant/dbus/dbus_common.h b/wpa_supplicant/dbus/dbus_common.h
deleted file mode 100644
index aea7db742b41..000000000000
--- a/wpa_supplicant/dbus/dbus_common.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * wpa_supplicant D-Bus control interface - common definitions
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DBUS_COMMON_H
-#define DBUS_COMMON_H
-
-struct wpas_dbus_priv;
-struct wpa_global;
-
-struct wpas_dbus_priv * wpas_dbus_init(struct wpa_global *global);
-void wpas_dbus_deinit(struct wpas_dbus_priv *priv);
-
-#endif /* DBUS_COMMON_H */
diff --git a/wpa_supplicant/dbus/dbus_common_i.h b/wpa_supplicant/dbus/dbus_common_i.h
deleted file mode 100644
index 95eb4bcb50ca..000000000000
--- a/wpa_supplicant/dbus/dbus_common_i.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * wpa_supplicant D-Bus control interface - internal definitions
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DBUS_COMMON_I_H
-#define DBUS_COMMON_I_H
-
-#include <dbus/dbus.h>
-
-struct wpa_dbus_property_desc;
-
-struct wpas_dbus_priv {
-	DBusConnection *con;
-	int should_dispatch;
-	struct wpa_global *global;
-	u32 next_objid;
-	int dbus_new_initialized;
-
-#if defined(CONFIG_CTRL_IFACE_DBUS_NEW)
-	struct wpa_dbus_property_desc *all_interface_properties;
-	int globals_start;
-#if defined(CONFIG_AP)
-	int dbus_noc_refcnt;
-#endif /* CONFIG_AP */
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-};
-
-#endif /* DBUS_COMMON_I_H */
diff --git a/wpa_supplicant/dbus/dbus_dict_helpers.c b/wpa_supplicant/dbus/dbus_dict_helpers.c
deleted file mode 100644
index e4e9b8da96b7..000000000000
--- a/wpa_supplicant/dbus/dbus_dict_helpers.c
+++ /dev/null
@@ -1,1061 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <dbus/dbus.h>
-
-#include "common.h"
-#include "wpabuf.h"
-#include "dbus_dict_helpers.h"
-
-
-/**
- * Start a dict in a dbus message.  Should be paired with a call to
- * wpa_dbus_dict_close_write().
- *
- * @param iter A valid dbus message iterator
- * @param iter_dict (out) A dict iterator to pass to further dict functions
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_open_write(DBusMessageIter *iter,
-				     DBusMessageIter *iter_dict)
-{
-	dbus_bool_t result;
-
-	if (!iter || !iter_dict)
-		return FALSE;
-
-	result = dbus_message_iter_open_container(
-		iter,
-		DBUS_TYPE_ARRAY,
-		DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING
-		DBUS_TYPE_STRING_AS_STRING
-		DBUS_TYPE_VARIANT_AS_STRING
-		DBUS_DICT_ENTRY_END_CHAR_AS_STRING,
-		iter_dict);
-	return result;
-}
-
-
-/**
- * End a dict element in a dbus message.  Should be paired with
- * a call to wpa_dbus_dict_open_write().
- *
- * @param iter valid dbus message iterator, same as passed to
- *    wpa_dbus_dict_open_write()
- * @param iter_dict a dbus dict iterator returned from
- *    wpa_dbus_dict_open_write()
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_close_write(DBusMessageIter *iter,
-				      DBusMessageIter *iter_dict)
-{
-	if (!iter || !iter_dict)
-		return FALSE;
-
-	return dbus_message_iter_close_container(iter, iter_dict);
-}
-
-
-const char * wpa_dbus_type_as_string(const int type)
-{
-	switch (type) {
-	case DBUS_TYPE_BYTE:
-		return DBUS_TYPE_BYTE_AS_STRING;
-	case DBUS_TYPE_BOOLEAN:
-		return DBUS_TYPE_BOOLEAN_AS_STRING;
-	case DBUS_TYPE_INT16:
-		return DBUS_TYPE_INT16_AS_STRING;
-	case DBUS_TYPE_UINT16:
-		return DBUS_TYPE_UINT16_AS_STRING;
-	case DBUS_TYPE_INT32:
-		return DBUS_TYPE_INT32_AS_STRING;
-	case DBUS_TYPE_UINT32:
-		return DBUS_TYPE_UINT32_AS_STRING;
-	case DBUS_TYPE_INT64:
-		return DBUS_TYPE_INT64_AS_STRING;
-	case DBUS_TYPE_UINT64:
-		return DBUS_TYPE_UINT64_AS_STRING;
-	case DBUS_TYPE_DOUBLE:
-		return DBUS_TYPE_DOUBLE_AS_STRING;
-	case DBUS_TYPE_STRING:
-		return DBUS_TYPE_STRING_AS_STRING;
-	case DBUS_TYPE_OBJECT_PATH:
-		return DBUS_TYPE_OBJECT_PATH_AS_STRING;
-	case DBUS_TYPE_ARRAY:
-		return DBUS_TYPE_ARRAY_AS_STRING;
-	default:
-		return NULL;
-	}
-}
-
-
-static dbus_bool_t _wpa_dbus_add_dict_entry_start(
-	DBusMessageIter *iter_dict, DBusMessageIter *iter_dict_entry,
-	const char *key, const int value_type)
-{
-	if (!dbus_message_iter_open_container(iter_dict,
-					      DBUS_TYPE_DICT_ENTRY, NULL,
-					      iter_dict_entry))
-		return FALSE;
-
-	return dbus_message_iter_append_basic(iter_dict_entry, DBUS_TYPE_STRING,
-					      &key);
-}
-
-
-static dbus_bool_t _wpa_dbus_add_dict_entry_end(
-	DBusMessageIter *iter_dict, DBusMessageIter *iter_dict_entry,
-	DBusMessageIter *iter_dict_val)
-{
-	if (!dbus_message_iter_close_container(iter_dict_entry, iter_dict_val))
-		return FALSE;
-
-	return dbus_message_iter_close_container(iter_dict, iter_dict_entry);
-}
-
-
-static dbus_bool_t _wpa_dbus_add_dict_entry_basic(DBusMessageIter *iter_dict,
-						  const char *key,
-						  const int value_type,
-						  const void *value)
-{
-	DBusMessageIter iter_dict_entry, iter_dict_val;
-	const char *type_as_string = NULL;
-
-	if (key == NULL)
-		return FALSE;
-
-	type_as_string = wpa_dbus_type_as_string(value_type);
-	if (!type_as_string)
-		return FALSE;
-
-	if (!_wpa_dbus_add_dict_entry_start(iter_dict, &iter_dict_entry,
-					    key, value_type) ||
-	    !dbus_message_iter_open_container(&iter_dict_entry,
-					      DBUS_TYPE_VARIANT,
-					      type_as_string, &iter_dict_val) ||
-	    !dbus_message_iter_append_basic(&iter_dict_val, value_type, value))
-		return FALSE;
-
-	return _wpa_dbus_add_dict_entry_end(iter_dict, &iter_dict_entry,
-					    &iter_dict_val);
-}
-
-
-static dbus_bool_t _wpa_dbus_add_dict_entry_byte_array(
-	DBusMessageIter *iter_dict, const char *key,
-	const char *value, const dbus_uint32_t value_len)
-{
-	DBusMessageIter iter_dict_entry, iter_dict_val, iter_array;
-	dbus_uint32_t i;
-
-	if (!_wpa_dbus_add_dict_entry_start(iter_dict, &iter_dict_entry,
-					    key, DBUS_TYPE_ARRAY) ||
-	    !dbus_message_iter_open_container(&iter_dict_entry,
-					      DBUS_TYPE_VARIANT,
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &iter_dict_val) ||
-	    !dbus_message_iter_open_container(&iter_dict_val, DBUS_TYPE_ARRAY,
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &iter_array))
-		return FALSE;
-
-	for (i = 0; i < value_len; i++) {
-		if (!dbus_message_iter_append_basic(&iter_array,
-						    DBUS_TYPE_BYTE,
-						    &(value[i])))
-			return FALSE;
-	}
-
-	if (!dbus_message_iter_close_container(&iter_dict_val, &iter_array))
-		return FALSE;
-
-	return _wpa_dbus_add_dict_entry_end(iter_dict, &iter_dict_entry,
-					    &iter_dict_val);
-}
-
-
-/**
- * Add a string entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The string value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_string(DBusMessageIter *iter_dict,
-					const char *key, const char *value)
-{
-	if (!value)
-		return FALSE;
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_STRING,
-					      &value);
-}
-
-
-/**
- * Add a boolean entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The boolean value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_bool(DBusMessageIter *iter_dict,
-				      const char *key, const dbus_bool_t value)
-{
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key,
-					      DBUS_TYPE_BOOLEAN, &value);
-}
-
-
-/**
- * Add a 16-bit signed integer entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The 16-bit signed integer value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_int16(DBusMessageIter *iter_dict,
-				       const char *key,
-				       const dbus_int16_t value)
-{
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_INT16,
-					      &value);
-}
-
-
-/**
- * Add a 16-bit unsigned integer entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The 16-bit unsigned integer value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_uint16(DBusMessageIter *iter_dict,
-					const char *key,
-					const dbus_uint16_t value)
-{
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_UINT16,
-					      &value);
-}
-
-
-/**
- * Add a 32-bit signed integer to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The 32-bit signed integer value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_int32(DBusMessageIter *iter_dict,
-				       const char *key,
-				       const dbus_int32_t value)
-{
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_INT32,
-					      &value);
-}
-
-
-/**
- * Add a 32-bit unsigned integer entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The 32-bit unsigned integer value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_uint32(DBusMessageIter *iter_dict,
-					const char *key,
-					const dbus_uint32_t value)
-{
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key, DBUS_TYPE_UINT32,
-					      &value);
-}
-
-
-/**
- * Add a DBus object path entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The DBus object path value
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_object_path(DBusMessageIter *iter_dict,
-					     const char *key,
-					     const char *value)
-{
-	if (!value)
-		return FALSE;
-	return _wpa_dbus_add_dict_entry_basic(iter_dict, key,
-					      DBUS_TYPE_OBJECT_PATH, &value);
-}
-
-
-/**
- * Add a byte array entry to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param value The byte array
- * @param value_len The length of the byte array, in bytes
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_byte_array(DBusMessageIter *iter_dict,
-					    const char *key,
-					    const char *value,
-					    const dbus_uint32_t value_len)
-{
-	if (!key || (!value && value_len != 0))
-		return FALSE;
-	return _wpa_dbus_add_dict_entry_byte_array(iter_dict, key, value,
-						   value_len);
-}
-
-
-/**
- * Begin an array entry in the dict
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *                  wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param type The type of the contained data
- * @param iter_dict_entry A private DBusMessageIter provided by the caller to
- *                        be passed to wpa_dbus_dict_end_string_array()
- * @param iter_dict_val A private DBusMessageIter provided by the caller to
- *                      be passed to wpa_dbus_dict_end_string_array()
- * @param iter_array On return, the DBusMessageIter to be passed to
- *                   wpa_dbus_dict_string_array_add_element()
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_begin_array(DBusMessageIter *iter_dict,
-				      const char *key, const char *type,
-				      DBusMessageIter *iter_dict_entry,
-				      DBusMessageIter *iter_dict_val,
-				      DBusMessageIter *iter_array)
-{
-	char array_type[10];
-	int err;
-
-	err = os_snprintf(array_type, sizeof(array_type),
-			  DBUS_TYPE_ARRAY_AS_STRING "%s",
-			  type);
-	if (os_snprintf_error(sizeof(array_type), err))
-		return FALSE;
-
-	if (!iter_dict || !iter_dict_entry || !iter_dict_val || !iter_array ||
-	    !_wpa_dbus_add_dict_entry_start(iter_dict, iter_dict_entry,
-					    key, DBUS_TYPE_ARRAY) ||
-	    !dbus_message_iter_open_container(iter_dict_entry,
-					      DBUS_TYPE_VARIANT,
-					      array_type,
-					      iter_dict_val))
-		return FALSE;
-
-	return dbus_message_iter_open_container(iter_dict_val, DBUS_TYPE_ARRAY,
-						type, iter_array);
-}
-
-
-dbus_bool_t wpa_dbus_dict_begin_string_array(DBusMessageIter *iter_dict,
-					     const char *key,
-					     DBusMessageIter *iter_dict_entry,
-					     DBusMessageIter *iter_dict_val,
-					     DBusMessageIter *iter_array)
-{
-	return wpa_dbus_dict_begin_array(
-		iter_dict, key,
-		DBUS_TYPE_STRING_AS_STRING,
-		iter_dict_entry, iter_dict_val, iter_array);
-}
-
-
-/**
- * Add a single string element to a string array dict entry
- *
- * @param iter_array A valid DBusMessageIter returned from
- *                   wpa_dbus_dict_begin_string_array()'s
- *                   iter_array parameter
- * @param elem The string element to be added to the dict entry's string array
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_string_array_add_element(DBusMessageIter *iter_array,
-						   const char *elem)
-{
-	if (!iter_array || !elem)
-		return FALSE;
-
-	return dbus_message_iter_append_basic(iter_array, DBUS_TYPE_STRING,
-					      &elem);
-}
-
-
-/**
- * Add a single byte array element to a string array dict entry
- *
- * @param iter_array A valid DBusMessageIter returned from
- *                   wpa_dbus_dict_begin_array()'s iter_array
- *                   parameter -- note that wpa_dbus_dict_begin_array()
- *                   must have been called with "ay" as the type
- * @param value The data to be added to the dict entry's array
- * @param value_len The length of the data
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_bin_array_add_element(DBusMessageIter *iter_array,
-						const u8 *value,
-						size_t value_len)
-{
-	DBusMessageIter iter_bytes;
-	size_t i;
-
-	if (!iter_array || !value ||
-	    !dbus_message_iter_open_container(iter_array, DBUS_TYPE_ARRAY,
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &iter_bytes))
-		return FALSE;
-
-	for (i = 0; i < value_len; i++) {
-		if (!dbus_message_iter_append_basic(&iter_bytes,
-						    DBUS_TYPE_BYTE,
-						    &(value[i])))
-			return FALSE;
-	}
-
-	return dbus_message_iter_close_container(iter_array, &iter_bytes);
-}
-
-
-/**
- * End an array dict entry
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *                  wpa_dbus_dict_open_write()
- * @param iter_dict_entry A private DBusMessageIter returned from
- *                        wpa_dbus_dict_begin_string_array() or
- *			  wpa_dbus_dict_begin_array()
- * @param iter_dict_val A private DBusMessageIter returned from
- *                      wpa_dbus_dict_begin_string_array() or
- *			wpa_dbus_dict_begin_array()
- * @param iter_array A DBusMessageIter returned from
- *                   wpa_dbus_dict_begin_string_array() or
- *		     wpa_dbus_dict_begin_array()
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_end_array(DBusMessageIter *iter_dict,
-				    DBusMessageIter *iter_dict_entry,
-				    DBusMessageIter *iter_dict_val,
-				    DBusMessageIter *iter_array)
-{
-	if (!iter_dict || !iter_dict_entry || !iter_dict_val || !iter_array ||
-	    !dbus_message_iter_close_container(iter_dict_val, iter_array))
-		return FALSE;
-
-	return _wpa_dbus_add_dict_entry_end(iter_dict, iter_dict_entry,
-					    iter_dict_val);
-}
-
-
-/**
- * Convenience function to add an entire string array to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *                  wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param items The array of strings
- * @param num_items The number of strings in the array
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_string_array(DBusMessageIter *iter_dict,
-					      const char *key,
-					      const char **items,
-					      const dbus_uint32_t num_items)
-{
-	DBusMessageIter iter_dict_entry, iter_dict_val, iter_array;
-	dbus_uint32_t i;
-
-	if (!key || (!items && num_items != 0) ||
-	    !wpa_dbus_dict_begin_string_array(iter_dict, key,
-					      &iter_dict_entry, &iter_dict_val,
-					      &iter_array))
-		return FALSE;
-
-	for (i = 0; i < num_items; i++) {
-		if (!wpa_dbus_dict_string_array_add_element(&iter_array,
-							    items[i]))
-			return FALSE;
-	}
-
-	return wpa_dbus_dict_end_string_array(iter_dict, &iter_dict_entry,
-					      &iter_dict_val, &iter_array);
-}
-
-
-/**
- * Convenience function to add an wpabuf binary array to the dict.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *                  wpa_dbus_dict_open_write()
- * @param key The key of the dict item
- * @param items The array of wpabuf structures
- * @param num_items The number of strings in the array
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_append_wpabuf_array(DBusMessageIter *iter_dict,
-					      const char *key,
-					      const struct wpabuf **items,
-					      const dbus_uint32_t num_items)
-{
-	DBusMessageIter iter_dict_entry, iter_dict_val, iter_array;
-	dbus_uint32_t i;
-
-	if (!key ||
-	    (!items && num_items != 0) ||
-	    !wpa_dbus_dict_begin_array(iter_dict, key,
-				       DBUS_TYPE_ARRAY_AS_STRING
-				       DBUS_TYPE_BYTE_AS_STRING,
-				       &iter_dict_entry, &iter_dict_val,
-				       &iter_array))
-		return FALSE;
-
-	for (i = 0; i < num_items; i++) {
-		if (!wpa_dbus_dict_bin_array_add_element(&iter_array,
-							 wpabuf_head(items[i]),
-							 wpabuf_len(items[i])))
-			return FALSE;
-	}
-
-	return wpa_dbus_dict_end_array(iter_dict, &iter_dict_entry,
-				       &iter_dict_val, &iter_array);
-}
-
-
-/*****************************************************/
-/* Stuff for reading dicts                           */
-/*****************************************************/
-
-/**
- * Start reading from a dbus dict.
- *
- * @param iter A valid DBusMessageIter pointing to the start of the dict
- * @param iter_dict (out) A DBusMessageIter to be passed to
- *    wpa_dbus_dict_read_next_entry()
- * @error on failure a descriptive error
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter,
-				    DBusMessageIter *iter_dict,
-				    DBusError *error)
-{
-	int type;
-
-	wpa_printf(MSG_MSGDUMP, "%s: start reading a dict entry", __func__);
-	if (!iter || !iter_dict) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "[internal] missing message iterators");
-		return FALSE;
-	}
-
-	type = dbus_message_iter_get_arg_type(iter);
-	if (type != DBUS_TYPE_ARRAY ||
-	    dbus_message_iter_get_element_type(iter) != DBUS_TYPE_DICT_ENTRY) {
-		wpa_printf(MSG_DEBUG,
-			   "%s: unexpected message argument types (arg=%c element=%c)",
-			   __func__, type,
-			   type != DBUS_TYPE_ARRAY ? '?' :
-			   dbus_message_iter_get_element_type(iter));
-		dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-				     "unexpected message argument types");
-		return FALSE;
-	}
-
-	dbus_message_iter_recurse(iter, iter_dict);
-	return TRUE;
-}
-
-
-#define BYTE_ARRAY_CHUNK_SIZE 34
-#define BYTE_ARRAY_ITEM_SIZE (sizeof(char))
-
-static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array(
-	DBusMessageIter *iter, struct wpa_dbus_dict_entry *entry)
-{
-	dbus_uint32_t count = 0;
-	dbus_bool_t success = FALSE;
-	char *buffer, *nbuffer;
-
-	entry->bytearray_value = NULL;
-	entry->array_type = DBUS_TYPE_BYTE;
-
-	buffer = os_calloc(BYTE_ARRAY_CHUNK_SIZE, BYTE_ARRAY_ITEM_SIZE);
-	if (!buffer)
-		return FALSE;
-
-	entry->array_len = 0;
-	while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_BYTE) {
-		char byte;
-
-		if ((count % BYTE_ARRAY_CHUNK_SIZE) == 0 && count != 0) {
-			nbuffer = os_realloc_array(
-				buffer, count + BYTE_ARRAY_CHUNK_SIZE,
-				BYTE_ARRAY_ITEM_SIZE);
-			if (nbuffer == NULL) {
-				os_free(buffer);
-				wpa_printf(MSG_ERROR,
-					   "dbus: %s out of memory trying to retrieve the string array",
-					   __func__);
-				goto done;
-			}
-			buffer = nbuffer;
-		}
-
-		dbus_message_iter_get_basic(iter, &byte);
-		buffer[count] = byte;
-		entry->array_len = ++count;
-		dbus_message_iter_next(iter);
-	}
-	entry->bytearray_value = buffer;
-	wpa_hexdump_key(MSG_MSGDUMP, "dbus: byte array contents",
-			entry->bytearray_value, entry->array_len);
-
-	/* Zero-length arrays are valid. */
-	if (entry->array_len == 0) {
-		os_free(entry->bytearray_value);
-		entry->bytearray_value = NULL;
-	}
-
-	success = TRUE;
-
-done:
-	return success;
-}
-
-
-#define STR_ARRAY_CHUNK_SIZE 8
-#define STR_ARRAY_ITEM_SIZE (sizeof(char *))
-
-static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
-	DBusMessageIter *iter, int array_type,
-	struct wpa_dbus_dict_entry *entry)
-{
-	dbus_uint32_t count = 0;
-	char **buffer, **nbuffer;
-
-	entry->strarray_value = NULL;
-	entry->array_len = 0;
-	entry->array_type = DBUS_TYPE_STRING;
-
-	buffer = os_calloc(STR_ARRAY_CHUNK_SIZE, STR_ARRAY_ITEM_SIZE);
-	if (buffer == NULL)
-		return FALSE;
-
-	while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_STRING) {
-		const char *value;
-		char *str;
-
-		if ((count % STR_ARRAY_CHUNK_SIZE) == 0 && count != 0) {
-			nbuffer = os_realloc_array(
-				buffer, count + STR_ARRAY_CHUNK_SIZE,
-				STR_ARRAY_ITEM_SIZE);
-			if (nbuffer == NULL) {
-				wpa_printf(MSG_ERROR,
-					   "dbus: %s out of memory trying to retrieve the string array",
-					   __func__);
-				goto fail;
-			}
-			buffer = nbuffer;
-		}
-
-		dbus_message_iter_get_basic(iter, &value);
-		wpa_printf(MSG_MSGDUMP, "%s: string_array value: %s",
-			   __func__, wpa_debug_show_keys ? value : "[omitted]");
-		str = os_strdup(value);
-		if (str == NULL) {
-			wpa_printf(MSG_ERROR,
-				   "dbus: %s out of memory trying to duplicate the string array",
-				   __func__);
-			goto fail;
-		}
-		buffer[count++] = str;
-		dbus_message_iter_next(iter);
-	}
-	entry->strarray_value = buffer;
-	entry->array_len = count;
-	wpa_printf(MSG_MSGDUMP, "%s: string_array length %u",
-		   __func__, entry->array_len);
-
-	/* Zero-length arrays are valid. */
-	if (entry->array_len == 0) {
-		os_free(entry->strarray_value);
-		entry->strarray_value = NULL;
-	}
-
-	return TRUE;
-
-fail:
-	while (count > 0) {
-		count--;
-		os_free(buffer[count]);
-	}
-	os_free(buffer);
-	return FALSE;
-}
-
-
-#define BIN_ARRAY_CHUNK_SIZE 10
-#define BIN_ARRAY_ITEM_SIZE (sizeof(struct wpabuf *))
-
-static dbus_bool_t _wpa_dbus_dict_entry_get_binarray(
-	DBusMessageIter *iter, struct wpa_dbus_dict_entry *entry)
-{
-	struct wpa_dbus_dict_entry tmpentry;
-	size_t buflen = 0;
-	int i, type;
-
-	entry->array_type = WPAS_DBUS_TYPE_BINARRAY;
-	entry->array_len = 0;
-	entry->binarray_value = NULL;
-
-	type = dbus_message_iter_get_arg_type(iter);
-	wpa_printf(MSG_MSGDUMP, "%s: parsing binarray type %c", __func__, type);
-	if (type == DBUS_TYPE_INVALID) {
-		/* Likely an empty array of arrays */
-		return TRUE;
-	}
-	if (type != DBUS_TYPE_ARRAY) {
-		wpa_printf(MSG_DEBUG, "%s: not an array type: %c",
-			   __func__, type);
-		return FALSE;
-	}
-
-	type = dbus_message_iter_get_element_type(iter);
-	if (type != DBUS_TYPE_BYTE) {
-		wpa_printf(MSG_DEBUG, "%s: unexpected element type %c",
-			   __func__, type);
-		return FALSE;
-	}
-
-	while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_ARRAY) {
-		DBusMessageIter iter_array;
-
-		if (entry->array_len == buflen) {
-			struct wpabuf **newbuf;
-
-			buflen += BIN_ARRAY_CHUNK_SIZE;
-
-			newbuf = os_realloc_array(entry->binarray_value,
-						  buflen, BIN_ARRAY_ITEM_SIZE);
-			if (!newbuf)
-				goto cleanup;
-			entry->binarray_value = newbuf;
-		}
-
-		dbus_message_iter_recurse(iter, &iter_array);
-		os_memset(&tmpentry, 0, sizeof(tmpentry));
-		tmpentry.type = DBUS_TYPE_ARRAY;
-		if (_wpa_dbus_dict_entry_get_byte_array(&iter_array, &tmpentry)
-		    == FALSE)
-			goto cleanup;
-
-		entry->binarray_value[entry->array_len] =
-			wpabuf_alloc_ext_data((u8 *) tmpentry.bytearray_value,
-					      tmpentry.array_len);
-		if (entry->binarray_value[entry->array_len] == NULL) {
-			wpa_dbus_dict_entry_clear(&tmpentry);
-			goto cleanup;
-		}
-		entry->array_len++;
-		dbus_message_iter_next(iter);
-	}
-	wpa_printf(MSG_MSGDUMP, "%s: binarray length %u",
-		   __func__, entry->array_len);
-
-	return TRUE;
-
- cleanup:
-	for (i = 0; i < (int) entry->array_len; i++)
-		wpabuf_free(entry->binarray_value[i]);
-	os_free(entry->binarray_value);
-	entry->array_len = 0;
-	entry->binarray_value = NULL;
-	return FALSE;
-}
-
-
-static dbus_bool_t _wpa_dbus_dict_entry_get_array(
-	DBusMessageIter *iter_dict_val, struct wpa_dbus_dict_entry *entry)
-{
-	int array_type = dbus_message_iter_get_element_type(iter_dict_val);
-	dbus_bool_t success = FALSE;
-	DBusMessageIter iter_array;
-
-	wpa_printf(MSG_MSGDUMP, "%s: array_type %c", __func__, array_type);
-
-	dbus_message_iter_recurse(iter_dict_val, &iter_array);
-
-	switch (array_type) {
-	case DBUS_TYPE_BYTE:
-		success = _wpa_dbus_dict_entry_get_byte_array(&iter_array,
-							      entry);
-		break;
-	case DBUS_TYPE_STRING:
-		success = _wpa_dbus_dict_entry_get_string_array(&iter_array,
-								array_type,
-								entry);
-		break;
-	case DBUS_TYPE_ARRAY:
-		success = _wpa_dbus_dict_entry_get_binarray(&iter_array, entry);
-		break;
-	default:
-		wpa_printf(MSG_MSGDUMP, "%s: unsupported array type %c",
-			   __func__, array_type);
-		break;
-	}
-
-	return success;
-}
-
-
-static dbus_bool_t _wpa_dbus_dict_fill_value_from_variant(
-	struct wpa_dbus_dict_entry *entry, DBusMessageIter *iter)
-{
-	const char *v;
-
-	switch (entry->type) {
-	case DBUS_TYPE_OBJECT_PATH:
-		dbus_message_iter_get_basic(iter, &v);
-		wpa_printf(MSG_MSGDUMP, "%s: object path value: %s",
-			   __func__, v);
-		entry->str_value = os_strdup(v);
-		if (entry->str_value == NULL)
-			return FALSE;
-		break;
-	case DBUS_TYPE_STRING:
-		dbus_message_iter_get_basic(iter, &v);
-		wpa_printf(MSG_MSGDUMP, "%s: string value: %s",
-			   __func__, wpa_debug_show_keys ? v : "[omitted]");
-		entry->str_value = os_strdup(v);
-		if (entry->str_value == NULL)
-			return FALSE;
-		break;
-	case DBUS_TYPE_BOOLEAN:
-		dbus_message_iter_get_basic(iter, &entry->bool_value);
-		wpa_printf(MSG_MSGDUMP, "%s: boolean value: %d",
-			   __func__, entry->bool_value);
-		break;
-	case DBUS_TYPE_BYTE:
-		dbus_message_iter_get_basic(iter, &entry->byte_value);
-		wpa_printf(MSG_MSGDUMP, "%s: byte value: %d",
-			   __func__, entry->byte_value);
-		break;
-	case DBUS_TYPE_INT16:
-		dbus_message_iter_get_basic(iter, &entry->int16_value);
-		wpa_printf(MSG_MSGDUMP, "%s: int16 value: %d",
-			   __func__, entry->int16_value);
-		break;
-	case DBUS_TYPE_UINT16:
-		dbus_message_iter_get_basic(iter, &entry->uint16_value);
-		wpa_printf(MSG_MSGDUMP, "%s: uint16 value: %d",
-			   __func__, entry->uint16_value);
-		break;
-	case DBUS_TYPE_INT32:
-		dbus_message_iter_get_basic(iter, &entry->int32_value);
-		wpa_printf(MSG_MSGDUMP, "%s: int32 value: %d",
-			   __func__, entry->int32_value);
-		break;
-	case DBUS_TYPE_UINT32:
-		dbus_message_iter_get_basic(iter, &entry->uint32_value);
-		wpa_printf(MSG_MSGDUMP, "%s: uint32 value: %d",
-			   __func__, entry->uint32_value);
-		break;
-	case DBUS_TYPE_INT64:
-		dbus_message_iter_get_basic(iter, &entry->int64_value);
-		wpa_printf(MSG_MSGDUMP, "%s: int64 value: %lld",
-			   __func__, (long long int) entry->int64_value);
-		break;
-	case DBUS_TYPE_UINT64:
-		dbus_message_iter_get_basic(iter, &entry->uint64_value);
-		wpa_printf(MSG_MSGDUMP, "%s: uint64 value: %llu",
-			   __func__,
-			   (unsigned long long int) entry->uint64_value);
-		break;
-	case DBUS_TYPE_DOUBLE:
-		dbus_message_iter_get_basic(iter, &entry->double_value);
-		wpa_printf(MSG_MSGDUMP, "%s: double value: %f",
-			   __func__, entry->double_value);
-		break;
-	case DBUS_TYPE_ARRAY:
-		return _wpa_dbus_dict_entry_get_array(iter, entry);
-	default:
-		wpa_printf(MSG_MSGDUMP, "%s: unsupported type %c",
-			   __func__, entry->type);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * Read the current key/value entry from the dict.  Entries are dynamically
- * allocated when needed and must be freed after use with the
- * wpa_dbus_dict_entry_clear() function.
- *
- * The returned entry object will be filled with the type and value of the next
- * entry in the dict, or the type will be DBUS_TYPE_INVALID if an error
- * occurred.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_read()
- * @param entry A valid dict entry object into which the dict key and value
- *    will be placed
- * @return TRUE on success, FALSE on failure
- *
- */
-dbus_bool_t wpa_dbus_dict_get_entry(DBusMessageIter *iter_dict,
-				    struct wpa_dbus_dict_entry * entry)
-{
-	DBusMessageIter iter_dict_entry, iter_dict_val;
-	int type;
-	const char *key;
-
-	if (!iter_dict || !entry ||
-	    dbus_message_iter_get_arg_type(iter_dict) != DBUS_TYPE_DICT_ENTRY) {
-		wpa_printf(MSG_DEBUG, "%s: not a dict entry", __func__);
-		goto error;
-	}
-
-	dbus_message_iter_recurse(iter_dict, &iter_dict_entry);
-	dbus_message_iter_get_basic(&iter_dict_entry, &key);
-	wpa_printf(MSG_MSGDUMP, "%s: dict entry key: %s", __func__, key);
-	entry->key = key;
-
-	if (!dbus_message_iter_next(&iter_dict_entry)) {
-		wpa_printf(MSG_DEBUG, "%s: no variant in dict entry", __func__);
-		goto error;
-	}
-	type = dbus_message_iter_get_arg_type(&iter_dict_entry);
-	if (type != DBUS_TYPE_VARIANT) {
-		wpa_printf(MSG_DEBUG,
-			   "%s: unexpected dict entry variant type: %c",
-			   __func__, type);
-		goto error;
-	}
-
-	dbus_message_iter_recurse(&iter_dict_entry, &iter_dict_val);
-	entry->type = dbus_message_iter_get_arg_type(&iter_dict_val);
-	wpa_printf(MSG_MSGDUMP, "%s: dict entry variant content type: %c",
-		   __func__, entry->type);
-	entry->array_type = DBUS_TYPE_INVALID;
-	if (!_wpa_dbus_dict_fill_value_from_variant(entry, &iter_dict_val)) {
-		wpa_printf(MSG_DEBUG,
-			   "%s: failed to fetch dict values from variant",
-			   __func__);
-		goto error;
-	}
-
-	dbus_message_iter_next(iter_dict);
-	return TRUE;
-
-error:
-	if (entry) {
-		wpa_dbus_dict_entry_clear(entry);
-		entry->type = DBUS_TYPE_INVALID;
-		entry->array_type = DBUS_TYPE_INVALID;
-	}
-
-	return FALSE;
-}
-
-
-/**
- * Return whether or not there are additional dictionary entries.
- *
- * @param iter_dict A valid DBusMessageIter returned from
- *    wpa_dbus_dict_open_read()
- * @return TRUE if more dict entries exists, FALSE if no more dict entries
- * exist
- */
-dbus_bool_t wpa_dbus_dict_has_dict_entry(DBusMessageIter *iter_dict)
-{
-	if (!iter_dict)
-		return FALSE;
-	return dbus_message_iter_get_arg_type(iter_dict) ==
-		DBUS_TYPE_DICT_ENTRY;
-}
-
-
-/**
- * Free any memory used by the entry object.
- *
- * @param entry The entry object
- */
-void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry)
-{
-	unsigned int i;
-
-	if (!entry)
-		return;
-	switch (entry->type) {
-	case DBUS_TYPE_OBJECT_PATH:
-	case DBUS_TYPE_STRING:
-		os_free(entry->str_value);
-		break;
-	case DBUS_TYPE_ARRAY:
-		switch (entry->array_type) {
-		case DBUS_TYPE_BYTE:
-			os_free(entry->bytearray_value);
-			break;
-		case DBUS_TYPE_STRING:
-			if (!entry->strarray_value)
-				break;
-			for (i = 0; i < entry->array_len; i++)
-				os_free(entry->strarray_value[i]);
-			os_free(entry->strarray_value);
-			break;
-		case WPAS_DBUS_TYPE_BINARRAY:
-			for (i = 0; i < entry->array_len; i++)
-				wpabuf_free(entry->binarray_value[i]);
-			os_free(entry->binarray_value);
-			break;
-		}
-		break;
-	}
-
-	os_memset(entry, 0, sizeof(struct wpa_dbus_dict_entry));
-}
diff --git a/wpa_supplicant/dbus/dbus_dict_helpers.h b/wpa_supplicant/dbus/dbus_dict_helpers.h
deleted file mode 100644
index 94a0efdbeb1f..000000000000
--- a/wpa_supplicant/dbus/dbus_dict_helpers.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DBUS_DICT_HELPERS_H
-#define DBUS_DICT_HELPERS_H
-
-#include "wpabuf.h"
-
-/*
- * Adding a dict to a DBusMessage
- */
-
-dbus_bool_t wpa_dbus_dict_open_write(DBusMessageIter *iter,
-				     DBusMessageIter *iter_dict);
-
-dbus_bool_t wpa_dbus_dict_close_write(DBusMessageIter *iter,
-				      DBusMessageIter *iter_dict);
-
-const char * wpa_dbus_type_as_string(const int type);
-
-dbus_bool_t wpa_dbus_dict_append_string(DBusMessageIter *iter_dict,
-					const char *key, const char *value);
-
-dbus_bool_t wpa_dbus_dict_append_bool(DBusMessageIter *iter_dict,
-				      const char *key,
-				      const dbus_bool_t value);
-
-dbus_bool_t wpa_dbus_dict_append_int16(DBusMessageIter *iter_dict,
-				       const char *key,
-				       const dbus_int16_t value);
-
-dbus_bool_t wpa_dbus_dict_append_uint16(DBusMessageIter *iter_dict,
-					const char *key,
-					const dbus_uint16_t value);
-
-dbus_bool_t wpa_dbus_dict_append_int32(DBusMessageIter *iter_dict,
-				       const char *key,
-				       const dbus_int32_t value);
-
-dbus_bool_t wpa_dbus_dict_append_uint32(DBusMessageIter *iter_dict,
-					const char *key,
-					const dbus_uint32_t value);
-
-dbus_bool_t wpa_dbus_dict_append_object_path(DBusMessageIter *iter_dict,
-					     const char *key,
-					     const char *value);
-
-dbus_bool_t wpa_dbus_dict_append_byte_array(DBusMessageIter *iter_dict,
-					    const char *key,
-					    const char *value,
-					    const dbus_uint32_t value_len);
-
-/* Manual construction and addition of array elements */
-dbus_bool_t wpa_dbus_dict_begin_array(DBusMessageIter *iter_dict,
-				      const char *key, const char *type,
-				      DBusMessageIter *iter_dict_entry,
-				      DBusMessageIter *iter_dict_val,
-				      DBusMessageIter *iter_array);
-
-dbus_bool_t wpa_dbus_dict_begin_string_array(DBusMessageIter *iter_dict,
-					     const char *key,
-					     DBusMessageIter *iter_dict_entry,
-					     DBusMessageIter *iter_dict_val,
-					     DBusMessageIter *iter_array);
-
-dbus_bool_t wpa_dbus_dict_string_array_add_element(DBusMessageIter *iter_array,
-						   const char *elem);
-
-dbus_bool_t wpa_dbus_dict_bin_array_add_element(DBusMessageIter *iter_array,
-						const u8 *value,
-						size_t value_len);
-
-dbus_bool_t wpa_dbus_dict_end_array(DBusMessageIter *iter_dict,
-				    DBusMessageIter *iter_dict_entry,
-				    DBusMessageIter *iter_dict_val,
-				    DBusMessageIter *iter_array);
-
-static inline dbus_bool_t
-wpa_dbus_dict_end_string_array(DBusMessageIter *iter_dict,
-			       DBusMessageIter *iter_dict_entry,
-			       DBusMessageIter *iter_dict_val,
-			       DBusMessageIter *iter_array)
-{
-	return wpa_dbus_dict_end_array(iter_dict, iter_dict_entry,
-				       iter_dict_val, iter_array);
-}
-
-/* Convenience function to add a whole string list */
-dbus_bool_t wpa_dbus_dict_append_string_array(DBusMessageIter *iter_dict,
-					      const char *key,
-					      const char **items,
-					      const dbus_uint32_t num_items);
-
-dbus_bool_t wpa_dbus_dict_append_wpabuf_array(DBusMessageIter *iter_dict,
-					      const char *key,
-					      const struct wpabuf **items,
-					      const dbus_uint32_t num_items);
-
-/*
- * Reading a dict from a DBusMessage
- */
-
-/*
- * Used only in struct wpa_dbus_dict_entry::array_type internally to identify
- * special binary array case.
- */
-#define WPAS_DBUS_TYPE_BINARRAY ((int) '@')
-
-struct wpa_dbus_dict_entry {
-	int type;         /** the dbus type of the dict entry's value */
-	int array_type;   /** the dbus type of the array elements if the dict
-			      entry value contains an array, or the special
-			      WPAS_DBUS_TYPE_BINARRAY */
-	const char *key;  /** key of the dict entry */
-
-	/** Possible values of the property */
-	union {
-		char *str_value;
-		char byte_value;
-		dbus_bool_t bool_value;
-		dbus_int16_t int16_value;
-		dbus_uint16_t uint16_value;
-		dbus_int32_t int32_value;
-		dbus_uint32_t uint32_value;
-		dbus_int64_t int64_value;
-		dbus_uint64_t uint64_value;
-		double double_value;
-		char *bytearray_value;
-		char **strarray_value;
-		struct wpabuf **binarray_value;
-	};
-	dbus_uint32_t array_len; /** length of the array if the dict entry's
-				     value contains an array */
-};
-
-dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter,
-				    DBusMessageIter *iter_dict,
-				    DBusError *error);
-
-dbus_bool_t wpa_dbus_dict_get_entry(DBusMessageIter *iter_dict,
-				    struct wpa_dbus_dict_entry *entry);
-
-dbus_bool_t wpa_dbus_dict_has_dict_entry(DBusMessageIter *iter_dict);
-
-void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry);
-
-#endif  /* DBUS_DICT_HELPERS_H */
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
deleted file mode 100644
index 9279ae4d5847..000000000000
--- a/wpa_supplicant/dbus/dbus_new.c
+++ /dev/null
@@ -1,5105 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009-2010, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/ieee802_11_defs.h"
-#include "wps/wps.h"
-#include "ap/sta_info.h"
-#include "../config.h"
-#include "../wpa_supplicant_i.h"
-#include "../bss.h"
-#include "../wpas_glue.h"
-#include "dbus_new_helpers.h"
-#include "dbus_dict_helpers.h"
-#include "dbus_new.h"
-#include "dbus_new_handlers.h"
-#include "dbus_common_i.h"
-#include "dbus_new_handlers_p2p.h"
-#include "p2p/p2p.h"
-#include "../p2p_supplicant.h"
-
-#ifdef CONFIG_AP /* until needed by something else */
-
-/*
- * NameOwnerChanged handling
- *
- * Some services we provide allow an application to register for
- * a signal that it needs. While it can also unregister, we must
- * be prepared for the case where the application simply crashes
- * and thus doesn't clean up properly. The way to handle this in
- * DBus is to register for the NameOwnerChanged signal which will
- * signal an owner change to NULL if the peer closes the socket
- * for whatever reason.
- *
- * Handle this signal via a filter function whenever necessary.
- * The code below also handles refcounting in case in the future
- * there will be multiple instances of this subscription scheme.
- */
-static const char wpas_dbus_noc_filter_str[] =
-	"interface=org.freedesktop.DBus,member=NameOwnerChanged";
-
-
-static DBusHandlerResult noc_filter(DBusConnection *conn,
-				    DBusMessage *message, void *data)
-{
-	struct wpas_dbus_priv *priv = data;
-
-	if (dbus_message_get_type(message) != DBUS_MESSAGE_TYPE_SIGNAL)
-		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-
-	if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS,
-				   "NameOwnerChanged")) {
-		const char *name;
-		const char *prev_owner;
-		const char *new_owner;
-		DBusError derr;
-		struct wpa_supplicant *wpa_s;
-
-		dbus_error_init(&derr);
-
-		if (!dbus_message_get_args(message, &derr,
-					   DBUS_TYPE_STRING, &name,
-					   DBUS_TYPE_STRING, &prev_owner,
-					   DBUS_TYPE_STRING, &new_owner,
-					   DBUS_TYPE_INVALID)) {
-			/* Ignore this error */
-			dbus_error_free(&derr);
-			return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-		}
-
-		for (wpa_s = priv->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-			if (wpa_s->preq_notify_peer != NULL &&
-			    os_strcmp(name, wpa_s->preq_notify_peer) == 0 &&
-			    (new_owner == NULL || os_strlen(new_owner) == 0)) {
-				/* probe request owner disconnected */
-				os_free(wpa_s->preq_notify_peer);
-				wpa_s->preq_notify_peer = NULL;
-				wpas_dbus_unsubscribe_noc(priv);
-			}
-		}
-	}
-
-	return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-}
-
-
-void wpas_dbus_subscribe_noc(struct wpas_dbus_priv *priv)
-{
-	priv->dbus_noc_refcnt++;
-	if (priv->dbus_noc_refcnt > 1)
-		return;
-
-	if (!dbus_connection_add_filter(priv->con, noc_filter, priv, NULL)) {
-		wpa_printf(MSG_ERROR, "dbus: failed to add filter");
-		return;
-	}
-
-	dbus_bus_add_match(priv->con, wpas_dbus_noc_filter_str, NULL);
-}
-
-
-void wpas_dbus_unsubscribe_noc(struct wpas_dbus_priv *priv)
-{
-	priv->dbus_noc_refcnt--;
-	if (priv->dbus_noc_refcnt > 0)
-		return;
-
-	dbus_bus_remove_match(priv->con, wpas_dbus_noc_filter_str, NULL);
-	dbus_connection_remove_filter(priv->con, noc_filter, priv);
-}
-
-#endif /* CONFIG_AP */
-
-
-/**
- * wpas_dbus_signal_interface - Send a interface related event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @sig_name: signal name - InterfaceAdded or InterfaceRemoved
- * @properties: Whether to add second argument with object properties
- *
- * Notify listeners about event related with interface
- */
-static void wpas_dbus_signal_interface(struct wpa_supplicant *wpa_s,
-				       const char *sig_name,
-				       dbus_bool_t properties)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(WPAS_DBUS_NEW_PATH,
-				      WPAS_DBUS_NEW_INTERFACE, sig_name);
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &wpa_s->dbus_new_path) ||
-	    (properties &&
-	     !wpa_dbus_get_object_properties(
-		     iface, wpa_s->dbus_new_path,
-		     WPAS_DBUS_NEW_IFACE_INTERFACE, &iter)))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_interface_added - Send a interface created signal
- * @wpa_s: %wpa_supplicant network interface data
- *
- * Notify listeners about creating new interface
- */
-static void wpas_dbus_signal_interface_added(struct wpa_supplicant *wpa_s)
-{
-	wpas_dbus_signal_interface(wpa_s, "InterfaceAdded", TRUE);
-}
-
-
-/**
- * wpas_dbus_signal_interface_removed - Send a interface removed signal
- * @wpa_s: %wpa_supplicant network interface data
- *
- * Notify listeners about removing interface
- */
-static void wpas_dbus_signal_interface_removed(struct wpa_supplicant *wpa_s)
-{
-	wpas_dbus_signal_interface(wpa_s, "InterfaceRemoved", FALSE);
-
-}
-
-
-/**
- * wpas_dbus_signal_scan_done - send scan done signal
- * @wpa_s: %wpa_supplicant network interface data
- * @success: indicates if scanning succeed or failed
- *
- * Notify listeners about finishing a scan
- */
-void wpas_dbus_signal_scan_done(struct wpa_supplicant *wpa_s, int success)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	dbus_bool_t succ;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "ScanDone");
-	if (msg == NULL)
-		return;
-
-	succ = success ? TRUE : FALSE;
-	if (dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &succ,
-				     DBUS_TYPE_INVALID))
-		dbus_connection_send(iface->con, msg, NULL);
-	else
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_bss - Send a BSS related event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @bss_obj_path: BSS object path
- * @sig_name: signal name - BSSAdded or BSSRemoved
- * @properties: Whether to add second argument with object properties
- *
- * Notify listeners about event related with BSS
- */
-static void wpas_dbus_signal_bss(struct wpa_supplicant *wpa_s,
-				 const char *bss_obj_path,
-				 const char *sig_name, dbus_bool_t properties)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      sig_name);
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &bss_obj_path) ||
-	    (properties &&
-	     !wpa_dbus_get_object_properties(iface, bss_obj_path,
-					     WPAS_DBUS_NEW_IFACE_BSS,
-					     &iter)))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_bss_added - Send a BSS added signal
- * @wpa_s: %wpa_supplicant network interface data
- * @bss_obj_path: new BSS object path
- *
- * Notify listeners about adding new BSS
- */
-static void wpas_dbus_signal_bss_added(struct wpa_supplicant *wpa_s,
-				       const char *bss_obj_path)
-{
-	wpas_dbus_signal_bss(wpa_s, bss_obj_path, "BSSAdded", TRUE);
-}
-
-
-/**
- * wpas_dbus_signal_bss_removed - Send a BSS removed signal
- * @wpa_s: %wpa_supplicant network interface data
- * @bss_obj_path: BSS object path
- *
- * Notify listeners about removing BSS
- */
-static void wpas_dbus_signal_bss_removed(struct wpa_supplicant *wpa_s,
-					 const char *bss_obj_path)
-{
-	wpas_dbus_signal_bss(wpa_s, bss_obj_path, "BSSRemoved", FALSE);
-}
-
-
-/**
- * wpas_dbus_signal_blob - Send a blob related event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @name: blob name
- * @sig_name: signal name - BlobAdded or BlobRemoved
- *
- * Notify listeners about event related with blob
- */
-static void wpas_dbus_signal_blob(struct wpa_supplicant *wpa_s,
-				  const char *name, const char *sig_name)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      sig_name);
-	if (msg == NULL)
-		return;
-
-	if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &name,
-				     DBUS_TYPE_INVALID))
-		dbus_connection_send(iface->con, msg, NULL);
-	else
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_blob_added - Send a blob added signal
- * @wpa_s: %wpa_supplicant network interface data
- * @name: blob name
- *
- * Notify listeners about adding a new blob
- */
-void wpas_dbus_signal_blob_added(struct wpa_supplicant *wpa_s,
-				 const char *name)
-{
-	wpas_dbus_signal_blob(wpa_s, name, "BlobAdded");
-}
-
-
-/**
- * wpas_dbus_signal_blob_removed - Send a blob removed signal
- * @wpa_s: %wpa_supplicant network interface data
- * @name: blob name
- *
- * Notify listeners about removing blob
- */
-void wpas_dbus_signal_blob_removed(struct wpa_supplicant *wpa_s,
-				   const char *name)
-{
-	wpas_dbus_signal_blob(wpa_s, name, "BlobRemoved");
-}
-
-
-/**
- * wpas_dbus_signal_network - Send a network related event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: new network id
- * @sig_name: signal name - NetworkAdded, NetworkRemoved or NetworkSelected
- * @properties: determines if add second argument with object properties
- *
- * Notify listeners about event related with configured network
- */
-static void wpas_dbus_signal_network(struct wpa_supplicant *wpa_s,
-				     int id, const char *sig_name,
-				     dbus_bool_t properties)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	char net_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
-		    wpa_s->dbus_new_path, id);
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      sig_name);
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	path = net_obj_path;
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &path) ||
-	    (properties &&
-	     !wpa_dbus_get_object_properties(
-		     iface, net_obj_path, WPAS_DBUS_NEW_IFACE_NETWORK,
-		     &iter)))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_network_added - Send a network added signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: new network id
- *
- * Notify listeners about adding new network
- */
-static void wpas_dbus_signal_network_added(struct wpa_supplicant *wpa_s,
-					   int id)
-{
-	wpas_dbus_signal_network(wpa_s, id, "NetworkAdded", TRUE);
-}
-
-
-/**
- * wpas_dbus_signal_network_removed - Send a network removed signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: network id
- *
- * Notify listeners about removing a network
- */
-static void wpas_dbus_signal_network_removed(struct wpa_supplicant *wpa_s,
-					     int id)
-{
-	wpas_dbus_signal_network(wpa_s, id, "NetworkRemoved", FALSE);
-}
-
-
-/**
- * wpas_dbus_signal_network_selected - Send a network selected signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: network id
- *
- * Notify listeners about selecting a network
- */
-void wpas_dbus_signal_network_selected(struct wpa_supplicant *wpa_s, int id)
-{
-	wpas_dbus_signal_network(wpa_s, id, "NetworkSelected", FALSE);
-}
-
-
-/**
- * wpas_dbus_signal_network_request - Indicate that additional information
- * (EAP password, etc.) is required to complete the association to this SSID
- * @wpa_s: %wpa_supplicant network interface data
- * @rtype: The specific additional information required
- * @default_text: Optional description of required information
- *
- * Request additional information or passwords to complete an association
- * request.
- */
-void wpas_dbus_signal_network_request(struct wpa_supplicant *wpa_s,
-				      struct wpa_ssid *ssid,
-				      enum wpa_ctrl_req_type rtype,
-				      const char *default_txt)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	char net_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	const char *field, *txt = NULL, *net_ptr;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	field = wpa_supplicant_ctrl_req_to_string(rtype, default_txt, &txt);
-	if (field == NULL)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "NetworkRequest");
-	if (msg == NULL)
-		return;
-
-	os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
-		    wpa_s->dbus_new_path, ssid->id);
-	net_ptr = &net_obj_path[0];
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &net_ptr) ||
-	    !dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &field) ||
-	    !dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &txt))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_network_enabled_changed - Signals Enabled property changes
- * @wpa_s: %wpa_supplicant network interface data
- * @ssid: configured network which Enabled property has changed
- *
- * Sends PropertyChanged signals containing new value of Enabled property
- * for specified network
- */
-void wpas_dbus_signal_network_enabled_changed(struct wpa_supplicant *wpa_s,
-					      struct wpa_ssid *ssid)
-{
-
-	char path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	if (!wpa_s->dbus_new_path)
-		return;
-	os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%d",
-		    wpa_s->dbus_new_path, ssid->id);
-
-	wpa_dbus_mark_property_changed(wpa_s->global->dbus, path,
-				       WPAS_DBUS_NEW_IFACE_NETWORK, "Enabled");
-}
-
-
-#ifdef CONFIG_WPS
-
-/**
- * wpas_dbus_signal_wps_event_pbc_overlap - Signals PBC overlap WPS event
- * @wpa_s: %wpa_supplicant network interface data
- *
- * Sends Event dbus signal with name "pbc-overlap" and empty dict as arguments
- */
-void wpas_dbus_signal_wps_event_pbc_overlap(struct wpa_supplicant *wpa_s)
-{
-
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char *key = "pbc-overlap";
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_WPS, "Event");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &key) ||
-	    !wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_wps_event_success - Signals Success WPS event
- * @wpa_s: %wpa_supplicant network interface data
- *
- * Sends Event dbus signal with name "success" and empty dict as arguments
- */
-void wpas_dbus_signal_wps_event_success(struct wpa_supplicant *wpa_s)
-{
-
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char *key = "success";
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_WPS, "Event");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &key) ||
-	    !wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_wps_event_fail - Signals Fail WPS event
- * @wpa_s: %wpa_supplicant network interface data
- * @fail: WPS failure information
- *
- * Sends Event dbus signal with name "fail" and dictionary containing
- * "msg field with fail message number (int32) as arguments
- */
-void wpas_dbus_signal_wps_event_fail(struct wpa_supplicant *wpa_s,
-				     struct wps_event_fail *fail)
-{
-
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char *key = "fail";
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_WPS, "Event");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &key) ||
-	    !wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "msg", fail->msg) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "config_error",
-					fail->config_error) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "error_indication",
-					fail->error_indication) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_wps_event_m2d - Signals M2D WPS event
- * @wpa_s: %wpa_supplicant network interface data
- * @m2d: M2D event data information
- *
- * Sends Event dbus signal with name "m2d" and dictionary containing
- * fields of wps_event_m2d structure.
- */
-void wpas_dbus_signal_wps_event_m2d(struct wpa_supplicant *wpa_s,
-				    struct wps_event_m2d *m2d)
-{
-
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char *key = "m2d";
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_WPS, "Event");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &key) ||
-	    !wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_uint16(&dict_iter, "config_methods",
-					 m2d->config_methods) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "manufacturer",
-					     (const char *) m2d->manufacturer,
-					     m2d->manufacturer_len) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "model_name",
-					     (const char *) m2d->model_name,
-					     m2d->model_name_len) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "model_number",
-					     (const char *) m2d->model_number,
-					     m2d->model_number_len) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "serial_number",
-					     (const char *)
-					     m2d->serial_number,
-					     m2d->serial_number_len) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "dev_name",
-					     (const char *) m2d->dev_name,
-					     m2d->dev_name_len) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "primary_dev_type",
-					     (const char *)
-					     m2d->primary_dev_type, 8) ||
-	    !wpa_dbus_dict_append_uint16(&dict_iter, "config_error",
-					 m2d->config_error) ||
-	    !wpa_dbus_dict_append_uint16(&dict_iter, "dev_password_id",
-					 m2d->dev_password_id) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_wps_cred - Signals new credentials
- * @wpa_s: %wpa_supplicant network interface data
- * @cred: WPS Credential information
- *
- * Sends signal with credentials in directory argument
- */
-void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s,
-			       const struct wps_credential *cred)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char *auth_type[5]; /* we have five possible authentication types */
-	int at_num = 0;
-	char *encr_type[3]; /* we have three possible encryption types */
-	int et_num = 0;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_WPS,
-				      "Credentials");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
-		goto nomem;
-
-	if (cred->auth_type & WPS_AUTH_OPEN)
-		auth_type[at_num++] = "open";
-#ifndef CONFIG_NO_TKIP
-	if (cred->auth_type & WPS_AUTH_WPAPSK)
-		auth_type[at_num++] = "wpa-psk";
-	if (cred->auth_type & WPS_AUTH_WPA)
-		auth_type[at_num++] = "wpa-eap";
-#endif /* CONFIG_NO_TKIP */
-	if (cred->auth_type & WPS_AUTH_WPA2)
-		auth_type[at_num++] = "wpa2-eap";
-	if (cred->auth_type & WPS_AUTH_WPA2PSK)
-		auth_type[at_num++] = "wpa2-psk";
-
-	if (cred->encr_type & WPS_ENCR_NONE)
-		encr_type[et_num++] = "none";
-#ifndef CONFIG_NO_TKIP
-	if (cred->encr_type & WPS_ENCR_TKIP)
-		encr_type[et_num++] = "tkip";
-#endif /* CONFIG_NO_TKIP */
-	if (cred->encr_type & WPS_ENCR_AES)
-		encr_type[et_num++] = "aes";
-
-	if ((wpa_s->current_ssid &&
-	     !wpa_dbus_dict_append_byte_array(
-		     &dict_iter, "BSSID",
-		     (const char *) wpa_s->current_ssid->bssid, ETH_ALEN)) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "SSID",
-					     (const char *) cred->ssid,
-					     cred->ssid_len) ||
-	    !wpa_dbus_dict_append_string_array(&dict_iter, "AuthType",
-					       (const char **) auth_type,
-					       at_num) ||
-	    !wpa_dbus_dict_append_string_array(&dict_iter, "EncrType",
-					       (const char **) encr_type,
-					       et_num) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "Key",
-					     (const char *) cred->key,
-					     cred->key_len) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "KeyIndex",
-					 cred->key_idx) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		goto nomem;
-
-	dbus_connection_send(iface->con, msg, NULL);
-
-nomem:
-	dbus_message_unref(msg);
-}
-
-#endif /* CONFIG_WPS */
-
-
-#ifdef CONFIG_MESH
-
-void wpas_dbus_signal_mesh_group_started(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_MESH,
-				      "MeshGroupStarted");
-	if (!msg)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "SSID",
-					     (const char *) ssid->ssid,
-					     ssid->ssid_len) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-void wpas_dbus_signal_mesh_group_removed(struct wpa_supplicant *wpa_s,
-					 const u8 *meshid, u8 meshid_len,
-					 int reason)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_MESH,
-				      "MeshGroupRemoved");
-	if (!msg)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "SSID",
-					     (const char *) meshid,
-					     meshid_len) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "DisconnectReason",
-					reason) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-void wpas_dbus_signal_mesh_peer_connected(struct wpa_supplicant *wpa_s,
-					  const u8 *peer_addr)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_MESH,
-				      "MeshPeerConnected");
-	if (!msg)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "PeerAddress",
-					     (const char *) peer_addr,
-					     ETH_ALEN) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-void wpas_dbus_signal_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
-					     const u8 *peer_addr, int reason)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_MESH,
-				      "MeshPeerDisconnected");
-	if (!msg)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "PeerAddress",
-					     (const char *) peer_addr,
-					     ETH_ALEN) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "DisconnectReason",
-					reason) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-#endif /* CONFIG_MESH */
-
-
-#ifdef CONFIG_INTERWORKING
-
-void wpas_dbus_signal_interworking_ap_added(struct wpa_supplicant *wpa_s,
-					    struct wpa_bss *bss,
-					    struct wpa_cred *cred,
-					    const char *type,
-					    int excluded,
-					    int bh,
-					    int bss_load,
-					    int conn_capab)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	char bss_path[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path;
-	char cred_path[WPAS_DBUS_OBJECT_PATH_MAX], *cred_obj_path;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "InterworkingAPAdded");
-	if (!msg)
-		return;
-
-	os_snprintf(bss_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
-		    wpa_s->dbus_new_path, bss->id);
-	bss_obj_path = bss_path;
-
-	os_snprintf(cred_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_CREDENTIALS_PART "/%u",
-		    wpa_s->dbus_new_path, cred->id);
-	cred_obj_path = cred_path;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &bss_obj_path) ||
-	    !dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &cred_obj_path) ||
-	    !wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_string(&dict_iter, "type", type) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "excluded", excluded) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "priority",
-					cred->priority) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "sp_priority",
-					cred->sp_priority) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "below_min_backhaul", bh) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "over_max_bss_load",
-					bss_load) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "conn_capab_missing",
-					conn_capab) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-void wpas_dbus_signal_interworking_select_done(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "InterworkingSelectDone");
-	if (!msg)
-		return;
-
-	dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-#endif /* CONFIG_INTERWORKING */
-
-
-void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
-				    int depth, const char *subject,
-				    const char *altsubject[],
-				    int num_altsubject,
-				    const char *cert_hash,
-				    const struct wpabuf *cert)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "Certification");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
-	    !wpa_dbus_dict_append_string(&dict_iter, "subject", subject) ||
-	    (altsubject && num_altsubject &&
-	     !wpa_dbus_dict_append_string_array(&dict_iter, "altsubject",
-						altsubject, num_altsubject)) ||
-	    (cert_hash &&
-	     !wpa_dbus_dict_append_string(&dict_iter, "cert_hash",
-					  cert_hash)) ||
-	    (cert &&
-	     !wpa_dbus_dict_append_byte_array(&dict_iter, "cert",
-					      wpabuf_head(cert),
-					      wpabuf_len(cert))) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s,
-				 const char *status, const char *parameter)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "EAP");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &status) ||
-	    !dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING,
-					    &parameter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_sta - Send a station related event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @sta: station mac address
- * @sig_name: signal name - StaAuthorized or StaDeauthorized
- *
- * Notify listeners about event related with station
- */
-static void wpas_dbus_signal_sta(struct wpa_supplicant *wpa_s,
-				 const u8 *sta, const char *sig_name)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	char sta_mac[WPAS_DBUS_OBJECT_PATH_MAX];
-	char *dev_mac;
-
-	os_snprintf(sta_mac, WPAS_DBUS_OBJECT_PATH_MAX, MACSTR, MAC2STR(sta));
-	dev_mac = sta_mac;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE, sig_name);
-	if (msg == NULL)
-		return;
-
-	if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &dev_mac,
-				     DBUS_TYPE_INVALID))
-		dbus_connection_send(iface->con, msg, NULL);
-	else
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	dbus_message_unref(msg);
-
-	wpa_printf(MSG_DEBUG, "dbus: Station MAC address '%s' '%s'",
-		   sta_mac, sig_name);
-}
-
-
-/**
- * wpas_dbus_signal_sta_authorized - Send a STA authorized signal
- * @wpa_s: %wpa_supplicant network interface data
- * @sta: station mac address
- *
- * Notify listeners a new station has been authorized
- */
-void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
-				     const u8 *sta)
-{
-	wpas_dbus_signal_sta(wpa_s, sta, "StaAuthorized");
-}
-
-
-/**
- * wpas_dbus_signal_sta_deauthorized - Send a STA deauthorized signal
- * @wpa_s: %wpa_supplicant network interface data
- * @sta: station mac address
- *
- * Notify listeners a station has been deauthorized
- */
-void wpas_dbus_signal_sta_deauthorized(struct wpa_supplicant *wpa_s,
-				       const u8 *sta)
-{
-	wpas_dbus_signal_sta(wpa_s, sta, "StaDeauthorized");
-}
-
-
-/**
- * wpas_dbus_signal_station - Send an event signal related to a station object
- * @wpa_s: %wpa_supplicant network interface data
- * @station_obj_path: Station object path
- * @sig_name: signal name - StationAdded or StationRemoved
- * @properties: Whether to add second argument with object properties
- *
- * Notify listeners about event related with station.
- */
-static void wpas_dbus_signal_station(struct wpa_supplicant *wpa_s,
-				     const char *station_obj_path,
-				     const char *sig_name,
-				     dbus_bool_t properties)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!iface || !wpa_s->dbus_new_path)
-		return;
-
-	wpa_printf(MSG_DEBUG, "dbus: STA signal %s", sig_name);
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE, sig_name);
-	if (!msg)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &station_obj_path) ||
-	    (properties &&
-	     !wpa_dbus_get_object_properties(iface, station_obj_path,
-					     WPAS_DBUS_NEW_IFACE_STA,
-					     &iter)))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_station_added - Send a Station added signal
- * @wpa_s: %wpa_supplicant network interface data
- * @station_obj_path: new Station object path
- *
- * Notify listeners about adding new Station
- */
-static void wpas_dbus_signal_station_added(struct wpa_supplicant *wpa_s,
-					   const char *station_obj_path)
-{
-	wpas_dbus_signal_station(wpa_s, station_obj_path, "StationAdded", TRUE);
-}
-
-
-/**
- * wpas_dbus_signal_station_removed - Send a Station removed signal
- * @wpa_s: %wpa_supplicant network interface data
- * @station_obj_path: Station object path
- *
- * Notify listeners about removing Station
- */
-static void wpas_dbus_signal_station_removed(struct wpa_supplicant *wpa_s,
-					     const char *station_obj_path)
-{
-	wpas_dbus_signal_station(wpa_s, station_obj_path, "StationRemoved",
-				 FALSE);
-}
-
-
-#ifdef CONFIG_P2P
-
-/**
- * wpas_dbus_signal_p2p_group_removed - Signals P2P group was removed
- * @wpa_s: %wpa_supplicant network interface data
- * @role: role of this device (client or GO)
- * Sends signal with i/f name and role as string arguments
- */
-void wpas_dbus_signal_p2p_group_removed(struct wpa_supplicant *wpa_s,
-					const char *role)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface = wpa_s->global->dbus;
-	struct wpa_supplicant *parent;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	parent = wpa_s->parent;
-	if (parent->p2p_mgmt)
-		parent = parent->parent;
-
-	if (!wpa_s->dbus_groupobj_path || !wpa_s->dbus_new_path ||
-	    !parent->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(parent->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "GroupFinished");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter,
-					      "interface_object",
-					      wpa_s->dbus_new_path) ||
-	    !wpa_dbus_dict_append_string(&dict_iter, "role", role) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter, "group_object",
-					      wpa_s->dbus_groupobj_path) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_provision_discovery - Signals various PD events
- *
- * @dev_addr - who sent the request or responded to our request.
- * @request - Will be 1 if request, 0 for response.
- * @status - valid only in case of response
- * @config_methods - wps config methods
- * @generated_pin - pin to be displayed in case of WPS_CONFIG_DISPLAY method
- *
- * Sends following provision discovery related events:
- *	ProvisionDiscoveryRequestDisplayPin
- *	ProvisionDiscoveryResponseDisplayPin
- *	ProvisionDiscoveryRequestEnterPin
- *	ProvisionDiscoveryResponseEnterPin
- *	ProvisionDiscoveryPBCRequest
- *	ProvisionDiscoveryPBCResponse
- *
- *	TODO::
- *	ProvisionDiscoveryFailure (timeout case)
- */
-void wpas_dbus_signal_p2p_provision_discovery(struct wpa_supplicant *wpa_s,
-					      const u8 *dev_addr, int request,
-					      enum p2p_prov_disc_status status,
-					      u16 config_methods,
-					      unsigned int generated_pin)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	struct wpas_dbus_priv *iface;
-	char *_signal;
-	int add_pin = 0;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-	int error_ret = 1;
-	char pin[9], *p_pin = NULL;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	if (request || !status) {
-		if (config_methods & WPS_CONFIG_DISPLAY)
-			_signal = request ?
-				 "ProvisionDiscoveryRequestDisplayPin" :
-				 "ProvisionDiscoveryResponseEnterPin";
-		else if (config_methods & WPS_CONFIG_KEYPAD)
-			_signal = request ?
-				 "ProvisionDiscoveryRequestEnterPin" :
-				 "ProvisionDiscoveryResponseDisplayPin";
-		else if (config_methods & WPS_CONFIG_PUSHBUTTON)
-			_signal = request ? "ProvisionDiscoveryPBCRequest" :
-				   "ProvisionDiscoveryPBCResponse";
-		else
-			return; /* Unknown or un-supported method */
-	} else {
-		/* Explicit check for failure response */
-		_signal = "ProvisionDiscoveryFailure";
-	}
-
-	add_pin = ((request && (config_methods & WPS_CONFIG_DISPLAY)) ||
-		   (!request && !status &&
-			(config_methods & WPS_CONFIG_KEYPAD)));
-
-	if (add_pin) {
-		os_snprintf(pin, sizeof(pin), "%08d", generated_pin);
-		p_pin = pin;
-	}
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE, _signal);
-	if (msg == NULL)
-		return;
-
-	/* Check if this is a known peer */
-	if (!p2p_peer_known(wpa_s->global->p2p, dev_addr))
-		goto error;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
-			COMPACT_MACSTR,
-			wpa_s->dbus_new_path, MAC2STR(dev_addr));
-
-	path = peer_obj_path;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter,
-					    DBUS_TYPE_OBJECT_PATH,
-					    &path))
-			goto error;
-
-	if (!request && status)
-		/* Attach status to ProvisionDiscoveryFailure */
-		error_ret = !dbus_message_iter_append_basic(&iter,
-						    DBUS_TYPE_INT32,
-						    &status);
-	else
-		error_ret = (add_pin &&
-				 !dbus_message_iter_append_basic(&iter,
-							DBUS_TYPE_STRING,
-							&p_pin));
-
-error:
-	if (!error_ret)
-		dbus_connection_send(iface->con, msg, NULL);
-	else
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_go_neg_req - Signal P2P GO Negotiation Request RX
- * @wpa_s: %wpa_supplicant network interface data
- * @src: Source address of the message triggering this notification
- * @dev_passwd_id: WPS Device Password Id
- * @go_intent: Peer's GO Intent value
- *
- * Sends signal to notify that a peer P2P Device is requesting group owner
- * negotiation with us.
- */
-void wpas_dbus_signal_p2p_go_neg_req(struct wpa_supplicant *wpa_s,
-				     const u8 *src, u16 dev_passwd_id,
-				     u8 go_intent)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	struct wpas_dbus_priv *iface;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(src));
-	path = peer_obj_path;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "GONegotiationRequest");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &path) ||
-	    !dbus_message_iter_append_basic(&iter, DBUS_TYPE_UINT16,
-					    &dev_passwd_id) ||
-	    !dbus_message_iter_append_basic(&iter, DBUS_TYPE_BYTE,
-					    &go_intent))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-static int wpas_dbus_get_group_obj_path(struct wpa_supplicant *wpa_s,
-					const struct wpa_ssid *ssid,
-					char *group_obj_path)
-{
-	char group_name[3];
-
-	if (!wpa_s->dbus_new_path ||
-	    os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN))
-		return -1;
-
-	os_memcpy(group_name, ssid->ssid + P2P_WILDCARD_SSID_LEN, 2);
-	group_name[2] = '\0';
-
-	os_snprintf(group_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_GROUPS_PART "/%s",
-		    wpa_s->dbus_new_path, group_name);
-
-	return 0;
-}
-
-
-struct group_changed_data {
-	struct wpa_supplicant *wpa_s;
-	struct p2p_peer_info *info;
-};
-
-
-static int match_group_where_peer_is_client(struct p2p_group *group,
-					    void *user_data)
-{
-	struct group_changed_data *data = user_data;
-	const struct p2p_group_config *cfg;
-	struct wpa_supplicant *wpa_s_go;
-
-	if (!p2p_group_is_client_connected(group, data->info->p2p_device_addr))
-		return 1;
-
-	cfg = p2p_group_get_config(group);
-
-	wpa_s_go = wpas_get_p2p_go_iface(data->wpa_s, cfg->ssid,
-					 cfg->ssid_len);
-	if (wpa_s_go != NULL && wpa_s_go == data->wpa_s) {
-		wpas_dbus_signal_peer_groups_changed(
-			data->wpa_s->p2pdev, data->info->p2p_device_addr);
-		return 0;
-	}
-
-	return 1;
-}
-
-
-static void signal_peer_groups_changed(struct p2p_peer_info *info,
-				       void *user_data)
-{
-	struct group_changed_data *data = user_data;
-	struct wpa_supplicant *wpa_s_go;
-
-	wpa_s_go = wpas_get_p2p_client_iface(data->wpa_s,
-					     info->p2p_device_addr);
-	if (wpa_s_go != NULL && wpa_s_go == data->wpa_s) {
-		wpas_dbus_signal_peer_groups_changed(data->wpa_s->p2pdev,
-						     info->p2p_device_addr);
-		return;
-	}
-
-	data->info = info;
-	p2p_loop_on_all_groups(data->wpa_s->global->p2p,
-			       match_group_where_peer_is_client, data);
-	data->info = NULL;
-}
-
-
-static void peer_groups_changed(struct wpa_supplicant *wpa_s)
-{
-	struct group_changed_data data;
-
-	os_memset(&data, 0, sizeof(data));
-	data.wpa_s = wpa_s;
-
-	p2p_loop_on_known_peers(wpa_s->global->p2p,
-				signal_peer_groups_changed, &data);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_group_started - Signals P2P group has
- * started. Emitted when a group is successfully started
- * irrespective of the role (client/GO) of the current device
- *
- * @wpa_s: %wpa_supplicant network interface data
- * @client: this device is P2P client
- * @persistent: 0 - non persistent group, 1 - persistent group
- * @ip: When group role is client, it contains local IP address, netmask, and
- *	GO's IP address, if assigned; otherwise, NULL
- */
-void wpas_dbus_signal_p2p_group_started(struct wpa_supplicant *wpa_s,
-					int client, int persistent,
-					const u8 *ip)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	struct wpa_supplicant *parent;
-
-	parent = wpa_s->parent;
-	if (parent->p2p_mgmt)
-		parent = parent->parent;
-
-	iface = parent->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !parent->dbus_new_path || !wpa_s->dbus_new_path)
-		return;
-
-	if (wpa_s->dbus_groupobj_path == NULL)
-		return;
-
-	/* New interface has been created for this group */
-	msg = dbus_message_new_signal(parent->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "GroupStarted");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	/*
-	 * In case the device supports creating a separate interface the
-	 * DBus client will need to know the object path for the interface
-	 * object this group was created on, so include it here.
-	 */
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter,
-					      "interface_object",
-					      wpa_s->dbus_new_path) ||
-	    !wpa_dbus_dict_append_string(&dict_iter, "role",
-					 client ? "client" : "GO") ||
-	    !wpa_dbus_dict_append_bool(&dict_iter, "persistent", persistent) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter, "group_object",
-					      wpa_s->dbus_groupobj_path) ||
-	    (ip &&
-	     (!wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddr",
-					       (char *) ip, 4) ||
-	      !wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddrMask",
-					       (char *) ip + 4, 4) ||
-	      !wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddrGo",
-					       (char *) ip + 8, 4))) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter)) {
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	} else {
-		dbus_connection_send(iface->con, msg, NULL);
-		if (client)
-			peer_groups_changed(wpa_s);
-	}
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_go_neg_resp - Emit GONegotiation Success/Failure signal
- * @wpa_s: %wpa_supplicant network interface data
- * @res: Result of the GO Neg Request
- */
-void wpas_dbus_signal_p2p_go_neg_resp(struct wpa_supplicant *wpa_s,
-				      struct p2p_go_neg_results *res)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	DBusMessageIter iter_dict_entry, iter_dict_val, iter_dict_array;
-	struct wpas_dbus_priv *iface;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-	dbus_int32_t freqs[P2P_MAX_CHANNELS];
-	dbus_int32_t *f_array = freqs;
-
-
-	iface = wpa_s->global->dbus;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	os_memset(freqs, 0, sizeof(freqs));
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(res->peer_device_addr));
-	path = peer_obj_path;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      res->status ? "GONegotiationFailure" :
-						    "GONegotiationSuccess");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter, "peer_object",
-					      path) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "status", res->status))
-		goto err;
-
-	if (!res->status) {
-		int i = 0;
-		int freq_list_num = 0;
-
-		if ((res->role_go &&
-		     !wpa_dbus_dict_append_string(&dict_iter, "passphrase",
-						  res->passphrase)) ||
-		    !wpa_dbus_dict_append_string(&dict_iter, "role_go",
-						 res->role_go ? "GO" :
-						 "client") ||
-		    !wpa_dbus_dict_append_int32(&dict_iter, "frequency",
-						res->freq) ||
-		    !wpa_dbus_dict_append_byte_array(&dict_iter, "ssid",
-						     (const char *) res->ssid,
-						     res->ssid_len) ||
-		    !wpa_dbus_dict_append_byte_array(&dict_iter,
-						     "peer_device_addr",
-						     (const char *)
-						     res->peer_device_addr,
-						     ETH_ALEN) ||
-		    !wpa_dbus_dict_append_byte_array(&dict_iter,
-						     "peer_interface_addr",
-						     (const char *)
-						     res->peer_interface_addr,
-						     ETH_ALEN) ||
-		    !wpa_dbus_dict_append_string(&dict_iter, "wps_method",
-						 p2p_wps_method_text(
-							 res->wps_method)))
-			goto err;
-
-		for (i = 0; i < P2P_MAX_CHANNELS; i++) {
-			if (res->freq_list[i]) {
-				freqs[i] = res->freq_list[i];
-				freq_list_num++;
-			}
-		}
-
-		if (!wpa_dbus_dict_begin_array(&dict_iter,
-					       "frequency_list",
-					       DBUS_TYPE_INT32_AS_STRING,
-					       &iter_dict_entry,
-					       &iter_dict_val,
-					       &iter_dict_array) ||
-		    !dbus_message_iter_append_fixed_array(&iter_dict_array,
-							  DBUS_TYPE_INT32,
-							  &f_array,
-							  freq_list_num) ||
-		    !wpa_dbus_dict_end_array(&dict_iter,
-					     &iter_dict_entry,
-					     &iter_dict_val,
-					     &iter_dict_array) ||
-		    !wpa_dbus_dict_append_int32(&dict_iter, "persistent_group",
-						res->persistent_group) ||
-		    !wpa_dbus_dict_append_uint32(&dict_iter,
-						 "peer_config_timeout",
-						 res->peer_config_timeout))
-			goto err;
-	}
-
-	if (!wpa_dbus_dict_close_write(&iter, &dict_iter))
-		goto err;
-
-	dbus_connection_send(iface->con, msg, NULL);
-err:
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_invitation_result - Emit InvitationResult signal
- * @wpa_s: %wpa_supplicant network interface data
- * @status: Status of invitation process
- * @bssid: Basic Service Set Identifier
- */
-void wpas_dbus_signal_p2p_invitation_result(struct wpa_supplicant *wpa_s,
-					    int status, const u8 *bssid)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-
-	wpa_printf(MSG_DEBUG, "%s", __func__);
-
-	iface = wpa_s->global->dbus;
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "InvitationResult");
-
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "status", status) ||
-	    (bssid &&
-	     !wpa_dbus_dict_append_byte_array(&dict_iter, "BSSID",
-					      (const char *) bssid,
-					      ETH_ALEN)) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- *
- * Method to emit a signal for a peer joining the group.
- * The signal will carry path to the group member object
- * constructed using p2p i/f addr used for connecting.
- *
- * @wpa_s: %wpa_supplicant network interface data
- * @peer_addr: P2P Device Address of the peer joining the group
- */
-void wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s,
-				      const u8 *peer_addr)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-	struct wpa_supplicant *parent;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (!wpa_s->dbus_groupobj_path)
-		return;
-
-	parent = wpa_s->parent;
-	if (parent->p2p_mgmt)
-		parent = parent->parent;
-	if (!parent->dbus_new_path)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
-			COMPACT_MACSTR,
-			parent->dbus_new_path, MAC2STR(peer_addr));
-
-	msg = dbus_message_new_signal(wpa_s->dbus_groupobj_path,
-				      WPAS_DBUS_NEW_IFACE_P2P_GROUP,
-				      "PeerJoined");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	path = peer_obj_path;
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &path)) {
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	} else {
-		dbus_connection_send(iface->con, msg, NULL);
-		wpas_dbus_signal_peer_groups_changed(parent, peer_addr);
-	}
-	dbus_message_unref(msg);
-}
-
-
-/**
- *
- * Method to emit a signal for a peer disconnecting the group.
- * The signal will carry path to the group member object
- * constructed using the P2P Device Address of the peer.
- *
- * @wpa_s: %wpa_supplicant network interface data
- * @peer_addr: P2P Device Address of the peer joining the group
- */
-void wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s,
-					    const u8 *peer_addr)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-	struct wpa_supplicant *parent;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (!wpa_s->dbus_groupobj_path)
-		return;
-
-	parent = wpa_s->parent;
-	if (parent->p2p_mgmt)
-		parent = parent->parent;
-	if (!parent->dbus_new_path)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
-			COMPACT_MACSTR,
-			parent->dbus_new_path, MAC2STR(peer_addr));
-
-	msg = dbus_message_new_signal(wpa_s->dbus_groupobj_path,
-				      WPAS_DBUS_NEW_IFACE_P2P_GROUP,
-				      "PeerDisconnected");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	path = peer_obj_path;
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &path)) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: Failed to construct PeerDisconnected signal");
-	} else {
-		dbus_connection_send(iface->con, msg, NULL);
-		wpas_dbus_signal_peer_groups_changed(parent, peer_addr);
-	}
-	dbus_message_unref(msg);
-}
-
-
-/**
- *
- * Method to emit a signal for a service discovery request.
- * The signal will carry station address, frequency, dialog token,
- * update indicator and it tlvs
- *
- * @wpa_s: %wpa_supplicant network interface data
- * @sa: station addr (p2p i/f) of the peer
- * @dialog_token: service discovery request dialog token
- * @update_indic: service discovery request update indicator
- * @tlvs: service discovery request generated byte array of tlvs
- * @tlvs_len: service discovery request tlvs length
- */
-void wpas_dbus_signal_p2p_sd_request(struct wpa_supplicant *wpa_s,
-				     int freq, const u8 *sa, u8 dialog_token,
-				     u16 update_indic, const u8 *tlvs,
-				     size_t tlvs_len)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	/* Check if this is a known peer */
-	if (!p2p_peer_known(wpa_s->global->p2p, sa))
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "ServiceDiscoveryRequest");
-	if (msg == NULL)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
-		    COMPACT_MACSTR, wpa_s->dbus_new_path, MAC2STR(sa));
-
-	path = peer_obj_path;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter, "peer_object",
-					      path) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "frequency", freq) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "dialog_token",
-					dialog_token) ||
-	    !wpa_dbus_dict_append_uint16(&dict_iter, "update_indicator",
-					 update_indic) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "tlvs",
-					     (const char *) tlvs,
-					     tlvs_len) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- *
- * Method to emit a signal for a service discovery response.
- * The signal will carry station address, update indicator and it
- * tlvs
- *
- * @wpa_s: %wpa_supplicant network interface data
- * @sa: station addr (p2p i/f) of the peer
- * @update_indic: service discovery request update indicator
- * @tlvs: service discovery request generated byte array of tlvs
- * @tlvs_len: service discovery request tlvs length
- */
-void wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s,
-				      const u8 *sa, u16 update_indic,
-				      const u8 *tlvs, size_t tlvs_len)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	/* Check if this is a known peer */
-	if (!p2p_peer_known(wpa_s->global->p2p, sa))
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "ServiceDiscoveryResponse");
-	if (msg == NULL)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
-		    COMPACT_MACSTR, wpa_s->dbus_new_path, MAC2STR(sa));
-
-	path = peer_obj_path;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_object_path(&dict_iter, "peer_object",
-					      path) ||
-	    !wpa_dbus_dict_append_uint16(&dict_iter, "update_indicator",
-					 update_indic) ||
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "tlvs",
-					     (const char *) tlvs,
-					     tlvs_len) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_persistent_group - Send a persistent group related
- *	event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: new persistent group id
- * @sig_name: signal name - PersistentGroupAdded, PersistentGroupRemoved
- * @properties: determines if add second argument with object properties
- *
- * Notify listeners about an event related to persistent groups.
- */
-static void wpas_dbus_signal_persistent_group(struct wpa_supplicant *wpa_s,
-					      int id, const char *sig_name,
-					      dbus_bool_t properties)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	char pgrp_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%u",
-		    wpa_s->dbus_new_path, id);
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      sig_name);
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	path = pgrp_obj_path;
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &path) ||
-	    (properties &&
-	     !wpa_dbus_get_object_properties(
-		     iface, pgrp_obj_path,
-		     WPAS_DBUS_NEW_IFACE_PERSISTENT_GROUP, &iter)))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_persistent_group_added - Send a persistent_group
- *	added signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: new persistent group id
- *
- * Notify listeners about addition of a new persistent group.
- */
-static void wpas_dbus_signal_persistent_group_added(
-	struct wpa_supplicant *wpa_s, int id)
-{
-	wpas_dbus_signal_persistent_group(wpa_s, id, "PersistentGroupAdded",
-					  TRUE);
-}
-
-
-/**
- * wpas_dbus_signal_persistent_group_removed - Send a persistent_group
- *	removed signal
- * @wpa_s: %wpa_supplicant network interface data
- * @id: persistent group id
- *
- * Notify listeners about removal of a persistent group.
- */
-static void wpas_dbus_signal_persistent_group_removed(
-	struct wpa_supplicant *wpa_s, int id)
-{
-	wpas_dbus_signal_persistent_group(wpa_s, id, "PersistentGroupRemoved",
-					  FALSE);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_wps_failed - Signals WpsFailed event
- * @wpa_s: %wpa_supplicant network interface data
- * @fail: WPS failure information
- *
- * Sends Event dbus signal with name "fail" and dictionary containing
- * "msg" field with fail message number (int32) as arguments
- */
-void wpas_dbus_signal_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-				     struct wps_event_fail *fail)
-{
-
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-	char *key = "fail";
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	if (!wpa_s->dbus_new_path)
-		return;
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "WpsFailed");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &key) ||
-	    !wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "msg", fail->msg) ||
-	    !wpa_dbus_dict_append_int16(&dict_iter, "config_error",
-					fail->config_error) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_group_formation_failure - Signals GroupFormationFailure event
- * @wpa_s: %wpa_supplicant network interface data
- * @reason: indicates the reason code for group formation failure
- *
- * Sends Event dbus signal and string reason code when available.
- */
-void wpas_dbus_signal_p2p_group_formation_failure(struct wpa_supplicant *wpa_s,
-						  const char *reason)
-{
-	DBusMessage *msg;
-	struct wpas_dbus_priv *iface;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "GroupFormationFailure");
-	if (msg == NULL)
-		return;
-
-	if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &reason,
-				     DBUS_TYPE_INVALID))
-		dbus_connection_send(iface->con, msg, NULL);
-	else
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_p2p_invitation_received - Emit InvitationReceived signal
- * @wpa_s: %wpa_supplicant network interface data
- * @sa: Source address of the Invitation Request
- * @dev_add: GO Device Address
- * @bssid: P2P Group BSSID or %NULL if not received
- * @id: Persistent group id or %0 if not persistent group
- * @op_freq: Operating frequency for the group
- */
-
-void wpas_dbus_signal_p2p_invitation_received(struct wpa_supplicant *wpa_s,
-					      const u8 *sa, const u8 *dev_addr,
-					      const u8 *bssid, int id,
-					      int op_freq)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *iface;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "InvitationReceived");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    (sa &&
-	     !wpa_dbus_dict_append_byte_array(&dict_iter, "sa",
-					      (const char *) sa, ETH_ALEN)) ||
-	    (dev_addr &&
-	     !wpa_dbus_dict_append_byte_array(&dict_iter, "go_dev_addr",
-					      (const char *) dev_addr,
-					      ETH_ALEN)) ||
-	    (bssid &&
-	     !wpa_dbus_dict_append_byte_array(&dict_iter, "bssid",
-					      (const char *) bssid,
-					      ETH_ALEN)) ||
-	    (id &&
-	     !wpa_dbus_dict_append_int32(&dict_iter, "persistent_id", id)) ||
-	    !wpa_dbus_dict_append_int32(&dict_iter, "op_freq", op_freq) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter)) {
-		dbus_message_unref(msg);
-		return;
-	}
-
-	dbus_connection_send(iface->con, msg, NULL);
-	dbus_message_unref(msg);
-}
-
-
-#endif /* CONFIG_P2P */
-
-
-/**
- * wpas_dbus_signal_prop_changed - Signals change of property
- * @wpa_s: %wpa_supplicant network interface data
- * @property: indicates which property has changed
- *
- * Sends PropertyChanged signals with path, interface and arguments
- * depending on which property has changed.
- */
-void wpas_dbus_signal_prop_changed(struct wpa_supplicant *wpa_s,
-				   enum wpas_dbus_prop property)
-{
-	char *prop;
-	dbus_bool_t flush;
-
-	if (wpa_s->dbus_new_path == NULL)
-		return; /* Skip signal since D-Bus setup is not yet ready */
-
-	flush = FALSE;
-	switch (property) {
-	case WPAS_DBUS_PROP_AP_SCAN:
-		prop = "ApScan";
-		break;
-	case WPAS_DBUS_PROP_SCANNING:
-		prop = "Scanning";
-		break;
-	case WPAS_DBUS_PROP_STATE:
-		prop = "State";
-		break;
-	case WPAS_DBUS_PROP_CURRENT_BSS:
-		prop = "CurrentBSS";
-		break;
-	case WPAS_DBUS_PROP_CURRENT_NETWORK:
-		prop = "CurrentNetwork";
-		break;
-	case WPAS_DBUS_PROP_BSSS:
-		prop = "BSSs";
-		break;
-	case WPAS_DBUS_PROP_STATIONS:
-		prop = "Stations";
-		break;
-	case WPAS_DBUS_PROP_CURRENT_AUTH_MODE:
-		prop = "CurrentAuthMode";
-		break;
-	case WPAS_DBUS_PROP_DISCONNECT_REASON:
-		prop = "DisconnectReason";
-		flush = TRUE;
-		break;
-	case WPAS_DBUS_PROP_AUTH_STATUS_CODE:
-		prop = "AuthStatusCode";
-		flush = TRUE;
-		break;
-	case WPAS_DBUS_PROP_ASSOC_STATUS_CODE:
-		prop = "AssocStatusCode";
-		flush = TRUE;
-		break;
-	case WPAS_DBUS_PROP_ROAM_TIME:
-		prop = "RoamTime";
-		break;
-	case WPAS_DBUS_PROP_ROAM_COMPLETE:
-		prop = "RoamComplete";
-		break;
-	case WPAS_DBUS_PROP_SESSION_LENGTH:
-		prop = "SessionLength";
-		break;
-	case WPAS_DBUS_PROP_BSS_TM_STATUS:
-		prop = "BSSTMStatus";
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "dbus: %s: Unknown Property value %d",
-			   __func__, property);
-		return;
-	}
-
-	wpa_dbus_mark_property_changed(wpa_s->global->dbus,
-				       wpa_s->dbus_new_path,
-				       WPAS_DBUS_NEW_IFACE_INTERFACE, prop);
-	if (flush) {
-		wpa_dbus_flush_object_changed_properties(
-			wpa_s->global->dbus->con, wpa_s->dbus_new_path);
-	}
-}
-
-
-/**
- * wpas_dbus_bss_signal_prop_changed - Signals change of BSS property
- * @wpa_s: %wpa_supplicant network interface data
- * @property: indicates which property has changed
- * @id: unique BSS identifier
- *
- * Sends PropertyChanged signals with path, interface, and arguments depending
- * on which property has changed.
- */
-void wpas_dbus_bss_signal_prop_changed(struct wpa_supplicant *wpa_s,
-				       enum wpas_dbus_bss_prop property,
-				       unsigned int id)
-{
-	char path[WPAS_DBUS_OBJECT_PATH_MAX];
-	char *prop;
-
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	switch (property) {
-	case WPAS_DBUS_BSS_PROP_SIGNAL:
-		prop = "Signal";
-		break;
-	case WPAS_DBUS_BSS_PROP_FREQ:
-		prop = "Frequency";
-		break;
-	case WPAS_DBUS_BSS_PROP_MODE:
-		prop = "Mode";
-		break;
-	case WPAS_DBUS_BSS_PROP_PRIVACY:
-		prop = "Privacy";
-		break;
-	case WPAS_DBUS_BSS_PROP_RATES:
-		prop = "Rates";
-		break;
-	case WPAS_DBUS_BSS_PROP_WPA:
-		prop = "WPA";
-		break;
-	case WPAS_DBUS_BSS_PROP_RSN:
-		prop = "RSN";
-		break;
-	case WPAS_DBUS_BSS_PROP_WPS:
-		prop = "WPS";
-		break;
-	case WPAS_DBUS_BSS_PROP_IES:
-		prop = "IEs";
-		break;
-	case WPAS_DBUS_BSS_PROP_AGE:
-		prop = "Age";
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "dbus: %s: Unknown Property value %d",
-			   __func__, property);
-		return;
-	}
-
-	os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
-		    wpa_s->dbus_new_path, id);
-
-	wpa_dbus_mark_property_changed(wpa_s->global->dbus, path,
-				       WPAS_DBUS_NEW_IFACE_BSS, prop);
-}
-
-
-/**
- * wpas_dbus_sta_signal_prop_changed - Signals change of STA property
- * @wpa_s: %wpa_supplicant network interface data
- * @property: indicates which property has changed
- * @address: unique BSS identifier
- *
- * Sends PropertyChanged signals with path, interface, and arguments depending
- * on which property has changed.
- */
-void wpas_dbus_sta_signal_prop_changed(struct wpa_supplicant *wpa_s,
-				       enum wpas_dbus_bss_prop property,
-				       u8 address[ETH_ALEN])
-{
-	char path[WPAS_DBUS_OBJECT_PATH_MAX];
-	char *prop;
-
-	switch (property) {
-	case WPAS_DBUS_STA_PROP_ADDRESS:
-		prop = "Address";
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "dbus: %s: Unknown Property value %d",
-			   __func__, property);
-		return;
-	}
-
-	os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_STAS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(address));
-
-	wpa_dbus_mark_property_changed(wpa_s->global->dbus, path,
-				       WPAS_DBUS_NEW_IFACE_STA, prop);
-}
-
-
-/**
- * wpas_dbus_signal_debug_level_changed - Signals change of debug param
- * @global: wpa_global structure
- *
- * Sends PropertyChanged signals informing that debug level has changed.
- */
-void wpas_dbus_signal_debug_level_changed(struct wpa_global *global)
-{
-	wpa_dbus_mark_property_changed(global->dbus, WPAS_DBUS_NEW_PATH,
-				       WPAS_DBUS_NEW_INTERFACE,
-				       "DebugLevel");
-}
-
-
-/**
- * wpas_dbus_signal_debug_timestamp_changed - Signals change of debug param
- * @global: wpa_global structure
- *
- * Sends PropertyChanged signals informing that debug timestamp has changed.
- */
-void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global)
-{
-	wpa_dbus_mark_property_changed(global->dbus, WPAS_DBUS_NEW_PATH,
-				       WPAS_DBUS_NEW_INTERFACE,
-				       "DebugTimestamp");
-}
-
-
-/**
- * wpas_dbus_signal_debug_show_keys_changed - Signals change of debug param
- * @global: wpa_global structure
- *
- * Sends PropertyChanged signals informing that debug show_keys has changed.
- */
-void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global)
-{
-	wpa_dbus_mark_property_changed(global->dbus, WPAS_DBUS_NEW_PATH,
-				       WPAS_DBUS_NEW_INTERFACE,
-				       "DebugShowKeys");
-}
-
-
-static void wpas_dbus_register(struct wpa_dbus_object_desc *obj_desc,
-			       void *priv,
-			       WPADBusArgumentFreeFunction priv_free,
-			       const struct wpa_dbus_method_desc *methods,
-			       const struct wpa_dbus_property_desc *properties,
-			       const struct wpa_dbus_signal_desc *signals)
-{
-	int n;
-
-	obj_desc->user_data = priv;
-	obj_desc->user_data_free_func = priv_free;
-	obj_desc->methods = methods;
-	obj_desc->properties = properties;
-	obj_desc->signals = signals;
-
-	for (n = 0; properties && properties->dbus_property; properties++)
-		n++;
-
-	obj_desc->prop_changed_flags = os_zalloc(n);
-	if (!obj_desc->prop_changed_flags)
-		wpa_printf(MSG_DEBUG, "dbus: %s: can't register handlers",
-			   __func__);
-}
-
-
-static const struct wpa_dbus_method_desc wpas_dbus_global_methods[] = {
-	{ "CreateInterface", WPAS_DBUS_NEW_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_create_interface,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveInterface", WPAS_DBUS_NEW_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_interface,
-	  {
-		  { "path", "o", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "GetInterface", WPAS_DBUS_NEW_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_get_interface,
-	  {
-		  { "ifname", "s", ARG_IN },
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ExpectDisconnect", WPAS_DBUS_NEW_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_expect_disconnect,
-	  {
-		END_ARGS
-	  }
-	},
-	{ NULL, NULL, NULL, { END_ARGS } }
-};
-
-static const struct wpa_dbus_property_desc wpas_dbus_global_properties[] = {
-	{ "DebugLevel", WPAS_DBUS_NEW_INTERFACE, "s",
-	  wpas_dbus_getter_debug_level,
-	  wpas_dbus_setter_debug_level,
-	  NULL
-	},
-	{ "DebugTimestamp", WPAS_DBUS_NEW_INTERFACE, "b",
-	  wpas_dbus_getter_debug_timestamp,
-	  wpas_dbus_setter_debug_timestamp,
-	  NULL
-	},
-	{ "DebugShowKeys", WPAS_DBUS_NEW_INTERFACE, "b",
-	  wpas_dbus_getter_debug_show_keys,
-	  wpas_dbus_setter_debug_show_keys,
-	  NULL
-	},
-	{ "Interfaces", WPAS_DBUS_NEW_INTERFACE, "ao",
-	  wpas_dbus_getter_interfaces,
-	  NULL,
-	  NULL
-	},
-	{ "EapMethods", WPAS_DBUS_NEW_INTERFACE, "as",
-	  wpas_dbus_getter_eap_methods,
-	  NULL,
-	  NULL
-	},
-	{ "Capabilities", WPAS_DBUS_NEW_INTERFACE, "as",
-	  wpas_dbus_getter_global_capabilities,
-	  NULL,
-	  NULL
-	},
-#ifdef CONFIG_WIFI_DISPLAY
-	{ "WFDIEs", WPAS_DBUS_NEW_INTERFACE, "ay",
-	  wpas_dbus_getter_global_wfd_ies,
-	  wpas_dbus_setter_global_wfd_ies,
-	  NULL
-	},
-#endif /* CONFIG_WIFI_DISPLAY */
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-static const struct wpa_dbus_signal_desc wpas_dbus_global_signals[] = {
-	{ "InterfaceAdded", WPAS_DBUS_NEW_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "InterfaceRemoved", WPAS_DBUS_NEW_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_INTERFACE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ NULL, NULL, { END_ARGS } }
-};
-
-
-static char * uscore_to_dbus(const char *uscore)
-{
-	const char *p = uscore;
-	char *str, *s;
-	dbus_bool_t last_was_uscore = TRUE;
-
-	s = str = os_zalloc(os_strlen(uscore) + 1);
-	if (!str)
-		return NULL;
-	while (p && *p) {
-		if (*p == '_') {
-			last_was_uscore = TRUE;
-		} else {
-			*s++ = last_was_uscore ? toupper(*p) : *p;
-			last_was_uscore = FALSE;
-		}
-		p++;
-	}
-
-	return str;
-}
-
-
-static int wpa_dbus_ctrl_iface_props_init(struct wpas_dbus_priv *priv);
-
-
-static void wpa_dbus_ctrl_iface_props_deinit(struct wpas_dbus_priv *priv)
-{
-	int idx = priv->globals_start;
-
-	/* Free all allocated property values */
-	while (priv->all_interface_properties[idx].dbus_property)
-		os_free((char *)
-			priv->all_interface_properties[idx++].dbus_property);
-	os_free((char *) priv->all_interface_properties);
-}
-
-
-/**
- * wpas_dbus_ctrl_iface_init - Initialize dbus control interface
- * @global: Pointer to global data from wpa_supplicant_init()
- * Returns: 0 on success or -1 on failure
- *
- * Initialize the dbus control interface for wpa_supplicant and start
- * receiving commands from external programs over the bus.
- */
-int wpas_dbus_ctrl_iface_init(struct wpas_dbus_priv *priv)
-{
-	struct wpa_dbus_object_desc *obj_desc;
-	int ret;
-
-	ret = wpa_dbus_ctrl_iface_props_init(priv);
-	if (ret < 0) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: Not enough memory to init interface properties");
-		return -1;
-	}
-
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto error;
-	}
-
-	wpas_dbus_register(obj_desc, priv->global, NULL,
-			   wpas_dbus_global_methods,
-			   wpas_dbus_global_properties,
-			   wpas_dbus_global_signals);
-
-	wpa_printf(MSG_DEBUG, "dbus: Register D-Bus object '%s'",
-		   WPAS_DBUS_NEW_PATH);
-	ret = wpa_dbus_ctrl_iface_init(priv, WPAS_DBUS_NEW_PATH,
-				       WPAS_DBUS_NEW_SERVICE,
-				       obj_desc);
-	if (ret < 0) {
-		free_dbus_object_desc(obj_desc);
-		goto error;
-	}
-
-	priv->dbus_new_initialized = 1;
-	return 0;
-
-error:
-	wpa_dbus_ctrl_iface_props_deinit(priv);
-	return -1;
-}
-
-
-/**
- * wpas_dbus_ctrl_iface_deinit - Deinitialize dbus ctrl interface for
- * wpa_supplicant
- * @priv: Pointer to dbus private data from wpas_dbus_init()
- *
- * Deinitialize the dbus control interface that was initialized with
- * wpas_dbus_ctrl_iface_init().
- */
-void wpas_dbus_ctrl_iface_deinit(struct wpas_dbus_priv *priv)
-{
-	if (!priv->dbus_new_initialized)
-		return;
-	wpa_printf(MSG_DEBUG, "dbus: Unregister D-Bus object '%s'",
-		   WPAS_DBUS_NEW_PATH);
-	dbus_connection_unregister_object_path(priv->con, WPAS_DBUS_NEW_PATH);
-	wpa_dbus_ctrl_iface_props_deinit(priv);
-}
-
-
-static void wpa_dbus_free(void *ptr)
-{
-	os_free(ptr);
-}
-
-
-static const struct wpa_dbus_property_desc wpas_dbus_network_properties[] = {
-	{ "Properties", WPAS_DBUS_NEW_IFACE_NETWORK, "a{sv}",
-	  wpas_dbus_getter_network_properties,
-	  wpas_dbus_setter_network_properties,
-	  NULL
-	},
-	{ "Enabled", WPAS_DBUS_NEW_IFACE_NETWORK, "b",
-	  wpas_dbus_getter_enabled,
-	  wpas_dbus_setter_enabled,
-	  NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-
-static const struct wpa_dbus_signal_desc wpas_dbus_network_signals[] = {
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_IFACE_NETWORK,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ NULL, NULL, { END_ARGS } }
-};
-
-
-/**
- * wpas_dbus_register_network - Register a configured network with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @ssid: network configuration data
- * Returns: 0 on success, -1 on failure
- *
- * Registers network representing object with dbus
- */
-int wpas_dbus_register_network(struct wpa_supplicant *wpa_s,
-			       struct wpa_ssid *ssid)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	struct wpa_dbus_object_desc *obj_desc;
-	struct network_handler_args *arg;
-	char net_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-#ifdef CONFIG_P2P
-	/*
-	 * If it is a persistent group register it as such.
-	 * This is to handle cases where an interface is being initialized
-	 * with a list of networks read from config.
-	 */
-	if (network_is_persistent_group(ssid))
-		return wpas_dbus_register_persistent_group(wpa_s, ssid);
-#endif /* CONFIG_P2P */
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
-		    wpa_s->dbus_new_path, ssid->id);
-
-	wpa_printf(MSG_DEBUG, "dbus: Register network object '%s'",
-		   net_obj_path);
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto err;
-	}
-
-	/* allocate memory for handlers arguments */
-	arg = os_zalloc(sizeof(struct network_handler_args));
-	if (!arg) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create arguments for method");
-		goto err;
-	}
-
-	arg->wpa_s = wpa_s;
-	arg->ssid = ssid;
-
-	wpas_dbus_register(obj_desc, arg, wpa_dbus_free, NULL,
-			   wpas_dbus_network_properties,
-			   wpas_dbus_network_signals);
-
-	if (wpa_dbus_register_object_per_iface(ctrl_iface, net_obj_path,
-					       wpa_s->ifname, obj_desc))
-		goto err;
-
-	wpas_dbus_signal_network_added(wpa_s, ssid->id);
-
-	return 0;
-
-err:
-	free_dbus_object_desc(obj_desc);
-	return -1;
-}
-
-
-/**
- * wpas_dbus_unregister_network - Unregister a configured network from dbus
- * @wpa_s: wpa_supplicant interface structure
- * @nid: network id
- * Returns: 0 on success, -1 on failure
- *
- * Unregisters network representing object from dbus
- */
-int wpas_dbus_unregister_network(struct wpa_supplicant *wpa_s, int nid)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	char net_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	int ret;
-#ifdef CONFIG_P2P
-	struct wpa_ssid *ssid;
-
-	ssid = wpa_config_get_network(wpa_s->conf, nid);
-
-	/* If it is a persistent group unregister it as such */
-	if (ssid && network_is_persistent_group(ssid))
-		return wpas_dbus_unregister_persistent_group(wpa_s, nid);
-#endif /* CONFIG_P2P */
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s->global == NULL || wpa_s->dbus_new_path == NULL)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
-		    wpa_s->dbus_new_path, nid);
-
-	wpa_printf(MSG_DEBUG, "dbus: Unregister network object '%s'",
-		   net_obj_path);
-	ret = wpa_dbus_unregister_object_per_iface(ctrl_iface, net_obj_path);
-
-	if (!ret)
-		wpas_dbus_signal_network_removed(wpa_s, nid);
-
-	return ret;
-}
-
-
-static const struct wpa_dbus_property_desc wpas_dbus_bss_properties[] = {
-	{ "SSID", WPAS_DBUS_NEW_IFACE_BSS, "ay",
-	  wpas_dbus_getter_bss_ssid,
-	  NULL,
-	  NULL
-	},
-	{ "BSSID", WPAS_DBUS_NEW_IFACE_BSS, "ay",
-	  wpas_dbus_getter_bss_bssid,
-	  NULL,
-	  NULL
-	},
-	{ "Privacy", WPAS_DBUS_NEW_IFACE_BSS, "b",
-	  wpas_dbus_getter_bss_privacy,
-	  NULL,
-	  NULL
-	},
-	{ "Mode", WPAS_DBUS_NEW_IFACE_BSS, "s",
-	  wpas_dbus_getter_bss_mode,
-	  NULL,
-	  NULL
-	},
-	{ "Signal", WPAS_DBUS_NEW_IFACE_BSS, "n",
-	  wpas_dbus_getter_bss_signal,
-	  NULL,
-	  NULL
-	},
-	{ "Frequency", WPAS_DBUS_NEW_IFACE_BSS, "q",
-	  wpas_dbus_getter_bss_frequency,
-	  NULL,
-	  NULL
-	},
-	{ "Rates", WPAS_DBUS_NEW_IFACE_BSS, "au",
-	  wpas_dbus_getter_bss_rates,
-	  NULL,
-	  NULL
-	},
-	{ "WPA", WPAS_DBUS_NEW_IFACE_BSS, "a{sv}",
-	  wpas_dbus_getter_bss_wpa,
-	  NULL,
-	  NULL
-	},
-	{ "RSN", WPAS_DBUS_NEW_IFACE_BSS, "a{sv}",
-	  wpas_dbus_getter_bss_rsn,
-	  NULL,
-	  NULL
-	},
-	{ "WPS", WPAS_DBUS_NEW_IFACE_BSS, "a{sv}",
-	  wpas_dbus_getter_bss_wps,
-	  NULL,
-	  NULL
-	},
-	{ "IEs", WPAS_DBUS_NEW_IFACE_BSS, "ay",
-	  wpas_dbus_getter_bss_ies,
-	  NULL,
-	  NULL
-	},
-	{ "Age", WPAS_DBUS_NEW_IFACE_BSS, "u",
-	  wpas_dbus_getter_bss_age,
-	  NULL,
-	  NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-
-static const struct wpa_dbus_signal_desc wpas_dbus_bss_signals[] = {
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_IFACE_BSS,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ NULL, NULL, { END_ARGS } }
-};
-
-
-/**
- * wpas_dbus_unregister_bss - Unregister a scanned BSS from dbus
- * @wpa_s: wpa_supplicant interface structure
- * @bssid: scanned network bssid
- * @id: unique BSS identifier
- * Returns: 0 on success, -1 on failure
- *
- * Unregisters BSS representing object from dbus
- */
-int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s,
-			     u8 bssid[ETH_ALEN], unsigned int id)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	char bss_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
-		    wpa_s->dbus_new_path, id);
-
-	wpa_printf(MSG_DEBUG, "dbus: Unregister BSS object '%s'",
-		   bss_obj_path);
-	if (wpa_dbus_unregister_object_per_iface(ctrl_iface, bss_obj_path)) {
-		wpa_printf(MSG_ERROR, "dbus: Cannot unregister BSS object %s",
-			   bss_obj_path);
-		return -1;
-	}
-
-	wpas_dbus_signal_bss_removed(wpa_s, bss_obj_path);
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS);
-
-	return 0;
-}
-
-
-/**
- * wpas_dbus_register_bss - Register a scanned BSS with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @bssid: scanned network bssid
- * @id: unique BSS identifier
- * Returns: 0 on success, -1 on failure
- *
- * Registers BSS representing object with dbus
- */
-int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s,
-			   u8 bssid[ETH_ALEN], unsigned int id)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	struct wpa_dbus_object_desc *obj_desc;
-	char bss_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	struct bss_handler_args *arg;
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
-		    wpa_s->dbus_new_path, id);
-
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto err;
-	}
-
-	arg = os_zalloc(sizeof(struct bss_handler_args));
-	if (!arg) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create arguments for handler");
-		goto err;
-	}
-	arg->wpa_s = wpa_s;
-	arg->id = id;
-
-	wpas_dbus_register(obj_desc, arg, wpa_dbus_free, NULL,
-			   wpas_dbus_bss_properties,
-			   wpas_dbus_bss_signals);
-
-	wpa_printf(MSG_DEBUG, "dbus: Register BSS object '%s'",
-		   bss_obj_path);
-	if (wpa_dbus_register_object_per_iface(ctrl_iface, bss_obj_path,
-					       wpa_s->ifname, obj_desc)) {
-		wpa_printf(MSG_ERROR,
-			   "Cannot register BSSID dbus object %s.",
-			   bss_obj_path);
-		goto err;
-	}
-
-	wpas_dbus_signal_bss_added(wpa_s, bss_obj_path);
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS);
-
-	return 0;
-
-err:
-	free_dbus_object_desc(obj_desc);
-	return -1;
-}
-
-
-static const struct wpa_dbus_property_desc wpas_dbus_sta_properties[] = {
-	{ "Address", WPAS_DBUS_NEW_IFACE_STA, "ay",
-	  wpas_dbus_getter_sta_address,
-	  NULL, NULL
-	},
-	{ "AID", WPAS_DBUS_NEW_IFACE_STA, "q",
-	  wpas_dbus_getter_sta_aid,
-	  NULL, NULL
-	},
-	{ "Capabilities", WPAS_DBUS_NEW_IFACE_STA, "q",
-	  wpas_dbus_getter_sta_caps,
-	  NULL, NULL
-	},
-	{ "RxPackets", WPAS_DBUS_NEW_IFACE_STA, "t",
-	  wpas_dbus_getter_sta_rx_packets,
-	  NULL, NULL
-	},
-	{ "TxPackets", WPAS_DBUS_NEW_IFACE_STA, "t",
-	  wpas_dbus_getter_sta_tx_packets,
-	  NULL, NULL
-	},
-	{ "RxBytes", WPAS_DBUS_NEW_IFACE_STA, "t",
-	  wpas_dbus_getter_sta_rx_bytes,
-	  NULL, NULL
-	},
-	{ "TxBytes", WPAS_DBUS_NEW_IFACE_STA, "t",
-	  wpas_dbus_getter_sta_tx_bytes,
-	  NULL, NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-
-static const struct wpa_dbus_signal_desc wpas_dbus_sta_signals[] = {
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_IFACE_STA,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ NULL, NULL, { END_ARGS } }
-};
-
-
-/**
- * wpas_dbus_unregister_sta - Unregister a connected station from dbus
- * @wpa_s: wpa_supplicant interface structure
- * @sta: station MAC address
- * Returns: 0 on success, -1 on failure
- *
- * Unregisters STA representing object from dbus.
- */
-int wpas_dbus_unregister_sta(struct wpa_supplicant *wpa_s, const u8 *sta)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	char station_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	/* Do nothing if the control interface is not turned on */
-	if (!wpa_s || !wpa_s->global)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (!ctrl_iface)
-		return 0;
-
-	os_snprintf(station_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_STAS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(sta));
-
-	wpa_printf(MSG_DEBUG, "dbus: Unregister STA object '%s'",
-		   station_obj_path);
-	if (wpa_dbus_unregister_object_per_iface(ctrl_iface,
-						 station_obj_path)) {
-		wpa_printf(MSG_ERROR, "dbus: Cannot unregister STA object %s",
-			   station_obj_path);
-		return -1;
-	}
-
-	wpas_dbus_signal_station_removed(wpa_s, station_obj_path);
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_STATIONS);
-
-	return 0;
-}
-
-
-/**
- * wpas_dbus_register_sta - Register a connected station with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @sta: station MAC address
- * Returns: 0 on success, -1 on failure
- *
- * Registers STA representing object with dbus.
- */
-int wpas_dbus_register_sta(struct wpa_supplicant *wpa_s, const u8 *sta)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	struct wpa_dbus_object_desc *obj_desc;
-	char station_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	struct sta_handler_args *arg;
-
-	/* Do nothing if the control interface is not turned on */
-	if (!wpa_s || !wpa_s->global)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (!ctrl_iface)
-		return 0;
-
-	os_snprintf(station_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_STAS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(sta));
-
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto err;
-	}
-
-	arg = os_zalloc(sizeof(struct sta_handler_args));
-	if (!arg) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create arguments for handler");
-		goto err;
-	}
-	arg->wpa_s = wpa_s;
-	arg->sta = sta;
-
-	wpas_dbus_register(obj_desc, arg, wpa_dbus_free, NULL,
-			   wpas_dbus_sta_properties, wpas_dbus_sta_signals);
-
-	wpa_printf(MSG_DEBUG, "dbus: Register STA object '%s'",
-		   station_obj_path);
-	if (wpa_dbus_register_object_per_iface(ctrl_iface, station_obj_path,
-					       wpa_s->ifname, obj_desc)) {
-		wpa_printf(MSG_ERROR,
-			   "Cannot register STA dbus object %s",
-			   station_obj_path);
-		goto err;
-	}
-
-	wpas_dbus_signal_station_added(wpa_s, station_obj_path);
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_STATIONS);
-
-	return 0;
-
-err:
-	free_dbus_object_desc(obj_desc);
-	return -1;
-}
-
-
-static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = {
-	{ "Scan", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_scan,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "SignalPoll", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_signal_poll,
-	  {
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "Disconnect", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_disconnect,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "AddNetwork", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_add_network,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "Reassociate", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_reassociate,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "Reattach", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_reattach,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "Reconnect", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_reconnect,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "RemoveNetwork", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_network,
-	  {
-		  { "path", "o", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveAllNetworks", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_all_networks,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "SelectNetwork", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_select_network,
-	  {
-		  { "path", "o", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "NetworkReply", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_network_reply,
-	  {
-		  { "path", "o", ARG_IN },
-		  { "field", "s", ARG_IN },
-		  { "value", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "Roam", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_roam,
-	  {
-		  { "addr", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	{ "AddBlob", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_add_blob,
-	  {
-		  { "name", "s", ARG_IN },
-		  { "data", "ay", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "GetBlob", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_get_blob,
-	  {
-		  { "name", "s", ARG_IN },
-		  { "data", "ay", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveBlob", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_blob,
-	  {
-		  { "name", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-	{ "SetPKCS11EngineAndModulePath", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler)
-	  wpas_dbus_handler_set_pkcs11_engine_and_module_path,
-	  {
-		  { "pkcs11_engine_path", "s", ARG_IN },
-		  { "pkcs11_module_path", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-#ifdef CONFIG_WPS
-	{ "Start", WPAS_DBUS_NEW_IFACE_WPS,
-	  (WPADBusMethodHandler) wpas_dbus_handler_wps_start,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "output", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "Cancel", WPAS_DBUS_NEW_IFACE_WPS,
-	  (WPADBusMethodHandler) wpas_dbus_handler_wps_cancel,
-	  {
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	{ "Find", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_find,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "StopFind", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_stop_find,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "Listen", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_listen,
-	  {
-		  { "timeout", "i", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "ExtendedListen", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_extendedlisten,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "PresenceRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_presence_request,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_prov_disc_req,
-	  {
-		  { "peer", "o", ARG_IN },
-		  { "config_method", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "Connect", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_connect,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "generated_pin", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GroupAdd", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_group_add,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "Cancel", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_cancel,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "Invite", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_invite,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "Disconnect", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_disconnect,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "RejectPeer", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_rejectpeer,
-	  {
-		  { "peer", "o", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveClient", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_remove_client,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "Flush", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_flush,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "AddService", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_add_service,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "DeleteService", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_delete_service,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "FlushService", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_flush_service,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "ServiceDiscoveryRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_service_sd_req,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "ref", "t", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ServiceDiscoveryResponse", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_service_sd_res,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "ServiceDiscoveryCancelRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_service_sd_cancel_req,
-	  {
-		  { "args", "t", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "ServiceUpdate", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_service_update,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "ServiceDiscoveryExternal", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_p2p_serv_disc_external,
-	  {
-		  { "arg", "i", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "AddPersistentGroup", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_add_persistent_group,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "RemovePersistentGroup", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_persistent_group,
-	  {
-		  { "path", "o", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveAllPersistentGroups", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  (WPADBusMethodHandler)
-	  wpas_dbus_handler_remove_all_persistent_groups,
-	  {
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_P2P */
-	{ "FlushBSS", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_flush_bss,
-	  {
-		  { "age", "u", ARG_IN },
-		  END_ARGS
-	  }
-	},
-#ifdef CONFIG_AP
-	{ "SubscribeProbeReq", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_subscribe_preq,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "UnsubscribeProbeReq", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_unsubscribe_preq,
-	  {
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_AP */
-	{ "EAPLogoff", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_eap_logoff,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "EAPLogon", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_eap_logon,
-	  {
-		  END_ARGS
-	  }
-	},
-#ifdef CONFIG_AUTOSCAN
-	{ "AutoScan", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_autoscan,
-	  {
-		  { "arg", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_AUTOSCAN */
-#ifdef CONFIG_TDLS
-	{ "TDLSDiscover", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_tdls_discover,
-	  {
-		  { "peer_address", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "TDLSSetup", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_tdls_setup,
-	  {
-		  { "peer_address", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "TDLSStatus", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_tdls_status,
-	  {
-		  { "peer_address", "s", ARG_IN },
-		  { "status", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "TDLSTeardown", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_tdls_teardown,
-	  {
-		  { "peer_address", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "TDLSChannelSwitch", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_tdls_channel_switch,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "TDLSCancelChannelSwitch", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_tdls_cancel_channel_switch,
-	  {
-		  { "peer_address", "s", ARG_IN },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_TDLS */
-	{ "VendorElemAdd", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_vendor_elem_add,
-	  {
-		  { "frame_id", "i", ARG_IN },
-		  { "ielems", "ay", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "VendorElemGet", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_vendor_elem_get,
-	  {
-		  { "frame_id", "i", ARG_IN },
-		  { "ielems", "ay", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "VendorElemRem", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_vendor_elem_remove,
-	  {
-		  { "frame_id", "i", ARG_IN },
-		  { "ielems", "ay", ARG_IN },
-		  END_ARGS
-	  }
-	},
-#ifndef CONFIG_NO_CONFIG_WRITE
-	{ "SaveConfig", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_save_config,
-	  {
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_NO_CONFIG_WRITE */
-	{ "AbortScan", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_abort_scan,
-	  {
-		  END_ARGS
-	  }
-	},
-#ifdef CONFIG_INTERWORKING
-	{ "AddCred", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_add_cred,
-	  {
-		  { "args", "a{sv}", ARG_IN },
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveCred", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_cred,
-	  {
-		  { "path", "o", ARG_IN },
-		  END_ARGS
-	  }
-	},
-	{ "RemoveAllCreds", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_remove_all_creds,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "InterworkingSelect", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  (WPADBusMethodHandler) wpas_dbus_handler_interworking_select,
-	  {
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_INTERWORKING */
-	{ NULL, NULL, NULL, { END_ARGS } }
-};
-
-static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
-	{ "Capabilities", WPAS_DBUS_NEW_IFACE_INTERFACE, "a{sv}",
-	  wpas_dbus_getter_capabilities,
-	  NULL,
-	  NULL
-	},
-	{ "State", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_state,
-	  NULL,
-	  NULL
-	},
-	{ "Scanning", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
-	  wpas_dbus_getter_scanning,
-	  NULL,
-	  NULL
-	},
-	{ "ApScan", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-	  wpas_dbus_getter_ap_scan,
-	  wpas_dbus_setter_ap_scan,
-	  NULL
-	},
-	{ "BSSExpireAge", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-	  wpas_dbus_getter_bss_expire_age,
-	  wpas_dbus_setter_bss_expire_age,
-	  NULL
-	},
-	{ "BSSExpireCount", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-	  wpas_dbus_getter_bss_expire_count,
-	  wpas_dbus_setter_bss_expire_count,
-	  NULL
-	},
-	{ "Country", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_country,
-	  wpas_dbus_setter_country,
-	  NULL
-	},
-	{ "Ifname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_ifname,
-	  NULL,
-	  NULL
-	},
-	{ "Driver", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_driver,
-	  NULL,
-	  NULL
-	},
-	{ "BridgeIfname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_bridge_ifname,
-	  wpas_dbus_setter_bridge_ifname,
-	  NULL
-	},
-	{ "ConfigFile", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_config_file,
-	  NULL,
-	  NULL
-	},
-	{ "CurrentBSS", WPAS_DBUS_NEW_IFACE_INTERFACE, "o",
-	  wpas_dbus_getter_current_bss,
-	  NULL,
-	  NULL
-	},
-	{ "CurrentNetwork", WPAS_DBUS_NEW_IFACE_INTERFACE, "o",
-	  wpas_dbus_getter_current_network,
-	  NULL,
-	  NULL
-	},
-	{ "CurrentAuthMode", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_current_auth_mode,
-	  NULL,
-	  NULL
-	},
-	{ "Blobs", WPAS_DBUS_NEW_IFACE_INTERFACE, "a{say}",
-	  wpas_dbus_getter_blobs,
-	  NULL,
-	  NULL
-	},
-	{ "BSSs", WPAS_DBUS_NEW_IFACE_INTERFACE, "ao",
-	  wpas_dbus_getter_bsss,
-	  NULL,
-	  NULL
-	},
-	{ "Networks", WPAS_DBUS_NEW_IFACE_INTERFACE, "ao",
-	  wpas_dbus_getter_networks,
-	  NULL,
-	  NULL
-	},
-	{ "FastReauth", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
-	  wpas_dbus_getter_fast_reauth,
-	  wpas_dbus_setter_fast_reauth,
-	  NULL
-	},
-	{ "ScanInterval", WPAS_DBUS_NEW_IFACE_INTERFACE, "i",
-	  wpas_dbus_getter_scan_interval,
-	  wpas_dbus_setter_scan_interval,
-	  NULL
-	},
-	{ "PKCS11EnginePath", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_pkcs11_engine_path,
-	  NULL,
-	  NULL
-	},
-	{ "PKCS11ModulePath", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
-	  wpas_dbus_getter_pkcs11_module_path,
-	  NULL,
-	  NULL
-	},
-#ifdef CONFIG_WPS
-	{ "ProcessCredentials", WPAS_DBUS_NEW_IFACE_WPS, "b",
-	  wpas_dbus_getter_process_credentials,
-	  wpas_dbus_setter_process_credentials,
-	  NULL
-	},
-	{ "ConfigMethods", WPAS_DBUS_NEW_IFACE_WPS, "s",
-	  wpas_dbus_getter_config_methods,
-	  wpas_dbus_setter_config_methods,
-	  NULL
-	},
-	{
-	  "DeviceName", WPAS_DBUS_NEW_IFACE_WPS, "s",
-	  wpas_dbus_getter_wps_device_name,
-	  wpas_dbus_setter_wps_device_name,
-	  NULL
-	},
-	{
-	  "Manufacturer", WPAS_DBUS_NEW_IFACE_WPS, "s",
-	  wpas_dbus_getter_wps_manufacturer,
-	  wpas_dbus_setter_wps_manufacturer,
-	  NULL
-	},
-	{
-	  "ModelName", WPAS_DBUS_NEW_IFACE_WPS, "s",
-	  wpas_dbus_getter_wps_device_model_name,
-	  wpas_dbus_setter_wps_device_model_name,
-	  NULL
-	},
-	{
-	  "ModelNumber", WPAS_DBUS_NEW_IFACE_WPS, "s",
-	  wpas_dbus_getter_wps_device_model_number,
-	  wpas_dbus_setter_wps_device_model_number,
-	  NULL
-	},
-	{
-	  "SerialNumber", WPAS_DBUS_NEW_IFACE_WPS, "s",
-	  wpas_dbus_getter_wps_device_serial_number,
-	  wpas_dbus_setter_wps_device_serial_number,
-	  NULL
-	},
-	{
-	  "DeviceType", WPAS_DBUS_NEW_IFACE_WPS, "ay",
-	  wpas_dbus_getter_wps_device_device_type,
-	  wpas_dbus_setter_wps_device_device_type,
-	  NULL
-	},
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	{ "P2PDeviceConfig", WPAS_DBUS_NEW_IFACE_P2PDEVICE, "a{sv}",
-	  wpas_dbus_getter_p2p_device_config,
-	  wpas_dbus_setter_p2p_device_config,
-	  NULL
-	},
-	{ "Peers", WPAS_DBUS_NEW_IFACE_P2PDEVICE, "ao",
-	  wpas_dbus_getter_p2p_peers,
-	  NULL,
-	  NULL
-	},
-	{ "Role", WPAS_DBUS_NEW_IFACE_P2PDEVICE, "s",
-	  wpas_dbus_getter_p2p_role,
-	  NULL,
-	  NULL
-	},
-	{ "Group", WPAS_DBUS_NEW_IFACE_P2PDEVICE, "o",
-	  wpas_dbus_getter_p2p_group,
-	  NULL,
-	  NULL
-	},
-	{ "PeerGO", WPAS_DBUS_NEW_IFACE_P2PDEVICE, "o",
-	  wpas_dbus_getter_p2p_peergo,
-	  NULL,
-	  NULL
-	},
-	{ "PersistentGroups", WPAS_DBUS_NEW_IFACE_P2PDEVICE, "ao",
-	  wpas_dbus_getter_persistent_groups,
-	  NULL,
-	  NULL
-	},
-#endif /* CONFIG_P2P */
-	{ "DisconnectReason", WPAS_DBUS_NEW_IFACE_INTERFACE, "i",
-	  wpas_dbus_getter_disconnect_reason,
-	  NULL,
-	  NULL
-	},
-	{ "AuthStatusCode", WPAS_DBUS_NEW_IFACE_INTERFACE, "i",
-	  wpas_dbus_getter_auth_status_code,
-	  NULL,
-	  NULL
-	},
-	{ "AssocStatusCode", WPAS_DBUS_NEW_IFACE_INTERFACE, "i",
-	  wpas_dbus_getter_assoc_status_code,
-	  NULL,
-	  NULL
-	},
-	{
-	  "RoamTime", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-	  wpas_dbus_getter_roam_time,
-	  NULL,
-	  NULL
-	},
-	{
-	  "RoamComplete", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
-	  wpas_dbus_getter_roam_complete,
-	  NULL,
-	  NULL
-	},
-	{
-	  "SessionLength", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-	  wpas_dbus_getter_session_length,
-	  NULL,
-	  NULL
-	},
-	{
-	  "BSSTMStatus", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-	  wpas_dbus_getter_bss_tm_status,
-	  NULL,
-	  NULL
-	},
-#ifdef CONFIG_MESH
-	{ "MeshPeers", WPAS_DBUS_NEW_IFACE_MESH, "aay",
-	  wpas_dbus_getter_mesh_peers,
-	  NULL,
-	  NULL
-	},
-	{ "MeshGroup", WPAS_DBUS_NEW_IFACE_MESH, "ay",
-	  wpas_dbus_getter_mesh_group,
-	  NULL,
-	  NULL
-	},
-#endif /* CONFIG_MESH */
-	{ "Stations", WPAS_DBUS_NEW_IFACE_INTERFACE, "ao",
-	  wpas_dbus_getter_stas,
-	  NULL,
-	  NULL
-	},
-	{ "MACAddressRandomizationMask", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  "a{say}",
-	  wpas_dbus_getter_mac_address_randomization_mask,
-	  wpas_dbus_setter_mac_address_randomization_mask,
-	  NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-static const struct wpa_dbus_signal_desc wpas_dbus_interface_signals[] = {
-	{ "ScanDone", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "success", "b", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "BSSAdded", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "BSSRemoved", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "BlobAdded", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "name", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "BlobRemoved", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "name", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "NetworkAdded", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "NetworkRemoved", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "NetworkSelected", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-#ifdef CONFIG_WPS
-	{ "Event", WPAS_DBUS_NEW_IFACE_WPS,
-	  {
-		  { "name", "s", ARG_OUT },
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "Credentials", WPAS_DBUS_NEW_IFACE_WPS,
-	  {
-		  { "credentials", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_IFACE_WPS,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-	{ "DeviceFound", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "DeviceFoundProperties", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "DeviceLost", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "FindStopped", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryRequestDisplayPin", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  { "pin", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryResponseDisplayPin", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  { "pin", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryRequestEnterPin", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryResponseEnterPin", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryPBCRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryPBCResponse", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ProvisionDiscoveryFailure", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "peer_object", "o", ARG_OUT },
-		  { "status", "i", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GroupStarted", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GroupFormationFailure", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "reason", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GONegotiationSuccess", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GONegotiationFailure", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GONegotiationRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "dev_passwd_id", "q", ARG_OUT },
-		  { "device_go_intent", "y", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "InvitationResult", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "invite_result", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "GroupFinished", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ServiceDiscoveryRequest", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "sd_request", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "ServiceDiscoveryResponse", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "sd_response", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "PersistentGroupAdded", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "PersistentGroupRemoved", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "WpsFailed", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "name", "s", ARG_OUT },
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "InvitationReceived", WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_AP
-	{ "ProbeRequest", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_AP */
-	{ "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "certification", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "EAP", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "status", "s", ARG_OUT },
-		  { "parameter", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "StaAuthorized", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "name", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "StaDeauthorized", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "name", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "StationAdded", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "StationRemoved", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "NetworkRequest", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "path", "o", ARG_OUT },
-		  { "field", "s", ARG_OUT },
-		  { "text", "s", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-#ifdef CONFIG_MESH
-	{ "MeshGroupStarted", WPAS_DBUS_NEW_IFACE_MESH,
-	  {
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "MeshGroupRemoved", WPAS_DBUS_NEW_IFACE_MESH,
-	  {
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "MeshPeerConnected", WPAS_DBUS_NEW_IFACE_MESH,
-	  {
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "MeshPeerDisconnected", WPAS_DBUS_NEW_IFACE_MESH,
-	  {
-		  { "args", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_INTERWORKING
-	{ "InterworkingAPAdded", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  { "bss", "o", ARG_OUT },
-		  { "cred", "o", ARG_OUT },
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "InterworkingSelectDone", WPAS_DBUS_NEW_IFACE_INTERFACE,
-	  {
-		  END_ARGS
-	  }
-	},
-#endif /* CONFIG_INTERWORKING */
-	{ NULL, NULL, { END_ARGS } }
-};
-
-
-static int wpa_dbus_ctrl_iface_props_init(struct wpas_dbus_priv *priv)
-{
-	size_t all_size;
-	unsigned int i, j, count, num_const, num_globals;
-	const char *global_name;
-	static const char * const ignored_globals[] = {
-		"bss_expiration_age", "bss_expiration_scan_count",
-		"ap_scan", "country", "fast_reauth",
-		"pkcs11_engine_path", "pkcs11_module_path"
-	};
-
-	/* wpas_dbus_interface_properties terminates with a NULL element */
-	num_const = ARRAY_SIZE(wpas_dbus_interface_properties) - 1;
-
-	num_globals = wpa_config_get_num_global_field_names();
-	priv->globals_start = num_const;
-
-	/* allocate enough for all properties + terminating NULL element */
-	all_size = (num_globals + num_const + 1) *
-		sizeof(wpas_dbus_interface_properties[0]);
-	priv->all_interface_properties = os_zalloc(all_size);
-	if (!priv->all_interface_properties) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: Not enough memory for interface properties");
-		return -1;
-	}
-
-	/* Copy constant interface properties to the start of the array */
-	os_memcpy(priv->all_interface_properties,
-		  wpas_dbus_interface_properties,
-		  sizeof(wpas_dbus_interface_properties));
-
-	/* Dynamically construct interface global properties */
-	for (i = 0, count = num_const; i < num_globals; i++) {
-		struct wpa_dbus_property_desc *desc;
-		int no_var = 0;
-
-		/* ignore globals that are actually just methods */
-		global_name = wpa_config_get_global_field_name(i, &no_var);
-		if (no_var)
-			continue;
-		/* Ignore fields already explicitly exposed */
-		for (j = 0; j < ARRAY_SIZE(ignored_globals); j++) {
-			if (os_strcmp(global_name, ignored_globals[j]) == 0)
-				break;
-		}
-		if (j < ARRAY_SIZE(ignored_globals))
-			continue;
-
-		desc = &priv->all_interface_properties[count++];
-		desc->dbus_property = uscore_to_dbus(global_name);
-		if (!desc->dbus_property) {
-			wpa_printf(MSG_ERROR,
-				   "dbus: Not enough memory for D-Bus property name");
-			goto error;
-		}
-		desc->dbus_interface = WPAS_DBUS_NEW_IFACE_INTERFACE;
-		desc->type = "s";
-		desc->getter = wpas_dbus_getter_iface_global;
-		desc->setter = wpas_dbus_setter_iface_global;
-		desc->data = global_name;
-	}
-
-	return 0;
-
-error:
-	wpa_dbus_ctrl_iface_props_deinit(priv);
-	return -1;
-}
-
-
-/**
- * wpas_dbus_register_interface - Register an interface with D-Bus
- * @wpa_s: wpa_supplicant interface structure
- * Returns: 0 on success, -1 on failure
- */
-int wpas_dbus_register_interface(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_dbus_object_desc *obj_desc = NULL;
-	struct wpas_dbus_priv *ctrl_iface = wpa_s->global->dbus;
-	int next;
-
-	/* Do nothing if the control interface is not turned on */
-	if (ctrl_iface == NULL)
-		return 0;
-
-	/* Create and set the interface's object path */
-	wpa_s->dbus_new_path = os_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
-	if (wpa_s->dbus_new_path == NULL)
-		return -1;
-	next = ctrl_iface->next_objid++;
-	os_snprintf(wpa_s->dbus_new_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    WPAS_DBUS_NEW_PATH_INTERFACES "/%u",
-		    next);
-
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto err;
-	}
-
-	wpas_dbus_register(obj_desc, wpa_s, NULL, wpas_dbus_interface_methods,
-			   ctrl_iface->all_interface_properties,
-			   wpas_dbus_interface_signals);
-
-	wpa_printf(MSG_DEBUG, "dbus: Register interface object '%s'",
-		   wpa_s->dbus_new_path);
-	if (wpa_dbus_register_object_per_iface(ctrl_iface,
-					       wpa_s->dbus_new_path,
-					       wpa_s->ifname, obj_desc))
-		goto err;
-
-	wpas_dbus_signal_interface_added(wpa_s);
-
-	return 0;
-
-err:
-	os_free(wpa_s->dbus_new_path);
-	wpa_s->dbus_new_path = NULL;
-	free_dbus_object_desc(obj_desc);
-	return -1;
-}
-
-
-/**
- * wpas_dbus_unregister_interface - Unregister the interface from D-Bus
- * @wpa_s: wpa_supplicant interface structure
- * Returns: 0 on success, -1 on failure
- */
-int wpas_dbus_unregister_interface(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return 0;
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL || wpa_s->dbus_new_path == NULL)
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "dbus: Unregister interface object '%s'",
-		   wpa_s->dbus_new_path);
-
-#ifdef CONFIG_AP
-	if (wpa_s->preq_notify_peer) {
-		wpas_dbus_unsubscribe_noc(ctrl_iface);
-		os_free(wpa_s->preq_notify_peer);
-		wpa_s->preq_notify_peer = NULL;
-	}
-#endif /* CONFIG_AP */
-
-	if (wpa_dbus_unregister_object_per_iface(ctrl_iface,
-						 wpa_s->dbus_new_path))
-		return -1;
-
-	wpas_dbus_signal_interface_removed(wpa_s);
-
-	os_free(wpa_s->dbus_new_path);
-	wpa_s->dbus_new_path = NULL;
-
-	return 0;
-}
-
-#ifdef CONFIG_P2P
-
-static const struct wpa_dbus_property_desc wpas_dbus_p2p_peer_properties[] = {
-	{ "DeviceName", WPAS_DBUS_NEW_IFACE_P2P_PEER, "s",
-	  wpas_dbus_getter_p2p_peer_device_name,
-	  NULL,
-	  NULL
-	},
-	{ "Manufacturer", WPAS_DBUS_NEW_IFACE_P2P_PEER, "s",
-	  wpas_dbus_getter_p2p_peer_manufacturer,
-	  NULL,
-	  NULL
-	},
-	{ "ModelName", WPAS_DBUS_NEW_IFACE_P2P_PEER, "s",
-	  wpas_dbus_getter_p2p_peer_modelname,
-	  NULL,
-	  NULL
-	},
-	{ "ModelNumber", WPAS_DBUS_NEW_IFACE_P2P_PEER, "s",
-	  wpas_dbus_getter_p2p_peer_modelnumber,
-	  NULL,
-	  NULL
-	},
-	{ "SerialNumber", WPAS_DBUS_NEW_IFACE_P2P_PEER, "s",
-	  wpas_dbus_getter_p2p_peer_serialnumber,
-	  NULL,
-	  NULL
-	},
-	{ "PrimaryDeviceType", WPAS_DBUS_NEW_IFACE_P2P_PEER, "ay",
-	  wpas_dbus_getter_p2p_peer_primary_device_type,
-	  NULL,
-	  NULL
-	},
-	{ "config_method", WPAS_DBUS_NEW_IFACE_P2P_PEER, "q",
-	  wpas_dbus_getter_p2p_peer_config_method,
-	  NULL,
-	  NULL
-	},
-	{ "level", WPAS_DBUS_NEW_IFACE_P2P_PEER, "i",
-	  wpas_dbus_getter_p2p_peer_level,
-	  NULL,
-	  NULL
-	},
-	{ "devicecapability", WPAS_DBUS_NEW_IFACE_P2P_PEER, "y",
-	  wpas_dbus_getter_p2p_peer_device_capability,
-	  NULL,
-	  NULL
-	},
-	{ "groupcapability", WPAS_DBUS_NEW_IFACE_P2P_PEER, "y",
-	  wpas_dbus_getter_p2p_peer_group_capability,
-	  NULL,
-	  NULL
-	},
-	{ "SecondaryDeviceTypes", WPAS_DBUS_NEW_IFACE_P2P_PEER, "aay",
-	  wpas_dbus_getter_p2p_peer_secondary_device_types,
-	  NULL,
-	  NULL
-	},
-	{ "VendorExtension", WPAS_DBUS_NEW_IFACE_P2P_PEER, "aay",
-	  wpas_dbus_getter_p2p_peer_vendor_extension,
-	  NULL,
-	  NULL
-	},
-	{ "IEs", WPAS_DBUS_NEW_IFACE_P2P_PEER, "ay",
-	  wpas_dbus_getter_p2p_peer_ies,
-	  NULL,
-	  NULL
-	},
-	{ "DeviceAddress", WPAS_DBUS_NEW_IFACE_P2P_PEER, "ay",
-	  wpas_dbus_getter_p2p_peer_device_address,
-	  NULL,
-	  NULL
-	},
-	{ "Groups", WPAS_DBUS_NEW_IFACE_P2P_PEER, "ao",
-	  wpas_dbus_getter_p2p_peer_groups,
-	  NULL,
-	  NULL
-	},
-	{ "VSIE", WPAS_DBUS_NEW_IFACE_P2P_PEER, "ay",
-	  wpas_dbus_getter_p2p_peer_vsie,
-	  NULL,
-	  NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-static const struct wpa_dbus_signal_desc wpas_dbus_p2p_peer_signals[] = {
-	/* Deprecated: use org.freedesktop.DBus.Properties.PropertiesChanged */
-	{ "PropertiesChanged", WPAS_DBUS_NEW_IFACE_P2P_PEER,
-	  {
-		  { "properties", "a{sv}", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ NULL, NULL, { END_ARGS } }
-};
-
-/**
- * wpas_dbus_signal_peer - Send a peer related event signal
- * @wpa_s: %wpa_supplicant network interface data
- * @dev: peer device object
- * @interface: name of the interface emitting this signal.
- *	In case of peer objects, it would be emitted by either
- *	the "interface object" or by "peer objects"
- * @sig_name: signal name - DeviceFound
- * @properties: Whether to add a second argument with object properties
- *
- * Notify listeners about event related with p2p peer device
- */
-static void wpas_dbus_signal_peer(struct wpa_supplicant *wpa_s,
-				  const u8 *dev_addr, const char *interface,
-				  const char *sig_name, dbus_bool_t properties)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-	DBusMessageIter iter;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(dev_addr));
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path, interface,
-				      sig_name);
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &iter);
-	path = peer_obj_path;
-	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_OBJECT_PATH,
-					    &path) ||
-	    (properties && !wpa_dbus_get_object_properties(
-		    iface, peer_obj_path, WPAS_DBUS_NEW_IFACE_P2P_PEER,
-		    &iter)))
-		wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-	else
-		dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_peer_found - Send a peer found signal
- * @wpa_s: %wpa_supplicant network interface data
- * @dev_addr: Peer P2P Device Address
- *
- * Notify listeners about find a p2p peer device found
- */
-void wpas_dbus_signal_peer_device_found(struct wpa_supplicant *wpa_s,
-					const u8 *dev_addr)
-{
-	wpas_dbus_signal_peer(wpa_s, dev_addr,
-			      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-			      "DeviceFound", FALSE);
-
-	wpas_dbus_signal_peer(wpa_s, dev_addr,
-			      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-			      "DeviceFoundProperties", TRUE);
-}
-
-/**
- * wpas_dbus_signal_peer_lost - Send a peer lost signal
- * @wpa_s: %wpa_supplicant network interface data
- * @dev_addr: Peer P2P Device Address
- *
- * Notify listeners about lost a p2p peer device
- */
-void wpas_dbus_signal_peer_device_lost(struct wpa_supplicant *wpa_s,
-				       const u8 *dev_addr)
-{
-	wpas_dbus_signal_peer(wpa_s, dev_addr,
-			      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-			      "DeviceLost", FALSE);
-}
-
-/**
- * wpas_dbus_register_peer - Register a discovered peer object with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @dev_addr: P2P Device Address of the peer
- * Returns: 0 on success, -1 on failure
- *
- * Registers network representing object with dbus
- */
-int wpas_dbus_register_peer(struct wpa_supplicant *wpa_s, const u8 *dev_addr)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	struct wpa_dbus_object_desc *obj_desc;
-	struct peer_handler_args *arg;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return 0;
-
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	wpa_s = wpa_s->parent->parent;
-	if (!wpa_s->dbus_new_path)
-		return 0;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(dev_addr));
-
-	wpa_printf(MSG_INFO, "dbus: Register peer object '%s'",
-		   peer_obj_path);
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto err;
-	}
-
-	/* allocate memory for handlers arguments */
-	arg = os_zalloc(sizeof(struct peer_handler_args));
-	if (!arg) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create arguments for method");
-		goto err;
-	}
-
-	arg->wpa_s = wpa_s;
-	os_memcpy(arg->p2p_device_addr, dev_addr, ETH_ALEN);
-
-	wpas_dbus_register(obj_desc, arg, wpa_dbus_free,
-			   NULL,
-			   wpas_dbus_p2p_peer_properties,
-			   wpas_dbus_p2p_peer_signals);
-
-	if (wpa_dbus_register_object_per_iface(ctrl_iface, peer_obj_path,
-					       wpa_s->ifname, obj_desc))
-		goto err;
-
-	return 0;
-
-err:
-	free_dbus_object_desc(obj_desc);
-	return -1;
-}
-
-/**
- * wpas_dbus_unregister_peer - Unregister a peer object with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @dev_addr: p2p device addr
- * Returns: 0 on success, -1 on failure
- *
- * Registers network representing object with dbus
- */
-int wpas_dbus_unregister_peer(struct wpa_supplicant *wpa_s,
-				  const u8 *dev_addr)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	int ret;
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return 0;
-
-	wpa_s = wpa_s->parent->parent;
-	if (!wpa_s->dbus_new_path)
-		return 0;
-
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(dev_addr));
-
-	wpa_printf(MSG_INFO, "dbus: Unregister peer object '%s'",
-		   peer_obj_path);
-	ret = wpa_dbus_unregister_object_per_iface(ctrl_iface, peer_obj_path);
-
-	return ret;
-}
-
-
-/**
- * wpas_dbus_signal_p2p_find_stopped - Send P2P Find stopped signal
- * @wpa_s: %wpa_supplicant network interface data
- *
- * Notify listeners about P2P Find stopped
- */
-void wpas_dbus_signal_p2p_find_stopped(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_dbus_priv *iface;
-	DBusMessage *msg;
-
-	iface = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (iface == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	if (!wpa_s->dbus_new_path)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_P2PDEVICE,
-				      "FindStopped");
-	if (msg == NULL)
-		return;
-
-	dbus_connection_send(iface->con, msg, NULL);
-
-	dbus_message_unref(msg);
-}
-
-
-/**
- * wpas_dbus_signal_peer_groups_changed - Send peer group change property signal
- * @wpa_s: %wpa_supplicant network interface data
- * @dev_addr: P2P Device Address
- *
- * Notify listeners about peer Groups property changes.
- */
-void wpas_dbus_signal_peer_groups_changed(struct wpa_supplicant *wpa_s,
-					  const u8 *dev_addr)
-{
-	char peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	if (!wpa_s->dbus_new_path)
-		return;
-	os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
-		    wpa_s->dbus_new_path, MAC2STR(dev_addr));
-
-	wpa_dbus_mark_property_changed(wpa_s->global->dbus, peer_obj_path,
-				       WPAS_DBUS_NEW_IFACE_P2P_PEER, "Groups");
-}
-
-
-static const struct wpa_dbus_property_desc wpas_dbus_p2p_group_properties[] = {
-	{ "Members", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "ao",
-	  wpas_dbus_getter_p2p_group_members,
-	  NULL,
-	  NULL
-	},
-	{ "Group", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "o",
-	  wpas_dbus_getter_p2p_group,
-	  NULL,
-	  NULL
-	},
-	{ "Role", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "s",
-	  wpas_dbus_getter_p2p_role,
-	  NULL,
-	  NULL
-	},
-	{ "SSID", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "ay",
-	  wpas_dbus_getter_p2p_group_ssid,
-	  NULL,
-	  NULL
-	},
-	{ "BSSID", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "ay",
-	  wpas_dbus_getter_p2p_group_bssid,
-	  NULL,
-	  NULL
-	},
-	{ "Frequency", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "q",
-	  wpas_dbus_getter_p2p_group_frequency,
-	  NULL,
-	  NULL
-	},
-	{ "Passphrase", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "s",
-	  wpas_dbus_getter_p2p_group_passphrase,
-	  NULL,
-	  NULL
-	},
-	{ "PSK", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "ay",
-	  wpas_dbus_getter_p2p_group_psk,
-	  NULL,
-	  NULL
-	},
-	{ "WPSVendorExtensions", WPAS_DBUS_NEW_IFACE_P2P_GROUP, "aay",
-	  wpas_dbus_getter_p2p_group_vendor_ext,
-	  wpas_dbus_setter_p2p_group_vendor_ext,
-	  NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-static const struct wpa_dbus_signal_desc wpas_dbus_p2p_group_signals[] = {
-	{ "PeerJoined", WPAS_DBUS_NEW_IFACE_P2P_GROUP,
-	  {
-		  { "peer", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ "PeerDisconnected", WPAS_DBUS_NEW_IFACE_P2P_GROUP,
-	  {
-		  { "peer", "o", ARG_OUT },
-		  END_ARGS
-	  }
-	},
-	{ NULL, NULL, { END_ARGS } }
-};
-
-/**
- * wpas_dbus_register_p2p_group - Register a p2p group object with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @ssid: SSID struct
- * Returns: 0 on success, -1 on failure
- *
- * Registers p2p group representing object with dbus
- */
-void wpas_dbus_register_p2p_group(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	struct wpa_dbus_object_desc *obj_desc;
-	char group_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return;
-
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return;
-
-	if (wpa_s->dbus_groupobj_path) {
-		wpa_printf(MSG_INFO, "%s: Group object '%s' already exists",
-			   __func__, wpa_s->dbus_groupobj_path);
-		return;
-	}
-
-	if (wpas_dbus_get_group_obj_path(wpa_s, ssid, group_obj_path) < 0)
-		return;
-
-	wpa_s->dbus_groupobj_path = os_strdup(group_obj_path);
-	if (wpa_s->dbus_groupobj_path == NULL)
-		return;
-
-	wpa_printf(MSG_INFO, "dbus: Register group object '%s'",
-		   group_obj_path);
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "Not enough memory to create object description");
-		goto err;
-	}
-
-	wpas_dbus_register(obj_desc, wpa_s, NULL, NULL,
-			   wpas_dbus_p2p_group_properties,
-			   wpas_dbus_p2p_group_signals);
-
-	if (wpa_dbus_register_object_per_iface(ctrl_iface, group_obj_path,
-					       wpa_s->ifname, obj_desc))
-		goto err;
-
-	return;
-
-err:
-	if (wpa_s->dbus_groupobj_path) {
-		os_free(wpa_s->dbus_groupobj_path);
-		wpa_s->dbus_groupobj_path = NULL;
-	}
-
-	free_dbus_object_desc(obj_desc);
-}
-
-/**
- * wpas_dbus_unregister_p2p_group - Unregister a p2p group object from dbus
- * @wpa_s: wpa_supplicant interface structure
- * @ssid: network name of the p2p group started
- */
-void wpas_dbus_unregister_p2p_group(struct wpa_supplicant *wpa_s,
-				    const struct wpa_ssid *ssid)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return;
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return;
-
-	if (!wpa_s->dbus_groupobj_path) {
-		wpa_printf(MSG_DEBUG,
-			   "%s: Group object has already unregistered",
-			   __func__);
-		return;
-	}
-
-	peer_groups_changed(wpa_s);
-
-	wpa_printf(MSG_DEBUG, "dbus: Unregister group object '%s'",
-		   wpa_s->dbus_groupobj_path);
-
-	wpa_dbus_unregister_object_per_iface(ctrl_iface,
-					     wpa_s->dbus_groupobj_path);
-
-	os_free(wpa_s->dbus_groupobj_path);
-	wpa_s->dbus_groupobj_path = NULL;
-}
-
-static const struct wpa_dbus_property_desc
-	wpas_dbus_persistent_group_properties[] = {
-	{ "Properties", WPAS_DBUS_NEW_IFACE_PERSISTENT_GROUP, "a{sv}",
-	  wpas_dbus_getter_persistent_group_properties,
-	  wpas_dbus_setter_persistent_group_properties,
-	  NULL
-	},
-	{ NULL, NULL, NULL, NULL, NULL, NULL }
-};
-
-/* No signals intended for persistent group objects */
-
-/**
- * wpas_dbus_register_persistent_group - Register a configured(saved)
- *	persistent group with dbus
- * @wpa_s: wpa_supplicant interface structure
- * @ssid: persistent group (still represented as a network within wpa)
- *	  configuration data
- * Returns: 0 on success, -1 on failure
- *
- * Registers a persistent group representing object with dbus.
- */
-int wpas_dbus_register_persistent_group(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	struct wpa_dbus_object_desc *obj_desc;
-	struct network_handler_args *arg;
-	char pgrp_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return 0;
-	wpa_s = wpa_s->parent->parent;
-	if (!wpa_s->dbus_new_path)
-		return 0;
-
-	/* Make sure ssid is a persistent group */
-	if (ssid->disabled != 2 && !ssid->p2p_persistent_group)
-		return -1; /* should we return w/o complaining? */
-
-	if (wpa_s->p2p_mgmt)
-		wpa_s = wpa_s->parent;
-
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL)
-		return 0;
-
-	/*
-	 * Intentionally not coming up with different numbering scheme
-	 * for persistent groups.
-	 */
-	os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%u",
-		    wpa_s->dbus_new_path, ssid->id);
-
-	wpa_printf(MSG_DEBUG, "dbus: Register persistent group object '%s'",
-		   pgrp_obj_path);
-	obj_desc = os_zalloc(sizeof(struct wpa_dbus_object_desc));
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: Not enough memory to create object description");
-		goto err;
-	}
-
-	/*
-	 * Reusing the same context structure as that for networks
-	 * since these are represented using same data structure.
-	 */
-	/* allocate memory for handlers arguments */
-	arg = os_zalloc(sizeof(struct network_handler_args));
-	if (!arg) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: Not enough memory to create arguments for method");
-		goto err;
-	}
-
-	arg->wpa_s = wpa_s;
-	arg->ssid = ssid;
-
-	wpas_dbus_register(obj_desc, arg, wpa_dbus_free, NULL,
-			   wpas_dbus_persistent_group_properties,
-			   NULL);
-
-	if (wpa_dbus_register_object_per_iface(ctrl_iface, pgrp_obj_path,
-					       wpa_s->ifname, obj_desc))
-		goto err;
-
-	wpas_dbus_signal_persistent_group_added(wpa_s, ssid->id);
-
-	return 0;
-
-err:
-	free_dbus_object_desc(obj_desc);
-	return -1;
-}
-
-
-/**
- * wpas_dbus_unregister_persistent_group - Unregister a persistent_group
- *	from dbus
- * @wpa_s: wpa_supplicant interface structure
- * @nid: network id
- * Returns: 0 on success, -1 on failure
- *
- * Unregisters persistent group representing object from dbus
- *
- * NOTE: There is a slight issue with the semantics here. While the
- * implementation simply means the persistent group is unloaded from memory,
- * it should not get interpreted as the group is actually being erased/removed
- * from persistent storage as well.
- */
-int wpas_dbus_unregister_persistent_group(struct wpa_supplicant *wpa_s,
-					  int nid)
-{
-	struct wpas_dbus_priv *ctrl_iface;
-	char pgrp_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	int ret;
-
-	/* Do nothing if the control interface is not turned on */
-	if (wpa_s == NULL || wpa_s->global == NULL)
-		return 0;
-
-	wpa_s = wpa_s->parent->parent;
-
-	ctrl_iface = wpa_s->global->dbus;
-	if (ctrl_iface == NULL || !wpa_s->dbus_new_path)
-		return 0;
-
-	os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%u",
-		    wpa_s->dbus_new_path, nid);
-
-	wpa_printf(MSG_DEBUG, "dbus: Unregister persistent group object '%s'",
-		   pgrp_obj_path);
-	ret = wpa_dbus_unregister_object_per_iface(ctrl_iface, pgrp_obj_path);
-
-	if (!ret)
-		wpas_dbus_signal_persistent_group_removed(wpa_s, nid);
-
-	return ret;
-}
-
-#endif /* CONFIG_P2P */
diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
deleted file mode 100644
index 26bdcb548de8..000000000000
--- a/wpa_supplicant/dbus/dbus_new.h
+++ /dev/null
@@ -1,648 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009-2010, Witold Sowa <witold.sowa@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef CTRL_IFACE_DBUS_NEW_H
-#define CTRL_IFACE_DBUS_NEW_H
-
-#include "common/defs.h"
-#include "p2p/p2p.h"
-
-struct wpa_global;
-struct wpa_supplicant;
-struct wpa_ssid;
-struct wpa_cred;
-struct wpa_bss;
-struct wps_event_m2d;
-struct wps_event_fail;
-struct wps_credential;
-
-enum wpas_dbus_prop {
-	WPAS_DBUS_PROP_AP_SCAN,
-	WPAS_DBUS_PROP_SCANNING,
-	WPAS_DBUS_PROP_STATE,
-	WPAS_DBUS_PROP_CURRENT_BSS,
-	WPAS_DBUS_PROP_CURRENT_NETWORK,
-	WPAS_DBUS_PROP_CURRENT_AUTH_MODE,
-	WPAS_DBUS_PROP_BSSS,
-	WPAS_DBUS_PROP_STATIONS,
-	WPAS_DBUS_PROP_DISCONNECT_REASON,
-	WPAS_DBUS_PROP_AUTH_STATUS_CODE,
-	WPAS_DBUS_PROP_ASSOC_STATUS_CODE,
-	WPAS_DBUS_PROP_ROAM_TIME,
-	WPAS_DBUS_PROP_ROAM_COMPLETE,
-	WPAS_DBUS_PROP_SESSION_LENGTH,
-	WPAS_DBUS_PROP_BSS_TM_STATUS,
-};
-
-enum wpas_dbus_bss_prop {
-	WPAS_DBUS_BSS_PROP_SIGNAL,
-	WPAS_DBUS_BSS_PROP_FREQ,
-	WPAS_DBUS_BSS_PROP_MODE,
-	WPAS_DBUS_BSS_PROP_PRIVACY,
-	WPAS_DBUS_BSS_PROP_RATES,
-	WPAS_DBUS_BSS_PROP_WPA,
-	WPAS_DBUS_BSS_PROP_RSN,
-	WPAS_DBUS_BSS_PROP_WPS,
-	WPAS_DBUS_BSS_PROP_IES,
-	WPAS_DBUS_BSS_PROP_AGE,
-};
-
-enum wpas_dbus_sta_prop {
-	WPAS_DBUS_STA_PROP_ADDRESS,
-};
-
-#define WPAS_DBUS_OBJECT_PATH_MAX 150
-
-#define WPAS_DBUS_NEW_SERVICE		"fi.w1.wpa_supplicant1"
-#define WPAS_DBUS_NEW_PATH		"/fi/w1/wpa_supplicant1"
-#define WPAS_DBUS_NEW_INTERFACE		"fi.w1.wpa_supplicant1"
-
-#define WPAS_DBUS_NEW_PATH_INTERFACES	WPAS_DBUS_NEW_PATH "/Interfaces"
-#define WPAS_DBUS_NEW_IFACE_INTERFACE	WPAS_DBUS_NEW_INTERFACE ".Interface"
-#define WPAS_DBUS_NEW_IFACE_WPS WPAS_DBUS_NEW_IFACE_INTERFACE ".WPS"
-
-#define WPAS_DBUS_NEW_NETWORKS_PART "Networks"
-#define WPAS_DBUS_NEW_IFACE_NETWORK WPAS_DBUS_NEW_INTERFACE ".Network"
-
-#define WPAS_DBUS_NEW_BSSIDS_PART "BSSs"
-#define WPAS_DBUS_NEW_IFACE_BSS	WPAS_DBUS_NEW_INTERFACE ".BSS"
-
-#define WPAS_DBUS_NEW_STAS_PART "Stations"
-#define WPAS_DBUS_NEW_IFACE_STA	WPAS_DBUS_NEW_INTERFACE ".Station"
-
-#define WPAS_DBUS_NEW_IFACE_P2PDEVICE	\
-		WPAS_DBUS_NEW_IFACE_INTERFACE ".P2PDevice"
-
-#define WPAS_DBUS_NEW_IFACE_MESH WPAS_DBUS_NEW_IFACE_INTERFACE ".Mesh"
-
-/*
- * Groups correspond to P2P groups where this device is a GO (owner)
- */
-#define WPAS_DBUS_NEW_P2P_GROUPS_PART	"Groups"
-#define	WPAS_DBUS_NEW_IFACE_P2P_GROUP WPAS_DBUS_NEW_INTERFACE ".Group"
-
-/*
- * Different dbus object for persistent groups so they do not get confused
- * with regular (configured) network objects.
- */
-#define WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "PersistentGroups"
-#define WPAS_DBUS_NEW_IFACE_PERSISTENT_GROUP \
-	WPAS_DBUS_NEW_INTERFACE ".PersistentGroup"
-
-#define WPAS_DBUS_NEW_P2P_PEERS_PART	"Peers"
-#define	WPAS_DBUS_NEW_IFACE_P2P_PEER WPAS_DBUS_NEW_INTERFACE ".Peer"
-
-#define WPAS_DBUS_NEW_CREDENTIALS_PART "Credentials"
-#define WPAS_DBUS_NEW_IFACE_CREDENTIAL WPAS_DBUS_NEW_INTERFACE ".Credential"
-
-/* Top-level Errors */
-#define WPAS_DBUS_ERROR_UNKNOWN_ERROR \
-	WPAS_DBUS_NEW_INTERFACE ".UnknownError"
-#define WPAS_DBUS_ERROR_INVALID_ARGS \
-	WPAS_DBUS_NEW_INTERFACE ".InvalidArgs"
-
-#define WPAS_DBUS_ERROR_IFACE_EXISTS \
-	WPAS_DBUS_NEW_INTERFACE ".InterfaceExists"
-#define WPAS_DBUS_ERROR_IFACE_DISABLED            \
-	WPAS_DBUS_NEW_INTERFACE ".InterfaceDisabled"
-#define WPAS_DBUS_ERROR_IFACE_UNKNOWN \
-	WPAS_DBUS_NEW_INTERFACE ".InterfaceUnknown"
-
-#define WPAS_DBUS_ERROR_NOT_CONNECTED \
-	WPAS_DBUS_NEW_INTERFACE ".NotConnected"
-#define WPAS_DBUS_ERROR_NETWORK_UNKNOWN \
-	WPAS_DBUS_NEW_INTERFACE ".NetworkUnknown"
-
-#define WPAS_DBUS_ERROR_CONNECT_CHANNEL_UNAVAILABLE \
-	WPAS_DBUS_NEW_INTERFACE ".ConnectChannelUnavailable"
-#define WPAS_DBUS_ERROR_CONNECT_CHANNEL_UNSUPPORTED \
-	WPAS_DBUS_NEW_INTERFACE ".ConnectChannelUnsupported"
-#define WPAS_DBUS_ERROR_CONNECT_UNSPECIFIED_ERROR \
-	WPAS_DBUS_NEW_INTERFACE ".ConnectUnspecifiedError"
-
-#define WPAS_DBUS_ERROR_BLOB_EXISTS \
-	WPAS_DBUS_NEW_INTERFACE ".BlobExists"
-#define WPAS_DBUS_ERROR_BLOB_UNKNOWN \
-	WPAS_DBUS_NEW_INTERFACE ".BlobUnknown"
-
-#define WPAS_DBUS_ERROR_SUBSCRIPTION_IN_USE \
-	WPAS_DBUS_NEW_INTERFACE ".SubscriptionInUse"
-#define WPAS_DBUS_ERROR_NO_SUBSCRIPTION \
-	WPAS_DBUS_NEW_INTERFACE ".NoSubscription"
-#define WPAS_DBUS_ERROR_SUBSCRIPTION_EPERM \
-	WPAS_DBUS_NEW_INTERFACE ".SubscriptionNotYou"
-
-/* Interface-level errors */
-#define WPAS_DBUS_ERROR_IFACE_SCAN_ERROR \
-	WPAS_DBUS_NEW_IFACE_INTERFACE ".ScanError"
-
-void wpas_dbus_subscribe_noc(struct wpas_dbus_priv *priv);
-void wpas_dbus_unsubscribe_noc(struct wpas_dbus_priv *priv);
-
-
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-
-int wpas_dbus_ctrl_iface_init(struct wpas_dbus_priv *priv);
-void wpas_dbus_ctrl_iface_deinit(struct wpas_dbus_priv *iface);
-
-int wpas_dbus_register_interface(struct wpa_supplicant *wpa_s);
-int wpas_dbus_unregister_interface(struct wpa_supplicant *wpa_s);
-void wpas_dbus_signal_prop_changed(struct wpa_supplicant *wpa_s,
-				   enum wpas_dbus_prop property);
-void wpas_dbus_bss_signal_prop_changed(struct wpa_supplicant *wpa_s,
-				       enum wpas_dbus_bss_prop property,
-				       unsigned int id);
-void wpas_dbus_signal_network_enabled_changed(struct wpa_supplicant *wpa_s,
-					      struct wpa_ssid *ssid);
-void wpas_dbus_signal_network_selected(struct wpa_supplicant *wpa_s, int id);
-void wpas_dbus_signal_network_request(struct wpa_supplicant *wpa_s,
-				      struct wpa_ssid *ssid,
-				      enum wpa_ctrl_req_type rtype,
-				      const char *default_text);
-void wpas_dbus_signal_scan_done(struct wpa_supplicant *wpa_s, int success);
-void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s,
-			       const struct wps_credential *cred);
-void wpas_dbus_signal_wps_event_m2d(struct wpa_supplicant *wpa_s,
-				    struct wps_event_m2d *m2d);
-void wpas_dbus_signal_wps_event_fail(struct wpa_supplicant *wpa_s,
-				     struct wps_event_fail *fail);
-void wpas_dbus_signal_wps_event_success(struct wpa_supplicant *wpa_s);
-void wpas_dbus_signal_wps_event_pbc_overlap(struct wpa_supplicant *wpa_s);
-int wpas_dbus_register_network(struct wpa_supplicant *wpa_s,
-			       struct wpa_ssid *ssid);
-int wpas_dbus_unregister_network(struct wpa_supplicant *wpa_s, int nid);
-int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s,
-			     u8 bssid[ETH_ALEN], unsigned int id);
-int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s,
-			   u8 bssid[ETH_ALEN], unsigned int id);
-int wpas_dbus_unregister_sta(struct wpa_supplicant *wpa_s, const u8 *sta);
-int wpas_dbus_register_sta(struct wpa_supplicant *wpa_s, const u8 *sta);
-void wpas_dbus_signal_blob_added(struct wpa_supplicant *wpa_s,
-				 const char *name);
-void wpas_dbus_signal_blob_removed(struct wpa_supplicant *wpa_s,
-				   const char *name);
-void wpas_dbus_signal_debug_level_changed(struct wpa_global *global);
-void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global);
-void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global);
-
-int wpas_dbus_register_peer(struct wpa_supplicant *wpa_s, const u8 *dev_addr);
-void wpas_dbus_signal_p2p_find_stopped(struct wpa_supplicant *wpa_s);
-void wpas_dbus_signal_peer_device_found(struct wpa_supplicant *wpa_s,
-					   const u8 *dev_addr);
-int wpas_dbus_unregister_peer(struct wpa_supplicant *wpa_s,
-				  const u8 *dev_addr);
-void wpas_dbus_signal_peer_device_lost(struct wpa_supplicant *wpa_s,
-					   const u8 *dev_addr);
-void wpas_dbus_signal_peer_groups_changed(struct wpa_supplicant *wpa_s,
-					  const u8 *dev_addr);
-void wpas_dbus_signal_p2p_group_removed(struct wpa_supplicant *wpa_s,
-					const char *role);
-void wpas_dbus_signal_p2p_provision_discovery(struct wpa_supplicant *wpa_s,
-					      const u8 *dev_addr, int request,
-					      enum p2p_prov_disc_status status,
-					      u16 config_methods,
-					      unsigned int generated_pin);
-void wpas_dbus_signal_p2p_go_neg_req(struct wpa_supplicant *wpa_s,
-				     const u8 *src, u16 dev_passwd_id,
-				     u8 go_intent);
-void wpas_dbus_signal_p2p_group_started(struct wpa_supplicant *wpa_s,
-					int client, int persistent,
-					const u8 *ip);
-void wpas_dbus_signal_p2p_group_formation_failure(struct wpa_supplicant *wpa_s,
-						  const char *reason);
-void wpas_dbus_register_p2p_group(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid);
-void wpas_dbus_signal_p2p_go_neg_resp(struct wpa_supplicant *wpa_s,
-				      struct p2p_go_neg_results *res);
-void wpas_dbus_unregister_p2p_group(struct wpa_supplicant *wpa_s,
-				    const struct wpa_ssid *ssid);
-int wpas_dbus_register_persistent_group(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid);
-int wpas_dbus_unregister_persistent_group(struct wpa_supplicant *wpa_s,
-					  int nid);
-void wpas_dbus_signal_p2p_invitation_result(struct wpa_supplicant *wpa_s,
-					    int status, const u8 *bssid);
-void wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s,
-					    const u8 *member);
-void wpas_dbus_signal_p2p_sd_request(struct wpa_supplicant *wpa_s,
-				     int freq, const u8 *sa, u8 dialog_token,
-				     u16 update_indic, const u8 *tlvs,
-				     size_t tlvs_len);
-void wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s,
-				      const u8 *sa, u16 update_indic,
-				      const u8 *tlvs, size_t tlvs_len);
-void wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s,
-				const u8 *member);
-void wpas_dbus_signal_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-				     struct wps_event_fail *fail);
-void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
-				    int depth, const char *subject,
-				    const char *altsubject[],
-				    int num_altsubject,
-				    const char *cert_hash,
-				    const struct wpabuf *cert);
-void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
-			   const u8 *addr, const u8 *dst, const u8 *bssid,
-			   const u8 *ie, size_t ie_len, u32 ssi_signal);
-void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s,
-				 const char *status, const char *parameter);
-void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
-				     const u8 *sta);
-void wpas_dbus_signal_sta_deauthorized(struct wpa_supplicant *wpa_s,
-				       const u8 *sta);
-void wpas_dbus_signal_p2p_invitation_received(struct wpa_supplicant *wpa_s,
-					      const u8 *sa, const u8 *dev_addr,
-					      const u8 *bssid, int id,
-					      int op_freq);
-void wpas_dbus_signal_mesh_group_started(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid);
-void wpas_dbus_signal_mesh_group_removed(struct wpa_supplicant *wpa_s,
-					 const u8 *meshid, u8 meshid_len,
-					 int reason);
-void wpas_dbus_signal_mesh_peer_connected(struct wpa_supplicant *wpa_s,
-					  const u8 *peer_addr);
-void wpas_dbus_signal_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
-					     const u8 *peer_addr, int reason);
-void wpas_dbus_signal_interworking_ap_added(struct wpa_supplicant *wpa_s,
-					    struct wpa_bss *bss,
-					    struct wpa_cred *cred,
-					    const char *type, int excluded,
-					    int bh, int bss_load,
-					    int conn_capab);
-void wpas_dbus_signal_interworking_select_done(struct wpa_supplicant *wpa_s);
-
-#else /* CONFIG_CTRL_IFACE_DBUS_NEW */
-
-static inline int wpas_dbus_register_interface(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_unregister_interface(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-#define wpas_dbus_signal_state_changed(w, n, o) do { } while (0)
-
-static inline void wpas_dbus_signal_prop_changed(struct wpa_supplicant *wpa_s,
-						 enum wpas_dbus_prop property)
-{
-}
-
-static inline void wpas_dbus_bss_signal_prop_changed(
-	struct wpa_supplicant *wpa_s, enum wpas_dbus_bss_prop property,
-	unsigned int id)
-{
-}
-
-static inline void wpas_dbus_signal_network_enabled_changed(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-}
-
-static inline void wpas_dbus_signal_network_selected(
-	struct wpa_supplicant *wpa_s, int id)
-{
-}
-
-static inline void wpas_dbus_signal_network_request(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	enum wpa_ctrl_req_type rtype, const char *default_txt)
-{
-}
-
-static inline void wpas_dbus_signal_scan_done(struct wpa_supplicant *wpa_s,
-					      int success)
-{
-}
-
-static inline void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s,
-					     const struct wps_credential *cred)
-{
-}
-
-static inline void wpas_dbus_signal_wps_event_m2d(struct wpa_supplicant *wpa_s,
-						  struct wps_event_m2d *m2d)
-{
-}
-
-static inline void wpas_dbus_signal_wps_event_fail(
-	struct wpa_supplicant *wpa_s, struct wps_event_fail *fail)
-{
-}
-
-static inline void wpas_dbus_signal_wps_event_success(
-	struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_dbus_signal_wps_event_pbc_overlap(
-	struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int wpas_dbus_register_network(struct wpa_supplicant *wpa_s,
-					     struct wpa_ssid *ssid)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_unregister_network(struct wpa_supplicant *wpa_s,
-					       int nid)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s,
-					   u8 bssid[ETH_ALEN], unsigned int id)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s,
-					 u8 bssid[ETH_ALEN], unsigned int id)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_unregister_sta(struct wpa_supplicant *wpa_s,
-					   const u8 *sta)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_register_sta(struct wpa_supplicant *wpa_s,
-					 const u8 *sta)
-{
-	return 0;
-}
-
-static inline void wpas_dbus_signal_blob_added(struct wpa_supplicant *wpa_s,
-					       const char *name)
-{
-}
-
-static inline void wpas_dbus_signal_blob_removed(struct wpa_supplicant *wpa_s,
-						 const char *name)
-{
-}
-
-static inline void wpas_dbus_signal_debug_level_changed(
-	struct wpa_global *global)
-{
-}
-
-static inline void wpas_dbus_signal_debug_timestamp_changed(
-	struct wpa_global *global)
-{
-}
-
-static inline void wpas_dbus_signal_debug_show_keys_changed(
-	struct wpa_global *global)
-{
-}
-
-static inline int wpas_dbus_register_peer(struct wpa_supplicant *wpa_s,
-					  const u8 *dev_addr)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_unregister_peer(struct wpa_supplicant *wpa_s,
-					    const u8 *dev_addr)
-{
-	return 0;
-}
-
-static inline void
-wpas_dbus_signal_peer_groups_changed(struct wpa_supplicant *wpa_s,
-				     const u8 *dev_addr)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_group_removed(struct wpa_supplicant *wpa_s,
-				   const char *role)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_provision_discovery(struct wpa_supplicant *wpa_s,
-					 const u8 *dev_addr, int request,
-					 enum p2p_prov_disc_status status,
-					 u16 config_methods,
-					 unsigned int generated_pin)
-{
-}
-
-static inline void wpas_dbus_signal_p2p_go_neg_req(struct wpa_supplicant *wpa_s,
-						   const u8 *src,
-						   u16 dev_passwd_id,
-						   u8 go_intent)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_group_started(struct wpa_supplicant *wpa_s,
-				   int client, int persistent,
-				   const u8 *ip)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_group_formation_failure(struct wpa_supplicant *wpa_s,
-					     const char *reason)
-{
-}
-
-static inline void
-wpas_dbus_register_p2p_group(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid)
-{
-}
-
-static inline int wpas_dbus_register_persistent_group(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-	return 0;
-}
-
-static inline int wpas_dbus_unregister_persistent_group(
-	struct wpa_supplicant *wpa_s, int nid)
-{
-	return 0;
-}
-
-static inline void
-wpas_dbus_signal_p2p_go_neg_resp(struct wpa_supplicant *wpa_s,
-				 struct p2p_go_neg_results *res)
-{
-}
-
-static inline void
-wpas_dbus_unregister_p2p_group(struct wpa_supplicant *wpa_s,
-			       const struct wpa_ssid *ssid)
-{
-}
-
-static inline void wpas_dbus_signal_p2p_invitation_result(
-				struct wpa_supplicant *wpa_s, int status,
-				const u8 *bssid)
-{
-}
-
-static inline void
-wpas_dbus_register_p2p_groupmember(struct wpa_supplicant *wpa_s,
-				   const u8 *p2p_if_addr)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_sd_request(struct wpa_supplicant *wpa_s, int freq,
-				const u8 *sa, u8 dialog_token, u16 update_indic,
-				const u8 *tlvs, size_t tlvs_len)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s,
-				 const u8 *sa, u16 update_indic,
-				 const u8 *tlvs, size_t tlvs_len)
-{
-}
-
-static inline void
-wpas_dbus_unregister_p2p_groupmember(struct wpa_supplicant *wpa_s,
-				     const u8 *p2p_if_addr)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s,
-				 const u8 *member)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_find_stopped(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void
-wpas_dbus_signal_peer_device_found(struct wpa_supplicant *wpa_s,
-				   const u8 *dev_addr)
-{
-}
-
-static inline void
-wpas_dbus_signal_peer_device_lost(struct wpa_supplicant *wpa_s,
-				  const u8 *dev_addr)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s,
-				       const u8 *member)
-{
-}
-
-static inline void
-wpas_dbus_signal_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-				struct wps_event_fail *fail)
-{
-}
-
-static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
-						  int depth,
-						  const char *subject,
-						  const char *altsubject[],
-						  int num_altsubject,
-						  const char *cert_hash,
-						  const struct wpabuf *cert)
-{
-}
-
-static inline void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
-					 const u8 *addr, const u8 *dst,
-					 const u8 *bssid,
-					 const u8 *ie, size_t ie_len,
-					 u32 ssi_signal)
-{
-}
-
-static inline void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s,
-					       const char *status,
-					       const char *parameter)
-{
-}
-
-static inline
-void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
-				     const u8 *sta)
-{
-}
-
-static inline
-void wpas_dbus_signal_sta_deauthorized(struct wpa_supplicant *wpa_s,
-				       const u8 *sta)
-{
-}
-
-static inline
-void wpas_dbus_signal_p2p_invitation_received(struct wpa_supplicant *wpa_s,
-					      const u8 *sa, const u8 *dev_addr,
-					      const u8 *bssid, int id,
-					      int op_freq)
-{
-}
-
-static inline
-void wpas_dbus_signal_mesh_group_started(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid)
-{
-}
-
-static inline
-void wpas_dbus_signal_mesh_group_removed(struct wpa_supplicant *wpa_s,
-					 const u8 *meshid, u8 meshid_len,
-					 int reason)
-{
-}
-
-static inline
-void wpas_dbus_signal_mesh_peer_connected(struct wpa_supplicant *wpa_s,
-					  const u8 *peer_addr)
-{
-}
-
-static inline
-void wpas_dbus_signal_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
-					     const u8 *peer_addr, int reason)
-{
-}
-
-static inline
-void wpas_dbus_signal_interworking_ap_added(struct wpa_supplicant *wpa_s,
-					    struct wpa_bss *bss,
-					    struct wpa_cred *cred,
-					    const char *type, int excluded,
-					    int bh, int bss_load,
-					    int conn_capab)
-{
-}
-
-static inline
-void wpas_dbus_signal_interworking_select_done(struct wpa_supplicant *wpa_s)
-{
-}
-
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-
-#endif /* CTRL_IFACE_DBUS_H_NEW */
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
deleted file mode 100644
index 545e9f64295a..000000000000
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ /dev/null
@@ -1,5926 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009-2010, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2009-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/ieee802_11_defs.h"
-#include "eap_peer/eap_methods.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "ap/hostapd.h"
-#include "ap/sta_info.h"
-#include "ap/ap_drv_ops.h"
-#include "../config.h"
-#include "../wpa_supplicant_i.h"
-#include "../driver_i.h"
-#include "../notify.h"
-#include "../bss.h"
-#include "../scan.h"
-#include "../autoscan.h"
-#include "../ap.h"
-#include "../interworking.h"
-#include "dbus_new_helpers.h"
-#include "dbus_new.h"
-#include "dbus_new_handlers.h"
-#include "dbus_dict_helpers.h"
-#include "dbus_common_i.h"
-#include "drivers/driver.h"
-#ifdef CONFIG_MESH
-#include "ap/hostapd.h"
-#include "ap/sta_info.h"
-#endif /* CONFIG_MESH */
-
-static const char * const debug_strings[] = {
-	"excessive", "msgdump", "debug", "info", "warning", "error", NULL
-};
-
-
-/**
- * wpas_dbus_error_unknown_error - Return a new UnknownError error message
- * @message: Pointer to incoming dbus message this error refers to
- * @arg: Optional string appended to error message
- * Returns: a dbus error message
- *
- * Convenience function to create and return an UnknownError
- */
-DBusMessage * wpas_dbus_error_unknown_error(DBusMessage *message,
-					    const char *arg)
-{
-	return dbus_message_new_error(message, WPAS_DBUS_ERROR_UNKNOWN_ERROR,
-				      arg);
-}
-
-
-/**
- * wpas_dbus_error_iface_unknown - Return a new invalid interface error message
- * @message: Pointer to incoming dbus message this error refers to
- * Returns: A dbus error message
- *
- * Convenience function to create and return an invalid interface error
- */
-static DBusMessage * wpas_dbus_error_iface_unknown(DBusMessage *message)
-{
-	return dbus_message_new_error(
-		message, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
-		"wpa_supplicant knows nothing about this interface.");
-}
-
-
-/**
- * wpas_dbus_error_network_unknown - Return a new NetworkUnknown error message
- * @message: Pointer to incoming dbus message this error refers to
- * Returns: a dbus error message
- *
- * Convenience function to create and return an invalid network error
- */
-static DBusMessage * wpas_dbus_error_network_unknown(DBusMessage *message)
-{
-	return dbus_message_new_error(
-		message, WPAS_DBUS_ERROR_NETWORK_UNKNOWN,
-		"There is no such a network in this interface.");
-}
-
-
-/**
- * wpas_dbus_error_invalid_args - Return a new InvalidArgs error message
- * @message: Pointer to incoming dbus message this error refers to
- * Returns: a dbus error message
- *
- * Convenience function to create and return an invalid options error
- */
-DBusMessage * wpas_dbus_error_invalid_args(DBusMessage *message,
-					  const char *arg)
-{
-	DBusMessage *reply;
-
-	reply = dbus_message_new_error(
-		message, WPAS_DBUS_ERROR_INVALID_ARGS,
-		"Did not receive correct message arguments.");
-	if (arg != NULL)
-		dbus_message_append_args(reply, DBUS_TYPE_STRING, &arg,
-					 DBUS_TYPE_INVALID);
-
-	return reply;
-}
-
-
-/**
- * wpas_dbus_error_scan_error - Return a new ScanError error message
- * @message: Pointer to incoming dbus message this error refers to
- * @error: Optional string to be used as the error message
- * Returns: a dbus error message
- *
- * Convenience function to create and return a scan error
- */
-static DBusMessage * wpas_dbus_error_scan_error(DBusMessage *message,
-						const char *error)
-{
-	return dbus_message_new_error(message,
-				      WPAS_DBUS_ERROR_IFACE_SCAN_ERROR,
-				      error);
-}
-
-
-DBusMessage * wpas_dbus_error_no_memory(DBusMessage *message)
-{
-	wpa_printf(MSG_DEBUG, "dbus: Failed to allocate memory");
-	return dbus_message_new_error(message, DBUS_ERROR_NO_MEMORY, NULL);
-}
-
-
-static const char * const dont_quote[] = {
-	"key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap",
-	"bssid", "scan_freq", "freq_list", "scan_ssid", "bssid_hint",
-	"bssid_ignore", "bssid_accept", /* deprecated aliases */
-	"bssid_blacklist", "bssid_whitelist",
-	"group_mgmt",
-	"ignore_broadcast_ssid",
-#ifdef CONFIG_MESH
-	"mesh_basic_rates",
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_P2P
-	"go_p2p_dev_addr", "p2p_client_list", "psk_list",
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_INTERWORKING
-	"roaming_consortium", "required_roaming_consortium",
-#endif /* CONFIG_INTERWORKING */
-	NULL
-};
-
-static dbus_bool_t should_quote_opt(const char *key)
-{
-	int i = 0;
-
-	while (dont_quote[i] != NULL) {
-		if (os_strcmp(key, dont_quote[i]) == 0)
-			return FALSE;
-		i++;
-	}
-	return TRUE;
-}
-
-/**
- * get_iface_by_dbus_path - Get a new network interface
- * @global: Pointer to global data from wpa_supplicant_init()
- * @path: Pointer to a dbus object path representing an interface
- * Returns: Pointer to the interface or %NULL if not found
- */
-static struct wpa_supplicant * get_iface_by_dbus_path(
-	struct wpa_global *global, const char *path)
-{
-	struct wpa_supplicant *wpa_s;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_s->dbus_new_path &&
-		    os_strcmp(wpa_s->dbus_new_path, path) == 0)
-			return wpa_s;
-	}
-	return NULL;
-}
-
-
-/**
- * set_network_properties - Set properties of a configured network
- * @wpa_s: wpa_supplicant structure for a network interface
- * @ssid: wpa_ssid structure for a configured network
- * @iter: DBus message iterator containing dictionary of network
- * properties to set.
- * @error: On failure, an error describing the failure
- * Returns: TRUE if the request succeeds, FALSE if it failed
- *
- * Sets network configuration with parameters given id DBus dictionary
- */
-dbus_bool_t set_network_properties(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid,
-				   DBusMessageIter *iter,
-				   DBusError *error)
-{
-	struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
-	DBusMessageIter	iter_dict;
-	char *value = NULL;
-
-	if (!wpa_dbus_dict_open_read(iter, &iter_dict, error))
-		return FALSE;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		size_t size = 50;
-		int ret;
-
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		value = NULL;
-		if (entry.type == DBUS_TYPE_ARRAY &&
-		    entry.array_type == DBUS_TYPE_BYTE) {
-			if (entry.array_len <= 0)
-				goto error;
-
-			size = entry.array_len * 2 + 1;
-			value = os_zalloc(size);
-			if (value == NULL)
-				goto error;
-
-			ret = wpa_snprintf_hex(value, size,
-					       (u8 *) entry.bytearray_value,
-					       entry.array_len);
-			if (ret <= 0)
-				goto error;
-		} else if (entry.type == DBUS_TYPE_STRING) {
-			if (should_quote_opt(entry.key)) {
-				size = os_strlen(entry.str_value);
-
-				size += 3;
-				value = os_zalloc(size);
-				if (value == NULL)
-					goto error;
-
-				ret = os_snprintf(value, size, "\"%s\"",
-						  entry.str_value);
-				if (os_snprintf_error(size, ret))
-					goto error;
-			} else {
-				value = os_strdup(entry.str_value);
-				if (value == NULL)
-					goto error;
-			}
-		} else if (entry.type == DBUS_TYPE_UINT32) {
-			value = os_zalloc(size);
-			if (value == NULL)
-				goto error;
-
-			ret = os_snprintf(value, size, "%u",
-					  entry.uint32_value);
-			if (os_snprintf_error(size, ret))
-				goto error;
-		} else if (entry.type == DBUS_TYPE_INT32) {
-			value = os_zalloc(size);
-			if (value == NULL)
-				goto error;
-
-			ret = os_snprintf(value, size, "%d",
-					  entry.int32_value);
-			if (os_snprintf_error(size, ret))
-				goto error;
-		} else
-			goto error;
-
-		ret = wpa_config_set(ssid, entry.key, value, 0);
-		if (ret < 0)
-			goto error;
-		if (ret == 1)
-			goto skip_update;
-
-#ifdef CONFIG_BGSCAN
-		if (os_strcmp(entry.key, "bgscan") == 0) {
-			/*
-			 * Reset the bgscan parameters for the current network
-			 * and continue. There's no need to flush caches for
-			 * bgscan parameter changes.
-			 */
-			if (wpa_s->current_ssid == ssid &&
-			    wpa_s->wpa_state == WPA_COMPLETED)
-				wpa_supplicant_reset_bgscan(wpa_s);
-			os_free(value);
-			value = NULL;
-			wpa_dbus_dict_entry_clear(&entry);
-			continue;
-		}
-#endif /* CONFIG_BGSCAN */
-
-		if (os_strcmp(entry.key, "bssid") != 0 &&
-		    os_strcmp(entry.key, "priority") != 0)
-			wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-
-		if (wpa_s->current_ssid == ssid ||
-		    wpa_s->current_ssid == NULL) {
-			/*
-			 * Invalidate the EAP session cache if anything in the
-			 * current or previously used configuration changes.
-			 */
-			eapol_sm_invalidate_cached_session(wpa_s->eapol);
-		}
-
-		if ((os_strcmp(entry.key, "psk") == 0 &&
-		     value[0] == '"' && ssid->ssid_len) ||
-		    (os_strcmp(entry.key, "ssid") == 0 && ssid->passphrase))
-			wpa_config_update_psk(ssid);
-		else if (os_strcmp(entry.key, "priority") == 0)
-			wpa_config_update_prio_list(wpa_s->conf);
-
-	skip_update:
-		os_free(value);
-		value = NULL;
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	return TRUE;
-
-error:
-	os_free(value);
-	wpa_dbus_dict_entry_clear(&entry);
-	dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-			     "invalid message format");
-	return FALSE;
-}
-
-
-/**
- * set_cred_properties - Set the properties of a configured credential
- * @wpa_s: wpa_supplicant structure for a network interface
- * @cred: wpa_cred structure for a configured credential
- * @iter: DBus message iterator containing dictionary of network
- * properties to set.
- * @error: On failure, an error describing the failure
- * Returns: TRUE if the request succeeds, FALSE if it failed
- */
-static dbus_bool_t set_cred_properties(struct wpa_supplicant *wpa_s,
-				       struct wpa_cred *cred,
-				       DBusMessageIter *iter,
-				       DBusError *error)
-{
-	struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
-	DBusMessageIter	iter_dict;
-	char *value = NULL;
-
-	if (!wpa_dbus_dict_open_read(iter, &iter_dict, error))
-		return FALSE;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		size_t size = 50;
-		int ret;
-
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		value = NULL;
-		if (entry.type == DBUS_TYPE_ARRAY &&
-		    entry.array_type == DBUS_TYPE_BYTE) {
-			if (entry.array_len <= 0)
-				goto error;
-
-			size = entry.array_len * 2 + 1;
-			value = os_zalloc(size);
-			if (!value)
-				goto error;
-
-			ret = wpa_snprintf_hex(value, size,
-					       (u8 *) entry.bytearray_value,
-					       entry.array_len);
-			if (ret <= 0)
-				goto error;
-		} else if (entry.type == DBUS_TYPE_STRING) {
-			if (should_quote_opt(entry.key)) {
-				size = os_strlen(entry.str_value);
-
-				size += 3;
-				value = os_zalloc(size);
-				if (!value)
-					goto error;
-
-				ret = os_snprintf(value, size, "\"%s\"",
-						  entry.str_value);
-				if (os_snprintf_error(size, ret))
-					goto error;
-			} else {
-				value = os_strdup(entry.str_value);
-				if (!value)
-					goto error;
-			}
-		} else if (entry.type == DBUS_TYPE_UINT32) {
-			value = os_zalloc(size);
-			if (!value)
-				goto error;
-
-			ret = os_snprintf(value, size, "%u",
-					  entry.uint32_value);
-			if (os_snprintf_error(size, ret))
-				goto error;
-		} else if (entry.type == DBUS_TYPE_INT32) {
-			value = os_zalloc(size);
-			if (!value)
-				goto error;
-
-			ret = os_snprintf(value, size, "%d",
-					  entry.int32_value);
-			if (os_snprintf_error(size, ret))
-				goto error;
-		} else {
-			goto error;
-		}
-
-		ret = wpa_config_set_cred(cred, entry.key, value, 0);
-		if (ret < 0)
-			goto error;
-
-		os_free(value);
-		value = NULL;
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	return TRUE;
-
-error:
-	os_free(value);
-	wpa_dbus_dict_entry_clear(&entry);
-	dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-			     "invalid message format");
-	return FALSE;
-}
-
-
-/**
- * wpas_dbus_simple_property_getter - Get basic type property
- * @iter: Message iter to use when appending arguments
- * @type: DBus type of property (must be basic type)
- * @val: pointer to place holding property value
- * @error: On failure an error describing the failure
- * Returns: TRUE if the request was successful, FALSE if it failed
- *
- * Generic getter for basic type properties. Type is required to be basic.
- */
-dbus_bool_t wpas_dbus_simple_property_getter(DBusMessageIter *iter,
-					     const int type,
-					     const void *val,
-					     DBusError *error)
-{
-	DBusMessageIter variant_iter;
-
-	if (!dbus_type_is_basic(type)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: given type is not basic", __func__);
-		return FALSE;
-	}
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      wpa_dbus_type_as_string(type),
-					      &variant_iter) ||
-	    !dbus_message_iter_append_basic(&variant_iter, type, val) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: error constructing reply", __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_simple_property_setter - Set basic type property
- * @message: Pointer to incoming dbus message
- * @type: DBus type of property (must be basic type)
- * @val: pointer to place where value being set will be stored
- * Returns: TRUE if the request was successful, FALSE if it failed
- *
- * Generic setter for basic type properties. Type is required to be basic.
- */
-dbus_bool_t wpas_dbus_simple_property_setter(DBusMessageIter *iter,
-					     DBusError *error,
-					     const int type, void *val)
-{
-	DBusMessageIter variant_iter;
-
-	if (!dbus_type_is_basic(type)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: given type is not basic", __func__);
-		return FALSE;
-	}
-
-	/* Look at the new value */
-	dbus_message_iter_recurse(iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != type) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "wrong property type");
-		return FALSE;
-	}
-	dbus_message_iter_get_basic(&variant_iter, val);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_simple_array_property_getter - Get array type property
- * @iter: Pointer to incoming dbus message iterator
- * @type: DBus type of property array elements (must be basic type)
- * @array: pointer to array of elements to put into response message
- * @array_len: length of above array
- * @error: a pointer to an error to fill on failure
- * Returns: TRUE if the request succeeded, FALSE if it failed
- *
- * Generic getter for array type properties. Array elements type is
- * required to be basic.
- */
-dbus_bool_t wpas_dbus_simple_array_property_getter(DBusMessageIter *iter,
-						   const int type,
-						   const void *array,
-						   size_t array_len,
-						   DBusError *error)
-{
-	DBusMessageIter variant_iter, array_iter;
-	char type_str[] = "a?"; /* ? will be replaced with subtype letter; */
-	const char *sub_type_str;
-	size_t element_size, i;
-
-	if (!dbus_type_is_basic(type)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: given type is not basic", __func__);
-		return FALSE;
-	}
-
-	sub_type_str = wpa_dbus_type_as_string(type);
-	type_str[1] = sub_type_str[0];
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      type_str, &variant_iter) ||
-	    !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY,
-					      sub_type_str, &array_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to construct message", __func__);
-		return FALSE;
-	}
-
-	switch (type) {
-	case DBUS_TYPE_BYTE:
-	case DBUS_TYPE_BOOLEAN:
-		element_size = 1;
-		break;
-	case DBUS_TYPE_INT16:
-	case DBUS_TYPE_UINT16:
-		element_size = sizeof(uint16_t);
-		break;
-	case DBUS_TYPE_INT32:
-	case DBUS_TYPE_UINT32:
-		element_size = sizeof(uint32_t);
-		break;
-	case DBUS_TYPE_INT64:
-	case DBUS_TYPE_UINT64:
-		element_size = sizeof(uint64_t);
-		break;
-	case DBUS_TYPE_DOUBLE:
-		element_size = sizeof(double);
-		break;
-	case DBUS_TYPE_STRING:
-	case DBUS_TYPE_OBJECT_PATH:
-		element_size = sizeof(char *);
-		break;
-	default:
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: unknown element type %d", __func__, type);
-		return FALSE;
-	}
-
-	for (i = 0; i < array_len; i++) {
-		if (!dbus_message_iter_append_basic(&array_iter, type,
-						    (const char *) array +
-						    i * element_size)) {
-			dbus_set_error(error, DBUS_ERROR_FAILED,
-				       "%s: failed to construct message 2.5",
-				       __func__);
-			return FALSE;
-		}
-	}
-
-	if (!dbus_message_iter_close_container(&variant_iter, &array_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to construct message 3", __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_simple_array_array_property_getter - Get array array type property
- * @iter: Pointer to incoming dbus message iterator
- * @type: DBus type of property array elements (must be basic type)
- * @array: pointer to array of elements to put into response message
- * @array_len: length of above array
- * @error: a pointer to an error to fill on failure
- * Returns: TRUE if the request succeeded, FALSE if it failed
- *
- * Generic getter for array type properties. Array elements type is
- * required to be basic.
- */
-dbus_bool_t wpas_dbus_simple_array_array_property_getter(DBusMessageIter *iter,
-							 const int type,
-							 struct wpabuf **array,
-							 size_t array_len,
-							 DBusError *error)
-{
-	DBusMessageIter variant_iter, array_iter;
-	char type_str[] = "aa?";
-	char inner_type_str[] = "a?";
-	const char *sub_type_str;
-	size_t i;
-
-	if (!dbus_type_is_basic(type)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: given type is not basic", __func__);
-		return FALSE;
-	}
-
-	sub_type_str = wpa_dbus_type_as_string(type);
-	type_str[2] = sub_type_str[0];
-	inner_type_str[1] = sub_type_str[0];
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      type_str, &variant_iter) ||
-	    !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY,
-					      inner_type_str, &array_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to construct message", __func__);
-		return FALSE;
-	}
-
-	for (i = 0; i < array_len && array[i]; i++) {
-		wpa_dbus_dict_bin_array_add_element(&array_iter,
-						    wpabuf_head(array[i]),
-						    wpabuf_len(array[i]));
-
-	}
-
-	if (!dbus_message_iter_close_container(&variant_iter, &array_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to close message", __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_string_property_getter - Get string type property
- * @iter: Message iter to use when appending arguments
- * @val: Pointer to place holding property value, can be %NULL
- * @error: On failure an error describing the failure
- * Returns: TRUE if the request was successful, FALSE if it failed
- *
- * Generic getter for string type properties. %NULL is converted to an empty
- * string.
- */
-dbus_bool_t wpas_dbus_string_property_getter(DBusMessageIter *iter,
-					     const void *val,
-					     DBusError *error)
-{
-	if (!val)
-		val = "";
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING,
-						&val, error);
-}
-
-
-/**
- * wpas_dbus_handler_create_interface - Request registration of a network iface
- * @message: Pointer to incoming dbus message
- * @global: %wpa_supplicant global data structure
- * Returns: The object path of the new interface object,
- *          or a dbus error message with more information
- *
- * Handler function for "CreateInterface" method call. Handles requests
- * by dbus clients to register a network interface that wpa_supplicant
- * will manage.
- */
-DBusMessage * wpas_dbus_handler_create_interface(DBusMessage *message,
-						 struct wpa_global *global)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	char *driver = NULL;
-	char *ifname = NULL;
-	char *confname = NULL;
-	char *bridge_ifname = NULL;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-		if (os_strcmp(entry.key, "Driver") == 0 &&
-		    entry.type == DBUS_TYPE_STRING) {
-			os_free(driver);
-			driver = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-			if (driver == NULL)
-				goto oom;
-		} else if (os_strcmp(entry.key, "Ifname") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			os_free(ifname);
-			ifname = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-			if (ifname == NULL)
-				goto oom;
-		} else if (os_strcmp(entry.key, "ConfigFile") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			os_free(confname);
-			confname = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-			if (confname == NULL)
-				goto oom;
-		} else if (os_strcmp(entry.key, "BridgeIfname") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			os_free(bridge_ifname);
-			bridge_ifname = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-			if (bridge_ifname == NULL)
-				goto oom;
-		} else {
-			wpa_dbus_dict_entry_clear(&entry);
-			goto error;
-		}
-	}
-
-	if (ifname == NULL)
-		goto error; /* Required Ifname argument missing */
-
-	/*
-	 * Try to get the wpa_supplicant record for this iface, return
-	 * an error if we already control it.
-	 */
-	if (wpa_supplicant_get_iface(global, ifname) != NULL) {
-		reply = dbus_message_new_error(
-			message, WPAS_DBUS_ERROR_IFACE_EXISTS,
-			"wpa_supplicant already controls this interface.");
-	} else {
-		struct wpa_supplicant *wpa_s;
-		struct wpa_interface iface;
-
-		os_memset(&iface, 0, sizeof(iface));
-		iface.driver = driver;
-		iface.ifname = ifname;
-		iface.confname = confname;
-		iface.bridge_ifname = bridge_ifname;
-		/* Otherwise, have wpa_supplicant attach to it. */
-		wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
-		if (wpa_s && wpa_s->dbus_new_path) {
-			const char *path = wpa_s->dbus_new_path;
-
-			reply = dbus_message_new_method_return(message);
-			dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH,
-						 &path, DBUS_TYPE_INVALID);
-		} else {
-			reply = wpas_dbus_error_unknown_error(
-				message,
-				"wpa_supplicant couldn't grab this interface.");
-		}
-	}
-
-out:
-	os_free(driver);
-	os_free(ifname);
-	os_free(confname);
-	os_free(bridge_ifname);
-	return reply;
-
-error:
-	reply = wpas_dbus_error_invalid_args(message, NULL);
-	goto out;
-oom:
-	reply = wpas_dbus_error_no_memory(message);
-	goto out;
-}
-
-
-/**
- * wpas_dbus_handler_remove_interface - Request deregistration of an interface
- * @message: Pointer to incoming dbus message
- * @global: wpa_supplicant global data structure
- * Returns: a dbus message containing a UINT32 indicating success (1) or
- *          failure (0), or returns a dbus error message with more information
- *
- * Handler function for "removeInterface" method call.  Handles requests
- * by dbus clients to deregister a network interface that wpa_supplicant
- * currently manages.
- */
-DBusMessage * wpas_dbus_handler_remove_interface(DBusMessage *message,
-						 struct wpa_global *global)
-{
-	struct wpa_supplicant *wpa_s;
-	char *path;
-	DBusMessage *reply = NULL;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &path,
-			      DBUS_TYPE_INVALID);
-
-	wpa_s = get_iface_by_dbus_path(global, path);
-	if (wpa_s == NULL)
-		reply = wpas_dbus_error_iface_unknown(message);
-	else if (wpa_supplicant_remove_iface(global, wpa_s, 0)) {
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"wpa_supplicant couldn't remove this interface.");
-	}
-
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_get_interface - Get the object path for an interface name
- * @message: Pointer to incoming dbus message
- * @global: %wpa_supplicant global data structure
- * Returns: The object path of the interface object,
- *          or a dbus error message with more information
- *
- * Handler function for "getInterface" method call.
- */
-DBusMessage * wpas_dbus_handler_get_interface(DBusMessage *message,
-					      struct wpa_global *global)
-{
-	DBusMessage *reply = NULL;
-	const char *ifname;
-	const char *path;
-	struct wpa_supplicant *wpa_s;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &ifname,
-			      DBUS_TYPE_INVALID);
-
-	wpa_s = wpa_supplicant_get_iface(global, ifname);
-	if (wpa_s == NULL || wpa_s->dbus_new_path == NULL)
-		return wpas_dbus_error_iface_unknown(message);
-
-	path = wpa_s->dbus_new_path;
-	reply = dbus_message_new_method_return(message);
-	if (reply == NULL)
-		return wpas_dbus_error_no_memory(message);
-	if (!dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH, &path,
-				      DBUS_TYPE_INVALID)) {
-		dbus_message_unref(reply);
-		return wpas_dbus_error_no_memory(message);
-	}
-
-	return reply;
-}
-
-
-/**
- * wpas_dbus_getter_debug_level - Get debug level
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "DebugLevel" property.
- */
-dbus_bool_t wpas_dbus_getter_debug_level(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	const char *str;
-	int idx = wpa_debug_level;
-
-	if (idx < 0)
-		idx = 0;
-	if (idx > 5)
-		idx = 5;
-	str = debug_strings[idx];
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING,
-						&str, error);
-}
-
-
-/**
- * wpas_dbus_getter_debug_timestamp - Get debug timestamp
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "DebugTimestamp" property.
- */
-dbus_bool_t wpas_dbus_getter_debug_timestamp(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&wpa_debug_timestamp, error);
-
-}
-
-
-/**
- * wpas_dbus_getter_debug_show_keys - Get debug show keys
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "DebugShowKeys" property.
- */
-dbus_bool_t wpas_dbus_getter_debug_show_keys(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&wpa_debug_show_keys, error);
-
-}
-
-/**
- * wpas_dbus_setter_debug_level - Set debug level
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "DebugLevel" property.
- */
-dbus_bool_t wpas_dbus_setter_debug_level(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_global *global = user_data;
-	const char *str = NULL;
-	int i, val = -1;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &str))
-		return FALSE;
-
-	for (i = 0; debug_strings[i]; i++)
-		if (os_strcmp(debug_strings[i], str) == 0) {
-			val = i;
-			break;
-		}
-
-	if (val < 0 ||
-	    wpa_supplicant_set_debug_params(global, val, wpa_debug_timestamp,
-					    wpa_debug_show_keys)) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "wrong debug level value");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_setter_debug_timestamp - Set debug timestamp
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "DebugTimestamp" property.
- */
-dbus_bool_t wpas_dbus_setter_debug_timestamp(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_global *global = user_data;
-	dbus_bool_t val;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
-					      &val))
-		return FALSE;
-
-	wpa_supplicant_set_debug_params(global, wpa_debug_level, val ? 1 : 0,
-					wpa_debug_show_keys);
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_setter_debug_show_keys - Set debug show keys
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "DebugShowKeys" property.
- */
-dbus_bool_t wpas_dbus_setter_debug_show_keys(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_global *global = user_data;
-	dbus_bool_t val;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
-					      &val))
-		return FALSE;
-
-	wpa_supplicant_set_debug_params(global, wpa_debug_level,
-					wpa_debug_timestamp,
-					val ? 1 : 0);
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_interfaces - Request registered interfaces list
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Interfaces" property. Handles requests
- * by dbus clients to return list of registered interfaces objects
- * paths
- */
-dbus_bool_t wpas_dbus_getter_interfaces(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_global *global = user_data;
-	struct wpa_supplicant *wpa_s;
-	const char **paths;
-	unsigned int i = 0, num = 0;
-	dbus_bool_t success;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_s->dbus_new_path)
-			num++;
-	}
-
-	paths = os_calloc(num, sizeof(char *));
-	if (!paths) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_s->dbus_new_path)
-			paths[i++] = wpa_s->dbus_new_path;
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 paths, num, error);
-
-	os_free(paths);
-	return success;
-}
-
-
-/**
- * wpas_dbus_getter_eap_methods - Request supported EAP methods list
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "EapMethods" property. Handles requests
- * by dbus clients to return list of strings with supported EAP methods
- */
-dbus_bool_t wpas_dbus_getter_eap_methods(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	char **eap_methods;
-	size_t num_items = 0;
-	dbus_bool_t success;
-
-	eap_methods = eap_get_names_as_string_array(&num_items);
-	if (!eap_methods) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_STRING,
-							 eap_methods,
-							 num_items, error);
-
-	while (num_items)
-		os_free(eap_methods[--num_items]);
-	os_free(eap_methods);
-	return success;
-}
-
-
-/**
- * wpas_dbus_getter_global_capabilities - Request supported global capabilities
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Capabilities" property. Handles requests by dbus clients to
- * return a list of strings with supported capabilities like AP, RSN IBSS,
- * and P2P that are determined at compile time.
- */
-dbus_bool_t wpas_dbus_getter_global_capabilities(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	const char *capabilities[13];
-	size_t num_items = 0;
-	struct wpa_global *global = user_data;
-	struct wpa_supplicant *wpa_s;
-#ifdef CONFIG_FILS
-	int fils_supported = 0, fils_sk_pfs_supported = 0;
-#endif /* CONFIG_FILS */
-	int ext_key_id_supported = 0;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-#ifdef CONFIG_FILS
-		if (wpa_is_fils_supported(wpa_s))
-			fils_supported = 1;
-		if (wpa_is_fils_sk_pfs_supported(wpa_s))
-			fils_sk_pfs_supported = 1;
-#endif /* CONFIG_FILS */
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)
-			ext_key_id_supported = 1;
-	}
-
-#ifdef CONFIG_AP
-	capabilities[num_items++] = "ap";
-#endif /* CONFIG_AP */
-#ifdef CONFIG_IBSS_RSN
-	capabilities[num_items++] = "ibss-rsn";
-#endif /* CONFIG_IBSS_RSN */
-#ifdef CONFIG_P2P
-	capabilities[num_items++] = "p2p";
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_INTERWORKING
-	capabilities[num_items++] = "interworking";
-#endif /* CONFIG_INTERWORKING */
-	capabilities[num_items++] = "pmf";
-#ifdef CONFIG_MESH
-	capabilities[num_items++] = "mesh";
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_FILS
-	if (fils_supported)
-		capabilities[num_items++] = "fils";
-	if (fils_sk_pfs_supported)
-		capabilities[num_items++] = "fils_sk_pfs";
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_IEEE80211R
-	capabilities[num_items++] = "ft";
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_SHA384
-	capabilities[num_items++] = "sha384";
-#endif /* CONFIG_SHA384 */
-#ifdef CONFIG_OWE
-	capabilities[num_items++] = "owe";
-#endif /* CONFIG_OWE */
-#ifdef CONFIG_SUITEB192
-	capabilities[num_items++] = "suiteb192";
-#endif /* CONFIG_SUITEB192 */
-	if (ext_key_id_supported)
-		capabilities[num_items++] = "extended_key_id";
-
-	return wpas_dbus_simple_array_property_getter(iter,
-						      DBUS_TYPE_STRING,
-						      capabilities,
-						      num_items, error);
-}
-
-
-static int wpas_dbus_get_scan_type(DBusMessage *message, DBusMessageIter *var,
-				   char **type, DBusMessage **reply)
-{
-	if (dbus_message_iter_get_arg_type(var) != DBUS_TYPE_STRING) {
-		wpa_printf(MSG_DEBUG, "%s[dbus]: Type must be a string",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message, "Wrong Type value type. String required");
-		return -1;
-	}
-	dbus_message_iter_get_basic(var, type);
-	return 0;
-}
-
-
-static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var,
-				    struct wpa_driver_scan_params *params,
-				    DBusMessage **reply)
-{
-	struct wpa_driver_scan_ssid *ssids = params->ssids;
-	size_t ssids_num = 0;
-	u8 *ssid;
-	DBusMessageIter array_iter, sub_array_iter;
-	char *val;
-	int len;
-
-	if (dbus_message_iter_get_arg_type(var) != DBUS_TYPE_ARRAY) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: ssids must be an array of arrays of bytes",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message,
-			"Wrong SSIDs value type. Array of arrays of bytes required");
-		return -1;
-	}
-
-	dbus_message_iter_recurse(var, &array_iter);
-
-	if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_ARRAY ||
-	    dbus_message_iter_get_element_type(&array_iter) != DBUS_TYPE_BYTE) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: ssids must be an array of arrays of bytes",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message,
-			"Wrong SSIDs value type. Array of arrays of bytes required");
-		return -1;
-	}
-
-	while (dbus_message_iter_get_arg_type(&array_iter) == DBUS_TYPE_ARRAY) {
-		if (ssids_num >= WPAS_MAX_SCAN_SSIDS) {
-			wpa_printf(MSG_DEBUG,
-				   "%s[dbus]: Too many ssids specified on scan dbus call",
-				   __func__);
-			*reply = wpas_dbus_error_invalid_args(
-				message,
-				"Too many ssids specified. Specify at most four");
-			return -1;
-		}
-
-		dbus_message_iter_recurse(&array_iter, &sub_array_iter);
-
-		dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len);
-
-		if (len > SSID_MAX_LEN) {
-			wpa_printf(MSG_DEBUG,
-				   "%s[dbus]: SSID too long (len=%d max_len=%d)",
-				   __func__, len, SSID_MAX_LEN);
-			*reply = wpas_dbus_error_invalid_args(
-				message, "Invalid SSID: too long");
-			return -1;
-		}
-
-		if (len != 0) {
-			ssid = os_memdup(val, len);
-			if (ssid == NULL) {
-				*reply = wpas_dbus_error_no_memory(message);
-				return -1;
-			}
-		} else {
-			/* Allow zero-length SSIDs */
-			ssid = NULL;
-		}
-
-		ssids[ssids_num].ssid = ssid;
-		ssids[ssids_num].ssid_len = len;
-
-		dbus_message_iter_next(&array_iter);
-		ssids_num++;
-	}
-
-	params->num_ssids = ssids_num;
-	return 0;
-}
-
-
-static int wpas_dbus_get_scan_ies(DBusMessage *message, DBusMessageIter *var,
-				  struct wpa_driver_scan_params *params,
-				  DBusMessage **reply)
-{
-	u8 *ies = NULL, *nies;
-	size_t ies_len = 0;
-	DBusMessageIter array_iter, sub_array_iter;
-	char *val;
-	int len;
-
-	if (dbus_message_iter_get_arg_type(var) != DBUS_TYPE_ARRAY) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: ies must be an array of arrays of bytes",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message,
-			"Wrong IEs value type. Array of arrays of bytes required");
-		return -1;
-	}
-
-	dbus_message_iter_recurse(var, &array_iter);
-
-	if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_ARRAY ||
-	    dbus_message_iter_get_element_type(&array_iter) != DBUS_TYPE_BYTE) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: ies must be an array of arrays of bytes",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message, "Wrong IEs value type. Array required");
-		return -1;
-	}
-
-	while (dbus_message_iter_get_arg_type(&array_iter) == DBUS_TYPE_ARRAY) {
-		dbus_message_iter_recurse(&array_iter, &sub_array_iter);
-
-		dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len);
-		if (len <= 0) {
-			dbus_message_iter_next(&array_iter);
-			continue;
-		}
-
-		nies = os_realloc(ies, ies_len + len);
-		if (nies == NULL) {
-			os_free(ies);
-			*reply = wpas_dbus_error_no_memory(message);
-			return -1;
-		}
-		ies = nies;
-		os_memcpy(ies + ies_len, val, len);
-		ies_len += len;
-
-		dbus_message_iter_next(&array_iter);
-	}
-
-	params->extra_ies = ies;
-	params->extra_ies_len = ies_len;
-	return 0;
-}
-
-
-static int wpas_dbus_get_scan_channels(DBusMessage *message,
-				       DBusMessageIter *var,
-				       struct wpa_driver_scan_params *params,
-				       DBusMessage **reply)
-{
-	DBusMessageIter array_iter, sub_array_iter;
-	int *freqs = NULL, *nfreqs;
-	size_t freqs_num = 0;
-
-	if (dbus_message_iter_get_arg_type(var) != DBUS_TYPE_ARRAY) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: Channels must be an array of structs",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message,
-			"Wrong Channels value type. Array of structs required");
-		return -1;
-	}
-
-	dbus_message_iter_recurse(var, &array_iter);
-
-	if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_STRUCT) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: Channels must be an array of structs",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message,
-			"Wrong Channels value type. Array of structs required");
-		return -1;
-	}
-
-	while (dbus_message_iter_get_arg_type(&array_iter) == DBUS_TYPE_STRUCT)
-	{
-		int freq, width;
-
-		dbus_message_iter_recurse(&array_iter, &sub_array_iter);
-
-		if (dbus_message_iter_get_arg_type(&sub_array_iter) !=
-		    DBUS_TYPE_UINT32) {
-			wpa_printf(MSG_DEBUG,
-				   "%s[dbus]: Channel must by specified by struct of two UINT32s %c",
-				   __func__,
-				   dbus_message_iter_get_arg_type(
-					   &sub_array_iter));
-			*reply = wpas_dbus_error_invalid_args(
-				message,
-				"Wrong Channel struct. Two UINT32s required");
-			os_free(freqs);
-			return -1;
-		}
-		dbus_message_iter_get_basic(&sub_array_iter, &freq);
-
-		if (!dbus_message_iter_next(&sub_array_iter) ||
-		    dbus_message_iter_get_arg_type(&sub_array_iter) !=
-		    DBUS_TYPE_UINT32) {
-			wpa_printf(MSG_DEBUG,
-				   "%s[dbus]: Channel must by specified by struct of two UINT32s",
-				   __func__);
-			*reply = wpas_dbus_error_invalid_args(
-				message,
-				"Wrong Channel struct. Two UINT32s required");
-			os_free(freqs);
-			return -1;
-		}
-
-		dbus_message_iter_get_basic(&sub_array_iter, &width);
-
-#define FREQS_ALLOC_CHUNK 32
-		if (freqs_num % FREQS_ALLOC_CHUNK == 0) {
-			nfreqs = os_realloc_array(
-				freqs, freqs_num + FREQS_ALLOC_CHUNK,
-				sizeof(int));
-			if (nfreqs == NULL)
-				os_free(freqs);
-			freqs = nfreqs;
-		}
-		if (freqs == NULL) {
-			*reply = wpas_dbus_error_no_memory(message);
-			return -1;
-		}
-
-		freqs[freqs_num] = freq;
-
-		freqs_num++;
-		dbus_message_iter_next(&array_iter);
-	}
-
-	nfreqs = os_realloc_array(freqs, freqs_num + 1, sizeof(int));
-	if (nfreqs == NULL)
-		os_free(freqs);
-	freqs = nfreqs;
-	if (freqs == NULL) {
-		*reply = wpas_dbus_error_no_memory(message);
-		return -1;
-	}
-	freqs[freqs_num] = 0;
-
-	params->freqs = freqs;
-	return 0;
-}
-
-
-static int wpas_dbus_get_scan_allow_roam(DBusMessage *message,
-					 DBusMessageIter *var,
-					 dbus_bool_t *allow,
-					 DBusMessage **reply)
-{
-	if (dbus_message_iter_get_arg_type(var) != DBUS_TYPE_BOOLEAN) {
-		wpa_printf(MSG_DEBUG, "%s[dbus]: Type must be a boolean",
-			   __func__);
-		*reply = wpas_dbus_error_invalid_args(
-			message, "Wrong Type value type. Boolean required");
-		return -1;
-	}
-	dbus_message_iter_get_basic(var, allow);
-	return 0;
-}
-
-
-/**
- * wpas_dbus_handler_scan - Request a wireless scan on an interface
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "Scan" method call of a network device. Requests
- * that wpa_supplicant perform a wireless scan as soon as possible
- * on a particular wireless interface.
- */
-DBusMessage * wpas_dbus_handler_scan(DBusMessage *message,
-				     struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter, dict_iter, entry_iter, variant_iter;
-	char *key = NULL, *type = NULL;
-	struct wpa_driver_scan_params params;
-	size_t i;
-	dbus_bool_t allow_roam = 1;
-
-	os_memset(&params, 0, sizeof(params));
-
-	dbus_message_iter_init(message, &iter);
-
-	dbus_message_iter_recurse(&iter, &dict_iter);
-
-	while (dbus_message_iter_get_arg_type(&dict_iter) ==
-	       DBUS_TYPE_DICT_ENTRY) {
-		dbus_message_iter_recurse(&dict_iter, &entry_iter);
-		dbus_message_iter_get_basic(&entry_iter, &key);
-		dbus_message_iter_next(&entry_iter);
-		dbus_message_iter_recurse(&entry_iter, &variant_iter);
-
-		if (os_strcmp(key, "Type") == 0) {
-			if (wpas_dbus_get_scan_type(message, &variant_iter,
-						    &type, &reply) < 0)
-				goto out;
-		} else if (os_strcmp(key, "SSIDs") == 0) {
-			if (wpas_dbus_get_scan_ssids(message, &variant_iter,
-						     &params, &reply) < 0)
-				goto out;
-		} else if (os_strcmp(key, "IEs") == 0) {
-			if (wpas_dbus_get_scan_ies(message, &variant_iter,
-						   &params, &reply) < 0)
-				goto out;
-		} else if (os_strcmp(key, "Channels") == 0) {
-			if (wpas_dbus_get_scan_channels(message, &variant_iter,
-							&params, &reply) < 0)
-				goto out;
-		} else if (os_strcmp(key, "AllowRoam") == 0) {
-			if (wpas_dbus_get_scan_allow_roam(message,
-							  &variant_iter,
-							  &allow_roam,
-							  &reply) < 0)
-				goto out;
-		} else {
-			wpa_printf(MSG_DEBUG, "%s[dbus]: Unknown argument %s",
-				   __func__, key);
-			reply = wpas_dbus_error_invalid_args(message, key);
-			goto out;
-		}
-
-		dbus_message_iter_next(&dict_iter);
-	}
-
-	if (!type) {
-		wpa_printf(MSG_DEBUG, "%s[dbus]: Scan type not specified",
-			   __func__);
-		reply = wpas_dbus_error_invalid_args(message, key);
-		goto out;
-	}
-
-	if (os_strcmp(type, "passive") == 0) {
-		if (params.num_ssids || params.extra_ies_len) {
-			wpa_printf(MSG_DEBUG,
-				   "%s[dbus]: SSIDs or IEs specified for passive scan.",
-				   __func__);
-			reply = wpas_dbus_error_invalid_args(
-				message,
-				"You can specify only Channels in passive scan");
-			goto out;
-		} else {
-			if (wpa_s->sched_scanning) {
-				wpa_printf(MSG_DEBUG,
-					   "%s[dbus]: Stop ongoing sched_scan to allow requested scan to proceed",
-					   __func__);
-				wpa_supplicant_cancel_sched_scan(wpa_s);
-			}
-
-			if (params.freqs && params.freqs[0]) {
-				wpa_s->last_scan_req = MANUAL_SCAN_REQ;
-				if (wpa_supplicant_trigger_scan(wpa_s,
-								&params)) {
-					reply = wpas_dbus_error_scan_error(
-						message,
-						"Scan request rejected");
-				}
-			} else {
-				wpa_s->scan_req = MANUAL_SCAN_REQ;
-				wpa_supplicant_req_scan(wpa_s, 0, 0);
-			}
-		}
-	} else if (os_strcmp(type, "active") == 0) {
-		if (!params.num_ssids) {
-			/* Add wildcard ssid */
-			params.num_ssids++;
-		}
-#ifdef CONFIG_AUTOSCAN
-		autoscan_deinit(wpa_s);
-#endif /* CONFIG_AUTOSCAN */
-		if (wpa_s->sched_scanning) {
-			wpa_printf(MSG_DEBUG,
-				   "%s[dbus]: Stop ongoing sched_scan to allow requested scan to proceed",
-				   __func__);
-			wpa_supplicant_cancel_sched_scan(wpa_s);
-		}
-
-		wpa_s->last_scan_req = MANUAL_SCAN_REQ;
-		if (wpa_supplicant_trigger_scan(wpa_s, &params)) {
-			reply = wpas_dbus_error_scan_error(
-				message, "Scan request rejected");
-		}
-	} else {
-		wpa_printf(MSG_DEBUG, "%s[dbus]: Unknown scan type: %s",
-			   __func__, type);
-		reply = wpas_dbus_error_invalid_args(message,
-						     "Wrong scan type");
-		goto out;
-	}
-
-	if (!allow_roam)
-		wpa_s->scan_res_handler = scan_only_handler;
-
-out:
-	for (i = 0; i < WPAS_MAX_SCAN_SSIDS; i++)
-		os_free((u8 *) params.ssids[i].ssid);
-	os_free((u8 *) params.extra_ies);
-	os_free(params.freqs);
-	return reply;
-}
-
-
-/*
- * wpas_dbus_handler_abort_scan - Request an ongoing scan to be aborted
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: Abort failed or no scan in progress DBus error message on failure
- * or NULL otherwise.
- *
- * Handler function for "AbortScan" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_abort_scan(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	if (wpas_abort_ongoing_scan(wpa_s) < 0)
-		return dbus_message_new_error(
-			message, WPAS_DBUS_ERROR_IFACE_SCAN_ERROR,
-			"Abort failed or no scan in progress");
-
-	return NULL;
-}
-
-
-/**
- * wpas_dbus_new_iface_add_cred - Add a new credential
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: A dbus message containing the object path of the new credential
- *
- * Handler function for "AddCred" method call of a network interface.
- */
-DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter	iter;
-	struct wpa_cred *cred = NULL;
-	char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf;
-	DBusError error;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (wpa_s->dbus_new_path)
-		cred = wpa_config_add_cred(wpa_s->conf);
-	if (!cred) {
-		wpa_printf(MSG_ERROR, "%s[dbus]: can't add new credential.",
-			   __func__);
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"wpa_supplicant could not add a credential on this interface.");
-		goto err;
-	}
-
-	dbus_error_init(&error);
-	if (!set_cred_properties(wpa_s, cred, &iter, &error)) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: control interface couldn't set credential properties",
-			   __func__);
-		reply = wpas_dbus_reply_new_from_error(message, &error,
-						       DBUS_ERROR_INVALID_ARGS,
-						       "Failed to add credential");
-		dbus_error_free(&error);
-		goto err;
-	}
-
-	/* Construct the object path for this network. */
-	os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_CREDENTIALS_PART "/%d",
-		    wpa_s->dbus_new_path, cred->id);
-
-	reply = dbus_message_new_method_return(message);
-	if (!reply) {
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-	if (!dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH, &path,
-				      DBUS_TYPE_INVALID)) {
-		dbus_message_unref(reply);
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-
-	return reply;
-
-err:
-	if (cred)
-		wpa_config_remove_cred(wpa_s->conf, cred->id);
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_remove_cred - Remove a configured credential
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "RemoveCred" method call of a network interface.
- */
-DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	const char *op;
-	char *iface, *cred_id;
-	int id;
-	struct wpa_cred *cred;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op,
-			      DBUS_TYPE_INVALID);
-
-	/* Extract the network ID and ensure the network is actually a child of
-	 * this interface */
-	iface = wpas_dbus_new_decompose_object_path(
-		op, WPAS_DBUS_NEW_CREDENTIALS_PART, &cred_id);
-	if (!iface || !cred_id || !wpa_s->dbus_new_path ||
-	    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	errno = 0;
-	id = strtoul(cred_id, NULL, 10);
-	if (errno != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	cred = wpa_config_get_cred(wpa_s->conf, id);
-	if (!cred) {
-		wpa_printf(MSG_ERROR, "%s[dbus]: could not find credential %s",
-			   __func__, op);
-		reply = wpas_dbus_error_invalid_args(
-			message, "could not find credential");
-		goto out;
-	}
-
-	if (wpas_remove_cred(wpa_s, cred) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "%s[dbus]: error occurred when removing cred %d",
-			   __func__, id);
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"error removing the specified credential on its interface.");
-		goto out;
-	}
-
-out:
-	os_free(iface);
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_remove_all_creds - Remove all the configured credentials
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "RemoveAllCreds" method call of a network interface.
- */
-DBusMessage * wpas_dbus_handler_remove_all_creds(DBusMessage *message,
-						 struct wpa_supplicant *wpa_s)
-{
-	int res;
-	DBusMessage *reply = NULL;
-
-	res = wpas_remove_all_creds(wpa_s);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR,
-			   "%s[dbus]: failed to remove all credentials",
-			   __func__);
-		reply = wpas_dbus_error_unknown_error(
-			message, "failed to remove all credentials");
-	}
-
-	return reply;
-}
-
-
-DBusMessage *
-wpas_dbus_handler_interworking_select(DBusMessage *message,
-				      struct wpa_supplicant *wpa_s)
-{
-	int result;
-	DBusMessage *reply = NULL;
-
-	/* Automatic selection is disabled and no constraint on channels */
-	result = interworking_select(wpa_s, 0, NULL);
-	if (result < 0) {
-		wpa_printf(MSG_ERROR,
-			   "%s[dbus]: failed to start Interworking selection",
-			   __func__);
-		reply = wpas_dbus_error_scan_error(
-			message,
-			"error starting Interworking selection.");
-	}
-
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_signal_poll - Request immediate signal properties
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "SignalPoll" method call of a network device. Requests
- * that wpa_supplicant read signal properties like RSSI, noise, and link
- * speed and return them.
- */
-DBusMessage * wpas_dbus_handler_signal_poll(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	struct wpa_signal_info si;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter, iter_dict, variant_iter;
-	int ret;
-
-	ret = wpa_drv_signal_poll(wpa_s, &si);
-	if (ret) {
-		return dbus_message_new_error(message, DBUS_ERROR_FAILED,
-					      "Failed to read signal");
-	}
-
-	reply = dbus_message_new_method_return(message);
-	if (reply == NULL)
-		goto nomem;
-
-	dbus_message_iter_init_append(reply, &iter);
-
-	if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
-					      "a{sv}", &variant_iter) ||
-	    !wpa_dbus_dict_open_write(&variant_iter, &iter_dict) ||
-	    !wpa_dbus_dict_append_int32(&iter_dict, "rssi",
-					si.current_signal) ||
-	    !wpa_dbus_dict_append_int32(&iter_dict, "linkspeed",
-					si.current_txrate / 1000) ||
-	    !wpa_dbus_dict_append_int32(&iter_dict, "noise",
-					si.current_noise) ||
-	    !wpa_dbus_dict_append_uint32(&iter_dict, "frequency",
-					 si.frequency) ||
-	    (si.chanwidth != CHAN_WIDTH_UNKNOWN &&
-	     !wpa_dbus_dict_append_string(
-		     &iter_dict, "width",
-		     channel_width_to_string(si.chanwidth))) ||
-	    (si.center_frq1 > 0 && si.center_frq2 > 0 &&
-	     (!wpa_dbus_dict_append_int32(&iter_dict, "center-frq1",
-					  si.center_frq1) ||
-	      !wpa_dbus_dict_append_int32(&iter_dict, "center-frq2",
-					  si.center_frq2))) ||
-	    (si.avg_signal &&
-	     !wpa_dbus_dict_append_int32(&iter_dict, "avg-rssi",
-					 si.avg_signal)) ||
-	    !wpa_dbus_dict_close_write(&variant_iter, &iter_dict) ||
-	    !dbus_message_iter_close_container(&iter, &variant_iter))
-		goto nomem;
-
-	return reply;
-
-nomem:
-	if (reply)
-		dbus_message_unref(reply);
-	return wpas_dbus_error_no_memory(message);
-}
-
-
-/*
- * wpas_dbus_handler_disconnect - Terminate the current connection
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NotConnected DBus error message if already not connected
- * or NULL otherwise.
- *
- * Handler function for "Disconnect" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_disconnect(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->current_ssid != NULL) {
-		wpas_request_disconnection(wpa_s);
-		return NULL;
-	}
-
-	return dbus_message_new_error(message, WPAS_DBUS_ERROR_NOT_CONNECTED,
-				      "This interface is not connected");
-}
-
-
-/**
- * wpas_dbus_new_iface_add_network - Add a new configured network
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: A dbus message containing the object path of the new network
- *
- * Handler function for "AddNetwork" method call of a network interface.
- */
-DBusMessage * wpas_dbus_handler_add_network(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter	iter;
-	struct wpa_ssid *ssid = NULL;
-	char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf;
-	DBusError error;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (wpa_s->dbus_new_path)
-		ssid = wpa_supplicant_add_network(wpa_s);
-	if (ssid == NULL) {
-		wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.",
-			   __func__);
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"wpa_supplicant could not add a network on this interface.");
-		goto err;
-	}
-
-	dbus_error_init(&error);
-	if (!set_network_properties(wpa_s, ssid, &iter, &error)) {
-		wpa_printf(MSG_DEBUG,
-			   "%s[dbus]: control interface couldn't set network properties",
-			   __func__);
-		reply = wpas_dbus_reply_new_from_error(message, &error,
-						       DBUS_ERROR_INVALID_ARGS,
-						       "Failed to add network");
-		dbus_error_free(&error);
-		goto err;
-	}
-
-	/* Construct the object path for this network. */
-	os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%d",
-		    wpa_s->dbus_new_path, ssid->id);
-
-	reply = dbus_message_new_method_return(message);
-	if (reply == NULL) {
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-	if (!dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH, &path,
-				      DBUS_TYPE_INVALID)) {
-		dbus_message_unref(reply);
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-
-	return reply;
-
-err:
-	if (ssid) {
-		wpas_notify_network_removed(wpa_s, ssid);
-		wpa_config_remove_network(wpa_s->conf, ssid->id);
-	}
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_reassociate - Reassociate
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: InterfaceDisabled DBus error message if disabled
- * or NULL otherwise.
- *
- * Handler function for "Reassociate" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_reassociate(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED) {
-		wpas_request_connection(wpa_s);
-		return NULL;
-	}
-
-	return dbus_message_new_error(message, WPAS_DBUS_ERROR_IFACE_DISABLED,
-				      "This interface is disabled");
-}
-
-
-/**
- * wpas_dbus_handler_expect_disconnect - ExpectDisconnect
- * @message: Pointer to incoming dbus message
- * @global: %wpa_supplicant global data structure
- * Returns: NULL
- *
- * Handler function for notifying system there will be a expected disconnect.
- * This will prevent wpa_supplicant from adding the BSSID to the ignore list
- * upon next disconnect.
- */
-DBusMessage * wpas_dbus_handler_expect_disconnect(DBusMessage *message,
-						  struct wpa_global *global)
-{
-	struct wpa_supplicant *wpa_s = global->ifaces;
-
-	for (; wpa_s; wpa_s = wpa_s->next)
-		if (wpa_s->wpa_state >= WPA_ASSOCIATED)
-			wpa_s->own_disconnect_req = 1;
-	return NULL;
-}
-
-
-/**
- * wpas_dbus_handler_reattach - Reattach to current AP
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NotConnected DBus error message if not connected
- * or NULL otherwise.
- *
- * Handler function for "Reattach" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_reattach(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->current_ssid != NULL) {
-		wpa_s->reattach = 1;
-		wpas_request_connection(wpa_s);
-		return NULL;
-	}
-
-	return dbus_message_new_error(message, WPAS_DBUS_ERROR_NOT_CONNECTED,
-				      "This interface is not connected");
-}
-
-
-/**
- * wpas_dbus_handler_reconnect - Reconnect if disconnected
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: InterfaceDisabled DBus error message if disabled
- * or NULL otherwise.
- *
- * Handler function for "Reconnect" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_reconnect(DBusMessage *message,
-		struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-		return dbus_message_new_error(message,
-					      WPAS_DBUS_ERROR_IFACE_DISABLED,
-					      "This interface is disabled");
-	}
-
-	if (wpa_s->disconnected)
-		wpas_request_connection(wpa_s);
-	return NULL;
-}
-
-
-/**
- * wpas_dbus_handler_remove_network - Remove a configured network
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "RemoveNetwork" method call of a network interface.
- */
-DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
-					       struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	const char *op;
-	char *iface, *net_id;
-	int id;
-	int result;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op,
-			      DBUS_TYPE_INVALID);
-
-	/* Extract the network ID and ensure the network */
-	/* is actually a child of this interface */
-	iface = wpas_dbus_new_decompose_object_path(op,
-						    WPAS_DBUS_NEW_NETWORKS_PART,
-						    &net_id);
-	if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
-	    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	errno = 0;
-	id = strtoul(net_id, NULL, 10);
-	if (errno != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	result = wpa_supplicant_remove_network(wpa_s, id);
-	if (result == -1) {
-		reply = wpas_dbus_error_network_unknown(message);
-		goto out;
-	}
-	if (result == -2) {
-		wpa_printf(MSG_ERROR,
-			   "%s[dbus]: error occurred when removing network %d",
-			   __func__, id);
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"error removing the specified network on is interface.");
-		goto out;
-	}
-
-out:
-	os_free(iface);
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_remove_all_networks - Remove all configured networks
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "RemoveAllNetworks" method call of a network interface.
- */
-DBusMessage * wpas_dbus_handler_remove_all_networks(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	/* NB: could check for failure and return an error */
-	wpa_supplicant_remove_all_networks(wpa_s);
-	return NULL;
-}
-
-
-/**
- * wpas_dbus_handler_select_network - Attempt association with a network
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "SelectNetwork" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_select_network(DBusMessage *message,
-					       struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	const char *op;
-	char *iface, *net_id;
-	int id;
-	struct wpa_ssid *ssid;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op,
-			      DBUS_TYPE_INVALID);
-
-	/* Extract the network ID and ensure the network */
-	/* is actually a child of this interface */
-	iface = wpas_dbus_new_decompose_object_path(op,
-						    WPAS_DBUS_NEW_NETWORKS_PART,
-						    &net_id);
-	if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
-	    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	errno = 0;
-	id = strtoul(net_id, NULL, 10);
-	if (errno != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		reply = wpas_dbus_error_network_unknown(message);
-		goto out;
-	}
-
-	/* Finally, associate with the network */
-	wpa_supplicant_select_network(wpa_s, ssid);
-
-out:
-	os_free(iface);
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_network_reply - Reply to a NetworkRequest signal
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "NetworkReply" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_network_reply(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s)
-{
-#ifdef IEEE8021X_EAPOL
-	DBusMessage *reply = NULL;
-	const char *op, *field, *value;
-	char *iface, *net_id;
-	int id;
-	struct wpa_ssid *ssid;
-
-	if (!dbus_message_get_args(message, NULL,
-				   DBUS_TYPE_OBJECT_PATH, &op,
-				   DBUS_TYPE_STRING, &field,
-				   DBUS_TYPE_STRING, &value,
-				   DBUS_TYPE_INVALID))
-		return wpas_dbus_error_invalid_args(message, NULL);
-
-	/* Extract the network ID and ensure the network */
-	/* is actually a child of this interface */
-	iface = wpas_dbus_new_decompose_object_path(op,
-						    WPAS_DBUS_NEW_NETWORKS_PART,
-						    &net_id);
-	if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
-	    os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	errno = 0;
-	id = strtoul(net_id, NULL, 10);
-	if (errno != 0) {
-		reply = wpas_dbus_error_invalid_args(message, net_id);
-		goto out;
-	}
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		reply = wpas_dbus_error_network_unknown(message);
-		goto out;
-	}
-
-	if (wpa_supplicant_ctrl_iface_ctrl_rsp_handle(wpa_s, ssid,
-						      field, value) < 0)
-		reply = wpas_dbus_error_invalid_args(message, field);
-	else {
-		/* Tell EAP to retry immediately */
-		eapol_sm_notify_ctrl_response(wpa_s->eapol);
-	}
-
-out:
-	os_free(iface);
-	return reply;
-#else /* IEEE8021X_EAPOL */
-	wpa_printf(MSG_DEBUG, "dbus: 802.1X not included");
-	return wpas_dbus_error_unknown_error(message, "802.1X not included");
-#endif /* IEEE8021X_EAPOL */
-}
-
-
-/**
- * wpas_dbus_handler_roam - Initiate a roam to another BSS within the ESS
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "Roam" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_roam(DBusMessage *message,
-				     struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_NO_SCAN_PROCESSING
-	return wpas_dbus_error_unknown_error(message,
-					     "scan processing not included");
-#else /* CONFIG_NO_SCAN_PROCESSING */
-	u8 bssid[ETH_ALEN];
-	struct wpa_bss *bss;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	char *addr;
-	struct wpa_radio_work *already_connecting;
-
-	if (!dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &addr,
-				   DBUS_TYPE_INVALID))
-		return wpas_dbus_error_invalid_args(message, NULL);
-
-	if (hwaddr_aton(addr, bssid))
-		return wpas_dbus_error_invalid_args(
-			message, "Invalid hardware address format");
-
-	wpa_printf(MSG_DEBUG, "dbus: Roam " MACSTR, MAC2STR(bssid));
-
-	if (!ssid)
-		return dbus_message_new_error(
-			message, WPAS_DBUS_ERROR_NOT_CONNECTED,
-			"This interface is not connected");
-
-	bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "dbus: Roam: Target BSS not found");
-		return wpas_dbus_error_invalid_args(
-			message, "Target BSS not found");
-	}
-
-	already_connecting = radio_work_pending(wpa_s, "sme-connect");
-	wpa_s->reassociate = 1;
-	wpa_supplicant_connect(wpa_s, bss, ssid);
-
-	/*
-	 * Indicate that an explicitly requested roam is in progress so scan
-	 * results that come in before the 'sme-connect' radio work gets
-	 * executed do not override the original connection attempt.
-	 */
-	if (!already_connecting && radio_work_pending(wpa_s, "sme-connect"))
-		wpa_s->roam_in_progress = true;
-
-	return NULL;
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-}
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-
-/**
- * wpas_dbus_handler_add_blob - Store named binary blob (ie, for certificates)
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: A dbus message containing an error on failure or NULL on success
- *
- * Asks wpa_supplicant to internally store a binary blobs.
- */
-DBusMessage * wpas_dbus_handler_add_blob(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter	iter, array_iter;
-
-	char *blob_name;
-	u8 *blob_data;
-	int blob_len;
-	struct wpa_config_blob *blob = NULL;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &blob_name);
-
-	if (wpa_config_get_blob(wpa_s->conf, blob_name)) {
-		return dbus_message_new_error(message,
-					      WPAS_DBUS_ERROR_BLOB_EXISTS,
-					      NULL);
-	}
-
-	dbus_message_iter_next(&iter);
-	dbus_message_iter_recurse(&iter, &array_iter);
-
-	dbus_message_iter_get_fixed_array(&array_iter, &blob_data, &blob_len);
-
-	blob = os_zalloc(sizeof(*blob));
-	if (!blob) {
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-
-	blob->data = os_memdup(blob_data, blob_len);
-	blob->name = os_strdup(blob_name);
-	if (!blob->data || !blob->name) {
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-	blob->len = blob_len;
-
-	wpa_config_set_blob(wpa_s->conf, blob);
-	wpas_notify_blob_added(wpa_s, blob->name);
-
-	return reply;
-
-err:
-	if (blob) {
-		os_free(blob->name);
-		os_free(blob->data);
-		os_free(blob);
-	}
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_get_blob - Get named binary blob (ie, for certificates)
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: A dbus message containing array of bytes (blob)
- *
- * Gets one wpa_supplicant's binary blobs.
- */
-DBusMessage * wpas_dbus_handler_get_blob(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter	iter, array_iter;
-
-	char *blob_name;
-	const struct wpa_config_blob *blob;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &blob_name,
-			      DBUS_TYPE_INVALID);
-
-	blob = wpa_config_get_blob(wpa_s->conf, blob_name);
-	if (!blob) {
-		return dbus_message_new_error(message,
-					      WPAS_DBUS_ERROR_BLOB_UNKNOWN,
-					      "Blob id not set");
-	}
-
-	reply = dbus_message_new_method_return(message);
-	if (!reply)
-		return wpas_dbus_error_no_memory(message);
-
-	dbus_message_iter_init_append(reply, &iter);
-
-	if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY,
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &array_iter) ||
-	    !dbus_message_iter_append_fixed_array(&array_iter, DBUS_TYPE_BYTE,
-						  &(blob->data), blob->len) ||
-	    !dbus_message_iter_close_container(&iter, &array_iter)) {
-		dbus_message_unref(reply);
-		reply = wpas_dbus_error_no_memory(message);
-	}
-
-	return reply;
-}
-
-
-/**
- * wpas_remove_handler_remove_blob - Remove named binary blob
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: NULL on success or dbus error
- *
- * Asks wpa_supplicant to internally remove a binary blobs.
- */
-DBusMessage * wpas_dbus_handler_remove_blob(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	char *blob_name;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &blob_name,
-			      DBUS_TYPE_INVALID);
-
-	if (wpa_config_remove_blob(wpa_s->conf, blob_name)) {
-		return dbus_message_new_error(message,
-					      WPAS_DBUS_ERROR_BLOB_UNKNOWN,
-					      "Blob id not set");
-	}
-	wpas_notify_blob_removed(wpa_s, blob_name);
-
-	return reply;
-
-}
-
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-
-/*
- * wpas_dbus_handler_flush_bss - Flush the BSS cache
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL
- *
- * Handler function for "FlushBSS" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_flush_bss(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s)
-{
-	dbus_uint32_t age;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_UINT32, &age,
-			      DBUS_TYPE_INVALID);
-
-	if (age == 0)
-		wpa_bss_flush(wpa_s);
-	else
-		wpa_bss_flush_by_age(wpa_s, age);
-
-	return NULL;
-}
-
-
-#ifdef CONFIG_AUTOSCAN
-/**
- * wpas_dbus_handler_autoscan - Set autoscan parameters for the interface
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL
- *
- * Handler function for "AutoScan" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_autoscan(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	enum wpa_states state = wpa_s->wpa_state;
-	char *arg;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &arg,
-			      DBUS_TYPE_INVALID);
-
-	if (arg != NULL && os_strlen(arg) > 0) {
-		char *tmp;
-
-		tmp = os_strdup(arg);
-		if (tmp == NULL) {
-			reply = wpas_dbus_error_no_memory(message);
-		} else {
-			os_free(wpa_s->conf->autoscan);
-			wpa_s->conf->autoscan = tmp;
-			if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
-				autoscan_init(wpa_s, 1);
-			else if (state == WPA_SCANNING)
-				wpa_supplicant_reinit_autoscan(wpa_s);
-		}
-	} else if (arg != NULL && os_strlen(arg) == 0) {
-		os_free(wpa_s->conf->autoscan);
-		wpa_s->conf->autoscan = NULL;
-		autoscan_deinit(wpa_s);
-	} else
-		reply = dbus_message_new_error(message,
-					       DBUS_ERROR_INVALID_ARGS,
-					       NULL);
-
-	return reply;
-}
-#endif /* CONFIG_AUTOSCAN */
-
-
-/*
- * wpas_dbus_handler_eap_logoff - IEEE 802.1X EAPOL state machine logoff
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL
- *
- * Handler function for "EAPLogoff" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_eap_logoff(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	eapol_sm_notify_logoff(wpa_s->eapol, TRUE);
-	return NULL;
-}
-
-
-/*
- * wpas_dbus_handler_eap_logon - IEEE 802.1X EAPOL state machine logon
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL
- *
- * Handler function for "EAPLogin" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_eap_logon(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s)
-{
-	eapol_sm_notify_logoff(wpa_s->eapol, FALSE);
-	return NULL;
-}
-
-
-#ifdef CONFIG_TDLS
-
-static int get_peer_hwaddr_helper(DBusMessage *message, const char *func_name,
-				  u8 *peer_address, DBusMessage **error)
-{
-	const char *peer_string;
-
-	*error = NULL;
-
-	if (!dbus_message_get_args(message, NULL,
-				   DBUS_TYPE_STRING, &peer_string,
-				   DBUS_TYPE_INVALID)) {
-		*error = wpas_dbus_error_invalid_args(message, NULL);
-		return -1;
-	}
-
-	if (hwaddr_aton(peer_string, peer_address)) {
-		wpa_printf(MSG_DEBUG, "%s: invalid address '%s'",
-			   func_name, peer_string);
-		*error = wpas_dbus_error_invalid_args(
-			message, "Invalid hardware address format");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-/*
- * wpas_dbus_handler_tdls_discover - Discover TDLS peer
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "TDLSDiscover" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_tdls_discover(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s)
-{
-	u8 peer[ETH_ALEN];
-	DBusMessage *error_reply;
-	int ret;
-
-	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
-		return error_reply;
-
-	wpa_printf(MSG_DEBUG, "DBUS TDLS_DISCOVER " MACSTR, MAC2STR(peer));
-
-	if (wpa_tdls_is_external_setup(wpa_s->wpa))
-		ret = wpa_tdls_send_discovery_request(wpa_s->wpa, peer);
-	else
-		ret = wpa_drv_tdls_oper(wpa_s, TDLS_DISCOVERY_REQ, peer);
-
-	if (ret) {
-		return wpas_dbus_error_unknown_error(
-			message, "error performing TDLS discovery");
-	}
-
-	return NULL;
-}
-
-
-/*
- * wpas_dbus_handler_tdls_setup - Setup TDLS session
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "TDLSSetup" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_tdls_setup(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	u8 peer[ETH_ALEN];
-	DBusMessage *error_reply;
-	int ret;
-
-	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
-		return error_reply;
-
-	wpa_printf(MSG_DEBUG, "DBUS TDLS_SETUP " MACSTR, MAC2STR(peer));
-
-	wpa_tdls_remove(wpa_s->wpa, peer);
-	if (wpa_tdls_is_external_setup(wpa_s->wpa))
-		ret = wpa_tdls_start(wpa_s->wpa, peer);
-	else
-		ret = wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
-
-	if (ret) {
-		return wpas_dbus_error_unknown_error(
-			message, "error performing TDLS setup");
-	}
-
-	return NULL;
-}
-
-
-/*
- * wpas_dbus_handler_tdls_status - Return TDLS session status
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: A string representing the state of the link to this TDLS peer
- *
- * Handler function for "TDLSStatus" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_tdls_status(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	u8 peer[ETH_ALEN];
-	DBusMessage *reply;
-	const char *tdls_status;
-
-	if (get_peer_hwaddr_helper(message, __func__, peer, &reply) < 0)
-		return reply;
-
-	wpa_printf(MSG_DEBUG, "DBUS TDLS_STATUS " MACSTR, MAC2STR(peer));
-
-	tdls_status = wpa_tdls_get_link_status(wpa_s->wpa, peer);
-
-	reply = dbus_message_new_method_return(message);
-	dbus_message_append_args(reply, DBUS_TYPE_STRING,
-				 &tdls_status, DBUS_TYPE_INVALID);
-	return reply;
-}
-
-
-/*
- * wpas_dbus_handler_tdls_teardown - Teardown TDLS session
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "TDLSTeardown" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_tdls_teardown(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s)
-{
-	u8 peer[ETH_ALEN];
-	DBusMessage *error_reply;
-	int ret;
-
-	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
-		return error_reply;
-
-	wpa_printf(MSG_DEBUG, "DBUS TDLS_TEARDOWN " MACSTR, MAC2STR(peer));
-
-	if (wpa_tdls_is_external_setup(wpa_s->wpa))
-		ret = wpa_tdls_teardown_link(
-			wpa_s->wpa, peer,
-			WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
-	else
-		ret = wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, peer);
-
-	if (ret) {
-		return wpas_dbus_error_unknown_error(
-			message, "error performing TDLS teardown");
-	}
-
-	return NULL;
-}
-
-/*
- * wpas_dbus_handler_tdls_channel_switch - Enable channel switching with TDLS peer
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "TDLSChannelSwitch" method call of network interface.
- */
-DBusMessage *
-wpas_dbus_handler_tdls_channel_switch(DBusMessage *message,
-				      struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter	iter, iter_dict;
-	struct wpa_dbus_dict_entry entry;
-	u8 peer[ETH_ALEN];
-	struct hostapd_freq_params freq_params;
-	u8 oper_class = 0;
-	int ret;
-	int is_peer_present = 0;
-
-	if (!wpa_tdls_is_external_setup(wpa_s->wpa)) {
-		wpa_printf(MSG_INFO,
-			   "tdls_chanswitch: Only supported with external setup");
-		return wpas_dbus_error_unknown_error(message, "TDLS is not using external setup");
-	}
-
-	os_memset(&freq_params, 0, sizeof(freq_params));
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		return wpas_dbus_error_invalid_args(message, NULL);
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			return wpas_dbus_error_invalid_args(message, NULL);
-
-		if (os_strcmp(entry.key, "PeerAddress") == 0 &&
-		    entry.type == DBUS_TYPE_STRING) {
-			if (hwaddr_aton(entry.str_value, peer)) {
-				wpa_printf(MSG_DEBUG,
-					   "tdls_chanswitch: Invalid address '%s'",
-					   entry.str_value);
-				wpa_dbus_dict_entry_clear(&entry);
-				return wpas_dbus_error_invalid_args(message,
-								    NULL);
-			}
-
-			is_peer_present = 1;
-		} else if (os_strcmp(entry.key, "OperClass") == 0 &&
-			   entry.type == DBUS_TYPE_BYTE) {
-			oper_class = entry.byte_value;
-		} else if (os_strcmp(entry.key, "Frequency") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			freq_params.freq = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "SecChannelOffset") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			freq_params.sec_channel_offset = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "CenterFrequency1") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			freq_params.center_freq1 = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "CenterFrequency2") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			freq_params.center_freq2 = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "Bandwidth") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			freq_params.bandwidth = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "HT") == 0 &&
-			   entry.type == DBUS_TYPE_BOOLEAN) {
-			freq_params.ht_enabled = entry.bool_value;
-		} else if (os_strcmp(entry.key, "VHT") == 0 &&
-			   entry.type == DBUS_TYPE_BOOLEAN) {
-			freq_params.vht_enabled = entry.bool_value;
-		} else {
-			wpa_dbus_dict_entry_clear(&entry);
-			return wpas_dbus_error_invalid_args(message, NULL);
-		}
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	if (oper_class == 0) {
-		wpa_printf(MSG_INFO,
-			   "tdls_chanswitch: Invalid op class provided");
-		return wpas_dbus_error_invalid_args(
-			message, "Invalid op class provided");
-	}
-
-	if (freq_params.freq == 0) {
-		wpa_printf(MSG_INFO,
-			   "tdls_chanswitch: Invalid freq provided");
-		return wpas_dbus_error_invalid_args(message,
-						    "Invalid freq provided");
-	}
-
-	if (is_peer_present == 0) {
-		wpa_printf(MSG_DEBUG,
-			   "tdls_chanswitch: peer address not provided");
-		return wpas_dbus_error_invalid_args(
-			message, "peer address not provided");
-	}
-
-	wpa_printf(MSG_DEBUG, "dbus: TDLS_CHAN_SWITCH " MACSTR
-		   " OP CLASS %d FREQ %d CENTER1 %d CENTER2 %d BW %d SEC_OFFSET %d%s%s",
-		   MAC2STR(peer), oper_class, freq_params.freq,
-		   freq_params.center_freq1, freq_params.center_freq2,
-		   freq_params.bandwidth, freq_params.sec_channel_offset,
-		   freq_params.ht_enabled ? " HT" : "",
-		   freq_params.vht_enabled ? " VHT" : "");
-
-	ret = wpa_tdls_enable_chan_switch(wpa_s->wpa, peer, oper_class,
-					  &freq_params);
-	if (ret)
-		return wpas_dbus_error_unknown_error(
-			message, "error processing TDLS channel switch");
-
-	return NULL;
-}
-
-/*
- * wpas_dbus_handler_tdls_cancel_channel_switch - Disable channel switching with TDLS peer
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL indicating success or DBus error message on failure
- *
- * Handler function for "TDLSCancelChannelSwitch" method call of network
- * interface.
- */
-DBusMessage *
-wpas_dbus_handler_tdls_cancel_channel_switch(DBusMessage *message,
-					     struct wpa_supplicant *wpa_s)
-{
-	u8 peer[ETH_ALEN];
-	DBusMessage *error_reply;
-	int ret;
-
-	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
-		return error_reply;
-
-	wpa_printf(MSG_DEBUG, "dbus: TDLS_CANCEL_CHAN_SWITCH " MACSTR,
-		   MAC2STR(peer));
-
-	ret = wpa_tdls_disable_chan_switch(wpa_s->wpa, peer);
-	if (ret)
-		return wpas_dbus_error_unknown_error(
-			message, "error canceling TDLS channel switch");
-
-	return NULL;
-}
-
-#endif /* CONFIG_TDLS */
-
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-/**
- * wpas_dbus_handler_save_config - Save configuration to configuration file
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on Success, Otherwise error message
- *
- * Handler function for "SaveConfig" method call of network interface.
- */
-DBusMessage * wpas_dbus_handler_save_config(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	int ret;
-
-	if (!wpa_s->conf->update_config) {
-		return wpas_dbus_error_unknown_error(
-			message,
-			"Not allowed to update configuration (update_config=0)");
-	}
-
-	ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
-	if (ret)
-		return wpas_dbus_error_unknown_error(
-			message, "Failed to update configuration");
-	return NULL;
-}
-#endif /* CONFIG_NO_CONFIG_WRITE */
-
-
-/**
- * wpas_dbus_handler_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: A dbus message containing an error on failure or NULL on success
- *
- * Sets the PKCS #11 engine and module path.
- */
-DBusMessage * wpas_dbus_handler_set_pkcs11_engine_and_module_path(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter;
-	char *value = NULL;
-	char *pkcs11_engine_path = NULL;
-	char *pkcs11_module_path = NULL;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &value);
-	if (value == NULL) {
-		return dbus_message_new_error(
-			message, DBUS_ERROR_INVALID_ARGS,
-			"Invalid pkcs11_engine_path argument");
-	}
-	/* Empty path defaults to NULL */
-	if (os_strlen(value))
-		pkcs11_engine_path = value;
-
-	dbus_message_iter_next(&iter);
-	dbus_message_iter_get_basic(&iter, &value);
-	if (value == NULL) {
-		os_free(pkcs11_engine_path);
-		return dbus_message_new_error(
-			message, DBUS_ERROR_INVALID_ARGS,
-			"Invalid pkcs11_module_path argument");
-	}
-	/* Empty path defaults to NULL */
-	if (os_strlen(value))
-		pkcs11_module_path = value;
-
-	if (wpas_set_pkcs11_engine_and_module_path(wpa_s, pkcs11_engine_path,
-						   pkcs11_module_path))
-		return dbus_message_new_error(
-			message, DBUS_ERROR_FAILED,
-			"Reinit of the EAPOL state machine with the new PKCS #11 engine and module path failed.");
-
-	if (wpa_s->dbus_new_path) {
-		wpa_dbus_mark_property_changed(
-			wpa_s->global->dbus, wpa_s->dbus_new_path,
-			WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath");
-		wpa_dbus_mark_property_changed(
-			wpa_s->global->dbus, wpa_s->dbus_new_path,
-			WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath");
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpas_dbus_getter_capabilities - Return interface capabilities
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Capabilities" property of an interface.
- */
-dbus_bool_t wpas_dbus_getter_capabilities(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_driver_capa capa;
-	int res;
-	DBusMessageIter iter_dict, iter_dict_entry, iter_dict_val, iter_array,
-		variant_iter;
-	const char *scans[] = { "active", "passive", "ssid" };
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      "a{sv}", &variant_iter) ||
-	    !wpa_dbus_dict_open_write(&variant_iter, &iter_dict))
-		goto nomem;
-
-	res = wpa_drv_get_capa(wpa_s, &capa);
-
-	/***** pairwise cipher */
-	if (res < 0) {
-#ifdef CONFIG_NO_TKIP
-		const char *args[] = {"ccmp", "none"};
-#else /* CONFIG_NO_TKIP */
-		const char *args[] = {"ccmp", "tkip", "none"};
-#endif /* CONFIG_NO_TKIP */
-
-		if (!wpa_dbus_dict_append_string_array(
-			    &iter_dict, "Pairwise", args,
-			    ARRAY_SIZE(args)))
-			goto nomem;
-	} else {
-		if (!wpa_dbus_dict_begin_string_array(&iter_dict, "Pairwise",
-						      &iter_dict_entry,
-						      &iter_dict_val,
-						      &iter_array) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_CCMP_256) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "ccmp-256")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP_256) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "gcmp-256")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "ccmp")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "gcmp")) ||
-#ifndef CONFIG_NO_TKIP
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "tkip")) ||
-#endif /* CONFIG_NO_TKIP */
-		    ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "none")) ||
-		    !wpa_dbus_dict_end_string_array(&iter_dict,
-						    &iter_dict_entry,
-						    &iter_dict_val,
-						    &iter_array))
-			goto nomem;
-	}
-
-	/***** group cipher */
-	if (res < 0) {
-		const char *args[] = {
-			"ccmp",
-#ifndef CONFIG_NO_TKIP
-			"tkip",
-#endif /* CONFIG_NO_TKIP */
-#ifdef CONFIG_WEP
-			"wep104", "wep40"
-#endif /* CONFIG_WEP */
-		};
-
-		if (!wpa_dbus_dict_append_string_array(
-			    &iter_dict, "Group", args,
-			    ARRAY_SIZE(args)))
-			goto nomem;
-	} else {
-		if (!wpa_dbus_dict_begin_string_array(&iter_dict, "Group",
-						      &iter_dict_entry,
-						      &iter_dict_val,
-						      &iter_array) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_CCMP_256) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "ccmp-256")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP_256) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "gcmp-256")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "ccmp")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "gcmp")) ||
-#ifndef CONFIG_NO_TKIP
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "tkip")) ||
-#endif /* CONFIG_NO_TKIP */
-#ifdef CONFIG_WEP
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_WEP104) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "wep104")) ||
-		    ((capa.enc & WPA_DRIVER_CAPA_ENC_WEP40) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "wep40")) ||
-#endif /* CONFIG_WEP */
-		    !wpa_dbus_dict_end_string_array(&iter_dict,
-						    &iter_dict_entry,
-						    &iter_dict_val,
-						    &iter_array))
-			goto nomem;
-	}
-
-	if (!wpa_dbus_dict_begin_string_array(&iter_dict, "GroupMgmt",
-					      &iter_dict_entry,
-					      &iter_dict_val,
-					      &iter_array) ||
-	    (res == 0 && (capa.enc & WPA_DRIVER_CAPA_ENC_BIP) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "aes-128-cmac")) ||
-	    (res == 0 && (capa.enc & WPA_DRIVER_CAPA_ENC_BIP_GMAC_128) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "bip-gmac-128")) ||
-	    (res == 0 && (capa.enc & WPA_DRIVER_CAPA_ENC_BIP_GMAC_256) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "bip-gmac-256")) ||
-	    (res == 0 && (capa.enc & WPA_DRIVER_CAPA_ENC_BIP_CMAC_256) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "bip-cmac-256")) ||
-	    !wpa_dbus_dict_end_string_array(&iter_dict,
-					    &iter_dict_entry,
-					    &iter_dict_val,
-					    &iter_array))
-		goto nomem;
-
-	/***** key management */
-	if (res < 0) {
-		const char *args[] = {
-			"wpa-psk", "wpa-eap", "ieee8021x", "wpa-none",
-#ifdef CONFIG_WPS
-			"wps",
-#endif /* CONFIG_WPS */
-			"none"
-		};
-		if (!wpa_dbus_dict_append_string_array(
-			    &iter_dict, "KeyMgmt", args,
-			    ARRAY_SIZE(args)))
-			goto nomem;
-	} else {
-		if (!wpa_dbus_dict_begin_string_array(&iter_dict, "KeyMgmt",
-						      &iter_dict_entry,
-						      &iter_dict_val,
-						      &iter_array) ||
-		    !wpa_dbus_dict_string_array_add_element(&iter_array,
-							    "none") ||
-		    !wpa_dbus_dict_string_array_add_element(&iter_array,
-							    "ieee8021x"))
-			goto nomem;
-
-		if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
-				     WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
-			if (!wpa_dbus_dict_string_array_add_element(
-				    &iter_array, "wpa-eap") ||
-			    ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT) &&
-			     !wpa_dbus_dict_string_array_add_element(
-				     &iter_array, "wpa-ft-eap")))
-				goto nomem;
-
-/* TODO: Ensure that driver actually supports sha256 encryption. */
-			if (!wpa_dbus_dict_string_array_add_element(
-				    &iter_array, "wpa-eap-sha256"))
-				goto nomem;
-		}
-
-		if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
-				     WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
-			if (!wpa_dbus_dict_string_array_add_element(
-				    &iter_array, "wpa-psk") ||
-			    ((capa.key_mgmt &
-			      WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK) &&
-			     !wpa_dbus_dict_string_array_add_element(
-				     &iter_array, "wpa-ft-psk")))
-				goto nomem;
-
-/* TODO: Ensure that driver actually supports sha256 encryption. */
-			if (!wpa_dbus_dict_string_array_add_element(
-				    &iter_array, "wpa-psk-sha256"))
-				goto nomem;
-		}
-
-		if ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) &&
-		    !wpa_dbus_dict_string_array_add_element(&iter_array,
-							    "wpa-none"))
-			goto nomem;
-
-
-#ifdef CONFIG_WPS
-		if (!wpa_dbus_dict_string_array_add_element(&iter_array,
-							    "wps"))
-			goto nomem;
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_SAE
-		if ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
-		    !wpa_dbus_dict_string_array_add_element(&iter_array, "sae"))
-			goto nomem;
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_OWE
-		if ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OWE) &&
-		    !wpa_dbus_dict_string_array_add_element(&iter_array, "owe"))
-			goto nomem;
-#endif /* CONFIG_OWE */
-
-		if (!wpa_dbus_dict_end_string_array(&iter_dict,
-						    &iter_dict_entry,
-						    &iter_dict_val,
-						    &iter_array))
-			goto nomem;
-	}
-
-	/***** WPA protocol */
-	if (res < 0) {
-		const char *args[] = { "rsn", "wpa" };
-
-		if (!wpa_dbus_dict_append_string_array(
-			    &iter_dict, "Protocol", args,
-			    ARRAY_SIZE(args)))
-			goto nomem;
-	} else {
-		if (!wpa_dbus_dict_begin_string_array(&iter_dict, "Protocol",
-						      &iter_dict_entry,
-						      &iter_dict_val,
-						      &iter_array) ||
-		    ((capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
-				       WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "rsn")) ||
-		    ((capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
-				       WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK)) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "wpa")) ||
-		    !wpa_dbus_dict_end_string_array(&iter_dict,
-						    &iter_dict_entry,
-						    &iter_dict_val,
-						    &iter_array))
-			goto nomem;
-	}
-
-	/***** auth alg */
-	if (res < 0) {
-		const char *args[] = { "open", "shared", "leap" };
-
-		if (!wpa_dbus_dict_append_string_array(
-			    &iter_dict, "AuthAlg", args,
-			    ARRAY_SIZE(args)))
-			goto nomem;
-	} else {
-		if (!wpa_dbus_dict_begin_string_array(&iter_dict, "AuthAlg",
-						      &iter_dict_entry,
-						      &iter_dict_val,
-						      &iter_array))
-			goto nomem;
-
-		if (((capa.auth & WPA_DRIVER_AUTH_OPEN) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "open")) ||
-		    ((capa.auth & WPA_DRIVER_AUTH_SHARED) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "shared")) ||
-		    ((capa.auth & WPA_DRIVER_AUTH_LEAP) &&
-		     !wpa_dbus_dict_string_array_add_element(
-			     &iter_array, "leap")) ||
-		    !wpa_dbus_dict_end_string_array(&iter_dict,
-						    &iter_dict_entry,
-						    &iter_dict_val,
-						    &iter_array))
-			goto nomem;
-	}
-
-	/***** Scan */
-	if (!wpa_dbus_dict_append_string_array(&iter_dict, "Scan", scans,
-					       ARRAY_SIZE(scans)))
-		goto nomem;
-
-	/***** Modes */
-	if (!wpa_dbus_dict_begin_string_array(&iter_dict, "Modes",
-					      &iter_dict_entry,
-					      &iter_dict_val,
-					      &iter_array) ||
-	    !wpa_dbus_dict_string_array_add_element(
-		    &iter_array, "infrastructure") ||
-	    (res >= 0 && (capa.flags & WPA_DRIVER_FLAGS_IBSS) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "ad-hoc")) ||
-	    (res >= 0 && (capa.flags & WPA_DRIVER_FLAGS_AP) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "ap")) ||
-	    (res >= 0 && (capa.flags & WPA_DRIVER_FLAGS_P2P_CAPABLE) &&
-	     !wpa_s->conf->p2p_disabled &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "p2p")) ||
-#ifdef CONFIG_MESH
-	    (res >= 0 && (capa.flags & WPA_DRIVER_FLAGS_MESH) &&
-	     !wpa_dbus_dict_string_array_add_element(
-		     &iter_array, "mesh")) ||
-#endif /* CONFIG_MESH */
-	    !wpa_dbus_dict_end_string_array(&iter_dict,
-					    &iter_dict_entry,
-					    &iter_dict_val,
-					    &iter_array))
-		goto nomem;
-	/***** Modes end */
-
-	if (res >= 0) {
-		dbus_int32_t max_scan_ssid = capa.max_scan_ssids;
-
-		if (!wpa_dbus_dict_append_int32(&iter_dict, "MaxScanSSID",
-						max_scan_ssid))
-			goto nomem;
-	}
-
-	if (!wpa_dbus_dict_close_write(&variant_iter, &iter_dict) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter))
-		goto nomem;
-
-	return TRUE;
-
-nomem:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	return FALSE;
-}
-
-
-/**
- * wpas_dbus_getter_state - Get interface state
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "State" property.
- */
-dbus_bool_t wpas_dbus_getter_state(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	const char *str_state;
-	char *state_ls, *tmp;
-	dbus_bool_t success = FALSE;
-
-	str_state = wpa_supplicant_state_txt(wpa_s->wpa_state);
-
-	/* make state string lowercase to fit new DBus API convention
-	 */
-	state_ls = tmp = os_strdup(str_state);
-	if (!tmp) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-	while (*tmp) {
-		*tmp = tolower(*tmp);
-		tmp++;
-	}
-
-	success = wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING,
-						   &state_ls, error);
-
-	os_free(state_ls);
-
-	return success;
-}
-
-
-/**
- * wpas_dbus_new_iface_get_scanning - Get interface scanning state
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "scanning" property.
- */
-dbus_bool_t wpas_dbus_getter_scanning(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&scanning, error);
-}
-
-
-/**
- * wpas_dbus_getter_ap_scan - Control roaming mode
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter function for "ApScan" property.
- */
-dbus_bool_t wpas_dbus_getter_ap_scan(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t ap_scan = wpa_s->conf->ap_scan;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32,
-						&ap_scan, error);
-}
-
-
-/**
- * wpas_dbus_setter_ap_scan - Control roaming mode
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter function for "ApScan" property.
- */
-dbus_bool_t wpas_dbus_setter_ap_scan(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t ap_scan;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_UINT32,
-					      &ap_scan))
-		return FALSE;
-
-	if (wpa_supplicant_set_ap_scan(wpa_s, ap_scan)) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "ap_scan must be 0, 1, or 2");
-		return FALSE;
-	}
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_fast_reauth - Control fast
- * reauthentication (TLS session resumption)
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter function for "FastReauth" property.
- */
-dbus_bool_t wpas_dbus_getter_fast_reauth(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_bool_t fast_reauth = wpa_s->conf->fast_reauth ? TRUE : FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&fast_reauth, error);
-}
-
-
-/**
- * wpas_dbus_setter_fast_reauth - Control fast
- * reauthentication (TLS session resumption)
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter function for "FastReauth" property.
- */
-dbus_bool_t wpas_dbus_setter_fast_reauth(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_bool_t fast_reauth;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
-					      &fast_reauth))
-		return FALSE;
-
-	wpa_s->conf->fast_reauth = fast_reauth;
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_disconnect_reason - Get most recent reason for disconnect
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "DisconnectReason" property.  The reason is negative if it is
- * locally generated.
- */
-dbus_bool_t wpas_dbus_getter_disconnect_reason(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_int32_t reason = wpa_s->disconnect_reason;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_INT32,
-						&reason, error);
-}
-
-
-/**
- * wpas_dbus_getter_auth_status_code - Get most recent auth status code
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "AuthStatusCode" property.
- */
-dbus_bool_t wpas_dbus_getter_auth_status_code(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_int32_t reason = wpa_s->auth_status_code;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_INT32,
-						&reason, error);
-}
-
-
-/**
- * wpas_dbus_getter_assoc_status_code - Get most recent failed assoc status code
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "AssocStatusCode" property.
- */
-dbus_bool_t wpas_dbus_getter_assoc_status_code(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_int32_t status_code = wpa_s->assoc_status_code;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_INT32,
-						&status_code, error);
-}
-
-
-/**
- * wpas_dbus_getter_roam_time - Get most recent roam time
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "RoamTime" property.
- */
-dbus_bool_t wpas_dbus_getter_roam_time(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t roam_time = wpa_s->roam_time.sec * 1000 +
-		wpa_s->roam_time.usec / 1000;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32,
-						&roam_time, error);
-}
-
-
-/**
- * wpas_dbus_getter_roam_complete - Get most recent roam success or failure
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "RoamComplete" property.
- */
-dbus_bool_t wpas_dbus_getter_roam_complete(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_bool_t roam_complete = os_reltime_initialized(&wpa_s->roam_time);
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&roam_complete, error);
-}
-
-
-/**
- * wpas_dbus_getter_session_length - Get most recent BSS session length
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "SessionLength" property.
- */
-dbus_bool_t wpas_dbus_getter_session_length(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t session_length = wpa_s->session_length.sec * 1000 +
-		wpa_s->session_length.usec / 1000;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32,
-						&session_length, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_tm_status - Get most BSS Transition Management request
- * status code
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "BSSTMStatus" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_tm_status(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_WNM
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t bss_tm_status = wpa_s->bss_tm_status;
-#else /* CONFIG_WNM */
-	dbus_uint32_t bss_tm_status = 0;
-#endif /* CONFIG_WNM */
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32,
-						&bss_tm_status, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_expire_age - Get BSS entry expiration age
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter function for "BSSExpireAge" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_expire_age(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t expire_age = wpa_s->conf->bss_expiration_age;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32,
-						&expire_age, error);
-}
-
-
-/**
- * wpas_dbus_setter_bss_expire_age - Control BSS entry expiration age
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter function for "BSSExpireAge" property.
- */
-dbus_bool_t wpas_dbus_setter_bss_expire_age(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t expire_age;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_UINT32,
-					      &expire_age))
-		return FALSE;
-
-	if (wpa_supplicant_set_bss_expiration_age(wpa_s, expire_age)) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "BSSExpireAge must be >= 10");
-		return FALSE;
-	}
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_bss_expire_count - Get BSS entry expiration scan count
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter function for "BSSExpireCount" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_expire_count(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t expire_count = wpa_s->conf->bss_expiration_scan_count;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32,
-						&expire_count, error);
-}
-
-
-/**
- * wpas_dbus_setter_bss_expire_count - Control BSS entry expiration scan count
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter function for "BSSExpireCount" property.
- */
-dbus_bool_t wpas_dbus_setter_bss_expire_count(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_uint32_t expire_count;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_UINT32,
-					      &expire_count))
-		return FALSE;
-
-	if (wpa_supplicant_set_bss_expiration_count(wpa_s, expire_count)) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "BSSExpireCount must be > 0");
-		return FALSE;
-	}
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_country - Control country code
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter function for "Country" property.
- */
-dbus_bool_t wpas_dbus_getter_country(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char country[3];
-	char *str = country;
-
-	country[0] = wpa_s->conf->country[0];
-	country[1] = wpa_s->conf->country[1];
-	country[2] = '\0';
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING,
-						&str, error);
-}
-
-
-/**
- * wpas_dbus_setter_country - Control country code
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter function for "Country" property.
- */
-dbus_bool_t wpas_dbus_setter_country(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	const char *country;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &country))
-		return FALSE;
-
-	if (!country[0] || !country[1]) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "invalid country code");
-		return FALSE;
-	}
-
-	if (wpa_s->drv_priv != NULL && wpa_drv_set_country(wpa_s, country)) {
-		wpa_printf(MSG_DEBUG, "Failed to set country");
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "failed to set country code");
-		return FALSE;
-	}
-
-	wpa_s->conf->country[0] = country[0];
-	wpa_s->conf->country[1] = country[1];
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_scan_interval - Get scan interval
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter function for "ScanInterval" property.
- */
-dbus_bool_t wpas_dbus_getter_scan_interval(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_int32_t scan_interval = wpa_s->scan_interval;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_INT32,
-						&scan_interval, error);
-}
-
-
-/**
- * wpas_dbus_setter_scan_interval - Control scan interval
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter function for "ScanInterval" property.
- */
-dbus_bool_t wpas_dbus_setter_scan_interval(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_int32_t scan_interval;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_INT32,
-					      &scan_interval))
-		return FALSE;
-
-	if (wpa_supplicant_set_scan_interval(wpa_s, scan_interval)) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "scan_interval must be >= 0");
-		return FALSE;
-	}
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_ifname - Get interface name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Ifname" property.
- */
-dbus_bool_t wpas_dbus_getter_ifname(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->ifname, error);
-}
-
-
-/**
- * wpas_dbus_getter_driver - Get interface name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Driver" property.
- */
-dbus_bool_t wpas_dbus_getter_driver(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	if (wpa_s->driver == NULL || wpa_s->driver->name == NULL) {
-		wpa_printf(MSG_DEBUG, "%s[dbus]: wpa_s has no driver set",
-			   __func__);
-		dbus_set_error(error, DBUS_ERROR_FAILED, "%s: no driver set",
-			       __func__);
-		return FALSE;
-	}
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->driver->name,
-						error);
-}
-
-
-/**
- * wpas_dbus_getter_current_bss - Get current bss object path
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "CurrentBSS" property.
- */
-dbus_bool_t wpas_dbus_getter_current_bss(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path = path_buf;
-
-	if (wpa_s->current_bss && wpa_s->dbus_new_path)
-		os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
-			    wpa_s->dbus_new_path, wpa_s->current_bss->id);
-	else
-		os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, "/");
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH,
-						&bss_obj_path, error);
-}
-
-
-/**
- * wpas_dbus_getter_current_network - Get current network object path
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "CurrentNetwork" property.
- */
-dbus_bool_t wpas_dbus_getter_current_network(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *net_obj_path = path_buf;
-
-	if (wpa_s->current_ssid && wpa_s->dbus_new_path)
-		os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
-			    wpa_s->dbus_new_path, wpa_s->current_ssid->id);
-	else
-		os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, "/");
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH,
-						&net_obj_path, error);
-}
-
-
-/**
- * wpas_dbus_getter_current_auth_mode - Get current authentication type
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "CurrentAuthMode" property.
- */
-dbus_bool_t wpas_dbus_getter_current_auth_mode(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	const char *eap_mode;
-	const char *auth_mode;
-	char eap_mode_buf[WPAS_DBUS_AUTH_MODE_MAX];
-
-	if (wpa_s->wpa_state != WPA_COMPLETED) {
-		auth_mode = "INACTIVE";
-	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		eap_mode = wpa_supplicant_get_eap_mode(wpa_s);
-		os_snprintf(eap_mode_buf, WPAS_DBUS_AUTH_MODE_MAX,
-			    "EAP-%s", eap_mode);
-		auth_mode = eap_mode_buf;
-
-	} else if (wpa_s->current_ssid) {
-		auth_mode = wpa_key_mgmt_txt(wpa_s->key_mgmt,
-					     wpa_s->current_ssid->proto);
-	} else {
-		auth_mode = "UNKNOWN";
-	}
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING,
-						&auth_mode, error);
-}
-
-
-/**
- * wpas_dbus_getter_bridge_ifname - Get interface name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "BridgeIfname" property.
- */
-dbus_bool_t wpas_dbus_getter_bridge_ifname(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->bridge_ifname,
-						error);
-}
-
-
-dbus_bool_t wpas_dbus_setter_bridge_ifname(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	const char *bridge_ifname = NULL;
-	const char *msg;
-	int r;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &bridge_ifname))
-		return FALSE;
-
-	r = wpa_supplicant_update_bridge_ifname(wpa_s, bridge_ifname);
-	if (r != 0) {
-		switch (r) {
-		case -EINVAL:
-			msg = "invalid interface name";
-			break;
-		case -EBUSY:
-			msg = "interface is busy";
-			break;
-		case -EIO:
-			msg = "socket error";
-			break;
-		default:
-			msg = "unknown error";
-			break;
-		}
-		dbus_set_error_const(error, DBUS_ERROR_FAILED, msg);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_config_file - Get interface configuration file path
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "ConfigFile" property.
- */
-dbus_bool_t wpas_dbus_getter_config_file(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->confname, error);
-}
-
-
-/**
- * wpas_dbus_getter_bsss - Get array of BSSs objects
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "BSSs" property.
- */
-dbus_bool_t wpas_dbus_getter_bsss(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_bss *bss;
-	char **paths;
-	unsigned int i = 0;
-	dbus_bool_t success = FALSE;
-
-	if (!wpa_s->dbus_new_path) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: no D-Bus interface", __func__);
-		return FALSE;
-	}
-
-	paths = os_calloc(wpa_s->num_bss, sizeof(char *));
-	if (!paths) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	/* Loop through scan results and append each result's object path */
-	dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
-		paths[i] = os_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
-		if (paths[i] == NULL) {
-			dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY,
-					     "no memory");
-			goto out;
-		}
-		/* Construct the object path for this BSS. */
-		os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
-			    wpa_s->dbus_new_path, bss->id);
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 paths, wpa_s->num_bss,
-							 error);
-
-out:
-	while (i)
-		os_free(paths[--i]);
-	os_free(paths);
-	return success;
-}
-
-
-/**
- * wpas_dbus_getter_networks - Get array of networks objects
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Networks" property.
- */
-dbus_bool_t wpas_dbus_getter_networks(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_ssid *ssid;
-	char **paths;
-	unsigned int i = 0, num = 0;
-	dbus_bool_t success = FALSE;
-
-	if (!wpa_s->dbus_new_path) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: no D-Bus interface", __func__);
-		return FALSE;
-	}
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
-		if (!network_is_persistent_group(ssid))
-			num++;
-
-	paths = os_calloc(num, sizeof(char *));
-	if (!paths) {
-		dbus_set_error(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	/* Loop through configured networks and append object path of each */
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (network_is_persistent_group(ssid))
-			continue;
-		paths[i] = os_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
-		if (paths[i] == NULL) {
-			dbus_set_error(error, DBUS_ERROR_NO_MEMORY,
-				       "no memory");
-			goto out;
-		}
-
-		/* Construct the object path for this network. */
-		os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%d",
-			    wpa_s->dbus_new_path, ssid->id);
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 paths, num, error);
-
-out:
-	while (i)
-		os_free(paths[--i]);
-	os_free(paths);
-	return success;
-}
-
-
-/**
- * wpas_dbus_getter_pkcs11_engine_path - Get PKCS #11 engine path
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: A dbus message containing the PKCS #11 engine path
- *
- * Getter for "PKCS11EnginePath" property.
- */
-dbus_bool_t wpas_dbus_getter_pkcs11_engine_path(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter,
-						wpa_s->conf->pkcs11_engine_path,
-						error);
-}
-
-
-/**
- * wpas_dbus_getter_pkcs11_module_path - Get PKCS #11 module path
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: A dbus message containing the PKCS #11 module path
- *
- * Getter for "PKCS11ModulePath" property.
- */
-dbus_bool_t wpas_dbus_getter_pkcs11_module_path(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter,
-						wpa_s->conf->pkcs11_module_path,
-						error);
-}
-
-
-/**
- * wpas_dbus_getter_blobs - Get all blobs defined for this interface
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Blobs" property.
- */
-dbus_bool_t wpas_dbus_getter_blobs(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	DBusMessageIter variant_iter, dict_iter, entry_iter, array_iter;
-	struct wpa_config_blob *blob;
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      "a{say}", &variant_iter) ||
-	    !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY,
-					      "{say}", &dict_iter)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	blob = wpa_s->conf->blobs;
-	while (blob) {
-		if (!dbus_message_iter_open_container(&dict_iter,
-						      DBUS_TYPE_DICT_ENTRY,
-						      NULL, &entry_iter) ||
-		    !dbus_message_iter_append_basic(&entry_iter,
-						    DBUS_TYPE_STRING,
-						    &(blob->name)) ||
-		    !dbus_message_iter_open_container(&entry_iter,
-						      DBUS_TYPE_ARRAY,
-						      DBUS_TYPE_BYTE_AS_STRING,
-						      &array_iter) ||
-		    !dbus_message_iter_append_fixed_array(&array_iter,
-							  DBUS_TYPE_BYTE,
-							  &(blob->data),
-							  blob->len) ||
-		    !dbus_message_iter_close_container(&entry_iter,
-						       &array_iter) ||
-		    !dbus_message_iter_close_container(&dict_iter,
-						       &entry_iter)) {
-			dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY,
-					     "no memory");
-			return FALSE;
-		}
-
-		blob = blob->next;
-	}
-
-	if (!dbus_message_iter_close_container(&variant_iter, &dict_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_iface_global(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	int ret;
-	char buf[250];
-	char *p = buf;
-
-	if (!property_desc->data) {
-		dbus_set_error(error, DBUS_ERROR_INVALID_ARGS,
-			       "Unhandled interface property %s",
-			       property_desc->dbus_property);
-		return FALSE;
-	}
-
-	ret = wpa_config_get_value(property_desc->data, wpa_s->conf, buf,
-				   sizeof(buf));
-	if (ret < 0)
-		*p = '\0';
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &p,
-						error);
-}
-
-
-dbus_bool_t wpas_dbus_setter_iface_global(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	const char *new_value = NULL;
-	char buf[250];
-	size_t combined_len;
-	int ret;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &new_value))
-		return FALSE;
-
-	combined_len = os_strlen(property_desc->data) + os_strlen(new_value) +
-		3;
-	if (combined_len >= sizeof(buf)) {
-		dbus_set_error(error, DBUS_ERROR_INVALID_ARGS,
-			       "Interface property %s value too large",
-			       property_desc->dbus_property);
-		return FALSE;
-	}
-
-	if (!new_value[0])
-		new_value = "NULL";
-
-	ret = os_snprintf(buf, combined_len, "%s=%s", property_desc->data,
-			  new_value);
-	if (os_snprintf_error(combined_len, ret)) {
-		dbus_set_error(error,  WPAS_DBUS_ERROR_UNKNOWN_ERROR,
-			       "Failed to construct new interface property %s",
-			       property_desc->dbus_property);
-		return FALSE;
-	}
-
-	ret = wpa_config_process_global(wpa_s->conf, buf, -1);
-	if (ret < 0) {
-		dbus_set_error(error, DBUS_ERROR_INVALID_ARGS,
-			       "Failed to set interface property %s",
-			       property_desc->dbus_property);
-		return FALSE;
-	} else if (ret == 0) {
-		wpa_supplicant_update_config(wpa_s);
-	}
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_stas - Get connected stations for an interface
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: a list of stations
- *
- * Getter for "Stations" property.
- */
-dbus_bool_t wpas_dbus_getter_stas(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct sta_info *sta = NULL;
-	char **paths = NULL;
-	unsigned int i = 0, num = 0;
-	dbus_bool_t success = FALSE;
-
-	if (!wpa_s->dbus_new_path) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: no D-Bus interface", __func__);
-		return FALSE;
-	}
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		struct hostapd_data *hapd;
-
-		hapd = wpa_s->ap_iface->bss[0];
-		sta = hapd->sta_list;
-		num = hapd->num_sta;
-	}
-#endif /* CONFIG_AP */
-
-	paths = os_calloc(num, sizeof(char *));
-	if (!paths) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	/* Loop through scan results and append each result's object path */
-	for (; sta; sta = sta->next) {
-		paths[i] = os_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
-		if (!paths[i]) {
-			dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY,
-					     "no memory");
-			goto out;
-		}
-		/* Construct the object path for this BSS. */
-		os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_STAS_PART "/" COMPACT_MACSTR,
-			    wpa_s->dbus_new_path, MAC2STR(sta->addr));
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 paths, num,
-							 error);
-
-out:
-	while (i)
-		os_free(paths[--i]);
-	os_free(paths);
-	return success;
-}
-
-
-/**
- * wpas_dbus_setter_mac_address_randomization_mask - Set masks used for
- * MAC address randomization
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "MACAddressRandomizationMask" property.
- */
-dbus_bool_t wpas_dbus_setter_mac_address_randomization_mask(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	DBusMessageIter variant_iter, dict_iter, entry_iter, array_iter;
-	const char *key;
-	unsigned int rand_type = 0;
-	const u8 *mask;
-	int mask_len;
-	unsigned int rand_types_to_disable = MAC_ADDR_RAND_ALL;
-
-	dbus_message_iter_recurse(iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != DBUS_TYPE_ARRAY) {
-		dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-				     "invalid message format");
-		return FALSE;
-	}
-	dbus_message_iter_recurse(&variant_iter, &dict_iter);
-	while (dbus_message_iter_get_arg_type(&dict_iter) ==
-	       DBUS_TYPE_DICT_ENTRY) {
-		dbus_message_iter_recurse(&dict_iter, &entry_iter);
-		if (dbus_message_iter_get_arg_type(&entry_iter) !=
-		    DBUS_TYPE_STRING) {
-			dbus_set_error(error, DBUS_ERROR_FAILED,
-				       "%s: key not a string", __func__);
-			return FALSE;
-		}
-		dbus_message_iter_get_basic(&entry_iter, &key);
-		dbus_message_iter_next(&entry_iter);
-		if (dbus_message_iter_get_arg_type(&entry_iter) !=
-		    DBUS_TYPE_ARRAY ||
-		    dbus_message_iter_get_element_type(&entry_iter) !=
-		    DBUS_TYPE_BYTE) {
-			dbus_set_error(error, DBUS_ERROR_FAILED,
-				       "%s: mask was not a byte array",
-				       __func__);
-			return FALSE;
-		}
-		dbus_message_iter_recurse(&entry_iter, &array_iter);
-		dbus_message_iter_get_fixed_array(&array_iter, &mask,
-						  &mask_len);
-
-		if (os_strcmp(key, "scan") == 0) {
-			rand_type = MAC_ADDR_RAND_SCAN;
-		} else if (os_strcmp(key, "sched_scan") == 0) {
-			rand_type = MAC_ADDR_RAND_SCHED_SCAN;
-		} else if (os_strcmp(key, "pno") == 0) {
-			rand_type = MAC_ADDR_RAND_PNO;
-		} else {
-			dbus_set_error(error, DBUS_ERROR_FAILED,
-				       "%s: bad scan type \"%s\"",
-				       __func__, key);
-			return FALSE;
-		}
-
-		if (mask_len != ETH_ALEN) {
-			dbus_set_error(error, DBUS_ERROR_FAILED,
-				       "%s: malformed MAC mask given",
-				       __func__);
-			return FALSE;
-		}
-
-		if (wpas_enable_mac_addr_randomization(
-			    wpa_s, rand_type, wpa_s->perm_addr, mask)) {
-			dbus_set_error(error, DBUS_ERROR_FAILED,
-				       "%s: failed to set up MAC address randomization for %s",
-				       __func__, key);
-			return FALSE;
-		}
-
-		wpa_printf(MSG_DEBUG,
-			   "%s: Enabled MAC address randomization for %s with mask: "
-			   MACSTR, wpa_s->ifname, key, MAC2STR(mask));
-		rand_types_to_disable &= ~rand_type;
-		dbus_message_iter_next(&dict_iter);
-	}
-
-	if (rand_types_to_disable &&
-	    wpas_disable_mac_addr_randomization(wpa_s, rand_types_to_disable)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to disable MAC address randomization",
-			       __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_mac_address_randomization_mask(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	DBusMessageIter variant_iter, dict_iter, entry_iter, array_iter;
-	unsigned int i;
-	u8 mask_buf[ETH_ALEN];
-	/* Read docs on dbus_message_iter_append_fixed_array() for why this
-	 * is necessary... */
-	u8 *mask = mask_buf;
-	static const struct {
-		const char *key;
-		unsigned int type;
-	} types[] = {
-		{ "scan", MAC_ADDR_RAND_SCAN },
-		{ "sched_scan", MAC_ADDR_RAND_SCHED_SCAN },
-		{ "pno", MAC_ADDR_RAND_PNO }
-	};
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      "a{say}", &variant_iter) ||
-	    !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY,
-					      "{say}", &dict_iter)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	for (i = 0; i < ARRAY_SIZE(types); i++) {
-		if (wpas_mac_addr_rand_scan_get_mask(wpa_s, types[i].type,
-						     mask))
-			continue;
-
-		if (!dbus_message_iter_open_container(&dict_iter,
-						      DBUS_TYPE_DICT_ENTRY,
-						      NULL, &entry_iter) ||
-		    !dbus_message_iter_append_basic(&entry_iter,
-						    DBUS_TYPE_STRING,
-						    &types[i].key) ||
-		    !dbus_message_iter_open_container(&entry_iter,
-						      DBUS_TYPE_ARRAY,
-						      DBUS_TYPE_BYTE_AS_STRING,
-						      &array_iter) ||
-		    !dbus_message_iter_append_fixed_array(&array_iter,
-							  DBUS_TYPE_BYTE,
-							  &mask,
-							  ETH_ALEN) ||
-		    !dbus_message_iter_close_container(&entry_iter,
-						       &array_iter) ||
-		    !dbus_message_iter_close_container(&dict_iter,
-						       &entry_iter)) {
-			dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY,
-					     "no memory");
-			return FALSE;
-		}
-	}
-
-	if (!dbus_message_iter_close_container(&variant_iter, &dict_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_sta_address - Return the address of a connected station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Address" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_address(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-
-	sta = ap_get_sta(args->wpa_s->ap_iface->bss[0], args->sta);
-	if (!sta)
-		return FALSE;
-
-	return wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						      sta->addr, ETH_ALEN,
-						      error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-/**
- * wpas_dbus_getter_sta_aid - Return the AID of a connected station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "AID" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_aid(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-
-	sta = ap_get_sta(args->wpa_s->ap_iface->bss[0], args->sta);
-	if (!sta)
-		return FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT16,
-						&sta->aid,
-						error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-/**
- * wpas_dbus_getter_sta_caps - Return the capabilities of a station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Capabilities" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_caps(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-
-	sta = ap_get_sta(args->wpa_s->ap_iface->bss[0], args->sta);
-	if (!sta)
-		return FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT16,
-						&sta->capability,
-						error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-/**
- * wpas_dbus_getter_rx_packets - Return the received packets for a station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "RxPackets" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_rx_packets(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-	struct hostap_sta_driver_data data;
-	struct hostapd_data *hapd;
-
-	if (!args->wpa_s->ap_iface)
-		return FALSE;
-
-	hapd = args->wpa_s->ap_iface->bss[0];
-	sta = ap_get_sta(hapd, args->sta);
-	if (!sta)
-		return FALSE;
-
-	if (hostapd_drv_read_sta_data(hapd, &data, sta->addr) < 0)
-		return FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT64,
-						&data.rx_packets,
-						error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-/**
- * wpas_dbus_getter_tx_packets - Return the transmitted packets for a station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "TxPackets" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_tx_packets(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-	struct hostap_sta_driver_data data;
-	struct hostapd_data *hapd;
-
-	if (!args->wpa_s->ap_iface)
-		return FALSE;
-
-	hapd = args->wpa_s->ap_iface->bss[0];
-	sta = ap_get_sta(hapd, args->sta);
-	if (!sta)
-		return FALSE;
-
-	if (hostapd_drv_read_sta_data(hapd, &data, sta->addr) < 0)
-		return FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT64,
-						&data.tx_packets,
-						error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-/**
- * wpas_dbus_getter_tx_bytes - Return the transmitted bytes for a station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "TxBytes" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_tx_bytes(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-	struct hostap_sta_driver_data data;
-	struct hostapd_data *hapd;
-
-	if (!args->wpa_s->ap_iface)
-		return FALSE;
-
-	hapd = args->wpa_s->ap_iface->bss[0];
-	sta = ap_get_sta(hapd, args->sta);
-	if (!sta)
-		return FALSE;
-
-	if (hostapd_drv_read_sta_data(hapd, &data, sta->addr) < 0)
-		return FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT64,
-						&data.tx_bytes,
-						error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-/**
- * wpas_dbus_getter_rx_bytes - Return the received bytes for a station
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "RxBytes" property.
- */
-dbus_bool_t wpas_dbus_getter_sta_rx_bytes(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-#ifdef CONFIG_AP
-	struct sta_handler_args *args = user_data;
-	struct sta_info *sta;
-	struct hostap_sta_driver_data data;
-	struct hostapd_data *hapd;
-
-	if (!args->wpa_s->ap_iface)
-		return FALSE;
-
-	hapd = args->wpa_s->ap_iface->bss[0];
-	sta = ap_get_sta(hapd, args->sta);
-	if (!sta)
-		return FALSE;
-
-	if (hostapd_drv_read_sta_data(hapd, &data, sta->addr) < 0)
-		return FALSE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT64,
-						&data.rx_bytes,
-						error);
-#else /* CONFIG_AP */
-    return FALSE;
-#endif /* CONFIG_AP */
-}
-
-
-static struct wpa_bss * get_bss_helper(struct bss_handler_args *args,
-				       DBusError *error, const char *func_name)
-{
-	struct wpa_bss *res = wpa_bss_get_id(args->wpa_s, args->id);
-
-	if (!res) {
-		wpa_printf(MSG_ERROR, "%s[dbus]: no bss with id %d found",
-			   func_name, args->id);
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: BSS %d not found",
-			       func_name, args->id);
-	}
-
-	return res;
-}
-
-
-/**
- * wpas_dbus_getter_bss_bssid - Return the BSSID of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "BSSID" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_bssid(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	return wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						      res->bssid, ETH_ALEN,
-						      error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_ssid - Return the SSID of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "SSID" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_ssid(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	return wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						      res->ssid, res->ssid_len,
-						      error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_privacy - Return the privacy flag of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Privacy" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_privacy(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	dbus_bool_t privacy;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	privacy = (res->caps & IEEE80211_CAP_PRIVACY) ? TRUE : FALSE;
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&privacy, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_mode - Return the mode of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Mode" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_mode(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	const char *mode;
-	const u8 *mesh;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-	if (bss_is_dmg(res)) {
-		switch (res->caps & IEEE80211_CAP_DMG_MASK) {
-		case IEEE80211_CAP_DMG_PBSS:
-		case IEEE80211_CAP_DMG_IBSS:
-			mode = "ad-hoc";
-			break;
-		case IEEE80211_CAP_DMG_AP:
-			mode = "infrastructure";
-			break;
-		default:
-			mode = "";
-			break;
-		}
-	} else {
-		mesh = wpa_bss_get_ie(res, WLAN_EID_MESH_ID);
-		if (mesh)
-			mode = "mesh";
-		else if (res->caps & IEEE80211_CAP_IBSS)
-			mode = "ad-hoc";
-		else
-			mode = "infrastructure";
-	}
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING,
-						&mode, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_level - Return the signal strength of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Level" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_signal(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	s16 level;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	level = (s16) res->level;
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_INT16,
-						&level, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_frequency - Return the frequency of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Frequency" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_frequency(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	u16 freq;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	freq = (u16) res->freq;
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT16,
-						&freq, error);
-}
-
-
-static int cmp_u8s_desc(const void *a, const void *b)
-{
-	return (*(u8 *) b - *(u8 *) a);
-}
-
-
-/**
- * wpas_dbus_getter_bss_rates - Return available bit rates of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Rates" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_rates(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	u8 *ie_rates = NULL;
-	u32 *real_rates;
-	int rates_num, i;
-	dbus_bool_t success = FALSE;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	rates_num = wpa_bss_get_bit_rates(res, &ie_rates);
-	if (rates_num < 0)
-		return FALSE;
-
-	qsort(ie_rates, rates_num, 1, cmp_u8s_desc);
-
-	real_rates = os_malloc(sizeof(u32) * rates_num);
-	if (!real_rates) {
-		os_free(ie_rates);
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	for (i = 0; i < rates_num; i++)
-		real_rates[i] = ie_rates[i] * 500000;
-
-	success = wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_UINT32,
-							 real_rates, rates_num,
-							 error);
-
-	os_free(ie_rates);
-	os_free(real_rates);
-	return success;
-}
-
-
-static dbus_bool_t wpas_dbus_get_bss_security_prop(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, struct wpa_ie_data *ie_data, DBusError *error)
-{
-	DBusMessageIter iter_dict, variant_iter;
-	const char *group;
-	const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
-	const char *key_mgmt[16]; /* max 16 key managements may be supported */
-	int n;
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      "a{sv}", &variant_iter))
-		goto nomem;
-
-	if (!wpa_dbus_dict_open_write(&variant_iter, &iter_dict))
-		goto nomem;
-
-	/*
-	 * KeyMgmt
-	 *
-	 * When adding a new entry here, please take care to extend key_mgmt[]
-	 * and keep documentation in doc/dbus.doxygen up to date.
-	 */
-	n = 0;
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_PSK)
-		key_mgmt[n++] = "wpa-psk";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_PSK)
-		key_mgmt[n++] = "wpa-ft-psk";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
-		key_mgmt[n++] = "wpa-psk-sha256";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X)
-		key_mgmt[n++] = "wpa-eap";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
-		key_mgmt[n++] = "wpa-ft-eap";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
-		key_mgmt[n++] = "wpa-eap-sha256";
-#ifdef CONFIG_SUITEB
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
-		key_mgmt[n++] = "wpa-eap-suite-b";
-#endif /* CONFIG_SUITEB */
-#ifdef CONFIG_SUITEB192
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
-		key_mgmt[n++] = "wpa-eap-suite-b-192";
-#endif /* CONFIG_SUITEB192 */
-#ifdef CONFIG_FILS
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
-		key_mgmt[n++] = "wpa-fils-sha256";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
-		key_mgmt[n++] = "wpa-fils-sha384";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
-		key_mgmt[n++] = "wpa-ft-fils-sha256";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
-		key_mgmt[n++] = "wpa-ft-fils-sha384";
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_SAE
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_SAE)
-		key_mgmt[n++] = "sae";
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_SAE)
-		key_mgmt[n++] = "ft-sae";
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_OWE
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_OWE)
-		key_mgmt[n++] = "owe";
-#endif /* CONFIG_OWE */
-	if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
-		key_mgmt[n++] = "wpa-none";
-
-	if (!wpa_dbus_dict_append_string_array(&iter_dict, "KeyMgmt",
-					       key_mgmt, n))
-		goto nomem;
-
-	/* Group */
-	switch (ie_data->group_cipher) {
-#ifdef CONFIG_WEP
-	case WPA_CIPHER_WEP40:
-		group = "wep40";
-		break;
-	case WPA_CIPHER_WEP104:
-		group = "wep104";
-		break;
-#endif /* CONFIG_WEP */
-#ifndef CONFIG_NO_TKIP
-	case WPA_CIPHER_TKIP:
-		group = "tkip";
-		break;
-#endif /* CONFIG_NO_TKIP */
-	case WPA_CIPHER_CCMP:
-		group = "ccmp";
-		break;
-	case WPA_CIPHER_GCMP:
-		group = "gcmp";
-		break;
-	case WPA_CIPHER_CCMP_256:
-		group = "ccmp-256";
-		break;
-	case WPA_CIPHER_GCMP_256:
-		group = "gcmp-256";
-		break;
-	default:
-		group = "";
-		break;
-	}
-
-	if (!wpa_dbus_dict_append_string(&iter_dict, "Group", group))
-		goto nomem;
-
-	/* Pairwise */
-	n = 0;
-#ifndef CONFIG_NO_TKIP
-	if (ie_data->pairwise_cipher & WPA_CIPHER_TKIP)
-		pairwise[n++] = "tkip";
-#endif /* CONFIG_NO_TKIP */
-	if (ie_data->pairwise_cipher & WPA_CIPHER_CCMP)
-		pairwise[n++] = "ccmp";
-	if (ie_data->pairwise_cipher & WPA_CIPHER_GCMP)
-		pairwise[n++] = "gcmp";
-	if (ie_data->pairwise_cipher & WPA_CIPHER_CCMP_256)
-		pairwise[n++] = "ccmp-256";
-	if (ie_data->pairwise_cipher & WPA_CIPHER_GCMP_256)
-		pairwise[n++] = "gcmp-256";
-
-	if (!wpa_dbus_dict_append_string_array(&iter_dict, "Pairwise",
-					       pairwise, n))
-		goto nomem;
-
-	/* Management group (RSN only) */
-	if (ie_data->proto == WPA_PROTO_RSN) {
-		switch (ie_data->mgmt_group_cipher) {
-		case WPA_CIPHER_AES_128_CMAC:
-			group = "aes128cmac";
-			break;
-		default:
-			group = "";
-			break;
-		}
-
-		if (!wpa_dbus_dict_append_string(&iter_dict, "MgmtGroup",
-						 group))
-			goto nomem;
-	}
-
-	if (!wpa_dbus_dict_close_write(&variant_iter, &iter_dict) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter))
-		goto nomem;
-
-	return TRUE;
-
-nomem:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	return FALSE;
-}
-
-
-/**
- * wpas_dbus_getter_bss_wpa - Return the WPA options of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "WPA" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_wpa(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	struct wpa_ie_data wpa_data;
-	const u8 *ie;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	os_memset(&wpa_data, 0, sizeof(wpa_data));
-	ie = wpa_bss_get_vendor_ie(res, WPA_IE_VENDOR_TYPE);
-	if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &wpa_data) < 0) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "failed to parse WPA IE");
-		return FALSE;
-	}
-
-	return wpas_dbus_get_bss_security_prop(property_desc, iter, &wpa_data, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_rsn - Return the RSN options of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "RSN" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_rsn(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	struct wpa_ie_data wpa_data;
-	const u8 *ie;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	os_memset(&wpa_data, 0, sizeof(wpa_data));
-	ie = wpa_bss_get_ie(res, WLAN_EID_RSN);
-	if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &wpa_data) < 0) {
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "failed to parse RSN IE");
-		return FALSE;
-	}
-
-	return wpas_dbus_get_bss_security_prop(property_desc, iter, &wpa_data, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_wps - Return the WPS options of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "WPS" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_wps(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-#ifdef CONFIG_WPS
-	struct wpabuf *wps_ie;
-#endif /* CONFIG_WPS */
-	DBusMessageIter iter_dict, variant_iter;
-	int wps_support = 0;
-	const char *type = "";
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      "a{sv}", &variant_iter) ||
-	    !wpa_dbus_dict_open_write(&variant_iter, &iter_dict))
-		goto nomem;
-
-#ifdef CONFIG_WPS
-	wps_ie = wpa_bss_get_vendor_ie_multi(res, WPS_IE_VENDOR_TYPE);
-	if (wps_ie) {
-		wps_support = 1;
-		if (wps_is_selected_pbc_registrar(wps_ie))
-			type = "pbc";
-		else if (wps_is_selected_pin_registrar(wps_ie))
-			type = "pin";
-
-		wpabuf_free(wps_ie);
-	}
-#endif /* CONFIG_WPS */
-
-	if ((wps_support && !wpa_dbus_dict_append_string(&iter_dict, "Type", type)) ||
-	    !wpa_dbus_dict_close_write(&variant_iter, &iter_dict) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter))
-		goto nomem;
-
-	return TRUE;
-
-nomem:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	return FALSE;
-}
-
-
-/**
- * wpas_dbus_getter_bss_ies - Return all IEs of a BSS
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "IEs" property.
- */
-dbus_bool_t wpas_dbus_getter_bss_ies(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	return wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						      wpa_bss_ie_ptr(res),
-						      res->ie_len, error);
-}
-
-
-/**
- * wpas_dbus_getter_bss_age - Return time in seconds since BSS was last seen
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for BSS age
- */
-dbus_bool_t wpas_dbus_getter_bss_age(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct bss_handler_args *args = user_data;
-	struct wpa_bss *res;
-	struct os_reltime now, diff = { 0, 0 };
-	u32 age;
-
-	res = get_bss_helper(args, error, __func__);
-	if (!res)
-		return FALSE;
-
-	os_get_reltime(&now);
-	os_reltime_sub(&now, &res->last_update, &diff);
-	age = diff.sec > 0 ? diff.sec : 0;
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT32, &age,
-						error);
-}
-
-
-/**
- * wpas_dbus_getter_enabled - Check whether network is enabled or disabled
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "enabled" property of a configured network.
- */
-dbus_bool_t wpas_dbus_getter_enabled(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct network_handler_args *net = user_data;
-	dbus_bool_t enabled = net->ssid->disabled ? FALSE : TRUE;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&enabled, error);
-}
-
-
-/**
- * wpas_dbus_setter_enabled - Mark a configured network as enabled or disabled
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "Enabled" property of a configured network.
- */
-dbus_bool_t wpas_dbus_setter_enabled(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct network_handler_args *net = user_data;
-	struct wpa_supplicant *wpa_s;
-	struct wpa_ssid *ssid;
-	dbus_bool_t enable;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
-					      &enable))
-		return FALSE;
-
-	wpa_s = net->wpa_s;
-	ssid = net->ssid;
-
-	if (enable)
-		wpa_supplicant_enable_network(wpa_s, ssid);
-	else
-		wpa_supplicant_disable_network(wpa_s, ssid);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_network_properties - Get options for a configured network
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Properties" property of a configured network.
- */
-dbus_bool_t wpas_dbus_getter_network_properties(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct network_handler_args *net = user_data;
-	DBusMessageIter	variant_iter, dict_iter;
-	char **iterator;
-	char **props = wpa_config_get_all(net->ssid, 1);
-	dbus_bool_t success = FALSE;
-
-	if (!props) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT, "a{sv}",
-					      &variant_iter) ||
-	    !wpa_dbus_dict_open_write(&variant_iter, &dict_iter)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		goto out;
-	}
-
-	iterator = props;
-	while (*iterator) {
-		if (!wpa_dbus_dict_append_string(&dict_iter, *iterator,
-						 *(iterator + 1))) {
-			dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY,
-					     "no memory");
-			goto out;
-		}
-		iterator += 2;
-	}
-
-
-	if (!wpa_dbus_dict_close_write(&variant_iter, &dict_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		goto out;
-	}
-
-	success = TRUE;
-
-out:
-	iterator = props;
-	while (*iterator) {
-		os_free(*iterator);
-		iterator++;
-	}
-	os_free(props);
-	return success;
-}
-
-
-/**
- * wpas_dbus_setter_network_properties - Set options for a configured network
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "Properties" property of a configured network.
- */
-dbus_bool_t wpas_dbus_setter_network_properties(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct network_handler_args *net = user_data;
-	struct wpa_ssid *ssid = net->ssid;
-	DBusMessageIter	variant_iter;
-
-	dbus_message_iter_recurse(iter, &variant_iter);
-	return set_network_properties(net->wpa_s, ssid, &variant_iter, error);
-}
-
-
-#ifdef CONFIG_AP
-
-DBusMessage * wpas_dbus_handler_subscribe_preq(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	struct wpas_dbus_priv *priv = wpa_s->global->dbus;
-	char *name;
-
-	if (wpa_s->preq_notify_peer != NULL) {
-		if (os_strcmp(dbus_message_get_sender(message),
-			      wpa_s->preq_notify_peer) == 0)
-			return NULL;
-
-		return dbus_message_new_error(message,
-			WPAS_DBUS_ERROR_SUBSCRIPTION_IN_USE,
-			"Another application is already subscribed");
-	}
-
-	name = os_strdup(dbus_message_get_sender(message));
-	if (!name)
-		return wpas_dbus_error_no_memory(message);
-
-	wpa_s->preq_notify_peer = name;
-
-	/* Subscribe to clean up if application closes socket */
-	wpas_dbus_subscribe_noc(priv);
-
-	/*
-	 * Double-check it's still alive to make sure that we didn't
-	 * miss the NameOwnerChanged signal, e.g. while strdup'ing.
-	 */
-	if (!dbus_bus_name_has_owner(priv->con, name, NULL)) {
-		/*
-		 * Application no longer exists, clean up.
-		 * The return value is irrelevant now.
-		 *
-		 * Need to check if the NameOwnerChanged handling
-		 * already cleaned up because we have processed
-		 * DBus messages while checking if the name still
-		 * has an owner.
-		 */
-		if (!wpa_s->preq_notify_peer)
-			return NULL;
-		os_free(wpa_s->preq_notify_peer);
-		wpa_s->preq_notify_peer = NULL;
-		wpas_dbus_unsubscribe_noc(priv);
-	}
-
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_unsubscribe_preq(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	struct wpas_dbus_priv *priv = wpa_s->global->dbus;
-
-	if (!wpa_s->preq_notify_peer)
-		return dbus_message_new_error(message,
-			WPAS_DBUS_ERROR_NO_SUBSCRIPTION,
-			"Not subscribed");
-
-	if (os_strcmp(wpa_s->preq_notify_peer,
-		      dbus_message_get_sender(message)))
-		return dbus_message_new_error(message,
-			WPAS_DBUS_ERROR_SUBSCRIPTION_EPERM,
-			"Can't unsubscribe others");
-
-	os_free(wpa_s->preq_notify_peer);
-	wpa_s->preq_notify_peer = NULL;
-	wpas_dbus_unsubscribe_noc(priv);
-	return NULL;
-}
-
-
-void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
-			   const u8 *addr, const u8 *dst, const u8 *bssid,
-			   const u8 *ie, size_t ie_len, u32 ssi_signal)
-{
-	DBusMessage *msg;
-	DBusMessageIter iter, dict_iter;
-	struct wpas_dbus_priv *priv = wpa_s->global->dbus;
-
-	/* Do nothing if the control interface is not turned on */
-	if (priv == NULL || !wpa_s->dbus_new_path)
-		return;
-
-	if (wpa_s->preq_notify_peer == NULL)
-		return;
-
-	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
-				      WPAS_DBUS_NEW_IFACE_INTERFACE,
-				      "ProbeRequest");
-	if (msg == NULL)
-		return;
-
-	dbus_message_set_destination(msg, wpa_s->preq_notify_peer);
-
-	dbus_message_iter_init_append(msg, &iter);
-
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    (addr && !wpa_dbus_dict_append_byte_array(&dict_iter, "addr",
-						      (const char *) addr,
-						      ETH_ALEN)) ||
-	    (dst && !wpa_dbus_dict_append_byte_array(&dict_iter, "dst",
-						     (const char *) dst,
-						     ETH_ALEN)) ||
-	    (bssid && !wpa_dbus_dict_append_byte_array(&dict_iter, "bssid",
-						       (const char *) bssid,
-						       ETH_ALEN)) ||
-	    (ie && ie_len && !wpa_dbus_dict_append_byte_array(&dict_iter, "ies",
-							      (const char *) ie,
-							      ie_len)) ||
-	    (ssi_signal && !wpa_dbus_dict_append_int32(&dict_iter, "signal",
-						       ssi_signal)) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
-		goto fail;
-
-	dbus_connection_send(priv->con, msg, NULL);
-	goto out;
-fail:
-	wpa_printf(MSG_ERROR, "dbus: Failed to construct signal");
-out:
-	dbus_message_unref(msg);
-}
-
-#endif /* CONFIG_AP */
-
-
-DBusMessage * wpas_dbus_handler_vendor_elem_add(DBusMessage *message,
-						struct wpa_supplicant *wpa_s)
-{
-	u8 *ielems;
-	int len;
-	struct ieee802_11_elems elems;
-	dbus_int32_t frame_id;
-	DBusMessageIter	iter, array;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &frame_id);
-	if (frame_id < 0 || frame_id >= NUM_VENDOR_ELEM_FRAMES) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Invalid ID");
-	}
-
-	dbus_message_iter_next(&iter);
-	dbus_message_iter_recurse(&iter, &array);
-	dbus_message_iter_get_fixed_array(&array, &ielems, &len);
-	if (!ielems || len == 0) {
-		return dbus_message_new_error(
-			message, DBUS_ERROR_INVALID_ARGS, "Invalid value");
-	}
-
-	if (ieee802_11_parse_elems(ielems, len, &elems, 0) == ParseFailed) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Parse error");
-	}
-
-	wpa_s = wpas_vendor_elem(wpa_s, frame_id);
-	if (!wpa_s->vendor_elem[frame_id]) {
-		wpa_s->vendor_elem[frame_id] = wpabuf_alloc_copy(ielems, len);
-		wpas_vendor_elem_update(wpa_s);
-		return NULL;
-	}
-
-	if (wpabuf_resize(&wpa_s->vendor_elem[frame_id], len) < 0) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Resize error");
-	}
-
-	wpabuf_put_data(wpa_s->vendor_elem[frame_id], ielems, len);
-	wpas_vendor_elem_update(wpa_s);
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_vendor_elem_get(DBusMessage *message,
-						struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply;
-	DBusMessageIter	iter, array_iter;
-	dbus_int32_t frame_id;
-	const u8 *elem;
-	size_t elem_len;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &frame_id);
-
-	if (frame_id < 0 || frame_id >= NUM_VENDOR_ELEM_FRAMES) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Invalid ID");
-	}
-
-	wpa_s = wpas_vendor_elem(wpa_s, frame_id);
-	if (!wpa_s->vendor_elem[frame_id]) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "ID value does not exist");
-	}
-
-	reply = dbus_message_new_method_return(message);
-	if (!reply)
-		return wpas_dbus_error_no_memory(message);
-
-	dbus_message_iter_init_append(reply, &iter);
-
-	elem = wpabuf_head_u8(wpa_s->vendor_elem[frame_id]);
-	elem_len = wpabuf_len(wpa_s->vendor_elem[frame_id]);
-
-	if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY,
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &array_iter) ||
-	    !dbus_message_iter_append_fixed_array(&array_iter, DBUS_TYPE_BYTE,
-						  &elem, elem_len) ||
-	    !dbus_message_iter_close_container(&iter, &array_iter)) {
-		dbus_message_unref(reply);
-		reply = wpas_dbus_error_no_memory(message);
-	}
-
-	return reply;
-}
-
-
-DBusMessage * wpas_dbus_handler_vendor_elem_remove(DBusMessage *message,
-						   struct wpa_supplicant *wpa_s)
-{
-	u8 *ielems;
-	int len;
-	struct ieee802_11_elems elems;
-	DBusMessageIter	iter, array;
-	dbus_int32_t frame_id;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &frame_id);
-	if (frame_id < 0 || frame_id >= NUM_VENDOR_ELEM_FRAMES) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Invalid ID");
-	}
-
-	dbus_message_iter_next(&iter);
-	dbus_message_iter_recurse(&iter, &array);
-	dbus_message_iter_get_fixed_array(&array, &ielems, &len);
-	if (!ielems || len == 0) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Invalid value");
-	}
-
-	wpa_s = wpas_vendor_elem(wpa_s, frame_id);
-
-	if (len == 1 && *ielems == '*') {
-		wpabuf_free(wpa_s->vendor_elem[frame_id]);
-		wpa_s->vendor_elem[frame_id] = NULL;
-		wpas_vendor_elem_update(wpa_s);
-		return NULL;
-	}
-
-	if (!wpa_s->vendor_elem[frame_id]) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "ID value does not exist");
-	}
-
-	if (ieee802_11_parse_elems(ielems, len, &elems, 0) == ParseFailed) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Parse error");
-	}
-
-	if (wpas_vendor_elem_remove(wpa_s, frame_id, ielems, len) == 0)
-		return NULL;
-
-	return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-				      "Not found");
-}
-
-
-#ifdef CONFIG_MESH
-
-/**
- * wpas_dbus_getter_mesh_peers - Get connected mesh peers
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "MeshPeers" property.
- */
-dbus_bool_t wpas_dbus_getter_mesh_peers(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct hostapd_data *hapd;
-	struct sta_info *sta;
-	DBusMessageIter variant_iter, array_iter;
-	int i;
-	DBusMessageIter inner_array_iter;
-
-	if (!wpa_s->ifmsh)
-		return FALSE;
-	hapd = wpa_s->ifmsh->bss[0];
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &variant_iter) ||
-	    !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY,
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &array_iter))
-		return FALSE;
-
-	for (sta = hapd->sta_list; sta; sta = sta->next) {
-		if (!dbus_message_iter_open_container(
-			    &array_iter, DBUS_TYPE_ARRAY,
-			    DBUS_TYPE_BYTE_AS_STRING,
-			    &inner_array_iter))
-			return FALSE;
-
-		for (i = 0; i < ETH_ALEN; i++) {
-			if (!dbus_message_iter_append_basic(&inner_array_iter,
-							    DBUS_TYPE_BYTE,
-							    &(sta->addr[i])))
-				return FALSE;
-		}
-
-		if (!dbus_message_iter_close_container(
-			    &array_iter, &inner_array_iter))
-			return FALSE;
-	}
-
-	if (!dbus_message_iter_close_container(&variant_iter, &array_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter))
-		return FALSE;
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_mesh_group - Get mesh group
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "MeshGroup" property.
- */
-dbus_bool_t wpas_dbus_getter_mesh_group(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (!wpa_s->ifmsh || !ssid)
-		return FALSE;
-
-	if (!wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						    (char *) ssid->ssid,
-						    ssid->ssid_len, error)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: error constructing reply", __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-#endif /* CONFIG_MESH */
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h
deleted file mode 100644
index a421083f7fe2..000000000000
--- a/wpa_supplicant/dbus/dbus_new_handlers.h
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009-2010, Witold Sowa <witold.sowa@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef CTRL_IFACE_DBUS_NEW_HANDLERS_H
-#define CTRL_IFACE_DBUS_NEW_HANDLERS_H
-
-#include "dbus_new_helpers.h"
-
-struct network_handler_args {
-	struct wpa_supplicant *wpa_s;
-	struct wpa_ssid *ssid;
-};
-
-struct bss_handler_args {
-	struct wpa_supplicant *wpa_s;
-	unsigned int id;
-};
-
-struct sta_handler_args {
-	struct wpa_supplicant *wpa_s;
-	const u8 *sta;
-};
-
-dbus_bool_t wpas_dbus_simple_property_getter(DBusMessageIter *iter,
-					     const int type,
-					     const void *val,
-					     DBusError *error);
-
-dbus_bool_t wpas_dbus_simple_property_setter(DBusMessageIter *iter,
-					     DBusError *error,
-					     const int type, void *val);
-
-dbus_bool_t wpas_dbus_simple_array_property_getter(DBusMessageIter *iter,
-						   const int type,
-						   const void *array,
-						   size_t array_len,
-						   DBusError *error);
-
-dbus_bool_t wpas_dbus_simple_array_array_property_getter(DBusMessageIter *iter,
-							 const int type,
-							 struct wpabuf **array,
-							 size_t array_len,
-							 DBusError *error);
-
-dbus_bool_t wpas_dbus_string_property_getter(DBusMessageIter *iter,
-					     const void *val,
-					     DBusError *error);
-
-DBusMessage * wpas_dbus_handler_create_interface(DBusMessage *message,
-						 struct wpa_global *global);
-
-DBusMessage * wpas_dbus_handler_remove_interface(DBusMessage *message,
-						 struct wpa_global *global);
-
-DBusMessage * wpas_dbus_handler_get_interface(DBusMessage *message,
-					      struct wpa_global *global);
-
-DBusMessage * wpas_dbus_handler_expect_disconnect(DBusMessage *message,
-						  struct wpa_global *global);
-
-DECLARE_ACCESSOR(wpas_dbus_getter_debug_level);
-DECLARE_ACCESSOR(wpas_dbus_getter_debug_timestamp);
-DECLARE_ACCESSOR(wpas_dbus_getter_debug_show_keys);
-DECLARE_ACCESSOR(wpas_dbus_setter_debug_level);
-DECLARE_ACCESSOR(wpas_dbus_setter_debug_timestamp);
-DECLARE_ACCESSOR(wpas_dbus_setter_debug_show_keys);
-DECLARE_ACCESSOR(wpas_dbus_getter_interfaces);
-DECLARE_ACCESSOR(wpas_dbus_getter_eap_methods);
-DECLARE_ACCESSOR(wpas_dbus_getter_global_capabilities);
-DECLARE_ACCESSOR(wpas_dbus_getter_iface_global);
-DECLARE_ACCESSOR(wpas_dbus_setter_iface_global);
-
-DBusMessage * wpas_dbus_handler_scan(DBusMessage *message,
-				     struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_abort_scan(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_signal_poll(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_disconnect(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s);
-
-dbus_bool_t set_network_properties(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid,
-				   DBusMessageIter *iter,
-				   DBusError *error);
-
-DBusMessage * wpas_dbus_handler_add_network(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_reassociate(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_reattach(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_reconnect(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
-					       struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_all_networks(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_select_network(DBusMessage *message,
-					       struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_network_reply(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_roam(DBusMessage *message,
-				     struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_add_blob(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_get_blob(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_blob(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_set_pkcs11_engine_and_module_path(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_flush_bss(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_autoscan(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_eap_logoff(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_eap_logon(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_all_creds(DBusMessage *message,
-						 struct wpa_supplicant *wpa_s);
-
-DBusMessage *
-wpas_dbus_handler_interworking_select(DBusMessage *message,
-				      struct wpa_supplicant *wpa_s);
-
-DECLARE_ACCESSOR(wpas_dbus_getter_capabilities);
-DECLARE_ACCESSOR(wpas_dbus_getter_state);
-DECLARE_ACCESSOR(wpas_dbus_getter_scanning);
-DECLARE_ACCESSOR(wpas_dbus_getter_ap_scan);
-DECLARE_ACCESSOR(wpas_dbus_setter_ap_scan);
-DECLARE_ACCESSOR(wpas_dbus_getter_fast_reauth);
-DECLARE_ACCESSOR(wpas_dbus_setter_fast_reauth);
-DECLARE_ACCESSOR(wpas_dbus_getter_disconnect_reason);
-DECLARE_ACCESSOR(wpas_dbus_getter_disassociate_reason);
-DECLARE_ACCESSOR(wpas_dbus_getter_auth_status_code);
-DECLARE_ACCESSOR(wpas_dbus_getter_assoc_status_code);
-DECLARE_ACCESSOR(wpas_dbus_getter_roam_time);
-DECLARE_ACCESSOR(wpas_dbus_getter_roam_complete);
-DECLARE_ACCESSOR(wpas_dbus_getter_session_length);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_tm_status);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_expire_age);
-DECLARE_ACCESSOR(wpas_dbus_setter_bss_expire_age);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_expire_count);
-DECLARE_ACCESSOR(wpas_dbus_setter_bss_expire_count);
-DECLARE_ACCESSOR(wpas_dbus_getter_country);
-DECLARE_ACCESSOR(wpas_dbus_setter_country);
-DECLARE_ACCESSOR(wpas_dbus_getter_scan_interval);
-DECLARE_ACCESSOR(wpas_dbus_setter_scan_interval);
-DECLARE_ACCESSOR(wpas_dbus_getter_ifname);
-DECLARE_ACCESSOR(wpas_dbus_getter_driver);
-DECLARE_ACCESSOR(wpas_dbus_getter_bridge_ifname);
-DECLARE_ACCESSOR(wpas_dbus_setter_bridge_ifname);
-DECLARE_ACCESSOR(wpas_dbus_getter_config_file);
-DECLARE_ACCESSOR(wpas_dbus_getter_current_bss);
-DECLARE_ACCESSOR(wpas_dbus_getter_current_network);
-DECLARE_ACCESSOR(wpas_dbus_getter_current_auth_mode);
-DECLARE_ACCESSOR(wpas_dbus_getter_bsss);
-DECLARE_ACCESSOR(wpas_dbus_getter_networks);
-DECLARE_ACCESSOR(wpas_dbus_getter_pkcs11_engine_path);
-DECLARE_ACCESSOR(wpas_dbus_getter_pkcs11_module_path);
-DECLARE_ACCESSOR(wpas_dbus_getter_blobs);
-DECLARE_ACCESSOR(wpas_dbus_getter_stas);
-DECLARE_ACCESSOR(wpas_dbus_getter_mac_address_randomization_mask);
-DECLARE_ACCESSOR(wpas_dbus_setter_mac_address_randomization_mask);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_address);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_aid);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_caps);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_rx_packets);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_tx_packets);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_tx_bytes);
-DECLARE_ACCESSOR(wpas_dbus_getter_sta_rx_bytes);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_bssid);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_ssid);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_privacy);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_mode);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_signal);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_frequency);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_rates);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_wpa);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_rsn);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_wps);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_ies);
-DECLARE_ACCESSOR(wpas_dbus_getter_bss_age);
-DECLARE_ACCESSOR(wpas_dbus_getter_enabled);
-DECLARE_ACCESSOR(wpas_dbus_setter_enabled);
-DECLARE_ACCESSOR(wpas_dbus_getter_network_properties);
-DECLARE_ACCESSOR(wpas_dbus_setter_network_properties);
-
-DBusMessage * wpas_dbus_handler_wps_start(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_wps_cancel(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s);
-
-DECLARE_ACCESSOR(wpas_dbus_getter_process_credentials);
-DECLARE_ACCESSOR(wpas_dbus_setter_process_credentials);
-DECLARE_ACCESSOR(wpas_dbus_getter_config_methods);
-DECLARE_ACCESSOR(wpas_dbus_setter_config_methods);
-DECLARE_ACCESSOR(wpas_dbus_getter_wps_device_name);
-DECLARE_ACCESSOR(wpas_dbus_setter_wps_device_name);
-DECLARE_ACCESSOR(wpas_dbus_getter_wps_manufacturer);
-DECLARE_ACCESSOR(wpas_dbus_setter_wps_manufacturer);
-DECLARE_ACCESSOR(wpas_dbus_getter_wps_device_model_name);
-DECLARE_ACCESSOR(wpas_dbus_setter_wps_device_model_name);
-DECLARE_ACCESSOR(wpas_dbus_getter_wps_device_model_number);
-DECLARE_ACCESSOR(wpas_dbus_setter_wps_device_model_number);
-DECLARE_ACCESSOR(wpas_dbus_getter_wps_device_serial_number);
-DECLARE_ACCESSOR(wpas_dbus_setter_wps_device_serial_number);
-DECLARE_ACCESSOR(wpas_dbus_getter_wps_device_device_type);
-DECLARE_ACCESSOR(wpas_dbus_setter_wps_device_device_type);
-
-DECLARE_ACCESSOR(wpas_dbus_getter_mesh_peers);
-DECLARE_ACCESSOR(wpas_dbus_getter_mesh_group);
-
-DBusMessage * wpas_dbus_handler_tdls_discover(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s);
-DBusMessage * wpas_dbus_handler_tdls_setup(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s);
-DBusMessage * wpas_dbus_handler_tdls_status(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-DBusMessage * wpas_dbus_handler_tdls_teardown(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s);
-DBusMessage *
-wpas_dbus_handler_tdls_channel_switch(DBusMessage *message,
-				      struct wpa_supplicant *wpa_s);
-DBusMessage *
-wpas_dbus_handler_tdls_cancel_channel_switch(DBusMessage *message,
-					     struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_vendor_elem_add(DBusMessage *message,
-						struct wpa_supplicant *wpa_s);
-DBusMessage * wpas_dbus_handler_vendor_elem_get(DBusMessage *message,
-						struct wpa_supplicant *wpa_s);
-DBusMessage * wpas_dbus_handler_vendor_elem_remove(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_save_config(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_error_invalid_args(DBusMessage *message,
-					   const char *arg);
-DBusMessage * wpas_dbus_error_unknown_error(DBusMessage *message,
-					    const char *arg);
-DBusMessage * wpas_dbus_error_no_memory(DBusMessage *message);
-
-DBusMessage * wpas_dbus_handler_subscribe_preq(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-DBusMessage * wpas_dbus_handler_unsubscribe_preq(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-#endif /* CTRL_IFACE_DBUS_HANDLERS_NEW_H */
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
deleted file mode 100644
index de79178f4655..000000000000
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ /dev/null
@@ -1,3107 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface (P2P)
- * Copyright (c) 2011-2012, Intel Corporation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "utils/includes.h"
-#include "common.h"
-#include "../config.h"
-#include "../wpa_supplicant_i.h"
-#include "../wps_supplicant.h"
-#include "../notify.h"
-#include "dbus_new_helpers.h"
-#include "dbus_new.h"
-#include "dbus_new_handlers.h"
-#include "dbus_new_handlers_p2p.h"
-#include "dbus_dict_helpers.h"
-#include "p2p/p2p.h"
-#include "common/ieee802_11_defs.h"
-#include "ap/hostapd.h"
-#include "ap/ap_config.h"
-#include "ap/wps_hostapd.h"
-
-#include "../p2p_supplicant.h"
-#include "../wifi_display.h"
-
-
-static int wpas_dbus_validate_dbus_ipaddr(struct wpa_dbus_dict_entry entry)
-{
-	if (entry.type != DBUS_TYPE_ARRAY ||
-	    entry.array_type != DBUS_TYPE_BYTE ||
-	    entry.array_len != 4)
-		return 0;
-
-	return 1;
-}
-
-
-static dbus_bool_t no_p2p_mgmt_interface(DBusError *error)
-{
-	dbus_set_error_const(error, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
-			     "Could not find P2P mgmt interface");
-	return FALSE;
-}
-
-
-/**
- * Parses out the mac address from the peer object path.
- * @peer_path - object path of the form
- *	/fi/w1/wpa_supplicant1/Interfaces/n/Peers/00112233445566 (no colons)
- * @addr - out param must be of ETH_ALEN size
- * Returns 0 if valid (including MAC), -1 otherwise
- */
-static int parse_peer_object_path(const char *peer_path, u8 addr[ETH_ALEN])
-{
-	const char *p;
-
-	if (!peer_path)
-		return -1;
-	p = os_strrchr(peer_path, '/');
-	if (!p)
-		return -1;
-	p++;
-	return hwaddr_compact_aton(p, addr);
-}
-
-
-/**
- * wpas_dbus_error_persistent_group_unknown - Return a new PersistentGroupUnknown
- * error message
- * @message: Pointer to incoming dbus message this error refers to
- * Returns: a dbus error message
- *
- * Convenience function to create and return an invalid persistent group error.
- */
-static DBusMessage *
-wpas_dbus_error_persistent_group_unknown(DBusMessage *message)
-{
-	return dbus_message_new_error(
-		message, WPAS_DBUS_ERROR_NETWORK_UNKNOWN,
-		"There is no such persistent group in this P2P device.");
-}
-
-
-/**
- * wpas_dbus_error_no_p2p_mgmt_iface - Return a new InterfaceUnknown error
- * message
- * @message: Pointer to incoming dbus message this error refers to
- * Returns: a dbus error message
- *
- * Convenience function to create and return an unknown interface error.
- */
-static DBusMessage * wpas_dbus_error_no_p2p_mgmt_iface(DBusMessage *message)
-{
-	wpa_printf(MSG_DEBUG, "dbus: Could not find P2P mgmt interface");
-	return dbus_message_new_error(message, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
-				      "Could not find P2P mgmt interface");
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
-					 struct wpa_supplicant *wpa_s)
-{
-	struct wpa_dbus_dict_entry entry;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	DBusMessageIter iter_dict;
-	unsigned int timeout = 0;
-	enum p2p_discovery_type type = P2P_FIND_START_WITH_FULL;
-	int num_req_dev_types = 0;
-	unsigned int i;
-	u8 *req_dev_types = NULL;
-	unsigned int freq = 0;
-
-	dbus_message_iter_init(message, &iter);
-	entry.key = NULL;
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		if (os_strcmp(entry.key, "Timeout") == 0 &&
-		    entry.type == DBUS_TYPE_INT32) {
-			timeout = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "RequestedDeviceTypes") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != WPAS_DBUS_TYPE_BINARRAY)
-				goto error_clear;
-
-			os_free(req_dev_types);
-			req_dev_types =
-				os_malloc(WPS_DEV_TYPE_LEN * entry.array_len);
-			if (!req_dev_types)
-				goto error_clear;
-
-			for (i = 0; i < entry.array_len; i++) {
-				if (wpabuf_len(entry.binarray_value[i]) !=
-				    WPS_DEV_TYPE_LEN)
-					goto error_clear;
-				os_memcpy(req_dev_types + i * WPS_DEV_TYPE_LEN,
-					  wpabuf_head(entry.binarray_value[i]),
-					  WPS_DEV_TYPE_LEN);
-			}
-			num_req_dev_types = entry.array_len;
-		} else if (os_strcmp(entry.key, "DiscoveryType") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			if (os_strcmp(entry.str_value, "start_with_full") == 0)
-				type = P2P_FIND_START_WITH_FULL;
-			else if (os_strcmp(entry.str_value, "social") == 0)
-				type = P2P_FIND_ONLY_SOCIAL;
-			else if (os_strcmp(entry.str_value, "progressive") == 0)
-				type = P2P_FIND_PROGRESSIVE;
-			else
-				goto error_clear;
-		} else if (os_strcmp(entry.key, "freq") == 0 &&
-			   (entry.type == DBUS_TYPE_INT32 ||
-			    entry.type == DBUS_TYPE_UINT32)) {
-			freq = entry.uint32_value;
-		} else
-			goto error_clear;
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s) {
-		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
-		goto error_nop2p;
-	}
-
-	if (wpas_p2p_find(wpa_s, timeout, type, num_req_dev_types,
-			  req_dev_types, NULL, 0, 0, NULL, freq, false))
-		reply = wpas_dbus_error_unknown_error(
-			message, "Could not start P2P find");
-
-	os_free(req_dev_types);
-	return reply;
-
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	reply = wpas_dbus_error_invalid_args(message, entry.key);
-error_nop2p:
-	os_free(req_dev_types);
-	return reply;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_stop_find(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s)
-{
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (wpa_s)
-		wpas_p2p_stop_find(wpa_s);
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_rejectpeer(DBusMessage *message,
-					       struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter;
-	char *peer_object_path = NULL;
-	u8 peer_addr[ETH_ALEN];
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &peer_object_path);
-
-	if (parse_peer_object_path(peer_object_path, peer_addr) < 0)
-		return wpas_dbus_error_invalid_args(message, NULL);
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return wpas_dbus_error_no_p2p_mgmt_iface(message);
-
-	if (wpas_p2p_reject(wpa_s, peer_addr) < 0)
-		return wpas_dbus_error_unknown_error(message,
-				"Failed to call wpas_p2p_reject method.");
-
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_listen(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	dbus_int32_t timeout = 0;
-
-	if (!dbus_message_get_args(message, NULL, DBUS_TYPE_INT32, &timeout,
-				   DBUS_TYPE_INVALID))
-		return wpas_dbus_error_no_memory(message);
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return wpas_dbus_error_no_p2p_mgmt_iface(message);
-
-	if (wpas_p2p_listen(wpa_s, (unsigned int) timeout)) {
-		return dbus_message_new_error(message,
-					      WPAS_DBUS_ERROR_UNKNOWN_ERROR,
-					      "Could not start P2P listen");
-	}
-
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_extendedlisten(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	unsigned int period = 0, interval = 0;
-	struct wpa_dbus_dict_entry entry;
-	DBusMessageIter iter;
-	DBusMessageIter iter_dict;
-
-	dbus_message_iter_init(message, &iter);
-	entry.key = NULL;
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		if (os_strcmp(entry.key, "period") == 0 &&
-		    entry.type == DBUS_TYPE_INT32)
-			period = entry.uint32_value;
-		else if (os_strcmp(entry.key, "interval") == 0 &&
-			 entry.type == DBUS_TYPE_INT32)
-			interval = entry.uint32_value;
-		else
-			goto error_clear;
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return wpas_dbus_error_no_p2p_mgmt_iface(message);
-
-	if (wpas_p2p_ext_listen(wpa_s, period, interval))
-		return wpas_dbus_error_unknown_error(
-			message, "failed to initiate a p2p_ext_listen.");
-
-	return NULL;
-
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	return wpas_dbus_error_invalid_args(message, entry.key);
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_presence_request(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	unsigned int dur1 = 0, int1 = 0, dur2 = 0, int2 = 0;
-	struct wpa_dbus_dict_entry entry;
-	DBusMessageIter iter;
-	DBusMessageIter iter_dict;
-
-	dbus_message_iter_init(message, &iter);
-	entry.key = NULL;
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		if (os_strcmp(entry.key, "duration1") == 0 &&
-		    entry.type == DBUS_TYPE_INT32)
-			dur1 = entry.uint32_value;
-		else if (os_strcmp(entry.key, "interval1") == 0 &&
-			 entry.type == DBUS_TYPE_INT32)
-			int1 = entry.uint32_value;
-		else if (os_strcmp(entry.key, "duration2") == 0 &&
-			 entry.type == DBUS_TYPE_INT32)
-			dur2 = entry.uint32_value;
-		else if (os_strcmp(entry.key, "interval2") == 0 &&
-			 entry.type == DBUS_TYPE_INT32)
-			int2 = entry.uint32_value;
-		else
-			goto error_clear;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	if (wpas_p2p_presence_req(wpa_s, dur1, int1, dur2, int2) < 0)
-		return wpas_dbus_error_unknown_error(message,
-				"Failed to invoke presence request.");
-
-	return NULL;
-
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	return wpas_dbus_error_invalid_args(message, entry.key);
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message,
-					      struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	char *pg_object_path = NULL;
-	int persistent_group = 0;
-	int freq = 0;
-	char *iface = NULL;
-	unsigned int group_id = 0;
-	struct wpa_ssid *ssid;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto inv_args;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto inv_args;
-
-		if (os_strcmp(entry.key, "persistent") == 0 &&
-		    entry.type == DBUS_TYPE_BOOLEAN) {
-			persistent_group = entry.bool_value;
-		} else if (os_strcmp(entry.key, "frequency") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			freq = entry.int32_value;
-			if (freq <= 0)
-				goto inv_args_clear;
-		} else if (os_strcmp(entry.key, "persistent_group_object") ==
-			   0 &&
-			   entry.type == DBUS_TYPE_OBJECT_PATH)
-			pg_object_path = os_strdup(entry.str_value);
-		else
-			goto inv_args_clear;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s) {
-		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
-		goto out;
-	}
-
-	if (pg_object_path != NULL) {
-		char *net_id_str;
-
-		/*
-		 * A persistent group Object Path is defined meaning we want
-		 * to re-invoke a persistent group.
-		 */
-
-		iface = wpas_dbus_new_decompose_object_path(
-			pg_object_path, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
-			&net_id_str);
-		if (iface == NULL || net_id_str == NULL ||
-		    !wpa_s->parent->dbus_new_path ||
-		    os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
-			reply =
-			    wpas_dbus_error_invalid_args(message,
-							 pg_object_path);
-			goto out;
-		}
-
-		group_id = strtoul(net_id_str, NULL, 10);
-		if (errno == EINVAL) {
-			reply = wpas_dbus_error_invalid_args(
-						message, pg_object_path);
-			goto out;
-		}
-
-		/* Get the SSID structure from the persistent group id */
-		ssid = wpa_config_get_network(wpa_s->conf, group_id);
-		if (ssid == NULL || ssid->disabled != 2)
-			goto inv_args;
-
-		if (wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq, 0, 0, 0,
-						  0, 0, 0, 0, NULL, 0, 0,
-						  false)) {
-			reply = wpas_dbus_error_unknown_error(
-				message,
-				"Failed to reinvoke a persistent group");
-			goto out;
-		}
-	} else if (wpas_p2p_group_add(wpa_s, persistent_group, freq, 0, 0, 0,
-				      0, 0, 0, false))
-		goto inv_args;
-
-out:
-	os_free(pg_object_path);
-	os_free(iface);
-	return reply;
-inv_args_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-inv_args:
-	reply = wpas_dbus_error_invalid_args(message, NULL);
-	goto out;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_disconnect(DBusMessage *message,
-					       struct wpa_supplicant *wpa_s)
-{
-	if (wpas_p2p_disconnect(wpa_s))
-		return wpas_dbus_error_unknown_error(message,
-						"failed to disconnect");
-
-	return NULL;
-}
-
-
-static dbus_bool_t wpa_dbus_p2p_check_enabled(struct wpa_supplicant *wpa_s,
-					      DBusMessage *message,
-					      DBusMessage **out_reply,
-					      DBusError *error)
-{
-	/* Return an error message or an error if P2P isn't available */
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL) {
-		if (out_reply) {
-			*out_reply = dbus_message_new_error(
-				message, DBUS_ERROR_FAILED,
-				"P2P is not available for this interface");
-		}
-		dbus_set_error_const(error, DBUS_ERROR_FAILED,
-				     "P2P is not available for this interface");
-		return FALSE;
-	}
-	if (!wpa_s->global->p2p_init_wpa_s) {
-		if (out_reply)
-			*out_reply = wpas_dbus_error_no_p2p_mgmt_iface(
-				message);
-		return no_p2p_mgmt_interface(error);
-	}
-	return TRUE;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_remove_client(DBusMessage *message,
-						  struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	char *peer_object_path = NULL;
-	char *interface_addr = NULL;
-	u8 peer_addr[ETH_ALEN];
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, message, &reply, NULL))
-		return reply;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto err;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto err;
-
-		if (os_strcmp(entry.key, "peer") == 0 &&
-		    entry.type == DBUS_TYPE_OBJECT_PATH) {
-			os_free(peer_object_path);
-			peer_object_path = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-		} else if (os_strcmp(entry.key, "iface") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			os_free(interface_addr);
-			interface_addr = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-		} else {
-			wpa_dbus_dict_entry_clear(&entry);
-			goto err;
-		}
-	}
-
-	if ((!peer_object_path && !interface_addr) ||
-	    (peer_object_path &&
-	     (parse_peer_object_path(peer_object_path, peer_addr) < 0 ||
-	      !p2p_peer_known(wpa_s->global->p2p, peer_addr))) ||
-	    (interface_addr && hwaddr_aton(interface_addr, peer_addr) < 0))
-		goto err;
-
-	wpas_p2p_remove_client(wpa_s, peer_addr, interface_addr != NULL);
-	reply = NULL;
-out:
-	os_free(peer_object_path);
-	os_free(interface_addr);
-	return reply;
-err:
-	reply = wpas_dbus_error_invalid_args(message, "Invalid address format");
-	goto out;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_flush(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, message, &reply, NULL))
-		return reply;
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	wpas_p2p_stop_find(wpa_s);
-	os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
-	wpa_s->force_long_sd = 0;
-	p2p_flush(wpa_s->global->p2p);
-
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_connect(DBusMessage *message,
-					    struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	char *peer_object_path = NULL;
-	int persistent_group = 0;
-	int join = 0;
-	int authorize_only = 0;
-	int go_intent = -1;
-	int freq = 0;
-	u8 addr[ETH_ALEN];
-	char *pin = NULL;
-	enum p2p_wps_method wps_method = WPS_NOT_READY;
-	int new_pin;
-	char *err_msg = NULL;
-	char *iface = NULL;
-	int ret;
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, message, &reply, NULL))
-		return reply;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto inv_args;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto inv_args;
-
-		if (os_strcmp(entry.key, "peer") == 0 &&
-		    entry.type == DBUS_TYPE_OBJECT_PATH) {
-			peer_object_path = os_strdup(entry.str_value);
-		} else if (os_strcmp(entry.key, "persistent") == 0 &&
-			   entry.type == DBUS_TYPE_BOOLEAN) {
-			persistent_group = entry.bool_value;
-		} else if (os_strcmp(entry.key, "join") == 0 &&
-			   entry.type == DBUS_TYPE_BOOLEAN) {
-			join = entry.bool_value;
-		} else if (os_strcmp(entry.key, "authorize_only") == 0 &&
-			   entry.type == DBUS_TYPE_BOOLEAN) {
-			authorize_only = entry.bool_value;
-		} else if (os_strcmp(entry.key, "frequency") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			freq = entry.int32_value;
-			if (freq <= 0)
-				goto inv_args_clear;
-		} else if (os_strcmp(entry.key, "go_intent") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			go_intent = entry.int32_value;
-			if ((go_intent < 0) || (go_intent > 15))
-				goto inv_args_clear;
-		} else if (os_strcmp(entry.key, "wps_method") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			if (os_strcmp(entry.str_value, "pbc") == 0)
-				wps_method = WPS_PBC;
-			else if (os_strcmp(entry.str_value, "pin") == 0)
-				wps_method = WPS_PIN_DISPLAY;
-			else if (os_strcmp(entry.str_value, "display") == 0)
-				wps_method = WPS_PIN_DISPLAY;
-			else if (os_strcmp(entry.str_value, "keypad") == 0)
-				wps_method = WPS_PIN_KEYPAD;
-			else
-				goto inv_args_clear;
-		} else if (os_strcmp(entry.key, "pin") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			pin = os_strdup(entry.str_value);
-		} else
-			goto inv_args_clear;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	if (wps_method == WPS_NOT_READY ||
-	    parse_peer_object_path(peer_object_path, addr) < 0 ||
-	    !p2p_peer_known(wpa_s->global->p2p, addr))
-		goto inv_args;
-
-	/*
-	 * Validate the wps_method specified and the pin value.
-	 */
-	if ((!pin || !pin[0]) && wps_method == WPS_PIN_KEYPAD)
-		goto inv_args;
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method,
-				   persistent_group, 0, join, authorize_only,
-				   go_intent, freq, 0, -1, 0, 0, 0, 0, 0, 0,
-				   NULL, 0, false);
-
-	if (new_pin >= 0) {
-		char npin[9];
-		char *generated_pin;
-
-		ret = os_snprintf(npin, sizeof(npin), "%08d", new_pin);
-		if (os_snprintf_error(sizeof(npin), ret)) {
-			reply = wpas_dbus_error_unknown_error(message,
-							      "invalid PIN");
-			goto out;
-		}
-		generated_pin = npin;
-		reply = dbus_message_new_method_return(message);
-		dbus_message_append_args(reply, DBUS_TYPE_STRING,
-					 &generated_pin, DBUS_TYPE_INVALID);
-	} else {
-		switch (new_pin) {
-		case -2:
-			err_msg =
-				"connect failed due to channel unavailability.";
-			iface = WPAS_DBUS_ERROR_CONNECT_CHANNEL_UNAVAILABLE;
-			break;
-
-		case -3:
-			err_msg = "connect failed due to unsupported channel.";
-			iface = WPAS_DBUS_ERROR_CONNECT_CHANNEL_UNSUPPORTED;
-			break;
-
-		default:
-			err_msg = "connect failed due to unspecified error.";
-			iface = WPAS_DBUS_ERROR_CONNECT_UNSPECIFIED_ERROR;
-			break;
-		}
-
-		/*
-		 * TODO:
-		 * Do we need specialized errors corresponding to above
-		 * error conditions as against just returning a different
-		 * error message?
-		 */
-		reply = dbus_message_new_error(message, iface, err_msg);
-	}
-
-out:
-	os_free(peer_object_path);
-	os_free(pin);
-	return reply;
-inv_args_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-inv_args:
-	reply = wpas_dbus_error_invalid_args(message, NULL);
-	goto out;
-}
-
-
-/**
- * wpas_dbus_handler_p2p_cancel - Cancel P2P group formation
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: NULL on success or DBus error on failure
- *
- * Handler for "Cancel" method call. Returns NULL if P2P cancel succeeds or DBus
- * error on P2P cancel failure
- */
-DBusMessage * wpas_dbus_handler_p2p_cancel(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	if (wpas_p2p_cancel(wpa_s))
-		return wpas_dbus_error_unknown_error(message,
-						     "P2P cancel failed");
-
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_invite(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	char *peer_object_path = NULL;
-	char *pg_object_path = NULL;
-	char *iface = NULL;
-	u8 peer_addr[ETH_ALEN];
-	unsigned int group_id = 0;
-	int persistent = 0;
-	struct wpa_ssid *ssid;
-	const char *group_ifname;
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, message, &reply, NULL))
-		return reply;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto err;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto err;
-
-		if (os_strcmp(entry.key, "peer") == 0 &&
-		    entry.type == DBUS_TYPE_OBJECT_PATH) {
-			peer_object_path = os_strdup(entry.str_value);
-			wpa_dbus_dict_entry_clear(&entry);
-		} else if (os_strcmp(entry.key, "persistent_group_object") ==
-			   0 &&
-			   entry.type == DBUS_TYPE_OBJECT_PATH) {
-			pg_object_path = os_strdup(entry.str_value);
-			persistent = 1;
-			wpa_dbus_dict_entry_clear(&entry);
-		} else {
-			wpa_dbus_dict_entry_clear(&entry);
-			goto err;
-		}
-	}
-
-	if (parse_peer_object_path(peer_object_path, peer_addr) < 0 ||
-	    !p2p_peer_known(wpa_s->global->p2p, peer_addr))
-		goto err;
-
-	/* Capture the interface name for the group first */
-	group_ifname = wpa_s->ifname;
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	if (persistent) {
-		char *net_id_str;
-		/*
-		 * A group ID is defined meaning we want to re-invoke a
-		 * persistent group
-		 */
-
-		iface = wpas_dbus_new_decompose_object_path(
-			pg_object_path,
-			WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
-			&net_id_str);
-		if (iface == NULL || net_id_str == NULL ||
-		    !wpa_s->parent->dbus_new_path ||
-		    os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
-			reply = wpas_dbus_error_invalid_args(message,
-							     pg_object_path);
-			goto out;
-		}
-
-		group_id = strtoul(net_id_str, NULL, 10);
-		if (errno == EINVAL) {
-			reply = wpas_dbus_error_invalid_args(
-				message, pg_object_path);
-			goto out;
-		}
-
-		/* Get the SSID structure from the persistent group id */
-		ssid = wpa_config_get_network(wpa_s->conf, group_id);
-		if (ssid == NULL || ssid->disabled != 2)
-			goto err;
-
-		if (wpas_p2p_invite(wpa_s, peer_addr, ssid, NULL, 0, 0, 0, 0, 0,
-				    0, 0, 0, false) < 0) {
-			reply = wpas_dbus_error_unknown_error(
-				message,
-				"Failed to reinvoke a persistent group");
-			goto out;
-		}
-	} else {
-		/*
-		 * No group ID means propose to a peer to join my active group
-		 */
-		if (wpas_p2p_invite_group(wpa_s, group_ifname,
-					  peer_addr, NULL, false)) {
-			reply = wpas_dbus_error_unknown_error(
-				message, "Failed to join to an active group");
-			goto out;
-		}
-	}
-
-out:
-	os_free(iface);
-	os_free(pg_object_path);
-	os_free(peer_object_path);
-	return reply;
-
-err:
-	reply = wpas_dbus_error_invalid_args(message, NULL);
-	goto out;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_prov_disc_req(DBusMessage *message,
-						  struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter;
-	char *peer_object_path = NULL;
-	char *config_method = NULL;
-	u8 peer_addr[ETH_ALEN];
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &peer_object_path);
-
-	if (parse_peer_object_path(peer_object_path, peer_addr) < 0)
-		return wpas_dbus_error_invalid_args(message, NULL);
-
-	dbus_message_iter_next(&iter);
-	dbus_message_iter_get_basic(&iter, &config_method);
-
-	/*
-	 * Validation checks on config_method are being duplicated here
-	 * to be able to return invalid args reply since the error code
-	 * from p2p module are not granular enough (yet).
-	 */
-	if (os_strcmp(config_method, "display") &&
-	    os_strcmp(config_method, "keypad") &&
-	    os_strcmp(config_method, "pbc") &&
-	    os_strcmp(config_method, "pushbutton"))
-		return wpas_dbus_error_invalid_args(message, NULL);
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return wpas_dbus_error_no_p2p_mgmt_iface(message);
-
-	if (wpas_p2p_prov_disc(wpa_s, peer_addr, config_method,
-			       WPAS_P2P_PD_FOR_GO_NEG, NULL) < 0)
-		return wpas_dbus_error_unknown_error(message,
-				"Failed to send provision discovery request");
-
-	return NULL;
-}
-
-
-/*
- * P2P Device property accessor methods.
- */
-
-dbus_bool_t wpas_dbus_getter_p2p_device_config(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	DBusMessageIter variant_iter, dict_iter;
-	DBusMessageIter iter_secdev_dict_entry, iter_secdev_dict_val,
-		iter_secdev_dict_array;
-	const char *dev_name;
-	int num_vendor_extensions = 0;
-	int i;
-	const struct wpabuf *vendor_ext[P2P_MAX_WPS_VENDOR_EXT];
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      "a{sv}", &variant_iter) ||
-	    !wpa_dbus_dict_open_write(&variant_iter, &dict_iter))
-		goto err_no_mem;
-
-	/* DeviceName */
-	dev_name = wpa_s->conf->device_name;
-	if (dev_name &&
-	    !wpa_dbus_dict_append_string(&dict_iter, "DeviceName", dev_name))
-		goto err_no_mem;
-
-	/* Primary device type */
-	if (!wpa_dbus_dict_append_byte_array(&dict_iter, "PrimaryDeviceType",
-					     (char *) wpa_s->conf->device_type,
-					     WPS_DEV_TYPE_LEN))
-		goto err_no_mem;
-
-	/* Secondary device types */
-	if (wpa_s->conf->num_sec_device_types) {
-		if (!wpa_dbus_dict_begin_array(&dict_iter,
-					       "SecondaryDeviceTypes",
-					       DBUS_TYPE_ARRAY_AS_STRING
-					       DBUS_TYPE_BYTE_AS_STRING,
-					       &iter_secdev_dict_entry,
-					       &iter_secdev_dict_val,
-					       &iter_secdev_dict_array))
-			goto err_no_mem;
-
-		for (i = 0; i < wpa_s->conf->num_sec_device_types; i++)
-			wpa_dbus_dict_bin_array_add_element(
-				&iter_secdev_dict_array,
-				wpa_s->conf->sec_device_type[i],
-				WPS_DEV_TYPE_LEN);
-
-		if (!wpa_dbus_dict_end_array(&dict_iter,
-					     &iter_secdev_dict_entry,
-					     &iter_secdev_dict_val,
-					     &iter_secdev_dict_array))
-			goto err_no_mem;
-	}
-
-	/* GO IP address */
-	if (WPA_GET_BE32(wpa_s->conf->ip_addr_go) &&
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddrGo",
-					     (char *) wpa_s->conf->ip_addr_go,
-					     4))
-		goto err_no_mem;
-
-	/* IP address mask */
-	if (WPA_GET_BE32(wpa_s->conf->ip_addr_mask) &&
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddrMask",
-					     (char *) wpa_s->conf->ip_addr_mask,
-					     4))
-		goto err_no_mem;
-
-	/* IP address start */
-	if (WPA_GET_BE32(wpa_s->conf->ip_addr_start) &&
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddrStart",
-					     (char *)
-					     wpa_s->conf->ip_addr_start,
-					     4))
-		goto err_no_mem;
-
-	/* IP address end */
-	if (WPA_GET_BE32(wpa_s->conf->ip_addr_end) &&
-	    !wpa_dbus_dict_append_byte_array(&dict_iter, "IpAddrEnd",
-					     (char *) wpa_s->conf->ip_addr_end,
-					     4))
-		goto err_no_mem;
-
-	/* Vendor Extensions */
-	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
-		if (wpa_s->conf->wps_vendor_ext[i] == NULL)
-			continue;
-		vendor_ext[num_vendor_extensions++] =
-			wpa_s->conf->wps_vendor_ext[i];
-	}
-
-	if ((num_vendor_extensions &&
-	     !wpa_dbus_dict_append_wpabuf_array(&dict_iter,
-						"VendorExtension",
-						vendor_ext,
-						num_vendor_extensions)) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "GOIntent",
-					 wpa_s->conf->p2p_go_intent) ||
-	    !wpa_dbus_dict_append_bool(&dict_iter, "PersistentReconnect",
-				       wpa_s->conf->persistent_reconnect) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "ListenRegClass",
-					 wpa_s->conf->p2p_listen_reg_class) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "ListenChannel",
-					 wpa_s->conf->p2p_listen_channel) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "OperRegClass",
-					 wpa_s->conf->p2p_oper_reg_class) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "OperChannel",
-					 wpa_s->conf->p2p_oper_channel) ||
-	    (wpa_s->conf->p2p_ssid_postfix &&
-	     !wpa_dbus_dict_append_string(&dict_iter, "SsidPostfix",
-					  wpa_s->conf->p2p_ssid_postfix)) ||
-	    !wpa_dbus_dict_append_bool(&dict_iter, "IntraBss",
-				       wpa_s->conf->p2p_intra_bss) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "GroupIdle",
-					 wpa_s->conf->p2p_group_idle) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "disassoc_low_ack",
-					 wpa_s->conf->disassoc_low_ack) ||
-	    !wpa_dbus_dict_append_bool(&dict_iter, "NoGroupIface",
-				       wpa_s->conf->p2p_no_group_iface) ||
-	    !wpa_dbus_dict_append_uint32(&dict_iter, "p2p_search_delay",
-					 wpa_s->conf->p2p_search_delay) ||
-	    !wpa_dbus_dict_close_write(&variant_iter, &dict_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter))
-		goto err_no_mem;
-
-	return TRUE;
-
-err_no_mem:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	return FALSE;
-}
-
-
-dbus_bool_t wpas_dbus_setter_p2p_device_config(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	DBusMessageIter variant_iter, iter_dict;
-	struct wpa_dbus_dict_entry entry = {.type = DBUS_TYPE_STRING };
-	unsigned int i;
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	dbus_message_iter_recurse(iter, &variant_iter);
-	if (!wpa_dbus_dict_open_read(&variant_iter, &iter_dict, error))
-		return FALSE;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) {
-			dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-					     "invalid message format");
-			return FALSE;
-		}
-
-		if (os_strcmp(entry.key, "DeviceName") == 0) {
-			char *devname;
-
-			if (entry.type != DBUS_TYPE_STRING ||
-			    os_strlen(entry.str_value) > WPS_DEV_NAME_MAX_LEN)
-				goto error;
-
-			devname = os_strdup(entry.str_value);
-			if (devname == NULL)
-				goto err_no_mem_clear;
-
-			os_free(wpa_s->conf->device_name);
-			wpa_s->conf->device_name = devname;
-
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_DEVICE_NAME;
-		} else if (os_strcmp(entry.key, "PrimaryDeviceType") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != DBUS_TYPE_BYTE ||
-			    entry.array_len != WPS_DEV_TYPE_LEN)
-				goto error;
-
-			os_memcpy(wpa_s->conf->device_type,
-				  entry.bytearray_value,
-				  WPS_DEV_TYPE_LEN);
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_DEVICE_TYPE;
-		} else if (os_strcmp(entry.key, "SecondaryDeviceTypes") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != WPAS_DBUS_TYPE_BINARRAY ||
-			    entry.array_len > MAX_SEC_DEVICE_TYPES)
-				goto error;
-
-			for (i = 0; i < entry.array_len; i++)
-				if (wpabuf_len(entry.binarray_value[i]) !=
-				    WPS_DEV_TYPE_LEN)
-					goto err_no_mem_clear;
-			for (i = 0; i < entry.array_len; i++)
-				os_memcpy(wpa_s->conf->sec_device_type[i],
-					  wpabuf_head(entry.binarray_value[i]),
-					  WPS_DEV_TYPE_LEN);
-			wpa_s->conf->num_sec_device_types = entry.array_len;
-			wpa_s->conf->changed_parameters |=
-					CFG_CHANGED_SEC_DEVICE_TYPE;
-		} else if (os_strcmp(entry.key, "VendorExtension") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != WPAS_DBUS_TYPE_BINARRAY ||
-			    (entry.array_len > P2P_MAX_WPS_VENDOR_EXT))
-				goto error;
-
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_VENDOR_EXTENSION;
-
-			for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
-				wpabuf_free(wpa_s->conf->wps_vendor_ext[i]);
-				if (i < entry.array_len) {
-					wpa_s->conf->wps_vendor_ext[i] =
-						entry.binarray_value[i];
-					entry.binarray_value[i] = NULL;
-				} else
-					wpa_s->conf->wps_vendor_ext[i] = NULL;
-			}
-		} else if (os_strcmp(entry.key, "GOIntent") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32 &&
-			   (entry.uint32_value <= 15))
-			wpa_s->conf->p2p_go_intent = entry.uint32_value;
-		else if (os_strcmp(entry.key, "PersistentReconnect") == 0 &&
-			 entry.type == DBUS_TYPE_BOOLEAN)
-			wpa_s->conf->persistent_reconnect = entry.bool_value;
-		else if (os_strcmp(entry.key, "ListenRegClass") == 0 &&
-			 entry.type == DBUS_TYPE_UINT32) {
-			wpa_s->conf->p2p_listen_reg_class = entry.uint32_value;
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_P2P_LISTEN_CHANNEL;
-		} else if (os_strcmp(entry.key, "ListenChannel") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			wpa_s->conf->p2p_listen_channel = entry.uint32_value;
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_P2P_LISTEN_CHANNEL;
-		} else if (os_strcmp(entry.key, "OperRegClass") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			wpa_s->conf->p2p_oper_reg_class = entry.uint32_value;
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_P2P_OPER_CHANNEL;
-		} else if (os_strcmp(entry.key, "OperChannel") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32) {
-			wpa_s->conf->p2p_oper_channel = entry.uint32_value;
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_P2P_OPER_CHANNEL;
-		} else if (os_strcmp(entry.key, "SsidPostfix") == 0) {
-			char *postfix;
-
-			if (entry.type != DBUS_TYPE_STRING)
-				goto error;
-
-			postfix = os_strdup(entry.str_value);
-			if (!postfix)
-				goto err_no_mem_clear;
-
-			os_free(wpa_s->conf->p2p_ssid_postfix);
-			wpa_s->conf->p2p_ssid_postfix = postfix;
-
-			wpa_s->conf->changed_parameters |=
-					CFG_CHANGED_P2P_SSID_POSTFIX;
-		} else if (os_strcmp(entry.key, "IntraBss") == 0 &&
-			   entry.type == DBUS_TYPE_BOOLEAN) {
-			wpa_s->conf->p2p_intra_bss = entry.bool_value;
-			wpa_s->conf->changed_parameters |=
-				CFG_CHANGED_P2P_INTRA_BSS;
-		} else if (os_strcmp(entry.key, "IpAddrGo") == 0) {
-			if (!wpas_dbus_validate_dbus_ipaddr(entry))
-				goto error;
-			os_memcpy(wpa_s->conf->ip_addr_go,
-				  entry.bytearray_value, 4);
-		} else if (os_strcmp(entry.key, "IpAddrMask") == 0) {
-			if (!wpas_dbus_validate_dbus_ipaddr(entry))
-				goto error;
-			os_memcpy(wpa_s->conf->ip_addr_mask,
-				  entry.bytearray_value, 4);
-		} else if (os_strcmp(entry.key, "IpAddrStart") == 0) {
-			if (!wpas_dbus_validate_dbus_ipaddr(entry))
-				goto error;
-			os_memcpy(wpa_s->conf->ip_addr_start,
-				  entry.bytearray_value, 4);
-		} else if (os_strcmp(entry.key, "IpAddrEnd") == 0) {
-			if (!wpas_dbus_validate_dbus_ipaddr(entry))
-				goto error;
-			os_memcpy(wpa_s->conf->ip_addr_end,
-				  entry.bytearray_value, 4);
-		} else if (os_strcmp(entry.key, "GroupIdle") == 0 &&
-			   entry.type == DBUS_TYPE_UINT32)
-			wpa_s->conf->p2p_group_idle = entry.uint32_value;
-		else if (os_strcmp(entry.key, "disassoc_low_ack") == 0 &&
-			 entry.type == DBUS_TYPE_UINT32)
-			wpa_s->conf->disassoc_low_ack = entry.uint32_value;
-		else if (os_strcmp(entry.key, "NoGroupIface") == 0 &&
-			 entry.type == DBUS_TYPE_BOOLEAN)
-			wpa_s->conf->p2p_no_group_iface = entry.bool_value;
-		else if (os_strcmp(entry.key, "p2p_search_delay") == 0 &&
-			 entry.type == DBUS_TYPE_UINT32)
-			wpa_s->conf->p2p_search_delay = entry.uint32_value;
-		else
-			goto error;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	if (wpa_s->conf->changed_parameters) {
-		/* Some changed parameters requires to update config*/
-		wpa_supplicant_update_config(wpa_s);
-	}
-
-	return TRUE;
-
- error:
-	dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-			     "invalid message format");
-	wpa_dbus_dict_entry_clear(&entry);
-	return FALSE;
-
- err_no_mem_clear:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	wpa_dbus_dict_entry_clear(&entry);
-	return FALSE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peers(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct p2p_data *p2p = wpa_s->global->p2p;
-	int next = 0, i = 0;
-	int num = 0, out_of_mem = 0;
-	const u8 *addr;
-	const struct p2p_peer_info *peer_info = NULL;
-	dbus_bool_t success = FALSE;
-
-	struct dl_list peer_objpath_list;
-	struct peer_objpath_node {
-		struct dl_list list;
-		char path[WPAS_DBUS_OBJECT_PATH_MAX];
-	} *node, *tmp;
-
-	char **peer_obj_paths = NULL;
-
-	if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error) ||
-	    !wpa_s->parent->parent->dbus_new_path)
-		return FALSE;
-
-	dl_list_init(&peer_objpath_list);
-
-	/* Get the first peer info */
-	peer_info = p2p_get_peer_found(p2p, NULL, next);
-
-	/* Get next and accumulate them */
-	next = 1;
-	while (peer_info != NULL) {
-		node = os_zalloc(sizeof(struct peer_objpath_node));
-		if (!node) {
-			out_of_mem = 1;
-			goto error;
-		}
-
-		addr = peer_info->p2p_device_addr;
-		os_snprintf(node->path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART
-			    "/" COMPACT_MACSTR,
-			    wpa_s->parent->parent->dbus_new_path,
-			    MAC2STR(addr));
-		dl_list_add_tail(&peer_objpath_list, &node->list);
-		num++;
-
-		peer_info = p2p_get_peer_found(p2p, addr, next);
-	}
-
-	/*
-	 * Now construct the peer object paths in a form suitable for
-	 * array_property_getter helper below.
-	 */
-	peer_obj_paths = os_calloc(num, sizeof(char *));
-
-	if (!peer_obj_paths) {
-		out_of_mem = 1;
-		goto error;
-	}
-
-	dl_list_for_each_safe(node, tmp, &peer_objpath_list,
-			      struct peer_objpath_node, list)
-		peer_obj_paths[i++] = node->path;
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 peer_obj_paths, num,
-							 error);
-
-error:
-	if (peer_obj_paths)
-		os_free(peer_obj_paths);
-
-	dl_list_for_each_safe(node, tmp, &peer_objpath_list,
-			      struct peer_objpath_node, list) {
-		dl_list_del(&node->list);
-		os_free(node);
-	}
-	if (out_of_mem)
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-
-	return success;
-}
-
-
-enum wpas_p2p_role {
-	WPAS_P2P_ROLE_DEVICE,
-	WPAS_P2P_ROLE_GO,
-	WPAS_P2P_ROLE_CLIENT,
-};
-
-static enum wpas_p2p_role wpas_get_p2p_role(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (!ssid)
-		return WPAS_P2P_ROLE_DEVICE;
-	if (wpa_s->wpa_state != WPA_COMPLETED)
-		return WPAS_P2P_ROLE_DEVICE;
-
-	switch (ssid->mode) {
-	case WPAS_MODE_P2P_GO:
-	case WPAS_MODE_P2P_GROUP_FORMATION:
-		return WPAS_P2P_ROLE_GO;
-	case WPAS_MODE_INFRA:
-		if (ssid->p2p_group)
-			return WPAS_P2P_ROLE_CLIENT;
-		return WPAS_P2P_ROLE_DEVICE;
-	default:
-		return WPAS_P2P_ROLE_DEVICE;
-	}
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_role(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *str;
-
-	switch (wpas_get_p2p_role(wpa_s)) {
-	case WPAS_P2P_ROLE_GO:
-		str = "GO";
-		break;
-	case WPAS_P2P_ROLE_CLIENT:
-		str = "client";
-		break;
-	default:
-		str = "device";
-		break;
-	}
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &str,
-						error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char path_buf[WPAS_DBUS_OBJECT_PATH_MAX];
-	char *dbus_groupobj_path = path_buf;
-
-	if (wpa_s->dbus_groupobj_path == NULL)
-		os_snprintf(dbus_groupobj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "/");
-	else
-		os_snprintf(dbus_groupobj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s", wpa_s->dbus_groupobj_path);
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH,
-						&dbus_groupobj_path, error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peergo(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char go_peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
-
-	if (!wpa_s->parent->parent->dbus_new_path)
-		return FALSE;
-
-	if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_CLIENT)
-		os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, "/");
-	else
-		os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
-			    COMPACT_MACSTR,
-			    wpa_s->parent->parent->dbus_new_path,
-			    MAC2STR(wpa_s->go_dev_addr));
-
-	path = go_peer_obj_path;
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH,
-						&path, error);
-}
-
-
-/*
- * Peer object properties accessor methods
- */
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_device_name(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	char *tmp;
-
-	if (!wpa_dbus_p2p_check_enabled(peer_args->wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	/* get the peer info */
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	tmp = os_strdup(info->device_name);
-	if (!tmp) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &tmp,
-					      error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		os_free(tmp);
-		return FALSE;
-	}
-
-	os_free(tmp);
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_manufacturer(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	char *tmp;
-
-	if (!wpa_dbus_p2p_check_enabled(peer_args->wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	/* get the peer info */
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED, "failed to find peer");
-		return FALSE;
-	}
-
-	tmp = os_strdup(info->manufacturer);
-	if (!tmp) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &tmp,
-					      error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		os_free(tmp);
-		return FALSE;
-	}
-
-	os_free(tmp);
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_modelname(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	char *tmp;
-
-	if (!wpa_dbus_p2p_check_enabled(peer_args->wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	/* get the peer info */
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED, "failed to find peer");
-		return FALSE;
-	}
-
-	tmp = os_strdup(info->model_name);
-	if (!tmp) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &tmp,
-					      error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		os_free(tmp);
-		return FALSE;
-	}
-
-	os_free(tmp);
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_modelnumber(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	char *tmp;
-
-	if (!wpa_dbus_p2p_check_enabled(peer_args->wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	/* get the peer info */
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED, "failed to find peer");
-		return FALSE;
-	}
-
-	tmp = os_strdup(info->model_number);
-	if (!tmp) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &tmp,
-					      error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		os_free(tmp);
-		return FALSE;
-	}
-
-	os_free(tmp);
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_serialnumber(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	char *tmp;
-
-	if (!wpa_dbus_p2p_check_enabled(peer_args->wpa_s, NULL, NULL, error))
-		return FALSE;
-
-	/* get the peer info */
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED, "failed to find peer");
-		return FALSE;
-	}
-
-	tmp = os_strdup(info->serial_number);
-	if (!tmp) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_STRING, &tmp,
-					      error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		os_free(tmp);
-		return FALSE;
-	}
-
-	os_free(tmp);
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_primary_device_type(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						    (char *)
-						    info->pri_dev_type,
-						    WPS_DEV_TYPE_LEN, error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_config_method(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT16,
-					      &info->config_methods, error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_level(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_INT32,
-					      &info->level, error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_device_capability(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BYTE,
-					      &info->dev_capab, error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_group_capability(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	if (!wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BYTE,
-					      &info->group_capab, error)) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_secondary_device_types(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	DBusMessageIter variant_iter, array_iter;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED, "failed to find peer");
-		return FALSE;
-	}
-
-	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &variant_iter) ||
-	    !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY,
-					      DBUS_TYPE_ARRAY_AS_STRING
-					      DBUS_TYPE_BYTE_AS_STRING,
-					      &array_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to construct message 1", __func__);
-		return FALSE;
-	}
-
-	if (info->wps_sec_dev_type_list_len) {
-		const u8 *sec_dev_type_list = info->wps_sec_dev_type_list;
-		int num_sec_device_types =
-			info->wps_sec_dev_type_list_len / WPS_DEV_TYPE_LEN;
-		int i;
-		DBusMessageIter inner_array_iter;
-
-		for (i = 0; i < num_sec_device_types; i++) {
-			if (!dbus_message_iter_open_container(
-				    &array_iter, DBUS_TYPE_ARRAY,
-				    DBUS_TYPE_BYTE_AS_STRING,
-				    &inner_array_iter) ||
-			    !dbus_message_iter_append_fixed_array(
-				    &inner_array_iter, DBUS_TYPE_BYTE,
-				    &sec_dev_type_list, WPS_DEV_TYPE_LEN) ||
-			    !dbus_message_iter_close_container(
-				    &array_iter, &inner_array_iter)) {
-				dbus_set_error(error, DBUS_ERROR_FAILED,
-					       "%s: failed to construct message 2 (%d)",
-					       __func__, i);
-				return FALSE;
-			}
-
-			sec_dev_type_list += WPS_DEV_TYPE_LEN;
-		}
-	}
-
-	if (!dbus_message_iter_close_container(&variant_iter, &array_iter) ||
-	    !dbus_message_iter_close_container(iter, &variant_iter)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: failed to construct message 3", __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_vendor_extension(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpabuf *vendor_extension[P2P_MAX_WPS_VENDOR_EXT];
-	unsigned int i, num = 0;
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	/* Add WPS vendor extensions attribute */
-	os_memset(vendor_extension, 0, sizeof(vendor_extension));
-	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
-		if (info->wps_vendor_ext[i] == NULL)
-			continue;
-		vendor_extension[num] = info->wps_vendor_ext[i];
-		num++;
-	}
-
-	if (!wpas_dbus_simple_array_array_property_getter(iter, DBUS_TYPE_BYTE,
-							  vendor_extension,
-							  num, error))
-		return FALSE;
-
-	return TRUE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_ies(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	if (info->wfd_subelems == NULL)
-		return wpas_dbus_simple_array_property_getter(iter,
-							      DBUS_TYPE_BYTE,
-							      NULL, 0, error);
-
-	return wpas_dbus_simple_array_property_getter(
-		iter, DBUS_TYPE_BYTE, (char *) info->wfd_subelems->buf,
-		info->wfd_subelems->used, error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_device_address(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	return wpas_dbus_simple_array_property_getter(
-		iter, DBUS_TYPE_BYTE, (char *) info->p2p_device_addr,
-		ETH_ALEN, error);
-}
-
-
-struct peer_group_data {
-	struct wpa_supplicant *wpa_s;
-	const struct p2p_peer_info *info;
-	char **paths;
-	unsigned int nb_paths;
-	int error;
-};
-
-
-static int match_group_where_peer_is_client(struct p2p_group *group,
-					    void *user_data)
-{
-	struct peer_group_data *data = user_data;
-	const struct p2p_group_config *cfg;
-	struct wpa_supplicant *wpa_s_go;
-	char **paths;
-
-	if (!p2p_group_is_client_connected(group, data->info->p2p_device_addr))
-		return 1;
-
-	cfg = p2p_group_get_config(group);
-
-	wpa_s_go = wpas_get_p2p_go_iface(data->wpa_s, cfg->ssid,
-					 cfg->ssid_len);
-	if (wpa_s_go == NULL)
-		return 1;
-
-	paths = os_realloc_array(data->paths, data->nb_paths + 1,
-				 sizeof(char *));
-	if (paths == NULL)
-		goto out_of_memory;
-
-	data->paths = paths;
-	data->paths[data->nb_paths] = wpa_s_go->dbus_groupobj_path;
-	data->nb_paths++;
-
-	return 1;
-
-out_of_memory:
-	data->error = ENOMEM;
-	return 0;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_groups(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-	struct peer_group_data data;
-	struct wpa_supplicant *wpa_s, *wpa_s_go;
-	dbus_bool_t success = FALSE;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (info == NULL) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "failed to find peer");
-		return FALSE;
-	}
-
-	os_memset(&data, 0, sizeof(data));
-
-	wpa_s = peer_args->wpa_s;
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return no_p2p_mgmt_interface(error);
-
-	wpa_s_go = wpas_get_p2p_client_iface(wpa_s, info->p2p_device_addr);
-	if (wpa_s_go) {
-		data.paths = os_calloc(1, sizeof(char *));
-		if (data.paths == NULL)
-			goto out_of_memory;
-		data.paths[0] = wpa_s_go->dbus_groupobj_path;
-		data.nb_paths = 1;
-	}
-
-	data.wpa_s = peer_args->wpa_s;
-	data.info = info;
-
-	p2p_loop_on_all_groups(peer_args->wpa_s->global->p2p,
-			       match_group_where_peer_is_client, &data);
-	if (data.error)
-		goto out_of_memory;
-
-	if (data.paths == NULL) {
-		return wpas_dbus_simple_array_property_getter(
-			iter, DBUS_TYPE_OBJECT_PATH, NULL, 0, error);
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 data.paths,
-							 data.nb_paths, error);
-	goto out;
-
-out_of_memory:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-out:
-	os_free(data.paths);
-	return success;
-}
-
-dbus_bool_t wpas_dbus_getter_p2p_peer_vsie(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct peer_handler_args *peer_args = user_data;
-	const struct p2p_peer_info *info;
-
-	info = p2p_get_peer_found(peer_args->wpa_s->global->p2p,
-				  peer_args->p2p_device_addr, 0);
-	if (!info) {
-		dbus_set_error(error, DBUS_ERROR_FAILED, "failed to find peer");
-		return FALSE;
-	}
-
-	if (!info->vendor_elems)
-		return wpas_dbus_simple_array_property_getter(iter,
-							      DBUS_TYPE_BYTE,
-							      NULL, 0, error);
-
-	return wpas_dbus_simple_array_property_getter(
-		iter, DBUS_TYPE_BYTE, (char *) info->vendor_elems->buf,
-		info->vendor_elems->used, error);
-}
-
-
-/**
- * wpas_dbus_getter_persistent_groups - Get array of persistent group objects
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "PersistentGroups" property.
- */
-dbus_bool_t wpas_dbus_getter_persistent_groups(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_ssid *ssid;
-	char **paths;
-	unsigned int i = 0, num = 0;
-	dbus_bool_t success = FALSE;
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return no_p2p_mgmt_interface(error);
-
-	if (!wpa_s->parent->dbus_new_path)
-		return FALSE;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
-		if (network_is_persistent_group(ssid))
-			num++;
-
-	paths = os_calloc(num, sizeof(char *));
-	if (!paths) {
-		dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-		return FALSE;
-	}
-
-	/* Loop through configured networks and append object path of each */
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (!network_is_persistent_group(ssid))
-			continue;
-		paths[i] = os_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
-		if (paths[i] == NULL) {
-			dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY,
-					     "no memory");
-			goto out;
-		}
-		/* Construct the object path for this network. */
-		os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d",
-			    wpa_s->parent->dbus_new_path, ssid->id);
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 paths, num, error);
-
-out:
-	while (i)
-		os_free(paths[--i]);
-	os_free(paths);
-	return success;
-}
-
-
-/**
- * wpas_dbus_getter_persistent_group_properties - Get options for a persistent
- *	group
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Properties" property of a persistent group.
- */
-dbus_bool_t wpas_dbus_getter_persistent_group_properties(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct network_handler_args *net = user_data;
-
-	/* Leveraging the fact that persistent group object is still
-	 * represented in same manner as network within.
-	 */
-	return wpas_dbus_getter_network_properties(property_desc, iter, error, net);
-}
-
-
-/**
- * wpas_dbus_setter_persistent_group_properties - Set options for a persistent
- *	group
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "Properties" property of a persistent group.
- */
-dbus_bool_t wpas_dbus_setter_persistent_group_properties(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct network_handler_args *net = user_data;
-	struct wpa_ssid *ssid = net->ssid;
-	DBusMessageIter	variant_iter;
-
-	/*
-	 * Leveraging the fact that persistent group object is still
-	 * represented in same manner as network within.
-	 */
-	dbus_message_iter_recurse(iter, &variant_iter);
-	return set_network_properties(net->wpa_s, ssid, &variant_iter, error);
-}
-
-
-/**
- * wpas_dbus_new_iface_add_persistent_group - Add a new configured
- *	persistent_group
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: A dbus message containing the object path of the new
- * persistent group
- *
- * Handler function for "AddPersistentGroup" method call of a P2P Device
- * interface.
- */
-DBusMessage * wpas_dbus_handler_add_persistent_group(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter	iter;
-	struct wpa_ssid *ssid = NULL;
-	char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf;
-	DBusError error;
-
-	dbus_message_iter_init(message, &iter);
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s) {
-		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
-		goto err;
-	}
-
-	if (wpa_s->parent->dbus_new_path)
-		ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: %s: Cannot add new persistent group",
-			   __func__);
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"wpa_supplicant could not add a persistent group on this interface.");
-		goto err;
-	}
-
-	/* Mark the ssid as being a persistent group before the notification */
-	ssid->disabled = 2;
-	ssid->p2p_persistent_group = 1;
-	wpas_notify_persistent_group_added(wpa_s, ssid);
-
-	wpa_config_set_network_defaults(ssid);
-
-	dbus_error_init(&error);
-	if (!set_network_properties(wpa_s, ssid, &iter, &error)) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: %s: Control interface could not set persistent group properties",
-			   __func__);
-		reply = wpas_dbus_reply_new_from_error(
-			message, &error, DBUS_ERROR_INVALID_ARGS,
-			"Failed to set network properties");
-		dbus_error_free(&error);
-		goto err;
-	}
-
-	/* Construct the object path for this network. */
-	os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
-		    "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d",
-		    wpa_s->parent->dbus_new_path, ssid->id);
-
-	reply = dbus_message_new_method_return(message);
-	if (reply == NULL) {
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-	if (!dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH, &path,
-				      DBUS_TYPE_INVALID)) {
-		dbus_message_unref(reply);
-		reply = wpas_dbus_error_no_memory(message);
-		goto err;
-	}
-
-	return reply;
-
-err:
-	if (ssid) {
-		wpas_notify_persistent_group_removed(wpa_s, ssid);
-		wpa_config_remove_network(wpa_s->conf, ssid->id);
-	}
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_remove_persistent_group - Remove a configured persistent
- *	group
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "RemovePersistentGroup" method call of a P2P Device
- * interface.
- */
-DBusMessage * wpas_dbus_handler_remove_persistent_group(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	const char *op;
-	char *iface = NULL, *persistent_group_id;
-	int id;
-	struct wpa_ssid *ssid;
-
-	dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op,
-			      DBUS_TYPE_INVALID);
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s) {
-		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
-		goto out;
-	}
-
-	/*
-	 * Extract the network ID and ensure the network is actually a child of
-	 * this interface.
-	 */
-	iface = wpas_dbus_new_decompose_object_path(
-		op, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
-		&persistent_group_id);
-	if (iface == NULL || persistent_group_id == NULL ||
-	    !wpa_s->parent->dbus_new_path ||
-	    os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	id = strtoul(persistent_group_id, NULL, 10);
-	if (errno == EINVAL) {
-		reply = wpas_dbus_error_invalid_args(message, op);
-		goto out;
-	}
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL) {
-		reply = wpas_dbus_error_persistent_group_unknown(message);
-		goto out;
-	}
-
-	wpas_notify_persistent_group_removed(wpa_s, ssid);
-
-	if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: %s: error occurred when removing persistent group %d",
-			   __func__, id);
-		reply = wpas_dbus_error_unknown_error(
-			message,
-			"error removing the specified persistent group on this interface.");
-		goto out;
-	}
-
-out:
-	os_free(iface);
-	return reply;
-}
-
-
-static void remove_persistent_group(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid)
-{
-	wpas_notify_persistent_group_removed(wpa_s, ssid);
-
-	if (wpa_config_remove_network(wpa_s->conf, ssid->id) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: %s: error occurred when removing persistent group %d",
-			   __func__, ssid->id);
-		return;
-	}
-}
-
-
-/**
- * wpas_dbus_handler_remove_all_persistent_groups - Remove all configured
- * persistent groups
- * @message: Pointer to incoming dbus message
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: NULL on success or dbus error on failure
- *
- * Handler function for "RemoveAllPersistentGroups" method call of a
- * P2P Device interface.
- */
-DBusMessage * wpas_dbus_handler_remove_all_persistent_groups(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid, *next;
-	struct wpa_config *config;
-
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	if (!wpa_s)
-		return wpas_dbus_error_no_p2p_mgmt_iface(message);
-
-	config = wpa_s->conf;
-	ssid = config->ssid;
-	while (ssid) {
-		next = ssid->next;
-		if (network_is_persistent_group(ssid))
-			remove_persistent_group(wpa_s, ssid);
-		ssid = next;
-	}
-	return NULL;
-}
-
-
-/*
- * Group object properties accessor methods
- */
-
-dbus_bool_t wpas_dbus_getter_p2p_group_members(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_ssid *ssid;
-	unsigned int num_members;
-	char **paths;
-	unsigned int i;
-	void *next = NULL;
-	const u8 *addr;
-	dbus_bool_t success = FALSE;
-
-	if (!wpa_s->parent->parent->dbus_new_path)
-		return FALSE;
-
-	/* Verify correct role for this property */
-	if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_GO) {
-		return wpas_dbus_simple_array_property_getter(
-			iter, DBUS_TYPE_OBJECT_PATH, NULL, 0, error);
-	}
-
-	ssid = wpa_s->conf->ssid;
-	/* At present WPAS P2P_GO mode only applicable for p2p_go */
-	if (ssid->mode != WPAS_MODE_P2P_GO &&
-	    ssid->mode != WPAS_MODE_AP &&
-	    ssid->mode != WPAS_MODE_P2P_GROUP_FORMATION)
-		return FALSE;
-
-	num_members = p2p_get_group_num_members(wpa_s->p2p_group);
-
-	paths = os_calloc(num_members, sizeof(char *));
-	if (!paths)
-		goto out_of_memory;
-
-	i = 0;
-	while ((addr = p2p_iterate_group_members(wpa_s->p2p_group, &next))) {
-		paths[i] = os_zalloc(WPAS_DBUS_OBJECT_PATH_MAX);
-		if (!paths[i])
-			goto out_of_memory;
-		os_snprintf(paths[i], WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART
-			    "/" COMPACT_MACSTR,
-			    wpa_s->parent->parent->dbus_new_path,
-			    MAC2STR(addr));
-		i++;
-	}
-
-	success = wpas_dbus_simple_array_property_getter(iter,
-							 DBUS_TYPE_OBJECT_PATH,
-							 paths, num_members,
-							 error);
-
-	for (i = 0; i < num_members; i++)
-		os_free(paths[i]);
-	os_free(paths);
-	return success;
-
-out_of_memory:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	if (paths) {
-		for (i = 0; i < num_members; i++)
-			os_free(paths[i]);
-		os_free(paths);
-	}
-	return FALSE;
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group_ssid(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	if (wpa_s->current_ssid == NULL)
-		return FALSE;
-	return wpas_dbus_simple_array_property_getter(
-		iter, DBUS_TYPE_BYTE, wpa_s->current_ssid->ssid,
-		wpa_s->current_ssid->ssid_len, error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group_bssid(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	u8 role = wpas_get_p2p_role(wpa_s);
-	u8 *p_bssid;
-
-	if (role == WPAS_P2P_ROLE_CLIENT) {
-		if (wpa_s->current_ssid == NULL)
-			return FALSE;
-		p_bssid = wpa_s->current_ssid->bssid;
-	} else {
-		if (wpa_s->ap_iface == NULL)
-			return FALSE;
-		p_bssid = wpa_s->ap_iface->bss[0]->own_addr;
-	}
-
-	return wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						      p_bssid, ETH_ALEN,
-						      error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group_frequency(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	u16 op_freq;
-	u8 role = wpas_get_p2p_role(wpa_s);
-
-	if (role == WPAS_P2P_ROLE_CLIENT) {
-		if (wpa_s->go_params == NULL)
-			return FALSE;
-		op_freq = wpa_s->go_params->freq;
-	} else {
-		if (wpa_s->ap_iface == NULL)
-			return FALSE;
-		op_freq = wpa_s->ap_iface->freq;
-	}
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT16,
-						&op_freq, error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group_passphrase(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid == NULL)
-		return FALSE;
-
-	return wpas_dbus_string_property_getter(iter, ssid->passphrase, error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group_psk(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	u8 *p_psk = NULL;
-	u8 psk_len = 0;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid == NULL)
-		return FALSE;
-
-	if (ssid->psk_set) {
-		p_psk = ssid->psk;
-		psk_len = sizeof(ssid->psk);
-	}
-
-	return wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						      p_psk, psk_len, error);
-}
-
-
-dbus_bool_t wpas_dbus_getter_p2p_group_vendor_ext(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	struct hostapd_data *hapd;
-	struct wpabuf *vendor_ext[MAX_WPS_VENDOR_EXTENSIONS];
-	unsigned int i, num_vendor_ext = 0;
-
-	os_memset(vendor_ext, 0, sizeof(vendor_ext));
-
-	/* Verify correct role for this property */
-	if (wpas_get_p2p_role(wpa_s) == WPAS_P2P_ROLE_GO) {
-		if (wpa_s->ap_iface == NULL)
-			return FALSE;
-		hapd = wpa_s->ap_iface->bss[0];
-
-		/* Parse WPS Vendor Extensions sent in Beacon/Probe Response */
-		for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
-			if (hapd->conf->wps_vendor_ext[i] == NULL)
-				continue;
-			vendor_ext[num_vendor_ext++] =
-				hapd->conf->wps_vendor_ext[i];
-		}
-	}
-
-	/* Return vendor extensions or no data */
-	return wpas_dbus_simple_array_array_property_getter(iter,
-							    DBUS_TYPE_BYTE,
-							    vendor_ext,
-							    num_vendor_ext,
-							    error);
-}
-
-
-dbus_bool_t wpas_dbus_setter_p2p_group_vendor_ext(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	DBusMessageIter variant_iter, iter_dict, array_iter, sub;
-	struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
-	unsigned int i;
-	struct hostapd_data *hapd = NULL;
-
-	if (wpas_get_p2p_role(wpa_s) == WPAS_P2P_ROLE_GO &&
-	    wpa_s->ap_iface != NULL)
-		hapd = wpa_s->ap_iface->bss[0];
-	else
-		return FALSE;
-
-	dbus_message_iter_recurse(iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != DBUS_TYPE_ARRAY)
-		return FALSE;
-
-	/*
-	 * This is supposed to be array of bytearrays (aay), but the earlier
-	 * implementation used a dict with "WPSVendorExtensions" as the key in
-	 * this setter function which does not match the format used by the
-	 * getter function. For backwards compatibility, allow both formats to
-	 * be used in the setter.
-	 */
-	if (dbus_message_iter_get_element_type(&variant_iter) ==
-	    DBUS_TYPE_ARRAY) {
-		/* This is the proper format matching the getter */
-		struct wpabuf *vals[MAX_WPS_VENDOR_EXTENSIONS];
-
-		dbus_message_iter_recurse(&variant_iter, &array_iter);
-
-		if (dbus_message_iter_get_arg_type(&array_iter) !=
-		    DBUS_TYPE_ARRAY ||
-		    dbus_message_iter_get_element_type(&array_iter) !=
-		    DBUS_TYPE_BYTE) {
-			wpa_printf(MSG_DEBUG,
-				   "dbus: Not an array of array of bytes");
-			return FALSE;
-		}
-
-		i = 0;
-		os_memset(vals, 0, sizeof(vals));
-
-		while (dbus_message_iter_get_arg_type(&array_iter) ==
-		       DBUS_TYPE_ARRAY) {
-			char *val;
-			int len;
-
-			if (i == MAX_WPS_VENDOR_EXTENSIONS) {
-				wpa_printf(MSG_DEBUG,
-					   "dbus: Too many WPSVendorExtensions values");
-				i = MAX_WPS_VENDOR_EXTENSIONS + 1;
-				break;
-			}
-
-			dbus_message_iter_recurse(&array_iter, &sub);
-			dbus_message_iter_get_fixed_array(&sub, &val, &len);
-			wpa_hexdump(MSG_DEBUG, "dbus: WPSVendorExtentions[]",
-				    val, len);
-			vals[i] = wpabuf_alloc_copy(val, len);
-			if (vals[i] == NULL) {
-				i = MAX_WPS_VENDOR_EXTENSIONS + 1;
-				break;
-			}
-			i++;
-			dbus_message_iter_next(&array_iter);
-		}
-
-		if (i > MAX_WPS_VENDOR_EXTENSIONS) {
-			for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
-				wpabuf_free(vals[i]);
-			return FALSE;
-		}
-
-		for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
-			wpabuf_free(hapd->conf->wps_vendor_ext[i]);
-			hapd->conf->wps_vendor_ext[i] = vals[i];
-		}
-
-		hostapd_update_wps(hapd);
-
-		return TRUE;
-	}
-
-	if (dbus_message_iter_get_element_type(&variant_iter) !=
-	    DBUS_TYPE_DICT_ENTRY)
-		return FALSE;
-
-	wpa_printf(MSG_DEBUG,
-		   "dbus: Try to use backwards compatibility version of WPSVendorExtensions setter");
-	if (!wpa_dbus_dict_open_read(&variant_iter, &iter_dict, error))
-		return FALSE;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) {
-			dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-					     "invalid message format");
-			return FALSE;
-		}
-
-		if (os_strcmp(entry.key, "WPSVendorExtensions") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != WPAS_DBUS_TYPE_BINARRAY ||
-			    entry.array_len > MAX_WPS_VENDOR_EXTENSIONS)
-				goto error;
-
-			for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
-				wpabuf_free(hapd->conf->wps_vendor_ext[i]);
-				if (i < entry.array_len) {
-					hapd->conf->wps_vendor_ext[i] =
-						entry.binarray_value[i];
-					entry.binarray_value[i] = NULL;
-				} else
-					hapd->conf->wps_vendor_ext[i] = NULL;
-			}
-
-			hostapd_update_wps(hapd);
-		} else
-			goto error;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	return TRUE;
-
-error:
-	wpa_dbus_dict_entry_clear(&entry);
-	dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-			     "invalid message format");
-	return FALSE;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_add_service(DBusMessage *message,
-						struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	int upnp = 0;
-	int bonjour = 0;
-	char *service = NULL;
-	struct wpabuf *query = NULL;
-	struct wpabuf *resp = NULL;
-	u8 version = 0;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		if (os_strcmp(entry.key, "service_type") == 0 &&
-		    entry.type == DBUS_TYPE_STRING) {
-			if (os_strcmp(entry.str_value, "upnp") == 0)
-				upnp = 1;
-			else if (os_strcmp(entry.str_value, "bonjour") == 0)
-				bonjour = 1;
-			else
-				goto error_clear;
-		} else if (os_strcmp(entry.key, "version") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			version = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "service") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			os_free(service);
-			service = os_strdup(entry.str_value);
-		} else if (os_strcmp(entry.key, "query") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != DBUS_TYPE_BYTE)
-				goto error_clear;
-			query = wpabuf_alloc_copy(
-				entry.bytearray_value,
-				entry.array_len);
-		} else if (os_strcmp(entry.key, "response") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != DBUS_TYPE_BYTE)
-				goto error_clear;
-			resp = wpabuf_alloc_copy(entry.bytearray_value,
-						 entry.array_len);
-		}
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	if (upnp == 1) {
-		if (version <= 0 || service == NULL)
-			goto error;
-
-		if (wpas_p2p_service_add_upnp(wpa_s, version, service) != 0)
-			goto error;
-
-	} else if (bonjour == 1) {
-		if (query == NULL || resp == NULL)
-			goto error;
-
-		if (wpas_p2p_service_add_bonjour(wpa_s, query, resp) < 0)
-			goto error;
-		query = NULL;
-		resp = NULL;
-	} else
-		goto error;
-
-	os_free(service);
-	return reply;
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	os_free(service);
-	wpabuf_free(query);
-	wpabuf_free(resp);
-	return wpas_dbus_error_invalid_args(message, NULL);
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_delete_service(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	int upnp = 0;
-	int bonjour = 0;
-	int ret = 0;
-	char *service = NULL;
-	struct wpabuf *query = NULL;
-	u8 version = 0;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		if (os_strcmp(entry.key, "service_type") == 0 &&
-		    entry.type == DBUS_TYPE_STRING) {
-			if (os_strcmp(entry.str_value, "upnp") == 0)
-				upnp = 1;
-			else if (os_strcmp(entry.str_value, "bonjour") == 0)
-				bonjour = 1;
-			else
-				goto error_clear;
-		} else if (os_strcmp(entry.key, "version") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			version = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "service") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			os_free(service);
-			service = os_strdup(entry.str_value);
-		} else if (os_strcmp(entry.key, "query") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != DBUS_TYPE_BYTE)
-				goto error_clear;
-			wpabuf_free(query);
-			query = wpabuf_alloc_copy(entry.bytearray_value,
-						  entry.array_len);
-		} else {
-			goto error_clear;
-		}
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-	if (upnp == 1) {
-		if (version <= 0 || service == NULL)
-			goto error;
-
-		ret = wpas_p2p_service_del_upnp(wpa_s, version, service);
-		if (ret != 0)
-			goto error;
-	} else if (bonjour == 1) {
-		if (query == NULL)
-			goto error;
-
-		ret = wpas_p2p_service_del_bonjour(wpa_s, query);
-		if (ret != 0)
-			goto error;
-	} else
-		goto error;
-
-	wpabuf_free(query);
-	os_free(service);
-	return reply;
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	wpabuf_free(query);
-	os_free(service);
-	return wpas_dbus_error_invalid_args(message, NULL);
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_flush_service(DBusMessage *message,
-						  struct wpa_supplicant *wpa_s)
-{
-	wpas_p2p_service_flush(wpa_s);
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_service_sd_req(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	int upnp = 0;
-	char *service = NULL;
-	char *peer_object_path = NULL;
-	struct wpabuf *tlv = NULL;
-	u8 version = 0;
-	u64 ref = 0;
-	u8 addr_buf[ETH_ALEN], *addr;
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-		if (os_strcmp(entry.key, "peer_object") == 0 &&
-		    entry.type == DBUS_TYPE_OBJECT_PATH) {
-			peer_object_path = os_strdup(entry.str_value);
-		} else if (os_strcmp(entry.key, "service_type") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			if (os_strcmp(entry.str_value, "upnp") == 0)
-				upnp = 1;
-			else
-				goto error_clear;
-		} else if (os_strcmp(entry.key, "version") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			version = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "service") == 0 &&
-			   entry.type == DBUS_TYPE_STRING) {
-			service = os_strdup(entry.str_value);
-		} else if (os_strcmp(entry.key, "tlv") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != DBUS_TYPE_BYTE)
-				goto error_clear;
-			tlv = wpabuf_alloc_copy(entry.bytearray_value,
-						entry.array_len);
-		} else
-			goto error_clear;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-
-	if (!peer_object_path) {
-		addr = NULL;
-	} else {
-		if (parse_peer_object_path(peer_object_path, addr_buf) < 0 ||
-		    !p2p_peer_known(wpa_s->global->p2p, addr_buf))
-			goto error;
-
-		addr = addr_buf;
-	}
-
-	if (upnp == 1) {
-		if (version <= 0 || service == NULL)
-			goto error;
-
-		ref = wpas_p2p_sd_request_upnp(wpa_s, addr, version, service);
-	} else {
-		if (tlv == NULL)
-			goto error;
-		ref = wpas_p2p_sd_request(wpa_s, addr, tlv);
-		wpabuf_free(tlv);
-	}
-
-	if (ref != 0) {
-		reply = dbus_message_new_method_return(message);
-		dbus_message_append_args(reply, DBUS_TYPE_UINT64,
-					 &ref, DBUS_TYPE_INVALID);
-	} else {
-		reply = wpas_dbus_error_unknown_error(
-			message, "Unable to send SD request");
-	}
-out:
-	os_free(service);
-	os_free(peer_object_path);
-	return reply;
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	if (tlv)
-		wpabuf_free(tlv);
-	reply = wpas_dbus_error_invalid_args(message, NULL);
-	goto out;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_service_sd_res(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter_dict;
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter;
-	struct wpa_dbus_dict_entry entry;
-	char *peer_object_path = NULL;
-	struct wpabuf *tlv = NULL;
-	int freq = 0;
-	int dlg_tok = 0;
-	u8 addr[ETH_ALEN];
-
-	dbus_message_iter_init(message, &iter);
-
-	if (!wpa_dbus_dict_open_read(&iter, &iter_dict, NULL))
-		goto error;
-
-	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
-		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry))
-			goto error;
-
-		if (os_strcmp(entry.key, "peer_object") == 0 &&
-		    entry.type == DBUS_TYPE_OBJECT_PATH) {
-			peer_object_path = os_strdup(entry.str_value);
-		} else if (os_strcmp(entry.key, "frequency") == 0 &&
-			   entry.type == DBUS_TYPE_INT32) {
-			freq = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "dialog_token") == 0 &&
-			   (entry.type == DBUS_TYPE_UINT32 ||
-			    entry.type == DBUS_TYPE_INT32)) {
-			dlg_tok = entry.uint32_value;
-		} else if (os_strcmp(entry.key, "tlvs") == 0) {
-			if (entry.type != DBUS_TYPE_ARRAY ||
-			    entry.array_type != DBUS_TYPE_BYTE)
-				goto error_clear;
-			tlv = wpabuf_alloc_copy(entry.bytearray_value,
-						entry.array_len);
-		} else
-			goto error_clear;
-
-		wpa_dbus_dict_entry_clear(&entry);
-	}
-	if (parse_peer_object_path(peer_object_path, addr) < 0 ||
-	    !p2p_peer_known(wpa_s->global->p2p, addr) ||
-	    tlv == NULL)
-		goto error;
-
-	wpas_p2p_sd_response(wpa_s, freq, addr, (u8) dlg_tok, tlv);
-	wpabuf_free(tlv);
-out:
-	os_free(peer_object_path);
-	return reply;
-error_clear:
-	wpa_dbus_dict_entry_clear(&entry);
-error:
-	reply = wpas_dbus_error_invalid_args(message, NULL);
-	goto out;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_service_sd_cancel_req(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter;
-	u64 req = 0;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &req);
-
-	if (req == 0)
-		goto error;
-
-	if (wpas_p2p_sd_cancel_request(wpa_s, req) < 0)
-		goto error;
-
-	return NULL;
-error:
-	return wpas_dbus_error_invalid_args(message, NULL);
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_service_update(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	wpas_p2p_sd_service_update(wpa_s);
-	return NULL;
-}
-
-
-DBusMessage * wpas_dbus_handler_p2p_serv_disc_external(
-	DBusMessage *message, struct wpa_supplicant *wpa_s)
-{
-	DBusMessageIter iter;
-	int ext = 0;
-
-	dbus_message_iter_init(message, &iter);
-	dbus_message_iter_get_basic(&iter, &ext);
-
-	wpa_s->p2p_sd_over_ctrl_iface = ext;
-
-	return NULL;
-
-}
-
-
-#ifdef CONFIG_WIFI_DISPLAY
-
-dbus_bool_t wpas_dbus_getter_global_wfd_ies(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_global *global = user_data;
-	struct wpabuf *ie;
-	dbus_bool_t ret;
-
-	ie = wifi_display_get_wfd_ie(global);
-	if (ie == NULL)
-		return wpas_dbus_simple_array_property_getter(iter,
-							      DBUS_TYPE_BYTE,
-							      NULL, 0, error);
-
-	ret = wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						     wpabuf_head(ie),
-						     wpabuf_len(ie), error);
-	wpabuf_free(ie);
-
-	return ret;
-}
-
-
-dbus_bool_t wpas_dbus_setter_global_wfd_ies(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_global *global = user_data;
-	DBusMessageIter variant, array;
-	struct wpabuf *ie = NULL;
-	const u8 *data;
-	int len;
-
-	if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_VARIANT)
-		goto err;
-
-	dbus_message_iter_recurse(iter, &variant);
-	if (dbus_message_iter_get_arg_type(&variant) != DBUS_TYPE_ARRAY)
-		goto err;
-
-	dbus_message_iter_recurse(&variant, &array);
-	dbus_message_iter_get_fixed_array(&array, &data, &len);
-	if (len == 0) {
-		wifi_display_enable(global, 0);
-		wifi_display_deinit(global);
-
-		return TRUE;
-	}
-
-	ie = wpabuf_alloc(len);
-	if (ie == NULL)
-		goto err;
-
-	wpabuf_put_data(ie, data, len);
-	if (wifi_display_subelem_set_from_ies(global, ie) != 0)
-		goto err;
-
-	if (global->wifi_display == 0)
-		wifi_display_enable(global, 1);
-
-	wpabuf_free(ie);
-
-	return TRUE;
-err:
-	wpabuf_free(ie);
-
-	dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS,
-			     "invalid message format");
-	return FALSE;
-}
-
-#endif /* CONFIG_WIFI_DISPLAY */
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.h b/wpa_supplicant/dbus/dbus_new_handlers_p2p.h
deleted file mode 100644
index b3c45c11012c..000000000000
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface for p2p
- * Copyright (c) 2011-2012, Intel Corporation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DBUS_NEW_HANDLERS_P2P_H
-#define DBUS_NEW_HANDLERS_P2P_H
-
-struct peer_handler_args {
-	struct wpa_supplicant *wpa_s;
-	u8 p2p_device_addr[ETH_ALEN];
-};
-
-/*
- * P2P Device methods
- */
-
-DBusMessage *wpas_dbus_handler_p2p_find(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_stop_find(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_rejectpeer(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_listen(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_extendedlisten(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_presence_request(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_prov_disc_req(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_group_add(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_connect(
-		DBusMessage *message,
-		struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_p2p_cancel(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_invite(
-		DBusMessage *message,
-		struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_disconnect(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_p2p_remove_client(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_flush(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_add_service(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_delete_service(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_flush_service(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_service_sd_req(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_service_sd_res(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_service_sd_cancel_req(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_service_update(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage *wpas_dbus_handler_p2p_serv_disc_external(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-/*
- * P2P Device property accessor methods.
- */
-DECLARE_ACCESSOR(wpas_dbus_setter_p2p_device_config);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_device_config);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peers);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_role);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peergo);
-
-/*
- * P2P Peer properties.
- */
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_device_name);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_manufacturer);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_modelname);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_modelnumber);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_serialnumber);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_primary_device_type);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_config_method);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_level);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_device_capability);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_group_capability);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_secondary_device_types);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_vendor_extension);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_ies);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_device_address);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_groups);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_peer_vsie);
-
-/*
- * P2P Group properties
- */
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_members);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_ssid);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_bssid);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_frequency);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_passphrase);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_psk);
-DECLARE_ACCESSOR(wpas_dbus_getter_p2p_group_vendor_ext);
-DECLARE_ACCESSOR(wpas_dbus_setter_p2p_group_vendor_ext);
-
-/*
- * P2P Persistent Groups and properties
- */
-DECLARE_ACCESSOR(wpas_dbus_getter_persistent_groups);
-DECLARE_ACCESSOR(wpas_dbus_getter_persistent_group_properties);
-DECLARE_ACCESSOR(wpas_dbus_setter_persistent_group_properties);
-
-DBusMessage * wpas_dbus_handler_add_persistent_group(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_persistent_group(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-DBusMessage * wpas_dbus_handler_remove_all_persistent_groups(
-	DBusMessage *message, struct wpa_supplicant *wpa_s);
-
-#ifdef CONFIG_WIFI_DISPLAY
-DECLARE_ACCESSOR(wpas_dbus_getter_global_wfd_ies);
-DECLARE_ACCESSOR(wpas_dbus_setter_global_wfd_ies);
-#endif /* CONFIG_WIFI_DISPLAY */
-
-#endif /* DBUS_NEW_HANDLERS_P2P_H */
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_wps.c b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
deleted file mode 100644
index 1594dafc7bb5..000000000000
--- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c
+++ /dev/null
@@ -1,804 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface (WPS)
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "../config.h"
-#include "../wpa_supplicant_i.h"
-#include "../wps_supplicant.h"
-#include "../driver_i.h"
-#include "../ap.h"
-#include "dbus_new_helpers.h"
-#include "dbus_new.h"
-#include "dbus_new_handlers.h"
-#include "dbus_dict_helpers.h"
-
-
-struct wps_start_params {
-	int role; /* 0 - not set, 1 - enrollee, 2 - registrar */
-	int type; /* 0 - not set, 1 - pin,      2 - pbc       */
-	u8 *bssid;
-	char *pin;
-	u8 *p2p_dev_addr;
-};
-
-
-static int wpas_dbus_handler_wps_role(DBusMessage *message,
-				      DBusMessageIter *entry_iter,
-				      struct wps_start_params *params,
-				      DBusMessage **reply)
-{
-	DBusMessageIter variant_iter;
-	char *val;
-
-	dbus_message_iter_recurse(entry_iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) !=
-	    DBUS_TYPE_STRING) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start - Wrong Role type, string required");
-		*reply = wpas_dbus_error_invalid_args(message,
-						      "Role must be a string");
-		return -1;
-	}
-	dbus_message_iter_get_basic(&variant_iter, &val);
-	if (os_strcmp(val, "enrollee") == 0)
-		params->role = 1;
-	else if (os_strcmp(val, "registrar") == 0)
-		params->role = 2;
-	else {
-		wpa_printf(MSG_DEBUG, "dbus: WPS.Start - Unknown role %s", val);
-		*reply = wpas_dbus_error_invalid_args(message, val);
-		return -1;
-	}
-	return 0;
-}
-
-
-static int wpas_dbus_handler_wps_type(DBusMessage *message,
-				      DBusMessageIter *entry_iter,
-				      struct wps_start_params *params,
-				      DBusMessage **reply)
-{
-	DBusMessageIter variant_iter;
-	char *val;
-
-	dbus_message_iter_recurse(entry_iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != DBUS_TYPE_STRING) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start - Wrong Type type, string required");
-		*reply = wpas_dbus_error_invalid_args(message,
-						      "Type must be a string");
-		return -1;
-	}
-	dbus_message_iter_get_basic(&variant_iter, &val);
-	if (os_strcmp(val, "pin") == 0)
-		params->type = 1;
-	else if (os_strcmp(val, "pbc") == 0)
-		params->type = 2;
-	else {
-		wpa_printf(MSG_DEBUG, "dbus: WPS.Start - Unknown type %s",
-			   val);
-		*reply = wpas_dbus_error_invalid_args(message, val);
-		return -1;
-	}
-	return 0;
-}
-
-
-static int wpas_dbus_handler_wps_bssid(DBusMessage *message,
-				       DBusMessageIter *entry_iter,
-				       struct wps_start_params *params,
-				       DBusMessage **reply)
-{
-	DBusMessageIter variant_iter, array_iter;
-	int len;
-
-	dbus_message_iter_recurse(entry_iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != DBUS_TYPE_ARRAY ||
-	    dbus_message_iter_get_element_type(&variant_iter) !=
-	    DBUS_TYPE_BYTE) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start - Wrong Bssid type, byte array required");
-		*reply = wpas_dbus_error_invalid_args(
-			message, "Bssid must be a byte array");
-		return -1;
-	}
-	dbus_message_iter_recurse(&variant_iter, &array_iter);
-	dbus_message_iter_get_fixed_array(&array_iter, &params->bssid, &len);
-	if (len != ETH_ALEN) {
-		wpa_printf(MSG_DEBUG, "dbus: WPS.Start - Wrong Bssid length %d",
-			   len);
-		*reply = wpas_dbus_error_invalid_args(message,
-						      "Bssid is wrong length");
-		return -1;
-	}
-	return 0;
-}
-
-
-static int wpas_dbus_handler_wps_pin(DBusMessage *message,
-				     DBusMessageIter *entry_iter,
-				     struct wps_start_params *params,
-				     DBusMessage **reply)
-{
-	DBusMessageIter variant_iter;
-
-	dbus_message_iter_recurse(entry_iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != DBUS_TYPE_STRING) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start - Wrong Pin type, string required");
-		*reply = wpas_dbus_error_invalid_args(message,
-						      "Pin must be a string");
-		return -1;
-	}
-	dbus_message_iter_get_basic(&variant_iter, &params->pin);
-	return 0;
-}
-
-
-#ifdef CONFIG_P2P
-static int wpas_dbus_handler_wps_p2p_dev_addr(DBusMessage *message,
-					      DBusMessageIter *entry_iter,
-					      struct wps_start_params *params,
-					      DBusMessage **reply)
-{
-	DBusMessageIter variant_iter, array_iter;
-	int len;
-
-	dbus_message_iter_recurse(entry_iter, &variant_iter);
-	if (dbus_message_iter_get_arg_type(&variant_iter) != DBUS_TYPE_ARRAY ||
-	    dbus_message_iter_get_element_type(&variant_iter) !=
-	    DBUS_TYPE_BYTE) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start - Wrong P2PDeviceAddress type, byte array required");
-		*reply = wpas_dbus_error_invalid_args(
-			message, "P2PDeviceAddress must be a byte array");
-		return -1;
-	}
-	dbus_message_iter_recurse(&variant_iter, &array_iter);
-	dbus_message_iter_get_fixed_array(&array_iter, &params->p2p_dev_addr,
-					  &len);
-	if (len != ETH_ALEN) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start - Wrong P2PDeviceAddress length %d",
-			   len);
-		*reply = wpas_dbus_error_invalid_args(
-			message, "P2PDeviceAddress has wrong length");
-		return -1;
-	}
-	return 0;
-}
-#endif /* CONFIG_P2P */
-
-
-static int wpas_dbus_handler_wps_start_entry(DBusMessage *message, char *key,
-					     DBusMessageIter *entry_iter,
-					     struct wps_start_params *params,
-					     DBusMessage **reply)
-{
-	if (os_strcmp(key, "Role") == 0)
-		return wpas_dbus_handler_wps_role(message, entry_iter,
-						  params, reply);
-	else if (os_strcmp(key, "Type") == 0)
-		return wpas_dbus_handler_wps_type(message, entry_iter,
-						  params, reply);
-	else if (os_strcmp(key, "Bssid") == 0)
-		return wpas_dbus_handler_wps_bssid(message, entry_iter,
-						   params, reply);
-	else if (os_strcmp(key, "Pin") == 0)
-		return wpas_dbus_handler_wps_pin(message, entry_iter,
-						 params, reply);
-#ifdef CONFIG_P2P
-	else if (os_strcmp(key, "P2PDeviceAddress") == 0)
-		return wpas_dbus_handler_wps_p2p_dev_addr(message, entry_iter,
-							  params, reply);
-#endif /* CONFIG_P2P */
-
-	wpa_printf(MSG_DEBUG, "dbus: WPS.Start - unknown key %s", key);
-	*reply = wpas_dbus_error_invalid_args(message, key);
-	return -1;
-}
-
-
-/**
- * wpas_dbus_handler_wps_start - Start WPS configuration
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: DBus message dictionary on success or DBus error on failure
- *
- * Handler for "Start" method call. DBus dictionary argument contains
- * information about role (enrollee or registrar), authorization method
- * (pin or push button) and optionally pin and bssid. Returned message
- * has a dictionary argument which may contain newly generated pin (optional).
- */
-DBusMessage * wpas_dbus_handler_wps_start(DBusMessage *message,
-					  struct wpa_supplicant *wpa_s)
-{
-	DBusMessage *reply = NULL;
-	DBusMessageIter iter, dict_iter, entry_iter;
-	struct wps_start_params params;
-	char *key;
-	char npin[9] = { '\0' };
-	int ret;
-
-	os_memset(&params, 0, sizeof(params));
-	dbus_message_iter_init(message, &iter);
-
-	dbus_message_iter_recurse(&iter, &dict_iter);
-	while (dbus_message_iter_get_arg_type(&dict_iter) ==
-	       DBUS_TYPE_DICT_ENTRY) {
-		dbus_message_iter_recurse(&dict_iter, &entry_iter);
-
-		dbus_message_iter_get_basic(&entry_iter, &key);
-		dbus_message_iter_next(&entry_iter);
-
-		if (wpas_dbus_handler_wps_start_entry(message, key,
-						      &entry_iter,
-						      &params, &reply))
-			return reply;
-
-		dbus_message_iter_next(&dict_iter);
-	}
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface && params.type == 1) {
-		if (params.pin == NULL) {
-			wpa_printf(MSG_DEBUG,
-				   "dbus: WPS.Start - Pin required for registrar role");
-			return wpas_dbus_error_invalid_args(
-				message, "Pin required for registrar role.");
-		}
-		ret = wpa_supplicant_ap_wps_pin(wpa_s,
-						params.bssid,
-						params.pin,
-						npin, sizeof(npin), 0);
-	} else if (wpa_s->ap_iface) {
-		ret = wpa_supplicant_ap_wps_pbc(wpa_s,
-						params.bssid,
-						params.p2p_dev_addr);
-	} else
-#endif /* CONFIG_AP */
-	if (params.role == 0) {
-		wpa_printf(MSG_DEBUG, "dbus: WPS.Start - Role not specified");
-		return wpas_dbus_error_invalid_args(message,
-						    "Role not specified");
-	} else if (params.role == 2) {
-		if (params.pin == NULL) {
-			wpa_printf(MSG_DEBUG,
-				   "dbus: WPS.Start - Pin required for registrar role");
-			return wpas_dbus_error_invalid_args(
-				message, "Pin required for registrar role.");
-		}
-		ret = wpas_wps_start_reg(wpa_s, params.bssid, params.pin,
-					 NULL);
-	} else if (params.type == 0) {
-		wpa_printf(MSG_DEBUG, "dbus: WPS.Start - Type not specified");
-		return wpas_dbus_error_invalid_args(message,
-						    "Type not specified");
-	} else if (params.type == 1) {
-		ret = wpas_wps_start_pin(wpa_s, params.bssid,
-					 params.pin, 0,
-					 DEV_PW_DEFAULT);
-		if (ret > 0) {
-			ret = os_snprintf(npin, sizeof(npin), "%08d", ret);
-			if (os_snprintf_error(sizeof(npin), ret))
-				return wpas_dbus_error_unknown_error(
-					message, "invalid PIN");
-		}
-	} else {
-		ret = wpas_wps_start_pbc(wpa_s, params.bssid, 0, 0);
-	}
-
-	if (ret < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "dbus: WPS.Start wpas_wps_failed in role %s and key %s",
-			   (params.role == 1 ? "enrollee" : "registrar"),
-			   (params.type == 0 ? "" :
-			    (params.type == 1 ? "pin" : "pbc")));
-		return wpas_dbus_error_unknown_error(message,
-						     "WPS start failed");
-	}
-
-	reply = dbus_message_new_method_return(message);
-	if (!reply)
-		return wpas_dbus_error_no_memory(message);
-
-	dbus_message_iter_init_append(reply, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
-	    (os_strlen(npin) > 0 &&
-	     !wpa_dbus_dict_append_string(&dict_iter, "Pin", npin)) ||
-	    !wpa_dbus_dict_close_write(&iter, &dict_iter)) {
-		dbus_message_unref(reply);
-		return wpas_dbus_error_no_memory(message);
-	}
-
-	return reply;
-}
-
-
-/**
- * wpas_dbus_handler_wps_cancel - Cancel ongoing WPS configuration
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: NULL on success or DBus error on failure
- *
- * Handler for "Cancel" method call. Returns NULL if WPS cancel successful
- * or DBus error on WPS cancel failure
- */
-DBusMessage * wpas_dbus_handler_wps_cancel(DBusMessage *message,
-					   struct wpa_supplicant *wpa_s)
-{
-	if (wpas_wps_cancel(wpa_s))
-		return wpas_dbus_error_unknown_error(message,
-						     "WPS cancel failed");
-
-	return NULL;
-}
-
-
-/**
- * wpas_dbus_getter_process_credentials - Check if credentials are processed
- * @message: Pointer to incoming dbus message
- * @wpa_s: %wpa_supplicant data structure
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "ProcessCredentials" property. Returns returned boolean will be
- * true if wps_cred_processing configuration field is not equal to 1 or false
- * if otherwise.
- */
-dbus_bool_t wpas_dbus_getter_process_credentials(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_bool_t process = wpa_s->conf->wps_cred_processing != 1;
-
-	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
-						&process, error);
-}
-
-
-/**
- * wpas_dbus_setter_process_credentials - Set credentials_processed conf param
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "ProcessCredentials" property. Sets credentials_processed on 2
- * if boolean argument is true or on 1 if otherwise.
- */
-dbus_bool_t wpas_dbus_setter_process_credentials(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	dbus_bool_t process_credentials, old_pc;
-
-	if (!wpa_s->dbus_new_path)
-		return FALSE;
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
-					      &process_credentials))
-		return FALSE;
-
-	old_pc = wpa_s->conf->wps_cred_processing != 1;
-	wpa_s->conf->wps_cred_processing = (process_credentials ? 2 : 1);
-
-	if ((wpa_s->conf->wps_cred_processing != 1) != old_pc)
-		wpa_dbus_mark_property_changed(wpa_s->global->dbus,
-					       wpa_s->dbus_new_path,
-					       WPAS_DBUS_NEW_IFACE_WPS,
-					       "ProcessCredentials");
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_config_methods - Get current WPS configuration methods
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "ConfigMethods" property. Returned boolean will be true if
- * providing the relevant string worked, or false otherwise.
- */
-dbus_bool_t wpas_dbus_getter_config_methods(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter,
-						wpa_s->conf->config_methods,
-						error);
-}
-
-
-/**
- * wpas_dbus_setter_config_methods - Set WPS configuration methods
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "ConfigMethods" property. Sets the methods string, apply such
- * change and returns true on success. Returns false otherwise.
- */
-dbus_bool_t wpas_dbus_setter_config_methods(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *methods, *new_methods;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &methods))
-		return FALSE;
-
-	new_methods = os_strdup(methods);
-	if (!new_methods)
-		return FALSE;
-
-	os_free(wpa_s->conf->config_methods);
-	wpa_s->conf->config_methods = new_methods;
-
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_CONFIG_METHODS;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_wps_device_name - Get current WPS device name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "DeviceName" property.
- */
-dbus_bool_t wpas_dbus_getter_wps_device_name(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->conf->device_name,
-						error);
-}
-
-
-/**
- * wpas_dbus_setter_wps_device_name - Set current WPS device name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "DeviceName" property.
- */
-dbus_bool_t wpas_dbus_setter_wps_device_name(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *methods, *devname;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &methods))
-		return FALSE;
-
-	if (os_strlen(methods) > WPS_DEV_NAME_MAX_LEN)
-		return FALSE;
-
-	devname = os_strdup(methods);
-	if (!devname)
-		return FALSE;
-
-	os_free(wpa_s->conf->device_name);
-	wpa_s->conf->device_name = devname;
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_DEVICE_NAME;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_wps_manufacturer - Get current manufacturer name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "Manufacturer" property.
- */
-dbus_bool_t wpas_dbus_getter_wps_manufacturer(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->conf->manufacturer,
-						error);
-}
-
-
-/**
- * wpas_dbus_setter_wps_manufacturer - Set current manufacturer name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "Manufacturer" property.
- */
-dbus_bool_t wpas_dbus_setter_wps_manufacturer(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *methods, *manufacturer;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &methods))
-		return FALSE;
-
-	if (os_strlen(methods) > WPS_MANUFACTURER_MAX_LEN)
-		return FALSE;
-
-	manufacturer = os_strdup(methods);
-	if (!manufacturer)
-		return FALSE;
-
-	os_free(wpa_s->conf->manufacturer);
-	wpa_s->conf->manufacturer = manufacturer;
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_WPS_STRING;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_wps_device_model_name - Get current device model name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "ModelName" property.
- */
-dbus_bool_t wpas_dbus_getter_wps_device_model_name(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->conf->model_name,
-						error);
-}
-
-
-/**
- * wpas_dbus_setter_wps_device_model_name - Set current device model name
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "ModelName" property.
- */
-dbus_bool_t wpas_dbus_setter_wps_device_model_name(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *methods, *model_name;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &methods))
-		return FALSE;
-
-	if (os_strlen(methods) > WPS_MODEL_NAME_MAX_LEN)
-		return FALSE;
-
-	model_name = os_strdup(methods);
-	if (!model_name)
-		return FALSE;
-	os_free(wpa_s->conf->model_name);
-	wpa_s->conf->model_name = model_name;
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_WPS_STRING;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_wps_device_model_number - Get current device model number
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "ModelNumber" property.
- */
-dbus_bool_t wpas_dbus_getter_wps_device_model_number(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter, wpa_s->conf->model_number,
-						error);
-}
-
-
-/**
- * wpas_dbus_setter_wps_device_model_number - Set current device model number
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "ModelNumber" property.
- */
-dbus_bool_t wpas_dbus_setter_wps_device_model_number(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *methods, *model_number;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &methods))
-		return FALSE;
-
-	if (os_strlen(methods) > WPS_MODEL_NUMBER_MAX_LEN)
-		return FALSE;
-
-	model_number = os_strdup(methods);
-	if (!model_number)
-		return FALSE;
-
-	os_free(wpa_s->conf->model_number);
-	wpa_s->conf->model_number = model_number;
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_WPS_STRING;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_wps_device_serial_number - Get current device serial number
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "SerialNumber" property.
- */
-dbus_bool_t wpas_dbus_getter_wps_device_serial_number(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	return wpas_dbus_string_property_getter(iter,
-						wpa_s->conf->serial_number,
-						error);
-}
-
-
-/**
- * wpas_dbus_setter_wps_device_serial_number - Set current device serial number
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "SerialNumber" property.
- */
-dbus_bool_t wpas_dbus_setter_wps_device_serial_number(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	char *methods, *serial_number;
-
-	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
-					      &methods))
-		return FALSE;
-
-	if (os_strlen(methods) > WPS_SERIAL_NUMBER_MAX_LEN)
-		return FALSE;
-
-	serial_number = os_strdup(methods);
-	if (!serial_number)
-		return FALSE;
-	os_free(wpa_s->conf->serial_number);
-	wpa_s->conf->serial_number = serial_number;
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_WPS_STRING;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_getter_wps_device_device_type - Get current device type
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Getter for "DeviceType" property.
- */
-dbus_bool_t wpas_dbus_getter_wps_device_device_type(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-
-	if (!wpas_dbus_simple_array_property_getter(iter, DBUS_TYPE_BYTE,
-						    (char *)
-						    wpa_s->conf->device_type,
-						    WPS_DEV_TYPE_LEN, error)) {
-		dbus_set_error(error, DBUS_ERROR_FAILED,
-			       "%s: error constructing reply", __func__);
-		return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-/**
- * wpas_dbus_setter_wps_device_device_type - Set current device type
- * @iter: Pointer to incoming dbus message iter
- * @error: Location to store error on failure
- * @user_data: Function specific data
- * Returns: TRUE on success, FALSE on failure
- *
- * Setter for "DeviceType" property.
- */
-dbus_bool_t wpas_dbus_setter_wps_device_device_type(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = user_data;
-	u8 *dev_type;
-	int dev_len;
-	DBusMessageIter variant, array_iter;
-
-	if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_VARIANT)
-		return FALSE;
-
-	dbus_message_iter_recurse(iter, &variant);
-	if (dbus_message_iter_get_arg_type(&variant) != DBUS_TYPE_ARRAY)
-		return FALSE;
-
-	dbus_message_iter_recurse(&variant, &array_iter);
-	dbus_message_iter_get_fixed_array(&array_iter, &dev_type, &dev_len);
-
-	if (dev_len != WPS_DEV_TYPE_LEN)
-		return FALSE;
-
-	os_memcpy(wpa_s->conf->device_type, dev_type, WPS_DEV_TYPE_LEN);
-	wpa_s->conf->changed_parameters |= CFG_CHANGED_DEVICE_TYPE;
-	wpa_supplicant_update_config(wpa_s);
-
-	return TRUE;
-}
diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
deleted file mode 100644
index d9009ba85e9c..000000000000
--- a/wpa_supplicant/dbus/dbus_new_helpers.c
+++ /dev/null
@@ -1,1025 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "dbus_common.h"
-#include "dbus_common_i.h"
-#include "dbus_new.h"
-#include "dbus_new_helpers.h"
-#include "dbus_new_handlers.h"
-#include "dbus_dict_helpers.h"
-
-
-static dbus_bool_t fill_dict_with_properties(
-	DBusMessageIter *dict_iter,
-	const struct wpa_dbus_property_desc *props,
-	const char *interface, void *user_data, DBusError *error)
-{
-	DBusMessageIter entry_iter;
-	const struct wpa_dbus_property_desc *dsc;
-
-	for (dsc = props; dsc && dsc->dbus_property; dsc++) {
-		/* Only return properties for the requested D-Bus interface */
-		if (os_strncmp(dsc->dbus_interface, interface,
-			       WPAS_DBUS_INTERFACE_MAX) != 0)
-			continue;
-
-		/* Skip write-only properties */
-		if (dsc->getter == NULL)
-			continue;
-
-		if (!dbus_message_iter_open_container(dict_iter,
-						      DBUS_TYPE_DICT_ENTRY,
-						      NULL, &entry_iter) ||
-		    !dbus_message_iter_append_basic(&entry_iter,
-						    DBUS_TYPE_STRING,
-						    &dsc->dbus_property))
-			goto error;
-
-		/* An error getting a property fails the request entirely */
-		if (!dsc->getter(dsc, &entry_iter, error, user_data)) {
-			wpa_printf(MSG_INFO,
-				   "dbus: %s dbus_interface=%s dbus_property=%s getter failed",
-				   __func__, dsc->dbus_interface,
-				   dsc->dbus_property);
-			return FALSE;
-		}
-
-		if (!dbus_message_iter_close_container(dict_iter, &entry_iter))
-			goto error;
-	}
-
-	return TRUE;
-
-error:
-	dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
-	return FALSE;
-}
-
-
-/**
- * get_all_properties - Responds for GetAll properties calls on object
- * @message: Message with GetAll call
- * @interface: interface name which properties will be returned
- * @property_dsc: list of object's properties
- * Returns: Message with dict of variants as argument with properties values
- *
- * Iterates over all properties registered with object and execute getters
- * of those, which are readable and which interface matches interface
- * specified as argument. Returned message contains one dict argument
- * with properties names as keys and theirs values as values.
- */
-static DBusMessage * get_all_properties(DBusMessage *message, char *interface,
-					struct wpa_dbus_object_desc *obj_dsc)
-{
-	DBusMessage *reply;
-	DBusMessageIter iter, dict_iter;
-	DBusError error;
-
-	reply = dbus_message_new_method_return(message);
-	if (reply == NULL)
-		return wpas_dbus_error_no_memory(message);
-
-	dbus_message_iter_init_append(reply, &iter);
-	if (!wpa_dbus_dict_open_write(&iter, &dict_iter)) {
-		dbus_message_unref(reply);
-		return wpas_dbus_error_no_memory(message);
-	}
-
-	dbus_error_init(&error);
-	if (!fill_dict_with_properties(&dict_iter, obj_dsc->properties,
-				       interface, obj_dsc->user_data, &error)) {
-		wpa_dbus_dict_close_write(&iter, &dict_iter);
-		dbus_message_unref(reply);
-		reply = wpas_dbus_reply_new_from_error(
-			message, &error, DBUS_ERROR_INVALID_ARGS,
-			"No readable properties in this interface");
-		dbus_error_free(&error);
-		return reply;
-	}
-
-	if (!wpa_dbus_dict_close_write(&iter, &dict_iter)) {
-		dbus_message_unref(reply);
-		return wpas_dbus_error_no_memory(message);
-	}
-
-	return reply;
-}
-
-
-static int is_signature_correct(DBusMessage *message,
-				const struct wpa_dbus_method_desc *method_dsc)
-{
-	/* According to DBus documentation max length of signature is 255 */
-#define MAX_SIG_LEN 256
-	char registered_sig[MAX_SIG_LEN], *pos;
-	const char *sig = dbus_message_get_signature(message);
-	int ret;
-	const struct wpa_dbus_argument *arg;
-
-	pos = registered_sig;
-	*pos = '\0';
-
-	for (arg = method_dsc->args; arg && arg->name; arg++) {
-		if (arg->dir == ARG_IN) {
-			size_t blen = registered_sig + MAX_SIG_LEN - pos;
-
-			ret = os_snprintf(pos, blen, "%s", arg->type);
-			if (os_snprintf_error(blen, ret))
-				return 0;
-			pos += ret;
-		}
-	}
-
-	return !os_strncmp(registered_sig, sig, MAX_SIG_LEN);
-}
-
-
-static DBusMessage * properties_get_all(DBusMessage *message, char *interface,
-					struct wpa_dbus_object_desc *obj_dsc)
-{
-	if (os_strcmp(dbus_message_get_signature(message), "s") != 0)
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      NULL);
-
-	return get_all_properties(message, interface, obj_dsc);
-}
-
-
-static DBusMessage * properties_get(DBusMessage *message,
-				    const struct wpa_dbus_property_desc *dsc,
-				    void *user_data)
-{
-	DBusMessage *reply;
-	DBusMessageIter iter;
-	DBusError error;
-
-	if (os_strcmp(dbus_message_get_signature(message), "ss")) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      NULL);
-	}
-
-	if (dsc->getter == NULL) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Property is write-only");
-	}
-
-	reply = dbus_message_new_method_return(message);
-	dbus_message_iter_init_append(reply, &iter);
-
-	dbus_error_init(&error);
-	if (dsc->getter(dsc, &iter, &error, user_data) == FALSE) {
-		dbus_message_unref(reply);
-		reply = wpas_dbus_reply_new_from_error(
-			message, &error, DBUS_ERROR_FAILED,
-			"Failed to read property");
-		dbus_error_free(&error);
-	}
-
-	return reply;
-}
-
-
-static DBusMessage * properties_set(DBusMessage *message,
-				    const struct wpa_dbus_property_desc *dsc,
-				    void *user_data)
-{
-	DBusMessage *reply;
-	DBusMessageIter iter;
-	DBusError error;
-
-	if (os_strcmp(dbus_message_get_signature(message), "ssv")) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      NULL);
-	}
-
-	if (dsc->setter == NULL) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "Property is read-only");
-	}
-
-	dbus_message_iter_init(message, &iter);
-	/* Skip the interface name and the property name */
-	dbus_message_iter_next(&iter);
-	dbus_message_iter_next(&iter);
-
-	/* Iter will now point to the property's new value */
-	dbus_error_init(&error);
-	if (dsc->setter(dsc, &iter, &error, user_data) == TRUE) {
-		/* Success */
-		reply = dbus_message_new_method_return(message);
-	} else {
-		reply = wpas_dbus_reply_new_from_error(
-			message, &error, DBUS_ERROR_FAILED,
-			"Failed to set property");
-		dbus_error_free(&error);
-	}
-
-	return reply;
-}
-
-
-static DBusMessage *
-properties_get_or_set(DBusMessage *message, DBusMessageIter *iter,
-		      char *interface,
-		      struct wpa_dbus_object_desc *obj_dsc)
-{
-	const struct wpa_dbus_property_desc *property_dsc;
-	char *property;
-	const char *method;
-
-	method = dbus_message_get_member(message);
-	property_dsc = obj_dsc->properties;
-
-	/* Second argument: property name (DBUS_TYPE_STRING) */
-	if (!dbus_message_iter_next(iter) ||
-	    dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_STRING) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      NULL);
-	}
-	dbus_message_iter_get_basic(iter, &property);
-
-	while (property_dsc && property_dsc->dbus_property) {
-		/* compare property names and
-		 * interfaces */
-		if (!os_strncmp(property_dsc->dbus_property, property,
-				WPAS_DBUS_METHOD_SIGNAL_PROP_MAX) &&
-		    !os_strncmp(property_dsc->dbus_interface, interface,
-				WPAS_DBUS_INTERFACE_MAX))
-			break;
-
-		property_dsc++;
-	}
-	if (property_dsc == NULL || property_dsc->dbus_property == NULL) {
-		wpa_printf(MSG_DEBUG, "no property handler for %s.%s on %s",
-			   interface, property,
-			   dbus_message_get_path(message));
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      "No such property");
-	}
-
-	if (os_strncmp(WPA_DBUS_PROPERTIES_GET, method,
-		       WPAS_DBUS_METHOD_SIGNAL_PROP_MAX) == 0) {
-		wpa_printf(MSG_MSGDUMP, "%s: Get(%s)", __func__, property);
-		return properties_get(message, property_dsc,
-				      obj_dsc->user_data);
-	}
-
-	wpa_printf(MSG_MSGDUMP, "%s: Set(%s)", __func__, property);
-	return properties_set(message, property_dsc, obj_dsc->user_data);
-}
-
-
-static DBusMessage * properties_handler(DBusMessage *message,
-					struct wpa_dbus_object_desc *obj_dsc)
-{
-	DBusMessageIter iter;
-	char *interface;
-	const char *method;
-
-	method = dbus_message_get_member(message);
-	dbus_message_iter_init(message, &iter);
-
-	if (!os_strncmp(WPA_DBUS_PROPERTIES_GET, method,
-			WPAS_DBUS_METHOD_SIGNAL_PROP_MAX) ||
-	    !os_strncmp(WPA_DBUS_PROPERTIES_SET, method,
-			WPAS_DBUS_METHOD_SIGNAL_PROP_MAX) ||
-	    !os_strncmp(WPA_DBUS_PROPERTIES_GETALL, method,
-			WPAS_DBUS_METHOD_SIGNAL_PROP_MAX)) {
-		/* First argument: interface name (DBUS_TYPE_STRING) */
-		if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING) {
-			return dbus_message_new_error(message,
-						      DBUS_ERROR_INVALID_ARGS,
-						      NULL);
-		}
-
-		dbus_message_iter_get_basic(&iter, &interface);
-
-		if (!os_strncmp(WPA_DBUS_PROPERTIES_GETALL, method,
-				WPAS_DBUS_METHOD_SIGNAL_PROP_MAX)) {
-			/* GetAll */
-			return properties_get_all(message, interface, obj_dsc);
-		}
-		/* Get or Set */
-		return properties_get_or_set(message, &iter, interface,
-					     obj_dsc);
-	}
-	return dbus_message_new_error(message, DBUS_ERROR_UNKNOWN_METHOD,
-				      NULL);
-}
-
-
-static DBusMessage * msg_method_handler(DBusMessage *message,
-					struct wpa_dbus_object_desc *obj_dsc)
-{
-	const struct wpa_dbus_method_desc *method_dsc = obj_dsc->methods;
-	const char *method;
-	const char *msg_interface;
-
-	method = dbus_message_get_member(message);
-	msg_interface = dbus_message_get_interface(message);
-
-	/* try match call to any registered method */
-	while (method_dsc && method_dsc->dbus_method) {
-		/* compare method names and interfaces */
-		if (!os_strncmp(method_dsc->dbus_method, method,
-				WPAS_DBUS_METHOD_SIGNAL_PROP_MAX) &&
-		    !os_strncmp(method_dsc->dbus_interface, msg_interface,
-				WPAS_DBUS_INTERFACE_MAX))
-			break;
-
-		method_dsc++;
-	}
-	if (method_dsc == NULL || method_dsc->dbus_method == NULL) {
-		wpa_printf(MSG_DEBUG, "no method handler for %s.%s on %s",
-			   msg_interface, method,
-			   dbus_message_get_path(message));
-		return dbus_message_new_error(message,
-					      DBUS_ERROR_UNKNOWN_METHOD, NULL);
-	}
-
-	if (!is_signature_correct(message, method_dsc)) {
-		return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
-					      NULL);
-	}
-
-	return method_dsc->method_handler(message, obj_dsc->user_data);
-}
-
-
-/**
- * message_handler - Handles incoming DBus messages
- * @connection: DBus connection on which message was received
- * @message: Received message
- * @user_data: pointer to description of object to which message was sent
- * Returns: Returns information whether message was handled or not
- *
- * Reads message interface and method name, then checks if they matches one
- * of the special cases i.e. introspection call or properties get/getall/set
- * methods and handles it. Else it iterates over registered methods list
- * and tries to match method's name and interface to those read from message
- * If appropriate method was found its handler function is called and
- * response is sent. Otherwise, the DBUS_ERROR_UNKNOWN_METHOD error message
- * will be sent.
- */
-static DBusHandlerResult message_handler(DBusConnection *connection,
-					 DBusMessage *message, void *user_data)
-{
-	struct wpa_dbus_object_desc *obj_dsc = user_data;
-	const char *method;
-	const char *path;
-	const char *msg_interface;
-	DBusMessage *reply;
-
-	/* get method, interface and path the message is addressed to */
-	method = dbus_message_get_member(message);
-	path = dbus_message_get_path(message);
-	msg_interface = dbus_message_get_interface(message);
-	if (!method || !path || !msg_interface)
-		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-
-	wpa_printf(MSG_MSGDUMP, "dbus: %s.%s (%s) [%s]",
-		   msg_interface, method, path,
-		   dbus_message_get_signature(message));
-
-	/* if message is introspection method call */
-	if (!os_strncmp(WPA_DBUS_INTROSPECTION_METHOD, method,
-			WPAS_DBUS_METHOD_SIGNAL_PROP_MAX) &&
-	    !os_strncmp(WPA_DBUS_INTROSPECTION_INTERFACE, msg_interface,
-			WPAS_DBUS_INTERFACE_MAX)) {
-#ifdef CONFIG_CTRL_IFACE_DBUS_INTRO
-		reply = wpa_dbus_introspect(message, obj_dsc);
-#else /* CONFIG_CTRL_IFACE_DBUS_INTRO */
-		reply = dbus_message_new_error(
-			message, DBUS_ERROR_UNKNOWN_METHOD,
-			"wpa_supplicant was compiled without introspection support.");
-#endif /* CONFIG_CTRL_IFACE_DBUS_INTRO */
-	} else if (!os_strncmp(WPA_DBUS_PROPERTIES_INTERFACE, msg_interface,
-			     WPAS_DBUS_INTERFACE_MAX)) {
-		/* if message is properties method call */
-		reply = properties_handler(message, obj_dsc);
-	} else {
-		reply = msg_method_handler(message, obj_dsc);
-	}
-
-	/* If handler succeed returning NULL, reply empty message */
-	if (!reply)
-		reply = dbus_message_new_method_return(message);
-	if (reply) {
-		if (!dbus_message_get_no_reply(message))
-			dbus_connection_send(connection, reply, NULL);
-		dbus_message_unref(reply);
-	}
-
-	wpa_dbus_flush_all_changed_properties(connection);
-
-	return DBUS_HANDLER_RESULT_HANDLED;
-}
-
-
-/**
- * free_dbus_object_desc - Frees object description data structure
- * @connection: DBus connection
- * @obj_dsc: Object description to free
- *
- * Frees each of properties, methods and signals description lists and
- * the object description structure itself.
- */
-void free_dbus_object_desc(struct wpa_dbus_object_desc *obj_dsc)
-{
-	if (!obj_dsc)
-		return;
-
-	/* free handler's argument */
-	if (obj_dsc->user_data_free_func)
-		obj_dsc->user_data_free_func(obj_dsc->user_data);
-
-	os_free(obj_dsc->path);
-	os_free(obj_dsc->prop_changed_flags);
-	os_free(obj_dsc);
-}
-
-
-static void free_dbus_object_desc_cb(DBusConnection *connection, void *obj_dsc)
-{
-	free_dbus_object_desc(obj_dsc);
-}
-
-
-/**
- * wpa_dbus_ctrl_iface_init - Initialize dbus control interface
- * @application_data: Pointer to application specific data structure
- * @dbus_path: DBus path to interface object
- * @dbus_service: DBus service name to register with
- * @messageHandler: a pointer to function which will handle dbus messages
- * coming on interface
- * Returns: 0 on success, -1 on failure
- *
- * Initialize the dbus control interface and start receiving commands from
- * external programs over the bus.
- */
-int wpa_dbus_ctrl_iface_init(struct wpas_dbus_priv *iface,
-			     char *dbus_path, char *dbus_service,
-			     struct wpa_dbus_object_desc *obj_desc)
-{
-	DBusError error;
-	int ret = -1;
-	DBusObjectPathVTable wpa_vtable = {
-		&free_dbus_object_desc_cb, &message_handler,
-		NULL, NULL, NULL, NULL
-	};
-
-	obj_desc->connection = iface->con;
-	obj_desc->path = os_strdup(dbus_path);
-
-	/* Register the message handler for the global dbus interface */
-	if (!dbus_connection_register_object_path(iface->con, dbus_path,
-						  &wpa_vtable, obj_desc)) {
-		wpa_printf(MSG_ERROR, "dbus: Could not set up message handler");
-		return -1;
-	}
-
-	/* Register our service with the message bus */
-	dbus_error_init(&error);
-	switch (dbus_bus_request_name(iface->con, dbus_service, 0, &error)) {
-	case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER:
-		ret = 0;
-		break;
-	case DBUS_REQUEST_NAME_REPLY_EXISTS:
-	case DBUS_REQUEST_NAME_REPLY_IN_QUEUE:
-	case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER:
-		wpa_printf(MSG_ERROR,
-			   "dbus: Could not request service name: already registered");
-		break;
-	default:
-		wpa_printf(MSG_ERROR,
-			   "dbus: Could not request service name: %s %s",
-			   error.name, error.message);
-		break;
-	}
-	dbus_error_free(&error);
-
-	if (ret != 0)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "Providing DBus service '%s'.", dbus_service);
-
-	return 0;
-}
-
-
-/**
- * wpa_dbus_register_object_per_iface - Register a new object with dbus
- * @ctrl_iface: pointer to dbus private data
- * @path: DBus path to object
- * @ifname: interface name
- * @obj_desc: description of object's methods, signals and properties
- * Returns: 0 on success, -1 on error
- *
- * Registers a new interface with dbus and assigns it a dbus object path.
- */
-int wpa_dbus_register_object_per_iface(struct wpas_dbus_priv *ctrl_iface,
-				       const char *path, const char *ifname,
-				       struct wpa_dbus_object_desc *obj_desc)
-{
-	DBusConnection *con;
-	DBusError error;
-	DBusObjectPathVTable vtable = {
-		&free_dbus_object_desc_cb, &message_handler,
-		NULL, NULL, NULL, NULL
-	};
-
-	/* Do nothing if the control interface is not turned on */
-	if (ctrl_iface == NULL)
-		return 0;
-
-	con = ctrl_iface->con;
-	obj_desc->connection = con;
-	obj_desc->path = os_strdup(path);
-
-	dbus_error_init(&error);
-	/* Register the message handler for the interface functions */
-	if (!dbus_connection_try_register_object_path(con, path, &vtable,
-						      obj_desc, &error)) {
-		if (os_strcmp(error.name, DBUS_ERROR_OBJECT_PATH_IN_USE) == 0) {
-			wpa_printf(MSG_DEBUG, "dbus: %s", error.message);
-		} else {
-			wpa_printf(MSG_ERROR,
-				   "dbus: Could not set up message handler for interface %s object %s (error: %s message: %s)",
-				   ifname, path, error.name, error.message);
-		}
-		dbus_error_free(&error);
-		return -1;
-	}
-
-	dbus_error_free(&error);
-	return 0;
-}
-
-
-static void flush_object_timeout_handler(void *eloop_ctx, void *timeout_ctx);
-
-
-/**
- * wpa_dbus_unregister_object_per_iface - Unregisters DBus object
- * @ctrl_iface: Pointer to dbus private data
- * @path: DBus path to object which will be unregistered
- * Returns: Zero on success and -1 on failure
- *
- * Unregisters DBus object given by its path
- */
-int wpa_dbus_unregister_object_per_iface(
-	struct wpas_dbus_priv *ctrl_iface, const char *path)
-{
-	DBusConnection *con = ctrl_iface->con;
-	struct wpa_dbus_object_desc *obj_desc = NULL;
-
-	dbus_connection_get_object_path_data(con, path, (void **) &obj_desc);
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: %s: Could not obtain object's private data: %s",
-			   __func__, path);
-		return 0;
-	}
-
-	eloop_cancel_timeout(flush_object_timeout_handler, con, obj_desc);
-
-	if (!dbus_connection_unregister_object_path(con, path))
-		return -1;
-
-	return 0;
-}
-
-
-static dbus_bool_t put_changed_properties(
-	const struct wpa_dbus_object_desc *obj_dsc, const char *interface,
-	DBusMessageIter *dict_iter, int clear_changed)
-{
-	DBusMessageIter entry_iter;
-	const struct wpa_dbus_property_desc *dsc;
-	int i;
-	DBusError error;
-
-	for (dsc = obj_dsc->properties, i = 0; dsc && dsc->dbus_property;
-	     dsc++, i++) {
-		if (obj_dsc->prop_changed_flags == NULL ||
-		    !obj_dsc->prop_changed_flags[i])
-			continue;
-		if (os_strcmp(dsc->dbus_interface, interface) != 0)
-			continue;
-		if (clear_changed)
-			obj_dsc->prop_changed_flags[i] = 0;
-
-		if (!dbus_message_iter_open_container(dict_iter,
-						      DBUS_TYPE_DICT_ENTRY,
-						      NULL, &entry_iter) ||
-		    !dbus_message_iter_append_basic(&entry_iter,
-						    DBUS_TYPE_STRING,
-						    &dsc->dbus_property))
-			return FALSE;
-
-		dbus_error_init(&error);
-		if (!dsc->getter(dsc, &entry_iter, &error, obj_dsc->user_data))
-		{
-			if (dbus_error_is_set(&error)) {
-				wpa_printf(MSG_ERROR,
-					   "dbus: %s: Cannot get new value of property %s: (%s) %s",
-					   __func__, dsc->dbus_property,
-					   error.name, error.message);
-			} else {
-				wpa_printf(MSG_ERROR,
-					   "dbus: %s: Cannot get new value of property %s",
-					   __func__, dsc->dbus_property);
-			}
-			dbus_error_free(&error);
-			return FALSE;
-		}
-
-		if (!dbus_message_iter_close_container(dict_iter, &entry_iter))
-			return FALSE;
-	}
-
-	return TRUE;
-}
-
-
-static void do_send_prop_changed_signal(
-	DBusConnection *con, const char *path, const char *interface,
-	const struct wpa_dbus_object_desc *obj_dsc)
-{
-	DBusMessage *msg;
-	DBusMessageIter signal_iter, dict_iter;
-
-	msg = dbus_message_new_signal(path, DBUS_INTERFACE_PROPERTIES,
-				      "PropertiesChanged");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &signal_iter);
-
-	if (!dbus_message_iter_append_basic(&signal_iter, DBUS_TYPE_STRING,
-					    &interface) ||
-	    /* Changed properties dict */
-	    !dbus_message_iter_open_container(&signal_iter, DBUS_TYPE_ARRAY,
-					      "{sv}", &dict_iter) ||
-	    !put_changed_properties(obj_dsc, interface, &dict_iter, 0) ||
-	    !dbus_message_iter_close_container(&signal_iter, &dict_iter) ||
-	    /* Invalidated properties array (empty) */
-	    !dbus_message_iter_open_container(&signal_iter, DBUS_TYPE_ARRAY,
-					      "s", &dict_iter) ||
-	    !dbus_message_iter_close_container(&signal_iter, &dict_iter)) {
-		wpa_printf(MSG_DEBUG, "dbus: %s: Failed to construct signal",
-			   __func__);
-	} else {
-		dbus_connection_send(con, msg, NULL);
-	}
-
-	dbus_message_unref(msg);
-}
-
-
-static void do_send_deprecated_prop_changed_signal(
-	DBusConnection *con, const char *path, const char *interface,
-	const struct wpa_dbus_object_desc *obj_dsc)
-{
-	DBusMessage *msg;
-	DBusMessageIter signal_iter, dict_iter;
-
-	msg = dbus_message_new_signal(path, interface, "PropertiesChanged");
-	if (msg == NULL)
-		return;
-
-	dbus_message_iter_init_append(msg, &signal_iter);
-
-	if (!dbus_message_iter_open_container(&signal_iter, DBUS_TYPE_ARRAY,
-					      "{sv}", &dict_iter) ||
-	    !put_changed_properties(obj_dsc, interface, &dict_iter, 1) ||
-	    !dbus_message_iter_close_container(&signal_iter, &dict_iter)) {
-		wpa_printf(MSG_DEBUG, "dbus: %s: Failed to construct signal",
-			   __func__);
-	} else {
-		dbus_connection_send(con, msg, NULL);
-	}
-
-	dbus_message_unref(msg);
-}
-
-
-static void send_prop_changed_signal(
-	DBusConnection *con, const char *path, const char *interface,
-	const struct wpa_dbus_object_desc *obj_dsc)
-{
-	/*
-	 * First, send property change notification on the standardized
-	 * org.freedesktop.DBus.Properties interface. This call will not
-	 * clear the property change bits, so that they are preserved for
-	 * the call that follows.
-	 */
-	do_send_prop_changed_signal(con, path, interface, obj_dsc);
-
-	/*
-	 * Now send PropertiesChanged on our own interface for backwards
-	 * compatibility. This is deprecated and will be removed in a future
-	 * release.
-	 */
-	do_send_deprecated_prop_changed_signal(con, path, interface, obj_dsc);
-
-	/* Property change bits have now been cleared. */
-}
-
-
-static void flush_object_timeout_handler(void *eloop_ctx, void *timeout_ctx)
-{
-	DBusConnection *con = eloop_ctx;
-	struct wpa_dbus_object_desc *obj_desc = timeout_ctx;
-
-	wpa_printf(MSG_MSGDUMP,
-		   "dbus: %s: Timeout - sending changed properties of object %s",
-		   __func__, obj_desc->path);
-	wpa_dbus_flush_object_changed_properties(con, obj_desc->path);
-}
-
-
-static void recursive_flush_changed_properties(DBusConnection *con,
-					       const char *path)
-{
-	char **objects = NULL;
-	char subobj_path[WPAS_DBUS_OBJECT_PATH_MAX];
-	int i;
-
-	wpa_dbus_flush_object_changed_properties(con, path);
-
-	if (!dbus_connection_list_registered(con, path, &objects))
-		goto out;
-
-	for (i = 0; objects[i]; i++) {
-		os_snprintf(subobj_path, WPAS_DBUS_OBJECT_PATH_MAX,
-			    "%s/%s", path, objects[i]);
-		recursive_flush_changed_properties(con, subobj_path);
-	}
-
-out:
-	dbus_free_string_array(objects);
-}
-
-
-/**
- * wpa_dbus_flush_all_changed_properties - Send all PropertiesChanged signals
- * @con: DBus connection
- *
- * Traverses through all registered objects and sends PropertiesChanged for
- * each properties.
- */
-void wpa_dbus_flush_all_changed_properties(DBusConnection *con)
-{
-	recursive_flush_changed_properties(con, WPAS_DBUS_NEW_PATH);
-}
-
-
-/**
- * wpa_dbus_flush_object_changed_properties - Send PropertiesChanged for object
- * @con: DBus connection
- * @path: path to a DBus object for which PropertiesChanged will be sent.
- *
- * Iterates over all properties registered with object and for each interface
- * containing properties marked as changed, sends a PropertiesChanged signal
- * containing names and new values of properties that have changed.
- *
- * You need to call this function after wpa_dbus_mark_property_changed()
- * if you want to send PropertiesChanged signal immediately (i.e., without
- * waiting timeout to expire). PropertiesChanged signal for an object is sent
- * automatically short time after first marking property as changed. All
- * PropertiesChanged signals are sent automatically after responding on DBus
- * message, so if you marked a property changed as a result of DBus call
- * (e.g., param setter), you usually do not need to call this function.
- */
-void wpa_dbus_flush_object_changed_properties(DBusConnection *con,
-					      const char *path)
-{
-	struct wpa_dbus_object_desc *obj_desc = NULL;
-	const struct wpa_dbus_property_desc *dsc;
-	int i;
-
-	dbus_connection_get_object_path_data(con, path, (void **) &obj_desc);
-	if (!obj_desc)
-		return;
-	eloop_cancel_timeout(flush_object_timeout_handler, con, obj_desc);
-
-	for (dsc = obj_desc->properties, i = 0; dsc && dsc->dbus_property;
-	     dsc++, i++) {
-		if (obj_desc->prop_changed_flags == NULL ||
-		    !obj_desc->prop_changed_flags[i])
-			continue;
-		send_prop_changed_signal(con, path, dsc->dbus_interface,
-					 obj_desc);
-	}
-}
-
-
-#define WPA_DBUS_SEND_PROP_CHANGED_TIMEOUT 5000
-
-
-/**
- * wpa_dbus_mark_property_changed - Mark a property as changed and
- * @iface: dbus priv struct
- * @path: path to DBus object which property has changed
- * @interface: interface containing changed property
- * @property: property name which has changed
- *
- * Iterates over all properties registered with an object and marks the one
- * given in parameters as changed. All parameters registered for an object
- * within a single interface will be aggregated together and sent in one
- * PropertiesChanged signal when function
- * wpa_dbus_flush_object_changed_properties() is called.
- */
-void wpa_dbus_mark_property_changed(struct wpas_dbus_priv *iface,
-				    const char *path, const char *interface,
-				    const char *property)
-{
-	struct wpa_dbus_object_desc *obj_desc = NULL;
-	const struct wpa_dbus_property_desc *dsc;
-	int i = 0;
-
-	if (iface == NULL)
-		return;
-
-	dbus_connection_get_object_path_data(iface->con, path,
-					     (void **) &obj_desc);
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: wpa_dbus_property_changed: could not obtain object's private data: %s",
-			   path);
-		return;
-	}
-
-	for (dsc = obj_desc->properties; dsc && dsc->dbus_property; dsc++, i++)
-		if (os_strcmp(property, dsc->dbus_property) == 0 &&
-		    os_strcmp(interface, dsc->dbus_interface) == 0) {
-			if (obj_desc->prop_changed_flags)
-				obj_desc->prop_changed_flags[i] = 1;
-			break;
-		}
-
-	if (!dsc || !dsc->dbus_property) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: wpa_dbus_property_changed: no property %s in object %s",
-			   property, path);
-		return;
-	}
-
-	if (!eloop_is_timeout_registered(flush_object_timeout_handler,
-					 iface->con, obj_desc)) {
-		eloop_register_timeout(0, WPA_DBUS_SEND_PROP_CHANGED_TIMEOUT,
-				       flush_object_timeout_handler,
-				       iface->con, obj_desc);
-	}
-}
-
-
-/**
- * wpa_dbus_get_object_properties - Put object's properties into dictionary
- * @iface: dbus priv struct
- * @path: path to DBus object which properties will be obtained
- * @interface: interface name which properties will be obtained
- * @iter: DBus message iter at which to append property dictionary.
- *
- * Iterates over all properties registered with object and execute getters
- * of those, which are readable and which interface matches interface
- * specified as argument. Obtained properties values are stored in
- * dict_iter dictionary.
- */
-dbus_bool_t wpa_dbus_get_object_properties(struct wpas_dbus_priv *iface,
-					   const char *path,
-					   const char *interface,
-					   DBusMessageIter *iter)
-{
-	struct wpa_dbus_object_desc *obj_desc = NULL;
-	DBusMessageIter dict_iter;
-	DBusError error;
-
-	dbus_connection_get_object_path_data(iface->con, path,
-					     (void **) &obj_desc);
-	if (!obj_desc) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: %s: could not obtain object's private data: %s",
-			   __func__, path);
-		return FALSE;
-	}
-
-	if (!wpa_dbus_dict_open_write(iter, &dict_iter)) {
-		wpa_printf(MSG_ERROR, "dbus: %s: failed to open message dict",
-			   __func__);
-		return FALSE;
-	}
-
-	dbus_error_init(&error);
-	if (!fill_dict_with_properties(&dict_iter, obj_desc->properties,
-				       interface, obj_desc->user_data,
-				       &error)) {
-		wpa_printf(MSG_ERROR,
-			   "dbus: %s: failed to get object properties: (%s) %s",
-			   __func__,
-			   dbus_error_is_set(&error) ? error.name : "none",
-			   dbus_error_is_set(&error) ? error.message : "none");
-		dbus_error_free(&error);
-		wpa_dbus_dict_close_write(iter, &dict_iter);
-		return FALSE;
-	}
-
-	return wpa_dbus_dict_close_write(iter, &dict_iter);
-}
-
-/**
- * wpas_dbus_new_decompose_object_path - Decompose an interface object path into parts
- * @path: The dbus object path
- * @sep: Separating part (e.g., "Networks" or "PersistentGroups")
- * @item: (out) The part following the specified separator, if any
- * Returns: The object path of the interface this path refers to
- *
- * For a given object path, decomposes the object path into object id and
- * requested part, if those parts exist. The caller is responsible for freeing
- * the returned value. The *item pointer points to that allocated value and must
- * not be freed separately.
- *
- * As an example, path = "/fi/w1/wpa_supplicant1/Interfaces/1/Networks/0" and
- * sep = "Networks" would result in "/fi/w1/wpa_supplicant1/Interfaces/1"
- * getting returned and *items set to point to "0".
- */
-char * wpas_dbus_new_decompose_object_path(const char *path, const char *sep,
-					   char **item)
-{
-	const unsigned int dev_path_prefix_len =
-		os_strlen(WPAS_DBUS_NEW_PATH_INTERFACES "/");
-	char *obj_path_only;
-	char *pos;
-	size_t sep_len;
-
-	*item = NULL;
-
-	/* Verify that this starts with our interface prefix */
-	if (os_strncmp(path, WPAS_DBUS_NEW_PATH_INTERFACES "/",
-		       dev_path_prefix_len) != 0)
-		return NULL; /* not our path */
-
-	/* Ensure there's something at the end of the path */
-	if ((path + dev_path_prefix_len)[0] == '\0')
-		return NULL;
-
-	obj_path_only = os_strdup(path);
-	if (obj_path_only == NULL)
-		return NULL;
-
-	pos = obj_path_only + dev_path_prefix_len;
-	pos = os_strchr(pos, '/');
-	if (pos == NULL)
-		return obj_path_only; /* no next item on the path */
-
-	 /* Separate network interface prefix from the path */
-	*pos++ = '\0';
-
-	sep_len = os_strlen(sep);
-	if (os_strncmp(pos, sep, sep_len) != 0 || pos[sep_len] != '/')
-		return obj_path_only; /* no match */
-
-	 /* return a pointer to the requested item */
-	*item = pos + sep_len + 1;
-	return obj_path_only;
-}
-
-
-/**
- * wpas_dbus_reply_new_from_error - Create a new D-Bus error message from a
- *   dbus error structure
- * @message: The original request message for which the error is a reply
- * @error: The error containing a name and a descriptive error cause
- * @fallback_name: A generic error name if @error was not set
- * @fallback_string: A generic error string if @error was not set
- * Returns: A new D-Bus error message
- *
- * Given a DBusMessage structure, creates a new D-Bus error message using
- * the error name and string contained in that structure.
- */
-DBusMessage * wpas_dbus_reply_new_from_error(DBusMessage *message,
-					     DBusError *error,
-					     const char *fallback_name,
-					     const char *fallback_string)
-{
-	if (error && error->name && error->message) {
-		return dbus_message_new_error(message, error->name,
-					      error->message);
-	}
-	if (fallback_name && fallback_string) {
-		return dbus_message_new_error(message, fallback_name,
-					      fallback_string);
-	}
-	return NULL;
-}
diff --git a/wpa_supplicant/dbus/dbus_new_helpers.h b/wpa_supplicant/dbus/dbus_new_helpers.h
deleted file mode 100644
index 7b63b28d7707..000000000000
--- a/wpa_supplicant/dbus/dbus_new_helpers.h
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * WPA Supplicant / dbus-based control interface
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_DBUS_CTRL_H
-#define WPA_DBUS_CTRL_H
-
-#include <dbus/dbus.h>
-
-typedef DBusMessage * (*WPADBusMethodHandler)(DBusMessage *message,
-					      void *user_data);
-typedef void (*WPADBusArgumentFreeFunction)(void *handler_arg);
-
-struct wpa_dbus_property_desc;
-typedef dbus_bool_t (*WPADBusPropertyAccessor)(
-	const struct wpa_dbus_property_desc *property_desc,
-	DBusMessageIter *iter, DBusError *error, void *user_data);
-#define DECLARE_ACCESSOR(f) \
-dbus_bool_t f(const struct wpa_dbus_property_desc *property_desc, \
-	      DBusMessageIter *iter, DBusError *error, void *user_data)
-
-struct wpa_dbus_object_desc {
-	DBusConnection *connection;
-	char *path;
-
-	/* list of methods, properties and signals registered with object */
-	const struct wpa_dbus_method_desc *methods;
-	const struct wpa_dbus_signal_desc *signals;
-	const struct wpa_dbus_property_desc *properties;
-
-	/* property changed flags */
-	u8 *prop_changed_flags;
-
-	/* argument for method handlers and properties
-	 * getter and setter functions */
-	void *user_data;
-	/* function used to free above argument */
-	WPADBusArgumentFreeFunction user_data_free_func;
-};
-
-enum dbus_arg_direction { ARG_IN, ARG_OUT };
-
-struct wpa_dbus_argument {
-	char *name;
-	char *type;
-	enum dbus_arg_direction dir;
-};
-
-#define END_ARGS { NULL, NULL, ARG_IN }
-
-/**
- * struct wpa_dbus_method_desc - DBus method description
- */
-struct wpa_dbus_method_desc {
-	/* method name */
-	const char *dbus_method;
-	/* method interface */
-	const char *dbus_interface;
-	/* method handling function */
-	WPADBusMethodHandler method_handler;
-	/* array of arguments */
-	struct wpa_dbus_argument args[4];
-};
-
-/**
- * struct wpa_dbus_signal_desc - DBus signal description
- */
-struct wpa_dbus_signal_desc {
-	/* signal name */
-	const char *dbus_signal;
-	/* signal interface */
-	const char *dbus_interface;
-	/* array of arguments */
-	struct wpa_dbus_argument args[4];
-};
-
-/**
- * struct wpa_dbus_property_desc - DBus property description
- */
-struct wpa_dbus_property_desc {
-	/* property name */
-	const char *dbus_property;
-	/* property interface */
-	const char *dbus_interface;
-	/* property type signature in DBus type notation */
-	const char *type;
-	/* property getter function */
-	WPADBusPropertyAccessor getter;
-	/* property setter function */
-	WPADBusPropertyAccessor setter;
-	/* other data */
-	const char *data;
-};
-
-
-#define WPAS_DBUS_OBJECT_PATH_MAX 150
-#define WPAS_DBUS_INTERFACE_MAX 150
-#define WPAS_DBUS_METHOD_SIGNAL_PROP_MAX 50
-#define WPAS_DBUS_AUTH_MODE_MAX 64
-
-#define WPA_DBUS_INTROSPECTION_INTERFACE "org.freedesktop.DBus.Introspectable"
-#define WPA_DBUS_INTROSPECTION_METHOD "Introspect"
-#define WPA_DBUS_PROPERTIES_INTERFACE "org.freedesktop.DBus.Properties"
-#define WPA_DBUS_PROPERTIES_GET "Get"
-#define WPA_DBUS_PROPERTIES_SET "Set"
-#define WPA_DBUS_PROPERTIES_GETALL "GetAll"
-
-void free_dbus_object_desc(struct wpa_dbus_object_desc *obj_dsc);
-
-int wpa_dbus_ctrl_iface_init(struct wpas_dbus_priv *iface, char *dbus_path,
-			     char *dbus_service,
-			     struct wpa_dbus_object_desc *obj_desc);
-
-int wpa_dbus_register_object_per_iface(
-	struct wpas_dbus_priv *ctrl_iface,
-	const char *path, const char *ifname,
-	struct wpa_dbus_object_desc *obj_desc);
-
-int wpa_dbus_unregister_object_per_iface(
-	struct wpas_dbus_priv *ctrl_iface,
-	const char *path);
-
-dbus_bool_t wpa_dbus_get_object_properties(struct wpas_dbus_priv *iface,
-					   const char *path,
-					   const char *interface,
-					   DBusMessageIter *iter);
-
-
-void wpa_dbus_flush_all_changed_properties(DBusConnection *con);
-
-void wpa_dbus_flush_object_changed_properties(DBusConnection *con,
-					      const char *path);
-
-void wpa_dbus_mark_property_changed(struct wpas_dbus_priv *iface,
-				    const char *path, const char *interface,
-				    const char *property);
-
-DBusMessage * wpa_dbus_introspect(DBusMessage *message,
-				  struct wpa_dbus_object_desc *obj_dsc);
-
-char * wpas_dbus_new_decompose_object_path(const char *path, const char *sep,
-					   char **item);
-
-DBusMessage *wpas_dbus_reply_new_from_error(DBusMessage *message,
-					    DBusError *error,
-					    const char *fallback_name,
-					    const char *fallback_string);
-
-#endif /* WPA_DBUS_CTRL_H */
diff --git a/wpa_supplicant/dbus/dbus_new_introspect.c b/wpa_supplicant/dbus/dbus_new_introspect.c
deleted file mode 100644
index 6c721bf556db..000000000000
--- a/wpa_supplicant/dbus/dbus_new_introspect.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * wpa_supplicant - D-Bus introspection
- * Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
- * Copyright (c) 2009, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/list.h"
-#include "utils/wpabuf.h"
-#include "dbus_common_i.h"
-#include "dbus_new_helpers.h"
-
-
-struct interfaces {
-	struct dl_list list;
-	char *dbus_interface;
-	struct wpabuf *xml;
-};
-
-
-static struct interfaces * add_interface(struct dl_list *list,
-					 const char *dbus_interface)
-{
-	struct interfaces *iface;
-
-	dl_list_for_each(iface, list, struct interfaces, list) {
-		if (os_strcmp(iface->dbus_interface, dbus_interface) == 0)
-			return iface; /* already in the list */
-	}
-
-	iface = os_zalloc(sizeof(struct interfaces));
-	if (!iface)
-		return NULL;
-	iface->dbus_interface = os_strdup(dbus_interface);
-	iface->xml = wpabuf_alloc(15000);
-	if (iface->dbus_interface == NULL || iface->xml == NULL) {
-		os_free(iface->dbus_interface);
-		wpabuf_free(iface->xml);
-		os_free(iface);
-		return NULL;
-	}
-	wpabuf_printf(iface->xml, "<interface name=\"%s\">", dbus_interface);
-	dl_list_add_tail(list, &iface->list);
-	return iface;
-}
-
-
-static void add_arg(struct wpabuf *xml, const char *name, const char *type,
-		    const char *direction)
-{
-	wpabuf_printf(xml, "<arg name=\"%s\"", name);
-	if (type)
-		wpabuf_printf(xml, " type=\"%s\"", type);
-	if (direction)
-		wpabuf_printf(xml, " direction=\"%s\"", direction);
-	wpabuf_put_str(xml, "/>");
-}
-
-
-static void add_entry(struct wpabuf *xml, const char *type, const char *name,
-		      const struct wpa_dbus_argument *args, int include_dir)
-{
-	const struct wpa_dbus_argument *arg;
-
-	if (args == NULL || args->name == NULL) {
-		wpabuf_printf(xml, "<%s name=\"%s\"/>", type, name);
-		return;
-	}
-	wpabuf_printf(xml, "<%s name=\"%s\">", type, name);
-	for (arg = args; arg && arg->name; arg++) {
-		add_arg(xml, arg->name, arg->type,
-			include_dir ? (arg->dir == ARG_IN ? "in" : "out") :
-			NULL);
-	}
-	wpabuf_printf(xml, "</%s>", type);
-}
-
-
-static void add_property(struct wpabuf *xml,
-			 const struct wpa_dbus_property_desc *dsc)
-{
-	wpabuf_printf(xml, "<property name=\"%s\" type=\"%s\" "
-		      "access=\"%s%s\"/>",
-		      dsc->dbus_property, dsc->type,
-		      dsc->getter ? "read" : "",
-		      dsc->setter ? "write" : "");
-}
-
-
-static void extract_interfaces_methods(
-	struct dl_list *list, const struct wpa_dbus_method_desc *methods)
-{
-	const struct wpa_dbus_method_desc *dsc;
-	struct interfaces *iface;
-
-	for (dsc = methods; dsc && dsc->dbus_method; dsc++) {
-		iface = add_interface(list, dsc->dbus_interface);
-		if (iface)
-			add_entry(iface->xml, "method", dsc->dbus_method,
-				  dsc->args, 1);
-	}
-}
-
-
-static void extract_interfaces_signals(
-	struct dl_list *list, const struct wpa_dbus_signal_desc *signals)
-{
-	const struct wpa_dbus_signal_desc *dsc;
-	struct interfaces *iface;
-
-	for (dsc = signals; dsc && dsc->dbus_signal; dsc++) {
-		iface = add_interface(list, dsc->dbus_interface);
-		if (iface)
-			add_entry(iface->xml, "signal", dsc->dbus_signal,
-				  dsc->args, 0);
-	}
-}
-
-
-static void extract_interfaces_properties(
-	struct dl_list *list, const struct wpa_dbus_property_desc *properties)
-{
-	const struct wpa_dbus_property_desc *dsc;
-	struct interfaces *iface;
-
-	for (dsc = properties; dsc && dsc->dbus_property; dsc++) {
-		iface = add_interface(list, dsc->dbus_interface);
-		if (iface)
-			add_property(iface->xml, dsc);
-	}
-}
-
-
-/**
- * extract_interfaces - Extract interfaces from methods, signals and props
- * @list: Interface list to be filled
- * @obj_dsc: Description of object from which interfaces will be extracted
- *
- * Iterates over all methods, signals, and properties registered with an
- * object and collects all declared DBus interfaces and create interfaces'
- * node in XML root node for each. Returned list elements contain interface
- * name and XML node of corresponding interface.
- */
-static void extract_interfaces(struct dl_list *list,
-			       struct wpa_dbus_object_desc *obj_dsc)
-{
-	extract_interfaces_methods(list, obj_dsc->methods);
-	extract_interfaces_signals(list, obj_dsc->signals);
-	extract_interfaces_properties(list, obj_dsc->properties);
-}
-
-
-static void add_interfaces(struct dl_list *list, struct wpabuf *xml)
-{
-	struct interfaces *iface, *n;
-
-	dl_list_for_each_safe(iface, n, list, struct interfaces, list) {
-		if (wpabuf_len(iface->xml) + 20 < wpabuf_tailroom(xml)) {
-			wpabuf_put_buf(xml, iface->xml);
-			wpabuf_put_str(xml, "</interface>");
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "dbus: Not enough room for add_interfaces inspect data: tailroom %u, add %u",
-				   (unsigned int) wpabuf_tailroom(xml),
-				   (unsigned int) wpabuf_len(iface->xml));
-		}
-		dl_list_del(&iface->list);
-		wpabuf_free(iface->xml);
-		os_free(iface->dbus_interface);
-		os_free(iface);
-	}
-}
-
-
-static void add_child_nodes(struct wpabuf *xml, DBusConnection *con,
-			    const char *path)
-{
-	char **children;
-	int i;
-
-	/* add child nodes to introspection tree */
-	dbus_connection_list_registered(con, path, &children);
-	for (i = 0; children[i]; i++)
-		wpabuf_printf(xml, "<node name=\"%s\"/>", children[i]);
-	dbus_free_string_array(children);
-}
-
-
-static void add_introspectable_interface(struct wpabuf *xml)
-{
-	wpabuf_printf(xml, "<interface name=\"%s\">"
-		      "<method name=\"%s\">"
-		      "<arg name=\"data\" type=\"s\" direction=\"out\"/>"
-		      "</method>"
-		      "</interface>",
-		      WPA_DBUS_INTROSPECTION_INTERFACE,
-		      WPA_DBUS_INTROSPECTION_METHOD);
-}
-
-
-static void add_properties_interface(struct wpabuf *xml)
-{
-	wpabuf_printf(xml, "<interface name=\"%s\">",
-		      WPA_DBUS_PROPERTIES_INTERFACE);
-
-	wpabuf_printf(xml, "<method name=\"%s\">", WPA_DBUS_PROPERTIES_GET);
-	add_arg(xml, "interface", "s", "in");
-	add_arg(xml, "propname", "s", "in");
-	add_arg(xml, "value", "v", "out");
-	wpabuf_put_str(xml, "</method>");
-
-	wpabuf_printf(xml, "<method name=\"%s\">", WPA_DBUS_PROPERTIES_GETALL);
-	add_arg(xml, "interface", "s", "in");
-	add_arg(xml, "props", "a{sv}", "out");
-	wpabuf_put_str(xml, "</method>");
-
-	wpabuf_printf(xml, "<method name=\"%s\">", WPA_DBUS_PROPERTIES_SET);
-	add_arg(xml, "interface", "s", "in");
-	add_arg(xml, "propname", "s", "in");
-	add_arg(xml, "value", "v", "in");
-	wpabuf_put_str(xml, "</method>");
-
-	wpabuf_put_str(xml, "</interface>");
-}
-
-
-static void add_wpas_interfaces(struct wpabuf *xml,
-				struct wpa_dbus_object_desc *obj_dsc)
-{
-	struct dl_list ifaces;
-
-	dl_list_init(&ifaces);
-	extract_interfaces(&ifaces, obj_dsc);
-	add_interfaces(&ifaces, xml);
-}
-
-
-/**
- * wpa_dbus_introspect - Responds for Introspect calls on object
- * @message: Message with Introspect call
- * @obj_dsc: Object description on which Introspect was called
- * Returns: Message with introspection result XML string as only argument
- *
- * Iterates over all methods, signals and properties registered with
- * object and generates introspection data for the object as XML string.
- */
-DBusMessage * wpa_dbus_introspect(DBusMessage *message,
-				  struct wpa_dbus_object_desc *obj_dsc)
-{
-
-	DBusMessage *reply;
-	struct wpabuf *xml;
-
-	xml = wpabuf_alloc(30000);
-	if (xml == NULL)
-		return NULL;
-
-	wpabuf_put_str(xml, "<?xml version=\"1.0\"?>\n");
-	wpabuf_put_str(xml, DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE);
-	wpabuf_put_str(xml, "<node>");
-
-	add_introspectable_interface(xml);
-	add_properties_interface(xml);
-	add_wpas_interfaces(xml, obj_dsc);
-	add_child_nodes(xml, obj_dsc->connection,
-			dbus_message_get_path(message));
-
-	wpabuf_put_str(xml, "</node>\n");
-
-	reply = dbus_message_new_method_return(message);
-	if (reply) {
-		const char *intro_str = wpabuf_head(xml);
-
-		dbus_message_append_args(reply, DBUS_TYPE_STRING, &intro_str,
-					 DBUS_TYPE_INVALID);
-	}
-	wpabuf_free(xml);
-
-	return reply;
-}
diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
deleted file mode 100644
index d97ff392175d..000000000000
--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+++ /dev/null
@@ -1,5 +0,0 @@
-[D-BUS Service]
-Name=fi.w1.wpa_supplicant1
-Exec=@BINDIR@/wpa_supplicant -u
-User=root
-SystemdService=wpa_supplicant.service
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
deleted file mode 100644
index a4719dbb543d..000000000000
--- a/wpa_supplicant/defconfig
+++ /dev/null
@@ -1,635 +0,0 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for MACsec capable Qualcomm Atheros drivers
-#CONFIG_DRIVER_MACSEC_QCA=y
-
-# Driver interface for Linux MACsec drivers
-CONFIG_DRIVER_MACSEC_LINUX=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
-# MACsec is included)
-CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-CONFIG_EAP_FAST=y
-
-# EAP-TEAP
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# EAP-GTC
-CONFIG_EAP_GTC=y
-
-# EAP-OTP
-CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# Enable SIM simulator (Milenage) for EAP-SIM
-#CONFIG_SIM_SIMULATOR=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-CONFIG_EAP_PWD=y
-
-# EAP-PAX
-CONFIG_EAP_PAX=y
-
-# LEAP
-CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable WPS external registrar functionality
-#CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# MACsec
-CONFIG_MACSEC=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-#CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-#CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Simultaneous Authentication of Equals (SAE), WPA3-Personal
-CONFIG_SAE=y
-
-# Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-#	path is given on command line, not here; this option is just used to
-#	select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-#CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-#CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-#CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# Support Operating Channel Validation
-#CONFIG_OCV=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-#CONFIG_TLS=openssl
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for new DBus control interface
-# (fi.w1.wpa_supplicant1)
-CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-#CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-#CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-#CONFIG_GETRANDOM=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-#CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-CONFIG_P2P=y
-
-# Enable TDLS support
-CONFIG_TDLS=y
-
-# Wi-Fi Display
-# This can be used to enable Wi-Fi Display extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
-CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-# File-based backend to read passwords from an external file.
-#CONFIG_EXT_PASSWORD_FILE=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# OS X builds. This is only for building eapol_test.
-#CONFIG_OSX=y
-
-# Automatic Channel Selection
-# This will allow wpa_supplicant to pick the channel automatically when channel
-# is set to "0".
-#
-# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
-# to "channel=0". This would enable us to eventually add other ACS algorithms in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
-# a newly to create wpa_supplicant.conf variable acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
-CONFIG_DPP=y
-# DPP version 2 support
-CONFIG_DPP2=y
-# DPP version 3 support (experimental and still changing; do not enable for
-# production use)
-#CONFIG_DPP3=y
-
-# Wired equivalent privacy (WEP)
-# WEP is an obsolete cryptographic data confidentiality algorithm that is not
-# considered secure. It should not be used for anything anymore. The
-# functionality needed to use WEP is available in the current wpa_supplicant
-# release under this optional build parameter. This functionality is subject to
-# be completely removed in a future release.
-#CONFIG_WEP=y
-
-# Remove all TKIP functionality
-# TKIP is an old cryptographic data confidentiality algorithm that is not
-# considered secure. It should not be used anymore for anything else than a
-# backwards compatibility option as a group cipher when connecting to APs that
-# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes
-# support for this by default, but that functionality is subject to be removed
-# in the future.
-#CONFIG_NO_TKIP=y
-
-# Pre-Association Security Negotiation (PASN)
-# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol
-# design is still subject to change. As such, this should not yet be enabled in
-# production use.
-#CONFIG_PASN=y
diff --git a/wpa_supplicant/doc/docbook/.gitignore b/wpa_supplicant/doc/docbook/.gitignore
deleted file mode 100644
index dac35c5a5edd..000000000000
--- a/wpa_supplicant/doc/docbook/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-manpage.links
-manpage.refs
-manpage.log
-*.8
-*.5
-*.html
-*.pdf
diff --git a/wpa_supplicant/doc/docbook/Makefile b/wpa_supplicant/doc/docbook/Makefile
deleted file mode 100644
index 82f9de315dc5..000000000000
--- a/wpa_supplicant/doc/docbook/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-all: man html pdf
-
-FILES += wpa_background
-FILES += wpa_cli
-FILES += wpa_gui
-FILES += wpa_passphrase
-FILES += wpa_priv
-FILES += wpa_supplicant.conf
-FILES += wpa_supplicant
-FILES += eapol_test
-
-man:
-	for i in $(FILES); do docbook2man $$i.sgml; done
-
-html:
-	for i in $(FILES); do docbook2html $$i.sgml && \
-		mv index.html $$i.html; done
-
-pdf:
-	for i in $(FILES); do docbook2pdf $$i.sgml; done
-
-
-clean:
-	rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8 eapol_test.8
-	rm -f wpa_supplicant.conf.5
-	rm -f manpage.links manpage.refs
-	rm -f $(FILES:%=%.pdf)
-	rm -f $(FILES:%=%.html)
diff --git a/wpa_supplicant/doc/docbook/eapol_test.sgml b/wpa_supplicant/doc/docbook/eapol_test.sgml
deleted file mode 100644
index 4cfa3c1db384..000000000000
--- a/wpa_supplicant/doc/docbook/eapol_test.sgml
+++ /dev/null
@@ -1,209 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>eapol_test</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>eapol_test</refname>
-
-    <refpurpose>EAP peer and RADIUS client testing</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>eapol_test</command>
-      <arg>-nWS</arg>
-      <arg>-c<replaceable>config file</replaceable></arg>
-      <arg>-a<replaceable>server IP address</replaceable></arg>
-      <arg>-A<replaceable>client IP address</replaceable></arg>
-      <arg>-p<replaceable>UDP port</replaceable></arg>
-      <arg>-s<replaceable>shared secret</replaceable></arg>
-      <arg>-r<replaceable>re-authentications</replaceable></arg>
-      <arg>-t<replaceable>timeout</replaceable></arg>
-      <arg>-C<replaceable>Connect-Info</replaceable></arg>
-      <arg>-M<replaceable>MAC address</replaceable></arg>
-      <arg>-o<replaceable>file</replaceable></arg>
-      <arg>-N<replaceable>attr spec</replaceable></arg>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>eapol_test scard</command>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>eapol_test sim</command>
-      <arg>PIN</arg>
-      <arg>num triplets</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>Overview</title>
-
-    <para>eapol_test is a program that links together the same EAP
-    peer implementation that wpa_supplicant is using and the RADIUS
-    authentication client code from hostapd. In addition, it has
-    minimal glue code to combine these two components in similar
-    ways to IEEE 802.1X/EAPOL Authenticator state machines. In other
-    words, it integrates IEEE 802.1X Authenticator (normally, an
-    access point) and IEEE 802.1X Supplicant (normally, a wireless
-    client) together to generate a single program that can be used to
-    test EAP methods without having to setup an access point and a
-    wireless client.</para>
-
-    <para>The main uses for eapol_test are in interoperability testing
-    of EAP methods against RADIUS servers and in development testing
-    for new EAP methods. It can be easily used to automate EAP testing
-    for interoperability and regression since the program can be run
-    from shell scripts without require additional test components apart
-    from a RADIUS server. For example, the automated EAP tests described
-    in eap_testing.txt are implemented with eapol_test. Similarly,
-    eapol_test could be used to implement an automated regression
-    test suite for a RADIUS authentication server.</para>
-
-
-    <para>As an example:</para>
-
-<blockquote><programlisting>
-eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
-</programlisting></blockquote>
-
-    <para>tries to complete EAP authentication based on the network
-    configuration from test.conf against the RADIUS server running
-    on the local host. A re-authentication is triggered to test fast
-    re-authentication. The configuration file uses the same format for
-    network blocks as wpa_supplicant.</para>
-
-  </refsect1>
-  <refsect1>
-    <title>Command Arguments</title>
-    <variablelist>
-      <varlistentry>
-	<term>-c configuration file path</term>
-
-	<listitem><para>A configuration to use.  The configuration should
-	use the same format for network blocks as wpa_supplicant.
-	</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-a AS address</term>
-
-	<listitem><para>IP address of the authentication server.  The
-	default is '127.0.0.1'.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-A client address</term>
-
-	<listitem><para>IP address of the client.  The default is to
-	select an address automatically.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-p AS port</term>
-
-	<listitem><para>UDP port of the authentication server. The
-	default is '1812'.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s AS secret</term>
-
-	<listitem><para>Shared secret with the authentication server.
-	The default is 'radius'.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r count</term>
-
-	<listitem><para>Number of reauthentications.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t timeout</term>
-
-	<listitem><para>Timeout in seconds. The default is 30.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-C info</term>
-
-	<listitem><para>RADIUS Connect-Info.  The default is
-	'CONNECT 11Mbps 802.11b'.</para></listitem>
-      </varlistentry>
-
-
-      <varlistentry>
-	<term>-M mac address</term>
-
-	<listitem><para>Client MAC address (Calling-Station-Id).  The
-	default is '02:00:00:00:00:01'.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-o file</term>
-
-	<listitem><para>Location to write out server certificate.
-	</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-N attr spec</term>
-
-	<listitem><para>Send arbitrary attribute specific by
-	attr_id:syntax:value, or attr_id alone.  attr_id should be the numeric
-	ID of the attribute, and syntax should be one of 's' (string),
-	'd' (integer), or 'x' (octet string). The value is the attribute value
-	to send.  When attr_id is given alone, NULL is used as the attribute
-	value.  Multiple attributes can be specified by using the option
-	several times.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-n</term>
-
-	<listitem><para>Indicates that no MPPE keys are expected.
-	</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-W</term>
-
-	<listitem><para>Wait for a control interface monitor before starting.
-	</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-S</term>
-
-	<listitem><para>Save configuration after authentication.
-	</para></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_background.sgml b/wpa_supplicant/doc/docbook/wpa_background.sgml
deleted file mode 100644
index 22241ccf9006..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_background.sgml
+++ /dev/null
@@ -1,105 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_background</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_background</refname>
-    <refpurpose>Background information on Wi-Fi Protected Access and IEEE 802.11i</refpurpose>
-  </refnamediv>
-  <refsect1>
-    <title>WPA</title>
-
-    <para>The original security mechanism of IEEE 802.11 standard was
-    not designed to be strong and has proven to be insufficient for
-    most networks that require some kind of security. Task group I
-    (Security) of IEEE 802.11 working group
-    (http://www.ieee802.org/11/) has worked to address the flaws of
-    the base standard and has in practice completed its work in May
-    2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was
-    approved in June 2004 and published in July 2004.</para>
-
-    <para>Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version
-    of the IEEE 802.11i work (draft 3.0) to define a subset of the
-    security enhancements that can be implemented with existing wlan
-    hardware. This is called Wi-Fi Protected Access&lt;TM&gt; (WPA). This
-    has now become a mandatory component of interoperability testing
-    and certification done by Wi-Fi Alliance. Wi-Fi provides
-    information about WPA at its web site
-    (http://www.wi-fi.org/OpenSection/protected_access.asp).</para>
-
-    <para>IEEE 802.11 standard defined wired equivalent privacy (WEP)
-    algorithm for protecting wireless networks. WEP uses RC4 with
-    40-bit keys, 24-bit initialization vector (IV), and CRC32 to
-    protect against packet forgery. All these choices have proven to
-    be insufficient: key space is too small against current attacks,
-    RC4 key scheduling is insufficient (beginning of the pseudorandom
-    stream should be skipped), IV space is too small and IV reuse
-    makes attacks easier, there is no replay protection, and non-keyed
-    authentication does not protect against bit flipping packet
-    data.</para>
-
-    <para>WPA is an intermediate solution for the security issues. It
-    uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP
-    is a compromise on strong security and possibility to use existing
-    hardware. It still uses RC4 for the encryption like WEP, but with
-    per-packet RC4 keys. In addition, it implements replay protection,
-    keyed packet authentication mechanism (Michael MIC).</para>
-
-    <para>Keys can be managed using two different mechanisms. WPA can
-    either use an external authentication server (e.g., RADIUS) and
-    EAP just like IEEE 802.1X is using or pre-shared keys without need
-    for additional servers. Wi-Fi calls these "WPA-Enterprise" and
-    "WPA-Personal", respectively. Both mechanisms will generate a
-    master session key for the Authenticator (AP) and Supplicant
-    (client station).</para>
-
-    <para>WPA implements a new key handshake (4-Way Handshake and
-    Group Key Handshake) for generating and exchanging data encryption
-    keys between the Authenticator and Supplicant. This handshake is
-    also used to verify that both Authenticator and Supplicant know
-    the master session key. These handshakes are identical regardless
-    of the selected key management mechanism (only the method for
-    generating master session key changes).</para>
-  </refsect1>
-
-  <refsect1>
-    <title>IEEE 802.11i / WPA2</title>
-
-    <para>The design for parts of IEEE 802.11i that were not included
-    in WPA has finished (May 2004) and this amendment to IEEE 802.11
-    was approved in June 2004. Wi-Fi Alliance is using the final IEEE
-    802.11i as a new version of WPA called WPA2. This includes, e.g.,
-    support for more robust encryption algorithm (CCMP: AES in Counter
-    mode with CBC-MAC) to replace TKIP and optimizations for handoff
-    (reduced number of messages in initial key handshake,
-    pre-authentication, and PMKSA caching).</para>
-  </refsect1>
-
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_cli.sgml b/wpa_supplicant/doc/docbook/wpa_cli.sgml
deleted file mode 100644
index 2ba1fe42236a..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_cli.sgml
+++ /dev/null
@@ -1,360 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_cli</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_cli</refname>
-
-    <refpurpose>WPA command line client</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>wpa_cli</command>
-      <arg>-p <replaceable>path to ctrl sockets</replaceable></arg>
-      <arg>-g <replaceable>path to global ctrl_interface socket</replaceable></arg>
-      <arg>-i <replaceable>ifname</replaceable></arg>
-      <arg>-hvB</arg>
-      <arg>-a <replaceable>action file</replaceable></arg>
-      <arg>-P <replaceable>pid file</replaceable></arg>
-      <arg>-G <replaceable>ping interval</replaceable></arg>
-      <arg><replaceable>command ...</replaceable></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>Overview</title>
-
-    <para>wpa_cli is a text-based frontend program for interacting
-    with wpa_supplicant. It is used to query current status, change
-    configuration, trigger events, and request interactive user
-    input.</para>
-
-    <para>wpa_cli can show the current authentication status, selected
-    security mode, dot11 and dot1x MIBs, etc. In addition, it can
-    configure some variables like EAPOL state machine parameters and
-    trigger events like reassociation and IEEE 802.1X
-    logoff/logon. wpa_cli provides a user interface to request
-    authentication information, like username and password, if these
-    are not included in the configuration. This can be used to
-    implement, e.g., one-time-passwords or generic token card
-    authentication where the authentication is based on a
-    challenge-response that uses an external device for generating the
-    response.</para>
-
-    <para>The control interface of wpa_supplicant can be configured to
-    allow non-root user access (ctrl_interface GROUP= parameter in the
-    configuration file). This makes it possible to run wpa_cli with a
-    normal user account.</para>
-
-    <para>wpa_cli supports two modes: interactive and command
-    line. Both modes share the same command set and the main
-    difference is in interactive mode providing access to unsolicited
-    messages (event messages, username/password requests).</para>
-
-    <para>Interactive mode is started when wpa_cli is executed without
-    including the command as a command line parameter. Commands are
-    then entered on the wpa_cli prompt. In command line mode, the same
-    commands are entered as command line arguments for wpa_cli.</para>
- </refsect1>
- <refsect1>
-   <title>Interactive authentication parameters request</title>
-
-   <para>When wpa_supplicant need authentication parameters, like
-   username and password, which are not present in the configuration
-   file, it sends a request message to all attached frontend programs,
-   e.g., wpa_cli in interactive mode. wpa_cli shows these requests
-   with "CTRL-REQ-&lt;type&gt;-&lt;id&gt;:&lt;text&gt;"
-   prefix. &lt;type&gt; is IDENTITY, PASSWORD, or OTP
-   (one-time-password). &lt;id&gt; is a unique identifier for the
-   current network. &lt;text&gt; is description of the request. In
-   case of OTP request, it includes the challenge from the
-   authentication server.</para>
-
-    <para>The reply to these requests can be given with
-    <emphasis>identity</emphasis>, <emphasis>password</emphasis>, and
-    <emphasis>otp</emphasis> commands. &lt;id&gt; needs to be copied from
-    the matching request. <emphasis>password</emphasis> and
-    <emphasis>otp</emphasis> commands can be used regardless of whether
-    the request was for PASSWORD or OTP. The main difference between these
-    two commands is that values given with <emphasis>password</emphasis> are
-    remembered as long as wpa_supplicant is running whereas values given
-    with <emphasis>otp</emphasis> are used only once and then forgotten,
-    i.e., wpa_supplicant will ask frontend for a new value for every use.
-    This can be used to implement one-time-password lists and generic token
-    card -based authentication.</para>
-
-    <para>Example request for password and a matching reply:</para>
-
-<blockquote><programlisting>
-CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
-> password 1 mysecretpassword
-</programlisting></blockquote>
-
-    <para>Example request for generic token card challenge-response:</para>
-
-<blockquote><programlisting>
-CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
-> otp 2 9876
-</programlisting></blockquote>
-
-  </refsect1>
-  <refsect1>
-    <title>Command Arguments</title>
-    <variablelist>
-      <varlistentry>
-	<term>-p path</term>
-
-	<listitem><para>Change the path where control sockets should
-	be found.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-g control socket path</term>
-
-	<listitem><para>Connect to the global control socket at the
-	indicated path rather than an interface-specific control
-	socket.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-i ifname</term>
-
-        <listitem><para>Specify the interface that is being
-	configured.  By default, choose the first interface found with
-	a control socket in the socket path.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-	<listitem><para>Help.  Show a usage message.</para></listitem>
-      </varlistentry>
-
-
-      <varlistentry>
-	<term>-v</term>
-	<listitem><para>Show version information.</para></listitem>
-      </varlistentry>
-
-
-      <varlistentry>
-	<term>-B</term>
-	<listitem><para>Run as a daemon in the background.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-a file</term>
-
-	<listitem><para>Run in daemon mode executing the action file
-        based on events from wpa_supplicant.  The specified file will
-	be executed with the first argument set to interface name and
-	second to "CONNECTED" or "DISCONNECTED" depending on the event.
-	This can be used to execute networking tools required to configure
-	the interface.</para>
-
-	<para>Additionally, three environmental variables are available to
-	the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
-	contains the absolute path to the ctrl_interface socket. WPA_ID
-	contains the unique network_id identifier assigned to the active
-	network, and WPA_ID_STR contains the content of the id_str option.
-	</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-P file</term>
-
-	<listitem><para>Set the location of the PID
-	file.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-G ping interval</term>
-
-	<listitem><para>Set the interval (in seconds) at which
-	wpa_cli pings the supplicant.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>command</term>
-
-	<listitem><para>Run a command.  The available commands are
-	listed in the next section.</para></listitem>
-
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-  <refsect1>
-    <title>Commands</title>
-    <para>The following commands are available:</para>
-
-    <variablelist>
-      <varlistentry>
-	<term>status</term>
-	<listitem>
-	  <para>get current WPA/EAPOL/EAP status</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>mib</term>
-	<listitem>
-	  <para>get MIB variables (dot1x, dot11)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>help</term>
-	<listitem>
-	  <para>show this usage help</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>interface [ifname]</term>
-	<listitem>
-	  <para>show interfaces/select interface</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>level &lt;debug level&gt;</term>
-	<listitem>
-	  <para>change debug level</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>license</term>
-	<listitem>
-	  <para>show full wpa_cli license</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>logoff</term>
-	<listitem>
-	  <para>IEEE 802.1X EAPOL state machine logoff</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>logon</term>
-	<listitem>
-	  <para>IEEE 802.1X EAPOL state machine logon</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>set</term>
-	<listitem>
-	  <para>set variables (shows list of variables when run without arguments)</para>
-	</listitem>
-      </varlistentry>
-      <varlistentry>
-	<term>pmksa</term>
-	<listitem>
-	  <para>show PMKSA cache</para>
-	</listitem>
-      </varlistentry>
-      <varlistentry>
-	<term>reassociate</term>
-	<listitem>
-	  <para>force reassociation</para>
-	</listitem>
-      </varlistentry>
-      <varlistentry>
-	<term>reconfigure</term>
-	<listitem>
-	  <para>force wpa_supplicant to re-read its configuration file</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>preauthenticate &lt;BSSID&gt;</term>
-	<listitem>
-	  <para>force preauthentication</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>identity &lt;network id&gt; &lt;identity&gt;</term>
-	<listitem>
-	  <para>configure identity for an SSID</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>password &lt;network id&gt; &lt;password&gt;</term>
-	<listitem>
-	  <para>configure password for an SSID</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>pin &lt;network id&gt; &lt;pin&gt;</term>
-	<listitem>
-	  <para>configure pin for an SSID</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>otp &lt;network id&gt; &lt;password&gt;</term>
-	<listitem>
-	  <para>configure one-time-password for an SSID</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>bssid &lt;network id&gt; &lt;BSSID&gt;</term>
-	<listitem>
-	  <para>set preferred BSSID for an SSID</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>list_networks</term>
-	<listitem>
-	  <para>list configured networks</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>terminate</term>
-	<listitem>
-	  <para>terminate <command>wpa_supplicant</command></para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>quit</term>
-	<listitem><para>exit wpa_cli</para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_gui.sgml b/wpa_supplicant/doc/docbook/wpa_gui.sgml
deleted file mode 100644
index cb0c735e4ce7..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_gui.sgml
+++ /dev/null
@@ -1,106 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_gui</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_gui</refname>
-
-    <refpurpose>WPA Graphical User Interface</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>wpa_gui</command>
-      <arg>-p <replaceable>path to ctrl sockets</replaceable></arg>
-      <arg>-i <replaceable>ifname</replaceable></arg>
-      <arg>-m <replaceable>seconds</replaceable></arg>
-      <arg>-t</arg>
-      <arg>-q</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>Overview</title>
-
-    <para>wpa_gui is a QT graphical frontend program for interacting
-    with wpa_supplicant. It is used to query current status, change
-    configuration and request interactive user input.</para>
-
-    <para>wpa_gui supports (almost) all of the interactive status and
-    configuration features of the command line client, wpa_cli. Refer
-    to the wpa_cli manpage for a comprehensive list of the
-    interactive mode features.</para>
-  </refsect1>
-  <refsect1>
-    <title>Command Arguments</title>
-    <variablelist>
-      <varlistentry>
-	<term>-p path</term>
-
-	<listitem><para>Change the path where control sockets should
-	be found.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-i ifname</term>
-
-        <listitem><para>Specify the interface that is being
-	configured. By default, choose the first interface found with
-	a control socket in the socket path.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-m seconds</term>
-
-	<listitem><para>Set the update interval in seconds for the signal
-	strength meter. This value must be a positive integer, otherwise
-	meter is not enabled (default behavior).</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t</term>
-
-        <listitem><para>Start program in the system tray only (if the window
-	manager supports it). By default the main status window is
-	shown.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-q</term>
-
-        <listitem><para>Run program in the quiet mode - do not display tray
-	icon pop-up messages.</para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_cli</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
deleted file mode 100644
index 077296904f89..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_passphrase</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_passphrase</refname>
-    <refpurpose>Generate a WPA PSK from an ASCII passphrase for a SSID</refpurpose>
-  </refnamediv>
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>wpa_passphrase</command>
-      <arg><replaceable>ssid</replaceable></arg>
-      <arg><replaceable>passphrase</replaceable></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>Overview</title>
-
-    <para><command>wpa_passphrase</command> pre-computes PSK entries for
-    network configuration blocks of a
-    <filename>wpa_supplicant.conf</filename> file. An ASCII passphrase
-    and SSID are used to generate a 256-bit PSK.</para>
-  </refsect1>
-
-  <refsect1>
-    <title>Options</title>
-    <variablelist>
-      <varlistentry>
-	<term>ssid</term>
-	<listitem>
-	  <para>The SSID whose passphrase should be derived.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>passphrase</term>
-	<listitem>
-	  <para>The passphrase to use. If not included on the command line,
-	  passphrase will be read from standard input.</para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant.conf</refentrytitle>
-	<manvolnum>5</manvolnum>
-      </citerefentry>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-
-  </refsect1>
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_priv.sgml b/wpa_supplicant/doc/docbook/wpa_priv.sgml
deleted file mode 100644
index 0d5c94a9f776..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_priv.sgml
+++ /dev/null
@@ -1,152 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_priv</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_priv</refname>
-
-    <refpurpose>wpa_supplicant privilege separation helper</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>wpa_priv</command>
-      <arg>-c <replaceable>ctrl path</replaceable></arg>
-      <arg>-Bdd</arg>
-      <arg>-P <replaceable>pid file</replaceable></arg>
-      <arg>driver:ifname <replaceable>[driver:ifname ...]</replaceable></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>Overview</title>
-
-    <para><command>wpa_priv</command> is a privilege separation helper that
-    minimizes the size of <command>wpa_supplicant</command> code that needs
-    to be run with root privileges.</para>
-
-    <para>If enabled, privileged operations are done in the wpa_priv process
-    while leaving rest of the code (e.g., EAP authentication and WPA
-    handshakes) to operate in an unprivileged process (wpa_supplicant) that
-    can be run as non-root user. Privilege separation restricts the effects
-    of potential software errors by containing the majority of the code in an
-    unprivileged process to avoid the possibility of a full system
-    compromise.</para>
-
-    <para><command>wpa_priv</command> needs to be run with network admin
-    privileges (usually, root user). It opens a UNIX domain socket for each
-    interface that is included on the command line; any other interface will
-    be off limits for <command>wpa_supplicant</command> in this kind of
-    configuration. After this, <command>wpa_supplicant</command> can be run as
-    a non-root user (e.g., all standard users on a laptop or as a special
-    non-privileged user account created just for this purpose to limit access
-    to user files even further).</para>
-  </refsect1>
-  <refsect1>
-    <title>Example configuration</title>
-
-    <para>The following steps are an example of how to configure
-    <command>wpa_priv</command> to allow users in the
-    <emphasis>wpapriv</emphasis> group to communicate with
-    <command>wpa_supplicant</command> with privilege separation:</para>
-
-    <para>Create user group (e.g., wpapriv) and assign users that
-    should be able to use wpa_supplicant into that group.</para>
-
-    <para>Create /var/run/wpa_priv directory for UNIX domain sockets and
-    control user access by setting it accessible only for the wpapriv
-    group:</para>
-
-<blockquote><programlisting>
-mkdir /var/run/wpa_priv
-chown root:wpapriv /var/run/wpa_priv
-chmod 0750 /var/run/wpa_priv
-</programlisting></blockquote>
-
-    <para>Start <command>wpa_priv</command> as root (e.g., from system
-    startup scripts) with the enabled interfaces configured on the
-    command line:</para>
-
-<blockquote><programlisting>
-wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0
-</programlisting></blockquote>
-
-    <para>Run <command>wpa_supplicant</command> as non-root with a user
-    that is in the wpapriv group:</para>
-
-<blockquote><programlisting>
-wpa_supplicant -i ath0 -c wpa_supplicant.conf
-</programlisting></blockquote>
-
-  </refsect1>
-  <refsect1>
-    <title>Command Arguments</title>
-    <variablelist>
-      <varlistentry>
-	<term>-c ctrl path</term>
-
-	<listitem><para>Specify the path to wpa_priv control directory
-	(Default: /var/run/wpa_priv/).</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-B</term>
-	<listitem><para>Run as a daemon in the background.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-P file</term>
-
-	<listitem><para>Set the location of the PID
-	file.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>driver:ifname [driver:ifname ...]</term>
-
-	<listitem><para>The &lt;driver&gt; string dictates which of the
-	supported <command>wpa_supplicant</command> driver backends is to be
-	used. To get a list of supported driver types see wpa_supplicant help
-	(e.g, wpa_supplicant -h). The driver backend supported by most good
-	drivers is <emphasis>wext</emphasis>.</para>
-
-	<para>The &lt;ifname&gt; string specifies which network
-	interface is to be managed by <command>wpa_supplicant</command>
-	(e.g., wlan0 or ath0).</para>
-
-	<para><command>wpa_priv</command> does not use the network interface
-	before <command>wpa_supplicant</command> is started, so it is fine to
-	include network interfaces that are not available at the time wpa_priv
-	is started. wpa_priv can control multiple interfaces with one process,
-	but it is also possible to run multiple <command>wpa_priv</command>
-	processes at the same time, if desired.</para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml
deleted file mode 100644
index 8a0314e8fb98..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml
+++ /dev/null
@@ -1,243 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_supplicant.conf</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_supplicant.conf</refname>
-    <refpurpose>configuration file for wpa_supplicant</refpurpose>
-  </refnamediv>
-  <refsect1>
-    <title>Overview</title>
-
-    <para><command>wpa_supplicant</command> is configured using a text
-    file that lists all accepted networks and security policies,
-    including pre-shared keys. See the example configuration file,
-    probably in <command>/usr/share/doc/wpa_supplicant/</command>, for
-    detailed information about the configuration format and supported
-    fields.</para>
-
-    <para>All file paths in this configuration file should use full
-    (absolute, not relative to working directory) path in order to allow
-    working directory to be changed. This can happen if wpa_supplicant is
-    run in the background.</para>
-
-    <para>Changes to configuration file can be reloaded be sending
-    SIGHUP signal to <command>wpa_supplicant</command> ('killall -HUP
-    wpa_supplicant'). Similarly, reloading can be triggered with
-    the <emphasis>wpa_cli reconfigure</emphasis> command.</para>
-
-    <para>Configuration file can include one or more network blocks,
-    e.g., one for each used SSID. wpa_supplicant will automatically
-    select the best network based on the order of network blocks in
-    the configuration file, network security level (WPA/WPA2 is
-    preferred), and signal strength.</para>
-  </refsect1>
-
-  <refsect1>
-    <title>Quick Examples</title>
-
-    <orderedlist>
-      <listitem>
-
-      <para>WPA-Personal (PSK) as home network and WPA-Enterprise with
-      EAP-TLS as work network.</para>
-
-<blockquote><programlisting>
-# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
-#
-# home network; allow all valid ciphers
-network={
-	ssid="home"
-	scan_ssid=1
-	key_mgmt=WPA-PSK
-	psk="very secret passphrase"
-}
-#
-# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
-network={
-	ssid="work"
-	scan_ssid=1
-	key_mgmt=WPA-EAP
-	pairwise=CCMP TKIP
-	group=CCMP TKIP
-	eap=TLS
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-}
-</programlisting></blockquote>   
-      </listitem>
-
-      <listitem>
-	<para>WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that
-        use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse
-        Aegis, Interlink RAD-Series)</para>
-
-<blockquote><programlisting>
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP
-	eap=PEAP
-	identity="user@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	phase1="peaplabel=0"
-	phase2="auth=MSCHAPV2"
-}
-</programlisting></blockquote>
-      </listitem>
-
-      <listitem>
-	<para>EAP-TTLS/EAP-MD5-Challenge configuration with anonymous
-        identity for the unencrypted use. Real identity is sent only
-        within an encrypted TLS tunnel.</para>
-
-
-<blockquote><programlisting>
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP
-	eap=TTLS
-	identity="user@example.com"
-	anonymous_identity="anonymous@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	phase2="auth=MD5"
-}
-</programlisting></blockquote>
-
-      </listitem>
-
-      <listitem>
-	<para>IEEE 802.1X (i.e., no WPA) with dynamic WEP keys
-        (require both unicast and broadcast); use EAP-TLS for
-        authentication</para>
-
-<blockquote><programlisting>
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
-network={
-	ssid="1x-test"
-	scan_ssid=1
-	key_mgmt=IEEE8021X
-	eap=TLS
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	eapol_flags=3
-}
-</programlisting></blockquote>
-      </listitem>
-
-
-      <listitem>
-	<para>Catch all example that allows more or less all
-        configuration modes. The configuration options are used based
-        on what security policy is used in the selected SSID. This is
-        mostly for testing and is not recommended for normal
-        use.</para>
-
-<blockquote><programlisting>
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
-	pairwise=CCMP TKIP
-	group=CCMP TKIP WEP104 WEP40
-	psk="very secret passphrase"
-	eap=TTLS PEAP TLS
-	identity="user@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	phase1="peaplabel=0"
-	ca_cert2="/etc/cert/ca2.pem"
-	client_cert2="/etc/cer/user.pem"
-	private_key2="/etc/cer/user.prv"
-	private_key2_passwd="password"
-}
-</programlisting></blockquote>
-      </listitem>
-
-      <listitem>
-	<para>Authentication for wired Ethernet. This can be used with
-        <emphasis>wired</emphasis> or <emphasis>roboswitch</emphasis> interface
-        (-Dwired or -Droboswitch on command line).</para>
-
-<blockquote><programlisting>
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
-ap_scan=0
-network={
-	key_mgmt=IEEE8021X
-	eap=MD5
-	identity="user"
-	password="password"
-	eapol_flags=0
-}
-</programlisting></blockquote>
-      </listitem>
-    </orderedlist>
-
-
-
-
-
-  </refsect1>
-  <refsect1>
-    <title>Certificates</title>
-
-    <para>Some EAP authentication methods require use of
-    certificates. EAP-TLS uses both server side and client
-    certificates whereas EAP-PEAP and EAP-TTLS only require the server
-    side certificate. When client certificate is used, a matching
-    private key file has to also be included in configuration. If the
-    private key uses a passphrase, this has to be configured in
-    wpa_supplicant.conf ("private_key_passwd").</para>
-
-    <para>wpa_supplicant supports X.509 certificates in PEM and DER
-    formats. User certificate and private key can be included in the
-    same file.</para>
-
-    <para>If the user certificate and private key is received in
-    PKCS#12/PFX format, they need to be converted to suitable PEM/DER
-    format for wpa_supplicant. This can be done, e.g., with following
-    commands:</para>
-<blockquote><programlisting>
-# convert client certificate and private key to PEM format
-openssl pkcs12 -in example.pfx -out user.pem -clcerts
-# convert CA certificate (if included in PFX file) to PEM format
-openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
-</programlisting></blockquote>
-  </refsect1>
-
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-      <citerefentry>
-	<refentrytitle>openssl</refentrytitle>
-	<manvolnum>1</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
deleted file mode 100644
index e4a83698393a..000000000000
--- a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
+++ /dev/null
@@ -1,764 +0,0 @@
-<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>07 August 2019</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>wpa_supplicant</refentrytitle>
-    <manvolnum>8</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refname>wpa_supplicant</refname>
-    <refpurpose>Wi-Fi Protected Access client and IEEE 802.1X supplicant</refpurpose>
-  </refnamediv>
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>wpa_supplicant</command>
-      <arg>-BddfhKLqqsTtuvW</arg>
-      <arg>-i<replaceable>ifname</replaceable></arg>
-      <arg>-c<replaceable>config file</replaceable></arg>
-      <arg>-D<replaceable>driver</replaceable></arg>
-      <arg>-P<replaceable>PID_file</replaceable></arg>
-      <arg>-f<replaceable>output file</replaceable></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-  <refsect1>
-    <title>Overview</title>
-
-    <para>
-    Wireless networks do not require physical access to the network equipment
-    in the same way as wired networks. This makes it easier for unauthorized
-    users to passively monitor a network and capture all transmitted frames.
-    In addition, unauthorized use of the network is much easier. In many cases,
-    this can happen even without user's explicit knowledge since the wireless
-    LAN adapter may have been configured to automatically join any available
-    network.
-    </para>
-
-    <para>
-    Link-layer encryption can be used to provide a layer of security for
-    wireless networks. The original wireless LAN standard, IEEE 802.11,
-    included a simple encryption mechanism, WEP. However, that proved to
-    be flawed in many areas and network protected with WEP cannot be consider
-    secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
-    can be used to improve the network security, but even that has inherited
-    security issues due to the use of WEP for encryption. Wi-Fi Protected
-    Access and IEEE 802.11i amendment to the wireless LAN standard introduce
-    a much improved mechanism for securing wireless networks. IEEE 802.11i
-    enabled networks that are using CCMP (encryption mechanism based on strong
-    cryptographic algorithm AES) can finally be called secure used for
-    applications which require efficient protection against unauthorized
-    access.
-    </para>
-
-    <para><command>wpa_supplicant</command> is an implementation of
-    the WPA Supplicant component, i.e., the part that runs in the
-    client stations. It implements WPA key negotiation with a WPA
-    Authenticator and EAP authentication with Authentication
-    Server. In addition, it controls the roaming and IEEE 802.11
-    authentication/association of the wireless LAN driver.</para>
-
-    <para><command>wpa_supplicant</command> is designed to be a
-    "daemon" program that runs in the background and acts as the
-    backend component controlling the wireless
-    connection. <command>wpa_supplicant</command> supports separate
-    frontend programs and an example text-based frontend,
-    <command>wpa_cli</command>, is included with
-    wpa_supplicant.</para>
-
-    <para>Before wpa_supplicant can do its work, the network interface
-    must be available.  That means that the physical device must be
-    present and enabled, and the driver for the device must be
-    loaded. The daemon will exit immediately if the device is not already
-    available.</para>
-
-    <para>After <command>wpa_supplicant</command> has configured the
-    network device, higher level configuration such as DHCP may
-    proceed.  There are a variety of ways to integrate wpa_supplicant
-    into a machine's networking scripts, a few of which are described
-    in sections below.</para>
-
-    <para>The following steps are used when associating with an AP
-    using WPA:</para>
-
-    <itemizedlist>
-      <listitem>
-	<para><command>wpa_supplicant</command> requests the kernel
-	driver to scan neighboring BSSes</para>
-      </listitem>
-
-      <listitem>
-	<para><command>wpa_supplicant</command> selects a BSS based on
-	its configuration</para>
-      </listitem>
-
-      <listitem>
-	<para><command>wpa_supplicant</command> requests the kernel
-        driver to associate with the chosen BSS</para>
-      </listitem>
-
-      <listitem>
-	<para>If WPA-EAP: integrated IEEE 802.1X Supplicant
-        completes EAP authentication with the
-        authentication server (proxied by the Authenticator in the
-        AP)</para>
-      </listitem>
-
-      <listitem>
-	<para>If WPA-EAP: master key is received from the IEEE 802.1X
-	Supplicant</para>
-      </listitem>
-
-      <listitem>
-	<para>If WPA-PSK: <command>wpa_supplicant</command> uses PSK
-	as the master session key</para>
-      </listitem>
-
-      <listitem>
-	<para><command>wpa_supplicant</command> completes WPA 4-Way
-        Handshake and Group Key Handshake with the Authenticator
-        (AP)</para>
-      </listitem>
-
-      <listitem>
-	<para><command>wpa_supplicant</command> configures encryption
-	keys for unicast and broadcast</para>
-      </listitem>
-
-      <listitem>
-	<para>normal data packets can be transmitted and received</para>
-      </listitem>
-    </itemizedlist>
-  </refsect1>
-
-  <refsect1>
-    <title>Supported Features</title>
-    <para>Supported WPA/IEEE 802.11i features:</para>
-    <itemizedlist>
-      <listitem>
-	<para>WPA-PSK ("WPA-Personal")</para>
-      </listitem>
-
-      <listitem>
-	<para>WPA with EAP (e.g., with RADIUS authentication server)
-       ("WPA-Enterprise") Following authentication methods are
-       supported with an integrate IEEE 802.1X Supplicant:</para>
-
-	<itemizedlist>
-	  <listitem>
-	    <para>EAP-TLS</para>
-	  </listitem>
-	</itemizedlist>
-
-	<itemizedlist>
-	  <listitem>
-	    <para>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</para>
-	  </listitem>
-
-
-	  <listitem>
-	    <para>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</para>
-	  </listitem>
-
-	  <listitem>
-	    <para>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</para>
-	  </listitem>
-
-	  <listitem>
-	    <para>EAP-PEAP/OTP (both PEAPv0 and PEAPv1)</para>
-	  </listitem>
-
-	  <listitem>
-	    <para>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</para>
-	  </listitem>
-
-	  <listitem>
-	    <para>EAP-TTLS/EAP-MD5-Challenge</para>
-	  </listitem>
-
-	  <listitem>
-	    <para>EAP-TTLS/EAP-GTC</para>
-	  </listitem>
-
-          <listitem><para>EAP-TTLS/EAP-OTP</para></listitem>
-
-          <listitem><para>EAP-TTLS/EAP-MSCHAPv2</para></listitem>
-
-          <listitem><para>EAP-TTLS/EAP-TLS</para></listitem>
-
-          <listitem><para>EAP-TTLS/MSCHAPv2</para></listitem>
-
-          <listitem><para>EAP-TTLS/MSCHAP</para></listitem>
-
-          <listitem><para>EAP-TTLS/PAP</para></listitem>
-
-          <listitem><para>EAP-TTLS/CHAP</para></listitem>
-
-          <listitem><para>EAP-SIM</para></listitem>
-
-          <listitem><para>EAP-AKA</para></listitem>
-
-          <listitem><para>EAP-PSK</para></listitem>
-
-          <listitem><para>EAP-PAX</para></listitem>
-
-          <listitem><para>LEAP (note: requires special support from
-          the driver for IEEE 802.11 authentication)</para></listitem>
-
-          <listitem><para>(following methods are supported, but since
-          they do not generate keying material, they cannot be used
-          with WPA or IEEE 802.1X WEP keying)</para></listitem>
-
-          <listitem><para>EAP-MD5-Challenge </para></listitem>
-
-          <listitem><para>EAP-MSCHAPv2</para></listitem>
-
-          <listitem><para>EAP-GTC</para></listitem>
-
-          <listitem><para>EAP-OTP</para></listitem>
-	</itemizedlist>
-      </listitem>
-
-      <listitem>
-	<para>key management for CCMP, TKIP, WEP104, WEP40</para>
-      </listitem>
-
-      <listitem>
-	<para>RSN/WPA2 (IEEE 802.11i)</para>
-	<itemizedlist>
-	  <listitem>
-	    <para>pre-authentication</para>
-	  </listitem>
-
-	  <listitem>
-	    <para>PMKSA caching</para>
-	  </listitem>
-	</itemizedlist>
-      </listitem>
-    </itemizedlist>
-  </refsect1>
-
-  <refsect1>
-    <title>Available Drivers</title>
-    <para>A summary of available driver backends is below. Support for each
-    of the driver backends is chosen at wpa_supplicant compile time. For a
-    list of supported driver backends that may be used with the -D option on
-    your system, refer to the help output of wpa_supplicant
-    (<emphasis>wpa_supplicant -h</emphasis>).</para>
-
-    <variablelist>
-      <varlistentry>
-	<term>nl80211</term>
-	<listitem>
-	  <para>Uses the modern Linux nl80211/cfg80211 netlink-based
-	  interface (most new drivers).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>wext</term>
-	<listitem>
-	  <para>Uses the legacy Linux wireless extensions ioctl-based
-	  interface (older hardware/drivers).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>wired</term>
-	<listitem>
-	  <para>wpa_supplicant wired Ethernet driver</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>roboswitch</term>
-	<listitem>
-	  <para>wpa_supplicant Broadcom switch driver</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>bsd</term>
-	<listitem>
-	  <para>BSD 802.11 support (Atheros, etc.).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>ndis</term>
-	<listitem>
-	  <para>Windows NDIS driver.</para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Command Line Options</title>
-    <para>Most command line options have global scope. Some are given per
-    interface, and are only valid if at least one <option>-i</option> option
-    is specified, otherwise they're ignored. Option groups for different
-    interfaces must be separated by <option>-N</option> option.</para>
-    <variablelist>
-      <varlistentry>
-	<term>-b br_ifname</term>
-	<listitem>
-	  <para>Optional bridge interface name. (Per interface)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-B</term>
-	<listitem>
-	  <para>Run daemon in the background.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-c filename</term>
-	<listitem>
-	  <para>Path to configuration file. (Per interface)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-C ctrl_interface</term>
-	<listitem>
-	  <para>Path to ctrl_interface socket (Per interface. Only used if
-		  <option>-c</option> is not).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-i ifname</term>
-	<listitem>
-	  <para>Interface to listen on. Multiple instances of this option can
-	  be present, one per interface, separated by <option>-N</option>
-	  option (see below).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-d</term>
-	<listitem>
-	  <para>Increase debugging verbosity (<option>-dd</option> even
-		  more).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-D driver</term>
-	<listitem>
-	  <para>Driver to use (can be multiple drivers: nl80211,wext).
-		  (Per interface, see the available options below.)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-e entropy file</term>
-	<listitem>
-	  <para>File for <command>wpa_supplicant</command> to use to
-	  maintain its internal entropy store in over restarts.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-f output file</term>
-	<listitem>
-	  <para>Log output to specified file instead of stdout. (This
-	  is only available if <command>wpa_supplicant</command> was
-	  built with the <literal>CONFIG_DEBUG_FILE</literal>
-	  option.)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-g global ctrl_interface</term>
-	<listitem>
-	  <para>Path to global ctrl_interface socket. If specified, interface
-	  definitions may be omitted.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-K</term>
-	<listitem>
-	  <para>Include keys (passwords, etc.) in debug output.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>Help.  Show a usage message.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-L</term>
-	<listitem>
-	  <para>Show license (BSD).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-o override driver</term>
-	<listitem>
-	  <para>Override the driver parameter for new
-	  interfaces.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-O override ctrl_interface</term>
-	<listitem>
-	  <para>Override the ctrl_interface parameter for new
-	  interfaces.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-p</term>
-	<listitem>
-	  <para>Driver parameters. (Per interface)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-P PID_file</term>
-	<listitem>
-	  <para>Path to PID file.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-q</term>
-	<listitem>
-	  <para>Decrease debugging verbosity (<option>-qq</option> even
-		  less).</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s</term>
-	<listitem>
-	  <para>Log output to syslog instead of stdout. (This is only
-	  available if <command>wpa_supplicant</command> was built
-	  with the <literal>CONFIG_DEBUG_SYSLOG</literal>
-	  option.)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-T</term>
-	<listitem>
-	  <para>Log output to Linux tracing in addition to any other
-	  destinations. (This is only available
-	  if <command>wpa_supplicant</command> was built with
-	  the <literal>CONFIG_DEBUG_LINUX_TRACING</literal>
-	  option.)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t</term>
-	<listitem>
-	  <para>Include timestamp in debug messages.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-u</term>
-	<listitem>
-	  <para>Enable DBus control interface. If enabled, interface
-	  definitions may be omitted. (This is only available
-	  if <command>wpa_supplicant</command> was built with
-	  the <literal>CONFIG_CTRL_IFACE_DBUS_NEW</literal> option.)</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-v</term>
-	<listitem>
-	  <para>Show version.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-W</term>
-	<listitem>
-	  <para>Wait for a control interface monitor before starting.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-N</term>
-	<listitem>
-	  <para>Start describing new interface.</para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Examples</title>
-
-    <para>In most common cases, <command>wpa_supplicant</command> is
-    started with:</para>
-
-<blockquote><programlisting>
-wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
-</programlisting></blockquote>
-
-    <para>This makes the process fork into background.</para>
-
-    <para>The easiest way to debug problems, and to get debug log for
-    bug reports, is to start <command>wpa_supplicant</command> on
-    foreground with debugging enabled:</para>
-
-<blockquote><programlisting>
-wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
-</programlisting></blockquote>
-
-    <para>If the specific driver wrapper is not known beforehand, it is
-    possible to specify multiple comma separated driver wrappers on the command
-    line. <command>wpa_supplicant</command> will use the first driver
-    wrapper that is able to initialize the interface.</para>
-
-<blockquote><programlisting>
-wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0
-</programlisting></blockquote>
-
-    <para><command>wpa_supplicant</command> can control multiple
-    interfaces (radios) either by running one process for each
-    interface separately or by running just one process and list of
-    options at command line. Each interface is separated with -N
-    argument. As an example, following command would start
-    wpa_supplicant for two interfaces:</para>
-
-<blockquote><programlisting>
-wpa_supplicant \
-	-c wpa1.conf -i wlan0 -D nl80211 -N \
-	-c wpa2.conf -i ath0 -D wext
-</programlisting></blockquote>
-  </refsect1>
-
-  <refsect1>
-    <title>OS Requirements</title>
-    <para>Current hardware/software requirements:</para>
-
-    <itemizedlist>
-      <listitem>
-	<para>Linux kernel 2.6.30 or higher with
-	nl80211/cfg80211 support</para>
-      </listitem>
-
-      <listitem>
-	<para>Linux kernel 2.4.x or higher with Linux Wireless
-	Extensions v15 or newer</para>
-      </listitem>
-
-      <listitem>
-	<para>FreeBSD 6-CURRENT</para>
-      </listitem>
-
-      <listitem>
-	<para>Microsoft Windows with WinPcap (at least WinXP, may work
-	with other versions)</para>
-      </listitem>
-    </itemizedlist>
-  </refsect1>
-
-  <refsect1>
-    <title>Supported Drivers</title>
-    <variablelist>
-      <varlistentry>
-	<term>Linux nl80211/cfg80211</term>
-	<listitem>
-	  <para>This is the preferred driver for Linux.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>Linux wireless extensions</term>
-	<listitem>
-	  <para>In theory, any driver that supports Linux wireless
-	extensions can be used with IEEE 802.1X (i.e., not WPA) when
-	using ap_scan=0 option in configuration file.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>Wired Ethernet drivers</term>
-	<listitem>
-	  <para>Use ap_scan=0.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>BSD net80211 layer (e.g., Atheros driver)</term>
-	<listitem>
-	  <para>At the moment, this is for FreeBSD 6-CURRENT branch.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>Windows NDIS</term>
-	<listitem>
-	  <para>The current Windows port requires WinPcap
-	(http://winpcap.polito.it/).  See README-Windows.txt for more
-	information.</para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-
-
-    <para>wpa_supplicant was designed to be portable for different
-    drivers and operating systems. Hopefully, support for more wlan
-    cards and OSes will be added in the future. See developer.txt for
-    more information about the design of wpa_supplicant and porting to
-    other drivers. One main goal is to add full WPA/WPA2 support to
-    Linux wireless extensions to allow new drivers to be supported
-    without having to implement new driver-specific interface code in
-    wpa_supplicant.</para>
-  </refsect1>
-
-  <refsect1>
-    <title>Architecture</title> <para>The
-    <command>wpa_supplicant</command> system consists of the following
-    components:</para>
-
-    <variablelist>
-      <varlistentry>
-	<term><filename>wpa_supplicant.conf</filename> </term>
-	<listitem>
-        <para>the configuration file describing all networks that the
-        user wants the computer to connect to.  </para>
-	</listitem>
-      </varlistentry>
-      <varlistentry>
-	<term><command>wpa_supplicant</command></term>
-        <listitem><para>the program that directly interacts with the
-        network interface.  </para></listitem>
-      </varlistentry>
-      <varlistentry>
-	<term><command>wpa_cli</command></term> <listitem><para> the
-	client program that provides a high-level interface to the
-	functionality of the daemon.  </para></listitem>
-      </varlistentry>
-      <varlistentry>
-	<term><command>wpa_passphrase</command></term>
-        <listitem><para>a utility needed to construct
-        <filename>wpa_supplicant.conf</filename> files that include
-        encrypted passwords.</para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Quick Start</title>
-
-    <para>First, make a configuration file, e.g.
-    <filename>/etc/wpa_supplicant.conf</filename>, that describes the networks
-    you are interested in.  See <citerefentry>
-	<refentrytitle>wpa_supplicant.conf</refentrytitle>
-	<manvolnum>5</manvolnum>
-      </citerefentry>
-    for details.</para>
-
-    <para>Once the configuration is ready, you can test whether the
-    configuration works by running <command>wpa_supplicant</command>
-    with following command to start it on foreground with debugging
-    enabled:</para>
-
-    <blockquote><programlisting>
-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
-    </programlisting></blockquote>
-
-    <para>Assuming everything goes fine, you can start using following
-    command to start <command>wpa_supplicant</command> on background
-    without debugging:</para>
-
-    <blockquote><programlisting>
-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
-    </programlisting></blockquote>
-
-    <para>Please note that if you included more than one driver
-    interface in the build time configuration (.config), you may need
-    to specify which interface to use by including -D&lt;driver
-    name&gt; option on the command line.</para>
-
-    <!-- XXX at this point, the page could include a little script
-         based on wpa_cli to wait for a connection and then run
-         dhclient -->
-
-  </refsect1>
-
-  <refsect1>
-    <title>Interface to pcmcia-cs/cardmrg</title>
-
-    <para>For example, following small changes to pcmcia-cs scripts
-    can be used to enable WPA support:</para>
-
-    <para>Add MODE="Managed" and WPA="y" to the network scheme in
-    <filename>/etc/pcmcia/wireless.opts</filename>.</para>
-
-    <para>Add the following block to the end of <emphasis>start</emphasis>
-    action handler in <filename>/etc/pcmcia/wireless</filename>:</para>
-
-    <blockquote><programlisting>
-if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
-    /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
-fi
-    </programlisting></blockquote>
-
-
-    <para>Add the following block to the end of <emphasis>stop</emphasis>
-    action handler (may need to be separated from other actions) in
-    <filename>/etc/pcmcia/wireless</filename>:</para>
-
-    <blockquote><programlisting>
-if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
-    killall wpa_supplicant
-fi
-    </programlisting></blockquote>
-
-    <para>This will make <command>cardmgr</command> start
-    <command>wpa_supplicant</command> when the card is plugged
-    in.</para>
-  </refsect1>
-
-  <refsect1>
-    <title>See Also</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>wpa_background</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-      <citerefentry>
-	<refentrytitle>wpa_supplicant.conf</refentrytitle>
-	<manvolnum>5</manvolnum>
-      </citerefentry>
-      <citerefentry>
-	<refentrytitle>wpa_cli</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-      <citerefentry>
-	<refentrytitle>wpa_passphrase</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-  <refsect1>
-    <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2019,
-    Jouni Malinen <email>j@w1.fi</email> and
-    contributors.
-    All Rights Reserved.</para>
-
-    <para>This program is licensed under the BSD license (the one with
-    advertisement clause removed).</para>
-  </refsect1>
-</refentry>
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
deleted file mode 100644
index 584654a6cb2c..000000000000
--- a/wpa_supplicant/dpp_supplicant.c
+++ /dev/null
@@ -1,3995 +0,0 @@
-/*
- * wpa_supplicant - DPP
- * Copyright (c) 2017, Qualcomm Atheros, Inc.
- * Copyright (c) 2018-2020, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/ip_addr.h"
-#include "utils/base64.h"
-#include "common/dpp.h"
-#include "common/gas.h"
-#include "common/gas_server.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "wpa_supplicant_i.h"
-#include "config.h"
-#include "driver_i.h"
-#include "offchannel.h"
-#include "gas_query.h"
-#include "bss.h"
-#include "scan.h"
-#include "notify.h"
-#include "dpp_supplicant.h"
-
-
-static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
-				 unsigned int freq);
-static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
-static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx);
-static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
-static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
-			       unsigned int freq, const u8 *dst,
-			       const u8 *src, const u8 *bssid,
-			       const u8 *data, size_t data_len,
-			       enum offchannel_send_action_result result);
-static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
-static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
-static void
-wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
-			unsigned int freq, const u8 *dst,
-			const u8 *src, const u8 *bssid,
-			const u8 *data, size_t data_len,
-			enum offchannel_send_action_result result);
-#ifdef CONFIG_DPP2
-static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
-						 void *timeout_ctx);
-static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s);
-static int wpas_dpp_process_conf_obj(void *ctx,
-				     struct dpp_authentication *auth);
-#endif /* CONFIG_DPP2 */
-
-static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
-/* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
- * a single transaction in progress at any point in time. */
-static const u8 TRANSACTION_ID = 1;
-
-
-/**
- * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
- * @wpa_s: Pointer to wpa_supplicant data
- * @cmd: DPP URI read from a QR Code
- * Returns: Identifier of the stored info or -1 on failure
- */
-int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct dpp_bootstrap_info *bi;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	bi = dpp_add_qr_code(wpa_s->dpp, cmd);
-	if (!bi)
-		return -1;
-
-	if (auth && auth->response_pending &&
-	    dpp_notify_new_qr_code(auth, bi) == 1) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Sending out pending authentication response");
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
-			" freq=%u type=%d",
-			MAC2STR(auth->peer_mac_addr), auth->curr_freq,
-			DPP_PA_AUTHENTICATION_RESP);
-		offchannel_send_action(wpa_s, auth->curr_freq,
-				       auth->peer_mac_addr, wpa_s->own_addr,
-				       broadcast,
-				       wpabuf_head(auth->resp_msg),
-				       wpabuf_len(auth->resp_msg),
-				       500, wpas_dpp_tx_status, 0);
-	}
-
-#ifdef CONFIG_DPP2
-	dpp_controller_new_qr_code(wpa_s->dpp, bi);
-#endif /* CONFIG_DPP2 */
-
-	return bi->id;
-}
-
-
-/**
- * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
- * @wpa_s: Pointer to wpa_supplicant data
- * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
- * Returns: Identifier of the stored info or -1 on failure
- */
-int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct dpp_bootstrap_info *bi;
-
-	bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
-	if (!bi)
-		return -1;
-
-	return bi->id;
-}
-
-
-int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	const char *pos;
-	struct dpp_bootstrap_info *peer_bi, *own_bi;
-
-	pos = os_strstr(cmd, " own=");
-	if (!pos)
-		return -1;
-	pos += 5;
-	own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
-	if (!own_bi)
-		return -1;
-	own_bi->nfc_negotiated = 1;
-
-	pos = os_strstr(cmd, " uri=");
-	if (!pos)
-		return -1;
-	pos += 5;
-	peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
-	if (!peer_bi) {
-		wpa_printf(MSG_INFO,
-			   "DPP: Failed to parse URI from NFC Handover Request");
-		return -1;
-	}
-
-	if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
-		return -1;
-
-	return peer_bi->id;
-}
-
-
-int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	const char *pos;
-	struct dpp_bootstrap_info *peer_bi, *own_bi;
-
-	pos = os_strstr(cmd, " own=");
-	if (!pos)
-		return -1;
-	pos += 5;
-	own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
-	if (!own_bi)
-		return -1;
-	own_bi->nfc_negotiated = 1;
-
-	pos = os_strstr(cmd, " uri=");
-	if (!pos)
-		return -1;
-	pos += 5;
-	peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
-	if (!peer_bi) {
-		wpa_printf(MSG_INFO,
-			   "DPP: Failed to parse URI from NFC Handover Select");
-		return -1;
-	}
-
-	if (peer_bi->curve != own_bi->curve) {
-		wpa_printf(MSG_INFO,
-			   "DPP: Peer (NFC Handover Selector) used different curve");
-		return -1;
-	}
-
-	return peer_bi->id;
-}
-
-
-static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth || !auth->resp_msg)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Retry Authentication Response after timeout");
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
-		" freq=%u type=%d",
-		MAC2STR(auth->peer_mac_addr), auth->curr_freq,
-		DPP_PA_AUTHENTICATION_RESP);
-	offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
-			       wpa_s->own_addr, broadcast,
-			       wpabuf_head(auth->resp_msg),
-			       wpabuf_len(auth->resp_msg),
-			       500, wpas_dpp_tx_status, 0);
-}
-
-
-static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	unsigned int wait_time, max_tries;
-
-	if (!auth || !auth->resp_msg)
-		return;
-
-	if (wpa_s->dpp_resp_max_tries)
-		max_tries = wpa_s->dpp_resp_max_tries;
-	else
-		max_tries = 5;
-	auth->auth_resp_tries++;
-	if (auth->auth_resp_tries >= max_tries) {
-		wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
-		offchannel_send_action_done(wpa_s);
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-
-	if (wpa_s->dpp_resp_retry_time)
-		wait_time = wpa_s->dpp_resp_retry_time;
-	else
-		wait_time = 1000;
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Schedule retransmission of Authentication Response frame in %u ms",
-		wait_time);
-	eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
-	eloop_register_timeout(wait_time / 1000,
-			       (wait_time % 1000) * 1000,
-			       wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
-}
-
-
-static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
-	wpa_s->suitable_network = 0;
-	wpa_s->no_suitable_network = 0;
-	wpa_s->disconnected = 0;
-	wpa_s->reassociate = 1;
-	wpa_s->scan_runs = 0;
-	wpa_s->normal_scans = 0;
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-#ifdef CONFIG_DPP2
-
-static void wpas_dpp_stop_listen_for_tx(struct wpa_supplicant *wpa_s,
-					unsigned int freq,
-					unsigned int wait_time)
-{
-	struct os_reltime now, res;
-	unsigned int remaining;
-
-	if (!wpa_s->dpp_listen_freq)
-		return;
-
-	os_get_reltime(&now);
-	if (os_reltime_before(&now, &wpa_s->dpp_listen_end)) {
-		os_reltime_sub(&wpa_s->dpp_listen_end, &now, &res);
-		remaining = res.sec * 1000 + res.usec / 1000;
-	} else {
-		remaining = 0;
-	}
-	if (wpa_s->dpp_listen_freq == freq && remaining > wait_time)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Stop listen on %u MHz ending in %u ms to allow immediate TX on %u MHz for %u ms",
-		   wpa_s->dpp_listen_freq, remaining, freq, wait_time);
-	wpas_dpp_listen_stop(wpa_s);
-
-	/* TODO: Restart listen in some cases after TX? */
-}
-
-
-static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
-						void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	enum dpp_status_error result;
-
-	if (!auth || !auth->conn_status_requested)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Connection timeout - report Connection Status Result");
-	if (wpa_s->suitable_network)
-		result = DPP_STATUS_AUTH_FAILURE;
-	else if (wpa_s->no_suitable_network)
-		result = DPP_STATUS_NO_AP;
-	else
-		result = 255; /* What to report here for unexpected state? */
-	if (wpa_s->wpa_state == WPA_SCANNING)
-		wpas_abort_ongoing_scan(wpa_s);
-	wpas_dpp_send_conn_status_result(wpa_s, result);
-}
-
-
-static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
-{
-	char *str, *end, *pos;
-	size_t len;
-	unsigned int i;
-	u8 last_op_class = 0;
-	int res;
-
-	if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
-		return NULL;
-
-	len = wpa_s->num_last_scan_freqs * 8;
-	str = os_zalloc(len);
-	if (!str)
-		return NULL;
-	end = str + len;
-	pos = str;
-
-	for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
-		enum hostapd_hw_mode mode;
-		u8 op_class, channel;
-
-		mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
-						     0, 0, &op_class, &channel);
-		if (mode == NUM_HOSTAPD_MODES)
-			continue;
-		if (op_class == last_op_class)
-			res = os_snprintf(pos, end - pos, ",%d", channel);
-		else
-			res = os_snprintf(pos, end - pos, "%s%d/%d",
-					  pos == str ? "" : ",",
-					  op_class, channel);
-		if (os_snprintf_error(end - pos, res)) {
-			*pos = '\0';
-			break;
-		}
-		pos += res;
-		last_op_class = op_class;
-	}
-
-	if (pos == str) {
-		os_free(str);
-		str = NULL;
-	}
-	return str;
-}
-
-
-void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
-				      enum dpp_status_error result)
-{
-	struct wpabuf *msg;
-	const char *channel_list = NULL;
-	char *channel_list_buf = NULL;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
-
-	if (!auth || !auth->conn_status_requested)
-		return;
-	auth->conn_status_requested = 0;
-	wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
-		   result);
-
-	if (result == DPP_STATUS_NO_AP) {
-		channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
-		channel_list = channel_list_buf;
-	}
-
-	msg = dpp_build_conn_status_result(auth, result,
-					   ssid ? ssid->ssid :
-					   wpa_s->dpp_last_ssid,
-					   ssid ? ssid->ssid_len :
-					   wpa_s->dpp_last_ssid_len,
-					   channel_list);
-	os_free(channel_list_buf);
-	if (!msg) {
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO,
-		DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(auth->peer_mac_addr), auth->curr_freq,
-		DPP_PA_CONNECTION_STATUS_RESULT);
-	offchannel_send_action(wpa_s, auth->curr_freq,
-			       auth->peer_mac_addr, wpa_s->own_addr, broadcast,
-			       wpabuf_head(msg), wpabuf_len(msg),
-			       500, wpas_dpp_tx_status, 0);
-	wpabuf_free(msg);
-
-	/* This exchange will be terminated in the TX status handler */
-	auth->remove_on_tx_status = 1;
-
-	return;
-}
-
-
-void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (auth && auth->conn_status_requested)
-		wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
-}
-
-#endif /* CONFIG_DPP2 */
-
-
-static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
-			       unsigned int freq, const u8 *dst,
-			       const u8 *src, const u8 *bssid,
-			       const u8 *data, size_t data_len,
-			       enum offchannel_send_action_result result)
-{
-	const char *res_txt;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
-		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
-		 "FAILED");
-	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
-		   " result=%s", freq, MAC2STR(dst), res_txt);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
-		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
-
-	if (!wpa_s->dpp_auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignore TX status since there is no ongoing authentication exchange");
-		return;
-	}
-
-#ifdef CONFIG_DPP2
-	if (auth->connect_on_tx_status) {
-		auth->connect_on_tx_status = 0;
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Try to connect after completed configuration result");
-		wpas_dpp_try_to_connect(wpa_s);
-		if (auth->conn_status_requested) {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: Start 15 second timeout for reporting connection status result");
-			eloop_cancel_timeout(
-				wpas_dpp_conn_status_result_timeout,
-				wpa_s, NULL);
-			eloop_register_timeout(
-				15, 0, wpas_dpp_conn_status_result_timeout,
-				wpa_s, NULL);
-		} else {
-			dpp_auth_deinit(wpa_s->dpp_auth);
-			wpa_s->dpp_auth = NULL;
-		}
-		return;
-	}
-#endif /* CONFIG_DPP2 */
-
-	if (wpa_s->dpp_auth->remove_on_tx_status) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Terminate authentication exchange due to a request to do so on TX status");
-		eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
-		eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-		eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
-				     NULL);
-		eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
-				     NULL);
-#ifdef CONFIG_DPP2
-		eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
-				     wpa_s, NULL);
-#endif /* CONFIG_DPP2 */
-		offchannel_send_action_done(wpa_s);
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-
-	if (wpa_s->dpp_auth_ok_on_ack)
-		wpas_dpp_auth_success(wpa_s, 1);
-
-	if (!is_broadcast_ether_addr(dst) &&
-	    result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Unicast DPP Action frame was not ACKed");
-		if (auth->waiting_auth_resp) {
-			/* In case of DPP Authentication Request frame, move to
-			 * the next channel immediately. */
-			offchannel_send_action_done(wpa_s);
-			wpas_dpp_auth_init_next(wpa_s);
-			return;
-		}
-		if (auth->waiting_auth_conf) {
-			wpas_dpp_auth_resp_retry(wpa_s);
-			return;
-		}
-	}
-
-	if (auth->waiting_auth_conf &&
-	    auth->auth_resp_status == DPP_STATUS_OK) {
-		/* Make sure we do not get stuck waiting for Auth Confirm
-		 * indefinitely after successfully transmitted Auth Response to
-		 * allow new authentication exchanges to be started. */
-		eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
-				     NULL);
-		eloop_register_timeout(1, 0, wpas_dpp_auth_conf_wait_timeout,
-				       wpa_s, NULL);
-	}
-
-	if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
-	    result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
-		/* Allow timeout handling to stop iteration if no response is
-		 * received from a peer that has ACKed a request. */
-		auth->auth_req_ack = 1;
-	}
-
-	if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
-	    wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
-			   wpa_s->dpp_auth->curr_freq,
-			   wpa_s->dpp_auth->neg_freq);
-		offchannel_send_action_done(wpa_s);
-		wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
-	}
-
-	if (wpa_s->dpp_auth_ok_on_ack)
-		wpa_s->dpp_auth_ok_on_ack = 0;
-}
-
-
-static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	unsigned int freq;
-	struct os_reltime now, diff;
-	unsigned int wait_time, diff_ms;
-
-	if (!auth || !auth->waiting_auth_resp)
-		return;
-
-	wait_time = wpa_s->dpp_resp_wait_time ?
-		wpa_s->dpp_resp_wait_time : 2000;
-	os_get_reltime(&now);
-	os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
-	diff_ms = diff.sec * 1000 + diff.usec / 1000;
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
-		   wait_time, diff_ms);
-
-	if (auth->auth_req_ack && diff_ms >= wait_time) {
-		/* Peer ACK'ed Authentication Request frame, but did not reply
-		 * with Authentication Response frame within two seconds. */
-		wpa_printf(MSG_INFO,
-			   "DPP: No response received from responder - stopping initiation attempt");
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
-		offchannel_send_action_done(wpa_s);
-		wpas_dpp_listen_stop(wpa_s);
-		dpp_auth_deinit(auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-
-	if (diff_ms >= wait_time) {
-		/* Authentication Request frame was not ACK'ed and no reply
-		 * was receiving within two seconds. */
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Continue Initiator channel iteration");
-		offchannel_send_action_done(wpa_s);
-		wpas_dpp_listen_stop(wpa_s);
-		wpas_dpp_auth_init_next(wpa_s);
-		return;
-	}
-
-	/* Driver did not support 2000 ms long wait_time with TX command, so
-	 * schedule listen operation to continue waiting for the response.
-	 *
-	 * DPP listen operations continue until stopped, so simply schedule a
-	 * new call to this function at the point when the two second reply
-	 * wait has expired. */
-	wait_time -= diff_ms;
-
-	freq = auth->curr_freq;
-	if (auth->neg_freq > 0)
-		freq = auth->neg_freq;
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Continue reply wait on channel %u MHz for %u ms",
-		   freq, wait_time);
-	wpa_s->dpp_in_response_listen = 1;
-	wpas_dpp_listen_start(wpa_s, freq);
-
-	eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
-			       wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-}
-
-
-static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth || !auth->waiting_auth_conf)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Terminate authentication exchange due to Auth Confirm timeout");
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL "No Auth Confirm received");
-	offchannel_send_action_done(wpa_s);
-	dpp_auth_deinit(auth);
-	wpa_s->dpp_auth = NULL;
-}
-
-
-static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
-					 struct dpp_authentication *auth)
-{
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->dpp_config_obj_override)
-		auth->config_obj_override =
-			os_strdup(wpa_s->dpp_config_obj_override);
-	if (wpa_s->dpp_discovery_override)
-		auth->discovery_override =
-			os_strdup(wpa_s->dpp_discovery_override);
-	if (wpa_s->dpp_groups_override)
-		auth->groups_override =
-			os_strdup(wpa_s->dpp_groups_override);
-	auth->ignore_netaccesskey_mismatch =
-		wpa_s->dpp_ignore_netaccesskey_mismatch;
-#endif /* CONFIG_TESTING_OPTIONS */
-}
-
-
-static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (!wpa_s->dpp_auth)
-		return;
-	wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
-	wpas_dpp_auth_init_next(wpa_s);
-}
-
-
-static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	const u8 *dst;
-	unsigned int wait_time, max_wait_time, freq, max_tries, used;
-	struct os_reltime now, diff;
-
-	wpa_s->dpp_in_response_listen = 0;
-	if (!auth)
-		return -1;
-
-	if (auth->freq_idx == 0)
-		os_get_reltime(&wpa_s->dpp_init_iter_start);
-
-	if (auth->freq_idx >= auth->num_freq) {
-		auth->num_freq_iters++;
-		if (wpa_s->dpp_init_max_tries)
-			max_tries = wpa_s->dpp_init_max_tries;
-		else
-			max_tries = 5;
-		if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
-			wpa_printf(MSG_INFO,
-				   "DPP: No response received from responder - stopping initiation attempt");
-			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
-			eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
-					     wpa_s, NULL);
-			offchannel_send_action_done(wpa_s);
-			dpp_auth_deinit(wpa_s->dpp_auth);
-			wpa_s->dpp_auth = NULL;
-			return -1;
-		}
-		auth->freq_idx = 0;
-		eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
-		if (wpa_s->dpp_init_retry_time)
-			wait_time = wpa_s->dpp_init_retry_time;
-		else
-			wait_time = 10000;
-		os_get_reltime(&now);
-		os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
-		used = diff.sec * 1000 + diff.usec / 1000;
-		if (used > wait_time)
-			wait_time = 0;
-		else
-			wait_time -= used;
-		wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
-			   wait_time);
-		eloop_register_timeout(wait_time / 1000,
-				       (wait_time % 1000) * 1000,
-				       wpas_dpp_init_timeout, wpa_s,
-				       NULL);
-		return 0;
-	}
-	freq = auth->freq[auth->freq_idx++];
-	auth->curr_freq = freq;
-
-	if (!is_zero_ether_addr(auth->peer_mac_addr))
-		dst = auth->peer_mac_addr;
-	else if (is_zero_ether_addr(auth->peer_bi->mac_addr))
-		dst = broadcast;
-	else
-		dst = auth->peer_bi->mac_addr;
-	wpa_s->dpp_auth_ok_on_ack = 0;
-	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-	wait_time = wpa_s->max_remain_on_chan;
-	max_wait_time = wpa_s->dpp_resp_wait_time ?
-		wpa_s->dpp_resp_wait_time : 2000;
-	if (wait_time > max_wait_time)
-		wait_time = max_wait_time;
-	wait_time += 10; /* give the driver some extra time to complete */
-	eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
-			       wpas_dpp_reply_wait_timeout,
-			       wpa_s, NULL);
-	wait_time -= 10;
-	if (auth->neg_freq > 0 && freq != auth->neg_freq) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
-			   freq, auth->neg_freq);
-	}
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
-	auth->auth_req_ack = 0;
-	os_get_reltime(&wpa_s->dpp_last_init);
-	return offchannel_send_action(wpa_s, freq, dst,
-				      wpa_s->own_addr, broadcast,
-				      wpabuf_head(auth->req_msg),
-				      wpabuf_len(auth->req_msg),
-				      wait_time, wpas_dpp_tx_status, 0);
-}
-
-
-int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	const char *pos;
-	struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
-	struct dpp_authentication *auth;
-	u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
-	unsigned int neg_freq = 0;
-	int tcp = 0;
-#ifdef CONFIG_DPP2
-	int tcp_port = DPP_TCP_PORT;
-	struct hostapd_ip_addr ipaddr;
-	char *addr;
-#endif /* CONFIG_DPP2 */
-
-	wpa_s->dpp_gas_client = 0;
-
-	pos = os_strstr(cmd, " peer=");
-	if (!pos)
-		return -1;
-	pos += 6;
-	peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
-	if (!peer_bi) {
-		wpa_printf(MSG_INFO,
-			   "DPP: Could not find bootstrapping info for the identified peer");
-		return -1;
-	}
-
-#ifdef CONFIG_DPP2
-	pos = os_strstr(cmd, " tcp_port=");
-	if (pos) {
-		pos += 10;
-		tcp_port = atoi(pos);
-	}
-
-	addr = get_param(cmd, " tcp_addr=");
-	if (addr) {
-		int res;
-
-		res = hostapd_parse_ip_addr(addr, &ipaddr);
-		os_free(addr);
-		if (res)
-			return -1;
-		tcp = 1;
-	}
-#endif /* CONFIG_DPP2 */
-
-	pos = os_strstr(cmd, " own=");
-	if (pos) {
-		pos += 5;
-		own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
-		if (!own_bi) {
-			wpa_printf(MSG_INFO,
-				   "DPP: Could not find bootstrapping info for the identified local entry");
-			return -1;
-		}
-
-		if (peer_bi->curve != own_bi->curve) {
-			wpa_printf(MSG_INFO,
-				   "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
-				   peer_bi->curve->name, own_bi->curve->name);
-			return -1;
-		}
-	}
-
-	pos = os_strstr(cmd, " role=");
-	if (pos) {
-		pos += 6;
-		if (os_strncmp(pos, "configurator", 12) == 0)
-			allowed_roles = DPP_CAPAB_CONFIGURATOR;
-		else if (os_strncmp(pos, "enrollee", 8) == 0)
-			allowed_roles = DPP_CAPAB_ENROLLEE;
-		else if (os_strncmp(pos, "either", 6) == 0)
-			allowed_roles = DPP_CAPAB_CONFIGURATOR |
-				DPP_CAPAB_ENROLLEE;
-		else
-			goto fail;
-	}
-
-	pos = os_strstr(cmd, " netrole=");
-	if (pos) {
-		pos += 9;
-		if (os_strncmp(pos, "ap", 2) == 0)
-			wpa_s->dpp_netrole = DPP_NETROLE_AP;
-		else if (os_strncmp(pos, "configurator", 12) == 0)
-			wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
-		else
-			wpa_s->dpp_netrole = DPP_NETROLE_STA;
-	} else {
-		wpa_s->dpp_netrole = DPP_NETROLE_STA;
-	}
-
-	pos = os_strstr(cmd, " neg_freq=");
-	if (pos)
-		neg_freq = atoi(pos + 10);
-
-	if (!tcp && wpa_s->dpp_auth) {
-		eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
-		eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-		eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
-				     NULL);
-		eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
-				     NULL);
-#ifdef CONFIG_DPP2
-		eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
-				     wpa_s, NULL);
-#endif /* CONFIG_DPP2 */
-		offchannel_send_action_done(wpa_s);
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-	}
-
-	auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
-			     neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
-	if (!auth)
-		goto fail;
-	wpas_dpp_set_testing_options(wpa_s, auth);
-	if (dpp_set_configurator(auth, cmd) < 0) {
-		dpp_auth_deinit(auth);
-		goto fail;
-	}
-
-	auth->neg_freq = neg_freq;
-
-	if (!is_zero_ether_addr(peer_bi->mac_addr))
-		os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
-
-#ifdef CONFIG_DPP2
-	if (tcp)
-		return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
-				    wpa_s->conf->dpp_name, DPP_NETROLE_STA,
-				    wpa_s, wpa_s, wpas_dpp_process_conf_obj);
-#endif /* CONFIG_DPP2 */
-
-	wpa_s->dpp_auth = auth;
-	return wpas_dpp_auth_init_next(wpa_s);
-fail:
-	return -1;
-}
-
-
-struct wpas_dpp_listen_work {
-	unsigned int freq;
-	unsigned int duration;
-	struct wpabuf *probe_resp_ie;
-};
-
-
-static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
-{
-	if (!lwork)
-		return;
-	os_free(lwork);
-}
-
-
-static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_dpp_listen_work *lwork;
-
-	if (!wpa_s->dpp_listen_work)
-		return;
-
-	lwork = wpa_s->dpp_listen_work->ctx;
-	wpas_dpp_listen_work_free(lwork);
-	radio_work_done(wpa_s->dpp_listen_work);
-	wpa_s->dpp_listen_work = NULL;
-}
-
-
-static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct wpas_dpp_listen_work *lwork = work->ctx;
-
-	if (deinit) {
-		if (work->started) {
-			wpa_s->dpp_listen_work = NULL;
-			wpas_dpp_listen_stop(wpa_s);
-		}
-		wpas_dpp_listen_work_free(lwork);
-		return;
-	}
-
-	wpa_s->dpp_listen_work = work;
-
-	wpa_s->dpp_pending_listen_freq = lwork->freq;
-
-	if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
-				      wpa_s->max_remain_on_chan) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
-			   lwork->freq);
-		wpa_s->dpp_listen_freq = 0;
-		wpas_dpp_listen_work_done(wpa_s);
-		wpa_s->dpp_pending_listen_freq = 0;
-		return;
-	}
-	wpa_s->off_channel_freq = 0;
-	wpa_s->roc_waiting_drv_freq = lwork->freq;
-	wpa_drv_dpp_listen(wpa_s, true);
-}
-
-
-static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
-				 unsigned int freq)
-{
-	struct wpas_dpp_listen_work *lwork;
-
-	if (wpa_s->dpp_listen_work) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Reject start_listen since dpp_listen_work already exists");
-		return -1;
-	}
-
-	if (wpa_s->dpp_listen_freq)
-		wpas_dpp_listen_stop(wpa_s);
-	wpa_s->dpp_listen_freq = freq;
-
-	lwork = os_zalloc(sizeof(*lwork));
-	if (!lwork)
-		return -1;
-	lwork->freq = freq;
-
-	if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
-			   lwork) < 0) {
-		wpas_dpp_listen_work_free(lwork);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	int freq;
-
-	freq = atoi(cmd);
-	if (freq <= 0)
-		return -1;
-
-	if (os_strstr(cmd, " role=configurator"))
-		wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
-	else if (os_strstr(cmd, " role=enrollee"))
-		wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
-	else
-		wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
-			DPP_CAPAB_ENROLLEE;
-	wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
-	if (os_strstr(cmd, " netrole=ap"))
-		wpa_s->dpp_netrole = DPP_NETROLE_AP;
-	else if (os_strstr(cmd, " netrole=configurator"))
-		wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
-	else
-		wpa_s->dpp_netrole = DPP_NETROLE_STA;
-	if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
-		wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
-			   freq);
-		return 0;
-	}
-
-	return wpas_dpp_listen_start(wpa_s, freq);
-}
-
-
-void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->dpp_in_response_listen = 0;
-	if (!wpa_s->dpp_listen_freq)
-		return;
-
-	wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
-		   wpa_s->dpp_listen_freq);
-	wpa_drv_cancel_remain_on_channel(wpa_s);
-	wpa_drv_dpp_listen(wpa_s, false);
-	wpa_s->dpp_listen_freq = 0;
-	wpas_dpp_listen_work_done(wpa_s);
-	radio_remove_works(wpa_s, "dpp-listen", 0);
-}
-
-
-void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				   unsigned int freq, unsigned int duration)
-{
-	if (wpa_s->dpp_listen_freq != freq)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Remain-on-channel started for listen on %u MHz for %u ms",
-		   freq, duration);
-	os_get_reltime(&wpa_s->dpp_listen_end);
-	wpa_s->dpp_listen_end.usec += duration * 1000;
-	while (wpa_s->dpp_listen_end.usec >= 1000000) {
-		wpa_s->dpp_listen_end.sec++;
-		wpa_s->dpp_listen_end.usec -= 1000000;
-	}
-}
-
-
-void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-					  unsigned int freq)
-{
-	wpas_dpp_listen_work_done(wpa_s);
-
-	if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
-		unsigned int new_freq;
-
-		/* Continue listen with a new remain-on-channel */
-		if (wpa_s->dpp_auth->neg_freq > 0)
-			new_freq = wpa_s->dpp_auth->neg_freq;
-		else
-			new_freq = wpa_s->dpp_auth->curr_freq;
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
-			   new_freq);
-		wpas_dpp_listen_start(wpa_s, new_freq);
-		return;
-	}
-
-	if (wpa_s->dpp_listen_freq) {
-		/* Continue listen with a new remain-on-channel */
-		wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
-	}
-}
-
-
-static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
-				 const u8 *hdr, const u8 *buf, size_t len,
-				 unsigned int freq)
-{
-	const u8 *r_bootstrap, *i_bootstrap;
-	u16 r_bootstrap_len, i_bootstrap_len;
-	struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
-
-	if (!wpa_s->dpp)
-		return;
-
-	wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
-		   MAC2STR(src));
-
-#ifdef CONFIG_DPP2
-	wpas_dpp_chirp_stop(wpa_s);
-#endif /* CONFIG_DPP2 */
-
-	r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
-				   &r_bootstrap_len);
-	if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"Missing or invalid required Responder Bootstrapping Key Hash attribute");
-		return;
-	}
-	wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
-		    r_bootstrap, r_bootstrap_len);
-
-	i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
-				   &i_bootstrap_len);
-	if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"Missing or invalid required Initiator Bootstrapping Key Hash attribute");
-		return;
-	}
-	wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
-		    i_bootstrap, i_bootstrap_len);
-
-	/* Try to find own and peer bootstrapping key matches based on the
-	 * received hash values */
-	dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
-				&own_bi, &peer_bi);
-	if (!own_bi) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"No matching own bootstrapping key found - ignore message");
-		return;
-	}
-
-	if (wpa_s->dpp_auth) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"Already in DPP authentication exchange - ignore new one");
-		return;
-	}
-
-	wpa_s->dpp_gas_client = 0;
-	wpa_s->dpp_auth_ok_on_ack = 0;
-	wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s,
-					  wpa_s->dpp_allowed_roles,
-					  wpa_s->dpp_qr_mutual,
-					  peer_bi, own_bi, freq, hdr, buf, len);
-	if (!wpa_s->dpp_auth) {
-		wpa_printf(MSG_DEBUG, "DPP: No response generated");
-		return;
-	}
-	wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
-	if (dpp_set_configurator(wpa_s->dpp_auth,
-				 wpa_s->dpp_configurator_params) < 0) {
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-	os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
-
-	if (wpa_s->dpp_listen_freq &&
-	    wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
-			   wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
-		wpas_dpp_listen_stop(wpa_s);
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), wpa_s->dpp_auth->curr_freq,
-		DPP_PA_AUTHENTICATION_RESP);
-	offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
-			       src, wpa_s->own_addr, broadcast,
-			       wpabuf_head(wpa_s->dpp_auth->resp_msg),
-			       wpabuf_len(wpa_s->dpp_auth->resp_msg),
-			       500, wpas_dpp_tx_status, 0);
-}
-
-
-static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
-{
-	/* TODO: stop wait and start ROC */
-}
-
-
-static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
-					      struct dpp_authentication *auth,
-					      struct dpp_config_obj *conf)
-{
-	struct wpa_ssid *ssid;
-
-#ifdef CONFIG_DPP2
-	if (conf->akm == DPP_AKM_SAE) {
-#ifdef CONFIG_SAE
-		struct wpa_driver_capa capa;
-		int res;
-
-		res = wpa_drv_get_capa(wpa_s, &capa);
-		if (res == 0 &&
-		    !(capa.key_mgmt_iftype[WPA_IF_STATION] &
-		      WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
-		    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: SAE not supported by the driver");
-			return NULL;
-		}
-#else /* CONFIG_SAE */
-		wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
-		return NULL;
-#endif /* CONFIG_SAE */
-	}
-#endif /* CONFIG_DPP2 */
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (!ssid)
-		return NULL;
-	wpas_notify_network_added(wpa_s, ssid);
-	wpa_config_set_network_defaults(ssid);
-	ssid->disabled = 1;
-
-	ssid->ssid = os_malloc(conf->ssid_len);
-	if (!ssid->ssid)
-		goto fail;
-	os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
-	ssid->ssid_len = conf->ssid_len;
-
-	if (conf->connector) {
-		if (dpp_akm_dpp(conf->akm)) {
-			ssid->key_mgmt = WPA_KEY_MGMT_DPP;
-			ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
-		}
-		ssid->dpp_connector = os_strdup(conf->connector);
-		if (!ssid->dpp_connector)
-			goto fail;
-	}
-
-	if (conf->c_sign_key) {
-		ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
-		if (!ssid->dpp_csign)
-			goto fail;
-		os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
-			  wpabuf_len(conf->c_sign_key));
-		ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
-	}
-
-	if (conf->pp_key) {
-		ssid->dpp_pp_key = os_malloc(wpabuf_len(conf->pp_key));
-		if (!ssid->dpp_pp_key)
-			goto fail;
-		os_memcpy(ssid->dpp_pp_key, wpabuf_head(conf->pp_key),
-			  wpabuf_len(conf->pp_key));
-		ssid->dpp_pp_key_len = wpabuf_len(conf->pp_key);
-	}
-
-	if (auth->net_access_key) {
-		ssid->dpp_netaccesskey =
-			os_malloc(wpabuf_len(auth->net_access_key));
-		if (!ssid->dpp_netaccesskey)
-			goto fail;
-		os_memcpy(ssid->dpp_netaccesskey,
-			  wpabuf_head(auth->net_access_key),
-			  wpabuf_len(auth->net_access_key));
-		ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
-		ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
-	}
-
-	if (!conf->connector || dpp_akm_psk(conf->akm) ||
-	    dpp_akm_sae(conf->akm)) {
-		if (!conf->connector || !dpp_akm_dpp(conf->akm))
-			ssid->key_mgmt = 0;
-		if (dpp_akm_psk(conf->akm))
-			ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
-				WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
-		if (dpp_akm_sae(conf->akm))
-			ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
-				WPA_KEY_MGMT_FT_SAE;
-		ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
-		if (conf->passphrase[0]) {
-			if (wpa_config_set_quoted(ssid, "psk",
-						  conf->passphrase) < 0)
-				goto fail;
-			wpa_config_update_psk(ssid);
-			ssid->export_keys = 1;
-		} else {
-			ssid->psk_set = conf->psk_set;
-			os_memcpy(ssid->psk, conf->psk, PMK_LEN);
-		}
-	}
-
-#if defined(CONFIG_DPP2) && defined(IEEE8021X_EAPOL)
-	if (conf->akm == DPP_AKM_DOT1X) {
-		int i;
-		char name[100], blobname[128];
-		struct wpa_config_blob *blob;
-
-		ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X |
-			WPA_KEY_MGMT_IEEE8021X_SHA256 |
-			WPA_KEY_MGMT_IEEE8021X_SHA256;
-		ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
-
-		if (conf->cacert) {
-			/* caCert is DER-encoded X.509v3 certificate for the
-			 * server certificate if that is different from the
-			 * trust root included in certBag. */
-			/* TODO: ssid->eap.cert.ca_cert */
-		}
-
-		if (conf->certs) {
-			for (i = 0; ; i++) {
-				os_snprintf(name, sizeof(name), "dpp-certs-%d",
-					    i);
-				if (!wpa_config_get_blob(wpa_s->conf, name))
-					break;
-			}
-
-			blob = os_zalloc(sizeof(*blob));
-			if (!blob)
-				goto fail;
-			blob->len = wpabuf_len(conf->certs);
-			blob->name = os_strdup(name);
-			blob->data = os_malloc(blob->len);
-			if (!blob->name || !blob->data) {
-				wpa_config_free_blob(blob);
-				goto fail;
-			}
-			os_memcpy(blob->data, wpabuf_head(conf->certs),
-				  blob->len);
-			os_snprintf(blobname, sizeof(blobname), "blob://%s",
-				    name);
-			wpa_config_set_blob(wpa_s->conf, blob);
-			wpa_printf(MSG_DEBUG, "DPP: Added certificate blob %s",
-				   name);
-			ssid->eap.cert.client_cert = os_strdup(blobname);
-			if (!ssid->eap.cert.client_cert)
-				goto fail;
-
-			/* TODO: ssid->eap.identity from own certificate */
-			if (wpa_config_set(ssid, "identity", "\"dpp-ent\"",
-					   0) < 0)
-				goto fail;
-		}
-
-		if (auth->priv_key) {
-			for (i = 0; ; i++) {
-				os_snprintf(name, sizeof(name), "dpp-key-%d",
-					    i);
-				if (!wpa_config_get_blob(wpa_s->conf, name))
-					break;
-			}
-
-			blob = os_zalloc(sizeof(*blob));
-			if (!blob)
-				goto fail;
-			blob->len = wpabuf_len(auth->priv_key);
-			blob->name = os_strdup(name);
-			blob->data = os_malloc(blob->len);
-			if (!blob->name || !blob->data) {
-				wpa_config_free_blob(blob);
-				goto fail;
-			}
-			os_memcpy(blob->data, wpabuf_head(auth->priv_key),
-				  blob->len);
-			os_snprintf(blobname, sizeof(blobname), "blob://%s",
-				    name);
-			wpa_config_set_blob(wpa_s->conf, blob);
-			wpa_printf(MSG_DEBUG, "DPP: Added private key blob %s",
-				   name);
-			ssid->eap.cert.private_key = os_strdup(blobname);
-			if (!ssid->eap.cert.private_key)
-				goto fail;
-		}
-
-		if (conf->server_name) {
-			ssid->eap.cert.domain_suffix_match =
-				os_strdup(conf->server_name);
-			if (!ssid->eap.cert.domain_suffix_match)
-				goto fail;
-		}
-
-		/* TODO: Use entCreds::eapMethods */
-		if (wpa_config_set(ssid, "eap", "TLS", 0) < 0)
-			goto fail;
-	}
-#endif /* CONFIG_DPP2 && IEEE8021X_EAPOL */
-
-	os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
-	wpa_s->dpp_last_ssid_len = conf->ssid_len;
-
-	return ssid;
-fail:
-	wpas_notify_network_removed(wpa_s, ssid);
-	wpa_config_remove_network(wpa_s->conf, ssid->id);
-	return NULL;
-}
-
-
-static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
-				   struct dpp_authentication *auth,
-				   struct dpp_config_obj *conf)
-{
-	struct wpa_ssid *ssid;
-
-	if (wpa_s->conf->dpp_config_processing < 1)
-		return 0;
-
-	ssid = wpas_dpp_add_network(wpa_s, auth, conf);
-	if (!ssid)
-		return -1;
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
-	if (wpa_s->conf->dpp_config_processing == 2)
-		ssid->disabled = 0;
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-	if (wpa_s->conf->update_config &&
-	    wpa_config_write(wpa_s->confname, wpa_s->conf))
-		wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
-#endif /* CONFIG_NO_CONFIG_WRITE */
-
-	return 0;
-}
-
-
-static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
-					 struct dpp_authentication *auth)
-{
-#ifdef CONFIG_DPP2
-	if (auth->reconfig && wpa_s->dpp_reconfig_ssid &&
-	    wpa_config_get_network(wpa_s->conf, wpa_s->dpp_reconfig_ssid_id) ==
-	    wpa_s->dpp_reconfig_ssid) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Remove reconfigured network profile");
-		wpas_notify_network_removed(wpa_s, wpa_s->dpp_reconfig_ssid);
-		wpa_config_remove_network(wpa_s->conf,
-					  wpa_s->dpp_reconfig_ssid_id);
-		wpa_s->dpp_reconfig_ssid = NULL;
-		wpa_s->dpp_reconfig_ssid_id = -1;
-	}
-#endif /* CONFIG_DPP2 */
-
-	if (wpa_s->conf->dpp_config_processing < 2)
-		return;
-
-#ifdef CONFIG_DPP2
-	if (auth->peer_version >= 2) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
-		auth->connect_on_tx_status = 1;
-		return;
-	}
-#endif /* CONFIG_DPP2 */
-
-	wpas_dpp_try_to_connect(wpa_s);
-}
-
-
-static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
-				      struct dpp_authentication *auth,
-				      struct dpp_config_obj *conf)
-{
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s",
-		dpp_akm_str(conf->akm));
-	if (conf->ssid_len)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
-			wpa_ssid_txt(conf->ssid, conf->ssid_len));
-	if (conf->ssid_charset)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
-			conf->ssid_charset);
-	if (conf->connector) {
-		/* TODO: Save the Connector and consider using a command
-		 * to fetch the value instead of sending an event with
-		 * it. The Connector could end up being larger than what
-		 * most clients are ready to receive as an event
-		 * message. */
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
-			conf->connector);
-	}
-	if (conf->passphrase[0]) {
-		char hex[64 * 2 + 1];
-
-		wpa_snprintf_hex(hex, sizeof(hex),
-				 (const u8 *) conf->passphrase,
-				 os_strlen(conf->passphrase));
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s",
-			hex);
-	} else if (conf->psk_set) {
-		char hex[PMK_LEN * 2 + 1];
-
-		wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN);
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
-			hex);
-	}
-	if (conf->c_sign_key) {
-		char *hex;
-		size_t hexlen;
-
-		hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
-		hex = os_malloc(hexlen);
-		if (hex) {
-			wpa_snprintf_hex(hex, hexlen,
-					 wpabuf_head(conf->c_sign_key),
-					 wpabuf_len(conf->c_sign_key));
-			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
-				hex);
-			os_free(hex);
-		}
-	}
-	if (conf->pp_key) {
-		char *hex;
-		size_t hexlen;
-
-		hexlen = 2 * wpabuf_len(conf->pp_key) + 1;
-		hex = os_malloc(hexlen);
-		if (hex) {
-			wpa_snprintf_hex(hex, hexlen,
-					 wpabuf_head(conf->pp_key),
-					 wpabuf_len(conf->pp_key));
-			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PP_KEY "%s", hex);
-			os_free(hex);
-		}
-	}
-	if (auth->net_access_key) {
-		char *hex;
-		size_t hexlen;
-
-		hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
-		hex = os_malloc(hexlen);
-		if (hex) {
-			wpa_snprintf_hex(hex, hexlen,
-					 wpabuf_head(auth->net_access_key),
-					 wpabuf_len(auth->net_access_key));
-			if (auth->net_access_key_expiry)
-				wpa_msg(wpa_s, MSG_INFO,
-					DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
-					(long unsigned)
-					auth->net_access_key_expiry);
-			else
-				wpa_msg(wpa_s, MSG_INFO,
-					DPP_EVENT_NET_ACCESS_KEY "%s", hex);
-			os_free(hex);
-		}
-	}
-
-#ifdef CONFIG_DPP2
-	if (conf->certbag) {
-		char *b64;
-
-		b64 = base64_encode_no_lf(wpabuf_head(conf->certbag),
-					  wpabuf_len(conf->certbag), NULL);
-		if (b64)
-			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CERTBAG "%s", b64);
-		os_free(b64);
-	}
-
-	if (conf->cacert) {
-		char *b64;
-
-		b64 = base64_encode_no_lf(wpabuf_head(conf->cacert),
-					  wpabuf_len(conf->cacert), NULL);
-		if (b64)
-			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CACERT "%s", b64);
-		os_free(b64);
-	}
-
-	if (conf->server_name)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_SERVER_NAME "%s",
-			conf->server_name);
-#endif /* CONFIG_DPP2 */
-
-	return wpas_dpp_process_config(wpa_s, auth, conf);
-}
-
-
-static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s,
-				   struct dpp_asymmetric_key *key)
-{
-#ifdef CONFIG_DPP2
-	int res;
-
-	if (!key)
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
-	wpa_s->dpp_conf_backup_received = true;
-
-	while (key) {
-		res = dpp_configurator_from_backup(wpa_s->dpp, key);
-		if (res < 0)
-			return -1;
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
-			res);
-		key = key->next;
-	}
-#endif /* CONFIG_DPP2 */
-
-	return 0;
-}
-
-
-#ifdef CONFIG_DPP2
-static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth || !auth->csrattrs)
-		return;
-
-	wpa_printf(MSG_DEBUG, "DPP: Build CSR");
-	wpabuf_free(auth->csr);
-	/* TODO: Additional information needed for CSR based on csrAttrs */
-	auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
-				  wpa_s->conf->dpp_name : "Test");
-	if (!auth->csr) {
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-
-	wpas_dpp_start_gas_client(wpa_s);
-}
-#endif /* CONFIG_DPP2 */
-
-
-static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
-				 enum gas_query_result result,
-				 const struct wpabuf *adv_proto,
-				 const struct wpabuf *resp, u16 status_code)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const u8 *pos;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	int res;
-	enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
-	unsigned int i;
-
-	wpa_s->dpp_gas_dialog_token = -1;
-
-	if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
-	    os_memcmp(addr, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
-		return;
-	}
-	if (result != GAS_QUERY_SUCCESS ||
-	    !resp || status_code != WLAN_STATUS_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
-		goto fail;
-	}
-
-	wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
-			adv_proto);
-	wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
-			resp);
-
-	if (wpabuf_len(adv_proto) != 10 ||
-	    !(pos = wpabuf_head(adv_proto)) ||
-	    pos[0] != WLAN_EID_ADV_PROTO ||
-	    pos[1] != 8 ||
-	    pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
-	    pos[4] != 5 ||
-	    WPA_GET_BE24(&pos[5]) != OUI_WFA ||
-	    pos[8] != 0x1a ||
-	    pos[9] != 1) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Not a DPP Advertisement Protocol ID");
-		goto fail;
-	}
-
-	res = dpp_conf_resp_rx(auth, resp);
-#ifdef CONFIG_DPP2
-	if (res == -2) {
-		wpa_printf(MSG_DEBUG, "DPP: CSR needed");
-		eloop_register_timeout(0, 0, wpas_dpp_build_csr, wpa_s, NULL);
-		return;
-	}
-#endif /* CONFIG_DPP2 */
-	if (res < 0) {
-		wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
-		goto fail;
-	}
-
-	wpa_s->dpp_conf_backup_received = false;
-	for (i = 0; i < auth->num_conf_obj; i++) {
-		res = wpas_dpp_handle_config_obj(wpa_s, auth,
-						 &auth->conf_obj[i]);
-		if (res < 0)
-			goto fail;
-	}
-	if (auth->num_conf_obj)
-		wpas_dpp_post_process_config(wpa_s, auth);
-	if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0)
-		goto fail;
-
-	status = DPP_STATUS_OK;
-#ifdef CONFIG_TESTING_OPTIONS
-	if (dpp_test == DPP_TEST_REJECT_CONFIG) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
-		status = DPP_STATUS_CONFIG_REJECTED;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-fail:
-	if (status != DPP_STATUS_OK)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
-#ifdef CONFIG_DPP2
-	if (auth->peer_version >= 2 &&
-	    auth->conf_resp_status == DPP_STATUS_OK) {
-		struct wpabuf *msg;
-
-		wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
-		msg = dpp_build_conf_result(auth, status);
-		if (!msg)
-			goto fail2;
-
-		wpa_msg(wpa_s, MSG_INFO,
-			DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-			MAC2STR(addr), auth->curr_freq,
-			DPP_PA_CONFIGURATION_RESULT);
-		offchannel_send_action(wpa_s, auth->curr_freq,
-				       addr, wpa_s->own_addr, broadcast,
-				       wpabuf_head(msg),
-				       wpabuf_len(msg),
-				       500, wpas_dpp_tx_status, 0);
-		wpabuf_free(msg);
-
-		/* This exchange will be terminated in the TX status handler */
-		if (wpa_s->conf->dpp_config_processing < 2 ||
-		    wpa_s->dpp_conf_backup_received)
-			auth->remove_on_tx_status = 1;
-		return;
-	}
-fail2:
-#endif /* CONFIG_DPP2 */
-	dpp_auth_deinit(wpa_s->dpp_auth);
-	wpa_s->dpp_auth = NULL;
-}
-
-
-static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	struct wpabuf *buf;
-	int res;
-	int *supp_op_classes;
-
-	wpa_s->dpp_gas_client = 1;
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_listen_stop(wpa_s);
-
-	supp_op_classes = wpas_supp_op_classes(wpa_s);
-	buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
-					wpa_s->dpp_netrole,
-					wpa_s->conf->dpp_mud_url,
-					supp_op_classes);
-	os_free(supp_op_classes);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No configuration request data available");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
-		   MAC2STR(auth->peer_mac_addr), auth->curr_freq);
-
-	res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
-			    1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
-	if (res < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
-		wpabuf_free(buf);
-	} else {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: GAS query started with dialog token %u", res);
-		wpa_s->dpp_gas_dialog_token = res;
-	}
-}
-
-
-static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
-{
-	wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
-#ifdef CONFIG_TESTING_OPTIONS
-	if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
-		wpa_printf(MSG_INFO,
-			   "DPP: TESTING - stop at Authentication Confirm");
-		if (wpa_s->dpp_auth->configurator) {
-			/* Prevent GAS response */
-			wpa_s->dpp_auth->auth_success = 0;
-		}
-		return;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_s->dpp_auth->configurator)
-		wpas_dpp_start_gas_server(wpa_s);
-	else
-		wpas_dpp_start_gas_client(wpa_s);
-}
-
-
-static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
-				  const u8 *hdr, const u8 *buf, size_t len,
-				  unsigned int freq)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	struct wpabuf *msg;
-
-	wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
-		   " (freq %u MHz)", MAC2STR(src), freq);
-
-	if (!auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No DPP Authentication in progress - drop");
-		return;
-	}
-
-	if (!is_zero_ether_addr(auth->peer_mac_addr) &&
-	    os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
-			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
-		return;
-	}
-
-	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-
-	if (auth->curr_freq != freq && auth->neg_freq == freq) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Responder accepted request for different negotiation channel");
-		auth->curr_freq = freq;
-	}
-
-	eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
-	msg = dpp_auth_resp_rx(auth, hdr, buf, len);
-	if (!msg) {
-		if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: Start wait for full response");
-			offchannel_send_action_done(wpa_s);
-			wpas_dpp_listen_start(wpa_s, auth->curr_freq);
-			return;
-		}
-		wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
-		return;
-	}
-	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
-	offchannel_send_action(wpa_s, auth->curr_freq,
-			       src, wpa_s->own_addr, broadcast,
-			       wpabuf_head(msg), wpabuf_len(msg),
-			       500, wpas_dpp_tx_status, 0);
-	wpabuf_free(msg);
-	wpa_s->dpp_auth_ok_on_ack = 1;
-}
-
-
-static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
-				  const u8 *hdr, const u8 *buf, size_t len)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
-		   MAC2STR(src));
-
-	if (!auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No DPP Authentication in progress - drop");
-		return;
-	}
-
-	if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
-			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
-		return;
-	}
-
-	eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
-
-	if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
-		wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
-		return;
-	}
-
-	wpas_dpp_auth_success(wpa_s, 0);
-}
-
-
-#ifdef CONFIG_DPP2
-
-static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
-						void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth || !auth->waiting_conf_result)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Timeout while waiting for Configuration Result");
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
-	dpp_auth_deinit(auth);
-	wpa_s->dpp_auth = NULL;
-}
-
-
-static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
-						     void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth || !auth->waiting_conn_status_result)
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Timeout while waiting for Connection Status Result");
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
-	wpas_dpp_listen_stop(wpa_s);
-	dpp_auth_deinit(auth);
-	wpa_s->dpp_auth = NULL;
-}
-
-
-static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
-				    const u8 *hdr, const u8 *buf, size_t len)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	enum dpp_status_error status;
-
-	wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
-		   MAC2STR(src));
-
-	if (!auth || !auth->waiting_conf_result) {
-		if (auth &&
-		    os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) == 0 &&
-		    gas_server_response_sent(wpa_s->gas_server,
-					     auth->gas_server_ctx)) {
-			/* This could happen if the TX status event gets delayed
-			 * long enough for the Enrollee to have time to send
-			 * the next frame before the TX status gets processed
-			 * locally. */
-			wpa_printf(MSG_DEBUG,
-				   "DPP: GAS response was sent but TX status not yet received - assume it was ACKed since the Enrollee sent the next frame in the sequence");
-			auth->waiting_conf_result = 1;
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: No DPP Configuration waiting for result - drop");
-			return;
-		}
-	}
-
-	if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
-			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
-		return;
-	}
-
-	status = dpp_conf_result_rx(auth, hdr, buf, len);
-
-	if (status == DPP_STATUS_OK && auth->send_conn_status) {
-		wpa_msg(wpa_s, MSG_INFO,
-			DPP_EVENT_CONF_SENT "wait_conn_status=1");
-		wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
-		eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
-				     wpa_s, NULL);
-		auth->waiting_conn_status_result = 1;
-		eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
-				     wpa_s, NULL);
-		eloop_register_timeout(16, 0,
-				       wpas_dpp_conn_status_result_wait_timeout,
-				       wpa_s, NULL);
-		offchannel_send_action_done(wpa_s);
-		wpas_dpp_listen_start(wpa_s, auth->neg_freq ? auth->neg_freq :
-				      auth->curr_freq);
-		return;
-	}
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_listen_stop(wpa_s);
-	if (status == DPP_STATUS_OK)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
-	else
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
-	dpp_auth_deinit(auth);
-	wpa_s->dpp_auth = NULL;
-	eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
-}
-
-
-static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
-					   const u8 *src, const u8 *hdr,
-					   const u8 *buf, size_t len)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	enum dpp_status_error status;
-	u8 ssid[SSID_MAX_LEN];
-	size_t ssid_len = 0;
-	char *channel_list = NULL;
-
-	wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
-
-	if (!auth || !auth->waiting_conn_status_result) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No DPP Configuration waiting for connection status result - drop");
-		return;
-	}
-
-	status = dpp_conn_status_result_rx(auth, hdr, buf, len,
-					   ssid, &ssid_len, &channel_list);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
-		"result=%d ssid=%s channel_list=%s",
-		status, wpa_ssid_txt(ssid, ssid_len),
-		channel_list ? channel_list : "N/A");
-	os_free(channel_list);
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_listen_stop(wpa_s);
-	dpp_auth_deinit(auth);
-	wpa_s->dpp_auth = NULL;
-	eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
-			     wpa_s, NULL);
-}
-
-
-static int wpas_dpp_process_conf_obj(void *ctx,
-				     struct dpp_authentication *auth)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	unsigned int i;
-	int res = -1;
-
-	for (i = 0; i < auth->num_conf_obj; i++) {
-		res = wpas_dpp_handle_config_obj(wpa_s, auth,
-						 &auth->conf_obj[i]);
-		if (res)
-			break;
-	}
-	if (!res)
-		wpas_dpp_post_process_config(wpa_s, auth);
-
-	return res;
-}
-
-
-static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (bi == wpa_s->dpp_chirp_bi)
-		wpas_dpp_chirp_stop(wpa_s);
-}
-
-
-static void
-wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
-				  const u8 *hdr, const u8 *buf, size_t len,
-				  unsigned int freq)
-{
-	const u8 *r_bootstrap;
-	u16 r_bootstrap_len;
-	struct dpp_bootstrap_info *peer_bi;
-	struct dpp_authentication *auth;
-
-	if (!wpa_s->dpp)
-		return;
-
-	if (wpa_s->dpp_auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignore Presence Announcement during ongoing Authentication");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
-		   MAC2STR(src));
-
-	r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
-				   &r_bootstrap_len);
-	if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"Missing or invalid required Responder Bootstrapping Key Hash attribute");
-		return;
-	}
-	wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
-		    r_bootstrap, r_bootstrap_len);
-	peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap);
-	dpp_notify_chirp_received(wpa_s, peer_bi ? (int) peer_bi->id : -1, src,
-				  freq, r_bootstrap);
-	if (!peer_bi) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No matching bootstrapping information found");
-		return;
-	}
-
-	auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL,
-			     DPP_CAPAB_CONFIGURATOR, freq, NULL, 0);
-	if (!auth)
-		return;
-	wpas_dpp_set_testing_options(wpa_s, auth);
-	if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
-		dpp_auth_deinit(auth);
-		return;
-	}
-
-	auth->neg_freq = freq;
-
-	/* The source address of the Presence Announcement frame overrides any
-	 * MAC address information from the bootstrapping information. */
-	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
-
-	wpa_s->dpp_auth = auth;
-	if (wpas_dpp_auth_init_next(wpa_s) < 0) {
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-	}
-}
-
-
-static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
-						 void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth)
-		return;
-
-	wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout");
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_listen_stop(wpa_s);
-	dpp_auth_deinit(auth);
-	wpa_s->dpp_auth = NULL;
-}
-
-
-static void
-wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
-				  const u8 *hdr, const u8 *buf, size_t len,
-				  unsigned int freq)
-{
-	const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
-	u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
-	struct dpp_configurator *conf;
-	struct dpp_authentication *auth;
-	unsigned int wait_time, max_wait_time;
-	u16 group;
-
-	if (!wpa_s->dpp)
-		return;
-
-	if (wpa_s->dpp_auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignore Reconfig Announcement during ongoing Authentication");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR,
-		   MAC2STR(src));
-
-	csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
-				  &csign_hash_len);
-	if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"Missing or invalid required Configurator C-sign key Hash attribute");
-		return;
-	}
-	wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
-		    csign_hash, csign_hash_len);
-	conf = dpp_configurator_find_kid(wpa_s->dpp, csign_hash);
-	if (!conf) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No matching Configurator information found");
-		return;
-	}
-
-	fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
-			       &fcgroup_len);
-	if (!fcgroup || fcgroup_len != 2) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-			"Missing or invalid required Finite Cyclic Group attribute");
-		return;
-	}
-	group = WPA_GET_LE16(fcgroup);
-	wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
-
-	a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
-	e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
-
-	auth = dpp_reconfig_init(wpa_s->dpp, wpa_s, conf, freq, group,
-				 a_nonce, a_nonce_len, e_id, e_id_len);
-	if (!auth)
-		return;
-	wpas_dpp_set_testing_options(wpa_s, auth);
-	if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
-		dpp_auth_deinit(auth);
-		return;
-	}
-
-	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
-	wpa_s->dpp_auth = auth;
-
-	wpa_s->dpp_in_response_listen = 0;
-	wpa_s->dpp_auth_ok_on_ack = 0;
-	wait_time = wpa_s->max_remain_on_chan;
-	max_wait_time = wpa_s->dpp_resp_wait_time ?
-		wpa_s->dpp_resp_wait_time : 2000;
-	if (wait_time > max_wait_time)
-		wait_time = max_wait_time;
-	wait_time += 10; /* give the driver some extra time to complete */
-	eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
-			       wpas_dpp_reconfig_reply_wait_timeout,
-			       wpa_s, NULL);
-	wait_time -= 10;
-
-	wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ);
-	if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
-				   wpabuf_head(auth->reconfig_req_msg),
-				   wpabuf_len(auth->reconfig_req_msg),
-				   wait_time, wpas_dpp_tx_status, 0) < 0) {
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-	}
-}
-
-
-static void
-wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
-			      const u8 *hdr, const u8 *buf, size_t len,
-			      unsigned int freq)
-{
-	struct wpa_ssid *ssid;
-	struct dpp_authentication *auth;
-
-	wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Request from "
-		   MACSTR, MAC2STR(src));
-
-	if (!wpa_s->dpp)
-		return;
-	if (wpa_s->dpp_auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Not ready for reconfiguration - pending authentication exchange in progress");
-		return;
-	}
-	if (!wpa_s->dpp_reconfig_ssid) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Not ready for reconfiguration - not requested");
-		return;
-	}
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid == wpa_s->dpp_reconfig_ssid &&
-		    ssid->id == wpa_s->dpp_reconfig_ssid_id)
-			break;
-	}
-	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
-	    !ssid->dpp_csign) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Not ready for reconfiguration - no matching network profile with Connector found");
-		return;
-	}
-
-	auth = dpp_reconfig_auth_req_rx(wpa_s->dpp, wpa_s, ssid->dpp_connector,
-					ssid->dpp_netaccesskey,
-					ssid->dpp_netaccesskey_len,
-					ssid->dpp_csign, ssid->dpp_csign_len,
-					freq, hdr, buf, len);
-	if (!auth)
-		return;
-	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
-	wpa_s->dpp_auth = auth;
-
-	wpas_dpp_chirp_stop(wpa_s);
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_RESP);
-	if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
-				   wpabuf_head(auth->reconfig_resp_msg),
-				   wpabuf_len(auth->reconfig_resp_msg),
-				   500, wpas_dpp_tx_status, 0) < 0) {
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-	}
-}
-
-
-static void
-wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
-			       const u8 *hdr, const u8 *buf, size_t len,
-			       unsigned int freq)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	struct wpabuf *conf;
-
-	wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from "
-		   MACSTR, MAC2STR(src));
-
-	if (!auth || !auth->reconfig || !auth->configurator) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No DPP Reconfig Authentication in progress - drop");
-		return;
-	}
-
-	if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
-			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
-		return;
-	}
-
-	conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
-	if (!conf)
-		return;
-
-	eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, wpa_s, NULL);
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF);
-	if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
-				   wpabuf_head(conf), wpabuf_len(conf),
-				   500, wpas_dpp_tx_status, 0) < 0) {
-		wpabuf_free(conf);
-		dpp_auth_deinit(wpa_s->dpp_auth);
-		wpa_s->dpp_auth = NULL;
-		return;
-	}
-	wpabuf_free(conf);
-
-	wpas_dpp_start_gas_server(wpa_s);
-}
-
-
-static void
-wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
-			       const u8 *hdr, const u8 *buf, size_t len,
-			       unsigned int freq)
-{
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Confirm from "
-		   MACSTR, MAC2STR(src));
-
-	if (!auth || !auth->reconfig || auth->configurator) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No DPP Reconfig Authentication in progress - drop");
-		return;
-	}
-
-	if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
-			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
-		return;
-	}
-
-	if (dpp_reconfig_auth_conf_rx(auth, hdr, buf, len) < 0)
-		return;
-
-	wpas_dpp_start_gas_client(wpa_s);
-}
-
-#endif /* CONFIG_DPP2 */
-
-
-static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
-				       const u8 *src,
-				       const u8 *buf, size_t len)
-{
-	struct wpa_ssid *ssid;
-	const u8 *connector, *trans_id, *status;
-	u16 connector_len, trans_id_len, status_len;
-#ifdef CONFIG_DPP2
-	const u8 *version;
-	u16 version_len;
-#endif /* CONFIG_DPP2 */
-	u8 peer_version = 1;
-	struct dpp_introduction intro;
-	struct rsn_pmksa_cache_entry *entry;
-	struct os_time now;
-	struct os_reltime rnow;
-	os_time_t expiry;
-	unsigned int seconds;
-	enum dpp_status_error res;
-
-	wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
-		   MAC2STR(src));
-	if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
-	    os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
-			   MACSTR " - drop", MAC2STR(src));
-		return;
-	}
-	offchannel_send_action_done(wpa_s);
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid == wpa_s->dpp_intro_network)
-			break;
-	}
-	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
-	    !ssid->dpp_csign) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Profile not found for network introduction");
-		return;
-	}
-
-	trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
-			       &trans_id_len);
-	if (!trans_id || trans_id_len != 1) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Peer did not include Transaction ID");
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-			" fail=missing_transaction_id", MAC2STR(src));
-		goto fail;
-	}
-	if (trans_id[0] != TRANSACTION_ID) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignore frame with unexpected Transaction ID %u",
-			   trans_id[0]);
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-			" fail=transaction_id_mismatch", MAC2STR(src));
-		goto fail;
-	}
-
-	status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
-	if (!status || status_len != 1) {
-		wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-			" fail=missing_status", MAC2STR(src));
-		goto fail;
-	}
-	if (status[0] != DPP_STATUS_OK) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Peer rejected network introduction: Status %u",
-			   status[0]);
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-			" status=%u", MAC2STR(src), status[0]);
-#ifdef CONFIG_DPP2
-		wpas_dpp_send_conn_status_result(wpa_s, status[0]);
-#endif /* CONFIG_DPP2 */
-		goto fail;
-	}
-
-	connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
-	if (!connector) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Peer did not include its Connector");
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-			" fail=missing_connector", MAC2STR(src));
-		goto fail;
-	}
-
-	res = dpp_peer_intro(&intro, ssid->dpp_connector,
-			     ssid->dpp_netaccesskey,
-			     ssid->dpp_netaccesskey_len,
-			     ssid->dpp_csign,
-			     ssid->dpp_csign_len,
-			     connector, connector_len, &expiry);
-	if (res != DPP_STATUS_OK) {
-		wpa_printf(MSG_INFO,
-			   "DPP: Network Introduction protocol resulted in failure");
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-			" fail=peer_connector_validation_failed", MAC2STR(src));
-#ifdef CONFIG_DPP2
-		wpas_dpp_send_conn_status_result(wpa_s, res);
-#endif /* CONFIG_DPP2 */
-		goto fail;
-	}
-
-	entry = os_zalloc(sizeof(*entry));
-	if (!entry)
-		goto fail;
-	os_memcpy(entry->aa, src, ETH_ALEN);
-	os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
-	os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
-	entry->pmk_len = intro.pmk_len;
-	entry->akmp = WPA_KEY_MGMT_DPP;
-#ifdef CONFIG_DPP2
-	version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
-			       &version_len);
-	if (version && version_len >= 1)
-		peer_version = version[0];
-#ifdef CONFIG_DPP3
-	if (intro.peer_version && intro.peer_version >= 2 &&
-	    peer_version != intro.peer_version) {
-		wpa_printf(MSG_INFO,
-			   "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
-			   intro.peer_version, peer_version);
-		wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
-		goto fail;
-	}
-#endif /* CONFIG_DPP3 */
-	entry->dpp_pfs = peer_version >= 2;
-#endif /* CONFIG_DPP2 */
-	if (expiry) {
-		os_get_time(&now);
-		seconds = expiry - now.sec;
-	} else {
-		seconds = 86400 * 7;
-	}
-	os_get_reltime(&rnow);
-	entry->expiration = rnow.sec + seconds;
-	entry->reauth_time = rnow.sec + seconds;
-	entry->network_ctx = ssid;
-	wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
-
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
-		" status=%u version=%u", MAC2STR(src), status[0], peer_version);
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Try connection again after successful network introduction");
-	if (wpa_supplicant_fast_associate(wpa_s) != 1) {
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	}
-fail:
-	os_memset(&intro, 0, sizeof(intro));
-}
-
-
-static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
-{
-	int i, j;
-
-	if (!wpa_s->hw.modes)
-		return -1;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
-
-		for (j = 0; j < mode->num_channels; j++) {
-			struct hostapd_channel_data *chan = &mode->channels[j];
-
-			if (chan->freq != (int) freq)
-				continue;
-
-			if (chan->flag & (HOSTAPD_CHAN_DISABLED |
-					  HOSTAPD_CHAN_NO_IR |
-					  HOSTAPD_CHAN_RADAR))
-				continue;
-
-			return 1;
-		}
-	}
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
-		   freq);
-
-	return 0;
-}
-
-
-static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
-				      struct dpp_pkex *pkex)
-{
-	if (pkex->freq == 2437)
-		pkex->freq = 5745;
-	else if (pkex->freq == 5745)
-		pkex->freq = 5220;
-	else if (pkex->freq == 5220)
-		pkex->freq = 60480;
-	else
-		return -1; /* no more channels to try */
-
-	if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
-		wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
-			   pkex->freq);
-		return 0;
-	}
-
-	/* Could not use this channel - try the next one */
-	return wpas_dpp_pkex_next_channel(wpa_s, pkex);
-}
-
-
-static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
-
-	if (!pkex || !pkex->exchange_req)
-		return;
-	if (pkex->exch_req_tries >= 5) {
-		if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
-			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
-				"No response from PKEX peer");
-			dpp_pkex_free(pkex);
-			wpa_s->dpp_pkex = NULL;
-			return;
-		}
-		pkex->exch_req_tries = 0;
-	}
-
-	pkex->exch_req_tries++;
-	wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
-		   pkex->exch_req_tries);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(broadcast), pkex->freq,
-		pkex->v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
-		DPP_PA_PKEX_V1_EXCHANGE_REQ);
-	offchannel_send_action(wpa_s, pkex->freq, broadcast,
-			       wpa_s->own_addr, broadcast,
-			       wpabuf_head(pkex->exchange_req),
-			       wpabuf_len(pkex->exchange_req),
-			       pkex->exch_req_wait_time,
-			       wpas_dpp_tx_pkex_status, 0);
-}
-
-
-static void
-wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
-			unsigned int freq, const u8 *dst,
-			const u8 *src, const u8 *bssid,
-			const u8 *data, size_t data_len,
-			enum offchannel_send_action_result result)
-{
-	const char *res_txt;
-	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
-
-	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
-		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
-		 "FAILED");
-	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
-		   " result=%s (PKEX)",
-		   freq, MAC2STR(dst), res_txt);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
-		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
-
-	if (!pkex) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignore TX status since there is no ongoing PKEX exchange");
-		return;
-	}
-
-	if (pkex->failed) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Terminate PKEX exchange due to an earlier error");
-		if (pkex->t > pkex->own_bi->pkex_t)
-			pkex->own_bi->pkex_t = pkex->t;
-		dpp_pkex_free(pkex);
-		wpa_s->dpp_pkex = NULL;
-		return;
-	}
-
-	if (pkex->exch_req_wait_time && pkex->exchange_req) {
-		/* Wait for PKEX Exchange Response frame and retry request if
-		 * no response is seen. */
-		eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
-		eloop_register_timeout(pkex->exch_req_wait_time / 1000,
-				       (pkex->exch_req_wait_time % 1000) * 1000,
-				       wpas_dpp_pkex_retry_timeout, wpa_s,
-				       NULL);
-	}
-}
-
-
-static void
-wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
-			      const u8 *buf, size_t len, unsigned int freq,
-			      bool v2)
-{
-	struct wpabuf *msg;
-	unsigned int wait_time;
-
-	wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
-		   MAC2STR(src));
-
-	/* TODO: Support multiple PKEX codes by iterating over all the enabled
-	 * values here */
-
-	if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No PKEX code configured - ignore request");
-		return;
-	}
-
-	if (wpa_s->dpp_pkex) {
-		/* TODO: Support parallel operations */
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Already in PKEX session - ignore new request");
-		return;
-	}
-
-	wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
-						   wpa_s->own_addr, src,
-						   wpa_s->dpp_pkex_identifier,
-						   wpa_s->dpp_pkex_code,
-						   buf, len, v2);
-	if (!wpa_s->dpp_pkex) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Failed to process the request - ignore it");
-		return;
-	}
-
-	msg = wpa_s->dpp_pkex->exchange_resp;
-	wait_time = wpa_s->max_remain_on_chan;
-	if (wait_time > 2000)
-		wait_time = 2000;
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
-	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
-			       broadcast,
-			       wpabuf_head(msg), wpabuf_len(msg),
-			       wait_time, wpas_dpp_tx_pkex_status, 0);
-}
-
-
-static void
-wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
-			       const u8 *buf, size_t len, unsigned int freq)
-{
-	struct wpabuf *msg;
-	unsigned int wait_time;
-
-	wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
-		   MAC2STR(src));
-
-	/* TODO: Support multiple PKEX codes by iterating over all the enabled
-	 * values here */
-
-	if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
-	    wpa_s->dpp_pkex->exchange_done) {
-		wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
-		return;
-	}
-
-	eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
-	wpa_s->dpp_pkex->exch_req_wait_time = 0;
-
-	msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
-	if (!msg) {
-		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
-		   MAC2STR(src));
-
-	wait_time = wpa_s->max_remain_on_chan;
-	if (wait_time > 2000)
-		wait_time = 2000;
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
-	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
-			       broadcast,
-			       wpabuf_head(msg), wpabuf_len(msg),
-			       wait_time, wpas_dpp_tx_pkex_status, 0);
-	wpabuf_free(msg);
-}
-
-
-static struct dpp_bootstrap_info *
-wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
-		     unsigned int freq)
-{
-	struct dpp_bootstrap_info *bi;
-
-	bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
-	if (!bi)
-		return NULL;
-	wpa_s->dpp_pkex = NULL;
-	return bi;
-}
-
-
-static void
-wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
-				   const u8 *hdr, const u8 *buf, size_t len,
-				   unsigned int freq)
-{
-	struct wpabuf *msg;
-	unsigned int wait_time;
-	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
-
-	wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
-		   MAC2STR(src));
-
-	if (!pkex || pkex->initiator || !pkex->exchange_done) {
-		wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
-		return;
-	}
-
-	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
-	if (!msg) {
-		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
-		if (pkex->failed) {
-			wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
-			if (pkex->t > pkex->own_bi->pkex_t)
-				pkex->own_bi->pkex_t = pkex->t;
-			dpp_pkex_free(wpa_s->dpp_pkex);
-			wpa_s->dpp_pkex = NULL;
-		}
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
-		   MACSTR, MAC2STR(src));
-
-	wait_time = wpa_s->max_remain_on_chan;
-	if (wait_time > 2000)
-		wait_time = 2000;
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
-	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
-			       broadcast,
-			       wpabuf_head(msg), wpabuf_len(msg),
-			       wait_time, wpas_dpp_tx_pkex_status, 0);
-	wpabuf_free(msg);
-
-	wpas_dpp_pkex_finish(wpa_s, src, freq);
-}
-
-
-static void
-wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
-				    const u8 *hdr, const u8 *buf, size_t len,
-				    unsigned int freq)
-{
-	int res;
-	struct dpp_bootstrap_info *bi;
-	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
-	char cmd[500];
-
-	wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
-		   MAC2STR(src));
-
-	if (!pkex || !pkex->initiator || !pkex->exchange_done) {
-		wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
-		return;
-	}
-
-	res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
-	if (res < 0) {
-		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
-		return;
-	}
-
-	bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
-	if (!bi)
-		return;
-
-	os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
-		    bi->id,
-		    wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Start authentication after PKEX with parameters: %s",
-		   cmd);
-	if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Authentication initialization failed");
-		offchannel_send_action_done(wpa_s);
-		return;
-	}
-}
-
-
-void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
-			const u8 *buf, size_t len, unsigned int freq)
-{
-	u8 crypto_suite;
-	enum dpp_public_action_frame_type type;
-	const u8 *hdr;
-	unsigned int pkex_t;
-
-	if (len < DPP_HDR_LEN)
-		return;
-	if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
-		return;
-	hdr = buf;
-	buf += 4;
-	len -= 4;
-	crypto_suite = *buf++;
-	type = *buf++;
-	len -= 2;
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Received DPP Public Action frame crypto suite %u type %d from "
-		   MACSTR " freq=%u",
-		   crypto_suite, type, MAC2STR(src), freq);
-	if (crypto_suite != 1) {
-		wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
-			   crypto_suite);
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
-			" freq=%u type=%d ignore=unsupported-crypto-suite",
-			MAC2STR(src), freq, type);
-		return;
-	}
-	wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
-	if (dpp_check_attrs(buf, len) < 0) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
-			" freq=%u type=%d ignore=invalid-attributes",
-			MAC2STR(src), freq, type);
-		return;
-	}
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
-		MAC2STR(src), freq, type);
-
-	switch (type) {
-	case DPP_PA_AUTHENTICATION_REQ:
-		wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
-		break;
-	case DPP_PA_AUTHENTICATION_RESP:
-		wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
-		break;
-	case DPP_PA_AUTHENTICATION_CONF:
-		wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
-		break;
-	case DPP_PA_PEER_DISCOVERY_RESP:
-		wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
-		break;
-#ifdef CONFIG_DPP3
-	case DPP_PA_PKEX_EXCHANGE_REQ:
-		/* This is for PKEXv2, but for now, process only with
-		 * CONFIG_DPP3 to avoid issues with a capability that has not
-		 * been tested with other implementations. */
-		wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, true);
-		break;
-#endif /* CONFIG_DPP3 */
-	case DPP_PA_PKEX_V1_EXCHANGE_REQ:
-		wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq,
-					      false);
-		break;
-	case DPP_PA_PKEX_EXCHANGE_RESP:
-		wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
-		break;
-	case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
-		wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
-						   freq);
-		break;
-	case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
-		wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
-						    freq);
-		break;
-#ifdef CONFIG_DPP2
-	case DPP_PA_CONFIGURATION_RESULT:
-		wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
-		break;
-	case DPP_PA_CONNECTION_STATUS_RESULT:
-		wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
-		break;
-	case DPP_PA_PRESENCE_ANNOUNCEMENT:
-		wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len,
-						  freq);
-		break;
-	case DPP_PA_RECONFIG_ANNOUNCEMENT:
-		wpas_dpp_rx_reconfig_announcement(wpa_s, src, hdr, buf, len,
-						  freq);
-		break;
-	case DPP_PA_RECONFIG_AUTH_REQ:
-		wpas_dpp_rx_reconfig_auth_req(wpa_s, src, hdr, buf, len, freq);
-		break;
-	case DPP_PA_RECONFIG_AUTH_RESP:
-		wpas_dpp_rx_reconfig_auth_resp(wpa_s, src, hdr, buf, len, freq);
-		break;
-	case DPP_PA_RECONFIG_AUTH_CONF:
-		wpas_dpp_rx_reconfig_auth_conf(wpa_s, src, hdr, buf, len, freq);
-		break;
-#endif /* CONFIG_DPP2 */
-	default:
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignored unsupported frame subtype %d", type);
-		break;
-	}
-
-	if (wpa_s->dpp_pkex)
-		pkex_t = wpa_s->dpp_pkex->t;
-	else if (wpa_s->dpp_pkex_bi)
-		pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
-	else
-		pkex_t = 0;
-	if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
-		wpas_dpp_pkex_remove(wpa_s, "*");
-	}
-}
-
-
-static struct wpabuf *
-wpas_dpp_gas_req_handler(void *ctx, void *resp_ctx, const u8 *sa,
-			 const u8 *query, size_t query_len, u16 *comeback_delay)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	struct wpabuf *resp;
-
-	wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
-		   MAC2STR(sa));
-	if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
-	    os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
-		return NULL;
-	}
-
-	if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
-		/* wpas_dpp_auth_success() would normally have been called from
-		 * TX status handler, but since there was no such handler call
-		 * yet, simply send out the event message and proceed with
-		 * exchange. */
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=1");
-		wpa_s->dpp_auth_ok_on_ack = 0;
-	}
-
-	wpa_hexdump(MSG_DEBUG,
-		    "DPP: Received Configuration Request (GAS Query Request)",
-		    query, query_len);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
-		MAC2STR(sa));
-	resp = dpp_conf_req_rx(auth, query, query_len);
-
-#ifdef CONFIG_DPP2
-	if (!resp && auth->waiting_cert) {
-		wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
-		auth->cert_resp_ctx = resp_ctx;
-		*comeback_delay = 500;
-		return NULL;
-	}
-#endif /* CONFIG_DPP2 */
-
-	if (!resp)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
-	auth->conf_resp = resp;
-	auth->gas_server_ctx = resp_ctx;
-	return resp;
-}
-
-
-static void
-wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-
-	if (!auth) {
-		wpabuf_free(resp);
-		return;
-	}
-	if (auth->conf_resp != resp) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Ignore GAS status report (ok=%d) for unknown response",
-			ok);
-		wpabuf_free(resp);
-		return;
-	}
-
-#ifdef CONFIG_DPP2
-	if (auth->waiting_csr && ok) {
-		wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR");
-		wpabuf_free(resp);
-		return;
-	}
-#endif /* CONFIG_DPP2 */
-
-	wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
-		   ok);
-	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
-#ifdef CONFIG_DPP2
-	if (ok && auth->peer_version >= 2 &&
-	    auth->conf_resp_status == DPP_STATUS_OK &&
-	    !auth->waiting_conf_result) {
-		wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
-		auth->waiting_conf_result = 1;
-		auth->conf_resp = NULL;
-		wpabuf_free(resp);
-		eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
-				     wpa_s, NULL);
-		eloop_register_timeout(2, 0,
-				       wpas_dpp_config_result_wait_timeout,
-				       wpa_s, NULL);
-		return;
-	}
-#endif /* CONFIG_DPP2 */
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_listen_stop(wpa_s);
-	if (ok)
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
-	else
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
-	dpp_auth_deinit(wpa_s->dpp_auth);
-	wpa_s->dpp_auth = NULL;
-	wpabuf_free(resp);
-}
-
-
-int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct dpp_authentication *auth;
-	int ret = -1;
-	char *curve = NULL;
-
-	auth = dpp_alloc_auth(wpa_s->dpp, wpa_s);
-	if (!auth)
-		return -1;
-
-	curve = get_param(cmd, " curve=");
-	wpas_dpp_set_testing_options(wpa_s, auth);
-	if (dpp_set_configurator(auth, cmd) == 0 &&
-	    dpp_configurator_own_config(auth, curve, 0) == 0)
-		ret = wpas_dpp_handle_config_obj(wpa_s, auth,
-						 &auth->conf_obj[0]);
-	if (!ret)
-		wpas_dpp_post_process_config(wpa_s, auth);
-
-	dpp_auth_deinit(auth);
-	os_free(curve);
-
-	return ret;
-}
-
-
-static void
-wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
-				unsigned int freq, const u8 *dst,
-				const u8 *src, const u8 *bssid,
-				const u8 *data, size_t data_len,
-				enum offchannel_send_action_result result)
-{
-	const char *res_txt;
-
-	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
-		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
-		 "FAILED");
-	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
-		   " result=%s (DPP Peer Discovery Request)",
-		   freq, MAC2STR(dst), res_txt);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
-		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
-	/* TODO: Time out wait for response more quickly in error cases? */
-}
-
-
-int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			   struct wpa_bss *bss)
-{
-	struct os_time now;
-	struct wpabuf *msg;
-	unsigned int wait_time;
-	const u8 *rsn;
-	struct wpa_ie_data ied;
-	size_t len;
-
-	if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
-		return 0; /* Not using DPP AKM - continue */
-	rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
-	    !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
-		return 0; /* AP does not support DPP AKM - continue */
-	if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
-		return 0; /* PMKSA exists for DPP AKM - continue */
-
-	if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
-	    !ssid->dpp_csign) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
-			"missing %s",
-			!ssid->dpp_connector ? "Connector" :
-			(!ssid->dpp_netaccesskey ? "netAccessKey" :
-			 "C-sign-key"));
-		return -1;
-	}
-
-	os_get_time(&now);
-
-	if (ssid->dpp_netaccesskey_expiry &&
-	    (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
-			"netAccessKey expired");
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG,
-		   "DPP: Starting network introduction protocol to derive PMKSA for "
-		   MACSTR, MAC2STR(bss->bssid));
-
-	len = 5 + 4 + os_strlen(ssid->dpp_connector);
-#ifdef CONFIG_DPP2
-	len += 5;
-#endif /* CONFIG_DPP2 */
-	msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, len);
-	if (!msg)
-		return -1;
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
-		goto skip_trans_id;
-	}
-	if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
-		wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
-		wpabuf_put_le16(msg, 0);
-		goto skip_trans_id;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	/* Transaction ID */
-	wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
-	wpabuf_put_le16(msg, 1);
-	wpabuf_put_u8(msg, TRANSACTION_ID);
-
-#ifdef CONFIG_TESTING_OPTIONS
-skip_trans_id:
-	if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
-		goto skip_connector;
-	}
-	if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
-		char *connector;
-
-		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
-		connector = dpp_corrupt_connector_signature(
-			ssid->dpp_connector);
-		if (!connector) {
-			wpabuf_free(msg);
-			return -1;
-		}
-		wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
-		wpabuf_put_le16(msg, os_strlen(connector));
-		wpabuf_put_str(msg, connector);
-		os_free(connector);
-		goto skip_connector;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	/* DPP Connector */
-	wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
-	wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
-	wpabuf_put_str(msg, ssid->dpp_connector);
-
-#ifdef CONFIG_TESTING_OPTIONS
-skip_connector:
-	if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version");
-		goto skip_proto_ver;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-#ifdef CONFIG_DPP2
-	if (DPP_VERSION > 1) {
-		u8 ver = DPP_VERSION;
-#ifdef CONFIG_DPP3
-		int conn_ver;
-
-		conn_ver = dpp_get_connector_version(ssid->dpp_connector);
-		if (conn_ver > 0 && ver != conn_ver) {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: Use Connector version %d instead of current protocol version %d",
-				   conn_ver, ver);
-			ver = conn_ver;
-		}
-#endif /* CONFIG_DPP3 */
-
-		/* Protocol Version */
-		wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
-		wpabuf_put_le16(msg, 1);
-		wpabuf_put_u8(msg, ver);
-	}
-#endif /* CONFIG_DPP2 */
-
-#ifdef CONFIG_TESTING_OPTIONS
-skip_proto_ver:
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	/* TODO: Timeout on AP response */
-	wait_time = wpa_s->max_remain_on_chan;
-	if (wait_time > 2000)
-		wait_time = 2000;
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
-	offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
-			       broadcast,
-			       wpabuf_head(msg), wpabuf_len(msg),
-			       wait_time, wpas_dpp_tx_introduction_status, 0);
-	wpabuf_free(msg);
-
-	/* Request this connection attempt to terminate - new one will be
-	 * started when network introduction protocol completes */
-	os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
-	wpa_s->dpp_intro_network = ssid;
-	return 1;
-}
-
-
-int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct dpp_bootstrap_info *own_bi;
-	const char *pos, *end;
-	unsigned int wait_time;
-
-	pos = os_strstr(cmd, " own=");
-	if (!pos)
-		return -1;
-	pos += 5;
-	own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
-	if (!own_bi) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Identified bootstrap info not found");
-		return -1;
-	}
-	if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Identified bootstrap info not for PKEX");
-		return -1;
-	}
-	wpa_s->dpp_pkex_bi = own_bi;
-	own_bi->pkex_t = 0; /* clear pending errors on new code */
-
-	os_free(wpa_s->dpp_pkex_identifier);
-	wpa_s->dpp_pkex_identifier = NULL;
-	pos = os_strstr(cmd, " identifier=");
-	if (pos) {
-		pos += 12;
-		end = os_strchr(pos, ' ');
-		if (!end)
-			return -1;
-		wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
-		if (!wpa_s->dpp_pkex_identifier)
-			return -1;
-		os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
-		wpa_s->dpp_pkex_identifier[end - pos] = '\0';
-	}
-
-	pos = os_strstr(cmd, " code=");
-	if (!pos)
-		return -1;
-	os_free(wpa_s->dpp_pkex_code);
-	wpa_s->dpp_pkex_code = os_strdup(pos + 6);
-	if (!wpa_s->dpp_pkex_code)
-		return -1;
-
-	if (os_strstr(cmd, " init=1") || os_strstr(cmd, " init=2")) {
-		struct dpp_pkex *pkex;
-		struct wpabuf *msg;
-		bool v2 = os_strstr(cmd, " init=2") != NULL;
-
-		wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
-		dpp_pkex_free(wpa_s->dpp_pkex);
-		wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
-						wpa_s->dpp_pkex_identifier,
-						wpa_s->dpp_pkex_code, v2);
-		pkex = wpa_s->dpp_pkex;
-		if (!pkex)
-			return -1;
-
-		msg = pkex->exchange_req;
-		wait_time = wpa_s->max_remain_on_chan;
-		if (wait_time > 2000)
-			wait_time = 2000;
-		pkex->freq = 2437;
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
-			" freq=%u type=%d",
-			MAC2STR(broadcast), pkex->freq,
-			v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
-			DPP_PA_PKEX_V1_EXCHANGE_REQ);
-		offchannel_send_action(wpa_s, pkex->freq, broadcast,
-				       wpa_s->own_addr, broadcast,
-				       wpabuf_head(msg), wpabuf_len(msg),
-				       wait_time, wpas_dpp_tx_pkex_status, 0);
-		if (wait_time == 0)
-			wait_time = 2000;
-		pkex->exch_req_wait_time = wait_time;
-		pkex->exch_req_tries = 1;
-	}
-
-	/* TODO: Support multiple PKEX info entries */
-
-	os_free(wpa_s->dpp_pkex_auth_cmd);
-	wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
-
-	return 1;
-}
-
-
-int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
-{
-	unsigned int id_val;
-
-	if (os_strcmp(id, "*") == 0) {
-		id_val = 0;
-	} else {
-		id_val = atoi(id);
-		if (id_val == 0)
-			return -1;
-	}
-
-	if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
-		return -1;
-
-	/* TODO: Support multiple PKEX entries */
-	os_free(wpa_s->dpp_pkex_code);
-	wpa_s->dpp_pkex_code = NULL;
-	os_free(wpa_s->dpp_pkex_identifier);
-	wpa_s->dpp_pkex_identifier = NULL;
-	os_free(wpa_s->dpp_pkex_auth_cmd);
-	wpa_s->dpp_pkex_auth_cmd = NULL;
-	wpa_s->dpp_pkex_bi = NULL;
-	/* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
-	dpp_pkex_free(wpa_s->dpp_pkex);
-	wpa_s->dpp_pkex = NULL;
-	return 0;
-}
-
-
-void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->dpp_auth || wpa_s->dpp_pkex)
-		offchannel_send_action_done(wpa_s);
-	dpp_auth_deinit(wpa_s->dpp_auth);
-	wpa_s->dpp_auth = NULL;
-	dpp_pkex_free(wpa_s->dpp_pkex);
-	wpa_s->dpp_pkex = NULL;
-	if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
-		gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
-}
-
-
-int wpas_dpp_init(struct wpa_supplicant *wpa_s)
-{
-	struct dpp_global_config config;
-	u8 adv_proto_id[7];
-
-	adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
-	adv_proto_id[1] = 5;
-	WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
-	adv_proto_id[5] = DPP_OUI_TYPE;
-	adv_proto_id[6] = 0x01;
-
-	if (gas_server_register(wpa_s->gas_server, adv_proto_id,
-				sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
-				wpas_dpp_gas_status_handler, wpa_s) < 0)
-		return -1;
-
-	os_memset(&config, 0, sizeof(config));
-	config.cb_ctx = wpa_s;
-#ifdef CONFIG_DPP2
-	config.remove_bi = wpas_dpp_remove_bi;
-#endif /* CONFIG_DPP2 */
-	wpa_s->dpp = dpp_global_init(&config);
-	return wpa_s->dpp ? 0 : -1;
-}
-
-
-void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_TESTING_OPTIONS
-	os_free(wpa_s->dpp_config_obj_override);
-	wpa_s->dpp_config_obj_override = NULL;
-	os_free(wpa_s->dpp_discovery_override);
-	wpa_s->dpp_discovery_override = NULL;
-	os_free(wpa_s->dpp_groups_override);
-	wpa_s->dpp_groups_override = NULL;
-	wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (!wpa_s->dpp)
-		return;
-	eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
-#ifdef CONFIG_DPP2
-	eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
-			     wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
-			     wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_build_csr, wpa_s, NULL);
-	dpp_pfs_free(wpa_s->dpp_pfs);
-	wpa_s->dpp_pfs = NULL;
-	wpas_dpp_chirp_stop(wpa_s);
-	dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
-	wpa_s->dpp_reconfig_id = NULL;
-#endif /* CONFIG_DPP2 */
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_listen_stop(wpa_s);
-	wpas_dpp_stop(wpa_s);
-	wpas_dpp_pkex_remove(wpa_s, "*");
-	os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
-	os_free(wpa_s->dpp_configurator_params);
-	wpa_s->dpp_configurator_params = NULL;
-	dpp_global_clear(wpa_s->dpp);
-}
-
-
-#ifdef CONFIG_DPP2
-
-int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct dpp_controller_config config;
-	const char *pos;
-
-	os_memset(&config, 0, sizeof(config));
-	config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
-	config.netrole = DPP_NETROLE_STA;
-	config.msg_ctx = wpa_s;
-	config.cb_ctx = wpa_s;
-	config.process_conf_obj = wpas_dpp_process_conf_obj;
-	if (cmd) {
-		pos = os_strstr(cmd, " tcp_port=");
-		if (pos) {
-			pos += 10;
-			config.tcp_port = atoi(pos);
-		}
-
-		pos = os_strstr(cmd, " role=");
-		if (pos) {
-			pos += 6;
-			if (os_strncmp(pos, "configurator", 12) == 0)
-				config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
-			else if (os_strncmp(pos, "enrollee", 8) == 0)
-				config.allowed_roles = DPP_CAPAB_ENROLLEE;
-			else if (os_strncmp(pos, "either", 6) == 0)
-				config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
-					DPP_CAPAB_ENROLLEE;
-			else
-				return -1;
-		}
-
-		config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
-	}
-	config.configurator_params = wpa_s->dpp_configurator_params;
-	return dpp_controller_start(wpa_s->dpp, &config);
-}
-
-
-static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
-
-static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
-	offchannel_send_action_done(wpa_s);
-	wpas_dpp_chirp_next(wpa_s, NULL);
-}
-
-
-static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s,
-				     unsigned int freq, const u8 *dst,
-				     const u8 *src, const u8 *bssid,
-				     const u8 *data, size_t data_len,
-				     enum offchannel_send_action_result result)
-{
-	if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
-		wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz",
-			   wpa_s->dpp_chirp_freq);
-		if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next,
-					   wpa_s, NULL) < 0)
-			wpas_dpp_chirp_stop(wpa_s);
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response");
-	if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout,
-				   wpa_s, NULL) < 0)
-		wpas_dpp_chirp_stop(wpa_s);
-}
-
-
-static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s)
-{
-	struct wpabuf *msg, *announce = NULL;
-	int type;
-
-	msg = wpa_s->dpp_presence_announcement;
-	type = DPP_PA_PRESENCE_ANNOUNCEMENT;
-	if (!msg) {
-		struct wpa_ssid *ssid = wpa_s->dpp_reconfig_ssid;
-
-		if (ssid && wpa_s->dpp_reconfig_id &&
-		    wpa_config_get_network(wpa_s->conf,
-					   wpa_s->dpp_reconfig_ssid_id) ==
-		    ssid) {
-			announce = dpp_build_reconfig_announcement(
-				ssid->dpp_csign,
-				ssid->dpp_csign_len,
-				ssid->dpp_netaccesskey,
-				ssid->dpp_netaccesskey_len,
-				wpa_s->dpp_reconfig_id);
-			msg = announce;
-		}
-		if (!msg)
-			return;
-		type = DPP_PA_RECONFIG_ANNOUNCEMENT;
-	}
-	wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq);
-	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
-		MAC2STR(broadcast), wpa_s->dpp_chirp_freq, type);
-	if (offchannel_send_action(
-		    wpa_s, wpa_s->dpp_chirp_freq, broadcast,
-		    wpa_s->own_addr, broadcast,
-		    wpabuf_head(msg), wpabuf_len(msg),
-		    2000, wpas_dpp_chirp_tx_status, 0) < 0)
-		wpas_dpp_chirp_stop(wpa_s);
-
-	wpabuf_free(announce);
-}
-
-
-static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
-					    struct wpa_scan_results *scan_res)
-{
-	struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi;
-	unsigned int i;
-	struct hostapd_hw_modes *mode;
-	int c;
-	struct wpa_bss *bss;
-	bool chan6 = wpa_s->hw.modes == NULL;
-
-	if (!bi && !wpa_s->dpp_reconfig_ssid)
-		return;
-
-	wpa_s->dpp_chirp_scan_done = 1;
-
-	os_free(wpa_s->dpp_chirp_freqs);
-	wpa_s->dpp_chirp_freqs = NULL;
-
-	/* Channels from own bootstrapping info */
-	if (bi) {
-		for (i = 0; i < bi->num_freq; i++)
-			int_array_add_unique(&wpa_s->dpp_chirp_freqs,
-					     bi->freq[i]);
-	}
-
-	/* Preferred chirping channels */
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-			HOSTAPD_MODE_IEEE80211G, false);
-	if (mode) {
-		for (c = 0; c < mode->num_channels; c++) {
-			struct hostapd_channel_data *chan = &mode->channels[c];
-
-			if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
-			    chan->freq != 2437)
-				continue;
-			chan6 = true;
-			break;
-		}
-	}
-	if (chan6)
-		int_array_add_unique(&wpa_s->dpp_chirp_freqs, 2437);
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-			HOSTAPD_MODE_IEEE80211A, false);
-	if (mode) {
-		int chan44 = 0, chan149 = 0;
-
-		for (c = 0; c < mode->num_channels; c++) {
-			struct hostapd_channel_data *chan = &mode->channels[c];
-
-			if (chan->flag & (HOSTAPD_CHAN_DISABLED |
-					  HOSTAPD_CHAN_RADAR))
-				continue;
-			if (chan->freq == 5220)
-				chan44 = 1;
-			if (chan->freq == 5745)
-				chan149 = 1;
-		}
-		if (chan149)
-			int_array_add_unique(&wpa_s->dpp_chirp_freqs, 5745);
-		else if (chan44)
-			int_array_add_unique(&wpa_s->dpp_chirp_freqs, 5220);
-	}
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-			HOSTAPD_MODE_IEEE80211AD, false);
-	if (mode) {
-		for (c = 0; c < mode->num_channels; c++) {
-			struct hostapd_channel_data *chan = &mode->channels[c];
-
-			if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
-					   HOSTAPD_CHAN_RADAR)) ||
-			    chan->freq != 60480)
-				continue;
-			int_array_add_unique(&wpa_s->dpp_chirp_freqs, 60480);
-			break;
-		}
-	}
-
-	/* Add channels from scan results for APs that advertise Configurator
-	 * Connectivity element */
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE))
-			int_array_add_unique(&wpa_s->dpp_chirp_freqs,
-					     bss->freq);
-	}
-
-	if (!wpa_s->dpp_chirp_freqs ||
-	    eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0)
-		wpas_dpp_chirp_stop(wpa_s);
-}
-
-
-static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	int i;
-
-	if (wpa_s->dpp_chirp_listen)
-		wpas_dpp_listen_stop(wpa_s);
-
-	if (wpa_s->dpp_chirp_freq == 0) {
-		if (wpa_s->dpp_chirp_round % 4 == 0 &&
-		    !wpa_s->dpp_chirp_scan_done) {
-			if (wpas_scan_scheduled(wpa_s)) {
-				wpa_printf(MSG_DEBUG,
-					   "DPP: Deferring chirp scan because another scan is planned already");
-				if (eloop_register_timeout(1, 0,
-							   wpas_dpp_chirp_next,
-							   wpa_s, NULL) < 0) {
-					wpas_dpp_chirp_stop(wpa_s);
-					return;
-				}
-				return;
-			}
-			wpa_printf(MSG_DEBUG,
-				   "DPP: Update channel list for chirping");
-			wpa_s->scan_req = MANUAL_SCAN_REQ;
-			wpa_s->scan_res_handler =
-				wpas_dpp_chirp_scan_res_handler;
-			wpa_supplicant_req_scan(wpa_s, 0, 0);
-			return;
-		}
-		wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0];
-		wpa_s->dpp_chirp_round++;
-		wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
-			   wpa_s->dpp_chirp_round);
-	} else {
-		for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++)
-			if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq)
-				break;
-		if (!wpa_s->dpp_chirp_freqs[i]) {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: Previous chirp freq %d not found",
-				   wpa_s->dpp_chirp_freq);
-			return;
-		}
-		i++;
-		if (wpa_s->dpp_chirp_freqs[i]) {
-			wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i];
-		} else {
-			wpa_s->dpp_chirp_iter--;
-			if (wpa_s->dpp_chirp_iter <= 0) {
-				wpa_printf(MSG_DEBUG,
-					   "DPP: Chirping iterations completed");
-				wpas_dpp_chirp_stop(wpa_s);
-				return;
-			}
-			wpa_s->dpp_chirp_freq = 0;
-			wpa_s->dpp_chirp_scan_done = 0;
-			if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next,
-						   wpa_s, NULL) < 0) {
-				wpas_dpp_chirp_stop(wpa_s);
-				return;
-			}
-			if (wpa_s->dpp_chirp_listen) {
-				wpa_printf(MSG_DEBUG,
-					   "DPP: Listen on %d MHz during chirp 30 second wait",
-					wpa_s->dpp_chirp_listen);
-				wpas_dpp_listen_start(wpa_s,
-						      wpa_s->dpp_chirp_listen);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "DPP: Wait 30 seconds before starting the next chirping round");
-			}
-			return;
-		}
-	}
-
-	wpas_dpp_chirp_start(wpa_s);
-}
-
-
-int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	const char *pos;
-	int iter = 1, listen_freq = 0;
-	struct dpp_bootstrap_info *bi;
-
-	pos = os_strstr(cmd, " own=");
-	if (!pos)
-		return -1;
-	pos += 5;
-	bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
-	if (!bi) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Identified bootstrap info not found");
-		return -1;
-	}
-
-	pos = os_strstr(cmd, " iter=");
-	if (pos) {
-		iter = atoi(pos + 6);
-		if (iter <= 0)
-			return -1;
-	}
-
-	pos = os_strstr(cmd, " listen=");
-	if (pos) {
-		listen_freq = atoi(pos + 8);
-		if (listen_freq <= 0)
-			return -1;
-	}
-
-	wpas_dpp_chirp_stop(wpa_s);
-	wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
-	wpa_s->dpp_qr_mutual = 0;
-	wpa_s->dpp_chirp_bi = bi;
-	wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi);
-	if (!wpa_s->dpp_presence_announcement)
-		return -1;
-	wpa_s->dpp_chirp_iter = iter;
-	wpa_s->dpp_chirp_round = 0;
-	wpa_s->dpp_chirp_scan_done = 0;
-	wpa_s->dpp_chirp_listen = listen_freq;
-
-	return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
-}
-
-
-void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->dpp_presence_announcement ||
-	    wpa_s->dpp_reconfig_ssid) {
-		offchannel_send_action_done(wpa_s);
-		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
-	}
-	wpa_s->dpp_chirp_bi = NULL;
-	wpabuf_free(wpa_s->dpp_presence_announcement);
-	wpa_s->dpp_presence_announcement = NULL;
-	if (wpa_s->dpp_chirp_listen)
-		wpas_dpp_listen_stop(wpa_s);
-	wpa_s->dpp_chirp_listen = 0;
-	wpa_s->dpp_chirp_freq = 0;
-	os_free(wpa_s->dpp_chirp_freqs);
-	wpa_s->dpp_chirp_freqs = NULL;
-	eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL);
-	if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) {
-		wpas_abort_ongoing_scan(wpa_s);
-		wpa_s->scan_res_handler = NULL;
-	}
-}
-
-
-int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct wpa_ssid *ssid;
-	int iter = 1;
-	const char *pos;
-
-	ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
-	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
-	    !ssid->dpp_csign) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Not a valid network profile for reconfiguration");
-		return -1;
-	}
-
-	pos = os_strstr(cmd, " iter=");
-	if (pos) {
-		iter = atoi(pos + 6);
-		if (iter <= 0)
-			return -1;
-	}
-
-	if (wpa_s->dpp_auth) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Not ready to start reconfiguration - pending authentication exchange in progress");
-		return -1;
-	}
-
-	dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
-	wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
-						     ssid->dpp_csign_len,
-						     ssid->dpp_pp_key,
-						     ssid->dpp_pp_key_len);
-	if (!wpa_s->dpp_reconfig_id) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Failed to generate E-id for reconfiguration");
-		return -1;
-	}
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-		wpa_printf(MSG_DEBUG, "DPP: Disconnect for reconfiguration");
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-	}
-	wpas_dpp_chirp_stop(wpa_s);
-	wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
-	wpa_s->dpp_qr_mutual = 0;
-	wpa_s->dpp_reconfig_ssid = ssid;
-	wpa_s->dpp_reconfig_ssid_id = ssid->id;
-	wpa_s->dpp_chirp_iter = iter;
-	wpa_s->dpp_chirp_round = 0;
-	wpa_s->dpp_chirp_scan_done = 0;
-	wpa_s->dpp_chirp_listen = 0;
-
-	return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
-}
-
-
-static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s,
-				    struct dpp_authentication *auth, bool tcp)
-{
-	struct wpabuf *resp;
-
-	resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len,
-				   auth->e_netrole, true);
-	if (!resp)
-		return -1;
-
-	if (tcp) {
-		auth->conf_resp_tcp = resp;
-		return 0;
-	}
-
-	if (gas_server_set_resp(wpa_s->gas_server, auth->cert_resp_ctx,
-				resp) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Could not find pending GAS response");
-		wpabuf_free(resp);
-		return -1;
-	}
-	auth->conf_resp = resp;
-	return 0;
-}
-
-
-int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	int peer = -1;
-	const char *pos, *value;
-	struct dpp_authentication *auth = wpa_s->dpp_auth;
-	u8 *bin;
-	size_t bin_len;
-	struct wpabuf *buf;
-	bool tcp = false;
-
-	pos = os_strstr(cmd, " peer=");
-	if (pos) {
-		peer = atoi(pos + 6);
-		if (!auth || !auth->waiting_cert ||
-		    (auth->peer_bi &&
-		     (unsigned int) peer != auth->peer_bi->id)) {
-			auth = dpp_controller_get_auth(wpa_s->dpp, peer);
-			tcp = true;
-		}
-	}
-
-	if (!auth || !auth->waiting_cert) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No authentication exchange waiting for certificate information");
-		return -1;
-	}
-
-	if (peer >= 0 &&
-	    (!auth->peer_bi ||
-	     (unsigned int) peer != auth->peer_bi->id) &&
-	    (!auth->tmp_peer_bi ||
-	     (unsigned int) peer != auth->tmp_peer_bi->id)) {
-		wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
-		return -1;
-	}
-
-	pos = os_strstr(cmd, " value=");
-	if (!pos)
-		return -1;
-	value = pos + 7;
-
-	pos = os_strstr(cmd, " name=");
-	if (!pos)
-		return -1;
-	pos += 6;
-
-	if (os_strncmp(pos, "status ", 7) == 0) {
-		auth->force_conf_resp_status = atoi(value);
-		return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
-	}
-
-	if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
-		os_free(auth->trusted_eap_server_name);
-		auth->trusted_eap_server_name = os_strdup(value);
-		return auth->trusted_eap_server_name ? 0 : -1;
-	}
-
-	bin = base64_decode(value, os_strlen(value), &bin_len);
-	if (!bin)
-		return -1;
-	buf = wpabuf_alloc_copy(bin, bin_len);
-	os_free(bin);
-
-	if (os_strncmp(pos, "caCert ", 7) == 0) {
-		wpabuf_free(auth->cacert);
-		auth->cacert = buf;
-		return 0;
-	}
-
-	if (os_strncmp(pos, "certBag ", 8) == 0) {
-		wpabuf_free(auth->certbag);
-		auth->certbag = buf;
-		return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
-	}
-
-	wpabuf_free(buf);
-	return -1;
-}
-
-#endif /* CONFIG_DPP2 */
diff --git a/wpa_supplicant/dpp_supplicant.h b/wpa_supplicant/dpp_supplicant.h
deleted file mode 100644
index b0d5fcf18835..000000000000
--- a/wpa_supplicant/dpp_supplicant.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * wpa_supplicant - DPP
- * Copyright (c) 2017, Qualcomm Atheros, Inc.
- * Copyright (c) 2018-2020, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DPP_SUPPLICANT_H
-#define DPP_SUPPLICANT_H
-
-enum dpp_status_error;
-
-int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd);
-void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s);
-void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				   unsigned int freq, unsigned int duration);
-void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-					  unsigned int freq);
-void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
-			const u8 *buf, size_t len, unsigned int freq);
-int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id);
-void wpas_dpp_stop(struct wpa_supplicant *wpa_s);
-int wpas_dpp_init(struct wpa_supplicant *wpa_s);
-void wpas_dpp_deinit(struct wpa_supplicant *wpa_s);
-int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			   struct wpa_bss *bss);
-int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd);
-void wpas_dpp_connected(struct wpa_supplicant *wpa_s);
-void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
-				      enum dpp_status_error result);
-int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd);
-void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s);
-int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd);
-int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd);
-
-#endif /* DPP_SUPPLICANT_H */
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
deleted file mode 100644
index 237f4e08516f..000000000000
--- a/wpa_supplicant/driver_i.h
+++ /dev/null
@@ -1,1120 +0,0 @@
-/*
- * wpa_supplicant - Internal driver interface wrappers
- * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DRIVER_I_H
-#define DRIVER_I_H
-
-#include "drivers/driver.h"
-
-/* driver_ops */
-static inline void * wpa_drv_init(struct wpa_supplicant *wpa_s,
-				  const char *ifname)
-{
-	if (wpa_s->driver->init2)
-		return wpa_s->driver->init2(wpa_s, ifname,
-					    wpa_s->global_drv_priv);
-	if (wpa_s->driver->init) {
-		return wpa_s->driver->init(wpa_s, ifname);
-	}
-	return NULL;
-}
-
-static inline void wpa_drv_deinit(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->deinit)
-		wpa_s->driver->deinit(wpa_s->drv_priv);
-}
-
-static inline int wpa_drv_set_param(struct wpa_supplicant *wpa_s,
-				    const char *param)
-{
-	if (wpa_s->driver->set_param)
-		return wpa_s->driver->set_param(wpa_s->drv_priv, param);
-	return 0;
-}
-
-static inline int wpa_drv_set_countermeasures(struct wpa_supplicant *wpa_s,
-					      int enabled)
-{
-	if (wpa_s->driver->set_countermeasures) {
-		return wpa_s->driver->set_countermeasures(wpa_s->drv_priv,
-							  enabled);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_authenticate(struct wpa_supplicant *wpa_s,
-				       struct wpa_driver_auth_params *params)
-{
-	if (wpa_s->driver->authenticate)
-		return wpa_s->driver->authenticate(wpa_s->drv_priv, params);
-	return -1;
-}
-
-static inline int wpa_drv_associate(struct wpa_supplicant *wpa_s,
-				    struct wpa_driver_associate_params *params)
-{
-	if (wpa_s->driver->associate) {
-		return wpa_s->driver->associate(wpa_s->drv_priv, params);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_init_mesh(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->init_mesh)
-		return wpa_s->driver->init_mesh(wpa_s->drv_priv);
-	return -1;
-}
-
-static inline int wpa_drv_join_mesh(struct wpa_supplicant *wpa_s,
-				    struct wpa_driver_mesh_join_params *params)
-{
-	if (wpa_s->driver->join_mesh)
-		return wpa_s->driver->join_mesh(wpa_s->drv_priv, params);
-	return -1;
-}
-
-static inline int wpa_drv_leave_mesh(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->leave_mesh)
-		return wpa_s->driver->leave_mesh(wpa_s->drv_priv);
-	return -1;
-}
-
-static inline int wpa_drv_mesh_link_probe(struct wpa_supplicant *wpa_s,
-					  const u8 *addr,
-					  const u8 *eth, size_t len)
-{
-	if (wpa_s->driver->probe_mesh_link)
-		return wpa_s->driver->probe_mesh_link(wpa_s->drv_priv, addr,
-						      eth, len);
-	return -1;
-}
-
-static inline int wpa_drv_scan(struct wpa_supplicant *wpa_s,
-			       struct wpa_driver_scan_params *params)
-{
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->test_failure == WPAS_TEST_FAILURE_SCAN_TRIGGER)
-		return -EBUSY;
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (wpa_s->driver->scan2)
-		return wpa_s->driver->scan2(wpa_s->drv_priv, params);
-	return -1;
-}
-
-static inline int wpa_drv_sched_scan(struct wpa_supplicant *wpa_s,
-				     struct wpa_driver_scan_params *params)
-{
-	if (wpa_s->driver->sched_scan)
-		return wpa_s->driver->sched_scan(wpa_s->drv_priv, params);
-	return -1;
-}
-
-static inline int wpa_drv_stop_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->stop_sched_scan)
-		return wpa_s->driver->stop_sched_scan(wpa_s->drv_priv);
-	return -1;
-}
-
-struct wpa_scan_results *
-wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s);
-
-static inline int wpa_drv_get_bssid(struct wpa_supplicant *wpa_s, u8 *bssid)
-{
-	if (wpa_s->driver->get_bssid) {
-		return wpa_s->driver->get_bssid(wpa_s->drv_priv, bssid);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid)
-{
-	if (wpa_s->driver->get_ssid) {
-		return wpa_s->driver->get_ssid(wpa_s->drv_priv, ssid);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s,
-				  enum wpa_alg alg, const u8 *addr,
-				  int key_idx, int set_tx,
-				  const u8 *seq, size_t seq_len,
-				  const u8 *key, size_t key_len,
-				  enum key_flag key_flag)
-{
-	struct wpa_driver_set_key_params params;
-
-	os_memset(&params, 0, sizeof(params));
-	params.ifname = wpa_s->ifname;
-	params.alg = alg;
-	params.addr = addr;
-	params.key_idx = key_idx;
-	params.set_tx = set_tx;
-	params.seq = seq;
-	params.seq_len = seq_len;
-	params.key = key;
-	params.key_len = key_len;
-	params.key_flag = key_flag;
-
-	if (alg != WPA_ALG_NONE) {
-		/* keyidx = 1 can be either a broadcast or--with
-		 * Extended Key ID--a unicast key. Use bit 15 for
-		 * the pairwise keyidx 1 which is hopefully high enough
-		 * to not clash with future extensions.
-		 */
-		if (key_idx == 1 && (key_flag & KEY_FLAG_PAIRWISE))
-			wpa_s->keys_cleared &= ~BIT(15);
-		else if (key_idx >= 0 && key_idx <= 5)
-			wpa_s->keys_cleared &= ~BIT(key_idx);
-		else
-			wpa_s->keys_cleared = 0;
-	}
-	if (wpa_s->driver->set_key) {
-		return wpa_s->driver->set_key(wpa_s->drv_priv, &params);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_get_seqnum(struct wpa_supplicant *wpa_s,
-				     const u8 *addr, int idx, u8 *seq)
-{
-	if (wpa_s->driver->get_seqnum)
-		return wpa_s->driver->get_seqnum(wpa_s->ifname, wpa_s->drv_priv,
-						 addr, idx, seq);
-	return -1;
-}
-
-static inline int wpa_drv_sta_deauth(struct wpa_supplicant *wpa_s,
-				     const u8 *addr, u16 reason_code)
-{
-	if (wpa_s->driver->sta_deauth) {
-		return wpa_s->driver->sta_deauth(wpa_s->drv_priv,
-						 wpa_s->own_addr, addr,
-						 reason_code);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_deauthenticate(struct wpa_supplicant *wpa_s,
-					 const u8 *addr, u16 reason_code)
-{
-	if (wpa_s->driver->deauthenticate) {
-		return wpa_s->driver->deauthenticate(wpa_s->drv_priv, addr,
-						     reason_code);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_add_pmkid(struct wpa_supplicant *wpa_s,
-				    struct wpa_pmkid_params *params)
-{
-	if (wpa_s->driver->add_pmkid) {
-		return wpa_s->driver->add_pmkid(wpa_s->drv_priv, params);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_remove_pmkid(struct wpa_supplicant *wpa_s,
-				       struct wpa_pmkid_params *params)
-{
-	if (wpa_s->driver->remove_pmkid) {
-		return wpa_s->driver->remove_pmkid(wpa_s->drv_priv, params);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_flush_pmkid(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->flush_pmkid) {
-		return wpa_s->driver->flush_pmkid(wpa_s->drv_priv);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_get_capa(struct wpa_supplicant *wpa_s,
-				   struct wpa_driver_capa *capa)
-{
-	if (wpa_s->driver->get_capa) {
-		return wpa_s->driver->get_capa(wpa_s->drv_priv, capa);
-	}
-	return -1;
-}
-
-static inline void wpa_drv_poll(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->poll) {
-		wpa_s->driver->poll(wpa_s->drv_priv);
-	}
-}
-
-static inline const char * wpa_drv_get_ifname(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->get_ifname) {
-		return wpa_s->driver->get_ifname(wpa_s->drv_priv);
-	}
-	return NULL;
-}
-
-static inline const char *
-wpa_driver_get_radio_name(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->get_radio_name)
-		return wpa_s->driver->get_radio_name(wpa_s->drv_priv);
-	return NULL;
-}
-
-static inline const u8 * wpa_drv_get_mac_addr(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->get_mac_addr) {
-		return wpa_s->driver->get_mac_addr(wpa_s->drv_priv);
-	}
-	return NULL;
-}
-
-static inline int wpa_drv_set_operstate(struct wpa_supplicant *wpa_s,
-					int state)
-{
-	if (wpa_s->driver->set_operstate)
-		return wpa_s->driver->set_operstate(wpa_s->drv_priv, state);
-	return 0;
-}
-
-static inline int wpa_drv_mlme_setprotection(struct wpa_supplicant *wpa_s,
-					     const u8 *addr, int protect_type,
-					     int key_type)
-{
-	if (wpa_s->driver->mlme_setprotection)
-		return wpa_s->driver->mlme_setprotection(wpa_s->drv_priv, addr,
-							 protect_type,
-							 key_type);
-	return 0;
-}
-
-static inline struct hostapd_hw_modes *
-wpa_drv_get_hw_feature_data(struct wpa_supplicant *wpa_s, u16 *num_modes,
-			    u16 *flags, u8 *dfs_domain)
-{
-	if (wpa_s->driver->get_hw_feature_data)
-		return wpa_s->driver->get_hw_feature_data(wpa_s->drv_priv,
-							  num_modes, flags,
-							  dfs_domain);
-	return NULL;
-}
-
-static inline int wpa_drv_set_country(struct wpa_supplicant *wpa_s,
-				      const char *alpha2)
-{
-	if (wpa_s->driver->set_country)
-		return wpa_s->driver->set_country(wpa_s->drv_priv, alpha2);
-	return 0;
-}
-
-static inline int wpa_drv_send_mlme(struct wpa_supplicant *wpa_s,
-				    const u8 *data, size_t data_len, int noack,
-				    unsigned int freq, unsigned int wait)
-{
-	if (wpa_s->driver->send_mlme)
-		return wpa_s->driver->send_mlme(wpa_s->drv_priv,
-						data, data_len, noack,
-						freq, NULL, 0, 0, wait);
-	return -1;
-}
-
-static inline int wpa_drv_update_ft_ies(struct wpa_supplicant *wpa_s,
-					const u8 *md,
-					const u8 *ies, size_t ies_len)
-{
-	if (wpa_s->driver->update_ft_ies)
-		return wpa_s->driver->update_ft_ies(wpa_s->drv_priv, md,
-						    ies, ies_len);
-	return -1;
-}
-
-static inline int wpa_drv_set_ap(struct wpa_supplicant *wpa_s,
-				 struct wpa_driver_ap_params *params)
-{
-	if (wpa_s->driver->set_ap)
-		return wpa_s->driver->set_ap(wpa_s->drv_priv, params);
-	return -1;
-}
-
-static inline int wpa_drv_sta_add(struct wpa_supplicant *wpa_s,
-				  struct hostapd_sta_add_params *params)
-{
-	if (wpa_s->driver->sta_add)
-		return wpa_s->driver->sta_add(wpa_s->drv_priv, params);
-	return -1;
-}
-
-static inline int wpa_drv_sta_remove(struct wpa_supplicant *wpa_s,
-				     const u8 *addr)
-{
-	if (wpa_s->driver->sta_remove)
-		return wpa_s->driver->sta_remove(wpa_s->drv_priv, addr);
-	return -1;
-}
-
-static inline int wpa_drv_tx_control_port(struct wpa_supplicant *wpa_s,
-					  const u8 *dest, u16 proto,
-					  const u8 *buf, size_t len,
-					  int no_encrypt)
-{
-	if (!wpa_s->driver->tx_control_port)
-		return -1;
-	return wpa_s->driver->tx_control_port(wpa_s->drv_priv, dest, proto,
-					      buf, len, no_encrypt);
-}
-
-static inline int wpa_drv_hapd_send_eapol(struct wpa_supplicant *wpa_s,
-					  const u8 *addr, const u8 *data,
-					  size_t data_len, int encrypt,
-					  const u8 *own_addr, u32 flags)
-{
-	if (wpa_s->driver->hapd_send_eapol)
-		return wpa_s->driver->hapd_send_eapol(wpa_s->drv_priv, addr,
-						      data, data_len, encrypt,
-						      own_addr, flags);
-	return -1;
-}
-
-static inline int wpa_drv_sta_set_flags(struct wpa_supplicant *wpa_s,
-					const u8 *addr, int total_flags,
-					int flags_or, int flags_and)
-{
-	if (wpa_s->driver->sta_set_flags)
-		return wpa_s->driver->sta_set_flags(wpa_s->drv_priv, addr,
-						    total_flags, flags_or,
-						    flags_and);
-	return -1;
-}
-
-static inline int wpa_drv_set_supp_port(struct wpa_supplicant *wpa_s,
-					int authorized)
-{
-	if (wpa_s->driver->set_supp_port) {
-		return wpa_s->driver->set_supp_port(wpa_s->drv_priv,
-						    authorized);
-	}
-	return 0;
-}
-
-static inline int wpa_drv_send_action(struct wpa_supplicant *wpa_s,
-				      unsigned int freq,
-				      unsigned int wait,
-				      const u8 *dst, const u8 *src,
-				      const u8 *bssid,
-				      const u8 *data, size_t data_len,
-				      int no_cck)
-{
-	if (wpa_s->driver->send_action)
-		return wpa_s->driver->send_action(wpa_s->drv_priv, freq,
-						  wait, dst, src, bssid,
-						  data, data_len, no_cck);
-	return -1;
-}
-
-static inline void wpa_drv_send_action_cancel_wait(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->send_action_cancel_wait)
-		wpa_s->driver->send_action_cancel_wait(wpa_s->drv_priv);
-}
-
-static inline int wpa_drv_set_freq(struct wpa_supplicant *wpa_s,
-				   struct hostapd_freq_params *freq)
-{
-	if (wpa_s->driver->set_freq)
-		return wpa_s->driver->set_freq(wpa_s->drv_priv, freq);
-	return -1;
-}
-
-static inline int wpa_drv_if_add(struct wpa_supplicant *wpa_s,
-				 enum wpa_driver_if_type type,
-				 const char *ifname, const u8 *addr,
-				 void *bss_ctx, char *force_ifname,
-				 u8 *if_addr, const char *bridge)
-{
-	if (wpa_s->driver->if_add)
-		return wpa_s->driver->if_add(wpa_s->drv_priv, type, ifname,
-					     addr, bss_ctx, NULL, force_ifname,
-					     if_addr, bridge, 0, 0);
-	return -1;
-}
-
-static inline int wpa_drv_if_remove(struct wpa_supplicant *wpa_s,
-				    enum wpa_driver_if_type type,
-				    const char *ifname)
-{
-	if (wpa_s->driver->if_remove)
-		return wpa_s->driver->if_remove(wpa_s->drv_priv, type, ifname);
-	return -1;
-}
-
-static inline int wpa_drv_remain_on_channel(struct wpa_supplicant *wpa_s,
-					    unsigned int freq,
-					    unsigned int duration)
-{
-	if (wpa_s->driver->remain_on_channel)
-		return wpa_s->driver->remain_on_channel(wpa_s->drv_priv, freq,
-							duration);
-	return -1;
-}
-
-static inline int wpa_drv_cancel_remain_on_channel(
-	struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->cancel_remain_on_channel)
-		return wpa_s->driver->cancel_remain_on_channel(
-			wpa_s->drv_priv);
-	return -1;
-}
-
-static inline int wpa_drv_probe_req_report(struct wpa_supplicant *wpa_s,
-					   int report)
-{
-	if (wpa_s->driver->probe_req_report)
-		return wpa_s->driver->probe_req_report(wpa_s->drv_priv,
-						       report);
-	return -1;
-}
-
-static inline int wpa_drv_deinit_ap(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->deinit_ap)
-		return wpa_s->driver->deinit_ap(wpa_s->drv_priv);
-	return 0;
-}
-
-static inline int wpa_drv_deinit_p2p_cli(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->deinit_p2p_cli)
-		return wpa_s->driver->deinit_p2p_cli(wpa_s->drv_priv);
-	return 0;
-}
-
-static inline void wpa_drv_suspend(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->suspend)
-		wpa_s->driver->suspend(wpa_s->drv_priv);
-}
-
-static inline void wpa_drv_resume(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver->resume)
-		wpa_s->driver->resume(wpa_s->drv_priv);
-}
-
-static inline int wpa_drv_signal_monitor(struct wpa_supplicant *wpa_s,
-					 int threshold, int hysteresis)
-{
-	if (wpa_s->driver->signal_monitor)
-		return wpa_s->driver->signal_monitor(wpa_s->drv_priv,
-						     threshold, hysteresis);
-	return -1;
-}
-
-int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
-			struct wpa_signal_info *si);
-
-static inline int wpa_drv_channel_info(struct wpa_supplicant *wpa_s,
-				       struct wpa_channel_info *ci)
-{
-	if (wpa_s->driver->channel_info)
-		return wpa_s->driver->channel_info(wpa_s->drv_priv, ci);
-	return -1;
-}
-
-static inline int wpa_drv_pktcnt_poll(struct wpa_supplicant *wpa_s,
-				      struct hostap_sta_driver_data *sta)
-{
-	if (wpa_s->driver->read_sta_data)
-		return wpa_s->driver->read_sta_data(wpa_s->drv_priv, sta,
-						    wpa_s->bssid);
-	return -1;
-}
-
-static inline int wpa_drv_set_ap_wps_ie(struct wpa_supplicant *wpa_s,
-					const struct wpabuf *beacon,
-					const struct wpabuf *proberesp,
-					const struct wpabuf *assocresp)
-{
-	if (!wpa_s->driver->set_ap_wps_ie)
-		return -1;
-	return wpa_s->driver->set_ap_wps_ie(wpa_s->drv_priv, beacon,
-					    proberesp, assocresp);
-}
-
-static inline int wpa_drv_get_noa(struct wpa_supplicant *wpa_s,
-				  u8 *buf, size_t buf_len)
-{
-	if (!wpa_s->driver->get_noa)
-		return -1;
-	return wpa_s->driver->get_noa(wpa_s->drv_priv, buf, buf_len);
-}
-
-static inline int wpa_drv_set_p2p_powersave(struct wpa_supplicant *wpa_s,
-					    int legacy_ps, int opp_ps,
-					    int ctwindow)
-{
-	if (!wpa_s->driver->set_p2p_powersave)
-		return -1;
-	return wpa_s->driver->set_p2p_powersave(wpa_s->drv_priv, legacy_ps,
-						opp_ps, ctwindow);
-}
-
-static inline int wpa_drv_ampdu(struct wpa_supplicant *wpa_s, int ampdu)
-{
-	if (!wpa_s->driver->ampdu)
-		return -1;
-	return wpa_s->driver->ampdu(wpa_s->drv_priv, ampdu);
-}
-
-static inline int wpa_drv_send_tdls_mgmt(struct wpa_supplicant *wpa_s,
-					 const u8 *dst, u8 action_code,
-					 u8 dialog_token, u16 status_code,
-					 u32 peer_capab, int initiator,
-					 const u8 *buf, size_t len)
-{
-	if (wpa_s->driver->send_tdls_mgmt) {
-		return wpa_s->driver->send_tdls_mgmt(wpa_s->drv_priv, dst,
-						     action_code, dialog_token,
-						     status_code, peer_capab,
-						     initiator, buf, len);
-	}
-	return -1;
-}
-
-static inline int wpa_drv_tdls_oper(struct wpa_supplicant *wpa_s,
-				    enum tdls_oper oper, const u8 *peer)
-{
-	if (!wpa_s->driver->tdls_oper)
-		return -1;
-	return wpa_s->driver->tdls_oper(wpa_s->drv_priv, oper, peer);
-}
-
-#ifdef ANDROID
-static inline int wpa_drv_driver_cmd(struct wpa_supplicant *wpa_s,
-				     char *cmd, char *buf, size_t buf_len)
-{
-	if (!wpa_s->driver->driver_cmd)
-		return -1;
-	return wpa_s->driver->driver_cmd(wpa_s->drv_priv, cmd, buf, buf_len);
-}
-#endif /* ANDROID */
-
-static inline void wpa_drv_set_rekey_info(struct wpa_supplicant *wpa_s,
-					  const u8 *kek, size_t kek_len,
-					  const u8 *kck, size_t kck_len,
-					  const u8 *replay_ctr)
-{
-	if (!wpa_s->driver->set_rekey_info)
-		return;
-	wpa_s->driver->set_rekey_info(wpa_s->drv_priv, kek, kek_len,
-				      kck, kck_len, replay_ctr);
-}
-
-static inline int wpa_drv_radio_disable(struct wpa_supplicant *wpa_s,
-					int disabled)
-{
-	if (!wpa_s->driver->radio_disable)
-		return -1;
-	return wpa_s->driver->radio_disable(wpa_s->drv_priv, disabled);
-}
-
-static inline int wpa_drv_switch_channel(struct wpa_supplicant *wpa_s,
-					 struct csa_settings *settings)
-{
-	if (!wpa_s->driver->switch_channel)
-		return -1;
-	return wpa_s->driver->switch_channel(wpa_s->drv_priv, settings);
-}
-
-static inline int wpa_drv_add_ts(struct wpa_supplicant *wpa_s, u8 tsid,
-				 const u8 *address, u8 user_priority,
-				 u16 admitted_time)
-{
-	if (!wpa_s->driver->add_tx_ts)
-		return -1;
-	return wpa_s->driver->add_tx_ts(wpa_s->drv_priv, tsid, address,
-					user_priority, admitted_time);
-}
-
-static inline int wpa_drv_del_ts(struct wpa_supplicant *wpa_s, u8 tid,
-				 const u8 *address)
-{
-	if (!wpa_s->driver->del_tx_ts)
-		return -1;
-	return wpa_s->driver->del_tx_ts(wpa_s->drv_priv, tid, address);
-}
-
-static inline int wpa_drv_tdls_enable_channel_switch(
-	struct wpa_supplicant *wpa_s, const u8 *addr, u8 oper_class,
-	const struct hostapd_freq_params *freq_params)
-{
-	if (!wpa_s->driver->tdls_enable_channel_switch)
-		return -1;
-	return wpa_s->driver->tdls_enable_channel_switch(wpa_s->drv_priv, addr,
-							 oper_class,
-							 freq_params);
-}
-
-static inline int
-wpa_drv_tdls_disable_channel_switch(struct wpa_supplicant *wpa_s,
-				    const u8 *addr)
-{
-	if (!wpa_s->driver->tdls_disable_channel_switch)
-		return -1;
-	return wpa_s->driver->tdls_disable_channel_switch(wpa_s->drv_priv,
-							  addr);
-}
-
-static inline int wpa_drv_wnm_oper(struct wpa_supplicant *wpa_s,
-				   enum wnm_oper oper, const u8 *peer,
-				   u8 *buf, u16 *buf_len)
-{
-	if (!wpa_s->driver->wnm_oper)
-		return -1;
-	return wpa_s->driver->wnm_oper(wpa_s->drv_priv, oper, peer, buf,
-				       buf_len);
-}
-
-static inline int wpa_drv_status(struct wpa_supplicant *wpa_s,
-				 char *buf, size_t buflen)
-{
-	if (!wpa_s->driver->status)
-		return -1;
-	return wpa_s->driver->status(wpa_s->drv_priv, buf, buflen);
-}
-
-static inline int wpa_drv_set_qos_map(struct wpa_supplicant *wpa_s,
-				      const u8 *qos_map_set, u8 qos_map_set_len)
-{
-	if (!wpa_s->driver->set_qos_map)
-		return -1;
-	return wpa_s->driver->set_qos_map(wpa_s->drv_priv, qos_map_set,
-					  qos_map_set_len);
-}
-
-static inline int wpa_drv_get_wowlan(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->driver->get_wowlan)
-		return 0;
-	return wpa_s->driver->get_wowlan(wpa_s->drv_priv);
-}
-
-static inline int wpa_drv_wowlan(struct wpa_supplicant *wpa_s,
-				 const struct wowlan_triggers *triggers)
-{
-	if (!wpa_s->driver->set_wowlan)
-		return -1;
-	return wpa_s->driver->set_wowlan(wpa_s->drv_priv, triggers);
-}
-
-static inline int wpa_drv_vendor_cmd(struct wpa_supplicant *wpa_s,
-				     int vendor_id, int subcmd, const u8 *data,
-				     size_t data_len,
-				     enum nested_attr nested_attr_flag,
-				     struct wpabuf *buf)
-{
-	if (!wpa_s->driver->vendor_cmd)
-		return -1;
-	return wpa_s->driver->vendor_cmd(wpa_s->drv_priv, vendor_id, subcmd,
-					 data, data_len, nested_attr_flag, buf);
-}
-
-static inline int wpa_drv_roaming(struct wpa_supplicant *wpa_s, int allowed,
-				  const u8 *bssid)
-{
-	if (!wpa_s->driver->roaming)
-		return -1;
-	return wpa_s->driver->roaming(wpa_s->drv_priv, allowed, bssid);
-}
-
-static inline int wpa_drv_disable_fils(struct wpa_supplicant *wpa_s,
-				       int disable)
-{
-	if (!wpa_s->driver->disable_fils)
-		return -1;
-	return wpa_s->driver->disable_fils(wpa_s->drv_priv, disable);
-}
-
-static inline int wpa_drv_set_mac_addr(struct wpa_supplicant *wpa_s,
-				       const u8 *addr)
-{
-	if (!wpa_s->driver->set_mac_addr)
-		return -1;
-	return wpa_s->driver->set_mac_addr(wpa_s->drv_priv, addr);
-}
-
-
-#ifdef CONFIG_MACSEC
-
-static inline int wpa_drv_macsec_init(struct wpa_supplicant *wpa_s,
-				      struct macsec_init_params *params)
-{
-	if (!wpa_s->driver->macsec_init)
-		return -1;
-	return wpa_s->driver->macsec_init(wpa_s->drv_priv, params);
-}
-
-static inline int wpa_drv_macsec_deinit(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->driver->macsec_deinit)
-		return -1;
-	return wpa_s->driver->macsec_deinit(wpa_s->drv_priv);
-}
-
-static inline int wpa_drv_macsec_get_capability(struct wpa_supplicant *wpa_s,
-						enum macsec_cap *cap)
-{
-	if (!wpa_s->driver->macsec_get_capability)
-		return -1;
-	return wpa_s->driver->macsec_get_capability(wpa_s->drv_priv, cap);
-}
-
-static inline int wpa_drv_enable_protect_frames(struct wpa_supplicant *wpa_s,
-						bool enabled)
-{
-	if (!wpa_s->driver->enable_protect_frames)
-		return -1;
-	return wpa_s->driver->enable_protect_frames(wpa_s->drv_priv, enabled);
-}
-
-static inline int wpa_drv_enable_encrypt(struct wpa_supplicant *wpa_s,
-						bool enabled)
-{
-	if (!wpa_s->driver->enable_encrypt)
-		return -1;
-	return wpa_s->driver->enable_encrypt(wpa_s->drv_priv, enabled);
-}
-
-static inline int wpa_drv_set_replay_protect(struct wpa_supplicant *wpa_s,
-					     bool enabled, u32 window)
-{
-	if (!wpa_s->driver->set_replay_protect)
-		return -1;
-	return wpa_s->driver->set_replay_protect(wpa_s->drv_priv, enabled,
-						 window);
-}
-
-static inline int wpa_drv_set_current_cipher_suite(struct wpa_supplicant *wpa_s,
-						   u64 cs)
-{
-	if (!wpa_s->driver->set_current_cipher_suite)
-		return -1;
-	return wpa_s->driver->set_current_cipher_suite(wpa_s->drv_priv, cs);
-}
-
-static inline int wpa_drv_enable_controlled_port(struct wpa_supplicant *wpa_s,
-						 bool enabled)
-{
-	if (!wpa_s->driver->enable_controlled_port)
-		return -1;
-	return wpa_s->driver->enable_controlled_port(wpa_s->drv_priv, enabled);
-}
-
-static inline int wpa_drv_get_receive_lowest_pn(struct wpa_supplicant *wpa_s,
-						struct receive_sa *sa)
-{
-	if (!wpa_s->driver->get_receive_lowest_pn)
-		return -1;
-	return wpa_s->driver->get_receive_lowest_pn(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_get_transmit_next_pn(struct wpa_supplicant *wpa_s,
-						struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->get_transmit_next_pn)
-		return -1;
-	return wpa_s->driver->get_transmit_next_pn(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_set_transmit_next_pn(struct wpa_supplicant *wpa_s,
-						struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->set_transmit_next_pn)
-		return -1;
-	return wpa_s->driver->set_transmit_next_pn(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_set_receive_lowest_pn(struct wpa_supplicant *wpa_s,
-						struct receive_sa *sa)
-{
-	if (!wpa_s->driver->set_receive_lowest_pn)
-		return -1;
-	return wpa_s->driver->set_receive_lowest_pn(wpa_s->drv_priv, sa);
-}
-
-static inline int
-wpa_drv_create_receive_sc(struct wpa_supplicant *wpa_s, struct receive_sc *sc,
-			  unsigned int conf_offset, int validation)
-{
-	if (!wpa_s->driver->create_receive_sc)
-		return -1;
-	return wpa_s->driver->create_receive_sc(wpa_s->drv_priv, sc,
-						conf_offset, validation);
-}
-
-static inline int wpa_drv_delete_receive_sc(struct wpa_supplicant *wpa_s,
-					    struct receive_sc *sc)
-{
-	if (!wpa_s->driver->delete_receive_sc)
-		return -1;
-	return wpa_s->driver->delete_receive_sc(wpa_s->drv_priv, sc);
-}
-
-static inline int wpa_drv_create_receive_sa(struct wpa_supplicant *wpa_s,
-					    struct receive_sa *sa)
-{
-	if (!wpa_s->driver->create_receive_sa)
-		return -1;
-	return wpa_s->driver->create_receive_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_delete_receive_sa(struct wpa_supplicant *wpa_s,
-					    struct receive_sa *sa)
-{
-	if (!wpa_s->driver->delete_receive_sa)
-		return -1;
-	return wpa_s->driver->delete_receive_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_enable_receive_sa(struct wpa_supplicant *wpa_s,
-					    struct receive_sa *sa)
-{
-	if (!wpa_s->driver->enable_receive_sa)
-		return -1;
-	return wpa_s->driver->enable_receive_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_disable_receive_sa(struct wpa_supplicant *wpa_s,
-					     struct receive_sa *sa)
-{
-	if (!wpa_s->driver->disable_receive_sa)
-		return -1;
-	return wpa_s->driver->disable_receive_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int
-wpa_drv_create_transmit_sc(struct wpa_supplicant *wpa_s, struct transmit_sc *sc,
-			   unsigned int conf_offset)
-{
-	if (!wpa_s->driver->create_transmit_sc)
-		return -1;
-	return wpa_s->driver->create_transmit_sc(wpa_s->drv_priv, sc,
-						 conf_offset);
-}
-
-static inline int wpa_drv_delete_transmit_sc(struct wpa_supplicant *wpa_s,
-					     struct transmit_sc *sc)
-{
-	if (!wpa_s->driver->delete_transmit_sc)
-		return -1;
-	return wpa_s->driver->delete_transmit_sc(wpa_s->drv_priv, sc);
-}
-
-static inline int wpa_drv_create_transmit_sa(struct wpa_supplicant *wpa_s,
-					     struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->create_transmit_sa)
-		return -1;
-	return wpa_s->driver->create_transmit_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_delete_transmit_sa(struct wpa_supplicant *wpa_s,
-					     struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->delete_transmit_sa)
-		return -1;
-	return wpa_s->driver->delete_transmit_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_enable_transmit_sa(struct wpa_supplicant *wpa_s,
-					     struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->enable_transmit_sa)
-		return -1;
-	return wpa_s->driver->enable_transmit_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_disable_transmit_sa(struct wpa_supplicant *wpa_s,
-					      struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->disable_transmit_sa)
-		return -1;
-	return wpa_s->driver->disable_transmit_sa(wpa_s->drv_priv, sa);
-}
-#endif /* CONFIG_MACSEC */
-
-static inline int wpa_drv_setband(struct wpa_supplicant *wpa_s,
-				  u32 band_mask)
-{
-	if (!wpa_s->driver->set_band)
-		return -1;
-	return wpa_s->driver->set_band(wpa_s->drv_priv, band_mask);
-}
-
-static inline int wpa_drv_get_pref_freq_list(struct wpa_supplicant *wpa_s,
-					     enum wpa_driver_if_type if_type,
-					     unsigned int *num,
-					     unsigned int *freq_list)
-{
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->get_pref_freq_list_override)
-		return wpas_ctrl_iface_get_pref_freq_list_override(
-			wpa_s, if_type, num, freq_list);
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (!wpa_s->driver->get_pref_freq_list)
-		return -1;
-	return wpa_s->driver->get_pref_freq_list(wpa_s->drv_priv, if_type,
-						 num, freq_list);
-}
-
-static inline int wpa_drv_set_prob_oper_freq(struct wpa_supplicant *wpa_s,
-					     unsigned int freq)
-{
-	if (!wpa_s->driver->set_prob_oper_freq)
-		return 0;
-	return wpa_s->driver->set_prob_oper_freq(wpa_s->drv_priv, freq);
-}
-
-static inline int wpa_drv_abort_scan(struct wpa_supplicant *wpa_s,
-				     u64 scan_cookie)
-{
-	if (!wpa_s->driver->abort_scan)
-		return -1;
-	return wpa_s->driver->abort_scan(wpa_s->drv_priv, scan_cookie);
-}
-
-static inline int wpa_drv_configure_frame_filters(struct wpa_supplicant *wpa_s,
-						  u32 filters)
-{
-	if (!wpa_s->driver->configure_data_frame_filters)
-		return -1;
-	return wpa_s->driver->configure_data_frame_filters(wpa_s->drv_priv,
-							   filters);
-}
-
-static inline int wpa_drv_get_ext_capa(struct wpa_supplicant *wpa_s,
-				       enum wpa_driver_if_type type)
-{
-	if (!wpa_s->driver->get_ext_capab)
-		return -1;
-	return wpa_s->driver->get_ext_capab(wpa_s->drv_priv, type,
-					    &wpa_s->extended_capa,
-					    &wpa_s->extended_capa_mask,
-					    &wpa_s->extended_capa_len);
-}
-
-static inline int wpa_drv_p2p_lo_start(struct wpa_supplicant *wpa_s,
-				       unsigned int channel,
-				       unsigned int period,
-				       unsigned int interval,
-				       unsigned int count,
-				       const u8 *device_types,
-				       size_t dev_types_len,
-				       const u8 *ies, size_t ies_len)
-{
-	if (!wpa_s->driver->p2p_lo_start)
-		return -1;
-	return wpa_s->driver->p2p_lo_start(wpa_s->drv_priv, channel, period,
-					   interval, count, device_types,
-					   dev_types_len, ies, ies_len);
-}
-
-static inline int wpa_drv_p2p_lo_stop(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->driver->p2p_lo_stop)
-		return -1;
-	return wpa_s->driver->p2p_lo_stop(wpa_s->drv_priv);
-}
-
-static inline int wpa_drv_set_default_scan_ies(struct wpa_supplicant *wpa_s,
-					       const u8 *ies, size_t len)
-{
-	if (!wpa_s->driver->set_default_scan_ies)
-		return -1;
-	return wpa_s->driver->set_default_scan_ies(wpa_s->drv_priv, ies, len);
-}
-
-static inline int wpa_drv_set_tdls_mode(struct wpa_supplicant *wpa_s,
-					int tdls_external_control)
-{
-	if (!wpa_s->driver->set_tdls_mode)
-		return -1;
-	return wpa_s->driver->set_tdls_mode(wpa_s->drv_priv,
-					    tdls_external_control);
-}
-
-static inline struct wpa_bss_candidate_info *
-wpa_drv_get_bss_trans_status(struct wpa_supplicant *wpa_s,
-			     struct wpa_bss_trans_info *params)
-{
-	if (!wpa_s->driver->get_bss_transition_status)
-		return NULL;
-	return wpa_s->driver->get_bss_transition_status(wpa_s->drv_priv,
-							params);
-}
-
-static inline int wpa_drv_ignore_assoc_disallow(struct wpa_supplicant *wpa_s,
-						int val)
-{
-	if (!wpa_s->driver->ignore_assoc_disallow)
-		return -1;
-	return wpa_s->driver->ignore_assoc_disallow(wpa_s->drv_priv, val);
-}
-
-static inline int wpa_drv_set_bssid_tmp_disallow(struct wpa_supplicant *wpa_s,
-						 unsigned int num_bssid,
-						 const u8 *bssids)
-{
-	if (!wpa_s->driver->set_bssid_tmp_disallow)
-		return -1;
-	return wpa_s->driver->set_bssid_tmp_disallow(wpa_s->drv_priv, num_bssid,
-						     bssids);
-}
-
-static inline int wpa_drv_update_connect_params(
-	struct wpa_supplicant *wpa_s,
-	struct wpa_driver_associate_params *params,
-	enum wpa_drv_update_connect_params_mask mask)
-{
-	if (!wpa_s->driver->update_connect_params)
-		return -1;
-	return wpa_s->driver->update_connect_params(wpa_s->drv_priv, params,
-						    mask);
-}
-
-static inline int
-wpa_drv_send_external_auth_status(struct wpa_supplicant *wpa_s,
-				  struct external_auth *params)
-{
-	if (!wpa_s->driver->send_external_auth_status)
-		return -1;
-	return wpa_s->driver->send_external_auth_status(wpa_s->drv_priv,
-							params);
-}
-
-static inline int wpa_drv_set_4addr_mode(struct wpa_supplicant *wpa_s, int val)
-{
-	if (!wpa_s->driver->set_4addr_mode)
-		return -1;
-	return wpa_s->driver->set_4addr_mode(wpa_s->drv_priv,
-					     wpa_s->bridge_ifname, val);
-}
-
-static inline int wpa_drv_dpp_listen(struct wpa_supplicant *wpa_s, bool enable)
-{
-	if (!wpa_s->driver->dpp_listen)
-		return 0;
-	return wpa_s->driver->dpp_listen(wpa_s->drv_priv, enable);
-}
-
-#endif /* DRIVER_I_H */
diff --git a/wpa_supplicant/eap_proxy_dummy.mak b/wpa_supplicant/eap_proxy_dummy.mak
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/wpa_supplicant/eap_proxy_dummy.mak
+++ /dev/null
diff --git a/wpa_supplicant/eap_proxy_dummy.mk b/wpa_supplicant/eap_proxy_dummy.mk
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/wpa_supplicant/eap_proxy_dummy.mk
+++ /dev/null
diff --git a/wpa_supplicant/eap_register.c b/wpa_supplicant/eap_register.c
deleted file mode 100644
index 3f018c4b3c32..000000000000
--- a/wpa_supplicant/eap_register.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * EAP method registration
- * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eap_peer/eap_methods.h"
-#include "eap_server/eap_methods.h"
-#include "wpa_supplicant_i.h"
-
-
-/**
- * eap_register_methods - Register statically linked EAP methods
- * Returns: 0 on success, -1 or -2 on failure
- *
- * This function is called at program initialization to register all EAP
- * methods that were linked in statically.
- */
-int eap_register_methods(void)
-{
-	int ret = 0;
-
-#ifdef EAP_MD5
-	if (ret == 0)
-		ret = eap_peer_md5_register();
-#endif /* EAP_MD5 */
-
-#ifdef EAP_TLS
-	if (ret == 0)
-		ret = eap_peer_tls_register();
-#endif /* EAP_TLS */
-
-#ifdef EAP_UNAUTH_TLS
-	if (ret == 0)
-		ret = eap_peer_unauth_tls_register();
-#endif /* EAP_UNAUTH_TLS */
-
-#ifdef EAP_TLS
-#ifdef CONFIG_HS20
-	if (ret == 0)
-		ret = eap_peer_wfa_unauth_tls_register();
-#endif /* CONFIG_HS20 */
-#endif /* EAP_TLS */
-
-#ifdef EAP_MSCHAPv2
-	if (ret == 0)
-		ret = eap_peer_mschapv2_register();
-#endif /* EAP_MSCHAPv2 */
-
-#ifdef EAP_PEAP
-	if (ret == 0)
-		ret = eap_peer_peap_register();
-#endif /* EAP_PEAP */
-
-#ifdef EAP_TTLS
-	if (ret == 0)
-		ret = eap_peer_ttls_register();
-#endif /* EAP_TTLS */
-
-#ifdef EAP_GTC
-	if (ret == 0)
-		ret = eap_peer_gtc_register();
-#endif /* EAP_GTC */
-
-#ifdef EAP_OTP
-	if (ret == 0)
-		ret = eap_peer_otp_register();
-#endif /* EAP_OTP */
-
-#ifdef EAP_SIM
-	if (ret == 0)
-		ret = eap_peer_sim_register();
-#endif /* EAP_SIM */
-
-#ifdef EAP_LEAP
-	if (ret == 0)
-		ret = eap_peer_leap_register();
-#endif /* EAP_LEAP */
-
-#ifdef EAP_PSK
-	if (ret == 0)
-		ret = eap_peer_psk_register();
-#endif /* EAP_PSK */
-
-#ifdef EAP_AKA
-	if (ret == 0)
-		ret = eap_peer_aka_register();
-#endif /* EAP_AKA */
-
-#ifdef EAP_AKA_PRIME
-	if (ret == 0)
-		ret = eap_peer_aka_prime_register();
-#endif /* EAP_AKA_PRIME */
-
-#ifdef EAP_FAST
-	if (ret == 0)
-		ret = eap_peer_fast_register();
-#endif /* EAP_FAST */
-
-#ifdef EAP_TEAP
-	if (ret == 0)
-		ret = eap_peer_teap_register();
-#endif /* EAP_TEAP */
-
-#ifdef EAP_PAX
-	if (ret == 0)
-		ret = eap_peer_pax_register();
-#endif /* EAP_PAX */
-
-#ifdef EAP_SAKE
-	if (ret == 0)
-		ret = eap_peer_sake_register();
-#endif /* EAP_SAKE */
-
-#ifdef EAP_GPSK
-	if (ret == 0)
-		ret = eap_peer_gpsk_register();
-#endif /* EAP_GPSK */
-
-#ifdef EAP_WSC
-	if (ret == 0)
-		ret = eap_peer_wsc_register();
-#endif /* EAP_WSC */
-
-#ifdef EAP_IKEV2
-	if (ret == 0)
-		ret = eap_peer_ikev2_register();
-#endif /* EAP_IKEV2 */
-
-#ifdef EAP_VENDOR_TEST
-	if (ret == 0)
-		ret = eap_peer_vendor_test_register();
-#endif /* EAP_VENDOR_TEST */
-
-#ifdef EAP_TNC
-	if (ret == 0)
-		ret = eap_peer_tnc_register();
-#endif /* EAP_TNC */
-
-#ifdef EAP_PWD
-	if (ret == 0)
-		ret = eap_peer_pwd_register();
-#endif /* EAP_PWD */
-
-#ifdef EAP_EKE
-	if (ret == 0)
-		ret = eap_peer_eke_register();
-#endif /* EAP_EKE */
-
-#ifdef EAP_SERVER_IDENTITY
-	if (ret == 0)
-		ret = eap_server_identity_register();
-#endif /* EAP_SERVER_IDENTITY */
-
-#ifdef EAP_SERVER_MD5
-	if (ret == 0)
-		ret = eap_server_md5_register();
-#endif /* EAP_SERVER_MD5 */
-
-#ifdef EAP_SERVER_TLS
-	if (ret == 0)
-		ret = eap_server_tls_register();
-#endif /* EAP_SERVER_TLS */
-
-#ifdef EAP_SERVER_UNAUTH_TLS
-	if (ret == 0)
-		ret = eap_server_unauth_tls_register();
-#endif /* EAP_SERVER_UNAUTH_TLS */
-
-#ifdef EAP_SERVER_MSCHAPV2
-	if (ret == 0)
-		ret = eap_server_mschapv2_register();
-#endif /* EAP_SERVER_MSCHAPV2 */
-
-#ifdef EAP_SERVER_PEAP
-	if (ret == 0)
-		ret = eap_server_peap_register();
-#endif /* EAP_SERVER_PEAP */
-
-#ifdef EAP_SERVER_TLV
-	if (ret == 0)
-		ret = eap_server_tlv_register();
-#endif /* EAP_SERVER_TLV */
-
-#ifdef EAP_SERVER_GTC
-	if (ret == 0)
-		ret = eap_server_gtc_register();
-#endif /* EAP_SERVER_GTC */
-
-#ifdef EAP_SERVER_TTLS
-	if (ret == 0)
-		ret = eap_server_ttls_register();
-#endif /* EAP_SERVER_TTLS */
-
-#ifdef EAP_SERVER_SIM
-	if (ret == 0)
-		ret = eap_server_sim_register();
-#endif /* EAP_SERVER_SIM */
-
-#ifdef EAP_SERVER_AKA
-	if (ret == 0)
-		ret = eap_server_aka_register();
-#endif /* EAP_SERVER_AKA */
-
-#ifdef EAP_SERVER_AKA_PRIME
-	if (ret == 0)
-		ret = eap_server_aka_prime_register();
-#endif /* EAP_SERVER_AKA_PRIME */
-
-#ifdef EAP_SERVER_PAX
-	if (ret == 0)
-		ret = eap_server_pax_register();
-#endif /* EAP_SERVER_PAX */
-
-#ifdef EAP_SERVER_PSK
-	if (ret == 0)
-		ret = eap_server_psk_register();
-#endif /* EAP_SERVER_PSK */
-
-#ifdef EAP_SERVER_SAKE
-	if (ret == 0)
-		ret = eap_server_sake_register();
-#endif /* EAP_SERVER_SAKE */
-
-#ifdef EAP_SERVER_GPSK
-	if (ret == 0)
-		ret = eap_server_gpsk_register();
-#endif /* EAP_SERVER_GPSK */
-
-#ifdef EAP_SERVER_VENDOR_TEST
-	if (ret == 0)
-		ret = eap_server_vendor_test_register();
-#endif /* EAP_SERVER_VENDOR_TEST */
-
-#ifdef EAP_SERVER_FAST
-	if (ret == 0)
-		ret = eap_server_fast_register();
-#endif /* EAP_SERVER_FAST */
-
-#ifdef EAP_SERVER_TEAP
-	if (ret == 0)
-		ret = eap_server_teap_register();
-#endif /* EAP_SERVER_TEAP */
-
-#ifdef EAP_SERVER_WSC
-	if (ret == 0)
-		ret = eap_server_wsc_register();
-#endif /* EAP_SERVER_WSC */
-
-#ifdef EAP_SERVER_IKEV2
-	if (ret == 0)
-		ret = eap_server_ikev2_register();
-#endif /* EAP_SERVER_IKEV2 */
-
-#ifdef EAP_SERVER_TNC
-	if (ret == 0)
-		ret = eap_server_tnc_register();
-#endif /* EAP_SERVER_TNC */
-
-#ifdef EAP_SERVER_PWD
-	if (ret == 0)
-		ret = eap_server_pwd_register();
-#endif /* EAP_SERVER_PWD */
-
-	return ret;
-}
diff --git a/wpa_supplicant/eap_testing.txt b/wpa_supplicant/eap_testing.txt
deleted file mode 100644
index 8d132223f6a0..000000000000
--- a/wpa_supplicant/eap_testing.txt
+++ /dev/null
@@ -1,392 +0,0 @@
-Automatic regression and interoperability testing of wpa_supplicant's
-IEEE 802.1X/EAPOL authentication
-
-Test program:
-- Linked some parts of IEEE 802.1X Authenticator implementation from
-  hostapd (RADIUS client and RADIUS processing, EAP<->RADIUS
-  encapsulation/decapsulation) into wpa_supplicant.
-- Replaced wpa_supplicant.c and wpa.c with test code that trigger
-  IEEE 802.1X authentication automatically without need for wireless
-  client card or AP.
-- For EAP methods that generate keying material, the key derived by the
-  Supplicant is verified to match with the one received by the (now
-  integrated) Authenticator.
-
-The full automated test suite can now be run in couple of seconds, but
-I'm more than willing to add new RADIUS authentication servers to make
-this take a bit more time.. ;-) As an extra bonus, this can also be
-seen as automatic regression/interoperability testing for the RADIUS
-server, too.
-
-In order for me to be able to use a new authentication server, the
-server need to be available from Internet (at least from one static IP
-address) and I will need to get suitable user name/password pairs,
-certificates, and private keys for testing use. Other alternative
-would be to get an evaluation version of the server so that I can
-install it on my own test setup. If you are interested in providing
-either server access or evaluation version, please contact me
-(j@w1.fi).
-
-
-Test matrix
-
-+) tested successfully
-F) failed
--) server did not support
-?) not tested
-
-Cisco ACS ----------------------------------------------------------.
-hostapd --------------------------------------------------------.   |
-Cisco Aironet 1200 AP (local RADIUS server) ----------------.   |   |
-Periodik Labs Elektron ---------------------------------.   |   |   |
-Lucent NavisRadius ---------------------------------.   |   |   |   |
-Interlink RAD-Series ---------------------------.   |   |   |   |   |
-Radiator -----------------------------------.   |   |   |   |   |   |
-Meetinghouse Aegis ---------------------.   |   |   |   |   |   |   |
-Funk Steel-Belted ------------------.   |   |   |   |   |   |   |   |
-Funk Odyssey -------------------.   |   |   |   |   |   |   |   |   |
-Microsoft IAS --------------.   |   |   |   |   |   |   |   |   |   |
-FreeRADIUS -------------.   |   |   |   |   |   |   |   |   |   |   |
-			|   |   |   |   |   |   |   |   |   |   |   |
-
-EAP-MD5			+   -   -   +   +   +   +   +   -   -   +   +
-EAP-GTC			+   -   -   ?   +   +   +   +   -   -   +   -
-EAP-OTP			-   -   -   -   -   +   -   -   -   -   -   -
-EAP-MSCHAPv2		+   -   -   +   +   +   +   +   -   -   +   -
-EAP-TLS			+   +   +   +   +   +   +   +   -   -   +   +
-EAP-PEAPv0/MSCHAPv2	+   +   +   +   +   +   +   +   +   -   +   +
-EAP-PEAPv0/GTC		+   -   +   -   +   +   +   +   -   -   +   +
-EAP-PEAPv0/OTP		-   -   -   -   -   +   -   -   -   -   -   -
-EAP-PEAPv0/MD5		+   -   -   +   +   +   +   +   -   -   +   -
-EAP-PEAPv0/TLS		+   +   -   +   +   +   F   +   -   -   +   +
-EAP-PEAPv0/SIM		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv0/AKA		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv0/PSK		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv0/PAX		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv0/SAKE		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv0/GPSK		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv1/MSCHAPv2	-   -   +   +   +   +1  +   +5  +8  -   +   +
-EAP-PEAPv1/GTC		-   -   +   +   +   +1  +   +5  +8  -   +   +
-EAP-PEAPv1/OTP		-   -   -   -   -   +1  -   -   -   -   -   -
-EAP-PEAPv1/MD5		-   -   -   +   +   +1  +   +5  -   -   +   -
-EAP-PEAPv1/TLS		-   -   -   +   +   +1  F   +5  -   -   +   +
-EAP-PEAPv1/SIM		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv1/AKA		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv1/PSK		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv1/PAX		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv1/SAKE		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PEAPv1/GPSK		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS/CHAP		+   -   +2  +   +   +   +   +   +   -   +   -
-EAP-TTLS/MSCHAP		+   -   +   +   +   +   +   +   +   -   +   -
-EAP-TTLS/MSCHAPv2	+   -   +   +   +   +   +   +   +   -   +   -
-EAP-TTLS/PAP		+   -   +   +   +   +   +   +   +   -   +   -
-EAP-TTLS/EAP-MD5	+   -   +2  +   +   +   +   +   +   -   +   -
-EAP-TTLS/EAP-GTC	+   -   +2  ?   +   +   +   +   -   -   +   -
-EAP-TTLS/EAP-OTP	-   -   -   -   -   +   -   -   -   -   -   -
-EAP-TTLS/EAP-MSCHAPv2	+   -   +2  +   +   +   +   +   +   -   +   -
-EAP-TTLS/EAP-TLS	+   -   +2  +   F   +   +   +   -   -   +   -
-EAP-TTLS/EAP-SIM	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS/EAP-AKA	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS/EAP-PSK	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS/EAP-PAX	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS/EAP-SAKE	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS/EAP-GPSK	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-TTLS + TNC		-   -   -   -   -   +   -   -   -   -   +   -
-EAP-SIM			+   -   -   ?   -   +   -   ?   -   -   +   -
-EAP-AKA			-   -   -   -   -   +   -   -   -   -   +   -
-EAP-AKA'		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-PSK			+7  -   -   -   -   +   -   -   -   -   +   -
-EAP-PAX			-   -   -   -   -   +   -   -   -   -   +   -
-EAP-SAKE		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-GPSK		-   -   -   -   -   -   -   -   -   -   +   -
-EAP-FAST/MSCHAPv2(prov)	-   -   -   +   -   +   -   -   -   +   +   +
-EAP-FAST/GTC(auth)	-   -   -   +   -   +   -   -   -   +   +   +
-EAP-FAST/MSCHAPv2(aprov)-   -   -   -   -   +   -   -   -   -   +   +
-EAP-FAST/GTC(aprov)	-   -   -   -   -   +   -   -   -   -   +   +
-EAP-FAST/MD5(aprov)	-   -   -   -   -   +   -   -   -   -   +   -
-EAP-FAST/TLS(aprov)	-   -   -   -   -   -   -   -   -   -   +   +
-EAP-FAST/SIM(aprov)	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-FAST/AKA(aprov)	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-FAST/MSCHAPv2(auth)	-   -   -   -   -   +   -   -   -   -   +   +
-EAP-FAST/MD5(auth)	-   -   -   -   -   +   -   -   -   -   +   -
-EAP-FAST/TLS(auth)	-   -   -   -   -   -   -   -   -   -   +   +
-EAP-FAST/SIM(auth)	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-FAST/AKA(auth)	-   -   -   -   -   -   -   -   -   -   +   -
-EAP-FAST + TNC		-   -   -   -   -   -   -   -   -   -   +   -
-LEAP			+   -   +   +   +   +   F   +6  -   +   -   +
-EAP-TNC			+9  -   -   -   -   +   -   -   -   -   +   -
-EAP-IKEv2		+10 -   -   -   -   -   -   -   -   -   +   -
-
-1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP
-   encryption", during key derivation (requires phase1="peaplabel=1" in the
-   network configuration in wpa_supplicant.conf)
-2) used FreeRADIUS as inner auth server
-5) PEAPv1 required termination of negotiation on tunneled EAP-Success and new
-   label in key deriviation
-   (phase1="peap_outer_success=0 peaplabel=1") (in "IETF Draft 5" mode)
-6) Authenticator simulator required patching for handling Access-Accept within
-   negotiation (for the first EAP-Success of LEAP)
-7) tested only with an older (incompatible) draft of EAP-PSK; FreeRADIUS does
-   not support the current EAP-PSK (RFC) specification
-8) PEAPv1 used non-standard version negotiation (client had to force v1 even
-   though server reported v0 as the highest supported version)
-9) only EAP-TTLS/EAP-TNC tested, i.e., test did not include proper sequence of
-   client authentication followed by TNC inside the tunnel
-10) worked only with special compatibility code to match the IKEv2 server
-    implementation
-
-
-Automated tests:
-
-FreeRADIUS (2.0-beta/CVS snapshot)
-- EAP-MD5-Challenge
-- EAP-GTC
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv0 / MD5-Challenge
-- EAP-PEAPv0 / TLS
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-GTC
-- EAP-TTLS / EAP-MSCHAPv2
-- EAP-TTLS / EAP-TLS
-- EAP-TTLS / CHAP
-- EAP-TTLS / PAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / EAP-TNC (partial support; no authentication sequence)
-- EAP-SIM
-- LEAP
-
-Microsoft Windows Server 2003 / IAS
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / TLS
-- EAP-MD5
-* IAS does not seem to support other EAP methods
-
-Funk Odyssey 2.01.00.653
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / GTC
-  Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
-- EAP-TTLS / CHAP (using FreeRADIUS as inner auth srv)
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge (using FreeRADIUS as inner auth srv)
-- EAP-TTLS / EAP-GTC (using FreeRADIUS as inner auth srv)
-- EAP-TTLS / EAP-MSCHAPv2 (using FreeRADIUS as inner auth srv)
-- EAP-TTLS / EAP-TLS (using FreeRADIUS as inner auth srv)
-* not supported in Odyssey:
-  - EAP-MD5-Challenge
-  - EAP-GTC
-  - EAP-MSCHAPv2
-  - EAP-PEAP / MD5-Challenge
-  - EAP-PEAP / TLS
-
-Funk Steel-Belted Radius Enterprise Edition v4.71.739
-- EAP-MD5-Challenge
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / MD5
-- EAP-PEAPv0 / TLS
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / MD5
-- EAP-PEAPv1 / GTC
-- EAP-PEAPv1 / TLS
-  Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
-- EAP-TTLS / CHAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-MSCHAPv2
-- EAP-TTLS / EAP-TLS
-
-Meetinghouse Aegis 1.1.4
-- EAP-MD5-Challenge
-- EAP-GTC
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / TLS
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv0 / MD5-Challenge
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / TLS
-- EAP-PEAPv1 / GTC
-- EAP-PEAPv1 / MD5-Challenge
-  Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
-- EAP-TTLS / CHAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-GTC
-- EAP-TTLS / EAP-MSCHAPv2
-* did not work
-  - EAP-TTLS / EAP-TLS
-    (Server rejects authentication without any reason in debug log. It
-     looks like the inner TLS negotiation starts properly and the last
-     packet from Supplicant looks like the one sent in the Phase 1. The
-     server generates a valid looking reply in the same way as in Phase
-     1, but then ends up sending Access-Reject. Maybe an issue with TTLS
-     fragmentation in the Aegis server(?) The packet seems to include
-     1328 bytes of EAP-Message and this may go beyond the fragmentation
-     limit with AVP encapsulation and TLS tunneling. Note: EAP-PEAP/TLS
-     did work, so this issue seems to be with something TTLS specific.)
-
-Radiator 3.17.1 (eval, with all patches up to and including 2007-05-25)
-- EAP-MD5-Challenge
-- EAP-GTC
-- EAP-OTP
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv0 / OTP
-- EAP-PEAPv0 / MD5-Challenge
-- EAP-PEAPv0 / TLS
-  Note: Needed to use unknown identity in outer auth and some times the server
-	seems to get confused and fails to send proper Phase 2 data.
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / GTC
-- EAP-PEAPv1 / OTP
-- EAP-PEAPv1 / MD5-Challenge
-- EAP-PEAPv1 / TLS
-  Note: This has some additional requirements for EAPTLS_MaxFragmentSize.
-        Using 1300 for outer auth and 500 for inner auth seemed to work.
-  Note: Needed to use unknown identity in outer auth and some times the server
-	seems to get confused and fails to send proper Phase 2 data.
-- EAP-TTLS / CHAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-GTC
-- EAP-TTLS / EAP-OTP
-- EAP-TTLS / EAP-MSCHAPv2
-- EAP-TTLS / EAP-TLS
-  Note: This has some additional requirements for EAPTLS_MaxFragmentSize.
-        Using 1300 for outer auth and 500 for inner auth seemed to work.
-- EAP-SIM
-- EAP-AKA
-- EAP-PSK
-- EAP-PAX
-- EAP-TNC
-
-Interlink Networks RAD-Series 6.1.2.7
-- EAP-MD5-Challenge
-- EAP-GTC
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv0 / MD5-Challenge
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / GTC
-- EAP-PEAPv1 / MD5-Challenge
-  Note: PEAPv1 requires TLS key derivation to use label "client EAP encryption"
-- EAP-TTLS / CHAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-GTC
-- EAP-TTLS / EAP-MSCHAPv2
-- EAP-TTLS / EAP-TLS
-* did not work
-  - EAP-PEAPv0 / TLS
-  - EAP-PEAPv1 / TLS
-    (Failed to decrypt Phase 2 data)
-
-Lucent NavisRadius 4.4.0
-- EAP-MD5-Challenge
-- EAP-GTC
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MD5-Challenge
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv0 / TLS
-- EAP-PEAPv1 / MD5-Challenge
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / GTC
-- EAP-PEAPv1 / TLS
-  "IETF Draft 5" mode requires phase1="peap_outer_success=0 peaplabel=1"
-  'Cisco ACU 5.05' mode works without phase1 configuration
-- EAP-TTLS / CHAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-MSCHAPv2
-- EAP-TTLS / EAP-GTC
-- EAP-TTLS / EAP-TLS
-
-Note: user certificate from NavisRadius had private key in a format
-that wpa_supplicant could not use. Converting this to PKCS#12 and then
-back to PEM allowed wpa_supplicant to use the key.
-
-
-hostapd v0.3.3
-- EAP-MD5-Challenge
-- EAP-GTC
-- EAP-MSCHAPv2
-- EAP-TLS
-- EAP-PEAPv0 / MSCHAPv2
-- EAP-PEAPv0 / GTC
-- EAP-PEAPv0 / MD5-Challenge
-- EAP-PEAPv1 / MSCHAPv2
-- EAP-PEAPv1 / GTC
-- EAP-PEAPv1 / MD5-Challenge
-- EAP-TTLS / CHAP
-- EAP-TTLS / MSCHAP
-- EAP-TTLS / MSCHAPv2
-- EAP-TTLS / PAP
-- EAP-TTLS / EAP-MD5-Challenge
-- EAP-TTLS / EAP-GTC
-- EAP-TTLS / EAP-MSCHAPv2
-- EAP-SIM
-- EAP-PAX
-
-PEAPv1:
-
-Funk Odyssey 2.01.00.653:
-- uses tunneled EAP-Success, expects reply in tunnel or TLS ACK, sends MPPE
-  keys with outer EAP-Success message after this
-- uses label "client EAP encryption"
-- (peap_outer_success 1 and 2 work)
-
-Funk Steel-Belted Radius Enterprise Edition v4.71.739
-- uses tunneled EAP-Success, expects reply in tunnel or TLS ACK, sends MPPE
-  keys with outer EAP-Success message after this
-- uses label "client EAP encryption"
-- (peap_outer_success 1 and 2 work)
-
-Radiator 3.9:
-- uses TLV Success and Reply, sends MPPE keys with outer EAP-Success message
-  after this
-- uses label "client PEAP encryption"
-
-Lucent NavisRadius 4.4.0 (in "IETF Draft 5" mode):
-- sends tunneled EAP-Success with MPPE keys and expects the authentication to
-  terminate at this point (gets somewhat confused with reply to this)
-- uses label "client PEAP encryption"
-- phase1="peap_outer_success=0 peaplabel=1"
-
-Lucent NavisRadius 4.4.0 (in "Cisco ACU 5.05" mode):
-- sends tunneled EAP-Success with MPPE keys and expects to receive TLS ACK
-  as a reply
-- uses label "client EAP encryption"
-
-Meetinghouse Aegis 1.1.4
-- uses tunneled EAP-Success, expects reply in tunnel or TLS ACK, sends MPPE
-  keys with outer EAP-Success message after this
-- uses label "client EAP encryption"
-- peap_outer_success 1 and 2 work
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
deleted file mode 100644
index e256ac50eec4..000000000000
--- a/wpa_supplicant/eapol_test.c
+++ /dev/null
@@ -1,1555 +0,0 @@
-/*
- * WPA Supplicant - test code
- * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
- * Not used in production version.
- */
-
-#include "includes.h"
-#include <assert.h>
-
-#include "common.h"
-#include "utils/ext_password.h"
-#include "common/version.h"
-#include "crypto/tls.h"
-#include "config.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "eap_peer/eap.h"
-#include "eap_server/eap_methods.h"
-#include "eloop.h"
-#include "utils/base64.h"
-#include "rsn_supp/wpa.h"
-#include "wpa_supplicant_i.h"
-#include "radius/radius.h"
-#include "radius/radius_client.h"
-#include "common/wpa_ctrl.h"
-#include "ctrl_iface.h"
-#include "pcsc_funcs.h"
-#include "wpas_glue.h"
-
-
-const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
-
-
-struct extra_radius_attr {
-	u8 type;
-	char syntax;
-	char *data;
-	struct extra_radius_attr *next;
-};
-
-struct eapol_test_data {
-	struct wpa_supplicant *wpa_s;
-
-	int eapol_test_num_reauths;
-	int no_mppe_keys;
-	int num_mppe_ok, num_mppe_mismatch;
-	int req_eap_key_name;
-
-	u8 radius_identifier;
-	struct radius_msg *last_recv_radius;
-	struct in_addr own_ip_addr;
-	struct radius_client_data *radius;
-	struct hostapd_radius_servers *radius_conf;
-
-	 /* last received EAP Response from Authentication Server */
-	struct wpabuf *last_eap_radius;
-
-	u8 authenticator_pmk[PMK_LEN];
-	size_t authenticator_pmk_len;
-	u8 authenticator_eap_key_name[256];
-	size_t authenticator_eap_key_name_len;
-	int radius_access_accept_received;
-	int radius_access_reject_received;
-	int auth_timed_out;
-
-	u8 *eap_identity;
-	size_t eap_identity_len;
-
-	char *connect_info;
-	u8 own_addr[ETH_ALEN];
-	struct extra_radius_attr *extra_attrs;
-
-	FILE *server_cert_file;
-
-	const char *pcsc_reader;
-	const char *pcsc_pin;
-
-	unsigned int ctrl_iface:1;
-	unsigned int id_req_sent:1;
-};
-
-static struct eapol_test_data eapol_test;
-
-
-static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx);
-
-
-static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
-			      int level, const char *txt, size_t len)
-{
-	if (addr)
-		wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n",
-			   MAC2STR(addr), txt);
-	else
-		wpa_printf(MSG_DEBUG, "%s", txt);
-}
-
-
-static int add_extra_attr(struct radius_msg *msg,
-			  struct extra_radius_attr *attr)
-{
-	size_t len;
-	char *pos;
-	u32 val;
-	char buf[RADIUS_MAX_ATTR_LEN + 1];
-
-	switch (attr->syntax) {
-	case 's':
-		os_snprintf(buf, sizeof(buf), "%s", attr->data);
-		len = os_strlen(buf);
-		break;
-	case 'n':
-		buf[0] = '\0';
-		len = 1;
-		break;
-	case 'x':
-		pos = attr->data;
-		if (pos[0] == '0' && pos[1] == 'x')
-			pos += 2;
-		len = os_strlen(pos);
-		if ((len & 1) || (len / 2) > RADIUS_MAX_ATTR_LEN) {
-			printf("Invalid extra attribute hexstring\n");
-			return -1;
-		}
-		len /= 2;
-		if (hexstr2bin(pos, (u8 *) buf, len) < 0) {
-			printf("Invalid extra attribute hexstring\n");
-			return -1;
-		}
-		break;
-	case 'd':
-		val = htonl(atoi(attr->data));
-		os_memcpy(buf, &val, 4);
-		len = 4;
-		break;
-	default:
-		printf("Incorrect extra attribute syntax specification\n");
-		return -1;
-	}
-
-	if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) {
-		printf("Could not add attribute %d\n", attr->type);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int add_extra_attrs(struct radius_msg *msg,
-			   struct extra_radius_attr *attrs)
-{
-	struct extra_radius_attr *p;
-	for (p = attrs; p; p = p->next) {
-		if (add_extra_attr(msg, p) < 0)
-			return -1;
-	}
-	return 0;
-}
-
-
-static struct extra_radius_attr *
-find_extra_attr(struct extra_radius_attr *attrs, u8 type)
-{
-	struct extra_radius_attr *p;
-	for (p = attrs; p; p = p->next) {
-		if (p->type == type)
-			return p;
-	}
-	return NULL;
-}
-
-
-static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
-					  const u8 *eap, size_t len)
-{
-	struct radius_msg *msg;
-	char buf[RADIUS_MAX_ATTR_LEN + 1];
-	const struct eap_hdr *hdr;
-	const u8 *pos;
-
-	wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
-		   "packet");
-
-	e->radius_identifier = radius_client_get_id(e->radius);
-	msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
-			     e->radius_identifier);
-	if (msg == NULL) {
-		printf("Could not create net RADIUS packet\n");
-		return;
-	}
-
-	radius_msg_make_authenticator(msg);
-
-	hdr = (const struct eap_hdr *) eap;
-	pos = (const u8 *) (hdr + 1);
-	if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE &&
-	    pos[0] == EAP_TYPE_IDENTITY) {
-		pos++;
-		os_free(e->eap_identity);
-		e->eap_identity_len = len - sizeof(*hdr) - 1;
-		e->eap_identity = os_malloc(e->eap_identity_len);
-		if (e->eap_identity) {
-			os_memcpy(e->eap_identity, pos, e->eap_identity_len);
-			wpa_hexdump(MSG_DEBUG, "Learned identity from "
-				    "EAP-Response-Identity",
-				    e->eap_identity, e->eap_identity_len);
-		}
-	}
-
-	if (e->eap_identity &&
-	    !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
-				 e->eap_identity, e->eap_identity_len)) {
-		printf("Could not add User-Name\n");
-		goto fail;
-	}
-
-	if (e->req_eap_key_name &&
-	    !radius_msg_add_attr(msg, RADIUS_ATTR_EAP_KEY_NAME, (u8 *) "\0",
-				 1)) {
-		printf("Could not add EAP-Key-Name\n");
-		goto fail;
-	}
-
-	if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
-	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
-				 (u8 *) &e->own_ip_addr, 4)) {
-		printf("Could not add NAS-IP-Address\n");
-		goto fail;
-	}
-
-	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
-		    MAC2STR(e->wpa_s->own_addr));
-	if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID)
-	    &&
-	    !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
-				 (u8 *) buf, os_strlen(buf))) {
-		printf("Could not add Calling-Station-Id\n");
-		goto fail;
-	}
-
-	/* TODO: should probably check MTU from driver config; 2304 is max for
-	 * IEEE 802.11, but use 1400 to avoid problems with too large packets
-	 */
-	if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) &&
-	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
-		printf("Could not add Framed-MTU\n");
-		goto fail;
-	}
-
-	if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) &&
-	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
-				       RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
-		printf("Could not add NAS-Port-Type\n");
-		goto fail;
-	}
-
-	if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_SERVICE_TYPE) &&
-	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_SERVICE_TYPE,
-				       RADIUS_SERVICE_TYPE_FRAMED)) {
-		printf("Could not add Service-Type\n");
-		goto fail;
-	}
-
-	os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
-	if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) &&
-	    !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
-				 (u8 *) buf, os_strlen(buf))) {
-		printf("Could not add Connect-Info\n");
-		goto fail;
-	}
-
-	if (add_extra_attrs(msg, e->extra_attrs) < 0)
-		goto fail;
-
-	if (eap && !radius_msg_add_eap(msg, eap, len)) {
-		printf("Could not add EAP-Message\n");
-		goto fail;
-	}
-
-	/* State attribute must be copied if and only if this packet is
-	 * Access-Request reply to the previous Access-Challenge */
-	if (e->last_recv_radius &&
-	    radius_msg_get_hdr(e->last_recv_radius)->code ==
-	    RADIUS_CODE_ACCESS_CHALLENGE) {
-		int res = radius_msg_copy_attr(msg, e->last_recv_radius,
-					       RADIUS_ATTR_STATE);
-		if (res < 0) {
-			printf("Could not copy State attribute from previous "
-			       "Access-Challenge\n");
-			goto fail;
-		}
-		if (res > 0) {
-			wpa_printf(MSG_DEBUG, "  Copied RADIUS State "
-				   "Attribute");
-		}
-	}
-
-	if (radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr)
-	    < 0)
-		goto fail;
-	return;
-
- fail:
-	radius_msg_free(msg);
-}
-
-
-static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf,
-				 size_t len)
-{
-	printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n",
-	       type, (unsigned long) len);
-	if (type == IEEE802_1X_TYPE_EAP_PACKET) {
-		wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len);
-		ieee802_1x_encapsulate_radius(&eapol_test, buf, len);
-	}
-	return 0;
-}
-
-
-static void eapol_test_set_config_blob(void *ctx,
-				       struct wpa_config_blob *blob)
-{
-	struct eapol_test_data *e = ctx;
-	wpa_config_set_blob(e->wpa_s->conf, blob);
-}
-
-
-static const struct wpa_config_blob *
-eapol_test_get_config_blob(void *ctx, const char *name)
-{
-	struct eapol_test_data *e = ctx;
-	return wpa_config_get_blob(e->wpa_s->conf, name);
-}
-
-
-static void eapol_test_eapol_done_cb(void *ctx)
-{
-	struct eapol_test_data *e = ctx;
-
-	printf("WPA: EAPOL processing complete\n");
-	wpa_supplicant_cancel_auth_timeout(e->wpa_s);
-	wpa_supplicant_set_state(e->wpa_s, WPA_COMPLETED);
-}
-
-
-static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
-{
-	struct eapol_test_data *e = eloop_ctx;
-	printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
-	e->radius_access_accept_received = 0;
-	send_eap_request_identity(e->wpa_s, NULL);
-}
-
-
-static int eapol_test_compare_pmk(struct eapol_test_data *e)
-{
-	u8 pmk[PMK_LEN];
-	int ret = 1;
-	const u8 *sess_id;
-	size_t sess_id_len;
-
-	if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
-		wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
-		if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) {
-			printf("WARNING: PMK mismatch\n");
-			wpa_hexdump(MSG_DEBUG, "PMK from AS",
-				    e->authenticator_pmk, PMK_LEN);
-		} else if (e->radius_access_accept_received)
-			ret = 0;
-	} else if (e->authenticator_pmk_len == 16 &&
-		   eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) {
-		wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16);
-		if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) {
-			printf("WARNING: PMK mismatch\n");
-			wpa_hexdump(MSG_DEBUG, "PMK from AS",
-				    e->authenticator_pmk, 16);
-		} else if (e->radius_access_accept_received)
-			ret = 0;
-	} else if (e->radius_access_accept_received && e->no_mppe_keys) {
-		/* No keying material expected */
-		ret = 0;
-	}
-
-	if (ret && !e->no_mppe_keys)
-		e->num_mppe_mismatch++;
-	else if (!e->no_mppe_keys)
-		e->num_mppe_ok++;
-
-	sess_id = eapol_sm_get_session_id(e->wpa_s->eapol, &sess_id_len);
-	if (!sess_id)
-		return ret;
-	if (e->authenticator_eap_key_name_len == 0) {
-		wpa_printf(MSG_INFO, "No EAP-Key-Name received from server");
-		return ret;
-	}
-
-	if (e->authenticator_eap_key_name_len != sess_id_len ||
-	    os_memcmp(e->authenticator_eap_key_name, sess_id, sess_id_len) != 0)
-	{
-		wpa_printf(MSG_INFO,
-			   "Locally derived EAP Session-Id does not match EAP-Key-Name from server");
-		wpa_hexdump(MSG_DEBUG, "EAP Session-Id", sess_id, sess_id_len);
-		wpa_hexdump(MSG_DEBUG, "EAP-Key-Name from server",
-			    e->authenticator_eap_key_name,
-			    e->authenticator_eap_key_name_len);
-	} else {
-		wpa_printf(MSG_INFO,
-			   "Locally derived EAP Session-Id matches EAP-Key-Name from server");
-	}
-
-	return ret;
-}
-
-
-static void eapol_sm_cb(struct eapol_sm *eapol, enum eapol_supp_result result,
-			void *ctx)
-{
-	struct eapol_test_data *e = ctx;
-	printf("eapol_sm_cb: result=%d\n", result);
-	e->id_req_sent = 0;
-	if (e->ctrl_iface)
-		return;
-	e->eapol_test_num_reauths--;
-	if (e->eapol_test_num_reauths < 0)
-		eloop_terminate();
-	else {
-		eapol_test_compare_pmk(e);
-		eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL);
-	}
-}
-
-
-static void eapol_test_write_cert(FILE *f, const char *subject,
-				  const struct wpabuf *cert)
-{
-	char *encoded;
-
-	encoded = base64_encode(wpabuf_head(cert), wpabuf_len(cert), NULL);
-	if (encoded == NULL)
-		return;
-	fprintf(f, "%s\n-----BEGIN CERTIFICATE-----\n%s"
-		"-----END CERTIFICATE-----\n\n", subject, encoded);
-	os_free(encoded);
-}
-
-
-#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
-static void eapol_test_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field,
-					const char *default_txt)
-{
-	struct eapol_test_data *e = ctx;
-	struct wpa_supplicant *wpa_s = e->wpa_s;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	const char *field_name, *txt = NULL;
-	char *buf;
-	size_t buflen;
-	int len;
-
-	if (ssid == NULL)
-		return;
-
-	field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt,
-						       &txt);
-	if (field_name == NULL) {
-		wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed",
-			   field);
-		return;
-	}
-
-	buflen = 100 + os_strlen(txt) + ssid->ssid_len;
-	buf = os_malloc(buflen);
-	if (buf == NULL)
-		return;
-	len = os_snprintf(buf, buflen,
-			  WPA_CTRL_REQ "%s-%d:%s needed for SSID ",
-			  field_name, ssid->id, txt);
-	if (os_snprintf_error(buflen, len)) {
-		os_free(buf);
-		return;
-	}
-	if (ssid->ssid && buflen > len + ssid->ssid_len) {
-		os_memcpy(buf + len, ssid->ssid, ssid->ssid_len);
-		len += ssid->ssid_len;
-		buf[len] = '\0';
-	}
-	buf[buflen - 1] = '\0';
-	wpa_msg(wpa_s, MSG_INFO, "%s", buf);
-	os_free(buf);
-}
-#else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-#define eapol_test_eap_param_needed NULL
-#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-
-
-static void eapol_test_cert_cb(void *ctx, struct tls_cert_data *cert,
-			       const char *cert_hash)
-{
-	struct eapol_test_data *e = ctx;
-	int i;
-
-	wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
-		"depth=%d subject='%s'%s%s",
-		cert->depth, cert->subject,
-		cert_hash ? " hash=" : "",
-		cert_hash ? cert_hash : "");
-
-	if (cert->cert) {
-		char *cert_hex;
-		size_t len = wpabuf_len(cert->cert) * 2 + 1;
-		cert_hex = os_malloc(len);
-		if (cert_hex) {
-			wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert),
-					 wpabuf_len(cert->cert));
-			wpa_msg_ctrl(e->wpa_s, MSG_INFO,
-				     WPA_EVENT_EAP_PEER_CERT
-				     "depth=%d subject='%s' cert=%s",
-				     cert->depth, cert->subject, cert_hex);
-			os_free(cert_hex);
-		}
-
-		if (e->server_cert_file)
-			eapol_test_write_cert(e->server_cert_file,
-					      cert->subject, cert->cert);
-	}
-
-	for (i = 0; i < cert->num_altsubject; i++)
-		wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
-			"depth=%d %s", cert->depth, cert->altsubject[i]);
-}
-
-
-static void eapol_test_set_anon_id(void *ctx, const u8 *id, size_t len)
-{
-	struct eapol_test_data *e = ctx;
-	struct wpa_supplicant *wpa_s = e->wpa_s;
-	char *str;
-	int res;
-
-	wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity",
-			  id, len);
-
-	if (wpa_s->current_ssid == NULL)
-		return;
-
-	if (id == NULL) {
-		if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
-				   "NULL", 0) < 0)
-			return;
-	} else {
-		str = os_malloc(len * 2 + 1);
-		if (str == NULL)
-			return;
-		wpa_snprintf_hex(str, len * 2 + 1, id, len);
-		res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
-				     str, 0);
-		os_free(str);
-		if (res < 0)
-			return;
-	}
-}
-
-
-static enum wpa_states eapol_test_get_state(void *ctx)
-{
-	struct eapol_test_data *e = ctx;
-	struct wpa_supplicant *wpa_s = e->wpa_s;
-
-	return wpa_s->wpa_state;
-}
-
-
-static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
-		      struct wpa_ssid *ssid)
-{
-	struct eapol_config eapol_conf;
-	struct eapol_ctx *ctx;
-	struct wpa_sm_ctx *wctx;
-
-	ctx = os_zalloc(sizeof(*ctx));
-	if (ctx == NULL) {
-		printf("Failed to allocate EAPOL context.\n");
-		return -1;
-	}
-	ctx->ctx = e;
-	ctx->msg_ctx = wpa_s;
-	ctx->scard_ctx = wpa_s->scard;
-	ctx->cb = eapol_sm_cb;
-	ctx->cb_ctx = e;
-	ctx->eapol_send_ctx = wpa_s;
-	ctx->preauth = 0;
-	ctx->eapol_done_cb = eapol_test_eapol_done_cb;
-	ctx->eapol_send = eapol_test_eapol_send;
-	ctx->set_config_blob = eapol_test_set_config_blob;
-	ctx->get_config_blob = eapol_test_get_config_blob;
-	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
-	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
-	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
-	ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers;
-	ctx->eap_param_needed = eapol_test_eap_param_needed;
-	ctx->cert_cb = eapol_test_cert_cb;
-	ctx->cert_in_cb = 1;
-	ctx->set_anon_id = eapol_test_set_anon_id;
-
-	wpa_s->eapol = eapol_sm_init(ctx);
-	if (wpa_s->eapol == NULL) {
-		os_free(ctx);
-		printf("Failed to initialize EAPOL state machines.\n");
-		return -1;
-	}
-
-	wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
-	wctx = os_zalloc(sizeof(*wctx));
-	if (wctx == NULL) {
-		os_free(ctx);
-		return -1;
-	}
-	wctx->ctx = e;
-	wctx->msg_ctx = wpa_s;
-	wctx->get_state = eapol_test_get_state;
-	wpa_s->wpa = wpa_sm_init(wctx);
-	if (!wpa_s->wpa) {
-		os_free(ctx);
-		os_free(wctx);
-		return -1;
-	}
-
-	if (!ssid)
-		return 0;
-
-	wpa_s->current_ssid = ssid;
-	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
-	eapol_conf.accept_802_1x_keys = 1;
-	eapol_conf.required_keys = 0;
-	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
-	eapol_conf.workaround = ssid->eap_workaround;
-	eapol_conf.external_sim = wpa_s->conf->external_sim;
-	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
-	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
-
-
-	eapol_sm_notify_portValid(wpa_s->eapol, false);
-	/* 802.1X::portControl = Auto */
-	eapol_sm_notify_portEnabled(wpa_s->eapol, true);
-
-	return 0;
-}
-
-
-static void test_eapol_clean(struct eapol_test_data *e,
-			     struct wpa_supplicant *wpa_s)
-{
-	struct extra_radius_attr *p, *prev;
-
-	wpa_sm_deinit(wpa_s->wpa);
-	wpa_s->wpa = NULL;
-	radius_client_deinit(e->radius);
-	wpabuf_free(e->last_eap_radius);
-	radius_msg_free(e->last_recv_radius);
-	e->last_recv_radius = NULL;
-	os_free(e->eap_identity);
-	e->eap_identity = NULL;
-	eapol_sm_deinit(wpa_s->eapol);
-	wpa_s->eapol = NULL;
-	if (e->radius_conf && e->radius_conf->auth_server) {
-		os_free(e->radius_conf->auth_server->shared_secret);
-		os_free(e->radius_conf->auth_server);
-	}
-	os_free(e->radius_conf);
-	e->radius_conf = NULL;
-	scard_deinit(wpa_s->scard);
-	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
-	wpa_s->ctrl_iface = NULL;
-
-	ext_password_deinit(wpa_s->ext_pw);
-	wpa_s->ext_pw = NULL;
-
-	wpa_config_free(wpa_s->conf);
-
-	p = e->extra_attrs;
-	while (p) {
-		prev = p;
-		p = p->next;
-		os_free(prev);
-	}
-}
-
-
-static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	u8 buf[100], *pos;
-	struct ieee802_1x_hdr *hdr;
-	struct eap_hdr *eap;
-
-	hdr = (struct ieee802_1x_hdr *) buf;
-	hdr->version = EAPOL_VERSION;
-	hdr->type = IEEE802_1X_TYPE_EAP_PACKET;
-	hdr->length = htons(5);
-
-	eap = (struct eap_hdr *) (hdr + 1);
-	eap->code = EAP_CODE_REQUEST;
-	if (os_get_random((u8 *) &eap->identifier, sizeof(eap->identifier)) < 0)
-		eap->identifier = os_random() & 0xff;
-	eap->length = htons(5);
-	pos = (u8 *) (eap + 1);
-	*pos = EAP_TYPE_IDENTITY;
-
-	printf("Sending fake EAP-Request-Identity\n");
-	eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
-			  sizeof(*hdr) + 5);
-}
-
-
-static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct eapol_test_data *e = eloop_ctx;
-	printf("EAPOL test timed out\n");
-	e->auth_timed_out = 1;
-	eloop_terminate();
-}
-
-
-static char *eap_type_text(u8 type)
-{
-	switch (type) {
-	case EAP_TYPE_IDENTITY: return "Identity";
-	case EAP_TYPE_NOTIFICATION: return "Notification";
-	case EAP_TYPE_NAK: return "Nak";
-	case EAP_TYPE_TLS: return "TLS";
-	case EAP_TYPE_TTLS: return "TTLS";
-	case EAP_TYPE_PEAP: return "PEAP";
-	case EAP_TYPE_SIM: return "SIM";
-	case EAP_TYPE_GTC: return "GTC";
-	case EAP_TYPE_MD5: return "MD5";
-	case EAP_TYPE_OTP: return "OTP";
-	case EAP_TYPE_FAST: return "FAST";
-	case EAP_TYPE_SAKE: return "SAKE";
-	case EAP_TYPE_PSK: return "PSK";
-	default: return "Unknown";
-	}
-}
-
-
-static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
-{
-	struct wpabuf *eap;
-	const struct eap_hdr *hdr;
-	int eap_type = -1;
-	char buf[64];
-	struct radius_msg *msg;
-
-	if (e->last_recv_radius == NULL)
-		return;
-
-	msg = e->last_recv_radius;
-
-	eap = radius_msg_get_eap(msg);
-	if (eap == NULL) {
-		/* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
-		 * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
-		 * attribute */
-		wpa_printf(MSG_DEBUG, "could not extract "
-			       "EAP-Message from RADIUS message");
-		wpabuf_free(e->last_eap_radius);
-		e->last_eap_radius = NULL;
-		return;
-	}
-
-	if (wpabuf_len(eap) < sizeof(*hdr)) {
-		wpa_printf(MSG_DEBUG, "too short EAP packet "
-			       "received from authentication server");
-		wpabuf_free(eap);
-		return;
-	}
-
-	if (wpabuf_len(eap) > sizeof(*hdr))
-		eap_type = (wpabuf_head_u8(eap))[sizeof(*hdr)];
-
-	hdr = wpabuf_head(eap);
-	switch (hdr->code) {
-	case EAP_CODE_REQUEST:
-		os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
-			    eap_type >= 0 ? eap_type_text(eap_type) : "??",
-			    eap_type);
-		break;
-	case EAP_CODE_RESPONSE:
-		os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
-			    eap_type >= 0 ? eap_type_text(eap_type) : "??",
-			    eap_type);
-		break;
-	case EAP_CODE_SUCCESS:
-		os_strlcpy(buf, "EAP Success", sizeof(buf));
-		/* LEAP uses EAP Success within an authentication, so must not
-		 * stop here with eloop_terminate(); */
-		break;
-	case EAP_CODE_FAILURE:
-		os_strlcpy(buf, "EAP Failure", sizeof(buf));
-		if (e->ctrl_iface)
-			break;
-		eloop_terminate();
-		break;
-	default:
-		os_strlcpy(buf, "unknown EAP code", sizeof(buf));
-		wpa_hexdump_buf(MSG_DEBUG, "Decapsulated EAP packet", eap);
-		break;
-	}
-	wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
-		       "id=%d len=%d) from RADIUS server: %s",
-		      hdr->code, hdr->identifier, ntohs(hdr->length), buf);
-
-	/* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
-
-	wpabuf_free(e->last_eap_radius);
-	e->last_eap_radius = eap;
-
-	{
-		struct ieee802_1x_hdr *dot1x;
-		dot1x = os_malloc(sizeof(*dot1x) + wpabuf_len(eap));
-		assert(dot1x != NULL);
-		dot1x->version = EAPOL_VERSION;
-		dot1x->type = IEEE802_1X_TYPE_EAP_PACKET;
-		dot1x->length = htons(wpabuf_len(eap));
-		os_memcpy((u8 *) (dot1x + 1), wpabuf_head(eap),
-			  wpabuf_len(eap));
-		eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
-				  (u8 *) dot1x,
-				  sizeof(*dot1x) + wpabuf_len(eap));
-		os_free(dot1x);
-	}
-}
-
-
-static void ieee802_1x_get_keys(struct eapol_test_data *e,
-				struct radius_msg *msg, struct radius_msg *req,
-				const u8 *shared_secret,
-				size_t shared_secret_len)
-{
-	struct radius_ms_mppe_keys *keys;
-	u8 *buf;
-	size_t len;
-
-	keys = radius_msg_get_ms_keys(msg, req, shared_secret,
-				      shared_secret_len);
-	if (keys && keys->send == NULL && keys->recv == NULL) {
-		os_free(keys);
-		keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
-						 shared_secret_len);
-	}
-
-	if (keys) {
-		if (keys->send) {
-			wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",
-				    keys->send, keys->send_len);
-		}
-		if (keys->recv) {
-			wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",
-				    keys->recv, keys->recv_len);
-			e->authenticator_pmk_len =
-				keys->recv_len > PMK_LEN ? PMK_LEN :
-				keys->recv_len;
-			os_memcpy(e->authenticator_pmk, keys->recv,
-				  e->authenticator_pmk_len);
-			if (e->authenticator_pmk_len == 16 && keys->send &&
-			    keys->send_len == 16) {
-				/* MS-CHAP-v2 derives 16 octet keys */
-				wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key "
-					   "to extend PMK to 32 octets");
-				os_memcpy(e->authenticator_pmk +
-					  e->authenticator_pmk_len,
-					  keys->send, keys->send_len);
-				e->authenticator_pmk_len += keys->send_len;
-			}
-		}
-
-		os_free(keys->send);
-		os_free(keys->recv);
-		os_free(keys);
-	}
-
-	if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_EAP_KEY_NAME, &buf, &len,
-				    NULL) == 0) {
-		os_memcpy(e->authenticator_eap_key_name, buf, len);
-		e->authenticator_eap_key_name_len = len;
-	} else {
-		e->authenticator_eap_key_name_len = 0;
-	}
-}
-
-
-/* Process the RADIUS frames from Authentication Server */
-static RadiusRxResult
-ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
-			const u8 *shared_secret, size_t shared_secret_len,
-			void *data)
-{
-	struct eapol_test_data *e = data;
-	struct radius_hdr *hdr = radius_msg_get_hdr(msg);
-
-	/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
-	 * present when packet contains an EAP-Message attribute */
-	if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
-	    radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
-				0) < 0 &&
-	    radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
-		wpa_printf(MSG_DEBUG, "Allowing RADIUS "
-			      "Access-Reject without Message-Authenticator "
-			      "since it does not include EAP-Message\n");
-	} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
-				     req, 1)) {
-		printf("Incoming RADIUS packet did not have correct "
-		       "Message-Authenticator - dropped\n");
-		return RADIUS_RX_UNKNOWN;
-	}
-
-	if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
-	    hdr->code != RADIUS_CODE_ACCESS_REJECT &&
-	    hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
-		printf("Unknown RADIUS message code\n");
-		return RADIUS_RX_UNKNOWN;
-	}
-
-	e->radius_identifier = -1;
-	wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
-
-	radius_msg_free(e->last_recv_radius);
-	e->last_recv_radius = msg;
-
-	switch (hdr->code) {
-	case RADIUS_CODE_ACCESS_ACCEPT:
-		e->radius_access_accept_received = 1;
-		ieee802_1x_get_keys(e, msg, req, shared_secret,
-				    shared_secret_len);
-		break;
-	case RADIUS_CODE_ACCESS_REJECT:
-		e->radius_access_reject_received = 1;
-		break;
-	}
-
-	ieee802_1x_decapsulate_radius(e);
-
-	if ((hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
-	     e->eapol_test_num_reauths < 0) ||
-	    hdr->code == RADIUS_CODE_ACCESS_REJECT) {
-		if (!e->ctrl_iface)
-			eloop_terminate();
-	}
-
-	return RADIUS_RX_QUEUED;
-}
-
-
-static int driver_get_ssid(void *priv, u8 *ssid)
-{
-	ssid[0] = 0;
-	return 0;
-}
-
-
-static int driver_get_bssid(void *priv, u8 *bssid)
-{
-	struct eapol_test_data *e = priv;
-
-	if (e->ctrl_iface && !e->id_req_sent) {
-		eloop_register_timeout(0, 0, send_eap_request_identity,
-				       e->wpa_s, NULL);
-		e->id_req_sent = 1;
-	}
-
-	os_memset(bssid, 0, ETH_ALEN);
-	bssid[5] = 1;
-	return 0;
-}
-
-
-static int driver_get_capa(void *priv, struct wpa_driver_capa *capa)
-{
-	os_memset(capa, 0, sizeof(*capa));
-	capa->flags = WPA_DRIVER_FLAGS_WIRED;
-	return 0;
-}
-
-
-struct wpa_driver_ops eapol_test_drv_ops = {
-	.name = "test",
-	.get_ssid = driver_get_ssid,
-	.get_bssid = driver_get_bssid,
-	.get_capa = driver_get_capa,
-};
-
-static void wpa_init_conf(struct eapol_test_data *e,
-			  struct wpa_supplicant *wpa_s, const char *authsrv,
-			  int port, const char *secret,
-			  const char *cli_addr, const char *ifname)
-{
-	struct hostapd_radius_server *as;
-	int res;
-
-	wpa_s->driver = &eapol_test_drv_ops;
-	wpa_s->drv_priv = e;
-	wpa_s->bssid[5] = 1;
-	os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
-	e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
-	os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
-
-	e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
-	assert(e->radius_conf != NULL);
-	e->radius_conf->num_auth_servers = 1;
-	as = os_zalloc(sizeof(struct hostapd_radius_server));
-	assert(as != NULL);
-#if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
-	{
-		int a[4];
-		u8 *pos;
-		sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
-		pos = (u8 *) &as->addr.u.v4;
-		*pos++ = a[0];
-		*pos++ = a[1];
-		*pos++ = a[2];
-		*pos++ = a[3];
-		as->addr.af = AF_INET;
-	}
-#else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
-	if (hostapd_parse_ip_addr(authsrv, &as->addr) < 0) {
-		wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
-			   authsrv);
-		assert(0);
-	}
-#endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
-	as->port = port;
-	as->shared_secret = (u8 *) os_strdup(secret);
-	as->shared_secret_len = os_strlen(secret);
-	e->radius_conf->auth_server = as;
-	e->radius_conf->auth_servers = as;
-	e->radius_conf->msg_dumps = 1;
-	if (cli_addr) {
-		if (hostapd_parse_ip_addr(cli_addr,
-					  &e->radius_conf->client_addr) == 0)
-			e->radius_conf->force_client_addr = 1;
-		else {
-			wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
-				   cli_addr);
-			assert(0);
-		}
-	}
-
-	e->radius = radius_client_init(wpa_s, e->radius_conf);
-	assert(e->radius != NULL);
-
-	res = radius_client_register(e->radius, RADIUS_AUTH,
-				     ieee802_1x_receive_auth, e);
-	assert(res == 0);
-}
-
-
-static int scard_test(struct eapol_test_data *e)
-{
-	struct scard_data *scard;
-	size_t len;
-	char imsi[20];
-	unsigned char _rand[16];
-#ifdef PCSC_FUNCS
-	unsigned char sres[4];
-	unsigned char kc[8];
-#endif /* PCSC_FUNCS */
-#define num_triplets 5
-	unsigned char rand_[num_triplets][16];
-	unsigned char sres_[num_triplets][4];
-	unsigned char kc_[num_triplets][8];
-	int i, res;
-	size_t j;
-
-#define AKA_RAND_LEN 16
-#define AKA_AUTN_LEN 16
-#define AKA_AUTS_LEN 14
-#define RES_MAX_LEN 16
-#define IK_LEN 16
-#define CK_LEN 16
-	unsigned char aka_rand[AKA_RAND_LEN];
-	unsigned char aka_autn[AKA_AUTN_LEN];
-	unsigned char aka_auts[AKA_AUTS_LEN];
-	unsigned char aka_res[RES_MAX_LEN];
-	size_t aka_res_len;
-	unsigned char aka_ik[IK_LEN];
-	unsigned char aka_ck[CK_LEN];
-
-	scard = scard_init(e->pcsc_reader);
-	if (scard == NULL)
-		return -1;
-	if (scard_set_pin(scard, e->pcsc_pin)) {
-		wpa_printf(MSG_WARNING, "PIN validation failed");
-		scard_deinit(scard);
-		return -1;
-	}
-
-	len = sizeof(imsi);
-	if (scard_get_imsi(scard, imsi, &len))
-		goto failed;
-	wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
-	/* NOTE: Permanent Username: 1 | IMSI */
-
-	wpa_printf(MSG_DEBUG, "SCARD: MNC length %d",
-		   scard_get_mnc_len(scard));
-
-	os_memset(_rand, 0, sizeof(_rand));
-	if (scard_gsm_auth(scard, _rand, sres, kc))
-		goto failed;
-
-	os_memset(_rand, 0xff, sizeof(_rand));
-	if (scard_gsm_auth(scard, _rand, sres, kc))
-		goto failed;
-
-	for (i = 0; i < num_triplets; i++) {
-		os_memset(rand_[i], i, sizeof(rand_[i]));
-		if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
-			goto failed;
-	}
-
-	for (i = 0; i < num_triplets; i++) {
-		printf("1");
-		for (j = 0; j < len; j++)
-			printf("%c", imsi[j]);
-		printf(",");
-		for (j = 0; j < 16; j++)
-			printf("%02X", rand_[i][j]);
-		printf(",");
-		for (j = 0; j < 4; j++)
-			printf("%02X", sres_[i][j]);
-		printf(",");
-		for (j = 0; j < 8; j++)
-			printf("%02X", kc_[i][j]);
-		printf("\n");
-	}
-
-	wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
-
-	/* seq 39 (0x28) */
-	os_memset(aka_rand, 0xaa, 16);
-	os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
-		  "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
-
-	res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
-			      aka_ik, aka_ck, aka_auts);
-	if (res == 0) {
-		wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
-		wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
-		wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
-		wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
-	} else if (res == -2) {
-		wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
-			   "failure");
-		wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
-	} else {
-		wpa_printf(MSG_DEBUG, "UMTS auth failed");
-	}
-
-failed:
-	scard_deinit(scard);
-
-	return 0;
-#undef num_triplets
-}
-
-
-static int scard_get_triplets(struct eapol_test_data *e, int argc, char *argv[])
-{
-	struct scard_data *scard;
-	size_t len;
-	char imsi[20];
-	unsigned char _rand[16];
-	unsigned char sres[4];
-	unsigned char kc[8];
-	int num_triplets;
-	int i;
-	size_t j;
-
-	if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
-		printf("invalid parameters for sim command\n");
-		return -1;
-	}
-
-	if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
-		/* disable debug output */
-		wpa_debug_level = 99;
-	}
-
-	scard = scard_init(e->pcsc_reader);
-	if (scard == NULL) {
-		printf("Failed to open smartcard connection\n");
-		return -1;
-	}
-	if (scard_set_pin(scard, argv[0])) {
-		wpa_printf(MSG_WARNING, "PIN validation failed");
-		scard_deinit(scard);
-		return -1;
-	}
-
-	len = sizeof(imsi);
-	if (scard_get_imsi(scard, imsi, &len)) {
-		scard_deinit(scard);
-		return -1;
-	}
-
-	for (i = 0; i < num_triplets; i++) {
-		os_memset(_rand, i, sizeof(_rand));
-		if (scard_gsm_auth(scard, _rand, sres, kc))
-			break;
-
-		/* IMSI:Kc:SRES:RAND */
-		for (j = 0; j < len; j++)
-			printf("%c", imsi[j]);
-		printf(":");
-		for (j = 0; j < 8; j++)
-			printf("%02X", kc[j]);
-		printf(":");
-		for (j = 0; j < 4; j++)
-			printf("%02X", sres[j]);
-		printf(":");
-		for (j = 0; j < 16; j++)
-			printf("%02X", _rand[j]);
-		printf("\n");
-	}
-
-	scard_deinit(scard);
-
-	return 0;
-}
-
-
-static void eapol_test_terminate(int sig, void *signal_ctx)
-{
-	struct wpa_supplicant *wpa_s = signal_ctx;
-	wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
-	eloop_terminate();
-}
-
-
-static void usage(void)
-{
-	printf("usage:\n"
-	       "eapol_test [-enWSv] -c<conf> [-a<AS IP>] [-p<AS port>] "
-	       "[-s<AS secret>]\\\n"
-	       "           [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
-	       "           [-M<client MAC address>] [-o<server cert file] \\\n"
-	       "           [-N<attr spec>] [-R<PC/SC reader>] "
-	       "[-P<PC/SC PIN>] \\\n"
-	       "           [-A<client IP>] [-i<ifname>] [-T<ctrl_iface>]\n"
-	       "eapol_test scard\n"
-	       "eapol_test sim <PIN> <num triplets> [debug]\n"
-	       "\n");
-	printf("options:\n"
-	       "  -c<conf> = configuration file\n"
-	       "  -a<AS IP> = IP address of the authentication server, "
-	       "default 127.0.0.1\n"
-	       "  -p<AS port> = UDP port of the authentication server, "
-	       "default 1812\n"
-	       "  -s<AS secret> = shared secret with the authentication "
-	       "server, default 'radius'\n"
-	       "  -A<client IP> = IP address of the client, default: select "
-	       "automatically\n"
-	       "  -r<count> = number of re-authentications\n"
-	       "  -e = Request EAP-Key-Name\n"
-	       "  -W = wait for a control interface monitor before starting\n"
-	       "  -S = save configuration after authentication\n"
-	       "  -n = no MPPE keys expected\n"
-	       "  -v = show version\n"
-	       "  -t<timeout> = sets timeout in seconds (default: 30 s)\n"
-	       "  -C<Connect-Info> = RADIUS Connect-Info (default: "
-	       "CONNECT 11Mbps 802.11b)\n"
-	       "  -M<client MAC address> = Set own MAC address "
-	       "(Calling-Station-Id,\n"
-	       "                           default: 02:00:00:00:00:01)\n"
-	       "  -o<server cert file> = Write received server certificate\n"
-	       "                         chain to the specified file\n"
-	       "  -N<attr spec> = send arbitrary attribute specified by:\n"
-	       "                  attr_id:syntax:value or attr_id\n"
-	       "                  attr_id - number id of the attribute\n"
-	       "                  syntax - one of: s, d, x\n"
-	       "                     s = string\n"
-	       "                     d = integer\n"
-	       "                     x = octet string\n"
-	       "                  value - attribute value.\n"
-	       "       When only attr_id is specified, NULL will be used as "
-	       "value.\n"
-	       "       Multiple attributes can be specified by using the "
-	       "option several times.\n");
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct wpa_global global;
-	struct wpa_supplicant wpa_s;
-	int c, ret = 1, wait_for_monitor = 0, save_config = 0;
-	char *as_addr = "127.0.0.1";
-	int as_port = 1812;
-	char *as_secret = "radius";
-	char *cli_addr = NULL;
-	char *conf = NULL;
-	int timeout = 30;
-	char *pos;
-	struct extra_radius_attr *p = NULL, *p1;
-	const char *ifname = "test";
-	const char *ctrl_iface = NULL;
-
-	if (os_program_init())
-		return -1;
-
-	hostapd_logger_register_cb(hostapd_logger_cb);
-
-	os_memset(&eapol_test, 0, sizeof(eapol_test));
-	eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
-	os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
-	eapol_test.pcsc_pin = "1234";
-
-	wpa_debug_level = 0;
-	wpa_debug_show_keys = 1;
-
-	for (;;) {
-		c = getopt(argc, argv, "a:A:c:C:ei:M:nN:o:p:P:r:R:s:St:T:vW");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'a':
-			as_addr = optarg;
-			break;
-		case 'A':
-			cli_addr = optarg;
-			break;
-		case 'c':
-			conf = optarg;
-			break;
-		case 'C':
-			eapol_test.connect_info = optarg;
-			break;
-		case 'e':
-			eapol_test.req_eap_key_name = 1;
-			break;
-		case 'i':
-			ifname = optarg;
-			break;
-		case 'M':
-			if (hwaddr_aton(optarg, eapol_test.own_addr)) {
-				usage();
-				return -1;
-			}
-			break;
-		case 'n':
-			eapol_test.no_mppe_keys++;
-			break;
-		case 'o':
-			if (eapol_test.server_cert_file)
-				fclose(eapol_test.server_cert_file);
-			eapol_test.server_cert_file = fopen(optarg, "w");
-			if (eapol_test.server_cert_file == NULL) {
-				printf("Could not open '%s' for writing\n",
-				       optarg);
-				return -1;
-			}
-			break;
-		case 'p':
-			as_port = atoi(optarg);
-			break;
-		case 'P':
-			eapol_test.pcsc_pin = optarg;
-			break;
-		case 'r':
-			eapol_test.eapol_test_num_reauths = atoi(optarg);
-			break;
-		case 'R':
-			eapol_test.pcsc_reader = optarg;
-			break;
-		case 's':
-			as_secret = optarg;
-			break;
-		case 'S':
-			save_config++;
-			break;
-		case 't':
-			timeout = atoi(optarg);
-			break;
-		case 'T':
-			ctrl_iface = optarg;
-			eapol_test.ctrl_iface = 1;
-			break;
-		case 'v':
-			printf("eapol_test v%s\n", VERSION_STR);
-			return 0;
-		case 'W':
-			wait_for_monitor++;
-			break;
-		case 'N':
-			p1 = os_zalloc(sizeof(*p1));
-			if (p1 == NULL)
-				break;
-			if (!p)
-				eapol_test.extra_attrs = p1;
-			else
-				p->next = p1;
-			p = p1;
-
-			p->type = atoi(optarg);
-			pos = os_strchr(optarg, ':');
-			if (pos == NULL) {
-				p->syntax = 'n';
-				p->data = NULL;
-				break;
-			}
-
-			pos++;
-			if (pos[0] == '\0' || pos[1] != ':') {
-				printf("Incorrect format of attribute "
-				       "specification\n");
-				break;
-			}
-
-			p->syntax = pos[0];
-			p->data = pos + 2;
-			break;
-		default:
-			usage();
-			return -1;
-		}
-	}
-
-	if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
-		return scard_test(&eapol_test);
-	}
-
-	if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
-		return scard_get_triplets(&eapol_test, argc - optind - 1,
-					  &argv[optind + 1]);
-	}
-
-	if (conf == NULL && !ctrl_iface) {
-		usage();
-		printf("Configuration file is required.\n");
-		return -1;
-	}
-
-	if (eap_register_methods()) {
-		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
-		return -1;
-	}
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		return -1;
-	}
-
-	os_memset(&global, 0, sizeof(global));
-	os_memset(&wpa_s, 0, sizeof(wpa_s));
-	wpa_s.global = &global;
-	eapol_test.wpa_s = &wpa_s;
-	dl_list_init(&wpa_s.bss);
-	dl_list_init(&wpa_s.bss_id);
-	if (conf)
-		wpa_s.conf = wpa_config_read(conf, NULL);
-	else
-		wpa_s.conf = wpa_config_alloc_empty(ctrl_iface, NULL);
-	if (wpa_s.conf == NULL) {
-		printf("Failed to parse configuration file '%s'.\n", conf);
-		return -1;
-	}
-	if (!ctrl_iface && wpa_s.conf->ssid == NULL) {
-		printf("No networks defined.\n");
-		return -1;
-	}
-
-	if (eapol_test.pcsc_reader) {
-		os_free(wpa_s.conf->pcsc_reader);
-		wpa_s.conf->pcsc_reader = os_strdup(eapol_test.pcsc_reader);
-	}
-
-	wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret,
-		      cli_addr, ifname);
-	wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
-	if (wpa_s.ctrl_iface == NULL) {
-		printf("Failed to initialize control interface '%s'.\n"
-		       "You may have another eapol_test process already "
-		       "running or the file was\n"
-		       "left by an unclean termination of eapol_test in "
-		       "which case you will need\n"
-		       "to manually remove this file before starting "
-		       "eapol_test again.\n",
-		       wpa_s.conf->ctrl_interface);
-		return -1;
-	}
-	if (wpa_s.conf->ssid &&
-	    wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
-		return -1;
-
-	if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
-		return -1;
-
-	if (wpas_init_ext_pw(&wpa_s) < 0)
-		return -1;
-
-	if (wait_for_monitor)
-		wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
-
-	if (!ctrl_iface) {
-		eloop_register_timeout(timeout, 0, eapol_test_timeout,
-				       &eapol_test, NULL);
-		eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s,
-				       NULL);
-	}
-	eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
-	eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
-	eloop_run();
-
-	eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
-	eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
-
-	if (eapol_test_compare_pmk(&eapol_test) == 0 ||
-	    eapol_test.no_mppe_keys)
-		ret = 0;
-	if (eapol_test.auth_timed_out)
-		ret = -2;
-	if (eapol_test.radius_access_reject_received)
-		ret = -3;
-
-	if (save_config)
-		wpa_config_write(conf, wpa_s.conf);
-
-	test_eapol_clean(&eapol_test, &wpa_s);
-
-	eap_peer_unregister_methods();
-#ifdef CONFIG_AP
-	eap_server_unregister_methods();
-#endif /* CONFIG_AP */
-
-	eloop_destroy();
-
-	if (eapol_test.server_cert_file)
-		fclose(eapol_test.server_cert_file);
-
-	printf("MPPE keys OK: %d  mismatch: %d\n",
-	       eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
-	if (eapol_test.num_mppe_mismatch)
-		ret = -4;
-	if (ret)
-		printf("FAILURE\n");
-	else
-		printf("SUCCESS\n");
-
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/wpa_supplicant/eapol_test.py b/wpa_supplicant/eapol_test.py
deleted file mode 100755
index 88c83f343597..000000000000
--- a/wpa_supplicant/eapol_test.py
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env python2
-#
-# eapol_test controller
-# Copyright (c) 2015, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import argparse
-import logging
-import os
-import Queue
-import sys
-import threading
-
-logger = logging.getLogger()
-dir = os.path.dirname(os.path.realpath(sys.modules[__name__].__file__))
-sys.path.append(os.path.join(dir, '..', 'wpaspy'))
-import wpaspy
-wpas_ctrl = '/tmp/eapol_test'
-
-class eapol_test:
-    def __init__(self, ifname):
-        self.ifname = ifname
-        self.ctrl = wpaspy.Ctrl(os.path.join(wpas_ctrl, ifname))
-        if "PONG" not in self.ctrl.request("PING"):
-            raise Exception("Failed to connect to eapol_test (%s)" % ifname)
-        self.mon = wpaspy.Ctrl(os.path.join(wpas_ctrl, ifname))
-        self.mon.attach()
-
-    def add_network(self):
-        id = self.request("ADD_NETWORK")
-        if "FAIL" in id:
-            raise Exception("ADD_NETWORK failed")
-        return int(id)
-
-    def remove_network(self, id):
-        id = self.request("REMOVE_NETWORK " + str(id))
-        if "FAIL" in id:
-            raise Exception("REMOVE_NETWORK failed")
-        return None
-
-    def set_network(self, id, field, value):
-        res = self.request("SET_NETWORK " + str(id) + " " + field + " " + value)
-        if "FAIL" in res:
-            raise Exception("SET_NETWORK failed")
-        return None
-
-    def set_network_quoted(self, id, field, value):
-        res = self.request("SET_NETWORK " + str(id) + " " + field + ' "' + value + '"')
-        if "FAIL" in res:
-            raise Exception("SET_NETWORK failed")
-        return None
-
-    def request(self, cmd, timeout=10):
-        return self.ctrl.request(cmd, timeout=timeout)
-
-    def wait_event(self, events, timeout=10):
-        start = os.times()[4]
-        while True:
-            while self.mon.pending():
-                ev = self.mon.recv()
-                logger.debug(self.ifname + ": " + ev)
-                for event in events:
-                    if event in ev:
-                        return ev
-            now = os.times()[4]
-            remaining = start + timeout - now
-            if remaining <= 0:
-                break
-            if not self.mon.pending(timeout=remaining):
-                break
-        return None
-
-def run(ifname, count, no_fast_reauth, res, conf):
-    et = eapol_test(ifname)
-
-    et.request("AP_SCAN 0")
-    if no_fast_reauth:
-        et.request("SET fast_reauth 0")
-    else:
-        et.request("SET fast_reauth 1")
-    id = et.add_network()
-
-    if len(conf):
-        for item in conf:
-            et.set_network(id, item, conf[item])
-    else:
-        et.set_network(id, "key_mgmt", "IEEE8021X")
-        et.set_network(id, "eapol_flags", "0")
-        et.set_network(id, "eap", "TLS")
-        et.set_network_quoted(id, "identity", "user")
-        et.set_network_quoted(id, "ca_cert", 'ca.pem')
-        et.set_network_quoted(id, "client_cert", 'client.pem')
-        et.set_network_quoted(id, "private_key", 'client.key')
-        et.set_network_quoted(id, "private_key_passwd", 'whatever')
-
-    et.set_network(id, "disabled", "0")
-
-    fail = False
-    for i in range(count):
-        et.request("REASSOCIATE")
-        ev = et.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-EAP-FAILURE"])
-        if ev is None or "CTRL-EVENT-CONNECTED" not in ev:
-            fail = True
-            break
-
-    et.remove_network(id)
-
-    if fail:
-        res.put("FAIL (%d OK)" % i)
-    else:
-        res.put("PASS %d" % (i + 1))
-
-def main():
-    parser = argparse.ArgumentParser(description='eapol_test controller')
-    parser.add_argument('--ctrl', help='control interface directory')
-    parser.add_argument('--num', help='number of processes')
-    parser.add_argument('--iter', help='number of iterations')
-    parser.add_argument('--no-fast-reauth', action='store_true',
-                        dest='no_fast_reauth',
-                        help='disable TLS session resumption')
-    parser.add_argument('--conf', help='file of network conf items')
-    args = parser.parse_args()
-
-    num = int(args.num)
-    iter = int(args.iter)
-    if args.ctrl:
-        global wpas_ctrl
-        wpas_ctrl = args.ctrl
-
-    conf = {}
-    if args.conf:
-        f = open(args.conf, "r")
-        for line in f:
-            confitem = line.split("=")
-            if len(confitem) == 2:
-                conf[confitem[0].strip()] = confitem[1].strip()
-        f.close()
-
-    t = {}
-    res = {}
-    for i in range(num):
-        res[i] = Queue.Queue()
-        t[i] = threading.Thread(target=run, args=(str(i), iter,
-                                                  args.no_fast_reauth, res[i],
-                                                  conf))
-    for i in range(num):
-        t[i].start()
-    for i in range(num):
-        t[i].join()
-        try:
-            results = res[i].get(False)
-        except:
-            results = "N/A"
-        print("%d: %s" % (i, results))
-
-if __name__ == "__main__":
-    main()
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
deleted file mode 100644
index f55e1846e205..000000000000
--- a/wpa_supplicant/events.c
+++ /dev/null
@@ -1,5783 +0,0 @@
-/*
- * WPA Supplicant - Driver event processing
- * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "eloop.h"
-#include "config.h"
-#include "l2_packet/l2_packet.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "pcsc_funcs.h"
-#include "rsn_supp/preauth.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "common/wpa_ctrl.h"
-#include "eap_peer/eap.h"
-#include "ap/hostapd.h"
-#include "p2p/p2p.h"
-#include "fst/fst.h"
-#include "wnm_sta.h"
-#include "notify.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/gas_server.h"
-#include "common/dpp.h"
-#include "common/ptksa_cache.h"
-#include "crypto/random.h"
-#include "bssid_ignore.h"
-#include "wpas_glue.h"
-#include "wps_supplicant.h"
-#include "ibss_rsn.h"
-#include "sme.h"
-#include "gas_query.h"
-#include "p2p_supplicant.h"
-#include "bgscan.h"
-#include "autoscan.h"
-#include "ap.h"
-#include "bss.h"
-#include "scan.h"
-#include "offchannel.h"
-#include "interworking.h"
-#include "mesh.h"
-#include "mesh_mpm.h"
-#include "wmm_ac.h"
-#include "dpp_supplicant.h"
-
-
-#define MAX_OWE_TRANSITION_BSS_SELECT_COUNT 5
-
-
-#ifndef CONFIG_NO_SCAN_PROCESSING
-static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
-					      int new_scan, int own_request);
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-
-
-int wpas_temp_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-	struct os_reltime now;
-
-	if (ssid == NULL || ssid->disabled_until.sec == 0)
-		return 0;
-
-	os_get_reltime(&now);
-	if (ssid->disabled_until.sec > now.sec)
-		return ssid->disabled_until.sec - now.sec;
-
-	wpas_clear_temp_disabled(wpa_s, ssid, 0);
-
-	return 0;
-}
-
-
-#ifndef CONFIG_NO_SCAN_PROCESSING
-/**
- * wpas_reenabled_network_time - Time until first network is re-enabled
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: If all enabled networks are temporarily disabled, returns the time
- *	(in sec) until the first network is re-enabled. Otherwise returns 0.
- *
- * This function is used in case all enabled networks are temporarily disabled,
- * in which case it returns the time (in sec) that the first network will be
- * re-enabled. The function assumes that at least one network is enabled.
- */
-static int wpas_reenabled_network_time(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-	int disabled_for, res = 0;
-
-#ifdef CONFIG_INTERWORKING
-	if (wpa_s->conf->auto_interworking && wpa_s->conf->interworking &&
-	    wpa_s->conf->cred)
-		return 0;
-#endif /* CONFIG_INTERWORKING */
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid->disabled)
-			continue;
-
-		disabled_for = wpas_temp_disabled(wpa_s, ssid);
-		if (!disabled_for)
-			return 0;
-
-		if (!res || disabled_for < res)
-			res = disabled_for;
-	}
-
-	return res;
-}
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-
-
-void wpas_network_reenabled(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (wpa_s->disconnected || wpa_s->wpa_state != WPA_SCANNING)
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"Try to associate due to network getting re-enabled");
-	if (wpa_supplicant_fast_associate(wpa_s) != 1) {
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	}
-}
-
-
-static struct wpa_bss * wpa_supplicant_get_new_bss(
-	struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	struct wpa_bss *bss = NULL;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid->ssid_len > 0)
-		bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
-	if (!bss)
-		bss = wpa_bss_get_bssid(wpa_s, bssid);
-
-	return bss;
-}
-
-
-static void wpa_supplicant_update_current_bss(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, wpa_s->bssid);
-
-	if (!bss) {
-		wpa_supplicant_update_scan_results(wpa_s);
-
-		/* Get the BSS from the new scan results */
-		bss = wpa_supplicant_get_new_bss(wpa_s, wpa_s->bssid);
-	}
-
-	if (bss)
-		wpa_s->current_bss = bss;
-}
-
-
-static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid, *old_ssid;
-	u8 drv_ssid[SSID_MAX_LEN];
-	size_t drv_ssid_len;
-	int res;
-
-	if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) {
-		wpa_supplicant_update_current_bss(wpa_s);
-
-		if (wpa_s->current_ssid->ssid_len == 0)
-			return 0; /* current profile still in use */
-		res = wpa_drv_get_ssid(wpa_s, drv_ssid);
-		if (res < 0) {
-			wpa_msg(wpa_s, MSG_INFO,
-				"Failed to read SSID from driver");
-			return 0; /* try to use current profile */
-		}
-		drv_ssid_len = res;
-
-		if (drv_ssid_len == wpa_s->current_ssid->ssid_len &&
-		    os_memcmp(drv_ssid, wpa_s->current_ssid->ssid,
-			      drv_ssid_len) == 0)
-			return 0; /* current profile still in use */
-
-#ifdef CONFIG_OWE
-		if ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
-		    wpa_s->current_bss &&
-		    (wpa_s->current_bss->flags & WPA_BSS_OWE_TRANSITION) &&
-		    drv_ssid_len == wpa_s->current_bss->ssid_len &&
-		    os_memcmp(drv_ssid, wpa_s->current_bss->ssid,
-			      drv_ssid_len) == 0)
-			return 0; /* current profile still in use */
-#endif /* CONFIG_OWE */
-
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Driver-initiated BSS selection changed the SSID to %s",
-			wpa_ssid_txt(drv_ssid, drv_ssid_len));
-		/* continue selecting a new network profile */
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association "
-		"information");
-	ssid = wpa_supplicant_get_ssid(wpa_s);
-	if (ssid == NULL) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"No network configuration found for the current AP");
-		return -1;
-	}
-
-	if (wpas_network_disabled(wpa_s, ssid)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled");
-		return -1;
-	}
-
-	if (disallowed_bssid(wpa_s, wpa_s->bssid) ||
-	    disallowed_ssid(wpa_s, ssid->ssid, ssid->ssid_len)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS is disallowed");
-		return -1;
-	}
-
-	res = wpas_temp_disabled(wpa_s, ssid);
-	if (res > 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is temporarily "
-			"disabled for %d second(s)", res);
-		return -1;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the "
-		"current AP");
-	if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
-		u8 wpa_ie[80];
-		size_t wpa_ie_len = sizeof(wpa_ie);
-		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
-					      wpa_ie, &wpa_ie_len) < 0)
-			wpa_dbg(wpa_s, MSG_DEBUG, "Could not set WPA suites");
-	} else {
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-	}
-
-	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid)
-		eapol_sm_invalidate_cached_session(wpa_s->eapol);
-	old_ssid = wpa_s->current_ssid;
-	wpa_s->current_ssid = ssid;
-
-	wpa_supplicant_update_current_bss(wpa_s);
-
-	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
-	wpa_supplicant_initiate_eapol(wpa_s);
-	if (old_ssid != wpa_s->current_ssid)
-		wpas_notify_network_changed(wpa_s);
-
-	return 0;
-}
-
-
-void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (wpa_s->countermeasures) {
-		wpa_s->countermeasures = 0;
-		wpa_drv_set_countermeasures(wpa_s, 0);
-		wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped");
-
-		/*
-		 * It is possible that the device is sched scanning, which means
-		 * that a connection attempt will be done only when we receive
-		 * scan results. However, in this case, it would be preferable
-		 * to scan and connect immediately, so cancel the sched_scan and
-		 * issue a regular scan flow.
-		 */
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	}
-}
-
-
-void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
-{
-	int bssid_changed;
-
-	wnm_bss_keep_alive_deinit(wpa_s);
-
-#ifdef CONFIG_IBSS_RSN
-	ibss_rsn_deinit(wpa_s->ibss_rsn);
-	wpa_s->ibss_rsn = NULL;
-#endif /* CONFIG_IBSS_RSN */
-
-#ifdef CONFIG_AP
-	wpa_supplicant_ap_deinit(wpa_s);
-#endif /* CONFIG_AP */
-
-#ifdef CONFIG_HS20
-	/* Clear possibly configured frame filters */
-	wpa_drv_configure_frame_filters(wpa_s, 0);
-#endif /* CONFIG_HS20 */
-
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
-		return;
-
-	if (os_reltime_initialized(&wpa_s->session_start)) {
-		os_reltime_age(&wpa_s->session_start, &wpa_s->session_length);
-		wpa_s->session_start.sec = 0;
-		wpa_s->session_start.usec = 0;
-		wpas_notify_session_length(wpa_s);
-	}
-
-	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-	bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
-	os_memset(wpa_s->bssid, 0, ETH_ALEN);
-	os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
-	sme_clear_on_disassoc(wpa_s);
-	wpa_s->current_bss = NULL;
-	wpa_s->assoc_freq = 0;
-
-	if (bssid_changed)
-		wpas_notify_bssid_changed(wpa_s);
-
-	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
-	eapol_sm_notify_portValid(wpa_s->eapol, false);
-	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port)
-		eapol_sm_notify_eap_success(wpa_s->eapol, false);
-	wpa_s->drv_authorized_port = 0;
-	wpa_s->ap_ies_from_associnfo = 0;
-	wpa_s->current_ssid = NULL;
-	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-	wpa_s->key_mgmt = 0;
-
-	wpas_rrm_reset(wpa_s);
-	wpa_s->wnmsleep_used = 0;
-	wnm_clear_coloc_intf_reporting(wpa_s);
-	wpa_s->disable_mbo_oce = 0;
-
-#ifdef CONFIG_TESTING_OPTIONS
-	wpa_s->last_tk_alg = WPA_ALG_NONE;
-	os_memset(wpa_s->last_tk, 0, sizeof(wpa_s->last_tk));
-#endif /* CONFIG_TESTING_OPTIONS */
-	wpa_s->ieee80211ac = 0;
-
-	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
-		wpa_s->enabled_4addr_mode = 0;
-}
-
-
-static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ie_data ie;
-	int pmksa_set = -1;
-	size_t i;
-	struct rsn_pmksa_cache_entry *cur_pmksa;
-
-	/* Start with assumption of no PMKSA cache entry match for cases other
-	 * than SAE. In particular, this is needed to generate the PMKSA cache
-	 * entries for Suite B cases with driver-based roaming indication. */
-	cur_pmksa = pmksa_cache_get_current(wpa_s->wpa);
-	if (cur_pmksa && !wpa_key_mgmt_sae(cur_pmksa->akmp))
-		pmksa_cache_clear_current(wpa_s->wpa);
-
-	if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
-	    ie.pmkid == NULL)
-		return;
-
-	for (i = 0; i < ie.num_pmkid; i++) {
-		pmksa_set = pmksa_cache_set_current(wpa_s->wpa,
-						    ie.pmkid + i * PMKID_LEN,
-						    NULL, NULL, 0, NULL, 0);
-		if (pmksa_set == 0) {
-			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
-			break;
-		}
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from "
-		"PMKSA cache", pmksa_set == 0 ? "" : "not ");
-}
-
-
-static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s,
-						 union wpa_event_data *data)
-{
-	if (data == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate "
-			"event");
-		return;
-	}
-	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR
-		" index=%d preauth=%d",
-		MAC2STR(data->pmkid_candidate.bssid),
-		data->pmkid_candidate.index,
-		data->pmkid_candidate.preauth);
-
-	pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid,
-			    data->pmkid_candidate.index,
-			    data->pmkid_candidate.preauth);
-}
-
-
-static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
-		return 0;
-
-#ifdef IEEE8021X_EAPOL
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
-	    wpa_s->current_ssid &&
-	    !(wpa_s->current_ssid->eapol_flags &
-	      (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
-	       EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) {
-		/* IEEE 802.1X, but not using dynamic WEP keys (i.e., either
-		 * plaintext or static WEP keys). */
-		return 0;
-	}
-#endif /* IEEE8021X_EAPOL */
-
-	return 1;
-}
-
-
-/**
- * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC
- * @wpa_s: pointer to wpa_supplicant data
- * @ssid: Configuration data for the network
- * Returns: 0 on success, -1 on failure
- *
- * This function is called when starting authentication with a network that is
- * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA).
- */
-int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid)
-{
-#ifdef IEEE8021X_EAPOL
-#ifdef PCSC_FUNCS
-	int aka = 0, sim = 0;
-
-	if ((ssid != NULL && ssid->eap.pcsc == NULL) ||
-	    wpa_s->scard != NULL || wpa_s->conf->external_sim)
-		return 0;
-
-	if (ssid == NULL || ssid->eap.eap_methods == NULL) {
-		sim = 1;
-		aka = 1;
-	} else {
-		struct eap_method_type *eap = ssid->eap.eap_methods;
-		while (eap->vendor != EAP_VENDOR_IETF ||
-		       eap->method != EAP_TYPE_NONE) {
-			if (eap->vendor == EAP_VENDOR_IETF) {
-				if (eap->method == EAP_TYPE_SIM)
-					sim = 1;
-				else if (eap->method == EAP_TYPE_AKA ||
-					 eap->method == EAP_TYPE_AKA_PRIME)
-					aka = 1;
-			}
-			eap++;
-		}
-	}
-
-	if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL)
-		sim = 0;
-	if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL &&
-	    eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME) ==
-	    NULL)
-		aka = 0;
-
-	if (!sim && !aka) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to "
-			"use SIM, but neither EAP-SIM nor EAP-AKA are "
-			"enabled");
-		return 0;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM "
-		"(sim=%d aka=%d) - initialize PCSC", sim, aka);
-
-	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
-	if (wpa_s->scard == NULL) {
-		wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM "
-			"(pcsc-lite)");
-		return -1;
-	}
-	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
-	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
-#endif /* PCSC_FUNCS */
-#endif /* IEEE8021X_EAPOL */
-
-	return 0;
-}
-
-
-#ifndef CONFIG_NO_SCAN_PROCESSING
-
-#ifdef CONFIG_WEP
-static int has_wep_key(struct wpa_ssid *ssid)
-{
-	int i;
-
-	for (i = 0; i < NUM_WEP_KEYS; i++) {
-		if (ssid->wep_key_len[i])
-			return 1;
-	}
-
-	return 0;
-}
-#endif /* CONFIG_WEP */
-
-
-static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
-					struct wpa_ssid *ssid)
-{
-	int privacy = 0;
-
-	if (ssid->mixed_cell)
-		return 1;
-
-#ifdef CONFIG_WPS
-	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
-		return 1;
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_OWE
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only)
-		return 1;
-#endif /* CONFIG_OWE */
-
-#ifdef CONFIG_WEP
-	if (has_wep_key(ssid))
-		privacy = 1;
-#endif /* CONFIG_WEP */
-
-#ifdef IEEE8021X_EAPOL
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
-	    ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
-				 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))
-		privacy = 1;
-#endif /* IEEE8021X_EAPOL */
-
-	if (wpa_key_mgmt_wpa(ssid->key_mgmt))
-		privacy = 1;
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)
-		privacy = 1;
-
-	if (bss->caps & IEEE80211_CAP_PRIVACY)
-		return privacy;
-	return !privacy;
-}
-
-
-static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid,
-					 struct wpa_bss *bss, int debug_print)
-{
-	struct wpa_ie_data ie;
-	int proto_match = 0;
-	const u8 *rsn_ie, *wpa_ie;
-	int ret;
-#ifdef CONFIG_WEP
-	int wep_ok;
-#endif /* CONFIG_WEP */
-
-	ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
-	if (ret >= 0)
-		return ret;
-
-#ifdef CONFIG_WEP
-	/* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */
-	wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
-		(((ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
-		  ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) ||
-		 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA));
-#endif /* CONFIG_WEP */
-
-	rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	while ((ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) && rsn_ie) {
-		proto_match++;
-
-		if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - parse failed");
-			break;
-		}
-		if (!ie.has_pairwise)
-			ie.pairwise_cipher = wpa_default_rsn_cipher(bss->freq);
-		if (!ie.has_group)
-			ie.group_cipher = wpa_default_rsn_cipher(bss->freq);
-
-#ifdef CONFIG_WEP
-		if (wep_ok &&
-		    (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
-		{
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   selected based on TSN in RSN IE");
-			return 1;
-		}
-#endif /* CONFIG_WEP */
-
-		if (!(ie.proto & ssid->proto) &&
-		    !(ssid->proto & WPA_PROTO_OSEN)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - proto mismatch");
-			break;
-		}
-
-		if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - PTK cipher mismatch");
-			break;
-		}
-
-		if (!(ie.group_cipher & ssid->group_cipher)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - GTK cipher mismatch");
-			break;
-		}
-
-		if (ssid->group_mgmt_cipher &&
-		    !(ie.mgmt_group_cipher & ssid->group_mgmt_cipher)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - group mgmt cipher mismatch");
-			break;
-		}
-
-		if (!(ie.key_mgmt & ssid->key_mgmt)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - key mgmt mismatch");
-			break;
-		}
-
-		if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
-		    wpas_get_ssid_pmf(wpa_s, ssid) ==
-		    MGMT_FRAME_PROTECTION_REQUIRED) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - no mgmt frame protection");
-			break;
-		}
-		if ((ie.capabilities & WPA_CAPABILITY_MFPR) &&
-		    wpas_get_ssid_pmf(wpa_s, ssid) ==
-		    NO_MGMT_FRAME_PROTECTION) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip RSN IE - no mgmt frame protection enabled but AP requires it");
-			break;
-		}
-
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   selected based on RSN IE");
-		return 1;
-	}
-
-	if (wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED &&
-	    (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) || ssid->owe_only)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - MFP Required but network not MFP Capable");
-		return 0;
-	}
-
-	wpa_ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-	while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) {
-		proto_match++;
-
-		if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip WPA IE - parse failed");
-			break;
-		}
-
-#ifdef CONFIG_WEP
-		if (wep_ok &&
-		    (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
-		{
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   selected based on TSN in WPA IE");
-			return 1;
-		}
-#endif /* CONFIG_WEP */
-
-		if (!(ie.proto & ssid->proto)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip WPA IE - proto mismatch");
-			break;
-		}
-
-		if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip WPA IE - PTK cipher mismatch");
-			break;
-		}
-
-		if (!(ie.group_cipher & ssid->group_cipher)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip WPA IE - GTK cipher mismatch");
-			break;
-		}
-
-		if (!(ie.key_mgmt & ssid->key_mgmt)) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip WPA IE - key mgmt mismatch");
-			break;
-		}
-
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   selected based on WPA IE");
-		return 1;
-	}
-
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && !wpa_ie &&
-	    !rsn_ie) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   allow for non-WPA IEEE 802.1X");
-		return 1;
-	}
-
-#ifdef CONFIG_OWE
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only &&
-	    !wpa_ie && !rsn_ie) {
-		if (wpa_s->owe_transition_select &&
-		    wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE) &&
-		    ssid->owe_transition_bss_select_count + 1 <=
-		    MAX_OWE_TRANSITION_BSS_SELECT_COUNT) {
-			ssid->owe_transition_bss_select_count++;
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip OWE transition BSS (selection count %d does not exceed %d)",
-					ssid->owe_transition_bss_select_count,
-					MAX_OWE_TRANSITION_BSS_SELECT_COUNT);
-			wpa_s->owe_transition_search = 1;
-			return 0;
-		}
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   allow in OWE transition mode");
-		return 1;
-	}
-#endif /* CONFIG_OWE */
-
-	if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) &&
-	    wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - no WPA/RSN proto match");
-		return 0;
-	}
-
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) &&
-	    wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   allow in OSEN");
-		return 1;
-	}
-
-	if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   allow in non-WPA/WPA2");
-		return 1;
-	}
-
-	if (debug_print)
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"   reject due to mismatch with WPA/WPA2");
-
-	return 0;
-}
-
-
-static int freq_allowed(int *freqs, int freq)
-{
-	int i;
-
-	if (freqs == NULL)
-		return 1;
-
-	for (i = 0; freqs[i]; i++)
-		if (freqs[i] == freq)
-			return 1;
-	return 0;
-}
-
-
-static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-		      struct wpa_bss *bss, int debug_print)
-{
-	const struct hostapd_hw_modes *mode = NULL, *modes;
-	const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES };
-	const u8 *rate_ie;
-	int i, j, k;
-
-	if (bss->freq == 0)
-		return 1; /* Cannot do matching without knowing band */
-
-	modes = wpa_s->hw.modes;
-	if (modes == NULL) {
-		/*
-		 * The driver does not provide any additional information
-		 * about the utilized hardware, so allow the connection attempt
-		 * to continue.
-		 */
-		return 1;
-	}
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		for (j = 0; j < modes[i].num_channels; j++) {
-			int freq = modes[i].channels[j].freq;
-			if (freq == bss->freq) {
-				if (mode &&
-				    mode->mode == HOSTAPD_MODE_IEEE80211G)
-					break; /* do not allow 802.11b replace
-						* 802.11g */
-				mode = &modes[i];
-				break;
-			}
-		}
-	}
-
-	if (mode == NULL)
-		return 0;
-
-	for (i = 0; i < (int) sizeof(scan_ie); i++) {
-		rate_ie = wpa_bss_get_ie(bss, scan_ie[i]);
-		if (rate_ie == NULL)
-			continue;
-
-		for (j = 2; j < rate_ie[1] + 2; j++) {
-			int flagged = !!(rate_ie[j] & 0x80);
-			int r = (rate_ie[j] & 0x7f) * 5;
-
-			/*
-			 * IEEE Std 802.11n-2009 7.3.2.2:
-			 * The new BSS Membership selector value is encoded
-			 * like a legacy basic rate, but it is not a rate and
-			 * only indicates if the BSS members are required to
-			 * support the mandatory features of Clause 20 [HT PHY]
-			 * in order to join the BSS.
-			 */
-			if (flagged && ((rate_ie[j] & 0x7f) ==
-					BSS_MEMBERSHIP_SELECTOR_HT_PHY)) {
-				if (!ht_supported(mode)) {
-					if (debug_print)
-						wpa_dbg(wpa_s, MSG_DEBUG,
-							"   hardware does not support HT PHY");
-					return 0;
-				}
-				continue;
-			}
-
-			/* There's also a VHT selector for 802.11ac */
-			if (flagged && ((rate_ie[j] & 0x7f) ==
-					BSS_MEMBERSHIP_SELECTOR_VHT_PHY)) {
-				if (!vht_supported(mode)) {
-					if (debug_print)
-						wpa_dbg(wpa_s, MSG_DEBUG,
-							"   hardware does not support VHT PHY");
-					return 0;
-				}
-				continue;
-			}
-
-#ifdef CONFIG_SAE
-			if (flagged && ((rate_ie[j] & 0x7f) ==
-					BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY)) {
-				if (wpa_s->conf->sae_pwe == 0 &&
-				    !ssid->sae_password_id &&
-				    wpa_key_mgmt_sae(ssid->key_mgmt)) {
-					if (debug_print)
-						wpa_dbg(wpa_s, MSG_DEBUG,
-							"   SAE H2E disabled");
-#ifdef CONFIG_TESTING_OPTIONS
-					if (wpa_s->ignore_sae_h2e_only) {
-						wpa_dbg(wpa_s, MSG_DEBUG,
-							"TESTING: Ignore SAE H2E requirement mismatch");
-						continue;
-					}
-#endif /* CONFIG_TESTING_OPTIONS */
-					return 0;
-				}
-				continue;
-			}
-#endif /* CONFIG_SAE */
-
-			if (!flagged)
-				continue;
-
-			/* check for legacy basic rates */
-			for (k = 0; k < mode->num_rates; k++) {
-				if (mode->rates[k] == r)
-					break;
-			}
-			if (k == mode->num_rates) {
-				/*
-				 * IEEE Std 802.11-2007 7.3.2.2 demands that in
-				 * order to join a BSS all required rates
-				 * have to be supported by the hardware.
-				 */
-				if (debug_print)
-					wpa_dbg(wpa_s, MSG_DEBUG,
-						"   hardware does not support required rate %d.%d Mbps (freq=%d mode==%d num_rates=%d)",
-						r / 10, r % 10,
-						bss->freq, mode->mode, mode->num_rates);
-				return 0;
-			}
-		}
-	}
-
-	return 1;
-}
-
-
-/*
- * Test whether BSS is in an ESS.
- * This is done differently in DMG (60 GHz) and non-DMG bands
- */
-static int bss_is_ess(struct wpa_bss *bss)
-{
-	if (bss_is_dmg(bss)) {
-		return (bss->caps & IEEE80211_CAP_DMG_MASK) ==
-			IEEE80211_CAP_DMG_AP;
-	}
-
-	return ((bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
-		IEEE80211_CAP_ESS);
-}
-
-
-static int match_mac_mask(const u8 *addr_a, const u8 *addr_b, const u8 *mask)
-{
-	size_t i;
-
-	for (i = 0; i < ETH_ALEN; i++) {
-		if ((addr_a[i] & mask[i]) != (addr_b[i] & mask[i]))
-			return 0;
-	}
-	return 1;
-}
-
-
-static int addr_in_list(const u8 *addr, const u8 *list, size_t num)
-{
-	size_t i;
-
-	for (i = 0; i < num; i++) {
-		const u8 *a = list + i * ETH_ALEN * 2;
-		const u8 *m = a + ETH_ALEN;
-
-		if (match_mac_mask(a, addr, m))
-			return 1;
-	}
-	return 0;
-}
-
-
-static void owe_trans_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			   const u8 **ret_ssid, size_t *ret_ssid_len)
-{
-#ifdef CONFIG_OWE
-	const u8 *owe, *pos, *end, *bssid;
-	u8 ssid_len;
-	struct wpa_bss *open_bss;
-
-	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
-	if (!owe || !wpa_bss_get_ie(bss, WLAN_EID_RSN))
-		return;
-
-	pos = owe + 6;
-	end = owe + 2 + owe[1];
-
-	if (end - pos < ETH_ALEN + 1)
-		return;
-	bssid = pos;
-	pos += ETH_ALEN;
-	ssid_len = *pos++;
-	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
-		return;
-
-	/* Match the profile SSID against the OWE transition mode SSID on the
-	 * open network. */
-	wpa_dbg(wpa_s, MSG_DEBUG, "OWE: transition mode BSSID: " MACSTR
-		" SSID: %s", MAC2STR(bssid), wpa_ssid_txt(pos, ssid_len));
-	*ret_ssid = pos;
-	*ret_ssid_len = ssid_len;
-
-	if (!(bss->flags & WPA_BSS_OWE_TRANSITION)) {
-		struct wpa_ssid *ssid;
-
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-			if (wpas_network_disabled(wpa_s, ssid))
-				continue;
-			if (ssid->ssid_len == ssid_len &&
-			    os_memcmp(ssid->ssid, pos, ssid_len) == 0) {
-				/* OWE BSS in transition mode for a currently
-				 * enabled OWE network. */
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"OWE: transition mode OWE SSID for active OWE profile");
-				bss->flags |= WPA_BSS_OWE_TRANSITION;
-				break;
-			}
-		}
-	}
-
-	if (bss->ssid_len > 0)
-		return;
-
-	open_bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-	if (!open_bss)
-		return;
-	if (ssid_len != open_bss->ssid_len ||
-	    os_memcmp(pos, open_bss->ssid, ssid_len) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"OWE: transition mode SSID mismatch: %s",
-			wpa_ssid_txt(open_bss->ssid, open_bss->ssid_len));
-		return;
-	}
-
-	owe = wpa_bss_get_vendor_ie(open_bss, OWE_IE_VENDOR_TYPE);
-	if (!owe || wpa_bss_get_ie(open_bss, WLAN_EID_RSN)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"OWE: transition mode open BSS unexpected info");
-		return;
-	}
-
-	pos = owe + 6;
-	end = owe + 2 + owe[1];
-
-	if (end - pos < ETH_ALEN + 1)
-		return;
-	if (os_memcmp(pos, bss->bssid, ETH_ALEN) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"OWE: transition mode BSSID mismatch: " MACSTR,
-			MAC2STR(pos));
-		return;
-	}
-	pos += ETH_ALEN;
-	ssid_len = *pos++;
-	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
-		return;
-	wpa_dbg(wpa_s, MSG_DEBUG, "OWE: learned transition mode OWE SSID: %s",
-		wpa_ssid_txt(pos, ssid_len));
-	os_memcpy(bss->ssid, pos, ssid_len);
-	bss->ssid_len = ssid_len;
-	bss->flags |= WPA_BSS_OWE_TRANSITION;
-#endif /* CONFIG_OWE */
-}
-
-
-static int disabled_freq(struct wpa_supplicant *wpa_s, int freq)
-{
-	int i, j;
-
-	if (!wpa_s->hw.modes || !wpa_s->hw.num_modes)
-		return 0;
-
-	for (j = 0; j < wpa_s->hw.num_modes; j++) {
-		struct hostapd_hw_modes *mode = &wpa_s->hw.modes[j];
-
-		for (i = 0; i < mode->num_channels; i++) {
-			struct hostapd_channel_data *chan = &mode->channels[i];
-
-			if (chan->freq == freq)
-				return !!(chan->flag & HOSTAPD_CHAN_DISABLED);
-		}
-	}
-
-	return 1;
-}
-
-
-static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			    const u8 *match_ssid, size_t match_ssid_len,
-			    struct wpa_bss *bss, int bssid_ignore_count,
-			    bool debug_print);
-
-
-#ifdef CONFIG_SAE_PK
-static bool sae_pk_acceptable_bss_with_pk(struct wpa_supplicant *wpa_s,
-					  struct wpa_bss *orig_bss,
-					  struct wpa_ssid *ssid,
-					  const u8 *match_ssid,
-					  size_t match_ssid_len)
-{
-	struct wpa_bss *bss;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		int count;
-		const u8 *ie;
-
-		if (bss == orig_bss)
-			continue;
-		ie = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-		if (!(ieee802_11_rsnx_capab(ie, WLAN_RSNX_CAPAB_SAE_PK)))
-			continue;
-
-		/* TODO: Could be more thorough in checking what kind of
-		 * signal strength or throughput estimate would be acceptable
-		 * compared to the originally selected BSS. */
-		if (bss->est_throughput < 2000)
-			return false;
-
-		count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
-		if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
-				    bss, count, 0))
-			return true;
-	}
-
-	return false;
-}
-#endif /* CONFIG_SAE_PK */
-
-
-static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			    const u8 *match_ssid, size_t match_ssid_len,
-			    struct wpa_bss *bss, int bssid_ignore_count,
-			    bool debug_print)
-{
-	int res;
-	bool wpa, check_ssid, osen, rsn_osen = false;
-	struct wpa_ie_data data;
-#ifdef CONFIG_MBO
-	const u8 *assoc_disallow;
-#endif /* CONFIG_MBO */
-#ifdef CONFIG_SAE
-	u8 rsnxe_capa = 0;
-#endif /* CONFIG_SAE */
-	const u8 *ie;
-
-	ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-	wpa = ie && ie[1];
-	ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	wpa |= ie && ie[1];
-	if (ie && wpa_parse_wpa_ie_rsn(ie, 2 + ie[1], &data) == 0 &&
-	    (data.key_mgmt & WPA_KEY_MGMT_OSEN))
-		rsn_osen = true;
-	ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-	osen = ie != NULL;
-
-#ifdef CONFIG_SAE
-	ie = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-	if (ie && ie[1] >= 1)
-		rsnxe_capa = ie[2];
-#endif /* CONFIG_SAE */
-
-	check_ssid = wpa || ssid->ssid_len > 0;
-
-	if (wpas_network_disabled(wpa_s, ssid)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - disabled");
-		return false;
-	}
-
-	res = wpas_temp_disabled(wpa_s, ssid);
-	if (res > 0) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - disabled temporarily for %d second(s)",
-				res);
-		return false;
-	}
-
-#ifdef CONFIG_WPS
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && bssid_ignore_count) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - BSSID ignored (WPS)");
-		return false;
-	}
-
-	if (wpa && ssid->ssid_len == 0 &&
-	    wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss))
-		check_ssid = false;
-
-	if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
-		/* Only allow wildcard SSID match if an AP advertises active
-		 * WPS operation that matches our mode. */
-		check_ssid = ssid->ssid_len > 0 ||
-			!wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss);
-	}
-#endif /* CONFIG_WPS */
-
-	if (ssid->bssid_set && ssid->ssid_len == 0 &&
-	    os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) == 0)
-		check_ssid = false;
-
-	if (check_ssid &&
-	    (match_ssid_len != ssid->ssid_len ||
-	     os_memcmp(match_ssid, ssid->ssid, match_ssid_len) != 0)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - SSID mismatch");
-		return false;
-	}
-
-	if (ssid->bssid_set &&
-	    os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - BSSID mismatch");
-		return false;
-	}
-
-	/* check the list of BSSIDs to ignore */
-	if (ssid->num_bssid_ignore &&
-	    addr_in_list(bss->bssid, ssid->bssid_ignore,
-			 ssid->num_bssid_ignore)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - BSSID configured to be ignored");
-		return false;
-	}
-
-	/* if there is a list of accepted BSSIDs, only accept those APs */
-	if (ssid->num_bssid_accept &&
-	    !addr_in_list(bss->bssid, ssid->bssid_accept,
-			  ssid->num_bssid_accept)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - BSSID not in list of accepted values");
-		return false;
-	}
-
-	if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss, debug_print))
-		return false;
-
-	if (!osen && !wpa &&
-	    !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
-	    !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
-	    !(ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
-	    !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - non-WPA network not allowed");
-		return false;
-	}
-
-#ifdef CONFIG_WEP
-	if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) && has_wep_key(ssid)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - ignore WPA/WPA2 AP for WEP network block");
-		return false;
-	}
-#endif /* CONFIG_WEP */
-
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen && !rsn_osen) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - non-OSEN network not allowed");
-		return false;
-	}
-
-	if (!wpa_supplicant_match_privacy(bss, ssid)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - privacy mismatch");
-		return false;
-	}
-
-	if (ssid->mode != WPAS_MODE_MESH && !bss_is_ess(bss) &&
-	    !bss_is_pbss(bss)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - not ESS, PBSS, or MBSS");
-		return false;
-	}
-
-	if (ssid->pbss != 2 && ssid->pbss != bss_is_pbss(bss)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - PBSS mismatch (ssid %d bss %d)",
-				ssid->pbss, bss_is_pbss(bss));
-		return false;
-	}
-
-	if (!freq_allowed(ssid->freq_list, bss->freq)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - frequency not allowed");
-		return false;
-	}
-
-#ifdef CONFIG_MESH
-	if (ssid->mode == WPAS_MODE_MESH && ssid->frequency > 0 &&
-	    ssid->frequency != bss->freq) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - frequency not allowed (mesh)");
-		return false;
-	}
-#endif /* CONFIG_MESH */
-
-	if (!rate_match(wpa_s, ssid, bss, debug_print)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - rate sets do not match");
-		return false;
-	}
-
-#ifdef CONFIG_SAE
-	if ((wpa_s->conf->sae_pwe == 1 || ssid->sae_password_id) &&
-	    wpa_s->conf->sae_pwe != 3 && wpa_key_mgmt_sae(ssid->key_mgmt) &&
-	    !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - SAE H2E required, but not supported by the AP");
-		return false;
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_SAE_PK
-	if (ssid->sae_pk == SAE_PK_MODE_ONLY &&
-	    !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - SAE-PK required, but not supported by the AP");
-		return false;
-	}
-#endif /* CONFIG_SAE_PK */
-
-#ifndef CONFIG_IBSS_RSN
-	if (ssid->mode == WPAS_MODE_IBSS &&
-	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - IBSS RSN not supported in the build");
-		return false;
-	}
-#endif /* !CONFIG_IBSS_RSN */
-
-#ifdef CONFIG_P2P
-	if (ssid->p2p_group &&
-	    !wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
-	    !wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - no P2P IE seen");
-		return false;
-	}
-
-	if (!is_zero_ether_addr(ssid->go_p2p_dev_addr)) {
-		struct wpabuf *p2p_ie;
-		u8 dev_addr[ETH_ALEN];
-
-		ie = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE);
-		if (!ie) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip - no P2P element");
-			return false;
-		}
-		p2p_ie = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
-		if (!p2p_ie) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip - could not fetch P2P element");
-			return false;
-		}
-
-		if (p2p_parse_dev_addr_in_p2p_ie(p2p_ie, dev_addr) < 0 ||
-		    os_memcmp(dev_addr, ssid->go_p2p_dev_addr, ETH_ALEN) != 0) {
-			if (debug_print)
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip - no matching GO P2P Device Address in P2P element");
-			wpabuf_free(p2p_ie);
-			return false;
-		}
-		wpabuf_free(p2p_ie);
-	}
-
-	/*
-	 * TODO: skip the AP if its P2P IE has Group Formation bit set in the
-	 * P2P Group Capability Bitmap and we are not in Group Formation with
-	 * that device.
-	 */
-#endif /* CONFIG_P2P */
-
-	if (os_reltime_before(&bss->last_update, &wpa_s->scan_min_time)) {
-		struct os_reltime diff;
-
-		os_reltime_sub(&wpa_s->scan_min_time, &bss->last_update, &diff);
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - scan result not recent enough (%u.%06u seconds too old)",
-				(unsigned int) diff.sec,
-				(unsigned int) diff.usec);
-		return false;
-	}
-#ifdef CONFIG_MBO
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->ignore_assoc_disallow)
-		goto skip_assoc_disallow;
-#endif /* CONFIG_TESTING_OPTIONS */
-	assoc_disallow = wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_ASSOC_DISALLOW);
-	if (assoc_disallow && assoc_disallow[1] >= 1) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - MBO association disallowed (reason %u)",
-				assoc_disallow[2]);
-		return false;
-	}
-
-	if (wpa_is_bss_tmp_disallowed(wpa_s, bss)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - AP temporarily disallowed");
-		return false;
-	}
-#ifdef CONFIG_TESTING_OPTIONS
-skip_assoc_disallow:
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_MBO */
-
-#ifdef CONFIG_DPP
-	if ((ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
-	    !wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid) &&
-	    (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
-	     !ssid->dpp_csign)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - no PMKSA entry for DPP");
-		return false;
-	}
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_SAE_PK
-	if (ssid->sae_pk == SAE_PK_MODE_AUTOMATIC &&
-	    wpa_key_mgmt_sae(ssid->key_mgmt) &&
-	    ((ssid->sae_password &&
-	      sae_pk_valid_password(ssid->sae_password)) ||
-	     (!ssid->sae_password && ssid->passphrase &&
-	      sae_pk_valid_password(ssid->passphrase))) &&
-	    !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
-	    sae_pk_acceptable_bss_with_pk(wpa_s, bss, ssid, match_ssid,
-					  match_ssid_len)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - another acceptable BSS with SAE-PK in the same ESS");
-		return false;
-	}
-#endif /* CONFIG_SAE_PK */
-
-	if (bss->ssid_len == 0) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - no SSID known for the BSS");
-		return false;
-	}
-
-	/* Matching configuration found */
-	return true;
-}
-
-
-struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
-				     int i, struct wpa_bss *bss,
-				     struct wpa_ssid *group,
-				     int only_first_ssid, int debug_print)
-{
-	u8 wpa_ie_len, rsn_ie_len;
-	const u8 *ie;
-	struct wpa_ssid *ssid;
-	int osen;
-	const u8 *match_ssid;
-	size_t match_ssid_len;
-	int bssid_ignore_count;
-
-	ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-	wpa_ie_len = ie ? ie[1] : 0;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	rsn_ie_len = ie ? ie[1] : 0;
-
-	ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-	osen = ie != NULL;
-
-	if (debug_print) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR
-			" ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s%s",
-			i, MAC2STR(bss->bssid),
-			wpa_ssid_txt(bss->ssid, bss->ssid_len),
-			wpa_ie_len, rsn_ie_len, bss->caps, bss->level,
-			bss->freq,
-			wpa_bss_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ?
-			" wps" : "",
-			(wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) ||
-			 wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE))
-			? " p2p" : "",
-			osen ? " osen=1" : "");
-	}
-
-	bssid_ignore_count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
-	if (bssid_ignore_count) {
-		int limit = 1;
-		if (wpa_supplicant_enabled_networks(wpa_s) == 1) {
-			/*
-			 * When only a single network is enabled, we can
-			 * trigger BSSID ignoring on the first failure. This
-			 * should not be done with multiple enabled networks to
-			 * avoid getting forced to move into a worse ESS on
-			 * single error if there are no other BSSes of the
-			 * current ESS.
-			 */
-			limit = 0;
-		}
-		if (bssid_ignore_count > limit) {
-			if (debug_print) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"   skip - BSSID ignored (count=%d limit=%d)",
-					bssid_ignore_count, limit);
-			}
-			return NULL;
-		}
-	}
-
-	match_ssid = bss->ssid;
-	match_ssid_len = bss->ssid_len;
-	owe_trans_ssid(wpa_s, bss, &match_ssid, &match_ssid_len);
-
-	if (match_ssid_len == 0) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - SSID not known");
-		return NULL;
-	}
-
-	if (disallowed_bssid(wpa_s, bss->bssid)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - BSSID disallowed");
-		return NULL;
-	}
-
-	if (disallowed_ssid(wpa_s, match_ssid, match_ssid_len)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - SSID disallowed");
-		return NULL;
-	}
-
-	if (disabled_freq(wpa_s, bss->freq)) {
-		if (debug_print)
-			wpa_dbg(wpa_s, MSG_DEBUG, "   skip - channel disabled");
-		return NULL;
-	}
-
-	for (ssid = group; ssid; ssid = only_first_ssid ? NULL : ssid->pnext) {
-		if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
-				    bss, bssid_ignore_count, debug_print))
-			return ssid;
-	}
-
-	/* No matching configuration found */
-	return NULL;
-}
-
-
-static struct wpa_bss *
-wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s,
-			  struct wpa_ssid *group,
-			  struct wpa_ssid **selected_ssid,
-			  int only_first_ssid)
-{
-	unsigned int i;
-
-	if (wpa_s->current_ssid) {
-		struct wpa_ssid *ssid;
-
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Scan results matching the currently selected network");
-		for (i = 0; i < wpa_s->last_scan_res_used; i++) {
-			struct wpa_bss *bss = wpa_s->last_scan_res[i];
-
-			ssid = wpa_scan_res_match(wpa_s, i, bss, group,
-						  only_first_ssid, 0);
-			if (ssid != wpa_s->current_ssid)
-				continue;
-			wpa_dbg(wpa_s, MSG_DEBUG, "%u: " MACSTR
-				" freq=%d level=%d snr=%d est_throughput=%u",
-				i, MAC2STR(bss->bssid), bss->freq, bss->level,
-				bss->snr, bss->est_throughput);
-		}
-	}
-
-	if (only_first_ssid)
-		wpa_dbg(wpa_s, MSG_DEBUG, "Try to find BSS matching pre-selected network id=%d",
-			group->id);
-	else
-		wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d",
-			group->priority);
-
-	for (i = 0; i < wpa_s->last_scan_res_used; i++) {
-		struct wpa_bss *bss = wpa_s->last_scan_res[i];
-
-		wpa_s->owe_transition_select = 1;
-		*selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group,
-						    only_first_ssid, 1);
-		wpa_s->owe_transition_select = 0;
-		if (!*selected_ssid)
-			continue;
-		wpa_dbg(wpa_s, MSG_DEBUG, "   selected %sBSS " MACSTR
-			" ssid='%s'",
-			bss == wpa_s->current_bss ? "current ": "",
-			MAC2STR(bss->bssid),
-			wpa_ssid_txt(bss->ssid, bss->ssid_len));
-		return bss;
-	}
-
-	return NULL;
-}
-
-
-struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s,
-					     struct wpa_ssid **selected_ssid)
-{
-	struct wpa_bss *selected = NULL;
-	size_t prio;
-	struct wpa_ssid *next_ssid = NULL;
-	struct wpa_ssid *ssid;
-
-	if (wpa_s->last_scan_res == NULL ||
-	    wpa_s->last_scan_res_used == 0)
-		return NULL; /* no scan results from last update */
-
-	if (wpa_s->next_ssid) {
-		/* check that next_ssid is still valid */
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-			if (ssid == wpa_s->next_ssid)
-				break;
-		}
-		next_ssid = ssid;
-		wpa_s->next_ssid = NULL;
-	}
-
-	while (selected == NULL) {
-		for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
-			if (next_ssid && next_ssid->priority ==
-			    wpa_s->conf->pssid[prio]->priority) {
-				selected = wpa_supplicant_select_bss(
-					wpa_s, next_ssid, selected_ssid, 1);
-				if (selected)
-					break;
-			}
-			selected = wpa_supplicant_select_bss(
-				wpa_s, wpa_s->conf->pssid[prio],
-				selected_ssid, 0);
-			if (selected)
-				break;
-		}
-
-		if (selected == NULL && wpa_s->bssid_ignore &&
-		    !wpa_s->countermeasures) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"No APs found - clear BSSID ignore list and try again");
-			wpa_bssid_ignore_clear(wpa_s);
-			wpa_s->bssid_ignore_cleared = true;
-		} else if (selected == NULL)
-			break;
-	}
-
-	ssid = *selected_ssid;
-	if (selected && ssid && ssid->mem_only_psk && !ssid->psk_set &&
-	    !ssid->passphrase && !ssid->ext_psk) {
-		const char *field_name, *txt = NULL;
-
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"PSK/passphrase not yet available for the selected network");
-
-		wpas_notify_network_request(wpa_s, ssid,
-					    WPA_CTRL_REQ_PSK_PASSPHRASE, NULL);
-
-		field_name = wpa_supplicant_ctrl_req_to_string(
-			WPA_CTRL_REQ_PSK_PASSPHRASE, NULL, &txt);
-		if (field_name == NULL)
-			return NULL;
-
-		wpas_send_ctrl_req(wpa_s, ssid, field_name, txt);
-
-		selected = NULL;
-	}
-
-	return selected;
-}
-
-
-static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,
-					int timeout_sec, int timeout_usec)
-{
-	if (!wpa_supplicant_enabled_networks(wpa_s)) {
-		/*
-		 * No networks are enabled; short-circuit request so
-		 * we don't wait timeout seconds before transitioning
-		 * to INACTIVE state.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "Short-circuit new scan request "
-			"since there are no enabled networks");
-		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
-		return;
-	}
-
-	wpa_s->scan_for_connection = 1;
-	wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec);
-}
-
-
-int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
-			   struct wpa_bss *selected,
-			   struct wpa_ssid *ssid)
-{
-	if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
-			"PBC session overlap");
-		wpas_notify_wps_event_pbc_overlap(wpa_s);
-#ifdef CONFIG_P2P
-		if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT ||
-		    wpa_s->p2p_in_provisioning) {
-			eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb,
-					       wpa_s, NULL);
-			return -1;
-		}
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_WPS
-		wpas_wps_pbc_overlap(wpa_s);
-		wpas_wps_cancel(wpa_s);
-#endif /* CONFIG_WPS */
-		return -1;
-	}
-
-	wpa_msg(wpa_s, MSG_DEBUG,
-		"Considering connect request: reassociate: %d  selected: "
-		MACSTR "  bssid: " MACSTR "  pending: " MACSTR
-		"  wpa_state: %s  ssid=%p  current_ssid=%p",
-		wpa_s->reassociate, MAC2STR(selected->bssid),
-		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
-		wpa_supplicant_state_txt(wpa_s->wpa_state),
-		ssid, wpa_s->current_ssid);
-
-	/*
-	 * Do not trigger new association unless the BSSID has changed or if
-	 * reassociation is requested. If we are in process of associating with
-	 * the selected BSSID, do not trigger new attempt.
-	 */
-	if (wpa_s->reassociate ||
-	    (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
-	     ((wpa_s->wpa_state != WPA_ASSOCIATING &&
-	       wpa_s->wpa_state != WPA_AUTHENTICATING) ||
-	      (!is_zero_ether_addr(wpa_s->pending_bssid) &&
-	       os_memcmp(selected->bssid, wpa_s->pending_bssid, ETH_ALEN) !=
-	       0) ||
-	      (is_zero_ether_addr(wpa_s->pending_bssid) &&
-	       ssid != wpa_s->current_ssid)))) {
-		if (wpa_supplicant_scard_init(wpa_s, ssid)) {
-			wpa_supplicant_req_new_scan(wpa_s, 10, 0);
-			return 0;
-		}
-		wpa_msg(wpa_s, MSG_DEBUG, "Request association with " MACSTR,
-			MAC2STR(selected->bssid));
-		wpa_supplicant_associate(wpa_s, selected, ssid);
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Already associated or trying to "
-			"connect with the selected AP");
-	}
-
-	return 0;
-}
-
-
-static struct wpa_ssid *
-wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s)
-{
-	size_t prio;
-	struct wpa_ssid *ssid;
-
-	for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
-		for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext)
-		{
-			if (wpas_network_disabled(wpa_s, ssid))
-				continue;
-#ifndef CONFIG_IBSS_RSN
-			if (ssid->mode == WPAS_MODE_IBSS &&
-			    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE |
-						WPA_KEY_MGMT_WPA_NONE))) {
-				wpa_msg(wpa_s, MSG_INFO,
-					"IBSS RSN not supported in the build - cannot use the profile for SSID '%s'",
-					wpa_ssid_txt(ssid->ssid,
-						     ssid->ssid_len));
-				continue;
-			}
-#endif /* !CONFIG_IBSS_RSN */
-			if (ssid->mode == WPAS_MODE_IBSS ||
-			    ssid->mode == WPAS_MODE_AP ||
-			    ssid->mode == WPAS_MODE_MESH)
-				return ssid;
-		}
-	}
-	return NULL;
-}
-
-
-/* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based
- * on BSS added and BSS changed events */
-static void wpa_supplicant_rsn_preauth_scan_results(
-	struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-
-	if (rsn_preauth_scan_results(wpa_s->wpa) < 0)
-		return;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		const u8 *ssid, *rsn;
-
-		ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID);
-		if (ssid == NULL)
-			continue;
-
-		rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		if (rsn == NULL)
-			continue;
-
-		rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn);
-	}
-
-}
-
-
-#ifndef CONFIG_NO_ROAMING
-
-static int wpas_get_snr_signal_info(u32 frequency, int avg_signal, int noise)
-{
-	if (noise == WPA_INVALID_NOISE)
-		noise = IS_5GHZ(frequency) ? DEFAULT_NOISE_FLOOR_5GHZ :
-			DEFAULT_NOISE_FLOOR_2GHZ;
-	return avg_signal - noise;
-}
-
-
-static unsigned int
-wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant *wpa_s,
-				     const struct wpa_bss *bss, int snr)
-{
-	int rate = wpa_bss_get_max_rate(bss);
-	const u8 *ies = wpa_bss_ie_ptr(bss);
-	size_t ie_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
-
-	return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, bss->freq);
-}
-
-
-int wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant *wpa_s,
-					   struct wpa_bss *current_bss,
-					   struct wpa_bss *selected)
-{
-	int min_diff, diff;
-	int to_5ghz;
-	int cur_level;
-	unsigned int cur_est, sel_est;
-	struct wpa_signal_info si;
-	int cur_snr = 0;
-	int ret = 0;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation");
-	wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR
-		" freq=%d level=%d snr=%d est_throughput=%u",
-		MAC2STR(current_bss->bssid),
-		current_bss->freq, current_bss->level,
-		current_bss->snr, current_bss->est_throughput);
-	wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR
-		" freq=%d level=%d snr=%d est_throughput=%u",
-		MAC2STR(selected->bssid), selected->freq, selected->level,
-		selected->snr, selected->est_throughput);
-
-	if (wpa_s->current_ssid->bssid_set &&
-	    os_memcmp(selected->bssid, wpa_s->current_ssid->bssid, ETH_ALEN) ==
-	    0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS "
-			"has preferred BSSID");
-		return 1;
-	}
-
-	cur_level = current_bss->level;
-	cur_est = current_bss->est_throughput;
-	sel_est = selected->est_throughput;
-
-	/*
-	 * Try to poll the signal from the driver since this will allow to get
-	 * more accurate values. In some cases, there can be big differences
-	 * between the RSSI of the Probe Response frames of the AP we are
-	 * associated with and the Beacon frames we hear from the same AP after
-	 * association. This can happen, e.g., when there are two antennas that
-	 * hear the AP very differently. If the driver chooses to hear the
-	 * Probe Response frames during the scan on the "bad" antenna because
-	 * it wants to save power, but knows to choose the other antenna after
-	 * association, we will hear our AP with a low RSSI as part of the
-	 * scan even when we can hear it decently on the other antenna. To cope
-	 * with this, ask the driver to teach us how it hears the AP. Also, the
-	 * scan results may be a bit old, since we can very quickly get fresh
-	 * information about our currently associated AP.
-	 */
-	if (wpa_drv_signal_poll(wpa_s, &si) == 0 &&
-	    (si.avg_beacon_signal || si.avg_signal)) {
-		cur_level = si.avg_beacon_signal ? si.avg_beacon_signal :
-			si.avg_signal;
-		cur_snr = wpas_get_snr_signal_info(si.frequency, cur_level,
-						   si.current_noise);
-
-		cur_est = wpas_get_est_throughput_from_bss_snr(wpa_s,
-							       current_bss,
-							       cur_snr);
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Using signal poll values for the current BSS: level=%d snr=%d est_throughput=%u",
-			cur_level, cur_snr, cur_est);
-	}
-
-	if (sel_est > cur_est + 5000) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Allow reassociation - selected BSS has better estimated throughput");
-		return 1;
-	}
-
-	to_5ghz = selected->freq > 4000 && current_bss->freq < 4000;
-
-	if (cur_level < 0 && cur_level > selected->level + to_5ghz * 2 &&
-	    sel_est < cur_est * 1.2) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - Current BSS has better "
-			"signal level");
-		return 0;
-	}
-
-	if (cur_est > sel_est + 5000) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Skip roam - Current BSS has better estimated throughput");
-		return 0;
-	}
-
-	if (cur_snr > GREAT_SNR) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Skip roam - Current BSS has good SNR (%u > %u)",
-			cur_snr, GREAT_SNR);
-		return 0;
-	}
-
-	if (cur_level < -85) /* ..-86 dBm */
-		min_diff = 1;
-	else if (cur_level < -80) /* -85..-81 dBm */
-		min_diff = 2;
-	else if (cur_level < -75) /* -80..-76 dBm */
-		min_diff = 3;
-	else if (cur_level < -70) /* -75..-71 dBm */
-		min_diff = 4;
-	else if (cur_level < 0) /* -70..-1 dBm */
-		min_diff = 5;
-	else /* unspecified units (not in dBm) */
-		min_diff = 2;
-
-	if (cur_est > sel_est * 1.5)
-		min_diff += 10;
-	else if (cur_est > sel_est * 1.2)
-		min_diff += 5;
-	else if (cur_est > sel_est * 1.1)
-		min_diff += 2;
-	else if (cur_est > sel_est)
-		min_diff++;
-	else if (sel_est > cur_est * 1.5)
-		min_diff -= 10;
-	else if (sel_est > cur_est * 1.2)
-		min_diff -= 5;
-	else if (sel_est > cur_est * 1.1)
-		min_diff -= 2;
-	else if (sel_est > cur_est)
-		min_diff--;
-
-	if (to_5ghz)
-		min_diff -= 2;
-	diff = selected->level - cur_level;
-	if (diff < min_diff) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Skip roam - too small difference in signal level (%d < %d)",
-			diff, min_diff);
-		ret = 0;
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Allow reassociation due to difference in signal level (%d >= %d)",
-			diff, min_diff);
-		ret = 1;
-	}
-	wpa_msg_ctrl(wpa_s, MSG_INFO, "%scur_bssid=" MACSTR
-		     " cur_freq=%d cur_level=%d cur_est=%d sel_bssid=" MACSTR
-		     " sel_freq=%d sel_level=%d sel_est=%d",
-		     ret ? WPA_EVENT_DO_ROAM : WPA_EVENT_SKIP_ROAM,
-		     MAC2STR(current_bss->bssid),
-		     current_bss->freq, cur_level, cur_est,
-		     MAC2STR(selected->bssid),
-		     selected->freq, selected->level, sel_est);
-	return ret;
-}
-
-#endif /* CONFIG_NO_ROAMING */
-
-
-static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s,
-				       struct wpa_bss *selected,
-				       struct wpa_ssid *ssid)
-{
-	struct wpa_bss *current_bss = NULL;
-
-	if (wpa_s->reassociate)
-		return 1; /* explicit request to reassociate */
-	if (wpa_s->wpa_state < WPA_ASSOCIATED)
-		return 1; /* we are not associated; continue */
-	if (wpa_s->current_ssid == NULL)
-		return 1; /* unknown current SSID */
-	if (wpa_s->current_ssid != ssid)
-		return 1; /* different network block */
-
-	if (wpas_driver_bss_selection(wpa_s))
-		return 0; /* Driver-based roaming */
-
-	if (wpa_s->current_ssid->ssid)
-		current_bss = wpa_bss_get(wpa_s, wpa_s->bssid,
-					  wpa_s->current_ssid->ssid,
-					  wpa_s->current_ssid->ssid_len);
-	if (!current_bss)
-		current_bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid);
-
-	if (!current_bss)
-		return 1; /* current BSS not seen in scan results */
-
-	if (current_bss == selected)
-		return 0;
-
-	if (selected->last_update_idx > current_bss->last_update_idx)
-		return 1; /* current BSS not seen in the last scan */
-
-#ifndef CONFIG_NO_ROAMING
-	return wpa_supplicant_need_to_roam_within_ess(wpa_s, current_bss,
-						      selected);
-#else /* CONFIG_NO_ROAMING */
-	return 0;
-#endif /* CONFIG_NO_ROAMING */
-}
-
-
-/*
- * Return a negative value if no scan results could be fetched or if scan
- * results should not be shared with other virtual interfaces.
- * Return 0 if scan results were fetched and may be shared with other
- * interfaces.
- * Return 1 if scan results may be shared with other virtual interfaces but may
- * not trigger any operations.
- * Return 2 if the interface was removed and cannot be used.
- */
-static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
-					      union wpa_event_data *data,
-					      int own_request, int update_only)
-{
-	struct wpa_scan_results *scan_res = NULL;
-	int ret = 0;
-	int ap = 0;
-#ifndef CONFIG_NO_RANDOM_POOL
-	size_t i, num;
-#endif /* CONFIG_NO_RANDOM_POOL */
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface)
-		ap = 1;
-#endif /* CONFIG_AP */
-
-	wpa_supplicant_notify_scanning(wpa_s, 0);
-
-	scan_res = wpa_supplicant_get_scan_results(wpa_s,
-						   data ? &data->scan_info :
-						   NULL, 1);
-	if (scan_res == NULL) {
-		if (wpa_s->conf->ap_scan == 2 || ap ||
-		    wpa_s->scan_res_handler == scan_only_handler)
-			return -1;
-		if (!own_request)
-			return -1;
-		if (data && data->scan_info.external_scan)
-			return -1;
-		if (wpa_s->scan_res_fail_handler) {
-			void (*handler)(struct wpa_supplicant *wpa_s);
-
-			handler = wpa_s->scan_res_fail_handler;
-			wpa_s->scan_res_fail_handler = NULL;
-			handler(wpa_s);
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Failed to get scan results - try scanning again");
-			wpa_supplicant_req_new_scan(wpa_s, 1, 0);
-		}
-
-		ret = -1;
-		goto scan_work_done;
-	}
-
-#ifndef CONFIG_NO_RANDOM_POOL
-	num = scan_res->num;
-	if (num > 10)
-		num = 10;
-	for (i = 0; i < num; i++) {
-		u8 buf[5];
-		struct wpa_scan_res *res = scan_res->res[i];
-		buf[0] = res->bssid[5];
-		buf[1] = res->qual & 0xff;
-		buf[2] = res->noise & 0xff;
-		buf[3] = res->level & 0xff;
-		buf[4] = res->tsf & 0xff;
-		random_add_randomness(buf, sizeof(buf));
-	}
-#endif /* CONFIG_NO_RANDOM_POOL */
-
-	if (update_only) {
-		ret = 1;
-		goto scan_work_done;
-	}
-
-	if (own_request && wpa_s->scan_res_handler &&
-	    !(data && data->scan_info.external_scan)) {
-		void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
-					 struct wpa_scan_results *scan_res);
-
-		scan_res_handler = wpa_s->scan_res_handler;
-		wpa_s->scan_res_handler = NULL;
-		scan_res_handler(wpa_s, scan_res);
-		ret = 1;
-		goto scan_work_done;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available (own=%u ext=%u)",
-		wpa_s->own_scan_running,
-		data ? data->scan_info.external_scan : 0);
-	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
-	    wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
-	    own_request && !(data && data->scan_info.external_scan)) {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
-			     wpa_s->manual_scan_id);
-		wpa_s->manual_scan_use_id = 0;
-	} else {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
-	}
-	wpas_notify_scan_results(wpa_s);
-
-	wpas_notify_scan_done(wpa_s, 1);
-
-	if (ap) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode");
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface->scan_cb)
-			wpa_s->ap_iface->scan_cb(wpa_s->ap_iface);
-#endif /* CONFIG_AP */
-		goto scan_work_done;
-	}
-
-	if (data && data->scan_info.external_scan) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Do not use results from externally requested scan operation for network selection");
-		wpa_scan_results_free(scan_res);
-		return 0;
-	}
-
-	if (wnm_scan_process(wpa_s, 1) > 0)
-		goto scan_work_done;
-
-	if (sme_proc_obss_scan(wpa_s) > 0)
-		goto scan_work_done;
-
-	if (own_request && data &&
-	    wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0)
-		goto scan_work_done;
-
-	if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)))
-		goto scan_work_done;
-
-	if (autoscan_notify_scan(wpa_s, scan_res))
-		goto scan_work_done;
-
-	if (wpa_s->disconnected) {
-		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-		goto scan_work_done;
-	}
-
-	if (!wpas_driver_bss_selection(wpa_s) &&
-	    bgscan_notify_scan(wpa_s, scan_res) == 1)
-		goto scan_work_done;
-
-	wpas_wps_update_ap_info(wpa_s, scan_res);
-
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING &&
-	    wpa_s->wpa_state < WPA_COMPLETED)
-		goto scan_work_done;
-
-	wpa_scan_results_free(scan_res);
-
-	if (own_request && wpa_s->scan_work) {
-		struct wpa_radio_work *work = wpa_s->scan_work;
-		wpa_s->scan_work = NULL;
-		radio_work_done(work);
-	}
-
-	os_free(wpa_s->last_scan_freqs);
-	wpa_s->last_scan_freqs = NULL;
-	wpa_s->num_last_scan_freqs = 0;
-	if (own_request && data &&
-	    data->scan_info.freqs && data->scan_info.num_freqs) {
-		wpa_s->last_scan_freqs = os_malloc(sizeof(int) *
-						   data->scan_info.num_freqs);
-		if (wpa_s->last_scan_freqs) {
-			os_memcpy(wpa_s->last_scan_freqs,
-				  data->scan_info.freqs,
-				  sizeof(int) * data->scan_info.num_freqs);
-			wpa_s->num_last_scan_freqs = data->scan_info.num_freqs;
-		}
-	}
-
-	return wpas_select_network_from_last_scan(wpa_s, 1, own_request);
-
-scan_work_done:
-	wpa_scan_results_free(scan_res);
-	if (own_request && wpa_s->scan_work) {
-		struct wpa_radio_work *work = wpa_s->scan_work;
-		wpa_s->scan_work = NULL;
-		radio_work_done(work);
-	}
-	return ret;
-}
-
-
-static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
-					      int new_scan, int own_request)
-{
-	struct wpa_bss *selected;
-	struct wpa_ssid *ssid = NULL;
-	int time_to_reenable = wpas_reenabled_network_time(wpa_s);
-
-	if (time_to_reenable > 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Postpone network selection by %d seconds since all networks are disabled",
-			time_to_reenable);
-		eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
-		eloop_register_timeout(time_to_reenable, 0,
-				       wpas_network_reenabled, wpa_s, NULL);
-		return 0;
-	}
-
-	if (wpa_s->p2p_mgmt)
-		return 0; /* no normal connection on p2p_mgmt interface */
-
-	wpa_s->owe_transition_search = 0;
-	selected = wpa_supplicant_pick_network(wpa_s, &ssid);
-
-#ifdef CONFIG_MESH
-	if (wpa_s->ifmsh) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Avoiding join because we already joined a mesh group");
-		return 0;
-	}
-#endif /* CONFIG_MESH */
-
-	if (selected) {
-		int skip;
-		skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid);
-		if (skip) {
-			if (new_scan)
-				wpa_supplicant_rsn_preauth_scan_results(wpa_s);
-			return 0;
-		}
-
-		wpa_s->suitable_network++;
-
-		if (ssid != wpa_s->current_ssid &&
-		    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-			wpa_s->own_disconnect_req = 1;
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-		}
-
-		if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed");
-			return -1;
-		}
-		if (new_scan)
-			wpa_supplicant_rsn_preauth_scan_results(wpa_s);
-		/*
-		 * Do not allow other virtual radios to trigger operations based
-		 * on these scan results since we do not want them to start
-		 * other associations at the same time.
-		 */
-		return 1;
-	} else {
-		wpa_s->no_suitable_network++;
-		wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found");
-		ssid = wpa_supplicant_pick_new_network(wpa_s);
-		if (ssid) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network");
-			wpa_supplicant_associate(wpa_s, NULL, ssid);
-			if (new_scan)
-				wpa_supplicant_rsn_preauth_scan_results(wpa_s);
-		} else if (own_request) {
-			/*
-			 * No SSID found. If SCAN results are as a result of
-			 * own scan request and not due to a scan request on
-			 * another shared interface, try another scan.
-			 */
-			int timeout_sec = wpa_s->scan_interval;
-			int timeout_usec = 0;
-#ifdef CONFIG_P2P
-			int res;
-
-			res = wpas_p2p_scan_no_go_seen(wpa_s);
-			if (res == 2)
-				return 2;
-			if (res == 1)
-				return 0;
-
-			if (wpa_s->p2p_in_provisioning ||
-			    wpa_s->show_group_started ||
-			    wpa_s->p2p_in_invitation) {
-				/*
-				 * Use shorter wait during P2P Provisioning
-				 * state and during P2P join-a-group operation
-				 * to speed up group formation.
-				 */
-				timeout_sec = 0;
-				timeout_usec = 250000;
-				wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
-							    timeout_usec);
-				return 0;
-			}
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_INTERWORKING
-			if (wpa_s->conf->auto_interworking &&
-			    wpa_s->conf->interworking &&
-			    wpa_s->conf->cred) {
-				wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: "
-					"start ANQP fetch since no matching "
-					"networks found");
-				wpa_s->network_select = 1;
-				wpa_s->auto_network_select = 1;
-				interworking_start_fetch_anqp(wpa_s);
-				return 1;
-			}
-#endif /* CONFIG_INTERWORKING */
-#ifdef CONFIG_WPS
-			if (wpa_s->after_wps > 0 || wpas_wps_searching(wpa_s)) {
-				wpa_dbg(wpa_s, MSG_DEBUG, "Use shorter wait during WPS processing");
-				timeout_sec = 0;
-				timeout_usec = 500000;
-				wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
-							    timeout_usec);
-				return 0;
-			}
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_OWE
-			if (wpa_s->owe_transition_search) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"OWE: Use shorter wait during transition mode search");
-				timeout_sec = 0;
-				timeout_usec = 500000;
-				wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
-							    timeout_usec);
-				return 0;
-			}
-#endif /* CONFIG_OWE */
-			if (wpa_supplicant_req_sched_scan(wpa_s))
-				wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
-							    timeout_usec);
-
-			wpa_msg_ctrl(wpa_s, MSG_INFO,
-				     WPA_EVENT_NETWORK_NOT_FOUND);
-		}
-	}
-	return 0;
-}
-
-
-static int wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
-					     union wpa_event_data *data)
-{
-	struct wpa_supplicant *ifs;
-	int res;
-
-	res = _wpa_supplicant_event_scan_results(wpa_s, data, 1, 0);
-	if (res == 2) {
-		/*
-		 * Interface may have been removed, so must not dereference
-		 * wpa_s after this.
-		 */
-		return 1;
-	}
-
-	if (res < 0) {
-		/*
-		 * If no scan results could be fetched, then no need to
-		 * notify those interfaces that did not actually request
-		 * this scan. Similarly, if scan results started a new operation on this
-		 * interface, do not notify other interfaces to avoid concurrent
-		 * operations during a connection attempt.
-		 */
-		return 0;
-	}
-
-	/*
-	 * Check other interfaces to see if they share the same radio. If
-	 * so, they get updated with this same scan info.
-	 */
-	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
-			 radio_list) {
-		if (ifs != wpa_s) {
-			wpa_printf(MSG_DEBUG, "%s: Updating scan results from "
-				   "sibling", ifs->ifname);
-			res = _wpa_supplicant_event_scan_results(ifs, data, 0,
-								 res > 0);
-			if (res < 0)
-				return 0;
-		}
-	}
-
-	return 0;
-}
-
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-
-
-int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_NO_SCAN_PROCESSING
-	return -1;
-#else /* CONFIG_NO_SCAN_PROCESSING */
-	struct os_reltime now;
-
-	wpa_s->ignore_post_flush_scan_res = 0;
-
-	if (wpa_s->last_scan_res_used == 0)
-		return -1;
-
-	os_get_reltime(&now);
-	if (os_reltime_expired(&now, &wpa_s->last_scan,
-			       wpa_s->conf->scan_res_valid_for_connect)) {
-		wpa_printf(MSG_DEBUG, "Fast associate: Old scan results");
-		return -1;
-	}
-
-	return wpas_select_network_from_last_scan(wpa_s, 0, 1);
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-}
-
-#ifdef CONFIG_WNM
-
-static void wnm_bss_keep_alive(void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (wpa_s->wpa_state < WPA_ASSOCIATED)
-		return;
-
-	if (!wpa_s->no_keep_alive) {
-		wpa_printf(MSG_DEBUG, "WNM: Send keep-alive to AP " MACSTR,
-			   MAC2STR(wpa_s->bssid));
-		/* TODO: could skip this if normal data traffic has been sent */
-		/* TODO: Consider using some more appropriate data frame for
-		 * this */
-		if (wpa_s->l2)
-			l2_packet_send(wpa_s->l2, wpa_s->bssid, 0x0800,
-				       (u8 *) "", 0);
-	}
-
-#ifdef CONFIG_SME
-	if (wpa_s->sme.bss_max_idle_period) {
-		unsigned int msec;
-		msec = wpa_s->sme.bss_max_idle_period * 1024; /* times 1000 */
-		if (msec > 100)
-			msec -= 100;
-		eloop_register_timeout(msec / 1000, msec % 1000 * 1000,
-				       wnm_bss_keep_alive, wpa_s, NULL);
-	}
-#endif /* CONFIG_SME */
-}
-
-
-static void wnm_process_assoc_resp(struct wpa_supplicant *wpa_s,
-				   const u8 *ies, size_t ies_len)
-{
-	struct ieee802_11_elems elems;
-
-	if (ies == NULL)
-		return;
-
-	if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
-		return;
-
-#ifdef CONFIG_SME
-	if (elems.bss_max_idle_period) {
-		unsigned int msec;
-		wpa_s->sme.bss_max_idle_period =
-			WPA_GET_LE16(elems.bss_max_idle_period);
-		wpa_printf(MSG_DEBUG, "WNM: BSS Max Idle Period: %u (* 1000 "
-			   "TU)%s", wpa_s->sme.bss_max_idle_period,
-			   (elems.bss_max_idle_period[2] & 0x01) ?
-			   " (protected keep-live required)" : "");
-		if (wpa_s->sme.bss_max_idle_period == 0)
-			wpa_s->sme.bss_max_idle_period = 1;
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
-			eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL);
-			 /* msec times 1000 */
-			msec = wpa_s->sme.bss_max_idle_period * 1024;
-			if (msec > 100)
-				msec -= 100;
-			eloop_register_timeout(msec / 1000, msec % 1000 * 1000,
-					       wnm_bss_keep_alive, wpa_s,
-					       NULL);
-		}
-	}
-#endif /* CONFIG_SME */
-}
-
-#endif /* CONFIG_WNM */
-
-
-void wnm_bss_keep_alive_deinit(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_WNM
-	eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL);
-#endif /* CONFIG_WNM */
-}
-
-
-#ifdef CONFIG_INTERWORKING
-
-static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
-			    size_t len)
-{
-	int res;
-
-	wpa_hexdump(MSG_DEBUG, "Interworking: QoS Map Set", qos_map, len);
-	res = wpa_drv_set_qos_map(wpa_s, qos_map, len);
-	if (res) {
-		wpa_printf(MSG_DEBUG, "Interworking: Failed to configure QoS Map Set to the driver");
-	}
-
-	return res;
-}
-
-
-static void interworking_process_assoc_resp(struct wpa_supplicant *wpa_s,
-					    const u8 *ies, size_t ies_len)
-{
-	struct ieee802_11_elems elems;
-
-	if (ies == NULL)
-		return;
-
-	if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
-		return;
-
-	if (elems.qos_map_set) {
-		wpas_qos_map_set(wpa_s, elems.qos_map_set,
-				 elems.qos_map_set_len);
-	}
-}
-
-#endif /* CONFIG_INTERWORKING */
-
-
-static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
-					const u8 *ies, size_t ies_len)
-{
-	struct ieee802_11_elems elems;
-	const u8 *map_sub_elem, *pos;
-	size_t len;
-
-	wpa_s->multi_ap_ie = 0;
-
-	if (!ies ||
-	    ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed ||
-	    !elems.multi_ap || elems.multi_ap_len < 7)
-		return;
-
-	pos = elems.multi_ap + 4;
-	len = elems.multi_ap_len - 4;
-
-	map_sub_elem = get_ie(pos, len, MULTI_AP_SUB_ELEM_TYPE);
-	if (!map_sub_elem || map_sub_elem[1] < 1)
-		return;
-
-	wpa_s->multi_ap_backhaul = !!(map_sub_elem[2] & MULTI_AP_BACKHAUL_BSS);
-	wpa_s->multi_ap_fronthaul = !!(map_sub_elem[2] &
-				       MULTI_AP_FRONTHAUL_BSS);
-	wpa_s->multi_ap_ie = 1;
-}
-
-
-static void multi_ap_set_4addr_mode(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->current_ssid ||
-	    !wpa_s->current_ssid->multi_ap_backhaul_sta)
-		return;
-
-	if (!wpa_s->multi_ap_ie) {
-		wpa_printf(MSG_INFO,
-			   "AP does not include valid Multi-AP element");
-		goto fail;
-	}
-
-	if (!wpa_s->multi_ap_backhaul) {
-		if (wpa_s->multi_ap_fronthaul &&
-		    wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
-			wpa_printf(MSG_INFO,
-				   "WPS active, accepting fronthaul-only BSS");
-			/* Don't set 4addr mode in this case, so just return */
-			return;
-		}
-		wpa_printf(MSG_INFO, "AP doesn't support backhaul BSS");
-		goto fail;
-	}
-
-	if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) {
-		wpa_printf(MSG_ERROR, "Failed to set 4addr mode");
-		goto fail;
-	}
-	wpa_s->enabled_4addr_mode = 1;
-	return;
-
-fail:
-	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-}
-
-
-#ifdef CONFIG_FST
-static int wpas_fst_update_mbie(struct wpa_supplicant *wpa_s,
-				const u8 *ie, size_t ie_len)
-{
-	struct mb_ies_info mb_ies;
-
-	if (!ie || !ie_len || !wpa_s->fst)
-	    return -ENOENT;
-
-	os_memset(&mb_ies, 0, sizeof(mb_ies));
-
-	while (ie_len >= 2 && mb_ies.nof_ies < MAX_NOF_MB_IES_SUPPORTED) {
-		size_t len;
-
-		len = 2 + ie[1];
-		if (len > ie_len) {
-			wpa_hexdump(MSG_DEBUG, "FST: Truncated IE found",
-				    ie, ie_len);
-			break;
-		}
-
-		if (ie[0] == WLAN_EID_MULTI_BAND) {
-			wpa_printf(MSG_DEBUG, "MB IE of %u bytes found",
-				   (unsigned int) len);
-			mb_ies.ies[mb_ies.nof_ies].ie = ie + 2;
-			mb_ies.ies[mb_ies.nof_ies].ie_len = len - 2;
-			mb_ies.nof_ies++;
-		}
-
-		ie_len -= len;
-		ie += len;
-	}
-
-	if (mb_ies.nof_ies > 0) {
-		wpabuf_free(wpa_s->received_mb_ies);
-		wpa_s->received_mb_ies = mb_ies_by_info(&mb_ies);
-		return 0;
-	}
-
-	return -ENOENT;
-}
-#endif /* CONFIG_FST */
-
-
-static int wpa_supplicant_use_own_rsne_params(struct wpa_supplicant *wpa_s,
-					      union wpa_event_data *data)
-{
-	int sel;
-	const u8 *p;
-	int l, len;
-	bool found = false;
-	struct wpa_ie_data ie;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct wpa_bss *bss = wpa_s->current_bss;
-	int pmf;
-
-	if (!ssid)
-		return 0;
-
-	p = data->assoc_info.req_ies;
-	l = data->assoc_info.req_ies_len;
-
-	while (p && l >= 2) {
-		len = p[1] + 2;
-		if (len > l) {
-			wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
-				    p, l);
-			break;
-		}
-		if (((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
-		      (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
-		     (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 &&
-		      (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) ||
-		     (p[0] == WLAN_EID_RSN && p[1] >= 2))) {
-			found = true;
-			break;
-		}
-		l -= len;
-		p += len;
-	}
-
-	if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0)
-		return 0;
-
-	wpa_hexdump(MSG_DEBUG,
-		    "WPA: Update cipher suite selection based on IEs in driver-generated WPA/RSNE in AssocReq",
-		    p, l);
-
-	/* Update proto from (Re)Association Request frame info */
-	wpa_s->wpa_proto = ie.proto;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, wpa_s->wpa_proto);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
-			 !!(wpa_s->wpa_proto &
-			    (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
-
-	/* Update AKMP suite from (Re)Association Request frame info */
-	sel = ie.key_mgmt;
-	if (ssid->key_mgmt)
-		sel &= ssid->key_mgmt;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP key_mgmt 0x%x network key_mgmt 0x%x; available key_mgmt 0x%x",
-		ie.key_mgmt, ssid->key_mgmt, sel);
-	if (ie.key_mgmt && !sel) {
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_AKMP_NOT_VALID);
-		return -1;
-	}
-
-	wpa_s->key_mgmt = ie.key_mgmt;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT %s and proto %d",
-		wpa_key_mgmt_txt(wpa_s->key_mgmt, wpa_s->wpa_proto),
-		wpa_s->wpa_proto);
-
-	/* Update pairwise cipher from (Re)Association Request frame info */
-	sel = ie.pairwise_cipher;
-	if (ssid->pairwise_cipher)
-		sel &= ssid->pairwise_cipher;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP pairwise cipher 0x%x network pairwise cipher 0x%x; available pairwise cipher 0x%x",
-		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
-	if (ie.pairwise_cipher && !sel) {
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID);
-		return -1;
-	}
-
-	wpa_s->pairwise_cipher = ie.pairwise_cipher;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
-			 wpa_s->pairwise_cipher);
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
-		wpa_cipher_txt(wpa_s->pairwise_cipher));
-
-	/* Update other parameters based on AP's WPA IE/RSNE, if available */
-	if (!bss) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: current_bss == NULL - skip AP IE check");
-		return 0;
-	}
-
-	/* Update GTK and IGTK from AP's RSNE */
-	found = false;
-
-	if (wpa_s->wpa_proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) {
-		const u8 *bss_rsn;
-
-		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		if (bss_rsn) {
-			p = bss_rsn;
-			len = 2 + bss_rsn[1];
-			found = true;
-		}
-	} else if (wpa_s->wpa_proto & WPA_PROTO_WPA) {
-		const u8 *bss_wpa;
-
-		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-		if (bss_wpa) {
-			p = bss_wpa;
-			len = 2 + bss_wpa[1];
-			found = true;
-		}
-	}
-
-	if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0)
-		return 0;
-
-	pmf = wpas_get_ssid_pmf(wpa_s, ssid);
-	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
-	    pmf == MGMT_FRAME_PROTECTION_REQUIRED) {
-		/* AP does not support MFP, local configuration requires it */
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_INVALID_RSN_IE_CAPAB);
-		return -1;
-	}
-	if ((ie.capabilities & WPA_CAPABILITY_MFPR) &&
-	    pmf == NO_MGMT_FRAME_PROTECTION) {
-		/* AP requires MFP, local configuration disables it */
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_INVALID_RSN_IE_CAPAB);
-		return -1;
-	}
-
-	/* Update PMF from local configuration now that MFP validation was done
-	 * above */
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, pmf);
-
-	/* Update GTK from AP's RSNE */
-	sel = ie.group_cipher;
-	if (ssid->group_cipher)
-		sel &= ssid->group_cipher;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP group cipher 0x%x network group cipher 0x%x; available group cipher 0x%x",
-		ie.group_cipher, ssid->group_cipher, sel);
-	if (ie.group_cipher && !sel) {
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_GROUP_CIPHER_NOT_VALID);
-		return -1;
-	}
-
-	wpa_s->group_cipher = ie.group_cipher;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
-		wpa_cipher_txt(wpa_s->group_cipher));
-
-	/* Update IGTK from AP RSN IE */
-	sel = ie.mgmt_group_cipher;
-	if (ssid->group_mgmt_cipher)
-		sel &= ssid->group_mgmt_cipher;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP mgmt_group_cipher 0x%x network mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
-		ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
-
-	if (pmf == NO_MGMT_FRAME_PROTECTION ||
-	    !(ie.capabilities & WPA_CAPABILITY_MFPC)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: STA/AP is not MFP capable; AP RSNE caps 0x%x",
-			ie.capabilities);
-		ie.mgmt_group_cipher = 0;
-	}
-
-	if (ie.mgmt_group_cipher && !sel) {
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_CIPHER_SUITE_REJECTED);
-		return -1;
-	}
-
-	wpa_s->mgmt_group_cipher = ie.mgmt_group_cipher;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
-			 wpa_s->mgmt_group_cipher);
-	if (wpa_s->mgmt_group_cipher)
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher %s",
-			wpa_cipher_txt(wpa_s->mgmt_group_cipher));
-	else
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
-
-	return 0;
-}
-
-
-static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
-					  union wpa_event_data *data)
-{
-	int l, len, found = 0, found_x = 0, wpa_found, rsn_found;
-	const u8 *p;
-	u8 bssid[ETH_ALEN];
-	bool bssid_known;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Association info event");
-	bssid_known = wpa_drv_get_bssid(wpa_s, bssid) == 0;
-	if (data->assoc_info.req_ies)
-		wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies,
-			    data->assoc_info.req_ies_len);
-	if (data->assoc_info.resp_ies) {
-		wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies,
-			    data->assoc_info.resp_ies_len);
-#ifdef CONFIG_TDLS
-		wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies,
-					data->assoc_info.resp_ies_len);
-#endif /* CONFIG_TDLS */
-#ifdef CONFIG_WNM
-		wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
-				       data->assoc_info.resp_ies_len);
-#endif /* CONFIG_WNM */
-#ifdef CONFIG_INTERWORKING
-		interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
-						data->assoc_info.resp_ies_len);
-#endif /* CONFIG_INTERWORKING */
-		if (wpa_s->hw_capab == CAPAB_VHT &&
-		    get_ie(data->assoc_info.resp_ies,
-			   data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
-			wpa_s->ieee80211ac = 1;
-
-		multi_ap_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
-					    data->assoc_info.resp_ies_len);
-	}
-	if (data->assoc_info.beacon_ies)
-		wpa_hexdump(MSG_DEBUG, "beacon_ies",
-			    data->assoc_info.beacon_ies,
-			    data->assoc_info.beacon_ies_len);
-	if (data->assoc_info.freq)
-		wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz",
-			data->assoc_info.freq);
-
-	wpa_s->connection_set = 0;
-	if (data->assoc_info.req_ies && data->assoc_info.resp_ies) {
-		struct ieee802_11_elems req_elems, resp_elems;
-
-		if (ieee802_11_parse_elems(data->assoc_info.req_ies,
-					   data->assoc_info.req_ies_len,
-					   &req_elems, 0) != ParseFailed &&
-		    ieee802_11_parse_elems(data->assoc_info.resp_ies,
-					   data->assoc_info.resp_ies_len,
-					   &resp_elems, 0) != ParseFailed) {
-			wpa_s->connection_set = 1;
-			wpa_s->connection_ht = req_elems.ht_capabilities &&
-				resp_elems.ht_capabilities;
-			/* Do not include subset of VHT on 2.4 GHz vendor
-			 * extension in consideration for reporting VHT
-			 * association. */
-			wpa_s->connection_vht = req_elems.vht_capabilities &&
-				resp_elems.vht_capabilities &&
-				(!data->assoc_info.freq ||
-				 wpas_freq_to_band(data->assoc_info.freq) !=
-				 BAND_2_4_GHZ);
-			wpa_s->connection_he = req_elems.he_capabilities &&
-				resp_elems.he_capabilities;
-		}
-	}
-
-	p = data->assoc_info.req_ies;
-	l = data->assoc_info.req_ies_len;
-
-	/* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
-	while (p && l >= 2) {
-		len = p[1] + 2;
-		if (len > l) {
-			wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
-				    p, l);
-			break;
-		}
-		if (!found &&
-		    ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
-		      (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
-		     (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 &&
-		      (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) ||
-		     (p[0] == WLAN_EID_RSN && p[1] >= 2))) {
-			if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len))
-				break;
-			found = 1;
-			wpa_find_assoc_pmkid(wpa_s);
-		}
-		if (!found_x && p[0] == WLAN_EID_RSNX) {
-			if (wpa_sm_set_assoc_rsnxe(wpa_s->wpa, p, len))
-				break;
-			found_x = 1;
-		}
-		l -= len;
-		p += len;
-	}
-	if (!found && data->assoc_info.req_ies)
-		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-	if (!found_x && data->assoc_info.req_ies)
-		wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
-
-#ifdef CONFIG_FILS
-#ifdef CONFIG_SME
-	if ((wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
-	     wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS) &&
-	    (!data->assoc_info.resp_frame ||
-	     fils_process_assoc_resp(wpa_s->wpa,
-				     data->assoc_info.resp_frame,
-				     data->assoc_info.resp_frame_len) < 0)) {
-		wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
-		return -1;
-	}
-#endif /* CONFIG_SME */
-
-	/* Additional processing for FILS when SME is in driver */
-	if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS &&
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
-		wpa_sm_set_reset_fils_completed(wpa_s->wpa, 1);
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_OWE
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
-	    (!bssid_known ||
-	     owe_process_assoc_resp(wpa_s->wpa, bssid,
-				    data->assoc_info.resp_ies,
-				    data->assoc_info.resp_ies_len) < 0)) {
-		wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
-		return -1;
-	}
-#endif /* CONFIG_OWE */
-
-#ifdef CONFIG_DPP2
-	wpa_sm_set_dpp_z(wpa_s->wpa, NULL);
-	if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP &&
-	    wpa_s->dpp_pfs) {
-		struct ieee802_11_elems elems;
-
-		if (ieee802_11_parse_elems(data->assoc_info.resp_ies,
-					   data->assoc_info.resp_ies_len,
-					   &elems, 0) == ParseFailed ||
-		    !elems.owe_dh)
-			goto no_pfs;
-		if (dpp_pfs_process(wpa_s->dpp_pfs, elems.owe_dh,
-				    elems.owe_dh_len) < 0) {
-			wpa_supplicant_deauthenticate(wpa_s,
-						      WLAN_REASON_UNSPECIFIED);
-			return -1;
-		}
-
-		wpa_sm_set_dpp_z(wpa_s->wpa, wpa_s->dpp_pfs->secret);
-	}
-no_pfs:
-#endif /* CONFIG_DPP2 */
-
-#ifdef CONFIG_IEEE80211R
-#ifdef CONFIG_SME
-	if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) {
-		if (!bssid_known ||
-		    wpa_ft_validate_reassoc_resp(wpa_s->wpa,
-						 data->assoc_info.resp_ies,
-						 data->assoc_info.resp_ies_len,
-						 bssid) < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
-				"Reassociation Response failed");
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_INVALID_IE);
-			return -1;
-		}
-	}
-
-	p = data->assoc_info.resp_ies;
-	l = data->assoc_info.resp_ies_len;
-
-#ifdef CONFIG_WPS_STRICT
-	if (p && wpa_s->current_ssid &&
-	    wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
-		struct wpabuf *wps;
-		wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE);
-		if (wps == NULL) {
-			wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not "
-				"include WPS IE in (Re)Association Response");
-			return -1;
-		}
-
-		if (wps_validate_assoc_resp(wps) < 0) {
-			wpabuf_free(wps);
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_INVALID_IE);
-			return -1;
-		}
-		wpabuf_free(wps);
-	}
-#endif /* CONFIG_WPS_STRICT */
-
-	/* Go through the IEs and make a copy of the MDIE, if present. */
-	while (p && l >= 2) {
-		len = p[1] + 2;
-		if (len > l) {
-			wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
-				    p, l);
-			break;
-		}
-		if (p[0] == WLAN_EID_MOBILITY_DOMAIN &&
-		    p[1] >= MOBILITY_DOMAIN_ID_LEN) {
-			wpa_s->sme.ft_used = 1;
-			os_memcpy(wpa_s->sme.mobility_domain, p + 2,
-				  MOBILITY_DOMAIN_ID_LEN);
-			break;
-		}
-		l -= len;
-		p += len;
-	}
-#endif /* CONFIG_SME */
-
-	/* Process FT when SME is in the driver */
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-	    wpa_ft_is_completed(wpa_s->wpa)) {
-		if (!bssid_known ||
-		    wpa_ft_validate_reassoc_resp(wpa_s->wpa,
-						 data->assoc_info.resp_ies,
-						 data->assoc_info.resp_ies_len,
-						 bssid) < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
-				"Reassociation Response failed");
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_INVALID_IE);
-			return -1;
-		}
-		wpa_dbg(wpa_s, MSG_DEBUG, "FT: Reassociation Response done");
-	}
-
-	wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies,
-			     data->assoc_info.resp_ies_len);
-#endif /* CONFIG_IEEE80211R */
-
-	if (bssid_known)
-		wpas_handle_assoc_resp_mscs(wpa_s, bssid,
-					    data->assoc_info.resp_ies,
-					    data->assoc_info.resp_ies_len);
-
-	/* WPA/RSN IE from Beacon/ProbeResp */
-	p = data->assoc_info.beacon_ies;
-	l = data->assoc_info.beacon_ies_len;
-
-	/* Go through the IEs and make a copy of the WPA/RSN IEs, if present.
-	 */
-	wpa_found = rsn_found = 0;
-	while (p && l >= 2) {
-		len = p[1] + 2;
-		if (len > l) {
-			wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies",
-				    p, l);
-			break;
-		}
-		if (!wpa_found &&
-		    p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
-		    os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) {
-			wpa_found = 1;
-			wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len);
-		}
-
-		if (!rsn_found &&
-		    p[0] == WLAN_EID_RSN && p[1] >= 2) {
-			rsn_found = 1;
-			wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len);
-		}
-
-		if (p[0] == WLAN_EID_RSNX && p[1] >= 1)
-			wpa_sm_set_ap_rsnxe(wpa_s->wpa, p, len);
-
-		l -= len;
-		p += len;
-	}
-
-	if (!wpa_found && data->assoc_info.beacon_ies)
-		wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
-	if (!rsn_found && data->assoc_info.beacon_ies) {
-		wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
-		wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
-	}
-	if (wpa_found || rsn_found)
-		wpa_s->ap_ies_from_associnfo = 1;
-
-	if (wpa_s->assoc_freq && data->assoc_info.freq &&
-	    wpa_s->assoc_freq != data->assoc_info.freq) {
-		wpa_printf(MSG_DEBUG, "Operating frequency changed from "
-			   "%u to %u MHz",
-			   wpa_s->assoc_freq, data->assoc_info.freq);
-		wpa_supplicant_update_scan_results(wpa_s);
-	}
-
-	wpa_s->assoc_freq = data->assoc_info.freq;
-
-	wpas_handle_assoc_resp_qos_mgmt(wpa_s, data->assoc_info.resp_ies,
-					data->assoc_info.resp_ies_len);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s)
-{
-	const u8 *bss_wpa = NULL, *bss_rsn = NULL, *bss_rsnx = NULL;
-
-	if (!wpa_s->current_bss || !wpa_s->current_ssid)
-		return -1;
-
-	if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt))
-		return 0;
-
-	bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss,
-					WPA_IE_VENDOR_TYPE);
-	bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN);
-	bss_rsnx = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSNX);
-
-	if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
-				 bss_wpa ? 2 + bss_wpa[1] : 0) ||
-	    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
-				 bss_rsn ? 2 + bss_rsn[1] : 0) ||
-	    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
-				 bss_rsnx ? 2 + bss_rsnx[1] : 0))
-		return -1;
-
-	return 0;
-}
-
-
-static void wpas_fst_update_mb_assoc(struct wpa_supplicant *wpa_s,
-				     union wpa_event_data *data)
-{
-#ifdef CONFIG_FST
-	struct assoc_info *ai = data ? &data->assoc_info : NULL;
-	struct wpa_bss *bss = wpa_s->current_bss;
-	const u8 *ieprb, *iebcn;
-
-	wpabuf_free(wpa_s->received_mb_ies);
-	wpa_s->received_mb_ies = NULL;
-
-	if (ai &&
-	    !wpas_fst_update_mbie(wpa_s, ai->resp_ies, ai->resp_ies_len)) {
-		wpa_printf(MSG_DEBUG,
-			   "FST: MB IEs updated from Association Response frame");
-		return;
-	}
-
-	if (ai &&
-	    !wpas_fst_update_mbie(wpa_s, ai->beacon_ies, ai->beacon_ies_len)) {
-		wpa_printf(MSG_DEBUG,
-			   "FST: MB IEs updated from association event Beacon IEs");
-		return;
-	}
-
-	if (!bss)
-		return;
-
-	ieprb = wpa_bss_ie_ptr(bss);
-	iebcn = ieprb + bss->ie_len;
-
-	if (!wpas_fst_update_mbie(wpa_s, ieprb, bss->ie_len))
-		wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss IE");
-	else if (!wpas_fst_update_mbie(wpa_s, iebcn, bss->beacon_ie_len))
-		wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss beacon IE");
-#endif /* CONFIG_FST */
-}
-
-
-static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
-				       union wpa_event_data *data)
-{
-	u8 bssid[ETH_ALEN];
-	int ft_completed, already_authorized;
-	int new_bss = 0;
-#if defined(CONFIG_FILS) || defined(CONFIG_MBO)
-	struct wpa_bss *bss;
-#endif /* CONFIG_FILS || CONFIG_MBO */
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		if (!data)
-			return;
-		hostapd_notif_assoc(wpa_s->ap_iface->bss[0],
-				    data->assoc_info.addr,
-				    data->assoc_info.req_ies,
-				    data->assoc_info.req_ies_len,
-				    data->assoc_info.reassoc);
-		return;
-	}
-#endif /* CONFIG_AP */
-
-	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
-	wpa_s->own_reconnect_req = 0;
-
-	ft_completed = wpa_ft_is_completed(wpa_s->wpa);
-	if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0)
-		return;
-	/*
-	 * FILS authentication can share the same mechanism to mark the
-	 * connection fully authenticated, so set ft_completed also based on
-	 * FILS result.
-	 */
-	if (!ft_completed)
-		ft_completed = wpa_fils_is_completed(wpa_s->wpa);
-
-	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
-		wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID");
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-		return;
-	}
-
-	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
-	if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) {
-		if (os_reltime_initialized(&wpa_s->session_start)) {
-			os_reltime_age(&wpa_s->session_start,
-				       &wpa_s->session_length);
-			wpa_s->session_start.sec = 0;
-			wpa_s->session_start.usec = 0;
-			wpas_notify_session_length(wpa_s);
-		} else {
-			wpas_notify_auth_changed(wpa_s);
-			os_get_reltime(&wpa_s->session_start);
-		}
-		wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
-			MACSTR, MAC2STR(bssid));
-		new_bss = 1;
-		random_add_randomness(bssid, ETH_ALEN);
-		os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
-		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
-		wpas_notify_bssid_changed(wpa_s);
-
-		if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) {
-			wpa_clear_keys(wpa_s, bssid);
-		}
-		if (wpa_supplicant_select_config(wpa_s) < 0) {
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-			return;
-		}
-	}
-
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-	    data && wpa_supplicant_use_own_rsne_params(wpa_s, data) < 0)
-		return;
-
-	multi_ap_set_4addr_mode(wpa_s);
-
-	if (wpa_s->conf->ap_scan == 1 &&
-	    wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) {
-		if (wpa_supplicant_assoc_update_ie(wpa_s) < 0 && new_bss)
-			wpa_msg(wpa_s, MSG_WARNING,
-				"WPA/RSN IEs not updated");
-	}
-
-	wpas_fst_update_mb_assoc(wpa_s, data);
-
-#ifdef CONFIG_SME
-	os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN);
-	wpa_s->sme.prev_bssid_set = 1;
-	wpa_s->sme.last_unprot_disconnect.sec = 0;
-#endif /* CONFIG_SME */
-
-	wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
-	if (wpa_s->current_ssid) {
-		/* When using scanning (ap_scan=1), SIM PC/SC interface can be
-		 * initialized before association, but for other modes,
-		 * initialize PC/SC here, if the current configuration needs
-		 * smartcard or SIM/USIM. */
-		wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid);
-	}
-	wpa_sm_notify_assoc(wpa_s->wpa, bssid);
-	if (wpa_s->l2)
-		l2_packet_notify_auth_start(wpa_s->l2);
-
-	already_authorized = data && data->assoc_info.authorized;
-
-	/*
-	 * Set portEnabled first to false in order to get EAP state machine out
-	 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
-	 * state machine may transit to AUTHENTICATING state based on obsolete
-	 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to
-	 * AUTHENTICATED without ever giving chance to EAP state machine to
-	 * reset the state.
-	 */
-	if (!ft_completed && !already_authorized) {
-		eapol_sm_notify_portEnabled(wpa_s->eapol, false);
-		eapol_sm_notify_portValid(wpa_s->eapol, false);
-	}
-	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed ||
-	    already_authorized || wpa_s->drv_authorized_port)
-		eapol_sm_notify_eap_success(wpa_s->eapol, false);
-	/* 802.1X::portControl = Auto */
-	eapol_sm_notify_portEnabled(wpa_s->eapol, true);
-	wpa_s->eapol_received = 0;
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE ||
-	    (wpa_s->current_ssid &&
-	     wpa_s->current_ssid->mode == WPAS_MODE_IBSS)) {
-		if (wpa_s->current_ssid &&
-		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE &&
-		    (wpa_s->drv_flags &
-		     WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) {
-			/*
-			 * Set the key after having received joined-IBSS event
-			 * from the driver.
-			 */
-			wpa_supplicant_set_wpa_none_key(wpa_s,
-							wpa_s->current_ssid);
-		}
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-	} else if (!ft_completed) {
-		/* Timeout for receiving the first EAPOL packet */
-		wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
-	}
-	wpa_supplicant_cancel_scan(wpa_s);
-
-	if (ft_completed) {
-		/*
-		 * FT protocol completed - make sure EAPOL state machine ends
-		 * up in authenticated.
-		 */
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-		eapol_sm_notify_portValid(wpa_s->eapol, true);
-		eapol_sm_notify_eap_success(wpa_s->eapol, true);
-	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
-		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
-		/*
-		 * We are done; the driver will take care of RSN 4-way
-		 * handshake.
-		 */
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-		eapol_sm_notify_portValid(wpa_s->eapol, true);
-		eapol_sm_notify_eap_success(wpa_s->eapol, true);
-	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
-		   wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
-		/*
-		 * The driver will take care of RSN 4-way handshake, so we need
-		 * to allow EAPOL supplicant to complete its work without
-		 * waiting for WPA supplicant.
-		 */
-		eapol_sm_notify_portValid(wpa_s->eapol, true);
-	}
-
-	wpa_s->last_eapol_matches_bssid = 0;
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->rsne_override_eapol) {
-		wpa_printf(MSG_DEBUG,
-			   "TESTING: RSNE EAPOL-Key msg 2/4 override");
-		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa,
-					wpabuf_head(wpa_s->rsne_override_eapol),
-					wpabuf_len(wpa_s->rsne_override_eapol));
-	}
-	if (wpa_s->rsnxe_override_eapol) {
-		wpa_printf(MSG_DEBUG,
-			   "TESTING: RSNXE EAPOL-Key msg 2/4 override");
-		wpa_sm_set_assoc_rsnxe(wpa_s->wpa,
-				       wpabuf_head(wpa_s->rsnxe_override_eapol),
-				       wpabuf_len(wpa_s->rsnxe_override_eapol));
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_s->pending_eapol_rx) {
-		struct os_reltime now, age;
-		os_get_reltime(&now);
-		os_reltime_sub(&now, &wpa_s->pending_eapol_rx_time, &age);
-		if (age.sec == 0 && age.usec < 200000 &&
-		    os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) ==
-		    0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL "
-				"frame that was received just before "
-				"association notification");
-			wpa_supplicant_rx_eapol(
-				wpa_s, wpa_s->pending_eapol_rx_src,
-				wpabuf_head(wpa_s->pending_eapol_rx),
-				wpabuf_len(wpa_s->pending_eapol_rx));
-		}
-		wpabuf_free(wpa_s->pending_eapol_rx);
-		wpa_s->pending_eapol_rx = NULL;
-	}
-
-#ifdef CONFIG_WEP
-	if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
-	     wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
-	    wpa_s->current_ssid &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) {
-		/* Set static WEP keys again */
-		wpa_set_wep_keys(wpa_s, wpa_s->current_ssid);
-	}
-#endif /* CONFIG_WEP */
-
-#ifdef CONFIG_IBSS_RSN
-	if (wpa_s->current_ssid &&
-	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
-	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
-	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
-	    wpa_s->ibss_rsn == NULL) {
-		wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid);
-		if (!wpa_s->ibss_rsn) {
-			wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-			return;
-		}
-
-		ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk);
-	}
-#endif /* CONFIG_IBSS_RSN */
-
-	wpas_wps_notify_assoc(wpa_s, bssid);
-
-	if (data) {
-		wmm_ac_notify_assoc(wpa_s, data->assoc_info.resp_ies,
-				    data->assoc_info.resp_ies_len,
-				    &data->assoc_info.wmm_params);
-
-		if (wpa_s->reassoc_same_bss)
-			wmm_ac_restore_tspecs(wpa_s);
-	}
-
-#if defined(CONFIG_FILS) || defined(CONFIG_MBO)
-	bss = wpa_bss_get_bssid(wpa_s, bssid);
-#endif /* CONFIG_FILS || CONFIG_MBO */
-#ifdef CONFIG_FILS
-	if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) {
-		const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
-
-		if (fils_cache_id)
-			wpa_sm_set_fils_cache_id(wpa_s->wpa, fils_cache_id);
-	}
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_MBO
-	wpas_mbo_check_pmf(wpa_s, bss, wpa_s->current_ssid);
-#endif /* CONFIG_MBO */
-
-#ifdef CONFIG_DPP2
-	wpa_s->dpp_pfs_fallback = 0;
-#endif /* CONFIG_DPP2 */
-}
-
-
-static int disconnect_reason_recoverable(u16 reason_code)
-{
-	return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY ||
-		reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA ||
-		reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA;
-}
-
-
-static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s,
-					  u16 reason_code,
-					  int locally_generated)
-{
-	const u8 *bssid;
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
-		/*
-		 * At least Host AP driver and a Prism3 card seemed to be
-		 * generating streams of disconnected events when configuring
-		 * IBSS for WPA-None. Ignore them for now.
-		 */
-		return;
-	}
-
-	bssid = wpa_s->bssid;
-	if (is_zero_ether_addr(bssid))
-		bssid = wpa_s->pending_bssid;
-
-	if (!is_zero_ether_addr(bssid) ||
-	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
-			" reason=%d%s",
-			MAC2STR(bssid), reason_code,
-			locally_generated ? " locally_generated=1" : "");
-	}
-}
-
-
-static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
-				 int locally_generated)
-{
-	if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
-	    !wpa_s->new_connection ||
-	    !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
-	    wpa_key_mgmt_sae(wpa_s->key_mgmt))
-		return 0; /* Not in initial 4-way handshake with PSK */
-
-	/*
-	 * It looks like connection was lost while trying to go through PSK
-	 * 4-way handshake. Filter out known disconnection cases that are caused
-	 * by something else than PSK mismatch to avoid confusing reports.
-	 */
-
-	if (locally_generated) {
-		if (reason_code == WLAN_REASON_IE_IN_4WAY_DIFFERS)
-			return 0;
-	}
-
-	return 1;
-}
-
-
-static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,
-						 u16 reason_code,
-						 int locally_generated)
-{
-	const u8 *bssid;
-	int authenticating;
-	u8 prev_pending_bssid[ETH_ALEN];
-	struct wpa_bss *fast_reconnect = NULL;
-	struct wpa_ssid *fast_reconnect_ssid = NULL;
-	struct wpa_ssid *last_ssid;
-	struct wpa_bss *curr = NULL;
-
-	authenticating = wpa_s->wpa_state == WPA_AUTHENTICATING;
-	os_memcpy(prev_pending_bssid, wpa_s->pending_bssid, ETH_ALEN);
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
-		/*
-		 * At least Host AP driver and a Prism3 card seemed to be
-		 * generating streams of disconnected events when configuring
-		 * IBSS for WPA-None. Ignore them for now.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in "
-			"IBSS/WPA-None mode");
-		return;
-	}
-
-	if (!wpa_s->disconnected && wpa_s->wpa_state >= WPA_AUTHENTICATING &&
-	    reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY &&
-	    locally_generated)
-		/*
-		 * Remove the inactive AP (which is probably out of range) from
-		 * the BSS list after marking disassociation. In particular
-		 * mac80211-based drivers use the
-		 * WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in
-		 * locally generated disconnection events for cases where the
-		 * AP does not reply anymore.
-		 */
-		curr = wpa_s->current_bss;
-
-	if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
-			"pre-shared key may be incorrect");
-		if (wpas_p2p_4way_hs_failed(wpa_s) > 0)
-			return; /* P2P group removed */
-		wpas_auth_failed(wpa_s, "WRONG_KEY");
-#ifdef CONFIG_DPP2
-		wpas_dpp_send_conn_status_result(wpa_s,
-						 DPP_STATUS_AUTH_FAILURE);
-#endif /* CONFIG_DPP2 */
-	}
-	if (!wpa_s->disconnected &&
-	    (!wpa_s->auto_reconnect_disabled ||
-	     wpa_s->key_mgmt == WPA_KEY_MGMT_WPS ||
-	     wpas_wps_searching(wpa_s) ||
-	     wpas_wps_reenable_networks_pending(wpa_s))) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to "
-			"reconnect (wps=%d/%d wpa_state=%d)",
-			wpa_s->key_mgmt == WPA_KEY_MGMT_WPS,
-			wpas_wps_searching(wpa_s),
-			wpa_s->wpa_state);
-		if (wpa_s->wpa_state == WPA_COMPLETED &&
-		    wpa_s->current_ssid &&
-		    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
-		    (wpa_s->own_reconnect_req ||
-		     (!locally_generated &&
-		      disconnect_reason_recoverable(reason_code)))) {
-			/*
-			 * It looks like the AP has dropped association with
-			 * us, but could allow us to get back in. This is also
-			 * triggered for cases where local reconnection request
-			 * is used to force reassociation with the same BSS.
-			 * Try to reconnect to the same BSS without a full scan
-			 * to save time for some common cases.
-			 */
-			fast_reconnect = wpa_s->current_bss;
-			fast_reconnect_ssid = wpa_s->current_ssid;
-		} else if (wpa_s->wpa_state >= WPA_ASSOCIATING) {
-			wpa_supplicant_req_scan(wpa_s, 0, 100000);
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new "
-				"immediate scan");
-		}
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not "
-			"try to re-connect");
-		wpa_s->reassociate = 0;
-		wpa_s->disconnected = 1;
-		if (!wpa_s->pno)
-			wpa_supplicant_cancel_sched_scan(wpa_s);
-	}
-	bssid = wpa_s->bssid;
-	if (is_zero_ether_addr(bssid))
-		bssid = wpa_s->pending_bssid;
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-		wpas_connection_failed(wpa_s, bssid);
-	wpa_sm_notify_disassoc(wpa_s->wpa);
-	ptksa_cache_flush(wpa_s->ptksa, wpa_s->bssid, WPA_CIPHER_NONE);
-
-	if (locally_generated)
-		wpa_s->disconnect_reason = -reason_code;
-	else
-		wpa_s->disconnect_reason = reason_code;
-	wpas_notify_disconnect_reason(wpa_s);
-	if (wpa_supplicant_dynamic_keys(wpa_s)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys");
-		wpa_clear_keys(wpa_s, wpa_s->bssid);
-	}
-	last_ssid = wpa_s->current_ssid;
-	wpa_supplicant_mark_disassoc(wpa_s);
-
-	if (curr)
-		wpa_bss_remove(wpa_s, curr, "Connection to AP lost");
-
-	if (authenticating && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) {
-		sme_disassoc_while_authenticating(wpa_s, prev_pending_bssid);
-		wpa_s->current_ssid = last_ssid;
-	}
-
-	if (fast_reconnect &&
-	    !wpas_network_disabled(wpa_s, fast_reconnect_ssid) &&
-	    !disallowed_bssid(wpa_s, fast_reconnect->bssid) &&
-	    !disallowed_ssid(wpa_s, fast_reconnect->ssid,
-			     fast_reconnect->ssid_len) &&
-	    !wpas_temp_disabled(wpa_s, fast_reconnect_ssid) &&
-	    !wpa_is_bss_tmp_disallowed(wpa_s, fast_reconnect)) {
-#ifndef CONFIG_NO_SCAN_PROCESSING
-		wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS");
-		if (wpa_supplicant_connect(wpa_s, fast_reconnect,
-					   fast_reconnect_ssid) < 0) {
-			/* Recover through full scan */
-			wpa_supplicant_req_scan(wpa_s, 0, 100000);
-		}
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-	} else if (fast_reconnect) {
-		/*
-		 * Could not reconnect to the same BSS due to network being
-		 * disabled. Use a new scan to match the alternative behavior
-		 * above, i.e., to continue automatic reconnection attempt in a
-		 * way that enforces disabled network rules.
-		 */
-		wpa_supplicant_req_scan(wpa_s, 0, 100000);
-	}
-}
-
-
-#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
-void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (!wpa_s->pending_mic_error_report)
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report");
-	wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise);
-	wpa_s->pending_mic_error_report = 0;
-}
-#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
-
-
-static void
-wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s,
-					 union wpa_event_data *data)
-{
-	int pairwise;
-	struct os_reltime t;
-
-	wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected");
-	pairwise = (data && data->michael_mic_failure.unicast);
-	os_get_reltime(&t);
-	if ((wpa_s->last_michael_mic_error.sec &&
-	     !os_reltime_expired(&t, &wpa_s->last_michael_mic_error, 60)) ||
-	    wpa_s->pending_mic_error_report) {
-		if (wpa_s->pending_mic_error_report) {
-			/*
-			 * Send the pending MIC error report immediately since
-			 * we are going to start countermeasures and AP better
-			 * do the same.
-			 */
-			wpa_sm_key_request(wpa_s->wpa, 1,
-					   wpa_s->pending_mic_error_pairwise);
-		}
-
-		/* Send the new MIC error report immediately since we are going
-		 * to start countermeasures and AP better do the same.
-		 */
-		wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
-
-		/* initialize countermeasures */
-		wpa_s->countermeasures = 1;
-
-		wpa_bssid_ignore_add(wpa_s, wpa_s->bssid);
-
-		wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started");
-
-		/*
-		 * Need to wait for completion of request frame. We do not get
-		 * any callback for the message completion, so just wait a
-		 * short while and hope for the best. */
-		os_sleep(0, 10000);
-
-		wpa_drv_set_countermeasures(wpa_s, 1);
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_MICHAEL_MIC_FAILURE);
-		eloop_cancel_timeout(wpa_supplicant_stop_countermeasures,
-				     wpa_s, NULL);
-		eloop_register_timeout(60, 0,
-				       wpa_supplicant_stop_countermeasures,
-				       wpa_s, NULL);
-		/* TODO: mark the AP rejected for 60 second. STA is
-		 * allowed to associate with another AP.. */
-	} else {
-#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
-		if (wpa_s->mic_errors_seen) {
-			/*
-			 * Reduce the effectiveness of Michael MIC error
-			 * reports as a means for attacking against TKIP if
-			 * more than one MIC failure is noticed with the same
-			 * PTK. We delay the transmission of the reports by a
-			 * random time between 0 and 60 seconds in order to
-			 * force the attacker wait 60 seconds before getting
-			 * the information on whether a frame resulted in a MIC
-			 * failure.
-			 */
-			u8 rval[4];
-			int sec;
-
-			if (os_get_random(rval, sizeof(rval)) < 0)
-				sec = os_random() % 60;
-			else
-				sec = WPA_GET_BE32(rval) % 60;
-			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error "
-				"report %d seconds", sec);
-			wpa_s->pending_mic_error_report = 1;
-			wpa_s->pending_mic_error_pairwise = pairwise;
-			eloop_cancel_timeout(
-				wpa_supplicant_delayed_mic_error_report,
-				wpa_s, NULL);
-			eloop_register_timeout(
-				sec, os_random() % 1000000,
-				wpa_supplicant_delayed_mic_error_report,
-				wpa_s, NULL);
-		} else {
-			wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
-		}
-#else /* CONFIG_DELAYED_MIC_ERROR_REPORT */
-		wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
-#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
-	}
-	wpa_s->last_michael_mic_error = t;
-	wpa_s->mic_errors_seen++;
-}
-
-
-#ifdef CONFIG_TERMINATE_ONLASTIF
-static int any_interfaces(struct wpa_supplicant *head)
-{
-	struct wpa_supplicant *wpa_s;
-
-	for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next)
-		if (!wpa_s->interface_removed)
-			return 1;
-	return 0;
-}
-#endif /* CONFIG_TERMINATE_ONLASTIF */
-
-
-static void
-wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
-				      union wpa_event_data *data)
-{
-	if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0)
-		return;
-
-	switch (data->interface_status.ievent) {
-	case EVENT_INTERFACE_ADDED:
-		if (!wpa_s->interface_removed)
-			break;
-		wpa_s->interface_removed = 0;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added");
-		if (wpa_supplicant_driver_init(wpa_s) < 0) {
-			wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the "
-				"driver after interface was added");
-		}
-
-#ifdef CONFIG_P2P
-		if (!wpa_s->global->p2p &&
-		    !wpa_s->global->p2p_disabled &&
-		    !wpa_s->conf->p2p_disabled &&
-		    (wpa_s->drv_flags &
-		     WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
-		    wpas_p2p_add_p2pdev_interface(
-			    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
-			wpa_printf(MSG_INFO,
-				   "P2P: Failed to enable P2P Device interface");
-			/* Try to continue without. P2P will be disabled. */
-		}
-#endif /* CONFIG_P2P */
-
-		break;
-	case EVENT_INTERFACE_REMOVED:
-		wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed");
-		wpa_s->interface_removed = 1;
-		wpa_supplicant_mark_disassoc(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
-		l2_packet_deinit(wpa_s->l2);
-		wpa_s->l2 = NULL;
-
-#ifdef CONFIG_P2P
-		if (wpa_s->global->p2p &&
-		    wpa_s->global->p2p_init_wpa_s->parent == wpa_s &&
-		    (wpa_s->drv_flags &
-		     WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Removing P2P Device interface");
-			wpa_supplicant_remove_iface(
-				wpa_s->global, wpa_s->global->p2p_init_wpa_s,
-				0);
-			wpa_s->global->p2p_init_wpa_s = NULL;
-		}
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_MATCH_IFACE
-		if (wpa_s->matched) {
-			wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0);
-			break;
-		}
-#endif /* CONFIG_MATCH_IFACE */
-
-#ifdef CONFIG_TERMINATE_ONLASTIF
-		/* check if last interface */
-		if (!any_interfaces(wpa_s->global->ifaces))
-			eloop_terminate();
-#endif /* CONFIG_TERMINATE_ONLASTIF */
-		break;
-	}
-}
-
-
-#ifdef CONFIG_TDLS
-static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s,
-				      union wpa_event_data *data)
-{
-	if (data == NULL)
-		return;
-	switch (data->tdls.oper) {
-	case TDLS_REQUEST_SETUP:
-		wpa_tdls_remove(wpa_s->wpa, data->tdls.peer);
-		if (wpa_tdls_is_external_setup(wpa_s->wpa))
-			wpa_tdls_start(wpa_s->wpa, data->tdls.peer);
-		else
-			wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, data->tdls.peer);
-		break;
-	case TDLS_REQUEST_TEARDOWN:
-		if (wpa_tdls_is_external_setup(wpa_s->wpa))
-			wpa_tdls_teardown_link(wpa_s->wpa, data->tdls.peer,
-					       data->tdls.reason_code);
-		else
-			wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN,
-					  data->tdls.peer);
-		break;
-	case TDLS_REQUEST_DISCOVER:
-			wpa_tdls_send_discovery_request(wpa_s->wpa,
-							data->tdls.peer);
-		break;
-	}
-}
-#endif /* CONFIG_TDLS */
-
-
-#ifdef CONFIG_WNM
-static void wpa_supplicant_event_wnm(struct wpa_supplicant *wpa_s,
-				     union wpa_event_data *data)
-{
-	if (data == NULL)
-		return;
-	switch (data->wnm.oper) {
-	case WNM_OPER_SLEEP:
-		wpa_printf(MSG_DEBUG, "Start sending WNM-Sleep Request "
-			   "(action=%d, intval=%d)",
-			   data->wnm.sleep_action, data->wnm.sleep_intval);
-		ieee802_11_send_wnmsleep_req(wpa_s, data->wnm.sleep_action,
-					     data->wnm.sleep_intval, NULL);
-		break;
-	}
-}
-#endif /* CONFIG_WNM */
-
-
-#ifdef CONFIG_IEEE80211R
-static void
-wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s,
-				 union wpa_event_data *data)
-{
-	if (data == NULL)
-		return;
-
-	if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies,
-				    data->ft_ies.ies_len,
-				    data->ft_ies.ft_action,
-				    data->ft_ies.target_ap,
-				    data->ft_ies.ric_ies,
-				    data->ft_ies.ric_ies_len) < 0) {
-		/* TODO: prevent MLME/driver from trying to associate? */
-	}
-}
-#endif /* CONFIG_IEEE80211R */
-
-
-#ifdef CONFIG_IBSS_RSN
-static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s,
-						union wpa_event_data *data)
-{
-	struct wpa_ssid *ssid;
-	if (wpa_s->wpa_state < WPA_ASSOCIATED)
-		return;
-	if (data == NULL)
-		return;
-	ssid = wpa_s->current_ssid;
-	if (ssid == NULL)
-		return;
-	if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
-		return;
-
-	ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer);
-}
-
-
-static void wpa_supplicant_event_ibss_auth(struct wpa_supplicant *wpa_s,
-					   union wpa_event_data *data)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid == NULL)
-		return;
-
-	/* check if the ssid is correctly configured as IBSS/RSN */
-	if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
-		return;
-
-	ibss_rsn_handle_auth(wpa_s->ibss_rsn, data->rx_mgmt.frame,
-			     data->rx_mgmt.frame_len);
-}
-#endif /* CONFIG_IBSS_RSN */
-
-
-#ifdef CONFIG_IEEE80211R
-static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data,
-			 size_t len)
-{
-	const u8 *sta_addr, *target_ap_addr;
-	u16 status;
-
-	wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len);
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
-		return; /* only SME case supported for now */
-	if (len < 1 + 2 * ETH_ALEN + 2)
-		return;
-	if (data[0] != 2)
-		return; /* Only FT Action Response is supported for now */
-	sta_addr = data + 1;
-	target_ap_addr = data + 1 + ETH_ALEN;
-	status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN);
-	wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA "
-		MACSTR " TargetAP " MACSTR " status %u",
-		MAC2STR(sta_addr), MAC2STR(target_ap_addr), status);
-
-	if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR
-			" in FT Action Response", MAC2STR(sta_addr));
-		return;
-	}
-
-	if (status) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates "
-			"failure (status code %d)", status);
-		/* TODO: report error to FT code(?) */
-		return;
-	}
-
-	if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2,
-				    len - (1 + 2 * ETH_ALEN + 2), 1,
-				    target_ap_addr, NULL, 0) < 0)
-		return;
-
-#ifdef CONFIG_SME
-	{
-		struct wpa_bss *bss;
-		bss = wpa_bss_get_bssid(wpa_s, target_ap_addr);
-		if (bss)
-			wpa_s->sme.freq = bss->freq;
-		wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT;
-		sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr,
-			      WLAN_AUTH_FT);
-	}
-#endif /* CONFIG_SME */
-}
-#endif /* CONFIG_IEEE80211R */
-
-
-static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s,
-					       struct unprot_deauth *e)
-{
-	wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame "
-		   "dropped: " MACSTR " -> " MACSTR
-		   " (reason code %u)",
-		   MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
-	sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
-}
-
-
-static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s,
-						 struct unprot_disassoc *e)
-{
-	wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame "
-		   "dropped: " MACSTR " -> " MACSTR
-		   " (reason code %u)",
-		   MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
-	sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
-}
-
-
-static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
-				  u16 reason_code, int locally_generated,
-				  const u8 *ie, size_t ie_len, int deauth)
-{
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface && addr) {
-		hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], addr);
-		return;
-	}
-
-	if (wpa_s->ap_iface) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in AP mode");
-		return;
-	}
-#endif /* CONFIG_AP */
-
-	if (!locally_generated)
-		wpa_s->own_disconnect_req = 0;
-
-	wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated);
-
-	if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
-	      ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
-		(wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
-	       eapol_sm_failed(wpa_s->eapol))) &&
-	     !wpa_s->eap_expected_failure))
-		wpas_auth_failed(wpa_s, "AUTH_FAILED");
-
-#ifdef CONFIG_P2P
-	if (deauth && reason_code > 0) {
-		if (wpas_p2p_deauth_notif(wpa_s, addr, reason_code, ie, ie_len,
-					  locally_generated) > 0) {
-			/*
-			 * The interface was removed, so cannot continue
-			 * processing any additional operations after this.
-			 */
-			return;
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	wpa_supplicant_event_disassoc_finish(wpa_s, reason_code,
-					     locally_generated);
-}
-
-
-static void wpas_event_disassoc(struct wpa_supplicant *wpa_s,
-				struct disassoc_info *info)
-{
-	u16 reason_code = 0;
-	int locally_generated = 0;
-	const u8 *addr = NULL;
-	const u8 *ie = NULL;
-	size_t ie_len = 0;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification");
-
-	if (info) {
-		addr = info->addr;
-		ie = info->ie;
-		ie_len = info->ie_len;
-		reason_code = info->reason_code;
-		locally_generated = info->locally_generated;
-		wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s", reason_code,
-			reason2str(reason_code),
-			locally_generated ? " locally_generated=1" : "");
-		if (addr)
-			wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
-				MAC2STR(addr));
-		wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)",
-			    ie, ie_len);
-	}
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface && info && info->addr) {
-		hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], info->addr);
-		return;
-	}
-
-	if (wpa_s->ap_iface) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in AP mode");
-		return;
-	}
-#endif /* CONFIG_AP */
-
-#ifdef CONFIG_P2P
-	if (info) {
-		wpas_p2p_disassoc_notif(
-			wpa_s, info->addr, reason_code, info->ie, info->ie_len,
-			locally_generated);
-	}
-#endif /* CONFIG_P2P */
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
-		sme_event_disassoc(wpa_s, info);
-
-	wpas_event_disconnect(wpa_s, addr, reason_code, locally_generated,
-			      ie, ie_len, 0);
-}
-
-
-static void wpas_event_deauth(struct wpa_supplicant *wpa_s,
-			      struct deauth_info *info)
-{
-	u16 reason_code = 0;
-	int locally_generated = 0;
-	const u8 *addr = NULL;
-	const u8 *ie = NULL;
-	size_t ie_len = 0;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Deauthentication notification");
-
-	if (info) {
-		addr = info->addr;
-		ie = info->ie;
-		ie_len = info->ie_len;
-		reason_code = info->reason_code;
-		locally_generated = info->locally_generated;
-		wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s",
-			reason_code, reason2str(reason_code),
-			locally_generated ? " locally_generated=1" : "");
-		if (addr) {
-			wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
-				MAC2STR(addr));
-		}
-		wpa_hexdump(MSG_DEBUG, "Deauthentication frame IE(s)",
-			    ie, ie_len);
-	}
-
-	wpa_reset_ft_completed(wpa_s->wpa);
-
-	wpas_event_disconnect(wpa_s, addr, reason_code,
-			      locally_generated, ie, ie_len, 1);
-}
-
-
-static const char * reg_init_str(enum reg_change_initiator init)
-{
-	switch (init) {
-	case REGDOM_SET_BY_CORE:
-		return "CORE";
-	case REGDOM_SET_BY_USER:
-		return "USER";
-	case REGDOM_SET_BY_DRIVER:
-		return "DRIVER";
-	case REGDOM_SET_BY_COUNTRY_IE:
-		return "COUNTRY_IE";
-	case REGDOM_BEACON_HINT:
-		return "BEACON_HINT";
-	}
-	return "?";
-}
-
-
-static const char * reg_type_str(enum reg_type type)
-{
-	switch (type) {
-	case REGDOM_TYPE_UNKNOWN:
-		return "UNKNOWN";
-	case REGDOM_TYPE_COUNTRY:
-		return "COUNTRY";
-	case REGDOM_TYPE_WORLD:
-		return "WORLD";
-	case REGDOM_TYPE_CUSTOM_WORLD:
-		return "CUSTOM_WORLD";
-	case REGDOM_TYPE_INTERSECTION:
-		return "INTERSECTION";
-	}
-	return "?";
-}
-
-
-void wpa_supplicant_update_channel_list(struct wpa_supplicant *wpa_s,
-					struct channel_list_changed *info)
-{
-	struct wpa_supplicant *ifs;
-	u8 dfs_domain;
-
-	/*
-	 * To allow backwards compatibility with higher level layers that
-	 * assumed the REGDOM_CHANGE event is sent over the initially added
-	 * interface. Find the highest parent of this interface and use it to
-	 * send the event.
-	 */
-	for (ifs = wpa_s; ifs->parent && ifs != ifs->parent; ifs = ifs->parent)
-		;
-
-	if (info) {
-		wpa_msg(ifs, MSG_INFO,
-			WPA_EVENT_REGDOM_CHANGE "init=%s type=%s%s%s",
-			reg_init_str(info->initiator), reg_type_str(info->type),
-			info->alpha2[0] ? " alpha2=" : "",
-			info->alpha2[0] ? info->alpha2 : "");
-	}
-
-	if (wpa_s->drv_priv == NULL)
-		return; /* Ignore event during drv initialization */
-
-	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
-			 radio_list) {
-		wpa_printf(MSG_DEBUG, "%s: Updating hw mode",
-			   ifs->ifname);
-		free_hw_features(ifs);
-		ifs->hw.modes = wpa_drv_get_hw_feature_data(
-			ifs, &ifs->hw.num_modes, &ifs->hw.flags, &dfs_domain);
-
-		/* Restart PNO/sched_scan with updated channel list */
-		if (ifs->pno) {
-			wpas_stop_pno(ifs);
-			wpas_start_pno(ifs);
-		} else if (ifs->sched_scanning && !ifs->pno_sched_pending) {
-			wpa_dbg(ifs, MSG_DEBUG,
-				"Channel list changed - restart sched_scan");
-			wpas_scan_restart_sched_scan(ifs);
-		}
-	}
-
-	wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DRIVER);
-}
-
-
-static void wpas_event_rx_mgmt_action(struct wpa_supplicant *wpa_s,
-				      const u8 *frame, size_t len, int freq,
-				      int rssi)
-{
-	const struct ieee80211_mgmt *mgmt;
-	const u8 *payload;
-	size_t plen;
-	u8 category;
-
-	if (len < IEEE80211_HDRLEN + 2)
-		return;
-
-	mgmt = (const struct ieee80211_mgmt *) frame;
-	payload = frame + IEEE80211_HDRLEN;
-	category = *payload++;
-	plen = len - IEEE80211_HDRLEN - 1;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR
-		" Category=%u DataLen=%d freq=%d MHz",
-		MAC2STR(mgmt->sa), category, (int) plen, freq);
-
-	if (category == WLAN_ACTION_WMM) {
-		wmm_ac_rx_action(wpa_s, mgmt->da, mgmt->sa, payload, plen);
-		return;
-	}
-
-#ifdef CONFIG_IEEE80211R
-	if (category == WLAN_ACTION_FT) {
-		ft_rx_action(wpa_s, payload, plen);
-		return;
-	}
-#endif /* CONFIG_IEEE80211R */
-
-#ifdef CONFIG_SME
-	if (category == WLAN_ACTION_SA_QUERY) {
-		sme_sa_query_rx(wpa_s, mgmt->da, mgmt->sa, payload, plen);
-		return;
-	}
-#endif /* CONFIG_SME */
-
-#ifdef CONFIG_WNM
-	if (mgmt->u.action.category == WLAN_ACTION_WNM) {
-		ieee802_11_rx_wnm_action(wpa_s, mgmt, len);
-		return;
-	}
-#endif /* CONFIG_WNM */
-
-#ifdef CONFIG_GAS
-	if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC ||
-	     mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) &&
-	    gas_query_rx(wpa_s->gas, mgmt->da, mgmt->sa, mgmt->bssid,
-			 mgmt->u.action.category,
-			 payload, plen, freq) == 0)
-		return;
-#endif /* CONFIG_GAS */
-
-#ifdef CONFIG_GAS_SERVER
-	if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC ||
-	     mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) &&
-	    gas_server_rx(wpa_s->gas_server, mgmt->da, mgmt->sa, mgmt->bssid,
-			  mgmt->u.action.category,
-			  payload, plen, freq) == 0)
-		return;
-#endif /* CONFIG_GAS_SERVER */
-
-#ifdef CONFIG_TDLS
-	if (category == WLAN_ACTION_PUBLIC && plen >= 4 &&
-	    payload[0] == WLAN_TDLS_DISCOVERY_RESPONSE) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"TDLS: Received Discovery Response from " MACSTR,
-			MAC2STR(mgmt->sa));
-		return;
-	}
-#endif /* CONFIG_TDLS */
-
-#ifdef CONFIG_INTERWORKING
-	if (category == WLAN_ACTION_QOS && plen >= 1 &&
-	    payload[0] == QOS_QOS_MAP_CONFIG) {
-		const u8 *pos = payload + 1;
-		size_t qlen = plen - 1;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: Received QoS Map Configure frame from "
-			MACSTR, MAC2STR(mgmt->sa));
-		if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) == 0 &&
-		    qlen > 2 && pos[0] == WLAN_EID_QOS_MAP_SET &&
-		    pos[1] <= qlen - 2 && pos[1] >= 16)
-			wpas_qos_map_set(wpa_s, pos + 2, pos[1]);
-		return;
-	}
-#endif /* CONFIG_INTERWORKING */
-
-	if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
-	    payload[0] == WLAN_RRM_RADIO_MEASUREMENT_REQUEST) {
-		wpas_rrm_handle_radio_measurement_request(wpa_s, mgmt->sa,
-							  mgmt->da,
-							  payload + 1,
-							  plen - 1);
-		return;
-	}
-
-	if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
-	    payload[0] == WLAN_RRM_NEIGHBOR_REPORT_RESPONSE) {
-		wpas_rrm_process_neighbor_rep(wpa_s, payload + 1, plen - 1);
-		return;
-	}
-
-	if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
-	    payload[0] == WLAN_RRM_LINK_MEASUREMENT_REQUEST) {
-		wpas_rrm_handle_link_measurement_request(wpa_s, mgmt->sa,
-							 payload + 1, plen - 1,
-							 rssi);
-		return;
-	}
-
-#ifdef CONFIG_FST
-	if (mgmt->u.action.category == WLAN_ACTION_FST && wpa_s->fst) {
-		fst_rx_action(wpa_s->fst, mgmt, len);
-		return;
-	}
-#endif /* CONFIG_FST */
-
-#ifdef CONFIG_DPP
-	if (category == WLAN_ACTION_PUBLIC && plen >= 5 &&
-	    payload[0] == WLAN_PA_VENDOR_SPECIFIC &&
-	    WPA_GET_BE24(&payload[1]) == OUI_WFA &&
-	    payload[4] == DPP_OUI_TYPE) {
-		payload++;
-		plen--;
-		wpas_dpp_rx_action(wpa_s, mgmt->sa, payload, plen, freq);
-		return;
-	}
-#endif /* CONFIG_DPP */
-
-	if (category == WLAN_ACTION_ROBUST_AV_STREAMING &&
-	    payload[0] == ROBUST_AV_SCS_RESP) {
-		wpas_handle_robust_av_scs_recv_action(wpa_s, mgmt->sa,
-						      payload + 1, plen - 1);
-		return;
-	}
-
-	if (category == WLAN_ACTION_ROBUST_AV_STREAMING &&
-	    payload[0] == ROBUST_AV_MSCS_RESP) {
-		wpas_handle_robust_av_recv_action(wpa_s, mgmt->sa,
-						  payload + 1, plen - 1);
-		return;
-	}
-
-	if (category == WLAN_ACTION_VENDOR_SPECIFIC_PROTECTED && plen > 4 &&
-	    WPA_GET_BE32(payload) == QM_ACTION_VENDOR_TYPE) {
-		wpas_handle_qos_mgmt_recv_action(wpa_s, mgmt->sa,
-						 payload + 4, plen - 4);
-		return;
-	}
-
-	wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
-			   category, payload, plen, freq);
-	if (wpa_s->ifmsh)
-		mesh_mpm_action_rx(wpa_s, mgmt, len);
-}
-
-
-static void wpa_supplicant_notify_avoid_freq(struct wpa_supplicant *wpa_s,
-					     union wpa_event_data *event)
-{
-	struct wpa_freq_range_list *list;
-	char *str = NULL;
-
-	list = &event->freq_range;
-
-	if (list->num)
-		str = freq_range_list_str(list);
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AVOID_FREQ "ranges=%s",
-		str ? str : "");
-
-#ifdef CONFIG_P2P
-	if (freq_range_list_parse(&wpa_s->global->p2p_go_avoid_freq, str)) {
-		wpa_dbg(wpa_s, MSG_ERROR, "%s: Failed to parse freq range",
-			__func__);
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Update channel list based on frequency avoid event");
-
-		/*
-		 * The update channel flow will also take care of moving a GO
-		 * from the unsafe frequency if needed.
-		 */
-		wpas_p2p_update_channel_list(wpa_s,
-					     WPAS_P2P_CHANNEL_UPDATE_AVOID);
-	}
-#endif /* CONFIG_P2P */
-
-	os_free(str);
-}
-
-
-static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->wpa_state == WPA_ASSOCIATED) {
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-		eapol_sm_notify_portValid(wpa_s->eapol, true);
-		eapol_sm_notify_eap_success(wpa_s->eapol, true);
-		wpa_s->drv_authorized_port = 1;
-	}
-}
-
-
-static unsigned int wpas_event_cac_ms(const struct wpa_supplicant *wpa_s,
-				      int freq)
-{
-	size_t i;
-	int j;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		const struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
-
-		for (j = 0; j < mode->num_channels; j++) {
-			const struct hostapd_channel_data *chan;
-
-			chan = &mode->channels[j];
-			if (chan->freq == freq)
-				return chan->dfs_cac_ms;
-		}
-	}
-
-	return 0;
-}
-
-
-static void wpas_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
-				       struct dfs_event *radar)
-{
-#if defined(NEED_AP_MLME) && defined(CONFIG_AP)
-	if (wpa_s->ap_iface || wpa_s->ifmsh) {
-		wpas_ap_event_dfs_cac_started(wpa_s, radar);
-	} else
-#endif /* NEED_AP_MLME && CONFIG_AP */
-	{
-		unsigned int cac_time = wpas_event_cac_ms(wpa_s, radar->freq);
-
-		cac_time /= 1000; /* convert from ms to sec */
-		if (!cac_time)
-			cac_time = 10 * 60; /* max timeout: 10 minutes */
-
-		/* Restart auth timeout: CAC time added to initial timeout */
-		wpas_auth_timeout_restart(wpa_s, cac_time);
-	}
-}
-
-
-static void wpas_event_dfs_cac_finished(struct wpa_supplicant *wpa_s,
-					struct dfs_event *radar)
-{
-#if defined(NEED_AP_MLME) && defined(CONFIG_AP)
-	if (wpa_s->ap_iface || wpa_s->ifmsh) {
-		wpas_ap_event_dfs_cac_finished(wpa_s, radar);
-	} else
-#endif /* NEED_AP_MLME && CONFIG_AP */
-	{
-		/* Restart auth timeout with original value after CAC is
-		 * finished */
-		wpas_auth_timeout_restart(wpa_s, 0);
-	}
-}
-
-
-static void wpas_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s,
-				       struct dfs_event *radar)
-{
-#if defined(NEED_AP_MLME) && defined(CONFIG_AP)
-	if (wpa_s->ap_iface || wpa_s->ifmsh) {
-		wpas_ap_event_dfs_cac_aborted(wpa_s, radar);
-	} else
-#endif /* NEED_AP_MLME && CONFIG_AP */
-	{
-		/* Restart auth timeout with original value after CAC is
-		 * aborted */
-		wpas_auth_timeout_restart(wpa_s, 0);
-	}
-}
-
-
-static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s,
-					    union wpa_event_data *data)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"Connection authorized by device, previous state %d",
-		wpa_s->wpa_state);
-
-	wpa_supplicant_event_port_authorized(wpa_s);
-
-	wpa_s->last_eapol_matches_bssid = 1;
-
-	wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr);
-	wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck,
-			       data->assoc_info.ptk_kck_len,
-			       data->assoc_info.ptk_kek,
-			       data->assoc_info.ptk_kek_len);
-#ifdef CONFIG_FILS
-	if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
-		struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid);
-		const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
-
-		/* Update ERP next sequence number */
-		eapol_sm_update_erp_next_seq_num(
-			wpa_s->eapol, data->assoc_info.fils_erp_next_seq_num);
-
-		if (data->assoc_info.fils_pmk && data->assoc_info.fils_pmkid) {
-			/* Add the new PMK and PMKID to the PMKSA cache */
-			wpa_sm_pmksa_cache_add(wpa_s->wpa,
-					       data->assoc_info.fils_pmk,
-					       data->assoc_info.fils_pmk_len,
-					       data->assoc_info.fils_pmkid,
-					       wpa_s->bssid, fils_cache_id);
-		} else if (data->assoc_info.fils_pmkid) {
-			/* Update the current PMKSA used for this connection */
-			pmksa_cache_set_current(wpa_s->wpa,
-						data->assoc_info.fils_pmkid,
-						NULL, NULL, 0, NULL, 0);
-		}
-	}
-#endif /* CONFIG_FILS */
-}
-
-
-static const char * connect_fail_reason(enum sta_connect_fail_reason_codes code)
-{
-	switch (code) {
-	case STA_CONNECT_FAIL_REASON_UNSPECIFIED:
-		return "";
-	case STA_CONNECT_FAIL_REASON_NO_BSS_FOUND:
-		return "no_bss_found";
-	case STA_CONNECT_FAIL_REASON_AUTH_TX_FAIL:
-		return "auth_tx_fail";
-	case STA_CONNECT_FAIL_REASON_AUTH_NO_ACK_RECEIVED:
-		return "auth_no_ack_received";
-	case STA_CONNECT_FAIL_REASON_AUTH_NO_RESP_RECEIVED:
-		return "auth_no_resp_received";
-	case STA_CONNECT_FAIL_REASON_ASSOC_REQ_TX_FAIL:
-		return "assoc_req_tx_fail";
-	case STA_CONNECT_FAIL_REASON_ASSOC_NO_ACK_RECEIVED:
-		return "assoc_no_ack_received";
-	case STA_CONNECT_FAIL_REASON_ASSOC_NO_RESP_RECEIVED:
-		return "assoc_no_resp_received";
-	default:
-		return "unknown_reason";
-	}
-}
-
-
-static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
-				    union wpa_event_data *data)
-{
-	const u8 *bssid = data->assoc_reject.bssid;
-#ifdef CONFIG_MBO
-	struct wpa_bss *reject_bss;
-#endif /* CONFIG_MBO */
-
-	if (!bssid || is_zero_ether_addr(bssid))
-		bssid = wpa_s->pending_bssid;
-#ifdef CONFIG_MBO
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
-		reject_bss = wpa_s->current_bss;
-	else
-		reject_bss = wpa_bss_get_bssid(wpa_s, bssid);
-#endif /* CONFIG_MBO */
-
-	if (data->assoc_reject.bssid)
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
-			"bssid=" MACSTR	" status_code=%u%s%s%s%s%s",
-			MAC2STR(data->assoc_reject.bssid),
-			data->assoc_reject.status_code,
-			data->assoc_reject.timed_out ? " timeout" : "",
-			data->assoc_reject.timeout_reason ? "=" : "",
-			data->assoc_reject.timeout_reason ?
-			data->assoc_reject.timeout_reason : "",
-			data->assoc_reject.reason_code !=
-			STA_CONNECT_FAIL_REASON_UNSPECIFIED ?
-			" qca_driver_reason=" : "",
-			connect_fail_reason(data->assoc_reject.reason_code));
-	else
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
-			"status_code=%u%s%s%s%s%s",
-			data->assoc_reject.status_code,
-			data->assoc_reject.timed_out ? " timeout" : "",
-			data->assoc_reject.timeout_reason ? "=" : "",
-			data->assoc_reject.timeout_reason ?
-			data->assoc_reject.timeout_reason : "",
-			data->assoc_reject.reason_code !=
-			STA_CONNECT_FAIL_REASON_UNSPECIFIED ?
-			" qca_driver_reason=" : "",
-			connect_fail_reason(data->assoc_reject.reason_code));
-	wpa_s->assoc_status_code = data->assoc_reject.status_code;
-	wpas_notify_assoc_status_code(wpa_s);
-
-#ifdef CONFIG_OWE
-	if (data->assoc_reject.status_code ==
-	    WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
-	    wpa_s->current_ssid &&
-	    wpa_s->current_ssid->owe_group == 0 &&
-	    wpa_s->last_owe_group != 21) {
-		struct wpa_ssid *ssid = wpa_s->current_ssid;
-		struct wpa_bss *bss = wpa_s->current_bss;
-
-		if (!bss) {
-			bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
-			if (!bss) {
-				wpas_connection_failed(wpa_s, bssid);
-				wpa_supplicant_mark_disassoc(wpa_s);
-				return;
-			}
-		}
-		wpa_printf(MSG_DEBUG, "OWE: Try next supported DH group");
-		wpas_connect_work_done(wpa_s);
-		wpa_supplicant_mark_disassoc(wpa_s);
-		wpa_supplicant_connect(wpa_s, bss, ssid);
-		return;
-	}
-#endif /* CONFIG_OWE */
-
-#ifdef CONFIG_DPP2
-	/* Try to follow AP's PFS policy. WLAN_STATUS_ASSOC_DENIED_UNSPEC is
-	 * the status code defined in the DPP R2 tech spec.
-	 * WLAN_STATUS_AKMP_NOT_VALID is addressed in the same manner as an
-	 * interoperability workaround with older hostapd implementation. */
-	if (DPP_VERSION > 1 && wpa_s->current_ssid &&
-	    (wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP ||
-	     ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
-	      wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)) &&
-	    wpa_s->current_ssid->dpp_pfs == 0 &&
-	    (data->assoc_reject.status_code ==
-	     WLAN_STATUS_ASSOC_DENIED_UNSPEC ||
-	     data->assoc_reject.status_code == WLAN_STATUS_AKMP_NOT_VALID)) {
-		struct wpa_ssid *ssid = wpa_s->current_ssid;
-		struct wpa_bss *bss = wpa_s->current_bss;
-
-		wpa_s->current_ssid->dpp_pfs_fallback ^= 1;
-		if (!bss)
-			bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
-		if (!bss || wpa_s->dpp_pfs_fallback) {
-			wpa_printf(MSG_DEBUG,
-				   "DPP: Updated PFS policy for next try");
-			wpas_connection_failed(wpa_s, bssid);
-			wpa_supplicant_mark_disassoc(wpa_s);
-			return;
-		}
-		wpa_printf(MSG_DEBUG, "DPP: Try again with updated PFS policy");
-		wpa_s->dpp_pfs_fallback = 1;
-		wpas_connect_work_done(wpa_s);
-		wpa_supplicant_mark_disassoc(wpa_s);
-		wpa_supplicant_connect(wpa_s, bss, ssid);
-		return;
-	}
-#endif /* CONFIG_DPP2 */
-
-#ifdef CONFIG_MBO
-	if (data->assoc_reject.status_code ==
-	    WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
-	    reject_bss && data->assoc_reject.resp_ies) {
-		const u8 *rssi_rej;
-
-		rssi_rej = mbo_get_attr_from_ies(
-			data->assoc_reject.resp_ies,
-			data->assoc_reject.resp_ies_len,
-			OCE_ATTR_ID_RSSI_BASED_ASSOC_REJECT);
-		if (rssi_rej && rssi_rej[1] == 2) {
-			wpa_printf(MSG_DEBUG,
-				   "OCE: RSSI-based association rejection from "
-				   MACSTR " (Delta RSSI: %u, Retry Delay: %u)",
-				   MAC2STR(reject_bss->bssid),
-				   rssi_rej[2], rssi_rej[3]);
-			wpa_bss_tmp_disallow(wpa_s,
-					     reject_bss->bssid,
-					     rssi_rej[3],
-					     rssi_rej[2] + reject_bss->level);
-		}
-	}
-#endif /* CONFIG_MBO */
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
-		sme_event_assoc_reject(wpa_s, data);
-		return;
-	}
-
-	/* Driver-based SME cases */
-
-#ifdef CONFIG_SAE
-	if (wpa_s->current_ssid &&
-	    wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt) &&
-	    !data->assoc_reject.timed_out) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SAE: Drop PMKSA cache entry");
-		wpa_sm_aborted_cached(wpa_s->wpa);
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_DPP
-	if (wpa_s->current_ssid &&
-	    wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
-	    !data->assoc_reject.timed_out) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
-		wpa_sm_aborted_cached(wpa_s->wpa);
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
-	}
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_FILS
-	/* Update ERP next sequence number */
-	if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
-		fils_pmksa_cache_flush(wpa_s);
-		eapol_sm_update_erp_next_seq_num(
-			wpa_s->eapol,
-			data->assoc_reject.fils_erp_next_seq_num);
-		fils_connection_failure(wpa_s);
-	}
-#endif /* CONFIG_FILS */
-
-	wpas_connection_failed(wpa_s, bssid);
-	wpa_supplicant_mark_disassoc(wpa_s);
-}
-
-
-static void wpas_event_unprot_beacon(struct wpa_supplicant *wpa_s,
-				     struct unprot_beacon *data)
-{
-	struct wpabuf *buf;
-	int res;
-
-	if (!data || wpa_s->wpa_state != WPA_COMPLETED ||
-	    os_memcmp(data->sa, wpa_s->bssid, ETH_ALEN) != 0)
-		return;
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_UNPROT_BEACON MACSTR,
-		MAC2STR(data->sa));
-
-	buf = wpabuf_alloc(4);
-	if (!buf)
-		return;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_WNM);
-	wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
-	wpabuf_put_u8(buf, 1); /* Dialog Token */
-	wpabuf_put_u8(buf, WNM_NOTIF_TYPE_BEACON_PROTECTION_FAILURE);
-
-	res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (res < 0)
-		wpa_printf(MSG_DEBUG,
-			   "Failed to send WNM-Notification Request frame");
-
-	wpabuf_free(buf);
-}
-
-
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
-			  union wpa_event_data *data)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	int resched;
-	struct os_reltime age, clear_at;
-#ifndef CONFIG_NO_STDOUT_DEBUG
-	int level = MSG_DEBUG;
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED &&
-	    event != EVENT_INTERFACE_ENABLED &&
-	    event != EVENT_INTERFACE_STATUS &&
-	    event != EVENT_SCAN_RESULTS &&
-	    event != EVENT_SCHED_SCAN_STOPPED) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Ignore event %s (%d) while interface is disabled",
-			event_to_string(event), event);
-		return;
-	}
-
-#ifndef CONFIG_NO_STDOUT_DEBUG
-	if (event == EVENT_RX_MGMT && data->rx_mgmt.frame_len >= 24) {
-		const struct ieee80211_hdr *hdr;
-		u16 fc;
-		hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
-		fc = le_to_host16(hdr->frame_control);
-		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
-		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
-			level = MSG_EXCESSIVE;
-	}
-
-	wpa_dbg(wpa_s, level, "Event %s (%d) received",
-		event_to_string(event), event);
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-	switch (event) {
-	case EVENT_AUTH:
-#ifdef CONFIG_FST
-		if (!wpas_fst_update_mbie(wpa_s, data->auth.ies,
-					  data->auth.ies_len))
-			wpa_printf(MSG_DEBUG,
-				   "FST: MB IEs updated from auth IE");
-#endif /* CONFIG_FST */
-		sme_event_auth(wpa_s, data);
-		wpa_s->auth_status_code = data->auth.status_code;
-		wpas_notify_auth_status_code(wpa_s);
-		break;
-	case EVENT_ASSOC:
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->ignore_auth_resp) {
-			wpa_printf(MSG_INFO,
-				   "EVENT_ASSOC - ignore_auth_resp active!");
-			break;
-		}
-		if (wpa_s->testing_resend_assoc) {
-			wpa_printf(MSG_INFO,
-				   "EVENT_DEAUTH - testing_resend_assoc");
-			break;
-		}
-#endif /* CONFIG_TESTING_OPTIONS */
-		if (wpa_s->disconnected) {
-			wpa_printf(MSG_INFO,
-				   "Ignore unexpected EVENT_ASSOC in disconnected state");
-			break;
-		}
-		wpa_supplicant_event_assoc(wpa_s, data);
-		wpa_s->assoc_status_code = WLAN_STATUS_SUCCESS;
-		if (data &&
-		    (data->assoc_info.authorized ||
-		     (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-		      wpa_fils_is_completed(wpa_s->wpa))))
-			wpa_supplicant_event_assoc_auth(wpa_s, data);
-		if (data) {
-			wpa_msg(wpa_s, MSG_INFO,
-				WPA_EVENT_SUBNET_STATUS_UPDATE "status=%u",
-				data->assoc_info.subnet_status);
-		}
-		break;
-	case EVENT_DISASSOC:
-		wpas_event_disassoc(wpa_s,
-				    data ? &data->disassoc_info : NULL);
-		break;
-	case EVENT_DEAUTH:
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->ignore_auth_resp) {
-			wpa_printf(MSG_INFO,
-				   "EVENT_DEAUTH - ignore_auth_resp active!");
-			break;
-		}
-		if (wpa_s->testing_resend_assoc) {
-			wpa_printf(MSG_INFO,
-				   "EVENT_DEAUTH - testing_resend_assoc");
-			break;
-		}
-#endif /* CONFIG_TESTING_OPTIONS */
-		wpas_event_deauth(wpa_s,
-				  data ? &data->deauth_info : NULL);
-		break;
-	case EVENT_MICHAEL_MIC_FAILURE:
-		wpa_supplicant_event_michael_mic_failure(wpa_s, data);
-		break;
-#ifndef CONFIG_NO_SCAN_PROCESSING
-	case EVENT_SCAN_STARTED:
-		if (wpa_s->own_scan_requested ||
-		    (data && !data->scan_info.external_scan)) {
-			struct os_reltime diff;
-
-			os_get_reltime(&wpa_s->scan_start_time);
-			os_reltime_sub(&wpa_s->scan_start_time,
-				       &wpa_s->scan_trigger_time, &diff);
-			wpa_dbg(wpa_s, MSG_DEBUG, "Own scan request started a scan in %ld.%06ld seconds",
-				diff.sec, diff.usec);
-			wpa_s->own_scan_requested = 0;
-			wpa_s->own_scan_running = 1;
-			if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
-			    wpa_s->manual_scan_use_id) {
-				wpa_msg_ctrl(wpa_s, MSG_INFO,
-					     WPA_EVENT_SCAN_STARTED "id=%u",
-					     wpa_s->manual_scan_id);
-			} else {
-				wpa_msg_ctrl(wpa_s, MSG_INFO,
-					     WPA_EVENT_SCAN_STARTED);
-			}
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG, "External program started a scan");
-			wpa_s->radio->external_scan_req_interface = wpa_s;
-			wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_STARTED);
-		}
-		break;
-	case EVENT_SCAN_RESULTS:
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-			wpa_s->scan_res_handler = NULL;
-			wpa_s->own_scan_running = 0;
-			wpa_s->radio->external_scan_req_interface = NULL;
-			wpa_s->last_scan_req = NORMAL_SCAN_REQ;
-			break;
-		}
-
-		if (!(data && data->scan_info.external_scan) &&
-		    os_reltime_initialized(&wpa_s->scan_start_time)) {
-			struct os_reltime now, diff;
-			os_get_reltime(&now);
-			os_reltime_sub(&now, &wpa_s->scan_start_time, &diff);
-			wpa_s->scan_start_time.sec = 0;
-			wpa_s->scan_start_time.usec = 0;
-			wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds",
-				diff.sec, diff.usec);
-		}
-		if (wpa_supplicant_event_scan_results(wpa_s, data))
-			break; /* interface may have been removed */
-		if (!(data && data->scan_info.external_scan))
-			wpa_s->own_scan_running = 0;
-		if (data && data->scan_info.nl_scan_event)
-			wpa_s->radio->external_scan_req_interface = NULL;
-		radio_work_check_next(wpa_s);
-		break;
-#endif /* CONFIG_NO_SCAN_PROCESSING */
-	case EVENT_ASSOCINFO:
-		wpa_supplicant_event_associnfo(wpa_s, data);
-		break;
-	case EVENT_INTERFACE_STATUS:
-		wpa_supplicant_event_interface_status(wpa_s, data);
-		break;
-	case EVENT_PMKID_CANDIDATE:
-		wpa_supplicant_event_pmkid_candidate(wpa_s, data);
-		break;
-#ifdef CONFIG_TDLS
-	case EVENT_TDLS:
-		wpa_supplicant_event_tdls(wpa_s, data);
-		break;
-#endif /* CONFIG_TDLS */
-#ifdef CONFIG_WNM
-	case EVENT_WNM:
-		wpa_supplicant_event_wnm(wpa_s, data);
-		break;
-#endif /* CONFIG_WNM */
-#ifdef CONFIG_IEEE80211R
-	case EVENT_FT_RESPONSE:
-		wpa_supplicant_event_ft_response(wpa_s, data);
-		break;
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_IBSS_RSN
-	case EVENT_IBSS_RSN_START:
-		wpa_supplicant_event_ibss_rsn_start(wpa_s, data);
-		break;
-#endif /* CONFIG_IBSS_RSN */
-	case EVENT_ASSOC_REJECT:
-		wpas_event_assoc_reject(wpa_s, data);
-		break;
-	case EVENT_AUTH_TIMED_OUT:
-		/* It is possible to get this event from earlier connection */
-		if (wpa_s->current_ssid &&
-		    wpa_s->current_ssid->mode == WPAS_MODE_MESH) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Ignore AUTH_TIMED_OUT in mesh configuration");
-			break;
-		}
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
-			sme_event_auth_timed_out(wpa_s, data);
-		break;
-	case EVENT_ASSOC_TIMED_OUT:
-		/* It is possible to get this event from earlier connection */
-		if (wpa_s->current_ssid &&
-		    wpa_s->current_ssid->mode == WPAS_MODE_MESH) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Ignore ASSOC_TIMED_OUT in mesh configuration");
-			break;
-		}
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
-			sme_event_assoc_timed_out(wpa_s, data);
-		break;
-	case EVENT_TX_STATUS:
-		wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR
-			" type=%d stype=%d",
-			MAC2STR(data->tx_status.dst),
-			data->tx_status.type, data->tx_status.stype);
-#ifdef CONFIG_PASN
-		if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
-		    data->tx_status.stype == WLAN_FC_STYPE_AUTH &&
-		    wpas_pasn_auth_tx_status(wpa_s, data->tx_status.data,
-					     data->tx_status.data_len,
-					     data->tx_status.ack) == 0)
-			break;
-#endif /* CONFIG_PASN */
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface == NULL) {
-#ifdef CONFIG_OFFCHANNEL
-			if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
-			    data->tx_status.stype == WLAN_FC_STYPE_ACTION)
-				offchannel_send_action_tx_status(
-					wpa_s, data->tx_status.dst,
-					data->tx_status.data,
-					data->tx_status.data_len,
-					data->tx_status.ack ?
-					OFFCHANNEL_SEND_ACTION_SUCCESS :
-					OFFCHANNEL_SEND_ACTION_NO_ACK);
-#endif /* CONFIG_OFFCHANNEL */
-			break;
-		}
-#endif /* CONFIG_AP */
-#ifdef CONFIG_OFFCHANNEL
-		wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst="
-			MACSTR, MAC2STR(wpa_s->p2pdev->pending_action_dst));
-		/*
-		 * Catch TX status events for Action frames we sent via group
-		 * interface in GO mode, or via standalone AP interface.
-		 * Note, wpa_s->p2pdev will be the same as wpa_s->parent,
-		 * except when the primary interface is used as a GO interface
-		 * (for drivers which do not have group interface concurrency)
-		 */
-		if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
-		    data->tx_status.stype == WLAN_FC_STYPE_ACTION &&
-		    os_memcmp(wpa_s->p2pdev->pending_action_dst,
-			      data->tx_status.dst, ETH_ALEN) == 0) {
-			offchannel_send_action_tx_status(
-				wpa_s->p2pdev, data->tx_status.dst,
-				data->tx_status.data,
-				data->tx_status.data_len,
-				data->tx_status.ack ?
-				OFFCHANNEL_SEND_ACTION_SUCCESS :
-				OFFCHANNEL_SEND_ACTION_NO_ACK);
-			break;
-		}
-#endif /* CONFIG_OFFCHANNEL */
-#ifdef CONFIG_AP
-		switch (data->tx_status.type) {
-		case WLAN_FC_TYPE_MGMT:
-			ap_mgmt_tx_cb(wpa_s, data->tx_status.data,
-				      data->tx_status.data_len,
-				      data->tx_status.stype,
-				      data->tx_status.ack);
-			break;
-		case WLAN_FC_TYPE_DATA:
-			ap_tx_status(wpa_s, data->tx_status.dst,
-				     data->tx_status.data,
-				     data->tx_status.data_len,
-				     data->tx_status.ack);
-			break;
-		}
-#endif /* CONFIG_AP */
-		break;
-#ifdef CONFIG_AP
-	case EVENT_EAPOL_TX_STATUS:
-		ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst,
-				   data->eapol_tx_status.data,
-				   data->eapol_tx_status.data_len,
-				   data->eapol_tx_status.ack);
-		break;
-	case EVENT_DRIVER_CLIENT_POLL_OK:
-		ap_client_poll_ok(wpa_s, data->client_poll.addr);
-		break;
-	case EVENT_RX_FROM_UNKNOWN:
-		if (wpa_s->ap_iface == NULL)
-			break;
-		ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr,
-				       data->rx_from_unknown.wds);
-		break;
-#endif /* CONFIG_AP */
-
-	case EVENT_CH_SWITCH_STARTED:
-	case EVENT_CH_SWITCH:
-		if (!data || !wpa_s->current_ssid)
-			break;
-
-		wpa_msg(wpa_s, MSG_INFO,
-			"%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
-			event == EVENT_CH_SWITCH ? WPA_EVENT_CHANNEL_SWITCH :
-			WPA_EVENT_CHANNEL_SWITCH_STARTED,
-			data->ch_switch.freq,
-			data->ch_switch.ht_enabled,
-			data->ch_switch.ch_offset,
-			channel_width_to_string(data->ch_switch.ch_width),
-			data->ch_switch.cf1,
-			data->ch_switch.cf2);
-		if (event == EVENT_CH_SWITCH_STARTED)
-			break;
-
-		wpa_s->assoc_freq = data->ch_switch.freq;
-		wpa_s->current_ssid->frequency = data->ch_switch.freq;
-		if (wpa_s->current_bss &&
-		    wpa_s->current_bss->freq != data->ch_switch.freq) {
-			wpa_s->current_bss->freq = data->ch_switch.freq;
-			notify_bss_changes(wpa_s, WPA_BSS_FREQ_CHANGED_FLAG,
-					   wpa_s->current_bss);
-		}
-
-#ifdef CONFIG_SME
-		switch (data->ch_switch.ch_offset) {
-		case 1:
-			wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
-			break;
-		case -1:
-			wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
-			break;
-		default:
-			wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
-			break;
-		}
-#endif /* CONFIG_SME */
-
-#ifdef CONFIG_AP
-		if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
-		    wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO ||
-		    wpa_s->current_ssid->mode == WPAS_MODE_MESH ||
-		    wpa_s->current_ssid->mode ==
-		    WPAS_MODE_P2P_GROUP_FORMATION) {
-			wpas_ap_ch_switch(wpa_s, data->ch_switch.freq,
-					  data->ch_switch.ht_enabled,
-					  data->ch_switch.ch_offset,
-					  data->ch_switch.ch_width,
-					  data->ch_switch.cf1,
-					  data->ch_switch.cf2,
-					  1);
-		}
-#endif /* CONFIG_AP */
-
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
-			sme_event_ch_switch(wpa_s);
-
-		wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_CS);
-		wnm_clear_coloc_intf_reporting(wpa_s);
-		break;
-#ifdef CONFIG_AP
-#ifdef NEED_AP_MLME
-	case EVENT_DFS_RADAR_DETECTED:
-		if (data)
-			wpas_ap_event_dfs_radar_detected(wpa_s,
-							 &data->dfs_event);
-		break;
-	case EVENT_DFS_NOP_FINISHED:
-		if (data)
-			wpas_ap_event_dfs_cac_nop_finished(wpa_s,
-							   &data->dfs_event);
-		break;
-#endif /* NEED_AP_MLME */
-#endif /* CONFIG_AP */
-	case EVENT_DFS_CAC_STARTED:
-		if (data)
-			wpas_event_dfs_cac_started(wpa_s, &data->dfs_event);
-		break;
-	case EVENT_DFS_CAC_FINISHED:
-		if (data)
-			wpas_event_dfs_cac_finished(wpa_s, &data->dfs_event);
-		break;
-	case EVENT_DFS_CAC_ABORTED:
-		if (data)
-			wpas_event_dfs_cac_aborted(wpa_s, &data->dfs_event);
-		break;
-	case EVENT_RX_MGMT: {
-		u16 fc, stype;
-		const struct ieee80211_mgmt *mgmt;
-
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->ext_mgmt_frame_handling) {
-			struct rx_mgmt *rx = &data->rx_mgmt;
-			size_t hex_len = 2 * rx->frame_len + 1;
-			char *hex = os_malloc(hex_len);
-			if (hex) {
-				wpa_snprintf_hex(hex, hex_len,
-						 rx->frame, rx->frame_len);
-				wpa_msg(wpa_s, MSG_INFO, "MGMT-RX freq=%d datarate=%u ssi_signal=%d %s",
-					rx->freq, rx->datarate, rx->ssi_signal,
-					hex);
-				os_free(hex);
-			}
-			break;
-		}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-		mgmt = (const struct ieee80211_mgmt *)
-			data->rx_mgmt.frame;
-		fc = le_to_host16(mgmt->frame_control);
-		stype = WLAN_FC_GET_STYPE(fc);
-
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface == NULL) {
-#endif /* CONFIG_AP */
-#ifdef CONFIG_P2P
-			if (stype == WLAN_FC_STYPE_PROBE_REQ &&
-			    data->rx_mgmt.frame_len > IEEE80211_HDRLEN) {
-				const u8 *src = mgmt->sa;
-				const u8 *ie;
-				size_t ie_len;
-
-				ie = data->rx_mgmt.frame + IEEE80211_HDRLEN;
-				ie_len = data->rx_mgmt.frame_len -
-					IEEE80211_HDRLEN;
-				wpas_p2p_probe_req_rx(
-					wpa_s, src, mgmt->da,
-					mgmt->bssid, ie, ie_len,
-					data->rx_mgmt.freq,
-					data->rx_mgmt.ssi_signal);
-				break;
-			}
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_IBSS_RSN
-			if (wpa_s->current_ssid &&
-			    wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
-			    stype == WLAN_FC_STYPE_AUTH &&
-			    data->rx_mgmt.frame_len >= 30) {
-				wpa_supplicant_event_ibss_auth(wpa_s, data);
-				break;
-			}
-#endif /* CONFIG_IBSS_RSN */
-
-			if (stype == WLAN_FC_STYPE_ACTION) {
-				wpas_event_rx_mgmt_action(
-					wpa_s, data->rx_mgmt.frame,
-					data->rx_mgmt.frame_len,
-					data->rx_mgmt.freq,
-					data->rx_mgmt.ssi_signal);
-				break;
-			}
-
-			if (wpa_s->ifmsh) {
-				mesh_mpm_mgmt_rx(wpa_s, &data->rx_mgmt);
-				break;
-			}
-#ifdef CONFIG_PASN
-			if (stype == WLAN_FC_STYPE_AUTH &&
-			    wpas_pasn_auth_rx(wpa_s, mgmt,
-					      data->rx_mgmt.frame_len) != -2)
-				break;
-#endif /* CONFIG_PASN */
-
-#ifdef CONFIG_SAE
-			if (stype == WLAN_FC_STYPE_AUTH &&
-			    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-			    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
-				sme_external_auth_mgmt_rx(
-					wpa_s, data->rx_mgmt.frame,
-					data->rx_mgmt.frame_len);
-				break;
-			}
-#endif /* CONFIG_SAE */
-			wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received "
-				"management frame in non-AP mode");
-			break;
-#ifdef CONFIG_AP
-		}
-
-		if (stype == WLAN_FC_STYPE_PROBE_REQ &&
-		    data->rx_mgmt.frame_len > IEEE80211_HDRLEN) {
-			const u8 *ie;
-			size_t ie_len;
-
-			ie = data->rx_mgmt.frame + IEEE80211_HDRLEN;
-			ie_len = data->rx_mgmt.frame_len - IEEE80211_HDRLEN;
-
-			wpas_notify_preq(wpa_s, mgmt->sa, mgmt->da,
-					 mgmt->bssid, ie, ie_len,
-					 data->rx_mgmt.ssi_signal);
-		}
-
-		ap_mgmt_rx(wpa_s, &data->rx_mgmt);
-#endif /* CONFIG_AP */
-		break;
-		}
-	case EVENT_RX_PROBE_REQ:
-		if (data->rx_probe_req.sa == NULL ||
-		    data->rx_probe_req.ie == NULL)
-			break;
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface) {
-			hostapd_probe_req_rx(wpa_s->ap_iface->bss[0],
-					     data->rx_probe_req.sa,
-					     data->rx_probe_req.da,
-					     data->rx_probe_req.bssid,
-					     data->rx_probe_req.ie,
-					     data->rx_probe_req.ie_len,
-					     data->rx_probe_req.ssi_signal);
-			break;
-		}
-#endif /* CONFIG_AP */
-		wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa,
-				      data->rx_probe_req.da,
-				      data->rx_probe_req.bssid,
-				      data->rx_probe_req.ie,
-				      data->rx_probe_req.ie_len,
-				      0,
-				      data->rx_probe_req.ssi_signal);
-		break;
-	case EVENT_REMAIN_ON_CHANNEL:
-#ifdef CONFIG_OFFCHANNEL
-		offchannel_remain_on_channel_cb(
-			wpa_s, data->remain_on_channel.freq,
-			data->remain_on_channel.duration);
-#endif /* CONFIG_OFFCHANNEL */
-		wpas_p2p_remain_on_channel_cb(
-			wpa_s, data->remain_on_channel.freq,
-			data->remain_on_channel.duration);
-#ifdef CONFIG_DPP
-		wpas_dpp_remain_on_channel_cb(
-			wpa_s, data->remain_on_channel.freq,
-			data->remain_on_channel.duration);
-#endif /* CONFIG_DPP */
-		break;
-	case EVENT_CANCEL_REMAIN_ON_CHANNEL:
-#ifdef CONFIG_OFFCHANNEL
-		offchannel_cancel_remain_on_channel_cb(
-			wpa_s, data->remain_on_channel.freq);
-#endif /* CONFIG_OFFCHANNEL */
-		wpas_p2p_cancel_remain_on_channel_cb(
-			wpa_s, data->remain_on_channel.freq);
-#ifdef CONFIG_DPP
-		wpas_dpp_cancel_remain_on_channel_cb(
-			wpa_s, data->remain_on_channel.freq);
-#endif /* CONFIG_DPP */
-		break;
-	case EVENT_EAPOL_RX:
-		wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src,
-					data->eapol_rx.data,
-					data->eapol_rx.data_len);
-		break;
-	case EVENT_SIGNAL_CHANGE:
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE
-			"above=%d signal=%d noise=%d txrate=%d",
-			data->signal_change.above_threshold,
-			data->signal_change.current_signal,
-			data->signal_change.current_noise,
-			data->signal_change.current_txrate);
-		wpa_bss_update_level(wpa_s->current_bss,
-				     data->signal_change.current_signal);
-		bgscan_notify_signal_change(
-			wpa_s, data->signal_change.above_threshold,
-			data->signal_change.current_signal,
-			data->signal_change.current_noise,
-			data->signal_change.current_txrate);
-		break;
-	case EVENT_INTERFACE_MAC_CHANGED:
-		wpa_supplicant_update_mac_addr(wpa_s);
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
-		break;
-	case EVENT_INTERFACE_ENABLED:
-		wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled");
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-			u8 addr[ETH_ALEN];
-
-			eloop_cancel_timeout(wpas_clear_disabled_interface,
-					     wpa_s, NULL);
-			os_memcpy(addr, wpa_s->own_addr, ETH_ALEN);
-			wpa_supplicant_update_mac_addr(wpa_s);
-			if (os_memcmp(addr, wpa_s->own_addr, ETH_ALEN) != 0)
-				wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
-			else
-				wpa_sm_pmksa_cache_reconfig(wpa_s->wpa);
-			wpa_supplicant_set_default_scan_ies(wpa_s);
-			if (wpa_s->p2p_mgmt) {
-				wpa_supplicant_set_state(wpa_s,
-							 WPA_DISCONNECTED);
-				break;
-			}
-
-#ifdef CONFIG_AP
-			if (!wpa_s->ap_iface) {
-				wpa_supplicant_set_state(wpa_s,
-							 WPA_DISCONNECTED);
-				wpa_s->scan_req = NORMAL_SCAN_REQ;
-				wpa_supplicant_req_scan(wpa_s, 0, 0);
-			} else
-				wpa_supplicant_set_state(wpa_s,
-							 WPA_COMPLETED);
-#else /* CONFIG_AP */
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-			wpa_supplicant_req_scan(wpa_s, 0, 0);
-#endif /* CONFIG_AP */
-		}
-		break;
-	case EVENT_INTERFACE_DISABLED:
-		wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled");
-#ifdef CONFIG_P2P
-		if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO ||
-		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group &&
-		     wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)) {
-			/*
-			 * Mark interface disabled if this happens to end up not
-			 * being removed as a separate P2P group interface.
-			 */
-			wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
-			/*
-			 * The interface was externally disabled. Remove
-			 * it assuming an external entity will start a
-			 * new session if needed.
-			 */
-			if (wpa_s->current_ssid &&
-			    wpa_s->current_ssid->p2p_group)
-				wpas_p2p_interface_unavailable(wpa_s);
-			else
-				wpas_p2p_disconnect(wpa_s);
-			/*
-			 * wpa_s instance may have been freed, so must not use
-			 * it here anymore.
-			 */
-			break;
-		}
-		if (wpa_s->p2p_scan_work && wpa_s->global->p2p &&
-		    p2p_in_progress(wpa_s->global->p2p) > 1) {
-			/* This radio work will be cancelled, so clear P2P
-			 * state as well.
-			 */
-			p2p_stop_find(wpa_s->global->p2p);
-		}
-#endif /* CONFIG_P2P */
-
-		if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-			/*
-			 * Indicate disconnection to keep ctrl_iface events
-			 * consistent.
-			 */
-			wpa_supplicant_event_disassoc(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING, 1);
-		}
-		wpa_supplicant_mark_disassoc(wpa_s);
-		os_reltime_age(&wpa_s->last_scan, &age);
-		if (age.sec >= wpa_s->conf->scan_res_valid_for_connect) {
-			clear_at.sec = wpa_s->conf->scan_res_valid_for_connect;
-			clear_at.usec = 0;
-		} else {
-			struct os_reltime tmp;
-
-			tmp.sec = wpa_s->conf->scan_res_valid_for_connect;
-			tmp.usec = 0;
-			os_reltime_sub(&tmp, &age, &clear_at);
-		}
-		eloop_register_timeout(clear_at.sec, clear_at.usec,
-				       wpas_clear_disabled_interface,
-				       wpa_s, NULL);
-		radio_remove_works(wpa_s, NULL, 0);
-
-		wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
-		break;
-	case EVENT_CHANNEL_LIST_CHANGED:
-		wpa_supplicant_update_channel_list(
-			wpa_s, &data->channel_list_changed);
-		break;
-	case EVENT_INTERFACE_UNAVAILABLE:
-		wpas_p2p_interface_unavailable(wpa_s);
-		break;
-	case EVENT_BEST_CHANNEL:
-		wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received "
-			"(%d %d %d)",
-			data->best_chan.freq_24, data->best_chan.freq_5,
-			data->best_chan.freq_overall);
-		wpa_s->best_24_freq = data->best_chan.freq_24;
-		wpa_s->best_5_freq = data->best_chan.freq_5;
-		wpa_s->best_overall_freq = data->best_chan.freq_overall;
-		wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24,
-					      data->best_chan.freq_5,
-					      data->best_chan.freq_overall);
-		break;
-	case EVENT_UNPROT_DEAUTH:
-		wpa_supplicant_event_unprot_deauth(wpa_s,
-						   &data->unprot_deauth);
-		break;
-	case EVENT_UNPROT_DISASSOC:
-		wpa_supplicant_event_unprot_disassoc(wpa_s,
-						     &data->unprot_disassoc);
-		break;
-	case EVENT_STATION_LOW_ACK:
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface && data)
-			hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0],
-						  data->low_ack.addr);
-#endif /* CONFIG_AP */
-#ifdef CONFIG_TDLS
-		if (data)
-			wpa_tdls_disable_unreachable_link(wpa_s->wpa,
-							  data->low_ack.addr);
-#endif /* CONFIG_TDLS */
-		break;
-	case EVENT_IBSS_PEER_LOST:
-#ifdef CONFIG_IBSS_RSN
-		ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer);
-#endif /* CONFIG_IBSS_RSN */
-		break;
-	case EVENT_DRIVER_GTK_REKEY:
-		if (os_memcmp(data->driver_gtk_rekey.bssid,
-			      wpa_s->bssid, ETH_ALEN))
-			break;
-		if (!wpa_s->wpa)
-			break;
-		wpa_sm_update_replay_ctr(wpa_s->wpa,
-					 data->driver_gtk_rekey.replay_ctr);
-		break;
-	case EVENT_SCHED_SCAN_STOPPED:
-		wpa_s->sched_scanning = 0;
-		resched = wpa_s->scanning && wpas_scan_scheduled(wpa_s);
-		wpa_supplicant_notify_scanning(wpa_s, 0);
-
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
-			break;
-
-		/*
-		 * If the driver stopped scanning without being requested to,
-		 * request a new scan to continue scanning for networks.
-		 */
-		if (!wpa_s->sched_scan_stop_req &&
-		    wpa_s->wpa_state == WPA_SCANNING) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Restart scanning after unexpected sched_scan stop event");
-			wpa_supplicant_req_scan(wpa_s, 1, 0);
-			break;
-		}
-
-		wpa_s->sched_scan_stop_req = 0;
-
-		/*
-		 * Start a new sched scan to continue searching for more SSIDs
-		 * either if timed out or PNO schedule scan is pending.
-		 */
-		if (wpa_s->sched_scan_timed_out) {
-			wpa_supplicant_req_sched_scan(wpa_s);
-		} else if (wpa_s->pno_sched_pending) {
-			wpa_s->pno_sched_pending = 0;
-			wpas_start_pno(wpa_s);
-		} else if (resched) {
-			wpa_supplicant_req_scan(wpa_s, 0, 0);
-		}
-
-		break;
-	case EVENT_WPS_BUTTON_PUSHED:
-#ifdef CONFIG_WPS
-		wpas_wps_start_pbc(wpa_s, NULL, 0, 0);
-#endif /* CONFIG_WPS */
-		break;
-	case EVENT_AVOID_FREQUENCIES:
-		wpa_supplicant_notify_avoid_freq(wpa_s, data);
-		break;
-	case EVENT_CONNECT_FAILED_REASON:
-#ifdef CONFIG_AP
-		if (!wpa_s->ap_iface || !data)
-			break;
-		hostapd_event_connect_failed_reason(
-			wpa_s->ap_iface->bss[0],
-			data->connect_failed_reason.addr,
-			data->connect_failed_reason.code);
-#endif /* CONFIG_AP */
-		break;
-	case EVENT_NEW_PEER_CANDIDATE:
-#ifdef CONFIG_MESH
-		if (!wpa_s->ifmsh || !data)
-			break;
-		wpa_mesh_notify_peer(wpa_s, data->mesh_peer.peer,
-				     data->mesh_peer.ies,
-				     data->mesh_peer.ie_len);
-#endif /* CONFIG_MESH */
-		break;
-	case EVENT_SURVEY:
-#ifdef CONFIG_AP
-		if (!wpa_s->ap_iface)
-			break;
-		hostapd_event_get_survey(wpa_s->ap_iface,
-					 &data->survey_results);
-#endif /* CONFIG_AP */
-		break;
-	case EVENT_ACS_CHANNEL_SELECTED:
-#ifdef CONFIG_AP
-#ifdef CONFIG_ACS
-		if (!wpa_s->ap_iface)
-			break;
-		hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
-					     &data->acs_selected_channels);
-#endif /* CONFIG_ACS */
-#endif /* CONFIG_AP */
-		break;
-	case EVENT_P2P_LO_STOP:
-#ifdef CONFIG_P2P
-		wpa_s->p2p_lo_started = 0;
-		wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_LISTEN_OFFLOAD_STOP
-			P2P_LISTEN_OFFLOAD_STOP_REASON "reason=%d",
-			data->p2p_lo_stop.reason_code);
-#endif /* CONFIG_P2P */
-		break;
-	case EVENT_BEACON_LOSS:
-		if (!wpa_s->current_bss || !wpa_s->current_ssid)
-			break;
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_BEACON_LOSS);
-		bgscan_notify_beacon_loss(wpa_s);
-		break;
-	case EVENT_EXTERNAL_AUTH:
-#ifdef CONFIG_SAE
-		if (!wpa_s->current_ssid) {
-			wpa_printf(MSG_DEBUG, "SAE: current_ssid is NULL");
-			break;
-		}
-		sme_external_auth_trigger(wpa_s, data);
-#endif /* CONFIG_SAE */
-		break;
-	case EVENT_PORT_AUTHORIZED:
-		wpa_supplicant_event_port_authorized(wpa_s);
-		break;
-	case EVENT_STATION_OPMODE_CHANGED:
-#ifdef CONFIG_AP
-		if (!wpa_s->ap_iface || !data)
-			break;
-
-		hostapd_event_sta_opmode_changed(wpa_s->ap_iface->bss[0],
-						 data->sta_opmode.addr,
-						 data->sta_opmode.smps_mode,
-						 data->sta_opmode.chan_width,
-						 data->sta_opmode.rx_nss);
-#endif /* CONFIG_AP */
-		break;
-	case EVENT_UNPROT_BEACON:
-		wpas_event_unprot_beacon(wpa_s, &data->unprot_beacon);
-		break;
-	default:
-		wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event);
-		break;
-	}
-}
-
-
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
-				 union wpa_event_data *data)
-{
-	struct wpa_supplicant *wpa_s;
-
-	if (event != EVENT_INTERFACE_STATUS)
-		return;
-
-	wpa_s = wpa_supplicant_get_iface(ctx, data->interface_status.ifname);
-	if (wpa_s && wpa_s->driver->get_ifindex) {
-		unsigned int ifindex;
-
-		ifindex = wpa_s->driver->get_ifindex(wpa_s->drv_priv);
-		if (ifindex != data->interface_status.ifindex) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"interface status ifindex %d mismatch (%d)",
-				ifindex, data->interface_status.ifindex);
-			return;
-		}
-	}
-#ifdef CONFIG_MATCH_IFACE
-	else if (data->interface_status.ievent == EVENT_INTERFACE_ADDED) {
-		struct wpa_interface *wpa_i;
-
-		wpa_i = wpa_supplicant_match_iface(
-			ctx, data->interface_status.ifname);
-		if (!wpa_i)
-			return;
-		wpa_s = wpa_supplicant_add_iface(ctx, wpa_i, NULL);
-		os_free(wpa_i);
-	}
-#endif /* CONFIG_MATCH_IFACE */
-
-	if (wpa_s)
-		wpa_supplicant_event(wpa_s, event, data);
-}
diff --git a/wpa_supplicant/examples/60_wpa_supplicant b/wpa_supplicant/examples/60_wpa_supplicant
deleted file mode 100755
index 39bd8e09b589..000000000000
--- a/wpa_supplicant/examples/60_wpa_supplicant
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-
-# /etc/pm/sleep.d/60_wpa_supplicant
-# Action script to notify wpa_supplicant of pm-action events.
-
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-
-WPACLI=wpa_cli
-
-case "$1" in
-	suspend|hibernate)
-		$WPACLI suspend
-		;;
-	resume|thaw)
-		$WPACLI resume
-		;;
-esac
-
-exit 0
diff --git a/wpa_supplicant/examples/dbus-listen-preq.py b/wpa_supplicant/examples/dbus-listen-preq.py
deleted file mode 100755
index 337519f4e927..000000000000
--- a/wpa_supplicant/examples/dbus-listen-preq.py
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/usr/bin/python
-
-from __future__ import print_function
-import dbus
-import sys
-import time
-import gobject
-from dbus.mainloop.glib import DBusGMainLoop
-
-WPAS_DBUS_SERVICE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_INTERFACE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_OPATH = "/fi/w1/wpa_supplicant1"
-WPAS_DBUS_INTERFACES_INTERFACE = "fi.w1.wpa_supplicant1.Interface"
-
-def usage():
-	print("Usage: %s <ifname>" % sys.argv[0])
-	print("Press Ctrl-C to stop")
-
-def ProbeRequest(args):
-	if 'addr' in args:
-		print('%.2x:%.2x:%.2x:%.2x:%.2x:%.2x' % tuple(args['addr']),
-                      end=' ')
-	if 'dst' in args:
-		print('-> %.2x:%.2x:%.2x:%.2x:%.2x:%.2x' % tuple(args['dst']),
-                      end=' ')
-	if 'bssid' in args:
-		print('(bssid %.2x:%.2x:%.2x:%.2x:%.2x:%.2x)' % tuple(args['dst']),
-                      end=' ')
-	if 'signal' in args:
-		print('signal:%d' % args['signal'], end=' ')
-	if 'ies' in args:
-		print('have IEs (%d bytes)' % len(args['ies']), end=' ')
-        print('')
-
-if __name__ == "__main__":
-	global bus
-	global wpas_obj
-	global if_obj
-	global p2p_iface
-
-	dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
-
-	bus = dbus.SystemBus()
-	wpas_obj = bus.get_object(WPAS_DBUS_SERVICE, WPAS_DBUS_OPATH)
-
-	# Print list of i/f if no one is specified
-	if (len(sys.argv) < 2)  :
-		usage()
-		sys.exit(0)
-
-	wpas = dbus.Interface(wpas_obj, WPAS_DBUS_INTERFACE)
-
-	ifname = sys.argv[1]
-
-	path = wpas.GetInterface(ifname)
-
-	if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-	iface = dbus.Interface(if_obj, WPAS_DBUS_INTERFACES_INTERFACE)
-
-	bus.add_signal_receiver(ProbeRequest,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="ProbeRequest")
-
-	iface.SubscribeProbeReq()
-
-	gobject.MainLoop().run()
diff --git a/wpa_supplicant/examples/dpp-nfc.py b/wpa_supplicant/examples/dpp-nfc.py
deleted file mode 100755
index 8e865f3fcd33..000000000000
--- a/wpa_supplicant/examples/dpp-nfc.py
+++ /dev/null
@@ -1,1186 +0,0 @@
-#!/usr/bin/python3
-#
-# Example nfcpy to wpa_supplicant wrapper for DPP NFC operations
-# Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi>
-# Copyright (c) 2019-2020, The Linux Foundation
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import binascii
-import errno
-import os
-import struct
-import sys
-import time
-import threading
-import argparse
-
-import nfc
-import ndef
-
-import logging
-
-scriptsdir = os.path.dirname(os.path.realpath(sys.modules[__name__].__file__))
-sys.path.append(os.path.join(scriptsdir, '..', '..', 'wpaspy'))
-import wpaspy
-
-wpas_ctrl = '/var/run/wpa_supplicant'
-ifname = None
-init_on_touch = False
-in_raw_mode = False
-prev_tcgetattr = 0
-no_input = False
-continue_loop = True
-terminate_now = False
-summary_file = None
-success_file = None
-netrole = None
-operation_success = False
-mutex = threading.Lock()
-
-C_NORMAL = '\033[0m'
-C_RED = '\033[91m'
-C_GREEN = '\033[92m'
-C_YELLOW = '\033[93m'
-C_BLUE = '\033[94m'
-C_MAGENTA = '\033[95m'
-C_CYAN = '\033[96m'
-
-def summary(txt, color=None):
-    with mutex:
-        if color:
-            print(color + txt + C_NORMAL)
-        else:
-            print(txt)
-        if summary_file:
-            with open(summary_file, 'a') as f:
-                f.write(txt + "\n")
-
-def success_report(txt):
-    summary(txt)
-    if success_file:
-        with open(success_file, 'a') as f:
-            f.write(txt + "\n")
-
-def wpas_connect():
-    ifaces = []
-    if os.path.isdir(wpas_ctrl):
-        try:
-            ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)]
-        except OSError as error:
-            summary("Could not find wpa_supplicant: %s", str(error))
-            return None
-
-    if len(ifaces) < 1:
-        summary("No wpa_supplicant control interface found")
-        return None
-
-    for ctrl in ifaces:
-        if ifname and ifname not in ctrl:
-            continue
-        if os.path.basename(ctrl).startswith("p2p-dev-"):
-            # skip P2P management interface
-            continue
-        try:
-            summary("Trying to use control interface " + ctrl)
-            wpas = wpaspy.Ctrl(ctrl)
-            return wpas
-        except Exception as e:
-            pass
-    summary("Could not connect to wpa_supplicant")
-    return None
-
-def dpp_nfc_uri_process(uri):
-    wpas = wpas_connect()
-    if wpas is None:
-        return False
-    peer_id = wpas.request("DPP_NFC_URI " + uri)
-    if "FAIL" in peer_id:
-        summary("Could not parse DPP URI from NFC URI record", color=C_RED)
-        return False
-    peer_id = int(peer_id)
-    summary("peer_id=%d for URI from NFC Tag: %s" % (peer_id, uri))
-    cmd = "DPP_AUTH_INIT peer=%d" % peer_id
-    global enrollee_only, configurator_only, config_params
-    if enrollee_only:
-        cmd += " role=enrollee"
-    elif configurator_only:
-        cmd += " role=configurator"
-    if config_params:
-        cmd += " " + config_params
-    summary("Initiate DPP authentication: " + cmd)
-    res = wpas.request(cmd)
-    if "OK" not in res:
-        summary("Failed to initiate DPP Authentication", color=C_RED)
-        return False
-    summary("DPP Authentication initiated")
-    return True
-
-def dpp_hs_tag_read(record):
-    wpas = wpas_connect()
-    if wpas is None:
-        return False
-    summary(record)
-    if len(record.data) < 5:
-        summary("Too short DPP HS", color=C_RED)
-        return False
-    if record.data[0] != 0:
-        summary("Unexpected URI Identifier Code", color=C_RED)
-        return False
-    uribuf = record.data[1:]
-    try:
-        uri = uribuf.decode()
-    except:
-        summary("Invalid URI payload", color=C_RED)
-        return False
-    summary("URI: " + uri)
-    if not uri.startswith("DPP:"):
-        summary("Not a DPP URI", color=C_RED)
-        return False
-    return dpp_nfc_uri_process(uri)
-
-def get_status(wpas, extra=None):
-    if extra:
-        extra = "-" + extra
-    else:
-        extra = ""
-    res = wpas.request("STATUS" + extra)
-    lines = res.splitlines()
-    vals = dict()
-    for l in lines:
-        try:
-            [name, value] = l.split('=', 1)
-        except ValueError:
-            summary("Ignore unexpected status line: %s" % l)
-            continue
-        vals[name] = value
-    return vals
-
-def get_status_field(wpas, field, extra=None):
-    vals = get_status(wpas, extra)
-    if field in vals:
-        return vals[field]
-    return None
-
-def own_addr(wpas):
-    addr = get_status_field(wpas, "address")
-    if addr is None:
-        addr = get_status_field(wpas, "bssid[0]")
-    return addr
-
-def dpp_bootstrap_gen(wpas, type="qrcode", chan=None, mac=None, info=None,
-                      curve=None, key=None):
-    cmd = "DPP_BOOTSTRAP_GEN type=" + type
-    if chan:
-        cmd += " chan=" + chan
-    if mac:
-        if mac is True:
-            mac = own_addr(wpas)
-        if mac is None:
-            summary("Could not determine local MAC address for bootstrap info")
-        else:
-            cmd += " mac=" + mac.replace(':', '')
-    if info:
-        cmd += " info=" + info
-    if curve:
-        cmd += " curve=" + curve
-    if key:
-        cmd += " key=" + key
-    res = wpas.request(cmd)
-    if "FAIL" in res:
-        raise Exception("Failed to generate bootstrapping info")
-    return int(res)
-
-def dpp_start_listen(wpas, freq):
-    if get_status_field(wpas, "bssid[0]"):
-        summary("Own AP freq: %s MHz" % str(get_status_field(wpas, "freq")))
-        if get_status_field(wpas, "beacon_set", extra="DRIVER") is None:
-            summary("Enable beaconing to have radio ready for RX")
-            wpas.request("DISABLE")
-            wpas.request("SET start_disabled 0")
-            wpas.request("ENABLE")
-    cmd = "DPP_LISTEN %d" % freq
-    global enrollee_only
-    global configurator_only
-    if enrollee_only:
-        cmd += " role=enrollee"
-    elif configurator_only:
-        cmd += " role=configurator"
-    global netrole
-    if netrole:
-        cmd += " netrole=" + netrole
-    summary(cmd)
-    res = wpas.request(cmd)
-    if "OK" not in res:
-        summary("Failed to start DPP listen", color=C_RED)
-        return False
-    return True
-
-def wpas_get_nfc_uri(start_listen=True, pick_channel=False, chan_override=None):
-    listen_freq = 2412
-    wpas = wpas_connect()
-    if wpas is None:
-        return None
-    global own_id, chanlist
-    if chan_override:
-        chan = chan_override
-    else:
-        chan = chanlist
-    if chan and chan.startswith("81/"):
-        listen_freq = int(chan[3:].split(',')[0]) * 5 + 2407
-    if chan is None and get_status_field(wpas, "bssid[0]"):
-        freq = get_status_field(wpas, "freq")
-        if freq:
-            freq = int(freq)
-            if freq >= 2412 and freq <= 2462:
-                chan = "81/%d" % ((freq - 2407) / 5)
-                summary("Use current AP operating channel (%d MHz) as the URI channel list (%s)" % (freq, chan))
-                listen_freq = freq
-    if chan is None and pick_channel:
-        chan = "81/6"
-        summary("Use channel 2437 MHz since no other preference provided")
-        listen_freq = 2437
-    own_id = dpp_bootstrap_gen(wpas, type="nfc-uri", chan=chan, mac=True)
-    res = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % own_id).rstrip()
-    if "FAIL" in res:
-        return None
-    if start_listen:
-        if not dpp_start_listen(wpas, listen_freq):
-            raise Exception("Failed to start listen operation on %d MHz" % listen_freq)
-    return res
-
-def wpas_report_handover_req(uri):
-    wpas = wpas_connect()
-    if wpas is None:
-        return None
-    global own_id
-    cmd = "DPP_NFC_HANDOVER_REQ own=%d uri=%s" % (own_id, uri)
-    return wpas.request(cmd)
-
-def wpas_report_handover_sel(uri):
-    wpas = wpas_connect()
-    if wpas is None:
-        return None
-    global own_id
-    cmd = "DPP_NFC_HANDOVER_SEL own=%d uri=%s" % (own_id, uri)
-    return wpas.request(cmd)
-
-def dpp_handover_client(handover, alt=False):
-    summary("About to start run_dpp_handover_client (alt=%s)" % str(alt))
-    if alt:
-        handover.i_m_selector = False
-    run_dpp_handover_client(handover, alt)
-    summary("Done run_dpp_handover_client (alt=%s)" % str(alt))
-
-def run_client_alt(handover, alt):
-    if handover.start_client_alt and not alt:
-        handover.start_client_alt = False
-        summary("Try to send alternative handover request")
-        dpp_handover_client(handover, alt=True)
-
-class HandoverClient(nfc.handover.HandoverClient):
-    def __init__(self, handover, llc):
-        super(HandoverClient, self).__init__(llc)
-        self.handover = handover
-
-    def recv_records(self, timeout=None):
-        msg = self.recv_octets(timeout)
-        if msg is None:
-            return None
-        records = list(ndef.message_decoder(msg, 'relax'))
-        if records and records[0].type == 'urn:nfc:wkt:Hs':
-            summary("Handover client received message '{0}'".format(records[0].type))
-            return list(ndef.message_decoder(msg, 'relax'))
-        summary("Handover client received invalid message: %s" + binascii.hexlify(msg))
-        return None
-
-    def recv_octets(self, timeout=None):
-        start = time.time()
-        msg = bytearray()
-        while True:
-            poll_timeout = 0.1 if timeout is None or timeout > 0.1 else timeout
-            if not self.socket.poll('recv', poll_timeout):
-                if timeout:
-                    timeout -= time.time() - start
-                    if timeout <= 0:
-                        return None
-                    start = time.time()
-                continue
-            try:
-                r = self.socket.recv()
-                if r is None:
-                    return None
-                msg += r
-            except TypeError:
-                return b''
-            try:
-                list(ndef.message_decoder(msg, 'strict', {}))
-                return bytes(msg)
-            except ndef.DecodeError:
-                if timeout:
-                    timeout -= time.time() - start
-                    if timeout <= 0:
-                        return None
-                    start = time.time()
-                continue
-        return None
-
-def run_dpp_handover_client(handover, alt=False):
-    chan_override = None
-    if alt:
-        chan_override = handover.altchanlist
-        handover.alt_proposal_used = True
-    global test_uri, test_alt_uri
-    if test_uri:
-        summary("TEST MODE: Using specified URI (alt=%s)" % str(alt))
-        uri = test_alt_uri if alt else test_uri
-    else:
-        uri = wpas_get_nfc_uri(start_listen=False, chan_override=chan_override)
-    if uri is None:
-        summary("Cannot start handover client - no bootstrap URI available",
-                color=C_RED)
-        return
-    handover.my_uri = uri
-    uri = ndef.UriRecord(uri)
-    summary("NFC URI record for DPP: " + str(uri))
-    carrier = ndef.Record('application/vnd.wfa.dpp', 'A', uri.data)
-    global test_crn
-    if test_crn:
-        prev, = struct.unpack('>H', test_crn)
-        summary("TEST MODE: Use specified crn %d" % prev)
-        crn = test_crn
-        test_crn = struct.pack('>H', prev + 0x10)
-    else:
-        crn = os.urandom(2)
-    hr = ndef.HandoverRequestRecord(version="1.4", crn=crn)
-    hr.add_alternative_carrier('active', carrier.name)
-    message = [hr, carrier]
-    summary("NFC Handover Request message for DPP: " + str(message))
-
-    if handover.peer_crn is not None and not alt:
-        summary("NFC handover request from peer was already received - do not send own")
-        return
-    if handover.client:
-        summary("Use already started handover client")
-        client = handover.client
-    else:
-        summary("Start handover client")
-        client = HandoverClient(handover, handover.llc)
-        try:
-            summary("Trying to initiate NFC connection handover")
-            client.connect()
-            summary("Connected for handover")
-        except nfc.llcp.ConnectRefused:
-            summary("Handover connection refused")
-            client.close()
-            return
-        except Exception as e:
-            summary("Other exception: " + str(e))
-            client.close()
-            return
-        handover.client = client
-
-    if handover.peer_crn is not None and not alt:
-        summary("NFC handover request from peer was already received - do not send own")
-        return
-
-    summary("Sending handover request")
-
-    handover.my_crn_ready = True
-
-    if not client.send_records(message):
-        handover.my_crn_ready = False
-        summary("Failed to send handover request", color=C_RED)
-        run_client_alt(handover, alt)
-        return
-
-    handover.my_crn, = struct.unpack('>H', crn)
-
-    summary("Receiving handover response")
-    try:
-        start = time.time()
-        message = client.recv_records(timeout=3.0)
-        end = time.time()
-        summary("Received {} record(s) in {} seconds".format(len(message) if message is not None else -1, end - start))
-    except Exception as e:
-        # This is fine if we are the handover selector
-        if handover.hs_sent:
-            summary("Client receive failed as expected since I'm the handover server: %s" % str(e))
-        elif handover.alt_proposal_used and not alt:
-            summary("Client received failed for initial proposal as expected since alternative proposal was also used: %s" % str(e))
-        else:
-            summary("Client receive failed: %s" % str(e), color=C_RED)
-        message = None
-    if message is None:
-        if handover.hs_sent:
-            summary("No response received as expected since I'm the handover server")
-        elif handover.alt_proposal_used and not alt:
-            summary("No response received for initial proposal as expected since alternative proposal was also used")
-        elif handover.try_own and not alt:
-            summary("No response received for initial proposal as expected since alternative proposal will also be sent")
-        else:
-            summary("No response received", color=C_RED)
-        run_client_alt(handover, alt)
-        return
-    summary("Received message: " + str(message))
-    if len(message) < 1 or \
-       not isinstance(message[0], ndef.HandoverSelectRecord):
-        summary("Response was not Hs - received: " + message.type)
-        return
-
-    summary("Received handover select message")
-    summary("alternative carriers: " + str(message[0].alternative_carriers))
-    if handover.i_m_selector:
-        summary("Ignore the received select since I'm the handover selector")
-        run_client_alt(handover, alt)
-        return
-
-    if handover.alt_proposal_used and not alt:
-        summary("Ignore received handover select for the initial proposal since alternative proposal was sent")
-        client.close()
-        return
-
-    dpp_found = False
-    for carrier in message:
-        if isinstance(carrier, ndef.HandoverSelectRecord):
-            continue
-        summary("Remote carrier type: " + carrier.type)
-        if carrier.type == "application/vnd.wfa.dpp":
-            if len(carrier.data) == 0 or carrier.data[0] != 0:
-                summary("URI Identifier Code 'None' not seen", color=C_RED)
-                continue
-            summary("DPP carrier type match - send to wpa_supplicant")
-            dpp_found = True
-            uri = carrier.data[1:].decode("utf-8")
-            summary("DPP URI: " + uri)
-            handover.peer_uri = uri
-            if test_uri:
-                summary("TEST MODE: Fake processing")
-                break
-            res = wpas_report_handover_sel(uri)
-            if res is None or "FAIL" in res:
-                summary("DPP handover report rejected", color=C_RED)
-                break
-
-            success_report("DPP handover reported successfully (initiator)")
-            summary("peer_id=" + res)
-            peer_id = int(res)
-            wpas = wpas_connect()
-            if wpas is None:
-                break
-
-            global enrollee_only
-            global config_params
-            if enrollee_only:
-                extra = " role=enrollee"
-            elif config_params:
-                extra = " role=configurator " + config_params
-            else:
-                # TODO: Single Configurator instance
-                res = wpas.request("DPP_CONFIGURATOR_ADD")
-                if "FAIL" in res:
-                    summary("Failed to initiate Configurator", color=C_RED)
-                    break
-                conf_id = int(res)
-                extra = " conf=sta-dpp configurator=%d" % conf_id
-            global own_id
-            summary("Initiate DPP authentication")
-            cmd = "DPP_AUTH_INIT peer=%d own=%d" % (peer_id, own_id)
-            cmd += extra
-            res = wpas.request(cmd)
-            if "FAIL" in res:
-                summary("Failed to initiate DPP authentication", color=C_RED)
-            break
-
-    if not dpp_found and handover.no_alt_proposal:
-        summary("DPP carrier not seen in response - do not allow alternative proposal anymore")
-    elif not dpp_found:
-        summary("DPP carrier not seen in response - allow peer to initiate a new handover with different parameters")
-        handover.alt_proposal = True
-        handover.my_crn_ready = False
-        handover.my_crn = None
-        handover.peer_crn = None
-        handover.hs_sent = False
-        summary("Returning from dpp_handover_client")
-        return
-
-    summary("Remove peer")
-    handover.close()
-    summary("Done with handover")
-    global only_one
-    if only_one:
-        print("only_one -> stop loop")
-        global continue_loop
-        continue_loop = False
-
-    global no_wait
-    if no_wait or only_one:
-        summary("Trying to exit..")
-        global terminate_now
-        terminate_now = True
-
-    summary("Returning from dpp_handover_client")
-
-class HandoverServer(nfc.handover.HandoverServer):
-    def __init__(self, handover, llc):
-        super(HandoverServer, self).__init__(llc)
-        self.sent_carrier = None
-        self.ho_server_processing = False
-        self.success = False
-        self.llc = llc
-        self.handover = handover
-
-    def serve(self, socket):
-        peer_sap = socket.getpeername()
-        summary("Serving handover client on remote sap {0}".format(peer_sap))
-        send_miu = socket.getsockopt(nfc.llcp.SO_SNDMIU)
-        try:
-            while socket.poll("recv"):
-                req = bytearray()
-                while socket.poll("recv"):
-                    r = socket.recv()
-                    if r is None:
-                        return None
-                    summary("Received %d octets" % len(r))
-                    req += r
-                    if len(req) == 0:
-                        continue
-                    try:
-                        list(ndef.message_decoder(req, 'strict', {}))
-                    except ndef.DecodeError:
-                        continue
-                    summary("Full message received")
-                    resp = self._process_request_data(req)
-                    if resp is None or len(resp) == 0:
-                        summary("No handover select to send out - wait for a possible alternative handover request")
-                        handover.alt_proposal = True
-                        req = bytearray()
-                        continue
-
-                    for offset in range(0, len(resp), send_miu):
-                        if not socket.send(resp[offset:offset + send_miu]):
-                            summary("Failed to send handover select - connection closed")
-                            return
-                    summary("Sent out full handover select")
-                    if handover.terminate_on_hs_send_completion:
-                        handover.delayed_exit()
-
-        except nfc.llcp.Error as e:
-            global terminate_now
-            summary("HandoverServer exception: %s" % e,
-                    color=None if e.errno == errno.EPIPE or terminate_now else C_RED)
-        finally:
-            socket.close()
-            summary("Handover serve thread exiting")
-
-    def process_handover_request_message(self, records):
-        handover = self.handover
-        self.ho_server_processing = True
-        global in_raw_mode
-        was_in_raw_mode = in_raw_mode
-        clear_raw_mode()
-        if was_in_raw_mode:
-            print("\n")
-        summary("HandoverServer - request received: " + str(records))
-
-        for carrier in records:
-            if not isinstance(carrier, ndef.HandoverRequestRecord):
-                continue
-            if carrier.collision_resolution_number:
-                handover.peer_crn = carrier.collision_resolution_number
-                summary("peer_crn: %d" % handover.peer_crn)
-
-        if handover.my_crn is None and handover.my_crn_ready:
-            summary("Still trying to send own handover request - wait a moment to see if that succeeds before checking crn values")
-            for i in range(10):
-                if handover.my_crn is not None:
-                    break
-                time.sleep(0.01)
-        if handover.my_crn is not None:
-            summary("my_crn: %d" % handover.my_crn)
-
-        if handover.my_crn is not None and handover.peer_crn is not None:
-            if handover.my_crn == handover.peer_crn:
-                summary("Same crn used - automatic collision resolution failed")
-                # TODO: Should generate a new Handover Request message
-                return ''
-            if ((handover.my_crn & 1) == (handover.peer_crn & 1) and \
-                handover.my_crn > handover.peer_crn) or \
-               ((handover.my_crn & 1) != (handover.peer_crn & 1) and \
-                handover.my_crn < handover.peer_crn):
-                summary("I'm the Handover Selector Device")
-                handover.i_m_selector = True
-            else:
-                summary("Peer is the Handover Selector device")
-                summary("Ignore the received request.")
-                return ''
-
-        hs = ndef.HandoverSelectRecord('1.4')
-        sel = [hs]
-
-        found = False
-
-        for carrier in records:
-            if isinstance(carrier, ndef.HandoverRequestRecord):
-                continue
-            summary("Remote carrier type: " + carrier.type)
-            if carrier.type == "application/vnd.wfa.dpp":
-                summary("DPP carrier type match - add DPP carrier record")
-                if len(carrier.data) == 0 or carrier.data[0] != 0:
-                    summary("URI Identifier Code 'None' not seen", color=C_RED)
-                    continue
-                uri = carrier.data[1:].decode("utf-8")
-                summary("Received DPP URI: " + uri)
-
-                global test_uri, test_alt_uri
-                if test_uri:
-                    summary("TEST MODE: Using specified URI")
-                    data = test_sel_uri if test_sel_uri else test_uri
-                elif handover.alt_proposal and handover.altchanlist:
-                    summary("Use alternative channel list while processing alternative proposal from peer")
-                    data = wpas_get_nfc_uri(start_listen=False,
-                                            chan_override=handover.altchanlist,
-                                            pick_channel=True)
-                else:
-                    data = wpas_get_nfc_uri(start_listen=False,
-                                            pick_channel=True)
-                summary("Own URI (pre-processing): %s" % data)
-
-                if test_uri:
-                    summary("TEST MODE: Fake processing")
-                    res = "OK"
-                    data += " [%s]" % uri
-                else:
-                    res = wpas_report_handover_req(uri)
-                if res is None or "FAIL" in res:
-                    summary("DPP handover request processing failed",
-                            color=C_RED)
-                    if handover.altchanlist:
-                        data = wpas_get_nfc_uri(start_listen=False,
-                                                chan_override=handover.altchanlist)
-                        summary("Own URI (try another channel list): %s" % data)
-                    continue
-
-                if test_alt_uri:
-                    summary("TEST MODE: Reject initial proposal")
-                    continue
-
-                found = True
-
-                if not test_uri:
-                    wpas = wpas_connect()
-                    if wpas is None:
-                        continue
-                    global own_id
-                    data = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % own_id).rstrip()
-                    if "FAIL" in data:
-                        continue
-                summary("Own URI (post-processing): %s" % data)
-                handover.my_uri = data
-                handover.peer_uri = uri
-                uri = ndef.UriRecord(data)
-                summary("Own bootstrapping NFC URI record: " + str(uri))
-
-                if not test_uri:
-                    info = wpas.request("DPP_BOOTSTRAP_INFO %d" % own_id)
-                    freq = None
-                    for line in info.splitlines():
-                        if line.startswith("use_freq="):
-                            freq = int(line.split('=')[1])
-                    if freq is None or freq == 0:
-                        summary("No channel negotiated over NFC - use channel 6")
-                        freq = 2437
-                    else:
-                        summary("Negotiated channel: %d MHz" % freq)
-                    if not dpp_start_listen(wpas, freq):
-                        break
-
-                carrier = ndef.Record('application/vnd.wfa.dpp', 'A', uri.data)
-                summary("Own DPP carrier record: " + str(carrier))
-                hs.add_alternative_carrier('active', carrier.name)
-                sel = [hs, carrier]
-                break
-
-        summary("Sending handover select: " + str(sel))
-        if found:
-            summary("Handover completed successfully")
-            handover.terminate_on_hs_send_completion = True
-            self.success = True
-            handover.hs_sent = True
-            handover.i_m_selector = True
-        elif handover.no_alt_proposal:
-            summary("Do not try alternative proposal anymore - handover failed",
-                    color=C_RED)
-            handover.hs_sent = True
-        else:
-            summary("Try to initiate with alternative parameters")
-            handover.try_own = True
-            handover.hs_sent = False
-            handover.no_alt_proposal = True
-            if handover.client_thread:
-                handover.start_client_alt = True
-            else:
-                handover.client_thread = threading.Thread(target=llcp_worker,
-                                                          args=(self.llc, True))
-                handover.client_thread.start()
-        return sel
-
-def clear_raw_mode():
-    import sys, tty, termios
-    global prev_tcgetattr, in_raw_mode
-    if not in_raw_mode:
-        return
-    fd = sys.stdin.fileno()
-    termios.tcsetattr(fd, termios.TCSADRAIN, prev_tcgetattr)
-    in_raw_mode = False
-
-def getch():
-    import sys, tty, termios, select
-    global prev_tcgetattr, in_raw_mode
-    fd = sys.stdin.fileno()
-    prev_tcgetattr = termios.tcgetattr(fd)
-    ch = None
-    try:
-        tty.setraw(fd)
-        in_raw_mode = True
-        [i, o, e] = select.select([fd], [], [], 0.05)
-        if i:
-            ch = sys.stdin.read(1)
-    finally:
-        termios.tcsetattr(fd, termios.TCSADRAIN, prev_tcgetattr)
-        in_raw_mode = False
-    return ch
-
-def dpp_tag_read(tag):
-    success = False
-    for record in tag.ndef.records:
-        summary(record)
-        summary("record type " + record.type)
-        if record.type == "application/vnd.wfa.dpp":
-            summary("DPP HS tag - send to wpa_supplicant")
-            success = dpp_hs_tag_read(record)
-            break
-        if isinstance(record, ndef.UriRecord):
-            summary("URI record: uri=" + record.uri)
-            summary("URI record: iri=" + record.iri)
-            if record.iri.startswith("DPP:"):
-                summary("DPP URI")
-                if not dpp_nfc_uri_process(record.iri):
-                    break
-                success = True
-            else:
-                summary("Ignore unknown URI")
-            break
-
-    if success:
-        success_report("Tag read succeeded")
-
-    return success
-
-def rdwr_connected_write_tag(tag):
-    summary("Tag found - writing - " + str(tag))
-    if not tag.ndef:
-        summary("Not a formatted NDEF tag", color=C_RED)
-        return
-    if not tag.ndef.is_writeable:
-        summary("Not a writable tag", color=C_RED)
-        return
-    global dpp_tag_data
-    if tag.ndef.capacity < len(dpp_tag_data):
-        summary("Not enough room for the message")
-        return
-    try:
-        tag.ndef.records = dpp_tag_data
-    except ValueError as e:
-        summary("Writing the tag failed: %s" % str(e), color=C_RED)
-        return
-    success_report("Tag write succeeded")
-    summary("Tag writing completed - remove tag", color=C_GREEN)
-    global only_one, operation_success
-    operation_success = True
-    if only_one:
-        global continue_loop
-        continue_loop = False
-    global dpp_sel_wait_remove
-    return dpp_sel_wait_remove
-
-def write_nfc_uri(clf, wait_remove=True):
-    summary("Write NFC URI record")
-    data = wpas_get_nfc_uri()
-    if data is None:
-        summary("Could not get NFC URI from wpa_supplicant", color=C_RED)
-        return
-
-    global dpp_sel_wait_remove
-    dpp_sel_wait_remove = wait_remove
-    summary("URI: %s" % data)
-    uri = ndef.UriRecord(data)
-    summary(uri)
-
-    summary("Touch an NFC tag to write URI record", color=C_CYAN)
-    global dpp_tag_data
-    dpp_tag_data = [uri]
-    clf.connect(rdwr={'on-connect': rdwr_connected_write_tag})
-
-def write_nfc_hs(clf, wait_remove=True):
-    summary("Write NFC Handover Select record on a tag")
-    data = wpas_get_nfc_uri()
-    if data is None:
-        summary("Could not get NFC URI from wpa_supplicant", color=C_RED)
-        return
-
-    global dpp_sel_wait_remove
-    dpp_sel_wait_remove = wait_remove
-    summary("URI: %s" % data)
-    uri = ndef.UriRecord(data)
-    summary(uri)
-    carrier = ndef.Record('application/vnd.wfa.dpp', 'A', uri.data)
-    hs = ndef.HandoverSelectRecord('1.4')
-    hs.add_alternative_carrier('active', carrier.name)
-    summary(hs)
-    summary(carrier)
-
-    summary("Touch an NFC tag to write HS record", color=C_CYAN)
-    global dpp_tag_data
-    dpp_tag_data = [hs, carrier]
-    summary(dpp_tag_data)
-    clf.connect(rdwr={'on-connect': rdwr_connected_write_tag})
-
-def rdwr_connected(tag):
-    global only_one, no_wait
-    summary("Tag connected: " + str(tag))
-
-    if tag.ndef:
-        summary("NDEF tag: " + tag.type)
-        summary(tag.ndef.records)
-        success = dpp_tag_read(tag)
-        if only_one and success:
-            global continue_loop
-            continue_loop = False
-    else:
-        summary("Not an NDEF tag - remove tag", color=C_RED)
-        return True
-
-    return not no_wait
-
-def llcp_worker(llc, try_alt):
-    global handover
-    print("Start of llcp_worker()")
-    if try_alt:
-        summary("Starting handover client (try_alt)")
-        dpp_handover_client(handover, alt=True)
-        summary("Exiting llcp_worker thread (try_alt)")
-        return
-    global init_on_touch
-    if init_on_touch:
-        summary("Starting handover client (init_on_touch)")
-        dpp_handover_client(handover)
-        summary("Exiting llcp_worker thread (init_on_touch)")
-        return
-
-    global no_input
-    if no_input:
-        summary("Wait for handover to complete")
-    else:
-        print("Wait for handover to complete - press 'i' to initiate")
-    while not handover.wait_connection and handover.srv.sent_carrier is None:
-        if handover.try_own:
-            handover.try_own = False
-            summary("Try to initiate another handover with own parameters")
-            handover.my_crn_ready = False
-            handover.my_crn = None
-            handover.peer_crn = None
-            handover.hs_sent = False
-            dpp_handover_client(handover, alt=True)
-            summary("Exiting llcp_worker thread (retry with own parameters)")
-            return
-        if handover.srv.ho_server_processing:
-            time.sleep(0.025)
-        elif no_input:
-            time.sleep(0.5)
-        else:
-            res = getch()
-            if res != 'i':
-                continue
-            clear_raw_mode()
-            summary("Starting handover client")
-            dpp_handover_client(handover)
-            summary("Exiting llcp_worker thread (manual init)")
-            return
-
-    global in_raw_mode
-    was_in_raw_mode = in_raw_mode
-    clear_raw_mode()
-    if was_in_raw_mode:
-        print("\r")
-    summary("Exiting llcp_worker thread")
-
-class ConnectionHandover():
-    def __init__(self):
-        self.client = None
-        self.client_thread = None
-        self.reset()
-        self.exit_thread = None
-
-    def reset(self):
-        self.wait_connection = False
-        self.my_crn_ready = False
-        self.my_crn = None
-        self.peer_crn = None
-        self.hs_sent = False
-        self.no_alt_proposal = False
-        self.alt_proposal_used = False
-        self.i_m_selector = False
-        self.start_client_alt = False
-        self.terminate_on_hs_send_completion = False
-        self.try_own = False
-        self.my_uri = None
-        self.peer_uri = None
-        self.connected = False
-        self.alt_proposal = False
-
-    def start_handover_server(self, llc):
-        summary("Start handover server")
-        self.llc = llc
-        self.srv = HandoverServer(self, llc)
-
-    def close(self):
-        if self.client:
-            self.client.close()
-            self.client = None
-
-    def run_delayed_exit(self):
-        summary("Trying to exit (delayed)..")
-        time.sleep(0.25)
-        summary("Trying to exit (after wait)..")
-        global terminate_now
-        terminate_now = True
-
-    def delayed_exit(self):
-        global only_one
-        if only_one:
-            self.exit_thread = threading.Thread(target=self.run_delayed_exit)
-            self.exit_thread.start()
-
-def llcp_startup(llc):
-    global handover
-    handover.start_handover_server(llc)
-    return llc
-
-def llcp_connected(llc):
-    summary("P2P LLCP connected")
-    global handover
-    handover.connected = True
-    handover.srv.start()
-    if init_on_touch or not no_input:
-        handover.client_thread = threading.Thread(target=llcp_worker,
-                                                  args=(llc, False))
-        handover.client_thread.start()
-    return True
-
-def llcp_release(llc):
-    summary("LLCP release")
-    global handover
-    handover.close()
-    return True
-
-def terminate_loop():
-    global terminate_now
-    return terminate_now
-
-def main():
-    clf = nfc.ContactlessFrontend()
-
-    parser = argparse.ArgumentParser(description='nfcpy to wpa_supplicant integration for DPP NFC operations')
-    parser.add_argument('-d', const=logging.DEBUG, default=logging.INFO,
-                        action='store_const', dest='loglevel',
-                        help='verbose debug output')
-    parser.add_argument('-q', const=logging.WARNING, action='store_const',
-                        dest='loglevel', help='be quiet')
-    parser.add_argument('--only-one', '-1', action='store_true',
-                        help='run only one operation and exit')
-    parser.add_argument('--init-on-touch', '-I', action='store_true',
-                        help='initiate handover on touch')
-    parser.add_argument('--no-wait', action='store_true',
-                        help='do not wait for tag to be removed before exiting')
-    parser.add_argument('--ifname', '-i',
-                        help='network interface name')
-    parser.add_argument('--no-input', '-a', action='store_true',
-                        help='do not use stdout input to initiate handover')
-    parser.add_argument('--tag-read-only', '-t', action='store_true',
-                        help='tag read only (do not allow connection handover)')
-    parser.add_argument('--handover-only', action='store_true',
-                        help='connection handover only (do not allow tag read)')
-    parser.add_argument('--enrollee', action='store_true',
-                        help='run as Enrollee-only')
-    parser.add_argument('--configurator', action='store_true',
-                        help='run as Configurator-only')
-    parser.add_argument('--config-params', default='',
-                        help='configurator parameters')
-    parser.add_argument('--ctrl', default='/var/run/wpa_supplicant',
-                        help='wpa_supplicant/hostapd control interface')
-    parser.add_argument('--summary',
-                        help='summary file for writing status updates')
-    parser.add_argument('--success',
-                        help='success file for writing success update')
-    parser.add_argument('--device', default='usb', help='NFC device to open')
-    parser.add_argument('--chan', default=None, help='channel list')
-    parser.add_argument('--altchan', default=None, help='alternative channel list')
-    parser.add_argument('--netrole', default=None, help='netrole for Enrollee')
-    parser.add_argument('--test-uri', default=None,
-                        help='test mode: initial URI')
-    parser.add_argument('--test-alt-uri', default=None,
-                        help='test mode: alternative URI')
-    parser.add_argument('--test-sel-uri', default=None,
-                        help='test mode: handover select URI')
-    parser.add_argument('--test-crn', default=None,
-                        help='test mode: hardcoded crn')
-    parser.add_argument('command', choices=['write-nfc-uri',
-                                            'write-nfc-hs'],
-                        nargs='?')
-    args = parser.parse_args()
-    summary(args)
-
-    global handover
-    handover = ConnectionHandover()
-
-    global only_one
-    only_one = args.only_one
-
-    global no_wait
-    no_wait = args.no_wait
-
-    global chanlist, netrole, test_uri, test_alt_uri, test_sel_uri
-    global test_crn
-    chanlist = args.chan
-    handover.altchanlist = args.altchan
-    netrole = args.netrole
-    test_uri = args.test_uri
-    test_alt_uri = args.test_alt_uri
-    test_sel_uri = args.test_sel_uri
-    if args.test_crn:
-        test_crn = struct.pack('>H', int(args.test_crn))
-    else:
-        test_crn = None
-
-    logging.basicConfig(level=args.loglevel)
-    for l in ['nfc.clf.rcs380',
-              'nfc.clf.transport',
-              'nfc.clf.device',
-              'nfc.clf.__init__',
-              'nfc.llcp',
-              'nfc.handover']:
-        log = logging.getLogger(l)
-        log.setLevel(args.loglevel)
-
-    global init_on_touch
-    init_on_touch = args.init_on_touch
-
-    global enrollee_only
-    enrollee_only = args.enrollee
-
-    global configurator_only
-    configurator_only = args.configurator
-
-    global config_params
-    config_params = args.config_params
-
-    if args.ifname:
-        global ifname
-        ifname = args.ifname
-        summary("Selected ifname " + ifname)
-
-    if args.ctrl:
-        global wpas_ctrl
-        wpas_ctrl = args.ctrl
-
-    if args.summary:
-        global summary_file
-        summary_file = args.summary
-
-    if args.success:
-        global success_file
-        success_file = args.success
-
-    if args.no_input:
-        global no_input
-        no_input = True
-
-    clf = nfc.ContactlessFrontend()
-
-    try:
-        if not clf.open(args.device):
-            summary("Could not open connection with an NFC device", color=C_RED)
-            raise SystemExit(1)
-
-        if args.command == "write-nfc-uri":
-            write_nfc_uri(clf, wait_remove=not args.no_wait)
-            if not operation_success:
-                raise SystemExit(1)
-            raise SystemExit
-
-        if args.command == "write-nfc-hs":
-            write_nfc_hs(clf, wait_remove=not args.no_wait)
-            if not operation_success:
-                raise SystemExit(1)
-            raise SystemExit
-
-        global continue_loop
-        while continue_loop:
-            global in_raw_mode
-            was_in_raw_mode = in_raw_mode
-            clear_raw_mode()
-            if was_in_raw_mode:
-                print("\r")
-            if args.handover_only:
-                summary("Waiting a peer to be touched", color=C_MAGENTA)
-            elif args.tag_read_only:
-                summary("Waiting for a tag to be touched", color=C_BLUE)
-            else:
-                summary("Waiting for a tag or peer to be touched",
-                        color=C_GREEN)
-            handover.wait_connection = True
-            try:
-                if args.tag_read_only:
-                    if not clf.connect(rdwr={'on-connect': rdwr_connected}):
-                        break
-                elif args.handover_only:
-                    if not clf.connect(llcp={'on-startup': llcp_startup,
-                                             'on-connect': llcp_connected,
-                                             'on-release': llcp_release},
-                                       terminate=terminate_loop):
-                        break
-                else:
-                    if not clf.connect(rdwr={'on-connect': rdwr_connected},
-                                       llcp={'on-startup': llcp_startup,
-                                             'on-connect': llcp_connected,
-                                             'on-release': llcp_release},
-                                       terminate=terminate_loop):
-                        break
-            except Exception as e:
-                summary("clf.connect failed: " + str(e))
-                break
-
-            if only_one and handover.connected:
-                role = "selector" if handover.i_m_selector else "requestor"
-                summary("Connection handover result: I'm the %s" % role,
-                        color=C_YELLOW)
-                if handover.peer_uri:
-                    summary("Peer URI: " + handover.peer_uri, color=C_YELLOW)
-                if handover.my_uri:
-                    summary("My URI: " + handover.my_uri, color=C_YELLOW)
-                if not (handover.peer_uri and handover.my_uri):
-                    summary("Negotiated connection handover failed",
-                            color=C_YELLOW)
-                break
-
-    except KeyboardInterrupt:
-        raise SystemExit
-    finally:
-        clf.close()
-
-    raise SystemExit
-
-if __name__ == '__main__':
-    main()
diff --git a/wpa_supplicant/examples/dpp-qrcode.py b/wpa_supplicant/examples/dpp-qrcode.py
deleted file mode 100755
index b468d15cf9cd..000000000000
--- a/wpa_supplicant/examples/dpp-qrcode.py
+++ /dev/null
@@ -1,130 +0,0 @@
-#!/usr/bin/python
-#
-# Example Android logcat to wpa_supplicant wrapper for QR Code scans
-# Copyright (c) 2017, Qualcomm Atheros, Inc.
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import sys
-import argparse
-import logging
-import qrcode
-
-scriptsdir = os.path.dirname(os.path.realpath(sys.modules[__name__].__file__))
-sys.path.append(os.path.join(scriptsdir, '..', '..', 'wpaspy'))
-
-import wpaspy
-
-wpas_ctrl = '/var/run/wpa_supplicant'
-
-def wpas_connect():
-    ifaces = []
-    if os.path.isdir(wpas_ctrl):
-        try:
-            ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)]
-        except OSError as error:
-            print("Could not find wpa_supplicant: ", error)
-            return None
-
-    if len(ifaces) < 1:
-        print("No wpa_supplicant control interface found")
-        return None
-
-    for ctrl in ifaces:
-        try:
-            wpas = wpaspy.Ctrl(ctrl)
-            return wpas
-        except Exception as e:
-            pass
-    return None
-
-def dpp_logcat():
-    for line in iter(sys.stdin.readline, ''):
-        if "ResultHandler: Launching intent: Intent" not in line:
-            continue
-        if "act=android.intent.action.VIEW" not in line:
-            continue
-        uri = None
-        for val in line.split(' '):
-            if val.startswith('dat='):
-                uri = val.split('=', 1)[1]
-                break
-        if not uri:
-            continue
-        if not uri.startswith('DPP:'):
-            continue
-        print("Found DPP bootstrap info URI:")
-        print(uri)
-        wpas = wpas_connect()
-        if not wpas:
-            print("Could not connect to wpa_supplicant")
-            print('')
-            continue
-        res = wpas.request("DPP_QR_CODE " + uri);
-        try:
-            id = int(res)
-        except ValueError:
-            print("QR Code URI rejected")
-            continue
-        print("QR Code URI accepted - ID=%d" % id)
-        print(wpas.request("DPP_BOOTSTRAP_INFO %d" % id))
-        del wpas
-
-def dpp_display(curve):
-        wpas = wpas_connect()
-        if not wpas:
-            print("Could not connect to wpa_supplicant")
-            return
-        res = wpas.request("STATUS")
-        addr = None
-        for line in res.splitlines():
-            if line.startswith("address="):
-                addr = line.split('=')[1]
-                break
-        cmd = "DPP_BOOTSTRAP_GEN type=qrcode"
-        cmd += " chan=81/1"
-        if addr:
-            cmd += " mac=" + addr.replace(':','')
-        if curve:
-            cmd += " curve=" + curve
-        res = wpas.request(cmd)
-        try:
-            id = int(res)
-        except ValueError:
-            print("Failed to generate bootstrap info URI")
-            return
-        print("Bootstrap information - ID=%d" % id)
-        print(wpas.request("DPP_BOOTSTRAP_INFO %d" % id))
-        uri = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id)
-        print(uri)
-        print("ID=%d" % id)
-        qr = qrcode.QRCode(error_correction=qrcode.constants.ERROR_CORRECT_M,
-                           border=3)
-        qr.add_data(uri, optimize=5)
-        qr.print_ascii(tty=True)
-        print("ID=%d" % id)
-        del wpas
-
-def main():
-    parser = argparse.ArgumentParser(description='Android logcat to wpa_supplicant integration for DPP QR Code operations')
-    parser.add_argument('-d', const=logging.DEBUG, default=logging.INFO,
-                        action='store_const', dest='loglevel',
-                        help='verbose debug output')
-    parser.add_argument('--curve', '-c',
-                        help='set a specific curve (P-256, P-384, P-521, BP-256R1, BP-384R1, BP-512R1) for key generation')
-    parser.add_argument('command', choices=['logcat',
-                                            'display'],
-                        nargs='?')
-    args = parser.parse_args()
-
-    logging.basicConfig(level=args.loglevel)
-
-    if args.command == "logcat":
-        dpp_logcat()
-    elif args.command == "display":
-        dpp_display(args.curve)
-
-if __name__ == '__main__':
-    main()
diff --git a/wpa_supplicant/examples/ieee8021x.conf b/wpa_supplicant/examples/ieee8021x.conf
deleted file mode 100644
index e8a5503d8359..000000000000
--- a/wpa_supplicant/examples/ieee8021x.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# IEEE 802.1X with dynamic WEP keys using EAP-PEAP/MSCHAPv2
-
-ctrl_interface=/var/run/wpa_supplicant
-
-network={
-	ssid="example 802.1x network"
-	key_mgmt=IEEE8021X
-	eap=PEAP
-	phase2="auth=MSCHAPV2"
-	identity="user name"
-	password="password"
-	ca_cert="/etc/cert/ca.pem"
-}
diff --git a/wpa_supplicant/examples/openCryptoki.conf b/wpa_supplicant/examples/openCryptoki.conf
deleted file mode 100644
index e2301a61cabf..000000000000
--- a/wpa_supplicant/examples/openCryptoki.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and
-# openCryptoki (e.g., with TPM token)
-
-# This example uses following PKCS#11 objects:
-# $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so  -O -l
-# Please enter User PIN:
-# Private Key Object; RSA
-#   label:      rsakey
-#   ID:         04
-#   Usage:      decrypt, sign, unwrap
-# Certificate Object, type = X.509 cert
-#   label:      ca
-#   ID:         01
-# Certificate Object, type = X.509 cert
-#   label:      cert
-#   ID:         04
-
-# Configure OpenSSL to load the PKCS#11 engine and openCryptoki module
-pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
-pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so
-
-network={
-	ssid="test network"
-	key_mgmt=WPA-EAP
-	eap=TLS
-	identity="User"
-
-	# use OpenSSL PKCS#11 engine for this network
-	engine=1
-	engine_id="pkcs11"
-
-	# select the private key and certificates based on ID (see pkcs11-tool
-	# output above)
-	key_id="4"
-	cert_id="4"
-	ca_cert_id="1"
-
-	# set the PIN code; leave this out to configure the PIN to be requested
-	# interactively when needed (e.g., via wpa_gui or wpa_cli)
-	pin="123456"
-}
diff --git a/wpa_supplicant/examples/p2p-action-udhcp.sh b/wpa_supplicant/examples/p2p-action-udhcp.sh
deleted file mode 100755
index 53d8b777cd51..000000000000
--- a/wpa_supplicant/examples/p2p-action-udhcp.sh
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/bin/sh
-
-IFNAME=$1
-CMD=$2
-
-kill_daemon() {
-    NAME=$1
-    PF=$2
-
-    if [ ! -r $PF ]; then
-	return
-    fi
-
-    PID=`cat $PF`
-    if [ $PID -gt 0 ]; then
-	if ps $PID | grep -q $NAME; then
-	    kill $PID
-	fi
-    fi
-    rm $PF
-}
-
-if [ "$CMD" = "P2P-GROUP-STARTED" ]; then
-    GIFNAME=$3
-    if [ "$4" = "GO" ]; then
-	kill_daemon udhcpc /var/run/udhcpc-$GIFNAME.pid
-	ifconfig $GIFNAME 192.168.42.1 up
-	udhcpd /etc/udhcpd-p2p.conf
-    fi
-    if [ "$4" = "client" ]; then
-	kill_daemon udhcpc /var/run/udhcpc-$GIFNAME.pid
-	kill_daemon udhcpd /var/run/udhcpd-$GIFNAME.pid
-	udhcpc -i $GIFNAME -p /var/run/udhcpc-$GIFNAME.pid \
-		-s /etc/udhcpc.script
-    fi
-fi
-
-if [ "$CMD" = "P2P-GROUP-REMOVED" ]; then
-    GIFNAME=$3
-    if [ "$4" = "GO" ]; then
-	kill_daemon udhcpd /var/run/udhcpd-$GIFNAME.pid
-	ifconfig $GIFNAME 0.0.0.0
-    fi
-    if [ "$4" = "client" ]; then
-	kill_daemon udhcpc /var/run/udhcpc-$GIFNAME.pid
-	ifconfig $GIFNAME 0.0.0.0
-    fi
-fi
-
-if [ "$CMD" = "P2P-CROSS-CONNECT-ENABLE" ]; then
-    GIFNAME=$3
-    UPLINK=$4
-    # enable NAT/masquerade $GIFNAME -> $UPLINK
-    iptables -P FORWARD DROP
-    iptables -t nat -A POSTROUTING -o $UPLINK -j MASQUERADE
-    iptables -A FORWARD -i $UPLINK -o $GIFNAME -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i $GIFNAME -o $UPLINK -j ACCEPT
-    sysctl net.ipv4.ip_forward=1
-fi
-
-if [ "$CMD" = "P2P-CROSS-CONNECT-DISABLE" ]; then
-    GIFNAME=$3
-    UPLINK=$4
-    # disable NAT/masquerade $GIFNAME -> $UPLINK
-    sysctl net.ipv4.ip_forward=0
-    iptables -t nat -D POSTROUTING -o $UPLINK -j MASQUERADE
-    iptables -D FORWARD -i $UPLINK -o $GIFNAME -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -D FORWARD -i $GIFNAME -o $UPLINK -j ACCEPT
-fi
diff --git a/wpa_supplicant/examples/p2p-action.sh b/wpa_supplicant/examples/p2p-action.sh
deleted file mode 100755
index 6c27b27b787e..000000000000
--- a/wpa_supplicant/examples/p2p-action.sh
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/bin/sh
-
-IFNAME=$1
-CMD=$2
-
-kill_daemon() {
-    NAME=$1
-    PF=$2
-
-    if [ ! -r $PF ]; then
-	return
-    fi
-
-    PID=`cat $PF`
-    if [ $PID -gt 0 ]; then
-	if ps $PID | grep -q $NAME; then
-	    kill $PID
-	fi
-    fi
-    rm $PF
-}
-
-if [ "$CMD" = "P2P-GROUP-STARTED" ]; then
-    GIFNAME=$3
-    if [ "$4" = "GO" ]; then
-	kill_daemon dhclient /var/run/dhclient-$GIFNAME.pid
-	rm /var/run/dhclient.leases-$GIFNAME
-	kill_daemon dnsmasq /var/run/dnsmasq.pid-$GIFNAME
-	ifconfig $GIFNAME 192.168.42.1 up
-	if ! dnsmasq -x /var/run/dnsmasq.pid-$GIFNAME \
-	    -i $GIFNAME \
-	    -F192.168.42.11,192.168.42.99; then
-	    # another dnsmasq instance may be running and blocking us; try to
-	    # start with -z to avoid that
-	    dnsmasq -x /var/run/dnsmasq.pid-$GIFNAME \
-		-i $GIFNAME \
-		-F192.168.42.11,192.168.42.99 --listen-address 192.168.42.1 -z -p 0
-	fi
-    fi
-    if [ "$4" = "client" ]; then
-	kill_daemon dhclient /var/run/dhclient-$GIFNAME.pid
-	rm /var/run/dhclient.leases-$GIFNAME
-	kill_daemon dnsmasq /var/run/dnsmasq.pid-$GIFNAME
-	ipaddr=`echo "$*" | sed 's/.* ip_addr=\([^ ]*\).*/\1/'`
-	ipmask=`echo "$*" | sed 's/.* ip_mask=\([^ ]*\).*/\1/'`
-	goipaddr=`echo "$*" | sed 's/.* go_ip_addr=\([^ ]*\).*/\1/'`
-	if echo "$ipaddr$ipmask$goipaddr" | grep -q ' '; then
-	    ipaddr=""
-	    ipmask=""
-	    goipaddr=""
-	fi
-	if [ -n "$ipaddr" ]; then
-	    sudo ifconfig $GIFNAME "$ipaddr" netmask "$ipmask"
-	    sudo ip ro re default via "$goipaddr"
-	    exit 0
-	fi
-	dhclient -pf /var/run/dhclient-$GIFNAME.pid \
-	    -lf /var/run/dhclient.leases-$GIFNAME \
-	    -nw \
-	    $GIFNAME
-    fi
-fi
-
-if [ "$CMD" = "P2P-GROUP-REMOVED" ]; then
-    GIFNAME=$3
-    if [ "$4" = "GO" ]; then
-	kill_daemon dnsmasq /var/run/dnsmasq.pid-$GIFNAME
-	ifconfig $GIFNAME 0.0.0.0
-    fi
-    if [ "$4" = "client" ]; then
-	kill_daemon dhclient /var/run/dhclient-$GIFNAME.pid
-	rm /var/run/dhclient.leases-$GIFNAME
-	ifconfig $GIFNAME 0.0.0.0
-    fi
-fi
-
-if [ "$CMD" = "P2P-CROSS-CONNECT-ENABLE" ]; then
-    GIFNAME=$3
-    UPLINK=$4
-    # enable NAT/masquerade $GIFNAME -> $UPLINK
-    iptables -P FORWARD DROP
-    iptables -t nat -A POSTROUTING -o $UPLINK -j MASQUERADE
-    iptables -A FORWARD -i $UPLINK -o $GIFNAME -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i $GIFNAME -o $UPLINK -j ACCEPT
-    sysctl net.ipv4.ip_forward=1
-fi
-
-if [ "$CMD" = "P2P-CROSS-CONNECT-DISABLE" ]; then
-    GIFNAME=$3
-    UPLINK=$4
-    # disable NAT/masquerade $GIFNAME -> $UPLINK
-    sysctl net.ipv4.ip_forward=0
-    iptables -t nat -D POSTROUTING -o $UPLINK -j MASQUERADE
-    iptables -D FORWARD -i $UPLINK -o $GIFNAME -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -D FORWARD -i $GIFNAME -o $UPLINK -j ACCEPT
-fi
diff --git a/wpa_supplicant/examples/p2p-nfc.py b/wpa_supplicant/examples/p2p-nfc.py
deleted file mode 100755
index 889ac8bff155..000000000000
--- a/wpa_supplicant/examples/p2p-nfc.py
+++ /dev/null
@@ -1,654 +0,0 @@
-#!/usr/bin/python
-#
-# Example nfcpy to wpa_supplicant wrapper for P2P NFC operations
-# Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import sys
-import time
-import random
-import threading
-import argparse
-
-import nfc
-import nfc.ndef
-import nfc.llcp
-import nfc.handover
-
-import logging
-
-import wpaspy
-
-wpas_ctrl = '/var/run/wpa_supplicant'
-ifname = None
-init_on_touch = False
-in_raw_mode = False
-prev_tcgetattr = 0
-include_wps_req = True
-include_p2p_req = True
-no_input = False
-srv = None
-continue_loop = True
-terminate_now = False
-summary_file = None
-success_file = None
-
-def summary(txt):
-    print(txt)
-    if summary_file:
-        with open(summary_file, 'a') as f:
-            f.write(txt + "\n")
-
-def success_report(txt):
-    summary(txt)
-    if success_file:
-        with open(success_file, 'a') as f:
-            f.write(txt + "\n")
-
-def wpas_connect():
-    ifaces = []
-    if os.path.isdir(wpas_ctrl):
-        try:
-            ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)]
-        except OSError as error:
-            print("Could not find wpa_supplicant: ", error)
-            return None
-
-    if len(ifaces) < 1:
-        print("No wpa_supplicant control interface found")
-        return None
-
-    for ctrl in ifaces:
-        if ifname:
-            if ifname not in ctrl:
-                continue
-        try:
-            print("Trying to use control interface " + ctrl)
-            wpas = wpaspy.Ctrl(ctrl)
-            return wpas
-        except Exception as e:
-            pass
-    return None
-
-
-def wpas_tag_read(message):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return False
-    cmd = "WPS_NFC_TAG_READ " + str(message).encode("hex")
-    global force_freq
-    if force_freq:
-        cmd = cmd + " freq=" + force_freq
-    if "FAIL" in wpas.request(cmd):
-        return False
-    return True
-
-
-def wpas_get_handover_req():
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    res = wpas.request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip()
-    if "FAIL" in res:
-        return None
-    return res.decode("hex")
-
-def wpas_get_handover_req_wps():
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    res = wpas.request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
-    if "FAIL" in res:
-        return None
-    return res.decode("hex")
-
-
-def wpas_get_handover_sel(tag=False):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    if tag:
-        res = wpas.request("NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG").rstrip()
-    else:
-	res = wpas.request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip()
-    if "FAIL" in res:
-        return None
-    return res.decode("hex")
-
-
-def wpas_get_handover_sel_wps():
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    res = wpas.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR");
-    if "FAIL" in res:
-        return None
-    return res.rstrip().decode("hex")
-
-
-def wpas_report_handover(req, sel, type):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    cmd = "NFC_REPORT_HANDOVER " + type + " P2P " + str(req).encode("hex") + " " + str(sel).encode("hex")
-    global force_freq
-    if force_freq:
-        cmd = cmd + " freq=" + force_freq
-    return wpas.request(cmd)
-
-
-def wpas_report_handover_wsc(req, sel, type):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    cmd = "NFC_REPORT_HANDOVER " + type + " WPS " + str(req).encode("hex") + " " + str(sel).encode("hex")
-    if force_freq:
-        cmd = cmd + " freq=" + force_freq
-    return wpas.request(cmd)
-
-
-def p2p_handover_client(llc):
-    message = nfc.ndef.HandoverRequestMessage(version="1.2")
-    message.nonce = random.randint(0, 0xffff)
-
-    global include_p2p_req
-    if include_p2p_req:
-        data = wpas_get_handover_req()
-        if (data == None):
-            summary("Could not get handover request carrier record from wpa_supplicant")
-            return
-        print("Handover request carrier record from wpa_supplicant: " + data.encode("hex"))
-        datamsg = nfc.ndef.Message(data)
-        message.add_carrier(datamsg[0], "active", datamsg[1:])
-
-    global include_wps_req
-    if include_wps_req:
-        print("Handover request (pre-WPS):")
-        try:
-            print(message.pretty())
-        except Exception as e:
-            print(e)
-
-        data = wpas_get_handover_req_wps()
-        if data:
-            print("Add WPS request in addition to P2P")
-            datamsg = nfc.ndef.Message(data)
-            message.add_carrier(datamsg[0], "active", datamsg[1:])
-
-    print("Handover request:")
-    try:
-        print(message.pretty())
-    except Exception as e:
-        print(e)
-    print(str(message).encode("hex"))
-
-    client = nfc.handover.HandoverClient(llc)
-    try:
-        summary("Trying to initiate NFC connection handover")
-        client.connect()
-        summary("Connected for handover")
-    except nfc.llcp.ConnectRefused:
-        summary("Handover connection refused")
-        client.close()
-        return
-    except Exception as e:
-        summary("Other exception: " + str(e))
-        client.close()
-        return
-
-    summary("Sending handover request")
-
-    if not client.send(message):
-        summary("Failed to send handover request")
-        client.close()
-        return
-
-    summary("Receiving handover response")
-    message = client._recv()
-    if message is None:
-        summary("No response received")
-        client.close()
-        return
-    if message.type != "urn:nfc:wkt:Hs":
-        summary("Response was not Hs - received: " + message.type)
-        client.close()
-        return
-
-    print("Received message")
-    try:
-        print(message.pretty())
-    except Exception as e:
-        print(e)
-    print(str(message).encode("hex"))
-    message = nfc.ndef.HandoverSelectMessage(message)
-    summary("Handover select received")
-    try:
-        print(message.pretty())
-    except Exception as e:
-        print(e)
-
-    for carrier in message.carriers:
-        print("Remote carrier type: " + carrier.type)
-        if carrier.type == "application/vnd.wfa.p2p":
-            print("P2P carrier type match - send to wpa_supplicant")
-            if "OK" in wpas_report_handover(data, carrier.record, "INIT"):
-                success_report("P2P handover reported successfully (initiator)")
-            else:
-                summary("P2P handover report rejected")
-            break
-
-    print("Remove peer")
-    client.close()
-    print("Done with handover")
-    global only_one
-    if only_one:
-        print("only_one -> stop loop")
-        global continue_loop
-        continue_loop = False
-
-    global no_wait
-    if no_wait:
-        print("Trying to exit..")
-        global terminate_now
-        terminate_now = True
-
-
-class HandoverServer(nfc.handover.HandoverServer):
-    def __init__(self, llc):
-        super(HandoverServer, self).__init__(llc)
-        self.sent_carrier = None
-        self.ho_server_processing = False
-        self.success = False
-
-    # override to avoid parser error in request/response.pretty() in nfcpy
-    # due to new WSC handover format
-    def _process_request(self, request):
-        summary("received handover request {}".format(request.type))
-        response = nfc.ndef.Message("\xd1\x02\x01Hs\x12")
-        if not request.type == 'urn:nfc:wkt:Hr':
-            summary("not a handover request")
-        else:
-            try:
-                request = nfc.ndef.HandoverRequestMessage(request)
-            except nfc.ndef.DecodeError as e:
-                summary("error decoding 'Hr' message: {}".format(e))
-            else:
-                response = self.process_request(request)
-        summary("send handover response {}".format(response.type))
-        return response
-
-    def process_request(self, request):
-        self.ho_server_processing = True
-        clear_raw_mode()
-        print("HandoverServer - request received")
-        try:
-            print("Parsed handover request: " + request.pretty())
-        except Exception as e:
-            print(e)
-
-        sel = nfc.ndef.HandoverSelectMessage(version="1.2")
-
-        found = False
-
-        for carrier in request.carriers:
-            print("Remote carrier type: " + carrier.type)
-            if carrier.type == "application/vnd.wfa.p2p":
-                print("P2P carrier type match - add P2P carrier record")
-                found = True
-                self.received_carrier = carrier.record
-                print("Carrier record:")
-                try:
-                    print(carrier.record.pretty())
-                except Exception as e:
-                    print(e)
-                data = wpas_get_handover_sel()
-                if data is None:
-                    print("Could not get handover select carrier record from wpa_supplicant")
-                    continue
-                print("Handover select carrier record from wpa_supplicant:")
-                print(data.encode("hex"))
-                self.sent_carrier = data
-                if "OK" in wpas_report_handover(self.received_carrier, self.sent_carrier, "RESP"):
-                    success_report("P2P handover reported successfully (responder)")
-                else:
-                    summary("P2P handover report rejected")
-                    break
-
-                message = nfc.ndef.Message(data);
-                sel.add_carrier(message[0], "active", message[1:])
-                break
-
-        for carrier in request.carriers:
-            if found:
-                break
-            print("Remote carrier type: " + carrier.type)
-            if carrier.type == "application/vnd.wfa.wsc":
-                print("WSC carrier type match - add WSC carrier record")
-                found = True
-                self.received_carrier = carrier.record
-                print("Carrier record:")
-                try:
-                    print(carrier.record.pretty())
-                except Exception as e:
-                    print(e)
-                data = wpas_get_handover_sel_wps()
-                if data is None:
-                    print("Could not get handover select carrier record from wpa_supplicant")
-                    continue
-                print("Handover select carrier record from wpa_supplicant:")
-                print(data.encode("hex"))
-                self.sent_carrier = data
-                if "OK" in wpas_report_handover_wsc(self.received_carrier, self.sent_carrier, "RESP"):
-                    success_report("WSC handover reported successfully")
-                else:
-                    summary("WSC handover report rejected")
-                    break
-
-                message = nfc.ndef.Message(data);
-                sel.add_carrier(message[0], "active", message[1:])
-                found = True
-                break
-
-        print("Handover select:")
-        try:
-            print(sel.pretty())
-        except Exception as e:
-            print(e)
-        print(str(sel).encode("hex"))
-
-        summary("Sending handover select")
-        self.success = True
-        return sel
-
-
-def clear_raw_mode():
-    import sys, tty, termios
-    global prev_tcgetattr, in_raw_mode
-    if not in_raw_mode:
-        return
-    fd = sys.stdin.fileno()
-    termios.tcsetattr(fd, termios.TCSADRAIN, prev_tcgetattr)
-    in_raw_mode = False
-
-
-def getch():
-    import sys, tty, termios, select
-    global prev_tcgetattr, in_raw_mode
-    fd = sys.stdin.fileno()
-    prev_tcgetattr = termios.tcgetattr(fd)
-    ch = None
-    try:
-        tty.setraw(fd)
-        in_raw_mode = True
-        [i, o, e] = select.select([fd], [], [], 0.05)
-        if i:
-            ch = sys.stdin.read(1)
-    finally:
-        termios.tcsetattr(fd, termios.TCSADRAIN, prev_tcgetattr)
-        in_raw_mode = False
-    return ch
-
-
-def p2p_tag_read(tag):
-    success = False
-    if len(tag.ndef.message):
-        for record in tag.ndef.message:
-            print("record type " + record.type)
-            if record.type == "application/vnd.wfa.wsc":
-                summary("WPS tag - send to wpa_supplicant")
-                success = wpas_tag_read(tag.ndef.message)
-                break
-            if record.type == "application/vnd.wfa.p2p":
-                summary("P2P tag - send to wpa_supplicant")
-                success = wpas_tag_read(tag.ndef.message)
-                break
-    else:
-        summary("Empty tag")
-
-    if success:
-        success_report("Tag read succeeded")
-
-    return success
-
-
-def rdwr_connected_p2p_write(tag):
-    summary("Tag found - writing - " + str(tag))
-    global p2p_sel_data
-    tag.ndef.message = str(p2p_sel_data)
-    success_report("Tag write succeeded")
-    print("Done - remove tag")
-    global only_one
-    if only_one:
-        global continue_loop
-        continue_loop = False
-    global p2p_sel_wait_remove
-    return p2p_sel_wait_remove
-
-def wps_write_p2p_handover_sel(clf, wait_remove=True):
-    print("Write P2P handover select")
-    data = wpas_get_handover_sel(tag=True)
-    if (data == None):
-        summary("Could not get P2P handover select from wpa_supplicant")
-        return
-
-    global p2p_sel_wait_remove
-    p2p_sel_wait_remove = wait_remove
-    global p2p_sel_data
-    p2p_sel_data = nfc.ndef.HandoverSelectMessage(version="1.2")
-    message = nfc.ndef.Message(data);
-    p2p_sel_data.add_carrier(message[0], "active", message[1:])
-    print("Handover select:")
-    try:
-        print(p2p_sel_data.pretty())
-    except Exception as e:
-        print(e)
-    print(str(p2p_sel_data).encode("hex"))
-
-    print("Touch an NFC tag")
-    clf.connect(rdwr={'on-connect': rdwr_connected_p2p_write})
-
-
-def rdwr_connected(tag):
-    global only_one, no_wait
-    summary("Tag connected: " + str(tag))
-
-    if tag.ndef:
-        print("NDEF tag: " + tag.type)
-        try:
-            print(tag.ndef.message.pretty())
-        except Exception as e:
-            print(e)
-        success = p2p_tag_read(tag)
-        if only_one and success:
-            global continue_loop
-            continue_loop = False
-    else:
-        summary("Not an NDEF tag - remove tag")
-        return True
-
-    return not no_wait
-
-
-def llcp_worker(llc):
-    global init_on_touch
-    if init_on_touch:
-            print("Starting handover client")
-            p2p_handover_client(llc)
-            return
-
-    global no_input
-    if no_input:
-        print("Wait for handover to complete")
-    else:
-        print("Wait for handover to complete - press 'i' to initiate ('w' for WPS only, 'p' for P2P only)")
-    global srv
-    global wait_connection
-    while not wait_connection and srv.sent_carrier is None:
-        if srv.ho_server_processing:
-            time.sleep(0.025)
-        elif no_input:
-            time.sleep(0.5)
-        else:
-            global include_wps_req, include_p2p_req
-            res = getch()
-            if res == 'i':
-                include_wps_req = True
-                include_p2p_req = True
-            elif res == 'p':
-                include_wps_req = False
-                include_p2p_req = True
-            elif res == 'w':
-                include_wps_req = True
-                include_p2p_req = False
-            else:
-                continue
-            clear_raw_mode()
-            print("Starting handover client")
-            p2p_handover_client(llc)
-            return
-            
-    clear_raw_mode()
-    print("Exiting llcp_worker thread")
-
-def llcp_startup(clf, llc):
-    print("Start LLCP server")
-    global srv
-    srv = HandoverServer(llc)
-    return llc
-
-def llcp_connected(llc):
-    print("P2P LLCP connected")
-    global wait_connection
-    wait_connection = False
-    global init_on_touch
-    if not init_on_touch:
-        global srv
-        srv.start()
-    if init_on_touch or not no_input:
-        threading.Thread(target=llcp_worker, args=(llc,)).start()
-    return True
-
-def terminate_loop():
-    global terminate_now
-    return terminate_now
-
-def main():
-    clf = nfc.ContactlessFrontend()
-
-    parser = argparse.ArgumentParser(description='nfcpy to wpa_supplicant integration for P2P and WPS NFC operations')
-    parser.add_argument('-d', const=logging.DEBUG, default=logging.INFO,
-                        action='store_const', dest='loglevel',
-                        help='verbose debug output')
-    parser.add_argument('-q', const=logging.WARNING, action='store_const',
-                        dest='loglevel', help='be quiet')
-    parser.add_argument('--only-one', '-1', action='store_true',
-                        help='run only one operation and exit')
-    parser.add_argument('--init-on-touch', '-I', action='store_true',
-                        help='initiate handover on touch')
-    parser.add_argument('--no-wait', action='store_true',
-                        help='do not wait for tag to be removed before exiting')
-    parser.add_argument('--ifname', '-i',
-                        help='network interface name')
-    parser.add_argument('--no-wps-req', '-N', action='store_true',
-                        help='do not include WPS carrier record in request')
-    parser.add_argument('--no-input', '-a', action='store_true',
-                        help='do not use stdout input to initiate handover')
-    parser.add_argument('--tag-read-only', '-t', action='store_true',
-                        help='tag read only (do not allow connection handover)')
-    parser.add_argument('--handover-only', action='store_true',
-                        help='connection handover only (do not allow tag read)')
-    parser.add_argument('--freq', '-f',
-                        help='forced frequency of operating channel in MHz')
-    parser.add_argument('--summary',
-                        help='summary file for writing status updates')
-    parser.add_argument('--success',
-                        help='success file for writing success update')
-    parser.add_argument('command', choices=['write-p2p-sel'],
-                        nargs='?')
-    args = parser.parse_args()
-
-    global only_one
-    only_one = args.only_one
-
-    global no_wait
-    no_wait = args.no_wait
-
-    global force_freq
-    force_freq = args.freq
-
-    logging.basicConfig(level=args.loglevel)
-
-    global init_on_touch
-    init_on_touch = args.init_on_touch
-
-    if args.ifname:
-        global ifname
-        ifname = args.ifname
-        print("Selected ifname " + ifname)
-
-    if args.no_wps_req:
-        global include_wps_req
-        include_wps_req = False
-
-    if args.summary:
-        global summary_file
-        summary_file = args.summary
-
-    if args.success:
-        global success_file
-        success_file = args.success
-
-    if args.no_input:
-        global no_input
-        no_input = True
-
-    clf = nfc.ContactlessFrontend()
-    global wait_connection
-
-    try:
-        if not clf.open("usb"):
-            print("Could not open connection with an NFC device")
-            raise SystemExit
-
-        if args.command == "write-p2p-sel":
-            wps_write_p2p_handover_sel(clf, wait_remove=not args.no_wait)
-            raise SystemExit
-
-        global continue_loop
-        while continue_loop:
-            print("Waiting for a tag or peer to be touched")
-            wait_connection = True
-            try:
-                if args.tag_read_only:
-                    if not clf.connect(rdwr={'on-connect': rdwr_connected}):
-                        break
-                elif args.handover_only:
-                    if not clf.connect(llcp={'on-startup': llcp_startup,
-                                             'on-connect': llcp_connected},
-                                       terminate=terminate_loop):
-                        break
-                else:
-                    if not clf.connect(rdwr={'on-connect': rdwr_connected},
-                                       llcp={'on-startup': llcp_startup,
-                                             'on-connect': llcp_connected},
-                                       terminate=terminate_loop):
-                        break
-            except Exception as e:
-                print("clf.connect failed")
-
-            global srv
-            if only_one and srv and srv.success:
-                raise SystemExit
-
-    except KeyboardInterrupt:
-        raise SystemExit
-    finally:
-        clf.close()
-
-    raise SystemExit
-
-if __name__ == '__main__':
-    main()
diff --git a/wpa_supplicant/examples/p2p/p2p_connect.py b/wpa_supplicant/examples/p2p/p2p_connect.py
deleted file mode 100644
index bfb553341ad6..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_connect.py
+++ /dev/null
@@ -1,299 +0,0 @@
-#!/usr/bin/python
-# Tests p2p_connect
-# Will try to connect to another peer
-# and form a group
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import getopt
-from dbus.mainloop.glib import DBusGMainLoop
-
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> -m <wps_method> \ " \
-		% sys.argv[0])
-	print("		-a <addr> [-p <pin>] [-g <go_intent>] \ ")
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -m = wps method")
-	print("  -a = peer address")
-	print("  -p = pin number (8 digits)")
-	print("  -g = group owner intent")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i wlan0 -a 0015008352c0 -m display -p 12345670" % sys.argv[0])
-
-
-# Required Signals
-def GONegotiationSuccess(status):
-	print("Go Negotiation Success")
-
-def GONegotiationFailure(status):
-	print('Go Negotiation Failed. Status:')
-	print(format(status))
-	os._exit(0)
-
-def GroupStarted(properties):
-	if properties.has_key("group_object"):
-		print('Group Formation Complete %s' \
-			% properties["group_object"])
-	os._exit(0)
-
-def WpsFailure(status, etc):
-	print("WPS Authentication Failure".format(status))
-	print(etc)
-	os._exit(0)
-
-class P2P_Connect():
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global ifname
-	global wpas
-	global wpas_dbus_interface
-	global timeout
-	global path
-	global wps_method
-	global go_intent
-	global addr
-	global pin
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Dictionary of Arguments
-	global p2p_connect_arguements
-
-	# Constructor
-	def __init__(self,ifname,wpas_dbus_interface,addr,
-					pin,wps_method,go_intent):
-		# Initializes variables and threads
-		self.ifname = ifname
-		self.wpas_dbus_interface = wpas_dbus_interface
-		self.wps_method = wps_method
-		self.go_intent = go_intent
-		self.addr = addr
-		self.pin = pin
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = \
-			"/" + self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = \
-			self.wpas_dbus_opath + "/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-			self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-			self.wpas_dbus_interfaces_interface + ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(
-				self.wpas_object, self.wpas_dbus_interface)
-
-		# See if wpa_supplicant already knows about this interface
-		self.path = None
-		try:
-			self.path = self.wpas.GetInterface(ifname)
-		except dbus.DBusException as exc:
-			if not str(exc).startswith(
-				self.wpas_dbus_interface + \
-				".InterfaceUnknown:"):
-				raise exc
-			try:
-				path = self.wpas.CreateInterface(
-					{'Ifname': ifname, 'Driver': 'test'})
-				time.sleep(1)
-
-			except dbus.DBusException as exc:
-				if not str(exc).startswith(
-					self.wpas_dbus_interface + \
-					".InterfaceExists:"):
-					raise exc
-
-		# Get Interface and objects
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface,self.path)
-		self.p2p_interface = dbus.Interface(
-				self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		# Add signals
-		self.bus.add_signal_receiver(GONegotiationSuccess,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="GONegotiationSuccess")
-		self.bus.add_signal_receiver(GONegotiationFailure,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="GONegotiationFailure")
-		self.bus.add_signal_receiver(GroupStarted,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="GroupStarted")
-		self.bus.add_signal_receiver(WpsFailure,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="WpsFailed")
-
-
-	#Constructing all the arguments needed to connect
-	def constructArguements(self):
-		# Adding required arguments
-		self.p2p_connect_arguements = {'wps_method':self.wps_method,
-			'peer':dbus.ObjectPath(self.path+'/Peers/'+self.addr)}
-
-		# Display requires a pin, and a go intent of 15
-		if (self.wps_method == 'display'):
-			if (self.pin != None):
-				self.p2p_connect_arguements.update({'pin':self.pin})
-			else:
-				print("Error:\n  Pin required for wps_method=display")
-				usage()
-				quit()
-
-			if (self.go_intent != None and int(self.go_intent) != 15):
-				print("go_intent overwritten to 15")
-
-			self.go_intent = '15'
-
-		# Keypad requires a pin, and a go intent of less than 15
-		elif (self.wps_method == 'keypad'):
-			if (self.pin != None):
-				self.p2p_connect_arguements.update({'pin':self.pin})
-			else:
-				print("Error:\n  Pin required for wps_method=keypad")
-				usage()
-				quit()
-
-			if (self.go_intent != None and int(self.go_intent) == 15):
-				error = "Error :\n Group Owner intent cannot be" + \
-					" 15 for wps_method=keypad"
-				print(error)
-				usage()
-				quit()
-
-		# Doesn't require pin
-		# for ./wpa_cli, p2p_connect [mac] [pin#], wps_method=keypad
-		elif (self.wps_method == 'pin'):
-			if (self.pin != None):
-				print("pin ignored")
-
-		# No pin is required for pbc so it is ignored
-		elif (self.wps_method == 'pbc'):
-			if (self.pin != None):
-				print("pin ignored")
-
-		else:
-			print("Error:\n  wps_method not supported or does not exist")
-			usage()
-			quit()
-
-		# Go_intent is optional for all arguments
-		if (self.go_intent != None):
-			self.p2p_connect_arguements.update(
-				{'go_intent':dbus.Int32(self.go_intent)})
-
-	# Running p2p_connect
-	def run(self):
-		try:
-			result_pin = self.p2p_interface.Connect(
-				self.p2p_connect_arguements)
-
-		except dbus.DBusException as exc:
-				raise exc
-
-		if (self.wps_method == 'pin' and \
-		not self.p2p_connect_arguements.has_key('pin') ):
-			print("Connect return with pin value of %d " % int(result_pin))
-		gobject.MainLoop().run()
-
-if __name__ == "__main__":
-
-	# Required
-	interface_name = None
-	wps_method = None
-	addr = None
-
-	# Conditionally optional
-	pin = None
-
-	# Optional
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-	go_intent = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:m:a:p:g:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# WPS Method
-		elif (key == "-m"):
-			wps_method = value
-		# Address
-		elif (key == "-a"):
-			addr = value
-		# Pin
-		elif (key == "-p"):
-			pin = value
-		# Group Owner Intent
-		elif (key == "-g"):
-			go_intent = value
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Required Arguments check
-	if (interface_name == None or wps_method == None or addr == None):
-		print("Error:\n  Required arguments not specified")
-		usage()
-		quit()
-
-	# Group Owner Intent Check
-	if (go_intent != None and (int(go_intent) > 15 or int(go_intent) < 0) ):
-		print("Error:\n  Group Owner Intent must be between 0 and 15 inclusive")
-		usage()
-		quit()
-
-	# Pin Check
-	if (pin != None and len(pin) != 8):
-		print("Error:\n  Pin is not 8 digits")
-		usage()
-		quit()
-
-	try:
-		p2p_connect_test = P2P_Connect(interface_name,wpas_dbus_interface,
-			addr,pin,wps_method,go_intent)
-
-	except:
-		print("Error:\n  Invalid Arguments")
-		usage()
-		quit()
-
-	p2p_connect_test.constructArguements()
-	p2p_connect_test.run()
-
-	os._exit(0)
diff --git a/wpa_supplicant/examples/p2p/p2p_disconnect.py b/wpa_supplicant/examples/p2p/p2p_disconnect.py
deleted file mode 100644
index f04b98e667ce..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_disconnect.py
+++ /dev/null
@@ -1,169 +0,0 @@
-#!/usr/bin/python
-# Tests P2P_Disconnect
-# Will perform disconnect on interface_name
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import threading
-import getopt
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> \ " \
-		% sys.argv[0])
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i p2p-wlan0-0" % sys.argv[0])
-
-# Required Signals
-def GroupFinished(status, etc):
-	print("Disconnected")
-	os._exit(0)
-
-class P2P_Disconnect (threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global path
-	global timeout
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,timeout):
-		# Initializes variables and threads
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-		self.timeout = timeout
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		# Signals
-		self.bus.add_signal_receiver(GroupFinished,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="GroupFinished")
-
-	# Runs p2p_disconnect
-	def run(self):
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		self.p2p_interface.Disconnect()
-		gobject.MainLoop().run()
-
-
-if __name__ == "__main__":
-
-	timeout = 5
-	# Defaults for optional inputs
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	# Constructor
-	try:
-		p2p_disconnect_test = P2P_Disconnect(interface_name,
-						wpas_dbus_interface,timeout)
-
-	except:
-		print("Error:\n  Invalid wpas_dbus_interface")
-		usage()
-		quit()
-
-	# Start P2P_Disconnect
-	p2p_disconnect_test.start()
-
-	try:
-		time.sleep(int(p2p_disconnect_test.timeout))
-
-	except:
-		pass
-
-	print("Disconnect timed out")
-	quit()
diff --git a/wpa_supplicant/examples/p2p/p2p_find.py b/wpa_supplicant/examples/p2p/p2p_find.py
deleted file mode 100644
index 412d8120031a..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_find.py
+++ /dev/null
@@ -1,192 +0,0 @@
-#!/usr/bin/python
-# Tests p2p_find
-# Will list all devices found/lost within a time frame (timeout)
-# Then Program will exit
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import threading
-import getopt
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> [-t <timeout>] \ " \
-		% sys.argv[0])
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -t = timeout = 0s (infinite)")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i wlan0 -t 10" % sys.argv[0])
-
-# Required Signals
-def deviceFound(devicepath):
-	print("Device found: %s" % (devicepath))
-
-def deviceLost(devicepath):
-	print("Device lost: %s" % (devicepath))
-
-class P2P_Find (threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global timeout
-	global path
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,timeout):
-		# Initializes variables and threads
-		self.timeout = int(timeout)
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		#Adds listeners for find and lost
-		self.bus.add_signal_receiver(deviceFound,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="DeviceFound")
-		self.bus.add_signal_receiver(deviceLost,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="DeviceLost")
-
-
-		# Sets up p2p_find
-		P2PFindDict = dbus.Dictionary(
-				{'Timeout':int(self.timeout)})
-		self.p2p_interface.Find(P2PFindDict)
-
-	# Run p2p_find
-	def run(self):
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		gobject.MainLoop().run()
-
-if __name__ == "__main__":
-
-	# Defaults for optional inputs
-	timeout = 0
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:t:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# Timeout
-		elif (key == "-t"):
-			if ( int(value) >= 0):
-				timeout = value
-			else:
-				print("Error:\n  Timeout cannot be negative")
-				usage()
-				quit()
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	# Constructor
-	try:
-		p2p_find_test = P2P_Find(interface_name, wpas_dbus_interface, timeout)
-
-	except:
-		print("Error:\n  Invalid wpas_dbus_interface")
-		usage()
-		quit()
-
-	# Start P2P_Find
-	p2p_find_test.start()
-
-	try:
-		# If timeout is 0, then run forever
-		if (timeout == 0):
-			while(True):
-				pass
-		# Else sleep for (timeout)
-		else:
-			time.sleep(p2p_find_test.timeout)
-
-	except:
-		pass
-
-	quit()
diff --git a/wpa_supplicant/examples/p2p/p2p_flush.py b/wpa_supplicant/examples/p2p/p2p_flush.py
deleted file mode 100644
index 5cc3a0e18b23..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_flush.py
+++ /dev/null
@@ -1,168 +0,0 @@
-#!/usr/bin/python
-# Tests P2P_Flush
-# Will flush the p2p interface
-# Then Program will exit
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import threading
-import getopt
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> \ " \
-		% sys.argv[0])
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i wlan0" % sys.argv[0])
-
-# Required Signals\
-def deviceLost(devicepath):
-	print("Device lost: %s" % (devicepath))
-
-class P2P_Flush (threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global path
-	global timeout
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,timeout):
-		# Initializes variables and threads
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-		self.timeout = timeout
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		# Signals
-		self.bus.add_signal_receiver(deviceLost,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="DeviceLost")
-
-	# Runs p2p_flush
-	def run(self):
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		self.p2p_interface.Flush()
-		gobject.MainLoop().run()
-
-
-if __name__ == "__main__":
-	# Needed to show which devices were lost
-	timeout = 5
-	# Defaults for optional inputs
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	# Constructor
-	try:
-		p2p_flush_test = P2P_Flush(interface_name, wpas_dbus_interface,timeout)
-
-	except:
-		print("Error:\n  Invalid wpas_dbus_interface")
-		usage()
-		quit()
-
-	# Start P2P_Find
-	p2p_flush_test.start()
-
-	try:
-		time.sleep(int(p2p_flush_test.timeout))
-
-	except:
-		pass
-
-	print("p2p_flush complete")
-	quit()
diff --git a/wpa_supplicant/examples/p2p/p2p_group_add.py b/wpa_supplicant/examples/p2p/p2p_group_add.py
deleted file mode 100644
index db6d60d80c1b..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_group_add.py
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/usr/bin/python
-# Tests p2p_group_add
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import getopt
-import threading
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> [-p <persistent>] \ " \
-		% sys.argv[0])
-	print("		[-f <frequency>] [-o <group_object_path>] \ ")
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -p = persistent group = 0 (0=false, 1=true)")
-	print("  -f = frequency")
-	print("  -o = persistent group object path")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i wlan0" % sys.argv[0])
-
-# Required Signals
-def GroupStarted(properties):
-	if properties.has_key("group_object"):
-		print('Group Formation Complete %s' \
-			% properties["group_object"])
-	os._exit(0)
-
-def WpsFailure(status, etc):
-	print("WPS Authentication Failure".format(status))
-	print(etc)
-	os._exit(0)
-
-class P2P_Group_Add (threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global path
-	global persistent
-	global frequency
-	global persistent_group_object
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Arguments
-	global P2PDictionary
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,persistent,frequency,
-						persistent_group_object):
-		# Initializes variables and threads
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-		self.persistent = persistent
-		self.frequency = frequency
-		self.persistent_group_object = persistent_group_object
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		#Adds listeners
-		self.bus.add_signal_receiver(GroupStarted,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="GroupStarted")
-		self.bus.add_signal_receiver(WpsFailure,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="WpsFailed")
-
-		# Sets up p2p_group_add dictionary
-	def constructArguments(self):
-		self.P2PDictionary = {'persistent':self.persistent}
-
-		if (self.frequency != None):
-			if (int(self.frequency) > 0):
-				self.P2PDictionary.update({'frequency':int(self.frequency)})
-			else:
-				print("Error:\n  Frequency must be greater than 0")
-				usage()
-				os._exit(0)
-
-		if (self.persistent_group_object != None):
-			self.P2PDictionary.update({'persistent_group_object':
-						self.persistent_group_object})
-
-	# Run p2p_group_remove
-	def run(self):
-		try:
-			self.p2p_interface.GroupAdd(self.P2PDictionary)
-
-		except:
-			print("Error:\n  Could not perform group add")
-			usage()
-			os._exit(0)
-
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		gobject.MainLoop().run()
-
-
-if __name__ == "__main__":
-
-	# Defaults for optional inputs
-	# 0 = false, 1 = true
-	persistent = False
-	frequency = None
-	persistent_group_object = None
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:p:f:o:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# Timeout
-		elif (key == "-p"):
-			if (value == '0'):
-				persistent = False
-			elif (value == '1'):
-				persistent = True
-			else:
-				print("Error:\n  Persistent can only be 1 or 0")
-				usage()
-				os._exit(0)
-		# Frequency
-		elif (key == "-f"):
-			frequency = value
-		# Persistent group object path
-		elif (key == "-o"):
-			persistent_group_object = value
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	try:
-		p2p_group_add_test = P2P_Group_Add(interface_name,wpas_dbus_interface,
-					persistent,frequency,persistent_group_object)
-	except:
-		print("Error:\n  Invalid Arguments")
-
-	p2p_group_add_test.constructArguments()
-	p2p_group_add_test.start()
-	time.sleep(5)
-	print("Error:\n  Group formation timed out")
-	os._exit(0)
diff --git a/wpa_supplicant/examples/p2p/p2p_invite.py b/wpa_supplicant/examples/p2p/p2p_invite.py
deleted file mode 100644
index 8944e11ed47c..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_invite.py
+++ /dev/null
@@ -1,201 +0,0 @@
-#!/usr/bin/python
-# Tests p2p_invite
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import getopt
-import threading
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> -a <addr> \ " \
-		% sys.argv[0])
-	print("		[-o <persistent_group_object>] [-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -a = address of peer")
-	print("  -o = persistent group object path")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i p2p-wlan0-0 -a 00150083523c" % sys.argv[0])
-
-# Required Signals
-def InvitationResult(invite_result):
-	print("Invitation Result signal :")
-	status = invite_result['status']
-	print("status = ", status)
-	if invite_result.has_key('BSSID'):
-		bssid = invite_result['BSSID']
-		print("BSSID = ", hex(bssid[0]) , ":" , \
-		 hex(bssid[1]) , ":" , hex(bssid[2]) , ":", \
-		 hex(bssid[3]) , ":" , hex(bssid[4]) , ":" , \
-		hex(bssid[5]))
-	os._exit(0)
-
-class P2P_Invite (threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global path
-	global addr
-	global persistent_group_object
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Arguments
-	global P2PDictionary
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,addr,
-						persistent_group_object):
-		# Initializes variables and threads
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-		self.addr = addr
-		self.persistent_group_object = persistent_group_object
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		#Adds listeners
-		self.bus.add_signal_receiver(InvitationResult,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="InvitationResult")
-
-	# Sets up p2p_invite dictionary
-	def constructArguements(self):
-		self.P2PDictionary = \
-			{'peer':dbus.ObjectPath(self.path+'/Peers/'+self.addr)}
-		if (self.persistent_group_object != None):
-			self.P2PDictionary.update({"persistent_group_object":
-					self.persistent_group_object})
-
-	# Run p2p_invite
-	def run(self):
-		try:
-			self.p2p_interface.Invite(self.P2PDictionary)
-
-		except:
-			print("Error:\n  Invalid Arguments")
-			usage()
-			os._exit(0)
-
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		gobject.MainLoop().run()
-
-if __name__ == "__main__":
-	# Defaults for optional inputs
-	addr = None
-	persistent_group_object = None
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:o:w:a:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		elif (key == "-a"):
-			addr = value
-		# Persistent group object path
-		elif (key == "-o"):
-			persistent_group_object = value
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	if (addr == None):
-		print("Error:\n  peer address is required")
-		usage()
-		quit()
-
-	try:
-		p2p_invite_test = \
-			P2P_Invite(interface_name,wpas_dbus_interface,
-					addr,persistent_group_object)
-	except:
-		print("Error:\n  Invalid Arguments")
-		usage()
-		os._exit(1)
-
-	p2p_invite_test.constructArguements()
-	p2p_invite_test.start()
-	time.sleep(10)
-	print("Error:\n  p2p_invite timed out")
-	os._exit(0)
diff --git a/wpa_supplicant/examples/p2p/p2p_listen.py b/wpa_supplicant/examples/p2p/p2p_listen.py
deleted file mode 100644
index cbeda9ff43ca..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_listen.py
+++ /dev/null
@@ -1,182 +0,0 @@
-#!/usr/bin/python
-# Tests P2P_Find
-# Will listen
-# Then Program will exit
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import threading
-import getopt
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> [-t <timeout>] \ " \
-		% sys.argv[0])
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -t = timeout = 0s (infinite)")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i wlan0 -t 5" % sys.argv[0])
-
-# Required Signals
-def p2pStateChange(status):
-	print(status)
-
-class P2P_Listen(threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global path
-	global timeout
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,timeout):
-		# Initializes variables and threads
-		self.timeout = int(timeout)
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		self.bus.add_signal_receiver(p2pStateChange,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="P2PStateChanged")
-
-	# Run p2p_find
-	def run(self):
-		# Sets up p2p_listen
-		self.p2p_interface.Listen(int(self.timeout))
-
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		gobject.MainLoop().run()
-
-if __name__ == "__main__":
-
-	# Defaults for optional inputs
-	timeout = 0
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"hi:t:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# Timeout
-		elif (key == "-t"):
-			if ( int(value) >= 0):
-				timeout = value
-			else:
-				print("Error:\n  Timeout cannot be negative")
-				usage()
-				quit()
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	# Constructor
-	try:
-		p2p_listen_test = P2P_Listen(interface_name, wpas_dbus_interface, timeout)
-
-	except:
-		print("Error:\n  Invalid wpas_dbus_interface")
-		usage()
-		quit()
-
-	# Start P2P_Find
-	p2p_listen_test.start()
-
-	try:
-		# If timeout is 0, then run forever
-		if (int(p2p_listen_test.timeout) == 0):
-			while(True):
-				pass
-		# Else sleep for (timeout)
-		else:
-			time.sleep(int(p2p_listen_test.timeout))
-
-	except:
-		pass
-
-	quit()
diff --git a/wpa_supplicant/examples/p2p/p2p_stop_find.py b/wpa_supplicant/examples/p2p/p2p_stop_find.py
deleted file mode 100644
index f367196454d9..000000000000
--- a/wpa_supplicant/examples/p2p/p2p_stop_find.py
+++ /dev/null
@@ -1,174 +0,0 @@
-#!/usr/bin/python
-# Tests p2p_stop_find
-######### MAY NEED TO RUN AS SUDO #############
-
-import dbus
-import sys, os
-import time
-import gobject
-import threading
-import getopt
-from dbus.mainloop.glib import DBusGMainLoop
-
-def usage():
-	print("Usage:")
-	print("  %s -i <interface_name> \ " \
-		% sys.argv[0])
-	print("  		[-w <wpas_dbus_interface>]")
-	print("Options:")
-	print("  -i = interface name")
-	print("  -w = wpas dbus interface = fi.w1.wpa_supplicant1")
-	print("Example:")
-	print("  %s -i wlan0" % sys.argv[0])
-
-# Required Signals
-def deviceLost(devicepath):
-	print("Device lost: %s" % (devicepath))
-
-def p2pStateChange(status):
-	print(status)
-	os._exit(0)
-
-class P2P_Stop_Find (threading.Thread):
-	# Needed Variables
-	global bus
-	global wpas_object
-	global interface_object
-	global p2p_interface
-	global interface_name
-	global wpas
-	global wpas_dbus_interface
-	global path
-	global timeout
-
-	# Dbus Paths
-	global wpas_dbus_opath
-	global wpas_dbus_interfaces_opath
-	global wpas_dbus_interfaces_interface
-	global wpas_dbus_interfaces_p2pdevice
-
-	# Constructor
-	def __init__(self,interface_name,wpas_dbus_interface,timeout):
-		# Initializes variables and threads
-		self.interface_name = interface_name
-		self.wpas_dbus_interface = wpas_dbus_interface
-		self.timeout = timeout
-
-		# Initializes thread and daemon allows for ctrl-c kill
-		threading.Thread.__init__(self)
-		self.daemon = True
-
-		# Generating interface/object paths
-		self.wpas_dbus_opath = "/" + \
-				self.wpas_dbus_interface.replace(".","/")
-		self.wpas_wpas_dbus_interfaces_opath = self.wpas_dbus_opath + \
-				"/Interfaces"
-		self.wpas_dbus_interfaces_interface = \
-				self.wpas_dbus_interface + ".Interface"
-		self.wpas_dbus_interfaces_p2pdevice = \
-				self.wpas_dbus_interfaces_interface \
-				+ ".P2PDevice"
-
-		# Getting interfaces and objects
-		DBusGMainLoop(set_as_default=True)
-		self.bus = dbus.SystemBus()
-		self.wpas_object = self.bus.get_object(
-				self.wpas_dbus_interface,
-				self.wpas_dbus_opath)
-		self.wpas = dbus.Interface(self.wpas_object,
-				self.wpas_dbus_interface)
-
-		# Try to see if supplicant knows about interface
-		# If not, throw an exception
-		try:
-			self.path = self.wpas.GetInterface(
-					self.interface_name)
-		except dbus.DBusException as exc:
-			error = 'Error:\n  Interface ' + self.interface_name \
-				+ ' was not found'
-			print(error)
-			usage()
-			os._exit(0)
-
-		self.interface_object = self.bus.get_object(
-				self.wpas_dbus_interface, self.path)
-		self.p2p_interface = dbus.Interface(self.interface_object,
-				self.wpas_dbus_interfaces_p2pdevice)
-
-		# Signals
-		self.bus.add_signal_receiver(deviceLost,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="DeviceLost")
-		self.bus.add_signal_receiver(p2pStateChange,
-			dbus_interface=self.wpas_dbus_interfaces_p2pdevice,
-			signal_name="P2PStateChanged")
-
-	# Runs p2p_stop_find
-	def run(self):
-		# Allows other threads to keep working while MainLoop runs
-		# Required for timeout implementation
-		gobject.MainLoop().get_context().iteration(True)
-		gobject.threads_init()
-		self.p2p_interface.StopFind()
-		gobject.MainLoop().run()
-
-
-if __name__ == "__main__":
-	# Needed because P2PStateChanged signal is not caught
-	timeout = 5
-	# Defaults for optional inputs
-	wpas_dbus_interface = 'fi.w1.wpa_supplicant1'
-
-	# interface_name is required
-	interface_name = None
-
-	# Using getopts to handle options
-	try:
-		options, args = getopt.getopt(sys.argv[1:],"ht:i:w:")
-
-	except getopt.GetoptError:
-		usage()
-		quit()
-
-	# If there's a switch, override default option
-	for key, value in options:
-		# Help
-		if (key == "-h"):
-			usage()
-			quit()
-		# Interface Name
-		elif (key == "-i"):
-			interface_name = value
-		# Dbus interface
-		elif (key == "-w"):
-			wpas_dbus_interface = value
-		else:
-			assert False, "unhandled option"
-
-	# Interface name is required and was not given
-	if (interface_name == None):
-		print("Error:\n  interface_name is required")
-		usage()
-		quit()
-
-	# Constructor
-	try:
-		p2p_stop_find_test = P2P_Stop_Find(interface_name,
-						wpas_dbus_interface,timeout)
-
-	except:
-		print("Error:\n  Invalid wpas_dbus_interface")
-		usage()
-		quit()
-
-	# Start P2P_Find
-	p2p_stop_find_test.start()
-
-	try:
-		time.sleep(int(p2p_stop_find_test.timeout))
-
-	except:
-		pass
-
-	print("p2p find stopped")
-	quit()
diff --git a/wpa_supplicant/examples/plaintext.conf b/wpa_supplicant/examples/plaintext.conf
deleted file mode 100644
index 542ac1dd3b96..000000000000
--- a/wpa_supplicant/examples/plaintext.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# Plaintext (no encryption) network
-
-ctrl_interface=/var/run/wpa_supplicant
-
-network={
-	ssid="example open network"
-	key_mgmt=NONE
-}
diff --git a/wpa_supplicant/examples/udhcpd-p2p.conf b/wpa_supplicant/examples/udhcpd-p2p.conf
deleted file mode 100644
index f92cc619e962..000000000000
--- a/wpa_supplicant/examples/udhcpd-p2p.conf
+++ /dev/null
@@ -1,118 +0,0 @@
-# Sample udhcpd configuration file (/etc/udhcpd.conf)
-
-# The start and end of the IP lease block
-
-start 		192.168.42.20	#default: 192.168.0.20
-end		192.168.42.254	#default: 192.168.0.254
-
-
-# The interface that udhcpd will use
-
-interface	wlan2		#default: eth0
-
-
-# The maximum number of leases (includes addresses reserved
-# by OFFER's, DECLINE's, and ARP conflicts)
-
-#max_leases	254		#default: 254
-
-
-# If remaining is true (default), udhcpd will store the time
-# remaining for each lease in the udhcpd leases file. This is
-# for embedded systems that cannot keep time between reboots.
-# If you set remaining to no, the absolute time that the lease
-# expires at will be stored in the dhcpd.leases file.
-
-#remaining	yes		#default: yes
-
-
-# The time period at which udhcpd will write out a dhcpd.leases
-# file. If this is 0, udhcpd will never automatically write a
-# lease file. (specified in seconds)
-
-#auto_time	7200		#default: 7200 (2 hours)
-
-
-# The amount of time that an IP will be reserved (leased) for if a
-# DHCP decline message is received (seconds).
-
-#decline_time	3600		#default: 3600 (1 hour)
-
-
-# The amount of time that an IP will be reserved (leased) for if an
-# ARP conflct occurs. (seconds
-
-#conflict_time	3600		#default: 3600 (1 hour)
-
-
-# How long an offered address is reserved (leased) in seconds
-
-#offer_time	60		#default: 60 (1 minute)
-
-# If a lease to be given is below this value, the full lease time is
-# instead used (seconds).
-
-#min_lease	60		#default: 60
-
-
-# The location of the leases file
-
-#lease_file	/var/lib/misc/udhcpd.leases	#default: /var/lib/misc/udhcpd.leases
-
-# The location of the pid file
-pidfile	/var/run/udhcpd-wlan2.pid	#default: /var/run/udhcpd.pid
-
-# Every time udhcpd writes a leases file, the below script will be called.
-# Useful for writing the lease file to flash every few hours.
-
-#notify_file				#default: (no script)
-
-#notify_file	dumpleases 	# <--- useful for debugging
-
-# The following are bootp specific options, setable by udhcpd.
-
-#siaddr		192.168.0.22		#default: 0.0.0.0
-
-#sname		zorak			#default: (none)
-
-#boot_file	/var/nfs_root		#default: (none)
-
-# The remainder of options are DHCP options and can be specified with the
-# keyword 'opt' or 'option'. If an option can take multiple items, such
-# as the dns option, they can be listed on the same line, or multiple
-# lines. The only option with a default is 'lease'.
-
-#Examles
-opt	dns	192.168.2.1
-option	subnet	255.255.255.0
-option	domain	atherosowl.com
-option	lease	864000		# 10 days of seconds
-
-
-# Currently supported options, for more info, see options.c
-#opt subnet
-#opt timezone
-#opt router
-#opt timesvr
-#opt namesvr
-#opt dns
-#opt logsvr
-#opt cookiesvr
-#opt lprsvr
-#opt bootsize
-#opt domain
-#opt swapsvr
-#opt rootpath
-#opt ipttl
-#opt mtu
-#opt broadcast
-#opt wins
-#opt lease
-#opt ntpsrv
-#opt tftp
-#opt bootfile
-
-
-# Static leases map
-#static_lease 00:60:08:11:CE:4E 192.168.0.54
-#static_lease 00:60:08:11:CE:3E 192.168.0.44
diff --git a/wpa_supplicant/examples/wep.conf b/wpa_supplicant/examples/wep.conf
deleted file mode 100644
index 9c7b55f2722a..000000000000
--- a/wpa_supplicant/examples/wep.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# Static WEP keys
-
-ctrl_interface=/var/run/wpa_supplicant
-
-network={
-	ssid="example wep network"
-	key_mgmt=NONE
-	wep_key0="abcde"
-	wep_key1=0102030405
-	wep_tx_keyidx=0
-}
diff --git a/wpa_supplicant/examples/wpa-psk-tkip.conf b/wpa_supplicant/examples/wpa-psk-tkip.conf
deleted file mode 100644
index 93d7fc2444ea..000000000000
--- a/wpa_supplicant/examples/wpa-psk-tkip.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# WPA-PSK/TKIP
-
-ctrl_interface=/var/run/wpa_supplicant
-
-network={
-	ssid="example wpa-psk network"
-	key_mgmt=WPA-PSK
-	proto=WPA
-	pairwise=TKIP
-	group=TKIP
-	psk="secret passphrase"
-}
diff --git a/wpa_supplicant/examples/wpa2-eap-ccmp.conf b/wpa_supplicant/examples/wpa2-eap-ccmp.conf
deleted file mode 100644
index d7a64d87b254..000000000000
--- a/wpa_supplicant/examples/wpa2-eap-ccmp.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# WPA2-EAP/CCMP using EAP-TLS
-
-ctrl_interface=/var/run/wpa_supplicant
-
-network={
-	ssid="example wpa2-eap network"
-	key_mgmt=WPA-EAP
-	proto=WPA2
-	pairwise=CCMP
-	group=CCMP
-	eap=TLS
-	ca_cert="/etc/cert/ca.pem"
-	private_key="/etc/cert/user.p12"
-	private_key_passwd="PKCS#12 passhrase"
-}
diff --git a/wpa_supplicant/examples/wpas-dbus-new-getall.py b/wpa_supplicant/examples/wpas-dbus-new-getall.py
deleted file mode 100755
index 732f54d20f8b..000000000000
--- a/wpa_supplicant/examples/wpas-dbus-new-getall.py
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/python
-
-import dbus
-import sys, os
-import time
-import gobject
-
-def main():
-	bus = dbus.SystemBus()
-	wpas_obj = bus.get_object("fi.w1.wpa_supplicant1",
-				  "/fi/w1/wpa_supplicant1")
-	props = wpas_obj.GetAll("fi.w1.wpa_supplicant1",
-				dbus_interface=dbus.PROPERTIES_IFACE)
-	print("GetAll(fi.w1.wpa_supplicant1, /fi/w1/wpa_supplicant1):")
-	print(props)
-
-	if len(sys.argv) != 2:
-		os._exit(1)
-
-	ifname = sys.argv[1]
-
-	wpas = dbus.Interface(wpas_obj, "fi.w1.wpa_supplicant1")
-	path = wpas.GetInterface(ifname)
-	if_obj = bus.get_object("fi.w1.wpa_supplicant1", path)
-	props = if_obj.GetAll("fi.w1.wpa_supplicant1.Interface",
-			      dbus_interface=dbus.PROPERTIES_IFACE)
-	print('')
-	print("GetAll(fi.w1.wpa_supplicant1.Interface, %s):" % (path))
-	print(props)
-
-	props = if_obj.GetAll("fi.w1.wpa_supplicant1.Interface.WPS",
-			      dbus_interface=dbus.PROPERTIES_IFACE)
-	print('')
-	print("GetAll(fi.w1.wpa_supplicant1.Interface.WPS, %s):" % (path))
-	print(props)
-
-	res = if_obj.Get("fi.w1.wpa_supplicant1.Interface", 'BSSs',
-			 dbus_interface=dbus.PROPERTIES_IFACE)
-	if len(res) > 0:
-		bss_obj = bus.get_object("fi.w1.wpa_supplicant1", res[0])
-		props = bss_obj.GetAll("fi.w1.wpa_supplicant1.BSS",
-				       dbus_interface=dbus.PROPERTIES_IFACE)
-		print('')
-		print("GetAll(fi.w1.wpa_supplicant1.BSS, %s):" % (res[0]))
-		print(props)
-
-	res = if_obj.Get("fi.w1.wpa_supplicant1.Interface", 'Networks',
-			 dbus_interface=dbus.PROPERTIES_IFACE)
-	if len(res) > 0:
-		net_obj = bus.get_object("fi.w1.wpa_supplicant1", res[0])
-		props = net_obj.GetAll("fi.w1.wpa_supplicant1.Network",
-				       dbus_interface=dbus.PROPERTIES_IFACE)
-		print('')
-		print("GetAll(fi.w1.wpa_supplicant1.Network, %s):" % (res[0]))
-		print(props)
-
-if __name__ == "__main__":
-	main()
diff --git a/wpa_supplicant/examples/wpas-dbus-new-signals.py b/wpa_supplicant/examples/wpas-dbus-new-signals.py
deleted file mode 100755
index 366a65546af6..000000000000
--- a/wpa_supplicant/examples/wpas-dbus-new-signals.py
+++ /dev/null
@@ -1,203 +0,0 @@
-#!/usr/bin/python
-
-import dbus
-import sys, os
-import time
-import gobject
-from dbus.mainloop.glib import DBusGMainLoop
-
-WPAS_DBUS_SERVICE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_INTERFACE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_OPATH = "/fi/w1/wpa_supplicant1"
-
-WPAS_DBUS_INTERFACES_INTERFACE = "fi.w1.wpa_supplicant1.Interface"
-WPAS_DBUS_INTERFACES_OPATH = "/fi/w1/wpa_supplicant1/Interfaces"
-WPAS_DBUS_BSS_INTERFACE = "fi.w1.wpa_supplicant1.BSS"
-WPAS_DBUS_NETWORK_INTERFACE = "fi.w1.wpa_supplicant1.Network"
-
-def byte_array_to_string(s):
-	import urllib
-	r = ""    
-	for c in s:
-		if c >= 32 and c < 127:
-			r += "%c" % c
-		else:
-			r += urllib.quote(chr(c))
-	return r
-
-def list_interfaces(wpas_obj):
-	ifaces = wpas_obj.Get(WPAS_DBUS_INTERFACE, 'Interfaces',
-			      dbus_interface=dbus.PROPERTIES_IFACE)
-	for path in ifaces:
-		if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-		ifname = if_obj.Get(WPAS_DBUS_INTERFACES_INTERFACE, 'Ifname',
-			      dbus_interface=dbus.PROPERTIES_IFACE)
-		print(ifname)
-
-def interfaceAdded(interface, properties):
-	print("InterfaceAdded(%s): Ifname=%s" % (interface, properties['Ifname']))
-
-def interfaceRemoved(interface):
-	print("InterfaceRemoved(%s)" % (interface))
-
-def propertiesChanged(properties):
-	for i in properties:
-		print("PropertiesChanged: %s=%s" % (i, properties[i]))
-
-def showBss(bss):
-	net_obj = bus.get_object(WPAS_DBUS_SERVICE, bss)
-	net = dbus.Interface(net_obj, WPAS_DBUS_BSS_INTERFACE)
-
-	# Convert the byte-array for SSID and BSSID to printable strings
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'BSSID',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	bssid = ""
-	for item in val:
-		bssid = bssid + ":%02x" % item
-	bssid = bssid[1:]
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'SSID',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	ssid = byte_array_to_string(val)
-
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'WPA',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	wpa = "no"
-	if val != None:
-		wpa = "yes"
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'RSN',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	wpa2 = "no"
-	if val != None:
-		wpa2 = "yes"
-	freq = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'Frequency',
-			   dbus_interface=dbus.PROPERTIES_IFACE)
-	signal = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'Signal',
-			     dbus_interface=dbus.PROPERTIES_IFACE)
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'Rates',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	if len(val) > 0:
-		maxrate = val[0] / 1000000
-	else:
-		maxrate = 0
-
-	print("  %s  ::  ssid='%s'  wpa=%s  wpa2=%s  signal=%d  rate=%d  freq=%d" % (bssid, ssid, wpa, wpa2, signal, maxrate, freq))
-
-def scanDone(success):
-	gobject.MainLoop().quit()
-	print("Scan done: success=%s" % success)
-
-def scanDone2(success, path=None):
-	print("Scan done: success=%s [path=%s]" % (success, path))
-
-def bssAdded(bss, properties):
-	print("BSS added: %s" % (bss))
-	showBss(bss)
-
-def bssRemoved(bss):
-	print("BSS removed: %s" % (bss))
-
-def blobAdded(blob):
-	print("BlobAdded(%s)" % (blob))
-
-def blobRemoved(blob):
-	print("BlobRemoved(%s)" % (blob))
-
-def networkAdded(network, properties):
-	print("NetworkAdded(%s)" % (network))
-
-def networkRemoved(network):
-	print("NetworkRemoved(%s)" % (network))
-
-def networkSelected(network):
-	print("NetworkSelected(%s)" % (network))
-
-def propertiesChangedInterface(properties):
-	for i in properties:
-		print("PropertiesChanged(interface): %s=%s" % (i, properties[i]))
-
-def propertiesChangedBss(properties):
-	for i in properties:
-		print("PropertiesChanged(BSS): %s=%s" % (i, properties[i]))
-
-def propertiesChangedNetwork(properties):
-	for i in properties:
-		print("PropertiesChanged(Network): %s=%s" % (i, properties[i]))
-
-def main():
-	dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
-	global bus
-	bus = dbus.SystemBus()
-	wpas_obj = bus.get_object(WPAS_DBUS_SERVICE, WPAS_DBUS_OPATH)
-
-	if len(sys.argv) != 2:
-		list_interfaces(wpas_obj)
-		os._exit(1)
-
-	wpas = dbus.Interface(wpas_obj, WPAS_DBUS_INTERFACE)
-	bus.add_signal_receiver(interfaceAdded,
-				dbus_interface=WPAS_DBUS_INTERFACE,
-				signal_name="InterfaceAdded")
-	bus.add_signal_receiver(interfaceRemoved,
-				dbus_interface=WPAS_DBUS_INTERFACE,
-				signal_name="InterfaceRemoved")
-	bus.add_signal_receiver(propertiesChanged,
-				dbus_interface=WPAS_DBUS_INTERFACE,
-				signal_name="PropertiesChanged")
-
-	ifname = sys.argv[1]
-	path = wpas.GetInterface(ifname)
-	if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-	iface = dbus.Interface(if_obj, WPAS_DBUS_INTERFACES_INTERFACE)
-	iface.connect_to_signal("ScanDone", scanDone2,
-				path_keyword='path')
-
-	bus.add_signal_receiver(scanDone,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="ScanDone",
-				path=path)
-	bus.add_signal_receiver(bssAdded,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BSSAdded",
-				path=path)
-	bus.add_signal_receiver(bssRemoved,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BSSRemoved",
-				path=path)
-	bus.add_signal_receiver(blobAdded,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BlobAdded",
-				path=path)
-	bus.add_signal_receiver(blobRemoved,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BlobRemoved",
-				path=path)
-	bus.add_signal_receiver(networkAdded,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="NetworkAdded",
-				path=path)
-	bus.add_signal_receiver(networkRemoved,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="NetworkRemoved",
-				path=path)
-	bus.add_signal_receiver(networkSelected,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="NetworkSelected",
-				path=path)
-	bus.add_signal_receiver(propertiesChangedInterface,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="PropertiesChanged",
-				path=path)
-
-	bus.add_signal_receiver(propertiesChangedBss,
-				dbus_interface=WPAS_DBUS_BSS_INTERFACE,
-				signal_name="PropertiesChanged")
-
-	bus.add_signal_receiver(propertiesChangedNetwork,
-				dbus_interface=WPAS_DBUS_NETWORK_INTERFACE,
-				signal_name="PropertiesChanged")
-
-	gobject.MainLoop().run()
-
-if __name__ == "__main__":
-	main()
-
diff --git a/wpa_supplicant/examples/wpas-dbus-new-wps.py b/wpa_supplicant/examples/wpas-dbus-new-wps.py
deleted file mode 100755
index 7d87b1efd5dc..000000000000
--- a/wpa_supplicant/examples/wpas-dbus-new-wps.py
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/usr/bin/python
-
-import dbus
-import sys, os
-import time
-import gobject
-from dbus.mainloop.glib import DBusGMainLoop
-
-WPAS_DBUS_SERVICE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_INTERFACE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_OPATH = "/fi/w1/wpa_supplicant1"
-
-WPAS_DBUS_INTERFACES_INTERFACE = "fi.w1.wpa_supplicant1.Interface"
-WPAS_DBUS_WPS_INTERFACE = "fi.w1.wpa_supplicant1.Interface.WPS"
-
-def propertiesChanged(properties):
-	if properties.has_key("State"):
-		print("PropertiesChanged: State: %s" % (properties["State"]))
-
-def scanDone(success):
-	print("Scan done: success=%s" % success)
-
-def bssAdded(bss, properties):
-	print("BSS added: %s" % (bss))
-
-def bssRemoved(bss):
-	print("BSS removed: %s" % (bss))
-
-def wpsEvent(name, args):
-	print("WPS event: %s" % (name))
-	print(args)
-
-def credentials(cred):
-	print("WPS credentials: %s" % (cred))
-
-def main():
-	dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
-	global bus
-	bus = dbus.SystemBus()
-	wpas_obj = bus.get_object(WPAS_DBUS_SERVICE, WPAS_DBUS_OPATH)
-
-	if len(sys.argv) != 2:
-		print("Missing ifname argument")
-		os._exit(1)
-
-	wpas = dbus.Interface(wpas_obj, WPAS_DBUS_INTERFACE)
-	bus.add_signal_receiver(scanDone,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="ScanDone")
-	bus.add_signal_receiver(bssAdded,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BSSAdded")
-	bus.add_signal_receiver(bssRemoved,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BSSRemoved")
-	bus.add_signal_receiver(propertiesChanged,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="PropertiesChanged")
-	bus.add_signal_receiver(wpsEvent,
-				dbus_interface=WPAS_DBUS_WPS_INTERFACE,
-				signal_name="Event")
-	bus.add_signal_receiver(credentials,
-				dbus_interface=WPAS_DBUS_WPS_INTERFACE,
-				signal_name="Credentials")
-
-	ifname = sys.argv[1]
-
-	path = wpas.GetInterface(ifname)
-	if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-	if_obj.Set(WPAS_DBUS_WPS_INTERFACE, 'ProcessCredentials',
-		   dbus.Boolean(1),
-		   dbus_interface=dbus.PROPERTIES_IFACE)
-	wps = dbus.Interface(if_obj, WPAS_DBUS_WPS_INTERFACE)
-	wps.Start({'Role': 'enrollee', 'Type': 'pbc'})
-
-	gobject.MainLoop().run()
-
-if __name__ == "__main__":
-	main()
-
diff --git a/wpa_supplicant/examples/wpas-dbus-new.py b/wpa_supplicant/examples/wpas-dbus-new.py
deleted file mode 100755
index 6bf74ae44122..000000000000
--- a/wpa_supplicant/examples/wpas-dbus-new.py
+++ /dev/null
@@ -1,149 +0,0 @@
-#!/usr/bin/python
-
-import dbus
-import sys, os
-import time
-import gobject
-from dbus.mainloop.glib import DBusGMainLoop
-
-WPAS_DBUS_SERVICE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_INTERFACE = "fi.w1.wpa_supplicant1"
-WPAS_DBUS_OPATH = "/fi/w1/wpa_supplicant1"
-
-WPAS_DBUS_INTERFACES_INTERFACE = "fi.w1.wpa_supplicant1.Interface"
-WPAS_DBUS_INTERFACES_OPATH = "/fi/w1/wpa_supplicant1/Interfaces"
-WPAS_DBUS_BSS_INTERFACE = "fi.w1.wpa_supplicant1.BSS"
-
-def byte_array_to_string(s):
-	import urllib
-	r = ""    
-	for c in s:
-		if c >= 32 and c < 127:
-			r += "%c" % c
-		else:
-			r += urllib.quote(chr(c))
-	return r
-
-def list_interfaces(wpas_obj):
-	ifaces = wpas_obj.Get(WPAS_DBUS_INTERFACE, 'Interfaces',
-			      dbus_interface=dbus.PROPERTIES_IFACE)
-	for path in ifaces:
-		if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-		ifname = if_obj.Get(WPAS_DBUS_INTERFACES_INTERFACE, 'Ifname',
-			      dbus_interface=dbus.PROPERTIES_IFACE)
-		print(ifname)
-
-def propertiesChanged(properties):
-	if properties.has_key("State"):
-		print("PropertiesChanged: State: %s" % (properties["State"]))
-
-def showBss(bss):
-	net_obj = bus.get_object(WPAS_DBUS_SERVICE, bss)
-	net = dbus.Interface(net_obj, WPAS_DBUS_BSS_INTERFACE)
-
-	# Convert the byte-array for SSID and BSSID to printable strings
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'BSSID',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	bssid = ""
-	for item in val:
-		bssid = bssid + ":%02x" % item
-	bssid = bssid[1:]
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'SSID',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	ssid = byte_array_to_string(val)
-
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'WPA',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	wpa = "no"
-	if len(val["KeyMgmt"]) > 0:
-		wpa = "yes"
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'RSN',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	wpa2 = "no"
-	if len(val["KeyMgmt"]) > 0:
-		wpa2 = "yes"
-	freq = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'Frequency',
-			   dbus_interface=dbus.PROPERTIES_IFACE)
-	signal = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'Signal',
-			     dbus_interface=dbus.PROPERTIES_IFACE)
-	val = net_obj.Get(WPAS_DBUS_BSS_INTERFACE, 'Rates',
-			  dbus_interface=dbus.PROPERTIES_IFACE)
-	if len(val) > 0:
-		maxrate = val[0] / 1000000
-	else:
-		maxrate = 0
-
-	print("  %s  ::  ssid='%s'  wpa=%s  wpa2=%s  signal=%d  rate=%d  freq=%d" % (bssid, ssid, wpa, wpa2, signal, maxrate, freq))
-
-def scanDone(success):
-	print("Scan done: success=%s" % success)
-	
-	res = if_obj.Get(WPAS_DBUS_INTERFACES_INTERFACE, 'BSSs',
-			 dbus_interface=dbus.PROPERTIES_IFACE)
-
-	print("Scanned wireless networks:")
-	for opath in res:
-		print(opath)
-		showBss(opath)
-
-def bssAdded(bss, properties):
-	print("BSS added: %s" % (bss))
-	showBss(bss)
-
-def bssRemoved(bss):
-	print("BSS removed: %s" % (bss))
-
-def main():
-	dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
-	global bus
-	bus = dbus.SystemBus()
-	wpas_obj = bus.get_object(WPAS_DBUS_SERVICE, WPAS_DBUS_OPATH)
-
-	if len(sys.argv) != 2:
-		list_interfaces(wpas_obj)
-		os._exit(1)
-
-	wpas = dbus.Interface(wpas_obj, WPAS_DBUS_INTERFACE)
-	bus.add_signal_receiver(scanDone,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="ScanDone")
-	bus.add_signal_receiver(bssAdded,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BSSAdded")
-	bus.add_signal_receiver(bssRemoved,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="BSSRemoved")
-	bus.add_signal_receiver(propertiesChanged,
-				dbus_interface=WPAS_DBUS_INTERFACES_INTERFACE,
-				signal_name="PropertiesChanged")
-
-	ifname = sys.argv[1]
-
-	# See if wpa_supplicant already knows about this interface
-	path = None
-	try:
-		path = wpas.GetInterface(ifname)
-	except dbus.DBusException as exc:
-		if not str(exc).startswith("fi.w1.wpa_supplicant1.InterfaceUnknown:"):
-			raise exc
-		try:
-			path = wpas.CreateInterface({'Ifname': ifname, 'Driver': 'test'})
-			time.sleep(1)
-
-		except dbus.DBusException as exc:
-			if not str(exc).startswith("fi.w1.wpa_supplicant1.InterfaceExists:"):
-				raise exc
-
-	global if_obj
-	if_obj = bus.get_object(WPAS_DBUS_SERVICE, path)
-	global iface
-	iface = dbus.Interface(if_obj, WPAS_DBUS_INTERFACES_INTERFACE)
-	iface.Scan({'Type': 'active'})
-
-	gobject.MainLoop().run()
-
-	wpas.RemoveInterface(dbus.ObjectPath(path))
-
-if __name__ == "__main__":
-	main()
-
diff --git a/wpa_supplicant/examples/wps-ap-cli b/wpa_supplicant/examples/wps-ap-cli
deleted file mode 100755
index 15d913ef1fae..000000000000
--- a/wpa_supplicant/examples/wps-ap-cli
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/sh
-
-CLI=wpa_cli
-
-pbc()
-{
-	echo "Starting PBC mode"
-	echo "Push button on the station within two minutes"
-	if ! $CLI wps_pbc | grep -q OK; then
-		echo "Failed to enable PBC mode"
-	fi
-}
-
-enter_pin()
-{
-	echo "Enter a PIN from a station to be enrolled to the network."
-	printf "Enrollee PIN: "
-	read pin
-	cpin=`$CLI wps_check_pin "$pin" | tail -1`
-	if [ "$cpin" = "FAIL-CHECKSUM" ]; then
-		echo "Checksum digit is not valid"
-		printf "Do you want to use this PIN (y/n)? "
-		read resp
-		case "$resp" in
-			y*)
-				cpin=`echo "$pin" | sed "s/[^1234567890]//g"`
-				;;
-			*)
-				return 1
-				;;
-		esac
-	fi
-	if [ "$cpin" = "FAIL" ]; then
-		echo "Invalid PIN: $pin"
-		return 1
-	fi
-	echo "Enabling Enrollee PIN: $cpin"
-	$CLI wps_pin any "$cpin"
-}
-
-show_config()
-{
-	$CLI status wps
-}
-
-main_menu()
-{
-	echo "WPS AP"
-	echo "------"
-	echo "1: Push button (activate PBC)"
-	echo "2: Enter Enrollee PIN"
-	echo "3: Show current configuration"
-	echo "0: Exit wps-ap-cli"
-
-	printf "Command: "
-	read cmd
-
-	case "$cmd" in
-		1)
-			pbc
-			;;
-		2)
-			enter_pin
-			;;
-		3)
-			show_config
-			;;
-		0)
-			exit 0
-			;;
-		*)
-			echo "Unknown command: $cmd"
-			;;
-	esac
-
-	echo
-	main_menu
-}
-
-
-main_menu
diff --git a/wpa_supplicant/examples/wps-nfc.py b/wpa_supplicant/examples/wps-nfc.py
deleted file mode 100755
index bb458fb37a84..000000000000
--- a/wpa_supplicant/examples/wps-nfc.py
+++ /dev/null
@@ -1,525 +0,0 @@
-#!/usr/bin/python
-#
-# Example nfcpy to wpa_supplicant wrapper for WPS NFC operations
-# Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import sys
-import time
-import random
-import threading
-import argparse
-
-import nfc
-import nfc.ndef
-import nfc.llcp
-import nfc.handover
-
-import logging
-
-import wpaspy
-
-wpas_ctrl = '/var/run/wpa_supplicant'
-srv = None
-continue_loop = True
-terminate_now = False
-summary_file = None
-success_file = None
-
-def summary(txt):
-    print(txt)
-    if summary_file:
-        with open(summary_file, 'a') as f:
-            f.write(txt + "\n")
-
-def success_report(txt):
-    summary(txt)
-    if success_file:
-        with open(success_file, 'a') as f:
-            f.write(txt + "\n")
-
-def wpas_connect():
-    ifaces = []
-    if os.path.isdir(wpas_ctrl):
-        try:
-            ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)]
-        except OSError as error:
-            print("Could not find wpa_supplicant: ", error)
-            return None
-
-    if len(ifaces) < 1:
-        print("No wpa_supplicant control interface found")
-        return None
-
-    for ctrl in ifaces:
-        try:
-            wpas = wpaspy.Ctrl(ctrl)
-            return wpas
-        except Exception as e:
-            pass
-    return None
-
-
-def wpas_tag_read(message):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return False
-    if "FAIL" in wpas.request("WPS_NFC_TAG_READ " + str(message).encode("hex")):
-        return False
-    return True
-
-def wpas_get_config_token(id=None):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    if id:
-        ret = wpas.request("WPS_NFC_CONFIG_TOKEN NDEF " + id)
-    else:
-        ret = wpas.request("WPS_NFC_CONFIG_TOKEN NDEF")
-    if "FAIL" in ret:
-        return None
-    return ret.rstrip().decode("hex")
-
-
-def wpas_get_er_config_token(uuid):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    ret = wpas.request("WPS_ER_NFC_CONFIG_TOKEN NDEF " + uuid)
-    if "FAIL" in ret:
-        return None
-    return ret.rstrip().decode("hex")
-
-
-def wpas_get_password_token():
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    ret = wpas.request("WPS_NFC_TOKEN NDEF")
-    if "FAIL" in ret:
-        return None
-    return ret.rstrip().decode("hex")
-
-def wpas_get_handover_req():
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    ret = wpas.request("NFC_GET_HANDOVER_REQ NDEF WPS-CR")
-    if "FAIL" in ret:
-        return None
-    return ret.rstrip().decode("hex")
-
-
-def wpas_get_handover_sel(uuid):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    if uuid is None:
-        res = wpas.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
-    else:
-	res = wpas.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + uuid).rstrip()
-    if "FAIL" in res:
-	return None
-    return res.decode("hex")
-
-
-def wpas_report_handover(req, sel, type):
-    wpas = wpas_connect()
-    if (wpas == None):
-        return None
-    return wpas.request("NFC_REPORT_HANDOVER " + type + " WPS " +
-                        str(req).encode("hex") + " " +
-                        str(sel).encode("hex"))
-
-
-class HandoverServer(nfc.handover.HandoverServer):
-    def __init__(self, llc):
-        super(HandoverServer, self).__init__(llc)
-        self.sent_carrier = None
-        self.ho_server_processing = False
-        self.success = False
-
-    # override to avoid parser error in request/response.pretty() in nfcpy
-    # due to new WSC handover format
-    def _process_request(self, request):
-        summary("received handover request {}".format(request.type))
-        response = nfc.ndef.Message("\xd1\x02\x01Hs\x12")
-        if not request.type == 'urn:nfc:wkt:Hr':
-            summary("not a handover request")
-        else:
-            try:
-                request = nfc.ndef.HandoverRequestMessage(request)
-            except nfc.ndef.DecodeError as e:
-                summary("error decoding 'Hr' message: {}".format(e))
-            else:
-                response = self.process_request(request)
-        summary("send handover response {}".format(response.type))
-        return response
-
-    def process_request(self, request):
-        self.ho_server_processing = True
-        summary("HandoverServer - request received")
-        try:
-            print("Parsed handover request: " + request.pretty())
-        except Exception as e:
-            print(e)
-
-        sel = nfc.ndef.HandoverSelectMessage(version="1.2")
-
-        for carrier in request.carriers:
-            print("Remote carrier type: " + carrier.type)
-            if carrier.type == "application/vnd.wfa.wsc":
-                summary("WPS carrier type match - add WPS carrier record")
-                data = wpas_get_handover_sel(self.uuid)
-                if data is None:
-                    summary("Could not get handover select carrier record from wpa_supplicant")
-                    continue
-                print("Handover select carrier record from wpa_supplicant:")
-                print(data.encode("hex"))
-                self.sent_carrier = data
-                if "OK" in wpas_report_handover(carrier.record, self.sent_carrier, "RESP"):
-                    success_report("Handover reported successfully (responder)")
-                else:
-                    summary("Handover report rejected (responder)")
-
-                message = nfc.ndef.Message(data);
-                sel.add_carrier(message[0], "active", message[1:])
-
-        print("Handover select:")
-        try:
-            print(sel.pretty())
-        except Exception as e:
-            print(e)
-        print(str(sel).encode("hex"))
-
-        summary("Sending handover select")
-        self.success = True
-        return sel
-
-
-def wps_handover_init(llc):
-    summary("Trying to initiate WPS handover")
-
-    data = wpas_get_handover_req()
-    if (data == None):
-        summary("Could not get handover request carrier record from wpa_supplicant")
-        return
-    print("Handover request carrier record from wpa_supplicant: " + data.encode("hex"))
-
-    message = nfc.ndef.HandoverRequestMessage(version="1.2")
-    message.nonce = random.randint(0, 0xffff)
-    datamsg = nfc.ndef.Message(data)
-    message.add_carrier(datamsg[0], "active", datamsg[1:])
-
-    print("Handover request:")
-    try:
-        print(message.pretty())
-    except Exception as e:
-        print(e)
-    print(str(message).encode("hex"))
-
-    client = nfc.handover.HandoverClient(llc)
-    try:
-        summary("Trying to initiate NFC connection handover")
-        client.connect()
-        summary("Connected for handover")
-    except nfc.llcp.ConnectRefused:
-        summary("Handover connection refused")
-        client.close()
-        return
-    except Exception as e:
-        summary("Other exception: " + str(e))
-        client.close()
-        return
-
-    summary("Sending handover request")
-
-    if not client.send(message):
-        summary("Failed to send handover request")
-        client.close()
-        return
-
-    summary("Receiving handover response")
-    message = client._recv()
-    if message is None:
-        summary("No response received")
-        client.close()
-        return
-    if message.type != "urn:nfc:wkt:Hs":
-        summary("Response was not Hs - received: " + message.type)
-        client.close()
-        return
-
-    print("Received message")
-    try:
-        print(message.pretty())
-    except Exception as e:
-        print(e)
-    print(str(message).encode("hex"))
-    message = nfc.ndef.HandoverSelectMessage(message)
-    summary("Handover select received")
-    try:
-        print(message.pretty())
-    except Exception as e:
-        print(e)
-
-    for carrier in message.carriers:
-        print("Remote carrier type: " + carrier.type)
-        if carrier.type == "application/vnd.wfa.wsc":
-            print("WPS carrier type match - send to wpa_supplicant")
-            if "OK" in wpas_report_handover(data, carrier.record, "INIT"):
-                success_report("Handover reported successfully (initiator)")
-            else:
-                summary("Handover report rejected (initiator)")
-            # nfcpy does not support the new format..
-            #wifi = nfc.ndef.WifiConfigRecord(carrier.record)
-            #print wifi.pretty()
-
-    print("Remove peer")
-    client.close()
-    print("Done with handover")
-    global only_one
-    if only_one:
-        global continue_loop
-        continue_loop = False
-
-    global no_wait
-    if no_wait:
-        print("Trying to exit..")
-        global terminate_now
-        terminate_now = True
-
-def wps_tag_read(tag, wait_remove=True):
-    success = False
-    if len(tag.ndef.message):
-        for record in tag.ndef.message:
-            print("record type " + record.type)
-            if record.type == "application/vnd.wfa.wsc":
-                summary("WPS tag - send to wpa_supplicant")
-                success = wpas_tag_read(tag.ndef.message)
-                break
-    else:
-        summary("Empty tag")
-
-    if success:
-        success_report("Tag read succeeded")
-
-    if wait_remove:
-        print("Remove tag")
-        while tag.is_present:
-            time.sleep(0.1)
-
-    return success
-
-
-def rdwr_connected_write(tag):
-    summary("Tag found - writing - " + str(tag))
-    global write_data
-    tag.ndef.message = str(write_data)
-    success_report("Tag write succeeded")
-    print("Done - remove tag")
-    global only_one
-    if only_one:
-        global continue_loop
-        continue_loop = False
-    global write_wait_remove
-    while write_wait_remove and tag.is_present:
-        time.sleep(0.1)
-
-def wps_write_config_tag(clf, id=None, wait_remove=True):
-    print("Write WPS config token")
-    global write_data, write_wait_remove
-    write_wait_remove = wait_remove
-    write_data = wpas_get_config_token(id)
-    if write_data == None:
-        print("Could not get WPS config token from wpa_supplicant")
-        sys.exit(1)
-        return
-    print("Touch an NFC tag")
-    clf.connect(rdwr={'on-connect': rdwr_connected_write})
-
-
-def wps_write_er_config_tag(clf, uuid, wait_remove=True):
-    print("Write WPS ER config token")
-    global write_data, write_wait_remove
-    write_wait_remove = wait_remove
-    write_data = wpas_get_er_config_token(uuid)
-    if write_data == None:
-        print("Could not get WPS config token from wpa_supplicant")
-        return
-
-    print("Touch an NFC tag")
-    clf.connect(rdwr={'on-connect': rdwr_connected_write})
-
-
-def wps_write_password_tag(clf, wait_remove=True):
-    print("Write WPS password token")
-    global write_data, write_wait_remove
-    write_wait_remove = wait_remove
-    write_data = wpas_get_password_token()
-    if write_data == None:
-        print("Could not get WPS password token from wpa_supplicant")
-        return
-
-    print("Touch an NFC tag")
-    clf.connect(rdwr={'on-connect': rdwr_connected_write})
-
-
-def rdwr_connected(tag):
-    global only_one, no_wait
-    summary("Tag connected: " + str(tag))
-
-    if tag.ndef:
-        print("NDEF tag: " + tag.type)
-        try:
-            print(tag.ndef.message.pretty())
-        except Exception as e:
-            print(e)
-        success = wps_tag_read(tag, not only_one)
-        if only_one and success:
-            global continue_loop
-            continue_loop = False
-    else:
-        summary("Not an NDEF tag - remove tag")
-        return True
-
-    return not no_wait
-
-
-def llcp_worker(llc):
-    global arg_uuid
-    if arg_uuid is None:
-        wps_handover_init(llc)
-        print("Exiting llcp_worker thread")
-        return
-
-    global srv
-    global wait_connection
-    while not wait_connection and srv.sent_carrier is None:
-        if srv.ho_server_processing:
-            time.sleep(0.025)
-
-def llcp_startup(clf, llc):
-    global arg_uuid
-    if arg_uuid:
-        print("Start LLCP server")
-        global srv
-        srv = HandoverServer(llc)
-        if arg_uuid is "ap":
-            print("Trying to handle WPS handover")
-            srv.uuid = None
-        else:
-            print("Trying to handle WPS handover with AP " + arg_uuid)
-            srv.uuid = arg_uuid
-    return llc
-
-def llcp_connected(llc):
-    print("P2P LLCP connected")
-    global wait_connection
-    wait_connection = False
-    global arg_uuid
-    if arg_uuid:
-        global srv
-        srv.start()
-    else:
-        threading.Thread(target=llcp_worker, args=(llc,)).start()
-    print("llcp_connected returning")
-    return True
-
-
-def terminate_loop():
-    global terminate_now
-    return terminate_now
-
-def main():
-    clf = nfc.ContactlessFrontend()
-
-    parser = argparse.ArgumentParser(description='nfcpy to wpa_supplicant integration for WPS NFC operations')
-    parser.add_argument('-d', const=logging.DEBUG, default=logging.INFO,
-                        action='store_const', dest='loglevel',
-                        help='verbose debug output')
-    parser.add_argument('-q', const=logging.WARNING, action='store_const',
-                        dest='loglevel', help='be quiet')
-    parser.add_argument('--only-one', '-1', action='store_true',
-                        help='run only one operation and exit')
-    parser.add_argument('--no-wait', action='store_true',
-                        help='do not wait for tag to be removed before exiting')
-    parser.add_argument('--uuid',
-                        help='UUID of an AP (used for WPS ER operations)')
-    parser.add_argument('--id',
-                        help='network id (used for WPS ER operations)')
-    parser.add_argument('--summary',
-                        help='summary file for writing status updates')
-    parser.add_argument('--success',
-                        help='success file for writing success update')
-    parser.add_argument('command', choices=['write-config',
-                                            'write-er-config',
-                                            'write-password'],
-                        nargs='?')
-    args = parser.parse_args()
-
-    global arg_uuid
-    arg_uuid = args.uuid
-
-    global only_one
-    only_one = args.only_one
-
-    global no_wait
-    no_wait = args.no_wait
-
-    if args.summary:
-        global summary_file
-        summary_file = args.summary
-
-    if args.success:
-        global success_file
-        success_file = args.success
-
-    logging.basicConfig(level=args.loglevel)
-
-    try:
-        if not clf.open("usb"):
-            print("Could not open connection with an NFC device")
-            raise SystemExit
-
-        if args.command == "write-config":
-            wps_write_config_tag(clf, id=args.id, wait_remove=not args.no_wait)
-            raise SystemExit
-
-        if args.command == "write-er-config":
-            wps_write_er_config_tag(clf, args.uuid, wait_remove=not args.no_wait)
-            raise SystemExit
-
-        if args.command == "write-password":
-            wps_write_password_tag(clf, wait_remove=not args.no_wait)
-            raise SystemExit
-
-        global continue_loop
-        while continue_loop:
-            print("Waiting for a tag or peer to be touched")
-            wait_connection = True
-            try:
-                if not clf.connect(rdwr={'on-connect': rdwr_connected},
-                                   llcp={'on-startup': llcp_startup,
-                                         'on-connect': llcp_connected},
-                                   terminate=terminate_loop):
-                    break
-            except Exception as e:
-                print("clf.connect failed")
-
-            global srv
-            if only_one and srv and srv.success:
-                raise SystemExit
-
-    except KeyboardInterrupt:
-        raise SystemExit
-    finally:
-        clf.close()
-
-    raise SystemExit
-
-if __name__ == '__main__':
-    main()
diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
deleted file mode 100644
index a6172d69233b..000000000000
--- a/wpa_supplicant/gas_query.c
+++ /dev/null
@@ -1,897 +0,0 @@
-/*
- * Generic advertisement service (GAS) query
- * Copyright (c) 2009, Atheros Communications
- * Copyright (c) 2011-2014, Qualcomm Atheros, Inc.
- * Copyright (c) 2011-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "common/gas.h"
-#include "common/wpa_ctrl.h"
-#include "rsn_supp/wpa.h"
-#include "wpa_supplicant_i.h"
-#include "config.h"
-#include "driver_i.h"
-#include "offchannel.h"
-#include "gas_query.h"
-
-
-/** GAS query timeout in seconds */
-#define GAS_QUERY_TIMEOUT_PERIOD 2
-
-/* GAS query wait-time / duration in ms */
-#define GAS_QUERY_WAIT_TIME_INITIAL 1000
-#define GAS_QUERY_WAIT_TIME_COMEBACK 150
-
-/**
- * struct gas_query_pending - Pending GAS query
- */
-struct gas_query_pending {
-	struct dl_list list;
-	struct gas_query *gas;
-	u8 addr[ETH_ALEN];
-	u8 dialog_token;
-	u8 next_frag_id;
-	unsigned int wait_comeback:1;
-	unsigned int offchannel_tx_started:1;
-	unsigned int retry:1;
-	unsigned int wildcard_bssid:1;
-	unsigned int maintain_addr:1;
-	int freq;
-	u16 status_code;
-	struct wpabuf *req;
-	struct wpabuf *adv_proto;
-	struct wpabuf *resp;
-	struct os_reltime last_oper;
-	void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
-		   enum gas_query_result result,
-		   const struct wpabuf *adv_proto,
-		   const struct wpabuf *resp, u16 status_code);
-	void *ctx;
-	u8 sa[ETH_ALEN];
-};
-
-/**
- * struct gas_query - Internal GAS query data
- */
-struct gas_query {
-	struct wpa_supplicant *wpa_s;
-	struct dl_list pending; /* struct gas_query_pending */
-	struct gas_query_pending *current;
-	struct wpa_radio_work *work;
-	struct os_reltime last_mac_addr_rand;
-	int last_rand_sa_type;
-	u8 rand_addr[ETH_ALEN];
-};
-
-
-static void gas_query_tx_comeback_timeout(void *eloop_data, void *user_ctx);
-static void gas_query_timeout(void *eloop_data, void *user_ctx);
-static void gas_query_rx_comeback_timeout(void *eloop_data, void *user_ctx);
-static void gas_query_tx_initial_req(struct gas_query *gas,
-				     struct gas_query_pending *query);
-static int gas_query_new_dialog_token(struct gas_query *gas, const u8 *dst);
-
-
-static int ms_from_time(struct os_reltime *last)
-{
-	struct os_reltime now, res;
-
-	os_get_reltime(&now);
-	os_reltime_sub(&now, last, &res);
-	return res.sec * 1000 + res.usec / 1000;
-}
-
-
-/**
- * gas_query_init - Initialize GAS query component
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: Pointer to GAS query data or %NULL on failure
- */
-struct gas_query * gas_query_init(struct wpa_supplicant *wpa_s)
-{
-	struct gas_query *gas;
-
-	gas = os_zalloc(sizeof(*gas));
-	if (gas == NULL)
-		return NULL;
-
-	gas->wpa_s = wpa_s;
-	dl_list_init(&gas->pending);
-
-	return gas;
-}
-
-
-static const char * gas_result_txt(enum gas_query_result result)
-{
-	switch (result) {
-	case GAS_QUERY_SUCCESS:
-		return "SUCCESS";
-	case GAS_QUERY_FAILURE:
-		return "FAILURE";
-	case GAS_QUERY_TIMEOUT:
-		return "TIMEOUT";
-	case GAS_QUERY_PEER_ERROR:
-		return "PEER_ERROR";
-	case GAS_QUERY_INTERNAL_ERROR:
-		return "INTERNAL_ERROR";
-	case GAS_QUERY_STOPPED:
-		return "STOPPED";
-	case GAS_QUERY_DELETED_AT_DEINIT:
-		return "DELETED_AT_DEINIT";
-	}
-
-	return "N/A";
-}
-
-
-static void gas_query_free(struct gas_query_pending *query, int del_list)
-{
-	struct gas_query *gas = query->gas;
-
-	if (del_list)
-		dl_list_del(&query->list);
-
-	if (gas->work && gas->work->ctx == query) {
-		radio_work_done(gas->work);
-		gas->work = NULL;
-	}
-
-	wpabuf_free(query->req);
-	wpabuf_free(query->adv_proto);
-	wpabuf_free(query->resp);
-	os_free(query);
-}
-
-
-static void gas_query_done(struct gas_query *gas,
-			   struct gas_query_pending *query,
-			   enum gas_query_result result)
-{
-	wpa_msg(gas->wpa_s, MSG_INFO, GAS_QUERY_DONE "addr=" MACSTR
-		" dialog_token=%u freq=%d status_code=%u result=%s",
-		MAC2STR(query->addr), query->dialog_token, query->freq,
-		query->status_code, gas_result_txt(result));
-	if (gas->current == query)
-		gas->current = NULL;
-	if (query->offchannel_tx_started)
-		offchannel_send_action_done(gas->wpa_s);
-	eloop_cancel_timeout(gas_query_tx_comeback_timeout, gas, query);
-	eloop_cancel_timeout(gas_query_timeout, gas, query);
-	eloop_cancel_timeout(gas_query_rx_comeback_timeout, gas, query);
-	dl_list_del(&query->list);
-	query->cb(query->ctx, query->addr, query->dialog_token, result,
-		  query->adv_proto, query->resp, query->status_code);
-	gas_query_free(query, 0);
-}
-
-
-/**
- * gas_query_deinit - Deinitialize GAS query component
- * @gas: GAS query data from gas_query_init()
- */
-void gas_query_deinit(struct gas_query *gas)
-{
-	struct gas_query_pending *query, *next;
-
-	if (gas == NULL)
-		return;
-
-	dl_list_for_each_safe(query, next, &gas->pending,
-			      struct gas_query_pending, list)
-		gas_query_done(gas, query, GAS_QUERY_DELETED_AT_DEINIT);
-
-	os_free(gas);
-}
-
-
-static struct gas_query_pending *
-gas_query_get_pending(struct gas_query *gas, const u8 *addr, u8 dialog_token)
-{
-	struct gas_query_pending *q;
-	dl_list_for_each(q, &gas->pending, struct gas_query_pending, list) {
-		if (os_memcmp(q->addr, addr, ETH_ALEN) == 0 &&
-		    q->dialog_token == dialog_token)
-			return q;
-	}
-	return NULL;
-}
-
-
-static int gas_query_append(struct gas_query_pending *query, const u8 *data,
-			    size_t len)
-{
-	if (wpabuf_resize(&query->resp, len) < 0) {
-		wpa_printf(MSG_DEBUG, "GAS: No memory to store the response");
-		return -1;
-	}
-	wpabuf_put_data(query->resp, data, len);
-	return 0;
-}
-
-
-static void gas_query_tx_status(struct wpa_supplicant *wpa_s,
-				unsigned int freq, const u8 *dst,
-				const u8 *src, const u8 *bssid,
-				const u8 *data, size_t data_len,
-				enum offchannel_send_action_result result)
-{
-	struct gas_query_pending *query;
-	struct gas_query *gas = wpa_s->gas;
-	int dur;
-
-	if (gas->current == NULL) {
-		wpa_printf(MSG_DEBUG, "GAS: Unexpected TX status: freq=%u dst="
-			   MACSTR " result=%d - no query in progress",
-			   freq, MAC2STR(dst), result);
-		return;
-	}
-
-	query = gas->current;
-
-	dur = ms_from_time(&query->last_oper);
-	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
-		   " result=%d query=%p dialog_token=%u dur=%d ms",
-		   freq, MAC2STR(dst), result, query, query->dialog_token, dur);
-	if (os_memcmp(dst, query->addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "GAS: TX status for unexpected destination");
-		return;
-	}
-	os_get_reltime(&query->last_oper);
-
-	if (result == OFFCHANNEL_SEND_ACTION_SUCCESS ||
-	    result == OFFCHANNEL_SEND_ACTION_NO_ACK) {
-		eloop_cancel_timeout(gas_query_timeout, gas, query);
-		if (result == OFFCHANNEL_SEND_ACTION_NO_ACK) {
-			wpa_printf(MSG_DEBUG, "GAS: No ACK to GAS request");
-			eloop_register_timeout(0, 250000,
-					       gas_query_timeout, gas, query);
-		} else {
-			eloop_register_timeout(GAS_QUERY_TIMEOUT_PERIOD, 0,
-					       gas_query_timeout, gas, query);
-		}
-		if (query->wait_comeback && !query->retry) {
-			eloop_cancel_timeout(gas_query_rx_comeback_timeout,
-					     gas, query);
-			eloop_register_timeout(
-				0, (GAS_QUERY_WAIT_TIME_COMEBACK + 10) * 1000,
-				gas_query_rx_comeback_timeout, gas, query);
-		}
-	}
-	if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
-		eloop_cancel_timeout(gas_query_timeout, gas, query);
-		eloop_register_timeout(0, 0, gas_query_timeout, gas, query);
-	}
-}
-
-
-static int gas_query_tx(struct gas_query *gas, struct gas_query_pending *query,
-			struct wpabuf *req, unsigned int wait_time)
-{
-	int res, prot = pmf_in_use(gas->wpa_s, query->addr);
-	const u8 *bssid;
-	const u8 wildcard_bssid[ETH_ALEN] = {
-		0xff, 0xff, 0xff, 0xff, 0xff, 0xff
-	};
-
-	wpa_printf(MSG_DEBUG, "GAS: Send action frame to " MACSTR " len=%u "
-		   "freq=%d prot=%d using src addr " MACSTR,
-		   MAC2STR(query->addr), (unsigned int) wpabuf_len(req),
-		   query->freq, prot, MAC2STR(query->sa));
-	if (prot) {
-		u8 *categ = wpabuf_mhead_u8(req);
-		*categ = WLAN_ACTION_PROTECTED_DUAL;
-	}
-	os_get_reltime(&query->last_oper);
-	if (gas->wpa_s->max_remain_on_chan &&
-	    wait_time > gas->wpa_s->max_remain_on_chan)
-		wait_time = gas->wpa_s->max_remain_on_chan;
-	if (!query->wildcard_bssid &&
-	    (!gas->wpa_s->conf->gas_address3 ||
-	     (gas->wpa_s->current_ssid &&
-	      gas->wpa_s->wpa_state >= WPA_ASSOCIATED &&
-	      os_memcmp(query->addr, gas->wpa_s->bssid, ETH_ALEN) == 0)))
-		bssid = query->addr;
-	else
-		bssid = wildcard_bssid;
-
-	res = offchannel_send_action(gas->wpa_s, query->freq, query->addr,
-				     query->sa, bssid, wpabuf_head(req),
-				     wpabuf_len(req), wait_time,
-				     gas_query_tx_status, 0);
-
-	if (res == 0)
-		query->offchannel_tx_started = 1;
-	return res;
-}
-
-
-static void gas_query_tx_comeback_req(struct gas_query *gas,
-				      struct gas_query_pending *query)
-{
-	struct wpabuf *req;
-	unsigned int wait_time;
-
-	req = gas_build_comeback_req(query->dialog_token);
-	if (req == NULL) {
-		gas_query_done(gas, query, GAS_QUERY_INTERNAL_ERROR);
-		return;
-	}
-
-	wait_time = (query->retry || !query->offchannel_tx_started) ?
-		GAS_QUERY_WAIT_TIME_INITIAL : GAS_QUERY_WAIT_TIME_COMEBACK;
-
-	if (gas_query_tx(gas, query, req, wait_time) < 0) {
-		wpa_printf(MSG_DEBUG, "GAS: Failed to send Action frame to "
-			   MACSTR, MAC2STR(query->addr));
-		gas_query_done(gas, query, GAS_QUERY_INTERNAL_ERROR);
-	}
-
-	wpabuf_free(req);
-}
-
-
-static void gas_query_rx_comeback_timeout(void *eloop_data, void *user_ctx)
-{
-	struct gas_query *gas = eloop_data;
-	struct gas_query_pending *query = user_ctx;
-	int dialog_token;
-
-	wpa_printf(MSG_DEBUG,
-		   "GAS: No response to comeback request received (retry=%u)",
-		   query->retry);
-	if (gas->current != query || query->retry)
-		return;
-	dialog_token = gas_query_new_dialog_token(gas, query->addr);
-	if (dialog_token < 0)
-		return;
-	wpa_printf(MSG_DEBUG,
-		   "GAS: Retry GAS query due to comeback response timeout");
-	query->retry = 1;
-	query->dialog_token = dialog_token;
-	*(wpabuf_mhead_u8(query->req) + 2) = dialog_token;
-	query->wait_comeback = 0;
-	query->next_frag_id = 0;
-	wpabuf_free(query->adv_proto);
-	query->adv_proto = NULL;
-	eloop_cancel_timeout(gas_query_tx_comeback_timeout, gas, query);
-	eloop_cancel_timeout(gas_query_timeout, gas, query);
-	gas_query_tx_initial_req(gas, query);
-}
-
-
-static void gas_query_tx_comeback_timeout(void *eloop_data, void *user_ctx)
-{
-	struct gas_query *gas = eloop_data;
-	struct gas_query_pending *query = user_ctx;
-
-	wpa_printf(MSG_DEBUG, "GAS: Comeback timeout for request to " MACSTR,
-		   MAC2STR(query->addr));
-	gas_query_tx_comeback_req(gas, query);
-}
-
-
-static void gas_query_tx_comeback_req_delay(struct gas_query *gas,
-					    struct gas_query_pending *query,
-					    u16 comeback_delay)
-{
-	unsigned int secs, usecs;
-
-	if (comeback_delay > 1 && query->offchannel_tx_started) {
-		offchannel_send_action_done(gas->wpa_s);
-		query->offchannel_tx_started = 0;
-	}
-
-	secs = (comeback_delay * 1024) / 1000000;
-	usecs = comeback_delay * 1024 - secs * 1000000;
-	wpa_printf(MSG_DEBUG, "GAS: Send comeback request to " MACSTR
-		   " in %u secs %u usecs", MAC2STR(query->addr), secs, usecs);
-	eloop_cancel_timeout(gas_query_tx_comeback_timeout, gas, query);
-	eloop_register_timeout(secs, usecs, gas_query_tx_comeback_timeout,
-			       gas, query);
-}
-
-
-static void gas_query_rx_initial(struct gas_query *gas,
-				 struct gas_query_pending *query,
-				 const u8 *adv_proto, const u8 *resp,
-				 size_t len, u16 comeback_delay)
-{
-	wpa_printf(MSG_DEBUG, "GAS: Received initial response from "
-		   MACSTR " (dialog_token=%u comeback_delay=%u)",
-		   MAC2STR(query->addr), query->dialog_token, comeback_delay);
-
-	query->adv_proto = wpabuf_alloc_copy(adv_proto, 2 + adv_proto[1]);
-	if (query->adv_proto == NULL) {
-		gas_query_done(gas, query, GAS_QUERY_INTERNAL_ERROR);
-		return;
-	}
-
-	if (comeback_delay) {
-		eloop_cancel_timeout(gas_query_timeout, gas, query);
-		query->wait_comeback = 1;
-		gas_query_tx_comeback_req_delay(gas, query, comeback_delay);
-		return;
-	}
-
-	/* Query was completed without comeback mechanism */
-	if (gas_query_append(query, resp, len) < 0) {
-		gas_query_done(gas, query, GAS_QUERY_INTERNAL_ERROR);
-		return;
-	}
-
-	gas_query_done(gas, query, GAS_QUERY_SUCCESS);
-}
-
-
-static void gas_query_rx_comeback(struct gas_query *gas,
-				  struct gas_query_pending *query,
-				  const u8 *adv_proto, const u8 *resp,
-				  size_t len, u8 frag_id, u8 more_frags,
-				  u16 comeback_delay)
-{
-	wpa_printf(MSG_DEBUG, "GAS: Received comeback response from "
-		   MACSTR " (dialog_token=%u frag_id=%u more_frags=%u "
-		   "comeback_delay=%u)",
-		   MAC2STR(query->addr), query->dialog_token, frag_id,
-		   more_frags, comeback_delay);
-	eloop_cancel_timeout(gas_query_rx_comeback_timeout, gas, query);
-
-	if ((size_t) 2 + adv_proto[1] != wpabuf_len(query->adv_proto) ||
-	    os_memcmp(adv_proto, wpabuf_head(query->adv_proto),
-		      wpabuf_len(query->adv_proto)) != 0) {
-		wpa_printf(MSG_DEBUG, "GAS: Advertisement Protocol changed "
-			   "between initial and comeback response from "
-			   MACSTR, MAC2STR(query->addr));
-		gas_query_done(gas, query, GAS_QUERY_PEER_ERROR);
-		return;
-	}
-
-	if (comeback_delay) {
-		if (frag_id) {
-			wpa_printf(MSG_DEBUG, "GAS: Invalid comeback response "
-				   "with non-zero frag_id and comeback_delay "
-				   "from " MACSTR, MAC2STR(query->addr));
-			gas_query_done(gas, query, GAS_QUERY_PEER_ERROR);
-			return;
-		}
-		gas_query_tx_comeback_req_delay(gas, query, comeback_delay);
-		return;
-	}
-
-	if (frag_id != query->next_frag_id) {
-		wpa_printf(MSG_DEBUG, "GAS: Unexpected frag_id in response "
-			   "from " MACSTR, MAC2STR(query->addr));
-		if (frag_id + 1 == query->next_frag_id) {
-			wpa_printf(MSG_DEBUG, "GAS: Drop frame as possible "
-				   "retry of previous fragment");
-			return;
-		}
-		gas_query_done(gas, query, GAS_QUERY_PEER_ERROR);
-		return;
-	}
-	query->next_frag_id++;
-
-	if (gas_query_append(query, resp, len) < 0) {
-		gas_query_done(gas, query, GAS_QUERY_INTERNAL_ERROR);
-		return;
-	}
-
-	if (more_frags) {
-		gas_query_tx_comeback_req(gas, query);
-		return;
-	}
-
-	gas_query_done(gas, query, GAS_QUERY_SUCCESS);
-}
-
-
-/**
- * gas_query_rx - Indicate reception of a Public Action or Protected Dual frame
- * @gas: GAS query data from gas_query_init()
- * @da: Destination MAC address of the Action frame
- * @sa: Source MAC address of the Action frame
- * @bssid: BSSID of the Action frame
- * @categ: Category of the Action frame
- * @data: Payload of the Action frame
- * @len: Length of @data
- * @freq: Frequency (in MHz) on which the frame was received
- * Returns: 0 if the Public Action frame was a GAS frame or -1 if not
- */
-int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
-		 const u8 *bssid, u8 categ, const u8 *data, size_t len,
-		 int freq)
-{
-	struct gas_query_pending *query;
-	u8 action, dialog_token, frag_id = 0, more_frags = 0;
-	u16 comeback_delay, resp_len;
-	const u8 *pos, *adv_proto;
-	int prot, pmf;
-	unsigned int left;
-
-	if (gas == NULL || len < 4)
-		return -1;
-
-	pos = data;
-	action = *pos++;
-	dialog_token = *pos++;
-
-	if (action != WLAN_PA_GAS_INITIAL_RESP &&
-	    action != WLAN_PA_GAS_COMEBACK_RESP)
-		return -1; /* Not a GAS response */
-
-	prot = categ == WLAN_ACTION_PROTECTED_DUAL;
-	pmf = pmf_in_use(gas->wpa_s, sa);
-	if (prot && !pmf) {
-		wpa_printf(MSG_DEBUG, "GAS: Drop unexpected protected GAS frame when PMF is disabled");
-		return 0;
-	}
-	if (!prot && pmf) {
-		wpa_printf(MSG_DEBUG, "GAS: Drop unexpected unprotected GAS frame when PMF is enabled");
-		return 0;
-	}
-
-	query = gas_query_get_pending(gas, sa, dialog_token);
-	if (query == NULL) {
-		wpa_printf(MSG_DEBUG, "GAS: No pending query found for " MACSTR
-			   " dialog token %u", MAC2STR(sa), dialog_token);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "GAS: Response in %d ms from " MACSTR,
-		   ms_from_time(&query->last_oper), MAC2STR(sa));
-
-	if (query->wait_comeback && action == WLAN_PA_GAS_INITIAL_RESP) {
-		wpa_printf(MSG_DEBUG, "GAS: Unexpected initial response from "
-			   MACSTR " dialog token %u when waiting for comeback "
-			   "response", MAC2STR(sa), dialog_token);
-		return 0;
-	}
-
-	if (!query->wait_comeback && action == WLAN_PA_GAS_COMEBACK_RESP) {
-		wpa_printf(MSG_DEBUG, "GAS: Unexpected comeback response from "
-			   MACSTR " dialog token %u when waiting for initial "
-			   "response", MAC2STR(sa), dialog_token);
-		return 0;
-	}
-
-	query->status_code = WPA_GET_LE16(pos);
-	pos += 2;
-
-	if (query->status_code == WLAN_STATUS_QUERY_RESP_OUTSTANDING &&
-	    action == WLAN_PA_GAS_COMEBACK_RESP) {
-		wpa_printf(MSG_DEBUG, "GAS: Allow non-zero status for outstanding comeback response");
-	} else if (query->status_code != WLAN_STATUS_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "GAS: Query to " MACSTR " dialog token "
-			   "%u failed - status code %u",
-			   MAC2STR(sa), dialog_token, query->status_code);
-		gas_query_done(gas, query, GAS_QUERY_FAILURE);
-		return 0;
-	}
-
-	if (action == WLAN_PA_GAS_COMEBACK_RESP) {
-		if (pos + 1 > data + len)
-			return 0;
-		frag_id = *pos & 0x7f;
-		more_frags = (*pos & 0x80) >> 7;
-		pos++;
-	}
-
-	/* Comeback Delay */
-	if (pos + 2 > data + len)
-		return 0;
-	comeback_delay = WPA_GET_LE16(pos);
-	pos += 2;
-
-	/* Advertisement Protocol element */
-	if (pos + 2 > data + len || pos + 2 + pos[1] > data + len) {
-		wpa_printf(MSG_DEBUG, "GAS: No room for Advertisement "
-			   "Protocol element in the response from " MACSTR,
-			   MAC2STR(sa));
-		return 0;
-	}
-
-	if (*pos != WLAN_EID_ADV_PROTO) {
-		wpa_printf(MSG_DEBUG, "GAS: Unexpected Advertisement "
-			   "Protocol element ID %u in response from " MACSTR,
-			   *pos, MAC2STR(sa));
-		return 0;
-	}
-
-	adv_proto = pos;
-	pos += 2 + pos[1];
-
-	/* Query Response Length */
-	if (pos + 2 > data + len) {
-		wpa_printf(MSG_DEBUG, "GAS: No room for GAS Response Length");
-		return 0;
-	}
-	resp_len = WPA_GET_LE16(pos);
-	pos += 2;
-
-	left = data + len - pos;
-	if (resp_len > left) {
-		wpa_printf(MSG_DEBUG, "GAS: Truncated Query Response in "
-			   "response from " MACSTR, MAC2STR(sa));
-		return 0;
-	}
-
-	if (resp_len < left) {
-		wpa_printf(MSG_DEBUG, "GAS: Ignore %u octets of extra data "
-			   "after Query Response from " MACSTR,
-			   left - resp_len, MAC2STR(sa));
-	}
-
-	if (action == WLAN_PA_GAS_COMEBACK_RESP)
-		gas_query_rx_comeback(gas, query, adv_proto, pos, resp_len,
-				      frag_id, more_frags, comeback_delay);
-	else
-		gas_query_rx_initial(gas, query, adv_proto, pos, resp_len,
-				     comeback_delay);
-
-	return 0;
-}
-
-
-static void gas_query_timeout(void *eloop_data, void *user_ctx)
-{
-	struct gas_query *gas = eloop_data;
-	struct gas_query_pending *query = user_ctx;
-
-	wpa_printf(MSG_DEBUG, "GAS: No response received for query to " MACSTR
-		   " dialog token %u",
-		   MAC2STR(query->addr), query->dialog_token);
-	gas_query_done(gas, query, GAS_QUERY_TIMEOUT);
-}
-
-
-static int gas_query_dialog_token_available(struct gas_query *gas,
-					    const u8 *dst, u8 dialog_token)
-{
-	struct gas_query_pending *q;
-	dl_list_for_each(q, &gas->pending, struct gas_query_pending, list) {
-		if (os_memcmp(dst, q->addr, ETH_ALEN) == 0 &&
-		    dialog_token == q->dialog_token)
-			return 0;
-	}
-
-	return 1;
-}
-
-
-static void gas_query_start_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct gas_query_pending *query = work->ctx;
-	struct gas_query *gas = query->gas;
-	struct wpa_supplicant *wpa_s = gas->wpa_s;
-
-	if (deinit) {
-		if (work->started) {
-			gas->work = NULL;
-			gas_query_done(gas, query, GAS_QUERY_DELETED_AT_DEINIT);
-			return;
-		}
-
-		gas_query_free(query, 1);
-		return;
-	}
-
-	if (!query->maintain_addr && !wpa_s->conf->gas_rand_mac_addr) {
-		if (wpas_update_random_addr_disassoc(wpa_s) < 0) {
-			wpa_msg(wpa_s, MSG_INFO,
-				"Failed to assign random MAC address for GAS");
-			gas_query_free(query, 1);
-			radio_work_done(work);
-			return;
-		}
-		os_memcpy(query->sa, wpa_s->own_addr, ETH_ALEN);
-	}
-
-	gas->work = work;
-	gas_query_tx_initial_req(gas, query);
-}
-
-
-static void gas_query_tx_initial_req(struct gas_query *gas,
-				     struct gas_query_pending *query)
-{
-	if (gas_query_tx(gas, query, query->req,
-			 GAS_QUERY_WAIT_TIME_INITIAL) < 0) {
-		wpa_printf(MSG_DEBUG, "GAS: Failed to send Action frame to "
-			   MACSTR, MAC2STR(query->addr));
-		gas_query_done(gas, query, GAS_QUERY_INTERNAL_ERROR);
-		return;
-	}
-	gas->current = query;
-
-	wpa_printf(MSG_DEBUG, "GAS: Starting query timeout for dialog token %u",
-		   query->dialog_token);
-	eloop_register_timeout(GAS_QUERY_TIMEOUT_PERIOD, 0,
-			       gas_query_timeout, gas, query);
-}
-
-
-static int gas_query_new_dialog_token(struct gas_query *gas, const u8 *dst)
-{
-	u8 dialog_token;
-	int i;
-
-	/* There should never be more than couple active GAS queries in
-	 * progress, so it should be very likely to find an available dialog
-	 * token by checking random values. Use a limit on the number of
-	 * iterations to handle the unexpected case of large number of pending
-	 * queries cleanly. */
-	for (i = 0; i < 256; i++) {
-		/* Get a random number and check if the slot is available */
-		if (os_get_random(&dialog_token, sizeof(dialog_token)) < 0)
-			break;
-		if (gas_query_dialog_token_available(gas, dst, dialog_token))
-			return dialog_token;
-	}
-
-	/* No dialog token value available */
-	return -1;
-}
-
-
-static int gas_query_set_sa(struct gas_query *gas,
-			    struct gas_query_pending *query)
-{
-	struct wpa_supplicant *wpa_s = gas->wpa_s;
-	struct os_reltime now;
-
-	if (query->maintain_addr ||
-	    !wpa_s->conf->gas_rand_mac_addr ||
-	    !(wpa_s->current_bss ?
-	      (wpa_s->drv_flags &
-	       WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA_CONNECTED) :
-	      (wpa_s->drv_flags & WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA))) {
-		/* Use own MAC address as the transmitter address */
-		wpa_printf(MSG_DEBUG,
-			   "GAS: Use own MAC address as the transmitter address%s%s%s",
-			   query->maintain_addr ? " (maintain_addr)" : "",
-			   !wpa_s->conf->gas_rand_mac_addr ? " (no gas_rand_mac_adr set)" : "",
-			   !(wpa_s->current_bss ?
-			     (wpa_s->drv_flags &
-			      WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA_CONNECTED) :
-			     (wpa_s->drv_flags &
-			      WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA)) ?
-			   " (no driver rand capa" : "");
-		os_memcpy(query->sa, wpa_s->own_addr, ETH_ALEN);
-		return 0;
-	}
-
-	os_get_reltime(&now);
-
-	if (wpa_s->conf->gas_rand_mac_addr == gas->last_rand_sa_type &&
-	    gas->last_mac_addr_rand.sec != 0 &&
-	    !os_reltime_expired(&now, &gas->last_mac_addr_rand,
-				wpa_s->conf->gas_rand_addr_lifetime)) {
-		wpa_printf(MSG_DEBUG,
-			   "GAS: Use the previously selected random transmitter address "
-			   MACSTR, MAC2STR(gas->rand_addr));
-		os_memcpy(query->sa, gas->rand_addr, ETH_ALEN);
-		return 0;
-	}
-
-	if (wpa_s->conf->gas_rand_mac_addr == 1 &&
-	    random_mac_addr(gas->rand_addr) < 0) {
-		wpa_printf(MSG_ERROR, "GAS: Failed to get random address");
-		return -1;
-	}
-
-	if (wpa_s->conf->gas_rand_mac_addr == 2 &&
-	    random_mac_addr_keep_oui(gas->rand_addr) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "GAS: Failed to get random address with same OUI");
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "GAS: Use a new random transmitter address "
-		   MACSTR, MAC2STR(gas->rand_addr));
-	os_memcpy(query->sa, gas->rand_addr, ETH_ALEN);
-	os_get_reltime(&gas->last_mac_addr_rand);
-	gas->last_rand_sa_type = wpa_s->conf->gas_rand_mac_addr;
-
-	return 0;
-}
-
-
-/**
- * gas_query_req - Request a GAS query
- * @gas: GAS query data from gas_query_init()
- * @dst: Destination MAC address for the query
- * @freq: Frequency (in MHz) for the channel on which to send the query
- * @wildcard_bssid: Force use of wildcard BSSID value
- * @maintain_addr: Maintain own MAC address for exchange (i.e., ignore MAC
- *	address randomization rules)
- * @req: GAS query payload (to be freed by gas_query module in case of success
- *	return)
- * @cb: Callback function for reporting GAS query result and response
- * @ctx: Context pointer to use with the @cb call
- * Returns: dialog token (>= 0) on success or -1 on failure
- */
-int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
-		  int wildcard_bssid, int maintain_addr, struct wpabuf *req,
-		  void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
-			     enum gas_query_result result,
-			     const struct wpabuf *adv_proto,
-			     const struct wpabuf *resp, u16 status_code),
-		  void *ctx)
-{
-	struct gas_query_pending *query;
-	int dialog_token;
-
-	if (wpabuf_len(req) < 3)
-		return -1;
-
-	dialog_token = gas_query_new_dialog_token(gas, dst);
-	if (dialog_token < 0)
-		return -1;
-
-	query = os_zalloc(sizeof(*query));
-	if (query == NULL)
-		return -1;
-
-	query->gas = gas;
-	query->maintain_addr = !!maintain_addr;
-	if (gas_query_set_sa(gas, query)) {
-		os_free(query);
-		return -1;
-	}
-	os_memcpy(query->addr, dst, ETH_ALEN);
-	query->dialog_token = dialog_token;
-	query->wildcard_bssid = !!wildcard_bssid;
-	query->freq = freq;
-	query->cb = cb;
-	query->ctx = ctx;
-	query->req = req;
-	dl_list_add(&gas->pending, &query->list);
-
-	*(wpabuf_mhead_u8(req) + 2) = dialog_token;
-
-	wpa_msg(gas->wpa_s, MSG_INFO, GAS_QUERY_START "addr=" MACSTR
-		" dialog_token=%u freq=%d",
-		MAC2STR(query->addr), query->dialog_token, query->freq);
-
-	if (radio_add_work(gas->wpa_s, freq, "gas-query", 0, gas_query_start_cb,
-			   query) < 0) {
-		query->req = NULL; /* caller will free this in error case */
-		gas_query_free(query, 1);
-		return -1;
-	}
-
-	return dialog_token;
-}
-
-
-int gas_query_stop(struct gas_query *gas, u8 dialog_token)
-{
-	struct gas_query_pending *query;
-
-	dl_list_for_each(query, &gas->pending, struct gas_query_pending, list) {
-		if (query->dialog_token == dialog_token) {
-			if (!gas->work) {
-				/* The pending radio work has not yet been
-				 * started, but the pending entry has a
-				 * reference to the soon to be freed query.
-				 * Need to remove that radio work now to avoid
-				 * leaving behind a reference to freed memory.
-				 */
-				radio_remove_pending_work(gas->wpa_s, query);
-			}
-			gas_query_done(gas, query, GAS_QUERY_STOPPED);
-			return 0;
-		}
-	}
-
-	return -1;
-}
diff --git a/wpa_supplicant/gas_query.h b/wpa_supplicant/gas_query.h
deleted file mode 100644
index 6ccecd4ddbe1..000000000000
--- a/wpa_supplicant/gas_query.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Generic advertisement service (GAS) query
- * Copyright (c) 2009, Atheros Communications
- * Copyright (c) 2011, Qualcomm Atheros
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef GAS_QUERY_H
-#define GAS_QUERY_H
-
-struct gas_query;
-
-#ifdef CONFIG_GAS
-
-struct gas_query * gas_query_init(struct wpa_supplicant *wpa_s);
-void gas_query_deinit(struct gas_query *gas);
-int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
-		 const u8 *bssid, u8 categ, const u8 *data, size_t len,
-		 int freq);
-
-/**
- * enum gas_query_result - GAS query result
- */
-enum gas_query_result {
-	GAS_QUERY_SUCCESS,
-	GAS_QUERY_FAILURE,
-	GAS_QUERY_TIMEOUT,
-	GAS_QUERY_PEER_ERROR,
-	GAS_QUERY_INTERNAL_ERROR,
-	GAS_QUERY_STOPPED,
-	GAS_QUERY_DELETED_AT_DEINIT
-};
-
-int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
-		  int wildcard_bssid, int maintain_addr, struct wpabuf *req,
-		  void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
-			     enum gas_query_result result,
-			     const struct wpabuf *adv_proto,
-			     const struct wpabuf *resp, u16 status_code),
-		  void *ctx);
-int gas_query_stop(struct gas_query *gas, u8 dialog_token);
-
-#else /* CONFIG_GAS */
-
-static inline struct gas_query * gas_query_init(struct wpa_supplicant *wpa_s)
-{
-	return (void *) 1;
-}
-
-static inline void gas_query_deinit(struct gas_query *gas)
-{
-}
-
-#endif /* CONFIG_GAS */
-
-
-#endif /* GAS_QUERY_H */
diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
deleted file mode 100644
index c1c823f2a85e..000000000000
--- a/wpa_supplicant/hs20_supplicant.c
+++ /dev/null
@@ -1,1357 +0,0 @@
-/*
- * Copyright (c) 2009, Atheros Communications, Inc.
- * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <sys/stat.h>
-
-#include "common.h"
-#include "eloop.h"
-#include "common/ieee802_11_common.h"
-#include "common/ieee802_11_defs.h"
-#include "common/gas.h"
-#include "common/wpa_ctrl.h"
-#include "rsn_supp/wpa.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "config.h"
-#include "scan.h"
-#include "bss.h"
-#include "bssid_ignore.h"
-#include "gas_query.h"
-#include "interworking.h"
-#include "hs20_supplicant.h"
-#include "base64.h"
-
-
-#define OSU_MAX_ITEMS 10
-
-struct osu_lang_string {
-	char lang[4];
-	char text[253];
-};
-
-struct osu_icon {
-	u16 width;
-	u16 height;
-	char lang[4];
-	char icon_type[256];
-	char filename[256];
-	unsigned int id;
-	unsigned int failed:1;
-};
-
-struct osu_provider {
-	u8 bssid[ETH_ALEN];
-	u8 osu_ssid[SSID_MAX_LEN];
-	u8 osu_ssid_len;
-	u8 osu_ssid2[SSID_MAX_LEN];
-	u8 osu_ssid2_len;
-	char server_uri[256];
-	u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */
-	char osu_nai[256];
-	char osu_nai2[256];
-	struct osu_lang_string friendly_name[OSU_MAX_ITEMS];
-	size_t friendly_name_count;
-	struct osu_lang_string serv_desc[OSU_MAX_ITEMS];
-	size_t serv_desc_count;
-	struct osu_icon icon[OSU_MAX_ITEMS];
-	size_t icon_count;
-};
-
-
-void hs20_configure_frame_filters(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss = wpa_s->current_bss;
-	u8 *bssid = wpa_s->bssid;
-	const u8 *ie;
-	const u8 *ext_capa;
-	u32 filter = 0;
-
-	if (!bss || !is_hs20_network(wpa_s, wpa_s->current_ssid, bss)) {
-		wpa_printf(MSG_DEBUG,
-			   "Not configuring frame filtering - BSS " MACSTR
-			   " is not a Hotspot 2.0 network", MAC2STR(bssid));
-		return;
-	}
-
-	ie = wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE);
-
-	/* Check if DGAF disabled bit is zero (5th byte in the IE) */
-	if (!ie || ie[1] < 5)
-		wpa_printf(MSG_DEBUG,
-			   "Not configuring frame filtering - Can't extract DGAF bit");
-	else if (!(ie[6] & HS20_DGAF_DISABLED))
-		filter |= WPA_DATA_FRAME_FILTER_FLAG_GTK;
-
-	ext_capa = wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB);
-	if (!ext_capa || ext_capa[1] < 2) {
-		wpa_printf(MSG_DEBUG,
-			   "Not configuring frame filtering - Can't extract Proxy ARP bit");
-		return;
-	}
-
-	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_PROXY_ARP))
-		filter |= WPA_DATA_FRAME_FILTER_FLAG_ARP |
-			WPA_DATA_FRAME_FILTER_FLAG_NA;
-
-	wpa_drv_configure_frame_filters(wpa_s, filter);
-}
-
-
-void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id, int ap_release)
-{
-	int release;
-	u8 conf;
-
-	release = (HS20_VERSION >> 4) + 1;
-	if (ap_release > 0 && release > ap_release)
-		release = ap_release;
-	if (release < 2)
-		pps_mo_id = -1;
-
-	wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
-	wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5);
-	wpabuf_put_be24(buf, OUI_WFA);
-	wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE);
-	conf = (release - 1) << 4;
-	if (pps_mo_id >= 0)
-		conf |= HS20_PPS_MO_ID_PRESENT;
-	wpabuf_put_u8(buf, conf);
-	if (pps_mo_id >= 0)
-		wpabuf_put_le16(buf, pps_mo_id);
-}
-
-
-void wpas_hs20_add_roam_cons_sel(struct wpabuf *buf,
-				 const struct wpa_ssid *ssid)
-{
-	if (!ssid->roaming_consortium_selection ||
-	    !ssid->roaming_consortium_selection_len)
-		return;
-
-	wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
-	wpabuf_put_u8(buf, 4 + ssid->roaming_consortium_selection_len);
-	wpabuf_put_be24(buf, OUI_WFA);
-	wpabuf_put_u8(buf, HS20_ROAMING_CONS_SEL_OUI_TYPE);
-	wpabuf_put_data(buf, ssid->roaming_consortium_selection,
-			ssid->roaming_consortium_selection_len);
-}
-
-
-int get_hs20_version(struct wpa_bss *bss)
-{
-	const u8 *ie;
-
-	if (!bss)
-		return 0;
-
-	ie = wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE);
-	if (!ie || ie[1] < 5)
-		return 0;
-
-	return ((ie[6] >> 4) & 0x0f) + 1;
-}
-
-
-int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-		    struct wpa_bss *bss)
-{
-	if (!wpa_s->conf->hs20 || !ssid)
-		return 0;
-
-	if (ssid->parent_cred)
-		return 1;
-
-	if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE))
-		return 0;
-
-	/*
-	 * This may catch some non-Hotspot 2.0 cases, but it is safer to do that
-	 * than cause Hotspot 2.0 connections without indication element getting
-	 * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element.
-	 */
-
-	if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X))
-		return 0;
-	if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP))
-		return 0;
-	if (ssid->proto != WPA_PROTO_RSN)
-		return 0;
-
-	return 1;
-}
-
-
-int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-	struct wpa_cred *cred;
-
-	if (ssid == NULL)
-		return 0;
-
-	if (ssid->update_identifier)
-		return ssid->update_identifier;
-
-	if (ssid->parent_cred == NULL)
-		return 0;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (ssid->parent_cred == cred)
-			return cred->update_identifier;
-	}
-
-	return 0;
-}
-
-
-void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
-		       struct wpabuf *buf)
-{
-	u8 *len_pos;
-
-	if (buf == NULL)
-		return;
-
-	len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
-	wpabuf_put_be24(buf, OUI_WFA);
-	wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE);
-	if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) {
-		wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY);
-		wpabuf_put_u8(buf, 0); /* Reserved */
-		if (payload)
-			wpabuf_put_data(buf, payload, payload_len);
-	} else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) {
-		wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST);
-		wpabuf_put_u8(buf, 0); /* Reserved */
-		if (payload)
-			wpabuf_put_data(buf, payload, payload_len);
-	} else {
-		u8 i;
-		wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST);
-		wpabuf_put_u8(buf, 0); /* Reserved */
-		for (i = 0; i < 32; i++) {
-			if (stypes & BIT(i))
-				wpabuf_put_u8(buf, i);
-		}
-	}
-	gas_anqp_set_element_len(buf, len_pos);
-
-	gas_anqp_set_len(buf);
-}
-
-
-static struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
-					   size_t payload_len)
-{
-	struct wpabuf *buf;
-
-	buf = gas_anqp_build_initial_req(0, 100 + payload_len);
-	if (buf == NULL)
-		return NULL;
-
-	hs20_put_anqp_req(stypes, payload, payload_len, buf);
-
-	return buf;
-}
-
-
-int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
-		       const u8 *payload, size_t payload_len, int inmem)
-{
-	struct wpabuf *buf;
-	int ret = 0;
-	int freq;
-	struct wpa_bss *bss;
-	int res;
-	struct icon_entry *icon_entry;
-
-	bss = wpa_bss_get_bssid(wpa_s, dst);
-	if (!bss) {
-		wpa_printf(MSG_WARNING,
-			   "ANQP: Cannot send query to unknown BSS "
-			   MACSTR, MAC2STR(dst));
-		return -1;
-	}
-
-	wpa_bss_anqp_unshare_alloc(bss);
-	freq = bss->freq;
-
-	wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for "
-		   "subtypes 0x%x", MAC2STR(dst), stypes);
-
-	buf = hs20_build_anqp_req(stypes, payload, payload_len);
-	if (buf == NULL)
-		return -1;
-
-	res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, anqp_resp_cb,
-			    wpa_s);
-	if (res < 0) {
-		wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
-		wpabuf_free(buf);
-		return -1;
-	} else
-		wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
-			   "%u", res);
-
-	if (inmem) {
-		icon_entry = os_zalloc(sizeof(struct icon_entry));
-		if (!icon_entry)
-			return -1;
-		os_memcpy(icon_entry->bssid, dst, ETH_ALEN);
-		icon_entry->file_name = os_malloc(payload_len + 1);
-		if (!icon_entry->file_name) {
-			os_free(icon_entry);
-			return -1;
-		}
-		os_memcpy(icon_entry->file_name, payload, payload_len);
-		icon_entry->file_name[payload_len] = '\0';
-		icon_entry->dialog_token = res;
-
-		dl_list_add(&wpa_s->icon_head, &icon_entry->list);
-	}
-
-	return ret;
-}
-
-
-static struct icon_entry * hs20_find_icon(struct wpa_supplicant *wpa_s,
-					  const u8 *bssid,
-					  const char *file_name)
-{
-	struct icon_entry *icon;
-
-	dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) {
-		if (os_memcmp(icon->bssid, bssid, ETH_ALEN) == 0 &&
-		    os_strcmp(icon->file_name, file_name) == 0 && icon->image)
-			return icon;
-	}
-
-	return NULL;
-}
-
-
-int hs20_get_icon(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		  const char *file_name, size_t offset, size_t size,
-		  char *reply, size_t buf_len)
-{
-	struct icon_entry *icon;
-	size_t out_size;
-	char *b64;
-	size_t b64_size;
-	int reply_size;
-
-	wpa_printf(MSG_DEBUG, "HS20: Get icon " MACSTR " %s @ %u +%u (%u)",
-		   MAC2STR(bssid), file_name, (unsigned int) offset,
-		   (unsigned int) size, (unsigned int) buf_len);
-
-	icon = hs20_find_icon(wpa_s, bssid, file_name);
-	if (!icon || !icon->image || offset >= icon->image_len)
-		return -1;
-	if (size > icon->image_len - offset)
-		size = icon->image_len - offset;
-	out_size = buf_len - 3 /* max base64 padding */;
-	if (size * 4 > out_size * 3)
-		size = out_size * 3 / 4;
-	if (size == 0)
-		return -1;
-
-	b64 = base64_encode(&icon->image[offset], size, &b64_size);
-	if (b64 && buf_len >= b64_size) {
-		os_memcpy(reply, b64, b64_size);
-		reply_size = b64_size;
-	} else {
-		reply_size = -1;
-	}
-	os_free(b64);
-	return reply_size;
-}
-
-
-static void hs20_free_icon_entry(struct icon_entry *icon)
-{
-	wpa_printf(MSG_DEBUG, "HS20: Free stored icon from " MACSTR
-		   " dialog_token=%u file_name=%s image_len=%u",
-		   MAC2STR(icon->bssid), icon->dialog_token,
-		   icon->file_name ? icon->file_name : "N/A",
-		   (unsigned int) icon->image_len);
-	os_free(icon->file_name);
-	os_free(icon->image);
-	os_free(icon);
-}
-
-
-int hs20_del_icon(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		  const char *file_name)
-{
-	struct icon_entry *icon, *tmp;
-	int count = 0;
-
-	if (!bssid)
-		wpa_printf(MSG_DEBUG, "HS20: Delete all stored icons");
-	else if (!file_name)
-		wpa_printf(MSG_DEBUG, "HS20: Delete all stored icons for "
-			   MACSTR, MAC2STR(bssid));
-	else
-		wpa_printf(MSG_DEBUG, "HS20: Delete stored icons for "
-			   MACSTR " file name %s", MAC2STR(bssid), file_name);
-
-	dl_list_for_each_safe(icon, tmp, &wpa_s->icon_head, struct icon_entry,
-			      list) {
-		if ((!bssid || os_memcmp(icon->bssid, bssid, ETH_ALEN) == 0) &&
-		    (!file_name ||
-		     os_strcmp(icon->file_name, file_name) == 0)) {
-			dl_list_del(&icon->list);
-			hs20_free_icon_entry(icon);
-			count++;
-		}
-	}
-	return count == 0 ? -1 : 0;
-}
-
-
-static void hs20_set_osu_access_permission(const char *osu_dir,
-					   const char *fname)
-{
-	struct stat statbuf;
-
-	/* Get OSU directory information */
-	if (stat(osu_dir, &statbuf) < 0) {
-		wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s",
-			   osu_dir);
-		return;
-	}
-
-	if (chmod(fname, statbuf.st_mode) < 0) {
-		wpa_printf(MSG_WARNING,
-			   "Cannot change the permissions for %s", fname);
-		return;
-	}
-
-	if (lchown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
-		wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
-			   fname);
-	}
-}
-
-
-static void hs20_remove_duplicate_icons(struct wpa_supplicant *wpa_s,
-					struct icon_entry *new_icon)
-{
-	struct icon_entry *icon, *tmp;
-
-	dl_list_for_each_safe(icon, tmp, &wpa_s->icon_head, struct icon_entry,
-			      list) {
-		if (icon == new_icon)
-			continue;
-		if (os_memcmp(icon->bssid, new_icon->bssid, ETH_ALEN) == 0 &&
-		    os_strcmp(icon->file_name, new_icon->file_name) == 0) {
-			dl_list_del(&icon->list);
-			hs20_free_icon_entry(icon);
-		}
-	}
-}
-
-
-static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s,
-					 const u8 *sa, const u8 *pos,
-					 size_t slen, u8 dialog_token)
-{
-	char fname[256];
-	int png;
-	FILE *f;
-	u16 data_len;
-	struct icon_entry *icon;
-
-	dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) {
-		if (icon->dialog_token == dialog_token && !icon->image &&
-		    os_memcmp(icon->bssid, sa, ETH_ALEN) == 0) {
-			icon->image = os_memdup(pos, slen);
-			if (!icon->image)
-				return -1;
-			icon->image_len = slen;
-			hs20_remove_duplicate_icons(wpa_s, icon);
-			wpa_msg(wpa_s, MSG_INFO,
-				RX_HS20_ICON MACSTR " %s %u",
-				MAC2STR(sa), icon->file_name,
-				(unsigned int) icon->image_len);
-			return 0;
-		}
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR " Icon Binary File",
-		MAC2STR(sa));
-
-	if (slen < 4) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
-			"value from " MACSTR, MAC2STR(sa));
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos);
-	if (*pos != 0)
-		return -1;
-	pos++;
-	slen--;
-
-	if ((size_t) 1 + pos[0] > slen) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
-			"value from " MACSTR, MAC2STR(sa));
-		return -1;
-	}
-	wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]);
-	png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0;
-	slen -= 1 + pos[0];
-	pos += 1 + pos[0];
-
-	if (slen < 2) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
-			"value from " MACSTR, MAC2STR(sa));
-		return -1;
-	}
-	data_len = WPA_GET_LE16(pos);
-	pos += 2;
-	slen -= 2;
-
-	if (data_len > slen) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
-			"value from " MACSTR, MAC2STR(sa));
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len);
-	if (wpa_s->conf->osu_dir == NULL)
-		return -1;
-
-	wpa_s->osu_icon_id++;
-	if (wpa_s->osu_icon_id == 0)
-		wpa_s->osu_icon_id++;
-	snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s",
-		 wpa_s->conf->osu_dir, wpa_s->osu_icon_id,
-		 png ? "png" : "icon");
-	f = fopen(fname, "wb");
-	if (f == NULL)
-		return -1;
-
-	hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
-
-	if (fwrite(pos, slen, 1, f) != 1) {
-		fclose(f);
-		unlink(fname);
-		return -1;
-	}
-	fclose(f);
-
-	wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP_ICON "%s", fname);
-	return 0;
-}
-
-
-static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	if (wpa_s->fetch_osu_icon_in_progress)
-		hs20_next_osu_icon(wpa_s);
-}
-
-
-static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res)
-{
-	size_t i, j;
-	struct os_reltime now, tmp;
-	int dur;
-
-	os_get_reltime(&now);
-	os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp);
-	dur = tmp.sec * 1000 + tmp.usec / 1000;
-	wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d",
-		   dur, res);
-
-	for (i = 0; i < wpa_s->osu_prov_count; i++) {
-		struct osu_provider *osu = &wpa_s->osu_prov[i];
-		for (j = 0; j < osu->icon_count; j++) {
-			struct osu_icon *icon = &osu->icon[j];
-			if (icon->id || icon->failed)
-				continue;
-			if (res < 0)
-				icon->failed = 1;
-			else
-				icon->id = wpa_s->osu_icon_id;
-			return;
-		}
-	}
-}
-
-
-void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
-				  struct wpa_bss *bss, const u8 *sa,
-				  const u8 *data, size_t slen, u8 dialog_token)
-{
-	const u8 *pos = data;
-	u8 subtype;
-	struct wpa_bss_anqp *anqp = NULL;
-	int ret;
-
-	if (slen < 2)
-		return;
-
-	if (bss)
-		anqp = bss->anqp;
-
-	subtype = *pos++;
-	slen--;
-
-	pos++; /* Reserved */
-	slen--;
-
-	switch (subtype) {
-	case HS20_STYPE_CAPABILITY_LIST:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" HS Capability List", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->hs20_capability_list);
-			anqp->hs20_capability_list =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_OPERATOR_FRIENDLY_NAME:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" Operator Friendly Name", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->hs20_operator_friendly_name);
-			anqp->hs20_operator_friendly_name =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_WAN_METRICS:
-		wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen);
-		if (slen < 13) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN "
-				"Metrics value from " MACSTR, MAC2STR(sa));
-			break;
-		}
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa),
-			pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5),
-			pos[9], pos[10], WPA_GET_LE16(pos + 11));
-		if (anqp) {
-			wpabuf_free(anqp->hs20_wan_metrics);
-			anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_CONNECTION_CAPABILITY:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" Connection Capability", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->hs20_connection_capability);
-			anqp->hs20_connection_capability =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_OPERATING_CLASS:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" Operating Class", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->hs20_operating_class);
-			anqp->hs20_operating_class =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_OSU_PROVIDERS_LIST:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" OSU Providers list", MAC2STR(sa));
-		wpa_s->num_prov_found++;
-		if (anqp) {
-			wpabuf_free(anqp->hs20_osu_providers_list);
-			anqp->hs20_osu_providers_list =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_ICON_BINARY_FILE:
-		ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen,
-						    dialog_token);
-		if (wpa_s->fetch_osu_icon_in_progress) {
-			hs20_osu_icon_fetch_result(wpa_s, ret);
-			eloop_cancel_timeout(hs20_continue_icon_fetch,
-					     wpa_s, NULL);
-			eloop_register_timeout(0, 0, hs20_continue_icon_fetch,
-					       wpa_s, NULL);
-		}
-		break;
-	case HS20_STYPE_OPERATOR_ICON_METADATA:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" Operator Icon Metadata", MAC2STR(sa));
-		wpa_hexdump(MSG_DEBUG, "Operator Icon Metadata", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->hs20_operator_icon_metadata);
-			anqp->hs20_operator_icon_metadata =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case HS20_STYPE_OSU_PROVIDERS_NAI_LIST:
-		wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
-			" OSU Providers NAI List", MAC2STR(sa));
-		if (anqp) {
-			wpabuf_free(anqp->hs20_osu_providers_nai_list);
-			anqp->hs20_osu_providers_nai_list =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype);
-		break;
-	}
-}
-
-
-void hs20_notify_parse_done(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->fetch_osu_icon_in_progress)
-		return;
-	if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL))
-		return;
-	/*
-	 * We are going through icon fetch, but no icon response was received.
-	 * Assume this means the current AP could not provide an answer to avoid
-	 * getting stuck in fetch iteration.
-	 */
-	hs20_icon_fetch_failed(wpa_s);
-}
-
-
-static void hs20_free_osu_prov_entry(struct osu_provider *prov)
-{
-}
-
-
-void hs20_free_osu_prov(struct wpa_supplicant *wpa_s)
-{
-	size_t i;
-	for (i = 0; i < wpa_s->osu_prov_count; i++)
-		hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]);
-	os_free(wpa_s->osu_prov);
-	wpa_s->osu_prov = NULL;
-	wpa_s->osu_prov_count = 0;
-}
-
-
-static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s)
-{
-	char fname[256];
-	FILE *f;
-	size_t i, j;
-
-	wpa_s->fetch_osu_info = 0;
-	wpa_s->fetch_osu_icon_in_progress = 0;
-
-	if (wpa_s->conf->osu_dir == NULL) {
-		hs20_free_osu_prov(wpa_s);
-		wpa_s->fetch_anqp_in_progress = 0;
-		return;
-	}
-
-	snprintf(fname, sizeof(fname), "%s/osu-providers.txt",
-		 wpa_s->conf->osu_dir);
-	f = fopen(fname, "w");
-	if (f == NULL) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Could not write OSU provider information");
-		hs20_free_osu_prov(wpa_s);
-		wpa_s->fetch_anqp_in_progress = 0;
-		return;
-	}
-
-	hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
-
-	for (i = 0; i < wpa_s->osu_prov_count; i++) {
-		struct osu_provider *osu = &wpa_s->osu_prov[i];
-		if (i > 0)
-			fprintf(f, "\n");
-		fprintf(f, "OSU-PROVIDER " MACSTR "\n"
-			"uri=%s\n"
-			"methods=%08x\n",
-			MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods);
-		if (osu->osu_ssid_len) {
-			fprintf(f, "osu_ssid=%s\n",
-				wpa_ssid_txt(osu->osu_ssid,
-					     osu->osu_ssid_len));
-		}
-		if (osu->osu_ssid2_len) {
-			fprintf(f, "osu_ssid2=%s\n",
-				wpa_ssid_txt(osu->osu_ssid2,
-					     osu->osu_ssid2_len));
-		}
-		if (osu->osu_nai[0])
-			fprintf(f, "osu_nai=%s\n", osu->osu_nai);
-		if (osu->osu_nai2[0])
-			fprintf(f, "osu_nai2=%s\n", osu->osu_nai2);
-		for (j = 0; j < osu->friendly_name_count; j++) {
-			fprintf(f, "friendly_name=%s:%s\n",
-				osu->friendly_name[j].lang,
-				osu->friendly_name[j].text);
-		}
-		for (j = 0; j < osu->serv_desc_count; j++) {
-			fprintf(f, "desc=%s:%s\n",
-				osu->serv_desc[j].lang,
-				osu->serv_desc[j].text);
-		}
-		for (j = 0; j < osu->icon_count; j++) {
-			struct osu_icon *icon = &osu->icon[j];
-			if (icon->failed)
-				continue; /* could not fetch icon */
-			fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n",
-				icon->id, icon->width, icon->height, icon->lang,
-				icon->icon_type, icon->filename);
-		}
-	}
-	fclose(f);
-	hs20_free_osu_prov(wpa_s);
-
-	wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed");
-	wpa_s->fetch_anqp_in_progress = 0;
-}
-
-
-void hs20_next_osu_icon(struct wpa_supplicant *wpa_s)
-{
-	size_t i, j;
-
-	wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon");
-
-	for (i = 0; i < wpa_s->osu_prov_count; i++) {
-		struct osu_provider *osu = &wpa_s->osu_prov[i];
-		for (j = 0; j < osu->icon_count; j++) {
-			struct osu_icon *icon = &osu->icon[j];
-			if (icon->id || icon->failed)
-				continue;
-
-			wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' "
-				   "from " MACSTR, icon->filename,
-				   MAC2STR(osu->bssid));
-			os_get_reltime(&wpa_s->osu_icon_fetch_start);
-			if (hs20_anqp_send_req(wpa_s, osu->bssid,
-					       BIT(HS20_STYPE_ICON_REQUEST),
-					       (u8 *) icon->filename,
-					       os_strlen(icon->filename),
-					       0) < 0) {
-				icon->failed = 1;
-				continue;
-			}
-			return;
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch");
-	hs20_osu_fetch_done(wpa_s);
-}
-
-
-static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			      const u8 *osu_ssid, u8 osu_ssid_len,
-			      const u8 *osu_ssid2, u8 osu_ssid2_len,
-			      const u8 *pos, size_t len)
-{
-	struct osu_provider *prov;
-	const u8 *end = pos + len;
-	u16 len2;
-	const u8 *pos2;
-	u8 uri_len, osu_method_len, osu_nai_len;
-
-	wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
-	prov = os_realloc_array(wpa_s->osu_prov,
-				wpa_s->osu_prov_count + 1,
-				sizeof(*prov));
-	if (prov == NULL)
-		return;
-	wpa_s->osu_prov = prov;
-	prov = &prov[wpa_s->osu_prov_count];
-	os_memset(prov, 0, sizeof(*prov));
-
-	os_memcpy(prov->bssid, bss->bssid, ETH_ALEN);
-	os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len);
-	prov->osu_ssid_len = osu_ssid_len;
-	if (osu_ssid2)
-		os_memcpy(prov->osu_ssid2, osu_ssid2, osu_ssid2_len);
-	prov->osu_ssid2_len = osu_ssid2_len;
-
-	/* OSU Friendly Name Length */
-	if (end - pos < 2) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
-			   "Friendly Name Length");
-		return;
-	}
-	len2 = WPA_GET_LE16(pos);
-	pos += 2;
-	if (len2 > end - pos) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
-			   "Friendly Name Duples");
-		return;
-	}
-	pos2 = pos;
-	pos += len2;
-
-	/* OSU Friendly Name Duples */
-	while (pos - pos2 >= 4 && prov->friendly_name_count < OSU_MAX_ITEMS) {
-		struct osu_lang_string *f;
-		u8 slen;
-
-		slen = pos2[0];
-		if (1 + slen > pos - pos2) {
-			wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name");
-			break;
-		}
-		if (slen < 3) {
-			wpa_printf(MSG_DEBUG,
-				   "Invalid OSU Friendly Name (no room for language)");
-			break;
-		}
-		f = &prov->friendly_name[prov->friendly_name_count++];
-		pos2++;
-		os_memcpy(f->lang, pos2, 3);
-		pos2 += 3;
-		slen -= 3;
-		os_memcpy(f->text, pos2, slen);
-		pos2 += slen;
-	}
-
-	/* OSU Server URI */
-	if (end - pos < 1) {
-		wpa_printf(MSG_DEBUG,
-			   "HS 2.0: Not enough room for OSU Server URI length");
-		return;
-	}
-	uri_len = *pos++;
-	if (uri_len > end - pos) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
-			   "URI");
-		return;
-	}
-	os_memcpy(prov->server_uri, pos, uri_len);
-	pos += uri_len;
-
-	/* OSU Method list */
-	if (end - pos < 1) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
-			   "list length");
-		return;
-	}
-	osu_method_len = pos[0];
-	if (osu_method_len > end - pos - 1) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
-			   "list");
-		return;
-	}
-	pos2 = pos + 1;
-	pos += 1 + osu_method_len;
-	while (pos2 < pos) {
-		if (*pos2 < 32)
-			prov->osu_methods |= BIT(*pos2);
-		pos2++;
-	}
-
-	/* Icons Available Length */
-	if (end - pos < 2) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
-			   "Available Length");
-		return;
-	}
-	len2 = WPA_GET_LE16(pos);
-	pos += 2;
-	if (len2 > end - pos) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
-			   "Available");
-		return;
-	}
-	pos2 = pos;
-	pos += len2;
-
-	/* Icons Available */
-	while (pos2 < pos) {
-		struct osu_icon *icon = &prov->icon[prov->icon_count];
-		u8 flen;
-
-		if (2 + 2 + 3 + 1 + 1 > pos - pos2) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata");
-			break;
-		}
-
-		icon->width = WPA_GET_LE16(pos2);
-		pos2 += 2;
-		icon->height = WPA_GET_LE16(pos2);
-		pos2 += 2;
-		os_memcpy(icon->lang, pos2, 3);
-		pos2 += 3;
-
-		flen = *pos2++;
-		if (flen > pos - pos2) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type");
-			break;
-		}
-		os_memcpy(icon->icon_type, pos2, flen);
-		pos2 += flen;
-
-		if (pos - pos2 < 1) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
-				   "Filename length");
-			break;
-		}
-		flen = *pos2++;
-		if (flen > pos - pos2) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
-				   "Filename");
-			break;
-		}
-		os_memcpy(icon->filename, pos2, flen);
-		pos2 += flen;
-
-		prov->icon_count++;
-	}
-
-	/* OSU_NAI */
-	if (end - pos < 1) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
-		return;
-	}
-	osu_nai_len = *pos++;
-	if (osu_nai_len > end - pos) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
-		return;
-	}
-	os_memcpy(prov->osu_nai, pos, osu_nai_len);
-	pos += osu_nai_len;
-
-	/* OSU Service Description Length */
-	if (end - pos < 2) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
-			   "Service Description Length");
-		return;
-	}
-	len2 = WPA_GET_LE16(pos);
-	pos += 2;
-	if (len2 > end - pos) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
-			   "Service Description Duples");
-		return;
-	}
-	pos2 = pos;
-	pos += len2;
-
-	/* OSU Service Description Duples */
-	while (pos - pos2 >= 4 && prov->serv_desc_count < OSU_MAX_ITEMS) {
-		struct osu_lang_string *f;
-		u8 descr_len;
-
-		descr_len = *pos2++;
-		if (descr_len > pos - pos2 || descr_len < 3) {
-			wpa_printf(MSG_DEBUG, "Invalid OSU Service "
-				   "Description");
-			break;
-		}
-		f = &prov->serv_desc[prov->serv_desc_count++];
-		os_memcpy(f->lang, pos2, 3);
-		os_memcpy(f->text, pos2 + 3, descr_len - 3);
-		pos2 += descr_len;
-	}
-
-	wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR,
-		   MAC2STR(bss->bssid));
-	wpa_s->osu_prov_count++;
-}
-
-
-void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-	struct wpabuf *prov_anqp;
-	const u8 *pos, *end;
-	u16 len;
-	const u8 *osu_ssid, *osu_ssid2;
-	u8 osu_ssid_len, osu_ssid2_len;
-	u8 num_providers;
-
-	hs20_free_osu_prov(wpa_s);
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		struct wpa_ie_data data;
-		const u8 *ie;
-
-		if (bss->anqp == NULL)
-			continue;
-		prov_anqp = bss->anqp->hs20_osu_providers_list;
-		if (prov_anqp == NULL)
-			continue;
-		ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &data) == 0 &&
-		    (data.key_mgmt & WPA_KEY_MGMT_OSEN)) {
-			osu_ssid2 = bss->ssid;
-			osu_ssid2_len = bss->ssid_len;
-		} else {
-			osu_ssid2 = NULL;
-			osu_ssid2_len = 0;
-		}
-		wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
-			   MACSTR, MAC2STR(bss->bssid));
-		wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",
-				prov_anqp);
-		pos = wpabuf_head(prov_anqp);
-		end = pos + wpabuf_len(prov_anqp);
-
-		/* OSU SSID */
-		if (end - pos < 1)
-			continue;
-		if (1 + pos[0] > end - pos) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
-				   "OSU SSID");
-			continue;
-		}
-		osu_ssid_len = *pos++;
-		if (osu_ssid_len > SSID_MAX_LEN) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
-				   "Length %u", osu_ssid_len);
-			continue;
-		}
-		osu_ssid = pos;
-		pos += osu_ssid_len;
-
-		if (end - pos < 1) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
-				   "Number of OSU Providers");
-			continue;
-		}
-		num_providers = *pos++;
-		wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u",
-			   num_providers);
-
-		/* OSU Providers */
-		while (end - pos > 2 && num_providers > 0) {
-			num_providers--;
-			len = WPA_GET_LE16(pos);
-			pos += 2;
-			if (len > (unsigned int) (end - pos))
-				break;
-			hs20_osu_add_prov(wpa_s, bss, osu_ssid,
-					  osu_ssid_len, osu_ssid2,
-					  osu_ssid2_len, pos, len);
-			pos += len;
-		}
-
-		if (pos != end) {
-			wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of "
-				   "extra data after OSU Providers",
-				   (int) (end - pos));
-		}
-
-		prov_anqp = bss->anqp->hs20_osu_providers_nai_list;
-		if (!prov_anqp)
-			continue;
-		wpa_printf(MSG_DEBUG,
-			   "HS 2.0: Parsing OSU Providers NAI List from "
-			   MACSTR, MAC2STR(bss->bssid));
-		wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers NAI List",
-				prov_anqp);
-		pos = wpabuf_head(prov_anqp);
-		end = pos + wpabuf_len(prov_anqp);
-		num_providers = 0;
-		while (end - pos > 0) {
-			len = *pos++;
-			if (end - pos < len) {
-				wpa_printf(MSG_DEBUG,
-					   "HS 2.0: Not enough room for OSU_NAI");
-				break;
-			}
-			if (num_providers >= wpa_s->osu_prov_count) {
-				wpa_printf(MSG_DEBUG,
-					   "HS 2.0: Ignore unexpected OSU Provider NAI List entries");
-				break;
-			}
-			os_memcpy(wpa_s->osu_prov[num_providers].osu_nai2,
-				  pos, len);
-			pos += len;
-			num_providers++;
-		}
-	}
-
-	wpa_s->fetch_osu_icon_in_progress = 1;
-	hs20_next_osu_icon(wpa_s);
-}
-
-
-static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s,
-				      struct wpa_scan_results *scan_res)
-{
-	wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed");
-	if (!wpa_s->fetch_osu_waiting_scan) {
-		wpa_printf(MSG_DEBUG, "OSU fetch have been canceled");
-		return;
-	}
-	wpa_s->network_select = 0;
-	wpa_s->fetch_all_anqp = 1;
-	wpa_s->fetch_osu_info = 1;
-	wpa_s->fetch_osu_icon_in_progress = 0;
-
-	interworking_start_fetch_anqp(wpa_s);
-}
-
-
-int hs20_fetch_osu(struct wpa_supplicant *wpa_s, int skip_scan)
-{
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
-			   "interface disabled");
-		return -1;
-	}
-
-	if (wpa_s->scanning) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
-			   "scanning");
-		return -1;
-	}
-
-	if (wpa_s->conf->osu_dir == NULL) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
-			   "osu_dir not configured");
-		return -1;
-	}
-
-	if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
-			   "fetch in progress (%d, %d)",
-			   wpa_s->fetch_anqp_in_progress,
-			   wpa_s->network_select);
-		return -1;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch");
-	wpa_s->num_osu_scans = 0;
-	wpa_s->num_prov_found = 0;
-	if (skip_scan) {
-		wpa_s->network_select = 0;
-		wpa_s->fetch_all_anqp = 1;
-		wpa_s->fetch_osu_info = 1;
-		wpa_s->fetch_osu_icon_in_progress = 0;
-
-		interworking_start_fetch_anqp(wpa_s);
-	} else {
-		hs20_start_osu_scan(wpa_s);
-	}
-
-	return 0;
-}
-
-
-void hs20_start_osu_scan(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->fetch_osu_waiting_scan = 1;
-	wpa_s->num_osu_scans++;
-	wpa_s->scan_req = MANUAL_SCAN_REQ;
-	wpa_s->scan_res_handler = hs20_osu_scan_res_handler;
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "Cancel OSU fetch");
-	interworking_stop_fetch_anqp(wpa_s);
-	wpa_s->fetch_osu_waiting_scan = 0;
-	wpa_s->network_select = 0;
-	wpa_s->fetch_osu_info = 0;
-	wpa_s->fetch_osu_icon_in_progress = 0;
-}
-
-
-void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s)
-{
-	hs20_osu_icon_fetch_result(wpa_s, -1);
-	eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
-	eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL);
-}
-
-
-void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
-				      const char *url, u8 osu_method)
-{
-	if (url)
-		wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s",
-			osu_method, url);
-	else
-		wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION);
-}
-
-
-void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
-				    u16 reauth_delay, const char *url)
-{
-	if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled");
-		return;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s",
-		code, reauth_delay, url);
-
-	if (code == HS20_DEAUTH_REASON_CODE_BSS) {
-		wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to ignore list");
-		wpa_bssid_ignore_add(wpa_s, wpa_s->bssid);
-		/* TODO: For now, disable full ESS since some drivers may not
-		 * support disabling per BSS. */
-		if (wpa_s->current_ssid) {
-			struct os_reltime now;
-			os_get_reltime(&now);
-			if (now.sec + reauth_delay <=
-			    wpa_s->current_ssid->disabled_until.sec)
-				return;
-			wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)",
-				   reauth_delay);
-			wpa_s->current_ssid->disabled_until.sec =
-				now.sec + reauth_delay;
-		}
-	}
-
-	if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) {
-		struct os_reltime now;
-		os_get_reltime(&now);
-		if (now.sec + reauth_delay <=
-		    wpa_s->current_ssid->disabled_until.sec)
-			return;
-		wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds",
-			   reauth_delay);
-		wpa_s->current_ssid->disabled_until.sec =
-			now.sec + reauth_delay;
-	}
-}
-
-
-void hs20_rx_t_c_acceptance(struct wpa_supplicant *wpa_s, const char *url)
-{
-	if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
-		wpa_printf(MSG_DEBUG,
-			   "HS 2.0: Ignore Terms and Conditions Acceptance since PMF was not enabled");
-		return;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, HS20_T_C_ACCEPTANCE "%s", url);
-}
-
-
-void hs20_init(struct wpa_supplicant *wpa_s)
-{
-	dl_list_init(&wpa_s->icon_head);
-}
-
-
-void hs20_deinit(struct wpa_supplicant *wpa_s)
-{
-	eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
-	hs20_free_osu_prov(wpa_s);
-	if (wpa_s->icon_head.next)
-		hs20_del_icon(wpa_s, NULL, NULL);
-}
diff --git a/wpa_supplicant/hs20_supplicant.h b/wpa_supplicant/hs20_supplicant.h
deleted file mode 100644
index e43414bc65c5..000000000000
--- a/wpa_supplicant/hs20_supplicant.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef HS20_SUPPLICANT_H
-#define HS20_SUPPLICANT_H
-
-void hs20_configure_frame_filters(struct wpa_supplicant *wpa_s);
-void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id,
-			      int ap_release);
-void wpas_hs20_add_roam_cons_sel(struct wpabuf *buf,
-				 const struct wpa_ssid *ssid);
-
-int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
-		       const u8 *payload, size_t payload_len, int inmem);
-void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
-		       struct wpabuf *buf);
-void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
-				  struct wpa_bss *bss, const u8 *sa,
-				  const u8 *data, size_t slen, u8 dialog_token);
-int get_hs20_version(struct wpa_bss *bss);
-int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-		    struct wpa_bss *bss);
-int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
-void hs20_notify_parse_done(struct wpa_supplicant *wpa_s);
-
-void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
-				      const char *url, u8 osu_method);
-void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
-				    u16 reauth_delay, const char *url);
-void hs20_rx_t_c_acceptance(struct wpa_supplicant *wpa_s, const char *url);
-
-void hs20_free_osu_prov(struct wpa_supplicant *wpa_s);
-void hs20_next_osu_icon(struct wpa_supplicant *wpa_s);
-void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s);
-int hs20_fetch_osu(struct wpa_supplicant *wpa_s, int skip_scan);
-void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s);
-void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s);
-void hs20_start_osu_scan(struct wpa_supplicant *wpa_s);
-void hs20_init(struct wpa_supplicant *wpa_s);
-void hs20_deinit(struct wpa_supplicant *wpa_s);
-int hs20_get_icon(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		  const char *file_name, size_t offset, size_t size,
-		  char *reply, size_t buf_len);
-int hs20_del_icon(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		  const char *file_name);
-
-#endif /* HS20_SUPPLICANT_H */
diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
deleted file mode 100644
index 02e63904c5d7..000000000000
--- a/wpa_supplicant/ibss_rsn.c
+++ /dev/null
@@ -1,954 +0,0 @@
-/*
- * wpa_supplicant - IBSS RSN
- * Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/wpa_ctrl.h"
-#include "utils/eloop.h"
-#include "l2_packet/l2_packet.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/wpa_ie.h"
-#include "ap/wpa_auth.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "common/ieee802_11_defs.h"
-#include "ibss_rsn.h"
-
-
-static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx);
-
-
-static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn,
-						const u8 *addr)
-{
-	struct ibss_rsn_peer *peer;
-
-	for (peer = ibss_rsn->peers; peer; peer = peer->next)
-		if (os_memcmp(addr, peer->addr, ETH_ALEN) == 0)
-			break;
-	return peer;
-}
-
-
-static void ibss_rsn_free(struct ibss_rsn_peer *peer)
-{
-	eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
-	wpa_auth_sta_deinit(peer->auth);
-	wpa_sm_deinit(peer->supp);
-	os_free(peer);
-}
-
-
-static void supp_set_state(void *ctx, enum wpa_states state)
-{
-	struct ibss_rsn_peer *peer = ctx;
-	peer->supp_state = state;
-}
-
-
-static enum wpa_states supp_get_state(void *ctx)
-{
-	struct ibss_rsn_peer *peer = ctx;
-	return peer->supp_state;
-}
-
-
-static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf,
-			   size_t len)
-{
-	struct ibss_rsn_peer *peer = ctx;
-	struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
-	int encrypt = peer->authentication_status & IBSS_RSN_REPORTED_PTK;
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR
-		   " proto=0x%04x len=%lu no_encrypt=%d)",
-		   __func__, MAC2STR(dest), proto, (unsigned long) len,
-		   !encrypt);
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
-		return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len,
-					       !encrypt);
-
-	if (wpa_s->l2)
-		return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
-
-	return -1;
-}
-
-
-static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data,
-			     u16 data_len, size_t *msg_len, void **data_pos)
-{
-	struct ieee802_1x_hdr *hdr;
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)",
-		   __func__, type, data_len);
-
-	*msg_len = sizeof(*hdr) + data_len;
-	hdr = os_malloc(*msg_len);
-	if (hdr == NULL)
-		return NULL;
-
-	hdr->version = 2;
-	hdr->type = type;
-	hdr->length = host_to_be16(data_len);
-
-	if (data)
-		os_memcpy(hdr + 1, data, data_len);
-	else
-		os_memset(hdr + 1, 0, data_len);
-
-	if (data_pos)
-		*data_pos = hdr + 1;
-
-	return (u8 *) hdr;
-}
-
-
-static int supp_get_beacon_ie(void *ctx)
-{
-	struct ibss_rsn_peer *peer = ctx;
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
-	/* TODO: get correct RSN IE */
-	wpa_sm_set_ap_rsnxe(peer->supp, NULL, 0);
-	return wpa_sm_set_ap_rsn_ie(peer->supp,
-				    (u8 *) "\x30\x14\x01\x00"
-				    "\x00\x0f\xac\x04"
-				    "\x01\x00\x00\x0f\xac\x04"
-				    "\x01\x00\x00\x0f\xac\x02"
-				    "\x00\x00", 22);
-}
-
-
-static void ibss_check_rsn_completed(struct ibss_rsn_peer *peer)
-{
-	struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
-
-	if ((peer->authentication_status &
-	     (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) !=
-	    (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH))
-		return;
-	if (peer->authentication_status & IBSS_RSN_REPORTED_PTK)
-		return;
-	peer->authentication_status |= IBSS_RSN_REPORTED_PTK;
-	wpa_msg(wpa_s, MSG_INFO, IBSS_RSN_COMPLETED MACSTR,
-		MAC2STR(peer->addr));
-}
-
-
-static int supp_set_key(void *ctx, enum wpa_alg alg,
-			const u8 *addr, int key_idx, int set_tx,
-			const u8 *seq, size_t seq_len,
-			const u8 *key, size_t key_len, enum key_flag key_flag)
-{
-	struct ibss_rsn_peer *peer = ctx;
-
-	wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d "
-		   "set_tx=%d)",
-		   __func__, alg, MAC2STR(addr), key_idx, set_tx);
-	wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len);
-	wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len);
-
-	if (key_idx == 0) {
-		peer->authentication_status |= IBSS_RSN_SET_PTK_SUPP;
-		ibss_check_rsn_completed(peer);
-		/*
-		 * In IBSS RSN, the pairwise key from the 4-way handshake
-		 * initiated by the peer with highest MAC address is used.
-		 */
-		if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr,
-			      ETH_ALEN) > 0) {
-			wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK");
-			return 0;
-		}
-	}
-
-	if (is_broadcast_ether_addr(addr))
-		addr = peer->addr;
-	return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx,
-			       set_tx, seq, seq_len, key, key_len, key_flag);
-}
-
-
-static void * supp_get_network_ctx(void *ctx)
-{
-	struct ibss_rsn_peer *peer = ctx;
-	return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s);
-}
-
-
-static int supp_mlme_setprotection(void *ctx, const u8 *addr,
-				   int protection_type, int key_type)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d "
-		   "key_type=%d)",
-		   __func__, MAC2STR(addr), protection_type, key_type);
-	return 0;
-}
-
-
-static void supp_cancel_auth_timeout(void *ctx)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
-}
-
-
-static void supp_deauthenticate(void *ctx, u16 reason_code)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__);
-}
-
-
-static void supp_reconnect(void *ctx)
-{
-	wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__);
-}
-
-
-static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr,
-			      const u8 *psk)
-{
-	struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx));
-	if (ctx == NULL)
-		return -1;
-
-	ctx->ctx = peer;
-	ctx->msg_ctx = peer->ibss_rsn->wpa_s;
-	ctx->set_state = supp_set_state;
-	ctx->get_state = supp_get_state;
-	ctx->ether_send = supp_ether_send;
-	ctx->get_beacon_ie = supp_get_beacon_ie;
-	ctx->alloc_eapol = supp_alloc_eapol;
-	ctx->set_key = supp_set_key;
-	ctx->get_network_ctx = supp_get_network_ctx;
-	ctx->mlme_setprotection = supp_mlme_setprotection;
-	ctx->cancel_auth_timeout = supp_cancel_auth_timeout;
-	ctx->deauthenticate = supp_deauthenticate;
-	ctx->reconnect = supp_reconnect;
-	peer->supp = wpa_sm_init(ctx);
-	if (peer->supp == NULL) {
-		wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed");
-		os_free(ctx);
-		return -1;
-	}
-
-	wpa_sm_set_own_addr(peer->supp, own_addr);
-	wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1);
-	wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN);
-	wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP);
-	wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP);
-	wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK);
-	wpa_sm_set_pmk(peer->supp, psk, PMK_LEN, NULL, NULL);
-
-	peer->supp_ie_len = sizeof(peer->supp_ie);
-	if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie,
-					    &peer->supp_ie_len) < 0) {
-		wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()"
-			   " failed");
-		return -1;
-	}
-
-	wpa_sm_notify_assoc(peer->supp, peer->addr);
-
-	return 0;
-}
-
-
-static void auth_logger(void *ctx, const u8 *addr, logger_level level,
-			const char *txt)
-{
-	if (addr)
-		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s",
-			   MAC2STR(addr), txt);
-	else
-		wpa_printf(MSG_DEBUG, "AUTH: %s", txt);
-}
-
-
-static const u8 * auth_get_psk(void *ctx, const u8 *addr,
-			       const u8 *p2p_dev_addr, const u8 *prev_psk,
-			       size_t *psk_len, int *vlan_id)
-{
-	struct ibss_rsn *ibss_rsn = ctx;
-
-	if (psk_len)
-		*psk_len = PMK_LEN;
-	if (vlan_id)
-		*vlan_id = 0;
-	wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
-		   __func__, MAC2STR(addr), prev_psk);
-	if (prev_psk)
-		return NULL;
-	return ibss_rsn->psk;
-}
-
-
-static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
-			   size_t data_len, int encrypt)
-{
-	struct ibss_rsn *ibss_rsn = ctx;
-	struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s;
-
-	wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu "
-		   "encrypt=%d)",
-		   __func__, MAC2STR(addr), (unsigned long) data_len, encrypt);
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
-		return wpa_drv_tx_control_port(wpa_s, addr, ETH_P_EAPOL,
-					       data, data_len, !encrypt);
-
-	if (wpa_s->l2)
-		return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data,
-				      data_len);
-
-	return -1;
-}
-
-
-static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
-			const u8 *addr, int idx, u8 *key, size_t key_len,
-			enum key_flag key_flag)
-{
-	struct ibss_rsn *ibss_rsn = ctx;
-	u8 seq[6];
-
-	os_memset(seq, 0, sizeof(seq));
-
-	if (addr) {
-		wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR
-			   " key_idx=%d)",
-			   __func__, alg, MAC2STR(addr), idx);
-	} else {
-		wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)",
-			   __func__, alg, idx);
-	}
-	wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len);
-
-	if (idx == 0) {
-		if (addr) {
-			struct ibss_rsn_peer *peer;
-			peer = ibss_rsn_get_peer(ibss_rsn, addr);
-			if (peer) {
-				peer->authentication_status |=
-					IBSS_RSN_SET_PTK_AUTH;
-				ibss_check_rsn_completed(peer);
-			}
-		}
-		/*
-		 * In IBSS RSN, the pairwise key from the 4-way handshake
-		 * initiated by the peer with highest MAC address is used.
-		 */
-		if (addr == NULL ||
-		    os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) {
-			wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK");
-			return 0;
-		}
-	}
-
-	return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx,
-			       1, seq, 6, key, key_len, key_flag);
-}
-
-
-static void ibss_rsn_disconnect(void *ctx, const u8 *addr, u16 reason)
-{
-	struct ibss_rsn *ibss_rsn = ctx;
-	wpa_drv_sta_deauth(ibss_rsn->wpa_s, addr, reason);
-}
-
-
-static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm,
-						  void *ctx),
-			     void *cb_ctx)
-{
-	struct ibss_rsn *ibss_rsn = ctx;
-	struct ibss_rsn_peer *peer;
-
-	wpa_printf(MSG_DEBUG, "AUTH: for_each_sta");
-
-	for (peer = ibss_rsn->peers; peer; peer = peer->next) {
-		if (peer->auth && cb(peer->auth, cb_ctx))
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn,
-				    struct ibss_rsn_peer *peer, int authorized)
-{
-	int res;
-
-	if (authorized) {
-		res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
-					    WPA_STA_AUTHORIZED,
-					    WPA_STA_AUTHORIZED, ~0);
-		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port",
-			   MAC2STR(peer->addr));
-	} else {
-		res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
-					    0, 0, ~WPA_STA_AUTHORIZED);
-		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port",
-			   MAC2STR(peer->addr));
-	}
-
-	if (res && errno != ENOENT) {
-		wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags "
-			   "for kernel driver (errno=%d)",
-			   MAC2STR(peer->addr), errno);
-	}
-}
-
-
-static void auth_set_eapol(void *ctx, const u8 *addr,
-				       wpa_eapol_variable var, int value)
-{
-	struct ibss_rsn *ibss_rsn = ctx;
-	struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr);
-
-	if (peer == NULL)
-		return;
-
-	switch (var) {
-	case WPA_EAPOL_authorized:
-		ibss_set_sta_authorized(ibss_rsn, peer, value);
-		break;
-	default:
-		/* do not handle any other event */
-		wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var);
-		break;
-	}
-}
-
-
-static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
-				    const u8 *own_addr, struct wpa_ssid *ssid)
-{
-	struct wpa_auth_config conf;
-	static const struct wpa_auth_callbacks cb = {
-		.logger = auth_logger,
-		.set_eapol = auth_set_eapol,
-		.send_eapol = auth_send_eapol,
-		.get_psk = auth_get_psk,
-		.set_key = auth_set_key,
-		.for_each_sta = auth_for_each_sta,
-		.disconnect = ibss_rsn_disconnect,
-	};
-
-	wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine");
-
-	os_memset(&conf, 0, sizeof(conf));
-	conf.wpa = 2;
-	conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
-	conf.wpa_pairwise = WPA_CIPHER_CCMP;
-	conf.rsn_pairwise = WPA_CIPHER_CCMP;
-	conf.wpa_group = WPA_CIPHER_CCMP;
-	conf.eapol_version = 2;
-	conf.wpa_group_rekey = ssid->group_rekey ? ssid->group_rekey : 600;
-	conf.wpa_group_update_count = 4;
-	conf.wpa_pairwise_update_count = 4;
-
-	ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb, ibss_rsn);
-	if (ibss_rsn->auth_group == NULL) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed");
-		return -1;
-	}
-
-	wpa_init_keys(ibss_rsn->auth_group);
-
-	return 0;
-}
-
-
-static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn,
-			      struct ibss_rsn_peer *peer)
-{
-	peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr, NULL);
-	if (peer->auth == NULL) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed");
-		return -1;
-	}
-
-	/* TODO: get peer RSN IE with Probe Request */
-	if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth, 0,
-				(u8 *) "\x30\x14\x01\x00"
-				"\x00\x0f\xac\x04"
-				"\x01\x00\x00\x0f\xac\x04"
-				"\x01\x00\x00\x0f\xac\x02"
-				"\x00\x00", 22, NULL, 0, NULL, 0, NULL, 0) !=
-	    WPA_IE_OK) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
-		return -1;
-	}
-
-	if (wpa_auth_sm_event(peer->auth, WPA_ASSOC))
-		return -1;
-
-	if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth))
-		return -1;
-
-	return 0;
-}
-
-
-static int ibss_rsn_send_auth(struct ibss_rsn *ibss_rsn, const u8 *da, int seq)
-{
-	struct ieee80211_mgmt auth;
-	const size_t auth_length = IEEE80211_HDRLEN + sizeof(auth.u.auth);
-	struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s;
-
-	os_memset(&auth, 0, sizeof(auth));
-
-	auth.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
-					  WLAN_FC_STYPE_AUTH);
-	os_memcpy(auth.da, da, ETH_ALEN);
-	os_memcpy(auth.sa, wpa_s->own_addr, ETH_ALEN);
-	os_memcpy(auth.bssid, wpa_s->bssid, ETH_ALEN);
-
-	auth.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
-	auth.u.auth.auth_transaction = host_to_le16(seq);
-	auth.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS);
-
-	wpa_printf(MSG_DEBUG, "RSN: IBSS TX Auth frame (SEQ %d) to " MACSTR,
-		   seq, MAC2STR(da));
-
-	return wpa_drv_send_mlme(wpa_s, (u8 *) &auth, auth_length, 0, 0, 0);
-}
-
-
-static int ibss_rsn_is_auth_started(struct ibss_rsn_peer * peer)
-{
-	return peer->authentication_status &
-	       (IBSS_RSN_AUTH_BY_US | IBSS_RSN_AUTH_EAPOL_BY_US);
-}
-
-
-static struct ibss_rsn_peer *
-ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr)
-{
-	struct ibss_rsn_peer *peer;
-	if (ibss_rsn == NULL)
-		return NULL;
-
-	peer = ibss_rsn_get_peer(ibss_rsn, addr);
-	if (peer) {
-		wpa_printf(MSG_DEBUG, "RSN: IBSS Supplicant for peer "MACSTR
-			   " already running", MAC2STR(addr));
-		return peer;
-	}
-
-	wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Supplicant for peer "MACSTR,
-		   MAC2STR(addr));
-
-	peer = os_zalloc(sizeof(*peer));
-	if (peer == NULL) {
-		wpa_printf(MSG_DEBUG, "RSN: Could not allocate memory.");
-		return NULL;
-	}
-
-	peer->ibss_rsn = ibss_rsn;
-	os_memcpy(peer->addr, addr, ETH_ALEN);
-	peer->authentication_status = IBSS_RSN_AUTH_NOT_AUTHENTICATED;
-
-	if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr,
-			       ibss_rsn->psk) < 0) {
-		ibss_rsn_free(peer);
-		return NULL;
-	}
-
-	peer->next = ibss_rsn->peers;
-	ibss_rsn->peers = peer;
-
-	return peer;
-}
-
-
-static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct ibss_rsn_peer *peer = eloop_ctx;
-
-	/*
-	 * Assume peer does not support Authentication exchange or the frame was
-	 * lost somewhere - start EAPOL Authenticator.
-	 */
-	wpa_printf(MSG_DEBUG,
-		   "RSN: Timeout on waiting Authentication frame response from "
-		   MACSTR " - start authenticator", MAC2STR(peer->addr));
-
-	peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
-	ibss_rsn_auth_init(peer->ibss_rsn, peer);
-}
-
-
-int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
-{
-	struct ibss_rsn_peer *peer;
-	int res;
-
-	if (!ibss_rsn)
-		return -1;
-
-	/* if the peer already exists, exit immediately */
-	peer = ibss_rsn_get_peer(ibss_rsn, addr);
-	if (peer)
-		return 0;
-
-	peer = ibss_rsn_peer_init(ibss_rsn, addr);
-	if (peer == NULL)
-		return -1;
-
-	/* Open Authentication: send first Authentication frame */
-	res = ibss_rsn_send_auth(ibss_rsn, addr, 1);
-	if (res) {
-		/*
-		 * The driver may not support Authentication frame exchange in
-		 * IBSS. Ignore authentication and go through EAPOL exchange.
-		 */
-		peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
-		return ibss_rsn_auth_init(ibss_rsn, peer);
-	} else {
-		os_get_reltime(&peer->own_auth_tx);
-		eloop_register_timeout(1, 0, ibss_rsn_auth_timeout, peer, NULL);
-	}
-
-	return 0;
-}
-
-
-static int ibss_rsn_peer_authenticated(struct ibss_rsn *ibss_rsn,
-				       struct ibss_rsn_peer *peer, int reason)
-{
-	int already_started;
-
-	if (ibss_rsn == NULL || peer == NULL)
-		return -1;
-
-	already_started = ibss_rsn_is_auth_started(peer);
-	peer->authentication_status |= reason;
-
-	if (already_started) {
-		wpa_printf(MSG_DEBUG, "RSN: IBSS Authenticator already "
-			   "started for peer " MACSTR, MAC2STR(peer->addr));
-		return 0;
-	}
-
-	wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator "
-		   "for now-authenticated peer " MACSTR, MAC2STR(peer->addr));
-
-	return ibss_rsn_auth_init(ibss_rsn, peer);
-}
-
-
-void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac)
-{
-	struct ibss_rsn_peer *peer, *prev;
-
-	if (ibss_rsn == NULL)
-		return;
-
-	if (peermac == NULL) {
-		/* remove all peers */
-		wpa_printf(MSG_DEBUG, "%s: Remove all peers", __func__);
-		peer = ibss_rsn->peers;
-		while (peer) {
-			prev = peer;
-			peer = peer->next;
-			ibss_rsn_free(prev);
-			ibss_rsn->peers = peer;
-		}
-	} else {
-		/* remove specific peer */
-		wpa_printf(MSG_DEBUG, "%s: Remove specific peer " MACSTR,
-			   __func__, MAC2STR(peermac));
-
-		for (prev = NULL, peer = ibss_rsn->peers; peer != NULL;
-		     prev = peer, peer = peer->next) {
-			if (os_memcmp(peermac, peer->addr, ETH_ALEN) == 0) {
-				if (prev == NULL)
-					ibss_rsn->peers = peer->next;
-				else
-					prev->next = peer->next;
-				ibss_rsn_free(peer);
-				wpa_printf(MSG_DEBUG, "%s: Successfully "
-					   "removed a specific peer",
-					   __func__);
-				break;
-			}
-		}
-	}
-}
-
-
-struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s,
-				struct wpa_ssid *ssid)
-{
-	struct ibss_rsn *ibss_rsn;
-
-	ibss_rsn = os_zalloc(sizeof(*ibss_rsn));
-	if (ibss_rsn == NULL)
-		return NULL;
-	ibss_rsn->wpa_s = wpa_s;
-
-	if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr, ssid) < 0) {
-		ibss_rsn_deinit(ibss_rsn);
-		return NULL;
-	}
-
-	return ibss_rsn;
-}
-
-
-void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn)
-{
-	struct ibss_rsn_peer *peer, *prev;
-
-	if (ibss_rsn == NULL)
-		return;
-
-	peer = ibss_rsn->peers;
-	while (peer) {
-		prev = peer;
-		peer = peer->next;
-		ibss_rsn_free(prev);
-	}
-
-	if (ibss_rsn->auth_group)
-		wpa_deinit(ibss_rsn->auth_group);
-	os_free(ibss_rsn);
-
-}
-
-
-static int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len)
-{
-	const struct ieee802_1x_hdr *hdr;
-	const struct wpa_eapol_key *key;
-	u16 key_info;
-	size_t plen;
-
-	/* TODO: Support other EAPOL packets than just EAPOL-Key */
-
-	if (len < sizeof(*hdr) + sizeof(*key))
-		return -1;
-
-	hdr = (const struct ieee802_1x_hdr *) buf;
-	key = (const struct wpa_eapol_key *) (hdr + 1);
-	plen = be_to_host16(hdr->length);
-
-	if (hdr->version < EAPOL_VERSION) {
-		/* TODO: backwards compatibility */
-	}
-	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
-		wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, "
-			"not a Key frame", hdr->type);
-		return -1;
-	}
-	if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
-		wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu "
-			   "invalid (frame size %lu)",
-			   (unsigned long) plen, (unsigned long) len);
-		return -1;
-	}
-
-	if (key->type != EAPOL_KEY_TYPE_RSN) {
-		wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, "
-			   "discarded", key->type);
-		return -1;
-	}
-
-	key_info = WPA_GET_BE16(key->key_info);
-
-	return !!(key_info & WPA_KEY_INFO_ACK);
-}
-
-
-static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn,
-				     struct ibss_rsn_peer *peer,
-				     const u8 *buf, size_t len)
-{
-	int supp;
-	u8 *tmp;
-
-	supp = ibss_rsn_eapol_dst_supp(buf, len);
-	if (supp < 0)
-		return -1;
-
-	tmp = os_memdup(buf, len);
-	if (tmp == NULL)
-		return -1;
-	if (supp) {
-		peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER;
-		wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from "
-			   MACSTR, MAC2STR(peer->addr));
-		wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len);
-	} else {
-		if (ibss_rsn_is_auth_started(peer) == 0) {
-			wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for "
-				   "Authenticator dropped as " MACSTR " is not "
-				   "authenticated", MAC2STR(peer->addr));
-			os_free(tmp);
-			return -1;
-		}
-
-		wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator "
-			   "from "MACSTR, MAC2STR(peer->addr));
-		wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len);
-	}
-	os_free(tmp);
-
-	return 1;
-}
-
-
-int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr,
-		      const u8 *buf, size_t len)
-{
-	struct ibss_rsn_peer *peer;
-
-	if (ibss_rsn == NULL)
-		return -1;
-
-	peer = ibss_rsn_get_peer(ibss_rsn, src_addr);
-	if (peer)
-		return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len);
-
-	if (ibss_rsn_eapol_dst_supp(buf, len) > 0) {
-		/*
-		 * Create new IBSS peer based on an EAPOL message from the peer
-		 * Authenticator.
-		 */
-		peer = ibss_rsn_peer_init(ibss_rsn, src_addr);
-		if (peer == NULL)
-			return -1;
-
-		/* assume the peer is authenticated already */
-		wpa_printf(MSG_DEBUG, "RSN: IBSS Not using IBSS Auth for peer "
-			   MACSTR, MAC2STR(src_addr));
-		ibss_rsn_peer_authenticated(ibss_rsn, peer,
-					    IBSS_RSN_AUTH_EAPOL_BY_US);
-
-		return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers,
-						 buf, len);
-	}
-
-	return 0;
-}
-
-void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk)
-{
-	if (ibss_rsn == NULL)
-		return;
-	os_memcpy(ibss_rsn->psk, psk, PMK_LEN);
-}
-
-
-static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn,
-					struct ibss_rsn_peer *peer,
-					const u8* addr)
-{
-	wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 1) from " MACSTR,
-		   MAC2STR(addr));
-
-	if (peer &&
-	    peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
-					   IBSS_RSN_SET_PTK_AUTH)) {
-		/* Clear the TK for this pair to allow recovery from the case
-		 * where the peer STA has restarted and lost its key while we
-		 * still have a pairwise key configured. */
-		wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
-			   MACSTR, MAC2STR(addr));
-		wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
-				NULL, 0, NULL, 0, KEY_FLAG_PAIRWISE);
-	}
-
-	if (peer &&
-	    peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
-		if (peer->own_auth_tx.sec) {
-			struct os_reltime now, diff;
-			os_get_reltime(&now);
-			os_reltime_sub(&now, &peer->own_auth_tx, &diff);
-			if (diff.sec == 0 && diff.usec < 500000) {
-				wpa_printf(MSG_DEBUG, "RSN: Skip IBSS reinit since only %u usec from own Auth frame TX",
-					   (int) diff.usec);
-				goto skip_reinit;
-			}
-		}
-		/*
-		 * A peer sent us an Authentication frame even though it already
-		 * started an EAPOL session. We should reinit state machines
-		 * here, but it's much more complicated than just deleting and
-		 * recreating the state machine
-		 */
-		wpa_printf(MSG_DEBUG, "RSN: IBSS Reinitializing station "
-			   MACSTR, MAC2STR(addr));
-
-		ibss_rsn_stop(ibss_rsn, addr);
-		peer = NULL;
-	}
-
-	if (!peer) {
-		peer = ibss_rsn_peer_init(ibss_rsn, addr);
-		if (!peer)
-			return;
-
-		wpa_printf(MSG_DEBUG, "RSN: IBSS Auth started by peer " MACSTR,
-			   MAC2STR(addr));
-	}
-
-skip_reinit:
-	/* reply with an Authentication frame now, before sending an EAPOL */
-	ibss_rsn_send_auth(ibss_rsn, addr, 2);
-	/* no need to start another AUTH challenge in the other way.. */
-	ibss_rsn_peer_authenticated(ibss_rsn, peer, IBSS_RSN_AUTH_EAPOL_BY_US);
-}
-
-
-void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame,
-			  size_t len)
-{
-	const struct ieee80211_mgmt *header;
-	struct ibss_rsn_peer *peer;
-	size_t auth_length;
-
-	header = (const struct ieee80211_mgmt *) auth_frame;
-	auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth);
-
-	if (ibss_rsn == NULL || len < auth_length)
-		return;
-
-	if (le_to_host16(header->u.auth.auth_alg) != WLAN_AUTH_OPEN ||
-	    le_to_host16(header->u.auth.status_code) != WLAN_STATUS_SUCCESS)
-		return;
-
-	peer = ibss_rsn_get_peer(ibss_rsn, header->sa);
-
-	switch (le_to_host16(header->u.auth.auth_transaction)) {
-	case 1:
-		ibss_rsn_handle_auth_1_of_2(ibss_rsn, peer, header->sa);
-		break;
-	case 2:
-		wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 2) from "
-			   MACSTR, MAC2STR(header->sa));
-		if (!peer) {
-			wpa_printf(MSG_DEBUG, "RSN: Received Auth seq 2 from "
-				   "unknown STA " MACSTR, MAC2STR(header->sa));
-			break;
-		}
-
-		/* authentication has been completed */
-		eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
-		wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with " MACSTR,
-			   MAC2STR(header->sa));
-		ibss_rsn_peer_authenticated(ibss_rsn, peer,
-					    IBSS_RSN_AUTH_BY_US);
-		break;
-	}
-}
diff --git a/wpa_supplicant/ibss_rsn.h b/wpa_supplicant/ibss_rsn.h
deleted file mode 100644
index 626c543546c8..000000000000
--- a/wpa_supplicant/ibss_rsn.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * wpa_supplicant - IBSS RSN
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef IBSS_RSN_H
-#define IBSS_RSN_H
-
-struct ibss_rsn;
-
-/* not authenticated */
-#define IBSS_RSN_AUTH_NOT_AUTHENTICATED	0x00
-/* remote peer sent an EAPOL message */
-#define IBSS_RSN_AUTH_EAPOL_BY_PEER	0x01
-/* we sent an AUTH message with seq 1 */
-#define IBSS_RSN_AUTH_BY_US		0x02
-/* we sent an EAPOL message */
-#define IBSS_RSN_AUTH_EAPOL_BY_US	0x04
-/* PTK derived as supplicant */
-#define IBSS_RSN_SET_PTK_SUPP		0x08
-/* PTK derived as authenticator */
-#define IBSS_RSN_SET_PTK_AUTH		0x10
-/* PTK completion reported */
-#define IBSS_RSN_REPORTED_PTK		0x20
-
-struct ibss_rsn_peer {
-	struct ibss_rsn_peer *next;
-	struct ibss_rsn *ibss_rsn;
-
-	u8 addr[ETH_ALEN];
-
-	struct wpa_sm *supp;
-	enum wpa_states supp_state;
-	u8 supp_ie[80];
-	size_t supp_ie_len;
-
-	struct wpa_state_machine *auth;
-	int authentication_status;
-
-	struct os_reltime own_auth_tx;
-};
-
-struct ibss_rsn {
-	struct wpa_supplicant *wpa_s;
-	struct wpa_authenticator *auth_group;
-	struct ibss_rsn_peer *peers;
-	u8 psk[PMK_LEN];
-};
-
-
-struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s,
-				struct wpa_ssid *ssid);
-void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn);
-int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr);
-void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac);
-int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr,
-		      const u8 *buf, size_t len);
-void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk);
-void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame,
-			  size_t len);
-
-#endif /* IBSS_RSN_H */
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
deleted file mode 100644
index 71a5c16510d4..000000000000
--- a/wpa_supplicant/interworking.c
+++ /dev/null
@@ -1,3293 +0,0 @@
-/*
- * Interworking (IEEE 802.11u)
- * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
- * Copyright (c) 2011-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "common/ieee802_11_defs.h"
-#include "common/gas.h"
-#include "common/wpa_ctrl.h"
-#include "utils/pcsc_funcs.h"
-#include "utils/eloop.h"
-#include "drivers/driver.h"
-#include "eap_common/eap_defs.h"
-#include "eap_peer/eap.h"
-#include "eap_peer/eap_methods.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "wpa_supplicant_i.h"
-#include "config.h"
-#include "config_ssid.h"
-#include "bss.h"
-#include "scan.h"
-#include "notify.h"
-#include "driver_i.h"
-#include "gas_query.h"
-#include "hs20_supplicant.h"
-#include "interworking.h"
-
-
-#if defined(EAP_SIM) | defined(EAP_SIM_DYNAMIC)
-#define INTERWORKING_3GPP
-#else
-#if defined(EAP_AKA) | defined(EAP_AKA_DYNAMIC)
-#define INTERWORKING_3GPP
-#else
-#if defined(EAP_AKA_PRIME) | defined(EAP_AKA_PRIME_DYNAMIC)
-#define INTERWORKING_3GPP
-#endif
-#endif
-#endif
-
-static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s);
-static struct wpa_cred * interworking_credentials_available_realm(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
-	int *excluded);
-static struct wpa_cred * interworking_credentials_available_3gpp(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
-	int *excluded);
-
-
-static int cred_prio_cmp(const struct wpa_cred *a, const struct wpa_cred *b)
-{
-	if (a->priority > b->priority)
-		return 1;
-	if (a->priority < b->priority)
-		return -1;
-	if (a->provisioning_sp == NULL || b->provisioning_sp == NULL ||
-	    os_strcmp(a->provisioning_sp, b->provisioning_sp) != 0)
-		return 0;
-	if (a->sp_priority < b->sp_priority)
-		return 1;
-	if (a->sp_priority > b->sp_priority)
-		return -1;
-	return 0;
-}
-
-
-static void interworking_reconnect(struct wpa_supplicant *wpa_s)
-{
-	unsigned int tried;
-
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-	}
-	wpa_s->disconnected = 0;
-	wpa_s->reassociate = 1;
-	tried = wpa_s->interworking_fast_assoc_tried;
-	wpa_s->interworking_fast_assoc_tried = 1;
-
-	if (!tried && wpa_supplicant_fast_associate(wpa_s) >= 0)
-		return;
-
-	wpa_s->interworking_fast_assoc_tried = 0;
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-static struct wpabuf * anqp_build_req(u16 info_ids[], size_t num_ids,
-				      struct wpabuf *extra)
-{
-	struct wpabuf *buf;
-	size_t i;
-	u8 *len_pos;
-
-	buf = gas_anqp_build_initial_req(0, 4 + num_ids * 2 +
-					 (extra ? wpabuf_len(extra) : 0));
-	if (buf == NULL)
-		return NULL;
-
-	if (num_ids > 0) {
-		len_pos = gas_anqp_add_element(buf, ANQP_QUERY_LIST);
-		for (i = 0; i < num_ids; i++)
-			wpabuf_put_le16(buf, info_ids[i]);
-		gas_anqp_set_element_len(buf, len_pos);
-	}
-	if (extra)
-		wpabuf_put_buf(buf, extra);
-
-	gas_anqp_set_len(buf);
-
-	return buf;
-}
-
-
-static void interworking_anqp_resp_cb(void *ctx, const u8 *dst,
-				      u8 dialog_token,
-				      enum gas_query_result result,
-				      const struct wpabuf *adv_proto,
-				      const struct wpabuf *resp,
-				      u16 status_code)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_printf(MSG_DEBUG, "ANQP: Response callback dst=" MACSTR
-		   " dialog_token=%u result=%d status_code=%u",
-		   MAC2STR(dst), dialog_token, result, status_code);
-	anqp_resp_cb(wpa_s, dst, dialog_token, result, adv_proto, resp,
-		     status_code);
-	interworking_next_anqp_fetch(wpa_s);
-}
-
-
-static int cred_with_roaming_consortium(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_cred *cred;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->roaming_consortium_len)
-			return 1;
-		if (cred->required_roaming_consortium_len)
-			return 1;
-		if (cred->num_roaming_consortiums)
-			return 1;
-	}
-	return 0;
-}
-
-
-static int cred_with_3gpp(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_cred *cred;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->pcsc || cred->imsi)
-			return 1;
-	}
-	return 0;
-}
-
-
-static int cred_with_nai_realm(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_cred *cred;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->pcsc || cred->imsi)
-			continue;
-		if (!cred->eap_method)
-			return 1;
-		if (cred->realm)
-			return 1;
-	}
-	return 0;
-}
-
-
-static int cred_with_domain(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_cred *cred;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->domain || cred->pcsc || cred->imsi ||
-		    cred->roaming_partner)
-			return 1;
-	}
-	return 0;
-}
-
-
-#ifdef CONFIG_HS20
-
-static int cred_with_min_backhaul(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_cred *cred;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->min_dl_bandwidth_home ||
-		    cred->min_ul_bandwidth_home ||
-		    cred->min_dl_bandwidth_roaming ||
-		    cred->min_ul_bandwidth_roaming)
-			return 1;
-	}
-	return 0;
-}
-
-
-static int cred_with_conn_capab(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_cred *cred;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->num_req_conn_capab)
-			return 1;
-	}
-	return 0;
-}
-
-#endif /* CONFIG_HS20 */
-
-
-static int additional_roaming_consortiums(struct wpa_bss *bss)
-{
-	const u8 *ie;
-	ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
-	if (ie == NULL || ie[1] == 0)
-		return 0;
-	return ie[2]; /* Number of ANQP OIs */
-}
-
-
-static void interworking_continue_anqp(void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	interworking_next_anqp_fetch(wpa_s);
-}
-
-
-static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s,
-				      struct wpa_bss *bss)
-{
-	struct wpabuf *buf;
-	int ret = 0;
-	int res;
-	u16 info_ids[8];
-	size_t num_info_ids = 0;
-	struct wpabuf *extra = NULL;
-	int all = wpa_s->fetch_all_anqp;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Interworking: ANQP Query Request to " MACSTR,
-		MAC2STR(bss->bssid));
-	wpa_s->interworking_gas_bss = bss;
-
-	info_ids[num_info_ids++] = ANQP_CAPABILITY_LIST;
-	if (all) {
-		info_ids[num_info_ids++] = ANQP_VENUE_NAME;
-		info_ids[num_info_ids++] = ANQP_NETWORK_AUTH_TYPE;
-	}
-	if (all || (cred_with_roaming_consortium(wpa_s) &&
-		    additional_roaming_consortiums(bss)))
-		info_ids[num_info_ids++] = ANQP_ROAMING_CONSORTIUM;
-	if (all)
-		info_ids[num_info_ids++] = ANQP_IP_ADDR_TYPE_AVAILABILITY;
-	if (all || cred_with_nai_realm(wpa_s))
-		info_ids[num_info_ids++] = ANQP_NAI_REALM;
-	if (all || cred_with_3gpp(wpa_s)) {
-		info_ids[num_info_ids++] = ANQP_3GPP_CELLULAR_NETWORK;
-		wpa_supplicant_scard_init(wpa_s, NULL);
-	}
-	if (all || cred_with_domain(wpa_s))
-		info_ids[num_info_ids++] = ANQP_DOMAIN_NAME;
-	wpa_hexdump(MSG_DEBUG, "Interworking: ANQP Query info",
-		    (u8 *) info_ids, num_info_ids * 2);
-
-#ifdef CONFIG_HS20
-	if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
-		u8 *len_pos;
-
-		extra = wpabuf_alloc(100);
-		if (!extra)
-			return -1;
-
-		len_pos = gas_anqp_add_element(extra, ANQP_VENDOR_SPECIFIC);
-		wpabuf_put_be24(extra, OUI_WFA);
-		wpabuf_put_u8(extra, HS20_ANQP_OUI_TYPE);
-		wpabuf_put_u8(extra, HS20_STYPE_QUERY_LIST);
-		wpabuf_put_u8(extra, 0); /* Reserved */
-		wpabuf_put_u8(extra, HS20_STYPE_CAPABILITY_LIST);
-		if (all)
-			wpabuf_put_u8(extra,
-				      HS20_STYPE_OPERATOR_FRIENDLY_NAME);
-		if (all || cred_with_min_backhaul(wpa_s))
-			wpabuf_put_u8(extra, HS20_STYPE_WAN_METRICS);
-		if (all || cred_with_conn_capab(wpa_s))
-			wpabuf_put_u8(extra, HS20_STYPE_CONNECTION_CAPABILITY);
-		if (all)
-			wpabuf_put_u8(extra, HS20_STYPE_OPERATING_CLASS);
-		if (all) {
-			wpabuf_put_u8(extra, HS20_STYPE_OSU_PROVIDERS_LIST);
-			wpabuf_put_u8(extra, HS20_STYPE_OSU_PROVIDERS_NAI_LIST);
-		}
-		gas_anqp_set_element_len(extra, len_pos);
-	}
-#endif /* CONFIG_HS20 */
-
-	buf = anqp_build_req(info_ids, num_info_ids, extra);
-	wpabuf_free(extra);
-	if (buf == NULL)
-		return -1;
-
-	res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, 0, buf,
-			    interworking_anqp_resp_cb, wpa_s);
-	if (res < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
-		wpabuf_free(buf);
-		ret = -1;
-		eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s,
-				       NULL);
-	} else
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"ANQP: Query started with dialog token %u", res);
-
-	return ret;
-}
-
-
-struct nai_realm_eap {
-	u8 method;
-	u8 inner_method;
-	enum nai_realm_eap_auth_inner_non_eap inner_non_eap;
-	u8 cred_type;
-	u8 tunneled_cred_type;
-};
-
-struct nai_realm {
-	u8 encoding;
-	char *realm;
-	u8 eap_count;
-	struct nai_realm_eap *eap;
-};
-
-
-static void nai_realm_free(struct nai_realm *realms, u16 count)
-{
-	u16 i;
-
-	if (realms == NULL)
-		return;
-	for (i = 0; i < count; i++) {
-		os_free(realms[i].eap);
-		os_free(realms[i].realm);
-	}
-	os_free(realms);
-}
-
-
-static const u8 * nai_realm_parse_eap(struct nai_realm_eap *e, const u8 *pos,
-				      const u8 *end)
-{
-	u8 elen, auth_count, a;
-	const u8 *e_end;
-
-	if (end - pos < 3) {
-		wpa_printf(MSG_DEBUG, "No room for EAP Method fixed fields");
-		return NULL;
-	}
-
-	elen = *pos++;
-	if (elen > end - pos || elen < 2) {
-		wpa_printf(MSG_DEBUG, "No room for EAP Method subfield");
-		return NULL;
-	}
-	e_end = pos + elen;
-	e->method = *pos++;
-	auth_count = *pos++;
-	wpa_printf(MSG_DEBUG, "EAP Method: len=%u method=%u auth_count=%u",
-		   elen, e->method, auth_count);
-
-	for (a = 0; a < auth_count; a++) {
-		u8 id, len;
-
-		if (end - pos < 2) {
-			wpa_printf(MSG_DEBUG,
-				   "No room for Authentication Parameter subfield header");
-			return NULL;
-		}
-
-		id = *pos++;
-		len = *pos++;
-		if (len > end - pos) {
-			wpa_printf(MSG_DEBUG,
-				   "No room for Authentication Parameter subfield");
-			return NULL;
-		}
-
-		switch (id) {
-		case NAI_REALM_EAP_AUTH_NON_EAP_INNER_AUTH:
-			if (len < 1)
-				break;
-			e->inner_non_eap = *pos;
-			if (e->method != EAP_TYPE_TTLS)
-				break;
-			switch (*pos) {
-			case NAI_REALM_INNER_NON_EAP_PAP:
-				wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP");
-				break;
-			case NAI_REALM_INNER_NON_EAP_CHAP:
-				wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP");
-				break;
-			case NAI_REALM_INNER_NON_EAP_MSCHAP:
-				wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP");
-				break;
-			case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
-				wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2");
-				break;
-			}
-			break;
-		case NAI_REALM_EAP_AUTH_INNER_AUTH_EAP_METHOD:
-			if (len < 1)
-				break;
-			e->inner_method = *pos;
-			wpa_printf(MSG_DEBUG, "Inner EAP method: %u",
-				   e->inner_method);
-			break;
-		case NAI_REALM_EAP_AUTH_CRED_TYPE:
-			if (len < 1)
-				break;
-			e->cred_type = *pos;
-			wpa_printf(MSG_DEBUG, "Credential Type: %u",
-				   e->cred_type);
-			break;
-		case NAI_REALM_EAP_AUTH_TUNNELED_CRED_TYPE:
-			if (len < 1)
-				break;
-			e->tunneled_cred_type = *pos;
-			wpa_printf(MSG_DEBUG, "Tunneled EAP Method Credential "
-				   "Type: %u", e->tunneled_cred_type);
-			break;
-		default:
-			wpa_printf(MSG_DEBUG, "Unsupported Authentication "
-				   "Parameter: id=%u len=%u", id, len);
-			wpa_hexdump(MSG_DEBUG, "Authentication Parameter "
-				    "Value", pos, len);
-			break;
-		}
-
-		pos += len;
-	}
-
-	return e_end;
-}
-
-
-static const u8 * nai_realm_parse_realm(struct nai_realm *r, const u8 *pos,
-					const u8 *end)
-{
-	u16 len;
-	const u8 *f_end;
-	u8 realm_len, e;
-
-	if (end - pos < 4) {
-		wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
-			   "fixed fields");
-		return NULL;
-	}
-
-	len = WPA_GET_LE16(pos); /* NAI Realm Data field Length */
-	pos += 2;
-	if (len > end - pos || len < 3) {
-		wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
-			   "(len=%u; left=%u)",
-			   len, (unsigned int) (end - pos));
-		return NULL;
-	}
-	f_end = pos + len;
-
-	r->encoding = *pos++;
-	realm_len = *pos++;
-	if (realm_len > f_end - pos) {
-		wpa_printf(MSG_DEBUG, "No room for NAI Realm "
-			   "(len=%u; left=%u)",
-			   realm_len, (unsigned int) (f_end - pos));
-		return NULL;
-	}
-	wpa_hexdump_ascii(MSG_DEBUG, "NAI Realm", pos, realm_len);
-	r->realm = dup_binstr(pos, realm_len);
-	if (r->realm == NULL)
-		return NULL;
-	pos += realm_len;
-
-	if (f_end - pos < 1) {
-		wpa_printf(MSG_DEBUG, "No room for EAP Method Count");
-		return NULL;
-	}
-	r->eap_count = *pos++;
-	wpa_printf(MSG_DEBUG, "EAP Count: %u", r->eap_count);
-	if (r->eap_count * 3 > f_end - pos) {
-		wpa_printf(MSG_DEBUG, "No room for EAP Methods");
-		return NULL;
-	}
-	r->eap = os_calloc(r->eap_count, sizeof(struct nai_realm_eap));
-	if (r->eap == NULL)
-		return NULL;
-
-	for (e = 0; e < r->eap_count; e++) {
-		pos = nai_realm_parse_eap(&r->eap[e], pos, f_end);
-		if (pos == NULL)
-			return NULL;
-	}
-
-	return f_end;
-}
-
-
-static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count)
-{
-	struct nai_realm *realm;
-	const u8 *pos, *end;
-	u16 i, num;
-	size_t left;
-
-	if (anqp == NULL)
-		return NULL;
-	left = wpabuf_len(anqp);
-	if (left < 2)
-		return NULL;
-
-	pos = wpabuf_head_u8(anqp);
-	end = pos + left;
-	num = WPA_GET_LE16(pos);
-	wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num);
-	pos += 2;
-	left -= 2;
-
-	if (num > left / 5) {
-		wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not "
-			   "enough data (%u octets) for that many realms",
-			   num, (unsigned int) left);
-		return NULL;
-	}
-
-	realm = os_calloc(num, sizeof(struct nai_realm));
-	if (realm == NULL)
-		return NULL;
-
-	for (i = 0; i < num; i++) {
-		pos = nai_realm_parse_realm(&realm[i], pos, end);
-		if (pos == NULL) {
-			nai_realm_free(realm, num);
-			return NULL;
-		}
-	}
-
-	*count = num;
-	return realm;
-}
-
-
-static int nai_realm_match(struct nai_realm *realm, const char *home_realm)
-{
-	char *tmp, *pos, *end;
-	int match = 0;
-
-	if (realm->realm == NULL || home_realm == NULL)
-		return 0;
-
-	if (os_strchr(realm->realm, ';') == NULL)
-		return os_strcasecmp(realm->realm, home_realm) == 0;
-
-	tmp = os_strdup(realm->realm);
-	if (tmp == NULL)
-		return 0;
-
-	pos = tmp;
-	while (*pos) {
-		end = os_strchr(pos, ';');
-		if (end)
-			*end = '\0';
-		if (os_strcasecmp(pos, home_realm) == 0) {
-			match = 1;
-			break;
-		}
-		if (end == NULL)
-			break;
-		pos = end + 1;
-	}
-
-	os_free(tmp);
-
-	return match;
-}
-
-
-static int nai_realm_cred_username(struct wpa_supplicant *wpa_s,
-				   struct nai_realm_eap *eap)
-{
-	if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"nai-realm-cred-username: EAP method not supported: %d",
-			eap->method);
-		return 0; /* method not supported */
-	}
-
-	if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP &&
-	    eap->method != EAP_TYPE_FAST) {
-		/* Only tunneled methods with username/password supported */
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"nai-realm-cred-username: Method: %d is not TTLS, PEAP, or FAST",
-			eap->method);
-		return 0;
-	}
-
-	if (eap->method == EAP_TYPE_PEAP || eap->method == EAP_TYPE_FAST) {
-		if (eap->inner_method &&
-		    eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"nai-realm-cred-username: PEAP/FAST: Inner method not supported: %d",
-				eap->inner_method);
-			return 0;
-		}
-		if (!eap->inner_method &&
-		    eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"nai-realm-cred-username: MSCHAPv2 not supported");
-			return 0;
-		}
-	}
-
-	if (eap->method == EAP_TYPE_TTLS) {
-		if (eap->inner_method == 0 && eap->inner_non_eap == 0)
-			return 1; /* Assume TTLS/MSCHAPv2 is used */
-		if (eap->inner_method &&
-		    eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"nai-realm-cred-username: TTLS, but inner not supported: %d",
-				eap->inner_method);
-			return 0;
-		}
-		if (eap->inner_non_eap &&
-		    eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP &&
-		    eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP &&
-		    eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP &&
-		    eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"nai-realm-cred-username: TTLS, inner-non-eap not supported: %d",
-				eap->inner_non_eap);
-			return 0;
-		}
-	}
-
-	if (eap->inner_method &&
-	    eap->inner_method != EAP_TYPE_GTC &&
-	    eap->inner_method != EAP_TYPE_MSCHAPV2) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"nai-realm-cred-username: inner-method not GTC or MSCHAPv2: %d",
-			eap->inner_method);
-		return 0;
-	}
-
-	return 1;
-}
-
-
-static int nai_realm_cred_cert(struct wpa_supplicant *wpa_s,
-			       struct nai_realm_eap *eap)
-{
-	if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"nai-realm-cred-cert: Method not supported: %d",
-			eap->method);
-		return 0; /* method not supported */
-	}
-
-	if (eap->method != EAP_TYPE_TLS) {
-		/* Only EAP-TLS supported for credential authentication */
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"nai-realm-cred-cert: Method not TLS: %d",
-			eap->method);
-		return 0;
-	}
-
-	return 1;
-}
-
-
-static struct nai_realm_eap * nai_realm_find_eap(struct wpa_supplicant *wpa_s,
-						 struct wpa_cred *cred,
-						 struct nai_realm *realm)
-{
-	u8 e;
-
-	if (cred->username == NULL ||
-	    cred->username[0] == '\0' ||
-	    ((cred->password == NULL ||
-	      cred->password[0] == '\0') &&
-	     (cred->private_key == NULL ||
-	      cred->private_key[0] == '\0') &&
-	     (!cred->key_id || cred->key_id[0] == '\0'))) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"nai-realm-find-eap: incomplete cred info: username: %s  password: %s private_key: %s key_id: %s",
-			cred->username ? cred->username : "NULL",
-			cred->password ? cred->password : "NULL",
-			cred->private_key ? cred->private_key : "NULL",
-			cred->key_id ? cred->key_id : "NULL");
-		return NULL;
-	}
-
-	for (e = 0; e < realm->eap_count; e++) {
-		struct nai_realm_eap *eap = &realm->eap[e];
-		if (cred->password && cred->password[0] &&
-		    nai_realm_cred_username(wpa_s, eap))
-			return eap;
-		if (((cred->private_key && cred->private_key[0]) ||
-		     (cred->key_id && cred->key_id[0])) &&
-		    nai_realm_cred_cert(wpa_s, eap))
-			return eap;
-	}
-
-	return NULL;
-}
-
-
-#ifdef INTERWORKING_3GPP
-
-static int plmn_id_match(struct wpabuf *anqp, const char *imsi, int mnc_len)
-{
-	u8 plmn[3], plmn2[3];
-	const u8 *pos, *end;
-	u8 udhl;
-
-	/*
-	 * See Annex A of 3GPP TS 24.234 v8.1.0 for description. The network
-	 * operator is allowed to include only two digits of the MNC, so allow
-	 * matches based on both two and three digit MNC assumptions. Since some
-	 * SIM/USIM cards may not expose MNC length conveniently, we may be
-	 * provided the default MNC length 3 here and as such, checking with MNC
-	 * length 2 is justifiable even though 3GPP TS 24.234 does not mention
-	 * that case. Anyway, MCC/MNC pair where both 2 and 3 digit MNC is used
-	 * with otherwise matching values would not be good idea in general, so
-	 * this should not result in selecting incorrect networks.
-	 */
-	/* Match with 3 digit MNC */
-	plmn[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
-	plmn[1] = (imsi[2] - '0') | ((imsi[5] - '0') << 4);
-	plmn[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
-	/* Match with 2 digit MNC */
-	plmn2[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
-	plmn2[1] = (imsi[2] - '0') | 0xf0;
-	plmn2[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
-
-	if (anqp == NULL)
-		return 0;
-	pos = wpabuf_head_u8(anqp);
-	end = pos + wpabuf_len(anqp);
-	if (end - pos < 2)
-		return 0;
-	if (*pos != 0) {
-		wpa_printf(MSG_DEBUG, "Unsupported GUD version 0x%x", *pos);
-		return 0;
-	}
-	pos++;
-	udhl = *pos++;
-	if (udhl > end - pos) {
-		wpa_printf(MSG_DEBUG, "Invalid UDHL");
-		return 0;
-	}
-	end = pos + udhl;
-
-	wpa_printf(MSG_DEBUG, "Interworking: Matching against MCC/MNC alternatives: %02x:%02x:%02x or %02x:%02x:%02x (IMSI %s, MNC length %d)",
-		   plmn[0], plmn[1], plmn[2], plmn2[0], plmn2[1], plmn2[2],
-		   imsi, mnc_len);
-
-	while (end - pos >= 2) {
-		u8 iei, len;
-		const u8 *l_end;
-		iei = *pos++;
-		len = *pos++ & 0x7f;
-		if (len > end - pos)
-			break;
-		l_end = pos + len;
-
-		if (iei == 0 && len > 0) {
-			/* PLMN List */
-			u8 num, i;
-			wpa_hexdump(MSG_DEBUG, "Interworking: PLMN List information element",
-				    pos, len);
-			num = *pos++;
-			for (i = 0; i < num; i++) {
-				if (l_end - pos < 3)
-					break;
-				if (os_memcmp(pos, plmn, 3) == 0 ||
-				    os_memcmp(pos, plmn2, 3) == 0)
-					return 1; /* Found matching PLMN */
-				pos += 3;
-			}
-		} else {
-			wpa_hexdump(MSG_DEBUG, "Interworking: Unrecognized 3GPP information element",
-				    pos, len);
-		}
-
-		pos = l_end;
-	}
-
-	return 0;
-}
-
-
-static int build_root_nai(char *nai, size_t nai_len, const char *imsi,
-			  size_t mnc_len, char prefix)
-{
-	const char *sep, *msin;
-	char *end, *pos;
-	size_t msin_len, plmn_len;
-
-	/*
-	 * TS 23.003, Clause 14 (3GPP to WLAN Interworking)
-	 * Root NAI:
-	 * <aka:0|sim:1><IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
-	 * <MNC> is zero-padded to three digits in case two-digit MNC is used
-	 */
-
-	if (imsi == NULL || os_strlen(imsi) > 16) {
-		wpa_printf(MSG_DEBUG, "No valid IMSI available");
-		return -1;
-	}
-	sep = os_strchr(imsi, '-');
-	if (sep) {
-		plmn_len = sep - imsi;
-		msin = sep + 1;
-	} else if (mnc_len && os_strlen(imsi) >= 3 + mnc_len) {
-		plmn_len = 3 + mnc_len;
-		msin = imsi + plmn_len;
-	} else
-		return -1;
-	if (plmn_len != 5 && plmn_len != 6)
-		return -1;
-	msin_len = os_strlen(msin);
-
-	pos = nai;
-	end = nai + nai_len;
-	if (prefix)
-		*pos++ = prefix;
-	os_memcpy(pos, imsi, plmn_len);
-	pos += plmn_len;
-	os_memcpy(pos, msin, msin_len);
-	pos += msin_len;
-	pos += os_snprintf(pos, end - pos, "@wlan.mnc");
-	if (plmn_len == 5) {
-		*pos++ = '0';
-		*pos++ = imsi[3];
-		*pos++ = imsi[4];
-	} else {
-		*pos++ = imsi[3];
-		*pos++ = imsi[4];
-		*pos++ = imsi[5];
-	}
-	os_snprintf(pos, end - pos, ".mcc%c%c%c.3gppnetwork.org",
-		    imsi[0], imsi[1], imsi[2]);
-
-	return 0;
-}
-
-
-static int set_root_nai(struct wpa_ssid *ssid, const char *imsi, char prefix)
-{
-	char nai[100];
-	if (build_root_nai(nai, sizeof(nai), imsi, 0, prefix) < 0)
-		return -1;
-	return wpa_config_set_quoted(ssid, "identity", nai);
-}
-
-#endif /* INTERWORKING_3GPP */
-
-
-static int already_connected(struct wpa_supplicant *wpa_s,
-			     struct wpa_cred *cred, struct wpa_bss *bss)
-{
-	struct wpa_ssid *ssid, *sel_ssid;
-	struct wpa_bss *selected;
-
-	if (wpa_s->wpa_state < WPA_ASSOCIATED || wpa_s->current_ssid == NULL)
-		return 0;
-
-	ssid = wpa_s->current_ssid;
-	if (ssid->parent_cred != cred)
-		return 0;
-
-	if (ssid->ssid_len != bss->ssid_len ||
-	    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
-		return 0;
-
-	sel_ssid = NULL;
-	selected = wpa_supplicant_pick_network(wpa_s, &sel_ssid);
-	if (selected && sel_ssid && sel_ssid->priority > ssid->priority)
-		return 0; /* higher priority network in scan results */
-
-	return 1;
-}
-
-
-static void remove_duplicate_network(struct wpa_supplicant *wpa_s,
-				     struct wpa_cred *cred,
-				     struct wpa_bss *bss)
-{
-	struct wpa_ssid *ssid;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid->parent_cred != cred)
-			continue;
-		if (ssid->ssid_len != bss->ssid_len ||
-		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
-			continue;
-
-		break;
-	}
-
-	if (ssid == NULL)
-		return;
-
-	wpa_printf(MSG_DEBUG, "Interworking: Remove duplicate network entry for the same credential");
-
-	if (ssid == wpa_s->current_ssid) {
-		wpa_sm_set_config(wpa_s->wpa, NULL);
-		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-	}
-
-	wpas_notify_network_removed(wpa_s, ssid);
-	wpa_config_remove_network(wpa_s->conf, ssid->id);
-}
-
-
-static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid)
-{
-	const char *key_mgmt = NULL;
-#ifdef CONFIG_IEEE80211R
-	int res;
-	struct wpa_driver_capa capa;
-
-	res = wpa_drv_get_capa(wpa_s, &capa);
-	if (res == 0 && capa.key_mgmt_iftype[WPA_IF_STATION] &
-	    WPA_DRIVER_CAPA_KEY_MGMT_FT) {
-		key_mgmt = wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
-			"WPA-EAP WPA-EAP-SHA256 FT-EAP" :
-			"WPA-EAP FT-EAP";
-	}
-#endif /* CONFIG_IEEE80211R */
-
-	if (!key_mgmt)
-		key_mgmt = wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
-			"WPA-EAP WPA-EAP-SHA256" : "WPA-EAP";
-	if (wpa_config_set(ssid, "key_mgmt", key_mgmt, 0) < 0 ||
-	    wpa_config_set(ssid, "proto", "RSN", 0) < 0 ||
-	    wpa_config_set(ssid, "ieee80211w",
-			   wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_REQUIRED ?
-			   "2" : "1", 0) < 0 ||
-	    wpa_config_set(ssid, "pairwise", "CCMP", 0) < 0)
-		return -1;
-	return 0;
-}
-
-
-static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s,
-				     struct wpa_cred *cred,
-				     struct wpa_bss *bss, int only_add)
-{
-#ifdef INTERWORKING_3GPP
-	struct wpa_ssid *ssid;
-	int eap_type;
-	int res;
-	char prefix;
-
-	if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
-		return -1;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Connect with " MACSTR
-		" (3GPP)", MAC2STR(bss->bssid));
-
-	if (already_connected(wpa_s, cred, bss)) {
-		wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
-			MAC2STR(bss->bssid));
-		return wpa_s->current_ssid->id;
-	}
-
-	remove_duplicate_network(wpa_s, cred, bss);
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL)
-		return -1;
-	ssid->parent_cred = cred;
-
-	wpas_notify_network_added(wpa_s, ssid);
-	wpa_config_set_network_defaults(ssid);
-	ssid->priority = cred->priority;
-	ssid->temporary = 1;
-	ssid->ssid = os_zalloc(bss->ssid_len + 1);
-	if (ssid->ssid == NULL)
-		goto fail;
-	os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
-	ssid->ssid_len = bss->ssid_len;
-	ssid->eap.sim_num = cred->sim_num;
-
-	if (interworking_set_hs20_params(wpa_s, ssid) < 0)
-		goto fail;
-
-	eap_type = EAP_TYPE_SIM;
-	if (cred->pcsc && wpa_s->scard && scard_supports_umts(wpa_s->scard))
-		eap_type = EAP_TYPE_AKA;
-	if (cred->eap_method && cred->eap_method[0].vendor == EAP_VENDOR_IETF) {
-		if (cred->eap_method[0].method == EAP_TYPE_SIM ||
-		    cred->eap_method[0].method == EAP_TYPE_AKA ||
-		    cred->eap_method[0].method == EAP_TYPE_AKA_PRIME)
-			eap_type = cred->eap_method[0].method;
-	}
-
-	switch (eap_type) {
-	case EAP_TYPE_SIM:
-		prefix = '1';
-		res = wpa_config_set(ssid, "eap", "SIM", 0);
-		break;
-	case EAP_TYPE_AKA:
-		prefix = '0';
-		res = wpa_config_set(ssid, "eap", "AKA", 0);
-		break;
-	case EAP_TYPE_AKA_PRIME:
-		prefix = '6';
-		res = wpa_config_set(ssid, "eap", "AKA'", 0);
-		break;
-	default:
-		res = -1;
-		break;
-	}
-	if (res < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Selected EAP method (%d) not supported", eap_type);
-		goto fail;
-	}
-
-	if (!cred->pcsc && set_root_nai(ssid, cred->imsi, prefix) < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Failed to set Root NAI");
-		goto fail;
-	}
-
-	if (cred->milenage && cred->milenage[0]) {
-		if (wpa_config_set_quoted(ssid, "password",
-					  cred->milenage) < 0)
-			goto fail;
-	} else if (cred->pcsc) {
-		if (wpa_config_set_quoted(ssid, "pcsc", "") < 0)
-			goto fail;
-		if (wpa_s->conf->pcsc_pin &&
-		    wpa_config_set_quoted(ssid, "pin", wpa_s->conf->pcsc_pin)
-		    < 0)
-			goto fail;
-	}
-
-	wpa_s->next_ssid = ssid;
-	wpa_config_update_prio_list(wpa_s->conf);
-	if (!only_add)
-		interworking_reconnect(wpa_s);
-
-	return ssid->id;
-
-fail:
-	wpas_notify_network_removed(wpa_s, ssid);
-	wpa_config_remove_network(wpa_s->conf, ssid->id);
-#endif /* INTERWORKING_3GPP */
-	return -1;
-}
-
-
-static int roaming_consortium_element_match(const u8 *ie, const u8 *rc_id,
-					    size_t rc_len)
-{
-	const u8 *pos, *end;
-	u8 lens;
-
-	if (ie == NULL)
-		return 0;
-
-	pos = ie + 2;
-	end = ie + 2 + ie[1];
-
-	/* Roaming Consortium element:
-	 * Number of ANQP OIs
-	 * OI #1 and #2 lengths
-	 * OI #1, [OI #2], [OI #3]
-	 */
-
-	if (end - pos < 2)
-		return 0;
-
-	pos++; /* skip Number of ANQP OIs */
-	lens = *pos++;
-	if ((lens & 0x0f) + (lens >> 4) > end - pos)
-		return 0;
-
-	if ((lens & 0x0f) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
-		return 1;
-	pos += lens & 0x0f;
-
-	if ((lens >> 4) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
-		return 1;
-	pos += lens >> 4;
-
-	if (pos < end && (size_t) (end - pos) == rc_len &&
-	    os_memcmp(pos, rc_id, rc_len) == 0)
-		return 1;
-
-	return 0;
-}
-
-
-static int roaming_consortium_anqp_match(const struct wpabuf *anqp,
-					 const u8 *rc_id, size_t rc_len)
-{
-	const u8 *pos, *end;
-	u8 len;
-
-	if (anqp == NULL)
-		return 0;
-
-	pos = wpabuf_head(anqp);
-	end = pos + wpabuf_len(anqp);
-
-	/* Set of <OI Length, OI> duples */
-	while (pos < end) {
-		len = *pos++;
-		if (len > end - pos)
-			break;
-		if (len == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
-			return 1;
-		pos += len;
-	}
-
-	return 0;
-}
-
-
-static int roaming_consortium_match(const u8 *ie, const struct wpabuf *anqp,
-				    const u8 *rc_id, size_t rc_len)
-{
-	return roaming_consortium_element_match(ie, rc_id, rc_len) ||
-		roaming_consortium_anqp_match(anqp, rc_id, rc_len);
-}
-
-
-static int cred_roaming_consortiums_match(const u8 *ie,
-					  const struct wpabuf *anqp,
-					  const struct wpa_cred *cred)
-{
-	unsigned int i;
-
-	for (i = 0; i < cred->num_roaming_consortiums; i++) {
-		if (roaming_consortium_match(ie, anqp,
-					     cred->roaming_consortiums[i],
-					     cred->roaming_consortiums_len[i]))
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int cred_no_required_oi_match(struct wpa_cred *cred, struct wpa_bss *bss)
-{
-	const u8 *ie;
-
-	if (cred->required_roaming_consortium_len == 0)
-		return 0;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
-
-	if (ie == NULL &&
-	    (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
-		return 1;
-
-	return !roaming_consortium_match(ie,
-					 bss->anqp ?
-					 bss->anqp->roaming_consortium : NULL,
-					 cred->required_roaming_consortium,
-					 cred->required_roaming_consortium_len);
-}
-
-
-static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss)
-{
-	size_t i;
-
-	if (!cred->excluded_ssid)
-		return 0;
-
-	for (i = 0; i < cred->num_excluded_ssid; i++) {
-		struct excluded_ssid *e = &cred->excluded_ssid[i];
-		if (bss->ssid_len == e->ssid_len &&
-		    os_memcmp(bss->ssid, e->ssid, e->ssid_len) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int cred_below_min_backhaul(struct wpa_supplicant *wpa_s,
-				   struct wpa_cred *cred, struct wpa_bss *bss)
-{
-#ifdef CONFIG_HS20
-	int res;
-	unsigned int dl_bandwidth, ul_bandwidth;
-	const u8 *wan;
-	u8 wan_info, dl_load, ul_load;
-	u16 lmd;
-	u32 ul_speed, dl_speed;
-
-	if (!cred->min_dl_bandwidth_home &&
-	    !cred->min_ul_bandwidth_home &&
-	    !cred->min_dl_bandwidth_roaming &&
-	    !cred->min_ul_bandwidth_roaming)
-		return 0; /* No bandwidth constraint specified */
-
-	if (bss->anqp == NULL || bss->anqp->hs20_wan_metrics == NULL)
-		return 0; /* No WAN Metrics known - ignore constraint */
-
-	wan = wpabuf_head(bss->anqp->hs20_wan_metrics);
-	wan_info = wan[0];
-	if (wan_info & BIT(3))
-		return 1; /* WAN link at capacity */
-	lmd = WPA_GET_LE16(wan + 11);
-	if (lmd == 0)
-		return 0; /* Downlink/Uplink Load was not measured */
-	dl_speed = WPA_GET_LE32(wan + 1);
-	ul_speed = WPA_GET_LE32(wan + 5);
-	dl_load = wan[9];
-	ul_load = wan[10];
-
-	if (dl_speed >= 0xffffff)
-		dl_bandwidth = dl_speed / 255 * (255 - dl_load);
-	else
-		dl_bandwidth = dl_speed * (255 - dl_load) / 255;
-
-	if (ul_speed >= 0xffffff)
-		ul_bandwidth = ul_speed / 255 * (255 - ul_load);
-	else
-		ul_bandwidth = ul_speed * (255 - ul_load) / 255;
-
-	res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
-					bss->anqp->domain_name : NULL);
-	if (res > 0) {
-		if (cred->min_dl_bandwidth_home > dl_bandwidth)
-			return 1;
-		if (cred->min_ul_bandwidth_home > ul_bandwidth)
-			return 1;
-	} else {
-		if (cred->min_dl_bandwidth_roaming > dl_bandwidth)
-			return 1;
-		if (cred->min_ul_bandwidth_roaming > ul_bandwidth)
-			return 1;
-	}
-#endif /* CONFIG_HS20 */
-
-	return 0;
-}
-
-
-static int cred_over_max_bss_load(struct wpa_supplicant *wpa_s,
-				  struct wpa_cred *cred, struct wpa_bss *bss)
-{
-	const u8 *ie;
-	int res;
-
-	if (!cred->max_bss_load)
-		return 0; /* No BSS Load constraint specified */
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_BSS_LOAD);
-	if (ie == NULL || ie[1] < 3)
-		return 0; /* No BSS Load advertised */
-
-	res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
-					bss->anqp->domain_name : NULL);
-	if (res <= 0)
-		return 0; /* Not a home network */
-
-	return ie[4] > cred->max_bss_load;
-}
-
-
-#ifdef CONFIG_HS20
-
-static int has_proto_match(const u8 *pos, const u8 *end, u8 proto)
-{
-	while (end - pos >= 4) {
-		if (pos[0] == proto && pos[3] == 1 /* Open */)
-			return 1;
-		pos += 4;
-	}
-
-	return 0;
-}
-
-
-static int has_proto_port_match(const u8 *pos, const u8 *end, u8 proto,
-				u16 port)
-{
-	while (end - pos >= 4) {
-		if (pos[0] == proto && WPA_GET_LE16(&pos[1]) == port &&
-		    pos[3] == 1 /* Open */)
-			return 1;
-		pos += 4;
-	}
-
-	return 0;
-}
-
-#endif /* CONFIG_HS20 */
-
-
-static int cred_conn_capab_missing(struct wpa_supplicant *wpa_s,
-				   struct wpa_cred *cred, struct wpa_bss *bss)
-{
-#ifdef CONFIG_HS20
-	int res;
-	const u8 *capab, *end;
-	unsigned int i, j;
-	int *ports;
-
-	if (!cred->num_req_conn_capab)
-		return 0; /* No connection capability constraint specified */
-
-	if (bss->anqp == NULL || bss->anqp->hs20_connection_capability == NULL)
-		return 0; /* No Connection Capability known - ignore constraint
-			   */
-
-	res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
-					bss->anqp->domain_name : NULL);
-	if (res > 0)
-		return 0; /* No constraint in home network */
-
-	capab = wpabuf_head(bss->anqp->hs20_connection_capability);
-	end = capab + wpabuf_len(bss->anqp->hs20_connection_capability);
-
-	for (i = 0; i < cred->num_req_conn_capab; i++) {
-		ports = cred->req_conn_capab_port[i];
-		if (!ports) {
-			if (!has_proto_match(capab, end,
-					     cred->req_conn_capab_proto[i]))
-				return 1;
-		} else {
-			for (j = 0; ports[j] > -1; j++) {
-				if (!has_proto_port_match(
-					    capab, end,
-					    cred->req_conn_capab_proto[i],
-					    ports[j]))
-					return 1;
-			}
-		}
-	}
-#endif /* CONFIG_HS20 */
-
-	return 0;
-}
-
-
-static struct wpa_cred * interworking_credentials_available_roaming_consortium(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
-	int *excluded)
-{
-	struct wpa_cred *cred, *selected = NULL;
-	const u8 *ie;
-	const struct wpabuf *anqp;
-	int is_excluded = 0;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
-	anqp = bss->anqp ? bss->anqp->roaming_consortium : NULL;
-
-	if (!ie && !anqp)
-		return NULL;
-
-	if (wpa_s->conf->cred == NULL)
-		return NULL;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->roaming_consortium_len == 0 &&
-		    cred->num_roaming_consortiums == 0)
-			continue;
-
-		if (!cred->eap_method)
-			continue;
-
-		if ((cred->roaming_consortium_len == 0 ||
-		     !roaming_consortium_match(ie, anqp,
-					       cred->roaming_consortium,
-					       cred->roaming_consortium_len)) &&
-		    !cred_roaming_consortiums_match(ie, anqp, cred) &&
-		    (cred->required_roaming_consortium_len == 0 ||
-		     !roaming_consortium_match(
-			     ie, anqp, cred->required_roaming_consortium,
-			     cred->required_roaming_consortium_len)))
-			continue;
-
-		if (cred_no_required_oi_match(cred, bss))
-			continue;
-		if (!ignore_bw && cred_below_min_backhaul(wpa_s, cred, bss))
-			continue;
-		if (!ignore_bw && cred_over_max_bss_load(wpa_s, cred, bss))
-			continue;
-		if (!ignore_bw && cred_conn_capab_missing(wpa_s, cred, bss))
-			continue;
-		if (cred_excluded_ssid(cred, bss)) {
-			if (excluded == NULL)
-				continue;
-			if (selected == NULL) {
-				selected = cred;
-				is_excluded = 1;
-			}
-		} else {
-			if (selected == NULL || is_excluded ||
-			    cred_prio_cmp(selected, cred) < 0) {
-				selected = cred;
-				is_excluded = 0;
-			}
-		}
-	}
-
-	if (excluded)
-		*excluded = is_excluded;
-
-	return selected;
-}
-
-
-static int interworking_set_eap_params(struct wpa_ssid *ssid,
-				       struct wpa_cred *cred, int ttls)
-{
-	if (cred->eap_method) {
-		ttls = cred->eap_method->vendor == EAP_VENDOR_IETF &&
-			cred->eap_method->method == EAP_TYPE_TTLS;
-
-		os_free(ssid->eap.eap_methods);
-		ssid->eap.eap_methods =
-			os_malloc(sizeof(struct eap_method_type) * 2);
-		if (ssid->eap.eap_methods == NULL)
-			return -1;
-		os_memcpy(ssid->eap.eap_methods, cred->eap_method,
-			  sizeof(*cred->eap_method));
-		ssid->eap.eap_methods[1].vendor = EAP_VENDOR_IETF;
-		ssid->eap.eap_methods[1].method = EAP_TYPE_NONE;
-	}
-
-	if (ttls && cred->username && cred->username[0]) {
-		const char *pos;
-		char *anon;
-		/* Use anonymous NAI in Phase 1 */
-		pos = os_strchr(cred->username, '@');
-		if (pos) {
-			size_t buflen = 9 + os_strlen(pos) + 1;
-			anon = os_malloc(buflen);
-			if (anon == NULL)
-				return -1;
-			os_snprintf(anon, buflen, "anonymous%s", pos);
-		} else if (cred->realm) {
-			size_t buflen = 10 + os_strlen(cred->realm) + 1;
-			anon = os_malloc(buflen);
-			if (anon == NULL)
-				return -1;
-			os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
-		} else {
-			anon = os_strdup("anonymous");
-			if (anon == NULL)
-				return -1;
-		}
-		if (wpa_config_set_quoted(ssid, "anonymous_identity", anon) <
-		    0) {
-			os_free(anon);
-			return -1;
-		}
-		os_free(anon);
-	}
-
-	if (!ttls && cred->username && cred->username[0] && cred->realm &&
-	    !os_strchr(cred->username, '@')) {
-		char *id;
-		size_t buflen;
-		int res;
-
-		buflen = os_strlen(cred->username) + 1 +
-			os_strlen(cred->realm) + 1;
-
-		id = os_malloc(buflen);
-		if (!id)
-			return -1;
-		os_snprintf(id, buflen, "%s@%s", cred->username, cred->realm);
-		res = wpa_config_set_quoted(ssid, "identity", id);
-		os_free(id);
-		if (res < 0)
-			return -1;
-	} else if (cred->username && cred->username[0] &&
-	    wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
-		return -1;
-
-	if (cred->password && cred->password[0]) {
-		if (cred->ext_password &&
-		    wpa_config_set(ssid, "password", cred->password, 0) < 0)
-			return -1;
-		if (!cred->ext_password &&
-		    wpa_config_set_quoted(ssid, "password", cred->password) <
-		    0)
-			return -1;
-	}
-
-	if (cred->client_cert && cred->client_cert[0] &&
-	    wpa_config_set_quoted(ssid, "client_cert", cred->client_cert) < 0)
-		return -1;
-
-#ifdef ANDROID
-	if (cred->private_key &&
-	    os_strncmp(cred->private_key, "keystore://", 11) == 0) {
-		/* Use OpenSSL engine configuration for Android keystore */
-		if (wpa_config_set_quoted(ssid, "engine_id", "keystore") < 0 ||
-		    wpa_config_set_quoted(ssid, "key_id",
-					  cred->private_key + 11) < 0 ||
-		    wpa_config_set(ssid, "engine", "1", 0) < 0)
-			return -1;
-	} else
-#endif /* ANDROID */
-	if (cred->private_key && cred->private_key[0] &&
-	    wpa_config_set_quoted(ssid, "private_key", cred->private_key) < 0)
-		return -1;
-
-	if (cred->private_key_passwd && cred->private_key_passwd[0] &&
-	    wpa_config_set_quoted(ssid, "private_key_passwd",
-				  cred->private_key_passwd) < 0)
-		return -1;
-
-	if (cred->ca_cert_id && cred->ca_cert_id[0] &&
-	    wpa_config_set_quoted(ssid, "ca_cert_id", cred->ca_cert_id) < 0)
-		return -1;
-
-	if (cred->cert_id && cred->cert_id[0] &&
-	    wpa_config_set_quoted(ssid, "cert_id", cred->cert_id) < 0)
-		return -1;
-
-	if (cred->key_id && cred->key_id[0] &&
-	    wpa_config_set_quoted(ssid, "key_id", cred->key_id) < 0)
-		return -1;
-
-	if (cred->engine_id && cred->engine_id[0] &&
-	    wpa_config_set_quoted(ssid, "engine_id", cred->engine_id) < 0)
-		return -1;
-
-	ssid->eap.cert.engine = cred->engine;
-
-	if (cred->phase1) {
-		os_free(ssid->eap.phase1);
-		ssid->eap.phase1 = os_strdup(cred->phase1);
-	}
-	if (cred->phase2) {
-		os_free(ssid->eap.phase2);
-		ssid->eap.phase2 = os_strdup(cred->phase2);
-	}
-
-	if (cred->ca_cert && cred->ca_cert[0] &&
-	    wpa_config_set_quoted(ssid, "ca_cert", cred->ca_cert) < 0)
-		return -1;
-
-	if (cred->domain_suffix_match && cred->domain_suffix_match[0] &&
-	    wpa_config_set_quoted(ssid, "domain_suffix_match",
-				  cred->domain_suffix_match) < 0)
-		return -1;
-
-	ssid->eap.cert.ocsp = cred->ocsp;
-
-	return 0;
-}
-
-
-static int interworking_connect_roaming_consortium(
-	struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
-	struct wpa_bss *bss, int only_add)
-{
-	struct wpa_ssid *ssid;
-	const u8 *ie;
-	const struct wpabuf *anqp;
-	unsigned int i;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Connect with " MACSTR
-		" based on roaming consortium match", MAC2STR(bss->bssid));
-
-	if (already_connected(wpa_s, cred, bss)) {
-		wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
-			MAC2STR(bss->bssid));
-		return wpa_s->current_ssid->id;
-	}
-
-	remove_duplicate_network(wpa_s, cred, bss);
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL)
-		return -1;
-	ssid->parent_cred = cred;
-	wpas_notify_network_added(wpa_s, ssid);
-	wpa_config_set_network_defaults(ssid);
-	ssid->priority = cred->priority;
-	ssid->temporary = 1;
-	ssid->ssid = os_zalloc(bss->ssid_len + 1);
-	if (ssid->ssid == NULL)
-		goto fail;
-	os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
-	ssid->ssid_len = bss->ssid_len;
-
-	if (interworking_set_hs20_params(wpa_s, ssid) < 0)
-		goto fail;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
-	anqp = bss->anqp ? bss->anqp->roaming_consortium : NULL;
-	for (i = 0; (ie || anqp) && i < cred->num_roaming_consortiums; i++) {
-		if (!roaming_consortium_match(
-			    ie, anqp, cred->roaming_consortiums[i],
-			    cred->roaming_consortiums_len[i]))
-			continue;
-
-		ssid->roaming_consortium_selection =
-			os_malloc(cred->roaming_consortiums_len[i]);
-		if (!ssid->roaming_consortium_selection)
-			goto fail;
-		os_memcpy(ssid->roaming_consortium_selection,
-			  cred->roaming_consortiums[i],
-			  cred->roaming_consortiums_len[i]);
-		ssid->roaming_consortium_selection_len =
-			cred->roaming_consortiums_len[i];
-		break;
-	}
-
-	if (cred->eap_method == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: No EAP method set for credential using roaming consortium");
-		goto fail;
-	}
-
-	if (interworking_set_eap_params(
-		    ssid, cred,
-		    cred->eap_method->vendor == EAP_VENDOR_IETF &&
-		    cred->eap_method->method == EAP_TYPE_TTLS) < 0)
-		goto fail;
-
-	wpa_s->next_ssid = ssid;
-	wpa_config_update_prio_list(wpa_s->conf);
-	if (!only_add)
-		interworking_reconnect(wpa_s);
-
-	return ssid->id;
-
-fail:
-	wpas_notify_network_removed(wpa_s, ssid);
-	wpa_config_remove_network(wpa_s->conf, ssid->id);
-	return -1;
-}
-
-
-int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			 int only_add)
-{
-	struct wpa_cred *cred, *cred_rc, *cred_3gpp;
-	struct wpa_ssid *ssid;
-	struct nai_realm *realm;
-	struct nai_realm_eap *eap = NULL;
-	u16 count, i;
-	char buf[100];
-	int excluded = 0, *excl = &excluded;
-	const char *name;
-
-	if (wpa_s->conf->cred == NULL || bss == NULL)
-		return -1;
-	if (disallowed_bssid(wpa_s, bss->bssid) ||
-	    disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Reject connection to disallowed BSS "
-			MACSTR, MAC2STR(bss->bssid));
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "Interworking: Considering BSS " MACSTR
-		   " for connection",
-		   MAC2STR(bss->bssid));
-
-	if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
-		/*
-		 * We currently support only HS 2.0 networks and those are
-		 * required to use WPA2-Enterprise.
-		 */
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Network does not use RSN");
-		return -1;
-	}
-
-	cred_rc = interworking_credentials_available_roaming_consortium(
-		wpa_s, bss, 0, excl);
-	if (cred_rc) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Highest roaming consortium matching credential priority %d sp_priority %d",
-			cred_rc->priority, cred_rc->sp_priority);
-		if (excl && !(*excl))
-			excl = NULL;
-	}
-
-	cred = interworking_credentials_available_realm(wpa_s, bss, 0, excl);
-	if (cred) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Highest NAI Realm list matching credential priority %d sp_priority %d",
-			cred->priority, cred->sp_priority);
-		if (excl && !(*excl))
-			excl = NULL;
-	}
-
-	cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss, 0,
-							    excl);
-	if (cred_3gpp) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Highest 3GPP matching credential priority %d sp_priority %d",
-			cred_3gpp->priority, cred_3gpp->sp_priority);
-		if (excl && !(*excl))
-			excl = NULL;
-	}
-
-	if (!cred_rc && !cred && !cred_3gpp) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: No full credential matches - consider options without BW(etc.) limits");
-		cred_rc = interworking_credentials_available_roaming_consortium(
-			wpa_s, bss, 1, excl);
-		if (cred_rc) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Highest roaming consortium matching credential priority %d sp_priority %d (ignore BW)",
-				cred_rc->priority, cred_rc->sp_priority);
-			if (excl && !(*excl))
-				excl = NULL;
-		}
-
-		cred = interworking_credentials_available_realm(wpa_s, bss, 1,
-								excl);
-		if (cred) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Highest NAI Realm list matching credential priority %d sp_priority %d (ignore BW)",
-				cred->priority, cred->sp_priority);
-			if (excl && !(*excl))
-				excl = NULL;
-		}
-
-		cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss,
-								    1, excl);
-		if (cred_3gpp) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Highest 3GPP matching credential priority %d sp_priority %d (ignore BW)",
-				cred_3gpp->priority, cred_3gpp->sp_priority);
-			if (excl && !(*excl))
-				excl = NULL;
-		}
-	}
-
-	if (cred_rc &&
-	    (cred == NULL || cred_prio_cmp(cred_rc, cred) >= 0) &&
-	    (cred_3gpp == NULL || cred_prio_cmp(cred_rc, cred_3gpp) >= 0))
-		return interworking_connect_roaming_consortium(wpa_s, cred_rc,
-							       bss, only_add);
-
-	if (cred_3gpp &&
-	    (cred == NULL || cred_prio_cmp(cred_3gpp, cred) >= 0)) {
-		return interworking_connect_3gpp(wpa_s, cred_3gpp, bss,
-						 only_add);
-	}
-
-	if (cred == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: No matching credentials found for "
-			MACSTR, MAC2STR(bss->bssid));
-		return -1;
-	}
-
-	realm = nai_realm_parse(bss->anqp ? bss->anqp->nai_realm : NULL,
-				&count);
-	if (realm == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Could not parse NAI Realm list from "
-			MACSTR, MAC2STR(bss->bssid));
-		return -1;
-	}
-
-	for (i = 0; i < count; i++) {
-		if (!nai_realm_match(&realm[i], cred->realm))
-			continue;
-		eap = nai_realm_find_eap(wpa_s, cred, &realm[i]);
-		if (eap)
-			break;
-	}
-
-	if (!eap) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: No matching credentials and EAP method found for "
-			MACSTR, MAC2STR(bss->bssid));
-		nai_realm_free(realm, count);
-		return -1;
-	}
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Connect with " MACSTR,
-		MAC2STR(bss->bssid));
-
-	if (already_connected(wpa_s, cred, bss)) {
-		wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
-			MAC2STR(bss->bssid));
-		nai_realm_free(realm, count);
-		return 0;
-	}
-
-	remove_duplicate_network(wpa_s, cred, bss);
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL) {
-		nai_realm_free(realm, count);
-		return -1;
-	}
-	ssid->parent_cred = cred;
-	wpas_notify_network_added(wpa_s, ssid);
-	wpa_config_set_network_defaults(ssid);
-	ssid->priority = cred->priority;
-	ssid->temporary = 1;
-	ssid->ssid = os_zalloc(bss->ssid_len + 1);
-	if (ssid->ssid == NULL)
-		goto fail;
-	os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
-	ssid->ssid_len = bss->ssid_len;
-
-	if (interworking_set_hs20_params(wpa_s, ssid) < 0)
-		goto fail;
-
-	if (wpa_config_set(ssid, "eap", eap_get_name(EAP_VENDOR_IETF,
-						     eap->method), 0) < 0)
-		goto fail;
-
-	switch (eap->method) {
-	case EAP_TYPE_TTLS:
-		if (eap->inner_method) {
-			name = eap_get_name(EAP_VENDOR_IETF, eap->inner_method);
-			if (!name)
-				goto fail;
-			os_snprintf(buf, sizeof(buf), "\"autheap=%s\"", name);
-			if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
-				goto fail;
-			break;
-		}
-		switch (eap->inner_non_eap) {
-		case NAI_REALM_INNER_NON_EAP_PAP:
-			if (wpa_config_set(ssid, "phase2", "\"auth=PAP\"", 0) <
-			    0)
-				goto fail;
-			break;
-		case NAI_REALM_INNER_NON_EAP_CHAP:
-			if (wpa_config_set(ssid, "phase2", "\"auth=CHAP\"", 0)
-			    < 0)
-				goto fail;
-			break;
-		case NAI_REALM_INNER_NON_EAP_MSCHAP:
-			if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAP\"",
-					   0) < 0)
-				goto fail;
-			break;
-		case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
-			if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
-					   0) < 0)
-				goto fail;
-			break;
-		default:
-			/* EAP params were not set - assume TTLS/MSCHAPv2 */
-			if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
-					   0) < 0)
-				goto fail;
-			break;
-		}
-		break;
-	case EAP_TYPE_PEAP:
-	case EAP_TYPE_FAST:
-		if (wpa_config_set(ssid, "phase1", "\"fast_provisioning=2\"",
-				   0) < 0)
-			goto fail;
-		if (wpa_config_set(ssid, "pac_file",
-				   "\"blob://pac_interworking\"", 0) < 0)
-			goto fail;
-		name = eap_get_name(EAP_VENDOR_IETF,
-				    eap->inner_method ? eap->inner_method :
-				    EAP_TYPE_MSCHAPV2);
-		if (name == NULL)
-			goto fail;
-		os_snprintf(buf, sizeof(buf), "\"auth=%s\"", name);
-		if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
-			goto fail;
-		break;
-	case EAP_TYPE_TLS:
-		break;
-	}
-
-	if (interworking_set_eap_params(ssid, cred,
-					eap->method == EAP_TYPE_TTLS) < 0)
-		goto fail;
-
-	nai_realm_free(realm, count);
-
-	wpa_s->next_ssid = ssid;
-	wpa_config_update_prio_list(wpa_s->conf);
-	if (!only_add)
-		interworking_reconnect(wpa_s);
-
-	return ssid->id;
-
-fail:
-	wpas_notify_network_removed(wpa_s, ssid);
-	wpa_config_remove_network(wpa_s->conf, ssid->id);
-	nai_realm_free(realm, count);
-	return -1;
-}
-
-
-#ifdef PCSC_FUNCS
-static int interworking_pcsc_read_imsi(struct wpa_supplicant *wpa_s)
-{
-	size_t len;
-
-	if (wpa_s->imsi[0] && wpa_s->mnc_len)
-		return 0;
-
-	len = sizeof(wpa_s->imsi) - 1;
-	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
-		scard_deinit(wpa_s->scard);
-		wpa_s->scard = NULL;
-		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
-		return -1;
-	}
-	wpa_s->imsi[len] = '\0';
-	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
-	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
-		   wpa_s->imsi, wpa_s->mnc_len);
-
-	return 0;
-}
-#endif /* PCSC_FUNCS */
-
-
-static struct wpa_cred * interworking_credentials_available_3gpp(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
-	int *excluded)
-{
-	struct wpa_cred *selected = NULL;
-#ifdef INTERWORKING_3GPP
-	struct wpa_cred *cred;
-	int ret;
-	int is_excluded = 0;
-
-	if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"interworking-avail-3gpp: not avail, anqp: %p  anqp_3gpp: %p",
-			bss->anqp, bss->anqp ? bss->anqp->anqp_3gpp : NULL);
-		return NULL;
-	}
-
-#ifdef CONFIG_EAP_PROXY
-	if (!wpa_s->imsi[0]) {
-		size_t len;
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: IMSI not available - try to read again through eap_proxy");
-		wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
-							     wpa_s->imsi,
-							     &len);
-		if (wpa_s->mnc_len > 0) {
-			wpa_s->imsi[len] = '\0';
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"eap_proxy: IMSI %s (MNC length %d)",
-				wpa_s->imsi, wpa_s->mnc_len);
-		} else {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"eap_proxy: IMSI not available");
-		}
-	}
-#endif /* CONFIG_EAP_PROXY */
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		char *sep;
-		const char *imsi;
-		int mnc_len;
-		char imsi_buf[16];
-		size_t msin_len;
-
-#ifdef PCSC_FUNCS
-		if (cred->pcsc && wpa_s->scard) {
-			if (interworking_pcsc_read_imsi(wpa_s) < 0)
-				continue;
-			imsi = wpa_s->imsi;
-			mnc_len = wpa_s->mnc_len;
-			goto compare;
-		}
-#endif /* PCSC_FUNCS */
-#ifdef CONFIG_EAP_PROXY
-		if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
-			imsi = wpa_s->imsi;
-			mnc_len = wpa_s->mnc_len;
-			goto compare;
-		}
-#endif /* CONFIG_EAP_PROXY */
-
-		if (cred->imsi == NULL || !cred->imsi[0] ||
-		    (!wpa_s->conf->external_sim &&
-		     (cred->milenage == NULL || !cred->milenage[0])))
-			continue;
-
-		sep = os_strchr(cred->imsi, '-');
-		if (sep == NULL ||
-		    (sep - cred->imsi != 5 && sep - cred->imsi != 6))
-			continue;
-		mnc_len = sep - cred->imsi - 3;
-		os_memcpy(imsi_buf, cred->imsi, 3 + mnc_len);
-		sep++;
-		msin_len = os_strlen(cred->imsi);
-		if (3 + mnc_len + msin_len >= sizeof(imsi_buf) - 1)
-			msin_len = sizeof(imsi_buf) - 3 - mnc_len - 1;
-		os_memcpy(&imsi_buf[3 + mnc_len], sep, msin_len);
-		imsi_buf[3 + mnc_len + msin_len] = '\0';
-		imsi = imsi_buf;
-
-#if defined(PCSC_FUNCS) || defined(CONFIG_EAP_PROXY)
-	compare:
-#endif /* PCSC_FUNCS || CONFIG_EAP_PROXY */
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Parsing 3GPP info from " MACSTR,
-			MAC2STR(bss->bssid));
-		ret = plmn_id_match(bss->anqp->anqp_3gpp, imsi, mnc_len);
-		wpa_msg(wpa_s, MSG_DEBUG, "PLMN match %sfound",
-			ret ? "" : "not ");
-		if (ret) {
-			if (cred_no_required_oi_match(cred, bss))
-				continue;
-			if (!ignore_bw &&
-			    cred_below_min_backhaul(wpa_s, cred, bss))
-				continue;
-			if (!ignore_bw &&
-			    cred_over_max_bss_load(wpa_s, cred, bss))
-				continue;
-			if (!ignore_bw &&
-			    cred_conn_capab_missing(wpa_s, cred, bss))
-				continue;
-			if (cred_excluded_ssid(cred, bss)) {
-				if (excluded == NULL)
-					continue;
-				if (selected == NULL) {
-					selected = cred;
-					is_excluded = 1;
-				}
-			} else {
-				if (selected == NULL || is_excluded ||
-				    cred_prio_cmp(selected, cred) < 0) {
-					selected = cred;
-					is_excluded = 0;
-				}
-			}
-		}
-	}
-
-	if (excluded)
-		*excluded = is_excluded;
-#endif /* INTERWORKING_3GPP */
-	return selected;
-}
-
-
-static struct wpa_cred * interworking_credentials_available_realm(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
-	int *excluded)
-{
-	struct wpa_cred *cred, *selected = NULL;
-	struct nai_realm *realm;
-	u16 count, i;
-	int is_excluded = 0;
-
-	if (bss->anqp == NULL || bss->anqp->nai_realm == NULL)
-		return NULL;
-
-	if (wpa_s->conf->cred == NULL)
-		return NULL;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Parsing NAI Realm list from "
-		MACSTR, MAC2STR(bss->bssid));
-	realm = nai_realm_parse(bss->anqp->nai_realm, &count);
-	if (realm == NULL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Could not parse NAI Realm list from "
-			MACSTR, MAC2STR(bss->bssid));
-		return NULL;
-	}
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		if (cred->realm == NULL)
-			continue;
-
-		for (i = 0; i < count; i++) {
-			if (!nai_realm_match(&realm[i], cred->realm))
-				continue;
-			if (nai_realm_find_eap(wpa_s, cred, &realm[i])) {
-				if (cred_no_required_oi_match(cred, bss))
-					continue;
-				if (!ignore_bw &&
-				    cred_below_min_backhaul(wpa_s, cred, bss))
-					continue;
-				if (!ignore_bw &&
-				    cred_over_max_bss_load(wpa_s, cred, bss))
-					continue;
-				if (!ignore_bw &&
-				    cred_conn_capab_missing(wpa_s, cred, bss))
-					continue;
-				if (cred_excluded_ssid(cred, bss)) {
-					if (excluded == NULL)
-						continue;
-					if (selected == NULL) {
-						selected = cred;
-						is_excluded = 1;
-					}
-				} else {
-					if (selected == NULL || is_excluded ||
-					    cred_prio_cmp(selected, cred) < 0)
-					{
-						selected = cred;
-						is_excluded = 0;
-					}
-				}
-				break;
-			} else {
-				wpa_msg(wpa_s, MSG_DEBUG,
-					"Interworking: realm-find-eap returned false");
-			}
-		}
-	}
-
-	nai_realm_free(realm, count);
-
-	if (excluded)
-		*excluded = is_excluded;
-
-	return selected;
-}
-
-
-static struct wpa_cred * interworking_credentials_available_helper(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
-	int *excluded)
-{
-	struct wpa_cred *cred, *cred2;
-	int excluded1, excluded2 = 0;
-
-	if (disallowed_bssid(wpa_s, bss->bssid) ||
-	    disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
-		wpa_printf(MSG_DEBUG, "Interworking: Ignore disallowed BSS "
-			   MACSTR, MAC2STR(bss->bssid));
-		return NULL;
-	}
-
-	cred = interworking_credentials_available_realm(wpa_s, bss, ignore_bw,
-							&excluded1);
-	cred2 = interworking_credentials_available_3gpp(wpa_s, bss, ignore_bw,
-							&excluded2);
-	if (cred && cred2 &&
-	    (cred_prio_cmp(cred2, cred) >= 0 || (!excluded2 && excluded1))) {
-		cred = cred2;
-		excluded1 = excluded2;
-	}
-	if (!cred) {
-		cred = cred2;
-		excluded1 = excluded2;
-	}
-
-	cred2 = interworking_credentials_available_roaming_consortium(
-		wpa_s, bss, ignore_bw, &excluded2);
-	if (cred && cred2 &&
-	    (cred_prio_cmp(cred2, cred) >= 0 || (!excluded2 && excluded1))) {
-		cred = cred2;
-		excluded1 = excluded2;
-	}
-	if (!cred) {
-		cred = cred2;
-		excluded1 = excluded2;
-	}
-
-	if (excluded)
-		*excluded = excluded1;
-	return cred;
-}
-
-
-static struct wpa_cred * interworking_credentials_available(
-	struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int *excluded)
-{
-	struct wpa_cred *cred;
-
-	if (excluded)
-		*excluded = 0;
-	cred = interworking_credentials_available_helper(wpa_s, bss, 0,
-							 excluded);
-	if (cred)
-		return cred;
-	return interworking_credentials_available_helper(wpa_s, bss, 1,
-							 excluded);
-}
-
-
-int domain_name_list_contains(struct wpabuf *domain_names,
-			      const char *domain, int exact_match)
-{
-	const u8 *pos, *end;
-	size_t len;
-
-	len = os_strlen(domain);
-	pos = wpabuf_head(domain_names);
-	end = pos + wpabuf_len(domain_names);
-
-	while (end - pos > 1) {
-		u8 elen;
-
-		elen = *pos++;
-		if (elen > end - pos)
-			break;
-
-		wpa_hexdump_ascii(MSG_DEBUG, "Interworking: AP domain name",
-				  pos, elen);
-		if (elen == len &&
-		    os_strncasecmp(domain, (const char *) pos, len) == 0)
-			return 1;
-		if (!exact_match && elen > len && pos[elen - len - 1] == '.') {
-			const char *ap = (const char *) pos;
-			int offset = elen - len;
-
-			if (os_strncasecmp(domain, ap + offset, len) == 0)
-				return 1;
-		}
-
-		pos += elen;
-	}
-
-	return 0;
-}
-
-
-int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
-			      struct wpa_cred *cred,
-			      struct wpabuf *domain_names)
-{
-	size_t i;
-	int ret = -1;
-#ifdef INTERWORKING_3GPP
-	char nai[100], *realm;
-
-	char *imsi = NULL;
-	int mnc_len = 0;
-	if (cred->imsi)
-		imsi = cred->imsi;
-#ifdef PCSC_FUNCS
-	else if (cred->pcsc && wpa_s->scard) {
-		if (interworking_pcsc_read_imsi(wpa_s) < 0)
-			return -1;
-		imsi = wpa_s->imsi;
-		mnc_len = wpa_s->mnc_len;
-	}
-#endif /* PCSC_FUNCS */
-#ifdef CONFIG_EAP_PROXY
-	else if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
-		imsi = wpa_s->imsi;
-		mnc_len = wpa_s->mnc_len;
-	}
-#endif /* CONFIG_EAP_PROXY */
-	if (domain_names &&
-	    imsi && build_root_nai(nai, sizeof(nai), imsi, mnc_len, 0) == 0) {
-		realm = os_strchr(nai, '@');
-		if (realm)
-			realm++;
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Search for match with SIM/USIM domain %s",
-			realm ? realm : "[NULL]");
-		if (realm &&
-		    domain_name_list_contains(domain_names, realm, 1))
-			return 1;
-		if (realm)
-			ret = 0;
-	}
-#endif /* INTERWORKING_3GPP */
-
-	if (domain_names == NULL || cred->domain == NULL)
-		return ret;
-
-	for (i = 0; i < cred->num_domain; i++) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Search for match with home SP FQDN %s",
-			cred->domain[i]);
-		if (domain_name_list_contains(domain_names, cred->domain[i], 1))
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int interworking_home_sp(struct wpa_supplicant *wpa_s,
-				struct wpabuf *domain_names)
-{
-	struct wpa_cred *cred;
-
-	if (domain_names == NULL || wpa_s->conf->cred == NULL)
-		return -1;
-
-	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
-		int res = interworking_home_sp_cred(wpa_s, cred, domain_names);
-		if (res)
-			return res;
-	}
-
-	return 0;
-}
-
-
-static int interworking_find_network_match(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-	struct wpa_ssid *ssid;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-			if (wpas_network_disabled(wpa_s, ssid) ||
-			    ssid->mode != WPAS_MODE_INFRA)
-				continue;
-			if (ssid->ssid_len != bss->ssid_len ||
-			    os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) !=
-			    0)
-				continue;
-			/*
-			 * TODO: Consider more accurate matching of security
-			 * configuration similarly to what is done in events.c
-			 */
-			return 1;
-		}
-	}
-
-	return 0;
-}
-
-
-static int roaming_partner_match(struct wpa_supplicant *wpa_s,
-				 struct roaming_partner *partner,
-				 struct wpabuf *domain_names)
-{
-	wpa_printf(MSG_DEBUG, "Interworking: Comparing roaming_partner info fqdn='%s' exact_match=%d priority=%u country='%s'",
-		   partner->fqdn, partner->exact_match, partner->priority,
-		   partner->country);
-	wpa_hexdump_ascii(MSG_DEBUG, "Interworking: Domain names",
-			  wpabuf_head(domain_names),
-			  wpabuf_len(domain_names));
-	if (!domain_name_list_contains(domain_names, partner->fqdn,
-				       partner->exact_match))
-		return 0;
-	/* TODO: match Country */
-	return 1;
-}
-
-
-static u8 roaming_prio(struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
-		       struct wpa_bss *bss)
-{
-	size_t i;
-
-	if (bss->anqp == NULL || bss->anqp->domain_name == NULL) {
-		wpa_printf(MSG_DEBUG, "Interworking: No ANQP domain name info -> use default roaming partner priority 128");
-		return 128; /* cannot check preference with domain name */
-	}
-
-	if (interworking_home_sp_cred(wpa_s, cred, bss->anqp->domain_name) > 0)
-	{
-		wpa_printf(MSG_DEBUG, "Interworking: Determined to be home SP -> use maximum preference 0 as roaming partner priority");
-		return 0; /* max preference for home SP network */
-	}
-
-	for (i = 0; i < cred->num_roaming_partner; i++) {
-		if (roaming_partner_match(wpa_s, &cred->roaming_partner[i],
-					  bss->anqp->domain_name)) {
-			wpa_printf(MSG_DEBUG, "Interworking: Roaming partner preference match - priority %u",
-				   cred->roaming_partner[i].priority);
-			return cred->roaming_partner[i].priority;
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "Interworking: No roaming partner preference match - use default roaming partner priority 128");
-	return 128;
-}
-
-
-static struct wpa_bss * pick_best_roaming_partner(struct wpa_supplicant *wpa_s,
-						  struct wpa_bss *selected,
-						  struct wpa_cred *cred)
-{
-	struct wpa_bss *bss;
-	u8 best_prio, prio;
-	struct wpa_cred *cred2;
-
-	/*
-	 * Check if any other BSS is operated by a more preferred roaming
-	 * partner.
-	 */
-
-	best_prio = roaming_prio(wpa_s, cred, selected);
-	wpa_printf(MSG_DEBUG, "Interworking: roaming_prio=%u for selected BSS "
-		   MACSTR " (cred=%d)", best_prio, MAC2STR(selected->bssid),
-		   cred->id);
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (bss == selected)
-			continue;
-		cred2 = interworking_credentials_available(wpa_s, bss, NULL);
-		if (!cred2)
-			continue;
-		if (!wpa_bss_get_ie(bss, WLAN_EID_RSN))
-			continue;
-		prio = roaming_prio(wpa_s, cred2, bss);
-		wpa_printf(MSG_DEBUG, "Interworking: roaming_prio=%u for BSS "
-			   MACSTR " (cred=%d)", prio, MAC2STR(bss->bssid),
-			   cred2->id);
-		if (prio < best_prio) {
-			int bh1, bh2, load1, load2, conn1, conn2;
-			bh1 = cred_below_min_backhaul(wpa_s, cred, selected);
-			load1 = cred_over_max_bss_load(wpa_s, cred, selected);
-			conn1 = cred_conn_capab_missing(wpa_s, cred, selected);
-			bh2 = cred_below_min_backhaul(wpa_s, cred2, bss);
-			load2 = cred_over_max_bss_load(wpa_s, cred2, bss);
-			conn2 = cred_conn_capab_missing(wpa_s, cred2, bss);
-			wpa_printf(MSG_DEBUG, "Interworking: old: %d %d %d  new: %d %d %d",
-				   bh1, load1, conn1, bh2, load2, conn2);
-			if (bh1 || load1 || conn1 || !(bh2 || load2 || conn2)) {
-				wpa_printf(MSG_DEBUG, "Interworking: Better roaming partner " MACSTR " selected", MAC2STR(bss->bssid));
-				best_prio = prio;
-				selected = bss;
-			}
-		}
-	}
-
-	return selected;
-}
-
-
-static void interworking_select_network(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss, *selected = NULL, *selected_home = NULL;
-	struct wpa_bss *selected2 = NULL, *selected2_home = NULL;
-	unsigned int count = 0;
-	const char *type;
-	int res;
-	struct wpa_cred *cred, *selected_cred = NULL;
-	struct wpa_cred *selected_home_cred = NULL;
-	struct wpa_cred *selected2_cred = NULL;
-	struct wpa_cred *selected2_home_cred = NULL;
-
-	wpa_s->network_select = 0;
-
-	wpa_printf(MSG_DEBUG, "Interworking: Select network (auto_select=%d)",
-		   wpa_s->auto_select);
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		int excluded = 0;
-		int bh, bss_load, conn_capab;
-		cred = interworking_credentials_available(wpa_s, bss,
-							  &excluded);
-		if (!cred)
-			continue;
-
-		if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
-			/*
-			 * We currently support only HS 2.0 networks and those
-			 * are required to use WPA2-Enterprise.
-			 */
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Credential match with " MACSTR
-				" but network does not use RSN",
-				MAC2STR(bss->bssid));
-			continue;
-		}
-		if (!excluded)
-			count++;
-		res = interworking_home_sp(wpa_s, bss->anqp ?
-					   bss->anqp->domain_name : NULL);
-		if (res > 0)
-			type = "home";
-		else if (res == 0)
-			type = "roaming";
-		else
-			type = "unknown";
-		bh = cred_below_min_backhaul(wpa_s, cred, bss);
-		bss_load = cred_over_max_bss_load(wpa_s, cred, bss);
-		conn_capab = cred_conn_capab_missing(wpa_s, cred, bss);
-		wpas_notify_interworking_ap_added(wpa_s, bss, cred, excluded,
-						  type, bh, bss_load,
-						  conn_capab);
-		if (excluded)
-			continue;
-		if (wpa_s->auto_select ||
-		    (wpa_s->conf->auto_interworking &&
-		     wpa_s->auto_network_select)) {
-			if (bh || bss_load || conn_capab) {
-				if (selected2_cred == NULL ||
-				    cred_prio_cmp(cred, selected2_cred) > 0) {
-					wpa_printf(MSG_DEBUG, "Interworking: Mark as selected2");
-					selected2 = bss;
-					selected2_cred = cred;
-				}
-				if (res > 0 &&
-				    (selected2_home_cred == NULL ||
-				     cred_prio_cmp(cred, selected2_home_cred) >
-				     0)) {
-					wpa_printf(MSG_DEBUG, "Interworking: Mark as selected2_home");
-					selected2_home = bss;
-					selected2_home_cred = cred;
-				}
-			} else {
-				if (selected_cred == NULL ||
-				    cred_prio_cmp(cred, selected_cred) > 0) {
-					wpa_printf(MSG_DEBUG, "Interworking: Mark as selected");
-					selected = bss;
-					selected_cred = cred;
-				}
-				if (res > 0 &&
-				    (selected_home_cred == NULL ||
-				     cred_prio_cmp(cred, selected_home_cred) >
-				     0)) {
-					wpa_printf(MSG_DEBUG, "Interworking: Mark as selected_home");
-					selected_home = bss;
-					selected_home_cred = cred;
-				}
-			}
-		}
-	}
-
-	if (selected_home && selected_home != selected &&
-	    selected_home_cred &&
-	    (selected_cred == NULL ||
-	     cred_prio_cmp(selected_home_cred, selected_cred) >= 0)) {
-		/* Prefer network operated by the Home SP */
-		wpa_printf(MSG_DEBUG, "Interworking: Overrode selected with selected_home");
-		selected = selected_home;
-		selected_cred = selected_home_cred;
-	}
-
-	if (!selected) {
-		if (selected2_home) {
-			wpa_printf(MSG_DEBUG, "Interworking: Use home BSS with BW limit mismatch since no other network could be selected");
-			selected = selected2_home;
-			selected_cred = selected2_home_cred;
-		} else if (selected2) {
-			wpa_printf(MSG_DEBUG, "Interworking: Use visited BSS with BW limit mismatch since no other network could be selected");
-			selected = selected2;
-			selected_cred = selected2_cred;
-		}
-	}
-
-	if (count == 0) {
-		/*
-		 * No matching network was found based on configured
-		 * credentials. Check whether any of the enabled network blocks
-		 * have matching APs.
-		 */
-		if (interworking_find_network_match(wpa_s)) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Possible BSS match for enabled network configurations");
-			if (wpa_s->auto_select) {
-				interworking_reconnect(wpa_s);
-				return;
-			}
-		}
-
-		if (wpa_s->auto_network_select) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Continue scanning after ANQP fetch");
-			wpa_supplicant_req_scan(wpa_s, wpa_s->scan_interval,
-						0);
-			return;
-		}
-
-		wpa_msg(wpa_s, MSG_INFO, INTERWORKING_NO_MATCH "No network "
-			"with matching credentials found");
-		if (wpa_s->wpa_state == WPA_SCANNING)
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-	}
-
-	wpas_notify_interworking_select_done(wpa_s);
-
-	if (selected) {
-		wpa_printf(MSG_DEBUG, "Interworking: Selected " MACSTR,
-			   MAC2STR(selected->bssid));
-		selected = pick_best_roaming_partner(wpa_s, selected,
-						     selected_cred);
-		wpa_printf(MSG_DEBUG, "Interworking: Selected " MACSTR
-			   " (after best roaming partner selection)",
-			   MAC2STR(selected->bssid));
-		wpa_msg(wpa_s, MSG_INFO, INTERWORKING_SELECTED MACSTR,
-			MAC2STR(selected->bssid));
-		interworking_connect(wpa_s, selected, 0);
-	} else if (wpa_s->wpa_state == WPA_SCANNING)
-		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-}
-
-
-static struct wpa_bss_anqp *
-interworking_match_anqp_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
-{
-	struct wpa_bss *other;
-
-	if (is_zero_ether_addr(bss->hessid))
-		return NULL; /* Cannot be in the same homegenous ESS */
-
-	dl_list_for_each(other, &wpa_s->bss, struct wpa_bss, list) {
-		if (other == bss)
-			continue;
-		if (other->anqp == NULL)
-			continue;
-		if (other->anqp->roaming_consortium == NULL &&
-		    other->anqp->nai_realm == NULL &&
-		    other->anqp->anqp_3gpp == NULL &&
-		    other->anqp->domain_name == NULL)
-			continue;
-		if (!(other->flags & WPA_BSS_ANQP_FETCH_TRIED))
-			continue;
-		if (os_memcmp(bss->hessid, other->hessid, ETH_ALEN) != 0)
-			continue;
-		if (bss->ssid_len != other->ssid_len ||
-		    os_memcmp(bss->ssid, other->ssid, bss->ssid_len) != 0)
-			continue;
-
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Share ANQP data with already fetched BSSID "
-			MACSTR " and " MACSTR,
-			MAC2STR(other->bssid), MAC2STR(bss->bssid));
-		other->anqp->users++;
-		return other->anqp;
-	}
-
-	return NULL;
-}
-
-
-static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-	int found = 0;
-
-	wpa_printf(MSG_DEBUG, "Interworking: next_anqp_fetch - "
-		   "fetch_anqp_in_progress=%d fetch_osu_icon_in_progress=%d",
-		   wpa_s->fetch_anqp_in_progress,
-		   wpa_s->fetch_osu_icon_in_progress);
-
-	if (eloop_terminated() || !wpa_s->fetch_anqp_in_progress) {
-		wpa_printf(MSG_DEBUG, "Interworking: Stop next-ANQP-fetch");
-		return;
-	}
-
-#ifdef CONFIG_HS20
-	if (wpa_s->fetch_osu_icon_in_progress) {
-		wpa_printf(MSG_DEBUG, "Interworking: Next icon (in progress)");
-		hs20_next_osu_icon(wpa_s);
-		return;
-	}
-#endif /* CONFIG_HS20 */
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (!(bss->caps & IEEE80211_CAP_ESS))
-			continue;
-		if (!wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_INTERWORKING))
-			continue; /* AP does not support Interworking */
-		if (disallowed_bssid(wpa_s, bss->bssid) ||
-		    disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len))
-			continue; /* Disallowed BSS */
-
-		if (!(bss->flags & WPA_BSS_ANQP_FETCH_TRIED)) {
-			if (bss->anqp == NULL) {
-				bss->anqp = interworking_match_anqp_info(wpa_s,
-									 bss);
-				if (bss->anqp) {
-					/* Shared data already fetched */
-					continue;
-				}
-				bss->anqp = wpa_bss_anqp_alloc();
-				if (bss->anqp == NULL)
-					break;
-			}
-			found++;
-			bss->flags |= WPA_BSS_ANQP_FETCH_TRIED;
-			wpa_msg(wpa_s, MSG_INFO, "Starting ANQP fetch for "
-				MACSTR " (HESSID " MACSTR ")",
-				MAC2STR(bss->bssid), MAC2STR(bss->hessid));
-			interworking_anqp_send_req(wpa_s, bss);
-			break;
-		}
-	}
-
-	if (found == 0) {
-#ifdef CONFIG_HS20
-		if (wpa_s->fetch_osu_info) {
-			if (wpa_s->num_prov_found == 0 &&
-			    wpa_s->fetch_osu_waiting_scan &&
-			    wpa_s->num_osu_scans < 3) {
-				wpa_printf(MSG_DEBUG, "HS 2.0: No OSU providers seen - try to scan again");
-				hs20_start_osu_scan(wpa_s);
-				return;
-			}
-			wpa_printf(MSG_DEBUG, "Interworking: Next icon");
-			hs20_osu_icon_fetch(wpa_s);
-			return;
-		}
-#endif /* CONFIG_HS20 */
-		wpa_msg(wpa_s, MSG_INFO, "ANQP fetch completed");
-		wpa_s->fetch_anqp_in_progress = 0;
-		if (wpa_s->network_select)
-			interworking_select_network(wpa_s);
-	}
-}
-
-
-void interworking_start_fetch_anqp(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list)
-		bss->flags &= ~WPA_BSS_ANQP_FETCH_TRIED;
-
-	wpa_s->fetch_anqp_in_progress = 1;
-
-	/*
-	 * Start actual ANQP operation from eloop call to make sure the loop
-	 * does not end up using excessive recursion.
-	 */
-	eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s, NULL);
-}
-
-
-int interworking_fetch_anqp(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select)
-		return 0;
-
-	wpa_s->network_select = 0;
-	wpa_s->fetch_all_anqp = 1;
-	wpa_s->fetch_osu_info = 0;
-
-	interworking_start_fetch_anqp(wpa_s);
-
-	return 0;
-}
-
-
-void interworking_stop_fetch_anqp(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->fetch_anqp_in_progress)
-		return;
-
-	wpa_s->fetch_anqp_in_progress = 0;
-}
-
-
-int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, int freq,
-		  u16 info_ids[], size_t num_ids, u32 subtypes,
-		  u32 mbo_subtypes)
-{
-	struct wpabuf *buf;
-	struct wpabuf *extra_buf = NULL;
-	int ret = 0;
-	struct wpa_bss *bss;
-	int res;
-
-	bss = wpa_bss_get_bssid(wpa_s, dst);
-	if (!bss && !freq) {
-		wpa_printf(MSG_WARNING,
-			   "ANQP: Cannot send query without BSS freq info");
-		return -1;
-	}
-
-	if (bss)
-		wpa_bss_anqp_unshare_alloc(bss);
-	if (bss && !freq)
-		freq = bss->freq;
-
-	wpa_msg(wpa_s, MSG_DEBUG,
-		"ANQP: Query Request to " MACSTR " for %u id(s)",
-		MAC2STR(dst), (unsigned int) num_ids);
-
-#ifdef CONFIG_HS20
-	if (subtypes != 0) {
-		extra_buf = wpabuf_alloc(100);
-		if (extra_buf == NULL)
-			return -1;
-		hs20_put_anqp_req(subtypes, NULL, 0, extra_buf);
-	}
-#endif /* CONFIG_HS20 */
-
-#ifdef CONFIG_MBO
-	if (mbo_subtypes) {
-		struct wpabuf *mbo;
-
-		if (!bss) {
-			wpa_printf(MSG_WARNING,
-				   "ANQP: Cannot send MBO query to unknown BSS "
-				   MACSTR, MAC2STR(dst));
-			wpabuf_free(extra_buf);
-			return -1;
-		}
-
-		mbo = mbo_build_anqp_buf(wpa_s, bss, mbo_subtypes);
-		if (mbo) {
-			if (wpabuf_resize(&extra_buf, wpabuf_len(mbo))) {
-				wpabuf_free(extra_buf);
-				wpabuf_free(mbo);
-				return -1;
-			}
-			wpabuf_put_buf(extra_buf, mbo);
-			wpabuf_free(mbo);
-		}
-	}
-#endif /* CONFIG_MBO */
-
-	buf = anqp_build_req(info_ids, num_ids, extra_buf);
-	wpabuf_free(extra_buf);
-	if (buf == NULL)
-		return -1;
-
-	res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, anqp_resp_cb,
-			    wpa_s);
-	if (res < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
-		wpabuf_free(buf);
-		ret = -1;
-	} else {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"ANQP: Query started with dialog token %u", res);
-	}
-
-	return ret;
-}
-
-
-static void anqp_add_extra(struct wpa_supplicant *wpa_s,
-			   struct wpa_bss_anqp *anqp, u16 info_id,
-			   const u8 *data, size_t slen, bool protected_response)
-{
-	struct wpa_bss_anqp_elem *tmp, *elem = NULL;
-
-	if (!anqp)
-		return;
-
-	dl_list_for_each(tmp, &anqp->anqp_elems, struct wpa_bss_anqp_elem,
-			 list) {
-		if (tmp->infoid == info_id) {
-			elem = tmp;
-			break;
-		}
-	}
-
-	if (!elem) {
-		elem = os_zalloc(sizeof(*elem));
-		if (!elem)
-			return;
-		elem->infoid = info_id;
-		dl_list_add(&anqp->anqp_elems, &elem->list);
-	} else {
-		wpabuf_free(elem->payload);
-	}
-
-	elem->protected_response = protected_response;
-	elem->payload = wpabuf_alloc_copy(data, slen);
-	if (!elem->payload) {
-		dl_list_del(&elem->list);
-		os_free(elem);
-	}
-}
-
-
-static void interworking_parse_venue_url(struct wpa_supplicant *wpa_s,
-					 const u8 *data, size_t len)
-{
-	const u8 *pos = data, *end = data + len;
-	char url[255];
-
-	while (end - pos >= 2) {
-		u8 slen, num;
-
-		slen = *pos++;
-		if (slen < 1 || slen > end - pos) {
-			wpa_printf(MSG_DEBUG,
-				   "ANQP: Truncated Venue URL Duple field");
-			return;
-		}
-
-		num = *pos++;
-		os_memcpy(url, pos, slen - 1);
-		url[slen - 1] = '\0';
-		wpa_msg(wpa_s, MSG_INFO, RX_VENUE_URL "%u %s", num, url);
-		pos += slen - 1;
-	}
-}
-
-
-static void interworking_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
-					    struct wpa_bss *bss, const u8 *sa,
-					    u16 info_id,
-					    const u8 *data, size_t slen,
-					    u8 dialog_token)
-{
-	const u8 *pos = data;
-	struct wpa_bss_anqp *anqp = NULL;
-	u8 type;
-	bool protected_response;
-
-	if (bss)
-		anqp = bss->anqp;
-
-	switch (info_id) {
-	case ANQP_CAPABILITY_LIST:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" ANQP Capability list", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Capability list",
-				  pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->capability_list);
-			anqp->capability_list = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_VENUE_NAME:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" Venue Name", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Venue Name", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->venue_name);
-			anqp->venue_name = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_NETWORK_AUTH_TYPE:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" Network Authentication Type information",
-			MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Network Authentication "
-				  "Type", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->network_auth_type);
-			anqp->network_auth_type = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_ROAMING_CONSORTIUM:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" Roaming Consortium list", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Roaming Consortium",
-				  pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->roaming_consortium);
-			anqp->roaming_consortium = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_IP_ADDR_TYPE_AVAILABILITY:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" IP Address Type Availability information",
-			MAC2STR(sa));
-		wpa_hexdump(MSG_MSGDUMP, "ANQP: IP Address Availability",
-			    pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->ip_addr_type_availability);
-			anqp->ip_addr_type_availability =
-				wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_NAI_REALM:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" NAI Realm list", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "ANQP: NAI Realm", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->nai_realm);
-			anqp->nai_realm = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_3GPP_CELLULAR_NETWORK:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" 3GPP Cellular Network information", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_DEBUG, "ANQP: 3GPP Cellular Network",
-				  pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->anqp_3gpp);
-			anqp->anqp_3gpp = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-	case ANQP_DOMAIN_NAME:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" Domain Name list", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: Domain Name", pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->domain_name);
-			anqp->domain_name = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-#ifdef CONFIG_FILS
-	case ANQP_FILS_REALM_INFO:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
-			" FILS Realm Information", MAC2STR(sa));
-		wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: FILS Realm Information",
-			pos, slen);
-		if (anqp) {
-			wpabuf_free(anqp->fils_realm_info);
-			anqp->fils_realm_info = wpabuf_alloc_copy(pos, slen);
-		}
-		break;
-#endif /* CONFIG_FILS */
-	case ANQP_VENUE_URL:
-		wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR " Venue URL",
-			MAC2STR(sa));
-		protected_response = pmf_in_use(wpa_s, sa);
-		anqp_add_extra(wpa_s, anqp, info_id, pos, slen,
-			       protected_response);
-
-		if (!protected_response) {
-			wpa_printf(MSG_DEBUG,
-				   "ANQP: Ignore Venue URL since PMF was not enabled");
-			break;
-		}
-		interworking_parse_venue_url(wpa_s, pos, slen);
-		break;
-	case ANQP_VENDOR_SPECIFIC:
-		if (slen < 3)
-			return;
-
-		switch (WPA_GET_BE24(pos)) {
-		case OUI_WFA:
-			pos += 3;
-			slen -= 3;
-
-			if (slen < 1)
-				return;
-			type = *pos++;
-			slen--;
-
-			switch (type) {
-#ifdef CONFIG_HS20
-			case HS20_ANQP_OUI_TYPE:
-				hs20_parse_rx_hs20_anqp_resp(wpa_s, bss, sa,
-							     pos, slen,
-							     dialog_token);
-				break;
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_MBO
-			case MBO_ANQP_OUI_TYPE:
-				mbo_parse_rx_anqp_resp(wpa_s, bss, sa,
-						       pos, slen);
-				break;
-#endif /* CONFIG_MBO */
-			default:
-				wpa_msg(wpa_s, MSG_DEBUG,
-					"ANQP: Unsupported ANQP vendor type %u",
-					type);
-				break;
-			}
-			break;
-		default:
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"Interworking: Unsupported vendor-specific ANQP OUI %06x",
-				WPA_GET_BE24(pos));
-			return;
-		}
-		break;
-	default:
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Interworking: Unsupported ANQP Info ID %u", info_id);
-		anqp_add_extra(wpa_s, anqp, info_id, data, slen,
-			       pmf_in_use(wpa_s, sa));
-		break;
-	}
-}
-
-
-void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
-		  enum gas_query_result result,
-		  const struct wpabuf *adv_proto,
-		  const struct wpabuf *resp, u16 status_code)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const u8 *pos;
-	const u8 *end;
-	u16 info_id;
-	u16 slen;
-	struct wpa_bss *bss = NULL, *tmp;
-	const char *anqp_result = "SUCCESS";
-
-	wpa_printf(MSG_DEBUG, "Interworking: anqp_resp_cb dst=" MACSTR
-		   " dialog_token=%u result=%d status_code=%u",
-		   MAC2STR(dst), dialog_token, result, status_code);
-	if (result != GAS_QUERY_SUCCESS) {
-#ifdef CONFIG_HS20
-		if (wpa_s->fetch_osu_icon_in_progress)
-			hs20_icon_fetch_failed(wpa_s);
-#endif /* CONFIG_HS20 */
-		anqp_result = "FAILURE";
-		goto out;
-	}
-
-	pos = wpabuf_head(adv_proto);
-	if (wpabuf_len(adv_proto) < 4 || pos[0] != WLAN_EID_ADV_PROTO ||
-	    pos[1] < 2 || pos[3] != ACCESS_NETWORK_QUERY_PROTOCOL) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"ANQP: Unexpected Advertisement Protocol in response");
-#ifdef CONFIG_HS20
-		if (wpa_s->fetch_osu_icon_in_progress)
-			hs20_icon_fetch_failed(wpa_s);
-#endif /* CONFIG_HS20 */
-		anqp_result = "INVALID_FRAME";
-		goto out;
-	}
-
-	/*
-	 * If possible, select the BSS entry based on which BSS entry was used
-	 * for the request. This can help in cases where multiple BSS entries
-	 * may exist for the same AP.
-	 */
-	dl_list_for_each_reverse(tmp, &wpa_s->bss, struct wpa_bss, list) {
-		if (tmp == wpa_s->interworking_gas_bss &&
-		    os_memcmp(tmp->bssid, dst, ETH_ALEN) == 0) {
-			bss = tmp;
-			break;
-		}
-	}
-	if (bss == NULL)
-		bss = wpa_bss_get_bssid(wpa_s, dst);
-
-	pos = wpabuf_head(resp);
-	end = pos + wpabuf_len(resp);
-
-	while (pos < end) {
-		unsigned int left = end - pos;
-
-		if (left < 4) {
-			wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Invalid element");
-			anqp_result = "INVALID_FRAME";
-			goto out_parse_done;
-		}
-		info_id = WPA_GET_LE16(pos);
-		pos += 2;
-		slen = WPA_GET_LE16(pos);
-		pos += 2;
-		left -= 4;
-		if (left < slen) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"ANQP: Invalid element length for Info ID %u",
-				info_id);
-			anqp_result = "INVALID_FRAME";
-			goto out_parse_done;
-		}
-		interworking_parse_rx_anqp_resp(wpa_s, bss, dst, info_id, pos,
-						slen, dialog_token);
-		pos += slen;
-	}
-
-out_parse_done:
-#ifdef CONFIG_HS20
-	hs20_notify_parse_done(wpa_s);
-#endif /* CONFIG_HS20 */
-out:
-	wpa_msg(wpa_s, MSG_INFO, ANQP_QUERY_DONE "addr=" MACSTR " result=%s",
-		MAC2STR(dst), anqp_result);
-}
-
-
-static void interworking_scan_res_handler(struct wpa_supplicant *wpa_s,
-					  struct wpa_scan_results *scan_res)
-{
-	wpa_msg(wpa_s, MSG_DEBUG,
-		"Interworking: Scan results available - start ANQP fetch");
-	interworking_start_fetch_anqp(wpa_s);
-}
-
-
-int interworking_select(struct wpa_supplicant *wpa_s, int auto_select,
-			int *freqs)
-{
-	interworking_stop_fetch_anqp(wpa_s);
-	wpa_s->network_select = 1;
-	wpa_s->auto_network_select = 0;
-	wpa_s->auto_select = !!auto_select;
-	wpa_s->fetch_all_anqp = 0;
-	wpa_s->fetch_osu_info = 0;
-	wpa_msg(wpa_s, MSG_DEBUG,
-		"Interworking: Start scan for network selection");
-	wpa_s->scan_res_handler = interworking_scan_res_handler;
-	wpa_s->normal_scans = 0;
-	wpa_s->scan_req = MANUAL_SCAN_REQ;
-	os_free(wpa_s->manual_scan_freqs);
-	wpa_s->manual_scan_freqs = freqs;
-	wpa_s->after_wps = 0;
-	wpa_s->known_wps_freq = 0;
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-
-	return 0;
-}
-
-
-static void gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
-			enum gas_query_result result,
-			const struct wpabuf *adv_proto,
-			const struct wpabuf *resp, u16 status_code)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpabuf *n;
-
-	wpa_msg(wpa_s, MSG_INFO, GAS_RESPONSE_INFO "addr=" MACSTR
-		" dialog_token=%d status_code=%d resp_len=%d",
-		MAC2STR(addr), dialog_token, status_code,
-		resp ? (int) wpabuf_len(resp) : -1);
-	if (!resp)
-		return;
-
-	n = wpabuf_dup(resp);
-	if (n == NULL)
-		return;
-	wpabuf_free(wpa_s->prev_gas_resp);
-	wpa_s->prev_gas_resp = wpa_s->last_gas_resp;
-	os_memcpy(wpa_s->prev_gas_addr, wpa_s->last_gas_addr, ETH_ALEN);
-	wpa_s->prev_gas_dialog_token = wpa_s->last_gas_dialog_token;
-	wpa_s->last_gas_resp = n;
-	os_memcpy(wpa_s->last_gas_addr, addr, ETH_ALEN);
-	wpa_s->last_gas_dialog_token = dialog_token;
-}
-
-
-int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst,
-		     const struct wpabuf *adv_proto,
-		     const struct wpabuf *query)
-{
-	struct wpabuf *buf;
-	int ret = 0;
-	int freq;
-	struct wpa_bss *bss;
-	int res;
-	size_t len;
-	u8 query_resp_len_limit = 0;
-
-	freq = wpa_s->assoc_freq;
-	bss = wpa_bss_get_bssid(wpa_s, dst);
-	if (bss)
-		freq = bss->freq;
-	if (freq <= 0)
-		return -1;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "GAS request to " MACSTR " (freq %d MHz)",
-		MAC2STR(dst), freq);
-	wpa_hexdump_buf(MSG_DEBUG, "Advertisement Protocol ID", adv_proto);
-	wpa_hexdump_buf(MSG_DEBUG, "GAS Query", query);
-
-	len = 3 + wpabuf_len(adv_proto) + 2;
-	if (query)
-		len += wpabuf_len(query);
-	buf = gas_build_initial_req(0, len);
-	if (buf == NULL)
-		return -1;
-
-	/* Advertisement Protocol IE */
-	wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
-	wpabuf_put_u8(buf, 1 + wpabuf_len(adv_proto)); /* Length */
-	wpabuf_put_u8(buf, query_resp_len_limit & 0x7f);
-	wpabuf_put_buf(buf, adv_proto);
-
-	/* GAS Query */
-	if (query) {
-		wpabuf_put_le16(buf, wpabuf_len(query));
-		wpabuf_put_buf(buf, query);
-	} else
-		wpabuf_put_le16(buf, 0);
-
-	res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, gas_resp_cb,
-			    wpa_s);
-	if (res < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
-		wpabuf_free(buf);
-		ret = -1;
-	} else
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"GAS: Query started with dialog token %u", res);
-
-	return ret;
-}
diff --git a/wpa_supplicant/interworking.h b/wpa_supplicant/interworking.h
deleted file mode 100644
index 77b2c91bda52..000000000000
--- a/wpa_supplicant/interworking.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Interworking (IEEE 802.11u)
- * Copyright (c) 2011-2012, Qualcomm Atheros
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef INTERWORKING_H
-#define INTERWORKING_H
-
-enum gas_query_result;
-
-int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, int freq,
-		  u16 info_ids[], size_t num_ids, u32 subtypes,
-		  u32 mbo_subtypes);
-void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
-		  enum gas_query_result result,
-		  const struct wpabuf *adv_proto,
-		  const struct wpabuf *resp, u16 status_code);
-int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst,
-		     const struct wpabuf *adv_proto,
-		     const struct wpabuf *query);
-int interworking_fetch_anqp(struct wpa_supplicant *wpa_s);
-void interworking_stop_fetch_anqp(struct wpa_supplicant *wpa_s);
-int interworking_select(struct wpa_supplicant *wpa_s, int auto_select,
-			int *freqs);
-int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			 int only_add);
-void interworking_start_fetch_anqp(struct wpa_supplicant *wpa_s);
-int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
-			      struct wpa_cred *cred,
-			      struct wpabuf *domain_names);
-int domain_name_list_contains(struct wpabuf *domain_names,
-			      const char *domain, int exact_match);
-
-#endif /* INTERWORKING_H */
diff --git a/wpa_supplicant/libwpa_test.c b/wpa_supplicant/libwpa_test.c
deleted file mode 100644
index e51ab7247665..000000000000
--- a/wpa_supplicant/libwpa_test.c
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * libwpa_test - Test program for libwpa_client.* library linking
- * Copyright (c) 2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common/wpa_ctrl.h"
-
-int main(int argc, char *argv[])
-{
-	struct wpa_ctrl *ctrl;
-
-	ctrl = wpa_ctrl_open("foo");
-	if (!ctrl)
-		return -1;
-	if (wpa_ctrl_attach(ctrl) == 0)
-		wpa_ctrl_detach(ctrl);
-	if (wpa_ctrl_pending(ctrl)) {
-		char buf[10];
-		size_t len;
-
-		len = sizeof(buf);
-		wpa_ctrl_recv(ctrl, buf, &len);
-	}
-	wpa_ctrl_close(ctrl);
-
-	return 0;
-}
diff --git a/wpa_supplicant/main.c b/wpa_supplicant/main.c
deleted file mode 100644
index 51a8a0298a9b..000000000000
--- a/wpa_supplicant/main.c
+++ /dev/null
@@ -1,409 +0,0 @@
-/*
- * WPA Supplicant / main() function for UNIX like OSes and MinGW
- * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#ifdef __linux__
-#include <fcntl.h>
-#endif /* __linux__ */
-
-#include "common.h"
-#include "fst/fst.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "p2p_supplicant.h"
-
-
-static void usage(void)
-{
-	int i;
-	printf("%s\n\n%s\n"
-	       "usage:\n"
-	       "  wpa_supplicant [-BddhKLqq"
-#ifdef CONFIG_DEBUG_SYSLOG
-	       "s"
-#endif /* CONFIG_DEBUG_SYSLOG */
-	       "t"
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	       "u"
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-	       "vW] [-P<pid file>] "
-	       "[-g<global ctrl>] \\\n"
-	       "        [-G<group>] \\\n"
-	       "        -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
-	       "[-p<driver_param>] \\\n"
-	       "        [-b<br_ifname>] [-e<entropy file>]"
-#ifdef CONFIG_DEBUG_FILE
-	       " [-f<debug file>]"
-#endif /* CONFIG_DEBUG_FILE */
-	       " \\\n"
-	       "        [-o<override driver>] [-O<override ctrl>] \\\n"
-	       "        [-N -i<ifname> -c<conf> [-C<ctrl>] "
-	       "[-D<driver>] \\\n"
-#ifdef CONFIG_P2P
-	       "        [-m<P2P Device config file>] \\\n"
-#endif /* CONFIG_P2P */
-	       "        [-p<driver_param>] [-b<br_ifname>] [-I<config file>] "
-	       "...]\n"
-	       "\n"
-	       "drivers:\n",
-	       wpa_supplicant_version, wpa_supplicant_license);
-
-	for (i = 0; wpa_drivers[i]; i++) {
-		printf("  %s = %s\n",
-		       wpa_drivers[i]->name,
-		       wpa_drivers[i]->desc);
-	}
-
-#ifndef CONFIG_NO_STDOUT_DEBUG
-	printf("options:\n"
-	       "  -b = optional bridge interface name\n"
-	       "  -B = run daemon in the background\n"
-	       "  -c = Configuration file\n"
-	       "  -C = ctrl_interface parameter (only used if -c is not)\n"
-	       "  -d = increase debugging verbosity (-dd even more)\n"
-	       "  -D = driver name (can be multiple drivers: nl80211,wext)\n"
-	       "  -e = entropy file\n"
-#ifdef CONFIG_DEBUG_FILE
-	       "  -f = log output to debug file instead of stdout\n"
-#endif /* CONFIG_DEBUG_FILE */
-	       "  -g = global ctrl_interface\n"
-	       "  -G = global ctrl_interface group\n"
-	       "  -h = show this help text\n"
-	       "  -i = interface name\n"
-	       "  -I = additional configuration file\n"
-	       "  -K = include keys (passwords, etc.) in debug output\n"
-	       "  -L = show license (BSD)\n"
-#ifdef CONFIG_P2P
-	       "  -m = Configuration file for the P2P Device interface\n"
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_MATCH_IFACE
-	       "  -M = start describing new matching interface\n"
-#endif /* CONFIG_MATCH_IFACE */
-	       "  -N = start describing new interface\n"
-	       "  -o = override driver parameter for new interfaces\n"
-	       "  -O = override ctrl_interface parameter for new interfaces\n"
-	       "  -p = driver parameters\n"
-	       "  -P = PID file\n"
-	       "  -q = decrease debugging verbosity (-qq even less)\n"
-#ifdef CONFIG_DEBUG_SYSLOG
-	       "  -s = log output to syslog instead of stdout\n"
-#endif /* CONFIG_DEBUG_SYSLOG */
-	       "  -t = include timestamp in debug messages\n"
-#ifdef CONFIG_DEBUG_LINUX_TRACING
-	       "  -T = record to Linux tracing in addition to logging\n"
-	       "       (records all messages regardless of debug verbosity)\n"
-#endif /* CONFIG_DEBUG_LINUX_TRACING */
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	       "  -u = enable DBus control interface\n"
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-	       "  -v = show version\n"
-	       "  -W = wait for a control interface monitor before starting\n");
-
-	printf("example:\n"
-	       "  wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
-	       wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211");
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-}
-
-
-static void license(void)
-{
-#ifndef CONFIG_NO_STDOUT_DEBUG
-	printf("%s\n\n%s%s%s%s%s\n",
-	       wpa_supplicant_version,
-	       wpa_supplicant_full_license1,
-	       wpa_supplicant_full_license2,
-	       wpa_supplicant_full_license3,
-	       wpa_supplicant_full_license4,
-	       wpa_supplicant_full_license5);
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-}
-
-
-static void wpa_supplicant_fd_workaround(int start)
-{
-#ifdef __linux__
-	static int fd[3] = { -1, -1, -1 };
-	int i;
-	/* When started from pcmcia-cs scripts, wpa_supplicant might start with
-	 * fd 0, 1, and 2 closed. This will cause some issues because many
-	 * places in wpa_supplicant are still printing out to stdout. As a
-	 * workaround, make sure that fd's 0, 1, and 2 are not used for other
-	 * sockets. */
-	if (start) {
-		for (i = 0; i < 3; i++) {
-			fd[i] = open("/dev/null", O_RDWR);
-			if (fd[i] > 2) {
-				close(fd[i]);
-				fd[i] = -1;
-				break;
-			}
-		}
-	} else {
-		for (i = 0; i < 3; i++) {
-			if (fd[i] >= 0) {
-				close(fd[i]);
-				fd[i] = -1;
-			}
-		}
-	}
-#endif /* __linux__ */
-}
-
-
-#ifdef CONFIG_MATCH_IFACE
-static int wpa_supplicant_init_match(struct wpa_global *global)
-{
-	/*
-	 * The assumption is that the first driver is the primary driver and
-	 * will handle the arrival / departure of interfaces.
-	 */
-	if (wpa_drivers[0]->global_init && !global->drv_priv[0]) {
-		global->drv_priv[0] = wpa_drivers[0]->global_init(global);
-		if (!global->drv_priv[0]) {
-			wpa_printf(MSG_ERROR,
-				   "Failed to initialize driver '%s'",
-				   wpa_drivers[0]->name);
-			return -1;
-		}
-	}
-
-	return 0;
-}
-#endif /* CONFIG_MATCH_IFACE */
-
-
-int main(int argc, char *argv[])
-{
-	int c, i;
-	struct wpa_interface *ifaces, *iface;
-	int iface_count, exitcode = -1;
-	struct wpa_params params;
-	struct wpa_global *global;
-
-	if (os_program_init())
-		return -1;
-
-	os_memset(&params, 0, sizeof(params));
-	params.wpa_debug_level = MSG_INFO;
-
-	iface = ifaces = os_zalloc(sizeof(struct wpa_interface));
-	if (ifaces == NULL)
-		return -1;
-	iface_count = 1;
-
-	wpa_supplicant_fd_workaround(1);
-
-	for (;;) {
-		c = getopt(argc, argv,
-			   "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'b':
-			iface->bridge_ifname = optarg;
-			break;
-		case 'B':
-			params.daemonize++;
-			break;
-		case 'c':
-			iface->confname = optarg;
-			break;
-		case 'C':
-			iface->ctrl_interface = optarg;
-			break;
-		case 'D':
-			iface->driver = optarg;
-			break;
-		case 'd':
-#ifdef CONFIG_NO_STDOUT_DEBUG
-			printf("Debugging disabled with "
-			       "CONFIG_NO_STDOUT_DEBUG=y build time "
-			       "option.\n");
-			goto out;
-#else /* CONFIG_NO_STDOUT_DEBUG */
-			params.wpa_debug_level--;
-			break;
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-		case 'e':
-			params.entropy_file = optarg;
-			break;
-#ifdef CONFIG_DEBUG_FILE
-		case 'f':
-			params.wpa_debug_file_path = optarg;
-			break;
-#endif /* CONFIG_DEBUG_FILE */
-		case 'g':
-			params.ctrl_interface = optarg;
-			break;
-		case 'G':
-			params.ctrl_interface_group = optarg;
-			break;
-		case 'h':
-			usage();
-			exitcode = 0;
-			goto out;
-		case 'i':
-			iface->ifname = optarg;
-			break;
-		case 'I':
-			iface->confanother = optarg;
-			break;
-		case 'K':
-			params.wpa_debug_show_keys++;
-			break;
-		case 'L':
-			license();
-			exitcode = 0;
-			goto out;
-#ifdef CONFIG_P2P
-		case 'm':
-			params.conf_p2p_dev = optarg;
-			break;
-#endif /* CONFIG_P2P */
-		case 'o':
-			params.override_driver = optarg;
-			break;
-		case 'O':
-			params.override_ctrl_interface = optarg;
-			break;
-		case 'p':
-			iface->driver_param = optarg;
-			break;
-		case 'P':
-			os_free(params.pid_file);
-			params.pid_file = os_rel2abs_path(optarg);
-			break;
-		case 'q':
-			params.wpa_debug_level++;
-			break;
-#ifdef CONFIG_DEBUG_SYSLOG
-		case 's':
-			params.wpa_debug_syslog++;
-			break;
-#endif /* CONFIG_DEBUG_SYSLOG */
-#ifdef CONFIG_DEBUG_LINUX_TRACING
-		case 'T':
-			params.wpa_debug_tracing++;
-			break;
-#endif /* CONFIG_DEBUG_LINUX_TRACING */
-		case 't':
-			params.wpa_debug_timestamp++;
-			break;
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-		case 'u':
-			params.dbus_ctrl_interface = 1;
-			break;
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-		case 'v':
-			printf("%s\n", wpa_supplicant_version);
-			exitcode = 0;
-			goto out;
-		case 'W':
-			params.wait_for_monitor++;
-			break;
-#ifdef CONFIG_MATCH_IFACE
-		case 'M':
-			params.match_iface_count++;
-			iface = os_realloc_array(params.match_ifaces,
-						 params.match_iface_count,
-						 sizeof(struct wpa_interface));
-			if (!iface)
-				goto out;
-			params.match_ifaces = iface;
-			iface = &params.match_ifaces[params.match_iface_count -
-						     1];
-			os_memset(iface, 0, sizeof(*iface));
-			break;
-#endif /* CONFIG_MATCH_IFACE */
-		case 'N':
-			iface_count++;
-			iface = os_realloc_array(ifaces, iface_count,
-						 sizeof(struct wpa_interface));
-			if (iface == NULL)
-				goto out;
-			ifaces = iface;
-			iface = &ifaces[iface_count - 1];
-			os_memset(iface, 0, sizeof(*iface));
-			break;
-		default:
-			usage();
-			exitcode = 0;
-			goto out;
-		}
-	}
-
-	exitcode = 0;
-	global = wpa_supplicant_init(&params);
-	if (global == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to initialize wpa_supplicant");
-		exitcode = -1;
-		goto out;
-	} else {
-		wpa_printf(MSG_INFO, "Successfully initialized "
-			   "wpa_supplicant");
-	}
-
-	if (fst_global_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize FST");
-		exitcode = -1;
-		goto out;
-	}
-
-#if defined(CONFIG_FST) && defined(CONFIG_CTRL_IFACE)
-	if (!fst_global_add_ctrl(fst_ctrl_cli))
-		wpa_printf(MSG_WARNING, "Failed to add CLI FST ctrl");
-#endif
-
-	for (i = 0; exitcode == 0 && i < iface_count; i++) {
-		struct wpa_supplicant *wpa_s;
-
-		if ((ifaces[i].confname == NULL &&
-		     ifaces[i].ctrl_interface == NULL) ||
-		    ifaces[i].ifname == NULL) {
-			if (iface_count == 1 && (params.ctrl_interface ||
-#ifdef CONFIG_MATCH_IFACE
-						 params.match_iface_count ||
-#endif /* CONFIG_MATCH_IFACE */
-						 params.dbus_ctrl_interface))
-				break;
-			usage();
-			exitcode = -1;
-			break;
-		}
-		wpa_s = wpa_supplicant_add_iface(global, &ifaces[i], NULL);
-		if (wpa_s == NULL) {
-			exitcode = -1;
-			break;
-		}
-	}
-
-#ifdef CONFIG_MATCH_IFACE
-	if (exitcode == 0)
-		exitcode = wpa_supplicant_init_match(global);
-#endif /* CONFIG_MATCH_IFACE */
-
-	if (exitcode == 0)
-		exitcode = wpa_supplicant_run(global);
-
-	wpa_supplicant_deinit(global);
-
-	fst_global_deinit();
-
-out:
-	wpa_supplicant_fd_workaround(0);
-	os_free(ifaces);
-#ifdef CONFIG_MATCH_IFACE
-	os_free(params.match_ifaces);
-#endif /* CONFIG_MATCH_IFACE */
-	os_free(params.pid_file);
-
-	os_program_deinit();
-
-	return exitcode;
-}
diff --git a/wpa_supplicant/main_none.c b/wpa_supplicant/main_none.c
deleted file mode 100644
index 4d3caf2a4da3..000000000000
--- a/wpa_supplicant/main_none.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * WPA Supplicant / Example program entrypoint
- * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-
-int main(int argc, char *argv[])
-{
-	struct wpa_interface iface;
-	int exitcode = 0;
-	struct wpa_params params;
-	struct wpa_global *global;
-
-	memset(&params, 0, sizeof(params));
-	params.wpa_debug_level = MSG_INFO;
-
-	global = wpa_supplicant_init(&params);
-	if (global == NULL)
-		return -1;
-
-	memset(&iface, 0, sizeof(iface));
-	/* TODO: set interface parameters */
-
-	if (wpa_supplicant_add_iface(global, &iface, NULL) == NULL)
-		exitcode = -1;
-
-	if (exitcode == 0)
-		exitcode = wpa_supplicant_run(global);
-
-	wpa_supplicant_deinit(global);
-
-	return exitcode;
-}
diff --git a/wpa_supplicant/main_winmain.c b/wpa_supplicant/main_winmain.c
deleted file mode 100644
index e1dded0c349a..000000000000
--- a/wpa_supplicant/main_winmain.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * WPA Supplicant / WinMain() function for Windows-based applications
- * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-
-#ifdef _WIN32_WCE
-#define CMDLINE LPWSTR
-#else /* _WIN32_WCE */
-#define CMDLINE LPSTR
-#endif /* _WIN32_WCE */
-
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
-		   CMDLINE lpCmdLine, int nShowCmd)
-{
-	int i;
-	struct wpa_interface *ifaces, *iface;
-	int iface_count, exitcode = -1;
-	struct wpa_params params;
-	struct wpa_global *global;
-
-	if (os_program_init())
-		return -1;
-
-	os_memset(&params, 0, sizeof(params));
-	params.wpa_debug_level = MSG_MSGDUMP;
-	params.wpa_debug_file_path = "\\Temp\\wpa_supplicant-log.txt";
-	params.wpa_debug_show_keys = 1;
-
-	iface = ifaces = os_zalloc(sizeof(struct wpa_interface));
-	if (ifaces == NULL)
-		return -1;
-	iface_count = 1;
-
-	iface->confname = "default";
-	iface->driver = "ndis";
-	iface->ifname = "";
-
-	exitcode = 0;
-	global = wpa_supplicant_init(&params);
-	if (global == NULL) {
-		printf("Failed to initialize wpa_supplicant\n");
-		exitcode = -1;
-	}
-
-	for (i = 0; exitcode == 0 && i < iface_count; i++) {
-		if ((ifaces[i].confname == NULL &&
-		     ifaces[i].ctrl_interface == NULL) ||
-		    ifaces[i].ifname == NULL) {
-			if (iface_count == 1 && (params.ctrl_interface ||
-						 params.dbus_ctrl_interface))
-				break;
-			exitcode = -1;
-			break;
-		}
-		if (wpa_supplicant_add_iface(global, &ifaces[i], NULL) == NULL)
-			exitcode = -1;
-	}
-
-	if (exitcode == 0)
-		exitcode = wpa_supplicant_run(global);
-
-	wpa_supplicant_deinit(global);
-
-	os_free(ifaces);
-
-	os_program_deinit();
-
-	return exitcode;
-}
diff --git a/wpa_supplicant/main_winsvc.c b/wpa_supplicant/main_winsvc.c
deleted file mode 100644
index 9950aa99ae7a..000000000000
--- a/wpa_supplicant/main_winsvc.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * WPA Supplicant / main() function for Win32 service
- * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * The root of wpa_supplicant configuration in registry is
- * HKEY_LOCAL_MACHINE\\SOFTWARE\\%wpa_supplicant. This level includes global
- * parameters and a 'interfaces' subkey with all the interface configuration
- * (adapter to confname mapping). Each such mapping is a subkey that has
- * 'adapter' and 'config' values.
- *
- * This program can be run either as a normal command line application, e.g.,
- * for debugging, with 'wpasvc.exe app' or as a Windows service. Service need
- * to be registered with 'wpasvc.exe reg <full path to wpasvc.exe>'. After
- * this, it can be started like any other Windows service (e.g., 'net start
- * wpasvc') or it can be configured to start automatically through the Services
- * tool in administrative tasks. The service can be unregistered with
- * 'wpasvc.exe unreg'.
- */
-
-#include "includes.h"
-#include <windows.h>
-
-#include "common.h"
-#include "wpa_supplicant_i.h"
-#include "eloop.h"
-
-#ifndef WPASVC_NAME
-#define WPASVC_NAME TEXT("wpasvc")
-#endif
-#ifndef WPASVC_DISPLAY_NAME
-#define WPASVC_DISPLAY_NAME TEXT("wpa_supplicant service")
-#endif
-#ifndef WPASVC_DESCRIPTION
-#define WPASVC_DESCRIPTION \
-TEXT("Provides IEEE 802.1X and WPA/WPA2 supplicant functionality")
-#endif
-
-static HANDLE kill_svc;
-
-static SERVICE_STATUS_HANDLE svc_status_handle;
-static SERVICE_STATUS svc_status;
-
-
-#ifndef WPA_KEY_ROOT
-#define WPA_KEY_ROOT HKEY_LOCAL_MACHINE
-#endif
-#ifndef WPA_KEY_PREFIX
-#define WPA_KEY_PREFIX TEXT("SOFTWARE\\wpa_supplicant")
-#endif
-
-#ifdef UNICODE
-#define TSTR "%S"
-#else /* UNICODE */
-#define TSTR "%s"
-#endif /* UNICODE */
-
-
-static int read_interface(struct wpa_global *global, HKEY _hk,
-			  const TCHAR *name)
-{
-	HKEY hk;
-#define TBUFLEN 255
-	TCHAR adapter[TBUFLEN], config[TBUFLEN], ctrl_interface[TBUFLEN];
-	DWORD buflen, val;
-	LONG ret;
-	struct wpa_interface iface;
-	int skip_on_error = 0;
-
-	ret = RegOpenKeyEx(_hk, name, 0, KEY_QUERY_VALUE, &hk);
-	if (ret != ERROR_SUCCESS) {
-		printf("Could not open wpa_supplicant interface key\n");
-		return -1;
-	}
-
-	os_memset(&iface, 0, sizeof(iface));
-	iface.driver = "ndis";
-
-	buflen = sizeof(ctrl_interface);
-	ret = RegQueryValueEx(hk, TEXT("ctrl_interface"), NULL, NULL,
-			      (LPBYTE) ctrl_interface, &buflen);
-	if (ret == ERROR_SUCCESS) {
-		ctrl_interface[TBUFLEN - 1] = TEXT('\0');
-		wpa_unicode2ascii_inplace(ctrl_interface);
-		printf("ctrl_interface[len=%d] '%s'\n",
-		       (int) buflen, (char *) ctrl_interface);
-		iface.ctrl_interface = (char *) ctrl_interface;
-	}
-
-	buflen = sizeof(adapter);
-	ret = RegQueryValueEx(hk, TEXT("adapter"), NULL, NULL,
-			      (LPBYTE) adapter, &buflen);
-	if (ret == ERROR_SUCCESS) {
-		adapter[TBUFLEN - 1] = TEXT('\0');
-		wpa_unicode2ascii_inplace(adapter);
-		printf("adapter[len=%d] '%s'\n",
-		       (int) buflen, (char *) adapter);
-		iface.ifname = (char *) adapter;
-	}
-
-	buflen = sizeof(config);
-	ret = RegQueryValueEx(hk, TEXT("config"), NULL, NULL,
-			      (LPBYTE) config, &buflen);
-	if (ret == ERROR_SUCCESS) {
-		config[sizeof(config) - 1] = '\0';
-		wpa_unicode2ascii_inplace(config);
-		printf("config[len=%d] '%s'\n",
-		       (int) buflen, (char *) config);
-		iface.confname = (char *) config;
-	}
-
-	buflen = sizeof(val);
-	ret = RegQueryValueEx(hk, TEXT("skip_on_error"), NULL, NULL,
-			      (LPBYTE) &val, &buflen);
-	if (ret == ERROR_SUCCESS && buflen == sizeof(val))
-		skip_on_error = val;
-
-	RegCloseKey(hk);
-
-	if (wpa_supplicant_add_iface(global, &iface, NULL) == NULL) {
-		if (skip_on_error)
-			wpa_printf(MSG_DEBUG, "Skipped interface '%s' due to "
-				   "initialization failure", iface.ifname);
-		else
-			return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpa_supplicant_thread(void)
-{
-	int exitcode;
-	struct wpa_params params;
-	struct wpa_global *global;
-	HKEY hk, ihk;
-	DWORD val, buflen, i;
-	LONG ret;
-
-	if (os_program_init())
-		return -1;
-
-	os_memset(&params, 0, sizeof(params));
-	params.wpa_debug_level = MSG_INFO;
-
-	ret = RegOpenKeyEx(WPA_KEY_ROOT, WPA_KEY_PREFIX,
-			   0, KEY_QUERY_VALUE, &hk);
-	if (ret != ERROR_SUCCESS) {
-		printf("Could not open wpa_supplicant registry key\n");
-		return -1;
-	}
-
-	buflen = sizeof(val);
-	ret = RegQueryValueEx(hk, TEXT("debug_level"), NULL, NULL,
-			      (LPBYTE) &val, &buflen);
-	if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
-		params.wpa_debug_level = val;
-	}
-
-	buflen = sizeof(val);
-	ret = RegQueryValueEx(hk, TEXT("debug_show_keys"), NULL, NULL,
-			      (LPBYTE) &val, &buflen);
-	if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
-		params.wpa_debug_show_keys = val;
-	}
-
-	buflen = sizeof(val);
-	ret = RegQueryValueEx(hk, TEXT("debug_timestamp"), NULL, NULL,
-			      (LPBYTE) &val, &buflen);
-	if (ret == ERROR_SUCCESS && buflen == sizeof(val)) {
-		params.wpa_debug_timestamp = val;
-	}
-
-	buflen = sizeof(val);
-	ret = RegQueryValueEx(hk, TEXT("debug_use_file"), NULL, NULL,
-			      (LPBYTE) &val, &buflen);
-	if (ret == ERROR_SUCCESS && buflen == sizeof(val) && val) {
-		params.wpa_debug_file_path = "\\Temp\\wpa_supplicant-log.txt";
-	}
-
-	exitcode = 0;
-	global = wpa_supplicant_init(&params);
-	if (global == NULL) {
-		printf("Failed to initialize wpa_supplicant\n");
-		exitcode = -1;
-	}
-
-	ret = RegOpenKeyEx(hk, TEXT("interfaces"), 0, KEY_ENUMERATE_SUB_KEYS,
-			   &ihk);
-	RegCloseKey(hk);
-	if (ret != ERROR_SUCCESS) {
-		printf("Could not open wpa_supplicant interfaces registry "
-		       "key\n");
-		return -1;
-	}
-
-	for (i = 0; ; i++) {
-		TCHAR name[255];
-		DWORD namelen;
-
-		namelen = 255;
-		ret = RegEnumKeyEx(ihk, i, name, &namelen, NULL, NULL, NULL,
-				   NULL);
-
-		if (ret == ERROR_NO_MORE_ITEMS)
-			break;
-
-		if (ret != ERROR_SUCCESS) {
-			printf("RegEnumKeyEx failed: 0x%x\n",
-			       (unsigned int) ret);
-			break;
-		}
-
-		if (namelen >= 255)
-			namelen = 255 - 1;
-		name[namelen] = '\0';
-
-		wpa_printf(MSG_DEBUG, "interface %d: %s\n", (int) i, name);
-		if (read_interface(global, ihk, name) < 0)
-			exitcode = -1;
-	}
-
-	RegCloseKey(ihk);
-
-	if (exitcode == 0)
-		exitcode = wpa_supplicant_run(global);
-
-	wpa_supplicant_deinit(global);
-
-	os_program_deinit();
-
-	return exitcode;
-}
-
-
-static DWORD svc_thread(LPDWORD param)
-{
-	int ret = wpa_supplicant_thread();
-
-	svc_status.dwCurrentState = SERVICE_STOPPED;
-	svc_status.dwWaitHint = 0;
-	if (!SetServiceStatus(svc_status_handle, &svc_status)) {
-		printf("SetServiceStatus() failed: %d\n",
-		       (int) GetLastError());
-	}
-
-	return ret;
-}
-
-
-static int register_service(const TCHAR *exe)
-{
-	SC_HANDLE svc, scm;
-	SERVICE_DESCRIPTION sd;
-
-	printf("Registering service: " TSTR "\n", WPASVC_NAME);
-
-	scm = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);
-	if (!scm) {
-		printf("OpenSCManager failed: %d\n", (int) GetLastError());
-		return -1;
-	}
-
-	svc = CreateService(scm, WPASVC_NAME, WPASVC_DISPLAY_NAME,
-			    SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
-			    SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL,
-			    exe, NULL, NULL, NULL, NULL, NULL);
-
-	if (!svc) {
-		printf("CreateService failed: %d\n\n", (int) GetLastError());
-		CloseServiceHandle(scm);
-		return -1;
-	}
-
-	os_memset(&sd, 0, sizeof(sd));
-	sd.lpDescription = WPASVC_DESCRIPTION;
-	if (!ChangeServiceConfig2(svc, SERVICE_CONFIG_DESCRIPTION, &sd)) {
-		printf("ChangeServiceConfig2 failed: %d\n",
-		       (int) GetLastError());
-		/* This is not a fatal error, so continue anyway. */
-	}
-
-	CloseServiceHandle(svc);
-	CloseServiceHandle(scm);
-
-	printf("Service registered successfully.\n");
-
-	return 0;
-}
-
-
-static int unregister_service(void)
-{
-	SC_HANDLE svc, scm;
-	SERVICE_STATUS status;
-
-	printf("Unregistering service: " TSTR "\n", WPASVC_NAME);
-
-	scm = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);
-	if (!scm) {
-		printf("OpenSCManager failed: %d\n", (int) GetLastError());
-		return -1;
-	}
-
-	svc = OpenService(scm, WPASVC_NAME, SERVICE_ALL_ACCESS | DELETE);
-	if (!svc) {
-		printf("OpenService failed: %d\n\n", (int) GetLastError());
-		CloseServiceHandle(scm);
-		return -1;
-	}
-
-	if (QueryServiceStatus(svc, &status)) {
-		if (status.dwCurrentState != SERVICE_STOPPED) {
-			printf("Service currently active - stopping "
-			       "service...\n");
-			if (!ControlService(svc, SERVICE_CONTROL_STOP,
-					    &status)) {
-				printf("ControlService failed: %d\n",
-				       (int) GetLastError());
-			}
-			Sleep(500);
-		}
-	}
-
-	if (DeleteService(svc)) {
-		printf("Service unregistered successfully.\n");
-	} else {
-		printf("DeleteService failed: %d\n", (int) GetLastError());
-	}
-
-	CloseServiceHandle(svc);
-	CloseServiceHandle(scm);
-
-	return 0;
-}
-
-
-static void WINAPI service_ctrl_handler(DWORD control_code)
-{
-	switch (control_code) {
-	case SERVICE_CONTROL_INTERROGATE:
-		break;
-	case SERVICE_CONTROL_SHUTDOWN:
-	case SERVICE_CONTROL_STOP:
-		svc_status.dwCurrentState = SERVICE_STOP_PENDING;
-		svc_status.dwWaitHint = 2000;
-		eloop_terminate();
-		SetEvent(kill_svc);
-		break;
-	}
-
-	if (!SetServiceStatus(svc_status_handle, &svc_status)) {
-		printf("SetServiceStatus() failed: %d\n",
-		       (int) GetLastError());
-	}
-}
-
-
-static void WINAPI service_start(DWORD argc, LPTSTR *argv)
-{
-	DWORD id;
-
-	svc_status_handle = RegisterServiceCtrlHandler(WPASVC_NAME,
-						       service_ctrl_handler);
-	if (svc_status_handle == (SERVICE_STATUS_HANDLE) 0) {
-		printf("RegisterServiceCtrlHandler failed: %d\n",
-		       (int) GetLastError());
-		return;
-	}
-
-	os_memset(&svc_status, 0, sizeof(svc_status));
-	svc_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
-	svc_status.dwCurrentState = SERVICE_START_PENDING;
-	svc_status.dwWaitHint = 1000;
-
-	if (!SetServiceStatus(svc_status_handle, &svc_status)) {
-		printf("SetServiceStatus() failed: %d\n",
-		       (int) GetLastError());
-		return;
-	}
-
-	kill_svc = CreateEvent(0, TRUE, FALSE, 0);
-	if (!kill_svc) {
-		printf("CreateEvent failed: %d\n", (int) GetLastError());
-		return;
-	}
-
-	if (CreateThread(0, 0, (LPTHREAD_START_ROUTINE) svc_thread, 0, 0, &id)
-	    == 0) {
-		printf("CreateThread failed: %d\n", (int) GetLastError());
-		return;
-	}
-
-	if (svc_status.dwCurrentState == SERVICE_START_PENDING) {
-		svc_status.dwCurrentState = SERVICE_RUNNING;
-		svc_status.dwWaitHint = 0;
-		svc_status.dwControlsAccepted = SERVICE_ACCEPT_STOP |
-			SERVICE_ACCEPT_SHUTDOWN;
-	}
-
-	if (!SetServiceStatus(svc_status_handle, &svc_status)) {
-		printf("SetServiceStatus() failed: %d\n",
-		       (int) GetLastError());
-		return;
-	}
-
-	/* wait until service gets killed */
-	WaitForSingleObject(kill_svc, INFINITE);
-}
-
-
-int main(int argc, char *argv[])
-{
-	SERVICE_TABLE_ENTRY dt[] = {
-		{ WPASVC_NAME, service_start },
-		{ NULL, NULL }
-	};
-
-	if (argc > 1) {
-		if (os_strcmp(argv[1], "reg") == 0) {
-			TCHAR *path;
-			int ret;
-
-			if (argc < 3) {
-				path = os_malloc(MAX_PATH * sizeof(TCHAR));
-				if (path == NULL)
-					return -1;
-				if (!GetModuleFileName(NULL, path, MAX_PATH)) {
-					printf("GetModuleFileName failed: "
-					       "%d\n", (int) GetLastError());
-					os_free(path);
-					return -1;
-				}
-			} else {
-				path = wpa_strdup_tchar(argv[2]);
-				if (path == NULL)
-					return -1;
-			}
-			ret = register_service(path);
-			os_free(path);
-			return ret;
-		} else if (os_strcmp(argv[1], "unreg") == 0) {
-			return unregister_service();
-		} else if (os_strcmp(argv[1], "app") == 0) {
-			return wpa_supplicant_thread();
-		}
-	}
-
-	if (!StartServiceCtrlDispatcher(dt)) {
-		printf("StartServiceCtrlDispatcher failed: %d\n",
-		       (int) GetLastError());
-	}
-
-	return 0;
-}
diff --git a/wpa_supplicant/mbo.c b/wpa_supplicant/mbo.c
deleted file mode 100644
index 3df86ef0724e..000000000000
--- a/wpa_supplicant/mbo.c
+++ /dev/null
@@ -1,665 +0,0 @@
-/*
- * wpa_supplicant - MBO
- *
- * Copyright(c) 2015 Intel Deutschland GmbH
- * Contact Information:
- * Intel Linux Wireless <ilw@linux.intel.com>
- * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/ieee802_11_defs.h"
-#include "common/gas.h"
-#include "rsn_supp/wpa.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "bss.h"
-#include "scan.h"
-
-/* type + length + oui + oui type */
-#define MBO_IE_HEADER 6
-
-
-static int wpas_mbo_validate_non_pref_chan(u8 oper_class, u8 chan, u8 reason)
-{
-	if (reason > MBO_NON_PREF_CHAN_REASON_INT_INTERFERENCE)
-		return -1;
-
-	/* Only checking the validity of the channel and oper_class */
-	if (ieee80211_chan_to_freq(NULL, oper_class, chan) == -1)
-		return -1;
-
-	return 0;
-}
-
-
-const u8 * mbo_attr_from_mbo_ie(const u8 *mbo_ie, enum mbo_attr_id attr)
-{
-	const u8 *mbo;
-	u8 ie_len = mbo_ie[1];
-
-	if (ie_len < MBO_IE_HEADER - 2)
-		return NULL;
-	mbo = mbo_ie + MBO_IE_HEADER;
-
-	return get_ie(mbo, 2 + ie_len - MBO_IE_HEADER, attr);
-}
-
-
-const u8 * mbo_get_attr_from_ies(const u8 *ies, size_t ies_len,
-				 enum mbo_attr_id attr)
-{
-	const u8 *mbo_ie;
-
-	mbo_ie = get_vendor_ie(ies, ies_len, MBO_IE_VENDOR_TYPE);
-	if (!mbo_ie)
-		return NULL;
-
-	return mbo_attr_from_mbo_ie(mbo_ie, attr);
-}
-
-
-const u8 * wpas_mbo_get_bss_attr(struct wpa_bss *bss, enum mbo_attr_id attr)
-{
-	const u8 *mbo, *end;
-
-	if (!bss)
-		return NULL;
-
-	mbo = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE);
-	if (!mbo)
-		return NULL;
-
-	end = mbo + 2 + mbo[1];
-	mbo += MBO_IE_HEADER;
-
-	return get_ie(mbo, end - mbo, attr);
-}
-
-
-void wpas_mbo_check_pmf(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			struct wpa_ssid *ssid)
-{
-	const u8 *rsne, *mbo, *oce;
-	struct wpa_ie_data ie;
-
-	wpa_s->disable_mbo_oce = 0;
-	if (!bss)
-		return;
-	mbo = wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND);
-	oce = wpas_mbo_get_bss_attr(bss, OCE_ATTR_ID_CAPA_IND);
-	if (!mbo && !oce)
-		return;
-	if (oce && oce[1] >= 1 && (oce[2] & OCE_IS_STA_CFON))
-		return; /* STA-CFON is not required to enable PMF */
-	rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	if (!rsne || wpa_parse_wpa_ie(rsne, 2 + rsne[1], &ie) < 0)
-		return; /* AP is not using RSN */
-
-	if (!(ie.capabilities & WPA_CAPABILITY_MFPC))
-		wpa_s->disable_mbo_oce = 1; /* AP uses RSN without PMF */
-	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
-		wpa_s->disable_mbo_oce = 1; /* STA uses RSN without PMF */
-	if (wpa_s->disable_mbo_oce)
-		wpa_printf(MSG_INFO,
-			   "MBO: Disable MBO/OCE due to misbehaving AP not having enabled PMF");
-}
-
-
-static void wpas_mbo_non_pref_chan_attr_body(struct wpa_supplicant *wpa_s,
-					     struct wpabuf *mbo,
-					     u8 start, u8 end)
-{
-	u8 i;
-
-	wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].oper_class);
-
-	for (i = start; i < end; i++)
-		wpabuf_put_u8(mbo, wpa_s->non_pref_chan[i].chan);
-
-	wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].preference);
-	wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].reason);
-}
-
-
-static void wpas_mbo_non_pref_chan_attr_hdr(struct wpabuf *mbo, size_t size)
-{
-	wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT);
-	wpabuf_put_u8(mbo, size); /* Length */
-}
-
-
-static void wpas_mbo_non_pref_chan_attr(struct wpa_supplicant *wpa_s,
-					struct wpabuf *mbo, u8 start, u8 end)
-{
-	size_t size = end - start + 3;
-
-	if (size + 2 > wpabuf_tailroom(mbo))
-		return;
-
-	wpas_mbo_non_pref_chan_attr_hdr(mbo, size);
-	wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end);
-}
-
-
-static void wpas_mbo_non_pref_chan_subelem_hdr(struct wpabuf *mbo, u8 len)
-{
-	wpabuf_put_u8(mbo, WLAN_EID_VENDOR_SPECIFIC);
-	wpabuf_put_u8(mbo, len); /* Length */
-	wpabuf_put_be24(mbo, OUI_WFA);
-	wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT);
-}
-
-
-static void wpas_mbo_non_pref_chan_subelement(struct wpa_supplicant *wpa_s,
-					      struct wpabuf *mbo, u8 start,
-					      u8 end)
-{
-	size_t size = end - start + 7;
-
-	if (size + 2 > wpabuf_tailroom(mbo))
-		return;
-
-	wpas_mbo_non_pref_chan_subelem_hdr(mbo, size);
-	wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end);
-}
-
-
-static void wpas_mbo_non_pref_chan_attrs(struct wpa_supplicant *wpa_s,
-					 struct wpabuf *mbo, int subelement)
-{
-	u8 i, start = 0;
-	struct wpa_mbo_non_pref_channel *start_pref;
-
-	if (!wpa_s->non_pref_chan || !wpa_s->non_pref_chan_num) {
-		if (subelement)
-			wpas_mbo_non_pref_chan_subelem_hdr(mbo, 4);
-		else
-			wpas_mbo_non_pref_chan_attr_hdr(mbo, 0);
-		return;
-	}
-	start_pref = &wpa_s->non_pref_chan[0];
-
-	for (i = 1; i <= wpa_s->non_pref_chan_num; i++) {
-		struct wpa_mbo_non_pref_channel *non_pref = NULL;
-
-		if (i < wpa_s->non_pref_chan_num)
-			non_pref = &wpa_s->non_pref_chan[i];
-		if (!non_pref ||
-		    non_pref->oper_class != start_pref->oper_class ||
-		    non_pref->reason != start_pref->reason ||
-		    non_pref->preference != start_pref->preference) {
-			if (subelement)
-				wpas_mbo_non_pref_chan_subelement(wpa_s, mbo,
-								  start, i);
-			else
-				wpas_mbo_non_pref_chan_attr(wpa_s, mbo, start,
-							    i);
-
-			if (!non_pref)
-				return;
-
-			start = i;
-			start_pref = non_pref;
-		}
-	}
-}
-
-
-int wpas_mbo_ie(struct wpa_supplicant *wpa_s, u8 *buf, size_t len,
-		int add_oce_capa)
-{
-	struct wpabuf *mbo;
-	int res;
-
-	if (len < MBO_IE_HEADER + 3 + 7 +
-	    ((wpa_s->enable_oce & OCE_STA) ? 3 : 0))
-		return 0;
-
-	/* Leave room for the MBO IE header */
-	mbo = wpabuf_alloc(len - MBO_IE_HEADER);
-	if (!mbo)
-		return 0;
-
-	/* Add non-preferred channels attribute */
-	wpas_mbo_non_pref_chan_attrs(wpa_s, mbo, 0);
-
-	/*
-	 * Send cellular capabilities attribute even if AP does not advertise
-	 * cellular capabilities.
-	 */
-	wpabuf_put_u8(mbo, MBO_ATTR_ID_CELL_DATA_CAPA);
-	wpabuf_put_u8(mbo, 1);
-	wpabuf_put_u8(mbo, wpa_s->conf->mbo_cell_capa);
-
-	/* Add OCE capability indication attribute if OCE is enabled */
-	if ((wpa_s->enable_oce & OCE_STA) && add_oce_capa) {
-		wpabuf_put_u8(mbo, OCE_ATTR_ID_CAPA_IND);
-		wpabuf_put_u8(mbo, 1);
-		wpabuf_put_u8(mbo, OCE_RELEASE);
-	}
-
-	res = mbo_add_ie(buf, len, wpabuf_head_u8(mbo), wpabuf_len(mbo));
-	if (!res)
-		wpa_printf(MSG_ERROR, "Failed to add MBO/OCE IE");
-
-	wpabuf_free(mbo);
-	return res;
-}
-
-
-static void wpas_mbo_send_wnm_notification(struct wpa_supplicant *wpa_s,
-					   const u8 *data, size_t len)
-{
-	struct wpabuf *buf;
-	int res;
-
-	/*
-	 * Send WNM-Notification Request frame only in case of a change in
-	 * non-preferred channels list during association, if the AP supports
-	 * MBO.
-	 */
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_bss ||
-	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
-		return;
-
-	buf = wpabuf_alloc(4 + len);
-	if (!buf)
-		return;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_WNM);
-	wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
-	wpa_s->mbo_wnm_token++;
-	if (wpa_s->mbo_wnm_token == 0)
-		wpa_s->mbo_wnm_token++;
-	wpabuf_put_u8(buf, wpa_s->mbo_wnm_token);
-	wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); /* Type */
-
-	wpabuf_put_data(buf, data, len);
-
-	res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (res < 0)
-		wpa_printf(MSG_DEBUG,
-			   "Failed to send WNM-Notification Request frame with non-preferred channel list");
-
-	wpabuf_free(buf);
-}
-
-
-static void wpas_mbo_non_pref_chan_changed(struct wpa_supplicant *wpa_s)
-{
-	struct wpabuf *buf;
-
-	buf = wpabuf_alloc(512);
-	if (!buf)
-		return;
-
-	wpas_mbo_non_pref_chan_attrs(wpa_s, buf, 1);
-	wpas_mbo_send_wnm_notification(wpa_s, wpabuf_head_u8(buf),
-				       wpabuf_len(buf));
-	wpas_update_mbo_connect_params(wpa_s);
-	wpabuf_free(buf);
-}
-
-
-static int wpa_non_pref_chan_is_eq(struct wpa_mbo_non_pref_channel *a,
-				   struct wpa_mbo_non_pref_channel *b)
-{
-	return a->oper_class == b->oper_class && a->chan == b->chan;
-}
-
-
-/*
- * wpa_non_pref_chan_cmp - Compare two channels for sorting
- *
- * In MBO IE non-preferred channel subelement we can put many channels in an
- * attribute if they are in the same operating class and have the same
- * preference and reason. To make it easy for the functions that build
- * the IE attributes and WNM Request subelements, save the channels sorted
- * by their oper_class and reason.
- */
-static int wpa_non_pref_chan_cmp(const void *_a, const void *_b)
-{
-	const struct wpa_mbo_non_pref_channel *a = _a, *b = _b;
-
-	if (a->oper_class != b->oper_class)
-		return (int) a->oper_class - (int) b->oper_class;
-	if (a->reason != b->reason)
-		return (int) a->reason - (int) b->reason;
-	return (int) a->preference - (int) b->preference;
-}
-
-
-int wpas_mbo_update_non_pref_chan(struct wpa_supplicant *wpa_s,
-				  const char *non_pref_chan)
-{
-	char *cmd, *token, *context = NULL;
-	struct wpa_mbo_non_pref_channel *chans = NULL, *tmp_chans;
-	size_t num = 0, size = 0;
-	unsigned i;
-
-	wpa_printf(MSG_DEBUG, "MBO: Update non-preferred channels, non_pref_chan=%s",
-		   non_pref_chan ? non_pref_chan : "N/A");
-
-	/*
-	 * The shortest channel configuration is 7 characters - 3 colons and
-	 * 4 values.
-	 */
-	if (!non_pref_chan || os_strlen(non_pref_chan) < 7)
-		goto update;
-
-	cmd = os_strdup(non_pref_chan);
-	if (!cmd)
-		return -1;
-
-	while ((token = str_token(cmd, " ", &context))) {
-		struct wpa_mbo_non_pref_channel *chan;
-		int ret;
-		unsigned int _oper_class;
-		unsigned int _chan;
-		unsigned int _preference;
-		unsigned int _reason;
-
-		if (num == size) {
-			size = size ? size * 2 : 1;
-			tmp_chans = os_realloc_array(chans, size,
-						     sizeof(*chans));
-			if (!tmp_chans) {
-				wpa_printf(MSG_ERROR,
-					   "Couldn't reallocate non_pref_chan");
-				goto fail;
-			}
-			chans = tmp_chans;
-		}
-
-		chan = &chans[num];
-
-		ret = sscanf(token, "%u:%u:%u:%u", &_oper_class,
-			     &_chan, &_preference, &_reason);
-		if (ret != 4 ||
-		    _oper_class > 255 || _chan > 255 ||
-		    _preference > 255 || _reason > 65535 ) {
-			wpa_printf(MSG_ERROR, "Invalid non-pref chan input %s",
-				   token);
-			goto fail;
-		}
-		chan->oper_class = _oper_class;
-		chan->chan = _chan;
-		chan->preference = _preference;
-		chan->reason = _reason;
-
-		if (wpas_mbo_validate_non_pref_chan(chan->oper_class,
-						    chan->chan, chan->reason)) {
-			wpa_printf(MSG_ERROR,
-				   "Invalid non_pref_chan: oper class %d chan %d reason %d",
-				   chan->oper_class, chan->chan, chan->reason);
-			goto fail;
-		}
-
-		for (i = 0; i < num; i++)
-			if (wpa_non_pref_chan_is_eq(chan, &chans[i]))
-				break;
-		if (i != num) {
-			wpa_printf(MSG_ERROR,
-				   "oper class %d chan %d is duplicated",
-				   chan->oper_class, chan->chan);
-			goto fail;
-		}
-
-		num++;
-	}
-
-	os_free(cmd);
-
-	if (chans) {
-		qsort(chans, num, sizeof(struct wpa_mbo_non_pref_channel),
-		      wpa_non_pref_chan_cmp);
-	}
-
-update:
-	os_free(wpa_s->non_pref_chan);
-	wpa_s->non_pref_chan = chans;
-	wpa_s->non_pref_chan_num = num;
-	wpas_mbo_non_pref_chan_changed(wpa_s);
-
-	return 0;
-
-fail:
-	os_free(chans);
-	os_free(cmd);
-	return -1;
-}
-
-
-void wpas_mbo_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ie)
-{
-	u8 *len;
-
-	wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
-	len = wpabuf_put(ie, 1);
-
-	wpabuf_put_be24(ie, OUI_WFA);
-	wpabuf_put_u8(ie, MBO_OUI_TYPE);
-
-	wpabuf_put_u8(ie, MBO_ATTR_ID_CELL_DATA_CAPA);
-	wpabuf_put_u8(ie, 1);
-	wpabuf_put_u8(ie, wpa_s->conf->mbo_cell_capa);
-	if (wpa_s->enable_oce & OCE_STA) {
-		wpabuf_put_u8(ie, OCE_ATTR_ID_CAPA_IND);
-		wpabuf_put_u8(ie, 1);
-		wpabuf_put_u8(ie, OCE_RELEASE);
-	}
-	*len = (u8 *) wpabuf_put(ie, 0) - len - 1;
-}
-
-
-void wpas_mbo_ie_trans_req(struct wpa_supplicant *wpa_s, const u8 *mbo_ie,
-			   size_t len)
-{
-	const u8 *pos, *cell_pref = NULL;
-	u8 id, elen;
-	u16 disallowed_sec = 0;
-
-	if (len <= 4 || WPA_GET_BE24(mbo_ie) != OUI_WFA ||
-	    mbo_ie[3] != MBO_OUI_TYPE)
-		return;
-
-	pos = mbo_ie + 4;
-	len -= 4;
-
-	while (len >= 2) {
-		id = *pos++;
-		elen = *pos++;
-		len -= 2;
-
-		if (elen > len)
-			goto fail;
-
-		switch (id) {
-		case MBO_ATTR_ID_CELL_DATA_PREF:
-			if (elen != 1)
-				goto fail;
-
-			if (wpa_s->conf->mbo_cell_capa ==
-			    MBO_CELL_CAPA_AVAILABLE)
-				cell_pref = pos;
-			else
-				wpa_printf(MSG_DEBUG,
-					   "MBO: Station does not support Cellular data connection");
-			break;
-		case MBO_ATTR_ID_TRANSITION_REASON:
-			if (elen != 1)
-				goto fail;
-
-			wpa_s->wnm_mbo_trans_reason_present = 1;
-			wpa_s->wnm_mbo_transition_reason = *pos;
-			break;
-		case MBO_ATTR_ID_ASSOC_RETRY_DELAY:
-			if (elen != 2)
-				goto fail;
-
-			if (wpa_s->wnm_mode &
-			    WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) {
-				wpa_printf(MSG_DEBUG,
-					   "MBO: Unexpected association retry delay, BSS is terminating");
-				goto fail;
-			} else if (wpa_s->wnm_mode &
-				   WNM_BSS_TM_REQ_DISASSOC_IMMINENT) {
-				disallowed_sec = WPA_GET_LE16(pos);
-				wpa_printf(MSG_DEBUG,
-					   "MBO: Association retry delay: %u",
-					   disallowed_sec);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "MBO: Association retry delay attribute not in disassoc imminent mode");
-			}
-
-			break;
-		case MBO_ATTR_ID_AP_CAPA_IND:
-		case MBO_ATTR_ID_NON_PREF_CHAN_REPORT:
-		case MBO_ATTR_ID_CELL_DATA_CAPA:
-		case MBO_ATTR_ID_ASSOC_DISALLOW:
-		case MBO_ATTR_ID_TRANSITION_REJECT_REASON:
-			wpa_printf(MSG_DEBUG,
-				   "MBO: Attribute %d should not be included in BTM Request frame",
-				   id);
-			break;
-		default:
-			wpa_printf(MSG_DEBUG, "MBO: Unknown attribute id %u",
-				   id);
-			return;
-		}
-
-		pos += elen;
-		len -= elen;
-	}
-
-	if (cell_pref)
-		wpa_msg(wpa_s, MSG_INFO, MBO_CELL_PREFERENCE "preference=%u",
-			*cell_pref);
-
-	if (wpa_s->wnm_mbo_trans_reason_present)
-		wpa_msg(wpa_s, MSG_INFO, MBO_TRANSITION_REASON "reason=%u",
-			wpa_s->wnm_mbo_transition_reason);
-
-	if (disallowed_sec && wpa_s->current_bss)
-		wpa_bss_tmp_disallow(wpa_s, wpa_s->current_bss->bssid,
-				     disallowed_sec, 0);
-
-	return;
-fail:
-	wpa_printf(MSG_DEBUG, "MBO IE parsing failed (id=%u len=%u left=%zu)",
-		   id, elen, len);
-}
-
-
-size_t wpas_mbo_ie_bss_trans_reject(struct wpa_supplicant *wpa_s, u8 *pos,
-				    size_t len,
-				    enum mbo_transition_reject_reason reason)
-{
-	u8 reject_attr[3];
-
-	reject_attr[0] = MBO_ATTR_ID_TRANSITION_REJECT_REASON;
-	reject_attr[1] = 1;
-	reject_attr[2] = reason;
-
-	return mbo_add_ie(pos, len, reject_attr, sizeof(reject_attr));
-}
-
-
-void wpas_mbo_update_cell_capa(struct wpa_supplicant *wpa_s, u8 mbo_cell_capa)
-{
-	u8 cell_capa[7];
-
-	if (wpa_s->conf->mbo_cell_capa == mbo_cell_capa) {
-		wpa_printf(MSG_DEBUG,
-			   "MBO: Cellular capability already set to %u",
-			   mbo_cell_capa);
-		return;
-	}
-
-	wpa_s->conf->mbo_cell_capa = mbo_cell_capa;
-
-	cell_capa[0] = WLAN_EID_VENDOR_SPECIFIC;
-	cell_capa[1] = 5; /* Length */
-	WPA_PUT_BE24(cell_capa + 2, OUI_WFA);
-	cell_capa[5] = MBO_ATTR_ID_CELL_DATA_CAPA;
-	cell_capa[6] = mbo_cell_capa;
-
-	wpas_mbo_send_wnm_notification(wpa_s, cell_capa, 7);
-	wpa_supplicant_set_default_scan_ies(wpa_s);
-	wpas_update_mbo_connect_params(wpa_s);
-}
-
-
-struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s,
-				   struct wpa_bss *bss, u32 mbo_subtypes)
-{
-	struct wpabuf *anqp_buf;
-	u8 *len_pos;
-	u8 i;
-
-	if (!wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE)) {
-		wpa_printf(MSG_INFO, "MBO: " MACSTR
-			   " does not support MBO - cannot request MBO ANQP elements from it",
-			   MAC2STR(bss->bssid));
-		return NULL;
-	}
-
-	/* Allocate size for the maximum case - all MBO subtypes are set */
-	anqp_buf = wpabuf_alloc(9 + MAX_MBO_ANQP_SUBTYPE);
-	if (!anqp_buf)
-		return NULL;
-
-	len_pos = gas_anqp_add_element(anqp_buf, ANQP_VENDOR_SPECIFIC);
-	wpabuf_put_be24(anqp_buf, OUI_WFA);
-	wpabuf_put_u8(anqp_buf, MBO_ANQP_OUI_TYPE);
-
-	wpabuf_put_u8(anqp_buf, MBO_ANQP_SUBTYPE_QUERY_LIST);
-
-	/* The first valid MBO subtype is 1 */
-	for (i = 1; i <= MAX_MBO_ANQP_SUBTYPE; i++) {
-		if (mbo_subtypes & BIT(i))
-			wpabuf_put_u8(anqp_buf, i);
-	}
-
-	gas_anqp_set_element_len(anqp_buf, len_pos);
-
-	return anqp_buf;
-}
-
-
-void mbo_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
-			    struct wpa_bss *bss, const u8 *sa,
-			    const u8 *data, size_t slen)
-{
-	const u8 *pos = data;
-	u8 subtype;
-
-	if (slen < 1)
-		return;
-
-	subtype = *pos++;
-	slen--;
-
-	switch (subtype) {
-	case MBO_ANQP_SUBTYPE_CELL_CONN_PREF:
-		if (slen < 1)
-			break;
-		wpa_msg(wpa_s, MSG_INFO, RX_MBO_ANQP MACSTR
-			" cell_conn_pref=%u", MAC2STR(sa), *pos);
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "MBO: Unsupported ANQP subtype %u",
-			   subtype);
-		break;
-	}
-}
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
deleted file mode 100644
index d6b8a1ad9e36..000000000000
--- a/wpa_supplicant/mesh.c
+++ /dev/null
@@ -1,892 +0,0 @@
-/*
- * WPA Supplicant - Basic mesh mode routines
- * Copyright (c) 2013-2014, cozybit, Inc.  All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/uuid.h"
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_ctrl.h"
-#include "common/hw_features_common.h"
-#include "ap/sta_info.h"
-#include "ap/hostapd.h"
-#include "ap/ieee802_11.h"
-#include "config_ssid.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "notify.h"
-#include "ap.h"
-#include "mesh_mpm.h"
-#include "mesh_rsn.h"
-#include "mesh.h"
-
-
-static void wpa_supplicant_mesh_deinit(struct wpa_supplicant *wpa_s,
-				       bool also_clear_hostapd)
-{
-	wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh,
-					 also_clear_hostapd);
-
-	if (also_clear_hostapd) {
-		wpa_s->ifmsh = NULL;
-		wpa_s->current_ssid = NULL;
-		os_free(wpa_s->mesh_params);
-		wpa_s->mesh_params = NULL;
-	}
-
-	os_free(wpa_s->mesh_rsn);
-	wpa_s->mesh_rsn = NULL;
-
-	if (!also_clear_hostapd)
-		wpa_supplicant_leave_mesh(wpa_s, false);
-}
-
-
-void wpa_supplicant_mesh_iface_deinit(struct wpa_supplicant *wpa_s,
-				      struct hostapd_iface *ifmsh,
-				      bool also_clear_hostapd)
-{
-	if (!ifmsh)
-		return;
-
-	if (ifmsh->mconf) {
-		mesh_mpm_deinit(wpa_s, ifmsh);
-		if (ifmsh->mconf->rsn_ie) {
-			ifmsh->mconf->rsn_ie = NULL;
-			/* We cannot free this struct
-			 * because wpa_authenticator on
-			 * hostapd side is also using it
-			 * for now just set to NULL and
-			 * let hostapd code free it.
-			 */
-		}
-		os_free(ifmsh->mconf);
-		ifmsh->mconf = NULL;
-	}
-
-	/* take care of shared data */
-	if (also_clear_hostapd) {
-		hostapd_interface_deinit(ifmsh);
-		hostapd_interface_free(ifmsh);
-	}
-}
-
-
-static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s,
-					     struct wpa_ssid *ssid)
-{
-	struct mesh_conf *conf;
-	int cipher;
-
-	conf = os_zalloc(sizeof(struct mesh_conf));
-	if (!conf)
-		return NULL;
-
-	os_memcpy(conf->meshid, ssid->ssid, ssid->ssid_len);
-	conf->meshid_len = ssid->ssid_len;
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE)
-		conf->security |= MESH_CONF_SEC_AUTH |
-			MESH_CONF_SEC_AMPE;
-	else
-		conf->security |= MESH_CONF_SEC_NONE;
-	conf->ieee80211w = ssid->ieee80211w;
-	if (conf->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
-		if (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)
-			conf->ieee80211w = wpa_s->conf->pmf;
-		else
-			conf->ieee80211w = NO_MGMT_FRAME_PROTECTION;
-	}
-#ifdef CONFIG_OCV
-	conf->ocv = ssid->ocv;
-#endif /* CONFIG_OCV */
-
-	cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher, 0);
-	if (cipher < 0 || cipher == WPA_CIPHER_TKIP) {
-		wpa_msg(wpa_s, MSG_INFO, "mesh: Invalid pairwise cipher");
-		os_free(conf);
-		return NULL;
-	}
-	conf->pairwise_cipher = cipher;
-
-	cipher = wpa_pick_group_cipher(ssid->group_cipher);
-	if (cipher < 0 || cipher == WPA_CIPHER_TKIP ||
-	    cipher == WPA_CIPHER_GTK_NOT_USED) {
-		wpa_msg(wpa_s, MSG_INFO, "mesh: Invalid group cipher");
-		os_free(conf);
-		return NULL;
-	}
-
-	conf->group_cipher = cipher;
-	if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
-		if (ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_128 ||
-		    ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_256 ||
-		    ssid->group_mgmt_cipher == WPA_CIPHER_BIP_CMAC_256)
-			conf->mgmt_group_cipher = ssid->group_mgmt_cipher;
-		else
-			conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
-	}
-
-	/* defaults */
-	conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;
-	conf->mesh_pm_id = MESH_PATH_METRIC_AIRTIME;
-	conf->mesh_cc_id = 0;
-	conf->mesh_sp_id = MESH_SYNC_METHOD_NEIGHBOR_OFFSET;
-	conf->mesh_auth_id = (conf->security & MESH_CONF_SEC_AUTH) ? 1 : 0;
-	conf->mesh_fwding = ssid->mesh_fwding;
-	conf->dot11MeshMaxRetries = ssid->dot11MeshMaxRetries;
-	conf->dot11MeshRetryTimeout = ssid->dot11MeshRetryTimeout;
-	conf->dot11MeshConfirmTimeout = ssid->dot11MeshConfirmTimeout;
-	conf->dot11MeshHoldingTimeout = ssid->dot11MeshHoldingTimeout;
-
-	return conf;
-}
-
-
-static void wpas_mesh_copy_groups(struct hostapd_data *bss,
-				  struct wpa_supplicant *wpa_s)
-{
-	int num_groups;
-	size_t groups_size;
-
-	for (num_groups = 0; wpa_s->conf->sae_groups[num_groups] > 0;
-	     num_groups++)
-		;
-
-	groups_size = (num_groups + 1) * sizeof(wpa_s->conf->sae_groups[0]);
-	bss->conf->sae_groups = os_malloc(groups_size);
-	if (bss->conf->sae_groups)
-		os_memcpy(bss->conf->sae_groups, wpa_s->conf->sae_groups,
-			  groups_size);
-}
-
-
-static int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct hostapd_data *bss = ifmsh->bss[0];
-	static int default_groups[] = { 19, 20, 21, 25, 26, -1 };
-	const char *password;
-	size_t len;
-
-	password = ssid->sae_password;
-	if (!password)
-		password = ssid->passphrase;
-	if (!password) {
-		wpa_printf(MSG_ERROR,
-			   "mesh: Passphrase for SAE not configured");
-		return -1;
-	}
-
-	bss->conf->wpa = ssid->proto;
-	bss->conf->wpa_key_mgmt = ssid->key_mgmt;
-
-	if (wpa_s->conf->sae_groups && wpa_s->conf->sae_groups[0] > 0) {
-		wpas_mesh_copy_groups(bss, wpa_s);
-	} else {
-		bss->conf->sae_groups = os_memdup(default_groups,
-						  sizeof(default_groups));
-		if (!bss->conf->sae_groups)
-			return -1;
-	}
-
-	len = os_strlen(password);
-	bss->conf->ssid.wpa_passphrase = dup_binstr(password, len);
-
-	wpa_s->mesh_rsn = mesh_rsn_auth_init(wpa_s, ifmsh->mconf);
-	return !wpa_s->mesh_rsn ? -1 : 0;
-}
-
-
-static int wpas_mesh_update_freq_params(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
-	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
-	struct he_capabilities *he_capab = NULL;
-
-	if (ifmsh->current_mode)
-		he_capab = &ifmsh->current_mode->he_capab[IEEE80211_MODE_MESH];
-
-	if (hostapd_set_freq_params(
-		    &params->freq,
-		    ifmsh->conf->hw_mode,
-		    ifmsh->freq,
-		    ifmsh->conf->channel,
-		    ifmsh->conf->enable_edmg,
-		    ifmsh->conf->edmg_channel,
-		    ifmsh->conf->ieee80211n,
-		    ifmsh->conf->ieee80211ac,
-		    ifmsh->conf->ieee80211ax,
-		    ifmsh->conf->secondary_channel,
-		    hostapd_get_oper_chwidth(ifmsh->conf),
-		    hostapd_get_oper_centr_freq_seg0_idx(ifmsh->conf),
-		    hostapd_get_oper_centr_freq_seg1_idx(ifmsh->conf),
-		    ifmsh->conf->vht_capab,
-		    he_capab)) {
-		wpa_printf(MSG_ERROR, "Error updating mesh frequency params");
-		wpa_supplicant_mesh_deinit(wpa_s, true);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpas_mesh_complete(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
-	struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	int ret;
-
-	if (!params || !ssid || !ifmsh) {
-		wpa_printf(MSG_ERROR, "mesh: %s called without active mesh",
-			   __func__);
-		return -1;
-	}
-
-	/*
-	 * Update channel configuration if the channel has changed since the
-	 * initial setting, i.e., due to DFS radar detection during CAC.
-	 */
-	if (ifmsh->freq > 0 && ifmsh->freq != params->freq.freq) {
-		wpa_s->assoc_freq = ifmsh->freq;
-		ssid->frequency = ifmsh->freq;
-		if (wpas_mesh_update_freq_params(wpa_s) < 0)
-			return -1;
-	}
-
-	if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
-	    wpas_mesh_init_rsn(wpa_s)) {
-		wpa_printf(MSG_ERROR,
-			   "mesh: RSN initialization failed - deinit mesh");
-		wpa_supplicant_mesh_deinit(wpa_s, false);
-		return -1;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
-		wpa_s->pairwise_cipher = wpa_s->mesh_rsn->pairwise_cipher;
-		wpa_s->group_cipher = wpa_s->mesh_rsn->group_cipher;
-		wpa_s->mgmt_group_cipher = wpa_s->mesh_rsn->mgmt_group_cipher;
-	}
-
-	params->ies = ifmsh->mconf->rsn_ie;
-	params->ie_len = ifmsh->mconf->rsn_ie_len;
-	params->basic_rates = ifmsh->basic_rates;
-	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE;
-	params->conf.ht_opmode = ifmsh->bss[0]->iface->ht_op_mode;
-
-	wpa_msg(wpa_s, MSG_INFO, "joining mesh %s",
-		wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-	ret = wpa_drv_join_mesh(wpa_s, params);
-	if (ret)
-		wpa_msg(wpa_s, MSG_ERROR, "mesh join error=%d", ret);
-
-	/* hostapd sets the interface down until we associate */
-	wpa_drv_set_operstate(wpa_s, 1);
-
-	if (!ret) {
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-
-		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
-			wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
-			ssid->id);
-		wpas_notify_mesh_group_started(wpa_s, ssid);
-	}
-
-	return ret;
-}
-
-
-static void wpas_mesh_complete_cb(void *arg)
-{
-	struct wpa_supplicant *wpa_s = arg;
-
-	wpas_mesh_complete(wpa_s);
-}
-
-
-static int wpa_supplicant_mesh_enable_iface_cb(struct hostapd_iface *ifmsh)
-{
-	struct wpa_supplicant *wpa_s = ifmsh->owner;
-	struct hostapd_data *bss;
-
-	ifmsh->mconf = mesh_config_create(wpa_s, wpa_s->current_ssid);
-
-	bss = ifmsh->bss[0];
-	bss->msg_ctx = wpa_s;
-	os_memcpy(bss->own_addr, wpa_s->own_addr, ETH_ALEN);
-	bss->driver = wpa_s->driver;
-	bss->drv_priv = wpa_s->drv_priv;
-	bss->iface = ifmsh;
-	bss->mesh_sta_free_cb = mesh_mpm_free_sta;
-	bss->setup_complete_cb = wpas_mesh_complete_cb;
-	bss->setup_complete_cb_ctx = wpa_s;
-
-	bss->conf->start_disabled = 1;
-	bss->conf->mesh = MESH_ENABLED;
-	bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
-
-	if (wpa_drv_init_mesh(wpa_s)) {
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
-		return -1;
-	}
-
-	if (hostapd_setup_interface(ifmsh)) {
-		wpa_printf(MSG_ERROR,
-			   "Failed to initialize hostapd interface for mesh");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpa_supplicant_mesh_disable_iface_cb(struct hostapd_iface *ifmsh)
-{
-	struct wpa_supplicant *wpa_s = ifmsh->owner;
-	size_t j;
-
-	wpa_supplicant_mesh_deinit(wpa_s, false);
-
-#ifdef NEED_AP_MLME
-	for (j = 0; j < ifmsh->num_bss; j++)
-		hostapd_cleanup_cs_params(ifmsh->bss[j]);
-#endif /* NEED_AP_MLME */
-
-	/* Same as hostapd_interface_deinit() without deinitializing control
-	 * interface */
-	for (j = 0; j < ifmsh->num_bss; j++) {
-		struct hostapd_data *hapd = ifmsh->bss[j];
-
-		hostapd_bss_deinit_no_free(hapd);
-		hostapd_free_hapd_data(hapd);
-	}
-
-	hostapd_cleanup_iface_partial(ifmsh);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid,
-				    struct hostapd_freq_params *freq)
-{
-	struct hostapd_iface *ifmsh;
-	struct hostapd_data *bss;
-	struct hostapd_config *conf;
-	struct mesh_conf *mconf;
-	int basic_rates_erp[] = { 10, 20, 55, 60, 110, 120, 240, -1 };
-	int rate_len;
-	int frequency;
-
-	if (!wpa_s->conf->user_mpm) {
-		/* not much for us to do here */
-		wpa_msg(wpa_s, MSG_WARNING,
-			"user_mpm is not enabled in configuration");
-		return 0;
-	}
-
-	wpa_s->ifmsh = ifmsh = hostapd_alloc_iface();
-	if (!ifmsh)
-		return -ENOMEM;
-
-	ifmsh->owner = wpa_s;
-	ifmsh->drv_flags = wpa_s->drv_flags;
-	ifmsh->drv_flags2 = wpa_s->drv_flags2;
-	ifmsh->num_bss = 1;
-	ifmsh->enable_iface_cb = wpa_supplicant_mesh_enable_iface_cb;
-	ifmsh->disable_iface_cb = wpa_supplicant_mesh_disable_iface_cb;
-	ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss,
-			       sizeof(struct hostapd_data *));
-	if (!ifmsh->bss)
-		goto out_free;
-
-	ifmsh->bss[0] = bss = hostapd_alloc_bss_data(NULL, NULL, NULL);
-	if (!bss)
-		goto out_free;
-
-	ifmsh->bss[0]->msg_ctx = wpa_s;
-	os_memcpy(bss->own_addr, wpa_s->own_addr, ETH_ALEN);
-	bss->driver = wpa_s->driver;
-	bss->drv_priv = wpa_s->drv_priv;
-	bss->iface = ifmsh;
-	bss->mesh_sta_free_cb = mesh_mpm_free_sta;
-	bss->setup_complete_cb = wpas_mesh_complete_cb;
-	bss->setup_complete_cb_ctx = wpa_s;
-	frequency = ssid->frequency;
-	if (frequency != freq->freq &&
-	    frequency == freq->freq + freq->sec_channel_offset * 20) {
-		wpa_printf(MSG_DEBUG, "mesh: pri/sec channels switched");
-		frequency = freq->freq;
-		ssid->frequency = frequency;
-	}
-	wpa_s->assoc_freq = frequency;
-	wpa_s->current_ssid = ssid;
-
-	/* setup an AP config for auth processing */
-	conf = hostapd_config_defaults();
-	if (!conf)
-		goto out_free;
-
-	if (is_6ghz_freq(freq->freq)) {
-		/*
-		 * IEEE Std 802.11ax-2021, 12.12.2:
-		 * The STA shall use management frame protection (MFPR=1) when
-		 * using RSN.
-		 */
-		ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
-
-		/* Set mandatory op_class parameter for setting up BSS */
-		switch (freq->bandwidth) {
-		case 20:
-			if (freq->freq == 5935)
-				conf->op_class = 136;
-			else
-				conf->op_class = 131;
-			break;
-		case 40:
-			conf->op_class = 132;
-			break;
-		case 80:
-			conf->op_class = 133;
-			break;
-		case 160:
-			conf->op_class = 134;
-			break;
-		default:
-			conf->op_class = 131;
-			break;
-		}
-	}
-
-	bss->conf = *conf->bss;
-	bss->conf->start_disabled = 1;
-	bss->conf->mesh = MESH_ENABLED;
-	bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
-	bss->conf->mesh_fwding = wpa_s->conf->mesh_fwding;
-
-	if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
-			     wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
-		conf->ieee80211h = 1;
-		conf->ieee80211d = 1;
-		conf->country[0] = wpa_s->conf->country[0];
-		conf->country[1] = wpa_s->conf->country[1];
-		conf->country[2] = ' ';
-		wpa_s->mesh_params->handle_dfs = true;
-	}
-
-	bss->iconf = conf;
-	ifmsh->conf = conf;
-
-	ifmsh->bss[0]->max_plinks = wpa_s->conf->max_peer_links;
-	ifmsh->bss[0]->dot11RSNASAERetransPeriod =
-		wpa_s->conf->dot11RSNASAERetransPeriod;
-	os_strlcpy(bss->conf->iface, wpa_s->ifname, sizeof(bss->conf->iface));
-
-	mconf = mesh_config_create(wpa_s, ssid);
-	if (!mconf)
-		goto out_free;
-	ifmsh->mconf = mconf;
-
-	/* need conf->hw_mode for supported rates. */
-	conf->hw_mode = ieee80211_freq_to_chan(frequency, &conf->channel);
-	if (conf->hw_mode == NUM_HOSTAPD_MODES) {
-		wpa_printf(MSG_ERROR, "Unsupported mesh mode frequency: %d MHz",
-			   frequency);
-		goto out_free;
-	}
-
-	if (ssid->mesh_basic_rates == NULL) {
-		/*
-		 * XXX: Hack! This is so an MPM which correctly sets the ERP
-		 * mandatory rates as BSSBasicRateSet doesn't reject us. We
-		 * could add a new hw_mode HOSTAPD_MODE_IEEE80211G_ERP, but
-		 * this is way easier. This also makes our BSSBasicRateSet
-		 * advertised in beacons match the one in peering frames, sigh.
-		 */
-		if (conf->hw_mode == HOSTAPD_MODE_IEEE80211G) {
-			conf->basic_rates = os_memdup(basic_rates_erp,
-						      sizeof(basic_rates_erp));
-			if (!conf->basic_rates)
-				goto out_free;
-		}
-	} else {
-		rate_len = 0;
-		while (1) {
-			if (ssid->mesh_basic_rates[rate_len] < 1)
-				break;
-			rate_len++;
-		}
-		conf->basic_rates = os_calloc(rate_len + 1, sizeof(int));
-		if (conf->basic_rates == NULL)
-			goto out_free;
-		os_memcpy(conf->basic_rates, ssid->mesh_basic_rates,
-			  rate_len * sizeof(int));
-		conf->basic_rates[rate_len] = -1;
-	}
-
-	/* While it can enhance performance to switch the primary channel, which
-	 * is also the secondary channel of another network at the same time),
-	 * to the other primary channel, problems exist with this in mesh
-	 * networks.
-	 *
-	 * Example with problems:
-	 *     - 3 mesh nodes M1-M3, freq (5200, 5180)
-	 *     - other node O1, e.g. AP mode, freq (5180, 5200),
-	 * Locations: O1 M1      M2      M3
-	 *
-	 * M3 can only send frames to M1 over M2, no direct connection is
-	 * possible
-	 * Start O1, M1 and M3 first, M1 or O1 will switch channels to align
-	 * with* each other. M3 does not swap, because M1 or O1 cannot be
-	 * reached. M2 is started afterwards and can either connect to M3 or M1
-	 * because of this primary secondary channel switch.
-	 *
-	 * Solutions: (1) central coordination -> not always possible
-	 *            (2) disable pri/sec channel switch in mesh networks
-	 *
-	 * In AP mode, when all nodes can work independently, this poses of
-	 * course no problem, therefore disable it only in mesh mode. */
-	conf->no_pri_sec_switch = 1;
-	wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
-
-	if (wpa_drv_init_mesh(wpa_s)) {
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
-		return -1;
-	}
-
-	if (hostapd_setup_interface(ifmsh)) {
-		wpa_printf(MSG_ERROR,
-			   "Failed to initialize hostapd interface for mesh");
-		return -1;
-	}
-
-	return 0;
-out_free:
-	wpa_supplicant_mesh_deinit(wpa_s, true);
-	return -ENOMEM;
-}
-
-
-void wpa_mesh_notify_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
-			  const u8 *ies, size_t ie_len)
-{
-	struct ieee802_11_elems elems;
-
-	wpa_msg(wpa_s, MSG_INFO,
-		"new peer notification for " MACSTR, MAC2STR(addr));
-
-	if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) {
-		wpa_msg(wpa_s, MSG_INFO, "Could not parse beacon from " MACSTR,
-			MAC2STR(addr));
-		return;
-	}
-	wpa_mesh_new_mesh_peer(wpa_s, addr, &elems);
-}
-
-
-void wpa_supplicant_mesh_add_scan_ie(struct wpa_supplicant *wpa_s,
-				     struct wpabuf **extra_ie)
-{
-	/* EID + 0-length (wildcard) mesh-id */
-	size_t ielen = 2;
-
-	if (wpabuf_resize(extra_ie, ielen) == 0) {
-		wpabuf_put_u8(*extra_ie, WLAN_EID_MESH_ID);
-		wpabuf_put_u8(*extra_ie, 0);
-	}
-}
-
-
-int wpa_supplicant_join_mesh(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid)
-{
-	struct wpa_driver_mesh_join_params *params = os_zalloc(sizeof(*params));
-	int ret = 0;
-
-	if (!ssid || !ssid->ssid || !ssid->ssid_len || !ssid->frequency ||
-	    !params) {
-		ret = -ENOENT;
-		os_free(params);
-		goto out;
-	}
-
-	wpa_supplicant_mesh_deinit(wpa_s, true);
-
-	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
-	wpa_s->group_cipher = WPA_CIPHER_NONE;
-	wpa_s->mgmt_group_cipher = 0;
-
-	params->meshid = ssid->ssid;
-	params->meshid_len = ssid->ssid_len;
-	ibss_mesh_setup_freq(wpa_s, ssid, &params->freq);
-	wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
-	wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;
-	wpa_s->mesh_he_enabled = !!params->freq.he_enabled;
-	if (params->freq.ht_enabled && params->freq.sec_channel_offset)
-		ssid->ht40 = params->freq.sec_channel_offset;
-
-	if (wpa_s->mesh_vht_enabled) {
-		ssid->vht = 1;
-		ssid->vht_center_freq1 = params->freq.center_freq1;
-		switch (params->freq.bandwidth) {
-		case 80:
-			if (params->freq.center_freq2) {
-				ssid->max_oper_chwidth = CHANWIDTH_80P80MHZ;
-				ssid->vht_center_freq2 =
-					params->freq.center_freq2;
-			} else {
-				ssid->max_oper_chwidth = CHANWIDTH_80MHZ;
-			}
-			break;
-		case 160:
-			ssid->max_oper_chwidth = CHANWIDTH_160MHZ;
-			break;
-		default:
-			ssid->max_oper_chwidth = CHANWIDTH_USE_HT;
-			break;
-		}
-	}
-	if (wpa_s->mesh_he_enabled)
-		ssid->he = 1;
-	if (ssid->beacon_int > 0)
-		params->beacon_int = ssid->beacon_int;
-	else if (wpa_s->conf->beacon_int > 0)
-		params->beacon_int = wpa_s->conf->beacon_int;
-	if (ssid->dtim_period > 0)
-		params->dtim_period = ssid->dtim_period;
-	else if (wpa_s->conf->dtim_period > 0)
-		params->dtim_period = wpa_s->conf->dtim_period;
-	params->conf.max_peer_links = wpa_s->conf->max_peer_links;
-	if (ssid->mesh_rssi_threshold < DEFAULT_MESH_RSSI_THRESHOLD) {
-		params->conf.rssi_threshold = ssid->mesh_rssi_threshold;
-		params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
-		params->flags |= WPA_DRIVER_MESH_FLAG_SAE_AUTH;
-		params->flags |= WPA_DRIVER_MESH_FLAG_AMPE;
-		wpa_s->conf->user_mpm = 1;
-	}
-
-	if (wpa_s->conf->user_mpm) {
-		params->flags |= WPA_DRIVER_MESH_FLAG_USER_MPM;
-		params->conf.auto_plinks = 0;
-	} else {
-		params->flags |= WPA_DRIVER_MESH_FLAG_DRIVER_MPM;
-		params->conf.auto_plinks = 1;
-	}
-	params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
-
-	/* Always explicitely set forwarding to on or off for now */
-	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_FORWARDING;
-	params->conf.forwarding = ssid->mesh_fwding;
-
-	os_free(wpa_s->mesh_params);
-	wpa_s->mesh_params = params;
-	if (wpa_supplicant_mesh_init(wpa_s, ssid, &params->freq)) {
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh");
-		wpa_supplicant_leave_mesh(wpa_s, true);
-		ret = -1;
-		goto out;
-	}
-
-out:
-	return ret;
-}
-
-
-int wpa_supplicant_leave_mesh(struct wpa_supplicant *wpa_s, bool need_deinit)
-{
-	int ret = 0;
-
-	wpa_msg(wpa_s, MSG_INFO, "leaving mesh");
-
-	/* Need to send peering close messages first */
-	if (need_deinit)
-		wpa_supplicant_mesh_deinit(wpa_s, true);
-
-	ret = wpa_drv_leave_mesh(wpa_s);
-	if (ret)
-		wpa_msg(wpa_s, MSG_ERROR, "mesh leave error=%d", ret);
-
-	wpa_drv_set_operstate(wpa_s, 1);
-
-	return ret;
-}
-
-
-static int mesh_attr_text(const u8 *ies, size_t ies_len, char *buf, char *end)
-{
-	struct ieee802_11_elems elems;
-	char *mesh_id, *pos = buf;
-	u8 *bss_basic_rate_set;
-	int bss_basic_rate_set_len, ret, i;
-
-	if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) == ParseFailed)
-		return -1;
-
-	if (elems.mesh_id_len < 1)
-		return 0;
-
-	mesh_id = os_malloc(elems.mesh_id_len + 1);
-	if (mesh_id == NULL)
-		return -1;
-
-	os_memcpy(mesh_id, elems.mesh_id, elems.mesh_id_len);
-	mesh_id[elems.mesh_id_len] = '\0';
-	ret = os_snprintf(pos, end - pos, "mesh_id=%s\n", mesh_id);
-	os_free(mesh_id);
-	if (os_snprintf_error(end - pos, ret))
-		return pos - buf;
-	pos += ret;
-
-	if (elems.mesh_config_len > 6) {
-		ret = os_snprintf(pos, end - pos,
-				  "active_path_selection_protocol_id=0x%02x\n"
-				  "active_path_selection_metric_id=0x%02x\n"
-				  "congestion_control_mode_id=0x%02x\n"
-				  "synchronization_method_id=0x%02x\n"
-				  "authentication_protocol_id=0x%02x\n"
-				  "mesh_formation_info=0x%02x\n"
-				  "mesh_capability=0x%02x\n",
-				  elems.mesh_config[0], elems.mesh_config[1],
-				  elems.mesh_config[2], elems.mesh_config[3],
-				  elems.mesh_config[4], elems.mesh_config[5],
-				  elems.mesh_config[6]);
-		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
-		pos += ret;
-	}
-
-	bss_basic_rate_set = os_malloc(elems.supp_rates_len +
-		elems.ext_supp_rates_len);
-	if (bss_basic_rate_set == NULL)
-		return -1;
-
-	bss_basic_rate_set_len = 0;
-	for (i = 0; i < elems.supp_rates_len; i++) {
-		if (elems.supp_rates[i] & 0x80) {
-			bss_basic_rate_set[bss_basic_rate_set_len++] =
-				(elems.supp_rates[i] & 0x7f) * 5;
-		}
-	}
-	for (i = 0; i < elems.ext_supp_rates_len; i++) {
-		if (elems.ext_supp_rates[i] & 0x80) {
-			bss_basic_rate_set[bss_basic_rate_set_len++] =
-				(elems.ext_supp_rates[i] & 0x7f) * 5;
-		}
-	}
-	if (bss_basic_rate_set_len > 0) {
-		ret = os_snprintf(pos, end - pos, "bss_basic_rate_set=%d",
-				  bss_basic_rate_set[0]);
-		if (os_snprintf_error(end - pos, ret))
-			goto fail;
-		pos += ret;
-
-		for (i = 1; i < bss_basic_rate_set_len; i++) {
-			ret = os_snprintf(pos, end - pos, " %d",
-					  bss_basic_rate_set[i]);
-			if (os_snprintf_error(end - pos, ret))
-				goto fail;
-			pos += ret;
-		}
-
-		ret = os_snprintf(pos, end - pos, "\n");
-		if (os_snprintf_error(end - pos, ret))
-			goto fail;
-		pos += ret;
-	}
-fail:
-	os_free(bss_basic_rate_set);
-
-	return pos - buf;
-}
-
-
-int wpas_mesh_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
-			       char *end)
-{
-	return mesh_attr_text(ies, ies_len, buf, end);
-}
-
-
-static int wpas_mesh_get_ifname(struct wpa_supplicant *wpa_s, char *ifname,
-				size_t len)
-{
-	char *ifname_ptr = wpa_s->ifname;
-	int res;
-
-	res = os_snprintf(ifname, len, "mesh-%s-%d", ifname_ptr,
-			  wpa_s->mesh_if_idx);
-	if (os_snprintf_error(len, res) ||
-	    (os_strlen(ifname) >= IFNAMSIZ &&
-	     os_strlen(wpa_s->ifname) < IFNAMSIZ)) {
-		/* Try to avoid going over the IFNAMSIZ length limit */
-		res = os_snprintf(ifname, len, "mesh-%d", wpa_s->mesh_if_idx);
-		if (os_snprintf_error(len, res))
-			return -1;
-	}
-	wpa_s->mesh_if_idx++;
-	return 0;
-}
-
-
-int wpas_mesh_add_interface(struct wpa_supplicant *wpa_s, char *ifname,
-			    size_t len)
-{
-	struct wpa_interface iface;
-	struct wpa_supplicant *mesh_wpa_s;
-	u8 addr[ETH_ALEN];
-
-	if (ifname[0] == '\0' && wpas_mesh_get_ifname(wpa_s, ifname, len) < 0)
-		return -1;
-
-	if (wpa_drv_if_add(wpa_s, WPA_IF_MESH, ifname, NULL, NULL, NULL, addr,
-			   NULL) < 0) {
-		wpa_printf(MSG_ERROR,
-			   "mesh: Failed to create new mesh interface");
-		return -1;
-	}
-	wpa_printf(MSG_INFO, "mesh: Created virtual interface %s addr "
-		   MACSTR, ifname, MAC2STR(addr));
-
-	os_memset(&iface, 0, sizeof(iface));
-	iface.ifname = ifname;
-	iface.driver = wpa_s->driver->name;
-	iface.driver_param = wpa_s->conf->driver_param;
-	iface.ctrl_interface = wpa_s->conf->ctrl_interface;
-
-	mesh_wpa_s = wpa_supplicant_add_iface(wpa_s->global, &iface, wpa_s);
-	if (!mesh_wpa_s) {
-		wpa_printf(MSG_ERROR,
-			   "mesh: Failed to create new wpa_supplicant interface");
-		wpa_drv_if_remove(wpa_s, WPA_IF_MESH, ifname);
-		return -1;
-	}
-	mesh_wpa_s->mesh_if_created = 1;
-	return 0;
-}
-
-
-int wpas_mesh_peer_remove(struct wpa_supplicant *wpa_s, const u8 *addr)
-{
-	return mesh_mpm_close_peer(wpa_s, addr);
-}
-
-
-int wpas_mesh_peer_add(struct wpa_supplicant *wpa_s, const u8 *addr,
-		       int duration)
-{
-	return mesh_mpm_connect_peer(wpa_s, addr, duration);
-}
diff --git a/wpa_supplicant/mesh.h b/wpa_supplicant/mesh.h
deleted file mode 100644
index a429e5e27358..000000000000
--- a/wpa_supplicant/mesh.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * WPA Supplicant - Basic mesh mode routines
- * Copyright (c) 2013-2014, cozybit, Inc.  All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef MESH_H
-#define MESH_H
-
-int wpa_supplicant_join_mesh(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid);
-int wpa_supplicant_leave_mesh(struct wpa_supplicant *wpa_s,
-			      bool need_deinit);
-void wpa_supplicant_mesh_iface_deinit(struct wpa_supplicant *wpa_s,
-				      struct hostapd_iface *ifmsh,
-				      bool also_clear_hostapd);
-int wpas_mesh_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
-			       char *end);
-int wpas_mesh_add_interface(struct wpa_supplicant *wpa_s, char *ifname,
-			    size_t len);
-int wpas_mesh_peer_remove(struct wpa_supplicant *wpa_s, const u8 *addr);
-int wpas_mesh_peer_add(struct wpa_supplicant *wpa_s, const u8 *addr,
-		       int duration);
-
-#ifdef CONFIG_MESH
-
-void wpa_mesh_notify_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
-			  const u8 *ies, size_t ie_len);
-void wpa_supplicant_mesh_add_scan_ie(struct wpa_supplicant *wpa_s,
-				     struct wpabuf **extra_ie);
-
-#else /* CONFIG_MESH */
-
-static inline void wpa_mesh_notify_peer(struct wpa_supplicant *wpa_s,
-					const u8 *addr,
-					const u8 *ies, size_t ie_len)
-{
-}
-
-static inline void wpa_supplicant_mesh_add_scan_ie(struct wpa_supplicant *wpa_s,
-						   struct wpabuf **extra_ie)
-{
-}
-
-#endif /* CONFIG_MESH */
-
-#endif /* MESH_H */
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
deleted file mode 100644
index 2eb9a7ef6182..000000000000
--- a/wpa_supplicant/mesh_mpm.c
+++ /dev/null
@@ -1,1403 +0,0 @@
-/*
- * WPA Supplicant - Basic mesh peer management
- * Copyright (c) 2013-2014, cozybit, Inc.  All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "common/hw_features_common.h"
-#include "common/ocv.h"
-#include "ap/hostapd.h"
-#include "ap/sta_info.h"
-#include "ap/ieee802_11.h"
-#include "ap/wpa_auth.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "mesh_mpm.h"
-#include "mesh_rsn.h"
-#include "notify.h"
-
-struct mesh_peer_mgmt_ie {
-	const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */
-	const u8 *llid; /* Local Link ID (2 octets) */
-	const u8 *plid; /* Peer Link ID (conditional, 2 octets) */
-	const u8 *reason; /* Reason Code (conditional, 2 octets) */
-	const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */
-};
-
-static void plink_timer(void *eloop_ctx, void *user_data);
-
-
-enum plink_event {
-	PLINK_UNDEFINED,
-	OPN_ACPT,
-	OPN_RJCT,
-	CNF_ACPT,
-	CNF_RJCT,
-	CLS_ACPT,
-	REQ_RJCT
-};
-
-static const char * const mplstate[] = {
-	[0] = "UNINITIALIZED",
-	[PLINK_IDLE] = "IDLE",
-	[PLINK_OPN_SNT] = "OPN_SNT",
-	[PLINK_OPN_RCVD] = "OPN_RCVD",
-	[PLINK_CNF_RCVD] = "CNF_RCVD",
-	[PLINK_ESTAB] = "ESTAB",
-	[PLINK_HOLDING] = "HOLDING",
-	[PLINK_BLOCKED] = "BLOCKED"
-};
-
-static const char * const mplevent[] = {
-	[PLINK_UNDEFINED] = "UNDEFINED",
-	[OPN_ACPT] = "OPN_ACPT",
-	[OPN_RJCT] = "OPN_RJCT",
-	[CNF_ACPT] = "CNF_ACPT",
-	[CNF_RJCT] = "CNF_RJCT",
-	[CLS_ACPT] = "CLS_ACPT",
-	[REQ_RJCT] = "REQ_RJCT",
-};
-
-
-static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s,
-				    u8 action_field,
-				    const u8 *ie, size_t len,
-				    struct mesh_peer_mgmt_ie *mpm_ie)
-{
-	os_memset(mpm_ie, 0, sizeof(*mpm_ie));
-
-	/* Remove optional Chosen PMK field at end */
-	if (len >= SAE_PMKID_LEN) {
-		mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN;
-		len -= SAE_PMKID_LEN;
-	}
-
-	if ((action_field == PLINK_OPEN && len != 4) ||
-	    (action_field == PLINK_CONFIRM && len != 6) ||
-	    (action_field == PLINK_CLOSE && len != 6 && len != 8)) {
-		wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie");
-		return -1;
-	}
-
-	/* required fields */
-	if (len < 4)
-		return -1;
-	mpm_ie->proto_id = ie;
-	mpm_ie->llid = ie + 2;
-	ie += 4;
-	len -= 4;
-
-	/* close reason is always present at end for close */
-	if (action_field == PLINK_CLOSE) {
-		if (len < 2)
-			return -1;
-		mpm_ie->reason = ie + len - 2;
-		len -= 2;
-	}
-
-	/* Peer Link ID, present for confirm, and possibly close */
-	if (len >= 2)
-		mpm_ie->plid = ie;
-
-	return 0;
-}
-
-
-static int plink_free_count(struct hostapd_data *hapd)
-{
-	if (hapd->max_plinks > hapd->num_plinks)
-		return hapd->max_plinks - hapd->num_plinks;
-	return 0;
-}
-
-
-static u16 copy_supp_rates(struct wpa_supplicant *wpa_s,
-			   struct sta_info *sta,
-			   struct ieee802_11_elems *elems)
-{
-	if (!elems->supp_rates) {
-		wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR,
-			MAC2STR(sta->addr));
-		return WLAN_STATUS_UNSPECIFIED_FAILURE;
-	}
-
-	if (elems->supp_rates_len + elems->ext_supp_rates_len >
-	    sizeof(sta->supported_rates)) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"Invalid supported rates element length " MACSTR
-			" %d+%d", MAC2STR(sta->addr), elems->supp_rates_len,
-			elems->ext_supp_rates_len);
-		return WLAN_STATUS_UNSPECIFIED_FAILURE;
-	}
-
-	sta->supported_rates_len = merge_byte_arrays(
-		sta->supported_rates, sizeof(sta->supported_rates),
-		elems->supp_rates, elems->supp_rates_len,
-		elems->ext_supp_rates, elems->ext_supp_rates_len);
-
-	return WLAN_STATUS_SUCCESS;
-}
-
-
-/* return true if elems from a neighbor match this MBSS */
-static bool matches_local(struct wpa_supplicant *wpa_s,
-			  struct ieee802_11_elems *elems)
-{
-	struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
-
-	if (elems->mesh_config_len < 5)
-		return false;
-
-	return (mconf->meshid_len == elems->mesh_id_len &&
-		os_memcmp(mconf->meshid, elems->mesh_id,
-			  elems->mesh_id_len) == 0 &&
-		mconf->mesh_pp_id == elems->mesh_config[0] &&
-		mconf->mesh_pm_id == elems->mesh_config[1] &&
-		mconf->mesh_cc_id == elems->mesh_config[2] &&
-		mconf->mesh_sp_id == elems->mesh_config[3] &&
-		mconf->mesh_auth_id == elems->mesh_config[4]);
-}
-
-
-/* check if local link id is already used with another peer */
-static bool llid_in_use(struct wpa_supplicant *wpa_s, u16 llid)
-{
-	struct sta_info *sta;
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-
-	for (sta = hapd->sta_list; sta; sta = sta->next) {
-		if (sta->my_lid == llid)
-			return true;
-	}
-
-	return false;
-}
-
-
-/* generate an llid for a link and set to initial state */
-static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s,
-			       struct sta_info *sta)
-{
-	u16 llid;
-
-	do {
-		if (os_get_random((u8 *) &llid, sizeof(llid)) < 0)
-			llid = 0; /* continue */
-	} while (!llid || llid_in_use(wpa_s, llid));
-
-	sta->my_lid = llid;
-	sta->peer_lid = 0;
-	sta->peer_aid = 0;
-
-	/*
-	 * We do not use wpa_mesh_set_plink_state() here because there is no
-	 * entry in kernel yet.
-	 */
-	sta->plink_state = PLINK_IDLE;
-}
-
-
-static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s,
-				       struct sta_info *sta,
-				       enum plink_action_field type,
-				       u16 close_reason)
-{
-	struct wpabuf *buf;
-	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
-	struct hostapd_data *bss = ifmsh->bss[0];
-	struct mesh_conf *conf = ifmsh->mconf;
-	u8 supp_rates[2 + 2 + 32];
-	u8 *pos, *cat;
-	u8 ie_len, add_plid = 0;
-	int ret;
-	int ampe = conf->security & MESH_CONF_SEC_AMPE;
-	size_t buf_len;
-
-	if (!sta)
-		return;
-
-	buf_len = 2 +      /* Category and Action */
-		  2 +      /* capability info */
-		  2 +      /* AID */
-		  2 + 8 +  /* supported rates */
-		  2 + (32 - 8) +
-		  2 + 32 + /* mesh ID */
-		  2 + 7 +  /* mesh config */
-		  2 + 24 + /* peering management */
-		  2 + 96 + 32 + 32 + /* AMPE (96 + max GTKlen + max IGTKlen) */
-		  2 + 16;  /* MIC */
-	if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
-		buf_len += 2 + 26 + /* HT capabilities */
-			   2 + 22;  /* HT operation */
-	}
-#ifdef CONFIG_IEEE80211AC
-	if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) {
-		buf_len += 2 + 12 + /* VHT Capabilities */
-			   2 + 5;  /* VHT Operation */
-	}
-#endif /* CONFIG_IEEE80211AC */
-#ifdef CONFIG_IEEE80211AX
-	if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) {
-		buf_len += 3 +
-			   HE_MAX_MAC_CAPAB_SIZE +
-			   HE_MAX_PHY_CAPAB_SIZE +
-			   HE_MAX_MCS_CAPAB_SIZE +
-			   HE_MAX_PPET_CAPAB_SIZE;
-		buf_len += 3 + sizeof(struct ieee80211_he_operation);
-		if (is_6ghz_op_class(bss->iconf->op_class))
-			buf_len += sizeof(struct ieee80211_he_6ghz_oper_info) +
-				3 + sizeof(struct ieee80211_he_6ghz_band_cap);
-	}
-#endif /* CONFIG_IEEE80211AX */
-	if (type != PLINK_CLOSE)
-		buf_len += conf->rsn_ie_len; /* RSN IE */
-#ifdef CONFIG_OCV
-	/* OCI is included even when the other STA doesn't support OCV */
-	if (type != PLINK_CLOSE && conf->ocv)
-		buf_len += OCV_OCI_EXTENDED_LEN;
-#endif /* CONFIG_OCV */
-
-	buf = wpabuf_alloc(buf_len);
-	if (!buf)
-		return;
-
-	cat = wpabuf_mhead_u8(buf);
-	wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED);
-	wpabuf_put_u8(buf, type);
-
-	if (type != PLINK_CLOSE) {
-		u8 info;
-
-		/* capability info */
-		wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0);
-
-		/* aid */
-		if (type == PLINK_CONFIRM)
-			wpabuf_put_le16(buf, sta->aid);
-
-		/* IE: supp + ext. supp rates */
-		pos = hostapd_eid_supp_rates(bss, supp_rates);
-		pos = hostapd_eid_ext_supp_rates(bss, pos);
-		wpabuf_put_data(buf, supp_rates, pos - supp_rates);
-
-		/* IE: RSN IE */
-		wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len);
-
-		/* IE: Mesh ID */
-		wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
-		wpabuf_put_u8(buf, conf->meshid_len);
-		wpabuf_put_data(buf, conf->meshid, conf->meshid_len);
-
-		/* IE: mesh conf */
-		wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG);
-		wpabuf_put_u8(buf, 7);
-		wpabuf_put_u8(buf, conf->mesh_pp_id);
-		wpabuf_put_u8(buf, conf->mesh_pm_id);
-		wpabuf_put_u8(buf, conf->mesh_cc_id);
-		wpabuf_put_u8(buf, conf->mesh_sp_id);
-		wpabuf_put_u8(buf, conf->mesh_auth_id);
-		info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
-		/* TODO: Add Connected to Mesh Gate/AS subfields */
-		wpabuf_put_u8(buf, info);
-		/* Set forwarding based on configuration and always accept
-		 * plinks for now */
-		wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER |
-			      (conf->mesh_fwding ? MESH_CAP_FORWARDING : 0));
-	} else {	/* Peer closing frame */
-		/* IE: Mesh ID */
-		wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
-		wpabuf_put_u8(buf, conf->meshid_len);
-		wpabuf_put_data(buf, conf->meshid, conf->meshid_len);
-	}
-
-	/* IE: Mesh Peering Management element */
-	ie_len = 4;
-	if (ampe)
-		ie_len += PMKID_LEN;
-	switch (type) {
-	case PLINK_OPEN:
-		break;
-	case PLINK_CONFIRM:
-		ie_len += 2;
-		add_plid = 1;
-		break;
-	case PLINK_CLOSE:
-		ie_len += 2;
-		add_plid = 1;
-		ie_len += 2; /* reason code */
-		break;
-	}
-
-	wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT);
-	wpabuf_put_u8(buf, ie_len);
-	/* peering protocol */
-	if (ampe)
-		wpabuf_put_le16(buf, 1);
-	else
-		wpabuf_put_le16(buf, 0);
-	wpabuf_put_le16(buf, sta->my_lid);
-	if (add_plid)
-		wpabuf_put_le16(buf, sta->peer_lid);
-	if (type == PLINK_CLOSE)
-		wpabuf_put_le16(buf, close_reason);
-	if (ampe) {
-		if (sta->sae == NULL) {
-			wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session");
-			goto fail;
-		}
-		mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta,
-				   wpabuf_put(buf, PMKID_LEN));
-	}
-
-	if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
-		u8 ht_capa_oper[2 + 26 + 2 + 22];
-
-		pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper);
-		pos = hostapd_eid_ht_operation(bss, pos);
-		wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper);
-	}
-#ifdef CONFIG_IEEE80211AC
-	if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) {
-		u8 vht_capa_oper[2 + 12 + 2 + 5];
-
-		pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper, 0);
-		pos = hostapd_eid_vht_operation(bss, pos);
-		wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper);
-	}
-#endif /* CONFIG_IEEE80211AC */
-#ifdef CONFIG_IEEE80211AX
-	if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) {
-		u8 he_capa_oper[3 +
-				HE_MAX_MAC_CAPAB_SIZE +
-				HE_MAX_PHY_CAPAB_SIZE +
-				HE_MAX_MCS_CAPAB_SIZE +
-				HE_MAX_PPET_CAPAB_SIZE +
-				3 + sizeof(struct ieee80211_he_operation) +
-				sizeof(struct ieee80211_he_6ghz_oper_info) +
-				3 + sizeof(struct ieee80211_he_6ghz_band_cap)];
-
-		pos = hostapd_eid_he_capab(bss, he_capa_oper,
-					   IEEE80211_MODE_MESH);
-		pos = hostapd_eid_he_operation(bss, pos);
-		pos = hostapd_eid_he_6ghz_band_cap(bss, pos);
-		wpabuf_put_data(buf, he_capa_oper, pos - he_capa_oper);
-	}
-#endif /* CONFIG_IEEE80211AX */
-
-#ifdef CONFIG_OCV
-	if (type != PLINK_CLOSE && conf->ocv) {
-		struct wpa_channel_info ci;
-
-		if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-			wpa_printf(MSG_WARNING,
-				   "Mesh MPM: Failed to get channel info for OCI element");
-			goto fail;
-		}
-
-		pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN);
-		if (ocv_insert_extended_oci(&ci, pos) < 0)
-			goto fail;
-	}
-#endif /* CONFIG_OCV */
-
-	if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Mesh MPM: failed to add AMPE and MIC IE");
-		goto fail;
-	}
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to "
-		MACSTR " (my_lid=0x%x peer_lid=0x%x)",
-		type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid);
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
-				  sta->addr, wpa_s->own_addr, wpa_s->own_addr,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret < 0)
-		wpa_msg(wpa_s, MSG_INFO,
-			"Mesh MPM: failed to send peering frame");
-
-fail:
-	wpabuf_free(buf);
-}
-
-
-/* configure peering state in ours and driver's station entry */
-void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s,
-			      struct sta_info *sta,
-			      enum mesh_plink_state state)
-{
-	struct hostapd_sta_add_params params;
-	int ret;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s",
-		MAC2STR(sta->addr), mplstate[sta->plink_state],
-		mplstate[state]);
-	sta->plink_state = state;
-
-	os_memset(&params, 0, sizeof(params));
-	params.addr = sta->addr;
-	params.plink_state = state;
-	params.peer_aid = sta->peer_aid;
-	params.set = 1;
-
-	ret = wpa_drv_sta_add(wpa_s, &params);
-	if (ret) {
-		wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR
-			": %d", MAC2STR(sta->addr), ret);
-	}
-}
-
-
-static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s,
-				 struct sta_info *sta)
-{
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-
-	eloop_cancel_timeout(plink_timer, wpa_s, sta);
-
-	ap_free_sta(hapd, sta);
-}
-
-
-static void plink_timer(void *eloop_ctx, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct sta_info *sta = user_data;
-	u16 reason = 0;
-	struct mesh_conf *conf = wpa_s->ifmsh->mconf;
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-
-	switch (sta->plink_state) {
-	case PLINK_OPN_RCVD:
-	case PLINK_OPN_SNT:
-		/* retry timer */
-		if (sta->mpm_retries < conf->dot11MeshMaxRetries) {
-			eloop_register_timeout(
-				conf->dot11MeshRetryTimeout / 1000,
-				(conf->dot11MeshRetryTimeout % 1000) * 1000,
-				plink_timer, wpa_s, sta);
-			mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0);
-			sta->mpm_retries++;
-			break;
-		}
-		reason = WLAN_REASON_MESH_MAX_RETRIES;
-		/* fall through */
-
-	case PLINK_CNF_RCVD:
-		/* confirm timer */
-		if (!reason)
-			reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT;
-		wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
-		eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000,
-			(conf->dot11MeshHoldingTimeout % 1000) * 1000,
-			plink_timer, wpa_s, sta);
-		mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason);
-		break;
-	case PLINK_HOLDING:
-		/* holding timer */
-
-		if (sta->mesh_sae_pmksa_caching) {
-			wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR
-				   " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it",
-				   MAC2STR(sta->addr));
-			wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
-		}
-		mesh_mpm_fsm_restart(wpa_s, sta);
-		break;
-	default:
-		break;
-	}
-}
-
-
-/* initiate peering with station */
-static void
-mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta,
-		    enum mesh_plink_state next_state)
-{
-	struct mesh_conf *conf = wpa_s->ifmsh->mconf;
-
-	eloop_cancel_timeout(plink_timer, wpa_s, sta);
-	eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000,
-			       (conf->dot11MeshRetryTimeout % 1000) * 1000,
-			       plink_timer, wpa_s, sta);
-	mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0);
-	wpa_mesh_set_plink_state(wpa_s, sta, next_state);
-}
-
-
-static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta,
-				void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	int reason = WLAN_REASON_MESH_PEERING_CANCELLED;
-
-	if (sta) {
-		if (sta->plink_state == PLINK_ESTAB)
-			hapd->num_plinks--;
-		wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
-		mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason);
-		wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR,
-			   MAC2STR(sta->addr));
-		eloop_cancel_timeout(plink_timer, wpa_s, sta);
-		eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta);
-		return 0;
-	}
-
-	return 1;
-}
-
-
-int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr)
-{
-	struct hostapd_data *hapd;
-	struct sta_info *sta;
-
-	if (!wpa_s->ifmsh) {
-		wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet");
-		return -1;
-	}
-
-	hapd = wpa_s->ifmsh->bss[0];
-	sta = ap_get_sta(hapd, addr);
-	if (!sta) {
-		wpa_msg(wpa_s, MSG_INFO, "No such mesh peer");
-		return -1;
-	}
-
-	return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1;
-}
-
-
-static void peer_add_timer(void *eloop_ctx, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-
-	os_memset(hapd->mesh_required_peer, 0, ETH_ALEN);
-}
-
-
-int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
-			  int duration)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct hostapd_data *hapd;
-	struct sta_info *sta;
-	struct mesh_conf *conf;
-
-	if (!wpa_s->ifmsh) {
-		wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet");
-		return -1;
-	}
-
-	if (!ssid || !ssid->no_auto_peer) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"This command is available only with no_auto_peer mesh network");
-		return -1;
-	}
-
-	hapd = wpa_s->ifmsh->bss[0];
-	conf = wpa_s->ifmsh->mconf;
-
-	sta = ap_get_sta(hapd, addr);
-	if (!sta) {
-		wpa_msg(wpa_s, MSG_INFO, "No such mesh peer");
-		return -1;
-	}
-
-	if ((PLINK_OPN_SNT <= sta->plink_state &&
-	    sta->plink_state <= PLINK_ESTAB) ||
-	    (sta->sae && sta->sae->state > SAE_NOTHING)) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Specified peer is connecting/connected");
-		return -1;
-	}
-
-	if (conf->security == MESH_CONF_SEC_NONE) {
-		mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
-	} else {
-		mesh_rsn_auth_sae_sta(wpa_s, sta);
-		os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN);
-		eloop_register_timeout(duration == -1 ? 10 : duration, 0,
-				       peer_add_timer, wpa_s, NULL);
-	}
-
-	return 0;
-}
-
-
-void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh)
-{
-	struct hostapd_data *hapd = ifmsh->bss[0];
-
-	/* notify peers we're leaving */
-	ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s);
-
-	hapd->num_plinks = 0;
-	hostapd_free_stas(hapd);
-	eloop_cancel_timeout(peer_add_timer, wpa_s, NULL);
-}
-
-
-/* for mesh_rsn to indicate this peer has completed authentication, and we're
- * ready to start AMPE */
-void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr)
-{
-	struct hostapd_data *data = wpa_s->ifmsh->bss[0];
-	struct hostapd_sta_add_params params;
-	struct sta_info *sta;
-	int ret;
-
-	sta = ap_get_sta(data, addr);
-	if (!sta) {
-		wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer");
-		return;
-	}
-
-	/* TODO: Should do nothing if this STA is already authenticated, but
-	 * the AP code already sets this flag. */
-	sta->flags |= WLAN_STA_AUTH;
-
-	mesh_rsn_init_ampe_sta(wpa_s, sta);
-
-	os_memset(&params, 0, sizeof(params));
-	params.addr = sta->addr;
-	params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED;
-	params.set = 1;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR,
-		MAC2STR(sta->addr));
-	ret = wpa_drv_sta_add(wpa_s, &params);
-	if (ret) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"Driver failed to set " MACSTR ": %d",
-			MAC2STR(sta->addr), ret);
-	}
-
-	if (!sta->my_lid)
-		mesh_mpm_init_link(wpa_s, sta);
-
-	mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
-}
-
-/*
- * Initialize a sta_info structure for a peer and upload it into the driver
- * in preparation for beginning authentication or peering. This is done when a
- * Beacon (secure or open mesh) or a peering open frame (for open mesh) is
- * received from the peer for the first time.
- */
-static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s,
-					   const u8 *addr,
-					   struct ieee802_11_elems *elems)
-{
-	struct hostapd_sta_add_params params;
-	struct mesh_conf *conf = wpa_s->ifmsh->mconf;
-	struct hostapd_data *data = wpa_s->ifmsh->bss[0];
-	struct sta_info *sta;
-	struct ieee80211_ht_operation *oper;
-	int ret;
-
-	if (elems->mesh_config_len >= 7 &&
-	    !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"mesh: Ignore a crowded peer " MACSTR,
-			MAC2STR(addr));
-		return NULL;
-	}
-
-	sta = ap_get_sta(data, addr);
-	if (sta)
-		return NULL;
-
-	sta = ap_sta_add(data, addr);
-	if (!sta)
-		return NULL;
-
-	/* Set WMM by default since Mesh STAs are QoS STAs */
-	sta->flags |= WLAN_STA_WMM;
-
-	/* initialize sta */
-	if (copy_supp_rates(wpa_s, sta, elems)) {
-		ap_free_sta(data, sta);
-		return NULL;
-	}
-
-	if (!sta->my_lid)
-		mesh_mpm_init_link(wpa_s, sta);
-
-	copy_sta_ht_capab(data, sta, elems->ht_capabilities);
-
-	oper = (struct ieee80211_ht_operation *) elems->ht_operation;
-	if (oper &&
-	    !(oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) &&
-	    sta->ht_capabilities) {
-		wpa_msg(wpa_s, MSG_DEBUG, MACSTR
-			" does not support 40 MHz bandwidth",
-			MAC2STR(sta->addr));
-		set_disable_ht40(sta->ht_capabilities, 1);
-	}
-
-	update_ht_state(data, sta);
-
-#ifdef CONFIG_IEEE80211AC
-	copy_sta_vht_capab(data, sta, elems->vht_capabilities);
-	copy_sta_vht_oper(data, sta, elems->vht_operation);
-	set_sta_vht_opmode(data, sta, elems->vht_opmode_notif);
-#endif /* CONFIG_IEEE80211AC */
-
-#ifdef CONFIG_IEEE80211AX
-	copy_sta_he_capab(data, sta, IEEE80211_MODE_MESH,
-			  elems->he_capabilities, elems->he_capabilities_len);
-	copy_sta_he_6ghz_capab(data, sta, elems->he_6ghz_band_cap);
-#endif /* CONFIG_IEEE80211AX */
-
-	if (hostapd_get_aid(data, sta) < 0) {
-		wpa_msg(wpa_s, MSG_ERROR, "No AIDs available");
-		ap_free_sta(data, sta);
-		return NULL;
-	}
-
-	/* insert into driver */
-	os_memset(&params, 0, sizeof(params));
-	params.supp_rates = sta->supported_rates;
-	params.supp_rates_len = sta->supported_rates_len;
-	params.addr = addr;
-	params.plink_state = sta->plink_state;
-	params.aid = sta->aid;
-	params.peer_aid = sta->peer_aid;
-	params.listen_interval = 100;
-	params.ht_capabilities = sta->ht_capabilities;
-	params.vht_capabilities = sta->vht_capabilities;
-	params.he_capab = sta->he_capab;
-	params.he_capab_len = sta->he_capab_len;
-	params.he_6ghz_capab = sta->he_6ghz_capab;
-	params.flags |= WPA_STA_WMM;
-	params.flags_mask |= WPA_STA_AUTHENTICATED;
-	if (conf->security == MESH_CONF_SEC_NONE) {
-		params.flags |= WPA_STA_AUTHORIZED;
-		params.flags |= WPA_STA_AUTHENTICATED;
-	} else {
-		sta->flags |= WLAN_STA_MFP;
-		params.flags |= WPA_STA_MFP;
-	}
-
-	ret = wpa_drv_sta_add(wpa_s, &params);
-	if (ret) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"Driver failed to insert " MACSTR ": %d",
-			MAC2STR(addr), ret);
-		ap_free_sta(data, sta);
-		return NULL;
-	}
-
-	return sta;
-}
-
-
-void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
-			    struct ieee802_11_elems *elems)
-{
-	struct mesh_conf *conf = wpa_s->ifmsh->mconf;
-	struct hostapd_data *data = wpa_s->ifmsh->bss[0];
-	struct sta_info *sta;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	sta = mesh_mpm_add_peer(wpa_s, addr, elems);
-	if (!sta)
-		return;
-
-	if (ssid && ssid->no_auto_peer &&
-	    (is_zero_ether_addr(data->mesh_required_peer) ||
-	     os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) {
-		wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with "
-			MACSTR " because of no_auto_peer", MAC2STR(addr));
-		if (data->mesh_pending_auth) {
-			struct os_reltime age;
-			const struct ieee80211_mgmt *mgmt;
-			struct hostapd_frame_info fi;
-
-			mgmt = wpabuf_head(data->mesh_pending_auth);
-			os_reltime_age(&data->mesh_pending_auth_time, &age);
-			if (age.sec < 2 &&
-			    os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) {
-				wpa_printf(MSG_DEBUG,
-					   "mesh: Process pending Authentication frame from %u.%06u seconds ago",
-					   (unsigned int) age.sec,
-					   (unsigned int) age.usec);
-				os_memset(&fi, 0, sizeof(fi));
-				ieee802_11_mgmt(
-					data,
-					wpabuf_head(data->mesh_pending_auth),
-					wpabuf_len(data->mesh_pending_auth),
-					&fi);
-			}
-			wpabuf_free(data->mesh_pending_auth);
-			data->mesh_pending_auth = NULL;
-		}
-		return;
-	}
-
-	if (conf->security == MESH_CONF_SEC_NONE) {
-		if (sta->plink_state < PLINK_OPN_SNT ||
-		    sta->plink_state > PLINK_ESTAB)
-			mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
-	} else {
-		mesh_rsn_auth_sae_sta(wpa_s, sta);
-	}
-}
-
-
-void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt)
-{
-	struct hostapd_frame_info fi;
-
-	os_memset(&fi, 0, sizeof(fi));
-	fi.datarate = rx_mgmt->datarate;
-	fi.ssi_signal = rx_mgmt->ssi_signal;
-	ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame,
-			rx_mgmt->frame_len, &fi);
-}
-
-
-static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s,
-				 struct sta_info *sta)
-{
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-	struct mesh_conf *conf = wpa_s->ifmsh->mconf;
-	u8 seq[6] = {};
-
-	wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established",
-		MAC2STR(sta->addr));
-
-	if (conf->security & MESH_CONF_SEC_AMPE) {
-		wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len);
-		wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->pairwise_cipher),
-				sta->addr, 0, 0, seq, sizeof(seq),
-				sta->mtk, sta->mtk_len,
-				KEY_FLAG_PAIRWISE_RX_TX);
-
-		wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC",
-				sta->mgtk_rsc, sizeof(sta->mgtk_rsc));
-		wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK",
-				sta->mgtk, sta->mgtk_len);
-		wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->group_cipher),
-				sta->addr, sta->mgtk_key_id, 0,
-				sta->mgtk_rsc, sizeof(sta->mgtk_rsc),
-				sta->mgtk, sta->mgtk_len,
-				KEY_FLAG_GROUP_RX);
-
-		if (sta->igtk_len) {
-			wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC",
-					sta->igtk_rsc, sizeof(sta->igtk_rsc));
-			wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK",
-					sta->igtk, sta->igtk_len);
-			wpa_drv_set_key(
-				wpa_s,
-				wpa_cipher_to_alg(conf->mgmt_group_cipher),
-				sta->addr, sta->igtk_key_id, 0,
-				sta->igtk_rsc, sizeof(sta->igtk_rsc),
-				sta->igtk, sta->igtk_len,
-				KEY_FLAG_GROUP_RX);
-		}
-	}
-
-	wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB);
-	hapd->num_plinks++;
-
-	sta->flags |= WLAN_STA_ASSOC;
-	sta->mesh_sae_pmksa_caching = 0;
-
-	eloop_cancel_timeout(peer_add_timer, wpa_s, NULL);
-	peer_add_timer(wpa_s, NULL);
-	eloop_cancel_timeout(plink_timer, wpa_s, sta);
-
-	/* Send ctrl event */
-	wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR,
-		MAC2STR(sta->addr));
-
-	/* Send D-Bus event */
-	wpas_notify_mesh_peer_connected(wpa_s, sta->addr);
-}
-
-
-static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta,
-			 enum plink_event event, u16 reason)
-{
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-	struct mesh_conf *conf = wpa_s->ifmsh->mconf;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s",
-		MAC2STR(sta->addr), mplstate[sta->plink_state],
-		mplevent[event]);
-
-	switch (sta->plink_state) {
-	case PLINK_IDLE:
-		switch (event) {
-		case CLS_ACPT:
-			mesh_mpm_fsm_restart(wpa_s, sta);
-			break;
-		case OPN_ACPT:
-			mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD);
-			mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM,
-						   0);
-			break;
-		case REQ_RJCT:
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CLOSE, reason);
-			break;
-		default:
-			break;
-		}
-		break;
-	case PLINK_OPN_SNT:
-		switch (event) {
-		case OPN_RJCT:
-		case CNF_RJCT:
-			if (!reason)
-				reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
-			/* fall-through */
-		case CLS_ACPT:
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
-			if (!reason)
-				reason = WLAN_REASON_MESH_CLOSE_RCVD;
-			eloop_register_timeout(
-				conf->dot11MeshHoldingTimeout / 1000,
-				(conf->dot11MeshHoldingTimeout % 1000) * 1000,
-				plink_timer, wpa_s, sta);
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CLOSE, reason);
-			break;
-		case OPN_ACPT:
-			/* retry timer is left untouched */
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD);
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CONFIRM, 0);
-			break;
-		case CNF_ACPT:
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD);
-			eloop_cancel_timeout(plink_timer, wpa_s, sta);
-			eloop_register_timeout(
-				conf->dot11MeshConfirmTimeout / 1000,
-				(conf->dot11MeshConfirmTimeout % 1000) * 1000,
-				plink_timer, wpa_s, sta);
-			break;
-		default:
-			break;
-		}
-		break;
-	case PLINK_OPN_RCVD:
-		switch (event) {
-		case OPN_RJCT:
-		case CNF_RJCT:
-			if (!reason)
-				reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
-			/* fall-through */
-		case CLS_ACPT:
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
-			if (!reason)
-				reason = WLAN_REASON_MESH_CLOSE_RCVD;
-			eloop_register_timeout(
-				conf->dot11MeshHoldingTimeout / 1000,
-				(conf->dot11MeshHoldingTimeout % 1000) * 1000,
-				plink_timer, wpa_s, sta);
-			sta->mpm_close_reason = reason;
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CLOSE, reason);
-			break;
-		case OPN_ACPT:
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CONFIRM, 0);
-			break;
-		case CNF_ACPT:
-			if (conf->security & MESH_CONF_SEC_AMPE)
-				mesh_rsn_derive_mtk(wpa_s, sta);
-			mesh_mpm_plink_estab(wpa_s, sta);
-			break;
-		default:
-			break;
-		}
-		break;
-	case PLINK_CNF_RCVD:
-		switch (event) {
-		case OPN_RJCT:
-		case CNF_RJCT:
-			if (!reason)
-				reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
-			/* fall-through */
-		case CLS_ACPT:
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
-			if (!reason)
-				reason = WLAN_REASON_MESH_CLOSE_RCVD;
-			eloop_register_timeout(
-				conf->dot11MeshHoldingTimeout / 1000,
-				(conf->dot11MeshHoldingTimeout % 1000) * 1000,
-				plink_timer, wpa_s, sta);
-			sta->mpm_close_reason = reason;
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CLOSE, reason);
-			break;
-		case OPN_ACPT:
-			if (conf->security & MESH_CONF_SEC_AMPE)
-				mesh_rsn_derive_mtk(wpa_s, sta);
-			mesh_mpm_plink_estab(wpa_s, sta);
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CONFIRM, 0);
-			break;
-		default:
-			break;
-		}
-		break;
-	case PLINK_ESTAB:
-		switch (event) {
-		case OPN_RJCT:
-		case CNF_RJCT:
-		case CLS_ACPT:
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
-			if (!reason)
-				reason = WLAN_REASON_MESH_CLOSE_RCVD;
-
-			eloop_register_timeout(
-				conf->dot11MeshHoldingTimeout / 1000,
-				(conf->dot11MeshHoldingTimeout % 1000) * 1000,
-				plink_timer, wpa_s, sta);
-			sta->mpm_close_reason = reason;
-
-			wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR
-				" closed with reason %d",
-				MAC2STR(sta->addr), reason);
-
-			wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR,
-				MAC2STR(sta->addr));
-
-			/* Send D-Bus event */
-			wpas_notify_mesh_peer_disconnected(wpa_s, sta->addr,
-							   reason);
-
-			hapd->num_plinks--;
-
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CLOSE, reason);
-			break;
-		case OPN_ACPT:
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CONFIRM, 0);
-			break;
-		default:
-			break;
-		}
-		break;
-	case PLINK_HOLDING:
-		switch (event) {
-		case CLS_ACPT:
-			mesh_mpm_fsm_restart(wpa_s, sta);
-			break;
-		case OPN_ACPT:
-		case CNF_ACPT:
-		case OPN_RJCT:
-		case CNF_RJCT:
-			reason = sta->mpm_close_reason;
-			mesh_mpm_send_plink_action(wpa_s, sta,
-						   PLINK_CLOSE, reason);
-			break;
-		default:
-			break;
-		}
-		break;
-	default:
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Unsupported MPM event %s for state %s",
-			mplevent[event], mplstate[sta->plink_state]);
-		break;
-	}
-}
-
-
-void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
-			const struct ieee80211_mgmt *mgmt, size_t len)
-{
-	u8 action_field;
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-	struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
-	struct sta_info *sta;
-	u16 plid = 0, llid = 0, aid = 0;
-	enum plink_event event;
-	struct ieee802_11_elems elems;
-	struct mesh_peer_mgmt_ie peer_mgmt_ie;
-	const u8 *ies;
-	size_t ie_len;
-	int ret;
-	u16 reason = 0;
-
-	if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED)
-		return;
-
-	action_field = mgmt->u.action.u.slf_prot_action.action;
-	if (action_field != PLINK_OPEN &&
-	    action_field != PLINK_CONFIRM &&
-	    action_field != PLINK_CLOSE)
-		return;
-
-	ies = mgmt->u.action.u.slf_prot_action.variable;
-	ie_len = (const u8 *) mgmt + len -
-		mgmt->u.action.u.slf_prot_action.variable;
-
-	/* at least expect mesh id and peering mgmt */
-	if (ie_len < 2 + 2) {
-		wpa_printf(MSG_DEBUG,
-			   "MPM: Ignore too short action frame %u ie_len %u",
-			   action_field, (unsigned int) ie_len);
-		return;
-	}
-	wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field);
-
-	if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) {
-		wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x",
-			   WPA_GET_LE16(ies));
-		ies += 2;	/* capability */
-		ie_len -= 2;
-	}
-	if (action_field == PLINK_CONFIRM) {
-		aid = WPA_GET_LE16(ies);
-		wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", aid);
-		ies += 2;	/* aid */
-		ie_len -= 2;
-	}
-
-	/* check for mesh peering, mesh id and mesh config IEs */
-	if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) {
-		wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs");
-		return;
-	}
-	if (!elems.peer_mgmt) {
-		wpa_printf(MSG_DEBUG,
-			   "MPM: No Mesh Peering Management element");
-		return;
-	}
-	if (action_field != PLINK_CLOSE) {
-		if (!elems.mesh_id || !elems.mesh_config) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: No Mesh ID or Mesh Configuration element");
-			return;
-		}
-
-		if (!matches_local(wpa_s, &elems)) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: Mesh ID or Mesh Configuration element do not match local MBSS");
-			return;
-		}
-	}
-
-	ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field,
-				       elems.peer_mgmt,
-				       elems.peer_mgmt_len,
-				       &peer_mgmt_ie);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame");
-		return;
-	}
-
-	/* the sender's llid is our plid and vice-versa */
-	plid = WPA_GET_LE16(peer_mgmt_ie.llid);
-	if (peer_mgmt_ie.plid)
-		llid = WPA_GET_LE16(peer_mgmt_ie.plid);
-	wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid);
-
-	if (action_field == PLINK_CLOSE)
-		wpa_printf(MSG_DEBUG, "MPM: close reason=%u",
-			   WPA_GET_LE16(peer_mgmt_ie.reason));
-
-	sta = ap_get_sta(hapd, mgmt->sa);
-
-	/*
-	 * If this is an open frame from an unknown STA, and this is an
-	 * open mesh, then go ahead and add the peer before proceeding.
-	 */
-	if (!sta && action_field == PLINK_OPEN &&
-	    (!(mconf->security & MESH_CONF_SEC_AMPE) ||
-	     wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL)))
-		sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems);
-
-	if (!sta) {
-		wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer");
-		return;
-	}
-
-#ifdef CONFIG_SAE
-	/* peer is in sae_accepted? */
-	if (sta->sae && sta->sae->state != SAE_ACCEPTED) {
-		wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer");
-		return;
-	}
-#endif /* CONFIG_SAE */
-
-	if (!sta->my_lid)
-		mesh_mpm_init_link(wpa_s, sta);
-
-	if (mconf->security & MESH_CONF_SEC_AMPE) {
-		int res;
-
-		res = mesh_rsn_process_ampe(wpa_s, sta, &elems,
-					    &mgmt->u.action.category,
-					    peer_mgmt_ie.chosen_pmk,
-					    ies, ie_len);
-		if (res) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: RSN process rejected frame (res=%d)",
-				   res);
-			if (action_field == PLINK_OPEN && res == -2) {
-				/* AES-SIV decryption failed */
-				mesh_mpm_fsm(wpa_s, sta, OPN_RJCT,
-					     WLAN_REASON_MESH_INVALID_GTK);
-			}
-			return;
-		}
-
-#ifdef CONFIG_OCV
-		if (action_field == PLINK_OPEN && elems.rsn_ie) {
-			struct wpa_state_machine *sm = sta->wpa_sm;
-			struct wpa_ie_data data;
-
-			res = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2,
-						   elems.rsn_ie_len + 2,
-						   &data);
-			if (res) {
-				wpa_printf(MSG_DEBUG,
-					   "Failed to parse RSN IE (res=%d)",
-					   res);
-				wpa_hexdump(MSG_DEBUG, "RSN IE", elems.rsn_ie,
-					    elems.rsn_ie_len);
-				return;
-			}
-
-			wpa_auth_set_ocv(sm, mconf->ocv &&
-					 (data.capabilities &
-					  WPA_CAPABILITY_OCVC));
-		}
-
-		if (action_field != PLINK_CLOSE &&
-		    wpa_auth_uses_ocv(sta->wpa_sm)) {
-			struct wpa_channel_info ci;
-			int tx_chanwidth;
-			int tx_seg1_idx;
-
-			if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-				wpa_printf(MSG_WARNING,
-					   "MPM: Failed to get channel info to validate received OCI in MPM Confirm");
-				return;
-			}
-
-			if (get_tx_parameters(
-				    sta, channel_width_to_int(ci.chanwidth),
-				    ci.seg1_idx, &tx_chanwidth,
-				    &tx_seg1_idx) < 0)
-				return;
-
-			if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
-						 tx_chanwidth, tx_seg1_idx) !=
-			    OCI_SUCCESS) {
-				wpa_printf(MSG_WARNING, "MPM: OCV failed: %s",
-					   ocv_errorstr);
-				return;
-			}
-		}
-#endif /* CONFIG_OCV */
-	}
-
-	if (sta->plink_state == PLINK_BLOCKED) {
-		wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED");
-		return;
-	}
-
-	/* Now we will figure out the appropriate event... */
-	switch (action_field) {
-	case PLINK_OPEN:
-		if (plink_free_count(hapd) == 0) {
-			event = REQ_RJCT;
-			reason = WLAN_REASON_MESH_MAX_PEERS;
-			wpa_printf(MSG_INFO,
-				   "MPM: Peer link num over quota(%d)",
-				   hapd->max_plinks);
-		} else if (sta->peer_lid && sta->peer_lid != plid) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: peer_lid mismatch: 0x%x != 0x%x",
-				   sta->peer_lid, plid);
-			return; /* no FSM event */
-		} else {
-			sta->peer_lid = plid;
-			event = OPN_ACPT;
-		}
-		break;
-	case PLINK_CONFIRM:
-		if (plink_free_count(hapd) == 0) {
-			event = REQ_RJCT;
-			reason = WLAN_REASON_MESH_MAX_PEERS;
-			wpa_printf(MSG_INFO,
-				   "MPM: Peer link num over quota(%d)",
-				   hapd->max_plinks);
-		} else if (sta->my_lid != llid ||
-			   (sta->peer_lid && sta->peer_lid != plid)) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: lid mismatch: my_lid: 0x%x != 0x%x or peer_lid: 0x%x != 0x%x",
-				   sta->my_lid, llid, sta->peer_lid, plid);
-			return; /* no FSM event */
-		} else {
-			if (!sta->peer_lid)
-				sta->peer_lid = plid;
-			sta->peer_aid = aid;
-			event = CNF_ACPT;
-		}
-		break;
-	case PLINK_CLOSE:
-		if (sta->plink_state == PLINK_ESTAB)
-			/* Do not check for llid or plid. This does not
-			 * follow the standard but since multiple plinks
-			 * per cand are not supported, it is necessary in
-			 * order to avoid a livelock when MP A sees an
-			 * establish peer link to MP B but MP B does not
-			 * see it. This can be caused by a timeout in
-			 * B's peer link establishment or B being
-			 * restarted.
-			 */
-			event = CLS_ACPT;
-		else if (sta->peer_lid != plid) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: peer_lid mismatch: 0x%x != 0x%x",
-				   sta->peer_lid, plid);
-			return; /* no FSM event */
-		} else if (peer_mgmt_ie.plid && sta->my_lid != llid) {
-			wpa_printf(MSG_DEBUG,
-				   "MPM: my_lid mismatch: 0x%x != 0x%x",
-				   sta->my_lid, llid);
-			return; /* no FSM event */
-		} else {
-			event = CLS_ACPT;
-		}
-		break;
-	default:
-		/*
-		 * This cannot be hit due to the action_field check above, but
-		 * compilers may not be able to figure that out and can warn
-		 * about uninitialized event below.
-		 */
-		return;
-	}
-	mesh_mpm_fsm(wpa_s, sta, event, reason);
-}
-
-
-/* called by ap_free_sta */
-void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
-{
-	if (sta->plink_state == PLINK_ESTAB)
-		hapd->num_plinks--;
-	eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta);
-	eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta);
-}
diff --git a/wpa_supplicant/mesh_mpm.h b/wpa_supplicant/mesh_mpm.h
deleted file mode 100644
index 5fc1e6184bcb..000000000000
--- a/wpa_supplicant/mesh_mpm.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * WPA Supplicant - Basic mesh peer management
- * Copyright (c) 2013-2014, cozybit, Inc.  All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef MESH_MPM_H
-#define MESH_MPM_H
-
-/* notify MPM of new mesh peer to be inserted in MPM and driver */
-void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
-			    struct ieee802_11_elems *elems);
-void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh);
-void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr);
-void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta);
-void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s,
-			      struct sta_info *sta,
-			      enum mesh_plink_state state);
-int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr);
-int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
-			  int duration);
-
-#ifdef CONFIG_MESH
-
-void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
-			const struct ieee80211_mgmt *mgmt, size_t len);
-void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt);
-
-#else /* CONFIG_MESH */
-
-static inline void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
-				      const struct ieee80211_mgmt *mgmt,
-				      size_t len)
-{
-}
-
-static inline void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s,
-				    struct rx_mgmt *rx_mgmt)
-{
-}
-
-#endif /* CONFIG_MESH */
-
-#endif /* MESH_MPM_H */
diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
deleted file mode 100644
index 65daa77c2c98..000000000000
--- a/wpa_supplicant/mesh_rsn.c
+++ /dev/null
@@ -1,795 +0,0 @@
-/*
- * WPA Supplicant - Mesh RSN routines
- * Copyright (c) 2013-2014, cozybit, Inc.  All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "crypto/sha256.h"
-#include "crypto/random.h"
-#include "crypto/aes.h"
-#include "crypto/aes_siv.h"
-#include "rsn_supp/wpa.h"
-#include "ap/hostapd.h"
-#include "ap/wpa_auth.h"
-#include "ap/sta_info.h"
-#include "ap/ieee802_11.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "wpas_glue.h"
-#include "mesh_mpm.h"
-#include "mesh_rsn.h"
-
-#define MESH_AUTH_TIMEOUT 10
-#define MESH_AUTH_RETRY 3
-
-void mesh_auth_timer(void *eloop_ctx, void *user_data)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct sta_info *sta = user_data;
-	struct hostapd_data *hapd;
-
-	if (sta->sae->state != SAE_ACCEPTED) {
-		wpa_printf(MSG_DEBUG, "AUTH: Re-authenticate with " MACSTR
-			   " (attempt %d) ",
-			   MAC2STR(sta->addr), sta->sae_auth_retry);
-		wpa_msg(wpa_s, MSG_INFO, MESH_SAE_AUTH_FAILURE "addr=" MACSTR,
-			MAC2STR(sta->addr));
-		if (sta->sae_auth_retry < MESH_AUTH_RETRY) {
-			mesh_rsn_auth_sae_sta(wpa_s, sta);
-		} else {
-			hapd = wpa_s->ifmsh->bss[0];
-
-			if (sta->sae_auth_retry > MESH_AUTH_RETRY) {
-				ap_free_sta(hapd, sta);
-				return;
-			}
-
-			/* block the STA if exceeded the number of attempts */
-			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_BLOCKED);
-			sta->sae->state = SAE_NOTHING;
-			wpa_msg(wpa_s, MSG_INFO, MESH_SAE_AUTH_BLOCKED "addr="
-				MACSTR " duration=%d",
-				MAC2STR(sta->addr),
-				hapd->conf->ap_max_inactivity);
-		}
-		sta->sae_auth_retry++;
-	}
-}
-
-
-static void auth_logger(void *ctx, const u8 *addr, logger_level level,
-			const char *txt)
-{
-	if (addr)
-		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s",
-			   MAC2STR(addr), txt);
-	else
-		wpa_printf(MSG_DEBUG, "AUTH: %s", txt);
-}
-
-
-static const u8 *auth_get_psk(void *ctx, const u8 *addr,
-			      const u8 *p2p_dev_addr, const u8 *prev_psk,
-			      size_t *psk_len, int *vlan_id)
-{
-	struct mesh_rsn *mesh_rsn = ctx;
-	struct hostapd_data *hapd = mesh_rsn->wpa_s->ifmsh->bss[0];
-	struct sta_info *sta = ap_get_sta(hapd, addr);
-
-	if (psk_len)
-		*psk_len = PMK_LEN;
-	if (vlan_id)
-		*vlan_id = 0;
-	wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
-		   __func__, MAC2STR(addr), prev_psk);
-
-	if (sta && sta->auth_alg == WLAN_AUTH_SAE) {
-		if (!sta->sae || prev_psk)
-			return NULL;
-		return sta->sae->pmk;
-	}
-
-	return NULL;
-}
-
-
-static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
-			const u8 *addr, int idx, u8 *key, size_t key_len,
-			enum key_flag key_flag)
-{
-	struct mesh_rsn *mesh_rsn = ctx;
-	u8 seq[6];
-
-	os_memset(seq, 0, sizeof(seq));
-
-	if (addr) {
-		wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR
-			   " key_idx=%d)",
-			   __func__, alg, MAC2STR(addr), idx);
-	} else {
-		wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)",
-			   __func__, alg, idx);
-	}
-	wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len);
-
-	return wpa_drv_set_key(mesh_rsn->wpa_s, alg, addr, idx,
-			       1, seq, 6, key, key_len, key_flag);
-}
-
-
-static int auth_start_ampe(void *ctx, const u8 *addr)
-{
-	struct mesh_rsn *mesh_rsn = ctx;
-	struct hostapd_data *hapd;
-	struct sta_info *sta;
-
-	if (mesh_rsn->wpa_s->current_ssid->mode != WPAS_MODE_MESH)
-		return -1;
-
-	hapd = mesh_rsn->wpa_s->ifmsh->bss[0];
-	sta = ap_get_sta(hapd, addr);
-	if (sta)
-		eloop_cancel_timeout(mesh_auth_timer, mesh_rsn->wpa_s, sta);
-
-	mesh_mpm_auth_peer(mesh_rsn->wpa_s, addr);
-	return 0;
-}
-
-
-static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr,
-				enum mfp_options ieee80211w, int ocv)
-{
-	struct wpa_auth_config conf;
-	static const struct wpa_auth_callbacks cb = {
-		.logger = auth_logger,
-		.get_psk = auth_get_psk,
-		.set_key = auth_set_key,
-		.start_ampe = auth_start_ampe,
-	};
-	u8 seq[6] = {};
-
-	wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine");
-
-	os_memset(&conf, 0, sizeof(conf));
-	conf.wpa = WPA_PROTO_RSN;
-	conf.wpa_key_mgmt = WPA_KEY_MGMT_SAE;
-	conf.wpa_pairwise = rsn->pairwise_cipher;
-	conf.rsn_pairwise = rsn->pairwise_cipher;
-	conf.wpa_group = rsn->group_cipher;
-	conf.eapol_version = 0;
-	conf.wpa_group_rekey = -1;
-	conf.wpa_group_update_count = 4;
-	conf.wpa_pairwise_update_count = 4;
-	conf.ieee80211w = ieee80211w;
-	if (ieee80211w != NO_MGMT_FRAME_PROTECTION)
-		conf.group_mgmt_cipher = rsn->mgmt_group_cipher;
-#ifdef CONFIG_OCV
-	conf.ocv = ocv;
-#endif /* CONFIG_OCV */
-
-	rsn->auth = wpa_init(addr, &conf, &cb, rsn);
-	if (rsn->auth == NULL) {
-		wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed");
-		return -1;
-	}
-
-	/* TODO: support rekeying */
-	rsn->mgtk_len = wpa_cipher_key_len(conf.wpa_group);
-	if (random_get_bytes(rsn->mgtk, rsn->mgtk_len) < 0)
-		return -1;
-	rsn->mgtk_key_id = 1;
-
-	if (ieee80211w != NO_MGMT_FRAME_PROTECTION) {
-		rsn->igtk_len = wpa_cipher_key_len(conf.group_mgmt_cipher);
-		if (random_get_bytes(rsn->igtk, rsn->igtk_len) < 0)
-			return -1;
-		rsn->igtk_key_id = 4;
-
-		/* group mgmt */
-		wpa_hexdump_key(MSG_DEBUG, "mesh: Own TX IGTK",
-				rsn->igtk, rsn->igtk_len);
-		wpa_drv_set_key(rsn->wpa_s,
-				wpa_cipher_to_alg(rsn->mgmt_group_cipher),
-				broadcast_ether_addr,
-				rsn->igtk_key_id, 1,
-				seq, sizeof(seq), rsn->igtk, rsn->igtk_len,
-				KEY_FLAG_GROUP_TX_DEFAULT);
-	}
-
-	/* group privacy / data frames */
-	wpa_hexdump_key(MSG_DEBUG, "mesh: Own TX MGTK",
-			rsn->mgtk, rsn->mgtk_len);
-	wpa_drv_set_key(rsn->wpa_s, wpa_cipher_to_alg(rsn->group_cipher),
-			broadcast_ether_addr,
-			rsn->mgtk_key_id, 1, seq, sizeof(seq),
-			rsn->mgtk, rsn->mgtk_len, KEY_FLAG_GROUP_TX_DEFAULT);
-
-	return 0;
-}
-
-
-static void mesh_rsn_deinit(struct mesh_rsn *rsn)
-{
-	os_memset(rsn->mgtk, 0, sizeof(rsn->mgtk));
-	rsn->mgtk_len = 0;
-	os_memset(rsn->igtk, 0, sizeof(rsn->igtk));
-	rsn->igtk_len = 0;
-	if (rsn->auth)
-		wpa_deinit(rsn->auth);
-}
-
-
-struct mesh_rsn *mesh_rsn_auth_init(struct wpa_supplicant *wpa_s,
-				    struct mesh_conf *conf)
-{
-	struct mesh_rsn *mesh_rsn;
-	struct hostapd_data *bss = wpa_s->ifmsh->bss[0];
-	const u8 *ie;
-	size_t ie_len;
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-	struct external_pmksa_cache *entry;
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-	mesh_rsn = os_zalloc(sizeof(*mesh_rsn));
-	if (mesh_rsn == NULL)
-		return NULL;
-	mesh_rsn->wpa_s = wpa_s;
-	mesh_rsn->pairwise_cipher = conf->pairwise_cipher;
-	mesh_rsn->group_cipher = conf->group_cipher;
-	mesh_rsn->mgmt_group_cipher = conf->mgmt_group_cipher;
-
-	if (__mesh_rsn_auth_init(mesh_rsn, wpa_s->own_addr,
-				 conf->ieee80211w, conf->ocv) < 0) {
-		mesh_rsn_deinit(mesh_rsn);
-		os_free(mesh_rsn);
-		return NULL;
-	}
-
-	bss->wpa_auth = mesh_rsn->auth;
-
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-	while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
-				     struct external_pmksa_cache,
-				     list)) != NULL) {
-		int ret;
-
-		ret = wpa_auth_pmksa_add_entry(bss->wpa_auth,
-					       entry->pmksa_cache);
-		dl_list_del(&entry->list);
-		os_free(entry);
-
-		if (ret < 0)
-			return NULL;
-	}
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-	ie = wpa_auth_get_wpa_ie(mesh_rsn->auth, &ie_len);
-	conf->rsn_ie = (u8 *) ie;
-	conf->rsn_ie_len = ie_len;
-
-	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
-
-	return mesh_rsn;
-}
-
-
-static int index_within_array(const int *array, int idx)
-{
-	int i;
-
-	for (i = 0; i < idx; i++) {
-		if (array[i] == -1)
-			return 0;
-	}
-
-	return 1;
-}
-
-
-static int mesh_rsn_sae_group(struct wpa_supplicant *wpa_s,
-			      struct sae_data *sae)
-{
-	int *groups = wpa_s->ifmsh->bss[0]->conf->sae_groups;
-
-	/* Configuration may have changed, so validate current index */
-	if (!index_within_array(groups, wpa_s->mesh_rsn->sae_group_index))
-		return -1;
-
-	for (;;) {
-		int group = groups[wpa_s->mesh_rsn->sae_group_index];
-
-		if (group <= 0)
-			break;
-		if (sae_set_group(sae, group) == 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
-				sae->group);
-			return 0;
-		}
-		wpa_s->mesh_rsn->sae_group_index++;
-	}
-
-	return -1;
-}
-
-
-static int mesh_rsn_build_sae_commit(struct wpa_supplicant *wpa_s,
-				     struct wpa_ssid *ssid,
-				     struct sta_info *sta)
-{
-	const char *password;
-
-	password = ssid->sae_password;
-	if (!password)
-		password = ssid->passphrase;
-	if (!password) {
-		wpa_msg(wpa_s, MSG_DEBUG, "SAE: No password available");
-		return -1;
-	}
-
-	if (mesh_rsn_sae_group(wpa_s, sta->sae) < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "SAE: Failed to select group");
-		return -1;
-	}
-
-	if (sta->sae->tmp && !sta->sae->tmp->pw_id && ssid->sae_password_id) {
-		sta->sae->tmp->pw_id = os_strdup(ssid->sae_password_id);
-		if (!sta->sae->tmp->pw_id)
-			return -1;
-	}
-	return sae_prepare_commit(wpa_s->own_addr, sta->addr,
-				  (u8 *) password, os_strlen(password),
-				  sta->sae);
-}
-
-
-/* initiate new SAE authentication with sta */
-int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
-			  struct sta_info *sta)
-{
-	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct rsn_pmksa_cache_entry *pmksa;
-	unsigned int rnd;
-	int ret;
-
-	if (!ssid) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"AUTH: No current_ssid known to initiate new SAE");
-		return -1;
-	}
-
-	if (!sta->sae) {
-		sta->sae = os_zalloc(sizeof(*sta->sae));
-		if (sta->sae == NULL)
-			return -1;
-	}
-
-	pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL);
-	if (pmksa) {
-		if (!sta->wpa_sm)
-			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
-							sta->addr, NULL);
-		if (!sta->wpa_sm) {
-			wpa_printf(MSG_ERROR,
-				   "mesh: Failed to initialize RSN state machine");
-			return -1;
-		}
-
-		wpa_printf(MSG_DEBUG,
-			   "AUTH: Mesh PMKSA cache entry found for " MACSTR
-			   " - try to use PMKSA caching instead of new SAE authentication",
-			   MAC2STR(sta->addr));
-		wpa_auth_pmksa_set_to_sm(pmksa, sta->wpa_sm, hapd->wpa_auth,
-					 sta->sae->pmkid, sta->sae->pmk);
-		sae_accept_sta(hapd, sta);
-		sta->mesh_sae_pmksa_caching = 1;
-		return 0;
-	}
-	sta->mesh_sae_pmksa_caching = 0;
-
-	if (mesh_rsn_build_sae_commit(wpa_s, ssid, sta))
-		return -1;
-
-	wpa_msg(wpa_s, MSG_DEBUG,
-		"AUTH: started authentication with SAE peer: " MACSTR,
-		MAC2STR(sta->addr));
-
-	ret = auth_sae_init_committed(hapd, sta);
-	if (ret)
-		return ret;
-
-	eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta);
-	rnd = rand() % MESH_AUTH_TIMEOUT;
-	eloop_register_timeout(MESH_AUTH_TIMEOUT + rnd, 0, mesh_auth_timer,
-			       wpa_s, sta);
-	return 0;
-}
-
-
-void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid)
-{
-	os_memcpy(pmkid, sta->sae->pmkid, SAE_PMKID_LEN);
-}
-
-
-static void
-mesh_rsn_derive_aek(struct mesh_rsn *rsn, struct sta_info *sta)
-{
-	u8 *myaddr = rsn->wpa_s->own_addr;
-	u8 *peer = sta->addr;
-	u8 *addr1, *addr2;
-	u8 context[RSN_SELECTOR_LEN + 2 * ETH_ALEN], *ptr = context;
-
-	/*
-	 * AEK = KDF-Hash-256(PMK, "AEK Derivation", Selected AKM Suite ||
-	 *       min(localMAC, peerMAC) || max(localMAC, peerMAC))
-	 */
-	/* Selected AKM Suite: SAE */
-	RSN_SELECTOR_PUT(ptr, RSN_AUTH_KEY_MGMT_SAE);
-	ptr += RSN_SELECTOR_LEN;
-
-	if (os_memcmp(myaddr, peer, ETH_ALEN) < 0) {
-		addr1 = myaddr;
-		addr2 = peer;
-	} else {
-		addr1 = peer;
-		addr2 = myaddr;
-	}
-	os_memcpy(ptr, addr1, ETH_ALEN);
-	ptr += ETH_ALEN;
-	os_memcpy(ptr, addr2, ETH_ALEN);
-
-	sha256_prf(sta->sae->pmk, sizeof(sta->sae->pmk), "AEK Derivation",
-		   context, sizeof(context), sta->aek, sizeof(sta->aek));
-}
-
-
-/* derive mesh temporal key from pmk */
-int mesh_rsn_derive_mtk(struct wpa_supplicant *wpa_s, struct sta_info *sta)
-{
-	u8 *ptr;
-	u8 *min, *max;
-	u8 *myaddr = wpa_s->own_addr;
-	u8 *peer = sta->addr;
-	u8 context[2 * WPA_NONCE_LEN + 2 * 2 + RSN_SELECTOR_LEN + 2 * ETH_ALEN];
-
-	/*
-	 * MTK = KDF-Hash-Length(PMK, "Temporal Key Derivation", min(localNonce,
-	 *  peerNonce) || max(localNonce, peerNonce) || min(localLinkID,
-	 *  peerLinkID) || max(localLinkID, peerLinkID) || Selected AKM Suite ||
-	 *  min(localMAC, peerMAC) || max(localMAC, peerMAC))
-	 */
-	ptr = context;
-	if (os_memcmp(sta->my_nonce, sta->peer_nonce, WPA_NONCE_LEN) < 0) {
-		min = sta->my_nonce;
-		max = sta->peer_nonce;
-	} else {
-		min = sta->peer_nonce;
-		max = sta->my_nonce;
-	}
-	os_memcpy(ptr, min, WPA_NONCE_LEN);
-	ptr += WPA_NONCE_LEN;
-	os_memcpy(ptr, max, WPA_NONCE_LEN);
-	ptr += WPA_NONCE_LEN;
-
-	if (sta->my_lid < sta->peer_lid) {
-		WPA_PUT_LE16(ptr, sta->my_lid);
-		ptr += 2;
-		WPA_PUT_LE16(ptr, sta->peer_lid);
-		ptr += 2;
-	} else {
-		WPA_PUT_LE16(ptr, sta->peer_lid);
-		ptr += 2;
-		WPA_PUT_LE16(ptr, sta->my_lid);
-		ptr += 2;
-	}
-
-	/* Selected AKM Suite: SAE */
-	RSN_SELECTOR_PUT(ptr, RSN_AUTH_KEY_MGMT_SAE);
-	ptr += RSN_SELECTOR_LEN;
-
-	if (os_memcmp(myaddr, peer, ETH_ALEN) < 0) {
-		min = myaddr;
-		max = peer;
-	} else {
-		min = peer;
-		max = myaddr;
-	}
-	os_memcpy(ptr, min, ETH_ALEN);
-	ptr += ETH_ALEN;
-	os_memcpy(ptr, max, ETH_ALEN);
-
-	sta->mtk_len = wpa_cipher_key_len(wpa_s->mesh_rsn->pairwise_cipher);
-	sha256_prf(sta->sae->pmk, SAE_PMK_LEN,
-		   "Temporal Key Derivation", context, sizeof(context),
-		   sta->mtk, sta->mtk_len);
-	return 0;
-}
-
-
-void mesh_rsn_init_ampe_sta(struct wpa_supplicant *wpa_s, struct sta_info *sta)
-{
-	if (random_get_bytes(sta->my_nonce, WPA_NONCE_LEN) < 0) {
-		wpa_printf(MSG_INFO, "mesh: Failed to derive random nonce");
-		/* TODO: How to handle this more cleanly? */
-	}
-	os_memset(sta->peer_nonce, 0, WPA_NONCE_LEN);
-	mesh_rsn_derive_aek(wpa_s->mesh_rsn, sta);
-}
-
-
-/* insert AMPE and encrypted MIC at @ie.
- * @mesh_rsn: mesh RSN context
- * @sta: STA we're sending to
- * @cat: pointer to category code in frame header.
- * @buf: wpabuf to add encrypted AMPE and MIC to.
- * */
-int mesh_rsn_protect_frame(struct mesh_rsn *rsn, struct sta_info *sta,
-			   const u8 *cat, struct wpabuf *buf)
-{
-	struct ieee80211_ampe_ie *ampe;
-	u8 const *ie = wpabuf_head_u8(buf) + wpabuf_len(buf);
-	u8 *ampe_ie, *pos, *mic_payload;
-	const u8 *aad[] = { rsn->wpa_s->own_addr, sta->addr, cat };
-	const size_t aad_len[] = { ETH_ALEN, ETH_ALEN, ie - cat };
-	int ret = 0;
-	size_t len;
-
-	len = sizeof(*ampe);
-	if (cat[1] == PLINK_OPEN)
-		len += rsn->mgtk_len + WPA_KEY_RSC_LEN + 4;
-	if (cat[1] == PLINK_OPEN && rsn->igtk_len)
-		len += 2 + 6 + rsn->igtk_len;
-
-	if (2 + AES_BLOCK_SIZE + 2 + len > wpabuf_tailroom(buf)) {
-		wpa_printf(MSG_ERROR, "protect frame: buffer too small");
-		return -EINVAL;
-	}
-
-	ampe_ie = os_zalloc(2 + len);
-	if (!ampe_ie) {
-		wpa_printf(MSG_ERROR, "protect frame: out of memory");
-		return -ENOMEM;
-	}
-
-	/*  IE: AMPE */
-	ampe_ie[0] = WLAN_EID_AMPE;
-	ampe_ie[1] = len;
-	ampe = (struct ieee80211_ampe_ie *) (ampe_ie + 2);
-
-	RSN_SELECTOR_PUT(ampe->selected_pairwise_suite,
-			 RSN_CIPHER_SUITE_CCMP);
-	os_memcpy(ampe->local_nonce, sta->my_nonce, WPA_NONCE_LEN);
-	os_memcpy(ampe->peer_nonce, sta->peer_nonce, WPA_NONCE_LEN);
-
-	pos = (u8 *) (ampe + 1);
-	if (cat[1] != PLINK_OPEN)
-		goto skip_keys;
-
-	/* TODO: Key Replay Counter[8] optionally for
-	 * Mesh Group Key Inform/Acknowledge frames */
-
-	/* TODO: static mgtk for now since we don't support rekeying! */
-	/*
-	 * GTKdata[variable]:
-	 * MGTK[variable] || Key RSC[8] || GTKExpirationTime[4]
-	 */
-	os_memcpy(pos, rsn->mgtk, rsn->mgtk_len);
-	pos += rsn->mgtk_len;
-	wpa_drv_get_seqnum(rsn->wpa_s, NULL, rsn->mgtk_key_id, pos);
-	pos += WPA_KEY_RSC_LEN;
-	/* Use fixed GTKExpirationTime for now */
-	WPA_PUT_LE32(pos, 0xffffffff);
-	pos += 4;
-
-	/*
-	 * IGTKdata[variable]:
-	 * Key ID[2], IPN[6], IGTK[variable]
-	 */
-	if (rsn->igtk_len) {
-		WPA_PUT_LE16(pos, rsn->igtk_key_id);
-		pos += 2;
-		wpa_drv_get_seqnum(rsn->wpa_s, NULL, rsn->igtk_key_id, pos);
-		pos += 6;
-		os_memcpy(pos, rsn->igtk, rsn->igtk_len);
-	}
-
-skip_keys:
-	wpa_hexdump_key(MSG_DEBUG, "mesh: Plaintext AMPE element",
-			ampe_ie, 2 + len);
-
-	/* IE: MIC */
-	wpabuf_put_u8(buf, WLAN_EID_MIC);
-	wpabuf_put_u8(buf, AES_BLOCK_SIZE);
-	/* MIC field is output ciphertext */
-
-	/* encrypt after MIC */
-	mic_payload = wpabuf_put(buf, 2 + len + AES_BLOCK_SIZE);
-
-	if (aes_siv_encrypt(sta->aek, sizeof(sta->aek), ampe_ie, 2 + len, 3,
-			    aad, aad_len, mic_payload)) {
-		wpa_printf(MSG_ERROR, "protect frame: failed to encrypt");
-		ret = -ENOMEM;
-	}
-
-	os_free(ampe_ie);
-
-	return ret;
-}
-
-
-int mesh_rsn_process_ampe(struct wpa_supplicant *wpa_s, struct sta_info *sta,
-			  struct ieee802_11_elems *elems, const u8 *cat,
-			  const u8 *chosen_pmk,
-			  const u8 *start, size_t elems_len)
-{
-	int ret = 0;
-	struct ieee80211_ampe_ie *ampe;
-	u8 null_nonce[WPA_NONCE_LEN] = {};
-	u8 ampe_eid;
-	u8 ampe_ie_len;
-	u8 *ampe_buf, *crypt = NULL, *pos, *end;
-	size_t crypt_len;
-	const u8 *aad[] = { sta->addr, wpa_s->own_addr, cat };
-	const size_t aad_len[] = { ETH_ALEN, ETH_ALEN,
-				   elems->mic ? (elems->mic - 2) - cat : 0 };
-	size_t key_len;
-
-	if (!sta->sae) {
-		struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
-
-		if (!wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL)) {
-			wpa_printf(MSG_INFO,
-				   "Mesh RSN: SAE is not prepared yet");
-			return -1;
-		}
-		mesh_rsn_auth_sae_sta(wpa_s, sta);
-	}
-
-	if (chosen_pmk &&
-	    (!sta->sae ||
-	     os_memcmp(chosen_pmk, sta->sae->pmkid, PMKID_LEN) != 0)) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Mesh RSN: Invalid PMKID (Chosen PMK did not match calculated PMKID)");
-		return -1;
-	}
-
-	if (!elems->mic || elems->mic_len < AES_BLOCK_SIZE) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Mesh RSN: missing mic ie");
-		return -1;
-	}
-
-	ampe_buf = (u8 *) elems->mic + elems->mic_len;
-	if ((int) elems_len < ampe_buf - start)
-		return -1;
-
-	crypt_len = elems_len - (elems->mic - start);
-	if (crypt_len < 2 + AES_BLOCK_SIZE) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Mesh RSN: missing ampe ie");
-		return -1;
-	}
-
-	/* crypt is modified by siv_decrypt */
-	crypt = os_zalloc(crypt_len);
-	if (!crypt) {
-		wpa_printf(MSG_ERROR, "Mesh RSN: out of memory");
-		ret = -ENOMEM;
-		goto free;
-	}
-
-	os_memcpy(crypt, elems->mic, crypt_len);
-
-	if (aes_siv_decrypt(sta->aek, sizeof(sta->aek), crypt, crypt_len, 3,
-			    aad, aad_len, ampe_buf)) {
-		wpa_printf(MSG_ERROR, "Mesh RSN: frame verification failed!");
-		ret = -2;
-		goto free;
-	}
-
-	crypt_len -= AES_BLOCK_SIZE;
-	wpa_hexdump_key(MSG_DEBUG, "mesh: Decrypted AMPE element",
-			ampe_buf, crypt_len);
-
-	ampe_eid = *ampe_buf++;
-	ampe_ie_len = *ampe_buf++;
-
-	if (ampe_eid != WLAN_EID_AMPE ||
-	    (size_t) 2 + ampe_ie_len > crypt_len ||
-	    ampe_ie_len < sizeof(struct ieee80211_ampe_ie)) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Mesh RSN: invalid ampe ie");
-		ret = -1;
-		goto free;
-	}
-
-	ampe = (struct ieee80211_ampe_ie *) ampe_buf;
-	pos = (u8 *) (ampe + 1);
-	end = ampe_buf + ampe_ie_len;
-	if (os_memcmp(ampe->peer_nonce, null_nonce, WPA_NONCE_LEN) != 0 &&
-	    os_memcmp(ampe->peer_nonce, sta->my_nonce, WPA_NONCE_LEN) != 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Mesh RSN: invalid peer nonce");
-		ret = -1;
-		goto free;
-	}
-	os_memcpy(sta->peer_nonce, ampe->local_nonce,
-		  sizeof(ampe->local_nonce));
-
-	/* TODO: Key Replay Counter[8] in Mesh Group Key Inform/Acknowledge
-	 * frames */
-
-	/*
-	 * GTKdata shall not be included in Mesh Peering Confirm. While the
-	 * standard does not state the same about IGTKdata, that same constraint
-	 * needs to apply for it. It makes no sense to include the keys in Mesh
-	 * Peering Close frames either, so while the standard does not seem to
-	 * have a shall statement for these, they are described without
-	 * mentioning GTKdata.
-	 *
-	 * An earlier implementation used to add GTKdata to both Mesh Peering
-	 * Open and Mesh Peering Confirm frames, so ignore the possibly present
-	 * GTKdata frame without rejecting the frame as a backwards
-	 * compatibility mechanism.
-	 */
-	if (cat[1] != PLINK_OPEN) {
-		if (end > pos) {
-			wpa_hexdump_key(MSG_DEBUG,
-					"mesh: Ignore unexpected GTKdata(etc.) fields in the end of AMPE element in Mesh Peering Confirm/Close",
-					pos, end - pos);
-		}
-		goto free;
-	}
-
-	/*
-	 * GTKdata[variable]:
-	 * MGTK[variable] || Key RSC[8] || GTKExpirationTime[4]
-	 */
-	sta->mgtk_key_id = 1; /* FIX: Where to get Key ID? */
-	key_len = wpa_cipher_key_len(wpa_s->mesh_rsn->group_cipher);
-	if ((int) key_len + WPA_KEY_RSC_LEN + 4 > end - pos) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "mesh: Truncated AMPE element");
-		ret = -1;
-		goto free;
-	}
-	sta->mgtk_len = key_len;
-	os_memcpy(sta->mgtk, pos, sta->mgtk_len);
-	wpa_hexdump_key(MSG_DEBUG, "mesh: GTKdata - MGTK",
-			sta->mgtk, sta->mgtk_len);
-	pos += sta->mgtk_len;
-	wpa_hexdump(MSG_DEBUG, "mesh: GTKdata - MGTK - Key RSC",
-		    pos, WPA_KEY_RSC_LEN);
-	os_memcpy(sta->mgtk_rsc, pos, sizeof(sta->mgtk_rsc));
-	pos += WPA_KEY_RSC_LEN;
-	wpa_printf(MSG_DEBUG,
-		   "mesh: GTKdata - MGTK - GTKExpirationTime: %u seconds",
-		   WPA_GET_LE32(pos));
-	pos += 4;
-
-	/*
-	 * IGTKdata[variable]:
-	 * Key ID[2], IPN[6], IGTK[variable]
-	 */
-	key_len = wpa_cipher_key_len(wpa_s->mesh_rsn->mgmt_group_cipher);
-	if (end - pos >= (int) (2 + 6 + key_len)) {
-		sta->igtk_key_id = WPA_GET_LE16(pos);
-		wpa_printf(MSG_DEBUG, "mesh: IGTKdata - Key ID %u",
-			   sta->igtk_key_id);
-		pos += 2;
-		os_memcpy(sta->igtk_rsc, pos, sizeof(sta->igtk_rsc));
-		wpa_hexdump(MSG_DEBUG, "mesh: IGTKdata - IPN",
-			    sta->igtk_rsc, sizeof(sta->igtk_rsc));
-		pos += 6;
-		os_memcpy(sta->igtk, pos, key_len);
-		sta->igtk_len = key_len;
-		wpa_hexdump_key(MSG_DEBUG, "mesh: IGTKdata - IGTK",
-				sta->igtk, sta->igtk_len);
-	}
-
-free:
-	os_free(crypt);
-	return ret;
-}
diff --git a/wpa_supplicant/mesh_rsn.h b/wpa_supplicant/mesh_rsn.h
deleted file mode 100644
index 8775cedc3b27..000000000000
--- a/wpa_supplicant/mesh_rsn.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * WPA Supplicant - Mesh RSN routines
- * Copyright (c) 2013-2014, cozybit, Inc.  All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef MESH_RSN_H
-#define MESH_RSN_H
-
-struct mesh_rsn {
-	struct wpa_supplicant *wpa_s;
-	struct wpa_authenticator *auth;
-	unsigned int pairwise_cipher;
-	unsigned int group_cipher;
-	u8 mgtk[WPA_TK_MAX_LEN];
-	size_t mgtk_len;
-	u8 mgtk_key_id;
-	unsigned int mgmt_group_cipher;
-	u8 igtk_key_id;
-	u8 igtk[WPA_TK_MAX_LEN];
-	size_t igtk_len;
-#ifdef CONFIG_SAE
-	struct wpabuf *sae_token;
-	int sae_group_index;
-#endif /* CONFIG_SAE */
-};
-
-struct mesh_rsn * mesh_rsn_auth_init(struct wpa_supplicant *wpa_s,
-				     struct mesh_conf *conf);
-int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s, struct sta_info *sta);
-int mesh_rsn_derive_mtk(struct wpa_supplicant *wpa_s, struct sta_info *sta);
-void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid);
-void mesh_rsn_init_ampe_sta(struct wpa_supplicant *wpa_s,
-			    struct sta_info *sta);
-int mesh_rsn_protect_frame(struct mesh_rsn *rsn, struct sta_info *sta,
-			   const u8 *cat, struct wpabuf *buf);
-int mesh_rsn_process_ampe(struct wpa_supplicant *wpa_s, struct sta_info *sta,
-			  struct ieee802_11_elems *elems, const u8 *cat,
-			  const u8 *chosen_pmk,
-			  const u8 *start, size_t elems_len);
-void mesh_auth_timer(void *eloop_ctx, void *user_data);
-
-#endif /* MESH_RSN_H */
diff --git a/wpa_supplicant/nfc_pw_token.c b/wpa_supplicant/nfc_pw_token.c
deleted file mode 100644
index 11afb5b97fbf..000000000000
--- a/wpa_supplicant/nfc_pw_token.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * nfc_pw_token - Tool for building NFC password tokens for WPS
- * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "utils/common.h"
-#include "crypto/random.h"
-#include "wpa_supplicant_i.h"
-#include "config.h"
-#include "wps_supplicant.h"
-
-
-static void print_bin(const char *title, const struct wpabuf *buf)
-{
-	size_t i, len;
-	const u8 *pos;
-
-	if (buf == NULL)
-		return;
-
-	printf("%s=", title);
-
-	pos = wpabuf_head(buf);
-	len = wpabuf_len(buf);
-	for (i = 0; i < len; i++)
-		printf("%02X", *pos++);
-
-	printf("\n");
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct wpa_supplicant wpa_s;
-	int ret = -1;
-	struct wpabuf *buf = NULL, *ndef = NULL;
-	char txt[1000];
-
-	if (os_program_init())
-		return -1;
-	random_init(NULL);
-
-	os_memset(&wpa_s, 0, sizeof(wpa_s));
-	wpa_s.conf = os_zalloc(sizeof(*wpa_s.conf));
-	if (wpa_s.conf == NULL)
-		goto fail;
-
-	buf = wpas_wps_nfc_token(&wpa_s, 0);
-	if (buf == NULL)
-		goto fail;
-
-	ndef = ndef_build_wifi(buf);
-	if (ndef == NULL)
-		goto fail;
-
-	wpa_snprintf_hex_uppercase(txt, sizeof(txt), wpabuf_head(buf),
-				   wpabuf_len(buf));
-	printf("#WPS=%s\n", txt);
-
-	wpa_snprintf_hex_uppercase(txt, sizeof(txt), wpabuf_head(ndef),
-				   wpabuf_len(ndef));
-	printf("#NDEF=%s\n", txt);
-
-	printf("wps_nfc_dev_pw_id=%d\n", wpa_s.conf->wps_nfc_dev_pw_id);
-	print_bin("wps_nfc_dh_pubkey", wpa_s.conf->wps_nfc_dh_pubkey);
-	print_bin("wps_nfc_dh_privkey", wpa_s.conf->wps_nfc_dh_privkey);
-	print_bin("wps_nfc_dev_pw", wpa_s.conf->wps_nfc_dev_pw);
-
-	ret = 0;
-fail:
-	wpabuf_free(ndef);
-	wpabuf_free(buf);
-	wpa_config_free(wpa_s.conf);
-	random_deinit();
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/wpa_supplicant/nmake.mak b/wpa_supplicant/nmake.mak
deleted file mode 100644
index 617df036a9d2..000000000000
--- a/wpa_supplicant/nmake.mak
+++ /dev/null
@@ -1,240 +0,0 @@
-# Makefile for Microsoft nmake to build wpa_supplicant
-
-# This can be run in Visual Studio 2005 Command Prompt
-
-# Note: Make sure that cl.exe is configured to include Platform SDK
-# include and lib directories (vsvars32.bat)
-
-all: wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe wpasvc.exe win_if_list.exe
-
-# Root directory for WinPcap developer's pack
-# (http://www.winpcap.org/install/bin/WpdPack_3_1.zip)
-WINPCAPDIR=C:\dev\WpdPack
-
-# Root directory for OpenSSL
-# (http://www.openssl.org/source/openssl-0.9.8a.tar.gz)
-# Build and installed following instructions in INSTALL.W32
-# Note: If EAP-FAST is included in the build, OpenSSL needs to be patched to
-# support it (openssl-tls-extensions.patch)
-# Alternatively, see README-Windows.txt for information about binary
-# installation package for OpenSSL.
-OPENSSLDIR=C:\dev\openssl
-
-CC = cl
-OBJDIR = objs
-
-CFLAGS = /DCONFIG_NATIVE_WINDOWS
-CFLAGS = $(CFLAGS) /DCONFIG_NDIS_EVENTS_INTEGRATED
-CFLAGS = $(CFLAGS) /DCONFIG_ANSI_C_EXTRA
-CFLAGS = $(CFLAGS) /DCONFIG_WINPCAP
-CFLAGS = $(CFLAGS) /DIEEE8021X_EAPOL
-CFLAGS = $(CFLAGS) /DPKCS12_FUNCS
-CFLAGS = $(CFLAGS) /DEAP_MD5
-CFLAGS = $(CFLAGS) /DEAP_TLS
-CFLAGS = $(CFLAGS) /DEAP_MSCHAPv2
-CFLAGS = $(CFLAGS) /DEAP_PEAP
-CFLAGS = $(CFLAGS) /DEAP_TTLS
-CFLAGS = $(CFLAGS) /DEAP_GTC
-CFLAGS = $(CFLAGS) /DEAP_OTP
-CFLAGS = $(CFLAGS) /DEAP_SIM
-CFLAGS = $(CFLAGS) /DEAP_LEAP
-CFLAGS = $(CFLAGS) /DEAP_PSK
-CFLAGS = $(CFLAGS) /DEAP_AKA
-#CFLAGS = $(CFLAGS) /DEAP_FAST
-CFLAGS = $(CFLAGS) /DEAP_PAX
-CFLAGS = $(CFLAGS) /DEAP_TNC
-CFLAGS = $(CFLAGS) /DPCSC_FUNCS
-CFLAGS = $(CFLAGS) /DCONFIG_CTRL_IFACE
-CFLAGS = $(CFLAGS) /DCONFIG_CTRL_IFACE_NAMED_PIPE
-CFLAGS = $(CFLAGS) /DCONFIG_DRIVER_NDIS
-CFLAGS = $(CFLAGS) /I..\src /I..\src\utils
-CFLAGS = $(CFLAGS) /I.
-CFLAGS = $(CFLAGS) /DWIN32
-CFLAGS = $(CFLAGS) /Fo$(OBJDIR)\\ /c
-CFLAGS = $(CFLAGS) /W3
-
-#CFLAGS = $(CFLAGS) /WX
-
-# VS 2005 complains about lot of deprecated string functions; let's ignore them
-# at least for now since snprintf and strncpy can be used in a safe way
-CFLAGS = $(CFLAGS) /D_CRT_SECURE_NO_DEPRECATE
-
-OBJS = \
-	$(OBJDIR)\os_win32.obj \
-	$(OBJDIR)\eloop_win.obj \
-	$(OBJDIR)\sha1.obj \
-	$(OBJDIR)\sha1-tlsprf.obj \
-	$(OBJDIR)\sha1-pbkdf2.obj \
-	$(OBJDIR)\md5.obj \
-	$(OBJDIR)\aes-cbc.obj \
-	$(OBJDIR)\aes-ctr.obj \
-	$(OBJDIR)\aes-eax.obj \
-	$(OBJDIR)\aes-encblock.obj \
-	$(OBJDIR)\aes-omac1.obj \
-	$(OBJDIR)\aes-unwrap.obj \
-	$(OBJDIR)\aes-wrap.obj \
-	$(OBJDIR)\common.obj \
-	$(OBJDIR)\wpa_debug.obj \
-	$(OBJDIR)\wpabuf.obj \
-	$(OBJDIR)\wpa_supplicant.obj \
-	$(OBJDIR)\wpa.obj \
-	$(OBJDIR)\wpa_common.obj \
-	$(OBJDIR)\wpa_ie.obj \
-	$(OBJDIR)\preauth.obj \
-	$(OBJDIR)\pmksa_cache.obj \
-	$(OBJDIR)\eapol_supp_sm.obj \
-	$(OBJDIR)\eap.obj \
-	$(OBJDIR)\eap_common.obj \
-	$(OBJDIR)\chap.obj \
-	$(OBJDIR)\eap_methods.obj \
-	$(OBJDIR)\eap_md5.obj \
-	$(OBJDIR)\eap_tls.obj \
-	$(OBJDIR)\eap_tls_common.obj \
-	$(OBJDIR)\eap_mschapv2.obj \
-	$(OBJDIR)\mschapv2.obj \
-	$(OBJDIR)\eap_peap.obj \
-	$(OBJDIR)\eap_peap_common.obj \
-	$(OBJDIR)\eap_ttls.obj \
-	$(OBJDIR)\eap_gtc.obj \
-	$(OBJDIR)\eap_otp.obj \
-	$(OBJDIR)\eap_leap.obj \
-	$(OBJDIR)\eap_sim.obj \
-	$(OBJDIR)\eap_sim_common.obj \
-	$(OBJDIR)\eap_aka.obj \
-	$(OBJDIR)\eap_pax.obj \
-	$(OBJDIR)\eap_pax_common.obj \
-	$(OBJDIR)\eap_psk.obj \
-	$(OBJDIR)\eap_psk_common.obj \
-	$(OBJDIR)\eap_tnc.obj \
-	$(OBJDIR)\tncc.obj \
-	$(OBJDIR)\base64.obj \
-	$(OBJDIR)\ctrl_iface.obj \
-	$(OBJDIR)\ctrl_iface_named_pipe.obj \
-	$(OBJDIR)\driver_ndis.obj \
-	$(OBJDIR)\driver_ndis_.obj \
-	$(OBJDIR)\scan_helpers.obj \
-	$(OBJDIR)\events.obj \
-	$(OBJDIR)\bssid_ignore.obj \
-	$(OBJDIR)\scan.obj \
-	$(OBJDIR)\wpas_glue.obj \
-	$(OBJDIR)\eap_register.obj \
-	$(OBJDIR)\config.obj \
-	$(OBJDIR)\l2_packet_winpcap.obj \
-	$(OBJDIR)\tls_openssl.obj \
-	$(OBJDIR)\ms_funcs.obj \
-	$(OBJDIR)\crypto_openssl.obj \
-	$(OBJDIR)\fips_prf_openssl.obj \
-	$(OBJDIR)\pcsc_funcs.obj \
-	$(OBJDIR)\notify.obj \
-	$(OBJDIR)\ndis_events.obj
-
-# OBJS = $(OBJS) $(OBJDIR)\eap_fast.obj
-
-OBJS_t = $(OBJS) \
-	$(OBJDIR)\eapol_test.obj \
-	$(OBJDIR)\radius.obj \
-	$(OBJDIR)\radius_client.obj \
-	$(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj
-
-OBJS_t2 = $(OBJS) \
-	$(OBJDIR)\preauth_test.obj \
-	$(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj
-
-OBJS2 = $(OBJDIR)\drivers.obj \
-	$(OBJDIR)\config_file.obj \
-	$(OBJS2) $(OBJDIR)\main.obj
-
-OBJS3 = $(OBJDIR)\drivers.obj \
-	$(OBJDIR)\config_winreg.obj \
-	$(OBJS3) $(OBJDIR)\main_winsvc.obj
-
-OBJS_c = \
-	$(OBJDIR)\os_win32.obj \
-	$(OBJDIR)\wpa_cli.obj \
-	$(OBJDIR)\wpa_ctrl.obj \
-	$(OBJDIR)\common.obj
-
-OBJS_p = \
-	$(OBJDIR)\os_win32.obj \
-	$(OBJDIR)\common.obj \
-	$(OBJDIR)\wpa_debug.obj \
-	$(OBJDIR)\wpabuf.obj \
-	$(OBJDIR)\sha1.obj \
-	$(OBJDIR)\md5.obj \
-	$(OBJDIR)\crypto_openssl.obj \
-	$(OBJDIR)\sha1-pbkdf2.obj \
-	$(OBJDIR)\wpa_passphrase.obj
-
-LIBS = wbemuuid.lib libcmt.lib kernel32.lib uuid.lib ole32.lib oleaut32.lib \
-	ws2_32.lib Advapi32.lib Crypt32.lib Winscard.lib \
-	Packet.lib wpcap.lib \
-	libeay32.lib ssleay32.lib
-# If using Win32 OpenSSL binary installation from Shining Light Productions,
-# replace the last line with this for dynamic libraries
-#	libeay32MT.lib ssleay32MT.lib
-# and this for static libraries
-#	libeay32MT.lib ssleay32MT.lib Gdi32.lib User32.lib
-
-CFLAGS = $(CFLAGS) /I"$(WINPCAPDIR)/Include" /I"$(OPENSSLDIR)\include"
-LFLAGS = /libpath:"$(WINPCAPDIR)\Lib" /libpath:"$(OPENSSLDIR)\lib"
-
-wpa_supplicant.exe: $(OBJDIR) $(OBJS) $(OBJS2)
-	link.exe /out:wpa_supplicant.exe $(LFLAGS) $(OBJS) $(OBJS2) $(LIBS)
-
-wpasvc.exe: $(OBJDIR) $(OBJS) $(OBJS3)
-	link.exe /out:wpasvc.exe $(LFLAGS) $(OBJS) $(OBJS3) $(LIBS)
-
-wpa_cli.exe: $(OBJDIR) $(OBJS_c)
-	link.exe /out:wpa_cli.exe $(LFLAGS) $(OBJS_c) $(LIBS)
-
-wpa_passphrase.exe: $(OBJDIR) $(OBJS_p)
-	link.exe /out:wpa_passphrase.exe $(LFLAGS) $(OBJS_p) $(LIBS)
-
-eapol_test.exe: $(OBJDIR) $(OBJS_t)
-	link.exe /out:eapol_test.exe $(LFLAGS) $(OBJS_t) $(LIBS)
-
-preauth_test.exe: $(OBJDIR) $(OBJS_t2)
-	link.exe /out:preauth_test.exe $(LFLAGS) $(OBJS_t2) $(LIBS)
-
-win_if_list.exe: $(OBJDIR) $(OBJDIR)\win_if_list.obj
-	link.exe /out:win_if_list.exe $(LFLAGS) $(OBJDIR)\win_if_list.obj $(LIBS)
-
-
-{..\src\utils}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\common}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\rsn_supp}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\eapol_supp}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\crypto}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\eap_peer}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\eap_common}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\drivers}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{..\src\l2_packet}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{.\}.c{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-{.\}.cpp{$(OBJDIR)}.obj::
-	$(CC) $(CFLAGS) $<
-
-$(OBJDIR):
-	if not exist "$(OBJDIR)" mkdir "$(OBJDIR)"
-
-clean:
-	erase $(OBJDIR)\*.obj wpa_supplicant.exe
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
deleted file mode 100644
index 821c916c153f..000000000000
--- a/wpa_supplicant/notify.c
+++ /dev/null
@@ -1,975 +0,0 @@
-/*
- * wpa_supplicant - Event notifications
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/wpa_ctrl.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "wps_supplicant.h"
-#include "binder/binder.h"
-#include "dbus/dbus_common.h"
-#include "dbus/dbus_new.h"
-#include "rsn_supp/wpa.h"
-#include "fst/fst.h"
-#include "crypto/tls.h"
-#include "bss.h"
-#include "driver_i.h"
-#include "scan.h"
-#include "p2p_supplicant.h"
-#include "sme.h"
-#include "notify.h"
-
-int wpas_notify_supplicant_initialized(struct wpa_global *global)
-{
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	if (global->params.dbus_ctrl_interface) {
-		global->dbus = wpas_dbus_init(global);
-		if (global->dbus == NULL)
-			return -1;
-	}
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-
-#ifdef CONFIG_BINDER
-	global->binder = wpas_binder_init(global);
-	if (!global->binder)
-		return -1;
-#endif /* CONFIG_BINDER */
-
-	return 0;
-}
-
-
-void wpas_notify_supplicant_deinitialized(struct wpa_global *global)
-{
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	if (global->dbus)
-		wpas_dbus_deinit(global->dbus);
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-
-#ifdef CONFIG_BINDER
-	if (global->binder)
-		wpas_binder_deinit(global->binder);
-#endif /* CONFIG_BINDER */
-}
-
-
-int wpas_notify_iface_added(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return 0;
-
-	if (wpas_dbus_register_interface(wpa_s))
-		return -1;
-
-	return 0;
-}
-
-
-void wpas_notify_iface_removed(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	/* unregister interface in new DBus ctrl iface */
-	wpas_dbus_unregister_interface(wpa_s);
-}
-
-
-void wpas_notify_state_changed(struct wpa_supplicant *wpa_s,
-			       enum wpa_states new_state,
-			       enum wpa_states old_state)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	/* notify the new DBus API */
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_STATE);
-
-#ifdef CONFIG_FST
-	if (wpa_s->fst && !is_zero_ether_addr(wpa_s->bssid)) {
-		if (new_state == WPA_COMPLETED)
-			fst_notify_peer_connected(wpa_s->fst, wpa_s->bssid);
-		else if (old_state >= WPA_ASSOCIATED &&
-			 new_state < WPA_ASSOCIATED)
-			fst_notify_peer_disconnected(wpa_s->fst, wpa_s->bssid);
-	}
-#endif /* CONFIG_FST */
-
-	if (new_state == WPA_COMPLETED)
-		wpas_p2p_notif_connected(wpa_s);
-	else if (old_state >= WPA_ASSOCIATED && new_state < WPA_ASSOCIATED)
-		wpas_p2p_notif_disconnected(wpa_s);
-
-	sme_state_changed(wpa_s);
-
-#ifdef ANDROID
-	wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_STATE_CHANGE
-		     "id=%d state=%d BSSID=" MACSTR " SSID=%s",
-		     wpa_s->current_ssid ? wpa_s->current_ssid->id : -1,
-		     new_state,
-		     MAC2STR(wpa_s->bssid),
-		     wpa_s->current_ssid && wpa_s->current_ssid->ssid ?
-		     wpa_ssid_txt(wpa_s->current_ssid->ssid,
-				  wpa_s->current_ssid->ssid_len) : "");
-#endif /* ANDROID */
-}
-
-
-void wpas_notify_disconnect_reason(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_DISCONNECT_REASON);
-}
-
-
-void wpas_notify_auth_status_code(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_AUTH_STATUS_CODE);
-}
-
-
-void wpas_notify_assoc_status_code(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_ASSOC_STATUS_CODE);
-}
-
-
-void wpas_notify_roam_time(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_ROAM_TIME);
-}
-
-
-void wpas_notify_roam_complete(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_ROAM_COMPLETE);
-}
-
-
-void wpas_notify_session_length(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_SESSION_LENGTH);
-}
-
-
-void wpas_notify_bss_tm_status(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSS_TM_STATUS);
-}
-
-
-void wpas_notify_network_changed(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_CURRENT_NETWORK);
-}
-
-
-void wpas_notify_ap_scan_changed(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_AP_SCAN);
-}
-
-
-void wpas_notify_bssid_changed(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_CURRENT_BSS);
-}
-
-
-void wpas_notify_auth_changed(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_CURRENT_AUTH_MODE);
-}
-
-
-void wpas_notify_network_enabled_changed(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_network_enabled_changed(wpa_s, ssid);
-}
-
-
-void wpas_notify_network_selected(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_network_selected(wpa_s, ssid->id);
-}
-
-
-void wpas_notify_network_request(struct wpa_supplicant *wpa_s,
-				 struct wpa_ssid *ssid,
-				 enum wpa_ctrl_req_type rtype,
-				 const char *default_txt)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_network_request(wpa_s, ssid, rtype, default_txt);
-}
-
-
-void wpas_notify_scanning(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	/* notify the new DBus API */
-	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_SCANNING);
-}
-
-
-void wpas_notify_scan_done(struct wpa_supplicant *wpa_s, int success)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_scan_done(wpa_s, success);
-}
-
-
-void wpas_notify_scan_results(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_wps_notify_scan_results(wpa_s);
-}
-
-
-void wpas_notify_wps_credential(struct wpa_supplicant *wpa_s,
-				const struct wps_credential *cred)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-#ifdef CONFIG_WPS
-	/* notify the new DBus API */
-	wpas_dbus_signal_wps_cred(wpa_s, cred);
-#endif /* CONFIG_WPS */
-}
-
-
-void wpas_notify_wps_event_m2d(struct wpa_supplicant *wpa_s,
-			       struct wps_event_m2d *m2d)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-#ifdef CONFIG_WPS
-	wpas_dbus_signal_wps_event_m2d(wpa_s, m2d);
-#endif /* CONFIG_WPS */
-}
-
-
-void wpas_notify_wps_event_fail(struct wpa_supplicant *wpa_s,
-				struct wps_event_fail *fail)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-#ifdef CONFIG_WPS
-	wpas_dbus_signal_wps_event_fail(wpa_s, fail);
-#endif /* CONFIG_WPS */
-}
-
-
-void wpas_notify_wps_event_success(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-#ifdef CONFIG_WPS
-	wpas_dbus_signal_wps_event_success(wpa_s);
-#endif /* CONFIG_WPS */
-}
-
-void wpas_notify_wps_event_pbc_overlap(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-#ifdef CONFIG_WPS
-	wpas_dbus_signal_wps_event_pbc_overlap(wpa_s);
-#endif /* CONFIG_WPS */
-}
-
-
-void wpas_notify_network_added(struct wpa_supplicant *wpa_s,
-			       struct wpa_ssid *ssid)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	/*
-	 * Networks objects created during any P2P activities should not be
-	 * exposed out. They might/will confuse certain non-P2P aware
-	 * applications since these network objects won't behave like
-	 * regular ones.
-	 */
-	if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s) {
-		wpas_dbus_register_network(wpa_s, ssid);
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_NETWORK_ADDED "%d",
-			     ssid->id);
-	}
-}
-
-
-void wpas_notify_persistent_group_added(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_P2P
-	wpas_dbus_register_persistent_group(wpa_s, ssid);
-#endif /* CONFIG_P2P */
-}
-
-
-void wpas_notify_persistent_group_removed(struct wpa_supplicant *wpa_s,
-					  struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_P2P
-	wpas_dbus_unregister_persistent_group(wpa_s, ssid->id);
-#endif /* CONFIG_P2P */
-}
-
-
-void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
-				 struct wpa_ssid *ssid)
-{
-	if (wpa_s->next_ssid == ssid)
-		wpa_s->next_ssid = NULL;
-	if (wpa_s->wpa)
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-	if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s &&
-	    !wpa_s->p2p_mgmt) {
-		wpas_dbus_unregister_network(wpa_s, ssid->id);
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_NETWORK_REMOVED "%d",
-			     ssid->id);
-	}
-	if (network_is_persistent_group(ssid))
-		wpas_notify_persistent_group_removed(wpa_s, ssid);
-
-	wpas_p2p_network_removed(wpa_s, ssid);
-
-#ifdef CONFIG_PASN
-	if (wpa_s->pasn.ssid == ssid)
-		wpa_s->pasn.ssid = NULL;
-#endif /* CONFIG_PASN */
-}
-
-
-void wpas_notify_bss_added(struct wpa_supplicant *wpa_s,
-			   u8 bssid[], unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_register_bss(wpa_s, bssid, id);
-	wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_BSS_ADDED "%u " MACSTR,
-		     id, MAC2STR(bssid));
-}
-
-
-void wpas_notify_bss_removed(struct wpa_supplicant *wpa_s,
-			     u8 bssid[], unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_unregister_bss(wpa_s, bssid, id);
-	wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_BSS_REMOVED "%u " MACSTR,
-		     id, MAC2STR(bssid));
-}
-
-
-void wpas_notify_bss_freq_changed(struct wpa_supplicant *wpa_s,
-				  unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_FREQ, id);
-}
-
-
-void wpas_notify_bss_signal_changed(struct wpa_supplicant *wpa_s,
-				    unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_SIGNAL,
-					  id);
-}
-
-
-void wpas_notify_bss_privacy_changed(struct wpa_supplicant *wpa_s,
-				     unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_PRIVACY,
-					  id);
-}
-
-
-void wpas_notify_bss_mode_changed(struct wpa_supplicant *wpa_s,
-				  unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_MODE, id);
-}
-
-
-void wpas_notify_bss_wpaie_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_WPA, id);
-}
-
-
-void wpas_notify_bss_rsnie_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_RSN, id);
-}
-
-
-void wpas_notify_bss_wps_changed(struct wpa_supplicant *wpa_s,
-				 unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-#ifdef CONFIG_WPS
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_WPS, id);
-#endif /* CONFIG_WPS */
-}
-
-
-void wpas_notify_bss_ies_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_IES, id);
-}
-
-
-void wpas_notify_bss_rates_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_RATES, id);
-}
-
-
-void wpas_notify_bss_seen(struct wpa_supplicant *wpa_s, unsigned int id)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_bss_signal_prop_changed(wpa_s, WPAS_DBUS_BSS_PROP_AGE, id);
-}
-
-
-void wpas_notify_blob_added(struct wpa_supplicant *wpa_s, const char *name)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_blob_added(wpa_s, name);
-}
-
-
-void wpas_notify_blob_removed(struct wpa_supplicant *wpa_s, const char *name)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_blob_removed(wpa_s, name);
-}
-
-
-void wpas_notify_debug_level_changed(struct wpa_global *global)
-{
-	wpas_dbus_signal_debug_level_changed(global);
-}
-
-
-void wpas_notify_debug_timestamp_changed(struct wpa_global *global)
-{
-	wpas_dbus_signal_debug_timestamp_changed(global);
-}
-
-
-void wpas_notify_debug_show_keys_changed(struct wpa_global *global)
-{
-	wpas_dbus_signal_debug_show_keys_changed(global);
-}
-
-
-void wpas_notify_suspend(struct wpa_global *global)
-{
-	struct wpa_supplicant *wpa_s;
-
-	os_get_time(&global->suspend_time);
-	wpa_printf(MSG_DEBUG, "System suspend notification");
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
-		wpa_drv_suspend(wpa_s);
-}
-
-
-void wpas_notify_resume(struct wpa_global *global)
-{
-	struct os_time now;
-	int slept;
-	struct wpa_supplicant *wpa_s;
-
-	if (global->suspend_time.sec == 0)
-		slept = -1;
-	else {
-		os_get_time(&now);
-		slept = now.sec - global->suspend_time.sec;
-	}
-	wpa_printf(MSG_DEBUG, "System resume notification (slept %d seconds)",
-		   slept);
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		wpa_drv_resume(wpa_s);
-		if (wpa_s->wpa_state == WPA_DISCONNECTED)
-			wpa_supplicant_req_scan(wpa_s, 0, 100000);
-	}
-}
-
-
-#ifdef CONFIG_P2P
-
-void wpas_notify_p2p_find_stopped(struct wpa_supplicant *wpa_s)
-{
-	/* Notify P2P find has stopped */
-	wpas_dbus_signal_p2p_find_stopped(wpa_s);
-}
-
-
-void wpas_notify_p2p_device_found(struct wpa_supplicant *wpa_s,
-				  const u8 *dev_addr, int new_device)
-{
-	if (new_device) {
-		/* Create the new peer object */
-		wpas_dbus_register_peer(wpa_s, dev_addr);
-	}
-
-	/* Notify a new peer has been detected*/
-	wpas_dbus_signal_peer_device_found(wpa_s, dev_addr);
-}
-
-
-void wpas_notify_p2p_device_lost(struct wpa_supplicant *wpa_s,
-				 const u8 *dev_addr)
-{
-	wpas_dbus_unregister_peer(wpa_s, dev_addr);
-
-	/* Create signal on interface object*/
-	wpas_dbus_signal_peer_device_lost(wpa_s, dev_addr);
-}
-
-
-void wpas_notify_p2p_group_removed(struct wpa_supplicant *wpa_s,
-				   const struct wpa_ssid *ssid,
-				   const char *role)
-{
-	wpas_dbus_signal_p2p_group_removed(wpa_s, role);
-
-	wpas_dbus_unregister_p2p_group(wpa_s, ssid);
-}
-
-
-void wpas_notify_p2p_go_neg_req(struct wpa_supplicant *wpa_s,
-				const u8 *src, u16 dev_passwd_id, u8 go_intent)
-{
-	wpas_dbus_signal_p2p_go_neg_req(wpa_s, src, dev_passwd_id, go_intent);
-}
-
-
-void wpas_notify_p2p_go_neg_completed(struct wpa_supplicant *wpa_s,
-				      struct p2p_go_neg_results *res)
-{
-	wpas_dbus_signal_p2p_go_neg_resp(wpa_s, res);
-}
-
-
-void wpas_notify_p2p_invitation_result(struct wpa_supplicant *wpa_s,
-				       int status, const u8 *bssid)
-{
-	wpas_dbus_signal_p2p_invitation_result(wpa_s, status, bssid);
-}
-
-
-void wpas_notify_p2p_sd_request(struct wpa_supplicant *wpa_s,
-				int freq, const u8 *sa, u8 dialog_token,
-				u16 update_indic, const u8 *tlvs,
-				size_t tlvs_len)
-{
-	wpas_dbus_signal_p2p_sd_request(wpa_s, freq, sa, dialog_token,
-					update_indic, tlvs, tlvs_len);
-}
-
-
-void wpas_notify_p2p_sd_response(struct wpa_supplicant *wpa_s,
-				 const u8 *sa, u16 update_indic,
-				 const u8 *tlvs, size_t tlvs_len)
-{
-	wpas_dbus_signal_p2p_sd_response(wpa_s, sa, update_indic,
-					 tlvs, tlvs_len);
-}
-
-
-/**
- * wpas_notify_p2p_provision_discovery - Notification of provision discovery
- * @dev_addr: Who sent the request or responded to our request.
- * @request: Will be 1 if request, 0 for response.
- * @status: Valid only in case of response (0 in case of success)
- * @config_methods: WPS config methods
- * @generated_pin: PIN to be displayed in case of WPS_CONFIG_DISPLAY method
- *
- * This can be used to notify:
- * - Requests or responses
- * - Various config methods
- * - Failure condition in case of response
- */
-void wpas_notify_p2p_provision_discovery(struct wpa_supplicant *wpa_s,
-					 const u8 *dev_addr, int request,
-					 enum p2p_prov_disc_status status,
-					 u16 config_methods,
-					 unsigned int generated_pin)
-{
-	wpas_dbus_signal_p2p_provision_discovery(wpa_s, dev_addr, request,
-						 status, config_methods,
-						 generated_pin);
-}
-
-
-void wpas_notify_p2p_group_started(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid, int persistent,
-				   int client, const u8 *ip)
-{
-	/* Notify a group has been started */
-	wpas_dbus_register_p2p_group(wpa_s, ssid);
-
-	wpas_dbus_signal_p2p_group_started(wpa_s, client, persistent, ip);
-}
-
-
-void wpas_notify_p2p_group_formation_failure(struct wpa_supplicant *wpa_s,
-					     const char *reason)
-{
-	/* Notify a group formation failed */
-	wpas_dbus_signal_p2p_group_formation_failure(wpa_s, reason);
-}
-
-
-void wpas_notify_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-				struct wps_event_fail *fail)
-{
-	wpas_dbus_signal_p2p_wps_failed(wpa_s, fail);
-}
-
-
-void wpas_notify_p2p_invitation_received(struct wpa_supplicant *wpa_s,
-					 const u8 *sa, const u8 *go_dev_addr,
-					 const u8 *bssid, int id, int op_freq)
-{
-	/* Notify a P2P Invitation Request */
-	wpas_dbus_signal_p2p_invitation_received(wpa_s, sa, go_dev_addr, bssid,
-						 id, op_freq);
-}
-
-#endif /* CONFIG_P2P */
-
-
-static void wpas_notify_ap_sta_authorized(struct wpa_supplicant *wpa_s,
-					  const u8 *sta,
-					  const u8 *p2p_dev_addr)
-{
-#ifdef CONFIG_P2P
-	wpas_p2p_notify_ap_sta_authorized(wpa_s, p2p_dev_addr);
-
-	/*
-	 * Create 'peer-joined' signal on group object -- will also
-	 * check P2P itself.
-	 */
-	if (p2p_dev_addr)
-		wpas_dbus_signal_p2p_peer_joined(wpa_s, p2p_dev_addr);
-#endif /* CONFIG_P2P */
-
-	/* Register the station */
-	wpas_dbus_register_sta(wpa_s, sta);
-
-	/* Notify listeners a new station has been authorized */
-	wpas_dbus_signal_sta_authorized(wpa_s, sta);
-}
-
-
-static void wpas_notify_ap_sta_deauthorized(struct wpa_supplicant *wpa_s,
-					    const u8 *sta,
-					    const u8 *p2p_dev_addr)
-{
-#ifdef CONFIG_P2P
-	/*
-	 * Create 'peer-disconnected' signal on group object if this
-	 * is a P2P group.
-	 */
-	if (p2p_dev_addr)
-		wpas_dbus_signal_p2p_peer_disconnected(wpa_s, p2p_dev_addr);
-#endif /* CONFIG_P2P */
-
-	/* Notify listeners a station has been deauthorized */
-	wpas_dbus_signal_sta_deauthorized(wpa_s, sta);
-
-	/* Unregister the station */
-	wpas_dbus_unregister_sta(wpa_s, sta);
-}
-
-
-void wpas_notify_sta_authorized(struct wpa_supplicant *wpa_s,
-				const u8 *mac_addr, int authorized,
-				const u8 *p2p_dev_addr)
-{
-	if (authorized)
-		wpas_notify_ap_sta_authorized(wpa_s, mac_addr, p2p_dev_addr);
-	else
-		wpas_notify_ap_sta_deauthorized(wpa_s, mac_addr, p2p_dev_addr);
-}
-
-
-void wpas_notify_certification(struct wpa_supplicant *wpa_s,
-			       struct tls_cert_data *cert,
-			       const char *cert_hash)
-{
-	int i;
-
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
-		"depth=%d subject='%s'%s%s%s%s",
-		cert->depth, cert->subject, cert_hash ? " hash=" : "",
-		cert_hash ? cert_hash : "",
-		cert->tod == 2 ? " tod=2" : "",
-		cert->tod == 1 ? " tod=1" : "");
-
-	if (cert->cert) {
-		char *cert_hex;
-		size_t len = wpabuf_len(cert->cert) * 2 + 1;
-		cert_hex = os_malloc(len);
-		if (cert_hex) {
-			wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert),
-					 wpabuf_len(cert->cert));
-			wpa_msg_ctrl(wpa_s, MSG_INFO,
-				     WPA_EVENT_EAP_PEER_CERT
-				     "depth=%d subject='%s' cert=%s",
-				     cert->depth, cert->subject, cert_hex);
-			os_free(cert_hex);
-		}
-	}
-
-	for (i = 0; i < cert->num_altsubject; i++)
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
-			"depth=%d %s", cert->depth, cert->altsubject[i]);
-
-	/* notify the new DBus API */
-	wpas_dbus_signal_certification(wpa_s, cert->depth, cert->subject,
-				       cert->altsubject, cert->num_altsubject,
-				       cert_hash, cert->cert);
-}
-
-
-void wpas_notify_preq(struct wpa_supplicant *wpa_s,
-		      const u8 *addr, const u8 *dst, const u8 *bssid,
-		      const u8 *ie, size_t ie_len, u32 ssi_signal)
-{
-#ifdef CONFIG_AP
-	wpas_dbus_signal_preq(wpa_s, addr, dst, bssid, ie, ie_len, ssi_signal);
-#endif /* CONFIG_AP */
-}
-
-
-void wpas_notify_eap_status(struct wpa_supplicant *wpa_s, const char *status,
-			    const char *parameter)
-{
-	wpas_dbus_signal_eap_status(wpa_s, status, parameter);
-	wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_EAP_STATUS
-		     "status='%s' parameter='%s'",
-		     status, parameter);
-}
-
-
-void wpas_notify_eap_error(struct wpa_supplicant *wpa_s, int error_code)
-{
-	wpa_msg(wpa_s, MSG_ERROR, WPA_EVENT_EAP_ERROR_CODE "%d", error_code);
-}
-
-
-void wpas_notify_network_bssid_set_changed(struct wpa_supplicant *wpa_s,
-					   struct wpa_ssid *ssid)
-{
-	if (wpa_s->current_ssid != ssid)
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"Network bssid config changed for the current network - within-ESS roaming %s",
-		ssid->bssid_set ? "disabled" : "enabled");
-
-	wpa_drv_roaming(wpa_s, !ssid->bssid_set,
-			ssid->bssid_set ? ssid->bssid : NULL);
-}
-
-
-void wpas_notify_network_type_changed(struct wpa_supplicant *wpa_s,
-				      struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_P2P
-	if (ssid->disabled == 2) {
-		/* Changed from normal network profile to persistent group */
-		ssid->disabled = 0;
-		wpas_dbus_unregister_network(wpa_s, ssid->id);
-		ssid->disabled = 2;
-		ssid->p2p_persistent_group = 1;
-		wpas_dbus_register_persistent_group(wpa_s, ssid);
-	} else {
-		/* Changed from persistent group to normal network profile */
-		wpas_dbus_unregister_persistent_group(wpa_s, ssid->id);
-		ssid->p2p_persistent_group = 0;
-		wpas_dbus_register_network(wpa_s, ssid);
-	}
-#endif /* CONFIG_P2P */
-}
-
-
-#ifdef CONFIG_MESH
-
-void wpas_notify_mesh_group_started(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_mesh_group_started(wpa_s, ssid);
-}
-
-
-void wpas_notify_mesh_group_removed(struct wpa_supplicant *wpa_s,
-				    const u8 *meshid, u8 meshid_len,
-				    u16 reason_code)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_mesh_group_removed(wpa_s, meshid, meshid_len,
-					    reason_code);
-}
-
-
-void wpas_notify_mesh_peer_connected(struct wpa_supplicant *wpa_s,
-				     const u8 *peer_addr)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_mesh_peer_connected(wpa_s, peer_addr);
-}
-
-
-void wpas_notify_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
-					const u8 *peer_addr, u16 reason_code)
-{
-	if (wpa_s->p2p_mgmt)
-		return;
-
-	wpas_dbus_signal_mesh_peer_disconnected(wpa_s, peer_addr, reason_code);
-}
-
-#endif /* CONFIG_MESH */
-
-
-#ifdef CONFIG_INTERWORKING
-
-void wpas_notify_interworking_ap_added(struct wpa_supplicant *wpa_s,
-				       struct wpa_bss *bss,
-				       struct wpa_cred *cred, int excluded,
-				       const char *type, int bh, int bss_load,
-				       int conn_capab)
-{
-	wpa_msg(wpa_s, MSG_INFO, "%s" MACSTR " type=%s%s%s%s id=%d priority=%d sp_priority=%d",
-		excluded ? INTERWORKING_EXCLUDED : INTERWORKING_AP,
-		MAC2STR(bss->bssid), type,
-		bh ? " below_min_backhaul=1" : "",
-		bss_load ? " over_max_bss_load=1" : "",
-		conn_capab ? " conn_capab_missing=1" : "",
-		cred->id, cred->priority, cred->sp_priority);
-
-	wpas_dbus_signal_interworking_ap_added(wpa_s, bss, cred, type, excluded,
-					       bh, bss_load, conn_capab);
-}
-
-
-void wpas_notify_interworking_select_done(struct wpa_supplicant *wpa_s)
-{
-	wpas_dbus_signal_interworking_select_done(wpa_s);
-}
-
-#endif /* CONFIG_INTERWORKING */
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
deleted file mode 100644
index c46e7986e3b3..000000000000
--- a/wpa_supplicant/notify.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * wpa_supplicant - Event notifications
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef NOTIFY_H
-#define NOTIFY_H
-
-#include "p2p/p2p.h"
-
-struct wps_credential;
-struct wps_event_m2d;
-struct wps_event_fail;
-struct tls_cert_data;
-struct wpa_cred;
-
-int wpas_notify_supplicant_initialized(struct wpa_global *global);
-void wpas_notify_supplicant_deinitialized(struct wpa_global *global);
-int wpas_notify_iface_added(struct wpa_supplicant *wpa_s);
-void wpas_notify_iface_removed(struct wpa_supplicant *wpa_s);
-void wpas_notify_state_changed(struct wpa_supplicant *wpa_s,
-			       enum wpa_states new_state,
-			       enum wpa_states old_state);
-void wpas_notify_disconnect_reason(struct wpa_supplicant *wpa_s);
-void wpas_notify_auth_status_code(struct wpa_supplicant *wpa_s);
-void wpas_notify_assoc_status_code(struct wpa_supplicant *wpa_s);
-void wpas_notify_roam_time(struct wpa_supplicant *wpa_s);
-void wpas_notify_roam_complete(struct wpa_supplicant *wpa_s);
-void wpas_notify_session_length(struct wpa_supplicant *wpa_s);
-void wpas_notify_bss_tm_status(struct wpa_supplicant *wpa_s);
-void wpas_notify_network_changed(struct wpa_supplicant *wpa_s);
-void wpas_notify_ap_scan_changed(struct wpa_supplicant *wpa_s);
-void wpas_notify_bssid_changed(struct wpa_supplicant *wpa_s);
-void wpas_notify_auth_changed(struct wpa_supplicant *wpa_s);
-void wpas_notify_network_enabled_changed(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid);
-void wpas_notify_network_selected(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid);
-void wpas_notify_network_request(struct wpa_supplicant *wpa_s,
-				 struct wpa_ssid *ssid,
-				 enum wpa_ctrl_req_type rtype,
-				 const char *default_txt);
-void wpas_notify_scanning(struct wpa_supplicant *wpa_s);
-void wpas_notify_scan_done(struct wpa_supplicant *wpa_s, int success);
-void wpas_notify_scan_results(struct wpa_supplicant *wpa_s);
-void wpas_notify_wps_credential(struct wpa_supplicant *wpa_s,
-				const struct wps_credential *cred);
-void wpas_notify_wps_event_m2d(struct wpa_supplicant *wpa_s,
-			       struct wps_event_m2d *m2d);
-void wpas_notify_wps_event_fail(struct wpa_supplicant *wpa_s,
-				struct wps_event_fail *fail);
-void wpas_notify_wps_event_success(struct wpa_supplicant *wpa_s);
-void wpas_notify_wps_event_pbc_overlap(struct wpa_supplicant *wpa_s);
-void wpas_notify_network_added(struct wpa_supplicant *wpa_s,
-			       struct wpa_ssid *ssid);
-void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
-				 struct wpa_ssid *ssid);
-void wpas_notify_bss_added(struct wpa_supplicant *wpa_s, u8 bssid[],
-			   unsigned int id);
-void wpas_notify_bss_removed(struct wpa_supplicant *wpa_s, u8 bssid[],
-			     unsigned int id);
-void wpas_notify_bss_freq_changed(struct wpa_supplicant *wpa_s,
-				  unsigned int id);
-void wpas_notify_bss_signal_changed(struct wpa_supplicant *wpa_s,
-				    unsigned int id);
-void wpas_notify_bss_privacy_changed(struct wpa_supplicant *wpa_s,
-				     unsigned int id);
-void wpas_notify_bss_mode_changed(struct wpa_supplicant *wpa_s,
-				  unsigned int id);
-void wpas_notify_bss_wpaie_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id);
-void wpas_notify_bss_rsnie_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id);
-void wpas_notify_bss_wps_changed(struct wpa_supplicant *wpa_s,
-				 unsigned int id);
-void wpas_notify_bss_ies_changed(struct wpa_supplicant *wpa_s,
-				 unsigned int id);
-void wpas_notify_bss_rates_changed(struct wpa_supplicant *wpa_s,
-				   unsigned int id);
-void wpas_notify_bss_seen(struct wpa_supplicant *wpa_s, unsigned int id);
-void wpas_notify_blob_added(struct wpa_supplicant *wpa_s, const char *name);
-void wpas_notify_blob_removed(struct wpa_supplicant *wpa_s, const char *name);
-
-void wpas_notify_debug_level_changed(struct wpa_global *global);
-void wpas_notify_debug_timestamp_changed(struct wpa_global *global);
-void wpas_notify_debug_show_keys_changed(struct wpa_global *global);
-void wpas_notify_suspend(struct wpa_global *global);
-void wpas_notify_resume(struct wpa_global *global);
-
-void wpas_notify_sta_authorized(struct wpa_supplicant *wpa_s,
-				const u8 *mac_addr, int authorized,
-				const u8 *p2p_dev_addr);
-void wpas_notify_p2p_find_stopped(struct wpa_supplicant *wpa_s);
-void wpas_notify_p2p_device_found(struct wpa_supplicant *wpa_s,
-				  const u8 *dev_addr, int new_device);
-void wpas_notify_p2p_device_lost(struct wpa_supplicant *wpa_s,
-				 const u8 *dev_addr);
-void wpas_notify_p2p_group_removed(struct wpa_supplicant *wpa_s,
-				   const struct wpa_ssid *ssid,
-				   const char *role);
-void wpas_notify_p2p_go_neg_req(struct wpa_supplicant *wpa_s,
-				const u8 *src, u16 dev_passwd_id, u8 go_intent);
-void wpas_notify_p2p_go_neg_completed(struct wpa_supplicant *wpa_s,
-				      struct p2p_go_neg_results *res);
-void wpas_notify_p2p_invitation_result(struct wpa_supplicant *wpa_s,
-				       int status, const u8 *bssid);
-void wpas_notify_p2p_sd_request(struct wpa_supplicant *wpa_s,
-				int freq, const u8 *sa, u8 dialog_token,
-				u16 update_indic, const u8 *tlvs,
-				size_t tlvs_len);
-void wpas_notify_p2p_sd_response(struct wpa_supplicant *wpa_s,
-				 const u8 *sa, u16 update_indic,
-				 const u8 *tlvs, size_t tlvs_len);
-void wpas_notify_p2p_provision_discovery(struct wpa_supplicant *wpa_s,
-					 const u8 *dev_addr, int request,
-					 enum p2p_prov_disc_status status,
-					 u16 config_methods,
-					 unsigned int generated_pin);
-void wpas_notify_p2p_group_started(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid, int persistent,
-				   int client, const u8 *ip);
-void wpas_notify_p2p_group_formation_failure(struct wpa_supplicant *wpa_s,
-					     const char *reason);
-void wpas_notify_persistent_group_added(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid);
-void wpas_notify_persistent_group_removed(struct wpa_supplicant *wpa_s,
-					  struct wpa_ssid *ssid);
-
-void wpas_notify_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-				struct wps_event_fail *fail);
-
-void wpas_notify_certification(struct wpa_supplicant *wpa_s,
-			       struct tls_cert_data *cert,
-			       const char *cert_hash);
-void wpas_notify_preq(struct wpa_supplicant *wpa_s,
-		      const u8 *addr, const u8 *dst, const u8 *bssid,
-		      const u8 *ie, size_t ie_len, u32 ssi_signal);
-void wpas_notify_eap_status(struct wpa_supplicant *wpa_s, const char *status,
-			    const char *parameter);
-void wpas_notify_eap_error(struct wpa_supplicant *wpa_s, int error_code);
-void wpas_notify_network_bssid_set_changed(struct wpa_supplicant *wpa_s,
-					   struct wpa_ssid *ssid);
-void wpas_notify_network_type_changed(struct wpa_supplicant *wpa_s,
-				      struct wpa_ssid *ssid);
-void wpas_notify_p2p_invitation_received(struct wpa_supplicant *wpa_s,
-					 const u8 *sa, const u8 *go_dev_addr,
-					 const u8 *bssid, int id, int op_freq);
-void wpas_notify_mesh_group_started(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid);
-void wpas_notify_mesh_group_removed(struct wpa_supplicant *wpa_s,
-				    const u8 *meshid, u8 meshid_len,
-				    u16 reason_code);
-void wpas_notify_mesh_peer_connected(struct wpa_supplicant *wpa_s,
-				     const u8 *peer_addr);
-void wpas_notify_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
-					const u8 *peer_addr, u16 reason_code);
-void wpas_notify_interworking_ap_added(struct wpa_supplicant *wpa_s,
-				       struct wpa_bss *bss,
-				       struct wpa_cred *cred, int excluded,
-				       const char *type, int bh, int bss_load,
-				       int conn_capab);
-void wpas_notify_interworking_select_done(struct wpa_supplicant *wpa_s);
-
-#endif /* NOTIFY_H */
diff --git a/wpa_supplicant/offchannel.c b/wpa_supplicant/offchannel.c
deleted file mode 100644
index e40cf5bbebcd..000000000000
--- a/wpa_supplicant/offchannel.c
+++ /dev/null
@@ -1,488 +0,0 @@
-/*
- * wpa_supplicant - Off-channel Action frame TX/RX
- * Copyright (c) 2009-2010, Atheros Communications
- * Copyright (c) 2011, Qualcomm Atheros
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "utils/eloop.h"
-#include "wpa_supplicant_i.h"
-#include "p2p_supplicant.h"
-#include "driver_i.h"
-#include "offchannel.h"
-
-
-
-static struct wpa_supplicant *
-wpas_get_tx_interface(struct wpa_supplicant *wpa_s, const u8 *src)
-{
-	struct wpa_supplicant *iface;
-
-	if (os_memcmp(src, wpa_s->own_addr, ETH_ALEN) == 0) {
-#ifdef CONFIG_P2P
-		if (wpa_s->p2p_mgmt && wpa_s != wpa_s->parent &&
-		    wpa_s->parent->ap_iface &&
-		    os_memcmp(wpa_s->parent->own_addr,
-			      wpa_s->own_addr, ETH_ALEN) == 0 &&
-		    wpabuf_len(wpa_s->pending_action_tx) >= 2 &&
-		    *wpabuf_head_u8(wpa_s->pending_action_tx) !=
-		    WLAN_ACTION_PUBLIC) {
-			/*
-			 * When P2P Device interface has same MAC address as
-			 * the GO interface, make sure non-Public Action frames
-			 * are sent through the GO interface. The P2P Device
-			 * interface can only send Public Action frames.
-			 */
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Use GO interface %s instead of interface %s for Action TX",
-				   wpa_s->parent->ifname, wpa_s->ifname);
-			return wpa_s->parent;
-		}
-#endif /* CONFIG_P2P */
-		return wpa_s;
-	}
-
-	/*
-	 * Try to find a group interface that matches with the source address.
-	 */
-	iface = wpa_s->global->ifaces;
-	while (iface) {
-		if (os_memcmp(src, iface->own_addr, ETH_ALEN) == 0)
-			break;
-		iface = iface->next;
-	}
-	if (iface) {
-		wpa_printf(MSG_DEBUG, "P2P: Use group interface %s "
-			   "instead of interface %s for Action TX",
-			   iface->ifname, wpa_s->ifname);
-		return iface;
-	}
-
-	return wpa_s;
-}
-
-
-static void wpas_send_action_cb(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wpa_supplicant *iface;
-	int res;
-	int without_roc;
-
-	without_roc = wpa_s->pending_action_without_roc;
-	wpa_s->pending_action_without_roc = 0;
-	wpa_printf(MSG_DEBUG,
-		   "Off-channel: Send Action callback (without_roc=%d pending_action_tx=%p pending_action_tx_done=%d)",
-		   without_roc, wpa_s->pending_action_tx,
-		   !!wpa_s->pending_action_tx_done);
-
-	if (wpa_s->pending_action_tx == NULL || wpa_s->pending_action_tx_done)
-		return;
-
-	/*
-	 * This call is likely going to be on the P2P device instance if the
-	 * driver uses a separate interface for that purpose. However, some
-	 * Action frames are actually sent within a P2P Group and when that is
-	 * the case, we need to follow power saving (e.g., GO buffering the
-	 * frame for a client in PS mode or a client following the advertised
-	 * NoA from its GO). To make that easier for the driver, select the
-	 * correct group interface here.
-	 */
-	iface = wpas_get_tx_interface(wpa_s, wpa_s->pending_action_src);
-
-	if (wpa_s->off_channel_freq != wpa_s->pending_action_freq &&
-	    wpa_s->pending_action_freq != 0 &&
-	    wpa_s->pending_action_freq != iface->assoc_freq) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Pending Action frame TX "
-			   "waiting for another freq=%u (off_channel_freq=%u "
-			   "assoc_freq=%u)",
-			   wpa_s->pending_action_freq,
-			   wpa_s->off_channel_freq,
-			   iface->assoc_freq);
-		if (without_roc && wpa_s->off_channel_freq == 0) {
-			unsigned int duration = 200;
-			/*
-			 * We may get here if wpas_send_action() found us to be
-			 * on the correct channel, but remain-on-channel cancel
-			 * event was received before getting here.
-			 */
-			wpa_printf(MSG_DEBUG, "Off-channel: Schedule "
-				   "remain-on-channel to send Action frame");
-#ifdef CONFIG_TESTING_OPTIONS
-			if (wpa_s->extra_roc_dur) {
-				wpa_printf(MSG_DEBUG,
-					   "TESTING: Increase ROC duration %u -> %u",
-					   duration,
-					   duration + wpa_s->extra_roc_dur);
-				duration += wpa_s->extra_roc_dur;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-			if (wpa_drv_remain_on_channel(
-				    wpa_s, wpa_s->pending_action_freq,
-				    duration) < 0) {
-				wpa_printf(MSG_DEBUG, "Off-channel: Failed to "
-					   "request driver to remain on "
-					   "channel (%u MHz) for Action Frame "
-					   "TX", wpa_s->pending_action_freq);
-			} else {
-				wpa_s->off_channel_freq = 0;
-				wpa_s->roc_waiting_drv_freq =
-					wpa_s->pending_action_freq;
-			}
-		}
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "Off-channel: Sending pending Action frame to "
-		   MACSTR " using interface %s (pending_action_tx=%p)",
-		   MAC2STR(wpa_s->pending_action_dst), iface->ifname,
-		   wpa_s->pending_action_tx);
-	res = wpa_drv_send_action(iface, wpa_s->pending_action_freq, 0,
-				  wpa_s->pending_action_dst,
-				  wpa_s->pending_action_src,
-				  wpa_s->pending_action_bssid,
-				  wpabuf_head(wpa_s->pending_action_tx),
-				  wpabuf_len(wpa_s->pending_action_tx),
-				  wpa_s->pending_action_no_cck);
-	if (res) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Failed to send the "
-			   "pending Action frame");
-		/*
-		 * Use fake TX status event to allow state machines to
-		 * continue.
-		 */
-		offchannel_send_action_tx_status(
-			wpa_s, wpa_s->pending_action_dst,
-			wpabuf_head(wpa_s->pending_action_tx),
-			wpabuf_len(wpa_s->pending_action_tx),
-			OFFCHANNEL_SEND_ACTION_FAILED);
-	}
-}
-
-
-/**
- * offchannel_send_action_tx_status - TX status callback
- * @wpa_s: Pointer to wpa_supplicant data
- * @dst: Destination MAC address of the transmitted Action frame
- * @data: Transmitted frame payload
- * @data_len: Length of @data in bytes
- * @result: TX status
- *
- * This function is called whenever the driver indicates a TX status event for
- * a frame sent by offchannel_send_action() using wpa_drv_send_action().
- */
-void offchannel_send_action_tx_status(
-	struct wpa_supplicant *wpa_s, const u8 *dst, const u8 *data,
-	size_t data_len, enum offchannel_send_action_result result)
-{
-	if (wpa_s->pending_action_tx == NULL) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Ignore Action TX status - "
-			   "no pending operation");
-		return;
-	}
-
-	if (os_memcmp(dst, wpa_s->pending_action_dst, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Ignore Action TX status - "
-			   "unknown destination address");
-		return;
-	}
-
-	/* Accept report only if the contents of the frame matches */
-	if (data_len - wpabuf_len(wpa_s->pending_action_tx) != 24 ||
-	    os_memcmp(data + 24, wpabuf_head(wpa_s->pending_action_tx),
-		      wpabuf_len(wpa_s->pending_action_tx)) != 0) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Ignore Action TX status - "
-				   "mismatching contents with pending frame");
-		wpa_hexdump(MSG_MSGDUMP, "TX status frame data",
-			    data, data_len);
-		wpa_hexdump_buf(MSG_MSGDUMP, "Pending TX frame",
-				wpa_s->pending_action_tx);
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG,
-		   "Off-channel: Delete matching pending action frame (dst="
-		   MACSTR " pending_action_tx=%p)", MAC2STR(dst),
-		   wpa_s->pending_action_tx);
-	wpa_hexdump_buf(MSG_MSGDUMP, "Pending TX frame",
-			wpa_s->pending_action_tx);
-	wpabuf_free(wpa_s->pending_action_tx);
-	wpa_s->pending_action_tx = NULL;
-
-	wpa_printf(MSG_DEBUG, "Off-channel: TX status result=%d cb=%p",
-		   result, wpa_s->pending_action_tx_status_cb);
-
-	if (wpa_s->pending_action_tx_status_cb) {
-		wpa_s->pending_action_tx_status_cb(
-			wpa_s, wpa_s->pending_action_freq,
-			wpa_s->pending_action_dst, wpa_s->pending_action_src,
-			wpa_s->pending_action_bssid,
-			data, data_len, result);
-	}
-
-#ifdef CONFIG_P2P
-	if (wpa_s->global->p2p_long_listen > 0) {
-		/* Continue the listen */
-		wpa_printf(MSG_DEBUG, "P2P: Continuing long Listen state");
-		wpas_p2p_listen_start(wpa_s, wpa_s->global->p2p_long_listen);
-	}
-#endif /* CONFIG_P2P */
-}
-
-
-/**
- * offchannel_send_action - Request off-channel Action frame TX
- * @wpa_s: Pointer to wpa_supplicant data
- * @freq: The frequency in MHz indicating the channel on which the frame is to
- *	transmitted or 0 for the current channel (only if associated)
- * @dst: Action frame destination MAC address
- * @src: Action frame source MAC address
- * @bssid: Action frame BSSID
- * @buf: Frame to transmit starting from the Category field
- * @len: Length of @buf in bytes
- * @wait_time: Wait time for response in milliseconds
- * @tx_cb: Callback function for indicating TX status or %NULL for no callback
- * @no_cck: Whether CCK rates are to be disallowed for TX rate selection
- * Returns: 0 on success or -1 on failure
- *
- * This function is used to request an Action frame to be transmitted on the
- * current operating channel or on another channel (off-channel). The actual
- * frame transmission will be delayed until the driver is ready on the specified
- * channel. The @wait_time parameter can be used to request the driver to remain
- * awake on the channel to wait for a response.
- */
-int offchannel_send_action(struct wpa_supplicant *wpa_s, unsigned int freq,
-			   const u8 *dst, const u8 *src, const u8 *bssid,
-			   const u8 *buf, size_t len, unsigned int wait_time,
-			   void (*tx_cb)(struct wpa_supplicant *wpa_s,
-					 unsigned int freq, const u8 *dst,
-					 const u8 *src, const u8 *bssid,
-					 const u8 *data, size_t data_len,
-					 enum offchannel_send_action_result
-					 result),
-			   int no_cck)
-{
-	wpa_printf(MSG_DEBUG, "Off-channel: Send action frame: freq=%d dst="
-		   MACSTR " src=" MACSTR " bssid=" MACSTR " len=%d",
-		   freq, MAC2STR(dst), MAC2STR(src), MAC2STR(bssid),
-		   (int) len);
-
-	wpa_s->pending_action_tx_status_cb = tx_cb;
-
-	if (wpa_s->pending_action_tx) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Dropped pending Action "
-			   "frame TX to " MACSTR " (pending_action_tx=%p)",
-			   MAC2STR(wpa_s->pending_action_dst),
-			   wpa_s->pending_action_tx);
-		wpa_hexdump_buf(MSG_MSGDUMP, "Pending TX frame",
-				wpa_s->pending_action_tx);
-		wpabuf_free(wpa_s->pending_action_tx);
-	}
-	wpa_s->pending_action_tx_done = 0;
-	wpa_s->pending_action_tx = wpabuf_alloc(len);
-	if (wpa_s->pending_action_tx == NULL) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Failed to allocate Action "
-			   "frame TX buffer (len=%llu)",
-			   (unsigned long long) len);
-		return -1;
-	}
-	wpabuf_put_data(wpa_s->pending_action_tx, buf, len);
-	os_memcpy(wpa_s->pending_action_src, src, ETH_ALEN);
-	os_memcpy(wpa_s->pending_action_dst, dst, ETH_ALEN);
-	os_memcpy(wpa_s->pending_action_bssid, bssid, ETH_ALEN);
-	wpa_s->pending_action_freq = freq;
-	wpa_s->pending_action_no_cck = no_cck;
-	wpa_printf(MSG_DEBUG,
-		   "Off-channel: Stored pending action frame (dst=" MACSTR
-		   " pending_action_tx=%p)",
-		   MAC2STR(dst), wpa_s->pending_action_tx);
-	wpa_hexdump_buf(MSG_MSGDUMP, "Pending TX frame",
-			wpa_s->pending_action_tx);
-
-	if (freq != 0 && wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) {
-		struct wpa_supplicant *iface;
-		int ret;
-
-		iface = wpas_get_tx_interface(wpa_s, src);
-		wpa_s->action_tx_wait_time = wait_time;
-		if (wait_time)
-			wpa_s->action_tx_wait_time_used = 1;
-
-		ret = wpa_drv_send_action(
-			iface, wpa_s->pending_action_freq,
-			wait_time, wpa_s->pending_action_dst,
-			wpa_s->pending_action_src, wpa_s->pending_action_bssid,
-			wpabuf_head(wpa_s->pending_action_tx),
-			wpabuf_len(wpa_s->pending_action_tx),
-			wpa_s->pending_action_no_cck);
-		if (ret == 0)
-			wpa_s->pending_action_tx_done = 1;
-		return ret;
-	}
-
-	if (freq) {
-		struct wpa_supplicant *tx_iface;
-		tx_iface = wpas_get_tx_interface(wpa_s, src);
-		if (tx_iface->assoc_freq == freq) {
-			wpa_printf(MSG_DEBUG, "Off-channel: Already on "
-				   "requested channel (TX interface operating "
-				   "channel)");
-			freq = 0;
-		}
-	}
-
-	if (wpa_s->off_channel_freq == freq || freq == 0) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Already on requested "
-			   "channel; send Action frame immediately");
-		/* TODO: Would there ever be need to extend the current
-		 * duration on the channel? */
-		wpa_s->pending_action_without_roc = 1;
-		eloop_cancel_timeout(wpas_send_action_cb, wpa_s, NULL);
-		eloop_register_timeout(0, 0, wpas_send_action_cb, wpa_s, NULL);
-		return 0;
-	}
-	wpa_s->pending_action_without_roc = 0;
-
-	if (wpa_s->roc_waiting_drv_freq == freq) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Already waiting for "
-			   "driver to get to frequency %u MHz; continue "
-			   "waiting to send the Action frame", freq);
-		return 0;
-	}
-
-	wpa_printf(MSG_DEBUG, "Off-channel: Schedule Action frame to be "
-		   "transmitted once the driver gets to the requested "
-		   "channel");
-	if (wait_time > wpa_s->max_remain_on_chan)
-		wait_time = wpa_s->max_remain_on_chan;
-	else if (wait_time == 0)
-		wait_time = 20;
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->extra_roc_dur) {
-		wpa_printf(MSG_DEBUG, "TESTING: Increase ROC duration %u -> %u",
-			   wait_time, wait_time + wpa_s->extra_roc_dur);
-		wait_time += wpa_s->extra_roc_dur;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (wpa_drv_remain_on_channel(wpa_s, freq, wait_time) < 0) {
-		wpa_printf(MSG_DEBUG, "Off-channel: Failed to request driver "
-			   "to remain on channel (%u MHz) for Action "
-			   "Frame TX", freq);
-		return -1;
-	}
-	wpa_s->off_channel_freq = 0;
-	wpa_s->roc_waiting_drv_freq = freq;
-
-	return 0;
-}
-
-
-/**
- * offchannel_send_send_action_done - Notify completion of Action frame sequence
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function can be used to cancel a wait for additional response frames on
- * the channel that was used with offchannel_send_action().
- */
-void offchannel_send_action_done(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG,
-		   "Off-channel: Action frame sequence done notification: pending_action_tx=%p drv_offchan_tx=%d action_tx_wait_time=%d off_channel_freq=%d roc_waiting_drv_freq=%d",
-		   wpa_s->pending_action_tx,
-		   !!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX),
-		   wpa_s->action_tx_wait_time, wpa_s->off_channel_freq,
-		   wpa_s->roc_waiting_drv_freq);
-	wpabuf_free(wpa_s->pending_action_tx);
-	wpa_s->pending_action_tx = NULL;
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX &&
-	    (wpa_s->action_tx_wait_time || wpa_s->action_tx_wait_time_used))
-		wpa_drv_send_action_cancel_wait(wpa_s);
-	else if (wpa_s->off_channel_freq || wpa_s->roc_waiting_drv_freq) {
-		wpa_drv_cancel_remain_on_channel(wpa_s);
-		wpa_s->off_channel_freq = 0;
-		wpa_s->roc_waiting_drv_freq = 0;
-	}
-	wpa_s->action_tx_wait_time_used = 0;
-}
-
-
-/**
- * offchannel_remain_on_channel_cb - Remain-on-channel callback function
- * @wpa_s: Pointer to wpa_supplicant data
- * @freq: Frequency (in MHz) of the selected channel
- * @duration: Duration of the remain-on-channel operation in milliseconds
- *
- * This function is called whenever the driver notifies beginning of a
- * remain-on-channel operation.
- */
-void offchannel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				     unsigned int freq, unsigned int duration)
-{
-	wpa_s->roc_waiting_drv_freq = 0;
-	wpa_s->off_channel_freq = freq;
-	wpas_send_action_cb(wpa_s, NULL);
-}
-
-
-/**
- * offchannel_cancel_remain_on_channel_cb - Remain-on-channel stopped callback
- * @wpa_s: Pointer to wpa_supplicant data
- * @freq: Frequency (in MHz) of the selected channel
- *
- * This function is called whenever the driver notifies termination of a
- * remain-on-channel operation.
- */
-void offchannel_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-					    unsigned int freq)
-{
-	wpa_s->off_channel_freq = 0;
-}
-
-
-/**
- * offchannel_pending_action_tx - Check whether there is a pending Action TX
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: Pointer to pending frame or %NULL if no pending operation
- *
- * This function can be used to check whether there is a pending Action frame TX
- * operation. The returned pointer should be used only for checking whether it
- * is %NULL (no pending frame) or to print the pointer value in debug
- * information (i.e., the pointer should not be dereferenced).
- */
-const void * offchannel_pending_action_tx(struct wpa_supplicant *wpa_s)
-{
-	return wpa_s->pending_action_tx;
-}
-
-
-/**
- * offchannel_clear_pending_action_tx - Clear pending Action frame TX
- * @wpa_s: Pointer to wpa_supplicant data
- */
-void offchannel_clear_pending_action_tx(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG,
-		   "Off-channel: Clear pending Action frame TX (pending_action_tx=%p",
-		   wpa_s->pending_action_tx);
-	wpabuf_free(wpa_s->pending_action_tx);
-	wpa_s->pending_action_tx = NULL;
-}
-
-
-/**
- * offchannel_deinit - Deinit off-channel operations
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to free up any allocated resources for off-channel
- * operations.
- */
-void offchannel_deinit(struct wpa_supplicant *wpa_s)
-{
-	offchannel_clear_pending_action_tx(wpa_s);
-	eloop_cancel_timeout(wpas_send_action_cb, wpa_s, NULL);
-}
diff --git a/wpa_supplicant/offchannel.h b/wpa_supplicant/offchannel.h
deleted file mode 100644
index 0ad7e18fae88..000000000000
--- a/wpa_supplicant/offchannel.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * wpa_supplicant - Off-channel Action frame TX/RX
- * Copyright (c) 2009-2010, Atheros Communications
- * Copyright (c) 2011, Qualcomm Atheros
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef OFFCHANNEL_H
-#define OFFCHANNEL_H
-
-int offchannel_send_action(struct wpa_supplicant *wpa_s, unsigned int freq,
-			   const u8 *dst, const u8 *src, const u8 *bssid,
-			   const u8 *buf, size_t len, unsigned int wait_time,
-			   void (*tx_cb)(struct wpa_supplicant *wpa_s,
-					 unsigned int freq, const u8 *dst,
-					 const u8 *src, const u8 *bssid,
-					 const u8 *data, size_t data_len,
-					 enum offchannel_send_action_result
-					 result),
-			   int no_cck);
-void offchannel_send_action_done(struct wpa_supplicant *wpa_s);
-void offchannel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				     unsigned int freq, unsigned int duration);
-void offchannel_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-					    unsigned int freq);
-void offchannel_deinit(struct wpa_supplicant *wpa_s);
-void offchannel_send_action_tx_status(
-	struct wpa_supplicant *wpa_s, const u8 *dst, const u8 *data,
-	size_t data_len, enum offchannel_send_action_result result);
-const void * offchannel_pending_action_tx(struct wpa_supplicant *wpa_s);
-void offchannel_clear_pending_action_tx(struct wpa_supplicant *wpa_s);
-
-#endif /* OFFCHANNEL_H */
diff --git a/wpa_supplicant/op_classes.c b/wpa_supplicant/op_classes.c
deleted file mode 100644
index bd53c5ceceaf..000000000000
--- a/wpa_supplicant/op_classes.c
+++ /dev/null
@@ -1,534 +0,0 @@
-/*
- * Operating classes
- * Copyright(c) 2015 Intel Deutschland GmbH
- * Contact Information:
- * Intel Linux Wireless <ilw@linux.intel.com>
- * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/ieee802_11_common.h"
-#include "wpa_supplicant_i.h"
-#include "bss.h"
-
-
-static enum chan_allowed allow_channel(struct hostapd_hw_modes *mode,
-				       u8 op_class, u8 chan,
-				       unsigned int *flags)
-{
-	int i;
-	bool is_6ghz = op_class >= 131 && op_class <= 136;
-
-	for (i = 0; i < mode->num_channels; i++) {
-		bool chan_is_6ghz;
-
-		chan_is_6ghz = mode->channels[i].freq >= 5935 &&
-			mode->channels[i].freq <= 7115;
-		if (is_6ghz == chan_is_6ghz && mode->channels[i].chan == chan)
-			break;
-	}
-
-	if (i == mode->num_channels ||
-	    (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED))
-		return NOT_ALLOWED;
-
-	if (flags)
-		*flags = mode->channels[i].flag;
-
-	if (mode->channels[i].flag & HOSTAPD_CHAN_NO_IR)
-		return NO_IR;
-
-	return ALLOWED;
-}
-
-
-static int get_center_80mhz(struct hostapd_hw_modes *mode, u8 channel,
-			    const u8 *center_channels, size_t num_chan)
-{
-	size_t i;
-
-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-		return 0;
-
-	for (i = 0; i < num_chan; i++) {
-		/*
-		 * In 80 MHz, the bandwidth "spans" 12 channels (e.g., 36-48),
-		 * so the center channel is 6 channels away from the start/end.
-		 */
-		if (channel >= center_channels[i] - 6 &&
-		    channel <= center_channels[i] + 6)
-			return center_channels[i];
-	}
-
-	return 0;
-}
-
-
-static enum chan_allowed verify_80mhz(struct hostapd_hw_modes *mode,
-				      u8 op_class, u8 channel)
-{
-	u8 center_chan;
-	unsigned int i;
-	unsigned int no_ir = 0;
-	const u8 *center_channels;
-	size_t num_chan;
-	const u8 center_channels_5ghz[] = { 42, 58, 106, 122, 138, 155, 171 };
-	const u8 center_channels_6ghz[] = { 7, 23, 39, 55, 71, 87, 103, 119,
-					    135, 151, 167, 183, 199, 215 };
-
-	if (is_6ghz_op_class(op_class)) {
-		center_channels = center_channels_6ghz;
-		num_chan = ARRAY_SIZE(center_channels_6ghz);
-	} else {
-		center_channels = center_channels_5ghz;
-		num_chan = ARRAY_SIZE(center_channels_5ghz);
-	}
-
-	center_chan = get_center_80mhz(mode, channel, center_channels,
-				       num_chan);
-	if (!center_chan)
-		return NOT_ALLOWED;
-
-	/* check all the channels are available */
-	for (i = 0; i < 4; i++) {
-		unsigned int flags;
-		u8 adj_chan = center_chan - 6 + i * 4;
-
-		if (allow_channel(mode, op_class, adj_chan, &flags) ==
-		    NOT_ALLOWED)
-			return NOT_ALLOWED;
-
-		if ((i == 0 && !(flags & HOSTAPD_CHAN_VHT_10_70)) ||
-		    (i == 1 && !(flags & HOSTAPD_CHAN_VHT_30_50)) ||
-		    (i == 2 && !(flags & HOSTAPD_CHAN_VHT_50_30)) ||
-		    (i == 3 && !(flags & HOSTAPD_CHAN_VHT_70_10)))
-			return NOT_ALLOWED;
-
-		if (flags & HOSTAPD_CHAN_NO_IR)
-			no_ir = 1;
-	}
-
-	if (no_ir)
-		return NO_IR;
-
-	return ALLOWED;
-}
-
-
-static int get_center_160mhz(struct hostapd_hw_modes *mode, u8 channel,
-			     const u8 *center_channels, size_t num_chan)
-{
-	unsigned int i;
-
-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-		return 0;
-
-	for (i = 0; i < num_chan; i++) {
-		/*
-		 * In 160 MHz, the bandwidth "spans" 28 channels (e.g., 36-64),
-		 * so the center channel is 14 channels away from the start/end.
-		 */
-		if (channel >= center_channels[i] - 14 &&
-		    channel <= center_channels[i] + 14)
-			return center_channels[i];
-	}
-
-	return 0;
-}
-
-
-static enum chan_allowed verify_160mhz(struct hostapd_hw_modes *mode,
-				       u8 op_class, u8 channel)
-{
-	u8 center_chan;
-	unsigned int i;
-	unsigned int no_ir = 0;
-	const u8 *center_channels;
-	size_t num_chan;
-	const u8 center_channels_5ghz[] = { 50, 114, 163 };
-	const u8 center_channels_6ghz[] = { 15, 47, 79, 111, 143, 175, 207 };
-
-	if (is_6ghz_op_class(op_class)) {
-		center_channels = center_channels_6ghz;
-		num_chan = ARRAY_SIZE(center_channels_6ghz);
-	} else {
-		center_channels = center_channels_5ghz;
-		num_chan = ARRAY_SIZE(center_channels_5ghz);
-	}
-
-	center_chan = get_center_160mhz(mode, channel, center_channels,
-					num_chan);
-	if (!center_chan)
-		return NOT_ALLOWED;
-
-	/* Check all the channels are available */
-	for (i = 0; i < 8; i++) {
-		unsigned int flags;
-		u8 adj_chan = center_chan - 14 + i * 4;
-
-		if (allow_channel(mode, op_class, adj_chan, &flags) ==
-		    NOT_ALLOWED)
-			return NOT_ALLOWED;
-
-		if ((i == 0 && !(flags & HOSTAPD_CHAN_VHT_10_150)) ||
-		    (i == 1 && !(flags & HOSTAPD_CHAN_VHT_30_130)) ||
-		    (i == 2 && !(flags & HOSTAPD_CHAN_VHT_50_110)) ||
-		    (i == 3 && !(flags & HOSTAPD_CHAN_VHT_70_90)) ||
-		    (i == 4 && !(flags & HOSTAPD_CHAN_VHT_90_70)) ||
-		    (i == 5 && !(flags & HOSTAPD_CHAN_VHT_110_50)) ||
-		    (i == 6 && !(flags & HOSTAPD_CHAN_VHT_130_30)) ||
-		    (i == 7 && !(flags & HOSTAPD_CHAN_VHT_150_10)))
-			return NOT_ALLOWED;
-
-		if (flags & HOSTAPD_CHAN_NO_IR)
-			no_ir = 1;
-	}
-
-	if (no_ir)
-		return NO_IR;
-
-	return ALLOWED;
-}
-
-
-enum chan_allowed verify_channel(struct hostapd_hw_modes *mode, u8 op_class,
-				 u8 channel, u8 bw)
-{
-	unsigned int flag = 0;
-	enum chan_allowed res, res2;
-
-	res2 = res = allow_channel(mode, op_class, channel, &flag);
-	if (bw == BW40MINUS || (bw == BW40 && (((channel - 1) / 4) % 2))) {
-		if (!(flag & HOSTAPD_CHAN_HT40MINUS))
-			return NOT_ALLOWED;
-		res2 = allow_channel(mode, op_class, channel - 4, NULL);
-	} else if (bw == BW40PLUS) {
-		if (!(flag & HOSTAPD_CHAN_HT40PLUS))
-			return NOT_ALLOWED;
-		res2 = allow_channel(mode, op_class, channel + 4, NULL);
-	} else if (is_6ghz_op_class(op_class) && bw == BW40) {
-		if (get_6ghz_sec_channel(channel) < 0)
-			res2 = allow_channel(mode, op_class, channel - 4, NULL);
-		else
-			res2 = allow_channel(mode, op_class, channel + 4, NULL);
-	} else if (bw == BW80) {
-		/*
-		 * channel is a center channel and as such, not necessarily a
-		 * valid 20 MHz channels. Override earlier allow_channel()
-		 * result and use only the 80 MHz specific version.
-		 */
-		res2 = res = verify_80mhz(mode, op_class, channel);
-	} else if (bw == BW160) {
-		/*
-		 * channel is a center channel and as such, not necessarily a
-		 * valid 20 MHz channels. Override earlier allow_channel()
-		 * result and use only the 160 MHz specific version.
-		 */
-		res2 = res = verify_160mhz(mode, op_class, channel);
-	} else if (bw == BW80P80) {
-		/*
-		 * channel is a center channel and as such, not necessarily a
-		 * valid 20 MHz channels. Override earlier allow_channel()
-		 * result and use only the 80 MHz specific version.
-		 */
-		res2 = res = verify_80mhz(mode, op_class, channel);
-	}
-
-	if (res == NOT_ALLOWED || res2 == NOT_ALLOWED)
-		return NOT_ALLOWED;
-
-	if (res == NO_IR || res2 == NO_IR)
-		return NO_IR;
-
-	return ALLOWED;
-}
-
-
-static int wpas_op_class_supported(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid,
-				   const struct oper_class_map *op_class)
-{
-	int chan;
-	size_t i;
-	struct hostapd_hw_modes *mode;
-	int found;
-	int z;
-	int freq2 = 0;
-	int freq5 = 0;
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, op_class->mode,
-			is_6ghz_op_class(op_class->op_class));
-	if (!mode)
-		return 0;
-
-	/* If we are configured to disable certain things, take that into
-	 * account here. */
-	if (ssid && ssid->freq_list && ssid->freq_list[0]) {
-		for (z = 0; ; z++) {
-			int f = ssid->freq_list[z];
-
-			if (f == 0)
-				break; /* end of list */
-			if (f > 4000 && f < 6000)
-				freq5 = 1;
-			else if (f > 2400 && f < 2500)
-				freq2 = 1;
-		}
-	} else {
-		/* No frequencies specified, can use anything hardware supports.
-		 */
-		freq2 = freq5 = 1;
-	}
-
-	if (op_class->op_class >= 115 && op_class->op_class <= 130 && !freq5)
-		return 0;
-	if (op_class->op_class >= 81 && op_class->op_class <= 84 && !freq2)
-		return 0;
-
-#ifdef CONFIG_HT_OVERRIDES
-	if (ssid && ssid->disable_ht) {
-		switch (op_class->op_class) {
-		case 83:
-		case 84:
-		case 104:
-		case 105:
-		case 116:
-		case 117:
-		case 119:
-		case 120:
-		case 122:
-		case 123:
-		case 126:
-		case 127:
-		case 128:
-		case 129:
-		case 130:
-			/* Disable >= 40 MHz channels if HT is disabled */
-			return 0;
-		}
-	}
-#endif /* CONFIG_HT_OVERRIDES */
-
-#ifdef CONFIG_VHT_OVERRIDES
-	if (ssid && ssid->disable_vht) {
-		if (op_class->op_class >= 128 && op_class->op_class <= 130) {
-			/* Disable >= 80 MHz channels if VHT is disabled */
-			return 0;
-		}
-	}
-#endif /* CONFIG_VHT_OVERRIDES */
-
-	if (op_class->op_class == 128) {
-		u8 channels[] = { 42, 58, 106, 122, 138, 155, 171 };
-
-		for (i = 0; i < ARRAY_SIZE(channels); i++) {
-			if (verify_channel(mode, op_class->op_class,
-					   channels[i], op_class->bw) !=
-			    NOT_ALLOWED)
-				return 1;
-		}
-
-		return 0;
-	}
-
-	if (op_class->op_class == 129) {
-		/* Check if either 160 MHz channels is allowed */
-		return verify_channel(mode, op_class->op_class, 50,
-				      op_class->bw) != NOT_ALLOWED ||
-			verify_channel(mode, op_class->op_class, 114,
-				       op_class->bw) != NOT_ALLOWED ||
-			verify_channel(mode, op_class->op_class, 163,
-				       op_class->bw) != NOT_ALLOWED;
-	}
-
-	if (op_class->op_class == 130) {
-		/* Need at least two non-contiguous 80 MHz segments */
-		found = 0;
-
-		if (verify_channel(mode, op_class->op_class, 42,
-				   op_class->bw) != NOT_ALLOWED ||
-		    verify_channel(mode, op_class->op_class, 58,
-				   op_class->bw) != NOT_ALLOWED)
-			found++;
-		if (verify_channel(mode, op_class->op_class, 106,
-				   op_class->bw) != NOT_ALLOWED ||
-		    verify_channel(mode, op_class->op_class, 122,
-				   op_class->bw) != NOT_ALLOWED ||
-		    verify_channel(mode, op_class->op_class, 138,
-				   op_class->bw) != NOT_ALLOWED ||
-		    verify_channel(mode, op_class->op_class, 155,
-				   op_class->bw) != NOT_ALLOWED ||
-		    verify_channel(mode, op_class->op_class, 171,
-				   op_class->bw) != NOT_ALLOWED)
-			found++;
-		if (verify_channel(mode, op_class->op_class, 106,
-				   op_class->bw) != NOT_ALLOWED &&
-		    verify_channel(mode, op_class->op_class, 138,
-				   op_class->bw) != NOT_ALLOWED)
-			found++;
-		if (verify_channel(mode, op_class->op_class, 122,
-				   op_class->bw) != NOT_ALLOWED &&
-		    verify_channel(mode, op_class->op_class, 155,
-				   op_class->bw) != NOT_ALLOWED)
-			found++;
-		if (verify_channel(mode, op_class->op_class, 138,
-				   op_class->bw) != NOT_ALLOWED &&
-		    verify_channel(mode, op_class->op_class, 171,
-				   op_class->bw) != NOT_ALLOWED)
-			found++;
-
-		if (found >= 2)
-			return 1;
-
-		return 0;
-	}
-
-	if (op_class->op_class == 135) {
-		/* Need at least two 80 MHz segments which do not fall under the
-		 * same 160 MHz segment to support 80+80 in 6 GHz.
-		 */
-		int first_seg = 0;
-		int curr_seg = 0;
-
-		for (chan = op_class->min_chan; chan <= op_class->max_chan;
-		     chan += op_class->inc) {
-			curr_seg++;
-			if (verify_channel(mode, op_class->op_class, chan,
-					   op_class->bw) != NOT_ALLOWED) {
-				if (!first_seg) {
-					first_seg = curr_seg;
-					continue;
-				}
-
-				/* Supported if at least two non-consecutive 80
-				 * MHz segments allowed.
-				 */
-				if ((curr_seg - first_seg) > 1)
-					return 1;
-
-				/* Supported even if the 80 MHz segments are
-				 * consecutive when they do not fall under the
-				 * same 160 MHz segment.
-				 */
-				if ((first_seg % 2) == 0)
-					return 1;
-			}
-		}
-
-		return 0;
-	}
-
-	found = 0;
-	for (chan = op_class->min_chan; chan <= op_class->max_chan;
-	     chan += op_class->inc) {
-		if (verify_channel(mode, op_class->op_class, chan,
-				   op_class->bw) != NOT_ALLOWED) {
-			found = 1;
-			break;
-		}
-	}
-
-	return found;
-}
-
-
-static int wpas_sta_secondary_channel_offset(struct wpa_bss *bss, u8 *current,
-					     u8 *channel)
-{
-
-	const u8 *ies;
-	u8 phy_type;
-	size_t ies_len;
-
-	if (!bss)
-		return -1;
-	ies = wpa_bss_ie_ptr(bss);
-	ies_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
-	return wpas_get_op_chan_phy(bss->freq, ies, ies_len, current,
-				    channel, &phy_type);
-}
-
-
-size_t wpas_supp_op_class_ie(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid,
-			     struct wpa_bss *bss, u8 *pos, size_t len)
-{
-	struct wpabuf *buf;
-	u8 op, current, chan;
-	u8 *ie_len;
-	size_t res;
-
-	/*
-	 * Determine the current operating class correct mode based on
-	 * advertised BSS capabilities, if available. Fall back to a less
-	 * accurate guess based on frequency if the needed IEs are not available
-	 * or used.
-	 */
-	if (wpas_sta_secondary_channel_offset(bss, &current, &chan) < 0 &&
-	    ieee80211_freq_to_channel_ext(bss->freq, 0, CHANWIDTH_USE_HT,
-					  &current, &chan) == NUM_HOSTAPD_MODES)
-		return 0;
-
-	/*
-	 * Need 3 bytes for EID, length, and current operating class, plus
-	 * 1 byte for every other supported operating class.
-	 */
-	buf = wpabuf_alloc(global_op_class_size + 3);
-	if (!buf)
-		return 0;
-
-	wpabuf_put_u8(buf, WLAN_EID_SUPPORTED_OPERATING_CLASSES);
-	/* Will set the length later, putting a placeholder */
-	ie_len = wpabuf_put(buf, 1);
-	wpabuf_put_u8(buf, current);
-
-	for (op = 0; global_op_class[op].op_class; op++) {
-		if (wpas_op_class_supported(wpa_s, ssid, &global_op_class[op]))
-			wpabuf_put_u8(buf, global_op_class[op].op_class);
-	}
-
-	*ie_len = wpabuf_len(buf) - 2;
-	if (*ie_len < 2) {
-		wpa_printf(MSG_DEBUG,
-			   "No supported operating classes IE to add");
-		res = 0;
-	} else if (wpabuf_len(buf) > len) {
-		wpa_printf(MSG_ERROR,
-			   "Supported operating classes IE exceeds maximum buffer length");
-		res = 0;
-	} else {
-		os_memcpy(pos, wpabuf_head(buf), wpabuf_len(buf));
-		res = wpabuf_len(buf);
-		wpa_hexdump_buf(MSG_DEBUG,
-				"Added supported operating classes IE", buf);
-	}
-
-	wpabuf_free(buf);
-	return res;
-}
-
-
-int * wpas_supp_op_classes(struct wpa_supplicant *wpa_s)
-{
-	int op;
-	unsigned int pos, max_num = 0;
-	int *classes;
-
-	for (op = 0; global_op_class[op].op_class; op++)
-		max_num++;
-	classes = os_zalloc((max_num + 1) * sizeof(int));
-	if (!classes)
-		return NULL;
-
-	for (op = 0, pos = 0; global_op_class[op].op_class; op++) {
-		if (wpas_op_class_supported(wpa_s, NULL, &global_op_class[op]))
-			classes[pos++] = global_op_class[op].op_class;
-	}
-
-	return classes;
-}
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
deleted file mode 100644
index ce44dfb9e053..000000000000
--- a/wpa_supplicant/p2p_supplicant.c
+++ /dev/null
@@ -1,10107 +0,0 @@
-/*
- * wpa_supplicant - P2P
- * Copyright (c) 2009-2010, Atheros Communications
- * Copyright (c) 2010-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "common/ieee802_11_common.h"
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_ctrl.h"
-#include "wps/wps_i.h"
-#include "p2p/p2p.h"
-#include "ap/hostapd.h"
-#include "ap/ap_config.h"
-#include "ap/sta_info.h"
-#include "ap/ap_drv_ops.h"
-#include "ap/wps_hostapd.h"
-#include "ap/p2p_hostapd.h"
-#include "ap/dfs.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "ap.h"
-#include "config_ssid.h"
-#include "config.h"
-#include "notify.h"
-#include "scan.h"
-#include "bss.h"
-#include "offchannel.h"
-#include "wps_supplicant.h"
-#include "p2p_supplicant.h"
-#include "wifi_display.h"
-
-
-/*
- * How many times to try to scan to find the GO before giving up on join
- * request.
- */
-#define P2P_MAX_JOIN_SCAN_ATTEMPTS 10
-
-#define P2P_AUTO_PD_SCAN_ATTEMPTS 5
-
-/**
- * Defines time interval in seconds when a GO needs to evacuate a frequency that
- * it is currently using, but is no longer valid for P2P use cases.
- */
-#define P2P_GO_FREQ_CHANGE_TIME 5
-
-/**
- * Defines CSA parameters which are used when GO evacuates the no longer valid
- * channel (and if the driver supports channel switch).
- */
-#define P2P_GO_CSA_COUNT 7
-#define P2P_GO_CSA_BLOCK_TX 0
-
-#ifndef P2P_MAX_CLIENT_IDLE
-/*
- * How many seconds to try to reconnect to the GO when connection in P2P client
- * role has been lost.
- */
-#define P2P_MAX_CLIENT_IDLE 10
-#endif /* P2P_MAX_CLIENT_IDLE */
-
-#ifndef P2P_MAX_INITIAL_CONN_WAIT
-/*
- * How many seconds to wait for initial 4-way handshake to get completed after
- * WPS provisioning step or after the re-invocation of a persistent group on a
- * P2P Client.
- */
-#define P2P_MAX_INITIAL_CONN_WAIT 10
-#endif /* P2P_MAX_INITIAL_CONN_WAIT */
-
-#ifndef P2P_MAX_INITIAL_CONN_WAIT_GO
-/*
- * How many seconds to wait for initial 4-way handshake to get completed after
- * WPS provisioning step on the GO. This controls the extra time the P2P
- * operation is considered to be in progress (e.g., to delay other scans) after
- * WPS provisioning has been completed on the GO during group formation.
- */
-#define P2P_MAX_INITIAL_CONN_WAIT_GO 10
-#endif /* P2P_MAX_INITIAL_CONN_WAIT_GO */
-
-#ifndef P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE
-/*
- * How many seconds to wait for initial 4-way handshake to get completed after
- * re-invocation of a persistent group on the GO when the client is expected
- * to connect automatically (no user interaction).
- */
-#define P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE 15
-#endif /* P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE */
-
-#define P2P_MGMT_DEVICE_PREFIX		"p2p-dev-"
-
-/*
- * How many seconds to wait to re-attempt to move GOs, in case previous attempt
- * was not possible.
- */
-#define P2P_RECONSIDER_GO_MOVE_DELAY 30
-
-enum p2p_group_removal_reason {
-	P2P_GROUP_REMOVAL_UNKNOWN,
-	P2P_GROUP_REMOVAL_SILENT,
-	P2P_GROUP_REMOVAL_FORMATION_FAILED,
-	P2P_GROUP_REMOVAL_REQUESTED,
-	P2P_GROUP_REMOVAL_IDLE_TIMEOUT,
-	P2P_GROUP_REMOVAL_UNAVAILABLE,
-	P2P_GROUP_REMOVAL_GO_ENDING_SESSION,
-	P2P_GROUP_REMOVAL_PSK_FAILURE,
-	P2P_GROUP_REMOVAL_FREQ_CONFLICT,
-	P2P_GROUP_REMOVAL_GO_LEAVE_CHANNEL
-};
-
-
-static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx);
-static struct wpa_supplicant *
-wpas_p2p_get_group_iface(struct wpa_supplicant *wpa_s, int addr_allocated,
-			 int go);
-static int wpas_p2p_join_start(struct wpa_supplicant *wpa_s, int freq,
-			       const u8 *ssid, size_t ssid_len);
-static int wpas_p2p_setup_freqs(struct wpa_supplicant *wpa_s, int freq,
-				int *force_freq, int *pref_freq, int go,
-				unsigned int *pref_freq_list,
-				unsigned int *num_pref_freq);
-static void wpas_p2p_join_scan_req(struct wpa_supplicant *wpa_s, int freq,
-				   const u8 *ssid, size_t ssid_len);
-static void wpas_p2p_join_scan(void *eloop_ctx, void *timeout_ctx);
-static int wpas_p2p_join(struct wpa_supplicant *wpa_s, const u8 *iface_addr,
-			 const u8 *dev_addr, enum p2p_wps_method wps_method,
-			 int auto_join, int freq,
-			 const u8 *ssid, size_t ssid_len);
-static int wpas_p2p_create_iface(struct wpa_supplicant *wpa_s);
-static void wpas_p2p_cross_connect_setup(struct wpa_supplicant *wpa_s);
-static void wpas_p2p_group_idle_timeout(void *eloop_ctx, void *timeout_ctx);
-static void wpas_p2p_set_group_idle_timeout(struct wpa_supplicant *wpa_s);
-static void wpas_p2p_group_formation_timeout(void *eloop_ctx,
-					     void *timeout_ctx);
-static void wpas_p2p_group_freq_conflict(void *eloop_ctx, void *timeout_ctx);
-static int wpas_p2p_fallback_to_go_neg(struct wpa_supplicant *wpa_s,
-				       int group_added);
-static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s);
-static void wpas_stop_listen(void *ctx);
-static void wpas_p2p_psk_failure_removal(void *eloop_ctx, void *timeout_ctx);
-static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s);
-static int wpas_p2p_add_group_interface(struct wpa_supplicant *wpa_s,
-					enum wpa_driver_if_type type);
-static void wpas_p2p_group_formation_failed(struct wpa_supplicant *wpa_s,
-					    int already_deleted);
-static void wpas_p2p_optimize_listen_channel(struct wpa_supplicant *wpa_s,
-					     struct wpa_used_freq_data *freqs,
-					     unsigned int num);
-static void wpas_p2p_move_go(void *eloop_ctx, void *timeout_ctx);
-static int wpas_p2p_go_is_peer_freq(struct wpa_supplicant *wpa_s, int freq);
-static void
-wpas_p2p_consider_moving_gos(struct wpa_supplicant *wpa_s,
-			     struct wpa_used_freq_data *freqs, unsigned int num,
-			     enum wpas_p2p_channel_update_trig trig);
-static void wpas_p2p_reconsider_moving_go(void *eloop_ctx, void *timeout_ctx);
-
-
-static int wpas_get_6ghz_he_chwidth_capab(struct hostapd_hw_modes *mode)
-{
-	int he_capab = 0;
-
-	if (mode)
-		he_capab = mode->he_capab[WPAS_MODE_INFRA].phy_cap[
-			HE_PHYCAP_CHANNEL_WIDTH_SET_IDX];
-	return he_capab;
-}
-
-
-/*
- * Get the number of concurrent channels that the HW can operate, but that are
- * currently not in use by any of the wpa_supplicant interfaces.
- */
-static int wpas_p2p_num_unused_channels(struct wpa_supplicant *wpa_s)
-{
-	int *freqs;
-	int num, unused;
-
-	freqs = os_calloc(wpa_s->num_multichan_concurrent, sizeof(int));
-	if (!freqs)
-		return -1;
-
-	num = get_shared_radio_freqs(wpa_s, freqs,
-				     wpa_s->num_multichan_concurrent);
-	os_free(freqs);
-
-	unused = wpa_s->num_multichan_concurrent - num;
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: num_unused_channels: %d", unused);
-	return unused;
-}
-
-
-/*
- * Get the frequencies that are currently in use by one or more of the virtual
- * interfaces, and that are also valid for P2P operation.
- */
-static unsigned int
-wpas_p2p_valid_oper_freqs(struct wpa_supplicant *wpa_s,
-			  struct wpa_used_freq_data *p2p_freqs,
-			  unsigned int len)
-{
-	struct wpa_used_freq_data *freqs;
-	unsigned int num, i, j;
-
-	freqs = os_calloc(wpa_s->num_multichan_concurrent,
-			  sizeof(struct wpa_used_freq_data));
-	if (!freqs)
-		return 0;
-
-	num = get_shared_radio_freqs_data(wpa_s, freqs,
-					  wpa_s->num_multichan_concurrent);
-
-	os_memset(p2p_freqs, 0, sizeof(struct wpa_used_freq_data) * len);
-
-	for (i = 0, j = 0; i < num && j < len; i++) {
-		if (p2p_supported_freq(wpa_s->global->p2p, freqs[i].freq))
-			p2p_freqs[j++] = freqs[i];
-	}
-
-	os_free(freqs);
-
-	dump_freq_data(wpa_s, "valid for P2P", p2p_freqs, j);
-
-	return j;
-}
-
-
-static void wpas_p2p_set_own_freq_preference(struct wpa_supplicant *wpa_s,
-					     int freq)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-
-	/* Use the wpa_s used to control the P2P Device operation */
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	if (wpa_s->conf->p2p_ignore_shared_freq &&
-	    freq > 0 && wpa_s->num_multichan_concurrent > 1 &&
-	    wpas_p2p_num_unused_channels(wpa_s) > 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Ignore own channel preference %d MHz due to p2p_ignore_shared_freq=1 configuration",
-			   freq);
-		freq = 0;
-	}
-	p2p_set_own_freq_preference(wpa_s->global->p2p, freq);
-}
-
-
-static void wpas_p2p_scan_res_handled(struct wpa_supplicant *wpa_s)
-{
-	unsigned int delay = wpas_p2p_search_delay(wpa_s);
-
-	/* In case of concurrent P2P and external scans, delay P2P search. */
-	if (external_scan_running(wpa_s->radio)) {
-		delay = wpa_s->conf->p2p_search_delay;
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Delay next P2P search by %d ms to let externally triggered scan complete",
-			   delay);
-	}
-
-	p2p_scan_res_handled(wpa_s->global->p2p, delay);
-}
-
-
-static void wpas_p2p_scan_res_handler(struct wpa_supplicant *wpa_s,
-				      struct wpa_scan_results *scan_res)
-{
-	size_t i;
-
-	if (wpa_s->p2p_scan_work) {
-		struct wpa_radio_work *work = wpa_s->p2p_scan_work;
-		wpa_s->p2p_scan_work = NULL;
-		radio_work_done(work);
-	}
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-
-	wpa_printf(MSG_DEBUG, "P2P: Scan results received (%d BSS)",
-		   (int) scan_res->num);
-
-	for (i = 0; i < scan_res->num; i++) {
-		struct wpa_scan_res *bss = scan_res->res[i];
-		struct os_reltime time_tmp_age, entry_ts;
-		const u8 *ies;
-		size_t ies_len;
-
-		time_tmp_age.sec = bss->age / 1000;
-		time_tmp_age.usec = (bss->age % 1000) * 1000;
-		os_reltime_sub(&scan_res->fetch_time, &time_tmp_age, &entry_ts);
-
-		ies = (const u8 *) (bss + 1);
-		ies_len = bss->ie_len;
-		if (bss->beacon_ie_len > 0 &&
-		    !wpa_scan_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
-		    wpa_scan_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) {
-			wpa_printf(MSG_DEBUG, "P2P: Use P2P IE(s) from Beacon frame since no P2P IE(s) in Probe Response frames received for "
-				   MACSTR, MAC2STR(bss->bssid));
-			ies = ies + ies_len;
-			ies_len = bss->beacon_ie_len;
-		}
-
-
-		if (p2p_scan_res_handler(wpa_s->global->p2p, bss->bssid,
-					 bss->freq, &entry_ts, bss->level,
-					 ies, ies_len) > 0)
-			break;
-	}
-
-	wpas_p2p_scan_res_handled(wpa_s);
-}
-
-
-static void wpas_p2p_scan_res_fail_handler(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_scan_work) {
-		struct wpa_radio_work *work = wpa_s->p2p_scan_work;
-
-		wpa_s->p2p_scan_work = NULL;
-		radio_work_done(work);
-	}
-
-	if (wpa_s->global->p2p_disabled || !wpa_s->global->p2p)
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"P2P: Failed to get scan results - try to continue");
-	wpas_p2p_scan_res_handled(wpa_s);
-}
-
-
-static void wpas_p2p_trigger_scan_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct wpa_driver_scan_params *params = work->ctx;
-	int ret;
-
-	if (deinit) {
-		if (!work->started) {
-			wpa_scan_free_params(params);
-			return;
-		}
-
-		wpa_s->p2p_scan_work = NULL;
-		return;
-	}
-
-	if (wpa_s->clear_driver_scan_cache) {
-		wpa_printf(MSG_DEBUG,
-			   "Request driver to clear scan cache due to local BSS flush");
-		params->only_new_results = 1;
-	}
-
-	if (!params->p2p_include_6ghz && !params->freqs) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Exclude 6 GHz channels - update the scan frequency list");
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, params,
-					0);
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params,
-					0);
-	}
-	ret = wpa_drv_scan(wpa_s, params);
-	if (ret == 0)
-		wpa_s->curr_scan_cookie = params->scan_cookie;
-	wpa_scan_free_params(params);
-	work->ctx = NULL;
-	if (ret) {
-		radio_work_done(work);
-		p2p_notify_scan_trigger_status(wpa_s->global->p2p, ret);
-		return;
-	}
-
-	p2p_notify_scan_trigger_status(wpa_s->global->p2p, ret);
-	os_get_reltime(&wpa_s->scan_trigger_time);
-	wpa_s->scan_res_handler = wpas_p2p_scan_res_handler;
-	wpa_s->scan_res_fail_handler = wpas_p2p_scan_res_fail_handler;
-	wpa_s->own_scan_requested = 1;
-	wpa_s->clear_driver_scan_cache = 0;
-	wpa_s->p2p_scan_work = work;
-}
-
-
-static int wpas_p2p_search_social_channel(struct wpa_supplicant *wpa_s,
-					  int freq)
-{
-	if (wpa_s->global->p2p_24ghz_social_channels &&
-	    (freq == 2412 || freq == 2437 || freq == 2462)) {
-		/*
-		 * Search all social channels regardless of whether these have
-		 * been disabled for P2P operating channel use to avoid missing
-		 * peers.
-		 */
-		return 1;
-	}
-	return p2p_supported_freq(wpa_s->global->p2p, freq);
-}
-
-
-static int wpas_p2p_scan(void *ctx, enum p2p_scan_type type, int freq,
-			 unsigned int num_req_dev_types,
-			 const u8 *req_dev_types, const u8 *dev_id, u16 pw_id,
-			 bool include_6ghz)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_driver_scan_params *params = NULL;
-	struct wpabuf *wps_ie, *ies;
-	unsigned int num_channels = 0;
-	int social_channels_freq[] = { 2412, 2437, 2462, 60480 };
-	size_t ielen;
-	u8 *n, i;
-	unsigned int bands;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	if (wpa_s->p2p_scan_work) {
-		wpa_dbg(wpa_s, MSG_INFO, "P2P: Reject scan trigger since one is already pending");
-		return -1;
-	}
-
-	params = os_zalloc(sizeof(*params));
-	if (params == NULL)
-		return -1;
-
-	/* P2P Wildcard SSID */
-	params->num_ssids = 1;
-	n = os_malloc(P2P_WILDCARD_SSID_LEN);
-	if (n == NULL)
-		goto fail;
-	os_memcpy(n, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN);
-	params->ssids[0].ssid = n;
-	params->ssids[0].ssid_len = P2P_WILDCARD_SSID_LEN;
-
-	wpa_s->wps->dev.p2p = 1;
-	wps_ie = wps_build_probe_req_ie(pw_id, &wpa_s->wps->dev,
-					wpa_s->wps->uuid, WPS_REQ_ENROLLEE,
-					num_req_dev_types, req_dev_types);
-	if (wps_ie == NULL)
-		goto fail;
-	if (!wpa_s->conf->p2p_6ghz_disable)
-		params->p2p_include_6ghz = include_6ghz;
-	switch (type) {
-	case P2P_SCAN_SOCIAL:
-		params->freqs = os_calloc(ARRAY_SIZE(social_channels_freq) + 1,
-					  sizeof(int));
-		if (params->freqs == NULL)
-			goto fail;
-		for (i = 0; i < ARRAY_SIZE(social_channels_freq); i++) {
-			if (wpas_p2p_search_social_channel(
-				    wpa_s, social_channels_freq[i]))
-				params->freqs[num_channels++] =
-					social_channels_freq[i];
-		}
-		params->freqs[num_channels++] = 0;
-		break;
-	case P2P_SCAN_FULL:
-		break;
-	case P2P_SCAN_SPECIFIC:
-		params->freqs = os_calloc(2, sizeof(int));
-		if (params->freqs == NULL)
-			goto fail;
-		params->freqs[0] = freq;
-		params->freqs[1] = 0;
-		break;
-	case P2P_SCAN_SOCIAL_PLUS_ONE:
-		params->freqs = os_calloc(ARRAY_SIZE(social_channels_freq) + 2,
-					  sizeof(int));
-		if (params->freqs == NULL)
-			goto fail;
-		for (i = 0; i < ARRAY_SIZE(social_channels_freq); i++) {
-			if (wpas_p2p_search_social_channel(
-				    wpa_s, social_channels_freq[i]))
-				params->freqs[num_channels++] =
-					social_channels_freq[i];
-		}
-		if (p2p_supported_freq(wpa_s->global->p2p, freq))
-			params->freqs[num_channels++] = freq;
-		params->freqs[num_channels++] = 0;
-		break;
-	}
-
-	ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
-	ies = wpabuf_alloc(wpabuf_len(wps_ie) + ielen);
-	if (ies == NULL) {
-		wpabuf_free(wps_ie);
-		goto fail;
-	}
-	wpabuf_put_buf(ies, wps_ie);
-	wpabuf_free(wps_ie);
-
-	bands = wpas_get_bands(wpa_s, params->freqs);
-	p2p_scan_ie(wpa_s->global->p2p, ies, dev_id, bands);
-
-	params->p2p_probe = 1;
-	n = os_malloc(wpabuf_len(ies));
-	if (n == NULL) {
-		wpabuf_free(ies);
-		goto fail;
-	}
-	os_memcpy(n, wpabuf_head(ies), wpabuf_len(ies));
-	params->extra_ies = n;
-	params->extra_ies_len = wpabuf_len(ies);
-	wpabuf_free(ies);
-
-	radio_remove_works(wpa_s, "p2p-scan", 0);
-	if (radio_add_work(wpa_s, 0, "p2p-scan", 0, wpas_p2p_trigger_scan_cb,
-			   params) < 0)
-		goto fail;
-	return 0;
-
-fail:
-	wpa_scan_free_params(params);
-	return -1;
-}
-
-
-static enum wpa_driver_if_type wpas_p2p_if_type(int p2p_group_interface)
-{
-	switch (p2p_group_interface) {
-	case P2P_GROUP_INTERFACE_PENDING:
-		return WPA_IF_P2P_GROUP;
-	case P2P_GROUP_INTERFACE_GO:
-		return WPA_IF_P2P_GO;
-	case P2P_GROUP_INTERFACE_CLIENT:
-		return WPA_IF_P2P_CLIENT;
-	}
-
-	return WPA_IF_P2P_GROUP;
-}
-
-
-static struct wpa_supplicant * wpas_get_p2p_group(struct wpa_supplicant *wpa_s,
-						  const u8 *ssid,
-						  size_t ssid_len, int *go)
-{
-	struct wpa_ssid *s;
-
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		for (s = wpa_s->conf->ssid; s; s = s->next) {
-			if (s->disabled != 0 || !s->p2p_group ||
-			    s->ssid_len != ssid_len ||
-			    os_memcmp(ssid, s->ssid, ssid_len) != 0)
-				continue;
-			if (s->mode == WPAS_MODE_P2P_GO &&
-			    s != wpa_s->current_ssid)
-				continue;
-			if (go)
-				*go = s->mode == WPAS_MODE_P2P_GO;
-			return wpa_s;
-		}
-	}
-
-	return NULL;
-}
-
-
-static void run_wpas_p2p_disconnect(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpa_printf(MSG_DEBUG,
-		   "P2P: Complete previously requested removal of %s",
-		   wpa_s->ifname);
-	wpas_p2p_disconnect(wpa_s);
-}
-
-
-static int wpas_p2p_disconnect_safely(struct wpa_supplicant *wpa_s,
-				      struct wpa_supplicant *calling_wpa_s)
-{
-	if (calling_wpa_s == wpa_s && wpa_s &&
-	    wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
-		/*
-		 * The calling wpa_s instance is going to be removed. Do that
-		 * from an eloop callback to keep the instance available until
-		 * the caller has returned. This may be needed, e.g., to provide
-		 * control interface responses on the per-interface socket.
-		 */
-		if (eloop_register_timeout(0, 0, run_wpas_p2p_disconnect,
-					   wpa_s, NULL) < 0)
-			return -1;
-		return 0;
-	}
-
-	return wpas_p2p_disconnect(wpa_s);
-}
-
-
-/* Determine total number of clients in active groups where we are the GO */
-static unsigned int p2p_group_go_member_count(struct wpa_supplicant *wpa_s)
-{
-	unsigned int count = 0;
-	struct wpa_ssid *s;
-
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		for (s = wpa_s->conf->ssid; s; s = s->next) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: sup:%p ssid:%p disabled:%d p2p:%d mode:%d",
-				   wpa_s, s, s->disabled, s->p2p_group,
-				   s->mode);
-			if (!s->disabled && s->p2p_group &&
-			    s->mode == WPAS_MODE_P2P_GO) {
-				count += p2p_get_group_num_members(
-					wpa_s->p2p_group);
-			}
-		}
-	}
-
-	return count;
-}
-
-
-static unsigned int p2p_is_active_persistent_group(struct wpa_supplicant *wpa_s)
-{
-	return !wpa_s->p2p_mgmt && wpa_s->current_ssid &&
-		!wpa_s->current_ssid->disabled &&
-		wpa_s->current_ssid->p2p_group &&
-		wpa_s->current_ssid->p2p_persistent_group;
-}
-
-
-static unsigned int p2p_is_active_persistent_go(struct wpa_supplicant *wpa_s)
-{
-	return p2p_is_active_persistent_group(wpa_s) &&
-		wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO;
-}
-
-
-/* Find an interface for a P2P group where we are the GO */
-static struct wpa_supplicant *
-wpas_p2p_get_go_group(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_supplicant *save = NULL;
-
-	if (!wpa_s)
-		return NULL;
-
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (!p2p_is_active_persistent_go(wpa_s))
-			continue;
-
-		/* Prefer a group with connected clients */
-		if (p2p_get_group_num_members(wpa_s->p2p_group))
-			return wpa_s;
-		save = wpa_s;
-	}
-
-	/* No group with connected clients, so pick the one without (if any) */
-	return save;
-}
-
-
-static unsigned int p2p_is_active_persistent_cli(struct wpa_supplicant *wpa_s)
-{
-	return p2p_is_active_persistent_group(wpa_s) &&
-		wpa_s->current_ssid->mode == WPAS_MODE_INFRA;
-}
-
-
-/* Find an interface for a P2P group where we are the P2P Client */
-static struct wpa_supplicant *
-wpas_p2p_get_cli_group(struct wpa_supplicant *wpa_s)
-{
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (p2p_is_active_persistent_cli(wpa_s))
-			return wpa_s;
-	}
-
-	return NULL;
-}
-
-
-/* Find a persistent group where we are the GO */
-static struct wpa_ssid *
-wpas_p2p_get_persistent_go(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *s;
-
-	for (s = wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled == 2 && s->mode == WPAS_MODE_P2P_GO)
-			return s;
-	}
-
-	return NULL;
-}
-
-
-static u8 p2ps_group_capability(void *ctx, u8 incoming, u8 role,
-				unsigned int *force_freq,
-				unsigned int *pref_freq)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *s;
-	u8 conncap = P2PS_SETUP_NONE;
-	unsigned int owned_members = 0;
-	struct wpa_supplicant *go_wpa_s, *cli_wpa_s;
-	struct wpa_ssid *persistent_go;
-	int p2p_no_group_iface;
-	unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
-
-	wpa_printf(MSG_DEBUG, "P2P: Conncap - in:%d role:%d", incoming, role);
-
-	if (force_freq)
-		*force_freq = 0;
-	if (pref_freq)
-		*pref_freq = 0;
-
-	size = P2P_MAX_PREF_CHANNELS;
-	if (force_freq && pref_freq &&
-	    !wpas_p2p_setup_freqs(wpa_s, 0, (int *) force_freq,
-				  (int *) pref_freq, 0, pref_freq_list, &size))
-		wpas_p2p_set_own_freq_preference(wpa_s,
-						 *force_freq ? *force_freq :
-						 *pref_freq);
-
-	/*
-	 * For non-concurrent capable devices:
-	 * If persistent_go, then no new.
-	 * If GO, then no client.
-	 * If client, then no GO.
-	 */
-	go_wpa_s = wpas_p2p_get_go_group(wpa_s);
-	if (go_wpa_s)
-		owned_members = p2p_get_group_num_members(go_wpa_s->p2p_group);
-	persistent_go = wpas_p2p_get_persistent_go(wpa_s);
-	p2p_no_group_iface = !wpas_p2p_create_iface(wpa_s);
-	cli_wpa_s = wpas_p2p_get_cli_group(wpa_s);
-
-	wpa_printf(MSG_DEBUG,
-		   "P2P: GO(iface)=%p members=%u CLI(iface)=%p persistent(ssid)=%p",
-		   go_wpa_s, owned_members, cli_wpa_s, persistent_go);
-
-	/* If not concurrent, restrict our choices */
-	if (p2p_no_group_iface) {
-		wpa_printf(MSG_DEBUG, "P2P: p2p_no_group_iface");
-
-		if (cli_wpa_s)
-			return P2PS_SETUP_NONE;
-
-		if (go_wpa_s) {
-			if (role == P2PS_SETUP_CLIENT ||
-			    incoming == P2PS_SETUP_GROUP_OWNER ||
-			    p2p_client_limit_reached(go_wpa_s->p2p_group))
-				return P2PS_SETUP_NONE;
-
-			return P2PS_SETUP_GROUP_OWNER;
-		}
-
-		if (persistent_go) {
-			if (role == P2PS_SETUP_NONE || role == P2PS_SETUP_NEW) {
-				if (!incoming)
-					return P2PS_SETUP_GROUP_OWNER |
-						P2PS_SETUP_CLIENT;
-				if (incoming == P2PS_SETUP_NEW) {
-					u8 r;
-
-					if (os_get_random(&r, sizeof(r)) < 0 ||
-					    (r & 1))
-						return P2PS_SETUP_CLIENT;
-					return P2PS_SETUP_GROUP_OWNER;
-				}
-			}
-		}
-	}
-
-	/* If a required role has been specified, handle it here */
-	if (role && role != P2PS_SETUP_NEW) {
-		switch (incoming) {
-		case P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW:
-		case P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_CLIENT:
-			/*
-			 * Peer has an active GO, so if the role allows it and
-			 * we do not have any active roles, become client.
-			 */
-			if ((role & P2PS_SETUP_CLIENT) && !go_wpa_s &&
-			    !cli_wpa_s)
-				return P2PS_SETUP_CLIENT;
-
-			/* fall through */
-
-		case P2PS_SETUP_NONE:
-		case P2PS_SETUP_NEW:
-			conncap = role;
-			goto grp_owner;
-
-		case P2PS_SETUP_GROUP_OWNER:
-			/*
-			 * Must be a complimentary role - cannot be a client to
-			 * more than one peer.
-			 */
-			if (incoming == role || cli_wpa_s)
-				return P2PS_SETUP_NONE;
-
-			return P2PS_SETUP_CLIENT;
-
-		case P2PS_SETUP_CLIENT:
-			/* Must be a complimentary role */
-			if (incoming != role) {
-				conncap = P2PS_SETUP_GROUP_OWNER;
-				goto grp_owner;
-			}
-			/* fall through */
-
-		default:
-			return P2PS_SETUP_NONE;
-		}
-	}
-
-	/*
-	 * For now, we only will support ownership of one group, and being a
-	 * client of one group. Therefore, if we have either an existing GO
-	 * group, or an existing client group, we will not do a new GO
-	 * negotiation, but rather try to re-use the existing groups.
-	 */
-	switch (incoming) {
-	case P2PS_SETUP_NONE:
-	case P2PS_SETUP_NEW:
-		if (cli_wpa_s)
-			conncap = P2PS_SETUP_GROUP_OWNER;
-		else if (!owned_members)
-			conncap = P2PS_SETUP_NEW;
-		else if (incoming == P2PS_SETUP_NONE)
-			conncap = P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_CLIENT;
-		else
-			conncap = P2PS_SETUP_CLIENT;
-		break;
-
-	case P2PS_SETUP_CLIENT:
-		conncap = P2PS_SETUP_GROUP_OWNER;
-		break;
-
-	case P2PS_SETUP_GROUP_OWNER:
-		if (!cli_wpa_s)
-			conncap = P2PS_SETUP_CLIENT;
-		break;
-
-	case P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW:
-	case P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_CLIENT:
-		if (cli_wpa_s)
-			conncap = P2PS_SETUP_GROUP_OWNER;
-		else {
-			u8 r;
-
-			if (os_get_random(&r, sizeof(r)) < 0 ||
-			    (r & 1))
-				conncap = P2PS_SETUP_CLIENT;
-			else
-				conncap = P2PS_SETUP_GROUP_OWNER;
-		}
-		break;
-
-	default:
-		return P2PS_SETUP_NONE;
-	}
-
-grp_owner:
-	if ((conncap & P2PS_SETUP_GROUP_OWNER) ||
-	    (!incoming && (conncap & P2PS_SETUP_NEW))) {
-		if (go_wpa_s && p2p_client_limit_reached(go_wpa_s->p2p_group))
-			conncap &= ~P2PS_SETUP_GROUP_OWNER;
-
-		s = wpas_p2p_get_persistent_go(wpa_s);
-		if (!s && !go_wpa_s && p2p_no_group_iface) {
-			p2p_set_intended_addr(wpa_s->global->p2p,
-					      wpa_s->p2p_mgmt ?
-					      wpa_s->parent->own_addr :
-					      wpa_s->own_addr);
-		} else if (!s && !go_wpa_s) {
-			if (wpas_p2p_add_group_interface(wpa_s,
-							 WPA_IF_P2P_GROUP) < 0) {
-				wpa_printf(MSG_ERROR,
-					   "P2P: Failed to allocate a new interface for the group");
-				return P2PS_SETUP_NONE;
-			}
-			wpa_s->global->pending_group_iface_for_p2ps = 1;
-			p2p_set_intended_addr(wpa_s->global->p2p,
-					      wpa_s->pending_interface_addr);
-		}
-	}
-
-	return conncap;
-}
-
-
-static int wpas_p2p_group_delete(struct wpa_supplicant *wpa_s,
-				 enum p2p_group_removal_reason removal_reason)
-{
-	struct wpa_ssid *ssid;
-	char *gtype;
-	const char *reason;
-
-	ssid = wpa_s->current_ssid;
-	if (ssid == NULL) {
-		/*
-		 * The current SSID was not known, but there may still be a
-		 * pending P2P group interface waiting for provisioning or a
-		 * P2P group that is trying to reconnect.
-		 */
-		ssid = wpa_s->conf->ssid;
-		while (ssid) {
-			if (ssid->p2p_group && ssid->disabled != 2)
-				break;
-			ssid = ssid->next;
-		}
-		if (ssid == NULL &&
-			wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE)
-		{
-			wpa_printf(MSG_ERROR, "P2P: P2P group interface "
-				   "not found");
-			return -1;
-		}
-	}
-	if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO)
-		gtype = "GO";
-	else if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT ||
-		 (ssid && ssid->mode == WPAS_MODE_INFRA)) {
-		wpa_s->reassociate = 0;
-		wpa_s->disconnected = 1;
-		gtype = "client";
-	} else
-		gtype = "GO";
-
-	if (removal_reason != P2P_GROUP_REMOVAL_SILENT && ssid)
-		wpas_notify_p2p_group_removed(wpa_s, ssid, gtype);
-
-	if (os_strcmp(gtype, "client") == 0) {
-		wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-		if (eloop_is_timeout_registered(wpas_p2p_psk_failure_removal,
-						wpa_s, NULL)) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: PSK failure removal was scheduled, so use PSK failure as reason for group removal");
-			removal_reason = P2P_GROUP_REMOVAL_PSK_FAILURE;
-			eloop_cancel_timeout(wpas_p2p_psk_failure_removal,
-					     wpa_s, NULL);
-		}
-	}
-
-	if (wpa_s->cross_connect_in_use) {
-		wpa_s->cross_connect_in_use = 0;
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_CROSS_CONNECT_DISABLE "%s %s",
-			       wpa_s->ifname, wpa_s->cross_connect_uplink);
-	}
-	switch (removal_reason) {
-	case P2P_GROUP_REMOVAL_REQUESTED:
-		reason = " reason=REQUESTED";
-		break;
-	case P2P_GROUP_REMOVAL_FORMATION_FAILED:
-		reason = " reason=FORMATION_FAILED";
-		break;
-	case P2P_GROUP_REMOVAL_IDLE_TIMEOUT:
-		reason = " reason=IDLE";
-		break;
-	case P2P_GROUP_REMOVAL_UNAVAILABLE:
-		reason = " reason=UNAVAILABLE";
-		break;
-	case P2P_GROUP_REMOVAL_GO_ENDING_SESSION:
-		reason = " reason=GO_ENDING_SESSION";
-		break;
-	case P2P_GROUP_REMOVAL_PSK_FAILURE:
-		reason = " reason=PSK_FAILURE";
-		break;
-	case P2P_GROUP_REMOVAL_FREQ_CONFLICT:
-		reason = " reason=FREQ_CONFLICT";
-		break;
-	default:
-		reason = "";
-		break;
-	}
-	if (removal_reason != P2P_GROUP_REMOVAL_SILENT) {
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_GROUP_REMOVED "%s %s%s",
-			       wpa_s->ifname, gtype, reason);
-	}
-
-	if (eloop_cancel_timeout(wpas_p2p_group_freq_conflict, wpa_s, NULL) > 0)
-		wpa_printf(MSG_DEBUG, "P2P: Cancelled P2P group freq_conflict timeout");
-	if (eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL) > 0)
-		wpa_printf(MSG_DEBUG, "P2P: Cancelled P2P group idle timeout");
-	if (eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-				 wpa_s->p2pdev, NULL) > 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Cancelled P2P group formation "
-			   "timeout");
-		wpa_s->p2p_in_provisioning = 0;
-		wpas_p2p_group_formation_failed(wpa_s, 1);
-	}
-
-	wpa_s->p2p_in_invitation = 0;
-	eloop_cancel_timeout(wpas_p2p_move_go, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_p2p_reconsider_moving_go, wpa_s, NULL);
-
-	/*
-	 * Make sure wait for the first client does not remain active after the
-	 * group has been removed.
-	 */
-	wpa_s->global->p2p_go_wait_client.sec = 0;
-
-	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
-		struct wpa_global *global;
-		char *ifname;
-		enum wpa_driver_if_type type;
-		wpa_printf(MSG_DEBUG, "P2P: Remove group interface %s",
-			wpa_s->ifname);
-		global = wpa_s->global;
-		ifname = os_strdup(wpa_s->ifname);
-		type = wpas_p2p_if_type(wpa_s->p2p_group_interface);
-		eloop_cancel_timeout(run_wpas_p2p_disconnect, wpa_s, NULL);
-		wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0);
-		wpa_s = global->ifaces;
-		if (wpa_s && ifname)
-			wpa_drv_if_remove(wpa_s, type, ifname);
-		os_free(ifname);
-		return 1;
-	}
-
-	/*
-	 * The primary interface was used for P2P group operations, so
-	 * need to reset its p2pdev.
-	 */
-	wpa_s->p2pdev = wpa_s->parent;
-
-	if (!wpa_s->p2p_go_group_formation_completed) {
-		wpa_s->global->p2p_group_formation = NULL;
-		wpa_s->p2p_in_provisioning = 0;
-	}
-
-	wpa_s->show_group_started = 0;
-	os_free(wpa_s->go_params);
-	wpa_s->go_params = NULL;
-
-	os_free(wpa_s->p2p_group_common_freqs);
-	wpa_s->p2p_group_common_freqs = NULL;
-	wpa_s->p2p_group_common_freqs_num = 0;
-	wpa_s->p2p_go_do_acs = 0;
-	wpa_s->p2p_go_allow_dfs = 0;
-
-	wpa_s->waiting_presence_resp = 0;
-
-	wpa_printf(MSG_DEBUG, "P2P: Remove temporary group network");
-	if (ssid && (ssid->p2p_group ||
-		     ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION ||
-		     (ssid->key_mgmt & WPA_KEY_MGMT_WPS))) {
-		int id = ssid->id;
-		if (ssid == wpa_s->current_ssid) {
-			wpa_sm_set_config(wpa_s->wpa, NULL);
-			eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-			wpa_s->current_ssid = NULL;
-		}
-		/*
-		 * Networks objects created during any P2P activities are not
-		 * exposed out as they might/will confuse certain non-P2P aware
-		 * applications since these network objects won't behave like
-		 * regular ones.
-		 *
-		 * Likewise, we don't send out network removed signals for such
-		 * network objects.
-		 */
-		wpa_config_remove_network(wpa_s->conf, id);
-		wpa_supplicant_clear_status(wpa_s);
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-	} else {
-		wpa_printf(MSG_DEBUG, "P2P: Temporary group network not "
-			   "found");
-	}
-	if (wpa_s->ap_iface)
-		wpa_supplicant_ap_deinit(wpa_s);
-	else
-		wpa_drv_deinit_p2p_cli(wpa_s);
-
-	os_memset(wpa_s->go_dev_addr, 0, ETH_ALEN);
-
-	return 0;
-}
-
-
-static int wpas_p2p_persistent_group(struct wpa_supplicant *wpa_s,
-				     u8 *go_dev_addr,
-				     const u8 *ssid, size_t ssid_len)
-{
-	struct wpa_bss *bss;
-	const u8 *bssid;
-	struct wpabuf *p2p;
-	u8 group_capab;
-	const u8 *addr;
-
-	if (wpa_s->go_params)
-		bssid = wpa_s->go_params->peer_interface_addr;
-	else
-		bssid = wpa_s->bssid;
-
-	bss = wpa_bss_get(wpa_s, bssid, ssid, ssid_len);
-	if (bss == NULL && wpa_s->go_params &&
-	    !is_zero_ether_addr(wpa_s->go_params->peer_device_addr))
-		bss = wpa_bss_get_p2p_dev_addr(
-			wpa_s, wpa_s->go_params->peer_device_addr);
-	if (bss == NULL) {
-		u8 iface_addr[ETH_ALEN];
-		if (p2p_get_interface_addr(wpa_s->global->p2p, bssid,
-					   iface_addr) == 0)
-			bss = wpa_bss_get(wpa_s, iface_addr, ssid, ssid_len);
-	}
-	if (bss == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Could not figure out whether "
-			   "group is persistent - BSS " MACSTR " not found",
-			   MAC2STR(bssid));
-		return 0;
-	}
-
-	p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
-	if (p2p == NULL)
-		p2p = wpa_bss_get_vendor_ie_multi_beacon(bss,
-							 P2P_IE_VENDOR_TYPE);
-	if (p2p == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Could not figure out whether "
-			   "group is persistent - BSS " MACSTR
-			   " did not include P2P IE", MAC2STR(bssid));
-		wpa_hexdump(MSG_DEBUG, "P2P: Probe Response IEs",
-			    wpa_bss_ie_ptr(bss), bss->ie_len);
-		wpa_hexdump(MSG_DEBUG, "P2P: Beacon IEs",
-			    wpa_bss_ie_ptr(bss) + bss->ie_len,
-			    bss->beacon_ie_len);
-		return 0;
-	}
-
-	group_capab = p2p_get_group_capab(p2p);
-	addr = p2p_get_go_dev_addr(p2p);
-	wpa_printf(MSG_DEBUG, "P2P: Checking whether group is persistent: "
-		   "group_capab=0x%x", group_capab);
-	if (addr) {
-		os_memcpy(go_dev_addr, addr, ETH_ALEN);
-		wpa_printf(MSG_DEBUG, "P2P: GO Device Address " MACSTR,
-			   MAC2STR(addr));
-	} else
-		os_memset(go_dev_addr, 0, ETH_ALEN);
-	wpabuf_free(p2p);
-
-	wpa_printf(MSG_DEBUG, "P2P: BSS " MACSTR " group_capab=0x%x "
-		   "go_dev_addr=" MACSTR,
-		   MAC2STR(bssid), group_capab, MAC2STR(go_dev_addr));
-
-	return !!(group_capab & P2P_GROUP_CAPAB_PERSISTENT_GROUP);
-}
-
-
-static int wpas_p2p_store_persistent_group(struct wpa_supplicant *wpa_s,
-					   struct wpa_ssid *ssid,
-					   const u8 *go_dev_addr)
-{
-	struct wpa_ssid *s;
-	int changed = 0;
-
-	wpa_printf(MSG_DEBUG, "P2P: Storing credentials for a persistent "
-		   "group (GO Dev Addr " MACSTR ")", MAC2STR(go_dev_addr));
-	for (s = wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled == 2 &&
-		    os_memcmp(go_dev_addr, s->bssid, ETH_ALEN) == 0 &&
-		    s->ssid_len == ssid->ssid_len &&
-		    os_memcmp(ssid->ssid, s->ssid, ssid->ssid_len) == 0)
-			break;
-	}
-
-	if (s) {
-		wpa_printf(MSG_DEBUG, "P2P: Update existing persistent group "
-			   "entry");
-		if (ssid->passphrase && !s->passphrase)
-			changed = 1;
-		else if (ssid->passphrase && s->passphrase &&
-			 os_strcmp(ssid->passphrase, s->passphrase) != 0)
-			changed = 1;
-	} else {
-		wpa_printf(MSG_DEBUG, "P2P: Create a new persistent group "
-			   "entry");
-		changed = 1;
-		s = wpa_config_add_network(wpa_s->conf);
-		if (s == NULL)
-			return -1;
-
-		/*
-		 * Instead of network_added we emit persistent_group_added
-		 * notification. Also to keep the defense checks in
-		 * persistent_group obj registration method, we set the
-		 * relevant flags in s to designate it as a persistent group.
-		 */
-		s->p2p_group = 1;
-		s->p2p_persistent_group = 1;
-		wpas_notify_persistent_group_added(wpa_s, s);
-		wpa_config_set_network_defaults(s);
-	}
-
-	s->p2p_group = 1;
-	s->p2p_persistent_group = 1;
-	s->disabled = 2;
-	s->bssid_set = 1;
-	os_memcpy(s->bssid, go_dev_addr, ETH_ALEN);
-	s->mode = ssid->mode;
-	s->auth_alg = WPA_AUTH_ALG_OPEN;
-	s->key_mgmt = WPA_KEY_MGMT_PSK;
-	s->proto = WPA_PROTO_RSN;
-	s->pbss = ssid->pbss;
-	s->pairwise_cipher = ssid->pbss ? WPA_CIPHER_GCMP : WPA_CIPHER_CCMP;
-	s->export_keys = 1;
-	if (ssid->passphrase) {
-		os_free(s->passphrase);
-		s->passphrase = os_strdup(ssid->passphrase);
-	}
-	if (ssid->psk_set) {
-		s->psk_set = 1;
-		os_memcpy(s->psk, ssid->psk, 32);
-	}
-	if (s->passphrase && !s->psk_set)
-		wpa_config_update_psk(s);
-	if (s->ssid == NULL || s->ssid_len < ssid->ssid_len) {
-		os_free(s->ssid);
-		s->ssid = os_malloc(ssid->ssid_len);
-	}
-	if (s->ssid) {
-		s->ssid_len = ssid->ssid_len;
-		os_memcpy(s->ssid, ssid->ssid, s->ssid_len);
-	}
-	if (ssid->mode == WPAS_MODE_P2P_GO && wpa_s->global->add_psk) {
-		dl_list_add(&s->psk_list, &wpa_s->global->add_psk->list);
-		wpa_s->global->add_psk = NULL;
-		changed = 1;
-	}
-
-	if (changed && wpa_s->conf->update_config &&
-	    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to update configuration");
-	}
-
-	return s->id;
-}
-
-
-static void wpas_p2p_add_persistent_group_client(struct wpa_supplicant *wpa_s,
-						 const u8 *addr)
-{
-	struct wpa_ssid *ssid, *s;
-	u8 *n;
-	size_t i;
-	int found = 0;
-	struct wpa_supplicant *p2p_wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	ssid = wpa_s->current_ssid;
-	if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GO ||
-	    !ssid->p2p_persistent_group)
-		return;
-
-	for (s = p2p_wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled != 2 || s->mode != WPAS_MODE_P2P_GO)
-			continue;
-
-		if (s->ssid_len == ssid->ssid_len &&
-		    os_memcmp(s->ssid, ssid->ssid, s->ssid_len) == 0)
-			break;
-	}
-
-	if (s == NULL)
-		return;
-
-	for (i = 0; s->p2p_client_list && i < s->num_p2p_clients; i++) {
-		if (os_memcmp(s->p2p_client_list + i * 2 * ETH_ALEN, addr,
-			      ETH_ALEN) != 0)
-			continue;
-
-		if (i == s->num_p2p_clients - 1)
-			return; /* already the most recent entry */
-
-		/* move the entry to mark it most recent */
-		os_memmove(s->p2p_client_list + i * 2 * ETH_ALEN,
-			   s->p2p_client_list + (i + 1) * 2 * ETH_ALEN,
-			   (s->num_p2p_clients - i - 1) * 2 * ETH_ALEN);
-		os_memcpy(s->p2p_client_list +
-			  (s->num_p2p_clients - 1) * 2 * ETH_ALEN, addr,
-			  ETH_ALEN);
-		os_memset(s->p2p_client_list +
-			  (s->num_p2p_clients - 1) * 2 * ETH_ALEN + ETH_ALEN,
-			  0xff, ETH_ALEN);
-		found = 1;
-		break;
-	}
-
-	if (!found && s->num_p2p_clients < P2P_MAX_STORED_CLIENTS) {
-		n = os_realloc_array(s->p2p_client_list,
-				     s->num_p2p_clients + 1, 2 * ETH_ALEN);
-		if (n == NULL)
-			return;
-		os_memcpy(n + s->num_p2p_clients * 2 * ETH_ALEN, addr,
-			  ETH_ALEN);
-		os_memset(n + s->num_p2p_clients * 2 * ETH_ALEN + ETH_ALEN,
-			  0xff, ETH_ALEN);
-		s->p2p_client_list = n;
-		s->num_p2p_clients++;
-	} else if (!found && s->p2p_client_list) {
-		/* Not enough room for an additional entry - drop the oldest
-		 * entry */
-		os_memmove(s->p2p_client_list,
-			   s->p2p_client_list + 2 * ETH_ALEN,
-			   (s->num_p2p_clients - 1) * 2 * ETH_ALEN);
-		os_memcpy(s->p2p_client_list +
-			  (s->num_p2p_clients - 1) * 2 * ETH_ALEN,
-			  addr, ETH_ALEN);
-		os_memset(s->p2p_client_list +
-			  (s->num_p2p_clients - 1) * 2 * ETH_ALEN + ETH_ALEN,
-			  0xff, ETH_ALEN);
-	}
-
-	if (p2p_wpa_s->conf->update_config &&
-	    wpa_config_write(p2p_wpa_s->confname, p2p_wpa_s->conf))
-		wpa_printf(MSG_DEBUG, "P2P: Failed to update configuration");
-}
-
-
-static void wpas_p2p_group_started(struct wpa_supplicant *wpa_s,
-				   int go, struct wpa_ssid *ssid, int freq,
-				   const u8 *psk, const char *passphrase,
-				   const u8 *go_dev_addr, int persistent,
-				   const char *extra)
-{
-	const char *ssid_txt;
-	char psk_txt[65];
-
-	if (psk)
-		wpa_snprintf_hex(psk_txt, sizeof(psk_txt), psk, 32);
-	else
-		psk_txt[0] = '\0';
-
-	if (ssid)
-		ssid_txt = wpa_ssid_txt(ssid->ssid, ssid->ssid_len);
-	else
-		ssid_txt = "";
-
-	if (passphrase && passphrase[0] == '\0')
-		passphrase = NULL;
-
-	/*
-	 * Include PSK/passphrase only in the control interface message and
-	 * leave it out from the debug log entry.
-	 */
-	wpa_msg_global_ctrl(wpa_s->p2pdev, MSG_INFO,
-			    P2P_EVENT_GROUP_STARTED
-			    "%s %s ssid=\"%s\" freq=%d%s%s%s%s%s go_dev_addr="
-			    MACSTR "%s%s",
-			    wpa_s->ifname, go ? "GO" : "client", ssid_txt, freq,
-			    psk ? " psk=" : "", psk_txt,
-			    passphrase ? " passphrase=\"" : "",
-			    passphrase ? passphrase : "",
-			    passphrase ? "\"" : "",
-			    MAC2STR(go_dev_addr),
-			    persistent ? " [PERSISTENT]" : "", extra);
-	wpa_printf(MSG_INFO, P2P_EVENT_GROUP_STARTED
-		   "%s %s ssid=\"%s\" freq=%d go_dev_addr=" MACSTR "%s%s",
-		   wpa_s->ifname, go ? "GO" : "client", ssid_txt, freq,
-		   MAC2STR(go_dev_addr), persistent ? " [PERSISTENT]" : "",
-		   extra);
-}
-
-
-static void wpas_group_formation_completed(struct wpa_supplicant *wpa_s,
-					   int success, int already_deleted)
-{
-	struct wpa_ssid *ssid;
-	int client;
-	int persistent;
-	u8 go_dev_addr[ETH_ALEN];
-
-	/*
-	 * This callback is likely called for the main interface. Update wpa_s
-	 * to use the group interface if a new interface was created for the
-	 * group.
-	 */
-	if (wpa_s->global->p2p_group_formation)
-		wpa_s = wpa_s->global->p2p_group_formation;
-	if (wpa_s->p2p_go_group_formation_completed) {
-		wpa_s->global->p2p_group_formation = NULL;
-		wpa_s->p2p_in_provisioning = 0;
-	} else if (wpa_s->p2p_in_provisioning && !success) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"P2P: Stop provisioning state due to failure");
-		wpa_s->p2p_in_provisioning = 0;
-	}
-	wpa_s->p2p_in_invitation = 0;
-	wpa_s->group_formation_reported = 1;
-
-	if (!success) {
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_GROUP_FORMATION_FAILURE);
-		wpas_notify_p2p_group_formation_failure(wpa_s, "");
-		if (already_deleted)
-			return;
-		wpas_p2p_group_delete(wpa_s,
-				      P2P_GROUP_REMOVAL_FORMATION_FAILED);
-		return;
-	}
-
-	wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-		       P2P_EVENT_GROUP_FORMATION_SUCCESS);
-
-	ssid = wpa_s->current_ssid;
-	if (ssid && ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
-		ssid->mode = WPAS_MODE_P2P_GO;
-		p2p_group_notif_formation_done(wpa_s->p2p_group);
-		wpa_supplicant_ap_mac_addr_filter(wpa_s, NULL);
-	}
-
-	persistent = 0;
-	if (ssid) {
-		client = ssid->mode == WPAS_MODE_INFRA;
-		if (ssid->mode == WPAS_MODE_P2P_GO) {
-			persistent = ssid->p2p_persistent_group;
-			os_memcpy(go_dev_addr, wpa_s->global->p2p_dev_addr,
-				  ETH_ALEN);
-		} else
-			persistent = wpas_p2p_persistent_group(wpa_s,
-							       go_dev_addr,
-							       ssid->ssid,
-							       ssid->ssid_len);
-	} else {
-		client = wpa_s->p2p_group_interface ==
-			P2P_GROUP_INTERFACE_CLIENT;
-		os_memset(go_dev_addr, 0, ETH_ALEN);
-	}
-
-	wpa_s->show_group_started = 0;
-	if (client) {
-		/*
-		 * Indicate event only after successfully completed 4-way
-		 * handshake, i.e., when the interface is ready for data
-		 * packets.
-		 */
-		wpa_s->show_group_started = 1;
-	} else {
-		wpas_p2p_group_started(wpa_s, 1, ssid,
-				       ssid ? ssid->frequency : 0,
-				       ssid && ssid->passphrase == NULL &&
-				       ssid->psk_set ? ssid->psk : NULL,
-				       ssid ? ssid->passphrase : NULL,
-				       go_dev_addr, persistent, "");
-		wpas_p2p_cross_connect_setup(wpa_s);
-		wpas_p2p_set_group_idle_timeout(wpa_s);
-	}
-
-	if (persistent)
-		wpas_p2p_store_persistent_group(wpa_s->p2pdev,
-						ssid, go_dev_addr);
-	else {
-		os_free(wpa_s->global->add_psk);
-		wpa_s->global->add_psk = NULL;
-	}
-
-	if (!client) {
-		wpas_notify_p2p_group_started(wpa_s, ssid, persistent, 0, NULL);
-		os_get_reltime(&wpa_s->global->p2p_go_wait_client);
-	}
-}
-
-
-struct send_action_work {
-	unsigned int freq;
-	u8 dst[ETH_ALEN];
-	u8 src[ETH_ALEN];
-	u8 bssid[ETH_ALEN];
-	size_t len;
-	unsigned int wait_time;
-	u8 buf[0];
-};
-
-
-static void wpas_p2p_free_send_action_work(struct wpa_supplicant *wpa_s)
-{
-	struct send_action_work *awork = wpa_s->p2p_send_action_work->ctx;
-
-	wpa_printf(MSG_DEBUG,
-		   "P2P: Free Action frame radio work @%p (freq=%u dst="
-		   MACSTR " src=" MACSTR " bssid=" MACSTR " wait_time=%u)",
-		   wpa_s->p2p_send_action_work, awork->freq,
-		   MAC2STR(awork->dst), MAC2STR(awork->src),
-		   MAC2STR(awork->bssid), awork->wait_time);
-	wpa_hexdump(MSG_DEBUG, "P2P: Freeing pending Action frame",
-		    awork->buf, awork->len);
-	os_free(awork);
-	wpa_s->p2p_send_action_work->ctx = NULL;
-	radio_work_done(wpa_s->p2p_send_action_work);
-	wpa_s->p2p_send_action_work = NULL;
-}
-
-
-static void wpas_p2p_send_action_work_timeout(void *eloop_ctx,
-					      void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (!wpa_s->p2p_send_action_work)
-		return;
-
-	wpa_printf(MSG_DEBUG, "P2P: Send Action frame radio work timed out");
-	wpas_p2p_free_send_action_work(wpa_s);
-}
-
-
-static void wpas_p2p_action_tx_clear(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_send_action_work) {
-		struct send_action_work *awork;
-
-		awork = wpa_s->p2p_send_action_work->ctx;
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Clear Action TX work @%p (wait_time=%u)",
-			   wpa_s->p2p_send_action_work, awork->wait_time);
-		if (awork->wait_time == 0) {
-			wpas_p2p_free_send_action_work(wpa_s);
-		} else {
-			/*
-			 * In theory, this should not be needed, but number of
-			 * places in the P2P code is still using non-zero wait
-			 * time for the last Action frame in the sequence and
-			 * some of these do not call send_action_done().
-			 */
-			eloop_cancel_timeout(wpas_p2p_send_action_work_timeout,
-					     wpa_s, NULL);
-			eloop_register_timeout(
-				0, awork->wait_time * 1000,
-				wpas_p2p_send_action_work_timeout,
-				wpa_s, NULL);
-		}
-	}
-}
-
-
-static void wpas_p2p_send_action_tx_status(struct wpa_supplicant *wpa_s,
-					   unsigned int freq,
-					   const u8 *dst, const u8 *src,
-					   const u8 *bssid,
-					   const u8 *data, size_t data_len,
-					   enum offchannel_send_action_result
-					   result)
-{
-	enum p2p_send_action_result res = P2P_SEND_ACTION_SUCCESS;
-
-	wpas_p2p_action_tx_clear(wpa_s);
-
-	if (wpa_s->global->p2p == NULL || wpa_s->global->p2p_disabled)
-		return;
-
-	switch (result) {
-	case OFFCHANNEL_SEND_ACTION_SUCCESS:
-		res = P2P_SEND_ACTION_SUCCESS;
-		break;
-	case OFFCHANNEL_SEND_ACTION_NO_ACK:
-		res = P2P_SEND_ACTION_NO_ACK;
-		break;
-	case OFFCHANNEL_SEND_ACTION_FAILED:
-		res = P2P_SEND_ACTION_FAILED;
-		break;
-	}
-
-	p2p_send_action_cb(wpa_s->global->p2p, freq, dst, src, bssid, res);
-
-	if (result != OFFCHANNEL_SEND_ACTION_SUCCESS &&
-	    wpa_s->pending_pd_before_join &&
-	    (os_memcmp(dst, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0 ||
-	     os_memcmp(dst, wpa_s->pending_join_iface_addr, ETH_ALEN) == 0) &&
-	    wpa_s->p2p_fallback_to_go_neg) {
-		wpa_s->pending_pd_before_join = 0;
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: No ACK for PD Req "
-			"during p2p_connect-auto");
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_FALLBACK_TO_GO_NEG
-			       "reason=no-ACK-to-PD-Req");
-		wpas_p2p_fallback_to_go_neg(wpa_s, 0);
-		return;
-	}
-}
-
-
-static void wpas_send_action_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct send_action_work *awork = work->ctx;
-
-	if (deinit) {
-		if (work->started) {
-			eloop_cancel_timeout(wpas_p2p_send_action_work_timeout,
-					     wpa_s, NULL);
-			wpa_s->p2p_send_action_work = NULL;
-			offchannel_send_action_done(wpa_s);
-		}
-		os_free(awork);
-		return;
-	}
-
-	if (offchannel_send_action(wpa_s, awork->freq, awork->dst, awork->src,
-				   awork->bssid, awork->buf, awork->len,
-				   awork->wait_time,
-				   wpas_p2p_send_action_tx_status, 1) < 0) {
-		os_free(awork);
-		radio_work_done(work);
-		return;
-	}
-	wpa_s->p2p_send_action_work = work;
-}
-
-
-static int wpas_send_action_work(struct wpa_supplicant *wpa_s,
-				 unsigned int freq, const u8 *dst,
-				 const u8 *src, const u8 *bssid, const u8 *buf,
-				 size_t len, unsigned int wait_time)
-{
-	struct send_action_work *awork;
-
-	if (radio_work_pending(wpa_s, "p2p-send-action")) {
-		wpa_printf(MSG_DEBUG, "P2P: Cannot schedule new p2p-send-action work since one is already pending");
-		return -1;
-	}
-
-	awork = os_zalloc(sizeof(*awork) + len);
-	if (awork == NULL)
-		return -1;
-
-	awork->freq = freq;
-	os_memcpy(awork->dst, dst, ETH_ALEN);
-	os_memcpy(awork->src, src, ETH_ALEN);
-	os_memcpy(awork->bssid, bssid, ETH_ALEN);
-	awork->len = len;
-	awork->wait_time = wait_time;
-	os_memcpy(awork->buf, buf, len);
-
-	if (radio_add_work(wpa_s, freq, "p2p-send-action", 1,
-			   wpas_send_action_cb, awork) < 0) {
-		os_free(awork);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpas_send_action(void *ctx, unsigned int freq, const u8 *dst,
-			    const u8 *src, const u8 *bssid, const u8 *buf,
-			    size_t len, unsigned int wait_time, int *scheduled)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	int listen_freq = -1, send_freq = -1;
-
-	if (scheduled)
-		*scheduled = 0;
-	if (wpa_s->p2p_listen_work)
-		listen_freq = wpa_s->p2p_listen_work->freq;
-	if (wpa_s->p2p_send_action_work)
-		send_freq = wpa_s->p2p_send_action_work->freq;
-	if (listen_freq != (int) freq && send_freq != (int) freq) {
-		int res;
-
-		wpa_printf(MSG_DEBUG, "P2P: Schedule new radio work for Action frame TX (listen_freq=%d send_freq=%d freq=%u)",
-			   listen_freq, send_freq, freq);
-		res = wpas_send_action_work(wpa_s, freq, dst, src, bssid, buf,
-					    len, wait_time);
-		if (res == 0 && scheduled)
-			*scheduled = 1;
-		return res;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Use ongoing radio work for Action frame TX");
-	return offchannel_send_action(wpa_s, freq, dst, src, bssid, buf, len,
-				      wait_time,
-				      wpas_p2p_send_action_tx_status, 1);
-}
-
-
-static void wpas_send_action_done(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (wpa_s->p2p_send_action_work) {
-		eloop_cancel_timeout(wpas_p2p_send_action_work_timeout,
-				     wpa_s, NULL);
-		os_free(wpa_s->p2p_send_action_work->ctx);
-		radio_work_done(wpa_s->p2p_send_action_work);
-		wpa_s->p2p_send_action_work = NULL;
-	}
-
-	offchannel_send_action_done(wpa_s);
-}
-
-
-static int wpas_copy_go_neg_results(struct wpa_supplicant *wpa_s,
-				    struct p2p_go_neg_results *params)
-{
-	if (wpa_s->go_params == NULL) {
-		wpa_s->go_params = os_malloc(sizeof(*params));
-		if (wpa_s->go_params == NULL)
-			return -1;
-	}
-	os_memcpy(wpa_s->go_params, params, sizeof(*params));
-	return 0;
-}
-
-
-static void wpas_start_wps_enrollee(struct wpa_supplicant *wpa_s,
-				    struct p2p_go_neg_results *res)
-{
-	wpa_s->group_formation_reported = 0;
-	wpa_printf(MSG_DEBUG, "P2P: Start WPS Enrollee for peer " MACSTR
-		   " dev_addr " MACSTR " wps_method %d",
-		   MAC2STR(res->peer_interface_addr),
-		   MAC2STR(res->peer_device_addr), res->wps_method);
-	wpa_hexdump_ascii(MSG_DEBUG, "P2P: Start WPS Enrollee for SSID",
-			  res->ssid, res->ssid_len);
-	wpa_supplicant_ap_deinit(wpa_s);
-	wpas_copy_go_neg_results(wpa_s, res);
-	if (res->wps_method == WPS_PBC) {
-		wpas_wps_start_pbc(wpa_s, res->peer_interface_addr, 1, 0);
-#ifdef CONFIG_WPS_NFC
-	} else if (res->wps_method == WPS_NFC) {
-		wpas_wps_start_nfc(wpa_s, res->peer_device_addr,
-				   res->peer_interface_addr,
-				   wpa_s->p2pdev->p2p_oob_dev_pw,
-				   wpa_s->p2pdev->p2p_oob_dev_pw_id, 1,
-				   wpa_s->p2pdev->p2p_oob_dev_pw_id ==
-				   DEV_PW_NFC_CONNECTION_HANDOVER ?
-				   wpa_s->p2pdev->p2p_peer_oob_pubkey_hash :
-				   NULL,
-				   NULL, 0, 0);
-#endif /* CONFIG_WPS_NFC */
-	} else {
-		u16 dev_pw_id = DEV_PW_DEFAULT;
-		if (wpa_s->p2p_wps_method == WPS_P2PS)
-			dev_pw_id = DEV_PW_P2PS_DEFAULT;
-		if (wpa_s->p2p_wps_method == WPS_PIN_KEYPAD)
-			dev_pw_id = DEV_PW_REGISTRAR_SPECIFIED;
-		wpas_wps_start_pin(wpa_s, res->peer_interface_addr,
-				   wpa_s->p2p_pin, 1, dev_pw_id);
-	}
-}
-
-
-static void wpas_p2p_add_psk_list(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid)
-{
-	struct wpa_ssid *persistent;
-	struct psk_list_entry *psk;
-	struct hostapd_data *hapd;
-
-	if (!wpa_s->ap_iface)
-		return;
-
-	persistent = wpas_p2p_get_persistent(wpa_s->p2pdev, NULL, ssid->ssid,
-					     ssid->ssid_len);
-	if (persistent == NULL)
-		return;
-
-	hapd = wpa_s->ap_iface->bss[0];
-
-	dl_list_for_each(psk, &persistent->psk_list, struct psk_list_entry,
-			 list) {
-		struct hostapd_wpa_psk *hpsk;
-
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Add persistent group PSK entry for "
-			MACSTR " psk=%d",
-			MAC2STR(psk->addr), psk->p2p);
-		hpsk = os_zalloc(sizeof(*hpsk));
-		if (hpsk == NULL)
-			break;
-		os_memcpy(hpsk->psk, psk->psk, PMK_LEN);
-		if (psk->p2p)
-			os_memcpy(hpsk->p2p_dev_addr, psk->addr, ETH_ALEN);
-		else
-			os_memcpy(hpsk->addr, psk->addr, ETH_ALEN);
-		hpsk->next = hapd->conf->ssid.wpa_psk;
-		hapd->conf->ssid.wpa_psk = hpsk;
-	}
-}
-
-
-static void p2p_go_dump_common_freqs(struct wpa_supplicant *wpa_s)
-{
-	char buf[20 + P2P_MAX_CHANNELS * 6];
-	char *pos, *end;
-	unsigned int i;
-	int res;
-
-	pos = buf;
-	end = pos + sizeof(buf);
-	for (i = 0; i < wpa_s->p2p_group_common_freqs_num; i++) {
-		res = os_snprintf(pos, end - pos, " %d",
-				  wpa_s->p2p_group_common_freqs[i]);
-		if (os_snprintf_error(end - pos, res))
-			break;
-		pos += res;
-	}
-	*pos = '\0';
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Common group frequencies:%s", buf);
-}
-
-
-static void p2p_go_save_group_common_freqs(struct wpa_supplicant *wpa_s,
-					   struct p2p_go_neg_results *params)
-{
-	unsigned int i, len = int_array_len(wpa_s->go_params->freq_list);
-
-	wpa_s->p2p_group_common_freqs_num = 0;
-	os_free(wpa_s->p2p_group_common_freqs);
-	wpa_s->p2p_group_common_freqs = os_calloc(len, sizeof(int));
-	if (!wpa_s->p2p_group_common_freqs)
-		return;
-
-	for (i = 0; i < len; i++) {
-		if (!wpa_s->go_params->freq_list[i])
-			break;
-		wpa_s->p2p_group_common_freqs[i] =
-			wpa_s->go_params->freq_list[i];
-	}
-	wpa_s->p2p_group_common_freqs_num = i;
-}
-
-
-static void p2p_config_write(struct wpa_supplicant *wpa_s)
-{
-#ifndef CONFIG_NO_CONFIG_WRITE
-	if (wpa_s->p2pdev->conf->update_config &&
-	    wpa_config_write(wpa_s->p2pdev->confname, wpa_s->p2pdev->conf))
-		wpa_printf(MSG_DEBUG, "P2P: Failed to update configuration");
-#endif /* CONFIG_NO_CONFIG_WRITE */
-}
-
-
-static void p2p_go_configured(void *ctx, void *data)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct p2p_go_neg_results *params = data;
-	struct wpa_ssid *ssid;
-
-	wpa_s->ap_configured_cb = NULL;
-	wpa_s->ap_configured_cb_ctx = NULL;
-	wpa_s->ap_configured_cb_data = NULL;
-	if (!wpa_s->go_params) {
-		wpa_printf(MSG_ERROR,
-			   "P2P: p2p_go_configured() called with wpa_s->go_params == NULL");
-		return;
-	}
-
-	p2p_go_save_group_common_freqs(wpa_s, params);
-	p2p_go_dump_common_freqs(wpa_s);
-
-	ssid = wpa_s->current_ssid;
-	if (ssid && ssid->mode == WPAS_MODE_P2P_GO) {
-		wpa_printf(MSG_DEBUG, "P2P: Group setup without provisioning");
-		if (wpa_s->global->p2p_group_formation == wpa_s)
-			wpa_s->global->p2p_group_formation = NULL;
-		wpas_p2p_group_started(wpa_s, 1, ssid, ssid->frequency,
-				       params->passphrase[0] == '\0' ?
-				       params->psk : NULL,
-				       params->passphrase,
-				       wpa_s->global->p2p_dev_addr,
-				       params->persistent_group, "");
-		wpa_s->group_formation_reported = 1;
-
-		if (wpa_s->p2pdev->p2ps_method_config_any) {
-			if (is_zero_ether_addr(wpa_s->p2pdev->p2ps_join_addr)) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"P2PS: Setting default PIN for ANY");
-				wpa_supplicant_ap_wps_pin(wpa_s, NULL,
-							  "12345670", NULL, 0,
-							  0);
-			} else {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"P2PS: Setting default PIN for " MACSTR,
-					MAC2STR(wpa_s->p2pdev->p2ps_join_addr));
-				wpa_supplicant_ap_wps_pin(
-					wpa_s, wpa_s->p2pdev->p2ps_join_addr,
-					"12345670", NULL, 0, 0);
-			}
-			wpa_s->p2pdev->p2ps_method_config_any = 0;
-		}
-
-		os_get_reltime(&wpa_s->global->p2p_go_wait_client);
-		if (params->persistent_group) {
-			wpas_p2p_store_persistent_group(
-				wpa_s->p2pdev, ssid,
-				wpa_s->global->p2p_dev_addr);
-			wpas_p2p_add_psk_list(wpa_s, ssid);
-		}
-
-		wpas_notify_p2p_group_started(wpa_s, ssid,
-					      params->persistent_group, 0,
-					      NULL);
-		wpas_p2p_cross_connect_setup(wpa_s);
-		wpas_p2p_set_group_idle_timeout(wpa_s);
-
-		if (wpa_s->p2p_first_connection_timeout) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Start group formation timeout of %d seconds until first data connection on GO",
-				wpa_s->p2p_first_connection_timeout);
-			wpa_s->p2p_go_group_formation_completed = 0;
-			wpa_s->global->p2p_group_formation = wpa_s;
-			eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-					     wpa_s->p2pdev, NULL);
-			eloop_register_timeout(
-				wpa_s->p2p_first_connection_timeout, 0,
-				wpas_p2p_group_formation_timeout,
-				wpa_s->p2pdev, NULL);
-		}
-
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Setting up WPS for GO provisioning");
-	if (wpa_supplicant_ap_mac_addr_filter(wpa_s,
-					      params->peer_interface_addr)) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to setup MAC address "
-			   "filtering");
-		return;
-	}
-	if (params->wps_method == WPS_PBC) {
-		wpa_supplicant_ap_wps_pbc(wpa_s, params->peer_interface_addr,
-					  params->peer_device_addr);
-#ifdef CONFIG_WPS_NFC
-	} else if (params->wps_method == WPS_NFC) {
-		if (wpa_s->p2pdev->p2p_oob_dev_pw_id !=
-		    DEV_PW_NFC_CONNECTION_HANDOVER &&
-		    !wpa_s->p2pdev->p2p_oob_dev_pw) {
-			wpa_printf(MSG_DEBUG, "P2P: No NFC Dev Pw known");
-			return;
-		}
-		wpas_ap_wps_add_nfc_pw(
-			wpa_s, wpa_s->p2pdev->p2p_oob_dev_pw_id,
-			wpa_s->p2pdev->p2p_oob_dev_pw,
-			wpa_s->p2pdev->p2p_peer_oob_pk_hash_known ?
-			wpa_s->p2pdev->p2p_peer_oob_pubkey_hash : NULL);
-#endif /* CONFIG_WPS_NFC */
-	} else if (wpa_s->p2p_pin[0])
-		wpa_supplicant_ap_wps_pin(wpa_s, params->peer_interface_addr,
-					  wpa_s->p2p_pin, NULL, 0, 0);
-	os_free(wpa_s->go_params);
-	wpa_s->go_params = NULL;
-}
-
-
-/**
- * wpas_p2p_freq_to_edmg_channel - Convert frequency into EDMG channel
- * @freq: Frequency (MHz) to convert
- * @op_class: Buffer for returning operating class
- * @op_edmg_channel: Buffer for returning channel number
- * Returns: 0 on success, -1 on failure
- *
- * This can be used to find the highest channel bonding which includes the
- * specified frequency.
- */
-static int wpas_p2p_freq_to_edmg_channel(struct wpa_supplicant *wpa_s,
-					 unsigned int freq,
-					 u8 *op_class, u8 *op_edmg_channel)
-{
-	struct hostapd_hw_modes *hwmode;
-	struct ieee80211_edmg_config edmg;
-	unsigned int i;
-	enum chan_width chanwidth[] = {
-		CHAN_WIDTH_8640,
-		CHAN_WIDTH_6480,
-		CHAN_WIDTH_4320,
-	};
-
-	if (!wpa_s->hw.modes)
-		return -1;
-
-	hwmode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-			  HOSTAPD_MODE_IEEE80211AD, false);
-	if (!hwmode) {
-		wpa_printf(MSG_ERROR,
-			   "Unsupported AP mode: HOSTAPD_MODE_IEEE80211AD");
-		return -1;
-	}
-
-	/* Find the highest EDMG channel bandwidth to start the P2P GO */
-	for (i = 0; i < ARRAY_SIZE(chanwidth); i++) {
-		if (ieee80211_chaninfo_to_channel(freq, chanwidth[i], 0,
-						  op_class,
-						  op_edmg_channel) < 0)
-			continue;
-
-		hostapd_encode_edmg_chan(1, *op_edmg_channel, 0, &edmg);
-		if (edmg.channels &&
-		    ieee802_edmg_is_allowed(hwmode->edmg, edmg)) {
-			wpa_printf(MSG_DEBUG,
-				   "Freq %u to EDMG channel %u at opclass %u",
-				   freq, *op_edmg_channel, *op_class);
-			return 0;
-		}
-	}
-
-	return -1;
-}
-
-
-int wpas_p2p_try_edmg_channel(struct wpa_supplicant *wpa_s,
-			      struct p2p_go_neg_results *params)
-{
-	u8 op_channel, op_class;
-	int freq;
-
-	/* Try social channel as primary channel frequency */
-	freq = (!params->freq) ? 58320 + 1 * 2160 : params->freq;
-
-	if (wpas_p2p_freq_to_edmg_channel(wpa_s, freq, &op_class,
-					  &op_channel) == 0) {
-		wpa_printf(MSG_DEBUG,
-			   "Freq %d will be used to set an EDMG connection (channel=%u opclass=%u)",
-			   freq, op_channel, op_class);
-		params->freq = freq;
-		return 0;
-	}
-
-	return -1;
-}
-
-
-static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
-			      struct p2p_go_neg_results *params,
-			      int group_formation)
-{
-	struct wpa_ssid *ssid;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Starting GO");
-	if (wpas_copy_go_neg_results(wpa_s, params) < 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Could not copy GO Negotiation "
-			"results");
-		return;
-	}
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Could not add network for GO");
-		return;
-	}
-
-	wpa_s->show_group_started = 0;
-	wpa_s->p2p_go_group_formation_completed = 0;
-	wpa_s->group_formation_reported = 0;
-	os_memset(wpa_s->go_dev_addr, 0, ETH_ALEN);
-
-	wpa_config_set_network_defaults(ssid);
-	ssid->temporary = 1;
-	ssid->p2p_group = 1;
-	ssid->p2p_persistent_group = !!params->persistent_group;
-	ssid->mode = group_formation ? WPAS_MODE_P2P_GROUP_FORMATION :
-		WPAS_MODE_P2P_GO;
-	ssid->frequency = params->freq;
-	ssid->ht40 = params->ht40;
-	ssid->vht = params->vht;
-	ssid->max_oper_chwidth = params->max_oper_chwidth;
-	ssid->vht_center_freq2 = params->vht_center_freq2;
-	ssid->he = params->he;
-	if (params->edmg) {
-		u8 op_channel, op_class;
-
-		if (!wpas_p2p_freq_to_edmg_channel(wpa_s, params->freq,
-						   &op_class, &op_channel)) {
-			ssid->edmg_channel = op_channel;
-			ssid->enable_edmg = params->edmg;
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Could not match EDMG channel, freq %d, for GO",
-				params->freq);
-		}
-	}
-
-	ssid->ssid = os_zalloc(params->ssid_len + 1);
-	if (ssid->ssid) {
-		os_memcpy(ssid->ssid, params->ssid, params->ssid_len);
-		ssid->ssid_len = params->ssid_len;
-	}
-	ssid->auth_alg = WPA_AUTH_ALG_OPEN;
-	ssid->key_mgmt = WPA_KEY_MGMT_PSK;
-	if (is_6ghz_freq(ssid->frequency) &&
-	    is_p2p_6ghz_capable(wpa_s->global->p2p)) {
-		ssid->auth_alg |= WPA_AUTH_ALG_SAE;
-		ssid->key_mgmt = WPA_KEY_MGMT_SAE;
-		ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
-		ssid->sae_pwe = 1;
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
-	} else {
-		p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);
-	}
-	ssid->proto = WPA_PROTO_RSN;
-	ssid->pairwise_cipher = WPA_CIPHER_CCMP;
-	ssid->group_cipher = WPA_CIPHER_CCMP;
-	if (params->freq > 56160) {
-		/*
-		 * Enable GCMP instead of CCMP as pairwise_cipher and
-		 * group_cipher in 60 GHz.
-		 */
-		ssid->pairwise_cipher = WPA_CIPHER_GCMP;
-		ssid->group_cipher = WPA_CIPHER_GCMP;
-		/* P2P GO in 60 GHz is always a PCP (PBSS) */
-		ssid->pbss = 1;
-	}
-	if (os_strlen(params->passphrase) > 0) {
-		ssid->passphrase = os_strdup(params->passphrase);
-		if (ssid->passphrase == NULL) {
-			wpa_msg_global(wpa_s, MSG_ERROR,
-				       "P2P: Failed to copy passphrase for GO");
-			wpa_config_remove_network(wpa_s->conf, ssid->id);
-			return;
-		}
-	} else
-		ssid->passphrase = NULL;
-	ssid->psk_set = params->psk_set;
-	if (ssid->psk_set)
-		os_memcpy(ssid->psk, params->psk, sizeof(ssid->psk));
-	else if (ssid->passphrase)
-		wpa_config_update_psk(ssid);
-	ssid->ap_max_inactivity = wpa_s->p2pdev->conf->p2p_go_max_inactivity;
-
-	wpa_s->ap_configured_cb = p2p_go_configured;
-	wpa_s->ap_configured_cb_ctx = wpa_s;
-	wpa_s->ap_configured_cb_data = wpa_s->go_params;
-	wpa_s->scan_req = NORMAL_SCAN_REQ;
-	wpa_s->connect_without_scan = ssid;
-	wpa_s->reassociate = 1;
-	wpa_s->disconnected = 0;
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Request scan (that will be skipped) to "
-		"start GO)");
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-static void wpas_p2p_clone_config(struct wpa_supplicant *dst,
-				  const struct wpa_supplicant *src)
-{
-	struct wpa_config *d;
-	const struct wpa_config *s;
-
-	d = dst->conf;
-	s = src->conf;
-
-#define C(n)                            \
-do {                                    \
-	if (s->n && !d->n)              \
-		d->n = os_strdup(s->n); \
-} while (0)
-
-	C(device_name);
-	C(manufacturer);
-	C(model_name);
-	C(model_number);
-	C(serial_number);
-	C(config_methods);
-#undef C
-
-	os_memcpy(d->device_type, s->device_type, WPS_DEV_TYPE_LEN);
-	os_memcpy(d->sec_device_type, s->sec_device_type,
-		  sizeof(d->sec_device_type));
-	d->num_sec_device_types = s->num_sec_device_types;
-
-	d->p2p_group_idle = s->p2p_group_idle;
-	d->p2p_go_freq_change_policy = s->p2p_go_freq_change_policy;
-	d->p2p_intra_bss = s->p2p_intra_bss;
-	d->persistent_reconnect = s->persistent_reconnect;
-	d->max_num_sta = s->max_num_sta;
-	d->pbc_in_m1 = s->pbc_in_m1;
-	d->ignore_old_scan_res = s->ignore_old_scan_res;
-	d->beacon_int = s->beacon_int;
-	d->dtim_period = s->dtim_period;
-	d->p2p_go_ctwindow = s->p2p_go_ctwindow;
-	d->disassoc_low_ack = s->disassoc_low_ack;
-	d->disable_scan_offload = s->disable_scan_offload;
-	d->passive_scan = s->passive_scan;
-	d->pmf = s->pmf;
-	d->p2p_6ghz_disable = s->p2p_6ghz_disable;
-
-	if (s->wps_nfc_dh_privkey && s->wps_nfc_dh_pubkey &&
-	    !d->wps_nfc_pw_from_config) {
-		wpabuf_free(d->wps_nfc_dh_privkey);
-		wpabuf_free(d->wps_nfc_dh_pubkey);
-		d->wps_nfc_dh_privkey = wpabuf_dup(s->wps_nfc_dh_privkey);
-		d->wps_nfc_dh_pubkey = wpabuf_dup(s->wps_nfc_dh_pubkey);
-	}
-	d->p2p_cli_probe = s->p2p_cli_probe;
-	d->go_interworking = s->go_interworking;
-	d->go_access_network_type = s->go_access_network_type;
-	d->go_internet = s->go_internet;
-	d->go_venue_group = s->go_venue_group;
-	d->go_venue_type = s->go_venue_type;
-	d->p2p_add_cli_chan = s->p2p_add_cli_chan;
-}
-
-
-static void wpas_p2p_get_group_ifname(struct wpa_supplicant *wpa_s,
-				      char *ifname, size_t len)
-{
-	char *ifname_ptr = wpa_s->ifname;
-
-	if (os_strncmp(wpa_s->ifname, P2P_MGMT_DEVICE_PREFIX,
-		       os_strlen(P2P_MGMT_DEVICE_PREFIX)) == 0) {
-		ifname_ptr = os_strrchr(wpa_s->ifname, '-') + 1;
-	}
-
-	os_snprintf(ifname, len, "p2p-%s-%d", ifname_ptr, wpa_s->p2p_group_idx);
-	if (os_strlen(ifname) >= IFNAMSIZ &&
-	    os_strlen(wpa_s->ifname) < IFNAMSIZ) {
-		int res;
-
-		/* Try to avoid going over the IFNAMSIZ length limit */
-		res = os_snprintf(ifname, len, "p2p-%d", wpa_s->p2p_group_idx);
-		if (os_snprintf_error(len, res) && len)
-			ifname[len - 1] = '\0';
-	}
-}
-
-
-static int wpas_p2p_add_group_interface(struct wpa_supplicant *wpa_s,
-					enum wpa_driver_if_type type)
-{
-	char ifname[120], force_ifname[120];
-
-	if (wpa_s->pending_interface_name[0]) {
-		wpa_printf(MSG_DEBUG, "P2P: Pending virtual interface exists "
-			   "- skip creation of a new one");
-		if (is_zero_ether_addr(wpa_s->pending_interface_addr)) {
-			wpa_printf(MSG_DEBUG, "P2P: Pending virtual address "
-				   "unknown?! ifname='%s'",
-				   wpa_s->pending_interface_name);
-			return -1;
-		}
-		return 0;
-	}
-
-	wpas_p2p_get_group_ifname(wpa_s, ifname, sizeof(ifname));
-	force_ifname[0] = '\0';
-
-	wpa_printf(MSG_DEBUG, "P2P: Create a new interface %s for the group",
-		   ifname);
-	wpa_s->p2p_group_idx++;
-
-	wpa_s->pending_interface_type = type;
-	if (wpa_drv_if_add(wpa_s, type, ifname, NULL, NULL, force_ifname,
-			   wpa_s->pending_interface_addr, NULL) < 0) {
-		wpa_printf(MSG_ERROR, "P2P: Failed to create new group "
-			   "interface");
-		return -1;
-	}
-
-	if (wpa_s->conf->p2p_interface_random_mac_addr) {
-		random_mac_addr(wpa_s->pending_interface_addr);
-		wpa_printf(MSG_DEBUG, "P2P: Generate random MAC address " MACSTR
-			   " for the group",
-			   MAC2STR(wpa_s->pending_interface_addr));
-	}
-
-	if (force_ifname[0]) {
-		wpa_printf(MSG_DEBUG, "P2P: Driver forced interface name %s",
-			   force_ifname);
-		os_strlcpy(wpa_s->pending_interface_name, force_ifname,
-			   sizeof(wpa_s->pending_interface_name));
-	} else
-		os_strlcpy(wpa_s->pending_interface_name, ifname,
-			   sizeof(wpa_s->pending_interface_name));
-	wpa_printf(MSG_DEBUG, "P2P: Created pending virtual interface %s addr "
-		   MACSTR, wpa_s->pending_interface_name,
-		   MAC2STR(wpa_s->pending_interface_addr));
-
-	return 0;
-}
-
-
-static void wpas_p2p_remove_pending_group_interface(
-	struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->pending_interface_name[0] ||
-	    is_zero_ether_addr(wpa_s->pending_interface_addr))
-		return; /* No pending virtual interface */
-
-	wpa_printf(MSG_DEBUG, "P2P: Removing pending group interface %s",
-		   wpa_s->pending_interface_name);
-	wpa_drv_if_remove(wpa_s, wpa_s->pending_interface_type,
-			  wpa_s->pending_interface_name);
-	os_memset(wpa_s->pending_interface_addr, 0, ETH_ALEN);
-	wpa_s->pending_interface_name[0] = '\0';
-	wpa_s->global->pending_group_iface_for_p2ps = 0;
-}
-
-
-static struct wpa_supplicant *
-wpas_p2p_init_group_interface(struct wpa_supplicant *wpa_s, int go)
-{
-	struct wpa_interface iface;
-	struct wpa_supplicant *group_wpa_s;
-
-	if (!wpa_s->pending_interface_name[0]) {
-		wpa_printf(MSG_ERROR, "P2P: No pending group interface");
-		if (!wpas_p2p_create_iface(wpa_s))
-			return NULL;
-		/*
-		 * Something has forced us to remove the pending interface; try
-		 * to create a new one and hope for the best that we will get
-		 * the same local address.
-		 */
-		if (wpas_p2p_add_group_interface(wpa_s, go ? WPA_IF_P2P_GO :
-						 WPA_IF_P2P_CLIENT) < 0)
-			return NULL;
-	}
-
-	os_memset(&iface, 0, sizeof(iface));
-	iface.ifname = wpa_s->pending_interface_name;
-	iface.driver = wpa_s->driver->name;
-	if (wpa_s->conf->ctrl_interface == NULL &&
-	    wpa_s->parent != wpa_s &&
-	    wpa_s->p2p_mgmt &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE))
-		iface.ctrl_interface = wpa_s->parent->conf->ctrl_interface;
-	else
-		iface.ctrl_interface = wpa_s->conf->ctrl_interface;
-	iface.driver_param = wpa_s->conf->driver_param;
-	group_wpa_s = wpa_supplicant_add_iface(wpa_s->global, &iface, wpa_s);
-	if (group_wpa_s == NULL) {
-		wpa_printf(MSG_ERROR, "P2P: Failed to create new "
-			   "wpa_supplicant interface");
-		return NULL;
-	}
-	wpa_s->pending_interface_name[0] = '\0';
-	group_wpa_s->p2p_group_interface = go ? P2P_GROUP_INTERFACE_GO :
-		P2P_GROUP_INTERFACE_CLIENT;
-	wpa_s->global->p2p_group_formation = group_wpa_s;
-	wpa_s->global->pending_group_iface_for_p2ps = 0;
-
-	wpas_p2p_clone_config(group_wpa_s, wpa_s);
-
-	if (wpa_s->conf->p2p_interface_random_mac_addr) {
-		if (wpa_drv_set_mac_addr(group_wpa_s,
-					 wpa_s->pending_interface_addr) < 0) {
-			wpa_msg(group_wpa_s, MSG_INFO,
-				"Failed to set random MAC address");
-			wpa_supplicant_remove_iface(wpa_s->global, group_wpa_s,
-						    0);
-			return NULL;
-		}
-
-		if (wpa_supplicant_update_mac_addr(group_wpa_s) < 0) {
-			wpa_msg(group_wpa_s, MSG_INFO,
-				"Could not update MAC address information");
-			wpa_supplicant_remove_iface(wpa_s->global, group_wpa_s,
-						    0);
-			return NULL;
-		}
-
-		wpa_printf(MSG_DEBUG, "P2P: Using random MAC address " MACSTR
-			   " for the group",
-			   MAC2STR(wpa_s->pending_interface_addr));
-	}
-
-	return group_wpa_s;
-}
-
-
-static void wpas_p2p_group_formation_timeout(void *eloop_ctx,
-					     void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpa_printf(MSG_DEBUG, "P2P: Group Formation timed out");
-	wpas_p2p_group_formation_failed(wpa_s, 0);
-}
-
-
-static void wpas_p2p_group_formation_failed(struct wpa_supplicant *wpa_s,
-					    int already_deleted)
-{
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-			     wpa_s->p2pdev, NULL);
-	if (wpa_s->global->p2p)
-		p2p_group_formation_failed(wpa_s->global->p2p);
-	wpas_group_formation_completed(wpa_s, 0, already_deleted);
-}
-
-
-static void wpas_p2p_grpform_fail_after_wps(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Reject group formation due to WPS provisioning failure");
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-			     wpa_s->p2pdev, NULL);
-	eloop_register_timeout(0, 0, wpas_p2p_group_formation_timeout,
-			       wpa_s->p2pdev, NULL);
-	wpa_s->global->p2p_fail_on_wps_complete = 0;
-}
-
-
-void wpas_p2p_ap_setup_failed(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->global->p2p_group_formation != wpa_s)
-		return;
-	/* Speed up group formation timeout since this cannot succeed */
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-			     wpa_s->p2pdev, NULL);
-	eloop_register_timeout(0, 0, wpas_p2p_group_formation_timeout,
-			       wpa_s->p2pdev, NULL);
-}
-
-
-static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_supplicant *group_wpa_s;
-
-	if (wpa_s->off_channel_freq || wpa_s->roc_waiting_drv_freq) {
-		wpa_drv_cancel_remain_on_channel(wpa_s);
-		wpa_s->off_channel_freq = 0;
-		wpa_s->roc_waiting_drv_freq = 0;
-	}
-
-	if (res->status) {
-		wpa_msg_global(wpa_s, MSG_INFO,
-			       P2P_EVENT_GO_NEG_FAILURE "status=%d",
-			       res->status);
-		wpas_notify_p2p_go_neg_completed(wpa_s, res);
-		wpas_p2p_remove_pending_group_interface(wpa_s);
-		return;
-	}
-
-	if (!res->role_go) {
-		/* Inform driver of the operating channel of GO. */
-		wpa_drv_set_prob_oper_freq(wpa_s, res->freq);
-	}
-
-	if (wpa_s->p2p_go_ht40)
-		res->ht40 = 1;
-	if (wpa_s->p2p_go_vht)
-		res->vht = 1;
-	if (wpa_s->p2p_go_he)
-		res->he = 1;
-	if (wpa_s->p2p_go_edmg)
-		res->edmg = 1;
-	res->max_oper_chwidth = wpa_s->p2p_go_max_oper_chwidth;
-	res->vht_center_freq2 = wpa_s->p2p_go_vht_center_freq2;
-
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_GO_NEG_SUCCESS "role=%s "
-		       "freq=%d ht40=%d peer_dev=" MACSTR " peer_iface=" MACSTR
-		       " wps_method=%s",
-		       res->role_go ? "GO" : "client", res->freq, res->ht40,
-		       MAC2STR(res->peer_device_addr),
-		       MAC2STR(res->peer_interface_addr),
-		       p2p_wps_method_text(res->wps_method));
-	wpas_notify_p2p_go_neg_completed(wpa_s, res);
-
-	if (res->role_go && wpa_s->p2p_persistent_id >= 0) {
-		struct wpa_ssid *ssid;
-		ssid = wpa_config_get_network(wpa_s->conf,
-					      wpa_s->p2p_persistent_id);
-		if (ssid && ssid->disabled == 2 &&
-		    ssid->mode == WPAS_MODE_P2P_GO && ssid->passphrase) {
-			size_t len = os_strlen(ssid->passphrase);
-			wpa_printf(MSG_DEBUG, "P2P: Override passphrase based "
-				   "on requested persistent group");
-			os_memcpy(res->passphrase, ssid->passphrase, len);
-			res->passphrase[len] = '\0';
-		}
-	}
-
-	if (wpa_s->create_p2p_iface) {
-		group_wpa_s =
-			wpas_p2p_init_group_interface(wpa_s, res->role_go);
-		if (group_wpa_s == NULL) {
-			wpas_p2p_remove_pending_group_interface(wpa_s);
-			eloop_cancel_timeout(wpas_p2p_long_listen_timeout,
-					     wpa_s, NULL);
-			wpas_p2p_group_formation_failed(wpa_s, 1);
-			return;
-		}
-		os_memset(wpa_s->pending_interface_addr, 0, ETH_ALEN);
-		wpa_s->pending_interface_name[0] = '\0';
-	} else {
-		group_wpa_s = wpa_s->parent;
-		wpa_s->global->p2p_group_formation = group_wpa_s;
-		if (group_wpa_s != wpa_s)
-			wpas_p2p_clone_config(group_wpa_s, wpa_s);
-	}
-
-	group_wpa_s->p2p_in_provisioning = 1;
-	group_wpa_s->p2pdev = wpa_s;
-	if (group_wpa_s != wpa_s) {
-		os_memcpy(group_wpa_s->p2p_pin, wpa_s->p2p_pin,
-			  sizeof(group_wpa_s->p2p_pin));
-		group_wpa_s->p2p_wps_method = wpa_s->p2p_wps_method;
-	}
-	if (res->role_go) {
-		wpas_start_wps_go(group_wpa_s, res, 1);
-	} else {
-		os_get_reltime(&group_wpa_s->scan_min_time);
-		wpas_start_wps_enrollee(group_wpa_s, res);
-	}
-
-	wpa_s->global->p2p_long_listen = 0;
-	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
-
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
-	eloop_register_timeout(15 + res->peer_config_timeout / 100,
-			       (res->peer_config_timeout % 100) * 10000,
-			       wpas_p2p_group_formation_timeout, wpa_s, NULL);
-}
-
-
-static void wpas_go_neg_req_rx(void *ctx, const u8 *src, u16 dev_passwd_id,
-			       u8 go_intent)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_GO_NEG_REQUEST MACSTR
-		       " dev_passwd_id=%u go_intent=%u", MAC2STR(src),
-		       dev_passwd_id, go_intent);
-
-	wpas_notify_p2p_go_neg_req(wpa_s, src, dev_passwd_id, go_intent);
-}
-
-
-static void wpas_dev_found(void *ctx, const u8 *addr,
-			   const struct p2p_peer_info *info,
-			   int new_device)
-{
-#ifndef CONFIG_NO_STDOUT_DEBUG
-	struct wpa_supplicant *wpa_s = ctx;
-	char devtype[WPS_DEV_TYPE_BUFSIZE];
-	char *wfd_dev_info_hex = NULL;
-
-#ifdef CONFIG_WIFI_DISPLAY
-	wfd_dev_info_hex = wifi_display_subelem_hex(info->wfd_subelems,
-						    WFD_SUBELEM_DEVICE_INFO);
-#endif /* CONFIG_WIFI_DISPLAY */
-
-	if (info->p2ps_instance) {
-		char str[256];
-		const u8 *buf = wpabuf_head(info->p2ps_instance);
-		size_t len = wpabuf_len(info->p2ps_instance);
-
-		while (len) {
-			u32 id;
-			u16 methods;
-			u8 str_len;
-
-			if (len < 4 + 2 + 1)
-				break;
-			id = WPA_GET_LE32(buf);
-			buf += sizeof(u32);
-			methods = WPA_GET_BE16(buf);
-			buf += sizeof(u16);
-			str_len = *buf++;
-			if (str_len > len - 4 - 2 - 1)
-				break;
-			os_memcpy(str, buf, str_len);
-			str[str_len] = '\0';
-			buf += str_len;
-			len -= str_len + sizeof(u32) + sizeof(u16) + sizeof(u8);
-
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_DEVICE_FOUND MACSTR
-				       " p2p_dev_addr=" MACSTR
-				       " pri_dev_type=%s name='%s'"
-				       " config_methods=0x%x"
-				       " dev_capab=0x%x"
-				       " group_capab=0x%x"
-				       " adv_id=%x asp_svc=%s%s",
-				       MAC2STR(addr),
-				       MAC2STR(info->p2p_device_addr),
-				       wps_dev_type_bin2str(
-					       info->pri_dev_type,
-					       devtype, sizeof(devtype)),
-				       info->device_name, methods,
-				       info->dev_capab, info->group_capab,
-				       id, str,
-				       info->vendor_elems ?
-				       " vendor_elems=1" : "");
-		}
-		goto done;
-	}
-
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_DEVICE_FOUND MACSTR
-		       " p2p_dev_addr=" MACSTR
-		       " pri_dev_type=%s name='%s' config_methods=0x%x "
-		       "dev_capab=0x%x group_capab=0x%x%s%s%s new=%d",
-		       MAC2STR(addr), MAC2STR(info->p2p_device_addr),
-		       wps_dev_type_bin2str(info->pri_dev_type, devtype,
-					    sizeof(devtype)),
-		       info->device_name, info->config_methods,
-		       info->dev_capab, info->group_capab,
-		       wfd_dev_info_hex ? " wfd_dev_info=0x" : "",
-		       wfd_dev_info_hex ? wfd_dev_info_hex : "",
-		       info->vendor_elems ? " vendor_elems=1" : "",
-		       new_device);
-
-done:
-	os_free(wfd_dev_info_hex);
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-	wpas_notify_p2p_device_found(ctx, info->p2p_device_addr, new_device);
-}
-
-
-static void wpas_dev_lost(void *ctx, const u8 *dev_addr)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_DEVICE_LOST
-		       "p2p_dev_addr=" MACSTR, MAC2STR(dev_addr));
-
-	wpas_notify_p2p_device_lost(wpa_s, dev_addr);
-}
-
-
-static void wpas_find_stopped(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (wpa_s->p2p_scan_work && wpas_abort_ongoing_scan(wpa_s) < 0)
-		wpa_printf(MSG_DEBUG, "P2P: Abort ongoing scan failed");
-
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_FIND_STOPPED);
-	wpas_notify_p2p_find_stopped(wpa_s);
-}
-
-
-struct wpas_p2p_listen_work {
-	unsigned int freq;
-	unsigned int duration;
-	struct wpabuf *probe_resp_ie;
-};
-
-
-static void wpas_p2p_listen_work_free(struct wpas_p2p_listen_work *lwork)
-{
-	if (lwork == NULL)
-		return;
-	wpabuf_free(lwork->probe_resp_ie);
-	os_free(lwork);
-}
-
-
-static void wpas_p2p_listen_work_done(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_p2p_listen_work *lwork;
-
-	if (!wpa_s->p2p_listen_work)
-		return;
-
-	lwork = wpa_s->p2p_listen_work->ctx;
-	wpas_p2p_listen_work_free(lwork);
-	radio_work_done(wpa_s->p2p_listen_work);
-	wpa_s->p2p_listen_work = NULL;
-}
-
-
-static void wpas_start_listen_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct wpas_p2p_listen_work *lwork = work->ctx;
-	unsigned int duration;
-
-	if (deinit) {
-		if (work->started) {
-			wpa_s->p2p_listen_work = NULL;
-			wpas_stop_listen(wpa_s);
-		}
-		wpas_p2p_listen_work_free(lwork);
-		return;
-	}
-
-	wpa_s->p2p_listen_work = work;
-
-	wpa_drv_set_ap_wps_ie(wpa_s, NULL, lwork->probe_resp_ie, NULL);
-
-	if (wpa_drv_probe_req_report(wpa_s, 1) < 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to request the driver to "
-			   "report received Probe Request frames");
-		wpas_p2p_listen_work_done(wpa_s);
-		return;
-	}
-
-	wpa_s->pending_listen_freq = lwork->freq;
-	wpa_s->pending_listen_duration = lwork->duration;
-
-	duration = lwork->duration;
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->extra_roc_dur) {
-		wpa_printf(MSG_DEBUG, "TESTING: Increase ROC duration %u -> %u",
-			   duration, duration + wpa_s->extra_roc_dur);
-		duration += wpa_s->extra_roc_dur;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_drv_remain_on_channel(wpa_s, lwork->freq, duration) < 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to request the driver "
-			   "to remain on channel (%u MHz) for Listen "
-			   "state", lwork->freq);
-		wpas_p2p_listen_work_done(wpa_s);
-		wpa_s->pending_listen_freq = 0;
-		return;
-	}
-	wpa_s->off_channel_freq = 0;
-	wpa_s->roc_waiting_drv_freq = lwork->freq;
-}
-
-
-static int wpas_start_listen(void *ctx, unsigned int freq,
-			     unsigned int duration,
-			     const struct wpabuf *probe_resp_ie)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpas_p2p_listen_work *lwork;
-
-	if (wpa_s->p2p_listen_work) {
-		wpa_printf(MSG_DEBUG, "P2P: Reject start_listen since p2p_listen_work already exists");
-		return -1;
-	}
-
-	lwork = os_zalloc(sizeof(*lwork));
-	if (lwork == NULL)
-		return -1;
-	lwork->freq = freq;
-	lwork->duration = duration;
-	if (probe_resp_ie) {
-		lwork->probe_resp_ie = wpabuf_dup(probe_resp_ie);
-		if (lwork->probe_resp_ie == NULL) {
-			wpas_p2p_listen_work_free(lwork);
-			return -1;
-		}
-	}
-
-	if (radio_add_work(wpa_s, freq, "p2p-listen", 0, wpas_start_listen_cb,
-			   lwork) < 0) {
-		wpas_p2p_listen_work_free(lwork);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static void wpas_stop_listen(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s->off_channel_freq || wpa_s->roc_waiting_drv_freq) {
-		wpa_drv_cancel_remain_on_channel(wpa_s);
-		wpa_s->off_channel_freq = 0;
-		wpa_s->roc_waiting_drv_freq = 0;
-	}
-	wpa_drv_set_ap_wps_ie(wpa_s, NULL, NULL, NULL);
-
-	/*
-	 * Don't cancel Probe Request RX reporting for a connected P2P Client
-	 * handling Probe Request frames.
-	 */
-	if (!wpa_s->p2p_cli_probe)
-		wpa_drv_probe_req_report(wpa_s, 0);
-
-	wpas_p2p_listen_work_done(wpa_s);
-}
-
-
-static int wpas_send_probe_resp(void *ctx, const struct wpabuf *buf,
-				unsigned int freq)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1,
-				 freq, 0);
-}
-
-
-static void wpas_prov_disc_local_display(struct wpa_supplicant *wpa_s,
-					 const u8 *peer, const char *params,
-					 unsigned int generated_pin)
-{
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_SHOW_PIN MACSTR
-		       " %08d%s", MAC2STR(peer), generated_pin, params);
-}
-
-
-static void wpas_prov_disc_local_keypad(struct wpa_supplicant *wpa_s,
-					const u8 *peer, const char *params)
-{
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_ENTER_PIN MACSTR
-		       "%s", MAC2STR(peer), params);
-}
-
-
-static void wpas_prov_disc_req(void *ctx, const u8 *peer, u16 config_methods,
-			       const u8 *dev_addr, const u8 *pri_dev_type,
-			       const char *dev_name, u16 supp_config_methods,
-			       u8 dev_capab, u8 group_capab, const u8 *group_id,
-			       size_t group_id_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	char devtype[WPS_DEV_TYPE_BUFSIZE];
-	char params[300];
-	u8 empty_dev_type[8];
-	unsigned int generated_pin = 0;
-	struct wpa_supplicant *group = NULL;
-	int res;
-
-	if (group_id) {
-		for (group = wpa_s->global->ifaces; group; group = group->next)
-		{
-			struct wpa_ssid *s = group->current_ssid;
-			if (s != NULL &&
-			    s->mode == WPAS_MODE_P2P_GO &&
-			    group_id_len - ETH_ALEN == s->ssid_len &&
-			    os_memcmp(group_id + ETH_ALEN, s->ssid,
-				      s->ssid_len) == 0)
-				break;
-		}
-	}
-
-	if (pri_dev_type == NULL) {
-		os_memset(empty_dev_type, 0, sizeof(empty_dev_type));
-		pri_dev_type = empty_dev_type;
-	}
-	res = os_snprintf(params, sizeof(params), " p2p_dev_addr=" MACSTR
-			  " pri_dev_type=%s name='%s' config_methods=0x%x "
-			  "dev_capab=0x%x group_capab=0x%x%s%s",
-			  MAC2STR(dev_addr),
-			  wps_dev_type_bin2str(pri_dev_type, devtype,
-					       sizeof(devtype)),
-			  dev_name, supp_config_methods, dev_capab, group_capab,
-			  group ? " group=" : "",
-			  group ? group->ifname : "");
-	if (os_snprintf_error(sizeof(params), res))
-		wpa_printf(MSG_DEBUG, "P2P: PD Request event truncated");
-	params[sizeof(params) - 1] = '\0';
-
-	if (config_methods & WPS_CONFIG_DISPLAY) {
-		if (wps_generate_pin(&generated_pin) < 0) {
-			wpa_printf(MSG_DEBUG, "P2P: Could not generate PIN");
-			wpas_notify_p2p_provision_discovery(
-				wpa_s, peer, 0 /* response */,
-				P2P_PROV_DISC_INFO_UNAVAILABLE, 0, 0);
-			return;
-		}
-		wpas_prov_disc_local_display(wpa_s, peer, params,
-					     generated_pin);
-	} else if (config_methods & WPS_CONFIG_KEYPAD)
-		wpas_prov_disc_local_keypad(wpa_s, peer, params);
-	else if (config_methods & WPS_CONFIG_PUSHBUTTON)
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_PBC_REQ
-			       MACSTR "%s", MAC2STR(peer), params);
-
-	wpas_notify_p2p_provision_discovery(wpa_s, peer, 1 /* request */,
-					    P2P_PROV_DISC_SUCCESS,
-					    config_methods, generated_pin);
-}
-
-
-static void wpas_prov_disc_resp(void *ctx, const u8 *peer, u16 config_methods)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	unsigned int generated_pin = 0;
-	char params[20];
-
-	if (wpa_s->pending_pd_before_join &&
-	    (os_memcmp(peer, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0 ||
-	     os_memcmp(peer, wpa_s->pending_join_iface_addr, ETH_ALEN) == 0)) {
-		wpa_s->pending_pd_before_join = 0;
-		wpa_printf(MSG_DEBUG, "P2P: Starting pending "
-			   "join-existing-group operation");
-		wpas_p2p_join_start(wpa_s, 0, NULL, 0);
-		return;
-	}
-
-	if (wpa_s->pending_pd_use == AUTO_PD_JOIN ||
-	    wpa_s->pending_pd_use == AUTO_PD_GO_NEG) {
-		int res;
-
-		res = os_snprintf(params, sizeof(params), " peer_go=%d",
-				  wpa_s->pending_pd_use == AUTO_PD_JOIN);
-		if (os_snprintf_error(sizeof(params), res))
-			params[sizeof(params) - 1] = '\0';
-	} else
-		params[0] = '\0';
-
-	if (config_methods & WPS_CONFIG_DISPLAY)
-		wpas_prov_disc_local_keypad(wpa_s, peer, params);
-	else if (config_methods & WPS_CONFIG_KEYPAD) {
-		if (wps_generate_pin(&generated_pin) < 0) {
-			wpa_printf(MSG_DEBUG, "P2P: Could not generate PIN");
-			wpas_notify_p2p_provision_discovery(
-				wpa_s, peer, 0 /* response */,
-				P2P_PROV_DISC_INFO_UNAVAILABLE, 0, 0);
-			return;
-		}
-		wpas_prov_disc_local_display(wpa_s, peer, params,
-					     generated_pin);
-	} else if (config_methods & WPS_CONFIG_PUSHBUTTON)
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_PBC_RESP
-			       MACSTR "%s", MAC2STR(peer), params);
-
-	wpas_notify_p2p_provision_discovery(wpa_s, peer, 0 /* response */,
-					    P2P_PROV_DISC_SUCCESS,
-					    config_methods, generated_pin);
-}
-
-
-static void wpas_prov_disc_fail(void *ctx, const u8 *peer,
-				enum p2p_prov_disc_status status,
-				u32 adv_id, const u8 *adv_mac,
-				const char *deferred_session_resp)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (wpa_s->p2p_fallback_to_go_neg) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: PD for p2p_connect-auto "
-			"failed - fall back to GO Negotiation");
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_FALLBACK_TO_GO_NEG
-			       "reason=PD-failed");
-		wpas_p2p_fallback_to_go_neg(wpa_s, 0);
-		return;
-	}
-
-	if (status == P2P_PROV_DISC_TIMEOUT_JOIN) {
-		wpa_s->pending_pd_before_join = 0;
-		wpa_printf(MSG_DEBUG, "P2P: Starting pending "
-			   "join-existing-group operation (no ACK for PD "
-			   "Req attempts)");
-		wpas_p2p_join_start(wpa_s, 0, NULL, 0);
-		return;
-	}
-
-	if (adv_id && adv_mac && deferred_session_resp) {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_FAILURE
-			       " p2p_dev_addr=" MACSTR " status=%d adv_id=%x"
-			       " deferred_session_resp='%s'",
-			       MAC2STR(peer), status, adv_id,
-			       deferred_session_resp);
-	} else if (adv_id && adv_mac) {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_FAILURE
-			       " p2p_dev_addr=" MACSTR " status=%d adv_id=%x",
-			       MAC2STR(peer), status, adv_id);
-	} else {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_PROV_DISC_FAILURE
-			       " p2p_dev_addr=" MACSTR " status=%d",
-			       MAC2STR(peer), status);
-	}
-
-	wpas_notify_p2p_provision_discovery(wpa_s, peer, 0 /* response */,
-					    status, 0, 0);
-}
-
-
-static int freq_included(struct wpa_supplicant *wpa_s,
-			 const struct p2p_channels *channels,
-			 unsigned int freq)
-{
-	if ((channels == NULL || p2p_channels_includes_freq(channels, freq)) &&
-	    wpas_p2p_go_is_peer_freq(wpa_s, freq))
-		return 1;
-	return 0;
-}
-
-
-static void wpas_p2p_go_update_common_freqs(struct wpa_supplicant *wpa_s)
-{
-	unsigned int num = P2P_MAX_CHANNELS;
-	int *common_freqs;
-	int ret;
-
-	p2p_go_dump_common_freqs(wpa_s);
-	common_freqs = os_calloc(num, sizeof(int));
-	if (!common_freqs)
-		return;
-
-	ret = p2p_group_get_common_freqs(wpa_s->p2p_group, common_freqs, &num);
-	if (ret < 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Failed to get group common freqs");
-		os_free(common_freqs);
-		return;
-	}
-
-	os_free(wpa_s->p2p_group_common_freqs);
-	wpa_s->p2p_group_common_freqs = common_freqs;
-	wpa_s->p2p_group_common_freqs_num = num;
-	p2p_go_dump_common_freqs(wpa_s);
-}
-
-
-/*
- * Check if the given frequency is one of the possible operating frequencies
- * set after the completion of the GO Negotiation.
- */
-static int wpas_p2p_go_is_peer_freq(struct wpa_supplicant *wpa_s, int freq)
-{
-	unsigned int i;
-
-	p2p_go_dump_common_freqs(wpa_s);
-
-	/* assume no restrictions */
-	if (!wpa_s->p2p_group_common_freqs_num)
-		return 1;
-
-	for (i = 0; i < wpa_s->p2p_group_common_freqs_num; i++) {
-		if (wpa_s->p2p_group_common_freqs[i] == freq)
-			return 1;
-	}
-	return 0;
-}
-
-
-static int wpas_sta_check_ecsa(struct hostapd_data *hapd,
-			       struct sta_info *sta, void *ctx)
-{
-	int *ecsa_support = ctx;
-
-	*ecsa_support &= sta->ecsa_supported;
-
-	return 0;
-}
-
-
-/* Check if all the peers support eCSA */
-static int wpas_p2p_go_clients_support_ecsa(struct wpa_supplicant *wpa_s)
-{
-	int ecsa_support = 1;
-
-	ap_for_each_sta(wpa_s->ap_iface->bss[0], wpas_sta_check_ecsa,
-			&ecsa_support);
-
-	return ecsa_support;
-}
-
-
-/**
- * Pick the best frequency to use from all the currently used frequencies.
- */
-static int wpas_p2p_pick_best_used_freq(struct wpa_supplicant *wpa_s,
-					struct wpa_used_freq_data *freqs,
-					unsigned int num)
-{
-	unsigned int i, c;
-
-	/* find a candidate freq that is supported by P2P */
-	for (c = 0; c < num; c++)
-		if (p2p_supported_freq(wpa_s->global->p2p, freqs[c].freq))
-			break;
-
-	if (c == num)
-		return 0;
-
-	/* once we have a candidate, try to find a 'better' one */
-	for (i = c + 1; i < num; i++) {
-		if (!p2p_supported_freq(wpa_s->global->p2p, freqs[i].freq))
-			continue;
-
-		/*
-		 * 1. Infrastructure station interfaces have higher preference.
-		 * 2. P2P Clients have higher preference.
-		 * 3. All others.
-		 */
-		if (freqs[i].flags & WPA_FREQ_USED_BY_INFRA_STATION) {
-			c = i;
-			break;
-		}
-
-		if ((freqs[i].flags & WPA_FREQ_USED_BY_P2P_CLIENT))
-			c = i;
-	}
-	return freqs[c].freq;
-}
-
-
-static u8 wpas_invitation_process(void *ctx, const u8 *sa, const u8 *bssid,
-				  const u8 *go_dev_addr, const u8 *ssid,
-				  size_t ssid_len, int *go, u8 *group_bssid,
-				  int *force_freq, int persistent_group,
-				  const struct p2p_channels *channels,
-				  int dev_pw_id)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *s;
-	struct wpa_used_freq_data *freqs;
-	struct wpa_supplicant *grp;
-	int best_freq;
-
-	if (!persistent_group) {
-		wpa_printf(MSG_DEBUG, "P2P: Invitation from " MACSTR
-			   " to join an active group (SSID: %s)",
-			   MAC2STR(sa), wpa_ssid_txt(ssid, ssid_len));
-		if (!is_zero_ether_addr(wpa_s->p2p_auth_invite) &&
-		    (os_memcmp(go_dev_addr, wpa_s->p2p_auth_invite, ETH_ALEN)
-		     == 0 ||
-		     os_memcmp(sa, wpa_s->p2p_auth_invite, ETH_ALEN) == 0)) {
-			wpa_printf(MSG_DEBUG, "P2P: Accept previously "
-				   "authorized invitation");
-			goto accept_inv;
-		}
-
-#ifdef CONFIG_WPS_NFC
-		if (dev_pw_id >= 0 && wpa_s->p2p_nfc_tag_enabled &&
-		    dev_pw_id == wpa_s->p2p_oob_dev_pw_id) {
-			wpa_printf(MSG_DEBUG, "P2P: Accept invitation based on local enabled NFC Tag");
-			wpa_s->p2p_wps_method = WPS_NFC;
-			wpa_s->pending_join_wps_method = WPS_NFC;
-			os_memcpy(wpa_s->pending_join_dev_addr,
-				  go_dev_addr, ETH_ALEN);
-			os_memcpy(wpa_s->pending_join_iface_addr,
-				  bssid, ETH_ALEN);
-			goto accept_inv;
-		}
-#endif /* CONFIG_WPS_NFC */
-
-		/*
-		 * Do not accept the invitation automatically; notify user and
-		 * request approval.
-		 */
-		return P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE;
-	}
-
-	grp = wpas_get_p2p_group(wpa_s, ssid, ssid_len, go);
-	if (grp) {
-		wpa_printf(MSG_DEBUG, "P2P: Accept invitation to already "
-			   "running persistent group");
-		if (*go)
-			os_memcpy(group_bssid, grp->own_addr, ETH_ALEN);
-		goto accept_inv;
-	}
-
-	if (!is_zero_ether_addr(wpa_s->p2p_auth_invite) &&
-	    os_memcmp(sa, wpa_s->p2p_auth_invite, ETH_ALEN) == 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Accept previously initiated "
-			   "invitation to re-invoke a persistent group");
-		os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
-	} else if (!wpa_s->conf->persistent_reconnect)
-		return P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE;
-
-	for (s = wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled == 2 &&
-		    os_memcmp(s->bssid, go_dev_addr, ETH_ALEN) == 0 &&
-		    s->ssid_len == ssid_len &&
-		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
-			break;
-	}
-
-	if (!s) {
-		wpa_printf(MSG_DEBUG, "P2P: Invitation from " MACSTR
-			   " requested reinvocation of an unknown group",
-			   MAC2STR(sa));
-		return P2P_SC_FAIL_UNKNOWN_GROUP;
-	}
-
-	if (s->mode == WPAS_MODE_P2P_GO && !wpas_p2p_create_iface(wpa_s)) {
-		*go = 1;
-		if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-			wpa_printf(MSG_DEBUG, "P2P: The only available "
-				   "interface is already in use - reject "
-				   "invitation");
-			return P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
-		}
-		if (wpa_s->p2p_mgmt)
-			os_memcpy(group_bssid, wpa_s->parent->own_addr,
-				  ETH_ALEN);
-		else
-			os_memcpy(group_bssid, wpa_s->own_addr, ETH_ALEN);
-	} else if (s->mode == WPAS_MODE_P2P_GO) {
-		*go = 1;
-		if (wpas_p2p_add_group_interface(wpa_s, WPA_IF_P2P_GO) < 0)
-		{
-			wpa_printf(MSG_ERROR, "P2P: Failed to allocate a new "
-				   "interface address for the group");
-			return P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
-		}
-		os_memcpy(group_bssid, wpa_s->pending_interface_addr,
-			  ETH_ALEN);
-	}
-
-accept_inv:
-	wpas_p2p_set_own_freq_preference(wpa_s, 0);
-
-	best_freq = 0;
-	freqs = os_calloc(wpa_s->num_multichan_concurrent,
-			  sizeof(struct wpa_used_freq_data));
-	if (freqs) {
-		int num_channels = wpa_s->num_multichan_concurrent;
-		int num = wpas_p2p_valid_oper_freqs(wpa_s, freqs, num_channels);
-		best_freq = wpas_p2p_pick_best_used_freq(wpa_s, freqs, num);
-		os_free(freqs);
-	}
-
-	/* Get one of the frequencies currently in use */
-	if (best_freq > 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Trying to prefer a channel already used by one of the interfaces");
-		wpas_p2p_set_own_freq_preference(wpa_s, best_freq);
-
-		if (wpa_s->num_multichan_concurrent < 2 ||
-		    wpas_p2p_num_unused_channels(wpa_s) < 1) {
-			wpa_printf(MSG_DEBUG, "P2P: No extra channels available - trying to force channel to match a channel already used by one of the interfaces");
-			*force_freq = best_freq;
-		}
-	}
-
-	if (*force_freq > 0 && wpa_s->num_multichan_concurrent > 1 &&
-	    wpas_p2p_num_unused_channels(wpa_s) > 0) {
-		if (*go == 0) {
-			/* We are the client */
-			wpa_printf(MSG_DEBUG, "P2P: Peer was found to be "
-				   "running a GO but we are capable of MCC, "
-				   "figure out the best channel to use");
-			*force_freq = 0;
-		} else if (!freq_included(wpa_s, channels, *force_freq)) {
-			/* We are the GO, and *force_freq is not in the
-			 * intersection */
-			wpa_printf(MSG_DEBUG, "P2P: Forced GO freq %d MHz not "
-				   "in intersection but we are capable of MCC, "
-				   "figure out the best channel to use",
-				   *force_freq);
-			*force_freq = 0;
-		}
-	}
-
-	return P2P_SC_SUCCESS;
-}
-
-
-static void wpas_invitation_received(void *ctx, const u8 *sa, const u8 *bssid,
-				     const u8 *ssid, size_t ssid_len,
-				     const u8 *go_dev_addr, u8 status,
-				     int op_freq)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *s;
-
-	for (s = wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled == 2 &&
-		    s->ssid_len == ssid_len &&
-		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
-			break;
-	}
-
-	if (status == P2P_SC_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "P2P: Invitation from peer " MACSTR
-			   " was accepted; op_freq=%d MHz, SSID=%s",
-			   MAC2STR(sa), op_freq, wpa_ssid_txt(ssid, ssid_len));
-		if (s) {
-			int go = s->mode == WPAS_MODE_P2P_GO;
-			if (go) {
-				wpa_msg_global(wpa_s, MSG_INFO,
-					       P2P_EVENT_INVITATION_ACCEPTED
-					       "sa=" MACSTR
-					       " persistent=%d freq=%d",
-					       MAC2STR(sa), s->id, op_freq);
-			} else {
-				wpa_msg_global(wpa_s, MSG_INFO,
-					       P2P_EVENT_INVITATION_ACCEPTED
-					       "sa=" MACSTR
-					       " persistent=%d",
-					       MAC2STR(sa), s->id);
-			}
-			wpas_p2p_group_add_persistent(
-				wpa_s, s, go, 0, op_freq, 0,
-				wpa_s->conf->p2p_go_ht40,
-				wpa_s->conf->p2p_go_vht,
-				0,
-				wpa_s->conf->p2p_go_he,
-				wpa_s->conf->p2p_go_edmg, NULL,
-				go ? P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE : 0,
-				1, is_p2p_allow_6ghz(wpa_s->global->p2p));
-		} else if (bssid) {
-			wpa_s->user_initiated_pd = 0;
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_INVITATION_ACCEPTED
-				       "sa=" MACSTR " go_dev_addr=" MACSTR
-				       " bssid=" MACSTR " unknown-network",
-				       MAC2STR(sa), MAC2STR(go_dev_addr),
-				       MAC2STR(bssid));
-			wpas_p2p_join(wpa_s, bssid, go_dev_addr,
-				      wpa_s->p2p_wps_method, 0, op_freq,
-				      ssid, ssid_len);
-		}
-		return;
-	}
-
-	if (status != P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE) {
-		wpa_printf(MSG_DEBUG, "P2P: Invitation from peer " MACSTR
-			   " was rejected (status %u)", MAC2STR(sa), status);
-		return;
-	}
-
-	if (!s) {
-		if (bssid) {
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_INVITATION_RECEIVED
-				       "sa=" MACSTR " go_dev_addr=" MACSTR
-				       " bssid=" MACSTR " unknown-network",
-				       MAC2STR(sa), MAC2STR(go_dev_addr),
-				       MAC2STR(bssid));
-		} else {
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_INVITATION_RECEIVED
-				       "sa=" MACSTR " go_dev_addr=" MACSTR
-				       " unknown-network",
-				       MAC2STR(sa), MAC2STR(go_dev_addr));
-		}
-		wpas_notify_p2p_invitation_received(wpa_s, sa, go_dev_addr,
-						    bssid, 0, op_freq);
-		return;
-	}
-
-	if (s->mode == WPAS_MODE_P2P_GO && op_freq) {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_INVITATION_RECEIVED
-			       "sa=" MACSTR " persistent=%d freq=%d",
-			       MAC2STR(sa), s->id, op_freq);
-	} else {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_INVITATION_RECEIVED
-			       "sa=" MACSTR " persistent=%d",
-			       MAC2STR(sa), s->id);
-	}
-	wpas_notify_p2p_invitation_received(wpa_s, sa, go_dev_addr, bssid,
-					    s->id, op_freq);
-}
-
-
-static void wpas_remove_persistent_peer(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid,
-					const u8 *peer, int inv)
-{
-	size_t i;
-	struct wpa_supplicant *p2p_wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	if (ssid == NULL)
-		return;
-
-	for (i = 0; ssid->p2p_client_list && i < ssid->num_p2p_clients; i++) {
-		if (os_memcmp(ssid->p2p_client_list + i * 2 * ETH_ALEN, peer,
-			      ETH_ALEN) == 0)
-			break;
-	}
-	if (i >= ssid->num_p2p_clients || !ssid->p2p_client_list) {
-		if (ssid->mode != WPAS_MODE_P2P_GO &&
-		    os_memcmp(ssid->bssid, peer, ETH_ALEN) == 0) {
-			wpa_printf(MSG_DEBUG, "P2P: Remove persistent group %d "
-				   "due to invitation result", ssid->id);
-			wpas_notify_network_removed(wpa_s, ssid);
-			wpa_config_remove_network(wpa_s->conf, ssid->id);
-			return;
-		}
-		return; /* Peer not found in client list */
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Remove peer " MACSTR " from persistent "
-		   "group %d client list%s",
-		   MAC2STR(peer), ssid->id,
-		   inv ? " due to invitation result" : "");
-	os_memmove(ssid->p2p_client_list + i * 2 * ETH_ALEN,
-		   ssid->p2p_client_list + (i + 1) * 2 * ETH_ALEN,
-		   (ssid->num_p2p_clients - i - 1) * 2 * ETH_ALEN);
-	ssid->num_p2p_clients--;
-	if (p2p_wpa_s->conf->update_config &&
-	    wpa_config_write(p2p_wpa_s->confname, p2p_wpa_s->conf))
-		wpa_printf(MSG_DEBUG, "P2P: Failed to update configuration");
-}
-
-
-static void wpas_remove_persistent_client(struct wpa_supplicant *wpa_s,
-					  const u8 *peer)
-{
-	struct wpa_ssid *ssid;
-
-	wpa_s = wpa_s->global->p2p_invite_group;
-	if (wpa_s == NULL)
-		return; /* No known invitation group */
-	ssid = wpa_s->current_ssid;
-	if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GO ||
-	    !ssid->p2p_persistent_group)
-		return; /* Not operating as a GO in persistent group */
-	ssid = wpas_p2p_get_persistent(wpa_s->p2pdev, peer,
-				       ssid->ssid, ssid->ssid_len);
-	wpas_remove_persistent_peer(wpa_s, ssid, peer, 1);
-}
-
-
-static void wpas_invitation_result(void *ctx, int status, const u8 *bssid,
-				   const struct p2p_channels *channels,
-				   const u8 *peer, int neg_freq,
-				   int peer_oper_freq)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *ssid;
-	int freq;
-
-	if (bssid) {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_INVITATION_RESULT
-			       "status=%d " MACSTR,
-			       status, MAC2STR(bssid));
-	} else {
-		wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_INVITATION_RESULT
-			       "status=%d ", status);
-	}
-	wpas_notify_p2p_invitation_result(wpa_s, status, bssid);
-
-	wpa_printf(MSG_DEBUG, "P2P: Invitation result - status=%d peer=" MACSTR,
-		   status, MAC2STR(peer));
-	if (wpa_s->pending_invite_ssid_id == -1) {
-		struct wpa_supplicant *group_if =
-			wpa_s->global->p2p_invite_group;
-
-		if (status == P2P_SC_FAIL_UNKNOWN_GROUP)
-			wpas_remove_persistent_client(wpa_s, peer);
-
-		/*
-		 * Invitation to an active group. If this is successful and we
-		 * are the GO, set the client wait to postpone some concurrent
-		 * operations and to allow provisioning and connection to happen
-		 * more quickly.
-		 */
-		if (status == P2P_SC_SUCCESS &&
-		    group_if && group_if->current_ssid &&
-		    group_if->current_ssid->mode == WPAS_MODE_P2P_GO) {
-			os_get_reltime(&wpa_s->global->p2p_go_wait_client);
-#ifdef CONFIG_TESTING_OPTIONS
-			if (group_if->p2p_go_csa_on_inv) {
-				wpa_printf(MSG_DEBUG,
-					   "Testing: force P2P GO CSA after invitation");
-				eloop_cancel_timeout(
-					wpas_p2p_reconsider_moving_go,
-					wpa_s, NULL);
-				eloop_register_timeout(
-					0, 50000,
-					wpas_p2p_reconsider_moving_go,
-					wpa_s, NULL);
-			}
-#endif /* CONFIG_TESTING_OPTIONS */
-		}
-		return;
-	}
-
-	if (status == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE) {
-		wpa_printf(MSG_DEBUG, "P2P: Waiting for peer to start another "
-			   "invitation exchange to indicate readiness for "
-			   "re-invocation");
-	}
-
-	if (status != P2P_SC_SUCCESS) {
-		if (status == P2P_SC_FAIL_UNKNOWN_GROUP) {
-			ssid = wpa_config_get_network(
-				wpa_s->conf, wpa_s->pending_invite_ssid_id);
-			wpas_remove_persistent_peer(wpa_s, ssid, peer, 1);
-		}
-		wpas_p2p_remove_pending_group_interface(wpa_s);
-		return;
-	}
-
-	ssid = wpa_config_get_network(wpa_s->conf,
-				      wpa_s->pending_invite_ssid_id);
-	if (ssid == NULL) {
-		wpa_printf(MSG_ERROR, "P2P: Could not find persistent group "
-			   "data matching with invitation");
-		return;
-	}
-
-	/*
-	 * The peer could have missed our ctrl::ack frame for Invitation
-	 * Response and continue retransmitting the frame. To reduce the
-	 * likelihood of the peer not getting successful TX status for the
-	 * Invitation Response frame, wait a short time here before starting
-	 * the persistent group so that we will remain on the current channel to
-	 * acknowledge any possible retransmission from the peer.
-	 */
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: 50 ms wait on current channel before "
-		"starting persistent group");
-	os_sleep(0, 50000);
-
-	if (neg_freq > 0 && ssid->mode == WPAS_MODE_P2P_GO &&
-	    freq_included(wpa_s, channels, neg_freq))
-		freq = neg_freq;
-	else if (peer_oper_freq > 0 && ssid->mode != WPAS_MODE_P2P_GO &&
-		 freq_included(wpa_s, channels, peer_oper_freq))
-		freq = peer_oper_freq;
-	else
-		freq = 0;
-
-	wpa_printf(MSG_DEBUG, "P2P: Persistent group invitation success - op_freq=%d MHz SSID=%s",
-		   freq, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-	wpas_p2p_group_add_persistent(wpa_s, ssid,
-				      ssid->mode == WPAS_MODE_P2P_GO,
-				      wpa_s->p2p_persistent_go_freq,
-				      freq,
-				      wpa_s->p2p_go_vht_center_freq2,
-				      wpa_s->p2p_go_ht40, wpa_s->p2p_go_vht,
-				      wpa_s->p2p_go_max_oper_chwidth,
-				      wpa_s->p2p_go_he,
-				      wpa_s->p2p_go_edmg,
-				      channels,
-				      ssid->mode == WPAS_MODE_P2P_GO ?
-				      P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE :
-				      0, 1,
-				      is_p2p_allow_6ghz(wpa_s->global->p2p));
-}
-
-
-static int wpas_p2p_disallowed_freq(struct wpa_global *global,
-				    unsigned int freq)
-{
-	if (freq_range_list_includes(&global->p2p_go_avoid_freq, freq))
-		return 1;
-	return freq_range_list_includes(&global->p2p_disallow_freq, freq);
-}
-
-
-static void wpas_p2p_add_chan(struct p2p_reg_class *reg, u8 chan)
-{
-	reg->channel[reg->channels] = chan;
-	reg->channels++;
-}
-
-
-static int wpas_p2p_default_channels(struct wpa_supplicant *wpa_s,
-				     struct p2p_channels *chan,
-				     struct p2p_channels *cli_chan)
-{
-	int i, cla = 0;
-
-	wpa_s->global->p2p_24ghz_social_channels = 1;
-
-	os_memset(cli_chan, 0, sizeof(*cli_chan));
-
-	wpa_printf(MSG_DEBUG, "P2P: Enable operating classes for 2.4 GHz "
-		   "band");
-
-	/* Operating class 81 - 2.4 GHz band channels 1..13 */
-	chan->reg_class[cla].reg_class = 81;
-	chan->reg_class[cla].channels = 0;
-	for (i = 0; i < 11; i++) {
-		if (!wpas_p2p_disallowed_freq(wpa_s->global, 2412 + i * 5))
-			wpas_p2p_add_chan(&chan->reg_class[cla], i + 1);
-	}
-	if (chan->reg_class[cla].channels)
-		cla++;
-
-	wpa_printf(MSG_DEBUG, "P2P: Enable operating classes for lower 5 GHz "
-		   "band");
-
-	/* Operating class 115 - 5 GHz, channels 36-48 */
-	chan->reg_class[cla].reg_class = 115;
-	chan->reg_class[cla].channels = 0;
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 36 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 36);
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 40 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 40);
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 44 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 44);
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 48 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 48);
-	if (chan->reg_class[cla].channels)
-		cla++;
-
-	wpa_printf(MSG_DEBUG, "P2P: Enable operating classes for higher 5 GHz "
-		   "band");
-
-	/* Operating class 124 - 5 GHz, channels 149,153,157,161 */
-	chan->reg_class[cla].reg_class = 124;
-	chan->reg_class[cla].channels = 0;
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 149 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 149);
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 153 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 153);
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 156 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 157);
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, 5000 + 161 * 5))
-		wpas_p2p_add_chan(&chan->reg_class[cla], 161);
-	if (chan->reg_class[cla].channels)
-		cla++;
-
-	chan->reg_classes = cla;
-	return 0;
-}
-
-
-static enum chan_allowed has_channel(struct wpa_global *global,
-				     struct hostapd_hw_modes *mode, u8 op_class,
-				     u8 chan, int *flags)
-{
-	int i;
-	unsigned int freq;
-
-	freq = ieee80211_chan_to_freq(NULL, op_class, chan);
-	if (wpas_p2p_disallowed_freq(global, freq))
-		return NOT_ALLOWED;
-
-	for (i = 0; i < mode->num_channels; i++) {
-		if ((unsigned int) mode->channels[i].freq == freq) {
-			if (flags)
-				*flags = mode->channels[i].flag;
-			if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
-				return NOT_ALLOWED;
-			if (mode->channels[i].flag & HOSTAPD_CHAN_NO_IR)
-				return NO_IR;
-			if (mode->channels[i].flag & HOSTAPD_CHAN_RADAR)
-				return RADAR;
-			return ALLOWED;
-		}
-	}
-
-	return NOT_ALLOWED;
-}
-
-
-static int wpas_p2p_get_center_80mhz(struct wpa_supplicant *wpa_s,
-				     struct hostapd_hw_modes *mode,
-				     u8 channel, const u8 *center_channels,
-				     size_t num_chan)
-{
-	size_t i;
-
-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-		return 0;
-
-	for (i = 0; i < num_chan; i++)
-		/*
-		 * In 80 MHz, the bandwidth "spans" 12 channels (e.g., 36-48),
-		 * so the center channel is 6 channels away from the start/end.
-		 */
-		if (channel >= center_channels[i] - 6 &&
-		    channel <= center_channels[i] + 6)
-			return center_channels[i];
-
-	return 0;
-}
-
-
-static const u8 center_channels_5ghz_80mhz[] = { 42, 58, 106, 122, 138,
-						 155, 171 };
-static const u8 center_channels_6ghz_80mhz[] = { 7, 23, 39, 55, 71, 87, 103,
-						 119, 135, 151, 167, 183, 199,
-						 215 };
-
-static enum chan_allowed wpas_p2p_verify_80mhz(struct wpa_supplicant *wpa_s,
-					       struct hostapd_hw_modes *mode,
-					       u8 op_class, u8 channel, u8 bw)
-{
-	u8 center_chan;
-	int i, flags;
-	enum chan_allowed res, ret = ALLOWED;
-	const u8 *chans;
-	size_t num_chans;
-	bool is_6ghz = is_6ghz_op_class(op_class);
-
-	if (is_6ghz) {
-		chans = center_channels_6ghz_80mhz;
-		num_chans = ARRAY_SIZE(center_channels_6ghz_80mhz);
-	} else {
-		chans = center_channels_5ghz_80mhz;
-		num_chans = ARRAY_SIZE(center_channels_5ghz_80mhz);
-	}
-	center_chan = wpas_p2p_get_center_80mhz(wpa_s, mode, channel,
-						chans, num_chans);
-	if (!center_chan)
-		return NOT_ALLOWED;
-	if (!wpa_s->p2p_go_allow_dfs &&
-	    !is_6ghz && center_chan >= 58 && center_chan <= 138)
-		return NOT_ALLOWED; /* Do not allow DFS channels for P2P */
-
-	/* check all the channels are available */
-	for (i = 0; i < 4; i++) {
-		int adj_chan = center_chan - 6 + i * 4;
-
-		res = has_channel(wpa_s->global, mode, op_class, adj_chan,
-				  &flags);
-		if (res == NOT_ALLOWED)
-			return NOT_ALLOWED;
-		if (res == RADAR)
-			ret = RADAR;
-		if (res == NO_IR)
-			ret = NO_IR;
-		if (!is_6ghz) {
-			if (i == 0 && !(flags & HOSTAPD_CHAN_VHT_10_70))
-				return NOT_ALLOWED;
-			if (i == 1 && !(flags & HOSTAPD_CHAN_VHT_30_50))
-				return NOT_ALLOWED;
-			if (i == 2 && !(flags & HOSTAPD_CHAN_VHT_50_30))
-				return NOT_ALLOWED;
-			if (i == 3 && !(flags & HOSTAPD_CHAN_VHT_70_10))
-				return NOT_ALLOWED;
-		} else if (is_6ghz &&
-			   (!(wpas_get_6ghz_he_chwidth_capab(mode) &
-			      HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G))) {
-			return NOT_ALLOWED;
-		}
-	}
-
-	return ret;
-}
-
-
-static int wpas_p2p_get_center_160mhz(struct wpa_supplicant *wpa_s,
-				     struct hostapd_hw_modes *mode,
-				     u8 channel, const u8 *center_channels,
-				     size_t num_chan)
-{
-	unsigned int i;
-
-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-		return 0;
-
-	for (i = 0; i < num_chan; i++)
-		/*
-		 * In 160 MHz, the bandwidth "spans" 28 channels (e.g., 36-64),
-		 * so the center channel is 14 channels away from the start/end.
-		 */
-		if (channel >= center_channels[i] - 14 &&
-		    channel <= center_channels[i] + 14)
-			return center_channels[i];
-
-	return 0;
-}
-
-
-static const u8 center_channels_5ghz_160mhz[] = { 50, 114, 163 };
-static const u8 center_channels_6ghz_160mhz[] = { 15, 47, 79, 111, 143, 175,
-						  207 };
-
-static enum chan_allowed wpas_p2p_verify_160mhz(struct wpa_supplicant *wpa_s,
-					       struct hostapd_hw_modes *mode,
-					       u8 op_class, u8 channel, u8 bw)
-{
-	u8 center_chan;
-	int i, flags;
-	enum chan_allowed res, ret = ALLOWED;
-	const u8 *chans;
-	size_t num_chans;
-
-	if (is_6ghz_op_class(op_class)) {
-		chans = center_channels_6ghz_160mhz;
-		num_chans = ARRAY_SIZE(center_channels_6ghz_160mhz);
-	} else {
-		chans = center_channels_5ghz_160mhz;
-		num_chans = ARRAY_SIZE(center_channels_5ghz_160mhz);
-	}
-	center_chan = wpas_p2p_get_center_160mhz(wpa_s, mode, channel,
-						 chans, num_chans);
-	if (!center_chan)
-		return NOT_ALLOWED;
-	/* VHT 160 MHz uses DFS channels in most countries. */
-
-	/* Check all the channels are available */
-	for (i = 0; i < 8; i++) {
-		int adj_chan = center_chan - 14 + i * 4;
-
-		res = has_channel(wpa_s->global, mode, op_class, adj_chan,
-				  &flags);
-		if (res == NOT_ALLOWED)
-			return NOT_ALLOWED;
-
-		if (res == RADAR)
-			ret = RADAR;
-		if (res == NO_IR)
-			ret = NO_IR;
-
-		if (!is_6ghz_op_class(op_class)) {
-			if (i == 0 && !(flags & HOSTAPD_CHAN_VHT_10_150))
-				return NOT_ALLOWED;
-			if (i == 1 && !(flags & HOSTAPD_CHAN_VHT_30_130))
-				return NOT_ALLOWED;
-			if (i == 2 && !(flags & HOSTAPD_CHAN_VHT_50_110))
-				return NOT_ALLOWED;
-			if (i == 3 && !(flags & HOSTAPD_CHAN_VHT_70_90))
-				return NOT_ALLOWED;
-			if (i == 4 && !(flags & HOSTAPD_CHAN_VHT_90_70))
-				return NOT_ALLOWED;
-			if (i == 5 && !(flags & HOSTAPD_CHAN_VHT_110_50))
-				return NOT_ALLOWED;
-			if (i == 6 && !(flags & HOSTAPD_CHAN_VHT_130_30))
-				return NOT_ALLOWED;
-			if (i == 7 && !(flags & HOSTAPD_CHAN_VHT_150_10))
-				return NOT_ALLOWED;
-		} else if (is_6ghz_op_class(op_class) &&
-			   (!(wpas_get_6ghz_he_chwidth_capab(mode) &
-			      HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G))) {
-			return NOT_ALLOWED;
-		}
-	}
-
-	return ret;
-}
-
-
-static enum chan_allowed wpas_p2p_verify_edmg(struct wpa_supplicant *wpa_s,
-					      struct hostapd_hw_modes *mode,
-					      u8 channel)
-{
-	struct ieee80211_edmg_config edmg;
-
-	hostapd_encode_edmg_chan(1, channel, 0, &edmg);
-	if (edmg.channels && ieee802_edmg_is_allowed(mode->edmg, edmg))
-		return ALLOWED;
-
-	return NOT_ALLOWED;
-}
-
-
-static enum chan_allowed wpas_p2p_verify_channel(struct wpa_supplicant *wpa_s,
-						 struct hostapd_hw_modes *mode,
-						 u8 op_class, u8 channel, u8 bw)
-{
-	int flag = 0;
-	enum chan_allowed res, res2;
-
-	res2 = res = has_channel(wpa_s->global, mode, op_class, channel, &flag);
-	if (bw == BW40MINUS) {
-		if (!(flag & HOSTAPD_CHAN_HT40MINUS))
-			return NOT_ALLOWED;
-		res2 = has_channel(wpa_s->global, mode, op_class, channel - 4,
-				   NULL);
-	} else if (bw == BW40PLUS) {
-		if (!(flag & HOSTAPD_CHAN_HT40PLUS))
-			return NOT_ALLOWED;
-		res2 = has_channel(wpa_s->global, mode, op_class, channel + 4,
-				   NULL);
-	} else if (is_6ghz_op_class(op_class) && bw == BW40) {
-		if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-			return NOT_ALLOWED;
-		if (get_6ghz_sec_channel(channel) < 0)
-			res2 = has_channel(wpa_s->global, mode, op_class,
-					   channel - 4, NULL);
-		else
-			res2 = has_channel(wpa_s->global, mode, op_class,
-					   channel + 4, NULL);
-	} else if (bw == BW80) {
-		res2 = wpas_p2p_verify_80mhz(wpa_s, mode, op_class, channel,
-					     bw);
-	} else if (bw == BW160) {
-		res2 = wpas_p2p_verify_160mhz(wpa_s, mode, op_class, channel,
-					      bw);
-	} else if (bw == BW4320 || bw == BW6480 || bw == BW8640) {
-		return wpas_p2p_verify_edmg(wpa_s, mode, channel);
-	}
-
-	if (res == NOT_ALLOWED || res2 == NOT_ALLOWED)
-		return NOT_ALLOWED;
-	if (res == NO_IR || res2 == NO_IR)
-		return NO_IR;
-	if (res == RADAR || res2 == RADAR)
-		return RADAR;
-	return res;
-}
-
-
-static int wpas_p2p_setup_channels(struct wpa_supplicant *wpa_s,
-				   struct p2p_channels *chan,
-				   struct p2p_channels *cli_chan,
-				   bool p2p_disable_6ghz)
-{
-	struct hostapd_hw_modes *mode;
-	int cla, op, cli_cla;
-
-	if (wpa_s->hw.modes == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Driver did not support fetching "
-			   "of all supported channels; assume dualband "
-			   "support");
-		return wpas_p2p_default_channels(wpa_s, chan, cli_chan);
-	}
-
-	cla = cli_cla = 0;
-
-	for (op = 0; global_op_class[op].op_class; op++) {
-		const struct oper_class_map *o = &global_op_class[op];
-		unsigned int ch;
-		struct p2p_reg_class *reg = NULL, *cli_reg = NULL;
-
-		if (o->p2p == NO_P2P_SUPP ||
-		    (is_6ghz_op_class(o->op_class) && p2p_disable_6ghz))
-			continue;
-
-		mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, o->mode,
-				is_6ghz_op_class(o->op_class));
-		if (mode == NULL)
-			continue;
-		if (mode->mode == HOSTAPD_MODE_IEEE80211G)
-			wpa_s->global->p2p_24ghz_social_channels = 1;
-		for (ch = o->min_chan; ch <= o->max_chan; ch += o->inc) {
-			enum chan_allowed res;
-
-			/* Check for non-continuous jump in channel index
-			 * incrementation */
-			if ((o->op_class >= 128 && o->op_class <= 130) &&
-			    ch < 149 && ch + o->inc > 149)
-				ch = 149;
-
-			res = wpas_p2p_verify_channel(wpa_s, mode, o->op_class,
-						      ch, o->bw);
-			if (res == ALLOWED) {
-				if (reg == NULL) {
-					if (cla == P2P_MAX_REG_CLASSES)
-						continue;
-					wpa_printf(MSG_DEBUG, "P2P: Add operating class %u",
-						   o->op_class);
-					reg = &chan->reg_class[cla];
-					cla++;
-					reg->reg_class = o->op_class;
-				}
-				if (reg->channels == P2P_MAX_REG_CLASS_CHANNELS)
-					continue;
-				reg->channel[reg->channels] = ch;
-				reg->channels++;
-			} else if (res == NO_IR &&
-				   wpa_s->conf->p2p_add_cli_chan) {
-				if (cli_reg == NULL) {
-					if (cli_cla == P2P_MAX_REG_CLASSES)
-						continue;
-					wpa_printf(MSG_DEBUG, "P2P: Add operating class %u (client only)",
-						   o->op_class);
-					cli_reg = &cli_chan->reg_class[cli_cla];
-					cli_cla++;
-					cli_reg->reg_class = o->op_class;
-				}
-				if (cli_reg->channels ==
-				    P2P_MAX_REG_CLASS_CHANNELS)
-					continue;
-				cli_reg->channel[cli_reg->channels] = ch;
-				cli_reg->channels++;
-			}
-		}
-		if (reg) {
-			wpa_hexdump(MSG_DEBUG, "P2P: Channels",
-				    reg->channel, reg->channels);
-		}
-		if (cli_reg) {
-			wpa_hexdump(MSG_DEBUG, "P2P: Channels (client only)",
-				    cli_reg->channel, cli_reg->channels);
-		}
-	}
-
-	chan->reg_classes = cla;
-	cli_chan->reg_classes = cli_cla;
-
-	return 0;
-}
-
-
-int wpas_p2p_get_sec_channel_offset_40mhz(struct wpa_supplicant *wpa_s,
-					  struct hostapd_hw_modes *mode,
-					  u8 channel)
-{
-	int op;
-	enum chan_allowed ret;
-
-	for (op = 0; global_op_class[op].op_class; op++) {
-		const struct oper_class_map *o = &global_op_class[op];
-		u16 ch;
-		int chan = channel;
-
-		/* Allow DFS channels marked as NO_P2P_SUPP to be used with
-		 * driver offloaded DFS. */
-		if ((o->p2p == NO_P2P_SUPP &&
-		     (!is_dfs_global_op_class(o->op_class) ||
-		      !wpa_s->p2p_go_allow_dfs)) ||
-		    (is_6ghz_op_class(o->op_class) &&
-		     wpa_s->conf->p2p_6ghz_disable))
-			continue;
-
-		if (is_6ghz_op_class(o->op_class) && o->bw == BW40 &&
-		    get_6ghz_sec_channel(channel) < 0)
-			chan = channel - 4;
-
-		for (ch = o->min_chan; ch <= o->max_chan; ch += o->inc) {
-			if (o->mode != HOSTAPD_MODE_IEEE80211A ||
-			    (o->bw != BW40PLUS && o->bw != BW40MINUS &&
-			     o->bw != BW40) ||
-			    ch != chan)
-				continue;
-			ret = wpas_p2p_verify_channel(wpa_s, mode, o->op_class,
-						      ch, o->bw);
-			if (ret == ALLOWED) {
-				if (is_6ghz_op_class(o->op_class) &&
-				    o->bw == BW40)
-					return get_6ghz_sec_channel(channel);
-				return (o->bw == BW40MINUS) ? -1 : 1;
-			}
-			if (ret == RADAR && wpa_s->p2p_go_allow_dfs) {
-				/* Allow RADAR channels used for driver
-				 * offloaded DFS */
-				return (o->bw == BW40MINUS) ? -1 : 1;
-			}
-		}
-	}
-	return 0;
-}
-
-
-int wpas_p2p_get_vht80_center(struct wpa_supplicant *wpa_s,
-			      struct hostapd_hw_modes *mode, u8 channel,
-			      u8 op_class)
-{
-	const u8 *chans;
-	size_t num_chans;
-	enum chan_allowed ret;
-
-	ret = wpas_p2p_verify_channel(wpa_s, mode, op_class, channel, BW80);
-	if (!(ret == ALLOWED || (ret == RADAR && wpa_s->p2p_go_allow_dfs)))
-		return 0;
-
-	if (is_6ghz_op_class(op_class)) {
-		chans = center_channels_6ghz_80mhz;
-		num_chans = ARRAY_SIZE(center_channels_6ghz_80mhz);
-	} else {
-		chans = center_channels_5ghz_80mhz;
-		num_chans = ARRAY_SIZE(center_channels_5ghz_80mhz);
-	}
-	return wpas_p2p_get_center_80mhz(wpa_s, mode, channel,
-					 chans, num_chans);
-}
-
-
-int wpas_p2p_get_vht160_center(struct wpa_supplicant *wpa_s,
-			       struct hostapd_hw_modes *mode, u8 channel,
-			       u8 op_class)
-{
-	const u8 *chans;
-	size_t num_chans;
-	enum chan_allowed ret;
-
-	ret = wpas_p2p_verify_channel(wpa_s, mode, op_class, channel, BW160);
-	if (!(ret == ALLOWED || (ret == RADAR && wpa_s->p2p_go_allow_dfs)))
-		return 0;
-	if (is_6ghz_op_class(op_class)) {
-		chans = center_channels_6ghz_160mhz;
-		num_chans = ARRAY_SIZE(center_channels_6ghz_160mhz);
-	} else {
-		chans = center_channels_5ghz_160mhz;
-		num_chans = ARRAY_SIZE(center_channels_5ghz_160mhz);
-	}
-	return wpas_p2p_get_center_160mhz(wpa_s, mode, channel,
-					  chans, num_chans);
-}
-
-
-static int wpas_get_noa(void *ctx, const u8 *interface_addr, u8 *buf,
-			size_t buf_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (os_memcmp(wpa_s->own_addr, interface_addr, ETH_ALEN) == 0)
-			break;
-	}
-	if (wpa_s == NULL)
-		return -1;
-
-	return wpa_drv_get_noa(wpa_s, buf, buf_len);
-}
-
-
-struct wpa_supplicant * wpas_get_p2p_go_iface(struct wpa_supplicant *wpa_s,
-					      const u8 *ssid, size_t ssid_len)
-{
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		struct wpa_ssid *s = wpa_s->current_ssid;
-		if (s == NULL)
-			continue;
-		if (s->mode != WPAS_MODE_P2P_GO &&
-		    s->mode != WPAS_MODE_AP &&
-		    s->mode != WPAS_MODE_P2P_GROUP_FORMATION)
-			continue;
-		if (s->ssid_len != ssid_len ||
-		    os_memcmp(ssid, s->ssid, ssid_len) != 0)
-			continue;
-		return wpa_s;
-	}
-
-	return NULL;
-
-}
-
-
-struct wpa_supplicant * wpas_get_p2p_client_iface(struct wpa_supplicant *wpa_s,
-						  const u8 *peer_dev_addr)
-{
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		struct wpa_ssid *ssid = wpa_s->current_ssid;
-		if (ssid && (ssid->mode != WPAS_MODE_INFRA || !ssid->p2p_group))
-			continue;
-		if (os_memcmp(wpa_s->go_dev_addr, peer_dev_addr, ETH_ALEN) == 0)
-			return wpa_s;
-	}
-
-	return NULL;
-}
-
-
-static int wpas_go_connected(void *ctx, const u8 *dev_addr)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	return wpas_get_p2p_client_iface(wpa_s, dev_addr) != NULL;
-}
-
-
-static int wpas_is_concurrent_session_active(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_supplicant *ifs;
-
-	for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
-		if (ifs == wpa_s)
-			continue;
-		if (ifs->wpa_state > WPA_ASSOCIATED)
-			return 1;
-	}
-	return 0;
-}
-
-
-static void wpas_p2p_debug_print(void *ctx, int level, const char *msg)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_msg_global(wpa_s, level, "P2P: %s", msg);
-}
-
-
-int wpas_p2p_add_p2pdev_interface(struct wpa_supplicant *wpa_s,
-				  const char *conf_p2p_dev)
-{
-	struct wpa_interface iface;
-	struct wpa_supplicant *p2pdev_wpa_s;
-	char ifname[100];
-	char force_name[100];
-	int ret;
-	const u8 *if_addr = NULL;
-
-	ret = os_snprintf(ifname, sizeof(ifname), P2P_MGMT_DEVICE_PREFIX "%s",
-			  wpa_s->ifname);
-	if (os_snprintf_error(sizeof(ifname), ret))
-		return -1;
-	/* Cut length at the maximum size. Note that we don't need to ensure
-	 * collision free names here as the created interface is not a netdev.
-	 */
-	ifname[IFNAMSIZ - 1] = '\0';
-	force_name[0] = '\0';
-	wpa_s->pending_interface_type = WPA_IF_P2P_DEVICE;
-
-	if (wpa_s->conf->p2p_device_random_mac_addr == 2 &&
-	    !is_zero_ether_addr(wpa_s->conf->p2p_device_persistent_mac_addr))
-		if_addr = wpa_s->conf->p2p_device_persistent_mac_addr;
-
-	ret = wpa_drv_if_add(wpa_s, WPA_IF_P2P_DEVICE, ifname, if_addr, NULL,
-			     force_name, wpa_s->pending_interface_addr, NULL);
-	if (ret < 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to create P2P Device interface");
-		return ret;
-	}
-	os_strlcpy(wpa_s->pending_interface_name, ifname,
-		   sizeof(wpa_s->pending_interface_name));
-
-	os_memset(&iface, 0, sizeof(iface));
-	iface.p2p_mgmt = 1;
-	iface.ifname = wpa_s->pending_interface_name;
-	iface.driver = wpa_s->driver->name;
-	iface.driver_param = wpa_s->conf->driver_param;
-
-	/*
-	 * If a P2P Device configuration file was given, use it as the interface
-	 * configuration file (instead of using parent's configuration file.
-	 */
-	if (conf_p2p_dev) {
-		iface.confname = conf_p2p_dev;
-		iface.ctrl_interface = NULL;
-	} else {
-		iface.confname = wpa_s->confname;
-		iface.ctrl_interface = wpa_s->conf->ctrl_interface;
-	}
-
-	p2pdev_wpa_s = wpa_supplicant_add_iface(wpa_s->global, &iface, wpa_s);
-	if (!p2pdev_wpa_s) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to add P2P Device interface");
-		return -1;
-	}
-
-	p2pdev_wpa_s->p2pdev = p2pdev_wpa_s;
-	wpa_s->pending_interface_name[0] = '\0';
-	return 0;
-}
-
-
-static void wpas_presence_resp(void *ctx, const u8 *src, u8 status,
-			       const u8 *noa, size_t noa_len)
-{
-	struct wpa_supplicant *wpa_s, *intf = ctx;
-	char hex[100];
-
-	for (wpa_s = intf->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_s->waiting_presence_resp)
-			break;
-	}
-	if (!wpa_s) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: No group interface was waiting for presence response");
-		return;
-	}
-	wpa_s->waiting_presence_resp = 0;
-
-	wpa_snprintf_hex(hex, sizeof(hex), noa, noa_len);
-	wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_PRESENCE_RESPONSE "src=" MACSTR
-		" status=%u noa=%s", MAC2STR(src), status, hex);
-}
-
-
-static int wpas_get_persistent_group(void *ctx, const u8 *addr, const u8 *ssid,
-				     size_t ssid_len, u8 *go_dev_addr,
-				     u8 *ret_ssid, size_t *ret_ssid_len,
-				     u8 *intended_iface_addr)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *s;
-
-	s = wpas_p2p_get_persistent(wpa_s, addr, ssid, ssid_len);
-	if (s) {
-		os_memcpy(ret_ssid, s->ssid, s->ssid_len);
-		*ret_ssid_len = s->ssid_len;
-		os_memcpy(go_dev_addr, s->bssid, ETH_ALEN);
-
-		if (s->mode != WPAS_MODE_P2P_GO) {
-			os_memset(intended_iface_addr, 0, ETH_ALEN);
-		} else if (wpas_p2p_create_iface(wpa_s)) {
-			if (wpas_p2p_add_group_interface(wpa_s, WPA_IF_P2P_GO))
-				return 0;
-
-			os_memcpy(intended_iface_addr,
-				  wpa_s->pending_interface_addr, ETH_ALEN);
-		} else {
-			os_memcpy(intended_iface_addr, wpa_s->own_addr,
-				  ETH_ALEN);
-		}
-		return 1;
-	}
-
-	return 0;
-}
-
-
-static int wpas_get_go_info(void *ctx, u8 *intended_addr,
-			    u8 *ssid, size_t *ssid_len, int *group_iface,
-			    unsigned int *freq)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_supplicant *go;
-	struct wpa_ssid *s;
-
-	/*
-	 * group_iface will be set to 1 only if a dedicated interface for P2P
-	 * role is required. First, we try to reuse an active GO. However,
-	 * if it is not present, we will try to reactivate an existing
-	 * persistent group and set group_iface to 1, so the caller will know
-	 * that the pending interface should be used.
-	 */
-	*group_iface = 0;
-
-	if (freq)
-		*freq = 0;
-
-	go = wpas_p2p_get_go_group(wpa_s);
-	if (!go) {
-		s = wpas_p2p_get_persistent_go(wpa_s);
-		*group_iface = wpas_p2p_create_iface(wpa_s);
-		if (s)
-			os_memcpy(intended_addr, s->bssid, ETH_ALEN);
-		else
-			return 0;
-	} else {
-		s = go->current_ssid;
-		os_memcpy(intended_addr, go->own_addr, ETH_ALEN);
-		if (freq)
-			*freq = go->assoc_freq;
-	}
-
-	os_memcpy(ssid, s->ssid, s->ssid_len);
-	*ssid_len = s->ssid_len;
-
-	return 1;
-}
-
-
-static int wpas_remove_stale_groups(void *ctx, const u8 *peer, const u8 *go,
-				    const u8 *ssid, size_t ssid_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *s;
-	int save_config = 0;
-	size_t i;
-
-	/* Start with our first choice of Persistent Groups */
-	while ((s = wpas_p2p_get_persistent(wpa_s, peer, NULL, 0))) {
-		if (go && ssid && ssid_len &&
-		    s->ssid_len == ssid_len &&
-		    os_memcmp(go, s->bssid, ETH_ALEN) == 0 &&
-		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
-			break;
-
-		/* Remove stale persistent group */
-		if (s->mode != WPAS_MODE_P2P_GO || s->num_p2p_clients <= 1) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Remove stale persistent group id=%d",
-				s->id);
-			wpas_notify_persistent_group_removed(wpa_s, s);
-			wpa_config_remove_network(wpa_s->conf, s->id);
-			save_config = 1;
-			continue;
-		}
-
-		for (i = 0; i < s->num_p2p_clients; i++) {
-			if (os_memcmp(s->p2p_client_list + i * 2 * ETH_ALEN,
-				      peer, ETH_ALEN) != 0)
-				continue;
-
-			os_memmove(s->p2p_client_list + i * 2 * ETH_ALEN,
-				   s->p2p_client_list + (i + 1) * 2 * ETH_ALEN,
-				   (s->num_p2p_clients - i - 1) * 2 * ETH_ALEN);
-			break;
-		}
-		s->num_p2p_clients--;
-		save_config = 1;
-	}
-
-	if (save_config)
-		p2p_config_write(wpa_s);
-
-	/* Return TRUE if valid SSID remains */
-	return s != NULL;
-}
-
-
-static void wpas_p2ps_get_feat_cap_str(char *buf, size_t buf_len,
-				       const u8 *feat_cap, size_t feat_cap_len)
-{
-	static const char pref[] = " feature_cap=";
-	int ret;
-
-	buf[0] = '\0';
-
-	/*
-	 * We expect a feature capability to contain at least one byte to be
-	 * reported. The string buffer provided by the caller function is
-	 * expected to be big enough to contain all bytes of the attribute for
-	 * known specifications. This function truncates the reported bytes if
-	 * the feature capability data exceeds the string buffer size.
-	 */
-	if (!feat_cap || !feat_cap_len || buf_len < sizeof(pref) + 2)
-		return;
-
-	os_memcpy(buf, pref, sizeof(pref));
-	ret = wpa_snprintf_hex(&buf[sizeof(pref) - 1],
-			       buf_len - sizeof(pref) + 1,
-			       feat_cap, feat_cap_len);
-
-	if (ret != (2 * (int) feat_cap_len))
-		wpa_printf(MSG_WARNING, "P2PS feature_cap bytes truncated");
-}
-
-
-static void wpas_p2ps_prov_complete(void *ctx, u8 status, const u8 *dev,
-				    const u8 *adv_mac, const u8 *ses_mac,
-				    const u8 *grp_mac, u32 adv_id, u32 ses_id,
-				    u8 conncap, int passwd_id,
-				    const u8 *persist_ssid,
-				    size_t persist_ssid_size, int response_done,
-				    int prov_start, const char *session_info,
-				    const u8 *feat_cap, size_t feat_cap_len,
-				    unsigned int freq,
-				    const u8 *group_ssid, size_t group_ssid_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	u8 mac[ETH_ALEN];
-	struct wpa_ssid *persistent_go, *stale, *s = NULL;
-	int save_config = 0;
-	struct wpa_supplicant *go_wpa_s;
-	char feat_cap_str[256];
-
-	if (!dev)
-		return;
-
-	os_memset(mac, 0, ETH_ALEN);
-	if (!adv_mac)
-		adv_mac = mac;
-	if (!ses_mac)
-		ses_mac = mac;
-	if (!grp_mac)
-		grp_mac = mac;
-
-	wpas_p2ps_get_feat_cap_str(feat_cap_str, sizeof(feat_cap_str),
-				   feat_cap, feat_cap_len);
-
-	if (prov_start) {
-		if (session_info == NULL) {
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_P2PS_PROVISION_START MACSTR
-				       " adv_id=%x conncap=%x"
-				       " adv_mac=" MACSTR
-				       " session=%x mac=" MACSTR
-				       " dev_passwd_id=%d%s",
-				       MAC2STR(dev), adv_id, conncap,
-				       MAC2STR(adv_mac),
-				       ses_id, MAC2STR(ses_mac),
-				       passwd_id, feat_cap_str);
-		} else {
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_P2PS_PROVISION_START MACSTR
-				       " adv_id=%x conncap=%x"
-				       " adv_mac=" MACSTR
-				       " session=%x mac=" MACSTR
-				       " dev_passwd_id=%d info='%s'%s",
-				       MAC2STR(dev), adv_id, conncap,
-				       MAC2STR(adv_mac),
-				       ses_id, MAC2STR(ses_mac),
-				       passwd_id, session_info, feat_cap_str);
-		}
-		return;
-	}
-
-	go_wpa_s = wpas_p2p_get_go_group(wpa_s);
-	persistent_go = wpas_p2p_get_persistent_go(wpa_s);
-
-	if (status && status != P2P_SC_SUCCESS_DEFERRED) {
-		if (go_wpa_s && !p2p_group_go_member_count(wpa_s))
-			wpas_p2p_group_remove(wpa_s, go_wpa_s->ifname);
-
-		if (persistent_go && !persistent_go->num_p2p_clients) {
-			/* remove empty persistent GO */
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Remove empty persistent group id=%d",
-				persistent_go->id);
-			wpas_notify_persistent_group_removed(wpa_s,
-							     persistent_go);
-			wpa_config_remove_network(wpa_s->conf,
-						  persistent_go->id);
-		}
-
-		wpa_msg_global(wpa_s, MSG_INFO,
-			       P2P_EVENT_P2PS_PROVISION_DONE MACSTR
-			       " status=%d"
-			       " adv_id=%x adv_mac=" MACSTR
-			       " session=%x mac=" MACSTR "%s",
-			       MAC2STR(dev), status,
-			       adv_id, MAC2STR(adv_mac),
-			       ses_id, MAC2STR(ses_mac), feat_cap_str);
-		return;
-	}
-
-	/* Clean up stale persistent groups with this device */
-	if (persist_ssid && persist_ssid_size)
-		s = wpas_p2p_get_persistent(wpa_s, dev, persist_ssid,
-					    persist_ssid_size);
-
-	if (persist_ssid && s && s->mode != WPAS_MODE_P2P_GO &&
-	    is_zero_ether_addr(grp_mac)) {
-		wpa_dbg(wpa_s, MSG_ERROR,
-			"P2P: Peer device is a GO in a persistent group, but it did not provide the intended MAC address");
-		return;
-	}
-
-	for (;;) {
-		stale = wpas_p2p_get_persistent(wpa_s, dev, NULL, 0);
-		if (!stale)
-			break;
-
-		if (s && s->ssid_len == stale->ssid_len &&
-		    os_memcmp(stale->bssid, s->bssid, ETH_ALEN) == 0 &&
-		    os_memcmp(stale->ssid, s->ssid, s->ssid_len) == 0)
-			break;
-
-		/* Remove stale persistent group */
-		if (stale->mode != WPAS_MODE_P2P_GO ||
-		    stale->num_p2p_clients <= 1) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Remove stale persistent group id=%d",
-				stale->id);
-			wpas_notify_persistent_group_removed(wpa_s, stale);
-			wpa_config_remove_network(wpa_s->conf, stale->id);
-		} else {
-			size_t i;
-
-			for (i = 0; i < stale->num_p2p_clients; i++) {
-				if (os_memcmp(stale->p2p_client_list +
-					      i * ETH_ALEN,
-					      dev, ETH_ALEN) == 0) {
-					os_memmove(stale->p2p_client_list +
-						   i * ETH_ALEN,
-						   stale->p2p_client_list +
-						   (i + 1) * ETH_ALEN,
-						   (stale->num_p2p_clients -
-						    i - 1) * ETH_ALEN);
-					break;
-				}
-			}
-			stale->num_p2p_clients--;
-		}
-		save_config = 1;
-	}
-
-	if (save_config)
-		p2p_config_write(wpa_s);
-
-	if (s) {
-		if (go_wpa_s && !p2p_group_go_member_count(wpa_s))
-			wpas_p2p_group_remove(wpa_s, go_wpa_s->ifname);
-
-		if (persistent_go && s != persistent_go &&
-		    !persistent_go->num_p2p_clients) {
-			/* remove empty persistent GO */
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Remove empty persistent group id=%d",
-				persistent_go->id);
-			wpas_notify_persistent_group_removed(wpa_s,
-							     persistent_go);
-			wpa_config_remove_network(wpa_s->conf,
-						  persistent_go->id);
-			/* Save config */
-		}
-
-		wpa_msg_global(wpa_s, MSG_INFO,
-			       P2P_EVENT_P2PS_PROVISION_DONE MACSTR
-			       " status=%d"
-			       " adv_id=%x adv_mac=" MACSTR
-			       " session=%x mac=" MACSTR
-			       " persist=%d%s",
-			       MAC2STR(dev), status,
-			       adv_id, MAC2STR(adv_mac),
-			       ses_id, MAC2STR(ses_mac), s->id, feat_cap_str);
-		return;
-	}
-
-	wpa_s->global->pending_p2ps_group = 0;
-	wpa_s->global->pending_p2ps_group_freq = 0;
-
-	if (conncap == P2PS_SETUP_GROUP_OWNER) {
-		/*
-		 * We need to copy the interface name. Simply saving a
-		 * pointer isn't enough, since if we use pending_interface_name
-		 * it will be overwritten when the group is added.
-		 */
-		char go_ifname[100];
-
-		go_ifname[0] = '\0';
-		if (!go_wpa_s) {
-			if (!response_done) {
-				wpa_s->global->pending_p2ps_group = 1;
-				wpa_s->global->pending_p2ps_group_freq = freq;
-			}
-
-			if (!wpas_p2p_create_iface(wpa_s))
-				os_memcpy(go_ifname, wpa_s->ifname,
-					  sizeof(go_ifname));
-			else if (wpa_s->pending_interface_name[0])
-				os_memcpy(go_ifname,
-					  wpa_s->pending_interface_name,
-					  sizeof(go_ifname));
-
-			if (!go_ifname[0]) {
-				wpas_p2ps_prov_complete(
-					wpa_s, P2P_SC_FAIL_UNKNOWN_GROUP,
-					dev, adv_mac, ses_mac,
-					grp_mac, adv_id, ses_id, 0, 0,
-					NULL, 0, 0, 0, NULL, NULL, 0, 0,
-					NULL, 0);
-				return;
-			}
-
-			/* If PD Resp complete, start up the GO */
-			if (response_done && persistent_go) {
-				wpas_p2p_group_add_persistent(
-					wpa_s, persistent_go,
-					0, 0, freq, 0, 0, 0, 0, 0, 0, NULL,
-					persistent_go->mode ==
-					WPAS_MODE_P2P_GO ?
-					P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE :
-					0, 0, false);
-			} else if (response_done) {
-				wpas_p2p_group_add(wpa_s, 1, freq,
-						   0, 0, 0, 0, 0, 0, false);
-			}
-
-			if (passwd_id == DEV_PW_P2PS_DEFAULT) {
-				os_memcpy(wpa_s->p2ps_join_addr, grp_mac,
-					  ETH_ALEN);
-				wpa_s->p2ps_method_config_any = 1;
-			}
-		} else if (passwd_id == DEV_PW_P2PS_DEFAULT) {
-			os_memcpy(go_ifname, go_wpa_s->ifname,
-				  sizeof(go_ifname));
-
-			if (is_zero_ether_addr(grp_mac)) {
-				wpa_dbg(go_wpa_s, MSG_DEBUG,
-					"P2P: Setting PIN-1 for ANY");
-				wpa_supplicant_ap_wps_pin(go_wpa_s, NULL,
-							  "12345670", NULL, 0,
-							  0);
-			} else {
-				wpa_dbg(go_wpa_s, MSG_DEBUG,
-					"P2P: Setting PIN-1 for " MACSTR,
-					MAC2STR(grp_mac));
-				wpa_supplicant_ap_wps_pin(go_wpa_s, grp_mac,
-							  "12345670", NULL, 0,
-							  0);
-			}
-
-			os_memcpy(wpa_s->p2ps_join_addr, grp_mac, ETH_ALEN);
-			wpa_s->p2ps_method_config_any = 1;
-		}
-
-		wpa_msg_global(wpa_s, MSG_INFO,
-			       P2P_EVENT_P2PS_PROVISION_DONE MACSTR
-			       " status=%d conncap=%x"
-			       " adv_id=%x adv_mac=" MACSTR
-			       " session=%x mac=" MACSTR
-			       " dev_passwd_id=%d go=%s%s",
-			       MAC2STR(dev), status, conncap,
-			       adv_id, MAC2STR(adv_mac),
-			       ses_id, MAC2STR(ses_mac),
-			       passwd_id, go_ifname, feat_cap_str);
-		return;
-	}
-
-	if (go_wpa_s && !p2p_group_go_member_count(wpa_s))
-		wpas_p2p_group_remove(wpa_s, go_wpa_s->ifname);
-
-	if (persistent_go && !persistent_go->num_p2p_clients) {
-		/* remove empty persistent GO */
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Remove empty persistent group id=%d",
-			persistent_go->id);
-		wpas_notify_persistent_group_removed(wpa_s, persistent_go);
-		wpa_config_remove_network(wpa_s->conf, persistent_go->id);
-	}
-
-	if (conncap == P2PS_SETUP_CLIENT) {
-		char ssid_hex[32 * 2 + 1];
-
-		if (group_ssid)
-			wpa_snprintf_hex(ssid_hex, sizeof(ssid_hex),
-					 group_ssid, group_ssid_len);
-		else
-			ssid_hex[0] = '\0';
-		wpa_msg_global(wpa_s, MSG_INFO,
-			       P2P_EVENT_P2PS_PROVISION_DONE MACSTR
-			       " status=%d conncap=%x"
-			       " adv_id=%x adv_mac=" MACSTR
-			       " session=%x mac=" MACSTR
-			       " dev_passwd_id=%d join=" MACSTR "%s%s%s",
-			       MAC2STR(dev), status, conncap,
-			       adv_id, MAC2STR(adv_mac),
-			       ses_id, MAC2STR(ses_mac),
-			       passwd_id, MAC2STR(grp_mac), feat_cap_str,
-			       group_ssid ? " group_ssid=" : "", ssid_hex);
-	} else {
-		wpa_msg_global(wpa_s, MSG_INFO,
-			       P2P_EVENT_P2PS_PROVISION_DONE MACSTR
-			       " status=%d conncap=%x"
-			       " adv_id=%x adv_mac=" MACSTR
-			       " session=%x mac=" MACSTR
-			       " dev_passwd_id=%d%s",
-			       MAC2STR(dev), status, conncap,
-			       adv_id, MAC2STR(adv_mac),
-			       ses_id, MAC2STR(ses_mac),
-			       passwd_id, feat_cap_str);
-	}
-}
-
-
-static int _wpas_p2p_in_progress(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpas_p2p_in_progress(wpa_s);
-}
-
-
-static int wpas_prov_disc_resp_cb(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *persistent_go;
-	unsigned int freq;
-
-	if (!wpa_s->global->pending_p2ps_group)
-		return 0;
-
-	freq = wpa_s->global->pending_p2ps_group_freq;
-	wpa_s->global->pending_p2ps_group_freq = 0;
-	wpa_s->global->pending_p2ps_group = 0;
-
-	if (wpas_p2p_get_go_group(wpa_s))
-		return 0;
-	persistent_go = wpas_p2p_get_persistent_go(wpa_s);
-
-	if (persistent_go) {
-		wpas_p2p_group_add_persistent(
-			wpa_s, persistent_go, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-			NULL,
-			persistent_go->mode == WPAS_MODE_P2P_GO ?
-			P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE : 0, 0,
-			is_p2p_allow_6ghz(wpa_s->global->p2p));
-	} else {
-		wpas_p2p_group_add(wpa_s, 1, freq, 0, 0, 0, 0, 0, 0,
-				   is_p2p_allow_6ghz(wpa_s->global->p2p));
-	}
-
-	return 1;
-}
-
-
-static int wpas_p2p_get_pref_freq_list(void *ctx, int go,
-				       unsigned int *len,
-				       unsigned int *freq_list)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	return wpa_drv_get_pref_freq_list(wpa_s, go ? WPA_IF_P2P_GO :
-					  WPA_IF_P2P_CLIENT, len, freq_list);
-}
-
-
-int wpas_p2p_mac_setup(struct wpa_supplicant *wpa_s)
-{
-	u8 addr[ETH_ALEN] = {0};
-
-	if (wpa_s->conf->p2p_device_random_mac_addr == 0)
-		return 0;
-
-	if (wpa_s->conf->p2p_device_random_mac_addr == 2) {
-		if (is_zero_ether_addr(
-			    wpa_s->conf->p2p_device_persistent_mac_addr) &&
-		    !is_zero_ether_addr(wpa_s->own_addr)) {
-			os_memcpy(wpa_s->conf->p2p_device_persistent_mac_addr,
-				  wpa_s->own_addr, ETH_ALEN);
-		}
-		return 0;
-	}
-
-	if (!wpa_s->conf->ssid) {
-		if (random_mac_addr(addr) < 0) {
-			wpa_msg(wpa_s, MSG_INFO,
-				"Failed to generate random MAC address");
-			return -EINVAL;
-		}
-
-		/* Store generated MAC address. */
-		os_memcpy(wpa_s->conf->p2p_device_persistent_mac_addr, addr,
-			  ETH_ALEN);
-	} else {
-		/* If there are existing saved groups, restore last MAC address.
-		 * if there is no last used MAC address, the last one is
-		 * factory MAC. */
-		if (is_zero_ether_addr(
-			    wpa_s->conf->p2p_device_persistent_mac_addr))
-			return 0;
-		os_memcpy(addr, wpa_s->conf->p2p_device_persistent_mac_addr,
-			  ETH_ALEN);
-		wpa_msg(wpa_s, MSG_DEBUG, "Restore last used MAC address.");
-	}
-
-	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Failed to set random MAC address");
-		return -EINVAL;
-	}
-
-	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Could not update MAC address information");
-		return -EINVAL;
-	}
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
-		MAC2STR(addr));
-
-	return 0;
-}
-
-
-/**
- * wpas_p2p_init - Initialize P2P module for %wpa_supplicant
- * @global: Pointer to global data from wpa_supplicant_init()
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- * Returns: 0 on success, -1 on failure
- */
-int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s)
-{
-	struct p2p_config p2p;
-	int i;
-
-	if (wpa_s->conf->p2p_disabled)
-		return 0;
-
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE))
-		return 0;
-
-	if (global->p2p)
-		return 0;
-
-	if (wpas_p2p_mac_setup(wpa_s) < 0) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"Failed to initialize P2P random MAC address.");
-		return -1;
-	}
-
-	os_memset(&p2p, 0, sizeof(p2p));
-	p2p.cb_ctx = wpa_s;
-	p2p.debug_print = wpas_p2p_debug_print;
-	p2p.p2p_scan = wpas_p2p_scan;
-	p2p.send_action = wpas_send_action;
-	p2p.send_action_done = wpas_send_action_done;
-	p2p.go_neg_completed = wpas_go_neg_completed;
-	p2p.go_neg_req_rx = wpas_go_neg_req_rx;
-	p2p.dev_found = wpas_dev_found;
-	p2p.dev_lost = wpas_dev_lost;
-	p2p.find_stopped = wpas_find_stopped;
-	p2p.start_listen = wpas_start_listen;
-	p2p.stop_listen = wpas_stop_listen;
-	p2p.send_probe_resp = wpas_send_probe_resp;
-	p2p.sd_request = wpas_sd_request;
-	p2p.sd_response = wpas_sd_response;
-	p2p.prov_disc_req = wpas_prov_disc_req;
-	p2p.prov_disc_resp = wpas_prov_disc_resp;
-	p2p.prov_disc_fail = wpas_prov_disc_fail;
-	p2p.invitation_process = wpas_invitation_process;
-	p2p.invitation_received = wpas_invitation_received;
-	p2p.invitation_result = wpas_invitation_result;
-	p2p.get_noa = wpas_get_noa;
-	p2p.go_connected = wpas_go_connected;
-	p2p.presence_resp = wpas_presence_resp;
-	p2p.is_concurrent_session_active = wpas_is_concurrent_session_active;
-	p2p.is_p2p_in_progress = _wpas_p2p_in_progress;
-	p2p.get_persistent_group = wpas_get_persistent_group;
-	p2p.get_go_info = wpas_get_go_info;
-	p2p.remove_stale_groups = wpas_remove_stale_groups;
-	p2p.p2ps_prov_complete = wpas_p2ps_prov_complete;
-	p2p.prov_disc_resp_cb = wpas_prov_disc_resp_cb;
-	p2p.p2ps_group_capability = p2ps_group_capability;
-	p2p.get_pref_freq_list = wpas_p2p_get_pref_freq_list;
-	p2p.p2p_6ghz_disable = wpa_s->conf->p2p_6ghz_disable;
-
-	os_memcpy(wpa_s->global->p2p_dev_addr, wpa_s->own_addr, ETH_ALEN);
-	os_memcpy(p2p.dev_addr, wpa_s->global->p2p_dev_addr, ETH_ALEN);
-	p2p.dev_name = wpa_s->conf->device_name;
-	p2p.manufacturer = wpa_s->conf->manufacturer;
-	p2p.model_name = wpa_s->conf->model_name;
-	p2p.model_number = wpa_s->conf->model_number;
-	p2p.serial_number = wpa_s->conf->serial_number;
-	if (wpa_s->wps) {
-		os_memcpy(p2p.uuid, wpa_s->wps->uuid, 16);
-		p2p.config_methods = wpa_s->wps->config_methods;
-	}
-
-	if (wpas_p2p_setup_channels(wpa_s, &p2p.channels, &p2p.cli_channels,
-				    p2p.p2p_6ghz_disable)) {
-		wpa_printf(MSG_ERROR,
-			   "P2P: Failed to configure supported channel list");
-		return -1;
-	}
-
-	if (wpa_s->conf->p2p_listen_reg_class &&
-	    wpa_s->conf->p2p_listen_channel) {
-		p2p.reg_class = wpa_s->conf->p2p_listen_reg_class;
-		p2p.channel = wpa_s->conf->p2p_listen_channel;
-		p2p.channel_forced = 1;
-	} else {
-		/*
-		 * Pick one of the social channels randomly as the listen
-		 * channel.
-		 */
-		if (p2p_config_get_random_social(&p2p, &p2p.reg_class,
-						 &p2p.channel,
-						 &global->p2p_go_avoid_freq,
-						 &global->p2p_disallow_freq) !=
-		    0) {
-			wpa_printf(MSG_INFO,
-				   "P2P: No social channels supported by the driver - do not enable P2P");
-			return 0;
-		}
-		p2p.channel_forced = 0;
-	}
-	wpa_printf(MSG_DEBUG, "P2P: Own listen channel: %d:%d",
-		   p2p.reg_class, p2p.channel);
-
-	if (wpa_s->conf->p2p_oper_reg_class &&
-	    wpa_s->conf->p2p_oper_channel) {
-		p2p.op_reg_class = wpa_s->conf->p2p_oper_reg_class;
-		p2p.op_channel = wpa_s->conf->p2p_oper_channel;
-		p2p.cfg_op_channel = 1;
-		wpa_printf(MSG_DEBUG, "P2P: Configured operating channel: "
-			   "%d:%d", p2p.op_reg_class, p2p.op_channel);
-
-	} else {
-		/*
-		 * Use random operation channel from 2.4 GHz band social
-		 * channels (1, 6, 11) or band 60 GHz social channel (2) if no
-		 * other preference is indicated.
-		 */
-		if (p2p_config_get_random_social(&p2p, &p2p.op_reg_class,
-						 &p2p.op_channel, NULL,
-						 NULL) != 0) {
-			wpa_printf(MSG_INFO,
-				   "P2P: Failed to select random social channel as operation channel");
-			p2p.op_reg_class = 0;
-			p2p.op_channel = 0;
-			/* This will be overridden during group setup in
-			 * p2p_prepare_channel(), so allow setup to continue. */
-		}
-		p2p.cfg_op_channel = 0;
-		wpa_printf(MSG_DEBUG, "P2P: Random operating channel: "
-			   "%d:%d", p2p.op_reg_class, p2p.op_channel);
-	}
-
-	if (wpa_s->conf->p2p_pref_chan && wpa_s->conf->num_p2p_pref_chan) {
-		p2p.pref_chan = wpa_s->conf->p2p_pref_chan;
-		p2p.num_pref_chan = wpa_s->conf->num_p2p_pref_chan;
-	}
-
-	if (wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
-		os_memcpy(p2p.country, wpa_s->conf->country, 2);
-		p2p.country[2] = 0x04;
-	} else
-		os_memcpy(p2p.country, "XX\x04", 3);
-
-	os_memcpy(p2p.pri_dev_type, wpa_s->conf->device_type,
-		  WPS_DEV_TYPE_LEN);
-
-	p2p.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
-	os_memcpy(p2p.sec_dev_type, wpa_s->conf->sec_device_type,
-		  p2p.num_sec_dev_types * WPS_DEV_TYPE_LEN);
-
-	p2p.concurrent_operations = !!(wpa_s->drv_flags &
-				       WPA_DRIVER_FLAGS_P2P_CONCURRENT);
-
-	p2p.max_peers = 100;
-
-	if (wpa_s->conf->p2p_ssid_postfix) {
-		p2p.ssid_postfix_len =
-			os_strlen(wpa_s->conf->p2p_ssid_postfix);
-		if (p2p.ssid_postfix_len > sizeof(p2p.ssid_postfix))
-			p2p.ssid_postfix_len = sizeof(p2p.ssid_postfix);
-		os_memcpy(p2p.ssid_postfix, wpa_s->conf->p2p_ssid_postfix,
-			  p2p.ssid_postfix_len);
-	}
-
-	p2p.p2p_intra_bss = wpa_s->conf->p2p_intra_bss;
-
-	p2p.max_listen = wpa_s->max_remain_on_chan;
-
-	if (wpa_s->conf->p2p_passphrase_len >= 8 &&
-	    wpa_s->conf->p2p_passphrase_len <= 63)
-		p2p.passphrase_len = wpa_s->conf->p2p_passphrase_len;
-	else
-		p2p.passphrase_len = 8;
-
-	global->p2p = p2p_init(&p2p);
-	if (global->p2p == NULL)
-		return -1;
-	global->p2p_init_wpa_s = wpa_s;
-
-	for (i = 0; i < MAX_WPS_VENDOR_EXT; i++) {
-		if (wpa_s->conf->wps_vendor_ext[i] == NULL)
-			continue;
-		p2p_add_wps_vendor_extension(
-			global->p2p, wpa_s->conf->wps_vendor_ext[i]);
-	}
-
-	p2p_set_no_go_freq(global->p2p, &wpa_s->conf->p2p_no_go_freq);
-
-	return 0;
-}
-
-
-/**
- * wpas_p2p_deinit - Deinitialize per-interface P2P data
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- *
- * This function deinitialize per-interface P2P data.
- */
-void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->driver && wpa_s->drv_priv)
-		wpa_drv_probe_req_report(wpa_s, 0);
-
-	if (wpa_s->go_params) {
-		/* Clear any stored provisioning info */
-		p2p_clear_provisioning_info(
-			wpa_s->global->p2p,
-			wpa_s->go_params->peer_device_addr);
-	}
-
-	os_free(wpa_s->go_params);
-	wpa_s->go_params = NULL;
-	eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
-	wpa_s->global->p2p_long_listen = 0;
-	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
-	wpas_p2p_remove_pending_group_interface(wpa_s);
-	eloop_cancel_timeout(wpas_p2p_group_freq_conflict, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_p2p_reconsider_moving_go, wpa_s, NULL);
-	wpas_p2p_listen_work_done(wpa_s);
-	if (wpa_s->p2p_send_action_work) {
-		os_free(wpa_s->p2p_send_action_work->ctx);
-		radio_work_done(wpa_s->p2p_send_action_work);
-		wpa_s->p2p_send_action_work = NULL;
-	}
-	eloop_cancel_timeout(wpas_p2p_send_action_work_timeout, wpa_s, NULL);
-
-	wpabuf_free(wpa_s->p2p_oob_dev_pw);
-	wpa_s->p2p_oob_dev_pw = NULL;
-
-	os_free(wpa_s->p2p_group_common_freqs);
-	wpa_s->p2p_group_common_freqs = NULL;
-	wpa_s->p2p_group_common_freqs_num = 0;
-
-	/* TODO: remove group interface from the driver if this wpa_s instance
-	 * is on top of a P2P group interface */
-}
-
-
-/**
- * wpas_p2p_deinit_global - Deinitialize global P2P module
- * @global: Pointer to global data from wpa_supplicant_init()
- *
- * This function deinitializes the global (per device) P2P module.
- */
-static void wpas_p2p_deinit_global(struct wpa_global *global)
-{
-	struct wpa_supplicant *wpa_s, *tmp;
-
-	wpa_s = global->ifaces;
-
-	wpas_p2p_service_flush(global->p2p_init_wpa_s);
-
-	/* Remove remaining P2P group interfaces */
-	while (wpa_s && wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
-		wpa_s = wpa_s->next;
-	while (wpa_s) {
-		tmp = global->ifaces;
-		while (tmp &&
-		       (tmp == wpa_s ||
-			tmp->p2p_group_interface == NOT_P2P_GROUP_INTERFACE)) {
-			tmp = tmp->next;
-		}
-		if (tmp == NULL)
-			break;
-		/* Disconnect from the P2P group and deinit the interface */
-		wpas_p2p_disconnect(tmp);
-	}
-
-	/*
-	 * Deinit GO data on any possibly remaining interface (if main
-	 * interface is used as GO).
-	 */
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_s->ap_iface)
-			wpas_p2p_group_deinit(wpa_s);
-	}
-
-	p2p_deinit(global->p2p);
-	global->p2p = NULL;
-	global->p2p_init_wpa_s = NULL;
-}
-
-
-static int wpas_p2p_create_iface(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->conf->p2p_no_group_iface)
-		return 0; /* separate interface disabled per configuration */
-	if (wpa_s->drv_flags &
-	    (WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE |
-	     WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P))
-		return 1; /* P2P group requires a new interface in every case
-			   */
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CONCURRENT))
-		return 0; /* driver does not support concurrent operations */
-	if (wpa_s->global->ifaces->next)
-		return 1; /* more that one interface already in use */
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-		return 1; /* this interface is already in use */
-	return 0;
-}
-
-
-static int wpas_p2p_start_go_neg(struct wpa_supplicant *wpa_s,
-				 const u8 *peer_addr,
-				 enum p2p_wps_method wps_method,
-				 int go_intent, const u8 *own_interface_addr,
-				 unsigned int force_freq, int persistent_group,
-				 struct wpa_ssid *ssid, unsigned int pref_freq)
-{
-	if (persistent_group && wpa_s->conf->persistent_reconnect)
-		persistent_group = 2;
-
-	/*
-	 * Increase GO config timeout if HT40 is used since it takes some time
-	 * to scan channels for coex purposes before the BSS can be started.
-	 */
-	p2p_set_config_timeout(wpa_s->global->p2p,
-			       wpa_s->p2p_go_ht40 ? 255 : 100, 20);
-
-	return p2p_connect(wpa_s->global->p2p, peer_addr, wps_method,
-			   go_intent, own_interface_addr, force_freq,
-			   persistent_group, ssid ? ssid->ssid : NULL,
-			   ssid ? ssid->ssid_len : 0,
-			   wpa_s->p2p_pd_before_go_neg, pref_freq,
-			   wps_method == WPS_NFC ? wpa_s->p2p_oob_dev_pw_id :
-			   0);
-}
-
-
-static int wpas_p2p_auth_go_neg(struct wpa_supplicant *wpa_s,
-				const u8 *peer_addr,
-				enum p2p_wps_method wps_method,
-				int go_intent, const u8 *own_interface_addr,
-				unsigned int force_freq, int persistent_group,
-				struct wpa_ssid *ssid, unsigned int pref_freq)
-{
-	if (persistent_group && wpa_s->conf->persistent_reconnect)
-		persistent_group = 2;
-
-	return p2p_authorize(wpa_s->global->p2p, peer_addr, wps_method,
-			     go_intent, own_interface_addr, force_freq,
-			     persistent_group, ssid ? ssid->ssid : NULL,
-			     ssid ? ssid->ssid_len : 0, pref_freq,
-			     wps_method == WPS_NFC ? wpa_s->p2p_oob_dev_pw_id :
-			     0);
-}
-
-
-static void wpas_p2p_check_join_scan_limit(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->p2p_join_scan_count++;
-	wpa_printf(MSG_DEBUG, "P2P: Join scan attempt %d",
-		   wpa_s->p2p_join_scan_count);
-	if (wpa_s->p2p_join_scan_count > P2P_MAX_JOIN_SCAN_ATTEMPTS) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to find GO " MACSTR
-			   " for join operationg - stop join attempt",
-			   MAC2STR(wpa_s->pending_join_iface_addr));
-		eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
-		if (wpa_s->p2p_auto_pd) {
-			wpa_s->p2p_auto_pd = 0;
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_PROV_DISC_FAILURE
-				       " p2p_dev_addr=" MACSTR " status=N/A",
-				       MAC2STR(wpa_s->pending_join_dev_addr));
-			return;
-		}
-		if (wpa_s->p2p_fallback_to_go_neg) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Join operation failed - fall back to GO Negotiation");
-			wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-				       P2P_EVENT_FALLBACK_TO_GO_NEG
-				       "reason=join-failed");
-			wpas_p2p_fallback_to_go_neg(wpa_s, 0);
-			return;
-		}
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_GROUP_FORMATION_FAILURE);
-		wpas_notify_p2p_group_formation_failure(wpa_s, "");
-	}
-}
-
-
-static int wpas_check_freq_conflict(struct wpa_supplicant *wpa_s, int freq)
-{
-	int res;
-	unsigned int num, i;
-	struct wpa_used_freq_data *freqs;
-
-	if (wpas_p2p_num_unused_channels(wpa_s) > 0) {
-		/* Multiple channels are supported and not all are in use */
-		return 0;
-	}
-
-	freqs = os_calloc(wpa_s->num_multichan_concurrent,
-			  sizeof(struct wpa_used_freq_data));
-	if (!freqs)
-		return 1;
-
-	num = wpas_p2p_valid_oper_freqs(wpa_s, freqs,
-					wpa_s->num_multichan_concurrent);
-
-	for (i = 0; i < num; i++) {
-		if (freqs[i].freq == freq) {
-			wpa_printf(MSG_DEBUG, "P2P: Frequency %d MHz in use by another virtual interface and can be used",
-				   freq);
-			res = 0;
-			goto exit_free;
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: No valid operating frequencies");
-	res = 1;
-
-exit_free:
-	os_free(freqs);
-	return res;
-}
-
-
-static int wpas_p2p_peer_go(struct wpa_supplicant *wpa_s,
-			    const u8 *peer_dev_addr)
-{
-	struct wpa_bss *bss;
-	int updated;
-
-	bss = wpa_bss_get_p2p_dev_addr(wpa_s, peer_dev_addr);
-	if (bss == NULL)
-		return -1;
-	if (bss->last_update_idx < wpa_s->bss_update_idx) {
-		wpa_printf(MSG_DEBUG, "P2P: Peer BSS entry not updated in the "
-			   "last scan");
-		return 0;
-	}
-
-	updated = os_reltime_before(&wpa_s->p2p_auto_started,
-				    &bss->last_update);
-	wpa_printf(MSG_DEBUG, "P2P: Current BSS entry for peer updated at "
-		   "%ld.%06ld (%supdated in last scan)",
-		   bss->last_update.sec, bss->last_update.usec,
-		   updated ? "": "not ");
-
-	return updated;
-}
-
-
-static void wpas_p2p_scan_res_join(struct wpa_supplicant *wpa_s,
-				   struct wpa_scan_results *scan_res)
-{
-	struct wpa_bss *bss = NULL;
-	int freq;
-	u8 iface_addr[ETH_ALEN];
-
-	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
-
-	if (wpa_s->global->p2p_disabled)
-		return;
-
-	wpa_printf(MSG_DEBUG, "P2P: Scan results received (%d BSS) for %sjoin",
-		   scan_res ? (int) scan_res->num : -1,
-		   wpa_s->p2p_auto_join ? "auto_" : "");
-
-	if (scan_res)
-		wpas_p2p_scan_res_handler(wpa_s, scan_res);
-
-	if (wpa_s->p2p_auto_pd) {
-		int join = wpas_p2p_peer_go(wpa_s,
-					    wpa_s->pending_join_dev_addr);
-		if (join == 0 &&
-		    wpa_s->auto_pd_scan_retry < P2P_AUTO_PD_SCAN_ATTEMPTS) {
-			wpa_s->auto_pd_scan_retry++;
-			bss = wpa_bss_get_bssid_latest(
-				wpa_s, wpa_s->pending_join_dev_addr);
-			if (bss) {
-				freq = bss->freq;
-				wpa_printf(MSG_DEBUG, "P2P: Scan retry %d for "
-					   "the peer " MACSTR " at %d MHz",
-					   wpa_s->auto_pd_scan_retry,
-					   MAC2STR(wpa_s->
-						   pending_join_dev_addr),
-					   freq);
-				wpas_p2p_join_scan_req(wpa_s, freq, NULL, 0);
-				return;
-			}
-		}
-
-		if (join < 0)
-			join = 0;
-
-		wpa_s->p2p_auto_pd = 0;
-		wpa_s->pending_pd_use = join ? AUTO_PD_JOIN : AUTO_PD_GO_NEG;
-		wpa_printf(MSG_DEBUG, "P2P: Auto PD with " MACSTR " join=%d",
-			   MAC2STR(wpa_s->pending_join_dev_addr), join);
-		if (p2p_prov_disc_req(wpa_s->global->p2p,
-				      wpa_s->pending_join_dev_addr, NULL,
-				      wpa_s->pending_pd_config_methods, join,
-				      0, wpa_s->user_initiated_pd) < 0) {
-			wpa_s->p2p_auto_pd = 0;
-			wpa_msg_global(wpa_s, MSG_INFO,
-				       P2P_EVENT_PROV_DISC_FAILURE
-				       " p2p_dev_addr=" MACSTR " status=N/A",
-				       MAC2STR(wpa_s->pending_join_dev_addr));
-		}
-		return;
-	}
-
-	if (wpa_s->p2p_auto_join) {
-		int join = wpas_p2p_peer_go(wpa_s,
-					    wpa_s->pending_join_dev_addr);
-		if (join < 0) {
-			wpa_printf(MSG_DEBUG, "P2P: Peer was not found to be "
-				   "running a GO -> use GO Negotiation");
-			wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-				       P2P_EVENT_FALLBACK_TO_GO_NEG
-				       "reason=peer-not-running-GO");
-			wpas_p2p_connect(wpa_s, wpa_s->pending_join_dev_addr,
-					 wpa_s->p2p_pin, wpa_s->p2p_wps_method,
-					 wpa_s->p2p_persistent_group, 0, 0, 0,
-					 wpa_s->p2p_go_intent,
-					 wpa_s->p2p_connect_freq,
-					 wpa_s->p2p_go_vht_center_freq2,
-					 wpa_s->p2p_persistent_id,
-					 wpa_s->p2p_pd_before_go_neg,
-					 wpa_s->p2p_go_ht40,
-					 wpa_s->p2p_go_vht,
-					 wpa_s->p2p_go_max_oper_chwidth,
-					 wpa_s->p2p_go_he,
-					 wpa_s->p2p_go_edmg,
-					 NULL, 0,
-					 is_p2p_allow_6ghz(wpa_s->global->p2p));
-			return;
-		}
-
-		wpa_printf(MSG_DEBUG, "P2P: Peer was found running GO%s -> "
-			   "try to join the group", join ? "" :
-			   " in older scan");
-		if (!join) {
-			wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-				       P2P_EVENT_FALLBACK_TO_GO_NEG_ENABLED);
-			wpa_s->p2p_fallback_to_go_neg = 1;
-		}
-	}
-
-	freq = p2p_get_oper_freq(wpa_s->global->p2p,
-				 wpa_s->pending_join_iface_addr);
-	if (freq < 0 &&
-	    p2p_get_interface_addr(wpa_s->global->p2p,
-				   wpa_s->pending_join_dev_addr,
-				   iface_addr) == 0 &&
-	    os_memcmp(iface_addr, wpa_s->pending_join_dev_addr, ETH_ALEN) != 0
-	    && !wpa_bss_get_bssid(wpa_s, wpa_s->pending_join_iface_addr)) {
-		wpa_printf(MSG_DEBUG, "P2P: Overwrite pending interface "
-			   "address for join from " MACSTR " to " MACSTR
-			   " based on newly discovered P2P peer entry",
-			   MAC2STR(wpa_s->pending_join_iface_addr),
-			   MAC2STR(iface_addr));
-		os_memcpy(wpa_s->pending_join_iface_addr, iface_addr,
-			  ETH_ALEN);
-
-		freq = p2p_get_oper_freq(wpa_s->global->p2p,
-					 wpa_s->pending_join_iface_addr);
-	}
-	if (freq >= 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Target GO operating frequency "
-			   "from P2P peer table: %d MHz", freq);
-	}
-	if (wpa_s->p2p_join_ssid_len) {
-		wpa_printf(MSG_DEBUG, "P2P: Trying to find target GO BSS entry based on BSSID "
-			   MACSTR " and SSID %s",
-			   MAC2STR(wpa_s->pending_join_iface_addr),
-			   wpa_ssid_txt(wpa_s->p2p_join_ssid,
-					wpa_s->p2p_join_ssid_len));
-		bss = wpa_bss_get(wpa_s, wpa_s->pending_join_iface_addr,
-				  wpa_s->p2p_join_ssid,
-				  wpa_s->p2p_join_ssid_len);
-	} else if (!bss) {
-		wpa_printf(MSG_DEBUG, "P2P: Trying to find target GO BSS entry based on BSSID "
-			   MACSTR, MAC2STR(wpa_s->pending_join_iface_addr));
-		bss = wpa_bss_get_bssid_latest(wpa_s,
-					       wpa_s->pending_join_iface_addr);
-	}
-	if (bss) {
-		u8 dev_addr[ETH_ALEN];
-
-		freq = bss->freq;
-		wpa_printf(MSG_DEBUG, "P2P: Target GO operating frequency "
-			   "from BSS table: %d MHz (SSID %s)", freq,
-			   wpa_ssid_txt(bss->ssid, bss->ssid_len));
-		if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len,
-				       dev_addr) == 0 &&
-		    os_memcmp(wpa_s->pending_join_dev_addr,
-			      wpa_s->pending_join_iface_addr, ETH_ALEN) == 0 &&
-		    os_memcmp(dev_addr, wpa_s->pending_join_dev_addr,
-			      ETH_ALEN) != 0) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Update target GO device address based on BSS entry: " MACSTR " (was " MACSTR ")",
-				   MAC2STR(dev_addr),
-				   MAC2STR(wpa_s->pending_join_dev_addr));
-			os_memcpy(wpa_s->pending_join_dev_addr, dev_addr,
-				  ETH_ALEN);
-		}
-	}
-	if (freq > 0) {
-		u16 method;
-
-		if (wpas_check_freq_conflict(wpa_s, freq) > 0) {
-			wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-				       P2P_EVENT_GROUP_FORMATION_FAILURE
-				       "reason=FREQ_CONFLICT");
-			wpas_notify_p2p_group_formation_failure(
-				wpa_s, "FREQ_CONFLICT");
-			return;
-		}
-
-		wpa_printf(MSG_DEBUG, "P2P: Send Provision Discovery Request "
-			   "prior to joining an existing group (GO " MACSTR
-			   " freq=%u MHz)",
-			   MAC2STR(wpa_s->pending_join_dev_addr), freq);
-		wpa_s->pending_pd_before_join = 1;
-
-		switch (wpa_s->pending_join_wps_method) {
-		case WPS_PIN_DISPLAY:
-			method = WPS_CONFIG_KEYPAD;
-			break;
-		case WPS_PIN_KEYPAD:
-			method = WPS_CONFIG_DISPLAY;
-			break;
-		case WPS_PBC:
-			method = WPS_CONFIG_PUSHBUTTON;
-			break;
-		case WPS_P2PS:
-			method = WPS_CONFIG_P2PS;
-			break;
-		default:
-			method = 0;
-			break;
-		}
-
-		if ((p2p_get_provisioning_info(wpa_s->global->p2p,
-					       wpa_s->pending_join_dev_addr) ==
-		     method)) {
-			/*
-			 * We have already performed provision discovery for
-			 * joining the group. Proceed directly to join
-			 * operation without duplicated provision discovery. */
-			wpa_printf(MSG_DEBUG, "P2P: Provision discovery "
-				   "with " MACSTR " already done - proceed to "
-				   "join",
-				   MAC2STR(wpa_s->pending_join_dev_addr));
-			wpa_s->pending_pd_before_join = 0;
-			goto start;
-		}
-
-		if (p2p_prov_disc_req(wpa_s->global->p2p,
-				      wpa_s->pending_join_dev_addr,
-				      NULL, method, 1,
-				      freq, wpa_s->user_initiated_pd) < 0) {
-			wpa_printf(MSG_DEBUG, "P2P: Failed to send Provision "
-				   "Discovery Request before joining an "
-				   "existing group");
-			wpa_s->pending_pd_before_join = 0;
-			goto start;
-		}
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Failed to find BSS/GO - try again later");
-	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
-	eloop_register_timeout(1, 0, wpas_p2p_join_scan, wpa_s, NULL);
-	wpas_p2p_check_join_scan_limit(wpa_s);
-	return;
-
-start:
-	/* Start join operation immediately */
-	wpas_p2p_join_start(wpa_s, 0, wpa_s->p2p_join_ssid,
-			    wpa_s->p2p_join_ssid_len);
-}
-
-
-static void wpas_p2p_join_scan_req(struct wpa_supplicant *wpa_s, int freq,
-				   const u8 *ssid, size_t ssid_len)
-{
-	int ret;
-	struct wpa_driver_scan_params params;
-	struct wpabuf *wps_ie, *ies;
-	size_t ielen;
-	int freqs[2] = { 0, 0 };
-	unsigned int bands;
-
-	os_memset(&params, 0, sizeof(params));
-
-	/* P2P Wildcard SSID */
-	params.num_ssids = 1;
-	if (ssid && ssid_len) {
-		params.ssids[0].ssid = ssid;
-		params.ssids[0].ssid_len = ssid_len;
-		os_memcpy(wpa_s->p2p_join_ssid, ssid, ssid_len);
-		wpa_s->p2p_join_ssid_len = ssid_len;
-	} else {
-		params.ssids[0].ssid = (u8 *) P2P_WILDCARD_SSID;
-		params.ssids[0].ssid_len = P2P_WILDCARD_SSID_LEN;
-		wpa_s->p2p_join_ssid_len = 0;
-	}
-
-	wpa_s->wps->dev.p2p = 1;
-	wps_ie = wps_build_probe_req_ie(DEV_PW_DEFAULT, &wpa_s->wps->dev,
-					wpa_s->wps->uuid, WPS_REQ_ENROLLEE, 0,
-					NULL);
-	if (wps_ie == NULL) {
-		wpas_p2p_scan_res_join(wpa_s, NULL);
-		return;
-	}
-
-	if (!freq) {
-		int oper_freq;
-		/*
-		 * If freq is not provided, check the operating freq of the GO
-		 * and use a single channel scan on if possible.
-		 */
-		oper_freq = p2p_get_oper_freq(wpa_s->global->p2p,
-					      wpa_s->pending_join_iface_addr);
-		if (oper_freq > 0)
-			freq = oper_freq;
-	}
-	if (freq > 0) {
-		freqs[0] = freq;
-		params.freqs = freqs;
-	} else if (wpa_s->conf->p2p_6ghz_disable ||
-		   !is_p2p_allow_6ghz(wpa_s->global->p2p)) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: 6 GHz disabled - update the scan frequency list");
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, &params,
-					0);
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, &params,
-					0);
-	}
-
-	ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
-	ies = wpabuf_alloc(wpabuf_len(wps_ie) + ielen);
-	if (ies == NULL) {
-		wpabuf_free(wps_ie);
-		wpas_p2p_scan_res_join(wpa_s, NULL);
-		return;
-	}
-	wpabuf_put_buf(ies, wps_ie);
-	wpabuf_free(wps_ie);
-
-	bands = wpas_get_bands(wpa_s, freqs);
-	p2p_scan_ie(wpa_s->global->p2p, ies, NULL, bands);
-
-	params.p2p_probe = 1;
-	params.extra_ies = wpabuf_head(ies);
-	params.extra_ies_len = wpabuf_len(ies);
-
-	if (wpa_s->clear_driver_scan_cache) {
-		wpa_printf(MSG_DEBUG,
-			   "Request driver to clear scan cache due to local BSS flush");
-		params.only_new_results = 1;
-	}
-
-	/*
-	 * Run a scan to update BSS table and start Provision Discovery once
-	 * the new scan results become available.
-	 */
-	ret = wpa_drv_scan(wpa_s, &params);
-	if (params.freqs != freqs)
-		os_free(params.freqs);
-	if (!ret) {
-		os_get_reltime(&wpa_s->scan_trigger_time);
-		wpa_s->scan_res_handler = wpas_p2p_scan_res_join;
-		wpa_s->own_scan_requested = 1;
-		wpa_s->clear_driver_scan_cache = 0;
-	}
-
-	wpabuf_free(ies);
-
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "P2P: Failed to start scan for join - "
-			   "try again later");
-		eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
-		eloop_register_timeout(1, 0, wpas_p2p_join_scan, wpa_s, NULL);
-		wpas_p2p_check_join_scan_limit(wpa_s);
-	}
-}
-
-
-static void wpas_p2p_join_scan(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpas_p2p_join_scan_req(wpa_s, 0, NULL, 0);
-}
-
-
-static int wpas_p2p_join(struct wpa_supplicant *wpa_s, const u8 *iface_addr,
-			 const u8 *dev_addr, enum p2p_wps_method wps_method,
-			 int auto_join, int op_freq,
-			 const u8 *ssid, size_t ssid_len)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Request to join existing group (iface "
-		   MACSTR " dev " MACSTR " op_freq=%d)%s",
-		   MAC2STR(iface_addr), MAC2STR(dev_addr), op_freq,
-		   auto_join ? " (auto_join)" : "");
-	if (ssid && ssid_len) {
-		wpa_printf(MSG_DEBUG, "P2P: Group SSID specified: %s",
-			   wpa_ssid_txt(ssid, ssid_len));
-	}
-
-	wpa_s->p2p_auto_pd = 0;
-	wpa_s->p2p_auto_join = !!auto_join;
-	os_memcpy(wpa_s->pending_join_iface_addr, iface_addr, ETH_ALEN);
-	os_memcpy(wpa_s->pending_join_dev_addr, dev_addr, ETH_ALEN);
-	wpa_s->pending_join_wps_method = wps_method;
-
-	/* Make sure we are not running find during connection establishment */
-	wpas_p2p_stop_find(wpa_s);
-
-	wpa_s->p2p_join_scan_count = 0;
-	wpas_p2p_join_scan_req(wpa_s, op_freq, ssid, ssid_len);
-	return 0;
-}
-
-
-static int wpas_p2p_join_start(struct wpa_supplicant *wpa_s, int freq,
-			       const u8 *ssid, size_t ssid_len)
-{
-	struct wpa_supplicant *group;
-	struct p2p_go_neg_results res;
-	struct wpa_bss *bss;
-
-	group = wpas_p2p_get_group_iface(wpa_s, 0, 0);
-	if (group == NULL)
-		return -1;
-	if (group != wpa_s) {
-		os_memcpy(group->p2p_pin, wpa_s->p2p_pin,
-			  sizeof(group->p2p_pin));
-		group->p2p_wps_method = wpa_s->p2p_wps_method;
-	}
-
-	/*
-	 * Need to mark the current interface for p2p_group_formation
-	 * when a separate group interface is not used. This is needed
-	 * to allow p2p_cancel stop a pending p2p_connect-join.
-	 * wpas_p2p_init_group_interface() addresses this for the case
-	 * where a separate group interface is used.
-	 */
-	if (group == wpa_s->parent)
-		wpa_s->global->p2p_group_formation = group;
-
-	group->p2p_in_provisioning = 1;
-	group->p2p_fallback_to_go_neg = wpa_s->p2p_fallback_to_go_neg;
-
-	os_memset(&res, 0, sizeof(res));
-	os_memcpy(res.peer_device_addr, wpa_s->pending_join_dev_addr, ETH_ALEN);
-	os_memcpy(res.peer_interface_addr, wpa_s->pending_join_iface_addr,
-		  ETH_ALEN);
-	res.wps_method = wpa_s->pending_join_wps_method;
-	if (freq && ssid && ssid_len) {
-		res.freq = freq;
-		res.ssid_len = ssid_len;
-		os_memcpy(res.ssid, ssid, ssid_len);
-	} else {
-		if (ssid && ssid_len) {
-			bss = wpa_bss_get(wpa_s, wpa_s->pending_join_iface_addr,
-					  ssid, ssid_len);
-		} else {
-			bss = wpa_bss_get_bssid_latest(
-				wpa_s, wpa_s->pending_join_iface_addr);
-		}
-		if (bss) {
-			res.freq = bss->freq;
-			res.ssid_len = bss->ssid_len;
-			os_memcpy(res.ssid, bss->ssid, bss->ssid_len);
-			wpa_printf(MSG_DEBUG, "P2P: Join target GO operating frequency from BSS table: %d MHz (SSID %s)",
-				   bss->freq,
-				   wpa_ssid_txt(bss->ssid, bss->ssid_len));
-		} else if (ssid && ssid_len) {
-			res.ssid_len = ssid_len;
-			os_memcpy(res.ssid, ssid, ssid_len);
-			wpa_printf(MSG_DEBUG, "P2P: Join target GO (SSID %s)",
-				   wpa_ssid_txt(ssid, ssid_len));
-		}
-	}
-
-	if (wpa_s->off_channel_freq || wpa_s->roc_waiting_drv_freq) {
-		wpa_printf(MSG_DEBUG, "P2P: Cancel remain-on-channel prior to "
-			   "starting client");
-		wpa_drv_cancel_remain_on_channel(wpa_s);
-		wpa_s->off_channel_freq = 0;
-		wpa_s->roc_waiting_drv_freq = 0;
-	}
-	wpas_start_wps_enrollee(group, &res);
-
-	/*
-	 * Allow a longer timeout for join-a-running-group than normal 15
-	 * second group formation timeout since the GO may not have authorized
-	 * our connection yet.
-	 */
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
-	eloop_register_timeout(60, 0, wpas_p2p_group_formation_timeout,
-			       wpa_s, NULL);
-
-	return 0;
-}
-
-
-static int wpas_p2p_setup_freqs(struct wpa_supplicant *wpa_s, int freq,
-				int *force_freq, int *pref_freq, int go,
-				unsigned int *pref_freq_list,
-				unsigned int *num_pref_freq)
-{
-	struct wpa_used_freq_data *freqs;
-	int res, best_freq, num_unused;
-	unsigned int freq_in_use = 0, num, i, max_pref_freq;
-
-	max_pref_freq = *num_pref_freq;
-	*num_pref_freq = 0;
-
-	freqs = os_calloc(wpa_s->num_multichan_concurrent,
-			  sizeof(struct wpa_used_freq_data));
-	if (!freqs)
-		return -1;
-
-	num = wpas_p2p_valid_oper_freqs(wpa_s, freqs,
-					wpa_s->num_multichan_concurrent);
-
-	/*
-	 * It is possible that the total number of used frequencies is bigger
-	 * than the number of frequencies used for P2P, so get the system wide
-	 * number of unused frequencies.
-	 */
-	num_unused = wpas_p2p_num_unused_channels(wpa_s);
-
-	wpa_printf(MSG_DEBUG,
-		   "P2P: Setup freqs: freq=%d num_MCC=%d shared_freqs=%u num_unused=%d",
-		   freq, wpa_s->num_multichan_concurrent, num, num_unused);
-
-	if (freq > 0) {
-		int ret;
-		if (go)
-			ret = p2p_supported_freq(wpa_s->global->p2p, freq);
-		else
-			ret = p2p_supported_freq_cli(wpa_s->global->p2p, freq);
-		if (!ret) {
-			if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) &&
-			    ieee80211_is_dfs(freq, wpa_s->hw.modes,
-					     wpa_s->hw.num_modes)) {
-				/*
-				 * If freq is a DFS channel and DFS is offloaded
-				 * to the driver, allow P2P GO to use it.
-				 */
-				wpa_printf(MSG_DEBUG,
-					   "P2P: The forced channel for GO (%u MHz) is DFS, and DFS is offloaded to the driver",
-					   freq);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: The forced channel (%u MHz) is not supported for P2P uses",
-					   freq);
-				res = -3;
-				goto exit_free;
-			}
-		}
-
-		for (i = 0; i < num; i++) {
-			if (freqs[i].freq == freq)
-				freq_in_use = 1;
-		}
-
-		if (num_unused <= 0 && !freq_in_use) {
-			wpa_printf(MSG_DEBUG, "P2P: Cannot start P2P group on %u MHz as there are no available channels",
-				   freq);
-			res = -2;
-			goto exit_free;
-		}
-		wpa_printf(MSG_DEBUG, "P2P: Trying to force us to use the "
-			   "requested channel (%u MHz)", freq);
-		*force_freq = freq;
-		goto exit_ok;
-	}
-
-	best_freq = wpas_p2p_pick_best_used_freq(wpa_s, freqs, num);
-
-	if (!wpa_s->conf->num_p2p_pref_chan && *pref_freq == 0) {
-		enum wpa_driver_if_type iface_type;
-
-		if (go)
-			iface_type = WPA_IF_P2P_GO;
-		else
-			iface_type = WPA_IF_P2P_CLIENT;
-
-		wpa_printf(MSG_DEBUG, "P2P: best_freq=%d, go=%d",
-			   best_freq, go);
-
-		res = wpa_drv_get_pref_freq_list(wpa_s, iface_type,
-						 &max_pref_freq,
-						 pref_freq_list);
-		if (!is_p2p_allow_6ghz(wpa_s->global->p2p))
-			max_pref_freq = p2p_remove_6ghz_channels(pref_freq_list,
-								 max_pref_freq);
-
-		if (!res && max_pref_freq > 0) {
-			*num_pref_freq = max_pref_freq;
-			i = 0;
-			while (i < *num_pref_freq &&
-			       (!p2p_supported_freq(wpa_s->global->p2p,
-						    pref_freq_list[i]) ||
-				wpas_p2p_disallowed_freq(wpa_s->global,
-							 pref_freq_list[i]))) {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: preferred_freq_list[%d]=%d is disallowed",
-					   i, pref_freq_list[i]);
-				i++;
-			}
-			if (i != *num_pref_freq) {
-				best_freq = pref_freq_list[i];
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Using preferred_freq_list[%d]=%d",
-					   i, best_freq);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: All driver preferred frequencies are disallowed for P2P use");
-				*num_pref_freq = 0;
-			}
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: No preferred frequency list available");
-		}
-	}
-
-	/* We have a candidate frequency to use */
-	if (best_freq > 0) {
-		if (*pref_freq == 0 && num_unused > 0) {
-			wpa_printf(MSG_DEBUG, "P2P: Try to prefer a frequency (%u MHz) we are already using",
-				   best_freq);
-			*pref_freq = best_freq;
-		} else {
-			wpa_printf(MSG_DEBUG, "P2P: Try to force us to use frequency (%u MHz) which is already in use",
-				   best_freq);
-			*force_freq = best_freq;
-		}
-	} else if (num_unused > 0) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Current operating channels are not available for P2P. Try to use another channel");
-		*force_freq = 0;
-	} else {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: All channels are in use and none of them are P2P enabled. Cannot start P2P group");
-		res = -2;
-		goto exit_free;
-	}
-
-exit_ok:
-	res = 0;
-exit_free:
-	os_free(freqs);
-	return res;
-}
-
-
-static bool is_p2p_6ghz_supported(struct wpa_supplicant *wpa_s,
-				  const u8 *peer_addr)
-{
-	if (wpa_s->conf->p2p_6ghz_disable ||
-	    !get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-		      HOSTAPD_MODE_IEEE80211A, true))
-		return false;
-
-	if (!p2p_wfd_enabled(wpa_s->global->p2p))
-		return false;
-	if (peer_addr && !p2p_peer_wfd_enabled(wpa_s->global->p2p, peer_addr))
-		return false;
-
-	return true;
-}
-
-
-static int wpas_p2p_check_6ghz(struct wpa_supplicant *wpa_s,
-			       const u8 *peer_addr, bool allow_6ghz, int freq)
-{
-	if (allow_6ghz && is_p2p_6ghz_supported(wpa_s, peer_addr)) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Allow connection on 6 GHz channels");
-		p2p_set_6ghz_dev_capab(wpa_s->global->p2p, true);
-	} else {
-		if (is_6ghz_freq(freq))
-			return -2;
-		p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);
-	}
-
-	return 0;
-}
-
-
-/**
- * wpas_p2p_connect - Request P2P Group Formation to be started
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- * @peer_addr: Address of the peer P2P Device
- * @pin: PIN to use during provisioning or %NULL to indicate PBC mode
- * @persistent_group: Whether to create a persistent group
- * @auto_join: Whether to select join vs. GO Negotiation automatically
- * @join: Whether to join an existing group (as a client) instead of starting
- *	Group Owner negotiation; @peer_addr is BSSID in that case
- * @auth: Whether to only authorize the connection instead of doing that and
- *	initiating Group Owner negotiation
- * @go_intent: GO Intent or -1 to use default
- * @freq: Frequency for the group or 0 for auto-selection
- * @freq2: Center frequency of segment 1 for the GO operating in VHT 80P80 mode
- * @persistent_id: Persistent group credentials to use for forcing GO
- *	parameters or -1 to generate new values (SSID/passphrase)
- * @pd: Whether to send Provision Discovery prior to GO Negotiation as an
- *	interoperability workaround when initiating group formation
- * @ht40: Start GO with 40 MHz channel width
- * @vht:  Start GO with VHT support
- * @vht_chwidth: Channel width supported by GO operating with VHT support
- *	(CHANWIDTH_*).
- * @group_ssid: Specific Group SSID for join or %NULL if not set
- * @group_ssid_len: Length of @group_ssid in octets
- * @allow_6ghz: Allow P2P connection on 6 GHz channels
- * Returns: 0 or new PIN (if pin was %NULL) on success, -1 on unspecified
- *	failure, -2 on failure due to channel not currently available,
- *	-3 if forced channel is not supported
- */
-int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-		     const char *pin, enum p2p_wps_method wps_method,
-		     int persistent_group, int auto_join, int join, int auth,
-		     int go_intent, int freq, unsigned int vht_center_freq2,
-		     int persistent_id, int pd, int ht40, int vht,
-		     unsigned int vht_chwidth, int he, int edmg,
-		     const u8 *group_ssid, size_t group_ssid_len,
-		     bool allow_6ghz)
-{
-	int force_freq = 0, pref_freq = 0;
-	int ret = 0, res;
-	enum wpa_driver_if_type iftype;
-	const u8 *if_addr;
-	struct wpa_ssid *ssid = NULL;
-	unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	if (persistent_id >= 0) {
-		ssid = wpa_config_get_network(wpa_s->conf, persistent_id);
-		if (ssid == NULL || ssid->disabled != 2 ||
-		    ssid->mode != WPAS_MODE_P2P_GO)
-			return -1;
-	}
-
-	if (wpas_p2p_check_6ghz(wpa_s, peer_addr, allow_6ghz, freq))
-		return -2;
-
-	os_free(wpa_s->global->add_psk);
-	wpa_s->global->add_psk = NULL;
-
-	wpa_s->global->p2p_fail_on_wps_complete = 0;
-	wpa_s->global->pending_p2ps_group = 0;
-	wpa_s->global->pending_p2ps_group_freq = 0;
-	wpa_s->p2ps_method_config_any = 0;
-
-	if (go_intent < 0)
-		go_intent = wpa_s->conf->p2p_go_intent;
-
-	if (!auth)
-		wpa_s->global->p2p_long_listen = 0;
-
-	wpa_s->p2p_wps_method = wps_method;
-	wpa_s->p2p_persistent_group = !!persistent_group;
-	wpa_s->p2p_persistent_id = persistent_id;
-	wpa_s->p2p_go_intent = go_intent;
-	wpa_s->p2p_connect_freq = freq;
-	wpa_s->p2p_fallback_to_go_neg = 0;
-	wpa_s->p2p_pd_before_go_neg = !!pd;
-	wpa_s->p2p_go_ht40 = !!ht40;
-	wpa_s->p2p_go_vht = !!vht;
-	wpa_s->p2p_go_vht_center_freq2 = vht_center_freq2;
-	wpa_s->p2p_go_max_oper_chwidth = vht_chwidth;
-	wpa_s->p2p_go_he = !!he;
-	wpa_s->p2p_go_edmg = !!edmg;
-
-	if (pin)
-		os_strlcpy(wpa_s->p2p_pin, pin, sizeof(wpa_s->p2p_pin));
-	else if (wps_method == WPS_PIN_DISPLAY) {
-		if (wps_generate_pin((unsigned int *) &ret) < 0)
-			return -1;
-		res = os_snprintf(wpa_s->p2p_pin, sizeof(wpa_s->p2p_pin),
-				  "%08d", ret);
-		if (os_snprintf_error(sizeof(wpa_s->p2p_pin), res))
-			wpa_s->p2p_pin[sizeof(wpa_s->p2p_pin) - 1] = '\0';
-		wpa_printf(MSG_DEBUG, "P2P: Randomly generated PIN: %s",
-			   wpa_s->p2p_pin);
-	} else if (wps_method == WPS_P2PS) {
-		/* Force the P2Ps default PIN to be used */
-		os_strlcpy(wpa_s->p2p_pin, "12345670", sizeof(wpa_s->p2p_pin));
-	} else
-		wpa_s->p2p_pin[0] = '\0';
-
-	if (join || auto_join) {
-		u8 iface_addr[ETH_ALEN], dev_addr[ETH_ALEN];
-		if (auth) {
-			wpa_printf(MSG_DEBUG, "P2P: Authorize invitation to "
-				   "connect a running group from " MACSTR,
-				   MAC2STR(peer_addr));
-			os_memcpy(wpa_s->p2p_auth_invite, peer_addr, ETH_ALEN);
-			return ret;
-		}
-		os_memcpy(dev_addr, peer_addr, ETH_ALEN);
-		if (p2p_get_interface_addr(wpa_s->global->p2p, peer_addr,
-					   iface_addr) < 0) {
-			os_memcpy(iface_addr, peer_addr, ETH_ALEN);
-			p2p_get_dev_addr(wpa_s->global->p2p, peer_addr,
-					 dev_addr);
-		}
-		if (auto_join) {
-			os_get_reltime(&wpa_s->p2p_auto_started);
-			wpa_printf(MSG_DEBUG, "P2P: Auto join started at "
-				   "%ld.%06ld",
-				   wpa_s->p2p_auto_started.sec,
-				   wpa_s->p2p_auto_started.usec);
-		}
-		wpa_s->user_initiated_pd = 1;
-		if (wpas_p2p_join(wpa_s, iface_addr, dev_addr, wps_method,
-				  auto_join, freq,
-				  group_ssid, group_ssid_len) < 0)
-			return -1;
-		return ret;
-	}
-
-	size = P2P_MAX_PREF_CHANNELS;
-	res = wpas_p2p_setup_freqs(wpa_s, freq, &force_freq, &pref_freq,
-				   go_intent == 15, pref_freq_list, &size);
-	if (res)
-		return res;
-	wpas_p2p_set_own_freq_preference(wpa_s,
-					 force_freq ? force_freq : pref_freq);
-
-	p2p_set_own_pref_freq_list(wpa_s->global->p2p, pref_freq_list, size);
-
-	wpa_s->create_p2p_iface = wpas_p2p_create_iface(wpa_s);
-
-	if (wpa_s->create_p2p_iface) {
-		/* Prepare to add a new interface for the group */
-		iftype = WPA_IF_P2P_GROUP;
-		if (go_intent == 15)
-			iftype = WPA_IF_P2P_GO;
-		if (wpas_p2p_add_group_interface(wpa_s, iftype) < 0) {
-			wpa_printf(MSG_ERROR, "P2P: Failed to allocate a new "
-				   "interface for the group");
-			return -1;
-		}
-
-		if_addr = wpa_s->pending_interface_addr;
-	} else {
-		if (wpa_s->p2p_mgmt)
-			if_addr = wpa_s->parent->own_addr;
-		else
-			if_addr = wpa_s->own_addr;
-		os_memset(wpa_s->go_dev_addr, 0, ETH_ALEN);
-	}
-
-	if (auth) {
-		if (wpas_p2p_auth_go_neg(wpa_s, peer_addr, wps_method,
-					 go_intent, if_addr,
-					 force_freq, persistent_group, ssid,
-					 pref_freq) < 0)
-			return -1;
-		return ret;
-	}
-
-	if (wpas_p2p_start_go_neg(wpa_s, peer_addr, wps_method,
-				  go_intent, if_addr, force_freq,
-				  persistent_group, ssid, pref_freq) < 0) {
-		if (wpa_s->create_p2p_iface)
-			wpas_p2p_remove_pending_group_interface(wpa_s);
-		return -1;
-	}
-	return ret;
-}
-
-
-/**
- * wpas_p2p_remain_on_channel_cb - Indication of remain-on-channel start
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- * @freq: Frequency of the channel in MHz
- * @duration: Duration of the stay on the channel in milliseconds
- *
- * This callback is called when the driver indicates that it has started the
- * requested remain-on-channel duration.
- */
-void wpas_p2p_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				   unsigned int freq, unsigned int duration)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-	wpa_printf(MSG_DEBUG, "P2P: remain-on-channel callback (off_channel_freq=%u pending_listen_freq=%d roc_waiting_drv_freq=%d freq=%u duration=%u)",
-		   wpa_s->off_channel_freq, wpa_s->pending_listen_freq,
-		   wpa_s->roc_waiting_drv_freq, freq, duration);
-	if (wpa_s->off_channel_freq &&
-	    wpa_s->off_channel_freq == wpa_s->pending_listen_freq) {
-		p2p_listen_cb(wpa_s->global->p2p, wpa_s->pending_listen_freq,
-			      wpa_s->pending_listen_duration);
-		wpa_s->pending_listen_freq = 0;
-	} else {
-		wpa_printf(MSG_DEBUG, "P2P: Ignore remain-on-channel callback (off_channel_freq=%u pending_listen_freq=%d freq=%u duration=%u)",
-			   wpa_s->off_channel_freq, wpa_s->pending_listen_freq,
-			   freq, duration);
-	}
-}
-
-
-int wpas_p2p_listen_start(struct wpa_supplicant *wpa_s, unsigned int timeout)
-{
-	/* Limit maximum Listen state time based on driver limitation. */
-	if (timeout > wpa_s->max_remain_on_chan)
-		timeout = wpa_s->max_remain_on_chan;
-
-	return p2p_listen(wpa_s->global->p2p, timeout);
-}
-
-
-/**
- * wpas_p2p_cancel_remain_on_channel_cb - Remain-on-channel timeout
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- * @freq: Frequency of the channel in MHz
- *
- * This callback is called when the driver indicates that a remain-on-channel
- * operation has been completed, i.e., the duration on the requested channel
- * has timed out.
- */
-void wpas_p2p_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-					  unsigned int freq)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Cancel remain-on-channel callback "
-		   "(p2p_long_listen=%d ms pending_action_tx=%p)",
-		   wpa_s->global->p2p_long_listen,
-		   offchannel_pending_action_tx(wpa_s));
-	wpas_p2p_listen_work_done(wpa_s);
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-	if (wpa_s->global->p2p_long_listen > 0)
-		wpa_s->global->p2p_long_listen -= wpa_s->max_remain_on_chan;
-	if (p2p_listen_end(wpa_s->global->p2p, freq) > 0)
-		return; /* P2P module started a new operation */
-	if (offchannel_pending_action_tx(wpa_s))
-		return;
-	if (wpa_s->global->p2p_long_listen > 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Continuing long Listen state");
-		wpas_p2p_listen_start(wpa_s, wpa_s->global->p2p_long_listen);
-	} else {
-		/*
-		 * When listen duration is over, stop listen & update p2p_state
-		 * to IDLE.
-		 */
-		p2p_stop_listen(wpa_s->global->p2p);
-	}
-}
-
-
-/**
- * wpas_p2p_group_remove - Remove a P2P group
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- * @ifname: Network interface name of the group interface or "*" to remove all
- *	groups
- * Returns: 0 on success, -1 on failure
- *
- * This function is used to remove a P2P group. This can be used to disconnect
- * from a group in which the local end is a P2P Client or to end a P2P Group in
- * case the local end is the Group Owner. If a virtual network interface was
- * created for this group, that interface will be removed. Otherwise, only the
- * configured P2P group network will be removed from the interface.
- */
-int wpas_p2p_group_remove(struct wpa_supplicant *wpa_s, const char *ifname)
-{
-	struct wpa_global *global = wpa_s->global;
-	struct wpa_supplicant *calling_wpa_s = wpa_s;
-
-	if (os_strcmp(ifname, "*") == 0) {
-		struct wpa_supplicant *prev;
-		bool calling_wpa_s_group_removed = false;
-
-		wpa_s = global->ifaces;
-		while (wpa_s) {
-			prev = wpa_s;
-			wpa_s = wpa_s->next;
-			if (prev->p2p_group_interface !=
-			    NOT_P2P_GROUP_INTERFACE ||
-			    (prev->current_ssid &&
-			     prev->current_ssid->p2p_group)) {
-				wpas_p2p_disconnect_safely(prev, calling_wpa_s);
-				if (prev == calling_wpa_s)
-					calling_wpa_s_group_removed = true;
-			}
-		}
-
-		if (!calling_wpa_s_group_removed &&
-		    (calling_wpa_s->p2p_group_interface !=
-		     NOT_P2P_GROUP_INTERFACE ||
-		     (calling_wpa_s->current_ssid &&
-		      calling_wpa_s->current_ssid->p2p_group))) {
-			wpa_printf(MSG_DEBUG, "Remove calling_wpa_s P2P group");
-			wpas_p2p_disconnect_safely(calling_wpa_s,
-						   calling_wpa_s);
-		}
-
-		return 0;
-	}
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (os_strcmp(wpa_s->ifname, ifname) == 0)
-			break;
-	}
-
-	return wpas_p2p_disconnect_safely(wpa_s, calling_wpa_s);
-}
-
-
-static int wpas_p2p_select_go_freq(struct wpa_supplicant *wpa_s, int freq)
-{
-	unsigned int r;
-
-	if (!wpa_s->conf->num_p2p_pref_chan && !freq) {
-		unsigned int i, size = P2P_MAX_PREF_CHANNELS;
-		unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS];
-		int res;
-
-		res = wpa_drv_get_pref_freq_list(wpa_s, WPA_IF_P2P_GO,
-						 &size, pref_freq_list);
-		if (!is_p2p_allow_6ghz(wpa_s->global->p2p))
-			size = p2p_remove_6ghz_channels(pref_freq_list, size);
-
-		if (!res && size > 0) {
-			i = 0;
-			while (i < size &&
-			       (!p2p_supported_freq(wpa_s->global->p2p,
-						    pref_freq_list[i]) ||
-				wpas_p2p_disallowed_freq(wpa_s->global,
-							 pref_freq_list[i]))) {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: preferred_freq_list[%d]=%d is disallowed",
-					   i, pref_freq_list[i]);
-				i++;
-			}
-			if (i != size) {
-				freq = pref_freq_list[i];
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Using preferred_freq_list[%d]=%d",
-					   i, freq);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: All driver preferred frequencies are disallowed for P2P use");
-			}
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: No preferred frequency list available");
-		}
-	}
-
-	if (freq == 2) {
-		wpa_printf(MSG_DEBUG, "P2P: Request to start GO on 2.4 GHz "
-			   "band");
-		if (wpa_s->best_24_freq > 0 &&
-		    p2p_supported_freq_go(wpa_s->global->p2p,
-					  wpa_s->best_24_freq)) {
-			freq = wpa_s->best_24_freq;
-			wpa_printf(MSG_DEBUG, "P2P: Use best 2.4 GHz band "
-				   "channel: %d MHz", freq);
-		} else {
-			if (os_get_random((u8 *) &r, sizeof(r)) < 0)
-				return -1;
-			freq = 2412 + (r % 3) * 25;
-			wpa_printf(MSG_DEBUG, "P2P: Use random 2.4 GHz band "
-				   "channel: %d MHz", freq);
-		}
-	}
-
-	if (freq == 5) {
-		wpa_printf(MSG_DEBUG, "P2P: Request to start GO on 5 GHz "
-			   "band");
-		if (wpa_s->best_5_freq > 0 &&
-		    p2p_supported_freq_go(wpa_s->global->p2p,
-				       wpa_s->best_5_freq)) {
-			freq = wpa_s->best_5_freq;
-			wpa_printf(MSG_DEBUG, "P2P: Use best 5 GHz band "
-				   "channel: %d MHz", freq);
-		} else {
-			const int freqs[] = {
-				/* operating class 115 */
-				5180, 5200, 5220, 5240,
-				/* operating class 124 */
-				5745, 5765, 5785, 5805,
-			};
-			unsigned int i, num_freqs = ARRAY_SIZE(freqs);
-
-			if (os_get_random((u8 *) &r, sizeof(r)) < 0)
-				return -1;
-
-			/*
-			 * Most of the 5 GHz channels require DFS. Only
-			 * operating classes 115 and 124 are available possibly
-			 * without that requirement. Check these for
-			 * availability starting from a randomly picked
-			 * position.
-			 */
-			for (i = 0; i < num_freqs; i++, r++) {
-				freq = freqs[r % num_freqs];
-				if (p2p_supported_freq_go(wpa_s->global->p2p,
-							  freq))
-					break;
-			}
-
-			if (i >= num_freqs) {
-				wpa_printf(MSG_DEBUG, "P2P: Could not select "
-					   "5 GHz channel for P2P group");
-				return -1;
-			}
-			wpa_printf(MSG_DEBUG, "P2P: Use random 5 GHz band "
-				   "channel: %d MHz", freq);
-		}
-	}
-
-	if (freq > 0 && !p2p_supported_freq_go(wpa_s->global->p2p, freq)) {
-		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) &&
-		    ieee80211_is_dfs(freq, wpa_s->hw.modes,
-				     wpa_s->hw.num_modes)) {
-			/*
-			 * If freq is a DFS channel and DFS is offloaded to the
-			 * driver, allow P2P GO to use it.
-			 */
-			wpa_printf(MSG_DEBUG, "P2P: "
-				   "%s: The forced channel for GO (%u MHz) is DFS, and DFS is offloaded",
-				   __func__, freq);
-			return freq;
-		}
-		wpa_printf(MSG_DEBUG, "P2P: The forced channel for GO "
-			   "(%u MHz) is not supported for P2P uses",
-			   freq);
-		return -1;
-	}
-
-	return freq;
-}
-
-
-static int wpas_p2p_supported_freq_go(struct wpa_supplicant *wpa_s,
-				      const struct p2p_channels *channels,
-				      int freq)
-{
-	if (!wpas_p2p_disallowed_freq(wpa_s->global, freq) &&
-	    p2p_supported_freq_go(wpa_s->global->p2p, freq) &&
-	    freq_included(wpa_s, channels, freq))
-		return 1;
-	return 0;
-}
-
-
-static void wpas_p2p_select_go_freq_no_pref(struct wpa_supplicant *wpa_s,
-					    struct p2p_go_neg_results *params,
-					    const struct p2p_channels *channels)
-{
-	unsigned int i, r;
-
-	/* try all channels in operating class 115 */
-	for (i = 0; i < 4; i++) {
-		params->freq = 5180 + i * 20;
-		if (wpas_p2p_supported_freq_go(wpa_s, channels, params->freq))
-			goto out;
-	}
-
-	/* try all channels in operating class 124 */
-	for (i = 0; i < 4; i++) {
-		params->freq = 5745 + i * 20;
-		if (wpas_p2p_supported_freq_go(wpa_s, channels, params->freq))
-			goto out;
-	}
-
-	/* try social channel class 180 channel 2 */
-	params->freq = 58320 + 1 * 2160;
-	if (wpas_p2p_supported_freq_go(wpa_s, channels, params->freq))
-		goto out;
-
-	/* try all channels in reg. class 180 */
-	for (i = 0; i < 4; i++) {
-		params->freq = 58320 + i * 2160;
-		if (wpas_p2p_supported_freq_go(wpa_s, channels, params->freq))
-			goto out;
-	}
-
-	/* try some random selection of the social channels */
-	if (os_get_random((u8 *) &r, sizeof(r)) < 0)
-		return;
-
-	for (i = 0; i < 3; i++) {
-		params->freq = 2412 + ((r + i) % 3) * 25;
-		if (wpas_p2p_supported_freq_go(wpa_s, channels, params->freq))
-			goto out;
-	}
-
-	/* try all other channels in operating class 81 */
-	for (i = 0; i < 11; i++) {
-		params->freq = 2412 + i * 5;
-
-		/* skip social channels; covered in the previous loop */
-		if (params->freq == 2412 ||
-		    params->freq == 2437 ||
-		    params->freq == 2462)
-			continue;
-
-		if (wpas_p2p_supported_freq_go(wpa_s, channels, params->freq))
-			goto out;
-	}
-
-	params->freq = 0;
-	wpa_printf(MSG_DEBUG, "P2P: No 2.4, 5, or 60 GHz channel allowed");
-	return;
-out:
-	wpa_printf(MSG_DEBUG, "P2P: Set GO freq %d MHz (no preference known)",
-		   params->freq);
-}
-
-
-static int wpas_same_band(int freq1, int freq2)
-{
-	enum hostapd_hw_mode mode1, mode2;
-	u8 chan1, chan2;
-
-	mode1 = ieee80211_freq_to_chan(freq1, &chan1);
-	mode2 = ieee80211_freq_to_chan(freq2, &chan2);
-	if (mode1 == NUM_HOSTAPD_MODES)
-		return 0;
-	return mode1 == mode2;
-}
-
-
-static int wpas_p2p_init_go_params(struct wpa_supplicant *wpa_s,
-				   struct p2p_go_neg_results *params,
-				   int freq, int vht_center_freq2, int ht40,
-				   int vht, int max_oper_chwidth, int he,
-				   int edmg,
-				   const struct p2p_channels *channels)
-{
-	struct wpa_used_freq_data *freqs;
-	unsigned int cand;
-	unsigned int num, i;
-	int ignore_no_freqs = 0;
-	int unused_channels = wpas_p2p_num_unused_channels(wpa_s) > 0;
-
-	os_memset(params, 0, sizeof(*params));
-	params->role_go = 1;
-	params->ht40 = ht40;
-	params->vht = vht;
-	params->he = he;
-	params->max_oper_chwidth = max_oper_chwidth;
-	params->vht_center_freq2 = vht_center_freq2;
-	params->edmg = edmg;
-
-	freqs = os_calloc(wpa_s->num_multichan_concurrent,
-			  sizeof(struct wpa_used_freq_data));
-	if (!freqs)
-		return -1;
-
-	num = get_shared_radio_freqs_data(wpa_s, freqs,
-					  wpa_s->num_multichan_concurrent);
-
-	if (wpa_s->current_ssid &&
-	    wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO &&
-	    wpa_s->wpa_state == WPA_COMPLETED) {
-		wpa_printf(MSG_DEBUG, "P2P: %s called for an active GO",
-			   __func__);
-
-		/*
-		 * If the frequency selection is done for an active P2P GO that
-		 * is not sharing a frequency, allow to select a new frequency
-		 * even if there are no unused frequencies as we are about to
-		 * move the P2P GO so its frequency can be re-used.
-		 */
-		for (i = 0; i < num; i++) {
-			if (freqs[i].freq == wpa_s->current_ssid->frequency &&
-			    freqs[i].flags == 0) {
-				ignore_no_freqs = 1;
-				break;
-			}
-		}
-	}
-
-	/* Try to use EDMG channel */
-	if (params->edmg) {
-		if (wpas_p2p_try_edmg_channel(wpa_s, params) == 0)
-			goto success;
-		params->edmg = 0;
-	}
-
-	/* try using the forced freq */
-	if (freq) {
-		if (wpas_p2p_disallowed_freq(wpa_s->global, freq) ||
-		    !freq_included(wpa_s, channels, freq)) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Forced GO freq %d MHz disallowed",
-				   freq);
-			goto fail;
-		}
-		if (!p2p_supported_freq_go(wpa_s->global->p2p, freq)) {
-			if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) &&
-			    ieee80211_is_dfs(freq, wpa_s->hw.modes,
-					     wpa_s->hw.num_modes)) {
-				/*
-				 * If freq is a DFS channel and DFS is offloaded
-				 * to the driver, allow P2P GO to use it.
-				 */
-				wpa_printf(MSG_DEBUG,
-					   "P2P: %s: The forced channel for GO (%u MHz) requires DFS and DFS is offloaded",
-					   __func__, freq);
-			} else {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: The forced channel for GO (%u MHz) is not supported for P2P uses",
-					   freq);
-				goto fail;
-			}
-		}
-
-		for (i = 0; i < num; i++) {
-			if (freqs[i].freq == freq) {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: forced freq (%d MHz) is also shared",
-					   freq);
-				params->freq = freq;
-				goto success;
-			}
-		}
-
-		if (!ignore_no_freqs && !unused_channels) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Cannot force GO on freq (%d MHz) as all the channels are in use",
-				   freq);
-			goto fail;
-		}
-
-		wpa_printf(MSG_DEBUG,
-			   "P2P: force GO freq (%d MHz) on a free channel",
-			   freq);
-		params->freq = freq;
-		goto success;
-	}
-
-	/* consider using one of the shared frequencies */
-	if (num &&
-	    (!wpa_s->conf->p2p_ignore_shared_freq || !unused_channels)) {
-		cand = wpas_p2p_pick_best_used_freq(wpa_s, freqs, num);
-		if (wpas_p2p_supported_freq_go(wpa_s, channels, cand)) {
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Use shared freq (%d MHz) for GO",
-				   cand);
-			params->freq = cand;
-			goto success;
-		}
-
-		/* try using one of the shared freqs */
-		for (i = 0; i < num; i++) {
-			if (wpas_p2p_supported_freq_go(wpa_s, channels,
-						       freqs[i].freq)) {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Use shared freq (%d MHz) for GO",
-					   freqs[i].freq);
-				params->freq = freqs[i].freq;
-				goto success;
-			}
-		}
-	}
-
-	if (!ignore_no_freqs && !unused_channels) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Cannot force GO on any of the channels we are already using");
-		goto fail;
-	}
-
-	/* try using the setting from the configuration file */
-	if (wpa_s->conf->p2p_oper_reg_class == 81 &&
-	    wpa_s->conf->p2p_oper_channel >= 1 &&
-	    wpa_s->conf->p2p_oper_channel <= 11 &&
-	    wpas_p2p_supported_freq_go(
-		    wpa_s, channels,
-		    2407 + 5 * wpa_s->conf->p2p_oper_channel)) {
-		params->freq = 2407 + 5 * wpa_s->conf->p2p_oper_channel;
-		wpa_printf(MSG_DEBUG, "P2P: Set GO freq based on configured "
-			   "frequency %d MHz", params->freq);
-		goto success;
-	}
-
-	if ((wpa_s->conf->p2p_oper_reg_class == 115 ||
-	     wpa_s->conf->p2p_oper_reg_class == 116 ||
-	     wpa_s->conf->p2p_oper_reg_class == 117 ||
-	     wpa_s->conf->p2p_oper_reg_class == 124 ||
-	     wpa_s->conf->p2p_oper_reg_class == 125 ||
-	     wpa_s->conf->p2p_oper_reg_class == 126 ||
-	     wpa_s->conf->p2p_oper_reg_class == 127) &&
-	    wpas_p2p_supported_freq_go(wpa_s, channels,
-				       5000 +
-				       5 * wpa_s->conf->p2p_oper_channel)) {
-		params->freq = 5000 + 5 * wpa_s->conf->p2p_oper_channel;
-		wpa_printf(MSG_DEBUG, "P2P: Set GO freq based on configured "
-			   "frequency %d MHz", params->freq);
-		goto success;
-	}
-
-	/* Try using best channels */
-	if (wpa_s->conf->p2p_oper_channel == 0 &&
-	    wpa_s->best_overall_freq > 0 &&
-	    wpas_p2p_supported_freq_go(wpa_s, channels,
-				       wpa_s->best_overall_freq)) {
-		params->freq = wpa_s->best_overall_freq;
-		wpa_printf(MSG_DEBUG, "P2P: Set GO freq based on best overall "
-			   "channel %d MHz", params->freq);
-		goto success;
-	}
-
-	if (wpa_s->conf->p2p_oper_channel == 0 &&
-	    wpa_s->best_24_freq > 0 &&
-	    wpas_p2p_supported_freq_go(wpa_s, channels,
-				       wpa_s->best_24_freq)) {
-		params->freq = wpa_s->best_24_freq;
-		wpa_printf(MSG_DEBUG, "P2P: Set GO freq based on best 2.4 GHz "
-			   "channel %d MHz", params->freq);
-		goto success;
-	}
-
-	if (wpa_s->conf->p2p_oper_channel == 0 &&
-	    wpa_s->best_5_freq > 0 &&
-	    wpas_p2p_supported_freq_go(wpa_s, channels,
-				       wpa_s->best_5_freq)) {
-		params->freq = wpa_s->best_5_freq;
-		wpa_printf(MSG_DEBUG, "P2P: Set GO freq based on best 5 GHz "
-			   "channel %d MHz", params->freq);
-		goto success;
-	}
-
-	/* try using preferred channels */
-	cand = p2p_get_pref_freq(wpa_s->global->p2p, channels);
-	if (cand && wpas_p2p_supported_freq_go(wpa_s, channels, cand)) {
-		params->freq = cand;
-		wpa_printf(MSG_DEBUG, "P2P: Set GO freq %d MHz from preferred "
-			   "channels", params->freq);
-		goto success;
-	}
-
-	/* Try using a channel that allows VHT to be used with 80 MHz */
-	if (wpa_s->hw.modes && wpa_s->p2p_group_common_freqs) {
-		for (i = 0; i < wpa_s->p2p_group_common_freqs_num; i++) {
-			enum hostapd_hw_mode mode;
-			struct hostapd_hw_modes *hwmode;
-			u8 chan;
-			u8 op_class;
-
-			cand = wpa_s->p2p_group_common_freqs[i];
-			op_class = is_6ghz_freq(cand) ? 133 : 128;
-			mode = ieee80211_freq_to_chan(cand, &chan);
-			hwmode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-					  mode, is_6ghz_freq(cand));
-			if (!hwmode ||
-			    wpas_p2p_verify_channel(wpa_s, hwmode, op_class,
-						    chan, BW80) != ALLOWED)
-				continue;
-			if (wpas_p2p_supported_freq_go(wpa_s, channels, cand)) {
-				params->freq = cand;
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Use freq %d MHz common with the peer and allowing VHT80",
-					   params->freq);
-				goto success;
-			}
-		}
-	}
-
-	/* Try using a channel that allows HT to be used with 40 MHz on the same
-	 * band so that CSA can be used */
-	if (wpa_s->current_ssid && wpa_s->hw.modes &&
-	    wpa_s->p2p_group_common_freqs) {
-		for (i = 0; i < wpa_s->p2p_group_common_freqs_num; i++) {
-			enum hostapd_hw_mode mode;
-			struct hostapd_hw_modes *hwmode;
-			u8 chan, op_class;
-			bool is_6ghz, supported = false;
-
-			is_6ghz = is_6ghz_freq(cand);
-			cand = wpa_s->p2p_group_common_freqs[i];
-			mode = ieee80211_freq_to_chan(cand, &chan);
-			hwmode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-					  mode, is_6ghz);
-			if (!wpas_same_band(wpa_s->current_ssid->frequency,
-					    cand) ||
-			    !hwmode)
-				continue;
-			if (is_6ghz &&
-			    wpas_p2p_verify_channel(wpa_s, hwmode, 132, chan,
-						    BW40) == ALLOWED)
-				supported = true;
-
-			if (!is_6ghz &&
-			    ieee80211_freq_to_channel_ext(
-				    cand, -1, CHANWIDTH_USE_HT, &op_class,
-				    &chan) != NUM_HOSTAPD_MODES &&
-			    wpas_p2p_verify_channel(
-				    wpa_s, hwmode, op_class, chan,
-				    BW40MINUS) == ALLOWED)
-				supported = true;
-
-			if (!supported && !is_6ghz &&
-			    ieee80211_freq_to_channel_ext(
-				    cand, 1, CHANWIDTH_USE_HT, &op_class,
-				    &chan) != NUM_HOSTAPD_MODES &&
-			    wpas_p2p_verify_channel(
-				    wpa_s, hwmode, op_class, chan,
-				    BW40PLUS) == ALLOWED)
-				supported = true;
-
-			if (!supported)
-				continue;
-
-			if (wpas_p2p_supported_freq_go(wpa_s, channels, cand)) {
-				params->freq = cand;
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Use freq %d MHz common with the peer, allowing HT40, and maintaining same band",
-					   params->freq);
-				goto success;
-			}
-		}
-	}
-
-	/* Try using one of the group common freqs on the same band so that CSA
-	 * can be used */
-	if (wpa_s->current_ssid && wpa_s->p2p_group_common_freqs) {
-		for (i = 0; i < wpa_s->p2p_group_common_freqs_num; i++) {
-			cand = wpa_s->p2p_group_common_freqs[i];
-			if (!wpas_same_band(wpa_s->current_ssid->frequency,
-					    cand))
-				continue;
-			if (wpas_p2p_supported_freq_go(wpa_s, channels, cand)) {
-				params->freq = cand;
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Use freq %d MHz common with the peer and maintaining same band",
-					   params->freq);
-				goto success;
-			}
-		}
-	}
-
-	/* Try using one of the group common freqs */
-	if (wpa_s->p2p_group_common_freqs) {
-		for (i = 0; i < wpa_s->p2p_group_common_freqs_num; i++) {
-			cand = wpa_s->p2p_group_common_freqs[i];
-			if (wpas_p2p_supported_freq_go(wpa_s, channels, cand)) {
-				params->freq = cand;
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Use freq %d MHz common with the peer",
-					   params->freq);
-				goto success;
-			}
-		}
-	}
-
-	/* no preference, select some channel */
-	wpas_p2p_select_go_freq_no_pref(wpa_s, params, channels);
-
-	if (params->freq == 0) {
-		wpa_printf(MSG_DEBUG, "P2P: did not find a freq for GO use");
-		goto fail;
-	}
-
-success:
-	os_free(freqs);
-	return 0;
-fail:
-	os_free(freqs);
-	return -1;
-}
-
-
-static struct wpa_supplicant *
-wpas_p2p_get_group_iface(struct wpa_supplicant *wpa_s, int addr_allocated,
-			 int go)
-{
-	struct wpa_supplicant *group_wpa_s;
-
-	if (!wpas_p2p_create_iface(wpa_s)) {
-		if (wpa_s->p2p_mgmt) {
-			/*
-			 * We may be called on the p2p_dev interface which
-			 * cannot be used for group operations, so always use
-			 * the primary interface.
-			 */
-			wpa_s->parent->p2pdev = wpa_s;
-			wpa_s = wpa_s->parent;
-		}
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Use primary interface for group operations");
-		wpa_s->p2p_first_connection_timeout = 0;
-		if (wpa_s != wpa_s->p2pdev)
-			wpas_p2p_clone_config(wpa_s, wpa_s->p2pdev);
-		return wpa_s;
-	}
-
-	if (wpas_p2p_add_group_interface(wpa_s, go ? WPA_IF_P2P_GO :
-					 WPA_IF_P2P_CLIENT) < 0) {
-		wpa_msg_global(wpa_s, MSG_ERROR,
-			       "P2P: Failed to add group interface");
-		return NULL;
-	}
-	group_wpa_s = wpas_p2p_init_group_interface(wpa_s, go);
-	if (group_wpa_s == NULL) {
-		wpa_msg_global(wpa_s, MSG_ERROR,
-			       "P2P: Failed to initialize group interface");
-		wpas_p2p_remove_pending_group_interface(wpa_s);
-		return NULL;
-	}
-
-	if (go && wpa_s->p2p_go_do_acs) {
-		group_wpa_s->p2p_go_do_acs = wpa_s->p2p_go_do_acs;
-		group_wpa_s->p2p_go_acs_band = wpa_s->p2p_go_acs_band;
-		wpa_s->p2p_go_do_acs = 0;
-	}
-
-	if (go && wpa_s->p2p_go_allow_dfs) {
-		group_wpa_s->p2p_go_allow_dfs = wpa_s->p2p_go_allow_dfs;
-		wpa_s->p2p_go_allow_dfs = 0;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use separate group interface %s",
-		group_wpa_s->ifname);
-	group_wpa_s->p2p_first_connection_timeout = 0;
-	return group_wpa_s;
-}
-
-
-/**
- * wpas_p2p_group_add - Add a new P2P group with local end as Group Owner
- * @wpa_s: Pointer to wpa_supplicant data from wpa_supplicant_add_iface()
- * @persistent_group: Whether to create a persistent group
- * @freq: Frequency for the group or 0 to indicate no hardcoding
- * @vht_center_freq2: segment_1 center frequency for GO operating in VHT 80P80
- * @ht40: Start GO with 40 MHz channel width
- * @vht:  Start GO with VHT support
- * @vht_chwidth: channel bandwidth for GO operating with VHT support
- * @edmg: Start GO with EDMG support
- * @allow_6ghz: Allow P2P group creation on a 6 GHz channel
- * Returns: 0 on success, -1 on failure
- *
- * This function creates a new P2P group with the local end as the Group Owner,
- * i.e., without using Group Owner Negotiation.
- */
-int wpas_p2p_group_add(struct wpa_supplicant *wpa_s, int persistent_group,
-		       int freq, int vht_center_freq2, int ht40, int vht,
-		       int max_oper_chwidth, int he, int edmg,
-		       bool allow_6ghz)
-{
-	struct p2p_go_neg_results params;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-	if (wpas_p2p_check_6ghz(wpa_s, NULL, allow_6ghz, freq))
-		return -1;
-
-	os_free(wpa_s->global->add_psk);
-	wpa_s->global->add_psk = NULL;
-
-	/* Make sure we are not running find during connection establishment */
-	wpa_printf(MSG_DEBUG, "P2P: Stop any on-going P2P FIND");
-	wpas_p2p_stop_find_oper(wpa_s);
-
-	if (!wpa_s->p2p_go_do_acs) {
-		freq = wpas_p2p_select_go_freq(wpa_s, freq);
-		if (freq < 0)
-			return -1;
-	}
-
-	if (wpas_p2p_init_go_params(wpa_s, &params, freq, vht_center_freq2,
-				    ht40, vht, max_oper_chwidth, he, edmg,
-				    NULL))
-		return -1;
-
-	p2p_go_params(wpa_s->global->p2p, &params);
-	params.persistent_group = persistent_group;
-
-	wpa_s = wpas_p2p_get_group_iface(wpa_s, 0, 1);
-	if (wpa_s == NULL)
-		return -1;
-	wpas_start_wps_go(wpa_s, &params, 0);
-
-	return 0;
-}
-
-
-static int wpas_start_p2p_client(struct wpa_supplicant *wpa_s,
-				 struct wpa_ssid *params, int addr_allocated,
-				 int freq, int force_scan)
-{
-	struct wpa_ssid *ssid;
-
-	wpa_s = wpas_p2p_get_group_iface(wpa_s, addr_allocated, 0);
-	if (wpa_s == NULL)
-		return -1;
-	if (force_scan)
-		os_get_reltime(&wpa_s->scan_min_time);
-	wpa_s->p2p_last_4way_hs_fail = NULL;
-
-	wpa_supplicant_ap_deinit(wpa_s);
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL)
-		return -1;
-	os_memset(wpa_s->go_dev_addr, 0, ETH_ALEN);
-	wpa_config_set_network_defaults(ssid);
-	ssid->temporary = 1;
-	ssid->proto = WPA_PROTO_RSN;
-	ssid->pbss = params->pbss;
-	ssid->pairwise_cipher = params->pbss ? WPA_CIPHER_GCMP :
-		WPA_CIPHER_CCMP;
-	ssid->group_cipher = params->pbss ? WPA_CIPHER_GCMP : WPA_CIPHER_CCMP;
-	ssid->key_mgmt = WPA_KEY_MGMT_PSK;
-	ssid->ssid = os_malloc(params->ssid_len);
-	if (ssid->ssid == NULL) {
-		wpa_config_remove_network(wpa_s->conf, ssid->id);
-		return -1;
-	}
-	os_memcpy(ssid->ssid, params->ssid, params->ssid_len);
-	ssid->ssid_len = params->ssid_len;
-	ssid->p2p_group = 1;
-	ssid->export_keys = 1;
-	if (params->psk_set) {
-		os_memcpy(ssid->psk, params->psk, 32);
-		ssid->psk_set = 1;
-	}
-	if (params->passphrase)
-		ssid->passphrase = os_strdup(params->passphrase);
-
-	wpa_s->show_group_started = 1;
-	wpa_s->p2p_in_invitation = 1;
-	wpa_s->p2p_invite_go_freq = freq;
-	wpa_s->p2p_go_group_formation_completed = 0;
-	wpa_s->global->p2p_group_formation = wpa_s;
-
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s->p2pdev,
-			     NULL);
-	eloop_register_timeout(P2P_MAX_INITIAL_CONN_WAIT, 0,
-			       wpas_p2p_group_formation_timeout,
-			       wpa_s->p2pdev, NULL);
-	wpa_supplicant_select_network(wpa_s, ssid);
-
-	return 0;
-}
-
-
-int wpas_p2p_group_add_persistent(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid, int addr_allocated,
-				  int force_freq, int neg_freq,
-				  int vht_center_freq2, int ht40,
-				  int vht, int max_oper_chwidth, int he,
-				  int edmg,
-				  const struct p2p_channels *channels,
-				  int connection_timeout, int force_scan,
-				  bool allow_6ghz)
-{
-	struct p2p_go_neg_results params;
-	int go = 0, freq;
-
-	if (ssid->disabled != 2 || ssid->ssid == NULL)
-		return -1;
-
-	if (wpas_get_p2p_group(wpa_s, ssid->ssid, ssid->ssid_len, &go) &&
-	    go == (ssid->mode == WPAS_MODE_P2P_GO)) {
-		wpa_printf(MSG_DEBUG, "P2P: Requested persistent group is "
-			   "already running");
-		if (go == 0 &&
-		    eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-					 wpa_s->p2pdev, NULL)) {
-			/*
-			 * This can happen if Invitation Response frame was lost
-			 * and the peer (GO of a persistent group) tries to
-			 * invite us again. Reschedule the timeout to avoid
-			 * terminating the wait for the connection too early
-			 * since we now know that the peer is still trying to
-			 * invite us instead of having already started the GO.
-			 */
-			wpa_printf(MSG_DEBUG,
-				   "P2P: Reschedule group formation timeout since peer is still trying to invite us");
-			eloop_register_timeout(P2P_MAX_INITIAL_CONN_WAIT, 0,
-					       wpas_p2p_group_formation_timeout,
-					       wpa_s->p2pdev, NULL);
-		}
-		return 0;
-	}
-
-	os_free(wpa_s->global->add_psk);
-	wpa_s->global->add_psk = NULL;
-
-	/* Make sure we are not running find during connection establishment */
-	wpas_p2p_stop_find_oper(wpa_s);
-
-	wpa_s->p2p_fallback_to_go_neg = 0;
-
-	if (ssid->mode == WPAS_MODE_P2P_GO) {
-		if (force_freq > 0) {
-			freq = wpas_p2p_select_go_freq(wpa_s, force_freq);
-			if (freq < 0)
-				return -1;
-		} else {
-			freq = wpas_p2p_select_go_freq(wpa_s, neg_freq);
-			if (freq < 0 ||
-			    (freq > 0 && !freq_included(wpa_s, channels, freq)))
-				freq = 0;
-		}
-	} else if (ssid->mode == WPAS_MODE_INFRA) {
-		freq = neg_freq;
-		if (freq <= 0 || !freq_included(wpa_s, channels, freq)) {
-			struct os_reltime now;
-			struct wpa_bss *bss =
-				wpa_bss_get_p2p_dev_addr(wpa_s, ssid->bssid);
-
-			os_get_reltime(&now);
-			if (bss &&
-			    !os_reltime_expired(&now, &bss->last_update, 5) &&
-			    freq_included(wpa_s, channels, bss->freq))
-				freq = bss->freq;
-			else
-				freq = 0;
-		}
-
-		return wpas_start_p2p_client(wpa_s, ssid, addr_allocated, freq,
-					     force_scan);
-	} else {
-		return -1;
-	}
-
-	if (wpas_p2p_init_go_params(wpa_s, &params, freq, vht_center_freq2,
-				    ht40, vht, max_oper_chwidth, he, edmg,
-				    channels))
-		return -1;
-
-	params.role_go = 1;
-	params.psk_set = ssid->psk_set;
-	if (params.psk_set)
-		os_memcpy(params.psk, ssid->psk, sizeof(params.psk));
-	if (ssid->passphrase) {
-		if (os_strlen(ssid->passphrase) >= sizeof(params.passphrase)) {
-			wpa_printf(MSG_ERROR, "P2P: Invalid passphrase in "
-				   "persistent group");
-			return -1;
-		}
-		os_strlcpy(params.passphrase, ssid->passphrase,
-			   sizeof(params.passphrase));
-	}
-	os_memcpy(params.ssid, ssid->ssid, ssid->ssid_len);
-	params.ssid_len = ssid->ssid_len;
-	params.persistent_group = 1;
-
-	wpa_s = wpas_p2p_get_group_iface(wpa_s, addr_allocated, 1);
-	if (wpa_s == NULL)
-		return -1;
-
-	p2p_channels_to_freqs(channels, params.freq_list, P2P_MAX_CHANNELS);
-
-	wpa_s->p2p_first_connection_timeout = connection_timeout;
-	wpas_start_wps_go(wpa_s, &params, 0);
-
-	return 0;
-}
-
-
-static void wpas_p2p_ie_update(void *ctx, struct wpabuf *beacon_ies,
-			       struct wpabuf *proberesp_ies)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s->ap_iface) {
-		struct hostapd_data *hapd = wpa_s->ap_iface->bss[0];
-		if (!(hapd->conf->p2p & P2P_GROUP_OWNER)) {
-			wpabuf_free(beacon_ies);
-			wpabuf_free(proberesp_ies);
-			return;
-		}
-		if (beacon_ies) {
-			wpabuf_free(hapd->p2p_beacon_ie);
-			hapd->p2p_beacon_ie = beacon_ies;
-		}
-		wpabuf_free(hapd->p2p_probe_resp_ie);
-		hapd->p2p_probe_resp_ie = proberesp_ies;
-	} else {
-		wpabuf_free(beacon_ies);
-		wpabuf_free(proberesp_ies);
-	}
-	wpa_supplicant_ap_update_beacon(wpa_s);
-}
-
-
-static void wpas_p2p_idle_update(void *ctx, int idle)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (!wpa_s->ap_iface)
-		return;
-	wpa_printf(MSG_DEBUG, "P2P: GO - group %sidle", idle ? "" : "not ");
-	if (idle) {
-		if (wpa_s->global->p2p_fail_on_wps_complete &&
-		    wpa_s->p2p_in_provisioning) {
-			wpas_p2p_grpform_fail_after_wps(wpa_s);
-			return;
-		}
-		wpas_p2p_set_group_idle_timeout(wpa_s);
-	} else
-		eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
-}
-
-
-struct p2p_group * wpas_p2p_group_init(struct wpa_supplicant *wpa_s,
-				       struct wpa_ssid *ssid)
-{
-	struct p2p_group *group;
-	struct p2p_group_config *cfg;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
-	    !ssid->p2p_group)
-		return NULL;
-
-	cfg = os_zalloc(sizeof(*cfg));
-	if (cfg == NULL)
-		return NULL;
-
-	if (ssid->p2p_persistent_group && wpa_s->conf->persistent_reconnect)
-		cfg->persistent_group = 2;
-	else if (ssid->p2p_persistent_group)
-		cfg->persistent_group = 1;
-	os_memcpy(cfg->interface_addr, wpa_s->own_addr, ETH_ALEN);
-	if (wpa_s->max_stations &&
-	    wpa_s->max_stations < wpa_s->conf->max_num_sta)
-		cfg->max_clients = wpa_s->max_stations;
-	else
-		cfg->max_clients = wpa_s->conf->max_num_sta;
-	os_memcpy(cfg->ssid, ssid->ssid, ssid->ssid_len);
-	cfg->ssid_len = ssid->ssid_len;
-	cfg->freq = ssid->frequency;
-	cfg->cb_ctx = wpa_s;
-	cfg->ie_update = wpas_p2p_ie_update;
-	cfg->idle_update = wpas_p2p_idle_update;
-	cfg->ip_addr_alloc = WPA_GET_BE32(wpa_s->p2pdev->conf->ip_addr_start)
-		!= 0;
-
-	group = p2p_group_init(wpa_s->global->p2p, cfg);
-	if (group == NULL)
-		os_free(cfg);
-	if (ssid->mode != WPAS_MODE_P2P_GROUP_FORMATION)
-		p2p_group_notif_formation_done(group);
-	wpa_s->p2p_group = group;
-	return group;
-}
-
-
-void wpas_p2p_wps_success(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-			  int registrar)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (!wpa_s->p2p_in_provisioning) {
-		wpa_printf(MSG_DEBUG, "P2P: Ignore WPS success event - P2P "
-			   "provisioning not in progress");
-		return;
-	}
-
-	if (ssid && ssid->mode == WPAS_MODE_INFRA) {
-		u8 go_dev_addr[ETH_ALEN];
-		os_memcpy(go_dev_addr, wpa_s->bssid, ETH_ALEN);
-		wpas_p2p_persistent_group(wpa_s, go_dev_addr, ssid->ssid,
-					  ssid->ssid_len);
-		/* Clear any stored provisioning info */
-		p2p_clear_provisioning_info(wpa_s->global->p2p, go_dev_addr);
-	}
-
-	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s->p2pdev,
-			     NULL);
-	wpa_s->p2p_go_group_formation_completed = 1;
-	if (ssid && ssid->mode == WPAS_MODE_INFRA) {
-		/*
-		 * Use a separate timeout for initial data connection to
-		 * complete to allow the group to be removed automatically if
-		 * something goes wrong in this step before the P2P group idle
-		 * timeout mechanism is taken into use.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Re-start group formation timeout (%d seconds) as client for initial connection",
-			P2P_MAX_INITIAL_CONN_WAIT);
-		eloop_register_timeout(P2P_MAX_INITIAL_CONN_WAIT, 0,
-				       wpas_p2p_group_formation_timeout,
-				       wpa_s->p2pdev, NULL);
-		/* Complete group formation on successful data connection. */
-		wpa_s->p2p_go_group_formation_completed = 0;
-	} else if (ssid) {
-		/*
-		 * Use a separate timeout for initial data connection to
-		 * complete to allow the group to be removed automatically if
-		 * the client does not complete data connection successfully.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Re-start group formation timeout (%d seconds) as GO for initial connection",
-			P2P_MAX_INITIAL_CONN_WAIT_GO);
-		eloop_register_timeout(P2P_MAX_INITIAL_CONN_WAIT_GO, 0,
-				       wpas_p2p_group_formation_timeout,
-				       wpa_s->p2pdev, NULL);
-		/*
-		 * Complete group formation on first successful data connection
-		 */
-		wpa_s->p2p_go_group_formation_completed = 0;
-	}
-	if (wpa_s->global->p2p)
-		p2p_wps_success_cb(wpa_s->global->p2p, peer_addr);
-	wpas_group_formation_completed(wpa_s, 1, 0);
-}
-
-
-void wpas_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-			 struct wps_event_fail *fail)
-{
-	if (!wpa_s->p2p_in_provisioning) {
-		wpa_printf(MSG_DEBUG, "P2P: Ignore WPS fail event - P2P "
-			   "provisioning not in progress");
-		return;
-	}
-
-	if (wpa_s->go_params) {
-		p2p_clear_provisioning_info(
-			wpa_s->global->p2p,
-			wpa_s->go_params->peer_device_addr);
-	}
-
-	wpas_notify_p2p_wps_failed(wpa_s, fail);
-
-	if (wpa_s == wpa_s->global->p2p_group_formation) {
-		/*
-		 * Allow some time for the failed WPS negotiation exchange to
-		 * complete, but remove the group since group formation cannot
-		 * succeed after provisioning failure.
-		 */
-		wpa_printf(MSG_DEBUG, "P2P: WPS step failed during group formation - reject connection from timeout");
-		wpa_s->global->p2p_fail_on_wps_complete = 1;
-		eloop_deplete_timeout(0, 50000,
-				      wpas_p2p_group_formation_timeout,
-				      wpa_s->p2pdev, NULL);
-	}
-}
-
-
-int wpas_p2p_wps_eapol_cb(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->global->p2p_fail_on_wps_complete ||
-	    !wpa_s->p2p_in_provisioning)
-		return 0;
-
-	wpas_p2p_grpform_fail_after_wps(wpa_s);
-
-	return 1;
-}
-
-
-int wpas_p2p_prov_disc(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-		       const char *config_method,
-		       enum wpas_p2p_prov_disc_use use,
-		       struct p2ps_provision *p2ps_prov)
-{
-	u16 config_methods;
-
-	wpa_s->global->pending_p2ps_group = 0;
-	wpa_s->global->pending_p2ps_group_freq = 0;
-	wpa_s->p2p_fallback_to_go_neg = 0;
-	wpa_s->pending_pd_use = NORMAL_PD;
-	if (p2ps_prov && use == WPAS_P2P_PD_FOR_ASP) {
-		p2ps_prov->conncap = p2ps_group_capability(
-			wpa_s, P2PS_SETUP_NONE, p2ps_prov->role,
-			&p2ps_prov->force_freq, &p2ps_prov->pref_freq);
-
-		wpa_printf(MSG_DEBUG,
-			   "P2P: %s conncap: %d - ASP parsed: %x %x %d %s",
-			   __func__, p2ps_prov->conncap,
-			   p2ps_prov->adv_id, p2ps_prov->conncap,
-			   p2ps_prov->status, p2ps_prov->info);
-
-		config_methods = 0;
-	} else if (os_strncmp(config_method, "display", 7) == 0)
-		config_methods = WPS_CONFIG_DISPLAY;
-	else if (os_strncmp(config_method, "keypad", 6) == 0)
-		config_methods = WPS_CONFIG_KEYPAD;
-	else if (os_strncmp(config_method, "pbc", 3) == 0 ||
-		 os_strncmp(config_method, "pushbutton", 10) == 0)
-		config_methods = WPS_CONFIG_PUSHBUTTON;
-	else {
-		wpa_printf(MSG_DEBUG, "P2P: Unknown config method");
-		os_free(p2ps_prov);
-		return -1;
-	}
-
-	if (use == WPAS_P2P_PD_AUTO) {
-		os_memcpy(wpa_s->pending_join_dev_addr, peer_addr, ETH_ALEN);
-		wpa_s->pending_pd_config_methods = config_methods;
-		wpa_s->p2p_auto_pd = 1;
-		wpa_s->p2p_auto_join = 0;
-		wpa_s->pending_pd_before_join = 0;
-		wpa_s->auto_pd_scan_retry = 0;
-		wpas_p2p_stop_find(wpa_s);
-		wpa_s->p2p_join_scan_count = 0;
-		os_get_reltime(&wpa_s->p2p_auto_started);
-		wpa_printf(MSG_DEBUG, "P2P: Auto PD started at %ld.%06ld",
-			   wpa_s->p2p_auto_started.sec,
-			   wpa_s->p2p_auto_started.usec);
-		wpas_p2p_join_scan(wpa_s, NULL);
-		return 0;
-	}
-
-	if (wpa_s->global->p2p == NULL || wpa_s->global->p2p_disabled) {
-		os_free(p2ps_prov);
-		return -1;
-	}
-
-	return p2p_prov_disc_req(wpa_s->global->p2p, peer_addr, p2ps_prov,
-				 config_methods, use == WPAS_P2P_PD_FOR_JOIN,
-				 0, 1);
-}
-
-
-int wpas_p2p_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
-			      char *end)
-{
-	return p2p_scan_result_text(ies, ies_len, buf, end);
-}
-
-
-static void wpas_p2p_clear_pending_action_tx(struct wpa_supplicant *wpa_s)
-{
-	if (!offchannel_pending_action_tx(wpa_s))
-		return;
-
-	if (wpa_s->p2p_send_action_work) {
-		wpas_p2p_free_send_action_work(wpa_s);
-		eloop_cancel_timeout(wpas_p2p_send_action_work_timeout,
-				     wpa_s, NULL);
-		offchannel_send_action_done(wpa_s);
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Drop pending Action TX due to new "
-		   "operation request");
-	offchannel_clear_pending_action_tx(wpa_s);
-}
-
-
-int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
-		  enum p2p_discovery_type type,
-		  unsigned int num_req_dev_types, const u8 *req_dev_types,
-		  const u8 *dev_id, unsigned int search_delay,
-		  u8 seek_cnt, const char **seek_string, int freq,
-		  bool include_6ghz)
-{
-	wpas_p2p_clear_pending_action_tx(wpa_s);
-	wpa_s->global->p2p_long_listen = 0;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
-	    wpa_s->p2p_in_provisioning) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Reject p2p_find operation%s%s",
-			(wpa_s->global->p2p_disabled || !wpa_s->global->p2p) ?
-			" (P2P disabled)" : "",
-			wpa_s->p2p_in_provisioning ?
-			" (p2p_in_provisioning)" : "");
-		return -1;
-	}
-
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-
-	return p2p_find(wpa_s->global->p2p, timeout, type,
-			num_req_dev_types, req_dev_types, dev_id,
-			search_delay, seek_cnt, seek_string, freq,
-			include_6ghz);
-}
-
-
-static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s,
-					    struct wpa_scan_results *scan_res)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Ignore scan results");
-
-	if (wpa_s->p2p_scan_work) {
-		struct wpa_radio_work *work = wpa_s->p2p_scan_work;
-		wpa_s->p2p_scan_work = NULL;
-		radio_work_done(work);
-	}
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-
-	/*
-	 * Indicate that results have been processed so that the P2P module can
-	 * continue pending tasks.
-	 */
-	wpas_p2p_scan_res_handled(wpa_s);
-}
-
-
-static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s)
-{
-	wpas_p2p_clear_pending_action_tx(wpa_s);
-	wpa_s->global->p2p_long_listen = 0;
-	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
-
-	if (wpa_s->global->p2p)
-		p2p_stop_find(wpa_s->global->p2p);
-
-	if (wpa_s->scan_res_handler == wpas_p2p_scan_res_handler) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Do not consider the scan results after stop_find");
-		wpa_s->scan_res_handler = wpas_p2p_scan_res_ignore_search;
-	}
-}
-
-
-void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s)
-{
-	wpas_p2p_stop_find_oper(wpa_s);
-	if (!wpa_s->global->pending_group_iface_for_p2ps)
-		wpas_p2p_remove_pending_group_interface(wpa_s);
-}
-
-
-static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpa_s->global->p2p_long_listen = 0;
-}
-
-
-int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
-{
-	int res;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	if (wpa_s->p2p_lo_started) {
-		wpa_printf(MSG_DEBUG,
-			"P2P: Cannot start P2P listen, it is offloaded");
-		return -1;
-	}
-
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpas_p2p_clear_pending_action_tx(wpa_s);
-
-	if (timeout == 0) {
-		/*
-		 * This is a request for unlimited Listen state. However, at
-		 * least for now, this is mapped to a Listen state for one
-		 * hour.
-		 */
-		timeout = 3600;
-	}
-	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
-	wpa_s->global->p2p_long_listen = 0;
-
-	/*
-	 * Stop previous find/listen operation to avoid trying to request a new
-	 * remain-on-channel operation while the driver is still running the
-	 * previous one.
-	 */
-	if (wpa_s->global->p2p)
-		p2p_stop_find(wpa_s->global->p2p);
-
-	res = wpas_p2p_listen_start(wpa_s, timeout * 1000);
-	if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) {
-		wpa_s->global->p2p_long_listen = timeout * 1000;
-		eloop_register_timeout(timeout, 0,
-				       wpas_p2p_long_listen_timeout,
-				       wpa_s, NULL);
-	}
-
-	return res;
-}
-
-
-int wpas_p2p_assoc_req_ie(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			  u8 *buf, size_t len, int p2p_group)
-{
-	struct wpabuf *p2p_ie;
-	int ret;
-
-	if (wpa_s->global->p2p_disabled)
-		return -1;
-	/*
-	 * Advertize mandatory cross connection capability even on
-	 * p2p_disabled=1 interface when associating with a P2P Manager WLAN AP.
-	 */
-	if (wpa_s->conf->p2p_disabled && p2p_group)
-		return -1;
-	if (wpa_s->global->p2p == NULL)
-		return -1;
-	if (bss == NULL)
-		return -1;
-
-	p2p_ie = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
-	ret = p2p_assoc_req_ie(wpa_s->global->p2p, bss->bssid, buf, len,
-			       p2p_group, p2p_ie);
-	wpabuf_free(p2p_ie);
-
-	return ret;
-}
-
-
-int wpas_p2p_probe_req_rx(struct wpa_supplicant *wpa_s, const u8 *addr,
-			  const u8 *dst, const u8 *bssid,
-			  const u8 *ie, size_t ie_len,
-			  unsigned int rx_freq, int ssi_signal)
-{
-	if (wpa_s->global->p2p_disabled)
-		return 0;
-	if (wpa_s->global->p2p == NULL)
-		return 0;
-
-	switch (p2p_probe_req_rx(wpa_s->global->p2p, addr, dst, bssid,
-				 ie, ie_len, rx_freq, wpa_s->p2p_lo_started)) {
-	case P2P_PREQ_NOT_P2P:
-		wpas_notify_preq(wpa_s, addr, dst, bssid, ie, ie_len,
-				 ssi_signal);
-		/* fall through */
-	case P2P_PREQ_MALFORMED:
-	case P2P_PREQ_NOT_LISTEN:
-	case P2P_PREQ_NOT_PROCESSED:
-	default: /* make gcc happy */
-		return 0;
-	case P2P_PREQ_PROCESSED:
-		return 1;
-	}
-}
-
-
-void wpas_p2p_rx_action(struct wpa_supplicant *wpa_s, const u8 *da,
-			const u8 *sa, const u8 *bssid,
-			u8 category, const u8 *data, size_t len, int freq)
-{
-	if (wpa_s->global->p2p_disabled)
-		return;
-	if (wpa_s->global->p2p == NULL)
-		return;
-
-	p2p_rx_action(wpa_s->global->p2p, da, sa, bssid, category, data, len,
-		      freq);
-}
-
-
-void wpas_p2p_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ies)
-{
-	unsigned int bands;
-
-	if (wpa_s->global->p2p_disabled)
-		return;
-	if (wpa_s->global->p2p == NULL)
-		return;
-
-	bands = wpas_get_bands(wpa_s, NULL);
-	p2p_scan_ie(wpa_s->global->p2p, ies, NULL, bands);
-}
-
-
-static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s)
-{
-	p2p_group_deinit(wpa_s->p2p_group);
-	wpa_s->p2p_group = NULL;
-
-	wpa_s->ap_configured_cb = NULL;
-	wpa_s->ap_configured_cb_ctx = NULL;
-	wpa_s->ap_configured_cb_data = NULL;
-	wpa_s->connect_without_scan = NULL;
-}
-
-
-int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr)
-{
-	wpa_s->global->p2p_long_listen = 0;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	return p2p_reject(wpa_s->global->p2p, addr);
-}
-
-
-/* Invite to reinvoke a persistent group */
-int wpas_p2p_invite(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-		    struct wpa_ssid *ssid, const u8 *go_dev_addr, int freq,
-		    int vht_center_freq2, int ht40, int vht, int max_chwidth,
-		    int pref_freq, int he, int edmg, bool allow_6ghz)
-{
-	enum p2p_invite_role role;
-	u8 *bssid = NULL;
-	int force_freq = 0;
-	int res;
-	int no_pref_freq_given = pref_freq == 0;
-	unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
-
-	if (wpas_p2p_check_6ghz(wpa_s, NULL, allow_6ghz, freq))
-		return -1;
-
-	wpa_s->global->p2p_invite_group = NULL;
-	if (peer_addr)
-		os_memcpy(wpa_s->p2p_auth_invite, peer_addr, ETH_ALEN);
-	else
-		os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
-
-	wpa_s->p2p_persistent_go_freq = freq;
-	wpa_s->p2p_go_ht40 = !!ht40;
-	wpa_s->p2p_go_vht = !!vht;
-	wpa_s->p2p_go_he = !!he;
-	wpa_s->p2p_go_max_oper_chwidth = max_chwidth;
-	wpa_s->p2p_go_vht_center_freq2 = vht_center_freq2;
-	wpa_s->p2p_go_edmg = !!edmg;
-	if (ssid->mode == WPAS_MODE_P2P_GO) {
-		role = P2P_INVITE_ROLE_GO;
-		if (peer_addr == NULL) {
-			wpa_printf(MSG_DEBUG, "P2P: Missing peer "
-				   "address in invitation command");
-			return -1;
-		}
-		if (wpas_p2p_create_iface(wpa_s)) {
-			if (wpas_p2p_add_group_interface(wpa_s,
-							 WPA_IF_P2P_GO) < 0) {
-				wpa_printf(MSG_ERROR, "P2P: Failed to "
-					   "allocate a new interface for the "
-					   "group");
-				return -1;
-			}
-			bssid = wpa_s->pending_interface_addr;
-		} else if (wpa_s->p2p_mgmt)
-			bssid = wpa_s->parent->own_addr;
-		else
-			bssid = wpa_s->own_addr;
-	} else {
-		role = P2P_INVITE_ROLE_CLIENT;
-		peer_addr = ssid->bssid;
-	}
-	wpa_s->pending_invite_ssid_id = ssid->id;
-
-	size = P2P_MAX_PREF_CHANNELS;
-	res = wpas_p2p_setup_freqs(wpa_s, freq, &force_freq, &pref_freq,
-				   role == P2P_INVITE_ROLE_GO,
-				   pref_freq_list, &size);
-	if (res)
-		return res;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	p2p_set_own_pref_freq_list(wpa_s->global->p2p, pref_freq_list, size);
-
-	if (wpa_s->parent->conf->p2p_ignore_shared_freq &&
-	    no_pref_freq_given && pref_freq > 0 &&
-	    wpa_s->num_multichan_concurrent > 1 &&
-	    wpas_p2p_num_unused_channels(wpa_s) > 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Ignore own channel preference %d MHz for invitation due to p2p_ignore_shared_freq=1 configuration",
-			   pref_freq);
-		pref_freq = 0;
-	}
-
-	/*
-	 * Stop any find/listen operations before invitation and possibly
-	 * connection establishment.
-	 */
-	wpas_p2p_stop_find_oper(wpa_s);
-
-	return p2p_invite(wpa_s->global->p2p, peer_addr, role, bssid,
-			  ssid->ssid, ssid->ssid_len, force_freq, go_dev_addr,
-			  1, pref_freq, -1);
-}
-
-
-/* Invite to join an active group */
-int wpas_p2p_invite_group(struct wpa_supplicant *wpa_s, const char *ifname,
-			  const u8 *peer_addr, const u8 *go_dev_addr,
-			  bool allow_6ghz)
-{
-	struct wpa_global *global = wpa_s->global;
-	enum p2p_invite_role role;
-	u8 *bssid = NULL;
-	struct wpa_ssid *ssid;
-	int persistent;
-	int freq = 0, force_freq = 0, pref_freq = 0;
-	int res;
-	unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
-
-	wpa_s->p2p_persistent_go_freq = 0;
-	wpa_s->p2p_go_ht40 = 0;
-	wpa_s->p2p_go_vht = 0;
-	wpa_s->p2p_go_vht_center_freq2 = 0;
-	wpa_s->p2p_go_max_oper_chwidth = 0;
-	wpa_s->p2p_go_edmg = 0;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (os_strcmp(wpa_s->ifname, ifname) == 0)
-			break;
-	}
-	if (wpa_s == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Interface '%s' not found", ifname);
-		return -1;
-	}
-
-	ssid = wpa_s->current_ssid;
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: No current SSID to use for "
-			   "invitation");
-		return -1;
-	}
-
-	wpa_s->global->p2p_invite_group = wpa_s;
-	persistent = ssid->p2p_persistent_group &&
-		wpas_p2p_get_persistent(wpa_s->p2pdev, peer_addr,
-					ssid->ssid, ssid->ssid_len);
-
-	if (ssid->mode == WPAS_MODE_P2P_GO) {
-		role = P2P_INVITE_ROLE_ACTIVE_GO;
-		bssid = wpa_s->own_addr;
-		if (go_dev_addr == NULL)
-			go_dev_addr = wpa_s->global->p2p_dev_addr;
-		freq = ssid->frequency;
-	} else {
-		role = P2P_INVITE_ROLE_CLIENT;
-		if (wpa_s->wpa_state < WPA_ASSOCIATED) {
-			wpa_printf(MSG_DEBUG, "P2P: Not associated - cannot "
-				   "invite to current group");
-			return -1;
-		}
-		bssid = wpa_s->bssid;
-		if (go_dev_addr == NULL &&
-		    !is_zero_ether_addr(wpa_s->go_dev_addr))
-			go_dev_addr = wpa_s->go_dev_addr;
-		freq = wpa_s->current_bss ? wpa_s->current_bss->freq :
-			(int) wpa_s->assoc_freq;
-	}
-	wpa_s->p2pdev->pending_invite_ssid_id = -1;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-	if (wpas_p2p_check_6ghz(wpa_s, peer_addr, allow_6ghz, freq))
-		return -1;
-
-	size = P2P_MAX_PREF_CHANNELS;
-	res = wpas_p2p_setup_freqs(wpa_s, freq, &force_freq, &pref_freq,
-				   role == P2P_INVITE_ROLE_ACTIVE_GO,
-				   pref_freq_list, &size);
-	if (res)
-		return res;
-	wpas_p2p_set_own_freq_preference(wpa_s, force_freq);
-
-	return p2p_invite(wpa_s->global->p2p, peer_addr, role, bssid,
-			  ssid->ssid, ssid->ssid_len, force_freq,
-			  go_dev_addr, persistent, pref_freq, -1);
-}
-
-
-void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	u8 go_dev_addr[ETH_ALEN];
-	int persistent;
-	int freq;
-	u8 ip[3 * 4], *ip_ptr = NULL;
-	char ip_addr[100];
-
-	if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GROUP_FORMATION) {
-		eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-				     wpa_s->p2pdev, NULL);
-	}
-
-	if (!wpa_s->show_group_started || !ssid)
-		return;
-
-	wpa_s->show_group_started = 0;
-	if (!wpa_s->p2p_go_group_formation_completed &&
-	    wpa_s->global->p2p_group_formation == wpa_s) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Marking group formation completed on client on data connection");
-		wpa_s->p2p_go_group_formation_completed = 1;
-		wpa_s->global->p2p_group_formation = NULL;
-		wpa_s->p2p_in_provisioning = 0;
-		wpa_s->p2p_in_invitation = 0;
-	}
-
-	os_memset(go_dev_addr, 0, ETH_ALEN);
-	if (ssid->bssid_set)
-		os_memcpy(go_dev_addr, ssid->bssid, ETH_ALEN);
-	persistent = wpas_p2p_persistent_group(wpa_s, go_dev_addr, ssid->ssid,
-					       ssid->ssid_len);
-	os_memcpy(wpa_s->go_dev_addr, go_dev_addr, ETH_ALEN);
-
-	if (wpa_s->global->p2p_group_formation == wpa_s)
-		wpa_s->global->p2p_group_formation = NULL;
-
-	freq = wpa_s->current_bss ? wpa_s->current_bss->freq :
-		(int) wpa_s->assoc_freq;
-
-	ip_addr[0] = '\0';
-	if (wpa_sm_get_p2p_ip_addr(wpa_s->wpa, ip) == 0) {
-		int res;
-
-		res = os_snprintf(ip_addr, sizeof(ip_addr),
-				  " ip_addr=%u.%u.%u.%u "
-				  "ip_mask=%u.%u.%u.%u go_ip_addr=%u.%u.%u.%u",
-				  ip[0], ip[1], ip[2], ip[3],
-				  ip[4], ip[5], ip[6], ip[7],
-				  ip[8], ip[9], ip[10], ip[11]);
-		if (os_snprintf_error(sizeof(ip_addr), res))
-			ip_addr[0] = '\0';
-		ip_ptr = ip;
-	}
-
-	wpas_p2p_group_started(wpa_s, 0, ssid, freq,
-			       ssid->passphrase == NULL && ssid->psk_set ?
-			       ssid->psk : NULL,
-			       ssid->passphrase, go_dev_addr, persistent,
-			       ip_addr);
-
-	if (persistent)
-		wpas_p2p_store_persistent_group(wpa_s->p2pdev,
-						ssid, go_dev_addr);
-
-	wpas_notify_p2p_group_started(wpa_s, ssid, persistent, 1, ip_ptr);
-}
-
-
-int wpas_p2p_presence_req(struct wpa_supplicant *wpa_s, u32 duration1,
-			  u32 interval1, u32 duration2, u32 interval2)
-{
-	int ret;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
-	    wpa_s->current_ssid == NULL ||
-	    wpa_s->current_ssid->mode != WPAS_MODE_INFRA)
-		return -1;
-
-	ret = p2p_presence_req(wpa_s->global->p2p, wpa_s->bssid,
-			       wpa_s->own_addr, wpa_s->assoc_freq,
-			       duration1, interval1, duration2, interval2);
-	if (ret == 0)
-		wpa_s->waiting_presence_resp = 1;
-
-	return ret;
-}
-
-
-int wpas_p2p_ext_listen(struct wpa_supplicant *wpa_s, unsigned int period,
-			unsigned int interval)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	return p2p_ext_listen(wpa_s->global->p2p, period, interval);
-}
-
-
-static int wpas_p2p_is_client(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->current_ssid == NULL) {
-		/*
-		 * current_ssid can be cleared when P2P client interface gets
-		 * disconnected, so assume this interface was used as P2P
-		 * client.
-		 */
-		return 1;
-	}
-	return wpa_s->current_ssid->p2p_group &&
-		wpa_s->current_ssid->mode == WPAS_MODE_INFRA;
-}
-
-
-static void wpas_p2p_group_idle_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (wpa_s->conf->p2p_group_idle == 0 && !wpas_p2p_is_client(wpa_s)) {
-		wpa_printf(MSG_DEBUG, "P2P: Ignore group idle timeout - "
-			   "disabled");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Group idle timeout reached - terminate "
-		   "group");
-	wpas_p2p_group_delete(wpa_s, P2P_GROUP_REMOVAL_IDLE_TIMEOUT);
-}
-
-
-static void wpas_p2p_set_group_idle_timeout(struct wpa_supplicant *wpa_s)
-{
-	int timeout;
-
-	if (eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL) > 0)
-		wpa_printf(MSG_DEBUG, "P2P: Cancelled P2P group idle timeout");
-
-	if (wpa_s->current_ssid == NULL || !wpa_s->current_ssid->p2p_group)
-		return;
-
-	timeout = wpa_s->conf->p2p_group_idle;
-	if (wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
-	    (timeout == 0 || timeout > P2P_MAX_CLIENT_IDLE))
-	    timeout = P2P_MAX_CLIENT_IDLE;
-
-	if (timeout == 0)
-		return;
-
-	if (timeout < 0) {
-		if (wpa_s->current_ssid->mode == WPAS_MODE_INFRA)
-			timeout = 0; /* special client mode no-timeout */
-		else
-			return;
-	}
-
-	if (wpa_s->p2p_in_provisioning) {
-		/*
-		 * Use the normal group formation timeout during the
-		 * provisioning phase to avoid terminating this process too
-		 * early due to group idle timeout.
-		 */
-		wpa_printf(MSG_DEBUG, "P2P: Do not use P2P group idle timeout "
-			   "during provisioning");
-		return;
-	}
-
-	if (wpa_s->show_group_started) {
-		/*
-		 * Use the normal group formation timeout between the end of
-		 * the provisioning phase and completion of 4-way handshake to
-		 * avoid terminating this process too early due to group idle
-		 * timeout.
-		 */
-		wpa_printf(MSG_DEBUG, "P2P: Do not use P2P group idle timeout "
-			   "while waiting for initial 4-way handshake to "
-			   "complete");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Set P2P group idle timeout to %u seconds",
-		   timeout);
-	eloop_register_timeout(timeout, 0, wpas_p2p_group_idle_timeout,
-			       wpa_s, NULL);
-}
-
-
-/* Returns 1 if the interface was removed */
-int wpas_p2p_deauth_notif(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			  u16 reason_code, const u8 *ie, size_t ie_len,
-			  int locally_generated)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return 0;
-
-	if (!locally_generated)
-		p2p_deauth_notif(wpa_s->global->p2p, bssid, reason_code, ie,
-				 ie_len);
-
-	if (reason_code == WLAN_REASON_DEAUTH_LEAVING && !locally_generated &&
-	    wpa_s->current_ssid &&
-	    wpa_s->current_ssid->p2p_group &&
-	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA) {
-		wpa_printf(MSG_DEBUG, "P2P: GO indicated that the P2P Group "
-			   "session is ending");
-		if (wpas_p2p_group_delete(wpa_s,
-					  P2P_GROUP_REMOVAL_GO_ENDING_SESSION)
-		    > 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-void wpas_p2p_disassoc_notif(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			     u16 reason_code, const u8 *ie, size_t ie_len,
-			     int locally_generated)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-
-	if (!locally_generated)
-		p2p_disassoc_notif(wpa_s->global->p2p, bssid, reason_code, ie,
-				   ie_len);
-}
-
-
-void wpas_p2p_update_config(struct wpa_supplicant *wpa_s)
-{
-	struct p2p_data *p2p = wpa_s->global->p2p;
-
-	if (p2p == NULL)
-		return;
-
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE))
-		return;
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_NAME)
-		p2p_set_dev_name(p2p, wpa_s->conf->device_name);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE)
-		p2p_set_pri_dev_type(p2p, wpa_s->conf->device_type);
-
-	if (wpa_s->wps &&
-	    (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS))
-		p2p_set_config_methods(p2p, wpa_s->wps->config_methods);
-
-	if (wpa_s->wps && (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID))
-		p2p_set_uuid(p2p, wpa_s->wps->uuid);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WPS_STRING) {
-		p2p_set_manufacturer(p2p, wpa_s->conf->manufacturer);
-		p2p_set_model_name(p2p, wpa_s->conf->model_name);
-		p2p_set_model_number(p2p, wpa_s->conf->model_number);
-		p2p_set_serial_number(p2p, wpa_s->conf->serial_number);
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE)
-		p2p_set_sec_dev_types(p2p,
-				      (void *) wpa_s->conf->sec_device_type,
-				      wpa_s->conf->num_sec_device_types);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_VENDOR_EXTENSION) {
-		int i;
-		p2p_remove_wps_vendor_extensions(p2p);
-		for (i = 0; i < MAX_WPS_VENDOR_EXT; i++) {
-			if (wpa_s->conf->wps_vendor_ext[i] == NULL)
-				continue;
-			p2p_add_wps_vendor_extension(
-				p2p, wpa_s->conf->wps_vendor_ext[i]);
-		}
-	}
-
-	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
-	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
-		char country[3];
-		country[0] = wpa_s->conf->country[0];
-		country[1] = wpa_s->conf->country[1];
-		country[2] = 0x04;
-		p2p_set_country(p2p, country);
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_P2P_SSID_POSTFIX) {
-		p2p_set_ssid_postfix(p2p, (u8 *) wpa_s->conf->p2p_ssid_postfix,
-				     wpa_s->conf->p2p_ssid_postfix ?
-				     os_strlen(wpa_s->conf->p2p_ssid_postfix) :
-				     0);
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_P2P_INTRA_BSS)
-		p2p_set_intra_bss_dist(p2p, wpa_s->conf->p2p_intra_bss);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_P2P_LISTEN_CHANNEL) {
-		u8 reg_class, channel;
-		int ret;
-		unsigned int r;
-		u8 channel_forced;
-
-		if (wpa_s->conf->p2p_listen_reg_class &&
-		    wpa_s->conf->p2p_listen_channel) {
-			reg_class = wpa_s->conf->p2p_listen_reg_class;
-			channel = wpa_s->conf->p2p_listen_channel;
-			channel_forced = 1;
-		} else {
-			reg_class = 81;
-			/*
-			 * Pick one of the social channels randomly as the
-			 * listen channel.
-			 */
-			if (os_get_random((u8 *) &r, sizeof(r)) < 0)
-				channel = 1;
-			else
-				channel = 1 + (r % 3) * 5;
-			channel_forced = 0;
-		}
-		ret = p2p_set_listen_channel(p2p, reg_class, channel,
-					     channel_forced);
-		if (ret)
-			wpa_printf(MSG_ERROR, "P2P: Own listen channel update "
-				   "failed: %d", ret);
-	}
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_P2P_OPER_CHANNEL) {
-		u8 op_reg_class, op_channel, cfg_op_channel;
-		int ret = 0;
-		unsigned int r;
-		if (wpa_s->conf->p2p_oper_reg_class &&
-		    wpa_s->conf->p2p_oper_channel) {
-			op_reg_class = wpa_s->conf->p2p_oper_reg_class;
-			op_channel = wpa_s->conf->p2p_oper_channel;
-			cfg_op_channel = 1;
-		} else {
-			op_reg_class = 81;
-			/*
-			 * Use random operation channel from (1, 6, 11)
-			 *if no other preference is indicated.
-			 */
-			if (os_get_random((u8 *) &r, sizeof(r)) < 0)
-				op_channel = 1;
-			else
-				op_channel = 1 + (r % 3) * 5;
-			cfg_op_channel = 0;
-		}
-		ret = p2p_set_oper_channel(p2p, op_reg_class, op_channel,
-					   cfg_op_channel);
-		if (ret)
-			wpa_printf(MSG_ERROR, "P2P: Own oper channel update "
-				   "failed: %d", ret);
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_P2P_PREF_CHAN) {
-		if (p2p_set_pref_chan(p2p, wpa_s->conf->num_p2p_pref_chan,
-				      wpa_s->conf->p2p_pref_chan) < 0) {
-			wpa_printf(MSG_ERROR, "P2P: Preferred channel list "
-				   "update failed");
-		}
-
-		if (p2p_set_no_go_freq(p2p, &wpa_s->conf->p2p_no_go_freq) < 0) {
-			wpa_printf(MSG_ERROR, "P2P: No GO channel list "
-				   "update failed");
-		}
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_P2P_PASSPHRASE_LEN)
-		p2p_set_passphrase_len(p2p, wpa_s->conf->p2p_passphrase_len);
-}
-
-
-int wpas_p2p_set_noa(struct wpa_supplicant *wpa_s, u8 count, int start,
-		     int duration)
-{
-	if (!wpa_s->ap_iface)
-		return -1;
-	return hostapd_p2p_set_noa(wpa_s->ap_iface->bss[0], count, start,
-				   duration);
-}
-
-
-int wpas_p2p_set_cross_connect(struct wpa_supplicant *wpa_s, int enabled)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	wpa_s->global->cross_connection = enabled;
-	p2p_set_cross_connect(wpa_s->global->p2p, enabled);
-
-	if (!enabled) {
-		struct wpa_supplicant *iface;
-
-		for (iface = wpa_s->global->ifaces; iface; iface = iface->next)
-		{
-			if (iface->cross_connect_enabled == 0)
-				continue;
-
-			iface->cross_connect_enabled = 0;
-			iface->cross_connect_in_use = 0;
-			wpa_msg_global(iface->p2pdev, MSG_INFO,
-				       P2P_EVENT_CROSS_CONNECT_DISABLE "%s %s",
-				       iface->ifname,
-				       iface->cross_connect_uplink);
-		}
-	}
-
-	return 0;
-}
-
-
-static void wpas_p2p_enable_cross_connect(struct wpa_supplicant *uplink)
-{
-	struct wpa_supplicant *iface;
-
-	if (!uplink->global->cross_connection)
-		return;
-
-	for (iface = uplink->global->ifaces; iface; iface = iface->next) {
-		if (!iface->cross_connect_enabled)
-			continue;
-		if (os_strcmp(uplink->ifname, iface->cross_connect_uplink) !=
-		    0)
-			continue;
-		if (iface->ap_iface == NULL)
-			continue;
-		if (iface->cross_connect_in_use)
-			continue;
-
-		iface->cross_connect_in_use = 1;
-		wpa_msg_global(iface->p2pdev, MSG_INFO,
-			       P2P_EVENT_CROSS_CONNECT_ENABLE "%s %s",
-			       iface->ifname, iface->cross_connect_uplink);
-	}
-}
-
-
-static void wpas_p2p_disable_cross_connect(struct wpa_supplicant *uplink)
-{
-	struct wpa_supplicant *iface;
-
-	for (iface = uplink->global->ifaces; iface; iface = iface->next) {
-		if (!iface->cross_connect_enabled)
-			continue;
-		if (os_strcmp(uplink->ifname, iface->cross_connect_uplink) !=
-		    0)
-			continue;
-		if (!iface->cross_connect_in_use)
-			continue;
-
-		wpa_msg_global(iface->p2pdev, MSG_INFO,
-			       P2P_EVENT_CROSS_CONNECT_DISABLE "%s %s",
-			       iface->ifname, iface->cross_connect_uplink);
-		iface->cross_connect_in_use = 0;
-	}
-}
-
-
-void wpas_p2p_notif_connected(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->ap_iface || wpa_s->current_ssid == NULL ||
-	    wpa_s->current_ssid->mode != WPAS_MODE_INFRA ||
-	    wpa_s->cross_connect_disallowed)
-		wpas_p2p_disable_cross_connect(wpa_s);
-	else
-		wpas_p2p_enable_cross_connect(wpa_s);
-	if (!wpa_s->ap_iface &&
-	    eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL) > 0)
-		wpa_printf(MSG_DEBUG, "P2P: Cancelled P2P group idle timeout");
-}
-
-
-void wpas_p2p_notif_disconnected(struct wpa_supplicant *wpa_s)
-{
-	wpas_p2p_disable_cross_connect(wpa_s);
-	if (!wpa_s->ap_iface &&
-	    !eloop_is_timeout_registered(wpas_p2p_group_idle_timeout,
-					 wpa_s, NULL))
-		wpas_p2p_set_group_idle_timeout(wpa_s);
-}
-
-
-static void wpas_p2p_cross_connect_setup(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_supplicant *iface;
-
-	if (!wpa_s->global->cross_connection)
-		return;
-
-	for (iface = wpa_s->global->ifaces; iface; iface = iface->next) {
-		if (iface == wpa_s)
-			continue;
-		if (iface->drv_flags &
-		    WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)
-			continue;
-		if ((iface->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE) &&
-		    iface != wpa_s->parent)
-			continue;
-
-		wpa_s->cross_connect_enabled = 1;
-		os_strlcpy(wpa_s->cross_connect_uplink, iface->ifname,
-			   sizeof(wpa_s->cross_connect_uplink));
-		wpa_printf(MSG_DEBUG, "P2P: Enable cross connection from "
-			   "%s to %s whenever uplink is available",
-			   wpa_s->ifname, wpa_s->cross_connect_uplink);
-
-		if (iface->ap_iface || iface->current_ssid == NULL ||
-		    iface->current_ssid->mode != WPAS_MODE_INFRA ||
-		    iface->cross_connect_disallowed ||
-		    iface->wpa_state != WPA_COMPLETED)
-			break;
-
-		wpa_s->cross_connect_in_use = 1;
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_CROSS_CONNECT_ENABLE "%s %s",
-			       wpa_s->ifname, wpa_s->cross_connect_uplink);
-		break;
-	}
-}
-
-
-int wpas_p2p_notif_pbc_overlap(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->p2p_group_interface != P2P_GROUP_INTERFACE_CLIENT &&
-	    !wpa_s->p2p_in_provisioning)
-		return 0; /* not P2P client operation */
-
-	wpa_printf(MSG_DEBUG, "P2P: Terminate connection due to WPS PBC "
-		   "session overlap");
-	if (wpa_s != wpa_s->p2pdev)
-		wpa_msg_ctrl(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_OVERLAP);
-	wpas_p2p_group_formation_failed(wpa_s, 0);
-	return 1;
-}
-
-
-void wpas_p2p_pbc_overlap_cb(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpas_p2p_notif_pbc_overlap(wpa_s);
-}
-
-
-void wpas_p2p_update_channel_list(struct wpa_supplicant *wpa_s,
-				  enum wpas_p2p_channel_update_trig trig)
-{
-	struct p2p_channels chan, cli_chan;
-	struct wpa_used_freq_data *freqs = NULL;
-	unsigned int num = wpa_s->num_multichan_concurrent;
-
-	if (wpa_s->global == NULL || wpa_s->global->p2p == NULL)
-		return;
-
-	freqs = os_calloc(num, sizeof(struct wpa_used_freq_data));
-	if (!freqs)
-		return;
-
-	num = get_shared_radio_freqs_data(wpa_s, freqs, num);
-
-	os_memset(&chan, 0, sizeof(chan));
-	os_memset(&cli_chan, 0, sizeof(cli_chan));
-	if (wpas_p2p_setup_channels(wpa_s, &chan, &cli_chan,
-				    is_p2p_6ghz_disabled(wpa_s->global->p2p))) {
-		wpa_printf(MSG_ERROR, "P2P: Failed to update supported "
-			   "channel list");
-		return;
-	}
-
-	p2p_update_channel_list(wpa_s->global->p2p, &chan, &cli_chan);
-
-	wpas_p2p_optimize_listen_channel(wpa_s, freqs, num);
-
-	/*
-	 * The used frequencies map changed, so it is possible that a GO is
-	 * using a channel that is no longer valid for P2P use. It is also
-	 * possible that due to policy consideration, it would be preferable to
-	 * move it to a frequency already used by other station interfaces.
-	 */
-	wpas_p2p_consider_moving_gos(wpa_s, freqs, num, trig);
-
-	os_free(freqs);
-}
-
-
-static void wpas_p2p_scan_res_ignore(struct wpa_supplicant *wpa_s,
-				     struct wpa_scan_results *scan_res)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Ignore scan results");
-}
-
-
-int wpas_p2p_cancel(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_global *global = wpa_s->global;
-	int found = 0;
-	const u8 *peer;
-
-	if (global->p2p == NULL)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "P2P: Request to cancel group formation");
-
-	if (wpa_s->pending_interface_name[0] &&
-	    !is_zero_ether_addr(wpa_s->pending_interface_addr))
-		found = 1;
-
-	peer = p2p_get_go_neg_peer(global->p2p);
-	if (peer) {
-		wpa_printf(MSG_DEBUG, "P2P: Unauthorize pending GO Neg peer "
-			   MACSTR, MAC2STR(peer));
-		p2p_unauthorize(global->p2p, peer);
-		found = 1;
-	}
-
-	if (wpa_s->scan_res_handler == wpas_p2p_scan_res_join) {
-		wpa_printf(MSG_DEBUG, "P2P: Stop pending scan for join");
-		wpa_s->scan_res_handler = wpas_p2p_scan_res_ignore;
-		found = 1;
-	}
-
-	if (wpa_s->pending_pd_before_join) {
-		wpa_printf(MSG_DEBUG, "P2P: Stop pending PD before join");
-		wpa_s->pending_pd_before_join = 0;
-		found = 1;
-	}
-
-	wpas_p2p_stop_find(wpa_s);
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (wpa_s == global->p2p_group_formation &&
-		    (wpa_s->p2p_in_provisioning ||
-		     wpa_s->parent->pending_interface_type ==
-		     WPA_IF_P2P_CLIENT)) {
-			wpa_printf(MSG_DEBUG, "P2P: Interface %s in group "
-				   "formation found - cancelling",
-				   wpa_s->ifname);
-			found = 1;
-			eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-					     wpa_s->p2pdev, NULL);
-			if (wpa_s->p2p_in_provisioning) {
-				wpas_group_formation_completed(wpa_s, 0, 0);
-				break;
-			}
-			wpas_p2p_group_delete(wpa_s,
-					      P2P_GROUP_REMOVAL_REQUESTED);
-			break;
-		} else if (wpa_s->p2p_in_invitation) {
-			wpa_printf(MSG_DEBUG, "P2P: Interface %s in invitation found - cancelling",
-				   wpa_s->ifname);
-			found = 1;
-			wpas_p2p_group_formation_failed(wpa_s, 0);
-			break;
-		}
-	}
-
-	if (!found) {
-		wpa_printf(MSG_DEBUG, "P2P: No ongoing group formation found");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-void wpas_p2p_interface_unavailable(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->current_ssid == NULL || !wpa_s->current_ssid->p2p_group)
-		return;
-
-	wpa_printf(MSG_DEBUG, "P2P: Remove group due to driver resource not "
-		   "being available anymore");
-	wpas_p2p_group_delete(wpa_s, P2P_GROUP_REMOVAL_UNAVAILABLE);
-}
-
-
-void wpas_p2p_update_best_channels(struct wpa_supplicant *wpa_s,
-				   int freq_24, int freq_5, int freq_overall)
-{
-	struct p2p_data *p2p = wpa_s->global->p2p;
-	if (p2p == NULL)
-		return;
-	p2p_set_best_channels(p2p, freq_24, freq_5, freq_overall);
-}
-
-
-int wpas_p2p_unauthorize(struct wpa_supplicant *wpa_s, const char *addr)
-{
-	u8 peer[ETH_ALEN];
-	struct p2p_data *p2p = wpa_s->global->p2p;
-
-	if (p2p == NULL)
-		return -1;
-
-	if (hwaddr_aton(addr, peer))
-		return -1;
-
-	return p2p_unauthorize(p2p, peer);
-}
-
-
-/**
- * wpas_p2p_disconnect - Disconnect from a P2P Group
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 on success, -1 on failure
- *
- * This can be used to disconnect from a group in which the local end is a P2P
- * Client or to end a P2P Group in case the local end is the Group Owner. If a
- * virtual network interface was created for this group, that interface will be
- * removed. Otherwise, only the configured P2P group network will be removed
- * from the interface.
- */
-int wpas_p2p_disconnect(struct wpa_supplicant *wpa_s)
-{
-
-	if (wpa_s == NULL)
-		return -1;
-
-	return wpas_p2p_group_delete(wpa_s, P2P_GROUP_REMOVAL_REQUESTED) < 0 ?
-		-1 : 0;
-}
-
-
-int wpas_p2p_in_progress(struct wpa_supplicant *wpa_s)
-{
-	int ret;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return 0;
-
-	ret = p2p_in_progress(wpa_s->global->p2p);
-	if (ret == 0) {
-		/*
-		 * Check whether there is an ongoing WPS provisioning step (or
-		 * other parts of group formation) on another interface since
-		 * p2p_in_progress() does not report this to avoid issues for
-		 * scans during such provisioning step.
-		 */
-		if (wpa_s->global->p2p_group_formation &&
-		    wpa_s->global->p2p_group_formation != wpa_s) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Another interface (%s) "
-				"in group formation",
-				wpa_s->global->p2p_group_formation->ifname);
-			ret = 1;
-		}
-	}
-
-	if (!ret && wpa_s->global->p2p_go_wait_client.sec) {
-		struct os_reltime now;
-		os_get_reltime(&now);
-		if (os_reltime_expired(&now, &wpa_s->global->p2p_go_wait_client,
-				       P2P_MAX_INITIAL_CONN_WAIT_GO)) {
-			/* Wait for the first client has expired */
-			wpa_s->global->p2p_go_wait_client.sec = 0;
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Waiting for initial client connection during group formation");
-			ret = 1;
-		}
-	}
-
-	return ret;
-}
-
-
-void wpas_p2p_network_removed(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid)
-{
-	if (wpa_s->p2p_in_provisioning && ssid->p2p_group &&
-	    eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-				 wpa_s->p2pdev, NULL) > 0) {
-		/**
-		 * Remove the network by scheduling the group formation
-		 * timeout to happen immediately. The teardown code
-		 * needs to be scheduled to run asynch later so that we
-		 * don't delete data from under ourselves unexpectedly.
-		 * Calling wpas_p2p_group_formation_timeout directly
-		 * causes a series of crashes in WPS failure scenarios.
-		 */
-		wpa_printf(MSG_DEBUG, "P2P: Canceled group formation due to "
-			   "P2P group network getting removed");
-		eloop_register_timeout(0, 0, wpas_p2p_group_formation_timeout,
-				       wpa_s->p2pdev, NULL);
-	}
-}
-
-
-struct wpa_ssid * wpas_p2p_get_persistent(struct wpa_supplicant *wpa_s,
-					  const u8 *addr, const u8 *ssid,
-					  size_t ssid_len)
-{
-	struct wpa_ssid *s;
-	size_t i;
-
-	for (s = wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled != 2)
-			continue;
-		if (ssid &&
-		    (ssid_len != s->ssid_len ||
-		     os_memcmp(ssid, s->ssid, ssid_len) != 0))
-			continue;
-		if (addr == NULL) {
-			if (s->mode == WPAS_MODE_P2P_GO)
-				return s;
-			continue;
-		}
-		if (os_memcmp(s->bssid, addr, ETH_ALEN) == 0)
-			return s; /* peer is GO in the persistent group */
-		if (s->mode != WPAS_MODE_P2P_GO || s->p2p_client_list == NULL)
-			continue;
-		for (i = 0; i < s->num_p2p_clients; i++) {
-			if (os_memcmp(s->p2p_client_list + i * 2 * ETH_ALEN,
-				      addr, ETH_ALEN) == 0)
-				return s; /* peer is P2P client in persistent
-					   * group */
-		}
-	}
-
-	return NULL;
-}
-
-
-void wpas_p2p_notify_ap_sta_authorized(struct wpa_supplicant *wpa_s,
-				       const u8 *addr)
-{
-	if (eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
-				 wpa_s->p2pdev, NULL) > 0) {
-		/*
-		 * This can happen if WPS provisioning step is not terminated
-		 * cleanly (e.g., P2P Client does not send WSC_Done). Since the
-		 * peer was able to connect, there is no need to time out group
-		 * formation after this, though. In addition, this is used with
-		 * the initial connection wait on the GO as a separate formation
-		 * timeout and as such, expected to be hit after the initial WPS
-		 * provisioning step.
-		 */
-		wpa_printf(MSG_DEBUG, "P2P: Canceled P2P group formation timeout on data connection");
-
-		if (!wpa_s->p2p_go_group_formation_completed &&
-		    !wpa_s->group_formation_reported) {
-			/*
-			 * GO has not yet notified group formation success since
-			 * the WPS step was not completed cleanly. Do that
-			 * notification now since the P2P Client was able to
-			 * connect and as such, must have received the
-			 * credential from the WPS step.
-			 */
-			if (wpa_s->global->p2p)
-				p2p_wps_success_cb(wpa_s->global->p2p, addr);
-			wpas_group_formation_completed(wpa_s, 1, 0);
-		}
-	}
-	if (!wpa_s->p2p_go_group_formation_completed) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Marking group formation completed on GO on first data connection");
-		wpa_s->p2p_go_group_formation_completed = 1;
-		wpa_s->global->p2p_group_formation = NULL;
-		wpa_s->p2p_in_provisioning = 0;
-		wpa_s->p2p_in_invitation = 0;
-	}
-	wpa_s->global->p2p_go_wait_client.sec = 0;
-	if (addr == NULL)
-		return;
-	wpas_p2p_add_persistent_group_client(wpa_s, addr);
-}
-
-
-static int wpas_p2p_fallback_to_go_neg(struct wpa_supplicant *wpa_s,
-				       int group_added)
-{
-	struct wpa_supplicant *group = wpa_s;
-	int ret = 0;
-
-	if (wpa_s->global->p2p_group_formation)
-		group = wpa_s->global->p2p_group_formation;
-	wpa_s = wpa_s->global->p2p_init_wpa_s;
-	offchannel_send_action_done(wpa_s);
-	if (group_added)
-		ret = wpas_p2p_group_delete(group, P2P_GROUP_REMOVAL_SILENT);
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Fall back to GO Negotiation");
-	wpas_p2p_connect(wpa_s, wpa_s->pending_join_dev_addr, wpa_s->p2p_pin,
-			 wpa_s->p2p_wps_method, wpa_s->p2p_persistent_group, 0,
-			 0, 0, wpa_s->p2p_go_intent, wpa_s->p2p_connect_freq,
-			 wpa_s->p2p_go_vht_center_freq2,
-			 wpa_s->p2p_persistent_id,
-			 wpa_s->p2p_pd_before_go_neg,
-			 wpa_s->p2p_go_ht40,
-			 wpa_s->p2p_go_vht,
-			 wpa_s->p2p_go_max_oper_chwidth,
-			 wpa_s->p2p_go_he,
-			 wpa_s->p2p_go_edmg,
-			 NULL, 0, is_p2p_allow_6ghz(wpa_s->global->p2p));
-	return ret;
-}
-
-
-int wpas_p2p_scan_no_go_seen(struct wpa_supplicant *wpa_s)
-{
-	int res;
-
-	if (!wpa_s->p2p_fallback_to_go_neg ||
-	    wpa_s->p2p_in_provisioning <= 5)
-		return 0;
-
-	if (wpas_p2p_peer_go(wpa_s, wpa_s->pending_join_dev_addr) > 0)
-		return 0; /* peer operating as a GO */
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: GO not found for p2p_connect-auto - "
-		"fallback to GO Negotiation");
-	wpa_msg_global(wpa_s->p2pdev, MSG_INFO, P2P_EVENT_FALLBACK_TO_GO_NEG
-		       "reason=GO-not-found");
-	res = wpas_p2p_fallback_to_go_neg(wpa_s, 1);
-
-	return res == 1 ? 2 : 1;
-}
-
-
-unsigned int wpas_p2p_search_delay(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_supplicant *ifs;
-
-	if (wpa_s->wpa_state > WPA_SCANNING) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use %u ms search delay due to "
-			"concurrent operation",
-			wpa_s->conf->p2p_search_delay);
-		return wpa_s->conf->p2p_search_delay;
-	}
-
-	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
-			 radio_list) {
-		if (ifs != wpa_s && ifs->wpa_state > WPA_SCANNING) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use %u ms search "
-				"delay due to concurrent operation on "
-				"interface %s",
-				wpa_s->conf->p2p_search_delay,
-				ifs->ifname);
-			return wpa_s->conf->p2p_search_delay;
-		}
-	}
-
-	return 0;
-}
-
-
-static int wpas_p2p_remove_psk_entry(struct wpa_supplicant *wpa_s,
-				     struct wpa_ssid *s, const u8 *addr,
-				     int iface_addr)
-{
-	struct psk_list_entry *psk, *tmp;
-	int changed = 0;
-
-	dl_list_for_each_safe(psk, tmp, &s->psk_list, struct psk_list_entry,
-			      list) {
-		if ((iface_addr && !psk->p2p &&
-		     os_memcmp(addr, psk->addr, ETH_ALEN) == 0) ||
-		    (!iface_addr && psk->p2p &&
-		     os_memcmp(addr, psk->addr, ETH_ALEN) == 0)) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Remove persistent group PSK list entry for "
-				MACSTR " p2p=%u",
-				MAC2STR(psk->addr), psk->p2p);
-			dl_list_del(&psk->list);
-			os_free(psk);
-			changed++;
-		}
-	}
-
-	return changed;
-}
-
-
-void wpas_p2p_new_psk_cb(struct wpa_supplicant *wpa_s, const u8 *mac_addr,
-			 const u8 *p2p_dev_addr,
-			 const u8 *psk, size_t psk_len)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct wpa_ssid *persistent;
-	struct psk_list_entry *p, *last;
-
-	if (psk_len != sizeof(p->psk))
-		return;
-
-	if (p2p_dev_addr) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: New PSK for addr=" MACSTR
-			" p2p_dev_addr=" MACSTR,
-			MAC2STR(mac_addr), MAC2STR(p2p_dev_addr));
-		if (is_zero_ether_addr(p2p_dev_addr))
-			p2p_dev_addr = NULL;
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: New PSK for addr=" MACSTR,
-			MAC2STR(mac_addr));
-	}
-
-	if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: new_psk_cb during group formation");
-		/* To be added to persistent group once created */
-		if (wpa_s->global->add_psk == NULL) {
-			wpa_s->global->add_psk = os_zalloc(sizeof(*p));
-			if (wpa_s->global->add_psk == NULL)
-				return;
-		}
-		p = wpa_s->global->add_psk;
-		if (p2p_dev_addr) {
-			p->p2p = 1;
-			os_memcpy(p->addr, p2p_dev_addr, ETH_ALEN);
-		} else {
-			p->p2p = 0;
-			os_memcpy(p->addr, mac_addr, ETH_ALEN);
-		}
-		os_memcpy(p->psk, psk, psk_len);
-		return;
-	}
-
-	if (ssid->mode != WPAS_MODE_P2P_GO || !ssid->p2p_persistent_group) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Ignore new_psk_cb on not-persistent GO");
-		return;
-	}
-
-	persistent = wpas_p2p_get_persistent(wpa_s->p2pdev, NULL, ssid->ssid,
-					     ssid->ssid_len);
-	if (!persistent) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Could not find persistent group information to store the new PSK");
-		return;
-	}
-
-	p = os_zalloc(sizeof(*p));
-	if (p == NULL)
-		return;
-	if (p2p_dev_addr) {
-		p->p2p = 1;
-		os_memcpy(p->addr, p2p_dev_addr, ETH_ALEN);
-	} else {
-		p->p2p = 0;
-		os_memcpy(p->addr, mac_addr, ETH_ALEN);
-	}
-	os_memcpy(p->psk, psk, psk_len);
-
-	if (dl_list_len(&persistent->psk_list) > P2P_MAX_STORED_CLIENTS &&
-	    (last = dl_list_last(&persistent->psk_list,
-				 struct psk_list_entry, list))) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Remove oldest PSK entry for "
-			MACSTR " (p2p=%u) to make room for a new one",
-			MAC2STR(last->addr), last->p2p);
-		dl_list_del(&last->list);
-		os_free(last);
-	}
-
-	wpas_p2p_remove_psk_entry(wpa_s->p2pdev, persistent,
-				  p2p_dev_addr ? p2p_dev_addr : mac_addr,
-				  p2p_dev_addr == NULL);
-	if (p2p_dev_addr) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Add new PSK for p2p_dev_addr="
-			MACSTR, MAC2STR(p2p_dev_addr));
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Add new PSK for addr=" MACSTR,
-			MAC2STR(mac_addr));
-	}
-	dl_list_add(&persistent->psk_list, &p->list);
-
-	if (wpa_s->p2pdev->conf->update_config &&
-	    wpa_config_write(wpa_s->p2pdev->confname, wpa_s->p2pdev->conf))
-		wpa_printf(MSG_DEBUG, "P2P: Failed to update configuration");
-}
-
-
-static void wpas_p2p_remove_psk(struct wpa_supplicant *wpa_s,
-				struct wpa_ssid *s, const u8 *addr,
-				int iface_addr)
-{
-	int res;
-
-	res = wpas_p2p_remove_psk_entry(wpa_s, s, addr, iface_addr);
-	if (res > 0 && wpa_s->conf->update_config &&
-	    wpa_config_write(wpa_s->confname, wpa_s->conf))
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Failed to update configuration");
-}
-
-
-static void wpas_p2p_remove_client_go(struct wpa_supplicant *wpa_s,
-				      const u8 *peer, int iface_addr)
-{
-	struct hostapd_data *hapd;
-	struct hostapd_wpa_psk *psk, *prev, *rem;
-	struct sta_info *sta;
-
-	if (wpa_s->ap_iface == NULL || wpa_s->current_ssid == NULL ||
-	    wpa_s->current_ssid->mode != WPAS_MODE_P2P_GO)
-		return;
-
-	/* Remove per-station PSK entry */
-	hapd = wpa_s->ap_iface->bss[0];
-	prev = NULL;
-	psk = hapd->conf->ssid.wpa_psk;
-	while (psk) {
-		if ((iface_addr && os_memcmp(peer, psk->addr, ETH_ALEN) == 0) ||
-		    (!iface_addr &&
-		     os_memcmp(peer, psk->p2p_dev_addr, ETH_ALEN) == 0)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Remove operating group PSK entry for "
-				MACSTR " iface_addr=%d",
-				MAC2STR(peer), iface_addr);
-			if (prev)
-				prev->next = psk->next;
-			else
-				hapd->conf->ssid.wpa_psk = psk->next;
-			rem = psk;
-			psk = psk->next;
-			os_free(rem);
-		} else {
-			prev = psk;
-			psk = psk->next;
-		}
-	}
-
-	/* Disconnect from group */
-	if (iface_addr)
-		sta = ap_get_sta(hapd, peer);
-	else
-		sta = ap_get_sta_p2p(hapd, peer);
-	if (sta) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disconnect peer " MACSTR
-			" (iface_addr=%d) from group",
-			MAC2STR(peer), iface_addr);
-		hostapd_drv_sta_deauth(hapd, sta->addr,
-				       WLAN_REASON_DEAUTH_LEAVING);
-		ap_sta_deauthenticate(hapd, sta, WLAN_REASON_DEAUTH_LEAVING);
-	}
-}
-
-
-void wpas_p2p_remove_client(struct wpa_supplicant *wpa_s, const u8 *peer,
-			    int iface_addr)
-{
-	struct wpa_ssid *s;
-	struct wpa_supplicant *w;
-	struct wpa_supplicant *p2p_wpa_s = wpa_s->global->p2p_init_wpa_s;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Remove client " MACSTR, MAC2STR(peer));
-
-	/* Remove from any persistent group */
-	for (s = p2p_wpa_s->conf->ssid; s; s = s->next) {
-		if (s->disabled != 2 || s->mode != WPAS_MODE_P2P_GO)
-			continue;
-		if (!iface_addr)
-			wpas_remove_persistent_peer(p2p_wpa_s, s, peer, 0);
-		wpas_p2p_remove_psk(p2p_wpa_s, s, peer, iface_addr);
-	}
-
-	/* Remove from any operating group */
-	for (w = wpa_s->global->ifaces; w; w = w->next)
-		wpas_p2p_remove_client_go(w, peer, iface_addr);
-}
-
-
-static void wpas_p2p_psk_failure_removal(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpas_p2p_group_delete(wpa_s, P2P_GROUP_REMOVAL_PSK_FAILURE);
-}
-
-
-static void wpas_p2p_group_freq_conflict(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	wpa_printf(MSG_DEBUG, "P2P: Frequency conflict - terminate group");
-	wpas_p2p_group_delete(wpa_s, P2P_GROUP_REMOVAL_FREQ_CONFLICT);
-}
-
-
-int wpas_p2p_handle_frequency_conflicts(struct wpa_supplicant *wpa_s, int freq,
-					struct wpa_ssid *ssid)
-{
-	struct wpa_supplicant *iface;
-
-	for (iface = wpa_s->global->ifaces; iface; iface = iface->next) {
-		if (!iface->current_ssid ||
-		    iface->current_ssid->frequency == freq ||
-		    (iface->p2p_group_interface == NOT_P2P_GROUP_INTERFACE &&
-		     !iface->current_ssid->p2p_group))
-			continue;
-
-		/* Remove the connection with least priority */
-		if (!wpas_is_p2p_prioritized(iface)) {
-			/* STA connection has priority over existing
-			 * P2P connection, so remove the interface. */
-			wpa_printf(MSG_DEBUG, "P2P: Removing P2P connection due to single channel concurrent mode frequency conflict");
-			eloop_register_timeout(0, 0,
-					       wpas_p2p_group_freq_conflict,
-					       iface, NULL);
-			/* If connection in progress is P2P connection, do not
-			 * proceed for the connection. */
-			if (wpa_s == iface)
-				return -1;
-			else
-				return 0;
-		} else {
-			/* P2P connection has priority, disable the STA network
-			 */
-			wpa_supplicant_disable_network(wpa_s->global->ifaces,
-						       ssid);
-			wpa_msg(wpa_s->global->ifaces, MSG_INFO,
-				WPA_EVENT_FREQ_CONFLICT " id=%d", ssid->id);
-			os_memset(wpa_s->global->ifaces->pending_bssid, 0,
-				  ETH_ALEN);
-			/* If P2P connection is in progress, continue
-			 * connecting...*/
-			if (wpa_s == iface)
-				return 0;
-			else
-				return -1;
-		}
-	}
-
-	return 0;
-}
-
-
-int wpas_p2p_4way_hs_failed(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid == NULL || !ssid->p2p_group)
-		return 0;
-
-	if (wpa_s->p2p_last_4way_hs_fail &&
-	    wpa_s->p2p_last_4way_hs_fail == ssid) {
-		u8 go_dev_addr[ETH_ALEN];
-		struct wpa_ssid *persistent;
-
-		if (wpas_p2p_persistent_group(wpa_s, go_dev_addr,
-					      ssid->ssid,
-					      ssid->ssid_len) <= 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Could not determine whether 4-way handshake failures were for a persistent group");
-			goto disconnect;
-		}
-
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Two 4-way handshake failures for a P2P group - go_dev_addr="
-			MACSTR, MAC2STR(go_dev_addr));
-		persistent = wpas_p2p_get_persistent(wpa_s->p2pdev, go_dev_addr,
-						     ssid->ssid,
-						     ssid->ssid_len);
-		if (persistent == NULL || persistent->mode != WPAS_MODE_INFRA) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: No matching persistent group stored");
-			goto disconnect;
-		}
-		wpa_msg_global(wpa_s->p2pdev, MSG_INFO,
-			       P2P_EVENT_PERSISTENT_PSK_FAIL "%d",
-			       persistent->id);
-	disconnect:
-		wpa_s->p2p_last_4way_hs_fail = NULL;
-		/*
-		 * Remove the group from a timeout to avoid issues with caller
-		 * continuing to use the interface if this is on a P2P group
-		 * interface.
-		 */
-		eloop_register_timeout(0, 0, wpas_p2p_psk_failure_removal,
-				       wpa_s, NULL);
-		return 1;
-	}
-
-	wpa_s->p2p_last_4way_hs_fail = ssid;
-	return 0;
-}
-
-
-#ifdef CONFIG_WPS_NFC
-
-static struct wpabuf * wpas_p2p_nfc_handover(int ndef, struct wpabuf *wsc,
-					     struct wpabuf *p2p)
-{
-	struct wpabuf *ret;
-	size_t wsc_len;
-
-	if (p2p == NULL) {
-		wpabuf_free(wsc);
-		wpa_printf(MSG_DEBUG, "P2P: No p2p buffer for handover");
-		return NULL;
-	}
-
-	wsc_len = wsc ? wpabuf_len(wsc) : 0;
-	ret = wpabuf_alloc(2 + wsc_len + 2 + wpabuf_len(p2p));
-	if (ret == NULL) {
-		wpabuf_free(wsc);
-		wpabuf_free(p2p);
-		return NULL;
-	}
-
-	wpabuf_put_be16(ret, wsc_len);
-	if (wsc)
-		wpabuf_put_buf(ret, wsc);
-	wpabuf_put_be16(ret, wpabuf_len(p2p));
-	wpabuf_put_buf(ret, p2p);
-
-	wpabuf_free(wsc);
-	wpabuf_free(p2p);
-	wpa_hexdump_buf(MSG_DEBUG,
-			"P2P: Generated NFC connection handover message", ret);
-
-	if (ndef && ret) {
-		struct wpabuf *tmp;
-		tmp = ndef_build_p2p(ret);
-		wpabuf_free(ret);
-		if (tmp == NULL) {
-			wpa_printf(MSG_DEBUG, "P2P: Failed to NDEF encapsulate handover request");
-			return NULL;
-		}
-		ret = tmp;
-	}
-
-	return ret;
-}
-
-
-static int wpas_p2p_cli_freq(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid **ssid, u8 *go_dev_addr)
-{
-	struct wpa_supplicant *iface;
-
-	if (go_dev_addr)
-		os_memset(go_dev_addr, 0, ETH_ALEN);
-	if (ssid)
-		*ssid = NULL;
-	for (iface = wpa_s->global->ifaces; iface; iface = iface->next) {
-		if (iface->wpa_state < WPA_ASSOCIATING ||
-		    iface->current_ssid == NULL || iface->assoc_freq == 0 ||
-		    !iface->current_ssid->p2p_group ||
-		    iface->current_ssid->mode != WPAS_MODE_INFRA)
-			continue;
-		if (ssid)
-			*ssid = iface->current_ssid;
-		if (go_dev_addr)
-			os_memcpy(go_dev_addr, iface->go_dev_addr, ETH_ALEN);
-		return iface->assoc_freq;
-	}
-	return 0;
-}
-
-
-struct wpabuf * wpas_p2p_nfc_handover_req(struct wpa_supplicant *wpa_s,
-					  int ndef)
-{
-	struct wpabuf *wsc, *p2p;
-	struct wpa_ssid *ssid;
-	u8 go_dev_addr[ETH_ALEN];
-	int cli_freq = wpas_p2p_cli_freq(wpa_s, &ssid, go_dev_addr);
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: P2P disabled - cannot build handover request");
-		return NULL;
-	}
-
-	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL &&
-	    wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
-			   &wpa_s->conf->wps_nfc_dh_privkey) < 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: No DH key available for handover request");
-		return NULL;
-	}
-
-	if (cli_freq == 0) {
-		wsc = wps_build_nfc_handover_req_p2p(
-			wpa_s->parent->wps, wpa_s->conf->wps_nfc_dh_pubkey);
-	} else
-		wsc = NULL;
-	p2p = p2p_build_nfc_handover_req(wpa_s->global->p2p, cli_freq,
-					 go_dev_addr, ssid ? ssid->ssid : NULL,
-					 ssid ? ssid->ssid_len : 0);
-
-	return wpas_p2p_nfc_handover(ndef, wsc, p2p);
-}
-
-
-struct wpabuf * wpas_p2p_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-					  int ndef, int tag)
-{
-	struct wpabuf *wsc, *p2p;
-	struct wpa_ssid *ssid;
-	u8 go_dev_addr[ETH_ALEN];
-	int cli_freq = wpas_p2p_cli_freq(wpa_s, &ssid, go_dev_addr);
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return NULL;
-
-	if (!tag && wpa_s->conf->wps_nfc_dh_pubkey == NULL &&
-	    wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
-			   &wpa_s->conf->wps_nfc_dh_privkey) < 0)
-		return NULL;
-
-	if (cli_freq == 0) {
-		wsc = wps_build_nfc_handover_sel_p2p(
-			wpa_s->parent->wps,
-			tag ? wpa_s->conf->wps_nfc_dev_pw_id :
-			DEV_PW_NFC_CONNECTION_HANDOVER,
-			wpa_s->conf->wps_nfc_dh_pubkey,
-			tag ? wpa_s->conf->wps_nfc_dev_pw : NULL);
-	} else
-		wsc = NULL;
-	p2p = p2p_build_nfc_handover_sel(wpa_s->global->p2p, cli_freq,
-					 go_dev_addr, ssid ? ssid->ssid : NULL,
-					 ssid ? ssid->ssid_len : 0);
-
-	return wpas_p2p_nfc_handover(ndef, wsc, p2p);
-}
-
-
-static int wpas_p2p_nfc_join_group(struct wpa_supplicant *wpa_s,
-				   struct p2p_nfc_params *params)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Initiate join-group based on NFC "
-		   "connection handover (freq=%d)",
-		   params->go_freq);
-
-	if (params->go_freq && params->go_ssid_len) {
-		wpa_s->p2p_wps_method = WPS_NFC;
-		wpa_s->pending_join_wps_method = WPS_NFC;
-		os_memset(wpa_s->pending_join_iface_addr, 0, ETH_ALEN);
-		os_memcpy(wpa_s->pending_join_dev_addr, params->go_dev_addr,
-			  ETH_ALEN);
-		return wpas_p2p_join_start(wpa_s, params->go_freq,
-					   params->go_ssid,
-					   params->go_ssid_len);
-	}
-
-	return wpas_p2p_connect(wpa_s, params->peer->p2p_device_addr, NULL,
-				WPS_NFC, 0, 0, 1, 0, wpa_s->conf->p2p_go_intent,
-				params->go_freq, wpa_s->p2p_go_vht_center_freq2,
-				-1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth,
-				wpa_s->p2p_go_he, wpa_s->p2p_go_edmg,
-				params->go_ssid_len ? params->go_ssid : NULL,
-				params->go_ssid_len, false);
-}
-
-
-static int wpas_p2p_nfc_auth_join(struct wpa_supplicant *wpa_s,
-				  struct p2p_nfc_params *params, int tag)
-{
-	int res, persistent;
-	struct wpa_ssid *ssid;
-
-	wpa_printf(MSG_DEBUG, "P2P: Authorize join-group based on NFC "
-		   "connection handover");
-	for (wpa_s = wpa_s->global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		ssid = wpa_s->current_ssid;
-		if (ssid == NULL)
-			continue;
-		if (ssid->mode != WPAS_MODE_P2P_GO)
-			continue;
-		if (wpa_s->ap_iface == NULL)
-			continue;
-		break;
-	}
-	if (wpa_s == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Could not find GO interface");
-		return -1;
-	}
-
-	if (wpa_s->p2pdev->p2p_oob_dev_pw_id !=
-	    DEV_PW_NFC_CONNECTION_HANDOVER &&
-	    !wpa_s->p2pdev->p2p_oob_dev_pw) {
-		wpa_printf(MSG_DEBUG, "P2P: No NFC Dev Pw known");
-		return -1;
-	}
-	res = wpas_ap_wps_add_nfc_pw(
-		wpa_s, wpa_s->p2pdev->p2p_oob_dev_pw_id,
-		wpa_s->p2pdev->p2p_oob_dev_pw,
-		wpa_s->p2pdev->p2p_peer_oob_pk_hash_known ?
-		wpa_s->p2pdev->p2p_peer_oob_pubkey_hash : NULL);
-	if (res)
-		return res;
-
-	if (!tag) {
-		wpa_printf(MSG_DEBUG, "P2P: Negotiated handover - wait for peer to join without invitation");
-		return 0;
-	}
-
-	if (!params->peer ||
-	    !(params->peer->dev_capab & P2P_DEV_CAPAB_INVITATION_PROCEDURE))
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "P2P: Static handover - invite peer " MACSTR
-		   " to join", MAC2STR(params->peer->p2p_device_addr));
-
-	wpa_s->global->p2p_invite_group = wpa_s;
-	persistent = ssid->p2p_persistent_group &&
-		wpas_p2p_get_persistent(wpa_s->p2pdev,
-					params->peer->p2p_device_addr,
-					ssid->ssid, ssid->ssid_len);
-	wpa_s->p2pdev->pending_invite_ssid_id = -1;
-
-	return p2p_invite(wpa_s->global->p2p, params->peer->p2p_device_addr,
-			  P2P_INVITE_ROLE_ACTIVE_GO, wpa_s->own_addr,
-			  ssid->ssid, ssid->ssid_len, ssid->frequency,
-			  wpa_s->global->p2p_dev_addr, persistent, 0,
-			  wpa_s->p2pdev->p2p_oob_dev_pw_id);
-}
-
-
-static int wpas_p2p_nfc_init_go_neg(struct wpa_supplicant *wpa_s,
-				    struct p2p_nfc_params *params,
-				    int forced_freq)
-{
-	wpa_printf(MSG_DEBUG, "P2P: Initiate GO Negotiation based on NFC "
-		   "connection handover");
-	return wpas_p2p_connect(wpa_s, params->peer->p2p_device_addr, NULL,
-				WPS_NFC, 0, 0, 0, 0, wpa_s->conf->p2p_go_intent,
-				forced_freq, wpa_s->p2p_go_vht_center_freq2,
-				-1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth,
-				wpa_s->p2p_go_he, wpa_s->p2p_go_edmg,
-				NULL, 0, false);
-}
-
-
-static int wpas_p2p_nfc_resp_go_neg(struct wpa_supplicant *wpa_s,
-				    struct p2p_nfc_params *params,
-				    int forced_freq)
-{
-	int res;
-
-	wpa_printf(MSG_DEBUG, "P2P: Authorize GO Negotiation based on NFC "
-		   "connection handover");
-	res = wpas_p2p_connect(wpa_s, params->peer->p2p_device_addr, NULL,
-			       WPS_NFC, 0, 0, 0, 1, wpa_s->conf->p2p_go_intent,
-			       forced_freq, wpa_s->p2p_go_vht_center_freq2,
-			       -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth,
-			       wpa_s->p2p_go_he, wpa_s->p2p_go_edmg,
-			       NULL, 0, false);
-	if (res)
-		return res;
-
-	res = wpas_p2p_listen(wpa_s, 60);
-	if (res) {
-		p2p_unauthorize(wpa_s->global->p2p,
-				params->peer->p2p_device_addr);
-	}
-
-	return res;
-}
-
-
-static int wpas_p2p_nfc_connection_handover(struct wpa_supplicant *wpa_s,
-					    const struct wpabuf *data,
-					    int sel, int tag, int forced_freq)
-{
-	const u8 *pos, *end;
-	u16 len, id;
-	struct p2p_nfc_params params;
-	int res;
-
-	os_memset(&params, 0, sizeof(params));
-	params.sel = sel;
-
-	wpa_hexdump_buf(MSG_DEBUG, "P2P: Received NFC tag payload", data);
-
-	pos = wpabuf_head(data);
-	end = pos + wpabuf_len(data);
-
-	if (end - pos < 2) {
-		wpa_printf(MSG_DEBUG, "P2P: Not enough data for Length of WSC "
-			   "attributes");
-		return -1;
-	}
-	len = WPA_GET_BE16(pos);
-	pos += 2;
-	if (len > end - pos) {
-		wpa_printf(MSG_DEBUG, "P2P: Not enough data for WSC "
-			   "attributes");
-		return -1;
-	}
-	params.wsc_attr = pos;
-	params.wsc_len = len;
-	pos += len;
-
-	if (end - pos < 2) {
-		wpa_printf(MSG_DEBUG, "P2P: Not enough data for Length of P2P "
-			   "attributes");
-		return -1;
-	}
-	len = WPA_GET_BE16(pos);
-	pos += 2;
-	if (len > end - pos) {
-		wpa_printf(MSG_DEBUG, "P2P: Not enough data for P2P "
-			   "attributes");
-		return -1;
-	}
-	params.p2p_attr = pos;
-	params.p2p_len = len;
-	pos += len;
-
-	wpa_hexdump(MSG_DEBUG, "P2P: WSC attributes",
-		    params.wsc_attr, params.wsc_len);
-	wpa_hexdump(MSG_DEBUG, "P2P: P2P attributes",
-		    params.p2p_attr, params.p2p_len);
-	if (pos < end) {
-		wpa_hexdump(MSG_DEBUG,
-			    "P2P: Ignored extra data after P2P attributes",
-			    pos, end - pos);
-	}
-
-	res = p2p_process_nfc_connection_handover(wpa_s->global->p2p, &params);
-	if (res)
-		return res;
-
-	if (params.next_step == NO_ACTION)
-		return 0;
-
-	if (params.next_step == BOTH_GO) {
-		wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_NFC_BOTH_GO "peer=" MACSTR,
-			MAC2STR(params.peer->p2p_device_addr));
-		return 0;
-	}
-
-	if (params.next_step == PEER_CLIENT) {
-		if (!is_zero_ether_addr(params.go_dev_addr)) {
-			wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_NFC_PEER_CLIENT
-				"peer=" MACSTR " freq=%d go_dev_addr=" MACSTR
-				" ssid=\"%s\"",
-				MAC2STR(params.peer->p2p_device_addr),
-				params.go_freq,
-				MAC2STR(params.go_dev_addr),
-				wpa_ssid_txt(params.go_ssid,
-					     params.go_ssid_len));
-		} else {
-			wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_NFC_PEER_CLIENT
-				"peer=" MACSTR " freq=%d",
-				MAC2STR(params.peer->p2p_device_addr),
-				params.go_freq);
-		}
-		return 0;
-	}
-
-	if (wpas_p2p_cli_freq(wpa_s, NULL, NULL)) {
-		wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_NFC_WHILE_CLIENT "peer="
-			MACSTR, MAC2STR(params.peer->p2p_device_addr));
-		return 0;
-	}
-
-	wpabuf_free(wpa_s->p2p_oob_dev_pw);
-	wpa_s->p2p_oob_dev_pw = NULL;
-
-	if (params.oob_dev_pw_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
-		wpa_printf(MSG_DEBUG, "P2P: No peer OOB Dev Pw "
-			   "received");
-		return -1;
-	}
-
-	id = WPA_GET_BE16(params.oob_dev_pw + WPS_OOB_PUBKEY_HASH_LEN);
-	wpa_printf(MSG_DEBUG, "P2P: Peer OOB Dev Pw %u", id);
-	wpa_hexdump(MSG_DEBUG, "P2P: Peer OOB Public Key hash",
-		    params.oob_dev_pw, WPS_OOB_PUBKEY_HASH_LEN);
-	os_memcpy(wpa_s->p2p_peer_oob_pubkey_hash,
-		  params.oob_dev_pw, WPS_OOB_PUBKEY_HASH_LEN);
-	wpa_s->p2p_peer_oob_pk_hash_known = 1;
-
-	if (tag) {
-		if (id < 0x10) {
-			wpa_printf(MSG_DEBUG, "P2P: Static handover - invalid "
-				   "peer OOB Device Password Id %u", id);
-			return -1;
-		}
-		wpa_printf(MSG_DEBUG, "P2P: Static handover - use peer OOB "
-			   "Device Password Id %u", id);
-		wpa_hexdump_key(MSG_DEBUG, "P2P: Peer OOB Device Password",
-				params.oob_dev_pw + WPS_OOB_PUBKEY_HASH_LEN + 2,
-				params.oob_dev_pw_len -
-				WPS_OOB_PUBKEY_HASH_LEN - 2);
-		wpa_s->p2p_oob_dev_pw_id = id;
-		wpa_s->p2p_oob_dev_pw = wpabuf_alloc_copy(
-			params.oob_dev_pw + WPS_OOB_PUBKEY_HASH_LEN + 2,
-			params.oob_dev_pw_len -
-			WPS_OOB_PUBKEY_HASH_LEN - 2);
-		if (wpa_s->p2p_oob_dev_pw == NULL)
-			return -1;
-
-		if (wpa_s->conf->wps_nfc_dh_pubkey == NULL &&
-		    wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
-				   &wpa_s->conf->wps_nfc_dh_privkey) < 0)
-			return -1;
-	} else {
-		wpa_printf(MSG_DEBUG, "P2P: Using abbreviated WPS handshake "
-			   "without Device Password");
-		wpa_s->p2p_oob_dev_pw_id = DEV_PW_NFC_CONNECTION_HANDOVER;
-	}
-
-	switch (params.next_step) {
-	case NO_ACTION:
-	case BOTH_GO:
-	case PEER_CLIENT:
-		/* already covered above */
-		return 0;
-	case JOIN_GROUP:
-		return wpas_p2p_nfc_join_group(wpa_s, &params);
-	case AUTH_JOIN:
-		return wpas_p2p_nfc_auth_join(wpa_s, &params, tag);
-	case INIT_GO_NEG:
-		return wpas_p2p_nfc_init_go_neg(wpa_s, &params, forced_freq);
-	case RESP_GO_NEG:
-		/* TODO: use own OOB Dev Pw */
-		return wpas_p2p_nfc_resp_go_neg(wpa_s, &params, forced_freq);
-	}
-
-	return -1;
-}
-
-
-int wpas_p2p_nfc_tag_process(struct wpa_supplicant *wpa_s,
-			     const struct wpabuf *data, int forced_freq)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	return wpas_p2p_nfc_connection_handover(wpa_s, data, 1, 1, forced_freq);
-}
-
-
-int wpas_p2p_nfc_report_handover(struct wpa_supplicant *wpa_s, int init,
-				 const struct wpabuf *req,
-				 const struct wpabuf *sel, int forced_freq)
-{
-	struct wpabuf *tmp;
-	int ret;
-
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "NFC: P2P connection handover reported");
-
-	wpa_hexdump_ascii(MSG_DEBUG, "NFC: Req",
-			  wpabuf_head(req), wpabuf_len(req));
-	wpa_hexdump_ascii(MSG_DEBUG, "NFC: Sel",
-			  wpabuf_head(sel), wpabuf_len(sel));
-	if (forced_freq)
-		wpa_printf(MSG_DEBUG, "NFC: Forced freq %d", forced_freq);
-	tmp = ndef_parse_p2p(init ? sel : req);
-	if (tmp == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: Could not parse NDEF");
-		return -1;
-	}
-
-	ret = wpas_p2p_nfc_connection_handover(wpa_s, tmp, init, 0,
-					       forced_freq);
-	wpabuf_free(tmp);
-
-	return ret;
-}
-
-
-int wpas_p2p_nfc_tag_enabled(struct wpa_supplicant *wpa_s, int enabled)
-{
-	const u8 *if_addr;
-	int go_intent = wpa_s->conf->p2p_go_intent;
-	struct wpa_supplicant *iface;
-
-	if (wpa_s->global->p2p == NULL)
-		return -1;
-
-	if (!enabled) {
-		wpa_printf(MSG_DEBUG, "P2P: Disable use of own NFC Tag");
-		for (iface = wpa_s->global->ifaces; iface; iface = iface->next)
-		{
-			if (!iface->ap_iface)
-				continue;
-			hostapd_wps_nfc_token_disable(iface->ap_iface->bss[0]);
-		}
-		p2p_set_authorized_oob_dev_pw_id(wpa_s->global->p2p, 0,
-						 0, NULL);
-		if (wpa_s->p2p_nfc_tag_enabled)
-			wpas_p2p_remove_pending_group_interface(wpa_s);
-		wpa_s->p2p_nfc_tag_enabled = 0;
-		return 0;
-	}
-
-	if (wpa_s->global->p2p_disabled)
-		return -1;
-
-	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL ||
-	    wpa_s->conf->wps_nfc_dh_privkey == NULL ||
-	    wpa_s->conf->wps_nfc_dev_pw == NULL ||
-	    wpa_s->conf->wps_nfc_dev_pw_id < 0x10) {
-		wpa_printf(MSG_DEBUG, "P2P: NFC password token not configured "
-			   "to allow static handover cases");
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "P2P: Enable use of own NFC Tag");
-
-	wpa_s->p2p_oob_dev_pw_id = wpa_s->conf->wps_nfc_dev_pw_id;
-	wpabuf_free(wpa_s->p2p_oob_dev_pw);
-	wpa_s->p2p_oob_dev_pw = wpabuf_dup(wpa_s->conf->wps_nfc_dev_pw);
-	if (wpa_s->p2p_oob_dev_pw == NULL)
-		return -1;
-	wpa_s->p2p_peer_oob_pk_hash_known = 0;
-
-	if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO ||
-	    wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) {
-		/*
-		 * P2P Group Interface present and the command came on group
-		 * interface, so enable the token for the current interface.
-		 */
-		wpa_s->create_p2p_iface = 0;
-	} else {
-		wpa_s->create_p2p_iface = wpas_p2p_create_iface(wpa_s);
-	}
-
-	if (wpa_s->create_p2p_iface) {
-		enum wpa_driver_if_type iftype;
-		/* Prepare to add a new interface for the group */
-		iftype = WPA_IF_P2P_GROUP;
-		if (go_intent == 15)
-			iftype = WPA_IF_P2P_GO;
-		if (wpas_p2p_add_group_interface(wpa_s, iftype) < 0) {
-			wpa_printf(MSG_ERROR, "P2P: Failed to allocate a new "
-				   "interface for the group");
-			return -1;
-		}
-
-		if_addr = wpa_s->pending_interface_addr;
-	} else if (wpa_s->p2p_mgmt)
-		if_addr = wpa_s->parent->own_addr;
-	else
-		if_addr = wpa_s->own_addr;
-
-	wpa_s->p2p_nfc_tag_enabled = enabled;
-
-	for (iface = wpa_s->global->ifaces; iface; iface = iface->next) {
-		struct hostapd_data *hapd;
-		if (iface->ap_iface == NULL)
-			continue;
-		hapd = iface->ap_iface->bss[0];
-		wpabuf_free(hapd->conf->wps_nfc_dh_pubkey);
-		hapd->conf->wps_nfc_dh_pubkey =
-			wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
-		wpabuf_free(hapd->conf->wps_nfc_dh_privkey);
-		hapd->conf->wps_nfc_dh_privkey =
-			wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
-		wpabuf_free(hapd->conf->wps_nfc_dev_pw);
-		hapd->conf->wps_nfc_dev_pw =
-			wpabuf_dup(wpa_s->conf->wps_nfc_dev_pw);
-		hapd->conf->wps_nfc_dev_pw_id = wpa_s->conf->wps_nfc_dev_pw_id;
-
-		if (hostapd_wps_nfc_token_enable(iface->ap_iface->bss[0]) < 0) {
-			wpa_dbg(iface, MSG_DEBUG,
-				"P2P: Failed to enable NFC Tag for GO");
-		}
-	}
-	p2p_set_authorized_oob_dev_pw_id(
-		wpa_s->global->p2p, wpa_s->conf->wps_nfc_dev_pw_id, go_intent,
-		if_addr);
-
-	return 0;
-}
-
-#endif /* CONFIG_WPS_NFC */
-
-
-static void wpas_p2p_optimize_listen_channel(struct wpa_supplicant *wpa_s,
-					     struct wpa_used_freq_data *freqs,
-					     unsigned int num)
-{
-	u8 curr_chan, cand, chan;
-	unsigned int i;
-
-	/*
-	 * If possible, optimize the Listen channel to be a channel that is
-	 * already used by one of the other interfaces.
-	 */
-	if (!wpa_s->conf->p2p_optimize_listen_chan)
-		return;
-
-	if (!wpa_s->current_ssid || wpa_s->wpa_state != WPA_COMPLETED)
-		return;
-
-	curr_chan = p2p_get_listen_channel(wpa_s->global->p2p);
-	for (i = 0, cand = 0; i < num; i++) {
-		ieee80211_freq_to_chan(freqs[i].freq, &chan);
-		if (curr_chan == chan) {
-			cand = 0;
-			break;
-		}
-
-		if (chan == 1 || chan == 6 || chan == 11)
-			cand = chan;
-	}
-
-	if (cand) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Update Listen channel to %u based on operating channel",
-			cand);
-		p2p_set_listen_channel(wpa_s->global->p2p, 81, cand, 0);
-	}
-}
-
-
-static int wpas_p2p_move_go_csa(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_config *conf;
-	struct p2p_go_neg_results params;
-	struct csa_settings csa_settings;
-	struct wpa_ssid *current_ssid = wpa_s->current_ssid;
-	int old_freq = current_ssid->frequency;
-	int ret;
-
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_CSA)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "CSA is not enabled");
-		return -1;
-	}
-
-	/*
-	 * TODO: This function may not always work correctly. For example,
-	 * when we have a running GO and a BSS on a DFS channel.
-	 */
-	if (wpas_p2p_init_go_params(wpa_s, &params, 0, 0, 0, 0, 0, 0, 0,
-				    NULL)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P CSA: Failed to select new frequency for GO");
-		return -1;
-	}
-
-	if (current_ssid->frequency == params.freq) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P CSA: Selected same frequency - not moving GO");
-		return 0;
-	}
-
-	conf = hostapd_config_defaults();
-	if (!conf) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P CSA: Failed to allocate default config");
-		return -1;
-	}
-
-	current_ssid->frequency = params.freq;
-	if (wpa_supplicant_conf_ap_ht(wpa_s, current_ssid, conf)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P CSA: Failed to create new GO config");
-		ret = -1;
-		goto out;
-	}
-
-	if (conf->hw_mode != wpa_s->ap_iface->current_mode->mode) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P CSA: CSA to a different band is not supported");
-		ret = -1;
-		goto out;
-	}
-
-	os_memset(&csa_settings, 0, sizeof(csa_settings));
-	csa_settings.cs_count = P2P_GO_CSA_COUNT;
-	csa_settings.block_tx = P2P_GO_CSA_BLOCK_TX;
-	csa_settings.freq_params.freq = params.freq;
-	csa_settings.freq_params.sec_channel_offset = conf->secondary_channel;
-	csa_settings.freq_params.ht_enabled = conf->ieee80211n;
-	csa_settings.freq_params.bandwidth = conf->secondary_channel ? 40 : 20;
-
-	if (conf->ieee80211ac) {
-		int freq1 = 0, freq2 = 0;
-		u8 chan, opclass;
-
-		if (ieee80211_freq_to_channel_ext(params.freq,
-						  conf->secondary_channel,
-						  conf->vht_oper_chwidth,
-						  &opclass, &chan) ==
-		    NUM_HOSTAPD_MODES) {
-			wpa_printf(MSG_ERROR, "P2P CSA: Bad freq");
-			ret = -1;
-			goto out;
-		}
-
-		if (conf->vht_oper_centr_freq_seg0_idx)
-			freq1 = ieee80211_chan_to_freq(
-				NULL, opclass,
-				conf->vht_oper_centr_freq_seg0_idx);
-
-		if (conf->vht_oper_centr_freq_seg1_idx)
-			freq2 = ieee80211_chan_to_freq(
-				NULL, opclass,
-				conf->vht_oper_centr_freq_seg1_idx);
-
-		if (freq1 < 0 || freq2 < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P CSA: Selected invalid VHT center freqs");
-			ret = -1;
-			goto out;
-		}
-
-		csa_settings.freq_params.vht_enabled = conf->ieee80211ac;
-		csa_settings.freq_params.center_freq1 = freq1;
-		csa_settings.freq_params.center_freq2 = freq2;
-
-		switch (conf->vht_oper_chwidth) {
-		case CHANWIDTH_80MHZ:
-		case CHANWIDTH_80P80MHZ:
-			csa_settings.freq_params.bandwidth = 80;
-			break;
-		case CHANWIDTH_160MHZ:
-			csa_settings.freq_params.bandwidth = 160;
-			break;
-		}
-	}
-
-	ret = ap_switch_channel(wpa_s, &csa_settings);
-out:
-	current_ssid->frequency = old_freq;
-	hostapd_config_free(conf);
-	return ret;
-}
-
-
-static void wpas_p2p_move_go_no_csa(struct wpa_supplicant *wpa_s)
-{
-	struct p2p_go_neg_results params;
-	struct wpa_ssid *current_ssid = wpa_s->current_ssid;
-	void (*ap_configured_cb)(void *ctx, void *data);
-	void *ap_configured_cb_ctx, *ap_configured_cb_data;
-
-	wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_REMOVE_AND_REFORM_GROUP);
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Move GO from freq=%d MHz",
-		current_ssid->frequency);
-
-	/* Stop the AP functionality */
-	/* TODO: Should do this in a way that does not indicated to possible
-	 * P2P Clients in the group that the group is terminated. */
-	/* If this action occurs before a group is started, the callback should
-	 * be preserved, or GROUP-STARTED event would be lost. If this action
-	 * occurs after a group is started, these pointers are all NULL and
-	 * harmless. */
-	ap_configured_cb = wpa_s->ap_configured_cb;
-	ap_configured_cb_ctx = wpa_s->ap_configured_cb_ctx;
-	ap_configured_cb_data = wpa_s->ap_configured_cb_data;
-	wpa_supplicant_ap_deinit(wpa_s);
-
-	/* Reselect the GO frequency */
-	if (wpas_p2p_init_go_params(wpa_s, &params, 0, 0, 0, 0, 0, 0, 0,
-				    NULL)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Failed to reselect freq");
-		wpas_p2p_group_delete(wpa_s,
-				      P2P_GROUP_REMOVAL_GO_LEAVE_CHANNEL);
-		return;
-	}
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: New freq selected for the GO (%u MHz)",
-		params.freq);
-
-	if (params.freq &&
-	    !p2p_supported_freq_go(wpa_s->global->p2p, params.freq)) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: Selected freq (%u MHz) is not valid for P2P",
-			   params.freq);
-		wpas_p2p_group_delete(wpa_s,
-				      P2P_GROUP_REMOVAL_GO_LEAVE_CHANNEL);
-		return;
-	}
-
-	/* Restore preserved callback parameters */
-	wpa_s->ap_configured_cb = ap_configured_cb;
-	wpa_s->ap_configured_cb_ctx = ap_configured_cb_ctx;
-	wpa_s->ap_configured_cb_data = ap_configured_cb_data;
-
-	/* Update the frequency */
-	current_ssid->frequency = params.freq;
-	wpa_s->connect_without_scan = current_ssid;
-	wpa_s->reassociate = 1;
-	wpa_s->disconnected = 0;
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-static void wpas_p2p_move_go(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (!wpa_s->ap_iface || !wpa_s->current_ssid)
-		return;
-
-	wpas_p2p_go_update_common_freqs(wpa_s);
-
-	/* Do not move GO in the middle of a CSA */
-	if (hostapd_csa_in_progress(wpa_s->ap_iface)) {
-		wpa_printf(MSG_DEBUG,
-			   "P2P: CSA is in progress - not moving GO");
-		return;
-	}
-
-	/*
-	 * First, try a channel switch flow. If it is not supported or fails,
-	 * take down the GO and bring it up again.
-	 */
-	if (wpas_p2p_move_go_csa(wpa_s) < 0)
-		wpas_p2p_move_go_no_csa(wpa_s);
-}
-
-
-static void wpas_p2p_reconsider_moving_go(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wpa_used_freq_data *freqs = NULL;
-	unsigned int num = wpa_s->num_multichan_concurrent;
-
-	freqs = os_calloc(num, sizeof(struct wpa_used_freq_data));
-	if (!freqs)
-		return;
-
-	num = get_shared_radio_freqs_data(wpa_s, freqs, num);
-
-	/* Previous attempt to move a GO was not possible -- try again. */
-	wpas_p2p_consider_moving_gos(wpa_s, freqs, num,
-				     WPAS_P2P_CHANNEL_UPDATE_ANY);
-
-	os_free(freqs);
-}
-
-
-/*
- * Consider moving a GO from its currently used frequency:
- * 1. It is possible that due to regulatory consideration the frequency
- *    can no longer be used and there is a need to evacuate the GO.
- * 2. It is possible that due to MCC considerations, it would be preferable
- *    to move the GO to a channel that is currently used by some other
- *    station interface.
- *
- * In case a frequency that became invalid is once again valid, cancel a
- * previously initiated GO frequency change.
- */
-static void wpas_p2p_consider_moving_one_go(struct wpa_supplicant *wpa_s,
-					    struct wpa_used_freq_data *freqs,
-					    unsigned int num)
-{
-	unsigned int i, invalid_freq = 0, policy_move = 0, flags = 0;
-	unsigned int timeout;
-	int freq;
-	int dfs_offload;
-
-	wpas_p2p_go_update_common_freqs(wpa_s);
-
-	freq = wpa_s->current_ssid->frequency;
-	dfs_offload = (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) &&
-		ieee80211_is_dfs(freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
-	for (i = 0, invalid_freq = 0; i < num; i++) {
-		if (freqs[i].freq == freq) {
-			flags = freqs[i].flags;
-
-			/* The channel is invalid, must change it */
-			if (!p2p_supported_freq_go(wpa_s->global->p2p, freq) &&
-			    !dfs_offload) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"P2P: Freq=%d MHz no longer valid for GO",
-					freq);
-				invalid_freq = 1;
-			}
-		} else if (freqs[i].flags == 0) {
-			/* Freq is not used by any other station interface */
-			continue;
-		} else if (!p2p_supported_freq(wpa_s->global->p2p,
-					       freqs[i].freq) && !dfs_offload) {
-			/* Freq is not valid for P2P use cases */
-			continue;
-		} else if (wpa_s->conf->p2p_go_freq_change_policy ==
-			   P2P_GO_FREQ_MOVE_SCM) {
-			policy_move = 1;
-		} else if (wpa_s->conf->p2p_go_freq_change_policy ==
-			   P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS &&
-			   wpas_p2p_go_is_peer_freq(wpa_s, freqs[i].freq)) {
-			policy_move = 1;
-		} else if ((wpa_s->conf->p2p_go_freq_change_policy ==
-			    P2P_GO_FREQ_MOVE_SCM_ECSA) &&
-			   wpas_p2p_go_is_peer_freq(wpa_s, freqs[i].freq)) {
-			if (!p2p_get_group_num_members(wpa_s->p2p_group)) {
-				policy_move = 1;
-			} else if ((wpa_s->drv_flags &
-				    WPA_DRIVER_FLAGS_AP_CSA) &&
-				   wpas_p2p_go_clients_support_ecsa(wpa_s)) {
-				u8 chan;
-
-				/*
-				 * We do not support CSA between bands, so move
-				 * GO only within the same band.
-				 */
-				if (wpa_s->ap_iface->current_mode->mode ==
-				    ieee80211_freq_to_chan(freqs[i].freq,
-							   &chan))
-					policy_move = 1;
-			}
-		}
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"P2P: GO move: invalid_freq=%u, policy_move=%u, flags=0x%X",
-		invalid_freq, policy_move, flags);
-
-	/*
-	 * The channel is valid, or we are going to have a policy move, so
-	 * cancel timeout.
-	 */
-	if (!invalid_freq || policy_move) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Cancel a GO move from freq=%d MHz", freq);
-		eloop_cancel_timeout(wpas_p2p_move_go, wpa_s, NULL);
-
-		if (wpas_p2p_in_progress(wpa_s)) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: GO move: policy CS is not allowed - setting timeout to re-consider GO move");
-			eloop_cancel_timeout(wpas_p2p_reconsider_moving_go,
-					     wpa_s, NULL);
-			eloop_register_timeout(P2P_RECONSIDER_GO_MOVE_DELAY, 0,
-					       wpas_p2p_reconsider_moving_go,
-					       wpa_s, NULL);
-			return;
-		}
-	}
-
-	if (!invalid_freq && (!policy_move || flags != 0)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Not initiating a GO frequency change");
-		return;
-	}
-
-	/*
-	 * Do not consider moving GO if it is in the middle of a CSA. When the
-	 * CSA is finished this flow should be retriggered.
-	 */
-	if (hostapd_csa_in_progress(wpa_s->ap_iface)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Not initiating a GO frequency change - CSA is in progress");
-		return;
-	}
-
-	if (invalid_freq && !wpas_p2p_disallowed_freq(wpa_s->global, freq))
-		timeout = P2P_GO_FREQ_CHANGE_TIME;
-	else
-		timeout = 0;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Move GO from freq=%d MHz in %d secs",
-		freq, timeout);
-	eloop_cancel_timeout(wpas_p2p_move_go, wpa_s, NULL);
-	eloop_register_timeout(timeout, 0, wpas_p2p_move_go, wpa_s, NULL);
-}
-
-
-static void wpas_p2p_consider_moving_gos(struct wpa_supplicant *wpa_s,
-					 struct wpa_used_freq_data *freqs,
-					 unsigned int num,
-					 enum wpas_p2p_channel_update_trig trig)
-{
-	struct wpa_supplicant *ifs;
-
-	eloop_cancel_timeout(wpas_p2p_reconsider_moving_go, ELOOP_ALL_CTX,
-			     NULL);
-
-	/*
-	 * Travers all the radio interfaces, and for each GO interface, check
-	 * if there is a need to move the GO from the frequency it is using,
-	 * or in case the frequency is valid again, cancel the evacuation flow.
-	 */
-	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
-			 radio_list) {
-		if (ifs->current_ssid == NULL ||
-		    ifs->current_ssid->mode != WPAS_MODE_P2P_GO)
-			continue;
-
-		/*
-		 * The GO was just started or completed channel switch, no need
-		 * to move it.
-		 */
-		if (wpa_s == ifs &&
-		    (trig == WPAS_P2P_CHANNEL_UPDATE_STATE_CHANGE ||
-		     trig == WPAS_P2P_CHANNEL_UPDATE_CS)) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: GO move - schedule re-consideration");
-			eloop_register_timeout(P2P_RECONSIDER_GO_MOVE_DELAY, 0,
-					       wpas_p2p_reconsider_moving_go,
-					       wpa_s, NULL);
-			continue;
-		}
-
-		wpas_p2p_consider_moving_one_go(ifs, freqs, num);
-	}
-}
-
-
-void wpas_p2p_indicate_state_change(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-
-	wpas_p2p_update_channel_list(wpa_s,
-				     WPAS_P2P_CHANNEL_UPDATE_STATE_CHANGE);
-}
-
-
-void wpas_p2p_deinit_iface(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
-			"the management interface is being removed");
-		wpas_p2p_deinit_global(wpa_s->global);
-	}
-}
-
-
-void wpas_p2p_ap_deinit(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->ap_iface->bss)
-		wpa_s->ap_iface->bss[0]->p2p_group = NULL;
-	wpas_p2p_group_deinit(wpa_s);
-}
-
-
-int wpas_p2p_lo_start(struct wpa_supplicant *wpa_s, unsigned int freq,
-		      unsigned int period, unsigned int interval,
-		      unsigned int count)
-{
-	struct p2p_data *p2p = wpa_s->global->p2p;
-	u8 *device_types;
-	size_t dev_types_len;
-	struct wpabuf *buf;
-	int ret;
-
-	if (wpa_s->p2p_lo_started) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P Listen offload is already started");
-		return 0;
-	}
-
-	if (wpa_s->global->p2p == NULL ||
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD)) {
-		wpa_printf(MSG_DEBUG, "P2P: Listen offload not supported");
-		return -1;
-	}
-
-	if (!p2p_supported_freq(wpa_s->global->p2p, freq)) {
-		wpa_printf(MSG_ERROR, "P2P: Input channel not supported: %u",
-			   freq);
-		return -1;
-	}
-
-	/* Get device type */
-	dev_types_len = (wpa_s->conf->num_sec_device_types + 1) *
-		WPS_DEV_TYPE_LEN;
-	device_types = os_malloc(dev_types_len);
-	if (!device_types)
-		return -1;
-	os_memcpy(device_types, wpa_s->conf->device_type, WPS_DEV_TYPE_LEN);
-	os_memcpy(&device_types[WPS_DEV_TYPE_LEN], wpa_s->conf->sec_device_type,
-		  wpa_s->conf->num_sec_device_types * WPS_DEV_TYPE_LEN);
-
-	/* Get Probe Response IE(s) */
-	buf = p2p_build_probe_resp_template(p2p, freq);
-	if (!buf) {
-		os_free(device_types);
-		return -1;
-	}
-
-	ret = wpa_drv_p2p_lo_start(wpa_s, freq, period, interval, count,
-				   device_types, dev_types_len,
-				   wpabuf_mhead_u8(buf), wpabuf_len(buf));
-	if (ret < 0)
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Failed to start P2P listen offload");
-
-	os_free(device_types);
-	wpabuf_free(buf);
-
-	if (ret == 0) {
-		wpa_s->p2p_lo_started = 1;
-
-		/* Stop current P2P listen if any */
-		wpas_stop_listen(wpa_s);
-	}
-
-	return ret;
-}
-
-
-int wpas_p2p_lo_stop(struct wpa_supplicant *wpa_s)
-{
-	int ret;
-
-	if (!wpa_s->p2p_lo_started)
-		return 0;
-
-	ret = wpa_drv_p2p_lo_stop(wpa_s);
-	if (ret < 0)
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"P2P: Failed to stop P2P listen offload");
-
-	wpa_s->p2p_lo_started = 0;
-	return ret;
-}
diff --git a/wpa_supplicant/p2p_supplicant.h b/wpa_supplicant/p2p_supplicant.h
deleted file mode 100644
index 5a869e7309a3..000000000000
--- a/wpa_supplicant/p2p_supplicant.h
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
- * wpa_supplicant - P2P
- * Copyright (c) 2009-2010, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef P2P_SUPPLICANT_H
-#define P2P_SUPPLICANT_H
-
-enum p2p_wps_method;
-struct p2p_go_neg_results;
-enum p2p_send_action_result;
-struct p2p_peer_info;
-struct p2p_channels;
-struct wps_event_fail;
-struct p2ps_provision;
-
-enum wpas_p2p_channel_update_trig {
-	WPAS_P2P_CHANNEL_UPDATE_ANY,
-	WPAS_P2P_CHANNEL_UPDATE_DRIVER,
-	WPAS_P2P_CHANNEL_UPDATE_STATE_CHANGE,
-	WPAS_P2P_CHANNEL_UPDATE_AVOID,
-	WPAS_P2P_CHANNEL_UPDATE_DISALLOW,
-	WPAS_P2P_CHANNEL_UPDATE_CS,
-};
-
-int wpas_p2p_add_p2pdev_interface(struct wpa_supplicant *wpa_s,
-				  const char *conf_p2p_dev);
-struct wpa_supplicant * wpas_get_p2p_go_iface(struct wpa_supplicant *wpa_s,
-					      const u8 *ssid, size_t ssid_len);
-struct wpa_supplicant * wpas_get_p2p_client_iface(struct wpa_supplicant *wpa_s,
-						  const u8 *peer_dev_addr);
-int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-		     const char *pin, enum p2p_wps_method wps_method,
-		     int persistent_group, int auto_join, int join, int auth,
-		     int go_intent, int freq, unsigned int vht_center_freq2,
-		     int persistent_id, int pd, int ht40, int vht,
-		     unsigned int vht_chwidth, int he, int edmg,
-		     const u8 *group_ssid, size_t group_ssid_len,
-		     bool allow_6ghz);
-int wpas_p2p_handle_frequency_conflicts(struct wpa_supplicant *wpa_s,
-                                          int freq, struct wpa_ssid *ssid);
-int wpas_p2p_group_add(struct wpa_supplicant *wpa_s, int persistent_group,
-		       int freq, int vht_center_freq2, int ht40, int vht,
-		       int max_oper_chwidth, int he, int edmg, bool allow_6ghz);
-int wpas_p2p_group_add_persistent(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid, int addr_allocated,
-				  int force_freq, int neg_freq,
-				  int vht_center_freq2, int ht40, int vht,
-				  int max_oper_chwidth, int he, int edmg,
-				  const struct p2p_channels *channels,
-				  int connection_timeout, int force_scan,
-				  bool allow_6ghz);
-struct p2p_group * wpas_p2p_group_init(struct wpa_supplicant *wpa_s,
-				       struct wpa_ssid *ssid);
-enum wpas_p2p_prov_disc_use {
-	WPAS_P2P_PD_FOR_GO_NEG,
-	WPAS_P2P_PD_FOR_JOIN,
-	WPAS_P2P_PD_AUTO,
-	WPAS_P2P_PD_FOR_ASP
-};
-int wpas_p2p_prov_disc(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-		       const char *config_method,
-		       enum wpas_p2p_prov_disc_use use,
-		       struct p2ps_provision *p2ps_prov);
-void wpas_send_action_tx_status(struct wpa_supplicant *wpa_s, const u8 *dst,
-				const u8 *data, size_t data_len,
-				enum p2p_send_action_result result);
-int wpas_p2p_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
-			      char *end);
-enum p2p_discovery_type;
-int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
-		  enum p2p_discovery_type type,
-		  unsigned int num_req_dev_types, const u8 *req_dev_types,
-		  const u8 *dev_id, unsigned int search_delay,
-		  u8 seek_cnt, const char **seek_string, int freq,
-		  bool include_6ghz);
-void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s);
-int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout);
-int wpas_p2p_listen_start(struct wpa_supplicant *wpa_s, unsigned int timeout);
-int wpas_p2p_assoc_req_ie(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			  u8 *buf, size_t len, int p2p_group);
-void wpas_p2p_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ies);
-u64 wpas_p2p_sd_request(struct wpa_supplicant *wpa_s, const u8 *dst,
-			const struct wpabuf *tlvs);
-u64 wpas_p2p_sd_request_asp(struct wpa_supplicant *wpa_s, const u8 *dst, u8 id,
-			    const char *svc_str, const char *info_substr);
-u64 wpas_p2p_sd_request_upnp(struct wpa_supplicant *wpa_s, const u8 *dst,
-			     u8 version, const char *query);
-u64 wpas_p2p_sd_request_wifi_display(struct wpa_supplicant *wpa_s,
-				     const u8 *dst, const char *role);
-int wpas_p2p_sd_cancel_request(struct wpa_supplicant *wpa_s, u64 req);
-void wpas_p2p_sd_response(struct wpa_supplicant *wpa_s, int freq,
-			  const u8 *dst, u8 dialog_token,
-			  const struct wpabuf *resp_tlvs);
-void wpas_p2p_sd_service_update(struct wpa_supplicant *wpa_s);
-void wpas_p2p_service_flush(struct wpa_supplicant *wpa_s);
-int wpas_p2p_service_add_bonjour(struct wpa_supplicant *wpa_s,
-				 struct wpabuf *query, struct wpabuf *resp);
-int wpas_p2p_service_del_bonjour(struct wpa_supplicant *wpa_s,
-				 const struct wpabuf *query);
-int wpas_p2p_service_add_upnp(struct wpa_supplicant *wpa_s, u8 version,
-			      const char *service);
-int wpas_p2p_service_del_upnp(struct wpa_supplicant *wpa_s, u8 version,
-			      const char *service);
-int wpas_p2p_service_add_asp(struct wpa_supplicant *wpa_s, int auto_accept,
-			     u32 adv_id, const char *adv_str, u8 svc_state,
-			     u16 config_methods, const char *svc_info,
-			     const u8 *cpt_priority);
-int wpas_p2p_service_del_asp(struct wpa_supplicant *wpa_s, u32 adv_id);
-void wpas_p2p_service_flush_asp(struct wpa_supplicant *wpa_s);
-int wpas_p2p_service_p2ps_id_exists(struct wpa_supplicant *wpa_s, u32 adv_id);
-void wpas_sd_request(void *ctx, int freq, const u8 *sa, u8 dialog_token,
-		     u16 update_indic, const u8 *tlvs, size_t tlvs_len);
-void wpas_sd_response(void *ctx, const u8 *sa, u16 update_indic,
-		      const u8 *tlvs, size_t tlvs_len);
-int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr);
-int wpas_p2p_invite(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-		    struct wpa_ssid *ssid, const u8 *go_dev_addr, int freq,
-		    int vht_center_freq2, int ht40, int vht, int max_chwidth,
-		    int pref_freq, int he, int edmg, bool allow_6ghz);
-int wpas_p2p_invite_group(struct wpa_supplicant *wpa_s, const char *ifname,
-			  const u8 *peer_addr, const u8 *go_dev_addr,
-			  bool allow_6ghz);
-int wpas_p2p_presence_req(struct wpa_supplicant *wpa_s, u32 duration1,
-			  u32 interval1, u32 duration2, u32 interval2);
-int wpas_p2p_ext_listen(struct wpa_supplicant *wpa_s, unsigned int period,
-			unsigned int interval);
-int wpas_p2p_deauth_notif(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			  u16 reason_code, const u8 *ie, size_t ie_len,
-			  int locally_generated);
-void wpas_p2p_disassoc_notif(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			     u16 reason_code, const u8 *ie, size_t ie_len,
-			     int locally_generated);
-int wpas_p2p_set_noa(struct wpa_supplicant *wpa_s, u8 count, int start,
-		     int duration);
-int wpas_p2p_set_cross_connect(struct wpa_supplicant *wpa_s, int enabled);
-int wpas_p2p_cancel(struct wpa_supplicant *wpa_s);
-int wpas_p2p_unauthorize(struct wpa_supplicant *wpa_s, const char *addr);
-int wpas_p2p_disconnect(struct wpa_supplicant *wpa_s);
-struct wpa_ssid * wpas_p2p_get_persistent(struct wpa_supplicant *wpa_s,
-					  const u8 *addr, const u8 *ssid,
-					  size_t ssid_len);
-void wpas_p2p_notify_ap_sta_authorized(struct wpa_supplicant *wpa_s,
-				       const u8 *addr);
-int wpas_p2p_scan_no_go_seen(struct wpa_supplicant *wpa_s);
-int wpas_p2p_get_sec_channel_offset_40mhz(struct wpa_supplicant *wpa_s,
-					  struct hostapd_hw_modes *mode,
-					  u8 channel);
-int wpas_p2p_get_vht80_center(struct wpa_supplicant *wpa_s,
-			      struct hostapd_hw_modes *mode, u8 channel,
-			      u8 op_class);
-int wpas_p2p_get_vht160_center(struct wpa_supplicant *wpa_s,
-			       struct hostapd_hw_modes *mode, u8 channel,
-			       u8 op_class);
-unsigned int wpas_p2p_search_delay(struct wpa_supplicant *wpa_s);
-void wpas_p2p_new_psk_cb(struct wpa_supplicant *wpa_s, const u8 *mac_addr,
-			 const u8 *p2p_dev_addr,
-			 const u8 *psk, size_t psk_len);
-void wpas_p2p_remove_client(struct wpa_supplicant *wpa_s, const u8 *peer,
-			    int iface_addr);
-struct wpabuf * wpas_p2p_nfc_handover_req(struct wpa_supplicant *wpa_s,
-					  int ndef);
-struct wpabuf * wpas_p2p_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-					  int ndef, int tag);
-int wpas_p2p_nfc_tag_process(struct wpa_supplicant *wpa_s,
-			     const struct wpabuf *data, int forced_freq);
-int wpas_p2p_nfc_report_handover(struct wpa_supplicant *wpa_s, int init,
-				 const struct wpabuf *req,
-				 const struct wpabuf *sel, int forced_freq);
-int wpas_p2p_nfc_tag_enabled(struct wpa_supplicant *wpa_s, int enabled);
-void wpas_p2p_pbc_overlap_cb(void *eloop_ctx, void *timeout_ctx);
-int wpas_p2p_try_edmg_channel(struct wpa_supplicant *wpa_s,
-			      struct p2p_go_neg_results *params);
-
-#ifdef CONFIG_P2P
-
-int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s);
-void wpas_p2p_deinit(struct wpa_supplicant *wpa_s);
-void wpas_p2p_completed(struct wpa_supplicant *wpa_s);
-void wpas_p2p_update_config(struct wpa_supplicant *wpa_s);
-int wpas_p2p_probe_req_rx(struct wpa_supplicant *wpa_s, const u8 *addr,
-			  const u8 *dst, const u8 *bssid,
-			  const u8 *ie, size_t ie_len,
-			  unsigned int rx_freq, int ssi_signal);
-void wpas_p2p_wps_success(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
-			  int registrar);
-
-void wpas_p2p_update_channel_list(struct wpa_supplicant *wpa_s,
-				  enum wpas_p2p_channel_update_trig trig);
-
-void wpas_p2p_update_best_channels(struct wpa_supplicant *wpa_s,
-				   int freq_24, int freq_5, int freq_overall);
-void wpas_p2p_rx_action(struct wpa_supplicant *wpa_s, const u8 *da,
-			const u8 *sa, const u8 *bssid,
-			u8 category, const u8 *data, size_t len, int freq);
-void wpas_p2p_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				   unsigned int freq, unsigned int duration);
-void wpas_p2p_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-					  unsigned int freq);
-void wpas_p2p_interface_unavailable(struct wpa_supplicant *wpa_s);
-void wpas_p2p_notif_connected(struct wpa_supplicant *wpa_s);
-void wpas_p2p_notif_disconnected(struct wpa_supplicant *wpa_s);
-int wpas_p2p_notif_pbc_overlap(struct wpa_supplicant *wpa_s);
-int wpas_p2p_4way_hs_failed(struct wpa_supplicant *wpa_s);
-void wpas_p2p_ap_setup_failed(struct wpa_supplicant *wpa_s);
-void wpas_p2p_indicate_state_change(struct wpa_supplicant *wpa_s);
-void wpas_p2p_deinit_iface(struct wpa_supplicant *wpa_s);
-void wpas_p2p_ap_deinit(struct wpa_supplicant *wpa_s);
-void wpas_p2p_network_removed(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid);
-int wpas_p2p_in_progress(struct wpa_supplicant *wpa_s);
-int wpas_p2p_wps_eapol_cb(struct wpa_supplicant *wpa_s);
-void wpas_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-			 struct wps_event_fail *fail);
-int wpas_p2p_group_remove(struct wpa_supplicant *wpa_s, const char *ifname);
-int wpas_p2p_lo_start(struct wpa_supplicant *wpa_s, unsigned int freq,
-		      unsigned int period, unsigned int interval,
-		      unsigned int count);
-int wpas_p2p_lo_stop(struct wpa_supplicant *wpa_s);
-int wpas_p2p_mac_setup(struct wpa_supplicant *wpa_s);
-
-#else /* CONFIG_P2P */
-
-static inline int
-wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_completed(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_update_config(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int wpas_p2p_probe_req_rx(struct wpa_supplicant *wpa_s,
-					const u8 *addr,
-					const u8 *dst, const u8 *bssid,
-					const u8 *ie, size_t ie_len,
-					unsigned int rx_freq, int ssi_signal)
-{
-	return 0;
-}
-
-static inline void wpas_p2p_wps_success(struct wpa_supplicant *wpa_s,
-					const u8 *peer_addr, int registrar)
-{
-}
-
-static inline void
-wpas_p2p_update_channel_list(struct wpa_supplicant *wpa_s,
-			     enum wpas_p2p_channel_update_trig trig)
-{
-}
-
-static inline void wpas_p2p_update_best_channels(struct wpa_supplicant *wpa_s,
-						 int freq_24, int freq_5,
-						 int freq_overall)
-{
-}
-
-static inline void wpas_p2p_rx_action(struct wpa_supplicant *wpa_s,
-				      const u8 *da,
-				      const u8 *sa, const u8 *bssid,
-				      u8 category, const u8 *data, size_t len,
-				      int freq)
-{
-}
-
-static inline void wpas_p2p_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-						 unsigned int freq,
-						 unsigned int duration)
-{
-}
-
-static inline void
-wpas_p2p_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
-				     unsigned int freq)
-{
-}
-
-static inline void wpas_p2p_interface_unavailable(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_notif_connected(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_notif_disconnected(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int wpas_p2p_notif_pbc_overlap(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline int wpas_p2p_4way_hs_failed(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void wpas_p2p_ap_setup_failed(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_indicate_state_change(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_deinit_iface(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_ap_deinit(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void wpas_p2p_network_removed(struct wpa_supplicant *wpa_s,
-					    struct wpa_ssid *ssid)
-{
-}
-
-static inline int wpas_p2p_in_progress(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline int wpas_p2p_wps_eapol_cb(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void wpas_p2p_wps_failed(struct wpa_supplicant *wpa_s,
-				       struct wps_event_fail *fail)
-{
-}
-
-static inline int wpas_p2p_group_remove(struct wpa_supplicant *wpa_s,
-					const char *ifname)
-{
-	return 0;
-}
-
-#endif /* CONFIG_P2P */
-
-#endif /* P2P_SUPPLICANT_H */
diff --git a/wpa_supplicant/p2p_supplicant_sd.c b/wpa_supplicant/p2p_supplicant_sd.c
deleted file mode 100644
index b400cbacae61..000000000000
--- a/wpa_supplicant/p2p_supplicant_sd.c
+++ /dev/null
@@ -1,1273 +0,0 @@
-/*
- * wpa_supplicant - P2P service discovery
- * Copyright (c) 2009-2010, Atheros Communications
- * Copyright (c) 2010-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "p2p/p2p.h"
-#include "wpa_supplicant_i.h"
-#include "notify.h"
-#include "p2p_supplicant.h"
-
-
-/*
- * DNS Header section is used only to calculate compression pointers, so the
- * contents of this data does not matter, but the length needs to be reserved
- * in the virtual packet.
- */
-#define DNS_HEADER_LEN 12
-
-/*
- * 27-octet in-memory packet from P2P specification containing two implied
- * queries for _tcp.lcoal. PTR IN and _udp.local. PTR IN
- */
-#define P2P_SD_IN_MEMORY_LEN 27
-
-static int p2p_sd_dns_uncompress_label(char **upos, char *uend, u8 *start,
-				       u8 **spos, const u8 *end)
-{
-	while (*spos < end) {
-		u8 val = ((*spos)[0] & 0xc0) >> 6;
-		int len;
-
-		if (val == 1 || val == 2) {
-			/* These are reserved values in RFC 1035 */
-			wpa_printf(MSG_DEBUG, "P2P: Invalid domain name "
-				   "sequence starting with 0x%x", val);
-			return -1;
-		}
-
-		if (val == 3) {
-			u16 offset;
-			u8 *spos_tmp;
-
-			/* Offset */
-			if (end - *spos < 2) {
-				wpa_printf(MSG_DEBUG, "P2P: No room for full "
-					   "DNS offset field");
-				return -1;
-			}
-
-			offset = (((*spos)[0] & 0x3f) << 8) | (*spos)[1];
-			if (offset >= *spos - start) {
-				wpa_printf(MSG_DEBUG, "P2P: Invalid DNS "
-					   "pointer offset %u", offset);
-				return -1;
-			}
-
-			(*spos) += 2;
-			spos_tmp = start + offset;
-			return p2p_sd_dns_uncompress_label(upos, uend, start,
-							   &spos_tmp,
-							   *spos - 2);
-		}
-
-		/* Label */
-		len = (*spos)[0] & 0x3f;
-		if (len == 0)
-			return 0;
-
-		(*spos)++;
-		if (len > end - *spos) {
-			wpa_printf(MSG_DEBUG, "P2P: Invalid domain name "
-				   "sequence - no room for label with length "
-				   "%u", len);
-			return -1;
-		}
-
-		if (len + 2 > uend - *upos)
-			return -2;
-
-		os_memcpy(*upos, *spos, len);
-		*spos += len;
-		*upos += len;
-		(*upos)[0] = '.';
-		(*upos)++;
-		(*upos)[0] = '\0';
-	}
-
-	return 0;
-}
-
-
-/* Uncompress domain names per RFC 1035 using the P2P SD in-memory packet.
- * Returns -1 on parsing error (invalid input sequence), -2 if output buffer is
- * not large enough */
-static int p2p_sd_dns_uncompress(char *buf, size_t buf_len, const u8 *msg,
-				 size_t msg_len, size_t offset)
-{
-	/* 27-octet in-memory packet from P2P specification */
-	const char *prefix = "\x04_tcp\x05local\x00\x00\x0C\x00\x01"
-		"\x04_udp\xC0\x11\x00\x0C\x00\x01";
-	u8 *tmp, *end, *spos;
-	char *upos, *uend;
-	int ret = 0;
-
-	if (buf_len < 2)
-		return -1;
-	if (offset > msg_len)
-		return -1;
-
-	tmp = os_malloc(DNS_HEADER_LEN + P2P_SD_IN_MEMORY_LEN + msg_len);
-	if (tmp == NULL)
-		return -1;
-	spos = tmp + DNS_HEADER_LEN + P2P_SD_IN_MEMORY_LEN;
-	end = spos + msg_len;
-	spos += offset;
-
-	os_memset(tmp, 0, DNS_HEADER_LEN);
-	os_memcpy(tmp + DNS_HEADER_LEN, prefix, P2P_SD_IN_MEMORY_LEN);
-	os_memcpy(tmp + DNS_HEADER_LEN + P2P_SD_IN_MEMORY_LEN, msg, msg_len);
-
-	upos = buf;
-	uend = buf + buf_len;
-
-	ret = p2p_sd_dns_uncompress_label(&upos, uend, tmp, &spos, end);
-	if (ret) {
-		os_free(tmp);
-		return ret;
-	}
-
-	if (upos == buf) {
-		upos[0] = '.';
-		upos[1] = '\0';
-	} else if (upos[-1] == '.')
-		upos[-1] = '\0';
-
-	os_free(tmp);
-	return 0;
-}
-
-
-static struct p2p_srv_bonjour *
-wpas_p2p_service_get_bonjour(struct wpa_supplicant *wpa_s,
-			     const struct wpabuf *query)
-{
-	struct p2p_srv_bonjour *bsrv;
-	size_t len;
-
-	len = wpabuf_len(query);
-	dl_list_for_each(bsrv, &wpa_s->global->p2p_srv_bonjour,
-			 struct p2p_srv_bonjour, list) {
-		if (len == wpabuf_len(bsrv->query) &&
-		    os_memcmp(wpabuf_head(query), wpabuf_head(bsrv->query),
-			      len) == 0)
-			return bsrv;
-	}
-	return NULL;
-}
-
-
-static struct p2p_srv_upnp *
-wpas_p2p_service_get_upnp(struct wpa_supplicant *wpa_s, u8 version,
-			  const char *service)
-{
-	struct p2p_srv_upnp *usrv;
-
-	dl_list_for_each(usrv, &wpa_s->global->p2p_srv_upnp,
-			 struct p2p_srv_upnp, list) {
-		if (version == usrv->version &&
-		    os_strcmp(service, usrv->service) == 0)
-			return usrv;
-	}
-	return NULL;
-}
-
-
-static void wpas_sd_add_empty(struct wpabuf *resp, u8 srv_proto,
-			      u8 srv_trans_id, u8 status)
-{
-	u8 *len_pos;
-
-	if (wpabuf_tailroom(resp) < 5)
-		return;
-
-	/* Length (to be filled) */
-	len_pos = wpabuf_put(resp, 2);
-	wpabuf_put_u8(resp, srv_proto);
-	wpabuf_put_u8(resp, srv_trans_id);
-	/* Status Code */
-	wpabuf_put_u8(resp, status);
-	/* Response Data: empty */
-	WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos - 2);
-}
-
-
-static void wpas_sd_add_proto_not_avail(struct wpabuf *resp, u8 srv_proto,
-					u8 srv_trans_id)
-{
-	wpas_sd_add_empty(resp, srv_proto, srv_trans_id,
-			  P2P_SD_PROTO_NOT_AVAILABLE);
-}
-
-
-static void wpas_sd_add_bad_request(struct wpabuf *resp, u8 srv_proto,
-				    u8 srv_trans_id)
-{
-	wpas_sd_add_empty(resp, srv_proto, srv_trans_id, P2P_SD_BAD_REQUEST);
-}
-
-
-static void wpas_sd_add_not_found(struct wpabuf *resp, u8 srv_proto,
-				  u8 srv_trans_id)
-{
-	wpas_sd_add_empty(resp, srv_proto, srv_trans_id,
-			  P2P_SD_REQUESTED_INFO_NOT_AVAILABLE);
-}
-
-
-static void wpas_sd_all_bonjour(struct wpa_supplicant *wpa_s,
-				struct wpabuf *resp, u8 srv_trans_id)
-{
-	struct p2p_srv_bonjour *bsrv;
-	u8 *len_pos;
-
-	wpa_printf(MSG_DEBUG, "P2P: SD Request for all Bonjour services");
-
-	if (dl_list_empty(&wpa_s->global->p2p_srv_bonjour)) {
-		wpa_printf(MSG_DEBUG, "P2P: Bonjour protocol not available");
-		return;
-	}
-
-	dl_list_for_each(bsrv, &wpa_s->global->p2p_srv_bonjour,
-			 struct p2p_srv_bonjour, list) {
-		if (wpabuf_tailroom(resp) <
-		    5 + wpabuf_len(bsrv->query) + wpabuf_len(bsrv->resp))
-			return;
-		/* Length (to be filled) */
-		len_pos = wpabuf_put(resp, 2);
-		wpabuf_put_u8(resp, P2P_SERV_BONJOUR);
-		wpabuf_put_u8(resp, srv_trans_id);
-		/* Status Code */
-		wpabuf_put_u8(resp, P2P_SD_SUCCESS);
-		wpa_hexdump_ascii(MSG_DEBUG, "P2P: Matching Bonjour service",
-				  wpabuf_head(bsrv->resp),
-				  wpabuf_len(bsrv->resp));
-		/* Response Data */
-		wpabuf_put_buf(resp, bsrv->query); /* Key */
-		wpabuf_put_buf(resp, bsrv->resp); /* Value */
-		WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos -
-			     2);
-	}
-}
-
-
-static int match_bonjour_query(struct p2p_srv_bonjour *bsrv, const u8 *query,
-			       size_t query_len)
-{
-	char str_rx[256], str_srv[256];
-
-	if (query_len < 3 || wpabuf_len(bsrv->query) < 3)
-		return 0; /* Too short to include DNS Type and Version */
-	if (os_memcmp(query + query_len - 3,
-		      wpabuf_head_u8(bsrv->query) + wpabuf_len(bsrv->query) - 3,
-		      3) != 0)
-		return 0; /* Mismatch in DNS Type or Version */
-	if (query_len == wpabuf_len(bsrv->query) &&
-	    os_memcmp(query, wpabuf_head(bsrv->query), query_len - 3) == 0)
-		return 1; /* Binary match */
-
-	if (p2p_sd_dns_uncompress(str_rx, sizeof(str_rx), query, query_len - 3,
-				  0))
-		return 0; /* Failed to uncompress query */
-	if (p2p_sd_dns_uncompress(str_srv, sizeof(str_srv),
-				  wpabuf_head(bsrv->query),
-				  wpabuf_len(bsrv->query) - 3, 0))
-		return 0; /* Failed to uncompress service */
-
-	return os_strcmp(str_rx, str_srv) == 0;
-}
-
-
-static void wpas_sd_req_bonjour(struct wpa_supplicant *wpa_s,
-				struct wpabuf *resp, u8 srv_trans_id,
-				const u8 *query, size_t query_len)
-{
-	struct p2p_srv_bonjour *bsrv;
-	u8 *len_pos;
-	int matches = 0;
-
-	wpa_hexdump_ascii(MSG_DEBUG, "P2P: SD Request for Bonjour",
-			  query, query_len);
-	if (dl_list_empty(&wpa_s->global->p2p_srv_bonjour)) {
-		wpa_printf(MSG_DEBUG, "P2P: Bonjour protocol not available");
-		wpas_sd_add_proto_not_avail(resp, P2P_SERV_BONJOUR,
-					    srv_trans_id);
-		return;
-	}
-
-	if (query_len == 0) {
-		wpas_sd_all_bonjour(wpa_s, resp, srv_trans_id);
-		return;
-	}
-
-	dl_list_for_each(bsrv, &wpa_s->global->p2p_srv_bonjour,
-			 struct p2p_srv_bonjour, list) {
-		if (!match_bonjour_query(bsrv, query, query_len))
-			continue;
-
-		if (wpabuf_tailroom(resp) <
-		    5 + query_len + wpabuf_len(bsrv->resp))
-			return;
-
-		matches++;
-
-		/* Length (to be filled) */
-		len_pos = wpabuf_put(resp, 2);
-		wpabuf_put_u8(resp, P2P_SERV_BONJOUR);
-		wpabuf_put_u8(resp, srv_trans_id);
-
-		/* Status Code */
-		wpabuf_put_u8(resp, P2P_SD_SUCCESS);
-		wpa_hexdump_ascii(MSG_DEBUG, "P2P: Matching Bonjour service",
-				  wpabuf_head(bsrv->resp),
-				  wpabuf_len(bsrv->resp));
-
-		/* Response Data */
-		wpabuf_put_data(resp, query, query_len); /* Key */
-		wpabuf_put_buf(resp, bsrv->resp); /* Value */
-
-		WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos - 2);
-	}
-
-	if (matches == 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Requested Bonjour service not "
-			   "available");
-		if (wpabuf_tailroom(resp) < 5)
-			return;
-
-		/* Length (to be filled) */
-		len_pos = wpabuf_put(resp, 2);
-		wpabuf_put_u8(resp, P2P_SERV_BONJOUR);
-		wpabuf_put_u8(resp, srv_trans_id);
-
-		/* Status Code */
-		wpabuf_put_u8(resp, P2P_SD_REQUESTED_INFO_NOT_AVAILABLE);
-		/* Response Data: empty */
-		WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos -
-			     2);
-	}
-}
-
-
-static void wpas_sd_all_upnp(struct wpa_supplicant *wpa_s,
-			     struct wpabuf *resp, u8 srv_trans_id)
-{
-	struct p2p_srv_upnp *usrv;
-	u8 *len_pos;
-
-	wpa_printf(MSG_DEBUG, "P2P: SD Request for all UPnP services");
-
-	if (dl_list_empty(&wpa_s->global->p2p_srv_upnp)) {
-		wpa_printf(MSG_DEBUG, "P2P: UPnP protocol not available");
-		return;
-	}
-
-	dl_list_for_each(usrv, &wpa_s->global->p2p_srv_upnp,
-			 struct p2p_srv_upnp, list) {
-		if (wpabuf_tailroom(resp) < 5 + 1 + os_strlen(usrv->service))
-			return;
-
-		/* Length (to be filled) */
-		len_pos = wpabuf_put(resp, 2);
-		wpabuf_put_u8(resp, P2P_SERV_UPNP);
-		wpabuf_put_u8(resp, srv_trans_id);
-
-		/* Status Code */
-		wpabuf_put_u8(resp, P2P_SD_SUCCESS);
-		/* Response Data */
-		wpabuf_put_u8(resp, usrv->version);
-		wpa_printf(MSG_DEBUG, "P2P: Matching UPnP Service: %s",
-			   usrv->service);
-		wpabuf_put_str(resp, usrv->service);
-		WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos -
-			     2);
-	}
-}
-
-
-static void wpas_sd_req_upnp(struct wpa_supplicant *wpa_s,
-			     struct wpabuf *resp, u8 srv_trans_id,
-			     const u8 *query, size_t query_len)
-{
-	struct p2p_srv_upnp *usrv;
-	u8 *len_pos;
-	u8 version;
-	char *str;
-	int count = 0;
-
-	wpa_hexdump_ascii(MSG_DEBUG, "P2P: SD Request for UPnP",
-			  query, query_len);
-
-	if (dl_list_empty(&wpa_s->global->p2p_srv_upnp)) {
-		wpa_printf(MSG_DEBUG, "P2P: UPnP protocol not available");
-		wpas_sd_add_proto_not_avail(resp, P2P_SERV_UPNP,
-					    srv_trans_id);
-		return;
-	}
-
-	if (query_len == 0) {
-		wpas_sd_all_upnp(wpa_s, resp, srv_trans_id);
-		return;
-	}
-
-	if (wpabuf_tailroom(resp) < 5)
-		return;
-
-	/* Length (to be filled) */
-	len_pos = wpabuf_put(resp, 2);
-	wpabuf_put_u8(resp, P2P_SERV_UPNP);
-	wpabuf_put_u8(resp, srv_trans_id);
-
-	version = query[0];
-	str = os_malloc(query_len);
-	if (str == NULL)
-		return;
-	os_memcpy(str, query + 1, query_len - 1);
-	str[query_len - 1] = '\0';
-
-	dl_list_for_each(usrv, &wpa_s->global->p2p_srv_upnp,
-			 struct p2p_srv_upnp, list) {
-		if (version != usrv->version)
-			continue;
-
-		if (os_strcmp(str, "ssdp:all") != 0 &&
-		    os_strstr(usrv->service, str) == NULL)
-			continue;
-
-		if (wpabuf_tailroom(resp) < 2)
-			break;
-		if (count == 0) {
-			/* Status Code */
-			wpabuf_put_u8(resp, P2P_SD_SUCCESS);
-			/* Response Data */
-			wpabuf_put_u8(resp, version);
-		} else
-			wpabuf_put_u8(resp, ',');
-
-		count++;
-
-		wpa_printf(MSG_DEBUG, "P2P: Matching UPnP Service: %s",
-			   usrv->service);
-		if (wpabuf_tailroom(resp) < os_strlen(usrv->service))
-			break;
-		wpabuf_put_str(resp, usrv->service);
-	}
-	os_free(str);
-
-	if (count == 0) {
-		wpa_printf(MSG_DEBUG, "P2P: Requested UPnP service not "
-			   "available");
-		/* Status Code */
-		wpabuf_put_u8(resp, P2P_SD_REQUESTED_INFO_NOT_AVAILABLE);
-		/* Response Data: empty */
-	}
-
-	WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos - 2);
-}
-
-
-#ifdef CONFIG_WIFI_DISPLAY
-static void wpas_sd_req_wfd(struct wpa_supplicant *wpa_s,
-			    struct wpabuf *resp, u8 srv_trans_id,
-			    const u8 *query, size_t query_len)
-{
-	const u8 *pos;
-	u8 role;
-	u8 *len_pos;
-
-	wpa_hexdump(MSG_DEBUG, "P2P: SD Request for WFD", query, query_len);
-
-	if (!wpa_s->global->wifi_display) {
-		wpa_printf(MSG_DEBUG, "P2P: WFD protocol not available");
-		wpas_sd_add_proto_not_avail(resp, P2P_SERV_WIFI_DISPLAY,
-					    srv_trans_id);
-		return;
-	}
-
-	if (query_len < 1) {
-		wpa_printf(MSG_DEBUG, "P2P: Missing WFD Requested Device "
-			   "Role");
-		return;
-	}
-
-	if (wpabuf_tailroom(resp) < 5)
-		return;
-
-	pos = query;
-	role = *pos++;
-	wpa_printf(MSG_DEBUG, "P2P: WSD for device role 0x%x", role);
-
-	/* TODO: role specific handling */
-
-	/* Length (to be filled) */
-	len_pos = wpabuf_put(resp, 2);
-	wpabuf_put_u8(resp, P2P_SERV_WIFI_DISPLAY);
-	wpabuf_put_u8(resp, srv_trans_id);
-	wpabuf_put_u8(resp, P2P_SD_SUCCESS); /* Status Code */
-
-	while (pos < query + query_len) {
-		if (*pos < MAX_WFD_SUBELEMS &&
-		    wpa_s->global->wfd_subelem[*pos] &&
-		    wpabuf_tailroom(resp) >=
-		    wpabuf_len(wpa_s->global->wfd_subelem[*pos])) {
-			wpa_printf(MSG_DEBUG, "P2P: Add WSD response "
-				   "subelement %u", *pos);
-			wpabuf_put_buf(resp, wpa_s->global->wfd_subelem[*pos]);
-		}
-		pos++;
-	}
-
-	WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(resp, 0) - len_pos - 2);
-}
-#endif /* CONFIG_WIFI_DISPLAY */
-
-
-static int find_p2ps_substr(struct p2ps_advertisement *adv_data,
-			    const u8 *needle, size_t needle_len)
-{
-	const u8 *haystack = (const u8 *) adv_data->svc_info;
-	size_t haystack_len, i;
-
-	/* Allow search term to be empty */
-	if (!needle || !needle_len)
-		return 1;
-
-	if (!haystack)
-		return 0;
-
-	haystack_len = os_strlen(adv_data->svc_info);
-	for (i = 0; i < haystack_len; i++) {
-		if (haystack_len - i < needle_len)
-			break;
-		if (os_memcmp(haystack + i, needle, needle_len) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static void wpas_sd_req_asp(struct wpa_supplicant *wpa_s,
-			    struct wpabuf *resp, u8 srv_trans_id,
-			    const u8 *query, size_t query_len)
-{
-	struct p2ps_advertisement *adv_data;
-	const u8 *svc = &query[1];
-	const u8 *info = NULL;
-	size_t svc_len = query[0];
-	size_t info_len = 0;
-	int prefix = 0;
-	u8 *count_pos = NULL;
-	u8 *len_pos = NULL;
-
-	wpa_hexdump(MSG_DEBUG, "P2P: SD Request for ASP", query, query_len);
-
-	if (!wpa_s->global->p2p) {
-		wpa_printf(MSG_DEBUG, "P2P: ASP protocol not available");
-		wpas_sd_add_proto_not_avail(resp, P2P_SERV_P2PS, srv_trans_id);
-		return;
-	}
-
-	/* Info block is optional */
-	if (svc_len + 1 < query_len) {
-		info = &svc[svc_len];
-		info_len = *info++;
-	}
-
-	/* Range check length of svc string and info block */
-	if (svc_len + (info_len ? info_len + 2 : 1) > query_len) {
-		wpa_printf(MSG_DEBUG, "P2P: ASP bad request");
-		wpas_sd_add_bad_request(resp, P2P_SERV_P2PS, srv_trans_id);
-		return;
-	}
-
-	/* Detect and correct for prefix search */
-	if (svc_len && svc[svc_len - 1] == '*') {
-		prefix = 1;
-		svc_len--;
-	}
-
-	for (adv_data = p2p_get_p2ps_adv_list(wpa_s->global->p2p);
-	     adv_data; adv_data = adv_data->next) {
-		/* If not a prefix match, reject length mismatches */
-		if (!prefix && svc_len != os_strlen(adv_data->svc_name))
-			continue;
-
-		/* Search each service for request */
-		if (os_memcmp(adv_data->svc_name, svc, svc_len) == 0 &&
-		    find_p2ps_substr(adv_data, info, info_len)) {
-			size_t len = os_strlen(adv_data->svc_name);
-			size_t svc_info_len = 0;
-
-			if (adv_data->svc_info)
-				svc_info_len = os_strlen(adv_data->svc_info);
-
-			if (len > 0xff || svc_info_len > 0xffff)
-				return;
-
-			/* Length & Count to be filled as we go */
-			if (!len_pos && !count_pos) {
-				if (wpabuf_tailroom(resp) <
-				    len + svc_info_len + 16)
-					return;
-
-				len_pos = wpabuf_put(resp, 2);
-				wpabuf_put_u8(resp, P2P_SERV_P2PS);
-				wpabuf_put_u8(resp, srv_trans_id);
-				/* Status Code */
-				wpabuf_put_u8(resp, P2P_SD_SUCCESS);
-				count_pos = wpabuf_put(resp, 1);
-				*count_pos = 0;
-			} else if (wpabuf_tailroom(resp) <
-				   len + svc_info_len + 10)
-				return;
-
-			if (svc_info_len) {
-				wpa_printf(MSG_DEBUG,
-					   "P2P: Add Svc: %s info: %s",
-					   adv_data->svc_name,
-					   adv_data->svc_info);
-			} else {
-				wpa_printf(MSG_DEBUG, "P2P: Add Svc: %s",
-					   adv_data->svc_name);
-			}
-
-			/* Advertisement ID */
-			wpabuf_put_le32(resp, adv_data->id);
-
-			/* Config Methods */
-			wpabuf_put_be16(resp, adv_data->config_methods);
-
-			/* Service Name */
-			wpabuf_put_u8(resp, (u8) len);
-			wpabuf_put_data(resp, adv_data->svc_name, len);
-
-			/* Service State */
-			wpabuf_put_u8(resp, adv_data->state);
-
-			/* Service Information */
-			wpabuf_put_le16(resp, (u16) svc_info_len);
-			wpabuf_put_data(resp, adv_data->svc_info, svc_info_len);
-
-			/* Update length and count */
-			(*count_pos)++;
-			WPA_PUT_LE16(len_pos,
-				     (u8 *) wpabuf_put(resp, 0) - len_pos - 2);
-		}
-	}
-
-	/* Return error if no matching svc found */
-	if (count_pos == NULL) {
-		wpa_printf(MSG_DEBUG, "P2P: ASP service not found");
-		wpas_sd_add_not_found(resp, P2P_SERV_P2PS, srv_trans_id);
-	}
-}
-
-
-static void wpas_sd_all_asp(struct wpa_supplicant *wpa_s,
-			    struct wpabuf *resp, u8 srv_trans_id)
-{
-	/* Query data to add all P2PS advertisements:
-	 *  - Service name length: 1
-	 *  - Service name: '*'
-	 *  - Service Information Request Length: 0
-	 */
-	const u8 q[] = { 1, (const u8) '*', 0 };
-
-	if (p2p_get_p2ps_adv_list(wpa_s->global->p2p))
-		wpas_sd_req_asp(wpa_s, resp, srv_trans_id, q, sizeof(q));
-}
-
-
-void wpas_sd_request(void *ctx, int freq, const u8 *sa, u8 dialog_token,
-		     u16 update_indic, const u8 *tlvs, size_t tlvs_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const u8 *pos = tlvs;
-	const u8 *end = tlvs + tlvs_len;
-	const u8 *tlv_end;
-	u16 slen;
-	struct wpabuf *resp;
-	u8 srv_proto, srv_trans_id;
-	size_t buf_len;
-	char *buf;
-
-	wpa_hexdump(MSG_MSGDUMP, "P2P: Service Discovery Request TLVs",
-		    tlvs, tlvs_len);
-	buf_len = 2 * tlvs_len + 1;
-	buf = os_malloc(buf_len);
-	if (buf) {
-		wpa_snprintf_hex(buf, buf_len, tlvs, tlvs_len);
-		wpa_msg_ctrl(wpa_s, MSG_INFO, P2P_EVENT_SERV_DISC_REQ "%d "
-			     MACSTR " %u %u %s",
-			     freq, MAC2STR(sa), dialog_token, update_indic,
-			     buf);
-		os_free(buf);
-	}
-
-	if (wpa_s->p2p_sd_over_ctrl_iface) {
-		wpas_notify_p2p_sd_request(wpa_s, freq, sa, dialog_token,
-					   update_indic, tlvs, tlvs_len);
-		return; /* to be processed by an external program */
-	}
-
-	resp = wpabuf_alloc(10000);
-	if (resp == NULL)
-		return;
-
-	while (end - pos > 1) {
-		wpa_printf(MSG_DEBUG, "P2P: Service Request TLV");
-		slen = WPA_GET_LE16(pos);
-		pos += 2;
-		if (slen > end - pos || slen < 2) {
-			wpa_printf(MSG_DEBUG, "P2P: Unexpected Query Data "
-				   "length");
-			wpabuf_free(resp);
-			return;
-		}
-		tlv_end = pos + slen;
-
-		srv_proto = *pos++;
-		wpa_printf(MSG_DEBUG, "P2P: Service Protocol Type %u",
-			   srv_proto);
-		srv_trans_id = *pos++;
-		wpa_printf(MSG_DEBUG, "P2P: Service Transaction ID %u",
-			   srv_trans_id);
-
-		wpa_hexdump(MSG_MSGDUMP, "P2P: Query Data",
-			    pos, tlv_end - pos);
-
-
-		if (wpa_s->force_long_sd) {
-			wpa_printf(MSG_DEBUG, "P2P: SD test - force long "
-				   "response");
-			wpas_sd_all_bonjour(wpa_s, resp, srv_trans_id);
-			wpas_sd_all_upnp(wpa_s, resp, srv_trans_id);
-			wpas_sd_all_asp(wpa_s, resp, srv_trans_id);
-			goto done;
-		}
-
-		switch (srv_proto) {
-		case P2P_SERV_ALL_SERVICES:
-			wpa_printf(MSG_DEBUG, "P2P: Service Discovery Request "
-				   "for all services");
-			if (dl_list_empty(&wpa_s->global->p2p_srv_upnp) &&
-			    dl_list_empty(&wpa_s->global->p2p_srv_bonjour) &&
-			    !p2p_get_p2ps_adv_list(wpa_s->global->p2p)) {
-				wpa_printf(MSG_DEBUG, "P2P: No service "
-					   "discovery protocols available");
-				wpas_sd_add_proto_not_avail(
-					resp, P2P_SERV_ALL_SERVICES,
-					srv_trans_id);
-				break;
-			}
-			wpas_sd_all_bonjour(wpa_s, resp, srv_trans_id);
-			wpas_sd_all_upnp(wpa_s, resp, srv_trans_id);
-			wpas_sd_all_asp(wpa_s, resp, srv_trans_id);
-			break;
-		case P2P_SERV_BONJOUR:
-			wpas_sd_req_bonjour(wpa_s, resp, srv_trans_id,
-					    pos, tlv_end - pos);
-			break;
-		case P2P_SERV_UPNP:
-			wpas_sd_req_upnp(wpa_s, resp, srv_trans_id,
-					 pos, tlv_end - pos);
-			break;
-#ifdef CONFIG_WIFI_DISPLAY
-		case P2P_SERV_WIFI_DISPLAY:
-			wpas_sd_req_wfd(wpa_s, resp, srv_trans_id,
-					pos, tlv_end - pos);
-			break;
-#endif /* CONFIG_WIFI_DISPLAY */
-		case P2P_SERV_P2PS:
-			wpas_sd_req_asp(wpa_s, resp, srv_trans_id,
-					pos, tlv_end - pos);
-			break;
-		default:
-			wpa_printf(MSG_DEBUG, "P2P: Unavailable service "
-				   "protocol %u", srv_proto);
-			wpas_sd_add_proto_not_avail(resp, srv_proto,
-						    srv_trans_id);
-			break;
-		}
-
-		pos = tlv_end;
-	}
-
-done:
-	wpas_notify_p2p_sd_request(wpa_s, freq, sa, dialog_token,
-				   update_indic, tlvs, tlvs_len);
-
-	wpas_p2p_sd_response(wpa_s, freq, sa, dialog_token, resp);
-
-	wpabuf_free(resp);
-}
-
-
-static void wpas_sd_p2ps_serv_response(struct wpa_supplicant *wpa_s,
-				       const u8 *sa, u8 srv_trans_id,
-				       const u8 *pos, const u8 *tlv_end)
-{
-	u8 left = *pos++;
-	u32 adv_id;
-	u8 svc_status;
-	u16 config_methods;
-	char svc_str[256];
-
-	while (left-- && pos < tlv_end) {
-		char *buf = NULL;
-		size_t buf_len;
-		u8 svc_len;
-
-		/* Validity check fixed length+svc_str */
-		if (6 >= tlv_end - pos)
-			break;
-		svc_len = pos[6];
-		if (svc_len + 10 > tlv_end - pos)
-			break;
-
-		/* Advertisement ID */
-		adv_id = WPA_GET_LE32(pos);
-		pos += sizeof(u32);
-
-		/* Config Methods */
-		config_methods = WPA_GET_BE16(pos);
-		pos += sizeof(u16);
-
-		/* Service Name */
-		pos++; /* svc_len */
-		os_memcpy(svc_str, pos, svc_len);
-		svc_str[svc_len] = '\0';
-		pos += svc_len;
-
-		/* Service Status */
-		svc_status = *pos++;
-
-		/* Service Information Length */
-		buf_len = WPA_GET_LE16(pos);
-		pos += sizeof(u16);
-
-		/* Validity check buffer length */
-		if (buf_len > (unsigned int) (tlv_end - pos))
-			break;
-
-		if (buf_len) {
-			buf = os_zalloc(2 * buf_len + 1);
-			if (buf) {
-				utf8_escape((const char *) pos, buf_len, buf,
-					    2 * buf_len + 1);
-			}
-		}
-
-		pos += buf_len;
-
-		if (buf) {
-			wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_SERV_ASP_RESP
-				       MACSTR " %x %x %x %x %s '%s'",
-				       MAC2STR(sa), srv_trans_id, adv_id,
-				       svc_status, config_methods, svc_str,
-				       buf);
-			os_free(buf);
-		} else {
-			wpa_msg_global(wpa_s, MSG_INFO, P2P_EVENT_SERV_ASP_RESP
-				       MACSTR " %x %x %x %x %s",
-				       MAC2STR(sa), srv_trans_id, adv_id,
-				       svc_status, config_methods, svc_str);
-		}
-	}
-}
-
-
-void wpas_sd_response(void *ctx, const u8 *sa, u16 update_indic,
-		      const u8 *tlvs, size_t tlvs_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const u8 *pos = tlvs;
-	const u8 *end = tlvs + tlvs_len;
-	const u8 *tlv_end;
-	u16 slen;
-	size_t buf_len;
-	char *buf;
-
-	wpa_hexdump(MSG_MSGDUMP, "P2P: Service Discovery Response TLVs",
-		    tlvs, tlvs_len);
-	if (tlvs_len > 1500) {
-		/* TODO: better way for handling this */
-		wpa_msg_ctrl(wpa_s, MSG_INFO,
-			     P2P_EVENT_SERV_DISC_RESP MACSTR
-			     " %u <long response: %u bytes>",
-			     MAC2STR(sa), update_indic,
-			     (unsigned int) tlvs_len);
-	} else {
-		buf_len = 2 * tlvs_len + 1;
-		buf = os_malloc(buf_len);
-		if (buf) {
-			wpa_snprintf_hex(buf, buf_len, tlvs, tlvs_len);
-			wpa_msg_ctrl(wpa_s, MSG_INFO,
-				     P2P_EVENT_SERV_DISC_RESP MACSTR " %u %s",
-				     MAC2STR(sa), update_indic, buf);
-			os_free(buf);
-		}
-	}
-
-	while (end - pos >= 2) {
-		u8 srv_proto, srv_trans_id, status;
-
-		wpa_printf(MSG_DEBUG, "P2P: Service Response TLV");
-		slen = WPA_GET_LE16(pos);
-		pos += 2;
-		if (slen > end - pos || slen < 3) {
-			wpa_printf(MSG_DEBUG, "P2P: Unexpected Response Data "
-				   "length");
-			return;
-		}
-		tlv_end = pos + slen;
-
-		srv_proto = *pos++;
-		wpa_printf(MSG_DEBUG, "P2P: Service Protocol Type %u",
-			   srv_proto);
-		srv_trans_id = *pos++;
-		wpa_printf(MSG_DEBUG, "P2P: Service Transaction ID %u",
-			   srv_trans_id);
-		status = *pos++;
-		wpa_printf(MSG_DEBUG, "P2P: Status Code ID %u",
-			   status);
-
-		wpa_hexdump(MSG_MSGDUMP, "P2P: Response Data",
-			    pos, tlv_end - pos);
-
-		if (srv_proto == P2P_SERV_P2PS && pos < tlv_end) {
-			wpas_sd_p2ps_serv_response(wpa_s, sa, srv_trans_id,
-						   pos, tlv_end);
-		}
-
-		pos = tlv_end;
-	}
-
-	wpas_notify_p2p_sd_response(wpa_s, sa, update_indic, tlvs, tlvs_len);
-}
-
-
-u64 wpas_p2p_sd_request(struct wpa_supplicant *wpa_s, const u8 *dst,
-			const struct wpabuf *tlvs)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return 0;
-	return (uintptr_t) p2p_sd_request(wpa_s->global->p2p, dst, tlvs);
-}
-
-
-u64 wpas_p2p_sd_request_upnp(struct wpa_supplicant *wpa_s, const u8 *dst,
-			     u8 version, const char *query)
-{
-	struct wpabuf *tlvs;
-	u64 ret;
-
-	tlvs = wpabuf_alloc(2 + 1 + 1 + 1 + os_strlen(query));
-	if (tlvs == NULL)
-		return 0;
-	wpabuf_put_le16(tlvs, 1 + 1 + 1 + os_strlen(query));
-	wpabuf_put_u8(tlvs, P2P_SERV_UPNP); /* Service Protocol Type */
-	wpabuf_put_u8(tlvs, 1); /* Service Transaction ID */
-	wpabuf_put_u8(tlvs, version);
-	wpabuf_put_str(tlvs, query);
-	ret = wpas_p2p_sd_request(wpa_s, dst, tlvs);
-	wpabuf_free(tlvs);
-	return ret;
-}
-
-
-u64 wpas_p2p_sd_request_asp(struct wpa_supplicant *wpa_s, const u8 *dst, u8 id,
-			    const char *svc_str, const char *info_substr)
-{
-	struct wpabuf *tlvs;
-	size_t plen, svc_len, substr_len = 0;
-	u64 ret;
-
-	svc_len = os_strlen(svc_str);
-	if (info_substr)
-		substr_len = os_strlen(info_substr);
-
-	if (svc_len > 0xff || substr_len > 0xff)
-		return 0;
-
-	plen = 1 + 1 + 1 + svc_len + 1 + substr_len;
-	tlvs = wpabuf_alloc(2 + plen);
-	if (tlvs == NULL)
-		return 0;
-
-	wpabuf_put_le16(tlvs, plen);
-	wpabuf_put_u8(tlvs, P2P_SERV_P2PS);
-	wpabuf_put_u8(tlvs, id); /* Service Transaction ID */
-	wpabuf_put_u8(tlvs, (u8) svc_len); /* Service String Length */
-	wpabuf_put_data(tlvs, svc_str, svc_len);
-	wpabuf_put_u8(tlvs, (u8) substr_len); /* Info Substring Length */
-	wpabuf_put_data(tlvs, info_substr, substr_len);
-	ret = wpas_p2p_sd_request(wpa_s, dst, tlvs);
-	wpabuf_free(tlvs);
-
-	return ret;
-}
-
-
-#ifdef CONFIG_WIFI_DISPLAY
-
-static u64 wpas_p2p_sd_request_wfd(struct wpa_supplicant *wpa_s, const u8 *dst,
-				   const struct wpabuf *tlvs)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return 0;
-	return (uintptr_t) p2p_sd_request_wfd(wpa_s->global->p2p, dst, tlvs);
-}
-
-
-#define MAX_WFD_SD_SUBELEMS 20
-
-static void wfd_add_sd_req_role(struct wpabuf *tlvs, u8 id, u8 role,
-				const char *subelems)
-{
-	u8 *len;
-	const char *pos;
-	int val;
-	int count = 0;
-
-	len = wpabuf_put(tlvs, 2);
-	wpabuf_put_u8(tlvs, P2P_SERV_WIFI_DISPLAY); /* Service Protocol Type */
-	wpabuf_put_u8(tlvs, id); /* Service Transaction ID */
-
-	wpabuf_put_u8(tlvs, role);
-
-	pos = subelems;
-	while (*pos) {
-		val = atoi(pos);
-		if (val >= 0 && val < 256) {
-			wpabuf_put_u8(tlvs, val);
-			count++;
-			if (count == MAX_WFD_SD_SUBELEMS)
-				break;
-		}
-		pos = os_strchr(pos + 1, ',');
-		if (pos == NULL)
-			break;
-		pos++;
-	}
-
-	WPA_PUT_LE16(len, (u8 *) wpabuf_put(tlvs, 0) - len - 2);
-}
-
-
-u64 wpas_p2p_sd_request_wifi_display(struct wpa_supplicant *wpa_s,
-				     const u8 *dst, const char *role)
-{
-	struct wpabuf *tlvs;
-	u64 ret;
-	const char *subelems;
-	u8 id = 1;
-
-	subelems = os_strchr(role, ' ');
-	if (subelems == NULL)
-		return 0;
-	subelems++;
-
-	tlvs = wpabuf_alloc(4 * (2 + 1 + 1 + 1 + MAX_WFD_SD_SUBELEMS));
-	if (tlvs == NULL)
-		return 0;
-
-	if (os_strstr(role, "[source]"))
-		wfd_add_sd_req_role(tlvs, id++, 0x00, subelems);
-	if (os_strstr(role, "[pri-sink]"))
-		wfd_add_sd_req_role(tlvs, id++, 0x01, subelems);
-	if (os_strstr(role, "[sec-sink]"))
-		wfd_add_sd_req_role(tlvs, id++, 0x02, subelems);
-	if (os_strstr(role, "[source+sink]"))
-		wfd_add_sd_req_role(tlvs, id++, 0x03, subelems);
-
-	ret = wpas_p2p_sd_request_wfd(wpa_s, dst, tlvs);
-	wpabuf_free(tlvs);
-	return ret;
-}
-
-#endif /* CONFIG_WIFI_DISPLAY */
-
-
-int wpas_p2p_sd_cancel_request(struct wpa_supplicant *wpa_s, u64 req)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return -1;
-	return p2p_sd_cancel_request(wpa_s->global->p2p,
-				     (void *) (uintptr_t) req);
-}
-
-
-void wpas_p2p_sd_response(struct wpa_supplicant *wpa_s, int freq,
-			  const u8 *dst, u8 dialog_token,
-			  const struct wpabuf *resp_tlvs)
-{
-	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
-		return;
-	p2p_sd_response(wpa_s->global->p2p, freq, dst, dialog_token,
-			resp_tlvs);
-}
-
-
-void wpas_p2p_sd_service_update(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->global->p2p)
-		p2p_sd_service_update(wpa_s->global->p2p);
-}
-
-
-static void wpas_p2p_srv_bonjour_free(struct p2p_srv_bonjour *bsrv)
-{
-	dl_list_del(&bsrv->list);
-	wpabuf_free(bsrv->query);
-	wpabuf_free(bsrv->resp);
-	os_free(bsrv);
-}
-
-
-static void wpas_p2p_srv_upnp_free(struct p2p_srv_upnp *usrv)
-{
-	dl_list_del(&usrv->list);
-	os_free(usrv->service);
-	os_free(usrv);
-}
-
-
-void wpas_p2p_service_flush(struct wpa_supplicant *wpa_s)
-{
-	struct p2p_srv_bonjour *bsrv, *bn;
-	struct p2p_srv_upnp *usrv, *un;
-
-	dl_list_for_each_safe(bsrv, bn, &wpa_s->global->p2p_srv_bonjour,
-			      struct p2p_srv_bonjour, list)
-		wpas_p2p_srv_bonjour_free(bsrv);
-
-	dl_list_for_each_safe(usrv, un, &wpa_s->global->p2p_srv_upnp,
-			      struct p2p_srv_upnp, list)
-		wpas_p2p_srv_upnp_free(usrv);
-
-	wpas_p2p_service_flush_asp(wpa_s);
-	wpas_p2p_sd_service_update(wpa_s);
-}
-
-
-int wpas_p2p_service_p2ps_id_exists(struct wpa_supplicant *wpa_s, u32 adv_id)
-{
-	if (adv_id == 0)
-		return 1;
-
-	if (p2p_service_p2ps_id(wpa_s->global->p2p, adv_id))
-		return 1;
-
-	return 0;
-}
-
-
-int wpas_p2p_service_del_asp(struct wpa_supplicant *wpa_s, u32 adv_id)
-{
-	int ret;
-
-	ret = p2p_service_del_asp(wpa_s->global->p2p, adv_id);
-	if (ret == 0)
-		wpas_p2p_sd_service_update(wpa_s);
-	return ret;
-}
-
-
-int wpas_p2p_service_add_asp(struct wpa_supplicant *wpa_s,
-			     int auto_accept, u32 adv_id,
-			     const char *adv_str, u8 svc_state,
-			     u16 config_methods, const char *svc_info,
-			     const u8 *cpt_priority)
-{
-	int ret;
-
-	ret = p2p_service_add_asp(wpa_s->global->p2p, auto_accept, adv_id,
-				  adv_str, svc_state, config_methods,
-				  svc_info, cpt_priority);
-	if (ret == 0)
-		wpas_p2p_sd_service_update(wpa_s);
-	return ret;
-}
-
-
-void wpas_p2p_service_flush_asp(struct wpa_supplicant *wpa_s)
-{
-	p2p_service_flush_asp(wpa_s->global->p2p);
-}
-
-
-int wpas_p2p_service_add_bonjour(struct wpa_supplicant *wpa_s,
-				 struct wpabuf *query, struct wpabuf *resp)
-{
-	struct p2p_srv_bonjour *bsrv;
-
-	bsrv = os_zalloc(sizeof(*bsrv));
-	if (bsrv == NULL)
-		return -1;
-	bsrv->query = query;
-	bsrv->resp = resp;
-	dl_list_add(&wpa_s->global->p2p_srv_bonjour, &bsrv->list);
-
-	wpas_p2p_sd_service_update(wpa_s);
-	return 0;
-}
-
-
-int wpas_p2p_service_del_bonjour(struct wpa_supplicant *wpa_s,
-				 const struct wpabuf *query)
-{
-	struct p2p_srv_bonjour *bsrv;
-
-	bsrv = wpas_p2p_service_get_bonjour(wpa_s, query);
-	if (bsrv == NULL)
-		return -1;
-	wpas_p2p_srv_bonjour_free(bsrv);
-	wpas_p2p_sd_service_update(wpa_s);
-	return 0;
-}
-
-
-int wpas_p2p_service_add_upnp(struct wpa_supplicant *wpa_s, u8 version,
-			      const char *service)
-{
-	struct p2p_srv_upnp *usrv;
-
-	if (wpas_p2p_service_get_upnp(wpa_s, version, service))
-		return 0; /* Already listed */
-	usrv = os_zalloc(sizeof(*usrv));
-	if (usrv == NULL)
-		return -1;
-	usrv->version = version;
-	usrv->service = os_strdup(service);
-	if (usrv->service == NULL) {
-		os_free(usrv);
-		return -1;
-	}
-	dl_list_add(&wpa_s->global->p2p_srv_upnp, &usrv->list);
-
-	wpas_p2p_sd_service_update(wpa_s);
-	return 0;
-}
-
-
-int wpas_p2p_service_del_upnp(struct wpa_supplicant *wpa_s, u8 version,
-			      const char *service)
-{
-	struct p2p_srv_upnp *usrv;
-
-	usrv = wpas_p2p_service_get_upnp(wpa_s, version, service);
-	if (usrv == NULL)
-		return -1;
-	wpas_p2p_srv_upnp_free(usrv);
-	wpas_p2p_sd_service_update(wpa_s);
-	return 0;
-}
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
deleted file mode 100644
index baf4c2643e42..000000000000
--- a/wpa_supplicant/pasn_supplicant.c
+++ /dev/null
@@ -1,1710 +0,0 @@
-/*
- * wpa_supplicant - PASN processing
- *
- * Copyright (C) 2019 Intel Corporation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/dragonfly.h"
-#include "common/ptksa_cache.h"
-#include "utils/eloop.h"
-#include "drivers/driver.h"
-#include "crypto/crypto.h"
-#include "crypto/random.h"
-#include "eap_common/eap_defs.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "bss.h"
-#include "config.h"
-
-static const int dot11RSNAConfigPMKLifetime = 43200;
-
-struct wpa_pasn_auth_work {
-	u8 bssid[ETH_ALEN];
-	int akmp;
-	int cipher;
-	u16 group;
-	int network_id;
-	struct wpabuf *comeback;
-};
-
-
-static void wpas_pasn_free_auth_work(struct wpa_pasn_auth_work *awork)
-{
-	wpabuf_free(awork->comeback);
-	awork->comeback = NULL;
-	os_free(awork);
-}
-
-
-static void wpas_pasn_auth_work_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	wpa_printf(MSG_DEBUG, "PASN: Auth work timeout - stopping auth");
-
-	wpas_pasn_auth_stop(wpa_s);
-}
-
-
-static void wpas_pasn_cancel_auth_work(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "PASN: Cancel pasn-start-auth work");
-
-	/* Remove pending/started work */
-	radio_remove_works(wpa_s, "pasn-start-auth", 0);
-}
-
-
-static void wpas_pasn_auth_status(struct wpa_supplicant *wpa_s, const u8 *bssid,
-				  int akmp, int cipher, u8 status,
-				  struct wpabuf *comeback,
-				  u16 comeback_after)
-{
-	if (comeback) {
-		size_t comeback_len = wpabuf_len(comeback);
-		size_t buflen = comeback_len * 2 + 1;
-		char *comeback_txt = os_malloc(buflen);
-
-		if (comeback_txt) {
-			wpa_snprintf_hex(comeback_txt, buflen,
-					 wpabuf_head(comeback), comeback_len);
-
-			wpa_msg(wpa_s, MSG_INFO, PASN_AUTH_STATUS MACSTR
-				" akmp=%s, status=%u comeback_after=%u comeback=%s",
-				MAC2STR(bssid),
-				wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN),
-				status, comeback_after, comeback_txt);
-
-			os_free(comeback_txt);
-			return;
-		}
-	}
-
-	wpa_msg(wpa_s, MSG_INFO,
-		PASN_AUTH_STATUS MACSTR " akmp=%s, status=%u",
-		MAC2STR(bssid), wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN),
-		status);
-}
-
-
-#ifdef CONFIG_SAE
-
-static struct wpabuf * wpas_pasn_wd_sae_commit(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpabuf *buf = NULL;
-	int ret;
-
-	ret = sae_set_group(&pasn->sae, pasn->group);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to set SAE group");
-		return NULL;
-	}
-
-	ret = sae_prepare_commit_pt(&pasn->sae, pasn->ssid->pt,
-				    wpa_s->own_addr, pasn->bssid,
-				    NULL, NULL);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit");
-		return NULL;
-	}
-
-	/* Need to add the entire Authentication frame body */
-	buf = wpabuf_alloc(6 + SAE_COMMIT_MAX_LEN);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer");
-		return NULL;
-	}
-
-	wpabuf_put_le16(buf, WLAN_AUTH_SAE);
-	wpabuf_put_le16(buf, 1);
-	wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT);
-
-	sae_write_commit(&pasn->sae, buf, NULL, 0);
-	pasn->sae.state = SAE_COMMITTED;
-
-	return buf;
-}
-
-
-static int wpas_pasn_wd_sae_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	const u8 *data;
-	size_t buf_len;
-	u16 len, res, alg, seq, status;
-	int groups[] = { pasn->group, 0 };
-	int ret;
-
-	if (!wd)
-		return -1;
-
-	data = wpabuf_head_u8(wd);
-	buf_len = wpabuf_len(wd);
-
-	/* first handle the commit message */
-	if (buf_len < 2) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (commit)");
-		return -1;
-	}
-
-	len = WPA_GET_LE16(data);
-	if (len < 6 || buf_len - 2 < len) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for commit");
-		return -1;
-	}
-
-	buf_len -= 2;
-	data += 2;
-
-	alg = WPA_GET_LE16(data);
-	seq = WPA_GET_LE16(data + 2);
-	status = WPA_GET_LE16(data + 4);
-
-	wpa_printf(MSG_DEBUG, "PASN: SAE: commit: alg=%u, seq=%u, status=%u",
-		   alg, seq, status);
-
-	if (alg != WLAN_AUTH_SAE || seq != 1 ||
-	    status != WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE: dropping peer commit");
-		return -1;
-	}
-
-	res = sae_parse_commit(&pasn->sae, data + 6, len - 6, NULL, 0, groups,
-			       1);
-	if (res != WLAN_STATUS_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE failed parsing commit");
-		return -1;
-	}
-
-	/* Process the commit message and derive the PMK */
-	ret = sae_process_commit(&pasn->sae);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit");
-		return -1;
-	}
-
-	buf_len -= len;
-	data += len;
-
-	/* Handle the confirm message */
-	if (buf_len < 2) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (confirm)");
-		return -1;
-	}
-
-	len = WPA_GET_LE16(data);
-	if (len < 6 || buf_len - 2 < len) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for confirm");
-		return -1;
-	}
-
-	buf_len -= 2;
-	data += 2;
-
-	alg = WPA_GET_LE16(data);
-	seq = WPA_GET_LE16(data + 2);
-	status = WPA_GET_LE16(data + 4);
-
-	wpa_printf(MSG_DEBUG, "PASN: SAE confirm: alg=%u, seq=%u, status=%u",
-		   alg, seq, status);
-
-	if (alg != WLAN_AUTH_SAE || seq != 2 || status != WLAN_STATUS_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "PASN: Dropping peer SAE confirm");
-		return -1;
-	}
-
-	res = sae_check_confirm(&pasn->sae, data + 6, len - 6);
-	if (res != WLAN_STATUS_SUCCESS) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE failed checking confirm");
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "PASN: SAE completed successfully");
-	pasn->sae.state = SAE_ACCEPTED;
-
-	return 0;
-}
-
-
-static struct wpabuf * wpas_pasn_wd_sae_confirm(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpabuf *buf = NULL;
-
-	/* Need to add the entire authentication frame body */
-	buf = wpabuf_alloc(6 + SAE_CONFIRM_MAX_LEN);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer");
-		return NULL;
-	}
-
-	wpabuf_put_le16(buf, WLAN_AUTH_SAE);
-	wpabuf_put_le16(buf, 2);
-	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-
-	sae_write_confirm(&pasn->sae, buf);
-	pasn->sae.state = SAE_CONFIRMED;
-
-	return buf;
-}
-
-
-static int wpas_pasn_sae_setup_pt(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *ssid, int group)
-{
-	const char *password = ssid->sae_password;
-	int groups[2] = { group, 0 };
-
-	if (!password)
-		password = ssid->passphrase;
-
-	if (!password) {
-		wpa_printf(MSG_DEBUG, "PASN: SAE without a password");
-		return -1;
-	}
-
-	if (ssid->pt)
-		return 0; /* PT already derived */
-
-	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
-				 (const u8 *) password, os_strlen(password),
-				 ssid->sae_password_id);
-
-	return ssid->pt ? 0 : -1;
-}
-
-#endif /* CONFIG_SAE */
-
-
-#ifdef CONFIG_FILS
-
-static struct wpabuf * wpas_pasn_fils_build_auth(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpabuf *buf = NULL;
-	struct wpabuf *erp_msg;
-	int ret;
-
-	erp_msg = eapol_sm_build_erp_reauth_start(wpa_s->eapol);
-	if (!erp_msg) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: FILS: ERP EAP-Initiate/Re-auth unavailable");
-		return NULL;
-	}
-
-	if (random_get_bytes(pasn->fils.nonce, FILS_NONCE_LEN) < 0 ||
-	    random_get_bytes(pasn->fils.session, FILS_SESSION_LEN) < 0)
-		goto fail;
-
-	wpa_hexdump(MSG_DEBUG, "PASN: FILS: Nonce", pasn->fils.nonce,
-		    FILS_NONCE_LEN);
-
-	wpa_hexdump(MSG_DEBUG, "PASN: FILS: Session", pasn->fils.session,
-		    FILS_SESSION_LEN);
-
-	buf = wpabuf_alloc(1500);
-	if (!buf)
-		goto fail;
-
-	/* Add the authentication algorithm */
-	wpabuf_put_le16(buf, WLAN_AUTH_FILS_SK);
-
-	/* Authentication Transaction seq# */
-	wpabuf_put_le16(buf, 1);
-
-	/* Status Code */
-	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-
-	/* Own RSNE */
-	wpa_pasn_add_rsne(buf, NULL, pasn->akmp, pasn->cipher);
-
-	/* FILS Nonce */
-	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
-	wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN);
-	wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE);
-	wpabuf_put_data(buf, pasn->fils.nonce, FILS_NONCE_LEN);
-
-	/* FILS Session */
-	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
-	wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN);
-	wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
-	wpabuf_put_data(buf, pasn->fils.session, FILS_SESSION_LEN);
-
-	/* Wrapped Data (ERP) */
-	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
-	wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg));
-	wpabuf_put_u8(buf, WLAN_EID_EXT_WRAPPED_DATA);
-	wpabuf_put_buf(buf, erp_msg);
-
-	/*
-	 * Calculate pending PMKID here so that we do not need to maintain a
-	 * copy of the EAP-Initiate/Reauth message.
-	 */
-	ret = fils_pmkid_erp(pasn->akmp, wpabuf_head(erp_msg),
-			     wpabuf_len(erp_msg),
-			     pasn->fils.erp_pmkid);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to get ERP PMKID");
-		goto fail;
-	}
-
-	wpabuf_free(erp_msg);
-	erp_msg = NULL;
-
-	wpa_hexdump_buf(MSG_DEBUG, "PASN: FILS: Authentication frame", buf);
-	return buf;
-fail:
-	wpabuf_free(erp_msg);
-	wpabuf_free(buf);
-	return NULL;
-}
-
-
-static void wpas_pasn_initiate_eapol(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct eapol_config eapol_conf;
-	struct wpa_ssid *ssid = pasn->ssid;
-
-	wpa_printf(MSG_DEBUG, "PASN: FILS: Initiating EAPOL");
-
-	eapol_sm_notify_eap_success(wpa_s->eapol, false);
-	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
-	eapol_sm_notify_portControl(wpa_s->eapol, Auto);
-
-	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
-	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
-	eapol_conf.workaround = ssid->eap_workaround;
-
-	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
-}
-
-
-static struct wpabuf * wpas_pasn_wd_fils_auth(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpa_bss *bss;
-	const u8 *indic;
-	u16 fils_info;
-
-	wpa_printf(MSG_DEBUG, "PASN: FILS: wrapped data - completed=%u",
-		   pasn->fils.completed);
-
-	/* Nothing to add as we are done */
-	if (pasn->fils.completed)
-		return NULL;
-
-	if (!pasn->ssid) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: No network block");
-		return NULL;
-	}
-
-	bss = wpa_bss_get_bssid(wpa_s, pasn->bssid);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: BSS not found");
-		return NULL;
-	}
-
-	indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
-	if (!indic || indic[1] < 2) {
-		wpa_printf(MSG_DEBUG, "PASN: Missing FILS Indication IE");
-		return NULL;
-	}
-
-	fils_info = WPA_GET_LE16(indic + 2);
-	if (!(fils_info & BIT(9))) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: FILS auth without PFS not supported");
-		return NULL;
-	}
-
-	wpas_pasn_initiate_eapol(wpa_s);
-
-	return wpas_pasn_fils_build_auth(wpa_s);
-}
-
-
-static int wpas_pasn_wd_fils_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct ieee802_11_elems elems;
-	struct wpa_ie_data rsne_data;
-	u8 rmsk[ERP_MAX_KEY_LEN];
-	size_t rmsk_len;
-	u8 anonce[FILS_NONCE_LEN];
-	const u8 *data;
-	size_t buf_len;
-	struct wpabuf *fils_wd = NULL;
-	u16 alg, seq, status;
-	int ret;
-
-	if (!wd)
-		return -1;
-
-	data = wpabuf_head(wd);
-	buf_len = wpabuf_len(wd);
-
-	wpa_hexdump(MSG_DEBUG, "PASN: FILS: Authentication frame len=%zu",
-		    data, buf_len);
-
-	/* first handle the header */
-	if (buf_len < 6) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short");
-		return -1;
-	}
-
-	alg = WPA_GET_LE16(data);
-	seq = WPA_GET_LE16(data + 2);
-	status = WPA_GET_LE16(data + 4);
-
-	wpa_printf(MSG_DEBUG, "PASN: FILS: commit: alg=%u, seq=%u, status=%u",
-		   alg, seq, status);
-
-	if (alg != WLAN_AUTH_FILS_SK || seq != 2 ||
-	    status != WLAN_STATUS_SUCCESS) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: FILS: Dropping peer authentication");
-		return -1;
-	}
-
-	data += 6;
-	buf_len -= 6;
-
-	if (ieee802_11_parse_elems(data, buf_len, &elems, 1) == ParseFailed) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Could not parse elements");
-		return -1;
-	}
-
-	if (!elems.rsn_ie || !elems.fils_nonce || !elems.fils_nonce ||
-	    !elems.wrapped_data) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Missing IEs");
-		return -1;
-	}
-
-	ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
-			       &rsne_data);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed parsing RNSE");
-		return -1;
-	}
-
-	ret = wpa_pasn_validate_rsne(&rsne_data);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed validating RSNE");
-		return -1;
-	}
-
-	if (rsne_data.num_pmkid) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: FILS: Not expecting PMKID in RSNE");
-		return -1;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "PASN: FILS: ANonce", elems.fils_nonce,
-		    FILS_NONCE_LEN);
-	os_memcpy(anonce, elems.fils_nonce, FILS_NONCE_LEN);
-
-	wpa_hexdump(MSG_DEBUG, "PASN: FILS: FILS Session", elems.fils_session,
-		    FILS_SESSION_LEN);
-
-	if (os_memcmp(pasn->fils.session, elems.fils_session,
-		      FILS_SESSION_LEN)) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Session mismatch");
-		return -1;
-	}
-
-	fils_wd = ieee802_11_defrag(&elems, WLAN_EID_EXTENSION,
-				    WLAN_EID_EXT_WRAPPED_DATA);
-
-	if (!fils_wd) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: FILS: Failed getting wrapped data");
-		return -1;
-	}
-
-	eapol_sm_process_erp_finish(wpa_s->eapol, wpabuf_head(fils_wd),
-				    wpabuf_len(fils_wd));
-
-	wpabuf_free(fils_wd);
-	fils_wd = NULL;
-
-	if (eapol_sm_failed(wpa_s->eapol)) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: ERP finish failed");
-		return -1;
-	}
-
-	rmsk_len = ERP_MAX_KEY_LEN;
-	ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len);
-
-	if (ret == PMK_LEN) {
-		rmsk_len = PMK_LEN;
-		ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len);
-	}
-
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed getting RMSK");
-		return -1;
-	}
-
-	ret = fils_rmsk_to_pmk(pasn->akmp, rmsk, rmsk_len,
-			       pasn->fils.nonce, anonce, NULL, 0,
-			       pasn->pmk, &pasn->pmk_len);
-
-	forced_memzero(rmsk, sizeof(rmsk));
-
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PMK");
-		return -1;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "PASN: FILS: PMKID", pasn->fils.erp_pmkid,
-		    PMKID_LEN);
-
-	wpa_printf(MSG_DEBUG, "PASN: FILS: ERP processing succeeded");
-
-	wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk,
-				 pasn->pmk_len, pasn->fils.erp_pmkid,
-				 pasn->bssid, pasn->akmp);
-
-	pasn->fils.completed = true;
-	return 0;
-}
-
-#endif /* CONFIG_FILS */
-
-
-static struct wpabuf * wpas_pasn_get_wrapped_data(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-
-	if (pasn->using_pmksa)
-		return NULL;
-
-	switch (pasn->akmp) {
-	case WPA_KEY_MGMT_PASN:
-		/* no wrapped data */
-		return NULL;
-	case WPA_KEY_MGMT_SAE:
-#ifdef CONFIG_SAE
-		if (pasn->trans_seq == 0)
-			return wpas_pasn_wd_sae_commit(wpa_s);
-		if (pasn->trans_seq == 2)
-			return wpas_pasn_wd_sae_confirm(wpa_s);
-#endif /* CONFIG_SAE */
-		wpa_printf(MSG_ERROR,
-			   "PASN: SAE: Cannot derive wrapped data");
-		return NULL;
-	case WPA_KEY_MGMT_FILS_SHA256:
-	case WPA_KEY_MGMT_FILS_SHA384:
-#ifdef CONFIG_FILS
-		return wpas_pasn_wd_fils_auth(wpa_s);
-#endif /* CONFIG_FILS */
-	case WPA_KEY_MGMT_FT_PSK:
-	case WPA_KEY_MGMT_FT_IEEE8021X:
-	case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
-		/*
-		 * Wrapped data with these AKMs is optional and is only needed
-		 * for further validation of FT security parameters. For now do
-		 * not use them.
-		 */
-		return NULL;
-	default:
-		wpa_printf(MSG_ERROR,
-			   "PASN: TODO: Wrapped data for akmp=0x%x",
-			   pasn->akmp);
-		return NULL;
-	}
-}
-
-
-static u8 wpas_pasn_get_wrapped_data_format(struct wpas_pasn *pasn)
-{
-	if (pasn->using_pmksa)
-		return WPA_PASN_WRAPPED_DATA_NO;
-
-	/* Note: Valid AKMP is expected to already be validated */
-	switch (pasn->akmp) {
-	case WPA_KEY_MGMT_SAE:
-		return WPA_PASN_WRAPPED_DATA_SAE;
-	case WPA_KEY_MGMT_FILS_SHA256:
-	case WPA_KEY_MGMT_FILS_SHA384:
-		return WPA_PASN_WRAPPED_DATA_FILS_SK;
-	case WPA_KEY_MGMT_FT_PSK:
-	case WPA_KEY_MGMT_FT_IEEE8021X:
-	case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
-		/*
-		 * Wrapped data with these AKMs is optional and is only needed
-		 * for further validation of FT security parameters. For now do
-		 * not use them.
-		 */
-		return WPA_PASN_WRAPPED_DATA_NO;
-	case WPA_KEY_MGMT_PASN:
-	default:
-		return WPA_PASN_WRAPPED_DATA_NO;
-	}
-}
-
-
-static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
-					      const struct wpabuf *comeback)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL;
-	const u8 *pmkid;
-	u8 wrapped_data;
-	int ret;
-	u16 capab;
-
-	wpa_printf(MSG_DEBUG, "PASN: Building frame 1");
-
-	if (pasn->trans_seq)
-		return NULL;
-
-	buf = wpabuf_alloc(1500);
-	if (!buf)
-		goto fail;
-
-	/* Get public key */
-	pubkey = crypto_ecdh_get_pubkey(pasn->ecdh, 0);
-	pubkey = wpabuf_zeropad(pubkey, crypto_ecdh_prime_len(pasn->ecdh));
-	if (!pubkey) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to get pubkey");
-		goto fail;
-	}
-
-	wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
-
-	wpa_pasn_build_auth_header(buf, pasn->bssid,
-				   wpa_s->own_addr, pasn->bssid,
-				   pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
-
-	pmkid = NULL;
-	if (wpa_key_mgmt_ft(pasn->akmp)) {
-		ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, pasn->akmp,
-						pasn->bssid,
-						pasn->pmk_r1,
-						&pasn->pmk_r1_len,
-						pasn->pmk_r1_name);
-		if (ret) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: FT: Failed to derive keys");
-			goto fail;
-		}
-
-		pmkid = pasn->pmk_r1_name;
-	} else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) {
-		struct rsn_pmksa_cache_entry *pmksa;
-
-		pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
-					       NULL, NULL, pasn->akmp);
-		if (pmksa)
-			pmkid = pmksa->pmkid;
-
-		/*
-		 * Note: Even when PMKSA is available, also add wrapped data as
-		 * it is possible that the PMKID is no longer valid at the AP.
-		 */
-		wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
-	}
-
-	if (wpa_pasn_add_rsne(buf, pmkid, pasn->akmp, pasn->cipher) < 0)
-		goto fail;
-
-	if (!wrapped_data_buf)
-		wrapped_data = WPA_PASN_WRAPPED_DATA_NO;
-
-	wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data,
-				  pubkey, true, comeback, -1);
-
-	if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
-		goto fail;
-
-	/* Add own RNSXE */
-	capab = 0;
-	capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
-	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF)
-		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
-	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT)
-		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
-	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG)
-		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
-	wpa_pasn_add_rsnxe(buf, capab);
-
-	ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,
-				   wpabuf_head_u8(buf) + IEEE80211_HDRLEN,
-				   wpabuf_len(buf) - IEEE80211_HDRLEN,
-				   pasn->hash);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to compute hash");
-		goto fail;
-	}
-
-	pasn->trans_seq++;
-
-	wpabuf_free(wrapped_data_buf);
-	wpabuf_free(pubkey);
-
-	wpa_printf(MSG_DEBUG, "PASN: Frame 1: Success");
-	return buf;
-fail:
-	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-	wpabuf_free(wrapped_data_buf);
-	wpabuf_free(pubkey);
-	wpabuf_free(buf);
-	return NULL;
-}
-
-
-static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpabuf *buf, *wrapped_data_buf = NULL;
-	u8 mic[WPA_PASN_MAX_MIC_LEN];
-	u8 mic_len, data_len;
-	const u8 *data;
-	u8 *ptr;
-	u8 wrapped_data;
-	int ret;
-
-	wpa_printf(MSG_DEBUG, "PASN: Building frame 3");
-
-	if (pasn->trans_seq != 2)
-		return NULL;
-
-	buf = wpabuf_alloc(1500);
-	if (!buf)
-		goto fail;
-
-	wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
-
-	wpa_pasn_build_auth_header(buf, pasn->bssid,
-				   wpa_s->own_addr, pasn->bssid,
-				   pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
-
-	wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
-
-	if (!wrapped_data_buf)
-		wrapped_data = WPA_PASN_WRAPPED_DATA_NO;
-
-	wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data,
-				  NULL, false, NULL, -1);
-
-	if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
-		goto fail;
-	wpabuf_free(wrapped_data_buf);
-	wrapped_data_buf = NULL;
-
-	/* Add the MIC */
-	mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);
-	wpabuf_put_u8(buf, WLAN_EID_MIC);
-	wpabuf_put_u8(buf, mic_len);
-	ptr = wpabuf_put(buf, mic_len);
-
-	os_memset(ptr, 0, mic_len);
-
-	data = wpabuf_head_u8(buf) + IEEE80211_HDRLEN;
-	data_len = wpabuf_len(buf) - IEEE80211_HDRLEN;
-
-	ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
-		       wpa_s->own_addr, pasn->bssid,
-		       pasn->hash, mic_len * 2, data, data_len, mic);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: frame 3: Failed MIC calculation");
-		goto fail;
-	}
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->conf->pasn_corrupt_mic) {
-		wpa_printf(MSG_DEBUG, "PASN: frame 3: Corrupt MIC");
-		mic[0] = ~mic[0];
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	os_memcpy(ptr, mic, mic_len);
-
-	pasn->trans_seq++;
-
-	wpa_printf(MSG_DEBUG, "PASN: frame 3: Success");
-	return buf;
-fail:
-	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-	wpabuf_free(wrapped_data_buf);
-	wpabuf_free(buf);
-	return NULL;
-}
-
-
-static void wpas_pasn_reset(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-
-	wpa_printf(MSG_DEBUG, "PASN: Reset");
-
-	crypto_ecdh_deinit(pasn->ecdh);
-	pasn->ecdh = NULL;
-
-	wpas_pasn_cancel_auth_work(wpa_s);
-	wpa_s->pasn_auth_work = NULL;
-
-	eloop_cancel_timeout(wpas_pasn_auth_work_timeout, wpa_s, NULL);
-
-	pasn->akmp = 0;
-	pasn->cipher = 0;
-	pasn->group = 0;
-	pasn->trans_seq = 0;
-	pasn->pmk_len = 0;
-	pasn->using_pmksa = false;
-
-	forced_memzero(pasn->pmk, sizeof(pasn->pmk));
-	forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
-	forced_memzero(&pasn->hash, sizeof(pasn->hash));
-
-	wpabuf_free(pasn->beacon_rsne_rsnxe);
-	pasn->beacon_rsne_rsnxe = NULL;
-
-	wpabuf_free(pasn->comeback);
-	pasn->comeback = NULL;
-	pasn->comeback_after = 0;
-
-#ifdef CONFIG_SAE
-	sae_clear_data(&pasn->sae);
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_FILS
-	os_memset(&pasn->fils, 0, sizeof(pasn->fils));
-#endif /* CONFIG_FILS*/
-
-#ifdef CONFIG_IEEE80211R
-	forced_memzero(pasn->pmk_r1, sizeof(pasn->pmk_r1));
-	pasn->pmk_r1_len = 0;
-	os_memset(pasn->pmk_r1_name, 0, sizeof(pasn->pmk_r1_name));
-#endif /* CONFIG_IEEE80211R */
-	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-}
-
-
-static int wpas_pasn_set_pmk(struct wpa_supplicant *wpa_s,
-			     struct wpa_ie_data *rsn_data,
-			     struct wpa_pasn_params_data *pasn_data,
-			     struct wpabuf *wrapped_data)
-{
-	static const u8 pasn_default_pmk[] = {'P', 'M', 'K', 'z'};
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-
-	os_memset(pasn->pmk, 0, sizeof(pasn->pmk));
-	pasn->pmk_len = 0;
-
-	if (pasn->akmp == WPA_KEY_MGMT_PASN) {
-		wpa_printf(MSG_DEBUG, "PASN: Using default PMK");
-
-		pasn->pmk_len = WPA_PASN_PMK_LEN;
-		os_memcpy(pasn->pmk, pasn_default_pmk,
-			  sizeof(pasn_default_pmk));
-		return 0;
-	}
-
-	if (wpa_key_mgmt_ft(pasn->akmp)) {
-#ifdef CONFIG_IEEE80211R
-		wpa_printf(MSG_DEBUG, "PASN: FT: Using PMK-R1");
-		pasn->pmk_len = pasn->pmk_r1_len;
-		os_memcpy(pasn->pmk, pasn->pmk_r1, pasn->pmk_r1_len);
-		pasn->using_pmksa = true;
-		return 0;
-#else /* CONFIG_IEEE80211R */
-		wpa_printf(MSG_DEBUG, "PASN: FT: Not supported");
-		return -1;
-#endif /* CONFIG_IEEE80211R */
-	}
-
-	if (rsn_data->num_pmkid) {
-		struct rsn_pmksa_cache_entry *pmksa;
-
-		pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
-					       rsn_data->pmkid, NULL,
-					       pasn->akmp);
-		if (pmksa) {
-			wpa_printf(MSG_DEBUG, "PASN: Using PMKSA");
-
-			pasn->pmk_len = pmksa->pmk_len;
-			os_memcpy(pasn->pmk, pmksa->pmk, pmksa->pmk_len);
-			pasn->using_pmksa = true;
-
-			return 0;
-		}
-	}
-
-#ifdef CONFIG_SAE
-	if (pasn->akmp == WPA_KEY_MGMT_SAE) {
-		int ret;
-
-		ret = wpas_pasn_wd_sae_rx(wpa_s, wrapped_data);
-		if (ret) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: Failed processing SAE wrapped data");
-			pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-			return -1;
-		}
-
-		wpa_printf(MSG_DEBUG, "PASN: Success deriving PMK with SAE");
-		pasn->pmk_len = PMK_LEN;
-		os_memcpy(pasn->pmk, pasn->sae.pmk, PMK_LEN);
-
-		wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk,
-					 pasn->pmk_len, pasn->sae.pmkid,
-					 pasn->bssid, pasn->akmp);
-		return 0;
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_FILS
-	if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 ||
-	    pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) {
-		int ret;
-
-		ret = wpas_pasn_wd_fils_rx(wpa_s, wrapped_data);
-		if (ret) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: Failed processing FILS wrapped data");
-			pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-			return -1;
-		}
-
-		return 0;
-	}
-#endif	/* CONFIG_FILS */
-
-	/* TODO: Derive PMK based on wrapped data */
-	wpa_printf(MSG_DEBUG, "PASN: Missing implementation to derive PMK");
-	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-	return -1;
-}
-
-
-static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			   int akmp, int cipher, u16 group, int freq,
-			   const u8 *beacon_rsne, u8 beacon_rsne_len,
-			   const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
-			   int network_id, struct wpabuf *comeback)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct wpa_ssid *ssid = NULL;
-	struct wpabuf *frame;
-	int ret;
-
-	/* TODO: Currently support only ECC groups */
-	if (!dragonfly_suitable_group(group, 1)) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Reject unsuitable group %u", group);
-		return -1;
-	}
-
-	ssid = wpa_config_get_network(wpa_s->conf, network_id);
-
-	switch (akmp) {
-	case WPA_KEY_MGMT_PASN:
-		break;
-#ifdef CONFIG_SAE
-	case WPA_KEY_MGMT_SAE:
-		if (!ssid) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: No network profile found for SAE");
-			return -1;
-		}
-
-		if (!ieee802_11_rsnx_capab(beacon_rsnxe,
-					   WLAN_RSNX_CAPAB_SAE_H2E)) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: AP does not support SAE H2E");
-			return -1;
-		}
-
-		if (wpas_pasn_sae_setup_pt(wpa_s, ssid, group) < 0) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: Failed to derive PT");
-			return -1;
-		}
-
-		pasn->sae.state = SAE_NOTHING;
-		pasn->sae.send_confirm = 0;
-		pasn->ssid = ssid;
-		break;
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_FILS
-	case WPA_KEY_MGMT_FILS_SHA256:
-	case WPA_KEY_MGMT_FILS_SHA384:
-		pasn->ssid = ssid;
-		break;
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_IEEE80211R
-	case WPA_KEY_MGMT_FT_PSK:
-	case WPA_KEY_MGMT_FT_IEEE8021X:
-	case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
-		break;
-#endif /* CONFIG_IEEE80211R */
-	default:
-		wpa_printf(MSG_ERROR, "PASN: Unsupported AKMP=0x%x", akmp);
-		return -1;
-	}
-
-	pasn->ecdh = crypto_ecdh_init(group);
-	if (!pasn->ecdh) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to init ECDH");
-		goto fail;
-	}
-
-	pasn->beacon_rsne_rsnxe = wpabuf_alloc(beacon_rsne_len +
-					       beacon_rsnxe_len);
-	if (!pasn->beacon_rsne_rsnxe) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed storing beacon RSNE/RSNXE");
-		goto fail;
-	}
-
-	wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsne, beacon_rsne_len);
-	if (beacon_rsnxe && beacon_rsnxe_len)
-		wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsnxe,
-				beacon_rsnxe_len);
-
-	pasn->akmp = akmp;
-	pasn->cipher = cipher;
-	pasn->group = group;
-	pasn->freq = freq;
-
-	if (wpa_s->conf->force_kdk_derivation ||
-	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF &&
-	     ieee802_11_rsnx_capab(beacon_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
-		pasn->kdk_len = WPA_KDK_MAX_LEN;
-	else
-		pasn->kdk_len = 0;
-	wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", pasn->kdk_len);
-
-	os_memcpy(pasn->bssid, bssid, ETH_ALEN);
-
-	wpa_printf(MSG_DEBUG,
-		   "PASN: Init: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u",
-		   MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher,
-		   pasn->group);
-
-	frame = wpas_pasn_build_auth_1(wpa_s, comeback);
-	if (!frame) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame");
-		goto fail;
-	}
-
-	ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0,
-				pasn->freq, 1000);
-
-	wpabuf_free(frame);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed sending 1st auth frame");
-		goto fail;
-	}
-
-	eloop_register_timeout(2, 0, wpas_pasn_auth_work_timeout, wpa_s, NULL);
-	return 0;
-
-fail:
-	return -1;
-}
-
-
-static struct wpa_bss * wpas_pasn_allowed(struct wpa_supplicant *wpa_s,
-					  const u8 *bssid, int akmp, int cipher)
-{
-	struct wpa_bss *bss;
-	const u8 *rsne;
-	struct wpa_ie_data rsne_data;
-	int ret;
-
-	if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Not doing authentication with current BSS");
-		return NULL;
-	}
-
-	bss = wpa_bss_get_bssid(wpa_s, bssid);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "PASN: BSS not found");
-		return NULL;
-	}
-
-	rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	if (!rsne) {
-		wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE");
-		return NULL;
-	}
-
-	ret = wpa_parse_wpa_ie(rsne, *(rsne + 1) + 2, &rsne_data);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed parsing RSNE data");
-		return NULL;
-	}
-
-	if (!(rsne_data.key_mgmt & akmp) ||
-	    !(rsne_data.pairwise_cipher & cipher)) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: AP does not support requested AKMP or cipher");
-		return NULL;
-	}
-
-	return bss;
-}
-
-
-static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct wpa_pasn_auth_work *awork = work->ctx;
-	struct wpa_bss *bss;
-	const u8 *rsne, *rsnxe;
-	int ret;
-
-	wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit);
-
-	if (deinit) {
-		if (work->started) {
-			eloop_cancel_timeout(wpas_pasn_auth_work_timeout,
-					     wpa_s, NULL);
-			wpa_s->pasn_auth_work = NULL;
-		}
-
-		wpas_pasn_free_auth_work(awork);
-		return;
-	}
-
-	/*
-	 * It is possible that by the time the callback is called, the PASN
-	 * authentication is not allowed, e.g., a connection with the AP was
-	 * established.
-	 */
-	bss = wpas_pasn_allowed(wpa_s, awork->bssid, awork->akmp,
-				awork->cipher);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: Not allowed");
-		goto fail;
-	}
-
-	rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	if (!rsne) {
-		wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE");
-		goto fail;
-	}
-
-	rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-
-	ret = wpas_pasn_start(wpa_s, awork->bssid, awork->akmp, awork->cipher,
-			      awork->group, bss->freq, rsne, *(rsne + 1) + 2,
-			      rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0,
-			      awork->network_id, awork->comeback);
-	if (ret) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Failed to start PASN authentication");
-		goto fail;
-	}
-
-	/* comeback token is no longer needed at this stage */
-	wpabuf_free(awork->comeback);
-	awork->comeback = NULL;
-
-	wpa_s->pasn_auth_work = work;
-	return;
-fail:
-	wpas_pasn_free_auth_work(awork);
-	work->ctx = NULL;
-	radio_work_done(work);
-}
-
-
-int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			 int akmp, int cipher, u16 group, int network_id,
-			 const u8 *comeback, size_t comeback_len)
-{
-	struct wpa_pasn_auth_work *awork;
-	struct wpa_bss *bss;
-
-	wpa_printf(MSG_DEBUG, "PASN: Start: " MACSTR " akmp=0x%x, cipher=0x%x",
-		   MAC2STR(bssid), akmp, cipher);
-
-	/*
-	 * TODO: Consider modifying the offchannel logic to handle additional
-	 * Management frames other then Action frames. For now allow PASN only
-	 * with drivers that support off-channel TX.
-	 */
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Driver does not support offchannel TX");
-		return -1;
-	}
-
-	if (radio_work_pending(wpa_s, "pasn-start-auth")) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: send_auth: Work is already pending");
-		return -1;
-	}
-
-	if (wpa_s->pasn_auth_work) {
-		wpa_printf(MSG_DEBUG, "PASN: send_auth: Already in progress");
-		return -1;
-	}
-
-	bss = wpas_pasn_allowed(wpa_s, bssid, akmp, cipher);
-	if (!bss)
-		return -1;
-
-	wpas_pasn_reset(wpa_s);
-
-	awork = os_zalloc(sizeof(*awork));
-	if (!awork)
-		return -1;
-
-	os_memcpy(awork->bssid, bssid, ETH_ALEN);
-	awork->akmp = akmp;
-	awork->cipher = cipher;
-	awork->group = group;
-	awork->network_id = network_id;
-
-	if (comeback && comeback_len) {
-		awork->comeback = wpabuf_alloc_copy(comeback, comeback_len);
-		if (!awork->comeback) {
-			wpas_pasn_free_auth_work(awork);
-			return -1;
-		}
-	}
-
-	if (radio_add_work(wpa_s, bss->freq, "pasn-start-auth", 1,
-			   wpas_pasn_auth_start_cb, awork) < 0) {
-		wpas_pasn_free_auth_work(awork);
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "PASN: Auth work successfully added");
-	return 0;
-}
-
-
-void wpas_pasn_auth_stop(struct wpa_supplicant *wpa_s)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-
-	if (!wpa_s->pasn.ecdh)
-		return;
-
-	wpa_printf(MSG_DEBUG, "PASN: Stopping authentication");
-
-	wpas_pasn_auth_status(wpa_s, pasn->bssid, pasn->akmp, pasn->cipher,
-			      pasn->status, pasn->comeback,
-			      pasn->comeback_after);
-
-	wpas_pasn_reset(wpa_s);
-}
-
-
-static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s,
-				     struct wpas_pasn *pasn,
-				     struct wpa_pasn_params_data *params)
-{
-	int akmp = pasn->akmp;
-	int cipher = pasn->cipher;
-	u16 group = pasn->group;
-	u8 bssid[ETH_ALEN];
-	int network_id = pasn->ssid ? pasn->ssid->id : 0;
-
-	wpa_printf(MSG_DEBUG, "PASN: Immediate retry");
-	os_memcpy(bssid, pasn->bssid, ETH_ALEN);
-	wpas_pasn_reset(wpa_s);
-
-	return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group,
-				    network_id,
-				    params->comeback, params->comeback_len);
-}
-
-
-int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
-		      const struct ieee80211_mgmt *mgmt, size_t len)
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	struct ieee802_11_elems elems;
-	struct wpa_ie_data rsn_data;
-	struct wpa_pasn_params_data pasn_params;
-	struct wpabuf *wrapped_data = NULL, *secret = NULL, *frame = NULL;
-	u8 mic[WPA_PASN_MAX_MIC_LEN], out_mic[WPA_PASN_MAX_MIC_LEN];
-	u8 mic_len;
-	u16 status;
-	int ret, inc_y;
-	u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-			      (WLAN_FC_STYPE_AUTH << 4));
-
-	if (!wpa_s->pasn_auth_work || !mgmt ||
-	    len < offsetof(struct ieee80211_mgmt, u.auth.variable))
-		return -2;
-
-	/* Not an Authentication frame; do nothing */
-	if ((mgmt->frame_control & fc) != fc)
-		return -2;
-
-	/* Not our frame; do nothing */
-	if (os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN) != 0 ||
-	    os_memcmp(mgmt->sa, pasn->bssid, ETH_ALEN) != 0 ||
-	    os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0)
-		return -2;
-
-	/* Not PASN; do nothing */
-	if (mgmt->u.auth.auth_alg != host_to_le16(WLAN_AUTH_PASN))
-		return -2;
-
-	if (mgmt->u.auth.auth_transaction !=
-	    host_to_le16(pasn->trans_seq + 1)) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: RX: Invalid transaction sequence: (%u != %u)",
-			   le_to_host16(mgmt->u.auth.auth_transaction),
-			   pasn->trans_seq + 1);
-		return -1;
-	}
-
-	status = le_to_host16(mgmt->u.auth.status_code);
-
-	if (status != WLAN_STATUS_SUCCESS &&
-	    status != WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Authentication rejected - status=%u", status);
-		pasn->status = status;
-		wpas_pasn_auth_stop(wpa_s);
-		return -1;
-	}
-
-	if (ieee802_11_parse_elems(mgmt->u.auth.variable,
-				   len - offsetof(struct ieee80211_mgmt,
-						  u.auth.variable),
-				   &elems, 0) == ParseFailed) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Failed parsing Authentication frame");
-		goto fail;
-	}
-
-	/* Check that the MIC IE exists. Save it and zero out the memory */
-	mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);
-	if (status == WLAN_STATUS_SUCCESS) {
-		if (!elems.mic || elems.mic_len != mic_len) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: Invalid MIC. Expecting len=%u",
-				   mic_len);
-			goto fail;
-		} else {
-			os_memcpy(mic, elems.mic, mic_len);
-			/* TODO: Clean this up.. Should not be modifying the
-			 * received message buffer. */
-			os_memset((u8 *) elems.mic, 0, mic_len);
-		}
-	}
-
-	if (!elems.pasn_params || !elems.pasn_params_len) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Missing PASN Parameters IE");
-		goto fail;
-	}
-
-	ret = wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
-					  elems.pasn_params_len + 3,
-					  true, &pasn_params);
-	if (ret) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Failed validation PASN of Parameters IE");
-		goto fail;
-	}
-
-	if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Authentication temporarily rejected");
-
-		if (pasn_params.comeback && pasn_params.comeback_len) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: Comeback token available. After=%u",
-				   pasn_params.after);
-
-			if (!pasn_params.after)
-				return wpas_pasn_immediate_retry(wpa_s, pasn,
-								 &pasn_params);
-
-			pasn->comeback = wpabuf_alloc_copy(
-				pasn_params.comeback, pasn_params.comeback_len);
-			if (pasn->comeback)
-				pasn->comeback_after = pasn_params.after;
-		}
-
-		pasn->status = status;
-		goto fail;
-	}
-
-	ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
-			       &rsn_data);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed parsing RNSE");
-		goto fail;
-	}
-
-	ret = wpa_pasn_validate_rsne(&rsn_data);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed validating RSNE");
-		goto fail;
-	}
-
-	if (pasn->akmp != rsn_data.key_mgmt ||
-	    pasn->cipher != rsn_data.pairwise_cipher) {
-		wpa_printf(MSG_DEBUG, "PASN: Mismatch in AKMP/cipher");
-		goto fail;
-	}
-
-	if (pasn->group != pasn_params.group) {
-		wpa_printf(MSG_DEBUG, "PASN: Mismatch in group");
-		goto fail;
-	}
-
-	if (!pasn_params.pubkey || !pasn_params.pubkey_len) {
-		wpa_printf(MSG_DEBUG, "PASN: Invalid public key");
-		goto fail;
-	}
-
-	if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_UNCOMPRESSED) {
-		inc_y = 1;
-	} else if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_0 ||
-		   pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_1) {
-		inc_y = 0;
-	} else {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Invalid first octet in pubkey=0x%x",
-			   pasn_params.pubkey[0]);
-		goto fail;
-	}
-
-	secret = crypto_ecdh_set_peerkey(pasn->ecdh, inc_y,
-					 pasn_params.pubkey + 1,
-					 pasn_params.pubkey_len - 1);
-
-	if (!secret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to derive shared secret");
-		goto fail;
-	}
-
-	if (pasn_params.wrapped_data_format != WPA_PASN_WRAPPED_DATA_NO) {
-		wrapped_data = ieee802_11_defrag(&elems,
-						 WLAN_EID_EXTENSION,
-						 WLAN_EID_EXT_WRAPPED_DATA);
-
-		if (!wrapped_data) {
-			wpa_printf(MSG_DEBUG, "PASN: Missing wrapped data");
-			goto fail;
-		}
-	}
-
-	ret = wpas_pasn_set_pmk(wpa_s, &rsn_data, &pasn_params, wrapped_data);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to set PMK");
-		goto fail;
-	}
-
-	ret = pasn_pmk_to_ptk(pasn->pmk, pasn->pmk_len,
-			      wpa_s->own_addr, pasn->bssid,
-			      wpabuf_head(secret), wpabuf_len(secret),
-			      &pasn->ptk, pasn->akmp, pasn->cipher,
-			      pasn->kdk_len);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK");
-		goto fail;
-	}
-
-	wpabuf_free(wrapped_data);
-	wrapped_data = NULL;
-	wpabuf_free(secret);
-	secret = NULL;
-
-	/* Verify the MIC */
-	ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
-		       pasn->bssid, wpa_s->own_addr,
-		       wpabuf_head(pasn->beacon_rsne_rsnxe),
-		       wpabuf_len(pasn->beacon_rsne_rsnxe),
-		       (u8 *) &mgmt->u.auth,
-		       len - offsetof(struct ieee80211_mgmt, u.auth),
-		       out_mic);
-
-	wpa_hexdump_key(MSG_DEBUG, "PASN: Frame MIC", mic, mic_len);
-	if (ret || os_memcmp(mic, out_mic, mic_len) != 0) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed MIC verification");
-		goto fail;
-	}
-
-	pasn->trans_seq++;
-
-	wpa_printf(MSG_DEBUG, "PASN: Success verifying Authentication frame");
-
-	frame = wpas_pasn_build_auth_3(wpa_s);
-	if (!frame) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed building 3rd auth frame");
-		goto fail;
-	}
-
-	ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0,
-				pasn->freq, 100);
-	wpabuf_free(frame);
-	if (ret) {
-		wpa_printf(MSG_DEBUG, "PASN: Failed sending 3st auth frame");
-		goto fail;
-	}
-
-	wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK");
-
-	ptksa_cache_add(wpa_s->ptksa, pasn->bssid, pasn->cipher,
-			dot11RSNAConfigPMKLifetime, &pasn->ptk);
-
-	forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
-
-	pasn->status = WLAN_STATUS_SUCCESS;
-	return 0;
-fail:
-	wpa_printf(MSG_DEBUG, "PASN: Failed RX processing - terminating");
-	wpabuf_free(wrapped_data);
-	wpabuf_free(secret);
-
-	/*
-	 * TODO: In case of an error the standard allows to silently drop
-	 * the frame and terminate the authentication exchange. However, better
-	 * reply to the AP with an error status.
-	 */
-	if (status == WLAN_STATUS_SUCCESS)
-		pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-	else
-		pasn->status = status;
-
-	wpas_pasn_auth_stop(wpa_s);
-	return -1;
-}
-
-
-int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
-			     const u8 *data, size_t data_len, u8 acked)
-
-{
-	struct wpas_pasn *pasn = &wpa_s->pasn;
-	const struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) data;
-	u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-			      (WLAN_FC_STYPE_AUTH << 4));
-
-	wpa_printf(MSG_DEBUG, "PASN: auth_tx_status: acked=%u", acked);
-
-	if (!wpa_s->pasn_auth_work) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: auth_tx_status: no work in progress");
-		return -1;
-	}
-
-	if (!mgmt ||
-	    data_len < offsetof(struct ieee80211_mgmt, u.auth.variable))
-		return -1;
-
-	/* Not an authentication frame; do nothing */
-	if ((mgmt->frame_control & fc) != fc)
-		return -1;
-
-	/* Not our frame; do nothing */
-	if (os_memcmp(mgmt->da, pasn->bssid, ETH_ALEN) ||
-	    os_memcmp(mgmt->sa, wpa_s->own_addr, ETH_ALEN) ||
-	    os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN))
-		return -1;
-
-	/* Not PASN; do nothing */
-	if (mgmt->u.auth.auth_alg !=  host_to_le16(WLAN_AUTH_PASN))
-		return -1;
-
-	if (mgmt->u.auth.auth_transaction != host_to_le16(pasn->trans_seq)) {
-		wpa_printf(MSG_ERROR,
-			   "PASN: Invalid transaction sequence: (%u != %u)",
-			   pasn->trans_seq,
-			   le_to_host16(mgmt->u.auth.auth_transaction));
-		return 0;
-	}
-
-	wpa_printf(MSG_ERROR,
-		   "PASN: auth with trans_seq=%u, acked=%u", pasn->trans_seq,
-		   acked);
-
-	/*
-	 * Even if the frame was not acked, do not treat this is an error, and
-	 * try to complete the flow, relying on the PASN timeout callback to
-	 * clean up.
-	 */
-	if (pasn->trans_seq == 3) {
-		wpa_printf(MSG_DEBUG, "PASN: auth complete with: " MACSTR,
-			   MAC2STR(pasn->bssid));
-		/*
-		 * Either frame was not ACKed or it was ACKed but the trans_seq
-		 * != 1, i.e., not expecting an RX frame, so we are done.
-		 */
-		wpas_pasn_auth_stop(wpa_s);
-	}
-
-	return 0;
-}
-
-
-int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	struct wpa_bss *bss;
-	struct wpabuf *buf;
-	struct ieee80211_mgmt *deauth;
-	int ret;
-
-	if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) {
-		wpa_printf(MSG_DEBUG,
-			   "PASN: Cannot deauthenticate from current BSS");
-		return -1;
-	}
-
-	wpa_printf(MSG_DEBUG, "PASN: deauth: Flushing all PTKSA entries for "
-		   MACSTR, MAC2STR(bssid));
-	ptksa_cache_flush(wpa_s->ptksa, bssid, WPA_CIPHER_NONE);
-
-	bss = wpa_bss_get_bssid(wpa_s, bssid);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "PASN: deauth: BSS not found");
-		return -1;
-	}
-
-	buf = wpabuf_alloc(64);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG, "PASN: deauth: Failed wpabuf allocate");
-		return -1;
-	}
-
-	deauth = wpabuf_put(buf, offsetof(struct ieee80211_mgmt,
-					  u.deauth.variable));
-
-	deauth->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-					     (WLAN_FC_STYPE_DEAUTH << 4));
-
-	os_memcpy(deauth->da, bssid, ETH_ALEN);
-	os_memcpy(deauth->sa, wpa_s->own_addr, ETH_ALEN);
-	os_memcpy(deauth->bssid, bssid, ETH_ALEN);
-	deauth->u.deauth.reason_code =
-		host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
-
-	/*
-	 * Since we do not expect any response from the AP, implement the
-	 * Deauthentication frame transmission using direct call to the driver
-	 * without a radio work.
-	 */
-	ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1,
-				bss->freq, 0);
-
-	wpabuf_free(buf);
-	wpa_printf(MSG_DEBUG, "PASN: deauth: send_mlme ret=%d", ret);
-
-	return ret;
-}
diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c
deleted file mode 100644
index 31b55325f7f7..000000000000
--- a/wpa_supplicant/preauth_test.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/*
- * WPA Supplicant - test code for pre-authentication
- * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
- * Not used in production version.
- */
-
-#include "includes.h"
-#include <assert.h>
-
-#include "common.h"
-#include "config.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "eloop.h"
-#include "rsn_supp/wpa.h"
-#include "eap_peer/eap.h"
-#include "wpa_supplicant_i.h"
-#include "l2_packet/l2_packet.h"
-#include "ctrl_iface.h"
-#include "pcsc_funcs.h"
-#include "rsn_supp/preauth.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "drivers/driver.h"
-
-
-const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
-
-
-struct preauth_test_data {
-	int auth_timed_out;
-};
-
-
-static void _wpa_supplicant_deauthenticate(void *wpa_s, u16 reason_code)
-{
-	wpa_supplicant_deauthenticate(wpa_s, reason_code);
-}
-
-
-static void _wpa_supplicant_reconnect(void *wpa_s)
-{
-	wpa_supplicant_reconnect(wpa_s);
-}
-
-
-static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
-			    const void *data, u16 data_len,
-			    size_t *msg_len, void **data_pos)
-{
-	struct ieee802_1x_hdr *hdr;
-
-	*msg_len = sizeof(*hdr) + data_len;
-	hdr = os_malloc(*msg_len);
-	if (hdr == NULL)
-		return NULL;
-
-	hdr->version = wpa_s->conf->eapol_version;
-	hdr->type = type;
-	hdr->length = htons(data_len);
-
-	if (data)
-		os_memcpy(hdr + 1, data, data_len);
-	else
-		os_memset(hdr + 1, 0, data_len);
-
-	if (data_pos)
-		*data_pos = hdr + 1;
-
-	return (u8 *) hdr;
-}
-
-
-static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
-			     const void *data, u16 data_len,
-			     size_t *msg_len, void **data_pos)
-{
-	return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
-}
-
-
-static void _wpa_supplicant_set_state(void *ctx, enum wpa_states state)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_s->wpa_state = state;
-}
-
-
-static enum wpa_states _wpa_supplicant_get_state(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_s->wpa_state;
-}
-
-
-static int wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
-			  const u8 *buf, size_t len)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static void * wpa_supplicant_get_network_ctx(void *wpa_s)
-{
-	return wpa_supplicant_get_ssid(wpa_s);
-}
-
-
-static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
-{
-	wpa_supplicant_cancel_auth_timeout(wpa_s);
-}
-
-
-static int wpa_supplicant_get_beacon_ie(void *wpa_s)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static int wpa_supplicant_get_bssid(void *wpa_s, u8 *bssid)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static int wpa_supplicant_set_key(void *wpa_s, enum wpa_alg alg,
-				  const u8 *addr, int key_idx, int set_tx,
-				  const u8 *seq, size_t seq_len,
-				  const u8 *key, size_t key_len,
-				  enum key_flag key_flag)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
-					     int protection_type,
-					     int key_type)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
-				    const u8 *bssid, const u8 *pmkid,
-				    const u8 *fils_cache_id,
-				    const u8 *pmk, size_t pmk_len,
-				    u32 pmk_lifetime, u8 pmk_reauth_threshold,
-				    int akmp)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static int wpa_supplicant_remove_pmkid(void *wpa_s, void *network_ctx,
-				       const u8 *bssid, const u8 *pmkid,
-				       const u8 *fils_cache_id)
-{
-	printf("%s - not implemented\n", __func__);
-	return -1;
-}
-
-
-static void wpa_supplicant_set_config_blob(void *ctx,
-					   struct wpa_config_blob *blob)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_config_set_blob(wpa_s->conf, blob);
-}
-
-
-static const struct wpa_config_blob *
-wpa_supplicant_get_config_blob(void *ctx, const char *name)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_config_get_blob(wpa_s->conf, name);
-}
-
-
-static void test_eapol_clean(struct wpa_supplicant *wpa_s)
-{
-	rsn_preauth_deinit(wpa_s->wpa);
-	pmksa_candidate_free(wpa_s->wpa);
-	wpa_sm_deinit(wpa_s->wpa);
-	scard_deinit(wpa_s->scard);
-	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
-	wpa_s->ctrl_iface = NULL;
-	wpa_config_free(wpa_s->conf);
-}
-
-
-static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct preauth_test_data *p = eloop_ctx;
-	printf("EAPOL test timed out\n");
-	p->auth_timed_out = 1;
-	eloop_terminate();
-}
-
-
-static void eapol_test_poll(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	if (!rsn_preauth_in_progress(wpa_s->wpa))
-		eloop_terminate();
-	else {
-		eloop_register_timeout(0, 100000, eapol_test_poll, eloop_ctx,
-				       timeout_ctx);
-	}
-}
-
-
-static struct wpa_driver_ops stub_driver;
-
-
-static void wpa_init_conf(struct wpa_supplicant *wpa_s, const char *ifname)
-{
-	struct l2_packet_data *l2;
-	struct wpa_sm_ctx *ctx;
-
-	os_memset(&stub_driver, 0, sizeof(stub_driver));
-	wpa_s->driver = &stub_driver;
-
-	ctx = os_zalloc(sizeof(*ctx));
-	assert(ctx != NULL);
-
-	ctx->ctx = wpa_s;
-	ctx->msg_ctx = wpa_s;
-	ctx->set_state = _wpa_supplicant_set_state;
-	ctx->get_state = _wpa_supplicant_get_state;
-	ctx->deauthenticate = _wpa_supplicant_deauthenticate;
-	ctx->set_key = wpa_supplicant_set_key;
-	ctx->get_network_ctx = wpa_supplicant_get_network_ctx;
-	ctx->get_bssid = wpa_supplicant_get_bssid;
-	ctx->ether_send = wpa_ether_send;
-	ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
-	ctx->alloc_eapol = _wpa_alloc_eapol;
-	ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
-	ctx->add_pmkid = wpa_supplicant_add_pmkid;
-	ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
-	ctx->set_config_blob = wpa_supplicant_set_config_blob;
-	ctx->get_config_blob = wpa_supplicant_get_config_blob;
-	ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
-	ctx->reconnect = _wpa_supplicant_reconnect;
-
-	wpa_s->wpa = wpa_sm_init(ctx);
-	assert(wpa_s->wpa != NULL);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, WPA_PROTO_RSN);
-
-	os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
-	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname, NULL);
-
-	l2 = l2_packet_init(wpa_s->ifname, NULL, ETH_P_RSN_PREAUTH, NULL,
-			    NULL, 0);
-	assert(l2 != NULL);
-	if (l2_packet_get_own_addr(l2, wpa_s->own_addr)) {
-		wpa_printf(MSG_WARNING, "Failed to get own L2 address\n");
-		exit(-1);
-	}
-	l2_packet_deinit(l2);
-	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
-}
-
-
-static void eapol_test_terminate(int sig, void *signal_ctx)
-{
-	struct wpa_supplicant *wpa_s = signal_ctx;
-	wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
-	eloop_terminate();
-}
-
-
-int main(int argc, char *argv[])
-{
-	struct wpa_supplicant wpa_s;
-	int ret = 1;
-	u8 bssid[ETH_ALEN];
-	struct preauth_test_data preauth_test;
-
-	if (os_program_init())
-		return -1;
-
-	os_memset(&preauth_test, 0, sizeof(preauth_test));
-
-	wpa_debug_level = 0;
-	wpa_debug_show_keys = 1;
-
-	if (argc != 4) {
-		printf("usage: preauth_test <conf> <target MAC address> "
-		       "<ifname>\n");
-		return -1;
-	}
-
-	if (hwaddr_aton(argv[2], bssid)) {
-		printf("Failed to parse target address '%s'.\n", argv[2]);
-		return -1;
-	}
-
-	if (eap_register_methods()) {
-		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
-		return -1;
-	}
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		return -1;
-	}
-
-	os_memset(&wpa_s, 0, sizeof(wpa_s));
-	wpa_s.conf = wpa_config_read(argv[1], NULL);
-	if (wpa_s.conf == NULL) {
-		printf("Failed to parse configuration file '%s'.\n", argv[1]);
-		return -1;
-	}
-	if (wpa_s.conf->ssid == NULL) {
-		printf("No networks defined.\n");
-		return -1;
-	}
-
-	wpa_init_conf(&wpa_s, argv[3]);
-	wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
-	if (wpa_s.ctrl_iface == NULL) {
-		printf("Failed to initialize control interface '%s'.\n"
-		       "You may have another preauth_test process already "
-		       "running or the file was\n"
-		       "left by an unclean termination of preauth_test in "
-		       "which case you will need\n"
-		       "to manually remove this file before starting "
-		       "preauth_test again.\n",
-		       wpa_s.conf->ctrl_interface);
-		return -1;
-	}
-	if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
-		return -1;
-
-	if (rsn_preauth_init(wpa_s.wpa, bssid, &wpa_s.conf->ssid->eap))
-		return -1;
-
-	eloop_register_timeout(30, 0, eapol_test_timeout, &preauth_test, NULL);
-	eloop_register_timeout(0, 100000, eapol_test_poll, &wpa_s, NULL);
-	eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
-	eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
-	eloop_run();
-
-	if (preauth_test.auth_timed_out)
-		ret = -2;
-	else {
-		ret = pmksa_cache_set_current(wpa_s.wpa, NULL, bssid, NULL, 0,
-					      NULL, 0) ? 0 : -3;
-	}
-
-	test_eapol_clean(&wpa_s);
-
-	eap_peer_unregister_methods();
-
-	eloop_destroy();
-
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/wpa_supplicant/robust_av.c b/wpa_supplicant/robust_av.c
deleted file mode 100644
index 770c8fcab189..000000000000
--- a/wpa_supplicant/robust_av.c
+++ /dev/null
@@ -1,1487 +0,0 @@
-/*
- * wpa_supplicant - Robust AV procedures
- * Copyright (c) 2020, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/wpa_ctrl.h"
-#include "common/ieee802_11_common.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "bss.h"
-
-
-#define SCS_RESP_TIMEOUT 1
-#define DSCP_REQ_TIMEOUT 5
-
-
-void wpas_populate_mscs_descriptor_ie(struct robust_av_data *robust_av,
-				      struct wpabuf *buf)
-{
-	u8 *len, *len1;
-
-	/* MSCS descriptor element */
-	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
-	len = wpabuf_put(buf, 1);
-	wpabuf_put_u8(buf, WLAN_EID_EXT_MSCS_DESCRIPTOR);
-	wpabuf_put_u8(buf, robust_av->request_type);
-	wpabuf_put_u8(buf, robust_av->up_bitmap);
-	wpabuf_put_u8(buf, robust_av->up_limit);
-	wpabuf_put_le32(buf, robust_av->stream_timeout);
-
-	if (robust_av->request_type != SCS_REQ_REMOVE) {
-		/* TCLAS mask element */
-		wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
-		len1 = wpabuf_put(buf, 1);
-		wpabuf_put_u8(buf, WLAN_EID_EXT_TCLAS_MASK);
-
-		/* Frame classifier */
-		wpabuf_put_data(buf, robust_av->frame_classifier,
-				robust_av->frame_classifier_len);
-		*len1 = (u8 *) wpabuf_put(buf, 0) - len1 - 1;
-	}
-
-	*len = (u8 *) wpabuf_put(buf, 0) - len - 1;
-}
-
-
-static int wpas_populate_type4_classifier(struct type4_params *type4_param,
-					  struct wpabuf *buf)
-{
-	/* classifier parameters */
-	wpabuf_put_u8(buf, type4_param->classifier_mask);
-	if (type4_param->ip_version == IPV4) {
-		wpabuf_put_u8(buf, IPV4); /* IP version */
-		wpabuf_put_data(buf, &type4_param->ip_params.v4.src_ip.s_addr,
-				4);
-		wpabuf_put_data(buf, &type4_param->ip_params.v4.dst_ip.s_addr,
-				4);
-		wpabuf_put_be16(buf, type4_param->ip_params.v4.src_port);
-		wpabuf_put_be16(buf, type4_param->ip_params.v4.dst_port);
-		wpabuf_put_u8(buf, type4_param->ip_params.v4.dscp);
-		wpabuf_put_u8(buf, type4_param->ip_params.v4.protocol);
-		wpabuf_put_u8(buf, 0); /* Reserved octet */
-	} else {
-		wpabuf_put_u8(buf, IPV6);
-		wpabuf_put_data(buf, &type4_param->ip_params.v6.src_ip.s6_addr,
-				16);
-		wpabuf_put_data(buf, &type4_param->ip_params.v6.dst_ip.s6_addr,
-				16);
-		wpabuf_put_be16(buf, type4_param->ip_params.v6.src_port);
-		wpabuf_put_be16(buf, type4_param->ip_params.v6.dst_port);
-		wpabuf_put_u8(buf, type4_param->ip_params.v6.dscp);
-		wpabuf_put_u8(buf, type4_param->ip_params.v6.next_header);
-		wpabuf_put_data(buf, type4_param->ip_params.v6.flow_label, 3);
-	}
-
-	return 0;
-}
-
-
-static int wpas_populate_type10_classifier(struct type10_params *type10_param,
-					   struct wpabuf *buf)
-{
-	/* classifier parameters */
-	wpabuf_put_u8(buf, type10_param->prot_instance);
-	wpabuf_put_u8(buf, type10_param->prot_number);
-	wpabuf_put_data(buf, type10_param->filter_value,
-			type10_param->filter_len);
-	wpabuf_put_data(buf, type10_param->filter_mask,
-			type10_param->filter_len);
-	return 0;
-}
-
-
-static int wpas_populate_scs_descriptor_ie(struct scs_desc_elem *desc_elem,
-					   struct wpabuf *buf)
-{
-	u8 *len, *len1;
-	struct tclas_element *tclas_elem;
-	unsigned int i;
-
-	/* SCS Descriptor element */
-	wpabuf_put_u8(buf, WLAN_EID_SCS_DESCRIPTOR);
-	len = wpabuf_put(buf, 1);
-	wpabuf_put_u8(buf, desc_elem->scs_id);
-	wpabuf_put_u8(buf, desc_elem->request_type);
-	if (desc_elem->request_type == SCS_REQ_REMOVE)
-		goto end;
-
-	if (desc_elem->intra_access_priority || desc_elem->scs_up_avail) {
-		wpabuf_put_u8(buf, WLAN_EID_INTRA_ACCESS_CATEGORY_PRIORITY);
-		wpabuf_put_u8(buf, 1);
-		wpabuf_put_u8(buf, desc_elem->intra_access_priority);
-	}
-
-	tclas_elem = desc_elem->tclas_elems;
-
-	if (!tclas_elem)
-		return -1;
-
-	for (i = 0; i < desc_elem->num_tclas_elem; i++, tclas_elem++) {
-		int ret;
-
-		/* TCLAS element */
-		wpabuf_put_u8(buf, WLAN_EID_TCLAS);
-		len1 = wpabuf_put(buf, 1);
-		wpabuf_put_u8(buf, 255); /* User Priority: not compared */
-		/* Frame Classifier */
-		wpabuf_put_u8(buf, tclas_elem->classifier_type);
-		/* Frame classifier parameters */
-		switch (tclas_elem->classifier_type) {
-		case 4:
-			ret = wpas_populate_type4_classifier(
-				&tclas_elem->frame_classifier.type4_param,
-				buf);
-			break;
-		case 10:
-			ret = wpas_populate_type10_classifier(
-				&tclas_elem->frame_classifier.type10_param,
-				buf);
-			break;
-		default:
-			return -1;
-		}
-
-		if (ret == -1) {
-			wpa_printf(MSG_ERROR,
-				   "Failed to populate frame classifier");
-			return -1;
-		}
-
-		*len1 = (u8 *) wpabuf_put(buf, 0) - len1 - 1;
-	}
-
-	if (desc_elem->num_tclas_elem > 1) {
-		/* TCLAS Processing element */
-		wpabuf_put_u8(buf, WLAN_EID_TCLAS_PROCESSING);
-		wpabuf_put_u8(buf, 1);
-		wpabuf_put_u8(buf, desc_elem->tclas_processing);
-	}
-
-end:
-	*len = (u8 *) wpabuf_put(buf, 0) - len - 1;
-	return 0;
-}
-
-
-int wpas_send_mscs_req(struct wpa_supplicant *wpa_s)
-{
-	struct wpabuf *buf;
-	size_t buf_len;
-	int ret;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid)
-		return 0;
-
-	if (!wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_MSCS)) {
-		wpa_dbg(wpa_s, MSG_INFO,
-			"AP does not support MSCS - could not send MSCS Req");
-		return -1;
-	}
-
-	if (!wpa_s->mscs_setup_done &&
-	    wpa_s->robust_av.request_type != SCS_REQ_ADD) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"MSCS: Failed to send MSCS Request: request type invalid");
-		return -1;
-	}
-
-	buf_len = 3 +	/* Action frame header */
-		  3 +	/* MSCS descriptor IE header */
-		  1 +	/* Request type */
-		  2 +	/* User priority control */
-		  4 +	/* Stream timeout */
-		  3 +	/* TCLAS Mask IE header */
-		  wpa_s->robust_av.frame_classifier_len;
-
-	buf = wpabuf_alloc(buf_len);
-	if (!buf) {
-		wpa_printf(MSG_ERROR, "Failed to allocate MSCS req");
-		return -1;
-	}
-
-	wpabuf_put_u8(buf, WLAN_ACTION_ROBUST_AV_STREAMING);
-	wpabuf_put_u8(buf, ROBUST_AV_MSCS_REQ);
-	wpa_s->robust_av.dialog_token++;
-	wpabuf_put_u8(buf, wpa_s->robust_av.dialog_token);
-
-	/* MSCS descriptor element */
-	wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, buf);
-
-	wpa_hexdump_buf(MSG_MSGDUMP, "MSCS Request", buf);
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret < 0)
-		wpa_dbg(wpa_s, MSG_INFO, "MSCS: Failed to send MSCS Request");
-
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-static size_t tclas_elem_len(const struct tclas_element *elem)
-{
-	size_t buf_len = 0;
-
-	buf_len += 2 +	/* TCLAS element header */
-		1 +	/* User Priority */
-		1 ;	/* Classifier Type */
-
-	if (elem->classifier_type == 4) {
-		enum ip_version ip_ver;
-
-		buf_len += 1 +	/* Classifier mask */
-			1 +	/* IP version */
-			1 +	/* user priority */
-			2 +	/* src_port */
-			2 +	/* dst_port */
-			1 ;	/* dscp */
-		ip_ver = elem->frame_classifier.type4_param.ip_version;
-		if (ip_ver == IPV4) {
-			buf_len += 4 +  /* src_ip */
-				4 +	/* dst_ip */
-				1 +	/* protocol */
-				1 ;  /* Reserved */
-		} else if (ip_ver == IPV6) {
-			buf_len += 16 +  /* src_ip */
-				16 +  /* dst_ip */
-				1  +  /* next_header */
-				3  ;  /* flow_label */
-		} else {
-			wpa_printf(MSG_ERROR, "%s: Incorrect IP version %d",
-				   __func__, ip_ver);
-			return 0;
-		}
-	} else if (elem->classifier_type == 10) {
-		buf_len += 1 +	/* protocol instance */
-			1 +	/* protocol number */
-			2 * elem->frame_classifier.type10_param.filter_len;
-	} else {
-		wpa_printf(MSG_ERROR, "%s: Incorrect classifier type %u",
-			   __func__, elem->classifier_type);
-		return 0;
-	}
-
-	return buf_len;
-}
-
-
-static struct wpabuf * allocate_scs_buf(struct scs_desc_elem *desc_elem,
-					unsigned int num_scs_desc)
-{
-	struct wpabuf *buf;
-	size_t buf_len = 0;
-	unsigned int i, j;
-
-	buf_len = 3; /* Action frame header */
-
-	for (i = 0; i < num_scs_desc; i++, desc_elem++) {
-		struct tclas_element *tclas_elem;
-
-		buf_len += 2 +	/* SCS descriptor IE header */
-			   1 +	/* SCSID */
-			   1 ;	/* Request type */
-
-		if (desc_elem->request_type == SCS_REQ_REMOVE)
-			continue;
-
-		if (desc_elem->intra_access_priority || desc_elem->scs_up_avail)
-			buf_len += 3;
-
-		tclas_elem = desc_elem->tclas_elems;
-		if (!tclas_elem) {
-			wpa_printf(MSG_ERROR, "%s: TCLAS element null",
-				   __func__);
-			return NULL;
-		}
-
-		for (j = 0; j < desc_elem->num_tclas_elem; j++, tclas_elem++) {
-			size_t elen;
-
-			elen = tclas_elem_len(tclas_elem);
-			if (elen == 0)
-				return NULL;
-			buf_len += elen;
-		}
-
-		if (desc_elem->num_tclas_elem > 1) {
-			buf_len += 1 +	/* TCLAS Processing eid */
-				   1 +	/* length */
-				   1 ;	/* processing */
-		}
-	}
-
-	buf = wpabuf_alloc(buf_len);
-	if (!buf) {
-		wpa_printf(MSG_ERROR, "Failed to allocate SCS req");
-		return NULL;
-	}
-
-	return buf;
-}
-
-
-static void scs_request_timer(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct active_scs_elem *scs_desc, *prev;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid)
-		return;
-
-	/* Once timeout is over, remove all SCS descriptors with no response */
-	dl_list_for_each_safe(scs_desc, prev, &wpa_s->active_scs_ids,
-			      struct active_scs_elem, list) {
-		u8 bssid[ETH_ALEN] = { 0 };
-		const u8 *src;
-
-		if (scs_desc->status == SCS_DESC_SUCCESS)
-			continue;
-
-		if (wpa_s->current_bss)
-			src = wpa_s->current_bss->bssid;
-		else
-			src = bssid;
-
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCS_RESULT "bssid=" MACSTR
-			" SCSID=%u status_code=timedout", MAC2STR(src),
-			scs_desc->scs_id);
-
-		dl_list_del(&scs_desc->list);
-		wpa_printf(MSG_INFO, "%s: SCSID %d removed after timeout",
-			   __func__, scs_desc->scs_id);
-		os_free(scs_desc);
-	}
-
-	eloop_cancel_timeout(scs_request_timer, wpa_s, NULL);
-	wpa_s->ongoing_scs_req = false;
-}
-
-
-int wpas_send_scs_req(struct wpa_supplicant *wpa_s)
-{
-	struct wpabuf *buf = NULL;
-	struct scs_desc_elem *desc_elem = NULL;
-	int ret = -1;
-	unsigned int i;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid)
-		return -1;
-
-	if (!wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_SCS)) {
-		wpa_dbg(wpa_s, MSG_INFO,
-			"AP does not support SCS - could not send SCS Request");
-		return -1;
-	}
-
-	desc_elem = wpa_s->scs_robust_av_req.scs_desc_elems;
-	if (!desc_elem)
-		return -1;
-
-	buf = allocate_scs_buf(desc_elem,
-			       wpa_s->scs_robust_av_req.num_scs_desc);
-	if (!buf)
-		return -1;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_ROBUST_AV_STREAMING);
-	wpabuf_put_u8(buf, ROBUST_AV_SCS_REQ);
-	wpa_s->scs_dialog_token++;
-	if (wpa_s->scs_dialog_token == 0)
-		wpa_s->scs_dialog_token++;
-	wpabuf_put_u8(buf, wpa_s->scs_dialog_token);
-
-	for (i = 0; i < wpa_s->scs_robust_av_req.num_scs_desc;
-	     i++, desc_elem++) {
-		/* SCS Descriptor element */
-		if (wpas_populate_scs_descriptor_ie(desc_elem, buf) < 0)
-			goto end;
-	}
-
-	wpa_hexdump_buf(MSG_DEBUG, "SCS Request", buf);
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret < 0) {
-		wpa_dbg(wpa_s, MSG_ERROR, "SCS: Failed to send SCS Request");
-		wpa_s->scs_dialog_token--;
-		goto end;
-	}
-
-	desc_elem = wpa_s->scs_robust_av_req.scs_desc_elems;
-	for (i = 0; i < wpa_s->scs_robust_av_req.num_scs_desc;
-	     i++, desc_elem++) {
-		struct active_scs_elem *active_scs_elem;
-
-		if (desc_elem->request_type != SCS_REQ_ADD)
-			continue;
-
-		active_scs_elem = os_malloc(sizeof(struct active_scs_elem));
-		if (!active_scs_elem)
-			break;
-		active_scs_elem->scs_id = desc_elem->scs_id;
-		active_scs_elem->status = SCS_DESC_SENT;
-		dl_list_add(&wpa_s->active_scs_ids, &active_scs_elem->list);
-	}
-
-	/*
-	 * Register a timeout after which this request will be removed from
-	 * the cache.
-	 */
-	eloop_register_timeout(SCS_RESP_TIMEOUT, 0, scs_request_timer, wpa_s,
-			       NULL);
-	wpa_s->ongoing_scs_req = true;
-
-end:
-	wpabuf_free(buf);
-	free_up_scs_desc(&wpa_s->scs_robust_av_req);
-
-	return ret;
-}
-
-
-void free_up_tclas_elem(struct scs_desc_elem *elem)
-{
-	struct tclas_element *tclas_elems = elem->tclas_elems;
-	unsigned int num_tclas_elem = elem->num_tclas_elem;
-	struct tclas_element *tclas_data;
-	unsigned int j;
-
-	elem->tclas_elems = NULL;
-	elem->num_tclas_elem = 0;
-
-	if (!tclas_elems)
-		return;
-
-	tclas_data = tclas_elems;
-	for (j = 0; j < num_tclas_elem; j++, tclas_data++) {
-		if (tclas_data->classifier_type != 10)
-			continue;
-
-		os_free(tclas_data->frame_classifier.type10_param.filter_value);
-		os_free(tclas_data->frame_classifier.type10_param.filter_mask);
-	}
-
-	os_free(tclas_elems);
-}
-
-
-void free_up_scs_desc(struct scs_robust_av_data *data)
-{
-	struct scs_desc_elem *desc_elems = data->scs_desc_elems;
-	unsigned int num_scs_desc = data->num_scs_desc;
-	struct scs_desc_elem *desc_data;
-	unsigned int i;
-
-	data->scs_desc_elems = NULL;
-	data->num_scs_desc = 0;
-
-	if (!desc_elems)
-		return;
-
-	desc_data = desc_elems;
-	for (i = 0; i < num_scs_desc; i++, desc_data++) {
-		if (desc_data->request_type == SCS_REQ_REMOVE ||
-		    !desc_data->tclas_elems)
-			continue;
-
-		free_up_tclas_elem(desc_data);
-	}
-	os_free(desc_elems);
-}
-
-
-void wpas_handle_robust_av_recv_action(struct wpa_supplicant *wpa_s,
-				       const u8 *src, const u8 *buf, size_t len)
-{
-	u8 dialog_token;
-	u16 status_code;
-
-	if (len < 3)
-		return;
-
-	dialog_token = *buf++;
-	if (dialog_token != wpa_s->robust_av.dialog_token) {
-		wpa_printf(MSG_INFO,
-			   "MSCS: Drop received frame due to dialog token mismatch: received:%u expected:%u",
-			   dialog_token, wpa_s->robust_av.dialog_token);
-		return;
-	}
-
-	status_code = WPA_GET_LE16(buf);
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_MSCS_RESULT "bssid=" MACSTR
-		" status_code=%u", MAC2STR(src), status_code);
-	wpa_s->mscs_setup_done = status_code == WLAN_STATUS_SUCCESS;
-}
-
-
-void wpas_handle_assoc_resp_mscs(struct wpa_supplicant *wpa_s, const u8 *bssid,
-				 const u8 *ies, size_t ies_len)
-{
-	const u8 *mscs_desc_ie, *mscs_status;
-	u16 status;
-
-	/* Process optional MSCS Status subelement when MSCS IE is in
-	 * (Re)Association Response frame */
-	if (!ies || ies_len == 0 || !wpa_s->robust_av.valid_config)
-		return;
-
-	mscs_desc_ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_MSCS_DESCRIPTOR);
-	if (!mscs_desc_ie || mscs_desc_ie[1] <= 8)
-		return;
-
-	/* Subelements start after (ie_id(1) + ie_len(1) + ext_id(1) +
-	 * request type(1) + upc(2) + stream timeout(4) =) 10.
-	 */
-	mscs_status = get_ie(&mscs_desc_ie[10], mscs_desc_ie[1] - 8,
-			     MCSC_SUBELEM_STATUS);
-	if (!mscs_status || mscs_status[1] < 2)
-		return;
-
-	status = WPA_GET_LE16(mscs_status + 2);
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_MSCS_RESULT "bssid=" MACSTR
-		" status_code=%u", MAC2STR(bssid), status);
-	wpa_s->mscs_setup_done = status == WLAN_STATUS_SUCCESS;
-}
-
-
-static void wpas_wait_for_dscp_req_timer(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	/* Once timeout is over, reset wait flag and allow sending DSCP query */
-	wpa_printf(MSG_DEBUG,
-		   "QM: Wait time over for sending DSCP request - allow DSCP query");
-	wpa_s->wait_for_dscp_req = 0;
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY "request_wait end");
-}
-
-
-void wpas_handle_assoc_resp_qos_mgmt(struct wpa_supplicant *wpa_s,
-				     const u8 *ies, size_t ies_len)
-{
-	const u8 *wfa_capa;
-
-	wpa_s->connection_dscp = 0;
-	if (wpa_s->wait_for_dscp_req)
-		eloop_cancel_timeout(wpas_wait_for_dscp_req_timer, wpa_s, NULL);
-
-	if (!ies || ies_len == 0 || !wpa_s->enable_dscp_policy_capa)
-		return;
-
-	wfa_capa = get_vendor_ie(ies, ies_len, WFA_CAPA_IE_VENDOR_TYPE);
-	if (!wfa_capa || wfa_capa[1] < 6 || wfa_capa[6] < 1 ||
-	    !(wfa_capa[7] & WFA_CAPA_QM_DSCP_POLICY))
-		return; /* AP does not enable QM DSCP Policy */
-
-	wpa_s->connection_dscp = 1;
-	wpa_s->wait_for_dscp_req = !!(wfa_capa[7] &
-				      WFA_CAPA_QM_UNSOLIC_DSCP);
-	if (!wpa_s->wait_for_dscp_req)
-		return;
-
-	/* Register a timeout after which dscp query can be sent to AP. */
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY "request_wait start");
-	eloop_register_timeout(DSCP_REQ_TIMEOUT, 0,
-			       wpas_wait_for_dscp_req_timer, wpa_s, NULL);
-}
-
-
-void wpas_handle_robust_av_scs_recv_action(struct wpa_supplicant *wpa_s,
-					   const u8 *src, const u8 *buf,
-					   size_t len)
-{
-	u8 dialog_token;
-	unsigned int i, count;
-	struct active_scs_elem *scs_desc, *prev;
-
-	if (len < 2)
-		return;
-	if (!wpa_s->ongoing_scs_req) {
-		wpa_printf(MSG_INFO,
-			   "SCS: Drop received response due to no ongoing request");
-		return;
-	}
-
-	dialog_token = *buf++;
-	len--;
-	if (dialog_token != wpa_s->scs_dialog_token) {
-		wpa_printf(MSG_INFO,
-			   "SCS: Drop received frame due to dialog token mismatch: received:%u expected:%u",
-			   dialog_token, wpa_s->scs_dialog_token);
-		return;
-	}
-
-	/* This Count field does not exist in the IEEE Std 802.11-2020
-	 * definition of the SCS Response frame. However, it was accepted to
-	 * be added into REVme per REVme/D0.0 CC35 CID 49 (edits in document
-	 * 11-21-0688-07). */
-	count = *buf++;
-	len--;
-	if (count == 0 || count * 3 > len) {
-		wpa_printf(MSG_INFO,
-			   "SCS: Drop received frame due to invalid count: %u (remaining %zu octets)",
-			   count, len);
-		return;
-	}
-
-	for (i = 0; i < count; i++) {
-		u8 id;
-		u16 status;
-		bool scs_desc_found = false;
-
-		id = *buf++;
-		status = WPA_GET_LE16(buf);
-		buf += 2;
-		len -= 3;
-
-		dl_list_for_each(scs_desc, &wpa_s->active_scs_ids,
-				 struct active_scs_elem, list) {
-			if (id == scs_desc->scs_id) {
-				scs_desc_found = true;
-				break;
-			}
-		}
-
-		if (!scs_desc_found) {
-			wpa_printf(MSG_INFO, "SCS: SCS ID invalid %u", id);
-			continue;
-		}
-
-		if (status != WLAN_STATUS_SUCCESS) {
-			dl_list_del(&scs_desc->list);
-			os_free(scs_desc);
-		} else if (status == WLAN_STATUS_SUCCESS) {
-			scs_desc->status = SCS_DESC_SUCCESS;
-		}
-
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCS_RESULT "bssid=" MACSTR
-			" SCSID=%u status_code=%u", MAC2STR(src), id, status);
-	}
-
-	eloop_cancel_timeout(scs_request_timer, wpa_s, NULL);
-	wpa_s->ongoing_scs_req = false;
-
-	dl_list_for_each_safe(scs_desc, prev, &wpa_s->active_scs_ids,
-			      struct active_scs_elem, list) {
-		if (scs_desc->status != SCS_DESC_SUCCESS) {
-			wpa_msg(wpa_s, MSG_INFO,
-				WPA_EVENT_SCS_RESULT "bssid=" MACSTR
-				" SCSID=%u status_code=response_not_received",
-				MAC2STR(src), scs_desc->scs_id);
-			dl_list_del(&scs_desc->list);
-			os_free(scs_desc);
-		}
-	}
-}
-
-
-static void wpas_clear_active_scs_ids(struct wpa_supplicant *wpa_s)
-{
-	struct active_scs_elem *scs_elem;
-
-	while ((scs_elem = dl_list_first(&wpa_s->active_scs_ids,
-					 struct active_scs_elem, list))) {
-		dl_list_del(&scs_elem->list);
-		os_free(scs_elem);
-	}
-}
-
-
-void wpas_scs_deinit(struct wpa_supplicant *wpa_s)
-{
-	free_up_scs_desc(&wpa_s->scs_robust_av_req);
-	wpa_s->scs_dialog_token = 0;
-	wpas_clear_active_scs_ids(wpa_s);
-	eloop_cancel_timeout(scs_request_timer, wpa_s, NULL);
-	wpa_s->ongoing_scs_req = false;
-}
-
-
-static int write_ipv4_info(char *pos, int total_len,
-			   const struct ipv4_params *v4)
-{
-	int res, rem_len;
-	char addr[INET_ADDRSTRLEN];
-
-	rem_len = total_len;
-
-	if (v4->param_mask & BIT(1)) {
-		if (!inet_ntop(AF_INET, &v4->src_ip, addr, INET_ADDRSTRLEN)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set IPv4 source address");
-			return -1;
-		}
-
-		res = os_snprintf(pos, rem_len, " src_ip=%s", addr);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v4->param_mask & BIT(2)) {
-		if (!inet_ntop(AF_INET, &v4->dst_ip, addr, INET_ADDRSTRLEN)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set IPv4 destination address");
-			return -1;
-		}
-
-		res = os_snprintf(pos, rem_len, " dst_ip=%s", addr);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v4->param_mask & BIT(3)) {
-		res = os_snprintf(pos, rem_len, " src_port=%d", v4->src_port);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v4->param_mask & BIT(4)) {
-		res = os_snprintf(pos, rem_len, " dst_port=%d", v4->dst_port);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v4->param_mask & BIT(6)) {
-		res = os_snprintf(pos, rem_len, " protocol=%d", v4->protocol);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	return total_len - rem_len;
-}
-
-
-static int write_ipv6_info(char *pos, int total_len,
-			   const struct ipv6_params *v6)
-{
-	int res, rem_len;
-	char addr[INET6_ADDRSTRLEN];
-
-	rem_len = total_len;
-
-	if (v6->param_mask & BIT(1)) {
-		if (!inet_ntop(AF_INET6, &v6->src_ip, addr, INET6_ADDRSTRLEN)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set IPv6 source addr");
-			return -1;
-		}
-
-		res = os_snprintf(pos, rem_len, " src_ip=%s", addr);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v6->param_mask & BIT(2)) {
-		if (!inet_ntop(AF_INET6, &v6->dst_ip, addr, INET6_ADDRSTRLEN)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set IPv6 destination addr");
-			return -1;
-		}
-
-		res = os_snprintf(pos, rem_len, " dst_ip=%s", addr);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v6->param_mask & BIT(3)) {
-		res = os_snprintf(pos, rem_len, " src_port=%d", v6->src_port);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v6->param_mask & BIT(4)) {
-		res = os_snprintf(pos, rem_len, " dst_port=%d", v6->dst_port);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	if (v6->param_mask & BIT(6)) {
-		res = os_snprintf(pos, rem_len, " protocol=%d",
-				  v6->next_header);
-		if (os_snprintf_error(rem_len, res))
-			return -1;
-
-		pos += res;
-		rem_len -= res;
-	}
-
-	return total_len - rem_len;
-}
-
-
-struct dscp_policy_data {
-	u8 policy_id;
-	u8 req_type;
-	u8 dscp;
-	bool dscp_info;
-	const u8 *frame_classifier;
-	u8 frame_classifier_len;
-	struct type4_params type4_param;
-	const u8 *domain_name;
-	u8 domain_name_len;
-	u16 start_port;
-	u16 end_port;
-	bool port_range_info;
-};
-
-
-static int set_frame_classifier_type4_ipv4(struct dscp_policy_data *policy)
-{
-	u8 classifier_mask;
-	const u8 *frame_classifier = policy->frame_classifier;
-	struct type4_params *type4_param = &policy->type4_param;
-
-	if (policy->frame_classifier_len < 18) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Received IPv4 frame classifier with insufficient length %d",
-			   policy->frame_classifier_len);
-		return -1;
-	}
-
-	classifier_mask = frame_classifier[1];
-
-	/* Classifier Mask - bit 1 = Source IP Address */
-	if (classifier_mask & BIT(1)) {
-		type4_param->ip_params.v4.param_mask |= BIT(1);
-		os_memcpy(&type4_param->ip_params.v4.src_ip,
-			  &frame_classifier[3], 4);
-	}
-
-	/* Classifier Mask - bit 2 = Destination IP Address */
-	if (classifier_mask & BIT(2)) {
-		if (policy->domain_name) {
-			wpa_printf(MSG_ERROR,
-				   "QM: IPv4: Both domain name and destination IP address not expected");
-			return -1;
-		}
-
-		type4_param->ip_params.v4.param_mask |= BIT(2);
-		os_memcpy(&type4_param->ip_params.v4.dst_ip,
-			  &frame_classifier[7], 4);
-	}
-
-	/* Classifier Mask - bit 3 = Source Port */
-	if (classifier_mask & BIT(3)) {
-		type4_param->ip_params.v4.param_mask |= BIT(3);
-		type4_param->ip_params.v4.src_port =
-			WPA_GET_BE16(&frame_classifier[11]);
-	}
-
-	/* Classifier Mask - bit 4 = Destination Port */
-	if (classifier_mask & BIT(4)) {
-		if (policy->port_range_info) {
-			wpa_printf(MSG_ERROR,
-				   "QM: IPv4: Both port range and destination port not expected");
-			return -1;
-		}
-
-		type4_param->ip_params.v4.param_mask |= BIT(4);
-		type4_param->ip_params.v4.dst_port =
-			WPA_GET_BE16(&frame_classifier[13]);
-	}
-
-	/* Classifier Mask - bit 5 = DSCP (ignored) */
-
-	/* Classifier Mask - bit 6 = Protocol */
-	if (classifier_mask & BIT(6)) {
-		type4_param->ip_params.v4.param_mask |= BIT(6);
-		type4_param->ip_params.v4.protocol = frame_classifier[16];
-	}
-
-	return 0;
-}
-
-
-static int set_frame_classifier_type4_ipv6(struct dscp_policy_data *policy)
-{
-	u8 classifier_mask;
-	const u8 *frame_classifier = policy->frame_classifier;
-	struct type4_params *type4_param = &policy->type4_param;
-
-	if (policy->frame_classifier_len < 44) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Received IPv6 frame classifier with insufficient length %d",
-			   policy->frame_classifier_len);
-		return -1;
-	}
-
-	classifier_mask = frame_classifier[1];
-
-	/* Classifier Mask - bit 1 = Source IP Address */
-	if (classifier_mask & BIT(1)) {
-		type4_param->ip_params.v6.param_mask |= BIT(1);
-		os_memcpy(&type4_param->ip_params.v6.src_ip,
-			  &frame_classifier[3], 16);
-	}
-
-	/* Classifier Mask - bit 2 = Destination IP Address */
-	if (classifier_mask & BIT(2)) {
-		if (policy->domain_name) {
-			wpa_printf(MSG_ERROR,
-				   "QM: IPv6: Both domain name and destination IP address not expected");
-			return -1;
-		}
-		type4_param->ip_params.v6.param_mask |= BIT(2);
-		os_memcpy(&type4_param->ip_params.v6.dst_ip,
-			  &frame_classifier[19], 16);
-	}
-
-	/* Classifier Mask - bit 3 = Source Port */
-	if (classifier_mask & BIT(3)) {
-		type4_param->ip_params.v6.param_mask |= BIT(3);
-		type4_param->ip_params.v6.src_port =
-				WPA_GET_BE16(&frame_classifier[35]);
-	}
-
-	/* Classifier Mask - bit 4 = Destination Port */
-	if (classifier_mask & BIT(4)) {
-		if (policy->port_range_info) {
-			wpa_printf(MSG_ERROR,
-				   "IPv6: Both port range and destination port not expected");
-			return -1;
-		}
-
-		type4_param->ip_params.v6.param_mask |= BIT(4);
-		type4_param->ip_params.v6.dst_port =
-				WPA_GET_BE16(&frame_classifier[37]);
-	}
-
-	/* Classifier Mask - bit 5 = DSCP (ignored) */
-
-	/* Classifier Mask - bit 6 = Next Header */
-	if (classifier_mask & BIT(6)) {
-		type4_param->ip_params.v6.param_mask |= BIT(6);
-		type4_param->ip_params.v6.next_header = frame_classifier[40];
-	}
-
-	return 0;
-}
-
-
-static int wpas_set_frame_classifier_params(struct dscp_policy_data *policy)
-{
-	const u8 *frame_classifier = policy->frame_classifier;
-	u8 frame_classifier_len = policy->frame_classifier_len;
-
-	if (frame_classifier_len < 3) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Received frame classifier with insufficient length %d",
-			   frame_classifier_len);
-		return -1;
-	}
-
-	/* Only allowed Classifier Type: IP and higher layer parameters (4) */
-	if (frame_classifier[0] != 4) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Received frame classifier with invalid classifier type %d",
-			   frame_classifier[0]);
-		return -1;
-	}
-
-	/* Classifier Mask - bit 0 = Version */
-	if (!(frame_classifier[1] & BIT(0))) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Received frame classifier without IP version");
-		return -1;
-	}
-
-	/* Version (4 or 6) */
-	if (frame_classifier[2] == 4) {
-		if (set_frame_classifier_type4_ipv4(policy)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set IPv4 parameters");
-			return -1;
-		}
-
-		policy->type4_param.ip_version = IPV4;
-	} else if (frame_classifier[2] == 6) {
-		if (set_frame_classifier_type4_ipv6(policy)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set IPv6 parameters");
-			return -1;
-		}
-
-		policy->type4_param.ip_version = IPV6;
-	} else {
-		wpa_printf(MSG_ERROR,
-			   "QM: Received unknown IP version %d",
-			   frame_classifier[2]);
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static bool dscp_valid_domain_name(const char *str)
-{
-	if (!str[0])
-		return false;
-
-	while (*str) {
-		if (is_ctrl_char(*str) || *str == ' ' || *str == '=')
-			return false;
-		str++;
-	}
-
-	return true;
-}
-
-
-static void wpas_add_dscp_policy(struct wpa_supplicant *wpa_s,
-				 struct dscp_policy_data *policy)
-{
-	int ip_ver = 0, res;
-	char policy_str[1000], *pos;
-	int len;
-
-	if (!policy->frame_classifier && !policy->domain_name &&
-	    !policy->port_range_info) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Invalid DSCP policy - no attributes present");
-		goto fail;
-	}
-
-	policy_str[0] = '\0';
-	pos = policy_str;
-	len = sizeof(policy_str);
-
-	if (policy->frame_classifier) {
-		struct type4_params *type4 = &policy->type4_param;
-
-		if (wpas_set_frame_classifier_params(policy)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to set frame classifier parameters");
-			goto fail;
-		}
-
-		if (type4->ip_version == IPV4)
-			res = write_ipv4_info(pos, len, &type4->ip_params.v4);
-		else
-			res = write_ipv6_info(pos, len, &type4->ip_params.v6);
-
-		if (res <= 0) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to write IP parameters");
-			goto fail;
-		}
-
-		ip_ver = type4->ip_version;
-
-		pos += res;
-		len -= res;
-	}
-
-	if (policy->port_range_info) {
-		res = os_snprintf(pos, len, " start_port=%u end_port=%u",
-				  policy->start_port, policy->end_port);
-		if (os_snprintf_error(len, res)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to write port range attributes for policy id = %d",
-				   policy->policy_id);
-			goto fail;
-		}
-
-		pos += res;
-		len -= res;
-	}
-
-	if (policy->domain_name) {
-		char domain_name_str[250];
-
-		if (policy->domain_name_len >= sizeof(domain_name_str)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Domain name length higher than max expected");
-			goto fail;
-		}
-		os_memcpy(domain_name_str, policy->domain_name,
-			  policy->domain_name_len);
-		domain_name_str[policy->domain_name_len] = '\0';
-		if (!dscp_valid_domain_name(domain_name_str)) {
-			wpa_printf(MSG_ERROR, "QM: Invalid domain name string");
-			goto fail;
-		}
-		res = os_snprintf(pos, len, " domain_name=%s", domain_name_str);
-		if (os_snprintf_error(len, res)) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Failed to write domain name attribute for policy id = %d",
-				   policy->policy_id);
-			goto fail;
-		}
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY
-		"add policy_id=%u dscp=%u ip_version=%d%s",
-		policy->policy_id, policy->dscp, ip_ver, policy_str);
-	return;
-fail:
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY "reject policy_id=%u",
-		policy->policy_id);
-}
-
-
-void wpas_dscp_deinit(struct wpa_supplicant *wpa_s)
-{
-	wpa_printf(MSG_DEBUG, "QM: Clear all active DSCP policies");
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY "clear_all");
-	wpa_s->dscp_req_dialog_token = 0;
-	wpa_s->dscp_query_dialog_token = 0;
-	wpa_s->connection_dscp = 0;
-	if (wpa_s->wait_for_dscp_req) {
-		wpa_s->wait_for_dscp_req = 0;
-		eloop_cancel_timeout(wpas_wait_for_dscp_req_timer, wpa_s, NULL);
-	}
-}
-
-
-static void wpas_fill_dscp_policy(struct dscp_policy_data *policy, u8 attr_id,
-				  u8 attr_len, const u8 *attr_data)
-{
-	switch (attr_id) {
-	case QM_ATTR_PORT_RANGE:
-		if (attr_len < 4) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Received Port Range attribute with insufficient length %d",
-				    attr_len);
-			break;
-		}
-		policy->start_port = WPA_GET_BE16(attr_data);
-		policy->end_port = WPA_GET_BE16(attr_data + 2);
-		policy->port_range_info = true;
-		break;
-	case QM_ATTR_DSCP_POLICY:
-		if (attr_len < 3) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Received DSCP Policy attribute with insufficient length %d",
-				   attr_len);
-			return;
-		}
-		policy->policy_id = attr_data[0];
-		policy->req_type = attr_data[1];
-		policy->dscp = attr_data[2];
-		policy->dscp_info = true;
-		break;
-	case QM_ATTR_TCLAS:
-		if (attr_len < 1) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Received TCLAS attribute with insufficient length %d",
-				   attr_len);
-			return;
-		}
-		policy->frame_classifier = attr_data;
-		policy->frame_classifier_len = attr_len;
-		break;
-	case QM_ATTR_DOMAIN_NAME:
-		if (attr_len < 1) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Received domain name attribute with insufficient length %d",
-				   attr_len);
-			return;
-		}
-		policy->domain_name = attr_data;
-		policy->domain_name_len = attr_len;
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "QM: Received invalid QoS attribute %d",
-			   attr_id);
-		break;
-	}
-}
-
-
-void wpas_handle_qos_mgmt_recv_action(struct wpa_supplicant *wpa_s,
-				      const u8 *src,
-				      const u8 *buf, size_t len)
-{
-	int rem_len;
-	const u8 *qos_ie, *attr;
-	int more, reset;
-
-	if (!wpa_s->enable_dscp_policy_capa) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Ignore DSCP Policy frame since the capability is not enabled");
-		return;
-	}
-
-	if (!pmf_in_use(wpa_s, src)) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Ignore DSCP Policy frame since PMF is not in use");
-		return;
-	}
-
-	if (!wpa_s->connection_dscp) {
-		 wpa_printf(MSG_DEBUG,
-			    "QM: DSCP Policy capability not enabled for the current association - ignore QoS Management Action frames");
-		return;
-	}
-
-	if (len < 1)
-		return;
-
-	/* Handle only DSCP Policy Request frame */
-	if (buf[0] != QM_DSCP_POLICY_REQ) {
-		wpa_printf(MSG_ERROR, "QM: Received unexpected QoS action frame %d",
-			   buf[0]);
-		return;
-	}
-
-	if (len < 3) {
-		wpa_printf(MSG_ERROR,
-			   "Received QoS Management DSCP Policy Request frame with invalid length %zu",
-			   len);
-		return;
-	}
-
-	/* Clear wait_for_dscp_req on receiving first DSCP request from AP */
-	if (wpa_s->wait_for_dscp_req) {
-		wpa_s->wait_for_dscp_req = 0;
-		eloop_cancel_timeout(wpas_wait_for_dscp_req_timer, wpa_s, NULL);
-	}
-
-	wpa_s->dscp_req_dialog_token = buf[1];
-	more = buf[2] & DSCP_POLICY_CTRL_MORE;
-	reset = buf[2] & DSCP_POLICY_CTRL_RESET;
-
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY "request_start%s%s",
-		reset ? " clear_all" : "", more ? " more" : "");
-
-	qos_ie = buf + 3;
-	rem_len = len - 3;
-	while (rem_len > 2) {
-		struct dscp_policy_data policy;
-		int rem_attrs_len, ie_len;
-
-		ie_len = 2 + qos_ie[1];
-		if (rem_len < ie_len)
-			break;
-
-		if (rem_len < 6 || qos_ie[0] != WLAN_EID_VENDOR_SPECIFIC ||
-		    qos_ie[1] < 4 ||
-		    WPA_GET_BE32(&qos_ie[2]) != QM_IE_VENDOR_TYPE) {
-			rem_len -= ie_len;
-			qos_ie += ie_len;
-			continue;
-		}
-
-		os_memset(&policy, 0, sizeof(struct dscp_policy_data));
-		attr = qos_ie + 6;
-		rem_attrs_len = qos_ie[1] - 4;
-
-		while (rem_attrs_len > 2 && rem_attrs_len >= 2 + attr[1]) {
-			wpas_fill_dscp_policy(&policy, attr[0], attr[1],
-					      &attr[2]);
-			rem_attrs_len -= 2 + attr[1];
-			attr += 2 + attr[1];
-		}
-
-		rem_len -= ie_len;
-		qos_ie += ie_len;
-
-		if (!policy.dscp_info) {
-			wpa_printf(MSG_ERROR,
-				   "QM: Received QoS IE without DSCP Policy attribute");
-			continue;
-		}
-
-		if (policy.req_type == DSCP_POLICY_REQ_ADD)
-			wpas_add_dscp_policy(wpa_s, &policy);
-		else if (policy.req_type == DSCP_POLICY_REQ_REMOVE)
-			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY
-				"remove policy_id=%u", policy.policy_id);
-		else
-			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY
-				"reject policy_id=%u", policy.policy_id);
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DSCP_POLICY "request_end");
-}
-
-
-int wpas_send_dscp_response(struct wpa_supplicant *wpa_s,
-			    struct dscp_resp_data *resp_data)
-{
-	struct wpabuf *buf = NULL;
-	size_t buf_len;
-	int ret = -1, i;
-	u8 resp_control = 0;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Failed to send DSCP response - not connected to AP");
-		return -1;
-	}
-
-	if (resp_data->solicited && !wpa_s->dscp_req_dialog_token) {
-		wpa_printf(MSG_ERROR, "QM: No ongoing DSCP request");
-		return -1;
-	}
-
-	if (!wpa_s->connection_dscp) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Failed to send DSCP response - DSCP capability not enabled for the current association");
-		return -1;
-
-	}
-
-	buf_len = 1 +	/* Category */
-		  3 +	/* OUI */
-		  1 +	/* OUI Type */
-		  1 +	/* OUI Subtype */
-		  1 +	/* Dialog Token */
-		  1 +	/* Response Control */
-		  1 +	/* Count */
-		  2 * resp_data->num_policies;  /* Status list */
-	buf = wpabuf_alloc(buf_len);
-	if (!buf) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Failed to allocate DSCP policy response");
-		return -1;
-	}
-
-	wpabuf_put_u8(buf, WLAN_ACTION_VENDOR_SPECIFIC_PROTECTED);
-	wpabuf_put_be24(buf, OUI_WFA);
-	wpabuf_put_u8(buf, QM_ACTION_OUI_TYPE);
-	wpabuf_put_u8(buf, QM_DSCP_POLICY_RESP);
-
-	wpabuf_put_u8(buf, resp_data->solicited ?
-		      wpa_s->dscp_req_dialog_token : 0);
-
-	if (resp_data->more)
-		resp_control |= DSCP_POLICY_CTRL_MORE;
-	if (resp_data->reset)
-		resp_control |= DSCP_POLICY_CTRL_RESET;
-	wpabuf_put_u8(buf, resp_control);
-
-	wpabuf_put_u8(buf, resp_data->num_policies);
-	for (i = 0; i < resp_data->num_policies; i++) {
-		wpabuf_put_u8(buf, resp_data->policy[i].id);
-		wpabuf_put_u8(buf, resp_data->policy[i].status);
-	}
-
-	wpa_hexdump_buf(MSG_MSGDUMP, "DSCP response frame: ", buf);
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret < 0) {
-		wpa_msg(wpa_s, MSG_INFO, "QM: Failed to send DSCP response");
-		goto fail;
-	}
-
-	/*
-	 * Mark DSCP request complete whether response sent is solicited or
-	 * unsolicited
-	 */
-	wpa_s->dscp_req_dialog_token = 0;
-
-fail:
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-int wpas_send_dscp_query(struct wpa_supplicant *wpa_s, const char *domain_name,
-			 size_t domain_name_length)
-{
-	struct wpabuf *buf = NULL;
-	int ret, dscp_query_size;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid)
-		return -1;
-
-	if (!wpa_s->connection_dscp) {
-		wpa_printf(MSG_ERROR,
-			   "QM: Failed to send DSCP query - DSCP capability not enabled for the current association");
-		return -1;
-	}
-
-	if (wpa_s->wait_for_dscp_req) {
-		wpa_printf(MSG_INFO, "QM: Wait until AP sends a DSCP request");
-		return -1;
-	}
-
-#define DOMAIN_NAME_OFFSET (4 /* OUI */ + 1 /* Attr Id */ + 1 /* Attr len */)
-
-	if (domain_name_length > 255 - DOMAIN_NAME_OFFSET) {
-		wpa_printf(MSG_ERROR, "QM: Too long domain name");
-		return -1;
-	}
-
-	dscp_query_size = 1 + /* Category */
-			  4 + /* OUI Type */
-			  1 + /* OUI subtype */
-			  1; /* Dialog Token */
-	if (domain_name && domain_name_length)
-		dscp_query_size += 1 + /* Element ID */
-			1 + /* IE Length */
-			DOMAIN_NAME_OFFSET + domain_name_length;
-
-	buf = wpabuf_alloc(dscp_query_size);
-	if (!buf) {
-		wpa_printf(MSG_ERROR, "QM: Failed to allocate DSCP query");
-		return -1;
-	}
-
-	wpabuf_put_u8(buf, WLAN_ACTION_VENDOR_SPECIFIC_PROTECTED);
-	wpabuf_put_be32(buf, QM_ACTION_VENDOR_TYPE);
-	wpabuf_put_u8(buf, QM_DSCP_POLICY_QUERY);
-	wpa_s->dscp_query_dialog_token++;
-	if (wpa_s->dscp_query_dialog_token == 0)
-		wpa_s->dscp_query_dialog_token++;
-	wpabuf_put_u8(buf, wpa_s->dscp_query_dialog_token);
-
-	if (domain_name && domain_name_length) {
-		/* Domain Name attribute */
-		wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
-		wpabuf_put_u8(buf, DOMAIN_NAME_OFFSET + domain_name_length);
-		wpabuf_put_be32(buf, QM_IE_VENDOR_TYPE);
-		wpabuf_put_u8(buf, QM_ATTR_DOMAIN_NAME);
-		wpabuf_put_u8(buf, domain_name_length);
-		wpabuf_put_data(buf, domain_name, domain_name_length);
-	}
-#undef DOMAIN_NAME_OFFSET
-
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret < 0) {
-		wpa_dbg(wpa_s, MSG_ERROR, "QM: Failed to send DSCP query");
-		wpa_s->dscp_query_dialog_token--;
-	}
-
-	wpabuf_free(buf);
-	return ret;
-}
diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
deleted file mode 100644
index cf107ebaf639..000000000000
--- a/wpa_supplicant/rrm.c
+++ /dev/null
@@ -1,1594 +0,0 @@
-/*
- * wpa_supplicant - Radio Measurements
- * Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_common.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "bss.h"
-#include "scan.h"
-#include "p2p_supplicant.h"
-
-
-static void wpas_rrm_neighbor_rep_timeout_handler(void *data, void *user_ctx)
-{
-	struct rrm_data *rrm = data;
-
-	if (!rrm->notify_neighbor_rep) {
-		wpa_printf(MSG_ERROR,
-			   "RRM: Unexpected neighbor report timeout");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report - NONE");
-	rrm->notify_neighbor_rep(rrm->neighbor_rep_cb_ctx, NULL);
-
-	rrm->notify_neighbor_rep = NULL;
-	rrm->neighbor_rep_cb_ctx = NULL;
-}
-
-
-/*
- * wpas_rrm_reset - Clear and reset all RRM data in wpa_supplicant
- * @wpa_s: Pointer to wpa_supplicant
- */
-void wpas_rrm_reset(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->rrm.rrm_used = 0;
-
-	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
-			     NULL);
-	if (wpa_s->rrm.notify_neighbor_rep)
-		wpas_rrm_neighbor_rep_timeout_handler(&wpa_s->rrm, NULL);
-	wpa_s->rrm.next_neighbor_rep_token = 1;
-	wpas_clear_beacon_rep_data(wpa_s);
-}
-
-
-/*
- * wpas_rrm_process_neighbor_rep - Handle incoming neighbor report
- * @wpa_s: Pointer to wpa_supplicant
- * @report: Neighbor report buffer, prefixed by a 1-byte dialog token
- * @report_len: Length of neighbor report buffer
- */
-void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
-				   const u8 *report, size_t report_len)
-{
-	struct wpabuf *neighbor_rep;
-
-	wpa_hexdump(MSG_DEBUG, "RRM: New Neighbor Report", report, report_len);
-	if (report_len < 1)
-		return;
-
-	if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) {
-		wpa_printf(MSG_DEBUG,
-			   "RRM: Discarding neighbor report with token %d (expected %d)",
-			   report[0], wpa_s->rrm.next_neighbor_rep_token - 1);
-		return;
-	}
-
-	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
-			     NULL);
-
-	if (!wpa_s->rrm.notify_neighbor_rep) {
-		wpa_msg(wpa_s, MSG_INFO, "RRM: Unexpected neighbor report");
-		return;
-	}
-
-	/* skipping the first byte, which is only an id (dialog token) */
-	neighbor_rep = wpabuf_alloc(report_len - 1);
-	if (!neighbor_rep) {
-		wpas_rrm_neighbor_rep_timeout_handler(&wpa_s->rrm, NULL);
-		return;
-	}
-	wpabuf_put_data(neighbor_rep, report + 1, report_len - 1);
-	wpa_dbg(wpa_s, MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
-		report[0]);
-	wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
-				       neighbor_rep);
-	wpa_s->rrm.notify_neighbor_rep = NULL;
-	wpa_s->rrm.neighbor_rep_cb_ctx = NULL;
-}
-
-
-#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
-/* Workaround different, undefined for Windows, error codes used here */
-#ifndef ENOTCONN
-#define ENOTCONN -1
-#endif
-#ifndef EOPNOTSUPP
-#define EOPNOTSUPP -1
-#endif
-#ifndef ECANCELED
-#define ECANCELED -1
-#endif
-#endif
-
-/* Measurement Request element + Location Subject + Maximum Age subelement */
-#define MEASURE_REQUEST_LCI_LEN (3 + 1 + 4)
-/* Measurement Request element + Location Civic Request */
-#define MEASURE_REQUEST_CIVIC_LEN (3 + 5)
-
-
-/**
- * wpas_rrm_send_neighbor_rep_request - Request a neighbor report from our AP
- * @wpa_s: Pointer to wpa_supplicant
- * @ssid: if not null, this is sent in the request. Otherwise, no SSID IE
- *	  is sent in the request.
- * @lci: if set, neighbor request will include LCI request
- * @civic: if set, neighbor request will include civic location request
- * @cb: Callback function to be called once the requested report arrives, or
- *	timed out after RRM_NEIGHBOR_REPORT_TIMEOUT seconds.
- *	In the former case, 'neighbor_rep' is a newly allocated wpabuf, and it's
- *	the requester's responsibility to free it.
- *	In the latter case NULL will be sent in 'neighbor_rep'.
- * @cb_ctx: Context value to send the callback function
- * Returns: 0 in case of success, negative error code otherwise
- *
- * In case there is a previous request which has not been answered yet, the
- * new request fails. The caller may retry after RRM_NEIGHBOR_REPORT_TIMEOUT.
- * Request must contain a callback function.
- */
-int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s,
-				       const struct wpa_ssid_value *ssid,
-				       int lci, int civic,
-				       void (*cb)(void *ctx,
-						  struct wpabuf *neighbor_rep),
-				       void *cb_ctx)
-{
-	struct wpabuf *buf;
-	const u8 *rrm_ie;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || wpa_s->current_ssid == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "RRM: No connection, no RRM.");
-		return -ENOTCONN;
-	}
-
-	if (!wpa_s->rrm.rrm_used) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "RRM: No RRM in current connection.");
-		return -EOPNOTSUPP;
-	}
-
-	rrm_ie = wpa_bss_get_ie(wpa_s->current_bss,
-				WLAN_EID_RRM_ENABLED_CAPABILITIES);
-	if (!rrm_ie || !(wpa_s->current_bss->caps & IEEE80211_CAP_RRM) ||
-	    !(rrm_ie[2] & WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"RRM: No network support for Neighbor Report.");
-		return -EOPNOTSUPP;
-	}
-
-	/* Refuse if there's a live request */
-	if (wpa_s->rrm.notify_neighbor_rep) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"RRM: Currently handling previous Neighbor Report.");
-		return -EBUSY;
-	}
-
-	/* 3 = action category + action code + dialog token */
-	buf = wpabuf_alloc(3 + (ssid ? 2 + ssid->ssid_len : 0) +
-			   (lci ? 2 + MEASURE_REQUEST_LCI_LEN : 0) +
-			   (civic ? 2 + MEASURE_REQUEST_CIVIC_LEN : 0));
-	if (buf == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"RRM: Failed to allocate Neighbor Report Request");
-		return -ENOMEM;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"RRM: Neighbor report request (for %s), token=%d",
-		(ssid ? wpa_ssid_txt(ssid->ssid, ssid->ssid_len) : ""),
-		wpa_s->rrm.next_neighbor_rep_token);
-
-	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
-	wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_REQUEST);
-	wpabuf_put_u8(buf, wpa_s->rrm.next_neighbor_rep_token);
-	if (ssid) {
-		wpabuf_put_u8(buf, WLAN_EID_SSID);
-		wpabuf_put_u8(buf, ssid->ssid_len);
-		wpabuf_put_data(buf, ssid->ssid, ssid->ssid_len);
-	}
-
-	if (lci) {
-		/* IEEE P802.11-REVmc/D5.0 9.4.2.21 */
-		wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
-		wpabuf_put_u8(buf, MEASURE_REQUEST_LCI_LEN);
-
-		/*
-		 * Measurement token; nonzero number that is unique among the
-		 * Measurement Request elements in a particular frame.
-		 */
-		wpabuf_put_u8(buf, 1); /* Measurement Token */
-
-		/*
-		 * Parallel, Enable, Request, and Report bits are 0, Duration is
-		 * reserved.
-		 */
-		wpabuf_put_u8(buf, 0); /* Measurement Request Mode */
-		wpabuf_put_u8(buf, MEASURE_TYPE_LCI); /* Measurement Type */
-
-		/* IEEE P802.11-REVmc/D5.0 9.4.2.21.10 - LCI request */
-		/* Location Subject */
-		wpabuf_put_u8(buf, LOCATION_SUBJECT_REMOTE);
-
-		/* Optional Subelements */
-		/*
-		 * IEEE P802.11-REVmc/D5.0 Figure 9-170
-		 * The Maximum Age subelement is required, otherwise the AP can
-		 * send only data that was determined after receiving the
-		 * request. Setting it here to unlimited age.
-		 */
-		wpabuf_put_u8(buf, LCI_REQ_SUBELEM_MAX_AGE);
-		wpabuf_put_u8(buf, 2);
-		wpabuf_put_le16(buf, 0xffff);
-	}
-
-	if (civic) {
-		/* IEEE P802.11-REVmc/D5.0 9.4.2.21 */
-		wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
-		wpabuf_put_u8(buf, MEASURE_REQUEST_CIVIC_LEN);
-
-		/*
-		 * Measurement token; nonzero number that is unique among the
-		 * Measurement Request elements in a particular frame.
-		 */
-		wpabuf_put_u8(buf, 2); /* Measurement Token */
-
-		/*
-		 * Parallel, Enable, Request, and Report bits are 0, Duration is
-		 * reserved.
-		 */
-		wpabuf_put_u8(buf, 0); /* Measurement Request Mode */
-		/* Measurement Type */
-		wpabuf_put_u8(buf, MEASURE_TYPE_LOCATION_CIVIC);
-
-		/* IEEE P802.11-REVmc/D5.0 9.4.2.21.14:
-		 * Location Civic request */
-		/* Location Subject */
-		wpabuf_put_u8(buf, LOCATION_SUBJECT_REMOTE);
-		wpabuf_put_u8(buf, 0); /* Civic Location Type: IETF RFC 4776 */
-		/* Location Service Interval Units: Seconds */
-		wpabuf_put_u8(buf, 0);
-		/* Location Service Interval: 0 - Only one report is requested
-		 */
-		wpabuf_put_le16(buf, 0);
-		/* No optional subelements */
-	}
-
-	wpa_s->rrm.next_neighbor_rep_token++;
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"RRM: Failed to send Neighbor Report Request");
-		wpabuf_free(buf);
-		return -ECANCELED;
-	}
-
-	wpa_s->rrm.neighbor_rep_cb_ctx = cb_ctx;
-	wpa_s->rrm.notify_neighbor_rep = cb;
-	eloop_register_timeout(RRM_NEIGHBOR_REPORT_TIMEOUT, 0,
-			       wpas_rrm_neighbor_rep_timeout_handler,
-			       &wpa_s->rrm, NULL);
-
-	wpabuf_free(buf);
-	return 0;
-}
-
-
-static int wpas_rrm_report_elem(struct wpabuf **buf, u8 token, u8 mode, u8 type,
-				const u8 *data, size_t data_len)
-{
-	if (wpabuf_resize(buf, 5 + data_len))
-		return -1;
-
-	wpabuf_put_u8(*buf, WLAN_EID_MEASURE_REPORT);
-	wpabuf_put_u8(*buf, 3 + data_len);
-	wpabuf_put_u8(*buf, token);
-	wpabuf_put_u8(*buf, mode);
-	wpabuf_put_u8(*buf, type);
-
-	if (data_len)
-		wpabuf_put_data(*buf, data, data_len);
-
-	return 0;
-}
-
-
-static int
-wpas_rrm_build_lci_report(struct wpa_supplicant *wpa_s,
-			  const struct rrm_measurement_request_element *req,
-			  struct wpabuf **buf)
-{
-	u8 subject;
-	u16 max_age = 0;
-	struct os_reltime t, diff;
-	unsigned long diff_l;
-	const u8 *subelem;
-	const u8 *request = req->variable;
-	size_t len = req->len - 3;
-
-	if (len < 1)
-		return -1;
-
-	if (!wpa_s->lci)
-		goto reject;
-
-	subject = *request++;
-	len--;
-
-	wpa_printf(MSG_DEBUG, "Measurement request location subject=%u",
-		   subject);
-
-	if (subject != LOCATION_SUBJECT_REMOTE) {
-		wpa_printf(MSG_INFO,
-			   "Not building LCI report - bad location subject");
-		return 0;
-	}
-
-	/* Subelements are formatted exactly like elements */
-	wpa_hexdump(MSG_DEBUG, "LCI request subelements", request, len);
-	subelem = get_ie(request, len, LCI_REQ_SUBELEM_MAX_AGE);
-	if (subelem && subelem[1] == 2)
-		max_age = WPA_GET_LE16(subelem + 2);
-
-	if (os_get_reltime(&t))
-		goto reject;
-
-	os_reltime_sub(&t, &wpa_s->lci_time, &diff);
-	/* LCI age is calculated in 10th of a second units. */
-	diff_l = diff.sec * 10 + diff.usec / 100000;
-
-	if (max_age != 0xffff && max_age < diff_l)
-		goto reject;
-
-	if (wpas_rrm_report_elem(buf, req->token,
-				 MEASUREMENT_REPORT_MODE_ACCEPT, req->type,
-				 wpabuf_head_u8(wpa_s->lci),
-				 wpabuf_len(wpa_s->lci)) < 0) {
-		wpa_printf(MSG_DEBUG, "Failed to add LCI report element");
-		return -1;
-	}
-
-	return 0;
-
-reject:
-	if (!is_multicast_ether_addr(wpa_s->rrm.dst_addr) &&
-	    wpas_rrm_report_elem(buf, req->token,
-				 MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE,
-				 req->type, NULL, 0) < 0) {
-		wpa_printf(MSG_DEBUG, "RRM: Failed to add report element");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static void wpas_rrm_send_msr_report_mpdu(struct wpa_supplicant *wpa_s,
-					  const u8 *data, size_t len)
-{
-	struct wpabuf *report = wpabuf_alloc(len + 3);
-
-	if (!report)
-		return;
-
-	wpabuf_put_u8(report, WLAN_ACTION_RADIO_MEASUREMENT);
-	wpabuf_put_u8(report, WLAN_RRM_RADIO_MEASUREMENT_REPORT);
-	wpabuf_put_u8(report, wpa_s->rrm.token);
-
-	wpabuf_put_data(report, data, len);
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(report), wpabuf_len(report), 0)) {
-		wpa_printf(MSG_ERROR,
-			   "RRM: Radio measurement report failed: Sending Action frame failed");
-	}
-
-	wpabuf_free(report);
-}
-
-
-static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
-{
-	struct rrm_measurement_report_element *msr_rep;
-	u8 *end = pos + len;
-	u8 *msr_rep_end;
-	struct rrm_measurement_beacon_report *rep = NULL;
-	u8 *subelem;
-
-	/* Find the last beacon report element */
-	while (end - pos >= (int) sizeof(*msr_rep)) {
-		msr_rep = (struct rrm_measurement_report_element *) pos;
-		msr_rep_end = pos + msr_rep->len + 2;
-
-		if (msr_rep->eid != WLAN_EID_MEASURE_REPORT ||
-		    msr_rep_end > end) {
-			/* Should not happen. This indicates a bug. */
-			wpa_printf(MSG_ERROR,
-				   "RRM: non-measurement report element in measurement report frame");
-			return -1;
-		}
-
-		if (msr_rep->type == MEASURE_TYPE_BEACON)
-			rep = (struct rrm_measurement_beacon_report *)
-				msr_rep->variable;
-
-		pos += pos[1] + 2;
-	}
-
-	if (!rep)
-		return 0;
-
-	subelem = rep->variable;
-	while (subelem + 2 < msr_rep_end &&
-	       subelem[0] != WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
-		subelem += 2 + subelem[1];
-
-	if (subelem + 2 < msr_rep_end &&
-	    subelem[0] == WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
-	    subelem[1] == 1 &&
-	    subelem + BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
-		subelem[2] = 1;
-
-	return 0;
-}
-
-
-static void wpas_rrm_send_msr_report(struct wpa_supplicant *wpa_s,
-				     struct wpabuf *buf)
-{
-	int len = wpabuf_len(buf);
-	u8 *pos = wpabuf_mhead_u8(buf), *next = pos;
-
-#define MPDU_REPORT_LEN (int) (IEEE80211_MAX_MMPDU_SIZE - IEEE80211_HDRLEN - 3)
-
-	while (len) {
-		int send_len = (len > MPDU_REPORT_LEN) ? next - pos : len;
-
-		if (send_len == len)
-			wpas_rrm_beacon_rep_update_last_frame(pos, len);
-
-		if (send_len == len ||
-		    (send_len + next[1] + 2) > MPDU_REPORT_LEN) {
-			wpas_rrm_send_msr_report_mpdu(wpa_s, pos, send_len);
-			len -= send_len;
-			pos = next;
-		}
-
-		if (len)
-			next += next[1] + 2;
-	}
-#undef MPDU_REPORT_LEN
-}
-
-
-static int wpas_add_channel(u8 op_class, u8 chan, u8 num_primary_channels,
-			    int *freqs)
-{
-	size_t i;
-
-	for (i = 0; i < num_primary_channels; i++) {
-		u8 primary_chan = chan - (2 * num_primary_channels - 2) + i * 4;
-
-		freqs[i] = ieee80211_chan_to_freq(NULL, op_class, primary_chan);
-		/* ieee80211_chan_to_freq() is not really meant for this
-		 * conversion of 20 MHz primary channel numbers for wider VHT
-		 * channels, so handle those as special cases here for now. */
-		if (freqs[i] < 0 &&
-		    (op_class == 128 || op_class == 129 || op_class == 130))
-			freqs[i] = 5000 + 5 * primary_chan;
-		if (freqs[i] < 0) {
-			wpa_printf(MSG_DEBUG,
-				   "Beacon Report: Invalid channel %u",
-				   chan);
-			return -1;
-		}
-	}
-
-	return 0;
-}
-
-
-static int * wpas_add_channels(const struct oper_class_map *op,
-			       struct hostapd_hw_modes *mode, int active,
-			       const u8 *channels, const u8 size)
-{
-	int *freqs, *next_freq;
-	u8 num_primary_channels, i;
-	u8 num_chans;
-
-	num_chans = channels ? size :
-		(op->max_chan - op->min_chan) / op->inc + 1;
-
-	if (op->bw == BW80 || op->bw == BW80P80)
-		num_primary_channels = 4;
-	else if (op->bw == BW160)
-		num_primary_channels = 8;
-	else
-		num_primary_channels = 1;
-
-	/* one extra place for the zero-terminator */
-	freqs = os_calloc(num_chans * num_primary_channels + 1, sizeof(*freqs));
-	if (!freqs) {
-		wpa_printf(MSG_ERROR,
-			   "Beacon Report: Failed to allocate freqs array");
-		return NULL;
-	}
-
-	next_freq = freqs;
-	for  (i = 0; i < num_chans; i++) {
-		u8 chan = channels ? channels[i] : op->min_chan + i * op->inc;
-		enum chan_allowed res = verify_channel(mode, op->op_class, chan,
-						       op->bw);
-
-		if (res == NOT_ALLOWED || (res == NO_IR && active))
-			continue;
-
-		if (wpas_add_channel(op->op_class, chan, num_primary_channels,
-				     next_freq) < 0) {
-			os_free(freqs);
-			return NULL;
-		}
-
-		next_freq += num_primary_channels;
-	}
-
-	if (!freqs[0]) {
-		os_free(freqs);
-		return NULL;
-	}
-
-	return freqs;
-}
-
-
-static int * wpas_op_class_freqs(const struct oper_class_map *op,
-				 struct hostapd_hw_modes *mode, int active)
-{
-	u8 channels_80mhz_5ghz[] = { 42, 58, 106, 122, 138, 155, 171 };
-	u8 channels_160mhz_5ghz[] = { 50, 114, 163 };
-	u8 channels_80mhz_6ghz[] = { 7, 23, 39, 55, 71, 87, 103, 119, 135, 151,
-				     167, 183, 199, 215 };
-	u8 channels_160mhz_6ghz[] = { 15, 47, 79, 111, 143, 175, 207 };
-	const u8 *channels = NULL;
-	size_t num_chan = 0;
-	bool is_6ghz = is_6ghz_op_class(op->op_class);
-
-	/*
-	 * When adding all channels in the operating class, 80 + 80 MHz
-	 * operating classes are like 80 MHz channels because we add all valid
-	 * channels anyway.
-	 */
-	if (op->bw == BW80 || op->bw == BW80P80) {
-		channels = is_6ghz ? channels_80mhz_6ghz : channels_80mhz_5ghz;
-		num_chan = is_6ghz ? ARRAY_SIZE(channels_80mhz_6ghz) :
-			ARRAY_SIZE(channels_80mhz_5ghz);
-	} else if (op->bw == BW160) {
-		channels = is_6ghz ? channels_160mhz_6ghz :
-			channels_160mhz_5ghz;
-		num_chan =  is_6ghz ? ARRAY_SIZE(channels_160mhz_6ghz) :
-			ARRAY_SIZE(channels_160mhz_5ghz);
-	}
-
-	return wpas_add_channels(op, mode, active, channels, num_chan);
-}
-
-
-static int * wpas_channel_report_freqs(struct wpa_supplicant *wpa_s, int active,
-				       const char *country, const u8 *subelems,
-				       size_t len)
-{
-	int *freqs = NULL, *new_freqs;
-	const u8 *end = subelems + len;
-
-	while (end - subelems > 2) {
-		const struct oper_class_map *op;
-		const u8 *ap_chan_elem, *pos;
-		u8 left;
-		struct hostapd_hw_modes *mode;
-
-		ap_chan_elem = get_ie(subelems, end - subelems,
-				      WLAN_BEACON_REQUEST_SUBELEM_AP_CHANNEL);
-		if (!ap_chan_elem)
-			break;
-		pos = ap_chan_elem + 2;
-		left = ap_chan_elem[1];
-		if (left < 1)
-			break;
-		subelems = ap_chan_elem + 2 + left;
-
-		op = get_oper_class(country, *pos);
-		if (!op) {
-			wpa_printf(MSG_DEBUG,
-				   "Beacon request: unknown operating class in AP Channel Report subelement %u",
-				   *pos);
-			goto out;
-		}
-		pos++;
-		left--;
-
-		mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, op->mode,
-				is_6ghz_op_class(op->op_class));
-		if (!mode)
-			continue;
-
-		/*
-		 * For 80 + 80 MHz operating classes, this AP Channel Report
-		 * element should be followed by another element specifying
-		 * the second 80 MHz channel. For now just add this 80 MHz
-		 * channel, the second 80 MHz channel will be added when the
-		 * next element is parsed.
-		 * TODO: Verify that this AP Channel Report element is followed
-		 * by a corresponding AP Channel Report element as specified in
-		 * IEEE Std 802.11-2016, 11.11.9.1.
-		 */
-		new_freqs = wpas_add_channels(op, mode, active, pos, left);
-		if (new_freqs)
-			int_array_concat(&freqs, new_freqs);
-
-		os_free(new_freqs);
-	}
-
-	return freqs;
-out:
-	os_free(freqs);
-	return NULL;
-}
-
-
-static int * wpas_beacon_request_freqs(struct wpa_supplicant *wpa_s,
-				       u8 op_class, u8 chan, int active,
-				       const u8 *subelems, size_t len)
-{
-	int *freqs = NULL, *ext_freqs = NULL;
-	struct hostapd_hw_modes *mode;
-	const char *country = NULL;
-	const struct oper_class_map *op;
-	const u8 *elem;
-
-	if (!wpa_s->current_bss)
-		return NULL;
-	elem = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
-	if (elem && elem[1] >= 2)
-		country = (const char *) (elem + 2);
-
-	op = get_oper_class(country, op_class);
-	if (!op) {
-		wpa_printf(MSG_DEBUG,
-			   "Beacon request: invalid operating class %d",
-			   op_class);
-		return NULL;
-	}
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, op->mode,
-			is_6ghz_op_class(op->op_class));
-	if (!mode)
-		return NULL;
-
-	switch (chan) {
-	case 0:
-		freqs = wpas_op_class_freqs(op, mode, active);
-		if (!freqs)
-			return NULL;
-		break;
-	case 255:
-		/* freqs will be added from AP channel subelements */
-		break;
-	default:
-		freqs = wpas_add_channels(op, mode, active, &chan, 1);
-		if (!freqs)
-			return NULL;
-		break;
-	}
-
-	ext_freqs = wpas_channel_report_freqs(wpa_s, active, country, subelems,
-					      len);
-	if (ext_freqs) {
-		int_array_concat(&freqs, ext_freqs);
-		os_free(ext_freqs);
-		int_array_sort_unique(freqs);
-	}
-
-	return freqs;
-}
-
-
-int wpas_get_op_chan_phy(int freq, const u8 *ies, size_t ies_len,
-			 u8 *op_class, u8 *chan, u8 *phy_type)
-{
-	const u8 *ie;
-	int sec_chan = 0, vht = 0;
-	struct ieee80211_ht_operation *ht_oper = NULL;
-	struct ieee80211_vht_operation *vht_oper = NULL;
-	u8 seg0, seg1;
-
-	ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION);
-	if (ie && ie[1] >= sizeof(struct ieee80211_ht_operation)) {
-		u8 sec_chan_offset;
-
-		ht_oper = (struct ieee80211_ht_operation *) (ie + 2);
-		sec_chan_offset = ht_oper->ht_param &
-			HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
-		if (sec_chan_offset == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
-			sec_chan = 1;
-		else if (sec_chan_offset ==
-			 HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
-			sec_chan = -1;
-	}
-
-	ie = get_ie(ies, ies_len, WLAN_EID_VHT_OPERATION);
-	if (ie && ie[1] >= sizeof(struct ieee80211_vht_operation)) {
-		vht_oper = (struct ieee80211_vht_operation *) (ie + 2);
-
-		switch (vht_oper->vht_op_info_chwidth) {
-		case 1:
-			seg0 = vht_oper->vht_op_info_chan_center_freq_seg0_idx;
-			seg1 = vht_oper->vht_op_info_chan_center_freq_seg1_idx;
-			if (seg1 && abs(seg1 - seg0) == 8)
-				vht = CHANWIDTH_160MHZ;
-			else if (seg1)
-				vht = CHANWIDTH_80P80MHZ;
-			else
-				vht = CHANWIDTH_80MHZ;
-			break;
-		case 2:
-			vht = CHANWIDTH_160MHZ;
-			break;
-		case 3:
-			vht = CHANWIDTH_80P80MHZ;
-			break;
-		default:
-			vht = CHANWIDTH_USE_HT;
-			break;
-		}
-	}
-
-	if (ieee80211_freq_to_channel_ext(freq, sec_chan, vht, op_class,
-					  chan) == NUM_HOSTAPD_MODES) {
-		wpa_printf(MSG_DEBUG,
-			   "Cannot determine operating class and channel");
-		return -1;
-	}
-
-	*phy_type = ieee80211_get_phy_type(freq, ht_oper != NULL,
-					   vht_oper != NULL);
-	if (*phy_type == PHY_TYPE_UNSPECIFIED) {
-		wpa_printf(MSG_DEBUG, "Cannot determine phy type");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int wpas_beacon_rep_add_frame_body(struct bitfield *eids,
-					  enum beacon_report_detail detail,
-					  struct wpa_bss *bss, u8 *buf,
-					  size_t buf_len, const u8 **ies_buf,
-					  size_t *ie_len, int add_fixed)
-{
-	const u8 *ies = *ies_buf;
-	size_t ies_len = *ie_len;
-	u8 *pos = buf;
-	int rem_len;
-
-	rem_len = 255 - sizeof(struct rrm_measurement_beacon_report) -
-		sizeof(struct rrm_measurement_report_element) - 2 -
-		REPORTED_FRAME_BODY_SUBELEM_LEN;
-
-	if (detail > BEACON_REPORT_DETAIL_ALL_FIELDS_AND_ELEMENTS) {
-		wpa_printf(MSG_DEBUG,
-			   "Beacon Request: Invalid reporting detail: %d",
-			   detail);
-		return -1;
-	}
-
-	if (detail == BEACON_REPORT_DETAIL_NONE)
-		return 0;
-
-	/*
-	 * Minimal frame body subelement size: EID(1) + length(1) + TSF(8) +
-	 * beacon interval(2) + capabilities(2) = 14 bytes
-	 */
-	if (add_fixed && buf_len < 14)
-		return -1;
-
-	*pos++ = WLAN_BEACON_REPORT_SUBELEM_FRAME_BODY;
-	/* The length will be filled later */
-	pos++;
-
-	if (add_fixed) {
-		WPA_PUT_LE64(pos, bss->tsf);
-		pos += sizeof(bss->tsf);
-		WPA_PUT_LE16(pos, bss->beacon_int);
-		pos += 2;
-		WPA_PUT_LE16(pos, bss->caps);
-		pos += 2;
-	}
-
-	rem_len -= pos - buf;
-
-	/*
-	 * According to IEEE Std 802.11-2016, 9.4.2.22.7, if the reported frame
-	 * body subelement causes the element to exceed the maximum element
-	 * size, the subelement is truncated so that the last IE is a complete
-	 * IE. So even when required to report all IEs, add elements one after
-	 * the other and stop once there is no more room in the measurement
-	 * element.
-	 */
-	while (ies_len > 2 && 2U + ies[1] <= ies_len && rem_len > 0) {
-		if (detail == BEACON_REPORT_DETAIL_ALL_FIELDS_AND_ELEMENTS ||
-		    (eids && bitfield_is_set(eids, ies[0]))) {
-			u8 elen = ies[1];
-
-			if (2 + elen > buf + buf_len - pos ||
-			    2 + elen > rem_len)
-				break;
-
-			*pos++ = ies[0];
-			*pos++ = elen;
-			os_memcpy(pos, ies + 2, elen);
-			pos += elen;
-			rem_len -= 2 + elen;
-		}
-
-		ies_len -= 2 + ies[1];
-		ies += 2 + ies[1];
-	}
-
-	*ie_len = ies_len;
-	*ies_buf = ies;
-
-	/* Now the length is known */
-	buf[1] = pos - buf - 2;
-	return pos - buf;
-}
-
-
-static int wpas_add_beacon_rep_elem(struct beacon_rep_data *data,
-				    struct wpa_bss *bss,
-				    struct wpabuf **wpa_buf,
-				    struct rrm_measurement_beacon_report *rep,
-				    const u8 **ie, size_t *ie_len, u8 idx)
-{
-	int ret;
-	u8 *buf, *pos;
-	u32 subelems_len = REPORTED_FRAME_BODY_SUBELEM_LEN +
-		(data->last_indication ?
-		 BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN : 0);
-
-	/* Maximum element length: Beacon Report element + Reported Frame Body
-	 * subelement + all IEs of the reported Beacon frame + Reported Frame
-	 * Body Fragment ID subelement */
-	buf = os_malloc(sizeof(*rep) + 14 + *ie_len + subelems_len);
-	if (!buf)
-		return -1;
-
-	os_memcpy(buf, rep, sizeof(*rep));
-
-	ret = wpas_beacon_rep_add_frame_body(data->eids, data->report_detail,
-					     bss, buf + sizeof(*rep),
-					     14 + *ie_len, ie, ie_len,
-					     idx == 0);
-	if (ret < 0)
-		goto out;
-
-	pos = buf + ret + sizeof(*rep);
-	pos[0] = WLAN_BEACON_REPORT_SUBELEM_FRAME_BODY_FRAGMENT_ID;
-	pos[1] = 2;
-
-	/*
-	 * Only one Beacon Report Measurement is supported at a time, so
-	 * the Beacon Report ID can always be set to 1.
-	 */
-	pos[2] = 1;
-
-	/* Fragment ID Number (bits 0..6) and More Frame Body Fragments (bit 7)
- */
-	pos[3] = idx;
-	if (data->report_detail != BEACON_REPORT_DETAIL_NONE && *ie_len)
-		pos[3] |= REPORTED_FRAME_BODY_MORE_FRAGMENTS;
-	else
-		pos[3] &= ~REPORTED_FRAME_BODY_MORE_FRAGMENTS;
-
-	pos += REPORTED_FRAME_BODY_SUBELEM_LEN;
-
-	if (data->last_indication) {
-		pos[0] = WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION;
-		pos[1] = 1;
-
-		/* This field will be updated later if this is the last frame */
-		pos[2] = 0;
-	}
-
-	ret = wpas_rrm_report_elem(wpa_buf, data->token,
-				   MEASUREMENT_REPORT_MODE_ACCEPT,
-				   MEASURE_TYPE_BEACON, buf,
-				   ret + sizeof(*rep) + subelems_len);
-out:
-	os_free(buf);
-	return ret;
-}
-
-
-static int wpas_add_beacon_rep(struct wpa_supplicant *wpa_s,
-			       struct wpabuf **wpa_buf, struct wpa_bss *bss,
-			       u64 start, u64 parent_tsf)
-{
-	struct beacon_rep_data *data = &wpa_s->beacon_rep_data;
-	const u8 *ies = wpa_bss_ie_ptr(bss);
-	const u8 *pos = ies;
-	size_t ies_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
-	struct rrm_measurement_beacon_report rep;
-	u8 idx = 0;
-
-	if (os_memcmp(data->bssid, broadcast_ether_addr, ETH_ALEN) != 0 &&
-	    os_memcmp(data->bssid, bss->bssid, ETH_ALEN) != 0)
-		return 0;
-
-	if (data->ssid_len &&
-	    (data->ssid_len != bss->ssid_len ||
-	     os_memcmp(data->ssid, bss->ssid, bss->ssid_len) != 0))
-		return 0;
-
-	if (wpas_get_op_chan_phy(bss->freq, ies, ies_len, &rep.op_class,
-				 &rep.channel, &rep.report_info) < 0)
-		return 0;
-
-	rep.start_time = host_to_le64(start);
-	rep.duration = host_to_le16(data->scan_params.duration);
-	rep.rcpi = rssi_to_rcpi(bss->level);
-	rep.rsni = 255; /* 255 indicates that RSNI is not available */
-	os_memcpy(rep.bssid, bss->bssid, ETH_ALEN);
-	rep.antenna_id = 0; /* unknown */
-	rep.parent_tsf = host_to_le32(parent_tsf);
-
-	do {
-		int ret;
-
-		ret = wpas_add_beacon_rep_elem(data, bss, wpa_buf, &rep,
-					       &pos, &ies_len, idx++);
-		if (ret)
-			return ret;
-	} while (data->report_detail != BEACON_REPORT_DETAIL_NONE &&
-		 ies_len >= 2);
-
-	return 0;
-}
-
-
-static int wpas_beacon_rep_no_results(struct wpa_supplicant *wpa_s,
-				      struct wpabuf **buf)
-{
-	return wpas_rrm_report_elem(buf, wpa_s->beacon_rep_data.token,
-				    MEASUREMENT_REPORT_MODE_ACCEPT,
-				    MEASURE_TYPE_BEACON, NULL, 0);
-}
-
-
-static void wpas_beacon_rep_table(struct wpa_supplicant *wpa_s,
-				  struct wpabuf **buf)
-{
-	size_t i;
-
-	for (i = 0; i < wpa_s->last_scan_res_used; i++) {
-		if (wpas_add_beacon_rep(wpa_s, buf, wpa_s->last_scan_res[i],
-					0, 0) < 0)
-			break;
-	}
-
-	if (!(*buf))
-		wpas_beacon_rep_no_results(wpa_s, buf);
-
-	wpa_hexdump_buf(MSG_DEBUG, "RRM: Radio Measurement report", *buf);
-}
-
-
-void wpas_rrm_refuse_request(struct wpa_supplicant *wpa_s)
-{
-	if (!is_multicast_ether_addr(wpa_s->rrm.dst_addr)) {
-		struct wpabuf *buf = NULL;
-
-		if (wpas_rrm_report_elem(&buf, wpa_s->beacon_rep_data.token,
-					 MEASUREMENT_REPORT_MODE_REJECT_REFUSED,
-					 MEASURE_TYPE_BEACON, NULL, 0)) {
-			wpa_printf(MSG_ERROR, "RRM: Memory allocation failed");
-			wpabuf_free(buf);
-			return;
-		}
-
-		wpas_rrm_send_msr_report(wpa_s, buf);
-		wpabuf_free(buf);
-	}
-
-	wpas_clear_beacon_rep_data(wpa_s);
-}
-
-
-static void wpas_rrm_scan_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wpa_driver_scan_params *params =
-		&wpa_s->beacon_rep_data.scan_params;
-	u16 prev_duration = params->duration;
-
-	if (!wpa_s->current_bss)
-		return;
-
-	if (!(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL) &&
-	    params->duration) {
-		wpa_printf(MSG_DEBUG,
-			   "RRM: Cannot set scan duration due to missing driver support");
-		params->duration = 0;
-	}
-	os_get_reltime(&wpa_s->beacon_rep_scan);
-	if (wpa_s->scanning || wpas_p2p_in_progress(wpa_s) ||
-	    wpa_supplicant_trigger_scan(wpa_s, params))
-		wpas_rrm_refuse_request(wpa_s);
-	params->duration = prev_duration;
-}
-
-
-static int wpas_rm_handle_beacon_req_subelem(struct wpa_supplicant *wpa_s,
-					     struct beacon_rep_data *data,
-					     u8 sid, u8 slen, const u8 *subelem)
-{
-	u8 report_info, i;
-
-	switch (sid) {
-	case WLAN_BEACON_REQUEST_SUBELEM_SSID:
-		if (!slen) {
-			wpa_printf(MSG_DEBUG,
-				   "SSID subelement with zero length - wildcard SSID");
-			break;
-		}
-
-		if (slen > SSID_MAX_LEN) {
-			wpa_printf(MSG_DEBUG,
-				   "Invalid SSID subelement length: %u", slen);
-			return -1;
-		}
-
-		data->ssid_len = slen;
-		os_memcpy(data->ssid, subelem, data->ssid_len);
-		break;
-	case WLAN_BEACON_REQUEST_SUBELEM_INFO:
-		if (slen != 2) {
-			wpa_printf(MSG_DEBUG,
-				   "Invalid reporting information subelement length: %u",
-				   slen);
-			return -1;
-		}
-
-		report_info = subelem[0];
-		if (report_info != 0) {
-			wpa_printf(MSG_DEBUG,
-				   "reporting information=%u is not supported",
-				   report_info);
-			return 0;
-		}
-		break;
-	case WLAN_BEACON_REQUEST_SUBELEM_DETAIL:
-		if (slen != 1) {
-			wpa_printf(MSG_DEBUG,
-				   "Invalid reporting detail subelement length: %u",
-				   slen);
-			return -1;
-		}
-
-		data->report_detail = subelem[0];
-		if (data->report_detail >
-		    BEACON_REPORT_DETAIL_ALL_FIELDS_AND_ELEMENTS) {
-			wpa_printf(MSG_DEBUG, "Invalid reporting detail: %u",
-				   subelem[0]);
-			return -1;
-		}
-
-		break;
-	case WLAN_BEACON_REQUEST_SUBELEM_REQUEST:
-		if (data->report_detail !=
-		    BEACON_REPORT_DETAIL_REQUESTED_ONLY) {
-			wpa_printf(MSG_DEBUG,
-				   "Beacon request: request subelement is present but report detail is %u",
-				   data->report_detail);
-			return -1;
-		}
-
-		if (!slen) {
-			wpa_printf(MSG_DEBUG,
-				   "Invalid request subelement length: %u",
-				   slen);
-			return -1;
-		}
-
-		if (data->eids) {
-			wpa_printf(MSG_DEBUG,
-				   "Beacon Request: Request subelement appears more than once");
-			return -1;
-		}
-
-		data->eids = bitfield_alloc(255);
-		if (!data->eids) {
-			wpa_printf(MSG_DEBUG, "Failed to allocate EIDs bitmap");
-			return -1;
-		}
-
-		for (i = 0; i < slen; i++)
-			bitfield_set(data->eids, subelem[i]);
-		break;
-	case WLAN_BEACON_REQUEST_SUBELEM_AP_CHANNEL:
-		/* Skip - it will be processed when freqs are added */
-		break;
-	case WLAN_BEACON_REQUEST_SUBELEM_LAST_INDICATION:
-		if (slen != 1) {
-			wpa_printf(MSG_DEBUG,
-				   "Beacon request: Invalid last indication request subelement length: %u",
-				   slen);
-			return -1;
-		}
-
-		data->last_indication = subelem[0];
-		break;
-	default:
-		wpa_printf(MSG_DEBUG,
-			   "Beacon request: Unknown subelement id %u", sid);
-		break;
-	}
-
-	return 1;
-}
-
-
-/**
- * Returns 0 if the next element can be processed, 1 if some operation was
- * triggered, and -1 if processing failed (i.e., the element is in invalid
- * format or an internal error occurred).
- */
-static int
-wpas_rm_handle_beacon_req(struct wpa_supplicant *wpa_s,
-			  u8 elem_token, int duration_mandatory,
-			  const struct rrm_measurement_beacon_request *req,
-			  size_t len, struct wpabuf **buf)
-{
-	struct beacon_rep_data *data = &wpa_s->beacon_rep_data;
-	struct wpa_driver_scan_params *params = &data->scan_params;
-	const u8 *subelems;
-	size_t elems_len;
-	u16 rand_interval;
-	u32 interval_usec;
-	u32 _rand;
-	int ret = 0, res;
-	u8 reject_mode;
-
-	if (len < sizeof(*req))
-		return -1;
-
-	if (req->mode != BEACON_REPORT_MODE_PASSIVE &&
-	    req->mode != BEACON_REPORT_MODE_ACTIVE &&
-	    req->mode != BEACON_REPORT_MODE_TABLE)
-		return 0;
-
-	subelems = req->variable;
-	elems_len = len - sizeof(*req);
-	rand_interval = le_to_host16(req->rand_interval);
-
-	os_free(params->freqs);
-	os_memset(params, 0, sizeof(*params));
-
-	data->token = elem_token;
-
-	/* default reporting detail is all fixed length fields and all
-	 * elements */
-	data->report_detail = BEACON_REPORT_DETAIL_ALL_FIELDS_AND_ELEMENTS;
-	os_memcpy(data->bssid, req->bssid, ETH_ALEN);
-
-	while (elems_len >= 2) {
-		if (subelems[1] > elems_len - 2) {
-			wpa_printf(MSG_DEBUG,
-				   "Beacon Request: Truncated subelement");
-			ret = -1;
-			goto out;
-		}
-
-		res = wpas_rm_handle_beacon_req_subelem(
-			wpa_s, data, subelems[0], subelems[1], &subelems[2]);
-		if (res < 0) {
-			ret = res;
-			goto out;
-		} else if (!res) {
-			reject_mode = MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE;
-			goto out_reject;
-		}
-
-		elems_len -= 2 + subelems[1];
-		subelems += 2 + subelems[1];
-	}
-
-	if (req->mode == BEACON_REPORT_MODE_TABLE) {
-		wpas_beacon_rep_table(wpa_s, buf);
-		goto out;
-	}
-
-	params->freqs = wpas_beacon_request_freqs(
-		wpa_s, req->oper_class, req->channel,
-		req->mode == BEACON_REPORT_MODE_ACTIVE,
-		req->variable, len - sizeof(*req));
-	if (!params->freqs) {
-		wpa_printf(MSG_DEBUG, "Beacon request: No valid channels");
-		reject_mode = MEASUREMENT_REPORT_MODE_REJECT_REFUSED;
-		goto out_reject;
-	}
-
-	params->duration = le_to_host16(req->duration);
-	params->duration_mandatory = duration_mandatory;
-	if (!params->duration) {
-		wpa_printf(MSG_DEBUG, "Beacon request: Duration is 0");
-		ret = -1;
-		goto out;
-	}
-
-	params->only_new_results = 1;
-
-	if (req->mode == BEACON_REPORT_MODE_ACTIVE) {
-		params->ssids[params->num_ssids].ssid = data->ssid;
-		params->ssids[params->num_ssids++].ssid_len = data->ssid_len;
-	}
-
-	if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
-		_rand = os_random();
-	interval_usec = (_rand % (rand_interval + 1)) * 1024;
-	eloop_register_timeout(0, interval_usec, wpas_rrm_scan_timeout, wpa_s,
-			       NULL);
-	return 1;
-out_reject:
-	if (!is_multicast_ether_addr(wpa_s->rrm.dst_addr) &&
-	    wpas_rrm_report_elem(buf, elem_token, reject_mode,
-				 MEASURE_TYPE_BEACON, NULL, 0) < 0) {
-		wpa_printf(MSG_DEBUG, "RRM: Failed to add report element");
-		ret = -1;
-	}
-out:
-	wpas_clear_beacon_rep_data(wpa_s);
-	return ret;
-}
-
-
-static int
-wpas_rrm_handle_msr_req_element(
-	struct wpa_supplicant *wpa_s,
-	const struct rrm_measurement_request_element *req,
-	struct wpabuf **buf)
-{
-	int duration_mandatory;
-
-	wpa_printf(MSG_DEBUG, "Measurement request type %d token %d",
-		   req->type, req->token);
-
-	if (req->mode & MEASUREMENT_REQUEST_MODE_ENABLE) {
-		/* Enable bit is not supported for now */
-		wpa_printf(MSG_DEBUG, "RRM: Enable bit not supported, ignore");
-		return 0;
-	}
-
-	if ((req->mode & MEASUREMENT_REQUEST_MODE_PARALLEL) &&
-	    req->type > MEASURE_TYPE_RPI_HIST) {
-		/* Parallel measurements are not supported for now */
-		wpa_printf(MSG_DEBUG,
-			   "RRM: Parallel measurements are not supported, reject");
-		goto reject;
-	}
-
-	duration_mandatory =
-		!!(req->mode & MEASUREMENT_REQUEST_MODE_DURATION_MANDATORY);
-
-	switch (req->type) {
-	case MEASURE_TYPE_LCI:
-		return wpas_rrm_build_lci_report(wpa_s, req, buf);
-	case MEASURE_TYPE_BEACON:
-		if (duration_mandatory &&
-		    !(wpa_s->drv_rrm_flags &
-		      WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL)) {
-			wpa_printf(MSG_DEBUG,
-				   "RRM: Driver does not support dwell time configuration - reject beacon report with mandatory duration");
-			goto reject;
-		}
-		return wpas_rm_handle_beacon_req(wpa_s, req->token,
-						 duration_mandatory,
-						 (const void *) req->variable,
-						 req->len - 3, buf);
-	default:
-		wpa_printf(MSG_INFO,
-			   "RRM: Unsupported radio measurement type %u",
-			   req->type);
-		break;
-	}
-
-reject:
-	if (!is_multicast_ether_addr(wpa_s->rrm.dst_addr) &&
-	    wpas_rrm_report_elem(buf, req->token,
-				 MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE,
-				 req->type, NULL, 0) < 0) {
-		wpa_printf(MSG_DEBUG, "RRM: Failed to add report element");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static struct wpabuf *
-wpas_rrm_process_msr_req_elems(struct wpa_supplicant *wpa_s, const u8 *pos,
-			       size_t len)
-{
-	struct wpabuf *buf = NULL;
-
-	while (len) {
-		const struct rrm_measurement_request_element *req;
-		int res;
-
-		if (len < 2) {
-			wpa_printf(MSG_DEBUG, "RRM: Truncated element");
-			goto out;
-		}
-
-		req = (const struct rrm_measurement_request_element *) pos;
-		if (req->eid != WLAN_EID_MEASURE_REQUEST) {
-			wpa_printf(MSG_DEBUG,
-				   "RRM: Expected Measurement Request element, but EID is %u",
-				   req->eid);
-			goto out;
-		}
-
-		if (req->len < 3) {
-			wpa_printf(MSG_DEBUG, "RRM: Element length too short");
-			goto out;
-		}
-
-		if (req->len > len - 2) {
-			wpa_printf(MSG_DEBUG, "RRM: Element length too long");
-			goto out;
-		}
-
-		res = wpas_rrm_handle_msr_req_element(wpa_s, req, &buf);
-		if (res < 0)
-			goto out;
-
-		pos += req->len + 2;
-		len -= req->len + 2;
-	}
-
-	return buf;
-
-out:
-	wpabuf_free(buf);
-	return NULL;
-}
-
-
-void wpas_rrm_handle_radio_measurement_request(struct wpa_supplicant *wpa_s,
-					       const u8 *src, const u8 *dst,
-					       const u8 *frame, size_t len)
-{
-	struct wpabuf *report;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Ignoring radio measurement request: Not associated");
-		return;
-	}
-
-	if (!wpa_s->rrm.rrm_used) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Ignoring radio measurement request: Not RRM network");
-		return;
-	}
-
-	if (len < 3) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Ignoring too short radio measurement request");
-		return;
-	}
-
-	wpa_s->rrm.token = *frame;
-	os_memcpy(wpa_s->rrm.dst_addr, dst, ETH_ALEN);
-
-	/* Number of repetitions is not supported */
-
-	report = wpas_rrm_process_msr_req_elems(wpa_s, frame + 3, len - 3);
-	if (!report)
-		return;
-
-	wpas_rrm_send_msr_report(wpa_s, report);
-	wpabuf_free(report);
-}
-
-
-void wpas_rrm_handle_link_measurement_request(struct wpa_supplicant *wpa_s,
-					      const u8 *src,
-					      const u8 *frame, size_t len,
-					      int rssi)
-{
-	struct wpabuf *buf;
-	const struct rrm_link_measurement_request *req;
-	struct rrm_link_measurement_report report;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Ignoring link measurement request. Not associated");
-		return;
-	}
-
-	if (!wpa_s->rrm.rrm_used) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Ignoring link measurement request. Not RRM network");
-		return;
-	}
-
-	if (!(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Measurement report failed. TX power insertion not supported");
-		return;
-	}
-
-	req = (const struct rrm_link_measurement_request *) frame;
-	if (len < sizeof(*req)) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Link measurement report failed. Request too short");
-		return;
-	}
-
-	os_memset(&report, 0, sizeof(report));
-	report.dialog_token = req->dialog_token;
-	report.tpc.eid = WLAN_EID_TPC_REPORT;
-	report.tpc.len = 2;
-	/* Note: The driver is expected to update report.tpc.tx_power and
-	 * report.tpc.link_margin subfields when sending out this frame.
-	 * Similarly, the driver would need to update report.rx_ant_id and
-	 * report.tx_ant_id subfields. */
-	report.rsni = 255; /* 255 indicates that RSNI is not available */
-	report.rcpi = rssi_to_rcpi(rssi);
-
-	/* action_category + action_code */
-	buf = wpabuf_alloc(2 + sizeof(report));
-	if (buf == NULL) {
-		wpa_printf(MSG_ERROR,
-			   "RRM: Link measurement report failed. Buffer allocation failed");
-		return;
-	}
-
-	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
-	wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REPORT);
-	wpabuf_put_data(buf, &report, sizeof(report));
-	wpa_hexdump_buf(MSG_DEBUG, "RRM: Link measurement report", buf);
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, src,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(buf), wpabuf_len(buf), 0)) {
-		wpa_printf(MSG_ERROR,
-			   "RRM: Link measurement report failed. Send action failed");
-	}
-	wpabuf_free(buf);
-}
-
-
-int wpas_beacon_rep_scan_process(struct wpa_supplicant *wpa_s,
-				 struct wpa_scan_results *scan_res,
-				 struct scan_info *info)
-{
-	size_t i = 0;
-	struct wpabuf *buf = NULL;
-
-	if (!wpa_s->beacon_rep_data.token)
-		return 0;
-
-	if (!wpa_s->current_bss)
-		goto out;
-
-	/* If the measurement was aborted, don't report partial results */
-	if (info->aborted)
-		goto out;
-
-	wpa_printf(MSG_DEBUG, "RRM: TSF BSSID: " MACSTR " current BSS: " MACSTR,
-		   MAC2STR(info->scan_start_tsf_bssid),
-		   MAC2STR(wpa_s->current_bss->bssid));
-	if ((wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_BEACON_REPORT) &&
-	    os_memcmp(info->scan_start_tsf_bssid, wpa_s->current_bss->bssid,
-		      ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG,
-			   "RRM: Ignore scan results due to mismatching TSF BSSID");
-		goto out;
-	}
-
-	for (i = 0; i < scan_res->num; i++) {
-		struct wpa_bss *bss =
-			wpa_bss_get_bssid(wpa_s, scan_res->res[i]->bssid);
-
-		if (!bss)
-			continue;
-
-		if ((wpa_s->drv_rrm_flags &
-		     WPA_DRIVER_FLAGS_SUPPORT_BEACON_REPORT) &&
-		    os_memcmp(scan_res->res[i]->tsf_bssid,
-			      wpa_s->current_bss->bssid, ETH_ALEN) != 0) {
-			wpa_printf(MSG_DEBUG,
-				   "RRM: Ignore scan result for " MACSTR
-				   " due to mismatching TSF BSSID" MACSTR,
-				   MAC2STR(scan_res->res[i]->bssid),
-				   MAC2STR(scan_res->res[i]->tsf_bssid));
-			continue;
-		}
-
-		/*
-		 * Don't report results that were not received during the
-		 * current measurement.
-		 */
-		if (!(wpa_s->drv_rrm_flags &
-		      WPA_DRIVER_FLAGS_SUPPORT_BEACON_REPORT)) {
-			struct os_reltime update_time, diff;
-
-			/* For now, allow 8 ms older results due to some
-			 * unknown issue with cfg80211 BSS table updates during
-			 * a scan with the current BSS.
-			 * TODO: Fix this more properly to avoid having to have
-			 * this type of hacks in place. */
-			calculate_update_time(&scan_res->fetch_time,
-					      scan_res->res[i]->age,
-					      &update_time);
-			os_reltime_sub(&wpa_s->beacon_rep_scan,
-				       &update_time, &diff);
-			if (os_reltime_before(&update_time,
-					      &wpa_s->beacon_rep_scan) &&
-			    (diff.sec || diff.usec >= 8000)) {
-				wpa_printf(MSG_DEBUG,
-					   "RRM: Ignore scan result for " MACSTR
-					   " due to old update (age(ms) %u, calculated age %u.%06u seconds)",
-					   MAC2STR(scan_res->res[i]->bssid),
-					   scan_res->res[i]->age,
-					   (unsigned int) diff.sec,
-					   (unsigned int) diff.usec);
-				continue;
-			}
-		} else if (info->scan_start_tsf >
-			   scan_res->res[i]->parent_tsf) {
-			continue;
-		}
-
-		if (wpas_add_beacon_rep(wpa_s, &buf, bss, info->scan_start_tsf,
-					scan_res->res[i]->parent_tsf) < 0)
-			break;
-	}
-
-	if (!buf && wpas_beacon_rep_no_results(wpa_s, &buf))
-		goto out;
-
-	wpa_hexdump_buf(MSG_DEBUG, "RRM: Radio Measurement report", buf);
-
-	wpas_rrm_send_msr_report(wpa_s, buf);
-	wpabuf_free(buf);
-
-out:
-	wpas_clear_beacon_rep_data(wpa_s);
-	return 1;
-}
-
-
-void wpas_clear_beacon_rep_data(struct wpa_supplicant *wpa_s)
-{
-	struct beacon_rep_data *data = &wpa_s->beacon_rep_data;
-
-	eloop_cancel_timeout(wpas_rrm_scan_timeout, wpa_s, NULL);
-	bitfield_free(data->eids);
-	os_free(data->scan_params.freqs);
-	os_memset(data, 0, sizeof(*data));
-}
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
deleted file mode 100644
index b0094ca6ca5b..000000000000
--- a/wpa_supplicant/scan.c
+++ /dev/null
@@ -1,3360 +0,0 @@
-/*
- * WPA Supplicant - Scanning
- * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_ctrl.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "wps_supplicant.h"
-#include "p2p_supplicant.h"
-#include "p2p/p2p.h"
-#include "hs20_supplicant.h"
-#include "notify.h"
-#include "bss.h"
-#include "scan.h"
-#include "mesh.h"
-
-
-static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-	union wpa_event_data data;
-
-	ssid = wpa_supplicant_get_ssid(wpa_s);
-	if (ssid == NULL)
-		return;
-
-	if (wpa_s->current_ssid == NULL) {
-		wpa_s->current_ssid = ssid;
-		wpas_notify_network_changed(wpa_s);
-	}
-	wpa_supplicant_initiate_eapol(wpa_s);
-	wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured "
-		"network - generating associated event");
-	os_memset(&data, 0, sizeof(data));
-	wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
-}
-
-
-#ifdef CONFIG_WPS
-static int wpas_wps_in_use(struct wpa_supplicant *wpa_s,
-			   enum wps_request_type *req_type)
-{
-	struct wpa_ssid *ssid;
-	int wps = 0;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
-			continue;
-
-		wps = 1;
-		*req_type = wpas_wps_get_req_type(ssid);
-		if (ssid->eap.phase1 && os_strstr(ssid->eap.phase1, "pbc=1"))
-			return 2;
-	}
-
-#ifdef CONFIG_P2P
-	if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p &&
-	    !wpa_s->conf->p2p_disabled) {
-		wpa_s->wps->dev.p2p = 1;
-		if (!wps) {
-			wps = 1;
-			*req_type = WPS_REQ_ENROLLEE_INFO;
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	return wps;
-}
-#endif /* CONFIG_WPS */
-
-
-static int wpa_setup_mac_addr_rand_params(struct wpa_driver_scan_params *params,
-					  const u8 *mac_addr)
-{
-	u8 *tmp;
-
-	if (params->mac_addr) {
-		params->mac_addr_mask = NULL;
-		os_free(params->mac_addr);
-		params->mac_addr = NULL;
-	}
-
-	params->mac_addr_rand = 1;
-
-	if (!mac_addr)
-		return 0;
-
-	tmp = os_malloc(2 * ETH_ALEN);
-	if (!tmp)
-		return -1;
-
-	os_memcpy(tmp, mac_addr, 2 * ETH_ALEN);
-	params->mac_addr = tmp;
-	params->mac_addr_mask = tmp + ETH_ALEN;
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_enabled_networks - Check whether there are enabled networks
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 if no networks are enabled, >0 if networks are enabled
- *
- * This function is used to figure out whether any networks (or Interworking
- * with enabled credentials and auto_interworking) are present in the current
- * configuration.
- */
-int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid = wpa_s->conf->ssid;
-	int count = 0, disabled = 0;
-
-	if (wpa_s->p2p_mgmt)
-		return 0; /* no normal network profiles on p2p_mgmt interface */
-
-	while (ssid) {
-		if (!wpas_network_disabled(wpa_s, ssid))
-			count++;
-		else
-			disabled++;
-		ssid = ssid->next;
-	}
-	if (wpa_s->conf->cred && wpa_s->conf->interworking &&
-	    wpa_s->conf->auto_interworking)
-		count++;
-	if (count == 0 && disabled > 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled "
-			"networks)", disabled);
-	}
-	return count;
-}
-
-
-static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s,
-				     struct wpa_ssid *ssid)
-{
-	int min_temp_disabled = 0;
-
-	while (ssid) {
-		if (!wpas_network_disabled(wpa_s, ssid)) {
-			int temp_disabled = wpas_temp_disabled(wpa_s, ssid);
-
-			if (temp_disabled <= 0)
-				break;
-
-			if (!min_temp_disabled ||
-			    temp_disabled < min_temp_disabled)
-				min_temp_disabled = temp_disabled;
-		}
-		ssid = ssid->next;
-	}
-
-	/* ap_scan=2 mode - try to associate with each SSID. */
-	if (ssid == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached "
-			"end of scan list - go back to beginning");
-		wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
-		wpa_supplicant_req_scan(wpa_s, min_temp_disabled, 0);
-		return;
-	}
-	if (ssid->next) {
-		/* Continue from the next SSID on the next attempt. */
-		wpa_s->prev_scan_ssid = ssid;
-	} else {
-		/* Start from the beginning of the SSID list. */
-		wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
-	}
-	wpa_supplicant_associate(wpa_s, NULL, ssid);
-}
-
-
-static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct wpa_driver_scan_params *params = work->ctx;
-	int ret;
-
-	if (deinit) {
-		if (!work->started) {
-			wpa_scan_free_params(params);
-			return;
-		}
-		wpa_supplicant_notify_scanning(wpa_s, 0);
-		wpas_notify_scan_done(wpa_s, 0);
-		wpa_s->scan_work = NULL;
-		return;
-	}
-
-	if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) &&
-	    wpa_s->wpa_state <= WPA_SCANNING)
-		wpa_setup_mac_addr_rand_params(params, wpa_s->mac_addr_scan);
-
-	if (wpas_update_random_addr_disassoc(wpa_s) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Failed to assign random MAC address for a scan");
-		wpa_scan_free_params(params);
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1");
-		radio_work_done(work);
-		return;
-	}
-
-	wpa_supplicant_notify_scanning(wpa_s, 1);
-
-	if (wpa_s->clear_driver_scan_cache) {
-		wpa_printf(MSG_DEBUG,
-			   "Request driver to clear scan cache due to local BSS flush");
-		params->only_new_results = 1;
-	}
-	ret = wpa_drv_scan(wpa_s, params);
-	/*
-	 * Store the obtained vendor scan cookie (if any) in wpa_s context.
-	 * The current design is to allow only one scan request on each
-	 * interface, hence having this scan cookie stored in wpa_s context is
-	 * fine for now.
-	 *
-	 * Revisit this logic if concurrent scan operations per interface
-	 * is supported.
-	 */
-	if (ret == 0)
-		wpa_s->curr_scan_cookie = params->scan_cookie;
-	wpa_scan_free_params(params);
-	work->ctx = NULL;
-	if (ret) {
-		int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ &&
-			!wpa_s->beacon_rep_data.token;
-
-		if (wpa_s->disconnected)
-			retry = 0;
-
-		/* do not retry if operation is not supported */
-		if (ret == -EOPNOTSUPP)
-			retry = 0;
-
-		wpa_supplicant_notify_scanning(wpa_s, 0);
-		wpas_notify_scan_done(wpa_s, 0);
-		if (wpa_s->wpa_state == WPA_SCANNING)
-			wpa_supplicant_set_state(wpa_s,
-						 wpa_s->scan_prev_wpa_state);
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s",
-			ret, retry ? " retry=1" : "");
-		radio_work_done(work);
-
-		if (retry) {
-			/* Restore scan_req since we will try to scan again */
-			wpa_s->scan_req = wpa_s->last_scan_req;
-			wpa_supplicant_req_scan(wpa_s, 1, 0);
-		} else if (wpa_s->scan_res_handler) {
-			/* Clear the scan_res_handler */
-			wpa_s->scan_res_handler = NULL;
-		}
-
-		if (wpa_s->beacon_rep_data.token)
-			wpas_rrm_refuse_request(wpa_s);
-
-		return;
-	}
-
-	os_get_reltime(&wpa_s->scan_trigger_time);
-	wpa_s->scan_runs++;
-	wpa_s->normal_scans++;
-	wpa_s->own_scan_requested = 1;
-	wpa_s->clear_driver_scan_cache = 0;
-	wpa_s->scan_work = work;
-}
-
-
-/**
- * wpa_supplicant_trigger_scan - Request driver to start a scan
- * @wpa_s: Pointer to wpa_supplicant data
- * @params: Scan parameters
- * Returns: 0 on success, -1 on failure
- */
-int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
-				struct wpa_driver_scan_params *params)
-{
-	struct wpa_driver_scan_params *ctx;
-
-	if (wpa_s->scan_work) {
-		wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending");
-		return -1;
-	}
-
-	ctx = wpa_scan_clone_params(params);
-	if (!ctx ||
-	    radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0)
-	{
-		wpa_scan_free_params(ctx);
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static void
-wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan");
-
-	if (wpa_supplicant_req_sched_scan(wpa_s))
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-static void
-wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it");
-
-	wpa_s->sched_scan_timed_out = 1;
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-}
-
-
-static int
-wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s,
-				struct wpa_driver_scan_params *params)
-{
-	int ret;
-
-	wpa_supplicant_notify_scanning(wpa_s, 1);
-	ret = wpa_drv_sched_scan(wpa_s, params);
-	if (ret)
-		wpa_supplicant_notify_scanning(wpa_s, 0);
-	else
-		wpa_s->sched_scanning = 1;
-
-	return ret;
-}
-
-
-static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	int ret;
-
-	ret = wpa_drv_stop_sched_scan(wpa_s);
-	if (ret) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!");
-		/* TODO: what to do if stopping fails? */
-		return -1;
-	}
-
-	return ret;
-}
-
-
-static struct wpa_driver_scan_filter *
-wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids)
-{
-	struct wpa_driver_scan_filter *ssids;
-	struct wpa_ssid *ssid;
-	size_t count;
-
-	*num_ssids = 0;
-	if (!conf->filter_ssids)
-		return NULL;
-
-	for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid->ssid && ssid->ssid_len)
-			count++;
-	}
-	if (count == 0)
-		return NULL;
-	ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter));
-	if (ssids == NULL)
-		return NULL;
-
-	for (ssid = conf->ssid; ssid; ssid = ssid->next) {
-		if (!ssid->ssid || !ssid->ssid_len)
-			continue;
-		os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len);
-		ssids[*num_ssids].ssid_len = ssid->ssid_len;
-		(*num_ssids)++;
-	}
-
-	return ssids;
-}
-
-
-#ifdef CONFIG_P2P
-static bool is_6ghz_supported(struct wpa_supplicant *wpa_s)
-{
-	struct hostapd_channel_data *chnl;
-	int i, j;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211A) {
-			chnl = wpa_s->hw.modes[i].channels;
-			for (j = 0; j < wpa_s->hw.modes[i].num_channels; j++) {
-				if (chnl[j].flag & HOSTAPD_CHAN_DISABLED)
-					continue;
-				if (is_6ghz_freq(chnl[j].freq))
-					return true;
-			}
-		}
-	}
-
-	return false;
-}
-#endif /* CONFIG_P2P */
-
-
-static void wpa_supplicant_optimize_freqs(
-	struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params)
-{
-#ifdef CONFIG_P2P
-	if (params->freqs == NULL && wpa_s->p2p_in_provisioning &&
-	    wpa_s->go_params) {
-		/* Optimize provisioning state scan based on GO information */
-		if (wpa_s->p2p_in_provisioning < 5 &&
-		    wpa_s->go_params->freq > 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO "
-				"preferred frequency %d MHz",
-				wpa_s->go_params->freq);
-			params->freqs = os_calloc(2, sizeof(int));
-			if (params->freqs)
-				params->freqs[0] = wpa_s->go_params->freq;
-		} else if (wpa_s->p2p_in_provisioning < 8 &&
-			   wpa_s->go_params->freq_list[0]) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common "
-				"channels");
-			int_array_concat(&params->freqs,
-					 wpa_s->go_params->freq_list);
-			if (params->freqs)
-				int_array_sort_unique(params->freqs);
-		}
-		wpa_s->p2p_in_provisioning++;
-	}
-
-	if (params->freqs == NULL && wpa_s->p2p_in_invitation) {
-		/*
-		 * Optimize scan based on GO information during persistent
-		 * group reinvocation
-		 */
-		if (wpa_s->p2p_in_invitation < 5 &&
-		    wpa_s->p2p_invite_go_freq > 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation",
-				wpa_s->p2p_invite_go_freq);
-			params->freqs = os_calloc(2, sizeof(int));
-			if (params->freqs)
-				params->freqs[0] = wpa_s->p2p_invite_go_freq;
-		}
-		wpa_s->p2p_in_invitation++;
-		if (wpa_s->p2p_in_invitation > 20) {
-			/*
-			 * This should not really happen since the variable is
-			 * cleared on group removal, but if it does happen, make
-			 * sure we do not get stuck in special invitation scan
-			 * mode.
-			 */
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation");
-			wpa_s->p2p_in_invitation = 0;
-		}
-	}
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_WPS
-	if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) {
-		/*
-		 * Optimize post-provisioning scan based on channel used
-		 * during provisioning.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz "
-			"that was used during provisioning", wpa_s->wps_freq);
-		params->freqs = os_calloc(2, sizeof(int));
-		if (params->freqs)
-			params->freqs[0] = wpa_s->wps_freq;
-		wpa_s->after_wps--;
-	} else if (wpa_s->after_wps)
-		wpa_s->after_wps--;
-
-	if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq)
-	{
-		/* Optimize provisioning scan based on already known channel */
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz",
-			wpa_s->wps_freq);
-		params->freqs = os_calloc(2, sizeof(int));
-		if (params->freqs)
-			params->freqs[0] = wpa_s->wps_freq;
-		wpa_s->known_wps_freq = 0; /* only do this once */
-	}
-#endif /* CONFIG_WPS */
-}
-
-
-#ifdef CONFIG_INTERWORKING
-static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s,
-					   struct wpabuf *buf)
-{
-	wpabuf_put_u8(buf, WLAN_EID_INTERWORKING);
-	wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 :
-		      1 + ETH_ALEN);
-	wpabuf_put_u8(buf, wpa_s->conf->access_network_type);
-	/* No Venue Info */
-	if (!is_zero_ether_addr(wpa_s->conf->hessid))
-		wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN);
-}
-#endif /* CONFIG_INTERWORKING */
-
-
-#ifdef CONFIG_MBO
-static void wpas_fils_req_param_add_max_channel(struct wpa_supplicant *wpa_s,
-						struct wpabuf **ie)
-{
-	if (wpabuf_resize(ie, 5)) {
-		wpa_printf(MSG_DEBUG,
-			   "Failed to allocate space for FILS Request Parameters element");
-		return;
-	}
-
-	/* FILS Request Parameters element */
-	wpabuf_put_u8(*ie, WLAN_EID_EXTENSION);
-	wpabuf_put_u8(*ie, 3); /* FILS Request attribute length */
-	wpabuf_put_u8(*ie, WLAN_EID_EXT_FILS_REQ_PARAMS);
-	/* Parameter control bitmap */
-	wpabuf_put_u8(*ie, 0);
-	/* Max Channel Time field - contains the value of MaxChannelTime
-	 * parameter of the MLME-SCAN.request primitive represented in units of
-	 * TUs, as an unsigned integer. A Max Channel Time field value of 255
-	 * is used to indicate any duration of more than 254 TUs, or an
-	 * unspecified or unknown duration. (IEEE Std 802.11ai-2016, 9.4.2.178)
-	 */
-	wpabuf_put_u8(*ie, 255);
-}
-#endif /* CONFIG_MBO */
-
-
-void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s)
-{
-	struct wpabuf *default_ies = NULL;
-	u8 ext_capab[18];
-	int ext_capab_len, frame_id;
-	enum wpa_driver_if_type type = WPA_IF_STATION;
-
-#ifdef CONFIG_P2P
-	if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT)
-		type = WPA_IF_P2P_CLIENT;
-#endif /* CONFIG_P2P */
-
-	wpa_drv_get_ext_capa(wpa_s, type);
-
-	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
-					     sizeof(ext_capab));
-	if (ext_capab_len > 0 &&
-	    wpabuf_resize(&default_ies, ext_capab_len) == 0)
-		wpabuf_put_data(default_ies, ext_capab, ext_capab_len);
-
-#ifdef CONFIG_MBO
-	if (wpa_s->enable_oce & OCE_STA)
-		wpas_fils_req_param_add_max_channel(wpa_s, &default_ies);
-	/* Send MBO and OCE capabilities */
-	if (wpabuf_resize(&default_ies, 12) == 0)
-		wpas_mbo_scan_ie(wpa_s, default_ies);
-#endif /* CONFIG_MBO */
-
-	if (type == WPA_IF_P2P_CLIENT)
-		frame_id = VENDOR_ELEM_PROBE_REQ_P2P;
-	else
-		frame_id = VENDOR_ELEM_PROBE_REQ;
-
-	if (wpa_s->vendor_elem[frame_id]) {
-		size_t len;
-
-		len = wpabuf_len(wpa_s->vendor_elem[frame_id]);
-		if (len > 0 && wpabuf_resize(&default_ies, len) == 0)
-			wpabuf_put_buf(default_ies,
-				       wpa_s->vendor_elem[frame_id]);
-	}
-
-	if (default_ies)
-		wpa_drv_set_default_scan_ies(wpa_s, wpabuf_head(default_ies),
-					     wpabuf_len(default_ies));
-	wpabuf_free(default_ies);
-}
-
-
-static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
-{
-	struct wpabuf *extra_ie = NULL;
-	u8 ext_capab[18];
-	int ext_capab_len;
-#ifdef CONFIG_WPS
-	int wps = 0;
-	enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO;
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_P2P
-	if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT)
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
-	else
-#endif /* CONFIG_P2P */
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
-
-	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
-					     sizeof(ext_capab));
-	if (ext_capab_len > 0 &&
-	    wpabuf_resize(&extra_ie, ext_capab_len) == 0)
-		wpabuf_put_data(extra_ie, ext_capab, ext_capab_len);
-
-#ifdef CONFIG_INTERWORKING
-	if (wpa_s->conf->interworking &&
-	    wpabuf_resize(&extra_ie, 100) == 0)
-		wpas_add_interworking_elements(wpa_s, extra_ie);
-#endif /* CONFIG_INTERWORKING */
-
-#ifdef CONFIG_MBO
-	if (wpa_s->enable_oce & OCE_STA)
-		wpas_fils_req_param_add_max_channel(wpa_s, &extra_ie);
-#endif /* CONFIG_MBO */
-
-#ifdef CONFIG_WPS
-	wps = wpas_wps_in_use(wpa_s, &req_type);
-
-	if (wps) {
-		struct wpabuf *wps_ie;
-		wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON :
-						DEV_PW_DEFAULT,
-						&wpa_s->wps->dev,
-						wpa_s->wps->uuid, req_type,
-						0, NULL);
-		if (wps_ie) {
-			if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0)
-				wpabuf_put_buf(extra_ie, wps_ie);
-			wpabuf_free(wps_ie);
-		}
-	}
-
-#ifdef CONFIG_P2P
-	if (wps) {
-		size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
-		if (wpabuf_resize(&extra_ie, ielen) == 0)
-			wpas_p2p_scan_ie(wpa_s, extra_ie);
-	}
-#endif /* CONFIG_P2P */
-
-	wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie);
-
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_HS20
-	if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 9) == 0)
-		wpas_hs20_add_indication(extra_ie, -1, 0);
-#endif /* CONFIG_HS20 */
-
-#ifdef CONFIG_FST
-	if (wpa_s->fst_ies &&
-	    wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0)
-		wpabuf_put_buf(extra_ie, wpa_s->fst_ies);
-#endif /* CONFIG_FST */
-
-#ifdef CONFIG_MBO
-	/* Send MBO and OCE capabilities */
-	if (wpabuf_resize(&extra_ie, 12) == 0)
-		wpas_mbo_scan_ie(wpa_s, extra_ie);
-#endif /* CONFIG_MBO */
-
-	if (wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]) {
-		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ];
-
-		if (wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0)
-			wpabuf_put_buf(extra_ie, buf);
-	}
-
-	return extra_ie;
-}
-
-
-#ifdef CONFIG_P2P
-
-/*
- * Check whether there are any enabled networks or credentials that could be
- * used for a non-P2P connection.
- */
-static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (wpas_network_disabled(wpa_s, ssid))
-			continue;
-		if (!ssid->p2p_group)
-			return 1;
-	}
-
-	if (wpa_s->conf->cred && wpa_s->conf->interworking &&
-	    wpa_s->conf->auto_interworking)
-		return 1;
-
-	return 0;
-}
-
-#endif /* CONFIG_P2P */
-
-
-int wpa_add_scan_freqs_list(struct wpa_supplicant *wpa_s,
-			    enum hostapd_hw_mode band,
-			    struct wpa_driver_scan_params *params, bool is_6ghz)
-{
-	/* Include only supported channels for the specified band */
-	struct hostapd_hw_modes *mode;
-	int num_chans = 0;
-	int *freqs, i;
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band, is_6ghz);
-	if (!mode)
-		return -1;
-
-	if (params->freqs) {
-		while (params->freqs[num_chans])
-			num_chans++;
-	}
-
-	freqs = os_realloc(params->freqs,
-			   (num_chans + mode->num_channels + 1) * sizeof(int));
-	if (!freqs)
-		return -1;
-
-	params->freqs = freqs;
-	for (i = 0; i < mode->num_channels; i++) {
-		if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
-			continue;
-		params->freqs[num_chans++] = mode->channels[i].freq;
-	}
-	params->freqs[num_chans] = 0;
-
-	return 0;
-}
-
-
-static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s,
-				   struct wpa_driver_scan_params *params)
-{
-	if (wpa_s->hw.modes == NULL)
-		return; /* unknown what channels the driver supports */
-	if (params->freqs)
-		return; /* already using a limited channel set */
-
-	if (wpa_s->setband_mask & WPA_SETBAND_5G)
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params,
-					false);
-	if (wpa_s->setband_mask & WPA_SETBAND_2G)
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, params,
-					false);
-	if (wpa_s->setband_mask & WPA_SETBAND_6G)
-		wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params,
-					true);
-}
-
-
-static void wpa_add_scan_ssid(struct wpa_supplicant *wpa_s,
-			      struct wpa_driver_scan_params *params,
-			      size_t max_ssids, const u8 *ssid, size_t ssid_len)
-{
-	unsigned int j;
-
-	for (j = 0; j < params->num_ssids; j++) {
-		if (params->ssids[j].ssid_len == ssid_len &&
-		    params->ssids[j].ssid &&
-		    os_memcmp(params->ssids[j].ssid, ssid, ssid_len) == 0)
-			return; /* already in the list */
-	}
-
-	if (params->num_ssids + 1 > max_ssids) {
-		wpa_printf(MSG_DEBUG, "Over max scan SSIDs for manual request");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s",
-		   wpa_ssid_txt(ssid, ssid_len));
-
-	params->ssids[params->num_ssids].ssid = ssid;
-	params->ssids[params->num_ssids].ssid_len = ssid_len;
-	params->num_ssids++;
-}
-
-
-static void wpa_add_owe_scan_ssid(struct wpa_supplicant *wpa_s,
-				  struct wpa_driver_scan_params *params,
-				  struct wpa_ssid *ssid, size_t max_ssids)
-{
-#ifdef CONFIG_OWE
-	struct wpa_bss *bss;
-
-	if (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE))
-		return;
-
-	wpa_printf(MSG_DEBUG, "OWE: Look for transition mode AP. ssid=%s",
-		   wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		const u8 *owe, *pos, *end;
-		const u8 *owe_ssid;
-		size_t owe_ssid_len;
-
-		if (bss->ssid_len != ssid->ssid_len ||
-		    os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) != 0)
-			continue;
-
-		owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
-		if (!owe || owe[1] < 4)
-			continue;
-
-		pos = owe + 6;
-		end = owe + 2 + owe[1];
-
-		/* Must include BSSID and ssid_len */
-		if (end - pos < ETH_ALEN + 1)
-			return;
-
-		/* Skip BSSID */
-		pos += ETH_ALEN;
-		owe_ssid_len = *pos++;
-		owe_ssid = pos;
-
-		if ((size_t) (end - pos) < owe_ssid_len ||
-		    owe_ssid_len > SSID_MAX_LEN)
-			return;
-
-		wpa_printf(MSG_DEBUG,
-			   "OWE: scan_ssids: transition mode OWE ssid=%s",
-			   wpa_ssid_txt(owe_ssid, owe_ssid_len));
-
-		wpa_add_scan_ssid(wpa_s, params, max_ssids,
-				  owe_ssid, owe_ssid_len);
-		return;
-	}
-#endif /* CONFIG_OWE */
-}
-
-
-static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s,
-			       struct wpa_driver_scan_params *params,
-			       size_t max_ssids)
-{
-	unsigned int i;
-	struct wpa_ssid *ssid;
-
-	/*
-	 * For devices with max_ssids greater than 1, leave the last slot empty
-	 * for adding the wildcard scan entry.
-	 */
-	max_ssids = max_ssids > 1 ? max_ssids - 1 : max_ssids;
-
-	for (i = 0; i < wpa_s->scan_id_count; i++) {
-		ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]);
-		if (!ssid)
-			continue;
-		if (ssid->scan_ssid)
-			wpa_add_scan_ssid(wpa_s, params, max_ssids,
-					  ssid->ssid, ssid->ssid_len);
-		/*
-		 * Also add the SSID of the OWE BSS, to allow discovery of
-		 * transition mode APs more quickly.
-		 */
-		wpa_add_owe_scan_ssid(wpa_s, params, ssid, max_ssids);
-	}
-
-	wpa_s->scan_id_count = 0;
-}
-
-
-static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s,
-				       struct wpa_driver_scan_params *params,
-				       size_t max_ssids)
-{
-	unsigned int i;
-
-	if (wpa_s->ssids_from_scan_req == NULL ||
-	    wpa_s->num_ssids_from_scan_req == 0)
-		return 0;
-
-	if (wpa_s->num_ssids_from_scan_req > max_ssids) {
-		wpa_s->num_ssids_from_scan_req = max_ssids;
-		wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u",
-			   (unsigned int) max_ssids);
-	}
-
-	for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) {
-		params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid;
-		params->ssids[i].ssid_len =
-			wpa_s->ssids_from_scan_req[i].ssid_len;
-		wpa_hexdump_ascii(MSG_DEBUG, "specific SSID",
-				  params->ssids[i].ssid,
-				  params->ssids[i].ssid_len);
-	}
-
-	params->num_ssids = wpa_s->num_ssids_from_scan_req;
-	wpa_s->num_ssids_from_scan_req = 0;
-	return 1;
-}
-
-
-static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wpa_ssid *ssid;
-	int ret, p2p_in_prog;
-	struct wpabuf *extra_ie = NULL;
-	struct wpa_driver_scan_params params;
-	struct wpa_driver_scan_params *scan_params;
-	size_t max_ssids;
-	int connect_without_scan = 0;
-
-	wpa_s->ignore_post_flush_scan_res = 0;
-
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled");
-		return;
-	}
-
-	if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan");
-		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-		return;
-	}
-
-	if (wpa_s->scanning) {
-		/*
-		 * If we are already in scanning state, we shall reschedule the
-		 * the incoming scan request.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req");
-		wpa_supplicant_req_scan(wpa_s, 1, 0);
-		return;
-	}
-
-	if (!wpa_supplicant_enabled_networks(wpa_s) &&
-	    wpa_s->scan_req == NORMAL_SCAN_REQ) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan");
-		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
-		return;
-	}
-
-	if (wpa_s->conf->ap_scan != 0 &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - "
-			"overriding ap_scan configuration");
-		wpa_s->conf->ap_scan = 0;
-		wpas_notify_ap_scan_changed(wpa_s);
-	}
-
-	if (wpa_s->conf->ap_scan == 0) {
-		wpa_supplicant_gen_assoc_event(wpa_s);
-		return;
-	}
-
-	ssid = NULL;
-	if (wpa_s->scan_req != MANUAL_SCAN_REQ &&
-	    wpa_s->connect_without_scan) {
-		connect_without_scan = 1;
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-			if (ssid == wpa_s->connect_without_scan)
-				break;
-		}
-	}
-
-	p2p_in_prog = wpas_p2p_in_progress(wpa_s);
-	if (p2p_in_prog && p2p_in_prog != 2 &&
-	    (!ssid ||
-	     (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress");
-		wpa_supplicant_req_scan(wpa_s, 5, 0);
-		return;
-	}
-
-	/*
-	 * Don't cancel the scan based on ongoing PNO; defer it. Some scans are
-	 * used for changing modes inside wpa_supplicant (roaming,
-	 * auto-reconnect, etc). Discarding the scan might hurt these processes.
-	 * The normal use case for PNO is to suspend the host immediately after
-	 * starting PNO, so the periodic 100 ms attempts to run the scan do not
-	 * normally happen in practice multiple times, i.e., this is simply
-	 * restarting scanning once the host is woken up and PNO stopped.
-	 */
-	if (wpa_s->pno || wpa_s->pno_sched_pending) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Defer scan - PNO is in progress");
-		wpa_supplicant_req_scan(wpa_s, 0, 100000);
-		return;
-	}
-
-	if (wpa_s->conf->ap_scan == 2)
-		max_ssids = 1;
-	else {
-		max_ssids = wpa_s->max_scan_ssids;
-		if (max_ssids > WPAS_MAX_SCAN_SSIDS)
-			max_ssids = WPAS_MAX_SCAN_SSIDS;
-	}
-
-	wpa_s->last_scan_req = wpa_s->scan_req;
-	wpa_s->scan_req = NORMAL_SCAN_REQ;
-
-	if (connect_without_scan) {
-		wpa_s->connect_without_scan = NULL;
-		if (ssid) {
-			wpa_printf(MSG_DEBUG, "Start a pre-selected network "
-				   "without scan step");
-			wpa_supplicant_associate(wpa_s, NULL, ssid);
-			return;
-		}
-	}
-
-	os_memset(&params, 0, sizeof(params));
-
-	wpa_s->scan_prev_wpa_state = wpa_s->wpa_state;
-	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
-	    wpa_s->wpa_state == WPA_INACTIVE)
-		wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
-
-	/*
-	 * If autoscan has set its own scanning parameters
-	 */
-	if (wpa_s->autoscan_params != NULL) {
-		scan_params = wpa_s->autoscan_params;
-		goto scan;
-	}
-
-	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
-	    wpa_set_ssids_from_scan_req(wpa_s, &params, max_ssids)) {
-		wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command");
-		goto ssid_list_set;
-	}
-
-#ifdef CONFIG_P2P
-	if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) &&
-	    wpa_s->go_params && !wpa_s->conf->passive_scan) {
-		wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)",
-			   wpa_s->p2p_in_provisioning,
-			   wpa_s->show_group_started);
-		params.ssids[0].ssid = wpa_s->go_params->ssid;
-		params.ssids[0].ssid_len = wpa_s->go_params->ssid_len;
-		params.num_ssids = 1;
-		goto ssid_list_set;
-	}
-
-	if (wpa_s->p2p_in_invitation) {
-		if (wpa_s->current_ssid) {
-			wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation");
-			params.ssids[0].ssid = wpa_s->current_ssid->ssid;
-			params.ssids[0].ssid_len =
-				wpa_s->current_ssid->ssid_len;
-			params.num_ssids = 1;
-		} else {
-			wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation");
-		}
-		goto ssid_list_set;
-	}
-#endif /* CONFIG_P2P */
-
-	/* Find the starting point from which to continue scanning */
-	ssid = wpa_s->conf->ssid;
-	if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) {
-		while (ssid) {
-			if (ssid == wpa_s->prev_scan_ssid) {
-				ssid = ssid->next;
-				break;
-			}
-			ssid = ssid->next;
-		}
-	}
-
-	if (wpa_s->last_scan_req != MANUAL_SCAN_REQ &&
-#ifdef CONFIG_AP
-	    !wpa_s->ap_iface &&
-#endif /* CONFIG_AP */
-	    wpa_s->conf->ap_scan == 2) {
-		wpa_s->connect_without_scan = NULL;
-		wpa_s->prev_scan_wildcard = 0;
-		wpa_supplicant_assoc_try(wpa_s, ssid);
-		return;
-	} else if (wpa_s->conf->ap_scan == 2) {
-		/*
-		 * User-initiated scan request in ap_scan == 2; scan with
-		 * wildcard SSID.
-		 */
-		ssid = NULL;
-	} else if (wpa_s->reattach && wpa_s->current_ssid != NULL) {
-		/*
-		 * Perform single-channel single-SSID scan for
-		 * reassociate-to-same-BSS operation.
-		 */
-		/* Setup SSID */
-		ssid = wpa_s->current_ssid;
-		wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
-				  ssid->ssid, ssid->ssid_len);
-		params.ssids[0].ssid = ssid->ssid;
-		params.ssids[0].ssid_len = ssid->ssid_len;
-		params.num_ssids = 1;
-
-		/*
-		 * Allocate memory for frequency array, allocate one extra
-		 * slot for the zero-terminator.
-		 */
-		params.freqs = os_malloc(sizeof(int) * 2);
-		if (params.freqs) {
-			params.freqs[0] = wpa_s->assoc_freq;
-			params.freqs[1] = 0;
-		}
-
-		/*
-		 * Reset the reattach flag so that we fall back to full scan if
-		 * this scan fails.
-		 */
-		wpa_s->reattach = 0;
-	} else {
-		struct wpa_ssid *start = ssid, *tssid;
-		int freqs_set = 0;
-		if (ssid == NULL && max_ssids > 1)
-			ssid = wpa_s->conf->ssid;
-		while (ssid) {
-			if (!wpas_network_disabled(wpa_s, ssid) &&
-			    ssid->scan_ssid) {
-				wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
-						  ssid->ssid, ssid->ssid_len);
-				params.ssids[params.num_ssids].ssid =
-					ssid->ssid;
-				params.ssids[params.num_ssids].ssid_len =
-					ssid->ssid_len;
-				params.num_ssids++;
-				if (params.num_ssids + 1 >= max_ssids)
-					break;
-			}
-
-			if (!wpas_network_disabled(wpa_s, ssid)) {
-				/*
-				 * Also add the SSID of the OWE BSS, to allow
-				 * discovery of transition mode APs more
-				 * quickly.
-				 */
-				wpa_add_owe_scan_ssid(wpa_s, &params, ssid,
-						      max_ssids);
-			}
-
-			ssid = ssid->next;
-			if (ssid == start)
-				break;
-			if (ssid == NULL && max_ssids > 1 &&
-			    start != wpa_s->conf->ssid)
-				ssid = wpa_s->conf->ssid;
-		}
-
-		if (wpa_s->scan_id_count &&
-		    wpa_s->last_scan_req == MANUAL_SCAN_REQ)
-			wpa_set_scan_ssids(wpa_s, &params, max_ssids);
-
-		for (tssid = wpa_s->conf->ssid;
-		     wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid;
-		     tssid = tssid->next) {
-			if (wpas_network_disabled(wpa_s, tssid))
-				continue;
-			if (((params.freqs || !freqs_set) &&
-			     tssid->scan_freq) &&
-			    int_array_len(params.freqs) < 100) {
-				int_array_concat(&params.freqs,
-						 tssid->scan_freq);
-			} else {
-				os_free(params.freqs);
-				params.freqs = NULL;
-			}
-			freqs_set = 1;
-		}
-		int_array_sort_unique(params.freqs);
-	}
-
-	if (ssid && max_ssids == 1) {
-		/*
-		 * If the driver is limited to 1 SSID at a time interleave
-		 * wildcard SSID scans with specific SSID scans to avoid
-		 * waiting a long time for a wildcard scan.
-		 */
-		if (!wpa_s->prev_scan_wildcard) {
-			params.ssids[0].ssid = NULL;
-			params.ssids[0].ssid_len = 0;
-			wpa_s->prev_scan_wildcard = 1;
-			wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for "
-				"wildcard SSID (Interleave with specific)");
-		} else {
-			wpa_s->prev_scan_ssid = ssid;
-			wpa_s->prev_scan_wildcard = 0;
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Starting AP scan for specific SSID: %s",
-				wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-		}
-	} else if (ssid) {
-		/* max_ssids > 1 */
-
-		wpa_s->prev_scan_ssid = ssid;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in "
-			"the scan request");
-		params.num_ssids++;
-	} else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
-		   wpa_s->manual_scan_passive && params.num_ssids == 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request");
-	} else if (wpa_s->conf->passive_scan) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Use passive scan based on configuration");
-	} else {
-		wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
-		params.num_ssids++;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard "
-			"SSID");
-	}
-
-ssid_list_set:
-	wpa_supplicant_optimize_freqs(wpa_s, &params);
-	extra_ie = wpa_supplicant_extra_ies(wpa_s);
-
-	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
-	    wpa_s->manual_scan_only_new) {
-		wpa_printf(MSG_DEBUG,
-			   "Request driver to clear scan cache due to manual only_new=1 scan");
-		params.only_new_results = 1;
-	}
-
-	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL &&
-	    wpa_s->manual_scan_freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels");
-		params.freqs = wpa_s->manual_scan_freqs;
-		wpa_s->manual_scan_freqs = NULL;
-	}
-
-	if (params.freqs == NULL && wpa_s->select_network_scan_freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Limit select_network scan to specified channels");
-		params.freqs = wpa_s->select_network_scan_freqs;
-		wpa_s->select_network_scan_freqs = NULL;
-	}
-
-	if (params.freqs == NULL && wpa_s->next_scan_freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously "
-			"generated frequency list");
-		params.freqs = wpa_s->next_scan_freqs;
-	} else
-		os_free(wpa_s->next_scan_freqs);
-	wpa_s->next_scan_freqs = NULL;
-	wpa_setband_scan_freqs(wpa_s, &params);
-
-	/* See if user specified frequencies. If so, scan only those. */
-	if (wpa_s->last_scan_req == INITIAL_SCAN_REQ &&
-	    wpa_s->conf->initial_freq_list && !params.freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Optimize scan based on conf->initial_freq_list");
-		int_array_concat(&params.freqs, wpa_s->conf->initial_freq_list);
-	} else if (wpa_s->conf->freq_list && !params.freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Optimize scan based on conf->freq_list");
-		int_array_concat(&params.freqs, wpa_s->conf->freq_list);
-	}
-
-	/* Use current associated channel? */
-	if (wpa_s->conf->scan_cur_freq && !params.freqs) {
-		unsigned int num = wpa_s->num_multichan_concurrent;
-
-		params.freqs = os_calloc(num + 1, sizeof(int));
-		if (params.freqs) {
-			num = get_shared_radio_freqs(wpa_s, params.freqs, num);
-			if (num > 0) {
-				wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the "
-					"current operating channels since "
-					"scan_cur_freq is enabled");
-			} else {
-				os_free(params.freqs);
-				params.freqs = NULL;
-			}
-		}
-	}
-
-#ifdef CONFIG_MBO
-	if (wpa_s->enable_oce & OCE_STA)
-		params.oce_scan = 1;
-#endif /* CONFIG_MBO */
-
-	params.filter_ssids = wpa_supplicant_build_filter_ssids(
-		wpa_s->conf, &params.num_filter_ssids);
-	if (extra_ie) {
-		params.extra_ies = wpabuf_head(extra_ie);
-		params.extra_ies_len = wpabuf_len(extra_ie);
-	}
-
-#ifdef CONFIG_P2P
-	if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation ||
-	    (wpa_s->show_group_started && wpa_s->go_params)) {
-		/*
-		 * The interface may not yet be in P2P mode, so we have to
-		 * explicitly request P2P probe to disable CCK rates.
-		 */
-		params.p2p_probe = 1;
-	}
-#endif /* CONFIG_P2P */
-
-	if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) &&
-	    wpa_s->wpa_state <= WPA_SCANNING)
-		wpa_setup_mac_addr_rand_params(&params, wpa_s->mac_addr_scan);
-
-	if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) {
-		struct wpa_bss *bss;
-
-		params.bssid = wpa_s->next_scan_bssid;
-		bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid);
-		if (!wpa_s->next_scan_bssid_wildcard_ssid &&
-		    bss && bss->ssid_len && params.num_ssids == 1 &&
-		    params.ssids[0].ssid_len == 0) {
-			params.ssids[0].ssid = bss->ssid;
-			params.ssids[0].ssid_len = bss->ssid_len;
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Scan a previously specified BSSID " MACSTR
-				" and SSID %s",
-				MAC2STR(params.bssid),
-				wpa_ssid_txt(bss->ssid, bss->ssid_len));
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Scan a previously specified BSSID " MACSTR,
-				MAC2STR(params.bssid));
-		}
-	}
-
-	scan_params = &params;
-
-scan:
-#ifdef CONFIG_P2P
-	/*
-	 * If the driver does not support multi-channel concurrency and a
-	 * virtual interface that shares the same radio with the wpa_s interface
-	 * is operating there may not be need to scan other channels apart from
-	 * the current operating channel on the other virtual interface. Filter
-	 * out other channels in case we are trying to find a connection for a
-	 * station interface when we are not configured to prefer station
-	 * connection and a concurrent operation is already in process.
-	 */
-	if (wpa_s->scan_for_connection &&
-	    wpa_s->last_scan_req == NORMAL_SCAN_REQ &&
-	    !scan_params->freqs && !params.freqs &&
-	    wpas_is_p2p_prioritized(wpa_s) &&
-	    wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE &&
-	    non_p2p_network_enabled(wpa_s)) {
-		unsigned int num = wpa_s->num_multichan_concurrent;
-
-		params.freqs = os_calloc(num + 1, sizeof(int));
-		if (params.freqs) {
-			num = get_shared_radio_freqs(wpa_s, params.freqs, num);
-			if (num > 0 && num == wpa_s->num_multichan_concurrent) {
-				wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used");
-			} else {
-				os_free(params.freqs);
-				params.freqs = NULL;
-			}
-		}
-	}
-
-	if (!params.freqs &&
-	    (wpa_s->p2p_in_invitation || wpa_s->p2p_in_provisioning) &&
-	    !is_p2p_allow_6ghz(wpa_s->global->p2p) &&
-	    is_6ghz_supported(wpa_s)) {
-		int i;
-
-		/* Exclude 5 GHz channels from the full scan for P2P connection
-		 * since the 6 GHz band is disabled for P2P uses. */
-		wpa_printf(MSG_DEBUG,
-			   "P2P: 6 GHz disabled - update the scan frequency list");
-		for (i = 0; i < wpa_s->hw.num_modes; i++) {
-			if (wpa_s->hw.modes[i].num_channels == 0)
-				continue;
-			if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211G)
-				wpa_add_scan_freqs_list(
-					wpa_s, HOSTAPD_MODE_IEEE80211G,
-					&params, false);
-			if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211A)
-				wpa_add_scan_freqs_list(
-					wpa_s, HOSTAPD_MODE_IEEE80211A,
-					&params, false);
-			if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211AD)
-				wpa_add_scan_freqs_list(
-					wpa_s, HOSTAPD_MODE_IEEE80211AD,
-					&params, false);
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	ret = wpa_supplicant_trigger_scan(wpa_s, scan_params);
-
-	if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs &&
-	    !wpa_s->manual_scan_freqs) {
-		/* Restore manual_scan_freqs for the next attempt */
-		wpa_s->manual_scan_freqs = params.freqs;
-		params.freqs = NULL;
-	}
-
-	wpabuf_free(extra_ie);
-	os_free(params.freqs);
-	os_free(params.filter_ssids);
-	os_free(params.mac_addr);
-
-	if (ret) {
-		wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan");
-		if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state)
-			wpa_supplicant_set_state(wpa_s,
-						 wpa_s->scan_prev_wpa_state);
-		/* Restore scan_req since we will try to scan again */
-		wpa_s->scan_req = wpa_s->last_scan_req;
-		wpa_supplicant_req_scan(wpa_s, 1, 0);
-	} else {
-		wpa_s->scan_for_connection = 0;
-#ifdef CONFIG_INTERWORKING
-		wpa_s->interworking_fast_assoc_tried = 0;
-#endif /* CONFIG_INTERWORKING */
-		wpa_s->next_scan_bssid_wildcard_ssid = 0;
-		if (params.bssid)
-			os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN);
-	}
-}
-
-
-void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec)
-{
-	struct os_reltime remaining, new_int;
-	int cancelled;
-
-	cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL,
-					     &remaining);
-
-	new_int.sec = sec;
-	new_int.usec = 0;
-	if (cancelled && os_reltime_before(&remaining, &new_int)) {
-		new_int.sec = remaining.sec;
-		new_int.usec = remaining.usec;
-	}
-
-	if (cancelled) {
-		eloop_register_timeout(new_int.sec, new_int.usec,
-				       wpa_supplicant_scan, wpa_s, NULL);
-	}
-	wpa_s->scan_interval = sec;
-}
-
-
-/**
- * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
- * @wpa_s: Pointer to wpa_supplicant data
- * @sec: Number of seconds after which to scan
- * @usec: Number of microseconds after which to scan
- *
- * This function is used to schedule a scan for neighboring access points after
- * the specified time.
- */
-void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
-{
-	int res;
-
-	if (wpa_s->p2p_mgmt) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Ignore scan request (%d.%06d sec) on p2p_mgmt interface",
-			sec, usec);
-		return;
-	}
-
-	res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s,
-				    NULL);
-	if (res == 1) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec",
-			sec, usec);
-	} else if (res == 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner",
-			sec, usec);
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec",
-			sec, usec);
-		eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
-	}
-}
-
-
-/**
- * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan
- * @wpa_s: Pointer to wpa_supplicant data
- * @sec: Number of seconds after which to scan
- * @usec: Number of microseconds after which to scan
- * Returns: 0 on success or -1 otherwise
- *
- * This function is used to schedule periodic scans for neighboring
- * access points after the specified time.
- */
-int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s,
-				      int sec, int usec)
-{
-	if (!wpa_s->sched_scan_supported)
-		return -1;
-
-	eloop_register_timeout(sec, usec,
-			       wpa_supplicant_delayed_sched_scan_timeout,
-			       wpa_s, NULL);
-
-	return 0;
-}
-
-
-static void
-wpa_scan_set_relative_rssi_params(struct wpa_supplicant *wpa_s,
-				  struct wpa_driver_scan_params *params)
-{
-	if (wpa_s->wpa_state != WPA_COMPLETED ||
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SCHED_SCAN_RELATIVE_RSSI) ||
-	    wpa_s->srp.relative_rssi_set == 0)
-		return;
-
-	params->relative_rssi_set = 1;
-	params->relative_rssi = wpa_s->srp.relative_rssi;
-
-	if (wpa_s->srp.relative_adjust_rssi == 0)
-		return;
-
-	params->relative_adjust_band = wpa_s->srp.relative_adjust_band;
-	params->relative_adjust_rssi = wpa_s->srp.relative_adjust_rssi;
-}
-
-
-/**
- * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 is sched_scan was started or -1 otherwise
- *
- * This function is used to schedule periodic scans for neighboring
- * access points repeating the scan continuously.
- */
-int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_driver_scan_params params;
-	struct wpa_driver_scan_params *scan_params;
-	enum wpa_states prev_state;
-	struct wpa_ssid *ssid = NULL;
-	struct wpabuf *extra_ie = NULL;
-	int ret;
-	unsigned int max_sched_scan_ssids;
-	int wildcard = 0;
-	int need_ssids;
-	struct sched_scan_plan scan_plan;
-
-	if (!wpa_s->sched_scan_supported)
-		return -1;
-
-	if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS)
-		max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS;
-	else
-		max_sched_scan_ssids = wpa_s->max_sched_scan_ssids;
-	if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload)
-		return -1;
-
-	wpa_s->sched_scan_stop_req = 0;
-
-	if (wpa_s->sched_scanning) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning");
-		return 0;
-	}
-
-	need_ssids = 0;
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) {
-			/* Use wildcard SSID to find this network */
-			wildcard = 1;
-		} else if (!wpas_network_disabled(wpa_s, ssid) &&
-			   ssid->ssid_len)
-			need_ssids++;
-
-#ifdef CONFIG_WPS
-		if (!wpas_network_disabled(wpa_s, ssid) &&
-		    ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
-			/*
-			 * Normal scan is more reliable and faster for WPS
-			 * operations and since these are for short periods of
-			 * time, the benefit of trying to use sched_scan would
-			 * be limited.
-			 */
-			wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of "
-				"sched_scan for WPS");
-			return -1;
-		}
-#endif /* CONFIG_WPS */
-	}
-	if (wildcard)
-		need_ssids++;
-
-	if (wpa_s->normal_scans < 3 &&
-	    (need_ssids <= wpa_s->max_scan_ssids ||
-	     wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) {
-		/*
-		 * When normal scan can speed up operations, use that for the
-		 * first operations before starting the sched_scan to allow
-		 * user space sleep more. We do this only if the normal scan
-		 * has functionality that is suitable for this or if the
-		 * sched_scan does not have better support for multiple SSIDs.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of "
-			"sched_scan for initial scans (normal_scans=%d)",
-			wpa_s->normal_scans);
-		return -1;
-	}
-
-	os_memset(&params, 0, sizeof(params));
-
-	/* If we can't allocate space for the filters, we just don't filter */
-	params.filter_ssids = os_calloc(wpa_s->max_match_sets,
-					sizeof(struct wpa_driver_scan_filter));
-
-	prev_state = wpa_s->wpa_state;
-	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
-	    wpa_s->wpa_state == WPA_INACTIVE)
-		wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
-
-	if (wpa_s->autoscan_params != NULL) {
-		scan_params = wpa_s->autoscan_params;
-		goto scan;
-	}
-
-	/* Find the starting point from which to continue scanning */
-	ssid = wpa_s->conf->ssid;
-	if (wpa_s->prev_sched_ssid) {
-		while (ssid) {
-			if (ssid == wpa_s->prev_sched_ssid) {
-				ssid = ssid->next;
-				break;
-			}
-			ssid = ssid->next;
-		}
-	}
-
-	if (!ssid || !wpa_s->prev_sched_ssid) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list");
-		wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2;
-		wpa_s->first_sched_scan = 1;
-		ssid = wpa_s->conf->ssid;
-		wpa_s->prev_sched_ssid = ssid;
-	}
-
-	if (wildcard) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan");
-		params.num_ssids++;
-	}
-
-	while (ssid) {
-		if (wpas_network_disabled(wpa_s, ssid))
-			goto next;
-
-		if (params.num_filter_ssids < wpa_s->max_match_sets &&
-		    params.filter_ssids && ssid->ssid && ssid->ssid_len) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s",
-				wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-			os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid,
-				  ssid->ssid, ssid->ssid_len);
-			params.filter_ssids[params.num_filter_ssids].ssid_len =
-				ssid->ssid_len;
-			params.num_filter_ssids++;
-		} else if (params.filter_ssids && ssid->ssid && ssid->ssid_len)
-		{
-			wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID "
-				"filter for sched_scan - drop filter");
-			os_free(params.filter_ssids);
-			params.filter_ssids = NULL;
-			params.num_filter_ssids = 0;
-		}
-
-		if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) {
-			if (params.num_ssids == max_sched_scan_ssids)
-				break; /* only room for broadcast SSID */
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"add to active scan ssid: %s",
-				wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-			params.ssids[params.num_ssids].ssid =
-				ssid->ssid;
-			params.ssids[params.num_ssids].ssid_len =
-				ssid->ssid_len;
-			params.num_ssids++;
-			if (params.num_ssids >= max_sched_scan_ssids) {
-				wpa_s->prev_sched_ssid = ssid;
-				do {
-					ssid = ssid->next;
-				} while (ssid &&
-					 (wpas_network_disabled(wpa_s, ssid) ||
-					  !ssid->scan_ssid));
-				break;
-			}
-		}
-
-	next:
-		wpa_s->prev_sched_ssid = ssid;
-		ssid = ssid->next;
-	}
-
-	if (params.num_filter_ssids == 0) {
-		os_free(params.filter_ssids);
-		params.filter_ssids = NULL;
-	}
-
-	extra_ie = wpa_supplicant_extra_ies(wpa_s);
-	if (extra_ie) {
-		params.extra_ies = wpabuf_head(extra_ie);
-		params.extra_ies_len = wpabuf_len(extra_ie);
-	}
-
-	if (wpa_s->conf->filter_rssi)
-		params.filter_rssi = wpa_s->conf->filter_rssi;
-
-	/* See if user specified frequencies. If so, scan only those. */
-	if (wpa_s->conf->freq_list && !params.freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Optimize scan based on conf->freq_list");
-		int_array_concat(&params.freqs, wpa_s->conf->freq_list);
-	}
-
-#ifdef CONFIG_MBO
-	if (wpa_s->enable_oce & OCE_STA)
-		params.oce_scan = 1;
-#endif /* CONFIG_MBO */
-
-	scan_params = &params;
-
-scan:
-	wpa_s->sched_scan_timed_out = 0;
-
-	/*
-	 * We cannot support multiple scan plans if the scan request includes
-	 * too many SSID's, so in this case use only the last scan plan and make
-	 * it run infinitely. It will be stopped by the timeout.
-	 */
-	if (wpa_s->sched_scan_plans_num == 1 ||
-	    (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) {
-		params.sched_scan_plans = wpa_s->sched_scan_plans;
-		params.sched_scan_plans_num = wpa_s->sched_scan_plans_num;
-	} else if (wpa_s->sched_scan_plans_num > 1) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Too many SSIDs. Default to using single scheduled_scan plan");
-		params.sched_scan_plans =
-			&wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num -
-						 1];
-		params.sched_scan_plans_num = 1;
-	} else {
-		if (wpa_s->conf->sched_scan_interval)
-			scan_plan.interval = wpa_s->conf->sched_scan_interval;
-		else
-			scan_plan.interval = 10;
-
-		if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) {
-			wpa_printf(MSG_WARNING,
-				   "Scan interval too long(%u), use the maximum allowed(%u)",
-				   scan_plan.interval,
-				   wpa_s->max_sched_scan_plan_interval);
-			scan_plan.interval =
-				wpa_s->max_sched_scan_plan_interval;
-		}
-
-		scan_plan.iterations = 0;
-		params.sched_scan_plans = &scan_plan;
-		params.sched_scan_plans_num = 1;
-	}
-
-	params.sched_scan_start_delay = wpa_s->conf->sched_scan_start_delay;
-
-	if (ssid || !wpa_s->first_sched_scan) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Starting sched scan after %u seconds: interval %u timeout %d",
-			params.sched_scan_start_delay,
-			params.sched_scan_plans[0].interval,
-			wpa_s->sched_scan_timeout);
-	} else {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Starting sched scan after %u seconds (no timeout)",
-			params.sched_scan_start_delay);
-	}
-
-	wpa_setband_scan_freqs(wpa_s, scan_params);
-
-	if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) &&
-	    wpa_s->wpa_state <= WPA_SCANNING)
-		wpa_setup_mac_addr_rand_params(&params,
-					       wpa_s->mac_addr_sched_scan);
-
-	wpa_scan_set_relative_rssi_params(wpa_s, scan_params);
-
-	ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params);
-	wpabuf_free(extra_ie);
-	os_free(params.filter_ssids);
-	os_free(params.mac_addr);
-	if (ret) {
-		wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan");
-		if (prev_state != wpa_s->wpa_state)
-			wpa_supplicant_set_state(wpa_s, prev_state);
-		return ret;
-	}
-
-	/* If we have more SSIDs to scan, add a timeout so we scan them too */
-	if (ssid || !wpa_s->first_sched_scan) {
-		wpa_s->sched_scan_timed_out = 0;
-		eloop_register_timeout(wpa_s->sched_scan_timeout, 0,
-				       wpa_supplicant_sched_scan_timeout,
-				       wpa_s, NULL);
-		wpa_s->first_sched_scan = 0;
-		wpa_s->sched_scan_timeout /= 2;
-		params.sched_scan_plans[0].interval *= 2;
-		if ((unsigned int) wpa_s->sched_scan_timeout <
-		    params.sched_scan_plans[0].interval ||
-		    params.sched_scan_plans[0].interval >
-		    wpa_s->max_sched_scan_plan_interval) {
-			params.sched_scan_plans[0].interval = 10;
-			wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2;
-		}
-	}
-
-	/* If there is no more ssids, start next time from the beginning */
-	if (!ssid)
-		wpa_s->prev_sched_ssid = NULL;
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to cancel a scan request scheduled with
- * wpa_supplicant_req_scan().
- */
-void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request");
-	eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
-}
-
-
-/**
- * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to stop a delayed scheduled scan.
- */
-void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->sched_scan_supported)
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan");
-	eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout,
-			     wpa_s, NULL);
-}
-
-
-/**
- * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to stop a periodic scheduled scan.
- */
-void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->sched_scanning)
-		return;
-
-	if (wpa_s->sched_scanning)
-		wpa_s->sched_scan_stop_req = 1;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan");
-	eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL);
-	wpa_supplicant_stop_sched_scan(wpa_s);
-}
-
-
-/**
- * wpa_supplicant_notify_scanning - Indicate possible scan state change
- * @wpa_s: Pointer to wpa_supplicant data
- * @scanning: Whether scanning is currently in progress
- *
- * This function is to generate scanning notifycations. It is called whenever
- * there may have been a change in scanning (scan started, completed, stopped).
- * wpas_notify_scanning() is called whenever the scanning state changed from the
- * previously notified state.
- */
-void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
-				    int scanning)
-{
-	if (wpa_s->scanning != scanning) {
-		wpa_s->scanning = scanning;
-		wpas_notify_scanning(wpa_s);
-	}
-}
-
-
-static int wpa_scan_get_max_rate(const struct wpa_scan_res *res)
-{
-	int rate = 0;
-	const u8 *ie;
-	int i;
-
-	ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES);
-	for (i = 0; ie && i < ie[1]; i++) {
-		if ((ie[i + 2] & 0x7f) > rate)
-			rate = ie[i + 2] & 0x7f;
-	}
-
-	ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES);
-	for (i = 0; ie && i < ie[1]; i++) {
-		if ((ie[i + 2] & 0x7f) > rate)
-			rate = ie[i + 2] & 0x7f;
-	}
-
-	return rate;
-}
-
-
-/**
- * wpa_scan_get_ie - Fetch a specified information element from a scan result
- * @res: Scan result entry
- * @ie: Information element identitifier (WLAN_EID_*)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the scan
- * result.
- */
-const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
-{
-	size_t ie_len = res->ie_len;
-
-	/* Use the Beacon frame IEs if res->ie_len is not available */
-	if (!ie_len)
-		ie_len = res->beacon_ie_len;
-
-	return get_ie((const u8 *) (res + 1), ie_len, ie);
-}
-
-
-/**
- * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result
- * @res: Scan result entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the scan
- * result.
- */
-const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res,
-				  u32 vendor_type)
-{
-	const u8 *ies;
-	const struct element *elem;
-
-	ies = (const u8 *) (res + 1);
-
-	for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, res->ie_len) {
-		if (elem->datalen >= 4 &&
-		    vendor_type == WPA_GET_BE32(elem->data))
-			return &elem->id;
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result
- * @res: Scan result entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the first matching information element in the scan
- * result.
- *
- * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only
- * from Beacon frames instead of either Beacon or Probe Response frames.
- */
-const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res,
-					 u32 vendor_type)
-{
-	const u8 *ies;
-	const struct element *elem;
-
-	if (res->beacon_ie_len == 0)
-		return NULL;
-
-	ies = (const u8 *) (res + 1);
-	ies += res->ie_len;
-
-	for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies,
-			    res->beacon_ie_len) {
-		if (elem->datalen >= 4 &&
-		    vendor_type == WPA_GET_BE32(elem->data))
-			return &elem->id;
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result
- * @res: Scan result entry
- * @vendor_type: Vendor type (four octets starting the IE payload)
- * Returns: Pointer to the information element payload or %NULL if not found
- *
- * This function returns concatenated payload of possibly fragmented vendor
- * specific information elements in the scan result. The caller is responsible
- * for freeing the returned buffer.
- */
-struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res,
-					     u32 vendor_type)
-{
-	struct wpabuf *buf;
-	const u8 *end, *pos;
-
-	buf = wpabuf_alloc(res->ie_len);
-	if (buf == NULL)
-		return NULL;
-
-	pos = (const u8 *) (res + 1);
-	end = pos + res->ie_len;
-
-	while (end - pos > 1) {
-		u8 ie, len;
-
-		ie = pos[0];
-		len = pos[1];
-		if (len > end - pos - 2)
-			break;
-		pos += 2;
-		if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
-		    vendor_type == WPA_GET_BE32(pos))
-			wpabuf_put_data(buf, pos + 4, len - 4);
-		pos += len;
-	}
-
-	if (wpabuf_len(buf) == 0) {
-		wpabuf_free(buf);
-		buf = NULL;
-	}
-
-	return buf;
-}
-
-
-/* Compare function for sorting scan results. Return >0 if @b is considered
- * better. */
-static int wpa_scan_result_compar(const void *a, const void *b)
-{
-#define MIN(a,b) a < b ? a : b
-	struct wpa_scan_res **_wa = (void *) a;
-	struct wpa_scan_res **_wb = (void *) b;
-	struct wpa_scan_res *wa = *_wa;
-	struct wpa_scan_res *wb = *_wb;
-	int wpa_a, wpa_b;
-	int snr_a, snr_b, snr_a_full, snr_b_full;
-
-	/* WPA/WPA2 support preferred */
-	wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL ||
-		wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL;
-	wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL ||
-		wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL;
-
-	if (wpa_b && !wpa_a)
-		return 1;
-	if (!wpa_b && wpa_a)
-		return -1;
-
-	/* privacy support preferred */
-	if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 &&
-	    (wb->caps & IEEE80211_CAP_PRIVACY))
-		return 1;
-	if ((wa->caps & IEEE80211_CAP_PRIVACY) &&
-	    (wb->caps & IEEE80211_CAP_PRIVACY) == 0)
-		return -1;
-
-	if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) {
-		snr_a_full = wa->snr;
-		snr_a = MIN(wa->snr, GREAT_SNR);
-		snr_b_full = wb->snr;
-		snr_b = MIN(wb->snr, GREAT_SNR);
-	} else {
-		/* Level is not in dBm, so we can't calculate
-		 * SNR. Just use raw level (units unknown). */
-		snr_a = snr_a_full = wa->level;
-		snr_b = snr_b_full = wb->level;
-	}
-
-	/* If SNR is close, decide by max rate or frequency band. For cases
-	 * involving the 6 GHz band, use the throughput estimate irrespective
-	 * of the SNR difference since the LPI/VLP rules may result in
-	 * significant differences in SNR for cases where the estimated
-	 * throughput can be considerably higher with the lower SNR. */
-	if (snr_a && snr_b && (abs(snr_b - snr_a) < 7 ||
-			       is_6ghz_freq(wa->freq) ||
-			       is_6ghz_freq(wb->freq))) {
-		if (wa->est_throughput != wb->est_throughput)
-			return (int) wb->est_throughput -
-				(int) wa->est_throughput;
-	}
-	if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) ||
-	    (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {
-		if (is_6ghz_freq(wa->freq) ^ is_6ghz_freq(wb->freq))
-			return is_6ghz_freq(wa->freq) ? -1 : 1;
-		if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq))
-			return IS_5GHZ(wa->freq) ? -1 : 1;
-	}
-
-	/* all things being equal, use SNR; if SNRs are
-	 * identical, use quality values since some drivers may only report
-	 * that value and leave the signal level zero */
-	if (snr_b_full == snr_a_full)
-		return wb->qual - wa->qual;
-	return snr_b_full - snr_a_full;
-#undef MIN
-}
-
-
-#ifdef CONFIG_WPS
-/* Compare function for sorting scan results when searching a WPS AP for
- * provisioning. Return >0 if @b is considered better. */
-static int wpa_scan_result_wps_compar(const void *a, const void *b)
-{
-	struct wpa_scan_res **_wa = (void *) a;
-	struct wpa_scan_res **_wb = (void *) b;
-	struct wpa_scan_res *wa = *_wa;
-	struct wpa_scan_res *wb = *_wb;
-	int uses_wps_a, uses_wps_b;
-	struct wpabuf *wps_a, *wps_b;
-	int res;
-
-	/* Optimization - check WPS IE existence before allocated memory and
-	 * doing full reassembly. */
-	uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL;
-	uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL;
-	if (uses_wps_a && !uses_wps_b)
-		return -1;
-	if (!uses_wps_a && uses_wps_b)
-		return 1;
-
-	if (uses_wps_a && uses_wps_b) {
-		wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE);
-		wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE);
-		res = wps_ap_priority_compar(wps_a, wps_b);
-		wpabuf_free(wps_a);
-		wpabuf_free(wps_b);
-		if (res)
-			return res;
-	}
-
-	/*
-	 * Do not use current AP security policy as a sorting criteria during
-	 * WPS provisioning step since the AP may get reconfigured at the
-	 * completion of provisioning.
-	 */
-
-	/* all things being equal, use signal level; if signal levels are
-	 * identical, use quality values since some drivers may only report
-	 * that value and leave the signal level zero */
-	if (wb->level == wa->level)
-		return wb->qual - wa->qual;
-	return wb->level - wa->level;
-}
-#endif /* CONFIG_WPS */
-
-
-static void dump_scan_res(struct wpa_scan_results *scan_res)
-{
-#ifndef CONFIG_NO_STDOUT_DEBUG
-	size_t i;
-
-	if (scan_res->res == NULL || scan_res->num == 0)
-		return;
-
-	wpa_printf(MSG_EXCESSIVE, "Sorted scan results");
-
-	for (i = 0; i < scan_res->num; i++) {
-		struct wpa_scan_res *r = scan_res->res[i];
-		u8 *pos;
-		if (r->flags & WPA_SCAN_LEVEL_DBM) {
-			int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID);
-
-			wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d "
-				   "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u",
-				   MAC2STR(r->bssid), r->freq, r->qual,
-				   r->noise, noise_valid ? "" : "~", r->level,
-				   r->snr, r->snr >= GREAT_SNR ? "*" : "",
-				   r->flags,
-				   r->age, r->est_throughput);
-		} else {
-			wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d "
-				   "noise=%d level=%d flags=0x%x age=%u est=%u",
-				   MAC2STR(r->bssid), r->freq, r->qual,
-				   r->noise, r->level, r->flags, r->age,
-				   r->est_throughput);
-		}
-		pos = (u8 *) (r + 1);
-		if (r->ie_len)
-			wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len);
-		pos += r->ie_len;
-		if (r->beacon_ie_len)
-			wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs",
-				    pos, r->beacon_ie_len);
-	}
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-}
-
-
-/**
- * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed
- * @wpa_s: Pointer to wpa_supplicant data
- * @bssid: BSSID to check
- * Returns: 0 if the BSSID is filtered or 1 if not
- *
- * This function is used to filter out specific BSSIDs from scan reslts mainly
- * for testing purposes (SET bssid_filter ctrl_iface command).
- */
-int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s,
-				      const u8 *bssid)
-{
-	size_t i;
-
-	if (wpa_s->bssid_filter == NULL)
-		return 1;
-
-	for (i = 0; i < wpa_s->bssid_filter_count; i++) {
-		if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid,
-			      ETH_ALEN) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-void filter_scan_res(struct wpa_supplicant *wpa_s,
-		     struct wpa_scan_results *res)
-{
-	size_t i, j;
-
-	if (wpa_s->bssid_filter == NULL)
-		return;
-
-	for (i = 0, j = 0; i < res->num; i++) {
-		if (wpa_supplicant_filter_bssid_match(wpa_s,
-						      res->res[i]->bssid)) {
-			res->res[j++] = res->res[i];
-		} else {
-			os_free(res->res[i]);
-			res->res[i] = NULL;
-		}
-	}
-
-	if (res->num != j) {
-		wpa_printf(MSG_DEBUG, "Filtered out %d scan results",
-			   (int) (res->num - j));
-		res->num = j;
-	}
-}
-
-
-void scan_snr(struct wpa_scan_res *res)
-{
-	if (res->flags & WPA_SCAN_NOISE_INVALID) {
-		res->noise = is_6ghz_freq(res->freq) ?
-			DEFAULT_NOISE_FLOOR_6GHZ :
-			(IS_5GHZ(res->freq) ?
-			 DEFAULT_NOISE_FLOOR_5GHZ : DEFAULT_NOISE_FLOOR_2GHZ);
-	}
-
-	if (res->flags & WPA_SCAN_LEVEL_DBM) {
-		res->snr = res->level - res->noise;
-	} else {
-		/* Level is not in dBm, so we can't calculate
-		 * SNR. Just use raw level (units unknown). */
-		res->snr = res->level;
-	}
-}
-
-
-/* Minimum SNR required to achieve a certain bitrate. */
-struct minsnr_bitrate_entry {
-	int minsnr;
-	unsigned int bitrate; /* in Mbps */
-};
-
-/* VHT needs to be enabled in order to achieve MCS8 and MCS9 rates. */
-static const int vht_mcs = 8;
-
-static const struct minsnr_bitrate_entry vht20_table[] = {
-	{ 0, 0 },
-	{ 2, 6500 },   /* HT20 MCS0 */
-	{ 5, 13000 },  /* HT20 MCS1 */
-	{ 9, 19500 },  /* HT20 MCS2 */
-	{ 11, 26000 }, /* HT20 MCS3 */
-	{ 15, 39000 }, /* HT20 MCS4 */
-	{ 18, 52000 }, /* HT20 MCS5 */
-	{ 20, 58500 }, /* HT20 MCS6 */
-	{ 25, 65000 }, /* HT20 MCS7 */
-	{ 29, 78000 }, /* VHT20 MCS8 */
-	{ -1, 78000 }  /* SNR > 29 */
-};
-
-static const struct minsnr_bitrate_entry vht40_table[] = {
-	{ 0, 0 },
-	{ 5, 13500 },   /* HT40 MCS0 */
-	{ 8, 27000 },   /* HT40 MCS1 */
-	{ 12, 40500 },  /* HT40 MCS2 */
-	{ 14, 54000 },  /* HT40 MCS3 */
-	{ 18, 81000 },  /* HT40 MCS4 */
-	{ 21, 108000 }, /* HT40 MCS5 */
-	{ 23, 121500 }, /* HT40 MCS6 */
-	{ 28, 135000 }, /* HT40 MCS7 */
-	{ 32, 162000 }, /* VHT40 MCS8 */
-	{ 34, 180000 }, /* VHT40 MCS9 */
-	{ -1, 180000 }  /* SNR > 34 */
-};
-
-static const struct minsnr_bitrate_entry vht80_table[] = {
-	{ 0, 0 },
-	{ 8, 29300 },   /* VHT80 MCS0 */
-	{ 11, 58500 },  /* VHT80 MCS1 */
-	{ 15, 87800 },  /* VHT80 MCS2 */
-	{ 17, 117000 }, /* VHT80 MCS3 */
-	{ 21, 175500 }, /* VHT80 MCS4 */
-	{ 24, 234000 }, /* VHT80 MCS5 */
-	{ 26, 263300 }, /* VHT80 MCS6 */
-	{ 31, 292500 }, /* VHT80 MCS7 */
-	{ 35, 351000 }, /* VHT80 MCS8 */
-	{ 37, 390000 }, /* VHT80 MCS9 */
-	{ -1, 390000 }  /* SNR > 37 */
-};
-
-
-static const struct minsnr_bitrate_entry vht160_table[] = {
-	{ 0, 0 },
-	{ 11, 58500 },  /* VHT160 MCS0 */
-	{ 14, 117000 }, /* VHT160 MCS1 */
-	{ 18, 175500 }, /* VHT160 MCS2 */
-	{ 20, 234000 }, /* VHT160 MCS3 */
-	{ 24, 351000 }, /* VHT160 MCS4 */
-	{ 27, 468000 }, /* VHT160 MCS5 */
-	{ 29, 526500 }, /* VHT160 MCS6 */
-	{ 34, 585000 }, /* VHT160 MCS7 */
-	{ 38, 702000 }, /* VHT160 MCS8 */
-	{ 40, 780000 }, /* VHT160 MCS9 */
-	{ -1, 780000 }  /* SNR > 37 */
-};
-
-
-static const struct minsnr_bitrate_entry he20_table[] = {
-	{ 0, 0 },
-	{ 2, 8600 },    /* HE20 MCS0 */
-	{ 5, 17200 },   /* HE20 MCS1 */
-	{ 9, 25800 },   /* HE20 MCS2 */
-	{ 11, 34400 },  /* HE20 MCS3 */
-	{ 15, 51600 },  /* HE20 MCS4 */
-	{ 18, 68800 },  /* HE20 MCS5 */
-	{ 20, 77400 },  /* HE20 MCS6 */
-	{ 25, 86000 },  /* HE20 MCS7 */
-	{ 29, 103200 }, /* HE20 MCS8 */
-	{ 31, 114700 }, /* HE20 MCS9 */
-	{ 34, 129000 }, /* HE20 MCS10 */
-	{ 36, 143400 }, /* HE20 MCS11 */
-	{ -1, 143400 }  /* SNR > 29 */
-};
-
-static const struct minsnr_bitrate_entry he40_table[] = {
-	{ 0, 0 },
-	{ 5, 17200 },   /* HE40 MCS0 */
-	{ 8, 34400 },   /* HE40 MCS1 */
-	{ 12, 51600 },  /* HE40 MCS2 */
-	{ 14, 68800 },  /* HE40 MCS3 */
-	{ 18, 103200 }, /* HE40 MCS4 */
-	{ 21, 137600 }, /* HE40 MCS5 */
-	{ 23, 154900 }, /* HE40 MCS6 */
-	{ 28, 172100 }, /* HE40 MCS7 */
-	{ 32, 206500 }, /* HE40 MCS8 */
-	{ 34, 229400 }, /* HE40 MCS9 */
-	{ 37, 258100 }, /* HE40 MCS10 */
-	{ 39, 286800 }, /* HE40 MCS11 */
-	{ -1, 286800 }  /* SNR > 34 */
-};
-
-static const struct minsnr_bitrate_entry he80_table[] = {
-	{ 0, 0 },
-	{ 8, 36000 },   /* HE80 MCS0 */
-	{ 11, 72100 },  /* HE80 MCS1 */
-	{ 15, 108100 }, /* HE80 MCS2 */
-	{ 17, 144100 }, /* HE80 MCS3 */
-	{ 21, 216200 }, /* HE80 MCS4 */
-	{ 24, 288200 }, /* HE80 MCS5 */
-	{ 26, 324300 }, /* HE80 MCS6 */
-	{ 31, 360300 }, /* HE80 MCS7 */
-	{ 35, 432400 }, /* HE80 MCS8 */
-	{ 37, 480400 }, /* HE80 MCS9 */
-	{ 40, 540400 }, /* HE80 MCS10 */
-	{ 42, 600500 }, /* HE80 MCS11 */
-	{ -1, 600500 }  /* SNR > 37 */
-};
-
-
-static const struct minsnr_bitrate_entry he160_table[] = {
-	{ 0, 0 },
-	{ 11, 72100 },   /* HE160 MCS0 */
-	{ 14, 144100 },  /* HE160 MCS1 */
-	{ 18, 216200 },  /* HE160 MCS2 */
-	{ 20, 288200 },  /* HE160 MCS3 */
-	{ 24, 432400 },  /* HE160 MCS4 */
-	{ 27, 576500 },  /* HE160 MCS5 */
-	{ 29, 648500 },  /* HE160 MCS6 */
-	{ 34, 720600 },  /* HE160 MCS7 */
-	{ 38, 864700 },  /* HE160 MCS8 */
-	{ 40, 960800 },  /* HE160 MCS9 */
-	{ 43, 1080900 }, /* HE160 MCS10 */
-	{ 45, 1201000 }, /* HE160 MCS11 */
-	{ -1, 1201000 }  /* SNR > 37 */
-};
-
-
-static unsigned int interpolate_rate(int snr, int snr0, int snr1,
-				     int rate0, int rate1)
-{
-	return rate0 + (snr - snr0) * (rate1 - rate0) / (snr1 - snr0);
-}
-
-
-static unsigned int max_rate(const struct minsnr_bitrate_entry table[],
-			     int snr, bool vht)
-{
-	const struct minsnr_bitrate_entry *prev, *entry = table;
-
-	while ((entry->minsnr != -1) &&
-	       (snr >= entry->minsnr) &&
-	       (vht || entry - table <= vht_mcs))
-		entry++;
-	if (entry == table)
-		return entry->bitrate;
-	prev = entry - 1;
-	if (entry->minsnr == -1 || (!vht && entry - table > vht_mcs))
-		return prev->bitrate;
-	return interpolate_rate(snr, prev->minsnr, entry->minsnr, prev->bitrate,
-				entry->bitrate);
-}
-
-
-static unsigned int max_ht20_rate(int snr, bool vht)
-{
-	return max_rate(vht20_table, snr, vht);
-}
-
-
-static unsigned int max_ht40_rate(int snr, bool vht)
-{
-	return max_rate(vht40_table, snr, vht);
-}
-
-
-static unsigned int max_vht80_rate(int snr)
-{
-	return max_rate(vht80_table, snr, 1);
-}
-
-
-static unsigned int max_vht160_rate(int snr)
-{
-	return max_rate(vht160_table, snr, 1);
-}
-
-
-static unsigned int max_he_rate(const struct minsnr_bitrate_entry table[],
-				int snr)
-{
-	const struct minsnr_bitrate_entry *prev, *entry = table;
-
-	while (entry->minsnr != -1 && snr >= entry->minsnr)
-		entry++;
-	if (entry == table)
-		return 0;
-	prev = entry - 1;
-	if (entry->minsnr == -1)
-		return prev->bitrate;
-	return interpolate_rate(snr, prev->minsnr, entry->minsnr,
-				prev->bitrate, entry->bitrate);
-}
-
-
-unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
-			      const u8 *ies, size_t ies_len, int rate,
-			      int snr, int freq)
-{
-	struct hostapd_hw_modes *hw_mode;
-	unsigned int est, tmp;
-	const u8 *ie;
-
-	/* Limit based on estimated SNR */
-	if (rate > 1 * 2 && snr < 1)
-		rate = 1 * 2;
-	else if (rate > 2 * 2 && snr < 4)
-		rate = 2 * 2;
-	else if (rate > 6 * 2 && snr < 5)
-		rate = 6 * 2;
-	else if (rate > 9 * 2 && snr < 6)
-		rate = 9 * 2;
-	else if (rate > 12 * 2 && snr < 7)
-		rate = 12 * 2;
-	else if (rate > 12 * 2 && snr < 8)
-		rate = 14 * 2;
-	else if (rate > 12 * 2 && snr < 9)
-		rate = 16 * 2;
-	else if (rate > 18 * 2 && snr < 10)
-		rate = 18 * 2;
-	else if (rate > 24 * 2 && snr < 11)
-		rate = 24 * 2;
-	else if (rate > 24 * 2 && snr < 12)
-		rate = 27 * 2;
-	else if (rate > 24 * 2 && snr < 13)
-		rate = 30 * 2;
-	else if (rate > 24 * 2 && snr < 14)
-		rate = 33 * 2;
-	else if (rate > 36 * 2 && snr < 15)
-		rate = 36 * 2;
-	else if (rate > 36 * 2 && snr < 16)
-		rate = 39 * 2;
-	else if (rate > 36 * 2 && snr < 17)
-		rate = 42 * 2;
-	else if (rate > 36 * 2 && snr < 18)
-		rate = 45 * 2;
-	else if (rate > 48 * 2 && snr < 19)
-		rate = 48 * 2;
-	else if (rate > 48 * 2 && snr < 20)
-		rate = 51 * 2;
-	else if (rate > 54 * 2 && snr < 21)
-		rate = 54 * 2;
-	est = rate * 500;
-
-	hw_mode = get_mode_with_freq(wpa_s->hw.modes, wpa_s->hw.num_modes,
-				     freq);
-
-	if (hw_mode && hw_mode->ht_capab) {
-		ie = get_ie(ies, ies_len, WLAN_EID_HT_CAP);
-		if (ie) {
-			tmp = max_ht20_rate(snr, false);
-			if (tmp > est)
-				est = tmp;
-		}
-	}
-
-	if (hw_mode &&
-	    (hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
-		ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION);
-		if (ie && ie[1] >= 2 &&
-		    (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) {
-			tmp = max_ht40_rate(snr, false);
-			if (tmp > est)
-				est = tmp;
-		}
-	}
-
-	if (hw_mode && hw_mode->vht_capab) {
-		/* Use +1 to assume VHT is always faster than HT */
-		ie = get_ie(ies, ies_len, WLAN_EID_VHT_CAP);
-		if (ie) {
-			bool vht80 = false, vht160 = false;
-
-			tmp = max_ht20_rate(snr, true) + 1;
-			if (tmp > est)
-				est = tmp;
-
-			ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION);
-			if (ie && ie[1] >= 2 &&
-			    (ie[3] &
-			     HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) {
-				tmp = max_ht40_rate(snr, true) + 1;
-				if (tmp > est)
-					est = tmp;
-			}
-
-			/* Determine VHT BSS bandwidth based on IEEE Std
-			 * 802.11-2020, Table 11-23 (VHT BSs bandwidth) */
-			ie = get_ie(ies, ies_len, WLAN_EID_VHT_OPERATION);
-			if (ie && ie[1] >= 3) {
-				u8 cw = ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK;
-				u8 seg0 = ie[3];
-				u8 seg1 = ie[4];
-
-				if (cw)
-					vht80 = true;
-				if (cw == 2 ||
-				    (cw == 3 &&
-				     (seg1 > 0 && abs(seg1 - seg0) == 16)))
-					vht160 = true;
-				if (cw == 1 &&
-				    ((seg1 > 0 && abs(seg1 - seg0) == 8) ||
-				     (seg1 > 0 && abs(seg1 - seg0) == 16)))
-					vht160 = true;
-			}
-
-			if (vht80) {
-				tmp = max_vht80_rate(snr) + 1;
-				if (tmp > est)
-					est = tmp;
-			}
-
-			if (vht160 &&
-			    (hw_mode->vht_capab &
-			     (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
-			      VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
-				tmp = max_vht160_rate(snr) + 1;
-				if (tmp > est)
-					est = tmp;
-			}
-		}
-	}
-
-	if (hw_mode && hw_mode->he_capab[IEEE80211_MODE_INFRA].he_supported) {
-		/* Use +2 to assume HE is always faster than HT/VHT */
-		struct ieee80211_he_capabilities *he;
-		struct he_capabilities *own_he;
-		u8 cw;
-
-		ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_HE_CAPABILITIES);
-		if (!ie || (ie[1] < 1 + IEEE80211_HE_CAPAB_MIN_LEN))
-			return est;
-		he = (struct ieee80211_he_capabilities *) &ie[3];
-		own_he = &hw_mode->he_capab[IEEE80211_MODE_INFRA];
-
-		tmp = max_he_rate(he20_table, snr) + 2;
-		if (tmp > est)
-			est = tmp;
-
-		cw = he->he_phy_capab_info[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
-			own_he->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX];
-		if (cw &
-		    (IS_2P4GHZ(freq) ? HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G :
-		     HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
-			tmp = max_he_rate(he40_table, snr) + 2;
-			if (tmp > est)
-				est = tmp;
-		}
-
-		if (!IS_2P4GHZ(freq) &&
-		    (cw & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
-			tmp = max_he_rate(he80_table, snr) + 2;
-			if (tmp > est)
-				est = tmp;
-		}
-
-		if (!IS_2P4GHZ(freq) &&
-		    (cw & (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
-			   HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))) {
-			tmp = max_he_rate(he160_table, snr) + 2;
-			if (tmp > est)
-				est = tmp;
-		}
-	}
-
-	return est;
-}
-
-
-void scan_est_throughput(struct wpa_supplicant *wpa_s,
-			 struct wpa_scan_res *res)
-{
-	int rate; /* max legacy rate in 500 kb/s units */
-	int snr = res->snr;
-	const u8 *ies = (const void *) (res + 1);
-	size_t ie_len = res->ie_len;
-
-	if (res->est_throughput)
-		return;
-
-	/* Get maximum legacy rate */
-	rate = wpa_scan_get_max_rate(res);
-
-	if (!ie_len)
-		ie_len = res->beacon_ie_len;
-	res->est_throughput =
-		wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, res->freq);
-
-	/* TODO: channel utilization and AP load (e.g., from AP Beacon) */
-}
-
-
-/**
- * wpa_supplicant_get_scan_results - Get scan results
- * @wpa_s: Pointer to wpa_supplicant data
- * @info: Information about what was scanned or %NULL if not available
- * @new_scan: Whether a new scan was performed
- * Returns: Scan results, %NULL on failure
- *
- * This function request the current scan results from the driver and updates
- * the local BSS list wpa_s->bss. The caller is responsible for freeing the
- * results with wpa_scan_results_free().
- */
-struct wpa_scan_results *
-wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
-				struct scan_info *info, int new_scan)
-{
-	struct wpa_scan_results *scan_res;
-	size_t i;
-	int (*compar)(const void *, const void *) = wpa_scan_result_compar;
-
-	scan_res = wpa_drv_get_scan_results2(wpa_s);
-	if (scan_res == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results");
-		return NULL;
-	}
-	if (scan_res->fetch_time.sec == 0) {
-		/*
-		 * Make sure we have a valid timestamp if the driver wrapper
-		 * does not set this.
-		 */
-		os_get_reltime(&scan_res->fetch_time);
-	}
-	filter_scan_res(wpa_s, scan_res);
-
-	for (i = 0; i < scan_res->num; i++) {
-		struct wpa_scan_res *scan_res_item = scan_res->res[i];
-
-		scan_snr(scan_res_item);
-		scan_est_throughput(wpa_s, scan_res_item);
-	}
-
-#ifdef CONFIG_WPS
-	if (wpas_wps_searching(wpa_s)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS "
-			"provisioning rules");
-		compar = wpa_scan_result_wps_compar;
-	}
-#endif /* CONFIG_WPS */
-
-	if (scan_res->res) {
-		qsort(scan_res->res, scan_res->num,
-		      sizeof(struct wpa_scan_res *), compar);
-	}
-	dump_scan_res(scan_res);
-
-	if (wpa_s->ignore_post_flush_scan_res) {
-		/* FLUSH command aborted an ongoing scan and these are the
-		 * results from the aborted scan. Do not process the results to
-		 * maintain flushed state. */
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Do not update BSS table based on pending post-FLUSH scan results");
-		wpa_s->ignore_post_flush_scan_res = 0;
-		return scan_res;
-	}
-
-	wpa_bss_update_start(wpa_s);
-	for (i = 0; i < scan_res->num; i++)
-		wpa_bss_update_scan_res(wpa_s, scan_res->res[i],
-					&scan_res->fetch_time);
-	wpa_bss_update_end(wpa_s, info, new_scan);
-
-	return scan_res;
-}
-
-
-/**
- * wpa_supplicant_update_scan_results - Update scan results from the driver
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 on success, -1 on failure
- *
- * This function updates the BSS table within wpa_supplicant based on the
- * currently available scan results from the driver without requesting a new
- * scan. This is used in cases where the driver indicates an association
- * (including roaming within ESS) and wpa_supplicant does not yet have the
- * needed information to complete the connection (e.g., to perform validation
- * steps in 4-way handshake).
- */
-int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_scan_results *scan_res;
-	scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
-	if (scan_res == NULL)
-		return -1;
-	wpa_scan_results_free(scan_res);
-
-	return 0;
-}
-
-
-/**
- * scan_only_handler - Reports scan results
- */
-void scan_only_handler(struct wpa_supplicant *wpa_s,
-		       struct wpa_scan_results *scan_res)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received");
-	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
-	    wpa_s->manual_scan_use_id && wpa_s->own_scan_running) {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
-			     wpa_s->manual_scan_id);
-		wpa_s->manual_scan_use_id = 0;
-	} else {
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
-	}
-	wpas_notify_scan_results(wpa_s);
-	wpas_notify_scan_done(wpa_s, 1);
-	if (wpa_s->scan_work) {
-		struct wpa_radio_work *work = wpa_s->scan_work;
-		wpa_s->scan_work = NULL;
-		radio_work_done(work);
-	}
-
-	if (wpa_s->wpa_state == WPA_SCANNING)
-		wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state);
-}
-
-
-int wpas_scan_scheduled(struct wpa_supplicant *wpa_s)
-{
-	return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL);
-}
-
-
-struct wpa_driver_scan_params *
-wpa_scan_clone_params(const struct wpa_driver_scan_params *src)
-{
-	struct wpa_driver_scan_params *params;
-	size_t i;
-	u8 *n;
-
-	params = os_zalloc(sizeof(*params));
-	if (params == NULL)
-		return NULL;
-
-	for (i = 0; i < src->num_ssids; i++) {
-		if (src->ssids[i].ssid) {
-			n = os_memdup(src->ssids[i].ssid,
-				      src->ssids[i].ssid_len);
-			if (n == NULL)
-				goto failed;
-			params->ssids[i].ssid = n;
-			params->ssids[i].ssid_len = src->ssids[i].ssid_len;
-		}
-	}
-	params->num_ssids = src->num_ssids;
-
-	if (src->extra_ies) {
-		n = os_memdup(src->extra_ies, src->extra_ies_len);
-		if (n == NULL)
-			goto failed;
-		params->extra_ies = n;
-		params->extra_ies_len = src->extra_ies_len;
-	}
-
-	if (src->freqs) {
-		int len = int_array_len(src->freqs);
-		params->freqs = os_memdup(src->freqs, (len + 1) * sizeof(int));
-		if (params->freqs == NULL)
-			goto failed;
-	}
-
-	if (src->filter_ssids) {
-		params->filter_ssids = os_memdup(src->filter_ssids,
-						 sizeof(*params->filter_ssids) *
-						 src->num_filter_ssids);
-		if (params->filter_ssids == NULL)
-			goto failed;
-		params->num_filter_ssids = src->num_filter_ssids;
-	}
-
-	params->filter_rssi = src->filter_rssi;
-	params->p2p_probe = src->p2p_probe;
-	params->only_new_results = src->only_new_results;
-	params->low_priority = src->low_priority;
-	params->duration = src->duration;
-	params->duration_mandatory = src->duration_mandatory;
-	params->oce_scan = src->oce_scan;
-
-	if (src->sched_scan_plans_num > 0) {
-		params->sched_scan_plans =
-			os_memdup(src->sched_scan_plans,
-				  sizeof(*src->sched_scan_plans) *
-				  src->sched_scan_plans_num);
-		if (!params->sched_scan_plans)
-			goto failed;
-
-		params->sched_scan_plans_num = src->sched_scan_plans_num;
-	}
-
-	if (src->mac_addr_rand &&
-	    wpa_setup_mac_addr_rand_params(params, src->mac_addr))
-		goto failed;
-
-	if (src->bssid) {
-		u8 *bssid;
-
-		bssid = os_memdup(src->bssid, ETH_ALEN);
-		if (!bssid)
-			goto failed;
-		params->bssid = bssid;
-	}
-
-	params->relative_rssi_set = src->relative_rssi_set;
-	params->relative_rssi = src->relative_rssi;
-	params->relative_adjust_band = src->relative_adjust_band;
-	params->relative_adjust_rssi = src->relative_adjust_rssi;
-	params->p2p_include_6ghz = src->p2p_include_6ghz;
-	return params;
-
-failed:
-	wpa_scan_free_params(params);
-	return NULL;
-}
-
-
-void wpa_scan_free_params(struct wpa_driver_scan_params *params)
-{
-	size_t i;
-
-	if (params == NULL)
-		return;
-
-	for (i = 0; i < params->num_ssids; i++)
-		os_free((u8 *) params->ssids[i].ssid);
-	os_free((u8 *) params->extra_ies);
-	os_free(params->freqs);
-	os_free(params->filter_ssids);
-	os_free(params->sched_scan_plans);
-
-	/*
-	 * Note: params->mac_addr_mask points to same memory allocation and
-	 * must not be freed separately.
-	 */
-	os_free((u8 *) params->mac_addr);
-
-	os_free((u8 *) params->bssid);
-
-	os_free(params);
-}
-
-
-int wpas_start_pno(struct wpa_supplicant *wpa_s)
-{
-	int ret;
-	size_t prio, i, num_ssid, num_match_ssid;
-	struct wpa_ssid *ssid;
-	struct wpa_driver_scan_params params;
-	struct sched_scan_plan scan_plan;
-	unsigned int max_sched_scan_ssids;
-
-	if (!wpa_s->sched_scan_supported)
-		return -1;
-
-	if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS)
-		max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS;
-	else
-		max_sched_scan_ssids = wpa_s->max_sched_scan_ssids;
-	if (max_sched_scan_ssids < 1)
-		return -1;
-
-	if (wpa_s->pno || wpa_s->pno_sched_pending)
-		return 0;
-
-	if ((wpa_s->wpa_state > WPA_SCANNING) &&
-	    (wpa_s->wpa_state < WPA_COMPLETED)) {
-		wpa_printf(MSG_ERROR, "PNO: In assoc process");
-		return -EAGAIN;
-	}
-
-	if (wpa_s->wpa_state == WPA_SCANNING) {
-		wpa_supplicant_cancel_scan(wpa_s);
-		if (wpa_s->sched_scanning) {
-			wpa_printf(MSG_DEBUG, "Schedule PNO on completion of "
-				   "ongoing sched scan");
-			wpa_supplicant_cancel_sched_scan(wpa_s);
-			wpa_s->pno_sched_pending = 1;
-			return 0;
-		}
-	}
-
-	if (wpa_s->sched_scan_stop_req) {
-		wpa_printf(MSG_DEBUG,
-			   "Schedule PNO after previous sched scan has stopped");
-		wpa_s->pno_sched_pending = 1;
-		return 0;
-	}
-
-	os_memset(&params, 0, sizeof(params));
-
-	num_ssid = num_match_ssid = 0;
-	ssid = wpa_s->conf->ssid;
-	while (ssid) {
-		if (!wpas_network_disabled(wpa_s, ssid)) {
-			num_match_ssid++;
-			if (ssid->scan_ssid)
-				num_ssid++;
-		}
-		ssid = ssid->next;
-	}
-
-	if (num_match_ssid == 0) {
-		wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs");
-		return -1;
-	}
-
-	if (num_match_ssid > num_ssid) {
-		params.num_ssids++; /* wildcard */
-		num_ssid++;
-	}
-
-	if (num_ssid > max_sched_scan_ssids) {
-		wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from "
-			   "%u", max_sched_scan_ssids, (unsigned int) num_ssid);
-		num_ssid = max_sched_scan_ssids;
-	}
-
-	if (num_match_ssid > wpa_s->max_match_sets) {
-		num_match_ssid = wpa_s->max_match_sets;
-		wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match");
-	}
-	params.filter_ssids = os_calloc(num_match_ssid,
-					sizeof(struct wpa_driver_scan_filter));
-	if (params.filter_ssids == NULL)
-		return -1;
-
-	i = 0;
-	prio = 0;
-	ssid = wpa_s->conf->pssid[prio];
-	while (ssid) {
-		if (!wpas_network_disabled(wpa_s, ssid)) {
-			if (ssid->scan_ssid && params.num_ssids < num_ssid) {
-				params.ssids[params.num_ssids].ssid =
-					ssid->ssid;
-				params.ssids[params.num_ssids].ssid_len =
-					 ssid->ssid_len;
-				params.num_ssids++;
-			}
-			os_memcpy(params.filter_ssids[i].ssid, ssid->ssid,
-				  ssid->ssid_len);
-			params.filter_ssids[i].ssid_len = ssid->ssid_len;
-			params.num_filter_ssids++;
-			i++;
-			if (i == num_match_ssid)
-				break;
-		}
-		if (ssid->pnext)
-			ssid = ssid->pnext;
-		else if (prio + 1 == wpa_s->conf->num_prio)
-			break;
-		else
-			ssid = wpa_s->conf->pssid[++prio];
-	}
-
-	if (wpa_s->conf->filter_rssi)
-		params.filter_rssi = wpa_s->conf->filter_rssi;
-
-	if (wpa_s->sched_scan_plans_num) {
-		params.sched_scan_plans = wpa_s->sched_scan_plans;
-		params.sched_scan_plans_num = wpa_s->sched_scan_plans_num;
-	} else {
-		/* Set one scan plan that will run infinitely */
-		if (wpa_s->conf->sched_scan_interval)
-			scan_plan.interval = wpa_s->conf->sched_scan_interval;
-		else
-			scan_plan.interval = 10;
-
-		scan_plan.iterations = 0;
-		params.sched_scan_plans = &scan_plan;
-		params.sched_scan_plans_num = 1;
-	}
-
-	params.sched_scan_start_delay = wpa_s->conf->sched_scan_start_delay;
-
-	if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels");
-		params.freqs = wpa_s->manual_sched_scan_freqs;
-	}
-
-	if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) &&
-	    wpa_s->wpa_state <= WPA_SCANNING)
-		wpa_setup_mac_addr_rand_params(&params, wpa_s->mac_addr_pno);
-
-	wpa_scan_set_relative_rssi_params(wpa_s, &params);
-
-	ret = wpa_supplicant_start_sched_scan(wpa_s, &params);
-	os_free(params.filter_ssids);
-	os_free(params.mac_addr);
-	if (ret == 0)
-		wpa_s->pno = 1;
-	else
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO");
-	return ret;
-}
-
-
-int wpas_stop_pno(struct wpa_supplicant *wpa_s)
-{
-	int ret = 0;
-
-	if (!wpa_s->pno)
-		return 0;
-
-	ret = wpa_supplicant_stop_sched_scan(wpa_s);
-	wpa_s->sched_scan_stop_req = 1;
-
-	wpa_s->pno = 0;
-	wpa_s->pno_sched_pending = 0;
-
-	if (wpa_s->wpa_state == WPA_SCANNING)
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-
-	return ret;
-}
-
-
-void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s,
-				    unsigned int type)
-{
-	type &= MAC_ADDR_RAND_ALL;
-	wpa_s->mac_addr_rand_enable &= ~type;
-
-	if (type & MAC_ADDR_RAND_SCAN) {
-		os_free(wpa_s->mac_addr_scan);
-		wpa_s->mac_addr_scan = NULL;
-	}
-
-	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
-		os_free(wpa_s->mac_addr_sched_scan);
-		wpa_s->mac_addr_sched_scan = NULL;
-	}
-
-	if (type & MAC_ADDR_RAND_PNO) {
-		os_free(wpa_s->mac_addr_pno);
-		wpa_s->mac_addr_pno = NULL;
-	}
-}
-
-
-int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s,
-				unsigned int type, const u8 *addr,
-				const u8 *mask)
-{
-	u8 *tmp = NULL;
-
-	if ((wpa_s->mac_addr_rand_supported & type) != type ) {
-		wpa_printf(MSG_INFO,
-			   "scan: MAC randomization type %u != supported=%u",
-			   type, wpa_s->mac_addr_rand_supported);
-		return -1;
-	}
-
-	wpas_mac_addr_rand_scan_clear(wpa_s, type);
-
-	if (addr) {
-		tmp = os_malloc(2 * ETH_ALEN);
-		if (!tmp)
-			return -1;
-		os_memcpy(tmp, addr, ETH_ALEN);
-		os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN);
-	}
-
-	if (type == MAC_ADDR_RAND_SCAN) {
-		wpa_s->mac_addr_scan = tmp;
-	} else if (type == MAC_ADDR_RAND_SCHED_SCAN) {
-		wpa_s->mac_addr_sched_scan = tmp;
-	} else if (type == MAC_ADDR_RAND_PNO) {
-		wpa_s->mac_addr_pno = tmp;
-	} else {
-		wpa_printf(MSG_INFO,
-			   "scan: Invalid MAC randomization type=0x%x",
-			   type);
-		os_free(tmp);
-		return -1;
-	}
-
-	wpa_s->mac_addr_rand_enable |= type;
-	return 0;
-}
-
-
-int wpas_mac_addr_rand_scan_get_mask(struct wpa_supplicant *wpa_s,
-				     unsigned int type, u8 *mask)
-{
-	const u8 *to_copy;
-
-	if ((wpa_s->mac_addr_rand_enable & type) != type)
-		return -1;
-
-	if (type == MAC_ADDR_RAND_SCAN) {
-		to_copy = wpa_s->mac_addr_scan;
-	} else if (type == MAC_ADDR_RAND_SCHED_SCAN) {
-		to_copy = wpa_s->mac_addr_sched_scan;
-	} else if (type == MAC_ADDR_RAND_PNO) {
-		to_copy = wpa_s->mac_addr_pno;
-	} else {
-		wpa_printf(MSG_DEBUG,
-			   "scan: Invalid MAC randomization type=0x%x",
-			   type);
-		return -1;
-	}
-
-	os_memcpy(mask, to_copy + ETH_ALEN, ETH_ALEN);
-	return 0;
-}
-
-
-int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_radio_work *work;
-	struct wpa_radio *radio = wpa_s->radio;
-
-	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
-		if (work->wpa_s != wpa_s || !work->started ||
-		    (os_strcmp(work->type, "scan") != 0 &&
-		     os_strcmp(work->type, "p2p-scan") != 0))
-			continue;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan");
-		return wpa_drv_abort_scan(wpa_s, wpa_s->curr_scan_cookie);
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "No ongoing scan/p2p-scan found to abort");
-	return -1;
-}
-
-
-int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd)
-{
-	struct sched_scan_plan *scan_plans = NULL;
-	const char *token, *context = NULL;
-	unsigned int num = 0;
-
-	if (!cmd)
-		return -1;
-
-	if (!cmd[0]) {
-		wpa_printf(MSG_DEBUG, "Clear sched scan plans");
-		os_free(wpa_s->sched_scan_plans);
-		wpa_s->sched_scan_plans = NULL;
-		wpa_s->sched_scan_plans_num = 0;
-		return 0;
-	}
-
-	while ((token = cstr_token(cmd, " ", &context))) {
-		int ret;
-		struct sched_scan_plan *scan_plan, *n;
-
-		n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans));
-		if (!n)
-			goto fail;
-
-		scan_plans = n;
-		scan_plan = &scan_plans[num];
-		num++;
-
-		ret = sscanf(token, "%u:%u", &scan_plan->interval,
-			     &scan_plan->iterations);
-		if (ret <= 0 || ret > 2 || !scan_plan->interval) {
-			wpa_printf(MSG_ERROR,
-				   "Invalid sched scan plan input: %s", token);
-			goto fail;
-		}
-
-		if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) {
-			wpa_printf(MSG_WARNING,
-				   "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)",
-				   num, scan_plan->interval,
-				   wpa_s->max_sched_scan_plan_interval);
-			scan_plan->interval =
-				wpa_s->max_sched_scan_plan_interval;
-		}
-
-		if (ret == 1) {
-			scan_plan->iterations = 0;
-			break;
-		}
-
-		if (!scan_plan->iterations) {
-			wpa_printf(MSG_ERROR,
-				   "scan plan %u: Number of iterations cannot be zero",
-				   num);
-			goto fail;
-		}
-
-		if (scan_plan->iterations >
-		    wpa_s->max_sched_scan_plan_iterations) {
-			wpa_printf(MSG_WARNING,
-				   "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)",
-				   num, scan_plan->iterations,
-				   wpa_s->max_sched_scan_plan_iterations);
-			scan_plan->iterations =
-				wpa_s->max_sched_scan_plan_iterations;
-		}
-
-		wpa_printf(MSG_DEBUG,
-			   "scan plan %u: interval=%u iterations=%u",
-			   num, scan_plan->interval, scan_plan->iterations);
-	}
-
-	if (!scan_plans) {
-		wpa_printf(MSG_ERROR, "Invalid scan plans entry");
-		goto fail;
-	}
-
-	if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) {
-		wpa_printf(MSG_ERROR,
-			   "All scan plans but the last must specify a number of iterations");
-		goto fail;
-	}
-
-	wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u",
-		   num, scan_plans[num - 1].interval);
-
-	if (num > wpa_s->max_sched_scan_plans) {
-		wpa_printf(MSG_WARNING,
-			   "Too many scheduled scan plans (only %u supported)",
-			   wpa_s->max_sched_scan_plans);
-		wpa_printf(MSG_WARNING,
-			   "Use only the first %u scan plans, and the last one (in infinite loop)",
-			   wpa_s->max_sched_scan_plans - 1);
-		os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1],
-			  &scan_plans[num - 1], sizeof(*scan_plans));
-		num = wpa_s->max_sched_scan_plans;
-	}
-
-	os_free(wpa_s->sched_scan_plans);
-	wpa_s->sched_scan_plans = scan_plans;
-	wpa_s->sched_scan_plans_num = num;
-
-	return 0;
-
-fail:
-	os_free(scan_plans);
-	wpa_printf(MSG_ERROR, "invalid scan plans list");
-	return -1;
-}
-
-
-/**
- * wpas_scan_reset_sched_scan - Reset sched_scan state
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to cancel a running scheduled scan and to reset an
- * internal scan state to continue with a regular scan on the following
- * wpa_supplicant_req_scan() calls.
- */
-void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->normal_scans = 0;
-	if (wpa_s->sched_scanning) {
-		wpa_s->sched_scan_timed_out = 0;
-		wpa_s->prev_sched_ssid = NULL;
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-	}
-}
-
-
-void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s)
-{
-	/* simulate timeout to restart the sched scan */
-	wpa_s->sched_scan_timed_out = 1;
-	wpa_s->prev_sched_ssid = NULL;
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-}
diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h
deleted file mode 100644
index d1780eb09979..000000000000
--- a/wpa_supplicant/scan.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * WPA Supplicant - Scanning
- * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef SCAN_H
-#define SCAN_H
-
-/*
- * Noise floor values to use when we have signal strength
- * measurements, but no noise floor measurements. These values were
- * measured in an office environment with many APs.
- */
-#define DEFAULT_NOISE_FLOOR_2GHZ (-89)
-#define DEFAULT_NOISE_FLOOR_5GHZ (-92)
-#define DEFAULT_NOISE_FLOOR_6GHZ (-92)
-
-/*
- * Channels with a great SNR can operate at full rate. What is a great SNR?
- * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general
- * rule of thumb is that any SNR above 20 is good." This one
- * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23
- * recommends 25 as a minimum SNR for 54 Mbps data rate. The estimates used in
- * scan_est_throughput() allow even smaller SNR values for the maximum rates
- * (21 for 54 Mbps, 22 for VHT80 MCS9, 24 for HT40 and HT20 MCS7). Use 25 as a
- * somewhat conservative value here.
- */
-#define GREAT_SNR 25
-
-#define IS_2P4GHZ(n) (n >= 2412 && n <= 2484)
-#define IS_5GHZ(n) (n > 4000 && n < 5895)
-
-int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec);
-int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s,
-				      int sec, int usec);
-int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
-				    int scanning);
-struct wpa_driver_scan_params;
-int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
-				struct wpa_driver_scan_params *params);
-struct wpa_scan_results *
-wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
-				struct scan_info *info, int new_scan);
-int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s);
-const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie);
-const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res,
-				  u32 vendor_type);
-const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res,
-					 u32 vendor_type);
-struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res,
-					     u32 vendor_type);
-int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s,
-				      const u8 *bssid);
-void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec);
-void scan_only_handler(struct wpa_supplicant *wpa_s,
-		       struct wpa_scan_results *scan_res);
-int wpas_scan_scheduled(struct wpa_supplicant *wpa_s);
-struct wpa_driver_scan_params *
-wpa_scan_clone_params(const struct wpa_driver_scan_params *src);
-void wpa_scan_free_params(struct wpa_driver_scan_params *params);
-int wpas_start_pno(struct wpa_supplicant *wpa_s);
-int wpas_stop_pno(struct wpa_supplicant *wpa_s);
-void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s);
-void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s);
-
-void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s,
-				   unsigned int type);
-int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s,
-				unsigned int type, const u8 *addr,
-				const u8 *mask);
-int wpas_mac_addr_rand_scan_get_mask(struct wpa_supplicant *wpa_s,
-				     unsigned int type, u8 *mask);
-int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s);
-void filter_scan_res(struct wpa_supplicant *wpa_s,
-		     struct wpa_scan_results *res);
-void scan_snr(struct wpa_scan_res *res);
-void scan_est_throughput(struct wpa_supplicant *wpa_s,
-			 struct wpa_scan_res *res);
-unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
-			      const u8 *ies, size_t ies_len, int rate,
-			      int snr, int freq);
-void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s);
-int wpa_add_scan_freqs_list(struct wpa_supplicant *wpa_s,
-			    enum hostapd_hw_mode band,
-			    struct wpa_driver_scan_params *params,
-			    bool is_6ghz);
-
-#endif /* SCAN_H */
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
deleted file mode 100644
index 1dc7001a7305..000000000000
--- a/wpa_supplicant/sme.c
+++ /dev/null
@@ -1,2945 +0,0 @@
-/*
- * wpa_supplicant - SME
- * Copyright (c) 2009-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/ocv.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "common/wpa_common.h"
-#include "common/sae.h"
-#include "common/dpp.h"
-#include "rsn_supp/wpa.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "wpas_glue.h"
-#include "wps_supplicant.h"
-#include "p2p_supplicant.h"
-#include "notify.h"
-#include "bss.h"
-#include "scan.h"
-#include "sme.h"
-#include "hs20_supplicant.h"
-
-#define SME_AUTH_TIMEOUT 5
-#define SME_ASSOC_TIMEOUT 5
-
-static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
-static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
-static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx);
-static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
-
-
-#ifdef CONFIG_SAE
-
-static int index_within_array(const int *array, int idx)
-{
-	int i;
-	for (i = 0; i < idx; i++) {
-		if (array[i] <= 0)
-			return 0;
-	}
-	return 1;
-}
-
-
-static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
-{
-	int *groups = wpa_s->conf->sae_groups;
-	int default_groups[] = { 19, 20, 21, 0 };
-
-	if (!groups || groups[0] <= 0)
-		groups = default_groups;
-
-	/* Configuration may have changed, so validate current index */
-	if (!index_within_array(groups, wpa_s->sme.sae_group_index))
-		return -1;
-
-	for (;;) {
-		int group = groups[wpa_s->sme.sae_group_index];
-		if (group <= 0)
-			break;
-		if (sae_set_group(&wpa_s->sme.sae, group) == 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
-				wpa_s->sme.sae.group);
-			return 0;
-		}
-		wpa_s->sme.sae_group_index++;
-	}
-
-	return -1;
-}
-
-
-static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
-						 struct wpa_ssid *ssid,
-						 const u8 *bssid, int external,
-						 int reuse, int *ret_use_pt,
-						 bool *ret_use_pk)
-{
-	struct wpabuf *buf;
-	size_t len;
-	const char *password;
-	struct wpa_bss *bss;
-	int use_pt = 0;
-	bool use_pk = false;
-	u8 rsnxe_capa = 0;
-
-	if (ret_use_pt)
-		*ret_use_pt = 0;
-	if (ret_use_pk)
-		*ret_use_pk = false;
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->sae_commit_override) {
-		wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
-		buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
-		if (!buf)
-			return NULL;
-		if (!external) {
-			wpabuf_put_le16(buf, 1); /* Transaction seq# */
-			wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-		}
-		wpabuf_put_buf(buf, wpa_s->sae_commit_override);
-		return buf;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	password = ssid->sae_password;
-	if (!password)
-		password = ssid->passphrase;
-	if (!password) {
-		wpa_printf(MSG_DEBUG, "SAE: No password available");
-		return NULL;
-	}
-
-	if (reuse && wpa_s->sme.sae.tmp &&
-	    os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) {
-		wpa_printf(MSG_DEBUG,
-			   "SAE: Reuse previously generated PWE on a retry with the same AP");
-		use_pt = wpa_s->sme.sae.h2e;
-		use_pk = wpa_s->sme.sae.pk;
-		goto reuse_data;
-	}
-	if (sme_set_sae_group(wpa_s) < 0) {
-		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
-		return NULL;
-	}
-
-	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG,
-			   "SAE: BSS not available, update scan result to get BSS");
-		wpa_supplicant_update_scan_results(wpa_s);
-		bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-	}
-	if (bss) {
-		const u8 *rsnxe;
-
-		rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-		if (rsnxe && rsnxe[1] >= 1)
-			rsnxe_capa = rsnxe[2];
-	}
-
-	if (ssid->sae_password_id && wpa_s->conf->sae_pwe != 3)
-		use_pt = 1;
-#ifdef CONFIG_SAE_PK
-	if ((rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
-	    ssid->sae_pk != SAE_PK_MODE_DISABLED &&
-	    ((ssid->sae_password &&
-	      sae_pk_valid_password(ssid->sae_password)) ||
-	     (!ssid->sae_password && ssid->passphrase &&
-	      sae_pk_valid_password(ssid->passphrase)))) {
-		use_pt = 1;
-		use_pk = true;
-	}
-
-	if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
-		wpa_printf(MSG_DEBUG,
-			   "SAE: Cannot use PK with the selected AP");
-		return NULL;
-	}
-#endif /* CONFIG_SAE_PK */
-
-	if (use_pt || wpa_s->conf->sae_pwe == 1 || wpa_s->conf->sae_pwe == 2) {
-		use_pt = !!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E));
-
-		if ((wpa_s->conf->sae_pwe == 1 || ssid->sae_password_id) &&
-		    wpa_s->conf->sae_pwe != 3 &&
-		    !use_pt) {
-			wpa_printf(MSG_DEBUG,
-				   "SAE: Cannot use H2E with the selected AP");
-			return NULL;
-		}
-	}
-
-	if (use_pt &&
-	    sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
-				  wpa_s->own_addr, bssid,
-				  wpa_s->sme.sae_rejected_groups, NULL) < 0)
-		return NULL;
-	if (!use_pt &&
-	    sae_prepare_commit(wpa_s->own_addr, bssid,
-			       (u8 *) password, os_strlen(password),
-			       &wpa_s->sme.sae) < 0) {
-		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
-		return NULL;
-	}
-	if (wpa_s->sme.sae.tmp) {
-		os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
-		if (use_pt && use_pk)
-			wpa_s->sme.sae.pk = 1;
-#ifdef CONFIG_SAE_PK
-		os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr,
-			  ETH_ALEN);
-		os_memcpy(wpa_s->sme.sae.tmp->peer_addr, bssid, ETH_ALEN);
-		sae_pk_set_password(&wpa_s->sme.sae, password);
-#endif /* CONFIG_SAE_PK */
-	}
-
-reuse_data:
-	len = wpa_s->sme.sae_token ? 3 + wpabuf_len(wpa_s->sme.sae_token) : 0;
-	if (ssid->sae_password_id)
-		len += 4 + os_strlen(ssid->sae_password_id);
-	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
-	if (buf == NULL)
-		return NULL;
-	if (!external) {
-		wpabuf_put_le16(buf, 1); /* Transaction seq# */
-		if (use_pk)
-			wpabuf_put_le16(buf, WLAN_STATUS_SAE_PK);
-		else if (use_pt)
-			wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT);
-		else
-			wpabuf_put_le16(buf,WLAN_STATUS_SUCCESS);
-	}
-	if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
-			     ssid->sae_password_id) < 0) {
-		wpabuf_free(buf);
-		return NULL;
-	}
-	if (ret_use_pt)
-		*ret_use_pt = use_pt;
-	if (ret_use_pk)
-		*ret_use_pk = use_pk;
-
-	return buf;
-}
-
-
-static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s,
-						  int external)
-{
-	struct wpabuf *buf;
-
-	buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN);
-	if (buf == NULL)
-		return NULL;
-
-	if (!external) {
-		wpabuf_put_le16(buf, 2); /* Transaction seq# */
-		wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-	}
-	sae_write_confirm(&wpa_s->sme.sae, buf);
-
-	return buf;
-}
-
-#endif /* CONFIG_SAE */
-
-
-/**
- * sme_auth_handle_rrm - Handle RRM aspects of current authentication attempt
- * @wpa_s: Pointer to wpa_supplicant data
- * @bss: Pointer to the bss which is the target of authentication attempt
- */
-static void sme_auth_handle_rrm(struct wpa_supplicant *wpa_s,
-				struct wpa_bss *bss)
-{
-	const u8 rrm_ie_len = 5;
-	u8 *pos;
-	const u8 *rrm_ie;
-
-	wpa_s->rrm.rrm_used = 0;
-
-	wpa_printf(MSG_DEBUG,
-		   "RRM: Determining whether RRM can be used - device support: 0x%x",
-		   wpa_s->drv_rrm_flags);
-
-	rrm_ie = wpa_bss_get_ie(bss, WLAN_EID_RRM_ENABLED_CAPABILITIES);
-	if (!rrm_ie || !(bss->caps & IEEE80211_CAP_RRM)) {
-		wpa_printf(MSG_DEBUG, "RRM: No RRM in network");
-		return;
-	}
-
-	if (!((wpa_s->drv_rrm_flags &
-	       WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) &&
-	      (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
-	    !(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) {
-		wpa_printf(MSG_DEBUG,
-			   "RRM: Insufficient RRM support in driver - do not use RRM");
-		return;
-	}
-
-	if (sizeof(wpa_s->sme.assoc_req_ie) <
-	    wpa_s->sme.assoc_req_ie_len + rrm_ie_len + 2) {
-		wpa_printf(MSG_INFO,
-			   "RRM: Unable to use RRM, no room for RRM IE");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "RRM: Adding RRM IE to Association Request");
-	pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
-	os_memset(pos, 0, 2 + rrm_ie_len);
-	*pos++ = WLAN_EID_RRM_ENABLED_CAPABILITIES;
-	*pos++ = rrm_ie_len;
-
-	/* Set supported capabilities flags */
-	if (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)
-		*pos |= WLAN_RRM_CAPS_LINK_MEASUREMENT;
-
-	*pos |= WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE |
-		WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
-		WLAN_RRM_CAPS_BEACON_REPORT_TABLE;
-
-	if (wpa_s->lci)
-		pos[1] |= WLAN_RRM_CAPS_LCI_MEASUREMENT;
-
-	wpa_s->sme.assoc_req_ie_len += rrm_ie_len + 2;
-	wpa_s->rrm.rrm_used = 1;
-}
-
-
-static void sme_send_authentication(struct wpa_supplicant *wpa_s,
-				    struct wpa_bss *bss, struct wpa_ssid *ssid,
-				    int start)
-{
-	struct wpa_driver_auth_params params;
-	struct wpa_ssid *old_ssid;
-#ifdef CONFIG_IEEE80211R
-	const u8 *ie;
-#endif /* CONFIG_IEEE80211R */
-#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
-	const u8 *md = NULL;
-#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
-	int bssid_changed;
-	struct wpabuf *resp = NULL;
-	u8 ext_capab[18];
-	int ext_capab_len;
-	int skip_auth;
-	u8 *wpa_ie;
-	size_t wpa_ie_len;
-#ifdef CONFIG_MBO
-	const u8 *mbo_ie;
-#endif /* CONFIG_MBO */
-	int omit_rsnxe = 0;
-
-	if (bss == NULL) {
-		wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
-			"the network");
-		wpas_connect_work_done(wpa_s);
-		return;
-	}
-
-	skip_auth = wpa_s->conf->reassoc_same_bss_optim &&
-		wpa_s->reassoc_same_bss;
-	wpa_s->current_bss = bss;
-
-	os_memset(&params, 0, sizeof(params));
-	wpa_s->reassociate = 0;
-
-	params.freq = bss->freq;
-	params.bssid = bss->bssid;
-	params.ssid = bss->ssid;
-	params.ssid_len = bss->ssid_len;
-	params.p2p = ssid->p2p_group;
-
-	if (wpa_s->sme.ssid_len != params.ssid_len ||
-	    os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
-		wpa_s->sme.prev_bssid_set = 0;
-
-	wpa_s->sme.freq = params.freq;
-	os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
-	wpa_s->sme.ssid_len = params.ssid_len;
-
-	params.auth_alg = WPA_AUTH_ALG_OPEN;
-#ifdef IEEE8021X_EAPOL
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		if (ssid->leap) {
-			if (ssid->non_leap == 0)
-				params.auth_alg = WPA_AUTH_ALG_LEAP;
-			else
-				params.auth_alg |= WPA_AUTH_ALG_LEAP;
-		}
-	}
-#endif /* IEEE8021X_EAPOL */
-	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
-		params.auth_alg);
-	if (ssid->auth_alg) {
-		params.auth_alg = ssid->auth_alg;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
-			"0x%x", params.auth_alg);
-	}
-#ifdef CONFIG_SAE
-	wpa_s->sme.sae_pmksa_caching = 0;
-	if (wpa_key_mgmt_sae(ssid->key_mgmt)) {
-		const u8 *rsn;
-		struct wpa_ie_data ied;
-
-		rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		if (!rsn) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SAE enabled, but target BSS does not advertise RSN");
-#ifdef CONFIG_DPP
-		} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
-			   (ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
-			   (ied.key_mgmt & WPA_KEY_MGMT_DPP)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Prefer DPP over SAE when both are enabled");
-#endif /* CONFIG_DPP */
-		} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
-			   wpa_key_mgmt_sae(ied.key_mgmt)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");
-			params.auth_alg = WPA_AUTH_ALG_SAE;
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SAE enabled, but target BSS does not advertise SAE AKM for RSN");
-		}
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_WEP
-	{
-		int i;
-
-		for (i = 0; i < NUM_WEP_KEYS; i++) {
-			if (ssid->wep_key_len[i])
-				params.wep_key[i] = ssid->wep_key[i];
-			params.wep_key_len[i] = ssid->wep_key_len[i];
-		}
-		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
-	}
-#endif /* CONFIG_WEP */
-
-	if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
-	     wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
-	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
-		int try_opportunistic;
-		const u8 *cache_id = NULL;
-
-		try_opportunistic = (ssid->proactive_key_caching < 0 ?
-				     wpa_s->conf->okc :
-				     ssid->proactive_key_caching) &&
-			(ssid->proto & WPA_PROTO_RSN);
-#ifdef CONFIG_FILS
-		if (wpa_key_mgmt_fils(ssid->key_mgmt))
-			cache_id = wpa_bss_get_fils_cache_id(bss);
-#endif /* CONFIG_FILS */
-		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
-					    wpa_s->current_ssid,
-					    try_opportunistic, cache_id,
-					    0) == 0)
-			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
-		wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
-		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
-					      wpa_s->sme.assoc_req_ie,
-					      &wpa_s->sme.assoc_req_ie_len)) {
-			wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
-				"key management and encryption suites");
-			wpas_connect_work_done(wpa_s);
-			return;
-		}
-#ifdef CONFIG_HS20
-	} else if (wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
-		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
-		/* No PMKSA caching, but otherwise similar to RSN/WPA */
-		wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
-		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
-					      wpa_s->sme.assoc_req_ie,
-					      &wpa_s->sme.assoc_req_ie_len)) {
-			wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
-				"key management and encryption suites");
-			wpas_connect_work_done(wpa_s);
-			return;
-		}
-#endif /* CONFIG_HS20 */
-	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
-		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
-		/*
-		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
-		 * use non-WPA since the scan results did not indicate that the
-		 * AP is using WPA or WPA2.
-		 */
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-		wpa_s->sme.assoc_req_ie_len = 0;
-	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
-		wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
-		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
-					      wpa_s->sme.assoc_req_ie,
-					      &wpa_s->sme.assoc_req_ie_len)) {
-			wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
-				"key management and encryption suites (no "
-				"scan results)");
-			wpas_connect_work_done(wpa_s);
-			return;
-		}
-#ifdef CONFIG_WPS
-	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
-		struct wpabuf *wps_ie;
-		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
-		if (wps_ie && wpabuf_len(wps_ie) <=
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
-			os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
-				  wpa_s->sme.assoc_req_ie_len);
-		} else
-			wpa_s->sme.assoc_req_ie_len = 0;
-		wpabuf_free(wps_ie);
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-#endif /* CONFIG_WPS */
-	} else {
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-		wpa_s->sme.assoc_req_ie_len = 0;
-	}
-
-	/* In case the WPA vendor IE is used, it should be placed after all the
-	 * non-vendor IEs, as the lower layer expects the IEs to be ordered as
-	 * defined in the standard. Store the WPA IE so it can later be
-	 * inserted at the correct location.
-	 */
-	wpa_ie = NULL;
-	wpa_ie_len = 0;
-	if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
-		wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
-				   wpa_s->sme.assoc_req_ie_len);
-		if (wpa_ie) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Storing WPA IE");
-
-			wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
-			wpa_s->sme.assoc_req_ie_len = 0;
-		} else {
-			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed copy WPA IE");
-			wpas_connect_work_done(wpa_s);
-			return;
-		}
-	}
-
-#ifdef CONFIG_IEEE80211R
-	ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
-	if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
-		md = ie + 2;
-	wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
-	if (md && (!wpa_key_mgmt_ft(ssid->key_mgmt) ||
-		   !wpa_key_mgmt_ft(wpa_s->key_mgmt)))
-		md = NULL;
-	if (md) {
-		/* Prepare for the next transition */
-		wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
-	}
-
-	if (md) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
-			md[0], md[1]);
-
-		omit_rsnxe = !wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-		if (wpa_s->sme.assoc_req_ie_len + 5 <
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			struct rsn_mdie *mdie;
-			u8 *pos = wpa_s->sme.assoc_req_ie +
-				wpa_s->sme.assoc_req_ie_len;
-			*pos++ = WLAN_EID_MOBILITY_DOMAIN;
-			*pos++ = sizeof(*mdie);
-			mdie = (struct rsn_mdie *) pos;
-			os_memcpy(mdie->mobility_domain, md,
-				  MOBILITY_DOMAIN_ID_LEN);
-			mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
-			wpa_s->sme.assoc_req_ie_len += 5;
-		}
-
-		if (wpa_s->sme.prev_bssid_set && wpa_s->sme.ft_used &&
-		    os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
-		    wpa_sm_has_ptk(wpa_s->wpa)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
-				"over-the-air");
-			params.auth_alg = WPA_AUTH_ALG_FT;
-			params.ie = wpa_s->sme.ft_ies;
-			params.ie_len = wpa_s->sme.ft_ies_len;
-		}
-	}
-#endif /* CONFIG_IEEE80211R */
-
-	wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);
-	if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
-		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		struct wpa_ie_data _ie;
-		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
-		    _ie.capabilities &
-		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
-				"MFP: require MFP");
-			wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
-		}
-	}
-
-#ifdef CONFIG_P2P
-	if (wpa_s->global->p2p) {
-		u8 *pos;
-		size_t len;
-		int res;
-		pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
-		len = sizeof(wpa_s->sme.assoc_req_ie) -
-			wpa_s->sme.assoc_req_ie_len;
-		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
-					    ssid->p2p_group);
-		if (res >= 0)
-			wpa_s->sme.assoc_req_ie_len += res;
-	}
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_FST
-	if (wpa_s->fst_ies) {
-		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
-
-		if (wpa_s->sme.assoc_req_ie_len + fst_ies_len <=
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			os_memcpy(wpa_s->sme.assoc_req_ie +
-				  wpa_s->sme.assoc_req_ie_len,
-				  wpabuf_head(wpa_s->fst_ies),
-				  fst_ies_len);
-			wpa_s->sme.assoc_req_ie_len += fst_ies_len;
-		}
-	}
-#endif /* CONFIG_FST */
-
-	sme_auth_handle_rrm(wpa_s, bss);
-
-	wpa_s->sme.assoc_req_ie_len += wpas_supp_op_class_ie(
-		wpa_s, ssid, bss,
-		wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-		sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len);
-
-	if (params.p2p)
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
-	else
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
-
-	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
-					     sizeof(ext_capab));
-	if (ext_capab_len > 0) {
-		u8 *pos = wpa_s->sme.assoc_req_ie;
-		if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
-			pos += 2 + pos[1];
-		os_memmove(pos + ext_capab_len, pos,
-			   wpa_s->sme.assoc_req_ie_len -
-			   (pos - wpa_s->sme.assoc_req_ie));
-		wpa_s->sme.assoc_req_ie_len += ext_capab_len;
-		os_memcpy(pos, ext_capab, ext_capab_len);
-	}
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->rsnxe_override_assoc &&
-	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
-	    sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) {
-		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
-		os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			  wpabuf_head(wpa_s->rsnxe_override_assoc),
-			  wpabuf_len(wpa_s->rsnxe_override_assoc));
-		wpa_s->sme.assoc_req_ie_len +=
-			wpabuf_len(wpa_s->rsnxe_override_assoc);
-	} else
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (wpa_s->rsnxe_len > 0 &&
-	    wpa_s->rsnxe_len <=
-	    sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len &&
-	    !omit_rsnxe) {
-		os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			  wpa_s->rsnxe, wpa_s->rsnxe_len);
-		wpa_s->sme.assoc_req_ie_len += wpa_s->rsnxe_len;
-	}
-
-#ifdef CONFIG_HS20
-	if (is_hs20_network(wpa_s, ssid, bss)) {
-		struct wpabuf *hs20;
-
-		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
-		if (hs20) {
-			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
-			size_t len;
-
-			wpas_hs20_add_indication(hs20, pps_mo_id,
-						 get_hs20_version(bss));
-			wpas_hs20_add_roam_cons_sel(hs20, ssid);
-			len = sizeof(wpa_s->sme.assoc_req_ie) -
-				wpa_s->sme.assoc_req_ie_len;
-			if (wpabuf_len(hs20) <= len) {
-				os_memcpy(wpa_s->sme.assoc_req_ie +
-					  wpa_s->sme.assoc_req_ie_len,
-					  wpabuf_head(hs20), wpabuf_len(hs20));
-				wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
-			}
-			wpabuf_free(hs20);
-		}
-	}
-#endif /* CONFIG_HS20 */
-
-	if (wpa_ie) {
-		size_t len;
-
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Reinsert WPA IE");
-
-		len = sizeof(wpa_s->sme.assoc_req_ie) -
-			wpa_s->sme.assoc_req_ie_len;
-
-		if (len > wpa_ie_len) {
-			os_memcpy(wpa_s->sme.assoc_req_ie +
-				  wpa_s->sme.assoc_req_ie_len,
-				  wpa_ie, wpa_ie_len);
-			wpa_s->sme.assoc_req_ie_len += wpa_ie_len;
-		} else {
-			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Failed to add WPA IE");
-		}
-
-		os_free(wpa_ie);
-	}
-
-	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
-		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
-		size_t len;
-
-		len = sizeof(wpa_s->sme.assoc_req_ie) -
-			wpa_s->sme.assoc_req_ie_len;
-		if (wpabuf_len(buf) <= len) {
-			os_memcpy(wpa_s->sme.assoc_req_ie +
-				  wpa_s->sme.assoc_req_ie_len,
-				  wpabuf_head(buf), wpabuf_len(buf));
-			wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
-		}
-	}
-
-#ifdef CONFIG_MBO
-	mbo_ie = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE);
-	if (!wpa_s->disable_mbo_oce && mbo_ie) {
-		int len;
-
-		len = wpas_mbo_ie(wpa_s, wpa_s->sme.assoc_req_ie +
-				  wpa_s->sme.assoc_req_ie_len,
-				  sizeof(wpa_s->sme.assoc_req_ie) -
-				  wpa_s->sme.assoc_req_ie_len,
-				  !!mbo_attr_from_mbo_ie(mbo_ie,
-							 OCE_ATTR_ID_CAPA_IND));
-		if (len >= 0)
-			wpa_s->sme.assoc_req_ie_len += len;
-	}
-#endif /* CONFIG_MBO */
-
-#ifdef CONFIG_SAE
-	if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
-	    pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0,
-				    NULL,
-				    wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE ?
-				    WPA_KEY_MGMT_FT_SAE :
-				    WPA_KEY_MGMT_SAE) == 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
-		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
-		params.auth_alg = WPA_AUTH_ALG_OPEN;
-		wpa_s->sme.sae_pmksa_caching = 1;
-	}
-
-	if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) {
-		if (start)
-			resp = sme_auth_build_sae_commit(wpa_s, ssid,
-							 bss->bssid, 0,
-							 start == 2, NULL,
-							 NULL);
-		else
-			resp = sme_auth_build_sae_confirm(wpa_s, 0);
-		if (resp == NULL) {
-			wpas_connection_failed(wpa_s, bss->bssid);
-			return;
-		}
-		params.auth_data = wpabuf_head(resp);
-		params.auth_data_len = wpabuf_len(resp);
-		wpa_s->sme.sae.state = start ? SAE_COMMITTED : SAE_CONFIRMED;
-	}
-#endif /* CONFIG_SAE */
-
-	bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
-	os_memset(wpa_s->bssid, 0, ETH_ALEN);
-	os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
-	if (bssid_changed)
-		wpas_notify_bssid_changed(wpa_s);
-
-	old_ssid = wpa_s->current_ssid;
-	wpa_s->current_ssid = ssid;
-	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
-	wpa_supplicant_initiate_eapol(wpa_s);
-
-#ifdef CONFIG_FILS
-	/* TODO: FILS operations can in some cases be done between different
-	 * network_ctx (i.e., same credentials can be used with multiple
-	 * networks). */
-	if (params.auth_alg == WPA_AUTH_ALG_OPEN &&
-	    wpa_key_mgmt_fils(ssid->key_mgmt)) {
-		const u8 *indic;
-		u16 fils_info;
-		const u8 *realm, *username, *rrk;
-		size_t realm_len, username_len, rrk_len;
-		u16 next_seq_num;
-
-		/*
-		 * Check FILS Indication element (FILS Information field) bits
-		 * indicating supported authentication algorithms against local
-		 * configuration (ssid->fils_dh_group). Try to use FILS
-		 * authentication only if the AP supports the combination in the
-		 * network profile. */
-		indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
-		if (!indic || indic[1] < 2) {
-			wpa_printf(MSG_DEBUG, "SME: " MACSTR
-				   " does not include FILS Indication element - cannot use FILS authentication with it",
-				   MAC2STR(bss->bssid));
-			goto no_fils;
-		}
-
-		fils_info = WPA_GET_LE16(indic + 2);
-		if (ssid->fils_dh_group == 0 && !(fils_info & BIT(9))) {
-			wpa_printf(MSG_DEBUG, "SME: " MACSTR
-				   " does not support FILS SK without PFS - cannot use FILS authentication with it",
-				   MAC2STR(bss->bssid));
-			goto no_fils;
-		}
-		if (ssid->fils_dh_group != 0 && !(fils_info & BIT(10))) {
-			wpa_printf(MSG_DEBUG, "SME: " MACSTR
-				   " does not support FILS SK with PFS - cannot use FILS authentication with it",
-				   MAC2STR(bss->bssid));
-			goto no_fils;
-		}
-
-		if (wpa_s->last_con_fail_realm &&
-		    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
-					  &username, &username_len,
-					  &realm, &realm_len, &next_seq_num,
-					  &rrk, &rrk_len) == 0 &&
-		    realm && realm_len == wpa_s->last_con_fail_realm_len &&
-		    os_memcmp(realm, wpa_s->last_con_fail_realm,
-			      realm_len) == 0) {
-			wpa_printf(MSG_DEBUG,
-				   "SME: FILS authentication for this realm failed last time - try to regenerate ERP key hierarchy");
-			goto no_fils;
-		}
-
-		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
-					    ssid, 0,
-					    wpa_bss_get_fils_cache_id(bss),
-					    0) == 0)
-			wpa_printf(MSG_DEBUG,
-				   "SME: Try to use FILS with PMKSA caching");
-		resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
-		if (resp) {
-			int auth_alg;
-
-			if (ssid->fils_dh_group)
-				wpa_printf(MSG_DEBUG,
-					   "SME: Try to use FILS SK authentication with PFS (DH Group %u)",
-					   ssid->fils_dh_group);
-			else
-				wpa_printf(MSG_DEBUG,
-					   "SME: Try to use FILS SK authentication without PFS");
-			auth_alg = ssid->fils_dh_group ?
-				WPA_AUTH_ALG_FILS_SK_PFS : WPA_AUTH_ALG_FILS;
-			params.auth_alg = auth_alg;
-			params.auth_data = wpabuf_head(resp);
-			params.auth_data_len = wpabuf_len(resp);
-			wpa_s->sme.auth_alg = auth_alg;
-		}
-	}
-no_fils:
-#endif /* CONFIG_FILS */
-
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_cancel_scan(wpa_s);
-
-	wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
-		" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
-		wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
-
-	eapol_sm_notify_portValid(wpa_s->eapol, false);
-	wpa_clear_keys(wpa_s, bss->bssid);
-	wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
-	if (old_ssid != wpa_s->current_ssid)
-		wpas_notify_network_changed(wpa_s);
-
-#ifdef CONFIG_HS20
-	hs20_configure_frame_filters(wpa_s);
-#endif /* CONFIG_HS20 */
-
-#ifdef CONFIG_P2P
-	/*
-	 * If multi-channel concurrency is not supported, check for any
-	 * frequency conflict. In case of any frequency conflict, remove the
-	 * least prioritized connection.
-	 */
-	if (wpa_s->num_multichan_concurrent < 2) {
-		int freq, num;
-		num = get_shared_radio_freqs(wpa_s, &freq, 1);
-		if (num > 0 && freq > 0 && freq != params.freq) {
-			wpa_printf(MSG_DEBUG,
-				   "Conflicting frequency found (%d != %d)",
-				   freq, params.freq);
-			if (wpas_p2p_handle_frequency_conflicts(wpa_s,
-								params.freq,
-								ssid) < 0) {
-				wpas_connection_failed(wpa_s, bss->bssid);
-				wpa_supplicant_mark_disassoc(wpa_s);
-				wpabuf_free(resp);
-				wpas_connect_work_done(wpa_s);
-				return;
-			}
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	if (skip_auth) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"SME: Skip authentication step on reassoc-to-same-BSS");
-		wpabuf_free(resp);
-		sme_associate(wpa_s, ssid->mode, bss->bssid, WLAN_AUTH_OPEN);
-		return;
-	}
-
-
-	wpa_s->sme.auth_alg = params.auth_alg;
-	if (wpa_drv_authenticate(wpa_s, &params) < 0) {
-		wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
-			"driver failed");
-		wpas_connection_failed(wpa_s, bss->bssid);
-		wpa_supplicant_mark_disassoc(wpa_s);
-		wpabuf_free(resp);
-		wpas_connect_work_done(wpa_s);
-		return;
-	}
-
-	eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
-			       NULL);
-
-	/*
-	 * Association will be started based on the authentication event from
-	 * the driver.
-	 */
-
-	wpabuf_free(resp);
-}
-
-
-static void sme_auth_start_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_connect_work *cwork = work->ctx;
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-
-	wpa_s->roam_in_progress = false;
-
-	if (deinit) {
-		if (work->started)
-			wpa_s->connect_work = NULL;
-
-		wpas_connect_work_free(cwork);
-		return;
-	}
-
-	wpa_s->connect_work = work;
-
-	if (cwork->bss_removed ||
-	    !wpas_valid_bss_ssid(wpa_s, cwork->bss, cwork->ssid) ||
-	    wpas_network_disabled(wpa_s, cwork->ssid)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: BSS/SSID entry for authentication not valid anymore - drop connection attempt");
-		wpas_connect_work_done(wpa_s);
-		return;
-	}
-
-	/* Starting new connection, so clear the possibly used WPA IE from the
-	 * previous association. */
-	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
-	wpa_s->rsnxe_len = 0;
-
-	sme_send_authentication(wpa_s, cwork->bss, cwork->ssid, 1);
-}
-
-
-void sme_authenticate(struct wpa_supplicant *wpa_s,
-		      struct wpa_bss *bss, struct wpa_ssid *ssid)
-{
-	struct wpa_connect_work *cwork;
-
-	if (bss == NULL || ssid == NULL)
-		return;
-	if (wpa_s->connect_work) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reject sme_authenticate() call since connect_work exist");
-		return;
-	}
-
-	if (wpa_s->roam_in_progress) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"SME: Reject sme_authenticate() in favor of explicit roam request");
-		return;
-	}
-	if (radio_work_pending(wpa_s, "sme-connect")) {
-		/*
-		 * The previous sme-connect work might no longer be valid due to
-		 * the fact that the BSS list was updated. In addition, it makes
-		 * sense to adhere to the 'newer' decision.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"SME: Remove previous pending sme-connect");
-		radio_remove_works(wpa_s, "sme-connect", 0);
-	}
-
-	wpas_abort_ongoing_scan(wpa_s);
-
-	cwork = os_zalloc(sizeof(*cwork));
-	if (cwork == NULL)
-		return;
-	cwork->bss = bss;
-	cwork->ssid = ssid;
-	cwork->sme = 1;
-
-#ifdef CONFIG_SAE
-	wpa_s->sme.sae.state = SAE_NOTHING;
-	wpa_s->sme.sae.send_confirm = 0;
-	wpa_s->sme.sae_group_index = 0;
-#endif /* CONFIG_SAE */
-
-	if (radio_add_work(wpa_s, bss->freq, "sme-connect", 1,
-			   sme_auth_start_cb, cwork) < 0)
-		wpas_connect_work_free(cwork);
-}
-
-
-#ifdef CONFIG_SAE
-
-static int sme_external_auth_build_buf(struct wpabuf *buf,
-				       struct wpabuf *params,
-				       const u8 *sa, const u8 *da,
-				       u16 auth_transaction, u16 seq_num,
-				       u16 status_code)
-{
-	struct ieee80211_mgmt *resp;
-
-	resp = wpabuf_put(buf, offsetof(struct ieee80211_mgmt,
-					u.auth.variable));
-
-	resp->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-					   (WLAN_FC_STYPE_AUTH << 4));
-	os_memcpy(resp->da, da, ETH_ALEN);
-	os_memcpy(resp->sa, sa, ETH_ALEN);
-	os_memcpy(resp->bssid, da, ETH_ALEN);
-	resp->u.auth.auth_alg = host_to_le16(WLAN_AUTH_SAE);
-	resp->seq_ctrl = host_to_le16(seq_num << 4);
-	resp->u.auth.auth_transaction = host_to_le16(auth_transaction);
-	resp->u.auth.status_code = host_to_le16(status_code);
-	if (params)
-		wpabuf_put_buf(buf, params);
-
-	return 0;
-}
-
-
-static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
-					     const u8 *bssid,
-					     struct wpa_ssid *ssid)
-{
-	struct wpabuf *resp, *buf;
-	int use_pt;
-	bool use_pk;
-	u16 status;
-
-	resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, 1, 0, &use_pt,
-					 &use_pk);
-	if (!resp) {
-		wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit");
-		return -1;
-	}
-
-	wpa_s->sme.sae.state = SAE_COMMITTED;
-	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + wpabuf_len(resp));
-	if (!buf) {
-		wpabuf_free(resp);
-		return -1;
-	}
-
-	wpa_s->sme.seq_num++;
-	if (use_pk)
-		status = WLAN_STATUS_SAE_PK;
-	else if (use_pt)
-		status = WLAN_STATUS_SAE_HASH_TO_ELEMENT;
-	else
-		status = WLAN_STATUS_SUCCESS;
-	sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
-				    bssid, 1, wpa_s->sme.seq_num, status);
-	wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
-	wpabuf_free(resp);
-	wpabuf_free(buf);
-
-	return 0;
-}
-
-
-static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
-					  u16 status)
-{
-	struct external_auth params;
-
-	os_memset(&params, 0, sizeof(params));
-	params.status = status;
-	params.ssid = wpa_s->sme.ext_auth_ssid;
-	params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
-	params.bssid = wpa_s->sme.ext_auth_bssid;
-	if (wpa_s->conf->sae_pmkid_in_assoc && status == WLAN_STATUS_SUCCESS)
-		params.pmkid = wpa_s->sme.sae.pmkid;
-	wpa_drv_send_external_auth_status(wpa_s, &params);
-}
-
-
-static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
-					  union wpa_event_data *data)
-{
-	struct wpa_ssid *ssid;
-	size_t ssid_str_len = data->external_auth.ssid_len;
-	const u8 *ssid_str = data->external_auth.ssid;
-
-	/* Get the SSID conf from the ssid string obtained */
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (!wpas_network_disabled(wpa_s, ssid) &&
-		    ssid_str_len == ssid->ssid_len &&
-		    os_memcmp(ssid_str, ssid->ssid, ssid_str_len) == 0 &&
-		    (ssid->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE)))
-			break;
-	}
-	if (!ssid ||
-	    sme_external_auth_send_sae_commit(wpa_s, data->external_auth.bssid,
-					      ssid) < 0)
-		return -1;
-
-	return 0;
-}
-
-
-static void sme_external_auth_send_sae_confirm(struct wpa_supplicant *wpa_s,
-					       const u8 *da)
-{
-	struct wpabuf *resp, *buf;
-
-	resp = sme_auth_build_sae_confirm(wpa_s, 1);
-	if (!resp) {
-		wpa_printf(MSG_DEBUG, "SAE: Confirm message buf alloc failure");
-		return;
-	}
-
-	wpa_s->sme.sae.state = SAE_CONFIRMED;
-	buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN + wpabuf_len(resp));
-	if (!buf) {
-		wpa_printf(MSG_DEBUG, "SAE: Auth Confirm buf alloc failure");
-		wpabuf_free(resp);
-		return;
-	}
-	wpa_s->sme.seq_num++;
-	sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
-				    da, 2, wpa_s->sme.seq_num,
-				    WLAN_STATUS_SUCCESS);
-	wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
-	wpabuf_free(resp);
-	wpabuf_free(buf);
-}
-
-
-void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
-			       union wpa_event_data *data)
-{
-	if (RSN_SELECTOR_GET(&data->external_auth.key_mgmt_suite) !=
-	    RSN_AUTH_KEY_MGMT_SAE)
-		return;
-
-	if (data->external_auth.action == EXT_AUTH_START) {
-		if (!data->external_auth.bssid || !data->external_auth.ssid)
-			return;
-		os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
-			  ETH_ALEN);
-		os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
-			  data->external_auth.ssid_len);
-		wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
-		wpa_s->sme.seq_num = 0;
-		wpa_s->sme.sae.state = SAE_NOTHING;
-		wpa_s->sme.sae.send_confirm = 0;
-		wpa_s->sme.sae_group_index = 0;
-		if (sme_handle_external_auth_start(wpa_s, data) < 0)
-			sme_send_external_auth_status(wpa_s,
-					      WLAN_STATUS_UNSPECIFIED_FAILURE);
-	} else if (data->external_auth.action == EXT_AUTH_ABORT) {
-		/* Report failure to driver for the wrong trigger */
-		sme_send_external_auth_status(wpa_s,
-					      WLAN_STATUS_UNSPECIFIED_FAILURE);
-	}
-}
-
-
-static int sme_sae_is_group_enabled(struct wpa_supplicant *wpa_s, int group)
-{
-	int *groups = wpa_s->conf->sae_groups;
-	int default_groups[] = { 19, 20, 21, 0 };
-	int i;
-
-	if (!groups)
-		groups = default_groups;
-
-	for (i = 0; groups[i] > 0; i++) {
-		if (groups[i] == group)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
-					 const struct wpabuf *groups)
-{
-	size_t i, count;
-	const u8 *pos;
-
-	if (!groups)
-		return 0;
-
-	pos = wpabuf_head(groups);
-	count = wpabuf_len(groups) / 2;
-	for (i = 0; i < count; i++) {
-		int enabled;
-		u16 group;
-
-		group = WPA_GET_LE16(pos);
-		pos += 2;
-		enabled = sme_sae_is_group_enabled(wpa_s, group);
-		wpa_printf(MSG_DEBUG, "SAE: Rejected group %u is %s",
-			   group, enabled ? "enabled" : "disabled");
-		if (enabled)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
-			u16 status_code, const u8 *data, size_t len,
-			int external, const u8 *sa)
-{
-	int *groups;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u "
-		"status code %u", auth_transaction, status_code);
-
-	if (auth_transaction == 1 &&
-	    status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
-	    wpa_s->sme.sae.state == SAE_COMMITTED &&
-	    (external || wpa_s->current_bss) && wpa_s->current_ssid) {
-		int default_groups[] = { 19, 20, 21, 0 };
-		u16 group;
-		const u8 *token_pos;
-		size_t token_len;
-		int h2e = 0;
-
-		groups = wpa_s->conf->sae_groups;
-		if (!groups || groups[0] <= 0)
-			groups = default_groups;
-
-		wpa_hexdump(MSG_DEBUG, "SME: SAE anti-clogging token request",
-			    data, len);
-		if (len < sizeof(le16)) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SME: Too short SAE anti-clogging token request");
-			return -1;
-		}
-		group = WPA_GET_LE16(data);
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"SME: SAE anti-clogging token requested (group %u)",
-			group);
-		if (sae_group_allowed(&wpa_s->sme.sae, groups, group) !=
-		    WLAN_STATUS_SUCCESS) {
-			wpa_dbg(wpa_s, MSG_ERROR,
-				"SME: SAE group %u of anti-clogging request is invalid",
-				group);
-			return -1;
-		}
-		wpabuf_free(wpa_s->sme.sae_token);
-		token_pos = data + sizeof(le16);
-		token_len = len - sizeof(le16);
-		h2e = wpa_s->sme.sae.h2e;
-		if (h2e) {
-			if (token_len < 3) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"SME: Too short SAE anti-clogging token container");
-				return -1;
-			}
-			if (token_pos[0] != WLAN_EID_EXTENSION ||
-			    token_pos[1] == 0 ||
-			    token_pos[1] > token_len - 2 ||
-			    token_pos[2] != WLAN_EID_EXT_ANTI_CLOGGING_TOKEN) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"SME: Invalid SAE anti-clogging token container header");
-				return -1;
-			}
-			token_len = token_pos[1] - 1;
-			token_pos += 3;
-		}
-		wpa_s->sme.sae_token = wpabuf_alloc_copy(token_pos, token_len);
-		wpa_hexdump_buf(MSG_DEBUG, "SME: Requested anti-clogging token",
-				wpa_s->sme.sae_token);
-		if (!external)
-			sme_send_authentication(wpa_s, wpa_s->current_bss,
-						wpa_s->current_ssid, 2);
-		else
-			sme_external_auth_send_sae_commit(
-				wpa_s, wpa_s->sme.ext_auth_bssid,
-				wpa_s->current_ssid);
-		return 0;
-	}
-
-	if (auth_transaction == 1 &&
-	    status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
-	    wpa_s->sme.sae.state == SAE_COMMITTED &&
-	    (external || wpa_s->current_bss) && wpa_s->current_ssid) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
-		int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
-				     wpa_s->sme.sae.group);
-		wpa_s->sme.sae_group_index++;
-		if (sme_set_sae_group(wpa_s) < 0)
-			return -1; /* no other groups enabled */
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Try next enabled SAE group");
-		if (!external)
-			sme_send_authentication(wpa_s, wpa_s->current_bss,
-						wpa_s->current_ssid, 1);
-		else
-			sme_external_auth_send_sae_commit(
-				wpa_s, wpa_s->sme.ext_auth_bssid,
-				wpa_s->current_ssid);
-		return 0;
-	}
-
-	if (auth_transaction == 1 &&
-	    status_code == WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER) {
-		const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
-
-		wpa_msg(wpa_s, MSG_INFO,
-			WPA_EVENT_SAE_UNKNOWN_PASSWORD_IDENTIFIER MACSTR,
-			MAC2STR(bssid));
-		return -1;
-	}
-
-	if (status_code != WLAN_STATUS_SUCCESS &&
-	    status_code != WLAN_STATUS_SAE_HASH_TO_ELEMENT &&
-	    status_code != WLAN_STATUS_SAE_PK) {
-		const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
-
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
-			" auth_type=%u auth_transaction=%u status_code=%u",
-			MAC2STR(bssid), WLAN_AUTH_SAE,
-			auth_transaction, status_code);
-		return -1;
-	}
-
-	if (auth_transaction == 1) {
-		u16 res;
-
-		groups = wpa_s->conf->sae_groups;
-
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
-		if ((!external && wpa_s->current_bss == NULL) ||
-		    wpa_s->current_ssid == NULL)
-			return -1;
-		if (wpa_s->sme.sae.state != SAE_COMMITTED) {
-			wpa_printf(MSG_DEBUG,
-				   "SAE: Ignore commit message while waiting for confirm");
-			return 0;
-		}
-		if (wpa_s->sme.sae.h2e && status_code == WLAN_STATUS_SUCCESS) {
-			wpa_printf(MSG_DEBUG,
-				   "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
-			return -1;
-		}
-		if ((!wpa_s->sme.sae.h2e || wpa_s->sme.sae.pk) &&
-		    status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
-			wpa_printf(MSG_DEBUG,
-				   "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
-			return -1;
-		}
-		if (!wpa_s->sme.sae.pk &&
-		    status_code == WLAN_STATUS_SAE_PK) {
-			wpa_printf(MSG_DEBUG,
-				   "SAE: Unexpected use of status code for PK in SAE commit when PK was not expected");
-			return -1;
-		}
-
-		if (groups && groups[0] <= 0)
-			groups = NULL;
-		res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
-				       groups, status_code ==
-				       WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
-				       status_code == WLAN_STATUS_SAE_PK);
-		if (res == SAE_SILENTLY_DISCARD) {
-			wpa_printf(MSG_DEBUG,
-				   "SAE: Drop commit message due to reflection attack");
-			return 0;
-		}
-		if (res != WLAN_STATUS_SUCCESS)
-			return -1;
-
-		if (wpa_s->sme.sae.tmp &&
-		    sme_check_sae_rejected_groups(
-			    wpa_s,
-			    wpa_s->sme.sae.tmp->peer_rejected_groups))
-			return -1;
-
-		if (sae_process_commit(&wpa_s->sme.sae) < 0) {
-			wpa_printf(MSG_DEBUG, "SAE: Failed to process peer "
-				   "commit");
-			return -1;
-		}
-
-		wpabuf_free(wpa_s->sme.sae_token);
-		wpa_s->sme.sae_token = NULL;
-		if (!external)
-			sme_send_authentication(wpa_s, wpa_s->current_bss,
-						wpa_s->current_ssid, 0);
-		else
-			sme_external_auth_send_sae_confirm(wpa_s, sa);
-		return 0;
-	} else if (auth_transaction == 2) {
-		if (status_code != WLAN_STATUS_SUCCESS)
-			return -1;
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm");
-		if (wpa_s->sme.sae.state != SAE_CONFIRMED)
-			return -1;
-		if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0)
-			return -1;
-		wpa_s->sme.sae.state = SAE_ACCEPTED;
-		sae_clear_temp_data(&wpa_s->sme.sae);
-
-		if (external) {
-			/* Report success to driver */
-			sme_send_external_auth_status(wpa_s,
-						      WLAN_STATUS_SUCCESS);
-		}
-
-		return 1;
-	}
-
-	return -1;
-}
-
-
-static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	wpa_printf(MSG_DEBUG,
-		   "SME: SAE completed - setting PMK for 4-way handshake");
-	wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN,
-		       wpa_s->sme.sae.pmkid, bssid);
-	if (wpa_s->conf->sae_pmkid_in_assoc) {
-		/* Update the own RSNE contents now that we have set the PMK
-		 * and added a PMKSA cache entry based on the successfully
-		 * completed SAE exchange. In practice, this will add the PMKID
-		 * into RSNE. */
-		if (wpa_s->sme.assoc_req_ie_len + 2 + PMKID_LEN >
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_msg(wpa_s, MSG_WARNING,
-				"RSN: Not enough room for inserting own PMKID into RSNE");
-			return -1;
-		}
-		if (wpa_insert_pmkid(wpa_s->sme.assoc_req_ie,
-				     &wpa_s->sme.assoc_req_ie_len,
-				     wpa_s->sme.sae.pmkid) < 0)
-			return -1;
-		wpa_hexdump(MSG_DEBUG,
-			    "SME: Updated Association Request IEs",
-			    wpa_s->sme.assoc_req_ie,
-			    wpa_s->sme.assoc_req_ie_len);
-	}
-
-	return 0;
-}
-
-
-void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
-			       const u8 *auth_frame, size_t len)
-{
-	const struct ieee80211_mgmt *header;
-	size_t auth_length;
-
-	header = (const struct ieee80211_mgmt *) auth_frame;
-	auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth);
-
-	if (len < auth_length) {
-		/* Notify failure to the driver */
-		sme_send_external_auth_status(wpa_s,
-					      WLAN_STATUS_UNSPECIFIED_FAILURE);
-		return;
-	}
-
-	if (le_to_host16(header->u.auth.auth_alg) == WLAN_AUTH_SAE) {
-		int res;
-
-		res = sme_sae_auth(
-			wpa_s, le_to_host16(header->u.auth.auth_transaction),
-			le_to_host16(header->u.auth.status_code),
-			header->u.auth.variable,
-			len - auth_length, 1, header->sa);
-		if (res < 0) {
-			/* Notify failure to the driver */
-			sme_send_external_auth_status(
-				wpa_s, WLAN_STATUS_UNSPECIFIED_FAILURE);
-			return;
-		}
-		if (res != 1)
-			return;
-
-		if (sme_sae_set_pmk(wpa_s, wpa_s->sme.ext_auth_bssid) < 0)
-			return;
-	}
-}
-
-#endif /* CONFIG_SAE */
-
-
-void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (ssid == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
-			"when network is not selected");
-		return;
-	}
-
-	if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
-			"when not in authenticating state");
-		return;
-	}
-
-	if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
-			"unexpected peer " MACSTR,
-			MAC2STR(data->auth.peer));
-		return;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
-		" auth_type=%d auth_transaction=%d status_code=%d",
-		MAC2STR(data->auth.peer), data->auth.auth_type,
-		data->auth.auth_transaction, data->auth.status_code);
-	wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
-		    data->auth.ies, data->auth.ies_len);
-
-	eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
-
-#ifdef CONFIG_SAE
-	if (data->auth.auth_type == WLAN_AUTH_SAE) {
-		int res;
-		res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
-				   data->auth.status_code, data->auth.ies,
-				   data->auth.ies_len, 0, data->auth.peer);
-		if (res < 0) {
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-
-		}
-		if (res != 1)
-			return;
-
-		if (sme_sae_set_pmk(wpa_s, wpa_s->pending_bssid) < 0)
-			return;
-	}
-#endif /* CONFIG_SAE */
-
-	if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
-		char *ie_txt = NULL;
-
-		if (data->auth.ies && data->auth.ies_len) {
-			size_t buflen = 2 * data->auth.ies_len + 1;
-			ie_txt = os_malloc(buflen);
-			if (ie_txt) {
-				wpa_snprintf_hex(ie_txt, buflen, data->auth.ies,
-						 data->auth.ies_len);
-			}
-		}
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
-			" auth_type=%u auth_transaction=%u status_code=%u%s%s",
-			MAC2STR(data->auth.peer), data->auth.auth_type,
-			data->auth.auth_transaction, data->auth.status_code,
-			ie_txt ? " ie=" : "",
-			ie_txt ? ie_txt : "");
-		os_free(ie_txt);
-
-#ifdef CONFIG_FILS
-		if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
-		    wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS)
-			fils_connection_failure(wpa_s);
-#endif /* CONFIG_FILS */
-
-		if (data->auth.status_code !=
-		    WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
-		    wpa_s->sme.auth_alg == data->auth.auth_type ||
-		    wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-			return;
-		}
-
-		wpas_connect_work_done(wpa_s);
-
-		switch (data->auth.auth_type) {
-		case WLAN_AUTH_OPEN:
-			wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
-
-			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
-			wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
-						 wpa_s->current_ssid);
-			return;
-
-		case WLAN_AUTH_SHARED_KEY:
-			wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
-
-			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
-			wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
-						 wpa_s->current_ssid);
-			return;
-
-		default:
-			return;
-		}
-	}
-
-#ifdef CONFIG_IEEE80211R
-	if (data->auth.auth_type == WLAN_AUTH_FT) {
-		const u8 *ric_ies = NULL;
-		size_t ric_ies_len = 0;
-
-		if (wpa_s->ric_ies) {
-			ric_ies = wpabuf_head(wpa_s->ric_ies);
-			ric_ies_len = wpabuf_len(wpa_s->ric_ies);
-		}
-		if (wpa_ft_process_response(wpa_s->wpa, data->auth.ies,
-					    data->auth.ies_len, 0,
-					    data->auth.peer,
-					    ric_ies, ric_ies_len) < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SME: FT Authentication response processing failed");
-			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
-				MACSTR
-				" reason=%d locally_generated=1",
-				MAC2STR(wpa_s->pending_bssid),
-				WLAN_REASON_DEAUTH_LEAVING);
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_mark_disassoc(wpa_s);
-			return;
-		}
-	}
-#endif /* CONFIG_IEEE80211R */
-
-#ifdef CONFIG_FILS
-	if (data->auth.auth_type == WLAN_AUTH_FILS_SK ||
-	    data->auth.auth_type == WLAN_AUTH_FILS_SK_PFS) {
-		u16 expect_auth_type;
-
-		expect_auth_type = wpa_s->sme.auth_alg ==
-			WPA_AUTH_ALG_FILS_SK_PFS ? WLAN_AUTH_FILS_SK_PFS :
-			WLAN_AUTH_FILS_SK;
-		if (data->auth.auth_type != expect_auth_type) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SME: FILS Authentication response used different auth alg (%u; expected %u)",
-				data->auth.auth_type, expect_auth_type);
-			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
-				MACSTR
-				" reason=%d locally_generated=1",
-				MAC2STR(wpa_s->pending_bssid),
-				WLAN_REASON_DEAUTH_LEAVING);
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_mark_disassoc(wpa_s);
-			return;
-		}
-
-		if (fils_process_auth(wpa_s->wpa, wpa_s->pending_bssid,
-				      data->auth.ies, data->auth.ies_len) < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SME: FILS Authentication response processing failed");
-			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
-				MACSTR
-				" reason=%d locally_generated=1",
-				MAC2STR(wpa_s->pending_bssid),
-				WLAN_REASON_DEAUTH_LEAVING);
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_mark_disassoc(wpa_s);
-			return;
-		}
-	}
-#endif /* CONFIG_FILS */
-
-	sme_associate(wpa_s, ssid->mode, data->auth.peer,
-		      data->auth.auth_type);
-}
-
-
-#ifdef CONFIG_IEEE80211R
-static void remove_ie(u8 *buf, size_t *len, u8 eid)
-{
-	u8 *pos, *next, *end;
-
-	pos = (u8 *) get_ie(buf, *len, eid);
-	if (pos) {
-		next = pos + 2 + pos[1];
-		end = buf + *len;
-		*len -= 2 + pos[1];
-		os_memmove(pos, next, end - next);
-	}
-}
-#endif /* CONFIG_IEEE80211R */
-
-
-void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
-		   const u8 *bssid, u16 auth_type)
-{
-	struct wpa_driver_associate_params params;
-	struct ieee802_11_elems elems;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-#ifdef CONFIG_FILS
-	u8 nonces[2 * FILS_NONCE_LEN];
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_HT_OVERRIDES
-	struct ieee80211_ht_capabilities htcaps;
-	struct ieee80211_ht_capabilities htcaps_mask;
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	struct ieee80211_vht_capabilities vhtcaps;
-	struct ieee80211_vht_capabilities vhtcaps_mask;
-#endif /* CONFIG_VHT_OVERRIDES */
-
-	os_memset(&params, 0, sizeof(params));
-
-#ifdef CONFIG_FILS
-	if (auth_type == WLAN_AUTH_FILS_SK ||
-	    auth_type == WLAN_AUTH_FILS_SK_PFS) {
-		struct wpabuf *buf;
-		const u8 *snonce, *anonce;
-		const unsigned int max_hlp = 20;
-		struct wpabuf *hlp[max_hlp];
-		unsigned int i, num_hlp = 0;
-		struct fils_hlp_req *req;
-
-		dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
-				 list) {
-			hlp[num_hlp] = wpabuf_alloc(2 * ETH_ALEN + 6 +
-					      wpabuf_len(req->pkt));
-			if (!hlp[num_hlp])
-				break;
-			wpabuf_put_data(hlp[num_hlp], req->dst, ETH_ALEN);
-			wpabuf_put_data(hlp[num_hlp], wpa_s->own_addr,
-					ETH_ALEN);
-			wpabuf_put_data(hlp[num_hlp],
-					"\xaa\xaa\x03\x00\x00\x00", 6);
-			wpabuf_put_buf(hlp[num_hlp], req->pkt);
-			num_hlp++;
-			if (num_hlp >= max_hlp)
-				break;
-		}
-
-		buf = fils_build_assoc_req(wpa_s->wpa, &params.fils_kek,
-					   &params.fils_kek_len, &snonce,
-					   &anonce,
-					   (const struct wpabuf **) hlp,
-					   num_hlp);
-		for (i = 0; i < num_hlp; i++)
-			wpabuf_free(hlp[i]);
-		if (!buf)
-			return;
-		wpa_hexdump(MSG_DEBUG, "FILS: assoc_req before FILS elements",
-			    wpa_s->sme.assoc_req_ie,
-			    wpa_s->sme.assoc_req_ie_len);
-#ifdef CONFIG_IEEE80211R
-		if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
-			/* Remove RSNE and MDE to allow them to be overridden
-			 * with FILS+FT specific values from
-			 * fils_build_assoc_req(). */
-			remove_ie(wpa_s->sme.assoc_req_ie,
-				  &wpa_s->sme.assoc_req_ie_len,
-				  WLAN_EID_RSN);
-			wpa_hexdump(MSG_DEBUG,
-				    "FILS: assoc_req after RSNE removal",
-				    wpa_s->sme.assoc_req_ie,
-				    wpa_s->sme.assoc_req_ie_len);
-			remove_ie(wpa_s->sme.assoc_req_ie,
-				  &wpa_s->sme.assoc_req_ie_len,
-				  WLAN_EID_MOBILITY_DOMAIN);
-			wpa_hexdump(MSG_DEBUG,
-				    "FILS: assoc_req after MDE removal",
-				    wpa_s->sme.assoc_req_ie,
-				    wpa_s->sme.assoc_req_ie_len);
-		}
-#endif /* CONFIG_IEEE80211R */
-		/* TODO: Make wpa_s->sme.assoc_req_ie use dynamic allocation */
-		if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(buf) >
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_printf(MSG_ERROR,
-				   "FILS: Not enough buffer room for own AssocReq elements");
-			wpabuf_free(buf);
-			return;
-		}
-		os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			  wpabuf_head(buf), wpabuf_len(buf));
-		wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
-		wpabuf_free(buf);
-		wpa_hexdump(MSG_DEBUG, "FILS: assoc_req after FILS elements",
-			    wpa_s->sme.assoc_req_ie,
-			    wpa_s->sme.assoc_req_ie_len);
-
-		os_memcpy(nonces, snonce, FILS_NONCE_LEN);
-		os_memcpy(nonces + FILS_NONCE_LEN, anonce, FILS_NONCE_LEN);
-		params.fils_nonces = nonces;
-		params.fils_nonces_len = sizeof(nonces);
-	}
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_OWE
-#ifdef CONFIG_TESTING_OPTIONS
-	if (get_ie_ext(wpa_s->sme.assoc_req_ie, wpa_s->sme.assoc_req_ie_len,
-		       WLAN_EID_EXT_OWE_DH_PARAM)) {
-		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
-	} else
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (auth_type == WLAN_AUTH_OPEN &&
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
-		struct wpabuf *owe_ie;
-		u16 group;
-
-		if (ssid && ssid->owe_group) {
-			group = ssid->owe_group;
-		} else if (wpa_s->assoc_status_code ==
-			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
-			if (wpa_s->last_owe_group == 19)
-				group = 20;
-			else if (wpa_s->last_owe_group == 20)
-				group = 21;
-			else
-				group = OWE_DH_GROUP;
-		} else {
-			group = OWE_DH_GROUP;
-		}
-
-		wpa_s->last_owe_group = group;
-		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
-		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
-		if (!owe_ie) {
-			wpa_printf(MSG_ERROR,
-				   "OWE: Failed to build IE for Association Request frame");
-			return;
-		}
-		if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(owe_ie) >
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_printf(MSG_ERROR,
-				   "OWE: Not enough buffer room for own Association Request frame elements");
-			wpabuf_free(owe_ie);
-			return;
-		}
-		os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
-		wpa_s->sme.assoc_req_ie_len += wpabuf_len(owe_ie);
-		wpabuf_free(owe_ie);
-	}
-#endif /* CONFIG_OWE */
-
-#ifdef CONFIG_DPP2
-	if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP && ssid &&
-	    ssid->dpp_netaccesskey && ssid->dpp_pfs != 2 &&
-	    !ssid->dpp_pfs_fallback) {
-		struct rsn_pmksa_cache_entry *pmksa;
-
-		pmksa = pmksa_cache_get_current(wpa_s->wpa);
-		if (!pmksa || !pmksa->dpp_pfs)
-			goto pfs_fail;
-
-		dpp_pfs_free(wpa_s->dpp_pfs);
-		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
-					      ssid->dpp_netaccesskey_len);
-		if (!wpa_s->dpp_pfs) {
-			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
-			/* Try to continue without PFS */
-			goto pfs_fail;
-		}
-		if (wpa_s->sme.assoc_req_ie_len +
-		    wpabuf_len(wpa_s->dpp_pfs->ie) >
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_printf(MSG_ERROR,
-				   "DPP: Not enough buffer room for own Association Request frame elements");
-			dpp_pfs_free(wpa_s->dpp_pfs);
-			wpa_s->dpp_pfs = NULL;
-			goto pfs_fail;
-		}
-		os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			  wpabuf_head(wpa_s->dpp_pfs->ie),
-			  wpabuf_len(wpa_s->dpp_pfs->ie));
-		wpa_s->sme.assoc_req_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
-	}
-pfs_fail:
-#endif /* CONFIG_DPP2 */
-
-	wpa_s->mscs_setup_done = false;
-	if (wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_MSCS) &&
-	    wpa_s->robust_av.valid_config) {
-		struct wpabuf *mscs_ie;
-		size_t mscs_ie_len, buf_len, *wpa_ie_len, max_ie_len;
-
-		buf_len = 3 +	/* MSCS descriptor IE header */
-			  1 +	/* Request type */
-			  2 +	/* User priority control */
-			  4 +	/* Stream timeout */
-			  3 +	/* TCLAS Mask IE header */
-			  wpa_s->robust_av.frame_classifier_len;
-		mscs_ie = wpabuf_alloc(buf_len);
-		if (!mscs_ie) {
-			wpa_printf(MSG_INFO,
-				   "MSCS: Failed to allocate MSCS IE");
-			goto mscs_fail;
-		}
-
-		wpa_ie_len = &wpa_s->sme.assoc_req_ie_len;
-		max_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
-		wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
-		if ((*wpa_ie_len + wpabuf_len(mscs_ie)) <= max_ie_len) {
-			wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
-			mscs_ie_len = wpabuf_len(mscs_ie);
-			os_memcpy(wpa_s->sme.assoc_req_ie + *wpa_ie_len,
-				  wpabuf_head(mscs_ie), mscs_ie_len);
-			*wpa_ie_len += mscs_ie_len;
-		}
-
-		wpabuf_free(mscs_ie);
-	}
-mscs_fail:
-
-	if (ssid && ssid->multi_ap_backhaul_sta) {
-		size_t multi_ap_ie_len;
-
-		multi_ap_ie_len = add_multi_ap_ie(
-			wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			sizeof(wpa_s->sme.assoc_req_ie) -
-			wpa_s->sme.assoc_req_ie_len,
-			MULTI_AP_BACKHAUL_STA);
-		if (multi_ap_ie_len == 0) {
-			wpa_printf(MSG_ERROR,
-				   "Multi-AP: Failed to build Multi-AP IE");
-			return;
-		}
-		wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len;
-	}
-
-	params.bssid = bssid;
-	params.ssid = wpa_s->sme.ssid;
-	params.ssid_len = wpa_s->sme.ssid_len;
-	params.freq.freq = wpa_s->sme.freq;
-	params.bg_scan_period = ssid ? ssid->bg_scan_period : -1;
-	params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
-		wpa_s->sme.assoc_req_ie : NULL;
-	params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
-	wpa_hexdump(MSG_DEBUG, "SME: Association Request IEs",
-		    params.wpa_ie, params.wpa_ie_len);
-	params.pairwise_suite = wpa_s->pairwise_cipher;
-	params.group_suite = wpa_s->group_cipher;
-	params.mgmt_group_suite = wpa_s->mgmt_group_cipher;
-	params.key_mgmt_suite = wpa_s->key_mgmt;
-	params.wpa_proto = wpa_s->wpa_proto;
-#ifdef CONFIG_HT_OVERRIDES
-	os_memset(&htcaps, 0, sizeof(htcaps));
-	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
-	params.htcaps = (u8 *) &htcaps;
-	params.htcaps_mask = (u8 *) &htcaps_mask;
-	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
-	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
-	params.vhtcaps = &vhtcaps;
-	params.vhtcaps_mask = &vhtcaps_mask;
-	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
-#endif /* CONFIG_VHT_OVERRIDES */
-#ifdef CONFIG_HE_OVERRIDES
-	wpa_supplicant_apply_he_overrides(wpa_s, ssid, &params);
-#endif /* CONFIG_HE_OVERRIDES */
-#ifdef CONFIG_IEEE80211R
-	if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies &&
-	    get_ie(wpa_s->sme.ft_ies, wpa_s->sme.ft_ies_len,
-		   WLAN_EID_RIC_DATA)) {
-		/* There seems to be a pretty inconvenient bug in the Linux
-		 * kernel IE splitting functionality when RIC is used. For now,
-		 * skip correct behavior in IE construction here (i.e., drop the
-		 * additional non-FT-specific IEs) to avoid kernel issues. This
-		 * is fine since RIC is used only for testing purposes in the
-		 * current implementation. */
-		wpa_printf(MSG_INFO,
-			   "SME: Linux kernel workaround - do not try to include additional IEs with RIC");
-		params.wpa_ie = wpa_s->sme.ft_ies;
-		params.wpa_ie_len = wpa_s->sme.ft_ies_len;
-	} else if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
-		const u8 *rm_en, *pos, *end;
-		size_t rm_en_len = 0;
-		u8 *rm_en_dup = NULL, *wpos;
-
-		/* Remove RSNE, MDE, FTE to allow them to be overridden with
-		 * FT specific values */
-		remove_ie(wpa_s->sme.assoc_req_ie,
-			  &wpa_s->sme.assoc_req_ie_len,
-			  WLAN_EID_RSN);
-		remove_ie(wpa_s->sme.assoc_req_ie,
-			  &wpa_s->sme.assoc_req_ie_len,
-			  WLAN_EID_MOBILITY_DOMAIN);
-		remove_ie(wpa_s->sme.assoc_req_ie,
-			  &wpa_s->sme.assoc_req_ie_len,
-			  WLAN_EID_FAST_BSS_TRANSITION);
-		rm_en = get_ie(wpa_s->sme.assoc_req_ie,
-			       wpa_s->sme.assoc_req_ie_len,
-			       WLAN_EID_RRM_ENABLED_CAPABILITIES);
-		if (rm_en) {
-			/* Need to remove RM Enabled Capabilities element as
-			 * well temporarily, so that it can be placed between
-			 * RSNE and MDE. */
-			rm_en_len = 2 + rm_en[1];
-			rm_en_dup = os_memdup(rm_en, rm_en_len);
-			remove_ie(wpa_s->sme.assoc_req_ie,
-				  &wpa_s->sme.assoc_req_ie_len,
-				  WLAN_EID_RRM_ENABLED_CAPABILITIES);
-		}
-		wpa_hexdump(MSG_DEBUG,
-			    "SME: Association Request IEs after FT IE removal",
-			    wpa_s->sme.assoc_req_ie,
-			    wpa_s->sme.assoc_req_ie_len);
-		if (wpa_s->sme.assoc_req_ie_len + wpa_s->sme.ft_ies_len +
-		    rm_en_len > sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_printf(MSG_ERROR,
-				   "SME: Not enough buffer room for FT IEs in Association Request frame");
-			os_free(rm_en_dup);
-			return;
-		}
-
-		os_memmove(wpa_s->sme.assoc_req_ie + wpa_s->sme.ft_ies_len +
-			   rm_en_len,
-			   wpa_s->sme.assoc_req_ie,
-			   wpa_s->sme.assoc_req_ie_len);
-		pos = wpa_s->sme.ft_ies;
-		end = pos + wpa_s->sme.ft_ies_len;
-		wpos = wpa_s->sme.assoc_req_ie;
-		if (*pos == WLAN_EID_RSN) {
-			os_memcpy(wpos, pos, 2 + pos[1]);
-			wpos += 2 + pos[1];
-			pos += 2 + pos[1];
-		}
-		if (rm_en_dup) {
-			os_memcpy(wpos, rm_en_dup, rm_en_len);
-			wpos += rm_en_len;
-			os_free(rm_en_dup);
-		}
-		os_memcpy(wpos, pos, end - pos);
-		wpa_s->sme.assoc_req_ie_len += wpa_s->sme.ft_ies_len +
-			rm_en_len;
-		params.wpa_ie = wpa_s->sme.assoc_req_ie;
-		params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
-		wpa_hexdump(MSG_DEBUG,
-			    "SME: Association Request IEs after FT override",
-			    params.wpa_ie, params.wpa_ie_len);
-	}
-#endif /* CONFIG_IEEE80211R */
-	params.mode = mode;
-	params.mgmt_frame_protection = wpa_s->sme.mfp;
-	params.rrm_used = wpa_s->rrm.rrm_used;
-	if (wpa_s->sme.prev_bssid_set)
-		params.prev_bssid = wpa_s->sme.prev_bssid;
-
-	wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
-		" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
-		params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
-		params.freq.freq);
-
-	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
-
-	if (params.wpa_ie == NULL ||
-	    ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
-	    < 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
-		os_memset(&elems, 0, sizeof(elems));
-	}
-	if (elems.rsn_ie) {
-		params.wpa_proto = WPA_PROTO_RSN;
-		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
-					elems.rsn_ie_len + 2);
-	} else if (elems.wpa_ie) {
-		params.wpa_proto = WPA_PROTO_WPA;
-		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
-					elems.wpa_ie_len + 2);
-	} else if (elems.osen) {
-		params.wpa_proto = WPA_PROTO_OSEN;
-		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.osen - 2,
-					elems.osen_len + 2);
-	} else
-		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-	if (elems.rsnxe)
-		wpa_sm_set_assoc_rsnxe(wpa_s->wpa, elems.rsnxe - 2,
-				       elems.rsnxe_len + 2);
-	else
-		wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
-	if (ssid && ssid->p2p_group)
-		params.p2p = 1;
-
-	if (wpa_s->p2pdev->set_sta_uapsd)
-		params.uapsd = wpa_s->p2pdev->sta_uapsd;
-	else
-		params.uapsd = -1;
-
-	if (wpa_drv_associate(wpa_s, &params) < 0) {
-		wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
-			"driver failed");
-		wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
-		return;
-	}
-
-	eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
-			       NULL);
-
-#ifdef CONFIG_TESTING_OPTIONS
-	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
-	wpa_s->last_assoc_req_wpa_ie = NULL;
-	if (params.wpa_ie)
-		wpa_s->last_assoc_req_wpa_ie =
-			wpabuf_alloc_copy(params.wpa_ie, params.wpa_ie_len);
-#endif /* CONFIG_TESTING_OPTIONS */
-}
-
-
-int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
-		      const u8 *ies, size_t ies_len)
-{
-	if (md == NULL || ies == NULL) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
-		os_free(wpa_s->sme.ft_ies);
-		wpa_s->sme.ft_ies = NULL;
-		wpa_s->sme.ft_ies_len = 0;
-		wpa_s->sme.ft_used = 0;
-		return 0;
-	}
-
-	os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
-	wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
-	os_free(wpa_s->sme.ft_ies);
-	wpa_s->sme.ft_ies = os_memdup(ies, ies_len);
-	if (wpa_s->sme.ft_ies == NULL)
-		return -1;
-	wpa_s->sme.ft_ies_len = ies_len;
-	return 0;
-}
-
-
-static void sme_deauth(struct wpa_supplicant *wpa_s)
-{
-	int bssid_changed;
-
-	bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
-
-	if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
-				   WLAN_REASON_DEAUTH_LEAVING) < 0) {
-		wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
-			"failed");
-	}
-	wpa_s->sme.prev_bssid_set = 0;
-
-	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-	os_memset(wpa_s->bssid, 0, ETH_ALEN);
-	os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
-	if (bssid_changed)
-		wpas_notify_bssid_changed(wpa_s);
-}
-
-
-void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
-			    union wpa_event_data *data)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
-		"status code %d", MAC2STR(wpa_s->pending_bssid),
-		data->assoc_reject.status_code);
-
-	eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
-
-#ifdef CONFIG_SAE
-	if (wpa_s->sme.sae_pmksa_caching && wpa_s->current_ssid &&
-	    wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"PMKSA caching attempt rejected - drop PMKSA cache entry and fall back to SAE authentication");
-		wpa_sm_aborted_cached(wpa_s->wpa);
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
-		if (wpa_s->current_bss) {
-			struct wpa_bss *bss = wpa_s->current_bss;
-			struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-			wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
-					       WLAN_REASON_DEAUTH_LEAVING);
-			wpas_connect_work_done(wpa_s);
-			wpa_supplicant_mark_disassoc(wpa_s);
-			wpa_supplicant_connect(wpa_s, bss, ssid);
-			return;
-		}
-	}
-#endif /* CONFIG_SAE */
-
-	/*
-	 * For now, unconditionally terminate the previous authentication. In
-	 * theory, this should not be needed, but mac80211 gets quite confused
-	 * if the authentication is left pending.. Some roaming cases might
-	 * benefit from using the previous authentication, so this could be
-	 * optimized in the future.
-	 */
-	sme_deauth(wpa_s);
-}
-
-
-void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
-			      union wpa_event_data *data)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
-	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-	wpa_supplicant_mark_disassoc(wpa_s);
-}
-
-
-void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
-			       union wpa_event_data *data)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
-	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-	wpa_supplicant_mark_disassoc(wpa_s);
-}
-
-
-void sme_event_disassoc(struct wpa_supplicant *wpa_s,
-			struct disassoc_info *info)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
-	if (wpa_s->sme.prev_bssid_set) {
-		/*
-		 * cfg80211/mac80211 can get into somewhat confused state if
-		 * the AP only disassociates us and leaves us in authenticated
-		 * state. For now, force the state to be cleared to avoid
-		 * confusing errors if we try to associate with the AP again.
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
-			"driver state");
-		wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
-				       WLAN_REASON_DEAUTH_LEAVING);
-	}
-}
-
-
-static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
-		wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
-		sme_deauth(wpa_s);
-	}
-}
-
-
-static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	if (wpa_s->wpa_state == WPA_ASSOCIATING) {
-		wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
-		sme_deauth(wpa_s);
-	}
-}
-
-
-void sme_state_changed(struct wpa_supplicant *wpa_s)
-{
-	/* Make sure timers are cleaned up appropriately. */
-	if (wpa_s->wpa_state != WPA_ASSOCIATING)
-		eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
-	if (wpa_s->wpa_state != WPA_AUTHENTICATING)
-		eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
-}
-
-
-void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
-				       const u8 *prev_pending_bssid)
-{
-	/*
-	 * mac80211-workaround to force deauth on failed auth cmd,
-	 * requires us to remain in authenticating state to allow the
-	 * second authentication attempt to be continued properly.
-	 */
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication "
-		"to proceed after disconnection event");
-	wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
-	os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN);
-
-	/*
-	 * Re-arm authentication timer in case auth fails for whatever reason.
-	 */
-	eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
-	eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
-			       NULL);
-}
-
-
-void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->sme.prev_bssid_set = 0;
-#ifdef CONFIG_SAE
-	wpabuf_free(wpa_s->sme.sae_token);
-	wpa_s->sme.sae_token = NULL;
-	sae_clear_data(&wpa_s->sme.sae);
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_IEEE80211R
-	if (wpa_s->sme.ft_ies || wpa_s->sme.ft_used)
-		sme_update_ft_ies(wpa_s, NULL, NULL, 0);
-#endif /* CONFIG_IEEE80211R */
-	sme_stop_sa_query(wpa_s);
-}
-
-
-void sme_deinit(struct wpa_supplicant *wpa_s)
-{
-	sme_clear_on_disassoc(wpa_s);
-#ifdef CONFIG_SAE
-	os_free(wpa_s->sme.sae_rejected_groups);
-	wpa_s->sme.sae_rejected_groups = NULL;
-#endif /* CONFIG_SAE */
-
-	eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
-	eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
-	eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
-}
-
-
-static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s,
-				   const u8 *chan_list, u8 num_channels,
-				   u8 num_intol)
-{
-	struct ieee80211_2040_bss_coex_ie *bc_ie;
-	struct ieee80211_2040_intol_chan_report *ic_report;
-	struct wpabuf *buf;
-
-	wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR
-		   " (num_channels=%u num_intol=%u)",
-		   MAC2STR(wpa_s->bssid), num_channels, num_intol);
-	wpa_hexdump(MSG_DEBUG, "SME: 20/40 BSS Intolerant Channels",
-		    chan_list, num_channels);
-
-	buf = wpabuf_alloc(2 + /* action.category + action_code */
-			   sizeof(struct ieee80211_2040_bss_coex_ie) +
-			   sizeof(struct ieee80211_2040_intol_chan_report) +
-			   num_channels);
-	if (buf == NULL)
-		return;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
-	wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX);
-
-	bc_ie = wpabuf_put(buf, sizeof(*bc_ie));
-	bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE;
-	bc_ie->length = 1;
-	if (num_intol)
-		bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ;
-
-	if (num_channels > 0) {
-		ic_report = wpabuf_put(buf, sizeof(*ic_report));
-		ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT;
-		ic_report->length = num_channels + 1;
-		ic_report->op_class = 0;
-		os_memcpy(wpabuf_put(buf, num_channels), chan_list,
-			  num_channels);
-	}
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"SME: Failed to send 20/40 BSS Coexistence frame");
-	}
-
-	wpabuf_free(buf);
-}
-
-
-int sme_proc_obss_scan(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-	const u8 *ie;
-	u16 ht_cap;
-	u8 chan_list[P2P_MAX_CHANNELS], channel;
-	u8 num_channels = 0, num_intol = 0, i;
-
-	if (!wpa_s->sme.sched_obss_scan)
-		return 0;
-
-	wpa_s->sme.sched_obss_scan = 0;
-	if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED)
-		return 1;
-
-	/*
-	 * Check whether AP uses regulatory triplet or channel triplet in
-	 * country info. Right now the operating class of the BSS channel
-	 * width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12),
-	 * based on the assumption that operating class triplet is not used in
-	 * beacon frame. If the First Channel Number/Operating Extension
-	 * Identifier octet has a positive integer value of 201 or greater,
-	 * then its operating class triplet.
-	 *
-	 * TODO: If Supported Operating Classes element is present in beacon
-	 * frame, have to lookup operating class in Annex E and fill them in
-	 * 2040 coex frame.
-	 */
-	ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
-	if (ie && (ie[1] >= 6) && (ie[5] >= 201))
-		return 1;
-
-	os_memset(chan_list, 0, sizeof(chan_list));
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		/* Skip other band bss */
-		enum hostapd_hw_mode mode;
-		mode = ieee80211_freq_to_chan(bss->freq, &channel);
-		if (mode != HOSTAPD_MODE_IEEE80211G &&
-		    mode != HOSTAPD_MODE_IEEE80211B)
-			continue;
-
-		ie = wpa_bss_get_ie(bss, WLAN_EID_HT_CAP);
-		ht_cap = (ie && (ie[1] == 26)) ? WPA_GET_LE16(ie + 2) : 0;
-		wpa_printf(MSG_DEBUG, "SME OBSS scan BSS " MACSTR
-			   " freq=%u chan=%u ht_cap=0x%x",
-			   MAC2STR(bss->bssid), bss->freq, channel, ht_cap);
-
-		if (!ht_cap || (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)) {
-			if (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)
-				num_intol++;
-
-			/* Check whether the channel is already considered */
-			for (i = 0; i < num_channels; i++) {
-				if (channel == chan_list[i])
-					break;
-			}
-			if (i != num_channels)
-				continue;
-
-			chan_list[num_channels++] = channel;
-		}
-	}
-
-	sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol);
-	return 1;
-}
-
-
-static void wpa_obss_scan_freqs_list(struct wpa_supplicant *wpa_s,
-				     struct wpa_driver_scan_params *params)
-{
-	/* Include only affected channels */
-	struct hostapd_hw_modes *mode;
-	int count, i;
-	int start, end;
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
-			HOSTAPD_MODE_IEEE80211G, false);
-	if (mode == NULL) {
-		/* No channels supported in this band - use empty list */
-		params->freqs = os_zalloc(sizeof(int));
-		return;
-	}
-
-	if (wpa_s->sme.ht_sec_chan == HT_SEC_CHAN_UNKNOWN &&
-	    wpa_s->current_bss) {
-		const u8 *ie;
-
-		ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_OPERATION);
-		if (ie && ie[1] >= 2) {
-			u8 o;
-
-			o = ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
-			if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
-				wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
-			else if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
-				wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
-		}
-	}
-
-	start = wpa_s->assoc_freq - 10;
-	end = wpa_s->assoc_freq + 10;
-	switch (wpa_s->sme.ht_sec_chan) {
-	case HT_SEC_CHAN_UNKNOWN:
-		/* HT40+ possible on channels 1..9 */
-		if (wpa_s->assoc_freq <= 2452)
-			start -= 20;
-		/* HT40- possible on channels 5-13 */
-		if (wpa_s->assoc_freq >= 2432)
-			end += 20;
-		break;
-	case HT_SEC_CHAN_ABOVE:
-		end += 20;
-		break;
-	case HT_SEC_CHAN_BELOW:
-		start -= 20;
-		break;
-	}
-	wpa_printf(MSG_DEBUG,
-		   "OBSS: assoc_freq %d possible affected range %d-%d",
-		   wpa_s->assoc_freq, start, end);
-
-	params->freqs = os_calloc(mode->num_channels + 1, sizeof(int));
-	if (params->freqs == NULL)
-		return;
-	for (count = 0, i = 0; i < mode->num_channels; i++) {
-		int freq;
-
-		if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
-			continue;
-		freq = mode->channels[i].freq;
-		if (freq - 10 >= end || freq + 10 <= start)
-			continue; /* not affected */
-		params->freqs[count++] = freq;
-	}
-}
-
-
-static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wpa_driver_scan_params params;
-
-	if (!wpa_s->current_bss) {
-		wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request");
-		return;
-	}
-
-	os_memset(&params, 0, sizeof(params));
-	wpa_obss_scan_freqs_list(wpa_s, &params);
-	params.low_priority = 1;
-	wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan");
-
-	if (wpa_supplicant_trigger_scan(wpa_s, &params))
-		wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan");
-	else
-		wpa_s->sme.sched_obss_scan = 1;
-	os_free(params.freqs);
-
-	eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
-			       sme_obss_scan_timeout, wpa_s, NULL);
-}
-
-
-void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable)
-{
-	const u8 *ie;
-	struct wpa_bss *bss = wpa_s->current_bss;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct hostapd_hw_modes *hw_mode = NULL;
-	int i;
-
-	eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
-	wpa_s->sme.sched_obss_scan = 0;
-	wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
-	if (!enable)
-		return;
-
-	/*
-	 * Schedule OBSS scan if driver is using station SME in wpa_supplicant
-	 * or it expects OBSS scan to be performed by wpa_supplicant.
-	 */
-	if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
-	      (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
-	    ssid == NULL || ssid->mode != WPAS_MODE_INFRA)
-		return;
-
-#ifdef CONFIG_HT_OVERRIDES
-	/* No need for OBSS scan if HT40 is explicitly disabled */
-	if (ssid->disable_ht40)
-		return;
-#endif /* CONFIG_HT_OVERRIDES */
-
-	if (!wpa_s->hw.modes)
-		return;
-
-	/* only HT caps in 11g mode are relevant */
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		hw_mode = &wpa_s->hw.modes[i];
-		if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G)
-			break;
-	}
-
-	/* Driver does not support HT40 for 11g or doesn't have 11g. */
-	if (i == wpa_s->hw.num_modes || !hw_mode ||
-	    !(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
-		return;
-
-	if (bss == NULL || bss->freq < 2400 || bss->freq > 2500)
-		return; /* Not associated on 2.4 GHz band */
-
-	/* Check whether AP supports HT40 */
-	ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP);
-	if (!ie || ie[1] < 2 ||
-	    !(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
-		return; /* AP does not support HT40 */
-
-	ie = wpa_bss_get_ie(wpa_s->current_bss,
-			    WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS);
-	if (!ie || ie[1] < 14)
-		return; /* AP does not request OBSS scans */
-
-	wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6);
-	if (wpa_s->sme.obss_scan_int < 10) {
-		wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u "
-			   "replaced with the minimum 10 sec",
-			   wpa_s->sme.obss_scan_int);
-		wpa_s->sme.obss_scan_int = 10;
-	}
-	wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec",
-		   wpa_s->sme.obss_scan_int);
-	eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
-			       sme_obss_scan_timeout, wpa_s, NULL);
-}
-
-
-static const unsigned int sa_query_max_timeout = 1000;
-static const unsigned int sa_query_retry_timeout = 201;
-static const unsigned int sa_query_ch_switch_max_delay = 5000; /* in usec */
-
-static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
-{
-	u32 tu;
-	struct os_reltime now, passed;
-	os_get_reltime(&now);
-	os_reltime_sub(&now, &wpa_s->sme.sa_query_start, &passed);
-	tu = (passed.sec * 1000000 + passed.usec) / 1024;
-	if (sa_query_max_timeout < tu) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
-		sme_stop_sa_query(wpa_s);
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
-		return 1;
-	}
-
-	return 0;
-}
-
-
-static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
-				  const u8 *trans_id)
-{
-	u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN];
-	u8 req_len = 2 + WLAN_SA_QUERY_TR_ID_LEN;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
-		MACSTR, MAC2STR(wpa_s->bssid));
-	wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID",
-		    trans_id, WLAN_SA_QUERY_TR_ID_LEN);
-	req[0] = WLAN_ACTION_SA_QUERY;
-	req[1] = WLAN_SA_QUERY_REQUEST;
-	os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN);
-
-#ifdef CONFIG_OCV
-	if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
-		struct wpa_channel_info ci;
-
-		if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-			wpa_printf(MSG_WARNING,
-				   "Failed to get channel info for OCI element in SA Query Request frame");
-			return;
-		}
-
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->oci_freq_override_saquery_req) {
-			wpa_printf(MSG_INFO,
-				   "TEST: Override SA Query Request OCI frequency %d -> %d MHz",
-				   ci.frequency,
-				   wpa_s->oci_freq_override_saquery_req);
-			ci.frequency = wpa_s->oci_freq_override_saquery_req;
-		}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-		if (ocv_insert_extended_oci(&ci, req + req_len) < 0)
-			return;
-
-		req_len += OCV_OCI_EXTENDED_LEN;
-	}
-#endif /* CONFIG_OCV */
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				req, req_len, 0) < 0)
-		wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
-			"Request");
-}
-
-
-static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	unsigned int timeout, sec, usec;
-	u8 *trans_id, *nbuf;
-
-	if (wpa_s->sme.sa_query_count > 0 &&
-	    sme_check_sa_query_timeout(wpa_s))
-		return;
-
-	nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id,
-				wpa_s->sme.sa_query_count + 1,
-				WLAN_SA_QUERY_TR_ID_LEN);
-	if (nbuf == NULL) {
-		sme_stop_sa_query(wpa_s);
-		return;
-	}
-	if (wpa_s->sme.sa_query_count == 0) {
-		/* Starting a new SA Query procedure */
-		os_get_reltime(&wpa_s->sme.sa_query_start);
-	}
-	trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
-	wpa_s->sme.sa_query_trans_id = nbuf;
-	wpa_s->sme.sa_query_count++;
-
-	if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
-		wpa_printf(MSG_DEBUG, "Could not generate SA Query ID");
-		sme_stop_sa_query(wpa_s);
-		return;
-	}
-
-	timeout = sa_query_retry_timeout;
-	sec = ((timeout / 1000) * 1024) / 1000;
-	usec = (timeout % 1000) * 1024;
-	eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
-		wpa_s->sme.sa_query_count);
-
-	sme_send_sa_query_req(wpa_s, trans_id);
-}
-
-
-static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
-{
-	sme_sa_query_timer(wpa_s, NULL);
-}
-
-
-static void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->sme.sa_query_trans_id)
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Stop SA Query");
-	eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
-	os_free(wpa_s->sme.sa_query_trans_id);
-	wpa_s->sme.sa_query_trans_id = NULL;
-	wpa_s->sme.sa_query_count = 0;
-}
-
-
-void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
-				 const u8 *da, u16 reason_code)
-{
-	struct wpa_ssid *ssid;
-	struct os_reltime now;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED)
-		return;
-	ssid = wpa_s->current_ssid;
-	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
-		return;
-	if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
-		return;
-	if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
-	    reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
-		return;
-	if (wpa_s->sme.sa_query_count > 0)
-		return;
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->disable_sa_query)
-		return;
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	os_get_reltime(&now);
-	if (wpa_s->sme.last_unprot_disconnect.sec &&
-	    !os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
-		return; /* limit SA Query procedure frequency */
-	wpa_s->sme.last_unprot_disconnect = now;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
-		"possible AP/STA state mismatch - trigger SA Query");
-	sme_start_sa_query(wpa_s);
-}
-
-
-void sme_event_ch_switch(struct wpa_supplicant *wpa_s)
-{
-	unsigned int usec;
-	u32 _rand;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED ||
-	    !wpa_sm_ocv_enabled(wpa_s->wpa))
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"SME: Channel switch completed - trigger new SA Query to verify new operating channel");
-	sme_stop_sa_query(wpa_s);
-
-	if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
-		_rand = os_random();
-	usec = _rand % (sa_query_ch_switch_max_delay + 1);
-	eloop_register_timeout(0, usec, sme_sa_query_timer, wpa_s, NULL);
-}
-
-
-static void sme_process_sa_query_request(struct wpa_supplicant *wpa_s,
-					 const u8 *sa, const u8 *data,
-					 size_t len)
-{
-	u8 resp[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN];
-	u8 resp_len = 2 + WLAN_SA_QUERY_TR_ID_LEN;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Response to "
-		MACSTR, MAC2STR(wpa_s->bssid));
-
-	resp[0] = WLAN_ACTION_SA_QUERY;
-	resp[1] = WLAN_SA_QUERY_RESPONSE;
-	os_memcpy(resp + 2, data + 1, WLAN_SA_QUERY_TR_ID_LEN);
-
-#ifdef CONFIG_OCV
-	if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
-		struct wpa_channel_info ci;
-
-		if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-			wpa_printf(MSG_WARNING,
-				   "Failed to get channel info for OCI element in SA Query Response frame");
-			return;
-		}
-
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->oci_freq_override_saquery_resp) {
-			wpa_printf(MSG_INFO,
-				   "TEST: Override SA Query Response OCI frequency %d -> %d MHz",
-				   ci.frequency,
-				   wpa_s->oci_freq_override_saquery_resp);
-			ci.frequency = wpa_s->oci_freq_override_saquery_resp;
-		}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-		if (ocv_insert_extended_oci(&ci, resp + resp_len) < 0)
-			return;
-
-		resp_len += OCV_OCI_EXTENDED_LEN;
-	}
-#endif /* CONFIG_OCV */
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				resp, resp_len, 0) < 0)
-		wpa_msg(wpa_s, MSG_INFO,
-			"SME: Failed to send SA Query Response");
-}
-
-
-static void sme_process_sa_query_response(struct wpa_supplicant *wpa_s,
-					  const u8 *sa, const u8 *data,
-					  size_t len)
-{
-	int i;
-
-	if (!wpa_s->sme.sa_query_trans_id)
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
-		MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
-
-	if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
-		return;
-
-	for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
-		if (os_memcmp(wpa_s->sme.sa_query_trans_id +
-			      i * WLAN_SA_QUERY_TR_ID_LEN,
-			      data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0)
-			break;
-	}
-
-	if (i >= wpa_s->sme.sa_query_count) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
-			"transaction identifier found");
-		return;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
-		"from " MACSTR, MAC2STR(sa));
-	sme_stop_sa_query(wpa_s);
-}
-
-
-void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *da, const u8 *sa,
-		     const u8 *data, size_t len)
-{
-	if (len < 1 + WLAN_SA_QUERY_TR_ID_LEN)
-		return;
-	if (is_multicast_ether_addr(da)) {
-		wpa_printf(MSG_DEBUG,
-			   "IEEE 802.11: Ignore group-addressed SA Query frame (A1=" MACSTR " A2=" MACSTR ")",
-			   MAC2STR(da), MAC2STR(sa));
-		return;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query frame from "
-		MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
-
-#ifdef CONFIG_OCV
-	if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
-		struct ieee802_11_elems elems;
-		struct wpa_channel_info ci;
-
-		if (ieee802_11_parse_elems(data + 1 + WLAN_SA_QUERY_TR_ID_LEN,
-					   len - 1 - WLAN_SA_QUERY_TR_ID_LEN,
-					   &elems, 1) == ParseFailed) {
-			wpa_printf(MSG_DEBUG,
-				   "SA Query: Failed to parse elements");
-			return;
-		}
-
-		if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-			wpa_printf(MSG_WARNING,
-				   "Failed to get channel info to validate received OCI in SA Query Action frame");
-			return;
-		}
-
-		if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
-					 channel_width_to_int(ci.chanwidth),
-					 ci.seg1_idx) != OCI_SUCCESS) {
-			wpa_msg(wpa_s, MSG_INFO, OCV_FAILURE "addr=" MACSTR
-				" frame=saquery%s error=%s",
-				MAC2STR(sa), data[0] == WLAN_SA_QUERY_REQUEST ?
-				"req" : "resp", ocv_errorstr);
-			return;
-		}
-	}
-#endif /* CONFIG_OCV */
-
-	if (data[0] == WLAN_SA_QUERY_REQUEST)
-		sme_process_sa_query_request(wpa_s, sa, data, len);
-	else if (data[0] == WLAN_SA_QUERY_RESPONSE)
-		sme_process_sa_query_response(wpa_s, sa, data, len);
-}
diff --git a/wpa_supplicant/sme.h b/wpa_supplicant/sme.h
deleted file mode 100644
index c797d2e9e796..000000000000
--- a/wpa_supplicant/sme.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * wpa_supplicant - SME
- * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef SME_H
-#define SME_H
-
-#ifdef CONFIG_SME
-
-void sme_authenticate(struct wpa_supplicant *wpa_s,
-		      struct wpa_bss *bss, struct wpa_ssid *ssid);
-void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
-		   const u8 *bssid, u16 auth_type);
-void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data);
-int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
-		      const u8 *ies, size_t ies_len);
-void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
-			    union wpa_event_data *data);
-void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
-			      union wpa_event_data *data);
-void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
-			       union wpa_event_data *data);
-void sme_event_disassoc(struct wpa_supplicant *wpa_s,
-			struct disassoc_info *info);
-void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
-				 const u8 *da, u16 reason_code);
-void sme_event_ch_switch(struct wpa_supplicant *wpa_s);
-void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *da, const u8 *sa,
-		     const u8 *data, size_t len);
-void sme_state_changed(struct wpa_supplicant *wpa_s);
-void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
-				       const u8 *prev_pending_bssid);
-void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s);
-void sme_deinit(struct wpa_supplicant *wpa_s);
-
-int sme_proc_obss_scan(struct wpa_supplicant *wpa_s);
-void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable);
-void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
-			       union wpa_event_data *data);
-void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
-			       const u8 *auth_frame, size_t len);
-
-#else /* CONFIG_SME */
-
-static inline void sme_authenticate(struct wpa_supplicant *wpa_s,
-				    struct wpa_bss *bss,
-				    struct wpa_ssid *ssid)
-{
-}
-
-static inline void sme_event_auth(struct wpa_supplicant *wpa_s,
-				  union wpa_event_data *data)
-{
-}
-
-static inline int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
-				    const u8 *ies, size_t ies_len)
-{
-	return -1;
-}
-
-
-static inline void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
-					  union wpa_event_data *data)
-{
-}
-
-static inline void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
-					    union wpa_event_data *data)
-{
-}
-
-static inline void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
-					     union wpa_event_data *data)
-{
-}
-
-static inline void sme_event_disassoc(struct wpa_supplicant *wpa_s,
-				      struct disassoc_info *info)
-{
-}
-
-static inline void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s,
-					       const u8 *sa, const u8 *da,
-					       u16 reason_code)
-{
-}
-
-static inline void sme_event_ch_switch(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void sme_state_changed(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void
-sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
-				  const u8 *prev_pending_bssid)
-{
-}
-
-static inline void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void sme_deinit(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int sme_proc_obss_scan(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void sme_sched_obss_scan(struct wpa_supplicant *wpa_s,
-				       int enable)
-{
-}
-
-static inline void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
-					     union wpa_event_data *data)
-{
-}
-
-static inline void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
-					     const u8 *auth_frame, size_t len)
-{
-}
-
-#endif /* CONFIG_SME */
-
-#endif /* SME_H */
diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
deleted file mode 100644
index da69a8705ce8..000000000000
--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=WPA supplicant daemon (interface- and nl80211 driver-specific version)
-Requires=sys-subsystem-net-devices-%i.device
-After=sys-subsystem-net-devices-%i.device
-Before=network.target
-Wants=network.target
-
-# NetworkManager users will probably want the dbus version instead.
-
-[Service]
-Type=simple
-ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
-
-[Install]
-WantedBy=multi-user.target
diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
deleted file mode 100644
index ca3054bc6d55..000000000000
--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=WPA supplicant daemon (interface- and wired driver-specific version)
-Requires=sys-subsystem-net-devices-%i.device
-After=sys-subsystem-net-devices-%i.device
-Before=network.target
-Wants=network.target
-
-# NetworkManager users will probably want the dbus version instead.
-
-[Service]
-Type=simple
-ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
-
-[Install]
-WantedBy=multi-user.target
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
deleted file mode 100644
index 55d2b9c81712..000000000000
--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=WPA supplicant daemon (interface-specific version)
-Requires=sys-subsystem-net-devices-%i.device
-After=sys-subsystem-net-devices-%i.device
-Before=network.target
-Wants=network.target
-
-# NetworkManager users will probably want the dbus version instead.
-
-[Service]
-Type=simple
-ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
-
-[Install]
-WantedBy=multi-user.target
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
deleted file mode 100644
index 58a622887cd9..000000000000
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=WPA supplicant
-Before=network.target
-After=dbus.service
-Wants=network.target
-
-[Service]
-Type=dbus
-BusName=fi.w1.wpa_supplicant1
-ExecStart=@BINDIR@/wpa_supplicant -u
-
-[Install]
-WantedBy=multi-user.target
-Alias=dbus-fi.w1.wpa_supplicant1.service
diff --git a/wpa_supplicant/todo.txt b/wpa_supplicant/todo.txt
deleted file mode 100644
index 4c9f98e9c7ab..000000000000
--- a/wpa_supplicant/todo.txt
+++ /dev/null
@@ -1,78 +0,0 @@
-To do:
-- add support for WPA with ap_scan=0 (update selected cipher etc. based on
-  AssocInfo; make sure these match with configuration)
-- consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
-  authentication has been completed (cache scard data based on serial#(?)
-  and try to optimize next connection if the same card is present for next
-  auth)
-- if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
-  ssid->proto fields to avoid detecting downgrade attacks when the driver
-  is not reporting RSN IE, but msg 3/4 has one
-- Cisco AP and non-zero keyidx for unicast -> map to broadcast
-  (actually, this already works with driver_ndis; so maybe just change
-  driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
-  for unicast); worked also with Host AP driver and madwifi
-- IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
-  to see unencrypted EAPOL-Key frames at all..
-- EAP-PAX with PAX_SEC
-- EAP (RFC 3748)
-  * OTP Extended Responses (Sect. 5.5)
-- test what happens if authenticator sends EAP-Success before real EAP
-  authentication ("canned" Success); this should be ignored based on
-  RFC 3748 Sect. 4.2
-- test compilation with gcc -W options (more warnings?)
-  (Done once; number of unused function arguments still present)
-- ctrl_iface: get/remove blob
-- use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and
-  web pages including the same information.. i.e., have this information only
-  in one page; how to build a PDF file with all the SGML included?
-- EAP-POTP/RSA SecurID profile (RFC 4793)
-- document wpa_gui build and consider adding it to 'make install'
-- consider merging hostapd and wpa_supplicant PMKSA cache implementations
-- consider redesigning pending EAP requests (identity/password/otp from
-  ctrl_iface) by moving the retrying of the previous request into EAP
-  state machine so that EAPOL state machine is not needed for this
-- rfc4284.txt (network selection for eap)
-- www pages about configuring wpa_supplicant:
-  * global options (ap_scan, ctrl_interfaces) based on OS/driver
-  * network block
-  * key_mgmt selection
-  * WPA parameters
-  * EAP options (one page for each method)
-  * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to
-    generate example configuration
-- error path in rsn_preauth_init: should probably deinit l2_packet handlers
-  if something fails; does something else need deinit?
-- consider moving SIM card functionality (IMSI fetching) away from eap.c;
-  this should likely happen before EAP is initialized for authentication;
-  now IMSI is read only after receiving EAP-Identity/Request, but since it is
-  really needed for all cases, reading IMSI and generating Identity string
-  could very well be done before EAP has been started
-- try to work around race in receiving association event and first EAPOL
-  message
-- try to work around race in configuring PTK and sending msg 4/4 (some NDIS
-  drivers with ndiswrapper end up not being able to complete 4-way handshake
-  in some cases; extra delay before setting the key seems to help)
-- make sure that TLS session cache is not shared between EAP types or if it
-  is, that the cache entries are bound to only one EAP type; e.g., cache entry
-  created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS
-- consider moving eap_peer_tls_build_ack() call into
-  eap_peer_tls_process_helper()
-  (it seems to be called always if helper returns 1)
-  * could need to modify eap_{ttls,peap,fast}_decrypt to do same
-- add support for fetching full user cert chain from Windows certificate
-  stores even when there are intermediate CA certs that are not in the
-  configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)
-- clean up common.[ch]
-- change TLS/crypto library interface to use a structure of function
-  pointers and helper inline functions (like driver_ops) instead of
-  requiring every TLS wrapper to implement all functions
-- add support for encrypted configuration fields (e.g., password, psk,
-  passphrase, pin)
-- wpa_gui: add support for setting and showing priority
-- cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data
-  phases should be able to use the same functions for this;
-  the last step in processing sent should be this code and rest of the code
-  should not need to care about fragmentation at all
-- test EAP-FAST peer with OpenSSL and verify that fallback to full handshake
-  (ServerHello followed by something else than ChangeCipherSpec)
diff --git a/wpa_supplicant/twt.c b/wpa_supplicant/twt.c
deleted file mode 100644
index 8ec2c85acb8d..000000000000
--- a/wpa_supplicant/twt.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * wpa_supplicant - TWT
- * Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "utils/common.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-
-/**
- * wpas_twt_send_setup - Send TWT Setup frame (Request) to our AP
- * @wpa_s: Pointer to wpa_supplicant
- * @dtok: Dialog token
- * @exponent: Wake-interval exponent
- * @mantissa: Wake-interval mantissa
- * @min_twt: Minimum TWT wake duration in units of 256 usec
- * @setup_cmd: 0 == request, 1 == suggest, etc.  Table 9-297
- * Returns: 0 in case of success, negative error code otherwise
- *
- */
-int wpas_twt_send_setup(struct wpa_supplicant *wpa_s, u8 dtok, int exponent,
-			int mantissa, u8 min_twt, int setup_cmd, u64 twt,
-			bool requestor, bool trigger, bool implicit,
-			bool flow_type, u8 flow_id, bool protection,
-			u8 twt_channel, u8 control)
-{
-	struct wpabuf *buf;
-	u16 req_type = 0;
-	int ret = 0;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid) {
-		wpa_printf(MSG_DEBUG,
-			   "TWT: No connection - cannot send TWT Setup frame");
-		return -ENOTCONN;
-	}
-
-	/* 3 = Action category + Action code + Dialog token */
-	/* 17 = TWT element */
-	buf = wpabuf_alloc(3 + 17);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG,
-			   "TWT: Failed to allocate TWT Setup frame (Request)");
-		return -ENOMEM;
-	}
-
-	wpa_printf(MSG_DEBUG,
-		   "TWT: Setup request, dtok: %d  exponent: %d  mantissa: %d  min-twt: %d",
-		   dtok, exponent, mantissa, min_twt);
-
-	wpabuf_put_u8(buf, WLAN_ACTION_S1G);
-	wpabuf_put_u8(buf, S1G_ACT_TWT_SETUP);
-	wpabuf_put_u8(buf, dtok);
-
-	wpabuf_put_u8(buf, WLAN_EID_TWT);
-	wpabuf_put_u8(buf, 15); /* len */
-
-	wpabuf_put_u8(buf, control);
-
-	if (requestor)
-		req_type |= BIT(0); /* This STA is a TWT Requesting STA */
-	/* TWT Setup Command field */
-	req_type |= (setup_cmd & 0x7) << 1;
-	if (trigger)
-		req_type |= BIT(4); /* TWT SP includes trigger frames */
-	if (implicit)
-		req_type |= BIT(5); /* Implicit TWT */
-	if (flow_type)
-		req_type |= BIT(6); /* Flow Type: Unannounced TWT */
-	req_type |= (flow_id & 0x7) << 7;
-	req_type |= (exponent & 0x1f) << 10; /* TWT Wake Interval Exponent */
-	if (protection)
-		req_type |= BIT(15);
-	wpabuf_put_le16(buf, req_type);
-	wpabuf_put_le64(buf, twt);
-	wpabuf_put_u8(buf, min_twt); /* Nominal Minimum TWT Wake Duration */
-	wpabuf_put_le16(buf, mantissa); /* TWT Wake Interval Mantissa */
-	wpabuf_put_u8(buf, twt_channel); /* TWT Channel */
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
-		wpa_printf(MSG_DEBUG, "TWT: Failed to send TWT Setup Request");
-		ret = -ECANCELED;
-	}
-
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-/**
- * wpas_twt_send_teardown - Send TWT teardown request to our AP
- * @wpa_s: Pointer to wpa_supplicant
- * @flags: The byte that goes inside the TWT Teardown element
- * Returns: 0 in case of success, negative error code otherwise
- *
- */
-int wpas_twt_send_teardown(struct wpa_supplicant *wpa_s, u8 flags)
-{
-	struct wpabuf *buf;
-	int ret = 0;
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid) {
-		wpa_printf(MSG_DEBUG,
-			   "TWT: No connection - cannot send TWT Teardown frame");
-		return -ENOTCONN;
-	}
-
-	/* 3 = Action category + Action code + flags */
-	buf = wpabuf_alloc(3);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG,
-			   "TWT: Failed to allocate TWT Teardown frame");
-		return -ENOMEM;
-	}
-
-	wpa_printf(MSG_DEBUG, "TWT: Teardown request, flags: 0x%x", flags);
-
-	wpabuf_put_u8(buf, WLAN_ACTION_S1G);
-	wpabuf_put_u8(buf, S1G_ACT_TWT_TEARDOWN);
-	wpabuf_put_u8(buf, flags);
-
-	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
-		wpa_printf(MSG_DEBUG, "TWT: Failed to send TWT Teardown frame");
-		ret = -ECANCELED;
-	}
-
-	wpabuf_free(buf);
-	return ret;
-}
-
-#endif /* CONFIG_TESTING_OPTIONS */
diff --git a/wpa_supplicant/utils/log2pcap.py b/wpa_supplicant/utils/log2pcap.py
deleted file mode 100755
index 141aecbe5178..000000000000
--- a/wpa_supplicant/utils/log2pcap.py
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/bin/env python
-#
-# Copyright (c) 2012, Intel Corporation
-#
-# Author: Johannes Berg <johannes@sipsolutions.net>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import sys, struct, re
-
-def write_pcap_header(pcap_file):
-    pcap_file.write(
-        struct.pack('<IHHIIII',
-                    0xa1b2c3d4, 2, 4, 0, 0, 65535,
-                    105 # raw 802.11 format
-                    ))
-
-def pcap_addpacket(pcap_file, ts, data):
-    # ts in seconds, float
-    pcap_file.write(struct.pack('<IIII',
-        int(ts), int(1000000 * ts) % 1000000,
-        len(data), len(data)))
-    pcap_file.write(data)
-
-if __name__ == "__main__":
-    try:
-        input = sys.argv[1]
-        pcap = sys.argv[2]
-    except IndexError:
-        print("Usage: %s <log file> <pcap file>" % sys.argv[0])
-        sys.exit(2)
-
-    input_file = open(input, 'r')
-    pcap_file = open(pcap, 'w')
-    frame_re = re.compile(r'(([0-9]+.[0-9]{6}):\s*)?nl80211: MLME event frame - hexdump\(len=[0-9]*\):((\s*[0-9a-fA-F]{2})*)')
-
-    write_pcap_header(pcap_file)
-
-    for line in input_file:
-        m = frame_re.match(line)
-        if m is None:
-            continue
-        if m.group(2):
-            ts = float(m.group(2))
-        else:
-            ts = 0
-        hexdata = m.group(3)
-        hexdata = hexdata.split()
-        data = ''.join([chr(int(x, 16)) for x in hexdata])
-        pcap_addpacket(pcap_file, ts, data)
-
-    input_file.close()
-    pcap_file.close()
diff --git a/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj b/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj
deleted file mode 100755
index c92b8fd89d6c..000000000000
--- a/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj
+++ /dev/null
@@ -1,477 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>

-<VisualStudioProject

-	ProjectType="Visual C++"

-	Version="8.00"

-	Name="eapol_test"

-	ProjectGUID="{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}"

-	RootNamespace="eapol_test"

-	Keyword="Win32Proj"

-	>

-	<Platforms>

-		<Platform

-			Name="Win32"

-		/>

-	</Platforms>

-	<ToolFiles>

-	</ToolFiles>

-	<Configurations>

-		<Configuration

-			Name="Debug|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				Optimization="0"

-				AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				MinimalRebuild="true"

-				BasicRuntimeChecks="3"

-				RuntimeLibrary="3"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="4"

-				DisableSpecificWarnings="4244;4267;4311"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"

-				LinkIncremental="2"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-		<Configuration

-			Name="Release|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="1"

-			WholeProgramOptimization="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				RuntimeLibrary="2"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="3"

-				DisableSpecificWarnings="4244;4267;4311"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"

-				LinkIncremental="1"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				OptimizeReferences="2"

-				EnableCOMDATFolding="2"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-	</Configurations>

-	<References>

-	</References>

-	<Files>

-		<Filter

-			Name="Source Files"

-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"

-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"

-			>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-cbc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-ctr.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-eax.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-encblock.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-omac1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-unwrap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-wrap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\base64.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\bssid_ignore.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\bss.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\chap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\config.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\config.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\config_file.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\crypto_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\ctrl_iface.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\ctrl_iface_named_pipe.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_aka.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_gtc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_leap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_methods.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_mschapv2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_otp.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_peap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_peap_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\eap_register.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_sim.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_sim_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tls.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tls_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tnc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_ttls.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eapol_supp\eapol_supp_sm.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\eapol_test.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\eloop_win.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\events.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\fips_prf_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\ip_addr.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\l2_packet\l2_packet_winpcap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\ms_funcs.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\mschapv2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\notify.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\os_win32.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\pcsc_funcs.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\peerkey.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\pmksa_cache.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\preauth.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\radius\radius.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\radius\radius_client.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\scan.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-prf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-tlsprf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\tls_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\tncc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\wpa.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\common\wpa_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\wpa_debug.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\wpa_ie.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpa_supplicant.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\wpabuf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpas_glue.c"

-				>

-			</File>

-		</Filter>

-		<Filter

-			Name="Header Files"

-			Filter="h;hpp;hxx;hm;inl;inc;xsd"

-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

-			>

-		</Filter>

-		<Filter

-			Name="Resource Files"

-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"

-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"

-			>

-		</Filter>

-	</Files>

-	<Globals>

-	</Globals>

-</VisualStudioProject>

diff --git a/wpa_supplicant/vs2005/win_if_list/win_if_list.vcproj b/wpa_supplicant/vs2005/win_if_list/win_if_list.vcproj
deleted file mode 100755
index e79fc0f4666f..000000000000
--- a/wpa_supplicant/vs2005/win_if_list/win_if_list.vcproj
+++ /dev/null
@@ -1,203 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>

-<VisualStudioProject

-	ProjectType="Visual C++"

-	Version="8.00"

-	Name="win_if_list"

-	ProjectGUID="{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}"

-	RootNamespace="win_if_list"

-	Keyword="Win32Proj"

-	>

-	<Platforms>

-		<Platform

-			Name="Win32"

-		/>

-	</Platforms>

-	<ToolFiles>

-	</ToolFiles>

-	<Configurations>

-		<Configuration

-			Name="Debug|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				Optimization="0"

-				AdditionalIncludeDirectories="..\..\..\src\utils;C:\dev\WpdPack\include"

-				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				MinimalRebuild="true"

-				BasicRuntimeChecks="3"

-				RuntimeLibrary="3"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="4"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="wpcap.lib"

-				LinkIncremental="2"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-		<Configuration

-			Name="Release|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			WholeProgramOptimization="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				AdditionalIncludeDirectories="..\..\..\src\utils;C:\dev\WpdPack\include"

-				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				RuntimeLibrary="2"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="3"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="wpcap.lib"

-				LinkIncremental="1"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				OptimizeReferences="2"

-				EnableCOMDATFolding="2"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-	</Configurations>

-	<References>

-	</References>

-	<Files>

-		<Filter

-			Name="Source Files"

-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"

-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"

-			>

-			<File

-				RelativePath="..\..\win_if_list.c"

-				>

-			</File>

-		</Filter>

-		<Filter

-			Name="Header Files"

-			Filter="h;hpp;hxx;hm;inl;inc;xsd"

-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

-			>

-		</Filter>

-		<Filter

-			Name="Resource Files"

-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"

-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"

-			>

-		</Filter>

-	</Files>

-	<Globals>

-	</Globals>

-</VisualStudioProject>

diff --git a/wpa_supplicant/vs2005/wpa_cli/wpa_cli.vcproj b/wpa_supplicant/vs2005/wpa_cli/wpa_cli.vcproj
deleted file mode 100755
index d2de768e7cdc..000000000000
--- a/wpa_supplicant/vs2005/wpa_cli/wpa_cli.vcproj
+++ /dev/null
@@ -1,215 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>

-<VisualStudioProject

-	ProjectType="Visual C++"

-	Version="8.00"

-	Name="wpa_cli"

-	ProjectGUID="{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}"

-	RootNamespace="wpa_cli"

-	Keyword="Win32Proj"

-	>

-	<Platforms>

-		<Platform

-			Name="Win32"

-		/>

-	</Platforms>

-	<ToolFiles>

-	</ToolFiles>

-	<Configurations>

-		<Configuration

-			Name="Debug|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				Optimization="0"

-				AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils"

-				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				MinimalRebuild="true"

-				BasicRuntimeChecks="3"

-				RuntimeLibrary="3"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="4"

-				DisableSpecificWarnings="4244;4267"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="ws2_32.lib"

-				LinkIncremental="2"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-		<Configuration

-			Name="Release|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			WholeProgramOptimization="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils"

-				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				RuntimeLibrary="2"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="3"

-				DisableSpecificWarnings="4244;4267"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="ws2_32.lib"

-				LinkIncremental="1"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				OptimizeReferences="2"

-				EnableCOMDATFolding="2"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-	</Configurations>

-	<References>

-	</References>

-	<Files>

-		<Filter

-			Name="Source Files"

-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"

-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"

-			>

-			<File

-				RelativePath="..\..\..\src\utils\common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\os_win32.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpa_cli.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\common\wpa_ctrl.c"

-				>

-			</File>

-		</Filter>

-		<Filter

-			Name="Header Files"

-			Filter="h;hpp;hxx;hm;inl;inc;xsd"

-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

-			>

-		</Filter>

-		<Filter

-			Name="Resource Files"

-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"

-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"

-			>

-		</Filter>

-	</Files>

-	<Globals>

-	</Globals>

-</VisualStudioProject>

diff --git a/wpa_supplicant/vs2005/wpa_passphrase/wpa_passphrase.vcproj b/wpa_supplicant/vs2005/wpa_passphrase/wpa_passphrase.vcproj
deleted file mode 100755
index 97aa2c5aecb5..000000000000
--- a/wpa_supplicant/vs2005/wpa_passphrase/wpa_passphrase.vcproj
+++ /dev/null
@@ -1,236 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>

-<VisualStudioProject

-	ProjectType="Visual C++"

-	Version="8.00"

-	Name="wpa_passphrase"

-	ProjectGUID="{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}"

-	RootNamespace="wpa_passphrase"

-	Keyword="Win32Proj"

-	>

-	<Platforms>

-		<Platform

-			Name="Win32"

-		/>

-	</Platforms>

-	<ToolFiles>

-	</ToolFiles>

-	<Configurations>

-		<Configuration

-			Name="Debug|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				Optimization="0"

-				AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				MinimalRebuild="true"

-				BasicRuntimeChecks="3"

-				RuntimeLibrary="3"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="4"

-				DisableSpecificWarnings="4244;4267"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="ws2_32.lib"

-				LinkIncremental="2"

-				AdditionalLibraryDirectories=""

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-		<Configuration

-			Name="Release|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			WholeProgramOptimization="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				RuntimeLibrary="2"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="3"

-				DisableSpecificWarnings="4244;4267"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="ws2_32.lib"

-				LinkIncremental="1"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				OptimizeReferences="2"

-				EnableCOMDATFolding="2"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-	</Configurations>

-	<References>

-	</References>

-	<Files>

-		<Filter

-			Name="Source Files"

-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"

-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"

-			>

-			<File

-				RelativePath="..\..\..\src\utils\common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\md5-internal.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\os_win32.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-internal.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-prf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpa_passphrase.c"

-				>

-			</File>

-		</Filter>

-		<Filter

-			Name="Header Files"

-			Filter="h;hpp;hxx;hm;inl;inc;xsd"

-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

-			>

-		</Filter>

-		<Filter

-			Name="Resource Files"

-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"

-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"

-			>

-		</Filter>

-	</Files>

-	<Globals>

-	</Globals>

-</VisualStudioProject>

diff --git a/wpa_supplicant/vs2005/wpa_supplicant.sln b/wpa_supplicant/vs2005/wpa_supplicant.sln
deleted file mode 100755
index df89e3198d2f..000000000000
--- a/wpa_supplicant/vs2005/wpa_supplicant.sln
+++ /dev/null
@@ -1,52 +0,0 @@
-

-Microsoft Visual Studio Solution File, Format Version 9.00

-# Visual Studio 2005

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpa_supplicant", "wpa_supplicant\wpa_supplicant.vcproj", "{8BCFDA77-AEDC-4168-8897-5B73105BBB87}"

-EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpa_cli", "wpa_cli\wpa_cli.vcproj", "{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}"

-EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpasvc", "wpasvc\wpasvc.vcproj", "{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}"

-EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wpa_passphrase", "wpa_passphrase\wpa_passphrase.vcproj", "{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}"

-EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win_if_list", "win_if_list\win_if_list.vcproj", "{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}"

-EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eapol_test", "eapol_test\eapol_test.vcproj", "{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}"

-EndProject

-Global

-	GlobalSection(DPCodeReviewSolutionGUID) = preSolution

-		DPCodeReviewSolutionGUID = {00000000-0000-0000-0000-000000000000}

-	EndGlobalSection

-	GlobalSection(SolutionConfigurationPlatforms) = preSolution

-		Debug|Win32 = Debug|Win32

-		Release|Win32 = Release|Win32

-	EndGlobalSection

-	GlobalSection(ProjectConfigurationPlatforms) = postSolution

-		{8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Debug|Win32.ActiveCfg = Debug|Win32

-		{8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Debug|Win32.Build.0 = Debug|Win32

-		{8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Release|Win32.ActiveCfg = Release|Win32

-		{8BCFDA77-AEDC-4168-8897-5B73105BBB87}.Release|Win32.Build.0 = Release|Win32

-		{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Debug|Win32.ActiveCfg = Debug|Win32

-		{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Debug|Win32.Build.0 = Debug|Win32

-		{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Release|Win32.ActiveCfg = Release|Win32

-		{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}.Release|Win32.Build.0 = Release|Win32

-		{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Debug|Win32.ActiveCfg = Debug|Win32

-		{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Debug|Win32.Build.0 = Debug|Win32

-		{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Release|Win32.ActiveCfg = Release|Win32

-		{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}.Release|Win32.Build.0 = Release|Win32

-		{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Debug|Win32.ActiveCfg = Debug|Win32

-		{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Debug|Win32.Build.0 = Debug|Win32

-		{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Release|Win32.ActiveCfg = Release|Win32

-		{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}.Release|Win32.Build.0 = Release|Win32

-		{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Debug|Win32.ActiveCfg = Debug|Win32

-		{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Debug|Win32.Build.0 = Debug|Win32

-		{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Release|Win32.ActiveCfg = Release|Win32

-		{9E87CD9C-60CE-4533-85CF-85CA3A9BF26A}.Release|Win32.Build.0 = Release|Win32

-		{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}.Debug|Win32.ActiveCfg = Debug|Win32

-		{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}.Debug|Win32.Build.0 = Debug|Win32

-		{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}.Release|Win32.ActiveCfg = Release|Win32

-	EndGlobalSection

-	GlobalSection(SolutionProperties) = preSolution

-		HideSolutionNode = FALSE

-	EndGlobalSection

-EndGlobal

diff --git a/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj b/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj
deleted file mode 100755
index 10c05b565597..000000000000
--- a/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj
+++ /dev/null
@@ -1,465 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>

-<VisualStudioProject

-	ProjectType="Visual C++"

-	Version="8.00"

-	Name="wpa_supplicant"

-	ProjectGUID="{8BCFDA77-AEDC-4168-8897-5B73105BBB87}"

-	RootNamespace="wpa_supplicant"

-	Keyword="Win32Proj"

-	>

-	<Platforms>

-		<Platform

-			Name="Win32"

-		/>

-	</Platforms>

-	<ToolFiles>

-	</ToolFiles>

-	<Configurations>

-		<Configuration

-			Name="Debug|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				Optimization="0"

-				AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				MinimalRebuild="true"

-				BasicRuntimeChecks="3"

-				RuntimeLibrary="3"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="4"

-				DisableSpecificWarnings="4244;4267;4311"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"

-				LinkIncremental="2"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-		<Configuration

-			Name="Release|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			WholeProgramOptimization="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				RuntimeLibrary="2"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="3"

-				DisableSpecificWarnings="4244;4267;4311"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"

-				LinkIncremental="1"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				OptimizeReferences="2"

-				EnableCOMDATFolding="2"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-	</Configurations>

-	<References>

-	</References>

-	<Files>

-		<Filter

-			Name="Source Files"

-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"

-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"

-			>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-cbc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-ctr.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-eax.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-encblock.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-omac1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-unwrap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-wrap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\base64.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\bssid_ignore.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\bss.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\chap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\config.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\config.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\config_file.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\crypto_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\ctrl_iface.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\ctrl_iface_named_pipe.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_ndis.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_ndis_.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\drivers.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_gtc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_leap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_methods.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_mschapv2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_otp.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_peap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_peap_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\eap_register.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tls.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tls_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tnc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_ttls.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eapol_supp\eapol_supp_sm.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\eloop_win.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\events.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\l2_packet\l2_packet_winpcap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\main.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\ms_funcs.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\mschapv2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\ndis_events.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\notify.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\os_win32.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\pcsc_funcs.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\peerkey.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\pmksa_cache.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\preauth.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\scan.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-prf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-tlsprf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\tls_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\tncc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\wpa.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\common\wpa_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\wpa_debug.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\wpa_ie.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpa_supplicant.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\wpabuf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpas_glue.c"

-				>

-			</File>

-		</Filter>

-		<Filter

-			Name="Header Files"

-			Filter="h;hpp;hxx;hm;inl;inc;xsd"

-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

-			>

-		</Filter>

-		<Filter

-			Name="Resource Files"

-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"

-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"

-			>

-		</Filter>

-	</Files>

-	<Globals>

-	</Globals>

-</VisualStudioProject>

diff --git a/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj b/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
deleted file mode 100755
index 82d9033ffe8e..000000000000
--- a/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
+++ /dev/null
@@ -1,465 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>

-<VisualStudioProject

-	ProjectType="Visual C++"

-	Version="8.00"

-	Name="wpasvc"

-	ProjectGUID="{E2A4A85F-CA77-406D-8ABF-63EF94545ACC}"

-	RootNamespace="wpasvc"

-	Keyword="Win32Proj"

-	>

-	<Platforms>

-		<Platform

-			Name="Win32"

-		/>

-	</Platforms>

-	<ToolFiles>

-	</ToolFiles>

-	<Configurations>

-		<Configuration

-			Name="Debug|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				Optimization="0"

-				AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				MinimalRebuild="true"

-				BasicRuntimeChecks="3"

-				RuntimeLibrary="3"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="4"

-				DisableSpecificWarnings="4244;4267;4311"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"

-				LinkIncremental="2"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-		<Configuration

-			Name="Release|Win32"

-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"

-			IntermediateDirectory="$(ConfigurationName)"

-			ConfigurationType="1"

-			CharacterSet="0"

-			WholeProgramOptimization="1"

-			>

-			<Tool

-				Name="VCPreBuildEventTool"

-			/>

-			<Tool

-				Name="VCCustomBuildTool"

-			/>

-			<Tool

-				Name="VCXMLDataGeneratorTool"

-			/>

-			<Tool

-				Name="VCWebServiceProxyGeneratorTool"

-			/>

-			<Tool

-				Name="VCMIDLTool"

-			/>

-			<Tool

-				Name="VCCLCompilerTool"

-				AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"

-				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"

-				RuntimeLibrary="2"

-				UsePrecompiledHeader="0"

-				WarningLevel="3"

-				Detect64BitPortabilityProblems="true"

-				DebugInformationFormat="3"

-				DisableSpecificWarnings="4244;4267;4311"

-			/>

-			<Tool

-				Name="VCManagedResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCResourceCompilerTool"

-			/>

-			<Tool

-				Name="VCPreLinkEventTool"

-			/>

-			<Tool

-				Name="VCLinkerTool"

-				AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"

-				LinkIncremental="1"

-				AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"

-				GenerateDebugInformation="true"

-				SubSystem="1"

-				OptimizeReferences="2"

-				EnableCOMDATFolding="2"

-				TargetMachine="1"

-			/>

-			<Tool

-				Name="VCALinkTool"

-			/>

-			<Tool

-				Name="VCManifestTool"

-			/>

-			<Tool

-				Name="VCXDCMakeTool"

-			/>

-			<Tool

-				Name="VCBscMakeTool"

-			/>

-			<Tool

-				Name="VCFxCopTool"

-			/>

-			<Tool

-				Name="VCAppVerifierTool"

-			/>

-			<Tool

-				Name="VCWebDeploymentTool"

-			/>

-			<Tool

-				Name="VCPostBuildEventTool"

-			/>

-		</Configuration>

-	</Configurations>

-	<References>

-	</References>

-	<Files>

-		<Filter

-			Name="Source Files"

-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"

-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"

-			>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-cbc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-ctr.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-eax.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-encblock.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-omac1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-unwrap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\aes-wrap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\base64.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\bssid_ignore.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\bss.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\chap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\config.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\config.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\config_winreg.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\crypto_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\ctrl_iface.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\ctrl_iface_named_pipe.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_ndis.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\driver_ndis_.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\drivers.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_gtc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_leap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_methods.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_mschapv2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_otp.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_peap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_common\eap_peap_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\eap_register.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tls.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tls_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_tnc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\eap_ttls.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eapol_supp\eapol_supp_sm.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\eloop_win.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\events.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\l2_packet\l2_packet_winpcap.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\main_winsvc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\md5.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\ms_funcs.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\mschapv2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\drivers\ndis_events.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\notify.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\os_win32.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\pcsc_funcs.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\peerkey.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\pmksa_cache.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\preauth.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\scan.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-prf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\sha1-tlsprf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\crypto\tls_openssl.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\eap_peer\tncc.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\wpa.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\common\wpa_common.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\wpa_debug.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\rsn_supp\wpa_ie.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpa_supplicant.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\..\src\utils\wpabuf.c"

-				>

-			</File>

-			<File

-				RelativePath="..\..\wpas_glue.c"

-				>

-			</File>

-		</Filter>

-		<Filter

-			Name="Header Files"

-			Filter="h;hpp;hxx;hm;inl;inc;xsd"

-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

-			>

-		</Filter>

-		<Filter

-			Name="Resource Files"

-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"

-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"

-			>

-		</Filter>

-	</Files>

-	<Globals>

-	</Globals>

-</VisualStudioProject>

diff --git a/wpa_supplicant/wifi_display.c b/wpa_supplicant/wifi_display.c
deleted file mode 100644
index c94e4610893a..000000000000
--- a/wpa_supplicant/wifi_display.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
- * wpa_supplicant - Wi-Fi Display
- * Copyright (c) 2011, Atheros Communications, Inc.
- * Copyright (c) 2011-2012, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "p2p/p2p.h"
-#include "common/ieee802_11_defs.h"
-#include "wpa_supplicant_i.h"
-#include "wifi_display.h"
-
-
-#define WIFI_DISPLAY_SUBELEM_HEADER_LEN 3
-
-
-int wifi_display_init(struct wpa_global *global)
-{
-	global->wifi_display = 1;
-	return 0;
-}
-
-
-void wifi_display_deinit(struct wpa_global *global)
-{
-	int i;
-	for (i = 0; i < MAX_WFD_SUBELEMS; i++) {
-		wpabuf_free(global->wfd_subelem[i]);
-		global->wfd_subelem[i] = NULL;
-	}
-}
-
-
-struct wpabuf * wifi_display_get_wfd_ie(struct wpa_global *global)
-{
-	struct wpabuf *ie;
-	size_t len;
-	int i;
-
-	if (global->p2p == NULL)
-		return NULL;
-
-	len = 0;
-	for (i = 0; i < MAX_WFD_SUBELEMS; i++) {
-		if (global->wfd_subelem[i])
-			len += wpabuf_len(global->wfd_subelem[i]);
-	}
-
-	ie = wpabuf_alloc(len);
-	if (ie == NULL)
-		return NULL;
-
-	for (i = 0; i < MAX_WFD_SUBELEMS; i++) {
-		if (global->wfd_subelem[i])
-			wpabuf_put_buf(ie, global->wfd_subelem[i]);
-	}
-
-	return ie;
-}
-
-
-static int wifi_display_update_wfd_ie(struct wpa_global *global)
-{
-	struct wpabuf *ie, *buf;
-	size_t len, plen;
-
-	if (global->p2p == NULL)
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "WFD: Update WFD IE");
-
-	if (!global->wifi_display) {
-		wpa_printf(MSG_DEBUG, "WFD: Wi-Fi Display disabled - do not "
-			   "include WFD IE");
-		p2p_set_wfd_ie_beacon(global->p2p, NULL);
-		p2p_set_wfd_ie_probe_req(global->p2p, NULL);
-		p2p_set_wfd_ie_probe_resp(global->p2p, NULL);
-		p2p_set_wfd_ie_assoc_req(global->p2p, NULL);
-		p2p_set_wfd_ie_invitation(global->p2p, NULL);
-		p2p_set_wfd_ie_prov_disc_req(global->p2p, NULL);
-		p2p_set_wfd_ie_prov_disc_resp(global->p2p, NULL);
-		p2p_set_wfd_ie_go_neg(global->p2p, NULL);
-		p2p_set_wfd_dev_info(global->p2p, NULL);
-		p2p_set_wfd_r2_dev_info(global->p2p, NULL);
-		p2p_set_wfd_assoc_bssid(global->p2p, NULL);
-		p2p_set_wfd_coupled_sink_info(global->p2p, NULL);
-		return 0;
-	}
-
-	p2p_set_wfd_dev_info(global->p2p,
-			     global->wfd_subelem[WFD_SUBELEM_DEVICE_INFO]);
-	p2p_set_wfd_r2_dev_info(
-		global->p2p, global->wfd_subelem[WFD_SUBELEM_R2_DEVICE_INFO]);
-	p2p_set_wfd_assoc_bssid(
-		global->p2p,
-		global->wfd_subelem[WFD_SUBELEM_ASSOCIATED_BSSID]);
-	p2p_set_wfd_coupled_sink_info(
-		global->p2p, global->wfd_subelem[WFD_SUBELEM_COUPLED_SINK]);
-
-	/*
-	 * WFD IE is included in number of management frames. Two different
-	 * sets of subelements are included depending on the frame:
-	 *
-	 * Beacon, (Re)Association Request, GO Negotiation Req/Resp/Conf,
-	 * Provision Discovery Req:
-	 * WFD Device Info
-	 * [Associated BSSID]
-	 * [Coupled Sink Info]
-	 *
-	 * Probe Request:
-	 * WFD Device Info
-	 * [Associated BSSID]
-	 * [Coupled Sink Info]
-	 * [WFD Extended Capability]
-	 *
-	 * Probe Response:
-	 * WFD Device Info
-	 * [Associated BSSID]
-	 * [Coupled Sink Info]
-	 * [WFD Extended Capability]
-	 * [WFD Session Info]
-	 *
-	 * (Re)Association Response, P2P Invitation Req/Resp,
-	 * Provision Discovery Resp:
-	 * WFD Device Info
-	 * [Associated BSSID]
-	 * [Coupled Sink Info]
-	 * [WFD Session Info]
-	 */
-	len = 0;
-	if (global->wfd_subelem[WFD_SUBELEM_DEVICE_INFO])
-		len += wpabuf_len(global->wfd_subelem[
-					  WFD_SUBELEM_DEVICE_INFO]);
-
-	if (global->wfd_subelem[WFD_SUBELEM_R2_DEVICE_INFO])
-		len += wpabuf_len(global->wfd_subelem[
-					  WFD_SUBELEM_R2_DEVICE_INFO]);
-
-	if (global->wfd_subelem[WFD_SUBELEM_ASSOCIATED_BSSID])
-		len += wpabuf_len(global->wfd_subelem[
-					  WFD_SUBELEM_ASSOCIATED_BSSID]);
-	if (global->wfd_subelem[WFD_SUBELEM_COUPLED_SINK])
-		len += wpabuf_len(global->wfd_subelem[
-					  WFD_SUBELEM_COUPLED_SINK]);
-	if (global->wfd_subelem[WFD_SUBELEM_SESSION_INFO])
-		len += wpabuf_len(global->wfd_subelem[
-					  WFD_SUBELEM_SESSION_INFO]);
-	if (global->wfd_subelem[WFD_SUBELEM_EXT_CAPAB])
-		len += wpabuf_len(global->wfd_subelem[WFD_SUBELEM_EXT_CAPAB]);
-	buf = wpabuf_alloc(len);
-	if (buf == NULL)
-		return -1;
-
-	if (global->wfd_subelem[WFD_SUBELEM_DEVICE_INFO])
-		wpabuf_put_buf(buf,
-			       global->wfd_subelem[WFD_SUBELEM_DEVICE_INFO]);
-
-	if (global->wfd_subelem[WFD_SUBELEM_R2_DEVICE_INFO])
-		wpabuf_put_buf(buf,
-			       global->wfd_subelem[WFD_SUBELEM_R2_DEVICE_INFO]);
-
-	if (global->wfd_subelem[WFD_SUBELEM_ASSOCIATED_BSSID])
-		wpabuf_put_buf(buf, global->wfd_subelem[
-				       WFD_SUBELEM_ASSOCIATED_BSSID]);
-	if (global->wfd_subelem[WFD_SUBELEM_COUPLED_SINK])
-		wpabuf_put_buf(buf,
-			       global->wfd_subelem[WFD_SUBELEM_COUPLED_SINK]);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for Beacon", ie);
-	p2p_set_wfd_ie_beacon(global->p2p, ie);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for (Re)Association Request",
-			ie);
-	p2p_set_wfd_ie_assoc_req(global->p2p, ie);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for GO Negotiation", ie);
-	p2p_set_wfd_ie_go_neg(global->p2p, ie);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for Provision Discovery "
-			"Request", ie);
-	p2p_set_wfd_ie_prov_disc_req(global->p2p, ie);
-
-	plen = buf->used;
-	if (global->wfd_subelem[WFD_SUBELEM_EXT_CAPAB])
-		wpabuf_put_buf(buf,
-			       global->wfd_subelem[WFD_SUBELEM_EXT_CAPAB]);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for Probe Request", ie);
-	p2p_set_wfd_ie_probe_req(global->p2p, ie);
-
-	if (global->wfd_subelem[WFD_SUBELEM_SESSION_INFO])
-		wpabuf_put_buf(buf,
-			       global->wfd_subelem[WFD_SUBELEM_SESSION_INFO]);
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for Probe Response", ie);
-	p2p_set_wfd_ie_probe_resp(global->p2p, ie);
-
-	/* Remove WFD Extended Capability from buffer */
-	buf->used = plen;
-	if (global->wfd_subelem[WFD_SUBELEM_SESSION_INFO])
-		wpabuf_put_buf(buf,
-			       global->wfd_subelem[WFD_SUBELEM_SESSION_INFO]);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for P2P Invitation", ie);
-	p2p_set_wfd_ie_invitation(global->p2p, ie);
-
-	ie = wifi_display_encaps(buf);
-	wpa_hexdump_buf(MSG_DEBUG, "WFD: WFD IE for Provision Discovery "
-			"Response", ie);
-	p2p_set_wfd_ie_prov_disc_resp(global->p2p, ie);
-
-	wpabuf_free(buf);
-
-	return 0;
-}
-
-
-void wifi_display_enable(struct wpa_global *global, int enabled)
-{
-	wpa_printf(MSG_DEBUG, "WFD: Wi-Fi Display %s",
-		   enabled ? "enabled" : "disabled");
-	global->wifi_display = enabled;
-	wifi_display_update_wfd_ie(global);
-}
-
-
-int wifi_display_subelem_set(struct wpa_global *global, char *cmd)
-{
-	char *pos;
-	int subelem;
-	size_t len;
-	struct wpabuf *e;
-
-	pos = os_strchr(cmd, ' ');
-	if (pos == NULL)
-		return -1;
-	*pos++ = '\0';
-
-	len = os_strlen(pos);
-	if (len & 1)
-		return -1;
-	len /= 2;
-
-	if (os_strcmp(cmd, "all") == 0) {
-		int res;
-
-		e = wpabuf_alloc(len);
-		if (e == NULL)
-			return -1;
-		if (hexstr2bin(pos, wpabuf_put(e, len), len) < 0) {
-			wpabuf_free(e);
-			return -1;
-		}
-		res = wifi_display_subelem_set_from_ies(global, e);
-		wpabuf_free(e);
-		return res;
-	}
-
-	subelem = atoi(cmd);
-	if (subelem < 0 || subelem >= MAX_WFD_SUBELEMS)
-		return -1;
-
-	if (len == 0) {
-		/* Clear subelement */
-		e = NULL;
-		wpa_printf(MSG_DEBUG, "WFD: Clear subelement %d", subelem);
-	} else {
-		e = wpabuf_alloc(1 + len);
-		if (e == NULL)
-			return -1;
-		wpabuf_put_u8(e, subelem);
-		if (hexstr2bin(pos, wpabuf_put(e, len), len) < 0) {
-			wpabuf_free(e);
-			return -1;
-		}
-		wpa_printf(MSG_DEBUG, "WFD: Set subelement %d", subelem);
-	}
-
-	wpabuf_free(global->wfd_subelem[subelem]);
-	global->wfd_subelem[subelem] = e;
-	wifi_display_update_wfd_ie(global);
-
-	return 0;
-}
-
-
-int wifi_display_subelem_set_from_ies(struct wpa_global *global,
-				      struct wpabuf *ie)
-{
-	int subelements[MAX_WFD_SUBELEMS] = {};
-	const u8 *pos, *end;
-	unsigned int len, subelem;
-	struct wpabuf *e;
-
-	wpa_printf(MSG_DEBUG, "WFD IEs set: %p - %lu",
-		   ie, ie ? (unsigned long) wpabuf_len(ie) : 0);
-
-	if (ie == NULL || wpabuf_len(ie) < 6)
-		return -1;
-
-	pos = wpabuf_head(ie);
-	end = pos + wpabuf_len(ie);
-
-	while (end > pos) {
-		if (pos + 3 > end)
-			break;
-
-		len = WPA_GET_BE16(pos + 1) + 3;
-
-		wpa_printf(MSG_DEBUG, "WFD Sub-Element ID %d - len %d",
-			   *pos, len - 3);
-
-		if (len > (unsigned int) (end - pos))
-			break;
-
-		subelem = *pos;
-		if (subelem < MAX_WFD_SUBELEMS && subelements[subelem] == 0) {
-			e = wpabuf_alloc_copy(pos, len);
-			if (e == NULL)
-				return -1;
-
-			wpabuf_free(global->wfd_subelem[subelem]);
-			global->wfd_subelem[subelem] = e;
-			subelements[subelem] = 1;
-		}
-
-		pos += len;
-	}
-
-	for (subelem = 0; subelem < MAX_WFD_SUBELEMS; subelem++) {
-		if (subelements[subelem] == 0) {
-			wpabuf_free(global->wfd_subelem[subelem]);
-			global->wfd_subelem[subelem] = NULL;
-		}
-	}
-
-	return wifi_display_update_wfd_ie(global);
-}
-
-
-int wifi_display_subelem_get(struct wpa_global *global, char *cmd,
-			     char *buf, size_t buflen)
-{
-	int subelem;
-
-	if (os_strcmp(cmd, "all") == 0) {
-		struct wpabuf *ie;
-		int res;
-
-		ie = wifi_display_get_wfd_ie(global);
-		if (ie == NULL)
-			return 0;
-		res = wpa_snprintf_hex(buf, buflen, wpabuf_head(ie),
-				       wpabuf_len(ie));
-		wpabuf_free(ie);
-		return res;
-	}
-
-	subelem = atoi(cmd);
-	if (subelem < 0 || subelem >= MAX_WFD_SUBELEMS)
-		return -1;
-
-	if (global->wfd_subelem[subelem] == NULL)
-		return 0;
-
-	return wpa_snprintf_hex(buf, buflen,
-				wpabuf_head_u8(global->wfd_subelem[subelem]) +
-				1,
-				wpabuf_len(global->wfd_subelem[subelem]) - 1);
-}
-
-
-char * wifi_display_subelem_hex(const struct wpabuf *wfd_subelems, u8 id)
-{
-	char *subelem = NULL;
-	const u8 *buf;
-	size_t buflen;
-	size_t i = 0;
-	u16 elen;
-
-	if (!wfd_subelems)
-		return NULL;
-
-	buf = wpabuf_head_u8(wfd_subelems);
-	if (!buf)
-		return NULL;
-
-	buflen = wpabuf_len(wfd_subelems);
-
-	while (i + WIFI_DISPLAY_SUBELEM_HEADER_LEN < buflen) {
-		elen = WPA_GET_BE16(buf + i + 1);
-		if (i + WIFI_DISPLAY_SUBELEM_HEADER_LEN + elen > buflen)
-			break; /* truncated subelement */
-
-		if (buf[i] == id) {
-			/*
-			 * Limit explicitly to an arbitrary length to avoid
-			 * unnecessarily large allocations. In practice, this
-			 * is limited to maximum frame length anyway, so the
-			 * maximum memory allocation here is not really that
-			 * large. Anyway, the Wi-Fi Display subelements that
-			 * are fetched with this function are even shorter.
-			 */
-			if (elen > 1000)
-				break;
-			subelem = os_zalloc(2 * elen + 1);
-			if (!subelem)
-				return NULL;
-			wpa_snprintf_hex(subelem, 2 * elen + 1,
-					 buf + i +
-					 WIFI_DISPLAY_SUBELEM_HEADER_LEN,
-					 elen);
-			break;
-		}
-
-		i += elen + WIFI_DISPLAY_SUBELEM_HEADER_LEN;
-	}
-
-	return subelem;
-}
diff --git a/wpa_supplicant/wifi_display.h b/wpa_supplicant/wifi_display.h
deleted file mode 100644
index 0966bdb93bef..000000000000
--- a/wpa_supplicant/wifi_display.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * wpa_supplicant - Wi-Fi Display
- * Copyright (c) 2011, Atheros Communications, Inc.
- * Copyright (c) 2011-2012, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WIFI_DISPLAY_H
-#define WIFI_DISPLAY_H
-
-int wifi_display_init(struct wpa_global *global);
-void wifi_display_deinit(struct wpa_global *global);
-void wifi_display_enable(struct wpa_global *global, int enabled);
-struct wpabuf *wifi_display_get_wfd_ie(struct wpa_global *global);
-int wifi_display_subelem_set(struct wpa_global *global, char *cmd);
-int wifi_display_subelem_set_from_ies(struct wpa_global *global,
-				      struct wpabuf *ie);
-int wifi_display_subelem_get(struct wpa_global *global, char *cmd,
-			     char *buf, size_t buflen);
-char * wifi_display_subelem_hex(const struct wpabuf *wfd_subelems, u8 id);
-
-#endif /* WIFI_DISPLAY_H */
diff --git a/wpa_supplicant/win_example.reg b/wpa_supplicant/win_example.reg
deleted file mode 100755
index 875d4ef28046..000000000000
--- a/wpa_supplicant/win_example.reg
+++ /dev/null
@@ -1,42 +0,0 @@
-REGEDIT4

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant]

-"debug_level"=dword:00000000

-"debug_show_keys"=dword:00000001

-"debug_timestamp"=dword:00000000

-"debug_use_file"=dword:00000000

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs]

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test]

-"ap_scan"=dword:00000002

-"update_config"=dword:00000001

-"uuid"="12345678-9abc-def0-1234-56789abcdef0"

-"device_name"="Wireless Client"

-"manufacturer"="Company"

-"model_name"="cmodel"

-"serial_number"="12345"

-"device_type"="1-0050F204-1"

-"os_version"="01020300"

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\blobs]

-"testblob"=hex:01,02,03,04,05

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks]

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000]

-"ssid"="\"example network\""

-"key_mgmt"="WPA-PSK"

-"psk"="\"secret password\""

-"pairwise"="CCMP"

-"group"="CCMP"

-"proto"="WPA"

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\interfaces]

-

-[HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\interfaces\0000]

-"adapter"="{A7627643-C310-49E5-BD89-7E77709C04AB}"

-"config"="test"

-"ctrl_interface"=""

-"skip_on_error"=dword:00000000

-

diff --git a/wpa_supplicant/win_if_list.c b/wpa_supplicant/win_if_list.c
deleted file mode 100644
index 39634d92f0dc..000000000000
--- a/wpa_supplicant/win_if_list.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * win_if_list - Display network interfaces with description (for Windows)
- * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * This small tool is for the Windows build to provide an easy way of fetching
- * a list of available network interfaces.
- */
-
-#include "includes.h"
-#include <stdio.h>
-#ifdef CONFIG_USE_NDISUIO
-#include <winsock2.h>
-#include <ntddndis.h>
-#else /* CONFIG_USE_NDISUIO */
-#include "pcap.h"
-#include <winsock.h>
-#endif /* CONFIG_USE_NDISUIO */
-
-#ifdef CONFIG_USE_NDISUIO
-
-/* from nuiouser.h */
-#define FSCTL_NDISUIO_BASE      FILE_DEVICE_NETWORK
-
-#define _NDISUIO_CTL_CODE(_Function, _Method, _Access) \
-	CTL_CODE(FSCTL_NDISUIO_BASE, _Function, _Method, _Access)
-
-#define IOCTL_NDISUIO_QUERY_BINDING \
-	_NDISUIO_CTL_CODE(0x203, METHOD_BUFFERED, \
-			  FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-
-#define IOCTL_NDISUIO_BIND_WAIT \
-	_NDISUIO_CTL_CODE(0x204, METHOD_BUFFERED, \
-			  FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-
-typedef struct _NDISUIO_QUERY_BINDING
-{
-	ULONG BindingIndex;
-	ULONG DeviceNameOffset;
-	ULONG DeviceNameLength;
-	ULONG DeviceDescrOffset;
-	ULONG DeviceDescrLength;
-} NDISUIO_QUERY_BINDING, *PNDISUIO_QUERY_BINDING;
-
-
-static HANDLE ndisuio_open(void)
-{
-	DWORD written;
-	HANDLE h;
-
-	h = CreateFile(TEXT("\\\\.\\\\Ndisuio"),
-		       GENERIC_READ | GENERIC_WRITE, 0, NULL,
-		       OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
-		       INVALID_HANDLE_VALUE);
-	if (h == INVALID_HANDLE_VALUE)
-		return h;
-
-#ifndef _WIN32_WCE
-	if (!DeviceIoControl(h, IOCTL_NDISUIO_BIND_WAIT, NULL, 0, NULL, 0,
-			     &written, NULL)) {
-		printf("IOCTL_NDISUIO_BIND_WAIT failed: %d",
-		       (int) GetLastError());
-		CloseHandle(h);
-		return INVALID_HANDLE_VALUE;
-	}
-#endif /* _WIN32_WCE */
-
-	return h;
-}
-
-
-static void ndisuio_query_bindings(HANDLE ndisuio)
-{
-	NDISUIO_QUERY_BINDING *b;
-	size_t blen = sizeof(*b) + 1024;
-	int i, error;
-	DWORD written;
-	char name[256], desc[256];
-	WCHAR *pos;
-	size_t j, len;
-
-	b = malloc(blen);
-	if (b == NULL)
-		return;
-
-	for (i = 0; ; i++) {
-		memset(b, 0, blen);
-		b->BindingIndex = i;
-		if (!DeviceIoControl(ndisuio, IOCTL_NDISUIO_QUERY_BINDING,
-				     b, sizeof(NDISUIO_QUERY_BINDING), b,
-				     (DWORD) blen, &written, NULL)) {
-			error = (int) GetLastError();
-			if (error == ERROR_NO_MORE_ITEMS)
-				break;
-			printf("IOCTL_NDISUIO_QUERY_BINDING failed: %d",
-			       error);
-			break;
-		}
-
-		pos = (WCHAR *) ((char *) b + b->DeviceNameOffset);
-		len = b->DeviceNameLength;
-		if (len >= sizeof(name))
-			len = sizeof(name) - 1;
-		for (j = 0; j < len; j++)
-			name[j] = (char) pos[j];
-		name[len] = '\0';
-
-		pos = (WCHAR *) ((char *) b + b->DeviceDescrOffset);
-		len = b->DeviceDescrLength;
-		if (len >= sizeof(desc))
-			len = sizeof(desc) - 1;
-		for (j = 0; j < len; j++)
-			desc[j] = (char) pos[j];
-		desc[len] = '\0';
-
-		printf("ifname: %s\ndescription: %s\n\n", name, desc);
-	}
-
-	free(b);
-}
-
-
-static void ndisuio_enum_bindings(void)
-{
-	HANDLE ndisuio = ndisuio_open();
-	if (ndisuio == INVALID_HANDLE_VALUE)
-		return;
-
-	ndisuio_query_bindings(ndisuio);
-	CloseHandle(ndisuio);
-}
-
-#else /* CONFIG_USE_NDISUIO */
-
-static void show_dev(pcap_if_t *dev)
-{
-	printf("ifname: %s\ndescription: %s\n\n",
-	       dev->name, dev->description);
-}
-
-
-static void pcap_enum_devs(void)
-{
-	pcap_if_t *devs, *dev;
-	char err[PCAP_ERRBUF_SIZE + 1];
-
-	if (pcap_findalldevs(&devs, err) < 0) {
-		fprintf(stderr, "Error - pcap_findalldevs: %s\n", err);
-		return;
-	}
-
-	for (dev = devs; dev; dev = dev->next) {
-		show_dev(dev);
-	}
-
-	pcap_freealldevs(devs);
-}
-
-#endif /* CONFIG_USE_NDISUIO */
-
-
-int main(int argc, char *argv[])
-{
-#ifdef CONFIG_USE_NDISUIO
-	ndisuio_enum_bindings();
-#else /* CONFIG_USE_NDISUIO */
-	pcap_enum_devs();
-#endif /* CONFIG_USE_NDISUIO */
-
-	return 0;
-}
diff --git a/wpa_supplicant/wmm_ac.c b/wpa_supplicant/wmm_ac.c
deleted file mode 100644
index d0fdd55d30fc..000000000000
--- a/wpa_supplicant/wmm_ac.c
+++ /dev/null
@@ -1,987 +0,0 @@
-/*
- * Wi-Fi Multimedia Admission Control (WMM-AC)
- * Copyright(c) 2014, Intel Mobile Communication GmbH.
- * Copyright(c) 2014, Intel Corporation. All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "utils/common.h"
-#include "utils/list.h"
-#include "utils/eloop.h"
-#include "common/ieee802_11_common.h"
-#include "wpa_supplicant_i.h"
-#include "bss.h"
-#include "driver_i.h"
-#include "wmm_ac.h"
-
-static void wmm_ac_addts_req_timeout(void *eloop_ctx, void *timeout_ctx);
-
-static const enum wmm_ac up_to_ac[8] = {
-	WMM_AC_BK,
-	WMM_AC_BE,
-	WMM_AC_BE,
-	WMM_AC_BK,
-	WMM_AC_VI,
-	WMM_AC_VI,
-	WMM_AC_VO,
-	WMM_AC_VO
-};
-
-
-static inline u8 wmm_ac_get_tsid(const struct wmm_tspec_element *tspec)
-{
-	return (tspec->ts_info[0] >> 1) & 0x0f;
-}
-
-
-static u8 wmm_ac_get_direction(const struct wmm_tspec_element *tspec)
-{
-	return (tspec->ts_info[0] >> 5) & 0x03;
-}
-
-
-static u8 wmm_ac_get_user_priority(const struct wmm_tspec_element *tspec)
-{
-	return (tspec->ts_info[1] >> 3) & 0x07;
-}
-
-
-static u8 wmm_ac_direction_to_idx(u8 direction)
-{
-	switch (direction) {
-	case WMM_AC_DIR_UPLINK:
-		return TS_DIR_IDX_UPLINK;
-	case WMM_AC_DIR_DOWNLINK:
-		return TS_DIR_IDX_DOWNLINK;
-	case WMM_AC_DIR_BIDIRECTIONAL:
-		return TS_DIR_IDX_BIDI;
-	default:
-		wpa_printf(MSG_ERROR, "Invalid direction: %d", direction);
-		return WMM_AC_DIR_UPLINK;
-	}
-}
-
-
-static int wmm_ac_add_ts(struct wpa_supplicant *wpa_s, const u8 *addr,
-			 const struct wmm_tspec_element *tspec)
-{
-	struct wmm_tspec_element *_tspec;
-	int ret;
-	u16 admitted_time = le_to_host16(tspec->medium_time);
-	u8 up = wmm_ac_get_user_priority(tspec);
-	u8 ac = up_to_ac[up];
-	u8 dir = wmm_ac_get_direction(tspec);
-	u8 tsid = wmm_ac_get_tsid(tspec);
-	enum ts_dir_idx idx = wmm_ac_direction_to_idx(dir);
-
-	/* should have been verified before, but double-check here */
-	if (wpa_s->tspecs[ac][idx]) {
-		wpa_printf(MSG_ERROR,
-			   "WMM AC: tspec (ac=%d, dir=%d) already exists!",
-			   ac, dir);
-		return -1;
-	}
-
-	/* copy tspec */
-	_tspec = os_memdup(tspec, sizeof(*_tspec));
-	if (!_tspec)
-		return -1;
-
-	if (dir != WMM_AC_DIR_DOWNLINK) {
-		ret = wpa_drv_add_ts(wpa_s, tsid, addr, up, admitted_time);
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Add TS: addr=" MACSTR
-			   " TSID=%u admitted time=%u, ret=%d",
-			   MAC2STR(addr), tsid, admitted_time, ret);
-		if (ret < 0) {
-			os_free(_tspec);
-			return -1;
-		}
-	}
-
-	wpa_s->tspecs[ac][idx] = _tspec;
-
-	wpa_printf(MSG_DEBUG, "Traffic stream was created successfully");
-
-	wpa_msg(wpa_s, MSG_INFO, WMM_AC_EVENT_TSPEC_ADDED
-		"tsid=%d addr=" MACSTR " admitted_time=%d",
-		tsid, MAC2STR(addr), admitted_time);
-
-	return 0;
-}
-
-
-static void wmm_ac_del_ts_idx(struct wpa_supplicant *wpa_s, u8 ac,
-			      enum ts_dir_idx dir)
-{
-	struct wmm_tspec_element *tspec = wpa_s->tspecs[ac][dir];
-	u8 tsid;
-
-	if (!tspec)
-		return;
-
-	tsid = wmm_ac_get_tsid(tspec);
-	wpa_printf(MSG_DEBUG, "WMM AC: Del TS ac=%d tsid=%d", ac, tsid);
-
-	/* update the driver in case of uplink/bidi */
-	if (wmm_ac_get_direction(tspec) != WMM_AC_DIR_DOWNLINK)
-		wpa_drv_del_ts(wpa_s, tsid, wpa_s->bssid);
-
-	wpa_msg(wpa_s, MSG_INFO, WMM_AC_EVENT_TSPEC_REMOVED
-		"tsid=%d addr=" MACSTR, tsid, MAC2STR(wpa_s->bssid));
-
-	os_free(wpa_s->tspecs[ac][dir]);
-	wpa_s->tspecs[ac][dir] = NULL;
-}
-
-
-static void wmm_ac_del_req(struct wpa_supplicant *wpa_s, int failed)
-{
-	struct wmm_ac_addts_request *req = wpa_s->addts_request;
-
-	if (!req)
-		return;
-
-	if (failed)
-		wpa_msg(wpa_s, MSG_INFO, WMM_AC_EVENT_TSPEC_REQ_FAILED
-			"tsid=%u", wmm_ac_get_tsid(&req->tspec));
-
-	eloop_cancel_timeout(wmm_ac_addts_req_timeout, wpa_s, req);
-	wpa_s->addts_request = NULL;
-	os_free(req);
-}
-
-
-static void wmm_ac_addts_req_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wmm_ac_addts_request *addts_req = timeout_ctx;
-
-	wpa_printf(MSG_DEBUG,
-		   "Timeout getting ADDTS response (tsid=%d up=%d)",
-		   wmm_ac_get_tsid(&addts_req->tspec),
-		   wmm_ac_get_user_priority(&addts_req->tspec));
-
-	wmm_ac_del_req(wpa_s, 1);
-}
-
-
-static int wmm_ac_send_addts_request(struct wpa_supplicant *wpa_s,
-				     const struct wmm_ac_addts_request *req)
-{
-	struct wpabuf *buf;
-	int ret;
-
-	wpa_printf(MSG_DEBUG, "Sending ADDTS Request to " MACSTR,
-		   MAC2STR(req->address));
-
-	/* category + action code + dialog token + status + sizeof(tspec) */
-	buf = wpabuf_alloc(4 + sizeof(req->tspec));
-	if (!buf) {
-		wpa_printf(MSG_ERROR, "WMM AC: Allocation error");
-		return -1;
-	}
-
-	wpabuf_put_u8(buf, WLAN_ACTION_WMM);
-	wpabuf_put_u8(buf, WMM_ACTION_CODE_ADDTS_REQ);
-	wpabuf_put_u8(buf, req->dialog_token);
-	wpabuf_put_u8(buf, 0); /* status code */
-	wpabuf_put_data(buf, &req->tspec, sizeof(req->tspec));
-
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, req->address,
-				wpa_s->own_addr, wpa_s->bssid,
-				wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret) {
-		wpa_printf(MSG_WARNING,
-			   "WMM AC: Failed to send ADDTS Request");
-	}
-
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-static int wmm_ac_send_delts(struct wpa_supplicant *wpa_s,
-			     const struct wmm_tspec_element *tspec,
-			     const u8 *address)
-{
-	struct wpabuf *buf;
-	int ret;
-
-	/* category + action code + dialog token + status + sizeof(tspec) */
-	buf = wpabuf_alloc(4 + sizeof(*tspec));
-	if (!buf)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "Sending DELTS to " MACSTR, MAC2STR(address));
-
-	/* category + action code + dialog token + status + sizeof(tspec) */
-	wpabuf_put_u8(buf, WLAN_ACTION_WMM);
-	wpabuf_put_u8(buf, WMM_ACTION_CODE_DELTS);
-	wpabuf_put_u8(buf, 0); /* Dialog Token (not used) */
-	wpabuf_put_u8(buf, 0); /* Status Code (not used) */
-	wpabuf_put_data(buf, tspec, sizeof(*tspec));
-
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, address,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head(buf), wpabuf_len(buf), 0);
-	if (ret)
-		wpa_printf(MSG_WARNING, "Failed to send DELTS frame");
-
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-/* return the AC using the given TSPEC tid */
-static int wmm_ac_find_tsid(struct wpa_supplicant *wpa_s, u8 tsid,
-			    enum ts_dir_idx *dir)
-{
-	int ac;
-	enum ts_dir_idx idx;
-
-	for (ac = 0; ac < WMM_AC_NUM; ac++) {
-		for (idx = 0; idx < TS_DIR_IDX_COUNT; idx++) {
-			if (wpa_s->tspecs[ac][idx] &&
-			    wmm_ac_get_tsid(wpa_s->tspecs[ac][idx]) == tsid) {
-				if (dir)
-					*dir = idx;
-				return ac;
-			}
-		}
-	}
-
-	return -1;
-}
-
-
-static struct wmm_ac_addts_request *
-wmm_ac_build_addts_req(struct wpa_supplicant *wpa_s,
-		       const struct wmm_ac_ts_setup_params *params,
-		       const u8 *address)
-{
-	struct wmm_ac_addts_request *addts_req;
-	struct wmm_tspec_element *tspec;
-	u8 ac = up_to_ac[params->user_priority];
-	u8 uapsd = wpa_s->wmm_ac_assoc_info->ac_params[ac].uapsd;
-
-	addts_req = os_zalloc(sizeof(*addts_req));
-	if (!addts_req)
-		return NULL;
-
-	tspec = &addts_req->tspec;
-	os_memcpy(addts_req->address, address, ETH_ALEN);
-
-	/* The dialog token cannot be zero */
-	if (++wpa_s->wmm_ac_last_dialog_token == 0)
-		wpa_s->wmm_ac_last_dialog_token++;
-
-	addts_req->dialog_token = wpa_s->wmm_ac_last_dialog_token;
-	tspec->eid = WLAN_EID_VENDOR_SPECIFIC;
-	tspec->length = sizeof(*tspec) - 2; /* reduce eid and length */
-	tspec->oui[0] = 0x00;
-	tspec->oui[1] = 0x50;
-	tspec->oui[2] = 0xf2;
-	tspec->oui_type = WMM_OUI_TYPE;
-	tspec->oui_subtype = WMM_OUI_SUBTYPE_TSPEC_ELEMENT;
-	tspec->version = WMM_VERSION;
-
-	tspec->ts_info[0] = params->tsid << 1;
-	tspec->ts_info[0] |= params->direction << 5;
-	tspec->ts_info[0] |= WMM_AC_ACCESS_POLICY_EDCA << 7;
-	tspec->ts_info[1] = uapsd << 2;
-	tspec->ts_info[1] |= params->user_priority << 3;
-	tspec->ts_info[2] = 0;
-
-	tspec->nominal_msdu_size = host_to_le16(params->nominal_msdu_size);
-	if (params->fixed_nominal_msdu)
-		tspec->nominal_msdu_size |=
-			host_to_le16(WMM_AC_FIXED_MSDU_SIZE);
-
-	tspec->mean_data_rate = host_to_le32(params->mean_data_rate);
-	tspec->minimum_phy_rate = host_to_le32(params->minimum_phy_rate);
-	tspec->surplus_bandwidth_allowance =
-		host_to_le16(params->surplus_bandwidth_allowance);
-
-	return addts_req;
-}
-
-
-static int param_in_range(const char *name, long value,
-			  long min_val, long max_val)
-{
-	if (value < min_val || (max_val >= 0 && value > max_val)) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: param %s (%ld) is out of range (%ld-%ld)",
-			   name, value, min_val, max_val);
-		return 0;
-	}
-
-	return 1;
-}
-
-
-static int wmm_ac_should_replace_ts(struct wpa_supplicant *wpa_s,
-				    u8 tsid, u8 ac, u8 dir)
-{
-	enum ts_dir_idx idx;
-	int cur_ac, existing_ts = 0, replace_ts = 0;
-
-	cur_ac = wmm_ac_find_tsid(wpa_s, tsid, &idx);
-	if (cur_ac >= 0) {
-		if (cur_ac != ac) {
-			wpa_printf(MSG_DEBUG,
-				   "WMM AC: TSID %i already exists on different ac (%d)",
-				   tsid, cur_ac);
-			return -1;
-		}
-
-		/* same tsid - this tspec will replace the current one */
-		replace_ts |= BIT(idx);
-	}
-
-	for (idx = 0; idx < TS_DIR_IDX_COUNT; idx++) {
-		if (wpa_s->tspecs[ac][idx])
-			existing_ts |= BIT(idx);
-	}
-
-	switch (dir) {
-	case WMM_AC_DIR_UPLINK:
-		/* replace existing uplink/bidi tspecs */
-		replace_ts |= existing_ts & (BIT(TS_DIR_IDX_UPLINK) |
-					     BIT(TS_DIR_IDX_BIDI));
-		break;
-	case WMM_AC_DIR_DOWNLINK:
-		/* replace existing downlink/bidi tspecs */
-		replace_ts |= existing_ts & (BIT(TS_DIR_IDX_DOWNLINK) |
-					     BIT(TS_DIR_IDX_BIDI));
-		break;
-	case WMM_AC_DIR_BIDIRECTIONAL:
-		/* replace all existing tspecs */
-		replace_ts |= existing_ts;
-		break;
-	default:
-		return -1;
-	}
-
-	return replace_ts;
-}
-
-
-static int wmm_ac_ts_req_is_valid(struct wpa_supplicant *wpa_s,
-				  const struct wmm_ac_ts_setup_params *params)
-{
-	enum wmm_ac req_ac;
-
-#define PARAM_IN_RANGE(field, min_value, max_value) \
-	param_in_range(#field, params->field, min_value, max_value)
-
-	if (!PARAM_IN_RANGE(tsid, 0, WMM_AC_MAX_TID) ||
-	    !PARAM_IN_RANGE(user_priority, 0, WMM_AC_MAX_USER_PRIORITY) ||
-	    !PARAM_IN_RANGE(nominal_msdu_size, 1, WMM_AC_MAX_NOMINAL_MSDU) ||
-	    !PARAM_IN_RANGE(mean_data_rate, 1, -1) ||
-	    !PARAM_IN_RANGE(minimum_phy_rate, 1, -1) ||
-	    !PARAM_IN_RANGE(surplus_bandwidth_allowance, WMM_AC_MIN_SBA_UNITY,
-			    -1))
-		return 0;
-#undef PARAM_IN_RANGE
-
-	if (!(params->direction == WMM_TSPEC_DIRECTION_UPLINK ||
-	      params->direction == WMM_TSPEC_DIRECTION_DOWNLINK ||
-	      params->direction == WMM_TSPEC_DIRECTION_BI_DIRECTIONAL)) {
-		wpa_printf(MSG_DEBUG, "WMM AC: invalid TS direction: %d",
-			   params->direction);
-		return 0;
-	}
-
-	req_ac = up_to_ac[params->user_priority];
-
-	/* Requested access category must have acm */
-	if (!wpa_s->wmm_ac_assoc_info->ac_params[req_ac].acm) {
-		wpa_printf(MSG_DEBUG, "WMM AC: AC %d is not ACM", req_ac);
-		return 0;
-	}
-
-	if (wmm_ac_should_replace_ts(wpa_s, params->tsid, req_ac,
-				     params->direction) < 0)
-		return 0;
-
-	return 1;
-}
-
-
-static struct wmm_ac_assoc_data *
-wmm_ac_process_param_elem(struct wpa_supplicant *wpa_s, const u8 *ies,
-			  size_t ies_len)
-{
-	struct ieee802_11_elems elems;
-	struct wmm_parameter_element *wmm_params;
-	struct wmm_ac_assoc_data *assoc_data;
-	int i;
-
-	/* Parsing WMM Parameter Element */
-	if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
-		wpa_printf(MSG_DEBUG, "WMM AC: could not parse assoc ies");
-		return NULL;
-	}
-
-	if (!elems.wmm) {
-		wpa_printf(MSG_DEBUG, "WMM AC: No WMM IE");
-		return NULL;
-	}
-
-	if (elems.wmm_len != sizeof(*wmm_params)) {
-		wpa_printf(MSG_DEBUG, "WMM AC: Invalid WMM ie length");
-		return NULL;
-	}
-
-	wmm_params = (struct wmm_parameter_element *)(elems.wmm);
-
-	assoc_data = os_zalloc(sizeof(*assoc_data));
-	if (!assoc_data)
-		return NULL;
-
-	for (i = 0; i < WMM_AC_NUM; i++)
-		assoc_data->ac_params[i].acm =
-			!!(wmm_params->ac[i].aci_aifsn & WMM_AC_ACM);
-
-	wpa_printf(MSG_DEBUG,
-		   "WMM AC: AC mandatory: AC_BE=%u AC_BK=%u AC_VI=%u AC_VO=%u",
-		   assoc_data->ac_params[WMM_AC_BE].acm,
-		   assoc_data->ac_params[WMM_AC_BK].acm,
-		   assoc_data->ac_params[WMM_AC_VI].acm,
-		   assoc_data->ac_params[WMM_AC_VO].acm);
-
-	return assoc_data;
-}
-
-
-static int wmm_ac_init(struct wpa_supplicant *wpa_s, const u8 *ies,
-		       size_t ies_len, const struct wmm_params *wmm_params)
-{
-	struct wmm_ac_assoc_data *assoc_data;
-	u8 ac;
-
-	if (wpa_s->wmm_ac_assoc_info) {
-		wpa_printf(MSG_ERROR, "WMM AC: Already initialized");
-		return -1;
-	}
-
-	if (!ies || !(wmm_params->info_bitmap & WMM_PARAMS_UAPSD_QUEUES_INFO)) {
-		/* WMM AC not in use for this connection */
-		return -1;
-	}
-
-	os_memset(wpa_s->tspecs, 0, sizeof(wpa_s->tspecs));
-	wpa_s->wmm_ac_last_dialog_token = 0;
-	wpa_s->addts_request = NULL;
-
-	assoc_data = wmm_ac_process_param_elem(wpa_s, ies, ies_len);
-	if (!assoc_data)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "WMM AC: U-APSD queues=0x%x",
-		   wmm_params->uapsd_queues);
-
-	for (ac = 0; ac < WMM_AC_NUM; ac++) {
-		assoc_data->ac_params[ac].uapsd =
-			!!(wmm_params->uapsd_queues & BIT(ac));
-	}
-
-	wpa_s->wmm_ac_assoc_info = assoc_data;
-	return 0;
-}
-
-
-static void wmm_ac_del_ts(struct wpa_supplicant *wpa_s, u8 ac, int dir_bitmap)
-{
-	enum ts_dir_idx idx;
-
-	for (idx = 0; idx < TS_DIR_IDX_COUNT; idx++) {
-		if (!(dir_bitmap & BIT(idx)))
-			continue;
-
-		wmm_ac_del_ts_idx(wpa_s, ac, idx);
-	}
-}
-
-
-static void wmm_ac_deinit(struct wpa_supplicant *wpa_s)
-{
-	int i;
-
-	for (i = 0; i < WMM_AC_NUM; i++)
-		wmm_ac_del_ts(wpa_s, i, TS_DIR_IDX_ALL);
-
-	/* delete pending add_ts request */
-	wmm_ac_del_req(wpa_s, 1);
-
-	os_free(wpa_s->wmm_ac_assoc_info);
-	wpa_s->wmm_ac_assoc_info = NULL;
-}
-
-
-void wmm_ac_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *ies,
-			 size_t ies_len, const struct wmm_params *wmm_params)
-{
-	if (wmm_ac_init(wpa_s, ies, ies_len, wmm_params))
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "WMM AC: Valid WMM association, WMM AC is enabled");
-}
-
-
-void wmm_ac_notify_disassoc(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->wmm_ac_assoc_info)
-		return;
-
-	wmm_ac_deinit(wpa_s);
-	wpa_printf(MSG_DEBUG, "WMM AC: WMM AC is disabled");
-}
-
-
-int wpas_wmm_ac_delts(struct wpa_supplicant *wpa_s, u8 tsid)
-{
-	struct wmm_tspec_element tspec;
-	int ac;
-	enum ts_dir_idx dir;
-
-	if (!wpa_s->wmm_ac_assoc_info) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Failed to delete TS, WMM AC is disabled");
-		return -1;
-	}
-
-	ac = wmm_ac_find_tsid(wpa_s, tsid, &dir);
-	if (ac < 0) {
-		wpa_printf(MSG_DEBUG, "WMM AC: TS does not exist");
-		return -1;
-	}
-
-	tspec = *wpa_s->tspecs[ac][dir];
-
-	wmm_ac_del_ts_idx(wpa_s, ac, dir);
-
-	wmm_ac_send_delts(wpa_s, &tspec, wpa_s->bssid);
-
-	return 0;
-}
-
-
-int wpas_wmm_ac_addts(struct wpa_supplicant *wpa_s,
-		      struct wmm_ac_ts_setup_params *params)
-{
-	struct wmm_ac_addts_request *addts_req;
-
-	if (!wpa_s->wmm_ac_assoc_info) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Cannot add TS - missing assoc data");
-		return -1;
-	}
-
-	if (wpa_s->addts_request) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: can't add TS - ADDTS request is already pending");
-		return -1;
-	}
-
-	/*
-	 * we can setup downlink TS even without driver support.
-	 * however, we need driver support for the other directions.
-	 */
-	if (params->direction != WMM_AC_DIR_DOWNLINK &&
-	    !wpa_s->wmm_ac_supported) {
-		wpa_printf(MSG_DEBUG,
-			   "Cannot set uplink/bidi TS without driver support");
-		return -1;
-	}
-
-	if (!wmm_ac_ts_req_is_valid(wpa_s, params))
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "WMM AC: TS setup request (addr=" MACSTR
-		   " tsid=%u user priority=%u direction=%d)",
-		   MAC2STR(wpa_s->bssid), params->tsid,
-		   params->user_priority, params->direction);
-
-	addts_req = wmm_ac_build_addts_req(wpa_s, params, wpa_s->bssid);
-	if (!addts_req)
-		return -1;
-
-	if (wmm_ac_send_addts_request(wpa_s, addts_req))
-		goto err;
-
-	/* save as pending and set ADDTS resp timeout to 1 second */
-	wpa_s->addts_request = addts_req;
-	eloop_register_timeout(1, 0, wmm_ac_addts_req_timeout,
-			       wpa_s, addts_req);
-	return 0;
-err:
-	os_free(addts_req);
-	return -1;
-}
-
-
-static void wmm_ac_handle_delts(struct wpa_supplicant *wpa_s, const u8 *sa,
-				const struct wmm_tspec_element *tspec)
-{
-	int ac;
-	u8 tsid;
-	enum ts_dir_idx idx;
-
-	tsid = wmm_ac_get_tsid(tspec);
-
-	wpa_printf(MSG_DEBUG,
-		   "WMM AC: DELTS frame has been received TSID=%u addr="
-		   MACSTR, tsid, MAC2STR(sa));
-
-	ac = wmm_ac_find_tsid(wpa_s, tsid, &idx);
-	if (ac < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Ignoring DELTS frame - TSID does not exist");
-		return;
-	}
-
-	wmm_ac_del_ts_idx(wpa_s, ac, idx);
-
-	wpa_printf(MSG_DEBUG,
-		   "TS was deleted successfully (tsid=%u address=" MACSTR ")",
-		   tsid, MAC2STR(sa));
-}
-
-
-static void wmm_ac_handle_addts_resp(struct wpa_supplicant *wpa_s, const u8 *sa,
-		const u8 resp_dialog_token, const u8 status_code,
-		const struct wmm_tspec_element *tspec)
-{
-	struct wmm_ac_addts_request *req = wpa_s->addts_request;
-	u8 ac, tsid, up, dir;
-	int replace_tspecs;
-
-	tsid = wmm_ac_get_tsid(tspec);
-	dir = wmm_ac_get_direction(tspec);
-	up = wmm_ac_get_user_priority(tspec);
-	ac = up_to_ac[up];
-
-	/* make sure we have a matching addts request */
-	if (!req || req->dialog_token != resp_dialog_token) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: no req with dialog=%u, ignoring frame",
-			   resp_dialog_token);
-		return;
-	}
-
-	/* make sure the params are the same */
-	if (os_memcmp(req->address, sa, ETH_ALEN) != 0 ||
-	    tsid != wmm_ac_get_tsid(&req->tspec) ||
-	    up != wmm_ac_get_user_priority(&req->tspec) ||
-	    dir != wmm_ac_get_direction(&req->tspec)) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: ADDTS params do not match, ignoring frame");
-		return;
-	}
-
-	/* delete pending request */
-	wmm_ac_del_req(wpa_s, 0);
-
-	wpa_printf(MSG_DEBUG,
-		   "ADDTS response status=%d tsid=%u up=%u direction=%u",
-		   status_code, tsid, up, dir);
-
-	if (status_code != WMM_ADDTS_STATUS_ADMISSION_ACCEPTED) {
-		wpa_printf(MSG_INFO, "WMM AC: ADDTS request was rejected");
-		goto err_msg;
-	}
-
-	replace_tspecs = wmm_ac_should_replace_ts(wpa_s, tsid, ac, dir);
-	if (replace_tspecs < 0)
-		goto err_delts;
-
-	wpa_printf(MSG_DEBUG, "ts idx replace bitmap: 0x%x", replace_tspecs);
-
-	/* when replacing tspecs - delete first */
-	wmm_ac_del_ts(wpa_s, ac, replace_tspecs);
-
-	/* Creating a new traffic stream */
-	wpa_printf(MSG_DEBUG,
-		   "WMM AC: adding a new TS with TSID=%u address="MACSTR
-		   " medium time=%u access category=%d dir=%d ",
-		   tsid, MAC2STR(sa),
-		   le_to_host16(tspec->medium_time), ac, dir);
-
-	if (wmm_ac_add_ts(wpa_s, sa, tspec))
-		goto err_delts;
-
-	return;
-
-err_delts:
-	/* ask the ap to delete the tspec */
-	wmm_ac_send_delts(wpa_s, tspec, sa);
-err_msg:
-	wpa_msg(wpa_s, MSG_INFO, WMM_AC_EVENT_TSPEC_REQ_FAILED "tsid=%u",
-		tsid);
-}
-
-
-void wmm_ac_rx_action(struct wpa_supplicant *wpa_s, const u8 *da,
-			const u8 *sa, const u8 *data, size_t len)
-{
-	u8 action;
-	u8 dialog_token;
-	u8 status_code;
-	struct ieee802_11_elems elems;
-	struct wmm_tspec_element *tspec;
-
-	if (wpa_s->wmm_ac_assoc_info == NULL) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: WMM AC is disabled, ignoring action frame");
-		return;
-	}
-
-	action = data[0];
-
-	if (action != WMM_ACTION_CODE_ADDTS_RESP &&
-	    action != WMM_ACTION_CODE_DELTS) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Unknown action (%d), ignoring action frame",
-			   action);
-		return;
-	}
-
-	/* WMM AC action frame */
-	if (os_memcmp(da, wpa_s->own_addr, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "WMM AC: frame destination addr="MACSTR
-			   " is other than ours, ignoring frame", MAC2STR(da));
-		return;
-	}
-
-	if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "WMM AC: ignore frame with sa " MACSTR
-			   " different other than our bssid", MAC2STR(da));
-		return;
-	}
-
-	if (len < 2 + sizeof(struct wmm_tspec_element)) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Short ADDTS response ignored (len=%lu)",
-			   (unsigned long) len);
-		return;
-	}
-
-	data++;
-	len--;
-	dialog_token = data[0];
-	status_code = data[1];
-
-	if (ieee802_11_parse_elems(data + 2, len - 2, &elems, 1) != ParseOK) {
-		wpa_printf(MSG_DEBUG,
-			   "WMM AC: Could not parse WMM AC action from " MACSTR,
-			   MAC2STR(sa));
-		return;
-	}
-
-	/* the struct also contains the type and value, so decrease it */
-	if (elems.wmm_tspec_len != sizeof(struct wmm_tspec_element) - 2) {
-		wpa_printf(MSG_DEBUG, "WMM AC: missing or wrong length TSPEC");
-		return;
-	}
-
-	tspec = (struct wmm_tspec_element *)(elems.wmm_tspec - 2);
-
-	wpa_printf(MSG_DEBUG, "WMM AC: RX WMM AC Action from " MACSTR,
-		   MAC2STR(sa));
-	wpa_hexdump(MSG_MSGDUMP, "WMM AC: WMM AC Action content", data, len);
-
-	switch (action) {
-	case WMM_ACTION_CODE_ADDTS_RESP:
-		wmm_ac_handle_addts_resp(wpa_s, sa, dialog_token, status_code,
-					 tspec);
-		break;
-	case WMM_ACTION_CODE_DELTS:
-		wmm_ac_handle_delts(wpa_s, sa, tspec);
-		break;
-	default:
-		break;
-	}
-}
-
-
-static const char * get_ac_str(u8 ac)
-{
-	switch (ac) {
-	case WMM_AC_BE:
-		return "BE";
-	case WMM_AC_BK:
-		return "BK";
-	case WMM_AC_VI:
-		return "VI";
-	case WMM_AC_VO:
-		return "VO";
-	default:
-		return "N/A";
-	}
-}
-
-
-static const char * get_direction_str(u8 direction)
-{
-	switch (direction) {
-	case WMM_AC_DIR_DOWNLINK:
-		return "Downlink";
-	case WMM_AC_DIR_UPLINK:
-		return "Uplink";
-	case WMM_AC_DIR_BIDIRECTIONAL:
-		return "Bi-directional";
-	default:
-		return "N/A";
-	}
-}
-
-
-int wpas_wmm_ac_status(struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
-{
-	struct wmm_ac_assoc_data *assoc_info = wpa_s->wmm_ac_assoc_info;
-	enum ts_dir_idx idx;
-	int pos = 0;
-	u8 ac, up;
-
-	if (!assoc_info) {
-		return wpa_scnprintf(buf, buflen - pos,
-				     "Not associated to a WMM AP, WMM AC is Disabled\n");
-	}
-
-	pos += wpa_scnprintf(buf + pos, buflen - pos, "WMM AC is Enabled\n");
-
-	for (ac = 0; ac < WMM_AC_NUM; ac++) {
-		int ts_count = 0;
-
-		pos += wpa_scnprintf(buf + pos, buflen - pos,
-				     "%s: acm=%d uapsd=%d\n",
-				     get_ac_str(ac),
-				     assoc_info->ac_params[ac].acm,
-				     assoc_info->ac_params[ac].uapsd);
-
-		for (idx = 0; idx < TS_DIR_IDX_COUNT; idx++) {
-			struct wmm_tspec_element *tspec;
-			u8 dir, tsid;
-			const char *dir_str;
-
-			tspec = wpa_s->tspecs[ac][idx];
-			if (!tspec)
-				continue;
-
-			ts_count++;
-
-			dir = wmm_ac_get_direction(tspec);
-			dir_str = get_direction_str(dir);
-			tsid = wmm_ac_get_tsid(tspec);
-			up = wmm_ac_get_user_priority(tspec);
-
-			pos += wpa_scnprintf(buf + pos, buflen - pos,
-					     "\tTSID=%u UP=%u\n"
-					     "\tAddress = "MACSTR"\n"
-					     "\tWMM AC dir = %s\n"
-					     "\tTotal admitted time = %u\n\n",
-					     tsid, up,
-					     MAC2STR(wpa_s->bssid),
-					     dir_str,
-					     le_to_host16(tspec->medium_time));
-		}
-
-		if (!ts_count) {
-			pos += wpa_scnprintf(buf + pos, buflen - pos,
-					     "\t(No Traffic Stream)\n\n");
-		}
-	}
-
-	return pos;
-}
-
-
-static u8 wmm_ac_get_tspecs_count(struct wpa_supplicant *wpa_s)
-{
-	int ac, dir, tspecs_count = 0;
-
-	for (ac = 0; ac < WMM_AC_NUM; ac++) {
-		for (dir = 0; dir < TS_DIR_IDX_COUNT; dir++) {
-			if (wpa_s->tspecs[ac][dir])
-				tspecs_count++;
-		}
-	}
-
-	return tspecs_count;
-}
-
-
-void wmm_ac_save_tspecs(struct wpa_supplicant *wpa_s)
-{
-	int ac, dir, tspecs_count;
-
-	wpa_printf(MSG_DEBUG, "WMM AC: Save last configured tspecs");
-
-	if (!wpa_s->wmm_ac_assoc_info)
-		return;
-
-	tspecs_count = wmm_ac_get_tspecs_count(wpa_s);
-	if (!tspecs_count) {
-		wpa_printf(MSG_DEBUG, "WMM AC: No configured TSPECs");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "WMM AC: Saving tspecs");
-
-	wmm_ac_clear_saved_tspecs(wpa_s);
-	wpa_s->last_tspecs = os_calloc(tspecs_count,
-				       sizeof(*wpa_s->last_tspecs));
-	if (!wpa_s->last_tspecs) {
-		wpa_printf(MSG_ERROR, "WMM AC: Failed to save tspecs!");
-		return;
-	}
-
-	for (ac = 0; ac < WMM_AC_NUM; ac++) {
-		for (dir = 0; dir < TS_DIR_IDX_COUNT; dir++) {
-			if (!wpa_s->tspecs[ac][dir])
-				continue;
-
-			wpa_s->last_tspecs[wpa_s->last_tspecs_count++] =
-				*wpa_s->tspecs[ac][dir];
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "WMM AC: Successfully saved %d TSPECs",
-		   wpa_s->last_tspecs_count);
-}
-
-
-void wmm_ac_clear_saved_tspecs(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->last_tspecs) {
-		wpa_printf(MSG_DEBUG, "WMM AC: Clear saved tspecs");
-		os_free(wpa_s->last_tspecs);
-		wpa_s->last_tspecs = NULL;
-		wpa_s->last_tspecs_count = 0;
-	}
-}
-
-
-int wmm_ac_restore_tspecs(struct wpa_supplicant *wpa_s)
-{
-	unsigned int i;
-
-	if (!wpa_s->wmm_ac_assoc_info || !wpa_s->last_tspecs_count)
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "WMM AC: Restore %u saved tspecs",
-		   wpa_s->last_tspecs_count);
-
-	for (i = 0; i < wpa_s->last_tspecs_count; i++)
-		wmm_ac_add_ts(wpa_s, wpa_s->bssid, &wpa_s->last_tspecs[i]);
-
-	return 0;
-}
diff --git a/wpa_supplicant/wmm_ac.h b/wpa_supplicant/wmm_ac.h
deleted file mode 100644
index 0d15ad01cc58..000000000000
--- a/wpa_supplicant/wmm_ac.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Wi-Fi Multimedia Admission Control (WMM-AC)
- * Copyright(c) 2014, Intel Mobile Communication GmbH.
- * Copyright(c) 2014, Intel Corporation. All rights reserved.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WMM_AC_H
-#define WMM_AC_H
-
-#include "common/ieee802_11_defs.h"
-#include "drivers/driver.h"
-
-struct wpa_supplicant;
-
-#define WMM_AC_ACCESS_POLICY_EDCA 1
-#define WMM_AC_FIXED_MSDU_SIZE BIT(15)
-
-#define WMM_AC_MAX_TID 7
-#define WMM_AC_MAX_USER_PRIORITY 7
-#define WMM_AC_MIN_SBA_UNITY 0x2000
-#define WMM_AC_MAX_NOMINAL_MSDU 32767
-
-/**
- * struct wmm_ac_assoc_data - WMM Admission Control Association Data
- *
- * This struct will store any relevant WMM association data needed by WMM AC.
- * In case there is a valid WMM association, an instance of this struct will be
- * created. In case there is no instance of this struct, the station is not
- * associated to a valid WMM BSS and hence, WMM AC will not be used.
- */
-struct wmm_ac_assoc_data {
-	struct {
-		/*
-		 * acm - Admission Control Mandatory
-		 * In case an access category is ACM, the traffic will have
-		 * to be admitted by WMM-AC's admission mechanism before use.
-		 */
-		unsigned int acm:1;
-
-		/*
-		 * uapsd_queues - Unscheduled Automatic Power Save Delivery
-		 *		  queues.
-		 * Indicates whether ACs are configured for U-APSD (or legacy
-		 * PS). Storing this value is necessary in order to set the
-		 * Power Save Bit (PSB) in ADDTS request Action frames (if not
-		 * given).
-		 */
-		unsigned int uapsd:1;
-	} ac_params[WMM_AC_NUM];
-};
-
-/**
- * wmm_ac_dir - WMM Admission Control Direction
- */
-enum wmm_ac_dir {
-	WMM_AC_DIR_UPLINK = 0,
-	WMM_AC_DIR_DOWNLINK = 1,
-	WMM_AC_DIR_BIDIRECTIONAL = 3
-};
-
-/**
- * ts_dir_idx - indices of internally saved tspecs
- *
- * we can have multiple tspecs (downlink + uplink) per ac.
- * save them in array, and use the enum to directly access
- * the respective tspec slot (according to the direction).
- */
-enum ts_dir_idx {
-	TS_DIR_IDX_UPLINK,
-	TS_DIR_IDX_DOWNLINK,
-	TS_DIR_IDX_BIDI,
-
-	TS_DIR_IDX_COUNT
-};
-#define TS_DIR_IDX_ALL (BIT(TS_DIR_IDX_COUNT) - 1)
-
-/**
- * struct wmm_ac_addts_request - ADDTS Request Information
- *
- * The last sent ADDTS request(s) will be saved as element(s) of this struct in
- * order to be compared with the received ADDTS response in ADDTS response
- * action frame handling and should be stored until that point.
- * In case a new traffic stream will be created/replaced/updated, only its
- * relevant traffic stream information will be stored as a wmm_ac_ts struct.
- */
-struct wmm_ac_addts_request {
-	/*
-	 * dialog token - Used to link the received ADDTS response with this
-	 * saved ADDTS request when ADDTS response is being handled
-	 */
-	u8 dialog_token;
-
-	/*
-	 * address - The alleged traffic stream's receiver/transmitter address
-	 * Address and TID are used to identify the TS (TID is contained in
-	 * TSPEC)
-	 */
-	u8 address[ETH_ALEN];
-
-	/*
-	 * tspec - Traffic Stream Specification, will be used to compare the
-	 * sent TSPEC in ADDTS request to the received TSPEC in ADDTS response
-	 * and act accordingly in ADDTS response handling
-	 */
-	struct wmm_tspec_element tspec;
-};
-
-
-/**
- * struct wmm_ac_ts_setup_params - TS setup parameters
- *
- * This struct holds parameters which should be provided
- * to wmm_ac_ts_setup in order to setup a traffic stream
- */
-struct wmm_ac_ts_setup_params {
-	/*
-	 * tsid - Traffic ID
-	 * TID and address are used to identify the TS
-	 */
-	int tsid;
-
-	/*
-	 * direction - Traffic Stream's direction
-	 */
-	enum wmm_ac_dir direction;
-
-	/*
-	 * user_priority - Traffic Stream's user priority
-	 */
-	int user_priority;
-
-	/*
-	 * nominal_msdu_size - Nominal MAC service data unit size
-	 */
-	int nominal_msdu_size;
-
-	/*
-	 * fixed_nominal_msdu - Whether the size is fixed
-	 * 0 = Nominal MSDU size is not fixed
-	 * 1 = Nominal MSDU size is fixed
-	 */
-	int fixed_nominal_msdu;
-
-	/*
-	 * surplus_bandwidth_allowance - Specifies excess time allocation
-	 */
-	int mean_data_rate;
-
-	/*
-	 * minimum_phy_rate - Specifies the minimum supported PHY rate in bps
-	 */
-	int minimum_phy_rate;
-
-	/*
-	 * surplus_bandwidth_allowance - Specifies excess time allocation
-	 */
-	int surplus_bandwidth_allowance;
-};
-
-void wmm_ac_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *ies,
-			 size_t ies_len, const struct wmm_params *wmm_params);
-void wmm_ac_notify_disassoc(struct wpa_supplicant *wpa_s);
-int wpas_wmm_ac_addts(struct wpa_supplicant *wpa_s,
-		      struct wmm_ac_ts_setup_params *params);
-int wpas_wmm_ac_delts(struct wpa_supplicant *wpa_s, u8 tsid);
-void wmm_ac_rx_action(struct wpa_supplicant *wpa_s, const u8 *da,
-			const u8 *sa, const u8 *data, size_t len);
-int wpas_wmm_ac_status(struct wpa_supplicant *wpa_s, char *buf, size_t buflen);
-void wmm_ac_save_tspecs(struct wpa_supplicant *wpa_s);
-void wmm_ac_clear_saved_tspecs(struct wpa_supplicant *wpa_s);
-int wmm_ac_restore_tspecs(struct wpa_supplicant *wpa_s);
-
-#endif /* WMM_AC_H */
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
deleted file mode 100644
index 8a1a44690ba5..000000000000
--- a/wpa_supplicant/wnm_sta.c
+++ /dev/null
@@ -1,1970 +0,0 @@
-/*
- * wpa_supplicant - WNM
- * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/wpa_ctrl.h"
-#include "common/ocv.h"
-#include "rsn_supp/wpa.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "scan.h"
-#include "ctrl_iface.h"
-#include "bss.h"
-#include "wnm_sta.h"
-#include "notify.h"
-#include "hs20_supplicant.h"
-
-#define MAX_TFS_IE_LEN  1024
-#define WNM_MAX_NEIGHBOR_REPORT 10
-
-#define WNM_SCAN_RESULT_AGE 2 /* 2 seconds */
-
-/* get the TFS IE from driver */
-static int ieee80211_11_get_tfs_ie(struct wpa_supplicant *wpa_s, u8 *buf,
-				   u16 *buf_len, enum wnm_oper oper)
-{
-	wpa_printf(MSG_DEBUG, "%s: TFS get operation %d", __func__, oper);
-
-	return wpa_drv_wnm_oper(wpa_s, oper, wpa_s->bssid, buf, buf_len);
-}
-
-
-/* set the TFS IE to driver */
-static int ieee80211_11_set_tfs_ie(struct wpa_supplicant *wpa_s,
-				   const u8 *addr, const u8 *buf, u16 buf_len,
-				   enum wnm_oper oper)
-{
-	u16 len = buf_len;
-
-	wpa_printf(MSG_DEBUG, "%s: TFS set operation %d", __func__, oper);
-
-	return wpa_drv_wnm_oper(wpa_s, oper, addr, (u8 *) buf, &len);
-}
-
-
-/* MLME-SLEEPMODE.request */
-int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s,
-				 u8 action, u16 intval, struct wpabuf *tfs_req)
-{
-	struct ieee80211_mgmt *mgmt;
-	int res;
-	size_t len;
-	struct wnm_sleep_element *wnmsleep_ie;
-	u8 *wnmtfs_ie, *oci_ie;
-	u8 wnmsleep_ie_len, oci_ie_len;
-	u16 wnmtfs_ie_len;  /* possibly multiple IE(s) */
-	enum wnm_oper tfs_oper = action == 0 ? WNM_SLEEP_TFS_REQ_IE_ADD :
-		WNM_SLEEP_TFS_REQ_IE_NONE;
-
-	wpa_printf(MSG_DEBUG, "WNM: Request to send WNM-Sleep Mode Request "
-		   "action=%s to " MACSTR,
-		   action == 0 ? "enter" : "exit",
-		   MAC2STR(wpa_s->bssid));
-
-	/* WNM-Sleep Mode IE */
-	wnmsleep_ie_len = sizeof(struct wnm_sleep_element);
-	wnmsleep_ie = os_zalloc(sizeof(struct wnm_sleep_element));
-	if (wnmsleep_ie == NULL)
-		return -1;
-	wnmsleep_ie->eid = WLAN_EID_WNMSLEEP;
-	wnmsleep_ie->len = wnmsleep_ie_len - 2;
-	wnmsleep_ie->action_type = action;
-	wnmsleep_ie->status = WNM_STATUS_SLEEP_ACCEPT;
-	wnmsleep_ie->intval = host_to_le16(intval);
-	wpa_hexdump(MSG_DEBUG, "WNM: WNM-Sleep Mode element",
-		    (u8 *) wnmsleep_ie, wnmsleep_ie_len);
-
-	/* TFS IE(s) */
-	if (tfs_req) {
-		wnmtfs_ie_len = wpabuf_len(tfs_req);
-		wnmtfs_ie = os_memdup(wpabuf_head(tfs_req), wnmtfs_ie_len);
-		if (wnmtfs_ie == NULL) {
-			os_free(wnmsleep_ie);
-			return -1;
-		}
-	} else {
-		wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN);
-		if (wnmtfs_ie == NULL) {
-			os_free(wnmsleep_ie);
-			return -1;
-		}
-		if (ieee80211_11_get_tfs_ie(wpa_s, wnmtfs_ie, &wnmtfs_ie_len,
-					    tfs_oper)) {
-			wnmtfs_ie_len = 0;
-			os_free(wnmtfs_ie);
-			wnmtfs_ie = NULL;
-		}
-	}
-	wpa_hexdump(MSG_DEBUG, "WNM: TFS Request element",
-		    (u8 *) wnmtfs_ie, wnmtfs_ie_len);
-
-	oci_ie = NULL;
-	oci_ie_len = 0;
-#ifdef CONFIG_OCV
-	if (action == WNM_SLEEP_MODE_EXIT && wpa_sm_ocv_enabled(wpa_s->wpa)) {
-		struct wpa_channel_info ci;
-
-		if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-			wpa_printf(MSG_WARNING,
-				   "Failed to get channel info for OCI element in WNM-Sleep Mode frame");
-			os_free(wnmsleep_ie);
-			os_free(wnmtfs_ie);
-			return -1;
-		}
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->oci_freq_override_wnm_sleep) {
-			wpa_printf(MSG_INFO,
-				   "TEST: Override OCI KDE frequency %d -> %d MHz",
-				   ci.frequency,
-				   wpa_s->oci_freq_override_wnm_sleep);
-			ci.frequency = wpa_s->oci_freq_override_wnm_sleep;
-		}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-		oci_ie_len = OCV_OCI_EXTENDED_LEN;
-		oci_ie = os_zalloc(oci_ie_len);
-		if (!oci_ie) {
-			wpa_printf(MSG_WARNING,
-				   "Failed to allocate buffer for for OCI element in WNM-Sleep Mode frame");
-			os_free(wnmsleep_ie);
-			os_free(wnmtfs_ie);
-			return -1;
-		}
-
-		if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
-			os_free(wnmsleep_ie);
-			os_free(wnmtfs_ie);
-			os_free(oci_ie);
-			return -1;
-		}
-	}
-#endif /* CONFIG_OCV */
-
-	mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + wnmtfs_ie_len +
-			 oci_ie_len);
-	if (mgmt == NULL) {
-		wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
-			   "WNM-Sleep Request action frame");
-		os_free(wnmsleep_ie);
-		os_free(wnmtfs_ie);
-		return -1;
-	}
-
-	os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
-	os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
-	os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
-	mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
-					   WLAN_FC_STYPE_ACTION);
-	mgmt->u.action.category = WLAN_ACTION_WNM;
-	mgmt->u.action.u.wnm_sleep_req.action = WNM_SLEEP_MODE_REQ;
-	mgmt->u.action.u.wnm_sleep_req.dialogtoken = 1;
-	os_memcpy(mgmt->u.action.u.wnm_sleep_req.variable, wnmsleep_ie,
-		  wnmsleep_ie_len);
-	/* copy TFS IE here */
-	if (wnmtfs_ie_len > 0) {
-		os_memcpy(mgmt->u.action.u.wnm_sleep_req.variable +
-			  wnmsleep_ie_len, wnmtfs_ie, wnmtfs_ie_len);
-	}
-
-#ifdef CONFIG_OCV
-	/* copy OCV OCI here */
-	if (oci_ie_len > 0) {
-		os_memcpy(mgmt->u.action.u.wnm_sleep_req.variable +
-			  wnmsleep_ie_len + wnmtfs_ie_len, oci_ie, oci_ie_len);
-	}
-#endif /* CONFIG_OCV */
-
-	len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_req) + wnmsleep_ie_len +
-		wnmtfs_ie_len + oci_ie_len;
-
-	res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  &mgmt->u.action.category, len, 0);
-	if (res < 0)
-		wpa_printf(MSG_DEBUG, "Failed to send WNM-Sleep Request "
-			   "(action=%d, intval=%d)", action, intval);
-	else
-		wpa_s->wnmsleep_used = 1;
-
-	os_free(wnmsleep_ie);
-	os_free(wnmtfs_ie);
-	os_free(oci_ie);
-	os_free(mgmt);
-
-	return res;
-}
-
-
-static void wnm_sleep_mode_enter_success(struct wpa_supplicant *wpa_s,
-					 const u8 *tfsresp_ie_start,
-					 const u8 *tfsresp_ie_end)
-{
-	wpa_drv_wnm_oper(wpa_s, WNM_SLEEP_ENTER_CONFIRM,
-			 wpa_s->bssid, NULL, NULL);
-	/* remove GTK/IGTK ?? */
-
-	/* set the TFS Resp IE(s) */
-	if (tfsresp_ie_start && tfsresp_ie_end &&
-	    tfsresp_ie_end - tfsresp_ie_start >= 0) {
-		u16 tfsresp_ie_len;
-		tfsresp_ie_len = (tfsresp_ie_end + tfsresp_ie_end[1] + 2) -
-			tfsresp_ie_start;
-		wpa_printf(MSG_DEBUG, "TFS Resp IE(s) found");
-		/* pass the TFS Resp IE(s) to driver for processing */
-		if (ieee80211_11_set_tfs_ie(wpa_s, wpa_s->bssid,
-					    tfsresp_ie_start,
-					    tfsresp_ie_len,
-					    WNM_SLEEP_TFS_RESP_IE_SET))
-			wpa_printf(MSG_DEBUG, "WNM: Fail to set TFS Resp IE");
-	}
-}
-
-
-static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s,
-					const u8 *frm, u16 key_len_total)
-{
-	u8 *ptr, *end;
-	u8 gtk_len;
-
-	wpa_drv_wnm_oper(wpa_s, WNM_SLEEP_EXIT_CONFIRM,  wpa_s->bssid,
-			 NULL, NULL);
-
-	/* Install GTK/IGTK */
-
-	/* point to key data field */
-	ptr = (u8 *) frm + 1 + 2;
-	end = ptr + key_len_total;
-	wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
-
-	if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
-		return;
-	}
-
-	while (end - ptr > 1) {
-		if (2 + ptr[1] > end - ptr) {
-			wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
-				   "length");
-			if (end > ptr) {
-				wpa_hexdump(MSG_DEBUG, "WNM: Remaining data",
-					    ptr, end - ptr);
-			}
-			break;
-		}
-		if (*ptr == WNM_SLEEP_SUBELEM_GTK) {
-			if (ptr[1] < 11 + 5) {
-				wpa_printf(MSG_DEBUG, "WNM: Too short GTK "
-					   "subelem");
-				break;
-			}
-			gtk_len = *(ptr + 4);
-			if (ptr[1] < 11 + gtk_len ||
-			    gtk_len < 5 || gtk_len > 32) {
-				wpa_printf(MSG_DEBUG, "WNM: Invalid GTK "
-					   "subelem");
-				break;
-			}
-			wpa_wnmsleep_install_key(
-				wpa_s->wpa,
-				WNM_SLEEP_SUBELEM_GTK,
-				ptr);
-			ptr += 13 + gtk_len;
-		} else if (*ptr == WNM_SLEEP_SUBELEM_IGTK) {
-			if (ptr[1] < 2 + 6 + WPA_IGTK_LEN) {
-				wpa_printf(MSG_DEBUG, "WNM: Too short IGTK "
-					   "subelem");
-				break;
-			}
-			wpa_wnmsleep_install_key(wpa_s->wpa,
-						 WNM_SLEEP_SUBELEM_IGTK, ptr);
-			ptr += 10 + WPA_IGTK_LEN;
-		} else if (*ptr == WNM_SLEEP_SUBELEM_BIGTK) {
-			if (ptr[1] < 2 + 6 + WPA_BIGTK_LEN) {
-				wpa_printf(MSG_DEBUG,
-					   "WNM: Too short BIGTK subelem");
-				break;
-			}
-			wpa_wnmsleep_install_key(wpa_s->wpa,
-						 WNM_SLEEP_SUBELEM_BIGTK, ptr);
-			ptr += 10 + WPA_BIGTK_LEN;
-		} else
-			break; /* skip the loop */
-	}
-}
-
-
-static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
-					const u8 *frm, int len)
-{
-	/*
-	 * Action [1] | Dialog Token [1] | Key Data Len [2] | Key Data |
-	 * WNM-Sleep Mode IE | TFS Response IE
-	 */
-	const u8 *pos = frm; /* point to payload after the action field */
-	u16 key_len_total;
-	struct wnm_sleep_element *wnmsleep_ie = NULL;
-	/* multiple TFS Resp IE (assuming consecutive) */
-	const u8 *tfsresp_ie_start = NULL;
-	const u8 *tfsresp_ie_end = NULL;
-#ifdef CONFIG_OCV
-	const u8 *oci_ie = NULL;
-	u8 oci_ie_len = 0;
-#endif /* CONFIG_OCV */
-	size_t left;
-
-	if (!wpa_s->wnmsleep_used) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
-		return;
-	}
-
-	if (len < 3)
-		return;
-	key_len_total = WPA_GET_LE16(frm + 1);
-
-	wpa_printf(MSG_DEBUG, "WNM-Sleep Mode Response token=%u key_len_total=%d",
-		   frm[0], key_len_total);
-	left = len - 3;
-	if (key_len_total > left) {
-		wpa_printf(MSG_INFO, "WNM: Too short frame for Key Data field");
-		return;
-	}
-	pos += 3 + key_len_total;
-	while (pos - frm + 1 < len) {
-		u8 ie_len = *(pos + 1);
-		if (2 + ie_len > frm + len - pos) {
-			wpa_printf(MSG_INFO, "WNM: Invalid IE len %u", ie_len);
-			break;
-		}
-		wpa_hexdump(MSG_DEBUG, "WNM: Element", pos, 2 + ie_len);
-		if (*pos == WLAN_EID_WNMSLEEP && ie_len >= 4)
-			wnmsleep_ie = (struct wnm_sleep_element *) pos;
-		else if (*pos == WLAN_EID_TFS_RESP) {
-			if (!tfsresp_ie_start)
-				tfsresp_ie_start = pos;
-			tfsresp_ie_end = pos;
-#ifdef CONFIG_OCV
-		} else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 &&
-			   pos[2] == WLAN_EID_EXT_OCV_OCI) {
-			oci_ie = pos + 3;
-			oci_ie_len = ie_len - 1;
-#endif /* CONFIG_OCV */
-		} else
-			wpa_printf(MSG_DEBUG, "EID %d not recognized", *pos);
-		pos += ie_len + 2;
-	}
-
-	if (!wnmsleep_ie) {
-		wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found");
-		return;
-	}
-
-#ifdef CONFIG_OCV
-	if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT &&
-	    wpa_sm_ocv_enabled(wpa_s->wpa)) {
-		struct wpa_channel_info ci;
-
-		if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
-			wpa_msg(wpa_s, MSG_WARNING,
-				"Failed to get channel info to validate received OCI in WNM-Sleep Mode frame");
-			return;
-		}
-
-		if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci,
-					 channel_width_to_int(ci.chanwidth),
-					 ci.seg1_idx) != OCI_SUCCESS) {
-			wpa_msg(wpa_s, MSG_WARNING, "WNM: OCV failed: %s",
-				ocv_errorstr);
-			return;
-		}
-	}
-#endif /* CONFIG_OCV */
-
-	wpa_s->wnmsleep_used = 0;
-
-	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
-	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
-		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
-			   "frame (action=%d, intval=%d)",
-			   wnmsleep_ie->action_type, wnmsleep_ie->intval);
-		if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER) {
-			wnm_sleep_mode_enter_success(wpa_s, tfsresp_ie_start,
-						     tfsresp_ie_end);
-		} else if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) {
-			wnm_sleep_mode_exit_success(wpa_s, frm, key_len_total);
-		}
-	} else {
-		wpa_printf(MSG_DEBUG, "Reject recv WNM-Sleep Response frame "
-			   "(action=%d, intval=%d)",
-			   wnmsleep_ie->action_type, wnmsleep_ie->intval);
-		if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER)
-			wpa_drv_wnm_oper(wpa_s, WNM_SLEEP_ENTER_FAIL,
-					 wpa_s->bssid, NULL, NULL);
-		else if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT)
-			wpa_drv_wnm_oper(wpa_s, WNM_SLEEP_EXIT_FAIL,
-					 wpa_s->bssid, NULL, NULL);
-	}
-}
-
-
-void wnm_deallocate_memory(struct wpa_supplicant *wpa_s)
-{
-	int i;
-
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
-		os_free(wpa_s->wnm_neighbor_report_elements[i].meas_pilot);
-		os_free(wpa_s->wnm_neighbor_report_elements[i].mul_bssid);
-	}
-
-	wpa_s->wnm_num_neighbor_report = 0;
-	os_free(wpa_s->wnm_neighbor_report_elements);
-	wpa_s->wnm_neighbor_report_elements = NULL;
-
-	wpabuf_free(wpa_s->coloc_intf_elems);
-	wpa_s->coloc_intf_elems = NULL;
-}
-
-
-static void wnm_parse_neighbor_report_elem(struct neighbor_report *rep,
-					   u8 id, u8 elen, const u8 *pos)
-{
-	switch (id) {
-	case WNM_NEIGHBOR_TSF:
-		if (elen < 2 + 2) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short TSF");
-			break;
-		}
-		rep->tsf_offset = WPA_GET_LE16(pos);
-		rep->beacon_int = WPA_GET_LE16(pos + 2);
-		rep->tsf_present = 1;
-		break;
-	case WNM_NEIGHBOR_CONDENSED_COUNTRY_STRING:
-		if (elen < 2) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short condensed "
-				   "country string");
-			break;
-		}
-		os_memcpy(rep->country, pos, 2);
-		rep->country_present = 1;
-		break;
-	case WNM_NEIGHBOR_BSS_TRANSITION_CANDIDATE:
-		if (elen < 1) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short BSS transition "
-				   "candidate");
-			break;
-		}
-		rep->preference = pos[0];
-		rep->preference_present = 1;
-		break;
-	case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
-		if (elen < 10) {
-			wpa_printf(MSG_DEBUG,
-				   "WNM: Too short BSS termination duration");
-			break;
-		}
-		rep->bss_term_tsf = WPA_GET_LE64(pos);
-		rep->bss_term_dur = WPA_GET_LE16(pos + 8);
-		rep->bss_term_present = 1;
-		break;
-	case WNM_NEIGHBOR_BEARING:
-		if (elen < 8) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short neighbor "
-				   "bearing");
-			break;
-		}
-		rep->bearing = WPA_GET_LE16(pos);
-		rep->distance = WPA_GET_LE32(pos + 2);
-		rep->rel_height = WPA_GET_LE16(pos + 2 + 4);
-		rep->bearing_present = 1;
-		break;
-	case WNM_NEIGHBOR_MEASUREMENT_PILOT:
-		if (elen < 1) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short measurement "
-				   "pilot");
-			break;
-		}
-		os_free(rep->meas_pilot);
-		rep->meas_pilot = os_zalloc(sizeof(struct measurement_pilot));
-		if (rep->meas_pilot == NULL)
-			break;
-		rep->meas_pilot->measurement_pilot = pos[0];
-		rep->meas_pilot->subelem_len = elen - 1;
-		os_memcpy(rep->meas_pilot->subelems, pos + 1, elen - 1);
-		break;
-	case WNM_NEIGHBOR_RRM_ENABLED_CAPABILITIES:
-		if (elen < 5) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short RRM enabled "
-				   "capabilities");
-			break;
-		}
-		os_memcpy(rep->rm_capab, pos, 5);
-		rep->rm_capab_present = 1;
-		break;
-	case WNM_NEIGHBOR_MULTIPLE_BSSID:
-		if (elen < 1) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short multiple BSSID");
-			break;
-		}
-		os_free(rep->mul_bssid);
-		rep->mul_bssid = os_zalloc(sizeof(struct multiple_bssid));
-		if (rep->mul_bssid == NULL)
-			break;
-		rep->mul_bssid->max_bssid_indicator = pos[0];
-		rep->mul_bssid->subelem_len = elen - 1;
-		os_memcpy(rep->mul_bssid->subelems, pos + 1, elen - 1);
-		break;
-	}
-}
-
-
-static int wnm_nei_get_chan(struct wpa_supplicant *wpa_s, u8 op_class, u8 chan)
-{
-	struct wpa_bss *bss = wpa_s->current_bss;
-	const char *country = NULL;
-	int freq;
-
-	if (bss) {
-		const u8 *elem = wpa_bss_get_ie(bss, WLAN_EID_COUNTRY);
-
-		if (elem && elem[1] >= 2)
-			country = (const char *) (elem + 2);
-	}
-
-	freq = ieee80211_chan_to_freq(country, op_class, chan);
-	if (freq <= 0 && op_class == 0) {
-		/*
-		 * Some APs do not advertise correct operating class
-		 * information. Try to determine the most likely operating
-		 * frequency based on the channel number.
-		 */
-		if (chan >= 1 && chan <= 13)
-			freq = 2407 + chan * 5;
-		else if (chan == 14)
-			freq = 2484;
-		else if (chan >= 36 && chan <= 177)
-			freq = 5000 + chan * 5;
-	}
-	return freq;
-}
-
-
-static void wnm_parse_neighbor_report(struct wpa_supplicant *wpa_s,
-				      const u8 *pos, u8 len,
-				      struct neighbor_report *rep)
-{
-	u8 left = len;
-
-	if (left < 13) {
-		wpa_printf(MSG_DEBUG, "WNM: Too short neighbor report");
-		return;
-	}
-
-	os_memcpy(rep->bssid, pos, ETH_ALEN);
-	rep->bssid_info = WPA_GET_LE32(pos + ETH_ALEN);
-	rep->regulatory_class = *(pos + 10);
-	rep->channel_number = *(pos + 11);
-	rep->phy_type = *(pos + 12);
-
-	pos += 13;
-	left -= 13;
-
-	while (left >= 2) {
-		u8 id, elen;
-
-		id = *pos++;
-		elen = *pos++;
-		wpa_printf(MSG_DEBUG, "WNM: Subelement id=%u len=%u", id, elen);
-		left -= 2;
-		if (elen > left) {
-			wpa_printf(MSG_DEBUG,
-				   "WNM: Truncated neighbor report subelement");
-			break;
-		}
-		wnm_parse_neighbor_report_elem(rep, id, elen, pos);
-		left -= elen;
-		pos += elen;
-	}
-
-	rep->freq = wnm_nei_get_chan(wpa_s, rep->regulatory_class,
-				     rep->channel_number);
-}
-
-
-static void wnm_clear_acceptable(struct wpa_supplicant *wpa_s)
-{
-	unsigned int i;
-
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++)
-		wpa_s->wnm_neighbor_report_elements[i].acceptable = 0;
-}
-
-
-static struct wpa_bss * get_first_acceptable(struct wpa_supplicant *wpa_s)
-{
-	unsigned int i;
-	struct neighbor_report *nei;
-
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
-		nei = &wpa_s->wnm_neighbor_report_elements[i];
-		if (nei->acceptable)
-			return wpa_bss_get_bssid(wpa_s, nei->bssid);
-	}
-
-	return NULL;
-}
-
-
-#ifdef CONFIG_MBO
-static struct wpa_bss *
-get_mbo_transition_candidate(struct wpa_supplicant *wpa_s,
-			     enum mbo_transition_reject_reason *reason)
-{
-	struct wpa_bss *target = NULL;
-	struct wpa_bss_trans_info params;
-	struct wpa_bss_candidate_info *info = NULL;
-	struct neighbor_report *nei = wpa_s->wnm_neighbor_report_elements;
-	u8 *first_candidate_bssid = NULL, *pos;
-	unsigned int i;
-
-	params.mbo_transition_reason = wpa_s->wnm_mbo_transition_reason;
-	params.n_candidates = 0;
-	params.bssid = os_calloc(wpa_s->wnm_num_neighbor_report, ETH_ALEN);
-	if (!params.bssid)
-		return NULL;
-
-	pos = params.bssid;
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; nei++, i++) {
-		if (nei->is_first)
-			first_candidate_bssid = nei->bssid;
-		if (!nei->acceptable)
-			continue;
-		os_memcpy(pos, nei->bssid, ETH_ALEN);
-		pos += ETH_ALEN;
-		params.n_candidates++;
-	}
-
-	if (!params.n_candidates)
-		goto end;
-
-	info = wpa_drv_get_bss_trans_status(wpa_s, &params);
-	if (!info) {
-		/* If failed to get candidate BSS transition status from driver,
-		 * get the first acceptable candidate from wpa_supplicant.
-		 */
-		target = wpa_bss_get_bssid(wpa_s, params.bssid);
-		goto end;
-	}
-
-	/* Get the first acceptable candidate from driver */
-	for (i = 0; i < info->num; i++) {
-		if (info->candidates[i].is_accept) {
-			target = wpa_bss_get_bssid(wpa_s,
-						   info->candidates[i].bssid);
-			goto end;
-		}
-	}
-
-	/* If Disassociation Imminent is set and driver rejects all the
-	 * candidate select first acceptable candidate which has
-	 * rssi > disassoc_imminent_rssi_threshold
-	 */
-	if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_DISASSOC_IMMINENT) {
-		for (i = 0; i < info->num; i++) {
-			target = wpa_bss_get_bssid(wpa_s,
-						   info->candidates[i].bssid);
-			if (target &&
-			    (target->level <
-			     wpa_s->conf->disassoc_imminent_rssi_threshold))
-				continue;
-			goto end;
-		}
-	}
-
-	/* While sending BTM reject use reason code of the first candidate
-	 * received in BTM request frame
-	 */
-	if (reason) {
-		for (i = 0; i < info->num; i++) {
-			if (first_candidate_bssid &&
-			    os_memcmp(first_candidate_bssid,
-				      info->candidates[i].bssid, ETH_ALEN) == 0)
-			{
-				*reason = info->candidates[i].reject_reason;
-				break;
-			}
-		}
-	}
-
-	target = NULL;
-
-end:
-	os_free(params.bssid);
-	if (info) {
-		os_free(info->candidates);
-		os_free(info);
-	}
-	return target;
-}
-#endif /* CONFIG_MBO */
-
-
-static struct wpa_bss *
-compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, os_time_t age_secs,
-			      enum mbo_transition_reject_reason *reason)
-{
-	u8 i;
-	struct wpa_bss *bss = wpa_s->current_bss;
-	struct wpa_bss *target;
-
-	if (!bss)
-		return NULL;
-
-	wpa_printf(MSG_DEBUG, "WNM: Current BSS " MACSTR " RSSI %d",
-		   MAC2STR(wpa_s->bssid), bss->level);
-
-	wnm_clear_acceptable(wpa_s);
-
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
-		struct neighbor_report *nei;
-
-		nei = &wpa_s->wnm_neighbor_report_elements[i];
-		if (nei->preference_present && nei->preference == 0) {
-			wpa_printf(MSG_DEBUG, "Skip excluded BSS " MACSTR,
-				   MAC2STR(nei->bssid));
-			continue;
-		}
-
-		target = wpa_bss_get_bssid(wpa_s, nei->bssid);
-		if (!target) {
-			wpa_printf(MSG_DEBUG, "Candidate BSS " MACSTR
-				   " (pref %d) not found in scan results",
-				   MAC2STR(nei->bssid),
-				   nei->preference_present ? nei->preference :
-				   -1);
-			continue;
-		}
-
-		if (age_secs) {
-			struct os_reltime now;
-
-			if (os_get_reltime(&now) == 0 &&
-			    os_reltime_expired(&now, &target->last_update,
-					       age_secs)) {
-				wpa_printf(MSG_DEBUG,
-					   "Candidate BSS is more than %ld seconds old",
-					   age_secs);
-				continue;
-			}
-		}
-
-		if (bss->ssid_len != target->ssid_len ||
-		    os_memcmp(bss->ssid, target->ssid, bss->ssid_len) != 0) {
-			/*
-			 * TODO: Could consider allowing transition to another
-			 * ESS if PMF was enabled for the association.
-			 */
-			wpa_printf(MSG_DEBUG, "Candidate BSS " MACSTR
-				   " (pref %d) in different ESS",
-				   MAC2STR(nei->bssid),
-				   nei->preference_present ? nei->preference :
-				   -1);
-			continue;
-		}
-
-		if (wpa_s->current_ssid &&
-		    !wpa_scan_res_match(wpa_s, 0, target, wpa_s->current_ssid,
-					1, 0)) {
-			wpa_printf(MSG_DEBUG, "Candidate BSS " MACSTR
-				   " (pref %d) does not match the current network profile",
-				   MAC2STR(nei->bssid),
-				   nei->preference_present ? nei->preference :
-				   -1);
-			continue;
-		}
-
-		if (wpa_is_bss_tmp_disallowed(wpa_s, target)) {
-			wpa_printf(MSG_DEBUG,
-				   "MBO: Candidate BSS " MACSTR
-				   " retry delay is not over yet",
-				   MAC2STR(nei->bssid));
-			continue;
-		}
-
-		if (target->level < bss->level && target->level < -80) {
-			wpa_printf(MSG_DEBUG, "Candidate BSS " MACSTR
-				   " (pref %d) does not have sufficient signal level (%d)",
-				   MAC2STR(nei->bssid),
-				   nei->preference_present ? nei->preference :
-				   -1,
-				   target->level);
-			continue;
-		}
-
-		nei->acceptable = 1;
-	}
-
-#ifdef CONFIG_MBO
-	if (wpa_s->wnm_mbo_trans_reason_present)
-		target = get_mbo_transition_candidate(wpa_s, reason);
-	else
-		target = get_first_acceptable(wpa_s);
-#else /* CONFIG_MBO */
-	target = get_first_acceptable(wpa_s);
-#endif /* CONFIG_MBO */
-
-	if (target) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Found an acceptable preferred transition candidate BSS "
-			   MACSTR " (RSSI %d)",
-			   MAC2STR(target->bssid), target->level);
-	}
-
-	return target;
-}
-
-
-static int wpa_bss_ies_eq(struct wpa_bss *a, struct wpa_bss *b, u8 eid)
-{
-	const u8 *ie_a, *ie_b;
-
-	if (!a || !b)
-		return 0;
-
-	ie_a = wpa_bss_get_ie(a, eid);
-	ie_b = wpa_bss_get_ie(b, eid);
-
-	if (!ie_a || !ie_b || ie_a[1] != ie_b[1])
-		return 0;
-
-	return os_memcmp(ie_a, ie_b, ie_a[1]) == 0;
-}
-
-
-static u32 wnm_get_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
-{
-	u32 info = 0;
-
-	info |= NEI_REP_BSSID_INFO_AP_UNKNOWN_REACH;
-
-	/*
-	 * Leave the security and key scope bits unset to indicate that the
-	 * security information is not available.
-	 */
-
-	if (bss->caps & WLAN_CAPABILITY_SPECTRUM_MGMT)
-		info |= NEI_REP_BSSID_INFO_SPECTRUM_MGMT;
-	if (bss->caps & WLAN_CAPABILITY_QOS)
-		info |= NEI_REP_BSSID_INFO_QOS;
-	if (bss->caps & WLAN_CAPABILITY_APSD)
-		info |= NEI_REP_BSSID_INFO_APSD;
-	if (bss->caps & WLAN_CAPABILITY_RADIO_MEASUREMENT)
-		info |= NEI_REP_BSSID_INFO_RM;
-	if (bss->caps & WLAN_CAPABILITY_DELAYED_BLOCK_ACK)
-		info |= NEI_REP_BSSID_INFO_DELAYED_BA;
-	if (bss->caps & WLAN_CAPABILITY_IMM_BLOCK_ACK)
-		info |= NEI_REP_BSSID_INFO_IMM_BA;
-	if (wpa_bss_ies_eq(bss, wpa_s->current_bss, WLAN_EID_MOBILITY_DOMAIN))
-		info |= NEI_REP_BSSID_INFO_MOBILITY_DOMAIN;
-	if (wpa_bss_ies_eq(bss, wpa_s->current_bss, WLAN_EID_HT_CAP))
-		info |= NEI_REP_BSSID_INFO_HT;
-
-	return info;
-}
-
-
-static int wnm_add_nei_rep(struct wpabuf **buf, const u8 *bssid,
-			   u32 bss_info, u8 op_class, u8 chan, u8 phy_type,
-			   u8 pref)
-{
-	if (wpabuf_len(*buf) + 18 >
-	    IEEE80211_MAX_MMPDU_SIZE - IEEE80211_HDRLEN) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: No room in frame for Neighbor Report element");
-		return -1;
-	}
-
-	if (wpabuf_resize(buf, 18) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Failed to allocate memory for Neighbor Report element");
-		return -1;
-	}
-
-	wpabuf_put_u8(*buf, WLAN_EID_NEIGHBOR_REPORT);
-	/* length: 13 for basic neighbor report + 3 for preference subelement */
-	wpabuf_put_u8(*buf, 16);
-	wpabuf_put_data(*buf, bssid, ETH_ALEN);
-	wpabuf_put_le32(*buf, bss_info);
-	wpabuf_put_u8(*buf, op_class);
-	wpabuf_put_u8(*buf, chan);
-	wpabuf_put_u8(*buf, phy_type);
-	wpabuf_put_u8(*buf, WNM_NEIGHBOR_BSS_TRANSITION_CANDIDATE);
-	wpabuf_put_u8(*buf, 1);
-	wpabuf_put_u8(*buf, pref);
-	return 0;
-}
-
-
-static int wnm_nei_rep_add_bss(struct wpa_supplicant *wpa_s,
-			       struct wpa_bss *bss, struct wpabuf **buf,
-			       u8 pref)
-{
-	const u8 *ie;
-	u8 op_class, chan;
-	int sec_chan = 0, vht = 0;
-	enum phy_type phy_type;
-	u32 info;
-	struct ieee80211_ht_operation *ht_oper = NULL;
-	struct ieee80211_vht_operation *vht_oper = NULL;
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_HT_OPERATION);
-	if (ie && ie[1] >= 2) {
-		ht_oper = (struct ieee80211_ht_operation *) (ie + 2);
-
-		if (ht_oper->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
-			sec_chan = 1;
-		else if (ht_oper->ht_param &
-			 HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
-			sec_chan = -1;
-	}
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_VHT_OPERATION);
-	if (ie && ie[1] >= 1) {
-		vht_oper = (struct ieee80211_vht_operation *) (ie + 2);
-
-		if (vht_oper->vht_op_info_chwidth == CHANWIDTH_80MHZ ||
-		    vht_oper->vht_op_info_chwidth == CHANWIDTH_160MHZ ||
-		    vht_oper->vht_op_info_chwidth == CHANWIDTH_80P80MHZ)
-			vht = vht_oper->vht_op_info_chwidth;
-	}
-
-	if (ieee80211_freq_to_channel_ext(bss->freq, sec_chan, vht, &op_class,
-					  &chan) == NUM_HOSTAPD_MODES) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Cannot determine operating class and channel");
-		return -2;
-	}
-
-	phy_type = ieee80211_get_phy_type(bss->freq, (ht_oper != NULL),
-					  (vht_oper != NULL));
-	if (phy_type == PHY_TYPE_UNSPECIFIED) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Cannot determine BSS phy type for Neighbor Report");
-		return -2;
-	}
-
-	info = wnm_get_bss_info(wpa_s, bss);
-
-	return wnm_add_nei_rep(buf, bss->bssid, info, op_class, chan, phy_type,
-			       pref);
-}
-
-
-static void wnm_add_cand_list(struct wpa_supplicant *wpa_s, struct wpabuf **buf)
-{
-	unsigned int i, pref = 255;
-	struct os_reltime now;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-	if (!ssid)
-		return;
-
-	/*
-	 * TODO: Define when scan results are no longer valid for the candidate
-	 * list.
-	 */
-	os_get_reltime(&now);
-	if (os_reltime_expired(&now, &wpa_s->last_scan, 10))
-		return;
-
-	wpa_printf(MSG_DEBUG,
-		   "WNM: Add candidate list to BSS Transition Management Response frame");
-	for (i = 0; i < wpa_s->last_scan_res_used && pref; i++) {
-		struct wpa_bss *bss = wpa_s->last_scan_res[i];
-		int res;
-
-		if (wpa_scan_res_match(wpa_s, i, bss, ssid, 1, 0)) {
-			res = wnm_nei_rep_add_bss(wpa_s, bss, buf, pref--);
-			if (res == -2)
-				continue; /* could not build entry for BSS */
-			if (res < 0)
-				break; /* no more room for candidates */
-			if (pref == 1)
-				break;
-		}
-	}
-
-	wpa_hexdump_buf(MSG_DEBUG,
-			"WNM: BSS Transition Management Response candidate list",
-			*buf);
-}
-
-
-#define BTM_RESP_MIN_SIZE	5 + ETH_ALEN
-
-static void wnm_send_bss_transition_mgmt_resp(
-	struct wpa_supplicant *wpa_s, u8 dialog_token,
-	enum bss_trans_mgmt_status_code status,
-	enum mbo_transition_reject_reason reason,
-	u8 delay, const u8 *target_bssid)
-{
-	struct wpabuf *buf;
-	int res;
-
-	wpa_printf(MSG_DEBUG,
-		   "WNM: Send BSS Transition Management Response to " MACSTR
-		   " dialog_token=%u status=%u reason=%u delay=%d",
-		   MAC2STR(wpa_s->bssid), dialog_token, status, reason, delay);
-	if (!wpa_s->current_bss) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Current BSS not known - drop response");
-		return;
-	}
-
-	buf = wpabuf_alloc(BTM_RESP_MIN_SIZE);
-	if (!buf) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Failed to allocate memory for BTM response");
-		return;
-	}
-
-	wpa_s->bss_tm_status = status;
-	wpas_notify_bss_tm_status(wpa_s);
-
-	wpabuf_put_u8(buf, WLAN_ACTION_WNM);
-	wpabuf_put_u8(buf, WNM_BSS_TRANS_MGMT_RESP);
-	wpabuf_put_u8(buf, dialog_token);
-	wpabuf_put_u8(buf, status);
-	wpabuf_put_u8(buf, delay);
-	if (target_bssid) {
-		wpabuf_put_data(buf, target_bssid, ETH_ALEN);
-	} else if (status == WNM_BSS_TM_ACCEPT) {
-		/*
-		 * P802.11-REVmc clarifies that the Target BSSID field is always
-		 * present when status code is zero, so use a fake value here if
-		 * no BSSID is yet known.
-		 */
-		wpabuf_put_data(buf, "\0\0\0\0\0\0", ETH_ALEN);
-	}
-
-	if (status == WNM_BSS_TM_ACCEPT)
-		wnm_add_cand_list(wpa_s, &buf);
-
-#ifdef CONFIG_MBO
-	if (status != WNM_BSS_TM_ACCEPT &&
-	    wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE)) {
-		u8 mbo[10];
-		size_t ret;
-
-		ret = wpas_mbo_ie_bss_trans_reject(wpa_s, mbo, sizeof(mbo),
-						   reason);
-		if (ret) {
-			if (wpabuf_resize(&buf, ret) < 0) {
-				wpabuf_free(buf);
-				wpa_printf(MSG_DEBUG,
-					   "WNM: Failed to allocate memory for MBO IE");
-				return;
-			}
-
-			wpabuf_put_data(buf, mbo, ret);
-		}
-	}
-#endif /* CONFIG_MBO */
-
-	res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head_u8(buf), wpabuf_len(buf), 0);
-	if (res < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Failed to send BSS Transition Management Response");
-	}
-
-	wpabuf_free(buf);
-}
-
-
-static void wnm_bss_tm_connect(struct wpa_supplicant *wpa_s,
-			       struct wpa_bss *bss, struct wpa_ssid *ssid,
-			       int after_new_scan)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WNM: Transition to BSS " MACSTR
-		" based on BSS Transition Management Request (old BSSID "
-		MACSTR " after_new_scan=%d)",
-		MAC2STR(bss->bssid), MAC2STR(wpa_s->bssid), after_new_scan);
-
-	/* Send the BSS Management Response - Accept */
-	if (wpa_s->wnm_reply) {
-		wpa_s->wnm_reply = 0;
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Sending successful BSS Transition Management Response");
-		wnm_send_bss_transition_mgmt_resp(
-			wpa_s, wpa_s->wnm_dialog_token, WNM_BSS_TM_ACCEPT,
-			MBO_TRANSITION_REJECT_REASON_UNSPECIFIED, 0,
-			bss->bssid);
-	}
-
-	if (bss == wpa_s->current_bss) {
-		wpa_printf(MSG_DEBUG,
-			   "WNM: Already associated with the preferred candidate");
-		wnm_deallocate_memory(wpa_s);
-		return;
-	}
-
-	wpa_s->reassociate = 1;
-	wpa_printf(MSG_DEBUG, "WNM: Issuing connect");
-	wpa_supplicant_connect(wpa_s, bss, ssid);
-	wnm_deallocate_memory(wpa_s);
-}
-
-
-int wnm_scan_process(struct wpa_supplicant *wpa_s, int reply_on_fail)
-{
-	struct wpa_bss *bss;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	enum bss_trans_mgmt_status_code status = WNM_BSS_TM_REJECT_UNSPECIFIED;
-	enum mbo_transition_reject_reason reason =
-		MBO_TRANSITION_REJECT_REASON_UNSPECIFIED;
-
-	if (!wpa_s->wnm_neighbor_report_elements)
-		return 0;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WNM: Process scan results for BSS Transition Management");
-	if (os_reltime_before(&wpa_s->wnm_cand_valid_until,
-			      &wpa_s->scan_trigger_time)) {
-		wpa_printf(MSG_DEBUG, "WNM: Previously stored BSS transition candidate list is not valid anymore - drop it");
-		wnm_deallocate_memory(wpa_s);
-		return 0;
-	}
-
-	if (!wpa_s->current_bss ||
-	    os_memcmp(wpa_s->wnm_cand_from_bss, wpa_s->current_bss->bssid,
-		      ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "WNM: Stored BSS transition candidate list not from the current BSS - ignore it");
-		return 0;
-	}
-
-	/* Compare the Neighbor Report and scan results */
-	bss = compare_scan_neighbor_results(wpa_s, 0, &reason);
-	if (!bss) {
-		wpa_printf(MSG_DEBUG, "WNM: No BSS transition candidate match found");
-		status = WNM_BSS_TM_REJECT_NO_SUITABLE_CANDIDATES;
-		goto send_bss_resp_fail;
-	}
-
-	/* Associate to the network */
-	wnm_bss_tm_connect(wpa_s, bss, ssid, 1);
-	return 1;
-
-send_bss_resp_fail:
-	if (!reply_on_fail)
-		return 0;
-
-	/* Send reject response for all the failures */
-
-	if (wpa_s->wnm_reply) {
-		wpa_s->wnm_reply = 0;
-		wnm_send_bss_transition_mgmt_resp(wpa_s,
-						  wpa_s->wnm_dialog_token,
-						  status, reason, 0, NULL);
-	}
-	wnm_deallocate_memory(wpa_s);
-
-	return 0;
-}
-
-
-static int cand_pref_compar(const void *a, const void *b)
-{
-	const struct neighbor_report *aa = a;
-	const struct neighbor_report *bb = b;
-
-	if (!aa->preference_present && !bb->preference_present)
-		return 0;
-	if (!aa->preference_present)
-		return 1;
-	if (!bb->preference_present)
-		return -1;
-	if (bb->preference > aa->preference)
-		return 1;
-	if (bb->preference < aa->preference)
-		return -1;
-	return 0;
-}
-
-
-static void wnm_sort_cand_list(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->wnm_neighbor_report_elements)
-		return;
-	qsort(wpa_s->wnm_neighbor_report_elements,
-	      wpa_s->wnm_num_neighbor_report, sizeof(struct neighbor_report),
-	      cand_pref_compar);
-}
-
-
-static void wnm_dump_cand_list(struct wpa_supplicant *wpa_s)
-{
-	unsigned int i;
-
-	wpa_printf(MSG_DEBUG, "WNM: BSS Transition Candidate List");
-	if (!wpa_s->wnm_neighbor_report_elements)
-		return;
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
-		struct neighbor_report *nei;
-
-		nei = &wpa_s->wnm_neighbor_report_elements[i];
-		wpa_printf(MSG_DEBUG, "%u: " MACSTR
-			   " info=0x%x op_class=%u chan=%u phy=%u pref=%d freq=%d",
-			   i, MAC2STR(nei->bssid), nei->bssid_info,
-			   nei->regulatory_class,
-			   nei->channel_number, nei->phy_type,
-			   nei->preference_present ? nei->preference : -1,
-			   nei->freq);
-	}
-}
-
-
-static int chan_supported(struct wpa_supplicant *wpa_s, int freq)
-{
-	unsigned int i;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
-		int j;
-
-		for (j = 0; j < mode->num_channels; j++) {
-			struct hostapd_channel_data *chan;
-
-			chan = &mode->channels[j];
-			if (chan->freq == freq &&
-			    !(chan->flag & HOSTAPD_CHAN_DISABLED))
-				return 1;
-		}
-	}
-
-	return 0;
-}
-
-
-static void wnm_set_scan_freqs(struct wpa_supplicant *wpa_s)
-{
-	int *freqs;
-	int num_freqs = 0;
-	unsigned int i;
-
-	if (!wpa_s->wnm_neighbor_report_elements)
-		return;
-
-	if (wpa_s->hw.modes == NULL)
-		return;
-
-	os_free(wpa_s->next_scan_freqs);
-	wpa_s->next_scan_freqs = NULL;
-
-	freqs = os_calloc(wpa_s->wnm_num_neighbor_report + 1, sizeof(int));
-	if (freqs == NULL)
-		return;
-
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
-		struct neighbor_report *nei;
-
-		nei = &wpa_s->wnm_neighbor_report_elements[i];
-		if (nei->freq <= 0) {
-			wpa_printf(MSG_DEBUG,
-				   "WNM: Unknown neighbor operating frequency for "
-				   MACSTR " - scan all channels",
-				   MAC2STR(nei->bssid));
-			os_free(freqs);
-			return;
-		}
-		if (chan_supported(wpa_s, nei->freq))
-			add_freq(freqs, &num_freqs, nei->freq);
-	}
-
-	if (num_freqs == 0) {
-		os_free(freqs);
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG,
-		   "WNM: Scan %d frequencies based on transition candidate list",
-		   num_freqs);
-	wpa_s->next_scan_freqs = freqs;
-}
-
-
-static int wnm_fetch_scan_results(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_scan_results *scan_res;
-	struct wpa_bss *bss;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	u8 i, found = 0;
-	size_t j;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WNM: Fetch current scan results from the driver for checking transition candidates");
-	scan_res = wpa_drv_get_scan_results2(wpa_s);
-	if (!scan_res) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "WNM: Failed to get scan results");
-		return 0;
-	}
-
-	if (scan_res->fetch_time.sec == 0)
-		os_get_reltime(&scan_res->fetch_time);
-
-	filter_scan_res(wpa_s, scan_res);
-
-	for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
-		struct neighbor_report *nei;
-
-		nei = &wpa_s->wnm_neighbor_report_elements[i];
-		if (nei->preference_present && nei->preference == 0)
-			continue;
-
-		for (j = 0; j < scan_res->num; j++) {
-			struct wpa_scan_res *res;
-			const u8 *ssid_ie;
-
-			res = scan_res->res[j];
-			if (os_memcmp(nei->bssid, res->bssid, ETH_ALEN) != 0 ||
-			    res->age > WNM_SCAN_RESULT_AGE * 1000)
-				continue;
-			bss = wpa_s->current_bss;
-			ssid_ie = wpa_scan_get_ie(res, WLAN_EID_SSID);
-			if (bss && ssid_ie && ssid_ie[1] &&
-			    (bss->ssid_len != ssid_ie[1] ||
-			     os_memcmp(bss->ssid, ssid_ie + 2,
-				       bss->ssid_len) != 0))
-				continue; /* Skip entries for other ESSs */
-
-			/* Potential candidate found */
-			found = 1;
-			scan_snr(res);
-			scan_est_throughput(wpa_s, res);
-			wpa_bss_update_scan_res(wpa_s, res,
-						&scan_res->fetch_time);
-		}
-	}
-
-	wpa_scan_results_free(scan_res);
-	if (!found) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WNM: No transition candidate matches existing scan results");
-		return 0;
-	}
-
-	bss = compare_scan_neighbor_results(wpa_s, WNM_SCAN_RESULT_AGE, NULL);
-	if (!bss) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WNM: Comparison of scan results against transition candidates did not find matches");
-		return 0;
-	}
-
-	/* Associate to the network */
-	wnm_bss_tm_connect(wpa_s, bss, ssid, 0);
-	return 1;
-}
-
-
-static void ieee802_11_rx_bss_trans_mgmt_req(struct wpa_supplicant *wpa_s,
-					     const u8 *pos, const u8 *end,
-					     int reply)
-{
-	unsigned int beacon_int;
-	u8 valid_int;
-#ifdef CONFIG_MBO
-	const u8 *vendor;
-#endif /* CONFIG_MBO */
-
-	if (wpa_s->disable_mbo_oce || wpa_s->conf->disable_btm)
-		return;
-
-	if (end - pos < 5)
-		return;
-
-#ifdef CONFIG_MBO
-	wpa_s->wnm_mbo_trans_reason_present = 0;
-	wpa_s->wnm_mbo_transition_reason = 0;
-#endif /* CONFIG_MBO */
-
-	if (wpa_s->current_bss)
-		beacon_int = wpa_s->current_bss->beacon_int;
-	else
-		beacon_int = 100; /* best guess */
-
-	wpa_s->wnm_dialog_token = pos[0];
-	wpa_s->wnm_mode = pos[1];
-	wpa_s->wnm_dissoc_timer = WPA_GET_LE16(pos + 2);
-	valid_int = pos[4];
-	wpa_s->wnm_reply = reply;
-
-	wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Request: "
-		   "dialog_token=%u request_mode=0x%x "
-		   "disassoc_timer=%u validity_interval=%u",
-		   wpa_s->wnm_dialog_token, wpa_s->wnm_mode,
-		   wpa_s->wnm_dissoc_timer, valid_int);
-
-#if defined(CONFIG_MBO) && defined(CONFIG_TESTING_OPTIONS)
-	if (wpa_s->reject_btm_req_reason) {
-		wpa_printf(MSG_INFO,
-			   "WNM: Testing - reject BSS Transition Management Request: reject_btm_req_reason=%d",
-			   wpa_s->reject_btm_req_reason);
-		wnm_send_bss_transition_mgmt_resp(
-			wpa_s, wpa_s->wnm_dialog_token,
-			wpa_s->reject_btm_req_reason,
-			MBO_TRANSITION_REJECT_REASON_UNSPECIFIED, 0, NULL);
-		return;
-	}
-#endif /* CONFIG_MBO && CONFIG_TESTING_OPTIONS */
-
-	pos += 5;
-
-	if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) {
-		if (end - pos < 12) {
-			wpa_printf(MSG_DEBUG, "WNM: Too short BSS TM Request");
-			return;
-		}
-		os_memcpy(wpa_s->wnm_bss_termination_duration, pos, 12);
-		pos += 12; /* BSS Termination Duration */
-	}
-
-	if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT) {
-		char url[256];
-
-		if (end - pos < 1 || 1 + pos[0] > end - pos) {
-			wpa_printf(MSG_DEBUG, "WNM: Invalid BSS Transition "
-				   "Management Request (URL)");
-			return;
-		}
-		os_memcpy(url, pos + 1, pos[0]);
-		url[pos[0]] = '\0';
-		pos += 1 + pos[0];
-
-		wpa_msg(wpa_s, MSG_INFO, ESS_DISASSOC_IMMINENT "%d %u %s",
-			wpa_sm_pmf_enabled(wpa_s->wpa),
-			wpa_s->wnm_dissoc_timer * beacon_int * 128 / 125, url);
-	}
-
-	if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_DISASSOC_IMMINENT) {
-		wpa_msg(wpa_s, MSG_INFO, "WNM: Disassociation Imminent - "
-			"Disassociation Timer %u", wpa_s->wnm_dissoc_timer);
-		if (wpa_s->wnm_dissoc_timer && !wpa_s->scanning) {
-			/* TODO: mark current BSS less preferred for
-			 * selection */
-			wpa_printf(MSG_DEBUG, "Trying to find another BSS");
-			wpa_supplicant_req_scan(wpa_s, 0, 0);
-		}
-	}
-
-#ifdef CONFIG_MBO
-	vendor = get_ie(pos, end - pos, WLAN_EID_VENDOR_SPECIFIC);
-	if (vendor)
-		wpas_mbo_ie_trans_req(wpa_s, vendor + 2, vendor[1]);
-#endif /* CONFIG_MBO */
-
-	if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_PREF_CAND_LIST_INCLUDED) {
-		unsigned int valid_ms;
-
-		wpa_msg(wpa_s, MSG_INFO, "WNM: Preferred List Available");
-		wnm_deallocate_memory(wpa_s);
-		wpa_s->wnm_neighbor_report_elements = os_calloc(
-			WNM_MAX_NEIGHBOR_REPORT,
-			sizeof(struct neighbor_report));
-		if (wpa_s->wnm_neighbor_report_elements == NULL)
-			return;
-
-		while (end - pos >= 2 &&
-		       wpa_s->wnm_num_neighbor_report < WNM_MAX_NEIGHBOR_REPORT)
-		{
-			u8 tag = *pos++;
-			u8 len = *pos++;
-
-			wpa_printf(MSG_DEBUG, "WNM: Neighbor report tag %u",
-				   tag);
-			if (len > end - pos) {
-				wpa_printf(MSG_DEBUG, "WNM: Truncated request");
-				return;
-			}
-			if (tag == WLAN_EID_NEIGHBOR_REPORT) {
-				struct neighbor_report *rep;
-				rep = &wpa_s->wnm_neighbor_report_elements[
-					wpa_s->wnm_num_neighbor_report];
-				wnm_parse_neighbor_report(wpa_s, pos, len, rep);
-				wpa_s->wnm_num_neighbor_report++;
-#ifdef CONFIG_MBO
-				if (wpa_s->wnm_mbo_trans_reason_present &&
-				    wpa_s->wnm_num_neighbor_report == 1) {
-					rep->is_first = 1;
-					wpa_printf(MSG_DEBUG,
-						   "WNM: First transition candidate is "
-						   MACSTR, MAC2STR(rep->bssid));
-				}
-#endif /* CONFIG_MBO */
-			}
-
-			pos += len;
-		}
-
-		if (!wpa_s->wnm_num_neighbor_report) {
-			wpa_printf(MSG_DEBUG,
-				   "WNM: Candidate list included bit is set, but no candidates found");
-			wnm_send_bss_transition_mgmt_resp(
-				wpa_s, wpa_s->wnm_dialog_token,
-				WNM_BSS_TM_REJECT_NO_SUITABLE_CANDIDATES,
-				MBO_TRANSITION_REJECT_REASON_UNSPECIFIED, 0,
-				NULL);
-			return;
-		}
-
-		wnm_sort_cand_list(wpa_s);
-		wnm_dump_cand_list(wpa_s);
-		valid_ms = valid_int * beacon_int * 128 / 125;
-		wpa_printf(MSG_DEBUG, "WNM: Candidate list valid for %u ms",
-			   valid_ms);
-		os_get_reltime(&wpa_s->wnm_cand_valid_until);
-		wpa_s->wnm_cand_valid_until.sec += valid_ms / 1000;
-		wpa_s->wnm_cand_valid_until.usec += (valid_ms % 1000) * 1000;
-		wpa_s->wnm_cand_valid_until.sec +=
-			wpa_s->wnm_cand_valid_until.usec / 1000000;
-		wpa_s->wnm_cand_valid_until.usec %= 1000000;
-		os_memcpy(wpa_s->wnm_cand_from_bss, wpa_s->bssid, ETH_ALEN);
-
-		/*
-		 * Fetch the latest scan results from the kernel and check for
-		 * candidates based on those results first. This can help in
-		 * finding more up-to-date information should the driver has
-		 * done some internal scanning operations after the last scan
-		 * result update in wpa_supplicant.
-		 */
-		if (wnm_fetch_scan_results(wpa_s) > 0)
-			return;
-
-		/*
-		 * Try to use previously received scan results, if they are
-		 * recent enough to use for a connection.
-		 */
-		if (wpa_s->last_scan_res_used > 0) {
-			struct os_reltime now;
-
-			os_get_reltime(&now);
-			if (!os_reltime_expired(&now, &wpa_s->last_scan, 10)) {
-				wpa_printf(MSG_DEBUG,
-					   "WNM: Try to use recent scan results");
-				if (wnm_scan_process(wpa_s, 0) > 0)
-					return;
-				wpa_printf(MSG_DEBUG,
-					   "WNM: No match in previous scan results - try a new scan");
-			}
-		}
-
-		wnm_set_scan_freqs(wpa_s);
-		if (wpa_s->wnm_num_neighbor_report == 1) {
-			os_memcpy(wpa_s->next_scan_bssid,
-				  wpa_s->wnm_neighbor_report_elements[0].bssid,
-				  ETH_ALEN);
-			wpa_printf(MSG_DEBUG,
-				   "WNM: Scan only for a specific BSSID since there is only a single candidate "
-				   MACSTR, MAC2STR(wpa_s->next_scan_bssid));
-		}
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	} else if (reply) {
-		enum bss_trans_mgmt_status_code status;
-		if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT)
-			status = WNM_BSS_TM_ACCEPT;
-		else {
-			wpa_msg(wpa_s, MSG_INFO, "WNM: BSS Transition Management Request did not include candidates");
-			status = WNM_BSS_TM_REJECT_UNSPECIFIED;
-		}
-		wnm_send_bss_transition_mgmt_resp(
-			wpa_s, wpa_s->wnm_dialog_token, status,
-			MBO_TRANSITION_REJECT_REASON_UNSPECIFIED, 0, NULL);
-	}
-}
-
-
-#define BTM_QUERY_MIN_SIZE	4
-
-int wnm_send_bss_transition_mgmt_query(struct wpa_supplicant *wpa_s,
-				       u8 query_reason,
-				       const char *btm_candidates,
-				       int cand_list)
-{
-	struct wpabuf *buf;
-	int ret;
-
-	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Query to "
-		   MACSTR " query_reason=%u%s",
-		   MAC2STR(wpa_s->bssid), query_reason,
-		   cand_list ? " candidate list" : "");
-
-	buf = wpabuf_alloc(BTM_QUERY_MIN_SIZE);
-	if (!buf)
-		return -1;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_WNM);
-	wpabuf_put_u8(buf, WNM_BSS_TRANS_MGMT_QUERY);
-	wpabuf_put_u8(buf, 1);
-	wpabuf_put_u8(buf, query_reason);
-
-	if (cand_list)
-		wnm_add_cand_list(wpa_s, &buf);
-
-	if (btm_candidates) {
-		const size_t max_len = 1000;
-
-		ret = wpabuf_resize(&buf, max_len);
-		if (ret < 0) {
-			wpabuf_free(buf);
-			return ret;
-		}
-
-		ret = ieee802_11_parse_candidate_list(btm_candidates,
-						      wpabuf_put(buf, 0),
-						      max_len);
-		if (ret < 0) {
-			wpabuf_free(buf);
-			return ret;
-		}
-
-		wpabuf_put(buf, ret);
-	}
-
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head_u8(buf), wpabuf_len(buf), 0);
-
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-static void ieee802_11_rx_wnm_notif_req_wfa(struct wpa_supplicant *wpa_s,
-					    const u8 *sa, const u8 *data,
-					    int len)
-{
-	const u8 *pos, *end, *next;
-	u8 ie, ie_len;
-
-	pos = data;
-	end = data + len;
-
-	while (end - pos > 1) {
-		ie = *pos++;
-		ie_len = *pos++;
-		wpa_printf(MSG_DEBUG, "WNM: WFA subelement %u len %u",
-			   ie, ie_len);
-		if (ie_len > end - pos) {
-			wpa_printf(MSG_DEBUG, "WNM: Not enough room for "
-				   "subelement");
-			break;
-		}
-		next = pos + ie_len;
-		if (ie_len < 4) {
-			pos = next;
-			continue;
-		}
-		wpa_printf(MSG_DEBUG, "WNM: Subelement OUI %06x type %u",
-			   WPA_GET_BE24(pos), pos[3]);
-
-#ifdef CONFIG_HS20
-		if (ie == WLAN_EID_VENDOR_SPECIFIC && ie_len >= 5 &&
-		    WPA_GET_BE24(pos) == OUI_WFA &&
-		    pos[3] == HS20_WNM_SUB_REM_NEEDED) {
-			/* Subscription Remediation subelement */
-			const u8 *ie_end;
-			u8 url_len;
-			char *url;
-			u8 osu_method;
-
-			wpa_printf(MSG_DEBUG, "WNM: Subscription Remediation "
-				   "subelement");
-			ie_end = pos + ie_len;
-			pos += 4;
-			url_len = *pos++;
-			if (url_len == 0) {
-				wpa_printf(MSG_DEBUG, "WNM: No Server URL included");
-				url = NULL;
-				osu_method = 1;
-			} else {
-				if (url_len + 1 > ie_end - pos) {
-					wpa_printf(MSG_DEBUG, "WNM: Not enough room for Server URL (len=%u) and Server Method (left %d)",
-						   url_len,
-						   (int) (ie_end - pos));
-					break;
-				}
-				url = os_malloc(url_len + 1);
-				if (url == NULL)
-					break;
-				os_memcpy(url, pos, url_len);
-				url[url_len] = '\0';
-				osu_method = pos[url_len];
-			}
-			hs20_rx_subscription_remediation(wpa_s, url,
-							 osu_method);
-			os_free(url);
-			pos = next;
-			continue;
-		}
-
-		if (ie == WLAN_EID_VENDOR_SPECIFIC && ie_len >= 8 &&
-		    WPA_GET_BE24(pos) == OUI_WFA &&
-		    pos[3] == HS20_WNM_DEAUTH_IMMINENT_NOTICE) {
-			const u8 *ie_end;
-			u8 url_len;
-			char *url;
-			u8 code;
-			u16 reauth_delay;
-
-			ie_end = pos + ie_len;
-			pos += 4;
-			code = *pos++;
-			reauth_delay = WPA_GET_LE16(pos);
-			pos += 2;
-			url_len = *pos++;
-			wpa_printf(MSG_DEBUG, "WNM: HS 2.0 Deauthentication "
-				   "Imminent - Reason Code %u   "
-				   "Re-Auth Delay %u  URL Length %u",
-				   code, reauth_delay, url_len);
-			if (url_len > ie_end - pos)
-				break;
-			url = os_malloc(url_len + 1);
-			if (url == NULL)
-				break;
-			os_memcpy(url, pos, url_len);
-			url[url_len] = '\0';
-			hs20_rx_deauth_imminent_notice(wpa_s, code,
-						       reauth_delay, url);
-			os_free(url);
-			pos = next;
-			continue;
-		}
-
-		if (ie == WLAN_EID_VENDOR_SPECIFIC && ie_len >= 5 &&
-		    WPA_GET_BE24(pos) == OUI_WFA &&
-		    pos[3] == HS20_WNM_T_C_ACCEPTANCE) {
-			const u8 *ie_end;
-			u8 url_len;
-			char *url;
-
-			ie_end = pos + ie_len;
-			pos += 4;
-			url_len = *pos++;
-			wpa_printf(MSG_DEBUG,
-				   "WNM: HS 2.0 Terms and Conditions Acceptance (URL Length %u)",
-				   url_len);
-			if (url_len > ie_end - pos)
-				break;
-			url = os_malloc(url_len + 1);
-			if (!url)
-				break;
-			os_memcpy(url, pos, url_len);
-			url[url_len] = '\0';
-			hs20_rx_t_c_acceptance(wpa_s, url);
-			os_free(url);
-			pos = next;
-			continue;
-		}
-#endif /* CONFIG_HS20 */
-
-		pos = next;
-	}
-}
-
-
-static void ieee802_11_rx_wnm_notif_req(struct wpa_supplicant *wpa_s,
-					const u8 *sa, const u8 *frm, int len)
-{
-	const u8 *pos, *end;
-	u8 dialog_token, type;
-
-	/* Dialog Token [1] | Type [1] | Subelements */
-
-	if (len < 2 || sa == NULL)
-		return;
-	end = frm + len;
-	pos = frm;
-	dialog_token = *pos++;
-	type = *pos++;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "WNM: Received WNM-Notification Request "
-		"(dialog_token %u type %u sa " MACSTR ")",
-		dialog_token, type, MAC2STR(sa));
-	wpa_hexdump(MSG_DEBUG, "WNM-Notification Request subelements",
-		    pos, end - pos);
-
-	if (wpa_s->wpa_state != WPA_COMPLETED ||
-	    os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "WNM: WNM-Notification frame not "
-			"from our AP - ignore it");
-		return;
-	}
-
-	switch (type) {
-	case 1:
-		ieee802_11_rx_wnm_notif_req_wfa(wpa_s, sa, pos, end - pos);
-		break;
-	default:
-		wpa_dbg(wpa_s, MSG_DEBUG, "WNM: Ignore unknown "
-			"WNM-Notification type %u", type);
-		break;
-	}
-}
-
-
-static void ieee802_11_rx_wnm_coloc_intf_req(struct wpa_supplicant *wpa_s,
-					     const u8 *sa, const u8 *frm,
-					     int len)
-{
-	u8 dialog_token, req_info, auto_report, timeout;
-
-	if (!wpa_s->conf->coloc_intf_reporting)
-		return;
-
-	/* Dialog Token [1] | Request Info [1] */
-
-	if (len < 2)
-		return;
-	dialog_token = frm[0];
-	req_info = frm[1];
-	auto_report = req_info & 0x03;
-	timeout = req_info >> 2;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WNM: Received Collocated Interference Request (dialog_token %u auto_report %u timeout %u sa " MACSTR ")",
-		dialog_token, auto_report, timeout, MAC2STR(sa));
-
-	if (dialog_token == 0)
-		return; /* only nonzero values are used for request */
-
-	if (wpa_s->wpa_state != WPA_COMPLETED ||
-	    os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WNM: Collocated Interference Request frame not from current AP - ignore it");
-		return;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, COLOC_INTF_REQ "%u %u %u",
-		dialog_token, auto_report, timeout);
-	wpa_s->coloc_intf_dialog_token = dialog_token;
-	wpa_s->coloc_intf_auto_report = auto_report;
-	wpa_s->coloc_intf_timeout = timeout;
-}
-
-
-void ieee802_11_rx_wnm_action(struct wpa_supplicant *wpa_s,
-			      const struct ieee80211_mgmt *mgmt, size_t len)
-{
-	const u8 *pos, *end;
-	u8 act;
-
-	if (len < IEEE80211_HDRLEN + 2)
-		return;
-
-	pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1;
-	act = *pos++;
-	end = ((const u8 *) mgmt) + len;
-
-	wpa_printf(MSG_DEBUG, "WNM: RX action %u from " MACSTR,
-		   act, MAC2STR(mgmt->sa));
-	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
-	    os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0) {
-		wpa_printf(MSG_DEBUG, "WNM: Ignore unexpected WNM Action "
-			   "frame");
-		return;
-	}
-
-	switch (act) {
-	case WNM_BSS_TRANS_MGMT_REQ:
-		ieee802_11_rx_bss_trans_mgmt_req(wpa_s, pos, end,
-						 !(mgmt->da[0] & 0x01));
-		break;
-	case WNM_SLEEP_MODE_RESP:
-		ieee802_11_rx_wnmsleep_resp(wpa_s, pos, end - pos);
-		break;
-	case WNM_NOTIFICATION_REQ:
-		ieee802_11_rx_wnm_notif_req(wpa_s, mgmt->sa, pos, end - pos);
-		break;
-	case WNM_COLLOCATED_INTERFERENCE_REQ:
-		ieee802_11_rx_wnm_coloc_intf_req(wpa_s, mgmt->sa, pos,
-						 end - pos);
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "WNM: Unknown request");
-		break;
-	}
-}
-
-
-int wnm_send_coloc_intf_report(struct wpa_supplicant *wpa_s, u8 dialog_token,
-			       const struct wpabuf *elems)
-{
-	struct wpabuf *buf;
-	int ret;
-
-	if (wpa_s->wpa_state < WPA_ASSOCIATED || !elems)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "WNM: Send Collocated Interference Report to "
-		   MACSTR " (dialog token %u)",
-		   MAC2STR(wpa_s->bssid), dialog_token);
-
-	buf = wpabuf_alloc(3 + wpabuf_len(elems));
-	if (!buf)
-		return -1;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_WNM);
-	wpabuf_put_u8(buf, WNM_COLLOCATED_INTERFERENCE_REPORT);
-	wpabuf_put_u8(buf, dialog_token);
-	wpabuf_put_buf(buf, elems);
-
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				  wpa_s->own_addr, wpa_s->bssid,
-				  wpabuf_head_u8(buf), wpabuf_len(buf), 0);
-	wpabuf_free(buf);
-	return ret;
-}
-
-
-void wnm_set_coloc_intf_elems(struct wpa_supplicant *wpa_s,
-			      struct wpabuf *elems)
-{
-	wpabuf_free(wpa_s->coloc_intf_elems);
-	if (elems && wpabuf_len(elems) == 0) {
-		wpabuf_free(elems);
-		elems = NULL;
-	}
-	wpa_s->coloc_intf_elems = elems;
-
-	if (wpa_s->conf->coloc_intf_reporting && wpa_s->coloc_intf_elems &&
-	    wpa_s->coloc_intf_dialog_token &&
-	    (wpa_s->coloc_intf_auto_report == 1 ||
-	     wpa_s->coloc_intf_auto_report == 3)) {
-		/* TODO: Check that there has not been less than
-		 * wpa_s->coloc_intf_timeout * 200 TU from the last report.
-		 */
-		wnm_send_coloc_intf_report(wpa_s,
-					   wpa_s->coloc_intf_dialog_token,
-					   wpa_s->coloc_intf_elems);
-	}
-}
-
-
-void wnm_clear_coloc_intf_reporting(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_WNM
-	wpa_s->coloc_intf_dialog_token = 0;
-	wpa_s->coloc_intf_auto_report = 0;
-#endif /* CONFIG_WNM */
-}
diff --git a/wpa_supplicant/wnm_sta.h b/wpa_supplicant/wnm_sta.h
deleted file mode 100644
index 29625f8ca943..000000000000
--- a/wpa_supplicant/wnm_sta.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * IEEE 802.11v WNM related functions and structures
- * Copyright (c) 2011-2012, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WNM_STA_H
-#define WNM_STA_H
-
-struct measurement_pilot {
-	u8 measurement_pilot;
-	u8 subelem_len;
-	u8 subelems[255];
-};
-
-struct multiple_bssid {
-	u8 max_bssid_indicator;
-	u8 subelem_len;
-	u8 subelems[255];
-};
-
-struct neighbor_report {
-	u8 bssid[ETH_ALEN];
-	u32 bssid_info;
-	u8 regulatory_class;
-	u8 channel_number;
-	u8 phy_type;
-	u8 preference; /* valid if preference_present=1 */
-	u16 tsf_offset; /* valid if tsf_present=1 */
-	u16 beacon_int; /* valid if tsf_present=1 */
-	char country[2]; /* valid if country_present=1 */
-	u8 rm_capab[5]; /* valid if rm_capab_present=1 */
-	u16 bearing; /* valid if bearing_present=1 */
-	u16 rel_height; /* valid if bearing_present=1 */
-	u32 distance; /* valid if bearing_present=1 */
-	u64 bss_term_tsf; /* valid if bss_term_present=1 */
-	u16 bss_term_dur; /* valid if bss_term_present=1 */
-	unsigned int preference_present:1;
-	unsigned int tsf_present:1;
-	unsigned int country_present:1;
-	unsigned int rm_capab_present:1;
-	unsigned int bearing_present:1;
-	unsigned int bss_term_present:1;
-	unsigned int acceptable:1;
-#ifdef CONFIG_MBO
-	unsigned int is_first:1;
-#endif /* CONFIG_MBO */
-	struct measurement_pilot *meas_pilot;
-	struct multiple_bssid *mul_bssid;
-	int freq;
-};
-
-
-int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s,
-				 u8 action, u16 intval, struct wpabuf *tfs_req);
-
-void ieee802_11_rx_wnm_action(struct wpa_supplicant *wpa_s,
-			      const struct ieee80211_mgmt *mgmt, size_t len);
-
-int wnm_send_bss_transition_mgmt_query(struct wpa_supplicant *wpa_s,
-				       u8 query_reason,
-				       const char *btm_candidates,
-				       int cand_list);
-
-void wnm_deallocate_memory(struct wpa_supplicant *wpa_s);
-int wnm_send_coloc_intf_report(struct wpa_supplicant *wpa_s, u8 dialog_token,
-			       const struct wpabuf *elems);
-void wnm_set_coloc_intf_elems(struct wpa_supplicant *wpa_s,
-			      struct wpabuf *elems);
-
-
-#ifdef CONFIG_WNM
-
-int wnm_scan_process(struct wpa_supplicant *wpa_s, int reply_on_fail);
-void wnm_clear_coloc_intf_reporting(struct wpa_supplicant *wpa_s);
-
-#else /* CONFIG_WNM */
-
-static inline int wnm_scan_process(struct wpa_supplicant *wpa_s,
-				   int reply_on_fail)
-{
-	return 0;
-}
-
-static inline void wnm_clear_coloc_intf_reporting(struct wpa_supplicant *wpa_s)
-{
-}
-
-#endif /* CONFIG_WNM */
-
-#endif /* WNM_STA_H */
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
deleted file mode 100644
index 17b14c824ddb..000000000000
--- a/wpa_supplicant/wpa_cli.c
+++ /dev/null
@@ -1,5083 +0,0 @@
-/*
- * WPA Supplicant - command line interface for wpa_supplicant daemon
- * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#ifdef CONFIG_CTRL_IFACE
-
-#ifdef CONFIG_CTRL_IFACE_UNIX
-#include <dirent.h>
-#endif /* CONFIG_CTRL_IFACE_UNIX */
-
-#include "common/cli.h"
-#include "common/wpa_ctrl.h"
-#include "utils/common.h"
-#include "utils/eloop.h"
-#include "utils/edit.h"
-#include "utils/list.h"
-#include "common/version.h"
-#include "common/ieee802_11_defs.h"
-#ifdef ANDROID
-#include <cutils/properties.h>
-#endif /* ANDROID */
-
-
-static const char *const wpa_cli_version =
-"wpa_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors";
-
-#define VENDOR_ELEM_FRAME_ID \
-	"  0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \
-	"3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, " \
-	"7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, " \
-	"11: Assoc Req (P2P), 12: Assoc Resp (P2P)"
-
-static struct wpa_ctrl *ctrl_conn;
-static struct wpa_ctrl *mon_conn;
-static int wpa_cli_quit = 0;
-static int wpa_cli_attached = 0;
-static int wpa_cli_connected = -1;
-static int wpa_cli_last_id = 0;
-#ifndef CONFIG_CTRL_IFACE_DIR
-#define CONFIG_CTRL_IFACE_DIR "/var/run/wpa_supplicant"
-#endif /* CONFIG_CTRL_IFACE_DIR */
-static const char *ctrl_iface_dir = CONFIG_CTRL_IFACE_DIR;
-static const char *client_socket_dir = NULL;
-static char *ctrl_ifname = NULL;
-static const char *global = NULL;
-static const char *pid_file = NULL;
-static const char *action_file = NULL;
-static int reconnect = 0;
-static int ping_interval = 5;
-static int interactive = 0;
-static char *ifname_prefix = NULL;
-
-static DEFINE_DL_LIST(bsses); /* struct cli_txt_entry */
-static DEFINE_DL_LIST(p2p_peers); /* struct cli_txt_entry */
-static DEFINE_DL_LIST(p2p_groups); /* struct cli_txt_entry */
-static DEFINE_DL_LIST(ifnames); /* struct cli_txt_entry */
-static DEFINE_DL_LIST(networks); /* struct cli_txt_entry */
-static DEFINE_DL_LIST(creds); /* struct cli_txt_entry */
-#ifdef CONFIG_AP
-static DEFINE_DL_LIST(stations); /* struct cli_txt_entry */
-#endif /* CONFIG_AP */
-
-
-static void print_help(const char *cmd);
-static void wpa_cli_mon_receive(int sock, void *eloop_ctx, void *sock_ctx);
-static void wpa_cli_close_connection(void);
-static char * wpa_cli_get_default_ifname(void);
-static char ** wpa_list_cmd_list(void);
-static void update_creds(struct wpa_ctrl *ctrl);
-static void update_networks(struct wpa_ctrl *ctrl);
-static void update_stations(struct wpa_ctrl *ctrl);
-static void update_ifnames(struct wpa_ctrl *ctrl);
-
-
-static void usage(void)
-{
-	printf("wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvBr] "
-	       "[-a<action file>] \\\n"
-	       "        [-P<pid file>] [-g<global ctrl>] [-G<ping interval>] "
-	       "\\\n"
-	       "        [-s<wpa_client_socket_file_path>] "
-	       "[command..]\n"
-	       "  -h = help (show this usage text)\n"
-	       "  -v = shown version information\n"
-	       "  -a = run in daemon mode executing the action file based on "
-	       "events from\n"
-	       "       wpa_supplicant\n"
-	       "  -r = try to reconnect when client socket is disconnected.\n"
-	       "       This is useful only when used with -a.\n"
-	       "  -B = run a daemon in the background\n"
-	       "  default path: " CONFIG_CTRL_IFACE_DIR "\n"
-	       "  default interface: first interface found in socket path\n");
-	print_help(NULL);
-}
-
-
-static int wpa_cli_show_event(const char *event)
-{
-	const char *start;
-
-	start = os_strchr(event, '>');
-	if (start == NULL)
-		return 1;
-
-	start++;
-	/*
-	 * Skip BSS added/removed events since they can be relatively frequent
-	 * and are likely of not much use for an interactive user.
-	 */
-	if (str_starts(start, WPA_EVENT_BSS_ADDED) ||
-	    str_starts(start, WPA_EVENT_BSS_REMOVED))
-		return 0;
-
-	return 1;
-}
-
-
-static int wpa_cli_open_connection(const char *ifname, int attach)
-{
-#if defined(CONFIG_CTRL_IFACE_UDP) || defined(CONFIG_CTRL_IFACE_NAMED_PIPE)
-	ctrl_conn = wpa_ctrl_open(ifname);
-	if (ctrl_conn == NULL)
-		return -1;
-
-	if (attach && interactive)
-		mon_conn = wpa_ctrl_open(ifname);
-	else
-		mon_conn = NULL;
-#else /* CONFIG_CTRL_IFACE_UDP || CONFIG_CTRL_IFACE_NAMED_PIPE */
-	char *cfile = NULL;
-	int flen, res;
-
-	if (ifname == NULL)
-		return -1;
-
-#ifdef ANDROID
-	if (access(ctrl_iface_dir, F_OK) < 0) {
-		cfile = os_strdup(ifname);
-		if (cfile == NULL)
-			return -1;
-	}
-#endif /* ANDROID */
-
-	if (client_socket_dir && client_socket_dir[0] &&
-	    access(client_socket_dir, F_OK) < 0) {
-		perror(client_socket_dir);
-		os_free(cfile);
-		return -1;
-	}
-
-	if (cfile == NULL) {
-		flen = os_strlen(ctrl_iface_dir) + os_strlen(ifname) + 2;
-		cfile = os_malloc(flen);
-		if (cfile == NULL)
-			return -1;
-		res = os_snprintf(cfile, flen, "%s/%s", ctrl_iface_dir,
-				  ifname);
-		if (os_snprintf_error(flen, res)) {
-			os_free(cfile);
-			return -1;
-		}
-	}
-
-	ctrl_conn = wpa_ctrl_open2(cfile, client_socket_dir);
-	if (ctrl_conn == NULL) {
-		os_free(cfile);
-		return -1;
-	}
-
-	if (attach && interactive)
-		mon_conn = wpa_ctrl_open2(cfile, client_socket_dir);
-	else
-		mon_conn = NULL;
-	os_free(cfile);
-#endif /* CONFIG_CTRL_IFACE_UDP || CONFIG_CTRL_IFACE_NAMED_PIPE */
-
-	if (mon_conn) {
-		if (wpa_ctrl_attach(mon_conn) == 0) {
-			wpa_cli_attached = 1;
-			if (interactive)
-				eloop_register_read_sock(
-					wpa_ctrl_get_fd(mon_conn),
-					wpa_cli_mon_receive, NULL, NULL);
-		} else {
-			printf("Warning: Failed to attach to "
-			       "wpa_supplicant.\n");
-			wpa_cli_close_connection();
-			return -1;
-		}
-	}
-
-	return 0;
-}
-
-
-static void wpa_cli_close_connection(void)
-{
-	if (ctrl_conn == NULL)
-		return;
-
-	if (wpa_cli_attached) {
-		wpa_ctrl_detach(interactive ? mon_conn : ctrl_conn);
-		wpa_cli_attached = 0;
-	}
-	wpa_ctrl_close(ctrl_conn);
-	ctrl_conn = NULL;
-	if (mon_conn) {
-		eloop_unregister_read_sock(wpa_ctrl_get_fd(mon_conn));
-		wpa_ctrl_close(mon_conn);
-		mon_conn = NULL;
-	}
-}
-
-
-static void wpa_cli_msg_cb(char *msg, size_t len)
-{
-	printf("%s\n", msg);
-}
-
-
-static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, const char *cmd, int print)
-{
-	char buf[4096];
-	size_t len;
-	int ret;
-
-	if (ctrl_conn == NULL) {
-		printf("Not connected to wpa_supplicant - command dropped.\n");
-		return -1;
-	}
-	if (ifname_prefix) {
-		os_snprintf(buf, sizeof(buf), "IFNAME=%s %s",
-			    ifname_prefix, cmd);
-		buf[sizeof(buf) - 1] = '\0';
-		cmd = buf;
-	}
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len,
-			       wpa_cli_msg_cb);
-	if (ret == -2) {
-		printf("'%s' command timed out.\n", cmd);
-		return -2;
-	} else if (ret < 0) {
-		printf("'%s' command failed.\n", cmd);
-		return -1;
-	}
-	if (print) {
-		buf[len] = '\0';
-		printf("%s", buf);
-		if (interactive && len > 0 && buf[len - 1] != '\n')
-			printf("\n");
-	}
-	return 0;
-}
-
-
-static int wpa_ctrl_command(struct wpa_ctrl *ctrl, const char *cmd)
-{
-	return _wpa_ctrl_command(ctrl, cmd, 1);
-}
-
-
-static int wpa_cli_cmd(struct wpa_ctrl *ctrl, const char *cmd, int min_args,
-		       int argc, char *argv[])
-{
-	char buf[4096];
-	if (argc < min_args) {
-		printf("Invalid %s command - at least %d argument%s "
-		       "required.\n", cmd, min_args,
-		       min_args > 1 ? "s are" : " is");
-		return -1;
-	}
-	if (write_cmd(buf, sizeof(buf), cmd, argc, argv) < 0)
-		return -1;
-	return wpa_ctrl_command(ctrl, buf);
-}
-
-
-static int wpa_cli_cmd_ifname(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "IFNAME");
-}
-
-
-static int wpa_cli_cmd_status(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc > 0 && os_strcmp(argv[0], "verbose") == 0)
-		return wpa_ctrl_command(ctrl, "STATUS-VERBOSE");
-	if (argc > 0 && os_strcmp(argv[0], "wps") == 0)
-		return wpa_ctrl_command(ctrl, "STATUS-WPS");
-	if (argc > 0 && os_strcmp(argv[0], "driver") == 0)
-		return wpa_ctrl_command(ctrl, "STATUS-DRIVER");
-#ifdef ANDROID
-	if (argc > 0 && os_strcmp(argv[0], "no_events") == 0)
-		return wpa_ctrl_command(ctrl, "STATUS-NO_EVENTS");
-#endif /* ANDROID */
-	return wpa_ctrl_command(ctrl, "STATUS");
-}
-
-
-static int wpa_cli_cmd_ping(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "PING");
-}
-
-
-static int wpa_cli_cmd_relog(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "RELOG");
-}
-
-
-static int wpa_cli_cmd_note(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "NOTE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "MIB");
-}
-
-
-static int wpa_cli_cmd_pmksa(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "PMKSA");
-}
-
-
-static int wpa_cli_cmd_pmksa_flush(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "PMKSA_FLUSH");
-}
-
-
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-
-static int wpa_cli_cmd_pmksa_get(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PMKSA_GET", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_pmksa_add(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PMKSA_ADD", 8, argc, argv);
-}
-
-
-#ifdef CONFIG_MESH
-
-static int wpa_cli_mesh_cmd_pmksa_get(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_PMKSA_GET", 1, argc, argv);
-}
-
-
-static int wpa_cli_mesh_cmd_pmksa_add(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_PMKSA_ADD", 4, argc, argv);
-}
-
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-
-static int wpa_cli_cmd_help(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	print_help(argc > 0 ? argv[0] : NULL);
-	return 0;
-}
-
-
-static char ** wpa_cli_complete_help(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = wpa_list_cmd_list();
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_license(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	printf("%s\n\n%s\n", wpa_cli_version, cli_full_license);
-	return 0;
-}
-
-
-static int wpa_cli_cmd_quit(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	wpa_cli_quit = 1;
-	if (interactive)
-		eloop_terminate();
-	return 0;
-}
-
-
-static int wpa_cli_cmd_set(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256];
-	int res;
-
-	if (argc == 1) {
-		res = os_snprintf(cmd, sizeof(cmd), "SET %s ", argv[0]);
-		if (os_snprintf_error(sizeof(cmd), res)) {
-			printf("Too long SET command.\n");
-			return -1;
-		}
-		return wpa_ctrl_command(ctrl, cmd);
-	}
-
-	return wpa_cli_cmd(ctrl, "SET", 2, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_set(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	const char *fields[] = {
-		/* runtime values */
-		"EAPOL::heldPeriod", "EAPOL::authPeriod", "EAPOL::startPeriod",
-		"EAPOL::maxStart", "dot11RSNAConfigPMKLifetime",
-		"dot11RSNAConfigPMKReauthThreshold", "dot11RSNAConfigSATimeout",
-		"wps_fragment_size", "wps_version_number", "ampdu",
-		"tdls_testing", "tdls_disabled", "pno", "radio_disabled",
-		"uapsd", "ps", "wifi_display", "bssid_filter", "disallow_aps",
-		"no_keep_alive",
-		/* global configuration parameters */
-#ifdef CONFIG_CTRL_IFACE
-		"ctrl_interface", "no_ctrl_interface", "ctrl_interface_group",
-#endif /* CONFIG_CTRL_IFACE */
-		"eapol_version", "ap_scan", "bgscan",
-#ifdef CONFIG_MESH
-		"user_mpm", "max_peer_links", "mesh_max_inactivity",
-		"dot11RSNASAERetransPeriod",
-#endif /* CONFIG_MESH */
-		"disable_scan_offload", "fast_reauth", "opensc_engine_path",
-		"pkcs11_engine_path", "pkcs11_module_path", "openssl_ciphers",
-		"pcsc_reader", "pcsc_pin", "external_sim", "driver_param",
-		"dot11RSNAConfigPMKLifetime",
-		"dot11RSNAConfigPMKReauthThreshold",
-		"dot11RSNAConfigSATimeout",
-#ifndef CONFIG_NO_CONFIG_WRITE
-		"update_config",
-#endif /* CONFIG_NO_CONFIG_WRITE */
-		"load_dynamic_eap",
-#ifdef CONFIG_WPS
-		"uuid", "device_name", "manufacturer", "model_name",
-		"model_number", "serial_number", "device_type", "os_version",
-		"config_methods", "wps_cred_processing", "wps_vendor_ext_m1",
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-		"sec_device_type",
-		"p2p_listen_reg_class", "p2p_listen_channel",
-		"p2p_oper_reg_class", "p2p_oper_channel", "p2p_go_intent",
-		"p2p_ssid_postfix", "persistent_reconnect", "p2p_intra_bss",
-		"p2p_group_idle", "p2p_passphrase_len", "p2p_pref_chan",
-		"p2p_no_go_freq", "p2p_add_cli_chan",
-		"p2p_optimize_listen_chan", "p2p_go_ht40", "p2p_go_vht",
-		"p2p_disabled", "p2p_go_ctwindow", "p2p_no_group_iface",
-		"p2p_ignore_shared_freq", "ip_addr_go", "ip_addr_mask",
-		"ip_addr_start", "ip_addr_end", "p2p_go_edmg",
-#endif /* CONFIG_P2P */
-		"country", "bss_max_count", "bss_expiration_age",
-		"bss_expiration_scan_count", "filter_ssids", "filter_rssi",
-		"max_num_sta", "disassoc_low_ack", "ap_isolate",
-#ifdef CONFIG_HS20
-		"hs20",
-#endif /* CONFIG_HS20 */
-		"interworking", "hessid", "access_network_type", "pbc_in_m1",
-		"go_interworking", "go_access_network_type", "go_internet",
-		"go_venue_group", "go_venue_type",
-		"autoscan", "wps_nfc_dev_pw_id", "wps_nfc_dh_pubkey",
-		"wps_nfc_dh_privkey", "wps_nfc_dev_pw", "ext_password_backend",
-		"p2p_go_max_inactivity", "auto_interworking", "okc", "pmf",
-		"sae_groups", "dtim_period", "beacon_int",
-		"ap_vendor_elements", "ignore_old_scan_res", "freq_list",
-		"scan_cur_freq", "scan_res_valid_for_connect",
-		"sched_scan_interval",
-		"tdls_external_control", "osu_dir", "wowlan_triggers",
-		"p2p_search_delay", "mac_addr", "rand_addr_lifetime",
-		"preassoc_mac_addr", "key_mgmt_offload", "passive_scan",
-		"reassoc_same_bss_optim", "wps_priority",
-		"ap_assocresp_elements",
-#ifdef CONFIG_TESTING_OPTIONS
-		"ignore_auth_resp",
-#endif /* CONFIG_TESTING_OPTIONS */
-		"relative_rssi", "relative_band_adjust",
-		"extended_key_id",
-	};
-	int i, num_fields = ARRAY_SIZE(fields);
-
-	if (arg == 1) {
-		char **res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(fields[i]);
-			if (res[i] == NULL)
-				return res;
-		}
-		return res;
-	}
-
-	if (arg > 1 && os_strncasecmp(str, "set bssid_filter ", 17) == 0)
-		return cli_txt_list_array(&bsses);
-
-	return NULL;
-}
-
-static int wpa_cli_cmd_dump(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DUMP");
-}
-
-
-static int wpa_cli_cmd_driver_flags(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DRIVER_FLAGS");
-}
-
-
-static int wpa_cli_cmd_get(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "GET", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_get(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	const char *fields[] = {
-#ifdef CONFIG_CTRL_IFACE
-		"ctrl_interface", "ctrl_interface_group",
-#endif /* CONFIG_CTRL_IFACE */
-		"eapol_version", "ap_scan",
-#ifdef CONFIG_MESH
-		"user_mpm", "max_peer_links", "mesh_max_inactivity",
-#endif /* CONFIG_MESH */
-		"disable_scan_offload", "fast_reauth", "opensc_engine_path",
-		"pkcs11_engine_path", "pkcs11_module_path", "openssl_ciphers",
-		"pcsc_reader", "pcsc_pin", "external_sim", "driver_param",
-		"dot11RSNAConfigPMKLifetime",
-		"dot11RSNAConfigPMKReauthThreshold",
-		"dot11RSNAConfigSATimeout",
-#ifndef CONFIG_NO_CONFIG_WRITE
-		"update_config",
-#endif /* CONFIG_NO_CONFIG_WRITE */
-#ifdef CONFIG_WPS
-		"device_name", "manufacturer", "model_name", "model_number",
-		"serial_number", "config_methods", "wps_cred_processing",
-#endif /* CONFIG_WPS */
-#ifdef CONFIG_P2P
-		"p2p_listen_reg_class", "p2p_listen_channel",
-		"p2p_oper_reg_class", "p2p_oper_channel", "p2p_go_intent",
-		"p2p_ssid_postfix", "persistent_reconnect", "p2p_intra_bss",
-		"p2p_group_idle", "p2p_passphrase_len", "p2p_add_cli_chan",
-		"p2p_optimize_listen_chan", "p2p_go_ht40", "p2p_go_vht",
-		"p2p_disabled", "p2p_go_ctwindow", "p2p_no_group_iface",
-		"p2p_ignore_shared_freq", "ip_addr_go", "ip_addr_mask",
-		"ip_addr_start", "ip_addr_end",
-#endif /* CONFIG_P2P */
-		"bss_max_count", "bss_expiration_age",
-		"bss_expiration_scan_count", "filter_ssids", "filter_rssi",
-		"max_num_sta", "disassoc_low_ack", "ap_isolate",
-#ifdef CONFIG_HS20
-		"hs20",
-#endif /* CONFIG_HS20 */
-		"interworking", "access_network_type", "pbc_in_m1", "autoscan",
-		"go_interworking", "go_access_network_type", "go_internet",
-		"go_venue_group", "go_venue_type",
-		"wps_nfc_dev_pw_id", "ext_password_backend",
-		"p2p_go_max_inactivity", "auto_interworking", "okc", "pmf",
-		"dtim_period", "beacon_int", "ignore_old_scan_res",
-		"scan_cur_freq", "scan_res_valid_for_connect",
-		"sched_scan_interval",
-		"sched_scan_start_delay",
-		"tdls_external_control", "osu_dir", "wowlan_triggers",
-		"p2p_search_delay", "mac_addr", "rand_addr_lifetime",
-		"preassoc_mac_addr", "key_mgmt_offload", "passive_scan",
-		"reassoc_same_bss_optim", "extended_key_id"
-	};
-	int i, num_fields = ARRAY_SIZE(fields);
-
-	if (arg == 1) {
-		char **res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(fields[i]);
-			if (res[i] == NULL)
-				return res;
-		}
-		return res;
-	}
-
-	return NULL;
-}
-
-
-static int wpa_cli_cmd_logoff(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "LOGOFF");
-}
-
-
-static int wpa_cli_cmd_logon(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "LOGON");
-}
-
-
-static int wpa_cli_cmd_reassociate(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "REASSOCIATE");
-}
-
-
-static int wpa_cli_cmd_reattach(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "REATTACH");
-}
-
-
-static int wpa_cli_cmd_preauthenticate(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PREAUTH", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_ap_scan(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "AP_SCAN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_scan_interval(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "SCAN_INTERVAL", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_bss_expire_age(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "BSS_EXPIRE_AGE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_bss_expire_count(struct wpa_ctrl *ctrl, int argc,
-				        char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "BSS_EXPIRE_COUNT", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_bss_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256];
-	int res;
-
-	if (argc < 1)
-		res = os_snprintf(cmd, sizeof(cmd), "BSS_FLUSH 0");
-	else
-		res = os_snprintf(cmd, sizeof(cmd), "BSS_FLUSH %s", argv[0]);
-	if (os_snprintf_error(sizeof(cmd), res)) {
-		printf("Too long BSS_FLUSH command.\n");
-		return -1;
-	}
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_ft_ds(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "FT_DS", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_pbc(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_PBC", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc == 0) {
-		printf("Invalid WPS_PIN command: need one or two arguments:\n"
-		       "- BSSID: use 'any' to select any\n"
-		       "- PIN: optional, used only with devices that have no "
-		       "display\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "WPS_PIN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_check_pin(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_CHECK_PIN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_cancel(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "WPS_CANCEL");
-}
-
-
-#ifdef CONFIG_WPS_NFC
-
-static int wpa_cli_cmd_wps_nfc(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_NFC", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_nfc_config_token(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_NFC_CONFIG_TOKEN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_nfc_token(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_NFC_TOKEN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_nfc_tag_read(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	int ret;
-	char *buf;
-	size_t buflen;
-
-	if (argc != 1) {
-		printf("Invalid 'wps_nfc_tag_read' command - one argument "
-		       "is required.\n");
-		return -1;
-	}
-
-	buflen = 18 + os_strlen(argv[0]);
-	buf = os_malloc(buflen);
-	if (buf == NULL)
-		return -1;
-	os_snprintf(buf, buflen, "WPS_NFC_TAG_READ %s", argv[0]);
-
-	ret = wpa_ctrl_command(ctrl, buf);
-	os_free(buf);
-
-	return ret;
-}
-
-
-static int wpa_cli_cmd_nfc_get_handover_req(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "NFC_GET_HANDOVER_REQ", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_nfc_get_handover_sel(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "NFC_GET_HANDOVER_SEL", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_nfc_report_handover(struct wpa_ctrl *ctrl, int argc,
-					   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "NFC_REPORT_HANDOVER", 4, argc, argv);
-}
-
-#endif /* CONFIG_WPS_NFC */
-
-
-static int wpa_cli_cmd_wps_reg(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256];
-	int res;
-
-	if (argc == 2)
-		res = os_snprintf(cmd, sizeof(cmd), "WPS_REG %s %s",
-				  argv[0], argv[1]);
-	else if (argc == 5 || argc == 6) {
-		char ssid_hex[2 * SSID_MAX_LEN + 1];
-		char key_hex[2 * 64 + 1];
-		int i;
-
-		ssid_hex[0] = '\0';
-		for (i = 0; i < SSID_MAX_LEN; i++) {
-			if (argv[2][i] == '\0')
-				break;
-			os_snprintf(&ssid_hex[i * 2], 3, "%02x", argv[2][i]);
-		}
-
-		key_hex[0] = '\0';
-		if (argc == 6) {
-			for (i = 0; i < 64; i++) {
-				if (argv[5][i] == '\0')
-					break;
-				os_snprintf(&key_hex[i * 2], 3, "%02x",
-					    argv[5][i]);
-			}
-		}
-
-		res = os_snprintf(cmd, sizeof(cmd),
-				  "WPS_REG %s %s %s %s %s %s",
-				  argv[0], argv[1], ssid_hex, argv[3], argv[4],
-				  key_hex);
-	} else {
-		printf("Invalid WPS_REG command: need two arguments:\n"
-		       "- BSSID of the target AP\n"
-		       "- AP PIN\n");
-		printf("Alternatively, six arguments can be used to "
-		       "reconfigure the AP:\n"
-		       "- BSSID of the target AP\n"
-		       "- AP PIN\n"
-		       "- new SSID\n"
-		       "- new auth (OPEN, WPAPSK, WPA2PSK)\n"
-		       "- new encr (NONE, WEP, TKIP, CCMP)\n"
-		       "- new key\n");
-		return -1;
-	}
-
-	if (os_snprintf_error(sizeof(cmd), res)) {
-		printf("Too long WPS_REG command.\n");
-		return -1;
-	}
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_wps_ap_pin(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_AP_PIN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_er_start(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_ER_START", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_er_stop(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "WPS_ER_STOP");
-
-}
-
-
-static int wpa_cli_cmd_wps_er_pin(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	if (argc < 2) {
-		printf("Invalid WPS_ER_PIN command: need at least two "
-		       "arguments:\n"
-		       "- UUID: use 'any' to select any\n"
-		       "- PIN: Enrollee PIN\n"
-		       "optional: - Enrollee MAC address\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "WPS_ER_PIN", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_er_pbc(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WPS_ER_PBC", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_er_learn(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	if (argc != 2) {
-		printf("Invalid WPS_ER_LEARN command: need two arguments:\n"
-		       "- UUID: specify which AP to use\n"
-		       "- PIN: AP PIN\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "WPS_ER_LEARN", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_er_set_config(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	if (argc != 2) {
-		printf("Invalid WPS_ER_SET_CONFIG command: need two "
-		       "arguments:\n"
-		       "- UUID: specify which AP to use\n"
-		       "- Network configuration id\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "WPS_ER_SET_CONFIG", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wps_er_config(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	char cmd[256];
-	int res;
-
-	if (argc == 5 || argc == 6) {
-		char ssid_hex[2 * SSID_MAX_LEN + 1];
-		char key_hex[2 * 64 + 1];
-		int i;
-
-		ssid_hex[0] = '\0';
-		for (i = 0; i < SSID_MAX_LEN; i++) {
-			if (argv[2][i] == '\0')
-				break;
-			os_snprintf(&ssid_hex[i * 2], 3, "%02x", argv[2][i]);
-		}
-
-		key_hex[0] = '\0';
-		if (argc == 6) {
-			for (i = 0; i < 64; i++) {
-				if (argv[5][i] == '\0')
-					break;
-				os_snprintf(&key_hex[i * 2], 3, "%02x",
-					    argv[5][i]);
-			}
-		}
-
-		res = os_snprintf(cmd, sizeof(cmd),
-				  "WPS_ER_CONFIG %s %s %s %s %s %s",
-				  argv[0], argv[1], ssid_hex, argv[3], argv[4],
-				  key_hex);
-	} else {
-		printf("Invalid WPS_ER_CONFIG command: need six arguments:\n"
-		       "- AP UUID\n"
-		       "- AP PIN\n"
-		       "- new SSID\n"
-		       "- new auth (OPEN, WPAPSK, WPA2PSK)\n"
-		       "- new encr (NONE, WEP, TKIP, CCMP)\n"
-		       "- new key\n");
-		return -1;
-	}
-
-	if (os_snprintf_error(sizeof(cmd), res)) {
-		printf("Too long WPS_ER_CONFIG command.\n");
-		return -1;
-	}
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-#ifdef CONFIG_WPS_NFC
-static int wpa_cli_cmd_wps_er_nfc_config_token(struct wpa_ctrl *ctrl, int argc,
-					       char *argv[])
-{
-	if (argc != 2) {
-		printf("Invalid WPS_ER_NFC_CONFIG_TOKEN command: need two "
-		       "arguments:\n"
-		       "- WPS/NDEF: token format\n"
-		       "- UUID: specify which AP to use\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "WPS_ER_NFC_CONFIG_TOKEN", 2, argc, argv);
-}
-#endif /* CONFIG_WPS_NFC */
-
-
-static int wpa_cli_cmd_ibss_rsn(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "IBSS_RSN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_level(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "LEVEL", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_identity(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid IDENTITY command: needs two arguments "
-		       "(network id and identity)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "IDENTITY-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long IDENTITY command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long IDENTITY command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_password(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid PASSWORD command: needs two arguments "
-		       "(network id and password)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PASSWORD-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long PASSWORD command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long PASSWORD command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_new_password(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid NEW_PASSWORD command: needs two arguments "
-		       "(network id and password)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "NEW_PASSWORD-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long NEW_PASSWORD command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long NEW_PASSWORD command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_pin(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid PIN command: needs two arguments "
-		       "(network id and pin)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PIN-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long PIN command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long PIN command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_otp(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid OTP command: needs two arguments (network "
-		       "id and password)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "OTP-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long OTP command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long OTP command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_sim(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid SIM command: needs two arguments "
-		       "(network id and SIM operation response)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "SIM-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long SIM command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long SIM command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_psk_passphrase(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid PSK_PASSPHRASE command: needs two arguments (network id and PSK/passphrase)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PSK_PASSPHRASE-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long PSK_PASSPHRASE command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long PSK_PASSPHRASE command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_passphrase(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	char cmd[256], *pos, *end;
-	int i, ret;
-
-	if (argc < 2) {
-		printf("Invalid PASSPHRASE command: needs two arguments "
-		       "(network id and passphrase)\n");
-		return -1;
-	}
-
-	end = cmd + sizeof(cmd);
-	pos = cmd;
-	ret = os_snprintf(pos, end - pos, WPA_CTRL_RSP "PASSPHRASE-%s:%s",
-			  argv[0], argv[1]);
-	if (os_snprintf_error(end - pos, ret)) {
-		printf("Too long PASSPHRASE command.\n");
-		return -1;
-	}
-	pos += ret;
-	for (i = 2; i < argc; i++) {
-		ret = os_snprintf(pos, end - pos, " %s", argv[i]);
-		if (os_snprintf_error(end - pos, ret)) {
-			printf("Too long PASSPHRASE command.\n");
-			return -1;
-		}
-		pos += ret;
-	}
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_bssid(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc < 2) {
-		printf("Invalid BSSID command: needs two arguments (network "
-		       "id and BSSID)\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "BSSID", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_bssid_ignore(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "BSSID_IGNORE", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_log_level(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "LOG_LEVEL", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_list_networks(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "LIST_NETWORKS", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_select_network(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "SELECT_NETWORK", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_enable_network(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "ENABLE_NETWORK", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_disable_network(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DISABLE_NETWORK", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_add_network(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	int res = wpa_ctrl_command(ctrl, "ADD_NETWORK");
-	if (interactive)
-		update_networks(ctrl);
-	return res;
-}
-
-
-static int wpa_cli_cmd_remove_network(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	int res = wpa_cli_cmd(ctrl, "REMOVE_NETWORK", 1, argc, argv);
-	if (interactive)
-		update_networks(ctrl);
-	return res;
-}
-
-
-static void wpa_cli_show_network_variables(void)
-{
-	printf("set_network variables:\n"
-	       "  ssid (network name, SSID)\n"
-	       "  psk (WPA passphrase or pre-shared key)\n"
-	       "  key_mgmt (key management protocol)\n"
-	       "  identity (EAP identity)\n"
-	       "  password (EAP password)\n"
-	       "  ...\n"
-	       "\n"
-	       "Note: Values are entered in the same format as the "
-	       "configuration file is using,\n"
-	       "i.e., strings values need to be inside double quotation "
-	       "marks.\n"
-	       "For example: set_network 1 ssid \"network name\"\n"
-	       "\n"
-	       "Please see wpa_supplicant.conf documentation for full list "
-	       "of\navailable variables.\n");
-}
-
-
-static int wpa_cli_cmd_set_network(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	if (argc == 0) {
-		wpa_cli_show_network_variables();
-		return 0;
-	}
-
-	if (argc < 3) {
-		printf("Invalid SET_NETWORK command: needs three arguments\n"
-		       "(network id, variable name, and value)\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "SET_NETWORK", 3, argc, argv);
-}
-
-
-static int wpa_cli_cmd_get_network(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	if (argc == 0) {
-		wpa_cli_show_network_variables();
-		return 0;
-	}
-
-	if (argc != 2) {
-		printf("Invalid GET_NETWORK command: needs two arguments\n"
-		       "(network id and variable name)\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "GET_NETWORK", 2, argc, argv);
-}
-
-
-static const char *network_fields[] = {
-	"ssid", "scan_ssid", "bssid", "bssid_ignore",
-	"bssid_accept", "psk", "proto", "key_mgmt",
-	"bg_scan_period", "pairwise", "group", "auth_alg", "scan_freq",
-	"freq_list", "max_oper_chwidth", "ht40", "vht", "vht_center_freq1",
-	"vht_center_freq2", "ht", "edmg",
-#ifdef IEEE8021X_EAPOL
-	"eap", "identity", "anonymous_identity", "password", "ca_cert",
-	"ca_path", "client_cert", "private_key", "private_key_passwd",
-	"dh_file", "subject_match", "altsubject_match",
-	"check_cert_subject",
-	"domain_suffix_match", "domain_match", "ca_cert2", "ca_path2",
-	"client_cert2", "private_key2", "private_key2_passwd",
-	"dh_file2", "subject_match2", "altsubject_match2",
-	"check_cert_subject2",
-	"domain_suffix_match2", "domain_match2", "phase1", "phase2",
-	"pcsc", "pin", "engine_id", "key_id", "cert_id", "ca_cert_id",
-	"pin2", "engine2_id", "key2_id", "cert2_id", "ca_cert2_id",
-	"engine", "engine2", "eapol_flags", "sim_num",
-	"openssl_ciphers", "erp",
-#endif /* IEEE8021X_EAPOL */
-	"wep_key0", "wep_key1", "wep_key2", "wep_key3",
-	"wep_tx_keyidx", "priority",
-#ifdef IEEE8021X_EAPOL
-	"eap_workaround", "pac_file", "fragment_size", "ocsp",
-#endif /* IEEE8021X_EAPOL */
-	"mode",
-	"proactive_key_caching", "disabled", "id_str",
-	"ieee80211w",
-	"mixed_cell", "frequency", "fixed_freq",
-#ifdef CONFIG_MESH
-	"no_auto_peer", "mesh_rssi_threshold",
-	"mesh_basic_rates", "dot11MeshMaxRetries",
-	"dot11MeshRetryTimeout", "dot11MeshConfirmTimeout",
-	"dot11MeshHoldingTimeout",
-#endif /* CONFIG_MESH */
-	"wpa_ptk_rekey", "bgscan", "ignore_broadcast_ssid",
-	"wpa_deny_ptk0_rekey",
-	"enable_edmg", "edmg_channel",
-#ifdef CONFIG_P2P
-	"go_p2p_dev_addr", "p2p_client_list", "psk_list",
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_HT_OVERRIDES
-	"disable_ht", "disable_ht40", "disable_sgi", "disable_ldpc",
-	"ht40_intolerant", "disable_max_amsdu", "ampdu_factor",
-	"ampdu_density", "ht_mcs", "rx_stbc", "tx_stbc",
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	"disable_vht", "vht_capa", "vht_capa_mask", "vht_rx_mcs_nss_1",
-	"vht_rx_mcs_nss_2", "vht_rx_mcs_nss_3", "vht_rx_mcs_nss_4",
-	"vht_rx_mcs_nss_5", "vht_rx_mcs_nss_6", "vht_rx_mcs_nss_7",
-	"vht_rx_mcs_nss_8", "vht_tx_mcs_nss_1", "vht_tx_mcs_nss_2",
-	"vht_tx_mcs_nss_3", "vht_tx_mcs_nss_4", "vht_tx_mcs_nss_5",
-	"vht_tx_mcs_nss_6", "vht_tx_mcs_nss_7", "vht_tx_mcs_nss_8",
-#endif /* CONFIG_VHT_OVERRIDES */
-#ifdef CONFIG_HE_OVERRIDES
-	"disable_he",
-#endif /* CONFIG_HE_OVERRIDES */
-	"ap_max_inactivity", "dtim_period", "beacon_int",
-#ifdef CONFIG_MACSEC
-	"macsec_policy",
-	"macsec_integ_only",
-	"macsec_replay_protect",
-	"macsec_replay_window",
-	"macsec_port",
-	"mka_priority",
-#endif /* CONFIG_MACSEC */
-#ifdef CONFIG_HS20
-	"update_identifier",
-#endif /* CONFIG_HS20 */
-	"mac_addr", "pbss", "wps_disabled"
-};
-
-
-static char ** wpa_cli_complete_network(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	int i, num_fields = ARRAY_SIZE(network_fields);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&networks);
-		break;
-	case 2:
-		res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(network_fields[i]);
-			if (res[i] == NULL)
-				break;
-		}
-	}
-	return res;
-}
-
-
-static char ** wpa_cli_complete_network_id(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	if (arg == 1)
-		return cli_txt_list_array(&networks);
-	return NULL;
-}
-
-
-static int wpa_cli_cmd_dup_network(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	if (argc == 0) {
-		wpa_cli_show_network_variables();
-		return 0;
-	}
-
-	if (argc < 3) {
-		printf("Invalid DUP_NETWORK command: needs three arguments\n"
-		       "(src netid, dest netid, and variable name)\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "DUP_NETWORK", 3, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_dup_network(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	int i, num_fields = ARRAY_SIZE(network_fields);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-	case 2:
-		res = cli_txt_list_array(&networks);
-		break;
-	case 3:
-		res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(network_fields[i]);
-			if (res[i] == NULL)
-				break;
-		}
-	}
-	return res;
-}
-
-
-static int wpa_cli_cmd_list_creds(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "LIST_CREDS");
-}
-
-
-static int wpa_cli_cmd_add_cred(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	int res = wpa_ctrl_command(ctrl, "ADD_CRED");
-	if (interactive)
-		update_creds(ctrl);
-	return res;
-}
-
-
-static int wpa_cli_cmd_remove_cred(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	int res = wpa_cli_cmd(ctrl, "REMOVE_CRED", 1, argc, argv);
-	if (interactive)
-		update_creds(ctrl);
-	return res;
-}
-
-
-static const char * const cred_fields[] = {
-	"temporary", "priority", "sp_priority", "pcsc", "eap",
-	"update_identifier", "min_dl_bandwidth_home", "min_ul_bandwidth_home",
-	"min_dl_bandwidth_roaming", "min_ul_bandwidth_roaming", "max_bss_load",
-	"req_conn_capab", "ocsp", "sim_num", "realm", "username", "password",
-	"ca_cert", "client_cert", "private_key", "private_key_passwd", "imsi",
-	"ca_cert_id", "cert_id", "key_id", "engine_id", "engine",
-	"milenage", "domain_suffix_match", "domain", "phase1", "phase2",
-	"roaming_consortium", "required_roaming_consortium", "excluded_ssid",
-	"roaming_partner", "provisioning_sp"
-};
-
-
-static char ** wpa_cli_complete_cred(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	int i, num_fields = ARRAY_SIZE(cred_fields);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&creds);
-		break;
-	case 2:
-		res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(cred_fields[i]);
-			if (res[i] == NULL)
-				break;
-		}
-	}
-	return res;
-}
-
-
-static int wpa_cli_cmd_set_cred(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc != 3) {
-		printf("Invalid SET_CRED command: needs three arguments\n"
-		       "(cred id, variable name, and value)\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "SET_CRED", 3, argc, argv);
-}
-
-
-static int wpa_cli_cmd_get_cred(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc != 2) {
-		printf("Invalid GET_CRED command: needs two arguments\n"
-		       "(cred id, variable name)\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "GET_CRED", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_disconnect(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DISCONNECT");
-}
-
-
-static int wpa_cli_cmd_reconnect(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "RECONNECT");
-}
-
-
-static int wpa_cli_cmd_save_config(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "SAVE_CONFIG");
-}
-
-
-static int wpa_cli_cmd_scan(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "SCAN", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_scan_results(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "SCAN_RESULTS");
-}
-
-
-static int wpa_cli_cmd_abort_scan(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "ABORT_SCAN");
-}
-
-
-static int wpa_cli_cmd_bss(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "BSS", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_bss(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&bsses);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_get_capability(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	if (argc < 1 || argc > 3) {
-		printf("Invalid GET_CAPABILITY command: need at least one argument and max three arguments\n");
-		return -1;
-	}
-
-	if (argc > 1 && os_strcmp(argv[0], "key_mgmt") != 0 &&
-	    os_strncmp(argv[1], "iftype=", 7) == 0) {
-		printf("Invalid GET_CAPABILITY command: 'iftype=' param is allowed only for 'key_mgmt'\n");
-		return -1;
-	}
-
-	if (argc == 2 && os_strcmp(argv[1], "strict") != 0 &&
-	    os_strncmp(argv[1], "iftype=", 7) != 0) {
-		printf("Invalid GET_CAPABILITY command: the second argument, if any, must be 'strict' OR 'iftype=<iftype_name>'\n");
-		return -1;
-	}
-
-	if (argc == 3 && os_strcmp(argv[2], "strict") != 0) {
-		printf("Invalid GET_CAPABILITY command: the third argument, if any, must be 'strict'\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "GET_CAPABILITY", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_get_capability(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	const char *fields[] = {
-		"eap", "pairwise", "group", "group_mgmt", "key_mgmt",
-		"proto", "auth_alg", "modes", "channels", "freq",
-#ifdef CONFIG_TDLS
-		"tdls",
-#endif /* CONFIG_TDLS */
-#ifdef CONFIG_ERP
-		"erp",
-#endif /* CONFIG_ERP */
-#ifdef CONFIG_FIPS
-		"fips",
-#endif /* CONFIG_FIPS */
-#ifdef CONFIG_ACS
-		"acs",
-#endif /* CONFIG_ACS */
-	};
-	const char *iftypes[] = {
-		"iftype=STATION", "iftype=AP", "iftype=P2P_CLIENT",
-		"iftype=P2P_GO", "iftype=AP_VLAN", "iftype=IBSS", "iftype=NAN",
-		"iftype=P2P_DEVICE", "iftype=MESH",
-	};
-	int i, num_fields = ARRAY_SIZE(fields);
-	int num_iftypes = ARRAY_SIZE(iftypes);
-	char **res = NULL;
-
-	if (arg == 1) {
-		res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(fields[i]);
-			if (res[i] == NULL)
-				return res;
-		}
-	}
-	if (arg == 2) {
-		/* the second argument can be "iftype=<iftype_name>" OR
-		 * "strict" */
-		res = os_calloc(num_iftypes + 2, sizeof(char *));
-		if (!res)
-			return NULL;
-		res[0] = os_strdup("strict");
-		if (!res[0])
-			return res;
-		for (i = 0; i < num_iftypes; i++) {
-			res[i + 1] = os_strdup(iftypes[i]);
-			if (!res[i + 1])
-				return res;
-		}
-	}
-	if (arg == 3) {
-		res = os_calloc(1 + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		res[0] = os_strdup("strict");
-	}
-	return res;
-}
-
-
-static int wpa_cli_list_interfaces(struct wpa_ctrl *ctrl)
-{
-	printf("Available interfaces:\n");
-	return wpa_ctrl_command(ctrl, "INTERFACES");
-}
-
-
-static int wpa_cli_cmd_interface(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc < 1) {
-		wpa_cli_list_interfaces(ctrl);
-		return 0;
-	}
-
-	wpa_cli_close_connection();
-	os_free(ctrl_ifname);
-	ctrl_ifname = os_strdup(argv[0]);
-	if (!ctrl_ifname) {
-		printf("Failed to allocate memory\n");
-		return 0;
-	}
-
-	if (wpa_cli_open_connection(ctrl_ifname, 1) == 0) {
-		printf("Connected to interface '%s'.\n", ctrl_ifname);
-	} else {
-		printf("Could not connect to interface '%s' - re-trying\n",
-		       ctrl_ifname);
-	}
-	return 0;
-}
-
-
-static int wpa_cli_cmd_reconfigure(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "RECONFIGURE");
-}
-
-
-static int wpa_cli_cmd_terminate(struct wpa_ctrl *ctrl, int argc,
-				 char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "TERMINATE");
-}
-
-
-static int wpa_cli_cmd_interface_add(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	char cmd[256];
-	int res;
-
-	if (argc < 1) {
-		printf("Invalid INTERFACE_ADD command: needs at least one "
-		       "argument (interface name)\n"
-		       "All arguments: ifname confname driver ctrl_interface "
-		       "driver_param bridge_name [create]\n");
-		return -1;
-	}
-
-	/*
-	 * INTERFACE_ADD <ifname>TAB<confname>TAB<driver>TAB<ctrl_interface>TAB
-	 * <driver_param>TAB<bridge_name>[TAB<create>[TAB<type>]]
-	 */
-	res = os_snprintf(cmd, sizeof(cmd),
-			  "INTERFACE_ADD %s\t%s\t%s\t%s\t%s\t%s\t%s\t%s",
-			  argv[0],
-			  argc > 1 ? argv[1] : "", argc > 2 ? argv[2] : "",
-			  argc > 3 ? argv[3] : "", argc > 4 ? argv[4] : "",
-			  argc > 5 ? argv[5] : "", argc > 6 ? argv[6] : "",
-			  argc > 7 ? argv[7] : "");
-	if (os_snprintf_error(sizeof(cmd), res))
-		return -1;
-	cmd[sizeof(cmd) - 1] = '\0';
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_interface_remove(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "INTERFACE_REMOVE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_interface_list(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "INTERFACE_LIST");
-}
-
-
-#ifdef CONFIG_AP
-static int wpa_cli_cmd_sta(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "STA", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_sta(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&stations);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, const char *cmd,
-				char *addr, size_t addr_len, int print)
-{
-	char buf[4096], *pos;
-	size_t len;
-	int ret;
-
-	if (ctrl_conn == NULL) {
-		printf("Not connected to hostapd - command dropped.\n");
-		return -1;
-	}
-	if (ifname_prefix) {
-		os_snprintf(buf, sizeof(buf), "IFNAME=%s %s",
-			    ifname_prefix, cmd);
-		buf[sizeof(buf) - 1] = '\0';
-		cmd = buf;
-	}
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len,
-			       wpa_cli_msg_cb);
-	if (ret == -2) {
-		printf("'%s' command timed out.\n", cmd);
-		return -2;
-	} else if (ret < 0) {
-		printf("'%s' command failed.\n", cmd);
-		return -1;
-	}
-
-	buf[len] = '\0';
-	if (os_memcmp(buf, "FAIL", 4) == 0 ||
-	    os_memcmp(buf, "UNKNOWN COMMAND", 15) == 0)
-		return -1;
-	if (print)
-		printf("%s", buf);
-
-	pos = buf;
-	while (*pos != '\0' && *pos != '\n')
-		pos++;
-	*pos = '\0';
-	os_strlcpy(addr, buf, addr_len);
-	return 0;
-}
-
-
-static int wpa_cli_cmd_all_sta(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char addr[32], cmd[64];
-
-	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr), 1))
-		return 0;
-	do {
-		os_snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
-	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr), 1) == 0);
-
-	return -1;
-}
-
-
-static int wpa_cli_cmd_list_sta(struct wpa_ctrl *ctrl, int argc,
-				char *argv[])
-{
-	char addr[32], cmd[64];
-
-	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr), 0))
-		return 0;
-	do {
-		if (os_strcmp(addr, "") != 0)
-			printf("%s\n", addr);
-		os_snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
-	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr), 0) == 0);
-
-	return 0;
-}
-
-
-static int wpa_cli_cmd_deauthenticate(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DEAUTHENTICATE", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_deauthenticate(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&stations);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_disassociate(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DISASSOCIATE", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_disassociate(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&stations);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_chanswitch(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "CHAN_SWITCH", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_update_beacon(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "UPDATE_BEACON");
-}
-
-#endif /* CONFIG_AP */
-
-
-static int wpa_cli_cmd_suspend(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "SUSPEND");
-}
-
-
-static int wpa_cli_cmd_resume(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "RESUME");
-}
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-static int wpa_cli_cmd_drop_sa(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DROP_SA");
-}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-
-static int wpa_cli_cmd_roam(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "ROAM", 1, argc, argv);
-}
-
-
-#ifdef CONFIG_MESH
-
-static int wpa_cli_cmd_mesh_interface_add(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_INTERFACE_ADD", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_mesh_group_add(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_GROUP_ADD", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_mesh_group_remove(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_GROUP_REMOVE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_mesh_peer_remove(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_PEER_REMOVE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_mesh_peer_add(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_PEER_ADD", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_mesh_link_probe(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MESH_LINK_PROBE", 1, argc, argv);
-}
-
-#endif /* CONFIG_MESH */
-
-
-#ifdef CONFIG_P2P
-
-static int wpa_cli_cmd_p2p_find(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_FIND", 0, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_p2p_find(const char *str, int pos)
-{
-	char **res = NULL;
-	int arg = get_cmd_arg_num(str, pos);
-
-	res = os_calloc(6, sizeof(char *));
-	if (res == NULL)
-		return NULL;
-	res[0] = os_strdup("type=social");
-	if (res[0] == NULL) {
-		os_free(res);
-		return NULL;
-	}
-	res[1] = os_strdup("type=progressive");
-	if (res[1] == NULL)
-		return res;
-	res[2] = os_strdup("delay=");
-	if (res[2] == NULL)
-		return res;
-	res[3] = os_strdup("dev_id=");
-	if (res[3] == NULL)
-		return res;
-	if (arg == 1)
-		res[4] = os_strdup("[timeout]");
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_p2p_stop_find(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "P2P_STOP_FIND");
-}
-
-
-static int wpa_cli_cmd_p2p_asp_provision(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_ASP_PROVISION", 3, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_asp_provision_resp(struct wpa_ctrl *ctrl, int argc,
-					      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_ASP_PROVISION_RESP", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_connect(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_CONNECT", 2, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_p2p_connect(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&p2p_peers);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_p2p_listen(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_LISTEN", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_group_remove(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_GROUP_REMOVE", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_p2p_group_remove(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&p2p_groups);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_cli_cmd_p2p_group_add(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_GROUP_ADD", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_group_member(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_GROUP_MEMBER", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_prov_disc(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	if (argc != 2 && argc != 3) {
-		printf("Invalid P2P_PROV_DISC command: needs at least "
-		       "two arguments, address and config method\n"
-		       "(display, keypad, or pbc) and an optional join\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "P2P_PROV_DISC", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_get_passphrase(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "P2P_GET_PASSPHRASE");
-}
-
-
-static int wpa_cli_cmd_p2p_serv_disc_req(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	char cmd[4096];
-
-	if (argc < 2) {
-		printf("Invalid P2P_SERV_DISC_REQ command: needs two "
-		       "or more arguments (address and TLVs)\n");
-		return -1;
-	}
-
-	if (write_cmd(cmd, sizeof(cmd), "P2P_SERV_DISC_REQ", argc, argv) < 0)
-		return -1;
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_p2p_serv_disc_cancel_req(struct wpa_ctrl *ctrl,
-						int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_SERV_DISC_CANCEL_REQ", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_serv_disc_resp(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	char cmd[4096];
-	int res;
-
-	if (argc != 4) {
-		printf("Invalid P2P_SERV_DISC_RESP command: needs four "
-		       "arguments (freq, address, dialog token, and TLVs)\n");
-		return -1;
-	}
-
-	res = os_snprintf(cmd, sizeof(cmd), "P2P_SERV_DISC_RESP %s %s %s %s",
-			  argv[0], argv[1], argv[2], argv[3]);
-	if (os_snprintf_error(sizeof(cmd), res))
-		return -1;
-	cmd[sizeof(cmd) - 1] = '\0';
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_p2p_service_update(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "P2P_SERVICE_UPDATE");
-}
-
-
-static int wpa_cli_cmd_p2p_serv_disc_external(struct wpa_ctrl *ctrl,
-					      int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_SERV_DISC_EXTERNAL", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_service_flush(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "P2P_SERVICE_FLUSH");
-}
-
-
-static int wpa_cli_cmd_p2p_service_add(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	if (argc < 3) {
-		printf("Invalid P2P_SERVICE_ADD command: needs 3-6 arguments\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "P2P_SERVICE_ADD", 3, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_service_rep(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	if (argc < 5 || argc > 6) {
-		printf("Invalid P2P_SERVICE_REP command: needs 5-6 "
-		       "arguments\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "P2P_SERVICE_REP", 5, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_service_del(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	char cmd[4096];
-	int res;
-
-	if (argc != 2 && argc != 3) {
-		printf("Invalid P2P_SERVICE_DEL command: needs two or three "
-		       "arguments\n");
-		return -1;
-	}
-
-	if (argc == 3)
-		res = os_snprintf(cmd, sizeof(cmd),
-				  "P2P_SERVICE_DEL %s %s %s",
-				  argv[0], argv[1], argv[2]);
-	else
-		res = os_snprintf(cmd, sizeof(cmd),
-				  "P2P_SERVICE_DEL %s %s",
-				  argv[0], argv[1]);
-	if (os_snprintf_error(sizeof(cmd), res))
-		return -1;
-	cmd[sizeof(cmd) - 1] = '\0';
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_p2p_reject(struct wpa_ctrl *ctrl,
-				  int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_REJECT", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_invite(struct wpa_ctrl *ctrl,
-				  int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_INVITE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_peer(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_PEER", 1, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_p2p_peer(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&p2p_peers);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_ctrl_command_p2p_peer(struct wpa_ctrl *ctrl, const char *cmd,
-				     char *addr, size_t addr_len,
-				     int discovered)
-{
-	char buf[4096], *pos;
-	size_t len;
-	int ret;
-
-	if (ctrl_conn == NULL)
-		return -1;
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len,
-			       wpa_cli_msg_cb);
-	if (ret == -2) {
-		printf("'%s' command timed out.\n", cmd);
-		return -2;
-	} else if (ret < 0) {
-		printf("'%s' command failed.\n", cmd);
-		return -1;
-	}
-
-	buf[len] = '\0';
-	if (os_memcmp(buf, "FAIL", 4) == 0)
-		return -1;
-
-	pos = buf;
-	while (*pos != '\0' && *pos != '\n')
-		pos++;
-	*pos++ = '\0';
-	os_strlcpy(addr, buf, addr_len);
-	if (!discovered || os_strstr(pos, "[PROBE_REQ_ONLY]") == NULL)
-		printf("%s\n", addr);
-	return 0;
-}
-
-
-static int wpa_cli_cmd_p2p_peers(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char addr[32], cmd[64];
-	int discovered;
-
-	discovered = argc > 0 && os_strcmp(argv[0], "discovered") == 0;
-
-	if (wpa_ctrl_command_p2p_peer(ctrl, "P2P_PEER FIRST",
-				      addr, sizeof(addr), discovered))
-		return -1;
-	do {
-		os_snprintf(cmd, sizeof(cmd), "P2P_PEER NEXT-%s", addr);
-	} while (wpa_ctrl_command_p2p_peer(ctrl, cmd, addr, sizeof(addr),
-			 discovered) == 0);
-
-	return 0;
-}
-
-
-static int wpa_cli_cmd_p2p_set(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_SET", 2, argc, argv);
-}
-
-
-static char ** wpa_cli_complete_p2p_set(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	const char *fields[] = {
-		"discoverability",
-		"managed",
-		"listen_channel",
-		"ssid_postfix",
-		"noa",
-		"ps",
-		"oppps",
-		"ctwindow",
-		"disabled",
-		"conc_pref",
-		"force_long_sd",
-		"peer_filter",
-		"cross_connect",
-		"go_apsd",
-		"client_apsd",
-		"disallow_freq",
-		"disc_int",
-		"per_sta_psk",
-	};
-	int i, num_fields = ARRAY_SIZE(fields);
-
-	if (arg == 1) {
-		char **res = os_calloc(num_fields + 1, sizeof(char *));
-		if (res == NULL)
-			return NULL;
-		for (i = 0; i < num_fields; i++) {
-			res[i] = os_strdup(fields[i]);
-			if (res[i] == NULL)
-				return res;
-		}
-		return res;
-	}
-
-	if (arg == 2 && os_strncasecmp(str, "p2p_set peer_filter ", 20) == 0)
-		return cli_txt_list_array(&p2p_peers);
-
-	return NULL;
-}
-
-
-static int wpa_cli_cmd_p2p_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "P2P_FLUSH");
-}
-
-
-static int wpa_cli_cmd_p2p_cancel(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "P2P_CANCEL");
-}
-
-
-static int wpa_cli_cmd_p2p_unauthorize(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_UNAUTHORIZE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_presence_req(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	if (argc != 0 && argc != 2 && argc != 4) {
-		printf("Invalid P2P_PRESENCE_REQ command: needs two arguments "
-		       "(preferred duration, interval; in microsecods).\n"
-		       "Optional second pair can be used to provide "
-		       "acceptable values.\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "P2P_PRESENCE_REQ", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_ext_listen(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	if (argc != 0 && argc != 2) {
-		printf("Invalid P2P_EXT_LISTEN command: needs two arguments "
-		       "(availability period, availability interval; in "
-		       "millisecods).\n"
-		       "Extended Listen Timing can be cancelled with this "
-		       "command when used without parameters.\n");
-		return -1;
-	}
-
-	return wpa_cli_cmd(ctrl, "P2P_EXT_LISTEN", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_remove_client(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_REMOVE_CLIENT", 1, argc, argv);
-}
-
-#endif /* CONFIG_P2P */
-
-
-static int wpa_cli_cmd_vendor_elem_add(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "VENDOR_ELEM_ADD", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_vendor_elem_get(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "VENDOR_ELEM_GET", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_vendor_elem_remove(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "VENDOR_ELEM_REMOVE", 2, argc, argv);
-}
-
-
-#ifdef CONFIG_WIFI_DISPLAY
-
-static int wpa_cli_cmd_wfd_subelem_set(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	char cmd[100];
-	int res;
-
-	if (argc != 1 && argc != 2) {
-		printf("Invalid WFD_SUBELEM_SET command: needs one or two "
-		       "arguments (subelem, hexdump)\n");
-		return -1;
-	}
-
-	res = os_snprintf(cmd, sizeof(cmd), "WFD_SUBELEM_SET %s %s",
-			  argv[0], argc > 1 ? argv[1] : "");
-	if (os_snprintf_error(sizeof(cmd), res))
-		return -1;
-	cmd[sizeof(cmd) - 1] = '\0';
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_wfd_subelem_get(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	char cmd[100];
-	int res;
-
-	if (argc != 1) {
-		printf("Invalid WFD_SUBELEM_GET command: needs one "
-		       "argument (subelem)\n");
-		return -1;
-	}
-
-	res = os_snprintf(cmd, sizeof(cmd), "WFD_SUBELEM_GET %s",
-			  argv[0]);
-	if (os_snprintf_error(sizeof(cmd), res))
-		return -1;
-	cmd[sizeof(cmd) - 1] = '\0';
-	return wpa_ctrl_command(ctrl, cmd);
-}
-#endif /* CONFIG_WIFI_DISPLAY */
-
-
-#ifdef CONFIG_INTERWORKING
-static int wpa_cli_cmd_fetch_anqp(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "FETCH_ANQP");
-}
-
-
-static int wpa_cli_cmd_stop_fetch_anqp(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "STOP_FETCH_ANQP");
-}
-
-
-static int wpa_cli_cmd_interworking_select(struct wpa_ctrl *ctrl, int argc,
-					   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "INTERWORKING_SELECT", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_interworking_connect(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "INTERWORKING_CONNECT", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_interworking_add_network(struct wpa_ctrl *ctrl, int argc,
-						char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "INTERWORKING_ADD_NETWORK", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_anqp_get(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "ANQP_GET", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_gas_request(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "GAS_REQUEST", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_gas_response_get(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "GAS_RESPONSE_GET", 2, argc, argv);
-}
-#endif /* CONFIG_INTERWORKING */
-
-
-#ifdef CONFIG_HS20
-
-static int wpa_cli_cmd_hs20_anqp_get(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "HS20_ANQP_GET", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_get_nai_home_realm_list(struct wpa_ctrl *ctrl, int argc,
-					       char *argv[])
-{
-	char cmd[512];
-
-	if (argc == 0) {
-		printf("Command needs one or two arguments (dst mac addr and "
-		       "optional home realm)\n");
-		return -1;
-	}
-
-	if (write_cmd(cmd, sizeof(cmd), "HS20_GET_NAI_HOME_REALM_LIST",
-		      argc, argv) < 0)
-		return -1;
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_hs20_icon_request(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	char cmd[512];
-
-	if (argc < 2) {
-		printf("Command needs two arguments (dst mac addr and "
-		       "icon name)\n");
-		return -1;
-	}
-
-	if (write_cmd(cmd, sizeof(cmd), "HS20_ICON_REQUEST", argc, argv) < 0)
-		return -1;
-
-	return wpa_ctrl_command(ctrl, cmd);
-}
-
-
-static int wpa_cli_cmd_fetch_osu(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "FETCH_OSU");
-}
-
-
-static int wpa_cli_cmd_cancel_fetch_osu(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "CANCEL_FETCH_OSU");
-}
-
-#endif /* CONFIG_HS20 */
-
-
-static int wpa_cli_cmd_sta_autoconnect(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "STA_AUTOCONNECT", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_tdls_discover(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TDLS_DISCOVER", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_tdls_setup(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TDLS_SETUP", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_tdls_teardown(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TDLS_TEARDOWN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_tdls_link_status(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TDLS_LINK_STATUS", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wmm_ac_addts(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WMM_AC_ADDTS", 3, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wmm_ac_delts(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WMM_AC_DELTS", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wmm_ac_status(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "WMM_AC_STATUS");
-}
-
-
-static int wpa_cli_cmd_tdls_chan_switch(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TDLS_CHAN_SWITCH", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_tdls_cancel_chan_switch(struct wpa_ctrl *ctrl, int argc,
-					       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TDLS_CANCEL_CHAN_SWITCH", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_signal_poll(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "SIGNAL_POLL");
-}
-
-
-static int wpa_cli_cmd_signal_monitor(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "SIGNAL_MONITOR", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_pktcnt_poll(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "PKTCNT_POLL");
-}
-
-
-static int wpa_cli_cmd_reauthenticate(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "REAUTHENTICATE");
-}
-
-
-#ifdef CONFIG_AUTOSCAN
-
-static int wpa_cli_cmd_autoscan(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc == 0)
-		return wpa_ctrl_command(ctrl, "AUTOSCAN ");
-
-	return wpa_cli_cmd(ctrl, "AUTOSCAN", 0, argc, argv);
-}
-
-#endif /* CONFIG_AUTOSCAN */
-
-
-#ifdef CONFIG_WNM
-
-static int wpa_cli_cmd_wnm_sleep(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WNM_SLEEP", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_wnm_bss_query(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "WNM_BSS_QUERY", 1, argc, argv);
-}
-
-#endif /* CONFIG_WNM */
-
-
-static int wpa_cli_cmd_raw(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	if (argc == 0)
-		return -1;
-	return wpa_cli_cmd(ctrl, argv[0], 0, argc - 1, &argv[1]);
-}
-
-
-#ifdef ANDROID
-static int wpa_cli_cmd_driver(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DRIVER", 1, argc, argv);
-}
-#endif /* ANDROID */
-
-
-static int wpa_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "VENDOR", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "FLUSH");
-}
-
-
-static int wpa_cli_cmd_radio_work(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "RADIO_WORK", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_neighbor_rep_request(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "NEIGHBOR_REP_REQUEST", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_twt_setup(struct wpa_ctrl *ctrl, int argc,
-				 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TWT_SETUP", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_twt_teardown(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "TWT_TEARDOWN", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "ERP_FLUSH");
-}
-
-
-static int wpa_cli_cmd_mac_rand_scan(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MAC_RAND_SCAN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_get_pref_freq_list(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "GET_PREF_FREQ_LIST", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_lo_start(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_LO_START", 4, argc, argv);
-}
-
-
-static int wpa_cli_cmd_p2p_lo_stop(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "P2P_LO_STOP", 0, argc, argv);
-}
-
-
-#ifdef CONFIG_DPP
-
-static int wpa_cli_cmd_dpp_qr_code(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_QR_CODE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_bootstrap_gen(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_BOOTSTRAP_GEN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_bootstrap_remove(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_BOOTSTRAP_REMOVE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_bootstrap_get_uri(struct wpa_ctrl *ctrl, int argc,
-					     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_BOOTSTRAP_GET_URI", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_bootstrap_info(struct wpa_ctrl *ctrl, int argc,
-					  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_BOOTSTRAP_INFO", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_bootstrap_set(struct wpa_ctrl *ctrl, int argc,
-					 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_BOOTSTRAP_SET", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_auth_init(struct wpa_ctrl *ctrl, int argc,
-				     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_AUTH_INIT", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_listen(struct wpa_ctrl *ctrl, int argc,
-				  char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_LISTEN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_stop_listen(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DPP_STOP_LISTEN");
-}
-
-
-static int wpa_cli_cmd_dpp_configurator_add(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_CONFIGURATOR_ADD", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_configurator_remove(struct wpa_ctrl *ctrl, int argc,
-					       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_CONFIGURATOR_REMOVE", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_configurator_get_key(struct wpa_ctrl *ctrl, int argc,
-						char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_CONFIGURATOR_GET_KEY", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_configurator_sign(struct wpa_ctrl *ctrl, int argc,
-					     char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_CONFIGURATOR_SIGN", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_pkex_add(struct wpa_ctrl *ctrl, int argc,
-				    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_PKEX_ADD", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_pkex_remove(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_PKEX_REMOVE", 1, argc, argv);
-}
-
-
-#ifdef CONFIG_DPP2
-
-static int wpa_cli_cmd_dpp_controller_start(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_CONTROLLER_START", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_controller_stop(struct wpa_ctrl *ctrl, int argc,
-					    char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DPP_CONTROLLER_STOP");
-}
-
-
-static int wpa_cli_cmd_dpp_chirp(struct wpa_ctrl *ctrl, int argc,
-				 char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DPP_CHIRP", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dpp_stop_chirp(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_ctrl_command(ctrl, "DPP_STOP_CHIRP");
-}
-
-#endif /* CONFIG_DPP2 */
-#endif /* CONFIG_DPP */
-
-
-static int wpa_ctrl_command_bss(struct wpa_ctrl *ctrl, const char *cmd)
-{
-	char buf[512], *pos, *bssid = NULL, *freq = NULL, *level = NULL,
-		*flags = NULL, *ssid = NULL;
-	size_t len;
-	int ret, id = -1;
-
-	if (!ctrl_conn)
-		return -1;
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len,
-			       wpa_cli_msg_cb);
-	if (ret == -2) {
-		printf("'%s' command timed out.\n", cmd);
-		return -2;
-	} else if (ret < 0) {
-		printf("'%s' command failed.\n", cmd);
-		return -1;
-	}
-
-	buf[len] = '\0';
-	if (os_memcmp(buf, "FAIL", 4) == 0)
-		return -1;
-
-	pos = buf;
-	while (*pos != '\0') {
-		if (str_starts(pos, "id="))
-			id = atoi(pos + 3);
-		if (str_starts(pos, "bssid="))
-			bssid = pos + 6;
-		if (str_starts(pos, "freq="))
-			freq = pos + 5;
-		if (str_starts(pos, "level="))
-			level = pos + 6;
-		if (str_starts(pos, "flags="))
-			flags = pos + 6;
-		if (str_starts(pos, "ssid="))
-			ssid = pos + 5;
-
-		while (*pos != '\0' && *pos != '\n')
-			pos++;
-		*pos++ = '\0';
-	}
-	if (id != -1)
-		printf("%s\t%s\t%s\t%s\t%s\n", bssid ? bssid : "N/A",
-		       freq ? freq : "N/A", level ? level : "N/A",
-		       flags ? flags : "N/A", ssid ? ssid : "N/A");
-	return id;
-}
-
-
-static int wpa_cli_cmd_all_bss(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	char cmd[64];
-	int id = -1;
-	unsigned int mask;
-
-	printf("bssid / frequency / signal level / flags / ssid\n");
-
-	mask = WPA_BSS_MASK_ID | WPA_BSS_MASK_BSSID | WPA_BSS_MASK_FREQ |
-		WPA_BSS_MASK_LEVEL | WPA_BSS_MASK_FLAGS | WPA_BSS_MASK_SSID;
-	do {
-		if (id < 0)
-			os_snprintf(cmd, sizeof(cmd), "BSS FIRST MASK=0x%x",
-				    mask);
-		else
-			os_snprintf(cmd, sizeof(cmd), "BSS NEXT-%d MASK=0x%x",
-				    id, mask);
-		id = wpa_ctrl_command_bss(ctrl, cmd);
-	} while (id >= 0);
-
-	return 0;
-}
-
-
-#ifdef CONFIG_PASN
-
-static int wpa_cli_cmd_pasn_auth_start(struct wpa_ctrl *ctrl, int argc,
-				       char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PASN_AUTH_START", 4, argc, argv);
-}
-
-
-static int wpa_cli_cmd_pasn_auth_stop(struct wpa_ctrl *ctrl, int argc,
-				      char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PASN_AUTH_STOP", 0, argc, argv);
-}
-
-static int wpa_cli_cmd_ptksa_cache_list(struct wpa_ctrl *ctrl, int argc,
-					char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PTKSA_CACHE_LIST", 0, argc, argv);
-}
-
-
-static int wpa_cli_cmd_pasn_deauth(struct wpa_ctrl *ctrl, int argc,
-				   char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "PASN_DEAUTH", 1, argc, argv);
-}
-
-#endif /* CONFIG_PASN */
-
-
-static int wpa_cli_cmd_mscs(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "MSCS", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_scs(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "SCS", 2, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dscp_resp(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DSCP_RESP", 1, argc, argv);
-}
-
-
-static int wpa_cli_cmd_dscp_query(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	return wpa_cli_cmd(ctrl, "DSCP_QUERY", 1, argc, argv);
-}
-
-
-enum wpa_cli_cmd_flags {
-	cli_cmd_flag_none		= 0x00,
-	cli_cmd_flag_sensitive		= 0x01
-};
-
-struct wpa_cli_cmd {
-	const char *cmd;
-	int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
-	char ** (*completion)(const char *str, int pos);
-	enum wpa_cli_cmd_flags flags;
-	const char *usage;
-};
-
-static const struct wpa_cli_cmd wpa_cli_commands[] = {
-	{ "status", wpa_cli_cmd_status, NULL,
-	  cli_cmd_flag_none,
-	  "[verbose] = get current WPA/EAPOL/EAP status" },
-	{ "ifname", wpa_cli_cmd_ifname, NULL,
-	  cli_cmd_flag_none,
-	  "= get current interface name" },
-	{ "ping", wpa_cli_cmd_ping, NULL,
-	  cli_cmd_flag_none,
-	  "= pings wpa_supplicant" },
-	{ "relog", wpa_cli_cmd_relog, NULL,
-	  cli_cmd_flag_none,
-	  "= re-open log-file (allow rolling logs)" },
-	{ "note", wpa_cli_cmd_note, NULL,
-	  cli_cmd_flag_none,
-	  "<text> = add a note to wpa_supplicant debug log" },
-	{ "mib", wpa_cli_cmd_mib, NULL,
-	  cli_cmd_flag_none,
-	  "= get MIB variables (dot1x, dot11)" },
-	{ "help", wpa_cli_cmd_help, wpa_cli_complete_help,
-	  cli_cmd_flag_none,
-	  "[command] = show usage help" },
-	{ "interface", wpa_cli_cmd_interface, NULL,
-	  cli_cmd_flag_none,
-	  "[ifname] = show interfaces/select interface" },
-	{ "level", wpa_cli_cmd_level, NULL,
-	  cli_cmd_flag_none,
-	  "<debug level> = change debug level" },
-	{ "license", wpa_cli_cmd_license, NULL,
-	  cli_cmd_flag_none,
-	  "= show full wpa_cli license" },
-	{ "quit", wpa_cli_cmd_quit, NULL,
-	  cli_cmd_flag_none,
-	  "= exit wpa_cli" },
-	{ "set", wpa_cli_cmd_set, wpa_cli_complete_set,
-	  cli_cmd_flag_none,
-	  "= set variables (shows list of variables when run without "
-	  "arguments)" },
-	{ "dump", wpa_cli_cmd_dump, NULL,
-	  cli_cmd_flag_none,
-	  "= dump config variables" },
-	{ "get", wpa_cli_cmd_get, wpa_cli_complete_get,
-	  cli_cmd_flag_none,
-	  "<name> = get information" },
-	{ "driver_flags", wpa_cli_cmd_driver_flags, NULL,
-	  cli_cmd_flag_none,
-	  "= list driver flags" },
-	{ "logon", wpa_cli_cmd_logon, NULL,
-	  cli_cmd_flag_none,
-	  "= IEEE 802.1X EAPOL state machine logon" },
-	{ "logoff", wpa_cli_cmd_logoff, NULL,
-	  cli_cmd_flag_none,
-	  "= IEEE 802.1X EAPOL state machine logoff" },
-	{ "pmksa", wpa_cli_cmd_pmksa, NULL,
-	  cli_cmd_flag_none,
-	  "= show PMKSA cache" },
-	{ "pmksa_flush", wpa_cli_cmd_pmksa_flush, NULL,
-	  cli_cmd_flag_none,
-	  "= flush PMKSA cache entries" },
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-	{ "pmksa_get", wpa_cli_cmd_pmksa_get, NULL,
-	  cli_cmd_flag_none,
-	  "<network_id> = fetch all stored PMKSA cache entries" },
-	{ "pmksa_add", wpa_cli_cmd_pmksa_add, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> = store PMKSA cache entry from external storage" },
-#ifdef CONFIG_MESH
-	{ "mesh_pmksa_get", wpa_cli_mesh_cmd_pmksa_get, NULL,
-	  cli_cmd_flag_none,
-	  "<peer MAC address | any> = fetch all stored mesh PMKSA cache entries" },
-	{ "mesh_pmksa_add", wpa_cli_mesh_cmd_pmksa_add, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<BSSID> <PMKID> <PMK> <expiration in seconds> = store mesh PMKSA cache entry from external storage" },
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-	{ "reassociate", wpa_cli_cmd_reassociate, NULL,
-	  cli_cmd_flag_none,
-	  "= force reassociation" },
-	{ "reattach", wpa_cli_cmd_reattach, NULL,
-	  cli_cmd_flag_none,
-	  "= force reassociation back to the same BSS" },
-	{ "preauthenticate", wpa_cli_cmd_preauthenticate, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<BSSID> = force preauthentication" },
-	{ "identity", wpa_cli_cmd_identity, wpa_cli_complete_network_id,
-	  cli_cmd_flag_none,
-	  "<network id> <identity> = configure identity for an SSID" },
-	{ "password", wpa_cli_cmd_password, wpa_cli_complete_network_id,
-	  cli_cmd_flag_sensitive,
-	  "<network id> <password> = configure password for an SSID" },
-	{ "new_password", wpa_cli_cmd_new_password,
-	  wpa_cli_complete_network_id, cli_cmd_flag_sensitive,
-	  "<network id> <password> = change password for an SSID" },
-	{ "pin", wpa_cli_cmd_pin, wpa_cli_complete_network_id,
-	  cli_cmd_flag_sensitive,
-	  "<network id> <pin> = configure pin for an SSID" },
-	{ "otp", wpa_cli_cmd_otp, wpa_cli_complete_network_id,
-	  cli_cmd_flag_sensitive,
-	  "<network id> <password> = configure one-time-password for an SSID"
-	},
-	{ "psk_passphrase", wpa_cli_cmd_psk_passphrase,
-	  wpa_cli_complete_network_id, cli_cmd_flag_sensitive,
-	  "<network id> <PSK/passphrase> = configure PSK/passphrase for an SSID" },
-	{ "passphrase", wpa_cli_cmd_passphrase, wpa_cli_complete_network_id,
-	  cli_cmd_flag_sensitive,
-	  "<network id> <passphrase> = configure private key passphrase\n"
-	  "  for an SSID" },
-	{ "sim", wpa_cli_cmd_sim, wpa_cli_complete_network_id,
-	  cli_cmd_flag_sensitive,
-	  "<network id> <pin> = report SIM operation result" },
-	{ "bssid", wpa_cli_cmd_bssid, wpa_cli_complete_network_id,
-	  cli_cmd_flag_none,
-	  "<network id> <BSSID> = set preferred BSSID for an SSID" },
-	{ "bssid_ignore", wpa_cli_cmd_bssid_ignore, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<BSSID> = add a BSSID to the list of temporarily ignored BSSs\n"
-	  "bssid_ignore clear = clear the list of temporarily ignored BSSIDs\n"
-	  "bssid_ignore = display the list of temporarily ignored BSSIDs" },
-	{ "blacklist", /* deprecated alias for bssid_ignore */
-	  wpa_cli_cmd_bssid_ignore, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "= deprecated alias for bssid_ignore" },
-	{ "log_level", wpa_cli_cmd_log_level, NULL,
-	  cli_cmd_flag_none,
-	  "<level> [<timestamp>] = update the log level/timestamp\n"
-	  "log_level = display the current log level and log options" },
-	{ "list_networks", wpa_cli_cmd_list_networks, NULL,
-	  cli_cmd_flag_none,
-	  "= list configured networks" },
-	{ "select_network", wpa_cli_cmd_select_network,
-	  wpa_cli_complete_network_id,
-	  cli_cmd_flag_none,
-	  "<network id> = select a network (disable others)" },
-	{ "enable_network", wpa_cli_cmd_enable_network,
-	  wpa_cli_complete_network_id,
-	  cli_cmd_flag_none,
-	  "<network id> = enable a network" },
-	{ "disable_network", wpa_cli_cmd_disable_network,
-	  wpa_cli_complete_network_id,
-	  cli_cmd_flag_none,
-	  "<network id> = disable a network" },
-	{ "add_network", wpa_cli_cmd_add_network, NULL,
-	  cli_cmd_flag_none,
-	  "= add a network" },
-	{ "remove_network", wpa_cli_cmd_remove_network,
-	  wpa_cli_complete_network_id,
-	  cli_cmd_flag_none,
-	  "<network id> = remove a network" },
-	{ "set_network", wpa_cli_cmd_set_network, wpa_cli_complete_network,
-	  cli_cmd_flag_sensitive,
-	  "<network id> <variable> <value> = set network variables (shows\n"
-	  "  list of variables when run without arguments)" },
-	{ "get_network", wpa_cli_cmd_get_network, wpa_cli_complete_network,
-	  cli_cmd_flag_none,
-	  "<network id> <variable> = get network variables" },
-	{ "dup_network", wpa_cli_cmd_dup_network, wpa_cli_complete_dup_network,
-	  cli_cmd_flag_none,
-	  "<src network id> <dst network id> <variable> = duplicate network variables"
-	},
-	{ "list_creds", wpa_cli_cmd_list_creds, NULL,
-	  cli_cmd_flag_none,
-	  "= list configured credentials" },
-	{ "add_cred", wpa_cli_cmd_add_cred, NULL,
-	  cli_cmd_flag_none,
-	  "= add a credential" },
-	{ "remove_cred", wpa_cli_cmd_remove_cred, NULL,
-	  cli_cmd_flag_none,
-	  "<cred id> = remove a credential" },
-	{ "set_cred", wpa_cli_cmd_set_cred, wpa_cli_complete_cred,
-	  cli_cmd_flag_sensitive,
-	  "<cred id> <variable> <value> = set credential variables" },
-	{ "get_cred", wpa_cli_cmd_get_cred, wpa_cli_complete_cred,
-	  cli_cmd_flag_none,
-	  "<cred id> <variable> = get credential variables" },
-	{ "save_config", wpa_cli_cmd_save_config, NULL,
-	  cli_cmd_flag_none,
-	  "= save the current configuration" },
-	{ "disconnect", wpa_cli_cmd_disconnect, NULL,
-	  cli_cmd_flag_none,
-	  "= disconnect and wait for reassociate/reconnect command before\n"
-	  "  connecting" },
-	{ "reconnect", wpa_cli_cmd_reconnect, NULL,
-	  cli_cmd_flag_none,
-	  "= like reassociate, but only takes effect if already disconnected"
-	},
-	{ "scan", wpa_cli_cmd_scan, NULL,
-	  cli_cmd_flag_none,
-	  "= request new BSS scan" },
-	{ "scan_results", wpa_cli_cmd_scan_results, NULL,
-	  cli_cmd_flag_none,
-	  "= get latest scan results" },
-	{ "abort_scan", wpa_cli_cmd_abort_scan, NULL,
-	  cli_cmd_flag_none,
-	  "= request ongoing scan to be aborted" },
-	{ "bss", wpa_cli_cmd_bss, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<<idx> | <bssid>> = get detailed scan result info" },
-	{ "get_capability", wpa_cli_cmd_get_capability,
-	  wpa_cli_complete_get_capability, cli_cmd_flag_none,
-	  "<eap/pairwise/group/key_mgmt/proto/auth_alg/channels/freq/modes> "
-	  "= get capabilities" },
-	{ "reconfigure", wpa_cli_cmd_reconfigure, NULL,
-	  cli_cmd_flag_none,
-	  "= force wpa_supplicant to re-read its configuration file" },
-	{ "terminate", wpa_cli_cmd_terminate, NULL,
-	  cli_cmd_flag_none,
-	  "= terminate wpa_supplicant" },
-	{ "interface_add", wpa_cli_cmd_interface_add, NULL,
-	  cli_cmd_flag_none,
-	  "<ifname> <confname> <driver> <ctrl_interface> <driver_param>\n"
-	  "  <bridge_name> <create> <type> = adds new interface, all "
-	  "parameters but\n"
-	  "  <ifname> are optional. Supported types are station ('sta') and "
-	  "AP ('ap')" },
-	{ "interface_remove", wpa_cli_cmd_interface_remove, NULL,
-	  cli_cmd_flag_none,
-	  "<ifname> = removes the interface" },
-	{ "interface_list", wpa_cli_cmd_interface_list, NULL,
-	  cli_cmd_flag_none,
-	  "= list available interfaces" },
-	{ "ap_scan", wpa_cli_cmd_ap_scan, NULL,
-	  cli_cmd_flag_none,
-	  "<value> = set ap_scan parameter" },
-	{ "scan_interval", wpa_cli_cmd_scan_interval, NULL,
-	  cli_cmd_flag_none,
-	  "<value> = set scan_interval parameter (in seconds)" },
-	{ "bss_expire_age", wpa_cli_cmd_bss_expire_age, NULL,
-	  cli_cmd_flag_none,
-	  "<value> = set BSS expiration age parameter" },
-	{ "bss_expire_count", wpa_cli_cmd_bss_expire_count, NULL,
-	  cli_cmd_flag_none,
-	  "<value> = set BSS expiration scan count parameter" },
-	{ "bss_flush", wpa_cli_cmd_bss_flush, NULL,
-	  cli_cmd_flag_none,
-	  "<value> = set BSS flush age (0 by default)" },
-	{ "ft_ds", wpa_cli_cmd_ft_ds, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<addr> = request over-the-DS FT with <addr>" },
-	{ "wps_pbc", wpa_cli_cmd_wps_pbc, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "[BSSID] = start Wi-Fi Protected Setup: Push Button Configuration" },
-	{ "wps_pin", wpa_cli_cmd_wps_pin, wpa_cli_complete_bss,
-	  cli_cmd_flag_sensitive,
-	  "<BSSID> [PIN] = start WPS PIN method (returns PIN, if not "
-	  "hardcoded)" },
-	{ "wps_check_pin", wpa_cli_cmd_wps_check_pin, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<PIN> = verify PIN checksum" },
-	{ "wps_cancel", wpa_cli_cmd_wps_cancel, NULL, cli_cmd_flag_none,
-	  "Cancels the pending WPS operation" },
-#ifdef CONFIG_WPS_NFC
-	{ "wps_nfc", wpa_cli_cmd_wps_nfc, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "[BSSID] = start Wi-Fi Protected Setup: NFC" },
-	{ "wps_nfc_config_token", wpa_cli_cmd_wps_nfc_config_token, NULL,
-	  cli_cmd_flag_none,
-	  "<WPS|NDEF> = build configuration token" },
-	{ "wps_nfc_token", wpa_cli_cmd_wps_nfc_token, NULL,
-	  cli_cmd_flag_none,
-	  "<WPS|NDEF> = create password token" },
-	{ "wps_nfc_tag_read", wpa_cli_cmd_wps_nfc_tag_read, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<hexdump of payload> = report read NFC tag with WPS data" },
-	{ "nfc_get_handover_req", wpa_cli_cmd_nfc_get_handover_req, NULL,
-	  cli_cmd_flag_none,
-	  "<NDEF> <WPS> = create NFC handover request" },
-	{ "nfc_get_handover_sel", wpa_cli_cmd_nfc_get_handover_sel, NULL,
-	  cli_cmd_flag_none,
-	  "<NDEF> <WPS> = create NFC handover select" },
-	{ "nfc_report_handover", wpa_cli_cmd_nfc_report_handover, NULL,
-	  cli_cmd_flag_none,
-	  "<role> <type> <hexdump of req> <hexdump of sel> = report completed "
-	  "NFC handover" },
-#endif /* CONFIG_WPS_NFC */
-	{ "wps_reg", wpa_cli_cmd_wps_reg, wpa_cli_complete_bss,
-	  cli_cmd_flag_sensitive,
-	  "<BSSID> <AP PIN> = start WPS Registrar to configure an AP" },
-	{ "wps_ap_pin", wpa_cli_cmd_wps_ap_pin, NULL,
-	  cli_cmd_flag_sensitive,
-	  "[params..] = enable/disable AP PIN" },
-	{ "wps_er_start", wpa_cli_cmd_wps_er_start, NULL,
-	  cli_cmd_flag_none,
-	  "[IP address] = start Wi-Fi Protected Setup External Registrar" },
-	{ "wps_er_stop", wpa_cli_cmd_wps_er_stop, NULL,
-	  cli_cmd_flag_none,
-	  "= stop Wi-Fi Protected Setup External Registrar" },
-	{ "wps_er_pin", wpa_cli_cmd_wps_er_pin, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<UUID> <PIN> = add an Enrollee PIN to External Registrar" },
-	{ "wps_er_pbc", wpa_cli_cmd_wps_er_pbc, NULL,
-	  cli_cmd_flag_none,
-	  "<UUID> = accept an Enrollee PBC using External Registrar" },
-	{ "wps_er_learn", wpa_cli_cmd_wps_er_learn, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<UUID> <PIN> = learn AP configuration" },
-	{ "wps_er_set_config", wpa_cli_cmd_wps_er_set_config, NULL,
-	  cli_cmd_flag_none,
-	  "<UUID> <network id> = set AP configuration for enrolling" },
-	{ "wps_er_config", wpa_cli_cmd_wps_er_config, NULL,
-	  cli_cmd_flag_sensitive,
-	  "<UUID> <PIN> <SSID> <auth> <encr> <key> = configure AP" },
-#ifdef CONFIG_WPS_NFC
-	{ "wps_er_nfc_config_token", wpa_cli_cmd_wps_er_nfc_config_token, NULL,
-	  cli_cmd_flag_none,
-	  "<WPS/NDEF> <UUID> = build NFC configuration token" },
-#endif /* CONFIG_WPS_NFC */
-	{ "ibss_rsn", wpa_cli_cmd_ibss_rsn, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = request RSN authentication with <addr> in IBSS" },
-#ifdef CONFIG_AP
-	{ "sta", wpa_cli_cmd_sta, wpa_cli_complete_sta,
-	  cli_cmd_flag_none,
-	  "<addr> = get information about an associated station (AP)" },
-	{ "all_sta", wpa_cli_cmd_all_sta, NULL,
-	  cli_cmd_flag_none,
-	  "= get information about all associated stations (AP)" },
-	{ "list_sta", wpa_cli_cmd_list_sta, NULL,
-	  cli_cmd_flag_none,
-	  "= list all stations (AP)" },
-	{ "deauthenticate", wpa_cli_cmd_deauthenticate,
-	  wpa_cli_complete_deauthenticate, cli_cmd_flag_none,
-	  "<addr> = deauthenticate a station" },
-	{ "disassociate", wpa_cli_cmd_disassociate,
-	  wpa_cli_complete_disassociate, cli_cmd_flag_none,
-	  "<addr> = disassociate a station" },
-	{ "chan_switch", wpa_cli_cmd_chanswitch, NULL,
-	  cli_cmd_flag_none,
-	  "<cs_count> <freq> [sec_channel_offset=] [center_freq1=]"
-	  " [center_freq2=] [bandwidth=] [blocktx] [ht|vht]"
-	  " = CSA parameters" },
-	{ "update_beacon", wpa_cli_cmd_update_beacon, NULL,
-	  cli_cmd_flag_none,
-	  "= update Beacon frame contents"},
-#endif /* CONFIG_AP */
-	{ "suspend", wpa_cli_cmd_suspend, NULL, cli_cmd_flag_none,
-	  "= notification of suspend/hibernate" },
-	{ "resume", wpa_cli_cmd_resume, NULL, cli_cmd_flag_none,
-	  "= notification of resume/thaw" },
-#ifdef CONFIG_TESTING_OPTIONS
-	{ "drop_sa", wpa_cli_cmd_drop_sa, NULL, cli_cmd_flag_none,
-	  "= drop SA without deauth/disassoc (test command)" },
-#endif /* CONFIG_TESTING_OPTIONS */
-	{ "roam", wpa_cli_cmd_roam, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<addr> = roam to the specified BSS" },
-#ifdef CONFIG_MESH
-	{ "mesh_interface_add", wpa_cli_cmd_mesh_interface_add, NULL,
-	  cli_cmd_flag_none,
-	  "[ifname] = Create a new mesh interface" },
-	{ "mesh_group_add", wpa_cli_cmd_mesh_group_add, NULL,
-	  cli_cmd_flag_none,
-	  "<network id> = join a mesh network (disable others)" },
-	{ "mesh_group_remove", wpa_cli_cmd_mesh_group_remove, NULL,
-	  cli_cmd_flag_none,
-	  "<ifname> = Remove mesh group interface" },
-	{ "mesh_peer_remove", wpa_cli_cmd_mesh_peer_remove, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = Remove a mesh peer" },
-	{ "mesh_peer_add", wpa_cli_cmd_mesh_peer_add, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> [duration=<seconds>] = Add a mesh peer" },
-	{ "mesh_link_probe", wpa_cli_cmd_mesh_link_probe, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> [payload=<hex dump of payload>] = Probe a mesh link for a given peer by injecting a frame." },
-#endif /* CONFIG_MESH */
-#ifdef CONFIG_P2P
-	{ "p2p_find", wpa_cli_cmd_p2p_find, wpa_cli_complete_p2p_find,
-	  cli_cmd_flag_none,
-	  "[timeout] [type=*] = find P2P Devices for up-to timeout seconds" },
-	{ "p2p_stop_find", wpa_cli_cmd_p2p_stop_find, NULL, cli_cmd_flag_none,
-	  "= stop P2P Devices search" },
-	{ "p2p_asp_provision", wpa_cli_cmd_p2p_asp_provision, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> adv_id=<adv_id> conncap=<conncap> [info=<infodata>] = provision with a P2P ASP Device" },
-	{ "p2p_asp_provision_resp", wpa_cli_cmd_p2p_asp_provision_resp, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> adv_id=<adv_id> [role<conncap>] [info=<infodata>] = provision with a P2P ASP Device" },
-	{ "p2p_connect", wpa_cli_cmd_p2p_connect, wpa_cli_complete_p2p_connect,
-	  cli_cmd_flag_none,
-	  "<addr> <\"pbc\"|PIN> [ht40] = connect to a P2P Device" },
-	{ "p2p_listen", wpa_cli_cmd_p2p_listen, NULL, cli_cmd_flag_none,
-	  "[timeout] = listen for P2P Devices for up-to timeout seconds" },
-	{ "p2p_group_remove", wpa_cli_cmd_p2p_group_remove,
-	  wpa_cli_complete_p2p_group_remove, cli_cmd_flag_none,
-	  "<ifname> = remove P2P group interface (terminate group if GO)" },
-	{ "p2p_group_add", wpa_cli_cmd_p2p_group_add, NULL, cli_cmd_flag_none,
-	  "[ht40] = add a new P2P group (local end as GO)" },
-	{ "p2p_group_member", wpa_cli_cmd_p2p_group_member, NULL,
-	  cli_cmd_flag_none,
-	  "<dev_addr> = Get peer interface address on local GO using peer Device Address" },
-	{ "p2p_prov_disc", wpa_cli_cmd_p2p_prov_disc,
-	  wpa_cli_complete_p2p_peer, cli_cmd_flag_none,
-	  "<addr> <method> = request provisioning discovery" },
-	{ "p2p_get_passphrase", wpa_cli_cmd_p2p_get_passphrase, NULL,
-	  cli_cmd_flag_none,
-	  "= get the passphrase for a group (GO only)" },
-	{ "p2p_serv_disc_req", wpa_cli_cmd_p2p_serv_disc_req,
-	  wpa_cli_complete_p2p_peer, cli_cmd_flag_none,
-	  "<addr> <TLVs> = schedule service discovery request" },
-	{ "p2p_serv_disc_cancel_req", wpa_cli_cmd_p2p_serv_disc_cancel_req,
-	  NULL, cli_cmd_flag_none,
-	  "<id> = cancel pending service discovery request" },
-	{ "p2p_serv_disc_resp", wpa_cli_cmd_p2p_serv_disc_resp, NULL,
-	  cli_cmd_flag_none,
-	  "<freq> <addr> <dialog token> <TLVs> = service discovery response" },
-	{ "p2p_service_update", wpa_cli_cmd_p2p_service_update, NULL,
-	  cli_cmd_flag_none,
-	  "= indicate change in local services" },
-	{ "p2p_serv_disc_external", wpa_cli_cmd_p2p_serv_disc_external, NULL,
-	  cli_cmd_flag_none,
-	  "<external> = set external processing of service discovery" },
-	{ "p2p_service_flush", wpa_cli_cmd_p2p_service_flush, NULL,
-	  cli_cmd_flag_none,
-	  "= remove all stored service entries" },
-	{ "p2p_service_add", wpa_cli_cmd_p2p_service_add, NULL,
-	  cli_cmd_flag_none,
-	  "<bonjour|upnp|asp> <query|version> <response|service> = add a local "
-	  "service" },
-	{ "p2p_service_rep", wpa_cli_cmd_p2p_service_rep, NULL,
-	  cli_cmd_flag_none,
-	  "asp <auto> <adv_id> <svc_state> <svc_string> [<svc_info>] = replace "
-	  "local ASP service" },
-	{ "p2p_service_del", wpa_cli_cmd_p2p_service_del, NULL,
-	  cli_cmd_flag_none,
-	  "<bonjour|upnp> <query|version> [|service] = remove a local "
-	  "service" },
-	{ "p2p_reject", wpa_cli_cmd_p2p_reject, wpa_cli_complete_p2p_peer,
-	  cli_cmd_flag_none,
-	  "<addr> = reject connection attempts from a specific peer" },
-	{ "p2p_invite", wpa_cli_cmd_p2p_invite, NULL,
-	  cli_cmd_flag_none,
-	  "<cmd> [peer=addr] = invite peer" },
-	{ "p2p_peers", wpa_cli_cmd_p2p_peers, NULL, cli_cmd_flag_none,
-	  "[discovered] = list known (optionally, only fully discovered) P2P "
-	  "peers" },
-	{ "p2p_peer", wpa_cli_cmd_p2p_peer, wpa_cli_complete_p2p_peer,
-	  cli_cmd_flag_none,
-	  "<address> = show information about known P2P peer" },
-	{ "p2p_set", wpa_cli_cmd_p2p_set, wpa_cli_complete_p2p_set,
-	  cli_cmd_flag_none,
-	  "<field> <value> = set a P2P parameter" },
-	{ "p2p_flush", wpa_cli_cmd_p2p_flush, NULL, cli_cmd_flag_none,
-	  "= flush P2P state" },
-	{ "p2p_cancel", wpa_cli_cmd_p2p_cancel, NULL, cli_cmd_flag_none,
-	  "= cancel P2P group formation" },
-	{ "p2p_unauthorize", wpa_cli_cmd_p2p_unauthorize,
-	  wpa_cli_complete_p2p_peer, cli_cmd_flag_none,
-	  "<address> = unauthorize a peer" },
-	{ "p2p_presence_req", wpa_cli_cmd_p2p_presence_req, NULL,
-	  cli_cmd_flag_none,
-	  "[<duration> <interval>] [<duration> <interval>] = request GO "
-	  "presence" },
-	{ "p2p_ext_listen", wpa_cli_cmd_p2p_ext_listen, NULL,
-	  cli_cmd_flag_none,
-	  "[<period> <interval>] = set extended listen timing" },
-	{ "p2p_remove_client", wpa_cli_cmd_p2p_remove_client,
-	  wpa_cli_complete_p2p_peer, cli_cmd_flag_none,
-	  "<address|iface=address> = remove a peer from all groups" },
-#endif /* CONFIG_P2P */
-	{ "vendor_elem_add", wpa_cli_cmd_vendor_elem_add, NULL,
-	  cli_cmd_flag_none,
-	  "<frame id> <hexdump of elem(s)> = add vendor specific IEs to frame(s)\n"
-	  VENDOR_ELEM_FRAME_ID },
-	{ "vendor_elem_get", wpa_cli_cmd_vendor_elem_get, NULL,
-	  cli_cmd_flag_none,
-	  "<frame id> = get vendor specific IE(s) to frame(s)\n"
-	  VENDOR_ELEM_FRAME_ID },
-	{ "vendor_elem_remove", wpa_cli_cmd_vendor_elem_remove, NULL,
-	  cli_cmd_flag_none,
-	  "<frame id> <hexdump of elem(s)> = remove vendor specific IE(s) in frame(s)\n"
-	  VENDOR_ELEM_FRAME_ID },
-#ifdef CONFIG_WIFI_DISPLAY
-	{ "wfd_subelem_set", wpa_cli_cmd_wfd_subelem_set, NULL,
-	  cli_cmd_flag_none,
-	  "<subelem> [contents] = set Wi-Fi Display subelement" },
-	{ "wfd_subelem_get", wpa_cli_cmd_wfd_subelem_get, NULL,
-	  cli_cmd_flag_none,
-	  "<subelem> = get Wi-Fi Display subelement" },
-#endif /* CONFIG_WIFI_DISPLAY */
-#ifdef CONFIG_INTERWORKING
-	{ "fetch_anqp", wpa_cli_cmd_fetch_anqp, NULL, cli_cmd_flag_none,
-	  "= fetch ANQP information for all APs" },
-	{ "stop_fetch_anqp", wpa_cli_cmd_stop_fetch_anqp, NULL,
-	  cli_cmd_flag_none,
-	  "= stop fetch_anqp operation" },
-	{ "interworking_select", wpa_cli_cmd_interworking_select, NULL,
-	  cli_cmd_flag_none,
-	  "[auto] = perform Interworking network selection" },
-	{ "interworking_connect", wpa_cli_cmd_interworking_connect,
-	  wpa_cli_complete_bss, cli_cmd_flag_none,
-	  "<BSSID> = connect using Interworking credentials" },
-	{ "interworking_add_network", wpa_cli_cmd_interworking_add_network,
-	  wpa_cli_complete_bss, cli_cmd_flag_none,
-	  "<BSSID> = connect using Interworking credentials" },
-	{ "anqp_get", wpa_cli_cmd_anqp_get, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<addr> <info id>[,<info id>]... = request ANQP information" },
-	{ "gas_request", wpa_cli_cmd_gas_request, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<addr> <AdvProtoID> [QueryReq] = GAS request" },
-	{ "gas_response_get", wpa_cli_cmd_gas_response_get,
-	  wpa_cli_complete_bss, cli_cmd_flag_none,
-	  "<addr> <dialog token> [start,len] = Fetch last GAS response" },
-#endif /* CONFIG_INTERWORKING */
-#ifdef CONFIG_HS20
-	{ "hs20_anqp_get", wpa_cli_cmd_hs20_anqp_get, wpa_cli_complete_bss,
-	  cli_cmd_flag_none,
-	  "<addr> <subtype>[,<subtype>]... = request HS 2.0 ANQP information"
-	},
-	{ "nai_home_realm_list", wpa_cli_cmd_get_nai_home_realm_list,
-	  wpa_cli_complete_bss, cli_cmd_flag_none,
-	  "<addr> <home realm> = get HS20 nai home realm list" },
-	{ "hs20_icon_request", wpa_cli_cmd_hs20_icon_request,
-	  wpa_cli_complete_bss, cli_cmd_flag_none,
-	  "<addr> <icon name> = get Hotspot 2.0 OSU icon" },
-	{ "fetch_osu", wpa_cli_cmd_fetch_osu, NULL, cli_cmd_flag_none,
-	  "= fetch OSU provider information from all APs" },
-	{ "cancel_fetch_osu", wpa_cli_cmd_cancel_fetch_osu, NULL,
-	  cli_cmd_flag_none,
-	  "= cancel fetch_osu command" },
-#endif /* CONFIG_HS20 */
-	{ "sta_autoconnect", wpa_cli_cmd_sta_autoconnect, NULL,
-	  cli_cmd_flag_none,
-	  "<0/1> = disable/enable automatic reconnection" },
-	{ "tdls_discover", wpa_cli_cmd_tdls_discover, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = request TDLS discovery with <addr>" },
-	{ "tdls_setup", wpa_cli_cmd_tdls_setup, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = request TDLS setup with <addr>" },
-	{ "tdls_teardown", wpa_cli_cmd_tdls_teardown, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = tear down TDLS with <addr>" },
-	{ "tdls_link_status", wpa_cli_cmd_tdls_link_status, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = TDLS link status with <addr>" },
-	{ "wmm_ac_addts", wpa_cli_cmd_wmm_ac_addts, NULL,
-	  cli_cmd_flag_none,
-	  "<uplink/downlink/bidi> <tsid=0..7> <up=0..7> [nominal_msdu_size=#] "
-	  "[mean_data_rate=#] [min_phy_rate=#] [sba=#] [fixed_nominal_msdu] "
-	  "= add WMM-AC traffic stream" },
-	{ "wmm_ac_delts", wpa_cli_cmd_wmm_ac_delts, NULL,
-	  cli_cmd_flag_none,
-	  "<tsid> = delete WMM-AC traffic stream" },
-	{ "wmm_ac_status", wpa_cli_cmd_wmm_ac_status, NULL,
-	  cli_cmd_flag_none,
-	  "= show status for Wireless Multi-Media Admission-Control" },
-	{ "tdls_chan_switch", wpa_cli_cmd_tdls_chan_switch, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> <oper class> <freq> [sec_channel_offset=] [center_freq1=] "
-	  "[center_freq2=] [bandwidth=] [ht|vht] = enable channel switching "
-	  "with TDLS peer" },
-	{ "tdls_cancel_chan_switch", wpa_cli_cmd_tdls_cancel_chan_switch, NULL,
-	  cli_cmd_flag_none,
-	  "<addr> = disable channel switching with TDLS peer <addr>" },
-	{ "signal_poll", wpa_cli_cmd_signal_poll, NULL,
-	  cli_cmd_flag_none,
-	  "= get signal parameters" },
-	{ "signal_monitor", wpa_cli_cmd_signal_monitor, NULL,
-	  cli_cmd_flag_none,
-	  "= set signal monitor parameters" },
-	{ "pktcnt_poll", wpa_cli_cmd_pktcnt_poll, NULL,
-	  cli_cmd_flag_none,
-	  "= get TX/RX packet counters" },
-	{ "reauthenticate", wpa_cli_cmd_reauthenticate, NULL,
-	  cli_cmd_flag_none,
-	  "= trigger IEEE 802.1X/EAPOL reauthentication" },
-#ifdef CONFIG_AUTOSCAN
-	{ "autoscan", wpa_cli_cmd_autoscan, NULL, cli_cmd_flag_none,
-	  "[params] = Set or unset (if none) autoscan parameters" },
-#endif /* CONFIG_AUTOSCAN */
-#ifdef CONFIG_WNM
-	{ "wnm_sleep", wpa_cli_cmd_wnm_sleep, NULL, cli_cmd_flag_none,
-	  "<enter/exit> [interval=#] = enter/exit WNM-Sleep mode" },
-	{ "wnm_bss_query", wpa_cli_cmd_wnm_bss_query, NULL, cli_cmd_flag_none,
-	  "<query reason> [list]"
-	  " [neighbor=<BSSID>,<BSSID information>,<operating class>,<channel number>,<PHY type>[,<hexdump of optional subelements>]"
-	  " = Send BSS Transition Management Query" },
-#endif /* CONFIG_WNM */
-	{ "raw", wpa_cli_cmd_raw, NULL, cli_cmd_flag_sensitive,
-	  "<params..> = Sent unprocessed command" },
-	{ "flush", wpa_cli_cmd_flush, NULL, cli_cmd_flag_none,
-	  "= flush wpa_supplicant state" },
-#ifdef ANDROID
-	{ "driver", wpa_cli_cmd_driver, NULL, cli_cmd_flag_none,
-	  "<command> = driver private commands" },
-#endif /* ANDROID */
-	{ "radio_work", wpa_cli_cmd_radio_work, NULL, cli_cmd_flag_none,
-	  "= radio_work <show/add/done>" },
-	{ "vendor", wpa_cli_cmd_vendor, NULL, cli_cmd_flag_none,
-	  "<vendor id> <command id> [<hex formatted command argument>] = Send vendor command"
-	},
-	{ "neighbor_rep_request",
-	  wpa_cli_cmd_neighbor_rep_request, NULL, cli_cmd_flag_none,
-	  "[ssid=<SSID>] [lci] [civic] = Trigger request to AP for neighboring AP report (with optional given SSID in hex or enclosed in double quotes, default: current SSID; with optional LCI and location civic request)"
-	},
-	{ "twt_setup",
-	  wpa_cli_cmd_twt_setup, NULL, cli_cmd_flag_none,
-	  "[dialog=<token>] [exponent=<exponent>] [mantissa=<mantissa>] [min_twt=<Min TWT>] [setup_cmd=<setup-cmd>] [twt=<u64>] [requestor=0|1] [trigger=0|1] [implicit=0|1] [flow_type=0|1] [flow_id=<3-bit-id>] [protection=0|1] [twt_channel=<twt chanel id>] [control=<control-u8>] = Send TWT Setup frame"
-	},
-	{ "twt_teardown",
-	  wpa_cli_cmd_twt_teardown, NULL, cli_cmd_flag_none,
-	  "[flags=<value>] = Send TWT Teardown frame"
-	},
-	{ "erp_flush", wpa_cli_cmd_erp_flush, NULL, cli_cmd_flag_none,
-	  "= flush ERP keys" },
-	{ "mac_rand_scan",
-	  wpa_cli_cmd_mac_rand_scan, NULL, cli_cmd_flag_none,
-	  "<scan|sched|pno|all> enable=<0/1> [addr=mac-address "
-	  "mask=mac-address-mask] = scan MAC randomization"
-	},
-	{ "get_pref_freq_list", wpa_cli_cmd_get_pref_freq_list, NULL,
-	  cli_cmd_flag_none,
-	  "<interface type> = retrieve preferred freq list for the specified interface type" },
-	{ "p2p_lo_start", wpa_cli_cmd_p2p_lo_start, NULL,
-	  cli_cmd_flag_none,
-	  "<freq> <period> <interval> <count> = start P2P listen offload" },
-	{ "p2p_lo_stop", wpa_cli_cmd_p2p_lo_stop, NULL,
-	  cli_cmd_flag_none,
-	  "= stop P2P listen offload" },
-#ifdef CONFIG_DPP
-	{ "dpp_qr_code", wpa_cli_cmd_dpp_qr_code, NULL, cli_cmd_flag_none,
-	  "report a scanned DPP URI from a QR Code" },
-	{ "dpp_bootstrap_gen", wpa_cli_cmd_dpp_bootstrap_gen, NULL,
-	  cli_cmd_flag_sensitive,
-	  "type=<qrcode> [chan=..] [mac=..] [info=..] [curve=..] [key=..] = generate DPP bootstrap information" },
-	{ "dpp_bootstrap_remove", wpa_cli_cmd_dpp_bootstrap_remove, NULL,
-	  cli_cmd_flag_none,
-	  "*|<id> = remove DPP bootstrap information" },
-	{ "dpp_bootstrap_get_uri", wpa_cli_cmd_dpp_bootstrap_get_uri, NULL,
-	  cli_cmd_flag_none,
-	  "<id> = get DPP bootstrap URI" },
-	{ "dpp_bootstrap_info", wpa_cli_cmd_dpp_bootstrap_info, NULL,
-	  cli_cmd_flag_none,
-	  "<id> = show DPP bootstrap information" },
-	{ "dpp_bootstrap_set", wpa_cli_cmd_dpp_bootstrap_set, NULL,
-	  cli_cmd_flag_none,
-	  "<id> [conf=..] [ssid=<SSID>] [ssid_charset=#] [psk=<PSK>] [pass=<passphrase>] [configurator=<id>] [conn_status=#] [akm_use_selector=<0|1>] [group_id=..] [expiry=#] [csrattrs=..] = set DPP configurator parameters" },
-	{ "dpp_auth_init", wpa_cli_cmd_dpp_auth_init, NULL, cli_cmd_flag_none,
-	  "peer=<id> [own=<id>] = initiate DPP bootstrapping" },
-	{ "dpp_listen", wpa_cli_cmd_dpp_listen, NULL, cli_cmd_flag_none,
-	  "<freq in MHz> = start DPP listen" },
-	{ "dpp_stop_listen", wpa_cli_cmd_dpp_stop_listen, NULL,
-	  cli_cmd_flag_none,
-	  "= stop DPP listen" },
-	{ "dpp_configurator_add", wpa_cli_cmd_dpp_configurator_add, NULL,
-	  cli_cmd_flag_sensitive,
-	  "[curve=..] [key=..] = add DPP configurator" },
-	{ "dpp_configurator_remove", wpa_cli_cmd_dpp_configurator_remove, NULL,
-	  cli_cmd_flag_none,
-	  "*|<id> = remove DPP configurator" },
-	{ "dpp_configurator_get_key", wpa_cli_cmd_dpp_configurator_get_key,
-	  NULL, cli_cmd_flag_none,
-	  "<id> = Get DPP configurator's private key" },
-	{ "dpp_configurator_sign", wpa_cli_cmd_dpp_configurator_sign, NULL,
-	  cli_cmd_flag_none,
-	  "conf=<role> configurator=<id> = generate self DPP configuration" },
-	{ "dpp_pkex_add", wpa_cli_cmd_dpp_pkex_add, NULL,
-	  cli_cmd_flag_sensitive,
-	  "add PKEX code" },
-	{ "dpp_pkex_remove", wpa_cli_cmd_dpp_pkex_remove, NULL,
-	  cli_cmd_flag_none,
-	  "*|<id> = remove DPP pkex information" },
-#ifdef CONFIG_DPP2
-	{ "dpp_controller_start", wpa_cli_cmd_dpp_controller_start, NULL,
-	  cli_cmd_flag_none,
-	  "[tcp_port=<port>] [role=..] = start DPP controller" },
-	{ "dpp_controller_stop", wpa_cli_cmd_dpp_controller_stop, NULL,
-	  cli_cmd_flag_none,
-	  "= stop DPP controller" },
-	{ "dpp_chirp", wpa_cli_cmd_dpp_chirp, NULL,
-	  cli_cmd_flag_none,
-	  "own=<BI ID> iter=<count> = start DPP chirp" },
-	{ "dpp_stop_chirp", wpa_cli_cmd_dpp_stop_chirp, NULL,
-	  cli_cmd_flag_none,
-	  "= stop DPP chirp" },
-#endif /* CONFIG_DPP2 */
-#endif /* CONFIG_DPP */
-	{ "all_bss", wpa_cli_cmd_all_bss, NULL, cli_cmd_flag_none,
-	  "= list all BSS entries (scan results)" },
-#ifdef CONFIG_PASN
-	{ "pasn_auth_start", wpa_cli_cmd_pasn_auth_start, NULL,
-	  cli_cmd_flag_none,
-	  "bssid=<BSSID> akmp=<WPA key mgmt> cipher=<WPA cipher> group=<group> nid=<network id> = Start PASN authentication" },
-	{ "pasn_auth_stop", wpa_cli_cmd_pasn_auth_stop, NULL,
-	  cli_cmd_flag_none,
-	  "= Stop PASN authentication" },
-	{ "ptksa_cache_list", wpa_cli_cmd_ptksa_cache_list, NULL,
-	  cli_cmd_flag_none,
-	  "= Get the PTKSA Cache" },
-	{ "pasn_deauth", wpa_cli_cmd_pasn_deauth, NULL,
-	  cli_cmd_flag_none,
-	  "bssid=<BSSID> = Remove PASN PTKSA state" },
-#endif /* CONFIG_PASN */
-	{ "mscs", wpa_cli_cmd_mscs, NULL,
-	  cli_cmd_flag_none,
-	  "<add|remove|change> [up_bitmap=<hex byte>] [up_limit=<integer>] [stream_timeout=<in TUs>] [frame_classifier=<hex bytes>] = Configure MSCS request" },
-	{ "scs", wpa_cli_cmd_scs, NULL,
-	  cli_cmd_flag_none,
-	  "[scs_id=<decimal number>] <add|remove|change> [scs_up=<0-7>] [classifier_type=<4|10>] [classifier params based on classifier type] [tclas_processing=<0|1>] [scs_id=<decimal number>] ... = Send SCS request" },
-	{ "dscp_resp", wpa_cli_cmd_dscp_resp, NULL,
-	  cli_cmd_flag_none,
-	  "<[reset]>/<[solicited] [policy_id=1 status=0...]> [more] = Send DSCP response" },
-	{ "dscp_query", wpa_cli_cmd_dscp_query, NULL,
-	  cli_cmd_flag_none,
-	  "wildcard/domain_name=<string> = Send DSCP Query" },
-	{ NULL, NULL, NULL, cli_cmd_flag_none, NULL }
-};
-
-
-/*
- * Prints command usage, lines are padded with the specified string.
- */
-static void print_cmd_help(const struct wpa_cli_cmd *cmd, const char *pad)
-{
-	char c;
-	size_t n;
-
-	printf("%s%s ", pad, cmd->cmd);
-	for (n = 0; (c = cmd->usage[n]); n++) {
-		printf("%c", c);
-		if (c == '\n')
-			printf("%s", pad);
-	}
-	printf("\n");
-}
-
-
-static void print_help(const char *cmd)
-{
-	int n;
-	printf("commands:\n");
-	for (n = 0; wpa_cli_commands[n].cmd; n++) {
-		if (cmd == NULL || str_starts(wpa_cli_commands[n].cmd, cmd))
-			print_cmd_help(&wpa_cli_commands[n], "  ");
-	}
-}
-
-
-static int wpa_cli_edit_filter_history_cb(void *ctx, const char *cmd)
-{
-	const char *c, *delim;
-	int n;
-	size_t len;
-
-	delim = os_strchr(cmd, ' ');
-	if (delim)
-		len = delim - cmd;
-	else
-		len = os_strlen(cmd);
-
-	for (n = 0; (c = wpa_cli_commands[n].cmd); n++) {
-		if (os_strncasecmp(cmd, c, len) == 0 && len == os_strlen(c))
-			return (wpa_cli_commands[n].flags &
-				cli_cmd_flag_sensitive);
-	}
-	return 0;
-}
-
-
-static char ** wpa_list_cmd_list(void)
-{
-	char **res;
-	int i, count;
-	struct cli_txt_entry *e;
-
-	count = ARRAY_SIZE(wpa_cli_commands);
-	count += dl_list_len(&p2p_groups);
-	count += dl_list_len(&ifnames);
-	res = os_calloc(count + 1, sizeof(char *));
-	if (res == NULL)
-		return NULL;
-
-	for (i = 0; wpa_cli_commands[i].cmd; i++) {
-		res[i] = os_strdup(wpa_cli_commands[i].cmd);
-		if (res[i] == NULL)
-			break;
-	}
-
-	dl_list_for_each(e, &p2p_groups, struct cli_txt_entry, list) {
-		size_t len = 8 + os_strlen(e->txt);
-		res[i] = os_malloc(len);
-		if (res[i] == NULL)
-			break;
-		os_snprintf(res[i], len, "ifname=%s", e->txt);
-		i++;
-	}
-
-	dl_list_for_each(e, &ifnames, struct cli_txt_entry, list) {
-		res[i] = os_strdup(e->txt);
-		if (res[i] == NULL)
-			break;
-		i++;
-	}
-
-	return res;
-}
-
-
-static char ** wpa_cli_cmd_completion(const char *cmd, const char *str,
-				      int pos)
-{
-	int i;
-
-	for (i = 0; wpa_cli_commands[i].cmd; i++) {
-		if (os_strcasecmp(wpa_cli_commands[i].cmd, cmd) == 0) {
-			if (wpa_cli_commands[i].completion)
-				return wpa_cli_commands[i].completion(str,
-								      pos);
-			edit_clear_line();
-			printf("\r%s\n", wpa_cli_commands[i].usage);
-			edit_redraw();
-			break;
-		}
-	}
-
-	return NULL;
-}
-
-
-static char ** wpa_cli_edit_completion_cb(void *ctx, const char *str, int pos)
-{
-	char **res;
-	const char *end;
-	char *cmd;
-
-	if (pos > 7 && os_strncasecmp(str, "IFNAME=", 7) == 0) {
-		end = os_strchr(str, ' ');
-		if (end && pos > end - str) {
-			pos -= end - str + 1;
-			str = end + 1;
-		}
-	}
-
-	end = os_strchr(str, ' ');
-	if (end == NULL || str + pos < end)
-		return wpa_list_cmd_list();
-
-	cmd = os_malloc(pos + 1);
-	if (cmd == NULL)
-		return NULL;
-	os_memcpy(cmd, str, pos);
-	cmd[end - str] = '\0';
-	res = wpa_cli_cmd_completion(cmd, str, pos);
-	os_free(cmd);
-	return res;
-}
-
-
-static int wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[])
-{
-	const struct wpa_cli_cmd *cmd, *match = NULL;
-	int count;
-	int ret = 0;
-
-	if (argc > 1 && os_strncasecmp(argv[0], "IFNAME=", 7) == 0) {
-		ifname_prefix = argv[0] + 7;
-		argv = &argv[1];
-		argc--;
-	} else
-		ifname_prefix = NULL;
-
-	if (argc == 0)
-		return -1;
-
-	count = 0;
-	cmd = wpa_cli_commands;
-	while (cmd->cmd) {
-		if (os_strncasecmp(cmd->cmd, argv[0], os_strlen(argv[0])) == 0)
-		{
-			match = cmd;
-			if (os_strcasecmp(cmd->cmd, argv[0]) == 0) {
-				/* we have an exact match */
-				count = 1;
-				break;
-			}
-			count++;
-		}
-		cmd++;
-	}
-
-	if (count > 1) {
-		printf("Ambiguous command '%s'; possible commands:", argv[0]);
-		cmd = wpa_cli_commands;
-		while (cmd->cmd) {
-			if (os_strncasecmp(cmd->cmd, argv[0],
-					   os_strlen(argv[0])) == 0) {
-				printf(" %s", cmd->cmd);
-			}
-			cmd++;
-		}
-		printf("\n");
-		ret = 1;
-	} else if (count == 0) {
-		printf("Unknown command '%s'\n", argv[0]);
-		ret = 1;
-	} else {
-		ret = match->handler(ctrl, argc - 1, &argv[1]);
-	}
-
-	return ret;
-}
-
-
-static int wpa_cli_exec(const char *program, const char *arg1,
-			const char *arg2)
-{
-	char *arg;
-	size_t len;
-	int res;
-
-	/* If no interface is specified, set the global */
-	if (!arg1)
-		arg1 = "global";
-
-	len = os_strlen(arg1) + os_strlen(arg2) + 2;
-	arg = os_malloc(len);
-	if (arg == NULL)
-		return -1;
-	os_snprintf(arg, len, "%s %s", arg1, arg2);
-	res = os_exec(program, arg, 1);
-	os_free(arg);
-
-	return res;
-}
-
-
-static void wpa_cli_action_process(const char *msg)
-{
-	const char *pos;
-	char *copy = NULL, *id, *pos2;
-	const char *ifname = ctrl_ifname;
-	char ifname_buf[100];
-
-	if (eloop_terminated())
-		return;
-
-	pos = msg;
-	if (os_strncmp(pos, "IFNAME=", 7) == 0) {
-		const char *end;
-		end = os_strchr(pos + 7, ' ');
-		if (end && (unsigned int) (end - pos) < sizeof(ifname_buf)) {
-			pos += 7;
-			os_memcpy(ifname_buf, pos, end - pos);
-			ifname_buf[end - pos] = '\0';
-			ifname = ifname_buf;
-			pos = end + 1;
-		}
-	}
-	if (*pos == '<') {
-		const char *prev = pos;
-		/* skip priority */
-		pos = os_strchr(pos, '>');
-		if (pos)
-			pos++;
-		else
-			pos = prev;
-	}
-
-	if (str_starts(pos, WPA_EVENT_CONNECTED)) {
-		int new_id = -1;
-		os_unsetenv("WPA_ID");
-		os_unsetenv("WPA_ID_STR");
-		os_unsetenv("WPA_CTRL_DIR");
-
-		pos = os_strstr(pos, "[id=");
-		if (pos)
-			copy = os_strdup(pos + 4);
-
-		if (copy) {
-			pos2 = id = copy;
-			while (*pos2 && *pos2 != ' ')
-				pos2++;
-			*pos2++ = '\0';
-			new_id = atoi(id);
-			os_setenv("WPA_ID", id, 1);
-			while (*pos2 && *pos2 != '=')
-				pos2++;
-			if (*pos2 == '=')
-				pos2++;
-			id = pos2;
-			while (*pos2 && *pos2 != ']')
-				pos2++;
-			*pos2 = '\0';
-			os_setenv("WPA_ID_STR", id, 1);
-			os_free(copy);
-		}
-
-		os_setenv("WPA_CTRL_DIR", ctrl_iface_dir, 1);
-
-		if (wpa_cli_connected <= 0 || new_id != wpa_cli_last_id) {
-			wpa_cli_connected = 1;
-			wpa_cli_last_id = new_id;
-			wpa_cli_exec(action_file, ifname, "CONNECTED");
-		}
-	} else if (str_starts(pos, WPA_EVENT_DISCONNECTED)) {
-		if (wpa_cli_connected) {
-			wpa_cli_connected = 0;
-			wpa_cli_exec(action_file, ifname, "DISCONNECTED");
-		}
-	} else if (str_starts(pos, WPA_EVENT_CHANNEL_SWITCH_STARTED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, AP_EVENT_ENABLED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, AP_EVENT_DISABLED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, MESH_GROUP_STARTED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, MESH_GROUP_REMOVED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, MESH_PEER_CONNECTED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, MESH_PEER_DISCONNECTED)) {
-		wpa_cli_exec(action_file, ctrl_ifname, pos);
-	} else if (str_starts(pos, P2P_EVENT_GROUP_STARTED)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, P2P_EVENT_GROUP_REMOVED)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, P2P_EVENT_CROSS_CONNECT_ENABLE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, P2P_EVENT_CROSS_CONNECT_DISABLE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, P2P_EVENT_GO_NEG_FAILURE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_SUCCESS)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_ACTIVE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_OVERLAP)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_PIN_ACTIVE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_CANCEL)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_TIMEOUT)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPS_EVENT_FAIL)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, AP_STA_CONNECTED)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, AP_STA_DISCONNECTED)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, ESS_DISASSOC_IMMINENT)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, HS20_SUBSCRIPTION_REMEDIATION)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, HS20_DEAUTH_IMMINENT_NOTICE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, HS20_T_C_ACCEPTANCE)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_CONF_RECEIVED)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_CONFOBJ_AKM)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_CONFOBJ_SSID)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_CONNECTOR)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_CONFOBJ_PASS)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_CONFOBJ_PSK)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_C_SIGN_KEY)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, DPP_EVENT_NET_ACCESS_KEY)) {
-		wpa_cli_exec(action_file, ifname, pos);
-	} else if (str_starts(pos, WPA_EVENT_TERMINATING)) {
-		printf("wpa_supplicant is terminating - stop monitoring\n");
-		if (!reconnect)
-			wpa_cli_quit = 1;
-	}
-}
-
-
-#ifndef CONFIG_ANSI_C_EXTRA
-static void wpa_cli_action_cb(char *msg, size_t len)
-{
-	wpa_cli_action_process(msg);
-}
-#endif /* CONFIG_ANSI_C_EXTRA */
-
-
-static int wpa_cli_open_global_ctrl(void)
-{
-#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
-	ctrl_conn = wpa_ctrl_open(NULL);
-#else /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-	ctrl_conn = wpa_ctrl_open(global);
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-	if (!ctrl_conn) {
-		fprintf(stderr,
-			"Failed to connect to wpa_supplicant global interface: %s  error: %s\n",
-			global, strerror(errno));
-		return -1;
-	}
-
-	if (interactive) {
-		update_ifnames(ctrl_conn);
-		mon_conn = wpa_ctrl_open(global);
-		if (mon_conn) {
-			if (wpa_ctrl_attach(mon_conn) == 0) {
-				wpa_cli_attached = 1;
-				eloop_register_read_sock(
-					wpa_ctrl_get_fd(mon_conn),
-					wpa_cli_mon_receive,
-					NULL, NULL);
-			} else {
-				printf("Failed to open monitor connection through global control interface\n");
-			}
-		}
-		update_stations(ctrl_conn);
-	}
-
-	return 0;
-}
-
-
-static void wpa_cli_reconnect(void)
-{
-	wpa_cli_close_connection();
-	if ((global && wpa_cli_open_global_ctrl() < 0) ||
-	    (!global && wpa_cli_open_connection(ctrl_ifname, 1) < 0))
-		return;
-
-	if (interactive) {
-		edit_clear_line();
-		printf("\rConnection to wpa_supplicant re-established\n");
-		edit_redraw();
-		update_stations(ctrl_conn);
-	}
-}
-
-
-static void cli_event(const char *str)
-{
-	const char *start, *s;
-
-	start = os_strchr(str, '>');
-	if (start == NULL)
-		return;
-
-	start++;
-
-	if (str_starts(start, WPA_EVENT_BSS_ADDED)) {
-		s = os_strchr(start, ' ');
-		if (s == NULL)
-			return;
-		s = os_strchr(s + 1, ' ');
-		if (s == NULL)
-			return;
-		cli_txt_list_add(&bsses, s + 1);
-		return;
-	}
-
-	if (str_starts(start, WPA_EVENT_BSS_REMOVED)) {
-		s = os_strchr(start, ' ');
-		if (s == NULL)
-			return;
-		s = os_strchr(s + 1, ' ');
-		if (s == NULL)
-			return;
-		cli_txt_list_del_addr(&bsses, s + 1);
-		return;
-	}
-
-#ifdef CONFIG_P2P
-	if (str_starts(start, P2P_EVENT_DEVICE_FOUND)) {
-		s = os_strstr(start, " p2p_dev_addr=");
-		if (s == NULL)
-			return;
-		cli_txt_list_add_addr(&p2p_peers, s + 14);
-		return;
-	}
-
-	if (str_starts(start, P2P_EVENT_DEVICE_LOST)) {
-		s = os_strstr(start, " p2p_dev_addr=");
-		if (s == NULL)
-			return;
-		cli_txt_list_del_addr(&p2p_peers, s + 14);
-		return;
-	}
-
-	if (str_starts(start, P2P_EVENT_GROUP_STARTED)) {
-		s = os_strchr(start, ' ');
-		if (s == NULL)
-			return;
-		cli_txt_list_add_word(&p2p_groups, s + 1, ' ');
-		return;
-	}
-
-	if (str_starts(start, P2P_EVENT_GROUP_REMOVED)) {
-		s = os_strchr(start, ' ');
-		if (s == NULL)
-			return;
-		cli_txt_list_del_word(&p2p_groups, s + 1, ' ');
-		return;
-	}
-#endif /* CONFIG_P2P */
-}
-
-
-static int check_terminating(const char *msg)
-{
-	const char *pos = msg;
-
-	if (*pos == '<') {
-		/* skip priority */
-		pos = os_strchr(pos, '>');
-		if (pos)
-			pos++;
-		else
-			pos = msg;
-	}
-
-	if (str_starts(pos, WPA_EVENT_TERMINATING) && ctrl_conn) {
-		edit_clear_line();
-		printf("\rConnection to wpa_supplicant lost - trying to "
-		       "reconnect\n");
-		edit_redraw();
-		wpa_cli_attached = 0;
-		wpa_cli_close_connection();
-		return 1;
-	}
-
-	return 0;
-}
-
-
-static void wpa_cli_recv_pending(struct wpa_ctrl *ctrl, int action_monitor)
-{
-	if (ctrl_conn == NULL) {
-		wpa_cli_reconnect();
-		return;
-	}
-	while (wpa_ctrl_pending(ctrl) > 0) {
-		char buf[4096];
-		size_t len = sizeof(buf) - 1;
-		if (wpa_ctrl_recv(ctrl, buf, &len) == 0) {
-			buf[len] = '\0';
-			if (action_monitor)
-				wpa_cli_action_process(buf);
-			else {
-				cli_event(buf);
-				if (wpa_cli_show_event(buf)) {
-					edit_clear_line();
-					printf("\r%s\n", buf);
-					edit_redraw();
-				}
-
-				if (interactive && check_terminating(buf) > 0)
-					return;
-			}
-		} else {
-			printf("Could not read pending message.\n");
-			break;
-		}
-	}
-
-	if (wpa_ctrl_pending(ctrl) < 0) {
-		printf("Connection to wpa_supplicant lost - trying to "
-		       "reconnect\n");
-		if (reconnect) {
-			eloop_terminate();
-			return;
-		}
-		wpa_cli_reconnect();
-	}
-}
-
-
-static void wpa_cli_ping(void *eloop_ctx, void *timeout_ctx)
-{
-	if (ctrl_conn) {
-		int res;
-		char *prefix = ifname_prefix;
-
-		ifname_prefix = NULL;
-		res = _wpa_ctrl_command(ctrl_conn, "PING", 0);
-		ifname_prefix = prefix;
-		if (res) {
-			printf("Connection to wpa_supplicant lost - trying to "
-			       "reconnect\n");
-			wpa_cli_close_connection();
-		}
-	}
-	if (!ctrl_conn)
-		wpa_cli_reconnect();
-	eloop_register_timeout(ping_interval, 0, wpa_cli_ping, NULL, NULL);
-}
-
-
-static void wpa_cli_mon_receive(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	wpa_cli_recv_pending(mon_conn, 0);
-}
-
-
-static void wpa_cli_edit_cmd_cb(void *ctx, char *cmd)
-{
-	char *argv[max_args];
-	int argc;
-	argc = tokenize_cmd(cmd, argv);
-	if (argc)
-		wpa_request(ctrl_conn, argc, argv);
-}
-
-
-static void wpa_cli_edit_eof_cb(void *ctx)
-{
-	eloop_terminate();
-}
-
-
-static int warning_displayed = 0;
-static char *hfile = NULL;
-static int edit_started = 0;
-
-static void start_edit(void)
-{
-	char *home;
-	char *ps = NULL;
-
-#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
-	ps = wpa_ctrl_get_remote_ifname(ctrl_conn);
-#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
-
-#ifdef CONFIG_WPA_CLI_HISTORY_DIR
-	home = CONFIG_WPA_CLI_HISTORY_DIR;
-#else /* CONFIG_WPA_CLI_HISTORY_DIR */
-	home = getenv("HOME");
-#endif /* CONFIG_WPA_CLI_HISTORY_DIR */
-	if (home) {
-		const char *fname = ".wpa_cli_history";
-		int hfile_len = os_strlen(home) + 1 + os_strlen(fname) + 1;
-		hfile = os_malloc(hfile_len);
-		if (hfile)
-			os_snprintf(hfile, hfile_len, "%s/%s", home, fname);
-	}
-
-	if (edit_init(wpa_cli_edit_cmd_cb, wpa_cli_edit_eof_cb,
-		      wpa_cli_edit_completion_cb, NULL, hfile, ps) < 0) {
-		eloop_terminate();
-		return;
-	}
-
-	edit_started = 1;
-	eloop_register_timeout(ping_interval, 0, wpa_cli_ping, NULL, NULL);
-}
-
-
-static void update_bssid_list(struct wpa_ctrl *ctrl)
-{
-	char buf[4096];
-	size_t len = sizeof(buf);
-	int ret;
-	const char *cmd = "BSS RANGE=ALL MASK=0x2";
-	char *pos, *end;
-
-	if (ctrl == NULL)
-		return;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len, NULL);
-	if (ret < 0)
-		return;
-	buf[len] = '\0';
-
-	pos = buf;
-	while (pos) {
-		pos = os_strstr(pos, "bssid=");
-		if (pos == NULL)
-			break;
-		pos += 6;
-		end = os_strchr(pos, '\n');
-		if (end == NULL)
-			break;
-		*end = '\0';
-		cli_txt_list_add(&bsses, pos);
-		pos = end + 1;
-	}
-}
-
-
-static void update_ifnames(struct wpa_ctrl *ctrl)
-{
-	char buf[4096];
-	size_t len = sizeof(buf);
-	int ret;
-	const char *cmd = "INTERFACES";
-	char *pos, *end;
-	char txt[200];
-
-	cli_txt_list_flush(&ifnames);
-
-	if (ctrl == NULL)
-		return;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len, NULL);
-	if (ret < 0)
-		return;
-	buf[len] = '\0';
-
-	pos = buf;
-	while (pos) {
-		end = os_strchr(pos, '\n');
-		if (end == NULL)
-			break;
-		*end = '\0';
-		ret = os_snprintf(txt, sizeof(txt), "ifname=%s", pos);
-		if (!os_snprintf_error(sizeof(txt), ret))
-			cli_txt_list_add(&ifnames, txt);
-		pos = end + 1;
-	}
-}
-
-
-static void update_creds(struct wpa_ctrl *ctrl)
-{
-	char buf[4096];
-	size_t len = sizeof(buf);
-	int ret;
-	const char *cmd = "LIST_CREDS";
-	char *pos, *end;
-	int header = 1;
-
-	cli_txt_list_flush(&creds);
-
-	if (ctrl == NULL)
-		return;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len, NULL);
-	if (ret < 0)
-		return;
-	buf[len] = '\0';
-
-	pos = buf;
-	while (pos) {
-		end = os_strchr(pos, '\n');
-		if (end == NULL)
-			break;
-		*end = '\0';
-		if (!header)
-			cli_txt_list_add_word(&creds, pos, '\t');
-		header = 0;
-		pos = end + 1;
-	}
-}
-
-
-static void update_networks(struct wpa_ctrl *ctrl)
-{
-	char buf[4096];
-	size_t len = sizeof(buf);
-	int ret;
-	const char *cmd = "LIST_NETWORKS";
-	char *pos, *end;
-	int header = 1;
-
-	cli_txt_list_flush(&networks);
-
-	if (ctrl == NULL)
-		return;
-	ret = wpa_ctrl_request(ctrl, cmd, os_strlen(cmd), buf, &len, NULL);
-	if (ret < 0)
-		return;
-	buf[len] = '\0';
-
-	pos = buf;
-	while (pos) {
-		end = os_strchr(pos, '\n');
-		if (end == NULL)
-			break;
-		*end = '\0';
-		if (!header)
-			cli_txt_list_add_word(&networks, pos, '\t');
-		header = 0;
-		pos = end + 1;
-	}
-}
-
-
-static void update_stations(struct wpa_ctrl *ctrl)
-{
-#ifdef CONFIG_AP
-	char addr[32], cmd[64];
-
-	if (!ctrl || !interactive)
-		return;
-
-	cli_txt_list_flush(&stations);
-
-	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr), 0))
-		return;
-	do {
-		if (os_strcmp(addr, "") != 0)
-			cli_txt_list_add(&stations, addr);
-		os_snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
-	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr), 0) == 0);
-#endif /* CONFIG_AP */
-}
-
-
-static void try_connection(void *eloop_ctx, void *timeout_ctx)
-{
-	if (ctrl_conn)
-		goto done;
-
-	if (ctrl_ifname == NULL)
-		ctrl_ifname = wpa_cli_get_default_ifname();
-
-	if (wpa_cli_open_connection(ctrl_ifname, 1)) {
-		if (!warning_displayed) {
-			printf("Could not connect to wpa_supplicant: "
-			       "%s - re-trying\n",
-			       ctrl_ifname ? ctrl_ifname : "(nil)");
-			warning_displayed = 1;
-		}
-		eloop_register_timeout(1, 0, try_connection, NULL, NULL);
-		return;
-	}
-
-	update_bssid_list(ctrl_conn);
-	update_creds(ctrl_conn);
-	update_networks(ctrl_conn);
-	update_stations(ctrl_conn);
-
-	if (warning_displayed)
-		printf("Connection established.\n");
-
-done:
-	start_edit();
-}
-
-
-static void wpa_cli_interactive(void)
-{
-	printf("\nInteractive mode\n\n");
-
-	eloop_register_timeout(0, 0, try_connection, NULL, NULL);
-	eloop_run();
-	eloop_cancel_timeout(try_connection, NULL, NULL);
-
-	cli_txt_list_flush(&p2p_peers);
-	cli_txt_list_flush(&p2p_groups);
-	cli_txt_list_flush(&bsses);
-	cli_txt_list_flush(&ifnames);
-	cli_txt_list_flush(&creds);
-	cli_txt_list_flush(&networks);
-	if (edit_started)
-		edit_deinit(hfile, wpa_cli_edit_filter_history_cb);
-	os_free(hfile);
-	eloop_cancel_timeout(wpa_cli_ping, NULL, NULL);
-	wpa_cli_close_connection();
-}
-
-
-static void wpa_cli_action_ping(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_ctrl *ctrl = eloop_ctx;
-	char buf[256];
-	size_t len;
-
-	/* verify that connection is still working */
-	len = sizeof(buf) - 1;
-	if (wpa_ctrl_request(ctrl, "PING", 4, buf, &len,
-			     wpa_cli_action_cb) < 0 ||
-	    len < 4 || os_memcmp(buf, "PONG", 4) != 0) {
-		printf("wpa_supplicant did not reply to PING command - exiting\n");
-		eloop_terminate();
-		return;
-	}
-	eloop_register_timeout(ping_interval, 0, wpa_cli_action_ping,
-			       ctrl, NULL);
-}
-
-
-static void wpa_cli_action_receive(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_ctrl *ctrl = eloop_ctx;
-
-	wpa_cli_recv_pending(ctrl, 1);
-}
-
-
-static void wpa_cli_action(struct wpa_ctrl *ctrl)
-{
-#ifdef CONFIG_ANSI_C_EXTRA
-	/* TODO: ANSI C version(?) */
-	printf("Action processing not supported in ANSI C build.\n");
-#else /* CONFIG_ANSI_C_EXTRA */
-	int fd;
-
-	fd = wpa_ctrl_get_fd(ctrl);
-	eloop_register_timeout(ping_interval, 0, wpa_cli_action_ping,
-			       ctrl, NULL);
-	eloop_register_read_sock(fd, wpa_cli_action_receive, ctrl, NULL);
-	eloop_run();
-	eloop_cancel_timeout(wpa_cli_action_ping, ctrl, NULL);
-	eloop_unregister_read_sock(fd);
-#endif /* CONFIG_ANSI_C_EXTRA */
-}
-
-
-static void wpa_cli_cleanup(void)
-{
-	wpa_cli_close_connection();
-	if (pid_file)
-		os_daemonize_terminate(pid_file);
-
-	os_program_deinit();
-}
-
-
-static void wpa_cli_terminate(int sig, void *ctx)
-{
-	eloop_terminate();
-	if (reconnect)
-		wpa_cli_quit = 1;
-}
-
-
-static char * wpa_cli_get_default_ifname(void)
-{
-	char *ifname = NULL;
-
-#ifdef ANDROID
-	char ifprop[PROPERTY_VALUE_MAX];
-	if (property_get("wifi.interface", ifprop, NULL) != 0) {
-		ifname = os_strdup(ifprop);
-		printf("Using interface '%s'\n", ifname ? ifname : "N/A");
-	}
-#else /* ANDROID */
-#ifdef CONFIG_CTRL_IFACE_UNIX
-	struct dirent *dent;
-	DIR *dir = opendir(ctrl_iface_dir);
-	if (!dir) {
-		return NULL;
-	}
-	while ((dent = readdir(dir))) {
-#ifdef _DIRENT_HAVE_D_TYPE
-		/*
-		 * Skip the file if it is not a socket. Also accept
-		 * DT_UNKNOWN (0) in case the C library or underlying
-		 * file system does not support d_type.
-		 */
-		if (dent->d_type != DT_SOCK && dent->d_type != DT_UNKNOWN)
-			continue;
-#endif /* _DIRENT_HAVE_D_TYPE */
-		/* Skip current/previous directory and special P2P Device
-		 * interfaces. */
-		if (os_strcmp(dent->d_name, ".") == 0 ||
-		    os_strcmp(dent->d_name, "..") == 0 ||
-		    os_strncmp(dent->d_name, "p2p-dev-", 8) == 0)
-			continue;
-		printf("Selected interface '%s'\n", dent->d_name);
-		ifname = os_strdup(dent->d_name);
-		break;
-	}
-	closedir(dir);
-#endif /* CONFIG_CTRL_IFACE_UNIX */
-
-#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
-	char buf[4096], *pos;
-	size_t len;
-	struct wpa_ctrl *ctrl;
-	int ret;
-
-	ctrl = wpa_ctrl_open(NULL);
-	if (ctrl == NULL)
-		return NULL;
-
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, "INTERFACES", 10, buf, &len, NULL);
-	if (ret >= 0) {
-		buf[len] = '\0';
-		pos = os_strchr(buf, '\n');
-		if (pos)
-			*pos = '\0';
-		ifname = os_strdup(buf);
-	}
-	wpa_ctrl_close(ctrl);
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-#endif /* ANDROID */
-
-	return ifname;
-}
-
-
-int main(int argc, char *argv[])
-{
-	int c;
-	int daemonize = 0;
-	int ret = 0;
-
-	if (os_program_init())
-		return -1;
-
-	for (;;) {
-		c = getopt(argc, argv, "a:Bg:G:hi:p:P:rs:v");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'a':
-			action_file = optarg;
-			break;
-		case 'B':
-			daemonize = 1;
-			break;
-		case 'g':
-			global = optarg;
-			break;
-		case 'G':
-			ping_interval = atoi(optarg);
-			break;
-		case 'h':
-			usage();
-			return 0;
-		case 'v':
-			printf("%s\n", wpa_cli_version);
-			return 0;
-		case 'i':
-			os_free(ctrl_ifname);
-			ctrl_ifname = os_strdup(optarg);
-			break;
-		case 'p':
-			ctrl_iface_dir = optarg;
-			break;
-		case 'P':
-			pid_file = optarg;
-			break;
-		case 'r':
-			reconnect = 1;
-			break;
-		case 's':
-			client_socket_dir = optarg;
-			break;
-		default:
-			usage();
-			return -1;
-		}
-	}
-
-	interactive = (argc == optind) && (action_file == NULL);
-
-	if (interactive)
-		printf("%s\n\n%s\n\n", wpa_cli_version, cli_license);
-
-	if (eloop_init())
-		return -1;
-
-	if (global && wpa_cli_open_global_ctrl() < 0)
-		return -1;
-
-	eloop_register_signal_terminate(wpa_cli_terminate, NULL);
-
-	if (ctrl_ifname == NULL)
-		ctrl_ifname = wpa_cli_get_default_ifname();
-
-	if (reconnect && action_file && ctrl_ifname) {
-		while (!wpa_cli_quit) {
-			if (ctrl_conn)
-				wpa_cli_action(ctrl_conn);
-			else
-				os_sleep(1, 0);
-			wpa_cli_close_connection();
-			wpa_cli_open_connection(ctrl_ifname, 0);
-			if (ctrl_conn) {
-				if (wpa_ctrl_attach(ctrl_conn) != 0)
-					wpa_cli_close_connection();
-				else
-					wpa_cli_attached = 1;
-			}
-		}
-	} else if (interactive) {
-		wpa_cli_interactive();
-	} else {
-		if (!global &&
-		    wpa_cli_open_connection(ctrl_ifname, 0) < 0) {
-			fprintf(stderr, "Failed to connect to non-global "
-				"ctrl_ifname: %s  error: %s\n",
-				ctrl_ifname ? ctrl_ifname : "(nil)",
-				strerror(errno));
-			return -1;
-		}
-
-		if (action_file) {
-			if (wpa_ctrl_attach(ctrl_conn) == 0) {
-				wpa_cli_attached = 1;
-			} else {
-				printf("Warning: Failed to attach to "
-				       "wpa_supplicant.\n");
-				return -1;
-			}
-		}
-
-		if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue())
-			return -1;
-
-		if (action_file)
-			wpa_cli_action(ctrl_conn);
-		else
-			ret = wpa_request(ctrl_conn, argc - optind,
-					  &argv[optind]);
-	}
-
-	os_free(ctrl_ifname);
-	eloop_destroy();
-	wpa_cli_cleanup();
-
-	return ret;
-}
-
-#else /* CONFIG_CTRL_IFACE */
-int main(int argc, char *argv[])
-{
-	printf("CONFIG_CTRL_IFACE not defined - wpa_cli disabled\n");
-	return -1;
-}
-#endif /* CONFIG_CTRL_IFACE */
diff --git a/wpa_supplicant/wpa_gui-qt4/.gitignore b/wpa_supplicant/wpa_gui-qt4/.gitignore
deleted file mode 100644
index da818cb66557..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-.moc
-.obj
-.ui
-qrc_icons.cpp
diff --git a/wpa_supplicant/wpa_gui-qt4/addinterface.cpp b/wpa_supplicant/wpa_gui-qt4/addinterface.cpp
deleted file mode 100644
index 7d92f63d1b1d..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/addinterface.cpp
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * wpa_gui - AddInterface class
- * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <cstdio>
-#include "common/wpa_ctrl.h"
-
-#include <QMessageBox>
-
-#include "wpagui.h"
-#include "addinterface.h"
-
-#ifdef CONFIG_NATIVE_WINDOWS
-#include <windows.h>
-
-#ifndef WPA_KEY_ROOT
-#define WPA_KEY_ROOT HKEY_LOCAL_MACHINE
-#endif
-#ifndef WPA_KEY_PREFIX
-#define WPA_KEY_PREFIX TEXT("SOFTWARE\\wpa_supplicant")
-#endif
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-
-AddInterface::AddInterface(WpaGui *_wpagui, QWidget *parent)
-	: QDialog(parent), wpagui(_wpagui)
-{
-	setWindowTitle(tr("Select network interface to add"));
-	resize(400, 200);
-	vboxLayout = new QVBoxLayout(this);
-
-	interfaceWidget = new QTreeWidget(this);
-	interfaceWidget->setEditTriggers(QAbstractItemView::NoEditTriggers);
-	interfaceWidget->setUniformRowHeights(true);
-	interfaceWidget->setSortingEnabled(true);
-	interfaceWidget->setColumnCount(3);
-	interfaceWidget->headerItem()->setText(0, tr("driver"));
-	interfaceWidget->headerItem()->setText(1, tr("interface"));
-	interfaceWidget->headerItem()->setText(2, tr("description"));
-	interfaceWidget->setItemsExpandable(false);
-	interfaceWidget->setRootIsDecorated(false);
-	vboxLayout->addWidget(interfaceWidget);
-
-	connect(interfaceWidget,
-		SIGNAL(itemActivated(QTreeWidgetItem *, int)), this,
-		SLOT(interfaceSelected(QTreeWidgetItem *)));
-
-	addInterfaces();
-}
-
-
-void AddInterface::addInterfaces()
-{
-#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
-	struct wpa_ctrl *ctrl;
-	int ret;
-	char buf[2048];
-	size_t len;
-
-	ctrl = wpa_ctrl_open(NULL);
-	if (ctrl == NULL)
-		return;
-
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, "INTERFACE_LIST", 14, buf, &len, NULL);
-	if (ret < 0) {
-		wpa_ctrl_close(ctrl);
-		return;
-	}
-	buf[len] = '\0';
-
-	wpa_ctrl_close(ctrl);
-
-	QString ifaces(buf);
-	QStringList lines = ifaces.split(QRegExp("\\n"));
-	for (QStringList::Iterator it = lines.begin();
-	     it != lines.end(); it++) {
-		QStringList arg = (*it).split(QChar('\t'));
-		if (arg.size() < 3)
-			continue;
-		QTreeWidgetItem *item = new QTreeWidgetItem(interfaceWidget);
-		if (!item)
-			break;
-
-		item->setText(0, arg[0]);
-		item->setText(1, arg[1]);
-		item->setText(2, arg[2]);
-	}
-
-	interfaceWidget->resizeColumnToContents(0);
-	interfaceWidget->resizeColumnToContents(1);
-	interfaceWidget->resizeColumnToContents(2);
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-}
-
-
-#ifdef CONFIG_NATIVE_WINDOWS
-bool AddInterface::addRegistryInterface(const QString &ifname)
-{
-	HKEY hk, ihk;
-	LONG ret;
-	int id, tmp;
-	TCHAR name[10];
-	DWORD val, i;
-
-	ret = RegOpenKeyEx(WPA_KEY_ROOT, WPA_KEY_PREFIX TEXT("\\interfaces"),
-			   0, KEY_ENUMERATE_SUB_KEYS | KEY_CREATE_SUB_KEY,
-			   &hk);
-	if (ret != ERROR_SUCCESS)
-		return false;
-
-	id = -1;
-
-	for (i = 0; ; i++) {
-		TCHAR name[255];
-		DWORD namelen;
-
-		namelen = 255;
-		ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL,
-				   NULL);
-
-		if (ret == ERROR_NO_MORE_ITEMS)
-			break;
-
-		if (ret != ERROR_SUCCESS)
-			break;
-
-		if (namelen >= 255)
-			namelen = 255 - 1;
-		name[namelen] = '\0';
-
-#ifdef UNICODE
-		QString s((QChar *) name, namelen);
-#else /* UNICODE */
-		QString s(name);
-#endif /* UNICODE */
-		tmp = s.toInt();
-		if (tmp > id)
-			id = tmp;
-	}
-
-	id += 1;
-
-#ifdef UNICODE
-	wsprintf(name, L"%04d", id);
-#else /* UNICODE */
-	os_snprintf(name, sizeof(name), "%04d", id);
-#endif /* UNICODE */
-	ret = RegCreateKeyEx(hk, name, 0, NULL, 0, KEY_WRITE, NULL, &ihk,
-			     NULL);
-	RegCloseKey(hk);
-	if (ret != ERROR_SUCCESS)
-		return false;
-
-#ifdef UNICODE
-	RegSetValueEx(ihk, TEXT("adapter"), 0, REG_SZ,
-		      (LPBYTE) ifname.unicode(),
-		      (ifname.length() + 1) * sizeof(TCHAR));
-
-#else /* UNICODE */
-	RegSetValueEx(ihk, TEXT("adapter"), 0, REG_SZ,
-		      (LPBYTE) ifname.toLocal8Bit(), ifname.length() + 1);
-#endif /* UNICODE */
-	RegSetValueEx(ihk, TEXT("config"), 0, REG_SZ,
-		      (LPBYTE) TEXT("default"), 8 * sizeof(TCHAR));
-	RegSetValueEx(ihk, TEXT("ctrl_interface"), 0, REG_SZ,
-		      (LPBYTE) TEXT(""), 1 * sizeof(TCHAR));
-	val = 1;
-	RegSetValueEx(ihk, TEXT("skip_on_error"), 0, REG_DWORD, (LPBYTE) &val,
-		      sizeof(val));
-
-	RegCloseKey(ihk);
-	return true;
-}
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-
-void AddInterface::interfaceSelected(QTreeWidgetItem *sel)
-{
-	if (!sel)
-		return;
-
-#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
-	struct wpa_ctrl *ctrl;
-	int ret;
-	char buf[20], cmd[256];
-	size_t len;
-
-	/*
-	 * INTERFACE_ADD <ifname>TAB<confname>TAB<driver>TAB<ctrl_interface>TAB
-	 * <driver_param>TAB<bridge_name>
-	 */
-	snprintf(cmd, sizeof(cmd),
-		 "INTERFACE_ADD %s\t%s\t%s\t%s\t%s\t%s",
-		 sel->text(1).toLocal8Bit().constData(),
-		 "default",
-		 sel->text(0).toLocal8Bit().constData(),
-		 "yes", "", "");
-	cmd[sizeof(cmd) - 1] = '\0';
-
-	ctrl = wpa_ctrl_open(NULL);
-	if (ctrl == NULL)
-		return;
-
-	len = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(ctrl, cmd, strlen(cmd), buf, &len, NULL);
-	wpa_ctrl_close(ctrl);
-
-	if (ret < 0) {
-		QMessageBox::warning(this, "wpa_gui",
-				     tr("Add interface command could not be "
-					"completed."));
-		return;
-	}
-
-	buf[len] = '\0';
-	if (buf[0] != 'O' || buf[1] != 'K') {
-		QMessageBox::warning(this, "wpa_gui",
-				     tr("Failed to add the interface."));
-		return;
-	}
-
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-
-#ifdef CONFIG_NATIVE_WINDOWS
-	if (!addRegistryInterface(sel->text(1))) {
-		QMessageBox::information(this, "wpa_gui",
-					 tr("Failed to add the interface into "
-					    "registry."));
-	}
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-	wpagui->selectAdapter(sel->text(1));
-	close();
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/addinterface.h b/wpa_supplicant/wpa_gui-qt4/addinterface.h
deleted file mode 100644
index 332fc7100f57..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/addinterface.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * wpa_gui - AddInterface class
- * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef ADDINTERFACE_H
-#define ADDINTERFACE_H
-
-#include <QObject>
-
-#include <QDialog>
-#include <QTreeWidget>
-#include <QVBoxLayout>
-
-class WpaGui;
-
-class AddInterface : public QDialog
-{
-	Q_OBJECT
-
-public:
-	AddInterface(WpaGui *_wpagui, QWidget *parent = 0);
-
-public slots:
-	virtual void interfaceSelected(QTreeWidgetItem *sel);
-
-private:
-	void addInterfaces();
-	bool addRegistryInterface(const QString &ifname);
-
-	QVBoxLayout *vboxLayout;
-	QTreeWidget *interfaceWidget;
-	WpaGui *wpagui;
-};
-
-#endif /* ADDINTERFACE_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp b/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp
deleted file mode 100644
index 09145cd9d587..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * wpa_gui - EventHistory class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <QHeaderView>
-#include <QScrollBar>
-
-#include "eventhistory.h"
-
-
-int EventListModel::rowCount(const QModelIndex &) const
-{
-	return msgList.count();
-}
-
-
-int EventListModel::columnCount(const QModelIndex &) const
-{
-	return 2;
-}
-
-
-QVariant EventListModel::data(const QModelIndex &index, int role) const
-{
-	if (!index.isValid())
-		return QVariant();
-
-        if (role == Qt::DisplayRole)
-		if (index.column() == 0) {
-			if (index.row() >= timeList.size())
-				return QVariant();
-			return timeList.at(index.row());
-		} else {
-			if (index.row() >= msgList.size())
-				return QVariant();
-			return msgList.at(index.row());
-		}
-        else
-		return QVariant();
-}
-
-
-QVariant EventListModel::headerData(int section, Qt::Orientation orientation,
-				    int role) const
-{
-	if (role != Qt::DisplayRole)
-		return QVariant();
-
-	if (orientation == Qt::Horizontal) {
-		switch (section) {
-		case 0:
-			return QString(tr("Timestamp"));
-		case 1:
-			return QString(tr("Message"));
-		default:
-			return QVariant();
-		}
-	} else
-		return QString("%1").arg(section);
-}
-
-
-void EventListModel::addEvent(QString time, QString msg)
-{
-	beginInsertRows(QModelIndex(), msgList.size(), msgList.size() + 1);
-	timeList << time;
-	msgList << msg;
-	endInsertRows();
-}
-
-
-EventHistory::EventHistory(QWidget *parent, const char *, bool, Qt::WindowFlags)
-	: QDialog(parent)
-{
-	setupUi(this);
-
-	connect(closeButton, SIGNAL(clicked()), this, SLOT(close()));
-
-	eventListView->setItemsExpandable(false);
-	eventListView->setRootIsDecorated(false);
-	elm = new EventListModel(parent);
-	eventListView->setModel(elm);
-}
-
-
-EventHistory::~EventHistory()
-{
-	destroy();
-	delete elm;
-}
-
-
-void EventHistory::languageChange()
-{
-	retranslateUi(this);
-}
-
-
-void EventHistory::addEvents(WpaMsgList msgs)
-{
-	WpaMsgList::iterator it;
-	for (it = msgs.begin(); it != msgs.end(); it++)
-		addEvent(*it);
-}
-
-
-void EventHistory::addEvent(WpaMsg msg)
-{
-	bool scroll = true;
-
-	if (eventListView->verticalScrollBar()->value() <
-	    eventListView->verticalScrollBar()->maximum())
-	    	scroll = false;
-
-	elm->addEvent(msg.getTimestamp().toString("yyyy-MM-dd hh:mm:ss.zzz"),
-		      msg.getMsg());
-
-	if (scroll)
-		eventListView->scrollToBottom();
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/eventhistory.h b/wpa_supplicant/wpa_gui-qt4/eventhistory.h
deleted file mode 100644
index afd7b63469a2..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/eventhistory.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * wpa_gui - EventHistory class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef EVENTHISTORY_H
-#define EVENTHISTORY_H
-
-#include <QObject>
-#include "ui_eventhistory.h"
-
-
-class EventListModel : public QAbstractTableModel
-{
-	Q_OBJECT
-
-public:
-	EventListModel(QObject *parent = 0)
-		: QAbstractTableModel(parent) {}
-
-        int rowCount(const QModelIndex &parent = QModelIndex()) const;
-        int columnCount(const QModelIndex &parent = QModelIndex()) const;
-        QVariant data(const QModelIndex &index, int role) const;
-        QVariant headerData(int section, Qt::Orientation orientation,
-                            int role = Qt::DisplayRole) const;
-	void addEvent(QString time, QString msg);
-
-private:
-	QStringList timeList;
-	QStringList msgList;
-};
-
-
-class EventHistory : public QDialog, public Ui::EventHistory
-{
-	Q_OBJECT
-
-public:
-	EventHistory(QWidget *parent = 0, const char *name = 0,
-		     bool modal = false, Qt::WindowFlags fl = 0);
-	~EventHistory();
-
-public slots:
-	virtual void addEvents(WpaMsgList msgs);
-	virtual void addEvent(WpaMsg msg);
-
-protected slots:
-	virtual void languageChange();
-
-private:
-	EventListModel *elm;
-};
-
-#endif /* EVENTHISTORY_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/eventhistory.ui b/wpa_supplicant/wpa_gui-qt4/eventhistory.ui
deleted file mode 100644
index afe9149cfa0f..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/eventhistory.ui
+++ /dev/null
@@ -1,61 +0,0 @@
-<ui version="4.0" >
- <class>EventHistory</class>
- <widget class="QDialog" name="EventHistory" >
-  <property name="geometry" >
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>533</width>
-    <height>285</height>
-   </rect>
-  </property>
-  <property name="windowTitle" >
-   <string>Event history</string>
-  </property>
-  <layout class="QGridLayout" >
-   <item row="0" column="0" colspan="2" >
-    <widget class="QTreeView" name="eventListView" >
-     <property name="sizePolicy" >
-      <sizepolicy vsizetype="Expanding" hsizetype="Expanding" >
-       <horstretch>0</horstretch>
-       <verstretch>0</verstretch>
-      </sizepolicy>
-     </property>
-     <property name="verticalScrollBarPolicy" >
-      <enum>Qt::ScrollBarAlwaysOn</enum>
-     </property>
-     <property name="selectionMode" >
-      <enum>QAbstractItemView::NoSelection</enum>
-     </property>
-    </widget>
-   </item>
-   <item row="1" column="0" >
-    <spacer>
-     <property name="orientation" >
-      <enum>Qt::Horizontal</enum>
-     </property>
-     <property name="sizeHint" >
-      <size>
-       <width>40</width>
-       <height>20</height>
-      </size>
-     </property>
-    </spacer>
-   </item>
-   <item row="1" column="1" >
-    <widget class="QPushButton" name="closeButton" >
-     <property name="text" >
-      <string>Close</string>
-     </property>
-    </widget>
-   </item>
-  </layout>
- </widget>
- <layoutdefault spacing="6" margin="11" />
- <pixmapfunction></pixmapfunction>
- <includes>
-  <include location="local" >wpamsg.h</include>
- </includes>
- <resources/>
- <connections/>
-</ui>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons.qrc b/wpa_supplicant/wpa_gui-qt4/icons.qrc
deleted file mode 100644
index dd72c7ef1008..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons.qrc
+++ /dev/null
@@ -1,9 +0,0 @@
-<RCC>
- <qresource prefix="/icons" >
-  <file alias="wpa_gui.svg">icons/wpa_gui.svg</file>
-  <file alias="ap.svg">icons/ap.svg</file>
-  <file alias="laptop.svg">icons/laptop.svg</file>
-  <file alias="group.svg">icons/group.svg</file>
-  <file alias="invitation.svg">icons/invitation.svg</file>
- </qresource>
-</RCC>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/.gitignore b/wpa_supplicant/wpa_gui-qt4/icons/.gitignore
deleted file mode 100644
index 8d772cc93884..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-hicolor
-pixmaps
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/Makefile b/wpa_supplicant/wpa_gui-qt4/icons/Makefile
deleted file mode 100644
index 88efc3c5b258..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/make -f
-
-NAMES := wpa_gui ap laptop group invitation
-SIZES := 16x16 22x22 32x32 48x48 64x64 128x128
-ICONS := $(addsuffix .png, $(foreach name, $(NAMES), $(foreach size, $(SIZES), $(size)/$(name))))
-ICONS += $(addsuffix .xpm, $(NAMES))
-
-ifeq (1, $(shell which inkscape; echo $$?))
-$(error "No inkscape in PATH, it is required for exporting icons.")
-else
-ifeq (0, $(shell inkscape --without-gui 2>&1 > /dev/null; echo $$?))
-# Inkscape < 1.0
-INKSCAPE_GUI_FLAG := --without-gui
-INKSCAPE_OUTPUT_FLAG := --export-png
-else
-# Inkscape >= 1.0
-INKSCAPE_GUI_FLAG :=
-INKSCAPE_OUTPUT_FLAG := --export-filename
-endif
-endif
-
-all: $(ICONS)
-
-%.png:
-	mkdir -p hicolor/$(word 1, $(subst /, ,$(@)))/apps/
-	inkscape $(subst .png,.svg, $(word 2, $(subst /, , $(@)))) $(INKSCAPE_GUI_FLAG) \
-		--export-width=$(word 1, $(subst x, , $(@)))  \
-	        --export-height=$(word 2, $(subst x, , $(subst /, , $(@)))) \
-		$(INKSCAPE_OUTPUT_FLAG)=hicolor/$(word 1, $(subst /, ,$(@)))/apps/$(word 2, $(subst /, , $@))
-
-%.xpm:
-	mkdir -p pixmaps/
-	convert hicolor/16x16/apps/$(@:.xpm=.png) pixmaps/$(@:.xpm=-16.xpm)
-	convert hicolor/32x32/apps/$(@:.xpm=.png) pixmaps/$@
-
-clean:
-	$(RM) -r pixmaps hicolor
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/README b/wpa_supplicant/wpa_gui-qt4/icons/README
deleted file mode 100644
index 39532389766e..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/README
+++ /dev/null
@@ -1,74 +0,0 @@
-wpa_gui icon files
-
-To convert the svg icons to other formats, make sure inkscape and imagemagick
-are installed and use `make' to create various sized png and xpm icons.
-
-
-wpa_gui.svg
------------
-
-Copyright (c) 2008 Bernard Gray <bernard.gray@gmail.com>
-
-The wpa_gui icon is licensed under the GPL version 2. Alternatively, the icon
-may be distributed under the terms of BSD license.
-
-
-ap.svg
-------
-
-mystica_Wireless_Router.svg
-
-http://openclipart.org/media/files/mystica/8390
-Wireless Router
-by:     mystica
-last change:    April 20, 2008 10:32 pm (File added)
-date:   April 20, 2008 10:31 pm
-license: PD
-
-
-laptop.svg
-----------
-
-metalmarious_Laptop.svg
-
-http://openclipart.org/media/files/metalmarious/4056
-Laptop
-by:      metalmarious
-last change:    May 18, 2008 07:04 pm (File added)
-date:   August 27, 2007 04:44 am
-license: PD
-
-
-group.svg
----------
-
-http://www.openclipart.org/detail/25428
-http://www.openclipart.org/people/Anonymous/Anonymous_Network.svg
-Uploader:
-    Anonymous
-Drawn by:
-    Andrew Fitzsimon / Anonymous
-Created:
-    2009-04-29 04:07:37
-Description:
-    A network icon by Andrew Fitzsimon. Etiquette Icon set.
-    From 0.18 OCAL database.
-
-Public Domain
-
-
-
-invitation.svg
---------------
-
-http://www.openclipart.org/detail/974
-http://www.openclipart.org/people/jean_victor_balin/jean_victor_balin_unknown_green.svg
-Uploader:
-    jean_victor_balin
-Drawn by:
-    jean_victor_balin
-Created:
-    2006-10-27 02:12:13
-Description:
-
-Public Domain
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/ap.svg b/wpa_supplicant/wpa_gui-qt4/icons/ap.svg
deleted file mode 100644
index 51cc8ce646ad..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/ap.svg
+++ /dev/null
@@ -1,832 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="546"
-   height="482.67157"
-   id="svg2"
-   sodipodi:version="0.32"
-   inkscape:version="0.45.1+0.46pre1+devel"
-   sodipodi:docname="Wireless Router.svg"
-   inkscape:output_extension="org.inkscape.output.svg.inkscape"
-   version="1.0"
-   inkscape:export-filename="C:\Documents and Settings\Dan\Skrivbord\Clipart egna (InkScape)\Original\Kanske Upload\Wireless Router.png"
-   inkscape:export-xdpi="310"
-   inkscape:export-ydpi="310">
-  <defs
-     id="defs4">
-    <inkscape:perspective
-       sodipodi:type="inkscape:persp3d"
-       inkscape:vp_x="-50 : 600 : 1"
-       inkscape:vp_y="0 : 1000 : 0"
-       inkscape:vp_z="700 : 600 : 1"
-       inkscape:persp3d-origin="300 : 400 : 1"
-       id="perspective148" />
-    <inkscape:perspective
-       sodipodi:type="inkscape:persp3d"
-       inkscape:vp_x="-50 : 600 : 1"
-       inkscape:vp_y="0 : 1000 : 0"
-       inkscape:vp_z="700 : 600 : 1"
-       inkscape:persp3d-origin="300 : 400 : 1"
-       id="perspective138" />
-    <inkscape:perspective
-       sodipodi:type="inkscape:persp3d"
-       inkscape:vp_x="-50 : 600 : 1"
-       inkscape:vp_y="0 : 1000 : 0"
-       inkscape:vp_z="700 : 600 : 1"
-       inkscape:persp3d-origin="300 : 400 : 1"
-       id="perspective10" />
-    <inkscape:perspective
-       id="perspective2395"
-       inkscape:persp3d-origin="300 : 400 : 1"
-       inkscape:vp_z="700 : 600 : 1"
-       inkscape:vp_y="0 : 1000 : 0"
-       inkscape:vp_x="-50 : 600 : 1"
-       sodipodi:type="inkscape:persp3d" />
-    <filter
-       inkscape:collect="always"
-       id="filter3304">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.27999283"
-         id="feGaussianBlur3306" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3336">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.5315371"
-         id="feGaussianBlur3338" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3368">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.26473573"
-         id="feGaussianBlur3370" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3564"
-       x="-0.37202433"
-       width="1.7440487"
-       y="-0.43252525"
-       height="1.8650506">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="1.1017616"
-         id="feGaussianBlur3566" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3748"
-       x="-0.41952851"
-       width="1.839057"
-       y="-0.39121628"
-       height="1.7824326">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="1.1235829"
-         id="feGaussianBlur3750" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3862"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3864" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3866"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-0.20756502"
-       height="1.4151301">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3868" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3870"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3872" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3874"
-       x="-0.3380883"
-       width="1.6761765"
-       y="-0.21154897"
-       height="1.4230978">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3876" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3878"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3880" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3882"
-       x="-0.36018598"
-       width="1.720372"
-       y="-0.20953795"
-       height="1.4190758">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3884" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3886"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3888" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3890"
-       x="-0.35439494"
-       width="1.7087899"
-       y="-0.20953795"
-       height="1.4190758">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3892" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3894"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3896" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3898"
-       x="-0.38537359"
-       width="1.7707472"
-       y="-0.20562869"
-       height="1.4112574">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3900" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3902"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3904" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3906"
-       x="-0.38537359"
-       width="1.7707472"
-       y="-0.21359873"
-       height="1.4271975">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3908" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3910"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3912" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3914"
-       x="-0.36018598"
-       width="1.720372"
-       y="-0.20562869"
-       height="1.4112574">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3916" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3918"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3920" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3922"
-       x="-0.36616942"
-       width="1.7323389"
-       y="-0.20953795"
-       height="1.4190758">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3924" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3926"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3928" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3930"
-       x="-0.34878778"
-       width="1.6975756"
-       y="-0.20186263"
-       height="1.4037253">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3932" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3934"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3936" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3938"
-       x="-0.32802677"
-       width="1.6560535"
-       y="-0.21568884"
-       height="1.4313776">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3940" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3942"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3944" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3946"
-       x="-0.32321677"
-       width="1.6464336"
-       y="-0.21568884"
-       height="1.4313776">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3948" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3950"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3952" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3954"
-       x="-0.3185463"
-       width="1.6370926"
-       y="-0.21359873"
-       height="1.4271975">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3956" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3958"
-       x="-0.33298156"
-       width="1.6659631"
-       y="-1.6699424"
-       height="4.3398848">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3960" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3962"
-       x="-0.28553614"
-       width="1.5710723"
-       y="-0.21568884"
-       height="1.4313776">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.82006695"
-         id="feGaussianBlur3964" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3982"
-       x="-0.0048889387"
-       width="1.0097779"
-       y="-0.26385465"
-       height="1.5277092">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="1.0547249"
-         id="feGaussianBlur3984" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3996">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.8032234"
-         id="feGaussianBlur3998" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3517"
-       x="-0.25713229"
-       width="1.5142646"
-       y="-0.087099633"
-       height="1.1741993">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.33984317"
-         id="feGaussianBlur3519" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3329"
-       x="-0.18025071"
-       width="1.3605014"
-       y="-1.1780664"
-       height="3.3561328">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.49086099"
-         id="feGaussianBlur3331" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3333"
-       x="-0.15131117"
-       width="1.3026223"
-       y="-0.1853139"
-       height="1.3706278">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.49086099"
-         id="feGaussianBlur3335" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3337"
-       x="-0.14412392"
-       width="1.2882478"
-       y="-0.18013415"
-       height="1.3602683">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.49086099"
-         id="feGaussianBlur3339" />
-    </filter>
-    <filter
-       inkscape:collect="always"
-       id="filter3341"
-       x="-1.1780664"
-       width="3.3561328"
-       y="-0.23067047"
-       height="1.4613409">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="0.49086099"
-         id="feGaussianBlur3343" />
-    </filter>
-  </defs>
-  <sodipodi:namedview
-     id="base"
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1.0"
-     gridtolerance="10000"
-     guidetolerance="10"
-     objecttolerance="10"
-     inkscape:pageopacity="0.0"
-     inkscape:pageshadow="2"
-     inkscape:zoom="0.98994949"
-     inkscape:cx="233.05018"
-     inkscape:cy="176.49031"
-     inkscape:document-units="px"
-     inkscape:current-layer="layer2"
-     showgrid="false"
-     inkscape:window-width="1152"
-     inkscape:window-height="838"
-     inkscape:window-x="0"
-     inkscape:window-y="0" />
-  <metadata
-     id="metadata7">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <g
-     inkscape:groupmode="layer"
-     id="layer2"
-     transform="translate(-45.788597,-496.6196)">
-    <path
-       style="fill:#606060;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 75.574315,977.86259 L 535.56828,979.20564 L 564.86002,979.29116 C 564.86002,979.29116 573.43146,977.86259 573.43146,973.57687 C 573.43146,969.29116 574.14573,959.29117 574.14573,959.29117 L 566.03832,959.7296 L 72.464255,956.66717 L 58.640665,955.63307 C 58.640665,955.63307 59.860025,973.57688 65.574315,975.71973 C 71.288595,977.86259 75.574315,977.14831 75.574315,977.86259 z"
-       id="path2402"
-       sodipodi:nodetypes="cccsccccsc" />
-    <path
-       style="fill:#dddddd;fill-opacity:1;fill-rule:evenodd;stroke:#b2b2b2;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 67.002885,957.14831 L 566.28859,960.00545 C 566.28859,960.00545 577.71717,959.29116 583.43146,955.71973 C 589.14574,952.14831 588.43146,942.86259 588.43146,942.86259 C 588.43146,942.86259 591.28859,907.14831 591.28859,902.14831 C 591.28859,897.14831 574.86002,839.29116 572.00288,827.86259 C 569.14574,816.43402 557.00288,757.1483 557.00288,757.1483 C 557.00288,757.1483 555.57431,749.29116 552.71717,748.57688 C 549.86002,747.86259 548.43146,748.57688 548.43146,748.57688 L 558.43146,797.86259 L 577.71717,880.00545 L 578.07431,881.34473 L 579.05004,882.28742 L 584.86002,897.14831 C 584.86002,897.14831 584.93925,904.12528 581.70701,906.43402 C 576.70701,910.00545 557.71717,910.71973 557.71717,910.71973 L 68.431455,907.86259 C 68.431455,907.86259 57.002885,906.43402 54.145745,903.57688 C 51.288595,900.71973 52.298745,895.51053 52.298745,895.51053 L 94.860025,745.00545 C 94.860025,745.00545 86.288605,747.86259 84.145745,752.1483 C 82.002885,756.43402 71.288595,811.43402 68.431455,820.00545 C 65.574315,828.57688 47.002885,893.57688 47.002885,893.57688 C 47.002885,893.57688 46.288597,900.00545 46.288597,903.57688 C 46.288597,907.14831 48.431455,946.43402 48.431455,946.43402 C 48.431455,946.43402 52.002885,953.57688 55.574315,955.00545 C 59.145745,956.43402 68.431455,957.14831 67.002885,957.14831 z"
-       id="path2404"
-       sodipodi:nodetypes="ccscsscsccccccsccsccsscscsc" />
-    <path
-       style="fill:#ececec;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3336)"
-       d="M 562.71717,958.57688 C 562.71717,958.57688 572.00288,957.86259 572.00288,951.43402 C 572.00288,945.00545 575.57431,922.14831 572.00288,918.57688 C 568.43146,915.00545 564.86002,912.86259 564.86002,912.86259 C 564.86002,912.86259 586.28859,903.57688 585.57431,907.86259 C 584.86002,912.14831 581.28859,914.29116 581.28859,920.00545 C 581.28859,925.71973 580.57431,948.57688 580.57431,948.57688 C 580.57431,948.57688 578.43146,952.86259 581.28859,953.57688 C 584.14574,954.29116 582.71717,955.71973 582.71717,955.71973 L 576.28859,957.86259 L 570.57431,958.57688 L 562.71717,958.57688 z"
-       id="path2406" />
-    <path
-       style="fill:#ededed;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 75.574315,913.57688 L 560.57431,915.71973 L 557.71717,955.71973 L 77.002885,954.29116 L 75.574315,913.57688 z"
-       id="path2408" />
-    <path
-       style="fill:#020202;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 100.57432,925.00545 L 541.28859,927.86259 C 541.28859,927.86259 548.43146,932.14831 548.43146,936.43402 C 548.43146,940.71973 540.57431,945.71973 540.57431,945.71973 L 98.431455,942.86259 C 98.431455,942.86259 89.145745,938.57688 89.860025,932.86259 C 90.574315,927.14831 101.2886,924.29116 100.57432,925.00545 z"
-       id="path2410" />
-    <path
-       style="fill:#121212;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 71.497795,907.90591 L 557.85419,910.32545 L 573.61002,909.11259 C 573.61002,909.11259 581.28967,908.48718 583.43146,904.46973 C 584.17421,903.07651 585.22722,901.79095 585.2275,899.8245 C 585.22862,892.20247 577.89573,880.63045 577.89573,880.63045 C 577.89573,880.63045 578.20783,882.29016 577.30114,882.74322 C 575.50038,883.64304 573.664,884.53037 571.28859,885.00545 C 567.71717,885.71973 66.036055,879.91879 66.036055,879.91879 L 59.860025,880.00545 L 56.288605,877.68402 L 52.002885,896.43402 C 52.002885,896.43402 51.828665,903.29437 57.673845,905.51053 C 62.003235,907.15199 72.212085,908.6202 71.497795,907.90591 z"
-       id="path2412"
-       sodipodi:nodetypes="cccsscssccccsc" />
-    <path
-       style="fill:#2c2c2c;fill-opacity:1;fill-rule:evenodd;stroke:#252525;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 93.431455,743.57688 L 59.145745,868.57688 C 59.145745,868.57688 57.538605,871.96973 60.574315,873.57688 C 65.381975,876.12212 74.681455,875.18402 74.681455,875.18402 C 74.681455,875.18402 567.00288,879.29116 569.86002,878.57688 C 572.71717,877.86259 575.03859,876.96974 575.03859,876.96974 L 575.21717,868.75545 C 575.21717,868.75545 579.61685,882.27622 576.28859,883.75545 C 573.07431,885.18402 566.28859,885.00545 566.28859,885.00545 L 64.860025,880.71973 L 58.431455,879.29116 L 56.645745,876.79116 L 57.861935,870.85997 L 93.431455,743.57688 z"
-       id="path2414"
-       sodipodi:nodetypes="ccscsccscccccc" />
-    <path
-       style="fill:#d5d5d5;fill-opacity:1;fill-rule:evenodd;stroke:#d1d1d1;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3748)"
-       d="M 62.002885,879.82688 L 62.181455,874.29116 L 60.217165,873.93402 L 57.360025,874.82688 L 56.824315,876.25545 C 56.824315,876.25545 56.467165,877.86259 57.360025,878.21973 C 58.252885,878.57688 59.860025,879.11259 59.860025,879.11259 L 62.002885,879.82688 z"
-       id="path2416" />
-    <path
-       style="fill:#d5d5d5;fill-opacity:1;fill-rule:evenodd;stroke:#dadada;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3564)"
-       d="M 571.82431,883.04116 C 571.82431,882.32688 570.57431,879.82688 572.18146,878.93402 C 573.78859,878.04116 575.03859,878.57688 575.03859,878.57688 C 575.03859,878.57688 578.07431,881.25545 577.36002,881.43402 C 576.64574,881.61259 576.46717,882.50545 574.68146,883.21973 C 572.89574,883.93402 572.36002,883.21973 571.82431,883.04116 z"
-       id="path2418" />
-    <path
-       style="fill:none;fill-opacity:1;fill-rule:evenodd;stroke:#2aea00;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3341)"
-       d="M 194.42891,930.61513 L 194.68145,934.46973"
-       id="path2420"
-       sodipodi:nodetypes="cc" />
-    <path
-       style="fill:none;fill-opacity:1;fill-rule:evenodd;stroke:#2aea00;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3337)"
-       d="M 192.18145,932.32688 C 192.18145,932.32688 189.18906,937.68402 194.50288,937.86259 C 200.57352,938.06659 197.36003,932.50545 197.36003,932.50545"
-       id="path2422"
-       sodipodi:nodetypes="csc" />
-    <path
-       sodipodi:type="arc"
-       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#444444;stroke-width:0.92299998;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       id="path2424"
-       sodipodi:cx="289.82144"
-       sodipodi:cy="742.89789"
-       sodipodi:rx="4.2857141"
-       sodipodi:ry="4.2857141"
-       d="M 294.10716,742.89789 A 4.2857141,4.2857141 0 1 1 285.53573,742.89789 A 4.2857141,4.2857141 0 1 1 294.10716,742.89789 z"
-       transform="translate(-57.282828,191.92898)" />
-    <path
-       sodipodi:type="arc"
-       style="fill:#101010;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.92626119;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       id="path2439"
-       sodipodi:cx="289.82144"
-       sodipodi:cy="742.89789"
-       sodipodi:rx="4.2857141"
-       sodipodi:ry="4.2857141"
-       d="M 294.10716,742.89789 A 4.2857141,4.2857141 0 1 1 285.53573,742.89789 A 4.2857141,4.2857141 0 1 1 294.10716,742.89789 z"
-       transform="matrix(0.4791666,0,0,0.4791666,93.755115,578.94427)" />
-    <path
-       sodipodi:type="arc"
-       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#7b7b7b;stroke-width:1.70648665;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       id="path3211"
-       sodipodi:cx="289.82144"
-       sodipodi:cy="742.89789"
-       sodipodi:rx="4.2857141"
-       sodipodi:ry="4.2857141"
-       d="M 294.10716,742.89789 A 4.2857141,4.2857141 0 1 1 285.53573,742.89789 A 4.2857141,4.2857141 0 1 1 294.10716,742.89789 z"
-       transform="matrix(0.5109914,0,0,0.5109914,116.22806,556.99816)" />
-    <path
-       sodipodi:type="arc"
-       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#7b7b7b;stroke-width:1.70648665;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       id="path3213"
-       sodipodi:cx="289.82144"
-       sodipodi:cy="742.89789"
-       sodipodi:rx="4.2857141"
-       sodipodi:ry="4.2857141"
-       d="M 294.10716,742.89789 A 4.2857141,4.2857141 0 1 1 285.53573,742.89789 A 4.2857141,4.2857141 0 1 1 294.10716,742.89789 z"
-       transform="matrix(0.5109914,0,0,0.5109914,122.47805,556.99816)" />
-    <path
-       sodipodi:type="arc"
-       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#7b7b7b;stroke-width:1.70648665;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       id="path3215"
-       sodipodi:cx="289.82144"
-       sodipodi:cy="742.89789"
-       sodipodi:rx="4.2857141"
-       sodipodi:ry="4.2857141"
-       d="M 294.10716,742.89789 A 4.2857141,4.2857141 0 1 1 285.53573,742.89789 A 4.2857141,4.2857141 0 1 1 294.10716,742.89789 z"
-       transform="matrix(0.5109914,0,0,0.5109914,119.44234,552.71244)" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#606060;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 308.07431,934.29116 C 308.07431,934.29116 307.00288,935.71973 306.28859,936.61259 C 305.57431,937.50544 305.57431,939.11259 304.32431,938.57688 C 303.07431,938.04116 301.11002,936.07688 301.28859,934.64831 C 301.46717,933.21974 304.32431,931.07688 304.32431,931.07688 C 304.32431,931.07688 305.03859,932.1483 306.11002,932.86259 C 307.18145,933.57688 307.89574,934.11259 308.07431,934.29116 z"
-       id="path3217"
-       sodipodi:nodetypes="cssscsc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#28cc03;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3333)"
-       d="M 336.28859,931.43402 L 340.57431,931.43402 L 341.82431,932.68402 L 341.82431,935.00545 L 340.93145,936.79116 L 336.46717,936.79116 L 335.03859,935.71973 L 335.03859,932.50545 L 336.28859,931.43402 z"
-       id="path3221"
-       sodipodi:nodetypes="ccccccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#28cc03;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3329)"
-       d="M 335.75288,938.57688 L 341.28859,938.57688"
-       id="path3223" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#4d4d4d;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 369.86002,931.43402 L 374.14574,931.43402 L 375.39574,932.68402 L 375.39574,935.00545 L 374.50288,936.79116 L 370.0386,936.79116 L 368.61002,935.71973 L 368.61002,932.50545 L 369.86002,931.43402 z"
-       id="path3225"
-       sodipodi:nodetypes="ccccccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#4d4d4d;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 369.32431,938.57688 L 374.86002,938.57688"
-       id="path3227" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#4d4d4d;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 407.00288,931.79116 L 411.2886,931.79116 L 412.5386,933.04116 L 412.5386,935.36259 L 411.64574,937.1483 L 407.18147,937.1483 L 405.75288,936.07687 L 405.75288,932.86259 L 407.00288,931.79116 z"
-       id="path3229"
-       sodipodi:nodetypes="ccccccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#4d4d4d;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 406.46717,938.93402 L 412.00288,938.93402"
-       id="path3231" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#4d4d4d;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 444.14574,931.96973 L 448.43145,931.96973 L 449.68145,933.21973 L 449.68145,935.54116 L 448.78859,937.32687 L 444.32431,937.32687 L 442.89574,936.25544 L 442.89574,933.04116 L 444.14574,931.96973 z"
-       id="path3233"
-       sodipodi:nodetypes="ccccccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#4d4d4d;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 443.61002,939.11259 L 449.14574,939.11259"
-       id="path3235" />
-    <path
-       style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:#28cc03;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Dominican;-inkscape-font-specification:Dominican;filter:url(#filter3517)"
-       d="M 329.05831,937.86898 L 329.10629,932.30075 L 328.72213,932.54098 C 328.65816,932.59689 328.60226,932.62485 328.55441,932.62484 C 328.52242,932.62485 328.47243,932.59085 328.40444,932.52285 C 328.33646,932.45487 328.30245,932.38486 328.30245,932.31283 C 328.30245,932.22495 328.34841,932.12497 328.44034,932.0129 C 328.53225,931.90085 328.62618,931.78879 328.72213,931.67672 L 329.68234,930.33273 L 330.47445,930.78903 L 330.46236,938.5527 C 330.46236,938.64889 330.38631,938.69699 330.23421,938.69699 C 330.1783,938.69699 330.13437,938.69296 330.10238,938.6849 C 329.86239,938.62094 329.6224,938.56088 329.38241,938.50472 C 329.16634,938.40072 329.05831,938.18881 329.05831,937.86898 L 329.05831,937.86898 z"
-       id="text3237" />
-    <path
-       style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:#939393;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Dominican;-inkscape-font-specification:Dominican"
-       d="M 364.94248,932.84854 C 364.94246,933.5126 364.7065,934.32059 364.23458,935.27249 C 363.84249,936.05667 363.33443,936.86868 362.71041,937.70852 L 362.50643,937.97256 L 363.8984,937.94876 C 364.14644,937.94876 364.37044,937.97476 364.5704,938.02676 C 364.77034,938.07876 364.91036,938.16067 364.99044,938.27249 C 365.16646,938.51248 365.25447,938.70449 365.25448,938.84854 C 365.25447,938.98452 365.19448,939.06851 365.07449,939.10049 C 364.95449,939.13247 364.85042,939.14846 364.76229,939.14846 L 360.97054,939.34072 L 360.5743,937.93667 C 360.83846,937.62466 361.10653,937.31265 361.3785,937.00064 C 361.96248,936.20865 362.44246,935.46463 362.81844,934.76858 C 363.3304,933.83255 363.58638,933.12857 363.58639,932.65664 C 363.58638,932.55264 363.5784,932.46866 363.5624,932.40469 C 363.54641,932.34073 363.51046,932.30875 363.45455,932.30874 C 363.30245,932.30875 362.99044,932.50064 362.51852,932.88442 C 362.21456,933.13248 361.81051,933.50052 361.30636,933.98855 C 360.90646,934.38065 360.70248,934.58462 360.69442,934.60049 L 360.02242,933.65273 C 360.02242,933.58853 360.19845,933.3605 360.5505,932.96865 C 360.95846,932.51261 361.36642,932.1326 361.77438,931.82864 C 362.32638,931.42069 362.79439,931.21671 363.17843,931.2167 C 363.40255,931.21671 363.59053,931.27664 363.74239,931.39651 C 364.29439,931.80448 364.60237,932.04849 364.66634,932.12856 C 364.85042,932.35269 364.94246,932.59268 364.94248,932.84854 L 364.94248,932.84854 z"
-       id="text3241" />
-    <path
-       style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:#939393;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Dominican;-inkscape-font-specification:Dominican"
-       d="M 398.55154,939.8793 L 397.90371,938.83523 L 398.62368,938.71511 C 399.16762,938.61917 399.70754,938.33914 400.24343,937.87502 C 400.73952,937.44314 400.98757,937.09915 400.98757,936.84304 C 400.98757,936.69119 400.84755,936.55526 400.56753,936.43527 C 400.2875,936.31527 399.97951,936.25528 399.64358,936.25527 C 399.42751,936.25528 399.23348,936.28128 399.06149,936.33328 C 398.88949,936.38528 398.74355,936.47525 398.62368,936.60317 L 398.17947,936.27908 L 398.17947,935.23501 L 398.50356,935.079 C 399.04751,934.83902 399.59548,934.46304 400.14748,933.95107 C 400.69948,933.43912 400.97548,933.05521 400.97549,932.79934 C 400.97548,932.7432 400.95547,932.6951 400.91544,932.65505 C 400.81948,932.55911 400.65957,932.51114 400.43569,932.51113 C 400.10756,932.51114 399.69155,932.61112 399.18765,932.81106 C 398.7797,932.97122 398.5436,933.08328 398.47939,933.14724 L 397.97549,932.00723 C 398.06363,931.91129 398.32363,931.77127 398.75552,931.58718 C 399.29165,931.36307 399.75564,931.25101 400.14748,931.251 C 400.25955,931.25101 400.3716,931.26309 400.48367,931.28726 C 400.85965,931.37516 401.16762,931.52713 401.40762,931.74319 C 401.59169,931.90311 401.78371,932.15506 401.98367,932.49905 C 402.03151,932.57913 402.06149,932.6572 402.07357,932.73324 C 402.08565,932.8093 402.09169,932.88333 402.0917,932.95535 C 402.09169,933.25125 401.98366,933.5712 401.76761,933.91519 C 401.55154,934.25919 401.28347,934.56717 400.9634,934.83914 L 400.50747,935.21121 C 400.8915,935.21121 401.28951,935.43722 401.7015,935.88925 C 402.11348,936.34128 402.31948,936.8273 402.31948,937.34731 C 402.31948,937.65127 402.24947,937.91726 402.10947,938.14529 C 401.96944,938.37332 401.76748,938.6033 401.50356,938.83523 C 401.16762,939.13113 400.79567,939.37112 400.38772,939.5552 C 399.88357,939.78713 399.3915,939.9031 398.91152,939.9031 C 398.84756,939.9031 398.78158,939.89913 398.71359,939.8912 C 398.64559,939.88326 398.59157,939.8793 398.55154,939.8793 L 398.55154,939.8793 z"
-       id="text3245" />
-    <path
-       style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:#939393;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Dominican;-inkscape-font-specification:Dominican"
-       d="M 433.97515,936.58822 L 436.87884,931.5964 L 438.17486,932.11239 L 438.01885,936.03634 L 438.42718,936.13229 C 438.62712,936.1882 438.73503,936.22018 438.75091,936.22824 C 438.799,936.26022 438.83904,936.31222 438.87103,936.38424 C 438.93499,936.52829 438.98094,936.63431 439.0089,936.7023 C 439.03686,936.77029 439.05083,936.84823 439.05083,936.93612 C 439.05083,937.00033 439.03887,937.06442 439.01495,937.12838 L 437.92291,937.20016 L 437.93499,939.73214 C 437.93499,939.94015 437.86296,940.03219 437.71893,940.00826 C 437.31902,939.95236 437.08709,939.91232 437.02312,939.88815 C 436.78313,939.78414 436.66314,939.57223 436.66314,939.25241 L 436.66314,937.28439 L 434.71893,937.28439 L 433.97515,936.58822 z M 435.48687,936.08431 L 436.80706,936.10812 L 437.01104,933.13229 L 435.48687,936.08431 z"
-       id="text3249" />
-    <path
-       style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#979797;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Dominican;-inkscape-font-specification:Dominican"
-       d="M 109.34409,932.3674 C 109.08016,933.58322 108.9001,934.43124 108.80392,934.91146 C 108.65206,935.67123 108.49617,936.52719 108.33628,937.47933 L 107.04026,936.98715 L 106.27194,932.81124 L 105.39597,937.73129 L 104.01609,937.28744 L 103.3082,929.55929 C 103.3082,929.47141 103.38021,929.42746 103.52426,929.42745 C 103.63608,929.43527 103.71604,929.43918 103.76413,929.43917 C 103.91622,929.43918 104.04623,929.46518 104.15414,929.51718 C 104.26206,929.56919 104.32004,929.65927 104.3281,929.78744 L 104.77194,935.69113 L 105.64792,929.97933 L 107.04026,930.03939 L 107.65219,935.5234 C 107.76425,934.39523 107.95627,933.16318 108.22824,931.82723 C 108.35617,931.17124 108.46811,930.65927 108.56405,930.29135 C 108.63607,930.00327 108.78011,929.49521 108.99618,928.76718 C 109.02011,928.7352 109.04806,928.69919 109.08005,928.65914 C 109.15206,928.58713 109.23213,928.55918 109.32028,928.57528 C 109.55221,928.61533 109.73819,928.69132 109.87821,928.80325 C 110.0182,928.91519 110.08821,929.06723 110.08822,929.25936 C 109.91219,929.97129 109.78413,930.48728 109.70407,930.80734 C 109.57613,931.32736 109.45614,931.84738 109.34409,932.3674 L 109.34409,932.3674 z M 111.18136,931.43136 L 111.18136,930.65133 C 111.18136,930.49924 111.22733,930.36521 111.31924,930.24923 C 111.41116,930.13327 111.52914,930.07529 111.67319,930.07528 C 111.80917,930.07529 111.9332,930.12729 112.04525,930.23129 C 112.15732,930.3353 112.21335,930.45932 112.21335,930.60336 L 112.21335,931.68331 C 112.21335,931.79538 112.16135,931.87741 112.05734,931.92941 C 111.95334,931.98141 111.82932,932.00742 111.68527,932.00741 C 111.54122,932.00742 111.42123,931.95139 111.32529,931.83932 C 111.22933,931.72726 111.18136,931.59128 111.18136,931.43136 L 111.18136,931.43136 z M 111.13339,937.22738 L 111.13339,932.83541 C 111.13339,932.64328 111.24533,932.54721 111.46921,932.54721 C 111.74117,932.54721 111.93515,932.58121 112.05112,932.64919 C 112.16708,932.71719 112.22507,932.81125 112.22507,932.93136 L 112.1174,937.67123 C 112.1174,937.76718 112.04538,937.81515 111.90134,937.81515 C 111.82126,937.81515 111.75118,937.80715 111.69112,937.79116 C 111.63107,937.77517 111.58505,937.76327 111.55307,937.75546 C 111.27329,937.66732 111.13339,937.4913 111.13339,937.22738 L 111.13339,937.22738 z M 113.68845,932.8713 L 113.79648,932.73947 L 114.0726,932.73947 C 114.13657,932.73947 114.21053,932.77743 114.29452,932.85336 C 114.37851,932.92929 114.44455,932.97531 114.49265,932.99142 C 114.60446,933.02341 114.69638,932.93741 114.76839,932.73342 C 114.84042,932.52945 114.92641,932.41342 115.0264,932.38534 C 115.12636,932.35727 115.19638,932.34323 115.23641,932.34323 C 115.38852,932.34323 115.52255,932.39725 115.63852,932.50527 C 115.75449,932.61331 115.81247,932.74326 115.81247,932.89511 L 115.80039,933.36312 C 115.80038,933.5953 115.77237,933.80539 115.71634,933.99337 C 115.6603,934.18136 115.57236,934.27536 115.45248,934.27535 C 115.26839,934.27536 115.14437,934.0953 115.08042,933.73519 C 115.04843,933.55917 114.9924,933.47116 114.91233,933.47116 C 114.84054,933.47116 114.78261,933.53116 114.73855,933.65115 C 114.69449,933.77115 114.67246,934.0112 114.67246,934.3713 C 114.67246,934.48337 114.67246,934.58139 114.67246,934.66537 C 114.67246,934.74936 114.67246,934.81527 114.67246,934.86312 L 114.67246,937.79135 C 114.58456,937.83138 114.48459,937.8514 114.37252,937.8514 C 114.30051,937.8514 114.2125,937.83938 114.10849,937.81533 C 114.00449,937.79128 113.90451,937.73324 113.80857,937.6412 C 113.71261,937.54916 113.66464,937.43124 113.66464,937.28744 L 113.68845,932.8713 z M 119.45774,933.78317 L 119.52951,935.22311 L 117.82552,935.49923 C 117.68173,935.53122 117.58579,935.56723 117.53769,935.60726 C 117.43368,935.68734 117.38168,935.7994 117.38169,935.94345 L 117.40548,936.49533 C 117.40548,936.6152 117.44351,936.72518 117.51955,936.82528 C 117.59561,936.92538 117.68563,936.9714 117.78964,936.96334 C 118.01376,936.93136 118.29379,936.75534 118.62973,936.43527 C 118.96567,936.1152 119.11764,935.91916 119.08567,935.84713 C 119.11764,935.83126 119.16965,935.82333 119.24167,935.82333 C 119.37765,935.82333 119.47763,935.86734 119.5416,935.95535 C 119.60556,936.04336 119.63754,936.13534 119.63755,936.23129 C 119.63754,936.27133 119.62557,936.32333 119.60165,936.38729 C 119.55356,936.57138 119.48556,936.73141 119.39767,936.8674 C 119.35763,936.93136 119.24556,937.07138 119.0615,937.28744 C 118.90964,937.46322 118.75571,937.59115 118.59969,937.67123 C 118.44369,937.75131 118.25765,937.79135 118.0416,937.79135 C 117.89755,937.79135 117.77956,937.77731 117.68766,937.74923 C 117.59573,937.72116 117.50168,937.6672 117.40548,937.58737 L 116.78182,937.0234 C 116.75765,937.00729 116.73361,936.97122 116.70969,936.91519 C 116.68576,936.85916 116.66574,936.81515 116.64963,936.78317 C 116.59372,936.63937 116.56576,936.48739 116.56576,936.32723 L 116.56576,935.3912 C 116.56576,934.78329 116.69974,934.1553 116.96768,933.50723 C 117.23562,932.85916 117.52158,932.53513 117.82552,932.53512 C 117.87363,932.53513 117.90964,932.53915 117.93357,932.54721 C 118.08566,932.59531 118.27969,932.63132 118.51566,932.65524 C 118.75162,932.67917 118.93563,932.76315 119.06771,932.90719 C 119.19979,933.05124 119.29782,933.18924 119.36178,933.32119 C 119.42575,933.45315 119.45773,933.60715 119.45774,933.78317 L 119.45774,933.78317 z M 118.58176,933.77145 C 118.58176,933.63547 118.55576,933.51547 118.50376,933.41146 C 118.45175,933.30746 118.36972,933.23935 118.25765,933.20712 C 118.13754,933.1832 118.0256,933.31125 117.92185,933.59127 C 117.84982,933.79123 117.80173,933.93124 117.77756,934.01132 C 117.71358,934.17929 117.66562,934.32327 117.63363,934.44326 C 117.60165,934.56326 117.58566,934.69125 117.58567,934.82723 L 118.58176,934.59945 L 118.58176,933.77145 z M 120.69589,937.04721 L 120.80356,929.73947 C 120.80356,929.64328 120.85361,929.5712 120.95371,929.52322 C 121.0538,929.47525 121.16379,929.46323 121.28366,929.48715 C 121.45163,929.51914 121.56564,929.57517 121.6257,929.65524 C 121.68576,929.73532 121.71579,929.85129 121.71579,930.00314 L 121.53562,937.61117 C 121.53561,937.6993 121.45969,937.74337 121.30783,937.74337 C 121.25168,937.74337 121.19162,937.73532 121.12766,937.7192 C 120.91965,937.62326 120.79568,937.5433 120.75576,937.47933 C 120.71585,937.41537 120.69589,937.27133 120.69589,937.04721 L 120.69589,937.04721 z M 125.71554,933.78317 L 125.78733,935.22311 L 124.08335,935.49923 C 123.93955,935.53122 123.84359,935.56723 123.7955,935.60726 C 123.6915,935.68734 123.6395,935.7994 123.6395,935.94345 L 123.6633,936.49533 C 123.6633,936.6152 123.70132,936.72518 123.77738,936.82528 C 123.85343,936.92538 123.94344,936.9714 124.04746,936.96334 C 124.27158,936.93136 124.5516,936.75534 124.88755,936.43527 C 125.22348,936.1152 125.37546,935.91916 125.34348,935.84713 C 125.37546,935.83126 125.42746,935.82333 125.49948,935.82333 C 125.63547,935.82333 125.73543,935.86734 125.79941,935.95535 C 125.86337,936.04336 125.89534,936.13534 125.89535,936.23129 C 125.89534,936.27133 125.88339,936.32333 125.85947,936.38729 C 125.81136,936.57138 125.74338,936.73141 125.65548,936.8674 C 125.61544,936.93136 125.50339,937.07138 125.31931,937.28744 C 125.16745,937.46322 125.01352,937.59115 124.85752,937.67123 C 124.7015,937.75131 124.51547,937.79135 124.29941,937.79135 C 124.15537,937.79135 124.03737,937.77731 123.94547,937.74923 C 123.85354,937.72116 123.75949,937.6672 123.6633,937.58737 L 123.03964,937.0234 C 123.01547,937.00729 122.99142,936.97122 122.9675,936.91519 C 122.94357,936.85916 122.92355,936.81515 122.90743,936.78317 C 122.85153,936.63937 122.82358,936.48739 122.82358,936.32723 L 122.82358,935.3912 C 122.82358,934.78329 122.95755,934.1553 123.22549,933.50723 C 123.49344,932.85916 123.77938,932.53513 124.08335,932.53512 C 124.13144,932.53513 124.16745,932.53915 124.19137,932.54721 C 124.34348,932.59531 124.53751,932.63132 124.77347,932.65524 C 125.00942,932.67917 125.19344,932.76315 125.32552,932.90719 C 125.45761,933.05124 125.55562,933.18924 125.6196,933.32119 C 125.68356,933.45315 125.71554,933.60715 125.71554,933.78317 L 125.71554,933.78317 z M 124.83956,933.77145 C 124.83956,933.63547 124.81357,933.51547 124.76157,933.41146 C 124.70955,933.30746 124.62752,933.23935 124.51547,933.20712 C 124.39535,933.1832 124.28341,933.31125 124.17965,933.59127 C 124.10764,933.79123 124.05954,933.93124 124.03537,934.01132 C 123.97141,934.17929 123.92343,934.32327 123.89145,934.44326 C 123.85947,934.56326 123.84348,934.69125 123.84348,934.82723 L 124.83956,934.59945 L 124.83956,933.77145 z M 126.83358,937.26327 C 126.73764,937.19931 126.68966,937.09933 126.68966,936.96334 C 126.68966,936.88327 126.71366,936.80722 126.76163,936.73519 C 126.8096,936.66317 126.86758,936.60916 126.93558,936.57315 C 127.00357,936.53714 127.06955,936.53524 127.13352,936.56747 C 127.34152,936.70346 127.49752,936.80343 127.60153,936.8674 C 127.80148,936.99533 127.94942,937.05929 128.04538,937.05929 C 128.14937,937.05929 128.2134,937.02127 128.23746,936.94522 C 128.2615,936.86917 128.27353,936.81918 128.27353,936.79525 C 128.27353,936.75521 128.27353,936.72726 128.27353,936.71139 C 128.27353,936.54342 128.18149,936.37936 127.99741,936.2192 C 127.82138,936.08322 127.64737,935.94522 127.47537,935.8052 C 127.30338,935.66519 127.17141,935.52719 127.0795,935.3912 C 126.98757,935.25522 126.92362,935.09921 126.88761,934.92318 C 126.85159,934.74716 126.83358,934.59518 126.83358,934.46725 C 126.83358,934.05929 126.94956,933.6893 127.18149,933.35726 C 127.41342,933.02524 127.70944,932.85922 128.06955,932.85922 C 128.17355,932.85922 128.23752,932.85922 128.26145,932.85922 C 128.3176,932.85922 128.35764,932.86728 128.38155,932.88339 L 128.95761,933.23129 C 129.08553,933.31137 129.17355,933.42343 129.22164,933.56747 C 129.24556,933.63144 129.2695,933.78732 129.29343,934.03512 C 129.29343,934.21921 129.28341,934.37527 129.2634,934.50332 C 129.24338,934.63138 129.20139,934.76742 129.13742,934.91146 L 128.5134,934.91146 C 128.48946,934.84726 128.4515,934.79318 128.39951,934.74923 C 128.3475,934.70529 128.32149,934.48337 128.32151,934.08346 C 128.32149,933.9714 128.32149,933.85531 128.32151,933.73519 C 128.29757,933.67123 128.26157,933.63925 128.21347,933.63925 C 128.13363,933.63925 128.03366,933.73526 127.91354,933.92727 C 127.79343,934.11929 127.72141,934.28732 127.69747,934.43136 C 127.67355,934.6152 127.71761,934.79123 127.82968,934.95944 C 127.90951,935.07931 128.05344,935.22323 128.26145,935.3912 C 128.46945,935.55917 128.68552,935.72714 128.90964,935.89511 C 129.16549,936.12728 129.29343,936.3674 129.29343,936.61544 C 129.29343,936.92745 129.15347,937.21145 128.87357,937.46743 C 128.59366,937.72341 128.32968,937.8514 128.08164,937.8514 C 127.89755,937.8514 127.72549,937.81539 127.56546,937.74337 C 127.40543,937.67135 127.16146,937.51132 126.83358,937.26327 L 126.83358,937.26327 z M 130.2789,937.26327 C 130.18295,937.19931 130.13497,937.09933 130.13497,936.96334 C 130.13497,936.88327 130.15896,936.80722 130.20694,936.73519 C 130.25492,936.66317 130.31289,936.60916 130.38089,936.57315 C 130.44888,936.53714 130.51486,936.53524 130.57882,936.56747 C 130.78683,936.70346 130.94284,936.80343 131.04685,936.8674 C 131.24679,936.99533 131.39475,937.05929 131.49069,937.05929 C 131.5947,937.05929 131.65872,937.02127 131.68277,936.94522 C 131.70682,936.86917 131.71884,936.81918 131.71884,936.79525 C 131.71884,936.75521 131.71884,936.72726 131.71884,936.71139 C 131.71884,936.54342 131.6268,936.37936 131.44271,936.2192 C 131.26668,936.08322 131.09268,935.94522 130.92068,935.8052 C 130.74868,935.66519 130.61673,935.52719 130.52481,935.3912 C 130.43288,935.25522 130.36893,935.09921 130.33292,934.92318 C 130.29691,934.74716 130.2789,934.59518 130.2789,934.46725 C 130.2789,934.05929 130.39487,933.6893 130.6268,933.35726 C 130.85873,933.02524 131.15475,932.85922 131.51486,932.85922 C 131.61886,932.85922 131.68283,932.85922 131.70676,932.85922 C 131.76291,932.85922 131.80294,932.86728 131.82688,932.88339 L 132.40293,933.23129 C 132.53084,933.31137 132.61886,933.42343 132.66696,933.56747 C 132.69089,933.63144 132.71481,933.78732 132.73873,934.03512 C 132.73873,934.21921 132.72872,934.37527 132.70871,934.50332 C 132.68868,934.63138 132.64669,934.76742 132.58274,934.91146 L 131.95871,934.91146 C 131.93478,934.84726 131.89682,934.79318 131.84482,934.74923 C 131.79282,934.70529 131.76682,934.48337 131.76682,934.08346 C 131.76682,933.9714 131.76682,933.85531 131.76682,933.73519 C 131.74289,933.67123 131.70687,933.63925 131.65878,933.63925 C 131.57895,933.63925 131.47897,933.73526 131.35886,933.92727 C 131.23873,934.11929 131.16672,934.28732 131.14279,934.43136 C 131.11886,934.6152 131.16293,934.79123 131.275,934.95944 C 131.35483,935.07931 131.49875,935.22323 131.70676,935.3912 C 131.91476,935.55917 132.13083,935.72714 132.35495,935.89511 C 132.6108,936.12728 132.73873,936.3674 132.73873,936.61544 C 132.73873,936.92745 132.59878,937.21145 132.31887,937.46743 C 132.03897,937.72341 131.77499,937.8514 131.52695,937.8514 C 131.34287,937.8514 131.17081,937.81539 131.01077,937.74337 C 130.85074,937.67135 130.60677,937.51132 130.2789,937.26327 L 130.2789,937.26327 z M 145.64951,931.63534 C 145.6014,932.07529 145.41745,932.48727 145.09762,932.8713 C 144.84152,933.17526 144.45345,933.50326 143.93344,933.85531 L 143.41745,934.20321 L 145.36167,937.13143 C 145.37752,937.21127 145.38546,937.2712 145.38547,937.31124 C 145.38546,937.51119 145.29745,937.6672 145.12143,937.77926 C 145.03354,937.82736 144.94955,937.8514 144.86947,937.8514 C 144.74959,937.8514 144.63961,937.82137 144.53951,937.76132 C 144.43941,937.70126 144.34945,937.6152 144.26962,937.50314 L 141.84567,934.22738 L 141.78562,937.58737 C 141.78561,937.70724 141.68955,937.76718 141.49741,937.76718 C 141.38558,937.76718 141.29757,937.75118 141.23336,937.7192 C 141.0815,937.67135 140.94956,937.62539 140.8375,937.58132 C 140.72543,937.53726 140.6694,937.41525 140.66941,937.2153 L 140.69358,930.0632 C 140.69357,929.91135 140.71554,929.7814 140.75949,929.67336 C 140.80344,929.56534 140.8895,929.48337 141.01766,929.42745 C 141.08164,929.40329 141.14963,929.39121 141.22164,929.3912 C 141.39767,929.39121 141.53769,929.45529 141.64169,929.58346 C 141.84969,929.47946 142.03769,929.41342 142.20566,929.38534 C 142.37363,929.35727 142.60556,929.34323 142.90145,929.34323 L 143.52548,929.34323 C 144.03744,929.34323 144.52144,929.56723 144.97751,930.01522 C 145.43356,930.46323 145.66159,930.95126 145.66159,931.47933 C 145.65353,931.55136 145.6495,931.60336 145.64951,931.63534 L 145.64951,931.63534 z M 141.86947,933.48324 C 142.29354,933.37924 142.61758,933.24124 142.84159,933.06924 C 143.06557,932.89725 143.24959,932.75522 143.39364,932.64315 C 143.70566,932.39535 143.95163,932.11942 144.13155,931.81533 C 144.31149,931.51126 144.40145,931.19919 144.40145,930.87911 C 144.40145,930.68723 144.30544,930.54129 144.11344,930.44131 C 143.92141,930.34134 143.68538,930.29135 143.40537,930.29135 C 143.07747,930.29135 142.76552,930.34336 142.46952,930.44735 C 142.17348,930.55136 141.99752,930.67929 141.94162,930.83114 L 141.86947,933.48324 z M 147.50216,937.62325 C 147.1423,937.47921 146.87833,937.25119 146.71024,936.93917 C 146.54215,936.62716 146.4581,936.25521 146.4581,935.82333 C 146.4581,935.71933 146.4581,935.63131 146.4581,935.55929 C 146.4581,935.48727 146.47409,935.36325 146.50608,935.18722 C 146.52219,934.89132 146.53817,934.65133 146.55405,934.46725 C 146.61826,933.83517 146.87436,933.17917 147.32236,932.49923 C 147.3702,932.41916 147.4421,932.37912 147.53806,932.37911 C 147.59421,932.37912 147.7103,932.41513 147.88631,932.48715 C 148.06234,932.55917 148.19833,932.59518 148.29427,932.59518 C 148.75034,932.59518 149.09432,932.85922 149.32627,933.38729 C 149.52621,933.84335 149.62618,934.42331 149.62618,935.12716 C 149.62618,935.84713 149.53414,936.43112 149.35007,936.87911 C 149.12618,937.4233 148.7822,937.75533 148.31808,937.87521 C 148.23825,937.89132 148.18625,937.89938 148.16208,937.89938 C 148.09811,937.89938 148.03817,937.88339 147.98227,937.8514 C 147.92636,937.81942 147.87033,937.78744 147.81418,937.75546 L 147.50216,937.62325 z M 148.03025,933.43527 C 147.91012,933.69919 147.79208,933.96518 147.67612,934.23324 C 147.56015,934.50131 147.50216,934.83127 147.50216,935.22311 C 147.50216,935.34323 147.49019,935.51931 147.46627,935.75137 C 147.44235,935.98343 147.43039,936.15145 147.43039,936.25546 C 147.43039,936.45541 147.46035,936.62539 147.5203,936.76541 C 147.58023,936.90542 147.69016,937.01937 147.85007,937.10726 C 147.97824,937.17929 148.11826,937.01132 148.27011,936.60336 C 148.38217,936.29135 148.47421,935.91134 148.54623,935.46334 C 148.57015,935.3193 148.58212,935.16732 148.58212,935.00741 C 148.58212,934.62338 148.53011,934.25137 148.42612,933.89138 C 148.3221,933.5314 148.22214,933.35141 148.12618,933.3514 C 148.08615,933.35141 148.05417,933.37936 148.03025,933.43527 L 148.03025,933.43527 z M 151.76157,937.77926 C 151.64145,937.77926 151.54147,937.75521 151.46164,937.70712 L 151.05331,937.45516 C 150.98154,937.41513 150.92362,937.36715 150.87955,937.31124 C 150.83548,937.25534 150.78146,937.16732 150.7175,937.04721 C 150.6135,936.84725 150.56149,936.64328 150.5615,936.43527 L 150.72959,933.02731 C 150.72959,932.94723 150.78159,932.9072 150.88558,932.90719 C 150.93344,932.9072 150.99741,932.91721 151.07748,932.93722 C 151.15756,932.95724 151.23959,932.97726 151.32358,932.99728 C 151.40756,933.0173 151.50949,933.07529 151.62937,933.17123 L 151.46164,935.79916 C 151.46164,936.23935 151.48557,936.56344 151.53341,936.77145 C 151.58956,936.84323 151.6456,936.91122 151.7015,936.97543 C 151.97348,936.78329 152.14945,936.61526 152.2294,936.47134 C 152.30936,936.32742 152.34932,936.17538 152.34933,936.01522 L 152.4094,932.67941 L 152.72141,932.64315 C 153.01755,932.64316 153.27353,932.74716 153.48935,932.95516 L 153.47763,937.83932 C 153.40561,937.8713 153.32149,937.88729 153.2253,937.88729 C 153.20138,937.88729 153.14742,937.87728 153.06345,937.85726 C 152.97946,937.83724 152.90347,937.80721 152.83548,937.76718 C 152.76748,937.72714 152.72946,937.6672 152.72141,937.58737 L 152.64963,937.08346 L 152.13363,937.63534 C 152.03744,937.73129 151.91342,937.77926 151.76157,937.77926 L 151.76157,937.77926 z M 155.04757,933.75936 L 154.85567,933.66342 L 154.66342,933.66342 L 154.48361,933.43527 L 154.45944,932.85922 L 155.07174,932.72738 L 155.13144,930.44735 C 155.2596,930.41538 155.38363,930.39939 155.50351,930.39938 C 155.57552,930.39939 155.66153,930.40738 155.7615,930.42336 C 155.86148,930.43936 155.99545,930.4874 156.16342,930.56747 L 156.13961,932.60726 L 156.6677,932.60726 L 156.83542,932.91928 L 156.8237,933.49533 L 156.0195,933.57919 L 156.0195,937.75546 C 155.93161,937.77938 155.85959,937.79135 155.80344,937.79135 C 155.74752,937.79135 155.68154,937.78134 155.60549,937.76132 C 155.52945,937.7413 155.45553,937.72323 155.38376,937.70712 C 155.10372,937.62728 154.96372,937.4714 154.96372,937.23947 L 155.04757,933.75936 z M 160.42649,933.78317 L 160.49826,935.22311 L 158.79427,935.49923 C 158.65048,935.53122 158.55454,935.56723 158.50644,935.60726 C 158.40243,935.68734 158.35043,935.7994 158.35044,935.94345 L 158.37423,936.49533 C 158.37423,936.6152 158.41226,936.72518 158.4883,936.82528 C 158.56436,936.92538 158.65438,936.9714 158.75839,936.96334 C 158.98251,936.93136 159.26254,936.75534 159.59848,936.43527 C 159.93442,936.1152 160.08639,935.91916 160.05442,935.84713 C 160.08639,935.83126 160.1384,935.82333 160.21042,935.82333 C 160.3464,935.82333 160.44638,935.86734 160.51035,935.95535 C 160.57431,936.04336 160.60629,936.13534 160.6063,936.23129 C 160.60629,936.27133 160.59432,936.32333 160.5704,936.38729 C 160.52231,936.57138 160.45431,936.73141 160.36642,936.8674 C 160.32638,936.93136 160.21431,937.07138 160.03025,937.28744 C 159.87839,937.46322 159.72446,937.59115 159.56844,937.67123 C 159.41244,937.75131 159.2264,937.79135 159.01035,937.79135 C 158.8663,937.79135 158.74831,937.77731 158.65641,937.74923 C 158.56448,937.72116 158.47043,937.6672 158.37423,937.58737 L 157.75057,937.0234 C 157.7264,937.00729 157.70236,936.97122 157.67844,936.91519 C 157.65451,936.85916 157.63449,936.81515 157.61838,936.78317 C 157.56247,936.63937 157.53451,936.48739 157.53451,936.32723 L 157.53451,935.3912 C 157.53451,934.78329 157.66849,934.1553 157.93643,933.50723 C 158.20437,932.85916 158.49033,932.53513 158.79427,932.53512 C 158.84238,932.53513 158.87839,932.53915 158.90232,932.54721 C 159.05441,932.59531 159.24844,932.63132 159.48441,932.65524 C 159.72037,932.67917 159.90438,932.76315 160.03646,932.90719 C 160.16854,933.05124 160.26657,933.18924 160.33053,933.32119 C 160.3945,933.45315 160.42648,933.60715 160.42649,933.78317 L 160.42649,933.78317 z M 159.55051,933.77145 C 159.55051,933.63547 159.52451,933.51547 159.47251,933.41146 C 159.4205,933.30746 159.33847,933.23935 159.2264,933.20712 C 159.10629,933.1832 158.99435,933.31125 158.8906,933.59127 C 158.81857,933.79123 158.77048,933.93124 158.74631,934.01132 C 158.68233,934.17929 158.63437,934.32327 158.60238,934.44326 C 158.5704,934.56326 158.55441,934.69125 158.55442,934.82723 L 159.55051,934.59945 L 159.55051,933.77145 z M 161.68845,932.8713 L 161.79648,932.73947 L 162.0726,932.73947 C 162.13657,932.73947 162.21053,932.77743 162.29452,932.85336 C 162.37851,932.92929 162.44455,932.97531 162.49265,932.99142 C 162.60446,933.02341 162.69638,932.93741 162.76839,932.73342 C 162.84042,932.52945 162.92641,932.41342 163.0264,932.38534 C 163.12636,932.35727 163.19638,932.34323 163.23641,932.34323 C 163.38852,932.34323 163.52255,932.39725 163.63852,932.50527 C 163.75449,932.61331 163.81247,932.74326 163.81247,932.89511 L 163.80039,933.36312 C 163.80038,933.5953 163.77237,933.80539 163.71634,933.99337 C 163.6603,934.18136 163.57236,934.27536 163.45248,934.27535 C 163.26839,934.27536 163.14437,934.0953 163.08042,933.73519 C 163.04843,933.55917 162.9924,933.47116 162.91233,933.47116 C 162.84054,933.47116 162.78261,933.53116 162.73855,933.65115 C 162.69449,933.77115 162.67246,934.0112 162.67246,934.3713 C 162.67246,934.48337 162.67246,934.58139 162.67246,934.66537 C 162.67246,934.74936 162.67246,934.81527 162.67246,934.86312 L 162.67246,937.79135 C 162.58456,937.83138 162.48459,937.8514 162.37252,937.8514 C 162.30051,937.8514 162.2125,937.83938 162.10849,937.81533 C 162.00449,937.79128 161.90451,937.73324 161.80857,937.6412 C 161.71261,937.54916 161.66464,937.43124 161.66464,937.28744 L 161.68845,932.8713 z"
-       id="text3253" />
-    <path
-       style="fill:#ececec;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3304)"
-       d="M 62.895745,955.18402 C 62.360025,954.46973 57.538595,951.43402 57.181455,948.04116 C 56.824315,944.6483 57.895745,913.75545 57.895745,913.75545 C 57.895745,913.75545 60.217165,909.11259 62.181455,908.57688 C 64.145745,908.04116 65.217165,907.50545 65.217165,907.50545 L 53.610025,904.82688 L 50.931455,901.43402 L 51.467165,913.93402 L 52.360025,944.6483 C 52.360025,944.6483 51.645745,947.68402 50.395745,948.04116 C 49.145745,948.3983 53.074315,953.57688 53.967165,953.93402 C 54.860025,954.29116 62.895745,955.54116 62.895745,955.18402 z"
-       id="path3282" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#fdfdfd;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;filter:url(#filter3368)"
-       d="M 47.895745,901.79116 C 47.895745,901.79116 51.288595,907.68402 54.502885,908.04116 C 57.717165,908.3983 64.681455,909.6483 68.967165,909.6483 C 73.252885,909.6483 73.252885,909.6483 73.252885,909.6483"
-       id="path3284" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#fdfdfd;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 76.467165,910.00545 L 264.32431,909.29116"
-       id="path3286" />
-    <path
-       style="fill:#2c2c2c;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="M 59.598995,868.26188 L 91.671345,744.01311 C 91.671345,744.01311 93.439105,737.19458 100.76272,733.65905 C 108.08633,730.12352 119.45054,729.61844 119.45054,729.61844 C 119.45054,729.61844 522.5014,731.13367 523.51155,731.13367 C 524.5217,731.13367 538.91638,733.91159 542.19938,737.19458 C 545.48237,740.47758 548.51283,747.54865 548.51283,747.54865 L 575.02933,869.52457 C 575.02933,869.52457 576.03949,876.3431 573.76664,877.35325 C 571.4938,878.3634 564.92782,878.3634 564.92782,878.3634 L 65.407375,874.82786 C 65.407375,874.82786 60.609145,873.56518 59.851535,872.30249 C 59.093915,871.0398 59.851535,868.51442 59.598995,868.26188 z"
-       id="path3752"
-       sodipodi:nodetypes="ccscssccsccsc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#868686;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;filter:url(#filter3982)"
-       d="M 59.346455,869.77711 C 59.346455,869.77711 59.598995,872.30249 61.366765,873.0601 C 63.134535,873.81772 67.175145,873.81772 67.175145,873.81772 L 570.23111,877.85833 C 570.23111,877.85833 573.00902,878.11086 574.52425,876.3431 C 576.03949,874.57533 575.53441,870.02964 575.53441,870.02964"
-       id="path3754" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3962)"
-       d="M 163.96716,740.00545 L 162.18145,748.13045 L 166.02075,748.13045 L 168.07432,740.18402 L 163.96716,740.00545 z"
-       id="path3810" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3958)"
-       d="M 168.69932,739.20188 C 168.25288,739.20188 163.7886,739.0233 163.7886,739.0233"
-       id="path3812" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3954)"
-       d="M 189.36894,739.91617 L 188.29753,748.13046 L 192.13682,748.13046 L 193.4761,740.09474 L 189.36894,739.91617 z"
-       id="path3814"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3950)"
-       d="M 193.92253,739.1126 C 193.4761,739.1126 189.01181,738.93402 189.01181,738.93402"
-       id="path3816" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3946)"
-       d="M 215.44037,739.46974 L 214.45824,747.59474 L 218.29752,747.59474 L 219.54752,739.64831 L 215.44037,739.46974 z"
-       id="path3818"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3942)"
-       d="M 220.17252,738.66617 C 219.7261,738.66617 215.26181,738.48759 215.26181,738.48759"
-       id="path3820" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3938)"
-       d="M 241.06539,740.00545 L 240.17254,748.13045 L 244.01183,748.13045 L 245.17254,740.18402 L 241.06539,740.00545 z"
-       id="path3822"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3934)"
-       d="M 245.79754,739.20188 C 245.3511,739.20188 240.88681,739.0233 240.88681,739.0233"
-       id="path3824" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3930)"
-       d="M 266.33324,739.64831 L 265.79752,748.39831 L 269.63681,748.39831 L 270.44038,739.82688 L 266.33324,739.64831 z"
-       id="path3826"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3926)"
-       d="M 271.06538,738.84474 C 270.61895,738.84474 266.15466,738.66616 266.15466,738.66616"
-       id="path3828" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3922)"
-       d="M 291.95824,740.36259 L 291.69039,748.75545 L 295.52968,748.75545 L 296.06539,740.54116 L 291.95824,740.36259 z"
-       id="path3830"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3918)"
-       d="M 296.69039,739.55902 C 296.24397,739.55902 291.77967,739.38044 291.77967,739.38044"
-       id="path3832" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3914)"
-       d="M 318.11895,740.63045 L 317.76181,749.20188 L 321.6011,749.20188 L 322.2261,740.80902 L 318.11895,740.63045 z"
-       id="path3834"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3910)"
-       d="M 322.8511,739.82688 C 322.40467,739.82688 317.94038,739.6483 317.94038,739.6483"
-       id="path3836" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3906)"
-       d="M 343.56537,740.63045 L 343.65466,748.84474 L 347.49395,748.84474 L 347.67252,740.80902 L 343.56537,740.63045 z"
-       id="path3838"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3902)"
-       d="M 348.29752,739.82688 C 347.85109,739.82688 343.3868,739.6483 343.3868,739.6483"
-       id="path3840" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3898)"
-       d="M 369.81537,740.36259 L 369.81537,748.93402 L 373.65466,748.93402 L 373.92252,740.54116 L 369.81537,740.36259 z"
-       id="path3842"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3894)"
-       d="M 374.54752,739.55902 C 374.10109,739.55902 369.6368,739.38044 369.6368,739.38044"
-       id="path3844" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3890)"
-       d="M 394.27966,740.98759 L 394.99395,749.38045 L 398.83324,749.38045 L 398.38681,741.16616 L 394.27966,740.98759 z"
-       id="path3846"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3886)"
-       d="M 399.01181,740.18402 C 398.56538,740.18402 394.10109,740.00544 394.10109,740.00544"
-       id="path3848" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3882)"
-       d="M 420.61895,740.63045 L 421.24395,749.02331 L 425.08324,749.02331 L 424.7261,740.80902 L 420.61895,740.63045 z"
-       id="path3850"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3878)"
-       d="M 425.3511,739.82688 C 424.90467,739.82688 420.44038,739.6483 420.44038,739.6483"
-       id="path3852" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3874)"
-       d="M 446.15466,741.34473 L 447.13681,749.6483 L 450.9761,749.6483 L 450.26181,741.5233 L 446.15466,741.34473 z"
-       id="path3854"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3870)"
-       d="M 450.88681,740.54116 C 450.44038,740.54116 445.97609,740.36258 445.97609,740.36258"
-       id="path3856" />
-    <path
-       style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3866)"
-       d="M 472.1368,741.07688 L 473.20823,749.55902 L 477.04752,749.55902 L 476.24396,741.25545 L 472.1368,741.07688 z"
-       id="path3858"
-       sodipodi:nodetypes="ccccc" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#494949;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3862)"
-       d="M 476.86896,740.27331 C 476.42252,740.27331 471.95823,740.09473 471.95823,740.09473"
-       id="path3860" />
-    <path
-       style="fill:#010101;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3996)"
-       d="M 457.00288,731.43402 L 458.43145,635.00545 L 457.71716,507.86259 C 457.71716,507.86259 460.10513,497.86259 471.28859,497.1483 C 478.45249,496.69074 482.71717,509.29116 482.71717,509.29116 L 482.71717,651.43402 L 484.14574,731.43402 L 457.00288,731.43402 z"
-       id="path3986"
-       sodipodi:nodetypes="cccscccc" />
-  </g>
-</svg>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/group.svg b/wpa_supplicant/wpa_gui-qt4/icons/group.svg
deleted file mode 100644
index 4ea959b5779f..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/group.svg
+++ /dev/null
@@ -1,616 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   height="160.00000"
-   id="Andysvg"
-   inkscape:version="0.46"
-   sodipodi:docbase="/home/andy/Desktop/etiquette-icons-0.4/scalable/filesystems"
-   sodipodi:docname="gnome-fs-network.svg"
-   sodipodi:version="0.32"
-   version="1.0"
-   width="160.00000"
-   x="0.00000000"
-   y="0.00000000"
-   inkscape:output_extension="org.inkscape.output.svg.inkscape"
-   inkscape:export-filename="C:\Documents and Settings\All Users\Documents\Ubuntu Brig\Andy Fitzsimon\gnome-fs-network.png"
-   inkscape:export-xdpi="90"
-   inkscape:export-ydpi="90">
-  <metadata
-     id="metadata3">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:title>Etiquette Icons</dc:title>
-        <dc:description />
-        <dc:subject>
-          <rdf:Bag>
-            <rdf:li>hash</rdf:li>
-            <rdf:li />
-            <rdf:li>filesystem</rdf:li>
-            <rdf:li>computer</rdf:li>
-            <rdf:li>icons</rdf:li>
-          </rdf:Bag>
-        </dc:subject>
-        <dc:publisher>
-          <cc:Agent
-             rdf:about="http://www.openclipart.org">
-            <dc:title>Andy Fitzsimon</dc:title>
-          </cc:Agent>
-        </dc:publisher>
-        <dc:creator>
-          <cc:Agent>
-            <dc:title>Andy Fitzsimon</dc:title>
-          </cc:Agent>
-        </dc:creator>
-        <dc:rights>
-          <cc:Agent>
-            <dc:title>Andy Fitzsimon</dc:title>
-          </cc:Agent>
-        </dc:rights>
-        <dc:date />
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <cc:license
-           rdf:resource="http://web.resource.org/cc/PublicDomain" />
-        <dc:language>en</dc:language>
-      </cc:Work>
-      <cc:License
-         rdf:about="http://web.resource.org/cc/PublicDomain">
-        <cc:permits
-           rdf:resource="http://web.resource.org/cc/Reproduction" />
-        <cc:permits
-           rdf:resource="http://web.resource.org/cc/Distribution" />
-        <cc:permits
-           rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
-      </cc:License>
-    </rdf:RDF>
-  </metadata>
-  <defs
-     id="defs3">
-    <inkscape:perspective
-       sodipodi:type="inkscape:persp3d"
-       inkscape:vp_x="0 : 80 : 1"
-       inkscape:vp_y="0 : 1000 : 0"
-       inkscape:vp_z="160 : 80 : 1"
-       inkscape:persp3d-origin="80 : 53.333333 : 1"
-       id="perspective97" />
-    <linearGradient
-       id="linearGradient4894">
-      <stop
-         id="stop4895"
-         offset="0.0000000"
-         style="stop-color:#ffffff;stop-opacity:1.0000000;" />
-      <stop
-         id="stop4896"
-         offset="0.47000000"
-         style="stop-color:#ffffff;stop-opacity:0.85567009;" />
-      <stop
-         id="stop4897"
-         offset="1.0000000"
-         style="stop-color:#ffffff;stop-opacity:0.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1853">
-      <stop
-         id="stop1854"
-         offset="0.0000000"
-         style="stop-color:#ffffff;stop-opacity:1.0000000;" />
-      <stop
-         id="stop1855"
-         offset="0.47000000"
-         style="stop-color:#ffffff;stop-opacity:0.85567009;" />
-      <stop
-         id="stop1856"
-         offset="1.0000000"
-         style="stop-color:#ffffff;stop-opacity:0.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1806">
-      <stop
-         id="stop1807"
-         offset="0.0000000"
-         style="stop-color:#000000;stop-opacity:0.35051546;" />
-      <stop
-         id="stop3276"
-         offset="0.64999998"
-         style="stop-color:#000000;stop-opacity:0.13402061;" />
-      <stop
-         id="stop1808"
-         offset="1.0000000"
-         style="stop-color:#000000;stop-opacity:0.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient893">
-      <stop
-         id="stop895"
-         offset="0"
-         style="stop-color:#000;stop-opacity:1;" />
-      <stop
-         id="stop896"
-         offset="1"
-         style="stop-color:#fff;stop-opacity:1;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1317">
-      <stop
-         id="stop1318"
-         offset="0.00000000"
-         style="stop-color:#000000;stop-opacity:0.52892560;" />
-      <stop
-         id="stop1320"
-         offset="0.50000000"
-         style="stop-color:#000000;stop-opacity:0.17355372;" />
-      <stop
-         id="stop1319"
-         offset="1.0000000"
-         style="stop-color:#000000;stop-opacity:0.00000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1133">
-      <stop
-         id="stop1134"
-         offset="0.00000000"
-         style="stop-color:#8bb7df;stop-opacity:1.0000000;" />
-      <stop
-         id="stop1136"
-         offset="0.76209301"
-         style="stop-color:#2a6092;stop-opacity:1.0000000;" />
-      <stop
-         id="stop1135"
-         offset="1.0000000"
-         style="stop-color:#375e82;stop-opacity:1.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1098">
-      <stop
-         id="stop1099"
-         offset="0.00000000"
-         style="stop-color:#ffffff;stop-opacity:1.0000000;" />
-      <stop
-         id="stop1101"
-         offset="0.50000000"
-         style="stop-color:#ffffff;stop-opacity:0.22314049;" />
-      <stop
-         id="stop1102"
-         offset="0.59930235"
-         style="stop-color:#ffffff;stop-opacity:0.00000000;" />
-      <stop
-         id="stop1100"
-         offset="1.0000000"
-         style="stop-color:#ffffff;stop-opacity:0.60330576;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient902">
-      <stop
-         id="stop903"
-         offset="0.00000000"
-         style="stop-color:#000000;stop-opacity:0.00000000;" />
-      <stop
-         id="stop904"
-         offset="1.0000000"
-         style="stop-color:#000000;stop-opacity:0.22000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient892">
-      <stop
-         id="stop893"
-         offset="0.0000000"
-         style="stop-color:#ffffff;stop-opacity:0.0000000;" />
-      <stop
-         id="stop894"
-         offset="1"
-         style="stop-color:#fff;stop-opacity:1;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient888">
-      <stop
-         id="stop889"
-         offset="0.0000000"
-         style="stop-color:#626262;stop-opacity:1.0000000;" />
-      <stop
-         id="stop890"
-         offset="1"
-         style="stop-color:#fff;stop-opacity:1;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient891"
-       x1="1.3485916"
-       x2="0.024647888"
-       xlink:href="#linearGradient888"
-       y1="-0.85185188"
-       y2="1.0899471" />
-    <linearGradient
-       id="linearGradient901"
-       spreadMethod="pad"
-       x1="1.5803921"
-       x2="0.14117648"
-       xlink:href="#linearGradient888"
-       y1="2.4285715"
-       y2="-0.38571429" />
-    <linearGradient
-       id="linearGradient905"
-       x1="-1.5389611"
-       x2="1.0909091"
-       xlink:href="#linearGradient888"
-       y1="2.7890625"
-       y2="-0.19531250" />
-    <radialGradient
-       cx="0.10362694"
-       cy="0.093750000"
-       fx="0.10362694"
-       fy="0.093750000"
-       id="radialGradient1132"
-       r="1.2958785"
-       xlink:href="#linearGradient1133" />
-    <linearGradient
-       id="linearGradient1138"
-       xlink:href="#linearGradient4894" />
-    <linearGradient
-       id="linearGradient1140"
-       x1="0.54117650"
-       x2="0.57647061"
-       xlink:href="#linearGradient888"
-       y1="-2.4210527"
-       y2="4.6315789" />
-    <linearGradient
-       id="linearGradient1141"
-       x1="1.8281938"
-       x2="-0.0088105723"
-       xlink:href="#linearGradient888"
-       y1="3.0546875"
-       y2="-0.44531250" />
-    <linearGradient
-       id="linearGradient1144"
-       x1="0.21960784"
-       x2="0.59607846"
-       xlink:href="#linearGradient1853"
-       y1="-11.111111"
-       y2="5.2777777" />
-    <linearGradient
-       id="linearGradient1146"
-       x1="0.51351351"
-       x2="-0.076576576"
-       xlink:href="#linearGradient892"
-       y1="0.55468750"
-       y2="1.1875000" />
-    <linearGradient
-       id="linearGradient1148"
-       x1="0.23245615"
-       x2="1.0789474"
-       xlink:href="#linearGradient892"
-       y1="0.15625000"
-       y2="-0.64843750" />
-    <linearGradient
-       id="linearGradient1150"
-       x1="0.25221238"
-       x2="-0.57522124"
-       xlink:href="#linearGradient892"
-       y1="0.57812500"
-       y2="1.4765625" />
-    <linearGradient
-       id="linearGradient1156"
-       x1="0.48260871"
-       x2="0.48260871"
-       xlink:href="#linearGradient888"
-       y1="-0.40000001"
-       y2="1.8750000" />
-    <linearGradient
-       id="linearGradient1157"
-       x1="1.5528169"
-       x2="-1.2077465"
-       xlink:href="#linearGradient888"
-       y1="3.3265307"
-       y2="-0.48979592" />
-    <linearGradient
-       id="linearGradient1166"
-       x1="0.52941179"
-       x2="0.57647061"
-       xlink:href="#linearGradient1317"
-       y1="-3.5714285"
-       y2="4.6315789" />
-    <linearGradient
-       id="linearGradient1167"
-       x1="1.6111112"
-       x2="-0.083333336"
-       xlink:href="#linearGradient888"
-       y1="3.0703125"
-       y2="0.046875000" />
-    <linearGradient
-       id="linearGradient1169"
-       x1="1.4780220"
-       x2="-0.13028169"
-       xlink:href="#linearGradient893"
-       y1="2.9218750"
-       y2="-0.26732674" />
-    <linearGradient
-       gradientTransform="scale(0.998371,1.001632)"
-       id="linearGradient1170"
-       x1="0.47284532"
-       x2="0.48655096"
-       xlink:href="#linearGradient902"
-       y1="-0.016295359"
-       y2="1.8378206" />
-    <linearGradient
-       id="linearGradient1171"
-       x1="0.83050847"
-       x2="0.56355929"
-       xlink:href="#linearGradient902"
-       y1="0.57812500"
-       y2="0.36718750" />
-    <radialGradient
-       cx="0.088082902"
-       cy="0.093750000"
-       fx="0.090673581"
-       fy="0.10937500"
-       id="radialGradient1315"
-       r="1.1765809"
-       xlink:href="#linearGradient1133" />
-    <radialGradient
-       cx="0.50000000"
-       cy="0.50000006"
-       fx="0.50352114"
-       fy="0.18269235"
-       id="radialGradient1316"
-       r="0.34964636"
-       xlink:href="#linearGradient1317" />
-    <linearGradient
-       id="linearGradient1404"
-       x1="0.53169012"
-       x2="0.54577464"
-       xlink:href="#linearGradient892"
-       y1="0.28888890"
-       y2="1.1000000" />
-    <linearGradient
-       gradientTransform="scale(0.997825,1.002180)"
-       id="linearGradient1505"
-       x1="0.47157744"
-       x2="0.48548824"
-       xlink:href="#linearGradient902"
-       y1="-0.024853170"
-       y2="1.8570156" />
-    <linearGradient
-       gradientTransform="scale(0.995847,1.004170)"
-       id="linearGradient1506"
-       x1="0.47042510"
-       x2="0.48481107"
-       xlink:href="#linearGradient902"
-       y1="-0.043652620"
-       y2="1.9025002" />
-    <linearGradient
-       gradientTransform="scale(0.997153,1.002855)"
-       id="linearGradient2740"
-       x1="0.47041038"
-       x2="0.48453596"
-       xlink:href="#linearGradient902"
-       y1="-0.033741195"
-       y2="1.8771822" />
-    <linearGradient
-       id="linearGradient4283"
-       x1="-0.77314812"
-       x2="0.99074072"
-       xlink:href="#linearGradient893"
-       y1="2.0837989"
-       y2="-0.033519555" />
-    <linearGradient
-       id="linearGradient4284"
-       x1="-2.3960868e-17"
-       x2="0.92957747"
-       xlink:href="#linearGradient893"
-       y1="3.3012049"
-       y2="-0.45783132" />
-    <radialGradient
-       cx="0.50000000"
-       cy="0.50000000"
-       fx="0.50000000"
-       fy="0.50000000"
-       id="radialGradient1977"
-       r="0.50000000"
-       xlink:href="#linearGradient1853" />
-  </defs>
-  <sodipodi:namedview
-     bordercolor="#666666"
-     borderopacity="1.0"
-     id="base"
-     inkscape:cx="62.122256"
-     inkscape:cy="81.091465"
-     inkscape:pageopacity="0.0"
-     inkscape:pageshadow="2"
-     inkscape:window-height="667"
-     inkscape:window-width="573"
-     inkscape:window-x="380"
-     inkscape:window-y="151"
-     inkscape:zoom="2"
-     pagecolor="#ffffff"
-     showborder="true"
-     showgrid="false"
-     inkscape:current-layer="Andysvg" />
-  <path
-     d="M 26.564473,83.749649 L 26.564473,121.41271 L 57.756286,121.41271"
-     id="path3723"
-     sodipodi:nodetypes="ccc"
-     style="fill:none;fill-rule:evenodd;stroke:#9c9c9c;stroke-width:5.7184987;stroke-linecap:round;stroke-linejoin:round;" />
-  <g
-     id="g2843"
-     transform="matrix(0.999379,0.000000,0.000000,0.999379,1.227893e-3,3.986513)">
-    <rect
-       height="8.3153667"
-       id="rect1906"
-       style="fill:url(#linearGradient1156);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:1.4473482pt;"
-       transform="matrix(0.716224,0.000000,0.000000,0.716224,-12.57051,-9.652832)"
-       width="57.567924"
-       x="33.326111"
-       y="78.658051" />
-    <rect
-       height="60.126495"
-       id="rect1907"
-       rx="5.4369707"
-       ry="5.4369707"
-       style="fill:url(#linearGradient905);fill-opacity:1;fill-rule:evenodd;stroke-width:1.6282668;"
-       transform="matrix(0.716224,0.000000,0.000000,0.716224,-12.57051,-9.652832)"
-       width="72.279724"
-       x="26.015469"
-       y="22.413721" />
-    <rect
-       height="38.044163"
-       id="rect1908"
-       style="fill:url(#radialGradient1315);fill-rule:evenodd;stroke:url(#linearGradient891);stroke-width:1.4649456pt;"
-       transform="matrix(0.716224,0.000000,0.000000,0.716224,-12.57051,-9.652832)"
-       width="58.178177"
-       x="33.386066"
-       y="31.695871" />
-    <path
-       d="M 27.690431,52.841444 L 27.370609,74.749236 C 27.319624,78.241665 29.310209,80.477938 32.807578,80.506029 L 72.625393,80.825852 L 76.463254,71.870840 L 32.008024,71.551020 L 31.688202,52.681533 L 27.690431,52.841444 z "
-       id="path1909"
-       sodipodi:nodetypes="czzccccc"
-       style="fill:url(#linearGradient1146);fill-opacity:1;fill-rule:evenodd;stroke-width:1.0000000pt;"
-       transform="matrix(0.716224,0.000000,0.000000,0.716224,-12.57051,-9.652832)" />
-    <rect
-       height="26.147448"
-       id="rect1913"
-       rx="7.4449978"
-       ry="7.4449978"
-       style="fill:url(#linearGradient901);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:2.3625000;"
-       transform="matrix(0.571582,0.000000,0.000000,0.571582,-77.72566,72.35541)"
-       width="104.09673"
-       x="140.62315"
-       y="-34.316952" />
-    <rect
-       height="15.829688"
-       id="rect1914"
-       rx="3.7576280"
-       ry="3.7576280"
-       style="fill:url(#linearGradient901);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:1.3591428;"
-       transform="matrix(0.571582,0.000000,0.000000,0.571582,-77.72566,72.35541)"
-       width="56.908955"
-       x="184.04552"
-       y="-28.539845" />
-    <rect
-       height="15.829688"
-       id="rect1915"
-       rx="2.9970589"
-       ry="2.9970589"
-       style="fill:url(#linearGradient1141);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:0.96249998;"
-       transform="matrix(0.571582,0.000000,0.000000,0.571582,-77.72566,72.35541)"
-       width="28.796961"
-       x="145.28902"
-       y="-28.227346" />
-    <rect
-       height="3.3627598"
-       id="rect1916"
-       rx="1.6813799"
-       ry="1.6813799"
-       style="fill-opacity:0.13836475;fill-rule:evenodd;stroke-width:0.46326005;"
-       transform="matrix(0.571582,0.000000,0.000000,0.571582,-77.72566,72.35541)"
-       width="49.231453"
-       x="187.88426"
-       y="-21.681381" />
-  </g>
-  <path
-     style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:helvetica"
-     d="M 7.0612345,-14.660837 L 7.0612345,-23.250681 L 8.2272501,-23.250681 L 12.738969,-16.50654 L 12.738969,-23.250681 L 13.828813,-23.250681 L 13.828813,-14.660837 L 12.662797,-14.660837 L 8.1510782,-21.410837 L 8.1510782,-14.660837 L 7.0612345,-14.660837 z M 19.869828,-16.664743 L 20.959672,-16.529978 C 20.787791,-15.893258 20.469432,-15.399118 20.004594,-15.047556 C 19.539745,-14.695993 18.945996,-14.520212 18.223344,-14.520212 C 17.313185,-14.520212 16.591506,-14.800485 16.058305,-15.361032 C 15.525101,-15.921578 15.2585,-16.70771 15.2585,-17.719431 C 15.2585,-18.766302 15.528031,-19.578801 16.067094,-20.156931 C 16.606155,-20.73505 17.305373,-21.024112 18.16475,-21.024118 C 18.996777,-21.024112 19.676464,-20.740909 20.203813,-20.174509 C 20.73115,-19.608098 20.994822,-18.811224 20.994828,-17.783884 C 20.994822,-17.721381 20.992869,-17.627631 20.988969,-17.502634 L 16.348344,-17.502634 C 16.387405,-16.819038 16.580764,-16.295601 16.928422,-15.932322 C 17.276076,-15.569039 17.709669,-15.387399 18.229203,-15.3874 C 18.615918,-15.387399 18.945996,-15.488961 19.219438,-15.692087 C 19.49287,-15.895211 19.709667,-16.219429 19.869828,-16.664743 L 19.869828,-16.664743 z M 16.406938,-18.369822 L 19.881547,-18.369822 C 19.834667,-18.893255 19.701855,-19.285833 19.483109,-19.547556 C 19.147168,-19.953801 18.711621,-20.156925 18.176469,-20.156931 C 17.692091,-20.156925 17.284865,-19.994816 16.954789,-19.670603 C 16.624709,-19.346379 16.442092,-18.912786 16.406938,-18.369822 L 16.406938,-18.369822 z M 24.592484,-15.604197 L 24.744828,-14.672556 C 24.44795,-14.610056 24.182326,-14.578806 23.947953,-14.578806 C 23.565139,-14.578806 23.268264,-14.639353 23.057328,-14.760447 C 22.846389,-14.88154 22.697952,-15.04072 22.612016,-15.237986 C 22.526077,-15.43525 22.483108,-15.850289 22.483109,-16.483103 L 22.483109,-20.063181 L 21.709672,-20.063181 L 21.709672,-20.883493 L 22.483109,-20.883493 L 22.483109,-22.424509 L 23.531938,-23.057322 L 23.531938,-20.883493 L 24.592484,-20.883493 L 24.592484,-20.063181 L 23.531938,-20.063181 L 23.531938,-16.424509 C 23.531936,-16.123726 23.55049,-15.930367 23.587602,-15.844431 C 23.624709,-15.758492 23.685256,-15.690133 23.769242,-15.639353 C 23.853224,-15.588571 23.973341,-15.56318 24.129594,-15.563181 C 24.246779,-15.56318 24.401075,-15.576852 24.592484,-15.604197 L 24.592484,-15.604197 z M 26.766313,-14.660837 L 24.862016,-20.883493 L 25.951859,-20.883493 L 26.942094,-17.291697 L 27.311234,-15.955759 C 27.326857,-16.022164 27.434279,-16.449898 27.6335,-17.238962 L 28.623734,-20.883493 L 29.707719,-20.883493 L 30.639359,-17.274118 L 30.949906,-16.084665 L 31.307328,-17.285837 L 32.373734,-20.883493 L 33.399125,-20.883493 L 31.453813,-14.660837 L 30.358109,-14.660837 L 29.367875,-18.3874 L 29.127641,-19.447947 L 27.867875,-14.660837 L 26.766313,-14.660837 z M 33.897172,-17.772165 C 33.897172,-18.924505 34.217484,-19.77802 34.858109,-20.332712 C 35.393264,-20.793644 36.045607,-21.024112 36.815141,-21.024118 C 37.670605,-21.024112 38.369823,-20.743839 38.912797,-20.183298 C 39.45576,-19.622746 39.727244,-18.848333 39.72725,-17.860056 C 39.727244,-17.059272 39.607127,-16.42939 39.366899,-15.970407 C 39.126659,-15.511422 38.77705,-15.154977 38.31807,-14.901072 C 37.859082,-14.647165 37.358106,-14.520212 36.815141,-14.520212 C 35.944045,-14.520212 35.239944,-14.799509 34.702836,-15.358103 C 34.165726,-15.916695 33.897172,-16.721382 33.897172,-17.772165 L 33.897172,-17.772165 z M 34.981156,-17.772165 C 34.981155,-16.975288 35.154983,-16.378609 35.502641,-15.982126 C 35.850295,-15.585641 36.287794,-15.387399 36.815141,-15.3874 C 37.338574,-15.387399 37.774121,-15.586617 38.121781,-15.985056 C 38.469433,-16.383492 38.643261,-16.990913 38.643266,-17.807322 C 38.643261,-18.576849 38.468456,-19.159856 38.118852,-19.556345 C 37.769238,-19.952824 37.334668,-20.151066 36.815141,-20.151072 C 36.287794,-20.151066 35.850295,-19.953801 35.502641,-19.559275 C 35.154983,-19.164739 34.981155,-18.569036 34.981156,-17.772165 L 34.981156,-17.772165 z M 40.957719,-14.660837 L 40.957719,-20.883493 L 41.906938,-20.883493 L 41.906938,-19.940134 C 42.149123,-20.381535 42.372756,-20.67255 42.577836,-20.813181 C 42.782912,-20.9538 43.008497,-21.024112 43.254594,-21.024118 C 43.610059,-21.024112 43.971387,-20.910831 44.338578,-20.684275 L 43.975297,-19.705759 C 43.717481,-19.858098 43.459669,-19.934269 43.201859,-19.934275 C 42.971388,-19.934269 42.764357,-19.864934 42.580766,-19.726267 C 42.39717,-19.58759 42.266311,-19.395207 42.188188,-19.149118 C 42.070998,-18.774114 42.012405,-18.363958 42.012406,-17.91865 L 42.012406,-14.660837 L 40.957719,-14.660837 z M 44.983109,-14.660837 L 44.983109,-23.250681 L 46.037797,-23.250681 L 46.037797,-18.352243 L 48.533891,-20.883493 L 49.899125,-20.883493 L 47.520219,-18.5749 L 50.139359,-14.660837 L 48.838578,-14.660837 L 46.781938,-17.842478 L 46.037797,-17.127634 L 46.037797,-14.660837 L 44.983109,-14.660837 z"
-     id="text1232" />
-  <path
-     transform="scale(0.246729,0.246729)"
-     style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:helvetica"
-     d="M 91.619637,-37.962852 L 92.756355,-37.675743 C 92.518066,-36.742148 92.089356,-36.030234 91.470222,-35.540001 C 90.851076,-35.049766 90.09424,-34.804649 89.199715,-34.804649 C 88.27393,-34.804649 87.521001,-34.993126 86.940926,-35.370079 C 86.360846,-35.747031 85.91944,-36.292929 85.616707,-37.007774 C 85.313972,-37.722615 85.162605,-38.490193 85.162605,-39.310509 C 85.162605,-40.205035 85.333503,-40.985307 85.675301,-41.651329 C 86.017096,-42.317337 86.503424,-42.823196 87.134285,-43.168907 C 87.765141,-43.514602 88.459476,-43.687453 89.217293,-43.687462 C 90.076662,-43.687453 90.799318,-43.468703 91.385262,-43.031212 C 91.971192,-42.593704 92.379394,-41.97847 92.609871,-41.185509 L 91.49073,-40.921837 C 91.291505,-41.54683 91.002443,-42.001908 90.623543,-42.287071 C 90.244631,-42.57222 89.768069,-42.714798 89.193855,-42.714806 C 88.533695,-42.714798 87.981938,-42.556595 87.538582,-42.240196 C 87.09522,-41.923783 86.783697,-41.498979 86.604012,-40.965782 C 86.424322,-40.432574 86.334479,-39.882769 86.33448,-39.316368 C 86.334479,-38.585896 86.440924,-37.948201 86.653816,-37.403282 C 86.866705,-36.858358 87.197759,-36.451132 87.64698,-36.181602 C 88.096196,-35.91207 88.582523,-35.777305 89.105965,-35.777306 C 89.742678,-35.777305 90.28174,-35.960898 90.723152,-36.328087 C 91.164552,-36.695273 91.46338,-37.240194 91.619637,-37.962852 L 91.619637,-37.962852 z M 94.016121,-34.951134 L 94.016121,-41.17379 L 94.96534,-41.17379 L 94.96534,-40.230431 C 95.207525,-40.671831 95.431158,-40.962846 95.636238,-41.103477 C 95.841314,-41.244096 96.066899,-41.314409 96.312996,-41.314415 C 96.668461,-41.314409 97.029789,-41.201127 97.39698,-40.974571 L 97.033699,-39.996056 C 96.775883,-40.148394 96.518071,-40.224566 96.260262,-40.224571 C 96.02979,-40.224566 95.822759,-40.15523 95.639168,-40.016563 C 95.455572,-39.877887 95.324713,-39.685504 95.24659,-39.439415 C 95.1294,-39.064411 95.070807,-38.654255 95.070808,-38.208946 L 95.070808,-34.951134 L 94.016121,-34.951134 z M 102.29542,-36.95504 L 103.38526,-36.820274 C 103.21338,-36.183554 102.89502,-35.689414 102.43018,-35.337852 C 101.96533,-34.98629 101.37159,-34.810509 100.64893,-34.810509 C 99.738775,-34.810509 99.017096,-35.090782 98.483894,-35.651329 C 97.950691,-36.211875 97.684089,-36.998007 97.68409,-38.009727 C 97.684089,-39.056598 97.95362,-39.869098 98.492683,-40.447227 C 99.031744,-41.025346 99.730962,-41.314409 100.59034,-41.314415 C 101.42237,-41.314409 102.10205,-41.031206 102.6294,-40.464806 C 103.15674,-39.898394 103.42041,-39.10152 103.42042,-38.074181 C 103.42041,-38.011678 103.41846,-37.917928 103.41456,-37.792931 L 98.773933,-37.792931 C 98.812994,-37.109335 99.006354,-36.585898 99.354012,-36.222618 C 99.701665,-35.859336 100.13526,-35.677696 100.65479,-35.677696 C 101.04151,-35.677696 101.37159,-35.779258 101.64503,-35.982384 C 101.91846,-36.185507 102.13526,-36.509726 102.29542,-36.95504 L 102.29542,-36.95504 z M 98.832527,-38.660118 L 102.30714,-38.660118 C 102.26026,-39.183551 102.12744,-39.576129 101.9087,-39.837852 C 101.57276,-40.244097 101.13721,-40.447222 100.60206,-40.447227 C 100.11768,-40.447222 99.710454,-40.285113 99.380379,-39.960899 C 99.050299,-39.636676 98.867682,-39.203083 98.832527,-38.660118 L 98.832527,-38.660118 z M 108.77589,-35.718712 C 108.38526,-35.38668 108.00928,-35.152305 107.64796,-35.015587 C 107.28663,-34.878868 106.89893,-34.810509 106.48487,-34.810509 C 105.80128,-34.810509 105.27589,-34.977501 104.9087,-35.311485 C 104.54151,-35.645469 104.35792,-36.072226 104.35792,-36.591759 C 104.35792,-36.896444 104.42725,-37.174764 104.56593,-37.42672 C 104.7046,-37.67867 104.88624,-37.880818 105.11085,-38.033165 C 105.33546,-38.185505 105.58838,-38.30074 105.86964,-38.378868 C 106.07667,-38.433552 106.38917,-38.486286 106.80714,-38.537071 C 107.6587,-38.63863 108.28565,-38.759724 108.688,-38.900352 C 108.6919,-39.04488 108.69385,-39.136676 108.69386,-39.175743 C 108.69385,-39.605426 108.59424,-39.90816 108.39503,-40.083946 C 108.12549,-40.322222 107.7251,-40.441363 107.19386,-40.441368 C 106.69776,-40.441363 106.33155,-40.354449 106.09522,-40.180626 C 105.85889,-40.006793 105.68409,-39.699176 105.57081,-39.257774 L 104.53956,-39.398399 C 104.63331,-39.839801 104.7876,-40.196246 105.00245,-40.467735 C 105.21729,-40.739214 105.52784,-40.948198 105.93409,-41.094688 C 106.34034,-41.241167 106.81104,-41.314409 107.3462,-41.314415 C 107.87745,-41.314409 108.30909,-41.251909 108.64112,-41.126915 C 108.97315,-41.001909 109.21729,-40.844683 109.37354,-40.655235 C 109.52979,-40.465777 109.63916,-40.226519 109.70167,-39.937462 C 109.73682,-39.75777 109.7544,-39.433551 109.7544,-38.964806 L 109.7544,-37.558556 C 109.7544,-36.578085 109.77686,-35.957969 109.82178,-35.698204 C 109.8667,-35.438438 109.95557,-35.189415 110.08839,-34.951134 L 108.98682,-34.951134 C 108.87744,-35.169884 108.80713,-35.425743 108.77589,-35.718712 L 108.77589,-35.718712 z M 108.688,-38.074181 C 108.30518,-37.917928 107.73096,-37.785115 106.96534,-37.675743 C 106.53174,-37.61324 106.2251,-37.542928 106.04542,-37.464806 C 105.86573,-37.386678 105.72706,-37.27242 105.6294,-37.122032 C 105.53174,-36.97164 105.48292,-36.804647 105.48292,-36.621056 C 105.48292,-36.339804 105.58936,-36.105429 105.80225,-35.917931 C 106.01514,-35.73043 106.32667,-35.63668 106.73682,-35.636681 C 107.14307,-35.63668 107.5044,-35.725547 107.82081,-35.903282 C 108.13721,-36.081015 108.36963,-36.324179 108.51807,-36.632774 C 108.63135,-36.871054 108.68799,-37.222616 108.688,-37.687462 L 108.688,-38.074181 z M 113.69776,-35.894493 L 113.85011,-34.962852 C 113.55323,-34.900353 113.2876,-34.869103 113.05323,-34.869102 C 112.67042,-34.869103 112.37354,-34.929649 112.16261,-35.050743 C 111.95167,-35.171837 111.80323,-35.331016 111.71729,-35.528282 C 111.63135,-35.725547 111.58839,-36.140586 111.58839,-36.773399 L 111.58839,-40.353477 L 110.81495,-40.353477 L 110.81495,-41.17379 L 111.58839,-41.17379 L 111.58839,-42.714806 L 112.63721,-43.347618 L 112.63721,-41.17379 L 113.69776,-41.17379 L 113.69776,-40.353477 L 112.63721,-40.353477 L 112.63721,-36.714806 C 112.63721,-36.414023 112.65577,-36.220664 112.69288,-36.134727 C 112.72999,-36.048789 112.79053,-35.98043 112.87452,-35.929649 C 112.9585,-35.878867 113.07862,-35.853477 113.23487,-35.853477 C 113.35206,-35.853477 113.50635,-35.867148 113.69776,-35.894493 L 113.69776,-35.894493 z M 118.98292,-36.95504 L 120.07276,-36.820274 C 119.90088,-36.183554 119.58252,-35.689414 119.11768,-35.337852 C 118.65283,-34.98629 118.05909,-34.810509 117.33643,-34.810509 C 116.42627,-34.810509 115.7046,-35.090782 115.17139,-35.651329 C 114.63819,-36.211875 114.37159,-36.998007 114.37159,-38.009727 C 114.37159,-39.056598 114.64112,-39.869098 115.18018,-40.447227 C 115.71924,-41.025346 116.41846,-41.314409 117.27784,-41.314415 C 118.10987,-41.314409 118.78955,-41.031206 119.3169,-40.464806 C 119.84424,-39.898394 120.10791,-39.10152 120.10792,-38.074181 C 120.10791,-38.011678 120.10596,-37.917928 120.10206,-37.792931 L 115.46143,-37.792931 C 115.50049,-37.109335 115.69385,-36.585898 116.04151,-36.222618 C 116.38917,-35.859336 116.82276,-35.677696 117.34229,-35.677696 C 117.72901,-35.677696 118.05909,-35.779258 118.33253,-35.982384 C 118.60596,-36.185507 118.82276,-36.509726 118.98292,-36.95504 L 118.98292,-36.95504 z M 115.52003,-38.660118 L 118.99464,-38.660118 C 118.94776,-39.183551 118.81494,-39.576129 118.5962,-39.837852 C 118.26026,-40.244097 117.82471,-40.447222 117.28956,-40.447227 C 116.80518,-40.447222 116.39795,-40.285113 116.06788,-39.960899 C 115.7378,-39.636676 115.55518,-39.203083 115.52003,-38.660118 L 115.52003,-38.660118 z M 125.43995,-34.951134 L 125.43995,-35.73629 C 125.04541,-35.119102 124.46534,-34.810509 123.69971,-34.810509 C 123.20362,-34.810509 122.74756,-34.947227 122.33155,-35.220665 C 121.91553,-35.494102 121.59327,-35.875937 121.36475,-36.366173 C 121.13624,-36.856405 121.02198,-37.419881 121.02198,-38.056602 C 121.02198,-38.677693 121.1255,-39.241169 121.33253,-39.747032 C 121.53956,-40.252886 121.8501,-40.640581 122.26417,-40.910118 C 122.67823,-41.179643 123.14112,-41.314409 123.65284,-41.314415 C 124.02784,-41.314409 124.36182,-41.235307 124.65479,-41.07711 C 124.94776,-40.918901 125.18604,-40.712847 125.36964,-40.458946 L 125.36964,-43.540977 L 126.41846,-43.540977 L 126.41846,-34.951134 L 125.43995,-34.951134 z M 122.10596,-38.056602 C 122.10596,-37.259725 122.27393,-36.664023 122.60987,-36.269493 C 122.94581,-35.874961 123.34229,-35.677696 123.79932,-35.677696 C 124.26026,-35.677696 124.65186,-35.866172 124.97413,-36.243126 C 125.29639,-36.620077 125.45752,-37.195272 125.45753,-37.968712 C 125.45752,-38.82027 125.29346,-39.44527 124.96534,-39.843712 C 124.63721,-40.242144 124.23291,-40.441363 123.75245,-40.441368 C 123.2837,-40.441363 122.8921,-40.249957 122.57764,-39.867149 C 122.26319,-39.484332 122.10596,-38.880817 122.10596,-38.056602 L 122.10596,-38.056602 z M 132.38331,-34.951134 L 131.40479,-34.951134 L 131.40479,-43.540977 L 132.45948,-43.540977 L 132.45948,-40.476524 C 132.90479,-41.035112 133.47315,-41.314409 134.16456,-41.314415 C 134.54737,-41.314409 134.90967,-41.23726 135.25147,-41.08297 C 135.59326,-40.928667 135.87451,-40.71187 136.09522,-40.432579 C 136.31592,-40.153277 136.48877,-39.816363 136.61378,-39.421837 C 136.73877,-39.027302 136.80127,-38.605427 136.80128,-38.156212 C 136.80127,-37.089803 136.5376,-36.265586 136.01026,-35.683556 C 135.48291,-35.101524 134.8501,-34.810509 134.11182,-34.810509 C 133.37745,-34.810509 132.80127,-35.117149 132.38331,-35.730431 L 132.38331,-34.951134 z M 132.37159,-38.109337 C 132.37159,-37.363241 132.47315,-36.824179 132.67628,-36.492149 C 133.00831,-35.94918 133.45752,-35.677696 134.02393,-35.677696 C 134.48487,-35.677696 134.8833,-35.877891 135.21925,-36.278282 C 135.55518,-36.678671 135.72315,-37.27535 135.72315,-38.068321 C 135.72315,-38.880817 135.56201,-39.480426 135.23975,-39.867149 C 134.91748,-40.253863 134.52784,-40.447222 134.07081,-40.447227 C 133.60987,-40.447222 133.21143,-40.247027 132.8755,-39.846642 C 132.53956,-39.446246 132.37159,-38.867145 132.37159,-38.109337 L 132.37159,-38.109337 z M 138.04346,-32.554649 L 137.92628,-33.544884 C 138.15675,-33.482385 138.35792,-33.451135 138.52979,-33.451134 C 138.76417,-33.451135 138.95167,-33.490198 139.09229,-33.568321 C 139.23292,-33.646448 139.34815,-33.755822 139.438,-33.896446 C 139.5044,-34.001916 139.61182,-34.263634 139.76026,-34.681602 C 139.77979,-34.740196 139.81104,-34.826134 139.85401,-34.939415 L 137.49268,-41.17379 L 138.6294,-41.17379 L 139.92432,-37.570274 C 140.09229,-37.113241 140.24268,-36.632773 140.3755,-36.128868 C 140.49659,-36.613241 140.64112,-37.085897 140.80909,-37.546837 L 142.13917,-41.17379 L 143.19386,-41.17379 L 140.82667,-34.845665 C 140.57276,-34.162072 140.37549,-33.691369 140.23487,-33.433556 C 140.04737,-33.085901 139.83252,-32.831019 139.59034,-32.668907 C 139.34815,-32.5068 139.05909,-32.425746 138.72315,-32.425743 C 138.52003,-32.425746 138.29346,-32.468714 138.04346,-32.554649 L 138.04346,-32.554649 z M 146.60987,-34.951134 L 149.9087,-43.540977 L 151.13331,-43.540977 L 154.64893,-34.951134 L 153.35401,-34.951134 L 152.35206,-37.552696 L 148.76026,-37.552696 L 147.8169,-34.951134 L 146.60987,-34.951134 z M 149.08839,-38.478477 L 152.0005,-38.478477 L 151.10401,-40.857384 C 150.83057,-41.580033 150.62745,-42.173783 150.49464,-42.638634 C 150.38526,-42.087845 150.23096,-41.540971 150.03175,-40.998009 L 149.08839,-38.478477 z M 155.43409,-34.951134 L 155.43409,-41.17379 L 156.38331,-41.17379 L 156.38331,-40.289024 C 156.84034,-40.972612 157.50049,-41.314409 158.36378,-41.314415 C 158.73877,-41.314409 159.0835,-41.247026 159.39796,-41.112267 C 159.7124,-40.977495 159.94776,-40.800737 160.10401,-40.581993 C 160.26026,-40.363238 160.36963,-40.103472 160.43214,-39.802696 C 160.47119,-39.607379 160.49072,-39.265583 160.49073,-38.777306 L 160.49073,-34.951134 L 159.43604,-34.951134 L 159.43604,-38.73629 C 159.43604,-39.165973 159.39502,-39.487262 159.313,-39.700157 C 159.23096,-39.913043 159.08545,-40.082965 158.87647,-40.209923 C 158.66748,-40.336871 158.42237,-40.400347 158.14112,-40.400352 C 157.6919,-40.400347 157.3042,-40.257769 156.97803,-39.972618 C 156.65186,-39.687457 156.48878,-39.146442 156.48878,-38.349571 L 156.48878,-34.951134 L 155.43409,-34.951134 z M 166.15089,-34.951134 L 166.15089,-35.73629 C 165.75635,-35.119102 165.17627,-34.810509 164.41065,-34.810509 C 163.91456,-34.810509 163.4585,-34.947227 163.04249,-35.220665 C 162.62647,-35.494102 162.30421,-35.875937 162.07569,-36.366173 C 161.84718,-36.856405 161.73292,-37.419881 161.73292,-38.056602 C 161.73292,-38.677693 161.83643,-39.241169 162.04346,-39.747032 C 162.25049,-40.252886 162.56104,-40.640581 162.97511,-40.910118 C 163.38917,-41.179643 163.85206,-41.314409 164.36378,-41.314415 C 164.73877,-41.314409 165.07276,-41.235307 165.36573,-41.07711 C 165.65869,-40.918901 165.89698,-40.712847 166.08057,-40.458946 L 166.08057,-43.540977 L 167.1294,-43.540977 L 167.1294,-34.951134 L 166.15089,-34.951134 z M 162.8169,-38.056602 C 162.8169,-37.259725 162.98487,-36.664023 163.32081,-36.269493 C 163.65674,-35.874961 164.05323,-35.677696 164.51026,-35.677696 C 164.9712,-35.677696 165.3628,-35.866172 165.68507,-36.243126 C 166.00733,-36.620077 166.16846,-37.195272 166.16846,-37.968712 C 166.16846,-38.82027 166.0044,-39.44527 165.67628,-39.843712 C 165.34815,-40.242144 164.94385,-40.441363 164.46339,-40.441368 C 163.99463,-40.441363 163.60303,-40.249957 163.28858,-39.867149 C 162.97413,-39.484332 162.8169,-38.880817 162.8169,-38.056602 L 162.8169,-38.056602 z M 168.78175,-34.951134 L 168.78175,-41.17379 L 169.73096,-41.17379 L 169.73096,-40.230431 C 169.97315,-40.671831 170.19678,-40.962846 170.40186,-41.103477 C 170.60694,-41.244096 170.83252,-41.314409 171.07862,-41.314415 C 171.43409,-41.314409 171.79541,-41.201127 172.16261,-40.974571 L 171.79932,-39.996056 C 171.54151,-40.148394 171.2837,-40.224566 171.02589,-40.224571 C 170.79541,-40.224566 170.58838,-40.15523 170.40479,-40.016563 C 170.2212,-39.877887 170.09034,-39.685504 170.01221,-39.439415 C 169.89503,-39.064411 169.83643,-38.654255 169.83643,-38.208946 L 169.83643,-34.951134 L 168.78175,-34.951134 z M 177.06104,-36.95504 L 178.15089,-36.820274 C 177.97901,-36.183554 177.66065,-35.689414 177.19581,-35.337852 C 176.73096,-34.98629 176.13721,-34.810509 175.41456,-34.810509 C 174.5044,-34.810509 173.78272,-35.090782 173.24952,-35.651329 C 172.71632,-36.211875 172.44971,-36.998007 172.44971,-38.009727 C 172.44971,-39.056598 172.71925,-39.869098 173.25831,-40.447227 C 173.79737,-41.025346 174.49659,-41.314409 175.35596,-41.314415 C 176.18799,-41.314409 176.86768,-41.031206 177.39503,-40.464806 C 177.92236,-39.898394 178.18604,-39.10152 178.18604,-38.074181 C 178.18604,-38.011678 178.18408,-37.917928 178.18018,-37.792931 L 173.53956,-37.792931 C 173.57862,-37.109335 173.77198,-36.585898 174.11964,-36.222618 C 174.46729,-35.859336 174.90088,-35.677696 175.42042,-35.677696 C 175.80713,-35.677696 176.13721,-35.779258 176.41065,-35.982384 C 176.68408,-36.185507 176.90088,-36.509726 177.06104,-36.95504 L 177.06104,-36.95504 z M 173.59815,-38.660118 L 177.07276,-38.660118 C 177.02588,-39.183551 176.89307,-39.576129 176.67432,-39.837852 C 176.33838,-40.244097 175.90284,-40.447222 175.36768,-40.447227 C 174.88331,-40.447222 174.47608,-40.285113 174.146,-39.960899 C 173.81592,-39.636676 173.63331,-39.203083 173.59815,-38.660118 L 173.59815,-38.660118 z M 180.6294,-34.951134 L 178.72511,-41.17379 L 179.81495,-41.17379 L 180.80518,-37.581993 L 181.17432,-36.246056 C 181.18995,-36.31246 181.29737,-36.740194 181.49659,-37.529259 L 182.48682,-41.17379 L 183.57081,-41.17379 L 184.50245,-37.564415 L 184.813,-36.374962 L 185.17042,-37.576134 L 186.23682,-41.17379 L 187.26221,-41.17379 L 185.3169,-34.951134 L 184.2212,-34.951134 L 183.23096,-38.677696 L 182.99073,-39.738243 L 181.73096,-34.951134 L 180.6294,-34.951134 z M 191.67432,-34.951134 L 191.67432,-43.540977 L 197.46925,-43.540977 L 197.46925,-42.527306 L 192.81104,-42.527306 L 192.81104,-39.867149 L 196.84229,-39.867149 L 196.84229,-38.853477 L 192.81104,-38.853477 L 192.81104,-34.951134 L 191.67432,-34.951134 z M 198.82276,-42.328087 L 198.82276,-43.540977 L 199.87745,-43.540977 L 199.87745,-42.328087 L 198.82276,-42.328087 z M 198.82276,-34.951134 L 198.82276,-41.17379 L 199.87745,-41.17379 L 199.87745,-34.951134 L 198.82276,-34.951134 z M 203.79151,-35.894493 L 203.94386,-34.962852 C 203.64698,-34.900353 203.38135,-34.869103 203.14698,-34.869102 C 202.76417,-34.869103 202.46729,-34.929649 202.25636,-35.050743 C 202.04542,-35.171837 201.89698,-35.331016 201.81104,-35.528282 C 201.7251,-35.725547 201.68214,-36.140586 201.68214,-36.773399 L 201.68214,-40.353477 L 200.9087,-40.353477 L 200.9087,-41.17379 L 201.68214,-41.17379 L 201.68214,-42.714806 L 202.73096,-43.347618 L 202.73096,-41.17379 L 203.79151,-41.17379 L 203.79151,-40.353477 L 202.73096,-40.353477 L 202.73096,-36.714806 C 202.73096,-36.414023 202.74952,-36.220664 202.78663,-36.134727 C 202.82374,-36.048789 202.88428,-35.98043 202.96827,-35.929649 C 203.05225,-35.878867 203.17237,-35.853477 203.32862,-35.853477 C 203.44581,-35.853477 203.6001,-35.867148 203.79151,-35.894493 L 203.79151,-35.894493 z M 204.26026,-34.951134 L 204.26026,-35.806602 L 208.2212,-40.353477 C 207.77198,-40.330035 207.37549,-40.318316 207.03175,-40.318321 L 204.49464,-40.318321 L 204.49464,-41.17379 L 209.58057,-41.17379 L 209.58057,-40.476524 L 206.21143,-36.527306 L 205.56104,-35.806602 C 206.0337,-35.841758 206.47706,-35.859336 206.89112,-35.859337 L 209.76807,-35.859337 L 209.76807,-34.951134 L 204.26026,-34.951134 z M 210.39503,-36.808556 L 211.438,-36.972618 C 211.49659,-36.554648 211.65967,-36.234336 211.92725,-36.011681 C 212.19483,-35.789024 212.56885,-35.677696 213.04932,-35.677696 C 213.5337,-35.677696 213.89307,-35.776328 214.12745,-35.973595 C 214.36182,-36.170859 214.47901,-36.402304 214.47901,-36.667931 C 214.47901,-36.90621 214.37549,-37.09371 214.16846,-37.230431 C 214.02393,-37.324178 213.66455,-37.443319 213.09034,-37.587852 C 212.3169,-37.783162 211.78077,-37.952107 211.48194,-38.094688 C 211.18311,-38.237263 210.95655,-38.434529 210.80225,-38.686485 C 210.64796,-38.938434 210.57081,-39.216754 210.57081,-39.521446 C 210.57081,-39.798785 210.63428,-40.055621 210.76124,-40.291954 C 210.88819,-40.528277 211.06104,-40.724565 211.27979,-40.880821 C 211.44385,-41.001909 211.66749,-41.104448 211.95069,-41.188438 C 212.23389,-41.272416 212.5376,-41.314409 212.86182,-41.314415 C 213.3501,-41.314409 213.77881,-41.244096 214.14796,-41.103477 C 214.51709,-40.962846 214.78955,-40.772417 214.96534,-40.532188 C 215.14112,-40.291949 215.26221,-39.97066 215.32862,-39.568321 L 214.29737,-39.427696 C 214.25049,-39.748004 214.11475,-39.998004 213.89014,-40.177696 C 213.66553,-40.357378 213.34815,-40.447222 212.938,-40.447227 C 212.45362,-40.447222 212.10792,-40.367144 211.90089,-40.206993 C 211.69385,-40.046832 211.59034,-39.859332 211.59034,-39.644493 C 211.59034,-39.50777 211.63331,-39.384723 211.71925,-39.275352 C 211.80518,-39.162067 211.93995,-39.068317 212.12354,-38.994102 C 212.22901,-38.955036 212.53956,-38.865192 213.05518,-38.724571 C 213.80127,-38.525349 214.32178,-38.362263 214.61671,-38.235313 C 214.91162,-38.108357 215.14307,-37.923787 215.31104,-37.681602 C 215.47901,-37.439412 215.56299,-37.138632 215.563,-36.779259 C 215.56299,-36.427695 215.46045,-36.09664 215.25538,-35.786095 C 215.0503,-35.475547 214.7544,-35.235313 214.36768,-35.065392 C 213.98096,-34.89547 213.54346,-34.810509 213.05518,-34.810509 C 212.24659,-34.810509 211.63038,-34.978477 211.20655,-35.314415 C 210.78272,-35.650352 210.51221,-36.148398 210.39503,-36.808556 L 210.39503,-36.808556 z M 216.82276,-42.328087 L 216.82276,-43.540977 L 217.87745,-43.540977 L 217.87745,-42.328087 L 216.82276,-42.328087 z M 216.82276,-34.951134 L 216.82276,-41.17379 L 217.87745,-41.17379 L 217.87745,-34.951134 L 216.82276,-34.951134 z M 219.48878,-34.951134 L 219.48878,-41.17379 L 220.43214,-41.17379 L 220.43214,-40.300743 C 220.62745,-40.605425 220.88721,-40.850542 221.21143,-41.036095 C 221.53565,-41.221635 221.90479,-41.314409 222.31886,-41.314415 C 222.77979,-41.314409 223.15772,-41.218706 223.45264,-41.027306 C 223.74756,-40.835893 223.95557,-40.568316 224.07667,-40.224571 C 224.56885,-40.951128 225.20947,-41.314409 225.99854,-41.314415 C 226.61572,-41.314409 227.09033,-41.14351 227.42237,-40.80172 C 227.75439,-40.459917 227.92041,-39.933551 227.92042,-39.222618 L 227.92042,-34.951134 L 226.87159,-34.951134 L 226.87159,-38.871056 C 226.87158,-39.292926 226.8374,-39.596637 226.76905,-39.782188 C 226.70068,-39.96773 226.57666,-40.117144 226.39698,-40.230431 C 226.21729,-40.343706 226.00635,-40.400347 225.76417,-40.400352 C 225.32666,-40.400347 224.96338,-40.254839 224.67432,-39.963829 C 224.38526,-39.672809 224.24072,-39.206989 224.24073,-38.566368 L 224.24073,-34.951134 L 223.18604,-34.951134 L 223.18604,-38.994102 C 223.18604,-39.462848 223.1001,-39.81441 222.92823,-40.04879 C 222.75635,-40.28316 222.4751,-40.400347 222.08448,-40.400352 C 221.7876,-40.400347 221.51319,-40.322222 221.26124,-40.165977 C 221.00928,-40.009722 220.82667,-39.781207 220.71339,-39.480431 C 220.6001,-39.179645 220.54346,-38.746052 220.54346,-38.179649 L 220.54346,-34.951134 L 219.48878,-34.951134 z M 229.10401,-38.062462 C 229.10401,-39.214801 229.42432,-40.068316 230.06495,-40.623009 C 230.6001,-41.08394 231.25245,-41.314409 232.02198,-41.314415 C 232.87744,-41.314409 233.57666,-41.034135 234.11964,-40.473595 C 234.6626,-39.913043 234.93408,-39.13863 234.93409,-38.150352 C 234.93408,-37.349569 234.81397,-36.719687 234.57374,-36.260704 C 234.3335,-35.801719 233.98389,-35.445274 233.52491,-35.191368 C 233.06592,-34.937462 232.56495,-34.810509 232.02198,-34.810509 C 231.15088,-34.810509 230.44678,-35.089805 229.90968,-35.648399 C 229.37257,-36.206992 229.10401,-37.011679 229.10401,-38.062462 L 229.10401,-38.062462 z M 230.188,-38.062462 C 230.18799,-37.265585 230.36182,-36.668905 230.70948,-36.272423 C 231.05713,-35.875937 231.49463,-35.677696 232.02198,-35.677696 C 232.54541,-35.677696 232.98096,-35.876914 233.32862,-36.275352 C 233.67627,-36.673788 233.8501,-37.28121 233.85011,-38.097618 C 233.8501,-38.867145 233.6753,-39.450153 233.32569,-39.846642 C 232.97608,-40.243121 232.54151,-40.441363 232.02198,-40.441368 C 231.49463,-40.441363 231.05713,-40.244097 230.70948,-39.849571 C 230.36182,-39.455035 230.18799,-38.859333 230.188,-38.062462 L 230.188,-38.062462 z M 236.17628,-34.951134 L 236.17628,-41.17379 L 237.1255,-41.17379 L 237.1255,-40.289024 C 237.58252,-40.972612 238.24268,-41.314409 239.10596,-41.314415 C 239.48096,-41.314409 239.82569,-41.247026 240.14014,-41.112267 C 240.45459,-40.977495 240.68994,-40.800737 240.8462,-40.581993 C 241.00244,-40.363238 241.11182,-40.103472 241.17432,-39.802696 C 241.21338,-39.607379 241.23291,-39.265583 241.23292,-38.777306 L 241.23292,-34.951134 L 240.17823,-34.951134 L 240.17823,-38.73629 C 240.17823,-39.165973 240.13721,-39.487262 240.05518,-39.700157 C 239.97315,-39.913043 239.82764,-40.082965 239.61866,-40.209923 C 239.40967,-40.336871 239.16455,-40.400347 238.88331,-40.400352 C 238.43409,-40.400347 238.04639,-40.257769 237.72022,-39.972618 C 237.39405,-39.687457 237.23096,-39.146442 237.23096,-38.349571 L 237.23096,-34.951134 L 236.17628,-34.951134 z"
-     id="text1235" />
-  <g
-     id="g2852"
-     transform="matrix(1.018857,0.000000,0.000000,1.018857,-4.481650,2.131177)">
-    <rect
-       height="8.3153667"
-       id="rect1866"
-       style="fill:url(#linearGradient1156);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:1.4473482pt;"
-       transform="matrix(1.150066,0.000000,0.000000,1.150066,38.98882,26.86863)"
-       width="57.567924"
-       x="33.326111"
-       y="78.658051" />
-    <rect
-       height="60.126495"
-       id="rect1867"
-       rx="5.4369707"
-       ry="5.4369707"
-       style="fill:url(#linearGradient905);fill-opacity:1;fill-rule:evenodd;stroke-width:1.6282668;"
-       transform="matrix(1.150066,0.000000,0.000000,1.150066,38.98882,26.86863)"
-       width="72.279724"
-       x="26.015469"
-       y="22.413721" />
-    <rect
-       height="38.044163"
-       id="rect1868"
-       style="fill:url(#radialGradient1132);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient891);stroke-width:1.4649456pt;"
-       transform="matrix(1.150066,0.000000,0.000000,1.150066,38.98882,26.86863)"
-       width="58.178177"
-       x="33.386066"
-       y="31.695871" />
-    <path
-       d="M 27.690431,52.841444 L 27.370609,74.749236 C 27.319624,78.241665 29.310209,80.477938 32.807578,80.506029 L 72.625393,80.825852 L 76.463254,71.870840 L 32.008024,71.551020 L 31.688202,52.681533 L 27.690431,52.841444 z "
-       id="path1869"
-       sodipodi:nodetypes="czzccccc"
-       style="fill:url(#linearGradient1146);fill-opacity:1;fill-rule:evenodd;stroke-width:1.0000000pt;"
-       transform="matrix(1.150066,0.000000,0.000000,1.150066,38.98882,26.86863)" />
-    <g
-       id="g1870"
-       transform="matrix(1.150066,0.000000,0.000000,1.150066,38.98882,26.86863)">
-      <path
-         d="M 42.062098,33.460351 L 77.341205,33.008055 C 82.787126,32.938235 89.553204,38.416797 89.553204,43.863165 L 89.553204,60.145830 L 41.609801,59.693534 L 42.062098,33.460351 z "
-         id="path1871"
-         sodipodi:nodetypes="czzccc"
-         style="fill:url(#linearGradient1148);fill-opacity:1;fill-rule:evenodd;stroke-width:1.0000000pt;" />
-      <path
-         d="M 78.337784,67.629235 L 46.723745,67.724544 C 41.843589,67.739257 35.829319,62.771024 35.877168,57.891081 L 36.020221,43.301821 L 78.973514,44.128288 L 78.337784,67.629235 z "
-         id="path1872"
-         sodipodi:nodetypes="czzccc"
-         style="fill:url(#linearGradient1150);fill-opacity:1;fill-rule:evenodd;stroke-width:1.0000000pt;" />
-    </g>
-    <rect
-       height="26.147448"
-       id="rect1888"
-       rx="7.4449978"
-       ry="7.4449978"
-       style="fill:url(#linearGradient901);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:2.3625000;"
-       transform="matrix(0.917809,0.000000,0.000000,0.917809,-65.63305,158.5521)"
-       width="104.09673"
-       x="140.62315"
-       y="-34.316952" />
-    <rect
-       height="15.829688"
-       id="rect1889"
-       rx="3.7576280"
-       ry="3.7576280"
-       style="fill:url(#linearGradient901);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:1.3591428;"
-       transform="matrix(0.917809,0.000000,0.000000,0.917809,-65.63305,158.5521)"
-       width="56.908955"
-       x="184.04552"
-       y="-28.539845" />
-    <rect
-       height="15.829688"
-       id="rect1890"
-       rx="2.9970589"
-       ry="2.9970589"
-       style="fill:url(#linearGradient1141);fill-opacity:1;fill-rule:evenodd;stroke:url(#linearGradient1157);stroke-width:0.96249998;"
-       transform="matrix(0.917809,0.000000,0.000000,0.917809,-65.63305,158.5521)"
-       width="28.796961"
-       x="145.28902"
-       y="-28.227346" />
-    <rect
-       height="3.3627598"
-       id="rect1891"
-       rx="1.6813799"
-       ry="1.6813799"
-       style="fill-opacity:0.16981132;fill-rule:evenodd;stroke-width:0.46326005;"
-       transform="matrix(0.917809,0.000000,0.000000,0.917809,-65.63305,158.5521)"
-       width="49.231453"
-       x="187.88426"
-       y="-21.681381" />
-  </g>
-</svg>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/invitation.svg b/wpa_supplicant/wpa_gui-qt4/icons/invitation.svg
deleted file mode 100644
index 1a02d1327eec..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/invitation.svg
+++ /dev/null
@@ -1,374 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://web.resource.org/cc/"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns:sodipodi="http://inkscape.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="64.000000px"
-   height="64.000000px"
-   id="svg2"
-   sodipodi:version="0.32"
-   inkscape:version="0.42"
-   sodipodi:docbase="G:\Projs\Cliparts Stocker\released"
-   sodipodi:docname="unknown_green.svg"
-   inkscape:export-filename="/datas/wiki/unknown_green.png"
-   inkscape:export-xdpi="90.000000"
-   inkscape:export-ydpi="90.000000">
-  <defs
-     id="defs4">
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2842"
-       id="linearGradient1363"
-       x1="25.403513"
-       y1="19.175573"
-       x2="35.541985"
-       y2="49.068703"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="translate(-2.402975,4.759656e-3)" />
-    <linearGradient
-       id="linearGradient2900">
-      <stop
-         id="stop2902"
-         offset="0.0000000"
-         style="stop-color:#ffffff;stop-opacity:1.0000000;" />
-      <stop
-         id="stop2904"
-         offset="1.0000000"
-         style="stop-color:#ffffff;stop-opacity:1.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient2842">
-      <stop
-         style="stop-color:#ffffff;stop-opacity:1.0000000;"
-         offset="0.0000000"
-         id="stop2844" />
-      <stop
-         style="stop-color:#c8c8c8;stop-opacity:1.0000000;"
-         offset="1.0000000"
-         id="stop2846" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient2814">
-      <stop
-         id="stop2816"
-         offset="0.0000000"
-         style="stop-color:#e6e6e6;stop-opacity:1.0000000;" />
-      <stop
-         id="stop2818"
-         offset="1.0000000"
-         style="stop-color:#11661d;stop-opacity:0.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient2171">
-      <stop
-         style="stop-color:#ffffff;stop-opacity:1.0000000;"
-         offset="0.0000000"
-         id="stop2173" />
-      <stop
-         style="stop-color:#a3a5ee;stop-opacity:0.0000000;"
-         offset="1.0000000"
-         id="stop2175" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient2160">
-      <stop
-         id="stop2162"
-         offset="0.0000000"
-         style="stop-color:#d3cece;stop-opacity:1.0000000;" />
-      <stop
-         id="stop2164"
-         offset="1.0000000"
-         style="stop-color:#474240;stop-opacity:1.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1367">
-      <stop
-         id="stop1369"
-         offset="0.0000000"
-         style="stop-color:#f67e36;stop-opacity:1.0000000;" />
-      <stop
-         id="stop1371"
-         offset="1.0000000"
-         style="stop-color:#602604;stop-opacity:1.0000000;" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1347">
-      <stop
-         style="stop-color:#f0da27;stop-opacity:1.0000000;"
-         offset="0.0000000"
-         id="stop1349" />
-      <stop
-         style="stop-color:#bf4d09;stop-opacity:1.0000000;"
-         offset="1.0000000"
-         id="stop1351" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1315">
-      <stop
-         style="stop-color:#97ff82;stop-opacity:1.0000000;"
-         offset="0.0000000"
-         id="stop1317" />
-      <stop
-         style="stop-color:#ceff24;stop-opacity:0.0000000;"
-         offset="1.0000000"
-         id="stop1319" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient2122">
-      <stop
-         style="stop-color:#2edc32;stop-opacity:1.0000000;"
-         offset="0.0000000"
-         id="stop2124" />
-      <stop
-         style="stop-color:#11661d;stop-opacity:1.0000000;"
-         offset="1.0000000"
-         id="stop2126" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient1364">
-      <stop
-         style="stop-color:#236b0d;stop-opacity:1.0000000;"
-         offset="0.00000000"
-         id="stop1366" />
-      <stop
-         style="stop-color:#0a2205;stop-opacity:1.0000000;"
-         offset="1.0000000"
-         id="stop1368" />
-    </linearGradient>
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient1367"
-       id="radialGradient1402"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.211118e-16,1.330643,-1.347411,2.027373e-5,44.09678,-13.39507)"
-       cx="21.959658"
-       cy="14.921703"
-       fx="21.959658"
-       fy="14.921703"
-       r="27.500000" />
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2122"
-       id="radialGradient1404"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.211118e-16,1.330643,-1.347411,2.027373e-5,44.09678,-13.39507)"
-       cx="21.959658"
-       cy="14.921703"
-       fx="21.959658"
-       fy="14.921703"
-       r="27.500000" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient1364"
-       id="linearGradient1419"
-       gradientUnits="userSpaceOnUse"
-       x1="74.910713"
-       y1="32.362179"
-       x2="84.910713"
-       y2="47.451466" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2122"
-       id="linearGradient1421"
-       gradientUnits="userSpaceOnUse"
-       x1="73.839287"
-       y1="34.428566"
-       x2="76.875000"
-       y2="43.714283" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient1315"
-       id="linearGradient1423"
-       gradientUnits="userSpaceOnUse"
-       x1="72.946426"
-       y1="35.589287"
-       x2="85.000000"
-       y2="47.375000" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2171"
-       id="linearGradient2177"
-       x1="24.916031"
-       y1="28.824427"
-       x2="39.816792"
-       y2="49.099239"
-       gradientUnits="userSpaceOnUse" />
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2122"
-       id="radialGradient2184"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(9.909149e-17,1.088708,-1.102427,1.658760e-5,41.48828,-4.732338)"
-       cx="21.959658"
-       cy="14.921703"
-       fx="21.959658"
-       fy="14.921703"
-       r="27.500000" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient1364"
-       id="linearGradient2189"
-       x1="10.018247"
-       y1="8.6306763"
-       x2="63.487556"
-       y2="63.660282"
-       gradientUnits="userSpaceOnUse" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2171"
-       id="linearGradient1339"
-       gradientUnits="userSpaceOnUse"
-       x1="24.916031"
-       y1="28.824427"
-       x2="39.816792"
-       y2="49.099239" />
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2122"
-       id="radialGradient1343"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(2.521415e-2,1.026125,-0.978137,2.404729e-2,38.83024,-3.575704)"
-       cx="24.764277"
-       cy="16.361967"
-       fx="24.764277"
-       fy="16.361967"
-       r="27.500000" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient1364"
-       id="linearGradient1346"
-       gradientUnits="userSpaceOnUse"
-       x1="10.018247"
-       y1="8.6306763"
-       x2="63.487556"
-       y2="63.660282" />
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2814"
-       id="radialGradient2812"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.142398e-2,1.098850,-1.843995,1.878760e-2,52.15051,-5.667446)"
-       cx="18.387238"
-       cy="14.046815"
-       fx="18.387238"
-       fy="14.046815"
-       r="27.500000" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient1364"
-       id="linearGradient2832"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="translate(-2.841000e-3,-2.841000e-3)"
-       x1="10.018247"
-       y1="8.6306763"
-       x2="63.487556"
-       y2="63.660282" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2842"
-       id="linearGradient2848"
-       x1="-0.56685609"
-       y1="22.651009"
-       x2="-0.33713850"
-       y2="23.858734"
-       gradientUnits="userSpaceOnUse" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient2842"
-       id="linearGradient2864"
-       gradientUnits="userSpaceOnUse"
-       x1="-0.82287467"
-       y1="22.444542"
-       x2="-0.33713850"
-       y2="23.858734" />
-  </defs>
-  <sodipodi:namedview
-     id="base"
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1.0"
-     inkscape:pageopacity="0.0"
-     inkscape:pageshadow="2"
-     inkscape:zoom="8.2031250"
-     inkscape:cx="32.000000"
-     inkscape:cy="32.000000"
-     inkscape:document-units="px"
-     inkscape:current-layer="layer1"
-     showgrid="false"
-     inkscape:grid-bbox="true"
-     inkscape:grid-points="true"
-     inkscape:window-width="1156"
-     inkscape:window-height="693"
-     inkscape:window-x="0"
-     inkscape:window-y="25"
-     showguides="false" />
-  <metadata
-     id="metadata7">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title>Green Unknown</dc:title>
-        <dc:date>2005-11-01</dc:date>
-        <dc:creator>
-          <cc:Agent>
-            <dc:title>Jean-Victor Balin</dc:title>
-          </cc:Agent>
-        </dc:creator>
-        <dc:description>jean.victor.balin@gmail.com</dc:description>
-        <cc:license
-           rdf:resource="http://web.resource.org/cc/PublicDomain" />
-        <dc:subject>
-          <rdf:Bag>
-            <rdf:li>icon</rdf:li>
-          </rdf:Bag>
-        </dc:subject>
-      </cc:Work>
-      <cc:License
-         rdf:about="http://web.resource.org/cc/PublicDomain">
-        <cc:permits
-           rdf:resource="http://web.resource.org/cc/Reproduction" />
-        <cc:permits
-           rdf:resource="http://web.resource.org/cc/Distribution" />
-        <cc:permits
-           rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
-      </cc:License>
-    </rdf:RDF>
-  </metadata>
-  <g
-     inkscape:label="Calque 1"
-     inkscape:groupmode="layer"
-     id="layer1">
-    <g
-       id="g1354">
-      <path
-         id="path1373"
-         d="M 32.000000,8.6306766 C 19.113097,8.6306766 8.6306766,19.113097 8.6306766,32.000000 C 8.6306766,44.886903 19.113097,55.369323 32.000000,55.369323 C 44.886903,55.369323 55.369323,44.886903 55.369323,32.000000 C 55.369323,19.113097 44.886903,8.6306766 32.000000,8.6306766 z "
-         style="fill:url(#linearGradient1346);fill-opacity:1.0000000;stroke:none;stroke-width:2.0000000;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
-      <path
-         id="path1339"
-         d="M 54.500005,32.000000 C 54.500005,44.420003 44.420003,54.500005 32.000000,54.500005 C 19.579997,54.500005 9.4999950,44.420003 9.4999950,32.000000 C 9.4999950,19.579997 19.579997,9.4999950 32.000000,9.4999950 C 44.420003,9.4999950 54.500005,19.579997 54.500005,32.000000 z "
-         style="fill:url(#radialGradient1343);fill-opacity:1.0000000;stroke:none;stroke-width:2.0000000;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
-      <path
-         id="path1341"
-         d="M 32.016991,9.1562500 C 22.574792,9.1562500 14.505423,14.865048 11.062500,22.968750 C 16.006322,25.801817 21.393258,27.855853 27.181339,27.593750 C 32.755311,27.279922 37.553510,23.530916 43.236968,23.812500 C 47.451058,23.716455 52.244330,25.294372 54.488550,29.000000 C 53.142630,17.846718 43.657640,9.1562500 32.016991,9.1562500 z "
-         style="fill:url(#radialGradient2812);fill-opacity:1.0000000;stroke:none;stroke-width:2.0000000;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
-      <path
-         id="path2827"
-         d="M 32.000000,8.6250000 C 19.113098,8.6250000 8.6250000,19.113097 8.6250000,32.000000 C 8.6250000,44.886904 19.113097,55.375000 32.000000,55.375000 C 44.886904,55.375000 55.375000,44.886903 55.375000,32.000000 C 55.375000,19.113098 44.886903,8.6250000 32.000000,8.6250000 z M 32.000000,9.5000000 C 44.420004,9.4999998 54.500000,19.579997 54.500000,32.000000 C 54.499998,44.420004 44.420003,54.500000 32.000000,54.500000 C 19.579998,54.499998 9.5000000,44.420003 9.5000000,32.000000 C 9.5000000,19.579998 19.579997,9.5000000 32.000000,9.5000000 z "
-         style="fill:url(#linearGradient2832);fill-opacity:1.0000000;stroke:none;stroke-width:2.0000000;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
-      <path
-         id="text1353"
-         d="M 32.556888,39.006317 C 32.692760,35.835967 33.100380,35.066018 35.908404,32.892064 C 39.395790,30.219911 39.803410,29.902873 40.120445,29.631129 C 41.705621,28.272407 42.611437,26.189029 42.611437,24.015074 C 42.611437,19.078386 38.625844,15.953318 32.285143,15.953318 C 26.306768,15.953318 22.094721,18.851931 22.094721,23.018677 C 22.094721,25.464376 23.906354,27.230718 26.397344,27.230718 C 28.707171,27.230718 30.292350,25.736121 30.292350,23.607457 C 30.292350,22.384608 29.794150,21.388209 28.843045,20.663558 C 28.027812,20.029488 27.982521,19.984196 27.982521,19.667161 C 27.982521,19.033091 28.978919,18.534892 30.382931,18.534892 C 33.100374,18.534892 34.640263,20.346525 34.640263,23.516876 C 34.640263,25.373795 33.960900,27.683628 32.828632,29.721710 C 30.337643,34.160201 29.975314,35.066023 29.975314,37.104105 C 29.975314,37.557012 30.020605,38.281665 30.111187,39.006317 L 32.556888,39.006317 M 31.424619,41.497309 C 29.069501,41.497309 27.167287,43.399523 27.167287,45.754641 C 27.167287,48.064467 29.069501,50.011973 31.379328,50.011973 C 33.779736,50.011973 35.681951,48.109758 35.681951,45.754641 C 35.681951,43.399523 33.779736,41.497309 31.424619,41.497309"
-         style="font-size:45.290764px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:url(#linearGradient1363);fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Century Schoolbook L" />
-    </g>
-  </g>
-</svg>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/laptop.svg b/wpa_supplicant/wpa_gui-qt4/icons/laptop.svg
deleted file mode 100644
index 06235f02d5a3..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/laptop.svg
+++ /dev/null
@@ -1,1568 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://web.resource.org/cc/"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="400"
-   height="400"
-   id="svg2"
-   sodipodi:version="0.32"
-   inkscape:version="0.45"
-   version="1.0"
-   sodipodi:docbase="C:\Documents and Settings\Mete  Ä°slam\Desktop"
-   sodipodi:docname="MyLaptop.svg"
-   inkscape:output_extension="org.inkscape.output.svg.inkscape"
-   inkscape:export-filename="C:\Documents and Settings\Mete  Ä°slam\Desktop\MyLaptop.png"
-   inkscape:export-xdpi="98"
-   inkscape:export-ydpi="98"
-   sodipodi:modified="true">
-  <sodipodi:namedview
-     id="base"
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1.0"
-     gridtolerance="10000"
-     guidetolerance="10"
-     objecttolerance="10"
-     inkscape:pageopacity="0.0"
-     inkscape:pageshadow="2"
-     inkscape:zoom="1"
-     inkscape:cx="319.93339"
-     inkscape:cy="202.90098"
-     inkscape:document-units="px"
-     inkscape:current-layer="layer1"
-     width="400px"
-     height="400px"
-     inkscape:window-width="1277"
-     inkscape:window-height="751"
-     inkscape:window-x="0"
-     inkscape:window-y="22"
-     showguides="true"
-     inkscape:guide-bbox="true" />
-  <defs
-     id="defs4">
-    <linearGradient
-       id="linearGradient3757">
-      <stop
-         style="stop-color:#70ffea;stop-opacity:1;"
-         offset="0"
-         id="stop3759" />
-      <stop
-         style="stop-color:#0055f6;stop-opacity:1;"
-         offset="1"
-         id="stop3761" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient3460">
-      <stop
-         style="stop-color:#f1ff00;stop-opacity:1;"
-         offset="0"
-         id="stop3462" />
-      <stop
-         style="stop-color:#8bff00;stop-opacity:0;"
-         offset="1"
-         id="stop3464" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient26774">
-      <stop
-         style="stop-color:#ffffff;stop-opacity:0.1122449;"
-         offset="0"
-         id="stop26776" />
-      <stop
-         style="stop-color:#ffffff;stop-opacity:0.89795917;"
-         offset="1"
-         id="stop26778" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient17245">
-      <stop
-         offset="0"
-         style="stop-color:#ffefef;stop-opacity:0.58163267;"
-         id="stop17247" />
-      <stop
-         offset="1"
-         style="stop-color:#ffefef;stop-opacity:0.14285715;"
-         id="stop17249" />
-    </linearGradient>
-    <pattern
-       patternTransform="matrix(0.9848362,0,0,0.9848362,-402.92422,36.839002)"
-       id="pattern13296"
-       xlink:href="#pattern13289"
-       inkscape:collect="always" />
-    <pattern
-       patternTransform="matrix(0.6565232,0,0,0.6651903,-8.1640579,-22.602821)"
-       id="pattern13287"
-       xlink:href="#pattern12311"
-       inkscape:collect="always" />
-    <pattern
-       patternTransform="translate(-88.774232,-72.100299)"
-       id="pattern12309"
-       xlink:href="#pattern11335"
-       inkscape:collect="always" />
-    <pattern
-       patternTransform="translate(-5.8654428,10.456268)"
-       id="pattern9368"
-       xlink:href="#pattern8394"
-       inkscape:collect="always" />
-    <linearGradient
-       id="linearGradient4451">
-      <stop
-         offset="0"
-         style="stop-color:#fffbfb;stop-opacity:0.82653064;"
-         id="stop4453" />
-      <stop
-         offset="1"
-         style="stop-color:#000000;stop-opacity:0;"
-         id="stop4455" />
-    </linearGradient>
-    <pattern
-       height="253"
-       id="pattern8394"
-       patternUnits="userSpaceOnUse"
-       patternTransform="translate(404.25649,166.01976)"
-       width="337">
-      <image
-         id="image4466"
-         width="337"
-         y="0"
-         xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/4QCURXhpZgAASUkqAAgAAAADADEBAgAcAAAAMgAAADIBAgAU AAAATgAAAGmHBAABAAAAYgAAAAAAAABBZG9iZSBQaG90b3Nob3AgQ1MyIFdpbmRvd3MAMjAwNjow NjoxMyAxMzozNDoyNAADAAGgAwABAAAAAQAAAAKgBAABAAAAAAQAAAOgBAABAAAAAAMAAAAAAAD/ 4gxYSUNDX1BST0ZJTEUAAQEAAAxITGlubwIQAABtbnRyUkdCIFhZWiAHzgACAAkABgAxAABhY3Nw TVNGVAAAAABJRUMgc1JHQgAAAAAAAAAAAAAAAQAA9tYAAQAAAADTLUhQICAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFjcHJ0AAABUAAAADNkZXNjAAABhAAA AGx3dHB0AAAB8AAAABRia3B0AAACBAAAABRyWFlaAAACGAAAABRnWFlaAAACLAAAABRiWFlaAAAC QAAAABRkbW5kAAACVAAAAHBkbWRkAAACxAAAAIh2dWVkAAADTAAAAIZ2aWV3AAAD1AAAACRsdW1p AAAD+AAAABRtZWFzAAAEDAAAACR0ZWNoAAAEMAAAAAxyVFJDAAAEPAAACAxnVFJDAAAEPAAACAxi VFJDAAAEPAAACAx0ZXh0AAAAAENvcHlyaWdodCAoYykgMTk5OCBIZXdsZXR0LVBhY2thcmQgQ29t cGFueQAAZGVzYwAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAABJzUkdCIElFQzYx OTY2LTIuMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA WFlaIAAAAAAAAPNRAAEAAAABFsxYWVogAAAAAAAAAAAAAAAAAAAAAFhZWiAAAAAAAABvogAAOPUA AAOQWFlaIAAAAAAAAGKZAAC3hQAAGNpYWVogAAAAAAAAJKAAAA+EAAC2z2Rlc2MAAAAAAAAAFklF QyBodHRwOi8vd3d3LmllYy5jaAAAAAAAAAAAAAAAFklFQyBodHRwOi8vd3d3LmllYy5jaAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkZXNjAAAAAAAAAC5JRUMg NjE5NjYtMi4xIERlZmF1bHQgUkdCIGNvbG91ciBzcGFjZSAtIHNSR0IAAAAAAAAAAAAAAC5JRUMg NjE5NjYtMi4xIERlZmF1bHQgUkdCIGNvbG91ciBzcGFjZSAtIHNSR0IAAAAAAAAAAAAAAAAAAAAA AAAAAAAAZGVzYwAAAAAAAAAsUmVmZXJlbmNlIFZpZXdpbmcgQ29uZGl0aW9uIGluIElFQzYxOTY2 LTIuMQAAAAAAAAAAAAAALFJlZmVyZW5jZSBWaWV3aW5nIENvbmRpdGlvbiBpbiBJRUM2MTk2Ni0y LjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHZpZXcAAAAAABOk/gAUXy4AEM8UAAPtzAAEEwsA A1yeAAAAAVhZWiAAAAAAAEwJVgBQAAAAVx/nbWVhcwAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAA Ao8AAAACc2lnIAAAAABDUlQgY3VydgAAAAAAAAQAAAAABQAKAA8AFAAZAB4AIwAoAC0AMgA3ADsA QABFAEoATwBUAFkAXgBjAGgAbQByAHcAfACBAIYAiwCQAJUAmgCfAKQAqQCuALIAtwC8AMEAxgDL ANAA1QDbAOAA5QDrAPAA9gD7AQEBBwENARMBGQEfASUBKwEyATgBPgFFAUwBUgFZAWABZwFuAXUB fAGDAYsBkgGaAaEBqQGxAbkBwQHJAdEB2QHhAekB8gH6AgMCDAIUAh0CJgIvAjgCQQJLAlQCXQJn AnECegKEAo4CmAKiAqwCtgLBAssC1QLgAusC9QMAAwsDFgMhAy0DOANDA08DWgNmA3IDfgOKA5YD ogOuA7oDxwPTA+AD7AP5BAYEEwQgBC0EOwRIBFUEYwRxBH4EjASaBKgEtgTEBNME4QTwBP4FDQUc BSsFOgVJBVgFZwV3BYYFlgWmBbUFxQXVBeUF9gYGBhYGJwY3BkgGWQZqBnsGjAadBq8GwAbRBuMG 9QcHBxkHKwc9B08HYQd0B4YHmQesB78H0gflB/gICwgfCDIIRghaCG4IggiWCKoIvgjSCOcI+wkQ CSUJOglPCWQJeQmPCaQJugnPCeUJ+woRCicKPQpUCmoKgQqYCq4KxQrcCvMLCwsiCzkLUQtpC4AL mAuwC8gL4Qv5DBIMKgxDDFwMdQyODKcMwAzZDPMNDQ0mDUANWg10DY4NqQ3DDd4N+A4TDi4OSQ5k Dn8Omw62DtIO7g8JDyUPQQ9eD3oPlg+zD88P7BAJECYQQxBhEH4QmxC5ENcQ9RETETERTxFtEYwR qhHJEegSBxImEkUSZBKEEqMSwxLjEwMTIxNDE2MTgxOkE8UT5RQGFCcUSRRqFIsUrRTOFPAVEhU0 FVYVeBWbFb0V4BYDFiYWSRZsFo8WshbWFvoXHRdBF2UXiReuF9IX9xgbGEAYZRiKGK8Y1Rj6GSAZ RRlrGZEZtxndGgQaKhpRGncanhrFGuwbFBs7G2MbihuyG9ocAhwqHFIcexyjHMwc9R0eHUcdcB2Z HcMd7B4WHkAeah6UHr4e6R8THz4faR+UH78f6iAVIEEgbCCYIMQg8CEcIUghdSGhIc4h+yInIlUi giKvIt0jCiM4I2YjlCPCI/AkHyRNJHwkqyTaJQklOCVoJZclxyX3JicmVyaHJrcm6CcYJ0kneier J9woDSg/KHEooijUKQYpOClrKZ0p0CoCKjUqaCqbKs8rAis2K2krnSvRLAUsOSxuLKIs1y0MLUEt di2rLeEuFi5MLoIuty7uLyQvWi+RL8cv/jA1MGwwpDDbMRIxSjGCMbox8jIqMmMymzLUMw0zRjN/ M7gz8TQrNGU0njTYNRM1TTWHNcI1/TY3NnI2rjbpNyQ3YDecN9c4FDhQOIw4yDkFOUI5fzm8Ofk6 Njp0OrI67zstO2s7qjvoPCc8ZTykPOM9Ij1hPaE94D4gPmA+oD7gPyE/YT+iP+JAI0BkQKZA50Ep QWpBrEHuQjBCckK1QvdDOkN9Q8BEA0RHRIpEzkUSRVVFmkXeRiJGZ0arRvBHNUd7R8BIBUhLSJFI 10kdSWNJqUnwSjdKfUrESwxLU0uaS+JMKkxyTLpNAk1KTZNN3E4lTm5Ot08AT0lPk0/dUCdQcVC7 UQZRUFGbUeZSMVJ8UsdTE1NfU6pT9lRCVI9U21UoVXVVwlYPVlxWqVb3V0RXklfgWC9YfVjLWRpZ aVm4WgdaVlqmWvVbRVuVW+VcNVyGXNZdJ114XcleGl5sXr1fD19hX7NgBWBXYKpg/GFPYaJh9WJJ Ypxi8GNDY5dj62RAZJRk6WU9ZZJl52Y9ZpJm6Gc9Z5Nn6Wg/aJZo7GlDaZpp8WpIap9q92tPa6dr /2xXbK9tCG1gbbluEm5rbsRvHm94b9FwK3CGcOBxOnGVcfByS3KmcwFzXXO4dBR0cHTMdSh1hXXh dj52m3b4d1Z3s3gReG54zHkqeYl553pGeqV7BHtje8J8IXyBfOF9QX2hfgF+Yn7CfyN/hH/lgEeA qIEKgWuBzYIwgpKC9INXg7qEHYSAhOOFR4Wrhg6GcobXhzuHn4gEiGmIzokziZmJ/opkisqLMIuW i/yMY4zKjTGNmI3/jmaOzo82j56QBpBukNaRP5GokhGSepLjk02TtpQglIqU9JVflcmWNJaflwqX dZfgmEyYuJkkmZCZ/JpomtWbQpuvnByciZz3nWSd0p5Anq6fHZ+Ln/qgaaDYoUehtqImopajBqN2 o+akVqTHpTilqaYapoum/adup+CoUqjEqTepqaocqo+rAqt1q+msXKzQrUStuK4trqGvFq+LsACw dbDqsWCx1rJLssKzOLOutCW0nLUTtYq2AbZ5tvC3aLfguFm40blKucK6O7q1uy67p7whvJu9Fb2P vgq+hL7/v3q/9cBwwOzBZ8Hjwl/C28NYw9TEUcTOxUvFyMZGxsPHQce/yD3IvMk6ybnKOMq3yzbL tsw1zLXNNc21zjbOts83z7jQOdC60TzRvtI/0sHTRNPG1EnUy9VO1dHWVdbY11zX4Nhk2OjZbNnx 2nba+9uA3AXcit0Q3ZbeHN6i3ynfr+A24L3hROHM4lPi2+Nj4+vkc+T85YTmDeaW5x/nqegy6Lzp RunQ6lvq5etw6/vshu0R7ZzuKO6070DvzPBY8OXxcvH/8ozzGfOn9DT0wvVQ9d72bfb794r4Gfio +Tj5x/pX+uf7d/wH/Jj9Kf26/kv+3P9t////2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQICAQECAQEBAgICAgICAgICAQICAgICAgICAgL/2wBDAQEBAQEBAQEBAQECAQEB AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgL/wAARCAD9 AVEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIE AwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJico KSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZ mqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6 /8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAEC AxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNE RUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmq srO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEA PwD+lfSrfVX862m8NeKtZEEiS215pNhfvD4eWORy8dvNMFbxJpwkbf8AZzsRSzGGU53H2vwz4x+I WonTtGs9Nlhg1SLUZZdVn02TTLzSrywmS21Pfp98piiSSS6t76FSSSXlhw2045PwD8L9X1+4XXJv ih4oeLT7vypWjS5WSSRkJKW89zq0oVlDDJaM7Tj5TXu40K38D282p6d4m1ODTVunudTtPEF5Pqtn cNctHGiW7yuHsn3sVhSNtm+cZU1/gH4PeH3HOCy6jxLWqY/hLhydnWrUcdlHt8TgYVYTdSLoV5p0 qdNYmlOWJrurhqcozwTlChRw0Px3LMHjIwVdynhqD3anTvKF09HFvRLmTcpXimnDZRXiHj+XUrC0 j0D4rxR+Jnuplk0jxbpVpPpGn2YuN6PY3l60Hk296wjRkIUp+8AmIUb15LXPBdnaeHbm/wBA8VQW 99qdzpSwNqd3HpV450CymsbjS7iZpVSC/b7bbSPl9rqilQyMGrubvx+/jW71HQ7m+kl0XU9RSTQm vfBtrqml2giaQJZandWuqlLqCUlQJWEbwvt3YXfVLQYYvHFhN8N38O20+pwTrHbaDbwav4ZuLgc2 zXpe/S9FvdWUn2cRF5PLSKTY22IBa+Yz/KOGuMc9zOnllf8A1kjnWHr4LJMVjJzebPH0o1KKwtTG 4LE4zG4+VXCYic8DiMVRr4p061KlSoVasamHOetSoYmtNU39Y9rFxpSnd1edaKLnGUpzvFvklJSl ZpJN3ivKNP8AH/xN8FwWNhqUt3b6dZvusJr+0TU9MZdwkSGSZNyXFnkDY0Ugkh3nYcZWt24+OAuL 25h8SeFxDp89uWGk214L7RrlvLMkBm0zVYJY/IkkPM1s0TgMGG8jns/FH7PPxB+Gojm0fX7+00y/ kjt1i1OOG90eSaZfltdQaxeeBGJLLma2VG2kq2K841Pwpq9jpU11410b/hF9NimFvDr/AIdNrrOn 30wcs1vb6MjTfZwEEzNLBJbRxlTvjJIQ/nOa5J9IHw7jieG8zq59w9/Y0I1J4XOaFHMcFRw9OlyU 6dTMJqVHDYapSdlUxNPK6EqdoTnXtSjT4atPOcC5UKjrUPZWbjVUZwUUtE5vSMWuslTVtLvS0vhq 5+EnjG+uxfeB9V8O3KwtKsuj6re3vhu3LNtWbUYtiS6bbbyMsHMYGeBXVaRo+h+HZYtd0TRrLxLC qTW0d/4RmbWdNtJJPNSVNbm1W6luIYnh3KypbRgq6/vSzYHmupWXim80HUbHwra6Vq3g55IL6/m8 NSpPqM6WCu8cuuROI7pZlB3OHgWNCg8tQBz5jpGt6noF3LqGjajfaRfQqojls7l4GLCSM+VPGw/0 iIgMWRxj+8CowfgZ8d4LhTF5A8/4KwdXMF7TELPMFk2X5XWnVVVtVcFCnh/qGY0KUYR5K0fqzq1K skpUuRVJ8n1uGGlR9thYSlrL2saUKbbvo4pR5JxSSs1y3b3Vrv6P0bV/D17418R+RrGkQWF/ZXOg SJrdvJqeo6lfajiKxt9MFw0wuNNi1QW52uoRUgIKBSDXG3T62dMuofE1lDBbxaouiS2yQ29ldWt0 qxWyzaYkSqtlbx3caIWwI9l6ysG3k1iab4h8K+NtQtLXxhZ/8Izr9zdRpb+NfDUKQRPdySKIX1zQ 1IjbMpXM9sY3BO5kIya9f8eajcfD2S18TWOn6T4kh1lRBca3fFNStD4ksTDa3c9rarI8Vi08ETze UcN5yEycoFr6/CPDcU8K51xFUzmjT4WyTE4mtia+BVeco0c0m3OnmGS1HOtT+p1Vh4UqdKSy+s8V iZLMKslO3RHlxGHq1nUSw9KUnJwu9Kj2nSbuuV8qSXuPmk+d6m1+zr4oFt4k8T+C7i8muRdRrqlj JdbN73umKmn6gkciSMsyvapburKeVtjwMGvr+vzA0fxrqPh3xf4V8QzXEsljYazcXKQ4gRIrK4uP suqwLHbooiZrZnYoCU/eqy4yRX6cpOkqLLEQ8cqLJE4IKvHIodHBB5BUgj2Nf2d9DXjeln/AWd8I TxE62K4GxzVL2q5an1DMlLGYZtOrVbjHEPGUoS53ejCk7Q5uSP1HDOJVfCVcNzXlhJaX0fJU96PV 315ktdktrpE1YniHw/pvibS7jSdTjkaCdWMcsEjQ3VpOY5I0urSdeYLhVkcBhnAcjBBrY3j0NHmD 0Nf1vj8Bgs0wWKy7McLDG4HGwlTq0qkVOFSnNWlGUXdNNP8AXc+jlTVSMqc0pxkrNPVNeZ8b6v4O uPhdrnhyx8PXc+oajrN+lp4fvr8Wq2/h2yQLHrGqyRGNY7rXjDczKkm1xDbRM+AdoGZ8UfiDFqNh FqdlGJZ4dSu7W21BzzYWd9Dp9xBNNZuBHdaobSGzmt2iOYAwm4cgp9BfEO5snuIdM1W106OS/s7q 28IXk98y3tzr99YX1pqNulrHHugsI9MZ/Om3HcbtEUBvmHxPrOoHT4dFtNSMzxa/qN5r99Cthcos FrcRwaTpM1nY3IwL9U0+SeMYZSJ4gMoStf5neNeCh4Y4bizhHhPMllXCmdVY8mFSny5bUofUaVO8 cQ1NV54rEqvHFXq1P7MeDlh6tOjhcK4/C5rH6gsRhsNU9nh6jVo9INciWkurlLm5tX7PkcWlGJ6H 8MbctomsQalqF082uWRtrSV79WNvazqbKG6NrcuzQsItVlcb1ZPKcPwGBrbt9Ol8O/EptPm0y/vd KawTRY7t4Z5YdPjsbDNvvklPlvePqVvHOtw+VViGVG5I8k1HV5/DWu6Zo80qTWqXFpLLJbu7Ld6L eG0torOUnBu7hNPt4HU4DQXBeMD5ePT/AIivJokmra9BLc3/APausJb2OlK8kTzTaTHbxu2q3cn7 25hF7HEY7RAHuUdWEgTIPwXDmPy3D8J06UcJOOP8JswwU8TUcoSqKk446tiI1aUoVHVpV8TJYaXI qtZSnTcIzqUqduOhUgsNpF8+XTg5N2vb327qzunL3dLvVWvZHs3hyznv7s3erQ6lKdXliFppc15b x3VlYRzGS/OrrFCIprM3TLNbK6eYHuZYI5FXbn0PUBe6n/amlXNvYTaZLohn01VLL9ovhI88MLWj zZDQCC1cMP73DLjFfNeh6t4o0211K+axm1jxVq01vqCaNPNtezs9YsBaxz3beZvgnSKDISJ1EUVv KiBWDCP2DxVr2p2GkeFhoS2F1rfkM0Viv2dtNE2nQiHVSt/Od08KiVwIgyGUIHZwocN/XXA3F2U/ 6o5vVxWEx9GGEhGtjKcqXPicZSxOIqYVUKlqUYV8ROpWqVXgaU5TwjlhsKqUKcrVPpMJiaf1aq5R mlFJyTXvSUny2eiu223yJ3jdRtbfx+S01zWNZGj6n4chj0LSxfyT6/Pp8sP9m2txGbWdhNazBbqF JzMPs7EhwvzhFUEe46/4ftPiL8M7LTdN1h7rNtp13petugnkuJ9Lfy/OuEVMSTyLFOskY2/vHKkj k1y3jQ3ev2sukW9na6laNcaZeT6ANR/se6nhawhluVEkaNm0hS4jljZCxyGVg2xlPVfDK8sLTw1a 6fpC38mk2FrqsVv9r08Wl59r0vVLpLuNbL5XKuZo/JXbkiPLNvc1zcDcMZVh+JuMeB82lLPOH+MM txdDF4vEc9HE1XGrQwtPC4dUY06csLhKEnFV/bVsbQrVKTqrC0qlBVlhKFNV8RhKt6tHE05KUpXU nrGPKrJLlinvdyi2r8qav4+99fa29pamDVtM/sxby01/TvEMcclpqJSzlktvEWrJagHS9QlW3mC3 ERMY2pA52ygnrLrR5r3TrpLTxFcCa90eHTV028gtNUhE7JG1xHPJKxjns7mVSGWX7s8bAEq7GvIf iBBq/gPxVfXllq0Njp2saha3+n6ZfR3M13q+j62q/a9Fu7W5iZZrKC5adWTexgMygxqGQjvdY1fT dY0vUdZ0IyQeXps1pqEJuYoowI7f7VFFp13Am+2m85jLbyvH8r2rrlcbW/MMkzbC08VxrknEdGrU 4kyKpKliKU8VKjUr4eEK2HhXwksJOD5I0aPtqkJUaanKu8dDD1J1FJefTqRUsVSrpuvRbTTlZtJO KlDla0Sjdqy351FtnlelWetL4vjW5tdJ0rxTZA/abe+GnnSdVsUt2xB9uRDJo92bYxi2klZSFHlC c4RR6X4YiOs+DviZ4V1q3vPDHicaRHqWrXeopdzvcW9gjJp2uLGsjfbHFraGKaRZDJKIomcMWY18 9+NPFl3Nc6N4shMx1K70mPT7jUJDCx1K1+yW4S31iyfdHPIUkk3uOJQAxBJG33T4K/EjxV4suRp1 14fs9Vvf3EOuamq2dgg8MsBbRvKikNJdK0jCEbWjdIZEAVitfCeFOfcI1OPK/BM8wx9eeaVMxp0l UwssZSx+CzbL3h1KrHCxp18NmUaVSPtcTguWhOhHFe+3UlXqceXVsNLGPCuc26ntErx5lOFSHLd8 tpRna13DRpS73fz9o+pfDLSb3R1SPxV4g1C31W2vFuraS30iCOa3uYglha2VqZWuo5QqvvyrswRQ AN1es+KtH8Z67JceHNN0DUbafUZZ7ltOgtLbTtOs7DT7+J5NRijJQ6ncXET2o891aUNZCNSxY45/ xv8ACDx94Vv9d1u30O38V2Imujpeo6e0cN9pVgWk+zXMlnp6xSvfojoG2pIqLEW6sCv2b4L1K/13 wv4d1fVLE2WpXGl2v2mFmjlZZjFGJ2SVDlQzxgshwysNrDK8/U+D/hRm+d4zjDw74wwmJ4Dq4aFG rTpYTK5YRYnBKpPCYmU8bV9vDFVKkOT2FR4rGxjGrOUX7SnBUN8sy6rWlicFiYywcopO0afLzRvy ybm+ZSbWz5pbtrVacd8FvG154t8N3tnqkCW97oWq6lo9seVa607Tp0htpvJZB5bwLJHA2erQZ4OR Xf2usWt/faxpQfbf6LNax3cbgpK0V3As0F55LKN1rIVkVHGVYwtzxivnDxx4n8Q6J441y38G2ip/ YNtaeIHgtrGWFNbuY7S8ur+xvblcG9tpZbmBPLhwfOky/wA6Zr17QvEMXxH8Mwa5ohHhjxh/Z0sI i1SzWW5065jcrLaX1s+06hpAuslTkY3h1CSZFf1Z4f8AG05Uo8B4nNKmc8U8GPEUK1SrQVJ5zQwU quFqfU6kqsaKxNGt7FONWopVIxXPJRqVMRT+gwOLdlg5VHVxGF5k21b2qg3F8rvbmTtu7vru5Lnp /iDq9xq3ifw9plk1l4r0O3fVdD0/WUMFp4g0W3vGi1CxBif92zR2jTQ3Csz7LgOF2xyLWjca/quu 6eupWenf2t4f1G5t7a3uNEmaLWvDi3No7Xt7qMMsmy6ht7lYCstvktDcLKqEA5+ZfGniTxn4X8d6 ZrNzpF/eG1Aub7R4knuYNO1S3uJo7c6Vqaqz21tMXYuN6RyW16BIpB49f1jRb+wh0DxLpmq+K/CG i3k0msXfhO0gtJ7+3uruOzE/hTSrdZ1WKMvFfXJkG6OFFd0bbhD8ZkniBnec1+LcHVnj8XPhvEun iqDp0sLUjhK1ZvCYtrFQWEcadOvVw+MpOdLEzWGwrhh6VehVqvko42rVliYyc5uhK0lZRfK2nGVp Ll0UnGSupe7FqKabMDxL4z0HwPceBYL+xvTofinTpJb/AMWaTZWkNpObjagg1i2FkoujLcvcXM6o YmDpHIRJ84PIeMfH2g6d4ps/FXgy0S+1fwrFLH9nhkSKLVNLezjebSooooUFm8unMXRZCxC2rvGk hRCMjxB8S/C3xJ0TUdN8VQ+HD4n8LahcJb2WuXuo+GbbXdMDliLC+KbbDUxGIVnS5iaIhAY2G5iv jniDwZZ31sl1beHPib4at7VhdLNoejWnjTQrOG6iWU28Gr6TrCm5jEUiNGWIKBpFIUMAPyXi3j3O q0cWuC8fgOIcjrTwWMwUqdOVHHZfWwlONOpCVWdKrg8LUo4zD1MTCOJxM8Q5K8nXw1RVY+Xi8bWa n9UnCtRfJOFladNxSTV2nCLUk5LmlzX3vF3PtuH4wab4n8BzeKPA8tsdaubGzW2sNbjmSHSr6/vH sM6oLfmSGH7NeynYQjx2e5nRWyPlzSPFupah8YoNM8Xyz6v4d+Jvhu58JXlxrkyabCwme8Rbexby V+yP5+yGKOIsWe8DRu421rW1xoGieErPwQvim+1zxSNKvdVn0zU/DWp28dzZ6+0GIpbTSvNuXv7X TJwk8CmVYkuZpcgxvtlt10eC60PWH8Y+DL3UINR0zSF125ttS+xaVJbzrZxf8I1Lb6WLa48UG+Fz vjBKIly4IU7p6+tz3ifiTi6pwbXzLOsNRx2QrL8RmFCjicG8HUrxm1j6FfDLGVaXtalKrVwlenz1 Yxi1Pnw9G6qbVsTXxf1SVStGM6Hs5TipQ5G18cZR52rtNxkrtLe8UtfmeDRbDwVf61c3sj6Xe6Vq E6XZhuhqQ8HFXmS10bSbiQBNY8eywBlSUjy9Ni33En78ARdp8PfHdiFHjH4hWdlb/D/wtcLpXw60 t9Nt9U1LT/E0hjljl0a7vV825itYit7qUkjsjzPEQokZFG58VfhL4+8c/GDWdG0bQprTwPBqt5qU OpaVaxT6VY2lyTc63qlxHZyu13r894l2BG/+kTSqkIVUAC+XeK10HUpreO5XVtM8L+G7R/Dvh7wx 5Fs9zY3TRtdLeapcPOsNrc3N8IZdRuXdpGe4eFECRqR+CVcv4g4CzjM5YLLpZblOQ43E4XBQxdJ4 fDZpiqFVOpiaykqUa2X4S1LE2go/W8SsHyUVRo08PgPCdOvgqtTkh7OlRnKMFNcsas4tXlLa8IaS stJy5bK0VGnV1u6jhM4GvWWi+IYNYub42M2lx6ZqmttNvYX82taRDKqX811ueLPk74liZwHaIt1v xJ1rxD8P/BXh34cLql1b+K/ESf8ACXfEXU/NZrlZ9QG3RfDst+gIjgjs3MkwBwzSgtw5z23w6+Hn h/XvFN98VPE8uj2PhDwqLC6tIIruO5TxFr1pYLJExuEijivLRLm1l2LboGuJoVTZgfN4Xq8958QW 8R+M76+tINT1G+vbuDSp5r1JtXl+1W0Mmj291dyRLbW0FjOjLGrSoGsyqKGLVeY5fnGScOZhjaM3 hs14vWJw+X+zxFX2ksowc4PG4+UKtS9OtjpeywdD2apyrUPrsaVKo8RF1CpTrUcPOafJVxXNGCUn d0oNOdRpvSU9IK1rrnsm5a4J+NXxQXTINFk8Z65LZ2moR321tRmked7aNYYIJrkPvls0jQhYw4jO 8kqTgjY07xJpnj7R08AP4c0jQ9ZvL281jQ9ZsJZbS2n8TeSVh057Bn8m0t7+zhhtXZMbrmG2lYcN nx/UZYfNkihgtYNjHiLzZGViMPEZXbkpkqSAVJjypIOTSgupLSSC5tnaO6t5RNFNkExyoQ8MsYPK yI4DAjowBHSvxWlxhn8MV7HOM3rZ9lsoLDV6WJm8RzYVyiqlKhPERnLDz5V7lWl7OcJJSTvv5Cxd fmtVqutBrlkpPmvHS6Tldxdlo1Zp6ln7NqH/AD4Xf/gO9Feuf8Lv1b/oAaB/4Ar/APFUVt/YnAf/ AEWNf/w21P8A5cV7HA/9Bkv/AAW/8/6ufqJoXxC0Vtd8Q+Jbm81+zt9IsLp9T8KT6jPfPYXklzFE l5a6akzQtBIqyJIN6izui4chXVl57wv8QNW+M3jXUfDFxYR2Xge2NlrstjdQqdUEejTWzWtrLcxs FMdzqRhklXa+EQoj85Pzr4ktfEPw98e6na2bvaX+navqcuk3bJmDUdPu3M/2OSGVTHdW01u4zGwK OZGQ5BXH0R8DvGfgHU9YuZotJPhjxbcabcRapbQyyf8ACPPbw3MMxuNOiuZWbTwSAZIgypEFPBXB H73wT4kcQcZ8bZH4c8T5/R4Qo4DOsW85y6tCVBZ5JudKphPrEYOk1JyVPEZbKOGw1aH+0UJTjKnh 8J9PhMdWxeLpYLEVVhYwqy9rBpr23Rxvt5Sh7sWvei2mox+qI7WCJPKitrSKLnEcdvFHGMnJ+RVA 6k/XvXyx421/Qr34mx3Pg25vtJ8a6TZXmn65ei3l0xWkj2nSrqFJVVrmW21OOyaaQAiS2nV18xYm x7LoXxa8CeIdd1bQbHxBpyXOmyCOKS6nFpDqG0bbhrGe5VY7lUl4yjsXHzKNvNfPnii30zxH+0f4 ZeXVvDkmlQ614Tsp0XVbQT3CQvBLMrqmRNIZJCoBYkqFUelfvXjfxRlme8JcGx4KzXLc7oZhxRl2 XuVCrCc6FWnWqx9thsXRq82CqYarStOrCnUlUw9SdODjCtzy9jNsRTq4bCrB1KdZVMRCGju002rx kn7ji1q0ndNpaPX9M7nw/F8SvhtaaJ44sGhfxHoGlvrdmoEc1pfvDb3MphJBMEyXK5GOV6e1fAH7 WCeIfhp4s8JjwdHfeHfCtj4cg07TpNPdjpTzI7iWyvLdlaKacrE0jecrtN5pYk4OP1EZTnjucDkd uPWvgv8Aab+IXguePxP4Z1rTNX1TT7O3stLvdY0o6ZLBa61MXnt4LX7Rdqy6haM0BkG3b85VmBOD /W/01uC+HJeB+ZYzG8TQ4X42p0svw+Gz+UfZ47FPKfrGPp4WviaFN4inhqtX2+IrSpOnTo1Z+2lz csaU/puK8LQeUzlPELD4tKEY1npOXs7zUXJK6i3du1km79En8Kjx7b61p9vpeoqnhO7hvptRTxD4 YtTbx3V7coscsms6fbur+UcFibR0VSxb7O9N16PxHYWFpqviSw0nxZoF/I1tYeJbWaKQ3LRgM0cW r2PlzwXCr1ju4y6k4KZryJ3QOwj3NGGbYzgK7Jk7C6qSFfbjIBIB6E1oWGt6jppP2K7liifcJbZi JrO4VwodLizmDRTowVQQynO0egr/AJ/IccYrH0q9DiKtXxGJdOFOniaEqfK/ZcsYLG4GrGeCzCnG mpJPlw+JdSSqVMVUS5JfjP1uU01WcnKySkmulrc8H7k0l/hlfVyex2Wm6foOp3tq+lauNMuhPDIm m+ImWGN3WRCqWms248p33Y2idYASBluTXp+m+Jv+EU8d+JfDvi2wWXwj4uvZrfUbDVo2a0iaSZv7 O1xQhwjBnRpJbdsiOYlW3RgDxNP7E1wFVaHw/q7AeVE7FtAv5DgCNZZGL6NKxzjeZLfPGYV5rqfE WsarpGtvpOpaWL6xvLLS7oaBre+UW9xfaZah5tOukZZLOU3LOVkgcJIANwda+s4Zzh8PYOnn2BjR wVbC5jhHHF4WFSvgcSquHx1GthcxwE06lKliKUqlDEUoqCqUKr9jgq0bTN6Fb2EFVgowlGcfeinK DvGacZw3SaumkleL0g9333iX4K3TnU9Q8MX1tFpejPnXNM1u9WC68PCaFLhZ4r9k8rWtHa3KPHPH iTZxIm9TX2j8KNRa+8CaFBPqOn6pfaPbLouoXWmXLXdqbjT1VIgJ2jUyObJrRmO3BL8E18PQ+N/+ EZvdP8Ia/Pq0F74aligi8R6dew3F1pGoXe06nZ3dpOrQ67okUEkdu1vKTxBIY2AkIr6g+Cup+E4t W8XaHoN/dLeTyWut6ho11pEuj2sV7tNrf6joUMszj+zZs2jNEGIiLKY2aJlx/aH0bcw4IyfxOrVO FMPTyGvxJTqZbmuArY6MJYfGU4VMVRpYfB1VRcq1KrhquGqRw6rUGpSr4R0adWrgMB9Tkc8LTxz+ rpUpV06dSEp25ZJcyUYu12nFxdrrVuNk3CH0NRTdx/unH05/EUbv9lvyr/RXlb/4dH2yi32+88n+ K3hzTNVh8Oa5qUk1rH4a1O5me+gIDWUOo2MtqtxN8p3WiXosmkGQMDJIGa+HPFtv9l8Q63b6xfX7 2Wi2Hh/TrOK5jkN/dRjTrSOGSC7c+XBMsZuCzkuCrsFV8Db+hfj6/u9O8H69qViubnT7RbtYi+xb iOGeJri1dyjbI5YPMRm2sVD7gCQBXzf4w1LwNezWFlrNxaaYm2AaBHomsu1/BJPapp73OoxXdqkE ttBO7CHypEaRRvC7WzX8MfSf8P8AJM7zPEVqeZYTJM2r/U8dVeKjUhRxc50MTllONWtGpGlJU4YS hOEKiVqtKlSl7WGLtQ+Sz7B0qlSTVSNGq+Wb5r2k3GVNJtO2iinr1STupaeUeEl1CTxjbxWmnaZF c3gt/wCxdWvY2u5mg+xiK70mzNzIIbnVZBEVWVgwhdJCpQPuX2i41PT9SivfC9xrOoHxFZzapBb6 pZWotb3TTb2tpepp8EMAP9qx/wBkywJ5kTiQ/Y8xsgZmbzHUrrxN4cc6Qrtq1v8AaDfafdQb11BN IsZYI9RSykkPmwTyXKWtvdwRujR+XKghWMFn6fXPHWk3ltbajoT2SXnhy1F1cwedb2d1f3Dxw6Qk r6jIytDNHKVSa1dw0sYhkUOvA/G+Ea2W8L5Rn+VY3MJ4fGQxHtcXhcXRnD2+HrtSxlPB0cPXhRq1 8PTprEUswjKvXWG+r06EY1o0WvMw0oYenWpSqNT5ryjJWunZyUVFpNxSupq75bJWdjat7bVLCz1X StHv9EuZIbbTV1TWZZrPTbDVNJh+3/aLKNSHlis4bGcyPISzyzRlDtVjmLx4tzq/hzwYdGNtqUmj Xc3h672odKuvsz2sXk3qW10AiF7iwu3W4yqRi2JG7kV5rrOoQaXo9tqHhvTb3UL/AMR60NsFxqMd 1bWeoxtPJc6JcaQ0YM3mNPJMEwIpo5FlaRh8q9Nc6roWsaP4v0TRNeW7uNX0m7gu4GaRNviGzjj1 XTtK8OyROEurU/YtTEoGA7OsakxjL+i86wGNynPuF/aew+sYGEadGOMk+a9armmX0Mtni6UFXqVJ 0cOsZN0sZUhTrrETftvbKroq0Jwq4e/LzQVlzb6+0gqbktW2kpaSaTu3e9+qg8Q23izwZr9q95ca td+HtXthc6lFDZxTvArC7si6tHC13p1u8d3F80kUkpjM++PzUFetfD+DXNTvdH8TtqD3Gj3ej61B NavdXEv2aW61CxudOTy7obzIqJc7slzGJBGXYDcfifwHdeJW1nStO0S7uXaS5N7rurXM1tPZWNpL ZTT6l9qGyRJ7aHSILyR0cvtlZdoD7c/Xfw48R2F3NoNr4ZgvbLwrd+HPENxDYJZhYr+5tNetrQax IyRg2moyLMztbhgsUUo2hlUEfceBnGdHi3N8lzTPXXw+Mw0MPhGozlTeKr4TMMNUw1SnOc5yxFDB wx0cNmTrVKk3OrTlCderWlGh1ZRiliatKpWvGUbR3a5nGcXFptvmUVPlndt6pptu0fCPEHjF/EHx B8X+E/FUrwabN4kll8I6jrUcUaeG9Z0+Q2tjEWuQ32fQr024huNmdpaO4GCrGvN5fEer+HptZ8Ja 8osra4t4NN8SwRQOt1HLCYRb3KOz7XljSNXVEYxSLBwWSRjXffGTSPD+va+moWsFzofiTxPpvnp9 unK6Brd7Z3EmlXWnx3bRD+y9aS9sVUiZRDcNMhMsTPluBs9d0bxLHZ+B/iGNX0TXrKWHSdI8VXVp AdR0bO61h0zxMZSkmp+H43dQhZPOt1clZDGMV/OvG39tx4t4hy3G8SU3nEswxv8AZuaVKs4YXMML j51K0MozGpU9l9VqToYhfVZYlqH1bETwtSp/Z0sLiqHiYp1ViasJ106jnL2dRtqM4zbapzbtytxl 7vNpyycW+TlkuN1uKUW9wq3FjeWAtI7uy1DT2kS2jSCVY4YHtZhm0mM1zLmMHg3IXO1MD6D/AGcf A+qX+qTfES01aTQ9IgnbR4dPhhW5l1lYobb+0RcmVwkNqZlUg4ZhISU27cn58gT/AIRW88X+HdbK yjTpJtNkKWhmc3sd0qZt47ggfYpkt3dmZdwVI5Y8OFNdX4c+Mfi34Y2Ftpeimyn0yW3tL+PTr511 CzS4vx9qvWjlhEb28hDMsiBv3b7Rzht3znhdmnBvCXiDk/FniBQxdDLskdWpPDYV1HiMFmeGr1KW HU506tKs8NTkq0uT2vNOcacKnt4xnFc2X1MLhsbSxOMUlTpXbjG/NGpGTUdU07LV2vq7J82x+nDO JAXU4bOCR2KkFTjrnGR7/lXyT8YPF8Xwx1a2j0KW80geJ72zk1qS2huZ7OxtZrtZdb1Ozt7m4+zD UpohEmFjTbuLZLOaj+FX7SFvr9z4pHjdk017e0Gq6XZ6VZSTW8Wm2Mbf2hFCQzTXN2qN57mRuURv LUbCD4j8ftV8bWPjiw1m1vpv7G1uyjvPDGoac7yaLqtjcSSNBF5FwGhnuFs5LRJ0kQ5zuxsYGv7b 8YPG3hriLwhw/GPAeLq4nFvGQpfWKNKMsdllOderhalerQjXpVsMsXGHs6TlVouarUrzp1ZUkfVZ pm1CvlccVg5OU3JK6Xv005OLbXMnHmtZap6rVNo+nPi7pPh2PwOddt7lLQ6NJYa+VNw5/tfTrua3 trmO9t0lX7QJYbpWUqBiYADG41oeHviH8OvCXhTwyJ9Z8PabHcW9tbxWuhrLPHFNLZ/aYorhIxJK tw8UYy0xLvJIMkls18Aa1451Xx9BZWXiYmTUNHtlstNudPSK0tl0y0Cy3NlLpdqUS+PmRJLhNrHy j5RyFQ5s+sa5p2g6dNZfZ0SHU9ctLJ9Pijk+zwXtjaie1Yyfv4gqPcGN5D5kUgKoVMZr8hq/SZwu D4uzji7g7hDD0MHiMswuHjOrSnOt7ajiYfWKlXDUp0FRbpVIU/Z08TOFT2NCcqjnUao+Y8/jDE1c VhcLGMJU4xu027prmbimraNKylZ2Tvd6fd/jv4aeHfjRD4b+JHg/xDd6RdFAl3faYslte67pNs8g OnRq8sQt9bjnSSGF5TsBkKy5VVI4Dxn8QtU8I6H4T0r4geFNQh8K6kr6BrEc9xdXOuaDfRkXmk6r ZaxcEjV9QTTJkF18wWV7aeIEAlRzvwF8Vaf420K8+DfjSUKlzC+p+ELmxuIrfUbefTJGmmLzWUoZ NVhuI47mAucyrG+4Mo+b2g6D4qSC50H4j3fw/wDGvg1tRubLw1ZeJ7zy9au5ILWOPQY/7SEBSPV5 r4TJKJA8sYJaN3yQP2LLJ0OPuH/9fuB8K+G8746w1Glm+LoUo4jL1nGHlReLo5xldVzq4XCVoQgo VsLUxMsXRx7qYihKuqNdelBrG0HjcHD2FbGRiqs0lKHtY8vMqtN3cYtJWcebmjNtq9mfF3xn8L+O NEuYbnWZYfGfh37LBdWPi/Tbe1e6Gk3Qb7BFq1zbxvJbqYFOxrver8hZXwQMb4Upq+m6rb+JtJ1b Xm0SyWc2dlBqsmgQ6hqce3daarIT5FxpVsJ45r2TJDR+XCgMkscZ+y7jwB4e1sJZXlr41+D8fgS1 vVsNaivdLGjXOhzTC7ls01i7eYa5o8bHz0W4VYoFumhCkbkHG6v4h+AMsum6NoXja00u6kuhcW+r aR4T0270y51nT4AJ5gJ7KKyGs3EzRMhMbRxytH5AjLhq/NMb4M08o4wfGdbiehklF1aVTBUcdmlK ni62Lg4QqUsNUzOWBxc6WHxP7mFPMsNaqo4eVSu1UqU4+bUypU8V9beJjRjdOCnUSk5JpNRdRwk1 GWiVSOvuty1aXmP/AAkFrpOoJr/iC00zXNWvQ4OqWMUmieKrizN2q/ab64sI1TRPD5jSVBFPC+pa x53liGOKUR1q6p4D8Q+IL/w1Lpnhfw9HpqeIrO78P+HNcE1nP4e0m7mSS4ay8NxTQ3FlKba0guJI LiKXy5Y5XEktu5ZLviHTP7c0uHWf2eNXg8R+NNOu7jS/EkPitoLPx7p9xJD5KXuh6LrS29tpV6Ns ytNDbicAgRTYVhWTpHwg+Lnhi2jm0+8sJvHutNa61408W6/4it724gsbW7iuE8FaDbG6kuNQv5TG TqEwVEkBWzjkCMxb36OS5tVxFXLq/DuN4tyFqninjsqhRxGGrObhJRp5l7PFf2njKmIio4nD1JQp YOeHWKq4qtVpOpPRUqrlKm8PPF0NJOdNKUXe2iqWl7SbkrSi7KDjzOTau6XxZ8f6hp+u3uh+F/E1 3JpNj4h1G+1hdLK3eoeMNXSW5lvNBlS0uEi8OaDZ2MstuGkKPO6y3TxyMgevLtE8A3HxQ102l5Lr Uuj6Rb2Wo2/jRr+xlTSvBU1quoRzeK49SLf2vdW0dy1ujxETM1vLHgxxIE1fit8MX0XxH40upfBf xIv0vr/UPEEGq6ZpkGl+GpBcXTan9na/s0u5LhkhvLqENKkTB12hR38z1n4neJbLwD4Wh8O+Z4X8 JanceJfD2q+FtLvbtbe/i0q70+9K3epTubwzPDrLRuyyIqhSqRqmUPwXFmZShxRxBU8SMJiI5blk 511l1F4iftKcMTHCU8OpYiCoUcN7SrQq4jEUKk8Vy8tamq2KqV8RPgxVW2JrvMIydKneXs05XaU1 FRXMlFRu4uUoty6rmk5Sfs3jWLw1F4b0vRPBepax4c8K+ALhr+0J0C5XxB4gvbq8hjvtU0nVLu5a 0nnluJLF0uBte3jcqwRAQ3zDqqXV/Ot1Z6lrdzBHbTX8sF7Bb7LVbBC264/s25CxsLmaYM/kq4Mh kzJuJrIh8Y3OnXVxaaN9qOk3l8JrWK6na61i3s5x5Mllb3TuRHIY22BtmS8Eco2sFIztc1K3jlur KWSLXL1rh5ZtcLSxzpI+d8SSIFN4+BH5sko5dCiqAC7fl/F/F2W8SpYunhIZesNGnRlRoVK1PDRd CKp4aGHj7SSVFYalGjThTw8YKEFKo4SaZ5mKxVOvaah7NxsmouSjppFR125VZWikkru1zEvYxFcS iJNsAlbyPmaRGiLsITFO0SGdNi8OVXd1IB6UwzE4HXOMAE565PWo/M3tl2baCATkuQueqhm5HJ4y PrT4FaeeGCGN5pZpo4YYl+V5pJZAkaAjO1mZlHtmvyGUFVqP2cLOpLSKSvdvZJL5JJeS7Hl6N6K1 xdzejfp/8TRXb/8ACEN/0HdA/wDA5v8A43RXq/6sZz/0B/8AlSn5f3/U1+r1v5PxX+Z+qkVn4h8X eC9J0Tx14YsYda0eE22pnxJq+maTe3elW6SEaxp80cjXFheW0aRGUyRhPnyySITjx7UPhnqOkapL rXhPx54Sv7bRlSa41RtWB1CziuFISHVbK1t5xcqbZ3R5kVoZkY7hjq/UdMtrPxDpT3Ny2h+L4Z7u 00LXYp5bTQvFsds721tZ63e6isyaDq5hxDLA7TDawhufKJVqy9E1u5F06+FPDOnaZrNpPP8Aa9Bu ra5vdVhltpXkuf7A1C7nVJ7MFZC2nt5bp96Hzc5r9k4lxOQZ7XyvB8TZPiMRnWVulh6OPWNlVzef 1PD0fq6TweAwUamNpynCWIw2Il7aqowxGW16kMXiMW/o686NWVOOIpSlWp2ip816r5FHl+CELzTa bT1ekqbalKZVXwH4e8Qo39n+O/A9nrXzTPpNvPqr6fLEgZp202aXTw28tylsN7L8yxsylQuH/wAI xomh38Ev/CytAttQ065hn2R6P4nM1rdW8iyqCDpgw6uq/wA67W3EXiR59N1r4c6XDqGs3djYaf4z 0rQNQtreDUtTuDHa2muaLDcRC3uHnVkkkgCSR/6zy3Qgn6N8Ufs66LqHw503w9olvZ23izR3/tCD UYzIE1PUbnyv7TsJrm4ZpDYy7Qtv5jMYTBEeBvzy5D4JY7jzL87zvgrg7LMxxfD+G+tc0q2eYWti cTGq1SwlPB/WaEaeNqUqdWtGvQr1sBUlCFHDy5nOcZoZVPGwq1sJhadSdCPM3etFyd9IqKkrTaTa abg7KMerXvHxK+OOpaZ4Q8KeGtG17T9K8eeM/A8HiCLV207VLpIrcWolurzT7RLYtHcyW0F68YkI dG27UZhkfmJ/wj3hrVL557/4saGZLy4ae5vLvSfE7zSTTuHmnk8yxw7licksMkcn09f/AGsr/UdE +KmgWdi91Zy+EPA/hDS7W5h3ILe4g04SSLHKBt3bpcMOQQSCCCRXyOZcsc4JzzgjqeegFeh9Lvxm zbi/xTzLhni/KKfElPw4xNXKqFLE4jM6WHjDDUcLSrVY0sNmNCP1rEYyli5YrESg6lSmsNT57UTT iXNKuJzGph8VTVdYGTppSlUUUoqKbtGaXNKSlzNq7XKr6Ho954R06OeaHTvH3g3UhHK8cTvc6hp3 nKGIR995p4jQkYP+sKj+8RzVF/AnizYZrPTBq8AyfP0K8s9YQgE87NOnkdRx3UdK4MyEck/pSxXU kDiSCWSGQHIlhdopByOjxsCvT261/JE8dwxias51+GamXwk24xwWOqRUU3omsZRx0pqK6e0g31kt z5tzoSbboOH+CbSX/gam396NO5tb6zkaK7sbu1lQEtHc208DrjqWWWMED8K2te8QQ6vZ+GI0F6Lr Q9CTSLme4nWRJXh1C9urdrML80MKW1zEgDEndGcAKBUdl8QvGenRyQWvibVvJljMUkNzcG+haNhh kMd+sgCkcEAdKxJtWW6wbuwspHBJMtvAthO+cZ3G0AjbGDjMZxuzzTlVynDYPF4XJ80xMVmsIwxF PFYSlGEY069OtT9nXo4ivOUlKmm5/V6LSvHWM2g5qcYyjTqSXtFaSlFJaNNWalJvVb8q7dSOW4aR 3kkO5pCWYuWZmJ6lmJyzEnJJ5JJJr6I+Avi68X4h+FklvZTKfM0O5hknYxahpVzavb2zhGbaby1l Ft0ALwRg8mL5vnO5l0owxPZvfLcl2We3ukt2gjTgo0N1E4aUnkENEgGM5PSk0rVptJ1LTtUt3aO4 02+tb6J1JV1ktZ0mQgr0OUA+hr1eBeJcXwJxpw9xDTrOvTyzG4PFVVSqaVIUa9Ov8SvaaSaakr2l OnOLhOcJaYTESwmKo107qnOMnZ7pSUvv+XdNWbR+3FMLgHA59f8A63r3rPsLyPUbCy1CE5hv7O1v YiCCDHdwRzpgj/ZkFXM46YPTqB+Pb1r/AKB6VSjVpU61Oaq0q0VKLWzjJJp/NNNH7OnCyknzKWxk eJRcy+HddSxm+zXraTf/AGS4IQiC5+zSeRMQ4K4WXY3Ix8vPFfnNFf6R4g8M3cd1f2Vx4n0k29xp ccjyva6ellcWGmapcahcxsftFtcC6WQMx2o9p5gOJMJ9+/Ea6a08AeNblTsMPhbXWDL8pU/2dcAE MOhyRivyH0u7+zWerSNE432kdslwjMJIrl5QVKOpG5Sy/OpJG0A8kCv8/wD6ZfE8Mm4m4Jy+WDjj aGPyrNPbQrTm6UVKVNUqtOnFOMcRSnTlOnVmpRjUVKpyqdGnOHxfFGJVLEYSChzRnTqXTei2s0u6 aum9nZ2ukz03VvFeq6rr8t3ql4dNt9Mv9llDbSKXL2aGaNlc7TfRGCIAyvkslygYyEqKxNP8T6nP fzx/2dHqN5qd+W1C0ijf7XqjTS73tY4IVKTXAumeVWaMlXQH5kUKOW0nW9TEtlYWKW0l6LhIrBf7 MtLqe4knlK/YZZJIWcwM0zgAZ/1hU/Ljb02oyjwtM2k6MyXHiXUUMUt/bGEpottdBopdG0q6j+W4 1LJlhurtTiPy2ggbmSQ/wxDM8wzRzz6pm2KjQhiHUxdScY1Jzq1opU8PRg5yp1q7SnRpxVGjCNJ8 1VewnPk+RVWdS9X2krKV5NpNtvaKV2pPRpaKy30vbtNalvdBmvtM0SefWtT1yP7VrepWZ82HS7W7 Ut/ZtpaWRYWt4qtKl3eJvUbWt4mMfm73eAdG1HTfEGma7frHHDZ6hZQaTBd3VtaRStPBdtBqCTtm KS2tbWGWecHaGHynG5iPKLC+lt1tooP3N1ZmRYdWC7fs6zTOhtpUkYCez8xtwbDMhduGU7R7J8MN C1fxTrEOqa1rljF4ZA1OLXb6FvtBciyYtaXVhLDsiMml6fcAEIiJbRSDcuQrfXcIuPFHGHD31HLs TUxdHFUp4PC061P6tg17WMpVa1aulObo15+3rV6vNSm4urVqWToR6cO/rGKoKNOTlzJwimuWOqbb bs3aTu5NWe7fReiaqH8IaHrOseELU3MPxBl1K10NdSiVIfC+g2iOniRZo8/ZLiN7yLybcKrK1tuk YkGuy+AWra7ea/b2N1f201np/hzWNUW10iMR6YRqr6Qtvb36gqg1CKeO5JEaYjM7oCFwK+b9T8bw eK7nx7b/AL/TvDV1baPNoVqqR48O6fpUy6Xpr21lhjJZfY7pBc+UUlkWUyfMylW734Sz33gPwxZ6 xFFGk3i/4laH4el1mzeO687w1YWcmqXi2LEbfLluAytu2t8jBlV1wP2vgnjHBLxR4bzDKalenwbk tPEVa8cNUlToQ9hjqjlKnhoxT9jmmYxo1qUsTU5KGHr0cC5OGB5D1cHi6f8AaFCVO/1WkpN8raiu WbvaKW1SpZxcnZRkoX9w07zVdE8f6P4j8Esr6nrPh64n1/wjpXnww6kvlSXH/CS+GdM1ZoGXWgkC Ry24KrK625QEPGrN51p+vS+I9DHhjWBpGqXFsby602+vtXg0rX7nSlijd9A/ted3lhurdlnaK2u1 lgkBdFZWSMt5Vr8txofiaW90zVJ5l+1x61oOtRNJBcT2txJ9qsL5TuzFcqQFlGSUlt5EJJU16Hd2 8nxStG8XeGLa2tfiLpw3+K/Dto0SXHidChz4r8Nac3+tvNqSC+tYgSsmJ4R8zAflC4qzLirHZjh3 hFU4syunVwWIwdFU5vO8ppVpVIxpNwr08RjsvppLDUZKpRq4KjQWDjCOGnh8X5rxNTETnHlviIJw lBWftaad7LSSlOmvhjrGUUuW3K4z627stK+IdtpdvpOoxR/EvR4INOh0XXIbXTrnxfoVtp+21juN QhuXtLvXbazVxFMHja4hIVkWVVz4bqmgeK9NtfKvdPvXsY1WRZ7YDU7BcgFUF7ZNLFGy+YwK7lKs zAjcTWPf+bo0ulNbw3Wm6nbwrdS3LSTwXkd8t1NtIjZVNpLEIUA2/NnLE5OB1+vyT+ItEufHnh4X ljPFLbWPxB0/T5ZIbaDVLhM2niJYrYqq6bqEsMzSIV2wXiOo+WSOvks2xeXcYUMwxGKyurg+Lcso +0xCwdeSjjcJGjB1MTVoV6M51cdhYwg8xlSrUadehGeMVGMqGKrV+WrKniY1JSpuGJpq75ZaSjZX k01dzjZc9mk1edvdk5cx4efXbTXtIudI0+4u9SjvYja2TWsrreYG6S1kRkxJBLbCVXBP+rZicDmv uDXtL0XWPhlf+BDa3Omp4at7DXNFsJbe6vNW0X7JqUp1rULZrlWOp6JE+oW8aLGxkkhEkeMqhr42 8OeNvHd1f6dBBrer39vpMbyraNeFALNZoZ5bUXUkiNEZpooIg/mBx5pVWCsyn7u+EHhHxpqvhnVb z4h+I5NQtPFNnciz0WFppdU0K2vZkaVE1+dvNQmBEj8lA6ARKwkLjNfvX0Z8lw+dQ4l4ZybA47OM PxJg8VQxFTFYTD0sFh6E8NGNZTqrFyqRVfFLDJSozq1J1MLhqv1SLoc9P2Mhpxre3w9OE6scRGUZ OUYqMU4pO75rrmly7XbcYvl0uvhHWotC0HVrjUJNasfE1zFNnS7eF7mwtzDFFHPBfakRaAzB28yL 7KPLk3KPOaP7lYPiDxDe69Hd6pJbWf2rVdZ1K5JsYFQQgWtlLNDDGBlUUupO1QOSQQCQf1Et/hJ8 OYFVZvDNjqhj2lZtbe61ifKII0DPfyvgBQABgDjPXNeQfHjwf4A8HfDbUvEGleDfC1pqWm3+nnTR 9heCJrm/uo7SdHjtJ4jODbMxKFtjeQu8Mq4r6biz6LnGGQcNcS53iOKMqy7JcBQr5hXwuHjjJy/c xdWcnWrQqVa1WNF1oUuebSclGFlKRvi+HcVQoYitLE06dGnGU3GPPf3dX7zTbdrpX8rdT4Z+G8Hi dfFuha34Zilt59M1aymGryeXb6bY7pljlN1eXLLEymFpVMRYtIGKBTnFfSvjdrnV9C1H48/Dia61 jUJ5jYeL9Os77Um0Xw9qumRQxz67p2jyRxvqtnuFvIPP/dwiQTGJ1ZtvyZfeOfEN7eaffG4gt5NA lF5p1jDHDDo1nIghjD2mikeRHJuCkhVO7JJHBr1/4AfEzVNCW58GaZrFtpep6prtjrGgRatg+HNc uvJfT9W8La25RjZJfWZh+z3GNkNzaJ5mFcmvyzwo4g4aoSqeH+Ix2Np5Xn9StXo47kpRrYTNqeHh TwGMwGGnVVKFaXNisHVpVK05YmM6EYVaNVUpUfKy2vh4v6jKclTrNtTsrxqqKVOUIt2Un70Gm3zX jZp2a7bwR8aJ7jXj4Y8X/b9d8JfE/UW0jUoNVuzKnhvWNVgj07UH0/z1JOmzNdxSrbMBEsc8bxHd Gc+OfE/4YTQvqOsfD3yvEXgvStQl06TTtOS8PiPwjOXKS6f4p0K5T7Rbzvd28xFwBJHIFB3KoFfU niPwd8PviF41huYL278G/Eu80yDUofAvinH9jzSaNLd6TYJYwWCL5eoW76V5pihd2kif5VUNvWDx LDaeDPEkln/bi6T8UviHZvrnh/U7/TGl0jw1rlsl7YWtjdavZzOt/fS/2hq9rZTSlvsiSx/afM2x Y/dc58P82zzh3G5XxnmuHz/I8rx1SGAzujVowx1KOIjzQwlq1WLhVr46VCX9iY5RqQniko4jB4fD RxC9etgqlehOni6sa1GnNqFaLippS2hZvRyna9GdmnL4oRipHzHB4k0/4a21lb+KfO1f4i3Nq1tN q2lPZnxF8M9Cu4RF9kTUJ1ePU/FjW7tiK4ydOjfy1mjmciPyjXNG08xjUtI8R6hc6JM0zDxBeW1x NKt00kzQWuupZXc0uiahtKKA0ZSbJlR5Ewa+htJ0Xxn8SR4hivNL8Hy6zbXLWniaPWPDWkImo6tD dxI14l9ZxWeoaZeCVV+028hO4Xbz27scxx+UhPDPh7WLmGS11PTNTtnube/tPAaaxKL22KMbiz1P SvHS+S9gtqszMyySBSc4bAavyjPcixOIweV+2jGjwnUcoZbUxlOphsVzwkqdZylCvNY7E1FShLFy rVKFXmhChhp0cFSo0X5FehOUafMlHCy0puScZ3Vk9m1OTt793FvSMXGCUX1eqeLPFHhvW/DPi/wt 4p1az1jxN4L8Nz2FtaaldXOi6ld22nz+ENTil05irXEx1PTY7gM8RRfNbcu4BzV1nx9canoPhy3+ J3w90Lx7cvqfiW2m1GKS58J69psltFpImU61pXlw3OpmNnaR7uGRi1sodmKNXftoHhbxL8NNB1Tw bbaBqM3h/X9WlsdV1YMq+GdM16FJPtGseHDqyJaRnxBZzouGntopplliiCSlU5zWvgZ8WfE2haPp F35c1tYaE2opeapDqdpaXF/d32p6ns0qa3gdL25/s6W1j8gK7BUyGGxQfvcXkfHUaOOWSfWeIMFn GEoY2nh8PGGYZVVxGJlg62KlUoYyFXCTlUrUsTGlVhQrUVClG0vbRkod06OOcZqjzV4VoRmlFKpS cpODleM04ttqVmoyVkvtJ2wrj4ZfCHXtItfEfw68U+Iobq4uW02bw9q154dufEOk66IRcrYWsF5N Yw6xLJEkphlhvD5gRhFG7qQvh2t+F9J0K/8A7O1g+OtLv5SfJi1fwla2Uk53kGWOGTXN1whA/gZj u4ye/Uad8OfHXh3UIrGBfDd+Naa7sbvw9qepW8UWqWdkGuFe403UPIllgZUaS1uLcGWKRCUeORWW vTbfRfF/gGxs5Y/FuiWei69b3L2PgfxjrMWr2V55iqkkPh3xTYCRNHvGjd/s955mmTebABmRlJPw uIyHD8RUFisXwI+Fq+CUY4yph6FT6pCclTSqRw88Rh6adZ1KfPGjivbRqVFToYOpFQiuCVFYhKUs C8M4fG4p8i+HVRcorW6vaXMm7Rg1ZHz7deGtNtBC51LXHgusLazv4QvrOOWfJEltuvL5AZkIGQhc HPBwM17p8Dvgxa/EXVln0a416XS7SK6tdc8R3+l2+l2GhzTxxKv9jFL2c6nrZt5LkQoxVYWdbiUB UCseGfhf4h8e+I10PwNruo28vmQ3Hi/w/wCNbr+2JfDVpdTlJtVtZ3gez8T2LQsoSVAl2ZSYmT/l qe7+M/xm0f4faLB8Hvg1eRWcOlW11o/inxHp8aQzSTtLL/aVhZOqgRXclzJcGeVN3leZ5EDLtYj0 eGODOGOH4YvjrjjL44XhHKZKGHowlOVfNsapJxweAlUxM3FU7SePqVaUKuDj+5l7LEqU6WmFwmHo RljcdTUcLSdlFX5qs+kIXm9tXUcknBaaSu17x/wpL9lr+/pn/hVt/wDHaK/KTf8A9NJP+/kv/wAV RXo/8TAcFf8ASP8Aw5/4Jo//ADGa/wBu4P8A6EWH+5f/ACB+tfijxHovia6sjqMUnhm78RwYm0bx SjHwtfaxbottq2k6gbiAt4W8W29yAIrwIFmimgkk3pIVrjvE3he4t9JvrvVtOvVvLCSwsLLVre5f SPNhlDRQ6P4vNrdiKW5MexdO1OHfbXShY5WjxhNnwX478OfFzw7beBfirc2ra5qU5j0HWFlW2uNR vrFXt4Lya7WELY6ud4jXdvjvEBVkD43ZWmat4m+Gt5rPgzVbOfx54dtI5ILjwhqoSDxLZ6dcCaL7 RojSho9a0mSI5AtjImN26C2kU42zZ5JxRh8PxLjcbHNeHeKqcqazKjh4OvgMxnh3UeHzfJqf1j2c 4yk8ZQq5e6k/ZOrVjQrRniMbW66vscQo4iclVw+IVvaKKvCo435atJc2qfvxdO7tdqLTlN+5/s4T a9rdrq17q97e6hpOlTWljYx61B5l/b6tbxDeiXksQkkW1tn8rDu7I0u4EZFfWlgnmX1mn9+6t1/7 6lUfyNeeeAdC07w54T0fTtKgvLS0e2W/W3v5DLfQtqAF0Le6lLEySQxyRwjczFVt1XJCg16NoeX1 jS1JPN9bD1/5arX+hfg3whi+FeDuDsizLHyzHMoxozxNWU6lRyq16iqOnCVVubp0VNUad7e5BPlj flX3GV4SeHwuFpVJ887Jyd29W7tK+tleyv0XQ+Kf2zfh34hk+Id94v0GW4vNP1yC1stT0uKaXzRf 6VaJt8iD7k6PaxBwg+ffC5QNnA+IvEmvR6xd2/k6Lp3h+LTbOHTVsLCBonJty5km1B3Ae5vnmeQu 7AHkKAAor9lPjB4dtfFkfirSLixs9RlaWS6023v/ADvsp1exAuNMeY28iOIxdIgbawJR2XOCRX46 zeIF1ia50vxRb2UGqQXdxFb6lcQNEbaRJ3R9K1SaE+cLNJAUimLPJbhQHEkedv8Anx9Njw0wfDPi hn2c5fjpYDB+JmMxeMdOpBVKEsbh8Q54il7eUFPCKrVxP1mMIVJ0qtSq1Up0Y0ac5fE8WYCGGzGt WhPkjmEpTs9VzqV5LmavG7lzWTabeqSSZynnDv8A174ppk56+/H+evJrsvEeheF9L8PWFzBquqWH jFLl4dZ8KaraedE9tLmWz1bQtXtYRFc6a8BQguxL5yjHHPnhmzxz/wDq/H3/AEr+Gs3yDFZHi4YP GTo1K06VOr+5rU6qgqkVJU6qhJyoV6bvCth60adejNONSEdL/JVKUqUlGTTbSejT3V7PqpLZxdmn ui+ZfQnNN8388+vc8/4VQM2ep9MA+mTz9aj87Geh7jv+HFeYqPkZmg0nPXH0z69/XpTPO7ZPOfTk c9M1Q873/QUxpRnrn6+nt6d6tUull+YH7F/BDWRrXwn8DXpcySJokOnzMWyfO0uSXTnBPri2X869 ULkjgY/Gvlz9krVftvwmW0yC2k+I9YtCOuEn+zX6Ac9N109fTZckEcc/X/Gv98vB3M1n3hV4d5tP 362JybL/AGju3erTw1OlVfr7SEr+Z+y5VVjWy3AVWm5SpQv6qKT/ABPMvjdfx6d8JvHdzOSUfQbi zADlCXvpIrNAGwcHfMOMc9K/JCAXup3Vvp9hBNcz3Mois7KFd7mSTA2xxpgKThSzYwAm5iACR+mv 7Tj3k/wuudGsI99zrmtaVaF3lSC2tbW0kk1O7vL65lIS2so4rPMjuQoyBnJAP5rXmt2OiWs2j+Gp /PluI2t9Y8SbHin1CNv9bp+kI4D6fopb7zHE911l2RYir+AfpsypZh4m5JSxlf6tlGS5PQjPlt7W vXrYrFVpYehFr3peydGc6kr0sPGcZzvUnSpVfieLJqpmFJTfJSpUle27k5SfLH5Wb6Rvd6tJ7c+o WnhSCew0i7hvPEU6Nb6rrdqd9vpkbhkn0vw/OvDylcpc3qkbwTFbHy98knM2d4jCK0u4jNbudtu5 BM1ozOSz22W2vGZGy8bAq3ONrHdXNCb3A9t2MYzx+dWIbqRSojkmMyOjWggblZ96jIUgndjgbcHd jOa/iuvmFXFV6PLSWEwOGThSw8VzU4wbi5pqTftKlSylUqzvOpUUXeKhTUPlXUba05YR2j06Xv3b tq+rtskren6b4Z1u/u4PJ1bTIIoAs0er3t5D9gt9NRJJHunRVklto4hG7NG8QZMjdtYqG9CtfGKW 3w78X23hm3uRbQxaf4ZOu6hOZtR1O41i4uLzVLmwtSBFoNo2n2V4rRpvmddSVXlONteYW8F0mkwQ yX91ZLe+Y+sfZYYLp9Ru7y/RLHSm2MDdX4htLmTypDthZSXdAWx9aTfsq/E/xV4S8Mz/AA1tdBn8 F3Wmrq9wl9rmmrqGta7dmWK6v5GhXyWVbWO2jt1xEI1Rhsy7lv6D8N+BeNc+o59/xDrhXMM4zOll tX61SwcHjcc45hSeGpfV6cFKeFo4WUvaYjEKMa8p0oYdTnG6qe3gcJjK6rLA4apVqKm+aMffnaou VWS1io3vKXxXSjdnxFY300F3FJbxCR3H2ZrbaxS7jlURSW0katl1kU4IBHJyMEA19xeG7Xwj4Z8B +H7KO6j1GXQpNS+KfimwRY4pItH1DTtY0awuLW4upW869s76C2tlETNvkkDtmNg1emaf/wAE9hf6 RHey/EXU9J1++tV+3Wd54dtWjsbqVg9zbxva6jh4wQIw8bFSmSuAcBvib9l/4o+EJb27tYNM8b+G I9D0XwbJYaHGkevN4HXyLXW4ktLyLdJqioiXMRikY74So7Bv3Lw7+i948+FlDNOIOIPC2tjsPmGH hGhWpTwuYTwcG/rk6s8LgsTWxEF7TCYaOLhPD1HKnKWHUP3lSS9fBcPZ1l0alatlzkppWacZuKvz NuMJSkvgjzJxenu21Z8HXGivq2gTzaJPNqumeGZJ7yG/NjNHMNG1B4ZLu2voow5truzu90jx5KyJ dzTQsyIxrg7DVbvRNUstV0m/MGoabdw3thdwM8c0Fxbzb4pFJUFTuQEg9VODnJFdDqtprXwt8d6t orXd5puoaDqr26TNFLbyXVvFcLJaXTRSp/q3tGSQhlZWV2jZSrMpxfEOHt7TVLS4RtM1ZZbuKzSP edKvY5Vh1DTpJzGNipI0JjJJLQzwk5bk/wAX5xgXSrV60cJVyTibhqo6OMoKbvQnhKyo0alCbqqp Sjh2qeGcJe0qwdOhNVKjnUnH5OqrNtRdLEUHaaT+Fxdk1rdKOkbatWi7u7a+pPG/hvSfibY6d4q+ Hkfh6x1bUdFk8R+MfCV7dSWN9rFwszvqup6LeXcn2a6WC5huRJ9n8mSNmJkJDba8i8Iyz+EL/wAQ jf5Ftf8Ahu8nutH1Zgt4lvZXFpdo0tg8ax6sfsiX/kPH5tvcRzHeqozV5po+u6uttbWmn301tf8A h+8m13QJoJSl5BO6wLqFpZuDk+YkEU3lDIdrVxtJkOfc7TxJ4S8U2nhjUZZxpcuqS33h3xNo2qPG vhaLVri1uYRc6Df+RJN4Qv7mzvvPiKg6eGjlgKRiIZ/YsFm2SccZzQ4owlGlwzxbCFGpWkpQo4TF TqRpYTFVcNSUYrDVlWrVKmMoRqTjXpVfrVDDKtOrBenGrRxdZYiKWHxNk3qlCTaUJOK0UXzNuUU2 nF80Y3bOfk0a2i1jQ9U+Ger29rZ+IdU01rfTdftrSWO31dLphp4hkuopIJoxJLJLBazuJUe1eMtc NEHP6WJqFj4T0a0j8S+J7czQRQxz6x4gv7CwmvriNQ085DNEgBfJCIu1FKqOma/KSy+2+ENe0+HT 7LVLbXdNvYp77wf4lt4kGsR6deQahZLpd7bAJqV2s4neBlWOT7pgMm4o3QeLtd1Hxt4cvtT8aXs/ iGGHUpdT0bxLbskV94ft9UnksLjRdT0jys+Vbaktpm1Yq4hnaSzlaNWFfqHhN4oYXw0wPGeIw3Dc nxHjownHBrEVqOUYX6tTlUxcnT/eSwrqTqNyisPD6tW5aFZ4SlUhUq9+WZlHL4YuUcPfESSahzNU o8qvN21cW76+77rtGXImnL718U/Hz4X+GNOXU5PEI1q3lle3jPhuB9XxcRkB4J7mHEEEg6hZJFZl +ZQy818E/Gj45eIPibcpYQ2kGl+D7aZ5NMtOJmvZwrxi/vL50XbeGCSRVhVV8oSFcFiWrzHSRqnh yddO1SQW/hrxUsVt/aihbrRZQsjLp+swSsjRuLa7bMisokETzwuiliBzWpPrPhm9vNPuIYbSeKRr WcW8iXWnXckLypLLGySvBcoUYr8oI2nI2MK+U8UPHzxB8Qsk/s3HpcMZDXkqeNwmDozjN1ElUpwr 16lWdSth8RDlq0o/7PTm4zVq6o88uXMc8x2Oo+zqf7PRdlOME730a5pN3cZLVL3Vo/isYk08RLtE jICz7UZvMVFz8o3MoLMBkZI5x0Fbfhov5mtujQxyx6HdQR3UrMsFkdQurLTXvGuI1YQKkF5NlyDh S235ttc5qd+l7M939nitnlYtNFABHbeYCAXghA/cIR/DkgHkYBwJ9Fee5kvrO0kZrq8064trOzG4 i+nuJIUa1jCuALgwiRowQS7wqigsVFfztlUI0s1oumvrFpT9m4x5XKThJQcYuzU+ZxcYq757Rhd2 Z4MNKqt729ul9NPn2XfRH2l4Z1/w8+l+DNV0DWNL8W/GDR5r7w7peseI0urKw1yy0m5huptJ8OXl 9cbLbxJ9j1aBbK5uVje6hjZEMcrAH2Px98PvGHji48QaE9nceEp4LfUNf8B+I9BvJrTSNTl1CO1h 1bQ/Glk1yY7bXftTRSRSrtG6CR1ychvzv8PW7654U8R+Foyses6Lejxrp9vteO+uodJspbTxBp9t MoI+2rYmK5SPAJGmSYJOAPrP4MfGHWviF4dXwr4i1G11LxJ4XttUews9at45LfxXpcWlXMtjaSXc ixrBrEFxHEN077JoLTzGw8ZkP9ueF/G+Q8TYWjwjxPgamCp8SYag8LTwdSNPD4zEYOEsHi6GKnWV bFxzOUVRxUcTDEPE1nhsDaDq2jjfrctxtDERWFxEHD28Y8qg7RlKC5JKTd5Ko1aXMpOT5YaX+M1P wl4n1TTNJNy3i7UfGWgCz0PxvpEN3fX+m63BpMbWlrruk3FlEYku3mtEEpLNLjT/AJ2ikuWjbzfU rjWPDt7Fd62NatPFlhpGmz32m6lqz3mgW+qSQLBLqOvT6Tqc9yIbi3LSSQLbrEGlUPKFcJX0lqOp SeKbSTVfDXiXWtF8b+GlMPibwZrd5Bpt7rtkz3FnDfWnkNDDHczrcWL217vS3lxA04Dsc+batdfF PwF4b8aX8/iVvGOraf8A2DdbvEOpWemXXhwyO0qbbC3uZLmEeTJaCRJLhLa6aIqkUiMoH2Wf8MZf QSzDCTzCeGpUZ13mFKnQxtBrDYerOFWvQjXp4r+0eahUp16cWo08TDFVa1Cn7enVOnEYemv3kHUc Yx5udKM1aMW05Lm5vae61JdJczkldMg+CeleN9R1fWo7rT4bvwfeaTeW2q6u8i/2fpupq9pqemaT ZXtltt5447W3kiF7aCWVbmYPMY5uDh+K0mTxKut+K9Sv9QS81OCLRfDNlrGq+I9EhXTooLPTZblL O5hm0HVd8UKvOkjiQznz7dVkG7y/TvH/AI2v73T/ABJonjCfRdXl1O1i1jStO8c6FceHrmxvLmKe dovD2p3ka2e6RLlRDGm1OA0gzmsX4n6xqFsbK+0LxBqciLdW9/NpusWmnOkV6lzcPJcWy3Clol+2 QONkvneckSMkzJHx8Ri+L8mw3BFKhh8Nj8yWTV3iFUxLounXhUknSdOjJ0alSFBOv7ahOUlGtXlJ uvTqKEOGWLpRwaSjOoqMua8uW0r2tZe62opyunf3m3qmkdV498Q3ngXUk1Dw3pEPhnPkXek3EtpB qK+H31F5fNvtNtBGlvo8s09sSwczy/uln8yOR2Q8nok3iz9oWSz8HPeSXXjO1u5Z4rwWSWnhweGC qG8+1Jp0Kw6bNDdt5od4P3rMEjdZWIfkPBl98QPHXiXT/D3hVf7Z1vxBLKbvz49lrbRs0p1CTVY1 BibREjk8x/tKypgDYobah+wNZisfgnoc3w88GXXh7w34n8SwGTxt8T9Xu7Tw5Y2kzQuDb6DZyF5t odnW0ghiaODmZyJGBHz+QYavxvLNeIMbjsZl/hjQm6eNwijyQxdeoozoYPAqlOnhXjG1TcsVKnTo 5fQUamIqypqFGWFGMsa61ec508ui7ThbSTdnGELNQ59ryslTjrJ2tE4f4hfEvw/8BfDdv8GfhfO+ rapGhHjvxWbqaG7a4mH+lafp13aybrC8AZwgiYLZK2ArTvIR8/NoGvfFg6fc6E2kXTWUN0viHW9S jttGn0m3soEmOreNNe+zpA0DQMEW4d5JZ57dyBvk8scvcHwB4cmmd7m7+JOs+a7tIftmi+ExMxLN LPLI/wDaGunzMsSPsaPnlnBrE1rx14l161GnXF8tjoibUh8OaPEukeH4UR1kRV0mxCxzuHVG8yYS yllDM5PNfn/FfG8M5xVSjxDUhDIMHThh8BkOV1ozo4HDUJRdKi8cufDqUlG9bERjjq1Sc6spRoyk mvPxONVaTjXaVCCUYUKTXLTjG1o8693prL95Jtu/Kzs/+FbeFv8Aosvw9/79+Jf/AJS0V49kf7H5 H/Civz/+3sg/6IjB/wDhVmf/AM2nD7aj/wBAcP8AwKr5f9PPL8T6Emu4p7xWgSW3tkkVLWCN/Oni iVsxjzAq+bcljuZgF3OxIVeAPrzwd4ks/iXe+EPAfxNuLuLxHpOsWM/g7xRbl/tF2bcRTS+Gtbub UgPf/ZljImUjErAOdwZn+XfGOkzeD9Zhn02Dy9JvoGutA1iG7GqWGpWVyhVZ7G+VNi3UQd45FDNJ DNET8p2mu0/ZwY3fxp8BxO7OsOoX1yodmKq8WlX0u5VPAYyIv1wM10+GOIzThzxEy3hHGUViaXFO a5fl2Y4OtB/UcTh6uMoRjKdG1NzlB1Pb4KtTVJ0JRhUoynCo0u/L51KGOp4WS5liakKdSLXuSi5x tdaXtfmg1bl0a0Z+wpZugJAzkAdB/kVr+H2P9uaSSSf9Pts5Of8Alqo71jc9v54/pUllqthp2ueH 4bu7gtp9R1aC00+GWVUlvbpFe6eC2TOZZBbQTO2PurGSeK/3EwVSlhsbga1eUaVOFeiryairyqwU Vd6XlJxjFbuTUVdtI/XoOCnTbaWq773Vt++xveK2YeI9XGSMXshABP8AskH3Nfjr+0l4dj8LfFvx FHBGIrTXPs/iK1UAhB/acZa8CgdP+JjHdn23V+x3jJAnibVV6Fplk/77jRsj8/1r4D/as+F2qeMd S8P6/oF5pR1Wz0m4099Eu763stQ1WGO8NxG+m+fIouZka4dfL7mVQDkgH+Z/pr8BY3jLgHOpZXl8 sxzjhvOFi6MKaUq0oSq1cNXhTjfmm3CtGfs4pym6UVGMpJI+f4twcsVg6vsqbqVsPV5klu024y/B 3stXZaXPhKPWxdWS6drDz3MNtA6aVdDM11pjKGeO1i81xu015MhosgIX8yLB3K+H5+AOe3vxnrnB q1qHhrxRpMbTan4d1yxhVnVprnTb1IUZGZXV5vJ2oQyOMEg/Ke3Nc/8AaM87s8nOCevfp0r/AB0z HC5lTnRo5phalDEUYqKdanKFVwVlBS50pSjBLlg3dxjaF3CMYx/LZ86aVRNSS6qzt0vfXTpfZabW NYzD2/U/57U0ze5HfHHvge/esoz+h/8AQs0eeCBnr+NecsPbpcg0TNjr3znk9/8AI/Kmmbqcg5z0 6/h6VoaN4Z8ReIg8mjaTc3cEW7zbw+XaafGQDkS6heyRwIwA+6ZM57Vat/C9xcXUViusaJJfTv5c dhp9zc61elwcECHR7KdTg9TvwAMk4Ga9nD8N5ziaWHr08tqqhinalUnF06dV3S5adSpywm7tK0JN 6q+6NI0aslGSg+WWz2T9G7J/I++f2Kb4zeEvGtiSSbbxFYXIBxgC60zyzjnPW1/SvtSviz9kPRbb w8nj3Tx4i0zWrzzNAnv7XS0uni0qTytTRbe5u5YxHNeHDB0iLiPZhm3EqPtDzE/vD/P1r/aL6NOH xWH8EeBMLjoqGKwdLF0pxjOnUUXTzDFxUXKlKcOaMUoyjzc0JJwmoyjKK/V+HpTjk+DjOPvQUk9U 9qkrK6bV7aNX0ej1TR8H/treKJ4YfBnhG2unjiuV1LXdSt45GRZ1ieGy09bhVI3oJBeMobI3LuAy AR+f/nZ789evtxXvP7U/ikeIPjH4ghikD2/h23sfDsO1soHtIDcXuP8Aa+23dwp94/avm8ze5655 wK/y7+kTxA+K/GbjvMI1XWw2DxjwNH3m4qngIQwj5OijOpRqVdNG6jet7v8AOs9xP1rNsbUveMZc i9IJQ08m03879TX8/nr19wf0rpNIeOxCalNc2kF2ZfJ02OdpWaCTpJqjQ26lysJwIhxukOeVQg8L 5/Xk8AnoP6Vt6JbW93r2laZqdw9jbXmo2Vpd3XlNO1rBNPGJJI4o8mRgr52rk/NgDPFfkuVUZrG4 d0qUalec4QpucuSnGrOSjCU5NpR5W7puUVFpTbtFp+bTvzxsrybSWtkm3pr+Turb9D60+D/wJ8bf GrxJb6Z4bcWHhbwzpEcWoeL76Hbawanqtm9xOUMMSNqGpLPeSCOEFjEtuA8gGWP6zfA/9nvSfgdp zWGieMfF2sLcMsl9aaldwf2NNcbAjy22lCFhZkgDBSTd8oJJ5z8++HP2vv2ZPg1pVt8NdAj8VfYv Co/s+8urXw6FW51CN1ivr24M92klxdPcBmclc/wj5VFfWHwx+Nvwy+MFk134C8UWerSxKGudLl3W WsWo7tNptziQxjoXQOgPG6v90Por+GX0b+DMfgY5bx7k/G/jXTVSVeeHzVSnhJuMadXA5Xho1oKr h8NTpxw863JWq1lSlUm6dOSpQ/YeHcvyHCVKfssbSxmb2bbjUu46JOFOKeqiko3tJu13ZOy9WzjG fUf/AKqU8EfRe+OwzzSUrdeueAPy4/pX+gx9xd2bTvqeNfF34CfDf40aY9t4u0WEaokTRWHiWwRL bXLB9uI2S6Uf6VAMLmKXchGQNp5r8evjL+zl44+C9xqeg6laJrngzxDdJdeFvF1okht7XWrQSmys NQ3P/wAS27ubV57Z0f5ZXlhdXYRDH72dgOxAJHHHYn/Pv0rJ1vRNJ8RaXe6Jrun2mq6TqMLQXthe RLNbzxt/eU/dcMAyMpDIwDIQwBH8seP30TvD3xtoYjOKeDpcL+IKpzjTzbD0oReKjOm4Sw+Z04r/ AGqjUhJwVdr63h3y1KNRqn7Kfzud8NYHN4yqqCw+OtZVYr4r6ONRL4k11+KO6eln/LSbl433oWhk STKlWZHikVjgIc7kZT75GPau38Oa3Y6ilz4e1d7eyg117aO51GSMeUbm2leSx1FsOv2PU4TLOomU hJ4riSGdSzLKv2d+0r+yvYeB/HE+sad8S/BHhfwv4pE8+m6d40vr231CxZ5FN5ZRyWthN9osUnYm KR8MRIUO4hs/MEnwP0XqPjz8F2JYcDXNaXjuSToY49q/xFzzwM8TvDXi/N+H8wyrDV8Tk9epQr06 mPy6lTxNCUeVVIRnjY1VSxeHneMuWE/Y1OWUUpSgfj9fJ8wwGKqUJ0oylRbUk500pR7q807Ti9Ho 7PzaOk1XS/GOi6deQ6jp9xqNvZm01fX/AA9czpJI2liP7LN4v8I3DALbadMz2tzFLa7JrO5JEoaL g7mi+IItHntJPGGp3c/hnX9FXTLrxFaeU97qokM+oaY/ibRbm3ZIdYtBeW2WYSS7beSR1vIJEdOh 8DfDtm0mPQoviv8AB7X9b0aa41DwVdr4rnmniLiFL7wvKt7bwNBoVxErybUZ0WdiDC6yurdbN8Df iFf6dqupeFZ/AOtS6zDpmsQaBZeKPD832uVyLK8sG23UUHiPQmtRdiBriKKUeV8rNIS5/Z8l4B4w lDC5zkGS4/HTVLnWGjOnmjh7KM5VqFWOElD6wqjaoOhRcJyjiI18NLD0sVi8KvUpYLFNQq0aM5tK /KmqtrXck+W3NfaytfmUo8qnKJ806gNS8MeJVMdlqmj6PdQlbaaC4h17SLqyaJDbLeQyvJpmo6fO 9w0yokkOVuWACOQDm/ZtK17QJtb0SGL+2bSGb/hKPD+pTz2OnasovlsrbU9Gsb+KXfMy3FrFIsNy s1vOEZRtckew6v8ABn4o3WlyaTa/DXxB4etryKJmsND1v+3fDUd9aNEGVY7CW5kjtXm82URTvJGv mA20sJDxy+Q+MdI8RaDrGmWfifwh4v8AB88FvHa60ms6JfzLNHNaf2XcbdStoo11C2lt0WVS0Alj acqsjjp8DnfCed5CsZPM8gxmGyfENqH1vBYnDRoVsRKN5YeriMHhaVB0VCM7VMLRlisPVq0nTUac nDhrYerRUnUoSVJ7c0JRUXK1+VyhFRta+sIuUW1aybPMdX0mwuMz+HLO9jijt0fVbTU72FrrR7kT NDcFpCkaz6WJFCpKQrL5ypKA+C/GTK1nK8M/mRTwsDvikSRMcNG0UsJOMnDK6MeBx1zXRTeKdV0+ W60t7xbW3t57mxurSILNFIjGe2nk2zw7pAVIxtZdrJ5gjDHIwVvrUTXAv4FuTDJCYtRtpC0UcSzA LHLaPlLqzKycqAsikABuor8VxuGy6vWhUw0vq2Jbaqp04U6MZRTdqcKblKHM01d8kIyUtKdNqMPF mqTfuvlez0SV12Sva/yV10W3pHhzxNdWnxA8GX15M1gbu60+01O5gumksru01s/Ybq/VgT9nL6ff TGRQcxzq77RllHS2V7f+BtQ8Q6RqWj2et6vo03izRrXVru2tL62F4unajHMLuaGLfM50yHyliMpj C3Uz/eXI8X8L20t34u0bTYIbW+87W7EKN5FmYBcCZ33eYAkYt/MY7jlQrKSCGr1STx9ba78VRO12 llFZ+MNW+wids2GuJe3VzpenC+ihi8uC5itrhAZX3RSxl92HOX/TeE8ffAUa2JzCeBxrzaNPDyko zi/bU6MMY5KcY0nVpKjha0JrlnzpqMlVqQUu/DVfcTlUcJuqlHqteVT30vHlhK+/ndo+hvhx8UV1 Txl4cthLFdzyaDb+GtN+y2q2t5De6DpOnGXQhffZGLWk5ikBt5A1tJGsNzG8M4lRtiaDwD8StNOo 6fr0/hbx7I1rp2o3cFnqHhnU9Au1vZpLCDXrW0vH/s+wluLXMk8Ylso7mJQY4zKqH5gg8XweHdQ8 UyWNkdM1rw7q0OpvBbCGyii1Oynt7Vr+0sREBK8Krf2t1AVaCSOUTpsJIr6Wi1XwJ4kup/EWmJq1 jNqHiKSF7XSY4dQ+16DrNk32XUdA/tC5WaSze4mkkeG2CmzvBLbz20q/Mf6H4S4mlnuXV8mzXG4L OJUa9adXD4lVqcpU637n2uFqurFwxOFqYSr7STcnChiFCjZ03Uj7uFxLrU3RqzhVak24y5ldSsrx d1aUXB3eukly7XPEfEXgW303Wdninxf4LmnmmsdQsrzWdLkuLDVzPPdwulx4t8OWOy0lZ0Lh5/I8 0lWkihcc89pPw81PXvGEnw1tNIn1XUJrgXcN3aLdPbLpeoRRTyX9pLcytb6XocaMo+2GSWQyoVAY SGOvWfEHwZvfGVzBd/CrWI9Vt9QtdOeZ9VnW1ttOtW1Gey8Q2uraadPSKGGPULaa5mgfaIWWWKGI bo0P0hdeMvhh8NvhxqGl+Arzw/aa75F1okb6dIFMuvR2a3V28cUssktrZMxubi3hcJG/lN5SMR83 Bl3hjl+a4/NMZxFTo8McNZW/rKxUsS8ZVzfDv2jqYXBVa05UsRUny0mq9NQWHU6F6FadeZFLLadS pVniEsNhqfvczlzyqxd7xhKTtJvT3lblvH3W5M+fPFOueG/2Z/CWoeA/hrNba98SdTs1k8Z+NFe3 M+l25dFSKC2Zi0MCPMBFbrnBIuJ8kgV8JXl7eald3F/qN1c319dSPNc3l3K9xc3EshLPJLNIxZ2L Zzk/0o1hr86pftqsk8upPdTS3k11J5txLPIxd5ZZc/vCwbO4cENkcYrPBx9f5da/mjj3jTEcWYrD YLC4FcP8NZFGVDL8qpSfsMHSUndtNKVTE1HeeKxFVzrVqrlKUrcsY/O47GSxUoQjT9hhqGlOkvhg r+msnvKTu3K7v0JwxPc9Mde3oOelFQ7uMe47DH+c4/Knbh23fkOPw/D9K/PnB/18jhJKKZvHof0/ xoqeWXYD6K8P/EfU9C8N6r4TkstN1nRNVuorw2mrQNcLZXA2pdy2BGDayz26qrPGyujxrKjBwc+w fs/XXg2X4veBbnRk8V2Oq/b7gPpk8Wn6ppYElheR3BGpRSQzQWSQuzb5IXYbQrE/er5s8R6n4XuJ rJPC+l3unWttZRxXlxf3z3dzqV+T5lxdeUQFsrcOzJFGu4+XGpcly1dX8NvEt54UbxF4ssGVLrRb TQtsu3dKkd14o0g3McL9YjLaW88THvHKy9GNfbcF59icq404U/tXF0c9yvhCvRxFOpGm6ro0Mvm8 xnDCVZwoV04uFSMVJujzWtGpSjC/o4Su6WLw3tJqrSwslJO1+WMH7RqL92WlnbXl8mkj9zxM+ex7 Yxxn169a8n0Q2Xjbx/pfjaKWG+0rweNUsfDksdzErw6nLcSaXq18sVtcSLqGm3MELCCVhHJC9lIm PmIrkfjl8WdL8I/CaTX7LVksb7xrp0Vj4Vu4oZLtw+sWQuXvoooWDYh06R2D9EkePPWue/ZI8Inw 58KbXV5Lh7q48XX0+txu8c8Rh09SbWxgRLjlVJiuJiR8rNdbgTnJ/wBZMz4tw2eeJ/Dfh9gcLTzX CYHB/wBvY+sq1Nxw0qFbDyym9K0nUc67jXipKHK3hsTTlzU01+mTxUa2Y4fAwiqsIQ9tUd17vLKL p6a3u7S8vdkndH278QMp4gadcYvLKzuAcdd0IU89+Vr8t/2xPHb2Pjfwv4fSKz1C0sfD732qaXeR 74Wl1G+k+zSRzRMs1hfLBabo54JI5E8wclcg/pf8T/EOj6D4U0bxrr99DpukWWhsNSv7htkUX2Jx Eqk9WkaR1RFGSzOABk1+Bfxa8Xa14v8AiD4k8R65A1pc6pe+daWpdZYoNIRBDpMdrOjFLi2FjHDt lQlJCWdTzX539O7jaGQ8NVOHcvrtZrxfjcNimo2fs8EksY51VZxUa9ZU6UIVFy14xxMUpKnUS4eN MYqFB0IStUxU4y06Qsp6+UnZJPSSUt7M9x0z4oax4mijitPE/iOO+ht4obZLS7WLxbpUdumFjjhj Mdr8QtIwMvHKi6kq5ZRJhi3M6z4kurpLOHxt4N0HxpYXc7W1h4u8JW3/AAj/AIgnuHKhoHutLtVj fVUwN1pf2RmDfKRjDV83LeMrK6uUdGV0dSUdHQ5V0YMCrA8gjkYzX6HfskXuma7PqGqX895rni2C BUvr5dD2Wel2Cu8dhDrWtTybdX1iZot8DxxG5iij2vOV3Afwx4c4rOvFjiDL+Dsdncsvx2OvzVq/ s8ZhasIWlL2mX4uUqeJrJK8IRjKrFXnCthsJhvZL43ATrZnXp4Odf2c5/alacWlq7056SemitddH GEbHmEP7LnjjxFY2et+EYbq10+/dwmmePI4/DevWChVYNKkZljvrY7vlkjEbt3hXnHX6T+yH4402 GW81C88G6hqqlVsdLur7UzpEOVJa71F4bANeurYEduu2NjlpXZR5bfohP1VdxLKoBz9wtyWAbP3s kZz61zPinxjoHgnRrvXvFeo2um6VZRGR5LqULPO4UsltYxZ33V05G1I0DEkjgDJr+yIfRQ8Gckp1 s2zVYmCwdLnrVquLjRwdJxh+8xCpTjKNKKd6ijUqVKdPaMVFRS+s/wBWcpop1arlaC95ufLBaayt 076tpH5QeMdKl0PWb7SfiR4rN9f6LcyWY8MeFyt0IRHnYkcjwxWOg2zIUZVWOWYKw3QBq4e+8Yzi 2l0zQLODwzpEyGO4t9Okkk1DUIzjI1bWpT598pPWJTFbjPEIrv8AxtYWfxf8Ua/4z+H2spqeqa3e y3914F1dYNI8V2o2qgj0hTcG28R26xRpgW8ouecNATyfBbyO7sLmayv7W5sby2cxXFreQSW11byL nMcsE6ho2HPBA6V/njxnRzDKc0zKpk9KUOHsbXxEMJmUKjxVTG4ZTap+0zFTqP2kqDh9YwtKdBQb 5K+HjNWPg8VzUqtV0v4E5SUKl+ZzitFepd6uNuaKattKKZ+i/wCwzua1+I0mPkM/h2MHtuCaoxHH sQfxr7o1rVrXQNH1XXL5xHZ6Pp17qdy56CGxtpLl/wASI8D3NfFf7C9qV8GeN9RK/wDH34nsrVTn gpZaWsjY45w15XfftgeNR4V+EV5pUMwjv/Gd/b6DCobDmwjIvtWcDPKfZ4I4m/6+wK/0p8Hs7h4f /RXyjibE2j/Y2WZljIRlop1Z43GVMNT161as6VOPdzR+gZVXjguG6WIl/wAuqdSWvVuc3FfNtL5n 5Ya1rlzrusatrd25e71fUb7U7hiQSZb25kuH5PQAyED6VjGbBPcfh+eazjP/AJ+nXvUDzEE89c+n AFf5MVfbYqvXxNebq18RKU5yfxSnJuUpN9W222+7Z+ZNuUnKTvJ3bfds2kuDGUlRhvR1ZQVDYK/M GIIwRuA4Oc/Trci1S7S7N2sri7d5ZVnVtkkck5YyTxYwI5iWJUjoeQOlcz5/+HA/lk+lOF03zHqW GCSAx6g5BJ4Pv71VONSm4uMpQ5WpKzfxLaX+JdH01sNNrZtHbavqVjP5jwee93eG2NxLIwMcKWsK wvEOD9qkkljWUy5BG4oVLAsYfD/irXvCmrWmu+GtX1DQ9YsJBNaahptzLa3MLoQflkicZXIGVOVI 4YEVyktyjRWwU/OkbpINpGD5sjLyWwcow6elQCYngAknpwM/hg12TxOMhj6WYYarLB4yhKFSnUoO VOdOomqiqQnBqUaim3LmTUoy+G1klTnNTVSMuWas01o097prZ3/E/Yb4H/8ABQueHSrSw+Nlkt8s bGBvFug2+y8ghiiJSXXNMO2OeaQiMIbYh33FihNfpH4G+Kvw7+JVil/4H8YaH4ghYEtBZ3sa38BA Tetzp0xWeB1LIDuQDLDBORn+W1dVUaJcaezlW+3W08EaoPmQwzi7kkkBG750s9oYNjadu3nPcfDb WrrTdZt1068u4b+6tr+SL7PM8YjItp4r+OZYcSSJJpRkZAjhlntImXtX+hngz9PbxP4WnkvDXGeG o+IuUOFKmsRiasqGa05c/s+R4uKqxxL0Tj9ZoVK9RyTlWhHb7rKON8xwzpYfGRWPpNJc0m41U72+ JJ83/b0W33sf1NbW9CPwNcD8Qvid4L+GOjT6z4w1uz09IoZJLXTzNE2q6nIiki306w3+ZcSMwAyB tUsNzAV+AKfGr4w+DfEV74auvih42m07TNT0wLfWmvaolrqFle39reQyWdncyOz21xpbh4F3qwiG GIy9eVfFXxjqviXxhc67dahfTarazXVhqMd3eXGox2lzYXVzp8SwPfD545bKKF2Ug5Z3BA28f0Bx f+0Uy/CcOZhPhvw8r4bijD1fq0qWYYylKjh5qVSFWoo4em3inRnDSkqlBVVzSVTkp1EvdxXHtOGH m6GBaxMXytTmrJ7N2ivfs1tdX1d7JnvvxX/aEu/i94z8S33jiK5tdJttVS20XwzKkUcOk6BGs8Cr JP5O+/Vp0s5LqKRG4kkuLcxyIK+W9W06wZxLobTs4gnuNQ0mfa82mGKVg/2O7Riuq2PlGNldP3gV sOvyljY1HWbO90C5kuE+0XmoT2PlyCaeW50oWNs6SfaJBCovYbq5kmWMSSM9uiADduyeJttTuba7 trmKYw3NtdR3MU+4I0U6sp8wDGF4RQcgg45GMiv8t+OOLMz4xzavmfFGOXEGY5rUqYmrjZJ/W+av WlOzndR92moKlRX+z06MvYqnSqU4qh+bY3F1MXUlUxM/b1arcnN/F70r+S0VrL4UtEote7q6Vqx0 u9tb+OSeOezvLe4h+zOsM26B/NU+aVO1fMWM9DnB5HFfVGj+NLXx5oGoatBZWui+MvDM+m3M+k21 +1jp2paXaQXCb/DlnsaNr5ZoJp5rKXctxI26ArgrXxrdXW+ZphIWeUtLLkbNsruxkUDoRk5yMD58 ADFbPhvxNeeH7pru0TzJornTLuMmWSJEOnXv20oxRgMSKHQ5PPmFRndiubgfiivw3i6uDqz9pkmO U/bQ5IykpqlNUcRSfLOUK9KTUoOL5XrCopRbtGCxUsPOUG70Z3urdUnyyXVNbr7metah458UQ3Gv eHLi7vtDlltzqeh3Fqb3SL2ym05ri/srdTDdAyWstlJexruaTY0yhXcIK9S+G37W/jzShbeF9e8T +INQ8PTWVopm1HVDqF1pVzpkbyyvZTX1rN/od1DAguIXV13tmJo8sa+ePGN7qesanL42tIZbvSLk JuSFlkk8NOJfOm02eKF99vbK73P2eRwsbRzMq4MZVfN2mgghvHhumS4+0wpapF8xms545pJ3klIz G0e22XAwWMzA/dxX1uF4+404Oz943h/iPF4SnRlUUZe1nTji8C5TqU4ThzRhVpzjKqov4kpU4xca lKmqfRHH4zCV+ehiJRSur3aUoatJ62aevnqlo0kvrrxJ+0qLi6uLLxR8LfhX48jLhpb7V/DR0vWl V8F1e80qK1LhkdXSVWcMsoYMcjHL3fi/9l/xDN/p3w38deCnEMMkmo+C/EkOoWtvLIqmYLoHiQSm WBJOMpdruHQAGvC7rXX8SaTYaFcNZG/0KK/n0/VJspfatFcst3Lpd1dMP3zxlJTbK3cmJTnYD580 5ODk5I56+uMe3FaZr4m8S4vEOrmP9n8V4PE8klLMcqwOJrQajerR+tVKMsZF05z5JVI4pTnGMakJ QjJIVXMsRKTlU9nioStZ1KUJNaXceZx59H15ruyadmj7S8GfDP4S614p07WPAPxj8O37W97b3aeF /Hmm6n4D1SMGdI0tYNRL3VhK7PMsYaScDLhgCRtPnXxG+BHxd8Ja/qXiK98C6lc+HpdZuNTttd8N yL4l0M2U9697byjVdGeZVT7OyEM+xiMNjNfPtrdOsM8EaxLLK8c4nY/vUS1iuS8SOTgK/mAkEElo k2kEc+1+GvE/xI0+z0LXfhn4l8X2Ouuw0m60/wAPXN7LPdXv2hhBFHZWHElt5EseUmjZFDxgMQ+B 34TOOC+JMr/szGcF1skxeGqvFqpkeJlKLnJwpTf1HM/rdXESS9nJUaWY4aDV1DlSsrhWweJpeynh HRnF896Mm1dtJ+5U5nJpWdlUiu2xHrEGr+JtR8WeMJENpqM0Da/c22oeWLi+s5zbxX0jL5QjurT+ 0oJIljURspYK27ccev8AwV8L+LPHltb2OkQ6RN4e8PX9jeTatqbXcGn+EbVb2bV7iLasEZvfEFtd RMFXzGWWG5InQJEjL7jda/YaR4Yj1P8Aax0PwL4lu7nR47Wx0/RbBPDvxHk+0nzr611zX/D7xwbR cF1MBhubhmQuTDnIwNU+JngT4l22i6N8GPiVpvwah0eVTZfDnx3oy6Ro2pugKpZnxXprzWtzbTK7 rMl3HA03mHz5m4x+w5bwLkGR51TzfM+K/reOxtKVWpkdWpQy7P8AGzr1ueSxFHF1/qOFUpOM3QpY 7FYzEKEPY0KdSUZw9angqFGsqtTFc05rmdFuNOvNykn70Zv2ce/KpynKytFOzOp8UftH+BvDN4fB fg+Sxuf7dW603U/HjiKWCPUJ2uUe48hGZ5LFb2U7SWMcPnfIWCMw/PnVidLudU0PVJ7m31N9Zzq0 Kw297YwvAiyW2qW90ZPMluDLNJuT51MMx+Zsitn4jfCn4i/D0eZ4n8H3Wm6Vc3Ml5put6Z5eq+Gb hbjHmJpuu6c8tvcWRKI0SiXcgyDk5I8qa5nu5Q0ha5mkWOJWYs8jMqpFFkjmRgiIo65AAr8g8UeP uL+Isxhl3F2USyfGZROccLhJUKuEjhcPiIRVWj7CcYVZ+0cIyjWm3UqRnU9rKpen7Pycyx+Lr1FT xdJ0p0X7sOVxUYySurNJ6taN6u7vfS16/v7y8ljN7cG6e2hSzjlKrua3txsgG8IGlUIRtLZbHB9B ViWSWRY4o5JpHwEiiRpJXIzkKiKSx/WtfTtNspJ7m11G6ityhEbX8dwjWtgYir3LzRqC10xUiOFV wJZTsVhy6sutVisUNloRngjV5RcaozGHUdSDYVATE3+h2OxQVgVicuTK7nAX8mngpSX1vG4jljNt Nc3PWlKLty8snfbX2knyJac0p+4/McHbnqS3+cm1pa367fPQ6Xw5oN3FJqV5qukwxwW+iai9omty RWUU2oSxrDYrFbXUqPeSmWQBFQFgzBhgqDWbrOgf2ZJZXOZE0zUESeMho7q4hhVnjvPLlhbyb0Rv FNsZZBvXYXVCxA5mG6kMd3mVROyxSieaYLMBbyq4jgkdtxlLMpwDuxHnoDXb+GNC8XyJC2jwpE+r K5C393ptrDJaxo8sjzWOrXSrc2rxI8jyNE6rHDuBwTXrYShh8xo0MvwmU18RON589Ne2qqUqij8F OnTlNTSjBQc1ytqXPpZXBRqKNONKUut17zvddEle+i1elzqNn7Pn/QV+Lv8A4KvCH/yfRUP2SD/o NfBj/wAB5v8A5W0V9hyR/wChDk//AITvy/6j/wCvy6/+4VH/AMBfl/f/AK+Rwf2jpg59QcD+ldto mr3Nr4L8c2SCA22py+FoblnhieYGDULu7hEUzDdEuYXyFOGxznAry4XIHRuB7n/D3rrdPmf/AIQv xNJkeWut+Fo2+8CGaHxA6Y454Rs59K/MMkpVqWMrzpOVOTwmPi3HflngcRCa9JQlJS7xbOCi2pu1 0+Sf3OEkzu08SeLvinP8NPh5PctdR6K0PhPw3CoYtHFq2qBmnnyx8ySOKSJA2OIbJF7HP7e2cWj+ CvDFtatNDp2heFdDige4kYR29ppmj2So88jfwoIYGZvU+pNfkX+xh4eTxF8arHUJo/MtvCejanrr FiSqXbImmWBzj7wmv2Ye8We1fWn7b/xFbw18PtL8G2Fw0N744v5BfbHw40DSDFPdRnHISa+kskPZ kikXnOK/u76PGYPgPwk8R/GniGU8yzGt7LB4d15ylOrRy2hSwuCw6qO7VOria9PDO1+WGHho+RI+ 2yGs8DlWPzivepN2hG+rapxUYRT7OTUfLlXY6fxb8fIfiz+zn4u8W6Zokd7oHw0+JlrpWueF75i6 +I/h54jtTaCe/HJsr9rzM0EiYNtKkeCSrZ/Pf4naDdaLovh6+8P358Q/CzWZrzUfBWsTQRSajozz lRqXhPWLpU32V7bz43W7N5cjL58Kje+fWv2KNUtfEutfE/4IalKosvjF8Ota0nTUkYCNfE+iwSap okig9Zi8UoXuSR3rl/h745X4V6XP8KPFN3c6UnxCuLi61bWVZWufh5dZk0vw5qtrayoyid7i3Nxf hgHWzeHYQ2TXw3Gec1vF3hjgbirjDNfqb4hy7GZVicyjCMVhM6ynHx9jhZ01KlTlgcwy/GZOpUJ1 IU8PWp/2hGdOFDF+24cZXeaYbBYrFVORV6c6Uqn8lalNWi0rLkqQnSvFtKLXtLpRnf5lM5X72V+o A+nUD3r7f/Zw+Meg+AvBVn4ZsLL+2/HHjD4irZw6dG7RxWmmPb6RbDWdTnjRmWyhV7ooijLtG+Si K7D5Z8UeLfij4O1/WPDOu+JNWTUdNu2tbpJZYbmC5QDfb3du88LLNZzQMksLjh45gRwa7H4W/ETx RDL4z8S3F9p5Twn4F1y+huJdB8Phn1PVBB4f0q1luYtOWV1kutV+4H+fyiGym4V+O+GWPXAnHVPE Zdj8XgM3oxxGFryr5ZQ58JSjrjZxjPMJRjWpYelWV5wlGDcm4SseTl1f6jjVKnOdOquaMnKnG8Er Obt7TRpKS1Tt2PYfG37Y/wASV8Ua3aeFrvw8nh2y1q+g06caMJLjU9Nt7qSKCS5mnunMfmxJu3Rh GAYMCDXmer+KJPirayS61rmr61Lame8hbVJ2v/Efg9pSGuWihhVV8TeDy4zIYIheWajeY9gbzPG7 nx7Z6k8bat4K8HTGOKKEvpNheeG5nWJWAdjo2oRxNKd2WYxHJAzX1F8Mv2cD8RPhvqPxL0dvEngv V4Z5LnwfZW13HrJ1SHS95vLq0EkNrOjSSrJFbfvyXeA/MVYZ+ly/NPEvxbznNMpo55X49wtanicZ PLatTFUo0cPTtObpwrL6rBRbp06VOWIbnUdJUpQxKo16fTSrZjmtarRjWljotSm6bclaKs3a/uK2 iSctXazUrSXy7rOk6r4bvYIr5DE0kUd9puoWkwlsr+1ZswajpWoQnbc25I4dGyrDawVwQO+j+KFv 4ltrXSfijpsvim3tIFs7HxTZyx2njrSIUyIgmpyDy9ftIweLe9ViQMLPGea6po4fF9hN4XXVbPxL BYGbUvM0iBtJMN+0Je+vW0PUIkm8K66kzSrdR4OlX7RNve1uSJW+dtd0+70LVrrSLh45bi2kCK0B P7wSANHuiYh7efDAPFIFkjYFHUEV+b5nleacHyni8kxEq/D2aSVKrSqqliMPVqQ1lQrwTqYXEqnJ TdKtG7VlVpSg3TqT8+rCrhffotvD1bJp2lFta8slrGVns9e6ezf7Q/sseHdL8N/CWwfR9W/tvTtf 1jVtbtNTNjPps09tLLHZQx3VlcEmC6jWyKSBWdNyko7qQa+JP21fHv8AwkHxNt/C1tPvsfBGmJaT KrZU61qnl3t/ntvjt/sMR9DEw9a/Qnwu+n/Cb4J6LJqZWO18FeAba91Bj8pa4tdL+3XSAY4kkvXd R6vIK/JPV/EHgf4vf2hqV5HH4K+K+q6pLctO928fgXxObh2ld7ua6MjeHtadiEBLCzkchmaHJA/t Hx8n/Yng14f+E+XYnC5Rm+YYPCV62DlOpTVWjgqVOVTC0J1HVSnUx04zoRxFZSrfVp041alZqM/r s8k6OU5flcJRo1qkIylC7V1BJuCbvq5tcqlK8uVpNvR+NCc8Z6fhzkUx58kd/wAvy61Hq1hqeg6j daTrNlcabqVlJ5VzZ3UflyxtjKsM8SRspDI6ko6sHRipBrKefkZI79wa/wA76mCrUK1ShXoyo1qM nGcJxcZRlF2lGUZJOMotNNOzT0aufBtOLaas1o09GvJrv5GqZ+Mjt+HBHU/570hnwOTj1Jx/n1rW 8FeDPFXxE1+18M+D9IuNX1a6OfLiAS3tIMhZLzULpzssrJNwLSOQOcAMxCn9Xfgt+yR4K+HKWmt+ LktfG3jJAkvmXcIk8PaPOADs0zT5lIvJlb/l4nUkkZSNK/X/AAs8C+NPFfFt5NhY5fkWHny4jMsT Fxw1N6OVOkl72IrpO/sqSajeLqzpRkpHq5Zk2MzWb9hHkox+KpK/KvJfzS8l5XaTufCPwv8A2a/i n8UVgv7PSR4d8OzFT/wkPiNZrK2ljP3pNPs9hn1HjoUQRn/noBzXj/jHRJfB/ivxH4WmuRdy+HtZ 1HR3u0iMIuTp9zJbm4WJmJiVwgbbk4DYzX9Bqv8AKAcYG0KoOAqrgKoA+6AMDAwBivwQ+PEo/wCF zfE8oflPjXXcAY6C8kz9eRX6v4/+AnCnhFwVwtiMpxWIzPPMwx06OKxVeSjGpGOHc+Wlh4fu6NNT jdJurU1tKtJaHp57kmGyrB4WVKcqtepNqcpaX929lFaJXV92+7OFN4TbGLK484SZOPMz5ZQheOU4 Geeqj0q5pWoJaX1jcNtdYZlllGWhbZgpKvnrkhBFuYYHBBwDXKfaOgOABn8c45P51YiukmuY3u5H aIFfNYBS3lxqcIMsOoUL171/KNCE4VqNSLXtKThytpWXLJNXbutHvdNPW66P5iLakn1TX4H0rp11 c+ItMhRtXjeXwxpmkvr6XVhNPM2lWYhlS9tZgC63NqQsauQoMVzGGOMIviut3hudQv7yJ5LpG1G7 33sskkstzunke3muUm+ZJTFwSxO4oSctuznaf4u1jRdcTX9NupLbU455ZU3F5IzBOphls7iOVj9o tXtdsbK2dyAAnIyMi7ukld54lWEXEjO1sJS4jY4kwGY5dMsducsMFTyMn6fO81o5tgMJTUJLG4ec 41XJzl7SnFJYepBznJQlZyjVpqMXzJ1FOXtqkafTWrxq04LXni2nre605Xrez3ut7631aVpryTMm HcB/vAHAI4OMLgFcgcY7D0qGS4BLYLfMql953Hd/ERjsT+PPOayWn+ZseuMjrz1yK3NS0xk0jT/E VhFL/Y91ImlXE0txBI1vr8Ft595ZlEIcRNCY5omZMbJtm9mU187QwFfEQr1acXUWHipzSTbUG0nP RWUYyklJ3VuZdL25lFyUmteVX+Xf5FEz9Md/pn8ff/Gt3UNDutP8M6D4ma+sJLLxDeazYQ2UFyza hbTaG9iLhr62ZAEhf7dbtEwZgec7SOeL88YPQEDkc/h9K9Z1K3lm+BXhjU47y2+zWHxH8TadcWk9 q0d817qOiaPdQPYXuwi509LWwczruXy5rqPKHIavZyTKaWNw+fudJzrYHAvEUrSS5ZQxOFjOTTlF TiqE6ycfeavzpNxNKNNTjXbV3ThzLXqpRT9dG9PmcNp2syWF0JN032adVttQgglw11bMSsi4f5TL tOY9wZVcA7SCQY/EAtYdSmNisa2zYdY4RIBCWADRTQyktaXCvuWSIlgjgqjum01zKzlWD7gpRtwY nIVl+ZSBjk5H+NdJ4V8JeMvHt+2m+EfDuteJb2WQGVdMs5blIpHbIkvLwKIrVdxJJlkUdTnijA4X G5jCllWEwdTMMVWqL2NOlTlVq8zTThThBSk+dtNxitWr73vMOeolRhB1JSfupJuXmkldu/ZGGLjZ IsikgowYFCVdWU5UqwPysCBjvkVoaVpOt+JtSXTtB0rVNd1O7lwlnptnPe3Ukkr5BaO2RvLyx5Y4 UZOSBX0lb/AHwV8PYrfUfj78SdP0S5YpInw88EvFr/i+6Jb5ba7nh3R6eWBCkqr4LcSAivoq5/aF 8H/B/wCGr23hb4ZzfD+/1q1ntPAehXXkReKb6wEM1s3jrxU89sz21sLzP2aOczyXckDn5Y13D9e4 f8HqUHiq/iJxPR4IwOXUfrFbDKP1zMVFW5Y1cNRk4YGdV2pUY46pSr1KsoQpYeo27erQypLmlmGK jgoU1zSjbnqW03jF2g3e0edqTeiizwfQ/wBmRPDWnReJvjt4z0r4baKQrDQYrmDUPFt7ESC0CQRu 0VnMwBTb/pEi5yYwRWhN+0Z4H+G9nd+HfgT4Ej0a3nt5rabxtrjvceI7yUo0cd9+9BkkQNtLRM0U TBdvkgdPj7W/EeueJNQl1bxDrGoa1qM7M0t7qd3LdzkscsEaVv3Ue7OEXaq9ABWSJAeMjrxggkD0 A/OvIfiHhOHYvD+G2QQ4XSTjLMsQ443OayatJ/WpwjRwSmt4YChQlqlKrO1zF5hCh7uXYdYa2ntJ WnWff3muWF+qpxX+JnY+IvEeoeJ9SbVdSu76+vJos3D39yblhcEGS5ktgiILa0acyOkSqFjDbeQM 1z4kHc56HGOh/OqAkA6Zzkg9sZ9x9aeJTjqB14Pb8SK/L8TVr4yvVxOJquviK8nKc5NuUpPeTbu2 3uzzZSlKTlJuUpO7b3bPXvAXxq+JPw3Mlv4X8S3cWk3Py33hzVBFrHhnUYyfmivtB1NJbadGXgny wwzwQea9Zt/GHwA+JsyN4w8NXXwT8Ys26Pxf8P1nv/BE99gmK61TwlLKZ9HAn2uz2EzKuOLcDivk oSH6j8qswDd5jsp8tIpCzFHkTcUYIjFFPlszDCk8A88DmvrMn444gy7DUMpxbpcR5BRfu4DMofWs NTW8nhpSlHEYCT3lVwFfC1XbWbWh10cdXpxjSlbEUI7U6i5orvy6qUPNwlF+Z9E/ET4LfEPwho9r 4h02Sx8eeBoriS+j+IHgm5j1rS3vrthcF9Ue3T7Vo06qExFexxMrlyOWNeDwLJfSSyzvKYoIxPeX GRJJHArpHkb2+aQvJGiA9WcA4GSOq8KfFHxl8PNefXPAPiHVvD8kixxzW6zxzWl7biJI3sdUsGQ2 +qWhClSssRV15Kgnj6FXxt8IPjJo7aL4w021+B3jbUjHd3PjbwppCSfD3xFeNNstF8VaFbo9xoMD TwK3mWTGBZWdzaYGa+gWTcHcXV60sizWfDOaxTcMtzKtGeDxE4rlpwwebTdGFFSaVqWZwoqnSVv7 QxFWSibqlg8W37Cq8NVSdqdSV4Sa0ShWbSSfary2X/LyTPDtP8SNoGnHXNLstE0+VJY9O0iwlsLD Vr+RjbvJPruqTalBKzsvyeUqiNDLMCsYiiw2HLrt5d3Gs39+93d6hJZNHLffallkjivBDFMkU6KR FHLLO5kwNpjZoFCByR0fxR+FXjv4bixk8S2kN9o+q3F1daL4w0KeHVvCniC1eK1SGfS9dscxSjZG B5LbJIQu140ORXn2hxadm/1LV/31pploZ4bAM0f9qahLIlvZWTyoQ0Vt5shlmZfmMVs6KQzhh89m tDiDLsxjw9mdCtk9bBLmlQxClRjTlKk5yxDo8rjFODUoOlHllSjBUudyUnhVVenU+r1IypOGrjLR J2vzctrbaqy2StfQqfbp/wDntP8A9/pf/jlFXP8AhKbj/oFeGv8AwQWlFfPewwn/AENJ/wDgqf8A 8n/XzOb3f+fj+70/vepTu7u3luriSzgNpayTSPbWrTm4a2gZiY4DcMoM2xSF3EAttyea6Ky8VQWv g7XfCzabDLcaxrWhavHqxkYTWkejW+qwvaKm7a6SHUQc442Nk8rjzj7WexHccnH5Un2ojqRz7k/1 4rPD1MTha1avQcadWvTrU5WpwtyV6cqVWKjy8sbwnJJxScLpwcWkKM5RblHRyTT0W0lZrstG9tuh +pH/AAT40tGX4meInXLg+H9DhkIOQp+36hOoPbJW3JHsK8Y/bg8Utq/xrk0dJN1v4V8O6RpiIGyq 3N8j6xdNg/xH7bCp7/uh1r6a/wCCf1qE+E/ie+CjfqHjm5Qtk5ZbLSNMjQHjqDM2PrX52/tF642r fHT4o3hfeF8XalZJuIIEemGPTogOvRLUAfSv6+49Usj+if4YZJQ/dyz/ABrr1bfbp+0x+Ls11tOe Hf8A26ux9bjpOhwrllGOn1ifM/NNznr83EsfBDxHfeGvi98Odd0/Uo9KuNJ8W6RfPqEwlkgtbS2u Vmv5bhYFLNALFLjeAMbc5IXJHvP7dPhS20T43XXjPRJvtvhH4t6JpPxB8L30YAtprHVLOKO4t4do wixXELKEGNqsoIr5R8JMbbRfG3iV5PKbStEi0fTyFB8zU/FNyNKZFfOUddFGtSBuxjHIOM/ZaTf8 L5/YkbYftfjz9mDXdxX5Xu7r4a+JH5x/FJDaXq+4VIe2a/M+CcBHiLwv4w8O50+bNq0JcWZT70nz 1MojUw2Ow0IJuPNXyz+0cS0o885YChG7Til5uCSxOWYzL2v3zTxVLzdJctSKV93T9pLa79mvI8in v7b4vfC20hgsjN8UfhPpp+13CyGS88W/Da3Z0Vo4+Wu9R0dpLfcpy/2Ml1JCsFoWME3hn9nnVtfT VLayuPiR40tvD0dksf2q71jQPC8LX17HvC40mOLVri2dyctOPLVcDOfD/A/jnVfAPizQ/GGjCKS/ 0O9W6jtriSVbW9iKNFcWN55TBpLSa3lljkXOGWQg5r6t/aY0u21n4dfB/wCJPgTQxpXw2vdJ1VZb CA7R4f8AE2v6xcajfWU9uANts1xFPFDN8wItVTIXygfPyaFLiHhriji6P77i3hrKHg69KnGcZ1sP WnhcvhmrlSiuaVDA1sRhsbeSc5Rw1es6qr4m+dGSr4fE4te9isNR5JJJ3cZOFNVbrrGEpRnrraMm 3zSPDfhJ4Evvin8QvDfgqzZ401S9D6pdRqD9g0a0H2jVL0kD5StojhM9ZJEXvX786Tpmm6Dpem6L pFullpmk2Ntp2n2sS4jtrSziWG3jUDHSNBk9Sck5JNfnZ/wT98BCHRPFnxNvYAbjVLseFtCkkByl hYeVd6xPESOkl7JaRkj/AJ82HHNfo3kjrj8z+gxX9r/RN8O6XC/h+uKcTQUc540l7bmatKngaUpQ wtNdlUftMS2nacatK93CJ9lwrglhcD9alH99jNfSC+FbddZabprsflD+2n8Iz4K8VwfE3w1C9roH jSaa21xLTdDHp3iWSJ2uSfLIEdrqFsskhXhTNHOCMOorxT4NW9p8U/iD4F8H+IY55dTTWdPex16C MT3FzpOkONQvNG19SQbyzFhZzLb3RJltziJ/MgKiL9wPGnwQj+LvgDxB4Z8TywaB4d1qyMcet6gF V7K+iIn0/UtPt3Ia4nhuo43UDAcAoSAxr5j/AGXfCv7OXgTxl4yg+G/hfxR468YfDwnw9rnxG8er /Zmn/wBuXct1a32neHvDEJ/cRCGymLySkvsdQCQ+T8zxl9GjEf8AEasizajjsDkHA3G+Jhi8RhcZ OXPiK1CTxOYUMFgaMKleo6lKnLE08Qo0cPh51JReIpqMIz58Zw5L+2aFaM4YfA42SnKM3rJx96pG EEnJ3SclKyjFt+8rI0/2pZtd1PwVp/gDw/4U8VeJJfHl9LZXx8LaVqGo3WkaZp0S3cWoPFZxETQD VTpgeFiBNCkyKd2K/N26/ZC/adtjJn4L+NrmJFDrPaaZ58M0LjcksQDbiGTB2sqyLna6q2Vr6l/a J/bR+KmqfE/xZ8L/AAR49m+H1joM1rpWg6j4cFrpVtfeIILdTquj6veCMtDazXkhgt7lWQW89uFl zDK7x/H9t+0/8fEefw9r3xa8f6VqFnfXZtdXm1/VLfUdJ1VnjjntdYKy7rrSmkh2ujqzWzv50Xyi SOT4LxzzjwU4v48zGtnmO4kzaWVzlluHrYGllWDwtKeElyVsM5YieLqVFUruriKNWpGhG1Wyfs3K dLgzvE5Ni8dUlWniKvsm6cZU1ShBOGjjeTm3eV5JvlWvbVUPFOl+NvDujDw38XfBfjHRLrSLWRfC mt6rot1aahpzJyuh3lxfRoNQ8Pu27YDIZLR/mgzGzxnlPhl8OfE3xb8W2HhLwvArXE/7+/v5VY2G jaajKLnU7+VR8sKAgKo+aV2WNMs3H0T4U/bf/aS0HVo/BfjabS/jBp97eWunXPg3x/pNh4hXVmvW jS2gtdRij8xzOk8Xkyo7q6zK6kqQa/X74b/Bj4c6Voeo6x8NfCOn+BfFuvx2ms+MPCNrdSX8SXot Y/PsdFvZwGbToLhpvLhUBNzswUFhny/DjwA4V8aM/oV+GOLMfisp4acIZrgc1y5YHN/ZRU3Sw+Hx eGr4vBY2bVKVFuVTDYuhRj7mGqRp04xyy7IsLnNdPDYupKlhmlVhVp8lbl1tGMoOUJvTlveM4x2i 0kjzb4TfCbwl8HfDUPh/wzaCS5lWOTW9duET+1NdvVX5p7uVRmO3DFvKgU+XEvABYsx9TEg5yAOv OT+FQskiMyOCjqxVlZSGRgcMpBPBBBphY9lJ/P8Awr/Q7Kcly7IMtwWTZNgKeW5Zl8FTo0KUVCFO EeiXdu7lJ3lOTlKbcm2/0CjThh6cKFGEadOmrKKVkkunT57tu7ZcRkLoMnJYcY9+e/pX88/xT1P+ 0fiX8Qb8MGS78Z+JJVYNkFDq92qHP+6BX76+IdZg0Dw/ruu3LiKDRtG1TVJWc4CpYWM90ST2/wBU APc1/OJd373tzdXsxzLeXNxdSNnJMtzK8zk8f3nNfxF9NrHw+p8AZOpXq1KuPxMl2jCOGpQf/bzq VEn15XbY+M40qpxwFLq3Ul8kopffdlkyg459s5Hr79etR+Z1+Y9D7f5PNZ5lPUEduBTPOIB/xz9c enGa/gFUX93yPgzSM5PLMc+pwSfxPsP8Kct2VjkTCkSbMkgErtYt8p7E/wAuKyTNnPP5nH+Hqaja Yr3B98jrz19atUuys3/wwami04yeeD0OB1Pb/PrXYaF4ssLLw/4i8K6vptrdWHiCbTbu21fc8d94 b1fTHmS21S3KBvtNm1rd3cVzblcyRyhkYSRrnP8Ah94g8IeH/FVjq3jjws/jTw7bw3YufD6Xz2H2 q4kt3S0kknjdS0UcxVim5d2O+MH1a4+PfgzTLlp/A37P/wALtDZHL2914hj1Txhdxn5gjeXqN2sC sAegjI4A7Zr7bhvKcrhhv7WxvGGEyaq5VsPLCTwmMxWJqUalJQqSUIYZ4Vwqwqzpx58VSqKUXKPJ JRmdeHhSS9rPFwou7i4uE5ScWrN2UHCzTa1mmrN6aMw4/gN8Y7y/Wy0jwD4g1uC4cjT9Z0uxlk0L VLUgPBqOn6tNsiksJYWR45GK5VxwG4r6B0H9nPxLp/w38UaN8XfFfhT4b6Va6poninSX1LXINTv9 AvfMbSNVuL3RtNlO2G7064ghVTKC1xBD/d58t1/9rX40eM/Csnhtde0/w2LBXuWm8L2UWgXl/pUY WP8AsuFoJCII7eNtyJB5bPFGwYnYM0P2ebHRtd1P4k+Kfii15qfw20bwPdN46urjULz+0ry4utQs Z/DunadcifzJtXm1ewi8pd+CI3zjNfq3DuA8K4cSYTLeGcDmfEss6w+Jpyq5piKeX5bQhPC1XWeK pYSlXxc8PhVF1a1ZYqjKjCn7eClKEJy9PDwyxYmFLDQq4n28ZK9WSp0opxbfMoRlNxha8nzRcUuZ XsmdG+p/sqfDgJ/ZuneLPjn4jgYFZ9YZvDHgt5wSBiwhAnvLfdjCsJA/r2rqYfF37S3xQ0G1bwXp +lfCj4YXd3cabayaNLpXgLwzaQ28SC4N5rV5LFcXkCI5BkTdvcuqAsCo53RfHXguw0/xP4z+B/wR 0DQ18BadYz3Pjf4o+JJPEV7Zz3s4trMaRo12VsLjxLM3mmOJfNkKxNIiAJXzb4++KPjf4n3tnqPj fXJdZuNPtDZWQ+zWlja21qZ5bnyorKwhihXEk8nzbN20BSxCitsz4iwHDuXwowzJYbCZlTbo4Phb C1MpwmJowrexlLEZ5mFGWa4yClSrU5UpUMTSnKHu4mDUkipiadCCSq8kKi0hhYOjCaUrPmr1I+1m laSa5ZK60mj1KDX/AIf/AAuubvUdDvm+JvxNtLz/AEHxNqFiy+A/D15FJIJtU0y01CQ3Pi3VUkAa 3nukjtVcCVYpcKT5H4l8XeJfGWqS634r1/VPEOrTgiS+1a8lu5wjO8ghjaRsQwh5JCsaBUXd8oFc cJR1GSOmRnA9Dx+H50eZzjJ+uSB9DX43muf47MsPDLqVOOWZPTl7SODw7nGi6j/5fVXOc6mIxDXu +3xFSpVULQjKNOMYLyKmInUiqaSpUVqoRvy3/md23KX96TbtorKyNLzOeTjrn0HHvTxJx0z9DxWY JAO459Pb1z04/GnCT1wfUDqPXjua+ddP1RgaYkOOSR9D/L0p4k4znjpznrgnv9f0rNWTnrg+/I+m aeJMnk547H+lQ6b7JgaYkx1z+HH9fYV9Q/sop4e8S/EO9+FnioW6aN8W/DupeCoLydUJ0rxJOovf CuqRyP8A6p49ctbVSwIJSZl5DYr5RWU+wA7E1r6JrN7oGr6VrmnSPBf6TqFnqdlOrMrJc2NxHcQu jcdJI16cV9Bwhm9HhvijI87xODjj8Fl+JpyxOHmrwxGFk+TFYaf93EYedWjLspu3Q6cHXWGxVCvK CqQpyTlF7ShtOL8pRbXzNjxX4d1Xwb4l1/wprkElrq3h3Vr/AEfUbd1KvHc2FxJbyAhuQpaPI9Qw PesDzSAVyyq4G4AkB8MSNwB+bnkZr7x/bs8N2mtap8Mv2idBtlTQ/jp4K0vV9UaBcQW/jPTLSC11 2BivCyuRG57llfjrXwB5mMDdjjnOPzHrzXp+I/By4G42z/hqlWeKwODqqpgq/wD0E5fiqcMTl+JX RrEYOtRq6aJzcd0aZjhPqONr4ZPmhB3hL+anJKVOX/b0HF/M9t+Gvxy8Y/DeG50SI2XinwJqrY17 4e+KoDqvhXVo2AEjizlbOm6htH7u6tminjIBV+MV63d/CvwN8YNC1bxD+z5Le22t20Eeo+IfgxrN 0bzxNpcdvJLcXl54LusD/hMNHjgaUrAgF9EsWZI5ADJXyVptmlys97ePNDpViI2vJ4UV5meVtlva WyyEK11I/AycIqtIwIXB6LSfHmreHbyxuPCN7eeDpLS6F0L7Srhv7QE8RcWtzJqMSrPJMsbyBgrp H852RqOK9Th7imEMBh8l40oPPuF4wnDD05NLMMEpXi6mV4qf+7U1Nt1MPWlPA1nzt4d1kq1LShik qcaOMj7fC2aiv+XkL6XpTfwq+8W+R6+7zWa6z/hX7f8AQv8Ajv8A8Ed7/wDIFFdv/wANpftPf9Fe 8Sflp/8A8h0V7P8Axpj/AKGWef8Ahiy7/wCiE3vkv/Pyv/4Ip+X/AFEep8o+f7jAz379+3NJ5/Oc 8dxk55649Pyrr/D3w81LxF8OvHvxGt9RtIdO8A3nh6zv9Okjna9vX8Q3DwQS27qdkcUews+45PAU HOR5v559f/Qvevz/ABeS43A0cvr4vDSo0c1o/WMPJtWqUVWq4dzVm2kq1CrCzs7wvazTflSpzhGn KUeWNVc0X3XM43/8Ci1rZ6H7gfsDMF+BZdRky+N/EJY9yVi0xAD68KPyr8kvihqDXfxK+INyxIM3 jbxTIck551u9/oK/V7/gn9crJ8CXQHJh8d+IVbHJBeHSpefbDCvyA+I0zL8QfHanIK+MvFAKncCM a3fDGM9a/qTxmp83gZ4CU4fwvq1VtL+aOHwy/BuXzufUZy/+ELIEusHf1UI/8ExxcHBBY4OMjLAH GeSO/t/9evrX9jH4s6Z8OPjNYaZ4pdX8AfEuwu/hz44tpz/osmj+JF+xQ3cyNwBb3rwSbuSoDV8Y mc+v6n+lKty6MGVyrowZHUkFWUhlZSOhBH5iv5x4Rz3H8HcT5FxRlaTxuR4mliIQnrCooSTnRqL7 VKvTcqNWOqnTnOLVmfO4PE1MHiqGKpfHQkpJPZ2esX3UldNdU2e7fHr4Zan8Ffiz41+HWpq+3QdX nGl3JDBb/Q7pjdaNfwsR+8jl0+SFsjjOR2rtPjH4y8Y6DovgbwAPEVxBol38KfAN7rfhm0MH9mx3 r2N1PamTYrB7iSwntJpGRl3NKu/LoCPe/izbP+1L+zJ8PfjfpKxTfEz4Qzab8KPiyMkXF5ok7xW/ hDxXfFVJ8gF1illYEhpH/hSvPbH9nbxv8eP2i9a+H/hGJYtC8DReGNC8W+LdR3QeH/DWleGdB0nS tQubu7cBSWe0uRBEDumYgqNuSP2jOfD3M8Jm2dYLw5wmLzDK/Earlc8iWGnNVK2XZpDH4l4Wag1z ywcsNWwGN52qVOeGxDqrltKPs1sBVhVrQy2M6lLMnReH5W7yp1VOXK7buDi6c7uycZX7n6vfs2eB L/QvhL8NfCOmWLy348Naff3kaJg/btaQ6xeyztwEAmvWBJ6CMZ6V9RvH4c8CgG78jxJ4oUZFsDv0 nS5ev78/8vEwOPl6A9h1Obe+ItJ8JaXH4T8DfJDb20Flfa+Ri7vRbRLB5duw/wBTb7VwMenHcnzd pS7FjuZmOSWOWYk8kknk5r/VjJsuy3gvJspyPLYU8bjMowtDDRq2UqGHWHpQpRjQi7xq1IqCvWkn BP8AhxbtM/VKUKWCpUaNJKdSjCMb6OMeVJWS6tW3ei6Lqb2seI9W165NzqVy05B/dQ/ct4E7Rwwr hY1A44GfWvItXbw18KvD3xJ8eW1rFZfaV1Txx4hkyFW91Wz0e3tY2AA+XzBYWyhe8k7sOXNd9vHo f0/xr40/bv8AE1/oPwEvLOxDhPFHiTRdB1CZWK+TYZuNUkRgOqyy6dFGR6Oa+F8RM7/sLhfiLjDF w+uZhkGExWKoVKi9pUjiPYTp02pO8lzymqc2mv3cpJ+6cOY4j2GFxGMmlOph4SnFvV83K0u+97el z8Z9V1q71vVdT1jUZTNfatqF5qV5IzMTJc39zJdTsSeoMkrV2klz/wAJxo0kxO7xl4bsN9wxb974 o8M2MKqblsnM+u6dbqPMPL3NjHvOZLV2k8k+0H1HQdj2r1f4E6zp+lfGP4bXurRW8+nL4s0u2uo7 pBJbBL+U2CyzLJwUSS5R+ePk5BHFf475DR/tDOMPl2OrpYXP69KjiKlRtqDrVVFYlvdVKEpuqpLV rnpybp1Jxl+P0P3laNOcvcryUZN9Lu3N6xve/qno2n9wfsP+G5fiD4gk8U+LdAsdRtfhfZ6Xa+Dv EU9vJa38F7Ot6tppT+Uqw61Y29pJPNFJMjz20iwCOXYdg/WfT9TvdOvbe9spWiubeQSROnBBXkg4 6oRkMOhBOa5OwFnpdhFFHDb2sYBKW9rDFAgUHaixQxIqqoVQOgAAr5Y+Mnhz44fFXxLc/Dzw7rk3 gf4d6jpNnqcXjHQ4pRIZYLkW2t+G/FU4vUmLTQSrLZrZgBzGFn/dmVh/qjwjkUvBngXA5bl2GxPG XEDq3csLSp0cRi8VUv7CVacpyVClSpwpYZYivVqezjCF3y2jH9SwlF5NgKdOnTljq7d7wSUpzfw3 d7RSSjHmk3ZJdND718Q6/wCG/Ftnb+LPClzbaw/9qtoHjC30Ca21GDw7rsVq908mrvbzH7DG8aKD nJMk8akbmOOXWVWJ/hA7sQKzP2Zvht4J+D2hy/DHw/bsukeJIWTWNUvXEuo6z4gaMCLWNQlzjzy6 hURQEiXaqjgk6mo2UumX15YXGElsp5YJSTtUeUxBck9E2jOemOa/a4vNMwyfLM/zjC0MDm2YprG4 fDTdWjh8XFJyjCq4U3UVSEo1JT5IRlVdVQXIont+/Uo0sRXiqdaqvfjF3jGatdJtK90072SbvZWs fKf7ZnjuHwb8ENds4p1TUvGlzbeFbFFI81oblvtWrSKc52rptvMhI6G5Ud6/EDzeOMAY/Hp0+vSv p/8AbD+NcHxS+JR0nQrwXXg/wKt1o2lTxNm21LVJJF/tvVoyDiSJp4Y4YW/iitQw4evk5ZeM54HA 5yOfp9K/yQ+kjxvQ468SsfVy+v8AWMm4epxy/DTi7wqexlOWIqwaupRniKlRQnFtTpQpy6n5PxFj o47Mqjpy5qOHSpxfR2+KXzk2l3SRfMgz1Jx6fn+dMaT3PHGScn1/PFUzL75xggY61E0vvg9Tk564 9vr+dfgipX+yeEaMbxPNEs0pgheWNJZljaVoYmcCSURBgZSqFm2ggtjAIzx1c3hmG9uLW28Ka9Ze J5brcgsfKm0XVlmjXc4+w6m6pLBjJR0mYsFO5EbivPzLkk/l259vQcVE8mVAYAjHBx6dM16OF+rU 4yp4nBLERm4++pzp1YJPWNN3lS95bupRqW0asVFxWkocyfm016Pb74s6/wAUeF/E3grUX0vxRo95 o94oQqtzse3mWRA6PbXkDvDdIVYYMcjDtwQQOWaYLyDx17YyT2wOnNdp4W+KvjLwbpmoaJpF9Y3G havPDPqGi67o2leIdKuJIFdI3+y6xaTC3bY7BjEULcZPygiPW/Gvh3xRIs2seCdF0K7FssJ1DwEj aDFJMh+W4utBuJJrOQ+WNrCEWzN98tmvbq5bw9iKXtsuzKrhK8rv6tjKXMo3k0oQxlDmjWajytzq YXBptyXKlFOWso0GuanUcZfyzXnspxvzO3Vwgt/nyljFfahf2VjpltLe6jeXdva2FpbxNcXF1eTy LHb28UKqTMzyso2gHOcHjNfpFq3h3wDonh/WvgRP4P1ix8NeHtFsPiX8ffHmkaxJLL4M8XrokdzY aLo3mweRrSpJIIYrCXJY3h8v5o3lGf8AA/wv8LvgF8O9L+N/xB1qzXxV48jZPhlFreiXcOoaCIo7 tJLiGCL7T5Ek6tGzaj5TxW8M0TqreYVb5T+JafFzxBBpt7daW1h4G8XeKJrbw5aeGtcg1vw/rviL UpjM1xeX9pfSza9r8xkDNcXwExxsjjhQCJf3HJeH34bcLvMcfg6ee8RcTUIVKuX0aVHFzwWVVYWp Qxk+Sr9ThmrrUXVnFwrPCKNCi1XxMq2D9qjR/s3C+1qQVfE4mKcqcUpuFFrRTdpcircyu1Z8lox9 6TlT9m0XwQP2htL8NfCL9nHUzGNMuLvV9R8B+J7Sbw/rGtXaQwRt4u1zxFbz3Gn65exKbhEBNqLa FwkUbHJr9LPgN/wSp8AeGray1v446tP4618rHM/hjRp5tP8ACtjIdreRcXSBbnVyCCrEGGM7eAwO T9Y/scfsw+H/ANmz4X6Zp5sreb4heIrK11Hxzr7Rq15JfTRrMuiW8xG6LTLTf5aopAeRHlbJIx9d 5PrX+ivg19E7hLD5fkvGfivw7h8642r4eg/7Pl7SWV5dTjCCo0Fgqk6lKpiKUElXUr4SFVyjRw8e X2tT9IyXhLCRpUMbm2HjXx0ox/d6+yppJcseRtpyS+K/uJ35Yq13+On/AAU5+G3w2+G/7PHgmw8D eCvDPhNV+IVnBB/Yuk2dlcvCNI1FpY5buOITXCnbGW8x2yVBPPNfguJsdDj6Hp9OeOa/cz/gsT4u hg8N/BzwQkw+0Xmr6/4luIQw3i3s7a3062kK9gZri4APqp9DX4Q+cB6fnnn3/Ov4O+mfDK4+POfZ flGEo4LCZPgssw3ssPTp0qUJLB0qrjGFOMYR5Y1YxskrW8j4HjX2Sz/EU6MVCFGFKNopJJ8idklZ aXNUS/7XXnp35GOOlP8ANH+zn6/0PespZSTycc+vU+w9KlWUcY6j1PP8ulfye6Xl+h8oaglyck44 Pf8ApjFSrL6fQn2z9PasoS99x+hyalWT16Hnjv3GQetYyortYDVEo9cnoD2+hHr1/Kvrv4l+CtPk /Zb/AGffidptmkV0+seOvAviG4iRVM9xYan/AGtpclwyj5n+z3dwgJydseOg4+NhIeOh6dOvsfav 1GsvDx1//glxc6ls3y+EPjRc6xE2MmO2nltNNuf90f8AEwXP0zX6x4VcOU+IsF4r5dOgq1XD8J47 H0m4qUqdTLcbluOcoPeMnSo1aba3hOUdmz1sqw6xMM1puN3HCVKi8nSqUp6fKLXo2dh8KdEP7Qf/ AAT18feCkX7Z4t+BXiW68T+HVBD3S6Y0D6tLaxZJIieyfWgAMZaBB2r8oomRpMTM4jQM0m1SWwqn CY/hLOFXJ6b89a/a7/gk5pulS6T8Q7u3u2uW1UjQPFehXLK8KhY/teg6jDFj/UTWb63bygkgtCmM biK/ML9p/wCGV38Ffjn8RvASLNb6dbaxc3Wjt8yLdeHdXddS0zgAb4vIljUjkboPUV+n+MPB+NzL wS8BPFqrRU6k8BPh7H1INTjJYCrXllFSUl9t4KNTC1btOEsIqe8Vf1M3wk6mS5Dm0ldum8PUa1T9 m26TfnyXi/8ADY8da7ibTmjLwpLLJJKY1aUhVge3S2gWJYyI22vdNvLHcB8x3AZxi+Mk5A+vfn2q qXHJz07A9MdAKYZD0/LnI9jX8rVOaryOSs4RS0Xb8Lttt2W7ufKt3t5Fvf8A7X/j3/16KtfYYf8A n+h/75P/AMVRWn1Kr/Kv/A4//JD5Z9vxPQPDlrrmu/CXwt8PfD9vENV+Jvxjufs++RbQagmg6Hpe nWKX1y33tPhv9ZvHy2UjZJGALV4Tfxvp99e6e8sEz2N3c2Uk1rJ51rNJbTyQPLbSgDzbdmQlWwNy kHvX1j8MxrGmr+yj4uuzY3WhQar8RdI0qxluLaS7fU7bVdavbp20+RSTYj7RYgyNwSdg5xXxzqer S6pqWoanPFawTaheXN5NDZWsNlZxSXErSvFaWlsix2tuGYhERQqgYAAr9b4syqjQyfh7EVHVWNlS oUYQnHlhHCrLcuxilFJ/bxGPryTu+eNpPlbd+7F01GjhpNvnajFJqy5fZUp3XrKpK3da+v7U/wDB ObURc/CHxTZhgzaf4/uWZQTlReaNpMqk59TG/wCVfld8aoTp/wAYPijZOApg8f8AitdvOADrN24A A9mFfoR/wTO1YS6F8WNHL/Nb6x4Z1RY+flW6stRtHYDtlrVAT7CvhX9q2zbSf2ivi1bFdgl8VT6i gxgmPVbS11FGXAxg/aT7+tfs/iNS/tD6Ong5mHxLBYjE4V+TvioJeWmF/A9vMv3nDeTVEtKcpQb/ APA1/wC2nifnjPIPufzBpfP+v4Z+prH8/IHPp3J/ECt/wn4d17xv4l0Pwh4Y0+41XxB4j1O00jSN OtUZ5rq9vZlhhjVQeF3Plj0VQWPANfzBQwFbFVqOGw1GVfE4icYU6cIylOc5yUYwhFXcpSk0oxSu 20kj5aMZTlGEU5Sk0klq23okl3Z+hf8AwTU1TxhL8cNQ8LafoY8Q/DfxV4Y1Gx+LVpfukOhaZ4Xg ie4h1/ULi4PlW89repGYSxDMZGRCMkj7G/a01HW/h9rafCvwrqXhn4IfBqTxDZeOvFvirVNcguvG /wAcdYvL+21WZtK0rTZGvNX0VZpI7aNCY4QYjvYRxBB8b/tC+OdD/Zc+GP8AwyJ8JdShn8Y6nDbX /wC0d8QNMkUXOq6+8QkHgLTbyM7k0ayDBJwG+dwVOC0oPv8A40sNL/bG+C3hLwBFbQWn7Q3ww+Dv g74ifC+4aQGf4geDZNFjTxL4Wiml+e51C2v9NmlhTLNuxgYLtX93cI1Vkfh7xD4NZbj55r4h5BFY tqFWFOlPEYlzqZhwnhMVSpSxPLGFHnxEaGKoLHZnLEZdRn7KtKWJ++wc/YZdiclpVHVzLDrndmkn KTbqYSE0uayUby5ZxVSq5Uou0nzfocHEgEinKuA6n1DDcCMdRgivmT4+fFHUdF8RfDD4QeD72S28 a/FDxTpkV3dWjD7ZoPgmxvUn17UoyAfJuJ7e2uYInPRI7hwQUBr1n4deJV8Q/Dfwf4onWaN77wpp d5qEHlyPdQXtvYJFqlo0AG9rqO+t7qMpjcXj24zxXyj8IPhl4v8AFX7Rfjb48fEm80ux1PSkuNE8 IeBLbU7LV9V8NaNeWws9JuNd+w3Dpot4NKN1i0cec019PK4QKN39CcY5nmuY5fwzlPDdOq6vGWIw 0auJp3hHCZY1HEY2v7X3VCtUw3NRw8U1VlOpKdJN0W19Fja1WrTwlHC03fHSgnNaKFLSU5X6ScPd it222tmfeRwSSOBnge1fB/8AwUN1GGz+B2l2bn99qXjvRVgAGT/olhq1xK3soXaPq4r7nr8nf20P jFYa38XNB+F1lKNS0Xwd4d8VP4us4WSSC81zWvD11PFpsu6NwJbO3tLGQttYxTTcYeM48fx3zPCZ b4aZ/hMViI4etxD7LLqF1fmq4qpGMrR3ap0VVqytqo03a7snjn9aFLLMRCVoSxFqUdnrNpPTyV5P yT6n5l+eSOvX6nP5HpT472W3kjuIZGjmgkjlhkVirxyxMJI5VJ6FZEU57ECsMT4HJ42jJ5549a/S T9jj9kf/AITcaf8AFf4o6cw8HxyLc+E/C92jIfFEsT5TV9UibBGgLIv7qPj7Wy5P7gfvP80OBuAc /wCPuIMLw/w/h+fE1ffqVZcypYaimuevWmruEIXSVk5Tm4wgpTkov8wwGBxGY4iGGw0bzlq29ox6 yk+iX3t6K7aP0s+C/ia4+JXw08FeNL22u7GbWtCspr2C6t5baZr6BDa3skKToC1nJcwySQyAbXjl VkJBBr2VFWNQiAKg6KOg/wDr186fHH9pP4b/ALP+mQRa9MdS8RXFsn9ieCdDa3XUZbdFEcM10MiP RtJUKFEkgG4JthjcjA+O9b/4KN21tqVhd6N4Vi1zQNU0OzubrSTeXOia/wCFfEETSRalptzevaTW +t6e+IZreeII2yRldQRtH+meZeJ/AXh/DDZFxPxdRxGfZfRoQxcqdOc6rm4Ri61SlS9q6bqTSnKj B1KtNVIzlH2V6i/UKma5dl6jh8Xi1LEU1FTaTb2S5mo3tzPVxV2k02ran6mXOr2nh6Fta1HULXSL PTgt7NqF/cxWdraxwurefNPM6rHGH2jcTjLAZyRXxj/wUb/aA17R9I8E2fw6P2Pw98Z/CD6xf+Mo Gliup7a3mbTdR0XTEeNWsXkKA3ExxIY5gkYUMzV8SfHX4vw+Jvg9F4rXwzN4O8S/HfXGW509/Emr a8t78PfBN0Gh1FIL9lh0f7b4ndVZbaGNJ00osc853/ijKfF//BPb9nnxNMzS3vgH4m+NfAjTyMXl FjqEX9qW8BdiSIxsXA6D2wK/KPEDxpxfFPC3iTwXwxU/s36vkGHzqGLo1KvtalP+0MJTlRSrUKFS iq+T476xUtCNSDm6SnKMfaT8jH53LFYXM8FhX7Plw8a6mm+Zr2kNNYxa5qM+Z6XV7Xsrv4LSXGAC MDn1/A/l/SrCSgYJ6fU8noM/jmsVJffOO/ORx/8AWq2spz17DA55/wDrc/rX+b9Si9bo/OjTaQ8Z yBz0zz/kH9KiaQ8479x6fT/PTioPMO3qc989D+R7cV6D4B8CR+Mf7e1LV/EVh4P8L+GdLl1DVvEO pxvLFJdssg0vQNLt0ZTf65eXCMkMIYYWOSVyEQ56MuyvF5pi6WBwNJVcTW5rJyjCKUYuc5zqVJRh TpwhGU51JyjCEYuUmkm1dOnOrONOCvKW2qW2rbbskktW20ktWefmT0JPsSR+pqN5MZ7cdCT364/z 2qu0nGcHGc5zzjJxkHoenrzXXeBPAniP4ka+PDvhuK0a6WyvdUvLzUbuPT9M0vS9Nha4v9R1LUJj 5dpbRQKxLMQGIwuScVWBy3F5ji8PgMDhp4vGYucYUqcIuU5zk0oxjFatt7f5ChCdScYQi5zm7JLV tvojlJg8Wzeu0SRJKnIO+NyQrggnqVORnIxzX1J+zj8FfD3jKHWPir8VdUt/D/wc8BXKDWrm5maG TxDqqJHPDoNqVG94j5kHm+WDJIZ0gjG9yyLN+zpb+NfiX4X8GfCPxIfFXg+58K2Wq658RbiBoNE0 pLG/1Gw8UahJJLFGqWcV/Z3CWiE7pgEO4qWYYP7QvxI8JXFroPwX+EpeP4V/Dqa5zqKufM8ceL5Q IdV8WXrA4uIy6uluTxhmdAqGMD9ZyThTD8HVMdxXxhgKGYZfk1R0MBhJVo1KObZkownFQnRbjiMu wkZqvi61KXsqq9lho1G8Rp6tHCxwbqYvGU41KdF8tODknGtV0ejjfmpQT5ptPlfuxu+Y6n9o740/ Cz4x+PIZrTS/Eln4Z0DSNP0Lwxr2jz+RLHpsFuJpobjwbq6LBCEvZZIw0FxA7R26Fi+Fx6F+wd4W g1X9pf4a2fhvx5Yar4eOtNqviDwtqkM2jX1/b6ZYXN6hk8P6l5tpqzxXEUREltNJPEQJVAVSR8F6 /rNpq9xZS2ehaZoEdppOnabJbaW140d9PY26wT6vdte3EjNqNzIvmTbCse4/Iijr9LfsMeJj4W/a q+EGsGKaW2h164h1EwoXMGm3em3kF/eyDPyww2zySSMSAqREngV7vBfFn9u+NXCWecQ0cPipY/P8 vnWxGGhVwtqc8ZQTjCMHDmoxhaHLiKVSpKinCU3fmW2Cxv1jPMHiMSozdTEUnKUU4ac8dkrXSWnv JtpWbP68TjJ3Ag89PX6GobiaC1gmurieKC2t4pbi4uJ3WKG3ghQySzTSyECOJY1ZmYkABSScCvz2 8U/8FQ/2RvDcV39m8Xa/4mvLZpo1stB8Mai7TTRMyFVub8QRBCynDbsYOeRX5SftY/8ABTTxz8dN G1HwD8ONKufhz8P9RVrfVpnuxP4q8RWh4Nre3duFTTtPcffghJLg4kkdeK/1l8QvpT+DvAuUYzF0 OKsLxZnEYS+r4DLK0cVUrVUvdjUr0efD4enzW9pUqzUlG7hTqSSg/wBdzHi3JcBRnOGMhjKyT5ad KSm2+icleMVfdt3tsnsePft6fH20+Pv7QPiDWdDuvtXg/wAKwx+EfCkysTFdWOmSy/a9TjH925v5 LiVT/c2CvjES84JB7dOPqOOlZYkI6ng9cZGP/r5/lXaeHPh58QPFyQz+FvBXirxFb3NwbSG50jQt Sv7SW6Gf9HS5t7dkaU4xt3ZzxjPFf4s8S5xn/iJxbnvEuNozzDO+I8VWxVWFGnOo1KrO6hThFSkq dNONOmteWEYo/EcViMRmOLr4mcHUr4iUptJN7u9klrZbLsrIxoPPuZY4YY5JpZXCRRRI0kssjHCp FGuSzlsAADJJwKlk82CR4JopIJo22SRTRvFLG46o8bgFGHIwQMVHb3eueFNcguY/t+ha/oOoQ3EJ liktNQ03UbKdZYpPLlUNBcRzopGQMEA4r7B8X6lpH7Tfw41n4jQabZab8fPh7CNT+JEWmWws7T4i +ClW0sYvF1pp9svlx+JLKdlOpbFQTxXAucZSU1hk/DFLO8Hm9KhjXQ4hy6Eq9LBVKdo4uhRjKWKj Sq891jKEI+1jh50lGtShW5Kqrwp0a00MPGvCso1OXE0lzKDWk4xTcknf44pX5WveSdndJP5EWTBH cnr+OT/Mf561KsgOPXk56dKyo3LlVQMxY4VQCxY8DAAGScj61YLFWKurIykhlYFWVgeVYYBByO/P HtXyEqLSulp3OU1Vl5H8+cY+uOea/af9m+2TxZ/wTJ+PuhIpmm0nU/FF6qKN7q9tDoWsI2O2Ft3P 0U1+JKynjJwOwGee9fuN/wAEvZovGHwE/aW+Gsh8ya8iklgtyQTs17wzqWnBgp7faLWH8cV/SP0U MNDH+KGY8OTt/wAZhw7xDliT1vKvltapFa7tujoj6fhKKqZpUwz/AOYzD4ikvWVNv9D54/4Jk/Ee ++H/AO0la+DNQS4ttP8AiRo11oNzaTxyRsmqWsJ1bRbloZACrFoJEDY+7dEg4NfS/wDwV0+E4Q/D 740adbEZE3gnxJNGvGV8zUNCuJyB1Km/iBPaNR6V5lB4PXwZ+3D+yNrsdoLNPHPg/wCHWqXSKuxH 1W10Wbw/qTY/56GaxUt3y/vX6+fta/C2P4w/s+fEnwYsPnai+g3GtaFhQzpregqdTsPKBH33a3kh 45IuSO+K/rDwy8Msz4p+jH42+D2Pn/aGO4MzbE1cpbjaSqU8Jg82wqhFt8ixU5TTSbssXUV2mfW5 ZltXFcMZ3k9R+0qYKrJ0dNbqEKsLLpzNtf8AbzP5E2fjg5x69eeuPyp4KYySwweCCB0PB78Z7d6q SBo5JIpU2yxO8ciN95JEba6EH7pDK2R6jFQGQjjJHoP69frX+WUabTs1Zp7H5Ze3Q6L/AISDVv8A oJP/AN+rf/4zRXM7z6D9f8aK6/rOL/6Can/gUvLz/q4+ef8AM/vZ9KaN9on8R/sVeH9AdYZx4ag1 xs3VtZxnVNa8deIZ9Xm869xH9oaOwCbfmaQxpGgLsqn431N5YdT1GKXKzRahexTDGCJIrqWOQEdv mU8deK9p+K3jXUovh3+zR4etLgW48L/D2XxLbTxWsdvdx6rqvjHXp7eYXap5kqRQ2Nt5ZD7Msz7Q zGsn9o2zt4fiO3iTS9Hg0nw9498OeF/GuhvZweTp+pLrWhWEmtX1miEqjHxCuqLOikiOdZF46V+5 8YYWjjcvrVMNNzlkssr9pG1oqGMyfB0rQgnJRjhauBVGdSU7VHWopQg1aXpYtKdJuLu6Hsb+lShT Wi1soOnyt315louv2L/wTR13yfiX8QtAaUAav4Ktb+OMnG+XRtZgUkA9SItSf8DXl/8AwUA0ptJ/ aN1q7KbY/EHhnwvq8ZwcOUsG0qZgc8nzdNbP1rlv2DvEo0P9pbwdA8uyPxFp/iLw42M4eS80qa7t 0PPObmwhx719A/8ABTvQmtvF3wu8VquF1Pw7rWgzPjGZdG1GG+hBYdW8nV3/AAXpxX6fSo/239Fr EU0uafCOeKTW7jGrOCT9G8xl93qesv3/AAlNb/UsR+bWv/lU/NHz/fnnsf8APr+dfpV+zbb2P7Mv wE8WftfeJLW3fx54oe/+HX7O+mXsas6avcW7w+IfHUcUnJhsrd2jhkAK+YrAHLA18FfBr4ca38Zf ij4H+GPh+NpNS8YeIdP0lXVWK2lrLKpv76X+7DBZJPI7HgLGSa+mf29PipoviX4p6f8ACXwFKq/C v9n7Rbf4Z+Dba3INte3ekqsXiPXiI/llurvV0mJccusS8nNfnvh9h48J5JnnifWgnj8qnHLsiUle +cYmnKcsbFO6f9k4NSxMH9jG1sBJ6Np+bl1sHQxGay/iUX7LD/8AX+Su5/8AcGF5rtOVM+P9S1m/ 1jUL7VtUu577UtTu7i+v7y5d5bi6u7qV5p55pWJLyNK7EnPO6vuvwTB41m8N/s7/ABu8C+MrLwTZ /CPSdb0Lxd4+8Q3yR2fhjUNF8V3mqWWjvY27m41v7ZpOsxR2lhDG7zpI0bbVDMPiLxz4E8ZfDbVr bRPG+gXugajfaVp2t2UN2vy3emanbx3NrdW8yEpKAsmyRQd0UqNHIFdSK9jt5Lu6/ZE1hI4okttH +PmkT3kiSy+dP/avgm7jtTcQmTb5aSW2EIAyZCTkivM4NjjMnzXiSGZYXE08wwmDqYlw56uGxMMX gcRh8fSlKoo+2puM6F6jXs6vs3N06tOo4zWOCc6NbEqrCUalODna8oTU6coVFd7rWPvbO17NPU/X b47/ABh/4XL+yjr/AMUf2Tk1OPUoPEAtvi5puiQtpfiPwZbTyXN/rfiXTNFgnkm0/SdRu4xLvjY+ RFeTksHD7Lv7EXge68J/AvSNd1Z7ifxF8SL+78c6xeXkss99dRahtt9HN3cT5kmc6Zbwy5dmO68Y 55r8h/2QfjH8QvhR8b/B7+A5Ir5PGesaZ4O8TeFr9Wn0LxV4f1y8isr/AE3V7InbNELeaV1bG6Nk 3Keor+njXfBmkNo0HiD4fwRp4btoYre40G1jRZPDawxrGltHbp93T1RQEwMKqgDjp/cfgxjf+IwZ nV8UMTKdLiLhjALK8Vl0Y8uCjUqSVR5nl0U3yutQUoYyg1KdGpOU4zdCpCFL77I6rzqr/a0m44rC U/Yzp2/dpuz9rSXTmimpx1cW278rVvmf45eO5vhn8IfiD44tJlg1DQvDd9JpMrKrhNZu1Ww0h9jg h9uo3Ns2DwduCCOK/nX8DeIbu4+Iuk6tq1zcapd6zqt5FrE11LPJc6s3iGG7sdSjuJ4z5hluRfzI XU7gZtwOQK/XT/go94wOh/A/SfDcc2yfxn4y062kjVsM+n6Hbz6vc7gPvR/bE03Pua/Jb9n/AME+ JfiN8YPAnh3wtAJNQj1/TNauruRWNrpelaJe2+o6hqd620hYI4YQAD9+SRIxy4r8S+kdmWYZ34q8 I8L5dz4mWUQwnJQhed8Zi6/PpTvZzdFYda620btqeFxPWqV83wWEptz9ioWiv55yvttdxUd/yPo7 9jb9mib40+KpPFPi6xmi+G3hC9RNRhmSSL/hJtbhKyR+HIWJB+yR/K96w6IVg+9Kdv6U/tSftOaH +zz4Yt9C8PRWF58Q9XsBF4Y8PoqfYfD+mohtotc1S1iwIrCIJstbcbfPeLAxEjmur+J3xB8Afsof B651CysLW3trFru28KeGo3SK58R+J9UmuL5xI6jLl7qae5vZ8HZErYwfLWv58PiD468U/EDxnrnj HxtNI3iXX7r7dfLLBNaJChRVtrazs5zutbCK3WNYUHyhFGOtenxLmOA+jtwTDg3hatDFeInEMI1c fjoRu8NCakoyTa91xXNTwVOVrfvMVOMZSip6YqvT4awKwODmp5niknUqW1gn1+66px6azer10tQv /GPxE8QajruoSav4q8Ra1fLLqF+6S3l5eX12zeTAuP4yEcQwR4ASIrGgRDt7zwD8HPFHjPxn4P8A Cs6w6PbeKbd9bk1SeaKW3sfCNhFNd654gke2LqIra1tb1GQkSLc2/kSIrnFGpfCHUtA8AeANdg1m 7u/iD8Q/7Q8T6N4C0YeZdaf4C0vTryYeKNVmimDWN3J9nupYVIwbRJHDbgyj3v4BeEdZ0D4QT+Ld M1efwx4m+NfjXTvhR4a8TwJLNqeieEUvYG8Sz6BbQsHbUdQ1eS1s1cGOOOOznkeVADu/nfh/gzEZ jxDQo8RYHE4iTpLMcXP28G50mqFdUqkmm418V9YoUW6tanKjUxdKrWcY3PnMNg5VMTCOJpTnde1m +Zax92Vn2lPnjF80k4uacrGL8bPC3jn4hyaP468NeFNZj8AWsA8EfDDw3Bo1+2oW3w98KqljpviW 7EVsI4IdR1OS9c+YUmkuJJCqtGA1e+eNdH1Pwb/wTZ8E6R4htnsNW1r9obVdQtrOWWGRxawaCQ0g aCV1+6ybgGJVjtcK4ZR8hfG/4i6h428aReBPCOp69eeCfB9xZeDPCGn3N9dXN1rl3pAGjv4l1IZz d61f3iyyZbPlpMscYUAg/U37clxb/DH4e/s1/su2k0Z1L4Z+Bj4s8eQxNk2/jHxuU1CazuAD/wAf ENuxznnEwr7rD1cpo4Xxu4ooOtiFSymGUSxM6kPq+JzLM8bhKU6eFpRppxpexwuNr4aKq2p4XDJe zSty+lCVGMM9xcOaSVFUedtcs6lWcItRVtFywqSir6Qjt2/PVJQeM4Axzzkn/OatLL3z7ZGD/ntW MknT8hx+HOTVpJcflyTjB6Yr+Yp079P8z5k2VkyCO3X8jnI9RW1capqg8M2Gkm7kGjnWNR1SKwzi FtRW1sbOS9kUf61/s4WNSc7AHC43tnr/AIe/BX4pfFCK0n8C+DtX1uyuNSl0x9Vji+z6PbTxxwyu 11qVyVihhVZQWYMcbcYLcH730z9hHwH4Y0ODXfjF8VYLCz8MaZJqPjCx0FrSzgtJbi4eZEfVbtnm SDyFihjxbLLPIp8kcqK/Q+DvCjj3iyhi8Zk2T1MNlapJzxuJqRwWDdNyjOT9vXlThVhGEZVKkaft OWMHJrRJ+ng8qzDGRnOhRcaNtZyahC2jfvSsmktXa9kr9r/Dngr4O+I/ib8QNB8GeE7doB4m0u01 2LUZ4Z7jTNF0y5s5Zbi81KW2VjDZxX9vc24JO4uqoAXOK/R/Xv2c/Cfwr+G+geHNZ+LWi/Cvwdf2 Tp8Y9cggNt4t+J93A6m30zTbi6meS00ICW7j+zwRsZEaN5I3YkV4nqP7b/g/4a2ln4O/Z9+F+n2X hzRok0uLxD4okmOqanpsVzcXJMcEJ84bri6upka6nkIe4LmFcla+AfGvjjxT4+1678Q+L/EGqeJN TuJZGW71S5edoYmclILaE4SzgCYASJEUAfdFfo1DOfCrw2yvH0crpR8RuMs05qVavTnisHl2DpNU pVMPQrR9lXxVGpOM6VSpRVD61hpzoSqQozlCr6Kr5TltKoqUVmWNq3UpJzhSgvdvGMlaUk2mm48v PFuLai7P7B+P37R6WOhJ8F/gXFpHhj4PQ6YlpFrPh+5FzqvjHTpgxukv7mSNZ9KikumuRcwSqtzK 5dpXMbgN8HswxgDjp8ufzIx0prP1+u4dj7fjgfpUJfPXtzxnPt+tfkHFXFWb8Y5o8zzar7tKKpYb DU7Qw2Dw8f4eGwlGKjCjQprSEIq9tZynUcpy8XF4yvjavta0r20jFaRhFbQhFaRitkl823dt7P17 /mD+JP4V9MfB6QeBPhd8Xvi9JiLU306D4WeCZSxSVNb8ZRTHXr62PXfb+F7a+QsPutqKHqRXy67j B7jHXnt7Yr6V+M8g8IfCv4H/AAwhdVuH0C++J/iWELtk/tfxtcBNKiugPvNH4c07TmTPQXZxwTXo 8Hx+o/25xHL3ZZBg5ug9v9sxco4PDOL6VKPtquMp21UsLfpcvBfu/b4rrhoNx/xzahH5xu5r/AfN bSH1z3JPf1phk7Ejrn/6x56VWLFjhQSxwAgDEsTjCqoGSxOMAc5omSaCR4Z4pbeZCA8c0bxSRkjc BJHIoKHac8gHpXycaTtzKPup7+fr8jj6Mn34zjpjsR7ZHJ+n51+13/BIH46Xlj4z8V/AfXtZd9F1 7S38TeDdMu5UNvba/psqPq0FiJPuSz6eRKVXq1iGAyK/EUufpz/+r+Y/Kuj8I+MfEngPxLovjDwj q95ofiTw/fwalpGq2MhiubO8t33xyIwHzLwQytlWVirAg4r9L8IvEDGeFviFw5xrhozrUcrrWxVC nPleIwdWLp4mjvytypycqan7qqwpyfwpr0smzKeU5lhcdC8lSl78U7c0HpKPzTbV9LpM/Zz/AILD fBzRfDnif4efGPQ7C20+fxguoeGvFTWsSQpfarpMUN3p2ozrGoBunsZpI3bGXFqpYk5NfmN+zd8S 7T4W/GPwb4n1aM3Phya+l0DxZYmSRVvfCviOCTRddgdYzmT/AIl95KwU5BaMZGK+ubj9rvxD+174 ebwB8ffD1h4x1bwjHN4q8C6R4YuT4Km8WatZ2Mlvqem3l5bwz7tRbTy89vFCkYmeB4VG5464r4s6 p8K/hBcfD7wx4L/Zt8MT+PPEPgbQ/EPiK28Xa/4i8b6jpep688t9pOn2+lW1xbrb6iNPaxlZSrsV uEBUfNn9l8TJcN8WeJGZeN3AOd4fIOH54nAY2FPFYTGfWf7Sg6NOtSdDDYbEYZ1q+IpzxEqMsSpV KU51pLkmm/czSWGxmZ1c9y6vHD4ZypzSnCfN7VcqkuWEJRvKS5mnPVNyejV/VdE/ZC1H4Z/tBz+M pr3RdW+EHw48U6x4v1WW01a0udY8OeGdJsZ/E/hKfxTpV3Fvt7PUbQWCwyiKRJfNKDEnyV8i/DSD wt8QPih4u8X/ABDsp7nwVYW3izxlr9hYT3FpPdy3P2k6JpNlPaxlknuNdvNOiTAGQ5zwDX3r8Jv2 6PCUur6rpv7UvgDwrpviLxPoFh4DuPGPhXw5HNqEPhW3ureIeHviF4WkuxDdaRHbwxICoW/jjTCs pUY3fHnwEi/ZzsY/Fnwz0ZfGnwz1u91r4zyfEvSIv7W0FNE8N2wufh/4Gb5XEBi8R3nmzE4+0R+U smDC6r6mZcA8H57gMs4g8O8RSxnCeQ5jjMyzfAV6Uq2MwFTESoUcBTxmXyjGf1CMaCddOdTDQhLE /wC1yU4U6e08Bg68KOIy2UZ4OhVnVrU5K86blyxpqdNpNU/d97eKTl77ukvx4kkXz5ykbQL50myB 92+FA5KxvuGdyjg554r9f/8Agj34rsLD4ufEjwndXMi3XibwVb3enWojDW9y+i6kkt0XctlJEtbl yowQwLelfj/q91qVzql7f6tBNBf6pcSapOs9s9q0jai7XYnWF1XET+duQgbSrArkYr6//wCCf/js eBf2sPhPfSTeRaa1q8/hS9Zmwhh8RWc2moGOeQLmS3PPdRX4j4CZ7DhLxv8ADrOZvlw9HN6GHqSm uS1HGSeCqylFS91xp15StdqLWt0mn4nD+IWDz3LazdoqtGLb092b5G7ekrn68fta+HoPCf7Qn7Cn iGCJYIrDx5deETjgLbx6zZzW0YPZR9qlx2+fiv1mZVZWVgGVgVZSAQykYIIPUEGvkX9rXw58LtRs PhDrvxOk1fS7fw58XPDUnhzxRpVxDCnhzxFqMjrp02srOhWTQZ7q1ghucEOgdXQ8GvrpSGAIIIIB BU5BBGcg9xX+1PAPDq4e4+8XPZ1qEsJneIyXGU6VOf72lbKKOBn7alZOCnLBc1Ka5oVI8yUuenUj D9uy/DLD5hm/LKPJXlQmknqv3KpvmXS7hdPVPWzuml/IJ+2D8N/+FS/tG/FLwhFA1vpqeIrjWtFR lKqdH14DVbEx8f6tY7opn/pmR2r5mLsTgdfzOPp+FftV/wAFY/hPaXXxb+EXjWTU9O8NWHjbSLzw lrHiPVhcjS7G/wBCm+02dxqD2cMkix/Yr5EyqMQIs4wDX5CeO/h54n+Hl3Y2+v29u9jq9qNQ0HXd OuotQ0HxBp5Yp9s0jVLcmO6jDfLIoIeJwUkRXBA/xW8d/DjG8EeKXiPl2EwEo5JlmZ1J05QScaOH xyhi8JGajrTh7LE06UJyUYTnGUIScoyS/E8/y2eBzXMaUabVClVbTWyjO04X7K0kk3ZNppO6OL3r 6/of8KKrbz6D/voUV+K8i7s8M6z9o+y1LRvEngDSrqzvLPS7D4NfDG28PG5jdIbrTv8AhGre6u7m ydkXz4DrF1qIdwBmRHB5BrT+IOk6x4p/Z++D3xN+02FxZeDV1f4UaxbQ6hZSXth5Ws3+ueFpp7GK XzYHuLO91FMOmdunLKTtkFdT+2Rpeu+L/wBo7x7YeELTVfFGn+CfC+hJcafo+m3Utl4J0LQdCsBq FgoG5ItMspJlMsqlUEl0wPzZz51+zNJo3ivxPr3wc8US3v8AwjnxZ0G80y1a0eLfpnjbQrefWvBu uxRTHElxHe209tgFTJFqjxHKtiv6WzHLIrjvi7hycZywuf1sRluGqymoU/rVDE0vqslJRlCVL6zQ p0JK6dKjVfM1KLT9mrTSzHG4Sz5cTKVKDvZc8Zrk6NOPPFRa+zF6u6OO+DHi0+Dfi78NfE+/Ymje NvDl1O2dqi1bU7eC8LnuPsk0wPsTmv2F/wCClHhk6t8END8TQx+ZJ4Q8b6fLJKASU07X7S60yUgj ohvBp344Pavwbkklt5HQs0c9tKyjjY8c0LkZK5yriRM47EYr+jjx5Anx3/Yxv7i3Q3d54o+EGneI rJEw0ra7o+lWusxooHPnf2npskfrliK/QPBPDPPvD/xf4JcfaVsTgo4zDw6utSp1VorX/jU8Ku+q PTyBfWctzzAWvKdNVIr+8k//AG6MD4J/Yijg+Dvwi/aL/a71OJEvvBXhdvhn8LpZBgyePvHERs5b u0LfemtdNcscchZj718vfsteCT8W/wBoTwLomqhr6ybW5vFfiNpSZPtNhoYk1q7WcsDuWa7igibP X7SQetfSf7Vsx+Df7If7KH7PVsTa6v4t0q/+PXj+3B2SS3/iVvs3hqK6QHOY9ND4VhxtBxVH/gmF p8N58Y/G+qSKrS6T8PZY7dm+YxnUtd0yGUr6ExQsCfQ+9clLIqFbjnwf8LqsL4Ph2nhMVmFN7VMw zFU81x6qK2soYZYTL5J6pYSxCoRlmOR5PJLkwqhOqukqlW1eon5qHJS/7cP0+/ab/Z/0b9oH4fXW iPFbWnjLRUuNQ8Ea66hGsdT2AtplzKq5Oj3YRYpk6IxSZRuj5/FT4UQ6tP4d+PnwA123m03Wr7QJ /FOmaZdgRTWvjj4UXM+p3enkMuWln0JNZiGDtPkIRkHNf0bFl9R+HNfk1+1l4e0v4OftT/Bv45pb pD4a8dakuheO1VE8iS4SBNB1u4mXGM3PhfVVZz/E2nu3UnP7v448BYJ4rKvEHDwjhalGpDLs4klZ Vctx6eAnWnbeph41+RSevs5RbdqEEfRcQZfTc6OZxSg01SrtfapVV7NyfnFStfs1/Kj5K/YO0BPE 37THgiSRN8Ph2z1/xSwxkCXTdKmitHPbi9vLcj3Ar+j3w54n1Xwxfi+02bAYbLm1l+e2vIf4obiL o6kZwcZGcg1+Jn7Avgg+FP2nfjjo0qof+EH0fWtBtpFJePyLjxbawWksUn8SvYWiMpPJV8+tfseW AHUe3fn8K9b6MuUYjh/gGrVV8Pj62aYycpJ2lGVB08La/wDdlQlp5tdTbhOjPDZa38NSVao36x5Y fnFnyr+2/wDA/wAOftW6r4U0j4V+L9H0/wCKvgXTLvxPqvwKv9StdI1XxZomuXMMd5qHgzUb79w+ rbNImSKF1ZQDudVBAbmf2RP2dB+zx4M8QeJ/HWmXPhvxr4me7vtWj8RCKHUfCXg3TpZp9N0jUJgq pDciCM3V8yYQyFF6RCvm2TwPqXx0/wCChninVRc39l4V+Cx8MS6tqFhcXNpI9zomnWj6ZokN5bur RPc63NdNIFYZt7Scdwa/Rv8AaO/ah+Ffhj4ea34U/aD0S88XeE9fsoPDGq3HhyWODxjGviJZlj0+ yaCVZGvG0y21C73PsjENpl3JkUHuyfCcIZ3xTxv4vZ7l9HhrOMkxeOwGDxlatP8As7HSwcPqixk6 SpVKuCqKNJ4aVTDurh5L2tSOGpVIOU9KEcDXxeYZ3iKUcLWw86lOE5SfsqjguT2jVm6bSjyNxvF+ 81CLTv8AhJ+1T+1Br/xz8a6zY6VqEsHwv0u7Nj4Z0f7PAov4LGUY12+kaIym6uriMzKm8LFE0ceM 789j4E0Tx/4z8a/B/wAO3eoSfEPwz4z8N+HPH/jW38V6boeuXGgeGotel0bxO0OsahbyXFtpUVvp YO23kD20VztZEdXNemSfsg/srfGxo7r9mL9qPR/C+pT2H21vht+0BE/hbW495MyCz14Qx29zC0Ms QTasu7buEjBhj6H+Gv7C/wC058OfgZ8X9N0vwx4e8UfEDWdIh0L4deJPBPxH0W4kk8H6/fQ3XiO1 02ZZM28Ruo2uQGEZnW6miWVCcn+dss8PvEviLirNeIM6w1bizAY6NTFzxuS4qOZYarHCc2KWCprB SxChGvBTwlDDYilB03UjD2ak0fMUctzbE4yticRGWMp1E5uph5qrB8nvqC9m5WUleEYTirc1uVM+ WvDkf/C0/wBpPxV8PNY8NfDuG81DSvF2j2PjXS38TQ6LYeB7fQojoc1iNP1OKKHSYfB0KR21wIY2 f7WPNfDMT7/qPxa0z4fWF54ni8N5+DXgN/C0Pw80BLsQ39mbKa8t/hlqltpD582bUZl8SeIL6S9k Q3Vr/ZjIVZkz9E/A/wDYb+JHh34V6vqXjPw/ZeGPjD41+Glz8PtSvvEfiHRF0zQdC00XFhpjaith qImlt7u1Glx3jxO9yY7NU3RnC1U8f3f7IHwB8MHwN4n8b+HPij438C6fFrOsfBvT/Ebaf4N8ReNN D0K0TSbfxR4gu7SSbXLOxTSoYbDTDKdpZI7j95tWv0fL/D/irhzIK2fZ5icNwXiM1liMc8ZmUaeG qwddOWCwFWhOkq+Mq0Iqpi8Xh6NKrWrScIeznVoR5fWo5djMNh3iMROOAnXcqnPVSg1za06bi4qU 5R1nOMU5SelnKKPkz9nfwNY+ArPXf28f2krG1tdFt9X1HWvhL4HuLSHTbj4o/Em8nmu7O70/RwB5 Hhm0vHEzSBfLygxuC/N8CfEb4i+I/ip478U/EPxbete6/wCK9Xu9Y1GZidkb3MhaK2hB/wBXbQwi OKNRwqQqBgCvU/2o/jl8Qfjh4j8GeJvHGo6YIJvBdlf+H/DHhzNt4Y8JaRfalqYsdF0zTEPl2ctv ZW9tDLhQ5aH52Y816B+x58B9M8fatqXxW+JBt9P+EPw236nq1zqZ8mw13U7GI3a6e7PgSadbqqS3 eM7iY7cAmUgfzXndKrxlm2TeFvA1Or/YWErzxdfF4u1Otj8bVpRljM6zKzlGhRoULxw9DnqLC4dS XPUxGIrSqfM1k8bWoZTl6f1eEnOU56OpOUU516u/LGMdIxu+SN9XKUm/T/gB+wnqPxC8LWvjv4oe JL3wJoGpwx3mh6VZW9o2tX2myAPHqd/LqDeXpNtInMSMjyujLIQqkA/Vvh/4BfspfDr7Uy+DdV8e y2DC4ufE/jW5MHhSwmhhaWG1bXtZksNKDSNj5I1uSWZd3Ar4w+NX7eXxI8Wa9qGl/CnUz4G8AWjG y0eS102yTxBqlrCoiF9eXN1HJ/ZyttzDDAEMMZUMxfOPjzxH478aeNZRP4w8WeI/FEiv5qf25rF9 qUUchBG6GC4maO34JHyKoxxgCvoq/HPgzwFCllvCHBceMM1y29OrmmYUaU4YqrG6nWw6ryxEKdOU r8lsHH93ZJ3/AHj63j8jy9KlgsCsdWp6OtUSam1vKPM5JJva0Fp95+q3j/8AaysNGCeGtL8ceF/A HhmzjEUfh34I6TF4x8VC2UErYr4wvoLXQtCkZQA72cV08RbhmYc/AfxQ+MeqePBPoekQT+HPAiXv 2630B7x9R1TWb5SwGv8AjXXpQJfE/iJ2Z3Mkp8m3Mhjtoo0GT4TG2OBgDJ9uemB+Nd94v8L2fhW2 8JqutRapquu+GLHxLq1jb27JBoS6u0lxpNh9rZz9qun0c2k8w2J5L3Ij+frX5RxZ4lcacb4bHTxO J+r5Zh1FVIQqyVqdSSp06EVOajGEtHPD4KlQo1VT9rVoNUVKHmYvNMdj4VHOfLSja6Tez0UVd7Pr GCjF2u46XT9D0Cwv/B/j3xDfC+WXw7F4ah0iS2eJbZtV1vVzbG3v1dSXhbS7bUXTYVKvbjqCRXBM eOfXPJxnGOmPoK9u8F6e0fwa+NGv6lpcl1pLy+BNC0i+PnRRW3iyTXJr2GaKRMJPJDokeqiSNs4G oRnHII8LJ/IfXA/PtXxOaYKGEwPDdVUlTqY7BTqyspKU39fxtKM5XSTvCnBRabXLGOvRcFWHLDDO 1nUg297v95NXenZK3kj6A/Zb+G3g/wCMXx5+Hvw08dahqemeHPF2qS6Xc3WlTQW+oC4azuJLGGCe 4idIjJeRxISVY4c4Ga/Yz4kf8Ebvh7eaRcy/Cr4leJtF16KFms7LxfFZ6vo95MqkrFcXVjBDNZKx AG9UlxnO0ivwP8IeKtX8D+LPDvjHQbhrbWPDGs6frmmzbmAW7025juYQxU52F4wD6gmv7Ef2Y/2g vD37S/wk0P4maDaz6dNNJLpHiLSZ9pbS/EdhFAdStYnDHzrQvOjwucFo5VyAQa/tr6H3CPg54k5T xZwNx3w3hsz4rjU+uYStOdalip4GVKnSqxw9ajUpuLwtaKqON7tYhS5ZRjPl+54MweS5pRxmAzDD Rq4xPnhJuSm6dkmoyTXwSV/+3tmkz+S/xR8CviF8PfjNY/Bbxzokuk+K5fEek6OIP9ZbX8Gp3sMN rqOnXKjbeafLFJvjkXgjrggin/tNeI4Ne+N3j17V0Ol6HqaeEtHEZAjj0nwlaweH7BYsHGzyLAHj jLGv6c/2p/2arT4t/ED4DfEbSrS3j8UeAvGL295elAHudCm0+/v7KO6YDMkVtrVrA6DqBdPjrVf4 Q/8ABPP9m74ZWgvdd8E6b8SPGl5PJqOseKfGsA1U3Gp3Er3FwdO0mcm3sLPznOxTG74ALuSa97Hf Qu4vqZrxLwhw1mVHC8LTzOlioZjj5S5nhKOEvhKKpUKcpVq8KmOxVKrJRp0nLDKo5Q9pCBvU4Hxz rYrBYWrGOEdWM1VqN35FD3I2im3JOpNPZPlvdXSP5tvA2meGvgemi/Ez4kOmpeMNR0Ua98LfAGnN ZX1/ZXl3DL/Yfjbxzb3i+Tp2lQy+VcWdlIHnvGRJDGsSkt88eIvEes+LNd1bxN4ivX1PXddvrjU9 W1CRY45Lu9unMk8zRwIiICxOFRVVRgAADFf2K/GH4D/snz+G9f8AF3xf+GvwztND0+we51nxHqWl WWkz21tbW6xR7NTsxFN56wxRxwRxuXJVI41PC1/IF8TLrwTc/EHxlP8ADiyu9P8AAcniPVT4Qsr+ Z7i8t9A+1yDTUuJpPmkk+zCMktzzzkivx/6QvgzmXg3g+G8nlxJl+PyfHVK1SjhMPKtDHTqRhCNT H42lUjySU7KlSnGfJSV6NKH8WpPw+JMjq5HDC0JYqnUoVHJxhHmVRtJKVSomrO+yd7R+FLdvjS31 BzzjJJ9j9MfrQG9cnjuTjr3qDdyck9++fX/P+eE3ZweR68/TJHP/ANav5gUH1PlD0L4Y6fqus/EX wNpGh3FzZatqPivQbPTruzZlu7W5n1K3jjngcHiRC24Hp8vPFfoZ+0f8Q/CniDxJ8R/iH8CNFuoP iX4Y1lPD/jnxZPqEo8T6TpXh+AaB/wAJT4Q0e2/cWulXwgjW8uE8ya0lAKGGKZSPmr9iqDSbb4xX njTWohcWvwv+H/jr4i29s0rQtcar4e0C5fR1SYA+W41Oa2cHqDHwc4r550Tx54i8PeLT400a+ltt Ze/u72WR8TxXi38kj3tnfwy5W+s50lkSaOQFJUkYMCCa/XMhzl8LcB0KdVp0uMsyruc4QhPFYKGW 4enSoY3Byqe7Sr+1zDER5oOFScKMoRq0XKFWHs4ev9Uy+Kl8ONqyu0k5U1SjFRnBvaV6ktmm0rXj oypp8Oo+Jtds7NXuL/VNd1SC3EsjNPdXd9qN2se93c5llaabJJOSWyTmv0I0j9qTxh+yf8XvEfw1 0S4k8e/B3RLKDwD4r+HGuXZk0TxDBb6ctp4guLIK8i6bqT6hcagVlhypD7XVlJFeNeBdP8La14hX 40fDuaHw/rHgux1HxT4g+HKW/wDaFxp2u2FnNNYX/he1lDnUfC02oNGZFIaXTwxEm6ILKPB/BXiT QD4gv4vHVsbjSPE8pi1TWoUL6z4eupLr7RHrulSHJM0VwcyxEHzoS8fysVdebJcbmvAjy/MMjzv+ zc9zbHKrhs0pVL0Hg8PSnHkmnzc9HGV8TyYuhiqSjTWG5MRSlepGM0KlXLvZVKGI9liK1S8aqfu8 kVs11jOUrTjNactpR3R9ofHH9n3RfiD8PZf2nP2eb/xTr/w+tltLHxt4A8Ui5uvGfwsnRUt7Oyiu GTGu+Eo4xHFbXEX+qjRUcAKSPiHwrr134V8UeHvEVsXhvPD+uaZq8HJSSObTr6G6UEYyrb4sEfga /XX9iP8Aazj+Gvibw98A/jdq0Unga6ku7T4e/EJGB0S+0fXpiG0bXvPKw33hq5kbzIriUGfT7pSj ELvQfGP7TX7Lvir4Z/tOX3wr8OQf8JJH411ZfEXgMWciyS6j4f128mubRXeQhGniVbiN9rEHyNwP zCvsvETgfLcz4e4a8U+Am5Zji8XRwGe5fQounLLs8ko1KNSjhlWr1KVDH1FU+rxpyqUHUp82GlTh WjhMN6GY4GlVw2FzbLnepOcaeIpxjZ0sRo04xvJqNR35Um43V4tKXJH+h79qu3i+Lv7GfinxHpKf aJbjwV4d+JWkbB8yzaS+meJsrx8rrbR3IP0Ir6l+H2tx+JfAfgvxDE4dNc8KeH9WV1OQ32/SbS6J Bz/elNeJfA2O58afAq+8C+ItHm0gaZZa/wDDSSyuo4Y2m0mzsW0W3ulgjc+VC9u7BAwU4i3YwRW5 +y5pnijQPgZ4E8L+MtLvdI8Q+ErG78LXdrfpsnktdD1G7sdKvFGTugm0mKykjYHBWQGv9d+GZ1sV xhlXEvsZuHF/DWHhiKns5whHFZVi3NQnde5Oos2xHs4yd5RoTtfkZ+xYVyljaOJ5XbGYWKk7NJSp TvZ9m/bSte11F9tPlf8A4Kn+BrTxT+zOfEFxFM//AAgfjLQNbnktlRrmLSr+Z9G1Uwb+PM8u8gIz 8pMYzxX5afBT4QW/xI8M33gKbX7bxX+z3r07P4e+Jdzpwh8Q/B34jagtounaVqNtO4NpdX0qR2s1 rDJJa3ImW5R1MbMv9CP7QXw9X4q/BX4k/D7MSyeKPC2oafbSTYEUN4FW4s53LcKqXUMTE9gpNfz3 aH8aPF2nfGbwZ8AP2eT4T8M+C/AHiCz0S58RvDZSDxedIuYo/E3i/X7jUpWtp5rlkvRGEQO8LxQo WOyv5I+k1wvw/lHjDkfGHEOEnicp4twGEy36vhoSqYvMcbHEV6NTBul7WnSng5YOdF4uVRwqQlDD fVa9Cu4VI/IcUYXD0c5w+MxMOejjKcKXLFNzqTUmnC11FwcGue9mrR5ZRlZnm/8Awxtcf8+3jn/v 1oP/AMsKK/Tbz9U/6Cenf+C8f40V+VrwF8O9P+E2t/4FDy/6eeh5X9gZb/z6l+H+f9fn+VX7Vf7X y23i/wAR/C/RPAGi33gm80pj4pOq79N1fxTN4n0vTNe06e11rQVt7vStPt5JrMvCZJPthtcTMVIA +UfDnxY+A2mah4C1mL4S+LvA3iHwJrum63H4g8H+OI9abXmsdYh1JodasPEmnL0jWRIpYZUdYwsT B/vDjvj1qV54qtvhJ8TtSvpr/V/H/wAMtMXX7qaHymm8QeCdQv8AwTqF00igLM88WjWczFcfNMxI Ga+e/O75HfPPJr8V4w424hxXFWY47EVqGPpznGphfb4PCTdLC1fZ4rCxoydOdSgowdKbVKqn7Rzl KUpVKjl8jjsxxVTGVKk5RqJtShzU4Nxg7TgotpuGln7slrfW7d/tLxt8CtQ8W/F/4palpeteGvA3 wyi1tfFNp498c3raF4WbRfGT2uv6Ra6XcCBzrGqnT9WLpZ2okfbasGKcV+yf7Aur+EvGvwi0LwT4 Q1TWPEOj+DfFuq+A21PXrWzs7vVLd7xdSS7jsLWRxaaVLbaq/wBmjdmlEKASnduA/Cj40+JdW8Tf DX9nG+n1q51LRdM+HeqeFYbB5ZDaaVrvhnxNqFvqEYjbAF4+k3WgMzkFjGIwGKgAfpR/wRS8XLJ8 WfH3gC6kJt5NIsviBYxlsotxoPn6ZqLKOzmLUdOPv5HPQV+ueCmZ5Vl/jPlWUYLL1QpcXKUa1ec2 21jqVPMKNClTjL2dOjTlyUot+0q1GlKUqak6Ufc4fr0Kef0KEKdo47SUm9f3kVVjFJaRinaPVvdt bL5c/wCCnHi6TX/2xPiTo8cJtNL+H8Hh7wBodkoxFaaX4e0SyjhSBOiws8zuuOMSVq/8EzfFdvpP x71bQLlwh8XeBNWsrQsQoe90m7sdZSIA/ec2tveEd/kNbP8AwVT8EvpXx1034m28LLZfEvSp1vpg uEOv+G7g2k5dxx5j6TcaWeeT5TEdDX58fDL4hat8LviB4S+IOiEHUvCmuWWrRwlyiXkET7L2wmYf 8sriye4hb2mJxXwnFGZYrg/6QOc5/madRYPPauLm0rOWDxNZ1Y8i/wCwOslFLRaJW6edjK8sDxNX xNbVU8S5v/r3KV9P+4ctD+nXUfiJcyfHnwx8KdLkTyLb4feIvH3i8hVZ0hk1HTtB8K2Zc8w77qTV Z2xgsLeMcrkH4w/4Kg6tpdj8LPh3ZXVta3mo3njm9nsIJ5Jo3S3tvDmoQXd1E1vIrjy572wPXaW2 hwVJB2v2PvHtt8Yvip+0v+0RLHcWPh++n8LeEfDov1xPpnhrw9plxqc8MoVmCOIvss0oU4LyE8k1 +ev7cHxbt/izrvgvxFdyapYTyR61LoHhWa4tAnh74ey3Vsvh3VdU0tR59v4o1tYp9UPmlVXT57GJ VO3ef3zxH41o4zwn4ixvtliXxficRHARl8KwOGxtDCRqpSTXLOFGNaMPilUxDny8sarj9JmuYRnk uJqKXM8bOapJ7ezjUjBS7aqKkl3lfVJtfoj+xXqnh/xh4y8X/EPSrC7gv/FHwl+FK6tfu9tFbanq ukLqPh3Xp5rGKMtHq39u+Hr5ppTMVmimgcRI5dm/RUEAgnoCCfp3/SvzY/4J1WN74b0D4q+CbprX U7Hwr4l0K78N+JI7ZreXVvD/AIz0KLxFabVfJWzaMwXCJuZUlvpgOeT+kJc+gx781+p+EsasuA8m r14KGKxUsVUrpRUUsRLF1vrCXLdNKsp2nd86tK7vc9nJFzZbh5zX7ybm5WX2+eXNto/eT1677ni3 hHTNB+D3gXxp498WJbaTe6nf+J/iJ8QdWPmT3Ege9v72zgnkUM8/2XR2tLaGJAQrApEvzAV+Y/xP 8K+LPjj8Q/CngyfwbqPi3xcvh3xD8ZvFENr4in8IeDdXOvvE+iaLFqN5pTXL3Vr4UsfCmkow+zeT NPIkiwu8kh+tP2r/AImadrfivwF+zTYWy6rqfjbXvCev+NLNIpbgR+DdP106pNpZSBgVvbtNGkYK T80ShSMTZHwza/EbUfCnivxXqknii4+KOoeL5/H1l4yuLnXjH4V+HOm+ItC1QWfgqHTNLv3uNI8T yXFvZ2VzqcDS6ZAsUVtaSTyIXH5P4l5nk1arg+E3K/DeUVaOHxUqapS5sQpwxGKhOE6dWM6yTwrl Vhh6rp+3xjrqMHK/j5tVoOdPBX/2WjKMZtKOsrqU0007te421F25qjlZHz54Q8P6VBoXxOn+KnhG 6h0/4c6honiLTNNtkdme/m8QPoVz4Ai11Lp3j0e7a6tQ8gnlMMWkSSxN5zAt+hv7Efw31TX30H9o rxN4q1S01DVI/EVv4P8ABmka/faRpV3d6RdT6Sq2+hpdJCmg6fodl5UMBLxt9qMsx/coX+Lfhj8C W8Y6L8VtS+HniCK7+H2pfDOZpIPE7XGna/oviIyab4r8OaVNbLbeV4juS+j33kXVh5nmxRSNLFDJ mOv1d034L3Vxp3w6j8ReKGs/hN4I+H+jtZeDNBVNBn13xTdL5zT6lqpkj3wy2U9raxWiuvmXLtIW VmXP5/4UcJY6WYYDOquSfW8JlVJToJVaahXxX1+r7PGVcVFRVShgsLCUabjSqclS8FRb5qT8zJMF UdSniJ0OeFGKcfejaU/au03NWvGnBNK0XZ6KO8Tovil8fPBXw18Ia58U9Y046lpWt6xoGneFvEL6 xHrc3jTVbkv5kkNpHP5lv4d0iSymaSEyBZlsZTBGcxu/4ueOfBWmfEfxJ4y8V/D2407Ttdm1LVNa 1z4U6hqclx4h+1TMNRu774fXRgI8a6DcfaTc20Y8u+iikKNDKiCU/anizwh8Y/2jfh14x8LeKvh9 pfgvwzo2qN4j/Z71C317wpDpfhpNFtodHtvhz4kaw1R40OpaNOhtLhiT9sLbj5RUj5OsPhv4M0gP Y/EfX9d1j4g/Ce2lk8SeBfhtbw2mupo9vPFHY6ZJ4r1mWCOfVtM1G5X7RLpsF7JDYzgoXS0Lji8W cbnPF+Ky2ljcqS4XlSdWhVxNL+zav1pzq/W5QnUpxq83J+/w9JQxHt8HCNSrTq4rmnTnOqmIx06S nQ/2RxbjKa9lLnu+dq6Ur296MbT5qau1Keq9P0X9kTxz8V9K+Glz4bvdKtNDg8GeC7ObVb23lsr7 VZ9f1TVdb8TzWdow3TRaFDqP2a5kfAM0EcAG58L9KftIaroPhf4Xaz+zL4L8MeJdG8B+B9C0yTWP iWAtrog8VWLx6vHoesx3EaSa1BfTPAb64tTK0N1fwjy2ijcD2/xV4q8G/srfAPwrruupqEXjK48M w+DdBvkey1vxktzrktxrt1uuNQkhh1R7Ca8kurlyI45poFB2+agH5B+KNC8R/ErULzVtD+K3/C07 a2e6n0628Y+Ijo/j1Vug1zLax+FdevSLjUZJIioi0ya6jldU2YLKo5uL8Hk3hxk1fI8gy/65xlxZ gKEMzhCvSnVo4KpQaWDhTqReIpwqvWv7CnKq6WHo89eFSrGsGNhQyuhLD4enz47G04qqlJNxpuPw JO80pfa5U3yxjeSlLmPG4C0jIqK7yOyqsaKWd2dsIiKoJZycAAcknA5rSeK4tbia0uopbe5tpZLe 4t5ozFPBNC5jlglicAxyq6sGUjIKkEAivavB3wf8VaBZaB8TfEtpFpui2q+Ltfs9HuWnj8RzTfD+ xmv5JbzSJIFex0460mmwNJIQT9rUqpDA14U11NdTTXE8jS3FxNLcTzOxZ5J5XMssjk/ednYsfdq/ kvM8jxeV4XC1cww9TCYjGvmp06keV+xdOlUhVafvctVVouGiTim+qPk6lGdKEHUi4SqapPT3bRad t7Pm09DYs42uri3tUdUa6uIbZXk3BI2nlWJXfYrEIC4JIBOBwCeK9K+KmqQ6l4816K1gt7ew0KS0 8KadDbg+Wun+FLODw/bSGRlDzySDT2ld3+djMc4GAMr4Q21hqPxQ+H+n6tZRajpmoeLdDsb+yldk SS0vb+G3nYyR/NGyRyNIGH3TEG7Vl+Lr4X/i7xVfrerqK3niTW7lb5YBbJerPqV1ItylsHYQxyBt yoCdoYDJrB0pUuGqtZTjy47HQg4/b/2ahN31+y/raty3TavPlap8ztbCt3/iVErdfci/w9/z87aX +qPAmgWM/wCx18YtX1y+1S1sk+I/hS50e3s7GO7Fzqmm2EtnENzyqLWzkuNYjjuJyMItptXfIQtf GbN6dR+XfI59/wCVfdK2N4vwV+O3wx037Rrmj/CzQvh3rF1Ppt2LO1bxTda9fX/inW5Y51Ml1p8C X/2Y2+QHGjxyjaw5+EiQ3KkEcjcpyDjGenvmvp+PcNDDYTgTDQocjwuUOjUn7z58RRzPMaeJXO26 c4U60Z04Ok7OKTfxI6swioQwEVGzjR5W+rlGrUU+rTSldK2liNmPv9c479vX/wCvXtnwZ/aS+NH7 P2oyaj8LPHGpeHormZJtQ0Vil9oGqMmADqGjXYaGdsYG/aHAGAwrxBj1zkevJI9cgdun619rfDj9 hP4x+Kf+EM8W+K9Ki8N/CbxJolp4vk8bpewahaz+HjLE02nWi6e0jQeIpLYzeXBKqbdjOx+XB5eA sq46zDPKOJ4ApY+Oc5a4T+s4B1qc8JGc1TVWriKTj9Xo80lGdWpONNJ2k7OxGApY+pXjLLlUVelZ 81PmTgm7c0pL4Y3dm20u5+nnwJ/4KAfEz42fCD4z618T9L0nwBo3w78HvexfFLwXHdDWX8RNJCiW mi6DeySRT6strKXyjiONrmPzFCsCPmm5/wCCyXxg0/VriHQfAHhTVPC9vBFaaUfFkt/L4luFt1Mf 9oate6TcQxNdzAK7xpGVQkgO5ya8a8Jap4u8f+Bf2jPDfw+8DeINI+FPhD4a3mk+APDOn6feXtu0 j+MNCn1bXNR1cwAa54nu7C1muLiYuxEKrHEoiQA/nl4b8K+JvGer2+geEfD2seJdbvDtttL0TTrn Ur6Y9CVt7WNmAHckADHJFf0txd49eMmXZZwHhMh4zzDFY/GYavCrmCoL2mZ16OPxFCMaUJUuWpQp K0aMpUViq8HTq4q0nTpUfpcbxDndOll8MPj6s6k4yTqKOtWUako2ScdYrZe6pyTTnrZR+lf2nP20 /jP+1Pc6dF45v7LRfDGkZfT/AAZ4ZF3Z6CtyxLNf30c87vqV9ghVklZgirhAozn5k13wv4j8MjST 4h0XUtGGvaVba7ox1G1ktv7T0a8Li01Sz8wDz7KQxuEkHyttOOld546+BHxl+GNvYX3xG+GfjLwX p2o3UVnZ6j4h0S9sbGW4lOVgW5kj2ecUyQmdxCkgcGvq79trwRJpugfCfxhf+KBqF3b6Np/wt0zw 6kJt7fStC8C+FfDsn9oWkcoEhjudW1a/YkhV4BXJY4/GM4yvjLi6jxzxfxvicwxPE2RrAVK/15ez quniqkqSlUhiOSpGnCMIRo06MLe/G0VCLa8OtSxuNjmGNx8qk8Vh/ZuXtNJWk2veUrNJJJRUV12s fnruA6k5AyeP58cdRTQ3GSfwxz+fSm9++PTPoOnPUemfSkyc9TxyOf51+Wcr26/1/W55B9ffs9Wp 8PeEP2ifE8rJqFmnwGvbEz6ZIsiadf8AirxFo2lWdnqUskQNtd8TFo1JLKMbiCcea/Av9nb4t/tF +J08LfC3wvd6zNCYjqusz/6HoGhQOyr9p1fVZV8u2Xk7U5kcjCIxr7G/4Jw/COw/aF/4Xp8Dta1T U9C0LxV4a8Ja1qusaPbxTXyQeHfE8Ex0+KS4/dw+eJz8zZx5OVViMH+lv4PfBr4e/AnwRpngD4ba DbaHoWmxr5jKqPqGq3m0LNqesX2wPf6hIwJaR+mdqBUAUf3F4K/Rrr+M+RcE55mmZPKeBMro4yOI 9i4vGYjGf2livaYehzKSpU/YxoTniKsZWc+SlTm+aUPvci4XlnmHwFerU9jl1KM+bla55T9rK8Y3 vZcqi3J97JPdfmD+z5/wSJ8F/D270bxZ8TviN4j1/wAX6fJHdpY+Cp28N6JZXAAJh+3yRvdajFyy uCIUdSVKlSRX2Xc/sAfsgXt5d6he/A/wtdXl9M1xdTSS6snmTycyyrDb6ikcJZssQiKuWJCjpX2L TXdI0aSR1REBZ3dgqKoGSzMxwoA7mv8ARLh3wK8IeFsqp5RlvAOW1sHTfO3jMPDHVJVOXldWdTGK vLnlFWk04q2iSikl+l4bh/JsJRVGll1KUFr78VUbdrXbnzO9v6sfHet/sHfs16n4YtfC+meBk8L2 +lXc+oeH7/RLqR9R8PX1yQ1xPpU2ri6EMcjqjPEytEWjDBFf5q534nfscaP4x8O/C7UtS17WfFfx I+CL3Fz4W8aXyWcOueINLs0uLuw8O6+kKrFekXItkilUJsaIMVAd8fVd/wDFX4YaVK0Gp/EfwJp8 ysVaG98XaBazKw4KtFNqCsDnsRXS6R4h0DxBaR3+g65o+t2MzFIbzSdSstRtZXXO5I7izmdHcbTk A5GDnpXVW8OvCvNI47LsNkWW0p4ulRpVaWEVKkuXDVadbDTlh6DjT9phqtKnKhVlTdSjy8lOcYSl F3LLcpqqpThQpRc1GLULL4WpRfLFpXhJJxdrx2TSbR+Ln/BLLxbqfhHx98Y/hH8SNd1vSviPr+r3 HiH/AIV/4o0zU7bUreTSDIL7V7bUbxilwJoLtg8QCkC0WRS6k7f06+FyeJdA+KPxr8L+IfEVnqum ajruleOPA2nS6zDd6zpOg61psVtq1lLpjN51jpUWt2kgt2I8s+cwU8Yrr/Fnwg8FeKvGPhT4jT6T bWfxB8FXTTaD4rtI1t9T+xzQyW19ompTxAHUdGntZpUaGTdsLCSIqwO7yjx94Z1jRP2nvg18TtIt idH1zwv4u+GXji4WOcxxW7iHX/Cs108MbBD/AGtFcRRvJhQZNpZdwr4zg3grO/CrhXhrIsVinxBg uE86jTwmJoyrU6lbLM3qSw1SWPozlWUquExOOnXrRhJYf2dGlXp+y5ZUo8WCwNfKcJhcPKf1iGEr pQlFyTdKs+VupFuWsJVHJpPltFSVrcq+oL21ivrO7spl3Q3ltPayqSQGiuInikUkdMq5r8O/Cn/B L3Qpfii2v6trt7pulad43S7HhzQdRXVo20+Cf7dFHqMlwlvfaak8hQgmN1iRGzIysklfubXyB+0R 8KviJqOreFvir8F/EUGh/EXwC2pajq+ltpMV5b/ELw28ERudBlgLqj60YbCK3tpHYNi4Kb0U17Hj P4ecMcY4PIs74g4RlxjU4Qr+2p4WlOMK8qVWpQWIdLmlD20qcKarfVnUpxxCpOnzc7gntneXYXGQ w9fEYN414OXMoppSs3HmtdrmaS5uW65uW172Pgj/AIRHwL/0M9n/AODBv/jtFfMn/DTXxp/6Nx1X /wAJyX/5Eor+Iv8AXvgH/oEr/wDhmzPy8v6ufEf2jl/8kv8AwRW8v6/4Y/HSyuNT8dfA3UtMMs9/ efBbXE13Trc/ObLwH43mjsddWMdRZ2viyDS5iOQh16RuhOPDDN9PXjv7da9o/Z1kub3x7J4SZZ10 f4m+H/EHwy1K5Fs0lrFc+KNPf+wHlkxsSRPEtrosiBmUnZx1rxW6hjslNvO9xFqtre3NnqNlNEFS I28hjJikHIYOjo6thgwyvAr+Wsyw7xeW5Pmck/ack8LUlJ6zlhfZqm1fdRw1ahSiu1GVvhZ+dVVK dHD1nvZwk315OXlt6QlGKX90+g9ElTxF+zV4404wrPf/AA5+JfhfxXbTFAZrPQvGmmX3hvWBG/UW zatpehFxggM6twSM/pD/AMEbPBOt2fxa+IHxS1O0fTfDVj8H/Fdpo+pXkkdsusXU2p6bY3Z02F23 3trbzKqTTKvlRyssZcyHaPgT9j2/0DWPibrvwx8SaTYar4Z+LnhTVvDS6FqmpzadbXviPSpI/FHg ixk1eErLAJNf0m2tmZCrut6wHJFftD8IfDei+El/aXvrrxL4N0PXPBv7GNl4W8RWngTUbLUF0nVt DvZ7+6u9G8MWLGPwtp8V60VjFBczLc3c8RuZIxl5H/f/AAV4ep4ziDgzjiVRVo8Ne2ozp39m3icH SxWJpSnUlHl5I4V0FTV4uThLmlBQhCr9Rw7hvaYnL8xc1L6nzRa2vOmpzjdtWsoONle7s7tJJSr/ APBQf4YP8Rv2dvEGqWVsbjXfhzeQ+OdPEab5nsbNJLXxHAmBnadHuJ5iB1NgvHFfzfed7g8enX3+ tf1rfD/xNpPxX+F3hTxS0Md5pPjzwZp17e2kyq8ckWs6Wseq2E6EYysst3C6kcFGBr+Xn4+/C+++ C3xe8cfDm7WUW+hazM+izyAj7b4b1D/TtBvFY8Pu02aBXI482N16rgdP0lOGqVfE8Pcd5fH2uCzi jDD1pxWjmo+1w1Rvq6tCUorsqEV1K4uwqlPC5lQV6deKjJ20btzQk/8AFFtf9uo/T39lXWp/BP7A nxd8V6dK8Go3fjTUbaOeGJZZUlvbjwj4ejZYWUiYiK7fCkENnGOcV+XXxj1HVL74sfEm61u6N3qk vjbxKt3OZo7kFodVuoIYY5YSUMUVvHFGip8iJCEUBVAH6ofsQanpV9+xt8QrHWoIb3SNC+LOnT6x a3DTLG+mS6l4I1Gcg2o82OVVSV42QqweEfMBk1+aPjj4b+NPE3xI+K2o6D4X1C28P6f428cXUmsa vImkaFb29vrOsTpbjXtceC3uryRLWZYYUkeaaQBERmNfI8fYHF43gTwwp4HnxVGWW0EsPTU5ONSn PGe1qyhFOPvOXKpaNckk7p3XBmcKs8ryVUrzTox9xJvVOpzSsl+O+jvofsb/AMEwdZ1LXfgv4qn1 WZbubSvGFv4csbx1/wBLOj6VodlNp1hcTdZ4bYX88cG75kiYRZ2IgX9HdR1Cy0jT77VdTuI7TTtM s7m/v7qU7Y7aztIXnuZ3bsqwxuT9K/NL/glgoPwD8VzBkJm+JmqEgMpddmg6Cq+Yg5QkZIz1HI4r 3P8Abx1+88O/srfFG6sLyWwub+20LRBcQO0cph1fxFpdpdQI6kEeZaNPG2OqyMvev6k4CzWWR+DG U53VTxEsqyqvinGT1n7JVqqi3v73Ko387n2uWYn6tw9h8RL33RoSm135VKVr/h1Pl3xl4R8Q+Pfi H8X/AIzaadN8P+Ibr4SajYaBHeTS2qabe6bqXjX4dPq91dCORoZjo8ENzCkLPI08kWFA24+M/hj8 FZvC3jK++JHhnx74UvvDfwtZNav7bUdQ0b+2dfsdOhig1y01HTLu9j0/RLW7u3vLe2tNRvPtNxH8 0dvP5cjD6ltLjTpf2XdN1P4n+L/Cngnw58RPC/h3RbrRvE1lc2lx4gsfD+s6nq0s+kaLBci7Pilt cuXju9Qjtii2rLcJHNI0deVeGPCvwt+LOuaVbfBDQ5te8DeHNama/tvHfm2Phb4X2EUhfT54vBFn cwP8Qtc1GKG9uI9U1W+Yxqrpc28EVvtP4Jn+V4LM8wyDGRw0KubYpf2hGk8W6eMqYvGVJ1fbww9G M5KnGKoV6tRwSajTTVPDU61dfNYmlSrVsLNRUq8/3qi6nLUlUqScuZQim+X4ZSdv5doKUj7E/Zn8 XeBrvwxFe+Eray1nSbn4hapb6VHrulafolj8G5NN8Pz3d3Z6xrEE8MWu25XWLxrE2cIhhjvLmECJ CzL1X7V/xOsvAfwh8K6j4oEbeLvFaWPhyw8XL4auNY8LaN4i0PU7XW7zVP8AhENQnjDaebvShPay bZLgRwQPGk6ptP5t6x8YNDs/Avis/EBJbnXviV8TviLeXa+B7LQZjf8AhEW+h6S+n6R4iWcWGjaW dW062E0tpbXMl8uj+QXFu8vmeo/tOaxJ44/Yp/Zp8ZWR1GawtPEur6XfS6nqLarqMM4ttWsLVNVv /KiW+vj/AGa4klESLu4REU4r1Fx7KPBHFWU5c6U8flWUrExUVKPuVMThaM5Sw6c5UZKjWVSLeInO hzyhQdKjSpHRHM/+E/G0KVnVoUOe2q0c6cXeP2Xyyuvfbje0bRSPhLxj8SfHHji+WTxR4tv9bjsJ Zk0+O326XotspuZJzPpeiafb29vYeZMxkytvHISwL/MOPt74IavoP7QXiXwX4k+IfheD/hJvg9f2 niX4nfFJ5PsWgax8KvDWkz/Y/wDhNreOVP7Q8W/2lZWFnbTxEPcxI/2hZQjA/EXwj+GfiX4xeP8A w98PvCkDS6prl4EmuTGz22k6ZERJqWs3xUfu7O3tt7sT95tqL8zqK/RH9tjxd4O+Dngvwx+yx8K7 SysPJ0jRLz4latZQQw6nqttYCS50TS9ZvIR5lzcXF9Nc6jcJIxCCaFAAkhFfhfBtHMaeWcQ8e8QY x1+HcsqUIzo4le3/ALVzCEva4TC05VudxlSaU6+IjerRws6sYO1WR4GXqoqWKzLFT58LScbxn73t qqd4QTlezi9ZS3jByS3Z4D+1b8cYvj94k0vxpp/iCVNAtZ9X0LRPh7dI8d74Xs9Plt/J8QS7F8m4 XWIZElLA+dA9o9s4McUcj/LUbcqw+8CGVlGGVwQQVb+HBHGPzrJjbPTjPIH49fbitSyj8+4t4AQG uJ4YFZ87QZZUiBbH8OWyfbpX5PxJnWP4nzvG53mUva5jmc1KrJOVpVOWMbxUpPkT5bxhFqnTVoU4 wpxjFeViMRUxdeeIqvmq1XeT7uyWl27LyWi2SSSS/RHX/Gtn4e/Zs8D2/jE3nia+1rwvbaTp9pPd S22u3Fxq+tS+Jbyx1HxCytcJ4Ij8N6Z4NDW9qyyzO/kvJGGLj4z8U+LdQ8Y6rHqt/ZaNp32fTtO0 ix07QNLg0nSrHTdKtUtLO2gtoSWdhEoLyyvJNK7FpJGJr6Q/a5Wyg8T/AA98A+FluLzT/C3g68a3 srKJrlIQuq3+lubVIYzI9rFpvhm2BZwzJHBukc8tXyFGwGMHOBz9D2Fe/wCJ+Y4/+13kEq3tMJkl DCYRzWvtqmGoQvKdV3lUcJ1ZxinLlStJRjKTv25pVqe3+rOV4YeNOF19pwir3lu7NtLWy3sm2e6/ Aa20+b4gR6jq1teXWm+GvDHjLxXcLYzfZ3ifw/4Y1O+tZZJfJcpD9tS2QlQG3SqVOQAcb4V+Hp/F nxA8JaNBErQy61Y3WovLg2tno9hcJfapeX00uEhsYrCCYySSFUVRlyBVX4ayPE3jq7SYRJbfDTxa sincDOt+lnpQhUL94+Zfox3cARk5yBX2T8GfgD4v1H4TWviv4c6Nc6p41+L+j3ngezvtQUwaL4W0 CXV9Vj8ca5qLXlsUhs5dDs9GsrWVBI0z6lcNbgspxycJ8N43iZZDgMFl88bHLJ4zMcRCjDnr1qSq YKgqNOMYuUp1atOnQpKV4qpWcpOMLtGCw08V7CnCm6ipOdWSirylG9OPKkk3dtKMel5anWeCdT8Z Xngz43/GfwVoPiGw8UfFvWvB/gvwhf3K6Bf6brviXU/FrLrel6Ho9vYLANNhjthAGuVkUwsfN3Mz tXzDP8WLK41C40zxx8Cvhz4u8aJqFxot9qVpbar4c1K6VVk02ewTSfB93DZPrSXCjyLyC33o0YPl ysQ1fb/w6m/Zz/Z28L+N/hX8SvjtceMdV1oiy1fRPDena5JYeCb5La6tL4+HJraCX+z9f33tyJLp HSVfKUbFYNn481n43+Cvh8b7S/2bfCFz4WeeSVLn4o+M2tfEHxFvoMgIuimeA2/hC3PLBoEN2xOW lRsiv0biuCynKOFqmacZ4PAYvD0MQsyy2NTA5zXhjZ4zEYmrOOX0qdTBxxNWeIb9viMRh3RoxjRn VnWhL2np4z91Qwjq46nCcYyVWknTryVRzlOVqSTp87cn70pRcYpRbct/S9c+En7PPgXTLXxd4+i8 Q+DfEMGh6tr8PwA8ReL4dT8TeIZJYtPPha3vdV0bR0l8MWE1xLemS3utt5JbIkgKYcV+1v8AwTg+ Mtj8ef2d73QNV0Dw/o//AAgWu3PhUeGNCt5rbSdO8OTwpe6BDbJNcPKWWN7lDM0nmO8JckMTX8tW qapqWt6hd6trOo3urapfzNcX2pajcz3t7dzt96W5url2eV8ADLE4AAHAAr7a/YV/bIuv2UPHWoR6 xph1n4c+OJdNtvGFtAManphs3kW01vSxuCyXEK3M3mQtxMhIBVgpH0XgJ435BwZ4r5ZiMVl2G4W4 HzWjXwOPnChCVSr7WEVQxWNdKnGKjCvSoudLDUqWFownWnCg5yqTn1cPZ9hsDm9Kc6UcJgKsZU6j UVd8ySjOpZJaSSbjBKCTk1G92fur+2H+zzoCfs+fG/Xfh7ba7pnii48CzPPZWOv6w+najbaRf2Gq MRpUt40NvdRWljMEeBI2ZGZH37uLv/BPr9mHw/8As/8AwQ8Navc6Tbf8LK8f6TZeJPF2tzQRtqNv FqcK3enaBb3DLut7KCzlhLopUPM7s4O1cfX3hrxT4M+Lfge38QeE9Z03xR4Q8WaVMlvqFlIlza3F re25imt7iPOYZ1WUrLDIFdGyrqDVjxb4z8E/DDwxP4i8aeItG8I+GNGtUSbUtXvIbG0iht4gkcMA c5nm8tAEiiV5GxhVJ4r/AE/peHvBFLjbDeLNOOEp08DlDw+GqR9jHB0YVa9TFVswpzVqMJ1aVTke Ii0nTlUk5Pnk3+qxyzL44+GcRUIxp0HGLVlCKcnN1E9k3F25uzbvqfkD/wAFi/iPbQaF8FPhDHOG uPEHi4eMNYtgw3rpulyJpWnlh/AHub2+wT/zxJr4l/4KCaZfazo82r299aalaeAPirf+FNShtnil OgWmu+CfC114UsTcBt1zvsdJvA4AxDLbMjHJBPmX7UXxlsf2t/2zdF1HwjLc6l4QuPEfg/wN4MSd GtJLvTLfUbaGW6SGYg24ub6a7lG7B2yLkBs16Hr1kPH3xF/bl+BEmq2c3iPWNYuPGPgSxs7abUBr PiL4Z311cXWkaS5XdDfSeGnv13YDObbYMg4P+eniJxlT8TuJvGCeBmsblPE2YYTKMrr06i5Ks8my vMq+EjSbajVWOxlGl7KN3zfWrRXPOm1+bZnjY5ris7dN89HF1IUKUk9JOhSqygo9Je0nFWS359NW mflhz/kdcelHYknHQgY5x3PTpxSyKYmaOVSjozI8bAh0dG2sjKRwwYEEex9KidxtOPTt+Hr3r+KU ntbU+CP6qP8Agk98E7H4cfs22Xj+5s418T/Fy9n1+6u2QfaE8PWE81hoVirsMrD+6u5yBwxugTna K/USvnH9kGSwm/Zf+BEmmFDZt8M/C4QxgBfNXT41uun8X2pZt3+1mvdNRSz1mPU/D/26eCV7JEvz p1yba/tbXUVuIY2iuIzvs5nWKcpIuHXy9yEHBH+//hRkmX8K+F3AmTZXTgqGHyrBuKi1FVq1bDxx Fapf+atWnUqyer95vWx/RmT0KeEynL6NFLljRp26c0pRUm/WUm2/U+M/2i/2ydG+HkereCvg9d/D /wCIHxis7j+z7jw3rXjrQ/D1l4cuZIt6y6ob68iN/cJnm2hkDKy4leMjafyQ/aT8E/8ABRb45arZ 615PibWvBuqeE9G1iPQ/AHiqxHheyuJdLhfVrdbHR9T/AH0xukuSA3mllOEZhXY/tO/8EvLDRfjN 4Ik+HV/4muPAvxc8SL4fu7u/uZ9YvvA/iu7mN9Jd6vfNC82o6HdWMN/5ckhWSO4AEspUAv8Aqp4k 8H/Bj4c/By9+HHhfW9O0rVfhh4W0PQrK++0yz+INOlvbq20rSrnUEgmSS7F1qUsaPtbAaXaCm1cf zBxBkXiR4wY/xAyfxOrYrgTh/hiUFhsPlmcUaOFxko06uJhCn7TAOeLVTBv21atWq+zU1CMaOHcK sKXymJw+aZ1VzKjm0p5dhsJbljSrRUJ2TlZXp3neHvNydr292Nml/KZ4f+FOvarq89p4zm1fwfbw eJbPwpdavq2g63f2w8Q3kskaaWZ44tovcRuwRnBdVLDKgkftFr/hpf2HvgJ8L9IPxX0zw7qdh4xl 8SeJdIvtB1nV5vGviWW3iuLyCxn0v95pUGk2I0yGCaKQRm6u7gSswHln9PfBXwt8Ua1pnhDSPizo HgTxBpuh6Nomu3d7NZ3dzrafEu0uFmlvbVb5XWe0htEtYhcTvJOxjeP5kJY5n7RX7K/gj422R1XV r7xRp/iHS9Ev9M0m60HU/KtYLm+uvtcd7PoFzFJaanKLx23IyrujkZVO8IR4nB30Xsx4E4b4nzvh nELMuMMfhqVLA1sbHFYGvh4urGviozhQxnJOf7ulCk6dSjCqoVYV5So1Z0zHA8J1MBhcVXwkvaY2 pGKpuop05RXMpTuoz1eiSs4p2kpNxbRwH7LH7dfww/aOsLXT7XXLfQ/HNpFs1Lwtq7QW11e7AV+0 2J3KJULDIkiymGxLFEcY+7Li3juo4t6KwSRJgrBX6A5UEZ5IJGQefXFfmR+zp+wdoPw+1G58S/EY /D/xXqGh6lb6j4Q8XaB4Sm8MeJZY7WFvt0msrFeIkN1DeBgDHG29VDFuStff/g7x/wCFvFV3f6V4 a1aHXDozmDUbqzmF7BbXJJMcE95Eoj+0FEkLRqWZCuHwa/qHwnzXjurwxluG8VI4TDcQ4tyhRVOc Y1sTGno5VcPGdWlGraPPJ4atVo1IWqrlUrH1eT1cweEpRzdQjiZ/DZpSkl1cU2r6XfLJxa106+hV +fP7UX7f3wf/AGafGcvgvxBoni3xJ46sNJ07VrbTtKtIYNKjt9VJZd+pXNyqm4a1ViT5ThcBQQc1 9/QrMktx5s6ypJIJLdNqq8EXlojREr/rF81XYMef3mCcAV/PR/wV/wDAnhlvjN8KfEVlqkcHifxh pUfh/X7KeVVjtbCxvYYNI1dkxuS3IvLuN2+6fsfHzA14P0leNeMPD/wrzDingqrhsPm+BxeEpzli qcKtqNeo6HNRpzlySrqtOhOHOppQU5ODcdMOJ8djcuympi8DKMK1OcE3NJ+7J8uiejldxa30u7aH mv8Aw8m0/wD6EDU//A61/wAKK+Zf+GXLH/ofPDH/AIN//tNFf5nLjr6RWn/ChT/8F4Dy/u+p+X/2 jxJ/z9j/AOA0/wDLzPyi0rW9R0S+sdQ02/urGfT9RsdUtpYJpYxFe6dcx3VrdbI3GZY5YkZTjIKj GK+jP2vfB6eEfjdr19ZW8MGgePtN0D4i+HZrS3NtY3dh4u0i01S6ltY8kADVpNQDDqGHIFeMWvh7 wPr8NnHo3jX+wNZu7i7SXR/G1mbLR7SFZJnsyvjHT2lhk3WqxK5ntLUecxAITBr7K/aI8HeMPH3w 8/Yk07Q3tPHvizXPhzrXgy1uPC9x/atndSaN4ggt7C1l1BF2L9ls50juZX2xxfZnZ2CLk8OV5LXx vC/EuHVL61VwssvxWHdGcKzcnX+pzoqMJSlGVT6/Tm48qlzUoxkk7I8KjQlUweMilzyg6U4crUrv m9m42TbTftU7WveKTseE/s4Xnh7wn4l174yeKNKvddsPgxpmmeL9I0SFmgstb8Y3Ou2GleFdM1W+ QF7Oz+13E11uRSWbSwjYVjn9Y/2dfDun2nif/goBrXhVJj4Q+MP7KWpfF7wNfZMkV1Y67J/a+o2s dwq4e4stefUbWZM7onttj4yM/kH8RfFOgeD/AAg3wM8Etb6jFa6/BrXxN8cxlifGHjHSYbmxt9H0 Tp5fgrSXuLxLVmAe8uJJbxgqGJR+k/8AwSK+INz4s134v/s6axGNRTxN8FPid/wr6aV83GlXusaf AniLQIGkYY0q8MVld+XnbHc2DOuDM9fpPhNicDR4t4c4NqSg61SddqtCKf8AwpYnCYzCTw7qpOU6 c6FenQvC9P61Qg6d6c51ZexkVSnHH4TL205ScveS/wCX06dSm4827ThKMdLrnguX3W5P60/4J8/F HQviB8BNP0rS1kg1fwVqF5p/iayMbJZWep61eXutqmkKUVYtKZbh3ihTcluHMIZgleB/8FRPgc/i HwjoXxz0GyMmp+CxH4f8Z+QmZJ/Ct9cltL1OUAZcWWqztG5/hi1TcSFj48D/AOCbfxGuvhX8b/HX wE8Z2E+hX/jC5uLS2s9Qs7mHU7Pxn4TN2f7JvRK4W1ik0kajt+Tc80cY3Mrrj9x9f0LSPFGh6x4a 1+xh1LQ9f0280jV9PnUNDeafqED211A4PTMUjYI5VgGGCAa/c+FcFhvFDwchkGYSjTzDDUpYGp7v K8NjMFJfVpSj8UWoKhKolbmjOcUkpWX0eCUc64fjhatlVjF0m7WcKlN+42t1Zcjl3Ta0Pxj/AOCX 19aeKvC/x8+FGoeXLbalD4X8Rx2s7uqTKzXWm3eQhyEEltpu4ryNw718YeOPG/jb42fFDxd8NfH/ AIw8UalJf/EjW4/A9ndSJc6N4b18a1c6d5Z0q5mhFlpT6RF5BWDY0bxRTFWCSB/rX9nPwLrf7I37 e0Xwv1uSaTw14+0fX9G8I6zOGSDXtDv1Os+G7nePle/ivdI+x3CZylxuH3XUn5c+N2meOfhz+118 XvBnw505NX8T+K/Gd5baBay+HtN13VJG8YS23iGyOiR6lbTCw1FJdQUJdxBJIliL70G41+E5xSx+ G8O+E8rzGnXo1OHc3xuT5jh6d5Tq3csVh6TpxnD2nu1aqoSu0nL2kHdq/wA1iPawynA0aylF4TEV MPWgr3lf34Rtdc2kmodm7rWx+qP/AATG8L+K/CfwU8Y2vinw/q3h+W7+JOoz2EWr2c1lJeQW+j6T Y3NxbRzqDNai8tpoxKBsdom2EgE19SftN6v430b4P63qXw68JeHPGvjGDUvD66Ro/iewTVdOt5p9 Xtrca5FpU3yX97YNKlzGrfKggaZsrEQeo+CPgjUPhv8ACP4eeCNYvZtR1rw94W0uy1u+nnNzLcay 0AuNTZrhuZ1S8mljRySWSBTk15N+1r8Qbv4W+FPhr45tIby5Gh/GbwfNqNrZxNN9q0GbTPElv4lj uFVgRAnh+XU5s8gPaoWG0Ej+osLldPhPwtw+W4jE1sHDAZcoVaq5Pb4d1VepOPuuEqmHdWXKrWk4 JJ3dz7SnTjgsljh5zlT9nSSctOaPMtXtbmjd201sj8yf22fC3xH1bx38G/gzDZTeNfGmneG7XxD4 h8dnTEga/wDF3jXU2GqqdTKLBofhK2vLMypCWit7dLjeQqIu2hb/ABG8B/D22WC51zRPEGmwX+s/ C3RP7AS4n8K20msaDqF14+8fa7cRpbt4+1mfxLc6DJMyMltp9lqgsbW4njEqj6N/bS8cXdldaf8A BDwwl14f1v40eEde1aXxHHf3F3camlj4i1fU/Dvhf+1FjM13BrKm/tjbIEW3Or21sC8Jevyn+Llx ceHj4c+EnkWsdt8MdPli1CX+zIrPU7jxj4ngsdZ8YC+ueZJ4ra++zWECM2xI9HDqoMrV/LHiDiaf C/EvEeY5dVljMTKeHpOdVSnClVjCn7HAe9KNSq4YRfWK2IqpqdaFJKCrw9qfGZpUWCxmMrUX7Sbc Itu7SklHlpatOVqfvynLeSjpzLmK/wARYhaN4ORoWtbi98G2Wv3ttC3laXb3fiHVNX1NhomnRAQ6 TpJtJbMxQwKEx8/LOa/Vz4v+BZdC/wCCcvwm8KWti97rt7f/AA81O105I2e/n1rxhqF/fC3s7Xbv lunOrNGigAnaeeMV+cXiXwTLq/xO0Hww1xBc3NjovwctjapcxzyX2haj4e8KwXgtdrFWubf7cHkt wPMETzOVxE2P6UPFOjeAtEg07xh4xn0zS9F+Hy2uq219rFxFa6Rocml2N7pOn37+cRFA0EGq3ixE glZblGX5kSu/wm4Medw8UvbVIYGFfBwyp1allGjTqymsRXf2b0lhIzcW4qTd3OMXzHRkeB+sLOOZ qmpU1Q5n9mMm1KV9rx5E7Oyb6pan55eH4PB//BPL4AW3iHXNO0/Vf2g/iNZMiWEkouJFvNomj0wy Lhrbw1pkc1s16UI+1XeUVjuQr+f/AIi+PPhf4ytf3nx38ERzeL7gxzQfFD4Y22n6B4rna3UQW2m+ ItEv5Tp2t6atqQiyKtvdRi3jHmuM4439pj4veJvjN8YPFHiXxE0UMGnX1z4f8OaVZ3kF/p+j6Bpd 1NHZwWl3au0V40pLTyzoSs0lyWUlAgHhsR4xzyAfX69T9K/J+OvEKdXFw4Z4ZpQwvAvD8XhcNg61 GE4YlwvGpjcVCcbyxVefPUVVclWkpe5KE5VJS8nMMzcprCYSKp5dhVyQpyimpW3qTTXxyd3zaSjf Szbv614i8K+CoLCXWfBPxEs9dsIkt/N0PxJpd14Z8aQzS7Vkij02M3NnqVvGzD99b3pyoYtGmMGX 4Y+HrnxF8QfAejeU8cWseJ9IjWaWCRoGtINRik1CdeP38cdvFOX25C7CDivMIznv6enTJyPpmvsn 9liwuNeutfEesaSb/wADaP4o8UaFpetNPCunT6j4T1jRm8QafeQl2lgTWJ9DhubCK3me4kvLecDM DGvz3I8HhuIOJ8qwsMFDBQrVablSpSm4SVOaqVbe2qynG9GM7JTm+ZJJJP3eDDQjicXRgoKmpSjd K7TSacvibesU+r12NX9oX4z399q1n4d8E2MPg7w9e+F9K1O7uLAt/wAJPrtr4ttJfEM2ma94gIEt 3pSHWrgRW8Qhh23DLIsnGPnTwd4R8TePPEGneFfB2iX3iDX9Ucx2WmafF5k0m0ZklkZmCW9uiZLy yMqIOWYV9uaz8LdN+Pfxa8X+CPAvgzxfqXiHS7Hwv4eXxbrWp2+ieAfhZpGjadpltJnTLS1efWJ/ JjuY44Jp42mmndkgRV3D2nxd8R/hh+wnpY8DfCLwjJ4t+KOtW4fXvHPi60u4rGWCAGKWS2vI44xf W63ySL9hsnWCIxt9omeUYP6BmnBGIz7N824q4y4khlnA2W4idGeLp06jlJwqyprA5bhVTVOdaSpp t0ebD0VNTrTdWM6S9epgJYmtWxmNxSpZfSm4uaTu2m17OlC1nLTdXjG95PmvEu/D79l74cfs+6Rf /EL4268mr6/N4B1e5m+DcF3pt1PeReVF/a1ikltL5mvoZUtlQokcMbTlZGk2ZPj37Vf7S3xEHxBH gjwH4j1X4e+FPCWj6HZt4e8KXsWkpDrU9jFqF9bXz6UQUuLI3cVk9vv2RS6fL8gZjR8GLjxt4x+M vjr9oD4xWcU/h3RPhxqHijxJqcFhNe6DZLq2i2UvhPQ7KwtHcC6WN7G5+wK+8Im+42+YzH41+IXi fTPF/i3Vda0bSn0nTpnSK3huWWTUr1ogwudY1udc+frl7dtPc3RBKrLcmNCURTV8acVYfJ+AsPl3 BeEnwVlua46pClTU6kc0xuFwbnGeMxddJSVLE15xXsIShQo1sPVpUoVP3koXjcZGjl8aeBg8BSrV HZXaq1IQunUnLR2lJr3U1FOLUU9Weu23xm0vx9AuhfHjSn8QW5UNa/EjwxpekWfxP0m4gheO3N7e FIofGOmtnE1vfYmOBJHcqy85d98GV160bVPg34oT4q2sMLXGpeHbPSbvRviDoVuoy9xqPhO4eQ39 ihKq9zYTXMasw3hFINfsn8FP+CWvwA+Jnwf+FXj6/wDEXji31XxL4Ii1fxGlpqduLK41jVNOLW0l rDNY7rGKzvWy0ZLiYRbWZc7q/HrRND8Z/Bn4lWOr/Yda0vw3eeKfEPgHT/GNzaXul6dq1hJdS+H9 WutI1gPEFuoba4S4EkMymJ40beAK5eMvC/jbhLAcJZl4nZXQzPKuL4RnQzPCYiVbMKNBwwdT2mIq R/dzjD63Tp3xtKtJvnpU61NeykzG5TjsHTwVXNaUatHGpONWEnKrGNoO8ns0udL94pPdKSXKzwW1 sb3Ur610yytLi81G+uobG0sbeIvdXN5cTLBBbRRAZadp3VQvXJwa6Pxn4a0/w5q1j4e07UG1rWra wto/Exs3t7vTrbxJO7vcaNpE1oCbsWsbwW87ksGvIZxEWiCE/S2qWmhWXha2+IGiW2qyftCWU3ih NQsrmCwgstV0nStV1HTbv4u6Tonllp9cSOOaN4o9yLPbzX6xOLZ3Pl3ws8DX2h6p4d+KnjtJfC3g LQ2fxbp95qGo2mh6p42u9ELXum6F4NivFeXUb261G3hj85YXgjQSM7hgoP5o+D54erhcsgvrlfMv ZV54uKbo4LAy9nJzrWfLSrxc/wDaoym40VCEIzn7a68l4NxcKS991bSc18NOm7O8uikr++m7Rskm +Y9d/ZE+MnxQ+AHiqXxxFr3irRPhxoN9YQ+IfDM93cWOg+JtX1m9h0qz0qXTr0hLuWGO5uL6cQIZ o4tNy5VWBri/2wfiN8XvG3xs8Z6H8R/Guv8Ai1NG8RXlt4bsbiVo9Kh0e8lFzoj6To9sFghSWxuL VlKJubzOpzX9Vdv4G+D37Q/wv8H634u+HfhDxNofi3w3pfiS3t9R0ixuHtZde021ubmS2vYYUkt7 vLBWliZHJiHPAA+MvEX7BXhSX9sz4QfEu3003vw60LwVcT6jpmoP9tT/AISfwOlpY+Ere7kuCTdQ /YriwYeZkuNHO/OST/c3Ev0XfEPDcBZBwhw5x5PiThLHZll1SNpYmjGnSx0pUsRiauD9pUpSwtGN TB1acI1Z+z9lXqqMZV5s+9xXCeZwy7DYPDZg8VgqlWk18cbKp7spOF3HkScGld2tJ6OTPkb9g3/g mn40ttV8KfG/4y3MHhi0t3s9b8N+A5dOhvtfuAksN5p+parLcHboDkxxvGqBrkL94R7q9M/bUm/Z d/Zs/aO+DPjPUvBHizR/GuoT3njB/EngHUdOt1u7648TMmqXPjCw1KNpNbFxFLdxllmjZIpCFBCh a/bYYJ5/z2A4r+ev/gr/APAn4veJ/G2k/GjRtNXXPAPhfwrBolzaaSs9xrXhy0srp7q/8Q61aiPF to8uoXyxRygnJhywAwa/V/ErwuyTwT8C8TS8POGFnub5VjsBjKmKxWHjjsR7SjVp1K+PkpprDqEK SivqqpqipKS2lUPYzbKaGQ8PSjlmE+s16M6c3OcVUleMk5VGn8KSj9i3Lf1Z4JrH7C+meIPGfxo0 zwZqE/xV+I1lZ694z0L4b+Eb2DTLLwj4b1yc3vhbVvFviTUB5V/qctpe2zwaRZ5mkY7ZpYwGU/mJ 458FeLvhx4n1XwX450HUPDXijRJlg1bRNTiEV7YyyRJNGsqKxAzFNGykEghgQSK/oj/Yd8WfE4+I /C3jnwp4A8L6l4J+Knwg8GX/AMSfiJ4l1D+w7nQdf8Bz3fgu6srDVEt3GoSzRadbXBsH2ZYmYyoM k/C3/BRzwr8FviX8d/Clr+z/AOLLr4l/G74j+JtQ0z4gabZ3s17bW+ryPZaZ4f0q03W8dvpvk+VN EYo3k2pEHkfHX+XPEzwj4XxHhrl/H/C8P7IzirmEqay+pelHHYXGVubCzy9V4SxWZYyVPEYSdVYe rLDU4/WIU6VF0lTfyGa5NhJ5VSzHCL2Fd1WvZv3faQnK8HT5lzVZtSg3ytwS5klG1j9Hv+CQv7Qm m/ED4GT/AAb1S/jHi74TXM4srSWTE174N1W5e6sbmBW5kW2vprqCTGdokh/vV6x4Z+LHiDwl+1Tq +t618Ovi5YeA/jbo1jo0mvX+jS3HhTwxr/gK81PSbW+vCB5mh6fcafEZC75jeO/jmA618bf8E+PA Nj+xTL8TfE37SPhq8+GerfadH8Ian458QLDc+G9Pl1K5gu9GsNK1exWRBY3lvL5k825ow9ogJjAO f1P+LGt/EH4k/D2w139l74yfDHQru2v4tR1HxL4gtbTxX4T1DQI4pPtVq93aPItg+/YTIOihgxXg j+y/CutxHjPCLgGhneY1cLxp4fr239l0KNGeZVMNhalXBUKWIwmNrYSUW8D9YwtR+0pRd5SVR1aT g/uMoliqmTZdHEVXDHZb73sYxi6rjBuEVKFSUGn7Pmg9Und63VjR8H+PPGF74+8UfD/xpocjWOnG HxF4Q+IFu9nb6NrkN/qF3caVotraxZJmttNS0V7hmIneRkIViFr5u+BfwVi+GHxL+L3iDxzf3XxH 8T+O/HGgafpEU1zL4ivWtTF/b8l7r1pc2yxaNollq0weGRYxHF9hWNJZXCg/Uvw8uPEOo6F4d1LV fFfhb4hIbLThe3PhHS7Y6JJqUP206rqWhX6HElk13HaiOPPH2RiCXbaPSbG80fUdUN5BALW5lj+y w3jQLbz6vBayTExCcoGntY5VnKxk9dzbcFSf2Knw3hs9nw1muYYupicZk2IxGIwbxSpzlGli6M6T hNUqk6NeVGlVUKVacqk9udzlOSn7kcLDEfVa1WTnUoSlOHPZtKaas7Nxk4ppKTbfe97PoZJ3t7dp 5Y5pmVFzDawmWR3AIbyo+pJPYngLzjmua8aaJp3iLw5e2mratqehaW0KXN3eabqD6PeQRwyJO5e9 DAwDam09NucgggEOt77w5Hqeo3kNz5+pxmG01AKZZrm15C29pNZRfNag4BTfGN+7cjNkmptT8UeG 7Z7OxvdQsXudRvv7OtNLlkQ39/dCIzSW9rpzDzLyRIss6qhChWzgjFfeYirhMRhMRSxVWl7CopU+ WU04y5m4Lmd4t8zaTgtneKlfU9GUqcoSU5RcXpq7rsr7b9vxPKLTx6s3jK5gsNUtvEPh6zGkaMdC 0nTprfxB4RuL3T57m41bV9TvL9Ydc0CSyijcG3jlkR23qzKrmux8K6HpFnqt1qPhtdPsdPuGzLpm j2ul2WjX0k80s8mui3sYkkXXGLeXcNLkssa4xk1keKr3RIZ7y+vYLSxd7vT9Os57q4stMv5rpoLu 2tmsJdRCILhoJbuKGNGMrLjajM22tDwH4UuNEaW/h1fxBf2Wr3K3i2fiJbfz9LgjtRHb2dtGkCva x5b5lLvlwcgc183goYj+06dGry5h7KtVq+0g5RlQjOTjDlVSc6nJLlinCM5QXKuSMKSVNctPm9qo ytVtJu605b7btu2ysnbTRKOh6c9vG9xDckuJYUljXa5CMk3ll1kQcPzGhGehHHU18X/ti/sWeDf2 stD0t7zU5PDHjnw4kkXh7xNBBHMotbieJ7mw1OEJvurMIJ3iVXXZLJu6FgftevCv2h/C/hbxv8J/ EWm+K9a8caFoUBjv7vUPh41/H4tVtNd5Ps2nQ2FrLNdCRlKvEIysiHDEJk1v4hZBkfEfB3EOUZ/k lDiDLcTh51J4TEVvq1OrKilODeJtJ4aUJQjKOIim6TSmth5jh6GKwWJo4ihHEUpxbcJS5U+XVe9r y2aVpLZ6n89n/Duub/oqcf8A4DQf/JlFeW/bvAv/ADx+Pn/hP2v/AMh0V/kV9W8Jf+jfUP8Aw+4r y/6df1c/HFDJ9P8AhOX/AIUT8vLy/E/EsOeMY79sYwcY6dP8a+7Ph78TfFemfsO/FvQvD2qtYXnh 74q+F7WW9tQqa1pvg34gafcR63Y6ZqEf7/TNPvNZ0K0S5MbIsolMTH58H4K3H1PQD8q+kv2er2Of Sfj34RvrYXeleJ/gn4iu5VMgRrPVvCGo6V4i0HU4cxsHkhvLZ12/KSlwwDL38fhDFVcJmtelQryw 8syweNwvNFtPmrYaoqV3HWyrKm32SurWPncBUlTryjGbh7anUhdX+1B22/vWPnfzD+PfPOc9yc1+ gn/BLjxkng/9uP4IyTy+RaeJNV1XwbdlmKo8fibRr7TY42PGAbiWH8cV+eIY4HOMgf5/z6V6R8Hf FWpeCfiz8NfF+ktjU/Dnjnwvq9nligM1nrNnKqFwCVVgCCQDgN0PSseD8z/sHizhnO1d/wBk4/CY hpbtUa9Ocl81Fr5k5fX+rY/B4jf2FWnP/wABkm/wR+ifx5S/uPjx8TvijoFnBoPxt/ZS+IlvL448 N2K3kzfEPwJ4W8SwabpfxAsW3s66xbaabW21xGLJJbyRXSkAyKP3d8OeIdN8V+H9C8U6LMlzpHiP R9N1zTJ0OVksdWs4b61bIPXyZ0B9CuO1fhv/AMFDPFF98Df+Ckfizx94PVRLrNr4M8Ta9otztbTd csfF/hjTv+Ep8N6pGYyt1pd9aSTxS70PMokC71XH6b/Cfx3oHhH4eeFdB8OeE72y0C30xbzRtMuf ExvjounatLJq1voVtdSaGrzafZrfG3tt43LBbxoSdua/sXw8zDD5Vxr4kZTiMQqU8Fj69PEe5O1W rRxVWnh8XFQi4qeIw79nil7r9ph6dW05V6jh+hZRWhh8xzihOVpQqyU9H70ozahUVla8oaT2d4KW rk7dp8dPgppvxc07wxqlrJBpPxC+G/iTTvGXw68TNHltP1jTLy3u5tIv3Qb5NAv4rcQXSDJTck6A vGA3mnjf4K6Y37R3gP4q6FpcsXi7x0INJ8ba08qPB4Z8I+B9Hl1O9h0NY4cw6vrN4dE0u5ui29bG CWODZ58hr1lfjFExx/wjUg4z/wAhtf8A5TUf8Ldty4Y+GGLqpCudZjLKrkbwrHRsqCUTODztGelf omY4PhTMa9TFVJxhiqtfCV5zVKpd1MJJqFS3s7Kq6E6mHdVfvFSlFKSdOm4+xVp4GvJzdlUlKnNu z+Knez2+Lkbhzb8rVtVG3tPnRCRIS6iWRXkjjLKHeOMqJHRM5KKZIwcDjeoPUV5h8aPBOk+P/h9q +ha3Fby6ZHJa6lfrcD5X0yxmD63bI/nRiKS40F9VtRIzBY/txc524r8zP20/2svif8KvH3w78RfD V9N0KWPwp4h0m8stZtYvElnejW9UsLiW6MMsVusM8a6DbIh2swEr/MAdtfV/wU+P2s/F34C+F9V8 Y6Yy6/4y8ManYa5q/h/UYtFInup9S0iXUNKtP7KmXTpxCqvGN0ipIueRxXl/6/cMZ7m3EfBdSNSW KwVCTnz0m6FalOFJaSV5qXPW5WpU4pKLlzbHL/aeDxWKxeXcsnOnFt3Xuyi1HZ7p3lbVLa9zwX4R zeDfiX8KPhz43+KS6hqmufsu+Ndf0LUdJtNZ06Sz8SeItIigh+HcUmqSEN4g1d1Ok2lkYJxbyXkU 8kpZAxb8ePG/jaf4lfFbXvGmpWs08PiXxnc6imk6jcl5IdNv9aee20W4u7cKSqWkywPIvPBZT0r9 R/D+peCtfms/grovhHVvDHgK11rxT8IYrKDxjPqN8NS+Hn2f4k+H/iV9tuNFT/isBrNxqETts8s2 180S7VVRXyH4y8BfDbw58a/h58L/AA54UubSxuhpmp+J9e1TXZtY13XLnT9W1yWeKxc2cNv4etLg aTCsiwW7ybWwZWAIb+WfEHDYvNsm4dpYfF4apQwVWhQxdblqqpjMwjSw2HpX56EZThSwzpR9pV5I ylKvU9nGUuR/H5pCdfD4RRqQcYOMJytK9SraEI7wTajFxV5WT952TdjvNC+Et/44/a3h8PaZPJaf EIfFGz8V6jpGjKB4W8BfDvQpY9Smg1PVcF7nXF0yLS7eO3hUwxmdYpZpJZGSP9Nv247zSvEHw41v wnrVxDpnh3T4LbWbrUdQ8ZWnhPSdX8UefGug+E70Jpt1eXax2txNqr+VGkBbT7eGRy8qhfnz/gnv baH4Q8F+Kfijc6TJrfjD4j6/fpd6hLeJatpmlWN4839l2rPZzvKst/PJNNIXUuY4l2AR5b4s/as/ aT+MXjb4k/E/wNfeM9Vs/h/a+Jr7SbLwbZPbwaVFpumyGC3t7l4LZJL53ILzNI2JZCCUAVAvtPN8 l4K8Ls1zDFQqTx/iRWqzVClGNSMKMoVZYeOInUdOEvaRl7TETpJ39p7KNGMIWXXGth8vyWtWqJut m8pPliuZKLTcFNyaTve83Fa35eVJWXzyNB8B6Sw/tLxxNr7LsBtPBeg3mxvkVpEOreJls44wHJTe lvNyu4KV6781z8GLi2sEs9I+Jul3Q1KU6lcSa34Y1qI6P5cQgSztv7Is9uoiTzixd/LwFAPORxug wWbeFPGlzPaRT3kCeG4bG5kAMlh9o1hzdSQZHEkkNusROR8jsO9UtGtoLu8ht7gTeXL5uTBIkbjZ FKy4aSFx/rApPHIBHBIYfyxWxXsY0I0cBhYQx0b8rpyqNWqygk51pTnF/u7t05JOMrPW9vkea3Ko 04JVFfZv7TVryba26NbkhMIkk8nzPI8x/JM21ZRCHPlmXZ8vmlNu7acZzjiv0v8A2Fv2cvFvii61 T4l69AuifD3UfDWtaFa6xM5j1KW5i1LQb6a4s7CdF36a9lbXKC7JeH5ZAPmUV3Xwg/Zo+D/wz8MR fFHxloV/8V9WtdDXXbHRNcv7XSfDFtPHbJdBX0uDTLg30gYgK1xJJGuM+STXqfwb/aV8Q/HDTDc6 7o0Ph3TtM8Qa2NH0LwlqMmk6Vb6NpOkPDZ6Nfw/Y3OpRbtRLO+YVY26BYUAGP2rw/wDDfK8gz/I8 w42x6eZ4yM6+CyygqklJRcE6mLxSg6UKaVSyo0XUqTvdzpOOv0eV5VSw2Kw9TMKn76onKnSjd3tb Wc0uVLX4Ytt33jYwviR+2N4X8LaP8RvCP7OEFjp9r4a0s6ne/EqdbWdNY8S6pr2lafFHo8F9Azaw 62t1qKrc3AJKWKiBRFEHbw34L/Abxl8c9N1D4lftCa3rGm/DiydfEcvjfxTqFzba7c6TC0kurPpO oXySJH4dlWLZIjrEqtIk9huYOr2fhN8Nfh74N8Y3Ol3/AIcfxjBr3xk1bwtokHiK9jm03QbLwJb3 99bXd/pkNkqeJtQlN24H2gx20TRpIbaZlArP/bH+Pvjb4g+IPGvw4sJk8JfD3wCdEim8M6ayzDxP f3D25jvtWvUhgKRQCVBBbJH5CLEMqzYYdOdZjUx2Xvi/xFxf9o0crlUwuC4bwSnTy+WIarYmCrtq FKGGpYWNKpNwdXE1Vy3q+1i6S1rVnOl9ezSftY0rwp4Wmmqbk+aS5toqChyt2vN6a82h6b4w/bx8 GeErqD4efB34Y6Dq3wg061/sjUxrZvdLvPE0EcENilxpT2p8zTlW2t4xHdXKzXM7KsjrHtUV5Brv jv8AZA+JFmg1Pw78V/h74jmngul1XRNP8N+Jrhp4rOOxTSJrgXVvJrsUjxQOLi5iW5aQMZJGd2Y/ BiuSQD7jPt1xWhY6hd6dcLdWcnlTok0aS7EdkWeF4JCm9SEfy5G2sBuQ4ZSGAI/Gsy8WOJ87q1aW fUMBmuV1HanhKuBoOhhaWiVLCez9lXo04RVoRjXT5vfcvaOU34tXOcXiHJYiNOtRe0HTjywXaFuW UUlt7/ne+p/UZ+xv+0rdfEKWT4Ix+O72+k+GHhzTzruseO9B8M+CdeTSLSEWv9gR6Pa3kxurizt4 oo7y4AX7PwHctzXzN/wUB/as/Zo8YQ2vwQ174deM9Ti8Aa/a6tb6h4buNE8OW7u8Lu9loMs/mH+w ryFj593HCj/Iixruckfn3+zLb6N4LvPhn8Vm0+51zX5fF13FrdpqGpytpPiDQpJ0srnQNTsZoJUn tZkmZ5XcOzOinGBg+i/8FOvEOh+LvivoGv6R4SsPCU8GjNoN7Dp9wk0epLYwWN/a3kwisbdY5lTV HiwqHKwqSxPT+os88YuK8x+jxmMMTiMH/aGHxGDw9Whi6VXMli8oxkVPC0oSxUJ06M8PyU/bOpUr VK0qPOpxbgl9dXzvGVeGqsZzh7WMqcZRmnV56NRJwSc01Fxsr3cm2r32P1h/Zx/Z2/Zj/aL+E3hv 432HgySPxlrF5c3emeINZ1aXWNf8HXmi3L6fp+kx29vdi0jtrWGANFBJE+4T+dL5juxPxb/wU/8A 2QrCDxv4N8W/B+K61LxX4p0yW11T4dpqtk9zLZaNGsA1zwrp2oX0cjoXaFLiysozGjt5yRoGKj3D 9gv9tFl+BNl4Qb4UaBZD4d2sWkpe+H9ZOixa8sECv/aGoWJ0OfZqkpJM8wlfzXJbavSv0N+EqeC/ jrNofx+1/wADaXB4z0Yan4d8LzXlw2tS+HNIkNrLcRWM89tFGLqS5EjmdbeOUCUoGC9f3rLuEvDH xr8J+HuGMqo5fS4k4iwuX4rGYzD4CrgKsK+FlTjj8ZD/AGZU54m9SvSUZuUa/tFGU/ZRjOH0NPA5 Vn2T4bCUI01i8VGnOc403TalBxVSovds56tK9+a9m7JNfOn/AATa+Luqar8F/D/wY+Iuia34R+JH w2tpdKttO8QaddWQ17wwk80umXmnXcimK4ubdGkgngDiaMQI5Ta2R+g/inVbjQNB1PXbXSLjXLnR 7C9v4dJtHSK81BobaSRbO0llG2O4ldURS3y5kAbAr+T3/godbar8E/2vviXp/wAO/FvjHw/Hr/8A ZfinU30/xDeadv1TxLax6tqC28WleQkFkLmT93HtYqF5djXk3hf/AIKBftieEYbG20747eMbyy05 UjgtNclstcjaCN9/kzSapaSyTKckZdmYKcA4AA+LyP6VuW+GMMX4XcZ5Hj8ZjuBJ1cohmOEnha86 kMFN4ajUqUazw8HUhShBykpNVHG0oXcpy8/D8ZUspjUyjHYepUqZc3RVWDhJtU3yxcoy5E2kk21v tbqf1oWt94m+Nvwi0bVNDvvFvwS1Xxhp9tc3i3ulWUnjHw7aTswubO3S+jaG11FogvlXPlyBVkDq u7GPw/1+f9q/4h/B7432vhHXvEXxNv8A4UfGPxX4H8eNqF2z2PxN+GS2b3uoXN/LNJEjwWd1oeTH ZyKYhfuiDDYP6FfsgfGT4ufGbxx4ys/FnjKFvBlp4B+Gvi/T/DsGhWUWraff+O9DS+vrK38U28kc jaZDdpK0Ub2zuEkEfmhV+b9ALXwl4b0rw5d+FtM0XTrDQrmzv4LjTbS1itrW5XUI5Fv3uI7cJ50s /mSGZyd8hkJZsnNf0FjeGKXjTkWT5zhOIMxyXBrC5hgMRUU/YVcdUjbDwrQw9KvVwmHgsVSqV3J0 faVKbeHnSVKpJL6WphFnuHoV44mrQgoVacmnyuo/gUlGMnCK505X5bte60otn4c/szfHbxT8KP2V PD8Ph7wf4T17xbN4n/4WLd/CK8tNSh+wfBnxJ4gl8O3mtabLqF5LJdGHWrSO7kch0S3YSt8u5x8b +A/iF8EfhD/wUHvPjF8TTqL/AA51rXNY8WeCPFXhu1lj0bTNc1CWSD+0o7a2R/7a0C11AanaM0BY FoxMoZV2nxjW/jF43+Gn7RXxg+ITXtt4l13wP4kk+HOk2eoWq23h1PBc2q3eg3XhuPQ4XaO30VvD 9rJZpArERJcM6kyANX2XoVt8N/DPxa1f4L+I/h3B408F+B9H8PfHb4Qi91n7Fq/w61HxHpVp4q1D wg1/LpV0vijwobu6K/Z7qJFJjEhUlnV/4zwvEuK4lo8GZZQzGjgqvhtmeCo4NZhhpYjDLE4R4qnh qtWlh1KShmEMHjFXo0qlSGFr4bAewlTp1q9Wj8HDFzxccBSjWjCWVVYRh7WDlFShzKMnGGtqqhPm im1CUKfK0pSlH9xLiD4F/ti/DUWbG1+I3wuvtU0zUp2RdR0/T9T1HRrlbu2s7iOeGCeaJJFiaVcK rKyruYEgesH4feBIPBsvgNfCugWngX+zm02fwxb6fa2Ogf2WI9slvJZW6pH5Hlr8+R83JYk5NeJD W/Fd7ZabrfhPV9L8F6fd+ELO7t9BtPDllf2VvM97pnzzMZ4FuGS2a6ii2RQqguclW2KK/JvT/wBs v4t/tQXvx3+FOt3aeCdK0zxDbaf4c1XwhcXFlquj6ZDJfWElrNMmw6pLLc20NxJJIyjcpjWNYzgf 3HxD4icM8JVMtee5RHMuLeKsPUw1GrRwlKlSzFYahUxPsHUqVcRWw+F99qFLFTqKMq92pfvZR/Qc TmeEwLpfWKCq43FxcIuMElV5YuXLdylKMNbJTbtzerX7naPp1noph8I+EdC03QPCukeHozp66ZbW 9jpSXF080Vpp9lbWcYEMUUEbTOVXn7RHjuTzvi74bX2vH4ftonirU/C83gfxjp3iSZdNYi18RaVH 58WqeG9UhZi0lpPDIjBixIkhViOTXnvhbx5qHgj4LQ+IdQW48TzeEPAkZnW6vRZXGtTeHmgsRcz3 a2swtp7iGePzT5cgDQAgckV5h+yv+0N4x+O3jXX5Nft7HTNDi+HfhLxhpWhWa+cNNv8AxFrXiO2k jOovGkl2senWVtFllVXZWk8tC20fWVOI+G62J4c4bxsakcw4mgp4fD04yhGhSpKNZL2tJwhThSdG MYqnJylKC93kbb7ZYrCuWFwtRP2uMV4xStyxVpLVWSSsrWbba7HqH7RXif4ffAnQtS/aa8Q+F9X1 nXvBWjr4cQeHbn7NqGpaf4i1axsobW6t5ZkgvvKupVaFp1cxea4TG/j03w1qdl8QfBWk+L7TwZf6 FqeoaN9p0zT/ABnpcGka/pZ1CFZ3SWSIyvZFmcMWjcBjhuO35gftd/G7U/i/8afEf7D2q6Dp+l+E dY8FX/iP/hNbK7vJPEFp4g0TTz4n0S8isWKwSWkNzpwjkgZv3y3DN5kZVQPjT9mf9rj9oaH446Z4 c8ffEjVfHvg/4daOuhW3hfybTw1YazBe61p3ha2udTksIZXlurZJ0njdzIxMAj3AEtX43nHjrw/k HiNismeFq4rhjM8R/Zbnh8LQh7HPcNVvmmIxUqnJiakKODqYF0p0aeIjVdKcYpzSv4lbiDD4fNJ0 ORzwlaXsrxhFcuIi/wB9KblaTSg6dnFS5mnbXf8ASXxHpKWXwu+H/gz43a2/hf4iXfxG8QDwBp/i PxNe63apr8z30eh6oviPR9Ld7x7W3vRd6atyCsMjRpI7+Wor76+HmiNoXhnSbBruW/FppWm2o1Ca e4nk1KSG0jF1qUjTkZlnuNzs21dzEsPlIqvpuh6R4ltrC51XTLC6t7GeHUtKtZrcTNp07SC4CxXM rFmiEqxNtwq7olOAoCj0EAKAqgKqgBVAAAAGAAB0GK/b+EuE4ZRjK2YutHE05YfC4ehUlFrEzp0K Sg5YqopKnVm2rwlTo0FGChH2ceV83u4PBqhOVXmU04wjFte+1FJe+9m7rS0Y2VlZWKF5qEVlPZQy qcXkxhEhZVSIkBYy5YgEtK8aAZyS/AOMVz2ok2Fve2EMWqX06xz61Yj7TJG1xJDcCZ9PhvI33jaz rtQhf3eFDHBI4v4m/D/SPiQV0DXLnUbSF20+TT7/AEa9n0/UtKvLG+ttVtr62lEjRvcLe2sDAtEf lTZnBJPo1xbTLHpMj3IluYXisbmd4QPtkM+2G5LRo48p3MYcbSQrHoQMV9FKtjcRicxpzwyp4Sgo KjWU4ylJyvGvCVJwShyJU6kJOVRT52ny8nLLqvOc6icLQjZRd0276SVmtLaNPW9+lrP8Z/8AhNfE X/QBH/gf/wDdFFe2/wDCh/g1/wBATxp/4Xb/APyhor+Mv9UuNf8AoY4T/wAKJ+X/AFLPU+J+qY3/ AJ+x/wDAn/8AKj//2Q== "
-         x="0"
-         height="253" />
-    </pattern>
-    <filter
-       id="filter16257"
-       inkscape:collect="always">
-      <feGaussianBlur
-         stdDeviation="0.41431294"
-         id="feGaussianBlur16259"
-         inkscape:collect="always" />
-    </filter>
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient17245"
-       id="linearGradient27074"
-       gradientUnits="userSpaceOnUse"
-       x1="136.5"
-       y1="161.5"
-       x2="313.74622"
-       y2="285.25275" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient4451"
-       id="linearGradient27076"
-       gradientUnits="userSpaceOnUse"
-       x1="155.34465"
-       y1="112.46042"
-       x2="136.51547"
-       y2="2.1517708" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient26774"
-       id="linearGradient27078"
-       gradientUnits="userSpaceOnUse"
-       x1="280.27875"
-       y1="261.40704"
-       x2="322.26389"
-       y2="275.19568" />
-    <filter
-       inkscape:collect="always"
-       x="-0.086395349"
-       width="1.1727907"
-       y="-0.11145"
-       height="1.2229"
-       id="filter3497">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="11.145"
-         id="feGaussianBlur3499" />
-    </filter>
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient3460"
-       id="radialGradient3466"
-       cx="167.48819"
-       cy="192.38739"
-       fx="167.48819"
-       fy="192.38739"
-       r="105.62836"
-       gradientTransform="matrix(0.8393229,-0.4383343,0.2966517,0.5680291,-30.16055,165.27307)"
-       gradientUnits="userSpaceOnUse" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient26774"
-       id="linearGradient2490"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-       x1="280.27875"
-       y1="261.40704"
-       x2="322.26389"
-       y2="275.19568" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient4451"
-       id="linearGradient2500"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-       x1="159.38791"
-       y1="126.94874"
-       x2="138.87404"
-       y2="12.596838" />
-    <linearGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient17245"
-       id="linearGradient2777"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-       x1="136.5"
-       y1="161.5"
-       x2="313.74622"
-       y2="285.25275" />
-    <radialGradient
-       inkscape:collect="always"
-       xlink:href="#linearGradient3757"
-       id="radialGradient3763"
-       cx="170.31175"
-       cy="209.16652"
-       fx="170.31175"
-       fy="209.16652"
-       r="104.54334"
-       gradientTransform="matrix(1.0743517,-0.8811517,0.8948667,1.0910737,-193.89727,134.77199)"
-       gradientUnits="userSpaceOnUse" />
-  </defs>
-  <metadata
-     id="metadata7">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <g
-     inkscape:label="Layer 1"
-     id="layer1"
-     inkscape:groupmode="layer">
-    <g
-       id="g2491">
-      <path
-         transform="matrix(0.9747328,0,0,0.9747328,8.1232897,4.8258519)"
-         inkscape:export-ydpi="98"
-         inkscape:export-xdpi="98"
-         sodipodi:nodetypes="cccccc"
-         id="path2486"
-         d="M 183,323 L 53,296 L 0.99999999,150 L 196,96 L 255,237 L 183,323 z "
-         style="fill:#1a1a1a;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter3497)" />
-      <path
-         id="path5140"
-         sodipodi:nodetypes="ccccc"
-         d="M 103.94986,273.26347 L 112.82679,278.13224 L 130.15293,266.67465 L 121.4575,262.08933 L 103.94986,273.26347 z "
-         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path5128"
-         sodipodi:nodetypes="ccccc"
-         d="M 156.01098,239.64164 L 164.60219,243.86025 L 180.14702,233.7166 L 171.54021,229.64474 L 156.01098,239.64164 z "
-         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path5132"
-         sodipodi:nodetypes="ccccc"
-         d="M 171.60139,229.6086 L 180.08668,233.62387 L 195.07741,223.67266 L 186.68482,219.84353 L 171.60139,229.6086 z "
-         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path5130"
-         sodipodi:nodetypes="ccccc"
-         d="M 186.53932,219.8472 L 195.14618,223.77328 L 207.96039,215.29699 L 199.53214,211.5709 L 186.53932,219.8472 z "
-         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path5134"
-         sodipodi:nodetypes="ccccc"
-         d="M 199.53942,211.55443 L 208.00833,215.29699 L 219.61158,207.48873 L 211.43624,203.97858 L 199.53942,211.55443 z "
-         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path5136"
-         sodipodi:nodetypes="ccccc"
-         d="M 211.48298,203.99346 L 219.48498,207.43045 L 231.12889,200.02493 L 223.45622,196.26063 L 211.48298,203.99346 z "
-         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2172"
-         sodipodi:nodetypes="ccccc"
-         d="M 68.307573,278.59889 L 233.3461,375.01483 L 393.09703,219.55258 L 250.10479,166.11978 L 68.307573,278.59889 z "
-         style="fill:#000000;fill-rule:evenodd;stroke:#333333;stroke-width:0.81824058;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         sodipodi:nodetypes="cccccc"
-         id="path16273"
-         d="M 277.69986,176.50516 C 177.30035,235.42715 239.60255,221.94517 101.71421,297.5792 L 189.47945,349.38523 C 273.26264,323.79193 366.41421,274.97725 355.07543,205.22753 L 295.56691,183.1214 L 277.69986,176.50516 z "
-         style="fill:url(#linearGradient2777);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path2174"
-         sodipodi:nodetypes="ccccc"
-         d="M 68.171626,278.57262 L 68.303363,291.78988 L 232.57786,391.18452 C 235.83055,389.43142 237.23238,379.0975 233.63174,375.00319 L 68.171626,278.57262 z "
-         style="fill:#000000;fill-rule:evenodd;stroke:#333333;stroke-width:0.81824058;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path2176"
-         sodipodi:nodetypes="ccccc"
-         d="M 393.07972,219.62716 C 394.063,222.66073 395.10956,229.26471 392.24335,231.97585 L 232.84133,390.92104 C 237.0608,386.09241 235.76133,380.47536 233.63174,374.73973 L 393.07972,219.62716 z "
-         style="fill:#000000;fill-rule:evenodd;stroke:#333333;stroke-width:0.81824058;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         d="M 34.974214,77.099241 C 34.974214,77.099241 63.429139,279.82741 65.53691,277.66987 C 67.644683,275.51232 249.44002,164.63325 249.44002,164.63325 L 249.96698,8.789858 L 34.974214,77.099241 z "
-         sodipodi:nodetypes="csccc"
-         id="path2178"
-         style="fill:#1a1a1a;fill-rule:evenodd;stroke:#333333;stroke-width:0.81824058;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         inkscape:export-ydpi="98"
-         inkscape:export-xdpi="98"
-         d="M 243.62988,7.3609944 C 248.64901,5.9522606 248.53121,7.8674281 249.93941,8.795189 L 34.974214,76.572297 C 33.041161,74.848362 32.232239,75.552395 27.898382,75.685479 L 243.62988,7.3609944 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2182"
-         style="fill:#1a1a1a;fill-rule:evenodd;stroke:#333333;stroke-width:0.81824058;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path3155"
-         sodipodi:nodetypes="ccccc"
-         d="M 41.127572,89.515883 L 247.04644,21.857141 L 245.56959,155.03645 L 66.892268,262.94003 L 41.127572,89.515883 z "
-         style="fill:url(#radialGradient3763);fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:round;stroke-opacity:1" />
-      <path
-         id="path4130"
-         sodipodi:nodetypes="ccccc"
-         d="M 270.30146,173.89938 L 92.059548,291.88393 L 83.064049,286.84829 L 262.53913,170.82327 L 270.30146,173.89938 z "
-         style="fill:none;fill-rule:evenodd;stroke:#999999;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path5126"
-         sodipodi:nodetypes="ccc"
-         d="M 113.88343,277.34844 L 133.41939,264.57042 L 113.88343,277.34844 z "
-         style="opacity:0.3;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 260.55944,282.16245 C 260.55944,282.16245 299.34305,249.72696 299.34305,249.72696 C 301.56567,247.86815 306.24993,247.63883 309.88553,249.20565 C 309.88553,249.20565 329.40032,257.90584 329.40032,257.90584 C 333.27561,259.57597 334.75677,262.55505 332.67995,264.59388 C 332.67995,264.59388 296.81833,299.27831 296.81833,299.27831 C 294.33747,301.71377 288.97351,302.06916 284.843,300.06406 C 284.843,300.06406 262.71041,289.52115 262.71041,289.52115 C 258.86144,287.6527 257.92393,284.36659 260.55944,282.16245 C 260.55944,282.16245 260.55944,282.16245 260.55944,282.16245"
-         sodipodi:nodetypes="cccccccccc"
-         id="rect2179"
-         style="opacity:0.88999999;fill:#999999;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.97445869;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 156.31199,239.61556 C 158.84932,237.6711 165.25317,241.39833 164.88374,243.74344 L 156.31199,239.61556 z "
-         sodipodi:nodetypes="ccc"
-         id="path5322"
-         style="opacity:0.99720004;fill:#666666;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         d="M 112.5495,278.27384 L 130.07045,266.61299 C 128.6036,263.60624 125.86497,261.45071 121.46704,261.8451 L 104.04747,273.28768 C 107.08494,271.21271 112.98604,275.81472 112.5495,278.27384 z "
-         sodipodi:nodetypes="ccccc"
-         id="path6299"
-         style="fill:#808080;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         d="M 104.03121,273.29774 C 107.49791,271.05672 113.43311,276.6129 112.52259,278.36122 L 104.03121,273.29774 z "
-         sodipodi:nodetypes="ccc"
-         id="path4349"
-         style="opacity:0.68999999;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path8239"
-         sodipodi:nodetypes="ccccc"
-         d="M 164.84019,243.7543 L 179.63884,233.97378 C 178.89388,231.15559 176.668,229.33065 171.42447,229.78669 L 156.27423,239.63114 C 158.95009,237.51097 165.57347,241.76179 164.84019,243.7543 z "
-         style="fill:#4d4d4d;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         d="M 179.54294,233.98976 L 194.50141,224.24118 C 193.46879,221.32711 190.97123,219.43825 185.96742,220.29382 L 170.84915,230.10631 C 173.88125,228.78365 179.05461,230.45474 179.54294,233.98976 z "
-         sodipodi:nodetypes="ccccc"
-         id="path8241"
-         style="fill:#4d4d4d;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path8243"
-         sodipodi:nodetypes="ccccc"
-         d="M 194.43749,224.22521 L 207.70194,215.40355 C 205.96614,212.71322 203.80418,211.59145 199.45559,211.72786 L 185.90349,220.3098 C 189.09541,219.56246 193.62952,220.65822 194.43749,224.22521 z "
-         style="fill:#4d4d4d;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         d="M 207.74987,215.38757 L 219.33629,207.66862 C 217.34479,205.17006 215.05499,204.11222 211.28174,204.12078 L 199.40765,211.74385 C 202.7434,211.44397 205.80725,212.3959 207.74987,215.38757 z "
-         sodipodi:nodetypes="ccccc"
-         id="path8245"
-         style="fill:#4d4d4d;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path8247"
-         sodipodi:nodetypes="ccccc"
-         d="M 219.30433,207.70059 L 231.03457,199.96565 C 229.55448,196.50822 226.62543,195.89785 223.29965,196.19408 L 211.04202,204.2646 C 214.01019,203.93277 216.67451,204.42126 219.30433,207.70059 z "
-         style="fill:#4d4d4d;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="rect2202"
-         sodipodi:nodetypes="cccccccccc"
-         d="M 221.68659,286.68216 C 221.68659,286.68216 271.7827,246.38199 271.7827,246.38199 C 272.38533,245.90267 273.62888,245.89275 274.57389,246.35926 C 274.57389,246.35926 282.22513,250.1218 282.22513,250.1218 C 283.18438,250.59535 283.48058,251.37156 282.88624,251.86264 C 282.88624,251.86264 233.55382,293.3224 233.55382,293.3224 C 232.81433,293.93337 231.39356,293.96431 230.37209,293.3911 C 230.37209,293.3911 222.1464,288.7742 222.1464,288.7742 C 221.14187,288.21048 220.9385,287.27719 221.68659,286.68216 C 221.68659,286.68216 221.68659,286.68216 221.68659,286.68216"
-         style="fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.69999999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path2449"
-         d="M 219.03426,288.29491 L 230.39646,294.74997 L 222.03124,301.79784 L 210.47874,295.2849 L 219.03426,288.29491 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2451"
-         d="M 209.4152,296.07932 L 221.07617,302.55531 L 212.38161,309.86664 L 201.01939,302.85172 L 209.4152,296.07932 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2453"
-         d="M 200.12349,303.5516 L 211.48907,310.55261 L 202.5404,317.99996 L 190.60096,311.18361 L 200.12349,303.5516 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2455"
-         d="M 189.70952,311.95745 L 201.6931,318.78476 L 190.71106,328.04619 L 178.53214,321.0788 L 189.70952,311.95745 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2457"
-         sodipodi:nodetypes="ccccc"
-         d="M 273.68393,244.42789 L 284.19406,249.63047 L 292.16408,243.02723 L 281.60172,238.10854 L 273.68393,244.42789 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2459"
-         sodipodi:nodetypes="ccccc"
-         d="M 282.58552,237.35878 L 290.13787,231.26634 L 300.94177,235.89096 L 293.0886,242.26102 L 282.58552,237.35878 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2461"
-         sodipodi:nodetypes="ccccc"
-         d="M 291.16226,230.48888 L 301.87328,235.11565 L 309.36795,228.87453 L 299.02555,224.08989 L 291.16226,230.48888 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2463"
-         sodipodi:nodetypes="ccccc"
-         d="M 289.93538,230.01549 L 280.93975,225.55672 L 289.03737,219.25932 L 297.95995,223.58772 L 289.93538,230.01549 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2465"
-         d="M 177.42321,320.41889 L 166.48786,314.26225 L 188.72682,297.2375 L 199.03429,302.90648 L 177.42321,320.41889 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2467"
-         sodipodi:nodetypes="ccccc"
-         d="M 290.08046,218.43641 L 298.85735,222.73969 L 319.87746,205.75759 L 310.78391,202.19572 L 290.08046,218.43641 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2469"
-         sodipodi:nodetypes="ccccccc"
-         d="M 298.08535,210.7646 L 309.62549,201.69751 L 288.03973,193.31937 L 273.6384,203.95987 L 283.46625,207.8962 L 286.18927,205.81393 L 298.08535,210.7646 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2471"
-         sodipodi:nodetypes="ccccc"
-         d="M 286.62375,192.75442 L 266.91147,207.38925 L 257.59069,203.41102 L 277.74109,189.32694 L 286.62375,192.75442 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2473"
-         d="M 165.36066,313.63832 L 184.46965,298.98505 L 172.33203,292.59392 L 153.19109,306.83736 L 165.36066,313.63832 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2475"
-         d="M 151.95557,306.23713 L 167.0892,294.93513 L 156.09726,289.01503 L 140.88977,299.91382 L 151.95557,306.23713 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2477"
-         d="M 139.74507,299.3323 L 150.85746,291.335 L 140.35153,285.53863 L 129.36288,293.43149 L 139.74507,299.3323 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2497"
-         d="M 141.44916,284.84419 L 150.48582,278.42628 L 160.93153,283.91261 L 151.79607,290.59399 L 141.44916,284.84419 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2499"
-         d="M 200.06639,302.0818 L 208.31119,295.49502 L 197.64102,290.05561 L 189.67659,296.43646 L 200.06639,302.0818 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2501"
-         d="M 185.44374,298.19559 L 193.86354,291.59284 L 181.96116,285.25056 L 173.47309,291.62812 L 185.44374,298.19559 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2503"
-         d="M 168.25222,294.17765 L 176.70261,287.76919 L 165.64522,281.91859 L 157.20372,288.20299 L 168.25222,294.17765 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 151.55607,277.71812 L 160.35985,271.62622 L 170.55671,277.01143 L 161.94955,283.18847 L 151.55607,277.71812 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2505"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2507"
-         d="M 177.75365,287.00502 L 186.23698,280.4648 L 175.54186,274.93789 L 166.63928,281.22229 L 177.75365,287.00502 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2509"
-         d="M 161.45339,270.89479 L 170.04758,264.82618 L 180.19785,270.07166 L 171.68385,276.24869 L 161.45339,270.89479 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2511"
-         d="M 194.72496,290.89785 L 203.34236,284.16335 L 191.50585,278.08454 L 183.01779,284.4621 L 194.72496,290.89785 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2513"
-         d="M 209.44739,294.73981 L 218.00506,287.74135 L 207.50073,282.4405 L 198.6953,289.16034 L 209.44739,294.73981 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2515"
-         d="M 219.03117,287.00034 L 227.95111,279.8372 L 217.57851,274.66809 L 208.54255,281.61848 L 219.03117,287.00034 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2517"
-         d="M 229.01016,279.06327 L 236.63632,273.08946 L 226.18986,268.0248 L 218.58741,273.879 L 229.01016,279.06327 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2519"
-         d="M 237.61157,272.25159 L 246.12267,265.48601 L 235.81592,260.50649 L 227.24338,267.18776 L 237.61157,272.25159 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 246.92622,264.70405 L 255.31922,258.03494 L 245.2101,253.19516 L 236.79987,259.71739 L 246.92622,264.70405 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2521"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2523"
-         sodipodi:nodetypes="ccccc"
-         d="M 256.24944,257.30562 L 264.00138,251.14415 L 253.91623,246.49536 L 246.24255,252.47136 L 256.24944,257.30562 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 264.94343,250.38346 L 271.79281,244.57197 L 262.14241,240.07284 L 254.8806,245.75341 L 264.94343,250.38346 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2525"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2527"
-         sodipodi:nodetypes="ccccc"
-         d="M 272.6829,243.79667 L 280.45445,237.62292 L 270.90284,233.32138 L 263.17995,239.29836 L 272.6829,243.79667 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 281.41039,236.84761 L 288.91847,230.83852 L 279.86087,226.40525 L 272.03919,232.4481 L 281.41039,236.84761 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2529"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2531"
-         d="M 171.18769,264.04817 L 180.52708,257.51381 L 190.25819,262.57298 L 181.32501,269.3555 L 171.18769,264.04817 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2533"
-         sodipodi:nodetypes="ccccc"
-         d="M 181.56334,256.75316 L 190.15752,250.68454 L 199.60916,255.83687 L 191.23489,261.73446 L 181.56334,256.75316 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 191.13838,249.97224 L 200.12848,243.67074 L 209.58148,248.76519 L 200.57843,255.12855 L 191.13838,249.97224 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2535"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2537"
-         sodipodi:nodetypes="ccccc"
-         d="M 201.14148,242.94942 L 208.96784,237.50889 L 218.76812,242.01382 L 210.62107,248.07043 L 201.14148,242.94942 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 209.93861,236.70829 L 218.48624,230.77939 L 228.17074,235.18651 L 219.79647,241.31698 L 209.93861,236.70829 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2539"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2541"
-         sodipodi:nodetypes="ccccc"
-         d="M 219.48896,230.08656 L 227.94108,224.18895 L 237.62559,228.38647 L 229.19014,234.46609 L 219.48896,230.08656 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 229.04981,223.34939 L 237.64399,217.28078 L 247.18879,221.5016 L 238.67479,227.67863 L 229.04981,223.34939 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2543"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2545"
-         sodipodi:nodetypes="ccccc"
-         d="M 238.75966,216.51376 L 246.46891,211.02733 L 256.03698,215.155 L 248.29149,220.74984 L 238.75966,216.51376 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 247.52515,210.2999 L 256.52687,204.13813 L 265.95523,208.14936 L 257.24328,214.48941 L 247.52515,210.2999 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2547"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2242"
-         d="M 192.42707,277.38276 L 201.04243,270.93376 L 212.81727,276.9437 L 204.25518,283.46405 L 192.42707,277.38276 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2244"
-         d="M 202.01582,270.12726 L 210.21341,264.10219 L 221.92044,269.93134 L 213.74806,276.20857 L 202.01582,270.12726 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2246"
-         d="M 211.22102,263.35122 L 219.52192,257.1363 L 231.06172,262.8037 L 222.85738,269.20877 L 211.22102,263.35122 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2248"
-         sodipodi:nodetypes="ccccc"
-         d="M 220.48694,256.41147 L 231.99345,262.05286 L 239.51447,256.25393 L 228.07804,250.72214 C 228.07804,250.72214 220.51891,256.44343 220.48694,256.41147 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 228.98488,249.90241 L 240.4914,255.5438 L 248.01241,249.74486 L 236.57599,244.21308 C 236.57599,244.21308 229.01684,249.93436 228.98488,249.90241 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2250"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2252"
-         sodipodi:nodetypes="ccccc"
-         d="M 237.56868,243.44725 L 248.97931,248.99274 L 257.07404,242.57877 L 246.02277,237.37437 L 237.56868,243.44725 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 247.06561,236.56786 L 258.0749,241.84765 L 265.97947,235.69713 L 254.71266,230.82259 L 247.06561,236.56786 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2254"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2256"
-         sodipodi:nodetypes="ccccc"
-         d="M 255.89713,229.9869 L 266.95163,234.90506 L 274.38224,229.19653 L 263.30742,224.43317 L 255.89713,229.9869 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 264.32207,223.68092 L 275.3101,228.44997 L 282.89504,222.58711 L 271.91318,217.99159 L 264.32207,223.68092 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2258"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2260"
-         sodipodi:nodetypes="ccccc"
-         d="M 272.9276,217.22814 L 283.86907,221.82988 L 290.30525,216.88979 L 279.45645,212.28463 L 272.9276,217.22814 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 280.51495,211.48086 L 291.20783,216.17301 L 297.14678,211.54933 L 286.38838,207.05719 L 280.51495,211.48086 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2262"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2264"
-         d="M 187.21456,279.65363 L 195.69788,273.11343 L 185.00277,267.58651 L 176.10019,273.87091 L 187.21456,279.65363 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2266"
-         d="M 196.93117,272.23833 L 205.68571,265.78852 L 194.71938,260.1712 L 185.8168,266.4556 L 196.93117,272.23833 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2268"
-         sodipodi:nodetypes="ccccc"
-         d="M 206.76011,265.04128 L 215.60505,258.63667 L 204.90993,253.42617 L 196.23337,259.52977 L 206.76011,265.04128 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 216.55615,257.79127 L 225.72667,251.12321 L 215.30323,245.97983 L 205.95318,252.6478 L 216.55615,257.79127 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2270"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2272"
-         sodipodi:nodetypes="ccccc"
-         d="M 226.62217,250.28446 L 234.42747,244.46748 L 224.14692,239.49074 L 216.41185,245.13456 L 226.62217,250.28446 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 235.3202,243.66108 L 242.92208,238.20571 L 232.8824,233.22122 L 225.20027,238.78239 L 235.3202,243.66108 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2274"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2276"
-         sodipodi:nodetypes="ccccc"
-         d="M 244.04269,237.40717 L 251.47219,231.70252 L 241.73406,226.77098 L 234.01317,232.34768 L 244.04269,237.40717 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 252.6522,231.11226 L 260.3045,225.27523 L 250.58643,220.64138 L 242.89843,226.09476 L 252.6522,231.11226 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2278"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2280"
-         sodipodi:nodetypes="ccccc"
-         d="M 261.23976,224.42239 L 268.45876,219.21044 L 258.80517,214.83417 L 251.72352,219.79033 L 261.23976,224.42239 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 269.52519,218.43638 L 275.83883,213.61385 L 266.36416,209.30737 L 259.8121,214.10012 L 269.52519,218.43638 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2282"
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path2284"
-         sodipodi:nodetypes="ccccc"
-         d="M 276.80269,212.87655 L 282.2575,208.64164 L 272.64721,204.83239 L 267.406,208.63069 L 276.80269,212.87655 z "
-         style="fill:#ff00ff;fill-rule:evenodd;stroke:#000000;stroke-width:1.02280068px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="rect3291"
-         d="M 302.87759,234.27933 C 302.87759,234.27933 308.38212,229.69548 308.38212,229.69548 C 308.92862,229.24038 308.77424,228.59985 308.03355,228.25718 C 308.03355,228.25718 300.43832,224.74347 300.43832,224.74347 C 299.65719,224.38211 298.56475,224.46487 297.99153,224.93134 C 297.99153,224.93134 292.2163,229.63113 292.2163,229.63113 C 291.63275,230.10601 291.81664,230.77156 292.62585,231.12111 C 292.62585,231.12111 300.49174,234.51889 300.49174,234.51889 C 301.25859,234.85015 302.32155,234.74235 302.87759,234.27933 C 302.87759,234.27933 302.87759,234.27933 302.87759,234.27933"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3293"
-         d="M 235.3731,272.47703 C 235.3731,272.47703 227.42329,268.6228 227.42329,268.6228 C 226.73948,268.29128 225.78761,268.33455 225.2875,268.71966 C 225.2875,268.71966 219.50192,273.17479 219.50192,273.17479 C 218.99549,273.56477 219.13572,274.15174 219.81793,274.49107 C 219.81793,274.49107 227.7497,278.43631 227.7497,278.43631 C 228.44749,278.78339 229.41954,278.74258 229.9276,278.34461 C 229.9276,278.34461 235.73123,273.79845 235.73123,273.79845 C 236.23285,273.4055 236.07241,272.81607 235.3731,272.47703 C 235.3731,272.47703 235.3731,272.47703 235.3731,272.47703"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3299"
-         d="M 247.43674,211.44485 C 247.43674,211.44485 255.04475,214.72695 255.04475,214.72695 C 255.59412,214.96395 255.68572,215.40873 255.24904,215.72416 C 255.24904,215.72416 249.09015,220.17295 249.09015,220.17295 C 248.64784,220.49244 247.85024,220.55375 247.30291,220.31051 C 247.30291,220.31051 239.72373,216.94221 239.72373,216.94221 C 239.18929,216.7047 239.11431,216.26136 239.55452,215.94809 C 239.55452,215.94809 245.68459,211.58552 245.68459,211.58552 C 246.11924,211.27618 246.90023,211.21341 247.43674,211.44485 C 247.43674,211.44485 247.43674,211.44485 247.43674,211.44485"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3301"
-         d="M 211.38791,264.687 C 211.38791,264.687 220.69642,269.32187 220.69642,269.32187 C 221.37384,269.65917 221.55369,270.21304 221.09728,270.56361 C 221.09728,270.56361 214.59913,275.55485 214.59913,275.55485 C 214.12804,275.9167 213.20005,275.92451 212.52093,275.57249 C 212.52093,275.57249 203.19239,270.73714 203.19239,270.73714 C 202.53988,270.39891 202.39682,269.84723 202.86919,269.50005 C 202.86919,269.50005 209.38739,264.7093 209.38739,264.7093 C 209.84537,264.37269 210.73656,264.36268 211.38791,264.687 C 211.38791,264.687 211.38791,264.687 211.38791,264.687"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3305"
-         d="M 190.80124,251.03544 C 190.80124,251.03544 198.99762,255.5035 198.99762,255.5035 C 199.33669,255.68835 199.3609,256.01171 199.05255,256.22886 C 199.05255,256.22886 191.79012,261.34344 191.79012,261.34344 C 191.48252,261.56007 190.95608,261.59085 190.60912,261.41215 C 190.60912,261.41215 182.222,257.0924 182.222,257.0924 C 181.85741,256.90462 181.81745,256.57372 182.13313,256.35082 C 182.13313,256.35082 189.58629,251.08792 189.58629,251.08792 C 189.90275,250.86444 190.44492,250.8412 190.80124,251.03544 C 190.80124,251.03544 190.80124,251.03544 190.80124,251.03544"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3309"
-         d="M 200.86922,319.47957 C 200.86922,319.47957 191.5626,327.32806 191.5626,327.32806 C 191.09111,327.72566 190.29604,327.80875 189.78059,327.51386 C 189.78059,327.51386 179.45944,321.6093 179.45944,321.6093 C 178.94568,321.31539 178.91894,320.76315 179.3988,320.37157 C 179.3988,320.37157 188.87097,312.64175 188.87097,312.64175 C 189.33581,312.26242 190.11645,312.18928 190.62199,312.47729 C 190.62199,312.47729 200.77757,318.26317 200.77757,318.26317 C 201.28475,318.55212 201.32593,319.09442 200.86922,319.47957 C 200.86922,319.47957 200.86922,319.47957 200.86922,319.47957"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3311"
-         d="M 227.03328,279.37981 C 227.03328,279.37981 218.4746,275.11465 218.4746,275.11465 C 217.9779,274.86712 217.23368,274.93335 216.80449,275.26346 C 216.80449,275.26346 209.3489,280.99824 209.3489,280.99824 C 208.90258,281.34154 208.94628,281.82562 209.44841,282.08328 C 209.44841,282.08328 218.10282,286.52398 218.10282,286.52398 C 218.61686,286.78775 219.38667,286.71486 219.82736,286.36095 C 219.82736,286.36095 227.18725,280.45063 227.18725,280.45063 C 227.61081,280.1105 227.5415,279.63307 227.03328,279.37981 C 227.03328,279.37981 227.03328,279.37981 227.03328,279.37981"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3313"
-         d="M 200.87727,244.07429 C 200.87727,244.07429 208.8242,248.35707 208.8242,248.35707 C 209.24365,248.58313 209.26299,248.99029 208.86725,249.27001 C 208.86725,249.27001 201.29858,254.61953 201.29858,254.61953 C 200.89969,254.90148 200.24107,254.94426 199.82216,254.71545 C 199.82216,254.71545 191.88613,250.38067 191.88613,250.38067 C 191.47181,250.15435 191.45917,249.7474 191.8575,249.46819 C 191.8575,249.46819 199.41526,244.17067 199.41526,244.17067 C 199.81044,243.89367 200.46234,243.85067 200.87727,244.07429 C 200.87727,244.07429 200.87727,244.07429 200.87727,244.07429"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3317"
-         d="M 168.98052,312.35404 C 168.98052,312.35404 186.52228,298.92516 186.52228,298.92516 C 187.74742,297.98727 189.20942,297.50291 189.80916,297.83277 C 189.80916,297.83277 197.94313,302.30636 197.94313,302.30636 C 198.54751,302.63875 198.08283,303.67748 196.89261,304.64197 C 196.89261,304.64197 179.8462,318.45547 179.8462,318.45547 C 178.50836,319.53957 176.90663,320.12806 176.26526,319.76696 C 176.26526,319.76696 167.6358,314.90855 167.6358,314.90855 C 166.99971,314.55042 167.60418,313.40767 168.98052,312.35404 C 168.98052,312.35404 168.98052,312.35404 168.98052,312.35404"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3319"
-         d="M 192.5101,290.87165 C 192.5101,290.87165 183.27464,285.95046 183.27464,285.95046 C 182.54633,285.56237 181.54412,285.5639 181.0251,285.95388 C 181.0251,285.95388 174.43893,290.90244 174.43893,290.90244 C 173.90432,291.3041 174.06146,291.95091 174.79375,292.35267 C 174.79375,292.35267 184.08217,297.44861 184.08217,297.44861 C 184.83581,297.86207 185.87162,297.86005 186.40206,297.44408 C 186.40206,297.44408 192.93525,292.32079 192.93525,292.32079 C 193.44997,291.91714 193.25925,291.27084 192.5101,290.87165 C 192.5101,290.87165 192.5101,290.87165 192.5101,290.87165"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3321"
-         d="M 185.1382,279.89699 C 185.1382,279.89699 176.63387,275.50221 176.63387,275.50221 C 176.02877,275.18952 175.15088,275.21388 174.66322,275.55813 C 174.66322,275.55813 167.58535,280.55447 167.58535,280.55447 C 167.06223,280.92372 167.14522,281.48553 167.77396,281.81266 C 167.77396,281.81266 176.61165,286.41084 176.61165,286.41084 C 177.2442,286.73996 178.15674,286.69425 178.65527,286.3099 C 178.65527,286.3099 185.39983,281.11021 185.39983,281.11021 C 185.86446,280.752 185.74682,280.2115 185.1382,279.89699 C 185.1382,279.89699 185.1382,279.89699 185.1382,279.89699"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3323"
-         d="M 161.12258,272.02905 C 161.12258,272.02905 169.7964,276.60989 169.7964,276.60989 C 170.21763,276.83236 170.27487,277.2137 169.92432,277.46528 C 169.92432,277.46528 162.60291,282.7196 162.60291,282.7196 C 162.24117,282.9792 161.60395,283.00656 161.17461,282.7806 C 161.17461,282.7806 152.33353,278.12732 152.33353,278.12732 C 151.90283,277.90063 151.85435,277.51172 152.22438,277.25569 C 152.22438,277.25569 159.71303,272.0738 159.71303,272.0738 C 160.07158,271.82571 160.70003,271.80589 161.12258,272.02905 C 161.12258,272.02905 161.12258,272.02905 161.12258,272.02905"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3325"
-         d="M 220.2904,303.21609 C 220.2904,303.21609 213.19436,309.1832 213.19436,309.1832 C 212.74444,309.56153 211.88835,309.56212 211.27912,309.18598 C 211.27912,309.18598 202.00839,303.46232 202.00839,303.46232 C 201.45919,303.12325 201.36941,302.5694 201.80347,302.21926 C 201.80347,302.21926 208.65568,296.69198 208.65568,296.69198 C 209.07675,296.35232 209.86703,296.33025 210.43121,296.64355 C 210.43121,296.64355 219.94579,301.92755 219.94579,301.92755 C 220.57046,302.27448 220.72603,302.84974 220.2904,303.21609 C 220.2904,303.21609 220.2904,303.21609 220.2904,303.21609"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3327"
-         d="M 250.18155,231.04893 C 250.18155,231.04893 243.02922,227.42687 243.02922,227.42687 C 242.31181,227.06355 241.28875,227.09263 240.73358,227.49361 C 240.73358,227.49361 235.06335,231.58914 235.06335,231.58914 C 234.48252,232.00866 234.60822,232.64785 235.34714,233.02061 C 235.34714,233.02061 242.71349,236.73664 242.71349,236.73664 C 243.44994,237.10815 244.49431,237.0604 245.05318,236.63127 C 245.05318,236.63127 250.50942,232.44177 250.50942,232.44177 C 251.04367,232.03155 250.89663,231.41106 250.18155,231.04893 C 250.18155,231.04893 250.18155,231.04893 250.18155,231.04893"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3329"
-         d="M 241.73896,237.6183 C 241.73896,237.6183 234.09875,233.82511 234.09875,233.82511 C 233.42547,233.49084 232.47146,233.51871 231.96125,233.88804 C 231.96125,233.88804 226.11501,238.1202 226.11501,238.1202 C 225.60814,238.48713 225.74764,239.04628 226.42628,239.37343 C 226.42628,239.37343 234.12755,243.08611 234.12755,243.08611 C 234.78882,243.40491 235.72382,243.37142 236.22543,243.01146 C 236.22543,243.01146 242.01062,238.85982 242.01062,238.85982 C 242.51547,238.49751 242.39495,237.94399 241.73896,237.6183 C 241.73896,237.6183 241.73896,237.6183 241.73896,237.6183"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3331"
-         d="M 291.06923,231.66501 C 291.06923,231.66501 299.93537,235.46017 299.93537,235.46017 C 300.49195,235.69842 300.62867,236.14494 300.23967,236.46046 C 300.23967,236.46046 293.79405,241.68879 293.79405,241.68879 C 293.40327,242.00578 292.65126,242.0569 292.11015,241.80432 C 292.11015,241.80432 283.49087,237.78134 283.49087,237.78134 C 282.98847,237.54685 282.88811,237.11468 283.26389,236.81155 C 283.26389,236.81155 289.4626,231.81108 289.4626,231.81108 C 289.83674,231.50927 290.5524,231.44378 291.06923,231.66501 C 291.06923,231.66501 291.06923,231.66501 291.06923,231.66501"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3333"
-         d="M 214.6618,258.17714 C 214.6618,258.17714 205.79323,253.8565 205.79323,253.8565 C 205.30323,253.61778 204.58399,253.65545 204.17864,253.94061 C 204.17864,253.94061 196.98327,259.00223 196.98327,259.00223 C 196.56804,259.29434 196.62028,259.73235 197.10235,259.98475 C 197.10235,259.98475 205.83129,264.55497 205.83129,264.55497 C 206.34512,264.82401 207.10144,264.79412 207.5249,264.48748 C 207.5249,264.48748 214.85991,259.17623 214.85991,259.17623 C 215.27294,258.87715 215.18363,258.43136 214.6618,258.17714 C 214.6618,258.17714 214.6618,258.17714 214.6618,258.17714"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3335"
-         d="M 238.61522,217.71027 C 238.61522,217.71027 246.20482,221.06648 246.20482,221.06648 C 246.74975,221.30745 246.80537,221.77975 246.32841,222.12581 C 246.32841,222.12581 239.55856,227.03746 239.55856,227.03746 C 239.06928,227.39242 238.23201,227.47949 237.68245,227.2323 C 237.68245,227.2323 230.0291,223.78987 230.0291,223.78987 C 229.48641,223.54578 229.44798,223.06823 229.94181,222.71952 C 229.94181,222.71952 236.77542,217.89409 236.77542,217.89409 C 237.25693,217.55409 238.07699,217.47225 238.61522,217.71027 C 238.61522,217.71027 238.61522,217.71027 238.61522,217.71027"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3337"
-         d="M 228.91723,224.61205 C 228.91723,224.61205 236.61775,227.94965 236.61775,227.94965 C 237.17563,228.19144 237.24665,228.65958 236.77513,228.99941 C 236.77513,228.99941 230.06777,233.83356 230.06777,233.83356 C 229.58195,234.18369 228.73926,234.26255 228.18027,234.01019 C 228.18027,234.01019 220.46652,230.52787 220.46652,230.52787 C 219.92451,230.28318 219.88144,229.8127 220.36809,229.47313 C 220.36809,229.47313 227.0887,224.78372 227.0887,224.78372 C 227.56129,224.45396 228.37602,224.37747 228.91723,224.61205 C 228.91723,224.61205 228.91723,224.61205 228.91723,224.61205"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3339"
-         d="M 257.14967,204.40311 C 257.14967,204.40311 265.32623,207.88176 265.32623,207.88176 C 265.67464,208.02998 265.706,208.33073 265.3957,208.55655 C 265.3957,208.55655 257.84099,214.05443 257.84099,214.05443 C 257.51021,214.29515 256.95402,214.3647 256.59485,214.20987 C 256.59485,214.20987 248.16698,210.57659 248.16698,210.57659 C 247.81135,210.42328 247.8009,210.11114 248.14264,209.87723 C 248.14264,209.87723 255.94863,204.53395 255.94863,204.53395 C 256.2693,204.31446 256.80459,204.25629 257.14967,204.40311 C 257.14967,204.40311 257.14967,204.40311 257.14967,204.40311"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3341"
-         d="M 201.8511,271.34651 C 201.8511,271.34651 212.00249,276.52784 212.00249,276.52784 C 212.45381,276.7582 212.55592,277.14272 212.23112,277.39008 C 212.23112,277.39008 204.84954,283.01143 204.84954,283.01143 C 204.52035,283.26212 203.89008,283.27634 203.43671,283.04324 C 203.43671,283.04324 193.23937,277.8004 193.23937,277.8004 C 192.78929,277.56899 192.69387,277.18305 193.0251,276.9351 C 193.0251,276.9351 200.45262,271.37525 200.45262,271.37525 C 200.77944,271.1306 201.40305,271.11781 201.8511,271.34651 C 201.8511,271.34651 201.8511,271.34651 201.8511,271.34651"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3343"
-         d="M 219.21667,231.1118 C 219.21667,231.1118 227.42383,234.84661 227.42383,234.84661 C 227.83744,235.03484 227.89363,235.38938 227.54865,235.64192 C 227.54865,235.64192 220.45221,240.83693 220.45221,240.83693 C 220.08929,241.10262 219.45708,241.15831 219.03594,240.96141 C 219.03594,240.96141 210.6819,237.05577 210.6819,237.05577 C 210.26995,236.86319 210.23739,236.50104 210.60771,236.24418 C 210.60771,236.24418 217.85107,231.21996 217.85107,231.21996 C 218.20329,230.97566 218.81185,230.92758 219.21667,231.1118 C 219.21667,231.1118 219.21667,231.1118 219.21667,231.1118"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3345"
-         d="M 166.11203,294.40885 C 166.11203,294.40885 157.04241,289.52408 157.04241,289.52408 C 156.51843,289.24186 155.52217,289.42717 154.80588,289.94053 C 154.80588,289.94053 142.25863,298.93279 142.25863,298.93279 C 141.50124,299.47559 141.31352,300.15596 141.84075,300.45723 C 141.84075,300.45723 150.97129,305.67469 150.97129,305.67469 C 151.51617,305.98604 152.56442,305.78244 153.31853,305.21926 C 153.31853,305.21926 165.80481,295.89435 165.80481,295.89435 C 166.51725,295.36228 166.65299,294.70021 166.11203,294.40885 C 166.11203,294.40885 166.11203,294.40885 166.11203,294.40885"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3349"
-         d="M 151.01455,278.70397 C 151.01455,278.70397 160.37455,283.62006 160.37455,283.62006 C 160.68292,283.78202 160.7229,284.06518 160.46357,284.25485 C 160.46357,284.25485 152.27741,290.24195 152.27741,290.24195 C 152.01084,290.43692 151.5497,290.45709 151.24414,290.28729 C 151.24414,290.28729 141.97268,285.13512 141.97268,285.13512 C 141.68247,284.97384 141.66152,284.69337 141.92511,284.50616 C 141.92511,284.50616 150.02275,278.75515 150.02275,278.75515 C 150.27937,278.57289 150.72146,278.55003 151.01455,278.70397 C 151.01455,278.70397 151.01455,278.70397 151.01455,278.70397"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3351"
-         d="M 175.52443,287.1458 C 175.52443,287.1458 166.79876,282.52893 166.79876,282.52893 C 166.15936,282.19062 165.25137,282.21179 164.76171,282.57631 C 164.76171,282.57631 158.10028,287.53553 158.10028,287.53553 C 157.60379,287.90516 157.7174,288.48077 158.35625,288.82623 C 158.35625,288.82623 167.07489,293.541 167.07489,293.541 C 167.72676,293.8935 168.65274,293.87392 169.1498,293.49696 C 169.1498,293.49696 175.81827,288.43985 175.81827,288.43985 C 176.30838,288.06815 176.17677,287.49096 175.52443,287.1458 C 175.52443,287.1458 175.52443,287.1458 175.52443,287.1458"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3353"
-         d="M 201.97097,283.45905 C 201.97097,283.45905 192.78768,278.74285 192.78768,278.74285 C 192.07622,278.37747 191.08839,278.3982 190.5689,278.78852 C 190.5689,278.78852 183.98269,283.7371 183.98269,283.7371 C 183.44857,284.1384 183.58158,284.77203 184.28486,285.15865 C 184.28486,285.15865 193.36778,290.15177 193.36778,290.15177 C 194.11817,290.56428 195.16258,290.55584 195.70514,290.13183 C 195.70514,290.13183 202.39168,284.90631 202.39168,284.90631 C 202.9188,284.49436 202.72924,283.84847 201.97097,283.45905 C 201.97097,283.45905 201.97097,283.45905 201.97097,283.45905"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3355"
-         d="M 183.209,298.32124 C 183.209,298.32124 173.55788,293.23939 173.55788,293.23939 C 172.87828,292.88156 171.48018,293.22782 170.41912,294.01738 C 170.41912,294.01738 155.20003,305.34244 155.20003,305.34244 C 154.08849,306.16958 153.73855,307.14332 154.41967,307.52396 C 154.41967,307.52396 164.0962,312.93167 164.0962,312.93167 C 164.79619,313.32286 166.25692,312.95103 167.36704,312.09976 C 167.36704,312.09976 182.56068,300.44889 182.56068,300.44889 C 183.61957,299.63691 183.90689,298.68872 183.209,298.32124 C 183.209,298.32124 183.209,298.32124 183.209,298.32124"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3357"
-         d="M 181.25173,257.89055 C 181.25173,257.89055 189.52937,262.19408 189.52937,262.19408 C 189.93309,262.40396 189.973,262.78951 189.61763,263.05932 C 189.61763,263.05932 182.01974,268.82803 182.01974,268.82803 C 181.63543,269.11981 180.98628,269.17817 180.56566,268.95795 C 180.56566,268.95795 171.94248,264.44335 171.94248,264.44335 C 171.5243,264.2244 171.5122,263.82114 171.91393,263.54006 C 171.91393,263.54006 179.85732,257.98241 179.85732,257.98241 C 180.2289,257.72244 180.85025,257.68182 181.25173,257.89055 C 181.25173,257.89055 181.25173,257.89055 181.25173,257.89055"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3359"
-         d="M 207.30074,294.9799 C 207.30074,294.9799 198.59287,290.54083 198.59287,290.54083 C 198.06485,290.27167 197.31412,290.31751 196.90812,290.6428 C 196.90812,290.6428 190.40778,295.85065 190.40778,295.85065 C 190.00268,296.17521 190.08929,296.66071 190.60345,296.94008 C 190.60345,296.94008 199.08253,301.54721 199.08253,301.54721 C 199.62684,301.84297 200.40395,301.81213 200.82331,301.47711 C 200.82331,301.47711 207.55245,296.10117 207.55245,296.10117 C 207.97277,295.76537 207.85976,295.26488 207.30074,294.9799 C 207.30074,294.9799 207.30074,294.9799 207.30074,294.9799"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3361"
-         d="M 210.31834,311.52693 C 210.31834,311.52693 203.74605,316.99659 203.74605,316.99659 C 203.0788,317.55189 201.86,317.61152 201.01035,317.12644 C 201.01035,317.12644 192.24289,312.121 192.24289,312.121 C 191.3355,311.60296 191.17426,310.72413 191.88471,310.15474 C 191.88471,310.15474 198.87844,304.54948 198.87844,304.54948 C 199.56891,303.99608 200.82226,303.98204 201.68556,304.51382 C 201.68556,304.51382 210.03168,309.65489 210.03168,309.65489 C 210.84096,310.15338 210.96757,310.98662 210.31834,311.52693 C 210.31834,311.52693 210.31834,311.52693 210.31834,311.52693"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3363"
-         d="M 229.40869,295.58217 C 229.40869,295.58217 223.04271,300.94565 223.04271,300.94565 C 222.48275,301.41742 221.41805,301.45214 220.65599,301.0225 C 220.65599,301.0225 211.86431,296.06605 211.86431,296.06605 C 211.09687,295.63339 210.94055,294.9076 211.51326,294.43967 C 211.51326,294.43967 218.02408,289.12024 218.02408,289.12024 C 218.58411,288.66268 219.64217,288.64028 220.39694,289.06907 C 220.39694,289.06907 229.04379,293.98149 229.04379,293.98149 C 229.79334,294.40733 229.95631,295.12081 229.40869,295.58217 C 229.40869,295.58217 229.40869,295.58217 229.40869,295.58217"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3365"
-         d="M 217.05231,287.26056 C 217.05231,287.26056 208.43084,282.90987 208.43084,282.90987 C 207.9153,282.6497 207.16011,282.70044 206.73573,283.02431 C 206.73573,283.02431 199.50923,288.5392 199.50923,288.5392 C 199.05894,288.88283 199.11946,289.38044 199.64696,289.65417 C 199.64696,289.65417 208.47177,294.23353 208.47177,294.23353 C 209.01197,294.51386 209.80095,294.45066 210.23875,294.09263 C 210.23875,294.09263 217.26191,288.3491 217.26191,288.3491 C 217.67418,288.01194 217.57986,287.52677 217.05231,287.26056 C 217.05231,287.26056 217.05231,287.26056 217.05231,287.26056"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3367"
-         d="M 170.90895,265.27133 C 170.90895,265.27133 179.32655,269.62137 179.32655,269.62137 C 179.80913,269.87078 179.87784,270.30382 179.47992,270.59253 C 179.47992,270.59253 172.41934,275.71508 172.41934,275.71508 C 172.01209,276.01056 171.29204,276.04365 170.8056,275.78907 C 170.8056,275.78907 162.3215,271.34911 162.3215,271.34911 C 161.84045,271.09734 161.7847,270.66085 162.19576,270.37059 C 162.19576,270.37059 169.32283,265.33795 169.32283,265.33795 C 169.72453,265.05428 170.43163,265.02465 170.90895,265.27133 C 170.90895,265.27133 170.90895,265.27133 170.90895,265.27133"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3369"
-         d="M 204.55438,265.20903 C 204.55438,265.20903 195.83444,260.74237 195.83444,260.74237 C 195.21646,260.42583 194.32033,260.45289 193.82368,260.80347 C 193.82368,260.80347 186.74496,265.80041 186.74496,265.80041 C 186.23123,266.16305 186.32053,266.71769 186.94675,267.04351 C 186.94675,267.04351 195.78441,271.64167 195.78441,271.64167 C 196.41947,271.97209 197.33877,271.93803 197.84403,271.56578 C 197.84403,271.56578 204.80505,266.43735 204.80505,266.43735 C 205.29337,266.07757 205.18091,265.52994 204.55438,265.20903 C 204.55438,265.20903 204.55438,265.20903 204.55438,265.20903"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3371"
-         d="M 194.5991,272.5456 C 194.5991,272.5456 186.09478,268.15083 186.09478,268.15083 C 185.48971,267.83814 184.61179,267.8625 184.12412,268.20675 C 184.12412,268.20675 177.04625,273.20308 177.04625,273.20308 C 176.52314,273.57235 176.60616,274.13416 177.23487,274.46127 C 177.23487,274.46127 186.07255,279.05946 186.07255,279.05946 C 186.70512,279.38857 187.61765,279.34288 188.11618,278.95853 C 188.11618,278.95853 194.86074,273.75884 194.86074,273.75884 C 195.32537,273.40062 195.20773,272.86013 194.5991,272.5456 C 194.5991,272.5456 194.5991,272.5456 194.5991,272.5456"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3373"
-         d="M 284.73208,249.18471 C 284.73208,249.18471 291.64382,243.45826 291.64382,243.45826 C 291.9322,243.21935 291.84218,242.87732 291.44316,242.6915 C 291.44316,242.6915 282.28362,238.42609 282.28362,238.42609 C 281.90552,238.25002 281.37123,238.2925 281.08461,238.52125 C 281.08461,238.52125 274.21817,244.0015 274.21817,244.0015 C 273.92236,244.23759 273.98607,244.57745 274.36212,244.76359 C 274.36212,244.76359 283.47634,249.2752 283.47634,249.2752 C 283.87359,249.47184 284.43418,249.43153 284.73208,249.18471 C 284.73208,249.18471 284.73208,249.18471 284.73208,249.18471"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3375"
-         d="M 266.25849,207.11055 C 266.25849,207.11055 258.22296,203.68087 258.22296,203.68087 C 257.8725,203.5313 258.26258,202.94141 259.09217,202.36158 C 259.09217,202.36158 276.45653,190.22478 276.45653,190.22478 C 277.16993,189.72614 278.01001,189.4307 278.34442,189.55973 C 278.34442,189.55973 286.00228,192.51461 286.00228,192.51461 C 286.34641,192.64741 286.06579,193.16868 285.36877,193.68615 C 285.36877,193.68615 268.38219,206.29734 268.38219,206.29734 C 267.56963,206.9006 266.62006,207.26486 266.25849,207.11055 C 266.25849,207.11055 266.25849,207.11055 266.25849,207.11055"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3377"
-         d="M 150.04703,290.88787 C 150.04703,290.88787 141.14376,285.97573 141.14376,285.97573 C 140.70469,285.73348 139.97814,285.80683 139.51431,286.13998 C 139.51431,286.13998 130.20189,292.82886 130.20189,292.82886 C 129.7371,293.1627 129.71188,293.62984 130.14579,293.87645 C 130.14579,293.87645 138.94417,298.87711 138.94417,298.87711 C 139.38768,299.12918 140.1235,299.05996 140.59351,298.72169 C 140.59351,298.72169 150.01083,291.94429 150.01083,291.94429 C 150.47987,291.60674 150.49581,291.13546 150.04703,290.88787 C 150.04703,290.88787 150.04703,290.88787 150.04703,290.88787"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3379"
-         sodipodi:nodetypes="cccccssssccccc"
-         d="M 308.02082,201.07469 C 308.02082,201.07469 290.25388,194.17877 290.25388,194.17877 C 289.03643,193.70622 287.49217,193.72395 286.81047,194.22762 C 286.81047,194.22762 274.92805,203.00701 274.92805,203.00701 C 274.21432,203.53434 274.06866,203.98769 275.45256,204.3729 L 282.20799,207.13372 C 283.30081,207.58033 283.29864,207.60345 284.24763,206.91193 L 285.51228,205.99038 C 285.78882,205.78886 286.61757,205.71073 287.50613,206.09359 L 296.65875,210.03701 C 297.66812,210.31796 298.54496,210.40349 299.11475,209.9558 C 299.11475,209.9558 308.63657,202.4745 308.63657,202.4745 C 309.1849,202.04368 308.91548,201.42193 308.02082,201.07469 C 308.02082,201.07469 308.02082,201.07469 308.02082,201.07469"
-         style="fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3381"
-         d="M 263.00018,250.94679 C 263.00018,250.94679 254.5221,247.0388 254.5221,247.0388 C 254.08593,246.83775 253.46532,246.88652 253.12956,247.148 C 253.12956,247.148 246.6785,252.17186 246.6785,252.17186 C 246.33694,252.43788 246.40946,252.82015 246.84217,253.0292 C 246.84217,253.0292 255.25442,257.09309 255.25442,257.09309 C 255.70512,257.31082 256.34668,257.26542 256.6918,256.99111 C 256.6918,256.99111 263.20867,251.81133 263.20867,251.81133 C 263.54778,251.54179 263.45431,251.15613 263.00018,250.94679 C 263.00018,250.94679 263.00018,250.94679 263.00018,250.94679"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3385"
-         d="M 224.63535,250.5847 C 224.63535,250.5847 216.40989,246.52591 216.40989,246.52591 C 215.79702,246.2235 214.86783,246.29035 214.3264,246.67645 C 214.3264,246.67645 206.94803,251.93833 206.94803,251.93833 C 206.39716,252.33118 206.45553,252.89148 207.07898,253.19391 C 207.07898,253.19391 215.44611,257.2528 215.44611,257.2528 C 216.0613,257.55121 216.99156,257.47468 217.53182,257.08184 C 217.53182,257.08184 224.76854,251.81989 224.76854,251.81989 C 225.29959,251.43374 225.24017,250.88315 224.63535,250.5847 C 224.63535,250.5847 224.63535,250.5847 224.63535,250.5847"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3387"
-         d="M 220.79919,257.76358 C 220.79919,257.76358 229.7534,262.16116 229.7534,262.16116 C 230.47771,262.51688 230.65884,263.11821 230.15739,263.5097 C 230.15739,263.5097 223.79138,268.4796 223.79138,268.4796 C 223.27442,268.8832 222.26833,268.91225 221.53782,268.54453 C 221.53782,268.54453 212.50868,263.9994 212.50868,263.9994 C 211.79484,263.64005 211.64287,263.03537 212.16581,262.64384 C 212.16581,262.64384 218.60675,257.8215 218.60675,257.8215 C 219.11421,257.44156 220.09111,257.41585 220.79919,257.76358 C 220.79919,257.76358 220.79919,257.76358 220.79919,257.76358"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3389"
-         d="M 209.90305,237.93879 C 209.90305,237.93879 217.69144,241.5189 217.69144,241.5189 C 218.2857,241.79206 218.40792,242.28161 217.95894,242.61539 C 217.95894,242.61539 211.48141,247.43084 211.48141,247.43084 C 211.00555,247.78462 210.15328,247.81772 209.57718,247.50651 C 209.57718,247.50651 202.04394,243.43694 202.04394,243.43694 C 201.54218,243.16588 201.50989,242.69331 201.96601,242.37623 C 201.96601,242.37623 208.18868,238.05054 208.18868,238.05054 C 208.62095,237.75004 209.38314,237.69979 209.90305,237.93879 C 209.90305,237.93879 209.90305,237.93879 209.90305,237.93879"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="rect3391"
-         d="M 300.49388,221.41753 C 300.49388,221.41753 318.37188,206.97394 318.37188,206.97394 C 319.2072,206.29909 319.56463,205.63506 319.17704,205.48324 C 319.17704,205.48324 311.44233,202.45361 311.44233,202.45361 C 311.07717,202.31058 310.12278,202.71434 309.29892,203.3606 C 309.29892,203.3606 291.6901,217.17374 291.6901,217.17374 C 290.79969,217.87223 290.3631,218.57498 290.71507,218.74754 C 290.71507,218.74754 298.1804,222.40777 298.1804,222.40777 C 298.55498,222.59143 299.58864,222.1489 300.49388,221.41753 C 300.49388,221.41753 300.49388,221.41753 300.49388,221.41753"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 258.97104,224.63939 C 258.97104,224.63939 251.83463,221.23656 251.83463,221.23656 C 251.14159,220.90611 250.14534,220.95426 249.59505,221.34461 C 249.59505,221.34461 243.94919,225.34942 243.94919,225.34942 C 243.36824,225.76151 243.45494,226.38105 244.14978,226.73848 C 244.14978,226.73848 251.31231,230.42301 251.31231,230.42301 C 252.05284,230.80395 253.12041,230.75512 253.69927,230.31357 C 253.69927,230.31357 259.31886,226.02706 259.31886,226.02706 C 259.86601,225.60971 259.70806,224.99085 258.97104,224.63939 C 258.97104,224.63939 258.97104,224.63939 258.97104,224.63939"
-         id="path13125"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 245.03115,264.95865 C 245.03115,264.95865 236.89775,261.02915 236.89775,261.02915 C 236.29828,260.73954 235.41666,260.81767 234.92021,261.2046 C 234.92021,261.2046 228.15537,266.47697 228.15537,266.47697 C 227.65036,266.87057 227.72859,267.42473 228.33161,267.71924 C 228.33161,267.71924 236.5135,271.71529 236.5135,271.71529 C 237.12168,272.01232 238.01565,271.93037 238.51705,271.53179 C 238.51705,271.53179 245.23339,266.19289 245.23339,266.19289 C 245.7263,265.80109 245.63571,265.25074 245.03115,264.95865 C 245.03115,264.95865 245.03115,264.95865 245.03115,264.95865"
-         id="path13127"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 241.3425,254.88757 C 241.3425,254.88757 247.17841,250.38791 247.17841,250.38791 C 247.6407,250.03146 247.43669,249.46639 246.72219,249.12079 C 246.72219,249.12079 237.84809,244.82838 237.84809,244.82838 C 237.14306,244.48737 236.20078,244.49428 235.73414,244.84402 C 235.73414,244.84402 229.84385,249.25863 229.84385,249.25863 C 229.36826,249.61507 229.55538,250.18212 230.26467,250.52985 C 230.26467,250.52985 239.19316,254.90731 239.19316,254.90731 C 239.9121,255.25978 240.87126,255.2509 241.3425,254.88757 C 241.3425,254.88757 241.3425,254.88757 241.3425,254.88757"
-         id="path13129"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path13131"
-         d="M 250.09625,248.10772 C 250.09625,248.10772 256.04021,243.39795 256.04021,243.39795 C 256.61443,242.94295 256.40961,242.26587 255.58606,241.87803 C 255.58606,241.87803 247.4695,238.05567 247.4695,238.05567 C 246.66725,237.67787 245.54243,237.71942 244.94236,238.15046 C 244.94236,238.15046 238.73449,242.60981 238.73449,242.60981 C 238.09034,243.07251 238.23366,243.77042 239.06151,244.17275 C 239.06151,244.17275 247.44196,248.2456 247.44196,248.2456 C 248.29278,248.65909 249.47914,248.5967 250.09625,248.10772 C 250.09625,248.10772 250.09625,248.10772 250.09625,248.10772"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path13133"
-         d="M 270.78129,244.1004 C 270.78129,244.1004 263.16585,240.54998 263.16585,240.54998 C 262.59905,240.28573 261.81284,240.33065 261.40189,240.65211 C 261.40189,240.65211 255.67209,245.13428 255.67209,245.13428 C 255.23437,245.47666 255.35686,245.97255 255.94801,246.24454 C 255.94801,246.24454 263.88891,249.89826 263.88891,249.89826 C 264.4733,250.16714 265.27704,250.1004 265.6898,249.75019 C 265.6898,249.75019 271.09419,245.16472 271.09419,245.16472 C 271.48189,244.83578 271.34185,244.36173 270.78129,244.1004 C 270.78129,244.1004 270.78129,244.1004 270.78129,244.1004"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path13135"
-         d="M 279.36283,237.13131 C 279.36283,237.13131 271.95158,233.79368 271.95158,233.79368 C 271.36993,233.53174 270.52181,233.61628 270.04782,233.98311 C 270.04782,233.98311 264.05529,238.62092 264.05529,238.62092 C 263.57067,238.99597 263.64455,239.51827 264.22306,239.79213 C 264.22306,239.79213 271.59655,243.28243 271.59655,243.28243 C 272.19767,243.56699 273.0762,243.48424 273.56398,243.09674 C 273.56398,243.09674 279.59427,238.30625 279.59427,238.30625 C 280.07112,237.92743 279.96688,237.40335 279.36283,237.13131 C 279.36283,237.13131 279.36283,237.13131 279.36283,237.13131"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 259.13878,241.01984 C 259.13878,241.01984 264.94427,236.50262 264.94427,236.50262 C 265.5183,236.05597 265.27718,235.39329 264.41129,235.01866 C 264.41129,235.01866 256.13903,231.43971 256.13903,231.43971 C 255.34632,231.09675 254.26614,231.15807 253.71044,231.57558 C 253.71044,231.57558 248.09408,235.79517 248.09408,235.79517 C 247.52482,236.22286 247.6843,236.86458 248.45835,237.23578 C 248.45835,237.23578 256.54144,241.11225 256.54144,241.11225 C 257.38813,241.51828 258.54995,241.47801 259.13878,241.01984 C 259.13878,241.01984 259.13878,241.01984 259.13878,241.01984"
-         id="path14377"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 232.79455,261.43519 C 232.79455,261.43519 238.72958,256.85909 238.72958,256.85909 C 239.16465,256.52365 238.9726,255.99183 238.3001,255.66653 C 238.3001,255.66653 229.27525,251.30123 229.27525,251.30123 C 228.61176,250.98029 227.72493,250.98679 227.28579,251.31591 C 227.28579,251.31591 221.29544,255.80552 221.29544,255.80552 C 220.84778,256.14104 221.02387,256.67471 221.69138,257.00198 C 221.69138,257.00198 230.77154,261.45377 230.77154,261.45377 C 231.44822,261.78553 232.35098,261.77719 232.79455,261.43519 C 232.79455,261.43519 232.79455,261.43519 232.79455,261.43519"
-         id="path14379"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 254.17375,257.48652 C 254.17375,257.48652 246.32963,253.73115 246.32963,253.73115 C 245.70901,253.43402 244.79483,253.51721 244.27828,253.91779 C 244.27828,253.91779 237.75243,258.97869 237.75243,258.97869 C 237.22504,259.38768 237.29958,259.96347 237.92117,260.26957 C 237.92117,260.26957 245.77862,264.13893 245.77862,264.13893 C 246.41397,264.45181 247.35058,264.36687 247.87695,263.94859 C 247.87695,263.94859 254.38946,258.77374 254.38946,258.77374 C 254.90487,258.36419 254.80792,257.79015 254.17375,257.48652 C 254.17375,257.48652 254.17375,257.48652 254.17375,257.48652"
-         id="path14381"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path14383"
-         d="M 233.03678,243.79425 C 233.03678,243.79425 225.48646,240.13918 225.48646,240.13918 C 224.74342,239.77949 223.69299,239.82194 223.12841,240.23388 C 223.12841,240.23388 217.44731,244.37905 217.44731,244.37905 C 216.874,244.79736 217.00415,245.4333 217.742,245.80545 C 217.742,245.80545 225.24071,249.58767 225.24071,249.58767 C 226.00503,249.97318 227.0886,249.93684 227.66722,249.50562 C 227.66722,249.50562 233.39989,245.23329 233.39989,245.23329 C 233.96951,244.80878 233.80621,244.16674 233.03678,243.79425 C 233.03678,243.79425 233.03678,243.79425 233.03678,243.79425"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 282.03015,224.70872 C 282.03015,224.70872 287.9774,220.08364 287.9774,220.08364 C 288.56519,219.62653 289.56121,219.51344 290.21268,219.82947 C 290.21268,219.82947 296.76597,223.00851 296.76597,223.00851 C 297.42707,223.32921 297.49209,223.96249 296.90969,224.429 C 296.90969,224.429 291.01609,229.14982 291.01609,229.14982 C 290.41797,229.62893 289.39806,229.74916 288.73146,229.41875 C 288.73146,229.41875 282.12452,226.14398 282.12452,226.14398 C 281.4678,225.81845 281.42665,225.17805 282.03015,224.70872 C 282.03015,224.70872 282.03015,224.70872 282.03015,224.70872"
-         id="path14385"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path20314"
-         d="M 274.59176,213.04701 C 274.59176,213.04701 267.63301,209.8841 267.63301,209.8841 C 266.9305,209.56479 265.98277,209.58635 265.5079,209.93372 C 265.5079,209.93372 260.69581,213.4537 260.69581,213.4537 C 260.20677,213.81142 260.39277,214.35936 261.11308,214.68093 C 261.11308,214.68093 268.24694,217.86572 268.24694,217.86572 C 268.95551,218.18206 269.90543,218.14595 270.37662,217.78604 C 270.37662,217.78604 275.0136,214.24417 275.0136,214.24417 C 275.47126,213.89461 275.28303,213.36122 274.59176,213.04701 C 274.59176,213.04701 274.59176,213.04701 274.59176,213.04701"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 292.00448,215.55279 C 292.00448,215.55279 296.3664,212.1569 296.3664,212.1569 C 296.79902,211.82008 296.4902,211.27517 295.67813,210.9361 C 295.67813,210.9361 287.77738,207.63715 287.77738,207.63715 C 287.00644,207.31524 286.04433,207.31631 285.61635,207.63866 C 285.61635,207.63866 281.30257,210.88766 281.30257,210.88766 C 280.86653,211.21606 281.12901,211.75032 281.89503,212.08646 C 281.89503,212.08646 289.74764,215.53227 289.74764,215.53227 C 290.55499,215.88655 291.56345,215.89614 292.00448,215.55279 C 292.00448,215.55279 292.00448,215.55279 292.00448,215.55279"
-         id="path20316"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path20318"
-         d="M 284.72744,221.17105 C 284.72744,221.17105 289.45459,217.54272 289.45459,217.54272 C 289.926,217.18089 289.66619,216.61851 288.87179,216.28131 C 288.87179,216.28131 280.90373,212.899 280.90373,212.899 C 280.10221,212.55875 279.07175,212.57593 278.59356,212.93801 C 278.59356,212.93801 273.79834,216.56885 273.79834,216.56885 C 273.31611,216.93397 273.57888,217.50206 274.38726,217.84205 C 274.38726,217.84205 282.42339,221.22188 282.42339,221.22188 C 283.22457,221.55883 284.25207,221.53592 284.72744,221.17105 C 284.72744,221.17105 284.72744,221.17105 284.72744,221.17105"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 280.70619,208.18882 C 280.70619,208.18882 273.65334,205.39325 273.65334,205.39325 C 272.99267,205.13139 272.16292,205.14273 271.78475,205.41678 C 271.78475,205.41678 267.9355,208.20633 267.9355,208.20633 C 267.54254,208.4911 267.73876,208.95315 268.38364,209.24454 C 268.38364,209.24454 275.27945,212.36039 275.27945,212.36039 C 276.01926,212.69466 276.95281,212.71002 277.36247,212.39198 C 277.36247,212.39198 281.36853,209.28183 281.36853,209.28183 C 281.76145,208.97678 281.46158,208.48822 280.70619,208.18882 C 280.70619,208.18882 280.70619,208.18882 280.70619,208.18882"
-         id="path20320"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path20322"
-         d="M 267.13462,218.61017 C 267.13462,218.61017 260.04553,215.39646 260.04553,215.39646 C 259.35688,215.08427 258.39121,215.12387 257.87608,215.4844 C 257.87608,215.4844 252.67496,219.12445 252.67496,219.12445 C 252.14829,219.49305 252.26711,220.05491 252.94569,220.38521 C 252.94569,220.38521 259.93387,223.78674 259.93387,223.78674 C 260.65566,224.13807 261.67299,224.1096 262.21011,223.72182 C 262.21011,223.72182 267.5121,219.8939 267.5121,219.8939 C 268.03699,219.51494 267.86652,218.94196 267.13462,218.61017 C 267.13462,218.61017 267.13462,218.61017 267.13462,218.61017"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         d="M 287.7354,230.25946 C 287.7354,230.25946 281.08316,227.00351 281.08316,227.00351 C 280.40678,226.67245 279.40568,226.75692 278.83891,227.19481 C 278.83891,227.19481 273.09436,231.63291 273.09436,231.63291 C 272.51043,232.08403 272.60418,232.71336 273.30418,233.04198 C 273.30418,233.04198 280.18673,236.27314 280.18673,236.27314 C 280.86539,236.59174 281.86259,236.48569 282.42295,236.03722 C 282.42295,236.03722 287.93718,231.62391 287.93718,231.62391 C 288.48138,231.18834 288.39153,230.58062 287.7354,230.25946 C 287.7354,230.25946 287.7354,230.25946 287.7354,230.25946"
-         id="path20324"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path20326"
-         d="M 267.94729,234.14015 C 267.94729,234.14015 273.40476,229.94747 273.40476,229.94747 C 273.94662,229.5312 273.71505,228.90956 272.88832,228.55398 C 272.88832,228.55398 264.75456,225.0556 264.75456,225.0556 C 263.95198,224.71041 262.87291,224.75882 262.33246,225.16387 C 262.33246,225.16387 256.88991,229.24286 256.88991,229.24286 C 256.34026,229.6548 256.54039,230.27309 257.34135,230.62945 C 257.34135,230.62945 265.46021,234.24152 265.46021,234.24152 C 266.28553,234.60871 267.39604,234.56364 267.94729,234.14015 C 267.94729,234.14015 267.94729,234.14015 267.94729,234.14015"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <path
-         id="path21282"
-         d="M 276.32923,227.66222 C 276.32923,227.66222 281.90001,223.35623 281.90001,223.35623 C 282.4517,222.9298 282.23314,222.31013 281.41303,221.96694 C 281.41303,221.96694 273.34754,218.59182 273.34754,218.59182 C 272.55203,218.25892 271.46937,218.32422 270.91711,218.73813 C 270.91711,218.73813 265.34181,222.91665 265.34181,222.91665 C 264.77733,223.33971 264.96112,223.95828 265.75691,224.30368 C 265.75691,224.30368 273.82693,227.80624 273.82693,227.80624 C 274.64767,228.16246 275.7651,228.09826 276.32923,227.66222 C 276.32923,227.66222 276.32923,227.66222 276.32923,227.66222"
-         style="opacity:0.99720004;fill:#808080;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      <g
-         transform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-         id="g5349">
-        <path
-           id="path3281"
-           d="M 200.53013,313.0503 C 200.53013,313.0503 193.03458,319.37147 193.03458,319.37147 C 192.65485,319.6917 192.0145,319.75862 191.59935,319.52112 C 191.59935,319.52112 183.2867,314.76558 183.2867,314.76558 C 182.87292,314.52886 182.85139,314.08409 183.23786,313.76871 C 183.23786,313.76871 190.86675,307.54312 190.86675,307.54312 C 191.24112,307.23761 191.86986,307.1787 192.27701,307.41066 C 192.27701,307.41066 200.45632,312.07061 200.45632,312.07061 C 200.86479,312.30333 200.89796,312.7401 200.53013,313.0503 C 200.53013,313.0503 200.53013,313.0503 200.53013,313.0503"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3283"
-           d="M 172.41739,306.03622 C 172.41739,306.03622 188.0277,294.08595 188.0277,294.08595 C 189.11795,293.25133 190.41897,292.82031 190.95268,293.11384 C 190.95268,293.11384 198.19106,297.09485 198.19106,297.09485 C 198.72888,297.39065 198.31537,298.31501 197.2562,299.17331 C 197.2562,299.17331 182.08669,311.46584 182.08669,311.46584 C 180.89616,312.43058 179.47079,312.95427 178.90005,312.63295 C 178.90005,312.63295 171.22074,308.30947 171.22074,308.30947 C 170.65468,307.99077 171.1926,306.97384 172.41739,306.03622 C 172.41739,306.03622 172.41739,306.03622 172.41739,306.03622"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3285"
-           d="M 183.71685,293.09242 C 183.71685,293.09242 175.21974,288.61823 175.21974,288.61823 C 174.62141,288.30317 173.39049,288.60803 172.45631,289.30319 C 172.45631,289.30319 159.05702,299.27405 159.05702,299.27405 C 158.07838,300.0023 157.77029,300.8596 158.36997,301.19473 C 158.36997,301.19473 166.88944,305.95582 166.88944,305.95582 C 167.50572,306.30023 168.79179,305.97286 169.76917,305.22339 C 169.76917,305.22339 183.14605,294.96565 183.14605,294.96565 C 184.07833,294.25076 184.33129,293.41596 183.71685,293.09242 C 183.71685,293.09242 183.71685,293.09242 183.71685,293.09242"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3287"
-           d="M 166.83475,289.12754 C 166.83475,289.12754 159.13844,284.98242 159.13844,284.98242 C 158.69381,284.74294 157.84841,284.90019 157.24056,285.33581 C 157.24056,285.33581 146.5932,292.96648 146.5932,292.96648 C 145.95049,293.4271 145.7912,294.00445 146.23859,294.2601 C 146.23859,294.2601 153.9866,298.68753 153.9866,298.68753 C 154.44898,298.95174 155.33851,298.77896 155.97843,298.30106 C 155.97843,298.30106 166.57405,290.38811 166.57405,290.38811 C 167.17862,289.93661 167.2938,289.37478 166.83475,289.12754 C 166.83475,289.12754 166.83475,289.12754 166.83475,289.12754"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3289"
-           d="M 151.36095,285.65566 C 151.36095,285.65566 143.84889,281.51108 143.84889,281.51108 C 143.47842,281.30668 142.86541,281.36856 142.47405,281.64966 C 142.47405,281.64966 134.61675,287.29335 134.61675,287.29335 C 134.22459,287.57503 134.20331,287.96918 134.56941,288.17726 C 134.56941,288.17726 141.993,292.39653 141.993,292.39653 C 142.36721,292.60921 142.98804,292.55081 143.38462,292.2654 C 143.38462,292.2654 151.33041,286.54701 151.33041,286.54701 C 151.72616,286.2622 151.73961,285.86457 151.36095,285.65566 C 151.36095,285.65566 151.36095,285.65566 151.36095,285.65566"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3291"
-           d="M 210.70247,305.77557 C 210.70247,305.77557 204.93036,310.57929 204.93036,310.57929 C 204.34435,311.06699 203.27394,311.11934 202.52773,310.69333 C 202.52773,310.69333 194.82772,306.29731 194.82772,306.29731 C 194.03081,305.84234 193.88921,305.07052 194.51315,304.57044 C 194.51315,304.57044 200.65538,299.64763 200.65538,299.64763 C 201.26179,299.16161 202.36255,299.14928 203.12074,299.61631 C 203.12074,299.61631 210.45071,304.13144 210.45071,304.13144 C 211.16146,304.56926 211.27265,305.30104 210.70247,305.77557 C 210.70247,305.77557 210.70247,305.77557 210.70247,305.77557"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3293"
-           d="M 220.36679,297.64972 C 220.36679,297.64972 214.19821,302.83693 214.19821,302.83693 C 213.8071,303.16581 213.0629,303.16632 212.53329,302.83934 C 212.53329,302.83934 204.47426,297.86377 204.47426,297.86377 C 203.99682,297.56901 203.91878,297.08754 204.2961,296.78318 C 204.2961,296.78318 210.25274,291.97831 210.25274,291.97831 C 210.61877,291.68306 211.30575,291.66386 211.7962,291.93623 C 211.7962,291.93623 220.06723,296.5296 220.06723,296.5296 C 220.61026,296.83118 220.74549,297.33126 220.36679,297.64972 C 220.36679,297.64972 220.36679,297.64972 220.36679,297.64972"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3295"
-           d="M 229.27683,290.15464 C 229.27683,290.15464 223.76946,294.79471 223.76946,294.79471 C 223.28503,295.20286 222.36392,295.23289 221.70465,294.86121 C 221.70465,294.86121 214.09874,290.57325 214.09874,290.57325 C 213.43481,290.19895 213.29956,289.57104 213.79504,289.16623 C 213.79504,289.16623 219.4277,284.56425 219.4277,284.56425 C 219.91221,284.1684 220.82757,284.14902 221.48054,284.51999 C 221.48054,284.51999 228.96116,288.76985 228.96116,288.76985 C 229.60961,289.13825 229.75059,289.75549 229.27683,290.15464 C 229.27683,290.15464 229.27683,290.15464 229.27683,290.15464"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3297"
-           d="M 207.6366,289.76045 C 207.6366,289.76045 200.20453,285.97175 200.20453,285.97175 C 199.75388,285.74202 199.11315,285.78115 198.76662,286.05878 C 198.76662,286.05878 193.21867,290.50362 193.21867,290.50362 C 192.87292,290.78062 192.94685,291.19499 193.38567,291.43343 C 193.38567,291.43343 200.62246,295.36556 200.62246,295.36556 C 201.08703,295.61798 201.75028,295.59166 202.10819,295.30573 C 202.10819,295.30573 207.85144,290.71744 207.85144,290.71744 C 208.21018,290.43084 208.11372,290.00367 207.6366,289.76045 C 207.6366,289.76045 207.6366,289.76045 207.6366,289.76045"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3299"
-           d="M 193.30538,285.7839 C 193.30538,285.7839 185.22052,281.47582 185.22052,281.47582 C 184.58295,281.13609 183.70561,281.13742 183.25124,281.47882 C 183.25124,281.47882 177.48561,285.81085 177.48561,285.81085 C 177.01761,286.16248 177.15516,286.7287 177.79623,287.08041 C 177.79623,287.08041 185.92745,291.54147 185.92745,291.54147 C 186.5872,291.90343 187.49396,291.90165 187.95831,291.53752 C 187.95831,291.53752 193.67756,287.05251 193.67756,287.05251 C 194.12816,286.69915 193.9612,286.13336 193.30538,285.7839 C 193.30538,285.7839 193.30538,285.7839 193.30538,285.7839"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3301"
-           d="M 153.65825,274.40909 C 153.65825,274.40909 161.75797,278.66326 161.75797,278.66326 C 162.02482,278.80341 162.05943,279.04844 161.83501,279.21257 C 161.83501,279.21257 154.75107,284.39353 154.75107,284.39353 C 154.52039,284.56224 154.12135,284.5797 153.85694,284.43276 C 153.85694,284.43276 145.83383,279.97431 145.83383,279.97431 C 145.58269,279.83475 145.56457,279.59204 145.79266,279.43005 C 145.79266,279.43005 152.79999,274.45338 152.79999,274.45338 C 153.02206,274.29566 153.40462,274.27588 153.65825,274.40909 C 153.65825,274.40909 153.65825,274.40909 153.65825,274.40909"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3303"
-           d="M 176.68036,282.15173 C 176.68036,282.15173 169.08774,278.13438 169.08774,278.13438 C 168.53136,277.83999 167.74128,277.85841 167.31522,278.1756 C 167.31522,278.1756 161.51878,282.49085 161.51878,282.49085 C 161.08675,282.81248 161.18562,283.31335 161.7415,283.61396 C 161.7415,283.61396 169.32801,287.71649 169.32801,287.71649 C 169.89523,288.02323 170.70097,288.00619 171.1335,287.67818 C 171.1335,287.67818 176.93604,283.27774 176.93604,283.27774 C 177.36252,282.95432 177.24799,282.45207 176.68036,282.15173 C 176.68036,282.15173 176.68036,282.15173 176.68036,282.15173"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3305"
-           d="M 186.05575,275.08382 C 186.05575,275.08382 178.66837,271.26624 178.66837,271.26624 C 178.14275,270.99462 177.38016,271.01579 176.95654,271.31482 C 176.95654,271.31482 170.80827,275.65494 170.80827,275.65494 C 170.35386,275.97571 170.42595,276.46372 170.9721,276.74789 C 170.9721,276.74789 178.64907,280.74215 178.64907,280.74215 C 179.19855,281.02804 179.99123,280.98835 180.42429,280.65448 C 180.42429,280.65448 186.28302,276.1377 186.28302,276.1377 C 186.68663,275.82653 186.58444,275.35703 186.05575,275.08382 C 186.05575,275.08382 186.05575,275.08382 186.05575,275.08382"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3307"
-           d="M 163.51597,267.87954 C 163.51597,267.87954 171.1646,271.91896 171.1646,271.91896 C 171.53604,272.11513 171.58651,272.4514 171.2774,272.67324 C 171.2774,272.67324 164.82134,277.30652 164.82134,277.30652 C 164.50235,277.53544 163.94045,277.55958 163.56185,277.36032 C 163.56185,277.36032 155.76574,273.25703 155.76574,273.25703 C 155.38595,273.05714 155.34321,272.7142 155.66949,272.48842 C 155.66949,272.48842 162.27303,267.91901 162.27303,267.91901 C 162.5892,267.70024 163.14337,267.68276 163.51597,267.87954 C 163.51597,267.87954 163.51597,267.87954 163.51597,267.87954"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3309"
-           d="M 173.08132,261.26965 C 173.08132,261.26965 180.42033,265.06231 180.42033,265.06231 C 180.84108,265.27975 180.901,265.65731 180.55405,265.90902 C 180.55405,265.90902 174.39819,270.3752 174.39819,270.3752 C 174.04312,270.63281 173.41533,270.66166 172.99122,270.43971 C 172.99122,270.43971 165.59423,266.56865 165.59423,266.56865 C 165.17482,266.34916 165.12621,265.96859 165.4846,265.71552 C 165.4846,265.71552 171.69844,261.32774 171.69844,261.32774 C 172.04868,261.08043 172.66517,261.05459 173.08132,261.26965 C 173.08132,261.26965 173.08132,261.26965 173.08132,261.26965"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3311"
-           d="M 183.15808,254.05968 C 183.15808,254.05968 190.5411,257.89809 190.5411,257.89809 C 190.90119,258.0853 190.9368,258.42917 190.61983,258.66983 C 190.61983,258.66983 183.84308,263.81508 183.84308,263.81508 C 183.50031,264.07534 182.92132,264.12739 182.54615,263.93097 C 182.54615,263.93097 174.85492,259.90428 174.85492,259.90428 C 174.48192,259.709 174.47113,259.34932 174.82945,259.09862 C 174.82945,259.09862 181.91436,254.14161 181.91436,254.14161 C 182.24579,253.90973 182.79998,253.8735 183.15808,254.05968 C 183.15808,254.05968 183.15808,254.05968 183.15808,254.05968"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3313"
-           d="M 195.50846,268.00414 C 195.50846,268.00414 187.92237,264.08387 187.92237,264.08387 C 187.38263,263.80495 186.5995,263.82667 186.16449,264.13375 C 186.16449,264.13375 179.85083,268.59062 179.85083,268.59062 C 179.38419,268.92002 179.45825,269.42118 180.01907,269.71297 C 180.01907,269.71297 187.90254,273.81468 187.90254,273.81468 C 188.4668,274.10826 189.28081,274.0675 189.72552,273.72465 C 189.72552,273.72465 195.74185,269.08637 195.74185,269.08637 C 196.15632,268.76683 196.05137,268.2847 195.50846,268.00414 C 195.50846,268.00414 195.50846,268.00414 195.50846,268.00414"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3315"
-           d="M 202.55006,278.55525 C 202.55006,278.55525 194.52053,274.43157 194.52053,274.43157 C 193.89847,274.1121 193.03474,274.13023 192.58051,274.47152 C 192.58051,274.47152 186.82178,278.79836 186.82178,278.79836 C 186.35477,279.14926 186.47106,279.70327 187.086,280.04131 C 187.086,280.04131 195.02775,284.40711 195.02775,284.40711 C 195.68386,284.76779 196.59706,284.76041 197.07144,284.38968 C 197.07144,284.38968 202.9179,279.82067 202.9179,279.82067 C 203.3788,279.46048 203.21306,278.89574 202.55006,278.55525 C 202.55006,278.55525 202.55006,278.55525 202.55006,278.55525"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path3317"
-           d="M 217.28268,282.30723 C 217.28268,282.30723 209.76798,278.51506 209.76798,278.51506 C 209.31861,278.28829 208.66038,278.33252 208.29049,278.6148 C 208.29049,278.6148 201.99168,283.42172 201.99168,283.42172 C 201.5992,283.72125 201.65194,284.15497 202.11173,284.39356 C 202.11173,284.39356 209.80365,288.38505 209.80365,288.38505 C 210.27451,288.62939 210.96221,288.57431 211.3438,288.26224 C 211.3438,288.26224 217.46536,283.25603 217.46536,283.25603 C 217.82471,282.96216 217.7425,282.53927 217.28268,282.30723 C 217.28268,282.30723 217.28268,282.30723 217.28268,282.30723"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5259"
-           sodipodi:nodetypes="cccccccccc"
-           d="M 223.6315,280.9685 C 223.6315,280.9685 271.20382,242.80623 271.20382,242.80623 C 271.77183,242.35446 272.94396,242.34509 273.8347,242.78481 C 273.8347,242.78481 280.16259,245.8893 280.16259,245.8893 C 281.06675,246.33566 281.34594,247.06729 280.78574,247.53016 C 280.78574,247.53016 233.93323,286.78539 233.93323,286.78539 C 233.23622,287.36129 231.89705,287.39044 230.93425,286.85016 C 230.93425,286.85016 224.06489,282.94036 224.06489,282.94036 C 223.11807,282.40904 222.92637,281.52934 223.6315,280.9685 C 223.6315,280.9685 223.6315,280.9685 223.6315,280.9685"
-           style="opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.69999999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5261"
-           d="M 227.03565,274.61509 C 227.03565,274.61509 219.57159,270.89543 219.57159,270.89543 C 219.13842,270.67957 218.48938,270.73732 218.1151,271.02521 C 218.1151,271.02521 211.61304,276.02653 211.61304,276.02653 C 211.22381,276.32593 211.26193,276.7481 211.69984,276.97279 C 211.69984,276.97279 219.24737,280.84554 219.24737,280.84554 C 219.69565,281.07556 220.36702,281.012 220.75135,280.70336 C 220.75135,280.70336 227.16991,275.54895 227.16991,275.54895 C 227.53929,275.25232 227.47886,274.83596 227.03565,274.61509 C 227.03565,274.61509 227.03565,274.61509 227.03565,274.61509"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5263"
-           d="M 192.51964,247.35677 C 192.51964,247.35677 199.78325,251.31635 199.78325,251.31635 C 200.08373,251.48015 200.10518,251.76671 199.83193,251.95915 C 199.83193,251.95915 193.39598,256.49168 193.39598,256.49168 C 193.12338,256.68366 192.65687,256.71094 192.34938,256.55257 C 192.34938,256.55257 184.91676,252.72442 184.91676,252.72442 C 184.59365,252.55801 184.55824,252.26477 184.83799,252.06723 C 184.83799,252.06723 191.44296,247.40326 191.44296,247.40326 C 191.7234,247.20524 192.20387,247.18464 192.51964,247.35677 C 192.51964,247.35677 192.51964,247.35677 192.51964,247.35677"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5265"
-           d="M 204.95758,260.67876 C 204.95758,260.67876 197.45088,256.83357 197.45088,256.83357 C 196.91888,256.56107 196.14744,256.58436 195.71989,256.88617 C 195.71989,256.88617 189.62606,261.18786 189.62606,261.18786 C 189.18381,261.50005 189.26067,261.97752 189.79977,262.25801 C 189.79977,262.25801 197.4078,266.21641 197.4078,266.21641 C 197.95451,266.50085 198.7459,266.47153 199.18087,266.15108 C 199.18087,266.15108 205.17336,261.73618 205.17336,261.73618 C 205.59375,261.42646 205.49693,260.95503 204.95758,260.67876 C 204.95758,260.67876 204.95758,260.67876 204.95758,260.67876"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5267"
-           d="M 203.42735,267.20908 C 203.42735,267.20908 212.2333,271.70369 212.2333,271.70369 C 212.6248,271.90351 212.71338,272.23708 212.43163,272.45164 C 212.43163,272.45164 206.02839,277.32796 206.02839,277.32796 C 205.74282,277.54543 205.19609,277.55776 204.8028,277.35556 C 204.8028,277.35556 195.957,272.80759 195.957,272.80759 C 195.56658,272.60686 195.48379,272.27205 195.77113,272.05697 C 195.77113,272.05697 202.21422,267.23402 202.21422,267.23402 C 202.49773,267.02179 203.03868,267.0107 203.42735,267.20908 C 203.42735,267.20908 203.42735,267.20908 203.42735,267.20908"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5269"
-           d="M 212.72962,260.6903 C 212.72962,260.6903 220.81856,264.71792 220.81856,264.71792 C 221.40722,265.01103 221.56351,265.49233 221.1669,265.79697 C 221.1669,265.79697 215.52012,270.13427 215.52012,270.13427 C 215.11075,270.44871 214.30434,270.45549 213.7142,270.1496 C 213.7142,270.1496 205.60787,265.94776 205.60787,265.94776 C 205.04085,265.65385 204.91653,265.17445 205.32701,264.87276 C 205.32701,264.87276 210.99121,260.70967 210.99121,260.70967 C 211.38919,260.41716 212.16362,260.40847 212.72962,260.6903 C 212.72962,260.6903 212.72962,260.6903 212.72962,260.6903"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5271"
-           d="M 235.38208,267.94652 C 235.38208,267.94652 228.36195,264.54302 228.36195,264.54302 C 227.7581,264.25027 226.91755,264.28848 226.47592,264.62855 C 226.47592,264.62855 221.36693,268.56268 221.36693,268.56268 C 220.91972,268.90705 221.04356,269.42537 221.64599,269.72502 C 221.64599,269.72502 228.65018,273.2089 228.65018,273.2089 C 229.26637,273.51538 230.12476,273.47935 230.5734,273.12791 C 230.5734,273.12791 235.69833,269.1134 235.69833,269.1134 C 236.14129,268.76642 235.99961,268.24591 235.38208,267.94652 C 235.38208,267.94652 235.38208,267.94652 235.38208,267.94652"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5273"
-           d="M 202.3439,240.55011 C 202.3439,240.55011 209.40685,244.3565 209.40685,244.3565 C 209.77966,244.55741 209.79685,244.91929 209.44513,245.16789 C 209.44513,245.16789 202.71836,249.92236 202.71836,249.92236 C 202.36384,250.17294 201.77847,250.21096 201.40617,250.00761 C 201.40617,250.00761 194.3529,246.15501 194.3529,246.15501 C 193.98466,245.95386 193.97344,245.59217 194.32745,245.34403 C 194.32745,245.34403 201.04453,240.63577 201.04453,240.63577 C 201.39575,240.38958 201.97514,240.35138 202.3439,240.55011 C 202.3439,240.55011 202.3439,240.55011 202.3439,240.55011"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5275"
-           d="M 214.95641,253.88523 C 214.95641,253.88523 207.20865,250.11064 207.20865,250.11064 C 206.78058,249.90209 206.15223,249.93501 205.79811,250.18412 C 205.79811,250.18412 199.5121,254.60606 199.5121,254.60606 C 199.14935,254.86124 199.19499,255.24389 199.61614,255.46439 C 199.61614,255.46439 207.24189,259.45703 207.24189,259.45703 C 207.69079,259.69206 208.35153,259.66596 208.72148,259.39808 C 208.72148,259.39808 215.12948,254.75806 215.12948,254.75806 C 215.49031,254.49678 215.41229,254.10733 214.95641,253.88523 C 214.95641,253.88523 214.95641,253.88523 214.95641,253.88523"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5277"
-           d="M 221.9033,253.92205 C 221.9033,253.92205 229.74607,257.77376 229.74607,257.77376 C 230.38047,258.08533 230.53912,258.61203 230.09991,258.95492 C 230.09991,258.95492 224.52409,263.30793 224.52409,263.30793 C 224.07129,263.66142 223.1901,263.68688 222.55025,263.36479 C 222.55025,263.36479 214.64187,259.38384 214.64187,259.38384 C 214.01663,259.0691 213.88352,258.53947 214.34155,258.19654 C 214.34155,258.19654 219.983,253.97277 219.983,253.97277 C 220.42747,253.64 221.28312,253.61747 221.9033,253.92205 C 221.9033,253.92205 221.9033,253.92205 221.9033,253.92205"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 244.75785,260.58731 C 244.75785,260.58731 237.5872,257.12295 237.5872,257.12295 C 237.05869,256.86761 236.28144,256.9365 235.84374,257.27763 C 235.84374,257.27763 229.87966,261.92591 229.87966,261.92591 C 229.43444,262.2729 229.5034,262.76148 230.03504,263.02113 C 230.03504,263.02113 237.24843,266.54415 237.24843,266.54415 C 237.78463,266.80603 238.57278,266.73378 239.01483,266.38238 C 239.01483,266.38238 244.93616,261.67544 244.93616,261.67544 C 245.3707,261.33002 245.29084,260.84482 244.75785,260.58731 C 244.75785,260.58731 244.75785,260.58731 244.75785,260.58731"
-           id="path5279"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 233.2943,256.416 C 233.2943,256.416 238.45564,252.43646 238.45564,252.43646 C 238.83398,252.14474 238.66697,251.68224 238.08213,251.39936 C 238.08213,251.39936 230.23378,247.60312 230.23378,247.60312 C 229.65678,247.32402 228.88557,247.32967 228.50367,247.6159 C 228.50367,247.6159 223.29424,251.52023 223.29424,251.52023 C 222.90493,251.812 223.05807,252.27611 223.63856,252.56071 C 223.63856,252.56071 231.535,256.43217 231.535,256.43217 C 232.12348,256.72068 232.90856,256.71342 233.2943,256.416 C 233.2943,256.416 233.2943,256.416 233.2943,256.416"
-           id="path5281"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5283"
-           d="M 224.84883,246.55597 C 224.84883,246.55597 217.52734,242.94323 217.52734,242.94323 C 216.98183,242.67405 216.15475,242.73355 215.67283,243.07723 C 215.67283,243.07723 209.10533,247.76083 209.10533,247.76083 C 208.61499,248.11051 208.66694,248.60923 209.22188,248.87843 C 209.22188,248.87843 216.66948,252.49124 216.66948,252.49124 C 217.21707,252.75687 218.04508,252.68874 218.52598,252.33907 C 218.52598,252.33907 224.96738,247.65541 224.96738,247.65541 C 225.44008,247.3117 225.38717,246.82161 224.84883,246.55597 C 224.84883,246.55597 224.84883,246.55597 224.84883,246.55597"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5285"
-           d="M 211.2176,234.55068 C 211.2176,234.55068 218.13924,237.73238 218.13924,237.73238 C 218.66737,237.97515 218.77598,238.41021 218.37697,238.70684 C 218.37697,238.70684 212.62031,242.9864 212.62031,242.9864 C 212.1974,243.3008 211.43997,243.33022 210.928,243.05365 C 210.928,243.05365 204.23311,239.43697 204.23311,239.43697 C 203.78717,239.19607 203.75848,238.77609 204.16385,238.4943 C 204.16385,238.4943 209.694,234.65 209.694,234.65 C 210.07817,234.38294 210.75554,234.33829 211.2176,234.55068 C 211.2176,234.55068 211.2176,234.55068 211.2176,234.55068"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5287"
-           d="M 233.15615,239.94299 C 233.15615,239.94299 226.44421,236.69379 226.44421,236.69379 C 225.78369,236.37403 224.84989,236.41177 224.348,236.77797 C 224.348,236.77797 219.29773,240.46286 219.29773,240.46286 C 218.78807,240.83472 218.90378,241.40005 219.55968,241.73088 C 219.55968,241.73088 226.22576,245.09312 226.22576,245.09312 C 226.90521,245.43582 227.86846,245.40352 228.38283,245.02018 C 228.38283,245.02018 233.47896,241.22224 233.47896,241.22224 C 233.98531,240.84488 233.84015,240.27412 233.15615,239.94299 C 233.15615,239.94299 233.15615,239.94299 233.15615,239.94299"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5289"
-           d="M 220.30432,227.87754 C 220.30432,227.87754 227.46486,231.13608 227.46486,231.13608 C 227.82573,231.3003 227.87475,231.60963 227.57378,231.82996 C 227.57378,231.82996 221.38229,236.3625 221.38229,236.3625 C 221.06565,236.59429 220.51407,236.64288 220.14663,236.4711 C 220.14663,236.4711 212.85793,233.06353 212.85793,233.06353 C 212.49851,232.8955 212.47011,232.57953 212.7932,232.35543 C 212.7932,232.35543 219.11286,227.97192 219.11286,227.97192 C 219.42016,227.75877 219.95112,227.71681 220.30432,227.87754 C 220.30432,227.87754 220.30432,227.87754 220.30432,227.87754"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 253.8328,253.35343 C 253.8328,253.35343 246.80705,249.98982 246.80705,249.98982 C 246.25118,249.7237 245.43236,249.7982 244.96971,250.15699 C 244.96971,250.15699 239.12467,254.6899 239.12467,254.6899 C 238.65231,255.05622 238.71907,255.57195 239.27581,255.84611 C 239.27581,255.84611 246.31353,259.3118 246.31353,259.3118 C 246.88258,259.59203 247.72148,259.51595 248.19294,259.14132 C 248.19294,259.14132 254.02601,254.50633 254.02601,254.50633 C 254.48765,254.13951 254.40082,253.62536 253.8328,253.35343 C 253.8328,253.35343 253.8328,253.35343 253.8328,253.35343"
-           id="path5291"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 241.69245,250.18836 C 241.69245,250.18836 246.86241,246.20217 246.86241,246.20217 C 247.27195,245.8864 247.09122,245.38581 246.45826,245.07965 C 246.45826,245.07965 238.59679,241.27706 238.59679,241.27706 C 237.97222,240.97496 237.13747,240.98108 236.72408,241.29091 C 236.72408,241.29091 231.50595,245.20176 231.50595,245.20176 C 231.08462,245.51753 231.25039,246.01986 231.87874,246.32792 C 231.87874,246.32792 239.78839,250.20585 239.78839,250.20585 C 240.42527,250.5181 241.27499,250.51024 241.69245,250.18836 C 241.69245,250.18836 241.69245,250.18836 241.69245,250.18836"
-           id="path5293"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5295"
-           d="M 262.29906,246.8676 C 262.29906,246.8676 254.88168,243.44853 254.88168,243.44853 C 254.50008,243.27263 253.95712,243.3153 253.66336,243.54406 C 253.66336,243.54406 248.0194,247.9394 248.0194,247.9394 C 247.72057,248.17212 247.78403,248.50657 248.1626,248.68946 C 248.1626,248.68946 255.52239,252.24492 255.52239,252.24492 C 255.9167,252.43541 256.47799,252.39569 256.77993,252.1557 C 256.77993,252.1557 262.48146,247.62397 262.48146,247.62397 C 262.77816,247.38815 262.69638,247.05074 262.29906,246.8676 C 262.29906,246.8676 262.29906,246.8676 262.29906,246.8676"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5297"
-           d="M 269.92313,240.18072 C 269.92313,240.18072 263.31143,237.09826 263.31143,237.09826 C 262.81933,236.86884 262.13676,236.90784 261.77997,237.18694 C 261.77997,237.18694 256.80537,241.07833 256.80537,241.07833 C 256.42536,241.3756 256.53169,241.80611 257.04493,242.04226 C 257.04493,242.04226 263.93919,245.21441 263.93919,245.21441 C 264.44655,245.44785 265.14436,245.3899 265.50271,245.08585 C 265.50271,245.08585 270.19479,241.10477 270.19479,241.10477 C 270.53139,240.81918 270.4098,240.40761 269.92313,240.18072 C 269.92313,240.18072 269.92313,240.18072 269.92313,240.18072"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5299"
-           d="M 284.15897,244.25926 C 284.15897,244.25926 290.08975,239.34554 290.08975,239.34554 C 290.3372,239.14053 290.25996,238.84705 289.91756,238.6876 C 289.91756,238.6876 282.05801,235.02758 282.05801,235.02758 C 281.73357,234.87649 281.27511,234.91294 281.02917,235.10924 C 281.02917,235.10924 275.13725,239.81168 275.13725,239.81168 C 274.88342,240.01427 274.9381,240.30589 275.26078,240.46561 C 275.26078,240.46561 283.08145,244.3369 283.08145,244.3369 C 283.42232,244.50564 283.90334,244.47105 284.15897,244.25926 C 284.15897,244.25926 284.15897,244.25926 284.15897,244.25926"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5301"
-           d="M 290.6347,228.41799 C 290.6347,228.41799 298.47677,231.7748 298.47677,231.7748 C 298.96904,231.98552 299.08998,232.38046 298.7459,232.65955 C 298.7459,232.65955 293.04479,237.28397 293.04479,237.28397 C 292.69915,237.56434 292.03399,237.60956 291.55538,237.38617 C 291.55538,237.38617 283.93166,233.82786 283.93166,233.82786 C 283.4873,233.62045 283.39853,233.2382 283.73091,232.97007 C 283.73091,232.97007 289.21363,228.54719 289.21363,228.54719 C 289.54456,228.28023 290.17756,228.22231 290.6347,228.41799 C 290.6347,228.41799 290.6347,228.41799 290.6347,228.41799"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5303"
-           d="M 301.86982,230.05516 C 301.86982,230.05516 306.72655,226.01075 306.72655,226.01075 C 307.20873,225.60921 307.07252,225.04406 306.41901,224.74173 C 306.41901,224.74173 299.71761,221.64153 299.71761,221.64153 C 299.02841,221.32268 298.06453,221.39571 297.55878,221.80728 C 297.55878,221.80728 292.46319,225.95398 292.46319,225.95398 C 291.94831,226.37298 292.11057,226.9602 292.82454,227.2686 C 292.82454,227.2686 299.76474,230.26652 299.76474,230.26652 C 300.44135,230.5588 301.37922,230.4637 301.86982,230.05516 C 301.86982,230.05516 301.86982,230.05516 301.86982,230.05516"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5305"
-           d="M 229.75901,221.51708 C 229.75901,221.51708 236.30365,224.3537 236.30365,224.3537 C 236.77779,224.55921 236.83816,224.95708 236.4374,225.2459 C 236.4374,225.2459 230.73685,229.35443 230.73685,229.35443 C 230.32395,229.65201 229.60775,229.71902 229.13267,229.50455 C 229.13267,229.50455 222.57677,226.54493 222.57677,226.54493 C 222.11612,226.33697 222.07952,225.93711 222.49312,225.64852 C 222.49312,225.64852 228.20494,221.66299 228.20494,221.66299 C 228.60659,221.38273 229.29903,221.31772 229.75901,221.51708 C 229.75901,221.51708 229.75901,221.51708 229.75901,221.51708"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5307"
-           d="M 241.4331,233.77444 C 241.4331,233.77444 234.86702,230.51453 234.86702,230.51453 C 234.2884,230.22725 233.46852,230.2512 233.03004,230.56861 C 233.03004,230.56861 228.00571,234.20578 228.00571,234.20578 C 227.5701,234.52112 227.69,235.00165 228.27321,235.28282 C 228.27321,235.28282 234.89177,238.47354 234.89177,238.47354 C 235.46008,238.74751 236.26364,238.71874 236.69472,238.40938 C 236.69472,238.40938 241.66657,234.84141 241.66657,234.84141 C 242.10045,234.53004 241.99687,234.05434 241.4331,233.77444 C 241.4331,233.77444 241.4331,233.77444 241.4331,233.77444"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5309"
-           d="M 250.21733,243.40142 C 250.21733,243.40142 255.39176,239.30139 255.39176,239.30139 C 255.89164,238.9053 255.71333,238.31587 254.9964,237.97824 C 254.9964,237.97824 247.93065,234.65074 247.93065,234.65074 C 247.23226,234.32185 246.25306,234.35802 245.73067,234.73327 C 245.73067,234.73327 240.32649,238.61528 240.32649,238.61528 C 239.76575,239.01809 239.8905,239.62564 240.61117,239.97588 C 240.61117,239.97588 247.90666,243.52145 247.90666,243.52145 C 248.64734,243.88142 249.68011,243.82709 250.21733,243.40142 C 250.21733,243.40142 250.21733,243.40142 250.21733,243.40142"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 259.03235,236.38432 C 259.03235,236.38432 264.00233,232.5172 264.00233,232.5172 C 264.49375,232.13483 264.28734,231.56751 263.54605,231.2468 C 263.54605,231.2468 256.4643,228.18292 256.4643,228.18292 C 255.78568,227.88932 254.86097,227.94181 254.38524,228.29923 C 254.38524,228.29923 249.57716,231.91156 249.57716,231.91156 C 249.08982,232.2777 249.22635,232.82706 249.889,233.14485 C 249.889,233.14485 256.80881,236.46342 256.80881,236.46342 C 257.53364,236.81102 258.52826,236.77654 259.03235,236.38432 C 259.03235,236.38432 259.03235,236.38432 259.03235,236.38432"
-           id="path5311"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5313"
-           d="M 249.92718,227.47874 C 249.92718,227.47874 243.57843,224.26363 243.57843,224.26363 C 242.94161,223.94113 242.03351,223.96693 241.54071,224.32288 C 241.54071,224.32288 236.50753,227.95826 236.50753,227.95826 C 235.99196,228.33065 236.10354,228.89802 236.75945,229.2289 C 236.75945,229.2289 243.29817,232.52743 243.29817,232.52743 C 243.95188,232.8572 244.8789,232.81481 245.37499,232.4339 C 245.37499,232.4339 250.21821,228.7151 250.21821,228.7151 C 250.69243,228.35098 250.56193,227.80019 249.92718,227.47874 C 249.92718,227.47874 249.92718,227.47874 249.92718,227.47874"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5315"
-           d="M 278.37779,233.42877 C 278.37779,233.42877 271.86628,230.49633 271.86628,230.49633 C 271.35525,230.26619 270.61009,230.34047 270.19363,230.66278 C 270.19363,230.66278 264.92861,234.73754 264.92861,234.73754 C 264.50283,235.06706 264.56772,235.52596 265.07602,235.76657 C 265.07602,235.76657 271.55435,238.83315 271.55435,238.83315 C 272.08251,239.08315 272.85436,239.01044 273.28293,238.66998 C 273.28293,238.66998 278.58112,234.46107 278.58112,234.46107 C 279.00009,234.12824 278.90852,233.66778 278.37779,233.42877 C 278.37779,233.42877 278.37779,233.42877 278.37779,233.42877"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 286.64967,226.73945 C 286.64967,226.73945 280.75469,223.85413 280.75469,223.85413 C 280.1553,223.56076 279.26816,223.63562 278.7659,224.02366 C 278.7659,224.02366 273.67528,227.95655 273.67528,227.95655 C 273.15783,228.35631 273.24091,228.914 273.86123,229.20522 C 273.86123,229.20522 279.9603,232.06855 279.9603,232.06855 C 280.56171,232.3509 281.4454,232.25691 281.94196,231.85949 C 281.94196,231.85949 286.82847,227.94856 286.82847,227.94856 C 287.31074,227.56258 287.23111,227.02404 286.64967,226.73945 C 286.64967,226.73945 286.64967,226.73945 286.64967,226.73945"
-           id="path5317"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5319"
-           d="M 267.6823,229.91307 C 267.6823,229.91307 272.46908,226.23566 272.46908,226.23566 C 272.94434,225.87054 272.74124,225.3253 272.01611,225.01342 C 272.01611,225.01342 264.88193,221.94496 264.88193,221.94496 C 264.17799,221.64219 263.23154,221.68466 262.7575,222.03994 C 262.7575,222.03994 257.98381,225.61763 257.98381,225.61763 C 257.50171,225.97894 257.67724,226.52125 258.37978,226.83381 C 258.37978,226.83381 265.50086,230.00199 265.50086,230.00199 C 266.22477,230.32406 267.1988,230.28451 267.6823,229.91307 C 267.6823,229.91307 267.6823,229.91307 267.6823,229.91307"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 258.51488,221.22986 C 258.51488,221.22986 252.19037,218.21416 252.19037,218.21416 C 251.57618,217.9213 250.69327,217.96397 250.20557,218.30991 C 250.20557,218.30991 245.20204,221.8591 245.20204,221.8591 C 244.68719,222.22431 244.76403,222.77336 245.37981,223.09013 C 245.37981,223.09013 251.72747,226.35547 251.72747,226.35547 C 252.38375,226.69307 253.32987,226.6498 253.84288,226.25849 C 253.84288,226.25849 258.82312,222.45965 258.82312,222.45965 C 259.30803,222.08977 259.16806,221.54132 258.51488,221.22986 C 258.51488,221.22986 258.51488,221.22986 258.51488,221.22986"
-           id="path5321"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5323"
-           d="M 239.22906,214.77058 C 239.22906,214.77058 245.75948,217.65839 245.75948,217.65839 C 246.22836,217.86574 246.27624,218.27214 245.86583,218.5699 C 245.86583,218.5699 240.04074,222.79608 240.04074,222.79608 C 239.61975,223.10153 238.89933,223.17644 238.42646,222.96374 C 238.42646,222.96374 231.84118,220.00174 231.84118,220.00174 C 231.37421,219.79169 231.34116,219.38081 231.76608,219.08076 C 231.76608,219.08076 237.64602,214.92874 237.64602,214.92874 C 238.06034,214.63619 238.76594,214.56577 239.22906,214.77058 C 239.22906,214.77058 239.22906,214.77058 239.22906,214.77058"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5325"
-           d="M 247.90724,208.64597 C 247.90724,208.64597 254.53759,211.50631 254.53759,211.50631 C 255.01636,211.71285 255.09618,212.10048 254.71562,212.37537 C 254.71562,212.37537 249.34818,216.25246 249.34818,216.25246 C 248.96271,216.5309 248.26761,216.58434 247.79061,216.37235 C 247.79061,216.37235 241.18538,213.43689 241.18538,213.43689 C 240.71963,213.22991 240.65428,212.84354 241.03791,212.57052 C 241.03791,212.57052 246.38024,208.76857 246.38024,208.76857 C 246.75905,208.49898 247.43968,208.44427 247.90724,208.64597 C 247.90724,208.64597 247.90724,208.64597 247.90724,208.64597"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5327"
-           d="M 266.53609,215.35847 C 266.53609,215.35847 260.2425,212.50539 260.2425,212.50539 C 259.63111,212.22823 258.77381,212.26339 258.31648,212.58345 C 258.31648,212.58345 253.69899,215.81504 253.69899,215.81504 C 253.23142,216.14228 253.3369,216.6411 253.93933,216.93434 C 253.93933,216.93434 260.14335,219.95417 260.14335,219.95417 C 260.78415,220.26608 261.68732,220.24081 262.16416,219.89654 C 262.16416,219.89654 266.87121,216.49816 266.87121,216.49816 C 267.3372,216.16172 267.18586,215.65303 266.53609,215.35847 C 266.53609,215.35847 266.53609,215.35847 266.53609,215.35847"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5329"
-           d="M 275.86123,223.49708 C 275.86123,223.49708 280.69597,219.76003 280.69597,219.76003 C 281.17477,219.38993 280.98509,218.85214 280.27334,218.55429 C 280.27334,218.55429 273.2735,215.62511 273.2735,215.62511 C 272.58309,215.3362 271.64347,215.39287 271.16418,215.75208 C 271.16418,215.75208 266.32552,219.37853 266.32552,219.37853 C 265.83563,219.74569 265.99513,220.28253 266.68578,220.58229 C 266.68578,220.58229 273.68954,223.62208 273.68954,223.62208 C 274.40184,223.93123 275.37164,223.87552 275.86123,223.49708 C 275.86123,223.49708 275.86123,223.49708 275.86123,223.49708"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 282.59083,221.04513 C 282.59083,221.04513 287.71903,217.05699 287.71903,217.05699 C 288.22587,216.66285 289.08472,216.56532 289.64647,216.83783 C 289.64647,216.83783 295.29725,219.57907 295.29725,219.57907 C 295.86731,219.85561 295.92338,220.40166 295.42118,220.80393 C 295.42118,220.80393 290.33924,224.87461 290.33924,224.87461 C 289.82349,225.28773 288.94404,225.3914 288.36924,225.1065 C 288.36924,225.1065 282.67221,222.28271 282.67221,222.28271 C 282.10592,222.00203 282.07045,221.44982 282.59083,221.04513 C 282.59083,221.04513 282.59083,221.04513 282.59083,221.04513"
-           id="path5331"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5333"
-           d="M 273.82385,209.9072 C 273.82385,209.9072 267.67742,207.1135 267.67742,207.1135 C 267.05691,206.83146 266.21983,206.85051 265.80038,207.15733 C 265.80038,207.15733 261.55003,210.26641 261.55003,210.26641 C 261.11807,210.58238 261.28238,211.06634 261.91859,211.35037 C 261.91859,211.35037 268.21969,214.1634 268.21969,214.1634 C 268.84554,214.4428 269.68458,214.41091 270.10075,214.09302 C 270.10075,214.09302 274.19645,210.96462 274.19645,210.96462 C 274.60069,210.65585 274.43443,210.18473 273.82385,209.9072 C 273.82385,209.9072 273.82385,209.9072 273.82385,209.9072"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5335"
-           d="M 257.3726,201.76885 C 257.3726,201.76885 264.64202,204.86157 264.64202,204.86157 C 264.95177,204.99335 264.97965,205.26073 264.70378,205.46149 C 264.70378,205.46149 257.98723,210.34941 257.98723,210.34941 C 257.69315,210.56343 257.19866,210.62527 256.87934,210.48761 C 256.87934,210.48761 249.38649,207.25742 249.38649,207.25742 C 249.07032,207.12112 249.06104,206.84361 249.36486,206.63564 C 249.36486,206.63564 256.30482,201.88518 256.30482,201.88518 C 256.58991,201.69003 257.06581,201.63832 257.3726,201.76885 C 257.3726,201.76885 257.3726,201.76885 257.3726,201.76885"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5337"
-           d="M 284.0905,217.40082 C 284.0905,217.40082 288.28521,214.18116 288.28521,214.18116 C 288.70353,213.86008 288.47298,213.36105 287.76806,213.06182 C 287.76806,213.06182 280.69745,210.06045 280.69745,210.06045 C 279.9862,209.75854 279.07181,209.77379 278.64748,210.09508 C 278.64748,210.09508 274.39236,213.31696 274.39236,213.31696 C 273.96443,213.64097 274.19761,214.14507 274.91495,214.44677 C 274.91495,214.44677 282.04596,217.44592 282.04596,217.44592 C 282.75689,217.74492 283.66866,217.7246 284.0905,217.40082 C 284.0905,217.40082 284.0905,217.40082 284.0905,217.40082"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5339"
-           d="M 300.10154,217.06983 C 300.10154,217.06983 316.31837,203.96829 316.31837,203.96829 C 317.07607,203.35614 317.4003,202.7538 317.04873,202.61609 C 317.04873,202.61609 310.03269,199.86796 310.03269,199.86796 C 309.70146,199.73822 308.83575,200.10447 308.08844,200.69068 C 308.08844,200.69068 292.11577,213.22035 292.11577,213.22035 C 291.30809,213.85393 290.91207,214.49139 291.23134,214.64793 C 291.23134,214.64793 298.003,217.96805 298.003,217.96805 C 298.34279,218.13465 299.2804,217.73322 300.10154,217.06983 C 300.10154,217.06983 300.10154,217.06983 300.10154,217.06983"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 291.15172,211.81971 C 291.15172,211.81971 294.95784,208.85652 294.95784,208.85652 C 295.33535,208.56261 295.06588,208.08714 294.35728,207.79127 C 294.35728,207.79127 287.46322,204.91266 287.46322,204.91266 C 286.7905,204.63177 285.951,204.6327 285.57753,204.91398 C 285.57753,204.91398 281.81341,207.749 281.81341,207.749 C 281.43293,208.03556 281.66197,208.50175 282.33038,208.79505 C 282.33038,208.79505 289.18243,211.80181 289.18243,211.80181 C 289.88692,212.11095 290.76688,212.11932 291.15172,211.81971 C 291.15172,211.81971 291.15172,211.81971 291.15172,211.81971"
-           id="path5341"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           d="M 279.78845,205.15721 C 279.78845,205.15721 273.64923,202.7238 273.64923,202.7238 C 273.07415,202.49585 272.35188,202.50572 272.02271,202.74427 C 272.02271,202.74427 268.6721,205.17246 268.6721,205.17246 C 268.33004,205.42034 268.50084,205.82253 269.06217,206.07617 C 269.06217,206.07617 275.0647,208.78839 275.0647,208.78839 C 275.70867,209.07937 276.52129,209.09274 276.87788,208.8159 C 276.87788,208.8159 280.365,206.10863 280.365,206.10863 C 280.70701,205.84311 280.44598,205.41784 279.78845,205.15721 C 279.78845,205.15721 279.78845,205.15721 279.78845,205.15721"
-           id="path5343"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5345"
-           d="M 266.63729,203.4528 C 266.63729,203.4528 259.22437,200.28887 259.22437,200.28887 C 258.90107,200.15088 259.26093,199.6067 260.02623,199.07179 C 260.02623,199.07179 276.04515,187.8754 276.04515,187.8754 C 276.70328,187.4154 277.47826,187.14286 277.78675,187.26189 C 277.78675,187.26189 284.85126,189.98782 284.85126,189.98782 C 285.16872,190.11032 284.90984,190.59119 284.26684,191.06857 C 284.26684,191.06857 268.59644,202.70261 268.59644,202.70261 C 267.84684,203.25912 266.97083,203.59516 266.63729,203.4528 C 266.63729,203.4528 266.63729,203.4528 266.63729,203.4528"
-           style="opacity:0.99720004;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-        <path
-           id="path5347"
-           sodipodi:nodetypes="cccccssssccccc"
-           d="M 306.08894,198.05464 C 306.08894,198.05464 289.86483,191.75754 289.86483,191.75754 C 288.75309,191.32603 287.34294,191.34222 286.72043,191.80216 C 286.72043,191.80216 275.86985,199.81916 275.86985,199.81916 C 275.21811,200.30071 275.08509,200.71469 276.34881,201.06644 L 282.51762,203.58752 C 283.51554,203.99535 283.51356,204.01646 284.38014,203.38499 L 285.53498,202.54346 C 285.7875,202.35945 286.54428,202.2881 287.35569,202.6377 L 295.71352,206.2387 C 296.63524,206.49525 297.43593,206.57335 297.95625,206.16455 C 297.95625,206.16455 306.65122,199.3329 306.65122,199.3329 C 307.15193,198.93949 306.90591,198.37173 306.08894,198.05464 C 306.08894,198.05464 306.08894,198.05464 306.08894,198.05464"
-           style="opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-      </g>
-      <path
-         d="M 195.84384,316.18138 C 198.01729,317.52381 197.72963,318.48268 195.26851,320.68809 C 192.78733,322.9115 196.00365,319.69726 196.67486,318.67446 C 197.37566,317.60657 193.70779,314.86206 195.84384,316.18138 z "
-         sodipodi:nodetypes="czzz"
-         id="path2379"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3350"
-         sodipodi:nodetypes="czzz"
-         d="M 216.172,300.16816 C 218.34546,301.51059 218.79294,302.1818 216.33181,304.38722 C 213.85064,306.61061 216.81125,303.42834 217.61032,302.34161 C 218.38754,301.28458 214.03595,298.84884 216.172,300.16816 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 206.4554,308.31861 C 208.62885,309.66103 209.20418,310.14046 206.74306,312.34587 C 204.26188,314.56927 207.35035,311.1313 207.82978,310.49205 C 208.39381,309.74001 204.31935,306.99928 206.4554,308.31861 z "
-         sodipodi:nodetypes="czzz"
-         id="path3352"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3354"
-         sodipodi:nodetypes="czzz"
-         d="M 225.50506,292.46519 C 227.67851,293.80762 228.25383,294.28706 225.79272,296.49247 C 223.31154,298.71586 227.0073,295.62948 226.78356,294.4149 C 226.56079,293.20564 223.36901,291.14588 225.50506,292.46519 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3356"
-         sodipodi:nodetypes="czzz"
-         d="M 203.49886,293.36015 C 205.63491,294.67947 206.0239,295.13407 203.48288,297.25957 C 200.9308,299.39433 204.5367,295.76662 204.79335,295.2779 C 205.04344,294.80165 201.36281,292.04083 203.49886,293.36015 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 189.00386,289.3009 C 191.59281,290.73922 191.94897,291.213 189.29153,293.32818 C 186.61856,295.45568 190.37824,292.20949 190.37824,291.21865 C 190.37824,290.19585 186.42834,287.87006 189.00386,289.3009 z "
-         sodipodi:nodetypes="czzz"
-         id="path3358"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3360"
-         sodipodi:nodetypes="czzz"
-         d="M 171.16877,285.43344 C 173.47007,286.64801 174.17325,287.38316 171.45643,289.46072 C 168.74413,291.53484 172.83082,288.34203 172.60709,287.38316 C 172.36917,286.36356 168.8898,284.23064 171.16877,285.43344 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 155.9546,281.50205 C 158.12806,282.78055 158.83124,283.54764 156.24227,285.52933 C 153.64201,287.51964 157.42488,284.66634 157.20114,283.38784 C 156.97829,282.11439 153.75272,280.20681 155.9546,281.50205 z "
-         sodipodi:nodetypes="czzz"
-         id="path3362"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 161.10057,292.56108 C 163.27403,293.9035 163.96914,294.4897 161.38823,296.58835 C 158.81117,298.6839 157.15517,299.80076 160.6531,296.71621 C 164.16898,293.61583 158.96453,291.24176 161.10057,292.56108 z "
-         sodipodi:nodetypes="czzz"
-         id="path3364"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 178.74389,296.62031 C 182.35566,298.53807 181.81229,298.31433 176.12296,302.85301 C 170.44917,307.37928 178.76168,300.08938 179.60688,299.14536 C 180.42197,298.23497 175.15702,294.71579 178.74389,296.62031 z "
-         sodipodi:nodetypes="czzz"
-         id="path3366"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 193.22292,300.42386 C 195.39636,301.76628 195.49224,303.36442 189.3874,308.28664 C 183.26317,313.22451 195.05807,303.89438 193.51058,301.89414 C 192.00596,299.94933 191.08687,299.10454 193.22292,300.42386 z "
-         sodipodi:nodetypes="czzz"
-         id="path3368"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3370"
-         sodipodi:nodetypes="czzz"
-         d="M 145.18324,288.69362 C 147.80416,290.22781 147.8681,290.89903 145.18324,292.91266 C 142.52875,294.90353 146.62155,291.63417 146.39782,290.67529 C 146.18115,289.74671 142.58609,287.17332 145.18324,288.69362 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3372"
-         sodipodi:nodetypes="czzz"
-         d="M 165.73514,274.56618 C 167.9086,275.9086 168.61177,276.57982 166.0228,278.59347 C 163.40256,280.63143 166.7899,277.25103 167.20542,276.73963 C 167.59048,276.2657 163.5991,273.24685 165.73514,274.56618 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 181.26892,278.14598 C 183.44237,279.48841 184.0177,279.96784 181.55659,282.17326 C 179.07541,284.39665 182.5794,281.34223 182.35566,280.06373 C 182.13279,278.79029 179.13287,276.82666 181.26892,278.14598 z "
-         sodipodi:nodetypes="czzz"
-         id="path3374"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3376"
-         sodipodi:nodetypes="czzz"
-         d="M 198.2659,281.884 C 200.43936,283.22641 201.01468,283.70585 198.55356,285.91126 C 196.07238,288.13466 199.57637,285.08024 199.35263,283.80174 C 199.12976,282.52829 196.12986,280.56467 198.2659,281.884 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 213.08942,285.57681 C 215.8957,286.96443 216.29022,287.35347 213.37708,289.60408 C 210.50713,291.82133 214.72017,288.27028 214.62817,287.40415 C 214.54091,286.58272 210.2463,284.17095 213.08942,285.57681 z "
-         sodipodi:nodetypes="czzz"
-         id="path3378"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3380"
-         sodipodi:nodetypes="czzz"
-         d="M 175.13212,267.66227 C 177.30557,269.00471 177.99635,269.63282 175.41979,271.68956 C 172.87468,273.72117 176.44259,270.7946 176.41062,269.64395 C 176.37866,268.4933 172.99607,266.34296 175.13212,267.66227 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3382"
-         sodipodi:nodetypes="czzz"
-         d="M 190.72984,270.85853 C 192.96721,272.0731 193.60646,272.74431 191.01751,274.88581 C 188.47105,276.99212 192.23208,274.11871 192.00834,272.84021 C 191.78548,271.56676 188.48472,269.63975 190.72984,270.85853 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 207.55763,274.67852 C 209.73109,276.02094 210.30641,276.50038 207.8453,278.70579 C 205.36412,280.92919 208.8681,277.87477 208.64437,276.59627 C 208.4215,275.32282 205.42158,273.35919 207.55763,274.67852 z "
-         sodipodi:nodetypes="czzz"
-         id="path3384"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3386"
-         sodipodi:nodetypes="czzz"
-         d="M 223.20376,277.63457 C 226.23604,279.29342 225.95254,279.45644 223.49142,281.66186 C 221.01023,283.88525 224.74999,280.23696 224.6521,279.41673 C 224.56485,278.6857 220.20621,275.99474 223.20376,277.63457 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 277.38117,248.70302 C 281.95031,251.26589 281.48626,250.13465 270.88855,258.92295 C 260.38024,267.63712 274.33964,254.68517 277.12282,252.1444 C 279.88337,249.62427 272.7431,246.10148 277.38117,248.70302 z "
-         sodipodi:nodetypes="czzz"
-         id="path3388"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3390"
-         sodipodi:nodetypes="czzz"
-         d="M 231.57794,270.34712 C 233.75139,271.68956 234.32672,272.16899 231.86561,274.37441 C 229.38442,276.5978 232.88839,273.54338 232.66467,272.26488 C 232.4418,270.99143 229.44189,269.02781 231.57794,270.34712 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 241.29454,263.69892 C 243.46799,265.04135 244.04332,265.52079 241.58221,267.72621 C 239.10103,269.9496 242.60501,266.89517 242.38128,265.61667 C 242.15841,264.34322 239.15849,262.3796 241.29454,263.69892 z "
-         sodipodi:nodetypes="czzz"
-         id="path3392"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3394"
-         sodipodi:nodetypes="czzz"
-         d="M 250.24405,256.53932 C 252.4175,257.88175 252.99283,258.36119 250.53172,260.5666 C 248.05053,262.78999 251.55451,259.73557 251.33077,258.45707 C 251.10792,257.18362 248.10801,255.21999 250.24405,256.53932 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 258.68216,249.37971 C 260.85561,250.72214 261.43093,251.20158 258.96982,253.40699 C 256.48864,255.63038 259.99262,252.57596 259.76888,251.29747 C 259.54603,250.02402 256.54611,248.06039 258.68216,249.37971 z "
-         sodipodi:nodetypes="czzz"
-         id="path3396"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3398"
-         sodipodi:nodetypes="czzz"
-         d="M 215.08528,267.40658 C 217.25872,268.749 217.83405,269.22845 215.37294,271.43386 C 212.89175,273.65725 216.39574,270.60283 216.172,269.32432 C 215.94914,268.05088 212.94923,266.08725 215.08528,267.40658 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 200.54781,263.45098 C 204.31939,265.43265 203.68014,265.40068 200.83547,267.47825 C 198.05046,269.51225 201.27066,266.64722 202.04136,265.54954 C 202.78342,264.49262 196.80222,261.48295 200.54781,263.45098 z "
-         sodipodi:nodetypes="czzz"
-         id="path3400"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3402"
-         sodipodi:nodetypes="czzz"
-         d="M 185.48798,260.50267 C 188.30069,262.16472 188.68423,262.2606 185.77564,264.52995 C 182.90663,266.76843 187.05414,263.76284 186.83041,262.48434 C 186.60755,261.21089 182.72253,258.86853 185.48798,260.50267 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 194.50141,253.47091 C 196.67486,254.81334 197.25018,255.29277 194.78907,257.49819 C 192.30789,259.72159 195.81187,256.66717 195.58814,255.38867 C 195.36528,254.11522 192.36537,252.15159 194.50141,253.47091 z "
-         sodipodi:nodetypes="czzz"
-         id="path3404"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3406"
-         sodipodi:nodetypes="czzz"
-         d="M 204.79335,246.88664 C 206.96679,248.22906 207.54211,248.7085 205.081,250.91391 C 202.59982,253.13731 206.10381,250.08289 205.88007,248.80439 C 205.65721,247.53094 202.6573,245.56731 204.79335,246.88664 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 209.97127,256.34754 C 212.14473,257.68997 212.72004,258.16941 210.25893,260.37482 C 207.77775,262.59821 211.28174,259.54379 211.058,258.26529 C 210.83513,256.99184 207.83522,255.02823 209.97127,256.34754 z "
-         sodipodi:nodetypes="czzz"
-         id="path3408"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3410"
-         sodipodi:nodetypes="czzz"
-         d="M 219.94358,248.99617 C 222.11703,250.33858 222.69236,250.81803 220.23124,253.02345 C 217.75006,255.24684 221.25405,252.19241 221.03031,250.91391 C 220.80745,249.64046 217.80754,247.67683 219.94358,248.99617 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 226.08039,260.5666 C 228.25383,261.90901 228.82916,262.38845 226.36805,264.59388 C 223.88687,266.81727 227.39085,263.76284 227.16711,262.48434 C 226.94426,261.21089 223.94434,259.24727 226.08039,260.5666 z "
-         sodipodi:nodetypes="czzz"
-         id="path3412"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3414"
-         sodipodi:nodetypes="czzz"
-         d="M 234.39063,254.11016 C 236.56408,255.4526 237.13941,255.93204 234.6783,258.13745 C 232.19712,260.36084 235.70111,257.30642 235.47737,256.02792 C 235.25451,254.75447 232.25458,252.79084 234.39063,254.11016 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 229.27663,242.2201 C 231.45009,243.56254 232.02541,244.04197 229.5643,246.24738 C 227.08312,248.47078 230.58711,245.41636 230.36337,244.13786 C 230.1405,242.86442 227.14058,240.90079 229.27663,242.2201 z "
-         sodipodi:nodetypes="czzz"
-         id="path3416"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3418"
-         sodipodi:nodetypes="czzz"
-         d="M 243.0141,247.59302 C 245.39457,248.78588 245.85328,249.41488 243.39217,251.6203 C 240.91099,253.84369 244.68618,250.11125 244.59804,249.42037 C 244.51044,248.73372 240.56163,246.3641 243.0141,247.59302 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 213.8707,239.98274 C 216.04415,241.32515 216.61948,241.8046 214.15837,244.01001 C 211.67717,246.23341 215.18116,243.17898 214.95742,241.90048 C 214.73456,240.62703 211.73465,238.66341 213.8707,239.98274 z "
-         sodipodi:nodetypes="czzz"
-         id="path3420"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3422"
-         sodipodi:nodetypes="czzz"
-         d="M 222.91837,233.04137 C 225.31782,234.20299 225.93836,234.99885 223.20602,237.06866 C 220.48021,239.13354 224.63565,235.424 224.54751,234.77832 C 224.44726,234.04379 220.53635,231.8882 222.91837,233.04137 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 246.64686,229.49127 C 249.00111,230.74329 249.89286,231.08713 246.93452,233.51855 C 243.99824,235.93184 248.36413,232.59712 248.14039,231.31861 C 247.91754,230.04517 244.31107,228.24907 246.64686,229.49127 z "
-         sodipodi:nodetypes="czzz"
-         id="path3424"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3426"
-         sodipodi:nodetypes="czzz"
-         d="M 237.71153,235.84633 C 240.02059,237.03055 240.64112,237.84899 237.9992,239.87362 C 235.36048,241.89576 239.38361,238.50015 239.25027,237.67368 C 239.10149,236.75149 235.41158,234.66678 237.71153,235.84633 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 284.38244,228.84004 C 286.66889,230.04686 287.0481,230.84805 284.67009,232.86732 C 282.27897,234.89772 285.51201,231.73741 285.85337,231.07421 C 286.18578,230.42841 282.11363,227.64254 284.38244,228.84004 z "
-         sodipodi:nodetypes="czzz"
-         id="path3428"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3430"
-         sodipodi:nodetypes="czzz"
-         d="M 232.52396,226.41189 C 234.78783,227.52831 235.40834,228.14335 232.81163,230.16796 C 230.19284,232.20977 234.24125,228.7945 234.06271,228.10364 C 233.88666,227.4224 230.2964,225.31338 232.52396,226.41189 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 242.49949,219.69334 C 245.873,221.52582 244.75103,221.244 242.19951,223.3138 C 239.67516,225.36158 243.76147,221.8425 243.54101,221.11387 C 243.32053,220.38523 239.12596,217.86086 242.49949,219.69334 z "
-         sodipodi:nodetypes="czzz"
-         id="path3432"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3434"
-         sodipodi:nodetypes="czzz"
-         d="M 255.29092,223.29442 C 257.75818,224.59164 258.28831,225.25187 255.57858,227.32169 C 252.87211,229.38902 256.89519,225.88045 256.80705,225.21217 C 256.71558,224.51847 252.84135,222.00649 255.29092,223.29442 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 269.10194,227.3895 C 271.27539,228.73192 271.85071,229.21136 269.3896,231.41677 C 266.90842,233.64017 270.41241,230.58576 270.18867,229.30725 C 269.96581,228.0338 266.96589,226.07017 269.10194,227.3895 z "
-         sodipodi:nodetypes="czzz"
-         id="path3436"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3438"
-         sodipodi:nodetypes="czzz"
-         d="M 260.47206,233.782 C 262.64551,235.12443 263.22084,235.60386 260.75972,237.80927 C 258.27854,240.03267 261.78252,236.97826 261.55878,235.69975 C 261.33593,234.42631 258.33601,232.46268 260.47206,233.782 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 252.00426,240.41924 C 254.76534,241.85208 254.88865,242.2863 252.29193,244.44653 C 249.69924,246.60338 253.58595,242.98267 253.49781,242.15619 C 253.40345,241.27142 249.33359,239.0316 252.00426,240.41924 z "
-         sodipodi:nodetypes="czzz"
-         id="path3440"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3442"
-         sodipodi:nodetypes="czzz"
-         d="M 266.73671,242.2201 C 268.91017,243.56254 269.4855,244.04197 267.02438,246.24738 C 264.54319,248.47078 268.04717,245.41636 267.82343,244.13786 C 267.60058,242.86442 264.60067,240.90079 266.73671,242.2201 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 275.77863,235.80888 C 278.29108,237.0157 278.6856,237.56294 276.08889,239.70055 C 273.50776,241.82532 277.52012,238.29917 277.43037,237.50061 C 277.34312,236.7244 273.32091,234.62837 275.77863,235.80888 z "
-         sodipodi:nodetypes="czzz"
-         id="path3444"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3446"
-         sodipodi:nodetypes="czzz"
-         d="M 286.95302,240.94161 C 289.63786,242.37993 289.92552,242.74749 287.24067,244.96888 C 284.57146,247.17734 287.44366,244.39791 288.24749,243.37076 C 289.03146,242.369 284.28786,239.51385 286.95302,240.94161 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 295.77487,234.08611 C 298.28732,235.22513 298.70444,235.86277 296.06253,238.11339 C 293.44279,240.34511 296.0466,237.62948 297.1102,236.38809 C 298.1513,235.17297 293.28962,232.95944 295.77487,234.08611 z "
-         sodipodi:nodetypes="czzz"
-         id="path3448"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3450"
-         sodipodi:nodetypes="czzz"
-         d="M 304.36663,227.14477 C 306.83388,228.44201 307.1154,228.96663 304.65428,231.17204 C 302.17311,233.39544 304.72941,230.49547 305.36295,229.31112 C 306.04412,228.03769 301.92637,225.86174 304.36663,227.14477 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 293.12178,221.54036 C 295.47102,222.691 295.98242,223.42615 293.40945,225.56763 C 290.83798,227.70786 294.60852,224.14154 294.54411,223.33025 C 294.48107,222.53624 290.77257,220.38972 293.12178,221.54036 z "
-         sodipodi:nodetypes="czzz"
-         id="path3452"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3454"
-         sodipodi:nodetypes="czzz"
-         d="M 277.5149,220.70385 C 280.36638,222.31747 280.39928,222.70652 277.80256,224.73113 C 275.18377,226.77294 276.77322,224.86768 278.55642,223.48044 C 280.36765,222.07138 274.77049,219.15079 277.5149,220.70385 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 263.22084,217.41719 C 265.39428,218.75961 265.96961,219.23905 263.5085,221.44447 C 261.02732,223.66786 264.5313,220.61343 264.30756,219.33494 C 264.08471,218.06149 261.08479,216.09787 263.22084,217.41719 z "
-         sodipodi:nodetypes="czzz"
-         id="path3456"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3458"
-         sodipodi:nodetypes="czzz"
-         d="M 251.15585,213.31501 C 254.39256,214.77625 254.35665,214.86567 251.3531,216.98068 C 248.32814,219.11078 252.86671,215.85366 252.60418,214.91636 C 252.33613,213.95933 247.95664,211.87072 251.15585,213.31501 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 260.85561,206.10245 C 263.02906,207.44489 263.60438,207.92432 261.14327,210.12974 C 258.66209,212.35313 262.16607,209.29871 261.94234,208.02022 C 261.71947,206.74677 258.71956,204.78313 260.85561,206.10245 z "
-         sodipodi:nodetypes="czzz"
-         id="path3460"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3462"
-         sodipodi:nodetypes="czzz"
-         d="M 271.01969,211.72786 C 273.19314,213.07028 273.76847,213.54972 271.30736,215.75513 C 268.82618,217.97853 272.33015,214.92411 272.10641,213.64561 C 271.88356,212.37216 268.88364,210.40854 271.01969,211.72786 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 284.99091,214.99901 C 287.70679,216.25102 288.10131,216.82086 285.27858,219.02628 C 282.51164,221.18811 285.03572,219.0993 286.34886,217.27838 C 287.55847,215.60098 282.34938,213.78125 284.99091,214.99901 z "
-         sodipodi:nodetypes="czzz"
-         id="path3464"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3466"
-         sodipodi:nodetypes="czzz"
-         d="M 276.90079,206.80563 C 279.07425,208.14806 279.64957,208.6275 277.18845,210.83291 C 274.70727,213.05631 278.21126,210.00188 277.98752,208.72339 C 277.76466,207.44994 274.76474,205.48631 276.90079,206.80563 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 292.17888,209.68226 C 294.35233,211.02468 294.92766,211.50412 292.46654,213.70954 C 289.98536,215.93294 293.48934,212.87852 293.2656,211.60001 C 293.04275,210.32657 290.04283,208.36293 292.17888,209.68226 z "
-         sodipodi:nodetypes="czzz"
-         id="path3468"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3470"
-         sodipodi:nodetypes="czzz"
-         d="M 314.68049,204.24863 C 317.7489,205.39928 317.87645,205.56214 311.38835,210.80095 C 304.93164,216.01443 312.98405,209.0753 315.15994,207.02937 C 317.35285,204.96744 311.62248,203.10188 314.68049,204.24863 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         d="M 303.62147,199.96565 C 305.79492,201.30808 306.37025,201.78752 303.90913,203.99293 C 301.42794,206.21632 304.93192,203.16191 304.70818,201.8834 C 304.48533,200.60995 301.48542,198.64633 303.62147,199.96565 z "
-         sodipodi:nodetypes="czzz"
-         id="path3472"
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3474"
-         sodipodi:nodetypes="czzz"
-         d="M 281.07787,191.30607 C 284.96899,192.8745 284.82107,192.72112 278.69861,197.41265 C 272.5826,202.09922 281.39387,194.86394 282.66181,193.63065 C 283.93119,192.39593 277.15462,189.7247 281.07787,191.30607 z "
-         style="fill:#ffffff;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         id="path3477"
-         d="M 247.0478,21.870476 L 41.113266,89.503174 L 48.496608,139.14097 C 116.54867,104.13919 192.87556,126.61352 246.15284,103.7265 L 247.0478,21.870476 z "
-         style="fill:url(#linearGradient2500);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         inkscape:transform-center-x="21.926591"
-         inkscape:transform-center-y="-98.60823"
-         d="M 27.882376,75.746856 C 32.065415,74.206702 33.389047,74.781014 34.949531,76.633878 L 65.088465,277.78657 L 56.641394,273.5449 L 27.882376,75.746856 z "
-         sodipodi:nodetypes="ccccc"
-         id="path2180"
-         style="fill:#1a1a1a;fill-rule:evenodd;stroke:#333333;stroke-width:0.81824058;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         id="path13298"
-         sodipodi:nodetypes="ccccc"
-         d="M 92.828627,259.35202 L 230.90672,174.71526 C 232.64824,175.78414 234.17161,176.98389 234.23083,179.06216 L 96.66413,263.82678 C 96.420949,261.86067 95.117349,260.38059 92.828627,259.35202 z "
-         style="fill:#808080;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
-      <path
-         transform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-         id="path14269"
-         sodipodi:nodetypes="ccccc"
-         d="M 166.43526,236.83511 L 228.92582,195.64614 L 229.45615,196.53002 L 168.02625,238.24933 L 166.43526,236.83511 z "
-         style="opacity:0.67000002;fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter16257)" />
-      <path
-         transform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-         d="M 114.5513,270.06913 L 130.10765,259.99286 L 130.63798,260.87674 L 116.14229,271.48335 L 114.5513,270.06913 z "
-         sodipodi:nodetypes="ccccc"
-         id="path16261"
-         style="opacity:0.67000002;fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter16257)" />
-      <path
-         transform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-         d="M 114.5513,270.06913 L 130.10765,259.99286 L 130.63798,260.87674 L 116.14229,271.48335 L 114.5513,270.06913 z "
-         sodipodi:nodetypes="ccccc"
-         id="path16263"
-         style="opacity:0.67000002;fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter16257)" />
-      <path
-         transform="matrix(1.0228007,0,0,1.0228007,-6.1273429,-1.9735657)"
-         d="M 166.43526,236.83511 L 228.92582,195.64614 L 229.45615,196.53002 L 168.02625,238.24933 L 166.43526,236.83511 z "
-         sodipodi:nodetypes="ccccc"
-         id="path16267"
-         style="opacity:0.67000002;fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;filter:url(#filter16257)" />
-      <path
-         d="M 104.05869,273.38134 C 106.59601,271.03005 113.13546,275.43531 112.49482,278.36804 L 104.05869,273.38134 z "
-         sodipodi:nodetypes="ccc"
-         id="path16269"
-         style="opacity:0.99720004;fill:#666666;fill-rule:evenodd;stroke:#000000;stroke-width:0.20456015;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-      <path
-         sodipodi:nodetypes="ccsccccc"
-         id="path25800"
-         d="M 304.06894,248.1971 C 302.1656,248.29093 300.4498,248.80189 299.33849,249.7313 C 299.33849,249.7313 260.56796,282.17326 260.56795,282.17326 C 257.93245,284.37739 258.86046,287.65621 262.70943,289.52464 C 262.70943,289.52464 267.73895,291.93253 272.68174,294.28706 C 306.66914,288.15442 283.9982,253.02759 313.94536,251.0098 C 312.61326,250.41591 309.88612,249.2199 309.88612,249.2199 C 308.06831,248.43649 305.97228,248.10326 304.06894,248.1971 z "
-         style="fill:url(#linearGradient2490);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.9527356;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
-    </g>
-  </g>
-</svg>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg b/wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg
deleted file mode 100644
index b3abf0a288d8..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg
+++ /dev/null
@@ -1,256 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   version="1.0"
-   width="128"
-   height="128"
-   id="svg2"
-   sodipodi:version="0.32"
-   inkscape:version="0.46"
-   sodipodi:docname="wpa_gui.svg"
-   inkscape:output_extension="org.inkscape.output.svg.inkscape">
-  <metadata
-     id="metadata47">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <sodipodi:namedview
-     inkscape:window-height="771"
-     inkscape:window-width="640"
-     inkscape:pageshadow="2"
-     inkscape:pageopacity="0.0"
-     guidetolerance="10.0"
-     gridtolerance="10.0"
-     objecttolerance="10.0"
-     borderopacity="1.0"
-     bordercolor="#666666"
-     pagecolor="#ffffff"
-     id="base"
-     showgrid="false"
-     inkscape:zoom="4.2421875"
-     inkscape:cx="64"
-     inkscape:cy="64"
-     inkscape:window-x="634"
-     inkscape:window-y="0"
-     inkscape:current-layer="svg2" />
-  <defs
-     id="defs4">
-    <inkscape:perspective
-       sodipodi:type="inkscape:persp3d"
-       inkscape:vp_x="0 : 64 : 1"
-       inkscape:vp_y="0 : 1000 : 0"
-       inkscape:vp_z="128 : 64 : 1"
-       inkscape:persp3d-origin="64 : 42.666667 : 1"
-       id="perspective49" />
-    <linearGradient
-       id="linearGradient39133">
-      <stop
-         id="stop39135"
-         style="stop-color:#252525;stop-opacity:1"
-         offset="0" />
-      <stop
-         id="stop39137"
-         style="stop-color:#515151;stop-opacity:1"
-         offset="0" />
-      <stop
-         id="stop39139"
-         style="stop-color:#878787;stop-opacity:1"
-         offset="0.28677997" />
-      <stop
-         id="stop39141"
-         style="stop-color:#000000;stop-opacity:1"
-         offset="0.92151743" />
-      <stop
-         id="stop39143"
-         style="stop-color:#ffffff;stop-opacity:0.73786408"
-         offset="1" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient39119">
-      <stop
-         id="stop39121"
-         style="stop-color:#ffffff;stop-opacity:0.82905984"
-         offset="0" />
-      <stop
-         id="stop39123"
-         style="stop-color:#ffffff;stop-opacity:0"
-         offset="1" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient39106">
-      <stop
-         id="stop39108"
-         style="stop-color:#ffffff;stop-opacity:1"
-         offset="0" />
-      <stop
-         id="stop39110"
-         style="stop-color:#a8a8a8;stop-opacity:0"
-         offset="1" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient39094">
-      <stop
-         id="stop39096"
-         style="stop-color:#000000;stop-opacity:1"
-         offset="0" />
-      <stop
-         id="stop39098"
-         style="stop-color:#333333;stop-opacity:1"
-         offset="1" />
-    </linearGradient>
-    <linearGradient
-       id="linearGradient39062">
-      <stop
-         id="stop39064"
-         style="stop-color:#252525;stop-opacity:1"
-         offset="0" />
-      <stop
-         id="stop39086"
-         style="stop-color:#515151;stop-opacity:1"
-         offset="0.21101321" />
-      <stop
-         id="stop39088"
-         style="stop-color:#878787;stop-opacity:1"
-         offset="0.75" />
-      <stop
-         id="stop39090"
-         style="stop-color:#6c6c6c;stop-opacity:1"
-         offset="0.875" />
-      <stop
-         id="stop39066"
-         style="stop-color:#1e1e1e;stop-opacity:1"
-         offset="1" />
-    </linearGradient>
-    <linearGradient
-       x1="4"
-       y1="40"
-       x2="124"
-       y2="60"
-       id="linearGradient39068"
-       xlink:href="#linearGradient39062"
-       gradientUnits="userSpaceOnUse" />
-    <radialGradient
-       cx="100.70589"
-       cy="96"
-       r="60"
-       fx="158.07428"
-       fy="95.718063"
-       id="radialGradient39100"
-       xlink:href="#linearGradient39094"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(2.7837903e-8,-1,0.99999999,-2.1864248e-6,-32.000004,164.7061)" />
-    <radialGradient
-       cx="100.44444"
-       cy="34.363636"
-       r="32"
-       fx="83.18"
-       fy="34.228985"
-       id="radialGradient39104"
-       xlink:href="#linearGradient39106"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(3.1472435e-6,1.0227273,-0.87499999,-9.5061964e-8,94.067865,-4.7272712)" />
-    <radialGradient
-       cx="75.999977"
-       cy="-2.7730541"
-       r="48"
-       fx="55.266491"
-       fy="-2.5338216"
-       id="radialGradient39125"
-       xlink:href="#linearGradient39119"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(0,0.83333324,-1.6666667,2.518705e-6,59.378243,-35.333302)" />
-    <radialGradient
-       cx="64.066589"
-       cy="63.713329"
-       r="60"
-       fx="64.066589"
-       fy="63.713329"
-       id="radialGradient39131"
-       xlink:href="#linearGradient39133"
-       gradientUnits="userSpaceOnUse"
-       gradientTransform="matrix(1.1333333,5.1768857e-8,5.2556881e-6,1.1666667,-8.6091298,-10.332226)" />
-    <filter
-       id="filter39153">
-      <feGaussianBlur
-         id="feGaussianBlur39155"
-         stdDeviation="2.28"
-         inkscape:collect="always" />
-    </filter>
-    <filter
-       id="filter39159">
-      <feGaussianBlur
-         inkscape:collect="always"
-         stdDeviation="1.68"
-         id="feGaussianBlur39161" />
-    </filter>
-  </defs>
-  <g
-     id="layer1"
-     style="display:inline">
-    <path
-       d="M 29,4 C 15.147058,4 4,15.14706 4,29 l 0,70 c 0,13.85294 11.147058,25 25,25 l 70,0 c 13.85294,0 25,-11.14706 25,-25 l 0,-70 C 124,15.14706 112.85294,4 99,4 L 29,4 z"
-       id="path39151"
-       style="opacity:1;fill:#000000;fill-opacity:1;stroke:none;filter:url(#filter39153)" />
-    <path
-       d="M 29,4 C 15.147058,4 4,15.14706 4,29 l 0,70 c 0,13.85294 11.147058,25 25,25 l 70,0 c 13.85294,0 25,-11.14706 25,-25 l 0,-70 C 124,15.14706 112.85294,4 99,4 L 29,4 z"
-       id="path39157"
-       style="opacity:1;fill:#000000;fill-opacity:1;stroke:none;filter:url(#filter39159)" />
-    <rect
-       width="120"
-       height="120"
-       ry="25.00531"
-       x="4"
-       y="0"
-       id="rect2573"
-       style="opacity:1;fill:url(#radialGradient39100);fill-opacity:1;stroke:none" />
-    <path
-       d="M 29,0 C 15.147058,0 4,11.14706 4,25 l 0,70 c 0,13.85294 11.147058,25 25,25 l 70,0 c 13.85294,0 25,-11.14706 25,-25 l 0,-70 C 124,11.14706 112.85294,0 99,0 L 29,0 z"
-       id="path39127"
-       style="opacity:0.20512821;fill:url(#radialGradient39131);fill-opacity:1;stroke:none" />
-    <path
-       d="m 44,68 40,0 12,40 c -20,7.27273 -44,7.27273 -64,0 L 44,68 z"
-       id="path39102"
-       style="opacity:0.53418801;fill:url(#radialGradient39104);fill-opacity:1;stroke:none" />
-    <path
-       d="M 25.339207,12 C 52,8 76,8 102.66079,12 107.83471,12 112,16.165286 112,21.339207 L 116,52 C 100,73.339207 28,73.339207 12,52 L 16,21.339207 C 16,16.165286 20.165286,12 25.339207,12 z"
-       id="rect39116"
-       style="opacity:0.92307691;fill:url(#radialGradient39125);fill-opacity:1;stroke:none" />
-    <path
-       d="M 29,8 C 15.147058,8 4,19.14706 4,33 l 0,70 c 0,13.85294 11.147058,25 25,25 l 70,0 c 13.85294,0 25,-11.14706 25,-25 l 0,-70 C 124,19.14706 112.85294,8 99,8 L 29,8 z"
-       id="path39147"
-       style="opacity:0.20512821;fill:#000000;fill-opacity:1;stroke:none" />
-    <path
-       d="M 29,0 C 15.147058,0 4,11.147058 4,25 l 0,70 c 0,13.85294 11.147058,25 25,25 l 70,0 c 13.85294,0 25,-11.14706 25,-25 l 0,-70 C 124,11.147058 112.85294,0 99,0 L 29,0 z m 0,4 70,0 c 11.70613,0 21,9.293869 21,21 l 0,70 c 0,11.70613 -9.29387,21 -21,21 l -70,0 C 17.293869,116 8,106.70613 8,95 L 8,25 C 8,13.293869 17.293869,4 29,4 z"
-       id="rect39029"
-       style="opacity:1;fill:url(#linearGradient39068);fill-opacity:1;stroke:none" />
-    <path
-       d="M 66.35081,74.771345 A 36,36 0 1 1 54.34964,35.777782"
-       transform="matrix(-0.16680323,0.53082142,-0.53082142,-0.16680323,103.31027,53.117897)"
-       id="path3351"
-       style="opacity:1;fill:none;stroke:#ffffff;stroke-width:21.56673813;stroke-linecap:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
-    <path
-       d="m 36,56 a 4,4 0 1 1 -8,0 4,4 0 1 1 8,0 z"
-       transform="matrix(1.4851301,0,0,1.4851301,16.475837,-23.948973)"
-       id="path3353"
-       style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none" />
-    <path
-       d="M 66.35081,74.771345 A 36,36 0 1 1 54.34964,35.777782"
-       transform="matrix(-0.35033273,1.1148712,-1.1148712,-0.35033273,146.5624,46.88078)"
-       id="path2622"
-       style="opacity:1;fill:none;stroke:#ffffff;stroke-width:10.26852894;stroke-linecap:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
-  </g>
-</svg>
diff --git a/wpa_supplicant/wpa_gui-qt4/icons_png.qrc b/wpa_supplicant/wpa_gui-qt4/icons_png.qrc
deleted file mode 100644
index 9a30b7f560ba..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/icons_png.qrc
+++ /dev/null
@@ -1,9 +0,0 @@
-<RCC>
- <qresource prefix="/icons" >
-  <file alias="wpa_gui.png">icons/hicolor/16x16/apps/wpa_gui.png</file>
-  <file alias="ap.png">icons/hicolor/32x32/apps/ap.png</file>
-  <file alias="laptop.png">icons/hicolor/32x32/apps/laptop.png</file>
-  <file alias="group.png">icons/hicolor/32x32/apps/group.png</file>
-  <file alias="invitation.png">icons/hicolor/32x32/apps/invitation.png</file>
- </qresource>
-</RCC>
diff --git a/wpa_supplicant/wpa_gui-qt4/lang/.gitignore b/wpa_supplicant/wpa_gui-qt4/lang/.gitignore
deleted file mode 100644
index 8df47d550c7d..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/lang/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-*.qm
diff --git a/wpa_supplicant/wpa_gui-qt4/lang/wpa_gui_de.ts b/wpa_supplicant/wpa_gui-qt4/lang/wpa_gui_de.ts
deleted file mode 100644
index d7a9c89fa18a..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/lang/wpa_gui_de.ts
+++ /dev/null
@@ -1,1262 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE TS>
-<TS version="2.0" language="de_DE" sourcelanguage="en_US">
-<context>
-    <name>AddInterface</name>
-    <message>
-        <location filename="../addinterface.cpp" line="38"/>
-        <source>Select network interface to add</source>
-        <translation>Wähle die Netzwerkschnittstelle zum hinzufügen aus</translation>
-    </message>
-    <message>
-        <location filename="../addinterface.cpp" line="47"/>
-        <source>driver</source>
-        <translation>Treiber</translation>
-    </message>
-    <message>
-        <location filename="../addinterface.cpp" line="48"/>
-        <source>interface</source>
-        <translation>Schnittstelle</translation>
-    </message>
-    <message>
-        <location filename="../addinterface.cpp" line="49"/>
-        <source>description</source>
-        <translation>Beschreibung</translation>
-    </message>
-    <message>
-        <location filename="../addinterface.cpp" line="221"/>
-        <source>Add interface command could not be completed.</source>
-        <translation>Das Schnittstellen hinzufügen Kommando konnte nicht abgeschlossen werden.</translation>
-    </message>
-    <message>
-        <location filename="../addinterface.cpp" line="229"/>
-        <source>Failed to add the interface.</source>
-        <translation>Fehler beim hinzufügen der Schnittstelle.</translation>
-    </message>
-    <message>
-        <location filename="../addinterface.cpp" line="238"/>
-        <source>Failed to add the interface into registry.</source>
-        <translation>Fehler beim hinzufügen der Schnittstelle in die Registry.</translation>
-    </message>
-</context>
-<context>
-    <name>ErrorMsg</name>
-    <message>
-        <location filename="../wpagui.cpp" line="1621"/>
-        <source>wpa_gui error</source>
-        <translation>wpa_gui Fehler</translation>
-    </message>
-</context>
-<context>
-    <name>EventHistory</name>
-    <message>
-        <location filename="../eventhistory.ui" line="13"/>
-        <source>Event history</source>
-        <translation>Ereignis Historie</translation>
-    </message>
-    <message>
-        <location filename="../eventhistory.ui" line="48"/>
-        <source>Close</source>
-        <translation>Schließen</translation>
-    </message>
-</context>
-<context>
-    <name>EventListModel</name>
-    <message>
-        <location filename="../eventhistory.cpp" line="62"/>
-        <source>Timestamp</source>
-        <translation>Zeit</translation>
-    </message>
-    <message>
-        <location filename="../eventhistory.cpp" line="64"/>
-        <source>Message</source>
-        <translation>Meldung</translation>
-    </message>
-</context>
-<context>
-    <name>NetworkConfig</name>
-    <message>
-        <location filename="../networkconfig.ui" line="13"/>
-        <source>NetworkConfig</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="19"/>
-        <source>Cancel</source>
-        <translation>Abbrechen</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="35"/>
-        <source>SSID</source>
-        <translation>SSID</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="42"/>
-        <source>Network name (Service Set IDentifier)</source>
-        <translation>Netzwerkname (Service Set IDentifier)</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="52"/>
-        <source>Authentication</source>
-        <translation>Authentifizierung</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="60"/>
-        <source>Plaintext (open / no authentication)</source>
-        <translation>Plaintext (offen / keine Authentifizierung)</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="65"/>
-        <source>Static WEP (no authentication)</source>
-        <translation>Static WEP (keine Authentifizierung)</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="70"/>
-        <source>Static WEP (Shared Key authentication)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="75"/>
-        <source>IEEE 802.1X</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="80"/>
-        <source>WPA-Personal (PSK)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="85"/>
-        <source>WPA-Enterprise (EAP)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="90"/>
-        <source>WPA2-Personal (PSK)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="95"/>
-        <source>WPA2-Enterprise (EAP)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="103"/>
-        <source>Encryption</source>
-        <translation>Verschlüsselung</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="111"/>
-        <source>None</source>
-        <translation>Keine</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="116"/>
-        <source>WEP</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="121"/>
-        <source>TKIP</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="126"/>
-        <source>CCMP</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="134"/>
-        <source>PSK</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="144"/>
-        <source>WPA/WPA2 pre-shared key or passphrase</source>
-        <translation>WPA/WPA2 Pre-Shared Key oder Passphrase</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="157"/>
-        <source>EAP method</source>
-        <translation>EAP Verfahren</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="171"/>
-        <source>Identity</source>
-        <translation>Identität</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="181"/>
-        <source>Username/Identity for EAP methods</source>
-        <translation>Nutzername/Identitär für die EAP Verfahren</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="188"/>
-        <source>Password</source>
-        <translation>Passwort</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="198"/>
-        <source>Password for EAP methods</source>
-        <translation>Passwort für die EAP Verfahren</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="208"/>
-        <source>CA certificate</source>
-        <translation>CA Zertifikat</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="225"/>
-        <source>WEP keys</source>
-        <translation>WEP Schlüssel</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="234"/>
-        <source>key 0</source>
-        <translation>Schlüssel 0</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="244"/>
-        <source>key 1</source>
-        <translation>Schlüssel 1</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="254"/>
-        <source>key 3</source>
-        <translation>Schlüssel 3</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="264"/>
-        <source>key 2</source>
-        <translation>Schlüssel 2</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="305"/>
-        <source>Optional Settings</source>
-        <translation>Optionale Einstellungen</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="311"/>
-        <source>Network Identification String</source>
-        <translation>Netzwerk Indentifikations Zeichenfolge</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="318"/>
-        <source>Network Priority</source>
-        <translation>Netzwerk Priorität</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="331"/>
-        <source>IDString</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="338"/>
-        <source>Priority</source>
-        <translation>Priorität</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="345"/>
-        <source>Inner auth</source>
-        <translation>Geheime Auth</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="365"/>
-        <source>Add</source>
-        <translation>Hinzufügen</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="375"/>
-        <source>Remove</source>
-        <translation>Entfernen</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.ui" line="398"/>
-        <source>WPS</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="202"/>
-        <source>WPA Pre-Shared Key Error</source>
-        <translation>WPA Pre Shared Key Fehler</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="203"/>
-        <source>WPA-PSK requires a passphrase of 8 to 63 characters
-or 64 hex digit PSK</source>
-        <translation>WPA PSK benötigt ein Passphrase mit 8 bis 63 Zeichen
-oder 64 hexadezimal stelligen PSK</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="215"/>
-        <source>Network ID Error</source>
-        <translation>Netzwerk ID Fehler</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="216"/>
-        <source>Network ID String contains non-word characters.
-It must be a simple string, without spaces, containing
-only characters in this range: [A-Za-z0-9_-]
-</source>
-        <translation>Netzwerk ID Zeichnfolge beinhaltet ungültige Zeichen.
-Es muss eine einfache Zeichnfolge aus [A-Za-z0-9_] ohne
-Leerzeichen sein
-</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="237"/>
-        <source>Failed to add network to wpa_supplicant
-configuration.</source>
-        <translation>Hinzufügen des Netzwerks in die wpa_supplicant
-Konfiguration fehlgeschlagen.</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="414"/>
-        <source>Failed to enable network in wpa_supplicant
-configuration.</source>
-        <translation>Aktivieren des Netzwerks in der wpa_supplicant
-Konfiguration fehlgeschlagen.</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="802"/>
-        <source>This will permanently remove the network
-from the configuration. Do you really want
-to remove this network?</source>
-        <translation>Dies wird das Netzwerk permanent aus
-der Konfiguration entfernen. Möchtest du
-das Netzwerk wirklich entfernen?</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="805"/>
-        <source>Yes</source>
-        <translation>Ja</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="805"/>
-        <source>No</source>
-        <translation>Nein</translation>
-    </message>
-    <message>
-        <location filename="../networkconfig.cpp" line="813"/>
-        <source>Failed to remove network from wpa_supplicant
-configuration.</source>
-        <translation>Entfernen des Netzwerks aus der wpa_supplicant
-Konfiguration fehlgeschlagen.</translation>
-    </message>
-</context>
-<context>
-    <name>Peers</name>
-    <message>
-        <location filename="../peers.ui" line="14"/>
-        <source>Peers</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="107"/>
-        <source>Associated station</source>
-        <translation>Verbundene Stationen</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="110"/>
-        <source>AP</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="113"/>
-        <source>WPS AP</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="116"/>
-        <source>WPS PIN needed</source>
-        <translation>WPS PIN wird benötigt</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="119"/>
-        <source>ER: WPS AP</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="122"/>
-        <source>ER: WPS AP (Unconfigured)</source>
-        <translation>ER: WPS AP (nicht konfiguriert)</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="125"/>
-        <source>ER: WPS Enrollee</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="128"/>
-        <source>WPS Enrollee</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="159"/>
-        <source>Enter WPS PIN</source>
-        <translation>WPS PIN Eingabe</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="164"/>
-        <source>Connect (PBC)</source>
-        <translation>Verbinden (PBC)</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="172"/>
-        <source>Enroll (PBC)</source>
-        <translation>Anmelden (PBC)</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="177"/>
-        <source>Learn Configuration</source>
-        <translation>Konfiguration lernen</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="181"/>
-        <source>Properties</source>
-        <translation>Eigenschaften</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="184"/>
-        <source>Refresh</source>
-        <translation>Aktualisieren</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="205"/>
-        <source>PIN:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="206"/>
-        <source>PIN for </source>
-        <translation>Pin für </translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="227"/>
-        <source>Failed to set the WPS PIN.</source>
-        <translation>Setzten des WPS PIN fehlgeschlagen.</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="815"/>
-        <source>Peer Properties</source>
-        <translation>Peer Eigenschaften</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="820"/>
-        <source>Name: </source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="827"/>
-        <source>Address: </source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="831"/>
-        <source>UUID: </source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="835"/>
-        <source>Primary Device Type: </source>
-        <translation>Primärer Geräte Typ: </translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="840"/>
-        <source>SSID: </source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="845"/>
-        <source>Configuration Methods: </source>
-        <translation>Konfigurationsverfahren: </translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="847"/>
-        <source>[USBA]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="849"/>
-        <source>[Ethernet]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="851"/>
-        <source>[Label]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="853"/>
-        <source>[Display]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="855"/>
-        <source>[Ext. NFC Token]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="857"/>
-        <source>[Int. NFC Token]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="859"/>
-        <source>[NFC Interface]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="861"/>
-        <source>[Push Button]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="863"/>
-        <source>[Keypad]</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="869"/>
-        <source>Device Password ID: </source>
-        <translation>Geräte Passwort ID: </translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="872"/>
-        <source> (Default PIN)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="875"/>
-        <source> (User-specified PIN)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="878"/>
-        <source> (Machine-specified PIN)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="881"/>
-        <source> (Rekey)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="884"/>
-        <source> (Push Button)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="887"/>
-        <source> (Registrar-specified)</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="924"/>
-        <source>Failed to start WPS PBC.</source>
-        <translation>Starten von WPS PBC fehlgeschlagen.</translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="937"/>
-        <source>AP PIN:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="938"/>
-        <source>AP PIN for </source>
-        <translation>AP PIN für </translation>
-    </message>
-    <message>
-        <location filename="../peers.cpp" line="953"/>
-        <source>Failed to start learning AP configuration.</source>
-        <translation>Fehler beim erkennen der AP Konfiguration.</translation>
-    </message>
-</context>
-<context>
-    <name>ScanResults</name>
-    <message>
-        <location filename="../scanresults.ui" line="13"/>
-        <source>Scan results</source>
-        <translation>Scan Ergebnisse</translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="32"/>
-        <source>SSID</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="37"/>
-        <source>BSSID</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="42"/>
-        <source>frequency</source>
-        <translation>Frequenz</translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="47"/>
-        <source>signal</source>
-        <translation>Signal</translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="52"/>
-        <source>flags</source>
-        <translation>Flags</translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="75"/>
-        <source>Scan</source>
-        <translation>Scannen</translation>
-    </message>
-    <message>
-        <location filename="../scanresults.ui" line="82"/>
-        <source>Close</source>
-        <translation>Schließen</translation>
-    </message>
-</context>
-<context>
-    <name>UserDataRequest</name>
-    <message>
-        <location filename="../userdatarequest.ui" line="16"/>
-        <source>Authentication credentials required</source>
-        <translation>Authentifzierungs Beglaubigung nötig</translation>
-    </message>
-    <message>
-        <location filename="../userdatarequest.ui" line="77"/>
-        <source>&amp;OK</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../userdatarequest.ui" line="93"/>
-        <source>&amp;Cancel</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../userdatarequest.cpp" line="67"/>
-        <source>Password: </source>
-        <translation>Passwort: </translation>
-    </message>
-    <message>
-        <location filename="../userdatarequest.cpp" line="70"/>
-        <source>New password: </source>
-        <translation>Neues Passwort: </translation>
-    </message>
-    <message>
-        <location filename="../userdatarequest.cpp" line="73"/>
-        <source>Identity: </source>
-        <translation>Identität: </translation>
-    </message>
-    <message>
-        <location filename="../userdatarequest.cpp" line="75"/>
-        <source>Private key passphrase: </source>
-        <translation>Privater Key Passphrase: </translation>
-    </message>
-</context>
-<context>
-    <name>WpaGui</name>
-    <message>
-        <location filename="../wpagui.ui" line="13"/>
-        <source>wpa_gui</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="24"/>
-        <source>Adapter:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="34"/>
-        <source>Network:</source>
-        <translation>Netzwerk:</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="48"/>
-        <source>Current Status</source>
-        <translation>Aktueller Status</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="63"/>
-        <location filename="../wpagui.ui" line="300"/>
-        <source>Status:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="70"/>
-        <source>Last message:</source>
-        <translation>Letzte Meldung:</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="77"/>
-        <source>Authentication:</source>
-        <translation>Authentifizierung:</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="84"/>
-        <source>Encryption:</source>
-        <translation>Verschlüsselung:</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="91"/>
-        <source>SSID:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="98"/>
-        <source>BSSID:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="105"/>
-        <source>IP address:</source>
-        <translation>IP Adresse:</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="177"/>
-        <source>Connect</source>
-        <translation>Verbinden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="184"/>
-        <source>Disconnect</source>
-        <translation>Trennen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="191"/>
-        <location filename="../wpagui.ui" line="286"/>
-        <source>Scan</source>
-        <translation>Scannen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="212"/>
-        <source>Manage Networks</source>
-        <translation>Netzwerke verwalten</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="238"/>
-        <source>Enabled</source>
-        <translation>Aktiviert</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="245"/>
-        <source>Edit</source>
-        <translation>Bearbeiten</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="252"/>
-        <source>Remove</source>
-        <translation>Entfernen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="272"/>
-        <source>Disabled</source>
-        <translation>Deaktiviert</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="279"/>
-        <source>Add</source>
-        <translation>Hinzufügen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="294"/>
-        <source>WPS</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="314"/>
-        <source>PBC - push button</source>
-        <translation>PBC - Taste</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="321"/>
-        <source>Generate PIN</source>
-        <translation>PIN erzeugen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="328"/>
-        <source>PIN:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="348"/>
-        <source>Use AP PIN</source>
-        <translation>AP PIN verwenden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="355"/>
-        <source>AP PIN:</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="390"/>
-        <source>&amp;File</source>
-        <translation>&amp;Datei</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="401"/>
-        <source>&amp;Network</source>
-        <translation>&amp;Netzwerk</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="413"/>
-        <source>&amp;Help</source>
-        <translation>&amp;Hilfe</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="426"/>
-        <source>Event &amp;History</source>
-        <translation>Ereignis &amp;Historie</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="431"/>
-        <source>&amp;Save Configuration</source>
-        <translation>Konfiguration &amp;Speichern</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="434"/>
-        <source>Ctrl+S</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="439"/>
-        <source>E&amp;xit</source>
-        <translation>&amp;Beenden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="442"/>
-        <source>Ctrl+Q</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="447"/>
-        <source>&amp;Add</source>
-        <translation>&amp;Hinzufügen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="452"/>
-        <source>&amp;Edit</source>
-        <translation>&amp;Bearbeiten</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="457"/>
-        <source>&amp;Remove</source>
-        <translation>&amp;Entfernen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="462"/>
-        <source>E&amp;nable All</source>
-        <translation>Alle &amp;aktivieren</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="467"/>
-        <source>&amp;Disable All</source>
-        <translation>Alle &amp;deaktivieren</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="472"/>
-        <source>Re&amp;move All</source>
-        <translation>Alle &amp;entfernen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="480"/>
-        <source>&amp;Contents...</source>
-        <translation>&amp;Inhalt...</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="488"/>
-        <source>&amp;Index...</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="493"/>
-        <source>&amp;About</source>
-        <translation>&amp;Ãœber</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="501"/>
-        <source>&amp;Wi-Fi Protected Setup</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.ui" line="506"/>
-        <source>&amp;Peers</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="53"/>
-        <source>Stop Service</source>
-        <translation>Dienst stoppen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="58"/>
-        <source>Start Service</source>
-        <translation>Dienst starten</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="67"/>
-        <source>Add Interface</source>
-        <translation>Schnittstelle hinzufügen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="167"/>
-        <source>connecting to wpa_supplicant</source>
-        <translation>Verbindungsaufbau zu wpa_supplicant</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="343"/>
-        <source>wpa_supplicant service is not running.
-Do you want to start it?</source>
-        <translation>wpa_supplicant ist nicht gestartet.
-Möchtest du ihn starten?</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="466"/>
-        <source>Disconnected</source>
-        <translation>Getrennt</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="468"/>
-        <source>Inactive</source>
-        <translation>Inaktiv</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="470"/>
-        <source>Scanning</source>
-        <translation>Scannen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="472"/>
-        <source>Authenticating</source>
-        <translation>Authentifizieren</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="474"/>
-        <source>Associating</source>
-        <translation>Assoziieren</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="476"/>
-        <source>Associated</source>
-        <translation>Assoziiert</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="478"/>
-        <source>4-Way Handshake</source>
-        <translation>4-Wege Handshake</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="480"/>
-        <source>Group Handshake</source>
-        <translation>Gruppen Handshake</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="482"/>
-        <source>Completed</source>
-        <translation>Abgeschlossen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="484"/>
-        <source>Unknown</source>
-        <translation>Unbekannt</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="497"/>
-        <source>Could not get status from wpa_supplicant</source>
-        <translation>Status konnte nicht von wpa_supplicant abgerufen werden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="512"/>
-        <source>No network interfaces in use.
-Would you like to add one?</source>
-        <translation>Es ist keine Netzwerkschnittstelle in verwendung.
-Möchtest du eine hinzufügen?</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="682"/>
-        <location filename="../wpagui.cpp" line="974"/>
-        <location filename="../wpagui.cpp" line="1039"/>
-        <location filename="../wpagui.cpp" line="1117"/>
-        <source>Select any network</source>
-        <translation>Wähle beliebiges Netzwerk</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="883"/>
-        <source>Disconnected from network.</source>
-        <translation>Getrennt vom Netzwerk.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="886"/>
-        <source>Connection to network established.</source>
-        <translation>Verbindung zum Netzwerk wurde aufgebaut.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="890"/>
-        <location filename="../wpagui.cpp" line="1523"/>
-        <source>WPS AP in active PBC mode found</source>
-        <translation>WPS AP im aktiven PBC Modus gefunden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="894"/>
-        <source>Press the PBC button on the screen to start registration</source>
-        <translation>Drücke den PBC Knopf auf dem Bildschirm um die Registrierung zu starten</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="897"/>
-        <source>WPS AP with recently selected registrar</source>
-        <translation>WPS AP mit kürzlich ausgewähltem Registrator</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="903"/>
-        <source>WPS AP detected</source>
-        <translation>WPS AP erkannt</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="905"/>
-        <source>PBC mode overlap detected</source>
-        <translation>PBC Modus Overlap erkannt</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="906"/>
-        <source>More than one AP is currently in active WPS PBC mode. Wait couple of minutes and try again</source>
-        <translation>Mehr als ein AP ist momentan im aktiven WPS PBC Modus. Versuch es in ein paar Minuten nochmal</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="911"/>
-        <source>Network configuration received</source>
-        <translation>Netzwerk Konfiguration empfangen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="915"/>
-        <source>Registration started</source>
-        <translation>Registrierung gestartet</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="917"/>
-        <source>Registrar does not yet know PIN</source>
-        <translation>Registrator kennt den PIN noch nicht</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="919"/>
-        <source>Registration failed</source>
-        <translation>Registrierung fehlgeschlagen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="921"/>
-        <source>Registration succeeded</source>
-        <translation>Registrierung erfolgreich</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1069"/>
-        <location filename="../wpagui.cpp" line="1138"/>
-        <source>No Networks</source>
-        <translation>Keine Netzwerke</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1070"/>
-        <source>There are no networks to edit.
-</source>
-        <translation>Keine Netzwerke zum bearbeiten.
-</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1081"/>
-        <location filename="../wpagui.cpp" line="1151"/>
-        <source>Select A Network</source>
-        <translation>Wähle ein Netzwerk</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1082"/>
-        <source>Select a network from the list to edit it.
-</source>
-        <translation>Wähle ein Netzwerk aus der Liste zum bearbeiten.
-</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1139"/>
-        <source>There are no networks to remove.
-</source>
-        <translation>Es sind keine Netzwerke zum entfernen vorhanden.
-</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1152"/>
-        <source>Select a network from the list to remove it.
-</source>
-        <translation>Wähle ein Netzwerk aus der Liste zum entfernen.
-</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1264"/>
-        <source>Failed to save configuration</source>
-        <translation>Speichern der Konfiguration fehlgeschlagen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1265"/>
-        <source>The configuration could not be saved.
-
-The update_config=1 configuration option
-must be used for configuration saving to
-be permitted.
-</source>
-        <translation>Die Konfiguration konnte nicht gespeichert werden.
-
-Die Einstellung update_config=1 muss gesetzt sein,
-damit Konfigurationen gespeichert werden können.
-</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1272"/>
-        <source>Saved configuration</source>
-        <translation>Konfiguration gespeichert</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1273"/>
-        <source>The current configuration was saved.
-</source>
-        <translation>Die aktuelle Konfiguration wurde gespeichert.
-</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1293"/>
-        <source> - wpa_supplicant user interface</source>
-        <translation> - wpa_supplicant Benutzerschnittstelle</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1307"/>
-        <source>&amp;Disconnect</source>
-        <translation>&amp;Trennen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1308"/>
-        <source>Re&amp;connect</source>
-        <translation>&amp;Wiederverbinden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1317"/>
-        <source>&amp;Event History</source>
-        <translation>&amp;Ereignis Historie</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1318"/>
-        <source>Scan &amp;Results</source>
-        <translation>Scan E&amp;rgebnisse</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1319"/>
-        <source>S&amp;tatus</source>
-        <translation></translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1328"/>
-        <source>&amp;Show Window</source>
-        <translation>&amp;Fenster anzeigen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1329"/>
-        <source>&amp;Hide Window</source>
-        <translation>&amp;Fenster ausblenden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1330"/>
-        <source>&amp;Quit</source>
-        <translation>&amp;Beenden</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1462"/>
-        <source> will keep running in the system tray.</source>
-        <translation> wird weiterhin in der System Ablage laufen.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1466"/>
-        <source> systray</source>
-        <translation>System Ablage</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1467"/>
-        <source>The program will keep running in the system tray.</source>
-        <translation>Das Programm wird weiterhin in der System Ablage laufen.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1524"/>
-        <source>Press the push button on the AP to start the PBC mode.</source>
-        <translation>Drücke die Taste am AP um den PBC Modus zu starten.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1527"/>
-        <source>If you have not yet done so, press the push button on the AP to start the PBC mode.</source>
-        <translation>Wenn Sie es noch nicht getan haben, so drücken Sie die Taste am AP um den PBC Modus zu starten.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1531"/>
-        <location filename="../wpagui.cpp" line="1551"/>
-        <source>Waiting for Registrar</source>
-        <translation>Warte auf Registrator</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1548"/>
-        <source>Enter the generated PIN into the Registrar (either the internal one in the AP or an external one).</source>
-        <translation>Geben Sie den generierten PIN in der Registrierungsstelle ein (entweder der interne oder der externe im AP).</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1561"/>
-        <source>WPS AP selected from scan results</source>
-        <translation>WPS AP ausgewählt aus Scan Ergebnissen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1562"/>
-        <source>If you want to use an AP device PIN, e.g., from a label in the device, enter the eight digit AP PIN and click Use AP PIN button.</source>
-        <translation>Wenn Sie einen AP Geräte PIN verwenden möchten, z.B.: von einem Aufkleber am Gerät, geben Sie denn acht stelligen AP PIN ein und klicken Sie auf den AP PIN Knopf.</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1583"/>
-        <source>Waiting for AP/Enrollee</source>
-        <translation>Warte auf AP/Bewerber</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1591"/>
-        <source>Connected to the network</source>
-        <translation>Verbunden zum Netzwerk</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1592"/>
-        <source>Stopped</source>
-        <translation>Gestoppt</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1651"/>
-        <location filename="../wpagui.cpp" line="1679"/>
-        <source>OpenSCManager failed</source>
-        <translation>OpenSCManager fehlgeschlagen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1657"/>
-        <location filename="../wpagui.cpp" line="1685"/>
-        <source>OpenService failed</source>
-        <translation>OpenService fehlgeschlagen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1663"/>
-        <source>Failed to start wpa_supplicant service</source>
-        <translation>Starten des wpa_supplicant Dienstes fehlgeschlagen</translation>
-    </message>
-    <message>
-        <location filename="../wpagui.cpp" line="1691"/>
-        <source>Failed to stop wpa_supplicant service</source>
-        <translation>Stoppen des wpa_supplicant Dienstes fehlgeschlagen</translation>
-    </message>
-    <message>
-        <source>OpenSCManager failed: %d
-</source>
-        <translation type="obsolete">OpenSCManager fehlgeschlagen: %d
-</translation>
-    </message>
-    <message>
-        <source>OpenService failed: %d
-
-</source>
-        <translation type="obsolete">OpenService fehlgeschlagen: %d
-
-</translation>
-    </message>
-</context>
-</TS>
diff --git a/wpa_supplicant/wpa_gui-qt4/main.cpp b/wpa_supplicant/wpa_gui-qt4/main.cpp
deleted file mode 100644
index bbd45c6e1d28..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/main.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * wpa_gui - Application startup
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifdef CONFIG_NATIVE_WINDOWS
-#include <winsock.h>
-#endif /* CONFIG_NATIVE_WINDOWS */
-#include <QApplication>
-#include <QtCore/QLibraryInfo>
-#include <QtCore/QTranslator>
-#include "wpagui.h"
-
-WpaGuiApp::WpaGuiApp(int &argc, char **argv) :
-	QApplication(argc, argv),
-	argc(argc),
-	argv(argv)
-{
-	w = NULL;
-}
-
-#if !defined(QT_NO_SESSIONMANAGER) && QT_VERSION < 0x050000
-void WpaGuiApp::saveState(QSessionManager &manager)
-{
-	QApplication::saveState(manager);
-	w->saveState();
-}
-#endif
-
-
-int main(int argc, char *argv[])
-{
-	WpaGuiApp app(argc, argv);
-	QTranslator translator;
-	QString locale;
-	QString resourceDir;
-	int ret;
-
-	locale = QLocale::system().name();
-	resourceDir = QLibraryInfo::location(QLibraryInfo::TranslationsPath);
-	if (!translator.load("wpa_gui_" + locale, resourceDir))
-		translator.load("wpa_gui_" + locale, "lang");
-	app.installTranslator(&translator);
-
-	WpaGui w(&app);
-
-#ifdef CONFIG_NATIVE_WINDOWS
-	WSADATA wsaData;
-	if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
-		/* printf("Could not find a usable WinSock.dll\n"); */
-		return -1;
-	}
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-	app.w = &w;
-
-	ret = app.exec();
-
-#ifdef CONFIG_NATIVE_WINDOWS
-	WSACleanup();
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-	return ret;
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp b/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp
deleted file mode 100644
index 2727318bcd5c..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp
+++ /dev/null
@@ -1,853 +0,0 @@
-/*
- * wpa_gui - NetworkConfig class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <cstdio>
-#include <QMessageBox>
-
-#include "networkconfig.h"
-#include "wpagui.h"
-
-enum {
-	AUTH_NONE_OPEN,
-	AUTH_NONE_WEP,
-	AUTH_NONE_WEP_SHARED,
-	AUTH_IEEE8021X,
-	AUTH_WPA_PSK,
-	AUTH_WPA_EAP,
-	AUTH_WPA2_PSK,
-	AUTH_WPA2_EAP
-};
-
-#define WPA_GUI_KEY_DATA "[key is configured]"
-
-
-NetworkConfig::NetworkConfig(QWidget *parent, const char *, bool,
-			     Qt::WindowFlags)
-	: QDialog(parent)
-{
-	setupUi(this);
-
-	encrSelect->setEnabled(false);
-	connect(authSelect, SIGNAL(activated(int)), this,
-		SLOT(authChanged(int)));
-	connect(cancelButton, SIGNAL(clicked()), this, SLOT(close()));
-	connect(addButton, SIGNAL(clicked()), this, SLOT(addNetwork()));
-	connect(encrSelect, SIGNAL(activated(const QString &)), this,
-		SLOT(encrChanged(const QString &)));
-	connect(removeButton, SIGNAL(clicked()), this, SLOT(removeNetwork()));
-	connect(eapSelect, SIGNAL(activated(int)), this,
-		SLOT(eapChanged(int)));
-	connect(useWpsButton, SIGNAL(clicked()), this, SLOT(useWps()));
-
-	wpagui = NULL;
-	new_network = false;
-}
-
-
-NetworkConfig::~NetworkConfig()
-{
-}
-
-
-void NetworkConfig::languageChange()
-{
-	retranslateUi(this);
-}
-
-
-void NetworkConfig::paramsFromScanResults(QTreeWidgetItem *sel)
-{
-	new_network = true;
-
-	/* SSID BSSID frequency signal flags */
-	setWindowTitle(sel->text(0));
-	ssidEdit->setText(sel->text(0));
-
-	QString flags = sel->text(4);
-	int auth, encr = 0;
-	if (flags.indexOf("[WPA2-EAP") >= 0)
-		auth = AUTH_WPA2_EAP;
-	else if (flags.indexOf("[WPA-EAP") >= 0)
-		auth = AUTH_WPA_EAP;
-	else if (flags.indexOf("[WPA2-PSK") >= 0)
-		auth = AUTH_WPA2_PSK;
-	else if (flags.indexOf("[WPA-PSK") >= 0)
-		auth = AUTH_WPA_PSK;
-	else
-		auth = AUTH_NONE_OPEN;
-
-	if (flags.indexOf("-CCMP") >= 0)
-		encr = 1;
-	else if (flags.indexOf("-TKIP") >= 0)
-		encr = 0;
-	else if (flags.indexOf("WEP") >= 0) {
-		encr = 1;
-		if (auth == AUTH_NONE_OPEN)
-			auth = AUTH_NONE_WEP;
-	} else
-		encr = 0;
-
-	authSelect->setCurrentIndex(auth);
-	authChanged(auth);
-	encrSelect->setCurrentIndex(encr);
-
-	wepEnabled(auth == AUTH_NONE_WEP);
-
-	getEapCapa();
-
-	if (flags.indexOf("[WPS") >= 0)
-		useWpsButton->setEnabled(true);
-	bssid = sel->text(1);
-}
-
-
-void NetworkConfig::authChanged(int sel)
-{
-	encrSelect->setEnabled(sel != AUTH_NONE_OPEN && sel != AUTH_NONE_WEP &&
-			       sel != AUTH_NONE_WEP_SHARED);
-	pskEdit->setEnabled(sel == AUTH_WPA_PSK || sel == AUTH_WPA2_PSK);
-	bool eap = sel == AUTH_IEEE8021X || sel == AUTH_WPA_EAP ||
-		sel == AUTH_WPA2_EAP;
-	eapSelect->setEnabled(eap);
-	identityEdit->setEnabled(eap);
-	passwordEdit->setEnabled(eap);
-	cacertEdit->setEnabled(eap);
-	phase2Select->setEnabled(eap);
-	if (eap)
-		eapChanged(eapSelect->currentIndex());
-
-	while (encrSelect->count())
-		encrSelect->removeItem(0);
-
-	if (sel == AUTH_NONE_OPEN || sel == AUTH_NONE_WEP ||
-	    sel == AUTH_NONE_WEP_SHARED || sel == AUTH_IEEE8021X) {
-		encrSelect->addItem("None");
-		encrSelect->addItem("WEP");
-		encrSelect->setCurrentIndex(sel == AUTH_NONE_OPEN ? 0 : 1);
-	} else {
-		encrSelect->addItem("TKIP");
-		encrSelect->addItem("CCMP");
-		encrSelect->setCurrentIndex((sel == AUTH_WPA2_PSK ||
-					     sel == AUTH_WPA2_EAP) ? 1 : 0);
-	}
-
-	wepEnabled(sel == AUTH_NONE_WEP || sel == AUTH_NONE_WEP_SHARED);
-}
-
-
-void NetworkConfig::eapChanged(int sel)
-{
-	QString prev_val = phase2Select->currentText();
-	while (phase2Select->count())
-		phase2Select->removeItem(0);
-
-	QStringList inner;
-	inner << "PEAP" << "TTLS" << "FAST";
-	if (!inner.contains(eapSelect->itemText(sel)))
-		return;
-
-	phase2Select->addItem("[ any ]");
-
-	/* Add special cases based on outer method */
-	if (eapSelect->currentText().compare("TTLS") == 0) {
-		phase2Select->addItem("PAP");
-		phase2Select->addItem("CHAP");
-		phase2Select->addItem("MSCHAP");
-		phase2Select->addItem("MSCHAPv2");
-	} else if (eapSelect->currentText().compare("FAST") == 0)
-		phase2Select->addItem("GTC(auth) + MSCHAPv2(prov)");
-
-	/* Add all enabled EAP methods that can be used in the tunnel */
-	int i;
-	QStringList allowed;
-	allowed << "MSCHAPV2" << "MD5" << "GTC" << "TLS" << "OTP" << "SIM"
-		<< "AKA";
-	for (i = 0; i < eapSelect->count(); i++) {
-		if (allowed.contains(eapSelect->itemText(i))) {
-			phase2Select->addItem("EAP-" + eapSelect->itemText(i));
-		}
-	}
-
-	for (i = 0; i < phase2Select->count(); i++) {
-		if (phase2Select->itemText(i).compare(prev_val) == 0) {
-			phase2Select->setCurrentIndex(i);
-			break;
-		}
-	}
-}
-
-
-void NetworkConfig::addNetwork()
-{
-	char reply[10], cmd[256];
-	size_t reply_len;
-	int id;
-	int psklen = pskEdit->text().length();
-	int auth = authSelect->currentIndex();
-
-	if (auth == AUTH_WPA_PSK || auth == AUTH_WPA2_PSK) {
-		if (psklen < 8 || psklen > 64) {
-			QMessageBox::warning(
-				this,
-				tr("WPA Pre-Shared Key Error"),
-				tr("WPA-PSK requires a passphrase of 8 to 63 "
-				   "characters\n"
-				   "or 64 hex digit PSK"));
-			pskEdit->setFocus();
-			return;
-		}
-	}
-
-	if (idstrEdit->isEnabled() && !idstrEdit->text().isEmpty()) {
-		QRegExp rx("^(\\w|-)+$");
-		if (rx.indexIn(idstrEdit->text()) < 0) {
-			QMessageBox::warning(
-				this, tr("Network ID Error"),
-				tr("Network ID String contains non-word "
-				   "characters.\n"
-				   "It must be a simple string, "
-				   "without spaces, containing\n"
-				   "only characters in this range: "
-				   "[A-Za-z0-9_-]\n"));
-			idstrEdit->setFocus();
-			return;
-		}
-	}
-
-	if (wpagui == NULL)
-		return;
-
-	memset(reply, 0, sizeof(reply));
-	reply_len = sizeof(reply) - 1;
-
-	if (new_network) {
-		wpagui->ctrlRequest("ADD_NETWORK", reply, &reply_len);
-		if (reply[0] == 'F') {
-			QMessageBox::warning(this, "wpa_gui",
-					     tr("Failed to add "
-						"network to wpa_supplicant\n"
-						"configuration."));
-			return;
-		}
-		id = atoi(reply);
-	} else
-		id = edit_network_id;
-
-	setNetworkParam(id, "ssid", ssidEdit->text().toLocal8Bit().constData(),
-			true);
-
-	const char *key_mgmt = NULL, *proto = NULL, *pairwise = NULL;
-	switch (auth) {
-	case AUTH_NONE_OPEN:
-	case AUTH_NONE_WEP:
-	case AUTH_NONE_WEP_SHARED:
-		key_mgmt = "NONE";
-		break;
-	case AUTH_IEEE8021X:
-		key_mgmt = "IEEE8021X";
-		break;
-	case AUTH_WPA_PSK:
-		key_mgmt = "WPA-PSK";
-		proto = "WPA";
-		break;
-	case AUTH_WPA_EAP:
-		key_mgmt = "WPA-EAP";
-		proto = "WPA";
-		break;
-	case AUTH_WPA2_PSK:
-		key_mgmt = "WPA-PSK";
-		proto = "WPA2";
-		break;
-	case AUTH_WPA2_EAP:
-		key_mgmt = "WPA-EAP";
-		proto = "WPA2";
-		break;
-	}
-
-	if (auth == AUTH_NONE_WEP_SHARED)
-		setNetworkParam(id, "auth_alg", "SHARED", false);
-	else
-		setNetworkParam(id, "auth_alg", "OPEN", false);
-
-	if (auth == AUTH_WPA_PSK || auth == AUTH_WPA_EAP ||
-	    auth == AUTH_WPA2_PSK || auth == AUTH_WPA2_EAP) {
-		int encr = encrSelect->currentIndex();
-		if (encr == 0)
-			pairwise = "TKIP";
-		else
-			pairwise = "CCMP";
-	}
-
-	if (proto)
-		setNetworkParam(id, "proto", proto, false);
-	if (key_mgmt)
-		setNetworkParam(id, "key_mgmt", key_mgmt, false);
-	if (pairwise) {
-		setNetworkParam(id, "pairwise", pairwise, false);
-		setNetworkParam(id, "group", "TKIP CCMP WEP104 WEP40", false);
-	}
-	if (pskEdit->isEnabled() &&
-	    strcmp(pskEdit->text().toLocal8Bit().constData(),
-		   WPA_GUI_KEY_DATA) != 0)
-		setNetworkParam(id, "psk",
-				pskEdit->text().toLocal8Bit().constData(),
-				psklen != 64);
-	if (eapSelect->isEnabled()) {
-		const char *eap =
-			eapSelect->currentText().toLocal8Bit().constData();
-		setNetworkParam(id, "eap", eap, false);
-		if (strcmp(eap, "SIM") == 0 || strcmp(eap, "AKA") == 0)
-			setNetworkParam(id, "pcsc", "", true);
-		else
-			setNetworkParam(id, "pcsc", "NULL", false);
-	}
-	if (phase2Select->isEnabled()) {
-		QString eap = eapSelect->currentText();
-		QString inner = phase2Select->currentText();
-		char phase2[32];
-		phase2[0] = '\0';
-		if (eap.compare("PEAP") == 0) {
-			if (inner.startsWith("EAP-"))
-				snprintf(phase2, sizeof(phase2), "auth=%s",
-					 inner.right(inner.size() - 4).
-					 toLocal8Bit().constData());
-		} else if (eap.compare("TTLS") == 0) {
-			if (inner.startsWith("EAP-"))
-				snprintf(phase2, sizeof(phase2), "autheap=%s",
-					 inner.right(inner.size() - 4).
-					 toLocal8Bit().constData());
-			else
-				snprintf(phase2, sizeof(phase2), "auth=%s",
-					 inner.toLocal8Bit().constData());
-		} else if (eap.compare("FAST") == 0) {
-			const char *provisioning = NULL;
-			if (inner.startsWith("EAP-")) {
-				snprintf(phase2, sizeof(phase2), "auth=%s",
-					 inner.right(inner.size() - 4).
-					 toLocal8Bit().constData());
-				provisioning = "fast_provisioning=2";
-			} else if (inner.compare("GTC(auth) + MSCHAPv2(prov)")
-				   == 0) {
-				snprintf(phase2, sizeof(phase2),
-					 "auth=GTC auth=MSCHAPV2");
-				provisioning = "fast_provisioning=1";
-			} else
-				provisioning = "fast_provisioning=3";
-			if (provisioning) {
-				char blob[32];
-				setNetworkParam(id, "phase1", provisioning,
-						true);
-				snprintf(blob, sizeof(blob),
-					 "blob://fast-pac-%d", id);
-				setNetworkParam(id, "pac_file", blob, true);
-			}
-		}
-		if (phase2[0])
-			setNetworkParam(id, "phase2", phase2, true);
-		else
-			setNetworkParam(id, "phase2", "NULL", false);
-	} else
-		setNetworkParam(id, "phase2", "NULL", false);
-	if (identityEdit->isEnabled() && identityEdit->text().length() > 0)
-		setNetworkParam(id, "identity",
-				identityEdit->text().toLocal8Bit().constData(),
-				true);
-	else
-		setNetworkParam(id, "identity", "NULL", false);
-	if (passwordEdit->isEnabled() && passwordEdit->text().length() > 0 &&
-	    strcmp(passwordEdit->text().toLocal8Bit().constData(),
-		   WPA_GUI_KEY_DATA) != 0)
-		setNetworkParam(id, "password",
-				passwordEdit->text().toLocal8Bit().constData(),
-				true);
-	else if (passwordEdit->text().length() == 0)
-		setNetworkParam(id, "password", "NULL", false);
-	if (cacertEdit->isEnabled() && cacertEdit->text().length() > 0)
-		setNetworkParam(id, "ca_cert",
-				cacertEdit->text().toLocal8Bit().constData(),
-				true);
-	else
-		setNetworkParam(id, "ca_cert", "NULL", false);
-	writeWepKey(id, wep0Edit, 0);
-	writeWepKey(id, wep1Edit, 1);
-	writeWepKey(id, wep2Edit, 2);
-	writeWepKey(id, wep3Edit, 3);
-
-	if (wep0Radio->isEnabled() && wep0Radio->isChecked())
-		setNetworkParam(id, "wep_tx_keyidx", "0", false);
-	else if (wep1Radio->isEnabled() && wep1Radio->isChecked())
-		setNetworkParam(id, "wep_tx_keyidx", "1", false);
-	else if (wep2Radio->isEnabled() && wep2Radio->isChecked())
-		setNetworkParam(id, "wep_tx_keyidx", "2", false);
-	else if (wep3Radio->isEnabled() && wep3Radio->isChecked())
-		setNetworkParam(id, "wep_tx_keyidx", "3", false);
-
-	if (idstrEdit->isEnabled() && idstrEdit->text().length() > 0)
-		setNetworkParam(id, "id_str",
-				idstrEdit->text().toLocal8Bit().constData(),
-				true);
-	else
-		setNetworkParam(id, "id_str", "NULL", false);
-
-	if (prioritySpinBox->isEnabled()) {
-		QString prio;
-		prio = prio.setNum(prioritySpinBox->value());
-		setNetworkParam(id, "priority", prio.toLocal8Bit().constData(),
-				false);
-	}
-
-	snprintf(cmd, sizeof(cmd), "ENABLE_NETWORK %d", id);
-	reply_len = sizeof(reply);
-	wpagui->ctrlRequest(cmd, reply, &reply_len);
-	if (strncmp(reply, "OK", 2) != 0) {
-		QMessageBox::warning(this, "wpa_gui",
-				     tr("Failed to enable "
-					"network in wpa_supplicant\n"
-					"configuration."));
-		/* Network was added, so continue anyway */
-	}
-	wpagui->triggerUpdate();
-	wpagui->ctrlRequest("SAVE_CONFIG", reply, &reply_len);
-
-	close();
-}
-
-
-void NetworkConfig::setWpaGui(WpaGui *_wpagui)
-{
-	wpagui = _wpagui;
-}
-
-
-int NetworkConfig::setNetworkParam(int id, const char *field,
-				   const char *value, bool quote)
-{
-	char reply[10], cmd[256];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "SET_NETWORK %d %s %s%s%s",
-		 id, field, quote ? "\"" : "", value, quote ? "\"" : "");
-	reply_len = sizeof(reply);
-	wpagui->ctrlRequest(cmd, reply, &reply_len);
-	return strncmp(reply, "OK", 2) == 0 ? 0 : -1;
-}
-
-
-void NetworkConfig::encrChanged(const QString &)
-{
-}
-
-
-void NetworkConfig::wepEnabled(bool enabled)
-{
-	wep0Edit->setEnabled(enabled);
-	wep1Edit->setEnabled(enabled);
-	wep2Edit->setEnabled(enabled);
-	wep3Edit->setEnabled(enabled);
-	wep0Radio->setEnabled(enabled);
-	wep1Radio->setEnabled(enabled);
-	wep2Radio->setEnabled(enabled);
-	wep3Radio->setEnabled(enabled);
-}
-
-
-void NetworkConfig::writeWepKey(int network_id, QLineEdit *edit, int id)
-{
-	char buf[10];
-	bool hex;
-	const char *txt, *pos;
-	size_t len;
-
-	if (!edit->isEnabled() || edit->text().isEmpty())
-		return;
-
-	/*
-	 * Assume hex key if only hex characters are present and length matches
-	 * with 40, 104, or 128-bit key
-	 */
-	txt = edit->text().toLocal8Bit().constData();
-	if (strcmp(txt, WPA_GUI_KEY_DATA) == 0)
-		return;
-	len = strlen(txt);
-	if (len == 0)
-		return;
-	pos = txt;
-	hex = true;
-	while (*pos) {
-		if (!((*pos >= '0' && *pos <= '9') ||
-		      (*pos >= 'a' && *pos <= 'f') ||
-		      (*pos >= 'A' && *pos <= 'F'))) {
-			hex = false;
-			break;
-		}
-		pos++;
-	}
-	if (hex && len != 10 && len != 26 && len != 32)
-		hex = false;
-	snprintf(buf, sizeof(buf), "wep_key%d", id);
-	setNetworkParam(network_id, buf, txt, !hex);
-}
-
-
-static int key_value_isset(const char *reply, size_t reply_len)
-{
-    return reply_len > 0 && (reply_len < 4 || memcmp(reply, "FAIL", 4) != 0);
-}
-
-
-void NetworkConfig::paramsFromConfig(int network_id)
-{
-	int i, res;
-
-	edit_network_id = network_id;
-	getEapCapa();
-
-	char reply[1024], cmd[256], *pos;
-	size_t reply_len;
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ssid", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
-	    reply_len >= 2 && reply[0] == '"') {
-		reply[reply_len] = '\0';
-		pos = strchr(reply + 1, '"');
-		if (pos)
-			*pos = '\0';
-		ssidEdit->setText(reply + 1);
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d proto", network_id);
-	reply_len = sizeof(reply) - 1;
-	int wpa = 0;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
-		reply[reply_len] = '\0';
-		if (strstr(reply, "RSN") || strstr(reply, "WPA2"))
-			wpa = 2;
-		else if (strstr(reply, "WPA"))
-			wpa = 1;
-	}
-
-	int auth = AUTH_NONE_OPEN, encr = 0;
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d key_mgmt", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
-		reply[reply_len] = '\0';
-		if (strstr(reply, "WPA-EAP"))
-			auth = wpa & 2 ? AUTH_WPA2_EAP : AUTH_WPA_EAP;
-		else if (strstr(reply, "WPA-PSK"))
-			auth = wpa & 2 ? AUTH_WPA2_PSK : AUTH_WPA_PSK;
-		else if (strstr(reply, "IEEE8021X")) {
-			auth = AUTH_IEEE8021X;
-			encr = 1;
-		}
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d pairwise", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
-		reply[reply_len] = '\0';
-		if (strstr(reply, "CCMP") && auth != AUTH_NONE_OPEN &&
-		    auth != AUTH_NONE_WEP && auth != AUTH_NONE_WEP_SHARED)
-			encr = 1;
-		else if (strstr(reply, "TKIP"))
-			encr = 0;
-		else if (strstr(reply, "WEP"))
-			encr = 1;
-		else
-			encr = 0;
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d psk", network_id);
-	reply_len = sizeof(reply) - 1;
-	res = wpagui->ctrlRequest(cmd, reply, &reply_len);
-	if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
-		reply[reply_len] = '\0';
-		pos = strchr(reply + 1, '"');
-		if (pos)
-			*pos = '\0';
-		pskEdit->setText(reply + 1);
-	} else if (res >= 0 && key_value_isset(reply, reply_len)) {
-		pskEdit->setText(WPA_GUI_KEY_DATA);
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d identity", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
-	    reply_len >= 2 && reply[0] == '"') {
-		reply[reply_len] = '\0';
-		pos = strchr(reply + 1, '"');
-		if (pos)
-			*pos = '\0';
-		identityEdit->setText(reply + 1);
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d password", network_id);
-	reply_len = sizeof(reply) - 1;
-	res = wpagui->ctrlRequest(cmd, reply, &reply_len);
-	if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
-		reply[reply_len] = '\0';
-		pos = strchr(reply + 1, '"');
-		if (pos)
-			*pos = '\0';
-		passwordEdit->setText(reply + 1);
-	} else if (res >= 0 && key_value_isset(reply, reply_len)) {
-		passwordEdit->setText(WPA_GUI_KEY_DATA);
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ca_cert", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
-	    reply_len >= 2 && reply[0] == '"') {
-		reply[reply_len] = '\0';
-		pos = strchr(reply + 1, '"');
-		if (pos)
-			*pos = '\0';
-		cacertEdit->setText(reply + 1);
-	}
-
-	enum { NO_INNER, PEAP_INNER, TTLS_INNER, FAST_INNER } eap = NO_INNER;
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d eap", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
-	    reply_len >= 1) {
-		reply[reply_len] = '\0';
-		for (i = 0; i < eapSelect->count(); i++) {
-			if (eapSelect->itemText(i).compare(reply) == 0) {
-				eapSelect->setCurrentIndex(i);
-				if (strcmp(reply, "PEAP") == 0)
-					eap = PEAP_INNER;
-				else if (strcmp(reply, "TTLS") == 0)
-					eap = TTLS_INNER;
-				else if (strcmp(reply, "FAST") == 0)
-					eap = FAST_INNER;
-				break;
-			}
-		}
-	}
-
-	if (eap != NO_INNER) {
-		snprintf(cmd, sizeof(cmd), "GET_NETWORK %d phase2",
-			 network_id);
-		reply_len = sizeof(reply) - 1;
-		if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
-		    reply_len >= 1) {
-			reply[reply_len] = '\0';
-			eapChanged(eapSelect->currentIndex());
-		} else
-			eap = NO_INNER;
-	}
-
-	char *val;
-	val = reply + 1;
-	while (*(val + 1))
-		val++;
-	if (*val == '"')
-		*val = '\0';
-
-	switch (eap) {
-	case PEAP_INNER:
-		if (strncmp(reply, "\"auth=", 6))
-			break;
-		val = reply + 2;
-		memcpy(val, "EAP-", 4);
-		break;
-	case TTLS_INNER:
-		if (strncmp(reply, "\"autheap=", 9) == 0) {
-			val = reply + 5;
-			memcpy(val, "EAP-", 4);
-		} else if (strncmp(reply, "\"auth=", 6) == 0)
-			val = reply + 6;
-		break;
-	case FAST_INNER:
-		if (strncmp(reply, "\"auth=", 6))
-			break;
-		if (strcmp(reply + 6, "GTC auth=MSCHAPV2") == 0) {
-			val = (char *) "GTC(auth) + MSCHAPv2(prov)";
-			break;
-		}
-		val = reply + 2;
-		memcpy(val, "EAP-", 4);
-		break;
-	case NO_INNER:
-		break;
-	}
-
-	for (i = 0; i < phase2Select->count(); i++) {
-		if (phase2Select->itemText(i).compare(val) == 0) {
-			phase2Select->setCurrentIndex(i);
-			break;
-		}
-	}
-
-	for (i = 0; i < 4; i++) {
-		QLineEdit *wepEdit;
-		switch (i) {
-		default:
-		case 0:
-			wepEdit = wep0Edit;
-			break;
-		case 1:
-			wepEdit = wep1Edit;
-			break;
-		case 2:
-			wepEdit = wep2Edit;
-			break;
-		case 3:
-			wepEdit = wep3Edit;
-			break;
-		}
-		snprintf(cmd, sizeof(cmd), "GET_NETWORK %d wep_key%d",
-			 network_id, i);
-		reply_len = sizeof(reply) - 1;
-		res = wpagui->ctrlRequest(cmd, reply, &reply_len);
-		if (res >= 0 && reply_len >= 2 && reply[0] == '"') {
-			reply[reply_len] = '\0';
-			pos = strchr(reply + 1, '"');
-			if (pos)
-				*pos = '\0';
-			if (auth == AUTH_NONE_OPEN || auth == AUTH_IEEE8021X) {
-				if (auth == AUTH_NONE_OPEN)
-					auth = AUTH_NONE_WEP;
-				encr = 1;
-			}
-
-			wepEdit->setText(reply + 1);
-		} else if (res >= 0 && key_value_isset(reply, reply_len)) {
-			if (auth == AUTH_NONE_OPEN || auth == AUTH_IEEE8021X) {
-				if (auth == AUTH_NONE_OPEN)
-					auth = AUTH_NONE_WEP;
-				encr = 1;
-			}
-			wepEdit->setText(WPA_GUI_KEY_DATA);
-		}
-	}
-
-	if (auth == AUTH_NONE_WEP) {
-		snprintf(cmd, sizeof(cmd), "GET_NETWORK %d auth_alg",
-			 network_id);
-		reply_len = sizeof(reply) - 1;
-		if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0) {
-			reply[reply_len] = '\0';
-			if (strcmp(reply, "SHARED") == 0)
-				auth = AUTH_NONE_WEP_SHARED;
-		}
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d wep_tx_keyidx", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 1)
-	{
-		reply[reply_len] = '\0';
-		switch (atoi(reply)) {
-		case 0:
-			wep0Radio->setChecked(true);
-			break;
-		case 1:
-			wep1Radio->setChecked(true);
-			break;
-		case 2:
-			wep2Radio->setChecked(true);
-			break;
-		case 3:
-			wep3Radio->setChecked(true);
-			break;
-		}
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d id_str", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 &&
-	    reply_len >= 2 && reply[0] == '"') {
-		reply[reply_len] = '\0';
-		pos = strchr(reply + 1, '"');
-		if (pos)
-			*pos = '\0';
-		idstrEdit->setText(reply + 1);
-	}
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d priority", network_id);
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) >= 0 && reply_len >= 1)
-	{
-		reply[reply_len] = '\0';
-		prioritySpinBox->setValue(atoi(reply));
-	}
-
-	authSelect->setCurrentIndex(auth);
-	authChanged(auth);
-	encrSelect->setCurrentIndex(encr);
-	wepEnabled(auth == AUTH_NONE_WEP || auth == AUTH_NONE_WEP_SHARED);
-
-	removeButton->setEnabled(true);
-	addButton->setText("Save");
-}
-
-
-void NetworkConfig::removeNetwork()
-{
-	char reply[10], cmd[256];
-	size_t reply_len;
-
-	if (QMessageBox::information(
-		    this, "wpa_gui",
-		    tr("This will permanently remove the network\n"
-		       "from the configuration. Do you really want\n"
-		       "to remove this network?"),
-		    tr("Yes"), tr("No")) != 0)
-		return;
-
-	snprintf(cmd, sizeof(cmd), "REMOVE_NETWORK %d", edit_network_id);
-	reply_len = sizeof(reply);
-	wpagui->ctrlRequest(cmd, reply, &reply_len);
-	if (strncmp(reply, "OK", 2) != 0) {
-		QMessageBox::warning(this, "wpa_gui",
-				     tr("Failed to remove network from "
-					"wpa_supplicant\n"
-					"configuration."));
-	} else {
-		wpagui->triggerUpdate();
-		wpagui->ctrlRequest("SAVE_CONFIG", reply, &reply_len);
-	}
-
-	close();
-}
-
-
-void NetworkConfig::newNetwork()
-{
-	new_network = true;
-	getEapCapa();
-}
-
-
-void NetworkConfig::getEapCapa()
-{
-	char reply[256];
-	size_t reply_len;
-
-	if (wpagui == NULL)
-		return;
-
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest("GET_CAPABILITY eap", reply, &reply_len) < 0)
-		return;
-	reply[reply_len] = '\0';
-
-	QString res(reply);
-	QStringList types = res.split(QChar(' '));
-	eapSelect->insertItems(-1, types);
-}
-
-
-void NetworkConfig::useWps()
-{
-	if (wpagui == NULL)
-		return;
-	wpagui->setBssFromScan(bssid);
-	wpagui->wpsDialog();
-	close();
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/networkconfig.h b/wpa_supplicant/wpa_gui-qt4/networkconfig.h
deleted file mode 100644
index fd09dec54318..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/networkconfig.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * wpa_gui - NetworkConfig class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef NETWORKCONFIG_H
-#define NETWORKCONFIG_H
-
-#include <QObject>
-#include "ui_networkconfig.h"
-
-class WpaGui;
-
-class NetworkConfig : public QDialog, public Ui::NetworkConfig
-{
-	Q_OBJECT
-
-public:
-	NetworkConfig(QWidget *parent = 0, const char *name = 0,
-		      bool modal = false, Qt::WindowFlags fl = 0);
-	~NetworkConfig();
-
-	virtual void paramsFromScanResults(QTreeWidgetItem *sel);
-	virtual void setWpaGui(WpaGui *_wpagui);
-	virtual int setNetworkParam(int id, const char *field,
-				    const char *value, bool quote);
-	virtual void paramsFromConfig(int network_id);
-	virtual void newNetwork();
-
-public slots:
-	virtual void authChanged(int sel);
-	virtual void addNetwork();
-	virtual void encrChanged(const QString &sel);
-	virtual void writeWepKey(int network_id, QLineEdit *edit, int id);
-	virtual void removeNetwork();
-	virtual void eapChanged(int sel);
-	virtual void useWps();
-
-protected slots:
-	virtual void languageChange();
-
-private:
-	WpaGui *wpagui;
-	int edit_network_id;
-	bool new_network;
-	QString bssid;
-
-	virtual void wepEnabled(bool enabled);
-	virtual void getEapCapa();
-};
-
-#endif /* NETWORKCONFIG_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/networkconfig.ui b/wpa_supplicant/wpa_gui-qt4/networkconfig.ui
deleted file mode 100644
index 217a8ff58704..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/networkconfig.ui
+++ /dev/null
@@ -1,435 +0,0 @@
-<ui version="4.0" >
- <class>NetworkConfig</class>
- <widget class="QDialog" name="NetworkConfig" >
-  <property name="geometry" >
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>410</width>
-    <height>534</height>
-   </rect>
-  </property>
-  <property name="windowTitle" >
-   <string>NetworkConfig</string>
-  </property>
-  <layout class="QGridLayout" >
-   <item row="1" column="3" >
-    <widget class="QPushButton" name="cancelButton" >
-     <property name="text" >
-      <string>Cancel</string>
-     </property>
-    </widget>
-   </item>
-   <item row="0" column="0" colspan="4" >
-    <widget class="QFrame" name="frame9" >
-     <property name="frameShape" >
-      <enum>QFrame::NoFrame</enum>
-     </property>
-     <property name="frameShadow" >
-      <enum>QFrame::Plain</enum>
-     </property>
-     <layout class="QGridLayout" >
-      <item row="0" column="0" >
-       <widget class="QLabel" name="ssidLabel" >
-        <property name="text" >
-         <string>SSID</string>
-        </property>
-       </widget>
-      </item>
-      <item row="0" column="1" >
-       <widget class="QLineEdit" name="ssidEdit" >
-        <property name="toolTip" >
-         <string>Network name (Service Set IDentifier)</string>
-        </property>
-        <property name="text" >
-         <string/>
-        </property>
-       </widget>
-      </item>
-      <item row="1" column="0" >
-       <widget class="QLabel" name="authLabel" >
-        <property name="text" >
-         <string>Authentication</string>
-        </property>
-       </widget>
-      </item>
-      <item row="1" column="1" >
-       <widget class="QComboBox" name="authSelect" >
-        <item>
-         <property name="text" >
-          <string>Plaintext (open / no authentication)</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>Static WEP (no authentication)</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>Static WEP (Shared Key authentication)</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>IEEE 802.1X</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>WPA-Personal (PSK)</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>WPA-Enterprise (EAP)</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>WPA2-Personal (PSK)</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>WPA2-Enterprise (EAP)</string>
-         </property>
-        </item>
-       </widget>
-      </item>
-      <item row="2" column="0" >
-       <widget class="QLabel" name="encrLabel" >
-        <property name="text" >
-         <string>Encryption</string>
-        </property>
-       </widget>
-      </item>
-      <item row="2" column="1" >
-       <widget class="QComboBox" name="encrSelect" >
-        <item>
-         <property name="text" >
-          <string>None</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>WEP</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>TKIP</string>
-         </property>
-        </item>
-        <item>
-         <property name="text" >
-          <string>CCMP</string>
-         </property>
-        </item>
-       </widget>
-      </item>
-      <item row="3" column="0" >
-       <widget class="QLabel" name="pskLabel" >
-        <property name="text" >
-         <string>PSK</string>
-        </property>
-       </widget>
-      </item>
-      <item row="3" column="1" >
-       <widget class="QLineEdit" name="pskEdit" >
-        <property name="enabled" >
-         <bool>false</bool>
-        </property>
-        <property name="toolTip" >
-         <string>WPA/WPA2 pre-shared key or passphrase</string>
-        </property>
-        <property name="whatsThis" >
-         <string/>
-        </property>
-        <property name="echoMode" >
-         <enum>QLineEdit::Password</enum>
-        </property>
-       </widget>
-      </item>
-      <item row="4" column="0" >
-       <widget class="QLabel" name="eapLabel" >
-        <property name="text" >
-         <string>EAP method</string>
-        </property>
-       </widget>
-      </item>
-      <item row="4" column="1" >
-       <widget class="QComboBox" name="eapSelect" >
-        <property name="enabled" >
-         <bool>false</bool>
-        </property>
-       </widget>
-      </item>
-      <item row="5" column="0" >
-       <widget class="QLabel" name="identityLabel" >
-        <property name="text" >
-         <string>Identity</string>
-        </property>
-       </widget>
-      </item>
-      <item row="5" column="1" >
-       <widget class="QLineEdit" name="identityEdit" >
-        <property name="enabled" >
-         <bool>false</bool>
-        </property>
-        <property name="toolTip" >
-         <string>Username/Identity for EAP methods</string>
-        </property>
-       </widget>
-      </item>
-      <item row="6" column="0" >
-       <widget class="QLabel" name="passwordLabel" >
-        <property name="text" >
-         <string>Password</string>
-        </property>
-       </widget>
-      </item>
-      <item row="6" column="1" >
-       <widget class="QLineEdit" name="passwordEdit" >
-        <property name="enabled" >
-         <bool>false</bool>
-        </property>
-        <property name="toolTip" >
-         <string>Password for EAP methods</string>
-        </property>
-        <property name="echoMode" >
-         <enum>QLineEdit::Password</enum>
-        </property>
-       </widget>
-      </item>
-      <item row="7" column="0" >
-       <widget class="QLabel" name="cacertLabel" >
-        <property name="text" >
-         <string>CA certificate</string>
-        </property>
-       </widget>
-      </item>
-      <item row="7" column="1" >
-       <widget class="QLineEdit" name="cacertEdit" >
-        <property name="enabled" >
-         <bool>false</bool>
-        </property>
-       </widget>
-      </item>
-      <item row="8" column="0" colspan="2" >
-       <widget class="QGroupBox" name="wepBox" >
-        <property name="enabled" >
-         <bool>true</bool>
-        </property>
-        <property name="title" >
-         <string>WEP keys</string>
-        </property>
-        <layout class="QGridLayout" >
-         <item row="0" column="0" >
-          <widget class="QRadioButton" name="wep0Radio" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-           <property name="text" >
-            <string>key 0</string>
-           </property>
-          </widget>
-         </item>
-         <item row="1" column="0" >
-          <widget class="QRadioButton" name="wep1Radio" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-           <property name="text" >
-            <string>key 1</string>
-           </property>
-          </widget>
-         </item>
-         <item row="3" column="0" >
-          <widget class="QRadioButton" name="wep3Radio" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-           <property name="text" >
-            <string>key 3</string>
-           </property>
-          </widget>
-         </item>
-         <item row="2" column="0" >
-          <widget class="QRadioButton" name="wep2Radio" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-           <property name="text" >
-            <string>key 2</string>
-           </property>
-          </widget>
-         </item>
-         <item row="0" column="1" >
-          <widget class="QLineEdit" name="wep0Edit" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-          </widget>
-         </item>
-         <item row="1" column="1" >
-          <widget class="QLineEdit" name="wep1Edit" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-          </widget>
-         </item>
-         <item row="2" column="1" >
-          <widget class="QLineEdit" name="wep2Edit" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-          </widget>
-         </item>
-         <item row="3" column="1" >
-          <widget class="QLineEdit" name="wep3Edit" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-          </widget>
-         </item>
-        </layout>
-       </widget>
-      </item>
-      <item row="9" column="0" colspan="2" >
-       <widget class="QGroupBox" name="optionalSettingsBox" >
-        <property name="enabled" >
-         <bool>true</bool>
-        </property>
-        <property name="title" >
-         <string>Optional Settings</string>
-        </property>
-        <layout class="QGridLayout" >
-         <item row="0" column="1" >
-          <widget class="QLineEdit" name="idstrEdit" >
-           <property name="toolTip" >
-            <string>Network Identification String</string>
-           </property>
-          </widget>
-         </item>
-         <item row="0" column="3" >
-          <widget class="QSpinBox" name="prioritySpinBox" >
-           <property name="toolTip" >
-            <string>Network Priority</string>
-           </property>
-           <property name="maximum" >
-            <number>10000</number>
-           </property>
-           <property name="singleStep" >
-            <number>10</number>
-           </property>
-          </widget>
-         </item>
-         <item row="0" column="0" >
-          <widget class="QLabel" name="idstrLabel" >
-           <property name="text" >
-            <string>IDString</string>
-           </property>
-          </widget>
-         </item>
-         <item row="0" column="2" >
-          <widget class="QLabel" name="priorityLabel" >
-           <property name="text" >
-            <string>Priority</string>
-           </property>
-          </widget>
-         </item>
-         <item row="1" column="0" >
-          <widget class="QLabel" name="phase2Label" >
-           <property name="text" >
-            <string>Inner auth</string>
-           </property>
-          </widget>
-         </item>
-         <item row="1" column="1" >
-          <widget class="QComboBox" name="phase2Select" >
-           <property name="enabled" >
-            <bool>false</bool>
-           </property>
-          </widget>
-         </item>
-        </layout>
-       </widget>
-      </item>
-     </layout>
-    </widget>
-   </item>
-   <item row="1" column="2" >
-    <widget class="QPushButton" name="addButton" >
-     <property name="text" >
-      <string>Add</string>
-     </property>
-    </widget>
-   </item>
-   <item row="1" column="3" >
-    <widget class="QPushButton" name="removeButton" >
-     <property name="enabled" >
-      <bool>false</bool>
-     </property>
-     <property name="text" >
-      <string>Remove</string>
-     </property>
-    </widget>
-   </item>
-   <item row="1" column="0" >
-    <spacer>
-     <property name="orientation" >
-      <enum>Qt::Vertical</enum>
-     </property>
-     <property name="sizeHint" >
-      <size>
-       <width>20</width>
-       <height>40</height>
-      </size>
-     </property>
-    </spacer>
-   </item>
-   <item row="1" column="1" >
-    <widget class="QPushButton" name="useWpsButton" >
-     <property name="enabled" >
-      <bool>false</bool>
-     </property>
-     <property name="text" >
-      <string>WPS</string>
-     </property>
-    </widget>
-   </item>
-  </layout>
- </widget>
- <layoutdefault spacing="6" margin="11" />
- <pixmapfunction></pixmapfunction>
- <tabstops>
-  <tabstop>ssidEdit</tabstop>
-  <tabstop>authSelect</tabstop>
-  <tabstop>encrSelect</tabstop>
-  <tabstop>pskEdit</tabstop>
-  <tabstop>eapSelect</tabstop>
-  <tabstop>identityEdit</tabstop>
-  <tabstop>passwordEdit</tabstop>
-  <tabstop>cacertEdit</tabstop>
-  <tabstop>wep0Radio</tabstop>
-  <tabstop>wep0Edit</tabstop>
-  <tabstop>wep1Radio</tabstop>
-  <tabstop>wep1Edit</tabstop>
-  <tabstop>wep2Radio</tabstop>
-  <tabstop>wep2Edit</tabstop>
-  <tabstop>wep3Radio</tabstop>
-  <tabstop>wep3Edit</tabstop>
-  <tabstop>idstrEdit</tabstop>
-  <tabstop>prioritySpinBox</tabstop>
-  <tabstop>phase2Select</tabstop>
-  <tabstop>addButton</tabstop>
-  <tabstop>removeButton</tabstop>
-  <tabstop>cancelButton</tabstop>
- </tabstops>
- <includes>
-  <include location="global" >qtreewidget.h</include>
- </includes>
- <resources/>
- <connections/>
-</ui>
diff --git a/wpa_supplicant/wpa_gui-qt4/peers.cpp b/wpa_supplicant/wpa_gui-qt4/peers.cpp
deleted file mode 100644
index 0a0b3ffcb51b..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/peers.cpp
+++ /dev/null
@@ -1,1885 +0,0 @@
-/*
- * wpa_gui - Peers class
- * Copyright (c) 2009-2010, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <cstdio>
-#include <QImageReader>
-#include <QMessageBox>
-
-#include "common/wpa_ctrl.h"
-#include "wpagui.h"
-#include "stringquery.h"
-#include "peers.h"
-
-
-enum {
-	peer_role_address = Qt::UserRole + 1,
-	peer_role_type,
-	peer_role_uuid,
-	peer_role_details,
-	peer_role_ifname,
-	peer_role_pri_dev_type,
-	peer_role_ssid,
-	peer_role_config_methods,
-	peer_role_dev_passwd_id,
-	peer_role_bss_id,
-	peer_role_selected_method,
-	peer_role_selected_pin,
-	peer_role_requested_method,
-	peer_role_network_id
-};
-
-enum selected_method {
-	SEL_METHOD_NONE,
-	SEL_METHOD_PIN_PEER_DISPLAY,
-	SEL_METHOD_PIN_LOCAL_DISPLAY
-};
-
-/*
- * TODO:
- * - add current AP info (e.g., from WPS) in station mode
- */
-
-enum peer_type {
-	PEER_TYPE_ASSOCIATED_STATION,
-	PEER_TYPE_AP,
-	PEER_TYPE_AP_WPS,
-	PEER_TYPE_WPS_PIN_NEEDED,
-	PEER_TYPE_P2P,
-	PEER_TYPE_P2P_CLIENT,
-	PEER_TYPE_P2P_GROUP,
-	PEER_TYPE_P2P_PERSISTENT_GROUP_GO,
-	PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT,
-	PEER_TYPE_P2P_INVITATION,
-	PEER_TYPE_WPS_ER_AP,
-	PEER_TYPE_WPS_ER_AP_UNCONFIGURED,
-	PEER_TYPE_WPS_ER_ENROLLEE,
-	PEER_TYPE_WPS_ENROLLEE
-};
-
-
-Peers::Peers(QWidget *parent, const char *, bool, Qt::WindowFlags)
-	: QDialog(parent)
-{
-	setupUi(this);
-
-	if (QImageReader::supportedImageFormats().contains(QByteArray("svg")))
-	{
-		default_icon = new QIcon(":/icons/wpa_gui.svg");
-		ap_icon = new QIcon(":/icons/ap.svg");
-		laptop_icon = new QIcon(":/icons/laptop.svg");
-		group_icon = new QIcon(":/icons/group.svg");
-		invitation_icon = new QIcon(":/icons/invitation.svg");
-	} else {
-		default_icon = new QIcon(":/icons/wpa_gui.png");
-		ap_icon = new QIcon(":/icons/ap.png");
-		laptop_icon = new QIcon(":/icons/laptop.png");
-		group_icon = new QIcon(":/icons/group.png");
-		invitation_icon = new QIcon(":/icons/invitation.png");
-	}
-
-	peers->setModel(&model);
-	peers->setResizeMode(QListView::Adjust);
-	peers->setDragEnabled(false);
-	peers->setSelectionMode(QAbstractItemView::NoSelection);
-
-	peers->setContextMenuPolicy(Qt::CustomContextMenu);
-	connect(peers, SIGNAL(customContextMenuRequested(const QPoint &)),
-		this, SLOT(context_menu(const QPoint &)));
-
-	wpagui = NULL;
-	hide_ap = false;
-}
-
-
-void Peers::setWpaGui(WpaGui *_wpagui)
-{
-	wpagui = _wpagui;
-	update_peers();
-}
-
-
-Peers::~Peers()
-{
-	delete default_icon;
-	delete ap_icon;
-	delete laptop_icon;
-	delete group_icon;
-	delete invitation_icon;
-}
-
-
-void Peers::languageChange()
-{
-	retranslateUi(this);
-}
-
-
-QString Peers::ItemType(int type)
-{
-	QString title;
-	switch (type) {
-	case PEER_TYPE_ASSOCIATED_STATION:
-		title = tr("Associated station");
-		break;
-	case PEER_TYPE_AP:
-		title = tr("AP");
-		break;
-	case PEER_TYPE_AP_WPS:
-		title = tr("WPS AP");
-		break;
-	case PEER_TYPE_WPS_PIN_NEEDED:
-		title = tr("WPS PIN needed");
-		break;
-	case PEER_TYPE_P2P:
-		title = tr("P2P Device");
-		break;
-	case PEER_TYPE_P2P_CLIENT:
-		title = tr("P2P Device (group client)");
-		break;
-	case PEER_TYPE_P2P_GROUP:
-		title = tr("P2P Group");
-		break;
-	case PEER_TYPE_P2P_PERSISTENT_GROUP_GO:
-		title = tr("P2P Persistent Group (GO)");
-		break;
-	case PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT:
-		title = tr("P2P Persistent Group (client)");
-		break;
-	case PEER_TYPE_P2P_INVITATION:
-		title = tr("P2P Invitation");
-		break;
-	case PEER_TYPE_WPS_ER_AP:
-		title = tr("ER: WPS AP");
-		break;
-	case PEER_TYPE_WPS_ER_AP_UNCONFIGURED:
-		title = tr("ER: WPS AP (Unconfigured)");
-		break;
-	case PEER_TYPE_WPS_ER_ENROLLEE:
-		title = tr("ER: WPS Enrollee");
-		break;
-	case PEER_TYPE_WPS_ENROLLEE:
-		title = tr("WPS Enrollee");
-		break;
-	}
-	return title;
-}
-
-
-void Peers::context_menu(const QPoint &pos)
-{
-	QMenu *menu = new QMenu;
-	if (menu == NULL)
-		return;
-
-	QModelIndex idx = peers->indexAt(pos);
-	if (idx.isValid()) {
-		ctx_item = model.itemFromIndex(idx);
-		int type = ctx_item->data(peer_role_type).toInt();
-		menu->addAction(Peers::ItemType(type))->setEnabled(false);
-		menu->addSeparator();
-
-		int config_methods = -1;
-		QVariant var = ctx_item->data(peer_role_config_methods);
-		if (var.isValid())
-			config_methods = var.toInt();
-
-		enum selected_method method = SEL_METHOD_NONE;
-		var = ctx_item->data(peer_role_selected_method);
-		if (var.isValid())
-			method = (enum selected_method) var.toInt();
-
-		if ((type == PEER_TYPE_ASSOCIATED_STATION ||
-		     type == PEER_TYPE_AP_WPS ||
-		     type == PEER_TYPE_WPS_PIN_NEEDED ||
-		     type == PEER_TYPE_WPS_ER_ENROLLEE ||
-		     type == PEER_TYPE_WPS_ENROLLEE) &&
-		    (config_methods == -1 || (config_methods & 0x010c))) {
-			menu->addAction(tr("Enter WPS PIN"), this,
-					SLOT(enter_pin()));
-		}
-
-		if (type == PEER_TYPE_P2P || type == PEER_TYPE_P2P_CLIENT) {
-			menu->addAction(tr("P2P Connect"), this,
-					SLOT(ctx_p2p_connect()));
-			if (method == SEL_METHOD_NONE &&
-			    config_methods > -1 &&
-			    config_methods & 0x0080 /* PBC */ &&
-			    config_methods != 0x0080)
-				menu->addAction(tr("P2P Connect (PBC)"), this,
-						SLOT(connect_pbc()));
-			if (method == SEL_METHOD_NONE) {
-				menu->addAction(tr("P2P Request PIN"), this,
-						SLOT(ctx_p2p_req_pin()));
-				menu->addAction(tr("P2P Show PIN"), this,
-						SLOT(ctx_p2p_show_pin()));
-			}
-
-			if (config_methods > -1 && (config_methods & 0x0100)) {
-				/* Peer has Keypad */
-				menu->addAction(tr("P2P Display PIN"), this,
-						SLOT(ctx_p2p_display_pin()));
-			}
-
-			if (config_methods > -1 && (config_methods & 0x000c)) {
-				/* Peer has Label or Display */
-				menu->addAction(tr("P2P Enter PIN"), this,
-						SLOT(ctx_p2p_enter_pin()));
-			}
-		}
-
-		if (type == PEER_TYPE_P2P_GROUP) {
-			menu->addAction(tr("Show passphrase"), this,
-					SLOT(ctx_p2p_show_passphrase()));
-			menu->addAction(tr("Remove P2P Group"), this,
-					SLOT(ctx_p2p_remove_group()));
-		}
-
-		if (type == PEER_TYPE_P2P_PERSISTENT_GROUP_GO ||
-		    type == PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT ||
-		    type == PEER_TYPE_P2P_INVITATION) {
-			menu->addAction(tr("Start group"), this,
-					SLOT(ctx_p2p_start_persistent()));
-		}
-
-		if (type == PEER_TYPE_P2P_PERSISTENT_GROUP_GO ||
-		    type == PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT) {
-			menu->addAction(tr("Invite"), this,
-					SLOT(ctx_p2p_invite()));
-		}
-
-		if (type == PEER_TYPE_P2P_INVITATION) {
-			menu->addAction(tr("Ignore"), this,
-					SLOT(ctx_p2p_delete()));
-		}
-
-		if (type == PEER_TYPE_AP_WPS) {
-			menu->addAction(tr("Connect (PBC)"), this,
-					SLOT(connect_pbc()));
-		}
-
-		if ((type == PEER_TYPE_ASSOCIATED_STATION ||
-		     type == PEER_TYPE_WPS_ER_ENROLLEE ||
-		     type == PEER_TYPE_WPS_ENROLLEE) &&
-		    config_methods >= 0 && (config_methods & 0x0080)) {
-			menu->addAction(tr("Enroll (PBC)"), this,
-					SLOT(connect_pbc()));
-		}
-
-		if (type == PEER_TYPE_WPS_ER_AP) {
-			menu->addAction(tr("Learn Configuration"), this,
-					SLOT(learn_ap_config()));
-		}
-
-		menu->addAction(tr("Properties"), this, SLOT(properties()));
-	} else {
-		ctx_item = NULL;
-		menu->addAction(QString(tr("Refresh")), this,
-				SLOT(ctx_refresh()));
-		menu->addAction(tr("Start P2P discovery"), this,
-				SLOT(ctx_p2p_start()));
-		menu->addAction(tr("Stop P2P discovery"), this,
-				SLOT(ctx_p2p_stop()));
-		menu->addAction(tr("P2P listen only"), this,
-				SLOT(ctx_p2p_listen()));
-		menu->addAction(tr("Start P2P group"), this,
-				SLOT(ctx_p2p_start_group()));
-		if (hide_ap)
-			menu->addAction(tr("Show AP entries"), this,
-					SLOT(ctx_show_ap()));
-		else
-			menu->addAction(tr("Hide AP entries"), this,
-					SLOT(ctx_hide_ap()));
-	}
-
-	menu->exec(peers->mapToGlobal(pos));
-}
-
-
-void Peers::enter_pin()
-{
-	if (ctx_item == NULL)
-		return;
-
-	int peer_type = ctx_item->data(peer_role_type).toInt();
-	QString uuid;
-	QString addr;
-	addr = ctx_item->data(peer_role_address).toString();
-	if (peer_type == PEER_TYPE_WPS_ER_ENROLLEE)
-		uuid = ctx_item->data(peer_role_uuid).toString();
-
-	StringQuery input(tr("PIN:"));
-	input.setWindowTitle(tr("PIN for ") + ctx_item->text());
-	if (input.exec() != QDialog::Accepted)
-		return;
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-
-	if (peer_type == PEER_TYPE_WPS_ER_ENROLLEE) {
-		snprintf(cmd, sizeof(cmd), "WPS_ER_PIN %s %s %s",
-			 uuid.toLocal8Bit().constData(),
-			 input.get_string().toLocal8Bit().constData(),
-			 addr.toLocal8Bit().constData());
-	} else {
-		snprintf(cmd, sizeof(cmd), "WPS_PIN %s %s",
-			 addr.toLocal8Bit().constData(),
-			 input.get_string().toLocal8Bit().constData());
-	}
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to set the WPS PIN."));
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_refresh()
-{
-	update_peers();
-}
-
-
-void Peers::ctx_p2p_start()
-{
-	char reply[20];
-	size_t reply_len;
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest("P2P_FIND", reply, &reply_len) < 0 ||
-	    memcmp(reply, "FAIL", 4) == 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to start P2P discovery.");
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_stop()
-{
-	char reply[20];
-	size_t reply_len;
-	reply_len = sizeof(reply) - 1;
-	wpagui->ctrlRequest("P2P_STOP_FIND", reply, &reply_len);
-}
-
-
-void Peers::ctx_p2p_listen()
-{
-	char reply[20];
-	size_t reply_len;
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest("P2P_LISTEN 3600", reply, &reply_len) < 0 ||
-	    memcmp(reply, "FAIL", 4) == 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to start P2P listen.");
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_start_group()
-{
-	char reply[20];
-	size_t reply_len;
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest("P2P_GROUP_ADD", reply, &reply_len) < 0 ||
-	    memcmp(reply, "FAIL", 4) == 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to start P2P group.");
-		msg.exec();
-	}
-}
-
-
-void Peers::add_station(QString info)
-{
-	QStringList lines = info.split(QRegExp("\\n"));
-	QString name;
-
-	for (QStringList::Iterator it = lines.begin();
-	     it != lines.end(); it++) {
-		int pos = (*it).indexOf('=') + 1;
-		if (pos < 1)
-			continue;
-
-		if ((*it).startsWith("wpsDeviceName="))
-			name = (*it).mid(pos);
-		else if ((*it).startsWith("p2p_device_name="))
-			name = (*it).mid(pos);
-	}
-
-	if (name.isEmpty())
-		name = lines[0];
-
-	QStandardItem *item = new QStandardItem(*laptop_icon, name);
-	if (item) {
-		/* Remove WPS enrollee entry if one is still pending */
-		if (model.rowCount() > 0) {
-			QModelIndexList lst = model.match(model.index(0, 0),
-							  peer_role_address,
-							  lines[0]);
-			for (int i = 0; i < lst.size(); i++) {
-				QStandardItem *item;
-				item = model.itemFromIndex(lst[i]);
-				if (item == NULL)
-					continue;
-				int type = item->data(peer_role_type).toInt();
-				if (type == PEER_TYPE_WPS_ENROLLEE) {
-					model.removeRow(lst[i].row());
-					break;
-				}
-			}
-		}
-
-		item->setData(lines[0], peer_role_address);
-		item->setData(PEER_TYPE_ASSOCIATED_STATION,
-			      peer_role_type);
-		item->setData(info, peer_role_details);
-		item->setToolTip(ItemType(PEER_TYPE_ASSOCIATED_STATION));
-		model.appendRow(item);
-	}
-}
-
-
-void Peers::add_stations()
-{
-	char reply[2048];
-	size_t reply_len;
-	char cmd[30];
-	int res;
-
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest("STA-FIRST", reply, &reply_len) < 0)
-		return;
-
-	do {
-		reply[reply_len] = '\0';
-		QString info(reply);
-		char *txt = reply;
-		while (*txt != '\0' && *txt != '\n')
-			txt++;
-		*txt++ = '\0';
-		if (strncmp(reply, "FAIL", 4) == 0 ||
-		    strncmp(reply, "UNKNOWN", 7) == 0)
-			break;
-
-		add_station(info);
-
-		reply_len = sizeof(reply) - 1;
-		res = snprintf(cmd, sizeof(cmd), "STA-NEXT %s", reply);
-		if (res < 0 || (size_t) res >= sizeof(cmd))
-			break;
-		res = wpagui->ctrlRequest(cmd, reply, &reply_len);
-	} while (res >= 0);
-}
-
-
-void Peers::add_single_station(const char *addr)
-{
-	char reply[2048];
-	size_t reply_len;
-	char cmd[30];
-
-	reply_len = sizeof(reply) - 1;
-	snprintf(cmd, sizeof(cmd), "STA %s", addr);
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0)
-		return;
-
-	reply[reply_len] = '\0';
-	QString info(reply);
-	char *txt = reply;
-	while (*txt != '\0' && *txt != '\n')
-		txt++;
-	*txt++ = '\0';
-	if (strncmp(reply, "FAIL", 4) == 0 ||
-	    strncmp(reply, "UNKNOWN", 7) == 0)
-		return;
-
-	add_station(info);
-}
-
-
-void Peers::add_p2p_group_client(QStandardItem * /*parent*/, QString params)
-{
-	/*
-	 * dev=02:b5:64:63:30:63 iface=02:b5:64:63:30:63 dev_capab=0x0
-	 * dev_type=1-0050f204-1 dev_name='Wireless Client'
-	 * config_methods=0x8c
-	 */
-
-	QStringList items =
-		params.split(QRegExp(" (?=[^']*('[^']*'[^']*)*$)"));
-	QString addr = "";
-	QString name = "";
-	int config_methods = 0;
-	QString dev_type;
-
-	for (int i = 0; i < items.size(); i++) {
-		QString str = items.at(i);
-		int pos = str.indexOf('=') + 1;
-		if (str.startsWith("dev_name='"))
-			name = str.section('\'', 1, -2);
-		else if (str.startsWith("config_methods="))
-			config_methods =
-				str.section('=', 1).toInt(0, 0);
-		else if (str.startsWith("dev="))
-			addr = str.mid(pos);
-		else if (str.startsWith("dev_type=") && dev_type.isEmpty())
-			dev_type = str.mid(pos);
-	}
-
-	QStandardItem *item = find_addr(addr);
-	if (item)
-		return;
-
-	item = new QStandardItem(*default_icon, name);
-	if (item) {
-		/* TODO: indicate somehow the relationship to the group owner
-		 * (parent) */
-		item->setData(addr, peer_role_address);
-		item->setData(config_methods, peer_role_config_methods);
-		item->setData(PEER_TYPE_P2P_CLIENT, peer_role_type);
-		if (!dev_type.isEmpty())
-			item->setData(dev_type, peer_role_pri_dev_type);
-		item->setData(items.join(QString("\n")), peer_role_details);
-		item->setToolTip(ItemType(PEER_TYPE_P2P_CLIENT));
-		model.appendRow(item);
-	}
-}
-
-
-void Peers::remove_bss(int id)
-{
-	if (model.rowCount() == 0)
-		return;
-
-	QModelIndexList lst = model.match(model.index(0, 0), peer_role_bss_id,
-					  id);
-	if (lst.size() == 0)
-		return;
-	model.removeRow(lst[0].row());
-}
-
-
-bool Peers::add_bss(const char *cmd)
-{
-	char reply[2048];
-	size_t reply_len;
-
-	if (hide_ap)
-		return false;
-
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0)
-		return false;
-	reply[reply_len] = '\0';
-
-	QString bss(reply);
-	if (bss.isEmpty() || bss.startsWith("FAIL"))
-		return false;
-
-	QString ssid, bssid, flags, wps_name, pri_dev_type;
-	int id = -1;
-
-	QStringList lines = bss.split(QRegExp("\\n"));
-	for (QStringList::Iterator it = lines.begin();
-	     it != lines.end(); it++) {
-		int pos = (*it).indexOf('=') + 1;
-		if (pos < 1)
-			continue;
-
-		if ((*it).startsWith("bssid="))
-			bssid = (*it).mid(pos);
-		else if ((*it).startsWith("id="))
-			id = (*it).mid(pos).toInt();
-		else if ((*it).startsWith("flags="))
-			flags = (*it).mid(pos);
-		else if ((*it).startsWith("ssid="))
-			ssid = (*it).mid(pos);
-		else if ((*it).startsWith("wps_device_name="))
-			wps_name = (*it).mid(pos);
-		else if ((*it).startsWith("wps_primary_device_type="))
-			pri_dev_type = (*it).mid(pos);
-	}
-
-	QString name = wps_name;
-	if (name.isEmpty())
-		name = ssid + "\n" + bssid;
-
-	QStandardItem *item = new QStandardItem(*ap_icon, name);
-	if (item) {
-		item->setData(bssid, peer_role_address);
-		if (id >= 0)
-			item->setData(id, peer_role_bss_id);
-		int type;
-		if (flags.contains("[WPS"))
-			type = PEER_TYPE_AP_WPS;
-		else
-			type = PEER_TYPE_AP;
-		item->setData(type, peer_role_type);
-
-		for (int i = 0; i < lines.size(); i++) {
-			if (lines[i].length() > 60) {
-				lines[i].remove(60, lines[i].length());
-				lines[i] += "..";
-			}
-		}
-		item->setToolTip(ItemType(type));
-		item->setData(lines.join("\n"), peer_role_details);
-		if (!pri_dev_type.isEmpty())
-			item->setData(pri_dev_type,
-				      peer_role_pri_dev_type);
-		if (!ssid.isEmpty())
-			item->setData(ssid, peer_role_ssid);
-		model.appendRow(item);
-
-		lines = bss.split(QRegExp("\\n"));
-		for (QStringList::Iterator it = lines.begin();
-		     it != lines.end(); it++) {
-			if ((*it).startsWith("p2p_group_client:"))
-				add_p2p_group_client(item,
-						     (*it).mid(18));
-		}
-	}
-
-	return true;
-}
-
-
-void Peers::add_scan_results()
-{
-	int index;
-	char cmd[20];
-
-	index = 0;
-	while (wpagui) {
-		snprintf(cmd, sizeof(cmd), "BSS %d", index++);
-		if (index > 1000)
-			break;
-
-		if (!add_bss(cmd))
-			break;
-	}
-}
-
-
-void Peers::add_persistent(int id, const char *ssid, const char *bssid)
-{
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	int mode;
-
-	snprintf(cmd, sizeof(cmd), "GET_NETWORK %d mode", id);
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0)
-		return;
-	reply[reply_len] = '\0';
-	mode = atoi(reply);
-
-	QString name = ssid;
-	name = '[' + name + ']';
-
-	QStandardItem *item = new QStandardItem(*group_icon, name);
-	if (!item)
-		return;
-
-	int type;
-	if (mode == 3)
-		type = PEER_TYPE_P2P_PERSISTENT_GROUP_GO;
-	else
-		type = PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT;
-	item->setData(type, peer_role_type);
-	item->setToolTip(ItemType(type));
-	item->setData(ssid, peer_role_ssid);
-	if (bssid && strcmp(bssid, "any") == 0)
-		bssid = NULL;
-	if (bssid)
-		item->setData(bssid, peer_role_address);
-	item->setData(id, peer_role_network_id);
-	item->setBackground(Qt::BDiagPattern);
-
-	model.appendRow(item);
-}
-
-
-void Peers::add_persistent_groups()
-{
-	char buf[2048], *start, *end, *id, *ssid, *bssid, *flags;
-	size_t len;
-
-	len = sizeof(buf) - 1;
-	if (wpagui->ctrlRequest("LIST_NETWORKS", buf, &len) < 0)
-		return;
-
-	buf[len] = '\0';
-	start = strchr(buf, '\n');
-	if (start == NULL)
-		return;
-	start++;
-
-	while (*start) {
-		bool last = false;
-		end = strchr(start, '\n');
-		if (end == NULL) {
-			last = true;
-			end = start;
-			while (end[0] && end[1])
-				end++;
-		}
-		*end = '\0';
-
-		id = start;
-		ssid = strchr(id, '\t');
-		if (ssid == NULL)
-			break;
-		*ssid++ = '\0';
-		bssid = strchr(ssid, '\t');
-		if (bssid == NULL)
-			break;
-		*bssid++ = '\0';
-		flags = strchr(bssid, '\t');
-		if (flags == NULL)
-			break;
-		*flags++ = '\0';
-
-		if (strstr(flags, "[DISABLED][P2P-PERSISTENT]"))
-			add_persistent(atoi(id), ssid, bssid);
-
-		if (last)
-			break;
-		start = end + 1;
-	}
-}
-
-
-void Peers::update_peers()
-{
-	model.clear();
-	if (wpagui == NULL)
-		return;
-
-	char reply[20];
-	size_t replylen = sizeof(reply) - 1;
-	wpagui->ctrlRequest("WPS_ER_START", reply, &replylen);
-
-	add_stations();
-	add_scan_results();
-	add_persistent_groups();
-}
-
-
-QStandardItem * Peers::find_addr(QString addr)
-{
-	if (model.rowCount() == 0)
-		return NULL;
-
-	QModelIndexList lst = model.match(model.index(0, 0), peer_role_address,
-					  addr);
-	if (lst.size() == 0)
-		return NULL;
-	return model.itemFromIndex(lst[0]);
-}
-
-
-QStandardItem * Peers::find_addr_type(QString addr, int type)
-{
-	if (model.rowCount() == 0)
-		return NULL;
-
-	QModelIndexList lst = model.match(model.index(0, 0), peer_role_address,
-					  addr);
-	for (int i = 0; i < lst.size(); i++) {
-		QStandardItem *item = model.itemFromIndex(lst[i]);
-		if (item->data(peer_role_type).toInt() == type)
-			return item;
-	}
-	return NULL;
-}
-
-
-QStandardItem * Peers::find_uuid(QString uuid)
-{
-	if (model.rowCount() == 0)
-		return NULL;
-
-	QModelIndexList lst = model.match(model.index(0, 0), peer_role_uuid,
-					  uuid);
-	if (lst.size() == 0)
-		return NULL;
-	return model.itemFromIndex(lst[0]);
-}
-
-
-void Peers::event_notify(WpaMsg msg)
-{
-	QString text = msg.getMsg();
-
-	if (text.startsWith(WPS_EVENT_PIN_NEEDED)) {
-		/*
-		 * WPS-PIN-NEEDED 5a02a5fa-9199-5e7c-bc46-e183d3cb32f7
-		 * 02:2a:c4:18:5b:f3
-		 * [Wireless Client|Company|cmodel|123|12345|1-0050F204-1]
-		 */
-		QStringList items = text.split(' ');
-		QString uuid = items[1];
-		QString addr = items[2];
-		QString name = "";
-
-		QStandardItem *item = find_addr(addr);
-		if (item)
-			return;
-
-		int pos = text.indexOf('[');
-		if (pos >= 0) {
-			int pos2 = text.lastIndexOf(']');
-			if (pos2 >= pos) {
-				items = text.mid(pos + 1, pos2 - pos - 1).
-					split('|');
-				name = items[0];
-				items.append(addr);
-			}
-		}
-
-		item = new QStandardItem(*laptop_icon, name);
-		if (item) {
-			item->setData(addr, peer_role_address);
-			item->setData(PEER_TYPE_WPS_PIN_NEEDED,
-				      peer_role_type);
-			item->setToolTip(ItemType(PEER_TYPE_WPS_PIN_NEEDED));
-			item->setData(items.join("\n"), peer_role_details);
-			item->setData(items[5], peer_role_pri_dev_type);
-			model.appendRow(item);
-		}
-		return;
-	}
-
-	if (text.startsWith(AP_STA_CONNECTED)) {
-		/* AP-STA-CONNECTED 02:2a:c4:18:5b:f3 */
-		QStringList items = text.split(' ');
-		QString addr = items[1];
-		QStandardItem *item = find_addr(addr);
-		if (item == NULL || item->data(peer_role_type).toInt() !=
-		    PEER_TYPE_ASSOCIATED_STATION)
-			add_single_station(addr.toLocal8Bit().constData());
-		return;
-	}
-
-	if (text.startsWith(AP_STA_DISCONNECTED)) {
-		/* AP-STA-DISCONNECTED 02:2a:c4:18:5b:f3 */
-		QStringList items = text.split(' ');
-		QString addr = items[1];
-
-		if (model.rowCount() == 0)
-			return;
-
-		QModelIndexList lst = model.match(model.index(0, 0),
-						  peer_role_address, addr, -1);
-		for (int i = 0; i < lst.size(); i++) {
-			QStandardItem *item = model.itemFromIndex(lst[i]);
-			if (item && item->data(peer_role_type).toInt() ==
-			    PEER_TYPE_ASSOCIATED_STATION) {
-				model.removeRow(lst[i].row());
-				break;
-			}
-		}
-		return;
-	}
-
-	if (text.startsWith(P2P_EVENT_DEVICE_FOUND)) {
-		/*
-		 * P2P-DEVICE-FOUND 02:b5:64:63:30:63
-		 * p2p_dev_addr=02:b5:64:63:30:63 pri_dev_type=1-0050f204-1
-		 * name='Wireless Client' config_methods=0x84 dev_capab=0x21
-		 * group_capab=0x0
-		 */
-		QStringList items =
-			text.split(QRegExp(" (?=[^']*('[^']*'[^']*)*$)"));
-		QString addr = items[1];
-		QString name = "";
-		QString pri_dev_type;
-		int config_methods = 0;
-		for (int i = 0; i < items.size(); i++) {
-			QString str = items.at(i);
-			if (str.startsWith("name='"))
-				name = str.section('\'', 1, -2);
-			else if (str.startsWith("config_methods="))
-				config_methods =
-					str.section('=', 1).toInt(0, 0);
-			else if (str.startsWith("pri_dev_type="))
-				pri_dev_type = str.section('=', 1);
-		}
-
-		QStandardItem *item = find_addr(addr);
-		if (item) {
-			int type = item->data(peer_role_type).toInt();
-			if (type == PEER_TYPE_P2P)
-				return;
-		}
-
-		item = new QStandardItem(*default_icon, name);
-		if (item) {
-			item->setData(addr, peer_role_address);
-			item->setData(config_methods,
-				      peer_role_config_methods);
-			item->setData(PEER_TYPE_P2P, peer_role_type);
-			if (!pri_dev_type.isEmpty())
-				item->setData(pri_dev_type,
-					      peer_role_pri_dev_type);
-			item->setData(items.join(QString("\n")),
-				      peer_role_details);
-			item->setToolTip(ItemType(PEER_TYPE_P2P));
-			model.appendRow(item);
-		}
-
-		item = find_addr_type(addr,
-				      PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT);
-		if (item)
-			item->setBackground(Qt::NoBrush);
-	}
-
-	if (text.startsWith(P2P_EVENT_GROUP_STARTED)) {
-		/* P2P-GROUP-STARTED wlan0-p2p-0 GO ssid="DIRECT-3F"
-		 * passphrase="YOyTkxID" go_dev_addr=02:40:61:c2:f3:b7
-		 * [PERSISTENT] */
-		QStringList items = text.split(' ');
-		if (items.size() < 4)
-			return;
-
-		int pos = text.indexOf(" ssid=\"");
-		if (pos < 0)
-			return;
-		QString ssid = text.mid(pos + 7);
-		pos = ssid.indexOf(" passphrase=\"");
-		if (pos < 0)
-			pos = ssid.indexOf(" psk=");
-		if (pos >= 0)
-			ssid.truncate(pos);
-		pos = ssid.lastIndexOf('"');
-		if (pos >= 0)
-			ssid.truncate(pos);
-
-		QStandardItem *item = new QStandardItem(*group_icon, ssid);
-		if (item) {
-			item->setData(PEER_TYPE_P2P_GROUP, peer_role_type);
-			item->setData(items[1], peer_role_ifname);
-			QString details;
-			if (items[2] == "GO") {
-				details = tr("P2P GO for interface ") +
-					items[1];
-			} else {
-				details = tr("P2P client for interface ") +
-					items[1];
-			}
-			if (text.contains(" [PERSISTENT]"))
-				details += "\nPersistent group";
-			item->setData(details, peer_role_details);
-			item->setToolTip(ItemType(PEER_TYPE_P2P_GROUP));
-			model.appendRow(item);
-		}
-	}
-
-	if (text.startsWith(P2P_EVENT_GROUP_REMOVED)) {
-		/* P2P-GROUP-REMOVED wlan0-p2p-0 GO */
-		QStringList items = text.split(' ');
-		if (items.size() < 2)
-			return;
-
-		if (model.rowCount() == 0)
-			return;
-
-		QModelIndexList lst = model.match(model.index(0, 0),
-						  peer_role_ifname, items[1]);
-		for (int i = 0; i < lst.size(); i++)
-			model.removeRow(lst[i].row());
-		return;
-	}
-
-	if (text.startsWith(P2P_EVENT_PROV_DISC_SHOW_PIN)) {
-		/* P2P-PROV-DISC-SHOW-PIN 02:40:61:c2:f3:b7 12345670 */
-		QStringList items = text.split(' ');
-		if (items.size() < 3)
-			return;
-		QString addr = items[1];
-		QString pin = items[2];
-
-		QStandardItem *item = find_addr_type(addr, PEER_TYPE_P2P);
-		if (item == NULL)
-			return;
-		item->setData(SEL_METHOD_PIN_LOCAL_DISPLAY,
-			      peer_role_selected_method);
-		item->setData(pin, peer_role_selected_pin);
-		QVariant var = item->data(peer_role_requested_method);
-		if (var.isValid() &&
-		    var.toInt() == SEL_METHOD_PIN_LOCAL_DISPLAY) {
-			ctx_item = item;
-			ctx_p2p_display_pin_pd();
-		}
-		return;
-	}
-
-	if (text.startsWith(P2P_EVENT_PROV_DISC_ENTER_PIN)) {
-		/* P2P-PROV-DISC-ENTER-PIN 02:40:61:c2:f3:b7 */
-		QStringList items = text.split(' ');
-		if (items.size() < 2)
-			return;
-		QString addr = items[1];
-
-		QStandardItem *item = find_addr_type(addr, PEER_TYPE_P2P);
-		if (item == NULL)
-			return;
-		item->setData(SEL_METHOD_PIN_PEER_DISPLAY,
-			      peer_role_selected_method);
-		QVariant var = item->data(peer_role_requested_method);
-		if (var.isValid() &&
-		    var.toInt() == SEL_METHOD_PIN_PEER_DISPLAY) {
-			ctx_item = item;
-			ctx_p2p_connect();
-		}
-		return;
-	}
-
-	if (text.startsWith(P2P_EVENT_INVITATION_RECEIVED)) {
-		/* P2P-INVITATION-RECEIVED sa=02:f0:bc:44:87:62 persistent=4 */
-		QStringList items = text.split(' ');
-		if (items.size() < 3)
-			return;
-		if (!items[1].startsWith("sa=") ||
-		    !items[2].startsWith("persistent="))
-			return;
-		QString addr = items[1].mid(3);
-		int id = items[2].mid(11).toInt();
-
-		char cmd[100];
-		char reply[100];
-		size_t reply_len;
-
-		snprintf(cmd, sizeof(cmd), "GET_NETWORK %d ssid", id);
-		reply_len = sizeof(reply) - 1;
-		if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0)
-			return;
-		reply[reply_len] = '\0';
-		QString name;
-		char *pos = strrchr(reply, '"');
-		if (pos && reply[0] == '"') {
-			*pos = '\0';
-			name = reply + 1;
-		} else
-			name = reply;
-
-		QStandardItem *item;
-		item = find_addr_type(addr, PEER_TYPE_P2P_INVITATION);
-		if (item)
-			model.removeRow(item->row());
-
-		item = new QStandardItem(*invitation_icon, name);
-		if (!item)
-			return;
-		item->setData(PEER_TYPE_P2P_INVITATION, peer_role_type);
-		item->setToolTip(ItemType(PEER_TYPE_P2P_INVITATION));
-		item->setData(addr, peer_role_address);
-		item->setData(id, peer_role_network_id);
-
-		model.appendRow(item);
-
-		enable_persistent(id);
-
-		return;
-	}
-
-	if (text.startsWith(P2P_EVENT_INVITATION_RESULT)) {
-		/* P2P-INVITATION-RESULT status=1 */
-		/* TODO */
-		return;
-	}
-
-	if (text.startsWith(WPS_EVENT_ER_AP_ADD)) {
-		/*
-		 * WPS-ER-AP-ADD 87654321-9abc-def0-1234-56789abc0002
-		 * 02:11:22:33:44:55 pri_dev_type=6-0050F204-1 wps_state=1
-		 * |Very friendly name|Company|Long description of the model|
-		 * WAP|http://w1.fi/|http://w1.fi/hostapd/
-		 */
-		QStringList items = text.split(' ');
-		if (items.size() < 5)
-			return;
-		QString uuid = items[1];
-		QString addr = items[2];
-		QString pri_dev_type = items[3].mid(13);
-		int wps_state = items[4].mid(10).toInt();
-
-		int pos = text.indexOf('|');
-		if (pos < 0)
-			return;
-		items = text.mid(pos + 1).split('|');
-		if (items.size() < 1)
-			return;
-
-		QStandardItem *item = find_uuid(uuid);
-		if (item)
-			return;
-
-		item = new QStandardItem(*ap_icon, items[0]);
-		if (item) {
-			item->setData(uuid, peer_role_uuid);
-			item->setData(addr, peer_role_address);
-			int type = wps_state == 2 ? PEER_TYPE_WPS_ER_AP:
-				PEER_TYPE_WPS_ER_AP_UNCONFIGURED;
-			item->setData(type, peer_role_type);
-			item->setToolTip(ItemType(type));
-			item->setData(pri_dev_type, peer_role_pri_dev_type);
-			item->setData(items.join(QString("\n")),
-				      peer_role_details);
-			model.appendRow(item);
-		}
-
-		return;
-	}
-
-	if (text.startsWith(WPS_EVENT_ER_AP_REMOVE)) {
-		/* WPS-ER-AP-REMOVE 87654321-9abc-def0-1234-56789abc0002 */
-		QStringList items = text.split(' ');
-		if (items.size() < 2)
-			return;
-		if (model.rowCount() == 0)
-			return;
-
-		QModelIndexList lst = model.match(model.index(0, 0),
-						  peer_role_uuid, items[1]);
-		for (int i = 0; i < lst.size(); i++) {
-			QStandardItem *item = model.itemFromIndex(lst[i]);
-			if (item &&
-			    (item->data(peer_role_type).toInt() ==
-			     PEER_TYPE_WPS_ER_AP ||
-			     item->data(peer_role_type).toInt() ==
-			     PEER_TYPE_WPS_ER_AP_UNCONFIGURED))
-				model.removeRow(lst[i].row());
-		}
-		return;
-	}
-
-	if (text.startsWith(WPS_EVENT_ER_ENROLLEE_ADD)) {
-		/*
-		 * WPS-ER-ENROLLEE-ADD 2b7093f1-d6fb-5108-adbb-bea66bb87333
-		 * 02:66:a0:ee:17:27 M1=1 config_methods=0x14d dev_passwd_id=0
-		 * pri_dev_type=1-0050F204-1
-		 * |Wireless Client|Company|cmodel|123|12345|
-		 */
-		QStringList items = text.split(' ');
-		if (items.size() < 3)
-			return;
-		QString uuid = items[1];
-		QString addr = items[2];
-		QString pri_dev_type = items[6].mid(13);
-		int config_methods = -1;
-		int dev_passwd_id = -1;
-
-		for (int i = 3; i < items.size(); i++) {
-			int pos = items[i].indexOf('=') + 1;
-			if (pos < 1)
-				continue;
-			QString val = items[i].mid(pos);
-			if (items[i].startsWith("config_methods=")) {
-				config_methods = val.toInt(0, 0);
-			} else if (items[i].startsWith("dev_passwd_id=")) {
-				dev_passwd_id = val.toInt();
-			}
-		}
-
-		int pos = text.indexOf('|');
-		if (pos < 0)
-			return;
-		items = text.mid(pos + 1).split('|');
-		if (items.size() < 1)
-			return;
-		QString name = items[0];
-		if (name.length() == 0)
-			name = addr;
-
-		remove_enrollee_uuid(uuid);
-
-		QStandardItem *item;
-		item = new QStandardItem(*laptop_icon, name);
-		if (item) {
-			item->setData(uuid, peer_role_uuid);
-			item->setData(addr, peer_role_address);
-			item->setData(PEER_TYPE_WPS_ER_ENROLLEE,
-				      peer_role_type);
-			item->setToolTip(ItemType(PEER_TYPE_WPS_ER_ENROLLEE));
-			item->setData(items.join(QString("\n")),
-				      peer_role_details);
-			item->setData(pri_dev_type, peer_role_pri_dev_type);
-			if (config_methods >= 0)
-				item->setData(config_methods,
-					      peer_role_config_methods);
-			if (dev_passwd_id >= 0)
-				item->setData(dev_passwd_id,
-					      peer_role_dev_passwd_id);
-			model.appendRow(item);
-		}
-
-		return;
-	}
-
-	if (text.startsWith(WPS_EVENT_ER_ENROLLEE_REMOVE)) {
-		/*
-		 * WPS-ER-ENROLLEE-REMOVE 2b7093f1-d6fb-5108-adbb-bea66bb87333
-		 * 02:66:a0:ee:17:27
-		 */
-		QStringList items = text.split(' ');
-		if (items.size() < 2)
-			return;
-		remove_enrollee_uuid(items[1]);
-		return;
-	}
-
-	if (text.startsWith(WPS_EVENT_ENROLLEE_SEEN)) {
-		/* TODO: need to time out this somehow or remove on successful
-		 * WPS run, etc. */
-		/*
-		 * WPS-ENROLLEE-SEEN 02:00:00:00:01:00
-		 * 572cf82f-c957-5653-9b16-b5cfb298abf1 1-0050F204-1 0x80 4 1
-		 * [Wireless Client]
-		 * (MAC addr, UUID-E, pri dev type, config methods,
-		 * dev passwd id, request type, [dev name])
-		 */
-		QStringList items = text.split(' ');
-		if (items.size() < 7)
-			return;
-		QString addr = items[1];
-		QString uuid = items[2];
-		QString pri_dev_type = items[3];
-		int config_methods = items[4].toInt(0, 0);
-		int dev_passwd_id = items[5].toInt();
-		QString name;
-
-		QStandardItem *item = find_addr(addr);
-		if (item) {
-			int type = item->data(peer_role_type).toInt();
-			if (type == PEER_TYPE_ASSOCIATED_STATION)
-				return; /* already associated */
-		}
-
-		int pos = text.indexOf('[');
-		if (pos >= 0) {
-			int pos2 = text.lastIndexOf(']');
-			if (pos2 >= pos) {
-				QStringList items2 =
-					text.mid(pos + 1, pos2 - pos - 1).
-					split('|');
-				name = items2[0];
-			}
-		}
-		if (name.isEmpty())
-			name = addr;
-
-		item = find_uuid(uuid);
-		if (item) {
-			QVariant var = item->data(peer_role_config_methods);
-			QVariant var2 = item->data(peer_role_dev_passwd_id);
-			if ((var.isValid() && config_methods != var.toInt()) ||
-			    (var2.isValid() && dev_passwd_id != var2.toInt()))
-				remove_enrollee_uuid(uuid);
-			else
-				return;
-		}
-
-		item = new QStandardItem(*laptop_icon, name);
-		if (item) {
-			item->setData(uuid, peer_role_uuid);
-			item->setData(addr, peer_role_address);
-			item->setData(PEER_TYPE_WPS_ENROLLEE,
-				      peer_role_type);
-			item->setToolTip(ItemType(PEER_TYPE_WPS_ENROLLEE));
-			item->setData(items.join(QString("\n")),
-				      peer_role_details);
-			item->setData(pri_dev_type, peer_role_pri_dev_type);
-			item->setData(config_methods,
-				      peer_role_config_methods);
-			item->setData(dev_passwd_id, peer_role_dev_passwd_id);
-			model.appendRow(item);
-		}
-
-		return;
-	}
-
-	if (text.startsWith(WPA_EVENT_BSS_ADDED)) {
-		/* CTRL-EVENT-BSS-ADDED 34 00:11:22:33:44:55 */
-		QStringList items = text.split(' ');
-		if (items.size() < 2)
-			return;
-		char cmd[20];
-		snprintf(cmd, sizeof(cmd), "BSS ID-%d", items[1].toInt());
-		add_bss(cmd);
-		return;
-	}
-
-	if (text.startsWith(WPA_EVENT_BSS_REMOVED)) {
-		/* CTRL-EVENT-BSS-REMOVED 34 00:11:22:33:44:55 */
-		QStringList items = text.split(' ');
-		if (items.size() < 2)
-			return;
-		remove_bss(items[1].toInt());
-		return;
-	}
-}
-
-
-void Peers::ctx_p2p_connect()
-{
-	if (ctx_item == NULL)
-		return;
-	QString addr = ctx_item->data(peer_role_address).toString();
-	QString arg;
-	int config_methods =
-		ctx_item->data(peer_role_config_methods).toInt();
-	enum selected_method method = SEL_METHOD_NONE;
-	QVariant var = ctx_item->data(peer_role_selected_method);
-	if (var.isValid())
-		method = (enum selected_method) var.toInt();
-	if (method == SEL_METHOD_PIN_LOCAL_DISPLAY) {
-		arg = ctx_item->data(peer_role_selected_pin).toString();
-		char cmd[100];
-		char reply[100];
-		size_t reply_len;
-		snprintf(cmd, sizeof(cmd), "P2P_CONNECT %s %s display",
-			 addr.toLocal8Bit().constData(),
-			 arg.toLocal8Bit().constData());
-		reply_len = sizeof(reply) - 1;
-		if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-			QMessageBox msg;
-			msg.setIcon(QMessageBox::Warning);
-			msg.setText("Failed to initiate P2P connect.");
-			msg.exec();
-			return;
-		}
-		QMessageBox::information(this,
-					 tr("PIN for ") + ctx_item->text(),
-					 tr("Enter the following PIN on the\n"
-					    "peer device: ") + arg);
-	} else if (method == SEL_METHOD_PIN_PEER_DISPLAY) {
-		StringQuery input(tr("PIN from peer display:"));
-		input.setWindowTitle(tr("PIN for ") + ctx_item->text());
-		if (input.exec() != QDialog::Accepted)
-			return;
-		arg = input.get_string();
-	} else if (config_methods == 0x0080 /* PBC */) {
-		arg = "pbc";
-	} else {
-		StringQuery input(tr("PIN:"));
-		input.setWindowTitle(tr("PIN for ") + ctx_item->text());
-		if (input.exec() != QDialog::Accepted)
-			return;
-		arg = input.get_string();
-	}
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_CONNECT %s %s",
-		 addr.toLocal8Bit().constData(),
-		 arg.toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to initiate P2P connect.");
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_req_pin()
-{
-	if (ctx_item == NULL)
-		return;
-	QString addr = ctx_item->data(peer_role_address).toString();
-	ctx_item->setData(SEL_METHOD_PIN_PEER_DISPLAY,
-			  peer_role_requested_method);
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_PROV_DISC %s display",
-		 addr.toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to request PIN from peer."));
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_show_pin()
-{
-	if (ctx_item == NULL)
-		return;
-	QString addr = ctx_item->data(peer_role_address).toString();
-	ctx_item->setData(SEL_METHOD_PIN_LOCAL_DISPLAY,
-			  peer_role_requested_method);
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_PROV_DISC %s keypad",
-		 addr.toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to request peer to enter PIN."));
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_display_pin()
-{
-	if (ctx_item == NULL)
-		return;
-	QString addr = ctx_item->data(peer_role_address).toString();
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_CONNECT %s pin",
-		 addr.toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to initiate P2P connect.");
-		msg.exec();
-		return;
-	}
-	reply[reply_len] = '\0';
-	QMessageBox::information(this,
-				 tr("PIN for ") + ctx_item->text(),
-				 tr("Enter the following PIN on the\n"
-				    "peer device: ") + reply);
-}
-
-
-void Peers::ctx_p2p_display_pin_pd()
-{
-	if (ctx_item == NULL)
-		return;
-	QString addr = ctx_item->data(peer_role_address).toString();
-	QString arg = ctx_item->data(peer_role_selected_pin).toString();
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_CONNECT %s %s display",
-		 addr.toLocal8Bit().constData(),
-		 arg.toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to initiate P2P connect.");
-		msg.exec();
-		return;
-	}
-	reply[reply_len] = '\0';
-	QMessageBox::information(this,
-				 tr("PIN for ") + ctx_item->text(),
-				 tr("Enter the following PIN on the\n"
-				    "peer device: ") + arg);
-}
-
-
-void Peers::ctx_p2p_enter_pin()
-{
-	if (ctx_item == NULL)
-		return;
-	QString addr = ctx_item->data(peer_role_address).toString();
-	QString arg;
-
-	StringQuery input(tr("PIN from peer:"));
-	input.setWindowTitle(tr("PIN for ") + ctx_item->text());
-	if (input.exec() != QDialog::Accepted)
-		return;
-	arg = input.get_string();
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_CONNECT %s %s keypad",
-		 addr.toLocal8Bit().constData(),
-		 arg.toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to initiate P2P connect.");
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_remove_group()
-{
-	if (ctx_item == NULL)
-		return;
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-	snprintf(cmd, sizeof(cmd), "P2P_GROUP_REMOVE %s",
-		 ctx_item->data(peer_role_ifname).toString().toLocal8Bit().
-		 constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to remove P2P Group.");
-		msg.exec();
-	}
-}
-
-
-void Peers::closeEvent(QCloseEvent *)
-{
-	if (wpagui) {
-		char reply[20];
-		size_t replylen = sizeof(reply) - 1;
-		wpagui->ctrlRequest("WPS_ER_STOP", reply, &replylen);
-	}
-}
-
-
-void Peers::done(int r)
-{
-	QDialog::done(r);
-	close();
-}
-
-
-void Peers::remove_enrollee_uuid(QString uuid)
-{
-	if (model.rowCount() == 0)
-		return;
-
-	QModelIndexList lst = model.match(model.index(0, 0),
-					  peer_role_uuid, uuid);
-	for (int i = 0; i < lst.size(); i++) {
-		QStandardItem *item = model.itemFromIndex(lst[i]);
-		if (item == NULL)
-			continue;
-		int type = item->data(peer_role_type).toInt();
-		if (type == PEER_TYPE_WPS_ER_ENROLLEE ||
-		    type == PEER_TYPE_WPS_ENROLLEE)
-			model.removeRow(lst[i].row());
-	}
-}
-
-
-void Peers::properties()
-{
-	if (ctx_item == NULL)
-		return;
-
-	QMessageBox msg(this);
-	msg.setStandardButtons(QMessageBox::Ok);
-	msg.setDefaultButton(QMessageBox::Ok);
-	msg.setEscapeButton(QMessageBox::Ok);
-	msg.setWindowTitle(tr("Peer Properties"));
-
-	int type = ctx_item->data(peer_role_type).toInt();
-	QString title = Peers::ItemType(type);
-
-	msg.setText(title + QString("\n") + tr("Name: ") + ctx_item->text());
-
-	QVariant var;
-	QString info;
-
-	var = ctx_item->data(peer_role_address);
-	if (var.isValid())
-		info += tr("Address: ") + var.toString() + QString("\n");
-
-	var = ctx_item->data(peer_role_uuid);
-	if (var.isValid())
-		info += tr("UUID: ") + var.toString() + QString("\n");
-
-	var = ctx_item->data(peer_role_pri_dev_type);
-	if (var.isValid())
-		info += tr("Primary Device Type: ") + var.toString() +
-			QString("\n");
-
-	var = ctx_item->data(peer_role_ssid);
-	if (var.isValid())
-		info += tr("SSID: ") + var.toString() + QString("\n");
-
-	var = ctx_item->data(peer_role_config_methods);
-	if (var.isValid()) {
-		int methods = var.toInt();
-		info += tr("Configuration Methods: ");
-		if (methods & 0x0001)
-			info += tr("[USBA]");
-		if (methods & 0x0002)
-			info += tr("[Ethernet]");
-		if (methods & 0x0004)
-			info += tr("[Label]");
-		if (methods & 0x0008)
-			info += tr("[Display]");
-		if (methods & 0x0010)
-			info += tr("[Ext. NFC Token]");
-		if (methods & 0x0020)
-			info += tr("[Int. NFC Token]");
-		if (methods & 0x0040)
-			info += tr("[NFC Interface]");
-		if (methods & 0x0080)
-			info += tr("[Push Button]");
-		if (methods & 0x0100)
-			info += tr("[Keypad]");
-		info += "\n";
-	}
-
-	var = ctx_item->data(peer_role_selected_method);
-	if (var.isValid()) {
-		enum selected_method method =
-			(enum selected_method) var.toInt();
-		switch (method) {
-		case SEL_METHOD_NONE:
-			break;
-		case SEL_METHOD_PIN_PEER_DISPLAY:
-			info += tr("Selected Method: PIN on peer display\n");
-			break;
-		case SEL_METHOD_PIN_LOCAL_DISPLAY:
-			info += tr("Selected Method: PIN on local display\n");
-			break;
-		}
-	}
-
-	var = ctx_item->data(peer_role_selected_pin);
-	if (var.isValid()) {
-		info += tr("PIN to enter on peer: ") + var.toString() + "\n";
-	}
-
-	var = ctx_item->data(peer_role_dev_passwd_id);
-	if (var.isValid()) {
-		info += tr("Device Password ID: ") + var.toString();
-		switch (var.toInt()) {
-		case 0:
-			info += tr(" (Default PIN)");
-			break;
-		case 1:
-			info += tr(" (User-specified PIN)");
-			break;
-		case 2:
-			info += tr(" (Machine-specified PIN)");
-			break;
-		case 3:
-			info += tr(" (Rekey)");
-			break;
-		case 4:
-			info += tr(" (Push Button)");
-			break;
-		case 5:
-			info += tr(" (Registrar-specified)");
-			break;
-		}
-		info += "\n";
-	}
-
-	msg.setInformativeText(info);
-
-	var = ctx_item->data(peer_role_details);
-	if (var.isValid())
-		msg.setDetailedText(var.toString());
-
-	msg.exec();
-}
-
-
-void Peers::connect_pbc()
-{
-	if (ctx_item == NULL)
-		return;
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-
-	int peer_type = ctx_item->data(peer_role_type).toInt();
-	if (peer_type == PEER_TYPE_WPS_ER_ENROLLEE) {
-		snprintf(cmd, sizeof(cmd), "WPS_ER_PBC %s",
-			 ctx_item->data(peer_role_uuid).toString().toLocal8Bit().
-			 constData());
-	} else if (peer_type == PEER_TYPE_P2P ||
-		   peer_type == PEER_TYPE_P2P_CLIENT) {
-		snprintf(cmd, sizeof(cmd), "P2P_CONNECT %s pbc",
-			 ctx_item->data(peer_role_address).toString().
-			 toLocal8Bit().constData());
-	} else {
-		snprintf(cmd, sizeof(cmd), "WPS_PBC");
-	}
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to start WPS PBC."));
-		msg.exec();
-	}
-}
-
-
-void Peers::learn_ap_config()
-{
-	if (ctx_item == NULL)
-		return;
-
-	QString uuid = ctx_item->data(peer_role_uuid).toString();
-
-	StringQuery input(tr("AP PIN:"));
-	input.setWindowTitle(tr("AP PIN for ") + ctx_item->text());
-	if (input.exec() != QDialog::Accepted)
-		return;
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-
-	snprintf(cmd, sizeof(cmd), "WPS_ER_LEARN %s %s",
-		 uuid.toLocal8Bit().constData(),
-		 input.get_string().toLocal8Bit().constData());
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to start learning AP configuration."));
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_hide_ap()
-{
-	hide_ap = true;
-
-	if (model.rowCount() == 0)
-		return;
-
-	do {
-		QModelIndexList lst;
-		lst = model.match(model.index(0, 0),
-				  peer_role_type, PEER_TYPE_AP);
-		if (lst.size() == 0) {
-			lst = model.match(model.index(0, 0),
-					  peer_role_type, PEER_TYPE_AP_WPS);
-			if (lst.size() == 0)
-				break;
-		}
-
-		model.removeRow(lst[0].row());
-	} while (1);
-}
-
-
-void Peers::ctx_show_ap()
-{
-	hide_ap = false;
-	add_scan_results();
-}
-
-
-void Peers::ctx_p2p_show_passphrase()
-{
-	char reply[64];
-	size_t reply_len;
-
-	reply_len = sizeof(reply) - 1;
-	if (wpagui->ctrlRequest("P2P_GET_PASSPHRASE", reply, &reply_len) < 0 ||
-	    memcmp(reply, "FAIL", 4) == 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText("Failed to get P2P group passphrase.");
-		msg.exec();
-	} else {
-		reply[reply_len] = '\0';
-		QMessageBox::information(this, tr("Passphrase"),
-					 tr("P2P group passphrase:\n") +
-					 reply);
-	}
-}
-
-
-void Peers::ctx_p2p_start_persistent()
-{
-	if (ctx_item == NULL)
-		return;
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-
-	snprintf(cmd, sizeof(cmd), "P2P_GROUP_ADD persistent=%d",
-		 ctx_item->data(peer_role_network_id).toInt());
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0 ||
-	    memcmp(reply, "FAIL", 4) == 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to start persistent P2P Group."));
-		msg.exec();
-	} else if (ctx_item->data(peer_role_type).toInt() ==
-		   PEER_TYPE_P2P_INVITATION)
-		model.removeRow(ctx_item->row());
-}
-
-
-void Peers::ctx_p2p_invite()
-{
-	if (ctx_item == NULL)
-		return;
-
-	char cmd[100];
-	char reply[100];
-	size_t reply_len;
-
-	snprintf(cmd, sizeof(cmd), "P2P_INVITE persistent=%d",
-		 ctx_item->data(peer_role_network_id).toInt());
-	if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0 ||
-	    memcmp(reply, "FAIL", 4) == 0) {
-		QMessageBox msg;
-		msg.setIcon(QMessageBox::Warning);
-		msg.setText(tr("Failed to invite peer to start persistent "
-			       "P2P Group."));
-		msg.exec();
-	}
-}
-
-
-void Peers::ctx_p2p_delete()
-{
-	if (ctx_item == NULL)
-		return;
-	model.removeRow(ctx_item->row());
-}
-
-
-void Peers::enable_persistent(int id)
-{
-	if (model.rowCount() == 0)
-		return;
-
-	QModelIndexList lst = model.match(model.index(0, 0),
-					  peer_role_network_id, id);
-	for (int i = 0; i < lst.size(); i++) {
-		QStandardItem *item = model.itemFromIndex(lst[i]);
-		int type = item->data(peer_role_type).toInt();
-		if (type == PEER_TYPE_P2P_PERSISTENT_GROUP_GO ||
-		    type == PEER_TYPE_P2P_PERSISTENT_GROUP_CLIENT)
-			item->setBackground(Qt::NoBrush);
-	}
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/peers.h b/wpa_supplicant/wpa_gui-qt4/peers.h
deleted file mode 100644
index bb7373749c2f..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/peers.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * wpa_gui - Peers class
- * Copyright (c) 2009-2010, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef PEERS_H
-#define PEERS_H
-
-#include <QObject>
-#include <QStandardItemModel>
-#include "wpamsg.h"
-#include "ui_peers.h"
-
-class WpaGui;
-
-class Peers : public QDialog, public Ui::Peers
-{
-	Q_OBJECT
-
-public:
-	Peers(QWidget *parent = 0, const char *name = 0,
-		    bool modal = false, Qt::WindowFlags fl = 0);
-	~Peers();
-	void setWpaGui(WpaGui *_wpagui);
-	void event_notify(WpaMsg msg);
-
-public slots:
-	virtual void context_menu(const QPoint &pos);
-	virtual void enter_pin();
-	virtual void connect_pbc();
-	virtual void learn_ap_config();
-	virtual void ctx_refresh();
-	virtual void ctx_p2p_start();
-	virtual void ctx_p2p_stop();
-	virtual void ctx_p2p_listen();
-	virtual void ctx_p2p_start_group();
-	virtual void ctx_p2p_remove_group();
-	virtual void ctx_p2p_connect();
-	virtual void ctx_p2p_req_pin();
-	virtual void ctx_p2p_show_pin();
-	virtual void ctx_p2p_display_pin();
-	virtual void ctx_p2p_display_pin_pd();
-	virtual void ctx_p2p_enter_pin();
-	virtual void properties();
-	virtual void ctx_hide_ap();
-	virtual void ctx_show_ap();
-	virtual void ctx_p2p_show_passphrase();
-	virtual void ctx_p2p_start_persistent();
-	virtual void ctx_p2p_invite();
-	virtual void ctx_p2p_delete();
-
-protected slots:
-	virtual void languageChange();
-	virtual void closeEvent(QCloseEvent *event);
-
-private:
-	void add_station(QString info);
-	void add_stations();
-	void add_single_station(const char *addr);
-	bool add_bss(const char *cmd);
-	void remove_bss(int id);
-	void add_scan_results();
-	void add_persistent(int id, const char *ssid, const char *bssid);
-	void add_persistent_groups();
-	void update_peers();
-	QStandardItem * find_addr(QString addr);
-	QStandardItem * find_addr_type(QString addr, int type);
-	void add_p2p_group_client(QStandardItem *parent, QString params);
-	QStandardItem * find_uuid(QString uuid);
-	void done(int r);
-	void remove_enrollee_uuid(QString uuid);
-	QString ItemType(int type);
-	void enable_persistent(int id);
-
-	WpaGui *wpagui;
-	QStandardItemModel model;
-	QIcon *default_icon;
-	QIcon *ap_icon;
-	QIcon *laptop_icon;
-	QIcon *group_icon;
-	QIcon *invitation_icon;
-	QStandardItem *ctx_item;
-
-	bool hide_ap;
-};
-
-#endif /* PEERS_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/peers.ui b/wpa_supplicant/wpa_gui-qt4/peers.ui
deleted file mode 100644
index 9508c254b70e..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/peers.ui
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui version="4.0">
- <class>Peers</class>
- <widget class="QDialog" name="Peers">
-  <property name="geometry">
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>400</width>
-    <height>300</height>
-   </rect>
-  </property>
-  <property name="windowTitle">
-   <string>Peers</string>
-  </property>
-  <layout class="QGridLayout">
-   <item row="0" column="0">
-    <widget class="QListView" name="peers">
-     <property name="sizePolicy">
-      <sizepolicy hsizetype="Expanding" vsizetype="Expanding">
-       <horstretch>0</horstretch>
-       <verstretch>0</verstretch>
-      </sizepolicy>
-     </property>
-     <property name="mouseTracking">
-      <bool>true</bool>
-     </property>
-     <property name="editTriggers">
-      <set>QAbstractItemView::NoEditTriggers</set>
-     </property>
-     <property name="viewMode">
-      <enum>QListView::IconMode</enum>
-     </property>
-    </widget>
-   </item>
-  </layout>
- </widget>
- <resources/>
- <connections/>
-</ui>
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresults.cpp b/wpa_supplicant/wpa_gui-qt4/scanresults.cpp
deleted file mode 100644
index a2e3072fb6e1..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/scanresults.cpp
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * wpa_gui - ScanResults class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <cstdio>
-
-#include "scanresults.h"
-#include "signalbar.h"
-#include "wpagui.h"
-#include "networkconfig.h"
-#include "scanresultsitem.h"
-
-
-ScanResults::ScanResults(QWidget *parent, const char *, bool, Qt::WindowFlags)
-	: QDialog(parent)
-{
-	setupUi(this);
-
-	connect(closeButton, SIGNAL(clicked()), this, SLOT(close()));
-	connect(scanButton, SIGNAL(clicked()), this, SLOT(scanRequest()));
-	connect(scanResultsWidget,
-		SIGNAL(itemDoubleClicked(QTreeWidgetItem *, int)), this,
-		SLOT(bssSelected(QTreeWidgetItem *)));
-
-	wpagui = NULL;
-	scanResultsWidget->setItemsExpandable(false);
-	scanResultsWidget->setRootIsDecorated(false);
-	scanResultsWidget->setItemDelegate(new SignalBar(scanResultsWidget));
-}
-
-
-ScanResults::~ScanResults()
-{
-}
-
-
-void ScanResults::languageChange()
-{
-	retranslateUi(this);
-}
-
-
-void ScanResults::setWpaGui(WpaGui *_wpagui)
-{
-	wpagui = _wpagui;
-	updateResults();
-}
-
-
-void ScanResults::updateResults()
-{
-	char reply[2048];
-	size_t reply_len;
-	int index;
-	char cmd[20];
-
-	scanResultsWidget->clear();
-
-	index = 0;
-	while (wpagui) {
-		snprintf(cmd, sizeof(cmd), "BSS %d", index++);
-		if (index > 1000)
-			break;
-
-		reply_len = sizeof(reply) - 1;
-		if (wpagui->ctrlRequest(cmd, reply, &reply_len) < 0)
-			break;
-		reply[reply_len] = '\0';
-
-		QString bss(reply);
-		if (bss.isEmpty() || bss.startsWith("FAIL"))
-			break;
-
-		QString ssid, bssid, freq, signal, flags;
-
-		QStringList lines = bss.split(QRegExp("\\n"));
-		for (QStringList::Iterator it = lines.begin();
-		     it != lines.end(); it++) {
-			int pos = (*it).indexOf('=') + 1;
-			if (pos < 1)
-				continue;
-
-			if ((*it).startsWith("bssid="))
-				bssid = (*it).mid(pos);
-			else if ((*it).startsWith("freq="))
-				freq = (*it).mid(pos);
-			else if ((*it).startsWith("level="))
-				signal = (*it).mid(pos);
-			else if ((*it).startsWith("flags="))
-				flags = (*it).mid(pos);
-			else if ((*it).startsWith("ssid="))
-				ssid = (*it).mid(pos);
-		}
-
-		ScanResultsItem *item = new ScanResultsItem(scanResultsWidget);
-		if (item) {
-			item->setText(0, ssid);
-			item->setText(1, bssid);
-			item->setText(2, freq);
-			item->setText(3, signal);
-			item->setText(4, flags);
-		}
-
-		if (bssid.isEmpty())
-			break;
-	}
-}
-
-
-void ScanResults::scanRequest()
-{
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-    
-	if (wpagui == NULL)
-		return;
-    
-	wpagui->ctrlRequest("SCAN", reply, &reply_len);
-}
-
-
-void ScanResults::getResults()
-{
-	updateResults();
-}
-
-
-void ScanResults::bssSelected(QTreeWidgetItem *sel)
-{
-	NetworkConfig *nc = new NetworkConfig();
-	if (nc == NULL)
-		return;
-	nc->setWpaGui(wpagui);
-	nc->paramsFromScanResults(sel);
-	nc->show();
-	nc->exec();
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresults.h b/wpa_supplicant/wpa_gui-qt4/scanresults.h
deleted file mode 100644
index 2cddd133fe2b..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/scanresults.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * wpa_gui - ScanResults class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef SCANRESULTS_H
-#define SCANRESULTS_H
-
-#include <QObject>
-#include "ui_scanresults.h"
-
-class WpaGui;
-
-class ScanResults : public QDialog, public Ui::ScanResults
-{
-	Q_OBJECT
-
-public:
-	ScanResults(QWidget *parent = 0, const char *name = 0,
-		    bool modal = false, Qt::WindowFlags fl = 0);
-	~ScanResults();
-
-public slots:
-	virtual void setWpaGui(WpaGui *_wpagui);
-	virtual void updateResults();
-	virtual void scanRequest();
-	virtual void getResults();
-	virtual void bssSelected(QTreeWidgetItem *sel);
-
-protected slots:
-	virtual void languageChange();
-
-private:
-	WpaGui *wpagui;
-};
-
-#endif /* SCANRESULTS_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresults.ui b/wpa_supplicant/wpa_gui-qt4/scanresults.ui
deleted file mode 100644
index 81e405efc319..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/scanresults.ui
+++ /dev/null
@@ -1,94 +0,0 @@
-<ui version="4.0" >
- <class>ScanResults</class>
- <widget class="QDialog" name="ScanResults" >
-  <property name="geometry" >
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>452</width>
-    <height>244</height>
-   </rect>
-  </property>
-  <property name="windowTitle" >
-   <string>Scan results</string>
-  </property>
-  <layout class="QVBoxLayout" >
-   <item>
-    <widget class="QTreeWidget" name="scanResultsWidget" >
-     <property name="editTriggers" >
-      <set>QAbstractItemView::NoEditTriggers</set>
-     </property>
-     <property name="uniformRowHeights" >
-      <bool>true</bool>
-     </property>
-     <property name="sortingEnabled" >
-      <bool>true</bool>
-     </property>
-     <property name="columnCount" >
-      <number>5</number>
-     </property>
-     <column>
-      <property name="text" >
-       <string>SSID</string>
-      </property>
-     </column>
-     <column>
-      <property name="text" >
-       <string>BSSID</string>
-      </property>
-     </column>
-     <column>
-      <property name="text" >
-       <string>frequency</string>
-      </property>
-     </column>
-     <column>
-      <property name="text" >
-       <string>signal</string>
-      </property>
-     </column>
-     <column>
-      <property name="text" >
-       <string>flags</string>
-      </property>
-     </column>
-    </widget>
-   </item>
-   <item>
-    <layout class="QHBoxLayout" >
-     <item>
-      <spacer>
-       <property name="orientation" >
-        <enum>Qt::Horizontal</enum>
-       </property>
-       <property name="sizeHint" >
-        <size>
-         <width>40</width>
-         <height>20</height>
-        </size>
-       </property>
-      </spacer>
-     </item>
-     <item>
-      <widget class="QPushButton" name="scanButton" >
-       <property name="text" >
-        <string>Scan</string>
-       </property>
-      </widget>
-     </item>
-     <item>
-      <widget class="QPushButton" name="closeButton" >
-       <property name="text" >
-        <string>Close</string>
-       </property>
-      </widget>
-     </item>
-    </layout>
-   </item>
-  </layout>
- </widget>
- <layoutdefault spacing="6" margin="11" />
- <pixmapfunction></pixmapfunction>
- <resources/>
- <connections/>
-</ui>
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp b/wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp
deleted file mode 100644
index 9cd937cd6e24..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * wpa_gui - ScanResultsItem class
- * Copyright (c) 2015, Adrian Nowicki <adinowicki@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "scanresultsitem.h"
-
-bool ScanResultsItem::operator< (const QTreeWidgetItem &other) const
-{
-	int sortCol = treeWidget()->sortColumn();
-	if (sortCol == 2 || sortCol == 3) {
-		return text(sortCol).toInt() < other.text(sortCol).toInt();
-	}
-	return text(sortCol) < other.text(sortCol);
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresultsitem.h b/wpa_supplicant/wpa_gui-qt4/scanresultsitem.h
deleted file mode 100644
index 74887eefb59c..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/scanresultsitem.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * wpa_gui - ScanResultsItem class
- * Copyright (c) 2015, Adrian Nowicki <adinowicki@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef SCANRESULTSITEM_H
-#define SCANRESULTSITEM_H
-
-#include <QTreeWidgetItem>
-
-class ScanResultsItem : public QTreeWidgetItem
-{
-public:
-	ScanResultsItem(QTreeWidget *tree) : QTreeWidgetItem(tree) {}
-	bool operator< (const QTreeWidgetItem &other) const;
-};
-
-#endif /* SCANRESULTSITEM_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/signalbar.cpp b/wpa_supplicant/wpa_gui-qt4/signalbar.cpp
deleted file mode 100644
index 2bba582175e5..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/signalbar.cpp
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * wpa_gui - SignalBar class
- * Copyright (c) 2011, Kel Modderman <kel@otaku42.de>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <cstdio>
-#include <qapplication.h>
-
-#include "signalbar.h"
-
-
-SignalBar::SignalBar(QObject *parent)
-	: QStyledItemDelegate(parent)
-{
-}
-
-
-SignalBar::~SignalBar()
-{
-}
-
-
-void SignalBar::paint(QPainter *painter,
-		      const QStyleOptionViewItem &option,
-		      const QModelIndex &index) const
-{
-	QStyleOptionProgressBar opts;
-	int signal;
-
-	if (index.column() != 3) {
-		QStyledItemDelegate::paint(painter, option, index);
-		return;
-	}
-
-	if (index.data().toInt() > 0)
-		signal = 0 - (256 - index.data().toInt());
-	else
-		signal = index.data().toInt();
-
-	opts.minimum = -95;
-	opts.maximum = -35;
-	if (signal < opts.minimum)
-		opts.progress = opts.minimum;
-	else if (signal > opts.maximum)
-		opts.progress = opts.maximum;
-	else
-		opts.progress = signal;
-
-	opts.text = QString::number(signal) + " dBm";
-	opts.textVisible = true;
-	opts.rect = option.rect;
-
-	QApplication::style()->drawControl(QStyle::CE_ProgressBar,
-					   &opts, painter);
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/signalbar.h b/wpa_supplicant/wpa_gui-qt4/signalbar.h
deleted file mode 100644
index 37da5dd2ce94..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/signalbar.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * wpa_gui - SignalBar class
- * Copyright (c) 2011, Kel Modderman <kel@otaku42.de>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef SIGNALBAR_H
-#define SIGNALBAR_H
-
-#include <QObject>
-#include <QStyledItemDelegate>
-
-class SignalBar : public QStyledItemDelegate
-{
-	Q_OBJECT
-
-public:
-	SignalBar(QObject *parent = 0);
-	~SignalBar();
-
-	virtual void paint(QPainter *painter,
-			   const QStyleOptionViewItem &option,
-			   const QModelIndex &index) const ;
-};
-
-#endif /* SIGNALBAR_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/stringquery.cpp b/wpa_supplicant/wpa_gui-qt4/stringquery.cpp
deleted file mode 100644
index 420e0bec4d04..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/stringquery.cpp
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * wpa_gui - StringQuery class
- * Copyright (c) 2009, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <cstdio>
-#include <QLabel>
-
-#include "stringquery.h"
-
-
-StringQuery::StringQuery(QString label)
-{
-	edit = new QLineEdit;
-	edit->setFocus();
-	QGridLayout *layout = new QGridLayout;
-	layout->addWidget(new QLabel(label), 0, 0);
-	layout->addWidget(edit, 0, 1);
-	setLayout(layout);
-
-	connect(edit, SIGNAL(returnPressed()), this, SLOT(accept()));
-}
-
-
-QString StringQuery::get_string()
-{
-	return edit->text();
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/stringquery.h b/wpa_supplicant/wpa_gui-qt4/stringquery.h
deleted file mode 100644
index 9d6bffd3e7b6..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/stringquery.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * wpa_gui - StringQuery class
- * Copyright (c) 2009, Atheros Communications
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef STRINGQUERY_H
-#define STRINGQUERY_H
-
-#include <QDialog>
-#include <QLineEdit>
-#include <QGridLayout>
-
-class StringQuery : public QDialog
-{
-	Q_OBJECT
-
-public:
-	StringQuery(QString label);
-	QString get_string();
-
-private:
-	QLineEdit *edit;
-};
-
-#endif /* STRINGQUERY_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/userdatarequest.cpp b/wpa_supplicant/wpa_gui-qt4/userdatarequest.cpp
deleted file mode 100644
index 9d933b012053..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/userdatarequest.cpp
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * wpa_gui - UserDataRequest class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "userdatarequest.h"
-#include "wpagui.h"
-#include "common/wpa_ctrl.h"
-
-
-UserDataRequest::UserDataRequest(QWidget *parent, const char *, bool,
-				 Qt::WindowFlags)
-	: QDialog(parent)
-{
-	setupUi(this);
-
-	connect(buttonOk, SIGNAL(clicked()), this, SLOT(sendReply()));
-	connect(buttonCancel, SIGNAL(clicked()), this, SLOT(reject()));
-	connect(queryEdit, SIGNAL(returnPressed()), this, SLOT(sendReply()));
-}
-
-
-UserDataRequest::~UserDataRequest()
-{
-}
-
-
-void UserDataRequest::languageChange()
-{
-	retranslateUi(this);
-}
-
-
-int UserDataRequest::setParams(WpaGui *_wpagui, const char *reqMsg)
-{
-	char *tmp, *pos, *pos2;
-	wpagui = _wpagui;
-	tmp = strdup(reqMsg);
-	if (tmp == NULL)
-		return -1;
-	pos = strchr(tmp, '-');
-	if (pos == NULL) {
-		free(tmp);
-		return -1;
-	}
-	*pos++ = '\0';
-	field = tmp;
-	pos2 = strchr(pos, ':');
-	if (pos2 == NULL) {
-		free(tmp);
-		return -1;
-	}
-	*pos2++ = '\0';
-
-	networkid = atoi(pos);
-	queryInfo->setText(pos2);
-	if (strcmp(tmp, "PASSWORD") == 0) {
-		queryField->setText(tr("Password: "));
-		queryEdit->setEchoMode(QLineEdit::Password);
-	} else if (strcmp(tmp, "NEW_PASSWORD") == 0) {
-		queryField->setText(tr("New password: "));
-		queryEdit->setEchoMode(QLineEdit::Password);
-	} else if (strcmp(tmp, "IDENTITY") == 0)
-		queryField->setText(tr("Identity: "));
-	else if (strcmp(tmp, "PASSPHRASE") == 0) {
-		queryField->setText(tr("Private key passphrase: "));
-		queryEdit->setEchoMode(QLineEdit::Password);
-	} else
-		queryField->setText(field + ":");
-	free(tmp);
-
-	return 0;
-}
-
-
-void UserDataRequest::sendReply()
-{
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-
-	if (wpagui == NULL) {
-		reject();
-		return;
-	}
-
-	QString cmd = QString(WPA_CTRL_RSP) + field + '-' +
-		QString::number(networkid) + ':' +
-		queryEdit->text();
-	wpagui->ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len);
-	accept();
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/userdatarequest.h b/wpa_supplicant/wpa_gui-qt4/userdatarequest.h
deleted file mode 100644
index b6d1ad2f4f1e..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/userdatarequest.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * wpa_gui - UserDataRequest class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef USERDATAREQUEST_H
-#define USERDATAREQUEST_H
-
-#include <QObject>
-#include "ui_userdatarequest.h"
-
-class WpaGui;
-
-class UserDataRequest : public QDialog, public Ui::UserDataRequest
-{
-	Q_OBJECT
-
-public:
-	UserDataRequest(QWidget *parent = 0, const char *name = 0,
-			bool modal = false, Qt::WindowFlags fl = 0);
-	~UserDataRequest();
-
-	int setParams(WpaGui *_wpagui, const char *reqMsg);
-
-public slots:
-	virtual void sendReply();
-
-protected slots:
-	virtual void languageChange();
-
-private:
-	WpaGui *wpagui;
-	int networkid;
-	QString field;
-};
-
-#endif /* USERDATAREQUEST_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/userdatarequest.ui b/wpa_supplicant/wpa_gui-qt4/userdatarequest.ui
deleted file mode 100644
index 1de2a26da1cd..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/userdatarequest.ui
+++ /dev/null
@@ -1,109 +0,0 @@
-<ui version="4.0" stdsetdef="1" >
-  <author></author>
-  <comment></comment>
-  <exportmacro></exportmacro>
-  <class>UserDataRequest</class>
-  <widget class="QDialog" name="UserDataRequest" >
-    <property name="geometry" >
-      <rect>
-        <x>0</x>
-        <y>0</y>
-        <width>216</width>
-        <height>103</height>
-      </rect>
-    </property>
-    <property name="windowTitle" >
-      <string>Authentication credentials required</string>
-    </property>
-    <property name="sizeGripEnabled" >
-      <bool>true</bool>
-    </property>
-    <layout class="QVBoxLayout" >
-      <item>
-        <widget class="QLabel" name="queryInfo" >
-          <property name="text" >
-            <string/>
-          </property>
-        </widget>
-      </item>
-      <item>
-        <layout class="QHBoxLayout" >
-          <property name="margin" >
-            <number>0</number>
-          </property>
-          <item>
-            <widget class="QLabel" name="queryField" >
-              <property name="text" >
-                <string/>
-              </property>
-            </widget>
-          </item>
-          <item>
-            <widget class="QLineEdit" name="queryEdit" >
-              <property name="enabled" >
-                <bool>true</bool>
-              </property>
-              <property name="echoMode" >
-                <enum>QLineEdit::Password</enum>
-              </property>
-            </widget>
-          </item>
-        </layout>
-      </item>
-      <item>
-        <layout class="QHBoxLayout" >
-          <property name="margin" >
-            <number>0</number>
-          </property>
-          <item>
-            <spacer name="spacer4" >
-              <property name="sizeHint" >
-                <size>
-                  <width>20</width>
-                  <height>20</height>
-                </size>
-              </property>
-              <property name="sizeType" >
-                <enum>Expanding</enum>
-              </property>
-              <property name="orientation" >
-                <enum>Horizontal</enum>
-              </property>
-            </spacer>
-          </item>
-          <item>
-            <widget class="QPushButton" name="buttonOk" >
-              <property name="text" >
-                <string>&amp;OK</string>
-              </property>
-              <property name="shortcut" >
-                <string/>
-              </property>
-              <property name="autoDefault" >
-                <bool>true</bool>
-              </property>
-              <property name="default" >
-                <bool>true</bool>
-              </property>
-            </widget>
-          </item>
-          <item>
-            <widget class="QPushButton" name="buttonCancel" >
-              <property name="text" >
-                <string>&amp;Cancel</string>
-              </property>
-              <property name="shortcut" >
-                <string/>
-              </property>
-              <property name="autoDefault" >
-                <bool>true</bool>
-              </property>
-            </widget>
-          </item>
-        </layout>
-      </item>
-    </layout>
-  </widget>
-  <layoutdefault spacing="6" margin="11" />
-  <pixmapfunction></pixmapfunction>
-</ui>
diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
deleted file mode 100644
index ccc7d8741d02..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Version=1.0
-Name=wpa_gui
-Comment=Graphical user interface for wpa_supplicant
-Exec=wpa_gui
-Icon=wpa_gui
-GenericName=wpa_supplicant user interface
-Terminal=false
-Type=Application
-Categories=Qt;Network;
diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro b/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro
deleted file mode 100644
index 3fa734b57758..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro
+++ /dev/null
@@ -1,73 +0,0 @@
-TEMPLATE	= app
-LANGUAGE	= C++
-TRANSLATIONS	= lang/wpa_gui_de.ts
-greaterThan(QT_MAJOR_VERSION, 4): QT += widgets
-
-CONFIG	+= qt warn_on release
-
-DEFINES += CONFIG_CTRL_IFACE
-
-win32 {
-  LIBS += -lws2_32 -static
-  DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
-  SOURCES += ../../src/utils/os_win32.c
-} else:win32-g++ {
-  # cross compilation to win32
-  LIBS += -lws2_32 -static -mwindows
-  DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
-  SOURCES += ../../src/utils/os_win32.c
-  RESOURCES += icons_png.qrc
-} else:win32-x-g++ {
-  # cross compilation to win32
-  LIBS += -lws2_32 -static -mwindows
-  DEFINES += CONFIG_NATIVE_WINDOWS CONFIG_CTRL_IFACE_NAMED_PIPE
-  DEFINES += _X86_
-  SOURCES += ../../src/utils/os_win32.c
-  RESOURCES += icons_png.qrc
-} else {
-  DEFINES += CONFIG_CTRL_IFACE_UNIX
-  SOURCES += ../../src/utils/os_unix.c
-}
-
-INCLUDEPATH	+= . .. ../../src ../../src/utils
-
-HEADERS	+= wpamsg.h \
-	wpagui.h \
-	eventhistory.h \
-	scanresults.h \
-	scanresultsitem.h \
-	signalbar.h \
-	userdatarequest.h \
-	networkconfig.h \
-	addinterface.h \
-	peers.h \
-	stringquery.h
-
-SOURCES	+= main.cpp \
-	wpagui.cpp \
-	eventhistory.cpp \
-	scanresults.cpp \
-	scanresultsitem.cpp \
-	signalbar.cpp \
-	userdatarequest.cpp \
-	networkconfig.cpp \
-	addinterface.cpp \
-	peers.cpp \
-	stringquery.cpp \
-	../../src/common/wpa_ctrl.c
-
-RESOURCES += icons.qrc
-
-FORMS	= wpagui.ui \
-	eventhistory.ui \
-	scanresults.ui \
-	userdatarequest.ui \
-	networkconfig.ui \
-	peers.ui
-
-
-unix {
-  UI_DIR = .ui
-  MOC_DIR = .moc
-  OBJECTS_DIR = .obj
-}
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
deleted file mode 100644
index 9404ab4249b7..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
+++ /dev/null
@@ -1,1913 +0,0 @@
-/*
- * wpa_gui - WpaGui class
- * Copyright (c) 2005-2011, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifdef CONFIG_NATIVE_WINDOWS
-#include <windows.h>
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-#include <cstdio>
-#include <unistd.h>
-#include <chrono>
-#include <thread>
-#include <QMessageBox>
-#include <QCloseEvent>
-#include <QImageReader>
-#include <QSettings>
-
-#include "wpagui.h"
-#include "dirent.h"
-#include "common/wpa_ctrl.h"
-#include "userdatarequest.h"
-#include "networkconfig.h"
-
-
-#ifndef QT_NO_DEBUG
-#define debug(M, ...) qDebug("DEBUG %d: " M, __LINE__, ##__VA_ARGS__)
-#else
-#define debug(M, ...) do {} while (0)
-#endif
-
-
-WpaGui::WpaGui(QApplication *_app, QWidget *parent, const char *,
-	       Qt::WindowFlags)
-	: QMainWindow(parent), app(_app)
-{
-	setupUi(this);
-	this->setWindowFlags(Qt::Dialog);
-
-#ifdef CONFIG_NATIVE_WINDOWS
-	fileStopServiceAction = new QAction(this);
-	fileStopServiceAction->setObjectName("Stop Service");
-	fileStopServiceAction->setIconText(tr("Stop Service"));
-	fileMenu->insertAction(actionWPS, fileStopServiceAction);
-
-	fileStartServiceAction = new QAction(this);
-	fileStartServiceAction->setObjectName("Start Service");
-	fileStartServiceAction->setIconText(tr("Start Service"));
-	fileMenu->insertAction(fileStopServiceAction, fileStartServiceAction);
-
-	connect(fileStartServiceAction, SIGNAL(triggered()), this,
-		SLOT(startService()));
-	connect(fileStopServiceAction, SIGNAL(triggered()), this,
-		SLOT(stopService()));
-
-	addInterfaceAction = new QAction(this);
-	addInterfaceAction->setIconText(tr("Add Interface"));
-	fileMenu->insertAction(fileStartServiceAction, addInterfaceAction);
-
-	connect(addInterfaceAction, SIGNAL(triggered()), this,
-		SLOT(addInterface()));
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-	(void) statusBar();
-
-	/*
-	 * Disable WPS tab by default; it will be enabled if wpa_supplicant is
-	 * built with WPS support.
-	 */
-	wpsTab->setEnabled(false);
-	wpaguiTab->setTabEnabled(wpaguiTab->indexOf(wpsTab), false);
-
-	connect(fileEventHistoryAction, SIGNAL(triggered()), this,
-		SLOT(eventHistory()));
-	connect(fileSaveConfigAction, SIGNAL(triggered()), this,
-		SLOT(saveConfig()));
-	connect(actionWPS, SIGNAL(triggered()), this, SLOT(wpsDialog()));
-	connect(actionPeers, SIGNAL(triggered()), this, SLOT(peersDialog()));
-	connect(fileExitAction, SIGNAL(triggered()), qApp, SLOT(quit()));
-	connect(networkAddAction, SIGNAL(triggered()), this,
-		SLOT(addNetwork()));
-	connect(networkEditAction, SIGNAL(triggered()), this,
-		SLOT(editSelectedNetwork()));
-	connect(networkRemoveAction, SIGNAL(triggered()), this,
-		SLOT(removeSelectedNetwork()));
-	connect(networkEnableAllAction, SIGNAL(triggered()), this,
-		SLOT(enableAllNetworks()));
-	connect(networkDisableAllAction, SIGNAL(triggered()), this,
-		SLOT(disableAllNetworks()));
-	connect(networkRemoveAllAction, SIGNAL(triggered()), this,
-		SLOT(removeAllNetworks()));
-	connect(helpIndexAction, SIGNAL(triggered()), this, SLOT(helpIndex()));
-	connect(helpContentsAction, SIGNAL(triggered()), this,
-		SLOT(helpContents()));
-	connect(helpAboutAction, SIGNAL(triggered()), this, SLOT(helpAbout()));
-	connect(disconnectButton, SIGNAL(clicked()), this, SLOT(disconnect()));
-	connect(scanButton, SIGNAL(clicked()), this, SLOT(scan()));
-	connect(connectButton, SIGNAL(clicked()), this, SLOT(connectB()));
-	connect(adapterSelect, SIGNAL(activated(const QString&)), this,
-		SLOT(selectAdapter(const QString&)));
-	connect(networkSelect, SIGNAL(activated(const QString&)), this,
-		SLOT(selectNetwork(const QString&)));
-	connect(addNetworkButton, SIGNAL(clicked()), this, SLOT(addNetwork()));
-	connect(editNetworkButton, SIGNAL(clicked()), this,
-		SLOT(editListedNetwork()));
-	connect(removeNetworkButton, SIGNAL(clicked()), this,
-		SLOT(removeListedNetwork()));
-	connect(networkList, SIGNAL(itemSelectionChanged()), this,
-		SLOT(updateNetworkDisabledStatus()));
-	connect(enableRadioButton, SIGNAL(toggled(bool)), this,
-		SLOT(enableListedNetwork(bool)));
-	connect(disableRadioButton, SIGNAL(toggled(bool)), this,
-		SLOT(disableListedNetwork(bool)));
-	connect(scanNetworkButton, SIGNAL(clicked()), this, SLOT(scan()));
-	connect(networkList, SIGNAL(itemDoubleClicked(QListWidgetItem *)),
-		this, SLOT(editListedNetwork()));
-	connect(wpaguiTab, SIGNAL(currentChanged(int)), this,
-		SLOT(tabChanged(int)));
-	connect(wpsPbcButton, SIGNAL(clicked()), this, SLOT(wpsPbc()));
-	connect(wpsPinButton, SIGNAL(clicked()), this, SLOT(wpsGeneratePin()));
-	connect(wpsApPinEdit, SIGNAL(textChanged(const QString &)), this,
-		SLOT(wpsApPinChanged(const QString &)));
-	connect(wpsApPinButton, SIGNAL(clicked()), this, SLOT(wpsApPin()));
-
-	eh = NULL;
-	scanres = NULL;
-	peers = NULL;
-	add_iface = NULL;
-	udr = NULL;
-	tray_icon = NULL;
-	startInTray = false;
-	quietMode = false;
-	ctrl_iface = NULL;
-	ctrl_conn = NULL;
-	monitor_conn = NULL;
-	msgNotifier = NULL;
-	ctrl_iface_dir = strdup("/var/run/wpa_supplicant");
-	signalMeterInterval = 0;
-
-	parse_argv();
-
-#ifndef QT_NO_SESSIONMANAGER
-	if (app->isSessionRestored()) {
-		QSettings settings("wpa_supplicant", "wpa_gui");
-		settings.beginGroup("state");
-		if (app->sessionId().compare(settings.value("session_id").
-					     toString()) == 0)
-			startInTray = settings.value("in_tray").toBool();
-		settings.endGroup();
-	}
-#endif
-
-	if (QSystemTrayIcon::isSystemTrayAvailable())
-		createTrayIcon(startInTray);
-	else
-		show();
-
-	connectedToService = false;
-	textStatus->setText(tr("connecting to wpa_supplicant"));
-	timer = new QTimer(this);
-	connect(timer, SIGNAL(timeout()), SLOT(ping()));
-	timer->setSingleShot(false);
-	timer->start(1000);
-
-	signalMeterTimer = new QTimer(this);
-	signalMeterTimer->setInterval(signalMeterInterval);
-	connect(signalMeterTimer, SIGNAL(timeout()), SLOT(signalMeterUpdate()));
-
-	if (openCtrlConnection(ctrl_iface) < 0) {
-		debug("Failed to open control connection to "
-		      "wpa_supplicant.");
-	}
-
-	updateStatus();
-	networkMayHaveChanged = true;
-	updateNetworks();
-}
-
-
-WpaGui::~WpaGui()
-{
-	delete msgNotifier;
-
-	if (monitor_conn) {
-		wpa_ctrl_detach(monitor_conn);
-		wpa_ctrl_close(monitor_conn);
-		monitor_conn = NULL;
-	}
-	if (ctrl_conn) {
-		wpa_ctrl_close(ctrl_conn);
-		ctrl_conn = NULL;
-	}
-
-	if (eh) {
-		eh->close();
-		delete eh;
-		eh = NULL;
-	}
-
-	if (scanres) {
-		scanres->close();
-		delete scanres;
-		scanres = NULL;
-	}
-
-	if (peers) {
-		peers->close();
-		delete peers;
-		peers = NULL;
-	}
-
-	if (add_iface) {
-		add_iface->close();
-		delete add_iface;
-		add_iface = NULL;
-	}
-
-	if (udr) {
-		udr->close();
-		delete udr;
-		udr = NULL;
-	}
-
-	free(ctrl_iface);
-	ctrl_iface = NULL;
-
-	free(ctrl_iface_dir);
-	ctrl_iface_dir = NULL;
-}
-
-
-void WpaGui::languageChange()
-{
-	retranslateUi(this);
-}
-
-
-void WpaGui::parse_argv()
-{
-	int c;
-	WpaGuiApp *app = qobject_cast<WpaGuiApp*>(qApp);
-	for (;;) {
-		c = getopt(app->argc, app->argv, "i:m:p:tq");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'i':
-			free(ctrl_iface);
-			ctrl_iface = strdup(optarg);
-			break;
-		case 'm':
-			signalMeterInterval = atoi(optarg) * 1000;
-			break;
-		case 'p':
-			free(ctrl_iface_dir);
-			ctrl_iface_dir = strdup(optarg);
-			break;
-		case 't':
-			startInTray = true;
-			break;
-		case 'q':
-			quietMode = true;
-			break;
-		}
-	}
-}
-
-
-int WpaGui::openCtrlConnection(const char *ifname)
-{
-	char *cfile;
-	int flen;
-	char buf[2048], *pos, *pos2;
-	size_t len;
-
-	if (ifname) {
-		if (ifname != ctrl_iface) {
-			free(ctrl_iface);
-			ctrl_iface = strdup(ifname);
-		}
-	} else {
-#ifdef CONFIG_CTRL_IFACE_UDP
-		free(ctrl_iface);
-		ctrl_iface = strdup("udp");
-#endif /* CONFIG_CTRL_IFACE_UDP */
-#ifdef CONFIG_CTRL_IFACE_UNIX
-		struct dirent *dent;
-		DIR *dir = opendir(ctrl_iface_dir);
-		free(ctrl_iface);
-		ctrl_iface = NULL;
-		if (dir) {
-			while ((dent = readdir(dir))) {
-#ifdef _DIRENT_HAVE_D_TYPE
-				/* Skip the file if it is not a socket.
-				 * Also accept DT_UNKNOWN (0) in case
-				 * the C library or underlying file
-				 * system does not support d_type. */
-				if (dent->d_type != DT_SOCK &&
-				    dent->d_type != DT_UNKNOWN)
-					continue;
-#endif /* _DIRENT_HAVE_D_TYPE */
-
-				if (strcmp(dent->d_name, ".") == 0 ||
-				    strcmp(dent->d_name, "..") == 0)
-					continue;
-				debug("Selected interface '%s'",
-				      dent->d_name);
-				ctrl_iface = strdup(dent->d_name);
-				break;
-			}
-			closedir(dir);
-		}
-#endif /* CONFIG_CTRL_IFACE_UNIX */
-#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
-		struct wpa_ctrl *ctrl;
-		int ret;
-
-		free(ctrl_iface);
-		ctrl_iface = NULL;
-
-		ctrl = wpa_ctrl_open(NULL);
-		if (ctrl) {
-			len = sizeof(buf) - 1;
-			ret = wpa_ctrl_request(ctrl, "INTERFACES", 10, buf,
-					       &len, NULL);
-			if (ret >= 0) {
-				connectedToService = true;
-				buf[len] = '\0';
-				pos = strchr(buf, '\n');
-				if (pos)
-					*pos = '\0';
-				ctrl_iface = strdup(buf);
-			}
-			wpa_ctrl_close(ctrl);
-		}
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-	}
-
-	if (ctrl_iface == NULL) {
-#ifdef CONFIG_NATIVE_WINDOWS
-		static bool first = true;
-		if (first && !serviceRunning()) {
-			first = false;
-			if (QMessageBox::warning(
-				    this, qAppName(),
-				    tr("wpa_supplicant service is not "
-				       "running.\n"
-				       "Do you want to start it?"),
-				    QMessageBox::Yes | QMessageBox::No) ==
-			    QMessageBox::Yes)
-				startService();
-		}
-#endif /* CONFIG_NATIVE_WINDOWS */
-		return -1;
-	}
-
-#ifdef CONFIG_CTRL_IFACE_UNIX
-	flen = strlen(ctrl_iface_dir) + strlen(ctrl_iface) + 2;
-	cfile = (char *) malloc(flen);
-	if (cfile == NULL)
-		return -1;
-	snprintf(cfile, flen, "%s/%s", ctrl_iface_dir, ctrl_iface);
-#else /* CONFIG_CTRL_IFACE_UNIX */
-	flen = strlen(ctrl_iface) + 1;
-	cfile = (char *) malloc(flen);
-	if (cfile == NULL)
-		return -1;
-	snprintf(cfile, flen, "%s", ctrl_iface);
-#endif /* CONFIG_CTRL_IFACE_UNIX */
-
-	if (ctrl_conn) {
-		wpa_ctrl_close(ctrl_conn);
-		ctrl_conn = NULL;
-	}
-
-	if (monitor_conn) {
-		delete msgNotifier;
-		msgNotifier = NULL;
-		wpa_ctrl_detach(monitor_conn);
-		wpa_ctrl_close(monitor_conn);
-		monitor_conn = NULL;
-	}
-
-	debug("Trying to connect to '%s'", cfile);
-	ctrl_conn = wpa_ctrl_open(cfile);
-	if (ctrl_conn == NULL) {
-		free(cfile);
-		return -1;
-	}
-	monitor_conn = wpa_ctrl_open(cfile);
-	free(cfile);
-	if (monitor_conn == NULL) {
-		wpa_ctrl_close(ctrl_conn);
-		return -1;
-	}
-	if (wpa_ctrl_attach(monitor_conn)) {
-		debug("Failed to attach to wpa_supplicant");
-		wpa_ctrl_close(monitor_conn);
-		monitor_conn = NULL;
-		wpa_ctrl_close(ctrl_conn);
-		ctrl_conn = NULL;
-		return -1;
-	}
-
-#if defined(CONFIG_CTRL_IFACE_UNIX) || defined(CONFIG_CTRL_IFACE_UDP)
-	msgNotifier = new QSocketNotifier(wpa_ctrl_get_fd(monitor_conn),
-					  QSocketNotifier::Read, this);
-	connect(msgNotifier, SIGNAL(activated(int)), SLOT(receiveMsgs()));
-#endif
-
-	adapterSelect->clear();
-	adapterSelect->addItem(ctrl_iface);
-	adapterSelect->setCurrentIndex(0);
-
-	len = sizeof(buf) - 1;
-	if (wpa_ctrl_request(ctrl_conn, "INTERFACES", 10, buf, &len, NULL) >=
-	    0) {
-		buf[len] = '\0';
-		pos = buf;
-		while (*pos) {
-			pos2 = strchr(pos, '\n');
-			if (pos2)
-				*pos2 = '\0';
-			if (strcmp(pos, ctrl_iface) != 0)
-				adapterSelect->addItem(pos);
-			if (pos2)
-				pos = pos2 + 1;
-			else
-				break;
-		}
-	}
-
-	len = sizeof(buf) - 1;
-	if (wpa_ctrl_request(ctrl_conn, "GET_CAPABILITY eap", 18, buf, &len,
-			     NULL) >= 0) {
-		buf[len] = '\0';
-
-		QString res(buf);
-		QStringList types = res.split(QChar(' '));
-		bool wps = types.contains("WSC");
-		actionWPS->setEnabled(wps);
-		wpsTab->setEnabled(wps);
-		wpaguiTab->setTabEnabled(wpaguiTab->indexOf(wpsTab), wps);
-	}
-
-	return 0;
-}
-
-
-int WpaGui::ctrlRequest(const char *cmd, char *buf, size_t *buflen)
-{
-	int ret;
-
-	if (ctrl_conn == NULL)
-		return -3;
-	ret = wpa_ctrl_request(ctrl_conn, cmd, strlen(cmd), buf, buflen, NULL);
-	if (ret == -2)
-		debug("'%s' command timed out.", cmd);
-	else if (ret < 0)
-		debug("'%s' command failed.", cmd);
-
-	return ret;
-}
-
-
-QString WpaGui::wpaStateTranslate(char *state)
-{
-	if (!strcmp(state, "DISCONNECTED"))
-		return tr("Disconnected");
-	else if (!strcmp(state, "INACTIVE"))
-		return tr("Inactive");
-	else if (!strcmp(state, "SCANNING"))
-		return tr("Scanning");
-	else if (!strcmp(state, "AUTHENTICATING"))
-		return tr("Authenticating");
-	else if (!strcmp(state, "ASSOCIATING"))
-		return tr("Associating");
-	else if (!strcmp(state, "ASSOCIATED"))
-		return tr("Associated");
-	else if (!strcmp(state, "4WAY_HANDSHAKE"))
-		return tr("4-Way Handshake");
-	else if (!strcmp(state, "GROUP_HANDSHAKE"))
-		return tr("Group Handshake");
-	else if (!strcmp(state, "COMPLETED"))
-		return tr("Completed");
-	else
-		return tr("Unknown");
-}
-
-
-void WpaGui::updateStatus()
-{
-	char buf[2048], *start, *end, *pos;
-	size_t len;
-
-	pingsToStatusUpdate = 10;
-
-	len = sizeof(buf) - 1;
-	if (ctrl_conn == NULL || ctrlRequest("STATUS", buf, &len) < 0) {
-		textStatus->setText(tr("Could not get status from "
-				       "wpa_supplicant"));
-		textAuthentication->clear();
-		textEncryption->clear();
-		textSsid->clear();
-		textBssid->clear();
-		textIpAddress->clear();
-		updateTrayToolTip(tr("no status information"));
-		updateTrayIcon(TrayIconOffline);
-		signalMeterTimer->stop();
-
-#ifdef CONFIG_NATIVE_WINDOWS
-		static bool first = true;
-		if (first && connectedToService &&
-		    (ctrl_iface == NULL || *ctrl_iface == '\0')) {
-			first = false;
-			if (QMessageBox::information(
-				    this, qAppName(),
-				    tr("No network interfaces in use.\n"
-				       "Would you like to add one?"),
-				    QMessageBox::Yes | QMessageBox::No) ==
-			    QMessageBox::Yes)
-				addInterface();
-		}
-#endif /* CONFIG_NATIVE_WINDOWS */
-		return;
-	}
-
-	buf[len] = '\0';
-
-	bool auth_updated = false, ssid_updated = false;
-	bool bssid_updated = false, ipaddr_updated = false;
-	bool status_updated = false;
-	char *pairwise_cipher = NULL, *group_cipher = NULL;
-	char *mode = NULL;
-
-	start = buf;
-	while (*start) {
-		bool last = false;
-		end = strchr(start, '\n');
-		if (end == NULL) {
-			last = true;
-			end = start;
-			while (end[0] && end[1])
-				end++;
-		}
-		*end = '\0';
-
-		pos = strchr(start, '=');
-		if (pos) {
-			*pos++ = '\0';
-			if (strcmp(start, "bssid") == 0) {
-				bssid_updated = true;
-				textBssid->setText(pos);
-			} else if (strcmp(start, "ssid") == 0) {
-				ssid_updated = true;
-				textSsid->setText(pos);
-				updateTrayToolTip(pos + tr(" (associated)"));
-				if (!signalMeterInterval) {
-					/* if signal meter is not enabled show
-					 * full signal strength */
-					updateTrayIcon(TrayIconSignalExcellent);
-				}
-			} else if (strcmp(start, "ip_address") == 0) {
-				ipaddr_updated = true;
-				textIpAddress->setText(pos);
-			} else if (strcmp(start, "wpa_state") == 0) {
-				status_updated = true;
-				textStatus->setText(wpaStateTranslate(pos));
-			} else if (strcmp(start, "key_mgmt") == 0) {
-				auth_updated = true;
-				textAuthentication->setText(pos);
-				/* TODO: could add EAP status to this */
-			} else if (strcmp(start, "pairwise_cipher") == 0) {
-				pairwise_cipher = pos;
-			} else if (strcmp(start, "group_cipher") == 0) {
-				group_cipher = pos;
-			} else if (strcmp(start, "mode") == 0) {
-				mode = pos;
-			}
-		}
-
-		if (last)
-			break;
-		start = end + 1;
-	}
-	if (status_updated && mode)
-		textStatus->setText(textStatus->text() + " (" + mode + ")");
-
-	if (pairwise_cipher || group_cipher) {
-		QString encr;
-		if (pairwise_cipher && group_cipher &&
-		    strcmp(pairwise_cipher, group_cipher) != 0) {
-			encr.append(pairwise_cipher);
-			encr.append(" + ");
-			encr.append(group_cipher);
-		} else if (pairwise_cipher) {
-			encr.append(pairwise_cipher);
-		} else {
-			encr.append(group_cipher);
-			encr.append(" [group key only]");
-		}
-		textEncryption->setText(encr);
-	} else
-		textEncryption->clear();
-
-	if (signalMeterInterval) {
-		/*
-		 * Handle signal meter service. When network is not associated,
-		 * deactivate timer, otherwise keep it going. Tray icon has to
-		 * be initialized here, because of the initial delay of the
-		 * timer.
-		 */
-		if (ssid_updated) {
-			if (!signalMeterTimer->isActive()) {
-				updateTrayIcon(TrayIconConnected);
-				signalMeterTimer->start();
-			}
-		} else {
-			signalMeterTimer->stop();
-		}
-	}
-
-	if (!status_updated)
-		textStatus->clear();
-	if (!auth_updated)
-		textAuthentication->clear();
-	if (!ssid_updated) {
-		textSsid->clear();
-		updateTrayToolTip(tr("(not-associated)"));
-		updateTrayIcon(TrayIconOffline);
-	}
-	if (!bssid_updated)
-		textBssid->clear();
-	if (!ipaddr_updated)
-		textIpAddress->clear();
-}
-
-
-void WpaGui::updateNetworks()
-{
-	char buf[4096], *start, *end, *id, *ssid, *bssid, *flags;
-	size_t len;
-	int first_active = -1;
-	int was_selected = -1;
-	bool current = false;
-
-	if (!networkMayHaveChanged)
-		return;
-
-	if (networkList->currentRow() >= 0)
-		was_selected = networkList->currentRow();
-
-	networkSelect->clear();
-	networkList->clear();
-
-	if (ctrl_conn == NULL)
-		return;
-
-	len = sizeof(buf) - 1;
-	if (ctrlRequest("LIST_NETWORKS", buf, &len) < 0)
-		return;
-
-	buf[len] = '\0';
-	start = strchr(buf, '\n');
-	if (start == NULL)
-		return;
-	start++;
-
-	while (*start) {
-		bool last = false;
-		end = strchr(start, '\n');
-		if (end == NULL) {
-			last = true;
-			end = start;
-			while (end[0] && end[1])
-				end++;
-		}
-		*end = '\0';
-
-		id = start;
-		ssid = strchr(id, '\t');
-		if (ssid == NULL)
-			break;
-		*ssid++ = '\0';
-		bssid = strchr(ssid, '\t');
-		if (bssid == NULL)
-			break;
-		*bssid++ = '\0';
-		flags = strchr(bssid, '\t');
-		if (flags == NULL)
-			break;
-		*flags++ = '\0';
-
-		if (strstr(flags, "[DISABLED][P2P-PERSISTENT]")) {
-			if (last)
-				break;
-			start = end + 1;
-			continue;
-		}
-
-		QString network(id);
-		network.append(": ");
-		network.append(ssid);
-		networkSelect->addItem(network);
-		networkList->addItem(network);
-
-		if (strstr(flags, "[CURRENT]")) {
-			networkSelect->setCurrentIndex(networkSelect->count() -
-						      1);
-			current = true;
-		} else if (first_active < 0 &&
-			   strstr(flags, "[DISABLED]") == NULL)
-			first_active = networkSelect->count() - 1;
-
-		start = end + 1;
-		if (*start && strchr(start, '\n'))
-			continue;
-
-		/* avoid race conditions */
-		std::this_thread::sleep_for(std::chrono::milliseconds(200));
-		QString cmd("LIST_NETWORKS LAST_ID=");
-		cmd.append(id);
-		if (ctrlRequest(cmd.toLocal8Bit().constData(), buf, &len) < 0)
-			break;
-
-		buf[len] = '\0';
-		start = strchr(buf, '\n');
-		if (!start)
-			break;
-		start++;
-	}
-
-	if (networkSelect->count() > 1)
-		networkSelect->addItem(tr("Select any network"));
-
-	if (!current && first_active >= 0)
-		networkSelect->setCurrentIndex(first_active);
-
-	if (was_selected >= 0 && networkList->count() > 0) {
-		if (was_selected < networkList->count())
-			networkList->setCurrentRow(was_selected);
-		else
-			networkList->setCurrentRow(networkList->count() - 1);
-	}
-	else
-		networkList->setCurrentRow(networkSelect->currentIndex());
-
-	networkMayHaveChanged = false;
-}
-
-
-void WpaGui::helpIndex()
-{
-	debug("helpIndex");
-}
-
-
-void WpaGui::helpContents()
-{
-	debug("helpContents");
-}
-
-
-void WpaGui::helpAbout()
-{
-	QMessageBox::about(this, "wpa_gui for wpa_supplicant",
-			   "Copyright (c) 2003-2015,\n"
-			   "Jouni Malinen <j@w1.fi>\n"
-			   "and contributors.\n"
-			   "\n"
-			   "This software may be distributed under\n"
-			   "the terms of the BSD license.\n"
-			   "See README for more details.\n"
-			   "\n"
-			   "This product includes software developed\n"
-			   "by the OpenSSL Project for use in the\n"
-			   "OpenSSL Toolkit (http://www.openssl.org/)\n");
-}
-
-
-void WpaGui::disconnect()
-{
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-	ctrlRequest("DISCONNECT", reply, &reply_len);
-	stopWpsRun(false);
-}
-
-
-void WpaGui::scan()
-{
-	if (scanres) {
-		scanres->close();
-		delete scanres;
-	}
-
-	scanres = new ScanResults();
-	if (scanres == NULL)
-		return;
-	scanres->setWpaGui(this);
-	scanres->show();
-	scanres->exec();
-}
-
-
-void WpaGui::eventHistory()
-{
-	if (eh) {
-		eh->close();
-		delete eh;
-	}
-
-	eh = new EventHistory();
-	if (eh == NULL)
-		return;
-	eh->addEvents(msgs);
-	eh->show();
-	eh->exec();
-}
-
-
-void WpaGui::ping()
-{
-	char buf[10];
-	size_t len;
-
-#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE
-	/*
-	 * QSocketNotifier cannot be used with Windows named pipes, so use a
-	 * timer to check for received messages for now. This could be
-	 * optimized be doing something specific to named pipes or Windows
-	 * events, but it is not clear what would be the best way of doing that
-	 * in Qt.
-	 */
-	receiveMsgs();
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-
-	if (scanres && !scanres->isVisible()) {
-		delete scanres;
-		scanres = NULL;
-	}
-
-	if (eh && !eh->isVisible()) {
-		delete eh;
-		eh = NULL;
-	}
-
-	if (udr && !udr->isVisible()) {
-		delete udr;
-		udr = NULL;
-	}
-
-	len = sizeof(buf) - 1;
-	if (ctrlRequest("PING", buf, &len) < 0) {
-		debug("PING failed - trying to reconnect");
-		if (openCtrlConnection(ctrl_iface) >= 0) {
-			debug("Reconnected successfully");
-			pingsToStatusUpdate = 0;
-		}
-	}
-
-	pingsToStatusUpdate--;
-	if (pingsToStatusUpdate <= 0) {
-		updateStatus();
-		updateNetworks();
-	}
-
-#ifndef CONFIG_CTRL_IFACE_NAMED_PIPE
-	/* Use less frequent pings and status updates when the main window is
-	 * hidden (running in taskbar). */
-	int interval = isHidden() ? 5000 : 1000;
-	if (timer->interval() != interval)
-		timer->setInterval(interval);
-#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */
-}
-
-
-void WpaGui::signalMeterUpdate()
-{
-	char reply[128];
-	size_t reply_len = sizeof(reply);
-	char *rssi;
-	int rssi_value;
-
-	ctrlRequest("SIGNAL_POLL", reply, &reply_len);
-
-	/* In order to eliminate signal strength fluctuations, try
-	 * to obtain averaged RSSI value in the first place. */
-	if ((rssi = strstr(reply, "AVG_RSSI=")) != NULL)
-		rssi_value = atoi(&rssi[sizeof("AVG_RSSI")]);
-	else if ((rssi = strstr(reply, "RSSI=")) != NULL)
-		rssi_value = atoi(&rssi[sizeof("RSSI")]);
-	else {
-		debug("Failed to get RSSI value");
-		updateTrayIcon(TrayIconSignalNone);
-		return;
-	}
-
-	debug("RSSI value: %d", rssi_value);
-
-	/*
-	 * NOTE: The code below assumes, that the unit of the value returned
-	 * by the SIGNAL POLL request is dBm. It might not be true for all
-	 * wpa_supplicant drivers.
-	 */
-
-	/*
-	 * Calibration is based on "various Internet sources". Nonetheless,
-	 * it seems to be compatible with the Windows 8.1 strength meter -
-	 * tested on Intel Centrino Advanced-N 6235.
-	 */
-	if (rssi_value >= -60)
-		updateTrayIcon(TrayIconSignalExcellent);
-	else if (rssi_value >= -68)
-		updateTrayIcon(TrayIconSignalGood);
-	else if (rssi_value >= -76)
-		updateTrayIcon(TrayIconSignalOk);
-	else if (rssi_value >= -84)
-		updateTrayIcon(TrayIconSignalWeak);
-	else
-		updateTrayIcon(TrayIconSignalNone);
-}
-
-
-static int str_match(const char *a, const char *b)
-{
-	return strncmp(a, b, strlen(b)) == 0;
-}
-
-
-void WpaGui::processMsg(char *msg)
-{
-	char *pos = msg, *pos2;
-	int priority = 2;
-
-	if (*pos == '<') {
-		/* skip priority */
-		pos++;
-		priority = atoi(pos);
-		pos = strchr(pos, '>');
-		if (pos)
-			pos++;
-		else
-			pos = msg;
-	}
-
-	WpaMsg wm(pos, priority);
-	if (eh)
-		eh->addEvent(wm);
-	if (peers)
-		peers->event_notify(wm);
-	msgs.append(wm);
-	while (msgs.count() > 100)
-		msgs.pop_front();
-
-	/* Update last message with truncated version of the event */
-	if (strncmp(pos, "CTRL-", 5) == 0) {
-		pos2 = strchr(pos, str_match(pos, WPA_CTRL_REQ) ? ':' : ' ');
-		if (pos2)
-			pos2++;
-		else
-			pos2 = pos;
-	} else
-		pos2 = pos;
-	QString lastmsg = pos2;
-	lastmsg.truncate(40);
-	textLastMessage->setText(lastmsg);
-
-	pingsToStatusUpdate = 0;
-	networkMayHaveChanged = true;
-
-	if (str_match(pos, WPA_CTRL_REQ))
-		processCtrlReq(pos + strlen(WPA_CTRL_REQ));
-	else if (str_match(pos, WPA_EVENT_SCAN_RESULTS) && scanres)
-		scanres->updateResults();
-	else if (str_match(pos, WPA_EVENT_DISCONNECTED))
-		showTrayMessage(QSystemTrayIcon::Information, 3,
-				tr("Disconnected from network."));
-	else if (str_match(pos, WPA_EVENT_CONNECTED)) {
-		showTrayMessage(QSystemTrayIcon::Information, 3,
-				tr("Connection to network established."));
-		QTimer::singleShot(5 * 1000, this, SLOT(showTrayStatus()));
-		stopWpsRun(true);
-	} else if (str_match(pos, WPS_EVENT_AP_AVAILABLE_PBC)) {
-		wpsStatusText->setText(tr("WPS AP in active PBC mode found"));
-		if (textStatus->text() == "INACTIVE" ||
-		    textStatus->text() == "DISCONNECTED")
-			wpaguiTab->setCurrentWidget(wpsTab);
-		wpsInstructions->setText(tr("Press the PBC button on the "
-					    "screen to start registration"));
-	} else if (str_match(pos, WPS_EVENT_AP_AVAILABLE_PIN)) {
-		wpsStatusText->setText(tr("WPS AP with recently selected "
-					  "registrar"));
-		if (textStatus->text() == "INACTIVE" ||
-		    textStatus->text() == "DISCONNECTED")
-			wpaguiTab->setCurrentWidget(wpsTab);
-	} else if (str_match(pos, WPS_EVENT_AP_AVAILABLE_AUTH)) {
-		showTrayMessage(QSystemTrayIcon::Information, 3,
-				"Wi-Fi Protected Setup (WPS) AP\n"
-				"indicating this client is authorized.");
-		wpsStatusText->setText("WPS AP indicating this client is "
-				       "authorized");
-		if (textStatus->text() == "INACTIVE" ||
-		    textStatus->text() == "DISCONNECTED")
-			wpaguiTab->setCurrentWidget(wpsTab);
-	} else if (str_match(pos, WPS_EVENT_AP_AVAILABLE)) {
-		wpsStatusText->setText(tr("WPS AP detected"));
-	} else if (str_match(pos, WPS_EVENT_OVERLAP)) {
-		wpsStatusText->setText(tr("PBC mode overlap detected"));
-		wpsInstructions->setText(tr("More than one AP is currently in "
-					    "active WPS PBC mode. Wait couple "
-					    "of minutes and try again"));
-		wpaguiTab->setCurrentWidget(wpsTab);
-	} else if (str_match(pos, WPS_EVENT_CRED_RECEIVED)) {
-		wpsStatusText->setText(tr("Network configuration received"));
-		wpaguiTab->setCurrentWidget(wpsTab);
-	} else if (str_match(pos, WPA_EVENT_EAP_METHOD)) {
-		if (strstr(pos, "(WSC)"))
-			wpsStatusText->setText(tr("Registration started"));
-	} else if (str_match(pos, WPS_EVENT_M2D)) {
-		wpsStatusText->setText(tr("Registrar does not yet know PIN"));
-	} else if (str_match(pos, WPS_EVENT_FAIL)) {
-		wpsStatusText->setText(tr("Registration failed"));
-	} else if (str_match(pos, WPS_EVENT_SUCCESS)) {
-		wpsStatusText->setText(tr("Registration succeeded"));
-	}
-}
-
-
-void WpaGui::processCtrlReq(const char *req)
-{
-	if (udr) {
-		udr->close();
-		delete udr;
-	}
-	udr = new UserDataRequest();
-	if (udr == NULL)
-		return;
-	if (udr->setParams(this, req) < 0) {
-		delete udr;
-		udr = NULL;
-		return;
-	}
-	udr->show();
-	udr->exec();
-}
-
-
-void WpaGui::receiveMsgs()
-{
-	char buf[256];
-	size_t len;
-
-	while (monitor_conn && wpa_ctrl_pending(monitor_conn) > 0) {
-		len = sizeof(buf) - 1;
-		if (wpa_ctrl_recv(monitor_conn, buf, &len) == 0) {
-			buf[len] = '\0';
-			processMsg(buf);
-		}
-	}
-}
-
-
-void WpaGui::connectB()
-{
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-	ctrlRequest("REASSOCIATE", reply, &reply_len);
-}
-
-
-void WpaGui::selectNetwork( const QString &sel )
-{
-	QString cmd(sel);
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-
-	if (cmd.contains(QRegExp("^\\d+:")))
-		cmd.truncate(cmd.indexOf(':'));
-	else
-		cmd = "any";
-	cmd.prepend("SELECT_NETWORK ");
-	ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len);
-	triggerUpdate();
-	stopWpsRun(false);
-}
-
-
-void WpaGui::enableNetwork(const QString &sel)
-{
-	QString cmd(sel);
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-
-	if (cmd.contains(QRegExp("^\\d+:")))
-		cmd.truncate(cmd.indexOf(':'));
-	else if (!cmd.startsWith("all")) {
-		debug("Invalid editNetwork '%s'",
-		      cmd.toLocal8Bit().constData());
-		return;
-	}
-	cmd.prepend("ENABLE_NETWORK ");
-	ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len);
-	triggerUpdate();
-}
-
-
-void WpaGui::disableNetwork(const QString &sel)
-{
-	QString cmd(sel);
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-
-	if (cmd.contains(QRegExp("^\\d+:")))
-		cmd.truncate(cmd.indexOf(':'));
-	else if (!cmd.startsWith("all")) {
-		debug("Invalid editNetwork '%s'",
-		      cmd.toLocal8Bit().constData());
-		return;
-	}
-	cmd.prepend("DISABLE_NETWORK ");
-	ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len);
-	triggerUpdate();
-}
-
-
-void WpaGui::editNetwork(const QString &sel)
-{
-	QString cmd(sel);
-	int id = -1;
-
-	if (cmd.contains(QRegExp("^\\d+:"))) {
-		cmd.truncate(cmd.indexOf(':'));
-		id = cmd.toInt();
-	}
-
-	NetworkConfig *nc = new NetworkConfig();
-	if (nc == NULL)
-		return;
-	nc->setWpaGui(this);
-
-	if (id >= 0)
-		nc->paramsFromConfig(id);
-	else
-		nc->newNetwork();
-
-	nc->show();
-	nc->exec();
-}
-
-
-void WpaGui::editSelectedNetwork()
-{
-	if (networkSelect->count() < 1) {
-		QMessageBox::information(
-			this, tr("No Networks"),
-			tr("There are no networks to edit.\n"));
-		return;
-	}
-	QString sel(networkSelect->currentText());
-	editNetwork(sel);
-}
-
-
-void WpaGui::editListedNetwork()
-{
-	if (networkList->currentRow() < 0) {
-		QMessageBox::information(this, tr("Select A Network"),
-					 tr("Select a network from the list to"
-					    " edit it.\n"));
-		return;
-	}
-	QString sel(networkList->currentItem()->text());
-	editNetwork(sel);
-}
-
-
-void WpaGui::triggerUpdate()
-{
-	updateStatus();
-	networkMayHaveChanged = true;
-	updateNetworks();
-}
-
-
-void WpaGui::addNetwork()
-{
-	NetworkConfig *nc = new NetworkConfig();
-	if (nc == NULL)
-		return;
-	nc->setWpaGui(this);
-	nc->newNetwork();
-	nc->show();
-	nc->exec();
-}
-
-
-void WpaGui::removeNetwork(const QString &sel)
-{
-	QString cmd(sel);
-	char reply[10];
-	size_t reply_len = sizeof(reply);
-
-	if (cmd.contains(QRegExp("^\\d+:")))
-		cmd.truncate(cmd.indexOf(':'));
-	else if (!cmd.startsWith("all")) {
-		debug("Invalid editNetwork '%s'",
-		      cmd.toLocal8Bit().constData());
-		return;
-	}
-	cmd.prepend("REMOVE_NETWORK ");
-	ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len);
-	triggerUpdate();
-}
-
-
-void WpaGui::removeSelectedNetwork()
-{
-	if (networkSelect->count() < 1) {
-		QMessageBox::information(this, tr("No Networks"),
-			                 tr("There are no networks to remove."
-					    "\n"));
-		return;
-	}
-	QString sel(networkSelect->currentText());
-	removeNetwork(sel);
-}
-
-
-void WpaGui::removeListedNetwork()
-{
-	if (networkList->currentRow() < 0) {
-		QMessageBox::information(this, tr("Select A Network"),
-					 tr("Select a network from the list "
-					    "to remove it.\n"));
-		return;
-	}
-	QString sel(networkList->currentItem()->text());
-	removeNetwork(sel);
-}
-
-
-void WpaGui::enableAllNetworks()
-{
-	QString sel("all");
-	enableNetwork(sel);
-}
-
-
-void WpaGui::disableAllNetworks()
-{
-	QString sel("all");
-	disableNetwork(sel);
-}
-
-
-void WpaGui::removeAllNetworks()
-{
-	QString sel("all");
-	removeNetwork(sel);
-}
-
-
-int WpaGui::getNetworkDisabled(const QString &sel)
-{
-	QString cmd(sel);
-	char reply[10];
-	size_t reply_len = sizeof(reply) - 1;
-	int pos = cmd.indexOf(':');
-	if (pos < 0) {
-		debug("Invalid getNetworkDisabled '%s'",
-		      cmd.toLocal8Bit().constData());
-		return -1;
-	}
-	cmd.truncate(pos);
-	cmd.prepend("GET_NETWORK ");
-	cmd.append(" disabled");
-
-	if (ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len) >= 0
-	    && reply_len >= 1) {
-		reply[reply_len] = '\0';
-		if (!str_match(reply, "FAIL"))
-			return atoi(reply);
-	}
-
-	return -1;
-}
-
-
-void WpaGui::updateNetworkDisabledStatus()
-{
-	if (networkList->currentRow() < 0)
-		return;
-
-	QString sel(networkList->currentItem()->text());
-
-	switch (getNetworkDisabled(sel)) {
-	case 0:
-		if (!enableRadioButton->isChecked())
-			enableRadioButton->setChecked(true);
-		return;
-	case 1:
-		if (!disableRadioButton->isChecked())
-			disableRadioButton->setChecked(true);
-		return;
-	}
-}
-
-
-void WpaGui::enableListedNetwork(bool enabled)
-{
-	if (networkList->currentRow() < 0 || !enabled)
-		return;
-
-	QString sel(networkList->currentItem()->text());
-
-	if (getNetworkDisabled(sel) == 1)
-		enableNetwork(sel);
-}
-
-
-void WpaGui::disableListedNetwork(bool disabled)
-{
-	if (networkList->currentRow() < 0 || !disabled)
-		return;
-
-	QString sel(networkList->currentItem()->text());
-
-	if (getNetworkDisabled(sel) == 0)
-		disableNetwork(sel);
-}
-
-
-void WpaGui::saveConfig()
-{
-	char buf[10];
-	size_t len;
-
-	len = sizeof(buf) - 1;
-	ctrlRequest("SAVE_CONFIG", buf, &len);
-
-	buf[len] = '\0';
-
-	if (str_match(buf, "FAIL"))
-		QMessageBox::warning(
-			this, tr("Failed to save configuration"),
-			tr("The configuration could not be saved.\n"
-			   "\n"
-			   "The update_config=1 configuration option\n"
-			   "must be used for configuration saving to\n"
-			   "be permitted.\n"));
-	else
-		QMessageBox::information(
-			this, tr("Saved configuration"),
-			tr("The current configuration was saved."
-			   "\n"));
-}
-
-
-void WpaGui::selectAdapter( const QString & sel )
-{
-	if (openCtrlConnection(sel.toLocal8Bit().constData()) < 0)
-		debug("Failed to open control connection to "
-		      "wpa_supplicant.");
-	updateStatus();
-	updateNetworks();
-}
-
-
-void WpaGui::createTrayIcon(bool trayOnly)
-{
-	QApplication::setQuitOnLastWindowClosed(false);
-
-	tray_icon = new QSystemTrayIcon(this);
-	updateTrayIcon(TrayIconOffline);
-
-	connect(tray_icon,
-		SIGNAL(activated(QSystemTrayIcon::ActivationReason)),
-		this, SLOT(trayActivated(QSystemTrayIcon::ActivationReason)));
-
-	ackTrayIcon = false;
-
-	tray_menu = new QMenu(this);
-
-	disconnectAction = new QAction(tr("&Disconnect"), this);
-	reconnectAction = new QAction(tr("Re&connect"), this);
-	connect(disconnectAction, SIGNAL(triggered()), this,
-		SLOT(disconnect()));
-	connect(reconnectAction, SIGNAL(triggered()), this,
-		SLOT(connectB()));
-	tray_menu->addAction(disconnectAction);
-	tray_menu->addAction(reconnectAction);
-	tray_menu->addSeparator();
-
-	eventAction = new QAction(tr("&Event History"), this);
-	scanAction = new QAction(tr("Scan &Results"), this);
-	statAction = new QAction(tr("S&tatus"), this);
-	connect(eventAction, SIGNAL(triggered()), this, SLOT(eventHistory()));
-	connect(scanAction, SIGNAL(triggered()), this, SLOT(scan()));
-	connect(statAction, SIGNAL(triggered()), this, SLOT(showTrayStatus()));
-	tray_menu->addAction(eventAction);
-	tray_menu->addAction(scanAction);
-	tray_menu->addAction(statAction);
-	tray_menu->addSeparator();
-
-	showAction = new QAction(tr("&Show Window"), this);
-	hideAction = new QAction(tr("&Hide Window"), this);
-	quitAction = new QAction(tr("&Quit"), this);
-	connect(showAction, SIGNAL(triggered()), this, SLOT(show()));
-	connect(hideAction, SIGNAL(triggered()), this, SLOT(hide()));
-	connect(quitAction, SIGNAL(triggered()), qApp, SLOT(quit()));
-	tray_menu->addAction(showAction);
-	tray_menu->addAction(hideAction);
-	tray_menu->addSeparator();
-	tray_menu->addAction(quitAction);
-
-	tray_icon->setContextMenu(tray_menu);
-
-	tray_icon->show();
-
-	if (!trayOnly)
-		show();
-	inTray = trayOnly;
-}
-
-
-void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec,
-			     const QString & msg)
-{
-	if (!QSystemTrayIcon::supportsMessages())
-		return;
-
-	if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
-		return;
-
-	tray_icon->showMessage(qAppName(), msg, type, sec * 1000);
-}
-
-
-void WpaGui::trayActivated(QSystemTrayIcon::ActivationReason how)
- {
-	switch (how) {
-	/* use close() here instead of hide() and allow the
-	 * custom closeEvent handler take care of children */
-	case QSystemTrayIcon::Trigger:
-		ackTrayIcon = true;
-		if (isVisible()) {
-			close();
-			inTray = true;
-		} else {
-			show();
-			inTray = false;
-		}
-		break;
-	case QSystemTrayIcon::MiddleClick:
-		showTrayStatus();
-		break;
-	default:
-		break;
-	}
-}
-
-
-void WpaGui::showTrayStatus()
-{
-	char buf[2048];
-	size_t len;
-
-	len = sizeof(buf) - 1;
-	if (ctrlRequest("STATUS", buf, &len) < 0)
-		return;
-	buf[len] = '\0';
-
-	QString msg, status(buf);
-
-	QStringList lines = status.split(QRegExp("\\n"));
-	for (QStringList::Iterator it = lines.begin();
-	     it != lines.end(); it++) {
-		int pos = (*it).indexOf('=') + 1;
-		if (pos < 1)
-			continue;
-
-		if ((*it).startsWith("bssid="))
-			msg.append("BSSID:\t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("ssid="))
-			msg.append("SSID: \t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("pairwise_cipher="))
-			msg.append("PAIR: \t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("group_cipher="))
-			msg.append("GROUP:\t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("key_mgmt="))
-			msg.append("AUTH: \t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("wpa_state="))
-			msg.append("STATE:\t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("ip_address="))
-			msg.append("IP:   \t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("Supplicant PAE state="))
-			msg.append("PAE:  \t" + (*it).mid(pos) + "\n");
-		else if ((*it).startsWith("EAP state="))
-			msg.append("EAP:  \t" + (*it).mid(pos) + "\n");
-	}
-
-	if (!msg.isEmpty())
-		showTrayMessage(QSystemTrayIcon::Information, 10, msg);
-}
-
-
-void WpaGui::updateTrayToolTip(const QString &msg)
-{
-	if (tray_icon)
-		tray_icon->setToolTip(msg);
-}
-
-
-void WpaGui::updateTrayIcon(TrayIconType type)
-{
-	if (!tray_icon || currentIconType == type)
-		return;
-
-	QIcon fallback_icon;
-	QStringList names;
-
-	if (QImageReader::supportedImageFormats().contains(QByteArray("svg")))
-		fallback_icon = QIcon(":/icons/wpa_gui.svg");
-	else
-		fallback_icon = QIcon(":/icons/wpa_gui.png");
-
-	switch (type) {
-	case TrayIconOffline:
-		names << "network-wireless-offline-symbolic"
-		      << "network-wireless-offline"
-		      << "network-wireless-signal-none-symbolic"
-		      << "network-wireless-signal-none";
-		break;
-	case TrayIconAcquiring:
-		names << "network-wireless-acquiring-symbolic"
-		      << "network-wireless-acquiring";
-		break;
-	case TrayIconConnected:
-		names << "network-wireless-connected-symbolic"
-		      << "network-wireless-connected";
-		break;
-	case TrayIconSignalNone:
-		names << "network-wireless-signal-none-symbolic"
-		      << "network-wireless-signal-none";
-		break;
-	case TrayIconSignalWeak:
-		names << "network-wireless-signal-weak-symbolic"
-		      << "network-wireless-signal-weak";
-		break;
-	case TrayIconSignalOk:
-		names << "network-wireless-signal-ok-symbolic"
-		      << "network-wireless-signal-ok";
-		break;
-	case TrayIconSignalGood:
-		names << "network-wireless-signal-good-symbolic"
-		      << "network-wireless-signal-good";
-		break;
-	case TrayIconSignalExcellent:
-		names << "network-wireless-signal-excellent-symbolic"
-		      << "network-wireless-signal-excellent";
-		break;
-	}
-
-	currentIconType = type;
-	tray_icon->setIcon(loadThemedIcon(names, fallback_icon));
-}
-
-
-QIcon WpaGui::loadThemedIcon(const QStringList &names,
-			     const QIcon &fallback)
-{
-	QIcon icon;
-
-	for (QStringList::ConstIterator it = names.begin();
-	     it != names.end(); it++) {
-		icon = QIcon::fromTheme(*it);
-		if (!icon.isNull())
-			return icon;
-	}
-
-	return fallback;
-}
-
-
-void WpaGui::closeEvent(QCloseEvent *event)
-{
-	if (eh) {
-		eh->close();
-		delete eh;
-		eh = NULL;
-	}
-
-	if (scanres) {
-		scanres->close();
-		delete scanres;
-		scanres = NULL;
-	}
-
-	if (peers) {
-		peers->close();
-		delete peers;
-		peers = NULL;
-	}
-
-	if (udr) {
-		udr->close();
-		delete udr;
-		udr = NULL;
-	}
-
-	if (tray_icon && !ackTrayIcon) {
-		/* give user a visual hint that the tray icon exists */
-		if (QSystemTrayIcon::supportsMessages()) {
-			hide();
-			showTrayMessage(QSystemTrayIcon::Information, 3,
-					qAppName() +
-					tr(" will keep running in "
-					   "the system tray."));
-		} else {
-			QMessageBox::information(this, qAppName() +
-						 tr(" systray"),
-						 tr("The program will keep "
-						    "running in the system "
-						    "tray."));
-		}
-		ackTrayIcon = true;
-	}
-
-	event->accept();
-}
-
-
-void WpaGui::wpsDialog()
-{
-	wpaguiTab->setCurrentWidget(wpsTab);
-}
-
-
-void WpaGui::peersDialog()
-{
-	if (peers) {
-		peers->close();
-		delete peers;
-	}
-
-	peers = new Peers();
-	if (peers == NULL)
-		return;
-	peers->setWpaGui(this);
-	peers->show();
-	peers->exec();
-}
-
-
-void WpaGui::tabChanged(int index)
-{
-	if (index != 2)
-		return;
-
-	if (wpsRunning)
-		return;
-
-	wpsApPinEdit->setEnabled(!bssFromScan.isEmpty());
-	if (bssFromScan.isEmpty())
-		wpsApPinButton->setEnabled(false);
-}
-
-
-void WpaGui::wpsPbc()
-{
-	char reply[20];
-	size_t reply_len = sizeof(reply);
-
-	if (ctrlRequest("WPS_PBC", reply, &reply_len) < 0)
-		return;
-
-	wpsPinEdit->setEnabled(false);
-	if (wpsStatusText->text().compare(tr("WPS AP in active PBC mode found"))) {
-		wpsInstructions->setText(tr("Press the push button on the AP to "
-					 "start the PBC mode."));
-	} else {
-		wpsInstructions->setText(tr("If you have not yet done so, press "
-					 "the push button on the AP to start "
-					 "the PBC mode."));
-	}
-	wpsStatusText->setText(tr("Waiting for Registrar"));
-	wpsRunning = true;
-}
-
-
-void WpaGui::wpsGeneratePin()
-{
-	char reply[20];
-	size_t reply_len = sizeof(reply) - 1;
-
-	if (ctrlRequest("WPS_PIN any", reply, &reply_len) < 0)
-		return;
-
-	reply[reply_len] = '\0';
-
-	wpsPinEdit->setText(reply);
-	wpsPinEdit->setEnabled(true);
-	wpsInstructions->setText(tr("Enter the generated PIN into the Registrar "
-				 "(either the internal one in the AP or an "
-				 "external one)."));
-	wpsStatusText->setText(tr("Waiting for Registrar"));
-	wpsRunning = true;
-}
-
-
-void WpaGui::setBssFromScan(const QString &bssid)
-{
-	bssFromScan = bssid;
-	wpsApPinEdit->setEnabled(!bssFromScan.isEmpty());
-	wpsApPinButton->setEnabled(wpsApPinEdit->text().length() == 8);
-	wpsStatusText->setText(tr("WPS AP selected from scan results"));
-	wpsInstructions->setText(tr("If you want to use an AP device PIN, e.g., "
-				 "from a label in the device, enter the eight "
-				 "digit AP PIN and click Use AP PIN button."));
-}
-
-
-void WpaGui::wpsApPinChanged(const QString &text)
-{
-	wpsApPinButton->setEnabled(text.length() == 8);
-}
-
-
-void WpaGui::wpsApPin()
-{
-	char reply[20];
-	size_t reply_len = sizeof(reply);
-
-	QString cmd("WPS_REG " + bssFromScan + " " + wpsApPinEdit->text());
-	if (ctrlRequest(cmd.toLocal8Bit().constData(), reply, &reply_len) < 0)
-		return;
-
-	wpsStatusText->setText(tr("Waiting for AP/Enrollee"));
-	wpsRunning = true;
-}
-
-
-void WpaGui::stopWpsRun(bool success)
-{
-	if (wpsRunning)
-		wpsStatusText->setText(success ? tr("Connected to the network") :
-				       tr("Stopped"));
-	else
-		wpsStatusText->setText("");
-	wpsPinEdit->setEnabled(false);
-	wpsInstructions->setText("");
-	wpsRunning = false;
-	bssFromScan = "";
-	wpsApPinEdit->setEnabled(false);
-	wpsApPinButton->setEnabled(false);
-}
-
-
-#ifdef CONFIG_NATIVE_WINDOWS
-
-#ifndef WPASVC_NAME
-#define WPASVC_NAME TEXT("wpasvc")
-#endif
-
-class ErrorMsg : public QMessageBox {
-public:
-	ErrorMsg(QWidget *parent, DWORD last_err = GetLastError());
-	void showMsg(QString msg);
-private:
-	DWORD err;
-};
-
-ErrorMsg::ErrorMsg(QWidget *parent, DWORD last_err) :
-	QMessageBox(parent), err(last_err)
-{
-	setWindowTitle(tr("wpa_gui error"));
-	setIcon(QMessageBox::Warning);
-}
-
-void ErrorMsg::showMsg(QString msg)
-{
-	LPTSTR buf;
-
-	setText(msg);
-	if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
-			  FORMAT_MESSAGE_FROM_SYSTEM,
-			  NULL, err, 0, (LPTSTR) (void *) &buf,
-			  0, NULL) > 0) {
-		QString msg = QString::fromWCharArray(buf);
-		setInformativeText(QString("[%1] %2").arg(err).arg(msg));
-		LocalFree(buf);
-	} else {
-		setInformativeText(QString("[%1]").arg(err));
-	}
-
-	exec();
-}
-
-
-void WpaGui::startService()
-{
-	SC_HANDLE svc, scm;
-
-	scm = OpenSCManager(0, 0, SC_MANAGER_CONNECT);
-	if (!scm) {
-		ErrorMsg(this).showMsg(tr("OpenSCManager failed"));
-		return;
-	}
-
-	svc = OpenService(scm, WPASVC_NAME, SERVICE_START);
-	if (!svc) {
-		ErrorMsg(this).showMsg(tr("OpenService failed"));
-		CloseServiceHandle(scm);
-		return;
-	}
-
-	if (!StartService(svc, 0, NULL)) {
-		ErrorMsg(this).showMsg(tr("Failed to start wpa_supplicant "
-				       "service"));
-	}
-
-	CloseServiceHandle(svc);
-	CloseServiceHandle(scm);
-}
-
-
-void WpaGui::stopService()
-{
-	SC_HANDLE svc, scm;
-	SERVICE_STATUS status;
-
-	scm = OpenSCManager(0, 0, SC_MANAGER_CONNECT);
-	if (!scm) {
-		ErrorMsg(this).showMsg(tr("OpenSCManager failed"));
-		return;
-	}
-
-	svc = OpenService(scm, WPASVC_NAME, SERVICE_STOP);
-	if (!svc) {
-		ErrorMsg(this).showMsg(tr("OpenService failed"));
-		CloseServiceHandle(scm);
-		return;
-	}
-
-	if (!ControlService(svc, SERVICE_CONTROL_STOP, &status)) {
-		ErrorMsg(this).showMsg(tr("Failed to stop wpa_supplicant "
-				       "service"));
-	}
-
-	CloseServiceHandle(svc);
-	CloseServiceHandle(scm);
-}
-
-
-bool WpaGui::serviceRunning()
-{
-	SC_HANDLE svc, scm;
-	SERVICE_STATUS status;
-	bool running = false;
-
-	scm = OpenSCManager(0, 0, SC_MANAGER_CONNECT);
-	if (!scm) {
-		debug("OpenSCManager failed: %d", (int) GetLastError());
-		return false;
-	}
-
-	svc = OpenService(scm, WPASVC_NAME, SERVICE_QUERY_STATUS);
-	if (!svc) {
-		debug("OpenService failed: %d", (int) GetLastError());
-		CloseServiceHandle(scm);
-		return false;
-	}
-
-	if (QueryServiceStatus(svc, &status)) {
-		if (status.dwCurrentState != SERVICE_STOPPED)
-			running = true;
-	}
-
-	CloseServiceHandle(svc);
-	CloseServiceHandle(scm);
-
-	return running;
-}
-
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-
-void WpaGui::addInterface()
-{
-	if (add_iface) {
-		add_iface->close();
-		delete add_iface;
-	}
-	add_iface = new AddInterface(this, this);
-	add_iface->show();
-	add_iface->exec();
-}
-
-
-#ifndef QT_NO_SESSIONMANAGER
-void WpaGui::saveState()
-{
-	QSettings settings("wpa_supplicant", "wpa_gui");
-	settings.beginGroup("state");
-	settings.setValue("session_id", app->sessionId());
-	settings.setValue("in_tray", inTray);
-	settings.endGroup();
-}
-#endif
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.h b/wpa_supplicant/wpa_gui-qt4/wpagui.h
deleted file mode 100644
index f0a34c97ebe8..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * wpa_gui - WpaGui class
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPAGUI_H
-#define WPAGUI_H
-
-#include <QSystemTrayIcon>
-#include <QObject>
-#include "ui_wpagui.h"
-#include "addinterface.h"
-
-class UserDataRequest;
-
-class WpaGuiApp : public QApplication
-{
-	Q_OBJECT
-public:
-	WpaGuiApp(int &argc, char **argv);
-
-#if !defined(QT_NO_SESSIONMANAGER) && QT_VERSION < 0x050000
-	virtual void saveState(QSessionManager &manager);
-#endif
-
-	WpaGui *w;
-	int argc;
-	char **argv;
-};
-
-class WpaGui : public QMainWindow, public Ui::WpaGui
-{
-	Q_OBJECT
-
-public:
-
-	enum TrayIconType {
-		TrayIconOffline = 0,
-		TrayIconAcquiring,
-		TrayIconConnected,
-		TrayIconSignalNone,
-		TrayIconSignalWeak,
-		TrayIconSignalOk,
-		TrayIconSignalGood,
-		TrayIconSignalExcellent,
-	};
-
-	WpaGui(QApplication *app, QWidget *parent = 0, const char *name = 0,
-	       Qt::WindowFlags fl = 0);
-	~WpaGui();
-
-	virtual int ctrlRequest(const char *cmd, char *buf, size_t *buflen);
-	virtual void triggerUpdate();
-	virtual void editNetwork(const QString &sel);
-	virtual void removeNetwork(const QString &sel);
-	virtual void enableNetwork(const QString &sel);
-	virtual void disableNetwork(const QString &sel);
-	virtual int getNetworkDisabled(const QString &sel);
-	void setBssFromScan(const QString &bssid);
-#ifndef QT_NO_SESSIONMANAGER
-	void saveState();
-#endif
-
-public slots:
-	virtual void parse_argv();
-	virtual void updateStatus();
-	virtual void updateNetworks();
-	virtual void helpIndex();
-	virtual void helpContents();
-	virtual void helpAbout();
-	virtual void disconnect();
-	virtual void scan();
-	virtual void eventHistory();
-	virtual void ping();
-	virtual void signalMeterUpdate();
-	virtual void processMsg(char *msg);
-	virtual void processCtrlReq(const char *req);
-	virtual void receiveMsgs();
-	virtual void connectB();
-	virtual void selectNetwork(const QString &sel);
-	virtual void editSelectedNetwork();
-	virtual void editListedNetwork();
-	virtual void removeSelectedNetwork();
-	virtual void removeListedNetwork();
-	virtual void addNetwork();
-	virtual void enableAllNetworks();
-	virtual void disableAllNetworks();
-	virtual void removeAllNetworks();
-	virtual void saveConfig();
-	virtual void selectAdapter(const QString &sel);
-	virtual void updateNetworkDisabledStatus();
-	virtual void enableListedNetwork(bool);
-	virtual void disableListedNetwork(bool);
-	virtual void showTrayMessage(QSystemTrayIcon::MessageIcon type,
-				     int sec, const QString &msg);
-	virtual void showTrayStatus();
-	virtual void updateTrayIcon(TrayIconType type);
-	virtual void updateTrayToolTip(const QString &msg);
-	virtual QIcon loadThemedIcon(const QStringList &names,
-				     const QIcon &fallback);
-	virtual void wpsDialog();
-	virtual void peersDialog();
-	virtual void tabChanged(int index);
-	virtual void wpsPbc();
-	virtual void wpsGeneratePin();
-	virtual void wpsApPinChanged(const QString &text);
-	virtual void wpsApPin();
-#ifdef CONFIG_NATIVE_WINDOWS
-	virtual void startService();
-	virtual void stopService();
-#endif /* CONFIG_NATIVE_WINDOWS */
-	virtual void addInterface();
-
-protected slots:
-	virtual void languageChange();
-	virtual void trayActivated(QSystemTrayIcon::ActivationReason how);
-	virtual void closeEvent(QCloseEvent *event);
-
-private:
-	ScanResults *scanres;
-	Peers *peers;
-	bool networkMayHaveChanged;
-	char *ctrl_iface;
-	EventHistory *eh;
-	struct wpa_ctrl *ctrl_conn;
-	QSocketNotifier *msgNotifier;
-	QTimer *timer;
-	int pingsToStatusUpdate;
-	WpaMsgList msgs;
-	char *ctrl_iface_dir;
-	struct wpa_ctrl *monitor_conn;
-	UserDataRequest *udr;
-	QAction *disconnectAction;
-	QAction *reconnectAction;
-	QAction *eventAction;
-	QAction *scanAction;
-	QAction *statAction;
-	QAction *showAction;
-	QAction *hideAction;
-	QAction *quitAction;
-	QMenu *tray_menu;
-	QSystemTrayIcon *tray_icon;
-	TrayIconType currentIconType;
-	QString wpaStateTranslate(char *state);
-	void createTrayIcon(bool);
-	bool ackTrayIcon;
-	bool startInTray;
-	bool quietMode;
-
-	int openCtrlConnection(const char *ifname);
-
-	bool wpsRunning;
-
-	QString bssFromScan;
-
-	void stopWpsRun(bool success);
-
-	QTimer *signalMeterTimer;
-	int signalMeterInterval;
-
-#ifdef CONFIG_NATIVE_WINDOWS
-	QAction *fileStartServiceAction;
-	QAction *fileStopServiceAction;
-
-	bool serviceRunning();
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-	QAction *addInterfaceAction;
-	AddInterface *add_iface;
-
-	bool connectedToService;
-
-	QApplication *app;
-	bool inTray;
-};
-
-#endif /* WPAGUI_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.ui b/wpa_supplicant/wpa_gui-qt4/wpagui.ui
deleted file mode 100644
index 9f9039f6c916..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.ui
+++ /dev/null
@@ -1,524 +0,0 @@
-<ui version="4.0" >
- <class>WpaGui</class>
- <widget class="QMainWindow" name="WpaGui" >
-  <property name="geometry" >
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>345</width>
-    <height>330</height>
-   </rect>
-  </property>
-  <property name="windowTitle" >
-   <string>wpa_gui</string>
-  </property>
-  <property name="windowIcon" >
-   <iconset resource="icons.qrc" >
-    <normaloff>:/icons/wpa_gui.svg</normaloff>:/icons/wpa_gui.svg</iconset>
-  </property>
-  <widget class="QWidget" name="widget" >
-   <layout class="QGridLayout" >
-    <item row="0" column="0" >
-     <widget class="QLabel" name="adapterLabel" >
-      <property name="text" >
-       <string>Adapter:</string>
-      </property>
-     </widget>
-    </item>
-    <item row="0" column="1" >
-     <widget class="QComboBox" name="adapterSelect" />
-    </item>
-    <item row="1" column="0" >
-     <widget class="QLabel" name="networkLabel" >
-      <property name="text" >
-       <string>Network:</string>
-      </property>
-     </widget>
-    </item>
-    <item row="1" column="1" >
-     <widget class="QComboBox" name="networkSelect" />
-    </item>
-    <item row="2" column="0" colspan="2" >
-     <widget class="QTabWidget" name="wpaguiTab" >
-      <property name="currentIndex" >
-       <number>0</number>
-      </property>
-      <widget class="QWidget" name="statusTab" >
-       <attribute name="title" >
-        <string>Current Status</string>
-       </attribute>
-       <layout class="QGridLayout" >
-        <item row="0" column="0" colspan="5" >
-         <widget class="QFrame" name="frame3" >
-          <property name="frameShape" >
-           <enum>QFrame::NoFrame</enum>
-          </property>
-          <property name="frameShadow" >
-           <enum>QFrame::Plain</enum>
-          </property>
-          <layout class="QGridLayout" >
-           <item row="0" column="0" >
-            <widget class="QLabel" name="statusLabel" >
-             <property name="text" >
-              <string>Status:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="1" column="0" >
-            <widget class="QLabel" name="lastMessageLabel" >
-             <property name="text" >
-              <string>Last message:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="2" column="0" >
-            <widget class="QLabel" name="authenticationLabel" >
-             <property name="text" >
-              <string>Authentication:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="3" column="0" >
-            <widget class="QLabel" name="encryptionLabel" >
-             <property name="text" >
-              <string>Encryption:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="4" column="0" >
-            <widget class="QLabel" name="ssidLabel" >
-             <property name="text" >
-              <string>SSID:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="5" column="0" >
-            <widget class="QLabel" name="bssidLabel" >
-             <property name="text" >
-              <string>BSSID:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="6" column="0" >
-            <widget class="QLabel" name="ipAddressLabel" >
-             <property name="text" >
-              <string>IP address:</string>
-             </property>
-            </widget>
-           </item>
-           <item row="0" column="1" >
-            <widget class="QLabel" name="textStatus" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-           <item row="1" column="1" colspan="3" >
-            <widget class="QLabel" name="textLastMessage" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-           <item row="2" column="1" >
-            <widget class="QLabel" name="textAuthentication" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-           <item row="3" column="1" >
-            <widget class="QLabel" name="textEncryption" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-           <item row="4" column="1" >
-            <widget class="QLabel" name="textSsid" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-           <item row="5" column="1" >
-            <widget class="QLabel" name="textBssid" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-           <item row="6" column="1" >
-            <widget class="QLabel" name="textIpAddress" >
-             <property name="text" >
-              <string/>
-             </property>
-            </widget>
-           </item>
-          </layout>
-         </widget>
-        </item>
-        <item row="1" column="0" >
-         <spacer>
-          <property name="orientation" >
-           <enum>Qt::Vertical</enum>
-          </property>
-          <property name="sizeHint" >
-           <size>
-            <width>20</width>
-            <height>40</height>
-           </size>
-          </property>
-         </spacer>
-        </item>
-        <item row="1" column="1" >
-         <widget class="QPushButton" name="connectButton" >
-          <property name="text" >
-           <string>Connect</string>
-          </property>
-         </widget>
-        </item>
-        <item row="1" column="2" >
-         <widget class="QPushButton" name="disconnectButton" >
-          <property name="text" >
-           <string>Disconnect</string>
-          </property>
-         </widget>
-        </item>
-        <item row="1" column="3" >
-         <widget class="QPushButton" name="scanButton" >
-          <property name="text" >
-           <string>Scan</string>
-          </property>
-         </widget>
-        </item>
-        <item row="1" column="4" >
-         <spacer>
-          <property name="orientation" >
-           <enum>Qt::Vertical</enum>
-          </property>
-          <property name="sizeHint" >
-           <size>
-            <width>20</width>
-            <height>40</height>
-           </size>
-          </property>
-         </spacer>
-        </item>
-       </layout>
-      </widget>
-      <widget class="QWidget" name="networkconfigTab" >
-       <attribute name="title" >
-        <string>Manage Networks</string>
-       </attribute>
-       <layout class="QGridLayout" >
-        <item row="0" column="0" colspan="5" >
-         <widget class="QListWidget" name="networkList" >
-          <property name="selectionRectVisible" >
-           <bool>true</bool>
-          </property>
-         </widget>
-        </item>
-        <item rowspan="2" row="1" column="0" >
-         <spacer>
-          <property name="orientation" >
-           <enum>Qt::Vertical</enum>
-          </property>
-          <property name="sizeHint" >
-           <size>
-            <width>20</width>
-            <height>61</height>
-           </size>
-          </property>
-         </spacer>
-        </item>
-        <item row="1" column="1" >
-         <widget class="QRadioButton" name="enableRadioButton" >
-          <property name="text" >
-           <string>Enabled</string>
-          </property>
-         </widget>
-        </item>
-        <item row="1" column="2" >
-         <widget class="QPushButton" name="editNetworkButton" >
-          <property name="text" >
-           <string>Edit</string>
-          </property>
-         </widget>
-        </item>
-        <item row="1" column="3" >
-         <widget class="QPushButton" name="removeNetworkButton" >
-          <property name="text" >
-           <string>Remove</string>
-          </property>
-         </widget>
-        </item>
-        <item rowspan="2" row="1" column="4" >
-         <spacer>
-          <property name="orientation" >
-           <enum>Qt::Vertical</enum>
-          </property>
-          <property name="sizeHint" >
-           <size>
-            <width>20</width>
-            <height>61</height>
-           </size>
-          </property>
-         </spacer>
-        </item>
-        <item row="2" column="1" >
-         <widget class="QRadioButton" name="disableRadioButton" >
-          <property name="text" >
-           <string>Disabled</string>
-          </property>
-         </widget>
-        </item>
-        <item row="2" column="2" >
-         <widget class="QPushButton" name="addNetworkButton" >
-          <property name="text" >
-           <string>Add</string>
-          </property>
-         </widget>
-        </item>
-        <item row="2" column="3" >
-         <widget class="QPushButton" name="scanNetworkButton" >
-          <property name="text" >
-           <string>Scan</string>
-          </property>
-         </widget>
-        </item>
-       </layout>
-      </widget>
-      <widget class="QWidget" name="wpsTab" >
-       <attribute name="title" >
-        <string>WPS</string>
-       </attribute>
-       <layout class="QGridLayout" name="wpsGridLayout" >
-        <item row="0" column="0" >
-         <widget class="QLabel" name="label_2" >
-          <property name="text" >
-           <string>Status:</string>
-          </property>
-         </widget>
-        </item>
-        <item row="0" column="1" colspan="3" >
-         <widget class="QLabel" name="wpsStatusText" >
-          <property name="text" >
-           <string/>
-          </property>
-         </widget>
-        </item>
-        <item row="1" column="0" colspan="2" >
-         <widget class="QPushButton" name="wpsPbcButton" >
-          <property name="text" >
-           <string>PBC - push button</string>
-          </property>
-         </widget>
-        </item>
-        <item row="2" column="0" colspan="2" >
-         <widget class="QPushButton" name="wpsPinButton" >
-          <property name="text" >
-           <string>Generate PIN</string>
-          </property>
-         </widget>
-        </item>
-        <item row="2" column="2" >
-         <widget class="QLabel" name="label" >
-          <property name="text" >
-           <string>PIN:</string>
-          </property>
-         </widget>
-        </item>
-        <item row="2" column="3" >
-         <widget class="QLineEdit" name="wpsPinEdit" >
-          <property name="enabled" >
-           <bool>false</bool>
-          </property>
-          <property name="readOnly" >
-           <bool>true</bool>
-          </property>
-         </widget>
-        </item>
-        <item row="3" column="0" colspan="2" >
-         <widget class="QPushButton" name="wpsApPinButton" >
-          <property name="enabled" >
-           <bool>false</bool>
-          </property>
-          <property name="text" >
-           <string>Use AP PIN</string>
-          </property>
-         </widget>
-        </item>
-        <item row="3" column="2" >
-         <widget class="QLabel" name="label_3" >
-          <property name="text" >
-           <string>AP PIN:</string>
-          </property>
-         </widget>
-        </item>
-        <item row="3" column="3" >
-         <widget class="QLineEdit" name="wpsApPinEdit" >
-          <property name="enabled" >
-           <bool>false</bool>
-          </property>
-         </widget>
-        </item>
-        <item row="4" column="0" colspan="4" >
-         <widget class="QTextEdit" name="wpsInstructions" >
-          <property name="readOnly" >
-           <bool>true</bool>
-          </property>
-         </widget>
-        </item>
-       </layout>
-      </widget>
-     </widget>
-    </item>
-   </layout>
-  </widget>
-  <widget class="QMenuBar" name="MenuBar" >
-   <property name="geometry" >
-    <rect>
-     <x>0</x>
-     <y>0</y>
-     <width>345</width>
-     <height>24</height>
-    </rect>
-   </property>
-   <widget class="QMenu" name="fileMenu" >
-    <property name="title" >
-     <string>&amp;File</string>
-    </property>
-    <addaction name="fileEventHistoryAction" />
-    <addaction name="fileSaveConfigAction" />
-    <addaction name="actionWPS" />
-    <addaction name="actionPeers" />
-    <addaction name="separator" />
-    <addaction name="fileExitAction" />
-   </widget>
-   <widget class="QMenu" name="networkMenu" >
-    <property name="title" >
-     <string>&amp;Network</string>
-    </property>
-    <addaction name="networkAddAction" />
-    <addaction name="networkEditAction" />
-    <addaction name="networkRemoveAction" />
-    <addaction name="separator" />
-    <addaction name="networkEnableAllAction" />
-    <addaction name="networkDisableAllAction" />
-    <addaction name="networkRemoveAllAction" />
-   </widget>
-   <widget class="QMenu" name="helpMenu" >
-    <property name="title" >
-     <string>&amp;Help</string>
-    </property>
-    <addaction name="helpContentsAction" />
-    <addaction name="helpIndexAction" />
-    <addaction name="separator" />
-    <addaction name="helpAboutAction" />
-   </widget>
-   <addaction name="fileMenu" />
-   <addaction name="networkMenu" />
-   <addaction name="helpMenu" />
-  </widget>
-  <action name="fileEventHistoryAction" >
-   <property name="text" >
-    <string>Event &amp;History</string>
-   </property>
-  </action>
-  <action name="fileSaveConfigAction" >
-   <property name="text" >
-    <string>&amp;Save Configuration</string>
-   </property>
-   <property name="shortcut" >
-    <string>Ctrl+S</string>
-   </property>
-  </action>
-  <action name="fileExitAction" >
-   <property name="text" >
-    <string>E&amp;xit</string>
-   </property>
-   <property name="shortcut" >
-    <string>Ctrl+Q</string>
-   </property>
-  </action>
-  <action name="networkAddAction" >
-   <property name="text" >
-    <string>&amp;Add</string>
-   </property>
-  </action>
-  <action name="networkEditAction" >
-   <property name="text" >
-    <string>&amp;Edit</string>
-   </property>
-  </action>
-  <action name="networkRemoveAction" >
-   <property name="text" >
-    <string>&amp;Remove</string>
-   </property>
-  </action>
-  <action name="networkEnableAllAction" >
-   <property name="text" >
-    <string>E&amp;nable All</string>
-   </property>
-  </action>
-  <action name="networkDisableAllAction" >
-   <property name="text" >
-    <string>&amp;Disable All</string>
-   </property>
-  </action>
-  <action name="networkRemoveAllAction" >
-   <property name="text" >
-    <string>Re&amp;move All</string>
-   </property>
-  </action>
-  <action name="helpContentsAction" >
-   <property name="enabled" >
-    <bool>false</bool>
-   </property>
-   <property name="text" >
-    <string>&amp;Contents...</string>
-   </property>
-  </action>
-  <action name="helpIndexAction" >
-   <property name="enabled" >
-    <bool>false</bool>
-   </property>
-   <property name="text" >
-    <string>&amp;Index...</string>
-   </property>
-  </action>
-  <action name="helpAboutAction" >
-   <property name="text" >
-    <string>&amp;About</string>
-   </property>
-  </action>
-  <action name="actionWPS" >
-   <property name="enabled" >
-    <bool>false</bool>
-   </property>
-   <property name="text" >
-    <string>&amp;Wi-Fi Protected Setup</string>
-   </property>
-  </action>
-  <action name="actionPeers" >
-   <property name="text" >
-    <string>&amp;Peers</string>
-   </property>
-  </action>
- </widget>
- <layoutdefault spacing="6" margin="11" />
- <pixmapfunction></pixmapfunction>
- <includes>
-  <include location="global" >qtimer.h</include>
-  <include location="global" >qsocketnotifier.h</include>
-  <include location="local" >wpamsg.h</include>
-  <include location="local" >eventhistory.h</include>
-  <include location="local" >scanresults.h</include>
-  <include location="local" >peers.h</include>
- </includes>
- <resources>
-  <include location="icons.qrc" />
- </resources>
- <connections/>
-</ui>
diff --git a/wpa_supplicant/wpa_gui-qt4/wpamsg.h b/wpa_supplicant/wpa_gui-qt4/wpamsg.h
deleted file mode 100644
index 8f2fcdc41988..000000000000
--- a/wpa_supplicant/wpa_gui-qt4/wpamsg.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * wpa_gui - WpaMsg class for storing event messages
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPAMSG_H
-#define WPAMSG_H
-
-#include <QDateTime>
-#include <QLinkedList>
-
-class WpaMsg {
-public:
-	WpaMsg(const QString &_msg, int _priority = 2)
-		: msg(_msg), priority(_priority)
-	{
-		timestamp = QDateTime::currentDateTime();
-	}
-
-	QString getMsg() const { return msg; }
-	int getPriority() const { return priority; }
-	QDateTime getTimestamp() const { return timestamp; }
-
-private:
-	QString msg;
-	int priority;
-	QDateTime timestamp;
-};
-
-typedef QLinkedList<WpaMsg> WpaMsgList;
-
-#endif /* WPAMSG_H */
diff --git a/wpa_supplicant/wpa_passphrase.c b/wpa_supplicant/wpa_passphrase.c
deleted file mode 100644
index 538997e62580..000000000000
--- a/wpa_supplicant/wpa_passphrase.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * WPA Supplicant - ASCII passphrase to WPA PSK tool
- * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto/sha1.h"
-
-
-int main(int argc, char *argv[])
-{
-	unsigned char psk[32];
-	int i;
-	char *ssid, *passphrase, buf[64], *pos;
-	size_t len;
-
-	if (argc < 2) {
-		printf("usage: wpa_passphrase <ssid> [passphrase]\n"
-			"\nIf passphrase is left out, it will be read from "
-			"stdin\n");
-		return 1;
-	}
-
-	ssid = argv[1];
-
-	if (argc > 2) {
-		passphrase = argv[2];
-	} else {
-		fprintf(stderr, "# reading passphrase from stdin\n");
-		if (fgets(buf, sizeof(buf), stdin) == NULL) {
-			fprintf(stderr, "Failed to read passphrase\n");
-			return 1;
-		}
-		buf[sizeof(buf) - 1] = '\0';
-		pos = buf;
-		while (*pos != '\0') {
-			if (*pos == '\r' || *pos == '\n') {
-				*pos = '\0';
-				break;
-			}
-			pos++;
-		}
-		passphrase = buf;
-	}
-
-	len = os_strlen(passphrase);
-	if (len < 8 || len > 63) {
-		fprintf(stderr, "Passphrase must be 8..63 characters\n");
-		return 1;
-	}
-	if (has_ctrl_char((u8 *) passphrase, len)) {
-		fprintf(stderr, "Invalid passphrase character\n");
-		return 1;
-	}
-
-	pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32);
-
-	printf("network={\n");
-	printf("\tssid=\"%s\"\n", ssid);
-	printf("\t#psk=\"%s\"\n", passphrase);
-	printf("\tpsk=");
-	for (i = 0; i < 32; i++)
-		printf("%02x", psk[i]);
-	printf("\n");
-	printf("}\n");
-
-	return 0;
-}
diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c
deleted file mode 100644
index c5d7168690f7..000000000000
--- a/wpa_supplicant/wpa_priv.c
+++ /dev/null
@@ -1,1292 +0,0 @@
-/*
- * WPA Supplicant / privileged helper program
- * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#ifdef __linux__
-#include <fcntl.h>
-#endif /* __linux__ */
-#include <sys/un.h>
-#include <sys/stat.h>
-
-#include "common.h"
-#include "eloop.h"
-#include "common/version.h"
-#include "drivers/driver.h"
-#include "l2_packet/l2_packet.h"
-#include "common/privsep_commands.h"
-#include "common/ieee802_11_defs.h"
-
-#define WPA_PRIV_MAX_L2 3
-
-struct wpa_priv_interface {
-	struct wpa_priv_interface *next;
-	char *driver_name;
-	char *ifname;
-	char *sock_name;
-	int fd;
-
-	void *ctx;
-
-	const struct wpa_driver_ops *driver;
-	void *drv_priv;
-	void *drv_global_priv;
-	struct sockaddr_un drv_addr;
-	socklen_t drv_addr_len;
-	int wpas_registered;
-
-	struct l2_packet_data *l2[WPA_PRIV_MAX_L2];
-	struct sockaddr_un l2_addr[WPA_PRIV_MAX_L2];
-	socklen_t l2_addr_len[WPA_PRIV_MAX_L2];
-	struct wpa_priv_l2 {
-		struct wpa_priv_interface *parent;
-		int idx;
-	} l2_ctx[WPA_PRIV_MAX_L2];
-};
-
-struct wpa_priv_global {
-	struct wpa_priv_interface *interfaces;
-};
-
-
-static void wpa_priv_cmd_register(struct wpa_priv_interface *iface,
-				  struct sockaddr_un *from, socklen_t fromlen)
-{
-	int i;
-
-	if (iface->drv_priv) {
-		wpa_printf(MSG_DEBUG, "Cleaning up forgotten driver instance");
-		if (iface->driver->deinit)
-			iface->driver->deinit(iface->drv_priv);
-		iface->drv_priv = NULL;
-		if (iface->drv_global_priv) {
-			iface->driver->global_deinit(iface->drv_global_priv);
-			iface->drv_global_priv = NULL;
-		}
-		iface->wpas_registered = 0;
-	}
-
-	for (i = 0; i < WPA_PRIV_MAX_L2; i++) {
-		if (iface->l2[i]) {
-			wpa_printf(MSG_DEBUG,
-				   "Cleaning up forgotten l2_packet instance");
-			l2_packet_deinit(iface->l2[i]);
-			iface->l2[i] = NULL;
-		}
-	}
-
-	if (iface->driver->init2) {
-		if (iface->driver->global_init) {
-			iface->drv_global_priv =
-				iface->driver->global_init(iface->ctx);
-			if (!iface->drv_global_priv) {
-				wpa_printf(MSG_INFO,
-					   "Failed to initialize driver global context");
-				return;
-			}
-		} else {
-			iface->drv_global_priv = NULL;
-		}
-		iface->drv_priv = iface->driver->init2(iface, iface->ifname,
-						       iface->drv_global_priv);
-	} else if (iface->driver->init) {
-		iface->drv_priv = iface->driver->init(iface, iface->ifname);
-	} else {
-		return;
-	}
-	if (iface->drv_priv == NULL) {
-		wpa_printf(MSG_DEBUG, "Failed to initialize driver wrapper");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "Driver wrapper '%s' initialized for interface "
-		   "'%s'", iface->driver_name, iface->ifname);
-
-	os_memcpy(&iface->drv_addr, from, fromlen);
-	iface->drv_addr_len = fromlen;
-	iface->wpas_registered = 1;
-
-	if (iface->driver->set_param &&
-	    iface->driver->set_param(iface->drv_priv, NULL) < 0) {
-		wpa_printf(MSG_ERROR, "Driver interface rejected param");
-	}
-}
-
-
-static void wpa_priv_cmd_unregister(struct wpa_priv_interface *iface,
-				    struct sockaddr_un *from)
-{
-	if (iface->drv_priv) {
-		if (iface->driver->deinit)
-			iface->driver->deinit(iface->drv_priv);
-		iface->drv_priv = NULL;
-		if (iface->drv_global_priv) {
-			iface->driver->global_deinit(iface->drv_global_priv);
-			iface->drv_global_priv = NULL;
-		}
-		iface->wpas_registered = 0;
-	}
-}
-
-
-static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface,
-			      void *buf, size_t len)
-{
-	struct wpa_driver_scan_params params;
-	struct privsep_cmd_scan *scan;
-	unsigned int i;
-	int freqs[PRIVSEP_MAX_SCAN_FREQS + 1];
-
-	if (iface->drv_priv == NULL)
-		return;
-
-	if (len < sizeof(*scan)) {
-		wpa_printf(MSG_DEBUG, "Invalid scan request");
-		return;
-	}
-
-	scan = buf;
-
-	os_memset(&params, 0, sizeof(params));
-	if (scan->num_ssids > WPAS_MAX_SCAN_SSIDS) {
-		wpa_printf(MSG_DEBUG, "Invalid scan request (num_ssids)");
-		return;
-	}
-	params.num_ssids = scan->num_ssids;
-	for (i = 0; i < scan->num_ssids; i++) {
-		params.ssids[i].ssid = scan->ssids[i];
-		params.ssids[i].ssid_len = scan->ssid_lens[i];
-	}
-
-	if (scan->num_freqs > PRIVSEP_MAX_SCAN_FREQS) {
-		wpa_printf(MSG_DEBUG, "Invalid scan request (num_freqs)");
-		return;
-	}
-	if (scan->num_freqs) {
-		for (i = 0; i < scan->num_freqs; i++)
-			freqs[i] = scan->freqs[i];
-		freqs[i] = 0;
-		params.freqs = freqs;
-	}
-
-	if (iface->driver->scan2)
-		iface->driver->scan2(iface->drv_priv, &params);
-}
-
-
-static void wpa_priv_get_scan_results2(struct wpa_priv_interface *iface,
-				       struct sockaddr_un *from,
-				       socklen_t fromlen)
-{
-	struct wpa_scan_results *res;
-	u8 *buf = NULL, *pos, *end;
-	int val;
-	size_t i;
-
-	res = iface->driver->get_scan_results2(iface->drv_priv);
-	if (res == NULL)
-		goto fail;
-
-	buf = os_malloc(60000);
-	if (buf == NULL)
-		goto fail;
-	pos = buf;
-	end = buf + 60000;
-	val = res->num;
-	os_memcpy(pos, &val, sizeof(int));
-	pos += sizeof(int);
-
-	for (i = 0; i < res->num; i++) {
-		struct wpa_scan_res *r = res->res[i];
-		val = sizeof(*r) + r->ie_len + r->beacon_ie_len;
-		if (end - pos < (int) sizeof(int) + val)
-			break;
-		os_memcpy(pos, &val, sizeof(int));
-		pos += sizeof(int);
-		os_memcpy(pos, r, val);
-		pos += val;
-	}
-
-	sendto(iface->fd, buf, pos - buf, 0, (struct sockaddr *) from, fromlen);
-
-	os_free(buf);
-	wpa_scan_results_free(res);
-	return;
-
-fail:
-	os_free(buf);
-	wpa_scan_results_free(res);
-	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen);
-}
-
-
-static void wpa_priv_cmd_get_scan_results(struct wpa_priv_interface *iface,
-					  struct sockaddr_un *from,
-					  socklen_t fromlen)
-{
-	if (iface->drv_priv == NULL)
-		return;
-
-	if (iface->driver->get_scan_results2)
-		wpa_priv_get_scan_results2(iface, from, fromlen);
-	else
-		sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen);
-}
-
-
-static void wpa_priv_cmd_authenticate(struct wpa_priv_interface *iface,
-				      void *buf, size_t len)
-{
-	struct wpa_driver_auth_params params;
-	struct privsep_cmd_authenticate *auth;
-	int res, i;
-
-	if (iface->drv_priv == NULL || iface->driver->authenticate == NULL)
-		return;
-
-	if (len < sizeof(*auth)) {
-		wpa_printf(MSG_DEBUG, "Invalid authentication request");
-		return;
-	}
-
-	auth = buf;
-	if (sizeof(*auth) + auth->ie_len + auth->auth_data_len > len) {
-		wpa_printf(MSG_DEBUG, "Authentication request overflow");
-		return;
-	}
-
-	os_memset(&params, 0, sizeof(params));
-	params.freq = auth->freq;
-	params.bssid = auth->bssid;
-	params.ssid = auth->ssid;
-	if (auth->ssid_len > SSID_MAX_LEN)
-		return;
-	params.ssid_len = auth->ssid_len;
-	params.auth_alg = auth->auth_alg;
-	for (i = 0; i < 4; i++) {
-		if (auth->wep_key_len[i]) {
-			params.wep_key[i] = auth->wep_key[i];
-			params.wep_key_len[i] = auth->wep_key_len[i];
-		}
-	}
-	params.wep_tx_keyidx = auth->wep_tx_keyidx;
-	params.local_state_change = auth->local_state_change;
-	params.p2p = auth->p2p;
-	if (auth->ie_len) {
-		params.ie = (u8 *) (auth + 1);
-		params.ie_len = auth->ie_len;
-	}
-	if (auth->auth_data_len) {
-		params.auth_data = ((u8 *) (auth + 1)) + auth->ie_len;
-		params.auth_data_len = auth->auth_data_len;
-	}
-
-	res = iface->driver->authenticate(iface->drv_priv, &params);
-	wpa_printf(MSG_DEBUG, "drv->authenticate: res=%d", res);
-}
-
-
-static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface,
-				   void *buf, size_t len)
-{
-	struct wpa_driver_associate_params params;
-	struct privsep_cmd_associate *assoc;
-	u8 *bssid;
-	int res;
-
-	if (iface->drv_priv == NULL || iface->driver->associate == NULL)
-		return;
-
-	if (len < sizeof(*assoc)) {
-		wpa_printf(MSG_DEBUG, "Invalid association request");
-		return;
-	}
-
-	assoc = buf;
-	if (sizeof(*assoc) + assoc->wpa_ie_len > len) {
-		wpa_printf(MSG_DEBUG, "Association request overflow");
-		return;
-	}
-
-	os_memset(&params, 0, sizeof(params));
-	bssid = assoc->bssid;
-	if (bssid[0] | bssid[1] | bssid[2] | bssid[3] | bssid[4] | bssid[5])
-		params.bssid = bssid;
-	params.ssid = assoc->ssid;
-	if (assoc->ssid_len > SSID_MAX_LEN)
-		return;
-	params.ssid_len = assoc->ssid_len;
-	params.freq.mode = assoc->hwmode;
-	params.freq.freq = assoc->freq;
-	params.freq.channel = assoc->channel;
-	if (assoc->wpa_ie_len) {
-		params.wpa_ie = (u8 *) (assoc + 1);
-		params.wpa_ie_len = assoc->wpa_ie_len;
-	}
-	params.pairwise_suite = assoc->pairwise_suite;
-	params.group_suite = assoc->group_suite;
-	params.key_mgmt_suite = assoc->key_mgmt_suite;
-	params.auth_alg = assoc->auth_alg;
-	params.mode = assoc->mode;
-
-	res = iface->driver->associate(iface->drv_priv, &params);
-	wpa_printf(MSG_DEBUG, "drv->associate: res=%d", res);
-}
-
-
-static void wpa_priv_cmd_get_bssid(struct wpa_priv_interface *iface,
-				   struct sockaddr_un *from, socklen_t fromlen)
-{
-	u8 bssid[ETH_ALEN];
-
-	if (iface->drv_priv == NULL)
-		goto fail;
-
-	if (iface->driver->get_bssid == NULL ||
-	    iface->driver->get_bssid(iface->drv_priv, bssid) < 0)
-		goto fail;
-
-	sendto(iface->fd, bssid, ETH_ALEN, 0, (struct sockaddr *) from,
-	       fromlen);
-	return;
-
-fail:
-	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen);
-}
-
-
-static void wpa_priv_cmd_get_ssid(struct wpa_priv_interface *iface,
-				  struct sockaddr_un *from, socklen_t fromlen)
-{
-	u8 ssid[sizeof(int) + SSID_MAX_LEN];
-	int res;
-
-	if (iface->drv_priv == NULL)
-		goto fail;
-
-	if (iface->driver->get_ssid == NULL)
-		goto fail;
-
-	os_memset(ssid, 0, sizeof(ssid));
-	res = iface->driver->get_ssid(iface->drv_priv, &ssid[sizeof(int)]);
-	if (res < 0 || res > SSID_MAX_LEN)
-		goto fail;
-	os_memcpy(ssid, &res, sizeof(int));
-
-	sendto(iface->fd, ssid, sizeof(ssid), 0, (struct sockaddr *) from,
-	       fromlen);
-	return;
-
-fail:
-	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen);
-}
-
-
-static void wpa_priv_cmd_set_key(struct wpa_priv_interface *iface,
-				 void *buf, size_t len)
-{
-	struct privsep_cmd_set_key *params;
-	int res;
-	struct wpa_driver_set_key_params p;
-
-	if (iface->drv_priv == NULL || iface->driver->set_key == NULL)
-		return;
-
-	if (len != sizeof(*params)) {
-		wpa_printf(MSG_DEBUG, "Invalid set_key request");
-		return;
-	}
-
-	params = buf;
-
-	os_memset(&p, 0, sizeof(p));
-	p.ifname = iface->ifname;
-	p.alg = params->alg;
-	p.addr = params->addr;
-	p.key_idx = params->key_idx;
-	p.set_tx = params->set_tx;
-	p.seq = params->seq_len ? params->seq : NULL;
-	p.seq_len = params->seq_len;
-	p.key = params->key_len ? params->key : NULL;
-	p.key_len = params->key_len;
-	p.key_flag = params->key_flag;
-
-	res = iface->driver->set_key(iface->drv_priv, &p);
-	wpa_printf(MSG_DEBUG, "drv->set_key: res=%d", res);
-}
-
-
-static void wpa_priv_cmd_get_capa(struct wpa_priv_interface *iface,
-				  struct sockaddr_un *from, socklen_t fromlen)
-{
-	struct wpa_driver_capa capa;
-
-	if (iface->drv_priv == NULL)
-		goto fail;
-
-	if (iface->driver->get_capa == NULL ||
-	    iface->driver->get_capa(iface->drv_priv, &capa) < 0)
-		goto fail;
-
-	/* For now, no support for passing extended_capa pointers */
-	capa.extended_capa = NULL;
-	capa.extended_capa_mask = NULL;
-	capa.extended_capa_len = 0;
-	sendto(iface->fd, &capa, sizeof(capa), 0, (struct sockaddr *) from,
-	       fromlen);
-	return;
-
-fail:
-	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen);
-}
-
-
-static void wpa_priv_l2_rx(void *ctx, const u8 *src_addr, const u8 *buf,
-			   size_t len)
-{
-	struct wpa_priv_l2 *l2_ctx = ctx;
-	struct wpa_priv_interface *iface = l2_ctx->parent;
-	struct msghdr msg;
-	struct iovec io[2];
-
-	io[0].iov_base = (u8 *) src_addr;
-	io[0].iov_len = ETH_ALEN;
-	io[1].iov_base = (u8 *) buf;
-	io[1].iov_len = len;
-
-	os_memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = io;
-	msg.msg_iovlen = 2;
-	msg.msg_name = &iface->l2_addr[l2_ctx->idx];
-	msg.msg_namelen = iface->l2_addr_len[l2_ctx->idx];
-
-	if (sendmsg(iface->fd, &msg, 0) < 0) {
-		wpa_printf(MSG_ERROR, "sendmsg(l2 rx): %s", strerror(errno));
-	}
-}
-
-
-static int wpa_priv_allowed_l2_proto(u16 proto)
-{
-	return proto == ETH_P_EAPOL || proto == ETH_P_RSN_PREAUTH ||
-		proto == ETH_P_80211_ENCAP;
-}
-
-
-static void wpa_priv_cmd_l2_register(struct wpa_priv_interface *iface,
-				     struct sockaddr_un *from,
-				     socklen_t fromlen,
-				     void *buf, size_t len)
-{
-	int *reg_cmd = buf;
-	u8 own_addr[ETH_ALEN];
-	int res;
-	u16 proto;
-	int idx;
-
-	if (len != 2 * sizeof(int)) {
-		wpa_printf(MSG_DEBUG, "Invalid l2_register length %lu",
-			   (unsigned long) len);
-		return;
-	}
-
-	proto = reg_cmd[0];
-	if (!wpa_priv_allowed_l2_proto(proto)) {
-		wpa_printf(MSG_DEBUG, "Refused l2_packet connection for "
-			   "ethertype 0x%x", proto);
-		return;
-	}
-
-	for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) {
-		if (!iface->l2[idx])
-			break;
-	}
-	if (idx == WPA_PRIV_MAX_L2) {
-		wpa_printf(MSG_DEBUG, "No free l2_packet connection found");
-		return;
-	}
-
-	os_memcpy(&iface->l2_addr[idx], from, fromlen);
-	iface->l2_addr_len[idx] = fromlen;
-
-	iface->l2_ctx[idx].idx = idx;
-	iface->l2_ctx[idx].parent = iface;
-	iface->l2[idx] = l2_packet_init(iface->ifname, NULL, proto,
-					wpa_priv_l2_rx, &iface->l2_ctx[idx],
-					reg_cmd[1]);
-	if (!iface->l2[idx]) {
-		wpa_printf(MSG_DEBUG, "Failed to initialize l2_packet "
-			   "instance for protocol %d", proto);
-		return;
-	}
-
-	if (l2_packet_get_own_addr(iface->l2[idx], own_addr) < 0) {
-		wpa_printf(MSG_DEBUG, "Failed to get own address from "
-			   "l2_packet");
-		l2_packet_deinit(iface->l2[idx]);
-		iface->l2[idx] = NULL;
-		return;
-	}
-
-	res = sendto(iface->fd, own_addr, ETH_ALEN, 0,
-		     (struct sockaddr *) from, fromlen);
-	wpa_printf(MSG_DEBUG, "L2 registration[idx=%d]: res=%d", idx, res);
-}
-
-
-static void wpa_priv_cmd_l2_unregister(struct wpa_priv_interface *iface,
-				       struct sockaddr_un *from,
-				       socklen_t fromlen)
-{
-	int idx;
-
-	for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) {
-		if (iface->l2_addr_len[idx] == fromlen &&
-		    os_memcmp(&iface->l2_addr[idx], from, fromlen) == 0)
-			break;
-	}
-	if (idx == WPA_PRIV_MAX_L2) {
-		wpa_printf(MSG_DEBUG,
-			   "No registered l2_packet socket found for unregister request");
-		return;
-	}
-
-	if (iface->l2[idx]) {
-		l2_packet_deinit(iface->l2[idx]);
-		iface->l2[idx] = NULL;
-	}
-}
-
-
-static void wpa_priv_cmd_l2_notify_auth_start(struct wpa_priv_interface *iface,
-					      struct sockaddr_un *from)
-{
-	int idx;
-
-	for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) {
-		if (iface->l2[idx])
-			l2_packet_notify_auth_start(iface->l2[idx]);
-	}
-}
-
-
-static void wpa_priv_cmd_l2_send(struct wpa_priv_interface *iface,
-				 struct sockaddr_un *from, socklen_t fromlen,
-				 void *buf, size_t len)
-{
-	u8 *dst_addr;
-	u16 proto;
-	int res;
-	int idx;
-
-	for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) {
-		if (iface->l2_addr_len[idx] == fromlen &&
-		    os_memcmp(&iface->l2_addr[idx], from, fromlen) == 0)
-			break;
-	}
-	if (idx == WPA_PRIV_MAX_L2) {
-		wpa_printf(MSG_DEBUG,
-			   "No registered l2_packet socket found for send request");
-		return;
-	}
-
-	if (iface->l2[idx] == NULL)
-		return;
-
-	if (len < ETH_ALEN + 2) {
-		wpa_printf(MSG_DEBUG, "Too short L2 send packet (len=%lu)",
-			   (unsigned long) len);
-		return;
-	}
-
-	dst_addr = buf;
-	os_memcpy(&proto, (char *) buf + ETH_ALEN, 2);
-
-	if (!wpa_priv_allowed_l2_proto(proto)) {
-		wpa_printf(MSG_DEBUG, "Refused l2_packet send for ethertype "
-			   "0x%x", proto);
-		return;
-	}
-
-	res = l2_packet_send(iface->l2[idx], dst_addr, proto,
-			     (unsigned char *) buf + ETH_ALEN + 2,
-			     len - ETH_ALEN - 2);
-	wpa_printf(MSG_DEBUG, "L2 send[idx=%d]: res=%d", idx, res);
-}
-
-
-static void wpa_priv_cmd_set_country(struct wpa_priv_interface *iface,
-				     char *buf)
-{
-	if (iface->drv_priv == NULL || iface->driver->set_country == NULL ||
-	    *buf == '\0')
-		return;
-
-	iface->driver->set_country(iface->drv_priv, buf);
-}
-
-
-static void wpa_priv_receive(int sock, void *eloop_ctx, void *sock_ctx)
-{
-	struct wpa_priv_interface *iface = eloop_ctx;
-	char buf[2000], *pos;
-	void *cmd_buf;
-	size_t cmd_len;
-	int res, cmd;
-	struct sockaddr_un from;
-	socklen_t fromlen = sizeof(from);
-
-	res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &from,
-		       &fromlen);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom: %s", strerror(errno));
-		return;
-	}
-
-	if (res < (int) sizeof(int)) {
-		wpa_printf(MSG_DEBUG, "Too short command (len=%d)", res);
-		return;
-	}
-
-	os_memcpy(&cmd, buf, sizeof(int));
-	wpa_printf(MSG_DEBUG, "Command %d for interface %s",
-		   cmd, iface->ifname);
-	cmd_buf = &buf[sizeof(int)];
-	cmd_len = res - sizeof(int);
-
-	switch (cmd) {
-	case PRIVSEP_CMD_REGISTER:
-		wpa_priv_cmd_register(iface, &from, fromlen);
-		break;
-	case PRIVSEP_CMD_UNREGISTER:
-		wpa_priv_cmd_unregister(iface, &from);
-		break;
-	case PRIVSEP_CMD_SCAN:
-		wpa_priv_cmd_scan(iface, cmd_buf, cmd_len);
-		break;
-	case PRIVSEP_CMD_GET_SCAN_RESULTS:
-		wpa_priv_cmd_get_scan_results(iface, &from, fromlen);
-		break;
-	case PRIVSEP_CMD_ASSOCIATE:
-		wpa_priv_cmd_associate(iface, cmd_buf, cmd_len);
-		break;
-	case PRIVSEP_CMD_GET_BSSID:
-		wpa_priv_cmd_get_bssid(iface, &from, fromlen);
-		break;
-	case PRIVSEP_CMD_GET_SSID:
-		wpa_priv_cmd_get_ssid(iface, &from, fromlen);
-		break;
-	case PRIVSEP_CMD_SET_KEY:
-		wpa_priv_cmd_set_key(iface, cmd_buf, cmd_len);
-		break;
-	case PRIVSEP_CMD_GET_CAPA:
-		wpa_priv_cmd_get_capa(iface, &from, fromlen);
-		break;
-	case PRIVSEP_CMD_L2_REGISTER:
-		wpa_priv_cmd_l2_register(iface, &from, fromlen,
-					 cmd_buf, cmd_len);
-		break;
-	case PRIVSEP_CMD_L2_UNREGISTER:
-		wpa_priv_cmd_l2_unregister(iface, &from, fromlen);
-		break;
-	case PRIVSEP_CMD_L2_NOTIFY_AUTH_START:
-		wpa_priv_cmd_l2_notify_auth_start(iface, &from);
-		break;
-	case PRIVSEP_CMD_L2_SEND:
-		wpa_priv_cmd_l2_send(iface, &from, fromlen, cmd_buf, cmd_len);
-		break;
-	case PRIVSEP_CMD_SET_COUNTRY:
-		pos = cmd_buf;
-		if (pos + cmd_len >= buf + sizeof(buf))
-			break;
-		pos[cmd_len] = '\0';
-		wpa_priv_cmd_set_country(iface, pos);
-		break;
-	case PRIVSEP_CMD_AUTHENTICATE:
-		wpa_priv_cmd_authenticate(iface, cmd_buf, cmd_len);
-		break;
-	}
-}
-
-
-static void wpa_priv_interface_deinit(struct wpa_priv_interface *iface)
-{
-	int i;
-
-	if (iface->drv_priv) {
-		if (iface->driver->deinit)
-			iface->driver->deinit(iface->drv_priv);
-		if (iface->drv_global_priv)
-			iface->driver->global_deinit(iface->drv_global_priv);
-	}
-
-	if (iface->fd >= 0) {
-		eloop_unregister_read_sock(iface->fd);
-		close(iface->fd);
-		unlink(iface->sock_name);
-	}
-
-	for (i = 0; i < WPA_PRIV_MAX_L2; i++) {
-		if (iface->l2[i])
-			l2_packet_deinit(iface->l2[i]);
-	}
-
-	os_free(iface->ifname);
-	os_free(iface->driver_name);
-	os_free(iface->sock_name);
-	os_free(iface);
-}
-
-
-static struct wpa_priv_interface *
-wpa_priv_interface_init(void *ctx, const char *dir, const char *params)
-{
-	struct wpa_priv_interface *iface;
-	char *pos;
-	size_t len;
-	struct sockaddr_un addr;
-	int i;
-
-	pos = os_strchr(params, ':');
-	if (pos == NULL)
-		return NULL;
-
-	iface = os_zalloc(sizeof(*iface));
-	if (iface == NULL)
-		return NULL;
-	iface->fd = -1;
-	iface->ctx = ctx;
-
-	len = pos - params;
-	iface->driver_name = dup_binstr(params, len);
-	if (iface->driver_name == NULL) {
-		wpa_priv_interface_deinit(iface);
-		return NULL;
-	}
-
-	for (i = 0; wpa_drivers[i]; i++) {
-		if (os_strcmp(iface->driver_name,
-			      wpa_drivers[i]->name) == 0) {
-			iface->driver = wpa_drivers[i];
-			break;
-		}
-	}
-	if (iface->driver == NULL) {
-		wpa_printf(MSG_ERROR, "Unsupported driver '%s'",
-			   iface->driver_name);
-		wpa_priv_interface_deinit(iface);
-		return NULL;
-	}
-
-	pos++;
-	iface->ifname = os_strdup(pos);
-	if (iface->ifname == NULL) {
-		wpa_priv_interface_deinit(iface);
-		return NULL;
-	}
-
-	len = os_strlen(dir) + 1 + os_strlen(iface->ifname);
-	iface->sock_name = os_malloc(len + 1);
-	if (iface->sock_name == NULL) {
-		wpa_priv_interface_deinit(iface);
-		return NULL;
-	}
-
-	os_snprintf(iface->sock_name, len + 1, "%s/%s", dir, iface->ifname);
-	if (os_strlen(iface->sock_name) >= sizeof(addr.sun_path)) {
-		wpa_priv_interface_deinit(iface);
-		return NULL;
-	}
-
-	iface->fd = socket(PF_UNIX, SOCK_DGRAM, 0);
-	if (iface->fd < 0) {
-		wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
-		wpa_priv_interface_deinit(iface);
-		return NULL;
-	}
-
-	os_memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	os_strlcpy(addr.sun_path, iface->sock_name, sizeof(addr.sun_path));
-
-	if (bind(iface->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-		wpa_printf(MSG_DEBUG, "bind(PF_UNIX) failed: %s",
-			   strerror(errno));
-		if (connect(iface->fd, (struct sockaddr *) &addr,
-			    sizeof(addr)) < 0) {
-			wpa_printf(MSG_DEBUG, "Socket exists, but does not "
-				   "allow connections - assuming it was "
-				   "leftover from forced program termination");
-			if (unlink(iface->sock_name) < 0) {
-				wpa_printf(MSG_ERROR,
-					   "Could not unlink existing ctrl_iface socket '%s': %s",
-					   iface->sock_name, strerror(errno));
-				goto fail;
-			}
-			if (bind(iface->fd, (struct sockaddr *) &addr,
-				 sizeof(addr)) < 0) {
-				wpa_printf(MSG_ERROR,
-					   "wpa-priv-iface-init: bind(PF_UNIX): %s",
-					   strerror(errno));
-				goto fail;
-			}
-			wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
-				   "socket '%s'", iface->sock_name);
-		} else {
-			wpa_printf(MSG_INFO, "Socket exists and seems to be "
-				   "in use - cannot override it");
-			wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
-				   "not used anymore", iface->sock_name);
-			goto fail;
-		}
-	}
-
-	if (chmod(iface->sock_name, S_IRWXU | S_IRWXG | S_IRWXO) < 0) {
-		wpa_printf(MSG_ERROR, "chmod: %s", strerror(errno));
-		goto fail;
-	}
-
-	eloop_register_read_sock(iface->fd, wpa_priv_receive, iface, NULL);
-
-	return iface;
-
-fail:
-	wpa_priv_interface_deinit(iface);
-	return NULL;
-}
-
-
-static int wpa_priv_send_event(struct wpa_priv_interface *iface, int event,
-			       const void *data, size_t data_len)
-{
-	struct msghdr msg;
-	struct iovec io[2];
-
-	io[0].iov_base = &event;
-	io[0].iov_len = sizeof(event);
-	io[1].iov_base = (u8 *) data;
-	io[1].iov_len = data_len;
-
-	os_memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = io;
-	msg.msg_iovlen = data ? 2 : 1;
-	msg.msg_name = &iface->drv_addr;
-	msg.msg_namelen = iface->drv_addr_len;
-
-	if (sendmsg(iface->fd, &msg, 0) < 0) {
-		wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s",
-			   strerror(errno));
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static void wpa_priv_send_auth(struct wpa_priv_interface *iface,
-			       union wpa_event_data *data)
-{
-	size_t buflen = sizeof(struct privsep_event_auth) + data->auth.ies_len;
-	struct privsep_event_auth *auth;
-	u8 *buf, *pos;
-
-	buf = os_zalloc(buflen);
-	if (buf == NULL)
-		return;
-
-	auth = (struct privsep_event_auth *) buf;
-	pos = (u8 *) (auth + 1);
-
-	os_memcpy(auth->peer, data->auth.peer, ETH_ALEN);
-	os_memcpy(auth->bssid, data->auth.bssid, ETH_ALEN);
-	auth->auth_type = data->auth.auth_type;
-	auth->auth_transaction = data->auth.auth_transaction;
-	auth->status_code = data->auth.status_code;
-	if (data->auth.ies) {
-		os_memcpy(pos, data->auth.ies, data->auth.ies_len);
-		auth->ies_len = data->auth.ies_len;
-	}
-
-	wpa_priv_send_event(iface, PRIVSEP_EVENT_AUTH, buf, buflen);
-
-	os_free(buf);
-}
-
-
-static void wpa_priv_send_assoc(struct wpa_priv_interface *iface, int event,
-				union wpa_event_data *data)
-{
-	size_t buflen = 3 * sizeof(int);
-	u8 *buf, *pos;
-	int len;
-
-	if (data) {
-		buflen += data->assoc_info.req_ies_len +
-			data->assoc_info.resp_ies_len +
-			data->assoc_info.beacon_ies_len;
-	}
-
-	buf = os_malloc(buflen);
-	if (buf == NULL)
-		return;
-
-	pos = buf;
-
-	if (data && data->assoc_info.req_ies) {
-		len = data->assoc_info.req_ies_len;
-		os_memcpy(pos, &len, sizeof(int));
-		pos += sizeof(int);
-		os_memcpy(pos, data->assoc_info.req_ies, len);
-		pos += len;
-	} else {
-		len = 0;
-		os_memcpy(pos, &len, sizeof(int));
-		pos += sizeof(int);
-	}
-
-	if (data && data->assoc_info.resp_ies) {
-		len = data->assoc_info.resp_ies_len;
-		os_memcpy(pos, &len, sizeof(int));
-		pos += sizeof(int);
-		os_memcpy(pos, data->assoc_info.resp_ies, len);
-		pos += len;
-	} else {
-		len = 0;
-		os_memcpy(pos, &len, sizeof(int));
-		pos += sizeof(int);
-	}
-
-	if (data && data->assoc_info.beacon_ies) {
-		len = data->assoc_info.beacon_ies_len;
-		os_memcpy(pos, &len, sizeof(int));
-		pos += sizeof(int);
-		os_memcpy(pos, data->assoc_info.beacon_ies, len);
-		pos += len;
-	} else {
-		len = 0;
-		os_memcpy(pos, &len, sizeof(int));
-		pos += sizeof(int);
-	}
-
-	wpa_priv_send_event(iface, event, buf, buflen);
-
-	os_free(buf);
-}
-
-
-static void wpa_priv_send_interface_status(struct wpa_priv_interface *iface,
-					   union wpa_event_data *data)
-{
-	int ievent;
-	size_t len, maxlen;
-	u8 *buf;
-	char *ifname;
-
-	if (data == NULL)
-		return;
-
-	ievent = data->interface_status.ievent;
-	maxlen = sizeof(data->interface_status.ifname);
-	ifname = data->interface_status.ifname;
-	for (len = 0; len < maxlen && ifname[len]; len++)
-		;
-
-	buf = os_malloc(sizeof(int) + len);
-	if (buf == NULL)
-		return;
-
-	os_memcpy(buf, &ievent, sizeof(int));
-	os_memcpy(buf + sizeof(int), ifname, len);
-
-	wpa_priv_send_event(iface, PRIVSEP_EVENT_INTERFACE_STATUS,
-			    buf, sizeof(int) + len);
-
-	os_free(buf);
-
-}
-
-
-static void wpa_priv_send_ft_response(struct wpa_priv_interface *iface,
-				      union wpa_event_data *data)
-{
-	size_t len;
-	u8 *buf, *pos;
-
-	if (data == NULL || data->ft_ies.ies == NULL)
-		return;
-
-	len = sizeof(int) + ETH_ALEN + data->ft_ies.ies_len;
-	buf = os_malloc(len);
-	if (buf == NULL)
-		return;
-
-	pos = buf;
-	os_memcpy(pos, &data->ft_ies.ft_action, sizeof(int));
-	pos += sizeof(int);
-	os_memcpy(pos, data->ft_ies.target_ap, ETH_ALEN);
-	pos += ETH_ALEN;
-	os_memcpy(pos, data->ft_ies.ies, data->ft_ies.ies_len);
-
-	wpa_priv_send_event(iface, PRIVSEP_EVENT_FT_RESPONSE, buf, len);
-
-	os_free(buf);
-
-}
-
-
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
-			  union wpa_event_data *data)
-{
-	struct wpa_priv_interface *iface = ctx;
-
-	wpa_printf(MSG_DEBUG, "%s - event=%d", __func__, event);
-
-	if (!iface->wpas_registered) {
-		wpa_printf(MSG_DEBUG, "Driver event received, but "
-			   "wpa_supplicant not registered");
-		return;
-	}
-
-	switch (event) {
-	case EVENT_ASSOC:
-		wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOC, data);
-		break;
-	case EVENT_DISASSOC:
-		wpa_priv_send_event(iface, PRIVSEP_EVENT_DISASSOC, NULL, 0);
-		break;
-	case EVENT_ASSOCINFO:
-		if (data == NULL)
-			return;
-		wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOCINFO, data);
-		break;
-	case EVENT_MICHAEL_MIC_FAILURE:
-		if (data == NULL)
-			return;
-		wpa_priv_send_event(iface, PRIVSEP_EVENT_MICHAEL_MIC_FAILURE,
-				    &data->michael_mic_failure.unicast,
-				    sizeof(int));
-		break;
-	case EVENT_SCAN_STARTED:
-		wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_STARTED, NULL,
-				    0);
-		break;
-	case EVENT_SCAN_RESULTS:
-		wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_RESULTS, NULL,
-				    0);
-		break;
-	case EVENT_INTERFACE_STATUS:
-		wpa_priv_send_interface_status(iface, data);
-		break;
-	case EVENT_PMKID_CANDIDATE:
-		if (data == NULL)
-			return;
-		wpa_priv_send_event(iface, PRIVSEP_EVENT_PMKID_CANDIDATE,
-				    &data->pmkid_candidate,
-				    sizeof(struct pmkid_candidate));
-		break;
-	case EVENT_FT_RESPONSE:
-		wpa_priv_send_ft_response(iface, data);
-		break;
-	case EVENT_AUTH:
-		wpa_priv_send_auth(iface, data);
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "Unsupported driver event %d (%s) - TODO",
-			   event, event_to_string(event));
-		break;
-	}
-}
-
-
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
-				 union wpa_event_data *data)
-{
-	struct wpa_priv_global *global = ctx;
-	struct wpa_priv_interface *iface;
-
-	if (event != EVENT_INTERFACE_STATUS)
-		return;
-
-	for (iface = global->interfaces; iface; iface = iface->next) {
-		if (os_strcmp(iface->ifname, data->interface_status.ifname) ==
-		    0)
-			break;
-	}
-	if (iface && iface->driver->get_ifindex) {
-		unsigned int ifindex;
-
-		ifindex = iface->driver->get_ifindex(iface->drv_priv);
-		if (ifindex != data->interface_status.ifindex) {
-			wpa_printf(MSG_DEBUG,
-				   "%s: interface status ifindex %d mismatch (%d)",
-				   iface->ifname, ifindex,
-				   data->interface_status.ifindex);
-			return;
-		}
-	}
-	if (iface)
-		wpa_supplicant_event(iface, event, data);
-}
-
-
-void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
-			     const u8 *buf, size_t len)
-{
-	struct wpa_priv_interface *iface = ctx;
-	struct msghdr msg;
-	struct iovec io[3];
-	int event = PRIVSEP_EVENT_RX_EAPOL;
-
-	wpa_printf(MSG_DEBUG, "RX EAPOL from driver");
-	io[0].iov_base = &event;
-	io[0].iov_len = sizeof(event);
-	io[1].iov_base = (u8 *) src_addr;
-	io[1].iov_len = ETH_ALEN;
-	io[2].iov_base = (u8 *) buf;
-	io[2].iov_len = len;
-
-	os_memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = io;
-	msg.msg_iovlen = 3;
-	msg.msg_name = &iface->drv_addr;
-	msg.msg_namelen = iface->drv_addr_len;
-
-	if (sendmsg(iface->fd, &msg, 0) < 0)
-		wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s",
-			   strerror(errno));
-}
-
-
-static void wpa_priv_terminate(int sig, void *signal_ctx)
-{
-	wpa_printf(MSG_DEBUG, "wpa_priv termination requested");
-	eloop_terminate();
-}
-
-
-static void wpa_priv_fd_workaround(void)
-{
-#ifdef __linux__
-	int s, i;
-	/* When started from pcmcia-cs scripts, wpa_supplicant might start with
-	 * fd 0, 1, and 2 closed. This will cause some issues because many
-	 * places in wpa_supplicant are still printing out to stdout. As a
-	 * workaround, make sure that fd's 0, 1, and 2 are not used for other
-	 * sockets. */
-	for (i = 0; i < 3; i++) {
-		s = open("/dev/null", O_RDWR);
-		if (s > 2) {
-			close(s);
-			break;
-		}
-	}
-#endif /* __linux__ */
-}
-
-
-static void usage(void)
-{
-	printf("wpa_priv v%s\n"
-	       "Copyright (c) 2007-2017, Jouni Malinen <j@w1.fi> and "
-	       "contributors\n"
-	       "\n"
-	       "usage:\n"
-	       "  wpa_priv [-Bdd] [-c<ctrl dir>] [-P<pid file>] "
-	       "<driver:ifname> \\\n"
-	       "           [driver:ifname ...]\n",
-	       VERSION_STR);
-}
-
-
-int main(int argc, char *argv[])
-{
-	int c, i;
-	int ret = -1;
-	char *pid_file = NULL;
-	int daemonize = 0;
-	char *ctrl_dir = "/var/run/wpa_priv";
-	struct wpa_priv_global global;
-	struct wpa_priv_interface *iface;
-
-	if (os_program_init())
-		return -1;
-
-	wpa_priv_fd_workaround();
-
-	os_memset(&global, 0, sizeof(global));
-	global.interfaces = NULL;
-
-	for (;;) {
-		c = getopt(argc, argv, "Bc:dP:");
-		if (c < 0)
-			break;
-		switch (c) {
-		case 'B':
-			daemonize++;
-			break;
-		case 'c':
-			ctrl_dir = optarg;
-			break;
-		case 'd':
-			wpa_debug_level--;
-			break;
-		case 'P':
-			pid_file = os_rel2abs_path(optarg);
-			break;
-		default:
-			usage();
-			goto out2;
-		}
-	}
-
-	if (optind >= argc) {
-		usage();
-		goto out2;
-	}
-
-	wpa_printf(MSG_DEBUG, "wpa_priv control directory: '%s'", ctrl_dir);
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		goto out2;
-	}
-
-	for (i = optind; i < argc; i++) {
-		wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]);
-		iface = wpa_priv_interface_init(&global, ctrl_dir, argv[i]);
-		if (iface == NULL)
-			goto out;
-		iface->next = global.interfaces;
-		global.interfaces = iface;
-	}
-
-	if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue())
-		goto out;
-
-	eloop_register_signal_terminate(wpa_priv_terminate, NULL);
-	eloop_run();
-
-	ret = 0;
-
-out:
-	iface = global.interfaces;
-	while (iface) {
-		struct wpa_priv_interface *prev = iface;
-		iface = iface->next;
-		wpa_priv_interface_deinit(prev);
-	}
-
-	eloop_destroy();
-
-out2:
-	if (daemonize)
-		os_daemonize_terminate(pid_file);
-	os_free(pid_file);
-	os_program_deinit();
-
-	return ret;
-}
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
deleted file mode 100644
index 1785f88ab73d..000000000000
--- a/wpa_supplicant/wpa_supplicant.c
+++ /dev/null
@@ -1,8658 +0,0 @@
-/*
- * WPA Supplicant
- * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- *
- * This file implements functions for registering and unregistering
- * %wpa_supplicant interfaces. In addition, this file contains number of
- * functions for managing network connections.
- */
-
-#include "includes.h"
-#ifdef CONFIG_MATCH_IFACE
-#include <net/if.h>
-#include <fnmatch.h>
-#endif /* CONFIG_MATCH_IFACE */
-
-#include "common.h"
-#include "crypto/random.h"
-#include "crypto/sha1.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "eap_peer/eap.h"
-#include "eap_peer/eap_proxy.h"
-#include "eap_server/eap_methods.h"
-#include "rsn_supp/wpa.h"
-#include "eloop.h"
-#include "config.h"
-#include "utils/ext_password.h"
-#include "l2_packet/l2_packet.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "ctrl_iface.h"
-#include "pcsc_funcs.h"
-#include "common/version.h"
-#include "rsn_supp/preauth.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "common/wpa_ctrl.h"
-#include "common/ieee802_11_common.h"
-#include "common/ieee802_11_defs.h"
-#include "common/hw_features_common.h"
-#include "common/gas_server.h"
-#include "common/dpp.h"
-#include "common/ptksa_cache.h"
-#include "p2p/p2p.h"
-#include "fst/fst.h"
-#include "bssid_ignore.h"
-#include "wpas_glue.h"
-#include "wps_supplicant.h"
-#include "ibss_rsn.h"
-#include "sme.h"
-#include "gas_query.h"
-#include "ap.h"
-#include "p2p_supplicant.h"
-#include "wifi_display.h"
-#include "notify.h"
-#include "bgscan.h"
-#include "autoscan.h"
-#include "bss.h"
-#include "scan.h"
-#include "offchannel.h"
-#include "hs20_supplicant.h"
-#include "wnm_sta.h"
-#include "wpas_kay.h"
-#include "mesh.h"
-#include "dpp_supplicant.h"
-#ifdef CONFIG_MESH
-#include "ap/ap_config.h"
-#include "ap/hostapd.h"
-#endif /* CONFIG_MESH */
-
-const char *const wpa_supplicant_version =
-"wpa_supplicant v" VERSION_STR "\n"
-"Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
-
-const char *const wpa_supplicant_license =
-"This software may be distributed under the terms of the BSD license.\n"
-"See README for more details.\n"
-#ifdef EAP_TLS_OPENSSL
-"\nThis product includes software developed by the OpenSSL Project\n"
-"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
-#endif /* EAP_TLS_OPENSSL */
-;
-
-#ifndef CONFIG_NO_STDOUT_DEBUG
-/* Long text divided into parts in order to fit in C89 strings size limits. */
-const char *const wpa_supplicant_full_license1 =
-"";
-const char *const wpa_supplicant_full_license2 =
-"This software may be distributed under the terms of the BSD license.\n"
-"\n"
-"Redistribution and use in source and binary forms, with or without\n"
-"modification, are permitted provided that the following conditions are\n"
-"met:\n"
-"\n";
-const char *const wpa_supplicant_full_license3 =
-"1. Redistributions of source code must retain the above copyright\n"
-"   notice, this list of conditions and the following disclaimer.\n"
-"\n"
-"2. Redistributions in binary form must reproduce the above copyright\n"
-"   notice, this list of conditions and the following disclaimer in the\n"
-"   documentation and/or other materials provided with the distribution.\n"
-"\n";
-const char *const wpa_supplicant_full_license4 =
-"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
-"   names of its contributors may be used to endorse or promote products\n"
-"   derived from this software without specific prior written permission.\n"
-"\n"
-"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
-"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
-"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
-"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
-const char *const wpa_supplicant_full_license5 =
-"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
-"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
-"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
-"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
-"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
-"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
-"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
-"\n";
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-
-static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
-#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
-static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
-#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
-#ifdef CONFIG_OWE
-static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
-#endif /* CONFIG_OWE */
-
-
-#ifdef CONFIG_WEP
-/* Configure default/group WEP keys for static WEP */
-int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-	int i, set = 0;
-
-	for (i = 0; i < NUM_WEP_KEYS; i++) {
-		if (ssid->wep_key_len[i] == 0)
-			continue;
-
-		set = 1;
-		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
-				i, i == ssid->wep_tx_keyidx, NULL, 0,
-				ssid->wep_key[i], ssid->wep_key_len[i],
-				i == ssid->wep_tx_keyidx ?
-				KEY_FLAG_GROUP_RX_TX_DEFAULT :
-				KEY_FLAG_GROUP_RX_TX);
-	}
-
-	return set;
-}
-#endif /* CONFIG_WEP */
-
-
-int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid)
-{
-	u8 key[32];
-	size_t keylen;
-	enum wpa_alg alg;
-	u8 seq[6] = { 0 };
-	int ret;
-
-	/* IBSS/WPA-None uses only one key (Group) for both receiving and
-	 * sending unicast and multicast packets. */
-
-	if (ssid->mode != WPAS_MODE_IBSS) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
-			"IBSS/ad-hoc) for WPA-None", ssid->mode);
-		return -1;
-	}
-
-	if (!ssid->psk_set) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
-			"WPA-None");
-		return -1;
-	}
-
-	switch (wpa_s->group_cipher) {
-	case WPA_CIPHER_CCMP:
-		os_memcpy(key, ssid->psk, 16);
-		keylen = 16;
-		alg = WPA_ALG_CCMP;
-		break;
-	case WPA_CIPHER_GCMP:
-		os_memcpy(key, ssid->psk, 16);
-		keylen = 16;
-		alg = WPA_ALG_GCMP;
-		break;
-	case WPA_CIPHER_TKIP:
-		/* WPA-None uses the same Michael MIC key for both TX and RX */
-		os_memcpy(key, ssid->psk, 16 + 8);
-		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
-		keylen = 32;
-		alg = WPA_ALG_TKIP;
-		break;
-	default:
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
-			"WPA-None", wpa_s->group_cipher);
-		return -1;
-	}
-
-	/* TODO: should actually remember the previously used seq#, both for TX
-	 * and RX from each STA.. */
-
-	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
-			      KEY_FLAG_GROUP_RX_TX_DEFAULT);
-	os_memset(key, 0, sizeof(key));
-	return ret;
-}
-
-
-static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	const u8 *bssid = wpa_s->bssid;
-	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
-	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
-	     wpa_s->wpa_state == WPA_ASSOCIATING))
-		bssid = wpa_s->pending_bssid;
-	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
-		MAC2STR(bssid));
-	wpa_bssid_ignore_add(wpa_s, bssid);
-	wpa_sm_notify_disassoc(wpa_s->wpa);
-	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-	wpa_s->reassociate = 1;
-
-	/*
-	 * If we timed out, the AP or the local radio may be busy.
-	 * So, wait a second until scanning again.
-	 */
-	wpa_supplicant_req_scan(wpa_s, 1, 0);
-}
-
-
-/**
- * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
- * @wpa_s: Pointer to wpa_supplicant data
- * @sec: Number of seconds after which to time out authentication
- * @usec: Number of microseconds after which to time out authentication
- *
- * This function is used to schedule a timeout for the current authentication
- * attempt.
- */
-void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
-				     int sec, int usec)
-{
-	if (wpa_s->conf->ap_scan == 0 &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
-		return;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
-		"%d usec", sec, usec);
-	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
-	wpa_s->last_auth_timeout_sec = sec;
-	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
-}
-
-
-/*
- * wpas_auth_timeout_restart - Restart and change timeout for authentication
- * @wpa_s: Pointer to wpa_supplicant data
- * @sec_diff: difference in seconds applied to original timeout value
- */
-void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
-{
-	int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
-
-	if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Authentication timeout restart: %d sec", new_sec);
-		eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
-		eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
-				       wpa_s, NULL);
-	}
-}
-
-
-/**
- * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to cancel authentication timeout scheduled with
- * wpa_supplicant_req_auth_timeout() and it is called when authentication has
- * been completed.
- */
-void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
-{
-	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
-	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
-	wpa_bssid_ignore_del(wpa_s, wpa_s->bssid);
-	os_free(wpa_s->last_con_fail_realm);
-	wpa_s->last_con_fail_realm = NULL;
-	wpa_s->last_con_fail_realm_len = 0;
-}
-
-
-/**
- * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
- * @wpa_s: Pointer to wpa_supplicant data
- *
- * This function is used to configure EAPOL state machine based on the selected
- * authentication mode.
- */
-void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
-{
-#ifdef IEEE8021X_EAPOL
-	struct eapol_config eapol_conf;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-
-#ifdef CONFIG_IBSS_RSN
-	if (ssid->mode == WPAS_MODE_IBSS &&
-	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
-	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
-		/*
-		 * RSN IBSS authentication is per-STA and we can disable the
-		 * per-BSSID EAPOL authentication.
-		 */
-		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
-		eapol_sm_notify_eap_success(wpa_s->eapol, true);
-		eapol_sm_notify_eap_fail(wpa_s->eapol, false);
-		return;
-	}
-#endif /* CONFIG_IBSS_RSN */
-
-	eapol_sm_notify_eap_success(wpa_s->eapol, false);
-	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
-		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
-	else
-		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
-
-	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		eapol_conf.accept_802_1x_keys = 1;
-		eapol_conf.required_keys = 0;
-		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
-			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
-		}
-		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
-			eapol_conf.required_keys |=
-				EAPOL_REQUIRE_KEY_BROADCAST;
-		}
-
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
-			eapol_conf.required_keys = 0;
-	}
-	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
-	eapol_conf.workaround = ssid->eap_workaround;
-	eapol_conf.eap_disabled =
-		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
-		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
-		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
-	eapol_conf.external_sim = wpa_s->conf->external_sim;
-
-#ifdef CONFIG_WPS
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
-		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
-		if (wpa_s->current_bss) {
-			struct wpabuf *ie;
-			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
-							 WPS_IE_VENDOR_TYPE);
-			if (ie) {
-				if (wps_is_20(ie))
-					eapol_conf.wps |=
-						EAPOL_PEER_IS_WPS20_AP;
-				wpabuf_free(ie);
-			}
-		}
-	}
-#endif /* CONFIG_WPS */
-
-	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
-
-#ifdef CONFIG_MACSEC
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
-		ieee802_1x_create_preshared_mka(wpa_s, ssid);
-	else
-		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
-#endif /* CONFIG_MACSEC */
-#endif /* IEEE8021X_EAPOL */
-}
-
-
-/**
- * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
- * @wpa_s: Pointer to wpa_supplicant data
- * @ssid: Configuration data for the network
- *
- * This function is used to configure WPA state machine and related parameters
- * to a mode where WPA is not enabled. This is called as part of the
- * authentication configuration when the selected network does not use WPA.
- */
-void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
-				       struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_WEP
-	int i;
-#endif /* CONFIG_WEP */
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
-		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
-	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
-		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
-	else
-		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
-	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
-	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
-	wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
-	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
-	wpa_s->rsnxe_len = 0;
-	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
-	wpa_s->group_cipher = WPA_CIPHER_NONE;
-	wpa_s->mgmt_group_cipher = 0;
-
-#ifdef CONFIG_WEP
-	for (i = 0; i < NUM_WEP_KEYS; i++) {
-		if (ssid->wep_key_len[i] > 5) {
-			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
-			wpa_s->group_cipher = WPA_CIPHER_WEP104;
-			break;
-		} else if (ssid->wep_key_len[i] > 0) {
-			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
-			wpa_s->group_cipher = WPA_CIPHER_WEP40;
-			break;
-		}
-	}
-#endif /* CONFIG_WEP */
-
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
-			 wpa_s->pairwise_cipher);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
-			 wpa_s->mgmt_group_cipher);
-
-	pmksa_cache_clear_current(wpa_s->wpa);
-}
-
-
-void free_hw_features(struct wpa_supplicant *wpa_s)
-{
-	int i;
-	if (wpa_s->hw.modes == NULL)
-		return;
-
-	for (i = 0; i < wpa_s->hw.num_modes; i++) {
-		os_free(wpa_s->hw.modes[i].channels);
-		os_free(wpa_s->hw.modes[i].rates);
-	}
-
-	os_free(wpa_s->hw.modes);
-	wpa_s->hw.modes = NULL;
-}
-
-
-static void remove_bss_tmp_disallowed_entry(struct wpa_supplicant *wpa_s,
-					    struct wpa_bss_tmp_disallowed *bss)
-{
-	eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
-	dl_list_del(&bss->list);
-	os_free(bss);
-}
-
-
-void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss_tmp_disallowed *bss, *prev;
-
-	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
-			      struct wpa_bss_tmp_disallowed, list)
-		remove_bss_tmp_disallowed_entry(wpa_s, bss);
-}
-
-
-void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
-{
-	struct fils_hlp_req *req;
-
-	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
-				    list)) != NULL) {
-		dl_list_del(&req->list);
-		wpabuf_free(req->pkt);
-		os_free(req);
-	}
-}
-
-
-void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-
-	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
-		return;
-	wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
-	wpa_bss_flush(wpa_s);
-}
-
-
-#ifdef CONFIG_TESTING_OPTIONS
-void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
-{
-	struct driver_signal_override *dso;
-
-	while ((dso = dl_list_first(&wpa_s->drv_signal_override,
-				    struct driver_signal_override, list))) {
-		dl_list_del(&dso->list);
-		os_free(dso);
-	}
-}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-
-static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
-{
-	int i;
-
-	bgscan_deinit(wpa_s);
-	autoscan_deinit(wpa_s);
-	scard_deinit(wpa_s->scard);
-	wpa_s->scard = NULL;
-	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
-	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
-	l2_packet_deinit(wpa_s->l2);
-	wpa_s->l2 = NULL;
-	if (wpa_s->l2_br) {
-		l2_packet_deinit(wpa_s->l2_br);
-		wpa_s->l2_br = NULL;
-	}
-#ifdef CONFIG_TESTING_OPTIONS
-	l2_packet_deinit(wpa_s->l2_test);
-	wpa_s->l2_test = NULL;
-	os_free(wpa_s->get_pref_freq_list_override);
-	wpa_s->get_pref_freq_list_override = NULL;
-	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
-	wpa_s->last_assoc_req_wpa_ie = NULL;
-	os_free(wpa_s->extra_sae_rejected_groups);
-	wpa_s->extra_sae_rejected_groups = NULL;
-	wpabuf_free(wpa_s->rsne_override_eapol);
-	wpa_s->rsne_override_eapol = NULL;
-	wpabuf_free(wpa_s->rsnxe_override_assoc);
-	wpa_s->rsnxe_override_assoc = NULL;
-	wpabuf_free(wpa_s->rsnxe_override_eapol);
-	wpa_s->rsnxe_override_eapol = NULL;
-	wpas_clear_driver_signal_override(wpa_s);
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_s->conf != NULL) {
-		struct wpa_ssid *ssid;
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
-			wpas_notify_network_removed(wpa_s, ssid);
-	}
-
-	os_free(wpa_s->confname);
-	wpa_s->confname = NULL;
-
-	os_free(wpa_s->confanother);
-	wpa_s->confanother = NULL;
-
-	os_free(wpa_s->last_con_fail_realm);
-	wpa_s->last_con_fail_realm = NULL;
-	wpa_s->last_con_fail_realm_len = 0;
-
-	wpa_sm_set_eapol(wpa_s->wpa, NULL);
-	eapol_sm_deinit(wpa_s->eapol);
-	wpa_s->eapol = NULL;
-
-	rsn_preauth_deinit(wpa_s->wpa);
-
-#ifdef CONFIG_TDLS
-	wpa_tdls_deinit(wpa_s->wpa);
-#endif /* CONFIG_TDLS */
-
-	wmm_ac_clear_saved_tspecs(wpa_s);
-	pmksa_candidate_free(wpa_s->wpa);
-	ptksa_cache_deinit(wpa_s->ptksa);
-	wpa_s->ptksa = NULL;
-	wpa_sm_deinit(wpa_s->wpa);
-	wpa_s->wpa = NULL;
-	wpa_bssid_ignore_clear(wpa_s);
-
-#ifdef CONFIG_PASN
-	wpas_pasn_auth_stop(wpa_s);
-#endif /* CONFIG_PASN */
-
-	wpa_bss_deinit(wpa_s);
-
-	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
-	wpa_supplicant_cancel_scan(wpa_s);
-	wpa_supplicant_cancel_auth_timeout(wpa_s);
-	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
-#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
-	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
-			     wpa_s, NULL);
-#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
-
-	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
-
-	wpas_wps_deinit(wpa_s);
-
-	wpabuf_free(wpa_s->pending_eapol_rx);
-	wpa_s->pending_eapol_rx = NULL;
-
-#ifdef CONFIG_IBSS_RSN
-	ibss_rsn_deinit(wpa_s->ibss_rsn);
-	wpa_s->ibss_rsn = NULL;
-#endif /* CONFIG_IBSS_RSN */
-
-	sme_deinit(wpa_s);
-
-#ifdef CONFIG_AP
-	wpa_supplicant_ap_deinit(wpa_s);
-#endif /* CONFIG_AP */
-
-	wpas_p2p_deinit(wpa_s);
-
-#ifdef CONFIG_OFFCHANNEL
-	offchannel_deinit(wpa_s);
-#endif /* CONFIG_OFFCHANNEL */
-
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-
-	os_free(wpa_s->next_scan_freqs);
-	wpa_s->next_scan_freqs = NULL;
-
-	os_free(wpa_s->manual_scan_freqs);
-	wpa_s->manual_scan_freqs = NULL;
-	os_free(wpa_s->select_network_scan_freqs);
-	wpa_s->select_network_scan_freqs = NULL;
-
-	os_free(wpa_s->manual_sched_scan_freqs);
-	wpa_s->manual_sched_scan_freqs = NULL;
-
-	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
-
-	/*
-	 * Need to remove any pending gas-query radio work before the
-	 * gas_query_deinit() call because gas_query::work has not yet been set
-	 * for works that have not been started. gas_query_free() will be unable
-	 * to cancel such pending radio works and once the pending gas-query
-	 * radio work eventually gets removed, the deinit notification call to
-	 * gas_query_start_cb() would result in dereferencing freed memory.
-	 */
-	if (wpa_s->radio)
-		radio_remove_works(wpa_s, "gas-query", 0);
-	gas_query_deinit(wpa_s->gas);
-	wpa_s->gas = NULL;
-	gas_server_deinit(wpa_s->gas_server);
-	wpa_s->gas_server = NULL;
-
-	free_hw_features(wpa_s);
-
-	ieee802_1x_dealloc_kay_sm(wpa_s);
-
-	os_free(wpa_s->bssid_filter);
-	wpa_s->bssid_filter = NULL;
-
-	os_free(wpa_s->disallow_aps_bssid);
-	wpa_s->disallow_aps_bssid = NULL;
-	os_free(wpa_s->disallow_aps_ssid);
-	wpa_s->disallow_aps_ssid = NULL;
-
-	wnm_bss_keep_alive_deinit(wpa_s);
-#ifdef CONFIG_WNM
-	wnm_deallocate_memory(wpa_s);
-#endif /* CONFIG_WNM */
-
-	ext_password_deinit(wpa_s->ext_pw);
-	wpa_s->ext_pw = NULL;
-
-	wpabuf_free(wpa_s->last_gas_resp);
-	wpa_s->last_gas_resp = NULL;
-	wpabuf_free(wpa_s->prev_gas_resp);
-	wpa_s->prev_gas_resp = NULL;
-
-	os_free(wpa_s->last_scan_res);
-	wpa_s->last_scan_res = NULL;
-
-#ifdef CONFIG_HS20
-	if (wpa_s->drv_priv)
-		wpa_drv_configure_frame_filters(wpa_s, 0);
-	hs20_deinit(wpa_s);
-#endif /* CONFIG_HS20 */
-
-	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
-		wpabuf_free(wpa_s->vendor_elem[i]);
-		wpa_s->vendor_elem[i] = NULL;
-	}
-
-	wmm_ac_notify_disassoc(wpa_s);
-
-	wpa_s->sched_scan_plans_num = 0;
-	os_free(wpa_s->sched_scan_plans);
-	wpa_s->sched_scan_plans = NULL;
-
-#ifdef CONFIG_MBO
-	wpa_s->non_pref_chan_num = 0;
-	os_free(wpa_s->non_pref_chan);
-	wpa_s->non_pref_chan = NULL;
-#endif /* CONFIG_MBO */
-
-	free_bss_tmp_disallowed(wpa_s);
-
-	wpabuf_free(wpa_s->lci);
-	wpa_s->lci = NULL;
-	wpas_clear_beacon_rep_data(wpa_s);
-
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-#ifdef CONFIG_MESH
-	{
-		struct external_pmksa_cache *entry;
-
-		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
-					     struct external_pmksa_cache,
-					     list)) != NULL) {
-			dl_list_del(&entry->list);
-			os_free(entry->pmksa_cache);
-			os_free(entry);
-		}
-	}
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-	wpas_flush_fils_hlp_req(wpa_s);
-
-	wpabuf_free(wpa_s->ric_ies);
-	wpa_s->ric_ies = NULL;
-
-#ifdef CONFIG_DPP
-	wpas_dpp_deinit(wpa_s);
-	dpp_global_deinit(wpa_s->dpp);
-	wpa_s->dpp = NULL;
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_PASN
-	wpas_pasn_auth_stop(wpa_s);
-#endif /* CONFIG_PASN */
-	wpas_scs_deinit(wpa_s);
-	wpas_dscp_deinit(wpa_s);
-}
-
-
-/**
- * wpa_clear_keys - Clear keys configured for the driver
- * @wpa_s: Pointer to wpa_supplicant data
- * @addr: Previously used BSSID or %NULL if not available
- *
- * This function clears the encryption keys that has been previously configured
- * for the driver.
- */
-void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
-{
-	int i, max = 6;
-
-	/* MLME-DELETEKEYS.request */
-	for (i = 0; i < max; i++) {
-		if (wpa_s->keys_cleared & BIT(i))
-			continue;
-		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
-				NULL, 0, KEY_FLAG_GROUP);
-	}
-	/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
-	if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
-	    !is_zero_ether_addr(addr)) {
-		if (!(wpa_s->keys_cleared & BIT(0)))
-			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
-					0, NULL, 0, KEY_FLAG_PAIRWISE);
-		if (!(wpa_s->keys_cleared & BIT(15)))
-			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 1, 0, NULL,
-					0, NULL, 0, KEY_FLAG_PAIRWISE);
-		/* MLME-SETPROTECTION.request(None) */
-		wpa_drv_mlme_setprotection(
-			wpa_s, addr,
-			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
-			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
-	}
-	wpa_s->keys_cleared = (u32) -1;
-}
-
-
-/**
- * wpa_supplicant_state_txt - Get the connection state name as a text string
- * @state: State (wpa_state; WPA_*)
- * Returns: The state name as a printable text string
- */
-const char * wpa_supplicant_state_txt(enum wpa_states state)
-{
-	switch (state) {
-	case WPA_DISCONNECTED:
-		return "DISCONNECTED";
-	case WPA_INACTIVE:
-		return "INACTIVE";
-	case WPA_INTERFACE_DISABLED:
-		return "INTERFACE_DISABLED";
-	case WPA_SCANNING:
-		return "SCANNING";
-	case WPA_AUTHENTICATING:
-		return "AUTHENTICATING";
-	case WPA_ASSOCIATING:
-		return "ASSOCIATING";
-	case WPA_ASSOCIATED:
-		return "ASSOCIATED";
-	case WPA_4WAY_HANDSHAKE:
-		return "4WAY_HANDSHAKE";
-	case WPA_GROUP_HANDSHAKE:
-		return "GROUP_HANDSHAKE";
-	case WPA_COMPLETED:
-		return "COMPLETED";
-	default:
-		return "UNKNOWN";
-	}
-}
-
-
-#ifdef CONFIG_BGSCAN
-
-static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->bgscan_ssid) {
-		bgscan_deinit(wpa_s);
-		wpa_s->bgscan_ssid = NULL;
-	}
-}
-
-
-/**
- * wpa_supplicant_reset_bgscan - Reset the bgscan for the current SSID.
- * @wpa_s: Pointer to the wpa_supplicant data
- *
- * Stop, start, or reconfigure the scan parameters depending on the method.
- */
-void wpa_supplicant_reset_bgscan(struct wpa_supplicant *wpa_s)
-{
-	const char *name;
-
-	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
-		name = wpa_s->current_ssid->bgscan;
-	else
-		name = wpa_s->conf->bgscan;
-	if (!name || name[0] == '\0') {
-		wpa_supplicant_stop_bgscan(wpa_s);
-		return;
-	}
-	if (wpas_driver_bss_selection(wpa_s))
-		return;
-#ifdef CONFIG_P2P
-	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
-		return;
-#endif /* CONFIG_P2P */
-
-	bgscan_deinit(wpa_s);
-	if (wpa_s->current_ssid) {
-		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
-				"bgscan");
-			/*
-			 * Live without bgscan; it is only used as a roaming
-			 * optimization, so the initial connection is not
-			 * affected.
-			 */
-		} else {
-			struct wpa_scan_results *scan_res;
-			wpa_s->bgscan_ssid = wpa_s->current_ssid;
-			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
-								   0);
-			if (scan_res) {
-				bgscan_notify_scan(wpa_s, scan_res);
-				wpa_scan_results_free(scan_res);
-			}
-		}
-	} else
-		wpa_s->bgscan_ssid = NULL;
-}
-
-#endif /* CONFIG_BGSCAN */
-
-
-static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
-{
-	if (autoscan_init(wpa_s, 0))
-		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
-}
-
-
-static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
-{
-	autoscan_deinit(wpa_s);
-}
-
-
-void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
-	    wpa_s->wpa_state == WPA_SCANNING) {
-		autoscan_deinit(wpa_s);
-		wpa_supplicant_start_autoscan(wpa_s);
-	}
-}
-
-
-/**
- * wpa_supplicant_set_state - Set current connection state
- * @wpa_s: Pointer to wpa_supplicant data
- * @state: The new connection state
- *
- * This function is called whenever the connection state changes, e.g.,
- * association is completed for WPA/WPA2 4-Way Handshake is started.
- */
-void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
-			      enum wpa_states state)
-{
-	enum wpa_states old_state = wpa_s->wpa_state;
-#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
-	bool update_fils_connect_params = false;
-#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
-		wpa_supplicant_state_txt(wpa_s->wpa_state),
-		wpa_supplicant_state_txt(state));
-
-	if (state == WPA_COMPLETED &&
-	    os_reltime_initialized(&wpa_s->roam_start)) {
-		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
-		wpa_s->roam_start.sec = 0;
-		wpa_s->roam_start.usec = 0;
-		wpas_notify_auth_changed(wpa_s);
-		wpas_notify_roam_time(wpa_s);
-		wpas_notify_roam_complete(wpa_s);
-	} else if (state == WPA_DISCONNECTED &&
-		   os_reltime_initialized(&wpa_s->roam_start)) {
-		wpa_s->roam_start.sec = 0;
-		wpa_s->roam_start.usec = 0;
-		wpa_s->roam_time.sec = 0;
-		wpa_s->roam_time.usec = 0;
-		wpas_notify_roam_complete(wpa_s);
-	}
-
-	if (state == WPA_INTERFACE_DISABLED) {
-		/* Assure normal scan when interface is restored */
-		wpa_s->normal_scans = 0;
-	}
-
-	if (state == WPA_COMPLETED) {
-		wpas_connect_work_done(wpa_s);
-		/* Reinitialize normal_scan counter */
-		wpa_s->normal_scans = 0;
-	}
-
-#ifdef CONFIG_P2P
-	/*
-	 * P2PS client has to reply to Probe Request frames received on the
-	 * group operating channel. Enable Probe Request frame reporting for
-	 * P2P connected client in case p2p_cli_probe configuration property is
-	 * set to 1.
-	 */
-	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
-	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
-	    wpa_s->current_ssid->p2p_group) {
-		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Enable CLI Probe Request RX reporting");
-			wpa_s->p2p_cli_probe =
-				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
-		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"P2P: Disable CLI Probe Request RX reporting");
-			wpa_s->p2p_cli_probe = 0;
-			wpa_drv_probe_req_report(wpa_s, 0);
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	if (state != WPA_SCANNING)
-		wpa_supplicant_notify_scanning(wpa_s, 0);
-
-	if (state == WPA_COMPLETED && wpa_s->new_connection) {
-		struct wpa_ssid *ssid = wpa_s->current_ssid;
-		int fils_hlp_sent = 0;
-
-#ifdef CONFIG_SME
-		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-		    wpa_auth_alg_fils(wpa_s->sme.auth_alg))
-			fils_hlp_sent = 1;
-#endif /* CONFIG_SME */
-		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-		    wpa_auth_alg_fils(wpa_s->auth_alg))
-			fils_hlp_sent = 1;
-
-#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
-			MACSTR " completed [id=%d id_str=%s%s]",
-			MAC2STR(wpa_s->bssid),
-			ssid ? ssid->id : -1,
-			ssid && ssid->id_str ? ssid->id_str : "",
-			fils_hlp_sent ? " FILS_HLP_SENT" : "");
-#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-		wpas_clear_temp_disabled(wpa_s, ssid, 1);
-		wpa_s->consecutive_conn_failures = 0;
-		wpa_s->new_connection = 0;
-		wpa_drv_set_operstate(wpa_s, 1);
-#ifndef IEEE8021X_EAPOL
-		wpa_drv_set_supp_port(wpa_s, 1);
-#endif /* IEEE8021X_EAPOL */
-		wpa_s->after_wps = 0;
-		wpa_s->known_wps_freq = 0;
-		wpas_p2p_completed(wpa_s);
-
-		sme_sched_obss_scan(wpa_s, 1);
-
-#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
-		if (!fils_hlp_sent && ssid && ssid->eap.erp)
-			update_fils_connect_params = true;
-#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
-#ifdef CONFIG_OWE
-		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
-			wpas_update_owe_connect_params(wpa_s);
-#endif /* CONFIG_OWE */
-	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
-		   state == WPA_ASSOCIATED) {
-		wpa_s->new_connection = 1;
-		wpa_drv_set_operstate(wpa_s, 0);
-#ifndef IEEE8021X_EAPOL
-		wpa_drv_set_supp_port(wpa_s, 0);
-#endif /* IEEE8021X_EAPOL */
-		sme_sched_obss_scan(wpa_s, 0);
-	}
-	wpa_s->wpa_state = state;
-
-#ifdef CONFIG_BGSCAN
-	if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
-		wpa_supplicant_reset_bgscan(wpa_s);
-	else if (state < WPA_ASSOCIATED)
-		wpa_supplicant_stop_bgscan(wpa_s);
-#endif /* CONFIG_BGSCAN */
-
-	if (state > WPA_SCANNING)
-		wpa_supplicant_stop_autoscan(wpa_s);
-
-	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
-		wpa_supplicant_start_autoscan(wpa_s);
-
-	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
-		wmm_ac_notify_disassoc(wpa_s);
-
-	if (wpa_s->wpa_state != old_state) {
-		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
-
-		/*
-		 * Notify the P2P Device interface about a state change in one
-		 * of the interfaces.
-		 */
-		wpas_p2p_indicate_state_change(wpa_s);
-
-		if (wpa_s->wpa_state == WPA_COMPLETED ||
-		    old_state == WPA_COMPLETED)
-			wpas_notify_auth_changed(wpa_s);
-#ifdef CONFIG_DPP2
-		if (wpa_s->wpa_state == WPA_COMPLETED)
-			wpas_dpp_connected(wpa_s);
-#endif /* CONFIG_DPP2 */
-	}
-#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
-	if (update_fils_connect_params)
-		wpas_update_fils_connect_params(wpa_s);
-#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
-}
-
-
-void wpa_supplicant_terminate_proc(struct wpa_global *global)
-{
-	int pending = 0;
-#ifdef CONFIG_WPS
-	struct wpa_supplicant *wpa_s = global->ifaces;
-	while (wpa_s) {
-		struct wpa_supplicant *next = wpa_s->next;
-		if (wpas_wps_terminate_pending(wpa_s) == 1)
-			pending = 1;
-#ifdef CONFIG_P2P
-		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
-		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
-			wpas_p2p_disconnect(wpa_s);
-#endif /* CONFIG_P2P */
-		wpa_s = next;
-	}
-#endif /* CONFIG_WPS */
-	if (pending)
-		return;
-	eloop_terminate();
-}
-
-
-static void wpa_supplicant_terminate(int sig, void *signal_ctx)
-{
-	struct wpa_global *global = signal_ctx;
-	wpa_supplicant_terminate_proc(global);
-}
-
-
-void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
-{
-	enum wpa_states old_state = wpa_s->wpa_state;
-	enum wpa_states new_state;
-
-	if (old_state == WPA_SCANNING)
-		new_state = WPA_SCANNING;
-	else
-		new_state = WPA_DISCONNECTED;
-
-	wpa_s->pairwise_cipher = 0;
-	wpa_s->group_cipher = 0;
-	wpa_s->mgmt_group_cipher = 0;
-	wpa_s->key_mgmt = 0;
-	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
-		wpa_supplicant_set_state(wpa_s, new_state);
-
-	if (wpa_s->wpa_state != old_state)
-		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
-}
-
-
-/**
- * wpa_supplicant_reload_configuration - Reload configuration data
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 on success or -1 if configuration parsing failed
- *
- * This function can be used to request that the configuration data is reloaded
- * (e.g., after configuration file change). This function is reloading
- * configuration only for one interface, so this may need to be called multiple
- * times if %wpa_supplicant is controlling multiple interfaces and all
- * interfaces need reconfiguration.
- */
-int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_config *conf;
-	int reconf_ctrl;
-	int old_ap_scan;
-
-	if (wpa_s->confname == NULL)
-		return -1;
-	conf = wpa_config_read(wpa_s->confname, NULL);
-	if (conf == NULL) {
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
-			"file '%s' - exiting", wpa_s->confname);
-		return -1;
-	}
-	if (wpa_s->confanother &&
-	    !wpa_config_read(wpa_s->confanother, conf)) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"Failed to parse the configuration file '%s' - exiting",
-			wpa_s->confanother);
-		return -1;
-	}
-
-	conf->changed_parameters = (unsigned int) -1;
-
-	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
-		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
-		    os_strcmp(conf->ctrl_interface,
-			      wpa_s->conf->ctrl_interface) != 0);
-
-	if (reconf_ctrl) {
-		wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
-		wpa_s->ctrl_iface = NULL;
-	}
-
-	eapol_sm_invalidate_cached_session(wpa_s->eapol);
-	if (wpa_s->current_ssid) {
-		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-			wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-	}
-
-	/*
-	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
-	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
-	 */
-	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
-		/*
-		 * Clear forced success to clear EAP state for next
-		 * authentication.
-		 */
-		eapol_sm_notify_eap_success(wpa_s->eapol, false);
-	}
-	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-	wpa_sm_set_config(wpa_s->wpa, NULL);
-	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
-	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
-	rsn_preauth_deinit(wpa_s->wpa);
-
-	old_ap_scan = wpa_s->conf->ap_scan;
-	wpa_config_free(wpa_s->conf);
-	wpa_s->conf = conf;
-	if (old_ap_scan != wpa_s->conf->ap_scan)
-		wpas_notify_ap_scan_changed(wpa_s);
-
-	if (reconf_ctrl)
-		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
-
-	wpa_supplicant_update_config(wpa_s);
-
-	wpa_supplicant_clear_status(wpa_s);
-	if (wpa_supplicant_enabled_networks(wpa_s)) {
-		wpa_s->reassociate = 1;
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	}
-	wpa_bssid_ignore_clear(wpa_s);
-	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
-	return 0;
-}
-
-
-static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
-{
-	struct wpa_global *global = signal_ctx;
-	struct wpa_supplicant *wpa_s;
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
-			sig);
-		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
-			wpa_supplicant_terminate_proc(global);
-		}
-	}
-
-	if (wpa_debug_reopen_file() < 0) {
-		/* Ignore errors since we cannot really do much to fix this */
-		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
-	}
-}
-
-
-static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid,
-					 struct wpa_ie_data *ie)
-{
-	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
-	if (ret) {
-		if (ret == -2) {
-			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
-				"from association info");
-		}
-		return -1;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
-		"cipher suites");
-	if (!(ie->group_cipher & ssid->group_cipher)) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
-			"cipher 0x%x (mask 0x%x) - reject",
-			ie->group_cipher, ssid->group_cipher);
-		return -1;
-	}
-	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
-			"cipher 0x%x (mask 0x%x) - reject",
-			ie->pairwise_cipher, ssid->pairwise_cipher);
-		return -1;
-	}
-	if (!(ie->key_mgmt & ssid->key_mgmt)) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
-			"management 0x%x (mask 0x%x) - reject",
-			ie->key_mgmt, ssid->key_mgmt);
-		return -1;
-	}
-
-	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
-	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
-			"that does not support management frame protection - "
-			"reject");
-		return -1;
-	}
-
-	return 0;
-}
-
-
-static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
-			    int freq)
-{
-	if (!ie->has_group)
-		ie->group_cipher = wpa_default_rsn_cipher(freq);
-	if (!ie->has_pairwise)
-		ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
-	return (ie->group_cipher & ssid->group_cipher) &&
-		(ie->pairwise_cipher & ssid->pairwise_cipher);
-}
-
-
-void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
-				struct wpa_ssid *ssid, struct wpa_ie_data *ie)
-{
-	int sel;
-
-	sel = ie->mgmt_group_cipher;
-	if (ssid->group_mgmt_cipher)
-		sel &= ssid->group_mgmt_cipher;
-	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
-	    !(ie->capabilities & WPA_CAPABILITY_MFPC))
-		sel = 0;
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
-		ie->mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
-	if (sel & WPA_CIPHER_AES_128_CMAC) {
-		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using MGMT group cipher AES-128-CMAC");
-	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
-		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using MGMT group cipher BIP-GMAC-128");
-	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
-		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using MGMT group cipher BIP-GMAC-256");
-	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
-		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using MGMT group cipher BIP-CMAC-256");
-	} else {
-		wpa_s->mgmt_group_cipher = 0;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
-	}
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
-			 wpa_s->mgmt_group_cipher);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
-			 wpas_get_ssid_pmf(wpa_s, ssid));
-}
-
-
-/**
- * wpa_supplicant_set_suites - Set authentication and encryption parameters
- * @wpa_s: Pointer to wpa_supplicant data
- * @bss: Scan results for the selected BSS, or %NULL if not available
- * @ssid: Configuration data for the selected network
- * @wpa_ie: Buffer for the WPA/RSN IE
- * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
- * used buffer length in case the functions returns success.
- * Returns: 0 on success or -1 on failure
- *
- * This function is used to configure authentication and encryption parameters
- * based on the network configuration and scan result for the selected BSS (if
- * available).
- */
-int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *bss, struct wpa_ssid *ssid,
-			      u8 *wpa_ie, size_t *wpa_ie_len)
-{
-	struct wpa_ie_data ie;
-	int sel, proto, sae_pwe;
-	const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
-
-	if (bss) {
-		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-	} else {
-		bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
-	}
-
-	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
-	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
-	    matching_ciphers(ssid, &ie, bss->freq) &&
-	    (ie.key_mgmt & ssid->key_mgmt)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
-		proto = WPA_PROTO_RSN;
-	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
-		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
-		   (ie.group_cipher & ssid->group_cipher) &&
-		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
-		   (ie.key_mgmt & ssid->key_mgmt)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
-		proto = WPA_PROTO_WPA;
-#ifdef CONFIG_HS20
-	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
-		   wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
-		   (ie.group_cipher & ssid->group_cipher) &&
-		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
-		   (ie.key_mgmt & ssid->key_mgmt)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
-		proto = WPA_PROTO_OSEN;
-	} else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
-	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
-	    (ie.group_cipher & ssid->group_cipher) &&
-	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
-	    (ie.key_mgmt & ssid->key_mgmt)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
-		proto = WPA_PROTO_RSN;
-#endif /* CONFIG_HS20 */
-	} else if (bss) {
-		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
-			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
-			ssid->key_mgmt);
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
-			MAC2STR(bss->bssid),
-			wpa_ssid_txt(bss->ssid, bss->ssid_len),
-			bss_wpa ? " WPA" : "",
-			bss_rsn ? " RSN" : "",
-			bss_osen ? " OSEN" : "");
-		if (bss_rsn) {
-			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
-			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"Could not parse RSN element");
-			} else {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
-					ie.pairwise_cipher, ie.group_cipher,
-					ie.key_mgmt);
-			}
-		}
-		if (bss_wpa) {
-			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
-			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"Could not parse WPA element");
-			} else {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
-					ie.pairwise_cipher, ie.group_cipher,
-					ie.key_mgmt);
-			}
-		}
-		return -1;
-	} else {
-		if (ssid->proto & WPA_PROTO_OSEN)
-			proto = WPA_PROTO_OSEN;
-		else if (ssid->proto & WPA_PROTO_RSN)
-			proto = WPA_PROTO_RSN;
-		else
-			proto = WPA_PROTO_WPA;
-		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
-			os_memset(&ie, 0, sizeof(ie));
-			ie.group_cipher = ssid->group_cipher;
-			ie.pairwise_cipher = ssid->pairwise_cipher;
-			ie.key_mgmt = ssid->key_mgmt;
-			ie.mgmt_group_cipher = 0;
-			if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
-				if (ssid->group_mgmt_cipher &
-				    WPA_CIPHER_BIP_GMAC_256)
-					ie.mgmt_group_cipher =
-						WPA_CIPHER_BIP_GMAC_256;
-				else if (ssid->group_mgmt_cipher &
-					 WPA_CIPHER_BIP_CMAC_256)
-					ie.mgmt_group_cipher =
-						WPA_CIPHER_BIP_CMAC_256;
-				else if (ssid->group_mgmt_cipher &
-					 WPA_CIPHER_BIP_GMAC_128)
-					ie.mgmt_group_cipher =
-						WPA_CIPHER_BIP_GMAC_128;
-				else
-					ie.mgmt_group_cipher =
-						WPA_CIPHER_AES_128_CMAC;
-			}
-#ifdef CONFIG_OWE
-			if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
-			    !ssid->owe_only &&
-			    !bss_wpa && !bss_rsn && !bss_osen) {
-				wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-				wpa_s->wpa_proto = 0;
-				*wpa_ie_len = 0;
-				return 0;
-			}
-#endif /* CONFIG_OWE */
-			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
-				"based on configuration");
-		} else
-			proto = ie.proto;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
-		"pairwise %d key_mgmt %d proto %d",
-		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
-	if (ssid->ieee80211w) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
-			ie.mgmt_group_cipher);
-	}
-
-	wpa_s->wpa_proto = proto;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
-			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
-
-	if (bss || !wpa_s->ap_ies_from_associnfo) {
-		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
-					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
-		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
-					 bss_rsn ? 2 + bss_rsn[1] : 0) ||
-		    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
-					bss_rsnx ? 2 + bss_rsnx[1] : 0))
-			return -1;
-	}
-
-#ifdef CONFIG_NO_WPA
-	wpa_s->group_cipher = WPA_CIPHER_NONE;
-	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
-#else /* CONFIG_NO_WPA */
-	sel = ie.group_cipher & ssid->group_cipher;
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
-		ie.group_cipher, ssid->group_cipher, sel);
-	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
-	if (wpa_s->group_cipher < 0) {
-		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
-			"cipher");
-		return -1;
-	}
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
-		wpa_cipher_txt(wpa_s->group_cipher));
-
-	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
-		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
-	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
-	if (wpa_s->pairwise_cipher < 0) {
-		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
-			"cipher");
-		return -1;
-	}
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
-		wpa_cipher_txt(wpa_s->pairwise_cipher));
-#endif /* CONFIG_NO_WPA */
-
-	sel = ie.key_mgmt & ssid->key_mgmt;
-#ifdef CONFIG_SAE
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
-		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_IEEE80211R
-	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
-				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
-		sel &= ~WPA_KEY_MGMT_FT;
-#endif /* CONFIG_IEEE80211R */
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
-		ie.key_mgmt, ssid->key_mgmt, sel);
-	if (0) {
-#ifdef CONFIG_IEEE80211R
-#ifdef CONFIG_SHA384
-	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
-		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using KEY_MGMT FT/802.1X-SHA384");
-		if (!ssid->ft_eap_pmksa_caching &&
-		    pmksa_cache_get_current(wpa_s->wpa)) {
-			/* PMKSA caching with FT may have interoperability
-			 * issues, so disable that case by default for now. */
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"WPA: Disable PMKSA caching for FT/802.1X connection");
-			pmksa_cache_clear_current(wpa_s->wpa);
-		}
-#endif /* CONFIG_SHA384 */
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_SUITEB192
-	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
-#endif /* CONFIG_SUITEB192 */
-#ifdef CONFIG_SUITEB
-	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using KEY_MGMT 802.1X with Suite B");
-#endif /* CONFIG_SUITEB */
-#ifdef CONFIG_FILS
-#ifdef CONFIG_IEEE80211R
-	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
-	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
-#endif /* CONFIG_IEEE80211R */
-	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
-	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
-#endif /* CONFIG_FILS */
-#ifdef CONFIG_IEEE80211R
-	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
-		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
-		if (!ssid->ft_eap_pmksa_caching &&
-		    pmksa_cache_get_current(wpa_s->wpa)) {
-			/* PMKSA caching with FT may have interoperability
-			 * issues, so disable that case by default for now. */
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"WPA: Disable PMKSA caching for FT/802.1X connection");
-			pmksa_cache_clear_current(wpa_s->wpa);
-		}
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_DPP
-	} else if (sel & WPA_KEY_MGMT_DPP) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
-#endif /* CONFIG_DPP */
-#ifdef CONFIG_SAE
-	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
-	} else if (sel & WPA_KEY_MGMT_SAE) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_IEEE80211R
-	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
-#endif /* CONFIG_IEEE80211R */
-	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using KEY_MGMT 802.1X with SHA256");
-	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"WPA: using KEY_MGMT PSK with SHA256");
-	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
-	} else if (sel & WPA_KEY_MGMT_PSK) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
-	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
-#ifdef CONFIG_HS20
-	} else if (sel & WPA_KEY_MGMT_OSEN) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
-		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_OWE
-	} else if (sel & WPA_KEY_MGMT_OWE) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
-		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
-#endif /* CONFIG_OWE */
-	} else {
-		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
-			"authenticated key management type");
-		return -1;
-	}
-
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
-			 wpa_s->pairwise_cipher);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
-
-	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
-	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"RSN: Management frame protection required but the selected AP does not enable it");
-		return -1;
-	}
-
-	wpas_set_mgmt_group_cipher(wpa_s, ssid, &ie);
-#ifdef CONFIG_OCV
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
-	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
-#endif /* CONFIG_OCV */
-	sae_pwe = wpa_s->conf->sae_pwe;
-	if (ssid->sae_password_id && sae_pwe != 3)
-		sae_pwe = 1;
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
-#ifdef CONFIG_SAE_PK
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
-			 wpa_key_mgmt_sae(ssid->key_mgmt) &&
-			 ssid->sae_pk != SAE_PK_MODE_DISABLED &&
-			 ((ssid->sae_password &&
-			   sae_pk_valid_password(ssid->sae_password)) ||
-			  (!ssid->sae_password && ssid->passphrase &&
-			   sae_pk_valid_password(ssid->passphrase))));
-#endif /* CONFIG_SAE_PK */
-#ifdef CONFIG_TESTING_OPTIONS
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
-			 wpa_s->ft_rsnxe_used);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL,
-			 wpa_s->oci_freq_override_eapol);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
-			 wpa_s->oci_freq_override_eapol_g2);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
-			 wpa_s->oci_freq_override_ft_assoc);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FILS_ASSOC,
-			 wpa_s->oci_freq_override_fils_assoc);
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	/* Extended Key ID is only supported in infrastructure BSS so far */
-	if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
-	    (ssid->proto & WPA_PROTO_RSN) &&
-	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
-				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) {
-		int use_ext_key_id = 0;
-
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"WPA: Enable Extended Key ID support");
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID,
-				 wpa_s->conf->extended_key_id);
-		if (bss_rsn &&
-		    wpa_s->conf->extended_key_id &&
-		    wpa_s->pairwise_cipher != WPA_CIPHER_TKIP &&
-		    (ie.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST))
-			use_ext_key_id = 1;
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID,
-				 use_ext_key_id);
-	} else {
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID, 0);
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID, 0);
-	}
-
-	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
-		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
-		return -1;
-	}
-
-	wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
-	if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
-					   &wpa_s->rsnxe_len)) {
-		wpa_msg(wpa_s, MSG_WARNING, "RSN: Failed to generate RSNXE");
-		return -1;
-	}
-
-	if (0) {
-#ifdef CONFIG_DPP
-	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
-		/* Use PMK from DPP network introduction (PMKSA entry) */
-		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
-#ifdef CONFIG_DPP2
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DPP_PFS, ssid->dpp_pfs);
-#endif /* CONFIG_DPP2 */
-#endif /* CONFIG_DPP */
-	} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
-		int psk_set = 0;
-		int sae_only;
-
-		sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
-					      WPA_KEY_MGMT_FT_PSK |
-					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
-
-		if (ssid->psk_set && !sae_only) {
-			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
-					ssid->psk, PMK_LEN);
-			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
-				       NULL);
-			psk_set = 1;
-		}
-
-		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
-		    (ssid->sae_password || ssid->passphrase))
-			psk_set = 1;
-
-#ifndef CONFIG_NO_PBKDF2
-		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
-		    ssid->passphrase && !sae_only) {
-			u8 psk[PMK_LEN];
-		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
-				    4096, psk, PMK_LEN);
-		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
-					psk, PMK_LEN);
-			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
-			psk_set = 1;
-			os_memset(psk, 0, sizeof(psk));
-		}
-#endif /* CONFIG_NO_PBKDF2 */
-#ifdef CONFIG_EXT_PASSWORD
-		if (ssid->ext_psk && !sae_only) {
-			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-							     ssid->ext_psk);
-			char pw_str[64 + 1];
-			u8 psk[PMK_LEN];
-
-			if (pw == NULL) {
-				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
-					"found from external storage");
-				return -1;
-			}
-
-			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
-				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
-					"PSK length %d in external storage",
-					(int) wpabuf_len(pw));
-				ext_password_free(pw);
-				return -1;
-			}
-
-			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
-			pw_str[wpabuf_len(pw)] = '\0';
-
-#ifndef CONFIG_NO_PBKDF2
-			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
-			{
-				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
-					    4096, psk, PMK_LEN);
-				os_memset(pw_str, 0, sizeof(pw_str));
-				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
-						"external passphrase)",
-						psk, PMK_LEN);
-				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
-					       NULL);
-				psk_set = 1;
-				os_memset(psk, 0, sizeof(psk));
-			} else
-#endif /* CONFIG_NO_PBKDF2 */
-			if (wpabuf_len(pw) == 2 * PMK_LEN) {
-				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
-					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
-						"Invalid PSK hex string");
-					os_memset(pw_str, 0, sizeof(pw_str));
-					ext_password_free(pw);
-					return -1;
-				}
-				wpa_hexdump_key(MSG_MSGDUMP,
-						"PSK (from external PSK)",
-						psk, PMK_LEN);
-				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
-					       NULL);
-				psk_set = 1;
-				os_memset(psk, 0, sizeof(psk));
-			} else {
-				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
-					"PSK available");
-				os_memset(pw_str, 0, sizeof(pw_str));
-				ext_password_free(pw);
-				return -1;
-			}
-
-			os_memset(pw_str, 0, sizeof(pw_str));
-			ext_password_free(pw);
-		}
-#endif /* CONFIG_EXT_PASSWORD */
-
-		if (!psk_set) {
-			wpa_msg(wpa_s, MSG_INFO,
-				"No PSK available for association");
-			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
-			return -1;
-		}
-#ifdef CONFIG_OWE
-	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
-		/* OWE Diffie-Hellman exchange in (Re)Association
-		 * Request/Response frames set the PMK, so do not override it
-		 * here. */
-#endif /* CONFIG_OWE */
-	} else
-		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
-
-	if (ssid->mode != WPAS_MODE_IBSS &&
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
-	    (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
-	     (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
-	      !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Disable PTK0 rekey support - replaced with reconnect");
-		wpa_s->deny_ptk0_rekey = 1;
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
-	} else {
-		wpa_s->deny_ptk0_rekey = 0;
-		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
-	}
-
-	return 0;
-}
-
-
-static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
-{
-	bool scs = true, mscs = true;
-
-	*pos = 0x00;
-
-	switch (idx) {
-	case 0: /* Bits 0-7 */
-		break;
-	case 1: /* Bits 8-15 */
-		if (wpa_s->conf->coloc_intf_reporting) {
-			/* Bit 13 - Collocated Interference Reporting */
-			*pos |= 0x20;
-		}
-		break;
-	case 2: /* Bits 16-23 */
-#ifdef CONFIG_WNM
-		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
-		if (!wpa_s->disable_mbo_oce && !wpa_s->conf->disable_btm)
-			*pos |= 0x08; /* Bit 19 - BSS Transition */
-#endif /* CONFIG_WNM */
-		break;
-	case 3: /* Bits 24-31 */
-#ifdef CONFIG_WNM
-		*pos |= 0x02; /* Bit 25 - SSID List */
-#endif /* CONFIG_WNM */
-#ifdef CONFIG_INTERWORKING
-		if (wpa_s->conf->interworking)
-			*pos |= 0x80; /* Bit 31 - Interworking */
-#endif /* CONFIG_INTERWORKING */
-		break;
-	case 4: /* Bits 32-39 */
-#ifdef CONFIG_INTERWORKING
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
-			*pos |= 0x01; /* Bit 32 - QoS Map */
-#endif /* CONFIG_INTERWORKING */
-		break;
-	case 5: /* Bits 40-47 */
-#ifdef CONFIG_HS20
-		if (wpa_s->conf->hs20)
-			*pos |= 0x40; /* Bit 46 - WNM-Notification */
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_MBO
-		*pos |= 0x40; /* Bit 46 - WNM-Notification */
-#endif /* CONFIG_MBO */
-		break;
-	case 6: /* Bits 48-55 */
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->disable_scs_support)
-			scs = false;
-#endif /* CONFIG_TESTING_OPTIONS */
-		if (scs)
-			*pos |= 0x40; /* Bit 54 - SCS */
-		break;
-	case 7: /* Bits 56-63 */
-		break;
-	case 8: /* Bits 64-71 */
-		if (wpa_s->conf->ftm_responder)
-			*pos |= 0x40; /* Bit 70 - FTM responder */
-		if (wpa_s->conf->ftm_initiator)
-			*pos |= 0x80; /* Bit 71 - FTM initiator */
-		break;
-	case 9: /* Bits 72-79 */
-#ifdef CONFIG_FILS
-		if (!wpa_s->disable_fils)
-			*pos |= 0x01;
-#endif /* CONFIG_FILS */
-		break;
-	case 10: /* Bits 80-87 */
-#ifdef CONFIG_TESTING_OPTIONS
-		if (wpa_s->disable_mscs_support)
-			mscs = false;
-#endif /* CONFIG_TESTING_OPTIONS */
-		if (mscs)
-			*pos |= 0x20; /* Bit 85 - Mirrored SCS */
-		break;
-	}
-}
-
-
-int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
-{
-	u8 *pos = buf;
-	u8 len = 11, i;
-
-	if (len < wpa_s->extended_capa_len)
-		len = wpa_s->extended_capa_len;
-	if (buflen < (size_t) len + 2) {
-		wpa_printf(MSG_INFO,
-			   "Not enough room for building extended capabilities element");
-		return -1;
-	}
-
-	*pos++ = WLAN_EID_EXT_CAPAB;
-	*pos++ = len;
-	for (i = 0; i < len; i++, pos++) {
-		wpas_ext_capab_byte(wpa_s, pos, i);
-
-		if (i < wpa_s->extended_capa_len) {
-			*pos &= ~wpa_s->extended_capa_mask[i];
-			*pos |= wpa_s->extended_capa[i];
-		}
-	}
-
-	while (len > 0 && buf[1 + len] == 0) {
-		len--;
-		buf[1] = len;
-	}
-	if (len == 0)
-		return 0;
-
-	return 2 + len;
-}
-
-
-static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
-			  struct wpa_bss *test_bss)
-{
-	struct wpa_bss *bss;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (bss == test_bss)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
-			   struct wpa_ssid *test_ssid)
-{
-	struct wpa_ssid *ssid;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid == test_ssid)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
-			struct wpa_ssid *test_ssid)
-{
-	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
-		return 0;
-
-	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
-}
-
-
-void wpas_connect_work_free(struct wpa_connect_work *cwork)
-{
-	if (cwork == NULL)
-		return;
-	os_free(cwork);
-}
-
-
-void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_connect_work *cwork;
-	struct wpa_radio_work *work = wpa_s->connect_work;
-
-	if (!work)
-		return;
-
-	wpa_s->connect_work = NULL;
-	cwork = work->ctx;
-	work->ctx = NULL;
-	wpas_connect_work_free(cwork);
-	radio_work_done(work);
-}
-
-
-int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
-{
-	struct os_reltime now;
-	u8 addr[ETH_ALEN];
-
-	os_get_reltime(&now);
-	if (wpa_s->last_mac_addr_style == style &&
-	    wpa_s->last_mac_addr_change.sec != 0 &&
-	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
-				wpa_s->conf->rand_addr_lifetime)) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Previously selected random MAC address has not yet expired");
-		return 0;
-	}
-
-	switch (style) {
-	case 1:
-		if (random_mac_addr(addr) < 0)
-			return -1;
-		break;
-	case 2:
-		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
-		if (random_mac_addr_keep_oui(addr) < 0)
-			return -1;
-		break;
-	default:
-		return -1;
-	}
-
-	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Failed to set random MAC address");
-		return -1;
-	}
-
-	os_get_reltime(&wpa_s->last_mac_addr_change);
-	wpa_s->mac_addr_changed = 1;
-	wpa_s->last_mac_addr_style = style;
-
-	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Could not update MAC address information");
-		return -1;
-	}
-
-	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
-		MAC2STR(addr));
-
-	return 0;
-}
-
-
-int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
-	    !wpa_s->conf->preassoc_mac_addr)
-		return 0;
-
-	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
-}
-
-
-static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_SAE
-	int *groups = conf->sae_groups;
-	int default_groups[] = { 19, 20, 21, 0 };
-	const char *password;
-
-	if (!groups || groups[0] <= 0)
-		groups = default_groups;
-
-	password = ssid->sae_password;
-	if (!password)
-		password = ssid->passphrase;
-
-	if (!password ||
-	    (conf->sae_pwe == 0 && !ssid->sae_password_id &&
-	     !sae_pk_valid_password(password)) ||
-	    conf->sae_pwe == 3) {
-		/* PT derivation not needed */
-		sae_deinit_pt(ssid->pt);
-		ssid->pt = NULL;
-		return;
-	}
-
-	if (ssid->pt)
-		return; /* PT already derived */
-	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
-				 (const u8 *) password, os_strlen(password),
-				 ssid->sae_password_id);
-#endif /* CONFIG_SAE */
-}
-
-
-static void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
-{
-#if defined(CONFIG_SAE) && defined(CONFIG_SME)
-	os_free(wpa_s->sme.sae_rejected_groups);
-	wpa_s->sme.sae_rejected_groups = NULL;
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->extra_sae_rejected_groups) {
-		int i, *groups = wpa_s->extra_sae_rejected_groups;
-
-		for (i = 0; groups[i]; i++) {
-			wpa_printf(MSG_DEBUG,
-				   "TESTING: Indicate rejection of an extra SAE group %d",
-				   groups[i]);
-			int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
-					     groups[i]);
-		}
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_SAE && CONFIG_SME */
-}
-
-
-int wpas_restore_permanent_mac_addr(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Could not restore permanent MAC address");
-		return -1;
-	}
-	wpa_s->mac_addr_changed = 0;
-	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"Could not update MAC address information");
-		return -1;
-	}
-	wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
-	return 0;
-}
-
-
-static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
-
-/**
- * wpa_supplicant_associate - Request association
- * @wpa_s: Pointer to wpa_supplicant data
- * @bss: Scan results for the selected BSS, or %NULL if not available
- * @ssid: Configuration data for the selected network
- *
- * This function is used to request %wpa_supplicant to associate with a BSS.
- */
-void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *bss, struct wpa_ssid *ssid)
-{
-	struct wpa_connect_work *cwork;
-	int rand_style;
-
-	wpa_s->own_disconnect_req = 0;
-	wpa_s->own_reconnect_req = 0;
-
-	/*
-	 * If we are starting a new connection, any previously pending EAPOL
-	 * RX cannot be valid anymore.
-	 */
-	wpabuf_free(wpa_s->pending_eapol_rx);
-	wpa_s->pending_eapol_rx = NULL;
-
-	if (ssid->mac_addr == -1)
-		rand_style = wpa_s->conf->mac_addr;
-	else
-		rand_style = ssid->mac_addr;
-
-	wpa_s->multi_ap_ie = 0;
-	wmm_ac_clear_saved_tspecs(wpa_s);
-	wpa_s->reassoc_same_bss = 0;
-	wpa_s->reassoc_same_ess = 0;
-#ifdef CONFIG_TESTING_OPTIONS
-	wpa_s->testing_resend_assoc = 0;
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_s->last_ssid == ssid) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
-		wpa_s->reassoc_same_ess = 1;
-		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
-			wmm_ac_save_tspecs(wpa_s);
-			wpa_s->reassoc_same_bss = 1;
-		} else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
-			os_get_reltime(&wpa_s->roam_start);
-		}
-	} else {
-#ifdef CONFIG_SAE
-		wpa_s_clear_sae_rejected(wpa_s);
-#endif /* CONFIG_SAE */
-	}
-#ifdef CONFIG_SAE
-	wpa_s_setup_sae_pt(wpa_s->conf, ssid);
-#endif /* CONFIG_SAE */
-
-	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
-		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
-			return;
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
-		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
-			return;
-	}
-	wpa_s->last_ssid = ssid;
-
-#ifdef CONFIG_IBSS_RSN
-	ibss_rsn_deinit(wpa_s->ibss_rsn);
-	wpa_s->ibss_rsn = NULL;
-#else /* CONFIG_IBSS_RSN */
-	if (ssid->mode == WPAS_MODE_IBSS &&
-	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"IBSS RSN not supported in the build");
-		return;
-	}
-#endif /* CONFIG_IBSS_RSN */
-
-	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
-	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
-#ifdef CONFIG_AP
-		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
-			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
-				"mode");
-			return;
-		}
-		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
-				wpas_p2p_ap_setup_failed(wpa_s);
-			return;
-		}
-		wpa_s->current_bss = bss;
-#else /* CONFIG_AP */
-		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
-			"the build");
-#endif /* CONFIG_AP */
-		return;
-	}
-
-	if (ssid->mode == WPAS_MODE_MESH) {
-#ifdef CONFIG_MESH
-		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
-			wpa_msg(wpa_s, MSG_INFO,
-				"Driver does not support mesh mode");
-			return;
-		}
-		if (bss)
-			ssid->frequency = bss->freq;
-		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
-			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
-			return;
-		}
-		wpa_s->current_bss = bss;
-#else /* CONFIG_MESH */
-		wpa_msg(wpa_s, MSG_ERROR,
-			"mesh mode support not included in the build");
-#endif /* CONFIG_MESH */
-		return;
-	}
-
-	/*
-	 * Set WPA state machine configuration to match the selected network now
-	 * so that the information is available before wpas_start_assoc_cb()
-	 * gets called. This is needed at least for RSN pre-authentication where
-	 * candidate APs are added to a list based on scan result processing
-	 * before completion of the first association.
-	 */
-	wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
-
-#ifdef CONFIG_DPP
-	if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
-		return;
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_TDLS
-	if (bss)
-		wpa_tdls_ap_ies(wpa_s->wpa, wpa_bss_ie_ptr(bss), bss->ie_len);
-#endif /* CONFIG_TDLS */
-
-#ifdef CONFIG_MBO
-	wpas_mbo_check_pmf(wpa_s, bss, ssid);
-#endif /* CONFIG_MBO */
-
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-	    ssid->mode == WPAS_MODE_INFRA) {
-		sme_authenticate(wpa_s, bss, ssid);
-		return;
-	}
-
-	if (wpa_s->connect_work) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
-		return;
-	}
-
-	if (radio_work_pending(wpa_s, "connect")) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
-		return;
-	}
-
-#ifdef CONFIG_SME
-	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
-		/* Clear possibly set auth_alg, if any, from last attempt. */
-		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
-	}
-#endif /* CONFIG_SME */
-
-	wpas_abort_ongoing_scan(wpa_s);
-
-	cwork = os_zalloc(sizeof(*cwork));
-	if (cwork == NULL)
-		return;
-
-	cwork->bss = bss;
-	cwork->ssid = ssid;
-
-	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
-			   wpas_start_assoc_cb, cwork) < 0) {
-		os_free(cwork);
-	}
-}
-
-
-static int bss_is_ibss(struct wpa_bss *bss)
-{
-	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
-		IEEE80211_CAP_IBSS;
-}
-
-
-static int drv_supports_vht(struct wpa_supplicant *wpa_s,
-			    const struct wpa_ssid *ssid)
-{
-	enum hostapd_hw_mode hw_mode;
-	struct hostapd_hw_modes *mode = NULL;
-	u8 channel;
-	int i;
-
-	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
-	if (hw_mode == NUM_HOSTAPD_MODES)
-		return 0;
-	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
-		if (wpa_s->hw.modes[i].mode == hw_mode) {
-			mode = &wpa_s->hw.modes[i];
-			break;
-		}
-	}
-
-	if (!mode)
-		return 0;
-
-	return mode->vht_capab != 0;
-}
-
-
-static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
-{
-	int i;
-
-	for (i = channel; i < channel + 16; i += 4) {
-		struct hostapd_channel_data *chan;
-
-		chan = hw_get_channel_chan(mode, i, NULL);
-		if (!chan ||
-		    chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
-			return false;
-	}
-
-	return true;
-}
-
-
-void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
-			  const struct wpa_ssid *ssid,
-			  struct hostapd_freq_params *freq)
-{
-	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
-	enum hostapd_hw_mode hw_mode;
-	struct hostapd_hw_modes *mode = NULL;
-	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
-			   184, 192 };
-	int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
-		       6035, 6115, 6195, 6275, 6355, 6435, 6515,
-		       6595, 6675, 6755, 6835, 6915, 6995 };
-	int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
-	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
-	u8 channel;
-	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
-	unsigned int j, k;
-	struct hostapd_freq_params vht_freq;
-	int chwidth, seg0, seg1;
-	u32 vht_caps = 0;
-	bool is_24ghz, is_6ghz;
-
-	freq->freq = ssid->frequency;
-
-	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
-		struct wpa_bss *bss = wpa_s->last_scan_res[j];
-
-		if (ssid->mode != WPAS_MODE_IBSS)
-			break;
-
-		/* Don't adjust control freq in case of fixed_freq */
-		if (ssid->fixed_freq)
-			break;
-
-		if (!bss_is_ibss(bss))
-			continue;
-
-		if (ssid->ssid_len == bss->ssid_len &&
-		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
-			wpa_printf(MSG_DEBUG,
-				   "IBSS already found in scan results, adjust control freq: %d",
-				   bss->freq);
-			freq->freq = bss->freq;
-			obss_scan = 0;
-			break;
-		}
-	}
-
-	/* For IBSS check HT_IBSS flag */
-	if (ssid->mode == WPAS_MODE_IBSS &&
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
-		return;
-
-	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
-	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
-	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
-		wpa_printf(MSG_DEBUG,
-			   "IBSS: WEP/TKIP detected, do not try to enable HT");
-		return;
-	}
-
-	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
-	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
-		if (wpa_s->hw.modes[i].mode == hw_mode) {
-			mode = &wpa_s->hw.modes[i];
-			break;
-		}
-	}
-
-	if (!mode)
-		return;
-
-	freq->channel = channel;
-
-	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
-		hw_mode == HOSTAPD_MODE_IEEE80211B;
-
-	/* HT/VHT and corresponding overrides are not applicable to 6 GHz.
-	 * However, HE is mandatory for 6 GHz.
-	 */
-	is_6ghz = is_6ghz_freq(freq->freq);
-	if (is_6ghz)
-		goto skip_to_6ghz;
-
-#ifdef CONFIG_HT_OVERRIDES
-	if (ssid->disable_ht) {
-		freq->ht_enabled = 0;
-		return;
-	}
-#endif /* CONFIG_HT_OVERRIDES */
-
-	freq->ht_enabled = ht_supported(mode);
-	if (!freq->ht_enabled)
-		return;
-
-	/* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
-	if (is_24ghz)
-		freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
-#ifdef CONFIG_HE_OVERRIDES
-	if (is_24ghz && ssid->disable_he)
-		freq->he_enabled = 0;
-#endif /* CONFIG_HE_OVERRIDES */
-
-	/* Setup higher BW only for 5 GHz */
-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-		return;
-
-	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
-		pri_chan = &mode->channels[chan_idx];
-		if (pri_chan->chan == channel)
-			break;
-		pri_chan = NULL;
-	}
-	if (!pri_chan)
-		return;
-
-	/* Check primary channel flags */
-	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
-		return;
-
-	freq->channel = pri_chan->chan;
-
-#ifdef CONFIG_HT_OVERRIDES
-	if (ssid->disable_ht40) {
-#ifdef CONFIG_VHT_OVERRIDES
-		if (ssid->disable_vht)
-			return;
-#endif /* CONFIG_VHT_OVERRIDES */
-		goto skip_ht40;
-	}
-#endif /* CONFIG_HT_OVERRIDES */
-
-	/* Check/setup HT40+/HT40- */
-	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
-		if (ht40plus[j] == channel) {
-			ht40 = 1;
-			break;
-		}
-	}
-
-	/* Find secondary channel */
-	for (i = 0; i < mode->num_channels; i++) {
-		sec_chan = &mode->channels[i];
-		if (sec_chan->chan == channel + ht40 * 4)
-			break;
-		sec_chan = NULL;
-	}
-	if (!sec_chan)
-		return;
-
-	/* Check secondary channel flags */
-	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
-		return;
-
-	if (ht40 == -1) {
-		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-			return;
-	} else {
-		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
-			return;
-	}
-	freq->sec_channel_offset = ht40;
-
-	if (obss_scan) {
-		struct wpa_scan_results *scan_res;
-
-		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
-		if (scan_res == NULL) {
-			/* Back to HT20 */
-			freq->sec_channel_offset = 0;
-			return;
-		}
-
-		res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
-		switch (res) {
-		case 0:
-			/* Back to HT20 */
-			freq->sec_channel_offset = 0;
-			break;
-		case 1:
-			/* Configuration allowed */
-			break;
-		case 2:
-			/* Switch pri/sec channels */
-			freq->freq = hw_get_freq(mode, sec_chan->chan);
-			freq->sec_channel_offset = -freq->sec_channel_offset;
-			freq->channel = sec_chan->chan;
-			break;
-		default:
-			freq->sec_channel_offset = 0;
-			break;
-		}
-
-		wpa_scan_results_free(scan_res);
-	}
-
-#ifdef CONFIG_HT_OVERRIDES
-skip_ht40:
-#endif /* CONFIG_HT_OVERRIDES */
-	wpa_printf(MSG_DEBUG,
-		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
-		   freq->channel, freq->sec_channel_offset);
-
-	if (!drv_supports_vht(wpa_s, ssid))
-		return;
-
-	/* For IBSS check VHT_IBSS flag */
-	if (ssid->mode == WPAS_MODE_IBSS &&
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
-		return;
-
-#ifdef CONFIG_VHT_OVERRIDES
-	if (ssid->disable_vht) {
-		freq->vht_enabled = 0;
-		return;
-	}
-#endif /* CONFIG_VHT_OVERRIDES */
-
-skip_to_6ghz:
-	vht_freq = *freq;
-
-	/* 6 GHz does not have VHT enabled, so allow that exception here. */
-	vht_freq.vht_enabled = vht_supported(mode);
-	if (!vht_freq.vht_enabled && !is_6ghz)
-		return;
-
-	/* Enable HE with VHT for 5 GHz */
-	freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
-
-	/* setup center_freq1, bandwidth */
-	for (j = 0; j < ARRAY_SIZE(bw80); j++) {
-		if (freq->freq >= bw80[j] &&
-		    freq->freq < bw80[j] + 80)
-			break;
-	}
-
-	if (j == ARRAY_SIZE(bw80) ||
-	    ieee80211_freq_to_chan(bw80[j], &channel) == NUM_HOSTAPD_MODES)
-		return;
-
-	/* Back to HT configuration if channel not usable */
-	if (!ibss_mesh_is_80mhz_avail(channel, mode))
-		return;
-
-	chwidth = CHANWIDTH_80MHZ;
-	seg0 = channel + 6;
-	seg1 = 0;
-
-	if ((mode->he_capab[ieee80211_mode].phy_cap[
-		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
-	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz) {
-		/* In 160 MHz, the initial four 20 MHz channels were validated
-		 * above; check the remaining four 20 MHz channels for the total
-		 * of 160 MHz bandwidth.
-		 */
-		if (!ibss_mesh_is_80mhz_avail(channel + 16, mode))
-			return;
-
-		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
-			if (freq->freq == bw160[j]) {
-				chwidth = CHANWIDTH_160MHZ;
-				seg0 = channel + 14;
-				break;
-			}
-		}
-	}
-
-	if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
-		/* setup center_freq2, bandwidth */
-		for (k = 0; k < ARRAY_SIZE(bw80); k++) {
-			/* Only accept 80 MHz segments separated by a gap */
-			if (j == k || abs(bw80[j] - bw80[k]) == 80)
-				continue;
-
-			if (ieee80211_freq_to_chan(bw80[k], &channel) ==
-			    NUM_HOSTAPD_MODES)
-				return;
-
-			for (i = channel; i < channel + 16; i += 4) {
-				struct hostapd_channel_data *chan;
-
-				chan = hw_get_channel_chan(mode, i, NULL);
-				if (!chan)
-					continue;
-
-				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
-						  HOSTAPD_CHAN_NO_IR |
-						  HOSTAPD_CHAN_RADAR))
-					continue;
-
-				/* Found a suitable second segment for 80+80 */
-				chwidth = CHANWIDTH_80P80MHZ;
-				if (!is_6ghz)
-					vht_caps |=
-						VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
-				seg1 = channel + 6;
-			}
-
-			if (chwidth == CHANWIDTH_80P80MHZ)
-				break;
-		}
-	} else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
-		if (freq->freq == 5180) {
-			chwidth = CHANWIDTH_160MHZ;
-			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
-			seg0 = 50;
-		} else if (freq->freq == 5520) {
-			chwidth = CHANWIDTH_160MHZ;
-			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
-			seg0 = 114;
-		}
-	} else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
-		chwidth = CHANWIDTH_USE_HT;
-		seg0 = channel + 2;
-#ifdef CONFIG_HT_OVERRIDES
-		if (ssid->disable_ht40)
-			seg0 = 0;
-#endif /* CONFIG_HT_OVERRIDES */
-	}
-
-#ifdef CONFIG_HE_OVERRIDES
-	if (ssid->disable_he) {
-		vht_freq.he_enabled = 0;
-		freq->he_enabled = 0;
-	}
-#endif /* CONFIG_HE_OVERRIDES */
-	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
-				    freq->channel, ssid->enable_edmg,
-				    ssid->edmg_channel, freq->ht_enabled,
-				    vht_freq.vht_enabled, freq->he_enabled,
-				    freq->sec_channel_offset,
-				    chwidth, seg0, seg1, vht_caps,
-				    &mode->he_capab[ieee80211_mode]) != 0)
-		return;
-
-	*freq = vht_freq;
-
-	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
-		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
-}
-
-
-#ifdef CONFIG_FILS
-static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
-				    size_t ie_buf_len)
-{
-	struct fils_hlp_req *req;
-	size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
-	const u8 *pos;
-	u8 *buf = ie_buf;
-
-	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
-			 list) {
-		rem_len = ie_buf_len - ie_len;
-		pos = wpabuf_head(req->pkt);
-		hdr_len = 1 + 2 * ETH_ALEN + 6;
-		hlp_len = wpabuf_len(req->pkt);
-
-		if (rem_len < 2 + hdr_len + hlp_len) {
-			wpa_printf(MSG_ERROR,
-				   "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
-				   (unsigned long) rem_len,
-				   (unsigned long) (2 + hdr_len + hlp_len));
-			break;
-		}
-
-		len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
-		/* Element ID */
-		*buf++ = WLAN_EID_EXTENSION;
-		/* Length */
-		*buf++ = len;
-		/* Element ID Extension */
-		*buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
-		/* Destination MAC address */
-		os_memcpy(buf, req->dst, ETH_ALEN);
-		buf += ETH_ALEN;
-		/* Source MAC address */
-		os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
-		buf += ETH_ALEN;
-		/* LLC/SNAP Header */
-		os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
-		buf += 6;
-		/* HLP Packet */
-		os_memcpy(buf, pos, len - hdr_len);
-		buf += len - hdr_len;
-		pos += len - hdr_len;
-
-		hlp_len -= len - hdr_len;
-		ie_len += 2 + len;
-		rem_len -= 2 + len;
-
-		while (hlp_len) {
-			len = (hlp_len > 255) ? 255 : hlp_len;
-			if (rem_len < 2 + len)
-				break;
-			*buf++ = WLAN_EID_FRAGMENT;
-			*buf++ = len;
-			os_memcpy(buf, pos, len);
-			buf += len;
-			pos += len;
-
-			hlp_len -= len;
-			ie_len += 2 + len;
-			rem_len -= 2 + len;
-		}
-	}
-
-	return ie_len;
-}
-
-
-int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
-{
-	return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
-		(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
-}
-
-
-int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_FILS_SK_PFS
-	return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
-		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
-#else /* CONFIG_FILS_SK_PFS */
-	return 0;
-#endif /* CONFIG_FILS_SK_PFS */
-}
-
-#endif /* CONFIG_FILS */
-
-
-static int wpas_populate_wfa_capa(struct wpa_supplicant *wpa_s,
-				  struct wpa_bss *bss,
-				  u8 *wpa_ie, size_t wpa_ie_len,
-				  size_t max_wpa_ie_len)
-{
-	struct wpabuf *wfa_ie = NULL;
-	u8 wfa_capa[1];
-	size_t wfa_ie_len, buf_len;
-
-	os_memset(wfa_capa, 0, sizeof(wfa_capa));
-	if (wpa_s->enable_dscp_policy_capa)
-		wfa_capa[0] |= WFA_CAPA_QM_DSCP_POLICY;
-
-	if (!wfa_capa[0])
-		return wpa_ie_len;
-
-	/* Wi-Fi Alliance element */
-	buf_len = 1 +	/* Element ID */
-		  1 +	/* Length */
-		  3 +	/* OUI */
-		  1 +	/* OUI Type */
-		  1 +	/* Capabilities Length */
-		  sizeof(wfa_capa);	/* Capabilities */
-	wfa_ie = wpabuf_alloc(buf_len);
-	if (!wfa_ie)
-		return wpa_ie_len;
-
-	wpabuf_put_u8(wfa_ie, WLAN_EID_VENDOR_SPECIFIC);
-	wpabuf_put_u8(wfa_ie, buf_len - 2);
-	wpabuf_put_be24(wfa_ie, OUI_WFA);
-	wpabuf_put_u8(wfa_ie, WFA_CAPA_OUI_TYPE);
-	wpabuf_put_u8(wfa_ie, sizeof(wfa_capa));
-	wpabuf_put_data(wfa_ie, wfa_capa, sizeof(wfa_capa));
-
-	wfa_ie_len = wpabuf_len(wfa_ie);
-	if (wpa_ie_len + wfa_ie_len <= max_wpa_ie_len) {
-		wpa_hexdump_buf(MSG_MSGDUMP, "WFA Capabilities element",
-				wfa_ie);
-		os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(wfa_ie),
-			  wfa_ie_len);
-		wpa_ie_len += wfa_ie_len;
-	}
-
-	wpabuf_free(wfa_ie);
-	return wpa_ie_len;
-}
-
-
-static u8 * wpas_populate_assoc_ies(
-	struct wpa_supplicant *wpa_s,
-	struct wpa_bss *bss, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params,
-	enum wpa_drv_update_connect_params_mask *mask)
-{
-	u8 *wpa_ie;
-	size_t max_wpa_ie_len = 500;
-	size_t wpa_ie_len;
-	int algs = WPA_AUTH_ALG_OPEN;
-#ifdef CONFIG_MBO
-	const u8 *mbo_ie;
-#endif
-#if defined(CONFIG_SAE) || defined(CONFIG_FILS)
-	int pmksa_cached = 0;
-#endif /* CONFIG_SAE || CONFIG_FILS */
-#ifdef CONFIG_FILS
-	const u8 *realm, *username, *rrk;
-	size_t realm_len, username_len, rrk_len;
-	u16 next_seq_num;
-	struct fils_hlp_req *req;
-
-	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
-			 list) {
-		max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
-				  2 + 2 * wpabuf_len(req->pkt) / 255;
-	}
-#endif /* CONFIG_FILS */
-
-	wpa_ie = os_malloc(max_wpa_ie_len);
-	if (!wpa_ie) {
-		wpa_printf(MSG_ERROR,
-			   "Failed to allocate connect IE buffer for %lu bytes",
-			   (unsigned long) max_wpa_ie_len);
-		return NULL;
-	}
-
-	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
-		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
-	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
-		int try_opportunistic;
-		const u8 *cache_id = NULL;
-
-		try_opportunistic = (ssid->proactive_key_caching < 0 ?
-				     wpa_s->conf->okc :
-				     ssid->proactive_key_caching) &&
-			(ssid->proto & WPA_PROTO_RSN);
-#ifdef CONFIG_FILS
-		if (wpa_key_mgmt_fils(ssid->key_mgmt))
-			cache_id = wpa_bss_get_fils_cache_id(bss);
-#endif /* CONFIG_FILS */
-		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
-					    ssid, try_opportunistic,
-					    cache_id, 0) == 0) {
-			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
-#if defined(CONFIG_SAE) || defined(CONFIG_FILS)
-			pmksa_cached = 1;
-#endif /* CONFIG_SAE || CONFIG_FILS */
-		}
-		wpa_ie_len = max_wpa_ie_len;
-		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
-					      wpa_ie, &wpa_ie_len)) {
-			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
-				"key management and encryption suites");
-			os_free(wpa_ie);
-			return NULL;
-		}
-#ifdef CONFIG_HS20
-	} else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
-		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
-		/* No PMKSA caching, but otherwise similar to RSN/WPA */
-		wpa_ie_len = max_wpa_ie_len;
-		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
-					      wpa_ie, &wpa_ie_len)) {
-			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
-				"key management and encryption suites");
-			os_free(wpa_ie);
-			return NULL;
-		}
-#endif /* CONFIG_HS20 */
-	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
-		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
-		/*
-		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
-		 * use non-WPA since the scan results did not indicate that the
-		 * AP is using WPA or WPA2.
-		 */
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-		wpa_ie_len = 0;
-		wpa_s->wpa_proto = 0;
-	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
-		wpa_ie_len = max_wpa_ie_len;
-		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
-					      wpa_ie, &wpa_ie_len)) {
-			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
-				"key management and encryption suites (no "
-				"scan results)");
-			os_free(wpa_ie);
-			return NULL;
-		}
-#ifdef CONFIG_WPS
-	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
-		struct wpabuf *wps_ie;
-		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
-		if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
-			wpa_ie_len = wpabuf_len(wps_ie);
-			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
-		} else
-			wpa_ie_len = 0;
-		wpabuf_free(wps_ie);
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
-			params->wps = WPS_MODE_PRIVACY;
-		else
-			params->wps = WPS_MODE_OPEN;
-		wpa_s->wpa_proto = 0;
-#endif /* CONFIG_WPS */
-	} else {
-		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
-		wpa_ie_len = 0;
-		wpa_s->wpa_proto = 0;
-	}
-
-#ifdef IEEE8021X_EAPOL
-	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		if (ssid->leap) {
-			if (ssid->non_leap == 0)
-				algs = WPA_AUTH_ALG_LEAP;
-			else
-				algs |= WPA_AUTH_ALG_LEAP;
-		}
-	}
-
-#ifdef CONFIG_FILS
-	/* Clear FILS association */
-	wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
-
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
-	    ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
-	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
-				  &username_len, &realm, &realm_len,
-				  &next_seq_num, &rrk, &rrk_len) == 0 &&
-	    (!wpa_s->last_con_fail_realm ||
-	     wpa_s->last_con_fail_realm_len != realm_len ||
-	     os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
-		algs = WPA_AUTH_ALG_FILS;
-		params->fils_erp_username = username;
-		params->fils_erp_username_len = username_len;
-		params->fils_erp_realm = realm;
-		params->fils_erp_realm_len = realm_len;
-		params->fils_erp_next_seq_num = next_seq_num;
-		params->fils_erp_rrk = rrk;
-		params->fils_erp_rrk_len = rrk_len;
-
-		if (mask)
-			*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
-	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
-		   ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
-		   pmksa_cached) {
-		algs = WPA_AUTH_ALG_FILS;
-	}
-#endif /* CONFIG_FILS */
-#endif /* IEEE8021X_EAPOL */
-#ifdef CONFIG_SAE
-	if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
-		algs = WPA_AUTH_ALG_SAE;
-#endif /* CONFIG_SAE */
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
-	if (ssid->auth_alg) {
-		algs = ssid->auth_alg;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Overriding auth_alg selection: 0x%x", algs);
-	}
-
-#ifdef CONFIG_SAE
-	if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
-		algs = WPA_AUTH_ALG_OPEN;
-	}
-#endif /* CONFIG_SAE */
-
-#ifdef CONFIG_P2P
-	if (wpa_s->global->p2p) {
-		u8 *pos;
-		size_t len;
-		int res;
-		pos = wpa_ie + wpa_ie_len;
-		len = max_wpa_ie_len - wpa_ie_len;
-		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
-					    ssid->p2p_group);
-		if (res >= 0)
-			wpa_ie_len += res;
-	}
-
-	wpa_s->cross_connect_disallowed = 0;
-	if (bss) {
-		struct wpabuf *p2p;
-		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
-		if (p2p) {
-			wpa_s->cross_connect_disallowed =
-				p2p_get_cross_connect_disallowed(p2p);
-			wpabuf_free(p2p);
-			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
-				"connection",
-				wpa_s->cross_connect_disallowed ?
-				"disallows" : "allows");
-		}
-	}
-
-	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
-#endif /* CONFIG_P2P */
-
-	if (bss) {
-		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
-						    wpa_ie + wpa_ie_len,
-						    max_wpa_ie_len -
-						    wpa_ie_len);
-	}
-
-	/*
-	 * Workaround: Add Extended Capabilities element only if the AP
-	 * included this element in Beacon/Probe Response frames. Some older
-	 * APs seem to have interoperability issues if this element is
-	 * included, so while the standard may require us to include the
-	 * element in all cases, it is justifiable to skip it to avoid
-	 * interoperability issues.
-	 */
-	if (ssid->p2p_group)
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
-	else
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
-
-	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
-		u8 ext_capab[18];
-		int ext_capab_len;
-		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
-						     sizeof(ext_capab));
-		if (ext_capab_len > 0 &&
-		    wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
-			u8 *pos = wpa_ie;
-			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
-				pos += 2 + pos[1];
-			os_memmove(pos + ext_capab_len, pos,
-				   wpa_ie_len - (pos - wpa_ie));
-			wpa_ie_len += ext_capab_len;
-			os_memcpy(pos, ext_capab, ext_capab_len);
-		}
-	}
-
-#ifdef CONFIG_HS20
-	if (is_hs20_network(wpa_s, ssid, bss)) {
-		struct wpabuf *hs20;
-
-		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
-		if (hs20) {
-			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
-			size_t len;
-
-			wpas_hs20_add_indication(hs20, pps_mo_id,
-						 get_hs20_version(bss));
-			wpas_hs20_add_roam_cons_sel(hs20, ssid);
-			len = max_wpa_ie_len - wpa_ie_len;
-			if (wpabuf_len(hs20) <= len) {
-				os_memcpy(wpa_ie + wpa_ie_len,
-					  wpabuf_head(hs20), wpabuf_len(hs20));
-				wpa_ie_len += wpabuf_len(hs20);
-			}
-			wpabuf_free(hs20);
-
-			hs20_configure_frame_filters(wpa_s);
-		}
-	}
-#endif /* CONFIG_HS20 */
-
-	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
-		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
-		size_t len;
-
-		len = max_wpa_ie_len - wpa_ie_len;
-		if (wpabuf_len(buf) <= len) {
-			os_memcpy(wpa_ie + wpa_ie_len,
-				  wpabuf_head(buf), wpabuf_len(buf));
-			wpa_ie_len += wpabuf_len(buf);
-		}
-	}
-
-#ifdef CONFIG_FST
-	if (wpa_s->fst_ies) {
-		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
-
-		if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
-			os_memcpy(wpa_ie + wpa_ie_len,
-				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
-			wpa_ie_len += fst_ies_len;
-		}
-	}
-#endif /* CONFIG_FST */
-
-#ifdef CONFIG_MBO
-	mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
-	if (!wpa_s->disable_mbo_oce && mbo_ie) {
-		int len;
-
-		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
-				  max_wpa_ie_len - wpa_ie_len,
-				  !!mbo_attr_from_mbo_ie(mbo_ie,
-							 OCE_ATTR_ID_CAPA_IND));
-		if (len >= 0)
-			wpa_ie_len += len;
-	}
-#endif /* CONFIG_MBO */
-
-#ifdef CONFIG_FILS
-	if (algs == WPA_AUTH_ALG_FILS) {
-		size_t len;
-
-		len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
-					    max_wpa_ie_len - wpa_ie_len);
-		wpa_ie_len += len;
-	}
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_OWE
-#ifdef CONFIG_TESTING_OPTIONS
-	if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
-		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
-	} else
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (algs == WPA_AUTH_ALG_OPEN &&
-	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
-		struct wpabuf *owe_ie;
-		u16 group;
-
-		if (ssid->owe_group) {
-			group = ssid->owe_group;
-		} else if (wpa_s->assoc_status_code ==
-			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
-			if (wpa_s->last_owe_group == 19)
-				group = 20;
-			else if (wpa_s->last_owe_group == 20)
-				group = 21;
-			else
-				group = OWE_DH_GROUP;
-		} else {
-			group = OWE_DH_GROUP;
-		}
-
-		wpa_s->last_owe_group = group;
-		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
-		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
-		if (owe_ie &&
-		    wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
-			os_memcpy(wpa_ie + wpa_ie_len,
-				  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
-			wpa_ie_len += wpabuf_len(owe_ie);
-		}
-		wpabuf_free(owe_ie);
-	}
-#endif /* CONFIG_OWE */
-
-#ifdef CONFIG_DPP2
-	if (DPP_VERSION > 1 &&
-	    wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
-	    ssid->dpp_netaccesskey &&
-	    ssid->dpp_pfs != 2 && !ssid->dpp_pfs_fallback) {
-		struct rsn_pmksa_cache_entry *pmksa;
-
-		pmksa = pmksa_cache_get_current(wpa_s->wpa);
-		if (!pmksa || !pmksa->dpp_pfs)
-			goto pfs_fail;
-
-		dpp_pfs_free(wpa_s->dpp_pfs);
-		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
-					      ssid->dpp_netaccesskey_len);
-		if (!wpa_s->dpp_pfs) {
-			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
-			/* Try to continue without PFS */
-			goto pfs_fail;
-		}
-		if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
-		    max_wpa_ie_len - wpa_ie_len) {
-			os_memcpy(wpa_ie + wpa_ie_len,
-				  wpabuf_head(wpa_s->dpp_pfs->ie),
-				  wpabuf_len(wpa_s->dpp_pfs->ie));
-			wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
-		}
-	}
-pfs_fail:
-#endif /* CONFIG_DPP2 */
-
-#ifdef CONFIG_IEEE80211R
-	/*
-	 * Add MDIE under these conditions: the network profile allows FT,
-	 * the AP supports FT, and the mobility domain ID matches.
-	 */
-	if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
-		const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
-
-		if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
-			size_t len = 0;
-			const u8 *md = mdie + 2;
-			const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
-
-			if (os_memcmp(md, wpa_md,
-				      MOBILITY_DOMAIN_ID_LEN) == 0) {
-				/* Add mobility domain IE */
-				len = wpa_ft_add_mdie(
-					wpa_s->wpa, wpa_ie + wpa_ie_len,
-					max_wpa_ie_len - wpa_ie_len, mdie);
-				wpa_ie_len += len;
-			}
-#ifdef CONFIG_SME
-			if (len > 0 && wpa_s->sme.ft_used &&
-			    wpa_sm_has_ptk(wpa_s->wpa)) {
-				wpa_dbg(wpa_s, MSG_DEBUG,
-					"SME: Trying to use FT over-the-air");
-				algs |= WPA_AUTH_ALG_FT;
-			}
-#endif /* CONFIG_SME */
-		}
-	}
-#endif /* CONFIG_IEEE80211R */
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->rsnxe_override_assoc &&
-	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
-	    max_wpa_ie_len - wpa_ie_len) {
-		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
-		os_memcpy(wpa_ie + wpa_ie_len,
-			  wpabuf_head(wpa_s->rsnxe_override_assoc),
-			  wpabuf_len(wpa_s->rsnxe_override_assoc));
-		wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
-	} else
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (wpa_s->rsnxe_len > 0 &&
-	    wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
-		os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
-		wpa_ie_len += wpa_s->rsnxe_len;
-	}
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->disable_mscs_support)
-		goto mscs_end;
-#endif /* CONFIG_TESTING_OPTIONS */
-	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_MSCS) &&
-	    wpa_s->robust_av.valid_config) {
-		struct wpabuf *mscs_ie;
-		size_t mscs_ie_len, buf_len;
-
-		buf_len = 3 +	/* MSCS descriptor IE header */
-			  1 +	/* Request type */
-			  2 +	/* User priority control */
-			  4 +	/* Stream timeout */
-			  3 +	/* TCLAS Mask IE header */
-			  wpa_s->robust_av.frame_classifier_len;
-		mscs_ie = wpabuf_alloc(buf_len);
-		if (!mscs_ie) {
-			wpa_printf(MSG_INFO,
-				   "MSCS: Failed to allocate MSCS IE");
-			goto mscs_end;
-		}
-
-		wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
-		if ((wpa_ie_len + wpabuf_len(mscs_ie)) <= max_wpa_ie_len) {
-			wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
-			mscs_ie_len = wpabuf_len(mscs_ie);
-			os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(mscs_ie),
-				  mscs_ie_len);
-			wpa_ie_len += mscs_ie_len;
-		}
-
-		wpabuf_free(mscs_ie);
-	}
-mscs_end:
-
-	wpa_ie_len = wpas_populate_wfa_capa(wpa_s, bss, wpa_ie, wpa_ie_len,
-					    max_wpa_ie_len);
-
-	if (ssid->multi_ap_backhaul_sta) {
-		size_t multi_ap_ie_len;
-
-		multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
-						  max_wpa_ie_len - wpa_ie_len,
-						  MULTI_AP_BACKHAUL_STA);
-		if (multi_ap_ie_len == 0) {
-			wpa_printf(MSG_ERROR,
-				   "Multi-AP: Failed to build Multi-AP IE");
-			os_free(wpa_ie);
-			return NULL;
-		}
-		wpa_ie_len += multi_ap_ie_len;
-	}
-
-	params->wpa_ie = wpa_ie;
-	params->wpa_ie_len = wpa_ie_len;
-	params->auth_alg = algs;
-	if (mask)
-		*mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
-
-	return wpa_ie;
-}
-
-
-#ifdef CONFIG_OWE
-static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_driver_associate_params params;
-	u8 *wpa_ie;
-
-	os_memset(&params, 0, sizeof(params));
-	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
-					 wpa_s->current_ssid, &params, NULL);
-	if (!wpa_ie)
-		return;
-
-	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
-	os_free(wpa_ie);
-}
-#endif /* CONFIG_OWE */
-
-
-#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
-static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_driver_associate_params params;
-	enum wpa_drv_update_connect_params_mask mask = 0;
-	u8 *wpa_ie;
-
-	if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
-		return; /* nothing to do */
-
-	os_memset(&params, 0, sizeof(params));
-	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
-					 wpa_s->current_ssid, &params, &mask);
-	if (!wpa_ie)
-		return;
-
-	if (params.auth_alg == WPA_AUTH_ALG_FILS) {
-		wpa_s->auth_alg = params.auth_alg;
-		wpa_drv_update_connect_params(wpa_s, &params, mask);
-	}
-
-	os_free(wpa_ie);
-}
-#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
-
-
-static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
-{
-	if (!edmg_ie || edmg_ie[1] < 6)
-		return 0;
-	return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
-}
-
-
-static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
-{
-	if (!edmg_ie || edmg_ie[1] < 6)
-		return 0;
-	return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
-}
-
-
-/* Returns the intersection of two EDMG configurations.
- * Note: The current implementation is limited to CB2 only (CB1 included),
- * i.e., the implementation supports up to 2 contiguous channels.
- * For supporting non-contiguous (aggregated) channels and for supporting
- * CB3 and above, this function will need to be extended.
- */
-static struct ieee80211_edmg_config
-get_edmg_intersection(struct ieee80211_edmg_config a,
-		      struct ieee80211_edmg_config b,
-		      u8 primary_channel)
-{
-	struct ieee80211_edmg_config result;
-	int i, contiguous = 0;
-	int max_contiguous = 0;
-
-	result.channels = b.channels & a.channels;
-	if (!result.channels) {
-		wpa_printf(MSG_DEBUG,
-			   "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
-			   a.channels, b.channels);
-		goto fail;
-	}
-
-	if (!(result.channels & BIT(primary_channel - 1))) {
-		wpa_printf(MSG_DEBUG,
-			   "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
-			   primary_channel, result.channels);
-		goto fail;
-	}
-
-	/* Find max contiguous channels */
-	for (i = 0; i < 6; i++) {
-		if (result.channels & BIT(i))
-			contiguous++;
-		else
-			contiguous = 0;
-
-		if (contiguous > max_contiguous)
-			max_contiguous = contiguous;
-	}
-
-	/* Assuming AP and STA supports ONLY contiguous channels,
-	 * bw configuration can have value between 4-7.
-	 */
-	if ((b.bw_config < a.bw_config))
-		result.bw_config = b.bw_config;
-	else
-		result.bw_config = a.bw_config;
-
-	if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
-	    (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
-		wpa_printf(MSG_DEBUG,
-			   "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
-			   max_contiguous);
-		goto fail;
-	}
-
-	return result;
-
-fail:
-	result.channels = 0;
-	result.bw_config = 0;
-	return result;
-}
-
-
-static struct ieee80211_edmg_config
-get_supported_edmg(struct wpa_supplicant *wpa_s,
-		   struct hostapd_freq_params *freq,
-		   struct ieee80211_edmg_config request_edmg)
-{
-	enum hostapd_hw_mode hw_mode;
-	struct hostapd_hw_modes *mode = NULL;
-	u8 primary_channel;
-
-	if (!wpa_s->hw.modes)
-		goto fail;
-
-	hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
-	if (hw_mode == NUM_HOSTAPD_MODES)
-		goto fail;
-
-	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, false);
-	if (!mode)
-		goto fail;
-
-	return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
-
-fail:
-	request_edmg.channels = 0;
-	request_edmg.bw_config = 0;
-	return request_edmg;
-}
-
-
-#ifdef CONFIG_MBO
-void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_driver_associate_params params;
-	u8 *wpa_ie;
-
-	/*
-	 * Update MBO connect params only in case of change of MBO attributes
-	 * when connected, if the AP support MBO.
-	 */
-
-	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
-	    !wpa_s->current_bss ||
-	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
-		return;
-
-	os_memset(&params, 0, sizeof(params));
-	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
-					 wpa_s->current_ssid, &params, NULL);
-	if (!wpa_ie)
-		return;
-
-	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
-	os_free(wpa_ie);
-}
-#endif /* CONFIG_MBO */
-
-
-static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
-{
-	struct wpa_connect_work *cwork = work->ctx;
-	struct wpa_bss *bss = cwork->bss;
-	struct wpa_ssid *ssid = cwork->ssid;
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	u8 *wpa_ie;
-	const u8 *edmg_ie_oper;
-	int use_crypt, ret, bssid_changed;
-	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
-	struct wpa_driver_associate_params params;
-#if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
-	int wep_keys_set = 0;
-#endif /* CONFIG_WEP || IEEE8021X_EAPOL */
-	int assoc_failed = 0;
-	struct wpa_ssid *old_ssid;
-	u8 prev_bssid[ETH_ALEN];
-#ifdef CONFIG_HT_OVERRIDES
-	struct ieee80211_ht_capabilities htcaps;
-	struct ieee80211_ht_capabilities htcaps_mask;
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-       struct ieee80211_vht_capabilities vhtcaps;
-       struct ieee80211_vht_capabilities vhtcaps_mask;
-#endif /* CONFIG_VHT_OVERRIDES */
-
-	if (deinit) {
-		if (work->started) {
-			wpa_s->connect_work = NULL;
-
-			/* cancel possible auth. timeout */
-			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
-					     NULL);
-		}
-		wpas_connect_work_free(cwork);
-		return;
-	}
-
-	wpa_s->connect_work = work;
-
-	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
-	    wpas_network_disabled(wpa_s, ssid)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
-		wpas_connect_work_done(wpa_s);
-		return;
-	}
-
-	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
-	os_memset(&params, 0, sizeof(params));
-	wpa_s->reassociate = 0;
-	wpa_s->eap_expected_failure = 0;
-
-	/* Starting new association, so clear the possibly used WPA IE from the
-	 * previous association. */
-	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
-	wpa_s->rsnxe_len = 0;
-	wpa_s->mscs_setup_done = false;
-
-	wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
-	if (!wpa_ie) {
-		wpas_connect_work_done(wpa_s);
-		return;
-	}
-
-	if (bss &&
-	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
-#ifdef CONFIG_IEEE80211R
-		const u8 *ie, *md = NULL;
-#endif /* CONFIG_IEEE80211R */
-		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
-			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
-			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
-		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
-		os_memset(wpa_s->bssid, 0, ETH_ALEN);
-		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
-		if (bssid_changed)
-			wpas_notify_bssid_changed(wpa_s);
-#ifdef CONFIG_IEEE80211R
-		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
-		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
-			md = ie + 2;
-		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
-		if (md) {
-			/* Prepare for the next transition */
-			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
-		}
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_WPS
-	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
-		   wpa_s->conf->ap_scan == 2 &&
-		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
-		/* Use ap_scan==1 style network selection to find the network
-		 */
-		wpas_connect_work_done(wpa_s);
-		wpa_s->scan_req = MANUAL_SCAN_REQ;
-		wpa_s->reassociate = 1;
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-		os_free(wpa_ie);
-		return;
-#endif /* CONFIG_WPS */
-	} else {
-		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
-			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-		if (bss)
-			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
-		else
-			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
-	}
-	if (!wpa_s->pno)
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-
-	wpa_supplicant_cancel_scan(wpa_s);
-
-	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
-	use_crypt = 1;
-	cipher_pairwise = wpa_s->pairwise_cipher;
-	cipher_group = wpa_s->group_cipher;
-	cipher_group_mgmt = wpa_s->mgmt_group_cipher;
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
-			use_crypt = 0;
-#ifdef CONFIG_WEP
-		if (wpa_set_wep_keys(wpa_s, ssid)) {
-			use_crypt = 1;
-			wep_keys_set = 1;
-		}
-#endif /* CONFIG_WEP */
-	}
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
-		use_crypt = 0;
-
-#ifdef IEEE8021X_EAPOL
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		if ((ssid->eapol_flags &
-		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
-		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
-		    !wep_keys_set) {
-			use_crypt = 0;
-		} else {
-			/* Assume that dynamic WEP-104 keys will be used and
-			 * set cipher suites in order for drivers to expect
-			 * encryption. */
-			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
-		}
-	}
-#endif /* IEEE8021X_EAPOL */
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
-		/* Set the key before (and later after) association */
-		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
-	}
-
-	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
-	if (bss) {
-		params.ssid = bss->ssid;
-		params.ssid_len = bss->ssid_len;
-		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
-		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
-			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
-				   MACSTR " freq=%u MHz based on scan results "
-				   "(bssid_set=%d wps=%d)",
-				   MAC2STR(bss->bssid), bss->freq,
-				   ssid->bssid_set,
-				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
-			params.bssid = bss->bssid;
-			params.freq.freq = bss->freq;
-		}
-		params.bssid_hint = bss->bssid;
-		params.freq_hint = bss->freq;
-		params.pbss = bss_is_pbss(bss);
-	} else {
-		if (ssid->bssid_hint_set)
-			params.bssid_hint = ssid->bssid_hint;
-
-		params.ssid = ssid->ssid;
-		params.ssid_len = ssid->ssid_len;
-		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
-	}
-
-	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
-	    wpa_s->conf->ap_scan == 2) {
-		params.bssid = ssid->bssid;
-		params.fixed_bssid = 1;
-	}
-
-	/* Initial frequency for IBSS/mesh */
-	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
-	    ssid->frequency > 0 && params.freq.freq == 0)
-		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
-
-	if (ssid->mode == WPAS_MODE_IBSS) {
-		params.fixed_freq = ssid->fixed_freq;
-		if (ssid->beacon_int)
-			params.beacon_int = ssid->beacon_int;
-		else
-			params.beacon_int = wpa_s->conf->beacon_int;
-	}
-
-	if (bss && ssid->enable_edmg)
-		edmg_ie_oper = wpa_bss_get_ie_ext(bss,
-						  WLAN_EID_EXT_EDMG_OPERATION);
-	else
-		edmg_ie_oper = NULL;
-
-	if (edmg_ie_oper) {
-		params.freq.edmg.channels =
-			wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
-		params.freq.edmg.bw_config =
-			wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
-		wpa_printf(MSG_DEBUG,
-			   "AP supports EDMG channels 0x%x, bw_config %d",
-			   params.freq.edmg.channels,
-			   params.freq.edmg.bw_config);
-
-		/* User may ask for specific EDMG channel for EDMG connection
-		 * (must be supported by AP)
-		 */
-		if (ssid->edmg_channel) {
-			struct ieee80211_edmg_config configured_edmg;
-			enum hostapd_hw_mode hw_mode;
-			u8 primary_channel;
-
-			hw_mode = ieee80211_freq_to_chan(bss->freq,
-							 &primary_channel);
-			if (hw_mode == NUM_HOSTAPD_MODES)
-				goto edmg_fail;
-
-			hostapd_encode_edmg_chan(ssid->enable_edmg,
-						 ssid->edmg_channel,
-						 primary_channel,
-						 &configured_edmg);
-
-			if (ieee802_edmg_is_allowed(params.freq.edmg,
-						    configured_edmg)) {
-				params.freq.edmg = configured_edmg;
-				wpa_printf(MSG_DEBUG,
-					   "Use EDMG channel %d for connection",
-					   ssid->edmg_channel);
-			} else {
-			edmg_fail:
-				params.freq.edmg.channels = 0;
-				params.freq.edmg.bw_config = 0;
-				wpa_printf(MSG_WARNING,
-					   "EDMG channel %d not supported by AP, fallback to DMG",
-					   ssid->edmg_channel);
-			}
-		}
-
-		if (params.freq.edmg.channels) {
-			wpa_printf(MSG_DEBUG,
-				   "EDMG before: channels 0x%x, bw_config %d",
-				   params.freq.edmg.channels,
-				   params.freq.edmg.bw_config);
-			params.freq.edmg = get_supported_edmg(wpa_s,
-							      &params.freq,
-							      params.freq.edmg);
-			wpa_printf(MSG_DEBUG,
-				   "EDMG after: channels 0x%x, bw_config %d",
-				   params.freq.edmg.channels,
-				   params.freq.edmg.bw_config);
-		}
-	}
-
-	params.pairwise_suite = cipher_pairwise;
-	params.group_suite = cipher_group;
-	params.mgmt_group_suite = cipher_group_mgmt;
-	params.key_mgmt_suite = wpa_s->key_mgmt;
-	params.wpa_proto = wpa_s->wpa_proto;
-	wpa_s->auth_alg = params.auth_alg;
-	params.mode = ssid->mode;
-	params.bg_scan_period = ssid->bg_scan_period;
-#ifdef CONFIG_WEP
-	{
-		int i;
-
-		for (i = 0; i < NUM_WEP_KEYS; i++) {
-			if (ssid->wep_key_len[i])
-				params.wep_key[i] = ssid->wep_key[i];
-			params.wep_key_len[i] = ssid->wep_key_len[i];
-		}
-		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
-	}
-#endif /* CONFIG_WEP */
-
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
-	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
-	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
-		params.passphrase = ssid->passphrase;
-		if (ssid->psk_set)
-			params.psk = ssid->psk;
-	}
-
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
-	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
-	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
-	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
-	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
-		params.req_handshake_offload = 1;
-
-	if (wpa_s->conf->key_mgmt_offload) {
-		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
-		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
-		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
-		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
-			params.req_key_mgmt_offload =
-				ssid->proactive_key_caching < 0 ?
-				wpa_s->conf->okc : ssid->proactive_key_caching;
-		else
-			params.req_key_mgmt_offload = 1;
-
-		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
-		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
-		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
-		    ssid->psk_set)
-			params.psk = ssid->psk;
-	}
-
-	params.drop_unencrypted = use_crypt;
-
-	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
-	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
-		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-		struct wpa_ie_data ie;
-		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
-		    ie.capabilities &
-		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
-				"MFP: require MFP");
-			params.mgmt_frame_protection =
-				MGMT_FRAME_PROTECTION_REQUIRED;
-#ifdef CONFIG_OWE
-		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
-			   !ssid->owe_only) {
-			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
-#endif /* CONFIG_OWE */
-		}
-	}
-
-	params.p2p = ssid->p2p_group;
-
-	if (wpa_s->p2pdev->set_sta_uapsd)
-		params.uapsd = wpa_s->p2pdev->sta_uapsd;
-	else
-		params.uapsd = -1;
-
-#ifdef CONFIG_HT_OVERRIDES
-	os_memset(&htcaps, 0, sizeof(htcaps));
-	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
-	params.htcaps = (u8 *) &htcaps;
-	params.htcaps_mask = (u8 *) &htcaps_mask;
-	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
-#endif /* CONFIG_HT_OVERRIDES */
-#ifdef CONFIG_VHT_OVERRIDES
-	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
-	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
-	params.vhtcaps = &vhtcaps;
-	params.vhtcaps_mask = &vhtcaps_mask;
-	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
-#endif /* CONFIG_VHT_OVERRIDES */
-#ifdef CONFIG_HE_OVERRIDES
-	wpa_supplicant_apply_he_overrides(wpa_s, ssid, &params);
-#endif /* CONFIG_HE_OVERRIDES */
-
-#ifdef CONFIG_P2P
-	/*
-	 * If multi-channel concurrency is not supported, check for any
-	 * frequency conflict. In case of any frequency conflict, remove the
-	 * least prioritized connection.
-	 */
-	if (wpa_s->num_multichan_concurrent < 2) {
-		int freq, num;
-		num = get_shared_radio_freqs(wpa_s, &freq, 1);
-		if (num > 0 && freq > 0 && freq != params.freq.freq) {
-			wpa_printf(MSG_DEBUG,
-				   "Assoc conflicting freq found (%d != %d)",
-				   freq, params.freq.freq);
-			if (wpas_p2p_handle_frequency_conflicts(
-				    wpa_s, params.freq.freq, ssid) < 0) {
-				wpas_connect_work_done(wpa_s);
-				os_free(wpa_ie);
-				return;
-			}
-		}
-	}
-#endif /* CONFIG_P2P */
-
-	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
-	    wpa_s->current_ssid)
-		params.prev_bssid = prev_bssid;
-
-#ifdef CONFIG_SAE
-	params.sae_pwe = wpa_s->conf->sae_pwe;
-#endif /* CONFIG_SAE */
-
-	ret = wpa_drv_associate(wpa_s, &params);
-	os_free(wpa_ie);
-	if (ret < 0) {
-		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
-			"failed");
-		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_VALID_ERROR_CODES) {
-			/*
-			 * The driver is known to mean what is saying, so we
-			 * can stop right here; the association will not
-			 * succeed.
-			 */
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
-			return;
-		}
-		/* try to continue anyway; new association will be tried again
-		 * after timeout */
-		assoc_failed = 1;
-	}
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
-		/* Set the key after the association just in case association
-		 * cleared the previously configured key. */
-		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
-		/* No need to timeout authentication since there is no key
-		 * management. */
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-#ifdef CONFIG_IBSS_RSN
-	} else if (ssid->mode == WPAS_MODE_IBSS &&
-		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
-		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
-		/*
-		 * RSN IBSS authentication is per-STA and we can disable the
-		 * per-BSSID authentication.
-		 */
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-#endif /* CONFIG_IBSS_RSN */
-	} else {
-		/* Timeout for IEEE 802.11 authentication and association */
-		int timeout = 60;
-
-		if (assoc_failed) {
-			/* give IBSS a bit more time */
-			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
-		} else if (wpa_s->conf->ap_scan == 1) {
-			/* give IBSS a bit more time */
-			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
-		}
-		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
-	}
-
-#ifdef CONFIG_WEP
-	if (wep_keys_set &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
-		/* Set static WEP keys again */
-		wpa_set_wep_keys(wpa_s, ssid);
-	}
-#endif /* CONFIG_WEP */
-
-	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
-		/*
-		 * Do not allow EAP session resumption between different
-		 * network configurations.
-		 */
-		eapol_sm_invalidate_cached_session(wpa_s->eapol);
-	}
-	old_ssid = wpa_s->current_ssid;
-	wpa_s->current_ssid = ssid;
-
-	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
-		wpa_s->current_bss = bss;
-#ifdef CONFIG_HS20
-		hs20_configure_frame_filters(wpa_s);
-#endif /* CONFIG_HS20 */
-	}
-
-	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
-	wpa_supplicant_initiate_eapol(wpa_s);
-	if (old_ssid != wpa_s->current_ssid)
-		wpas_notify_network_changed(wpa_s);
-}
-
-
-static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
-					    const u8 *addr)
-{
-	struct wpa_ssid *old_ssid;
-
-	wpas_connect_work_done(wpa_s);
-	wpa_clear_keys(wpa_s, addr);
-	old_ssid = wpa_s->current_ssid;
-	wpa_supplicant_mark_disassoc(wpa_s);
-	wpa_sm_set_config(wpa_s->wpa, NULL);
-	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-	if (old_ssid != wpa_s->current_ssid)
-		wpas_notify_network_changed(wpa_s);
-
-	wpas_scs_deinit(wpa_s);
-	wpas_dscp_deinit(wpa_s);
-	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
-}
-
-
-/**
- * wpa_supplicant_deauthenticate - Deauthenticate the current connection
- * @wpa_s: Pointer to wpa_supplicant data
- * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
- *
- * This function is used to request %wpa_supplicant to deauthenticate from the
- * current AP.
- */
-void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
-				   u16 reason_code)
-{
-	u8 *addr = NULL;
-	union wpa_event_data event;
-	int zero_addr = 0;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
-		" pending_bssid=" MACSTR " reason=%d (%s) state=%s",
-		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
-		reason_code, reason2str(reason_code),
-		wpa_supplicant_state_txt(wpa_s->wpa_state));
-
-	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
-	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
-	     wpa_s->wpa_state == WPA_ASSOCIATING))
-		addr = wpa_s->pending_bssid;
-	else if (!is_zero_ether_addr(wpa_s->bssid))
-		addr = wpa_s->bssid;
-	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
-		/*
-		 * When using driver-based BSS selection, we may not know the
-		 * BSSID with which we are currently trying to associate. We
-		 * need to notify the driver of this disconnection even in such
-		 * a case, so use the all zeros address here.
-		 */
-		addr = wpa_s->bssid;
-		zero_addr = 1;
-	}
-
-	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
-		wpa_s->enabled_4addr_mode = 0;
-
-#ifdef CONFIG_TDLS
-	wpa_tdls_teardown_peers(wpa_s->wpa);
-#endif /* CONFIG_TDLS */
-
-#ifdef CONFIG_MESH
-	if (wpa_s->ifmsh) {
-		struct mesh_conf *mconf;
-
-		mconf = wpa_s->ifmsh->mconf;
-		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
-			wpa_s->ifname);
-		wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
-					       mconf->meshid_len, reason_code);
-		wpa_supplicant_leave_mesh(wpa_s, true);
-	}
-#endif /* CONFIG_MESH */
-
-	if (addr) {
-		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
-		os_memset(&event, 0, sizeof(event));
-		event.deauth_info.reason_code = reason_code;
-		event.deauth_info.locally_generated = 1;
-		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
-		if (zero_addr)
-			addr = NULL;
-	}
-
-	wpa_supplicant_clear_connection(wpa_s, addr);
-}
-
-
-void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->own_reconnect_req = 1;
-	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
-
-}
-
-
-static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
-					      struct wpa_ssid *ssid)
-{
-	if (!ssid || !ssid->disabled || ssid->disabled == 2)
-		return;
-
-	ssid->disabled = 0;
-	ssid->owe_transition_bss_select_count = 0;
-	wpas_clear_temp_disabled(wpa_s, ssid, 1);
-	wpas_notify_network_enabled_changed(wpa_s, ssid);
-
-	/*
-	 * Try to reassociate since there is no current configuration and a new
-	 * network was made available.
-	 */
-	if (!wpa_s->current_ssid && !wpa_s->disconnected)
-		wpa_s->reassociate = 1;
-}
-
-
-/**
- * wpa_supplicant_add_network - Add a new network
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: The new network configuration or %NULL if operation failed
- *
- * This function performs the following operations:
- * 1. Adds a new network.
- * 2. Send network addition notification.
- * 3. Marks the network disabled.
- * 4. Set network default parameters.
- */
-struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (!ssid)
-		return NULL;
-	wpas_notify_network_added(wpa_s, ssid);
-	ssid->disabled = 1;
-	wpa_config_set_network_defaults(ssid);
-
-	return ssid;
-}
-
-
-/**
- * wpa_supplicant_remove_network - Remove a configured network based on id
- * @wpa_s: wpa_supplicant structure for a network interface
- * @id: Unique network id to search for
- * Returns: 0 on success, or -1 if the network was not found, -2 if the network
- * could not be removed
- *
- * This function performs the following operations:
- * 1. Removes the network.
- * 2. Send network removal notification.
- * 3. Update internal state machines.
- * 4. Stop any running sched scans.
- */
-int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
-{
-	struct wpa_ssid *ssid;
-	int was_disabled;
-
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (!ssid)
-		return -1;
-	wpas_notify_network_removed(wpa_s, ssid);
-
-	if (wpa_s->last_ssid == ssid)
-		wpa_s->last_ssid = NULL;
-
-	if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
-#ifdef CONFIG_SME
-		wpa_s->sme.prev_bssid_set = 0;
-#endif /* CONFIG_SME */
-		/*
-		 * Invalidate the EAP session cache if the current or
-		 * previously used network is removed.
-		 */
-		eapol_sm_invalidate_cached_session(wpa_s->eapol);
-	}
-
-	if (ssid == wpa_s->current_ssid) {
-		wpa_sm_set_config(wpa_s->wpa, NULL);
-		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-
-		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-			wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-	}
-
-	was_disabled = ssid->disabled;
-
-	if (wpa_config_remove_network(wpa_s->conf, id) < 0)
-		return -2;
-
-	if (!was_disabled && wpa_s->sched_scanning) {
-		wpa_printf(MSG_DEBUG,
-			   "Stop ongoing sched_scan to remove network from filters");
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	}
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_remove_all_networks - Remove all configured networks
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: 0 on success (errors are currently ignored)
- *
- * This function performs the following operations:
- * 1. Remove all networks.
- * 2. Send network removal notifications.
- * 3. Update internal state machines.
- * 4. Stop any running sched scans.
- */
-int wpa_supplicant_remove_all_networks(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-
-	if (wpa_s->sched_scanning)
-		wpa_supplicant_cancel_sched_scan(wpa_s);
-
-	eapol_sm_invalidate_cached_session(wpa_s->eapol);
-	if (wpa_s->current_ssid) {
-#ifdef CONFIG_SME
-		wpa_s->sme.prev_bssid_set = 0;
-#endif /* CONFIG_SME */
-		wpa_sm_set_config(wpa_s->wpa, NULL);
-		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-			wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-	}
-	ssid = wpa_s->conf->ssid;
-	while (ssid) {
-		struct wpa_ssid *remove_ssid = ssid;
-		int id;
-
-		id = ssid->id;
-		ssid = ssid->next;
-		if (wpa_s->last_ssid == remove_ssid)
-			wpa_s->last_ssid = NULL;
-		wpas_notify_network_removed(wpa_s, remove_ssid);
-		wpa_config_remove_network(wpa_s->conf, id);
-	}
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_enable_network - Mark a configured network as enabled
- * @wpa_s: wpa_supplicant structure for a network interface
- * @ssid: wpa_ssid structure for a configured network or %NULL
- *
- * Enables the specified network or all networks if no network specified.
- */
-void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid)
-{
-	if (ssid == NULL) {
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
-			wpa_supplicant_enable_one_network(wpa_s, ssid);
-	} else
-		wpa_supplicant_enable_one_network(wpa_s, ssid);
-
-	if (wpa_s->reassociate && !wpa_s->disconnected &&
-	    (!wpa_s->current_ssid ||
-	     wpa_s->wpa_state == WPA_DISCONNECTED ||
-	     wpa_s->wpa_state == WPA_SCANNING)) {
-		if (wpa_s->sched_scanning) {
-			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
-				   "new network to scan filters");
-			wpa_supplicant_cancel_sched_scan(wpa_s);
-		}
-
-		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
-			wpa_s->scan_req = NORMAL_SCAN_REQ;
-			wpa_supplicant_req_scan(wpa_s, 0, 0);
-		}
-	}
-}
-
-
-/**
- * wpa_supplicant_disable_network - Mark a configured network as disabled
- * @wpa_s: wpa_supplicant structure for a network interface
- * @ssid: wpa_ssid structure for a configured network or %NULL
- *
- * Disables the specified network or all networks if no network specified.
- */
-void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid)
-{
-	struct wpa_ssid *other_ssid;
-	int was_disabled;
-
-	if (ssid == NULL) {
-		if (wpa_s->sched_scanning)
-			wpa_supplicant_cancel_sched_scan(wpa_s);
-
-		for (other_ssid = wpa_s->conf->ssid; other_ssid;
-		     other_ssid = other_ssid->next) {
-			was_disabled = other_ssid->disabled;
-			if (was_disabled == 2)
-				continue; /* do not change persistent P2P group
-					   * data */
-
-			other_ssid->disabled = 1;
-
-			if (was_disabled != other_ssid->disabled)
-				wpas_notify_network_enabled_changed(
-					wpa_s, other_ssid);
-		}
-		if (wpa_s->current_ssid) {
-			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-				wpa_s->own_disconnect_req = 1;
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-		}
-	} else if (ssid->disabled != 2) {
-		if (ssid == wpa_s->current_ssid) {
-			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-				wpa_s->own_disconnect_req = 1;
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-		}
-
-		was_disabled = ssid->disabled;
-
-		ssid->disabled = 1;
-
-		if (was_disabled != ssid->disabled) {
-			wpas_notify_network_enabled_changed(wpa_s, ssid);
-			if (wpa_s->sched_scanning) {
-				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
-					   "to remove network from filters");
-				wpa_supplicant_cancel_sched_scan(wpa_s);
-				wpa_supplicant_req_scan(wpa_s, 0, 0);
-			}
-		}
-	}
-}
-
-
-/**
- * wpa_supplicant_select_network - Attempt association with a network
- * @wpa_s: wpa_supplicant structure for a network interface
- * @ssid: wpa_ssid structure for a configured network or %NULL for any network
- */
-void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid)
-{
-
-	struct wpa_ssid *other_ssid;
-	int disconnected = 0;
-
-	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
-		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
-			wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-		disconnected = 1;
-	}
-
-	if (ssid)
-		wpas_clear_temp_disabled(wpa_s, ssid, 1);
-
-	/*
-	 * Mark all other networks disabled or mark all networks enabled if no
-	 * network specified.
-	 */
-	for (other_ssid = wpa_s->conf->ssid; other_ssid;
-	     other_ssid = other_ssid->next) {
-		int was_disabled = other_ssid->disabled;
-		if (was_disabled == 2)
-			continue; /* do not change persistent P2P group data */
-
-		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
-		if (was_disabled && !other_ssid->disabled)
-			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
-
-		if (was_disabled != other_ssid->disabled)
-			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
-	}
-
-	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
-	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
-		/* We are already associated with the selected network */
-		wpa_printf(MSG_DEBUG, "Already associated with the "
-			   "selected network - do nothing");
-		return;
-	}
-
-	if (ssid) {
-		wpa_s->current_ssid = ssid;
-		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
-		wpa_s->connect_without_scan =
-			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
-
-		/*
-		 * Don't optimize next scan freqs since a new ESS has been
-		 * selected.
-		 */
-		os_free(wpa_s->next_scan_freqs);
-		wpa_s->next_scan_freqs = NULL;
-	} else {
-		wpa_s->connect_without_scan = NULL;
-	}
-
-	wpa_s->disconnected = 0;
-	wpa_s->reassociate = 1;
-	wpa_s_clear_sae_rejected(wpa_s);
-	wpa_s->last_owe_group = 0;
-	if (ssid) {
-		ssid->owe_transition_bss_select_count = 0;
-		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
-	}
-
-	if (wpa_s->connect_without_scan ||
-	    wpa_supplicant_fast_associate(wpa_s) != 1) {
-		wpa_s->scan_req = NORMAL_SCAN_REQ;
-		wpas_scan_reset_sched_scan(wpa_s);
-		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
-	}
-
-	if (ssid)
-		wpas_notify_network_selected(wpa_s, ssid);
-}
-
-
-/**
- * wpas_remove_cred - Remove the specified credential and all the network
- * entries created based on the removed credential
- * @wpa_s: wpa_supplicant structure for a network interface
- * @cred: The credential to remove
- * Returns: 0 on success, -1 on failure
- */
-int wpas_remove_cred(struct wpa_supplicant *wpa_s, struct wpa_cred *cred)
-{
-	struct wpa_ssid *ssid, *next;
-	int id;
-
-	if (!cred) {
-		wpa_printf(MSG_DEBUG, "Could not find cred");
-		return -1;
-	}
-
-	id = cred->id;
-	if (wpa_config_remove_cred(wpa_s->conf, id) < 0) {
-		wpa_printf(MSG_DEBUG, "Could not find cred %d", id);
-		return -1;
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, CRED_REMOVED "%d", id);
-
-	/* Remove any network entry created based on the removed credential */
-	ssid = wpa_s->conf->ssid;
-	while (ssid) {
-		next = ssid->next;
-
-		if (ssid->parent_cred == cred) {
-			wpa_printf(MSG_DEBUG,
-				   "Remove network id %d since it used the removed credential",
-				   ssid->id);
-			if (wpa_supplicant_remove_network(wpa_s, ssid->id) ==
-			    -1) {
-				wpa_printf(MSG_DEBUG,
-					   "Could not find network id=%d",
-					   ssid->id);
-			}
-		}
-
-		ssid = next;
-	}
-
-	return 0;
-}
-
-
-/**
- * wpas_remove_cred - Remove all the Interworking credentials
- * @wpa_s: wpa_supplicant structure for a network interface
- * Returns: 0 on success, -1 on failure
- */
-int wpas_remove_all_creds(struct wpa_supplicant *wpa_s)
-{
-	int res, ret = 0;
-	struct wpa_cred *cred, *prev;
-
-	cred = wpa_s->conf->cred;
-	while (cred) {
-		prev = cred;
-		cred = cred->next;
-		res = wpas_remove_cred(wpa_s, prev);
-		if (res < 0) {
-			wpa_printf(MSG_DEBUG,
-				   "Removal of all credentials failed - failed to remove credential id=%d",
-				   prev->id);
-			ret = -1;
-		}
-	}
-
-	return ret;
-}
-
-
-/**
- * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
- * @wpa_s: wpa_supplicant structure for a network interface
- * @pkcs11_engine_path: PKCS #11 engine path or NULL
- * @pkcs11_module_path: PKCS #11 module path or NULL
- * Returns: 0 on success; -1 on failure
- *
- * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
- * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
- * module path fails the paths will be reset to the default value (NULL).
- */
-int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
-					   const char *pkcs11_engine_path,
-					   const char *pkcs11_module_path)
-{
-	char *pkcs11_engine_path_copy = NULL;
-	char *pkcs11_module_path_copy = NULL;
-
-	if (pkcs11_engine_path != NULL) {
-		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
-		if (pkcs11_engine_path_copy == NULL)
-			return -1;
-	}
-	if (pkcs11_module_path != NULL) {
-		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
-		if (pkcs11_module_path_copy == NULL) {
-			os_free(pkcs11_engine_path_copy);
-			return -1;
-		}
-	}
-
-	os_free(wpa_s->conf->pkcs11_engine_path);
-	os_free(wpa_s->conf->pkcs11_module_path);
-	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
-	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
-
-	wpa_sm_set_eapol(wpa_s->wpa, NULL);
-	eapol_sm_deinit(wpa_s->eapol);
-	wpa_s->eapol = NULL;
-	if (wpa_supplicant_init_eapol(wpa_s)) {
-		/* Error -> Reset paths to the default value (NULL) once. */
-		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
-			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
-							       NULL);
-
-		return -1;
-	}
-	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
- * @wpa_s: wpa_supplicant structure for a network interface
- * @ap_scan: AP scan mode
- * Returns: 0 if succeed or -1 if ap_scan has an invalid value
- *
- */
-int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
-{
-
-	int old_ap_scan;
-
-	if (ap_scan < 0 || ap_scan > 2)
-		return -1;
-
-	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
-		wpa_printf(MSG_INFO,
-			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
-	}
-
-#ifdef ANDROID
-	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
-	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
-	    wpa_s->wpa_state < WPA_COMPLETED) {
-		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
-			   "associating", wpa_s->conf->ap_scan, ap_scan);
-		return 0;
-	}
-#endif /* ANDROID */
-
-	old_ap_scan = wpa_s->conf->ap_scan;
-	wpa_s->conf->ap_scan = ap_scan;
-
-	if (old_ap_scan != wpa_s->conf->ap_scan)
-		wpas_notify_ap_scan_changed(wpa_s);
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
- * @wpa_s: wpa_supplicant structure for a network interface
- * @expire_age: Expiration age in seconds
- * Returns: 0 if succeed or -1 if expire_age has an invalid value
- *
- */
-int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
-					  unsigned int bss_expire_age)
-{
-	if (bss_expire_age < 10) {
-		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
-			bss_expire_age);
-		return -1;
-	}
-	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
-		bss_expire_age);
-	wpa_s->conf->bss_expiration_age = bss_expire_age;
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
- * @wpa_s: wpa_supplicant structure for a network interface
- * @expire_count: number of scans after which an unseen BSS is reclaimed
- * Returns: 0 if succeed or -1 if expire_count has an invalid value
- *
- */
-int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
-					    unsigned int bss_expire_count)
-{
-	if (bss_expire_count < 1) {
-		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
-			bss_expire_count);
-		return -1;
-	}
-	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
-		bss_expire_count);
-	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_set_scan_interval - Set scan interval
- * @wpa_s: wpa_supplicant structure for a network interface
- * @scan_interval: scan interval in seconds
- * Returns: 0 if succeed or -1 if scan_interval has an invalid value
- *
- */
-int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
-				     int scan_interval)
-{
-	if (scan_interval < 0) {
-		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
-			scan_interval);
-		return -1;
-	}
-	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
-		scan_interval);
-	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_set_debug_params - Set global debug params
- * @global: wpa_global structure
- * @debug_level: debug level
- * @debug_timestamp: determines if show timestamp in debug data
- * @debug_show_keys: determines if show keys in debug data
- * Returns: 0 if succeed or -1 if debug_level has wrong value
- */
-int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
-				    int debug_timestamp, int debug_show_keys)
-{
-
-	int old_level, old_timestamp, old_show_keys;
-
-	/* check for allowed debuglevels */
-	if (debug_level != MSG_EXCESSIVE &&
-	    debug_level != MSG_MSGDUMP &&
-	    debug_level != MSG_DEBUG &&
-	    debug_level != MSG_INFO &&
-	    debug_level != MSG_WARNING &&
-	    debug_level != MSG_ERROR)
-		return -1;
-
-	old_level = wpa_debug_level;
-	old_timestamp = wpa_debug_timestamp;
-	old_show_keys = wpa_debug_show_keys;
-
-	wpa_debug_level = debug_level;
-	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
-	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
-
-	if (wpa_debug_level != old_level)
-		wpas_notify_debug_level_changed(global);
-	if (wpa_debug_timestamp != old_timestamp)
-		wpas_notify_debug_timestamp_changed(global);
-	if (wpa_debug_show_keys != old_show_keys)
-		wpas_notify_debug_show_keys_changed(global);
-
-	return 0;
-}
-
-
-#ifdef CONFIG_OWE
-static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
-				const u8 *entry_ssid, size_t entry_ssid_len)
-{
-	const u8 *owe, *pos, *end;
-	u8 ssid_len;
-	struct wpa_bss *bss;
-
-	/* Check network profile SSID aganst the SSID in the
-	 * OWE Transition Mode element. */
-
-	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-	if (!bss)
-		return 0;
-
-	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
-	if (!owe)
-		return 0;
-
-	pos = owe + 6;
-	end = owe + 2 + owe[1];
-
-	if (end - pos < ETH_ALEN + 1)
-		return 0;
-	pos += ETH_ALEN;
-	ssid_len = *pos++;
-	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
-		return 0;
-
-	return entry_ssid_len == ssid_len &&
-		os_memcmp(pos, entry_ssid, ssid_len) == 0;
-}
-#endif /* CONFIG_OWE */
-
-
-/**
- * wpa_supplicant_get_ssid - Get a pointer to the current network structure
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: A pointer to the current network structure or %NULL on failure
- */
-struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *entry;
-	u8 ssid[SSID_MAX_LEN];
-	int res;
-	size_t ssid_len;
-	u8 bssid[ETH_ALEN];
-	int wired;
-
-	res = wpa_drv_get_ssid(wpa_s, ssid);
-	if (res < 0) {
-		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
-			"driver");
-		return NULL;
-	}
-	ssid_len = res;
-
-	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
-		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
-			"driver");
-		return NULL;
-	}
-
-	wired = wpa_s->conf->ap_scan == 0 &&
-		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
-
-	entry = wpa_s->conf->ssid;
-	while (entry) {
-		if (!wpas_network_disabled(wpa_s, entry) &&
-		    ((ssid_len == entry->ssid_len &&
-		      (!entry->ssid ||
-		       os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
-		     wired) &&
-		    (!entry->bssid_set ||
-		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
-			return entry;
-#ifdef CONFIG_WPS
-		if (!wpas_network_disabled(wpa_s, entry) &&
-		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
-		    (entry->ssid == NULL || entry->ssid_len == 0) &&
-		    (!entry->bssid_set ||
-		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
-			return entry;
-#endif /* CONFIG_WPS */
-
-#ifdef CONFIG_OWE
-		if (!wpas_network_disabled(wpa_s, entry) &&
-		    owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
-		    entry->ssid_len) &&
-		    (!entry->bssid_set ||
-		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
-			return entry;
-#endif /* CONFIG_OWE */
-
-		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
-		    entry->ssid_len == 0 &&
-		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
-			return entry;
-
-		entry = entry->next;
-	}
-
-	return NULL;
-}
-
-
-static int select_driver(struct wpa_supplicant *wpa_s, int i)
-{
-	struct wpa_global *global = wpa_s->global;
-
-	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
-		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
-		if (global->drv_priv[i] == NULL) {
-			wpa_printf(MSG_ERROR, "Failed to initialize driver "
-				   "'%s'", wpa_drivers[i]->name);
-			return -1;
-		}
-	}
-
-	wpa_s->driver = wpa_drivers[i];
-	wpa_s->global_drv_priv = global->drv_priv[i];
-
-	return 0;
-}
-
-
-static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
-				     const char *name)
-{
-	int i;
-	size_t len;
-	const char *pos, *driver = name;
-
-	if (wpa_s == NULL)
-		return -1;
-
-	if (wpa_drivers[0] == NULL) {
-		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
-			"wpa_supplicant");
-		return -1;
-	}
-
-	if (name == NULL) {
-		/* Default to first successful driver in the list */
-		for (i = 0; wpa_drivers[i]; i++) {
-			if (select_driver(wpa_s, i) == 0)
-				return 0;
-		}
-		/* Drivers have each reported failure, so no wpa_msg() here. */
-		return -1;
-	}
-
-	do {
-		pos = os_strchr(driver, ',');
-		if (pos)
-			len = pos - driver;
-		else
-			len = os_strlen(driver);
-
-		for (i = 0; wpa_drivers[i]; i++) {
-			if (os_strlen(wpa_drivers[i]->name) == len &&
-			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
-			    0) {
-				/* First driver that succeeds wins */
-				if (select_driver(wpa_s, i) == 0)
-					return 0;
-			}
-		}
-
-		driver = pos + 1;
-	} while (pos);
-
-	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
-	return -1;
-}
-
-
-/**
- * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
- * @ctx: Context pointer (wpa_s); this is the ctx variable registered
- *	with struct wpa_driver_ops::init()
- * @src_addr: Source address of the EAPOL frame
- * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
- * @len: Length of the EAPOL data
- *
- * This function is called for each received EAPOL frame. Most driver
- * interfaces rely on more generic OS mechanism for receiving frames through
- * l2_packet, but if such a mechanism is not available, the driver wrapper may
- * take care of received EAPOL frames and deliver them to the core supplicant
- * code by calling this function.
- */
-void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
-			     const u8 *buf, size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
-	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
-
-	if (wpa_s->own_disconnect_req) {
-		wpa_printf(MSG_DEBUG,
-			   "Drop received EAPOL frame as we are disconnecting");
-		return;
-	}
-
-#ifdef CONFIG_TESTING_OPTIONS
-	wpa_msg_ctrl(wpa_s, MSG_INFO, "EAPOL-RX " MACSTR " %zu",
-		     MAC2STR(src_addr), len);
-	if (wpa_s->ignore_auth_resp) {
-		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
-		return;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
-	    (wpa_s->last_eapol_matches_bssid &&
-#ifdef CONFIG_AP
-	     !wpa_s->ap_iface &&
-#endif /* CONFIG_AP */
-	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
-		/*
-		 * There is possible race condition between receiving the
-		 * association event and the EAPOL frame since they are coming
-		 * through different paths from the driver. In order to avoid
-		 * issues in trying to process the EAPOL frame before receiving
-		 * association information, lets queue it for processing until
-		 * the association event is received. This may also be needed in
-		 * driver-based roaming case, so also use src_addr != BSSID as a
-		 * trigger if we have previously confirmed that the
-		 * Authenticator uses BSSID as the src_addr (which is not the
-		 * case with wired IEEE 802.1X).
-		 */
-		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
-			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
-			wpa_supplicant_state_txt(wpa_s->wpa_state),
-			MAC2STR(wpa_s->bssid));
-		wpabuf_free(wpa_s->pending_eapol_rx);
-		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
-		if (wpa_s->pending_eapol_rx) {
-			os_get_reltime(&wpa_s->pending_eapol_rx_time);
-			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
-				  ETH_ALEN);
-		}
-		return;
-	}
-
-	wpa_s->last_eapol_matches_bssid =
-		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
-		return;
-	}
-#endif /* CONFIG_AP */
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
-			"no key management is configured");
-		return;
-	}
-
-	if (wpa_s->eapol_received == 0 &&
-	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
-	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
-	     wpa_s->wpa_state != WPA_COMPLETED) &&
-	    (wpa_s->current_ssid == NULL ||
-	     wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
-		/* Timeout for completing IEEE 802.1X and WPA authentication */
-		int timeout = 10;
-
-		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
-		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
-		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
-			/* Use longer timeout for IEEE 802.1X/EAP */
-			timeout = 70;
-		}
-
-#ifdef CONFIG_WPS
-		if (wpa_s->current_ssid && wpa_s->current_bss &&
-		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
-		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
-			/*
-			 * Use shorter timeout if going through WPS AP iteration
-			 * for PIN config method with an AP that does not
-			 * advertise Selected Registrar.
-			 */
-			struct wpabuf *wps_ie;
-
-			wps_ie = wpa_bss_get_vendor_ie_multi(
-				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
-			if (wps_ie &&
-			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
-				timeout = 10;
-			wpabuf_free(wps_ie);
-		}
-#endif /* CONFIG_WPS */
-
-		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
-	}
-	wpa_s->eapol_received++;
-
-	if (wpa_s->countermeasures) {
-		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
-			"EAPOL packet");
-		return;
-	}
-
-#ifdef CONFIG_IBSS_RSN
-	if (wpa_s->current_ssid &&
-	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
-		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
-		return;
-	}
-#endif /* CONFIG_IBSS_RSN */
-
-	/* Source address of the incoming EAPOL frame could be compared to the
-	 * current BSSID. However, it is possible that a centralized
-	 * Authenticator could be using another MAC address than the BSSID of
-	 * an AP, so just allow any address to be used for now. The replies are
-	 * still sent to the current BSSID (if available), though. */
-
-	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
-	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
-	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
-	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
-	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
-		return;
-	wpa_drv_poll(wpa_s);
-	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
-		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
-	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
-		/*
-		 * Set portValid = true here since we are going to skip 4-way
-		 * handshake processing which would normally set portValid. We
-		 * need this to allow the EAPOL state machines to be completed
-		 * without going through EAPOL-Key handshake.
-		 */
-		eapol_sm_notify_portValid(wpa_s->eapol, true);
-	}
-}
-
-
-static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
-{
-	return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
-		!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
-}
-
-
-int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
-{
-	if ((!wpa_s->p2p_mgmt ||
-	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
-		l2_packet_deinit(wpa_s->l2);
-		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
-					   wpa_drv_get_mac_addr(wpa_s),
-					   ETH_P_EAPOL,
-					   wpas_eapol_needs_l2_packet(wpa_s) ?
-					   wpa_supplicant_rx_eapol : NULL,
-					   wpa_s, 0);
-		if (wpa_s->l2 == NULL)
-			return -1;
-
-		if (l2_packet_set_packet_filter(wpa_s->l2,
-						L2_PACKET_FILTER_PKTTYPE))
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Failed to attach pkt_type filter");
-
-		if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
-			wpa_msg(wpa_s, MSG_ERROR,
-				"Failed to get own L2 address");
-			return -1;
-		}
-	} else {
-		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
-		if (addr)
-			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
-	}
-
-	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
-	wpas_wps_update_mac_addr(wpa_s);
-
-#ifdef CONFIG_FST
-	if (wpa_s->fst)
-		fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
-#endif /* CONFIG_FST */
-
-	return 0;
-}
-
-
-static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
-					   const u8 *buf, size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const struct l2_ethhdr *eth;
-
-	if (len < sizeof(*eth))
-		return;
-	eth = (const struct l2_ethhdr *) buf;
-
-	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
-	    !(eth->h_dest[0] & 0x01)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
-			" (bridge - not for this interface - ignore)",
-			MAC2STR(src_addr), MAC2STR(eth->h_dest));
-		return;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
-		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
-	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
-				len - sizeof(*eth));
-}
-
-
-int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
-					const char *bridge_ifname)
-{
-	if (wpa_s->wpa_state > WPA_SCANNING)
-		return -EBUSY;
-
-	if (bridge_ifname &&
-	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
-		return -EINVAL;
-
-	if (!bridge_ifname)
-		bridge_ifname = "";
-
-	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
-		return 0;
-
-	if (wpa_s->l2_br) {
-		l2_packet_deinit(wpa_s->l2_br);
-		wpa_s->l2_br = NULL;
-	}
-
-	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
-		   sizeof(wpa_s->bridge_ifname));
-
-	if (wpa_s->bridge_ifname[0]) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Receiving packets from bridge interface '%s'",
-			wpa_s->bridge_ifname);
-		wpa_s->l2_br = l2_packet_init_bridge(
-			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
-			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
-		if (!wpa_s->l2_br) {
-			wpa_msg(wpa_s, MSG_ERROR,
-				"Failed to open l2_packet connection for the bridge interface '%s'",
-				wpa_s->bridge_ifname);
-			goto fail;
-		}
-	}
-
-#ifdef CONFIG_TDLS
-	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
-		goto fail;
-#endif /* CONFIG_TDLS */
-
-	return 0;
-fail:
-	wpa_s->bridge_ifname[0] = 0;
-	if (wpa_s->l2_br) {
-		l2_packet_deinit(wpa_s->l2_br);
-		wpa_s->l2_br = NULL;
-	}
-#ifdef CONFIG_TDLS
-	if (!wpa_s->p2p_mgmt)
-		wpa_tdls_init(wpa_s->wpa);
-#endif /* CONFIG_TDLS */
-	return -EIO;
-}
-
-
-/**
- * wpa_supplicant_driver_init - Initialize driver interface parameters
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: 0 on success, -1 on failure
- *
- * This function is called to initialize driver interface parameters.
- * wpa_drv_init() must have been called before this function to initialize the
- * driver interface.
- */
-int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
-{
-	static int interface_count = 0;
-
-	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
-		return -1;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
-		MAC2STR(wpa_s->own_addr));
-	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
-	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
-
-	if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
-			"interface '%s'", wpa_s->bridge_ifname);
-		wpa_s->l2_br = l2_packet_init_bridge(
-			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
-			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
-		if (wpa_s->l2_br == NULL) {
-			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
-				"connection for the bridge interface '%s'",
-				wpa_s->bridge_ifname);
-			return -1;
-		}
-	}
-
-	if (wpa_s->conf->ap_scan == 2 &&
-	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
-		wpa_printf(MSG_INFO,
-			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
-	}
-
-	wpa_clear_keys(wpa_s, NULL);
-
-	/* Make sure that TKIP countermeasures are not left enabled (could
-	 * happen if wpa_supplicant is killed during countermeasures. */
-	wpa_drv_set_countermeasures(wpa_s, 0);
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
-	wpa_drv_flush_pmkid(wpa_s);
-
-	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
-	wpa_s->prev_scan_wildcard = 0;
-
-	if (wpa_supplicant_enabled_networks(wpa_s)) {
-		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
-			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-			interface_count = 0;
-		}
-#ifndef ANDROID
-		if (!wpa_s->p2p_mgmt &&
-		    wpa_supplicant_delayed_sched_scan(wpa_s,
-						      interface_count % 3,
-						      100000))
-			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
-						100000);
-#endif /* ANDROID */
-		interface_count++;
-	} else
-		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
-
-	return 0;
-}
-
-
-static int wpa_supplicant_daemon(const char *pid_file)
-{
-	wpa_printf(MSG_DEBUG, "Daemonize..");
-	return os_daemonize(pid_file);
-}
-
-
-static struct wpa_supplicant *
-wpa_supplicant_alloc(struct wpa_supplicant *parent)
-{
-	struct wpa_supplicant *wpa_s;
-
-	wpa_s = os_zalloc(sizeof(*wpa_s));
-	if (wpa_s == NULL)
-		return NULL;
-	wpa_s->scan_req = INITIAL_SCAN_REQ;
-	wpa_s->scan_interval = 5;
-	wpa_s->new_connection = 1;
-	wpa_s->parent = parent ? parent : wpa_s;
-	wpa_s->p2pdev = wpa_s->parent;
-	wpa_s->sched_scanning = 0;
-	wpa_s->setband_mask = WPA_SETBAND_AUTO;
-
-	dl_list_init(&wpa_s->bss_tmp_disallowed);
-	dl_list_init(&wpa_s->fils_hlp_req);
-#ifdef CONFIG_TESTING_OPTIONS
-	dl_list_init(&wpa_s->drv_signal_override);
-#endif /* CONFIG_TESTING_OPTIONS */
-	dl_list_init(&wpa_s->active_scs_ids);
-
-	return wpa_s;
-}
-
-
-#ifdef CONFIG_HT_OVERRIDES
-
-static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
-			     struct ieee80211_ht_capabilities *htcaps,
-			     struct ieee80211_ht_capabilities *htcaps_mask,
-			     const char *ht_mcs)
-{
-	/* parse ht_mcs into hex array */
-	int i;
-	const char *tmp = ht_mcs;
-	char *end = NULL;
-
-	/* If ht_mcs is null, do not set anything */
-	if (!ht_mcs)
-		return 0;
-
-	/* This is what we are setting in the kernel */
-	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
-
-	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
-
-	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
-		long v;
-
-		errno = 0;
-		v = strtol(tmp, &end, 16);
-
-		if (errno == 0) {
-			wpa_msg(wpa_s, MSG_DEBUG,
-				"htcap value[%i]: %ld end: %p  tmp: %p",
-				i, v, end, tmp);
-			if (end == tmp)
-				break;
-
-			htcaps->supported_mcs_set[i] = v;
-			tmp = end;
-		} else {
-			wpa_msg(wpa_s, MSG_ERROR,
-				"Failed to parse ht-mcs: %s, error: %s\n",
-				ht_mcs, strerror(errno));
-			return -1;
-		}
-	}
-
-	/*
-	 * If we were able to parse any values, then set mask for the MCS set.
-	 */
-	if (i) {
-		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
-			  IEEE80211_HT_MCS_MASK_LEN - 1);
-		/* skip the 3 reserved bits */
-		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
-			0x1f;
-	}
-
-	return 0;
-}
-
-
-static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
-				 struct ieee80211_ht_capabilities *htcaps,
-				 struct ieee80211_ht_capabilities *htcaps_mask,
-				 int disabled)
-{
-	le16 msk;
-
-	if (disabled == -1)
-		return 0;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
-
-	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
-	htcaps_mask->ht_capabilities_info |= msk;
-	if (disabled)
-		htcaps->ht_capabilities_info &= msk;
-	else
-		htcaps->ht_capabilities_info |= msk;
-
-	return 0;
-}
-
-
-static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
-				struct ieee80211_ht_capabilities *htcaps,
-				struct ieee80211_ht_capabilities *htcaps_mask,
-				int factor)
-{
-	if (factor == -1)
-		return 0;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
-
-	if (factor < 0 || factor > 3) {
-		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
-			"Must be 0-3 or -1", factor);
-		return -EINVAL;
-	}
-
-	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
-	htcaps->a_mpdu_params &= ~0x3;
-	htcaps->a_mpdu_params |= factor & 0x3;
-
-	return 0;
-}
-
-
-static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
-				 struct ieee80211_ht_capabilities *htcaps,
-				 struct ieee80211_ht_capabilities *htcaps_mask,
-				 int density)
-{
-	if (density == -1)
-		return 0;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
-
-	if (density < 0 || density > 7) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"ampdu_density: %d out of range. Must be 0-7 or -1.",
-			density);
-		return -EINVAL;
-	}
-
-	htcaps_mask->a_mpdu_params |= 0x1C;
-	htcaps->a_mpdu_params &= ~(0x1C);
-	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
-
-	return 0;
-}
-
-
-static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
-				struct ieee80211_ht_capabilities *htcaps,
-				struct ieee80211_ht_capabilities *htcaps_mask,
-				int disabled)
-{
-	if (disabled)
-		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
-
-	set_disable_ht40(htcaps, disabled);
-	set_disable_ht40(htcaps_mask, 0);
-
-	return 0;
-}
-
-
-static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
-			       struct ieee80211_ht_capabilities *htcaps,
-			       struct ieee80211_ht_capabilities *htcaps_mask,
-			       int disabled)
-{
-	/* Masking these out disables SGI */
-	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
-				HT_CAP_INFO_SHORT_GI40MHZ);
-
-	if (disabled)
-		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
-
-	if (disabled)
-		htcaps->ht_capabilities_info &= ~msk;
-	else
-		htcaps->ht_capabilities_info |= msk;
-
-	htcaps_mask->ht_capabilities_info |= msk;
-
-	return 0;
-}
-
-
-static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
-			       struct ieee80211_ht_capabilities *htcaps,
-			       struct ieee80211_ht_capabilities *htcaps_mask,
-			       int disabled)
-{
-	/* Masking these out disables LDPC */
-	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
-
-	if (disabled)
-		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
-
-	if (disabled)
-		htcaps->ht_capabilities_info &= ~msk;
-	else
-		htcaps->ht_capabilities_info |= msk;
-
-	htcaps_mask->ht_capabilities_info |= msk;
-
-	return 0;
-}
-
-
-static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
-			   struct ieee80211_ht_capabilities *htcaps,
-			   struct ieee80211_ht_capabilities *htcaps_mask,
-			   int tx_stbc)
-{
-	le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
-
-	if (tx_stbc == -1)
-		return 0;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
-
-	if (tx_stbc < 0 || tx_stbc > 1) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
-		return -EINVAL;
-	}
-
-	htcaps_mask->ht_capabilities_info |= msk;
-	htcaps->ht_capabilities_info &= ~msk;
-	htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
-
-	return 0;
-}
-
-
-static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
-			   struct ieee80211_ht_capabilities *htcaps,
-			   struct ieee80211_ht_capabilities *htcaps_mask,
-			   int rx_stbc)
-{
-	le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
-
-	if (rx_stbc == -1)
-		return 0;
-
-	wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
-
-	if (rx_stbc < 0 || rx_stbc > 3) {
-		wpa_msg(wpa_s, MSG_ERROR,
-			"rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
-		return -EINVAL;
-	}
-
-	htcaps_mask->ht_capabilities_info |= msk;
-	htcaps->ht_capabilities_info &= ~msk;
-	htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
-
-	return 0;
-}
-
-
-void wpa_supplicant_apply_ht_overrides(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params)
-{
-	struct ieee80211_ht_capabilities *htcaps;
-	struct ieee80211_ht_capabilities *htcaps_mask;
-
-	if (!ssid)
-		return;
-
-	params->disable_ht = ssid->disable_ht;
-	if (!params->htcaps || !params->htcaps_mask)
-		return;
-
-	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
-	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
-	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
-	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
-			      ssid->disable_max_amsdu);
-	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
-	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
-	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
-	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
-	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
-	wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
-	wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
-
-	if (ssid->ht40_intolerant) {
-		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
-		htcaps->ht_capabilities_info |= bit;
-		htcaps_mask->ht_capabilities_info |= bit;
-	}
-}
-
-#endif /* CONFIG_HT_OVERRIDES */
-
-
-#ifdef CONFIG_VHT_OVERRIDES
-void wpa_supplicant_apply_vht_overrides(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params)
-{
-	struct ieee80211_vht_capabilities *vhtcaps;
-	struct ieee80211_vht_capabilities *vhtcaps_mask;
-
-	if (!ssid)
-		return;
-
-	params->disable_vht = ssid->disable_vht;
-
-	vhtcaps = (void *) params->vhtcaps;
-	vhtcaps_mask = (void *) params->vhtcaps_mask;
-
-	if (!vhtcaps || !vhtcaps_mask)
-		return;
-
-	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
-	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
-
-#ifdef CONFIG_HT_OVERRIDES
-	if (ssid->disable_sgi) {
-		vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
-							VHT_CAP_SHORT_GI_160);
-		vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
-						    VHT_CAP_SHORT_GI_160);
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"disable-sgi override specified, vht-caps: 0x%x",
-			vhtcaps->vht_capabilities_info);
-	}
-
-	/* if max ampdu is <= 3, we have to make the HT cap the same */
-	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
-		int max_ampdu;
-
-		max_ampdu = (ssid->vht_capa &
-			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
-			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
-
-		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
-		wpa_set_ampdu_factor(wpa_s,
-				     (void *) params->htcaps,
-				     (void *) params->htcaps_mask,
-				     max_ampdu);
-	}
-#endif /* CONFIG_HT_OVERRIDES */
-
-#define OVERRIDE_MCS(i)							\
-	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
-		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
-			host_to_le16(3 << 2 * (i - 1));			\
-		vhtcaps->vht_supported_mcs_set.tx_map |=		\
-			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
-				     2 * (i - 1));			\
-	}								\
-	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
-		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
-			host_to_le16(3 << 2 * (i - 1));			\
-		vhtcaps->vht_supported_mcs_set.rx_map |=		\
-			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
-				     2 * (i - 1));			\
-	}
-
-	OVERRIDE_MCS(1);
-	OVERRIDE_MCS(2);
-	OVERRIDE_MCS(3);
-	OVERRIDE_MCS(4);
-	OVERRIDE_MCS(5);
-	OVERRIDE_MCS(6);
-	OVERRIDE_MCS(7);
-	OVERRIDE_MCS(8);
-}
-#endif /* CONFIG_VHT_OVERRIDES */
-
-
-#ifdef CONFIG_HE_OVERRIDES
-void wpa_supplicant_apply_he_overrides(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params)
-{
-	if (!ssid)
-		return;
-
-	params->disable_he = ssid->disable_he;
-}
-#endif /* CONFIG_HE_OVERRIDES */
-
-
-static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
-{
-#ifdef PCSC_FUNCS
-	size_t len;
-
-	if (!wpa_s->conf->pcsc_reader)
-		return 0;
-
-	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
-	if (!wpa_s->scard)
-		return 1;
-
-	if (wpa_s->conf->pcsc_pin &&
-	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
-		scard_deinit(wpa_s->scard);
-		wpa_s->scard = NULL;
-		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
-		return -1;
-	}
-
-	len = sizeof(wpa_s->imsi) - 1;
-	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
-		scard_deinit(wpa_s->scard);
-		wpa_s->scard = NULL;
-		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
-		return -1;
-	}
-	wpa_s->imsi[len] = '\0';
-
-	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
-
-	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
-		   wpa_s->imsi, wpa_s->mnc_len);
-
-	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
-	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
-#endif /* PCSC_FUNCS */
-
-	return 0;
-}
-
-
-int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
-{
-	char *val, *pos;
-
-	ext_password_deinit(wpa_s->ext_pw);
-	wpa_s->ext_pw = NULL;
-	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
-
-	if (!wpa_s->conf->ext_password_backend)
-		return 0;
-
-	val = os_strdup(wpa_s->conf->ext_password_backend);
-	if (val == NULL)
-		return -1;
-	pos = os_strchr(val, ':');
-	if (pos)
-		*pos++ = '\0';
-
-	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
-
-	wpa_s->ext_pw = ext_password_init(val, pos);
-	os_free(val);
-	if (wpa_s->ext_pw == NULL) {
-		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
-		return -1;
-	}
-	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
-
-	return 0;
-}
-
-
-#ifdef CONFIG_FST
-
-static const u8 * wpas_fst_get_bssid_cb(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	return (is_zero_ether_addr(wpa_s->bssid) ||
-		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
-}
-
-
-static void wpas_fst_get_channel_info_cb(void *ctx,
-					 enum hostapd_hw_mode *hw_mode,
-					 u8 *channel)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (wpa_s->current_bss) {
-		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
-						  channel);
-	} else if (wpa_s->hw.num_modes) {
-		*hw_mode = wpa_s->hw.modes[0].mode;
-	} else {
-		WPA_ASSERT(0);
-		*hw_mode = 0;
-	}
-}
-
-
-static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	*modes = wpa_s->hw.modes;
-	return wpa_s->hw.num_modes;
-}
-
-
-static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
-	wpa_s->fst_ies = fst_ies;
-}
-
-
-static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
-		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
-			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
-		return -1;
-	}
-	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
-				   wpa_s->own_addr, wpa_s->bssid,
-				   wpabuf_head(data), wpabuf_len(data),
-				   0);
-}
-
-
-static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
-	return wpa_s->received_mb_ies;
-}
-
-
-static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
-				     const u8 *buf, size_t size)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct mb_ies_info info;
-
-	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
-
-	if (!mb_ies_info_by_ies(&info, buf, size)) {
-		wpabuf_free(wpa_s->received_mb_ies);
-		wpa_s->received_mb_ies = mb_ies_by_info(&info);
-	}
-}
-
-
-static const u8 * wpas_fst_get_peer_first(void *ctx,
-					  struct fst_get_peer_ctx **get_ctx,
-					  bool mb_only)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	*get_ctx = NULL;
-	if (!is_zero_ether_addr(wpa_s->bssid))
-		return (wpa_s->received_mb_ies || !mb_only) ?
-			wpa_s->bssid : NULL;
-	return NULL;
-}
-
-
-static const u8 * wpas_fst_get_peer_next(void *ctx,
-					 struct fst_get_peer_ctx **get_ctx,
-					 bool mb_only)
-{
-	return NULL;
-}
-
-void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
-				       struct fst_wpa_obj *iface_obj)
-{
-	iface_obj->ctx              = wpa_s;
-	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
-	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
-	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
-	iface_obj->set_ies          = wpas_fst_set_ies_cb;
-	iface_obj->send_action      = wpas_fst_send_action_cb;
-	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
-	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
-	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
-	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
-}
-#endif /* CONFIG_FST */
-
-static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
-				    const struct wpa_driver_capa *capa)
-{
-	struct wowlan_triggers *triggers;
-	int ret = 0;
-
-	if (!wpa_s->conf->wowlan_triggers)
-		return 0;
-
-	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
-	if (triggers) {
-		ret = wpa_drv_wowlan(wpa_s, triggers);
-		os_free(triggers);
-	}
-	return ret;
-}
-
-
-enum wpa_radio_work_band wpas_freq_to_band(int freq)
-{
-	if (freq < 3000)
-		return BAND_2_4_GHZ;
-	if (freq > 50000)
-		return BAND_60_GHZ;
-	return BAND_5_GHZ;
-}
-
-
-unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
-{
-	int i;
-	unsigned int band = 0;
-
-	if (freqs) {
-		/* freqs are specified for the radio work */
-		for (i = 0; freqs[i]; i++)
-			band |= wpas_freq_to_band(freqs[i]);
-	} else {
-		/*
-		 * freqs are not specified, implies all
-		 * the supported freqs by HW
-		 */
-		for (i = 0; i < wpa_s->hw.num_modes; i++) {
-			if (wpa_s->hw.modes[i].num_channels != 0) {
-				if (wpa_s->hw.modes[i].mode ==
-				    HOSTAPD_MODE_IEEE80211B ||
-				    wpa_s->hw.modes[i].mode ==
-				    HOSTAPD_MODE_IEEE80211G)
-					band |= BAND_2_4_GHZ;
-				else if (wpa_s->hw.modes[i].mode ==
-					 HOSTAPD_MODE_IEEE80211A)
-					band |= BAND_5_GHZ;
-				else if (wpa_s->hw.modes[i].mode ==
-					 HOSTAPD_MODE_IEEE80211AD)
-					band |= BAND_60_GHZ;
-				else if (wpa_s->hw.modes[i].mode ==
-					 HOSTAPD_MODE_IEEE80211ANY)
-					band = BAND_2_4_GHZ | BAND_5_GHZ |
-						BAND_60_GHZ;
-			}
-		}
-	}
-
-	return band;
-}
-
-
-static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
-					      const char *rn)
-{
-	struct wpa_supplicant *iface = wpa_s->global->ifaces;
-	struct wpa_radio *radio;
-
-	while (rn && iface) {
-		radio = iface->radio;
-		if (radio && os_strcmp(rn, radio->name) == 0) {
-			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
-				   wpa_s->ifname, rn);
-			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
-			return radio;
-		}
-
-		iface = iface->next;
-	}
-
-	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
-		   wpa_s->ifname, rn ? rn : "N/A");
-	radio = os_zalloc(sizeof(*radio));
-	if (radio == NULL)
-		return NULL;
-
-	if (rn)
-		os_strlcpy(radio->name, rn, sizeof(radio->name));
-	dl_list_init(&radio->ifaces);
-	dl_list_init(&radio->work);
-	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
-
-	return radio;
-}
-
-
-static void radio_work_free(struct wpa_radio_work *work)
-{
-	if (work->wpa_s->scan_work == work) {
-		/* This should not really happen. */
-		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
-			work->type, work, work->started);
-		work->wpa_s->scan_work = NULL;
-	}
-
-#ifdef CONFIG_P2P
-	if (work->wpa_s->p2p_scan_work == work) {
-		/* This should not really happen. */
-		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
-			work->type, work, work->started);
-		work->wpa_s->p2p_scan_work = NULL;
-	}
-#endif /* CONFIG_P2P */
-
-	if (work->started) {
-		work->wpa_s->radio->num_active_works--;
-		wpa_dbg(work->wpa_s, MSG_DEBUG,
-			"radio_work_free('%s'@%p): num_active_works --> %u",
-			work->type, work,
-			work->wpa_s->radio->num_active_works);
-	}
-
-	dl_list_del(&work->list);
-	os_free(work);
-}
-
-
-static int radio_work_is_connect(struct wpa_radio_work *work)
-{
-	return os_strcmp(work->type, "sme-connect") == 0 ||
-		os_strcmp(work->type, "connect") == 0;
-}
-
-
-static int radio_work_is_scan(struct wpa_radio_work *work)
-{
-	return os_strcmp(work->type, "scan") == 0 ||
-		os_strcmp(work->type, "p2p-scan") == 0;
-}
-
-
-static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
-{
-	struct wpa_radio_work *active_work = NULL;
-	struct wpa_radio_work *tmp;
-
-	/* Get the active work to know the type and band. */
-	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
-		if (tmp->started) {
-			active_work = tmp;
-			break;
-		}
-	}
-
-	if (!active_work) {
-		/* No active work, start one */
-		radio->num_active_works = 0;
-		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
-				 list) {
-			if (os_strcmp(tmp->type, "scan") == 0 &&
-			    external_scan_running(radio) &&
-			    (((struct wpa_driver_scan_params *)
-			      tmp->ctx)->only_new_results ||
-			     tmp->wpa_s->clear_driver_scan_cache))
-				continue;
-			return tmp;
-		}
-		return NULL;
-	}
-
-	if (radio_work_is_connect(active_work)) {
-		/*
-		 * If the active work is either connect or sme-connect,
-		 * do not parallelize them with other radio works.
-		 */
-		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
-			"Do not parallelize radio work with %s",
-			active_work->type);
-		return NULL;
-	}
-
-	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
-		if (tmp->started)
-			continue;
-
-		/*
-		 * If connect or sme-connect are enqueued, parallelize only
-		 * those operations ahead of them in the queue.
-		 */
-		if (radio_work_is_connect(tmp))
-			break;
-
-		/* Serialize parallel scan and p2p_scan operations on the same
-		 * interface since the driver_nl80211 mechanism for tracking
-		 * scan cookies does not yet have support for this. */
-		if (active_work->wpa_s == tmp->wpa_s &&
-		    radio_work_is_scan(active_work) &&
-		    radio_work_is_scan(tmp)) {
-			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
-				"Do not start work '%s' when another work '%s' is already scheduled",
-				tmp->type, active_work->type);
-			continue;
-		}
-		/*
-		 * Check that the radio works are distinct and
-		 * on different bands.
-		 */
-		if (os_strcmp(active_work->type, tmp->type) != 0 &&
-		    (active_work->bands != tmp->bands)) {
-			/*
-			 * If a scan has to be scheduled through nl80211 scan
-			 * interface and if an external scan is already running,
-			 * do not schedule the scan since it is likely to get
-			 * rejected by kernel.
-			 */
-			if (os_strcmp(tmp->type, "scan") == 0 &&
-			    external_scan_running(radio) &&
-			    (((struct wpa_driver_scan_params *)
-			      tmp->ctx)->only_new_results ||
-			     tmp->wpa_s->clear_driver_scan_cache))
-				continue;
-
-			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
-				"active_work:%s new_work:%s",
-				active_work->type, tmp->type);
-			return tmp;
-		}
-	}
-
-	/* Did not find a radio work to schedule in parallel. */
-	return NULL;
-}
-
-
-static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_radio *radio = eloop_ctx;
-	struct wpa_radio_work *work;
-	struct os_reltime now, diff;
-	struct wpa_supplicant *wpa_s;
-
-	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
-	if (work == NULL) {
-		radio->num_active_works = 0;
-		return;
-	}
-
-	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
-			      radio_list);
-
-	if (!(wpa_s &&
-	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
-		if (work->started)
-			return; /* already started and still in progress */
-
-		if (wpa_s && external_scan_running(wpa_s->radio)) {
-			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
-			return;
-		}
-	} else {
-		work = NULL;
-		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
-			/* get the work to schedule next */
-			work = radio_work_get_next_work(radio);
-		}
-		if (!work)
-			return;
-	}
-
-	wpa_s = work->wpa_s;
-	os_get_reltime(&now);
-	os_reltime_sub(&now, &work->time, &diff);
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"Starting radio work '%s'@%p after %ld.%06ld second wait",
-		work->type, work, diff.sec, diff.usec);
-	work->started = 1;
-	work->time = now;
-	radio->num_active_works++;
-
-	work->cb(work, 0);
-
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
-	    radio->num_active_works < MAX_ACTIVE_WORKS)
-		radio_work_check_next(wpa_s);
-}
-
-
-/*
- * This function removes both started and pending radio works running on
- * the provided interface's radio.
- * Prior to the removal of the radio work, its callback (cb) is called with
- * deinit set to be 1. Each work's callback is responsible for clearing its
- * internal data and restoring to a correct state.
- * @wpa_s: wpa_supplicant data
- * @type: type of works to be removed
- * @remove_all: 1 to remove all the works on this radio, 0 to remove only
- * this interface's works.
- */
-void radio_remove_works(struct wpa_supplicant *wpa_s,
-			const char *type, int remove_all)
-{
-	struct wpa_radio_work *work, *tmp;
-	struct wpa_radio *radio = wpa_s->radio;
-
-	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
-			      list) {
-		if (type && os_strcmp(type, work->type) != 0)
-			continue;
-
-		/* skip other ifaces' works */
-		if (!remove_all && work->wpa_s != wpa_s)
-			continue;
-
-		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
-			work->type, work, work->started ? " (started)" : "");
-		work->cb(work, 1);
-		radio_work_free(work);
-	}
-
-	/* in case we removed the started work */
-	radio_work_check_next(wpa_s);
-}
-
-
-void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
-{
-	struct wpa_radio_work *work;
-	struct wpa_radio *radio = wpa_s->radio;
-
-	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
-		if (work->ctx != ctx)
-			continue;
-		wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
-			work->type, work, work->started ? " (started)" : "");
-		radio_work_free(work);
-		break;
-	}
-}
-
-
-static void radio_remove_interface(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_radio *radio = wpa_s->radio;
-
-	if (!radio)
-		return;
-
-	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
-		   wpa_s->ifname, radio->name);
-	dl_list_del(&wpa_s->radio_list);
-	radio_remove_works(wpa_s, NULL, 0);
-	/* If the interface that triggered the external scan was removed, the
-	 * external scan is no longer running. */
-	if (wpa_s == radio->external_scan_req_interface)
-		radio->external_scan_req_interface = NULL;
-	wpa_s->radio = NULL;
-	if (!dl_list_empty(&radio->ifaces))
-		return; /* Interfaces remain for this radio */
-
-	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
-	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
-	os_free(radio);
-}
-
-
-void radio_work_check_next(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_radio *radio = wpa_s->radio;
-
-	if (dl_list_empty(&radio->work))
-		return;
-	if (wpa_s->ext_work_in_progress) {
-		wpa_printf(MSG_DEBUG,
-			   "External radio work in progress - delay start of pending item");
-		return;
-	}
-	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
-	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
-}
-
-
-/**
- * radio_add_work - Add a radio work item
- * @wpa_s: Pointer to wpa_supplicant data
- * @freq: Frequency of the offchannel operation in MHz or 0
- * @type: Unique identifier for each type of work
- * @next: Force as the next work to be executed
- * @cb: Callback function for indicating when radio is available
- * @ctx: Context pointer for the work (work->ctx in cb())
- * Returns: 0 on success, -1 on failure
- *
- * This function is used to request time for an operation that requires
- * exclusive radio control. Once the radio is available, the registered callback
- * function will be called. radio_work_done() must be called once the exclusive
- * radio operation has been completed, so that the radio is freed for other
- * operations. The special case of deinit=1 is used to free the context data
- * during interface removal. That does not allow the callback function to start
- * the radio operation, i.e., it must free any resources allocated for the radio
- * work and return.
- *
- * The @freq parameter can be used to indicate a single channel on which the
- * offchannel operation will occur. This may allow multiple radio work
- * operations to be performed in parallel if they apply for the same channel.
- * Setting this to 0 indicates that the work item may use multiple channels or
- * requires exclusive control of the radio.
- */
-int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
-		   const char *type, int next,
-		   void (*cb)(struct wpa_radio_work *work, int deinit),
-		   void *ctx)
-{
-	struct wpa_radio *radio = wpa_s->radio;
-	struct wpa_radio_work *work;
-	int was_empty;
-
-	work = os_zalloc(sizeof(*work));
-	if (work == NULL)
-		return -1;
-	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
-	os_get_reltime(&work->time);
-	work->freq = freq;
-	work->type = type;
-	work->wpa_s = wpa_s;
-	work->cb = cb;
-	work->ctx = ctx;
-
-	if (freq)
-		work->bands = wpas_freq_to_band(freq);
-	else if (os_strcmp(type, "scan") == 0 ||
-		 os_strcmp(type, "p2p-scan") == 0)
-		work->bands = wpas_get_bands(wpa_s,
-					     ((struct wpa_driver_scan_params *)
-					      ctx)->freqs);
-	else
-		work->bands = wpas_get_bands(wpa_s, NULL);
-
-	was_empty = dl_list_empty(&wpa_s->radio->work);
-	if (next)
-		dl_list_add(&wpa_s->radio->work, &work->list);
-	else
-		dl_list_add_tail(&wpa_s->radio->work, &work->list);
-	if (was_empty) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
-		radio_work_check_next(wpa_s);
-	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
-		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Try to schedule a radio work (num_active_works=%u)",
-			radio->num_active_works);
-		radio_work_check_next(wpa_s);
-	}
-
-	return 0;
-}
-
-
-/**
- * radio_work_done - Indicate that a radio work item has been completed
- * @work: Completed work
- *
- * This function is called once the callback function registered with
- * radio_add_work() has completed its work.
- */
-void radio_work_done(struct wpa_radio_work *work)
-{
-	struct wpa_supplicant *wpa_s = work->wpa_s;
-	struct os_reltime now, diff;
-	unsigned int started = work->started;
-
-	os_get_reltime(&now);
-	os_reltime_sub(&now, &work->time, &diff);
-	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
-		work->type, work, started ? "done" : "canceled",
-		diff.sec, diff.usec);
-	radio_work_free(work);
-	if (started)
-		radio_work_check_next(wpa_s);
-}
-
-
-struct wpa_radio_work *
-radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
-{
-	struct wpa_radio_work *work;
-	struct wpa_radio *radio = wpa_s->radio;
-
-	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
-		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
-			return work;
-	}
-
-	return NULL;
-}
-
-
-static int wpas_init_driver(struct wpa_supplicant *wpa_s,
-			    const struct wpa_interface *iface)
-{
-	const char *ifname, *driver, *rn;
-
-	driver = iface->driver;
-next_driver:
-	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
-		return -1;
-
-	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
-	if (wpa_s->drv_priv == NULL) {
-		const char *pos;
-		int level = MSG_ERROR;
-
-		pos = driver ? os_strchr(driver, ',') : NULL;
-		if (pos) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
-				"driver interface - try next driver wrapper");
-			driver = pos + 1;
-			goto next_driver;
-		}
-
-#ifdef CONFIG_MATCH_IFACE
-		if (wpa_s->matched == WPA_IFACE_MATCHED_NULL)
-			level = MSG_DEBUG;
-#endif /* CONFIG_MATCH_IFACE */
-		wpa_msg(wpa_s, level, "Failed to initialize driver interface");
-		return -1;
-	}
-	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
-		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
-			"driver_param '%s'", wpa_s->conf->driver_param);
-		return -1;
-	}
-
-	ifname = wpa_drv_get_ifname(wpa_s);
-	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
-			"interface name with '%s'", ifname);
-		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
-	}
-
-	rn = wpa_driver_get_radio_name(wpa_s);
-	if (rn && rn[0] == '\0')
-		rn = NULL;
-
-	wpa_s->radio = radio_add_interface(wpa_s, rn);
-	if (wpa_s->radio == NULL)
-		return -1;
-
-	return 0;
-}
-
-
-#ifdef CONFIG_GAS_SERVER
-
-static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
-				      unsigned int freq, const u8 *dst,
-				      const u8 *src, const u8 *bssid,
-				      const u8 *data, size_t data_len,
-				      enum offchannel_send_action_result result)
-{
-	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
-		   " result=%s",
-		   freq, MAC2STR(dst),
-		   result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
-		   (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
-		    "FAILED"));
-	gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
-			     result == OFFCHANNEL_SEND_ACTION_SUCCESS);
-}
-
-
-static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
-			       struct wpabuf *buf, unsigned int wait_time)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
-	if (wait_time > wpa_s->max_remain_on_chan)
-		wait_time = wpa_s->max_remain_on_chan;
-
-	offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
-			       wpabuf_head(buf), wpabuf_len(buf),
-			       wait_time, wpas_gas_server_tx_status, 0);
-}
-
-#endif /* CONFIG_GAS_SERVER */
-
-static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
-				     const struct wpa_interface *iface)
-{
-	struct wpa_driver_capa capa;
-	int capa_res;
-	u8 dfs_domain;
-
-	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
-		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
-		   iface->confname ? iface->confname : "N/A",
-		   iface->driver ? iface->driver : "default",
-		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
-		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
-
-	if (iface->confname) {
-#ifdef CONFIG_BACKEND_FILE
-		wpa_s->confname = os_rel2abs_path(iface->confname);
-		if (wpa_s->confname == NULL) {
-			wpa_printf(MSG_ERROR, "Failed to get absolute path "
-				   "for configuration file '%s'.",
-				   iface->confname);
-			return -1;
-		}
-		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
-			   iface->confname, wpa_s->confname);
-#else /* CONFIG_BACKEND_FILE */
-		wpa_s->confname = os_strdup(iface->confname);
-#endif /* CONFIG_BACKEND_FILE */
-		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
-		if (wpa_s->conf == NULL) {
-			wpa_printf(MSG_ERROR, "Failed to read or parse "
-				   "configuration '%s'.", wpa_s->confname);
-			return -1;
-		}
-		wpa_s->confanother = os_rel2abs_path(iface->confanother);
-		if (wpa_s->confanother &&
-		    !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
-			wpa_printf(MSG_ERROR,
-				   "Failed to read or parse configuration '%s'.",
-				   wpa_s->confanother);
-			return -1;
-		}
-
-		/*
-		 * Override ctrl_interface and driver_param if set on command
-		 * line.
-		 */
-		if (iface->ctrl_interface) {
-			os_free(wpa_s->conf->ctrl_interface);
-			wpa_s->conf->ctrl_interface =
-				os_strdup(iface->ctrl_interface);
-		}
-
-		if (iface->driver_param) {
-			os_free(wpa_s->conf->driver_param);
-			wpa_s->conf->driver_param =
-				os_strdup(iface->driver_param);
-		}
-
-		if (iface->p2p_mgmt && !iface->ctrl_interface) {
-			os_free(wpa_s->conf->ctrl_interface);
-			wpa_s->conf->ctrl_interface = NULL;
-		}
-	} else
-		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
-						     iface->driver_param);
-
-	if (wpa_s->conf == NULL) {
-		wpa_printf(MSG_ERROR, "\nNo configuration found.");
-		return -1;
-	}
-
-	if (iface->ifname == NULL) {
-		wpa_printf(MSG_ERROR, "\nInterface name is required.");
-		return -1;
-	}
-	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
-		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
-			   iface->ifname);
-		return -1;
-	}
-	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
-#ifdef CONFIG_MATCH_IFACE
-	wpa_s->matched = iface->matched;
-#endif /* CONFIG_MATCH_IFACE */
-
-	if (iface->bridge_ifname) {
-		if (os_strlen(iface->bridge_ifname) >=
-		    sizeof(wpa_s->bridge_ifname)) {
-			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
-				   "name '%s'.", iface->bridge_ifname);
-			return -1;
-		}
-		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
-			   sizeof(wpa_s->bridge_ifname));
-	}
-
-	/* RSNA Supplicant Key Management - INITIALIZE */
-	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
-	eapol_sm_notify_portValid(wpa_s->eapol, false);
-
-	/* Initialize driver interface and register driver event handler before
-	 * L2 receive handler so that association events are processed before
-	 * EAPOL-Key packets if both become available for the same select()
-	 * call. */
-	if (wpas_init_driver(wpa_s, iface) < 0)
-		return -1;
-
-	if (wpa_supplicant_init_wpa(wpa_s) < 0)
-		return -1;
-
-	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
-			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
-			  NULL);
-	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
-
-	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
-	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
-			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
-		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
-			"dot11RSNAConfigPMKLifetime");
-		return -1;
-	}
-
-	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
-	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
-			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
-		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
-			"dot11RSNAConfigPMKReauthThreshold");
-		return -1;
-	}
-
-	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
-	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
-			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
-		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
-			"dot11RSNAConfigSATimeout");
-		return -1;
-	}
-
-	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
-						      &wpa_s->hw.num_modes,
-						      &wpa_s->hw.flags,
-						      &dfs_domain);
-	if (wpa_s->hw.modes) {
-		u16 i;
-
-		for (i = 0; i < wpa_s->hw.num_modes; i++) {
-			if (wpa_s->hw.modes[i].vht_capab) {
-				wpa_s->hw_capab = CAPAB_VHT;
-				break;
-			}
-
-			if (wpa_s->hw.modes[i].ht_capab &
-			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
-				wpa_s->hw_capab = CAPAB_HT40;
-			else if (wpa_s->hw.modes[i].ht_capab &&
-				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
-				wpa_s->hw_capab = CAPAB_HT;
-		}
-	}
-
-	capa_res = wpa_drv_get_capa(wpa_s, &capa);
-	if (capa_res == 0) {
-		wpa_s->drv_capa_known = 1;
-		wpa_s->drv_flags = capa.flags;
-		wpa_s->drv_flags2 = capa.flags2;
-		wpa_s->drv_enc = capa.enc;
-		wpa_s->drv_rrm_flags = capa.rrm_flags;
-		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
-		wpa_s->max_scan_ssids = capa.max_scan_ssids;
-		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
-		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
-		wpa_s->max_sched_scan_plan_interval =
-			capa.max_sched_scan_plan_interval;
-		wpa_s->max_sched_scan_plan_iterations =
-			capa.max_sched_scan_plan_iterations;
-		wpa_s->sched_scan_supported = capa.sched_scan_supported;
-		wpa_s->max_match_sets = capa.max_match_sets;
-		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
-		wpa_s->max_stations = capa.max_stations;
-		wpa_s->extended_capa = capa.extended_capa;
-		wpa_s->extended_capa_mask = capa.extended_capa_mask;
-		wpa_s->extended_capa_len = capa.extended_capa_len;
-		wpa_s->num_multichan_concurrent =
-			capa.num_multichan_concurrent;
-		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
-
-		if (capa.mac_addr_rand_scan_supported)
-			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
-		if (wpa_s->sched_scan_supported &&
-		    capa.mac_addr_rand_sched_scan_supported)
-			wpa_s->mac_addr_rand_supported |=
-				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
-
-		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
-		if (wpa_s->extended_capa &&
-		    wpa_s->extended_capa_len >= 3 &&
-		    wpa_s->extended_capa[2] & 0x40)
-			wpa_s->multi_bss_support = 1;
-	}
-	if (wpa_s->max_remain_on_chan == 0)
-		wpa_s->max_remain_on_chan = 1000;
-
-	/*
-	 * Only take p2p_mgmt parameters when P2P Device is supported.
-	 * Doing it here as it determines whether l2_packet_init() will be done
-	 * during wpa_supplicant_driver_init().
-	 */
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
-		wpa_s->p2p_mgmt = iface->p2p_mgmt;
-
-	if (wpa_s->num_multichan_concurrent == 0)
-		wpa_s->num_multichan_concurrent = 1;
-
-	if (wpa_supplicant_driver_init(wpa_s) < 0)
-		return -1;
-
-#ifdef CONFIG_TDLS
-	if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
-		return -1;
-#endif /* CONFIG_TDLS */
-
-	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
-	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
-		return -1;
-	}
-
-#ifdef CONFIG_FST
-	if (wpa_s->conf->fst_group_id) {
-		struct fst_iface_cfg cfg;
-		struct fst_wpa_obj iface_obj;
-
-		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
-		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
-			   sizeof(cfg.group_id));
-		cfg.priority = wpa_s->conf->fst_priority;
-		cfg.llt = wpa_s->conf->fst_llt;
-
-		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
-					&iface_obj, &cfg);
-		if (!wpa_s->fst) {
-			wpa_msg(wpa_s, MSG_ERROR,
-				"FST: Cannot attach iface %s to group %s",
-				wpa_s->ifname, cfg.group_id);
-			return -1;
-		}
-	}
-#endif /* CONFIG_FST */
-
-	if (wpas_wps_init(wpa_s))
-		return -1;
-
-#ifdef CONFIG_GAS_SERVER
-	wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
-	if (!wpa_s->gas_server) {
-		wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
-		return -1;
-	}
-#endif /* CONFIG_GAS_SERVER */
-
-#ifdef CONFIG_DPP
-	if (wpas_dpp_init(wpa_s) < 0)
-		return -1;
-#endif /* CONFIG_DPP */
-
-	if (wpa_supplicant_init_eapol(wpa_s) < 0)
-		return -1;
-	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
-
-	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
-	if (wpa_s->ctrl_iface == NULL) {
-		wpa_printf(MSG_ERROR,
-			   "Failed to initialize control interface '%s'.\n"
-			   "You may have another wpa_supplicant process "
-			   "already running or the file was\n"
-			   "left by an unclean termination of wpa_supplicant "
-			   "in which case you will need\n"
-			   "to manually remove this file before starting "
-			   "wpa_supplicant again.\n",
-			   wpa_s->conf->ctrl_interface);
-		return -1;
-	}
-
-	wpa_s->gas = gas_query_init(wpa_s);
-	if (wpa_s->gas == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
-		return -1;
-	}
-
-	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
-	     wpa_s->p2p_mgmt) &&
-	    wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
-		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
-		return -1;
-	}
-
-	if (wpa_bss_init(wpa_s) < 0)
-		return -1;
-
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-#ifdef CONFIG_MESH
-	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
-#endif /* CONFIG_MESH */
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-
-	/*
-	 * Set Wake-on-WLAN triggers, if configured.
-	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
-	 * have effect anyway when the interface is down).
-	 */
-	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
-		return -1;
-
-#ifdef CONFIG_EAP_PROXY
-{
-	size_t len;
-	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
-						     wpa_s->imsi, &len);
-	if (wpa_s->mnc_len > 0) {
-		wpa_s->imsi[len] = '\0';
-		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
-			   wpa_s->imsi, wpa_s->mnc_len);
-	} else {
-		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
-	}
-}
-#endif /* CONFIG_EAP_PROXY */
-
-	if (pcsc_reader_init(wpa_s) < 0)
-		return -1;
-
-	if (wpas_init_ext_pw(wpa_s) < 0)
-		return -1;
-
-	wpas_rrm_reset(wpa_s);
-
-	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
-
-#ifdef CONFIG_HS20
-	hs20_init(wpa_s);
-#endif /* CONFIG_HS20 */
-#ifdef CONFIG_MBO
-	if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
-		if ((wpa_s->conf->oce & OCE_STA) &&
-		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
-			wpa_s->enable_oce = OCE_STA;
-		if ((wpa_s->conf->oce & OCE_STA_CFON) &&
-		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
-			/* TODO: Need to add STA-CFON support */
-			wpa_printf(MSG_ERROR,
-				   "OCE STA-CFON feature is not yet supported");
-		}
-	}
-	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
-#endif /* CONFIG_MBO */
-
-	wpa_supplicant_set_default_scan_ies(wpa_s);
-
-	return 0;
-}
-
-
-static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
-					int notify, int terminate)
-{
-	struct wpa_global *global = wpa_s->global;
-	struct wpa_supplicant *iface, *prev;
-
-	if (wpa_s == wpa_s->parent)
-		wpas_p2p_group_remove(wpa_s, "*");
-
-	iface = global->ifaces;
-	while (iface) {
-		if (iface->p2pdev == wpa_s)
-			iface->p2pdev = iface->parent;
-		if (iface == wpa_s || iface->parent != wpa_s) {
-			iface = iface->next;
-			continue;
-		}
-		wpa_printf(MSG_DEBUG,
-			   "Remove remaining child interface %s from parent %s",
-			   iface->ifname, wpa_s->ifname);
-		prev = iface;
-		iface = iface->next;
-		wpa_supplicant_remove_iface(global, prev, terminate);
-	}
-
-	wpa_s->disconnected = 1;
-	if (wpa_s->drv_priv) {
-		/*
-		 * Don't deauthenticate if WoWLAN is enable and not explicitly
-		 * been configured to disconnect.
-		 */
-		if (!wpa_drv_get_wowlan(wpa_s) ||
-		    wpa_s->conf->wowlan_disconnect_on_deinit) {
-			wpa_supplicant_deauthenticate(
-				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-
-			wpa_drv_set_countermeasures(wpa_s, 0);
-			wpa_clear_keys(wpa_s, NULL);
-		} else {
-			wpa_msg(wpa_s, MSG_INFO,
-				"Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
-		}
-	}
-
-	wpa_supplicant_cleanup(wpa_s);
-	wpas_p2p_deinit_iface(wpa_s);
-
-	wpas_ctrl_radio_work_flush(wpa_s);
-	radio_remove_interface(wpa_s);
-
-#ifdef CONFIG_FST
-	if (wpa_s->fst) {
-		fst_detach(wpa_s->fst);
-		wpa_s->fst = NULL;
-	}
-	if (wpa_s->received_mb_ies) {
-		wpabuf_free(wpa_s->received_mb_ies);
-		wpa_s->received_mb_ies = NULL;
-	}
-#endif /* CONFIG_FST */
-
-	if (wpa_s->drv_priv)
-		wpa_drv_deinit(wpa_s);
-
-	if (notify)
-		wpas_notify_iface_removed(wpa_s);
-
-	if (terminate)
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
-
-	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
-	wpa_s->ctrl_iface = NULL;
-
-#ifdef CONFIG_MESH
-	if (wpa_s->ifmsh) {
-		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh, true);
-		wpa_s->ifmsh = NULL;
-	}
-#endif /* CONFIG_MESH */
-
-	if (wpa_s->conf != NULL) {
-		wpa_config_free(wpa_s->conf);
-		wpa_s->conf = NULL;
-	}
-
-	os_free(wpa_s->ssids_from_scan_req);
-	os_free(wpa_s->last_scan_freqs);
-
-	os_free(wpa_s);
-}
-
-
-#ifdef CONFIG_MATCH_IFACE
-
-/**
- * wpa_supplicant_match_iface - Match an interface description to a name
- * @global: Pointer to global data from wpa_supplicant_init()
- * @ifname: Name of the interface to match
- * Returns: Pointer to the created interface description or %NULL on failure
- */
-struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
-						  const char *ifname)
-{
-	int i;
-	struct wpa_interface *iface, *miface;
-
-	for (i = 0; i < global->params.match_iface_count; i++) {
-		miface = &global->params.match_ifaces[i];
-		if (!miface->ifname ||
-		    fnmatch(miface->ifname, ifname, 0) == 0) {
-			iface = os_zalloc(sizeof(*iface));
-			if (!iface)
-				return NULL;
-			*iface = *miface;
-			if (!miface->ifname)
-				iface->matched = WPA_IFACE_MATCHED_NULL;
-			else
-				iface->matched = WPA_IFACE_MATCHED;
-			iface->ifname = ifname;
-			return iface;
-		}
-	}
-
-	return NULL;
-}
-
-
-/**
- * wpa_supplicant_match_existing - Match existing interfaces
- * @global: Pointer to global data from wpa_supplicant_init()
- * Returns: 0 on success, -1 on failure
- */
-static int wpa_supplicant_match_existing(struct wpa_global *global)
-{
-	struct if_nameindex *ifi, *ifp;
-	struct wpa_supplicant *wpa_s;
-	struct wpa_interface *iface;
-
-	ifp = if_nameindex();
-	if (!ifp) {
-		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
-		return -1;
-	}
-
-	for (ifi = ifp; ifi->if_name; ifi++) {
-		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
-		if (wpa_s)
-			continue;
-		iface = wpa_supplicant_match_iface(global, ifi->if_name);
-		if (iface) {
-			wpa_supplicant_add_iface(global, iface, NULL);
-			os_free(iface);
-		}
-	}
-
-	if_freenameindex(ifp);
-	return 0;
-}
-
-#endif /* CONFIG_MATCH_IFACE */
-
-
-/**
- * wpa_supplicant_add_iface - Add a new network interface
- * @global: Pointer to global data from wpa_supplicant_init()
- * @iface: Interface configuration options
- * @parent: Parent interface or %NULL to assign new interface as parent
- * Returns: Pointer to the created interface or %NULL on failure
- *
- * This function is used to add new network interfaces for %wpa_supplicant.
- * This can be called before wpa_supplicant_run() to add interfaces before the
- * main event loop has been started. In addition, new interfaces can be added
- * dynamically while %wpa_supplicant is already running. This could happen,
- * e.g., when a hotplug network adapter is inserted.
- */
-struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
-						 struct wpa_interface *iface,
-						 struct wpa_supplicant *parent)
-{
-	struct wpa_supplicant *wpa_s;
-	struct wpa_interface t_iface;
-	struct wpa_ssid *ssid;
-
-	if (global == NULL || iface == NULL)
-		return NULL;
-
-	wpa_s = wpa_supplicant_alloc(parent);
-	if (wpa_s == NULL)
-		return NULL;
-
-	wpa_s->global = global;
-
-	t_iface = *iface;
-	if (global->params.override_driver) {
-		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
-			   "('%s' -> '%s')",
-			   iface->driver, global->params.override_driver);
-		t_iface.driver = global->params.override_driver;
-	}
-	if (global->params.override_ctrl_interface) {
-		wpa_printf(MSG_DEBUG, "Override interface parameter: "
-			   "ctrl_interface ('%s' -> '%s')",
-			   iface->ctrl_interface,
-			   global->params.override_ctrl_interface);
-		t_iface.ctrl_interface =
-			global->params.override_ctrl_interface;
-	}
-	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
-		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
-			   iface->ifname);
-		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
-		return NULL;
-	}
-
-	if (iface->p2p_mgmt == 0) {
-		/* Notify the control interfaces about new iface */
-		if (wpas_notify_iface_added(wpa_s)) {
-			wpa_supplicant_deinit_iface(wpa_s, 1, 0);
-			return NULL;
-		}
-
-		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
-			wpas_notify_network_added(wpa_s, ssid);
-	}
-
-	wpa_s->next = global->ifaces;
-	global->ifaces = wpa_s;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
-	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
-
-#ifdef CONFIG_P2P
-	if (wpa_s->global->p2p == NULL &&
-	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
-	    wpas_p2p_add_p2pdev_interface(
-		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
-		wpa_printf(MSG_INFO,
-			   "P2P: Failed to enable P2P Device interface");
-		/* Try to continue without. P2P will be disabled. */
-	}
-#endif /* CONFIG_P2P */
-
-	return wpa_s;
-}
-
-
-/**
- * wpa_supplicant_remove_iface - Remove a network interface
- * @global: Pointer to global data from wpa_supplicant_init()
- * @wpa_s: Pointer to the network interface to be removed
- * Returns: 0 if interface was removed, -1 if interface was not found
- *
- * This function can be used to dynamically remove network interfaces from
- * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
- * addition, this function is used to remove all remaining interfaces when
- * %wpa_supplicant is terminated.
- */
-int wpa_supplicant_remove_iface(struct wpa_global *global,
-				struct wpa_supplicant *wpa_s,
-				int terminate)
-{
-	struct wpa_supplicant *prev;
-#ifdef CONFIG_MESH
-	unsigned int mesh_if_created = wpa_s->mesh_if_created;
-	char *ifname = NULL;
-	struct wpa_supplicant *parent = wpa_s->parent;
-#endif /* CONFIG_MESH */
-
-	/* Remove interface from the global list of interfaces */
-	prev = global->ifaces;
-	if (prev == wpa_s) {
-		global->ifaces = wpa_s->next;
-	} else {
-		while (prev && prev->next != wpa_s)
-			prev = prev->next;
-		if (prev == NULL)
-			return -1;
-		prev->next = wpa_s->next;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
-
-#ifdef CONFIG_MESH
-	if (mesh_if_created) {
-		ifname = os_strdup(wpa_s->ifname);
-		if (ifname == NULL) {
-			wpa_dbg(wpa_s, MSG_ERROR,
-				"mesh: Failed to malloc ifname");
-			return -1;
-		}
-	}
-#endif /* CONFIG_MESH */
-
-	if (global->p2p_group_formation == wpa_s)
-		global->p2p_group_formation = NULL;
-	if (global->p2p_invite_group == wpa_s)
-		global->p2p_invite_group = NULL;
-	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
-
-#ifdef CONFIG_MESH
-	if (mesh_if_created) {
-		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
-		os_free(ifname);
-	}
-#endif /* CONFIG_MESH */
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_get_eap_mode - Get the current EAP mode
- * @wpa_s: Pointer to the network interface
- * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
- */
-const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
-{
-	const char *eapol_method;
-
-        if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
-            wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		return "NO-EAP";
-	}
-
-	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
-	if (eapol_method == NULL)
-		return "UNKNOWN-EAP";
-
-	return eapol_method;
-}
-
-
-/**
- * wpa_supplicant_get_iface - Get a new network interface
- * @global: Pointer to global data from wpa_supplicant_init()
- * @ifname: Interface name
- * Returns: Pointer to the interface or %NULL if not found
- */
-struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
-						 const char *ifname)
-{
-	struct wpa_supplicant *wpa_s;
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		if (os_strcmp(wpa_s->ifname, ifname) == 0)
-			return wpa_s;
-	}
-	return NULL;
-}
-
-
-#ifndef CONFIG_NO_WPA_MSG
-static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s == NULL)
-		return NULL;
-	return wpa_s->ifname;
-}
-#endif /* CONFIG_NO_WPA_MSG */
-
-
-#ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
-#define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
-#endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
-
-/* Periodic cleanup tasks */
-static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_global *global = eloop_ctx;
-	struct wpa_supplicant *wpa_s;
-
-	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
-			       wpas_periodic, global, NULL);
-
-#ifdef CONFIG_P2P
-	if (global->p2p)
-		p2p_expire_peers(global->p2p);
-#endif /* CONFIG_P2P */
-
-	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
-		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
-#ifdef CONFIG_AP
-		ap_periodic(wpa_s);
-#endif /* CONFIG_AP */
-	}
-}
-
-
-/**
- * wpa_supplicant_init - Initialize %wpa_supplicant
- * @params: Parameters for %wpa_supplicant
- * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
- *
- * This function is used to initialize %wpa_supplicant. After successful
- * initialization, the returned data pointer can be used to add and remove
- * network interfaces, and eventually, to deinitialize %wpa_supplicant.
- */
-struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
-{
-	struct wpa_global *global;
-	int ret, i;
-
-	if (params == NULL)
-		return NULL;
-
-#ifdef CONFIG_DRIVER_NDIS
-	{
-		void driver_ndis_init_ops(void);
-		driver_ndis_init_ops();
-	}
-#endif /* CONFIG_DRIVER_NDIS */
-
-#ifndef CONFIG_NO_WPA_MSG
-	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
-#endif /* CONFIG_NO_WPA_MSG */
-
-	if (params->wpa_debug_file_path)
-		wpa_debug_open_file(params->wpa_debug_file_path);
-	if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
-		wpa_debug_setup_stdout();
-	if (params->wpa_debug_syslog)
-		wpa_debug_open_syslog();
-	if (params->wpa_debug_tracing) {
-		ret = wpa_debug_open_linux_tracing();
-		if (ret) {
-			wpa_printf(MSG_ERROR,
-				   "Failed to enable trace logging");
-			return NULL;
-		}
-	}
-
-	ret = eap_register_methods();
-	if (ret) {
-		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
-		if (ret == -2)
-			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
-				   "the same EAP type.");
-		return NULL;
-	}
-
-	global = os_zalloc(sizeof(*global));
-	if (global == NULL)
-		return NULL;
-	dl_list_init(&global->p2p_srv_bonjour);
-	dl_list_init(&global->p2p_srv_upnp);
-	global->params.daemonize = params->daemonize;
-	global->params.wait_for_monitor = params->wait_for_monitor;
-	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
-	if (params->pid_file)
-		global->params.pid_file = os_strdup(params->pid_file);
-	if (params->ctrl_interface)
-		global->params.ctrl_interface =
-			os_strdup(params->ctrl_interface);
-	if (params->ctrl_interface_group)
-		global->params.ctrl_interface_group =
-			os_strdup(params->ctrl_interface_group);
-	if (params->override_driver)
-		global->params.override_driver =
-			os_strdup(params->override_driver);
-	if (params->override_ctrl_interface)
-		global->params.override_ctrl_interface =
-			os_strdup(params->override_ctrl_interface);
-#ifdef CONFIG_MATCH_IFACE
-	global->params.match_iface_count = params->match_iface_count;
-	if (params->match_iface_count) {
-		global->params.match_ifaces =
-			os_calloc(params->match_iface_count,
-				  sizeof(struct wpa_interface));
-		os_memcpy(global->params.match_ifaces,
-			  params->match_ifaces,
-			  params->match_iface_count *
-			  sizeof(struct wpa_interface));
-	}
-#endif /* CONFIG_MATCH_IFACE */
-#ifdef CONFIG_P2P
-	if (params->conf_p2p_dev)
-		global->params.conf_p2p_dev =
-			os_strdup(params->conf_p2p_dev);
-#endif /* CONFIG_P2P */
-	wpa_debug_level = global->params.wpa_debug_level =
-		params->wpa_debug_level;
-	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
-		params->wpa_debug_show_keys;
-	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
-		params->wpa_debug_timestamp;
-
-	wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
-
-	if (eloop_init()) {
-		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
-		wpa_supplicant_deinit(global);
-		return NULL;
-	}
-
-	random_init(params->entropy_file);
-
-	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
-	if (global->ctrl_iface == NULL) {
-		wpa_supplicant_deinit(global);
-		return NULL;
-	}
-
-	if (wpas_notify_supplicant_initialized(global)) {
-		wpa_supplicant_deinit(global);
-		return NULL;
-	}
-
-	for (i = 0; wpa_drivers[i]; i++)
-		global->drv_count++;
-	if (global->drv_count == 0) {
-		wpa_printf(MSG_ERROR, "No drivers enabled");
-		wpa_supplicant_deinit(global);
-		return NULL;
-	}
-	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
-	if (global->drv_priv == NULL) {
-		wpa_supplicant_deinit(global);
-		return NULL;
-	}
-
-#ifdef CONFIG_WIFI_DISPLAY
-	if (wifi_display_init(global) < 0) {
-		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
-		wpa_supplicant_deinit(global);
-		return NULL;
-	}
-#endif /* CONFIG_WIFI_DISPLAY */
-
-	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
-			       wpas_periodic, global, NULL);
-
-	return global;
-}
-
-
-/**
- * wpa_supplicant_run - Run the %wpa_supplicant main event loop
- * @global: Pointer to global data from wpa_supplicant_init()
- * Returns: 0 after successful event loop run, -1 on failure
- *
- * This function starts the main event loop and continues running as long as
- * there are any remaining events. In most cases, this function is running as
- * long as the %wpa_supplicant process in still in use.
- */
-int wpa_supplicant_run(struct wpa_global *global)
-{
-	struct wpa_supplicant *wpa_s;
-
-	if (global->params.daemonize &&
-	    (wpa_supplicant_daemon(global->params.pid_file) ||
-	     eloop_sock_requeue()))
-		return -1;
-
-#ifdef CONFIG_MATCH_IFACE
-	if (wpa_supplicant_match_existing(global))
-		return -1;
-#endif
-
-	if (global->params.wait_for_monitor) {
-		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
-			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
-				wpa_supplicant_ctrl_iface_wait(
-					wpa_s->ctrl_iface);
-	}
-
-	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
-	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
-
-	eloop_run();
-
-	return 0;
-}
-
-
-/**
- * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
- * @global: Pointer to global data from wpa_supplicant_init()
- *
- * This function is called to deinitialize %wpa_supplicant and to free all
- * allocated resources. Remaining network interfaces will also be removed.
- */
-void wpa_supplicant_deinit(struct wpa_global *global)
-{
-	int i;
-
-	if (global == NULL)
-		return;
-
-	eloop_cancel_timeout(wpas_periodic, global, NULL);
-
-#ifdef CONFIG_WIFI_DISPLAY
-	wifi_display_deinit(global);
-#endif /* CONFIG_WIFI_DISPLAY */
-
-	while (global->ifaces)
-		wpa_supplicant_remove_iface(global, global->ifaces, 1);
-
-	if (global->ctrl_iface)
-		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
-
-	wpas_notify_supplicant_deinitialized(global);
-
-	eap_peer_unregister_methods();
-#ifdef CONFIG_AP
-	eap_server_unregister_methods();
-#endif /* CONFIG_AP */
-
-	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
-		if (!global->drv_priv[i])
-			continue;
-		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
-	}
-	os_free(global->drv_priv);
-
-	random_deinit();
-
-	eloop_destroy();
-
-	if (global->params.pid_file) {
-		os_daemonize_terminate(global->params.pid_file);
-		os_free(global->params.pid_file);
-	}
-	os_free(global->params.ctrl_interface);
-	os_free(global->params.ctrl_interface_group);
-	os_free(global->params.override_driver);
-	os_free(global->params.override_ctrl_interface);
-#ifdef CONFIG_MATCH_IFACE
-	os_free(global->params.match_ifaces);
-#endif /* CONFIG_MATCH_IFACE */
-#ifdef CONFIG_P2P
-	os_free(global->params.conf_p2p_dev);
-#endif /* CONFIG_P2P */
-
-	os_free(global->p2p_disallow_freq.range);
-	os_free(global->p2p_go_avoid_freq.range);
-	os_free(global->add_psk);
-
-	os_free(global);
-	wpa_debug_close_syslog();
-	wpa_debug_close_file();
-	wpa_debug_close_linux_tracing();
-}
-
-
-void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
-{
-	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
-	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
-		char country[3];
-		country[0] = wpa_s->conf->country[0];
-		country[1] = wpa_s->conf->country[1];
-		country[2] = '\0';
-		if (wpa_drv_set_country(wpa_s, country) < 0) {
-			wpa_printf(MSG_ERROR, "Failed to set country code "
-				   "'%s'", country);
-		}
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
-		wpas_init_ext_pw(wpa_s);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
-		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
-		struct wpa_driver_capa capa;
-		int res = wpa_drv_get_capa(wpa_s, &capa);
-
-		if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
-			wpa_printf(MSG_ERROR,
-				   "Failed to update wowlan_triggers to '%s'",
-				   wpa_s->conf->wowlan_triggers);
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
-		wpa_supplicant_set_default_scan_ies(wpa_s);
-
-#ifdef CONFIG_BGSCAN
-	/*
-	 * We default to global bgscan parameters only when per-network bgscan
-	 * parameters aren't set. Only bother resetting bgscan parameters if
-	 * this is the case.
-	 */
-	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_BGSCAN) &&
-	    wpa_s->current_ssid && !wpa_s->current_ssid->bgscan &&
-	    wpa_s->wpa_state == WPA_COMPLETED)
-		wpa_supplicant_reset_bgscan(wpa_s);
-#endif /* CONFIG_BGSCAN */
-
-#ifdef CONFIG_WPS
-	wpas_wps_update_config(wpa_s);
-#endif /* CONFIG_WPS */
-	wpas_p2p_update_config(wpa_s);
-	wpa_s->conf->changed_parameters = 0;
-}
-
-
-void add_freq(int *freqs, int *num_freqs, int freq)
-{
-	int i;
-
-	for (i = 0; i < *num_freqs; i++) {
-		if (freqs[i] == freq)
-			return;
-	}
-
-	freqs[*num_freqs] = freq;
-	(*num_freqs)++;
-}
-
-
-static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss, *cbss;
-	const int max_freqs = 10;
-	int *freqs;
-	int num_freqs = 0;
-
-	freqs = os_calloc(max_freqs + 1, sizeof(int));
-	if (freqs == NULL)
-		return NULL;
-
-	cbss = wpa_s->current_bss;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (bss == cbss)
-			continue;
-		if (bss->ssid_len == cbss->ssid_len &&
-		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
-		    !wpa_bssid_ignore_is_listed(wpa_s, bss->bssid)) {
-			add_freq(freqs, &num_freqs, bss->freq);
-			if (num_freqs == max_freqs)
-				break;
-		}
-	}
-
-	if (num_freqs == 0) {
-		os_free(freqs);
-		freqs = NULL;
-	}
-
-	return freqs;
-}
-
-
-void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	int timeout;
-	int count;
-	int *freqs = NULL;
-
-	wpas_connect_work_done(wpa_s);
-
-	/*
-	 * Remove possible authentication timeout since the connection failed.
-	 */
-	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
-
-	/*
-	 * There is no point in ignoring the AP temporarily if this event is
-	 * generated based on local request to disconnect.
-	 */
-	if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
-		wpa_s->own_disconnect_req = 0;
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"Ignore connection failure due to local request to disconnect");
-		return;
-	}
-	if (wpa_s->disconnected) {
-		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
-			"indication since interface has been put into "
-			"disconnected state");
-		return;
-	}
-
-	/*
-	 * Add the failed BSSID into the ignore list and speed up next scan
-	 * attempt if there could be other APs that could accept association.
-	 */
-	count = wpa_bssid_ignore_add(wpa_s, bssid);
-	if (count == 1 && wpa_s->current_bss) {
-		/*
-		 * This BSS was not in the ignore list before. If there is
-		 * another BSS available for the same ESS, we should try that
-		 * next. Otherwise, we may as well try this one once more
-		 * before allowing other, likely worse, ESSes to be considered.
-		 */
-		freqs = get_bss_freqs_in_ess(wpa_s);
-		if (freqs) {
-			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
-				"has been seen; try it next");
-			wpa_bssid_ignore_add(wpa_s, bssid);
-			/*
-			 * On the next scan, go through only the known channels
-			 * used in this ESS based on previous scans to speed up
-			 * common load balancing use case.
-			 */
-			os_free(wpa_s->next_scan_freqs);
-			wpa_s->next_scan_freqs = freqs;
-		}
-	}
-
-	wpa_s->consecutive_conn_failures++;
-
-	if (wpa_s->consecutive_conn_failures > 3 && wpa_s->current_ssid) {
-		wpa_printf(MSG_DEBUG, "Continuous association failures - "
-			   "consider temporary network disabling");
-		wpas_auth_failed(wpa_s, "CONN_FAILED");
-	}
-	/*
-	 * Multiple consecutive connection failures mean that other APs are
-	 * either not available or have already been tried, so we can start
-	 * increasing the delay here to avoid constant scanning.
-	 */
-	switch (wpa_s->consecutive_conn_failures) {
-	case 1:
-		timeout = 100;
-		break;
-	case 2:
-		timeout = 500;
-		break;
-	case 3:
-		timeout = 1000;
-		break;
-	case 4:
-		timeout = 5000;
-		break;
-	default:
-		timeout = 10000;
-		break;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"Consecutive connection failures: %d --> request scan in %d ms",
-		wpa_s->consecutive_conn_failures, timeout);
-
-	/*
-	 * TODO: if more than one possible AP is available in scan results,
-	 * could try the other ones before requesting a new scan.
-	 */
-
-	/* speed up the connection attempt with normal scan */
-	wpa_s->normal_scans = 0;
-	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
-				1000 * (timeout % 1000));
-}
-
-
-#ifdef CONFIG_FILS
-
-void fils_pmksa_cache_flush(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	const u8 *realm, *username, *rrk;
-	size_t realm_len, username_len, rrk_len;
-	u16 next_seq_num;
-
-	/* Clear the PMKSA cache entry if FILS authentication was rejected.
-	 * Check for ERP keys existing to limit when this can be done since
-	 * the rejection response is not protected and such triggers should
-	 * really not allow internal state to be modified unless required to
-	 * avoid significant issues in functionality. In addition, drop
-	 * externally configure PMKSA entries even without ERP keys since it
-	 * is possible for an external component to add PMKSA entries for FILS
-	 * authentication without restoring previously generated ERP keys.
-	 *
-	 * In this case, this is needed to allow recovery from cases where the
-	 * AP or authentication server has dropped PMKSAs and ERP keys. */
-	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt))
-		return;
-
-	if (eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
-				  &username, &username_len,
-				  &realm, &realm_len, &next_seq_num,
-				  &rrk, &rrk_len) != 0 ||
-	    !realm) {
-		wpa_dbg(wpa_s, MSG_DEBUG,
-			"FILS: Drop external PMKSA cache entry");
-		wpa_sm_aborted_external_cached(wpa_s->wpa);
-		wpa_sm_external_pmksa_cache_flush(wpa_s->wpa, ssid);
-		return;
-	}
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "FILS: Drop PMKSA cache entry");
-	wpa_sm_aborted_cached(wpa_s->wpa);
-	wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-}
-
-
-void fils_connection_failure(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	const u8 *realm, *username, *rrk;
-	size_t realm_len, username_len, rrk_len;
-	u16 next_seq_num;
-
-	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
-	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
-				  &username, &username_len,
-				  &realm, &realm_len, &next_seq_num,
-				  &rrk, &rrk_len) != 0 ||
-	    !realm)
-		return;
-
-	wpa_hexdump_ascii(MSG_DEBUG,
-			  "FILS: Store last connection failure realm",
-			  realm, realm_len);
-	os_free(wpa_s->last_con_fail_realm);
-	wpa_s->last_con_fail_realm = os_malloc(realm_len);
-	if (wpa_s->last_con_fail_realm) {
-		wpa_s->last_con_fail_realm_len = realm_len;
-		os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
-	}
-}
-#endif /* CONFIG_FILS */
-
-
-int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
-{
-	return wpa_s->conf->ap_scan == 2 ||
-		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
-}
-
-
-#if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
-int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
-					      struct wpa_ssid *ssid,
-					      const char *field,
-					      const char *value)
-{
-#ifdef IEEE8021X_EAPOL
-	struct eap_peer_config *eap = &ssid->eap;
-
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
-	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
-			      (const u8 *) value, os_strlen(value));
-
-	switch (wpa_supplicant_ctrl_req_from_string(field)) {
-	case WPA_CTRL_REQ_EAP_IDENTITY:
-		os_free(eap->identity);
-		eap->identity = (u8 *) os_strdup(value);
-		eap->identity_len = os_strlen(value);
-		eap->pending_req_identity = 0;
-		if (ssid == wpa_s->current_ssid)
-			wpa_s->reassociate = 1;
-		break;
-	case WPA_CTRL_REQ_EAP_PASSWORD:
-		bin_clear_free(eap->password, eap->password_len);
-		eap->password = (u8 *) os_strdup(value);
-		eap->password_len = os_strlen(value);
-		eap->pending_req_password = 0;
-		if (ssid == wpa_s->current_ssid)
-			wpa_s->reassociate = 1;
-		break;
-	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
-		bin_clear_free(eap->new_password, eap->new_password_len);
-		eap->new_password = (u8 *) os_strdup(value);
-		eap->new_password_len = os_strlen(value);
-		eap->pending_req_new_password = 0;
-		if (ssid == wpa_s->current_ssid)
-			wpa_s->reassociate = 1;
-		break;
-	case WPA_CTRL_REQ_EAP_PIN:
-		str_clear_free(eap->cert.pin);
-		eap->cert.pin = os_strdup(value);
-		eap->pending_req_pin = 0;
-		if (ssid == wpa_s->current_ssid)
-			wpa_s->reassociate = 1;
-		break;
-	case WPA_CTRL_REQ_EAP_OTP:
-		bin_clear_free(eap->otp, eap->otp_len);
-		eap->otp = (u8 *) os_strdup(value);
-		eap->otp_len = os_strlen(value);
-		os_free(eap->pending_req_otp);
-		eap->pending_req_otp = NULL;
-		eap->pending_req_otp_len = 0;
-		break;
-	case WPA_CTRL_REQ_EAP_PASSPHRASE:
-		str_clear_free(eap->cert.private_key_passwd);
-		eap->cert.private_key_passwd = os_strdup(value);
-		eap->pending_req_passphrase = 0;
-		if (ssid == wpa_s->current_ssid)
-			wpa_s->reassociate = 1;
-		break;
-	case WPA_CTRL_REQ_SIM:
-		str_clear_free(eap->external_sim_resp);
-		eap->external_sim_resp = os_strdup(value);
-		eap->pending_req_sim = 0;
-		break;
-	case WPA_CTRL_REQ_PSK_PASSPHRASE:
-		if (wpa_config_set(ssid, "psk", value, 0) < 0)
-			return -1;
-		ssid->mem_only_psk = 1;
-		if (ssid->passphrase)
-			wpa_config_update_psk(ssid);
-		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
-			wpa_supplicant_req_scan(wpa_s, 0, 0);
-		break;
-	case WPA_CTRL_REQ_EXT_CERT_CHECK:
-		if (eap->pending_ext_cert_check != PENDING_CHECK)
-			return -1;
-		if (os_strcmp(value, "good") == 0)
-			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
-		else if (os_strcmp(value, "bad") == 0)
-			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
-		else
-			return -1;
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
-		return -1;
-	}
-
-	return 0;
-#else /* IEEE8021X_EAPOL */
-	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
-	return -1;
-#endif /* IEEE8021X_EAPOL */
-}
-#endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
-
-
-int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-#ifdef CONFIG_WEP
-	int i;
-	unsigned int drv_enc;
-#endif /* CONFIG_WEP */
-
-	if (wpa_s->p2p_mgmt)
-		return 1; /* no normal network profiles on p2p_mgmt interface */
-
-	if (ssid == NULL)
-		return 1;
-
-	if (ssid->disabled)
-		return 1;
-
-#ifdef CONFIG_WEP
-	if (wpa_s->drv_capa_known)
-		drv_enc = wpa_s->drv_enc;
-	else
-		drv_enc = (unsigned int) -1;
-
-	for (i = 0; i < NUM_WEP_KEYS; i++) {
-		size_t len = ssid->wep_key_len[i];
-		if (len == 0)
-			continue;
-		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
-			continue;
-		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
-			continue;
-		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
-			continue;
-		return 1; /* invalid WEP key */
-	}
-#endif /* CONFIG_WEP */
-
-	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
-	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
-	    !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
-	    !ssid->mem_only_psk)
-		return 1;
-
-	return 0;
-}
-
-
-int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
-		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
-		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
-			/*
-			 * Driver does not support BIP -- ignore pmf=1 default
-			 * since the connection with PMF would fail and the
-			 * configuration does not require PMF to be enabled.
-			 */
-			return NO_MGMT_FRAME_PROTECTION;
-		}
-
-		if (ssid &&
-		    (ssid->key_mgmt &
-		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
-		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
-			/*
-			 * Do not use the default PMF value for non-RSN networks
-			 * since PMF is available only with RSN and pmf=2
-			 * configuration would otherwise prevent connections to
-			 * all open networks.
-			 */
-			return NO_MGMT_FRAME_PROTECTION;
-		}
-
-		return wpa_s->conf->pmf;
-	}
-
-	return ssid->ieee80211w;
-}
-
-
-int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
-{
-	if (wpa_s->current_ssid == NULL ||
-	    wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
-	    os_memcmp(addr, wpa_s->bssid, ETH_ALEN) != 0)
-		return 0;
-	return wpa_sm_pmf_enabled(wpa_s->wpa);
-}
-
-
-int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
-{
-	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
-		return 1;
-	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
-		return 0;
-	return -1;
-}
-
-
-void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
-{
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	int dur;
-	struct os_reltime now;
-
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
-			   "SSID block");
-		return;
-	}
-
-	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
-		return;
-
-	ssid->auth_failures++;
-
-#ifdef CONFIG_P2P
-	if (ssid->p2p_group &&
-	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
-		/*
-		 * Skip the wait time since there is a short timeout on the
-		 * connection to a P2P group.
-		 */
-		return;
-	}
-#endif /* CONFIG_P2P */
-
-	if (ssid->auth_failures > 50)
-		dur = 300;
-	else if (ssid->auth_failures > 10)
-		dur = 120;
-	else if (ssid->auth_failures > 5)
-		dur = 90;
-	else if (ssid->auth_failures > 3)
-		dur = 60;
-	else if (ssid->auth_failures > 2)
-		dur = 30;
-	else if (ssid->auth_failures > 1)
-		dur = 20;
-	else
-		dur = 10;
-
-	if (ssid->auth_failures > 1 &&
-	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
-		dur += os_random() % (ssid->auth_failures * 10);
-
-	os_get_reltime(&now);
-	if (now.sec + dur <= ssid->disabled_until.sec)
-		return;
-
-	ssid->disabled_until.sec = now.sec + dur;
-
-	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
-		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
-		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
-		ssid->auth_failures, dur, reason);
-}
-
-
-void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid, int clear_failures)
-{
-	if (ssid == NULL)
-		return;
-
-	if (ssid->disabled_until.sec) {
-		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
-			"id=%d ssid=\"%s\"",
-			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-	}
-	ssid->disabled_until.sec = 0;
-	ssid->disabled_until.usec = 0;
-	if (clear_failures)
-		ssid->auth_failures = 0;
-}
-
-
-int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	size_t i;
-
-	if (wpa_s->disallow_aps_bssid == NULL)
-		return 0;
-
-	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
-		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
-			      bssid, ETH_ALEN) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
-		    size_t ssid_len)
-{
-	size_t i;
-
-	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
-		return 0;
-
-	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
-		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
-		if (ssid_len == s->ssid_len &&
-		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-/**
- * wpas_request_connection - Request a new connection
- * @wpa_s: Pointer to the network interface
- *
- * This function is used to request a new connection to be found. It will mark
- * the interface to allow reassociation and request a new scan to find a
- * suitable network to connect to.
- */
-void wpas_request_connection(struct wpa_supplicant *wpa_s)
-{
-	wpa_s->normal_scans = 0;
-	wpa_s->scan_req = NORMAL_SCAN_REQ;
-	wpa_supplicant_reinit_autoscan(wpa_s);
-	wpa_s->disconnected = 0;
-	wpa_s->reassociate = 1;
-	wpa_s->last_owe_group = 0;
-
-	if (wpa_supplicant_fast_associate(wpa_s) != 1)
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-	else
-		wpa_s->reattach = 0;
-}
-
-
-/**
- * wpas_request_disconnection - Request disconnection
- * @wpa_s: Pointer to the network interface
- *
- * This function is used to request disconnection from the currently connected
- * network. This will stop any ongoing scans and initiate deauthentication.
- */
-void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_SME
-	wpa_s->sme.prev_bssid_set = 0;
-#endif /* CONFIG_SME */
-	wpa_s->reassociate = 0;
-	wpa_s->disconnected = 1;
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_cancel_scan(wpa_s);
-	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
-	radio_remove_works(wpa_s, "connect", 0);
-	radio_remove_works(wpa_s, "sme-connect", 0);
-}
-
-
-void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
-		    struct wpa_used_freq_data *freqs_data,
-		    unsigned int len)
-{
-	unsigned int i;
-
-	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
-		len, title);
-	for (i = 0; i < len; i++) {
-		struct wpa_used_freq_data *cur = &freqs_data[i];
-		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
-			i, cur->freq, cur->flags);
-	}
-}
-
-
-/*
- * Find the operating frequencies of any of the virtual interfaces that
- * are using the same radio as the current interface, and in addition, get
- * information about the interface types that are using the frequency.
- */
-int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
-				struct wpa_used_freq_data *freqs_data,
-				unsigned int len)
-{
-	struct wpa_supplicant *ifs;
-	u8 bssid[ETH_ALEN];
-	int freq;
-	unsigned int idx = 0, i;
-
-	wpa_dbg(wpa_s, MSG_DEBUG,
-		"Determining shared radio frequencies (max len %u)", len);
-	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
-
-	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
-			 radio_list) {
-		if (idx == len)
-			break;
-
-		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
-			continue;
-
-		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
-		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
-		    ifs->current_ssid->mode == WPAS_MODE_MESH)
-			freq = ifs->current_ssid->frequency;
-		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
-			freq = ifs->assoc_freq;
-		else
-			continue;
-
-		/* Hold only distinct freqs */
-		for (i = 0; i < idx; i++)
-			if (freqs_data[i].freq == freq)
-				break;
-
-		if (i == idx)
-			freqs_data[idx++].freq = freq;
-
-		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
-			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
-				WPA_FREQ_USED_BY_P2P_CLIENT :
-				WPA_FREQ_USED_BY_INFRA_STATION;
-		}
-	}
-
-	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
-	return idx;
-}
-
-
-/*
- * Find the operating frequencies of any of the virtual interfaces that
- * are using the same radio as the current interface.
- */
-int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
-			   int *freq_array, unsigned int len)
-{
-	struct wpa_used_freq_data *freqs_data;
-	int num, i;
-
-	os_memset(freq_array, 0, sizeof(int) * len);
-
-	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
-	if (!freqs_data)
-		return -1;
-
-	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
-	for (i = 0; i < num; i++)
-		freq_array[i] = freqs_data[i].freq;
-
-	os_free(freqs_data);
-
-	return num;
-}
-
-
-struct wpa_supplicant *
-wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
-{
-	switch (frame) {
-#ifdef CONFIG_P2P
-	case VENDOR_ELEM_PROBE_REQ_P2P:
-	case VENDOR_ELEM_PROBE_RESP_P2P:
-	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
-	case VENDOR_ELEM_BEACON_P2P_GO:
-	case VENDOR_ELEM_P2P_PD_REQ:
-	case VENDOR_ELEM_P2P_PD_RESP:
-	case VENDOR_ELEM_P2P_GO_NEG_REQ:
-	case VENDOR_ELEM_P2P_GO_NEG_RESP:
-	case VENDOR_ELEM_P2P_GO_NEG_CONF:
-	case VENDOR_ELEM_P2P_INV_REQ:
-	case VENDOR_ELEM_P2P_INV_RESP:
-	case VENDOR_ELEM_P2P_ASSOC_REQ:
-	case VENDOR_ELEM_P2P_ASSOC_RESP:
-		return wpa_s->p2pdev;
-#endif /* CONFIG_P2P */
-	default:
-		return wpa_s;
-	}
-}
-
-
-void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
-{
-	unsigned int i;
-	char buf[30];
-
-	wpa_printf(MSG_DEBUG, "Update vendor elements");
-
-	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
-		if (wpa_s->vendor_elem[i]) {
-			int res;
-
-			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
-			if (!os_snprintf_error(sizeof(buf), res)) {
-				wpa_hexdump_buf(MSG_DEBUG, buf,
-						wpa_s->vendor_elem[i]);
-			}
-		}
-	}
-
-#ifdef CONFIG_P2P
-	if (wpa_s->parent == wpa_s &&
-	    wpa_s->global->p2p &&
-	    !wpa_s->global->p2p_disabled)
-		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
-#endif /* CONFIG_P2P */
-}
-
-
-int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
-			    const u8 *elem, size_t len)
-{
-	u8 *ie, *end;
-
-	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
-	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
-
-	for (; ie + 1 < end; ie += 2 + ie[1]) {
-		if (ie + len > end)
-			break;
-		if (os_memcmp(ie, elem, len) != 0)
-			continue;
-
-		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
-			wpabuf_free(wpa_s->vendor_elem[frame]);
-			wpa_s->vendor_elem[frame] = NULL;
-		} else {
-			os_memmove(ie, ie + len, end - (ie + len));
-			wpa_s->vendor_elem[frame]->used -= len;
-		}
-		wpas_vendor_elem_update(wpa_s);
-		return 0;
-	}
-
-	return -1;
-}
-
-
-struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
-				   u16 num_modes, enum hostapd_hw_mode mode,
-				   bool is_6ghz)
-{
-	u16 i;
-
-	if (!modes)
-		return NULL;
-
-	for (i = 0; i < num_modes; i++) {
-		if (modes[i].mode != mode ||
-		    !modes[i].num_channels || !modes[i].channels)
-			continue;
-		if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
-		    (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
-			return &modes[i];
-	}
-
-	return NULL;
-}
-
-
-struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
-					     u16 num_modes, int freq)
-{
-	int i, j;
-
-	for (i = 0; i < num_modes; i++) {
-		for (j = 0; j < modes[i].num_channels; j++) {
-			if (freq == modes[i].channels[j].freq)
-				return &modes[i];
-		}
-	}
-
-	return NULL;
-}
-
-
-static struct
-wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
-						 const u8 *bssid)
-{
-	struct wpa_bss_tmp_disallowed *bss;
-
-	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
-			 struct wpa_bss_tmp_disallowed, list) {
-		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
-			return bss;
-	}
-
-	return NULL;
-}
-
-
-static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss_tmp_disallowed *tmp;
-	unsigned int num_bssid = 0;
-	u8 *bssids;
-	int ret;
-
-	bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
-	if (!bssids)
-		return -1;
-	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
-			 struct wpa_bss_tmp_disallowed, list) {
-		os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
-			  ETH_ALEN);
-		num_bssid++;
-	}
-	ret = wpa_drv_set_bssid_tmp_disallow(wpa_s, num_bssid, bssids);
-	os_free(bssids);
-	return ret;
-}
-
-
-static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
-
-	/* Make sure the bss is not already freed */
-	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
-			 struct wpa_bss_tmp_disallowed, list) {
-		if (bss == tmp) {
-			remove_bss_tmp_disallowed_entry(wpa_s, tmp);
-			wpa_set_driver_tmp_disallow_list(wpa_s);
-			break;
-		}
-	}
-}
-
-
-void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			  unsigned int sec, int rssi_threshold)
-{
-	struct wpa_bss_tmp_disallowed *bss;
-
-	bss = wpas_get_disallowed_bss(wpa_s, bssid);
-	if (bss) {
-		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
-		goto finish;
-	}
-
-	bss = os_malloc(sizeof(*bss));
-	if (!bss) {
-		wpa_printf(MSG_DEBUG,
-			   "Failed to allocate memory for temp disallow BSS");
-		return;
-	}
-
-	os_memcpy(bss->bssid, bssid, ETH_ALEN);
-	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
-	wpa_set_driver_tmp_disallow_list(wpa_s);
-
-finish:
-	bss->rssi_threshold = rssi_threshold;
-	eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
-			       wpa_s, bss);
-}
-
-
-int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *bss)
-{
-	struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
-
-	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
-			 struct wpa_bss_tmp_disallowed, list) {
-		if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
-			disallowed = tmp;
-			break;
-		}
-	}
-	if (!disallowed)
-		return 0;
-
-	if (disallowed->rssi_threshold != 0 &&
-	    bss->level > disallowed->rssi_threshold) {
-		remove_bss_tmp_disallowed_entry(wpa_s, disallowed);
-		wpa_set_driver_tmp_disallow_list(wpa_s);
-		return 0;
-	}
-
-	return 1;
-}
-
-
-int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
-				       unsigned int type, const u8 *addr,
-				       const u8 *mask)
-{
-	if ((addr && !mask) || (!addr && mask)) {
-		wpa_printf(MSG_INFO,
-			   "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
-		return -1;
-	}
-
-	if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
-		wpa_printf(MSG_INFO,
-			   "MAC_ADDR_RAND_SCAN cannot allow multicast address");
-		return -1;
-	}
-
-	if (type & MAC_ADDR_RAND_SCAN) {
-		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
-						addr, mask))
-			return -1;
-	}
-
-	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
-		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
-						addr, mask))
-			return -1;
-
-		if (wpa_s->sched_scanning && !wpa_s->pno)
-			wpas_scan_restart_sched_scan(wpa_s);
-	}
-
-	if (type & MAC_ADDR_RAND_PNO) {
-		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
-						addr, mask))
-			return -1;
-
-		if (wpa_s->pno) {
-			wpas_stop_pno(wpa_s);
-			wpas_start_pno(wpa_s);
-		}
-	}
-
-	return 0;
-}
-
-
-int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
-					unsigned int type)
-{
-	wpas_mac_addr_rand_scan_clear(wpa_s, type);
-	if (wpa_s->pno) {
-		if (type & MAC_ADDR_RAND_PNO) {
-			wpas_stop_pno(wpa_s);
-			wpas_start_pno(wpa_s);
-		}
-	} else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
-		wpas_scan_restart_sched_scan(wpa_s);
-	}
-
-	return 0;
-}
-
-
-int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
-			struct wpa_signal_info *si)
-{
-	int res;
-
-	if (!wpa_s->driver->signal_poll)
-		return -1;
-
-	res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
-
-#ifdef CONFIG_TESTING_OPTIONS
-	if (res == 0) {
-		struct driver_signal_override *dso;
-
-		dl_list_for_each(dso, &wpa_s->drv_signal_override,
-				 struct driver_signal_override, list) {
-			if (os_memcmp(wpa_s->bssid, dso->bssid,
-				      ETH_ALEN) != 0)
-				continue;
-			wpa_printf(MSG_DEBUG,
-				   "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
-				   si->current_signal,
-				   dso->si_current_signal,
-				   si->avg_signal,
-				   dso->si_avg_signal,
-				   si->avg_beacon_signal,
-				   dso->si_avg_beacon_signal,
-				   si->current_noise,
-				   dso->si_current_noise);
-			si->current_signal = dso->si_current_signal;
-			si->avg_signal = dso->si_avg_signal;
-			si->avg_beacon_signal = dso->si_avg_beacon_signal;
-			si->current_noise = dso->si_current_noise;
-			break;
-		}
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	return res;
-}
-
-
-struct wpa_scan_results *
-wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_scan_results *scan_res;
-#ifdef CONFIG_TESTING_OPTIONS
-	size_t idx;
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (!wpa_s->driver->get_scan_results2)
-		return NULL;
-
-	scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
-
-#ifdef CONFIG_TESTING_OPTIONS
-	for (idx = 0; scan_res && idx < scan_res->num; idx++) {
-		struct driver_signal_override *dso;
-		struct wpa_scan_res *res = scan_res->res[idx];
-
-		dl_list_for_each(dso, &wpa_s->drv_signal_override,
-				 struct driver_signal_override, list) {
-			if (os_memcmp(res->bssid, dso->bssid, ETH_ALEN) != 0)
-				continue;
-			wpa_printf(MSG_DEBUG,
-				   "Override driver scan signal level %d->%d for "
-				   MACSTR,
-				   res->level, dso->scan_level,
-				   MAC2STR(res->bssid));
-			res->flags |= WPA_SCAN_QUAL_INVALID;
-			if (dso->scan_level < 0)
-				res->flags |= WPA_SCAN_LEVEL_DBM;
-			else
-				res->flags &= ~WPA_SCAN_LEVEL_DBM;
-			res->level = dso->scan_level;
-			break;
-		}
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	return scan_res;
-}
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
deleted file mode 100644
index 6619d6ba7fb1..000000000000
--- a/wpa_supplicant/wpa_supplicant.conf
+++ /dev/null
@@ -1,2071 +0,0 @@
-##### Example wpa_supplicant configuration file ###############################
-#
-# This file describes configuration file format and lists all available option.
-# Please also take a look at simpler configuration examples in 'examples'
-# subdirectory.
-#
-# Empty lines and lines starting with # are ignored
-
-# NOTE! This file may contain password information and should probably be made
-# readable only by root user on multiuser systems.
-
-# Note: All file paths in this configuration file should use full (absolute,
-# not relative to working directory) path in order to allow working directory
-# to be changed. This can happen if wpa_supplicant is run in the background.
-
-# Whether to allow wpa_supplicant to update (overwrite) configuration
-#
-# This option can be used to allow wpa_supplicant to overwrite configuration
-# file whenever configuration is changed (e.g., new network block is added with
-# wpa_cli or wpa_gui, or a password is changed). This is required for
-# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
-# Please note that overwriting configuration file will remove the comments from
-# it.
-#update_config=1
-
-# global configuration (shared by all network blocks)
-#
-# Parameters for the control interface. If this is specified, wpa_supplicant
-# will open a control interface that is available for external programs to
-# manage wpa_supplicant. The meaning of this string depends on which control
-# interface mechanism is used. For all cases, the existence of this parameter
-# in configuration is used to determine whether the control interface is
-# enabled.
-#
-# For UNIX domain sockets (default on Linux and BSD): This is a directory that
-# will be created for UNIX domain sockets for listening to requests from
-# external programs (CLI/GUI, etc.) for status information and configuration.
-# The socket file will be named based on the interface name, so multiple
-# wpa_supplicant processes can be run at the same time if more than one
-# interface is used.
-# /var/run/wpa_supplicant is the recommended directory for sockets and by
-# default, wpa_cli will use it when trying to connect with wpa_supplicant.
-#
-# Access control for the control interface can be configured by setting the
-# directory to allow only members of a group to use sockets. This way, it is
-# possible to run wpa_supplicant as root (since it needs to change network
-# configuration and open raw sockets) and still allow GUI/CLI components to be
-# run as non-root users. However, since the control interface can be used to
-# change the network configuration, this access needs to be protected in many
-# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
-# want to allow non-root users to use the control interface, add a new group
-# and change this value to match with that group. Add users that should have
-# control interface access to this group. If this variable is commented out or
-# not included in the configuration file, group will not be changed from the
-# value it got by default when the directory or socket was created.
-#
-# When configuring both the directory and group, use following format:
-# DIR=/var/run/wpa_supplicant GROUP=wheel
-# DIR=/var/run/wpa_supplicant GROUP=0
-# (group can be either group name or gid)
-#
-# For UDP connections (default on Windows): The value will be ignored. This
-# variable is just used to select that the control interface is to be created.
-# The value can be set to, e.g., udp (ctrl_interface=udp)
-#
-# For Windows Named Pipe: This value can be used to set the security descriptor
-# for controlling access to the control interface. Security descriptor can be
-# set using Security Descriptor String Format (see http://msdn.microsoft.com/
-# library/default.asp?url=/library/en-us/secauthz/security/
-# security_descriptor_string_format.asp). The descriptor string needs to be
-# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
-# DACL (which will reject all connections). See README-Windows.txt for more
-# information about SDDL string format.
-#
-ctrl_interface=/var/run/wpa_supplicant
-
-# IEEE 802.1X/EAPOL version
-# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
-# EAPOL version 2. However, there are many APs that do not handle the new
-# version number correctly (they seem to drop the frames completely). In order
-# to make wpa_supplicant interoperate with these APs, the version number is set
-# to 1 by default. This configuration value can be used to set it to the new
-# version (2).
-# Note: When using MACsec, eapol_version shall be set to 3, which is
-# defined in IEEE Std 802.1X-2010.
-eapol_version=1
-
-# AP scanning/selection
-# By default, wpa_supplicant requests driver to perform AP scanning and then
-# uses the scan results to select a suitable AP. Another alternative is to
-# allow the driver to take care of AP scanning and selection and use
-# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
-# information from the driver.
-# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to
-#    the currently enabled networks are found, a new network (IBSS or AP mode
-#    operation) may be initialized (if configured) (default)
-# 0: This mode must only be used when using wired Ethernet drivers
-#    (including MACsec).
-# 2: like 0, but associate with APs using security policy and SSID (but not
-#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
-#    enable operation with hidden SSIDs and optimized roaming; in this mode,
-#    the network blocks in the configuration file are tried one by one until
-#    the driver reports successful association; each network block should have
-#    explicit security policy (i.e., only one option in the lists) for
-#    key_mgmt, pairwise, group, proto variables
-# Note: ap_scan=0/2 should not be used with the nl80211 driver interface (the
-# current Linux interface). ap_scan=1 is the only option working with nl80211.
-# For finding networks using hidden SSID, scan_ssid=1 in the network block can
-# be used with nl80211.
-# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
-# created immediately regardless of scan results. ap_scan=1 mode will first try
-# to scan for existing networks and only if no matches with the enabled
-# networks are found, a new IBSS or AP mode network is created.
-ap_scan=1
-
-# Whether to force passive scan for network connection
-#
-# By default, scans will send out Probe Request frames on channels that allow
-# active scanning. This advertise the local station to the world. Normally this
-# is fine, but users may wish to do passive scanning where the radio should only
-# listen quietly for Beacon frames and not send any Probe Request frames. Actual
-# functionality may be driver dependent.
-#
-# This parameter can be used to force only passive scanning to be used
-# for network connection cases. It should be noted that this will slow
-# down scan operations and reduce likelihood of finding the AP. In
-# addition, some use cases will override this due to functional
-# requirements, e.g., for finding an AP that uses hidden SSID
-# (scan_ssid=1) or P2P device discovery.
-#
-# 0:  Do normal scans (allow active scans) (default)
-# 1:  Do passive scans.
-#passive_scan=0
-
-# MPM residency
-# By default, wpa_supplicant implements the mesh peering manager (MPM) for an
-# open mesh. However, if the driver can implement the MPM, you may set this to
-# 0 to use the driver version. When AMPE is enabled, the wpa_supplicant MPM is
-# always used.
-# 0: MPM lives in the driver
-# 1: wpa_supplicant provides an MPM which handles peering (default)
-#user_mpm=1
-
-# Maximum number of peer links (0-255; default: 99)
-# Maximum number of mesh peering currently maintained by the STA.
-#max_peer_links=99
-
-# Timeout in seconds to detect STA inactivity (default: 300 seconds)
-#
-# This timeout value is used in mesh STA to clean up inactive stations.
-#mesh_max_inactivity=300
-
-# Enable 802.11s layer-2 routing and forwarding (dot11MeshForwarding)
-#mesh_fwding=1
-
-# cert_in_cb - Whether to include a peer certificate dump in events
-# This controls whether peer certificates for authentication server and
-# its certificate chain are included in EAP peer certificate events. This is
-# enabled by default.
-#cert_in_cb=1
-
-# EAP fast re-authentication
-# By default, fast re-authentication is enabled for all EAP methods that
-# support it. This variable can be used to disable fast re-authentication.
-# Normally, there is no need to disable this.
-fast_reauth=1
-
-# OpenSSL Engine support
-# These options can be used to load OpenSSL engines in special or legacy
-# modes.
-# The two engines that are supported currently are shown below:
-# They are both from the opensc project (http://www.opensc.org/)
-# By default the PKCS#11 engine is loaded if the client_cert or
-# private_key option appear to be a PKCS#11 URI, and these options
-# should not need to be used explicitly.
-# make the opensc engine available
-#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
-# make the pkcs11 engine available
-#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
-# configure the path to the pkcs11 module required by the pkcs11 engine
-#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
-
-# OpenSSL cipher string
-#
-# This is an OpenSSL specific configuration option for configuring the default
-# ciphers. If not set, the value configured at build time ("DEFAULT:!EXP:!LOW"
-# by default) is used.
-# See https://www.openssl.org/docs/apps/ciphers.html for OpenSSL documentation
-# on cipher suite configuration. This is applicable only if wpa_supplicant is
-# built to use OpenSSL.
-#openssl_ciphers=DEFAULT:!EXP:!LOW
-
-# Dynamic EAP methods
-# If EAP methods were built dynamically as shared object files, they need to be
-# loaded here before being used in the network blocks. By default, EAP methods
-# are included statically in the build, so these lines are not needed
-#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
-#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
-
-# Driver interface parameters
-# This field can be used to configure arbitrary driver interface parameters. The
-# format is specific to the selected driver interface. This field is not used
-# in most cases.
-#driver_param="field=value"
-
-# Country code
-# The ISO/IEC alpha2 country code for the country in which this device is
-# currently operating.
-#country=US
-
-# Maximum lifetime for PMKSA in seconds; default 43200
-#dot11RSNAConfigPMKLifetime=43200
-# Threshold for reauthentication (percentage of PMK lifetime); default 70
-#dot11RSNAConfigPMKReauthThreshold=70
-# Timeout for security association negotiation in seconds; default 60
-#dot11RSNAConfigSATimeout=60
-
-# Wi-Fi Protected Setup (WPS) parameters
-
-# Universally Unique IDentifier (UUID; see RFC 4122) of the device
-# If not configured, UUID will be generated based on the mechanism selected with
-# the auto_uuid parameter.
-#uuid=12345678-9abc-def0-1234-56789abcdef0
-
-# Automatic UUID behavior
-# 0 = generate static value based on the local MAC address (default)
-# 1 = generate a random UUID every time wpa_supplicant starts
-#auto_uuid=0
-
-# Device Name
-# User-friendly description of device; up to 32 octets encoded in UTF-8
-#device_name=Wireless Client
-
-# Manufacturer
-# The manufacturer of the device (up to 64 ASCII characters)
-#manufacturer=Company
-
-# Model Name
-# Model of the device (up to 32 ASCII characters)
-#model_name=cmodel
-
-# Model Number
-# Additional device description (up to 32 ASCII characters)
-#model_number=123
-
-# Serial Number
-# Serial number of the device (up to 32 characters)
-#serial_number=12345
-
-# Primary Device Type
-# Used format: <categ>-<OUI>-<subcateg>
-# categ = Category as an integer value
-# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for
-#       default WPS OUI
-# subcateg = OUI-specific Sub Category as an integer value
-# Examples:
-#   1-0050F204-1 (Computer / PC)
-#   1-0050F204-2 (Computer / Server)
-#   5-0050F204-1 (Storage / NAS)
-#   6-0050F204-1 (Network Infrastructure / AP)
-#device_type=1-0050F204-1
-
-# OS Version
-# 4-octet operating system version number (hex string)
-#os_version=01020300
-
-# Config Methods
-# List of the supported configuration methods
-# Available methods: usba ethernet label display ext_nfc_token int_nfc_token
-#	nfc_interface push_button keypad virtual_display physical_display
-#	virtual_push_button physical_push_button
-# For WSC 1.0:
-#config_methods=label display push_button keypad
-# For WSC 2.0:
-#config_methods=label virtual_display virtual_push_button keypad
-
-# Credential processing
-#   0 = process received credentials internally (default)
-#   1 = do not process received credentials; just pass them over ctrl_iface to
-#	external program(s)
-#   2 = process received credentials internally and pass them over ctrl_iface
-#	to external program(s)
-#wps_cred_processing=0
-
-# Whether to enable SAE (WPA3-Personal transition mode) automatically for
-# WPA2-PSK credentials received using WPS.
-# 0 = only add the explicitly listed WPA2-PSK configuration (default)
-# 1 = add both the WPA2-PSK and SAE configuration and enable PMF so that the
-#     station gets configured in WPA3-Personal transition mode (supports both
-#     WPA2-Personal (PSK) and WPA3-Personal (SAE) APs).
-#wps_cred_add_sae=0
-
-# Vendor attribute in WPS M1, e.g., Windows 7 Vertical Pairing
-# The vendor attribute contents to be added in M1 (hex string)
-#wps_vendor_ext_m1=000137100100020001
-
-# NFC password token for WPS
-# These parameters can be used to configure a fixed NFC password token for the
-# station. This can be generated, e.g., with nfc_pw_token. When these
-# parameters are used, the station is assumed to be deployed with a NFC tag
-# that includes the matching NFC password token (e.g., written based on the
-# NDEF record from nfc_pw_token).
-#
-#wps_nfc_dev_pw_id: Device Password ID (16..65535)
-#wps_nfc_dh_pubkey: Hexdump of DH Public Key
-#wps_nfc_dh_privkey: Hexdump of DH Private Key
-#wps_nfc_dev_pw: Hexdump of Device Password
-
-# Priority for the networks added through WPS
-# This priority value will be set to each network profile that is added
-# by executing the WPS protocol.
-#wps_priority=0
-
-# Device Provisioning Protocol (DPP) parameters
-#
-# How to process DPP configuration
-# 0 = report received configuration to an external program for
-#     processing; do not generate any network profile internally (default)
-# 1 = report received configuration to an external program and generate
-#     a network profile internally, but do not automatically connect
-#     to the created (disabled) profile; the network profile id is
-#     reported to external programs
-# 2 = report received configuration to an external program, generate
-#     a network profile internally, try to connect to the created
-#     profile automatically
-#dpp_config_processing=0
-#
-# Name for Enrollee's DPP Configuration Request
-#dpp_name=Test
-#
-# MUD URL for Enrollee's DPP Configuration Request (optional)
-#dpp_mud_url=https://example.com/mud
-
-# Maximum number of BSS entries to keep in memory
-# Default: 200
-# This can be used to limit memory use on the BSS entries (cached scan
-# results). A larger value may be needed in environments that have huge number
-# of APs when using ap_scan=1 mode.
-#bss_max_count=200
-
-# BSS expiration age in seconds. A BSS will be removed from the local cache
-# if it is not in use and has not been seen for this time. Default is 180.
-#bss_expiration_age=180
-
-# BSS expiration after number of scans. A BSS will be removed from the local
-# cache if it is not seen in this number of scans.
-# Default is 2.
-#bss_expiration_scan_count=2
-
-# Automatic scan
-# This is an optional set of parameters for automatic scanning
-# within an interface in following format:
-#autoscan=<autoscan module name>:<module parameters>
-# autoscan is like bgscan but on disconnected or inactive state.
-# For instance, on exponential module parameters would be <base>:<limit>
-#autoscan=exponential:3:300
-# Which means a delay between scans on a base exponential of 3,
-# up to the limit of 300 seconds (3, 9, 27 ... 300)
-# For periodic module, parameters would be <fixed interval>
-#autoscan=periodic:30
-# So a delay of 30 seconds will be applied between each scan.
-# Note: If sched_scan_plans are configured and supported by the driver,
-# autoscan is ignored.
-
-# filter_ssids - SSID-based scan result filtering
-# 0 = do not filter scan results (default)
-# 1 = only include configured SSIDs in scan results/BSS table
-#filter_ssids=0
-
-# Password (and passphrase, etc.) backend for external storage
-# format: <backend name>[:<optional backend parameters>]
-# Test backend which stores passwords in memory. Should only be used for
-# development purposes.
-#ext_password_backend=test:pw1=password|pw2=testing
-# File-based backend which reads passwords from a file. The parameter
-# identifies the file to read passwords from. The password file follows the
-# format of wpa_supplicant.conf and accepts simple `key=passphrase` formatted
-# passwords.
-#ext_password_backend=file:/path/to/passwords.conf
-
-
-# Disable P2P functionality
-# p2p_disabled=1
-
-# Timeout in seconds to detect STA inactivity (default: 300 seconds)
-#
-# This timeout value is used in P2P GO mode to clean up
-# inactive stations.
-#p2p_go_max_inactivity=300
-
-# Passphrase length (8..63) for P2P GO
-#
-# This parameter controls the length of the random passphrase that is
-# generated at the GO. Default: 8.
-#p2p_passphrase_len=8
-
-# Extra delay between concurrent P2P search iterations
-#
-# This value adds extra delay in milliseconds between concurrent search
-# iterations to make p2p_find friendlier to concurrent operations by avoiding
-# it from taking 100% of radio resources. The default value is 500 ms.
-#p2p_search_delay=500
-
-# Opportunistic Key Caching (also known as Proactive Key Caching) default
-# This parameter can be used to set the default behavior for the
-# proactive_key_caching parameter. By default, OKC is disabled unless enabled
-# with the global okc=1 parameter or with the per-network
-# proactive_key_caching=1 parameter. With okc=1, OKC is enabled by default, but
-# can be disabled with per-network proactive_key_caching=0 parameter.
-#okc=0
-
-# Protected Management Frames default
-# This parameter can be used to set the default behavior for the ieee80211w
-# parameter for RSN networks. By default, PMF is disabled unless enabled with
-# the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.
-# With pmf=1/2, PMF is enabled/required by default, but can be disabled with the
-# per-network ieee80211w parameter. This global default value does not apply
-# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using
-# RSN.
-#pmf=0
-
-# Enabled SAE finite cyclic groups in preference order
-# By default (if this parameter is not set), the mandatory group 19 (ECC group
-# defined over a 256-bit prime order field, NIST P-256) is preferred and groups
-# 20 (NIST P-384) and 21 (NIST P-521) are also enabled. If this parameter is
-# set, the groups will be tried in the indicated order.
-# The group values are listed in the IANA registry:
-# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
-# Note that groups 1, 2, 5, 22, 23, and 24 should not be used in production
-# purposes due limited security (see RFC 8247). Groups that are not as strong as
-# group 19 (ECC, NIST P-256) are unlikely to be useful for production use cases
-# since all implementations are required to support group 19.
-#sae_groups=19 20 21
-
-# SAE mechanism for PWE derivation
-# 0 = hunting-and-pecking loop only (default without password identifier)
-# 1 = hash-to-element only (default with password identifier)
-# 2 = both hunting-and-pecking loop and hash-to-element enabled
-# Note: The default value is likely to change from 0 to 2 once the new
-# hash-to-element mechanism has received more interoperability testing.
-# When using SAE password identifier, the hash-to-element mechanism is used
-# regardless of the sae_pwe parameter value.
-#sae_pwe=0
-
-# Default value for DTIM period (if not overridden in network block)
-#dtim_period=2
-
-# Default value for Beacon interval (if not overridden in network block)
-#beacon_int=100
-
-# Additional vendor specific elements for Beacon and Probe Response frames
-# This parameter can be used to add additional vendor specific element(s) into
-# the end of the Beacon and Probe Response frames. The format for these
-# element(s) is a hexdump of the raw information elements (id+len+payload for
-# one or more elements). This is used in AP and P2P GO modes.
-#ap_vendor_elements=dd0411223301
-
-# Ignore scan results older than request
-#
-# The driver may have a cache of scan results that makes it return
-# information that is older than our scan trigger. This parameter can
-# be used to configure such old information to be ignored instead of
-# allowing it to update the internal BSS table.
-#ignore_old_scan_res=0
-
-# scan_cur_freq: Whether to scan only the current frequency
-# 0:  Scan all available frequencies. (Default)
-# 1:  Scan current operating frequency if another VIF on the same radio
-#     is already associated.
-
-# Seconds to consider old scan results valid for association (default: 5)
-#scan_res_valid_for_connect=5
-
-# MAC address policy default
-# 0 = use permanent MAC address
-# 1 = use random MAC address for each ESS connection
-# 2 = like 1, but maintain OUI (with local admin bit set)
-#
-# By default, permanent MAC address is used unless policy is changed by
-# the per-network mac_addr parameter. Global mac_addr=1 can be used to
-# change this default behavior.
-#mac_addr=0
-
-# Lifetime of random MAC address in seconds (default: 60)
-#rand_addr_lifetime=60
-
-# MAC address policy for pre-association operations (scanning, ANQP)
-# 0 = use permanent MAC address
-# 1 = use random MAC address
-# 2 = like 1, but maintain OUI (with local admin bit set)
-#preassoc_mac_addr=0
-
-# MAC address policy for GAS operations
-# 0 = use permanent MAC address
-# 1 = use random MAC address
-# 2 = like 1, but maintain OUI (with local admin bit set)
-# Note that this setting is ignored when a specific MAC address is needed for
-# a full protocol exchange that includes GAS, e.g., when going through a DPP
-# exchange that exposes the configured interface address as part of the DP
-# Public Action frame exchanges before using GAS. That same address is then used
-# during the GAS exchange as well to avoid breaking the protocol expectations.
-#gas_rand_mac_addr=0
-
-# Lifetime of GAS random MAC address in seconds (default: 60)
-#gas_rand_addr_lifetime=60
-
-# Interworking (IEEE 802.11u)
-
-# Enable Interworking
-# interworking=1
-
-# Enable P2P GO advertisement of Interworking
-# go_interworking=1
-
-# P2P GO Interworking: Access Network Type
-# 0 = Private network
-# 1 = Private network with guest access
-# 2 = Chargeable public network
-# 3 = Free public network
-# 4 = Personal device network
-# 5 = Emergency services only network
-# 14 = Test or experimental
-# 15 = Wildcard
-#go_access_network_type=0
-
-# P2P GO Interworking: Whether the network provides connectivity to the Internet
-# 0 = Unspecified
-# 1 = Network provides connectivity to the Internet
-#go_internet=1
-
-# P2P GO Interworking: Group Venue Info (optional)
-# The available values are defined in IEEE Std 802.11-2016, 9.4.1.35.
-# Example values (group,type):
-# 0,0 = Unspecified
-# 1,7 = Convention Center
-# 1,13 = Coffee Shop
-# 2,0 = Unspecified Business
-# 7,1  Private Residence
-#go_venue_group=7
-#go_venue_type=1
-
-# Homogeneous ESS identifier
-# If this is set, scans will be used to request response only from BSSes
-# belonging to the specified Homogeneous ESS. This is used only if interworking
-# is enabled.
-# hessid=00:11:22:33:44:55
-
-# Automatic network selection behavior
-# 0 = do not automatically go through Interworking network selection
-#     (i.e., require explicit interworking_select command for this; default)
-# 1 = perform Interworking network selection if one or more
-#     credentials have been configured and scan did not find a
-#     matching network block
-#auto_interworking=0
-
-# GAS Address3 field behavior
-# 0 = P2P specification (Address3 = AP BSSID); default
-# 1 = IEEE 802.11 standard compliant (Address3 = Wildcard BSSID when
-#     sent to not-associated AP; if associated, AP BSSID)
-#gas_address3=0
-
-# Publish fine timing measurement (FTM) responder functionality in
-# the Extended Capabilities element bit 70.
-# Controls whether FTM responder functionality will be published by AP/STA.
-# Note that actual FTM responder operation is managed outside wpa_supplicant.
-# 0 = Do not publish; default
-# 1 = Publish
-#ftm_responder=0
-
-# Publish fine timing measurement (FTM) initiator functionality in
-# the Extended Capabilities element bit 71.
-# Controls whether FTM initiator functionality will be published by AP/STA.
-# Note that actual FTM initiator operation is managed outside wpa_supplicant.
-# 0 = Do not publish; default
-# 1 = Publish
-#ftm_initiator=0
-
-# credential block
-#
-# Each credential used for automatic network selection is configured as a set
-# of parameters that are compared to the information advertised by the APs when
-# interworking_select and interworking_connect commands are used.
-#
-# credential fields:
-#
-# temporary: Whether this credential is temporary and not to be saved
-#
-# priority: Priority group
-#	By default, all networks and credentials get the same priority group
-#	(0). This field can be used to give higher priority for credentials
-#	(and similarly in struct wpa_ssid for network blocks) to change the
-#	Interworking automatic networking selection behavior. The matching
-#	network (based on either an enabled network block or a credential)
-#	with the highest priority value will be selected.
-#
-# pcsc: Use PC/SC and SIM/USIM card
-#
-# realm: Home Realm for Interworking
-#
-# username: Username for Interworking network selection
-#
-# password: Password for Interworking network selection
-#
-# ca_cert: CA certificate for Interworking network selection
-#
-# client_cert: File path to client certificate file (PEM/DER)
-#	This field is used with Interworking networking selection for a case
-#	where client certificate/private key is used for authentication
-#	(EAP-TLS). Full path to the file should be used since working
-#	directory may change when wpa_supplicant is run in the background.
-#
-#	Certificates from PKCS#11 tokens can be referenced by a PKCS#11 URI.
-#
-#	For example: private_key="pkcs11:manufacturer=piv_II;id=%01"
-#
-#	Alternatively, a named configuration blob can be used by setting
-#	this to blob://blob_name.
-#
-# private_key: File path to client private key file (PEM/DER/PFX)
-#	When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
-#	commented out. Both the private key and certificate will be read
-#	from the PKCS#12 file in this case. Full path to the file should be
-#	used since working directory may change when wpa_supplicant is run
-#	in the background.
-#
-#	Keys in PKCS#11 tokens can be referenced by a PKCS#11 URI.
-#	For example: private_key="pkcs11:manufacturer=piv_II;id=%01"
-#
-#	Windows certificate store can be used by leaving client_cert out and
-#	configuring private_key in one of the following formats:
-#
-#	cert://substring_to_match
-#
-#	hash://certificate_thumbprint_in_hex
-#
-#	For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
-#
-#	Note that when running wpa_supplicant as an application, the user
-#	certificate store (My user account) is used, whereas computer store
-#	(Computer account) is used when running wpasvc as a service.
-#
-#	Alternatively, a named configuration blob can be used by setting
-#	this to blob://blob_name.
-#
-# private_key_passwd: Password for private key file
-#
-# imsi: IMSI in <MCC> | <MNC> | '-' | <MSIN> format
-#
-# milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN>
-#	format
-#
-# domain: Home service provider FQDN(s)
-#	This is used to compare against the Domain Name List to figure out
-#	whether the AP is operated by the Home SP. Multiple domain entries can
-#	be used to configure alternative FQDNs that will be considered home
-#	networks.
-#
-# roaming_consortium: Roaming Consortium OI
-#	If roaming_consortium_len is non-zero, this field contains the
-#	Roaming Consortium OI that can be used to determine which access
-#	points support authentication with this credential. This is an
-#	alternative to the use of the realm parameter. When using Roaming
-#	Consortium to match the network, the EAP parameters need to be
-#	pre-configured with the credential since the NAI Realm information
-#	may not be available or fetched.
-#
-# required_roaming_consortium: Required Roaming Consortium OI
-#	If required_roaming_consortium_len is non-zero, this field contains the
-#	Roaming Consortium OI that is required to be advertised by the AP for
-#	the credential to be considered matching.
-#
-# roaming_consortiums: Roaming Consortium OI(s) memberships
-#	This string field contains one or more comma delimited OIs (hexdump)
-#	identifying the roaming consortiums of which the provider is a member.
-#	The list is sorted from the most preferred one to the least preferred
-#	one. A match between the Roaming Consortium OIs advertised by an AP and
-#	the OIs in this list indicates that successful authentication is
-#	possible.
-#	(Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI)
-#
-# eap: Pre-configured EAP method
-#	This optional field can be used to specify which EAP method will be
-#	used with this credential. If not set, the EAP method is selected
-#	automatically based on ANQP information (e.g., NAI Realm).
-#
-# phase1: Pre-configure Phase 1 (outer authentication) parameters
-#	This optional field is used with like the 'eap' parameter.
-#
-# phase2: Pre-configure Phase 2 (inner authentication) parameters
-#	This optional field is used with like the 'eap' parameter.
-#
-# excluded_ssid: Excluded SSID
-#	This optional field can be used to excluded specific SSID(s) from
-#	matching with the network. Multiple entries can be used to specify more
-#	than one SSID.
-#
-# roaming_partner: Roaming partner information
-#	This optional field can be used to configure preferences between roaming
-#	partners. The field is a string in following format:
-#	<FQDN>,<0/1 exact match>,<priority>,<* or country code>
-#	(non-exact match means any subdomain matches the entry; priority is in
-#	0..255 range with 0 being the highest priority)
-#
-# update_identifier: PPS MO ID
-#	(Hotspot 2.0 PerProviderSubscription/UpdateIdentifier)
-#
-# provisioning_sp: FQDN of the SP that provisioned the credential
-#	This optional field can be used to keep track of the SP that provisioned
-#	the credential to find the PPS MO (./Wi-Fi/<provisioning_sp>).
-#
-# Minimum backhaul threshold (PPS/<X+>/Policy/MinBackhauldThreshold/*)
-#	These fields can be used to specify minimum download/upload backhaul
-#	bandwidth that is preferred for the credential. This constraint is
-#	ignored if the AP does not advertise WAN Metrics information or if the
-#	limit would prevent any connection. Values are in kilobits per second.
-# min_dl_bandwidth_home
-# min_ul_bandwidth_home
-# min_dl_bandwidth_roaming
-# min_ul_bandwidth_roaming
-#
-# max_bss_load: Maximum BSS Load Channel Utilization (1..255)
-#	(PPS/<X+>/Policy/MaximumBSSLoadValue)
-#	This value is used as the maximum channel utilization for network
-#	selection purposes for home networks. If the AP does not advertise
-#	BSS Load or if the limit would prevent any connection, this constraint
-#	will be ignored.
-#
-# req_conn_capab: Required connection capability
-#	(PPS/<X+>/Policy/RequiredProtoPortTuple)
-#	This value is used to configure set of required protocol/port pairs that
-#	a roaming network shall support (include explicitly in Connection
-#	Capability ANQP element). This constraint is ignored if the AP does not
-#	advertise Connection Capability or if this constraint would prevent any
-#	network connection. This policy is not used in home networks.
-#	Format: <protocol>[:<comma-separated list of ports]
-#	Multiple entries can be used to list multiple requirements.
-#	For example, number of common TCP protocols:
-#	req_conn_capab=6,22,80,443
-#	For example, IPSec/IKE:
-#	req_conn_capab=17:500
-#	req_conn_capab=50
-#
-# ocsp: Whether to use/require OCSP to check server certificate
-#	0 = do not use OCSP stapling (TLS certificate status extension)
-#	1 = try to use OCSP stapling, but not require response
-#	2 = require valid OCSP stapling response
-#	3 = require valid OCSP stapling response for all not-trusted
-#	    certificates in the server certificate chain
-#
-# sim_num: Identifier for which SIM to use in multi-SIM devices
-#
-# for example:
-#
-#cred={
-#	realm="example.com"
-#	username="user@example.com"
-#	password="password"
-#	ca_cert="/etc/wpa_supplicant/ca.pem"
-#	domain="example.com"
-#}
-#
-#cred={
-#	imsi="310026-000000000"
-#	milenage="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82"
-#}
-#
-#cred={
-#	realm="example.com"
-#	username="user"
-#	password="password"
-#	ca_cert="/etc/wpa_supplicant/ca.pem"
-#	domain="example.com"
-#	roaming_consortium=223344
-#	eap=TTLS
-#	phase2="auth=MSCHAPV2"
-#}
-
-# Hotspot 2.0
-# hs20=1
-
-# Scheduled scan plans
-#
-# A space delimited list of scan plans. Each scan plan specifies the scan
-# interval and number of iterations, delimited by a colon. The last scan plan
-# will run infinitely and thus must specify only the interval and not the number
-# of iterations.
-#
-# The driver advertises the maximum number of scan plans supported. If more scan
-# plans than supported are configured, only the first ones are set (up to the
-# maximum supported). The last scan plan that specifies only the interval is
-# always set as the last plan.
-#
-# If the scan interval or the number of iterations for a scan plan exceeds the
-# maximum supported, it will be set to the maximum supported value.
-#
-# Format:
-# sched_scan_plans=<interval:iterations> <interval:iterations> ... <interval>
-#
-# Example:
-# sched_scan_plans=10:100 20:200 30
-
-# Multi Band Operation (MBO) non-preferred channels
-# A space delimited list of non-preferred channels where each channel is a colon
-# delimited list of values.
-# Format:
-# non_pref_chan=<oper_class>:<chan>:<preference>:<reason>
-# Example:
-# non_pref_chan=81:5:10:2 81:1:0:2 81:9:0:2
-
-# MBO Cellular Data Capabilities
-# 1 = Cellular data connection available
-# 2 = Cellular data connection not available
-# 3 = Not cellular capable (default)
-#mbo_cell_capa=3
-
-# Optimized Connectivity Experience (OCE)
-# oce: Enable OCE features (bitmap)
-# Set BIT(0) to Enable OCE in non-AP STA mode (default; disabled if the driver
-#	does not indicate support for OCE in STA mode)
-# Set BIT(1) to Enable OCE in STA-CFON mode
-#oce=1
-
-# Extended Key ID support for Individually Addressed frames
-# 0 = force off: Do not use Extended Key ID (default)
-# 1 = auto: Activate Extended Key ID support if the driver supports it
-#extended_key_id=0
-
-# network block
-#
-# Each network (usually AP's sharing the same SSID) is configured as a separate
-# block in this configuration file. The network blocks are in preference order
-# (the first match is used).
-#
-# network block fields:
-#
-# disabled:
-#	0 = this network can be used (default)
-#	1 = this network block is disabled (can be enabled through ctrl_iface,
-#	    e.g., with wpa_cli or wpa_gui)
-#
-# id_str: Network identifier string for external scripts. This value is passed
-#	to external action script through wpa_cli as WPA_ID_STR environment
-#	variable to make it easier to do network specific configuration.
-#
-# ssid: SSID (mandatory); network name in one of the optional formats:
-#	- an ASCII string with double quotation
-#	- a hex string (two characters per octet of SSID)
-#	- a printf-escaped ASCII string P"<escaped string>"
-#
-# scan_ssid:
-#	0 = do not scan this SSID with specific Probe Request frames (default)
-#	1 = scan with SSID-specific Probe Request frames (this can be used to
-#	    find APs that do not accept broadcast SSID or use multiple SSIDs;
-#	    this will add latency to scanning, so enable this only when needed)
-#
-# bssid: BSSID (optional); if set, this network block is used only when
-#	associating with the AP using the configured BSSID
-#
-# ignore_broadcast_ssid: SSID broadcast behavior
-# Send empty SSID in beacons and ignore probe request frames that do not
-# specify full SSID, i.e., require stations to know SSID.
-# default: disabled (0)
-# 1 = send empty (length=0) SSID in beacon and ignore probe request for
-#     broadcast SSID
-# 2 = clear SSID (ASCII 0), but keep the original length (this may be required
-#     with some clients that do not support empty SSID) and ignore probe
-#     requests for broadcast SSID
-#
-# priority: priority group (integer)
-# By default, all networks will get same priority group (0). If some of the
-# networks are more desirable, this field can be used to change the order in
-# which wpa_supplicant goes through the networks when selecting a BSS. The
-# priority groups will be iterated in decreasing priority (i.e., the larger the
-# priority value, the sooner the network is matched against the scan results).
-# Within each priority group, networks will be selected based on security
-# policy, signal strength, etc.
-# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
-# using this priority to select the order for scanning. Instead, they try the
-# networks in the order that used in the configuration file.
-#
-# mode: IEEE 802.11 operation mode
-# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
-# 1 = IBSS (ad-hoc, peer-to-peer)
-# 2 = AP (access point)
-# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and
-# WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE (fixed group key
-# TKIP/CCMP) is available for backwards compatibility, but its use is
-# deprecated. WPA-None requires following network block options:
-# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
-# both), and psk must also be set.
-#
-# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g.,
-# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial
-# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode.
-# In addition, this value is only used by the station that creates the IBSS. If
-# an IBSS network with the configured SSID is already present, the frequency of
-# the network will be used instead of this configured value.
-#
-# pbss: Whether to use PBSS. Relevant to IEEE 802.11ad networks only.
-# 0 = do not use PBSS
-# 1 = use PBSS
-# 2 = don't care (not allowed in AP mode)
-# Used together with mode configuration. When mode is AP, it means to start a
-# PCP instead of a regular AP. When mode is infrastructure it means connect
-# to a PCP instead of AP. In this mode you can also specify 2 (don't care)
-# which means connect to either PCP or AP.
-# P2P_GO and P2P_GROUP_FORMATION modes must use PBSS in IEEE 802.11ad network.
-# For more details, see IEEE Std 802.11ad-2012.
-#
-# scan_freq: List of frequencies to scan
-# Space-separated list of frequencies in MHz to scan when searching for this
-# BSS. If the subset of channels used by the network is known, this option can
-# be used to optimize scanning to not occur on channels that the network does
-# not use. Example: scan_freq=2412 2437 2462
-#
-# freq_list: Array of allowed frequencies
-# Space-separated list of frequencies in MHz to allow for selecting the BSS. If
-# set, scan results that do not match any of the specified frequencies are not
-# considered when selecting a BSS.
-#
-# This can also be set on the outside of the network block. In this case,
-# it limits the frequencies that will be scanned.
-#
-# bgscan: Background scanning
-# wpa_supplicant behavior for background scanning can be specified by
-# configuring a bgscan module. These modules are responsible for requesting
-# background scans for the purpose of roaming within an ESS (i.e., within a
-# single network block with all the APs using the same SSID). The bgscan
-# parameter uses following format: "<bgscan module name>:<module parameters>"
-# Following bgscan modules are available:
-# simple - Periodic background scans based on signal strength
-# bgscan="simple:<short bgscan interval in seconds>:<signal strength threshold>:
-# <long interval>"
-# bgscan="simple:30:-45:300"
-# learn - Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-# bgscan="learn:<short bgscan interval in seconds>:<signal strength threshold>:
-# <long interval>[:<database file name>]"
-# bgscan="learn:30:-45:300:/etc/wpa_supplicant/network1.bgscan"
-# Explicitly disable bgscan by setting
-# bgscan=""
-#
-# This option can also be set outside of all network blocks for the bgscan
-# parameter to apply for all the networks that have no specific bgscan
-# parameter.
-#
-# proto: list of accepted protocols
-# WPA = WPA/IEEE 802.11i/D3.0
-# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
-# Note that RSN is used also for WPA3.
-# If not set, this defaults to: WPA RSN
-#
-# key_mgmt: list of accepted authenticated key management protocols
-# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
-# WPA-EAP = WPA using EAP authentication
-# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
-#	generated WEP keys
-# NONE = WPA is not used; plaintext or static WEP could be used
-# WPA-NONE = WPA-None for IBSS (deprecated; use proto=RSN key_mgmt=WPA-PSK
-#	instead)
-# FT-PSK = Fast BSS Transition (IEEE 802.11r) with pre-shared key
-# FT-EAP = Fast BSS Transition (IEEE 802.11r) with EAP authentication
-# FT-EAP-SHA384 = Fast BSS Transition (IEEE 802.11r) with EAP authentication
-#	and using SHA384
-# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
-# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
-# SAE = Simultaneous authentication of equals; pre-shared key/password -based
-#	authentication with stronger security than WPA-PSK especially when using
-#	not that strong password; a.k.a. WPA3-Personal
-# FT-SAE = SAE with FT
-# WPA-EAP-SUITE-B = Suite B 128-bit level
-# WPA-EAP-SUITE-B-192 = Suite B 192-bit level
-# OSEN = Hotspot 2.0 Rel 2 online signup connection
-# FILS-SHA256 = Fast Initial Link Setup with SHA256
-# FILS-SHA384 = Fast Initial Link Setup with SHA384
-# FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256
-# FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384
-# OWE = Opportunistic Wireless Encryption (a.k.a. Enhanced Open)
-# DPP = Device Provisioning Protocol
-# If not set, this defaults to: WPA-PSK WPA-EAP
-#
-# ieee80211w: whether management frame protection is enabled
-# 0 = disabled (default unless changed with the global pmf parameter)
-# 1 = optional
-# 2 = required
-# The most common configuration options for this based on the PMF (protected
-# management frames) certification program are:
-# PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256
-# PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256
-# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used)
-# WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE
-#
-# ocv: whether operating channel validation is enabled
-# This is a countermeasure against multi-channel on-path attacks.
-# Enabling this automatically also enables ieee80211w, if not yet enabled.
-# 0 = disabled (default)
-# 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
-#     driver indicates support for operating channel validation.
-#ocv=1
-#
-# auth_alg: list of allowed IEEE 802.11 authentication algorithms
-# OPEN = Open System authentication (required for WPA/WPA2)
-# SHARED = Shared Key authentication (requires static WEP keys)
-# LEAP = LEAP/Network EAP (only used with LEAP)
-# If not set, automatic selection is used (Open System with LEAP enabled if
-# LEAP is allowed as one of the EAP methods).
-#
-# pairwise: list of accepted pairwise (unicast) ciphers for WPA
-# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
-# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
-# NONE = Use only Group Keys (deprecated, should not be included if APs support
-#	pairwise keys)
-# If not set, this defaults to: CCMP TKIP
-#
-# group: list of accepted group (broadcast/multicast) ciphers for WPA
-# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
-# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
-# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
-# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
-# If not set, this defaults to: CCMP TKIP WEP104 WEP40
-#
-# group_mgmt: list of accepted group management ciphers for RSN (PMF)
-# AES-128-CMAC = BIP-CMAC-128
-# BIP-GMAC-128
-# BIP-GMAC-256
-# BIP-CMAC-256
-# If not set, no constraint on the cipher, i.e., accept whichever cipher the AP
-# indicates.
-#
-# psk: WPA preshared key; 256-bit pre-shared key
-# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
-# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
-# generated using the passphrase and SSID). ASCII passphrase must be between
-# 8 and 63 characters (inclusive). ext:<name of external PSK field> format can
-# be used to indicate that the PSK/passphrase is stored in external storage.
-# This field is not needed, if WPA-EAP is used.
-# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
-# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
-# startup and reconfiguration time can be optimized by generating the PSK only
-# only when the passphrase or SSID has actually changed.
-#
-# mem_only_psk: Whether to keep PSK/passphrase only in memory
-# 0 = allow psk/passphrase to be stored to the configuration file
-# 1 = do not store psk/passphrase to the configuration file
-#mem_only_psk=0
-#
-# sae_password: SAE password
-# This parameter can be used to set a password for SAE. By default, the
-# passphrase from the psk parameter is used if this separate parameter is not
-# used, but psk follows the WPA-PSK constraints (8..63 characters) even though
-# SAE passwords do not have such constraints.
-#
-# sae_password_id: SAE password identifier
-# This parameter can be used to set an identifier for the SAE password. By
-# default, no such identifier is used. If set, the specified identifier value
-# is used by the other peer to select which password to use for authentication.
-#
-# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
-# Dynamic WEP key required for non-WPA mode
-# bit0 (1): require dynamically generated unicast WEP key
-# bit1 (2): require dynamically generated broadcast WEP key
-# 	(3 = require both keys; default)
-# Note: When using wired authentication (including MACsec drivers),
-# eapol_flags must be set to 0 for the authentication to be completed
-# successfully.
-#
-# macsec_policy: IEEE 802.1X/MACsec options
-# This determines how sessions are secured with MACsec (only for MACsec
-# drivers).
-# 0: MACsec not in use (default)
-# 1: MACsec enabled - Should secure, accept key server's advice to
-#    determine whether to use a secure session or not.
-#
-# macsec_integ_only: IEEE 802.1X/MACsec transmit mode
-# This setting applies only when MACsec is in use, i.e.,
-#  - macsec_policy is enabled
-#  - the key server has decided to enable MACsec
-# 0: Encrypt traffic (default)
-# 1: Integrity only
-#
-# macsec_replay_protect: IEEE 802.1X/MACsec replay protection
-# This setting applies only when MACsec is in use, i.e.,
-#  - macsec_policy is enabled
-#  - the key server has decided to enable MACsec
-# 0: Replay protection disabled (default)
-# 1: Replay protection enabled
-#
-# macsec_replay_window: IEEE 802.1X/MACsec replay protection window
-# This determines a window in which replay is tolerated, to allow receipt
-# of frames that have been misordered by the network.
-# This setting applies only when MACsec replay protection active, i.e.,
-#  - macsec_replay_protect is enabled
-#  - the key server has decided to enable MACsec
-# 0: No replay window, strict check (default)
-# 1..2^32-1: number of packets that could be misordered
-#
-# macsec_port: IEEE 802.1X/MACsec port
-# Port component of the SCI
-# Range: 1-65534 (default: 1)
-#
-# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
-# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
-# In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
-# with lower priority will become the key server and start distributing SAKs.
-# mka_cak (CAK = Secure Connectivity Association Key) takes a 16-byte (128-bit)
-# hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits)
-# mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string
-# (2..64 hex-digits)
-# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
-# default priority
-#
-# mixed_cell: This option can be used to configure whether so called mixed
-# cells, i.e., networks that use both plaintext and encryption in the same
-# SSID, are allowed when selecting a BSS from scan results.
-# 0 = disabled (default)
-# 1 = enabled
-#
-# proactive_key_caching:
-# Enable/disable opportunistic PMKSA caching for WPA2.
-# 0 = disabled (default unless changed with the global okc parameter)
-# 1 = enabled
-#
-# ft_eap_pmksa_caching:
-# Whether FT-EAP PMKSA caching is allowed
-# 0 = do not try to use PMKSA caching with FT-EAP (default)
-# 1 = try to use PMKSA caching with FT-EAP
-# This controls whether to try to use PMKSA caching with FT-EAP for the
-# FT initial mobility domain association.
-#ft_eap_pmksa_caching=0
-#
-# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
-# hex without quotation, e.g., 0102030405)
-# wep_tx_keyidx: Default WEP key index (TX) (0..3)
-#
-# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
-# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
-#
-# wpa_deny_ptk0_rekey: Workaround for PTK rekey issues
-# PTK0 rekeys (using only one Key ID value for pairwise keys) can degrade the
-# security and stability with some cards.
-# To avoid the issues wpa_supplicant can replace those PTK rekeys (including
-# EAP reauthentications) with fast reconnects.
-#
-# Available options:
-# 0 = always rekey when configured/instructed (default)
-# 1 = only rekey when the local driver is explicitly indicating it can perform
-#	this operation without issues
-# 2 = never allow problematic PTK0 rekeys
-#
-# group_rekey: Group rekeying time in seconds. This value, if non-zero, is used
-# as the dot11RSNAConfigGroupRekeyTime parameter when operating in
-# Authenticator role in IBSS, or in AP and mesh modes.
-#
-# Following fields are only used with internal EAP implementation.
-# eap: space-separated list of accepted EAP methods
-#	MD5 = EAP-MD5 (insecure and does not generate keying material ->
-#			cannot be used with WPA; to be used as a Phase 2 method
-#			with EAP-PEAP or EAP-TTLS)
-#       MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
-#		as a Phase 2 method with EAP-PEAP or EAP-TTLS)
-#       OTP = EAP-OTP (cannot be used separately with WPA; to be used
-#		as a Phase 2 method with EAP-PEAP or EAP-TTLS)
-#       GTC = EAP-GTC (cannot be used separately with WPA; to be used
-#		as a Phase 2 method with EAP-PEAP or EAP-TTLS)
-#	TLS = EAP-TLS (client and server certificate)
-#	PEAP = EAP-PEAP (with tunnelled EAP authentication)
-#	TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
-#			 authentication)
-#	If not set, all compiled in methods are allowed.
-#
-# identity: Identity string for EAP
-#	This field is also used to configure user NAI for
-#	EAP-PSK/PAX/SAKE/GPSK.
-# anonymous_identity: Anonymous identity string for EAP (to be used as the
-#	unencrypted identity with EAP types that support different tunnelled
-#	identity, e.g., EAP-TTLS). This field can also be used with
-#	EAP-SIM/AKA/AKA' to store the pseudonym identity.
-# password: Password string for EAP. This field can include either the
-#	plaintext password (using ASCII or hex string) or a NtPasswordHash
-#	(16-byte MD4 hash of password) in hash:<32 hex digits> format.
-#	NtPasswordHash can only be used when the password is for MSCHAPv2 or
-#	MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
-#	EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit
-#	PSK) is also configured using this field. For EAP-GPSK, this is a
-#	variable length PSK. ext:<name of external password field> format can
-#	be used to indicate that the password is stored in external storage.
-# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
-#	or more trusted CA certificates. If ca_cert and ca_path are not
-#	included, server certificate will not be verified. This is insecure and
-#	a trusted CA certificate should always be configured when using
-#	EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
-#	change when wpa_supplicant is run in the background.
-#
-#	Alternatively, this can be used to only perform matching of the server
-#	certificate (SHA-256 hash of the DER encoded X.509 certificate). In
-#	this case, the possible CA certificates in the server certificate chain
-#	are ignored and only the server certificate is verified. This is
-#	configured with the following format:
-#	hash:://server/sha256/cert_hash_in_hex
-#	For example: "hash://server/sha256/
-#	5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"
-#
-#	On Windows, trusted CA certificates can be loaded from the system
-#	certificate store by setting this to cert_store://<name>, e.g.,
-#	ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
-#	Note that when running wpa_supplicant as an application, the user
-#	certificate store (My user account) is used, whereas computer store
-#	(Computer account) is used when running wpasvc as a service.
-# ca_path: Directory path for CA certificate files (PEM). This path may
-#	contain multiple CA certificates in OpenSSL format. Common use for this
-#	is to point to system trusted CA list which is often installed into
-#	directory like /etc/ssl/certs. If configured, these certificates are
-#	added to the list of trusted CAs. ca_cert may also be included in that
-#	case, but it is not required.
-# client_cert: File path to client certificate file (PEM/DER)
-#	Full path should be used since working directory may change when
-#	wpa_supplicant is run in the background.
-#	Alternatively, a named configuration blob can be used by setting this
-#	to blob://<blob name>.
-# private_key: File path to client private key file (PEM/DER/PFX)
-#	When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
-#	commented out. Both the private key and certificate will be read from
-#	the PKCS#12 file in this case. Full path should be used since working
-#	directory may change when wpa_supplicant is run in the background.
-#	Windows certificate store can be used by leaving client_cert out and
-#	configuring private_key in one of the following formats:
-#	cert://substring_to_match
-#	hash://certificate_thumbprint_in_hex
-#	for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
-#	Note that when running wpa_supplicant as an application, the user
-#	certificate store (My user account) is used, whereas computer store
-#	(Computer account) is used when running wpasvc as a service.
-#	Alternatively, a named configuration blob can be used by setting this
-#	to blob://<blob name>.
-# private_key_passwd: Password for private key file (if left out, this will be
-#	asked through control interface)
-# dh_file: File path to DH/DSA parameters file (in PEM format)
-#	This is an optional configuration file for setting parameters for an
-#	ephemeral DH key exchange. In most cases, the default RSA
-#	authentication does not use this configuration. However, it is possible
-#	setup RSA to use ephemeral DH key exchange. In addition, ciphers with
-#	DSA keys always use ephemeral DH keys. This can be used to achieve
-#	forward secrecy. If the file is in DSA parameters format, it will be
-#	automatically converted into DH params.
-# subject_match: Substring to be matched against the subject of the
-#	authentication server certificate. If this string is set, the server
-#	certificate is only accepted if it contains this string in the subject.
-#	The subject string is in following format:
-#	/C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
-#	Note: Since this is a substring match, this cannot be used securely to
-#	do a suffix match against a possible domain name in the CN entry. For
-#	such a use case, domain_suffix_match or domain_match should be used
-#	instead.
-# altsubject_match: Semicolon separated string of entries to be matched against
-#	the alternative subject name of the authentication server certificate.
-#	If this string is set, the server certificate is only accepted if it
-#	contains one of the entries in an alternative subject name extension.
-#	altSubjectName string is in following format: TYPE:VALUE
-#	Example: EMAIL:server@example.com
-#	Example: DNS:server.example.com;DNS:server2.example.com
-#	Following types are supported: EMAIL, DNS, URI
-# domain_suffix_match: Constraint for server domain name. If set, this FQDN is
-#	used as a suffix match requirement for the AAA server certificate in
-#	SubjectAltName dNSName element(s). If a matching dNSName is found, this
-#	constraint is met. If no dNSName values are present, this constraint is
-#	matched against SubjectName CN using same suffix match comparison.
-#
-#	Suffix match here means that the host/domain name is compared one label
-#	at a time starting from the top-level domain and all the labels in
-#	domain_suffix_match shall be included in the certificate. The
-#	certificate may include additional sub-level labels in addition to the
-#	required labels.
-#
-#	More than one match string can be provided by using semicolons to
-#	separate the strings (e.g., example.org;example.com). When multiple
-#	strings are specified, a match with any one of the values is considered
-#	a sufficient match for the certificate, i.e., the conditions are ORed
-#	together.
-#
-#	For example, domain_suffix_match=example.com would match
-#	test.example.com but would not match test-example.com.
-# domain_match: Constraint for server domain name
-#	If set, this FQDN is used as a full match requirement for the
-#	server certificate in SubjectAltName dNSName element(s). If a
-#	matching dNSName is found, this constraint is met. If no dNSName
-#	values are present, this constraint is matched against SubjectName CN
-#	using same full match comparison. This behavior is similar to
-#	domain_suffix_match, but has the requirement of a full match, i.e.,
-#	no subdomains or wildcard matches are allowed. Case-insensitive
-#	comparison is used, so "Example.com" matches "example.com", but would
-#	not match "test.Example.com".
-#
-#	More than one match string can be provided by using semicolons to
-#	separate the strings (e.g., example.org;example.com). When multiple
-#	strings are specified, a match with any one of the values is considered
-#	a sufficient match for the certificate, i.e., the conditions are ORed
-#	together.
-# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
-#	(string with field-value pairs, e.g., "peapver=0" or
-#	"peapver=1 peaplabel=1")
-#	'peapver' can be used to force which PEAP version (0 or 1) is used.
-#	'peaplabel=1' can be used to force new label, "client PEAP encryption",
-#	to be used during key derivation when PEAPv1 or newer. Most existing
-#	PEAPv1 implementation seem to be using the old label, "client EAP
-#	encryption", and wpa_supplicant is now using that as the default value.
-#	Some servers, e.g., Radiator, may require peaplabel=1 configuration to
-#	interoperate with PEAPv1; see eap_testing.txt for more details.
-#	'peap_outer_success=0' can be used to terminate PEAP authentication on
-#	tunneled EAP-Success. This is required with some RADIUS servers that
-#	implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
-#	Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
-#	include_tls_length=1 can be used to force wpa_supplicant to include
-#	TLS Message Length field in all TLS messages even if they are not
-#	fragmented.
-#	sim_min_num_chal=3 can be used to configure EAP-SIM to require three
-#	challenges (by default, it accepts 2 or 3)
-#	result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
-#	protected result indication.
-#	'crypto_binding' option can be used to control PEAPv0 cryptobinding
-#	behavior:
-#	 * 0 = do not use cryptobinding (default)
-#	 * 1 = use cryptobinding if server supports it
-#	 * 2 = require cryptobinding
-#	EAP-WSC (WPS) uses following options: pin=<Device Password> or
-#	pbc=1.
-#
-#	For wired IEEE 802.1X authentication, "allow_canned_success=1" can be
-#	used to configure a mode that allows EAP-Success (and EAP-Failure)
-#	without going through authentication step. Some switches use such
-#	sequence when forcing the port to be authorized/unauthorized or as a
-#	fallback option if the authentication server is unreachable. By default,
-#	wpa_supplicant discards such frames to protect against potential attacks
-#	by rogue devices, but this option can be used to disable that protection
-#	for cases where the server/authenticator does not need to be
-#	authenticated.
-# phase2: Phase2 (inner authentication with TLS tunnel) parameters
-#	(string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
-#	"autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS). "mschapv2_retry=0" can be
-#	used to disable MSCHAPv2 password retry in authentication failure cases.
-#
-# TLS-based methods can use the following parameters to control TLS behavior
-# (these are normally in the phase1 parameter, but can be used also in the
-# phase2 parameter when EAP-TLS is used within the inner tunnel):
-# tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the
-#	TLS library, these may be disabled by default to enforce stronger
-#	security)
-# tls_disable_time_checks=1 - ignore certificate validity time (this requests
-#	the TLS library to accept certificates even if they are not currently
-#	valid, i.e., have expired or have not yet become valid; this should be
-#	used only for testing purposes)
-# tls_disable_session_ticket=1 - disable TLS Session Ticket extension
-# tls_disable_session_ticket=0 - allow TLS Session Ticket extension to be used
-#	Note: If not set, this is automatically set to 1 for EAP-TLS/PEAP/TTLS
-#	as a workaround for broken authentication server implementations unless
-#	EAP workarounds are disabled with eap_workaround=0.
-#	For EAP-FAST, this must be set to 0 (or left unconfigured for the
-#	default value to be used automatically).
-# tls_disable_tlsv1_0=1 - disable use of TLSv1.0
-# tls_disable_tlsv1_0=0 - explicitly enable use of TLSv1.0 (this allows
-#	systemwide TLS policies to be overridden)
-# tls_disable_tlsv1_1=1 - disable use of TLSv1.1 (a workaround for AAA servers
-#	that have issues interoperating with updated TLS version)
-# tls_disable_tlsv1_1=0 - explicitly enable use of TLSv1.1 (this allows
-#	systemwide TLS policies to be overridden)
-# tls_disable_tlsv1_2=1 - disable use of TLSv1.2 (a workaround for AAA servers
-#	that have issues interoperating with updated TLS version)
-# tls_disable_tlsv1_2=0 - explicitly enable use of TLSv1.2 (this allows
-#	systemwide TLS policies to be overridden)
-# tls_disable_tlsv1_3=1 - disable use of TLSv1.3 (a workaround for AAA servers
-#	that have issues interoperating with updated TLS version)
-# tls_disable_tlsv1_3=0 - enable TLSv1.3 (experimental - disabled by default)
-# tls_ext_cert_check=0 - No external server certificate validation (default)
-# tls_ext_cert_check=1 - External server certificate validation enabled; this
-#	requires an external program doing validation of server certificate
-#	chain when receiving CTRL-RSP-EXT_CERT_CHECK event from the control
-#	interface and report the result of the validation with
-#	CTRL-RSP_EXT_CERT_CHECK.
-# tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
-# tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
-#	particular when using Suite B with RSA keys of >= 3K (3072) bits
-#
-# Following certificate/private key fields are used in inner Phase2
-# authentication when using EAP-TTLS or EAP-PEAP.
-# ca_cert2: File path to CA certificate file. This file can have one or more
-#	trusted CA certificates. If ca_cert2 and ca_path2 are not included,
-#	server certificate will not be verified. This is insecure and a trusted
-#	CA certificate should always be configured.
-# ca_path2: Directory path for CA certificate files (PEM)
-# client_cert2: File path to client certificate file
-# private_key2: File path to client private key file
-# private_key2_passwd: Password for private key file
-# dh_file2: File path to DH/DSA parameters file (in PEM format)
-# subject_match2: Substring to be matched against the subject of the
-#	authentication server certificate. See subject_match for more details.
-# altsubject_match2: Semicolon separated string of entries to be matched
-#	against the alternative subject name of the authentication server
-#	certificate. See altsubject_match documentation for more details.
-# domain_suffix_match2: Constraint for server domain name. See
-#	domain_suffix_match for more details.
-# ocsp2: See ocsp for more details.
-#
-# Separate machine credentials can be configured for EAP-TEAP Phase 2 with
-# "machine_" prefix (e.g., "machine_identity") in the configuration parameters.
-# See the parameters without that prefix for more details on the meaning and
-# format of each such parameter.
-#
-# fragment_size: Maximum EAP fragment size in bytes (default 1398).
-#	This value limits the fragment size for EAP methods that support
-#	fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
-#	small enough to make the EAP messages fit in MTU of the network
-#	interface used for EAPOL. The default value is suitable for most
-#	cases.
-#
-# ocsp: Whether to use/require OCSP to check server certificate
-#	0 = do not use OCSP stapling (TLS certificate status extension)
-#	1 = try to use OCSP stapling, but not require response
-#	2 = require valid OCSP stapling response
-#	3 = require valid OCSP stapling response for all not-trusted
-#	    certificates in the server certificate chain
-#
-# openssl_ciphers: OpenSSL specific cipher configuration
-#	This can be used to override the global openssl_ciphers configuration
-#	parameter (see above).
-#
-# erp: Whether EAP Re-authentication Protocol (ERP) is enabled
-#
-# EAP-FAST variables:
-# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
-#	to create this file and write updates to it when PAC is being
-#	provisioned or refreshed. Full path to the file should be used since
-#	working directory may change when wpa_supplicant is run in the
-#	background. Alternatively, a named configuration blob can be used by
-#	setting this to blob://<blob name>
-# phase1: fast_provisioning option can be used to enable in-line provisioning
-#         of EAP-FAST credentials (PAC):
-#         0 = disabled,
-#         1 = allow unauthenticated provisioning,
-#         2 = allow authenticated provisioning,
-#         3 = allow both unauthenticated and authenticated provisioning
-#	fast_max_pac_list_len=<num> option can be used to set the maximum
-#		number of PAC entries to store in a PAC list (default: 10)
-#	fast_pac_format=binary option can be used to select binary format for
-#		storing PAC entries in order to save some space (the default
-#		text format uses about 2.5 times the size of minimal binary
-#		format)
-#
-# wpa_supplicant supports number of "EAP workarounds" to work around
-# interoperability issues with incorrectly behaving authentication servers.
-# These are enabled by default because some of the issues are present in large
-# number of authentication servers. Strict EAP conformance mode can be
-# configured by disabling workarounds with eap_workaround=0.
-
-# update_identifier: PPS MO ID
-#	(Hotspot 2.0 PerProviderSubscription/UpdateIdentifier)
-#
-# roaming_consortium_selection: Roaming Consortium Selection
-#	The matching Roaming Consortium OI that was used to generate this
-#	network profile.
-
-# Station inactivity limit
-#
-# If a station does not send anything in ap_max_inactivity seconds, an
-# empty data frame is sent to it in order to verify whether it is
-# still in range. If this frame is not ACKed, the station will be
-# disassociated and then deauthenticated. This feature is used to
-# clear station table of old entries when the STAs move out of the
-# range.
-#
-# The station can associate again with the AP if it is still in range;
-# this inactivity poll is just used as a nicer way of verifying
-# inactivity; i.e., client will not report broken connection because
-# disassociation frame is not sent immediately without first polling
-# the STA with a data frame.
-# default: 300 (i.e., 5 minutes)
-#ap_max_inactivity=300
-
-# DTIM period in Beacon intervals for AP mode (default: 2)
-#dtim_period=2
-
-# Beacon interval (default: 100 TU)
-#beacon_int=100
-
-# WPS in AP mode
-# 0 = WPS enabled and configured (default)
-# 1 = WPS disabled
-#wps_disabled=0
-
-# FILS DH Group
-# 0 = PFS disabled with FILS shared key authentication (default)
-# 1-65535 = DH Group to use for FILS PFS
-#fils_dh_group=0
-
-# DPP PFS
-# 0: allow PFS to be used or not used (default)
-# 1: require PFS to be used (note: not compatible with DPP R1)
-# 2: do not allow PFS to be used
-#dpp_pfs=0
-
-# Whether beacon protection is enabled
-# This depends on management frame protection (ieee80211w) being enabled and
-# beacon protection support indication from the driver.
-# 0 = disabled (default)
-# 1 = enabled
-#beacon_prot=0
-
-# OWE DH Group
-# 0: use default (19) first and then try all supported groups one by one if AP
-#   rejects the selected group
-# 1-65535: DH Group to use for OWE
-# Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are
-# currently supported.
-#owe_group=0
-
-# OWE-only mode (disable transition mode)
-# 0: enable transition mode (allow connection to either OWE or open BSS)
-# 1 = disable transition mode (allow connection only with OWE)
-#owe_only=0
-
-# OWE PTK derivation workaround
-# Initial OWE implementation used SHA256 when deriving the PTK for all
-# OWE groups. This was supposed to change to SHA384 for group 20 and
-# SHA512 for group 21. This parameter can be used to enable older
-# behavior mainly for testing purposes. There is no impact to group 19
-# behavior, but if enabled, this will make group 20 and 21 cases use
-# SHA256-based PTK derivation which will not work with the updated
-# OWE implementation on the AP side.
-#owe_ptk_workaround=0
-
-# Transition Disable indication
-# The AP can notify authenticated stations to disable transition mode
-# in their network profiles when the network has completed transition
-# steps, i.e., once sufficiently large number of APs in the ESS have
-# been updated to support the more secure alternative. When this
-# indication is used, the stations are expected to automatically
-# disable transition mode and less secure security options. This
-# includes use of WEP, TKIP (including use of TKIP as the group
-# cipher), and connections without PMF.
-# Bitmap bits:
-# bit 0 (0x01): WPA3-Personal (i.e., disable WPA2-Personal = WPA-PSK
-#	and only allow SAE to be used)
-# bit 1 (0x02): SAE-PK (disable SAE without use of SAE-PK)
-# bit 2 (0x04): WPA3-Enterprise (move to requiring PMF)
-# bit 3 (0x08): Enhanced Open (disable use of open network; require
-#	OWE)
-
-# SAE-PK mode
-# 0: automatic SAE/SAE-PK selection based on password; enable
-#    transition mode (allow SAE authentication without SAE-PK)
-# 1: SAE-PK only (disable transition mode; allow SAE authentication
-#    only with SAE-PK)
-# 2: disable SAE-PK (allow SAE authentication only without SAE-PK)
-#sae_pk=0
-
-# MAC address policy
-# 0 = use permanent MAC address
-# 1 = use random MAC address for each ESS connection
-# 2 = like 1, but maintain OUI (with local admin bit set)
-#mac_addr=0
-
-# disable_ht: Whether HT (802.11n) should be disabled.
-# 0 = HT enabled (if AP supports it)
-# 1 = HT disabled
-#
-# disable_ht40: Whether HT-40 (802.11n) should be disabled.
-# 0 = HT-40 enabled (if AP supports it)
-# 1 = HT-40 disabled
-#
-# disable_sgi: Whether SGI (short guard interval) should be disabled.
-# 0 = SGI enabled (if AP supports it)
-# 1 = SGI disabled
-#
-# disable_ldpc: Whether LDPC should be disabled.
-# 0 = LDPC enabled (if AP supports it)
-# 1 = LDPC disabled
-#
-# ht40_intolerant: Whether 40 MHz intolerant should be indicated.
-# 0 = 40 MHz tolerant (default)
-# 1 = 40 MHz intolerant
-#
-# ht_mcs:  Configure allowed MCS rates.
-#  Parsed as an array of bytes, in base-16 (ascii-hex)
-# ht_mcs=""                                   // Use all available (default)
-# ht_mcs="0xff 00 00 00 00 00 00 00 00 00 "   // Use MCS 0-7 only
-# ht_mcs="0xff ff 00 00 00 00 00 00 00 00 "   // Use MCS 0-15 only
-#
-# disable_max_amsdu:  Whether MAX_AMSDU should be disabled.
-# -1 = Do not make any changes.
-# 0  = Enable MAX-AMSDU if hardware supports it.
-# 1  = Disable AMSDU
-#
-# ampdu_factor: Maximum A-MPDU Length Exponent
-# Value: 0-3, see 7.3.2.56.3 in IEEE Std 802.11n-2009.
-#
-# ampdu_density:  Allow overriding AMPDU density configuration.
-#  Treated as hint by the kernel.
-# -1 = Do not make any changes.
-# 0-3 = Set AMPDU density (aka factor) to specified value.
-#
-# tx_stbc: Allow overriding STBC support for TX streams
-# Value: 0-1, see IEEE Std 802.11-2016, 9.4.2.56.2.
-# -1 = Do not make any changes (default)
-# 0 = Set if not supported
-# 1 = Set if supported
-#
-# rx_stbc: Allow overriding STBC support for RX streams
-# Value: 0-3, see IEEE Std 802.11-2016, 9.4.2.56.2.
-# -1 = Do not make any changes (default)
-# 0 = Set if not supported
-# 1 = Set for support of one spatial stream
-# 2 = Set for support of one and two spatial streams
-# 3 = Set for support of one, two and three spatial streams
-
-# disable_vht: Whether VHT should be disabled.
-# 0 = VHT enabled (if AP supports it)
-# 1 = VHT disabled
-#
-# vht_capa: VHT capabilities to set in the override
-# vht_capa_mask: mask of VHT capabilities
-#
-# vht_rx_mcs_nss_1/2/3/4/5/6/7/8: override the MCS set for RX NSS 1-8
-# vht_tx_mcs_nss_1/2/3/4/5/6/7/8: override the MCS set for TX NSS 1-8
-#  0: MCS 0-7
-#  1: MCS 0-8
-#  2: MCS 0-9
-#  3: not supported
-
-# multi_ap_backhaul_sta: Multi-AP backhaul STA functionality
-# 0 = normal STA (default)
-# 1 = backhaul STA
-# A backhaul STA sends the Multi-AP IE, fails to associate if the AP does not
-# support Multi-AP, and sets 4-address mode if it does. Thus, the netdev can be
-# added to a bridge to allow forwarding frames over this backhaul link.
-
-##### Fast Session Transfer (FST) support #####################################
-#
-# The options in this section are only available when the build configuration
-# option CONFIG_FST is set while compiling wpa_supplicant. They allow this
-# interface to be a part of FST setup.
-#
-# FST is the transfer of a session from a channel to another channel, in the
-# same or different frequency bands.
-#
-# For details, see IEEE Std 802.11ad-2012.
-
-# Identifier of an FST Group  the interface belongs to.
-#fst_group_id=bond0
-
-# Interface priority within the FST Group.
-# Announcing a higher priority for an interface means declaring it more
-# preferable for FST switch.
-# fst_priority is in 1..255 range with 1 being the lowest priority.
-#fst_priority=100
-
-# Default LLT value for this interface in milliseconds. The value used in case
-# no value provided during session setup. Default is 50 msec.
-# fst_llt is in 1..4294967 range (due to spec limitation, see 10.32.2.2
-# Transitioning between states).
-#fst_llt=100
-
-# BSS Transition Management
-# disable_btm - Disable BSS transition management in STA
-# Set to 0 to enable BSS transition management (default behavior)
-# Set to 1 to disable BSS transition management
-#disable_btm=0
-
-# Enable EDMG capability in STA/AP mode, default value is false
-#enable_edmg=1
-
-# This value is used to configure the channel bonding feature.
-# Default value is 0.
-# Relevant only if enable_edmg is true
-# In AP mode it defines the EDMG channel to use for AP operation.
-# In STA mode it defines the EDMG channel for connection (if supported by AP).
-#edmg_channel=9
-
-# Example blocks:
-
-# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
-network={
-	ssid="simple"
-	psk="very secret passphrase"
-	priority=5
-}
-
-# Same as previous, but request SSID-specific scanning (for APs that reject
-# broadcast SSID)
-network={
-	ssid="second ssid"
-	scan_ssid=1
-	psk="very secret passphrase"
-	priority=2
-}
-
-# Only WPA-PSK is used. Any valid cipher combination is accepted.
-network={
-	ssid="example"
-	proto=WPA
-	key_mgmt=WPA-PSK
-	pairwise=CCMP TKIP
-	group=CCMP TKIP WEP104 WEP40
-	psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
-	priority=2
-}
-
-# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying
-network={
-	ssid="example"
-	proto=WPA
-	key_mgmt=WPA-PSK
-	pairwise=TKIP
-	group=TKIP
-	psk="not so secure passphrase"
-	wpa_ptk_rekey=600
-}
-
-# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
-# or WEP40 as the group cipher will not be accepted.
-network={
-	ssid="example"
-	proto=RSN
-	key_mgmt=WPA-EAP
-	pairwise=CCMP TKIP
-	group=CCMP TKIP
-	eap=TLS
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	priority=1
-}
-
-# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
-# (e.g., Radiator)
-network={
-	ssid="example"
-	key_mgmt=WPA-EAP
-	eap=PEAP
-	identity="user@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	phase1="peaplabel=1"
-	phase2="auth=MSCHAPV2"
-	priority=10
-}
-
-# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
-# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
-network={
-	ssid="example"
-	key_mgmt=WPA-EAP
-	eap=TTLS
-	identity="user@example.com"
-	anonymous_identity="anonymous@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	priority=2
-}
-
-# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
-# use. Real identity is sent only within an encrypted TLS tunnel.
-network={
-	ssid="example"
-	key_mgmt=WPA-EAP
-	eap=TTLS
-	identity="user@example.com"
-	anonymous_identity="anonymous@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	phase2="auth=MSCHAPV2"
-}
-
-# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
-# authentication.
-network={
-	ssid="example"
-	key_mgmt=WPA-EAP
-	eap=TTLS
-	# Phase1 / outer authentication
-	anonymous_identity="anonymous@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	# Phase 2 / inner authentication
-	phase2="autheap=TLS"
-	ca_cert2="/etc/cert/ca2.pem"
-	client_cert2="/etc/cer/user.pem"
-	private_key2="/etc/cer/user.prv"
-	private_key2_passwd="password"
-	priority=2
-}
-
-# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
-# group cipher.
-network={
-	ssid="example"
-	bssid=00:11:22:33:44:55
-	proto=WPA RSN
-	key_mgmt=WPA-PSK WPA-EAP
-	pairwise=CCMP
-	group=CCMP
-	psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
-}
-
-# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
-# and all valid ciphers.
-network={
-	ssid=00010203
-	psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
-}
-
-
-# EAP-SIM with a GSM SIM or USIM
-network={
-	ssid="eap-sim-test"
-	key_mgmt=WPA-EAP
-	eap=SIM
-	pin="1234"
-	pcsc=""
-}
-
-
-# EAP-PSK
-network={
-	ssid="eap-psk-test"
-	key_mgmt=WPA-EAP
-	eap=PSK
-	anonymous_identity="eap_psk_user"
-	password=06b4be19da289f475aa46a33cb793029
-	identity="eap_psk_user@example.com"
-}
-
-
-# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
-# EAP-TLS for authentication and key generation; require both unicast and
-# broadcast WEP keys.
-network={
-	ssid="1x-test"
-	key_mgmt=IEEE8021X
-	eap=TLS
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	eapol_flags=3
-}
-
-
-# LEAP with dynamic WEP keys
-network={
-	ssid="leap-example"
-	key_mgmt=IEEE8021X
-	eap=LEAP
-	identity="user"
-	password="foobar"
-}
-
-# EAP-IKEv2 using shared secrets for both server and peer authentication
-network={
-	ssid="ikev2-example"
-	key_mgmt=WPA-EAP
-	eap=IKEV2
-	identity="user"
-	password="foobar"
-}
-
-# EAP-FAST with WPA (WPA or WPA2)
-network={
-	ssid="eap-fast-test"
-	key_mgmt=WPA-EAP
-	eap=FAST
-	anonymous_identity="FAST-000102030405"
-	identity="username"
-	password="password"
-	phase1="fast_provisioning=1"
-	pac_file="/etc/wpa_supplicant.eap-fast-pac"
-}
-
-network={
-	ssid="eap-fast-test"
-	key_mgmt=WPA-EAP
-	eap=FAST
-	anonymous_identity="FAST-000102030405"
-	identity="username"
-	password="password"
-	phase1="fast_provisioning=1"
-	pac_file="blob://eap-fast-pac"
-}
-
-# Plaintext connection (no WPA, no IEEE 802.1X)
-network={
-	ssid="plaintext-test"
-	key_mgmt=NONE
-}
-
-
-# Shared WEP key connection (no WPA, no IEEE 802.1X)
-network={
-	ssid="static-wep-test"
-	key_mgmt=NONE
-	wep_key0="abcde"
-	wep_key1=0102030405
-	wep_key2="1234567890123"
-	wep_tx_keyidx=0
-	priority=5
-}
-
-
-# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
-# IEEE 802.11 authentication
-network={
-	ssid="static-wep-test2"
-	key_mgmt=NONE
-	wep_key0="abcde"
-	wep_key1=0102030405
-	wep_key2="1234567890123"
-	wep_tx_keyidx=0
-	priority=5
-	auth_alg=SHARED
-}
-
-
-# IBSS/ad-hoc network with RSN
-network={
-	ssid="ibss-rsn"
-	key_mgmt=WPA-PSK
-	proto=RSN
-	psk="12345678"
-	mode=1
-	frequency=2412
-	pairwise=CCMP
-	group=CCMP
-}
-
-# IBSS/ad-hoc network with WPA-None/TKIP (deprecated)
-network={
-	ssid="test adhoc"
-	mode=1
-	frequency=2412
-	proto=WPA
-	key_mgmt=WPA-NONE
-	pairwise=NONE
-	group=TKIP
-	psk="secret passphrase"
-}
-
-# open mesh network
-network={
-	ssid="test mesh"
-	mode=5
-	frequency=2437
-	key_mgmt=NONE
-}
-
-# secure (SAE + AMPE) network
-network={
-	ssid="secure mesh"
-	mode=5
-	frequency=2437
-	key_mgmt=SAE
-	psk="very secret passphrase"
-}
-
-
-# Catch all example that allows more or less all configuration modes
-network={
-	ssid="example"
-	scan_ssid=1
-	key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
-	pairwise=CCMP TKIP
-	group=CCMP TKIP WEP104 WEP40
-	psk="very secret passphrase"
-	eap=TTLS PEAP TLS
-	identity="user@example.com"
-	password="foobar"
-	ca_cert="/etc/cert/ca.pem"
-	client_cert="/etc/cert/user.pem"
-	private_key="/etc/cert/user.prv"
-	private_key_passwd="password"
-	phase1="peaplabel=0"
-}
-
-# Example of EAP-TLS with smartcard (openssl engine)
-network={
-	ssid="example"
-	key_mgmt=WPA-EAP
-	eap=TLS
-	proto=RSN
-	pairwise=CCMP TKIP
-	group=CCMP TKIP
-	identity="user@example.com"
-	ca_cert="/etc/cert/ca.pem"
-
-	# Certificate and/or key identified by PKCS#11 URI (RFC7512)
-	client_cert="pkcs11:manufacturer=piv_II;id=%01"
-	private_key="pkcs11:manufacturer=piv_II;id=%01"
-
-	# Optional PIN configuration; this can be left out and PIN will be
-	# asked through the control interface
-	pin="1234"
-}
-
-# Example configuration showing how to use an inlined blob as a CA certificate
-# data instead of using external file
-network={
-	ssid="example"
-	key_mgmt=WPA-EAP
-	eap=TTLS
-	identity="user@example.com"
-	anonymous_identity="anonymous@example.com"
-	password="foobar"
-	ca_cert="blob://exampleblob"
-	priority=20
-}
-
-blob-base64-exampleblob={
-SGVsbG8gV29ybGQhCg==
-}
-
-
-# Wildcard match for SSID (plaintext APs only). This example select any
-# open AP regardless of its SSID.
-network={
-	key_mgmt=NONE
-}
-
-# Example configuration ignoring two APs - these will be ignored
-# for this network.
-network={
-	ssid="example"
-	psk="very secret passphrase"
-	bssid_ignore=02:11:22:33:44:55 02:22:aa:44:55:66
-}
-
-# Example configuration limiting AP selection to a specific set of APs;
-# any other AP not matching the masked address will be ignored.
-network={
-	ssid="example"
-	psk="very secret passphrase"
-	bssid_accept=02:55:ae:bc:00:00/ff:ff:ff:ff:00:00 00:00:77:66:55:44/00:00:ff:ff:ff:ff
-}
-
-# Example config file that will only scan on channel 36.
-freq_list=5180
-network={
-	key_mgmt=NONE
-}
-
-
-# Example configuration using EAP-TTLS for authentication and key
-# generation for MACsec
-network={
-	key_mgmt=IEEE8021X
-	eap=TTLS
-	phase2="auth=PAP"
-	anonymous_identity="anonymous@example.com"
-	identity="user@example.com"
-	password="secretr"
-	ca_cert="/etc/cert/ca.pem"
-	eapol_flags=0
-	macsec_policy=1
-}
-
-# Example configuration for MACsec with preshared key
-network={
-	key_mgmt=NONE
-	eapol_flags=0
-	macsec_policy=1
-	mka_cak=0123456789ABCDEF0123456789ABCDEF
-	mka_ckn=6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
-	mka_priority=128
-}
diff --git a/wpa_supplicant/wpa_supplicant_conf.mk b/wpa_supplicant/wpa_supplicant_conf.mk
deleted file mode 100644
index 74986ea6e628..000000000000
--- a/wpa_supplicant/wpa_supplicant_conf.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-#
-
-# Include this makefile to generate your hardware specific wpa_supplicant.conf
-# Requires: WIFI_DRIVER_SOCKET_IFACE
-
-LOCAL_PATH := $(call my-dir)
-
-########################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := wpa_supplicant.conf
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/wifi
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-WPA_SUPPLICANT_CONF_TEMPLATE := $(LOCAL_PATH)/wpa_supplicant_template.conf
-WPA_SUPPLICANT_CONF_SCRIPT := $(LOCAL_PATH)/wpa_supplicant_conf.sh
-$(LOCAL_BUILT_MODULE): PRIVATE_WIFI_DRIVER_SOCKET_IFACE := $(WIFI_DRIVER_SOCKET_IFACE)
-$(LOCAL_BUILT_MODULE): PRIVATE_WPA_SUPPLICANT_CONF_TEMPLATE := $(WPA_SUPPLICANT_CONF_TEMPLATE)
-$(LOCAL_BUILT_MODULE): PRIVATE_WPA_SUPPLICANT_CONF_SCRIPT := $(WPA_SUPPLICANT_CONF_SCRIPT)
-$(LOCAL_BUILT_MODULE) : $(WPA_SUPPLICANT_CONF_TEMPLATE) $(WPA_SUPPLICANT_CONF_SCRIPT)
-	@echo Target wpa_supplicant.conf: $@
-	@mkdir -p $(dir $@)
-	$(hide) WIFI_DRIVER_SOCKET_IFACE="$(PRIVATE_WIFI_DRIVER_SOCKET_IFACE)" \
-		bash $(PRIVATE_WPA_SUPPLICANT_CONF_SCRIPT) $(PRIVATE_WPA_SUPPLICANT_CONF_TEMPLATE) > $@
-
-########################
diff --git a/wpa_supplicant/wpa_supplicant_conf.sh b/wpa_supplicant/wpa_supplicant_conf.sh
deleted file mode 100755
index f36eef153c20..000000000000
--- a/wpa_supplicant/wpa_supplicant_conf.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-#
-
-# Generate a wpa_supplicant.conf from the template.
-# $1: the template file name
-if [ -n "$WIFI_DRIVER_SOCKET_IFACE" ]
-then
-  sed -e 's/#.*$//' -e 's/[ \t]*$//' -e '/^$/d' < $1 | sed -e "s/wlan0/$WIFI_DRIVER_SOCKET_IFACE/"
-else
-  sed -e 's/#.*$//' -e 's/[ \t]*$//' -e '/^$/d' < $1
-fi
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
deleted file mode 100644
index 5fa765fda25c..000000000000
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ /dev/null
@@ -1,1889 +0,0 @@
-/*
- * wpa_supplicant - Internal definitions
- * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPA_SUPPLICANT_I_H
-#define WPA_SUPPLICANT_I_H
-
-#include "utils/bitfield.h"
-#include "utils/list.h"
-#include "common/defs.h"
-#include "common/sae.h"
-#include "common/wpa_ctrl.h"
-#include "crypto/sha384.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "wps/wps_defs.h"
-#include "config_ssid.h"
-#include "wmm_ac.h"
-
-extern const char *const wpa_supplicant_version;
-extern const char *const wpa_supplicant_license;
-#ifndef CONFIG_NO_STDOUT_DEBUG
-extern const char *const wpa_supplicant_full_license1;
-extern const char *const wpa_supplicant_full_license2;
-extern const char *const wpa_supplicant_full_license3;
-extern const char *const wpa_supplicant_full_license4;
-extern const char *const wpa_supplicant_full_license5;
-#endif /* CONFIG_NO_STDOUT_DEBUG */
-
-struct wpa_sm;
-struct wpa_supplicant;
-struct ibss_rsn;
-struct scan_info;
-struct wpa_bss;
-struct wpa_scan_results;
-struct hostapd_hw_modes;
-struct wpa_driver_associate_params;
-struct wpa_cred;
-
-/*
- * Forward declarations of private structures used within the ctrl_iface
- * backends. Other parts of wpa_supplicant do not have access to data stored in
- * these structures.
- */
-struct ctrl_iface_priv;
-struct ctrl_iface_global_priv;
-struct wpas_dbus_priv;
-struct wpas_binder_priv;
-
-/**
- * struct wpa_interface - Parameters for wpa_supplicant_add_iface()
- */
-struct wpa_interface {
-	/**
-	 * confname - Configuration name (file or profile) name
-	 *
-	 * This can also be %NULL when a configuration file is not used. In
-	 * that case, ctrl_interface must be set to allow the interface to be
-	 * configured.
-	 */
-	const char *confname;
-
-	/**
-	 * confanother - Additional configuration name (file or profile) name
-	 *
-	 * This can also be %NULL when the additional configuration file is not
-	 * used.
-	 */
-	const char *confanother;
-
-	/**
-	 * ctrl_interface - Control interface parameter
-	 *
-	 * If a configuration file is not used, this variable can be used to
-	 * set the ctrl_interface parameter that would have otherwise been read
-	 * from the configuration file. If both confname and ctrl_interface are
-	 * set, ctrl_interface is used to override the value from configuration
-	 * file.
-	 */
-	const char *ctrl_interface;
-
-	/**
-	 * driver - Driver interface name, or %NULL to use the default driver
-	 */
-	const char *driver;
-
-	/**
-	 * driver_param - Driver interface parameters
-	 *
-	 * If a configuration file is not used, this variable can be used to
-	 * set the driver_param parameters that would have otherwise been read
-	 * from the configuration file. If both confname and driver_param are
-	 * set, driver_param is used to override the value from configuration
-	 * file.
-	 */
-	const char *driver_param;
-
-	/**
-	 * ifname - Interface name
-	 */
-	const char *ifname;
-
-	/**
-	 * bridge_ifname - Optional bridge interface name
-	 *
-	 * If the driver interface (ifname) is included in a Linux bridge
-	 * device, the bridge interface may need to be used for receiving EAPOL
-	 * frames. This can be enabled by setting this variable to enable
-	 * receiving of EAPOL frames from an additional interface.
-	 */
-	const char *bridge_ifname;
-
-	/**
-	 * p2p_mgmt - Interface used for P2P management (P2P Device operations)
-	 *
-	 * Indicates whether wpas_p2p_init() must be called for this interface.
-	 * This is used only when the driver supports a dedicated P2P Device
-	 * interface that is not a network interface.
-	 */
-	int p2p_mgmt;
-
-#ifdef CONFIG_MATCH_IFACE
-	/**
-	 * matched - Interface was matched rather than specified
-	 *
-	 */
-	enum {
-		WPA_IFACE_NOT_MATCHED,
-		WPA_IFACE_MATCHED_NULL,
-		WPA_IFACE_MATCHED
-	} matched;
-#endif /* CONFIG_MATCH_IFACE */
-};
-
-/**
- * struct wpa_params - Parameters for wpa_supplicant_init()
- */
-struct wpa_params {
-	/**
-	 * daemonize - Run %wpa_supplicant in the background
-	 */
-	int daemonize;
-
-	/**
-	 * wait_for_monitor - Wait for a monitor program before starting
-	 */
-	int wait_for_monitor;
-
-	/**
-	 * pid_file - Path to a PID (process ID) file
-	 *
-	 * If this and daemonize are set, process ID of the background process
-	 * will be written to the specified file.
-	 */
-	char *pid_file;
-
-	/**
-	 * wpa_debug_level - Debugging verbosity level (e.g., MSG_INFO)
-	 */
-	int wpa_debug_level;
-
-	/**
-	 * wpa_debug_show_keys - Whether keying material is included in debug
-	 *
-	 * This parameter can be used to allow keying material to be included
-	 * in debug messages. This is a security risk and this option should
-	 * not be enabled in normal configuration. If needed during
-	 * development or while troubleshooting, this option can provide more
-	 * details for figuring out what is happening.
-	 */
-	int wpa_debug_show_keys;
-
-	/**
-	 * wpa_debug_timestamp - Whether to include timestamp in debug messages
-	 */
-	int wpa_debug_timestamp;
-
-	/**
-	 * ctrl_interface - Global ctrl_iface path/parameter
-	 */
-	char *ctrl_interface;
-
-	/**
-	 * ctrl_interface_group - Global ctrl_iface group
-	 */
-	char *ctrl_interface_group;
-
-	/**
-	 * dbus_ctrl_interface - Enable the DBus control interface
-	 */
-	int dbus_ctrl_interface;
-
-	/**
-	 * wpa_debug_file_path - Path of debug file or %NULL to use stdout
-	 */
-	const char *wpa_debug_file_path;
-
-	/**
-	 * wpa_debug_syslog - Enable log output through syslog
-	 */
-	int wpa_debug_syslog;
-
-	/**
-	 * wpa_debug_tracing - Enable log output through Linux tracing
-	 */
-	int wpa_debug_tracing;
-
-	/**
-	 * override_driver - Optional driver parameter override
-	 *
-	 * This parameter can be used to override the driver parameter in
-	 * dynamic interface addition to force a specific driver wrapper to be
-	 * used instead.
-	 */
-	char *override_driver;
-
-	/**
-	 * override_ctrl_interface - Optional ctrl_interface override
-	 *
-	 * This parameter can be used to override the ctrl_interface parameter
-	 * in dynamic interface addition to force a control interface to be
-	 * created.
-	 */
-	char *override_ctrl_interface;
-
-	/**
-	 * entropy_file - Optional entropy file
-	 *
-	 * This parameter can be used to configure wpa_supplicant to maintain
-	 * its internal entropy store over restarts.
-	 */
-	char *entropy_file;
-
-#ifdef CONFIG_P2P
-	/**
-	 * conf_p2p_dev - Configuration file used to hold the
-	 * P2P Device configuration parameters.
-	 *
-	 * This can also be %NULL. In such a case, if a P2P Device dedicated
-	 * interfaces is created, the main configuration file will be used.
-	 */
-	char *conf_p2p_dev;
-#endif /* CONFIG_P2P */
-
-#ifdef CONFIG_MATCH_IFACE
-	/**
-	 * match_ifaces - Interface descriptions to match
-	 */
-	struct wpa_interface *match_ifaces;
-
-	/**
-	 * match_iface_count - Number of defined matching interfaces
-	 */
-	int match_iface_count;
-#endif /* CONFIG_MATCH_IFACE */
-};
-
-struct p2p_srv_bonjour {
-	struct dl_list list;
-	struct wpabuf *query;
-	struct wpabuf *resp;
-};
-
-struct p2p_srv_upnp {
-	struct dl_list list;
-	u8 version;
-	char *service;
-};
-
-/**
- * struct wpa_global - Internal, global data for all %wpa_supplicant interfaces
- *
- * This structure is initialized by calling wpa_supplicant_init() when starting
- * %wpa_supplicant.
- */
-struct wpa_global {
-	struct wpa_supplicant *ifaces;
-	struct wpa_params params;
-	struct ctrl_iface_global_priv *ctrl_iface;
-	struct wpas_dbus_priv *dbus;
-	struct wpas_binder_priv *binder;
-	void **drv_priv;
-	size_t drv_count;
-	struct os_time suspend_time;
-	struct p2p_data *p2p;
-	struct wpa_supplicant *p2p_init_wpa_s;
-	struct wpa_supplicant *p2p_group_formation;
-	struct wpa_supplicant *p2p_invite_group;
-	u8 p2p_dev_addr[ETH_ALEN];
-	struct os_reltime p2p_go_wait_client;
-	struct dl_list p2p_srv_bonjour; /* struct p2p_srv_bonjour */
-	struct dl_list p2p_srv_upnp; /* struct p2p_srv_upnp */
-	int p2p_disabled;
-	int cross_connection;
-	int p2p_long_listen; /* remaining time in long Listen state in ms */
-	struct wpa_freq_range_list p2p_disallow_freq;
-	struct wpa_freq_range_list p2p_go_avoid_freq;
-	enum wpa_conc_pref {
-		WPA_CONC_PREF_NOT_SET,
-		WPA_CONC_PREF_STA,
-		WPA_CONC_PREF_P2P
-	} conc_pref;
-	unsigned int p2p_per_sta_psk:1;
-	unsigned int p2p_fail_on_wps_complete:1;
-	unsigned int p2p_24ghz_social_channels:1;
-	unsigned int pending_p2ps_group:1;
-	unsigned int pending_group_iface_for_p2ps:1;
-	unsigned int pending_p2ps_group_freq;
-
-#ifdef CONFIG_WIFI_DISPLAY
-	int wifi_display;
-#define MAX_WFD_SUBELEMS 12
-	struct wpabuf *wfd_subelem[MAX_WFD_SUBELEMS];
-#endif /* CONFIG_WIFI_DISPLAY */
-
-	struct psk_list_entry *add_psk; /* From group formation */
-};
-
-
-/**
- * struct wpa_radio - Internal data for per-radio information
- *
- * This structure is used to share data about configured interfaces
- * (struct wpa_supplicant) that share the same physical radio, e.g., to allow
- * better coordination of offchannel operations.
- */
-struct wpa_radio {
-	char name[16]; /* from driver_ops get_radio_name() or empty if not
-			* available */
-	/** NULL if no external scan running. */
-	struct wpa_supplicant *external_scan_req_interface;
-	unsigned int num_active_works;
-	struct dl_list ifaces; /* struct wpa_supplicant::radio_list entries */
-	struct dl_list work; /* struct wpa_radio_work::list entries */
-};
-
-/**
- * Checks whether an external scan is running on a given radio.
- * @radio: Pointer to radio struct
- * Returns: true if an external scan is running, false otherwise.
- */
-static inline bool external_scan_running(struct wpa_radio *radio)
-{
-	return radio && radio->external_scan_req_interface;
-}
-
-#define MAX_ACTIVE_WORKS 2
-
-
-/**
- * struct wpa_radio_work - Radio work item
- */
-struct wpa_radio_work {
-	struct dl_list list;
-	unsigned int freq; /* known frequency (MHz) or 0 for multiple/unknown */
-	const char *type;
-	struct wpa_supplicant *wpa_s;
-	void (*cb)(struct wpa_radio_work *work, int deinit);
-	void *ctx;
-	unsigned int started:1;
-	struct os_reltime time;
-	unsigned int bands;
-};
-
-int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
-		   const char *type, int next,
-		   void (*cb)(struct wpa_radio_work *work, int deinit),
-		   void *ctx);
-void radio_work_done(struct wpa_radio_work *work);
-void radio_remove_works(struct wpa_supplicant *wpa_s,
-			const char *type, int remove_all);
-void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx);
-void radio_work_check_next(struct wpa_supplicant *wpa_s);
-struct wpa_radio_work *
-radio_work_pending(struct wpa_supplicant *wpa_s, const char *type);
-
-struct wpa_connect_work {
-	unsigned int sme:1;
-	unsigned int bss_removed:1;
-	struct wpa_bss *bss;
-	struct wpa_ssid *ssid;
-};
-
-int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
-			struct wpa_ssid *test_ssid);
-void wpas_connect_work_free(struct wpa_connect_work *cwork);
-void wpas_connect_work_done(struct wpa_supplicant *wpa_s);
-
-struct wpa_external_work {
-	unsigned int id;
-	char type[100];
-	unsigned int timeout;
-};
-
-enum wpa_radio_work_band wpas_freq_to_band(int freq);
-unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs);
-
-/**
- * offchannel_send_action_result - Result of offchannel send Action frame
- */
-enum offchannel_send_action_result {
-	OFFCHANNEL_SEND_ACTION_SUCCESS /**< Frame was send and acknowledged */,
-	OFFCHANNEL_SEND_ACTION_NO_ACK /**< Frame was sent, but not acknowledged
-				       */,
-	OFFCHANNEL_SEND_ACTION_FAILED /**< Frame was not sent due to a failure
-				       */
-};
-
-struct wps_ap_info {
-	u8 bssid[ETH_ALEN];
-	enum wps_ap_info_type {
-		WPS_AP_NOT_SEL_REG,
-		WPS_AP_SEL_REG,
-		WPS_AP_SEL_REG_OUR
-	} type;
-	unsigned int tries;
-	struct os_reltime last_attempt;
-	unsigned int pbc_active;
-	u8 uuid[WPS_UUID_LEN];
-};
-
-#define WPA_FREQ_USED_BY_INFRA_STATION BIT(0)
-#define WPA_FREQ_USED_BY_P2P_CLIENT BIT(1)
-
-struct wpa_used_freq_data {
-	int freq;
-	unsigned int flags;
-};
-
-#define RRM_NEIGHBOR_REPORT_TIMEOUT 1 /* 1 second for AP to send a report */
-
-/*
- * struct rrm_data - Data used for managing RRM features
- */
-struct rrm_data {
-	/* rrm_used - indication regarding the current connection */
-	unsigned int rrm_used:1;
-
-	/*
-	 * notify_neighbor_rep - Callback for notifying report requester
-	 */
-	void (*notify_neighbor_rep)(void *ctx, struct wpabuf *neighbor_rep);
-
-	/*
-	 * neighbor_rep_cb_ctx - Callback context
-	 * Received in the callback registration, and sent to the callback
-	 * function as a parameter.
-	 */
-	void *neighbor_rep_cb_ctx;
-
-	/* next_neighbor_rep_token - Next request's dialog token */
-	u8 next_neighbor_rep_token;
-
-	/* token - Dialog token of the current radio measurement */
-	u8 token;
-
-	/* destination address of the current radio measurement request */
-	u8 dst_addr[ETH_ALEN];
-};
-
-enum wpa_supplicant_test_failure {
-	WPAS_TEST_FAILURE_NONE,
-	WPAS_TEST_FAILURE_SCAN_TRIGGER,
-};
-
-struct icon_entry {
-	struct dl_list list;
-	u8 bssid[ETH_ALEN];
-	u8 dialog_token;
-	char *file_name;
-	u8 *image;
-	size_t image_len;
-};
-
-struct wpa_bss_tmp_disallowed {
-	struct dl_list list;
-	u8 bssid[ETH_ALEN];
-	int rssi_threshold;
-};
-
-struct beacon_rep_data {
-	u8 token;
-	u8 last_indication;
-	struct wpa_driver_scan_params scan_params;
-	u8 ssid[SSID_MAX_LEN];
-	size_t ssid_len;
-	u8 bssid[ETH_ALEN];
-	enum beacon_report_detail report_detail;
-	struct bitfield *eids;
-};
-
-
-struct external_pmksa_cache {
-	struct dl_list list;
-	void *pmksa_cache;
-};
-
-struct fils_hlp_req {
-	struct dl_list list;
-	u8 dst[ETH_ALEN];
-	struct wpabuf *pkt;
-};
-
-struct driver_signal_override {
-	struct dl_list list;
-	u8 bssid[ETH_ALEN];
-	int si_current_signal;
-	int si_avg_signal;
-	int si_avg_beacon_signal;
-	int si_current_noise;
-	int scan_level;
-};
-
-struct robust_av_data {
-	u8 dialog_token;
-	enum scs_request_type request_type;
-	u8 up_bitmap;
-	u8 up_limit;
-	u32 stream_timeout;
-	u8 frame_classifier[48];
-	size_t frame_classifier_len;
-	bool valid_config;
-};
-
-struct dscp_policy_status {
-	u8 id;
-	u8 status;
-};
-
-struct dscp_resp_data {
-	bool more;
-	bool reset;
-	bool solicited;
-	struct dscp_policy_status *policy;
-	int num_policies;
-};
-
-#ifdef CONFIG_PASN
-
-struct pasn_fils {
-	u8 nonce[FILS_NONCE_LEN];
-	u8 anonce[FILS_NONCE_LEN];
-	u8 session[FILS_SESSION_LEN];
-	u8 erp_pmkid[PMKID_LEN];
-	bool completed;
-};
-
-struct wpas_pasn {
-	int akmp;
-	int cipher;
-	u16 group;
-	int freq;
-	size_t kdk_len;
-
-	u8 trans_seq;
-	u8 status;
-
-	u8 bssid[ETH_ALEN];
-	size_t pmk_len;
-	u8 pmk[PMK_LEN_MAX];
-	bool using_pmksa;
-
-	u8 hash[SHA384_MAC_LEN];
-
-	struct wpabuf *beacon_rsne_rsnxe;
-	struct wpa_ptk ptk;
-	struct crypto_ecdh *ecdh;
-
-	struct wpabuf *comeback;
-	u16 comeback_after;
-
-#ifdef CONFIG_SAE
-	struct sae_data sae;
-#endif /* CONFIG_SAE */
-
-	struct wpa_ssid *ssid;
-
-#ifdef CONFIG_FILS
-	struct pasn_fils fils;
-#endif /* CONFIG_FILS */
-
-#ifdef CONFIG_IEEE80211R
-	u8 pmk_r1[PMK_LEN_MAX];
-	size_t pmk_r1_len;
-	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
-#endif /* CONFIG_IEEE80211R */
-};
-#endif /* CONFIG_PASN */
-
-
-enum ip_version {
-	IPV4 = 4,
-	IPV6 = 6,
-};
-
-
-struct ipv4_params {
-	struct in_addr src_ip;
-	struct in_addr dst_ip;
-	u16 src_port;
-	u16 dst_port;
-	u8 dscp;
-	u8 protocol;
-	u8 param_mask;
-};
-
-
-struct ipv6_params {
-	struct in6_addr src_ip;
-	struct in6_addr dst_ip;
-	u16 src_port;
-	u16 dst_port;
-	u8 dscp;
-	u8 next_header;
-	u8 flow_label[3];
-	u8 param_mask;
-};
-
-
-struct type4_params {
-	u8 classifier_mask;
-	enum ip_version ip_version;
-	union {
-		struct ipv4_params v4;
-		struct ipv6_params v6;
-	} ip_params;
-};
-
-
-struct type10_params {
-	u8 prot_instance;
-	u8 prot_number;
-	u8 *filter_value;
-	u8 *filter_mask;
-	size_t filter_len;
-};
-
-
-struct tclas_element {
-	u8 user_priority;
-	u8 classifier_type;
-	union {
-		struct type4_params type4_param;
-		struct type10_params type10_param;
-	} frame_classifier;
-};
-
-
-struct scs_desc_elem {
-	u8 scs_id;
-	enum scs_request_type request_type;
-	u8 intra_access_priority;
-	bool scs_up_avail;
-	struct tclas_element *tclas_elems;
-	unsigned int num_tclas_elem;
-	u8 tclas_processing;
-};
-
-
-struct scs_robust_av_data {
-	struct scs_desc_elem *scs_desc_elems;
-	unsigned int num_scs_desc;
-};
-
-
-enum scs_response_status {
-	SCS_DESC_SENT = 0,
-	SCS_DESC_SUCCESS = 1,
-};
-
-
-struct active_scs_elem {
-	struct dl_list list;
-	u8 scs_id;
-	enum scs_response_status status;
-};
-
-
-/**
- * struct wpa_supplicant - Internal data for wpa_supplicant interface
- *
- * This structure contains the internal data for core wpa_supplicant code. This
- * should be only used directly from the core code. However, a pointer to this
- * data is used from other files as an arbitrary context pointer in calls to
- * core functions.
- */
-struct wpa_supplicant {
-	struct wpa_global *global;
-	struct wpa_radio *radio; /* shared radio context */
-	struct dl_list radio_list; /* list head: struct wpa_radio::ifaces */
-	struct wpa_supplicant *parent;
-	struct wpa_supplicant *p2pdev;
-	struct wpa_supplicant *next;
-	struct l2_packet_data *l2;
-	struct l2_packet_data *l2_br;
-	struct os_reltime roam_start;
-	struct os_reltime roam_time;
-	struct os_reltime session_start;
-	struct os_reltime session_length;
-	unsigned char own_addr[ETH_ALEN];
-	unsigned char perm_addr[ETH_ALEN];
-	char ifname[100];
-#ifdef CONFIG_MATCH_IFACE
-	int matched;
-#endif /* CONFIG_MATCH_IFACE */
-#ifdef CONFIG_CTRL_IFACE_DBUS_NEW
-	char *dbus_new_path;
-	char *dbus_groupobj_path;
-#ifdef CONFIG_AP
-	char *preq_notify_peer;
-#endif /* CONFIG_AP */
-#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
-#ifdef CONFIG_CTRL_IFACE_BINDER
-	const void *binder_object_key;
-#endif /* CONFIG_CTRL_IFACE_BINDER */
-	char bridge_ifname[16];
-
-	char *confname;
-	char *confanother;
-
-	struct wpa_config *conf;
-	int countermeasures;
-	struct os_reltime last_michael_mic_error;
-	u8 bssid[ETH_ALEN];
-	u8 pending_bssid[ETH_ALEN]; /* If wpa_state == WPA_ASSOCIATING, this
-				     * field contains the target BSSID. */
-	int reassociate; /* reassociation requested */
-	bool roam_in_progress; /* roam in progress */
-	unsigned int reassoc_same_bss:1; /* reassociating to the same BSS */
-	unsigned int reassoc_same_ess:1; /* reassociating to the same ESS */
-	int disconnected; /* all connections disabled; i.e., do no reassociate
-			   * before this has been cleared */
-	struct wpa_ssid *current_ssid;
-	struct wpa_ssid *last_ssid;
-	struct wpa_bss *current_bss;
-	int ap_ies_from_associnfo;
-	unsigned int assoc_freq;
-	u8 *last_con_fail_realm;
-	size_t last_con_fail_realm_len;
-
-	/* Selected configuration (based on Beacon/ProbeResp WPA IE) */
-	int pairwise_cipher;
-	int deny_ptk0_rekey;
-	int group_cipher;
-	int key_mgmt;
-	int wpa_proto;
-	int mgmt_group_cipher;
-
-	void *drv_priv; /* private data used by driver_ops */
-	void *global_drv_priv;
-
-	u8 *bssid_filter;
-	size_t bssid_filter_count;
-
-	u8 *disallow_aps_bssid;
-	size_t disallow_aps_bssid_count;
-	struct wpa_ssid_value *disallow_aps_ssid;
-	size_t disallow_aps_ssid_count;
-
-	u32 setband_mask;
-
-	/* Preferred network for the next connection attempt */
-	struct wpa_ssid *next_ssid;
-
-	/* previous scan was wildcard when interleaving between
-	 * wildcard scans and specific SSID scan when max_ssids=1 */
-	int prev_scan_wildcard;
-	struct wpa_ssid *prev_scan_ssid; /* previously scanned SSID;
-					  * NULL = not yet initialized (start
-					  * with wildcard SSID)
-					  * WILDCARD_SSID_SCAN = wildcard
-					  * SSID was used in the previous scan
-					  */
-#define WILDCARD_SSID_SCAN ((struct wpa_ssid *) 1)
-
-	struct wpa_ssid *prev_sched_ssid; /* last SSID used in sched scan */
-	int sched_scan_timeout;
-	int first_sched_scan;
-	int sched_scan_timed_out;
-	struct sched_scan_plan *sched_scan_plans;
-	size_t sched_scan_plans_num;
-
-	void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
-				 struct wpa_scan_results *scan_res);
-	void (*scan_res_fail_handler)(struct wpa_supplicant *wpa_s);
-	struct dl_list bss; /* struct wpa_bss::list */
-	struct dl_list bss_id; /* struct wpa_bss::list_id */
-	size_t num_bss;
-	unsigned int bss_update_idx;
-	unsigned int bss_next_id;
-
-	 /*
-	  * Pointers to BSS entries in the order they were in the last scan
-	  * results.
-	  */
-	struct wpa_bss **last_scan_res;
-	size_t last_scan_res_used;
-	size_t last_scan_res_size;
-	struct os_reltime last_scan;
-
-	const struct wpa_driver_ops *driver;
-	int interface_removed; /* whether the network interface has been
-				* removed */
-	struct wpa_sm *wpa;
-	struct ptksa_cache *ptksa;
-
-	struct eapol_sm *eapol;
-
-	struct ctrl_iface_priv *ctrl_iface;
-
-	enum wpa_states wpa_state;
-	struct wpa_radio_work *scan_work;
-	int scanning;
-	int sched_scanning;
-	unsigned int sched_scan_stop_req:1;
-	int new_connection;
-
-	int eapol_received; /* number of EAPOL packets received after the
-			     * previous association event */
-
-	u8 rsnxe[20];
-	size_t rsnxe_len;
-
-	struct scard_data *scard;
-	char imsi[20];
-	int mnc_len;
-
-	unsigned char last_eapol_src[ETH_ALEN];
-
-	unsigned int keys_cleared; /* bitfield of key indexes that the driver is
-				    * known not to be configured with a key */
-
-	struct wpa_bssid_ignore *bssid_ignore;
-
-	/* Number of connection failures since last successful connection */
-	unsigned int consecutive_conn_failures;
-
-	/**
-	 * scan_req - Type of the scan request
-	 */
-	enum scan_req_type {
-		/**
-		 * NORMAL_SCAN_REQ - Normal scan request
-		 *
-		 * This is used for scans initiated by wpa_supplicant to find an
-		 * AP for a connection.
-		 */
-		NORMAL_SCAN_REQ,
-
-		/**
-		 * INITIAL_SCAN_REQ - Initial scan request
-		 *
-		 * This is used for the first scan on an interface to force at
-		 * least one scan to be run even if the configuration does not
-		 * include any enabled networks.
-		 */
-		INITIAL_SCAN_REQ,
-
-		/**
-		 * MANUAL_SCAN_REQ - Manual scan request
-		 *
-		 * This is used for scans where the user request a scan or
-		 * a specific wpa_supplicant operation (e.g., WPS) requires scan
-		 * to be run.
-		 */
-		MANUAL_SCAN_REQ
-	} scan_req, last_scan_req;
-	enum wpa_states scan_prev_wpa_state;
-	struct os_reltime scan_trigger_time, scan_start_time;
-	/* Minimum freshness requirement for connection purposes */
-	struct os_reltime scan_min_time;
-	int scan_runs; /* number of scan runs since WPS was started */
-	int *next_scan_freqs;
-	int *select_network_scan_freqs;
-	int *manual_scan_freqs;
-	int *manual_sched_scan_freqs;
-	unsigned int manual_scan_passive:1;
-	unsigned int manual_scan_use_id:1;
-	unsigned int manual_scan_only_new:1;
-	unsigned int own_scan_requested:1;
-	unsigned int own_scan_running:1;
-	unsigned int clear_driver_scan_cache:1;
-	unsigned int manual_scan_id;
-	int scan_interval; /* time in sec between scans to find suitable AP */
-	int normal_scans; /* normal scans run before sched_scan */
-	int scan_for_connection; /* whether the scan request was triggered for
-				  * finding a connection */
-	/*
-	 * A unique cookie representing the vendor scan request. This cookie is
-	 * returned from the driver interface. 0 indicates that there is no
-	 * pending vendor scan request.
-	 */
-	u64 curr_scan_cookie;
-#define MAX_SCAN_ID 16
-	int scan_id[MAX_SCAN_ID];
-	unsigned int scan_id_count;
-	u8 next_scan_bssid[ETH_ALEN];
-	unsigned int next_scan_bssid_wildcard_ssid:1;
-
-	struct wpa_ssid_value *ssids_from_scan_req;
-	unsigned int num_ssids_from_scan_req;
-	int *last_scan_freqs;
-	unsigned int num_last_scan_freqs;
-	unsigned int suitable_network;
-	unsigned int no_suitable_network;
-
-	u64 drv_flags;
-	u64 drv_flags2;
-	unsigned int drv_enc;
-	unsigned int drv_rrm_flags;
-
-	/*
-	 * A bitmap of supported protocols for probe response offload. See
-	 * struct wpa_driver_capa in driver.h
-	 */
-	unsigned int probe_resp_offloads;
-
-	/* extended capabilities supported by the driver */
-	const u8 *extended_capa, *extended_capa_mask;
-	unsigned int extended_capa_len;
-
-	int max_scan_ssids;
-	int max_sched_scan_ssids;
-	unsigned int max_sched_scan_plans;
-	unsigned int max_sched_scan_plan_interval;
-	unsigned int max_sched_scan_plan_iterations;
-	int sched_scan_supported;
-	unsigned int max_match_sets;
-	unsigned int max_remain_on_chan;
-	unsigned int max_stations;
-
-	int pending_mic_error_report;
-	int pending_mic_error_pairwise;
-	int mic_errors_seen; /* Michael MIC errors with the current PTK */
-
-	struct wps_context *wps;
-	int wps_success; /* WPS success event received */
-	struct wps_er *wps_er;
-	unsigned int wps_run;
-	struct os_reltime wps_pin_start_time;
-	bool bssid_ignore_cleared;
-
-	struct wpabuf *pending_eapol_rx;
-	struct os_reltime pending_eapol_rx_time;
-	u8 pending_eapol_rx_src[ETH_ALEN];
-	unsigned int last_eapol_matches_bssid:1;
-	unsigned int eap_expected_failure:1;
-	unsigned int reattach:1; /* reassociation to the same BSS requested */
-	unsigned int mac_addr_changed:1;
-	unsigned int added_vif:1;
-	unsigned int wnmsleep_used:1;
-	unsigned int owe_transition_select:1;
-	unsigned int owe_transition_search:1;
-	unsigned int connection_set:1;
-	unsigned int connection_ht:1;
-	unsigned int connection_vht:1;
-	unsigned int connection_he:1;
-	unsigned int disable_mbo_oce:1;
-
-	struct os_reltime last_mac_addr_change;
-	int last_mac_addr_style;
-
-	struct ibss_rsn *ibss_rsn;
-
-	int set_sta_uapsd;
-	int sta_uapsd;
-	int set_ap_uapsd;
-	int ap_uapsd;
-	int auth_alg;
-	u16 last_owe_group;
-
-#ifdef CONFIG_SME
-	struct {
-		u8 ssid[SSID_MAX_LEN];
-		size_t ssid_len;
-		int freq;
-		u8 assoc_req_ie[1500];
-		size_t assoc_req_ie_len;
-		int mfp;
-		int ft_used;
-		u8 mobility_domain[2];
-		u8 *ft_ies;
-		size_t ft_ies_len;
-		u8 prev_bssid[ETH_ALEN];
-		int prev_bssid_set;
-		int auth_alg;
-		int proto;
-
-		int sa_query_count; /* number of pending SA Query requests;
-				     * 0 = no SA Query in progress */
-		int sa_query_timed_out;
-		u8 *sa_query_trans_id; /* buffer of WLAN_SA_QUERY_TR_ID_LEN *
-					* sa_query_count octets of pending
-					* SA Query transaction identifiers */
-		struct os_reltime sa_query_start;
-		struct os_reltime last_unprot_disconnect;
-		enum { HT_SEC_CHAN_UNKNOWN,
-		       HT_SEC_CHAN_ABOVE,
-		       HT_SEC_CHAN_BELOW } ht_sec_chan;
-		u8 sched_obss_scan;
-		u16 obss_scan_int;
-		u16 bss_max_idle_period;
-#ifdef CONFIG_SAE
-		struct sae_data sae;
-		struct wpabuf *sae_token;
-		int sae_group_index;
-		unsigned int sae_pmksa_caching:1;
-		u16 seq_num;
-		u8 ext_auth_bssid[ETH_ALEN];
-		u8 ext_auth_ssid[SSID_MAX_LEN];
-		size_t ext_auth_ssid_len;
-		int *sae_rejected_groups;
-#endif /* CONFIG_SAE */
-	} sme;
-#endif /* CONFIG_SME */
-
-#ifdef CONFIG_AP
-	struct hostapd_iface *ap_iface;
-	void (*ap_configured_cb)(void *ctx, void *data);
-	void *ap_configured_cb_ctx;
-	void *ap_configured_cb_data;
-#endif /* CONFIG_AP */
-
-	struct hostapd_iface *ifmsh;
-#ifdef CONFIG_MESH
-	struct mesh_rsn *mesh_rsn;
-	int mesh_if_idx;
-	unsigned int mesh_if_created:1;
-	unsigned int mesh_ht_enabled:1;
-	unsigned int mesh_vht_enabled:1;
-	unsigned int mesh_he_enabled:1;
-	struct wpa_driver_mesh_join_params *mesh_params;
-#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
-	/* struct external_pmksa_cache::list */
-	struct dl_list mesh_external_pmksa_cache;
-#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
-#endif /* CONFIG_MESH */
-
-	unsigned int off_channel_freq;
-	struct wpabuf *pending_action_tx;
-	u8 pending_action_src[ETH_ALEN];
-	u8 pending_action_dst[ETH_ALEN];
-	u8 pending_action_bssid[ETH_ALEN];
-	unsigned int pending_action_freq;
-	int pending_action_no_cck;
-	int pending_action_without_roc;
-	unsigned int pending_action_tx_done:1;
-	void (*pending_action_tx_status_cb)(struct wpa_supplicant *wpa_s,
-					    unsigned int freq, const u8 *dst,
-					    const u8 *src, const u8 *bssid,
-					    const u8 *data, size_t data_len,
-					    enum offchannel_send_action_result
-					    result);
-	unsigned int roc_waiting_drv_freq;
-	int action_tx_wait_time;
-	int action_tx_wait_time_used;
-
-	int p2p_mgmt;
-
-#ifdef CONFIG_P2P
-	struct p2p_go_neg_results *go_params;
-	int create_p2p_iface;
-	u8 pending_interface_addr[ETH_ALEN];
-	char pending_interface_name[100];
-	int pending_interface_type;
-	int p2p_group_idx;
-	unsigned int pending_listen_freq;
-	unsigned int pending_listen_duration;
-	enum {
-		NOT_P2P_GROUP_INTERFACE,
-		P2P_GROUP_INTERFACE_PENDING,
-		P2P_GROUP_INTERFACE_GO,
-		P2P_GROUP_INTERFACE_CLIENT
-	} p2p_group_interface;
-	struct p2p_group *p2p_group;
-	char p2p_pin[10];
-	int p2p_wps_method;
-	u8 p2p_auth_invite[ETH_ALEN];
-	int p2p_sd_over_ctrl_iface;
-	int p2p_in_provisioning;
-	int p2p_in_invitation;
-	int p2p_invite_go_freq;
-	int pending_invite_ssid_id;
-	int show_group_started;
-	u8 go_dev_addr[ETH_ALEN];
-	int pending_pd_before_join;
-	u8 pending_join_iface_addr[ETH_ALEN];
-	u8 pending_join_dev_addr[ETH_ALEN];
-	int pending_join_wps_method;
-	u8 p2p_join_ssid[SSID_MAX_LEN];
-	size_t p2p_join_ssid_len;
-	int p2p_join_scan_count;
-	int auto_pd_scan_retry;
-	int force_long_sd;
-	u16 pending_pd_config_methods;
-	enum {
-		NORMAL_PD, AUTO_PD_GO_NEG, AUTO_PD_JOIN, AUTO_PD_ASP
-	} pending_pd_use;
-
-	/*
-	 * Whether cross connection is disallowed by the AP to which this
-	 * interface is associated (only valid if there is an association).
-	 */
-	int cross_connect_disallowed;
-
-	/*
-	 * Whether this P2P group is configured to use cross connection (only
-	 * valid if this is P2P GO interface). The actual cross connect packet
-	 * forwarding may not be configured depending on the uplink status.
-	 */
-	int cross_connect_enabled;
-
-	/* Whether cross connection forwarding is in use at the moment. */
-	int cross_connect_in_use;
-
-	/*
-	 * Uplink interface name for cross connection
-	 */
-	char cross_connect_uplink[100];
-
-	unsigned int p2p_auto_join:1;
-	unsigned int p2p_auto_pd:1;
-	unsigned int p2p_go_do_acs:1;
-	unsigned int p2p_persistent_group:1;
-	unsigned int p2p_fallback_to_go_neg:1;
-	unsigned int p2p_pd_before_go_neg:1;
-	unsigned int p2p_go_ht40:1;
-	unsigned int p2p_go_vht:1;
-	unsigned int p2p_go_edmg:1;
-	unsigned int p2p_go_he:1;
-	unsigned int user_initiated_pd:1;
-	unsigned int p2p_go_group_formation_completed:1;
-	unsigned int group_formation_reported:1;
-	unsigned int waiting_presence_resp;
-	int p2p_first_connection_timeout;
-	unsigned int p2p_nfc_tag_enabled:1;
-	unsigned int p2p_peer_oob_pk_hash_known:1;
-	unsigned int p2p_disable_ip_addr_req:1;
-	unsigned int p2ps_method_config_any:1;
-	unsigned int p2p_cli_probe:1;
-	unsigned int p2p_go_allow_dfs:1;
-	enum hostapd_hw_mode p2p_go_acs_band;
-	int p2p_persistent_go_freq;
-	int p2p_persistent_id;
-	int p2p_go_intent;
-	int p2p_connect_freq;
-	struct os_reltime p2p_auto_started;
-	struct wpa_ssid *p2p_last_4way_hs_fail;
-	struct wpa_radio_work *p2p_scan_work;
-	struct wpa_radio_work *p2p_listen_work;
-	struct wpa_radio_work *p2p_send_action_work;
-
-	u16 p2p_oob_dev_pw_id; /* OOB Device Password Id for group formation */
-	struct wpabuf *p2p_oob_dev_pw; /* OOB Device Password for group
-					* formation */
-	u8 p2p_peer_oob_pubkey_hash[WPS_OOB_PUBKEY_HASH_LEN];
-	u8 p2p_ip_addr_info[3 * 4];
-
-	/* group common frequencies */
-	int *p2p_group_common_freqs;
-	unsigned int p2p_group_common_freqs_num;
-	u8 p2ps_join_addr[ETH_ALEN];
-
-	unsigned int p2p_go_max_oper_chwidth;
-	unsigned int p2p_go_vht_center_freq2;
-	int p2p_lo_started;
-#endif /* CONFIG_P2P */
-
-	struct wpa_ssid *bgscan_ssid;
-	const struct bgscan_ops *bgscan;
-	void *bgscan_priv;
-
-	const struct autoscan_ops *autoscan;
-	struct wpa_driver_scan_params *autoscan_params;
-	void *autoscan_priv;
-
-	struct wpa_ssid *connect_without_scan;
-
-	struct wps_ap_info *wps_ap;
-	size_t num_wps_ap;
-	int wps_ap_iter;
-
-	int after_wps;
-	int known_wps_freq;
-	unsigned int wps_freq;
-	int wps_fragment_size;
-	int auto_reconnect_disabled;
-
-	 /* Channel preferences for AP/P2P GO use */
-	int best_24_freq;
-	int best_5_freq;
-	int best_overall_freq;
-
-	struct gas_query *gas;
-	struct gas_server *gas_server;
-
-#ifdef CONFIG_INTERWORKING
-	unsigned int fetch_anqp_in_progress:1;
-	unsigned int network_select:1;
-	unsigned int auto_select:1;
-	unsigned int auto_network_select:1;
-	unsigned int interworking_fast_assoc_tried:1;
-	unsigned int fetch_all_anqp:1;
-	unsigned int fetch_osu_info:1;
-	unsigned int fetch_osu_waiting_scan:1;
-	unsigned int fetch_osu_icon_in_progress:1;
-	struct wpa_bss *interworking_gas_bss;
-	unsigned int osu_icon_id;
-	struct dl_list icon_head; /* struct icon_entry */
-	struct osu_provider *osu_prov;
-	size_t osu_prov_count;
-	struct os_reltime osu_icon_fetch_start;
-	unsigned int num_osu_scans;
-	unsigned int num_prov_found;
-#endif /* CONFIG_INTERWORKING */
-	unsigned int drv_capa_known;
-
-	struct {
-		struct hostapd_hw_modes *modes;
-		u16 num_modes;
-		u16 flags;
-	} hw;
-	enum local_hw_capab {
-		CAPAB_NO_HT_VHT,
-		CAPAB_HT,
-		CAPAB_HT40,
-		CAPAB_VHT,
-	} hw_capab;
-#ifdef CONFIG_MACSEC
-	struct ieee802_1x_kay *kay;
-#endif /* CONFIG_MACSEC */
-
-	int pno;
-	int pno_sched_pending;
-
-	/* WLAN_REASON_* reason codes. Negative if locally generated. */
-	int disconnect_reason;
-
-	/* WLAN_STATUS_* status codes from last received Authentication frame
-	 * from the AP. */
-	u16 auth_status_code;
-
-	/* WLAN_STATUS_* status codes from (Re)Association Response frame. */
-	u16 assoc_status_code;
-
-	struct ext_password_data *ext_pw;
-
-	struct wpabuf *last_gas_resp, *prev_gas_resp;
-	u8 last_gas_addr[ETH_ALEN], prev_gas_addr[ETH_ALEN];
-	u8 last_gas_dialog_token, prev_gas_dialog_token;
-
-	unsigned int no_keep_alive:1;
-	unsigned int ext_mgmt_frame_handling:1;
-	unsigned int ext_eapol_frame_io:1;
-	unsigned int wmm_ac_supported:1;
-	unsigned int ext_work_in_progress:1;
-	unsigned int own_disconnect_req:1;
-	unsigned int own_reconnect_req:1;
-	unsigned int ignore_post_flush_scan_res:1;
-
-#define MAC_ADDR_RAND_SCAN       BIT(0)
-#define MAC_ADDR_RAND_SCHED_SCAN BIT(1)
-#define MAC_ADDR_RAND_PNO        BIT(2)
-#define MAC_ADDR_RAND_ALL        (MAC_ADDR_RAND_SCAN | \
-				  MAC_ADDR_RAND_SCHED_SCAN | \
-				  MAC_ADDR_RAND_PNO)
-	unsigned int mac_addr_rand_supported;
-	unsigned int mac_addr_rand_enable;
-
-	/* MAC Address followed by mask (2 * ETH_ALEN) */
-	u8 *mac_addr_scan;
-	u8 *mac_addr_sched_scan;
-	u8 *mac_addr_pno;
-
-#ifdef CONFIG_WNM
-	u8 wnm_dialog_token;
-	u8 wnm_reply;
-	u8 wnm_num_neighbor_report;
-	u8 wnm_mode;
-	u16 wnm_dissoc_timer;
-	u8 wnm_bss_termination_duration[12];
-	struct neighbor_report *wnm_neighbor_report_elements;
-	struct os_reltime wnm_cand_valid_until;
-	u8 wnm_cand_from_bss[ETH_ALEN];
-	enum bss_trans_mgmt_status_code bss_tm_status;
-	struct wpabuf *coloc_intf_elems;
-	u8 coloc_intf_dialog_token;
-	u8 coloc_intf_auto_report;
-	u8 coloc_intf_timeout;
-#ifdef CONFIG_MBO
-	unsigned int wnm_mbo_trans_reason_present:1;
-	u8 wnm_mbo_transition_reason;
-#endif /* CONFIG_MBO */
-#endif /* CONFIG_WNM */
-
-#ifdef CONFIG_TESTING_GET_GTK
-	u8 last_gtk[32];
-	size_t last_gtk_len;
-#endif /* CONFIG_TESTING_GET_GTK */
-
-	unsigned int num_multichan_concurrent;
-	struct wpa_radio_work *connect_work;
-
-	unsigned int ext_work_id;
-
-	struct wpabuf *vendor_elem[NUM_VENDOR_ELEM_FRAMES];
-
-#ifdef CONFIG_TESTING_OPTIONS
-	struct l2_packet_data *l2_test;
-	unsigned int extra_roc_dur;
-	enum wpa_supplicant_test_failure test_failure;
-	char *get_pref_freq_list_override;
-	unsigned int reject_btm_req_reason;
-	unsigned int p2p_go_csa_on_inv:1;
-	unsigned int ignore_auth_resp:1;
-	unsigned int ignore_assoc_disallow:1;
-	unsigned int disable_sa_query:1;
-	unsigned int testing_resend_assoc:1;
-	unsigned int ignore_sae_h2e_only:1;
-	int ft_rsnxe_used;
-	struct wpabuf *sae_commit_override;
-	enum wpa_alg last_tk_alg;
-	u8 last_tk_addr[ETH_ALEN];
-	int last_tk_key_idx;
-	u8 last_tk[WPA_TK_MAX_LEN];
-	size_t last_tk_len;
-	struct wpabuf *last_assoc_req_wpa_ie;
-	int *extra_sae_rejected_groups;
-	struct wpabuf *rsne_override_eapol;
-	struct wpabuf *rsnxe_override_assoc;
-	struct wpabuf *rsnxe_override_eapol;
-	struct dl_list drv_signal_override;
-	unsigned int oci_freq_override_eapol;
-	unsigned int oci_freq_override_saquery_req;
-	unsigned int oci_freq_override_saquery_resp;
-	unsigned int oci_freq_override_eapol_g2;
-	unsigned int oci_freq_override_ft_assoc;
-	unsigned int oci_freq_override_fils_assoc;
-	unsigned int oci_freq_override_wnm_sleep;
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	struct wmm_ac_assoc_data *wmm_ac_assoc_info;
-	struct wmm_tspec_element *tspecs[WMM_AC_NUM][TS_DIR_IDX_COUNT];
-	struct wmm_ac_addts_request *addts_request;
-	u8 wmm_ac_last_dialog_token;
-	struct wmm_tspec_element *last_tspecs;
-	u8 last_tspecs_count;
-
-	struct rrm_data rrm;
-	struct beacon_rep_data beacon_rep_data;
-
-#ifdef CONFIG_FST
-	struct fst_iface *fst;
-	const struct wpabuf *fst_ies;
-	struct wpabuf *received_mb_ies;
-#endif /* CONFIG_FST */
-
-#ifdef CONFIG_MBO
-	/* Multiband operation non-preferred channel */
-	struct wpa_mbo_non_pref_channel {
-		enum mbo_non_pref_chan_reason reason;
-		u8 oper_class;
-		u8 chan;
-		u8 preference;
-	} *non_pref_chan;
-	size_t non_pref_chan_num;
-	u8 mbo_wnm_token;
-	/**
-	 * enable_oce - Enable OCE if it is enabled by user and device also
-	 *		supports OCE.
-	 * User can enable OCE with wpa_config's 'oce' parameter as follows -
-	 *  - Set BIT(0) to enable OCE in non-AP STA mode.
-	 *  - Set BIT(1) to enable OCE in STA-CFON mode.
-	 */
-	u8 enable_oce;
-#endif /* CONFIG_MBO */
-
-	/*
-	 * This should be under CONFIG_MBO, but it is left out to allow using
-	 * the bss_temp_disallowed list for other purposes as well.
-	 */
-	struct dl_list bss_tmp_disallowed;
-
-	/*
-	 * Content of a measurement report element with type 8 (LCI),
-	 * own location.
-	 */
-	struct wpabuf *lci;
-	struct os_reltime lci_time;
-
-	struct os_reltime beacon_rep_scan;
-
-	/* FILS HLP requests (struct fils_hlp_req) */
-	struct dl_list fils_hlp_req;
-
-	struct sched_scan_relative_params {
-		/**
-		 * relative_rssi_set - Enable relatively preferred BSS reporting
-		 *
-		 * 0 = Disable reporting relatively preferred BSSs
-		 * 1 = Enable reporting relatively preferred BSSs
-		 */
-		int relative_rssi_set;
-
-		/**
-		 * relative_rssi - Relative RSSI for reporting better BSSs
-		 *
-		 * Amount of RSSI by which a BSS should be better than the
-		 * current connected BSS so that the new BSS can be reported
-		 * to user space. This applies to sched_scan operations.
-		 */
-		int relative_rssi;
-
-		/**
-		 * relative_adjust_band - Band in which RSSI is to be adjusted
-		 */
-		enum set_band relative_adjust_band;
-
-		/**
-		 * relative_adjust_rssi - RSSI adjustment
-		 *
-		 * An amount of relative_adjust_rssi should be added to the
-		 * BSSs that belong to the relative_adjust_band while comparing
-		 * with other bands for BSS reporting.
-		 */
-		int relative_adjust_rssi;
-	} srp;
-
-	/* RIC elements for FT protocol */
-	struct wpabuf *ric_ies;
-
-	int last_auth_timeout_sec;
-
-#ifdef CONFIG_DPP
-	struct dpp_global *dpp;
-	struct dpp_authentication *dpp_auth;
-	struct wpa_radio_work *dpp_listen_work;
-	unsigned int dpp_pending_listen_freq;
-	unsigned int dpp_listen_freq;
-	struct os_reltime dpp_listen_end;
-	u8 dpp_allowed_roles;
-	int dpp_qr_mutual;
-	int dpp_netrole;
-	int dpp_auth_ok_on_ack;
-	int dpp_in_response_listen;
-	int dpp_gas_client;
-	int dpp_gas_dialog_token;
-	u8 dpp_intro_bssid[ETH_ALEN];
-	void *dpp_intro_network;
-	struct dpp_pkex *dpp_pkex;
-	struct dpp_bootstrap_info *dpp_pkex_bi;
-	char *dpp_pkex_code;
-	char *dpp_pkex_identifier;
-	char *dpp_pkex_auth_cmd;
-	char *dpp_configurator_params;
-	struct os_reltime dpp_last_init;
-	struct os_reltime dpp_init_iter_start;
-	unsigned int dpp_init_max_tries;
-	unsigned int dpp_init_retry_time;
-	unsigned int dpp_resp_wait_time;
-	unsigned int dpp_resp_max_tries;
-	unsigned int dpp_resp_retry_time;
-	u8 dpp_last_ssid[SSID_MAX_LEN];
-	size_t dpp_last_ssid_len;
-	bool dpp_conf_backup_received;
-#ifdef CONFIG_DPP2
-	struct dpp_pfs *dpp_pfs;
-	int dpp_pfs_fallback;
-	struct wpabuf *dpp_presence_announcement;
-	struct dpp_bootstrap_info *dpp_chirp_bi;
-	int dpp_chirp_freq;
-	int *dpp_chirp_freqs;
-	int dpp_chirp_iter;
-	int dpp_chirp_round;
-	int dpp_chirp_scan_done;
-	int dpp_chirp_listen;
-	struct wpa_ssid *dpp_reconfig_ssid;
-	int dpp_reconfig_ssid_id;
-	struct dpp_reconfig_id *dpp_reconfig_id;
-#endif /* CONFIG_DPP2 */
-#ifdef CONFIG_TESTING_OPTIONS
-	char *dpp_config_obj_override;
-	char *dpp_discovery_override;
-	char *dpp_groups_override;
-	unsigned int dpp_ignore_netaccesskey_mismatch:1;
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_DPP */
-
-#ifdef CONFIG_FILS
-	unsigned int disable_fils:1;
-#endif /* CONFIG_FILS */
-	unsigned int ieee80211ac:1;
-	unsigned int enabled_4addr_mode:1;
-	unsigned int multi_bss_support:1;
-	unsigned int drv_authorized_port:1;
-	unsigned int multi_ap_ie:1;
-	unsigned int multi_ap_backhaul:1;
-	unsigned int multi_ap_fronthaul:1;
-	struct robust_av_data robust_av;
-	bool mscs_setup_done;
-
-#ifdef CONFIG_PASN
-	struct wpas_pasn pasn;
-	struct wpa_radio_work *pasn_auth_work;
-#endif /* CONFIG_PASN */
-	struct scs_robust_av_data scs_robust_av_req;
-	u8 scs_dialog_token;
-#ifdef CONFIG_TESTING_OPTIONS
-	unsigned int disable_scs_support:1;
-	unsigned int disable_mscs_support:1;
-#endif /* CONFIG_TESTING_OPTIONS */
-	struct dl_list active_scs_ids;
-	bool ongoing_scs_req;
-	u8 dscp_req_dialog_token;
-	u8 dscp_query_dialog_token;
-	unsigned int enable_dscp_policy_capa:1;
-	unsigned int connection_dscp:1;
-	unsigned int wait_for_dscp_req:1;
-};
-
-
-/* wpa_supplicant.c */
-void wpa_supplicant_apply_ht_overrides(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params);
-void wpa_supplicant_apply_vht_overrides(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params);
-void wpa_supplicant_apply_he_overrides(
-	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-	struct wpa_driver_associate_params *params);
-
-int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
-int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid);
-
-int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s);
-
-const char * wpa_supplicant_state_txt(enum wpa_states state);
-int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
-					const char *bridge_ifname);
-void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
-				struct wpa_ssid *ssid, struct wpa_ie_data *ie);
-int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *bss, struct wpa_ssid *ssid,
-			      u8 *wpa_ie, size_t *wpa_ie_len);
-int wpas_restore_permanent_mac_addr(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *bss,
-			      struct wpa_ssid *ssid);
-void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
-				       struct wpa_ssid *ssid);
-void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s);
-void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr);
-void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
-				     int sec, int usec);
-void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff);
-void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
-			      enum wpa_states state);
-struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s);
-const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
-				   u16 reason_code);
-void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s);
-
-struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id);
-int wpa_supplicant_remove_all_networks(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid);
-void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
-				    struct wpa_ssid *ssid);
-void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
-				   struct wpa_ssid *ssid);
-int wpas_remove_cred(struct wpa_supplicant *wpa_s, struct wpa_cred *cred);
-int wpas_remove_all_creds(struct wpa_supplicant *wpa_s);
-int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
-					   const char *pkcs11_engine_path,
-					   const char *pkcs11_module_path);
-int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s,
-			       int ap_scan);
-int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
-					  unsigned int expire_age);
-int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
-					    unsigned int expire_count);
-int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
-				     int scan_interval);
-int wpa_supplicant_set_debug_params(struct wpa_global *global,
-				    int debug_level, int debug_timestamp,
-				    int debug_show_keys);
-void free_hw_features(struct wpa_supplicant *wpa_s);
-
-void wpa_show_license(void);
-
-struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
-						  const char *ifname);
-struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
-						 struct wpa_interface *iface,
-						 struct wpa_supplicant *parent);
-int wpa_supplicant_remove_iface(struct wpa_global *global,
-				struct wpa_supplicant *wpa_s,
-				int terminate);
-struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
-						 const char *ifname);
-struct wpa_global * wpa_supplicant_init(struct wpa_params *params);
-int wpa_supplicant_run(struct wpa_global *global);
-void wpa_supplicant_deinit(struct wpa_global *global);
-
-int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid);
-void wpa_supplicant_terminate_proc(struct wpa_global *global);
-void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
-			     const u8 *buf, size_t len);
-void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s);
-void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid);
-void fils_connection_failure(struct wpa_supplicant *wpa_s);
-void fils_pmksa_cache_flush(struct wpa_supplicant *wpa_s);
-int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s);
-int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s);
-void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason);
-void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid, int clear_failures);
-int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid);
-int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
-		    size_t ssid_len);
-void wpas_request_connection(struct wpa_supplicant *wpa_s);
-void wpas_request_disconnection(struct wpa_supplicant *wpa_s);
-int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen);
-int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style);
-int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s);
-void add_freq(int *freqs, int *num_freqs, int freq);
-
-int wpas_get_op_chan_phy(int freq, const u8 *ies, size_t ies_len,
-			 u8 *op_class, u8 *chan, u8 *phy_type);
-
-int wpas_twt_send_setup(struct wpa_supplicant *wpa_s, u8 dtok, int exponent,
-			int mantissa, u8 min_twt, int setup_cmd, u64 twt,
-			bool requestor, bool trigger, bool implicit,
-			bool flow_type, u8 flow_id, bool protection,
-			u8 twt_channel, u8 control);
-int wpas_twt_send_teardown(struct wpa_supplicant *wpa_s, u8 flags);
-
-void wpas_rrm_reset(struct wpa_supplicant *wpa_s);
-void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
-				   const u8 *report, size_t report_len);
-int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s,
-				       const struct wpa_ssid_value *ssid,
-				       int lci, int civic,
-				       void (*cb)(void *ctx,
-						  struct wpabuf *neighbor_rep),
-				       void *cb_ctx);
-void wpas_rrm_handle_radio_measurement_request(struct wpa_supplicant *wpa_s,
-					       const u8 *src, const u8 *dst,
-					       const u8 *frame, size_t len);
-void wpas_rrm_handle_link_measurement_request(struct wpa_supplicant *wpa_s,
-					      const u8 *src,
-					      const u8 *frame, size_t len,
-					      int rssi);
-void wpas_rrm_refuse_request(struct wpa_supplicant *wpa_s);
-int wpas_beacon_rep_scan_process(struct wpa_supplicant *wpa_s,
-				 struct wpa_scan_results *scan_res,
-				 struct scan_info *info);
-void wpas_clear_beacon_rep_data(struct wpa_supplicant *wpa_s);
-void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s);
-void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx);
-void wpa_supplicant_reset_bgscan(struct wpa_supplicant *wpa_s);
-
-
-/* MBO functions */
-int wpas_mbo_ie(struct wpa_supplicant *wpa_s, u8 *buf, size_t len,
-		int add_oce_capa);
-const u8 * mbo_attr_from_mbo_ie(const u8 *mbo_ie, enum mbo_attr_id attr);
-const u8 * wpas_mbo_get_bss_attr(struct wpa_bss *bss, enum mbo_attr_id attr);
-void wpas_mbo_check_pmf(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-			struct wpa_ssid *ssid);
-const u8 * mbo_get_attr_from_ies(const u8 *ies, size_t ies_len,
-				 enum mbo_attr_id attr);
-int wpas_mbo_update_non_pref_chan(struct wpa_supplicant *wpa_s,
-				  const char *non_pref_chan);
-void wpas_mbo_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ie);
-void wpas_mbo_ie_trans_req(struct wpa_supplicant *wpa_s, const u8 *ie,
-			   size_t len);
-size_t wpas_mbo_ie_bss_trans_reject(struct wpa_supplicant *wpa_s, u8 *pos,
-				    size_t len,
-				    enum mbo_transition_reject_reason reason);
-void wpas_mbo_update_cell_capa(struct wpa_supplicant *wpa_s, u8 mbo_cell_capa);
-struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s,
-				   struct wpa_bss *bss, u32 mbo_subtypes);
-void mbo_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
-			    struct wpa_bss *bss, const u8 *sa,
-			    const u8 *data, size_t slen);
-void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s);
-
-/* op_classes.c */
-enum chan_allowed {
-	NOT_ALLOWED, NO_IR, RADAR, ALLOWED
-};
-
-enum chan_allowed verify_channel(struct hostapd_hw_modes *mode, u8 op_class,
-				 u8 channel, u8 bw);
-size_t wpas_supp_op_class_ie(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *ssid,
-			     struct wpa_bss *bss, u8 *pos, size_t len);
-int * wpas_supp_op_classes(struct wpa_supplicant *wpa_s);
-
-int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
-				       unsigned int type, const u8 *addr,
-				       const u8 *mask);
-int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
-					unsigned int type);
-
-/**
- * wpa_supplicant_ctrl_iface_ctrl_rsp_handle - Handle a control response
- * @wpa_s: Pointer to wpa_supplicant data
- * @ssid: Pointer to the network block the reply is for
- * @field: field the response is a reply for
- * @value: value (ie, password, etc) for @field
- * Returns: 0 on success, non-zero on error
- *
- * Helper function to handle replies to control interface requests.
- */
-int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
-					      struct wpa_ssid *ssid,
-					      const char *field,
-					      const char *value);
-
-void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
-			  const struct wpa_ssid *ssid,
-			  struct hostapd_freq_params *freq);
-
-/* events.c */
-void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
-			   struct wpa_bss *selected,
-			   struct wpa_ssid *ssid);
-void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx);
-void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx);
-void wnm_bss_keep_alive_deinit(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s);
-struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s,
-					     struct wpa_ssid **selected_ssid);
-int wpas_temp_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
-void wpa_supplicant_update_channel_list(struct wpa_supplicant *wpa_s,
-					struct channel_list_changed *info);
-int wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant *wpa_s,
-					   struct wpa_bss *current_bss,
-					   struct wpa_bss *seleceted);
-
-/* eap_register.c */
-int eap_register_methods(void);
-
-/**
- * Utility method to tell if a given network is for persistent group storage
- * @ssid: Network object
- * Returns: 1 if network is a persistent group, 0 otherwise
- */
-static inline int network_is_persistent_group(struct wpa_ssid *ssid)
-{
-	return ssid->disabled == 2 && ssid->p2p_persistent_group;
-}
-
-
-static inline int wpas_mode_to_ieee80211_mode(enum wpas_mode mode)
-{
-	switch (mode) {
-	default:
-	case WPAS_MODE_INFRA:
-		return IEEE80211_MODE_INFRA;
-	case WPAS_MODE_IBSS:
-		return IEEE80211_MODE_IBSS;
-	case WPAS_MODE_AP:
-	case WPAS_MODE_P2P_GO:
-	case WPAS_MODE_P2P_GROUP_FORMATION:
-		return IEEE80211_MODE_AP;
-	case WPAS_MODE_MESH:
-		return IEEE80211_MODE_MESH;
-	}
-}
-
-
-int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
-int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
-int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr);
-
-int wpas_init_ext_pw(struct wpa_supplicant *wpa_s);
-
-void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
-		    struct wpa_used_freq_data *freqs_data,
-		    unsigned int len);
-
-int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
-				struct wpa_used_freq_data *freqs_data,
-				unsigned int len);
-int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
-			   int *freq_array, unsigned int len);
-
-void wpas_network_reenabled(void *eloop_ctx, void *timeout_ctx);
-
-void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s);
-struct wpa_supplicant * wpas_vendor_elem(struct wpa_supplicant *wpa_s,
-					 enum wpa_vendor_elem_frame frame);
-int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
-			    const u8 *elem, size_t len);
-
-#ifdef CONFIG_FST
-
-struct fst_wpa_obj;
-
-void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
-				       struct fst_wpa_obj *iface_obj);
-
-#endif /* CONFIG_FST */
-
-int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd);
-
-struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
-				   u16 num_modes, enum hostapd_hw_mode mode,
-				   bool is_6ghz);
-struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
-					     u16 num_modes, int freq);
-
-void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
-			  unsigned int sec, int rssi_threshold);
-int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *bss);
-void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s);
-
-struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
-				     int i, struct wpa_bss *bss,
-				     struct wpa_ssid *group,
-				     int only_first_ssid, int debug_print);
-
-int wpas_ctrl_iface_get_pref_freq_list_override(struct wpa_supplicant *wpa_s,
-						enum wpa_driver_if_type if_type,
-						unsigned int *num,
-						unsigned int *freq_list);
-
-int wpa_is_fils_supported(struct wpa_supplicant *wpa_s);
-int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s);
-
-void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s);
-
-int wpas_send_mscs_req(struct wpa_supplicant *wpa_s);
-void wpas_populate_mscs_descriptor_ie(struct robust_av_data *robust_av,
-				      struct wpabuf *buf);
-void wpas_handle_robust_av_recv_action(struct wpa_supplicant *wpa_s,
-				       const u8 *src, const u8 *buf,
-				       size_t len);
-void wpas_handle_assoc_resp_mscs(struct wpa_supplicant *wpa_s, const u8 *bssid,
-				 const u8 *ies, size_t ies_len);
-int wpas_send_scs_req(struct wpa_supplicant *wpa_s);
-void free_up_tclas_elem(struct scs_desc_elem *elem);
-void free_up_scs_desc(struct scs_robust_av_data *data);
-void wpas_handle_robust_av_scs_recv_action(struct wpa_supplicant *wpa_s,
-					   const u8 *src, const u8 *buf,
-					   size_t len);
-void wpas_scs_deinit(struct wpa_supplicant *wpa_s);
-void wpas_handle_qos_mgmt_recv_action(struct wpa_supplicant *wpa_s,
-				      const u8 *src,
-				      const u8 *buf, size_t len);
-void wpas_dscp_deinit(struct wpa_supplicant *wpa_s);
-int wpas_send_dscp_response(struct wpa_supplicant *wpa_s,
-			    struct dscp_resp_data *resp_data);
-void wpas_handle_assoc_resp_qos_mgmt(struct wpa_supplicant *wpa_s,
-				     const u8 *ies, size_t ies_len);
-int wpas_send_dscp_query(struct wpa_supplicant *wpa_s, const char *domain_name,
-			 size_t domain_name_length);
-
-int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s,
-			 const u8 *bssid, int akmp, int cipher,
-			 u16 group, int network_id,
-			 const u8 *comeback, size_t comeback_len);
-void wpas_pasn_auth_stop(struct wpa_supplicant *wpa_s);
-int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
-			     const u8 *data, size_t data_len, u8 acked);
-int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
-		      const struct ieee80211_mgmt *mgmt, size_t len);
-
-int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid);
-
-#endif /* WPA_SUPPLICANT_I_H */
diff --git a/wpa_supplicant/wpa_supplicant_template.conf b/wpa_supplicant/wpa_supplicant_template.conf
deleted file mode 100644
index f55227f82685..000000000000
--- a/wpa_supplicant/wpa_supplicant_template.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-##### wpa_supplicant configuration file template #####
-update_config=1
-eapol_version=1
-ap_scan=1
-fast_reauth=1
-pmf=1
-p2p_add_cli_chan=1
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
deleted file mode 100644
index 17fc05bcbdab..000000000000
--- a/wpa_supplicant/wpas_glue.c
+++ /dev/null
@@ -1,1494 +0,0 @@
-/*
- * WPA Supplicant - Glue code to setup EAPOL and RSN modules
- * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "eap_peer/eap.h"
-#include "rsn_supp/wpa.h"
-#include "eloop.h"
-#include "config.h"
-#include "l2_packet/l2_packet.h"
-#include "common/wpa_common.h"
-#include "common/ptksa_cache.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "rsn_supp/pmksa_cache.h"
-#include "sme.h"
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_ctrl.h"
-#include "wpas_glue.h"
-#include "wps_supplicant.h"
-#include "bss.h"
-#include "scan.h"
-#include "notify.h"
-#include "wpas_kay.h"
-
-
-#ifndef CONFIG_NO_CONFIG_BLOBS
-#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
-static void wpa_supplicant_set_config_blob(void *ctx,
-					   struct wpa_config_blob *blob)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_config_set_blob(wpa_s->conf, blob);
-	if (wpa_s->conf->update_config) {
-		int ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
-		if (ret) {
-			wpa_printf(MSG_DEBUG, "Failed to update config after "
-				   "blob set");
-		}
-	}
-}
-
-
-static const struct wpa_config_blob *
-wpa_supplicant_get_config_blob(void *ctx, const char *name)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_config_get_blob(wpa_s->conf, name);
-}
-#endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-
-
-#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
-static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
-			    const void *data, u16 data_len,
-			    size_t *msg_len, void **data_pos)
-{
-	struct ieee802_1x_hdr *hdr;
-
-	*msg_len = sizeof(*hdr) + data_len;
-	hdr = os_malloc(*msg_len);
-	if (hdr == NULL)
-		return NULL;
-
-	hdr->version = wpa_s->conf->eapol_version;
-	hdr->type = type;
-	hdr->length = host_to_be16(data_len);
-
-	if (data)
-		os_memcpy(hdr + 1, data, data_len);
-	else
-		os_memset(hdr + 1, 0, data_len);
-
-	if (data_pos)
-		*data_pos = hdr + 1;
-
-	return (u8 *) hdr;
-}
-
-
-/**
- * wpa_ether_send - Send Ethernet frame
- * @wpa_s: Pointer to wpa_supplicant data
- * @dest: Destination MAC address
- * @proto: Ethertype in host byte order
- * @buf: Frame payload starting from IEEE 802.1X header
- * @len: Frame payload length
- * Returns: >=0 on success, <0 on failure
- */
-int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
-		   u16 proto, const u8 *buf, size_t len)
-{
-#ifdef CONFIG_TESTING_OPTIONS
-	if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
-		size_t hex_len = 2 * len + 1;
-		char *hex = os_malloc(hex_len);
-
-		if (hex == NULL)
-			return -1;
-		wpa_snprintf_hex(hex, hex_len, buf, len);
-		wpa_msg(wpa_s, MSG_INFO, "EAPOL-TX " MACSTR " %s",
-			MAC2STR(dest), hex);
-		os_free(hex);
-		return 0;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) {
-		int encrypt = wpa_s->wpa &&
-			wpa_sm_has_ptk_installed(wpa_s->wpa);
-
-		return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len,
-					       !encrypt);
-	}
-
-	if (wpa_s->l2) {
-		return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
-	}
-
-	return -1;
-}
-#endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
-
-
-#ifdef IEEE8021X_EAPOL
-
-/**
- * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
- * @ctx: Pointer to wpa_supplicant data (wpa_s)
- * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
- * @buf: EAPOL payload (after IEEE 802.1X header)
- * @len: EAPOL payload length
- * Returns: >=0 on success, <0 on failure
- *
- * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
- * to the current Authenticator.
- */
-static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
-				     size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	u8 *msg, *dst, bssid[ETH_ALEN];
-	size_t msglen;
-	int res;
-
-	/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
-	 * extra copy here */
-
-	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
-		/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
-		 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
-		 * machines. */
-		wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
-			   "mode (type=%d len=%lu)", type,
-			   (unsigned long) len);
-		return -1;
-	}
-
-	if (pmksa_cache_get_current(wpa_s->wpa) &&
-	    type == IEEE802_1X_TYPE_EAPOL_START) {
-		/*
-		 * We were trying to use PMKSA caching and sending EAPOL-Start
-		 * would abort that and trigger full EAPOL authentication.
-		 * However, we've already waited for the AP/Authenticator to
-		 * start 4-way handshake or EAP authentication, and apparently
-		 * it has not done so since the startWhen timer has reached zero
-		 * to get the state machine sending EAPOL-Start. This is not
-		 * really supposed to happen, but an interoperability issue with
-		 * a deployed AP has been identified where the connection fails
-		 * due to that AP failing to operate correctly if PMKID is
-		 * included in the Association Request frame. To work around
-		 * this, assume PMKSA caching failed and try to initiate full
-		 * EAP authentication.
-		 */
-		if (!wpa_s->current_ssid ||
-		    wpa_s->current_ssid->eap_workaround) {
-			wpa_printf(MSG_DEBUG,
-				   "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication");
-		} else {
-			wpa_printf(MSG_DEBUG,
-				   "RSN: PMKSA caching - do not send EAPOL-Start");
-			return -1;
-		}
-	}
-
-	if (is_zero_ether_addr(wpa_s->bssid)) {
-		wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
-			   "EAPOL frame");
-		if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
-		    !is_zero_ether_addr(bssid)) {
-			dst = bssid;
-			wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
-				   " from the driver as the EAPOL destination",
-				   MAC2STR(dst));
-		} else {
-			dst = wpa_s->last_eapol_src;
-			wpa_printf(MSG_DEBUG, "Using the source address of the"
-				   " last received EAPOL frame " MACSTR " as "
-				   "the EAPOL destination",
-				   MAC2STR(dst));
-		}
-	} else {
-		/* BSSID was already set (from (Re)Assoc event, so use it as
-		 * the EAPOL destination. */
-		dst = wpa_s->bssid;
-	}
-
-	msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
-	if (msg == NULL)
-		return -1;
-
-	wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
-	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
-	res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
-	os_free(msg);
-	return res;
-}
-
-
-#ifdef CONFIG_WEP
-/**
- * wpa_eapol_set_wep_key - set WEP key for the driver
- * @ctx: Pointer to wpa_supplicant data (wpa_s)
- * @unicast: 1 = individual unicast key, 0 = broadcast key
- * @keyidx: WEP key index (0..3)
- * @key: Pointer to key data
- * @keylen: Key length in bytes
- * Returns: 0 on success or < 0 on error.
- */
-static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
-				 const u8 *key, size_t keylen)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
-		int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
-			WPA_CIPHER_WEP104;
-		if (unicast)
-			wpa_s->pairwise_cipher = cipher;
-		else
-			wpa_s->group_cipher = cipher;
-	}
-	return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
-			       unicast ? wpa_s->bssid : NULL,
-			       keyidx, unicast, NULL, 0, key, keylen,
-			       unicast ? KEY_FLAG_PAIRWISE_RX_TX :
-			       KEY_FLAG_GROUP_RX_TX_DEFAULT);
-}
-#endif /* CONFIG_WEP */
-
-
-static void wpa_supplicant_aborted_cached(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_sm_aborted_cached(wpa_s->wpa);
-}
-
-
-static const char * result_str(enum eapol_supp_result result)
-{
-	switch (result) {
-	case EAPOL_SUPP_RESULT_FAILURE:
-		return "FAILURE";
-	case EAPOL_SUPP_RESULT_SUCCESS:
-		return "SUCCESS";
-	case EAPOL_SUPP_RESULT_EXPECTED_FAILURE:
-		return "EXPECTED_FAILURE";
-	}
-	return "?";
-}
-
-
-static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
-				    enum eapol_supp_result result,
-				    void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	int res, pmk_len;
-	u8 pmk[PMK_LEN];
-
-	wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s",
-		   result_str(result));
-
-	if (wpas_wps_eapol_cb(wpa_s) > 0)
-		return;
-
-	wpa_s->eap_expected_failure = result ==
-		EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
-
-	if (result != EAPOL_SUPP_RESULT_SUCCESS) {
-		/*
-		 * Make sure we do not get stuck here waiting for long EAPOL
-		 * timeout if the AP does not disconnect in case of
-		 * authentication failure.
-		 */
-		wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
-	} else {
-		ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src);
-	}
-
-	if (result != EAPOL_SUPP_RESULT_SUCCESS ||
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
-		return;
-
-	if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
-		return;
-
-	wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way "
-		   "handshake");
-
-	pmk_len = PMK_LEN;
-	if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
-#ifdef CONFIG_IEEE80211R
-		u8 buf[2 * PMK_LEN];
-		wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
-			   "driver-based 4-way hs and FT");
-		res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
-		if (res == 0) {
-			os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
-			os_memset(buf, 0, sizeof(buf));
-		}
-#else /* CONFIG_IEEE80211R */
-		res = -1;
-#endif /* CONFIG_IEEE80211R */
-	} else {
-		res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
-		if (res) {
-			/*
-			 * EAP-LEAP is an exception from other EAP methods: it
-			 * uses only 16-byte PMK.
-			 */
-			res = eapol_sm_get_key(eapol, pmk, 16);
-			pmk_len = 16;
-		}
-	}
-
-	if (res) {
-		wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state "
-			   "machines");
-		return;
-	}
-
-	wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
-			"handshake", pmk, pmk_len);
-
-	if (wpa_drv_set_key(wpa_s, 0, NULL, 0, 0, NULL, 0, pmk,
-			    pmk_len, KEY_FLAG_PMK)) {
-		wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
-	}
-
-	wpa_supplicant_cancel_scan(wpa_s);
-	wpa_supplicant_cancel_auth_timeout(wpa_s);
-	wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-
-}
-
-
-static void wpa_supplicant_notify_eapol_done(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
-	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
-		wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
-	} else {
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-	}
-}
-
-#endif /* IEEE8021X_EAPOL */
-
-
-#ifndef CONFIG_NO_WPA
-
-static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
-{
-	int ret = 0;
-	struct wpa_bss *curr = NULL, *bss;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	const u8 *ie;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0)
-			continue;
-		if (ssid == NULL ||
-		    ((bss->ssid_len == ssid->ssid_len &&
-		      os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) ||
-		     ssid->ssid_len == 0)) {
-			curr = bss;
-			break;
-		}
-#ifdef CONFIG_OWE
-		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
-		    (bss->flags & WPA_BSS_OWE_TRANSITION)) {
-			curr = bss;
-			break;
-		}
-#endif /* CONFIG_OWE */
-	}
-
-	if (curr) {
-		ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE);
-		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
-			ret = -1;
-
-		ie = wpa_bss_get_ie(curr, WLAN_EID_RSN);
-		if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
-			ret = -1;
-
-		ie = wpa_bss_get_ie(curr, WLAN_EID_RSNX);
-		if (wpa_sm_set_ap_rsnxe(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
-			ret = -1;
-	} else {
-		ret = -1;
-	}
-
-	return ret;
-}
-
-
-static int wpa_supplicant_get_beacon_ie(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_get_beacon_ie(wpa_s) == 0) {
-		return 0;
-	}
-
-	/* No WPA/RSN IE found in the cached scan results. Try to get updated
-	 * scan results from the driver. */
-	if (wpa_supplicant_update_scan_results(wpa_s) < 0)
-		return -1;
-
-	return wpa_get_beacon_ie(wpa_s);
-}
-
-
-static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
-			     const void *data, u16 data_len,
-			     size_t *msg_len, void **data_pos)
-{
-	return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
-}
-
-
-static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
-			   const u8 *buf, size_t len)
-{
-	return wpa_ether_send(wpa_s, dest, proto, buf, len);
-}
-
-
-static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
-{
-	wpa_supplicant_cancel_auth_timeout(wpa_s);
-}
-
-
-static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state)
-{
-	wpa_supplicant_set_state(wpa_s, state);
-}
-
-
-/**
- * wpa_supplicant_get_state - Get the connection state
- * @wpa_s: Pointer to wpa_supplicant data
- * Returns: The current connection state (WPA_*)
- */
-static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
-{
-	return wpa_s->wpa_state;
-}
-
-
-static enum wpa_states _wpa_supplicant_get_state(void *wpa_s)
-{
-	return wpa_supplicant_get_state(wpa_s);
-}
-
-
-static void _wpa_supplicant_deauthenticate(void *wpa_s, u16 reason_code)
-{
-	wpa_supplicant_deauthenticate(wpa_s, reason_code);
-	/* Schedule a scan to make sure we continue looking for networks */
-	wpa_supplicant_req_scan(wpa_s, 5, 0);
-}
-
-
-static void _wpa_supplicant_reconnect(void *wpa_s)
-{
-	wpa_supplicant_reconnect(wpa_s);
-}
-
-
-static void * wpa_supplicant_get_network_ctx(void *wpa_s)
-{
-	return wpa_supplicant_get_ssid(wpa_s);
-}
-
-
-static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_drv_get_bssid(wpa_s, bssid);
-}
-
-
-static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg,
-				  const u8 *addr, int key_idx, int set_tx,
-				  const u8 *seq, size_t seq_len,
-				  const u8 *key, size_t key_len,
-				  enum key_flag key_flag)
-{
-	struct wpa_supplicant *wpa_s = _wpa_s;
-	if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
-		/* Clear the MIC error counter when setting a new PTK. */
-		wpa_s->mic_errors_seen = 0;
-	}
-#ifdef CONFIG_TESTING_GET_GTK
-	if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) &&
-	    alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) {
-		os_memcpy(wpa_s->last_gtk, key, key_len);
-		wpa_s->last_gtk_len = key_len;
-	}
-#endif /* CONFIG_TESTING_GET_GTK */
-#ifdef CONFIG_TESTING_OPTIONS
-	if (addr && !is_broadcast_ether_addr(addr) &&
-	    !(key_flag & KEY_FLAG_MODIFY)) {
-		wpa_s->last_tk_alg = alg;
-		os_memcpy(wpa_s->last_tk_addr, addr, ETH_ALEN);
-		wpa_s->last_tk_key_idx = key_idx;
-		if (key)
-			os_memcpy(wpa_s->last_tk, key, key_len);
-		wpa_s->last_tk_len = key_len;
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-	return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
-			       key, key_len, key_flag);
-}
-
-
-static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
-					     int protection_type,
-					     int key_type)
-{
-	return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
-					  key_type);
-}
-
-
-static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s,
-					      void *network_ctx)
-{
-	struct wpa_ssid *ssid;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (network_ctx == ssid)
-			return ssid;
-	}
-
-	return NULL;
-}
-
-
-static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
-				    const u8 *bssid, const u8 *pmkid,
-				    const u8 *fils_cache_id,
-				    const u8 *pmk, size_t pmk_len,
-				    u32 pmk_lifetime, u8 pmk_reauth_threshold,
-				    int akmp)
-{
-	struct wpa_supplicant *wpa_s = _wpa_s;
-	struct wpa_ssid *ssid;
-	struct wpa_pmkid_params params;
-
-	os_memset(&params, 0, sizeof(params));
-	ssid = wpas_get_network_ctx(wpa_s, network_ctx);
-	if (ssid) {
-		wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d",
-			MAC2STR(bssid), ssid->id);
-		if ((akmp == WPA_KEY_MGMT_FT_IEEE8021X ||
-		     akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
-		    !ssid->ft_eap_pmksa_caching) {
-			/* Since we will not be using PMKSA caching for FT-EAP
-			 * within wpa_supplicant to avoid known interop issues
-			 * with APs, do not add this PMKID to the driver either
-			 * so that we won't be hitting those interop issues
-			 * with driver-based RSNE generation. */
-			wpa_printf(MSG_DEBUG,
-				   "FT: Do not add PMKID entry to the driver since FT-EAP PMKSA caching is not enabled in configuration");
-			return 0;
-		}
-	}
-	if (ssid && fils_cache_id) {
-		params.ssid = ssid->ssid;
-		params.ssid_len = ssid->ssid_len;
-		params.fils_cache_id = fils_cache_id;
-	} else {
-		params.bssid = bssid;
-	}
-
-	params.pmkid = pmkid;
-	params.pmk = pmk;
-	params.pmk_len = pmk_len;
-	params.pmk_lifetime = pmk_lifetime;
-	params.pmk_reauth_threshold = pmk_reauth_threshold;
-
-	return wpa_drv_add_pmkid(wpa_s, &params);
-}
-
-
-static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx,
-				       const u8 *bssid, const u8 *pmkid,
-				       const u8 *fils_cache_id)
-{
-	struct wpa_supplicant *wpa_s = _wpa_s;
-	struct wpa_ssid *ssid;
-	struct wpa_pmkid_params params;
-
-	os_memset(&params, 0, sizeof(params));
-	ssid = wpas_get_network_ctx(wpa_s, network_ctx);
-	if (ssid)
-		wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d",
-			MAC2STR(bssid), ssid->id);
-	if (ssid && fils_cache_id) {
-		params.ssid = ssid->ssid;
-		params.ssid_len = ssid->ssid_len;
-		params.fils_cache_id = fils_cache_id;
-	} else {
-		params.bssid = bssid;
-	}
-
-	params.pmkid = pmkid;
-
-	return wpa_drv_remove_pmkid(wpa_s, &params);
-}
-
-
-#ifdef CONFIG_IEEE80211R
-static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md,
-					const u8 *ies, size_t ies_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
-		return sme_update_ft_ies(wpa_s, md, ies, ies_len);
-	return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
-}
-
-
-static int wpa_supplicant_send_ft_action(void *ctx, u8 action,
-					 const u8 *target_ap,
-					 const u8 *ies, size_t ies_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	int ret;
-	u8 *data, *pos;
-	size_t data_len;
-
-	if (action != 1) {
-		wpa_printf(MSG_ERROR, "Unsupported send_ft_action action %d",
-			   action);
-		return -1;
-	}
-
-	/*
-	 * Action frame payload:
-	 * Category[1] = 6 (Fast BSS Transition)
-	 * Action[1] = 1 (Fast BSS Transition Request)
-	 * STA Address
-	 * Target AP Address
-	 * FT IEs
-	 */
-
-	data_len = 2 + 2 * ETH_ALEN + ies_len;
-	data = os_malloc(data_len);
-	if (data == NULL)
-		return -1;
-	pos = data;
-	*pos++ = 0x06; /* FT Action category */
-	*pos++ = action;
-	os_memcpy(pos, wpa_s->own_addr, ETH_ALEN);
-	pos += ETH_ALEN;
-	os_memcpy(pos, target_ap, ETH_ALEN);
-	pos += ETH_ALEN;
-	os_memcpy(pos, ies, ies_len);
-
-	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
-				  wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid,
-				  data, data_len, 0);
-	os_free(data);
-
-	return ret;
-}
-
-
-static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_driver_auth_params params;
-	struct wpa_bss *bss;
-
-	bss = wpa_bss_get_bssid(wpa_s, target_ap);
-	if (bss == NULL)
-		return -1;
-
-	os_memset(&params, 0, sizeof(params));
-	params.bssid = target_ap;
-	params.freq = bss->freq;
-	params.ssid = bss->ssid;
-	params.ssid_len = bss->ssid_len;
-	params.auth_alg = WPA_AUTH_ALG_FT;
-	params.local_state_change = 1;
-	return wpa_drv_authenticate(wpa_s, &params);
-}
-#endif /* CONFIG_IEEE80211R */
-
-
-#ifdef CONFIG_TDLS
-
-static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported,
-					int *tdls_ext_setup,
-					int *tdls_chan_switch)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	*tdls_supported = 0;
-	*tdls_ext_setup = 0;
-	*tdls_chan_switch = 0;
-
-	if (!wpa_s->drv_capa_known)
-		return -1;
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)
-		*tdls_supported = 1;
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP)
-		*tdls_ext_setup = 1;
-
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH)
-		*tdls_chan_switch = 1;
-
-	return 0;
-}
-
-
-static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst,
-					 u8 action_code, u8 dialog_token,
-					 u16 status_code, u32 peer_capab,
-					 int initiator, const u8 *buf,
-					 size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token,
-				      status_code, peer_capab, initiator, buf,
-				      len);
-}
-
-
-static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	return wpa_drv_tdls_oper(wpa_s, oper, peer);
-}
-
-
-static int wpa_supplicant_tdls_peer_addset(
-	void *ctx, const u8 *peer, int add, u16 aid, u16 capability,
-	const u8 *supp_rates, size_t supp_rates_len,
-	const struct ieee80211_ht_capabilities *ht_capab,
-	const struct ieee80211_vht_capabilities *vht_capab,
-	const struct ieee80211_he_capabilities *he_capab,
-	size_t he_capab_len,
-	const struct ieee80211_he_6ghz_band_cap *he_6ghz_he_capab,
-	u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len,
-	const u8 *supp_channels, size_t supp_channels_len,
-	const u8 *supp_oper_classes, size_t supp_oper_classes_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct hostapd_sta_add_params params;
-
-	os_memset(&params, 0, sizeof(params));
-
-	params.addr = peer;
-	params.aid = aid;
-	params.capability = capability;
-	params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED;
-
-	/*
-	 * Don't rely only on qosinfo for WMM capability. It may be 0 even when
-	 * present. Allow the WMM IE to also indicate QoS support.
-	 */
-	if (wmm || qosinfo)
-		params.flags |= WPA_STA_WMM;
-
-	params.ht_capabilities = ht_capab;
-	params.vht_capabilities = vht_capab;
-	params.he_capab = he_capab;
-	params.he_capab_len = he_capab_len;
-	params.he_6ghz_capab = he_6ghz_he_capab;
-	params.qosinfo = qosinfo;
-	params.listen_interval = 0;
-	params.supp_rates = supp_rates;
-	params.supp_rates_len = supp_rates_len;
-	params.set = !add;
-	params.ext_capab = ext_capab;
-	params.ext_capab_len = ext_capab_len;
-	params.supp_channels = supp_channels;
-	params.supp_channels_len = supp_channels_len;
-	params.supp_oper_classes = supp_oper_classes;
-	params.supp_oper_classes_len = supp_oper_classes_len;
-
-	return wpa_drv_sta_add(wpa_s, &params);
-}
-
-
-static int wpa_supplicant_tdls_enable_channel_switch(
-	void *ctx, const u8 *addr, u8 oper_class,
-	const struct hostapd_freq_params *params)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	return wpa_drv_tdls_enable_channel_switch(wpa_s, addr, oper_class,
-						  params);
-}
-
-
-static int wpa_supplicant_tdls_disable_channel_switch(void *ctx, const u8 *addr)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	return wpa_drv_tdls_disable_channel_switch(wpa_s, addr);
-}
-
-#endif /* CONFIG_TDLS */
-
-#endif /* CONFIG_NO_WPA */
-
-
-enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field)
-{
-	if (os_strcmp(field, "IDENTITY") == 0)
-		return WPA_CTRL_REQ_EAP_IDENTITY;
-	else if (os_strcmp(field, "PASSWORD") == 0)
-		return WPA_CTRL_REQ_EAP_PASSWORD;
-	else if (os_strcmp(field, "NEW_PASSWORD") == 0)
-		return WPA_CTRL_REQ_EAP_NEW_PASSWORD;
-	else if (os_strcmp(field, "PIN") == 0)
-		return WPA_CTRL_REQ_EAP_PIN;
-	else if (os_strcmp(field, "OTP") == 0)
-		return WPA_CTRL_REQ_EAP_OTP;
-	else if (os_strcmp(field, "PASSPHRASE") == 0)
-		return WPA_CTRL_REQ_EAP_PASSPHRASE;
-	else if (os_strcmp(field, "SIM") == 0)
-		return WPA_CTRL_REQ_SIM;
-	else if (os_strcmp(field, "PSK_PASSPHRASE") == 0)
-		return WPA_CTRL_REQ_PSK_PASSPHRASE;
-	else if (os_strcmp(field, "EXT_CERT_CHECK") == 0)
-		return WPA_CTRL_REQ_EXT_CERT_CHECK;
-	return WPA_CTRL_REQ_UNKNOWN;
-}
-
-
-const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,
-					       const char *default_txt,
-					       const char **txt)
-{
-	const char *ret = NULL;
-
-	*txt = default_txt;
-
-	switch (field) {
-	case WPA_CTRL_REQ_EAP_IDENTITY:
-		*txt = "Identity";
-		ret = "IDENTITY";
-		break;
-	case WPA_CTRL_REQ_EAP_PASSWORD:
-		*txt = "Password";
-		ret = "PASSWORD";
-		break;
-	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
-		*txt = "New Password";
-		ret = "NEW_PASSWORD";
-		break;
-	case WPA_CTRL_REQ_EAP_PIN:
-		*txt = "PIN";
-		ret = "PIN";
-		break;
-	case WPA_CTRL_REQ_EAP_OTP:
-		ret = "OTP";
-		break;
-	case WPA_CTRL_REQ_EAP_PASSPHRASE:
-		*txt = "Private key passphrase";
-		ret = "PASSPHRASE";
-		break;
-	case WPA_CTRL_REQ_SIM:
-		ret = "SIM";
-		break;
-	case WPA_CTRL_REQ_PSK_PASSPHRASE:
-		*txt = "PSK or passphrase";
-		ret = "PSK_PASSPHRASE";
-		break;
-	case WPA_CTRL_REQ_EXT_CERT_CHECK:
-		*txt = "External server certificate validation";
-		ret = "EXT_CERT_CHECK";
-		break;
-	default:
-		break;
-	}
-
-	/* txt needs to be something */
-	if (*txt == NULL) {
-		wpa_printf(MSG_WARNING, "No message for request %d", field);
-		ret = NULL;
-	}
-
-	return ret;
-}
-
-
-void wpas_send_ctrl_req(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			const char *field_name, const char *txt)
-{
-	char *buf;
-	size_t buflen;
-	int len;
-
-	buflen = 100 + os_strlen(txt) + ssid->ssid_len;
-	buf = os_malloc(buflen);
-	if (buf == NULL)
-		return;
-	len = os_snprintf(buf, buflen, "%s-%d:%s needed for SSID ",
-			  field_name, ssid->id, txt);
-	if (os_snprintf_error(buflen, len)) {
-		os_free(buf);
-		return;
-	}
-	if (ssid->ssid && buflen > len + ssid->ssid_len) {
-		os_memcpy(buf + len, ssid->ssid, ssid->ssid_len);
-		len += ssid->ssid_len;
-		buf[len] = '\0';
-	}
-	buf[buflen - 1] = '\0';
-	wpa_msg(wpa_s, MSG_INFO, WPA_CTRL_REQ "%s", buf);
-	os_free(buf);
-}
-
-
-#ifdef IEEE8021X_EAPOL
-#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
-static void wpa_supplicant_eap_param_needed(void *ctx,
-					    enum wpa_ctrl_req_type field,
-					    const char *default_txt)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	const char *field_name, *txt = NULL;
-
-	if (ssid == NULL)
-		return;
-
-	if (field == WPA_CTRL_REQ_EXT_CERT_CHECK)
-		ssid->eap.pending_ext_cert_check = PENDING_CHECK;
-	wpas_notify_network_request(wpa_s, ssid, field, default_txt);
-
-	field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt,
-						       &txt);
-	if (field_name == NULL) {
-		wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed",
-			   field);
-		return;
-	}
-
-	wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name);
-
-	wpas_send_ctrl_req(wpa_s, ssid, field_name, txt);
-}
-#else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-#define wpa_supplicant_eap_param_needed NULL
-#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-
-
-#ifdef CONFIG_EAP_PROXY
-
-static void wpa_supplicant_eap_proxy_cb(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	size_t len;
-
-	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
-						     wpa_s->imsi, &len);
-	if (wpa_s->mnc_len > 0) {
-		wpa_s->imsi[len] = '\0';
-		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
-			   wpa_s->imsi, wpa_s->mnc_len);
-	} else {
-		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
-	}
-}
-
-
-static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s)
-{
-	int i;
-	struct wpa_ssid *ssid;
-	const struct eap_method_type *eap_methods;
-
-	if (!wpa_s->conf)
-		return;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)	{
-		eap_methods = ssid->eap.eap_methods;
-		if (!eap_methods)
-			continue;
-
-		for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) {
-			if (eap_methods[i].vendor == EAP_VENDOR_IETF &&
-			    (eap_methods[i].method == EAP_TYPE_SIM ||
-			     eap_methods[i].method == EAP_TYPE_AKA ||
-			     eap_methods[i].method == EAP_TYPE_AKA_PRIME)) {
-				wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-				break;
-			}
-		}
-	}
-}
-
-
-static void
-wpa_supplicant_eap_proxy_notify_sim_status(void *ctx,
-					   enum eap_proxy_sim_state sim_state)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state);
-	switch (sim_state) {
-	case SIM_STATE_ERROR:
-		wpa_sm_sim_state_error_handler(wpa_s);
-		break;
-	default:
-		wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown");
-		break;
-	}
-}
-
-#endif /* CONFIG_EAP_PROXY */
-
-
-static void wpa_supplicant_port_cb(void *ctx, int authorized)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant "
-			   "port status: %s",
-			   authorized ? "Authorized" : "Unauthorized");
-		return;
-	}
-#endif /* CONFIG_AP */
-	wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
-		   authorized ? "Authorized" : "Unauthorized");
-	wpa_drv_set_supp_port(wpa_s, authorized);
-}
-
-
-static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert,
-				   const char *cert_hash)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpas_notify_certification(wpa_s, cert, cert_hash);
-}
-
-
-static void wpa_supplicant_status_cb(void *ctx, const char *status,
-				     const char *parameter)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpas_notify_eap_status(wpa_s, status, parameter);
-}
-
-
-static void wpa_supplicant_eap_error_cb(void *ctx, int error_code)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpas_notify_eap_error(wpa_s, error_code);
-}
-
-
-static int wpa_supplicant_eap_auth_start_cb(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (!wpa_s->new_connection && wpa_s->deny_ptk0_rekey &&
-	    !wpa_sm_ext_key_id_active(wpa_s->wpa)) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"WPA: PTK0 rekey not allowed, reconnecting");
-		wpa_supplicant_reconnect(wpa_s);
-		return -1;
-	}
-	return 0;
-}
-
-
-static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	char *str;
-	int res;
-
-	wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity",
-			  id, len);
-
-	if (wpa_s->current_ssid == NULL)
-		return;
-
-	if (id == NULL) {
-		if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
-				   "NULL", 0) < 0)
-			return;
-	} else {
-		str = os_malloc(len * 2 + 1);
-		if (str == NULL)
-			return;
-		wpa_snprintf_hex(str, len * 2 + 1, id, len);
-		res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
-				     str, 0);
-		os_free(str);
-		if (res < 0)
-			return;
-	}
-
-	if (wpa_s->conf->update_config) {
-		res = wpa_config_write(wpa_s->confname, wpa_s->conf);
-		if (res) {
-			wpa_printf(MSG_DEBUG, "Failed to update config after "
-				   "anonymous_id update");
-		}
-	}
-}
-#endif /* IEEE8021X_EAPOL */
-
-
-int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
-{
-#ifdef IEEE8021X_EAPOL
-	struct eapol_ctx *ctx;
-	ctx = os_zalloc(sizeof(*ctx));
-	if (ctx == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
-		return -1;
-	}
-
-	ctx->ctx = wpa_s;
-	ctx->msg_ctx = wpa_s;
-	ctx->eapol_send_ctx = wpa_s;
-	ctx->preauth = 0;
-	ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
-	ctx->eapol_send = wpa_supplicant_eapol_send;
-#ifdef CONFIG_WEP
-	ctx->set_wep_key = wpa_eapol_set_wep_key;
-#endif /* CONFIG_WEP */
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	ctx->set_config_blob = wpa_supplicant_set_config_blob;
-	ctx->get_config_blob = wpa_supplicant_get_config_blob;
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-	ctx->aborted_cached = wpa_supplicant_aborted_cached;
-	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
-	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
-	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
-	ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers;
-	ctx->wps = wpa_s->wps;
-	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
-#ifdef CONFIG_EAP_PROXY
-	ctx->eap_proxy_cb = wpa_supplicant_eap_proxy_cb;
-	ctx->eap_proxy_notify_sim_status =
-		wpa_supplicant_eap_proxy_notify_sim_status;
-#endif /* CONFIG_EAP_PROXY */
-	ctx->port_cb = wpa_supplicant_port_cb;
-	ctx->cb = wpa_supplicant_eapol_cb;
-	ctx->cert_cb = wpa_supplicant_cert_cb;
-	ctx->cert_in_cb = wpa_s->conf->cert_in_cb;
-	ctx->status_cb = wpa_supplicant_status_cb;
-	ctx->eap_error_cb = wpa_supplicant_eap_error_cb;
-	ctx->confirm_auth_cb = wpa_supplicant_eap_auth_start_cb;
-	ctx->set_anon_id = wpa_supplicant_set_anon_id;
-	ctx->cb_ctx = wpa_s;
-	wpa_s->eapol = eapol_sm_init(ctx);
-	if (wpa_s->eapol == NULL) {
-		os_free(ctx);
-		wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
-			   "machines.");
-		return -1;
-	}
-#endif /* IEEE8021X_EAPOL */
-
-	return 0;
-}
-
-
-#ifndef CONFIG_NO_WPA
-
-static void wpa_supplicant_set_rekey_offload(void *ctx,
-					     const u8 *kek, size_t kek_len,
-					     const u8 *kck, size_t kck_len,
-					     const u8 *replay_ctr)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr);
-}
-
-
-static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk,
-					   size_t pmk_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (wpa_s->conf->key_mgmt_offload &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
-		return wpa_drv_set_key(wpa_s, 0, NULL, 0, 0,
-				       NULL, 0, pmk, pmk_len, KEY_FLAG_PMK);
-	else
-		return 0;
-}
-
-
-static void wpa_supplicant_fils_hlp_rx(void *ctx, const u8 *dst, const u8 *src,
-				       const u8 *pkt, size_t pkt_len)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	char *hex;
-	size_t hexlen;
-
-	hexlen = pkt_len * 2 + 1;
-	hex = os_malloc(hexlen);
-	if (!hex)
-		return;
-	wpa_snprintf_hex(hex, hexlen, pkt, pkt_len);
-	wpa_msg(wpa_s, MSG_INFO, FILS_HLP_RX "dst=" MACSTR " src=" MACSTR
-		" frame=%s", MAC2STR(dst), MAC2STR(src), hex);
-	os_free(hex);
-}
-
-
-static int wpa_supplicant_channel_info(void *_wpa_s,
-				       struct wpa_channel_info *ci)
-{
-	struct wpa_supplicant *wpa_s = _wpa_s;
-
-	return wpa_drv_channel_info(wpa_s, ci);
-}
-
-
-static void disable_wpa_wpa2(struct wpa_ssid *ssid)
-{
-	ssid->proto &= ~WPA_PROTO_WPA;
-	ssid->proto |= WPA_PROTO_RSN;
-	ssid->key_mgmt &= ~(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK |
-			    WPA_KEY_MGMT_PSK_SHA256);
-	ssid->group_cipher &= ~WPA_CIPHER_TKIP;
-	if (!(ssid->group_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
-				    WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)))
-		ssid->group_cipher |= WPA_CIPHER_CCMP;
-	ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
-}
-
-
-static void wpa_supplicant_transition_disable(void *_wpa_s, u8 bitmap)
-{
-	struct wpa_supplicant *wpa_s = _wpa_s;
-	struct wpa_ssid *ssid;
-	int changed = 0;
-
-	wpa_msg(wpa_s, MSG_INFO, TRANSITION_DISABLE "%02x", bitmap);
-
-	ssid = wpa_s->current_ssid;
-	if (!ssid)
-		return;
-
-#ifdef CONFIG_SAE
-	if ((bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) &&
-	    wpa_key_mgmt_sae(wpa_s->key_mgmt) &&
-	    (ssid->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE)) &&
-	    (ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED ||
-	     (ssid->group_cipher & WPA_CIPHER_TKIP))) {
-		wpa_printf(MSG_DEBUG,
-			   "WPA3-Personal transition mode disabled based on AP notification");
-		disable_wpa_wpa2(ssid);
-		changed = 1;
-	}
-
-	if ((bitmap & TRANSITION_DISABLE_SAE_PK) &&
-	    wpa_key_mgmt_sae(wpa_s->key_mgmt) &&
-#ifdef CONFIG_SME
-	    wpa_s->sme.sae.state == SAE_ACCEPTED &&
-	    wpa_s->sme.sae.pk &&
-#endif /* CONFIG_SME */
-	    (ssid->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE)) &&
-	    (ssid->sae_pk != SAE_PK_MODE_ONLY ||
-	     ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED ||
-	     (ssid->group_cipher & WPA_CIPHER_TKIP))) {
-		wpa_printf(MSG_DEBUG,
-			   "SAE-PK: SAE authentication without PK disabled based on AP notification");
-		disable_wpa_wpa2(ssid);
-		ssid->sae_pk = SAE_PK_MODE_ONLY;
-		changed = 1;
-	}
-#endif /* CONFIG_SAE */
-
-	if ((bitmap & TRANSITION_DISABLE_WPA3_ENTERPRISE) &&
-	    wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
-	    (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X |
-			       WPA_KEY_MGMT_FT_IEEE8021X |
-			       WPA_KEY_MGMT_IEEE8021X_SHA256)) &&
-	    (ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED ||
-	     (ssid->group_cipher & WPA_CIPHER_TKIP))) {
-		disable_wpa_wpa2(ssid);
-		changed = 1;
-	}
-
-	if ((bitmap & TRANSITION_DISABLE_ENHANCED_OPEN) &&
-	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
-	    (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
-	    !ssid->owe_only) {
-		ssid->owe_only = 1;
-		changed = 1;
-	}
-
-	if (!changed)
-		return;
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-	if (wpa_s->conf->update_config &&
-	    wpa_config_write(wpa_s->confname, wpa_s->conf))
-		wpa_printf(MSG_DEBUG, "Failed to update configuration");
-#endif /* CONFIG_NO_CONFIG_WRITE */
-}
-
-
-static void wpa_supplicant_store_ptk(void *ctx, u8 *addr, int cipher,
-				     u32 life_time, const struct wpa_ptk *ptk)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	ptksa_cache_add(wpa_s->ptksa, addr, cipher, life_time, ptk);
-}
-
-#endif /* CONFIG_NO_WPA */
-
-
-int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
-{
-#ifndef CONFIG_NO_WPA
-	struct wpa_sm_ctx *ctx;
-
-	wpa_s->ptksa = ptksa_cache_init();
-	if (!wpa_s->ptksa) {
-		wpa_printf(MSG_ERROR, "Failed to allocate PTKSA");
-		return -1;
-	}
-
-	ctx = os_zalloc(sizeof(*ctx));
-	if (ctx == NULL) {
-		wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
-
-		ptksa_cache_deinit(wpa_s->ptksa);
-		wpa_s->ptksa = NULL;
-
-		return -1;
-	}
-
-	ctx->ctx = wpa_s;
-	ctx->msg_ctx = wpa_s;
-	ctx->set_state = _wpa_supplicant_set_state;
-	ctx->get_state = _wpa_supplicant_get_state;
-	ctx->deauthenticate = _wpa_supplicant_deauthenticate;
-	ctx->reconnect = _wpa_supplicant_reconnect;
-	ctx->set_key = wpa_supplicant_set_key;
-	ctx->get_network_ctx = wpa_supplicant_get_network_ctx;
-	ctx->get_bssid = wpa_supplicant_get_bssid;
-	ctx->ether_send = _wpa_ether_send;
-	ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
-	ctx->alloc_eapol = _wpa_alloc_eapol;
-	ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
-	ctx->add_pmkid = wpa_supplicant_add_pmkid;
-	ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
-#ifndef CONFIG_NO_CONFIG_BLOBS
-	ctx->set_config_blob = wpa_supplicant_set_config_blob;
-	ctx->get_config_blob = wpa_supplicant_get_config_blob;
-#endif /* CONFIG_NO_CONFIG_BLOBS */
-	ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
-#ifdef CONFIG_IEEE80211R
-	ctx->update_ft_ies = wpa_supplicant_update_ft_ies;
-	ctx->send_ft_action = wpa_supplicant_send_ft_action;
-	ctx->mark_authenticated = wpa_supplicant_mark_authenticated;
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_TDLS
-	ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa;
-	ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt;
-	ctx->tdls_oper = wpa_supplicant_tdls_oper;
-	ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset;
-	ctx->tdls_enable_channel_switch =
-		wpa_supplicant_tdls_enable_channel_switch;
-	ctx->tdls_disable_channel_switch =
-		wpa_supplicant_tdls_disable_channel_switch;
-#endif /* CONFIG_TDLS */
-	ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload;
-	ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk;
-	ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx;
-	ctx->channel_info = wpa_supplicant_channel_info;
-	ctx->transition_disable = wpa_supplicant_transition_disable;
-	ctx->store_ptk = wpa_supplicant_store_ptk;
-
-	wpa_s->wpa = wpa_sm_init(ctx);
-	if (wpa_s->wpa == NULL) {
-		wpa_printf(MSG_ERROR,
-			   "Failed to initialize WPA state machine");
-		os_free(ctx);
-		ptksa_cache_deinit(wpa_s->ptksa);
-		wpa_s->ptksa = NULL;
-		return -1;
-	}
-#endif /* CONFIG_NO_WPA */
-
-	return 0;
-}
-
-
-void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid)
-{
-	struct rsn_supp_config conf;
-	if (ssid) {
-		os_memset(&conf, 0, sizeof(conf));
-		conf.network_ctx = ssid;
-		conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
-#ifdef IEEE8021X_EAPOL
-		conf.proactive_key_caching = ssid->proactive_key_caching < 0 ?
-			wpa_s->conf->okc : ssid->proactive_key_caching;
-		conf.eap_workaround = ssid->eap_workaround;
-		conf.eap_conf_ctx = &ssid->eap;
-#endif /* IEEE8021X_EAPOL */
-		conf.ssid = ssid->ssid;
-		conf.ssid_len = ssid->ssid_len;
-		conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey;
-		conf.wpa_deny_ptk0_rekey = ssid->wpa_deny_ptk0_rekey;
-		conf.owe_ptk_workaround = ssid->owe_ptk_workaround;
-#ifdef CONFIG_P2P
-		if (ssid->p2p_group && wpa_s->current_bss &&
-		    !wpa_s->p2p_disable_ip_addr_req) {
-			struct wpabuf *p2p;
-			p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
-							  P2P_IE_VENDOR_TYPE);
-			if (p2p) {
-				u8 group_capab;
-				group_capab = p2p_get_group_capab(p2p);
-				if (group_capab &
-				    P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION)
-					conf.p2p = 1;
-				wpabuf_free(p2p);
-			}
-		}
-#endif /* CONFIG_P2P */
-		conf.wpa_rsc_relaxation = wpa_s->conf->wpa_rsc_relaxation;
-#ifdef CONFIG_FILS
-		if (wpa_key_mgmt_fils(wpa_s->key_mgmt))
-			conf.fils_cache_id =
-				wpa_bss_get_fils_cache_id(wpa_s->current_bss);
-#endif /* CONFIG_FILS */
-		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) ||
-		    (wpa_s->drv_flags2 &
-		     WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT))
-			conf.beacon_prot = ssid->beacon_prot;
-
-#ifdef CONFIG_PASN
-#ifdef CONFIG_TESTING_OPTIONS
-		conf.force_kdk_derivation = wpa_s->conf->force_kdk_derivation;
-#endif /* CONFIG_TESTING_OPTIONS */
-#endif /* CONFIG_PASN */
-	}
-	wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL);
-}
diff --git a/wpa_supplicant/wpas_glue.h b/wpa_supplicant/wpas_glue.h
deleted file mode 100644
index 338af4e650a7..000000000000
--- a/wpa_supplicant/wpas_glue.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * WPA Supplicant - Glue code to setup EAPOL and RSN modules
- * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPAS_GLUE_H
-#define WPAS_GLUE_H
-
-enum wpa_ctrl_req_type;
-
-int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s);
-int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *ssid);
-int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
-		   u16 proto, const u8 *buf, size_t len);
-
-const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,
-					       const char *default_txt,
-					       const char **txt);
-
-enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field);
-
-void wpas_send_ctrl_req(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			const char *field_name, const char *txt);
-
-#endif /* WPAS_GLUE_H */
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
deleted file mode 100644
index defd0f2f7e81..000000000000
--- a/wpa_supplicant/wpas_kay.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/*
- * IEEE 802.1X-2010 KaY Interface
- * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "eap_peer/eap.h"
-#include "eap_peer/eap_i.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "pae/ieee802_1x_key.h"
-#include "pae/ieee802_1x_kay.h"
-#include "wpa_supplicant_i.h"
-#include "config.h"
-#include "config_ssid.h"
-#include "driver_i.h"
-#include "wpas_kay.h"
-
-
-#define DEFAULT_KEY_LEN		16
-/* secure Connectivity Association Key Name (CKN) */
-#define DEFAULT_CKN_LEN		16
-
-
-static int wpas_macsec_init(void *priv, struct macsec_init_params *params)
-{
-	return wpa_drv_macsec_init(priv, params);
-}
-
-
-static int wpas_macsec_deinit(void *priv)
-{
-	return wpa_drv_macsec_deinit(priv);
-}
-
-
-static int wpas_macsec_get_capability(void *priv, enum macsec_cap *cap)
-{
-	return wpa_drv_macsec_get_capability(priv, cap);
-}
-
-
-static int wpas_enable_protect_frames(void *wpa_s, bool enabled)
-{
-	return wpa_drv_enable_protect_frames(wpa_s, enabled);
-}
-
-
-static int wpas_enable_encrypt(void *wpa_s, bool enabled)
-{
-	return wpa_drv_enable_encrypt(wpa_s, enabled);
-}
-
-
-static int wpas_set_replay_protect(void *wpa_s, bool enabled, u32 window)
-{
-	return wpa_drv_set_replay_protect(wpa_s, enabled, window);
-}
-
-
-static int wpas_set_current_cipher_suite(void *wpa_s, u64 cs)
-{
-	return wpa_drv_set_current_cipher_suite(wpa_s, cs);
-}
-
-
-static int wpas_enable_controlled_port(void *wpa_s, bool enabled)
-{
-	return wpa_drv_enable_controlled_port(wpa_s, enabled);
-}
-
-
-static int wpas_get_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
-{
-	return wpa_drv_get_receive_lowest_pn(wpa_s, sa);
-}
-
-
-static int wpas_get_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_get_transmit_next_pn(wpa_s, sa);
-}
-
-
-static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_set_transmit_next_pn(wpa_s, sa);
-}
-
-
-static int wpas_set_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
-{
-	return wpa_drv_set_receive_lowest_pn(wpa_s, sa);
-}
-
-
-static unsigned int conf_offset_val(enum confidentiality_offset co)
-{
-	switch (co) {
-	case CONFIDENTIALITY_OFFSET_30:
-		return 30;
-		break;
-	case CONFIDENTIALITY_OFFSET_50:
-		return 50;
-	default:
-		return 0;
-	}
-}
-
-
-static int wpas_create_receive_sc(void *wpa_s, struct receive_sc *sc,
-				  enum validate_frames vf,
-				  enum confidentiality_offset co)
-{
-	return wpa_drv_create_receive_sc(wpa_s, sc, conf_offset_val(co), vf);
-}
-
-
-static int wpas_delete_receive_sc(void *wpa_s, struct receive_sc *sc)
-{
-	return wpa_drv_delete_receive_sc(wpa_s, sc);
-}
-
-
-static int wpas_create_receive_sa(void *wpa_s, struct receive_sa *sa)
-{
-	return wpa_drv_create_receive_sa(wpa_s, sa);
-}
-
-
-static int wpas_delete_receive_sa(void *wpa_s, struct receive_sa *sa)
-{
-	return wpa_drv_delete_receive_sa(wpa_s, sa);
-}
-
-
-static int wpas_enable_receive_sa(void *wpa_s, struct receive_sa *sa)
-{
-	return wpa_drv_enable_receive_sa(wpa_s, sa);
-}
-
-
-static int wpas_disable_receive_sa(void *wpa_s, struct receive_sa *sa)
-{
-	return wpa_drv_disable_receive_sa(wpa_s, sa);
-}
-
-
-static int
-wpas_create_transmit_sc(void *wpa_s, struct transmit_sc *sc,
-			enum confidentiality_offset co)
-{
-	return wpa_drv_create_transmit_sc(wpa_s, sc, conf_offset_val(co));
-}
-
-
-static int wpas_delete_transmit_sc(void *wpa_s, struct transmit_sc *sc)
-{
-	return wpa_drv_delete_transmit_sc(wpa_s, sc);
-}
-
-
-static int wpas_create_transmit_sa(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_create_transmit_sa(wpa_s, sa);
-}
-
-
-static int wpas_delete_transmit_sa(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_delete_transmit_sa(wpa_s, sa);
-}
-
-
-static int wpas_enable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_enable_transmit_sa(wpa_s, sa);
-}
-
-
-static int wpas_disable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_disable_transmit_sa(wpa_s, sa);
-}
-
-
-int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
-{
-	struct ieee802_1x_kay_ctx *kay_ctx;
-	struct ieee802_1x_kay *res = NULL;
-	enum macsec_policy policy;
-
-	ieee802_1x_dealloc_kay_sm(wpa_s);
-
-	if (!ssid || ssid->macsec_policy == 0)
-		return 0;
-
-	if (ssid->macsec_policy == 1) {
-		if (ssid->macsec_integ_only == 1)
-			policy = SHOULD_SECURE;
-		else
-			policy = SHOULD_ENCRYPT;
-	} else {
-		policy = DO_NOT_SECURE;
-	}
-
-	kay_ctx = os_zalloc(sizeof(*kay_ctx));
-	if (!kay_ctx)
-		return -1;
-
-	kay_ctx->ctx = wpa_s;
-
-	kay_ctx->macsec_init = wpas_macsec_init;
-	kay_ctx->macsec_deinit = wpas_macsec_deinit;
-	kay_ctx->macsec_get_capability = wpas_macsec_get_capability;
-	kay_ctx->enable_protect_frames = wpas_enable_protect_frames;
-	kay_ctx->enable_encrypt = wpas_enable_encrypt;
-	kay_ctx->set_replay_protect = wpas_set_replay_protect;
-	kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite;
-	kay_ctx->enable_controlled_port = wpas_enable_controlled_port;
-	kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
-	kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
-	kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
-	kay_ctx->set_receive_lowest_pn = wpas_set_receive_lowest_pn;
-	kay_ctx->create_receive_sc = wpas_create_receive_sc;
-	kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
-	kay_ctx->create_receive_sa = wpas_create_receive_sa;
-	kay_ctx->delete_receive_sa = wpas_delete_receive_sa;
-	kay_ctx->enable_receive_sa = wpas_enable_receive_sa;
-	kay_ctx->disable_receive_sa = wpas_disable_receive_sa;
-	kay_ctx->create_transmit_sc = wpas_create_transmit_sc;
-	kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc;
-	kay_ctx->create_transmit_sa = wpas_create_transmit_sa;
-	kay_ctx->delete_transmit_sa = wpas_delete_transmit_sa;
-	kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
-	kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
-
-	res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_replay_protect,
-				  ssid->macsec_replay_window, ssid->macsec_port,
-				  ssid->mka_priority, wpa_s->ifname,
-				  wpa_s->own_addr);
-	/* ieee802_1x_kay_init() frees kay_ctx on failure */
-	if (res == NULL)
-		return -1;
-
-	wpa_s->kay = res;
-
-	return 0;
-}
-
-
-void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
-{
-	if (!wpa_s->kay)
-		return;
-
-	ieee802_1x_kay_deinit(wpa_s->kay);
-	wpa_s->kay = NULL;
-}
-
-
-static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s,
-					  const u8 *addr, u8 *sid, size_t *len)
-{
-	const u8 *session_id;
-	size_t id_len, need_len;
-
-	session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len);
-	if (session_id == NULL) {
-		wpa_printf(MSG_DEBUG,
-			   "Failed to get SessionID from EAPOL state machines");
-		return -1;
-	}
-
-	need_len = 1 + 2 * 32 /* random size */;
-	if (need_len > id_len) {
-		wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough");
-		return -1;
-	}
-
-	os_memcpy(sid, session_id, need_len);
-	*len = need_len;
-
-	return 0;
-}
-
-
-static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr,
-				   u8 *msk, size_t *len)
-{
-	u8 key[EAP_MSK_LEN];
-	size_t keylen;
-	struct eapol_sm *sm;
-	int res;
-
-	sm = wpa_s->eapol;
-	if (sm == NULL)
-		return -1;
-
-	keylen = EAP_MSK_LEN;
-	res = eapol_sm_get_key(sm, key, keylen);
-	if (res) {
-		wpa_printf(MSG_DEBUG,
-			   "Failed to get MSK from EAPOL state machines");
-		return -1;
-	}
-
-	if (keylen > *len)
-		keylen = *len;
-	os_memcpy(msk, key, keylen);
-	*len = keylen;
-
-	return 0;
-}
-
-
-void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
-				      const u8 *peer_addr)
-{
-	u8 *sid;
-	size_t sid_len = 128;
-	struct mka_key_name *ckn;
-	struct mka_key *cak;
-	struct mka_key *msk;
-	void *res = NULL;
-
-	if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
-		return NULL;
-
-	wpa_printf(MSG_DEBUG,
-		   "IEEE 802.1X: External notification - Create MKA for "
-		   MACSTR, MAC2STR(peer_addr));
-
-	msk = os_zalloc(sizeof(*msk));
-	sid = os_zalloc(sid_len);
-	ckn = os_zalloc(sizeof(*ckn));
-	cak = os_zalloc(sizeof(*cak));
-	if (!msk || !sid || !ckn || !cak)
-		goto fail;
-
-	msk->len = DEFAULT_KEY_LEN;
-	if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) {
-		wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK");
-		goto fail;
-	}
-
-	if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len))
-	{
-		wpa_printf(MSG_ERROR,
-			   "IEEE 802.1X: Could not get EAP Session Id");
-		goto fail;
-	}
-
-	/* Derive CAK from MSK */
-	cak->len = DEFAULT_KEY_LEN;
-	if (ieee802_1x_cak_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
-				    peer_addr, cak->key, cak->len)) {
-		wpa_printf(MSG_ERROR,
-			   "IEEE 802.1X: Deriving CAK failed");
-		goto fail;
-	}
-	wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len);
-
-	/* Derive CKN from MSK */
-	ckn->len = DEFAULT_CKN_LEN;
-	if (ieee802_1x_ckn_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
-				    peer_addr, sid, sid_len, ckn->name)) {
-		wpa_printf(MSG_ERROR,
-			   "IEEE 802.1X: Deriving CKN failed");
-		goto fail;
-	}
-	wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len);
-
-	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0,
-					EAP_EXCHANGE, false);
-
-fail:
-	if (msk) {
-		os_memset(msk, 0, sizeof(*msk));
-		os_free(msk);
-	}
-	os_free(sid);
-	os_free(ckn);
-	if (cak) {
-		os_memset(cak, 0, sizeof(*cak));
-		os_free(cak);
-	}
-
-	return res;
-}
-
-
-void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
-				       struct wpa_ssid *ssid)
-{
-	struct mka_key *cak;
-	struct mka_key_name *ckn;
-	void *res = NULL;
-
-	if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
-		goto end;
-
-	ckn = os_zalloc(sizeof(*ckn));
-	if (!ckn)
-		goto end;
-
-	cak = os_zalloc(sizeof(*cak));
-	if (!cak)
-		goto free_ckn;
-
-	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
-		goto free_cak;
-
-	if (wpa_s->kay->policy == DO_NOT_SECURE)
-		goto dealloc;
-
-	cak->len = ssid->mka_cak_len;
-	os_memcpy(cak->key, ssid->mka_cak, cak->len);
-
-	ckn->len = ssid->mka_ckn_len;
-	os_memcpy(ckn->name, ssid->mka_ckn, ckn->len);
-
-	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, false);
-	if (res)
-		goto free_cak;
-
-dealloc:
-	/* Failed to create MKA */
-	ieee802_1x_dealloc_kay_sm(wpa_s);
-free_cak:
-	os_free(cak);
-free_ckn:
-	os_free(ckn);
-end:
-	return res;
-}
diff --git a/wpa_supplicant/wpas_kay.h b/wpa_supplicant/wpas_kay.h
deleted file mode 100644
index 81f8e0ce329e..000000000000
--- a/wpa_supplicant/wpas_kay.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * IEEE 802.1X-2010 KaY Interface
- * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPAS_KAY_H
-#define WPAS_KAY_H
-
-#ifdef CONFIG_MACSEC
-
-int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s,
-			    struct wpa_ssid *ssid);
-void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
-				      const u8 *peer_addr);
-void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s);
-
-void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
-				       struct wpa_ssid *ssid);
-
-#else /* CONFIG_MACSEC */
-
-static inline int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s,
-					  struct wpa_ssid *ssid)
-{
-	return 0;
-}
-
-static inline void *
-ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
-			       const u8 *peer_addr)
-{
-	return NULL;
-}
-
-static inline void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline void *
-ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
-				struct wpa_ssid *ssid)
-{
-	return 0;
-}
-
-#endif /* CONFIG_MACSEC */
-
-#endif /* WPAS_KAY_H */
diff --git a/wpa_supplicant/wpas_module_tests.c b/wpa_supplicant/wpas_module_tests.c
deleted file mode 100644
index ce5398cb851a..000000000000
--- a/wpa_supplicant/wpas_module_tests.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * wpa_supplicant module tests
- * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "utils/module_tests.h"
-#include "wpa_supplicant_i.h"
-#include "bssid_ignore.h"
-
-
-static int wpas_bssid_ignore_module_tests(void)
-{
-	struct wpa_supplicant wpa_s;
-	int ret = -1;
-
-	os_memset(&wpa_s, 0, sizeof(wpa_s));
-
-	wpa_bssid_ignore_clear(&wpa_s);
-
-	if (wpa_bssid_ignore_get(NULL, NULL) != NULL ||
-	    wpa_bssid_ignore_get(NULL, (u8 *) "123456") != NULL ||
-	    wpa_bssid_ignore_get(&wpa_s, NULL) != NULL ||
-	    wpa_bssid_ignore_get(&wpa_s, (u8 *) "123456") != NULL)
-		goto fail;
-
-	if (wpa_bssid_ignore_add(NULL, NULL) == 0 ||
-	    wpa_bssid_ignore_add(NULL, (u8 *) "123456") == 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, NULL) == 0)
-		goto fail;
-
-	if (wpa_bssid_ignore_del(NULL, NULL) == 0 ||
-	    wpa_bssid_ignore_del(NULL, (u8 *) "123456") == 0 ||
-	    wpa_bssid_ignore_del(&wpa_s, NULL) == 0 ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "123456") == 0)
-		goto fail;
-
-	if (wpa_bssid_ignore_add(&wpa_s, (u8 *) "111111") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "111111") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "222222") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "333333") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "444444") < 0 ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "333333") < 0 ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "xxxxxx") == 0 ||
-	    wpa_bssid_ignore_get(&wpa_s, (u8 *) "xxxxxx") != NULL ||
-	    wpa_bssid_ignore_get(&wpa_s, (u8 *) "111111") == NULL ||
-	    wpa_bssid_ignore_get(&wpa_s, (u8 *) "222222") == NULL ||
-	    wpa_bssid_ignore_get(&wpa_s, (u8 *) "444444") == NULL ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "111111") < 0 ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "222222") < 0 ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "444444") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "111111") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "222222") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "333333") < 0)
-		goto fail;
-
-	wpa_bssid_ignore_clear(&wpa_s);
-
-	if (wpa_bssid_ignore_add(&wpa_s, (u8 *) "111111") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "222222") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "333333") < 0 ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "444444") < 0 ||
-	    !wpa_bssid_ignore_is_listed(&wpa_s, (u8 *) "111111") ||
-	    wpa_bssid_ignore_del(&wpa_s, (u8 *) "111111") < 0 ||
-	    wpa_bssid_ignore_is_listed(&wpa_s, (u8 *) "111111") ||
-	    wpa_bssid_ignore_add(&wpa_s, (u8 *) "111111") < 0)
-		goto fail;
-
-	wpa_bssid_ignore_update(&wpa_s);
-
-	if (!wpa_bssid_ignore_is_listed(&wpa_s, (u8 *) "111111"))
-		goto fail;
-
-	ret = 0;
-fail:
-	wpa_bssid_ignore_clear(&wpa_s);
-
-	if (ret)
-		wpa_printf(MSG_ERROR, "bssid_ignore module test failure");
-
-	return ret;
-}
-
-
-int wpas_module_tests(void)
-{
-	int ret = 0;
-
-	wpa_printf(MSG_INFO, "wpa_supplicant module tests");
-
-	if (wpas_bssid_ignore_module_tests() < 0)
-		ret = -1;
-
-#ifdef CONFIG_WPS
-	if (wps_module_tests() < 0)
-		ret = -1;
-#endif /* CONFIG_WPS */
-
-	if (utils_module_tests() < 0)
-		ret = -1;
-
-	if (common_module_tests() < 0)
-		ret = -1;
-
-	if (crypto_module_tests() < 0)
-		ret = -1;
-
-	return ret;
-}
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
deleted file mode 100644
index 5633f3d1ecaf..000000000000
--- a/wpa_supplicant/wps_supplicant.c
+++ /dev/null
@@ -1,3013 +0,0 @@
-/*
- * wpa_supplicant / WPS integration
- * Copyright (c) 2008-2014, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "eloop.h"
-#include "uuid.h"
-#include "crypto/random.h"
-#include "crypto/dh_group5.h"
-#include "common/ieee802_11_defs.h"
-#include "common/ieee802_11_common.h"
-#include "common/wpa_common.h"
-#include "common/wpa_ctrl.h"
-#include "eap_common/eap_wsc_common.h"
-#include "eap_peer/eap.h"
-#include "eapol_supp/eapol_supp_sm.h"
-#include "rsn_supp/wpa.h"
-#include "wps/wps_attr_parse.h"
-#include "config.h"
-#include "wpa_supplicant_i.h"
-#include "driver_i.h"
-#include "notify.h"
-#include "bssid_ignore.h"
-#include "bss.h"
-#include "scan.h"
-#include "ap.h"
-#include "p2p/p2p.h"
-#include "p2p_supplicant.h"
-#include "wps_supplicant.h"
-
-
-#ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
-#define WPS_PIN_SCAN_IGNORE_SEL_REG 3
-#endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */
-
-/*
- * The minimum time in seconds before trying to associate to a WPS PIN AP that
- * does not have Selected Registrar TRUE.
- */
-#ifndef WPS_PIN_TIME_IGNORE_SEL_REG
-#define WPS_PIN_TIME_IGNORE_SEL_REG 5
-#endif /* WPS_PIN_TIME_IGNORE_SEL_REG */
-
-static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
-static void wpas_clear_wps(struct wpa_supplicant *wpa_s);
-
-
-static void wpas_wps_clear_ap_info(struct wpa_supplicant *wpa_s)
-{
-	os_free(wpa_s->wps_ap);
-	wpa_s->wps_ap = NULL;
-	wpa_s->num_wps_ap = 0;
-	wpa_s->wps_ap_iter = 0;
-}
-
-
-static void wpas_wps_assoc_with_cred(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	int use_fast_assoc = timeout_ctx != NULL;
-
-	wpa_printf(MSG_DEBUG, "WPS: Continuing association after eapol_cb");
-	if (!use_fast_assoc ||
-	    wpa_supplicant_fast_associate(wpa_s) != 1)
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-static void wpas_wps_assoc_with_cred_cancel(struct wpa_supplicant *wpa_s)
-{
-	eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 0);
-	eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 1);
-}
-
-
-int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
-{
-	if (wpas_p2p_wps_eapol_cb(wpa_s) > 0)
-		return 1;
-
-	if (!wpa_s->wps_success &&
-	    wpa_s->current_ssid &&
-	    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
-		const u8 *bssid = wpa_s->bssid;
-		if (is_zero_ether_addr(bssid))
-			bssid = wpa_s->pending_bssid;
-
-		wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR
-			   " did not succeed - continue trying to find "
-			   "suitable AP", MAC2STR(bssid));
-		wpa_bssid_ignore_add(wpa_s, bssid);
-
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-		wpa_s->reassociate = 1;
-		wpa_supplicant_req_scan(wpa_s,
-					wpa_s->bssid_ignore_cleared ? 5 : 0, 0);
-		wpa_s->bssid_ignore_cleared = false;
-		return 1;
-	}
-
-	wpas_wps_clear_ap_info(wpa_s);
-	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && !wpa_s->wps_success)
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL);
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
-	    !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
-		int disabled = wpa_s->current_ssid->disabled;
-		unsigned int freq = wpa_s->assoc_freq;
-		struct wpa_bss *bss;
-		struct wpa_ssid *ssid = NULL;
-		int use_fast_assoc = 0;
-
-		wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
-			   "try to associate with the received credential "
-			   "(freq=%u)", freq);
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-		if (disabled) {
-			wpa_printf(MSG_DEBUG, "WPS: Current network is "
-				   "disabled - wait for user to enable");
-			return 1;
-		}
-		wpa_s->after_wps = 5;
-		wpa_s->wps_freq = freq;
-		wpa_s->normal_scans = 0;
-		wpa_s->reassociate = 1;
-
-		wpa_printf(MSG_DEBUG, "WPS: Checking whether fast association "
-			   "without a new scan can be used");
-		bss = wpa_supplicant_pick_network(wpa_s, &ssid);
-		if (bss) {
-			struct wpabuf *wps;
-			struct wps_parse_attr attr;
-
-			wps = wpa_bss_get_vendor_ie_multi(bss,
-							  WPS_IE_VENDOR_TYPE);
-			if (wps && wps_parse_msg(wps, &attr) == 0 &&
-			    attr.wps_state &&
-			    *attr.wps_state == WPS_STATE_CONFIGURED)
-				use_fast_assoc = 1;
-			wpabuf_free(wps);
-		}
-
-		/*
-		 * Complete the next step from an eloop timeout to allow pending
-		 * driver events related to the disconnection to be processed
-		 * first. This makes it less likely for disconnection event to
-		 * cause problems with the following connection.
-		 */
-		wpa_printf(MSG_DEBUG, "WPS: Continue association from timeout");
-		wpas_wps_assoc_with_cred_cancel(wpa_s);
-		eloop_register_timeout(0, 10000,
-				       wpas_wps_assoc_with_cred, wpa_s,
-				       use_fast_assoc ? (void *) 1 :
-				       (void *) 0);
-		return 1;
-	}
-
-	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) {
-		wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting "
-			   "for external credential processing");
-		wpas_clear_wps(wpa_s);
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-		return 1;
-	}
-
-	return 0;
-}
-
-
-static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
-					 struct wpa_ssid *ssid,
-					 const struct wps_credential *cred)
-{
-	struct wpa_driver_capa capa;
-	struct wpa_bss *bss;
-	const u8 *ie;
-	struct wpa_ie_data adv;
-	int wpa2 = 0, ccmp = 0;
-	enum wpa_driver_if_type iftype;
-
-	/*
-	 * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in
-	 * case they are configured for mixed mode operation (WPA+WPA2 and
-	 * TKIP+CCMP). Try to use scan results to figure out whether the AP
-	 * actually supports stronger security and select that if the client
-	 * has support for it, too.
-	 */
-
-	if (wpa_drv_get_capa(wpa_s, &capa))
-		return; /* Unknown what driver supports */
-
-	if (ssid->ssid == NULL)
-		return;
-	bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len);
-	if (!bss)
-		bss = wpa_bss_get(wpa_s, wpa_s->bssid,
-				  ssid->ssid, ssid->ssid_len);
-	if (bss == NULL) {
-		wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS "
-			   "table - use credential as-is");
-		return;
-	}
-
-	wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table");
-
-	ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-	if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
-		wpa2 = 1;
-		if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
-			ccmp = 1;
-	} else {
-		ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-		if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
-		    adv.pairwise_cipher & WPA_CIPHER_CCMP)
-			ccmp = 1;
-	}
-
-	if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) &&
-	    (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) {
-		/*
-		 * TODO: This could be the initial AP configuration and the
-		 * Beacon contents could change shortly. Should request a new
-		 * scan and delay addition of the network until the updated
-		 * scan results are available.
-		 */
-		wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA "
-			   "support - use credential as-is");
-		return;
-	}
-
-	iftype = ssid->p2p_group ? WPA_IF_P2P_CLIENT : WPA_IF_STATION;
-
-	if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
-	    (ssid->pairwise_cipher & WPA_CIPHER_TKIP) &&
-	    (capa.key_mgmt_iftype[iftype] &
-	     WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
-		wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential "
-			   "based on scan results");
-		if (wpa_s->conf->ap_scan == 1)
-			ssid->pairwise_cipher |= WPA_CIPHER_CCMP;
-		else
-			ssid->pairwise_cipher = WPA_CIPHER_CCMP;
-	}
-
-	if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) &&
-	    (ssid->proto & WPA_PROTO_WPA) &&
-	    (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) {
-		wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential "
-			   "based on scan results");
-		if (wpa_s->conf->ap_scan == 1)
-			ssid->proto |= WPA_PROTO_RSN;
-		else
-			ssid->proto = WPA_PROTO_RSN;
-	}
-}
-
-
-static void wpas_wps_remove_dup_network(struct wpa_supplicant *wpa_s,
-					struct wpa_ssid *new_ssid)
-{
-	struct wpa_ssid *ssid, *next;
-
-	for (ssid = wpa_s->conf->ssid, next = ssid ? ssid->next : NULL; ssid;
-	     ssid = next, next = ssid ? ssid->next : NULL) {
-		/*
-		 * new_ssid has already been added to the list in
-		 * wpas_wps_add_network(), so skip it.
-		 */
-		if (ssid == new_ssid)
-			continue;
-
-		if (ssid->bssid_set || new_ssid->bssid_set) {
-			if (ssid->bssid_set != new_ssid->bssid_set)
-				continue;
-			if (os_memcmp(ssid->bssid, new_ssid->bssid, ETH_ALEN) !=
-			    0)
-				continue;
-		}
-
-		/* compare SSID */
-		if (ssid->ssid_len == 0 || ssid->ssid_len != new_ssid->ssid_len)
-			continue;
-
-		if (ssid->ssid && new_ssid->ssid) {
-			if (os_memcmp(ssid->ssid, new_ssid->ssid,
-				      ssid->ssid_len) != 0)
-				continue;
-		} else if (ssid->ssid || new_ssid->ssid)
-			continue;
-
-		/* compare security parameters */
-		if (ssid->auth_alg != new_ssid->auth_alg ||
-		    ssid->key_mgmt != new_ssid->key_mgmt ||
-		    (ssid->group_cipher != new_ssid->group_cipher &&
-		     !(ssid->group_cipher & new_ssid->group_cipher &
-		       WPA_CIPHER_CCMP)))
-			continue;
-
-		/*
-		 * Some existing WPS APs will send two creds in case they are
-		 * configured for mixed mode operation (WPA+WPA2 and TKIP+CCMP).
-		 * Try to merge these two creds if they are received in the same
-		 * M8 message.
-		 */
-		if (ssid->wps_run && ssid->wps_run == new_ssid->wps_run &&
-		    wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
-			if (new_ssid->passphrase && ssid->passphrase &&
-			    os_strcmp(new_ssid->passphrase, ssid->passphrase) !=
-			    0) {
-				wpa_printf(MSG_DEBUG,
-					   "WPS: M8 Creds with different passphrase - do not merge");
-				continue;
-			}
-
-			if (new_ssid->psk_set &&
-			    (!ssid->psk_set ||
-			     os_memcmp(new_ssid->psk, ssid->psk, 32) != 0)) {
-				wpa_printf(MSG_DEBUG,
-					   "WPS: M8 Creds with different PSK - do not merge");
-				continue;
-			}
-
-			if ((new_ssid->passphrase && !ssid->passphrase) ||
-			    (!new_ssid->passphrase && ssid->passphrase)) {
-				wpa_printf(MSG_DEBUG,
-					   "WPS: M8 Creds with different passphrase/PSK type - do not merge");
-				continue;
-			}
-
-			wpa_printf(MSG_DEBUG,
-				   "WPS: Workaround - merge likely WPA/WPA2-mixed mode creds in same M8 message");
-			new_ssid->proto |= ssid->proto;
-			new_ssid->pairwise_cipher |= ssid->pairwise_cipher;
-		} else {
-			/*
-			 * proto and pairwise_cipher difference matter for
-			 * non-mixed-mode creds.
-			 */
-			if (ssid->proto != new_ssid->proto ||
-			    ssid->pairwise_cipher != new_ssid->pairwise_cipher)
-				continue;
-		}
-
-		/* Remove the duplicated older network entry. */
-		wpa_printf(MSG_DEBUG, "Remove duplicate network %d", ssid->id);
-		wpas_notify_network_removed(wpa_s, ssid);
-		if (wpa_s->current_ssid == ssid)
-			wpa_s->current_ssid = NULL;
-		wpa_config_remove_network(wpa_s->conf, ssid->id);
-	}
-}
-
-
-static int wpa_supplicant_wps_cred(void *ctx,
-				   const struct wps_credential *cred)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	u16 auth_type;
-#ifdef CONFIG_WPS_REG_DISABLE_OPEN
-	int registrar = 0;
-#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
-	bool add_sae;
-
-	if ((wpa_s->conf->wps_cred_processing == 1 ||
-	     wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
-		size_t blen = cred->cred_attr_len * 2 + 1;
-		char *buf = os_malloc(blen);
-		if (buf) {
-			wpa_snprintf_hex(buf, blen,
-					 cred->cred_attr, cred->cred_attr_len);
-			wpa_msg(wpa_s, MSG_INFO, "%s%s",
-				WPS_EVENT_CRED_RECEIVED, buf);
-			os_free(buf);
-		}
-
-		wpas_notify_wps_credential(wpa_s, cred);
-	} else
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED);
-
-	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
-			cred->cred_attr, cred->cred_attr_len);
-
-	if (wpa_s->conf->wps_cred_processing == 1)
-		return 0;
-
-	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
-	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
-		   cred->auth_type);
-	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
-	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
-	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
-			cred->key, cred->key_len);
-	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
-		   MAC2STR(cred->mac_addr));
-
-	auth_type = cred->auth_type;
-	if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
-		wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode "
-			   "auth_type into WPA2PSK");
-		auth_type = WPS_AUTH_WPA2PSK;
-	}
-
-	if (auth_type != WPS_AUTH_OPEN &&
-	    auth_type != WPS_AUTH_WPAPSK &&
-	    auth_type != WPS_AUTH_WPA2PSK) {
-		wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
-			   "unsupported authentication type 0x%x",
-			   auth_type);
-		return 0;
-	}
-
-	if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
-		if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
-			wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
-				   "invalid Network Key length %lu",
-				   (unsigned long) cred->key_len);
-			return -1;
-		}
-	}
-
-	if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
-		wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
-			   "on the received credential");
-#ifdef CONFIG_WPS_REG_DISABLE_OPEN
-		if (ssid->eap.identity &&
-		    ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN &&
-		    os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR,
-			      WSC_ID_REGISTRAR_LEN) == 0)
-			registrar = 1;
-#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
-		os_free(ssid->eap.identity);
-		ssid->eap.identity = NULL;
-		ssid->eap.identity_len = 0;
-		os_free(ssid->eap.phase1);
-		ssid->eap.phase1 = NULL;
-		os_free(ssid->eap.eap_methods);
-		ssid->eap.eap_methods = NULL;
-		if (!ssid->p2p_group) {
-			ssid->temporary = 0;
-			ssid->bssid_set = 0;
-		}
-		ssid->disabled_until.sec = 0;
-		ssid->disabled_until.usec = 0;
-		ssid->auth_failures = 0;
-	} else {
-		wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the "
-			   "received credential");
-		ssid = wpa_config_add_network(wpa_s->conf);
-		if (ssid == NULL)
-			return -1;
-		if (wpa_s->current_ssid) {
-			/*
-			 * Should the GO issue multiple credentials for some
-			 * reason, each credential should be marked as a
-			 * temporary P2P group similarly to the one that gets
-			 * marked as such based on the pre-configured values
-			 * used for the WPS network block.
-			 */
-			ssid->p2p_group = wpa_s->current_ssid->p2p_group;
-			ssid->temporary = wpa_s->current_ssid->temporary;
-		}
-		wpas_notify_network_added(wpa_s, ssid);
-	}
-
-	wpa_config_set_network_defaults(ssid);
-	ssid->wps_run = wpa_s->wps_run;
-
-	os_free(ssid->ssid);
-	ssid->ssid = os_malloc(cred->ssid_len);
-	if (ssid->ssid) {
-		os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len);
-		ssid->ssid_len = cred->ssid_len;
-	}
-
-	switch (cred->encr_type) {
-	case WPS_ENCR_NONE:
-		break;
-	case WPS_ENCR_TKIP:
-		ssid->pairwise_cipher = WPA_CIPHER_TKIP | WPA_CIPHER_CCMP;
-		break;
-	case WPS_ENCR_AES:
-		ssid->pairwise_cipher = WPA_CIPHER_CCMP;
-		if (wpa_s->drv_capa_known &&
-		    (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP)) {
-			ssid->pairwise_cipher |= WPA_CIPHER_GCMP;
-			ssid->group_cipher |= WPA_CIPHER_GCMP;
-		}
-		if (wpa_s->drv_capa_known &&
-		    (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP_256)) {
-			ssid->pairwise_cipher |= WPA_CIPHER_GCMP_256;
-			ssid->group_cipher |= WPA_CIPHER_GCMP_256;
-		}
-		if (wpa_s->drv_capa_known &&
-		    (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_CCMP_256)) {
-			ssid->pairwise_cipher |= WPA_CIPHER_CCMP_256;
-			ssid->group_cipher |= WPA_CIPHER_CCMP_256;
-		}
-		break;
-	}
-
-	switch (auth_type) {
-	case WPS_AUTH_OPEN:
-		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
-		ssid->key_mgmt = WPA_KEY_MGMT_NONE;
-		ssid->proto = 0;
-#ifdef CONFIG_WPS_REG_DISABLE_OPEN
-		if (registrar) {
-			wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK
-				"id=%d - Credentials for an open "
-				"network disabled by default - use "
-				"'select_network %d' to enable",
-				ssid->id, ssid->id);
-			ssid->disabled = 1;
-		}
-#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
-		break;
-	case WPS_AUTH_WPAPSK:
-		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
-		ssid->key_mgmt = WPA_KEY_MGMT_PSK;
-		ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN;
-		break;
-	case WPS_AUTH_WPA2PSK:
-		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
-		ssid->key_mgmt = WPA_KEY_MGMT_PSK;
-		add_sae = wpa_s->conf->wps_cred_add_sae;
-#ifdef CONFIG_P2P
-		if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p))
-			add_sae = true;
-#endif /* CONFIG_P2P */
-		if (add_sae && cred->key_len != 2 * PMK_LEN) {
-			ssid->auth_alg = 0;
-			ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
-			ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
-		}
-		ssid->proto = WPA_PROTO_RSN;
-		break;
-	}
-
-	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
-		if (cred->key_len == 2 * PMK_LEN) {
-			if (hexstr2bin((const char *) cred->key, ssid->psk,
-				       PMK_LEN)) {
-				wpa_printf(MSG_ERROR, "WPS: Invalid Network "
-					   "Key");
-				return -1;
-			}
-			ssid->psk_set = 1;
-			ssid->export_keys = 1;
-		} else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
-			os_free(ssid->passphrase);
-			ssid->passphrase = os_malloc(cred->key_len + 1);
-			if (ssid->passphrase == NULL)
-				return -1;
-			os_memcpy(ssid->passphrase, cred->key, cred->key_len);
-			ssid->passphrase[cred->key_len] = '\0';
-			wpa_config_update_psk(ssid);
-			ssid->export_keys = 1;
-		} else {
-			wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
-				   "length %lu",
-				   (unsigned long) cred->key_len);
-			return -1;
-		}
-	}
-	ssid->priority = wpa_s->conf->wps_priority;
-
-	wpas_wps_security_workaround(wpa_s, ssid, cred);
-
-	wpas_wps_remove_dup_network(wpa_s, ssid);
-
-#ifndef CONFIG_NO_CONFIG_WRITE
-	if (wpa_s->conf->update_config &&
-	    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
-		wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration");
-		return -1;
-	}
-#endif /* CONFIG_NO_CONFIG_WRITE */
-
-	if (ssid->priority)
-		wpa_config_update_prio_list(wpa_s->conf);
-
-	/*
-	 * Optimize the post-WPS scan based on the channel used during
-	 * the provisioning in case EAP-Failure is not received.
-	 */
-	wpa_s->after_wps = 5;
-	wpa_s->wps_freq = wpa_s->assoc_freq;
-
-	return 0;
-}
-
-
-static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s,
-					 struct wps_event_m2d *m2d)
-{
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D
-		"dev_password_id=%d config_error=%d",
-		m2d->dev_password_id, m2d->config_error);
-	wpas_notify_wps_event_m2d(wpa_s, m2d);
-#ifdef CONFIG_P2P
-	if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s) {
-		wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_M2D
-			"dev_password_id=%d config_error=%d",
-			m2d->dev_password_id, m2d->config_error);
-	}
-	if (m2d->config_error == WPS_CFG_MULTIPLE_PBC_DETECTED) {
-		/*
-		 * Notify P2P from eloop timeout to avoid issues with the
-		 * interface getting removed while processing a message.
-		 */
-		eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb, wpa_s,
-				       NULL);
-	}
-#endif /* CONFIG_P2P */
-}
-
-
-static void wpas_wps_clear_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	wpa_printf(MSG_DEBUG, "WPS: Clear WPS network from timeout");
-	wpas_clear_wps(wpa_s);
-}
-
-
-static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s,
-					  struct wps_event_fail *fail)
-{
-	if (fail->error_indication > 0 &&
-	    fail->error_indication < NUM_WPS_EI_VALUES) {
-		wpa_msg(wpa_s, MSG_INFO,
-			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
-			fail->msg, fail->config_error, fail->error_indication,
-			wps_ei_str(fail->error_indication));
-		if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s)
-			wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
-				"msg=%d config_error=%d reason=%d (%s)",
-				fail->msg, fail->config_error,
-				fail->error_indication,
-				wps_ei_str(fail->error_indication));
-	} else {
-		wpa_msg(wpa_s, MSG_INFO,
-			WPS_EVENT_FAIL "msg=%d config_error=%d",
-			fail->msg, fail->config_error);
-		if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s)
-			wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
-				"msg=%d config_error=%d",
-				fail->msg, fail->config_error);
-	}
-
-	/*
-	 * Need to allow WPS processing to complete, e.g., by sending WSC_NACK.
-	 */
-	wpa_printf(MSG_DEBUG, "WPS: Register timeout to clear WPS network");
-	eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
-	eloop_register_timeout(0, 100000, wpas_wps_clear_timeout, wpa_s, NULL);
-
-	wpas_notify_wps_event_fail(wpa_s, fail);
-	wpas_p2p_wps_failed(wpa_s, fail);
-}
-
-
-static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx);
-
-static void wpas_wps_reenable_networks(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-	int changed = 0;
-
-	eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if (ssid->disabled_for_connect && ssid->disabled) {
-			ssid->disabled_for_connect = 0;
-			ssid->disabled = 0;
-			wpas_notify_network_enabled_changed(wpa_s, ssid);
-			changed++;
-		}
-	}
-
-	if (changed) {
-#ifndef CONFIG_NO_CONFIG_WRITE
-		if (wpa_s->conf->update_config &&
-		    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
-			wpa_printf(MSG_DEBUG, "WPS: Failed to update "
-				   "configuration");
-		}
-#endif /* CONFIG_NO_CONFIG_WRITE */
-	}
-}
-
-
-static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	/* Enable the networks disabled during wpas_wps_reassoc */
-	wpas_wps_reenable_networks(wpa_s);
-}
-
-
-int wpas_wps_reenable_networks_pending(struct wpa_supplicant *wpa_s)
-{
-	return eloop_is_timeout_registered(wpas_wps_reenable_networks_cb,
-					   wpa_s, NULL);
-}
-
-
-static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s)
-{
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS);
-	wpa_s->wps_success = 1;
-	wpas_notify_wps_event_success(wpa_s);
-	if (wpa_s->current_ssid)
-		wpas_clear_temp_disabled(wpa_s, wpa_s->current_ssid, 1);
-	wpa_s->consecutive_conn_failures = 0;
-
-	/*
-	 * Enable the networks disabled during wpas_wps_reassoc after 10
-	 * seconds. The 10 seconds timer is to allow the data connection to be
-	 * formed before allowing other networks to be selected.
-	 */
-	eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
-			       NULL);
-
-	wpas_p2p_wps_success(wpa_s, wpa_s->bssid, 0);
-}
-
-
-static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s,
-					       struct wps_event_er_ap *ap)
-{
-	char uuid_str[100];
-	char dev_type[WPS_DEV_TYPE_BUFSIZE];
-
-	uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
-	if (ap->pri_dev_type)
-		wps_dev_type_bin2str(ap->pri_dev_type, dev_type,
-				     sizeof(dev_type));
-	else
-		dev_type[0] = '\0';
-
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR
-		" pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|",
-		uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state,
-		ap->friendly_name ? ap->friendly_name : "",
-		ap->manufacturer ? ap->manufacturer : "",
-		ap->model_description ? ap->model_description : "",
-		ap->model_name ? ap->model_name : "",
-		ap->manufacturer_url ? ap->manufacturer_url : "",
-		ap->model_url ? ap->model_url : "");
-}
-
-
-static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s,
-						  struct wps_event_er_ap *ap)
-{
-	char uuid_str[100];
-	uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str);
-}
-
-
-static void wpa_supplicant_wps_event_er_enrollee_add(
-	struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
-{
-	char uuid_str[100];
-	char dev_type[WPS_DEV_TYPE_BUFSIZE];
-
-	uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
-	if (enrollee->pri_dev_type)
-		wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type,
-				     sizeof(dev_type));
-	else
-		dev_type[0] = '\0';
-
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR
-		" M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s "
-		"|%s|%s|%s|%s|%s|",
-		uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received,
-		enrollee->config_methods, enrollee->dev_passwd_id, dev_type,
-		enrollee->dev_name ? enrollee->dev_name : "",
-		enrollee->manufacturer ? enrollee->manufacturer : "",
-		enrollee->model_name ? enrollee->model_name : "",
-		enrollee->model_number ? enrollee->model_number : "",
-		enrollee->serial_number ? enrollee->serial_number : "");
-}
-
-
-static void wpa_supplicant_wps_event_er_enrollee_remove(
-	struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
-{
-	char uuid_str[100];
-	uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR,
-		uuid_str, MAC2STR(enrollee->mac_addr));
-}
-
-
-static void wpa_supplicant_wps_event_er_ap_settings(
-	struct wpa_supplicant *wpa_s,
-	struct wps_event_er_ap_settings *ap_settings)
-{
-	char uuid_str[100];
-	char key_str[65];
-	const struct wps_credential *cred = ap_settings->cred;
-
-	key_str[0] = '\0';
-	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
-		if (cred->key_len >= 8 && cred->key_len <= 64) {
-			os_memcpy(key_str, cred->key, cred->key_len);
-			key_str[cred->key_len] = '\0';
-		}
-	}
-
-	uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str));
-	/* Use wpa_msg_ctrl to avoid showing the key in debug log */
-	wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS
-		     "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x "
-		     "key=%s",
-		     uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len),
-		     cred->auth_type, cred->encr_type, key_str);
-}
-
-
-static void wpa_supplicant_wps_event_er_set_sel_reg(
-	struct wpa_supplicant *wpa_s,
-	struct wps_event_er_set_selected_registrar *ev)
-{
-	char uuid_str[100];
-
-	uuid_bin2str(ev->uuid, uuid_str, sizeof(uuid_str));
-	switch (ev->state) {
-	case WPS_ER_SET_SEL_REG_START:
-		wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
-			"uuid=%s state=START sel_reg=%d dev_passwd_id=%u "
-			"sel_reg_config_methods=0x%x",
-			uuid_str, ev->sel_reg, ev->dev_passwd_id,
-			ev->sel_reg_config_methods);
-		break;
-	case WPS_ER_SET_SEL_REG_DONE:
-		wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
-			"uuid=%s state=DONE", uuid_str);
-		break;
-	case WPS_ER_SET_SEL_REG_FAILED:
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_SET_SEL_REG
-			"uuid=%s state=FAILED", uuid_str);
-		break;
-	}
-}
-
-
-static void wpa_supplicant_wps_event(void *ctx, enum wps_event event,
-				     union wps_event_data *data)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-	switch (event) {
-	case WPS_EV_M2D:
-		wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d);
-		break;
-	case WPS_EV_FAIL:
-		wpa_supplicant_wps_event_fail(wpa_s, &data->fail);
-		break;
-	case WPS_EV_SUCCESS:
-		wpa_supplicant_wps_event_success(wpa_s);
-		break;
-	case WPS_EV_PWD_AUTH_FAIL:
-#ifdef CONFIG_AP
-		if (wpa_s->ap_iface && data->pwd_auth_fail.enrollee)
-			wpa_supplicant_ap_pwd_auth_fail(wpa_s);
-#endif /* CONFIG_AP */
-		break;
-	case WPS_EV_PBC_OVERLAP:
-		break;
-	case WPS_EV_PBC_TIMEOUT:
-		break;
-	case WPS_EV_PBC_ACTIVE:
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ACTIVE);
-		break;
-	case WPS_EV_PBC_DISABLE:
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_DISABLE);
-		break;
-	case WPS_EV_ER_AP_ADD:
-		wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap);
-		break;
-	case WPS_EV_ER_AP_REMOVE:
-		wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap);
-		break;
-	case WPS_EV_ER_ENROLLEE_ADD:
-		wpa_supplicant_wps_event_er_enrollee_add(wpa_s,
-							 &data->enrollee);
-		break;
-	case WPS_EV_ER_ENROLLEE_REMOVE:
-		wpa_supplicant_wps_event_er_enrollee_remove(wpa_s,
-							    &data->enrollee);
-		break;
-	case WPS_EV_ER_AP_SETTINGS:
-		wpa_supplicant_wps_event_er_ap_settings(wpa_s,
-							&data->ap_settings);
-		break;
-	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
-		wpa_supplicant_wps_event_er_set_sel_reg(wpa_s,
-							&data->set_sel_reg);
-		break;
-	case WPS_EV_AP_PIN_SUCCESS:
-		break;
-	}
-}
-
-
-static int wpa_supplicant_wps_rf_band(void *ctx)
-{
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (!wpa_s->current_ssid || !wpa_s->assoc_freq)
-		return 0;
-
-	return (wpa_s->assoc_freq > 50000) ? WPS_RF_60GHZ :
-		(wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ;
-}
-
-
-enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
-{
-	if (eap_is_wps_pbc_enrollee(&ssid->eap) ||
-	    eap_is_wps_pin_enrollee(&ssid->eap))
-		return WPS_REQ_ENROLLEE;
-	else
-		return WPS_REQ_REGISTRAR;
-}
-
-
-static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
-{
-	int id;
-	struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
-
-	wpa_s->after_wps = 0;
-	wpa_s->known_wps_freq = 0;
-
-	prev_current = wpa_s->current_ssid;
-
-	/* Enable the networks disabled during wpas_wps_reassoc */
-	wpas_wps_reenable_networks(wpa_s);
-
-	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
-
-	/* Remove any existing WPS network from configuration */
-	ssid = wpa_s->conf->ssid;
-	while (ssid) {
-		if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
-			if (ssid == wpa_s->current_ssid) {
-				wpa_s->own_disconnect_req = 1;
-				wpa_supplicant_deauthenticate(
-					wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-			}
-			id = ssid->id;
-			remove_ssid = ssid;
-		} else
-			id = -1;
-		ssid = ssid->next;
-		if (id >= 0) {
-			if (prev_current == remove_ssid) {
-				wpa_sm_set_config(wpa_s->wpa, NULL);
-				eapol_sm_notify_config(wpa_s->eapol, NULL,
-						       NULL);
-			}
-			wpas_notify_network_removed(wpa_s, remove_ssid);
-			wpa_config_remove_network(wpa_s->conf, id);
-		}
-	}
-
-	wpas_wps_clear_ap_info(wpa_s);
-}
-
-
-static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-	struct wpa_supplicant *wpa_s = eloop_ctx;
-	union wps_event_data data;
-
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed "
-		"out");
-	os_memset(&data, 0, sizeof(data));
-	data.fail.config_error = WPS_CFG_MSG_TIMEOUT;
-	data.fail.error_indication = WPS_EI_NO_ERROR;
-	/*
-	 * Call wpas_notify_wps_event_fail() directly instead of through
-	 * wpa_supplicant_wps_event() which would end up registering unnecessary
-	 * timeouts (those are only for the case where the failure happens
-	 * during an EAP-WSC exchange).
-	 */
-	wpas_notify_wps_event_fail(wpa_s, &data.fail);
-	wpas_clear_wps(wpa_s);
-}
-
-
-static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
-					      int registrar, const u8 *dev_addr,
-					      const u8 *bssid)
-{
-	struct wpa_ssid *ssid;
-
-	ssid = wpa_config_add_network(wpa_s->conf);
-	if (ssid == NULL)
-		return NULL;
-	wpas_notify_network_added(wpa_s, ssid);
-	wpa_config_set_network_defaults(ssid);
-	ssid->temporary = 1;
-	if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 ||
-	    wpa_config_set(ssid, "eap", "WSC", 0) < 0 ||
-	    wpa_config_set(ssid, "identity", registrar ?
-			   "\"" WSC_ID_REGISTRAR "\"" :
-			   "\"" WSC_ID_ENROLLEE "\"", 0) < 0) {
-		wpas_notify_network_removed(wpa_s, ssid);
-		wpa_config_remove_network(wpa_s->conf, ssid->id);
-		return NULL;
-	}
-
-#ifdef CONFIG_P2P
-	if (dev_addr)
-		os_memcpy(ssid->go_p2p_dev_addr, dev_addr, ETH_ALEN);
-#endif /* CONFIG_P2P */
-
-	if (bssid) {
-#ifndef CONFIG_P2P
-		struct wpa_bss *bss;
-		int count = 0;
-#endif /* CONFIG_P2P */
-
-		os_memcpy(ssid->bssid, bssid, ETH_ALEN);
-		ssid->bssid_set = 1;
-
-		/*
-		 * Note: With P2P, the SSID may change at the time the WPS
-		 * provisioning is started, so better not filter the AP based
-		 * on the current SSID in the scan results.
-		 */
-#ifndef CONFIG_P2P
-		dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-			if (os_memcmp(bssid, bss->bssid, ETH_ALEN) != 0)
-				continue;
-
-			os_free(ssid->ssid);
-			ssid->ssid = os_memdup(bss->ssid, bss->ssid_len);
-			if (ssid->ssid == NULL)
-				break;
-			ssid->ssid_len = bss->ssid_len;
-			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
-					  "scan results",
-					  ssid->ssid, ssid->ssid_len);
-			count++;
-		}
-
-		if (count > 1) {
-			wpa_printf(MSG_DEBUG, "WPS: More than one SSID found "
-				   "for the AP; use wildcard");
-			os_free(ssid->ssid);
-			ssid->ssid = NULL;
-			ssid->ssid_len = 0;
-		}
-#endif /* CONFIG_P2P */
-	}
-
-	return ssid;
-}
-
-
-static void wpas_wps_temp_disable(struct wpa_supplicant *wpa_s,
-				  struct wpa_ssid *selected)
-{
-	struct wpa_ssid *ssid;
-
-	if (wpa_s->current_ssid) {
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(
-			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
-	}
-
-	/* Mark all other networks disabled and trigger reassociation */
-	ssid = wpa_s->conf->ssid;
-	while (ssid) {
-		int was_disabled = ssid->disabled;
-		ssid->disabled_for_connect = 0;
-		/*
-		 * In case the network object corresponds to a persistent group
-		 * then do not send out network disabled signal. In addition,
-		 * do not change disabled status of persistent network objects
-		 * from 2 to 1 should we connect to another network.
-		 */
-		if (was_disabled != 2) {
-			ssid->disabled = ssid != selected;
-			if (was_disabled != ssid->disabled) {
-				if (ssid->disabled)
-					ssid->disabled_for_connect = 1;
-				wpas_notify_network_enabled_changed(wpa_s,
-								    ssid);
-			}
-		}
-		ssid = ssid->next;
-	}
-}
-
-
-static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s,
-			     struct wpa_ssid *selected, const u8 *bssid,
-			     int freq)
-{
-	struct wpa_bss *bss;
-
-	wpa_s->wps_run++;
-	if (wpa_s->wps_run == 0)
-		wpa_s->wps_run++;
-	wpa_s->after_wps = 0;
-	wpa_s->known_wps_freq = 0;
-	if (freq) {
-		wpa_s->after_wps = 5;
-		wpa_s->wps_freq = freq;
-	} else if (bssid) {
-		bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-		if (bss && bss->freq > 0) {
-			wpa_s->known_wps_freq = 1;
-			wpa_s->wps_freq = bss->freq;
-		}
-	}
-
-	wpas_wps_temp_disable(wpa_s, selected);
-
-	wpa_s->disconnected = 0;
-	wpa_s->reassociate = 1;
-	wpa_s->scan_runs = 0;
-	wpa_s->normal_scans = 0;
-	wpa_s->wps_success = 0;
-	wpa_s->bssid_ignore_cleared = false;
-
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-}
-
-
-int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       int p2p_group, int multi_ap_backhaul_sta)
-{
-	struct wpa_ssid *ssid;
-	char phase1[32];
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		wpa_printf(MSG_DEBUG,
-			   "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
-		return -1;
-	}
-#endif /* CONFIG_AP */
-	wpas_clear_wps(wpa_s);
-	ssid = wpas_wps_add_network(wpa_s, 0, NULL, bssid);
-	if (ssid == NULL)
-		return -1;
-	ssid->temporary = 1;
-	ssid->p2p_group = p2p_group;
-	/*
-	 * When starting a regular WPS process (not P2P group formation)
-	 * the registrar/final station can be either AP or PCP
-	 * so use a "don't care" value for the pbss flag.
-	 */
-	if (!p2p_group)
-		ssid->pbss = 2;
-#ifdef CONFIG_P2P
-	if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
-		ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
-		if (ssid->ssid) {
-			ssid->ssid_len = wpa_s->go_params->ssid_len;
-			os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
-				  ssid->ssid_len);
-			if (wpa_s->go_params->freq > 56160) {
-				/* P2P in 60 GHz uses PBSS */
-				ssid->pbss = 1;
-			}
-			if (wpa_s->go_params->edmg &&
-			    wpas_p2p_try_edmg_channel(wpa_s,
-						      wpa_s->go_params) == 0)
-				ssid->enable_edmg = 1;
-
-			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
-					  "SSID", ssid->ssid, ssid->ssid_len);
-		}
-	}
-#endif /* CONFIG_P2P */
-	os_snprintf(phase1, sizeof(phase1), "pbc=1%s",
-		    multi_ap_backhaul_sta ? " multi_ap=1" : "");
-	if (wpa_config_set_quoted(ssid, "phase1", phase1) < 0)
-		return -1;
-	if (wpa_s->wps_fragment_size)
-		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
-	if (multi_ap_backhaul_sta)
-		ssid->multi_ap_backhaul_sta = 1;
-	wpa_supplicant_wps_event(wpa_s, WPS_EV_PBC_ACTIVE, NULL);
-	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
-			       wpa_s, NULL);
-	wpas_wps_reassoc(wpa_s, ssid, bssid, 0);
-	return 0;
-}
-
-
-static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s,
-				 const u8 *dev_addr, const u8 *bssid,
-				 const char *pin, int p2p_group, u16 dev_pw_id,
-				 const u8 *peer_pubkey_hash,
-				 const u8 *ssid_val, size_t ssid_len, int freq)
-{
-	struct wpa_ssid *ssid;
-	char val[128 + 2 * WPS_OOB_PUBKEY_HASH_LEN];
-	unsigned int rpin = 0;
-	char hash[2 * WPS_OOB_PUBKEY_HASH_LEN + 10];
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		wpa_printf(MSG_DEBUG,
-			   "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
-		return -1;
-	}
-#endif /* CONFIG_AP */
-	wpas_clear_wps(wpa_s);
-	if (bssid && is_zero_ether_addr(bssid))
-		bssid = NULL;
-	ssid = wpas_wps_add_network(wpa_s, 0, dev_addr, bssid);
-	if (ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "WPS: Could not add network");
-		return -1;
-	}
-	ssid->temporary = 1;
-	ssid->p2p_group = p2p_group;
-	/*
-	 * When starting a regular WPS process (not P2P group formation)
-	 * the registrar/final station can be either AP or PCP
-	 * so use a "don't care" value for the pbss flag.
-	 */
-	if (!p2p_group)
-		ssid->pbss = 2;
-	if (ssid_val) {
-		ssid->ssid = os_malloc(ssid_len);
-		if (ssid->ssid) {
-			os_memcpy(ssid->ssid, ssid_val, ssid_len);
-			ssid->ssid_len = ssid_len;
-		}
-	}
-	if (peer_pubkey_hash) {
-		os_memcpy(hash, " pkhash=", 8);
-		wpa_snprintf_hex_uppercase(hash + 8, sizeof(hash) - 8,
-					   peer_pubkey_hash,
-					   WPS_OOB_PUBKEY_HASH_LEN);
-	} else {
-		hash[0] = '\0';
-	}
-#ifdef CONFIG_P2P
-	if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
-		os_free(ssid->ssid);
-		ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
-		if (ssid->ssid) {
-			ssid->ssid_len = wpa_s->go_params->ssid_len;
-			os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
-				  ssid->ssid_len);
-			if (wpa_s->go_params->freq > 56160) {
-				/* P2P in 60 GHz uses PBSS */
-				ssid->pbss = 1;
-			}
-			if (wpa_s->go_params->edmg &&
-			    wpas_p2p_try_edmg_channel(wpa_s,
-						      wpa_s->go_params) == 0)
-				ssid->enable_edmg = 1;
-
-			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
-					  "SSID", ssid->ssid, ssid->ssid_len);
-		}
-	}
-#endif /* CONFIG_P2P */
-	if (pin)
-		os_snprintf(val, sizeof(val), "\"pin=%s dev_pw_id=%u%s\"",
-			    pin, dev_pw_id, hash);
-	else if (pin == NULL && dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
-		os_snprintf(val, sizeof(val), "\"dev_pw_id=%u%s\"",
-			    dev_pw_id, hash);
-	} else {
-		if (wps_generate_pin(&rpin) < 0) {
-			wpa_printf(MSG_DEBUG, "WPS: Could not generate PIN");
-			return -1;
-		}
-		os_snprintf(val, sizeof(val), "\"pin=%08d dev_pw_id=%u%s\"",
-			    rpin, dev_pw_id, hash);
-	}
-	if (wpa_config_set(ssid, "phase1", val, 0) < 0) {
-		wpa_printf(MSG_DEBUG, "WPS: Failed to set phase1 '%s'", val);
-		return -1;
-	}
-
-	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER)
-		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_PIN_ACTIVE);
-
-	if (wpa_s->wps_fragment_size)
-		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
-	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
-			       wpa_s, NULL);
-	wpa_s->wps_ap_iter = 1;
-	wpas_wps_reassoc(wpa_s, ssid, bssid, freq);
-	return rpin;
-}
-
-
-int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       const char *pin, int p2p_group, u16 dev_pw_id)
-{
-	os_get_reltime(&wpa_s->wps_pin_start_time);
-	return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group,
-				     dev_pw_id, NULL, NULL, 0, 0);
-}
-
-
-void wpas_wps_pbc_overlap(struct wpa_supplicant *wpa_s)
-{
-	union wps_event_data data;
-
-	os_memset(&data, 0, sizeof(data));
-	data.fail.config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
-	data.fail.error_indication = WPS_EI_NO_ERROR;
-	/*
-	 * Call wpas_notify_wps_event_fail() directly instead of through
-	 * wpa_supplicant_wps_event() which would end up registering unnecessary
-	 * timeouts (those are only for the case where the failure happens
-	 * during an EAP-WSC exchange).
-	 */
-	wpas_notify_wps_event_fail(wpa_s, &data.fail);
-}
-
-/* Cancel the wps pbc/pin requests */
-int wpas_wps_cancel(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		wpa_printf(MSG_DEBUG, "WPS: Cancelling in AP mode");
-		return wpa_supplicant_ap_wps_cancel(wpa_s);
-	}
-#endif /* CONFIG_AP */
-
-	if (wpa_s->wpa_state == WPA_SCANNING ||
-	    wpa_s->wpa_state == WPA_DISCONNECTED) {
-		wpa_printf(MSG_DEBUG, "WPS: Cancel operation - cancel scan");
-		wpa_supplicant_cancel_scan(wpa_s);
-		wpas_clear_wps(wpa_s);
-	} else if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
-		wpa_printf(MSG_DEBUG, "WPS: Cancel operation - "
-			   "deauthenticate");
-		wpa_s->own_disconnect_req = 1;
-		wpa_supplicant_deauthenticate(wpa_s,
-					      WLAN_REASON_DEAUTH_LEAVING);
-		wpas_clear_wps(wpa_s);
-	} else {
-		wpas_wps_reenable_networks(wpa_s);
-		wpas_wps_clear_ap_info(wpa_s);
-		if (eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL) >
-		    0)
-			wpas_clear_wps(wpa_s);
-	}
-
-	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CANCEL);
-	wpa_s->after_wps = 0;
-
-	return 0;
-}
-
-
-int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       const char *pin, struct wps_new_ap_settings *settings)
-{
-	struct wpa_ssid *ssid;
-	char val[200];
-	char *pos, *end;
-	int res;
-
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface) {
-		wpa_printf(MSG_DEBUG,
-			   "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
-		return -1;
-	}
-#endif /* CONFIG_AP */
-	if (!pin)
-		return -1;
-	wpas_clear_wps(wpa_s);
-	ssid = wpas_wps_add_network(wpa_s, 1, NULL, bssid);
-	if (ssid == NULL)
-		return -1;
-	ssid->temporary = 1;
-	pos = val;
-	end = pos + sizeof(val);
-	res = os_snprintf(pos, end - pos, "\"pin=%s", pin);
-	if (os_snprintf_error(end - pos, res))
-		return -1;
-	pos += res;
-	if (settings) {
-		res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s "
-				  "new_encr=%s new_key=%s",
-				  settings->ssid_hex, settings->auth,
-				  settings->encr, settings->key_hex);
-		if (os_snprintf_error(end - pos, res))
-			return -1;
-		pos += res;
-	}
-	res = os_snprintf(pos, end - pos, "\"");
-	if (os_snprintf_error(end - pos, res))
-		return -1;
-	if (wpa_config_set(ssid, "phase1", val, 0) < 0)
-		return -1;
-	if (wpa_s->wps_fragment_size)
-		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
-	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
-			       wpa_s, NULL);
-	wpas_wps_reassoc(wpa_s, ssid, bssid, 0);
-	return 0;
-}
-
-
-static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr,
-			       const u8 *p2p_dev_addr, const u8 *psk,
-			       size_t psk_len)
-{
-	if (is_zero_ether_addr(p2p_dev_addr)) {
-		wpa_printf(MSG_DEBUG,
-			   "Received new WPA/WPA2-PSK from WPS for STA " MACSTR,
-			   MAC2STR(mac_addr));
-	} else {
-		wpa_printf(MSG_DEBUG,
-			   "Received new WPA/WPA2-PSK from WPS for STA " MACSTR
-			   " P2P Device Addr " MACSTR,
-			   MAC2STR(mac_addr), MAC2STR(p2p_dev_addr));
-	}
-	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
-
-	/* TODO */
-
-	return 0;
-}
-
-
-static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
-				   const struct wps_device_data *dev)
-{
-	char uuid[40], txt[400];
-	int len;
-	char devtype[WPS_DEV_TYPE_BUFSIZE];
-	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
-		return;
-	wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid);
-	len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR
-			  " [%s|%s|%s|%s|%s|%s]",
-			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
-			  dev->manufacturer, dev->model_name,
-			  dev->model_number, dev->serial_number,
-			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
-					       sizeof(devtype)));
-	if (!os_snprintf_error(sizeof(txt), len))
-		wpa_printf(MSG_INFO, "%s", txt);
-}
-
-
-static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id,
-				    u16 sel_reg_config_methods)
-{
-#ifdef CONFIG_WPS_ER
-	struct wpa_supplicant *wpa_s = ctx;
-
-	if (wpa_s->wps_er == NULL)
-		return;
-	wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d "
-		   "dev_password_id=%u sel_reg_config_methods=0x%x",
-		   sel_reg, dev_passwd_id, sel_reg_config_methods);
-	wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id,
-			   sel_reg_config_methods);
-#endif /* CONFIG_WPS_ER */
-}
-
-
-static u16 wps_fix_config_methods(u16 config_methods)
-{
-	if ((config_methods &
-	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
-	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
-		wpa_printf(MSG_INFO, "WPS: Converting display to "
-			   "virtual_display for WPS 2.0 compliance");
-		config_methods |= WPS_CONFIG_VIRT_DISPLAY;
-	}
-	if ((config_methods &
-	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
-	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
-		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
-			   "virtual_push_button for WPS 2.0 compliance");
-		config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
-	}
-
-	return config_methods;
-}
-
-
-static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s,
-			      struct wps_context *wps)
-{
-	char buf[50];
-	const char *src;
-
-	if (is_nil_uuid(wpa_s->conf->uuid)) {
-		struct wpa_supplicant *first;
-		first = wpa_s->global->ifaces;
-		while (first && first->next)
-			first = first->next;
-		if (first && first != wpa_s) {
-			if (wps != wpa_s->global->ifaces->wps)
-				os_memcpy(wps->uuid,
-					  wpa_s->global->ifaces->wps->uuid,
-					  WPS_UUID_LEN);
-			src = "from the first interface";
-		} else if (wpa_s->conf->auto_uuid == 1) {
-			uuid_random(wps->uuid);
-			src = "based on random data";
-		} else {
-			uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid);
-			src = "based on MAC address";
-		}
-	} else {
-		os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
-		src = "based on configuration";
-	}
-
-	uuid_bin2str(wps->uuid, buf, sizeof(buf));
-	wpa_dbg(wpa_s, MSG_DEBUG, "WPS: UUID %s: %s", src, buf);
-}
-
-
-static void wpas_wps_set_vendor_ext_m1(struct wpa_supplicant *wpa_s,
-				       struct wps_context *wps)
-{
-	wpabuf_free(wps->dev.vendor_ext_m1);
-	wps->dev.vendor_ext_m1 = NULL;
-
-	if (wpa_s->conf->wps_vendor_ext_m1) {
-		wps->dev.vendor_ext_m1 =
-			wpabuf_dup(wpa_s->conf->wps_vendor_ext_m1);
-		if (!wps->dev.vendor_ext_m1) {
-			wpa_printf(MSG_ERROR, "WPS: Cannot "
-				   "allocate memory for vendor_ext_m1");
-		}
-	}
-}
-
-
-int wpas_wps_init(struct wpa_supplicant *wpa_s)
-{
-	struct wps_context *wps;
-	struct wps_registrar_config rcfg;
-	struct hostapd_hw_modes *modes;
-	u16 m;
-
-	wps = os_zalloc(sizeof(*wps));
-	if (wps == NULL)
-		return -1;
-
-	wps->cred_cb = wpa_supplicant_wps_cred;
-	wps->event_cb = wpa_supplicant_wps_event;
-	wps->rf_band_cb = wpa_supplicant_wps_rf_band;
-	wps->cb_ctx = wpa_s;
-
-	wps->dev.device_name = wpa_s->conf->device_name;
-	wps->dev.manufacturer = wpa_s->conf->manufacturer;
-	wps->dev.model_name = wpa_s->conf->model_name;
-	wps->dev.model_number = wpa_s->conf->model_number;
-	wps->dev.serial_number = wpa_s->conf->serial_number;
-	wps->config_methods =
-		wps_config_methods_str2bin(wpa_s->conf->config_methods);
-	if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
-	    (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
-		wpa_printf(MSG_ERROR, "WPS: Both Label and Display config "
-			   "methods are not allowed at the same time");
-		os_free(wps);
-		return -1;
-	}
-	wps->config_methods = wps_fix_config_methods(wps->config_methods);
-	wps->dev.config_methods = wps->config_methods;
-	os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
-		  WPS_DEV_TYPE_LEN);
-
-	wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
-	os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
-		  WPS_DEV_TYPE_LEN * wps->dev.num_sec_dev_types);
-
-	wpas_wps_set_vendor_ext_m1(wpa_s, wps);
-
-	wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
-	modes = wpa_s->hw.modes;
-	if (modes) {
-		for (m = 0; m < wpa_s->hw.num_modes; m++) {
-			if (modes[m].mode == HOSTAPD_MODE_IEEE80211B ||
-			    modes[m].mode == HOSTAPD_MODE_IEEE80211G)
-				wps->dev.rf_bands |= WPS_RF_24GHZ;
-			else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A)
-				wps->dev.rf_bands |= WPS_RF_50GHZ;
-			else if (modes[m].mode == HOSTAPD_MODE_IEEE80211AD)
-				wps->dev.rf_bands |= WPS_RF_60GHZ;
-		}
-	}
-	if (wps->dev.rf_bands == 0) {
-		/*
-		 * Default to claiming support for both bands if the driver
-		 * does not provide support for fetching supported bands.
-		 */
-		wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
-	}
-	os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
-	wpas_wps_set_uuid(wpa_s, wps);
-
-#ifdef CONFIG_NO_TKIP
-	wps->auth_types = WPS_AUTH_WPA2PSK;
-	wps->encr_types = WPS_ENCR_AES;
-#else /* CONFIG_NO_TKIP */
-	wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
-	wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
-#endif /* CONFIG_NO_TKIP */
-
-	os_memset(&rcfg, 0, sizeof(rcfg));
-	rcfg.new_psk_cb = wpas_wps_new_psk_cb;
-	rcfg.pin_needed_cb = wpas_wps_pin_needed_cb;
-	rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb;
-	rcfg.cb_ctx = wpa_s;
-
-	wps->registrar = wps_registrar_init(wps, &rcfg);
-	if (wps->registrar == NULL) {
-		wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar");
-		os_free(wps);
-		return -1;
-	}
-
-	wpa_s->wps = wps;
-
-	return 0;
-}
-
-
-#ifdef CONFIG_WPS_ER
-static void wpas_wps_nfc_clear(struct wps_context *wps)
-{
-	wps->ap_nfc_dev_pw_id = 0;
-	wpabuf_free(wps->ap_nfc_dh_pubkey);
-	wps->ap_nfc_dh_pubkey = NULL;
-	wpabuf_free(wps->ap_nfc_dh_privkey);
-	wps->ap_nfc_dh_privkey = NULL;
-	wpabuf_free(wps->ap_nfc_dev_pw);
-	wps->ap_nfc_dev_pw = NULL;
-}
-#endif /* CONFIG_WPS_ER */
-
-
-void wpas_wps_deinit(struct wpa_supplicant *wpa_s)
-{
-	wpas_wps_assoc_with_cred_cancel(wpa_s);
-	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
-	eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
-	wpas_wps_clear_ap_info(wpa_s);
-
-#ifdef CONFIG_P2P
-	eloop_cancel_timeout(wpas_p2p_pbc_overlap_cb, wpa_s, NULL);
-#endif /* CONFIG_P2P */
-
-	if (wpa_s->wps == NULL)
-		return;
-
-#ifdef CONFIG_WPS_ER
-	wps_er_deinit(wpa_s->wps_er, NULL, NULL);
-	wpa_s->wps_er = NULL;
-	wpas_wps_nfc_clear(wpa_s->wps);
-#endif /* CONFIG_WPS_ER */
-
-	wps_registrar_deinit(wpa_s->wps->registrar);
-	wpabuf_free(wpa_s->wps->dh_pubkey);
-	wpabuf_free(wpa_s->wps->dh_privkey);
-	wpabuf_free(wpa_s->wps->dev.vendor_ext_m1);
-	os_free(wpa_s->wps->network_key);
-	os_free(wpa_s->wps);
-	wpa_s->wps = NULL;
-}
-
-
-int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
-			    struct wpa_ssid *ssid, struct wpa_bss *bss)
-{
-	struct wpabuf *wps_ie;
-
-	if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
-		return -1;
-
-	wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
-	if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
-		if (!wps_ie) {
-			wpa_printf(MSG_DEBUG, "   skip - non-WPS AP");
-			return 0;
-		}
-
-		if (!wps_is_selected_pbc_registrar(wps_ie)) {
-			wpa_printf(MSG_DEBUG, "   skip - WPS AP "
-				   "without active PBC Registrar");
-			wpabuf_free(wps_ie);
-			return 0;
-		}
-
-		/* TODO: overlap detection */
-		wpa_printf(MSG_DEBUG, "   selected based on WPS IE "
-			   "(Active PBC)");
-		wpabuf_free(wps_ie);
-		return 1;
-	}
-
-	if (eap_is_wps_pin_enrollee(&ssid->eap)) {
-		if (!wps_ie) {
-			wpa_printf(MSG_DEBUG, "   skip - non-WPS AP");
-			return 0;
-		}
-
-		/*
-		 * Start with WPS APs that advertise our address as an
-		 * authorized MAC (v2.0) or active PIN Registrar (v1.0) and
-		 * allow any WPS AP after couple of scans since some APs do not
-		 * set Selected Registrar attribute properly when using
-		 * external Registrar.
-		 */
-		if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
-			struct os_reltime age;
-
-			os_reltime_age(&wpa_s->wps_pin_start_time, &age);
-
-			if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG ||
-			    age.sec < WPS_PIN_TIME_IGNORE_SEL_REG) {
-				wpa_printf(MSG_DEBUG,
-					   "   skip - WPS AP without active PIN Registrar (scan_runs=%d age=%d)",
-					   wpa_s->scan_runs, (int) age.sec);
-				wpabuf_free(wps_ie);
-				return 0;
-			}
-			wpa_printf(MSG_DEBUG, "   selected based on WPS IE");
-		} else {
-			wpa_printf(MSG_DEBUG, "   selected based on WPS IE "
-				   "(Authorized MAC or Active PIN)");
-		}
-		wpabuf_free(wps_ie);
-		return 1;
-	}
-
-	if (wps_ie) {
-		wpa_printf(MSG_DEBUG, "   selected based on WPS IE");
-		wpabuf_free(wps_ie);
-		return 1;
-	}
-
-	return -1;
-}
-
-
-int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid,
-			      struct wpa_bss *bss)
-{
-	struct wpabuf *wps_ie = NULL;
-	int ret = 0;
-
-	if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
-		wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
-		if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) {
-			/* allow wildcard SSID for WPS PBC */
-			ret = 1;
-		}
-	} else if (eap_is_wps_pin_enrollee(&ssid->eap)) {
-		wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
-		if (wps_ie &&
-		    (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) ||
-		     wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) {
-			/* allow wildcard SSID for WPS PIN */
-			ret = 1;
-		}
-	}
-
-	if (!ret && ssid->bssid_set &&
-	    os_memcmp(ssid->bssid, bss->bssid, ETH_ALEN) == 0) {
-		/* allow wildcard SSID due to hardcoded BSSID match */
-		ret = 1;
-	}
-
-#ifdef CONFIG_WPS_STRICT
-	if (wps_ie) {
-		if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len >
-						   0, bss->bssid) < 0)
-			ret = 0;
-		if (bss->beacon_ie_len) {
-			struct wpabuf *bcn_wps;
-			bcn_wps = wpa_bss_get_vendor_ie_multi_beacon(
-				bss, WPS_IE_VENDOR_TYPE);
-			if (bcn_wps == NULL) {
-				wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE "
-					   "missing from AP Beacon");
-				ret = 0;
-			} else {
-				if (wps_validate_beacon(wps_ie) < 0)
-					ret = 0;
-				wpabuf_free(bcn_wps);
-			}
-		}
-	}
-#endif /* CONFIG_WPS_STRICT */
-
-	wpabuf_free(wps_ie);
-
-	return ret;
-}
-
-
-int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *selected, struct wpa_ssid *ssid)
-{
-	const u8 *sel_uuid;
-	struct wpabuf *wps_ie;
-	int ret = 0;
-	size_t i;
-
-	if (!eap_is_wps_pbc_enrollee(&ssid->eap))
-		return 0;
-
-	wpa_printf(MSG_DEBUG, "WPS: Check whether PBC session overlap is "
-		   "present in scan results; selected BSSID " MACSTR,
-		   MAC2STR(selected->bssid));
-	if (!is_zero_ether_addr(ssid->bssid))
-		wpa_printf(MSG_DEBUG,
-			   "WPS: Network profile limited to accept only a single BSSID " MACSTR,
-			   MAC2STR(ssid->bssid));
-
-	/* Make sure that only one AP is in active PBC mode */
-	wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE);
-	if (wps_ie) {
-		sel_uuid = wps_get_uuid_e(wps_ie);
-		wpa_hexdump(MSG_DEBUG, "WPS: UUID of the selected BSS",
-			    sel_uuid, UUID_LEN);
-	} else {
-		wpa_printf(MSG_DEBUG, "WPS: Selected BSS does not include "
-			   "WPS IE?!");
-		sel_uuid = NULL;
-	}
-
-	for (i = 0; i < wpa_s->num_wps_ap; i++) {
-		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
-
-		if (!ap->pbc_active ||
-		    os_memcmp(selected->bssid, ap->bssid, ETH_ALEN) == 0)
-			continue;
-
-		if (!is_zero_ether_addr(ssid->bssid) &&
-		    os_memcmp(ap->bssid, ssid->bssid, ETH_ALEN) != 0) {
-			wpa_printf(MSG_DEBUG, "WPS: Ignore another BSS " MACSTR
-				   " in active PBC mode due to local BSSID limitation",
-				   MAC2STR(ap->bssid));
-			continue;
-		}
-
-		wpa_printf(MSG_DEBUG, "WPS: Another BSS in active PBC mode: "
-			   MACSTR, MAC2STR(ap->bssid));
-		wpa_hexdump(MSG_DEBUG, "WPS: UUID of the other BSS",
-			    ap->uuid, UUID_LEN);
-		if (sel_uuid == NULL ||
-		    os_memcmp(sel_uuid, ap->uuid, UUID_LEN) != 0) {
-			ret = 1; /* PBC overlap */
-			wpa_msg(wpa_s, MSG_INFO, "WPS: PBC overlap detected: "
-				MACSTR " and " MACSTR,
-				MAC2STR(selected->bssid),
-				MAC2STR(ap->bssid));
-			break;
-		}
-
-		/* TODO: verify that this is reasonable dual-band situation */
-	}
-
-	wpabuf_free(wps_ie);
-
-	return ret;
-}
-
-
-void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_bss *bss;
-	unsigned int pbc = 0, auth = 0, pin = 0, wps = 0;
-
-	if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED)
-		return;
-
-	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-		struct wpabuf *ie;
-		ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
-		if (!ie)
-			continue;
-		if (wps_is_selected_pbc_registrar(ie))
-			pbc++;
-		else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0))
-			auth++;
-		else if (wps_is_selected_pin_registrar(ie))
-			pin++;
-		else
-			wps++;
-		wpabuf_free(ie);
-	}
-
-	if (pbc)
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC);
-	else if (auth)
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_AUTH);
-	else if (pin)
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN);
-	else if (wps)
-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE);
-}
-
-
-int wpas_wps_searching(struct wpa_supplicant *wpa_s)
-{
-	struct wpa_ssid *ssid;
-
-	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
-		if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled)
-			return 1;
-	}
-
-	return 0;
-}
-
-
-int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
-			      char *end)
-{
-	struct wpabuf *wps_ie;
-	int ret;
-
-	wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA);
-	if (wps_ie == NULL)
-		return 0;
-
-	ret = wps_attr_text(wps_ie, buf, end);
-	wpabuf_free(wps_ie);
-	return ret;
-}
-
-
-int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter)
-{
-#ifdef CONFIG_WPS_ER
-	if (wpa_s->wps_er) {
-		wps_er_refresh(wpa_s->wps_er);
-		return 0;
-	}
-	wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter);
-	if (wpa_s->wps_er == NULL)
-		return -1;
-	return 0;
-#else /* CONFIG_WPS_ER */
-	return 0;
-#endif /* CONFIG_WPS_ER */
-}
-
-
-void wpas_wps_er_stop(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_WPS_ER
-	wps_er_deinit(wpa_s->wps_er, NULL, NULL);
-	wpa_s->wps_er = NULL;
-#endif /* CONFIG_WPS_ER */
-}
-
-
-#ifdef CONFIG_WPS_ER
-int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr,
-			const char *uuid, const char *pin)
-{
-	u8 u[UUID_LEN];
-	const u8 *use_uuid = NULL;
-	u8 addr_buf[ETH_ALEN];
-
-	if (os_strcmp(uuid, "any") == 0) {
-	} else if (uuid_str2bin(uuid, u) == 0) {
-		use_uuid = u;
-	} else if (hwaddr_aton(uuid, addr_buf) == 0) {
-		use_uuid = wps_er_get_sta_uuid(wpa_s->wps_er, addr_buf);
-		if (use_uuid == NULL)
-			return -1;
-	} else
-		return -1;
-	return wps_registrar_add_pin(wpa_s->wps->registrar, addr,
-				     use_uuid,
-				     (const u8 *) pin, os_strlen(pin), 300);
-}
-
-
-int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid)
-{
-	u8 u[UUID_LEN], *use_uuid = NULL;
-	u8 addr[ETH_ALEN], *use_addr = NULL;
-
-	if (uuid_str2bin(uuid, u) == 0)
-		use_uuid = u;
-	else if (hwaddr_aton(uuid, addr) == 0)
-		use_addr = addr;
-	else
-		return -1;
-	return wps_er_pbc(wpa_s->wps_er, use_uuid, use_addr);
-}
-
-
-int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid,
-		      const char *pin)
-{
-	u8 u[UUID_LEN], *use_uuid = NULL;
-	u8 addr[ETH_ALEN], *use_addr = NULL;
-
-	if (uuid_str2bin(uuid, u) == 0)
-		use_uuid = u;
-	else if (hwaddr_aton(uuid, addr) == 0)
-		use_addr = addr;
-	else
-		return -1;
-
-	return wps_er_learn(wpa_s->wps_er, use_uuid, use_addr, (const u8 *) pin,
-			    os_strlen(pin));
-}
-
-
-static int wpas_wps_network_to_cred(struct wpa_ssid *ssid,
-				    struct wps_credential *cred)
-{
-	os_memset(cred, 0, sizeof(*cred));
-	if (ssid->ssid_len > SSID_MAX_LEN)
-		return -1;
-	os_memcpy(cred->ssid, ssid->ssid, ssid->ssid_len);
-	cred->ssid_len = ssid->ssid_len;
-	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
-		cred->auth_type = (ssid->proto & WPA_PROTO_RSN) ?
-			WPS_AUTH_WPA2PSK : WPS_AUTH_WPAPSK;
-		if (ssid->pairwise_cipher & WPA_CIPHER_CCMP)
-			cred->encr_type = WPS_ENCR_AES;
-		else
-			cred->encr_type = WPS_ENCR_TKIP;
-		if (ssid->passphrase) {
-			cred->key_len = os_strlen(ssid->passphrase);
-			if (cred->key_len >= 64)
-				return -1;
-			os_memcpy(cred->key, ssid->passphrase, cred->key_len);
-		} else if (ssid->psk_set) {
-			cred->key_len = 32;
-			os_memcpy(cred->key, ssid->psk, 32);
-		} else
-			return -1;
-	} else {
-		cred->auth_type = WPS_AUTH_OPEN;
-		cred->encr_type = WPS_ENCR_NONE;
-	}
-
-	return 0;
-}
-
-
-int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid,
-			   int id)
-{
-	u8 u[UUID_LEN], *use_uuid = NULL;
-	u8 addr[ETH_ALEN], *use_addr = NULL;
-	struct wpa_ssid *ssid;
-	struct wps_credential cred;
-	int ret;
-
-	if (uuid_str2bin(uuid, u) == 0)
-		use_uuid = u;
-	else if (hwaddr_aton(uuid, addr) == 0)
-		use_addr = addr;
-	else
-		return -1;
-	ssid = wpa_config_get_network(wpa_s->conf, id);
-	if (ssid == NULL || ssid->ssid == NULL)
-		return -1;
-
-	if (wpas_wps_network_to_cred(ssid, &cred) < 0)
-		return -1;
-	ret = wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred);
-	os_memset(&cred, 0, sizeof(cred));
-	return ret;
-}
-
-
-int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid,
-		       const char *pin, struct wps_new_ap_settings *settings)
-{
-	u8 u[UUID_LEN], *use_uuid = NULL;
-	u8 addr[ETH_ALEN], *use_addr = NULL;
-	struct wps_credential cred;
-	size_t len;
-
-	if (uuid_str2bin(uuid, u) == 0)
-		use_uuid = u;
-	else if (hwaddr_aton(uuid, addr) == 0)
-		use_addr = addr;
-	else
-		return -1;
-	if (settings->ssid_hex == NULL || settings->auth == NULL ||
-	    settings->encr == NULL || settings->key_hex == NULL)
-		return -1;
-
-	os_memset(&cred, 0, sizeof(cred));
-	len = os_strlen(settings->ssid_hex);
-	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
-	    hexstr2bin(settings->ssid_hex, cred.ssid, len / 2))
-		return -1;
-	cred.ssid_len = len / 2;
-
-	len = os_strlen(settings->key_hex);
-	if ((len & 1) || len > 2 * sizeof(cred.key) ||
-	    hexstr2bin(settings->key_hex, cred.key, len / 2))
-		return -1;
-	cred.key_len = len / 2;
-
-	if (os_strcmp(settings->auth, "OPEN") == 0)
-		cred.auth_type = WPS_AUTH_OPEN;
-	else if (os_strcmp(settings->auth, "WPAPSK") == 0)
-		cred.auth_type = WPS_AUTH_WPAPSK;
-	else if (os_strcmp(settings->auth, "WPA2PSK") == 0)
-		cred.auth_type = WPS_AUTH_WPA2PSK;
-	else
-		return -1;
-
-	if (os_strcmp(settings->encr, "NONE") == 0)
-		cred.encr_type = WPS_ENCR_NONE;
-#ifdef CONFIG_TESTING_OPTIONS
-	else if (os_strcmp(settings->encr, "WEP") == 0)
-		cred.encr_type = WPS_ENCR_WEP;
-#endif /* CONFIG_TESTING_OPTIONS */
-	else if (os_strcmp(settings->encr, "TKIP") == 0)
-		cred.encr_type = WPS_ENCR_TKIP;
-	else if (os_strcmp(settings->encr, "CCMP") == 0)
-		cred.encr_type = WPS_ENCR_AES;
-	else
-		return -1;
-
-	return wps_er_config(wpa_s->wps_er, use_uuid, use_addr,
-			     (const u8 *) pin, os_strlen(pin), &cred);
-}
-
-
-#ifdef CONFIG_WPS_NFC
-struct wpabuf * wpas_wps_er_nfc_config_token(struct wpa_supplicant *wpa_s,
-					     int ndef, const char *uuid)
-{
-	struct wpabuf *ret;
-	u8 u[UUID_LEN], *use_uuid = NULL;
-	u8 addr[ETH_ALEN], *use_addr = NULL;
-
-	if (!wpa_s->wps_er)
-		return NULL;
-
-	if (uuid_str2bin(uuid, u) == 0)
-		use_uuid = u;
-	else if (hwaddr_aton(uuid, addr) == 0)
-		use_addr = addr;
-	else
-		return NULL;
-
-	ret = wps_er_nfc_config_token(wpa_s->wps_er, use_uuid, use_addr);
-	if (ndef && ret) {
-		struct wpabuf *tmp;
-		tmp = ndef_build_wifi(ret);
-		wpabuf_free(ret);
-		if (tmp == NULL)
-			return NULL;
-		ret = tmp;
-	}
-
-	return ret;
-}
-#endif /* CONFIG_WPS_NFC */
-
-
-static int callbacks_pending = 0;
-
-static void wpas_wps_terminate_cb(void *ctx)
-{
-	wpa_printf(MSG_DEBUG, "WPS ER: Terminated");
-	if (--callbacks_pending <= 0)
-		eloop_terminate();
-}
-#endif /* CONFIG_WPS_ER */
-
-
-int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s)
-{
-#ifdef CONFIG_WPS_ER
-	if (wpa_s->wps_er) {
-		callbacks_pending++;
-		wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s);
-		wpa_s->wps_er = NULL;
-		return 1;
-	}
-#endif /* CONFIG_WPS_ER */
-	return 0;
-}
-
-
-void wpas_wps_update_config(struct wpa_supplicant *wpa_s)
-{
-	struct wps_context *wps = wpa_s->wps;
-
-	if (wps == NULL)
-		return;
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) {
-		wps->config_methods = wps_config_methods_str2bin(
-			wpa_s->conf->config_methods);
-		if ((wps->config_methods &
-		     (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
-		    (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
-			wpa_printf(MSG_ERROR, "WPS: Both Label and Display "
-				   "config methods are not allowed at the "
-				   "same time");
-			wps->config_methods &= ~WPS_CONFIG_LABEL;
-		}
-	}
-	wps->config_methods = wps_fix_config_methods(wps->config_methods);
-	wps->dev.config_methods = wps->config_methods;
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE)
-		os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
-			  WPS_DEV_TYPE_LEN);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) {
-		wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
-		os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
-			  wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN);
-	}
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_VENDOR_EXTENSION)
-		wpas_wps_set_vendor_ext_m1(wpa_s, wps);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION)
-		wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
-
-	if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID)
-		wpas_wps_set_uuid(wpa_s, wps);
-
-	if (wpa_s->conf->changed_parameters &
-	    (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) {
-		/* Update pointers to make sure they refer current values */
-		wps->dev.device_name = wpa_s->conf->device_name;
-		wps->dev.manufacturer = wpa_s->conf->manufacturer;
-		wps->dev.model_name = wpa_s->conf->model_name;
-		wps->dev.model_number = wpa_s->conf->model_number;
-		wps->dev.serial_number = wpa_s->conf->serial_number;
-	}
-}
-
-
-void wpas_wps_update_mac_addr(struct wpa_supplicant *wpa_s)
-{
-	struct wps_context *wps;
-
-	wps = wpa_s->wps;
-	if (wps)
-		os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
-}
-
-
-#ifdef CONFIG_WPS_NFC
-
-#ifdef CONFIG_WPS_ER
-static struct wpabuf *
-wpas_wps_network_config_token(struct wpa_supplicant *wpa_s, int ndef,
-			      struct wpa_ssid *ssid)
-{
-	struct wpabuf *ret;
-	struct wps_credential cred;
-
-	if (wpas_wps_network_to_cred(ssid, &cred) < 0)
-		return NULL;
-
-	ret = wps_er_config_token_from_cred(wpa_s->wps, &cred);
-
-	if (ndef && ret) {
-		struct wpabuf *tmp;
-		tmp = ndef_build_wifi(ret);
-		wpabuf_free(ret);
-		if (tmp == NULL)
-			return NULL;
-		ret = tmp;
-	}
-
-	return ret;
-}
-#endif /* CONFIG_WPS_ER */
-
-
-struct wpabuf * wpas_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
-					  int ndef, const char *id_str)
-{
-#ifdef CONFIG_WPS_ER
-	if (id_str) {
-		int id;
-		char *end = NULL;
-		struct wpa_ssid *ssid;
-
-		id = strtol(id_str, &end, 10);
-		if (end && *end)
-			return NULL;
-
-		ssid = wpa_config_get_network(wpa_s->conf, id);
-		if (ssid == NULL)
-			return NULL;
-		return wpas_wps_network_config_token(wpa_s, ndef, ssid);
-	}
-#endif /* CONFIG_WPS_ER */
-#ifdef CONFIG_AP
-	if (wpa_s->ap_iface)
-		return wpas_ap_wps_nfc_config_token(wpa_s, ndef);
-#endif /* CONFIG_AP */
-	return NULL;
-}
-
-
-struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
-{
-	if (wpa_s->conf->wps_nfc_pw_from_config) {
-		return wps_nfc_token_build(ndef,
-					   wpa_s->conf->wps_nfc_dev_pw_id,
-					   wpa_s->conf->wps_nfc_dh_pubkey,
-					   wpa_s->conf->wps_nfc_dev_pw);
-	}
-
-	return wps_nfc_token_gen(ndef, &wpa_s->conf->wps_nfc_dev_pw_id,
-				 &wpa_s->conf->wps_nfc_dh_pubkey,
-				 &wpa_s->conf->wps_nfc_dh_privkey,
-				 &wpa_s->conf->wps_nfc_dev_pw);
-}
-
-
-int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *go_dev_addr,
-		       const u8 *bssid,
-		       const struct wpabuf *dev_pw, u16 dev_pw_id,
-		       int p2p_group, const u8 *peer_pubkey_hash,
-		       const u8 *ssid, size_t ssid_len, int freq)
-{
-	struct wps_context *wps = wpa_s->wps;
-	char pw[32 * 2 + 1];
-
-	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) {
-		dev_pw = wpa_s->conf->wps_nfc_dev_pw;
-		dev_pw_id = wpa_s->conf->wps_nfc_dev_pw_id;
-	}
-
-	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL ||
-	    wpa_s->conf->wps_nfc_dh_privkey == NULL) {
-		wpa_printf(MSG_DEBUG, "WPS: Missing DH params - "
-			   "cannot start NFC-triggered connection");
-		return -1;
-	}
-
-	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) {
-		wpa_printf(MSG_DEBUG, "WPS: Missing Device Password (id=%u) - "
-			   "cannot start NFC-triggered connection", dev_pw_id);
-		return -1;
-	}
-
-	dh5_free(wps->dh_ctx);
-	wpabuf_free(wps->dh_pubkey);
-	wpabuf_free(wps->dh_privkey);
-	wps->dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
-	wps->dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
-	if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) {
-		wps->dh_ctx = NULL;
-		wpabuf_free(wps->dh_pubkey);
-		wps->dh_pubkey = NULL;
-		wpabuf_free(wps->dh_privkey);
-		wps->dh_privkey = NULL;
-		wpa_printf(MSG_DEBUG, "WPS: Failed to get DH priv/pub key");
-		return -1;
-	}
-	wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey);
-	if (wps->dh_ctx == NULL) {
-		wpabuf_free(wps->dh_pubkey);
-		wps->dh_pubkey = NULL;
-		wpabuf_free(wps->dh_privkey);
-		wps->dh_privkey = NULL;
-		wpa_printf(MSG_DEBUG, "WPS: Failed to initialize DH context");
-		return -1;
-	}
-
-	if (dev_pw) {
-		wpa_snprintf_hex_uppercase(pw, sizeof(pw),
-					   wpabuf_head(dev_pw),
-					   wpabuf_len(dev_pw));
-	}
-	return wpas_wps_start_dev_pw(wpa_s, go_dev_addr, bssid,
-				     dev_pw ? pw : NULL,
-				     p2p_group, dev_pw_id, peer_pubkey_hash,
-				     ssid, ssid_len, freq);
-}
-
-
-static int wpas_wps_use_cred(struct wpa_supplicant *wpa_s,
-			     struct wps_parse_attr *attr)
-{
-	/*
-	 * Disable existing networks temporarily to allow the newly learned
-	 * credential to be preferred. Enable the temporarily disabled networks
-	 * after 10 seconds.
-	 */
-	wpas_wps_temp_disable(wpa_s, NULL);
-	eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
-			       NULL);
-
-	if (wps_oob_use_cred(wpa_s->wps, attr) < 0)
-		return -1;
-
-	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
-		return 0;
-
-	if (attr->ap_channel) {
-		u16 chan = WPA_GET_BE16(attr->ap_channel);
-		int freq = 0;
-
-		if (chan >= 1 && chan <= 13)
-			freq = 2407 + 5 * chan;
-		else if (chan == 14)
-			freq = 2484;
-		else if (chan >= 30)
-			freq = 5000 + 5 * chan;
-
-		if (freq) {
-			wpa_printf(MSG_DEBUG, "WPS: Credential container indicated AP channel %u -> %u MHz",
-				   chan, freq);
-			wpa_s->after_wps = 5;
-			wpa_s->wps_freq = freq;
-		}
-	}
-
-	wpa_printf(MSG_DEBUG, "WPS: Request reconnection with new network "
-		   "based on the received credential added");
-	wpa_s->normal_scans = 0;
-	wpa_supplicant_reinit_autoscan(wpa_s);
-	wpa_s->disconnected = 0;
-	wpa_s->reassociate = 1;
-
-	wpa_supplicant_cancel_sched_scan(wpa_s);
-	wpa_supplicant_req_scan(wpa_s, 0, 0);
-
-	return 0;
-}
-
-
-#ifdef CONFIG_WPS_ER
-static int wpas_wps_add_nfc_password_token(struct wpa_supplicant *wpa_s,
-					   struct wps_parse_attr *attr)
-{
-	return wps_registrar_add_nfc_password_token(
-		wpa_s->wps->registrar, attr->oob_dev_password,
-		attr->oob_dev_password_len);
-}
-#endif /* CONFIG_WPS_ER */
-
-
-static int wpas_wps_nfc_tag_process(struct wpa_supplicant *wpa_s,
-				    const struct wpabuf *wps)
-{
-	struct wps_parse_attr attr;
-
-	wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
-
-	if (wps_parse_msg(wps, &attr)) {
-		wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
-		return -1;
-	}
-
-	if (attr.num_cred)
-		return wpas_wps_use_cred(wpa_s, &attr);
-
-#ifdef CONFIG_WPS_ER
-	if (attr.oob_dev_password)
-		return wpas_wps_add_nfc_password_token(wpa_s, &attr);
-#endif /* CONFIG_WPS_ER */
-
-	wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
-	return -1;
-}
-
-
-int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
-			  const struct wpabuf *data, int forced_freq)
-{
-	const struct wpabuf *wps = data;
-	struct wpabuf *tmp = NULL;
-	int ret;
-
-	if (wpabuf_len(data) < 4)
-		return -1;
-
-	if (*wpabuf_head_u8(data) != 0x10) {
-		/* Assume this contains full NDEF record */
-		tmp = ndef_parse_wifi(data);
-		if (tmp == NULL) {
-#ifdef CONFIG_P2P
-			tmp = ndef_parse_p2p(data);
-			if (tmp) {
-				ret = wpas_p2p_nfc_tag_process(wpa_s, tmp,
-							       forced_freq);
-				wpabuf_free(tmp);
-				return ret;
-			}
-#endif /* CONFIG_P2P */
-			wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
-			return -1;
-		}
-		wps = tmp;
-	}
-
-	ret = wpas_wps_nfc_tag_process(wpa_s, wps);
-	wpabuf_free(tmp);
-	return ret;
-}
-
-
-struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s,
-					  int ndef)
-{
-	struct wpabuf *ret;
-
-	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL &&
-	    wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
-			   &wpa_s->conf->wps_nfc_dh_privkey) < 0)
-		return NULL;
-
-	ret = wps_build_nfc_handover_req(wpa_s->wps,
-					 wpa_s->conf->wps_nfc_dh_pubkey);
-
-	if (ndef && ret) {
-		struct wpabuf *tmp;
-		tmp = ndef_build_wifi(ret);
-		wpabuf_free(ret);
-		if (tmp == NULL)
-			return NULL;
-		ret = tmp;
-	}
-
-	return ret;
-}
-
-
-#ifdef CONFIG_WPS_NFC
-
-static struct wpabuf *
-wpas_wps_er_nfc_handover_sel(struct wpa_supplicant *wpa_s, int ndef,
-			     const char *uuid)
-{
-#ifdef CONFIG_WPS_ER
-	struct wpabuf *ret;
-	u8 u[UUID_LEN], *use_uuid = NULL;
-	u8 addr[ETH_ALEN], *use_addr = NULL;
-	struct wps_context *wps = wpa_s->wps;
-
-	if (wps == NULL)
-		return NULL;
-
-	if (uuid == NULL)
-		return NULL;
-	if (uuid_str2bin(uuid, u) == 0)
-		use_uuid = u;
-	else if (hwaddr_aton(uuid, addr) == 0)
-		use_addr = addr;
-	else
-		return NULL;
-
-	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL) {
-		if (wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
-				   &wpa_s->conf->wps_nfc_dh_privkey) < 0)
-			return NULL;
-	}
-
-	wpas_wps_nfc_clear(wps);
-	wps->ap_nfc_dev_pw_id = DEV_PW_NFC_CONNECTION_HANDOVER;
-	wps->ap_nfc_dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
-	wps->ap_nfc_dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
-	if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey) {
-		wpas_wps_nfc_clear(wps);
-		return NULL;
-	}
-
-	ret = wps_er_nfc_handover_sel(wpa_s->wps_er, wpa_s->wps, use_uuid,
-				      use_addr, wpa_s->conf->wps_nfc_dh_pubkey);
-	if (ndef && ret) {
-		struct wpabuf *tmp;
-		tmp = ndef_build_wifi(ret);
-		wpabuf_free(ret);
-		if (tmp == NULL)
-			return NULL;
-		ret = tmp;
-	}
-
-	return ret;
-#else /* CONFIG_WPS_ER */
-	return NULL;
-#endif /* CONFIG_WPS_ER */
-}
-#endif /* CONFIG_WPS_NFC */
-
-
-struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-					  int ndef, int cr, const char *uuid)
-{
-	struct wpabuf *ret;
-	if (!cr)
-		return NULL;
-	ret = wpas_ap_wps_nfc_handover_sel(wpa_s, ndef);
-	if (ret)
-		return ret;
-	return wpas_wps_er_nfc_handover_sel(wpa_s, ndef, uuid);
-}
-
-
-static int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s,
-					const struct wpabuf *data)
-{
-	struct wpabuf *wps;
-	int ret = -1;
-	u16 wsc_len;
-	const u8 *pos;
-	struct wpabuf msg;
-	struct wps_parse_attr attr;
-	u16 dev_pw_id;
-	const u8 *bssid = NULL;
-	int freq = 0;
-
-	wps = ndef_parse_wifi(data);
-	if (wps == NULL)
-		return -1;
-	wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
-		   "payload from NFC connection handover");
-	wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
-	if (wpabuf_len(wps) < 2) {
-		wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Select "
-			   "Message");
-		goto out;
-	}
-	pos = wpabuf_head(wps);
-	wsc_len = WPA_GET_BE16(pos);
-	if (wsc_len > wpabuf_len(wps) - 2) {
-		wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
-			   "in Wi-Fi Handover Select Message", wsc_len);
-		goto out;
-	}
-	pos += 2;
-
-	wpa_hexdump(MSG_DEBUG,
-		    "WPS: WSC attributes in Wi-Fi Handover Select Message",
-		    pos, wsc_len);
-	if (wsc_len < wpabuf_len(wps) - 2) {
-		wpa_hexdump(MSG_DEBUG,
-			    "WPS: Ignore extra data after WSC attributes",
-			    pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
-	}
-
-	wpabuf_set(&msg, pos, wsc_len);
-	ret = wps_parse_msg(&msg, &attr);
-	if (ret < 0) {
-		wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
-			   "Wi-Fi Handover Select Message");
-		goto out;
-	}
-
-	if (attr.oob_dev_password == NULL ||
-	    attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
-		wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
-			   "included in Wi-Fi Handover Select Message");
-		ret = -1;
-		goto out;
-	}
-
-	if (attr.ssid == NULL) {
-		wpa_printf(MSG_DEBUG, "WPS: No SSID included in Wi-Fi Handover "
-			   "Select Message");
-		ret = -1;
-		goto out;
-	}
-
-	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", attr.ssid, attr.ssid_len);
-
-	if (attr.mac_addr) {
-		bssid = attr.mac_addr;
-		wpa_printf(MSG_DEBUG, "WPS: MAC Address (BSSID): " MACSTR,
-			   MAC2STR(bssid));
-	}
-
-	if (attr.rf_bands)
-		wpa_printf(MSG_DEBUG, "WPS: RF Bands: %d", *attr.rf_bands);
-
-	if (attr.ap_channel) {
-		u16 chan = WPA_GET_BE16(attr.ap_channel);
-
-		wpa_printf(MSG_DEBUG, "WPS: AP Channel: %d", chan);
-
-		if (chan >= 1 && chan <= 13 &&
-		    (attr.rf_bands == NULL || *attr.rf_bands & WPS_RF_24GHZ))
-			freq = 2407 + 5 * chan;
-		else if (chan == 14 &&
-			 (attr.rf_bands == NULL ||
-			  *attr.rf_bands & WPS_RF_24GHZ))
-			freq = 2484;
-		else if (chan >= 30 &&
-			 (attr.rf_bands == NULL ||
-			  *attr.rf_bands & WPS_RF_50GHZ))
-			freq = 5000 + 5 * chan;
-		else if (chan >= 1 && chan <= 6 &&
-			 (attr.rf_bands == NULL ||
-			  *attr.rf_bands & WPS_RF_60GHZ))
-			freq = 56160 + 2160 * chan;
-
-		if (freq) {
-			wpa_printf(MSG_DEBUG,
-				   "WPS: AP indicated channel %u -> %u MHz",
-				   chan, freq);
-		}
-	}
-
-	wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
-		    attr.oob_dev_password, attr.oob_dev_password_len);
-	dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
-				 WPS_OOB_PUBKEY_HASH_LEN);
-	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
-		wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
-			   "%u in Wi-Fi Handover Select Message", dev_pw_id);
-		ret = -1;
-		goto out;
-	}
-	wpa_hexdump(MSG_DEBUG, "WPS: AP Public Key hash",
-		    attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
-
-	ret = wpas_wps_start_nfc(wpa_s, NULL, bssid, NULL, dev_pw_id, 0,
-				 attr.oob_dev_password,
-				 attr.ssid, attr.ssid_len, freq);
-
-out:
-	wpabuf_free(wps);
-	return ret;
-}
-
-
-int wpas_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
-				 const struct wpabuf *req,
-				 const struct wpabuf *sel)
-{
-	wpa_printf(MSG_DEBUG, "NFC: WPS connection handover reported");
-	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in request", req);
-	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in select", sel);
-	return wpas_wps_nfc_rx_handover_sel(wpa_s, sel);
-}
-
-
-int wpas_er_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
-				    const struct wpabuf *req,
-				    const struct wpabuf *sel)
-{
-	struct wpabuf *wps;
-	int ret = -1;
-	u16 wsc_len;
-	const u8 *pos;
-	struct wpabuf msg;
-	struct wps_parse_attr attr;
-	u16 dev_pw_id;
-
-	/*
-	 * Enrollee/station is always initiator of the NFC connection handover,
-	 * so use the request message here to find Enrollee public key hash.
-	 */
-	wps = ndef_parse_wifi(req);
-	if (wps == NULL)
-		return -1;
-	wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
-		   "payload from NFC connection handover");
-	wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
-	if (wpabuf_len(wps) < 2) {
-		wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Request "
-			   "Message");
-		goto out;
-	}
-	pos = wpabuf_head(wps);
-	wsc_len = WPA_GET_BE16(pos);
-	if (wsc_len > wpabuf_len(wps) - 2) {
-		wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
-			   "in rt Wi-Fi Handover Request Message", wsc_len);
-		goto out;
-	}
-	pos += 2;
-
-	wpa_hexdump(MSG_DEBUG,
-		    "WPS: WSC attributes in Wi-Fi Handover Request Message",
-		    pos, wsc_len);
-	if (wsc_len < wpabuf_len(wps) - 2) {
-		wpa_hexdump(MSG_DEBUG,
-			    "WPS: Ignore extra data after WSC attributes",
-			    pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
-	}
-
-	wpabuf_set(&msg, pos, wsc_len);
-	ret = wps_parse_msg(&msg, &attr);
-	if (ret < 0) {
-		wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
-			   "Wi-Fi Handover Request Message");
-		goto out;
-	}
-
-	if (attr.oob_dev_password == NULL ||
-	    attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
-		wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
-			   "included in Wi-Fi Handover Request Message");
-		ret = -1;
-		goto out;
-	}
-
-	if (attr.uuid_e == NULL) {
-		wpa_printf(MSG_DEBUG, "WPS: No UUID-E included in Wi-Fi "
-			   "Handover Request Message");
-		ret = -1;
-		goto out;
-	}
-
-	wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", attr.uuid_e, WPS_UUID_LEN);
-
-	wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
-		    attr.oob_dev_password, attr.oob_dev_password_len);
-	dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
-				 WPS_OOB_PUBKEY_HASH_LEN);
-	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
-		wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
-			   "%u in Wi-Fi Handover Request Message", dev_pw_id);
-		ret = -1;
-		goto out;
-	}
-	wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Public Key hash",
-		    attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
-
-	ret = wps_registrar_add_nfc_pw_token(wpa_s->wps->registrar,
-					     attr.oob_dev_password,
-					     DEV_PW_NFC_CONNECTION_HANDOVER,
-					     NULL, 0, 1);
-
-out:
-	wpabuf_free(wps);
-	return ret;
-}
-
-#endif /* CONFIG_WPS_NFC */
-
-
-static void wpas_wps_dump_ap_info(struct wpa_supplicant *wpa_s)
-{
-	size_t i;
-	struct os_reltime now;
-
-	if (wpa_debug_level > MSG_DEBUG)
-		return;
-
-	if (wpa_s->wps_ap == NULL)
-		return;
-
-	os_get_reltime(&now);
-
-	for (i = 0; i < wpa_s->num_wps_ap; i++) {
-		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
-		struct wpa_bssid_ignore *e = wpa_bssid_ignore_get(wpa_s,
-								  ap->bssid);
-
-		wpa_printf(MSG_DEBUG, "WPS: AP[%d] " MACSTR " type=%d "
-			   "tries=%d last_attempt=%d sec ago bssid_ignore=%d",
-			   (int) i, MAC2STR(ap->bssid), ap->type, ap->tries,
-			   ap->last_attempt.sec > 0 ?
-			   (int) now.sec - (int) ap->last_attempt.sec : -1,
-			   e ? e->count : 0);
-	}
-}
-
-
-static struct wps_ap_info * wpas_wps_get_ap_info(struct wpa_supplicant *wpa_s,
-						 const u8 *bssid)
-{
-	size_t i;
-
-	if (wpa_s->wps_ap == NULL)
-		return NULL;
-
-	for (i = 0; i < wpa_s->num_wps_ap; i++) {
-		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
-		if (os_memcmp(ap->bssid, bssid, ETH_ALEN) == 0)
-			return ap;
-	}
-
-	return NULL;
-}
-
-
-static void wpas_wps_update_ap_info_bss(struct wpa_supplicant *wpa_s,
-					struct wpa_scan_res *res)
-{
-	struct wpabuf *wps;
-	enum wps_ap_info_type type;
-	struct wps_ap_info *ap;
-	int r, pbc_active;
-	const u8 *uuid;
-
-	if (wpa_scan_get_vendor_ie(res, WPS_IE_VENDOR_TYPE) == NULL)
-		return;
-
-	wps = wpa_scan_get_vendor_ie_multi(res, WPS_IE_VENDOR_TYPE);
-	if (wps == NULL)
-		return;
-
-	r = wps_is_addr_authorized(wps, wpa_s->own_addr, 1);
-	if (r == 2)
-		type = WPS_AP_SEL_REG_OUR;
-	else if (r == 1)
-		type = WPS_AP_SEL_REG;
-	else
-		type = WPS_AP_NOT_SEL_REG;
-
-	uuid = wps_get_uuid_e(wps);
-	pbc_active = wps_is_selected_pbc_registrar(wps);
-
-	ap = wpas_wps_get_ap_info(wpa_s, res->bssid);
-	if (ap) {
-		if (ap->type != type) {
-			wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR
-				   " changed type %d -> %d",
-				   MAC2STR(res->bssid), ap->type, type);
-			ap->type = type;
-			if (type != WPS_AP_NOT_SEL_REG)
-				wpa_bssid_ignore_del(wpa_s, ap->bssid);
-		}
-		ap->pbc_active = pbc_active;
-		if (uuid)
-			os_memcpy(ap->uuid, uuid, WPS_UUID_LEN);
-		goto out;
-	}
-
-	ap = os_realloc_array(wpa_s->wps_ap, wpa_s->num_wps_ap + 1,
-			      sizeof(struct wps_ap_info));
-	if (ap == NULL)
-		goto out;
-
-	wpa_s->wps_ap = ap;
-	ap = &wpa_s->wps_ap[wpa_s->num_wps_ap];
-	wpa_s->num_wps_ap++;
-
-	os_memset(ap, 0, sizeof(*ap));
-	os_memcpy(ap->bssid, res->bssid, ETH_ALEN);
-	ap->type = type;
-	ap->pbc_active = pbc_active;
-	if (uuid)
-		os_memcpy(ap->uuid, uuid, WPS_UUID_LEN);
-	wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR " type %d added",
-		   MAC2STR(ap->bssid), ap->type);
-
-out:
-	wpabuf_free(wps);
-}
-
-
-void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s,
-			     struct wpa_scan_results *scan_res)
-{
-	size_t i;
-
-	for (i = 0; i < scan_res->num; i++)
-		wpas_wps_update_ap_info_bss(wpa_s, scan_res->res[i]);
-
-	wpas_wps_dump_ap_info(wpa_s);
-}
-
-
-void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *bssid)
-{
-	struct wps_ap_info *ap;
-
-	wpa_s->after_wps = 0;
-
-	if (!wpa_s->wps_ap_iter)
-		return;
-	ap = wpas_wps_get_ap_info(wpa_s, bssid);
-	if (ap == NULL)
-		return;
-	ap->tries++;
-	os_get_reltime(&ap->last_attempt);
-}
diff --git a/wpa_supplicant/wps_supplicant.h b/wpa_supplicant/wps_supplicant.h
deleted file mode 100644
index c55936ceeaaf..000000000000
--- a/wpa_supplicant/wps_supplicant.h
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * wpa_supplicant / WPS integration
- * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef WPS_SUPPLICANT_H
-#define WPS_SUPPLICANT_H
-
-struct wpa_scan_results;
-
-#ifdef CONFIG_WPS
-
-#include "wps/wps.h"
-#include "wps/wps_defs.h"
-
-struct wpa_bss;
-
-struct wps_new_ap_settings {
-	const char *ssid_hex;
-	const char *auth;
-	const char *encr;
-	const char *key_hex;
-};
-
-int wpas_wps_init(struct wpa_supplicant *wpa_s);
-void wpas_wps_deinit(struct wpa_supplicant *wpa_s);
-int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s);
-enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid);
-int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       int p2p_group, int multi_ap_backhaul_sta);
-int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       const char *pin, int p2p_group, u16 dev_pw_id);
-void wpas_wps_pbc_overlap(struct wpa_supplicant *wpa_s);
-int wpas_wps_cancel(struct wpa_supplicant *wpa_s);
-int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       const char *pin, struct wps_new_ap_settings *settings);
-int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
-			    struct wpa_ssid *ssid, struct wpa_bss *bss);
-int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
-			      struct wpa_ssid *ssid, struct wpa_bss *bss);
-int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
-			      struct wpa_bss *selected, struct wpa_ssid *ssid);
-void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s);
-int wpas_wps_searching(struct wpa_supplicant *wpa_s);
-int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *pos,
-			      char *end);
-int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter);
-void wpas_wps_er_stop(struct wpa_supplicant *wpa_s);
-int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr,
-			const char *uuid, const char *pin);
-int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid);
-int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid,
-		      const char *pin);
-int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid,
-			   int id);
-int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid,
-		       const char *pin, struct wps_new_ap_settings *settings);
-struct wpabuf * wpas_wps_er_nfc_config_token(struct wpa_supplicant *wpa_s,
-					     int ndef, const char *uuid);
-int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s);
-void wpas_wps_update_config(struct wpa_supplicant *wpa_s);
-void wpas_wps_update_mac_addr(struct wpa_supplicant *wpa_s);
-struct wpabuf * wpas_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
-					  int ndef, const char *id_str);
-struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef);
-int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *dev_addr,
-		       const u8 *bssid,
-		       const struct wpabuf *dev_pw, u16 dev_pw_id,
-		       int p2p_group, const u8 *peer_pubkey_hash,
-		       const u8 *ssid, size_t ssid_len, int freq);
-int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
-			  const struct wpabuf *data, int forced_freq);
-struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s,
-					  int ndef);
-struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
-					  int ndef, int cr, const char *uuid);
-int wpas_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
-				 const struct wpabuf *req,
-				 const struct wpabuf *sel);
-int wpas_er_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
-				    const struct wpabuf *req,
-				    const struct wpabuf *sel);
-void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s,
-			     struct wpa_scan_results *scan_res);
-void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *bssid);
-int wpas_wps_reenable_networks_pending(struct wpa_supplicant *wpa_s);
-
-#else /* CONFIG_WPS */
-
-static inline int wpas_wps_init(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void wpas_wps_deinit(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline u8 wpas_wps_get_req_type(struct wpa_ssid *ssid)
-{
-	return 0;
-}
-
-static inline int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
-					  struct wpa_ssid *ssid,
-					  struct wpa_bss *bss)
-{
-	return -1;
-}
-
-static inline int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
-					    struct wpa_ssid *ssid,
-					    struct wpa_bss *bss)
-{
-	return 0;
-}
-
-static inline int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
-					    struct wpa_bss *selected,
-					    struct wpa_ssid *ssid)
-{
-	return 0;
-}
-
-static inline void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s)
-{
-}
-
-static inline int wpas_wps_searching(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s,
-					   struct wpa_scan_results *scan_res)
-{
-}
-
-static inline void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s,
-					 const u8 *bssid)
-{
-}
-
-static inline int
-wpas_wps_reenable_networks_pending(struct wpa_supplicant *wpa_s)
-{
-	return 0;
-}
-
-static inline void wpas_wps_update_mac_addr(struct wpa_supplicant *wpa_s)
-{
-}
-
-#endif /* CONFIG_WPS */
-
-#endif /* WPS_SUPPLICANT_H */
diff --git a/wpadebug/.gitignore b/wpadebug/.gitignore
deleted file mode 100644
index baf2c7838a0d..000000000000
--- a/wpadebug/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-bin
-gen
-local.properties
-proguard-project.txt
diff --git a/wpadebug/AndroidManifest.xml b/wpadebug/AndroidManifest.xml
deleted file mode 100644
index 0d8dec396dd6..000000000000
--- a/wpadebug/AndroidManifest.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-      package="w1.fi.wpadebug"
-      android:versionCode="1"
-      android:versionName="1.0">
-    <uses-sdk android:minSdkVersion="10" android:targetSdkVersion="17" />
-    <uses-permission android:name="android.permission.NFC" />
-    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
-    <uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
-    <uses-permission android:name="android.permission.INTERNET" />
-	<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
-    <application android:label="wpadebug" android:usesCleartextTraffic="true">
-        <activity android:name="w1.fi.wpadebug.MainActivity"
-                  android:label="wpadebug">
-            <intent-filter>
-                <action android:name="android.intent.action.MAIN" />
-                <category android:name="android.intent.category.LAUNCHER" />
-            </intent-filter>
-        </activity>
-	<activity android:name="w1.fi.wpadebug.DisplayMessageActivity"
-		  android:label="Operation result"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.WpaNfcActivity"
-		  android:label="wpa_supplicant NFC operation"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-            <intent-filter>
-		<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
-		<category android:name="android.intent.category.DEFAULT"/>
-		<data android:mimeType="application/vnd.wfa.wsc" />
-            </intent-filter>
-	</activity>
-	<activity android:name="w1.fi.wpadebug.CommandListActivity"
-		  android:label="Command list"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.WpaCommandListActivity"
-		  android:label="WPA command list"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.WpaCredActivity"
-		  android:label="Credentials"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.WpaCredEditActivity"
-		  android:label="Credential"
-		  android:parentActivityName="w1.fi.wpadebug.WpaCredActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.QrCodeScannerActivity"
-		  android:label="QR Code Reader"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.QrCodeDisplayActivity"
-		  android:label="QR Code Display"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity
-		  android:name="w1.fi.wpadebug.InputUri"
-		  android:label="Input URI"
-		  android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity
-		  android:name="w1.fi.wpadebug.QrCodeReadActivity"
-		  android:label="Start Scan"
-		 android:parentActivityName="w1.fi.wpadebug.MainActivity">
-	</activity>
-	<activity android:name="w1.fi.wpadebug.WpaWebViewActivity"
-		  android:label="WebView"
-		  android:launchMode="singleTop"
-		  android:noHistory="true">
-            <intent-filter>
-                <action android:name="android.intent.action.MAIN" />
-            </intent-filter>
-	</activity>
-	<receiver android:name="w1.fi.wpadebug.WifiReceiver">
-		<intent-filter>
-			<action android:name="android.net.wifi.STATE_CHANGE" />
-			<action android:name="android.net.wifi.RSSI_CHANGED" />
-			<action android:name="android.net.wifi.SCAN_RESULTS" />
-			<action android:name="android.net.wifi.supplicant.CONNECTION_CHANGE" />
-			<action android:name="android.net.wifi.supplicant.STATE_CHANGE" />
-			<action android:name="android.net.wifi.WIFI_STATE_CHANGED" />
-		</intent-filter>
-	</receiver>
-    </application>
-</manifest>
diff --git a/wpadebug/README b/wpadebug/README
deleted file mode 100644
index f66f0c212dc9..000000000000
--- a/wpadebug/README
+++ /dev/null
@@ -1,78 +0,0 @@
-wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
-Copyright (c) 2013, Jouni Malinen <j@w1.fi> and contributors
-All Rights Reserved.
-
-This program is licensed under the BSD license (the one with
-advertisement clause removed). See the top level README for detailed
-license text.
-
-If you are submitting changes to the project, please see CONTRIBUTIONS
-file for more instructions.
-
-
-NOTE! This Android app is for debugging and testing purposes only. It is
-not supposed to be installed on a production use device and doing so may
-result in complete loss of security protections on the device.
-
-
-
-Build
------
-
-- Install Android SDK and build tools
-
-wpadebug depends on zxing core to launch QR code display/scanning.
-To build zxing core:
-
-- mkdir hostap/wpadebug/libs # target for the jar file
-- Install maven tool
-- clone latest zxing code [git clone https://github.com/zxing/zxing.git]
-- cd zxing/core
-- run: mvn install -DskipTests
-- copy target/core-*.*.*-SNAPSHOT.jar to hostap/wpadebug/libs
-
-To build wpadebug application:
-
-- update project target if desired; for example:
-  android list targets
-  android update project --target 1 --path $PWD
-- run: ant debug
-
-
-Installation (with adb over USB)
-------------
-
-adb install bin/wpadebug-debug.apk
-
-NOTE: Following steps enable any app on the system to get root access!
-This is not suitable for any production use. This is needed for direct
-wpa_supplicant access and some networking operating in general. You can
-still use rest of the wpadebug app without doing this, but those
-functions will not work unless this step part of installation is
-done. It should be obvious that these steps require a rooted device. In
-addition, if you do not understand what the following commands do,
-please do not run them.
-
-adb root
-adb remount
-adb shell cp /system/bin/mksh /system/bin/mksh-su
-adb shell chmod 6755 /system/bin/mksh-su
-
-Optionally, a text file with a set of command can be installed to allow
-arbitrary shell commands to be executed. This text file need to be in
-/data/local/wpadebug.cmds and use title@command format per line. For
-example:
-version@cat /proc/version
-
-Similarly, /data/local/wpadebug.wpacmds can be used to define additional
-wpa_supplicant control interface commands.
-
-
-Uninstallation
---------------
-
-adb root
-adb remount
-adb shell rm /system/bin/mksh-su
-
-adb uninstall w1.fi.wpadebug
diff --git a/wpadebug/build.xml b/wpadebug/build.xml
deleted file mode 100644
index 5301e69bcc7f..000000000000
--- a/wpadebug/build.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project name="wpadebug" default="help">
-    <property file="local.properties" />
-    <property file="ant.properties" />
-    <property environment="env" />
-    <condition property="sdk.dir" value="${env.ANDROID_HOME}">
-        <isset property="env.ANDROID_HOME" />
-    </condition>
-    <loadproperties srcFile="project.properties" />
-    <fail
-            message="sdk.dir is missing. Make sure to generate local.properties using 'android update project' or to inject it through the ANDROID_HOME environment variable."
-            unless="sdk.dir"
-    />
-    <import file="custom_rules.xml" optional="true" />
-    <!-- version-tag: 1 -->
-    <import file="${sdk.dir}/tools/ant/build.xml" />
-</project>
diff --git a/wpadebug/project.properties b/wpadebug/project.properties
deleted file mode 100644
index 36cc0ce32096..000000000000
--- a/wpadebug/project.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-# Project target.
-target=android-22
diff --git a/wpadebug/res/layout/cred_edit.xml b/wpadebug/res/layout/cred_edit.xml
deleted file mode 100644
index 292b30abbffd..000000000000
--- a/wpadebug/res/layout/cred_edit.xml
+++ /dev/null
@@ -1,117 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-    android:layout_width="match_parent"
-    android:layout_height="wrap_content"
-    android:orientation="vertical"
-    >
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<TextView
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Username"
-		    />
-		<EditText android:id="@+id/cred_edit_username"
-			  android:layout_weight="1"
-			  android:layout_width="0dp"
-			  android:layout_height="wrap_content"
-			  android:singleLine="true"
-			  android:lines="1"
-			  />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<TextView
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Realm"
-		    />
-		<EditText android:id="@+id/cred_edit_realm"
-			  android:layout_weight="1"
-			  android:layout_width="0dp"
-			  android:layout_height="wrap_content"
-			  android:singleLine="true"
-			  android:lines="1"
-			  />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<TextView
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Password"
-		    />
-		<EditText android:id="@+id/cred_edit_password"
-			  android:layout_weight="1"
-			  android:layout_width="0dp"
-			  android:layout_height="wrap_content"
-			  android:singleLine="true"
-			  android:lines="1"
-			  android:inputType="textPassword"
-			  />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<TextView
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Domain"
-		    />
-		<EditText android:id="@+id/cred_edit_domain"
-			  android:layout_weight="1"
-			  android:layout_width="0dp"
-			  android:layout_height="wrap_content"
-			  android:singleLine="true"
-			  android:lines="1"
-			  />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<TextView
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="IMSI"
-		    />
-		<EditText android:id="@+id/cred_edit_imsi"
-			  android:layout_weight="1"
-			  android:layout_width="0dp"
-			  android:layout_height="wrap_content"
-			  android:singleLine="true"
-			  android:lines="1"
-			  android:hint="Used only with SIM/USIM testing"
-			  />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Save"
-		    android:onClick="credSave"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Cancel"
-		    android:onClick="credCancel"
-		    />
-	</LinearLayout>
-</LinearLayout>
diff --git a/wpadebug/res/layout/input_uri.xml b/wpadebug/res/layout/input_uri.xml
deleted file mode 100644
index ab391fbed72e..000000000000
--- a/wpadebug/res/layout/input_uri.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:app="http://schemas.android.com/apk/res-auto"
-    xmlns:tools="http://schemas.android.com/tools"
-    android:layout_width="match_parent"
-    android:layout_height="match_parent"
-    tools:context="w1.fi.wpadebug.InputUri">
-	<LinearLayout
-	    android:layout_width="match_parent"
-	    android:gravity="center"
-	    android:orientation="vertical"
-	    android:layout_margin="30dp"
-	    android:layout_height="wrap_content">
-
-		<EditText
-		    android:id="@+id/edit_uri"
-		    android:layout_width="match_parent"
-		    android:layout_height="130dp" />
-
-		<Button
-		    android:id="@+id/submit_uri"
-		    android:layout_width="wrap_content"
-		    android:text="Submit"
-		    android:layout_height="wrap_content" />
-	</LinearLayout>
-</LinearLayout>
diff --git a/wpadebug/res/layout/main.xml b/wpadebug/res/layout/main.xml
deleted file mode 100644
index cbdbfb961980..000000000000
--- a/wpadebug/res/layout/main.xml
+++ /dev/null
@@ -1,160 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-    android:layout_width="match_parent"
-    android:layout_height="wrap_content"
-    android:orientation="vertical"
-    >
-	<TextView
-	    android:layout_width="wrap_content"
-	    android:layout_height="wrap_content"
-	    android:text="Framework commands"
-	    />
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="WifiManager"
-		    android:onClick="wifiManagerInfo"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="WifiInfo"
-		    android:onClick="wifiInfo"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Networks"
-		    android:onClick="wifiConfiguredNetworks"
-		    />
-	</LinearLayout>
-	<TextView
-	    android:layout_width="wrap_content"
-	    android:layout_height="wrap_content"
-	    android:text="wpa_supplicant commands"
-	    />
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="wpa_supplicant commands"
-		    android:onClick="runWpaCommands"
-		    />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Credentials"
-		    android:onClick="runWpaCredentials"
-		    />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="log:info"
-		    android:onClick="wpaLogLevelInfo"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="log:debug"
-		    android:onClick="wpaLogLevelDebug"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="log:excessive"
-		    android:onClick="wpaLogLevelExcessive"
-		    />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<EditText android:id="@+id/edit_cmd"
-			  android:layout_weight="1"
-			  android:layout_width="0dp"
-			  android:layout_height="wrap_content"
-			  android:hint="wpa_cli command"
-			  />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Run"
-		    android:onClick="runWpaCliCmd"
-		    />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="Shell commands"
-		    android:onClick="runCommands"
-		    />
-	</LinearLayout>
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="QR Scan"
-		    android:onClick="runQrScan"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="QR Input"
-		    android:onClick="runQrInput"
-		    />
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="QR Display"
-		    android:onClick="runQrDisplay"
-		    />
-	</LinearLayout>
-	<TextView
-	    android:layout_width="wrap_content"
-	    android:layout_height="wrap_content"
-	    android:text="NFC commands"
-	    />
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-		      android:layout_width="match_parent"
-		      android:layout_height="wrap_content"
-		      android:orientation="horizontal"
-		      >
-		<Button
-		    android:layout_width="wrap_content"
-		    android:layout_height="wrap_content"
-		    android:text="WPS handover request"
-		    android:onClick="nfcWpsHandoverRequest"
-		    />
-	</LinearLayout>
-</LinearLayout>
diff --git a/wpadebug/res/layout/qrcode.xml b/wpadebug/res/layout/qrcode.xml
deleted file mode 100644
index 8cf50de374e1..000000000000
--- a/wpadebug/res/layout/qrcode.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-	android:orientation="vertical"
-	android:layout_width="match_parent"
-	android:layout_height="match_parent"
-	android:gravity="center_horizontal">
-	<ImageView
-		android:id="@+id/qrCode"
-		android:layout_width="350dp"
-		android:layout_height="350dp"
-		android:layout_marginTop="20dp"
-		/>
-</LinearLayout>
\ No newline at end of file
diff --git a/wpadebug/res/raw/shell_commands.txt b/wpadebug/res/raw/shell_commands.txt
deleted file mode 100644
index 9b45d652a065..000000000000
--- a/wpadebug/res/raw/shell_commands.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-id@id
-version@cat /proc/version
diff --git a/wpadebug/res/raw/wpa_commands.txt b/wpadebug/res/raw/wpa_commands.txt
deleted file mode 100644
index 3baa01c8bb5b..000000000000
--- a/wpadebug/res/raw/wpa_commands.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Status@STATUS
-PMKSA cache@PMKSA
-Networks@LIST_NETWORKS
-Interworking connect@INTERWORKING_SELECT auto
-Creds@LIST_CREDS
-Scan results@SCAN_RESULTS
-Flush@FLUSH
-Disconnect@DISCONNECT
-Reassociate@REASSOCIATE
diff --git a/wpadebug/src/w1/fi/wpadebug/CommandListActivity.java b/wpadebug/src/w1/fi/wpadebug/CommandListActivity.java
deleted file mode 100644
index 6d7ad4dd6678..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/CommandListActivity.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import java.util.ArrayList;
-import java.util.Scanner;
-import java.io.FileReader;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.InputStream;
-import java.io.IOException;
-
-import android.app.ListActivity;
-import android.content.Intent;
-import android.os.Bundle;
-import android.os.Parcelable;
-import android.view.View;
-import android.widget.ListView;
-import android.widget.ArrayAdapter;
-import android.widget.Toast;
-import android.text.method.ScrollingMovementMethod;
-import android.util.Log;
-
-class CmdList
-{
-    String title;
-    String command;
-
-    public CmdList(String _title, String _command)
-    {
-	title = _title;
-	command = _command;
-    }
-
-    @Override
-    public String toString()
-    {
-	return title;
-    }
-}
-
-public class CommandListActivity extends ListActivity
-{
-    private static final String TAG = "wpadebug";
-    private static final String cmdfile = "/data/local/wpadebug.cmds";
-
-    private void read_commands(ArrayList<CmdList> list, Scanner in)
-    {
-	in.useDelimiter("@");
-	while (in.hasNext()) {
-	    String title = in.next();
-	    String cmd = in.nextLine().substring(1);
-	    list.add(new CmdList(title, cmd));
-	}
-	in.close();
-    }
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-        super.onCreate(savedInstanceState);
-
-	ArrayList<CmdList> list = new ArrayList<CmdList>();
-
-	FileReader in;
-	try {
-	    in = new FileReader(cmdfile);
-	    read_commands(list, new Scanner(in));
-	} catch (IOException e) {
-	    Toast.makeText(this, "Could not read " + cmdfile,
-			   Toast.LENGTH_SHORT).show();
-	}
-
-	InputStream inres;
-	try {
-	    inres = getResources().openRawResource(R.raw.shell_commands);
-	    read_commands(list, new Scanner(inres));
-	} catch (android.content.res.Resources.NotFoundException e) {
-	    Toast.makeText(this, "Could not read internal resource",
-			   Toast.LENGTH_SHORT).show();
-	}
-
-	ArrayAdapter<CmdList> listAdapter;
-	listAdapter = new ArrayAdapter<CmdList>(this, android.R.layout.simple_list_item_1, list);
-
-	setListAdapter(listAdapter);
-    }
-
-    @Override
-    protected void onListItemClick(ListView l, View v, int position, long id)
-    {
-	CmdList item = (CmdList) getListAdapter().getItem(position);
-	Toast.makeText(this, "Running: " + item.command,
-		       Toast.LENGTH_SHORT).show();
-	String message = run(item.command);
-	if (message == null)
-	    return;
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	intent.putExtra(MainActivity.EXTRA_MESSAGE, message);
-	startActivity(intent);
-    }
-
-    private String run(String cmd)
-    {
-	try {
-	    Process proc = Runtime.getRuntime().exec(new String[]{"/system/bin/mksh-su", "-c", cmd});
-	    BufferedReader reader = new BufferedReader(new InputStreamReader(proc.getInputStream()));
-	    StringBuffer output = new StringBuffer();
-	    int read;
-	    char[] buffer = new char[1024];
-	    while ((read = reader.read(buffer)) > 0)
-		output.append(buffer, 0, read);
-	    reader.close();
-	    proc.waitFor();
-	    return output.toString();
-	} catch (IOException e) {
-	    Toast.makeText(this, "Could not run command",
-			   Toast.LENGTH_LONG).show();
-	    return null;
-	} catch (InterruptedException e) {
-	    throw new RuntimeException(e);
-	}
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/DisplayMessageActivity.java b/wpadebug/src/w1/fi/wpadebug/DisplayMessageActivity.java
deleted file mode 100644
index 28ef85f39169..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/DisplayMessageActivity.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.os.Bundle;
-import android.os.Parcelable;
-import android.view.MenuItem;
-import android.content.Intent;
-import android.widget.TextView;
-import android.text.method.ScrollingMovementMethod;
-import android.util.Log;
-
-public class DisplayMessageActivity extends Activity
-{
-    private static final String TAG = "wpadebug";
-
-    String byteArrayHex(byte[] a) {
-	StringBuilder sb = new StringBuilder();
-	for (byte b: a)
-	    sb.append(String.format("%02x", b));
-	return sb.toString();
-    }
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-	Log.d(TAG, "onCreate");
-        super.onCreate(savedInstanceState);
-
-	// Get the message from the intent
-	Intent intent = getIntent();
-	String action = intent.getAction();
-	Log.d(TAG, "onCreate: action=" + action);
-
-	String message = intent.getStringExtra(MainActivity.EXTRA_MESSAGE);
-
-	TextView textView = new TextView(this);
-	textView.setText(message);
-	textView.setMovementMethod(new ScrollingMovementMethod());
-        setContentView(textView);
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/InputUri.java b/wpadebug/src/w1/fi/wpadebug/InputUri.java
deleted file mode 100644
index ea1fa99d2a3e..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/InputUri.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2018, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.os.Bundle;
-import android.text.Editable;
-import android.text.TextWatcher;
-import android.view.View;
-import android.widget.Button;
-import android.widget.EditText;
-import android.util.Log;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-
-public class InputUri extends Activity {
-
-    private EditText mEditText;
-    private Button mSubmitButton;
-    private String mUriText;
-    private static final String FILE_NAME = "wpadebug_qrdata.txt";
-    private static final String TAG = "wpadebug";
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        setContentView(R.layout.input_uri);
-        mEditText = (EditText)findViewById(R.id.edit_uri);
-        mSubmitButton = (Button)findViewById(R.id.submit_uri);
-
-	mEditText.addTextChangedListener(new TextWatcher() {
-		@Override
-		public void onTextChanged(CharSequence s, int start, int before,
-					  int count) {
-		    mUriText = mEditText.getText().toString();
-		    if (mUriText.startsWith("DPP:") &&
-			mUriText.endsWith(";;")) {
-			writeToFile(mUriText);
-			finish();
-		    }
-		}
-
-		@Override
-		public void beforeTextChanged(CharSequence s, int start,
-					      int count, int after) {
-		}
-
-		@Override
-		public void afterTextChanged(Editable s) {
-		}
-	    });
-    }
-
-    @Override
-    protected void onResume() {
-        super.onResume();
-        mSubmitButton.setOnClickListener(new View.OnClickListener() {
-            @Override
-            public void onClick(View view) {
-                mUriText = mEditText.getText().toString();
-                new Thread(new Runnable() {
-                    @Override
-                    public void run() {
-                        writeToFile(mUriText);
-
-                        InputUri.this.runOnUiThread(new Runnable() {
-                            @Override
-                            public void run() {
-                                finish();
-                            }
-                        });
-                    }
-                }).start();
-
-            }
-
-        });
-    }
-
-    public void writeToFile(String data)
-    {
-        File file = new File("/sdcard", FILE_NAME);
-        try
-        {
-            file.createNewFile();
-            FileOutputStream fOut = new FileOutputStream(file);
-            OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut);
-            myOutWriter.append(mUriText);
-            myOutWriter.close();
-
-            fOut.flush();
-            fOut.close();
-        }
-        catch (IOException e)
-        {
-            Log.e(TAG, "File write failed: " + e.toString());
-        }
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/MainActivity.java b/wpadebug/src/w1/fi/wpadebug/MainActivity.java
deleted file mode 100644
index 4c37b481f1bf..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/MainActivity.java
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.IOException;
-
-import android.app.Activity;
-import android.app.AlertDialog;
-import android.os.Bundle;
-import android.view.View;
-import android.content.Intent;
-import android.content.Context;
-import android.content.DialogInterface;
-import android.widget.EditText;
-import android.widget.Toast;
-import android.util.Log;
-import android.net.wifi.WifiManager;
-import android.net.wifi.WifiInfo;
-import android.net.wifi.WifiConfiguration;
-import android.nfc.NdefMessage;
-import android.nfc.NdefRecord;
-import android.nfc.NfcAdapter;
-
-public class MainActivity extends Activity
-{
-    public final static String EXTRA_MESSAGE = "w1.fi.wpadebug.MESSAGE";
-    private static final String TAG = "wpadebug";
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-        super.onCreate(savedInstanceState);
-        setContentView(R.layout.main);
-    }
-
-    public void runCommands(View view)
-    {
-	Intent intent = new Intent(this, CommandListActivity.class);
-	startActivity(intent);
-    }
-
-    public void runQrScan(View view)
-    {
-	Intent intent = new Intent(this, QrCodeScannerActivity.class);
-	startActivity(intent);
-    }
-
-    public void runQrInput(View view)
-    {
-	Intent intent = new Intent(this, InputUri.class);
-	startActivity(intent);
-    }
-
-    public void runQrDisplay(View view)
-    {
-	Intent intent = new Intent(this, QrCodeDisplayActivity.class);
-	startActivity(intent);
-    }
-
-    public void runWpaCommands(View view)
-    {
-	Intent intent = new Intent(this, WpaCommandListActivity.class);
-	startActivity(intent);
-    }
-
-    public void runWpaCredentials(View view)
-    {
-	Intent intent = new Intent(this, WpaCredActivity.class);
-	startActivity(intent);
-    }
-
-    public void runWpaCliCmd(View view)
-    {
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	EditText editText = (EditText) findViewById(R.id.edit_cmd);
-	String cmd = editText.getText().toString();
-	if (cmd.trim().length() == 0) {
-	    show_alert("wpa_cli command", "Invalid command");
-	    return;
-	}
-	wpaCmd(view, cmd);
-    }
-
-    public void wpaLogLevelInfo(View view)
-    {
-	wpaCmd(view, "LOG_LEVEL INFO 1");
-    }
-
-    public void wpaLogLevelDebug(View view)
-    {
-	wpaCmd(view, "LOG_LEVEL DEBUG 1");
-    }
-
-    public void wpaLogLevelExcessive(View view)
-    {
-	wpaCmd(view, "LOG_LEVEL EXCESSIVE 1");
-    }
-
-    private void wpaCmd(View view, String cmd)
-    {
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	String message = run("wpa_cli " + cmd);
-	if (message == null)
-	    return;
-	intent.putExtra(EXTRA_MESSAGE, message);
-	startActivity(intent);
-    }
-
-    private String run(String cmd)
-    {
-	try {
-	    Log.d(TAG, "Running external process: " + cmd);
-	    Process proc = Runtime.getRuntime().exec(new String[]{"/system/bin/mksh-su", "-c", cmd});
-	    BufferedReader reader = new BufferedReader(new InputStreamReader(proc.getInputStream()));
-	    StringBuffer output = new StringBuffer();
-	    int read;
-	    char[] buffer = new char[1024];
-	    while ((read = reader.read(buffer)) > 0)
-		output.append(buffer, 0, read);
-	    reader.close();
-	    proc.waitFor();
-	    Log.d(TAG, "External process completed - exitValue " +
-		  proc.exitValue());
-	    return output.toString();
-	} catch (IOException e) {
-	    show_alert("Could not run external program",
-		       "Execution of an external program failed. " +
-		       "Maybe mksh-su was not installed.");
-	    return null;
-	} catch (InterruptedException e) {
-	    throw new RuntimeException(e);
-	}
-    }
-
-    private void show_alert(String title, String message)
-    {
-	AlertDialog.Builder alert = new AlertDialog.Builder(this);
-	alert.setTitle(title);
-	alert.setMessage(message);
-	alert.setPositiveButton("OK", new DialogInterface.OnClickListener() {
-		public void onClick(DialogInterface dialog, int id)
-		{
-		}
-	    });
-	alert.create().show();
-    }
-
-    public void wifiManagerInfo(View view)
-    {
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	WifiManager manager = (WifiManager) getSystemService(Context.WIFI_SERVICE);
-	String message = "WifiState: " + manager.getWifiState() + "\n" +
-	    "WifiEnabled: " + manager.isWifiEnabled() + "\n" +
-	    "pingSupplicant: " + manager.pingSupplicant() + "\n" +
-	    "DhcpInfo: " + manager.getDhcpInfo().toString() + "\n";
-	intent.putExtra(EXTRA_MESSAGE, message);
-	startActivity(intent);
-    }
-
-    public void wifiInfo(View view)
-    {
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	WifiManager manager = (WifiManager) getSystemService(Context.WIFI_SERVICE);
-	WifiInfo wifi = manager.getConnectionInfo();
-	String message = wifi.toString() + "\n" + wifi.getSupplicantState();
-	intent.putExtra(EXTRA_MESSAGE, message);
-	startActivity(intent);
-    }
-
-    public void wifiConfiguredNetworks(View view)
-    {
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	WifiManager manager = (WifiManager) getSystemService(Context.WIFI_SERVICE);
-	StringBuilder sb = new StringBuilder();
-	for (WifiConfiguration n: manager.getConfiguredNetworks())
-	    sb.append(n.toString() + "\n");
-	intent.putExtra(EXTRA_MESSAGE, sb.toString());
-	startActivity(intent);
-    }
-
-    public void nfcWpsHandoverRequest(View view)
-    {
-	NfcAdapter nfc;
-	nfc = NfcAdapter.getDefaultAdapter(this);
-	if (nfc == null) {
-	    Toast.makeText(this, "NFC is not available",
-			   Toast.LENGTH_LONG).show();
-	    return;
-	}
-
-	NdefMessage msg;
-	msg = new NdefMessage(new NdefRecord[] {
-		NdefRecord.createMime("application/vnd.wfa.wsc",
-				      new byte[0])
-	    });
-
-	nfc.setNdefPushMessage(msg, this);
-	Toast.makeText(this, "NFC push message (WSC) configured",
-		       Toast.LENGTH_LONG).show();
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/QrCodeDisplayActivity.java b/wpadebug/src/w1/fi/wpadebug/QrCodeDisplayActivity.java
deleted file mode 100644
index 10c9c0144fe4..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/QrCodeDisplayActivity.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2018, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.graphics.Bitmap;
-import android.os.Bundle;
-import android.text.TextUtils;
-import android.util.Log;
-import android.widget.ImageView;
-
-import com.google.zxing.BarcodeFormat;
-import com.google.zxing.MultiFormatWriter;
-import com.google.zxing.WriterException;
-import com.google.zxing.common.BitMatrix;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStreamReader;
-
-public class QrCodeDisplayActivity extends Activity {
-
-    private static final String TAG = "wpadebug";
-    private static final String FILE_NAME = "wpadebug_qrdata.txt";
-    private ImageView imageView;
-
-    // Below set of configs are used for QR code display window
-    private final static int WHITE = 0xFFFFFFFF;
-    private final static int BLACK = 0xFF000000;
-    private final static int WIDTH = 400;
-    private final static int HEIGHT = 400;
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        // create imageview for this and attach to this activity.
-        setContentView(R.layout.qrcode);
-        imageView = (ImageView) findViewById(R.id.qrCode);
-        String str = readFromFile(FILE_NAME);
-
-        //Encode and launch qrcode now
-        try {
-            Bitmap bitmap = (TextUtils.isEmpty(str)) ? null : encodeAsBitmap(str);
-            if (bitmap != null) {
-                imageView.setImageBitmap(bitmap);
-            } else {
-                Log.e(TAG, "Failed to generate bitmap for uri=" + str);
-                finish();
-            }
-        } catch (WriterException e) {
-            e.printStackTrace();
-            finish();
-        }
-    }
-
-    private Bitmap encodeAsBitmap(String str) throws WriterException {
-        BitMatrix result;
-        try {
-            result = new MultiFormatWriter().encode(str, BarcodeFormat.QR_CODE, WIDTH, HEIGHT, null);
-        } catch (IllegalArgumentException iae) {
-            // Unsupported format
-            return null;
-        }
-
-        int width = result.getWidth();
-        int height = result.getHeight();
-        int[] pixels = new int[width * height];
-        for (int y = 0; y < height; y++) {
-            int offset = y * width;
-            for (int x = 0; x < width; x++) {
-                pixels[offset + x] = result.get(x, y) ? BLACK : WHITE;
-            }
-        }
-
-        Bitmap bitmap = Bitmap.createBitmap(width, height, Bitmap.Config.ARGB_8888);
-        bitmap.setPixels(pixels, 0, width, 0, 0, width, height);
-        return bitmap;
-    }
-
-    private String readFromFile(String filePath) {
-        try {
-            FileInputStream fis = new FileInputStream(new File("/sdcard", filePath));
-            BufferedReader br = new BufferedReader(new InputStreamReader(fis, "UTF-8"));
-            StringBuilder sb = new StringBuilder();
-            String line;
-            while(( line = br.readLine()) != null ) {
-                sb.append( line );
-                sb.append( '\n' );
-            }
-            return sb.toString();
-        }
-        catch (FileNotFoundException e) {
-            Log.e(TAG, "File not found: " + e.toString());
-        } catch (IOException e) {
-            Log.e(TAG, "Can not read file: " + e.toString());
-        }
-
-        return null;
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/QrCodeReadActivity.java b/wpadebug/src/w1/fi/wpadebug/QrCodeReadActivity.java
deleted file mode 100644
index f21eccba8660..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/QrCodeReadActivity.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2018, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.util.Log;
-import android.content.Intent;
-import android.hardware.Camera;
-import android.os.Bundle;
-
-public class QrCodeReadActivity extends Activity {
-
-    private static final String TAG = "wpadebug";
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        int numberOfCameras = Camera.getNumberOfCameras();
-
-        if (numberOfCameras > 0) {
-            Log.e(TAG, "Number of cameras found: " + numberOfCameras);
-            Intent QrCodeScanIntent = new Intent(QrCodeReadActivity.this,
-						 QrCodeScannerActivity.class);
-            QrCodeReadActivity.this.startActivity(QrCodeScanIntent);
-            finish();
-        } else {
-            Log.e(TAG, "No cameras found, input the QR Code");
-            Intent QrCodeInputIntent = new Intent(QrCodeReadActivity.this,
-						  InputUri.class);
-            QrCodeReadActivity.this.startActivity(QrCodeInputIntent);
-            finish();
-        }
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/QrCodeScannerActivity.java b/wpadebug/src/w1/fi/wpadebug/QrCodeScannerActivity.java
deleted file mode 100644
index 4b3591c725dc..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/QrCodeScannerActivity.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2018, The Linux Foundation
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.content.ActivityNotFoundException;
-import android.content.Intent;
-import android.os.Bundle;
-import android.util.Log;
-import android.widget.Toast;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-
-public class QrCodeScannerActivity extends Activity {
-
-    private static final String TAG = "wpadebug";
-    private static final String RESULT = "SCAN_RESULT";
-    private static final String FILE_NAME = "wpadebug_qrdata.txt";
-    private static final String ACTION = "com.google.zxing.client.android.SCAN";
-
-    private static final int QRCODE = 1;
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-
-        Intent intent = new Intent();
-        intent.setAction(ACTION);
-	intent.putExtra("SCAN_MODE", "QR_CODE_MODE");
-	intent.putExtra("PROMPT_MESSAGE",
-			"Place a QR Code inside the viewfinder rectangle to scan it.");
-        try {
-            startActivityForResult(intent, QRCODE);
-        } catch (ActivityNotFoundException e) {
-            Log.e(TAG, "No QR code scanner found with name=" + ACTION);
-            Toast.makeText(QrCodeScannerActivity.this, "QR code scanner not found", Toast.LENGTH_SHORT).show();
-            finish();
-        }
-    }
-
-    @Override
-    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
-	Log.d(TAG, "onActivityResult: requestCode=" + requestCode + " resultCode=" + resultCode);
-        if (requestCode == QRCODE && resultCode == RESULT_OK) {
-	    String contents = data.getStringExtra(RESULT);
-	    writeToFile(contents);
-	    Log.d(TAG, "onActivityResult: QRCODE RESULT_OK: " + contents);
-	    finishActivity(requestCode);
-            finish();
-        }
-    }
-
-    public void writeToFile(String data)
-    {
-        File file = new File("/sdcard", FILE_NAME);
-        try
-        {
-            file.createNewFile();
-            FileOutputStream fOut = new FileOutputStream(file);
-            OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut);
-            myOutWriter.append(data);
-
-            myOutWriter.close();
-
-            fOut.flush();
-            fOut.close();
-        }
-        catch (IOException e)
-        {
-            Log.e(TAG, "File write failed: " + e.toString());
-        }
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/WifiReceiver.java b/wpadebug/src/w1/fi/wpadebug/WifiReceiver.java
deleted file mode 100644
index d69e05d69ebb..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/WifiReceiver.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.content.BroadcastReceiver;
-import android.content.Context;
-import android.content.Intent;
-import android.net.NetworkInfo;
-import android.net.wifi.SupplicantState;
-import android.net.wifi.WifiInfo;
-import android.os.Bundle;
-import android.util.Log;
-
-public class WifiReceiver extends BroadcastReceiver
-{
-    private static final String TAG = "wpadebug";
-
-    @Override
-    public void onReceive(Context c, Intent intent)
-    {
-	String act = intent.getAction();
-	Log.d(TAG, "Received broadcast intent: action=" + act);
-
-	Bundle bundles = intent.getExtras();
-	if (bundles == null)
-	    return;
-
-	if (bundles.containsKey("bssid")) {
-	    String val;
-	    val = intent.getStringExtra("bssid");
-	    if (val != null)
-		Log.d(TAG, "  bssid: " + val);
-	}
-
-	if (bundles.containsKey("networkInfo")) {
-	    NetworkInfo info;
-	    info = (NetworkInfo) intent.getParcelableExtra("networkInfo");
-	    if (info != null)
-		Log.d(TAG, "  networkInfo: " + info);
-	}
-
-	if (bundles.containsKey("newRssi")) {
-	    int val;
-	    val = intent.getIntExtra("newRssi", -1);
-	    Log.d(TAG, "  newRssi: " + val);
-	}
-
-	if (bundles.containsKey("newState")) {
-	    SupplicantState state;
-	    state = (SupplicantState) intent.getParcelableExtra("newState");
-	    if (state != null)
-		Log.d(TAG, "  newState: " + state);
-	}
-
-	if (bundles.containsKey("previous_wifi_state")) {
-	    int wifi_state;
-	    wifi_state = intent.getIntExtra("previous_wifi_state", -1);
-	    if (wifi_state != -1)
-		Log.d(TAG, "  previous_wifi_state: " + wifi_state);
-	}
-
-	if (bundles.containsKey("connected")) {
-	    boolean connected;
-	    connected = intent.getBooleanExtra("connected", false);
-	    Log.d(TAG, "  connected: " + connected);
-	}
-
-	if (bundles.containsKey("supplicantError")) {
-	    int error;
-	    error = intent.getIntExtra("supplicantError", -1);
-	    if (error != -1)
-		Log.d(TAG, "  supplicantError: " + error);
-	}
-
-	if (bundles.containsKey("wifiInfo")) {
-	    WifiInfo info;
-	    info = (WifiInfo) intent.getParcelableExtra("wifiInfo");
-	    if (info != null)
-		Log.d(TAG, "  wifiInfo: " + info);
-	}
-
-	if (bundles.containsKey("wifi_state")) {
-	    int wifi_state;
-	    wifi_state = intent.getIntExtra("wifi_state", -1);
-	    if (wifi_state != -1)
-		Log.d(TAG, "  wifi_state: " + wifi_state);
-	}
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/WpaCommandListActivity.java b/wpadebug/src/w1/fi/wpadebug/WpaCommandListActivity.java
deleted file mode 100644
index e089179340ee..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/WpaCommandListActivity.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import java.util.ArrayList;
-import java.util.Scanner;
-import java.io.FileReader;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.InputStream;
-import java.io.IOException;
-
-import android.app.ListActivity;
-import android.content.Intent;
-import android.os.Bundle;
-import android.os.Parcelable;
-import android.view.View;
-import android.widget.ListView;
-import android.widget.ArrayAdapter;
-import android.widget.Toast;
-import android.text.method.ScrollingMovementMethod;
-import android.util.Log;
-
-public class WpaCommandListActivity extends ListActivity
-{
-    private static final String TAG = "wpadebug";
-    private static final String cmdfile = "/data/local/wpadebug.wpacmds";
-
-    private void read_commands(ArrayList<CmdList> list, Scanner in)
-    {
-	in.useDelimiter("@");
-	while (in.hasNext()) {
-	    String title = in.next();
-	    String cmd = in.nextLine().substring(1);
-	    list.add(new CmdList(title, cmd));
-	}
-	in.close();
-    }
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-        super.onCreate(savedInstanceState);
-
-	ArrayList<CmdList> list = new ArrayList<CmdList>();
-
-	FileReader in;
-	try {
-	    in = new FileReader(cmdfile);
-	    read_commands(list, new Scanner(in));
-	} catch (IOException e) {
-	    Toast.makeText(this, "Could not read " + cmdfile,
-			   Toast.LENGTH_SHORT).show();
-	}
-
-	InputStream inres;
-	try {
-	    inres = getResources().openRawResource(R.raw.wpa_commands);
-	    read_commands(list, new Scanner(inres));
-	} catch (android.content.res.Resources.NotFoundException e) {
-	    Toast.makeText(this, "Could not read internal resource",
-			   Toast.LENGTH_SHORT).show();
-	}
-
-	ArrayAdapter<CmdList> listAdapter;
-	listAdapter = new ArrayAdapter<CmdList>(this, android.R.layout.simple_list_item_1, list);
-
-	setListAdapter(listAdapter);
-    }
-
-    @Override
-    protected void onListItemClick(ListView l, View v, int position, long id)
-    {
-	CmdList item = (CmdList) getListAdapter().getItem(position);
-	Toast.makeText(this, "Running: " + item.command,
-		       Toast.LENGTH_SHORT).show();
-	String message = run(item.command);
-	if (message == null)
-	    return;
-	Intent intent = new Intent(this, DisplayMessageActivity.class);
-	intent.putExtra(MainActivity.EXTRA_MESSAGE, message);
-	startActivity(intent);
-    }
-
-    private String run(String cmd)
-    {
-	try {
-	    Process proc = Runtime.getRuntime().exec(new String[]{"/system/bin/mksh-su", "-c", "wpa_cli " + cmd});
-	    BufferedReader reader = new BufferedReader(new InputStreamReader(proc.getInputStream()));
-	    StringBuffer output = new StringBuffer();
-	    int read;
-	    char[] buffer = new char[1024];
-	    while ((read = reader.read(buffer)) > 0)
-		output.append(buffer, 0, read);
-	    reader.close();
-	    proc.waitFor();
-	    return output.toString();
-	} catch (IOException e) {
-	    Toast.makeText(this, "Could not run command",
-			   Toast.LENGTH_LONG).show();
-	    return null;
-	} catch (InterruptedException e) {
-	    throw new RuntimeException(e);
-	}
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/WpaCredActivity.java b/wpadebug/src/w1/fi/wpadebug/WpaCredActivity.java
deleted file mode 100644
index 3902f0964d0a..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/WpaCredActivity.java
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import java.util.ArrayList;
-import java.util.ListIterator;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.InputStream;
-import java.io.IOException;
-
-import android.app.ListActivity;
-import android.app.ActionBar;
-import android.content.Intent;
-import android.os.Bundle;
-import android.view.View;
-import android.view.Menu;
-import android.view.MenuItem;
-import android.widget.ListView;
-import android.widget.ArrayAdapter;
-import android.widget.Toast;
-import android.widget.AdapterView.AdapterContextMenuInfo;
-
-class Credential
-{
-    int id;
-    String realm;
-    String username;
-    String domain;
-    String imsi;
-
-    public Credential(String entry)
-    {
-	String fields[] = entry.split("\t");
-	id = Integer.parseInt(fields[0]);
-	if (fields.length > 1)
-	    realm = fields[1];
-	else
-	    realm = "";
-	if (fields.length > 2)
-	    username = fields[2];
-	else
-	    username = "";
-	if (fields.length > 3 && fields[3].length() > 0)
-	    domain = fields[3];
-	else
-	    domain = null;
-	if (fields.length > 4 && fields[4].length() > 0)
-	    imsi = fields[4];
-	else
-	    imsi = null;
-    }
-
-    public Credential(int _id, String _username, String _realm, String _domain,
-		      String _imsi)
-    {
-	id = _id;
-	username = _username;
-	realm = _realm;
-	domain = _domain;
-	imsi = _imsi;
-    }
-
-
-    @Override
-    public String toString()
-    {
-	String res = id + " - " + username + "@" + realm;
-	if (domain != null)
-	    res += " (domain=" + domain + ")";
-	if (imsi != null)
-	    res += " (imsi=" + imsi + ")";
-	return res;
-    }
-}
-
-public class WpaCredActivity extends ListActivity
-{
-    private static final String TAG = "wpadebug";
-    static final int CRED_EDIT_REQ = 0;
-    private ArrayList<Credential> mList;
-    private ArrayAdapter<Credential> mListAdapter;
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-        super.onCreate(savedInstanceState);
-
-	mList = new ArrayList<Credential>();
-
-	String res = run("LIST_CREDS");
-	if (res == null) {
-	    Toast.makeText(this, "Could not get credential list",
-			   Toast.LENGTH_LONG).show();
-	    finish();
-	    return;
-	}
-
-	String creds[] = res.split("\n");
-	for (String cred: creds) {
-	    if (Character.isDigit(cred.charAt(0)))
-		mList.add(new Credential(cred));
-	}
-
-	mListAdapter = new ArrayAdapter<Credential>(this, android.R.layout.simple_list_item_1, mList);
-
-	setListAdapter(mListAdapter);
-	registerForContextMenu(getListView());
-
-	ActionBar abar = getActionBar();
-    }
-
-    @Override
-    public boolean onCreateOptionsMenu(Menu menu)
-    {
-	menu.add(0, 0, 0, "Add credential");
-	return true;
-    }
-
-    protected void onActivityResult(int requestCode, int resultCode,
-				    Intent data)
-    {
-	if (requestCode == CRED_EDIT_REQ) {
-	    if (resultCode != RESULT_OK)
-		return;
-
-	    String username = data.getStringExtra("username");
-
-	    String realm = data.getStringExtra("realm");
-
-	    String domain = data.getStringExtra("domain");
-	    if (domain != null && domain.length() == 0)
-		domain = null;
-
-	    String imsi = data.getStringExtra("imsi");
-	    if (imsi != null && imsi.length() == 0)
-		imsi = null;
-
-	    String password = data.getStringExtra("password");
-	    if (password != null && password.length() == 0)
-		password = null;
-
-	    String res = run("ADD_CRED");
-	    if (res == null || res.contains("FAIL")) {
-		Toast.makeText(this, "Failed to add credential",
-			       Toast.LENGTH_LONG).show();
-		return;
-	    }
-
-	    int id = -1;
-	    String lines[] = res.split("\n");
-	    for (String line: lines) {
-		if (Character.isDigit(line.charAt(0))) {
-		    id = Integer.parseInt(line);
-		    break;
-		}
-	    }
-
-	    if (id < 0) {
-		Toast.makeText(this, "Failed to add credential (invalid id)",
-			       Toast.LENGTH_LONG).show();
-		return;
-	    }
-
-	    if (!set_cred_quoted(id, "username", username) ||
-		!set_cred_quoted(id, "realm", realm) ||
-		(password != null &&
-		 !set_cred_quoted(id, "password", password)) ||
-		(domain != null && !set_cred_quoted(id, "domain", domain)) ||
-		(imsi != null && !set_cred_quoted(id, "imsi", imsi))) {
-		run("REMOVE_CRED " + id);
-		Toast.makeText(this, "Failed to set credential field",
-			       Toast.LENGTH_LONG).show();
-		return;
-	    }
-
-	    mListAdapter.add(new Credential(id, username, realm, domain, imsi));
-	}
-    }
-
-    @Override
-    public boolean onOptionsItemSelected(MenuItem item)
-    {
-	if (item.getTitle().equals("Add credential")) {
-	    startActivityForResult(new Intent(this, WpaCredEditActivity.class),
-				   CRED_EDIT_REQ);
-	    return true;
-	}
-	return false;
-    }
-
-    public void onCreateContextMenu(android.view.ContextMenu menu, View v,
-				    android.view.ContextMenu.ContextMenuInfo menuInfo)
-    {
-	menu.add(0, v.getId(), 0, "Delete");
-    }
-
-    @Override
-    public boolean onContextItemSelected(MenuItem item)
-    {
-	if (item.getTitle().equals("Delete")) {
-	    AdapterContextMenuInfo info =
-		(AdapterContextMenuInfo) item.getMenuInfo();
-	    Credential cred = (Credential) getListAdapter().getItem(info.position);
-	    String res = run("REMOVE_CRED " + cred.id);
-	    if (res == null || !res.contains("OK")) {
-		Toast.makeText(this, "Failed to delete credential",
-			       Toast.LENGTH_LONG).show();
-	    } else
-		mListAdapter.remove(cred);
-	    return true;
-	}
-	return super.onContextItemSelected(item);
-    }
-
-    @Override
-    protected void onListItemClick(ListView l, View v, int position, long id)
-    {
-	Credential item = (Credential) getListAdapter().getItem(position);
-	Toast.makeText(this, "Credential selected: " + item,
-		       Toast.LENGTH_SHORT).show();
-    }
-
-    private String run(String cmd)
-    {
-	try {
-	    Process proc = Runtime.getRuntime().exec(new String[]{"/system/bin/mksh-su", "-c", "wpa_cli " + cmd});
-	    BufferedReader reader = new BufferedReader(new InputStreamReader(proc.getInputStream()));
-	    StringBuffer output = new StringBuffer();
-	    int read;
-	    char[] buffer = new char[1024];
-	    while ((read = reader.read(buffer)) > 0)
-		output.append(buffer, 0, read);
-	    reader.close();
-	    proc.waitFor();
-	    return output.toString();
-	} catch (IOException e) {
-	    Toast.makeText(this, "Could not run command",
-			   Toast.LENGTH_LONG).show();
-	    return null;
-	} catch (InterruptedException e) {
-	    throw new RuntimeException(e);
-	}
-    }
-
-    private boolean set_cred(int id, String field, String value)
-    {
-	String res = run("SET_CRED " + id + " " + field + " " + value);
-	return res != null && res.contains("OK");
-    }
-
-    private boolean set_cred_quoted(int id, String field, String value)
-    {
-	String value2 = "'\"" + value + "\"'";
-	return set_cred(id, field, value2);
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/WpaCredEditActivity.java b/wpadebug/src/w1/fi/wpadebug/WpaCredEditActivity.java
deleted file mode 100644
index 3f846c7b4e82..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/WpaCredEditActivity.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.content.Intent;
-import android.os.Bundle;
-import android.view.View;
-import android.widget.EditText;
-
-public class WpaCredEditActivity extends Activity
-{
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-        super.onCreate(savedInstanceState);
-        setContentView(R.layout.cred_edit);
-    }
-
-    public void credSave(View view)
-    {
-	Intent data = new Intent();
-	EditText edit;
-
-	edit = (EditText) findViewById(R.id.cred_edit_username);
-	data.putExtra("username", edit.getText().toString());
-
-	edit = (EditText) findViewById(R.id.cred_edit_realm);
-	data.putExtra("realm", edit.getText().toString());
-
-	edit = (EditText) findViewById(R.id.cred_edit_password);
-	data.putExtra("password", edit.getText().toString());
-
-	edit = (EditText) findViewById(R.id.cred_edit_domain);
-	data.putExtra("domain", edit.getText().toString());
-
-	edit = (EditText) findViewById(R.id.cred_edit_imsi);
-	data.putExtra("imsi", edit.getText().toString());
-
-	setResult(Activity.RESULT_OK, data);
-	finish();
-    }
-
-    public void credCancel(View view)
-    {
-	setResult(Activity.RESULT_CANCELED);
-	finish();
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/WpaNfcActivity.java b/wpadebug/src/w1/fi/wpadebug/WpaNfcActivity.java
deleted file mode 100644
index 6a1601723b6a..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/WpaNfcActivity.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.IOException;
-
-import android.app.Activity;
-import android.app.AlertDialog;
-import android.os.Bundle;
-import android.os.Parcelable;
-import android.view.MenuItem;
-import android.content.Intent;
-import android.content.DialogInterface;
-import android.widget.TextView;
-import android.widget.Toast;
-import android.text.method.ScrollingMovementMethod;
-import android.util.Log;
-import android.nfc.NdefMessage;
-import android.nfc.NdefRecord;
-import android.nfc.NfcAdapter;
-
-public class WpaNfcActivity extends Activity
-{
-    private static final String TAG = "wpadebug";
-
-    String byteArrayHex(byte[] a) {
-	StringBuilder sb = new StringBuilder();
-	for (byte b: a)
-	    sb.append(String.format("%02x", b));
-	return sb.toString();
-    }
-
-    private void show_alert(String title, String message)
-    {
-	AlertDialog.Builder alert = new AlertDialog.Builder(this);
-	alert.setTitle(title);
-	alert.setMessage(message);
-	alert.setPositiveButton("OK", new DialogInterface.OnClickListener() {
-		public void onClick(DialogInterface dialog, int id)
-		{
-		    finish();
-		}
-	    });
-	alert.create().show();
-    }
-
-    private String wpaCmd(String cmd)
-    {
-	try {
-	    Log.d(TAG, "Executing wpaCmd: " + cmd);
-	    Process proc = Runtime.getRuntime().exec(new String[]{"/system/bin/mksh-su", "-c", "wpa_cli " + cmd});
-	    BufferedReader reader = new BufferedReader(new InputStreamReader(proc.getInputStream()));
-	    StringBuffer output = new StringBuffer();
-	    int read;
-	    char[] buffer = new char[1024];
-	    while ((read = reader.read(buffer)) > 0)
-		output.append(buffer, 0, read);
-	    reader.close();
-	    proc.waitFor();
-	    Log.d(TAG, "External process completed - exitValue " +
-		  proc.exitValue());
-	    return output.toString();
-	} catch (IOException e) {
-	    show_alert("Could not run external program",
-		       "Execution of an external program failed. " +
-		       "Maybe mksh-su was not installed.");
-	    return null;
-	} catch (InterruptedException e) {
-	    throw new RuntimeException(e);
-	}
-    }
-
-    public boolean report_tag_read(byte[] payload)
-    {
-	String res = wpaCmd("WPS_NFC_TAG_READ " + byteArrayHex(payload));
-	if (res == null)
-	    return false;
-	if (!res.contains("OK")) {
-	    Toast.makeText(this, "Failed to report WSC tag read to " +
-			   "wpa_supplicant", Toast.LENGTH_LONG).show();
-	} else {
-	    Toast.makeText(this, "Reported WSC tag read to wpa_supplicant",
-			   Toast.LENGTH_LONG).show();
-	}
-	finish();
-	return true;
-    }
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-	super.onCreate(savedInstanceState);
-
-	Intent intent = getIntent();
-	String action = intent.getAction();
-	Log.d(TAG, "onCreate: action=" + action);
-
-	if (NfcAdapter.ACTION_NDEF_DISCOVERED.equals(action)) {
-	    Log.d(TAG, "NDEF discovered");
-	    Parcelable[] raw = intent.getParcelableArrayExtra(NfcAdapter.EXTRA_NDEF_MESSAGES);
-	    if (raw != null) {
-		Log.d(TAG, "NDEF message count: " + raw.length);
-		NdefMessage[] msgs = new NdefMessage[raw.length];
-		for (int i = 0; i < raw.length; i++) {
-		    msgs[i] = (NdefMessage) raw[i];
-		    NdefRecord rec = msgs[i].getRecords()[0];
-		    Log.d(TAG, "MIME type: " + rec.toMimeType());
-		    byte[] a = rec.getPayload();
-		    Log.d(TAG, "NDEF record: " + byteArrayHex(a));
-		    if (rec.getTnf() == NdefRecord.TNF_MIME_MEDIA &&
-			rec.toMimeType().equals("application/vnd/wfa.wsc")) {
-			Log.d(TAG, "WSC tag read");
-		    }
-
-		    if (!report_tag_read(a))
-			return;
-		}
-	    }
-	}
-
-	finish();
-    }
-}
diff --git a/wpadebug/src/w1/fi/wpadebug/WpaWebViewActivity.java b/wpadebug/src/w1/fi/wpadebug/WpaWebViewActivity.java
deleted file mode 100644
index a7c54fc680c9..000000000000
--- a/wpadebug/src/w1/fi/wpadebug/WpaWebViewActivity.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * wpadebug - wpa_supplicant and Wi-Fi debugging app for Android
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-package w1.fi.wpadebug;
-
-import android.app.Activity;
-import android.app.AlertDialog;
-import android.content.DialogInterface;
-import android.content.Intent;
-import android.content.res.Configuration;
-import android.net.http.SslError;
-import android.os.Bundle;
-import android.util.Log;
-import android.view.Window;
-import android.webkit.SslErrorHandler;
-import android.webkit.WebChromeClient;
-import android.webkit.WebView;
-import android.webkit.WebViewClient;
-import android.widget.Toast;
-
-public class WpaWebViewActivity extends Activity
-{
-    private static final String TAG = "wpadebug";
-    private static final String EXTRA_MESSAGE = "w1.fi.wpadebug.URL";
-    private WebView mWebView;
-    final Activity activity = this;
-
-    @Override
-    public void onCreate(Bundle savedInstanceState)
-    {
-	Log.d(TAG, "WpaWebViewActivity::onCreate");
-        super.onCreate(savedInstanceState);
-
-	Intent intent = getIntent();
-	String url = intent.getStringExtra(EXTRA_MESSAGE);
-	Log.d(TAG, "url=" + url);
-	if (url.equals("FINISH")) {
-	    finish();
-	    return;
-	}
-
-	mWebView = new WebView(this);
-	mWebView.getSettings().setJavaScriptEnabled(true);
-	mWebView.setWebViewClient(new WpaWebViewClient());
-
-	getWindow().requestFeature(Window.FEATURE_PROGRESS);
-
-	mWebView.setWebChromeClient(new WebChromeClient()
-	    {
-		public void onProgressChanged(WebView view, int progress)
-		{
-		    Log.d(TAG, "progress=" + progress);
-		    activity.setProgress(progress * 1000);
-		}
-	    });
-
-        setContentView(mWebView);
-
-	mWebView.loadUrl(url);
-    }
-
-    @Override
-    public void onResume()
-    {
-	Log.d(TAG, "WpaWebViewActivity::onResume");
-        super.onResume();
-    }
-
-    @Override
-    protected void onNewIntent(Intent intent)
-    {
-	Log.d(TAG, "WpaWebViewActivity::onNewIntent");
-	super.onNewIntent(intent);
-	String url = intent.getStringExtra(EXTRA_MESSAGE);
-	Log.d(TAG, "url=" + url);
-	setIntent(intent);
-	if (url.equals("FINISH")) {
-	    finish();
-	    return;
-	}
-	mWebView.loadUrl(url);
-    }
-
-    private class WpaWebViewClient extends WebViewClient {
-	@Override
-	public boolean shouldOverrideUrlLoading(WebView view, String url)
-	{
-	    Log.d(TAG, "shouldOverrideUrlLoading: url=" + url);
-	    Intent intent = getIntent();
-	    intent.putExtra(EXTRA_MESSAGE, url);
-
-	    view.loadUrl(url);
-	    return true;
-	}
-
-	@Override
-	public void onPageFinished(WebView view, String url)
-	{
-	    Log.d(TAG, "onPageFinished: url=" + url);
-	}
-
-	public void onReceivedError(WebView view, int errorCode,
-				    String description, String failingUrl)
-	{
-	    Log.d(TAG, "Failed to load page: errorCode=" +
-		  errorCode + " description=" + description +
-		  " URL=" + failingUrl);
-	    Toast.makeText(activity, "Failed to load page: " +
-			   description + " (URL=" + failingUrl + ")",
-			   Toast.LENGTH_LONG).show();
-	}
-
-	@Override
-	public void onReceivedSslError(WebView view, SslErrorHandler handler,
-				       SslError error)
-	{
-	    Log.d(TAG, "SSL error: " + error);
-
-	    final SslErrorHandler h = handler;
-	    AlertDialog.Builder alert = new AlertDialog.Builder(activity);
-	    alert.setTitle("SSL error - Continue?");
-	    alert.setMessage(error.toString())
-		.setCancelable(false)
-		.setPositiveButton("Yes", new DialogInterface.OnClickListener()
-		    {
-			public void onClick(DialogInterface dialog, int id)
-			{
-			    h.proceed();
-			}
-		    })
-		.setNegativeButton("No", new DialogInterface.OnClickListener()
-		    {
-			public void onClick(DialogInterface dialog, int id)
-			{
-			    h.cancel();
-			}
-		    });
-	    alert.show();
-	}
-    }
-}
diff --git a/wpaspy/Makefile b/wpaspy/Makefile
deleted file mode 100644
index 6f720a9fe121..000000000000
--- a/wpaspy/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-all: build
-
-SRC=wpaspy.c
-
-.PHONY: build
-build: $(SRC) setup.py
-	python setup.py build
-
-install:
-	python setup.py install
-
-clean:
-	python setup.py clean
-	rm -f *~
-	rm -rf build
diff --git a/wpaspy/setup.py b/wpaspy/setup.py
deleted file mode 100644
index 4dbf76540a23..000000000000
--- a/wpaspy/setup.py
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/python
-#
-# Python bindings for wpa_ctrl (wpa_supplicant/hostapd control interface)
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-from distutils.core import setup, Extension
-
-ext = Extension(name = 'wpaspy',
-                sources = ['../src/common/wpa_ctrl.c',
-                           '../src/utils/os_unix.c',
-                           'wpaspy.c'],
-                extra_compile_args = ["-I../src/common",
-                                      "-I../src/utils",
-                                      "-DCONFIG_CTRL_IFACE",
-                                      "-DCONFIG_CTRL_IFACE_UNIX"])
-
-setup(name = 'wpaspy',
-      ext_modules = [ext],
-      description = 'Python bindings for wpa_ctrl (wpa_supplicant/hostapd)')
diff --git a/wpaspy/test.py b/wpaspy/test.py
deleted file mode 100755
index 5e18fb23f744..000000000000
--- a/wpaspy/test.py
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/usr/bin/python
-#
-# Test script for wpaspy
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import sys
-import time
-import wpaspy
-
-wpas_ctrl = '/var/run/wpa_supplicant'
-
-def wpas_connect(host=None, port=9877):
-    ifaces = []
-
-    if host != None:
-        try:
-            wpas = wpaspy.Ctrl(host, port)
-            return wpas
-        except:
-            print("Could not connect to host: ", host)
-            return None
-
-    if os.path.isdir(wpas_ctrl):
-        try:
-            ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)]
-        except OSError as error:
-            print("Could not find wpa_supplicant: ", error)
-            return None
-
-    if len(ifaces) < 1:
-        print("No wpa_supplicant control interface found")
-        return None
-
-    for ctrl in ifaces:
-        try:
-            wpas = wpaspy.Ctrl(ctrl)
-            return wpas
-        except Exception as e:
-            pass
-    return None
-
-
-def main(host=None, port=9877):
-    print("Testing wpa_supplicant control interface connection")
-    wpas = wpas_connect(host, port)
-    if wpas is None:
-        return
-    print("Connected to wpa_supplicant")
-    print(wpas.request('PING'))
-
-    mon = wpas_connect(host, port)
-    if mon is None:
-        print("Could not open event monitor connection")
-        return
-
-    mon.attach()
-    print("Scan")
-    print(wpas.request('SCAN'))
-
-    count = 0
-    while count < 10:
-        count += 1
-        time.sleep(1)
-        while mon.pending():
-            ev = mon.recv()
-            print(ev)
-            if 'CTRL-EVENT-SCAN-RESULTS' in ev:
-                print('Scan completed')
-                print(wpas.request('SCAN_RESULTS'))
-                count = 10
-                pass
-
-
-if __name__ == "__main__":
-    if len(sys.argv) > 2:
-        main(host=sys.argv[1], port=int(sys.argv[2]))
-    else:
-        main()
diff --git a/wpaspy/wpaspy.c b/wpaspy/wpaspy.c
deleted file mode 100644
index 4d4c2a49569f..000000000000
--- a/wpaspy/wpaspy.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
- * Python bindings for wpa_ctrl (wpa_supplicant/hostapd control interface)
- * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include <Python.h>
-#include <structmember.h>
-
-#include "wpa_ctrl.h"
-
-
-struct wpaspy_obj {
-	PyObject_HEAD
-	struct wpa_ctrl *ctrl;
-	int attached;
-};
-
-static PyObject *wpaspy_error;
-
-
-static int wpaspy_open(struct wpaspy_obj *self, PyObject *args)
-{
-	const char *path;
-
-	if (!PyArg_ParseTuple(args, "s", &path))
-		return -1;
-	self->ctrl = wpa_ctrl_open(path);
-	if (self->ctrl == NULL)
-		return -1;
-	self->attached = 0;
-	return 0;
-}
-
-
-static void wpaspy_close(struct wpaspy_obj *self)
-{
-	if (self->ctrl) {
-		if (self->attached)
-			wpa_ctrl_detach(self->ctrl);
-		wpa_ctrl_close(self->ctrl);
-		self->ctrl = NULL;
-	}
-
-	PyObject_Del(self);
-}
-
-
-static PyObject * wpaspy_request(struct wpaspy_obj *self, PyObject *args)
-{
-	const char *cmd;
-	char buf[4096];
-	size_t buflen;
-	int ret;
-
-	if (!PyArg_ParseTuple(args, "s", &cmd))
-		return NULL;
-
-	buflen = sizeof(buf) - 1;
-	ret = wpa_ctrl_request(self->ctrl, cmd, strlen(cmd), buf, &buflen,
-			       NULL);
-	if (ret == -2) {
-		PyErr_SetString(wpaspy_error, "Request timed out");
-		return NULL;
-	}
-	if (ret) {
-		PyErr_SetString(wpaspy_error, "Request failed");
-		return NULL;
-	}
-
-	buf[buflen] = '\0';
-	return Py_BuildValue("s", buf);
-}
-
-
-static PyObject * wpaspy_attach(struct wpaspy_obj *self)
-{
-	int ret;
-
-	if (self->attached)
-		Py_RETURN_NONE;
-
-	ret = wpa_ctrl_attach(self->ctrl);
-	if (ret) {
-		PyErr_SetString(wpaspy_error, "Attach failed");
-		return NULL;
-	}
-	Py_RETURN_NONE;
-}
-
-
-static PyObject * wpaspy_detach(struct wpaspy_obj *self)
-{
-	int ret;
-
-	if (!self->attached)
-		Py_RETURN_NONE;
-
-	ret = wpa_ctrl_detach(self->ctrl);
-	if (ret) {
-		PyErr_SetString(wpaspy_error, "Detach failed");
-		return NULL;
-	}
-	Py_RETURN_NONE;
-}
-
-
-static PyObject * wpaspy_pending(struct wpaspy_obj *self)
-{
-	switch (wpa_ctrl_pending(self->ctrl)) {
-	case 1:
-		Py_RETURN_TRUE;
-	case 0:
-		Py_RETURN_FALSE;
-	default:
-		PyErr_SetString(wpaspy_error, "wpa_ctrl_pending failed");
-		break;
-	}
-
-	return NULL;
-}
-
-
-static PyObject * wpaspy_recv(struct wpaspy_obj *self)
-{
-	int ret;
-	char buf[4096];
-	size_t buflen;
-
-	buflen = sizeof(buf) - 1;
-	Py_BEGIN_ALLOW_THREADS
-	ret = wpa_ctrl_recv(self->ctrl, buf, &buflen);
-	Py_END_ALLOW_THREADS
-
-	if (ret) {
-		PyErr_SetString(wpaspy_error, "wpa_ctrl_recv failed");
-		return NULL;
-	}
-
-	buf[buflen] = '\0';
-	return Py_BuildValue("s", buf);
-}
-
-
-static PyMethodDef wpaspy_methods[] = {
-	{
-		"request", (PyCFunction) wpaspy_request, METH_VARARGS,
-		"Send a control interface command and return response"
-	},
-	{
-		"attach", (PyCFunction) wpaspy_attach, METH_NOARGS,
-		"Attach as an event monitor"
-	},
-	{
-		"detach", (PyCFunction) wpaspy_detach, METH_NOARGS,
-		"Detach an event monitor"
-	},
-	{
-		"pending", (PyCFunction) wpaspy_pending, METH_NOARGS,
-		"Check whether any events are pending"
-	},
-	{
-		"recv", (PyCFunction) wpaspy_recv, METH_NOARGS,
-		"Received pending event"
-	},
-	{ NULL, NULL, 0, NULL }
-};
-
-static PyMemberDef wpaspy_members[] = {
-	{
-		"attached", T_INT, offsetof(struct wpaspy_obj, attached),
-		READONLY,
-		"Whether instance is attached as event monitor"
-	},
-	{ NULL }
-};
-
-static PyTypeObject wpaspy_ctrl = {
-	PyObject_HEAD_INIT(NULL)
-	.tp_name = "wpaspy.Ctrl",
-	.tp_basicsize = sizeof(struct wpaspy_obj),
-	.tp_getattro = PyObject_GenericGetAttr,
-	.tp_setattro = PyObject_GenericSetAttr,
-	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
-	.tp_methods = wpaspy_methods,
-	.tp_members = wpaspy_members,
-	.tp_init = (initproc) wpaspy_open,
-	.tp_dealloc = (destructor) wpaspy_close,
-	.tp_new = PyType_GenericNew,
-};
-
-
-#if PY_MAJOR_VERSION < 3
-static PyMethodDef module_methods[] = {
-	{ NULL, NULL, 0, NULL }
-};
-
-
-PyMODINIT_FUNC initwpaspy(void)
-{
-	PyObject *mod;
-
-	PyType_Ready(&wpaspy_ctrl);
-	mod = Py_InitModule("wpaspy", module_methods);
-	wpaspy_error = PyErr_NewException("wpaspy.error", NULL, NULL);
-
-	Py_INCREF(&wpaspy_ctrl);
-	Py_INCREF(wpaspy_error);
-
-	PyModule_AddObject(mod, "Ctrl", (PyObject *) &wpaspy_ctrl);
-	PyModule_AddObject(mod, "error", wpaspy_error);
-}
-#else
-static struct PyModuleDef wpaspy_def = {
-	PyModuleDef_HEAD_INIT,
-	"wpaspy",
-};
-
-
-PyMODINIT_FUNC initwpaspy(void)
-{
-	PyObject *mod;
-
-	mod = PyModule_Create(&wpaspy_def);
-	if (!mod)
-		return NULL;
-
-	wpaspy_error = PyErr_NewException("wpaspy.error", NULL, NULL);
-
-	Py_INCREF(&wpaspy_ctrl);
-	Py_INCREF(wpaspy_error);
-
-	if (PyModule_AddObject(mod, "Ctrl", (PyObject *) &wpaspy_ctrl) < 0 ||
-	    PyModule_AddObject(mod, "error", wpaspy_error) < 0) {
-		Py_DECREF(&wpaspy_ctrl);
-		Py_DECREF(wpaspy_error);
-		Py_DECREF(mod);
-		mod = NULL;
-	}
-
-	return mod;
-}
-#endif
diff --git a/wpaspy/wpaspy.py b/wpaspy/wpaspy.py
deleted file mode 100644
index 5b8140b7c99f..000000000000
--- a/wpaspy/wpaspy.py
+++ /dev/null
@@ -1,149 +0,0 @@
-#!/usr/bin/python
-#
-# wpa_supplicant/hostapd control interface using Python
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
-#
-# This software may be distributed under the terms of the BSD license.
-# See README for more details.
-
-import os
-import stat
-import socket
-import select
-
-counter = 0
-
-class Ctrl:
-    def __init__(self, path, port=9877):
-        global counter
-        self.started = False
-        self.attached = False
-        self.path = path
-        self.port = port
-
-        self.udp = False
-        if not path.startswith('/'):
-            try:
-                mode = os.stat(path).st_mode
-                if not stat.S_ISSOCK(mode):
-                    self.udp = True
-            except:
-                self.udp = True
-
-        if not self.udp:
-            self.s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
-            self.dest = path
-            self.local = "/tmp/wpa_ctrl_" + str(os.getpid()) + '-' + str(counter)
-            counter += 1
-            self.s.bind(self.local)
-            try:
-                self.s.connect(self.dest)
-            except Exception as e:
-                self.s.close()
-                os.unlink(self.local)
-                raise
-        else:
-            try:
-                self.s = None
-                ai_list = socket.getaddrinfo(path, port, socket.AF_INET,
-                                             socket.SOCK_DGRAM)
-                for af, socktype, proto, cn, sockaddr in ai_list:
-                    self.sockaddr = sockaddr
-                    break
-                self.s = socket.socket(af, socktype)
-                self.s.settimeout(5)
-                self.s.sendto(b"GET_COOKIE", sockaddr)
-                reply, server = self.s.recvfrom(4096)
-                self.cookie = reply
-                self.port = port
-            except:
-                print("connect exception ", path, str(port))
-                if self.s != None:
-                    self.s.close()
-                raise
-        self.started = True
-
-    def __del__(self):
-        self.close()
-
-    def close(self):
-        if self.attached:
-            try:
-                self.detach()
-            except Exception as e:
-                # Need to ignore this allow the socket to be closed
-                self.attached = False
-                pass
-        if self.started:
-            self.s.close()
-            if not self.udp:
-                os.unlink(self.local)
-            self.started = False
-
-    def request(self, cmd, timeout=10):
-        if type(cmd) == str:
-            try:
-                cmd2 = cmd.encode()
-                cmd = cmd2
-            except UnicodeDecodeError as e:
-                pass
-        if self.udp:
-            self.s.sendto(self.cookie + cmd, self.sockaddr)
-        else:
-            self.s.send(cmd)
-        [r, w, e] = select.select([self.s], [], [], timeout)
-        if r:
-            res = self.s.recv(4096).decode()
-            try:
-                r = str(res)
-            except UnicodeDecodeError as e:
-                r = res
-            return r
-        raise Exception("Timeout on waiting response")
-
-    def attach(self):
-        if self.attached:
-            return None
-        res = self.request("ATTACH")
-        if "OK" in res:
-            self.attached = True
-            return None
-        raise Exception("ATTACH failed")
-
-    def detach(self):
-        if not self.attached:
-            return None
-        if self.s.fileno() == -1:
-            self.attached = False
-            return None
-        while self.pending():
-            ev = self.recv()
-        res = self.request("DETACH")
-        if "FAIL" not in res:
-            self.attached = False
-            return None
-        raise Exception("DETACH failed")
-
-    def terminate(self):
-        if self.attached:
-            try:
-                self.detach()
-            except Exception as e:
-                # Need to ignore this to allow the socket to be closed
-                self.attached = False
-        self.request("TERMINATE")
-        self.close()
-
-    def pending(self, timeout=0):
-        [r, w, e] = select.select([self.s], [], [], timeout)
-        if r:
-            return True
-        return False
-
-    def recv(self):
-        res = self.s.recv(4096).decode()
-        try:
-            r = str(res)
-        except UnicodeDecodeError as e:
-            r = res
-        return r